» gunny_launcher.exe
Overview
Analysis
File Details
Downloads (2)
Network (1)

gunny_launcher.exe

桌面客户端

7Road

The executable gunny_launcher.exe has been detected as malware by 5 anti-virus scanners. This is a setup program which is used to install the application. The file has been seen being downloaded from download1192.mediafire.com and multiple other hosts. While running, it connects to the Internet address game.zing.vn on port 80 using the HTTP protocol.

File name:

gunny_launcher.exe

Publisher:

7Road

Product:

桌面客户端

Version:

1.0.0.1

MD5:

0c9bc45b7268d667a516f5dd50562528

SHA-1:

8fd8491f7f70cc80060c1d3ce1fa40f123484433

SHA-256:

8cc98345b2ccf8f46901be9aa4b1c68ef17d38b05f3335c6f520570bf69d3397

Scanner detections:

5 / 68

Status:

Malware

Analysis date:

11/16/2024 5:29:58 AM UTC (today)

Scan engine

Detection

Engine version

avast!

Win32:Dropper-gen [Drp]

2014.9-160115

G Data

Win32.Trojan.Agent.MKPNI7

16.1.25

IKARUS anti.virus

Trojan.Dropper-gen

t3scan.1.9.5.0

McAfee

Artemis!0C9BC45B7268

5600.6520

VIPRE Antivirus

Trojan.Win32.Generic

45394

File size:

3.9 MB (4,065,280 bytes)

Product version:

1.0.0.1

Original file name:

DDTClient.exe

File type:

Executable application (Win32 EXE)

Language:

Chinese (Simplified, PRC)

Common path:

C:\users\{user}\downloads\gunny_launcher.exe

File PE Metadata

Compilation timestamp:

10/25/2012 12:10:50 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

98304:6KT8YgbCpDmwe0tvgKHRzfxkjeWEbGaUwvcOHET9QuIMjb:6o80Bht05GGaUwvceL

Entry address:

0x110C55

Entry point:

E8, 8E, 7C, 00, 00, E9, 89, FE, FF, FF, 3B, 0D, 48, 8B, 58, 00, 75, 02, F3, C3, E9, 15, 7D, 00, 00, 8B, FF, 51, C7, 01, 18, E5, 55, 00, E8, 0D, 7E, 00, 00, 59, C3, 8B, FF, 55, 8B, EC, 56, 8B, F1, E8, E3, FF, FF, FF, F6, 45, 08, 01, 74, 07, 56, E8, CC, 14, F0, FF, 59, 8B, C6, 5E, 5D, C2, 04, 00, 8B, FF, 55, 8B, EC, 8B, 45, 08, 83, C1, 09, 51, 83, C0, 09, 50, E8, 4C, 7E, 00, 00, F7, D8, 59, 1B, C0, 59, 40, 5D, C2, 04, 00, 8B, FF, 55, 8B, EC, 83, EC, 20, 53, 57, 33, DB, 6A, 07, 33, C0, 59, 8D, 7D, E4, 89, 5D... 
[+]

Code size:

1.2 MB (1,271,808 bytes)

The file gunny_launcher.exe has been seen being distributed by the following 2 URLs.

http://download1192.mediafire.com/vc0d3ovvo6yg/.../gunny_launcher.exe

http://download1242.mediafire.com/6i2l71ypkydg/.../gunny_launcher.exe

The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):

Connects to game.zing.vn (49.213.68.38:80)

Remove gunny_launcher.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.