DaemonClaw.exe Trojan Znyonm Analysis
| Online Virus Checker | v.1.0.172.174 |
| DB Version: | 2024-04-25 11:00:38 |
Trojan.Win64.Znyonm.oa!s1
| File | DaemonClaw.exe |
| Checked | 2024-04-25 08:46:23 |
| MD5 | 5c328ec9fc7c16af454a43ff5c68fe30 |
| SHA1 | bc4527ed1fd7dc436c362be6f6b5232d043d5f49 |
| SHA256 | 8d737c5273782bee9081f555051fc33014afd83cd587c2a257b810626722218b |
| SHA512 | 682b92e74b58a408c5ad36edb57b1162676f0b4a775cbba4d04b4aebced6cde5d328c254dd083fe947647822c561c9405138d5e7b70dc1edf7a57fc7e5fe2c84 |
| Imphash | f18952a1b4265d767ec0bab410377559 |
| File Size | 2312704 bytes |
Trojan.Win64.Znyonm.oa!s1 Removal
Gridinsoft has the capability to identify and eliminate Trojan.Win64.Znyonm.oa!s1 without requiring further user intervention.
- Start by downloading Gridinsoft Anti-Malware to your computer.
- Double-click on the gsam-en-install.exe file and follow the on-screen instructions to install the program.
- Once the installation of Gridinsoft Anti-Malware is complete, the program will open on the Scan screen.
- Click on the "Standard Scan" button.
- After the scanning process is finished, click on "Clean Now" to remove any detected threats.
- If prompted, restart your system to complete the removal process.
File Version Information
| CompanyName | The NW.js Community |
| FileDescription | nwjs |
| FileVersion | 0.85.0 |
| InternalName | nw_exe |
| LegalCopyright | Copyright 2023, The NW.js community and The Chromium Authors. All rights reserved. |
| OriginalFilename | nw.exe |
| ProductName | nwjs |
| ProductVersion | 0.85.0 |
| CompanyShortName | nwjs.io |
| ProductShortName | nwjs |
| LastChange | 0000000000000000000000000000000000000000-0000000000000000000000000000000000000000 |
| Translation | 0x0409 0x04b0 |
Portable Executable Info
 |
c78ea2e284ddc9feb131b0bb9b0335f2 359bb7409f6d66c2043431322b378e73 70f0b23319aecc70 |
| Image Base: | 0x140000000 |
| Entry Point: | 0x1401452c0 |
| Compilation: | 2023-05-07 05:00:00 |
| Checksum: | 0x00000000 (Actual: 0x0023e7c0) |
| OS Version: | 5.2 |
| PDB Path: | E:\nw85_sdk_win64\node-webkit\src\outst\nw\initialexe\nw.exe.pdb |
| PEiD: | PE32+ executable (GUI) x86-64, for MS Windows |
| Sign: | The PE file does not contain a certificate table. |
| Sections: | 13 |
| Imports: | nw_elf, KERNEL32, VERSION, ntdll, |
| Exports: | 3 |
| Resources: | 62 |
Sections
| Name | Virtual Address | Virtual Size | Raw Size | MD5 | Entropy |
|---|---|---|---|---|---|
| .text | 0x00001000 | 0x0017ec58 | 0x0017ee00 | f7fabd42e741b3786fad91855e2b25cf | 6.54 |
| .rdata | 0x00180000 | 0x0003f484 | 0x0003f600 | 5c1b2023a64e7c37da18cd7367a0e9ce | 5.91 |
| .data | 0x001c0000 | 0x0000a590 | 0x00004600 | 3f6ae5fdeaee7b2397c655ac64501bd8 | 3.04 |
| .pdata | 0x001cb000 | 0x0000eeec | 0x0000f000 | ae937b998ace42c5436031abeda35fa9 | 5.99 |
| .gxfg | 0x001da000 | 0x00002e50 | 0x00003000 | 4ec578b1ec89e882afa14560783dd61b | 5.11 |
| .retplne | 0x001dd000 | 0x000000a8 | 0x00000200 | 5ecca2c6ea1d296f112e2a3940d7af4a | 1.32 |
| .tls | 0x001de000 | 0x00000213 | 0x00000400 | b975bbe1f330b7a699d04cf9e069f382 | 0.21 |
| .voltbl | 0x001df000 | 0x00000044 | 0x00000200 | 3e0c0ec85f664161cf947e236f80c926 | 1.14 |
| CPADinfo | 0x001e0000 | 0x00000038 | 0x00000200 | 60d3ea61d541c9be2e845d2787fb9574 | 0.12 |
| _RDATA | 0x001e1000 | 0x000000f4 | 0x00000200 | 46ba4075596d5633861c2aeeb8156ff3 | 2.45 |
| malloc_h | 0x001e2000 | 0x00000130 | 0x00000200 | 1dff7f77a7f6c1cf22e6ef94bb666793 | 4.42 |
| .rsrc | 0x001e3000 | 0x0005ca18 | 0x0005cc00 | 59d45fd1b01c3f36c01693dedd4f772e | 4.71 |
| .reloc | 0x00240000 | 0x00002140 | 0x00002200 | 12c03c9188df48fe9ad95160a0f6d644 | 5.42 |
