ggc 4.3.exe

QMacro

Fuzhou TianxiaChuangshi Digital Co.,Ltd.

The executable ggc 4.3.exe, “QMacro's macro runner.” has been detected as malware by 11 anti-virus scanners.
Publisher:
vrBrothers Corporation.   (signed by Fuzhou TianxiaChuangshi Digital Co.,Ltd.)

Product:
QMacro

Description:
QMacro's macro runner.

Version:
7, 3, 1, 6339

MD5:
106673dc351a54355ea619a2858b9bba

SHA-1:
ae566e86eed4a49a167a4bcffa8a2efebf22d49c

Scanner detections:
11 / 68

Status:
Malware

Analysis date:
12/12/2017 5:42:20 AM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
TR/Drop.Small.fqm
7.11.16.107

Bitdefender
Trojan.Generic.6746070
1.0.20.1290

Dr.Web
Trojan.DownLoader3.15289
9.0.1.0258

F-Secure
Trojan.Generic.6746070
11.2016-14-09_4

G Data
Trojan.Generic.6746070
16.9.22

Jiangmin
TrojanDropper.Small.fae
KV160914

McAfee
Artemis!106673DC351A
5600.6277

McAfee Web Gateway
Artemis!106673DC351A
7.6277

The Hacker
Trojan/Dropper.Small.flg
6.7.0.1.329

VIPRE Antivirus
Trojan.Win32.Generic.pak!cobra
10853

VirusBuster
Trojan.DR.Small!MFzjtx9ji50
14.1.26.0

File size:
1.9 MB (2,014,943 bytes)

Product version:
7, 3, 1, 6339

Copyright:
(C) vrBrothers Corporation. All rights reserved.

Original file name:
mymacro.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\Documents and Settings\{user}\My documents\downloads\ggc 4.3\ggc 4.3.exe

Digital Signature
Authority:
WoSign, Inc.

Valid from:
1/13/2010 8:00:00 AM

Valid to:
1/14/2011 7:59:59 AM

Subject:
CN="Fuzhou TianxiaChuangshi Digital Co.,Ltd.", OU=Class 3 - for Microsoft Authenticode Signing, O="Fuzhou TianxiaChuangshi Digital Co.,Ltd.", L=Fuzhou, S=Fujian, C=CN

Issuer:
CN=WoSign Code Signing Authority, O="WoSign, Inc.", C=US

Serial number:
03B3E80789FEE6ABE93DD972817E53F8

File PE Metadata
Compilation timestamp:
3/31/2010 10:54:02 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
24576:jGo+2V26gs0f0Zpd0+bRukUC7+jpTD9ih6uHgbpi:jH+0cf0Zz9Ci+jpTD9cHP

Entry address:
0x1FD4C

Entry point:
55, 8B, EC, 6A, FF, 68, F0, 5A, 4A, 00, 68, 34, FD, 41, 00, 64, A1, 00, 00, 00, 00, 50, 64, 89, 25, 00, 00, 00, 00, 83, EC, 68, 53, 56, 57, 89, 65, E8, 33, DB, 89, 5D, FC, 6A, 02, FF, 15, 3C, CD, 47, 00, 59, 83, 0D, C4, CE, 4E, 00, FF, 83, 0D, C8, CE, 4E, 00, FF, FF, 15, 40, CD, 47, 00, 8B, 0D, FC, AE, 4E, 00, 89, 08, FF, 15, 44, CD, 47, 00, 8B, 0D, F8, AE, 4E, 00, 89, 08, A1, 48, CD, 47, 00, 8B, 00, A3, C0, CE, 4E, 00, E8, 22, 01, 00, 00, 39, 1D, 68, 70, 4E, 00, 75, 0C, 68, DA, FE, 41, 00, FF, 15, 4C, CD...
 
[+]

Entropy:
5.8014

Developed / compiled with:
Microsoft Visual C++ v6.0

Code size:
492 KB (503,808 bytes)

Remove ggc 4.3.exe - Powered by Reason Core Security