Author: Jay Garcia   
 

a variant of Win32/GOMLab.A potentially unwanted application (NOD32)

 PLATFORM:

Windows

 OVER ALL RISK RATING:
 DAMAGE POTENTIAL::
 DISTRIBUTION POTENTIAL::
 REPORTED INFECTION:
 INFORMATION EXPOSURE:
Low
Medium
High
Critical

  • Threat Type:
    Potentially Unwanted Application

  • Destructiveness:
    No

  • Encrypted:
     

  • In the wild::
    Yes

  OVERVIEW

It arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.

  TECHNICAL DETAILS

File size: 6,518,624 bytes
File type: EXE
Memory resident: Yes
INITIAL SAMPLES RECEIVED DATE: 28 июля 2020

Detalles de entrada

It arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.

Instalación

Infiltra los archivos siguientes:

  • %Program Files%\GRETECH\GomPlayer\KillGom.exe
  • %Program Files%\GRETECH\GomPlayer\GVC.dll
  • %Program Files%\GRETECH\GomPlayer\GomX.dll
  • %Program Files%\GRETECH\GomPlayer\GomWeb3.dll
  • %Program Files%\GRETECH\GomPlayer\GOM.exe
  • %Program Files%\GRETECH\GomPlayer\GomWiz.exe
  • %Program Files%\GRETECH\GomPlayer\GrLauncher.exe
  • %Program Files%\GRETECH\GomPlayer\GrLauncher.ini
  • %Program Files%\GRETECH\GomPlayer\setting.ini
  • %Program Files%\GRETECH\GomPlayer\Icon.dll
  • %Program Files%\GRETECH\GomPlayer\gom.ini
  • %Program Files%\GRETECH\GomPlayer\LGPL.TXT
  • %Program Files%\GRETECH\GomPlayer\RtParser.exe
  • %Program Files%\GRETECH\GomPlayer\srt2smi.exe
  • %Program Files%\GRETECH\GomPlayer\Dodge.dll
  • %Program Files%\GRETECH\GomPlayer\qscl.dll
  • %Program Files%\GRETECH\GomPlayer\gomplayer.com.ico
  • %Program Files%\GRETECH\GomPlayer\ShellRegister.exe
  • %Program Files%\GRETECH\GomPlayer\VSUtil.dll
  • %Program Files%\GRETECH\GomPlayer\msvcr71.dll
  • %Program Files%\GRETECH\GomPlayer\GVF.ax
  • %Program Files%\GRETECH\GomPlayer\GSFU.ax
  • %Program Files%\GRETECH\GomPlayer\GRFU.ax
  • %Program Files%\GRETECH\GomPlayer\GNF.ax
  • %Program Files%\GRETECH\GomPlayer\GAF.ax
  • %Program Files%\GRETECH\GomPlayer\urls\default.asx
  • %Program Files%\GRETECH\GomPlayer\SettingSkin\skin.xml
  • %Program Files%\GRETECH\GomPlayer\SettingSkin\buttonframe.bmp
  • %Program Files%\GRETECH\GomPlayer\CodecFindSkin.jpn\skin.xml
  • %Program Files%\GRETECH\GomPlayer\CodecFindSkin.jpn\btn_close.bmp
  • %Program Files%\GRETECH\GomPlayer\CodecFindSkin.jpn\btn_codec.bmp
  • %Program Files%\GRETECH\GomPlayer\CodecFindSkin.jpn\btn_detail.bmp
  • %Program Files%\GRETECH\GomPlayer\CodecFindSkin.jpn\btn_detail2.bmp
  • %Program Files%\GRETECH\GomPlayer\CodecFindSkin.jpn\desc.bmp
  • %Program Files%\GRETECH\GomPlayer\CodecFindSkin.jpn\desc2.bmp
  • %Program Files%\GRETECH\GomPlayer\CodecFindSkin.jpn\frame.bmp
  • %Program Files%\GRETECH\GomPlayer\CodecFindSkin.jpn\horiz.bmp
  • %Program Files%\GRETECH\GomPlayer\CodecFindSkin.jpn\top.bmp
  • %Program Files%\GRETECH\GomPlayer\Text.jpn\Copyright.txt
  • %Program Files%\GRETECH\GomPlayer\Text.jpn\History.txt
  • %Program Files%\GRETECH\GomPlayer\Text.jpn\JMDBNotice.txt
  • %Program Files%\GRETECH\GomPlayer\Text.jpn\Shortcut.txt
  • %Program Files%\GRETECH\GomPlayer\jmdbhtml\close_off_btn.gif
  • %Program Files%\GRETECH\GomPlayer\jmdbhtml\close_on_btn.gif
  • %Program Files%\GRETECH\GomPlayer\jmdbhtml\noticebg.gif
  • %Program Files%\GRETECH\GomPlayer\lang\GomJPN.dll
  • %Program Files%\GRETECH\GomPlayer\lang\GomWizJPN.dll
  • %Program Files%\GRETECH\GomPlayer\lang\ControlIDJPN.xml
  • %Program Files%\GRETECH\GomPlayer\lang\ControlIDJPN2.xml
  • %Program Files%\GRETECH\GomPlayer\skins\basic\BTN_CH.bmp
  • %Program Files%\GRETECH\GomPlayer\skins\basic\BTN_CONTROLPANEL.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\basic\BTN_FF.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\basic\BTN_MUTE_OFF.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\basic\BTN_MUTE_ON.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\basic\BTN_OPEN.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\basic\BTN_PAUSE.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\basic\BTN_PLAY.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\basic\BTN_PLAYLIST.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\basic\BTN_PREFERENCE_JPN.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\basic\BTN_REW.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\basic\BTN_SRCH.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\basic\BTN_STOP.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\basic\BTN_SYS_BORDER.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\basic\BTN_SYS_CLOSE.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\basic\BTN_SYS_FULLSCREEN.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\basic\BTN_SYS_MAINICON.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\basic\BTN_SYS_MAXIMIZE.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\basic\BTN_SYS_MINIMIZE.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\basic\BTN_SYS_RESTORE.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\basic\GomMain_JPN.swf
  • %Program Files%\GRETECH\GomPlayer\skins\basic\LIST.XML
