| File Name | GotoHTTP_x64.exe |
| File Type |
PE32+ executable (GUI) x86-64, for MS Windows
|
| Scanner Version | 1.0.195.174 |
| Database Version | 2024-11-01 15:00:29 UTC |
Malware family: STOP/Djvu
| Hash Type | Value | Action |
|---|---|---|
| MD5 |
f4ea4e9b8017b5edd392b7416bd390af
|
|
| SHA1 |
db5f5c4358c295aa32f5a7d62869b21f9fe45e43
|
|
| SHA256 |
230b84398e873938bbcc7e4a1a358bde4345385d58eb45c1726cee22028026e9
|
|
| SHA512 |
c96567515959026017bd2253f2ff61e9fdd6662a6b813c8843219ad11bd7366ae5582192bf86bd528bb839349b90f1f3f0c58f8684b9b568bc15f50a9174bd2b
|
|
| ImpHash |
68474882704138e677b9350eb7d5a5e3
|
| Icon |
Hash: 71626004a4b3a0167aab5abfb0a036ab
Fuzzy: 3f9b8131aea512982e3be3712ae3ac6e dHash: 00d4e8d0f0f0f068 |
| Image Base | 0x140000000 |
| Entry Point | 0x1401e80f4 |
| Compilation Time | 2024-05-11 01:53:25 |
| Checksum | 0x0030ed02 (Actual: 0x0030ed02) |
| OS Version | 5.2 |
| PEiD Signatures |
PE32+ executable (GUI) x86-64, for MS Windows
|
| Digital Signature | OK |
| Imports |
9 libraries
WS2_32, KERNEL32, USER32, GDI32, ADVAPI32, SHELL32, ole32, OLEAUT32, USERENV |
| Exports | 0 functions |
| Resources | 44 Resources |
| Sections | 7 Sections |
| CompanyName | Pingbo Inc |
| FileDescription | GotoHTTP |
| FileVersion | 10.2.0.1925 |
| InternalName | GotoHTTP |
| LegalCopyright | Copyright 2018-2024 Pingbo Inc |
| OriginalFilename | GotoHTTP.exe |
| ProductName | GotoHTTP |
| ProductVersion | 10.2.0.1925 |
| Translation | 0x0409 0x04b0 |
| Name | Virtual Address | Virtual Size | Raw Size | Entropy | Characteristics | MD5 |
|---|---|---|---|---|---|---|
.text |
0x00001000 |
2,319,718 bytes | 2,319,872 bytes | 6.72 (Compressed) |
IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ
|
6CE8F035C8600AD0ECD00BA2D13B6BC9 |
.rodata |
0x00238000 |
2,336 bytes | 2,560 bytes | 4.05 (Normal) |
IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ
|
75457CFD7411AF09C4B4E317376E93AF |
.rdata |
0x00239000 |
651,416 bytes | 651,776 bytes | 5.45 (Normal) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ
|
9F5D5AD62CC67A43BCB5C46E7108AFF1 |
.data |
0x002d9000 |
56,264 bytes | 39,936 bytes | 4.15 (Normal) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE
|
801E9A71BAF38235FA3AFC637377D706 |
.pdata |
0x002e7000 |
87,252 bytes | 87,552 bytes | 6.17 (Normal) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ
|
EF63FF0A9AA2BDD9917BE574A05B4EB8 |
.rsrc |
0x002fd000 |
27,844 bytes | 28,160 bytes | 4.41 (Normal) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ
|
E35CD6F65FCE21534D6BB745E69291AB |
.reloc |
0x00304000 |
17,158 bytes | 17,408 bytes | 3.69 (Normal) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ
|
A96025CE7D23EBA4351A5C2F2DBDD434 |
1 section(s) with elevated entropy (≥6.5) - possible compression
| Resource Type | Count | Total Size | Percentage |
|---|---|---|---|
| AFX_DIALOG_LAYOUT | 1 | 2 bytes | |
| RT_ICON | 10 | 10,960 bytes | |
| RT_MENU | 2 | 814 bytes | |
| RT_DIALOG | 8 | 4,500 bytes | |
| RT_STRING | 14 | 7,810 bytes | |
| RT_ACCELERATOR | 1 | 112 bytes | |
| RT_GROUP_ICON | 6 | 176 bytes | |
| RT_VERSION | 1 | 724 bytes | |
| RT_MANIFEST | 1 | 631 bytes |
This file is not digitally signed.
⚠ This file either lacks a digital signature or the certificate chain could not be verified
Exercise caution when executing unsigned files from unknown sources
OK
Gridinsoft has the capability to identify and eliminate Ransom.Win64.STOP.tr!n without requiring further user intervention.
Download Anti-MalwareFollow these steps to completely remove the threat from your system
