Online Virus Checker | v.1.0.187.174 |
DB Version: | 2024-09-10 09:00:32 |
The "Heur" stands for "heuristic," which means we use a set of rules, algorithms, or behavioral analysis to detect potential threats that may not have a specific, known signature. It's a proactive approach to identifying suspicious behavior or code patterns that could indicate the presence of a Trojan or other malware. The file's behavior or characteristics triggered the heuristic analysis as potentially malicious. However, it doesn't necessarily confirm that the file is indeed a Trojan. It could be a false positive, where a legitimate program exhibits behavior that resembles malicious activity.
File | 9pBdxYLgQPc4j8V.exe |
Checked | 2024-09-10 06:25:09 |
MD5 | d0a225914366c8b39f581a33b663d1f6 |
SHA1 | e078c3f1a6680fc2c5a3055039b297a2f81903a8 |
SHA256 | 71a37d5e10982cca0c695718ad5dc3ea717e3d6d546ef8fa802d0c87f0f06d39 |
SHA512 | 667e9edd32852cc6e0dc0f72234a8118d19251209250cd017e07bba2ebf2b0fb8bb35cebbf742d30610233a0e957e8104a0836af1530f5f15b670c272be5d6f0 |
Imphash | 17fa5dacb8d855eaad59f9a0ea4af349 |
File Size | 10988636 bytes |
Gridinsoft has the capability to identify and eliminate Trojan.Heur!.03212023 without requiring further user intervention.
Image Base: | 0x140000000 |
Entry Point: | 0x14102e058 |
Compilation: | 2024-06-22 16:16:11 |
Checksum: | 0x0099939b (Actual: 0x00a86096) |
OS Version: | 6.0 |
PEiD: | PE32+ executable (GUI) x86-64, for MS Windows |
Sign: | The PE file does not contain a certificate table. |
Sections: | 12 |
Imports: | kernel32, USER32, GDI32, ADVAPI32, ole32, MSVCP140, WININET, dbghelp, urlmon, ntdll, XINPUT1_3, IMM32, d3d9, d3dx9_43, WINMM, VCRUNTIME140_1, VCRUNTIME140, api-ms-win-crt-stdio-l1-1-0, api-ms-win-crt-heap-l1-1-0, api-ms-win-crt-runtime-l1-1-0, api-ms-win-crt-math-l1-1-0, api-ms-win-crt-time-l1-1-0, api-ms-win-crt-filesystem-l1-1-0, api-ms-win-crt-string-l1-1-0, api-ms-win-crt-environment-l1-1-0, api-ms-win-crt-utility-l1-1-0, api-ms-win-crt-convert-l1-1-0, api-ms-win-crt-locale-l1-1-0, |
Exports: | 0 |
Resources: | 20 |
Name | Virtual Address | Virtual Size | Raw Size | MD5 | Entropy |
---|---|---|---|---|---|
0x00001000 | 0x001b31a3 | 0x0007a000 | 80db842f99db4baa18cb84d4bd859e53 | 7.98 | |
0x001b5000 | 0x000ccd82 | 0x00046000 | a2838dc5d45ee615919d6658a2f8e0e6 | 7.97 | |
0x00282000 | 0x0029c0f8 | 0x0021f000 | d52ff48160f28d00e85183136a19996c | 7.93 | |
0x0051f000 | 0x0001638c | 0x0000b600 | c69b5897a6953c310efa65ec587ccac9 | 7.73 | |
0x00536000 | 0x000001e8 | 0x00000200 | 39eb746930a3f9559668fd7b22da4817 | 6.48 | |
0x00537000 | 0x000028b8 | 0x00001600 | 92dff9669960f77a6bec43c17d4a95e5 | 7.81 | |
.idata | 0x0053a000 | 0x00001000 | 0x00000a00 | 6c439b3e33c71833033c73fc387fd7e5 | 3.64 |
.tls | 0x0053b000 | 0x00001000 | 0x00000200 | 944806a940228d1668468a2548ca2f67 | 0.28 |
.rsrc | 0x0053c000 | 0x00001c00 | 0x00001c00 | dc6d13446a13ade61a1186c2761d7393 | 4.82 |
./\. | 0x0053e000 | 0x00af0000 | 0x00000000 | d41d8cd98f00b204e9800998ecf8427e | 0.00 |
.boot | 0x0102e000 | 0x0069fa00 | 0x0069fa00 | 6afad6b78d51a6ea5f64f1d692553274 | 7.97 |
.reloc | 0x016ce000 | 0x00001000 | 0x00000010 | e86ff93a7e81fddd1e799c28e3b6425e | 2.47 |