arrow_back
search
close

PUA.Win32.GOMLab.A

July 29, 2020
 ALIASES:

a variant of Win32/GOMLab.A potentially unwanted application (NOD32)

 PLATFORM:

Windows

 OVERALL RISK RATING:
 DAMAGE POTENTIAL:
 DISTRIBUTION POTENTIAL:
 REPORTED INFECTION:
 INFORMATION EXPOSURE:

  • Threat Type: Potentially Unwanted Application

  • Destructiveness: No

  • Encrypted:

  • In the wild: Yes

  OVERVIEW

This Potentially Unwanted Application arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.

  TECHNICAL DETAILS

File Size:

6,518,624 bytes

File Type:

EXE

Memory Resident:

Yes

Initial Samples Received Date:

28 Jul 2020

Arrival Details

This Potentially Unwanted Application arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.

Installation

This Potentially Unwanted Application drops the following files:

  • %Program Files%\GRETECH\GomPlayer\KillGom.exe
  • %Program Files%\GRETECH\GomPlayer\GVC.dll
  • %Program Files%\GRETECH\GomPlayer\GomX.dll
  • %Program Files%\GRETECH\GomPlayer\GomWeb3.dll
  • %Program Files%\GRETECH\GomPlayer\GOM.exe
  • %Program Files%\GRETECH\GomPlayer\GomWiz.exe
  • %Program Files%\GRETECH\GomPlayer\GrLauncher.exe
  • %Program Files%\GRETECH\GomPlayer\GrLauncher.ini
  • %Program Files%\GRETECH\GomPlayer\setting.ini
  • %Program Files%\GRETECH\GomPlayer\Icon.dll
  • %Program Files%\GRETECH\GomPlayer\gom.ini
  • %Program Files%\GRETECH\GomPlayer\LGPL.TXT
  • %Program Files%\GRETECH\GomPlayer\RtParser.exe
  • %Program Files%\GRETECH\GomPlayer\srt2smi.exe
  • %Program Files%\GRETECH\GomPlayer\Dodge.dll
  • %Program Files%\GRETECH\GomPlayer\qscl.dll
  • %Program Files%\GRETECH\GomPlayer\gomplayer.com.ico
  • %Program Files%\GRETECH\GomPlayer\ShellRegister.exe
  • %Program Files%\GRETECH\GomPlayer\VSUtil.dll
  • %Program Files%\GRETECH\GomPlayer\msvcr71.dll
  • %Program Files%\GRETECH\GomPlayer\GVF.ax
  • %Program Files%\GRETECH\GomPlayer\GSFU.ax
  • %Program Files%\GRETECH\GomPlayer\GRFU.ax
  • %Program Files%\GRETECH\GomPlayer\GNF.ax
  • %Program Files%\GRETECH\GomPlayer\GAF.ax
  • %Program Files%\GRETECH\GomPlayer\urls\default.asx
  • %Program Files%\GRETECH\GomPlayer\SettingSkin\skin.xml
  • %Program Files%\GRETECH\GomPlayer\SettingSkin\buttonframe.bmp
  • %Program Files%\GRETECH\GomPlayer\CodecFindSkin.jpn\skin.xml
  • %Program Files%\GRETECH\GomPlayer\CodecFindSkin.jpn\btn_close.bmp
  • %Program Files%\GRETECH\GomPlayer\CodecFindSkin.jpn\btn_codec.bmp
  • %Program Files%\GRETECH\GomPlayer\CodecFindSkin.jpn\btn_detail.bmp
  • %Program Files%\GRETECH\GomPlayer\CodecFindSkin.jpn\btn_detail2.bmp
  • %Program Files%\GRETECH\GomPlayer\CodecFindSkin.jpn\desc.bmp
  • %Program Files%\GRETECH\GomPlayer\CodecFindSkin.jpn\desc2.bmp
  • %Program Files%\GRETECH\GomPlayer\CodecFindSkin.jpn\frame.bmp
  • %Program Files%\GRETECH\GomPlayer\CodecFindSkin.jpn\horiz.bmp
  • %Program Files%\GRETECH\GomPlayer\CodecFindSkin.jpn\top.bmp
  • %Program Files%\GRETECH\GomPlayer\Text.jpn\Copyright.txt
  • %Program Files%\GRETECH\GomPlayer\Text.jpn\History.txt
  • %Program Files%\GRETECH\GomPlayer\Text.jpn\JMDBNotice.txt
  • %Program Files%\GRETECH\GomPlayer\Text.jpn\Shortcut.txt
  • %Program Files%\GRETECH\GomPlayer\jmdbhtml\close_off_btn.gif
  • %Program Files%\GRETECH\GomPlayer\jmdbhtml\close_on_btn.gif
  • %Program Files%\GRETECH\GomPlayer\jmdbhtml\noticebg.gif
  • %Program Files%\GRETECH\GomPlayer\lang\GomJPN.dll
  • %Program Files%\GRETECH\GomPlayer\lang\GomWizJPN.dll
  • %Program Files%\GRETECH\GomPlayer\lang\ControlIDJPN.xml
  • %Program Files%\GRETECH\GomPlayer\lang\ControlIDJPN2.xml
  • %Program Files%\GRETECH\GomPlayer\skins\basic\BTN_CH.bmp
  • %Program Files%\GRETECH\GomPlayer\skins\basic\BTN_CONTROLPANEL.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\basic\BTN_FF.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\basic\BTN_MUTE_OFF.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\basic\BTN_MUTE_ON.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\basic\BTN_OPEN.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\basic\BTN_PAUSE.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\basic\BTN_PLAY.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\basic\BTN_PLAYLIST.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\basic\BTN_PREFERENCE_JPN.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\basic\BTN_REW.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\basic\BTN_SRCH.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\basic\BTN_STOP.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\basic\BTN_SYS_BORDER.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\basic\BTN_SYS_CLOSE.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\basic\BTN_SYS_FULLSCREEN.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\basic\BTN_SYS_MAINICON.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\basic\BTN_SYS_MAXIMIZE.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\basic\BTN_SYS_MINIMIZE.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\basic\BTN_SYS_RESTORE.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\basic\GomMain_JPN.swf
