home

gongzi.exe

The application gongzi.exe has been detected as a potentially unwanted program by 36 anti-malware scanners.
MD5:
6425268ecc4f88c24e9ccfe5543f7042

SHA-1:
8fd27ba48c4631735a80df974b2865aa53d492bc

SHA-256:
7b45d1684a88f18aa7b50bb3644f1e9864efd3265f398679c3d7ed7d2882027f

Scanner detections:
36 / 68

Status:
Potentially unwanted

Analysis date:
4/25/2024 11:17:39 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Win32.ExplorerHijack.ymGfaWPpphjj
524

Agnitum Outpost
PUA.FloodAd
7.1.1

AhnLab V3 Security
Trojan/Win32.Agent
2015.08.20

Avira AntiVirus
TR/Rogue.135680.28
8.3.1.6

Arcabit
Gen:Win32.ExplorerHijack.ymGfaWPpphjj
1.0.0.425

avast!
Win32:Adware-gen [Adw]
2014.9-150830

AVG
Win32/DH{gRKBExN8gQ4gJCIlO1CBB3lUTxVRgQkcU0Eu}
2016.0.3002

Baidu Antivirus
Trojan.Win32.Banker
4.0.3.15830

Bitdefender
Gen:Win32.ExplorerHijack.ymGfaWPpphjj
1.0.20.1210

Clam AntiVirus
Win.Trojan.Toopu
0.98/21511

Comodo Security
UnclassifiedMalware
23050

Dr.Web
Trojan.DownLoader11.28995
9.0.1.0242

Emsisoft Anti-Malware
Gen:Win32.ExplorerHijack.ymGfaWPpphjj
8.15.08.30.02

ESET NOD32
Win32/Adware.FloodAd.AA (variant)
9.12122

Fortinet FortiGate
W32/Agent.AA!tr.bdr
8/30/2015

F-Prot
W32/Heuristic-KPP
v6.4.7.1.166

F-Secure
Gen:Win32.ExplorerHijack.ymGfaWPpphjj
11.2015-30-08_1

G Data
Gen:Win32.ExplorerHijack.ymGfaWPpphjj
15.8.25

IKARUS anti.virus
Backdoor.MSIL.Agent
t3scan.1.9.5.0

K7 AntiVirus
Adware
13.2016945

Kaspersky
Trojan-Banker.Win32.Agent
14.0.0.1504

McAfee
Artemis!6425268ECC4F
5600.6658

Microsoft Security Essentials
VirTool:Win32/Injector.gen!BB
1.1.11903.0

MicroWorld eScan
Gen:Win32.ExplorerHijack.ymGfaWPpphjj
16.0.0.726

NANO AntiVirus
Trojan.Win32.Agent.derngp
0.30.24.3079

nProtect
Backdoor/W32.Agent_Packed.405504.B
15.08.19.01

Panda Antivirus
Trj/Genetic.gen
15.08.30.02

Qihoo 360 Security
Win32/Trojan.f1f
1.0.0.1015

Rising Antivirus
PE:Trojan.Win32.Generic.18E28059!417497177
23.00.65.15828

Sophos
Mal/Emogen-Y
4.98

Total Defense
Win32/PackedBaidu
37.1.62.1

Trend Micro
TROJ_GEN.R047C0FGQ15
10.465.30

Vba32 AntiVirus
Backdoor.MSIL.Agent
3.12.26.4

VIPRE Antivirus
Trojan.Win32.Generic
43046

ViRobot
Trojan.Win32.Agent.405504.Q[h]
2014.3.20.0

Zillya! Antivirus
Trojan.Inject.Win32.85955
2.0.0.2362

File size:
396 KB (405,504 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\windows\temp\gongzi.exe

File PE Metadata
Compilation timestamp:
1/14/2015 7:03:40 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
12288:a0FZl18z2NQ0AKjmvg4gJSCAkYKooopcKx:aY8z2kKjmv/CAkHhopc

Entry address:
0x873B0

Entry point:
60, BE, 00, 50, 42, 00, 8D, BE, 00, C0, FD, FF, 57, 83, CD, FF, EB, 10, 90, 90, 90, 90, 90, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, 0B, 75, 28, 8B, 1E, 83, EE, FC, 11, DB, 72, 1F, 48, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, EB, D4, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, EB, 52, 31, C9, 83, E8, 03, 72, 11, C1, E0, 08, 8A, 06, 46, 83, F0, FF, 74, 75, D1, F8, 89...
 
[+]

Entropy:
7.7926

Packer / compiler:
UPX 2.90LZMA

Code size:
396 KB (405,504 bytes)

Remove gongzi.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.