» gwxux
Overview
Analysis
File Details

gwxux

Salung International Corporation

The file gwxux has been detected as malware by 27 anti-virus scanners.

File name:

gwxux

Publisher:

Salung International Corporation (signed and verified)

MD5:

3c48ba47883f72e052cb47b59f050517

SHA-1:

31345fdedf763d5dc8451029d14b9b5ea6eca1f4

SHA-256:

25e4c2b4a2951b281c58e5aea224cf6aef34a93985d12ffebbed5dd7dea476e9

Scanner detections:

27 / 68

Status:

Malware

Analysis date:

11/24/2024 7:28:37 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Trojan.GenericKD.3353896

Avira AntiVirus

TR/Dropper.MSIL.culw

8.3.3.4

Arcabit

Trojan.Generic.D332D28

1.0.0.741

avast!

Win32:Malware-gen

2014.9-170123

AVG

Atros3

2018.0.2490

Baidu Antivirus

Win32.Trojan.WisdomEyes.151026.9950

4.0.3.17123

Bitdefender

Trojan.GenericKD.3353896

1.0.20.115

Comodo Security

TrojWare.MSIL.Kryptik.~GMH

25390

Emsisoft Anti-Malware

Trojan.GenericKD.3353896

8.17.01.23.07

ESET NOD32

MSIL/Kryptik.GMH (variant)

11.13755

Fortinet FortiGate

MSIL/Kryptik.GMH!tr

1/23/2017

F-Secure

Trojan.GenericKD.3353896

11.2017-23-01_2

G Data

Trojan.GenericKD.3353896

17.1.25

IKARUS anti.virus

Trojan.MSIL.Crypt

t3scan.2.1.6.0

K7 AntiVirus

Trojan

13.232.20141

Kaspersky

Trojan-Dropper.Win32.Dapato

14.0.0.-1056

Malwarebytes

Backdoor.Bot

v2017.01.23.07

McAfee

RDN/Generic.grp

5600.6146

Microsoft Security Essentials

Trojan:Win32/Dynamer!ac

1.1.12902.0

MicroWorld eScan

Trojan.GenericKD.3353896

18.0.0.69

nProtect

Trojan.GenericKD.3353896

16.07.05.01

Panda Antivirus

Trj/GdSda.A

17.01.23.07

Qihoo 360 Security

Win32/Trojan.Dropper.0ad

1.0.0.1120

Quick Heal

(Suspicious) - DNAScan

1.17.14.00

Sophos

Mal/Generic-S

4.98

Trend Micro

TROJ_GEN.R02KC0DG316

10.465.23

VIPRE Antivirus

Trojan.Win32.Generic

50618

File size:

877.5 KB (898,600 bytes)

Common path:

C:\users\{user}\appdata\roaming\gwxux

Digital Signature

Signed by:

Salung International Corporation

Authority:

Salung International Corporation

Valid from:

6/25/2016 5:45:36 AM

Valid to:

6/26/2026 5:45:36 AM

Subject:

E=sales@salung.com, CN=www.salung.com, OU=Sales Department, O=Salung International Corporation, L=Columbus, S=Ohio, C=US

Issuer:

E=sales@salung.com, CN=www.salung.com, OU=Sales Department, O=Salung International Corporation, L=Columbus, S=Ohio, C=US

Serial number:

00866E0A24F3686932

File PE Metadata

Compilation timestamp:

6/28/2016 7:47:24 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

8.0

.NET CLR dependent:

Yes

Entry address:

0x7E4CE

Entry point:

FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00... 
[+]

Entropy:

6.7502

Developed / compiled with:

Microsoft Visual C# / Basic .NET

Code size:

500 KB (512,000 bytes)

Remove gwxux - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.