  • %Program Files%\GRETECH\GomPlayer\skins\basic\LIST.XML
  • %Program Files%\GRETECH\GomPlayer\skins\basic\MAIN_RGN_LB.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\basic\MAIN_RGN_LT.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\basic\MAIN_RGN_RB.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\basic\MAIN_RGN_RT.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\basic\SKIN.XML
  • %Program Files%\GRETECH\GomPlayer\skins\basic\SLIDER_MAIN.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\basic\SLIDER_MAIN_KNOB.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\basic\SLIDER_MAIN_KNOB_HOT.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\basic\SLIDER_MAIN_RANGE.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\basic\SLIDER_VOLUME_EMPTY.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\basic\SLIDER_VOLUME_FILL.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\basic\SLIDER_VOLUME_KNOB.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\basic\SLIDER_VOLUME_KNOB_HOT.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\basic\STATIC_CAPTION_ACT.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\basic\STATIC_CAPTION_FRAME.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\basic\STATIC_CAPTION_NOACT.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\basic\STATIC_CHANNEL_FRAME.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\basic\STATIC_CP_CLIENT.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\basic\STATIC_CP_INFO.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\basic\STATIC_CP_INFO2.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\basic\STATIC_CP_LEFT.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\basic\STATIC_CP_RIGHT.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\basic\STATIC_LEFTBOTTOM.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\basic\STATIC_LEFTFRAME.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\basic\STATIC_LEFTFRAME_BOTTOM.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\basic\STATIC_LEFTTOP.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\basic\STATIC_MAIN_BG.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\basic\STATIC_MAIN_BG2.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\basic\STATIC_RIGHTBOTTOM.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\basic\STATIC_RIGHTFRAME.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\basic\STATIC_RIGHTFRAME_BOTTOM.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\basic\STATIC_RIGHTTOP.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\basic\STATIC_SLIDER_BG.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\basic\STATIC_STATE_PAUSE.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\basic\STATIC_STATE_PLAY.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\basic\STATIC_STATE_READY.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\basic\STATIC_STATE_STOP.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\basic\Static_main_border.bmp
  • %Program Files%\GRETECH\GomPlayer\skins\basic\Static_main_logo.bmp
  • %Program Files%\GRETECH\GomPlayer\skins\basic\TIME_FONT.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\basic\CP\CLOSE.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\basic\CP\CON_BTN_BIGFF.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\basic\CP\CON_BTN_BIGREW.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\basic\CP\CON_BTN_FF.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\basic\CP\CON_BTN_RATE_DEFAULT_JPN.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\basic\CP\CON_BTN_RATE_DN_JPN.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\basic\CP\CON_BTN_RATE_UP_JPN.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\basic\CP\CON_BTN_REW.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\basic\CP\CON_BTN_SECTIONRPT_SET_E_JPN.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\basic\CP\CON_BTN_SECTIONRPT_SET_S_JPN.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\basic\CP\CON_BTN_SECTIONRPT_UNSET_JPN.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\basic\CP\CON_STATIC_SECTIONRPT.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\basic\CP\EQ_BTN_EQ_PRESETS_DEL_JPN.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\basic\CP\EQ_BTN_EQ_PRESETS_SAVE_JPN.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\basic\CP\EQ_BTN_PRESETS_LIST.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\basic\CP\EQ_BTN_PRESETS_RESET_JPN.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\basic\CP\EQ_BTN_USE.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\basic\CP\EQ_BTN_USE_ON.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\basic\CP\EQ_SLIDER_EMPTY.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\basic\CP\EQ_SLIDER_FILL.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\basic\CP\EQ_SLIDER_KNOB.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\basic\CP\EQ_SLIDER_PAN_EMPTY.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\basic\CP\EQ_SLIDER_PAN_KNOB.