File Name | instaII.exe |
File Type |
PE32 executable (GUI) Intel 80386, for MS Windows
|
Scanner Version | 1.0.209.174 |
Database Version | 2025-03-02 01:00:31 UTC |
Malware family: Gen
Hash Type | Value | Action |
---|---|---|
MD5 |
98099292ac1b0f59c50e291da7f5d05c
|
|
SHA1 |
38fbb9aeb808e9c2a6bd0200160908e2e4e2d0a7
|
|
SHA256 |
3bcf8487cbee03221ff01420d41a3cc70efc76f3c2998b3db3e5caf8da1cc7b7
|
|
SHA512 |
cbf562bd4e49d8c1d3b639f98b038fcff2dd67db5fcbc50db2694e5658f623e3b6b44412a8b3c832d65433356e794808245ab978f1a100ff59045a91b1beefe6
|
|
ImpHash |
5a594319a0d69dbc452e748bcf05892e
|
Icon |
Hash: 04c7e800fc1f74858f19570a2fe24c2b
Fuzzy: 2ce6c32178eb8500764df0ce62da48ff dHash: e8e2eae6b696c6cc |
Image Base | 0x00400000 |
Entry Point | 0x004b5eec |
Compilation Time | 2020-09-13 09:00:51 |
Checksum | 0x0126e1c9 (Actual: 0x0130e1fa) |
OS Version | 6.1 |
PEiD Signatures |
PE32 executable (GUI) Intel 80386, for MS Windows
|
Digital Signature | The expected hash does not match the digest in SpcInfo |
Imports |
7 libraries
kernel32, comctl32, version, user32, oleaut32, netapi32, advapi32 |
Exports | 3 functions |
Resources | 21 Resources |
Sections | 10 Sections |
Comments | This installation was built with Inno Setup. |
CompanyName | Bitwar Dll Fixer |
FileDescription | BitwarDllFixer Setup |
FileVersion | 2.1.5.0 |
LegalCopyright | Copyright \xA9 Bitwarsoft Limited All Rights Reserved. |
OriginalFileName | |
ProductName | Bitwar Dll Fixer |
ProductVersion | 2.1.5.0 |
Translation | 0x0000 0x04b0 |
Name | Virtual Address | Virtual Size | Raw Size | Entropy | Characteristics | MD5 |
---|---|---|---|---|---|---|
.text |
0x00001000 |
734,748 bytes | 735,232 bytes | 6.36 (Normal) |
IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ
|
AD6E46E3A3ACDB533EB6A077F6D065AF |
.itext |
0x000b5000 |
5,768 bytes | 6,144 bytes | 5.97 (Normal) |
IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ
|
D40FC822339D01F2ABCC5493AC101C94 |
.data |
0x000b7000 |
14,244 bytes | 14,336 bytes | 5.04 (Normal) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE
|
4C195D5591F6D61265DF08A3733DE3A2 |
.bss |
0x000bb000 |
28,136 bytes | 0 bytes | 0.00 (Normal) |
IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE
|
D41D8CD98F00B204E9800998ECF8427E |
.idata |
0x000c2000 |
3,894 bytes | 4,096 bytes | 4.90 (Normal) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE
|
A73D686F1E8B9BB06EC767721135E397 |
.didata |
0x000c3000 |
420 bytes | 512 bytes | 2.76 (Normal) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE
|
41B8CE23DD243D14BEEBC71771885C89 |
.edata |
0x000c4000 |
154 bytes | 512 bytes | 1.87 (Normal) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ
|
37C1A5C63717831863E018C0F51DABB7 |
.tls |
0x000c5000 |
24 bytes | 0 bytes | 0.00 (Normal) |
IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE
|
D41D8CD98F00B204E9800998ECF8427E |
.rdata |
0x000c6000 |
93 bytes | 512 bytes | 1.38 (Normal) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ
|
8F2F090ACD9622C88A6A852E72F94E96 |
.rsrc |
0x000c7000 |
22,212 bytes | 22,528 bytes | 6.25 (Normal) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ
|
230F47A2CE4CB91C05DA696599A85262 |
Resource Type | Count | Total Size | Percentage |
---|---|---|---|
RT_ICON | 4 | 8,866 bytes | |
RT_STRING | 11 | 8,040 bytes | |
RT_RCDATA | 3 | 768 bytes | |
RT_GROUP_ICON | 1 | 62 bytes | |
RT_VERSION | 1 | 1,412 bytes | |
RT_MANIFEST | 1 | 1,830 bytes |
This file is not digitally signed.
⚠ This file either lacks a digital signature or the certificate chain could not be verified
Exercise caution when executing unsigned files from unknown sources
The expected hash does not match the digest in SpcInfo
Recommendation: Verify the file source and ensure it comes from a trusted publisher.
Gridinsoft has the capability to identify and eliminate Spy.Win32.Gen.tr without requiring further user intervention.
Download Anti-MalwareFollow these steps to completely remove the threat from your system