| File Name | sslscan.exe |
| File Type |
PE32+ executable (console) x86-64 (stripped to external PDB), for MS Windows
|
| Scanner Version | 1.0.147.174 |
| Database Version | 2023-11-21 00:02:31 UTC |
Malware family: STOP/Djvu
| Hash Type | Value | Action |
|---|---|---|
| MD5 |
8510b458e8a7b33c2e923bbc55b7abad
|
|
| SHA1 |
c209727d527bac6e09786a892457fcb39033aa7d
|
|
| SHA256 |
51f07449bbbfb85e5ec4f13a88afd284a5edcfbd1fd684488dd6ea49d57cc681
|
|
| SHA512 |
83b86f7fad1809040b33f4db1df39bc1627beb74de88d0d1019bb25d12f879b1fc63fde872704af1aff20cd54e3d2f39ebc26eb746f06be7f041231266f2c02f
|
|
| ImpHash |
e759ba0fac3debb63c186cfd6eee2dcf
|
| Image Base | 0x140000000 |
| Entry Point | 0x1400014d0 |
| Compilation Time | 1970-01-01 00:00:00 |
| Checksum | 0x00495d77 (Actual: 0x00495d77) |
| OS Version | 4.0 |
| PEiD Signatures |
PE32+ executable (console) x86-64 (stripped to external PDB), for MS Windows
|
| Digital Signature | The PE file does not contain a certificate table. |
| Imports |
6 libraries
ADVAPI32, CRYPT32, KERNEL32, msvcrt, USER32, WS2_32 |
| Exports | 0 functions |
| Resources | 0 Resources |
| Sections | 11 Sections |
| Name | Virtual Address | Virtual Size | Raw Size | Entropy | Characteristics | MD5 |
|---|---|---|---|---|---|---|
.text |
0x00001000 |
3,575,592 bytes | 3,575,808 bytes | 6.56 (Compressed) |
IMAGE_SCN_CNT_CODE|IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ
|
7C56874D3605E1BE41801CC109845E46 |
.data |
0x0036a000 |
65,824 bytes | 66,048 bytes | 3.45 (Normal) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE
|
EE8A4B32E78CE2A065AFC4BF25501145 |
.rdata |
0x0037b000 |
832,928 bytes | 833,024 bytes | 5.13 (Normal) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ
|
7E56418F6B7047B8B3643D83548AB442 |
/4 |
0x00447000 |
4 bytes | 512 bytes | 0.00 (Normal) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE
|
BF619EAC0CDF3F68D496EA9344137E8B |
.pdata |
0x00448000 |
129,084 bytes | 129,536 bytes | 6.31 (Normal) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ
|
8F207E322E9A163D575CE710BB4DD004 |
.xdata |
0x00468000 |
137,652 bytes | 137,728 bytes | 4.34 (Normal) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ
|
BC01D923CBDBB527B95C7E1519FBA226 |
.bss |
0x0048a000 |
15,472 bytes | 0 bytes | 0.00 (Normal) |
IMAGE_SCN_CNT_UNINITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE
|
D41D8CD98F00B204E9800998ECF8427E |
.idata |
0x0048e000 |
7,864 bytes | 8,192 bytes | 4.48 (Normal) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE
|
ED23D12757B65929D6C3973C35069B9E |
.CRT |
0x00490000 |
96 bytes | 512 bytes | 0.32 (Normal) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE
|
01E3BB95FB5C6A135F37892EA44ED196 |
.tls |
0x00491000 |
16 bytes | 512 bytes | 0.00 (Normal) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE
|
BF619EAC0CDF3F68D496EA9344137E8B |
.reloc |
0x00492000 |
38,964 bytes | 39,424 bytes | 5.43 (Normal) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ
|
4DE82E521B9FB8079A2235C2AD633BA8 |
1 section(s) with elevated entropy (≥6.5) - possible compression
This file is not digitally signed.
⚠ This file either lacks a digital signature or the certificate chain could not be verified
Exercise caution when executing unsigned files from unknown sources
The PE file does not contain a certificate table.
Recommendation: Verify the file source and ensure it comes from a trusted publisher.
Gridinsoft has the capability to identify and eliminate Ransom.Win64.STOP.dg!se20444 without requiring further user intervention.
Download Anti-MalwareFollow these steps to completely remove the threat from your system