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\basic\CP\FRAME_AUDIO.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\basic\CP\FRAME_CONTROL_JPN.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\basic\CP\FRAME_DVD.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\basic\CP\FRAME_SUB_VIDEO.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\basic\CP\MAINFRAME.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\basic\CP\MAIN_AUDIO_JPN.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\basic\CP\MAIN_AUDIO_ON_JPN.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\basic\CP\MAIN_CONTROL_JPN.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\basic\CP\MAIN_CONTROL_ON_JPN.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\basic\CP\MAIN_DVD.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\basic\CP\MAIN_DVD_ON.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\basic\CP\MAIN_SUB_JPN.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\basic\CP\MAIN_SUB_ON_JPN.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\basic\CP\MAIN_VIDEO_JPN.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\basic\CP\MAIN_VIDEO_ON_JPN.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\basic\CP\SUB_POS_LTRT_JPN.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\basic\CP\SUB_POS_UPDN_JPN.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\basic\CP\SUB_SIZE_JPN.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\basic\CP\VIDEO_BTN_CAP2_JPN.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\basic\CP\VIDEO_BTN_CAP_JPN.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\basic\CP\VIDEO_BTN_LANGNEXT_JPN.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\basic\CP\VIDEO_BTN_PSTOGGLE_JPN.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\basic\CP\VIDEO_BTN_RESET.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\basic\CP\VIDEO_BTN_SUBB_JPN.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\basic\CP\VIDEO_BTN_SUBF_JPN.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\basic\CP\VIDEO_BT_JPN.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\basic\CP\VIDEO_CT_JPN.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\basic\CP\VIDEO_LINE.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\basic\CP\VIDEO_SLIDER_EMPTY.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\basic\CP\VIDEO_SLIDER_FILL.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\basic\CP\VIDEO_SLIDER_KNOB.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\basic\CP\VIDEO_ST_JPN.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\basic\INFOLINE\background.png
  • %Program Files%\GRETECH\GomPlayer\skins\basic\INFOLINE\infoline.html
  • %Program Files%\GRETECH\GomPlayer\skins\basic\LOGO\GomMain.bmp
  • %Program Files%\GRETECH\GomPlayer\skins\basic\LOGO\SOUNDONLY.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\basic\PL\BTN_REPEAT.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\basic\PL\BTN_REPEAT_ON.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\basic\PL\BTN_SHUFFLE.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\basic\PL\BTN_SHUFFLE_ON.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\basic\PL\LIST_BKGND.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\basic\PL\LIST_SLIDER_MAIN.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\basic\PL\LIST_SLIDER_MAIN_KNOB.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\basic\PL\MAINFRAME.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\basic\PL\MAINFRAME2.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\basic\PL\PL_BTN_ADD_MENU_JPN.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\basic\PL\PL_BTN_DEL_MENU_JPN.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\basic\PL\PL_BTN_LIST_MENU_JPN.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\basic\PL\PL_BTN_SEL_MENU_JPN.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\basic\PL\PL_BTN_SORT_MENU_JPN.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\basic\PL\PL_PLAYLIST_ITEM_FRAME.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\basic\PL\PL_PLAYLIST_SELITEM_FRAME.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\default\BTN_CONTROLPANEL_JPN.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\default\BTN_FF.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\default\BTN_MUTE_OFF.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\default\BTN_MUTE_ON.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\default\BTN_OPEN.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\default\BTN_PAUSE.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\default\BTN_PLAY.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\default\BTN_PLAYLIST_JPN.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\default\BTN_PREFERENCE.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\default\BTN_REW.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\default\BTN_STOP.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\default\BTN_SYS_CLOSE.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\default\BTN_SYS_FULLSCREEN.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\default\BTN_SYS_MAINICON.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\default\BTN_SYS_MAXIMIZE.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\default\BTN_SYS_MINIMIZE.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\default\BTN_SYS_RESTORE.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\default\LIST.XML
