» gzguide.exe
Overview
Analysis
File Details
Behaviors (1)
Downloads (1)

gzguide.exe

sex

The application gzguide.exe has been detected as a potentially unwanted program by 24 anti-malware scanners. It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘5cd8f17f4086744065eb0992a09e05a2’. The file has been seen being downloaded from download967.mediafire.com.

File name:

gzguide.exe

Product:

sex

Version:

1.0.0.0

MD5:

21f00304286480abddb4ab74423afbc1

SHA-1:

6c2829c10ca0dcdb8b420b7cb03e914acd9cf6eb

SHA-256:

4ac161c94113f05898345034aa9d5c5bbe9d9564c0376952d2eda2483739b9e7

Scanner detections:

24 / 68

Status:

Potentially unwanted

Analysis date:

11/4/2024 5:13:55 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Trojan.GenericKD.2907627

305

Avira AntiVirus

TR/Krypt.70144.13

8.3.2.4

Arcabit

Trojan.Generic.D2C5DEB

1.0.0.629

avast!

Win32:Malware-gen

2014.9-160405

AVG

Atros2

2017.0.2783

Baidu Antivirus

Adware.MSIL.iBryte

4.0.3.1645

Bitdefender

Trojan.GenericKD.2907627

1.0.20.480

Emsisoft Anti-Malware

Trojan.GenericKD.2907627

8.16.04.05.07

ESET NOD32

MSIL/Kryptik.EKC (variant)

10.12702

Fortinet FortiGate

MSIL/Kryptik.EKC!tr

4/5/2016

F-Secure

Trojan.GenericKD.2907627

11.2016-05-04_3

G Data

Trojan.GenericKD.2907627

16.4.25

IKARUS anti.virus

Trojan.MSIL.Crypt

t3scan.1.9.5.0

K7 AntiVirus

Trojan

13.212.18074

Kaspersky

Trojan.MSIL.Disfa

14.0.0.409

McAfee

RDN/Generic.dx

5600.6439

Microsoft Security Essentials

Backdoor:MSIL/Bladabindi!rfn

1.1.12300.0

MicroWorld eScan

Trojan.GenericKD.2907627

17.0.0.288

nProtect

Trojan.GenericKD.2907627

15.12.10.01

Panda Antivirus

Trj/GdSda.A

16.04.05.07

Qihoo 360 Security

HEUR/QVM03.0.Malware.Gen

1.0.0.1077

Sophos

Mal/Generic-S

4.98

Trend Micro

TROJ_GEN.R047C0DL615

10.465.05

VIPRE Antivirus

Trojan.Win32.Generic

45742

File size:

68.5 KB (70,144 bytes)

Product version:

1.0.0.0

Original file name:

sex.exe

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\downloads\gzguide.exe

File PE Metadata

Compilation timestamp:

11/29/2015 12:53:41 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

.NET CLR dependent:

Yes

CTPH (ssdeep):

768:SMK1BUydbSnyilvsmg2XPSrnzgZFiginBhtAyYQnhvFb8LCzazYch8c5:SBRi+2fSjzjBhNXhvFbGCzSZ

Entry address:

0xF94E

Entry point:

FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00... 
[+]

Entropy:

5.5923

Developed / compiled with:

Microsoft Visual C# / Basic .NET

Code size:

54.5 KB (55,808 bytes)

Startup File (All Users Run)

Registry location:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

5cd8f17f4086744065eb0992a09e05a2

Command:

"C:\users\{user}\appdata\local\temp\trojan.exe"..

The file gzguide.exe has been seen being distributed by the following URL.

http://download967.mediafire.com/9hrnp0hwk5gg/.../gzguide.exe

Remove gzguide.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.