» GSZWjyfm.exe
Overview
Analysis
File Details

GSZWjyfm.exe

GSZWjyfm

Dinosaur

The file GSZWjyfm.exe has been detected as malware by 14 anti-virus scanners.

File name:

GSZWjyfm.exe

Publisher:

Dinosaur (signed and verified)

Product:

GSZWjyfm

Version:

2.1.4.7

MD5:

97a249810c231b31b11b6eddda33e955

SHA-1:

d35f7cfe5d1bbaeb266d801d66212f09a16ef70d

SHA-256:

40e3d8dcaf4a548a68848648ef6c748acdc714ad7ec579a50ac0aaa2ab5f9157

Scanner detections:

14 / 68

Status:

Malware

Analysis date:

11/24/2024 11:50:46 PM UTC (a few moments ago)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Trojan.Generic.13128564

335

Avira AntiVirus

TR/Injector.549392.1

3.6.1.96

AVG

MSIL7

2017.0.2813

Bitdefender

Trojan.Generic.13128564

1.0.20.330

Emsisoft Anti-Malware

Trojan.Generic.13128564

8.16.03.06.10

ESET NOD32

MSIL/Injector.IZQ (variant)

10.11450

Fortinet FortiGate

MSIL/Injector.IXP!tr

3/6/2016

G Data

Trojan.Generic.13128564

16.3.25

IKARUS anti.virus

Trojan.MSIL.Injector

t3scan.1.8.9.0

K7 AntiVirus

Trojan

13.202.15544

McAfee

Artemis!97A249810C23

5600.6469

MicroWorld eScan

Trojan.Generic.13128564

17.0.0.198

nProtect

Trojan.Generic.13128564

15.04.09.02

Qihoo 360 Security

HEUR/QVM03.0.Malware.Gen

1.0.0.1015

File size:

536.5 KB (549,392 bytes)

Product version:

2.1.4.7

Original file name:

GSZWjyfm.exe

Language:

Language Neutral

Common path:

C:\users\{user}\appdata\local\temp\e9bb.tmp

Digital Signature

Signed by:

Dinosaur

Authority:

getaCert - www.getacert.com

Valid from:

4/2/2015 3:58:13 AM

Valid to:

6/1/2015 3:58:13 AM

Subject:

E=LOL@run.away, CN=Melaldon, OU=Carnivore, O=Dinosaur, L=Cali, S=Pandora, C=NL

Issuer:

O=getaCert - www.getacert.com, L=Seattle, S=Washington, C=US

Serial number:

0DF6

File PE Metadata

Compilation timestamp:

4/3/2015 11:13:37 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

.NET CLR dependent:

Yes

CTPH (ssdeep):

12288:sEzpQsCKYf9bSzkOyBvjy88LeB3/KfAjrn2CcXF3g:sE165SQOyBvjd86BcF3g

Entry address:

0x760BE

Entry point:

FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00... 
[+]

Entropy:

7.7776

Developed / compiled with:

Microsoft Visual C# / Basic .NET

Code size:

464.5 KB (475,648 bytes)

Remove GSZWjyfm.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.