  • %Program Files%\GRETECH\GomPlayer\skins\default\LITE.XML
  • %Program Files%\GRETECH\GomPlayer\skins\default\MAIN_RGN_RB.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\default\MUSIC.XML
  • %Program Files%\GRETECH\GomPlayer\skins\default\SKIN.XML
  • %Program Files%\GRETECH\GomPlayer\skins\default\SLIDER_MAIN.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\default\SLIDER_MAIN_KNOB.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\default\SLIDER_MAIN_RANGE.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\default\SLIDER_VOLUME_EMPTY.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\default\SLIDER_VOLUME_FILL.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\default\SLIDER_VOLUME_KNOB.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\default\STATIC_CAPTION_ACT.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\default\STATIC_CAPTION_FRAME.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\default\STATIC_CAPTION_NOACT.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\default\STATIC_CP_BOTTOM.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\default\STATIC_CP_CLIENT.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\default\STATIC_CP_INFO_LEFT.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\default\STATIC_CP_INFO_MID.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\default\STATIC_CP_INFO_RIGHT.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\default\STATIC_CP_LEFT.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\default\STATIC_CP_RIGHT.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\default\STATIC_LEFTFRAME.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\default\STATIC_RIGHTFRAME.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\default\STATIC_STATE_PAUSE.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\default\STATIC_STATE_PLAY.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\default\STATIC_STATE_READY.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\default\STATIC_STATE_STOP.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\default\TIME_FONT.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\default\CP\CLOSE.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\default\CP\CON_BTN_BIGFF.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\default\CP\CON_BTN_BIGREW.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\default\CP\CON_BTN_FF.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\default\CP\CON_BTN_RATE_DEFAULT_JPN.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\default\CP\CON_BTN_RATE_DN_JPN.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\default\CP\CON_BTN_RATE_UP_JPN.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\default\CP\CON_BTN_REW.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\default\CP\CON_BTN_SECTIONRPT_SET_E_JPN.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\default\CP\CON_BTN_SECTIONRPT_SET_S_JPN.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\default\CP\CON_BTN_SECTIONRPT_UNSET_JPN.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\default\CP\CON_STATIC_SECTIONRPT.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\default\CP\EQ_BTN_EQ_PRESETS_DEL_JPN.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\default\CP\EQ_BTN_EQ_PRESETS_SAVE_JPN.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\default\CP\EQ_BTN_PRESETS_LIST.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\default\CP\EQ_BTN_PRESETS_RESET_JPN.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\default\CP\EQ_BTN_USE.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\default\CP\EQ_BTN_USE_ON.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\default\CP\EQ_FONT_SMALLNUM.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\default\CP\EQ_SLIDER_EMPTY.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\default\CP\EQ_SLIDER_FILL.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\default\CP\EQ_SLIDER_KNOB.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\default\CP\EQ_SLIDER_PAN_EMPTY.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\default\CP\EQ_SLIDER_PAN_KNOB.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\default\CP\FRAME_AUDIO.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\default\CP\FRAME_CONTROL_JPN.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\default\CP\FRAME_SUB_VIDEO.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\default\CP\MAINFRAME.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\default\CP\MAIN_AUDIO_JPN.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\default\CP\MAIN_AUDIO_ON_JPN.