Please ensure you understand and agree with our data protection policy before using this site. Review Policy
Analyze suspicious files to detect malware and automatically share them with our team. You can compress your file into a zip archive (if needed, we use the password "infected" to extract before checking).
The "Heur" stands for "heuristic," which means we use a set of rules, algorithms, or behavioral analysis to detect potential threats that may not have a specific, known signature. It's a proactive approach to identifying suspicious behavior or code patterns that could indicate the presence of a Trojan or other malware. The file's behavior or characteristics triggered the heuristic analysis as potentially malicious. However, it doesn't necessarily confirm that the file is indeed a Trojan. It could be a false positive, where a legitimate program exhibits behavior that resembles malicious activity.
Checked: | 2023-09-23 23:55:58 |
MD5: | b5afa4d6d11a826a5c52300397cbf9aa |
SHA1: | 17fe6b6ffbf401b20665be0c7804d3df4e71db26 |
SHA256: | 5a808278a9603c26259d6059af947be646dd255db2a1d68129a8257d513da49e |
SHA512: | d96967d6d5ea42d86478a72fc57832eb1558bcbd080a7450537e5d1749f3db5cd69f92699739d790568364a5b787b8da836b56fabc9562770ba0d70e2764ffef |
Imphash: | c269743ebbb3816fe656e57159e214ad |
File Size: | 8545792 bytes |
Gridinsoft has the capability to identify and eliminate Trojan.Heur!.02212023 without requiring further user intervention.
259182f47396ccf28ecb937ee40e4b9f 95aade6daf1fc167d2edf07d74a19aa8 1c401c78dad06008 |
|
Image Base: | 0x140000000 |
Entry Point: | 0x140b8dbc4 |
Compilation: | 2023-09-23 01:01:37 |
Checksum: | 0x00000000 (Actual: 0x00834e80) |
OS Version: | 6.0 |
PEiD: | PE32+ executable (GUI) x86-64, for MS Windows |
Sign: | The PE file does not contain a certificate table. |
Sections: | 11 |
Imports: | d3d9, d3dx9_43, KERNEL32, USER32, GDI32, ADVAPI32, IMM32, bcrypt, WS2_32, CRYPT32, |
Exports: | 0 |
Resources: | 3 |
Name | Virtual Address | Virtual Size | Raw Size | MD5 | Entropy |
---|---|---|---|---|---|
.text | 0x00001000 | 0x0014d178 | 0x00000000 | d41d8cd98f00b204e9800998ecf8427e | 0.00 |
.rdata | 0x0014f000 | 0x00078f28 | 0x00000000 | d41d8cd98f00b204e9800998ecf8427e | 0.00 |
.data | 0x001c8000 | 0x0001ef7c | 0x00000000 | d41d8cd98f00b204e9800998ecf8427e | 0.00 |
.pdata | 0x001e7000 | 0x0000f9fc | 0x00000000 | d41d8cd98f00b204e9800998ecf8427e | 0.00 |
_RDATA | 0x001f7000 | 0x0000015c | 0x00000000 | d41d8cd98f00b204e9800998ecf8427e | 0.00 |
.lPz | 0x001f8000 | 0x00000100 | 0x00000200 | 9ce9ac2659b189125c8cbc843bcab5b4 | 0.63 |
.<)_ | 0x001f9000 | 0x003d7884 | 0x00000000 | d41d8cd98f00b204e9800998ecf8427e | 0.00 |
.6;v | 0x005d1000 | 0x00000b20 | 0x00000c00 | a8d5c89135c142d1de83e6a4f01bebf4 | 2.41 |
.&U: | 0x005d2000 | 0x0082425c | 0x00824400 | 29aef280ef36b9fabff64586720a67c9 | 7.86 |
.reloc | 0x00df7000 | 0x00000104 | 0x00000200 | 6cdc9da0054a7d5f87657518ed7d58de | 2.36 |
.rsrc | 0x00df8000 | 0x00000d18 | 0x00000e00 | 37f07147273fcfe0cc1740b37dc5c296 | 7.18 |