  • %Program Files%\GRETECH\GomPlayer\skins\basic\MAIN_RGN_LB.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\basic\MAIN_RGN_LT.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\basic\MAIN_RGN_RB.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\basic\MAIN_RGN_RT.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\basic\SKIN.XML
  • %Program Files%\GRETECH\GomPlayer\skins\basic\SLIDER_MAIN.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\basic\SLIDER_MAIN_KNOB.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\basic\SLIDER_MAIN_KNOB_HOT.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\basic\SLIDER_MAIN_RANGE.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\basic\SLIDER_VOLUME_EMPTY.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\basic\SLIDER_VOLUME_FILL.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\basic\SLIDER_VOLUME_KNOB.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\basic\SLIDER_VOLUME_KNOB_HOT.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\basic\STATIC_CAPTION_ACT.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\basic\STATIC_CAPTION_FRAME.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\basic\STATIC_CAPTION_NOACT.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\basic\STATIC_CHANNEL_FRAME.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\basic\STATIC_CP_CLIENT.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\basic\STATIC_CP_INFO.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\basic\STATIC_CP_INFO2.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\basic\STATIC_CP_LEFT.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\basic\STATIC_CP_RIGHT.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\basic\STATIC_LEFTBOTTOM.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\basic\STATIC_LEFTFRAME.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\basic\STATIC_LEFTFRAME_BOTTOM.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\basic\STATIC_LEFTTOP.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\basic\STATIC_MAIN_BG.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\basic\STATIC_MAIN_BG2.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\basic\STATIC_RIGHTBOTTOM.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\basic\STATIC_RIGHTFRAME.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\basic\STATIC_RIGHTFRAME_BOTTOM.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\basic\STATIC_RIGHTTOP.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\basic\STATIC_SLIDER_BG.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\basic\STATIC_STATE_PAUSE.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\basic\STATIC_STATE_PLAY.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\basic\STATIC_STATE_READY.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\basic\STATIC_STATE_STOP.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\basic\Static_main_border.bmp
  • %Program Files%\GRETECH\GomPlayer\skins\basic\Static_main_logo.bmp
  • %Program Files%\GRETECH\GomPlayer\skins\basic\TIME_FONT.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\basic\CP\CLOSE.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\basic\CP\CON_BTN_BIGFF.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\basic\CP\CON_BTN_BIGREW.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\basic\CP\CON_BTN_FF.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\basic\CP\CON_BTN_RATE_DEFAULT_JPN.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\basic\CP\CON_BTN_RATE_DN_JPN.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\basic\CP\CON_BTN_RATE_UP_JPN.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\basic\CP\CON_BTN_REW.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\basic\CP\CON_BTN_SECTIONRPT_SET_E_JPN.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\basic\CP\CON_BTN_SECTIONRPT_SET_S_JPN.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\basic\CP\CON_BTN_SECTIONRPT_UNSET_JPN.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\basic\CP\CON_STATIC_SECTIONRPT.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\basic\CP\EQ_BTN_EQ_PRESETS_DEL_JPN.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\basic\CP\EQ_BTN_EQ_PRESETS_SAVE_JPN.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\basic\CP\EQ_BTN_PRESETS_LIST.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\basic\CP\EQ_BTN_PRESETS_RESET_JPN.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\basic\CP\EQ_BTN_USE.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\basic\CP\EQ_BTN_USE_ON.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\basic\CP\EQ_SLIDER_EMPTY.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\basic\CP\EQ_SLIDER_FILL.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\basic\CP\EQ_SLIDER_KNOB.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\basic\CP\EQ_SLIDER_PAN_EMPTY.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\basic\CP\EQ_SLIDER_PAN_KNOB.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\basic\CP\FRAME_AUDIO.