RDR2Upscaler.org Trojan Heuristic Analysis

Trojan Heuristic

Updated on 2024-09-18 (2 days ago)

Online Virus Checker	v.1.0.189.174
DB Version:	2024-09-18 21:00:22

Trojan.Heur!.02292022

The "Heur" stands for "heuristic," which means we use a set of rules, algorithms, or behavioral analysis to detect potential threats that may not have a specific, known signature. It's a proactive approach to identifying suspicious behavior or code patterns that could indicate the presence of a Trojan or other malware. The file's behavior or characteristics triggered the heuristic analysis as potentially malicious. However, it doesn't necessarily confirm that the file is indeed a Trojan. It could be a false positive, where a legitimate program exhibits behavior that resembles malicious activity.

File	RDR2Upscaler.org
Checked	2024-09-18 18:49:14
MD5	9b42f1265c2f2cbcc34ddc12f12c5e85
SHA1	fe8e1fab21eeb4f5a53847787c919f59e6cb0082
SHA256	2e59ea10fbc9487c681a767dd5ae4f5f98873628d8520b78103467c77789a93b
SHA512	8a62bbc8fb36fdeffdfbf22ff0744e713fc3870beadfb8a889b33fa4c56dfea30152c2d16af211b7fecd371d4ba5f1313c4c77c1424c4b489e4baac55a9802e5
Imphash	87c9aef416aabb9e5b134a252e694b2c
File Size	7251456 bytes

Trojan.Heur!.02292022 Removal

Gridinsoft has the capability to identify and eliminate Trojan.Heur!.02292022 without requiring further user intervention.

Start by downloading Gridinsoft Anti-Malware to your computer.
Double-click on the gsam-en-install.exe file and follow the on-screen instructions to install the program.
Once the installation of Gridinsoft Anti-Malware is complete, the program will open on the Scan screen.
Click on the "Standard Scan" button.
After the scanning process is finished, click on "Clean Now" to remove any detected threats.
If prompted, restart your system to complete the removal process.

File Version Information

CompanyName	PureDark
FileDescription	RDR2Upscaler
FileVersion	1.0.0.0
InternalName	RDR2Upscaler
LegalCopyright	MIT License
ProductName	RDR2Upscaler
ProductVersion	1.0.0.0
Translation	0x0409 0x04b0

Portable Executable Info

Image Base:	0x180000000
Entry Point:	0x18096aa17
Compilation:	2024-01-22 16:04:25
Checksum:	0x00000000 (Actual: 0x006f74b9)
OS Version:	6.0
PEiD:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Sign:	The PE file does not contain a certificate table.
Sections:	9
Imports:	WS2_32, ADVAPI32, ntdll, bcrypt, KERNEL32, USER32, MSVCP140, IMM32, D3DCOMPILER_47, VCRUNTIME140_1, VCRUNTIME140, api-ms-win-crt-heap-l1-1-0, api-ms-win-crt-runtime-l1-1-0, api-ms-win-crt-multibyte-l1-1-0, api-ms-win-crt-stdio-l1-1-0, api-ms-win-crt-convert-l1-1-0, api-ms-win-crt-string-l1-1-0, api-ms-win-crt-math-l1-1-0, api-ms-win-crt-utility-l1-1-0, api-ms-win-crt-time-l1-1-0, api-ms-win-crt-filesystem-l1-1-0,
Exports:	24
Resources:	2

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Entropy
.text	0x00001000	0x002fc197	0x00000000	d41d8cd98f00b204e9800998ecf8427e	0.00
.rdata	0x002fe000	0x0017a2e4	0x00000000	d41d8cd98f00b204e9800998ecf8427e	0.00
.data	0x00479000	0x00005758	0x00000000	d41d8cd98f00b204e9800998ecf8427e	0.00
.pdata	0x0047f000	0x000265e0	0x00000000	d41d8cd98f00b204e9800998ecf8427e	0.00
.xLH	0x004a6000	0x00371338	0x00000000	d41d8cd98f00b204e9800998ecf8427e	0.00
.hTt	0x00818000	0x0000103c	0x00001200	ee98a91fedc8519c74f828bd48485e6f	2.52
.L_u	0x0081a000	0x006e8758	0x006e8800	f422ff1f9aaec86a0addd4ec36201952	7.92
.reloc	0x00f03000	0x000000e4	0x00000200	6861e862ba3d537a0a9e7468cf37665a	2.24
.rsrc	0x00f04000	0x0000048d	0x00000600	266f4b08e7544ee61104e630b9553a76	3.44