| File Name | primordial-cs2.dll |
| File Type |
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
| Scanner Version | 1.0.171.174 |
| Database Version | 2024-04-08 21:00:29 UTC |
Malware family: Heuristic
| Hash Type | Value | Action |
|---|---|---|
| MD5 |
f5dfa14149b13d2b19b358bc5a70170b
|
|
| SHA1 |
b748c14dc8e410fe7975cada26efb44e1337f85a
|
|
| SHA256 |
67f202ece0dd924a49192cda4cec0e9107dca88d83a16667c2d5236056c92b27
|
|
| SHA512 |
6f2d9ec5ed20d802e624b3ddd5aab99584b63c58f64c5cbfd8414520af8a5153dbb7bdc3c234fa7a9cd083ed6b51a74b4af3776e139ef65aef7db822648fa3a8
|
|
| ImpHash |
f5d36513925e93b813234e5ca179b39f
|
| Image Base | 0x180000000 |
| Entry Point | 0x18002344c |
| Compilation Time | 2024-03-24 10:53:17 |
| Checksum | 0x00000000 (Actual: 0x00dc7c7c) |
| OS Version | 6.0 |
| PEiD Signatures |
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
| Digital Signature | The PE file does not contain a certificate table. |
| Imports |
3 libraries
KERNEL32, WS2_32, ntdll |
| Exports | 0 functions |
| Resources | 1 Resources |
| Sections | 11 Sections |
| Name | Virtual Address | Virtual Size | Raw Size | Entropy | Characteristics | MD5 |
|---|---|---|---|---|---|---|
.text |
0x00001000 |
229,846 bytes | 229,888 bytes | 6.36 (Normal) |
IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ
|
C18905C1059B6AF237D4D7F8E5ABDAB5 |
.rdata |
0x0003a000 |
228,108 bytes | 228,352 bytes | 3.59 (Normal) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ
|
A10A42078997622D72DCA66814D1FCDB |
.data |
0x00072000 |
10,571,944 bytes | 10,567,680 bytes | 7.31 (Compressed) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE
|
2707D4071FCE1488148AF3210ECA8624 |
.pdata |
0x00a88000 |
5,976 bytes | 6,144 bytes | 7.78 (Packed/Encrypted) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ
|
0015F898118FEEF82E6C003562C37161 |
.00cfg |
0x00a8a000 |
56 bytes | 512 bytes | 0.51 (Normal) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ
|
BC624B59F0A19E26B6E34A2875EE1797 |
.gxfg |
0x00a8b000 |
5,600 bytes | 5,632 bytes | 5.12 (Normal) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ
|
638D69593037B3FC2E580EA39EE83981 |
.retplne |
0x00a8d000 |
140 bytes | 512 bytes | 1.05 (Normal) |
0x00000000
|
8C950F651287CBC1296BCB4E8CD7E990 |
_RDATA |
0x00a8e000 |
500 bytes | 512 bytes | 4.21 (Normal) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ
|
95E6F1F9EB8C2C973C5491433E61BBA9 |
._4r |
0x00a8f000 |
3,348,196 bytes | 3,348,480 bytes | 7.15 (Compressed) |
IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_NOT_PAGED|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ
|
BE5B4E1DC06E88320B08014C611585AA |
.rsrc |
0x00dc1000 |
223 bytes | 512 bytes | 2.35 (Normal) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ
|
8AE37722C718B479B99A224D70CBA852 |
.reloc |
0x00dc2000 |
1,936 bytes | 2,048 bytes | 5.38 (Normal) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ
|
17C3F52B48C22C6A7DA00469DA5CE7BD |
1 section(s) with high entropy (≥7.5) detected - possible packing/encryption
2 section(s) with elevated entropy (≥6.5) - possible compression
| Resource Type | Count | Total Size | Percentage |
|---|---|---|---|
| RT_MANIFEST | 1 | 135 bytes |
This file is not digitally signed.
⚠ This file either lacks a digital signature or the certificate chain could not be verified
Exercise caution when executing unsigned files from unknown sources
The PE file does not contain a certificate table.
Recommendation: Verify the file source and ensure it comes from a trusted publisher.
Gridinsoft has the capability to identify and eliminate Trojan.Heur!.02012022 without requiring further user intervention.
Download Anti-MalwareFollow these steps to completely remove the threat from your system
