» gtghv.exe
Overview
Analysis
File Details

gtghv.exe

Because Little

David Harris

The executable gtghv.exe has been detected as malware by 29 anti-virus scanners.

File name:

gtghv.exe

Publisher:

Down Moment (signed by David Harris)

Product:

Because Little

Description:

BehindSing

Version:

143.99.37.155

MD5:

e4d464cced29f8f37bae8b12ecb9e75a

SHA-1:

cf95eed39f916b54716bb0af76b3836ce9a5bb4c

SHA-256:

a339cbec2fbb186c054641394e2ecbc5287c911578124a9b22eab3612d1027e2

Scanner detections:

29 / 68

Status:

Malware

Analysis date:

4/19/2024 8:38:31 AM UTC (today)

Scan engine

Detection

Engine version

Agnitum Outpost

Trojan.Agent

7.1.1

AhnLab V3 Security

Malware/Win32.Generic

2015.11.10

Avira AntiVirus

TR/Special.446648

8.3.2.2

Arcabit

Trojan.Generic.DE2AED4

1.0.0.593

avast!

Win32:Trojan-gen

2014.9-161014

AVG

MSIL8

2017.0.2591

Baidu Antivirus

Trojan.MSIL.Agent

4.0.3.161014

Bitdefender

Trojan.Generic.14855892

1.0.20.1440

Bkav FE

HW32.Packed

1.3.0.7383

Emsisoft Anti-Malware

Trojan.Generic.14855892

8.16.10.14.09

ESET NOD32

MSIL/Agent.ABP

10.12541

Fortinet FortiGate

MSIL/Injector.KTI!tr

10/14/2016

F-Secure

Trojan.Generic.14855892

11.2016-14-10_6

G Data

Trojan.Generic.14855892

16.10.25

IKARUS anti.virus

Trojan.MSIL.Agent

t3scan.1.9.5.0

K7 AntiVirus

Riskware

13.212.17797

Kaspersky

Trojan.MSIL.Agent

14.0.0.-552

McAfee

RDN/Generic.dx

5600.6247

Microsoft Security Essentials

Trojan:Win32/Skeeyah.A!bit

1.1.12205.0

MicroWorld eScan

Trojan.Generic.14855892

17.0.0.864

NANO AntiVirus

Trojan.Win32.Agent.dudfkk

0.30.26.4437

nProtect

Trojan.Generic.14855892

15.11.09.01

Panda Antivirus

Trj/Chgt.O

16.10.14.09

Quick Heal

Trojan.Skeeyah.r3

10.16.14.00

Rising Antivirus

PE:Trojan.Win32.Generic.18E638D5!417741013 [F]

23.00.65.161012

Sophos

Mal/Generic-S

4.98

Trend Micro

TROJ_GEN.R01TC0DGQ15

10.465.14

VIPRE Antivirus

Trojan.Win32.Generic

45126

Zillya! Antivirus

Trojan.Agent.Win32.557321

2.0.0.2500

File size:

436.2 KB (446,648 bytes)

Product version:

143.99.37.155

Original file name:

Because Little.exe

File type:

Executable application (Win32 EXE)

Language:

Language Neutral

Common path:

C:\users\{user}\appdata\local\temp\gtghv.exe

Digital Signature

Signed by:

David Harris

Authority:

COMODO CA Limited

Valid from:

10/5/2011 5:00:00 PM

Valid to:

10/5/2016 4:59:59 PM

Subject:

CN=David Harris, O=David Harris, STREET=P.O. Box 5451, STREET=Moray Place, L=Dunedin, S=Otago, PostalCode=9058, C=NZ

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

00BCD94845DBDC47BCFB82F9D3CD061861

File PE Metadata

Compilation timestamp:

2/18/2007 10:28:54 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

.NET CLR dependent:

Yes

CTPH (ssdeep):

6144:amcaV711pBOE4x3zbmdyQYw5aIKda5agBGjskwezhxhXoKzk/WZSsf0UdF3T0H:a6nBOEGmIZEaigJOezDhXoK4uvjO

Entry address:

0x6CBDE

Entry point:

FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 02, 00, 10, 00, 00, 00, 20, 00, 00, 80, 18, 00, 00, 00, 50, 00, 00, 80, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 01, 00, 01, 00, 00, 00, 38, 00, 00, 80, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 01, 00, 00, 00, 00, 00, 80, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00... 
[+]

Entropy:

6.9926

Developed / compiled with:

Microsoft Visual C# / Basic .NET

Code size:

427 KB (437,248 bytes)

Remove gtghv.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.