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\default\CP\MAIN_CONTROL_JPN.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\default\CP\MAIN_CONTROL_ON_JPN.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\default\CP\MAIN_DVD.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\default\CP\MAIN_DVD_ON.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\default\CP\MAIN_SUB_JPN.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\default\CP\MAIN_SUB_ON_JPN.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\default\CP\MAIN_VIDEO_JPN.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\default\CP\MAIN_VIDEO_ON_JPN.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\default\CP\SUB_POS_LTRT_JPN.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\default\CP\SUB_POS_UPDN_JPN.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\default\CP\SUB_SIZE_JPN.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\default\CP\VIDEO_BTN_CAP2_JPN.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\default\CP\VIDEO_BTN_CAP_JPN.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\default\CP\VIDEO_BTN_LANGNEXT_JPN.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\default\CP\VIDEO_BTN_PSTOGGLE_JPN.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\default\CP\VIDEO_BTN_RESET.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\default\CP\VIDEO_BTN_SUBB_JPN.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\default\CP\VIDEO_BTN_SUBF_JPN.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\default\CP\VIDEO_BT_JPN.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\default\CP\VIDEO_CT_JPN.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\default\CP\VIDEO_LINE.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\default\CP\VIDEO_SLIDER_EMPTY.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\default\CP\VIDEO_SLIDER_FILL.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\default\CP\VIDEO_SLIDER_KNOB.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\default\CP\VIDEO_ST_JPN.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\default\LOGO\BTN_AD.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\default\LOGO\GOM_JPN.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\default\LOGO\SIDE.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\default\LOGO\SOUNDONLY.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\default\LOGO\STATIC_AD.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\default\MUSIC\INFO_FRAME.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\default\MUSIC\SLIDER_MAIN_EMPTY.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\default\MUSIC\SLIDER_MAIN_FILL.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\default\MUSIC\SLIDER_MAIN_KNOB.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\default\MUSIC\SLIDER_VOLUME_EMPTY.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\default\MUSIC\SLIDER_VOLUME_FILL.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\default\MUSIC\SLIDER_VOLUME_KNOB.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\default\PL\BTN_PAUSE.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\default\PL\BTN_PLAY.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\default\PL\BTN_PLAYLISTNEXT.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\default\PL\BTN_PLAYLISTPREV.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\default\PL\BTN_REPEAT.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\default\PL\BTN_REPEAT_ON.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\default\PL\BTN_STOP.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\default\PL\BTN_SYS_MINIMIZE.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\default\PL\CLOSE.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\default\PL\LIST_BKGND.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\default\PL\LIST_FRAME.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\default\PL\LIST_SLIDER_MAIN.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\default\PL\LIST_SLIDER_MAIN_KNOB.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\default\PL\MAINFRAME.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\default\PL\MAINFRAME_temp.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\default\PL\MINIMIZE.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\default\PL\PL_BTN_ADD_MENU_JPN.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\default\PL\PL_BTN_DEL_MENU_JPN.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\default\PL\PL_BTN_LIST_MENU_JPN.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\default\PL\PL_BTN_SEL_MENU_JPN.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\default\PL\PL_BTN_SORT_MENU_JPN.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\default\PL\PL_PLAYLIST_ITEM_FRAME.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\default\PL\PL_PLAYLIST_SELITEM_FRAME.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\default\PL\SLIDER_VOLUME_KNOB.BMP
  • %Program Files%\GRETECH\GomPlayer\logos\smile.jpg
  • %Program Files%\GRETECH\GomPlayer\Uninstall.exe

