» winexpand_googool.exe
Overview
Analysis
File Details

winexpand_googool.exe

WinExpandSetup_googool

CJ Mooter Inc.

The application winexpand_googool.exe by CJ Mooter has been detected as adware by 28 anti-malware scanners.

File name:

Publisher:

CJMooter (signed by CJ Mooter Inc.)

Product:

WinExpandSetup_googool

Version:

1, 0, 0, 2

MD5:

b6850d7b2e176264db462d27a0aaa216

SHA-1:

345fbcafa74184b4d9e5a3335891436191e1f0ff

SHA-256:

0e58bfe733a4cb553b3911b65bec69169fcc879031cb4efbffb5494af8028348

Scanner detections:

28 / 68

Status:

Adware

Analysis date:

4/26/2024 2:17:06 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Adware.Kraddare.DU

793

AhnLab V3 Security

PUP/Win32.Winexpand

14.12.04

Avira AntiVirus

Adware/Kraddare.DU.10

7.11.148.228

avast!

Win32:Adware-gen [Adw]

2014.9-141204

AVG

Generic5

2015.0.3271

Bitdefender

Adware.Kraddare.DU

1.0.20.1690

Bkav FE

W32.Clod5e7.Trojan

1.3.0.4959

Comodo Security

ApplicUnwnt

18249

Dr.Web

Trojan.Fakealert.43772

9.0.1.0338

Emsisoft Anti-Malware

Adware.Kraddare.DU

8.14.12.04.02

ESET NOD32

Win32/Adware.Kraddare.HA (variant)

8.9783

Fortinet FortiGate

Riskware/Kraddare

12/4/2014

F-Secure

Adware.Kraddare.DU

11.2014-04-12_5

G Data

Adware.Kraddare.DU

14.12.24

IKARUS anti.virus

AdWare.Kraddare

t3scan.1.6.1.0

K7 AntiVirus

Riskware

13.177.12041

Malwarebytes

Adware.Korad

v2014.12.04.02

McAfee

Artemis!B6850D7B2E17

5600.6927

MicroWorld eScan

Adware.Kraddare.DU

15.0.0.1014

NANO AntiVirus

Trojan.Win32.Fakealert.cqmjrj

0.28.0.59608

nProtect

Adware.Kraddare.DU

14.05.09.01

Reason Heuristics

Threat.Installer.CJMooter

15.4.11.23

Rising Antivirus

PE:Adware.Kraddare!6.F3D

23.00.65.141202

Sophos

Generic PUA DE

4.98

Vba32 AntiVirus

suspected of Trojan.Downloader.gen.h

3.12.26.0

VIPRE Antivirus

Trojan.Win32.Generic

29064

ViRobot

Adware.WinExpand.549424

2011.4.7.4223

Zillya! Antivirus

Trojan.FakeAV.Win32.288708

2.0.0.1784

File size:

536.5 KB (549,424 bytes)

Product version:

1, 0, 0, 2

Original file name:

WinExpandSetup_googool.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\windows\syswow64\winexpand_googool.exe

Digital Signature

Signed by:

CJ Mooter Inc.

Authority:

VeriSign, Inc.

Valid from:

5/1/2013 9:00:00 AM

Valid to:

8/1/2014 8:59:59 AM

Subject:

CN=CJ Mooter Inc., OU=Digital ID Class 3 - Microsoft Software Validation v2, O=CJ Mooter Inc., L=Gangnam-gu, S=Seoul, C=KR

Issuer:

CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

67B841AD06BF7C23C9B3BC83920C4F94

File PE Metadata

Compilation timestamp:

5/21/2013 11:56:11 AM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

9.0

CTPH (ssdeep):

12288:ju3H+RnnuL4Ld3kcF81lXnCBb3gTy5f6HsV:6w9LdfFOlSBbwTy5f4sV

Entry address:

0x33511

Entry point:

E8, 14, 9E, 00, 00, E9, 78, FE, FF, FF, 8B, FF, 55, 8B, EC, 6A, 00, FF, 75, 14, FF, 75, 10, FF, 75, 0C, FF, 75, 08, E8, 8D, 9E, 00, 00, 83, C4, 14, 5D, C3, 8B, FF, 55, 8B, EC, 8B, 45, 08, 66, 8B, 08, 40, 40, 66, 85, C9, 75, F6, 2B, 45, 08, D1, F8, 48, 5D, C3, 8B, FF, 55, 8B, EC, 8B, 55, 08, 53, 56, 57, 33, FF, 3B, D7, 74, 07, 8B, 5D, 0C, 3B, DF, 77, 1E, E8, 6F, 09, 00, 00, 6A, 16, 5E, 89, 30, 57, 57, 57, 57, 57, E8, 9E, 3B, 00, 00, 83, C4, 14, 8B, C6, 5F, 5E, 5B, 5D, C3, 8B, 75, 10, 3B, F7, 75, 07, 33, C0... 
[+]

Entropy:

6.6565

Code size:

307.5 KB (314,880 bytes)

Remove winexpand_googool.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.