» gj.exe
Overview
Analysis
File Details

gj.exe

Andrew Kruzov

The is the installer for the WebPick InstalleRex download manager which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed without consent. The application gj.exe by Andrew Kruzov has been detected as adware by 28 anti-malware scanners. It is built using the Crossrider cross-browser extension toolkit. While the file utilizes the Crossrider framework and delivery services, it is not owned by Crossrider. It is also typically executed from an Internet Explorer cache folder.

File name:

gj.exe

Publisher:

Andrew Kruzov (signed and verified)

MD5:

b75287ce7b83e17ce6ef548a6c4907a1

SHA-1:

25d90d1be70a6e8ee1a181f1c5a77103b7133794

SHA-256:

d8381e509613003799b3bd5a2e04c803937bd1e64329a3b577b1cef35214224f

Scanner detections:

28 / 68

Status:

Adware

Explanation:

The software may change the browser's home page and search provider settings as well as display advertisements.

Analysis date:

4/24/2024 5:46:39 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.Adware.Dropper.101

877

Agnitum Outpost

PUA.MultiPlug

7.1.1

Avira AntiVirus

TR/Graftor.141601.A

7.11.171.148

avast!

Win32:PUP-gen [PUP]

140908-2

AVG

Adware Generic_r.JY

2014.0.4015

Bitdefender

Gen:Variant.Adware.Dropper.101

1.0.20.1265

Clam AntiVirus

Win.Adware.Agent-6743

0.98/19348

Comodo Security

Application.Win32.Multiplug.GETF

19471

Dr.Web

Trojan.Crossrider.14455

9.0.1.05190

Emsisoft Anti-Malware

Gen:Variant.Adware.Dropper.101

14.09.10

ESET NOD32

Win32/AdWare.MultiPlug.R application

7.0.302.0

F-Prot

W32/MultiPlug.C.gen

v6.4.7.1.166

F-Secure

Gen:Variant.Adware.Dropper.101

11.2014-10-09_4

G Data

Gen:Variant.Adware.Dropper.101

14.9.24

IKARUS anti.virus

Win32.SuspectCrc

t3scan.1.7.8.0

K7 AntiVirus

Unwanted-Program

13.183.13333

Kaspersky

not-a-virus:HEUR:AdWare.Win32.Agent

14.0.0.3272

Malwarebytes

PUP.Optional.MultiPlug

v2014.09.10.01

McAfee

PUP-FID

5600.7011

MicroWorld eScan

Gen:Variant.Adware.Dropper.101

15.0.0.759

NANO AntiVirus

Riskware.Win32.Agent.cwzhej

0.28.2.61942

Panda Antivirus

Trj/Genetic.gen

14.09.10.01

Quick Heal

AdWare.MultiPlag.ace

9.14.14.00

Reason Heuristics

PUP.AndrewKruzov.C

14.9.10.12

Rising Antivirus

PE:Malware.MultiPlug!6.13CF

23.00.65.14908

Sophos

Adware.MultiPlug

5.05

Vba32 AntiVirus

AdWare.Win64.MultiPlag

3.12.26.3

VIPRE Antivirus

Threat.4150696

32938

File size:

1.5 MB (1,618,992 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\gj.exe

Digital Signature

Signed by:

Andrew Kruzov

Authority:

COMODO CA Limited

Valid from:

9/26/2013 8:00:00 PM

Valid to:

9/27/2014 7:59:59 PM

Subject:

CN=Andrew Kruzov, O=Andrew Kruzov, STREET=Savrasova 31, L=Kiev, S=Kiev, PostalCode=03110, C=UA

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

53C0E7306A4ED340CBA044D801891A67

File PE Metadata

Compilation timestamp:

4/16/2014 5:41:29 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

CTPH (ssdeep):

49152:XZ7kTMCI+VApT1LdCtRCV5CMuL/k1OfeZPSX+CW:1aMCIfT1LdgCbCnL/myeZqXBW

Entry address:

0x1098B

Entry point:

E8, CE, 49, 00, 00, E9, 00, 00, 00, 00, 6A, 14, 68, 18, 21, 42, 00, E8, AF, 20, 00, 00, E8, E0, 07, 00, 00, 0F, B7, F0, 6A, 02, E8, 61, 49, 00, 00, 59, B8, 4D, 5A, 00, 00, 66, 39, 05, 00, 00, 40, 00, 74, 04, 33, DB, EB, 33, A1, 3C, 00, 40, 00, 81, B8, 00, 00, 40, 00, 50, 45, 00, 00, 75, EB, B9, 0B, 01, 00, 00, 66, 39, 88, 18, 00, 40, 00, 75, DD, 33, DB, 83, B8, 74, 00, 40, 00, 0E, 76, 09, 39, 98, E8, 00, 40, 00, 0F, 95, C3, 89, 5D, E4, E8, 20, 37, 00, 00, 85, C0, 75, 08, 6A, 1C, E8, DC, 00, 00, 00, 59, E8... 
[+]

Entropy:

7.9087 (probably packed)

Code size:

103 KB (105,472 bytes)

Remove gj.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.