gg_super_reader_v3_33.exe

Microsoft Windows Operating System

Microsoft Corporation.

The executable gg_super_reader_v3_33.exe, “Proces hosta dla usług systemu Windows” has been detected as malware by 31 anti-virus scanners. This is a setup program which is used to install the application. The file has been seen being downloaded from s5876.chomikuj.pl.
Publisher:
Microsoft Corporation.

Product:
Microsoft® Windows® Operating System

Description:
Proces hosta dla usług systemu Windows

Version:
6.1.7600.16385

MD5:
8d3594bf6086f1ab42427cf6e8733082

SHA-1:
6fdc22bb01c92c0345bd4f3aa447a238f4e00c83

SHA-256:
103f371596f053b90e58da2212663389326f18fc708986a5ac8623d30aa276c1

Scanner detections:
31 / 68

Status:
Malware

Analysis date:
11/16/2024 4:38:23 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Heur.MSIL.Krypt.2
253

Avira AntiVirus
Worm/AgoBot.rfh
7.11.214.252

avast!
Win32:Malware-gen
2014.9-160527

AVG
Worm/Agobot
2017.0.2731

Baidu Antivirus
Trojan.Win32.Fsysna
4.0.3.16527

Bitdefender
Gen:Heur.MSIL.Krypt.2
1.0.20.740

Comodo Security
UnclassifiedMalware
21344

Dr.Web
Trojan.Siggen5.10444
9.0.1.0148

Emsisoft Anti-Malware
Gen:Heur.MSIL.Krypt
8.16.05.27.10

ESET NOD32
MSIL/Spy.Agent.GN (variant)
10.11289

Fortinet FortiGate
W32/AgoBot.RZR!tr.bdr
5/27/2016

F-Secure
Gen:Heur.MSIL.Krypt.2
11.2016-27-05_6

G Data
Gen:Heur.MSIL.Krypt
16.5.25

IKARUS anti.virus
Trojan.SuspectCRC
t3scan.1.8.6.0

K7 AntiVirus
Riskware
13.200.15197

Kaspersky
Trojan.Win32.Fsysna
14.0.0.148

Malwarebytes
Trojan.Dropper
v2016.05.27.10

McAfee
Artemis!8D3594BF6086
5600.6387

Microsoft Security Essentials
Trojan:Win32/Orsam!rts
1.1.11400.0

MicroWorld eScan
Gen:Heur.MSIL.Krypt.2
17.0.0.444

NANO AntiVirus
Trojan.Win32.Agobot.bmyiff
0.30.0.296

Norman
Troj_Generic.JRJLH
11.20160527

nProtect
Backdoor/W32.AgoBot.229376.C
15.03.06.01

Panda Antivirus
Trj/CI.A
16.05.27.10

Qihoo 360 Security
Win32/Trojan.751
1.0.0.1015

Quick Heal
Backdoor.Agobot.r3
5.16.14.00

Rising Antivirus
PE:Trojan.Win32.Generic.149D592C!345856300
23.00.65.16525

Sophos
Mal/Generic-S
4.98

Vba32 AntiVirus
Backdoor.Agobot
3.12.26.3

VIPRE Antivirus
Trojan.Win32.Generic
38256

Zillya! Antivirus
Backdoor.Agobot.Win32.4686
2.0.0.2091

File size:
224 KB (229,376 bytes)

Product version:
6.1.7600.16385

Copyright:
© Microsoft Corporation. All rights reserved.

Original file name:
svchost.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\microsoft\windows\inetcache\ie\{random}\gg_super_reader_v3_33.exe

File PE Metadata
Compilation timestamp:
12/20/2012 1:06:57 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
3072:Ce2Z1jjpucxUI4Htp1UUkEz/PJi8T32niIm5q3I19vCl:C/3jo3Hz1D/lTGil19vC

Entry address:
0x36F4E

Entry point:
FF, 25, 00, 20, 00, 11, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
212 KB (217,088 bytes)

The file gg_super_reader_v3_33.exe has been seen being distributed by the following URL.

Remove gg_super_reader_v3_33.exe - Powered by Reason Core Security