Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Is GoTo by logmeIn a virus ?


  • Please log in to reply
3 replies to this topic

#1 Tester1

Tester1

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:07:23 PM

Posted 06 September 2017 - 01:06 PM

Hi. I have downloaded GoToWebinar Opener.exe by logmein, and I got a report from virustotal that says it has been detected by two antivirus programs : Panda (generic suspicion) and Yandex (Trojan.Kryptik!6B6JKGnoT+8)

 

I have been screening every possible explanation and it seems it might be a false positive. 

 

However, I don't know if it is really safe or not, so I post the detailed report by virus total.

 

Can anybody help me ? I am quite worried as I don't want to format my computer... I am even worried to suppress the file from my computer, since I don't know if it will just "burry it" without stopping it.

 

P.S. : I have also performed an on-drive analysis with karsperky, and checked the info in the KSN, which says it is safe.

 

Basic Properties
MD5
38a5ff96ec5ff429caca117921ff2d85
SHA-1
008e13f019a527c9843e6dbd26e7190a2518c37a
Authentihash
74cbd907a0b1ee8fd2b7ac5cc6564cf3914cb5b3ea209f86b199a487ecf415ff
Imphash
e58ab46f2a279ded0846d81bf0fa21f7
File Type
Win32 EXE
Magic
PE32 executable for MS Windows (GUI) Intel 80386 32-bit
SSDeep
6144:dB9Tar0tAE3Py+atfxkHp5yO7Kuq94EWXkWIAdpIlCpbb4oSww6BLydLMA4++s+4:drTAQ3Py+uJIpsO7K9BW1ilCpP4oSwwv
TRiD
UPX compressed Win32 Executable (39.3%) Win32 EXE Yoda's Crypter (38.6%) Win32 Dynamic Link Library (generic) (9.5%) Win32 Executable (generic) (6.5%) Generic Win/DOS Executable (2.9%)
File Size
293.93 KB
Tags
peexeupxsignedoverlay
History
Creation Time
2017-07-07 13:01:47
First Submission
2017-09-06 17:02:34
Last Submission
2017-09-06 17:02:34
Last Analysis
2017-09-06 17:02:34
Signature Date
2017-07-07 14:18:00
File Names
  • GoToWebinar Opener.exe
  • GoToOpener
  • GoToOpener.exe
Packers
F-PROT
UPX_LZMA
PEiD
UPX 2.93 [LZMA] -> Markus Oberhumer, Laszlo Molnar & John Reiser
Signature Info
Signature Verification
Signed file, valid signature
File Version Information
Copyright
Copyright © 2012-2017 LogMeIn, Inc.
Product
GoTo Opener
Description
GoTo Opener
Original Name
GoToOpener.exe
Internal Name
GoToOpener
File Version
1.0.0.467
Date Signed
2:18 PM 7/7/2017
Signers
  • LogMeIn, Inc.
  • Symantec Class 3 SHA256 Code Signing CA
  • VeriSign
Counter Signers
  • Symantec Time Stamping Services Signer - G4
  • Symantec Time Stamping Services CA - G2
  • Thawte Timestamping CA
Portable Executable Info
Header
Target Machine
Intel 386 or later processors and compatible processors
Compilation Timestamp
2017-07-07 13:01:47
Entry Point
817936
Contained Sections
3
Sections
Name
Virtual Address
Virtual Size
Raw Size
Entropy
MD5
UPX0
4096
598016
0
0
d41d8cd98f00b204e9800998ecf8427e
UPX1
602112
221184
219136
8
64cb2e90b89616c8e998be2cb3b4dd37
.rsrc
823296
69632
69632
6.85
96dbc24952caac8b6112b8f04c150daf
Imports
  • KERNEL32.DLL
Contained Resources By Type
RT DIALOG
95
RT STRING
76
RT ICON
12
RT GROUP ICON
2
RT VERSION
1
Contained Resources By Language
ENGLISH NEUTRAL
23
TURKISH DEFAULT
9
SPANISH NEUTRAL
9
RUSSIAN
9
PORTUGUESE NEUTRAL
9
Contained Resources
SHA-256
File Type
Type
Language
1db292b8a589c9ad9b187bbc49e873100345b5547ee39508ba3a410ac68a06d7
data
RT_ICON
ENGLISH NEUTRAL
feaccf5b4849780a43c03f9004a3cdd46c99c2b4f85af24003514d28309e93f7
data
RT_ICON
ENGLISH NEUTRAL
6b900485ef52ecbb4e29de3d42f9455cb70bc633ec8e7669ace6318cb2a0feb2
data
RT_ICON
ENGLISH NEUTRAL
cea5e1c45eea1d3e5c06b07a313c011a428e8ce8e1e74686eafa370cc3a4a207
data
RT_ICON
ENGLISH NEUTRAL
499bf019d6c6d85672cf6dd4a93e202460125a4fcad47fdb2a1d2986f7b00f7b
data
RT_ICON
ENGLISH NEUTRAL
ExifTool File Metadata

CharacterSet
Windows, Latin1
CodeSize
221184
CompanyName
LogMeIn, Inc.
EntryPoint
0xc7b10
FileDescription
GoTo Opener
FileFlagsMask
0x003f
FileOS
Windows NT 32-bit
FileSubtype
0
FileType
Win32 EXE
FileTypeExtension
exe
FileVersion
1.0.0.467
FileVersionNumber
1.0.0.467
ImageVersion
0.0
InitializedDataSize
69632
InternalName
GoToOpener
LanguageCode
English (U.S.)
LegalCopyright
Copyright 2012-2017 LogMeIn, Inc.
LinkerVersion
12.0
MIMEType
application/octet-stream
MachineType
Intel 386 or later, and compatibles
OSVersion
5.1
ObjectFileType
Dynamic link library
OriginalFileName
GoToOpener.exe
PEType
PE32
ProductName
GoTo Opener
ProductVersion
1.0.0.467
ProductVersionNumber
1.0.0.467
Subsystem
Windows GUI
SubsystemVersion
5.1
TimeStamp
2017:07:07 14:01:47+01:00
UninitializedDataSize
598016

 



BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,078 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:23 PM

Posted 08 September 2017 - 03:40 PM

Hi, If only 2 of the 40 scanners flag it, I'd say false positive.

Edited by boopme, 08 September 2017 - 03:43 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 Tester1

Tester1
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:07:23 PM

Posted 08 September 2017 - 05:59 PM

Ok thanks... So I have nothing to worry about, hopefully.



#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,078 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:23 PM

Posted 09 September 2017 - 09:53 AM

Looks OK. If you want to scan it we can.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




2 user(s) are reading this topic

0 members, 2 guests, 0 anonymous users