Trojan 02212023 Malware Analysis
| Online Virus Checker | v.1.0.139.174 |
| DB Version: | 2023-09-24 01:01:57 |
| Available languages: |        |
Scan Your File
Analyze suspicious files to detect malware and automatically share them with our team. You can compress your file into a zip archive (if needed, we use the password "infected" to extract before checking).
Trojan.Heur!.02212023
The "Heur" stands for "heuristic," which means we use a set of rules, algorithms, or behavioral analysis to detect potential threats that may not have a specific, known signature. It's a proactive approach to identifying suspicious behavior or code patterns that could indicate the presence of a Trojan or other malware. The file's behavior or characteristics triggered the heuristic analysis as potentially malicious. However, it doesn't necessarily confirm that the file is indeed a Trojan. It could be a false positive, where a legitimate program exhibits behavior that resembles malicious activity.
| Checked: | 2023-09-23 23:55:58 |
| MD5: | b5afa4d6d11a826a5c52300397cbf9aa |
| SHA1: | 17fe6b6ffbf401b20665be0c7804d3df4e71db26 |
| SHA256: | 5a808278a9603c26259d6059af947be646dd255db2a1d68129a8257d513da49e |
| SHA512: | d96967d6d5ea42d86478a72fc57832eb1558bcbd080a7450537e5d1749f3db5cd69f92699739d790568364a5b787b8da836b56fabc9562770ba0d70e2764ffef |
| Imphash: | c269743ebbb3816fe656e57159e214ad |
| File Size: | 8545792 bytes |
Trojan.Heur!.02212023 Removal
Gridinsoft has the capability to identify and eliminate Trojan.Heur!.02212023 without requiring further user intervention.
- Start by downloading Gridinsoft Anti-Malware to your computer.
- Double-click on the gsam-en-install.exe file and follow the on-screen instructions to install the program.
- Once the installation of Gridinsoft Anti-Malware is complete, the program will open on the Scan screen.
- Click on the "Standard Scan" button.
- After the scanning process is finished, click on "Clean Now" to remove any detected threats.
- If prompted, restart your system to complete the removal process.
Portable Executable Info
 |
259182f47396ccf28ecb937ee40e4b9f 95aade6daf1fc167d2edf07d74a19aa8 1c401c78dad06008 |
| Image Base: | 0x140000000 |
| Entry Point: | 0x140b8dbc4 |
| Compilation: | 2023-09-23 01:01:37 |
| Checksum: | 0x00000000 (Actual: 0x00834e80) |
| OS Version: | 6.0 |
| PEiD: | PE32+ executable (GUI) x86-64, for MS Windows |
| Sign: | The PE file does not contain a certificate table. |
| Sections: | 11 |
| Imports: | d3d9, d3dx9_43, KERNEL32, USER32, GDI32, ADVAPI32, IMM32, bcrypt, WS2_32, CRYPT32, |
| Exports: | 0 |
| Resources: | 3 |
Sections
| Name | Virtual Address | Virtual Size | Raw Size | MD5 | Entropy |
|---|---|---|---|---|---|
| .text | 0x00001000 | 0x0014d178 | 0x00000000 | d41d8cd98f00b204e9800998ecf8427e | 0.00 |
| .rdata | 0x0014f000 | 0x00078f28 | 0x00000000 | d41d8cd98f00b204e9800998ecf8427e | 0.00 |
| .data | 0x001c8000 | 0x0001ef7c | 0x00000000 | d41d8cd98f00b204e9800998ecf8427e | 0.00 |
| .pdata | 0x001e7000 | 0x0000f9fc | 0x00000000 | d41d8cd98f00b204e9800998ecf8427e | 0.00 |
| _RDATA | 0x001f7000 | 0x0000015c | 0x00000000 | d41d8cd98f00b204e9800998ecf8427e | 0.00 |
| .lPz | 0x001f8000 | 0x00000100 | 0x00000200 | 9ce9ac2659b189125c8cbc843bcab5b4 | 0.63 |
| .<)_ | 0x001f9000 | 0x003d7884 | 0x00000000 | d41d8cd98f00b204e9800998ecf8427e | 0.00 |
| .6;v | 0x005d1000 | 0x00000b20 | 0x00000c00 | a8d5c89135c142d1de83e6a4f01bebf4 | 2.41 |
| .&U: | 0x005d2000 | 0x0082425c | 0x00824400 | 29aef280ef36b9fabff64586720a67c9 | 7.86 |
| .reloc | 0x00df7000 | 0x00000104 | 0x00000200 | 6cdc9da0054a7d5f87657518ed7d58de | 2.36 |
| .rsrc | 0x00df8000 | 0x00000d18 | 0x00000e00 | 37f07147273fcfe0cc1740b37dc5c296 | 7.18 |