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\basic\CP\FRAME_CONTROL_JPN.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\basic\CP\FRAME_DVD.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\basic\CP\FRAME_SUB_VIDEO.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\basic\CP\MAINFRAME.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\basic\CP\MAIN_AUDIO_JPN.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\basic\CP\MAIN_AUDIO_ON_JPN.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\basic\CP\MAIN_CONTROL_JPN.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\basic\CP\MAIN_CONTROL_ON_JPN.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\basic\CP\MAIN_DVD.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\basic\CP\MAIN_DVD_ON.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\basic\CP\MAIN_SUB_JPN.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\basic\CP\MAIN_SUB_ON_JPN.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\basic\CP\MAIN_VIDEO_JPN.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\basic\CP\MAIN_VIDEO_ON_JPN.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\basic\CP\SUB_POS_LTRT_JPN.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\basic\CP\SUB_POS_UPDN_JPN.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\basic\CP\SUB_SIZE_JPN.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\basic\CP\VIDEO_BTN_CAP2_JPN.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\basic\CP\VIDEO_BTN_CAP_JPN.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\basic\CP\VIDEO_BTN_LANGNEXT_JPN.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\basic\CP\VIDEO_BTN_PSTOGGLE_JPN.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\basic\CP\VIDEO_BTN_RESET.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\basic\CP\VIDEO_BTN_SUBB_JPN.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\basic\CP\VIDEO_BTN_SUBF_JPN.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\basic\CP\VIDEO_BT_JPN.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\basic\CP\VIDEO_CT_JPN.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\basic\CP\VIDEO_LINE.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\basic\CP\VIDEO_SLIDER_EMPTY.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\basic\CP\VIDEO_SLIDER_FILL.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\basic\CP\VIDEO_SLIDER_KNOB.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\basic\CP\VIDEO_ST_JPN.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\basic\INFOLINE\background.png
  • %Program Files%\GRETECH\GomPlayer\skins\basic\INFOLINE\infoline.html
  • %Program Files%\GRETECH\GomPlayer\skins\basic\LOGO\GomMain.bmp
  • %Program Files%\GRETECH\GomPlayer\skins\basic\LOGO\SOUNDONLY.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\basic\PL\BTN_REPEAT.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\basic\PL\BTN_REPEAT_ON.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\basic\PL\BTN_SHUFFLE.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\basic\PL\BTN_SHUFFLE_ON.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\basic\PL\LIST_BKGND.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\basic\PL\LIST_SLIDER_MAIN.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\basic\PL\LIST_SLIDER_MAIN_KNOB.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\basic\PL\MAINFRAME.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\basic\PL\MAINFRAME2.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\basic\PL\PL_BTN_ADD_MENU_JPN.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\basic\PL\PL_BTN_DEL_MENU_JPN.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\basic\PL\PL_BTN_LIST_MENU_JPN.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\basic\PL\PL_BTN_SEL_MENU_JPN.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\basic\PL\PL_BTN_SORT_MENU_JPN.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\basic\PL\PL_PLAYLIST_ITEM_FRAME.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\basic\PL\PL_PLAYLIST_SELITEM_FRAME.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\default\BTN_CONTROLPANEL_JPN.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\default\BTN_FF.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\default\BTN_MUTE_OFF.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\default\BTN_MUTE_ON.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\default\BTN_OPEN.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\default\BTN_PAUSE.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\default\BTN_PLAY.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\default\BTN_PLAYLIST_JPN.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\default\BTN_PREFERENCE.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\default\BTN_REW.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\default\BTN_STOP.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\default\BTN_SYS_CLOSE.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\default\BTN_SYS_FULLSCREEN.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\default\BTN_SYS_MAINICON.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\default\BTN_SYS_MAXIMIZE.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\default\BTN_SYS_MINIMIZE.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\default\BTN_SYS_RESTORE.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\default\LIST.XML
