» gg77.exe
Overview
Analysis
File Details
Downloads (12)

gg77.exe

Gadu-Gadu sp. z o.o.

This is a setup program which is used to install the application. The file has been seen being downloaded from storage.dobreprogramy.pl and multiple other hosts a known adware distribution point operated by dobreprogramy sp. z o.o..

File name:

gg77.exe

Publisher:

Gadu-Gadu sp. z o.o. (signed and verified)

MD5:

4240e99cbb509796f3cc1aaff2177b00

SHA-1:

90a17f324d6d987ad3c1c431ea47b0dc67d19d0e

SHA-256:

9fb5d5c08c13bc721fe074d893a46683f552721cf175c5931c978fe1ed0275c4

Scanner detections:

0 / 68

Status:

Clean (as of last analysis)

Analysis date:

11/24/2024 5:22:17 PM UTC (today)

File size:

4.1 MB (4,350,416 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\downloads\gg77.exe

Digital Signature

Signed by:

Gadu-Gadu sp. z o.o.

Authority:

Thawte Consulting (Pty) Ltd.

Valid from:

7/4/2006 10:35:16 AM

Valid to:

7/3/2008 10:35:16 AM

Subject:

CN=Gadu-Gadu sp. z o.o., OU="", O=Gadu-Gadu sp. z o.o., L=Warszawa, S=Mazowieckie, C=PL

Issuer:

CN=Thawte Code Signing CA, O=Thawte Consulting (Pty) Ltd., C=ZA

Serial number:

74787415D7D8AC77D4586C9AC05617FD

File PE Metadata

Compilation timestamp:

8/6/2006 10:09:31 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

98304:t3FK3kRVu/hPQ4revKlrau9RKgqdHpeT0+zAZvflcsF3WQCqV5TdbRWxJfIF:JQ3kUY4CvKVRVqKACAZvfj3WQCQlu1IF

Entry address:

0x375C0

Entry point:

60, BE, 00, 30, 43, 00, 8D, BE, 00, E0, FC, FF, 57, 83, CD, FF, EB, 10, 90, 90, 90, 90, 90, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, EF, 75, 09, 8B, 1E, 83, EE, FC, 11, DB, 73, E4, 31, C9, 83, E8, 03, 72, 0D, C1, E0, 08, 8A, 06, 46, 83, F0, FF, 74, 74, 89, C5, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, 75, 20, 41, 01, DB, 75... 
[+]

Packer / compiler:

UPX 2.90LZMA]

Code size:

20 KB (20,480 bytes)

The file gg77.exe has been seen being distributed by the following 12 URLs.

http://storage.dobreprogramy.pl/.../gg77(dobreprogramy.pl).exe

http://s10607.chomikuj.pl/File.aspx?e=_LWfof3ilxSP15wCpTvPVBqhcINjDKs6994P0DyHIPXg2Y2QpFfq_Yqj8TqRzkCLMGi7rq3q3pFwxTYX4tNEhYnmJFJbkIoVDD599TorE-JaFCAkp2Ev7DiNJttm2XU2G5bmPZIyTKx60Ni9DYMi1g&pv=2

http://s10607.chomikuj.pl/File.aspx?e=_LWfof3ilxSP15wCpTvPVBerxBc1wMLIHEtgLaZm7dxSe430D11KdZLPz6tW_gAwcokts-YW9k3Q9wWVc9-1laR08JHnTtUPmilONLMPBMxyeksCWRRoCETnnCqQhVd5fStb7j2MDYOUssCvY-Kw_g&pv=2

http://s10607.chomikuj.pl/File.aspx?e=_LWfof3ilxSP15wCpTvPVDPW4DPLdRLzW46BVLlrAU-normyloNfItmMPiOh95FQhSZqWeaQupmTHlbVxQLGKgjZFv4hRW8gNFjCXAUyT2mvaUh2CKulRQxu8rpiNIGGFqRRr7-A18yTf_4VbRzLww&pv=2

http://s10851.chomikuj.pl/File.aspx?e=_LWfof3ilxSP15wCpTvPVGaiNPL_RwMlUZHLkQFyPKvEe1QxembII8w_8iIELjE38GPNM56kTdYPdEvwwhKASyIBsRvDmysLI5pOQSJzXPay2tzsh2y8AIY5gyQ6PG5dzv2UXCQ1nAdQRA3h9JTQlfeZc7mIU8YZQtQy636LM14&pv=2

ftp://ftp.komputerswiat.pl/InternetISieci/Komunikatory/.../gg77.exe

http://s10851.chomikuj.pl/File.aspx?e=_LWfof3ilxSP15wCpTvPVJVWJOQLsczLKTtia5MToRC7A5et8Pzz5Zk0Ar6CYxvir-CyNc4lPGQ81dfD6vzRpjCVOSu3IH_WKyCUhNsSLzJbjBajlhef86h1cOVHRguBV0GsZOwOV5P1aqTm4Aced6MrjilLeh0GWamy6jx1vkQ&pv=2

http://download.instalki.org/programy/Windows/Internet/.../gg77_www.INSTALKI.pl.exe

http://192.168.1.1/.../gg77.exe

http://storage3.dobreprogramy.pl/.../gg77(dobreprogramy.pl).exe

http://luke1993.neostrada.pl/gg77.exe

http://s10851.chomikuj.pl/File.aspx?e=_LWfof3ilxSP15wCpTvPVPS7hU0A74o5JyxSaKmQBv7DX3qdqd4S6BIhU2Y-963GoqUwI7oSSF0e50jHekdgWmh13z72XAyFXcRdsKgFJc_eOZgts7rqf2eiWcVoo7cFRZUo7FTGkNhMXcncYxka7Q&pv=2

Scan gg77.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.