gxhhy.exe

Must have files

GCM

The application gxhhy.exe has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. This is a setup and installation application, however the file is not signed with an authenticode signature from a trusted source. The installer uses the InstallMonetizer platform which will donwload and install adware toolbars and other potentially unwanted software offers during setup. The file has been seen being downloaded from www.kafiridovishness.site.
Publisher:
GCM

Product:
Must have files

Description:
fast install

Version:
225.226.135.243

MD5:
c139862ebab1525f92c89833494ef774

SHA-1:
75fd5392bc01449a0caae017a9d6f31b1c8d6db0

SHA-256:
090c06d5364a15e6d2a9a66ed8a7418ced487cd6789bc50d85b71b2b84fb2584

Scanner detections:
1 / 68

Status:
Potentially unwanted

Explanation:
Uses the InstallMonetizer distribution platform to bundle adware.

Analysis date:
12/25/2024 4:27:04 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
Adware.InstallMonetizer.GCM.Installer.Meta (M)
16.5.19.9

File size:
1.1 MB (1,165,312 bytes)

Product version:
225.226.135.243

Copyright:
Rights 2000

Trademarks:
Mark Cap

Original file name:
file.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\local\microsoft\windows\inetcache\ie\{random}\gxhhy.exe

File PE Metadata
Compilation timestamp:
5/18/2016 3:24:47 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
24576:19DGS5EZfpMkKBeWfMaepGKTR/8W33HfzYG0XBCGsSDkSu/:SM+ffWfMaejFkW33uCaDy/

Entry address:
0x7BB4

Entry point:
E8, EE, 37, 00, 00, E9, 2D, FE, FF, FF, 55, 8B, EC, 56, FF, 75, 08, 8B, F1, E8, 5F, 00, 00, 00, C7, 06, 5C, 24, 42, 00, 8B, C6, 5E, 5D, C2, 04, 00, 55, 8B, EC, 56, FF, 75, 08, 8B, F1, E8, 5F, 00, 00, 00, C7, 06, 5C, 24, 42, 00, 8B, C6, 5E, 5D, C2, 04, 00, 55, 8B, EC, 56, FF, 75, 08, 8B, F1, E8, A0, 00, 00, 00, C7, 06, 44, 24, 42, 00, 8B, C6, 5E, 5D, C2, 04, 00, 55, 8B, EC, 56, 8D, 45, 08, 50, 8B, F1, E8, 44, 00, 00, 00, C7, 06, 44, 24, 42, 00, 8B, C6, 5E, 5D, C2, 04, 00, 55, 8B, EC, 56, FF, 75, 08, 8B, F1...
 
[+]

Entropy:
7.4929

Code size:
125 KB (128,000 bytes)

The file gxhhy.exe has been seen being distributed by the following URL.

Remove gxhhy.exe - Powered by Reason Core Security