home

Gravity3.exe

Gravity3

RoeiBajayo

The executable Gravity3.exe has been detected as malware by 14 anti-virus scanners. This is a setup program which is used to install the application. This trojon will perform a number of actions that will compromise a PC including changing protected system registry values, hiding in protected operating system locations and downloading and installing additional malware. The file has been seen being downloaded from www.mygravity.net.
Publisher:
RoeiBajayo

Product:
Gravity3

Version:
3.2.1.0

MD5:
a3fd71516e2079c2f4c3790399bcd898

SHA-1:
05a4ecdf746989e9f9b7d860d3534df8b62ace88

SHA-256:
ad93227ed63aeb548a305abd2a281cb0db6635e8d156de41eaf5fe6259e7f08a

Scanner detections:
14 / 68

Status:
Malware

Analysis date:
5/13/2024 8:39:04 AM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
Trojan.Rettesser
7.1.1

Comodo Security
UnclassifiedMalware
21941

Fortinet FortiGate
W32/Rettesser.MS!tr
5/1/2015

IKARUS anti.virus
Trojan.Win32.Malagent
t3scan.1.8.9.0

McAfee
Artemis!A3FD71516E20
5600.6779

Microsoft Security Essentials
Trojan:Win32/Malagent!gmb
1.1.11602.0

Norman
Suspicious_Gen2.RPDIQ
11.20150501

Qihoo 360 Security
Win32/Trojan.495
1.0.0.1015

Sophos
Mal/Generic-S
4.98

Trend Micro House Call
TROJ_GEN.R047C0DC315
7.2.121

Trend Micro
TROJ_GEN.R047C0DC315
10.465.01

Vba32 AntiVirus
Trojan.Rettesser
3.12.26.3

VIPRE Antivirus
Trojan.Win32.Generic
39804

ViRobot
Trojan.Win32.S.Rettesser.1656664[h]
2014.3.20.0

File size:
1.6 MB (1,656,664 bytes)

Product version:
3.2.1.0

Copyright:
Copyright © RoeiBajayo

Original file name:
Gravity3.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\Program Files\roeibajayo\gravity 3\gravity3.exe

File PE Metadata
Compilation timestamp:
6/20/1992 1:22:17 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
49152:ApTTTTTTTTTTTTrTTTTTTTTTTTTP0Nyqh2tBSFw5cleCsGrq1ih724:ApTTTTTTTTTTTTrTTTTTTTTTTTTP0Nym

Entry address:
0x21104

Entry point:
55, 8B, EC, B9, 0F, 00, 00, 00, 6A, 00, 6A, 00, 49, 75, F9, 51, 53, 56, 57, B8, 04, 10, 42, 00, E8, 53, 4E, FE, FF, 33, C0, 55, 68, 21, 14, 42, 00, 64, FF, 30, 64, 89, 20, 68, 00, 7F, 00, 00, 6A, 00, E8, 95, 50, FE, FF, 50, E8, 7F, 50, FE, FF, A3, FC, 48, 42, 00, 68, 8A, 7F, 00, 00, 6A, 00, E8, 7E, 50, FE, FF, 50, E8, 68, 50, FE, FF, 8B, D8, A1, C0, 3C, 42, 00, 83, 38, 00, 74, 0A, 8B, 35, C0, 3C, 42, 00, 8B, 36, FF, D6, 8D, 55, EC, B8, 38, 14, 42, 00, E8, D5, FD, FF, FF, 8B, 45, EC, BA, 58, 14, 42, 00, E8...
 
[+]

Entropy:
7.6517

Developed / compiled with:
Microsoft Visual C++

Code size:
129.5 KB (132,608 bytes)

The file Gravity3.exe has been seen being distributed by the following URL.

http://www.mygravity.net/.../gravity3.exe

Remove Gravity3.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.