  • %Program Files%\GRETECH\GomPlayer\skins\default\LITE.XML
  • %Program Files%\GRETECH\GomPlayer\skins\default\MAIN_RGN_RB.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\default\MUSIC.XML
  • %Program Files%\GRETECH\GomPlayer\skins\default\SKIN.XML
  • %Program Files%\GRETECH\GomPlayer\skins\default\SLIDER_MAIN.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\default\SLIDER_MAIN_KNOB.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\default\SLIDER_MAIN_RANGE.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\default\SLIDER_VOLUME_EMPTY.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\default\SLIDER_VOLUME_FILL.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\default\SLIDER_VOLUME_KNOB.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\default\STATIC_CAPTION_ACT.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\default\STATIC_CAPTION_FRAME.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\default\STATIC_CAPTION_NOACT.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\default\STATIC_CP_BOTTOM.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\default\STATIC_CP_CLIENT.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\default\STATIC_CP_INFO_LEFT.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\default\STATIC_CP_INFO_MID.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\default\STATIC_CP_INFO_RIGHT.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\default\STATIC_CP_LEFT.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\default\STATIC_CP_RIGHT.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\default\STATIC_LEFTFRAME.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\default\STATIC_RIGHTFRAME.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\default\STATIC_STATE_PAUSE.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\default\STATIC_STATE_PLAY.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\default\STATIC_STATE_READY.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\default\STATIC_STATE_STOP.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\default\TIME_FONT.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\default\CP\CLOSE.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\default\CP\CON_BTN_BIGFF.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\default\CP\CON_BTN_BIGREW.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\default\CP\CON_BTN_FF.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\default\CP\CON_BTN_RATE_DEFAULT_JPN.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\default\CP\CON_BTN_RATE_DN_JPN.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\default\CP\CON_BTN_RATE_UP_JPN.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\default\CP\CON_BTN_REW.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\default\CP\CON_BTN_SECTIONRPT_SET_E_JPN.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\default\CP\CON_BTN_SECTIONRPT_SET_S_JPN.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\default\CP\CON_BTN_SECTIONRPT_UNSET_JPN.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\default\CP\CON_STATIC_SECTIONRPT.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\default\CP\EQ_BTN_EQ_PRESETS_DEL_JPN.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\default\CP\EQ_BTN_EQ_PRESETS_SAVE_JPN.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\default\CP\EQ_BTN_PRESETS_LIST.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\default\CP\EQ_BTN_PRESETS_RESET_JPN.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\default\CP\EQ_BTN_USE.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\default\CP\EQ_BTN_USE_ON.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\default\CP\EQ_FONT_SMALLNUM.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\default\CP\EQ_SLIDER_EMPTY.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\default\CP\EQ_SLIDER_FILL.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\default\CP\EQ_SLIDER_KNOB.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\default\CP\EQ_SLIDER_PAN_EMPTY.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\default\CP\EQ_SLIDER_PAN_KNOB.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\default\CP\FRAME_AUDIO.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\default\CP\FRAME_CONTROL_JPN.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\default\CP\FRAME_SUB_VIDEO.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\default\CP\MAINFRAME.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\default\CP\MAIN_AUDIO_JPN.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\default\CP\MAIN_AUDIO_ON_JPN.