| File Name | wtsapi32.dll |
| File Type |
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
| Scanner Version | 1.0.185.174 |
| Database Version | 2024-08-18 17:00:15 UTC |
Malware family: GenericMC
| Hash Type | Value | Action |
|---|---|---|
| MD5 |
63fe84db6cb9962e66b18ea693548b6a
|
|
| SHA1 |
8a3bfc360c6000608ac2835aa018dfefdbc6d359
|
|
| SHA256 |
3adab3ec18b35ff15d6624b3d3e5323b68f029d82c0325c9fd0d9d8ce08d5ca4
|
|
| SHA512 |
dee25b7374d57bca19fd7f0ec7c1a13f532601441693fd52619ebd2746656542c49348d5f6b3c23740ba366fbcd8f7f2bc6050afc4db0a40fcbda6322ace0ee3
|
|
| ImpHash |
514fa716c1df07f5658a8902f69c5dab
|
| Image Base | 0x180000000 |
| Entry Point | 0x18005e551 |
| Compilation Time | 2021-03-09 11:14:22 |
| Checksum | 0x000597ef (Actual: 0x000597ef) |
| OS Version | 6.0 |
| PEiD Signatures |
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
| Digital Signature | The PE file does not contain a certificate table. |
| Imports |
2 libraries
KERNEL32, SHLWAPI |
| Exports | 61 functions |
| Resources | 0 Resources |
| Sections | 8 Sections |
| Name | Virtual Address | Virtual Size | Raw Size | Entropy | Characteristics | MD5 |
|---|---|---|---|---|---|---|
.text |
0x00001000 |
71,136 bytes | 0 bytes | 0.00 (Normal) |
IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ
|
D41D8CD98F00B204E9800998ECF8427E |
.rdata |
0x00013000 |
44,790 bytes | 0 bytes | 0.00 (Normal) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ
|
D41D8CD98F00B204E9800998ECF8427E |
.data |
0x0001e000 |
7,672 bytes | 0 bytes | 0.00 (Normal) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE
|
D41D8CD98F00B204E9800998ECF8427E |
.pdata |
0x00020000 |
4,716 bytes | 0 bytes | 0.00 (Normal) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ
|
D41D8CD98F00B204E9800998ECF8427E |
_RDATA |
0x00022000 |
252 bytes | 0 bytes | 0.00 (Normal) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ
|
D41D8CD98F00B204E9800998ECF8427E |
.vmp0 |
0x00023000 |
66,078 bytes | 0 bytes | 0.00 (Normal) |
IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE
|
D41D8CD98F00B204E9800998ECF8427E |
.vmp1 |
0x00034000 |
334,136 bytes | 334,336 bytes | 7.31 (Compressed) |
IMAGE_SCN_CNT_CODE|IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE
|
E4974807A0978B80C11BEFACA610EFFC |
.reloc |
0x00086000 |
148 bytes | 512 bytes | 2.02 (Normal) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ
|
B0C07067CBC0BB4A6BC6AFE7190A663B |
1 section(s) with elevated entropy (≥6.5) - possible compression
This file is not digitally signed.
⚠ This file either lacks a digital signature or the certificate chain could not be verified
Exercise caution when executing unsigned files from unknown sources
The PE file does not contain a certificate table.
Recommendation: Verify the file source and ensure it comes from a trusted publisher.
Gridinsoft has the capability to identify and eliminate Malware.Win64.GenericMC.cc without requiring further user intervention.
Download Anti-MalwareFollow these steps to completely remove the threat from your system
