| File Name | payload.exe |
| File Type |
PE32 executable (GUI) Intel 80386, for MS Windows
|
| Scanner Version | 1.0.210.174 |
| Database Version | 2025-03-13 19:00:54 UTC |
Malware family: Swrort
| Hash Type | Value | Action |
|---|---|---|
| MD5 |
e406143461287ae5ef294caf013aa2e6
|
|
| SHA1 |
b9eedd906c7fb28668a9c2762348f8d3668291d6
|
|
| SHA256 |
87c963847b35bbb57f85b01b8cb59f458a61155e632325ae43778d06b2efa9b7
|
|
| SHA512 |
92f71ad6736ba18317513c27666f89c0ccf967179bbe804cb57378b5cb759deb764f9a8c9d308547df9eec25003e6dc1f5e78a4c846c8f633c7eed6bc323e21a
|
|
| ImpHash |
fb6bd8ebf4e6421b53c55dfe7d3c43af
|
| Image Base | 0x00400000 |
| Entry Point | 0x00404711 |
| Compilation Time | 2009-04-27 21:59:01 |
| Checksum | 0x00000000 (Actual: 0x0001ad49) |
| OS Version | 4.0 |
| PEiD Signatures |
PE32 executable (GUI) Intel 80386, for MS Windows
|
| PDB Path | C:\local0\asf\release\build-2.2.14\support\Release\ab.pdb |
| Digital Signature | No valid SignedData structure was found. |
| Imports |
5 libraries
MSVCRT, KERNEL32, ADVAPI32, WSOCK32, WS2_32 |
| Exports | 0 functions |
| Resources | 1 Resources |
| Sections | 4 Sections |
| Comments | Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0 Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. |
| CompanyName | Apache Software Foundation |
| FileDescription | ApacheBench command line utility |
| FileVersion | 2.2.14 |
| InternalName | ab.exe |
| LegalCopyright | Copyright 2009 The Apache Software Foundation. |
| OriginalFilename | ab.exe |
| ProductName | Apache HTTP Server |
| ProductVersion | 2.2.14 |
| Translation | 0x0409 0x04b0 |
| Name | Virtual Address | Virtual Size | Raw Size | Entropy | Characteristics | MD5 |
|---|---|---|---|---|---|---|
.text |
0x00001000 |
43,366 bytes | 45,056 bytes | 7.02 (Compressed) |
IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ
|
F51DBC6BE1E16E4AFC229416CC8BB0B8 |
.rdata |
0x0000c000 |
4,070 bytes | 4,096 bytes | 5.32 (Normal) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ
|
25D7CEEE3AA85BB3E8C5174736F6F830 |
.data |
0x0000d000 |
28,764 bytes | 16,384 bytes | 4.41 (Normal) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE
|
283B5F792323D57B9DB4D2BCC46580F8 |
.rsrc |
0x00015000 |
1,992 bytes | 4,096 bytes | 1.96 (Normal) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ
|
C13A9413AEA7291B6FC85D75BFCDE381 |
1 section(s) with elevated entropy (≥6.5) - possible compression
| Resource Type | Count | Total Size | Percentage |
|---|---|---|---|
| RT_VERSION | 1 | 1,896 bytes |
This file is not digitally signed.
⚠ This file either lacks a digital signature or the certificate chain could not be verified
Exercise caution when executing unsigned files from unknown sources
No valid SignedData structure was found.
Recommendation: Verify the file source and ensure it comes from a trusted publisher.
Gridinsoft has the capability to identify and eliminate Trojan.Win32.Swrort.zv!s2 without requiring further user intervention.
Download Anti-MalwareFollow these steps to completely remove the threat from your system