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\default\CP\MAIN_CONTROL_JPN.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\default\CP\MAIN_CONTROL_ON_JPN.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\default\CP\MAIN_DVD.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\default\CP\MAIN_DVD_ON.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\default\CP\MAIN_SUB_JPN.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\default\CP\MAIN_SUB_ON_JPN.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\default\CP\MAIN_VIDEO_JPN.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\default\CP\MAIN_VIDEO_ON_JPN.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\default\CP\SUB_POS_LTRT_JPN.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\default\CP\SUB_POS_UPDN_JPN.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\default\CP\SUB_SIZE_JPN.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\default\CP\VIDEO_BTN_CAP2_JPN.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\default\CP\VIDEO_BTN_CAP_JPN.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\default\CP\VIDEO_BTN_LANGNEXT_JPN.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\default\CP\VIDEO_BTN_PSTOGGLE_JPN.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\default\CP\VIDEO_BTN_RESET.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\default\CP\VIDEO_BTN_SUBB_JPN.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\default\CP\VIDEO_BTN_SUBF_JPN.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\default\CP\VIDEO_BT_JPN.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\default\CP\VIDEO_CT_JPN.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\default\CP\VIDEO_LINE.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\default\CP\VIDEO_SLIDER_EMPTY.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\default\CP\VIDEO_SLIDER_FILL.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\default\CP\VIDEO_SLIDER_KNOB.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\default\CP\VIDEO_ST_JPN.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\default\LOGO\BTN_AD.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\default\LOGO\GOM_JPN.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\default\LOGO\SIDE.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\default\LOGO\SOUNDONLY.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\default\LOGO\STATIC_AD.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\default\MUSIC\INFO_FRAME.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\default\MUSIC\SLIDER_MAIN_EMPTY.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\default\MUSIC\SLIDER_MAIN_FILL.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\default\MUSIC\SLIDER_MAIN_KNOB.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\default\MUSIC\SLIDER_VOLUME_EMPTY.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\default\MUSIC\SLIDER_VOLUME_FILL.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\default\MUSIC\SLIDER_VOLUME_KNOB.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\default\PL\BTN_PAUSE.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\default\PL\BTN_PLAY.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\default\PL\BTN_PLAYLISTNEXT.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\default\PL\BTN_PLAYLISTPREV.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\default\PL\BTN_REPEAT.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\default\PL\BTN_REPEAT_ON.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\default\PL\BTN_STOP.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\default\PL\BTN_SYS_MINIMIZE.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\default\PL\CLOSE.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\default\PL\LIST_BKGND.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\default\PL\LIST_FRAME.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\default\PL\LIST_SLIDER_MAIN.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\default\PL\LIST_SLIDER_MAIN_KNOB.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\default\PL\MAINFRAME.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\default\PL\MAINFRAME_temp.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\default\PL\MINIMIZE.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\default\PL\PL_BTN_ADD_MENU_JPN.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\default\PL\PL_BTN_DEL_MENU_JPN.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\default\PL\PL_BTN_LIST_MENU_JPN.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\default\PL\PL_BTN_SEL_MENU_JPN.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\default\PL\PL_BTN_SORT_MENU_JPN.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\default\PL\PL_PLAYLIST_ITEM_FRAME.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\default\PL\PL_PLAYLIST_SELITEM_FRAME.BMP
  • %Program Files%\GRETECH\GomPlayer\skins\default\PL\SLIDER_VOLUME_KNOB.BMP
  • %Program Files%\GRETECH\GomPlayer\logos\smile.jpg
  • %Program Files%\GRETECH\GomPlayer\Uninstall.exe

