» gzip.exe
Overview
Analysis
File Details

gzip.exe

The executable gzip.exe has been detected as malware by 15 anti-virus scanners.

File name:

gzip.exe

MD5:

e295011dec79e27ce28a3d14082d55b4

SHA-1:

a922fbdc3abc5acad7420708e9de7f2c544837e1

SHA-256:

785f45f3f5a7ac1b54df25d59c52d656d9fc368927885812772b25a57aa1a2e4

Scanner detections:

15 / 68

Status:

Malware

Analysis date:

4/19/2024 4:25:37 AM UTC (today)

Scan engine

Detection

Engine version

Avira AntiVirus

W95/CIH

7.11.93.232

avast!

Win32:CIH-G@dam

2014.9-140423

AVG

Win32/Small

2015.0.3495

Bitdefender

Win95.CIH.299

1.0.20.565

Comodo Security

UnclassifiedMalware

16674

Emsisoft Anti-Malware

Win95.CIH.299

8.14.04.23.09

Fortinet FortiGate

PossibleThreat.w

4/23/2014

F-Secure

Win95.CIH.299

11.2014-23-04_4

G Data

Win95.CIH.299

14.4.22

IKARUS anti.virus

Trojan.Win9x.FlashKiller

t3scan.2.0.3.0

K7 AntiVirus

Trojan

13.170.9132

MicroWorld eScan

Win95.CIH.299

15.0.0.339

Norman

Suspicious_Gen2.XQMV

11.20140423

Panda Antivirus

Trj/CI.A

14.04.23.09

VIPRE Antivirus

Trojan.Win32.Generic

19992

File size:

51.5 KB (52,736 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\Windows\System32\gzip.exe

File PE Metadata

Compilation timestamp:

12/7/1996 9:37:22 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows Console

Linker version:

2.55

CTPH (ssdeep):

768:41UZMMEC78qPXJulJheFMp7TmagfwZ2GoKmqE4w28ucSH+OtfEsgktQzz:oCwGslJhiMZmagfwZ2GoN9SH+OysF

Entry address:

0x1000

Entry point:

55, 89, E5, 83, 3D, 00, E0, 45, 00, 00, 74, 01, CC, E8, CE, B3, 00, 00, C9, C3, 20, 20, 20, 46, 6F, 75, 6E, 64, 61, 74, 69, 6F, 6E, 2C, 20, 49, 6E, 63, 2E, 2C, 20, 36, 37, 35, 20, 4D, 61, 73, 73, 20, 41, 76, 65, 2C, 20, 43, 61, 6D, 62, 72, 69, 64, 67, 65, 2C, 20, 4D, 41, 20, 30, 32, 31, 33, 39, 2C, 20, 55, 53, 41, 2E, 00, 20, 20, 20, 61, 6C, 6F, 6E, 67, 20, 77, 69, 74, 68, 20, 74, 68, 69, 73, 20, 70, 72, 6F, 67, 72, 61, 6D, 3B, 20, 69, 66, 20, 6E, 6F, 74, 2C, 20, 77, 72, 69, 74, 65, 20, 74, 6F, 20, 74, 68... 
[+]

Entropy:

6.3356

Code size:

46 KB (47,104 bytes)

Remove gzip.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.