» GunnyFire Client.exe
Overview
Analysis
File Details
Network (5)

GunnyFire Client.exe

wWw.GunnyFire.Com

The executable GunnyFire Client.exe, “GunnyFire Client 1.6” has been detected as malware by 11 anti-virus scanners. While running, it connects to the Internet address edge-star-mini-shv-01-hkg3.facebook.com on port 443.

File name:

Publisher:

wWw.GunnyFire.Com

Product:

wWw.GunnyFire.Com

Description:

GunnyFire Client 1.6

Version:

1.06

MD5:

9adff4a4209c182f8d2d740d8b7c44d3

SHA-1:

813de5907990bd454dc9228b6333480e60f19bbb

SHA-256:

9b51e249f55e88ea4adefdda52e720b9e8c8806518207c8b57b3fe80ae9f4a13

Scanner detections:

11 / 68

Status:

Malware

Analysis date:

11/25/2024 9:33:32 AM UTC (today)

Scan engine

Detection

Engine version

Avira AntiVirus

TR/Crypt.XPACK.Gen

7.11.150.104

AVG

Skodna.GameHack

2015.0.3458

Baidu Antivirus

Trojan.Win32.GameHack

4.0.3.14531

Bkav FE

HW32.TsCabk

1.3.0.4959

ESET NOD32

Win32/GameHack.PO (variant)

8.9820

Fortinet FortiGate

Riskware/GameHack

5/31/2014

IKARUS anti.virus

Trojan.Crypt

t3scan.1.6.1.0

McAfee

RDN/Generic PUP.x!bzl

5600.7114

Trend Micro House Call

TROJ_GEN.F47V0228

7.2.151

VIPRE Antivirus

Trojan.Win32.Generic

29386

File size:

1024 KB (1,048,576 bytes)

Product version:

1.06

wWw.GunnyFire.Com - Email: GunnyFire@yahoo.com

Trademarks:

wWw.GunnyFire.Com

Original file name:

GunnyFire Client.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\users\{user}\appdata\local\temp\{random}.tmp\gf_data\gunnyfire client.exe

File PE Metadata

Compilation timestamp:

12/18/2013 1:51:31 PM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

24576:hs/VTI3AVdaZdcIrX113REDi3+mp3qJ3esTCWDqvU/JZd4n/ySd:hs/VJYGED3RE2P+31Toxd

Entry address:

0xF355E

Entry point:

E9, 3B, 25, FF, FF, 8D, 64, 24, 20, 0F, 86, AC, 06, 00, 00, 66, 0F, AC, E6, 07, 66, 0F, AC, F6, 0D, 66, 87, F7, 83, E9, 01, 66, 0F, CF, D3, C7, A8, 1C, 66, 81, E7, F4, 20, 89, 4D, FC, 87, F9, 66, 09, F6, 66, 81, C7, 27, 03, 8B, 4D, F8, 66, BF, 20, EA, 66, 0F, A3, F6, 66, 21, CF, 66, 0F, B3, C7, 03, 4D, FC, 60, 66, 0F, B6, F9, 66, D3, CE, 31, E6, D1, E9, 66, F7, D7, 5F, 66, 81, E7, D7, 24, 8B, 3C, 8B, 66, 0F, B3, DE, 66, C1, DE, 02, E8, 20, F7, FE, FF, 83, EF, 04, 9C, F8, E8, 43, 57, FF, FF, F9, F5, 0F, 81... 
[+]

Entropy:

7.3916

Packer / compiler:

tElock 0.99 - 1.0 private

Code size:

100 KB (102,400 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):

Connects to static.vnpt.vn (113.171.232.231:80)

TCP (HTTP SSL):

Connects to edge-star-mini-shv-01-hkg3.facebook.com (31.13.95.36:443)

TCP (HTTP SSL):

Connects to zing.vn (118.102.1.159:443)

TCP (HTTP):

Connects to ptr.vng.vn (120.138.69.101:80)

Remove GunnyFire Client.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.