| File Name | dohnadohna.exe |
| File Type |
PE32 executable (GUI) Intel 80386, for MS Windows
|
| Scanner Version | 1.0.215.174 |
| Database Version | 2025-04-24 10:00:23 UTC |
Malware family: Gen
| Hash Type | Value | Action |
|---|---|---|
| MD5 |
618c66cd1682d95aac9616d19e5661b5
|
|
| SHA1 |
990afcc46f3157cc546ba1e7c196d62b8da06367
|
|
| SHA256 |
950eaa37430724fe8fa2a9bf6cba1ef9363a937e4824b4a999b39296c381701b
|
|
| SHA512 |
54484920cd7478d79c2071add8b8ec4f288fc890db0b3b6bccb20538cc816c6f0bc78e6456a1b55a18c030d100f861b38c6f0dc41d9fd4020d7246f1af9f5989
|
|
| ImpHash |
138fc2389a60e750fb2d2b584aa16150
|
| Icon |
Hash: 1f67559569ae1e75a1e3a684e3b62e50
Fuzzy: 86972196be91a4cd724db6a6362b8be6 dHash: c8acf1c4f4f0a4cc |
| Image Base | 0x00400000 |
| Entry Point | 0x011c475c |
| Compilation Time | 2020-09-03 08:41:46 |
| Checksum | 0x003dd436 (Actual: 0x003d9293) |
| OS Version | 6.0 |
| PEiD Signatures |
PE32 executable (GUI) Intel 80386, for MS Windows
|
| Digital Signature | The expected hash does not match the digest in SpcInfo |
| Imports | 13 libraries |
| Exports | 0 functions |
| Resources | 21 Resources |
| Sections | 10 Sections |
| Name | Virtual Address | Virtual Size | Raw Size | Entropy | Characteristics | MD5 |
|---|---|---|---|---|---|---|
|
0x00001000 |
3,915,776 bytes | 1,421,824 bytes | 8.00 (Packed/Encrypted) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE
|
218AA0116BAB858B5A7D5CD5785F1657 |
|
0x003bd000 |
679,936 bytes | 248,320 bytes | 8.00 (Packed/Encrypted) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE
|
05EF29777EC6B0647E0E671D9B87B6C9 |
|
0x00463000 |
155,648 bytes | 24,576 bytes | 7.98 (Packed/Encrypted) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE
|
0D4265B7F46350D4F94609D6300E561B |
|
0x00489000 |
8,192 bytes | 2,048 bytes | 7.49 (Compressed) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE
|
9F8E571B2009C2F9CA86EB80B6545C5C |
|
0x0048b000 |
4,096 bytes | 512 bytes | 0.18 (Normal) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE
|
5BD7A1E2B19AF97574FCFB9B115AFCB5 |
|
0x0048c000 |
4,096 bytes | 1,024 bytes | 5.76 (Normal) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE
|
E0138EF1D07A9B813392D96A1DE9D5A6 |
|
0x0048d000 |
372,736 bytes | 210,944 bytes | 8.00 (Packed/Encrypted) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE
|
483E97EFCF5EEA8DB224DC18864D9AF0 |
.rsrc |
0x004e8000 |
40,960 bytes | 38,400 bytes | 5.16 (Normal) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE
|
517F7C8F5EBA70245190CFE1175656EA |
|
0x004f2000 |
7,200,768 bytes | 1,024 bytes | 6.61 (Compressed) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE
|
93D58CE82132690C7AC52F0E577BB66B |
.data |
0x00bd0000 |
2,072,576 bytes | 2,071,552 bytes | 7.98 (Packed/Encrypted) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE
|
50B57BD32C8F6F516E8AA8307D897536 |
5 section(s) with high entropy (≥7.5) detected - possible packing/encryption
2 section(s) with elevated entropy (≥6.5) - possible compression
| Resource Type | Count | Total Size | Percentage |
|---|---|---|---|
| PSO | 1 | 2,028 bytes | |
| SLK | 2 | 329,920 bytes | |
| VSO | 1 | 864 bytes | |
| RT_ICON | 10 | 35,820 bytes | |
| RT_MENU | 2 | 332 bytes | |
| RT_DIALOG | 2 | 608 bytes | |
| RT_ACCELERATOR | 1 | 40 bytes | |
| RT_GROUP_ICON | 1 | 146 bytes | |
| RT_MANIFEST | 1 | 751 bytes |
This file is not digitally signed.
⚠ This file either lacks a digital signature or the certificate chain could not be verified
Exercise caution when executing unsigned files from unknown sources
The expected hash does not match the digest in SpcInfo
Recommendation: Verify the file source and ensure it comes from a trusted publisher.
Gridinsoft has the capability to identify and eliminate Malware.Win32.Gen.bot!se39933 without requiring further user intervention.
Download Anti-MalwareFollow these steps to completely remove the threat from your system
