Gridinsoft Logo

Node.dll Trojan Heuristic Analysis

Updated 1 year ago
Checked by Malaware Check
node.dll

Technical Analysis

File Name node.dll
File Type
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Scanner Version 1.0.150.174
Database Version 2023-11-30 15:01:14 UTC

Trojan.Heur!.02006022

Malware family: Heuristic

Heuristic detection uses behavioral analysis and pattern recognition to identify potential threats without specific signatures. This proactive approach detects suspicious code behavior that may indicate malware presence. Detection may occasionally produce false positives when legitimate software exhibits similar behavioral patterns.
N/A
Detection Rate
16,811,520
File Size (bytes)
2023-11-30
Analysis Date

Scan Another File

File Identification

Hash Type Value Action
MD5
7d1a861b6aa1f95df03ada1ae4d1eff5
SHA1
4f08069fce4a95fb2752b61e1520320b77851044
SHA256
86652089c198d821011a8efb5e8d2c38a0c937cf7a14aed5dcf745707318ab93
SHA512
e35eb9bdbbb06b6e27e8963843abcc255ae2f2c1d3c79b0ffd1c7768b3a6813b398b32a37de9180ab5725cb554ddb4d9bac3a3ec23a5803dc279997bbd1ccca1
ImpHash
173ca90a4419091bb4ab45726543430c

PE Analysis

Basic Information

Image Base 0x180000000
Entry Point 0x18075e144
Compilation Time 2023-01-11 18:49:39
Checksum 0x00000000 (Actual: 0x01013e58)
OS Version 6.0
PEiD Signatures PE32+ executable (DLL) (GUI) x86-64, for MS Windows
PDB Path E:\nw72_sdk_win64\node-webkit\src\outst\Release_x64\node.dll.pdb
Digital Signature The PE file does not contain a certificate table.
Imports 12 libraries
Exports 5021 functions
Resources 2 Resources
Sections 12 Sections

Version Information

CompanyName The NW.js Community
FileDescription Node.js build for NW.js
FileVersion 0.68.0
InternalName node_dll
LegalCopyright Copyright 2018, The NW.js community and The Chromium Authors. All rights reserved.
OriginalFilename node.dll
ProductName nwjs
ProductVersion 0.68.0
CompanyShortName nwjs.io
ProductShortName nwjs
Translation 0x0409 0x04b0

PE Sections

Name Virtual Address Virtual Size Raw Size Entropy Characteristics MD5
.text 0x00001000 8,309,478 bytes 8,309,760 bytes 6.44 (Normal) IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ 2D7949E0C40E44E0CE975A5E8691ED5F
.rdata 0x007ee000 8,026,572 bytes 8,026,624 bytes 5.59 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 3358A737DD2115FEDA634072B955C64D
.data 0x00f96000 2,743,536 bytes 47,104 bytes 3.77 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 13CFC8C361CB89C7072851A1AE98A4E2
.pdata 0x01234000 270,516 bytes 270,848 bytes 6.48 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 48D1512B8A5170ACB24AB218A709DD8F
.00cfg 0x01277000 40 bytes 512 bytes 0.43 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 6FF1771BED222AADF4F7995D04AD297D
.gxfg 0x01278000 61,008 bytes 61,440 bytes 5.30 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 578C15EAA18D86A7102852D4ACC142D7
.retplne 0x01287000 92 bytes 512 bytes 0.85 (Normal) 0x00000000 8BA86516D84CEF220ECD4FF8550B6DF0
.tls 0x01288000 25 bytes 512 bytes 0.02 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE B30464E69ECC4F2C756FA8FF158A38F1
.voltbl 0x01289000 136 bytes 512 bytes 2.10 (Normal) 0x00000000 19E18ABB6EBB35F9E74D9EA32D9C5064
_RDATA 0x0128a000 244 bytes 512 bytes 2.45 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 1E8B6D378F972965459D97E3A78C6362
.rsrc 0x0128b000 1,496 bytes 1,536 bytes 4.05 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 726C04F63F79AA70E1C77628A36AF4BE
.reloc 0x0128c000 90,348 bytes 90,624 bytes 5.47 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ C018B8F3E7C76E533FADD1C178EA05D9

Resource Analysis

Total Resources: 2 (1,331 bytes)
Resource Type Count Total Size Percentage
RT_VERSION 1 948 bytes
71.2%
RT_MANIFEST 1 383 bytes
28.8%

Certificate Chain Analysis

No Digital Signatures

This file is not digitally signed.

Security Implications:
  • Cannot verify the publisher's identity
  • Increased security risk when running this file
  • May trigger security warnings on some systems

⚠ This file either lacks a digital signature or the certificate chain could not be verified
Exercise caution when executing unsigned files from unknown sources

Certificate Verification Status

The PE file does not contain a certificate table.

Recommendation: Verify the file source and ensure it comes from a trusted publisher.

Trojan.Heur!.02006022 Removal

Gridinsoft has the capability to identify and eliminate Trojan.Heur!.02006022 without requiring further user intervention.

Download Anti-Malware

Removal Instructions

Follow these steps to completely remove the threat from your system

  1. Start by downloading Gridinsoft Anti-Malware to your computer.
  2. Double-click on the gsam-en-install.exe file and follow the on-screen instructions to install the program.
  3. Once the installation of Gridinsoft Anti-Malware is complete, the program will open on the Scan screen.
  4. Click on the "Standard Scan" button to begin scanning your computer for threats.
  5. After the scanning process is finished, click on "Clean Now" to remove any detected threats.
  6. If prompted, restart your system to complete the removal process and ensure all threats are eliminated.
Important: Before You Start
Disconnect from the internet to prevent the malware from spreading or downloading additional threats. Run the scan in Safe Mode for better detection and removal of persistent threats.

Leave a Comment

Share your thoughts or insights about this file. Do you align with our conclusion?

* Your feedback could influence our rating, and rest assured, your email will remain confidential and will only be used to communicate with you if necessary.
Your Score for

Gridinsoft Anti-Malware

Cure your PC from any kind of malware

GridinSoft Anti-Malware will help you to protect your computer from spyware, trojans, backdoors, rootkits. It cleans your system from annoying advertisement modules and other malicious stuff developed by hackers.

Anti-Malware Download Now
Gridinsoft Anti-Malware