| File Name | EasyBackupLight_OneClick.exe |
| File Type |
PE32 executable (console) Intel 80386, for MS Windows
|
| Scanner Version | 1.0.194.174 |
| Database Version | 2024-10-26 13:00:24 UTC |
Malware family: Agent
| Hash Type | Value | Action |
|---|---|---|
| MD5 |
a434c6cd99a721311b883c0cab193df4
|
|
| SHA1 |
6b7ac54149488db701bfd5832141cdbe55cd3d7d
|
|
| SHA256 |
81fca9871be59844adf0c387fe8972ea11f1ce8fc94d88b690dd861336981d89
|
|
| SHA512 |
9da8199893ee875eb5701c92f8a969619eecf86c3622da30152fa87cab30afc24a6471fcc91706c6bffa9434a5fb6d4a0842cd92b5be896d18914d710fa5d331
|
|
| ImpHash |
808056f969a877ba6ca601d1f2bca1fe
|
| Icon |
Hash: 176d7666bec75f50309643bf73ffee38
Fuzzy: 8a0725807de24f17c0b4262b8ee2097d dHash: 96337971ea313336 |
| Image Base | 0x00400000 |
| Entry Point | 0x0045368c |
| Compilation Time | 2021-08-23 03:55:16 |
| Checksum | 0x00000000 (Actual: 0x004a18df) |
| OS Version | 5.0 |
| PEiD Signatures |
PE32 executable (console) Intel 80386, for MS Windows
|
| Digital Signature | No valid SignedData structure was found. |
| Imports |
9 libraries
oleaut32, advapi32, user32, kernel32, mpr, SHFolder, MSVCRT, msvcrt, shell32 |
| Exports | 1 functions |
| Resources | 25 Resources |
| Sections | 11 Sections |
| CompanyName | FreeTools by U.G. |
| FileDescription | EasyBackupLight_OneClick |
| FileVersion | 06.00.00.03 |
| InternalName | EasyBackupLight_OneClick |
| LegalCopyright | FreeTools by U.G. |
| LegalTrademarks | FreeTools by U.G. |
| OriginalFilename | EasyBackupLight_OneClick.exe |
| ProductName | EasyBackupLight_OneClick |
| ProductVersion | 01.00.00.09 |
| Comments | |
| Translation | 0x0409 0x04e4 |
| Name | Virtual Address | Virtual Size | Raw Size | Entropy | Characteristics | MD5 |
|---|---|---|---|---|---|---|
.text |
0x00001000 |
332,312 bytes | 332,800 bytes | 6.48 (Normal) |
IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ
|
3B9F536AE7B8FD17D5E6B4A4472AFE24 |
.itext |
0x00053000 |
2,936 bytes | 3,072 bytes | 6.12 (Normal) |
IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ
|
78A664898258AADAA7E9D616E34C05BC |
.data |
0x00054000 |
23,192 bytes | 23,552 bytes | 6.19 (Normal) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE
|
4E0687795CC0DC29F7A1ECE48193E505 |
.bss |
0x0005a000 |
101,832 bytes | 0 bytes | 0.00 (Normal) |
IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE
|
D41D8CD98F00B204E9800998ECF8427E |
.idata |
0x00073000 |
6,668 bytes | 7,168 bytes | 4.81 (Normal) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE
|
1EB53C227109A9C10140322C2A99D159 |
.didata |
0x00075000 |
304 bytes | 512 bytes | 2.05 (Normal) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE
|
82678682C5B8385C9009E44745738E3F |
.edata |
0x00076000 |
90 bytes | 512 bytes | 1.05 (Normal) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ
|
B37D027049349EA694153731E7A4FC86 |
.tls |
0x00077000 |
12 bytes | 0 bytes | 0.00 (Normal) |
IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE
|
D41D8CD98F00B204E9800998ECF8427E |
.rdata |
0x00078000 |
24 bytes | 512 bytes | 0.21 (Normal) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ
|
86B038FADC4B719CEE39A675760D6230 |
.reloc |
0x00079000 |
28,180 bytes | 28,672 bytes | 6.57 (Compressed) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ
|
143A7A997133D78704037B1DBEADF265 |
.rsrc |
0x00080000 |
367,796 bytes | 368,128 bytes | 7.80 (Packed/Encrypted) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ
|
48B3D81DAF95E111903080E9CCB8EC1D |
1 section(s) with high entropy (≥7.5) detected - possible packing/encryption
1 section(s) with elevated entropy (≥6.5) - possible compression
| Resource Type | Count | Total Size | Percentage |
|---|---|---|---|
| RT_ICON | 6 | 22,384 bytes | |
| RT_STRING | 13 | 11,932 bytes | |
| RT_RCDATA | 3 | 330,098 bytes | |
| RT_GROUP_ICON | 1 | 90 bytes | |
| RT_VERSION | 1 | 940 bytes | |
| RT_MANIFEST | 1 | 920 bytes |
This file is not digitally signed.
⚠ This file either lacks a digital signature or the certificate chain could not be verified
Exercise caution when executing unsigned files from unknown sources
No valid SignedData structure was found.
Recommendation: Verify the file source and ensure it comes from a trusted publisher.
Gridinsoft has the capability to identify and eliminate Trojan.Win32.Agent.oa!s1 without requiring further user intervention.
Download Anti-MalwareFollow these steps to completely remove the threat from your system
Gianni
Oct 26, 2024
this tool is for backup and is absolutely clean. False Positive!