» gdirector.exe
Overview
Analysis
File Details

gdirector.exe

Gizmo Director

Arainia Solutions, LLC

The executable gdirector.exe has been detected as malware by 12 anti-virus scanners.

File name:

gdirector.exe

Publisher:

Arainia Solutions, LLC (signed and verified)

Product:

Gizmo Director

Version:

v2.7.9

MD5:

a10f916176682b28933ce833b52e79c9

SHA-1:

0384bb29e226fb1e238e2c8dc58305a92779985b

SHA-256:

99fe9b1dda377a3e9853e84ecea5d7f98f1cbd453f6d230a8056d944e4bc467c

Scanner detections:

12 / 68

Status:

Malware

Analysis date:

7/7/2025 7:53:47 PM UTC (today)

Scan engine

Detection

Engine version

avast!

Win32:Mabezat [Wrm]

160518-2

AVG

Worm/Mabezat.A.dropper

2015.0.4568

Dr.Web

Win32.HLLW.Tazebama

9.0.1.05190

Emsisoft Anti-Malware

Win32.Worm.Mabezat.Gen

11.5.0.6191

ESET NOD32

Win32/Mabezat.A virus

8.0.319.0

F-Prot

W32/Mabezat.A-1

4.6.5.141

F-Secure

Win32.Worm.Mabezat.Gen

5.15.96

Kaspersky

Worm.Win32.Mabezat

15.0.0.562

McAfee

Virus.W32/Mabezat.c

18.0.204.0

Microsoft Security Essentials

Threat.Undefined

1.223.15.0

Norman

Win32.Worm.Mabezat.Gen

19.05.2016 05:17:13

Sophos

Virus 'W32/Mabezat-B'

5.23

File size:

278.8 KB (285,455 bytes)

Product version:

v2.7

Original file name:

gdirector.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\Documents and Settings\{user}\Local settings\temp\{random}.tmp\gdirector.exe

Digital Signature

Signed by:

Arainia Solutions, LLC

Authority:

VeriSign, Inc.

Valid from:

4/25/2011 7:30:00 PM

Valid to:

5/11/2014 7:29:59 PM

Subject:

CN="Arainia Solutions, LLC", OU=Digital ID Class 3 - Microsoft Software Validation v2, O="Arainia Solutions, LLC", L=Kirkland, S=Washington, C=US

Issuer:

CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

51E68CF029AE755032D4A77D37DD7D5C

File PE Metadata

Compilation timestamp:

5/7/2011 11:24:42 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

6144:YS5sI6lQMGHcfjnUNcbpVyGUAIaz3Q0j0SNU1:vyI6GM4OL1/ZUAvlNg

Entry address:

0x53160

Entry point:

BB, 58, 2A, 45, 00, FF, E3, 00, 00, 30, FC, FF, 57, 83, CD, FF, EB, 10, 90, 90, 90, 90, 90, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, 0B, 75, 19, 8B, 1E, 83, EE, FC, 11, DB, 72, 10, 48, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, EB, D4, 31, C9, 83, E8, 03, 72, 11, C1, E0, 08, 8A, 06, 46, 83, F0, FF, 74, 78, D1, F8, 89, C5, EB, 0B, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11... 
[+]

Code size:

88 KB (90,112 bytes)

Remove gdirector.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.