home

GGTray.exe

巨盾网游安全盾托盘模块

ShangHai YouAn Network Technology Co., Ltd.

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘GGSafe’.
Publisher:
上海游安网络科技有限公司  (signed by ShangHai YouAn Network Technology Co., Ltd.)

Product:
巨盾网游安全盾托盘模块

Version:
1,0,0,20

MD5:
a0c3051277f484b32eecefb81e2eb58f

SHA-1:
5b2658859bc4288facd1505a506a6f67213721fa

SHA-256:
1107d8efb13757a2740804cfe83fa722fb86f28b5a52dac5fa205e923a8f6e3d

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
4/20/2024 2:45:24 PM UTC  (today)

File size:
72.1 KB (73,864 bytes)

Product version:
1,0,0,20

Copyright:
巨盾安全实验室。保留所有权利(C)。

Original file name:
GGTray.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\Program Files\youan\ggsafe\ggtray.exe

Digital Signature
Signed by:
ShangHai YouAn Network Technology Co., Ltd.

Authority:
WoSign eCommerce Services Limited

Valid from:
8/8/2011 1:59:50 PM

Valid to:
8/11/2014 8:08:05 AM

Subject:
E=hprotect@gmail.com, CN="ShangHai YouAn Network Technology Co., Ltd.", O="ShangHai YouAn Network Technology Co., Ltd.", L=Shanghai, S=Shanghai, C=CN

Issuer:
CN=WoSign Class 3 Code Signing CA, O=WoSign eCommerce Services Limited, C=CN

Serial number:
16560511BE2267

File PE Metadata
Compilation timestamp:
8/29/2013 12:50:09 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

CTPH (ssdeep):
1536:4NMB/rWgoKEd59zkDOYJN4jxOBI05528hdd5zFxVvdeIyG:4NInwtKJejc5hdvTe

Entry address:
0x1DEB0

Entry point:
60, BE, 00, 60, 41, 00, 8D, BE, 00, B0, FE, FF, 57, EB, 0B, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, EF, 75, 09, 8B, 1E, 83, EE, FC, 11, DB, 73, E4, 31, C9, 83, E8, 03, 72, 0D, C1, E0, 08, 8A, 06, 46, 83, F0, FF, 74, 74, 89, C5, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, 75, 20, 41, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB...
 
[+]

Entropy:
6.9036

Packer / compiler:
UPX v0.89.6 - v1.02 / v1.05 -v1.24

Code size:
36 KB (36,864 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
GGSafe

Command:
"C:\Program Files\youan\ggsafe\ggtray.exe" \run0


Scan GGTray.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.