File Name | 9737047a6cf9c18ad4eb8eff4d7b090453dd69d1b64f0c2ffe7a5deab121e637 |
File Type |
PE32 executable (GUI) Intel 80386, for MS Windows
|
Scanner Version | 1.0.161.174 |
Database Version | 2024-02-13 17:01:04 UTC |
Malware family: STOP/Djvu
Hash Type | Value | Action |
---|---|---|
MD5 |
d473778b0f10692a2fb1ef33d26f5759
|
|
SHA1 |
c1e422e12cc1a23edad6e5d34bba0187d3175627
|
|
SHA256 |
9737047a6cf9c18ad4eb8eff4d7b090453dd69d1b64f0c2ffe7a5deab121e637
|
|
SHA512 |
e2052b4ca7d8aef7785ba16b87f2e54a7330d2fae04a7ac42069584063063e7931d3c1b2d31ad62ab8c27a118dfef1ed081cd1a5fa3ce5c7d61d6a926b898ba8
|
|
ImpHash |
d492b09c073a9c2f77d881ff99fa361e
|
Icon |
Hash: 122bc9a47e8d09826498164676829fe8
Fuzzy: 69b50aad9cd0fcc8ddd73a4eb1365f3a dHash: e8e0eeeaeae2eaea |
Image Base | 0x00400000 |
Entry Point | 0x00402796 |
Compilation Time | 2023-08-17 06:49:26 |
Checksum | 0x000bccab (Actual: 0x000bccab) |
OS Version | 5.0 |
PEiD Signatures |
PE32 executable (GUI) Intel 80386, for MS Windows
|
PDB Path | C:\beg17\n.pdb |
Digital Signature | The PE file does not contain a certificate table. |
Imports |
3 libraries
KERNEL32, USER32, WINHTTP |
Exports | 0 functions |
Resources | 15 Resources |
Sections | 4 Sections |
FileVersion | 51.73.14.61 |
FileDescription | Second |
OriginalFilename | Space |
ProductName | Tube |
ProductVersion | 22.44.34.44 |
Translation | 0x040a 0x0671 |
Name | Virtual Address | Virtual Size | Raw Size | Entropy | Characteristics | MD5 |
---|---|---|---|---|---|---|
.text |
0x00001000 |
668,777 bytes | 669,184 bytes | 7.96 (Packed/Encrypted) |
IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ
|
AE9AECC96A14006C5739C7EF89240A1F |
.rdata |
0x000a5000 |
21,514 bytes | 22,016 bytes | 5.73 (Normal) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ
|
3945B63405D1A0FEB5161F4035E827DD |
.data |
0x000ab000 |
75,080 bytes | 21,504 bytes | 1.23 (Normal) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE
|
99210240BE4AF737C00F06C1475AD52B |
.rsrc |
0x000be000 |
33,112 bytes | 33,280 bytes | 4.74 (Normal) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ
|
28474681BBFE22510E2A06E454E2E570 |
1 section(s) with high entropy (≥7.5) detected - possible packing/encryption
Resource Type | Count | Total Size | Percentage |
---|---|---|---|
RT_ICON | 8 | 26,560 bytes | |
RT_STRING | 5 | 5,098 bytes | |
RT_GROUP_ICON | 1 | 118 bytes | |
RT_VERSION | 1 | 488 bytes |
This file is not digitally signed.
⚠ This file either lacks a digital signature or the certificate chain could not be verified
Exercise caution when executing unsigned files from unknown sources
The PE file does not contain a certificate table.
Recommendation: Verify the file source and ensure it comes from a trusted publisher.
Gridinsoft has the capability to identify and eliminate Ransom.Win32.STOP.tr!n without requiring further user intervention.
Download Anti-MalwareFollow these steps to completely remove the threat from your system