Agrega los procesos siguientes:

  • "%Program Files%\GRETECH\GomPlayer\KillGom.exe" GOM.EXE
  • "%Program Files%\GRETECH\GomPlayer\ShellRegister.exe"
  • "%Program Files%\GRETECH\GomPlayer\GOM.exe" /RegServer
  • "%Program Files%\GRETECH\GomPlayer\GOM.exe" /regassoc

(Nota: %Program Files% es la carpeta Archivos de programa predeterminada, que suele estar en C:\Archivos de programa).

)

Otras modificaciones del sistema

Agrega las siguientes entradas de registro:

HKEY_CURRENT_USER\Software\GRETECH\
GomPlayer
ProgramFolder = %Program Files%\GRETECH\GomPlayer

HKEY_CURRENT_USER\Software\GRETECH\
GomPlayer
ProgramPath = %Program Files%\GRETECH\GomPlayer\GOM.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
avis

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
avis\DefaultIcon

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
avis\shell\open\
command

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
gomcmd

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
gomcmd\DefaultIcon

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
gomcmd\shell\open\
command

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
gomlogo

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
gomlogo\DefaultIcon

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
gomlogo\shell\open\
command

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
GomPlayer.{file extension}\DefaultIcon

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
GomPlayer.{file extension}\shell

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
GomPlayer.{file extension}\shell\open\
command

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
jamak

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
jamak\DefaultIcon

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
jamak\shell\open\
command

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ogms

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ogms\DefaultIcon

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ogms\shell\open\
command

HKEY_LOCAL_MACHINE\SOFTWARE\GRETECH\
GomPlayer
ProgramFolder = %Program Files%\GRETECH\GomPlayer

HKEY_LOCAL_MACHINE\SOFTWARE\GRETECH\
GomPlayer
ProgramPath = %Program Files%\GRETECH\GomPlayer\GOM.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\App Paths\
GOM.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\App Paths\
GOM.exe
Path = %Program Files%\GRETECH\GomPlayer

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
GOM Player
DisplayIcon = "%Program Files%\GRETECH\GomPlayer\GOM.exe",0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
GOM Player
DisplayName = GOM Player

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
GOM Player
DisplayVersion = 2.1.26.5029

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
GOM Player
InstallLocation = %Program Files%\GRETECH\GomPlayer

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
GOM Player
Publisher = Gretech Corporation

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
GOM Player
UninstallString = "%Program Files%\GRETECH\GomPlayer\Uninstall.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
GOM Player
VersionMajor = 2

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
GOM Player
VersionMinor = 1

Otros detalles

Agrega las siguientes entradas de registro como parte de la rutina de instalación:

