home

spelleruninst.exe

RaclUninst Module

GJ Networks

The application spelleruninst.exe by GJ Networks has been detected as a potentially unwanted program by 18 anti-malware scanners. This will plug into the web browser and collect information about the user's browsing activities (such as visited URLs) in order to display targeted popup advertisementsand connect to a remote server to report back such behaviors.
Publisher:
GJ Networks  (signed and verified)

Product:
RaclUninst Module

Version:
1, 0, 0, 1

MD5:
85a7d9413253a8e46d63686a4abd882f

SHA-1:
bb5cc1063564e405174be804c8d0c5234c50927b

SHA-256:
6e5df7c2d927661b892f88922679dc289c8176cfec4bd3e10a52c7fe12ab143b

Scanner detections:
18 / 68

Status:
Potentially unwanted

Analysis date:
4/20/2024 12:58:45 AM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
Adware.Kraddare
7.1.1

Avira AntiVirus
SPR/Tool.213928.1
7.11.128.164

AVG
Fake_AntiSpyware
2015.0.3404

Baidu Antivirus
Adware.Win32.Kraddare
4.0.3.14723

Comodo Security
UnclassifiedMalware
17719

ESET NOD32
Win32/Adware.Kraddare.FJ (variant)
8.9371

IKARUS anti.virus
possible-Threat.Tool.213928
t3scan.2.2.29

K7 AntiVirus
Riskware
13.175.11028

Malwarebytes
Adware.KorAd
v2014.07.23.06

McAfee
Artemis!85A7D9413253
5600.7060

Quick Heal
Adware.Adpopup (Not a Virus)
7.14.12.00

Reason Heuristics
PUP.GJNetworks.N
14.7.23.18

Rising Antivirus
PE:Trojan.Win32.Generic.134F3F6D!323960685
23.00.65.14721

Sophos
Generic PUA LL
4.97

Trend Micro House Call
ADW_KRADDARE
7.2.204

Trend Micro
ADW_KRADDARE
10.465.23

VIPRE Antivirus
Trojan.Win32.Generic.pak!cobra
26068

XVirus List
Win32.Detected
2.7.23

File size:
208.9 KB (213,928 bytes)

Product version:
1, 0, 0, 1

Copyright:
Copyright 2012

Original file name:
RaclUninst.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Digital Signature
Signed by:
GJ Networks

Authority:
Thawte, Inc.

Valid from:
12/12/2011 9:00:00 AM

Valid to:
12/12/2013 8:59:59 AM

Subject:
CN=GJ Networks, O=GJ Networks, L=Dongjak-gu, S=Seoul, C=KR

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
3F796579DD55F89DFE34DF13DCBF595F

File PE Metadata
Compilation timestamp:
8/6/2012 3:49:54 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
3072:lHtb9XOYnFa1svfdGPIK0GXEgT7Ns8XLUJ5e2n+XstUGG3+erXpTH:lV9XOiFa1sdGPITgPXLU3e2nntU/XlL

Entry address:
0x17BE2

Entry point:
E8, AA, 35, 00, 00, E9, 79, FE, FF, FF, 8B, FF, 55, 8B, EC, 5D, E9, A0, 08, 00, 00, 8B, FF, 55, 8B, EC, 8B, 45, 08, 66, 8B, 08, 40, 40, 66, 85, C9, 75, F6, 2B, 45, 08, D1, F8, 48, 5D, C3, 3B, 0D, 30, F4, 42, 00, 75, 02, F3, C3, E9, 07, 36, 00, 00, 8B, FF, 55, 8B, EC, 51, 8B, 4D, 08, 53, 56, 57, 33, FF, 89, 7D, FC, 3B, CF, 0F, 84, 81, 00, 00, 00, 8B, 55, 0C, 3B, D7, 75, 07, 39, 7D, 10, 75, 75, EB, 05, 39, 7D, 10, 74, 6E, 39, 7D, 14, 75, 07, 39, 7D, 18, 75, 64, EB, 05, 39, 7D, 18, 74, 5D, 39, 7D, 1C, 75, 07...
 
[+]

Entropy:
6.3320

Code size:
155.5 KB (159,232 bytes)

Remove spelleruninst.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.