Heshanv15.exe Trojan Downloader Analysis
| Online Virus Checker | v.1.0.183.174 |
| DB Version: | 2024-07-25 12:00:16 |
Trojan.Win32.Downloader.mz!n
Downloader designed to download and install additional malware onto an infected computer or device. Unlike standalone trojans, downloader trojans do not have a wide range of malicious functions themselves; instead, they serve as a means to deliver other malware onto a victim's system.
| File | Heshanv15.exe |
| Checked | 2024-07-25 09:32:01 |
| MD5 | 54a485c35f885e4dcf468ce0ab98c3b0 |
| SHA1 | c5480dcea813623551b819f60bc7bb5fb0ae2ebd |
| SHA256 | 442a2c938bd24b8333eea6e15beb7b96b76926cfddfc93034650cd1c0d6b3c2e |
| SHA512 | 0758103b6e77d94de8fef79efac6b99b1a6986d1a5d4ad93f685b5759e4ff6bc198c2f8601e2cfdfbeaefbb41a0b2a0598abfb74f88a26c6291198d3b4c8e9aa |
| Imphash | 332f7ce65ead0adfb3d35147033aabe9 |
| File Size | 7927808 bytes |
Trojan.Win32.Downloader.mz!n Removal
Gridinsoft has the capability to identify and eliminate Trojan.Win32.Downloader.mz!n without requiring further user intervention.
- Start by downloading Gridinsoft Anti-Malware to your computer.
- Double-click on the gsam-en-install.exe file and follow the on-screen instructions to install the program.
- Once the installation of Gridinsoft Anti-Malware is complete, the program will open on the Scan screen.
- Click on the "Standard Scan" button.
- After the scanning process is finished, click on "Clean Now" to remove any detected threats.
- If prompted, restart your system to complete the removal process.
File Version Information
| CompanyName | Synaptics |
| FileDescription | Synaptics Pointing Device Driver |
| FileVersion | 1.0.0.4 |
| InternalName | |
| LegalCopyright | |
| LegalTrademarks | |
| OriginalFilename | |
| ProductName | Synaptics Pointing Device Driver |
| ProductVersion | 1.0.0.0 |
| Comments | |
| Translation | 0x041f 0x04e6 |
Portable Executable Info
 |
be25fd33ed50448b315e1381df18ddc8 b0d91554e8fc89708b4b2b08084e6e72 5169e8d46871e254 |
| Image Base: | 0x00400000 |
| Entry Point: | 0x0049ab80 |
| Compilation: | 1992-06-19 22:22:17 |
| Checksum: | 0x00000000 (Actual: 0x00792ddb) |
| OS Version: | 4.0 |
| PEiD: | PE32 executable (GUI) Intel 80386, for MS Windows |
| Sign: | The PE file does not contain a certificate table. |
| Sections: | 8 |
| Imports: | kernel32, user32, advapi32, oleaut32, version, gdi32, ole32, comctl32, shell32, wininet, wsock32, netapi32, |
| Exports: | 0 |
| Resources: | 62 |
Sections
| Name | Virtual Address | Virtual Size | Raw Size | MD5 | Entropy |
|---|---|---|---|---|---|
| CODE | 0x00001000 | 0x00099bec | 0x00099c00 | 33fbe30e8a64654287edd1bf05ae7c8c | 6.57 |
| DATA | 0x0009b000 | 0x00002e54 | 0x00003000 | 1f5e19e7d20c1d128443d738ac7bc610 | 4.85 |
| BSS | 0x0009e000 | 0x000011e5 | 0x00000000 | d41d8cd98f00b204e9800998ecf8427e | 0.00 |
| .idata | 0x000a0000 | 0x00002a42 | 0x00002c00 | 21ff53180b390dc06e3a1adf0e57a073 | 4.92 |
| .tls | 0x000a3000 | 0x00000010 | 0x00000000 | d41d8cd98f00b204e9800998ecf8427e | 0.00 |
| .rdata | 0x000a4000 | 0x00000039 | 0x00000200 | a92cf494c617731a527994013429ad97 | 0.78 |
| .reloc | 0x000a5000 | 0x0000a980 | 0x0000aa00 | dcd1b1c3f3d28d444920211170d1e8e6 | 6.67 |
| .rsrc | 0x000b0000 | 0x006e4f30 | 0x006e5000 | 6fadf9c25b1fdbb3f8d447b783fb9944 | 7.99 |