HKEY_CURRENT_USER\Software\GRETECH

HKEY_CURRENT_USER\Software\GRETECH\
GomPlayer

HKEY_CURRENT_USER\Software\GRETECH\
GomPlayer\OPTION

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Explorer\
FileExts\.{file extension}

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Explorer\
FileExts\.{file extension}\OpenWithList

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Explorer\
FileExts\.{file extension}\OpenWithProgids

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Explorer\
FileExts\.{file extension}\UserChoice

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
.{file extension}

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
avis

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
avis\DefaultIcon

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
avis\shell

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
avis\shell\open

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
avis\shell\open\
command

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
gomcmd

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
gomcmd\DefaultIcon

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
gomcmd\shell

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
gomcmd\shell\open

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
gomcmd\shell\open\
command

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
gomlogo

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
gomlogo\DefaultIcon

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
gomlogo\shell

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
gomlogo\shell\open

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
gomlogo\shell\open\
command

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Gomplayer.Skinfile

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Gomplayer.Skinfile\DefaultIcon

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Gomplayer.Skinfile\shell

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Gomplayer.Skinfile\shell\open

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Gomplayer.Skinfile\shell\open\
command

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
GomPlayer.{file extension}

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
GomPlayer.{file extension}\DefaultIcon

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
GomPlayer.{file extension}\shell

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
GomPlayer.{file extension}\shell\Enqueue

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
GomPlayer.{file extension}\shell\Enqueue\
Command

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
GomPlayer.{file extension}\shell\Enqueue\
DropTarget

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
GomPlayer.{file extension}\shell\open

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
GomPlayer.{file extension}\shell\open\
command

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
GomPlayer.{file extension}\shell\open\
DropTarget

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
GomWebCtrl.GomWeb

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
GomWebCtrl.GomWeb.1

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
GomWebCtrl.GomWeb.1\CLSID

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
GomWebCtrl.GomWeb\CLSID

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
GomWebCtrl.GomWeb\CurVer

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
jamak

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
jamak\DefaultIcon

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
jamak\shell

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
jamak\shell\open

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
jamak\shell\open\
command

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ogms

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ogms\DefaultIcon

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ogms\shell

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ogms\shell\open

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ogms\shell\open\
command

HKEY_LOCAL_MACHINE\SOFTWARE\GRETECH

HKEY_LOCAL_MACHINE\SOFTWARE\GRETECH\
GomPlayer

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\App Paths\
GOM.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
GOM Player

It connects to the following possibly malicious URL:

  • http://app.{BLOCKED}b.com/jpn/gom/Promotion_JPN.ini
  • http://promotion.{BLOCKED}er.jp/ini/setting.php
  • http://promotion.{BLOCKED}er.jp/promotion/Checker
  • http://www.{BLOCKED}b.com/
  • http://www.{BLOCKED}b.com/ipCheck/ipCheck.php

  SOLUTION

Minimum scan engine: 9.850
SSAPI Pattern-Datei: 2.317.00
SSAPI Pattern veröffentlicht am: 30 de июля de 2020

Step 1

Los usuarios de Windows ME y XP, antes de llevar a cabo cualquier exploración, deben comprobar que tienen desactivada la opción Restaurar sistema para permitir la exploración completa del equipo.

Step 2

Quitar PUA.Win32.GOMLab.A por medio de su propia opción de desinstalación

[ learnMore ]
Para desinstalar el proceso de grayware

Step 3

Explorar el equipo con su producto de Trend Micro para eliminar los archivos detectados como PUA.Win32.GOMLab.A En caso de que el producto de Trend Micro ya haya limpiado, eliminado o puesto en cuarentena los archivos detectados, no serán necesarios más pasos. Puede optar simplemente por eliminar los archivos en cuarentena. Consulte esta página de Base de conocimientos para obtener más información.


Did this description help? Tell us how we did.