8297cd00e6dd7a00a075bcb618e9864632fe1aeca0f15cd630f1e7d665d262b2 exe Stealer Gen File Malware Analysis: 52b7fb5887d5192b3456ef38652b4da0
Gridinsoft Logo
File Icon

8297cd00e6dd7a00a075bcb618e9864632fe1aeca0f15cd630f1e7d665d262b2.exe Stealer Gen Analysis

Updated 4 days ago
Checked by Malware Check
8297cd00e6dd7a00a075bcb618e9864632fe1aeca0f15cd630f1e7d665d262b2.exe

Technical Analysis

File Name 8297cd00e6dd7a00a075bcb618e9864632fe1aeca0f15cd630f1e7d665d262b2.exe
File Type
PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
Scanner Version 1.0.224.174
Database Version 2025-09-06 21:00:40 UTC

Spy.Win32.Gen.tr

Malware family: Gen

This is a generic detection identifier for files exhibiting Trojan horse characteristics. It indicates malware that disguises itself as legitimate software while containing malicious code designed to compromise system security or steal information.
N/A
Detection Rate
1,592,832
File Size (bytes)
2025-09-06
Analysis Date

Scan Another File

File Identification

Hash Type Value Action
MD5
52b7fb5887d5192b3456ef38652b4da0
SHA1
47a68135eb80ea1e12b06cd5b979f93cf6bc6b88
SHA256
8297cd00e6dd7a00a075bcb618e9864632fe1aeca0f15cd630f1e7d665d262b2
SHA512
7c01c835d29799dc8c9b9ab32d8786c416d627ebbba8d14725fd0cdd34231985479c463b3e9af1515cc7259e5d757bac817fe7cf37dad361f44ab37696f825c5
ImpHash
4035d2883e01d64f3e7a9dccb1d63af5

PE Analysis

Basic Information

Icon
Hash: e5f5084d741424060d7fbadb374025b9
Fuzzy: fd9927ee0d81ffc4d37bd7746d6ec7a5
dHash: f0d4f0f0f0f0f0f0
Image Base 0x00400000
Entry Point 0x004547f0
Compilation Time 1970-01-01 00:00:00
Checksum 0x07e9626f (Actual: 0x001925d1)
OS Version 6.1
PEiD Signatures PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
Digital Signature No valid SignedData structure was found.
Imports 1 libraries
kernel32
Exports 0 functions
Resources 8 Resources
Sections 7 Sections

Version Information

CompanyName Mozilla
FileDescription Thunderbird
FileVersion 18.05
InternalName 7zS.sfx
LegalCopyright Mozilla
OriginalFilename 7zS.sfx.exe
ProductName Thunderbird
ProductVersion 18.05
Translation 0x0409 0x04b0

PE Sections

Name Virtual Address Virtual Size Raw Size Entropy Characteristics MD5
.text 0x00001000 522,564 bytes 522,752 bytes 6.19 (Normal) IMAGE_SCN_CNT_CODE|IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ|IMAGE_SCN_ALIGN_4BYTES 4A233D80B32B561093F678191AA567BB
.rdata 0x00081000 826,824 bytes 826,880 bytes 6.54 (Compressed) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_ALIGN_4BYTES 9C5D73CC0AB7C8AA89C9B59FE17EE6E5
.data 0x0014b000 146,528 bytes 9,728 bytes 3.32 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE|IMAGE_SCN_ALIGN_4BYTES A11F8B460879E114784464022193D559
.idata 0x0016f000 982 bytes 1,024 bytes 4.67 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE|IMAGE_SCN_ALIGN_4BYTES 0B1DA15C7B85F50F398238C8D5CDE7C6
.reloc 0x00170000 34,490 bytes 34,816 bytes 6.50 (Compressed) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ|IMAGE_SCN_ALIGN_4BYTES E3300A615A07C01C1130FE239080FEE3
.symtab 0x00179000 71,683 bytes 72,192 bytes 5.05 (Normal) IMAGE_SCN_MEM_READ|IMAGE_SCN_ALIGN_4BYTES 8234D6EFAB77A3E5FDF11321821DD9EC
.rsrc 0x0018b000 123,419 bytes 123,904 bytes 6.02 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 2970AACE94E1D6DAA8AD62F7362F7094
Entropy Analysis Alert

2 section(s) with elevated entropy (≥6.5) - possible compression

Resource Analysis

Total Resources: 8 (122,920 bytes)
Resource Type Count Total Size Percentage
RT_ICON 5 120,425 bytes
98%
RT_GROUP_ICON 1 76 bytes
0.1%
RT_VERSION 1 644 bytes
0.5%
RT_MANIFEST 1 1,775 bytes
1.4%

Certificate Chain Analysis

No Digital Signatures

This file is not digitally signed.

Security Implications:
  • Cannot verify the publisher's identity
  • Increased security risk when running this file
  • May trigger security warnings on some systems

⚠ This file either lacks a digital signature or the certificate chain could not be verified
Exercise caution when executing unsigned files from unknown sources

Certificate Verification Status

No valid SignedData structure was found.

Recommendation: Verify the file source and ensure it comes from a trusted publisher.

Spy.Win32.Gen.tr Removal

Gridinsoft has the capability to identify and eliminate Spy.Win32.Gen.tr without requiring further user intervention.

Download Anti-Malware

Removal Instructions

Follow these steps to completely remove the threat from your system

  1. Start by downloading Gridinsoft Anti-Malware to your computer.
  2. Double-click on the gsam-en-install.exe file and follow the on-screen instructions to install the program.
  3. Once the installation of Gridinsoft Anti-Malware is complete, the program will open on the Scan screen.
  4. Click on the "Standard Scan" button to begin scanning your computer for threats.
  5. After the scanning process is finished, click on "Clean Now" to remove any detected threats.
  6. If prompted, restart your system to complete the removal process and ensure all threats are eliminated.
Important: Before You Start
Disconnect from the internet to prevent the malware from spreading or downloading additional threats. Run the scan in Safe Mode for better detection and removal of persistent threats.

Leave a Comment

Share your thoughts or insights about this file. Do you align with our conclusion?

* Your feedback could influence our rating, and rest assured, your email will remain confidential and will only be used to communicate with you if necessary.
Your Score for

Gridinsoft Anti-Malware

Cure your PC from any kind of malware

GridinSoft Anti-Malware will help you to protect your computer from spyware, trojans, backdoors, rootkits. It cleans your system from annoying advertisement modules and other malicious stuff developed by hackers.

Anti-Malware Download Now
Gridinsoft Anti-Malware