It adds the following processes:

  • "%Program Files%\GRETECH\GomPlayer\KillGom.exe" GOM.EXE
  • "%Program Files%\GRETECH\GomPlayer\ShellRegister.exe"
  • "%Program Files%\GRETECH\GomPlayer\GOM.exe" /RegServer
  • "%Program Files%\GRETECH\GomPlayer\GOM.exe" /regassoc

(Note: %Program Files% is the default Program Files folder, usually C:\Program Files in Windows 2000(32-bit), Server 2003(32-bit), XP, Vista(64-bit), 7, 8, 8.1, 2008(64-bit), 2012(64-bit) and 10(64-bit) , or C:\Program Files (x86) in Windows XP(64-bit), Vista(64-bit), 7(64-bit), 8(64-bit), 8.1(64-bit), 2008(64-bit), 2012(64-bit) and 10(64-bit).)

Other System Modifications

This Potentially Unwanted Application adds the following registry entries:

HKEY_CURRENT_USER\Software\GRETECH\
GomPlayer
ProgramFolder = %Program Files%\GRETECH\GomPlayer

HKEY_CURRENT_USER\Software\GRETECH\
GomPlayer
ProgramPath = %Program Files%\GRETECH\GomPlayer\GOM.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
avis

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
avis\DefaultIcon

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
avis\shell\open\
command

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
gomcmd

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
gomcmd\DefaultIcon

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
gomcmd\shell\open\
command

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
gomlogo

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
gomlogo\DefaultIcon

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
gomlogo\shell\open\
command

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
GomPlayer.{file extension}\DefaultIcon

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
GomPlayer.{file extension}\shell

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
GomPlayer.{file extension}\shell\open\
command

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
jamak

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
jamak\DefaultIcon

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
jamak\shell\open\
command

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ogms

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ogms\DefaultIcon

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ogms\shell\open\
command

HKEY_LOCAL_MACHINE\SOFTWARE\GRETECH\
GomPlayer
ProgramFolder = %Program Files%\GRETECH\GomPlayer

HKEY_LOCAL_MACHINE\SOFTWARE\GRETECH\
GomPlayer
ProgramPath = %Program Files%\GRETECH\GomPlayer\GOM.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\App Paths\
GOM.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\App Paths\
GOM.exe
Path = %Program Files%\GRETECH\GomPlayer

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
GOM Player
DisplayIcon = "%Program Files%\GRETECH\GomPlayer\GOM.exe",0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
GOM Player
DisplayName = GOM Player

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
GOM Player
DisplayVersion = 2.1.26.5029

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
GOM Player
InstallLocation = %Program Files%\GRETECH\GomPlayer

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
GOM Player
Publisher = Gretech Corporation

