File Name | sample.mlw |
File Type |
PE32 executable (GUI) Intel 80386, for MS Windows
|
Scanner Version | 1.0.182.174 |
Database Version | 2024-07-16 05:00:16 UTC |
Malware family: STOP/Djvu
Hash Type | Value | Action |
---|---|---|
MD5 |
b6acef912b67bdaa8e568ab3c89f93df
|
|
SHA1 |
f11ec9ab98cdeca9f4ff4f7f536a7b686afa836f
|
|
SHA256 |
1d1a38cc4675a88f82d160130632437455ea085e10a4c17a006d6431ab9d85f5
|
|
SHA512 |
34194c8d8462b7217072d7a0f5fc30c2a1d10a93fac6ba16c0e1ff5389797982e001c9307fefc97b4ae5a87afc2e5ab2b8ab1158d893e301c7b940ada0f10a7b
|
|
ImpHash |
f444f4b23daa661cebb35517c7e0cdb5
|
Icon |
Hash: 22349136012be236df9b52556ca5eca8
Fuzzy: 1d61926d80b3e99b90000f7b674e6299 dHash: bce9f6f2e0c4ebf4 |
Image Base | 0x00400000 |
Entry Point | 0x00404a34 |
Compilation Time | 2023-04-22 21:03:17 |
Checksum | 0x000bd07e (Actual: 0x000bd07e) |
OS Version | 5.1 |
PEiD Signatures |
PE32 executable (GUI) Intel 80386, for MS Windows
|
Digital Signature | The PE file does not contain a certificate table. |
Imports |
2 libraries
KERNEL32, USER32 |
Exports | 0 functions |
Resources | 19 Resources |
Sections | 6 Sections |
FileVersions | 2.76.74.12 |
InternalName | Heat |
FileDescription | SeelsLike |
LegalCopyright | Copyright (C) 2023, Nabisradig |
OriginalFilenames | Odlasig |
ProductName | Porezot |
ProductVersions | 75.98.42.52 |
Translation | 0x0f7f 0x041e |
Name | Virtual Address | Virtual Size | Raw Size | Entropy | Characteristics | MD5 |
---|---|---|---|---|---|---|
.text |
0x00001000 |
656,735 bytes | 656,896 bytes | 7.97 (Packed/Encrypted) |
IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ
|
044AE8D2F1538BDE2994F9C418162E09 |
.rdata |
0x000a2000 |
20,010 bytes | 20,480 bytes | 4.89 (Normal) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ
|
29E76C54D377370D4A89EDC3322C2027 |
.data |
0x000a7000 |
29,689,892 bytes | 48,128 bytes | 0.55 (Normal) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE
|
FADD59990CA21992D25D7016639B9607 |
.huhur |
0x01cf8000 |
1,024 bytes | 1,024 bytes | 0.00 (Normal) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ
|
0F343B0931126A20F133D67C2B018A3B |
.rom |
0x01cf9000 |
6,214 bytes | 6,656 bytes | 0.00 (Normal) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ
|
3C63825015AABD810674F44AFAC6D12B |
.rsrc |
0x01cfb000 |
32,088 bytes | 32,256 bytes | 4.06 (Normal) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ
|
EDFF40C7C9709761B88BBE54E9DADB87 |
1 section(s) with high entropy (≥7.5) detected - possible packing/encryption
Resource Type | Count | Total Size | Percentage |
---|---|---|---|
RT_CURSOR | 8 | 15,184 bytes | |
RT_ICON | 3 | 12,504 bytes | |
RT_STRING | 2 | 2,384 bytes | |
RT_ACCELERATOR | 1 | 72 bytes | |
RT_GROUP_CURSOR | 3 | 130 bytes | |
RT_GROUP_ICON | 1 | 48 bytes | |
RT_VERSION | 1 | 652 bytes |
This file is not digitally signed.
⚠ This file either lacks a digital signature or the certificate chain could not be verified
Exercise caution when executing unsigned files from unknown sources
The PE file does not contain a certificate table.
Recommendation: Verify the file source and ensure it comes from a trusted publisher.
Gridinsoft has the capability to identify and eliminate Ransom.Win32.STOP.tr without requiring further user intervention.
Download Anti-MalwareFollow these steps to completely remove the threat from your system