| File Name | coordinator.exe |
| File Type |
PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows
|
| Scanner Version | 1.0.184.174 |
| Database Version | 2024-08-09 11:00:16 UTC |
Malware family: Gen
| Hash Type | Value | Action |
|---|---|---|
| MD5 |
4e5402787e7854f4fa33f73853d5dfb3
|
|
| SHA1 |
0410b7c5441eda53a554e2c05e70b1316b8cf07b
|
|
| SHA256 |
912c0c803c8d8935c2cc6acc893982f8be3a0331709603e1e5d8a77d4e276456
|
|
| SHA512 |
1fd89d4409e3554a39686c23b148a5916239910bb3bfeb950a1c3c7062dca9a87767ecb066449f08364b867e0b62f1966bc1b20c2d9f627534142cbfb8513d79
|
|
| ImpHash |
4747944165a85176b0eccaefa44b30bb
|
| Icon |
Hash: 99f8909119f22355b3423d4cad169539
Fuzzy: c5a2ab820da81f9db77abd76bbd9764e dHash: c6c2ccc4f4e0e0f8 |
| Image Base | 0x00400000 |
| Entry Point | 0x004014f0 |
| Compilation Time | 1995-07-10 13:58:29 |
| Checksum | 0x009a514a (Actual: 0x009a514a) |
| OS Version | 4.0 |
| PEiD Signatures |
PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows
|
| Digital Signature | OK |
| Imports |
4 libraries
KERNEL32, msvcrt, USER32, WS2_32 |
| Exports | 0 functions |
| Resources | 8 Resources |
| Sections | 10 Sections |
| Name | Virtual Address | Virtual Size | Raw Size | Entropy | Characteristics | MD5 |
|---|---|---|---|---|---|---|
.text |
0x00001000 |
40,440 bytes | 40,448 bytes | 6.24 (Normal) |
IMAGE_SCN_CNT_CODE|IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ|IMAGE_SCN_ALIGN_16BYTES
|
068343F9461138F6EE6B0353FB18FF1F |
.data |
0x0000b000 |
168 bytes | 512 bytes | 0.67 (Normal) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE|IMAGE_SCN_ALIGN_16BYTES
|
32D2283ED5EF868A4454872F2522DEA3 |
.rdata |
0x0000c000 |
20,608 bytes | 20,992 bytes | 6.66 (Compressed) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_ALIGN_32BYTES
|
1DC2DC2AF095B8DE44D6E9CBC2F28D9B |
.pdata |
0x00012000 |
2,040 bytes | 2,048 bytes | 4.72 (Normal) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_ALIGN_4BYTES
|
0F64D94DCA41A43B8C90E6DC122FFB49 |
.xdata |
0x00013000 |
1,884 bytes | 2,048 bytes | 4.05 (Normal) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_ALIGN_4BYTES
|
9ECA94A61981710563E722BEE749E7B9 |
.bss |
0x00014000 |
52,448 bytes | 0 bytes | 0.00 (Normal) |
IMAGE_SCN_CNT_UNINITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE|IMAGE_SCN_ALIGN_64BYTES
|
D41D8CD98F00B204E9800998ECF8427E |
.idata |
0x00021000 |
4,120 bytes | 4,608 bytes | 4.09 (Normal) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE|IMAGE_SCN_ALIGN_4BYTES
|
12E016212662C2419DF49AD65BD11B37 |
.CRT |
0x00023000 |
104 bytes | 512 bytes | 0.27 (Normal) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE|IMAGE_SCN_ALIGN_8BYTES
|
7933098268DB8112A146761BEFFFB21C |
.tls |
0x00024000 |
104 bytes | 512 bytes | 0.20 (Normal) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE|IMAGE_SCN_ALIGN_32BYTES
|
9F11641A4A590E1D50FB35766F337F61 |
.rsrc |
0x00025000 |
61,128 bytes | 61,440 bytes | 7.52 (Packed/Encrypted) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE|IMAGE_SCN_ALIGN_4BYTES
|
FF6038D51225791DF3D2158C2EA53791 |
1 section(s) with high entropy (≥7.5) detected - possible packing/encryption
1 section(s) with elevated entropy (≥6.5) - possible compression
| Resource Type | Count | Total Size | Percentage |
|---|---|---|---|
| RT_ICON | 7 | 60,572 bytes | |
| RT_GROUP_ICON | 1 | 104 bytes |
This file is not digitally signed.
⚠ This file either lacks a digital signature or the certificate chain could not be verified
Exercise caution when executing unsigned files from unknown sources
OK
Gridinsoft has the capability to identify and eliminate PUP.Win64.Gen.ca without requiring further user intervention.
Download Anti-MalwareFollow these steps to completely remove the threat from your system