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
GOM Player
UninstallString = "%Program Files%\GRETECH\GomPlayer\Uninstall.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
GOM Player
VersionMajor = 2

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
GOM Player
VersionMinor = 1

Other Details

This Potentially Unwanted Application adds the following registry keys:

HKEY_CURRENT_USER\Software\GRETECH

HKEY_CURRENT_USER\Software\GRETECH\
GomPlayer

HKEY_CURRENT_USER\Software\GRETECH\
GomPlayer\OPTION

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Explorer\
FileExts\.{file extension}

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Explorer\
FileExts\.{file extension}\OpenWithList

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Explorer\
FileExts\.{file extension}\OpenWithProgids

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Explorer\
FileExts\.{file extension}\UserChoice

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
.{file extension}

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
avis

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
avis\DefaultIcon

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
avis\shell

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
avis\shell\open

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
avis\shell\open\
command

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
gomcmd

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
gomcmd\DefaultIcon

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
gomcmd\shell

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
gomcmd\shell\open

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
gomcmd\shell\open\
command

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
gomlogo

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
gomlogo\DefaultIcon

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
gomlogo\shell

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
gomlogo\shell\open

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
gomlogo\shell\open\
command

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Gomplayer.Skinfile

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Gomplayer.Skinfile\DefaultIcon

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Gomplayer.Skinfile\shell

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Gomplayer.Skinfile\shell\open

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Gomplayer.Skinfile\shell\open\
command

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
GomPlayer.{file extension}

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
GomPlayer.{file extension}\DefaultIcon

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
GomPlayer.{file extension}\shell

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
GomPlayer.{file extension}\shell\Enqueue

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
GomPlayer.{file extension}\shell\Enqueue\
Command

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
GomPlayer.{file extension}\shell\Enqueue\
DropTarget

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
GomPlayer.{file extension}\shell\open

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
GomPlayer.{file extension}\shell\open\
command

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
GomPlayer.{file extension}\shell\open\
DropTarget

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
GomWebCtrl.GomWeb

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
GomWebCtrl.GomWeb.1

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
GomWebCtrl.GomWeb.1\CLSID

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
GomWebCtrl.GomWeb\CLSID

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
GomWebCtrl.GomWeb\CurVer

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
jamak

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
jamak\DefaultIcon

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
jamak\shell

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
jamak\shell\open

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
jamak\shell\open\
command

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ogms

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ogms\DefaultIcon

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ogms\shell

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ogms\shell\open

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ogms\shell\open\
command

HKEY_LOCAL_MACHINE\SOFTWARE\GRETECH

HKEY_LOCAL_MACHINE\SOFTWARE\GRETECH\
GomPlayer

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\App Paths\
GOM.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
GOM Player

It connects to the following possibly malicious URL:

  • http://app.{BLOCKED}b.com/jpn/gom/Promotion_JPN.ini
  • http://promotion.{BLOCKED}er.jp/ini/setting.php
  • http://promotion.{BLOCKED}er.jp/promotion/Checker
  • http://www.{BLOCKED}b.com/
  • http://www.{BLOCKED}b.com/ipCheck/ipCheck.php

  SOLUTION

Minimum Scan Engine:

9.850

SSAPI PATTERN File:

2.317.00

SSAPI PATTERN Date:

30 Jul 2020

Step 1

Before doing any scans, Windows 7, Windows 8, Windows 8.1, and Windows 10 users must disable System Restore to allow full scanning of their computers.

Step 2

Remove PUA.Win32.GOMLab.A by using its own Uninstall option

[ Learn More ]
To uninstall the grayware process

Step 3

Scan your computer with your Trend Micro product to delete files detected as PUA.Win32.GOMLab.A. If the detected files have already been cleaned, deleted, or quarantined by your Trend Micro product, no further step is required. You may opt to simply delete the quarantined files. Please check the following Trend Micro Support pages for more information:


Did this description help? Tell us how we did.