File Name | Hesoolver v2.6.9.exe |
File Type |
PE32 executable (GUI) Intel 80386, for MS Windows
|
Scanner Version | 1.0.153.174 |
Database Version | 2024-01-02 10:01:37 UTC |
Malware family: DarkKomet
Hash Type | Value | Action |
---|---|---|
MD5 |
b8f02b6149a2fc9fa632836f3c0b6673
|
|
SHA1 |
7f2f4fbb07cbcd1be6b991fccdf0742d26c9d982
|
|
SHA256 |
9d7751aac737aad9873c10ebc4956b9cb3ac7c8c39b8fd59710648de4cb0524c
|
|
SHA512 |
b6fc67d420fceb905ed3fa85def1cea6c72a0f4703b0cfa0bbc7464d3f5eb05eac5d85d65ee0c6f57e8b795a71918b4caa86143476acdab925c4a54ce7fe37b0
|
|
ImpHash |
00be6e6c4f9e287672c8301b72bdabf3
|
Icon |
Hash: 316b76e5987b5e4c1d1aba303023be02
Fuzzy: c62398e8c11ee9bfc56173cb3e08439b dHash: e0e4f06969e0c4a2 |
Image Base | 0x00400000 |
Entry Point | 0x0041d759 |
Compilation Time | 2019-04-27 20:03:27 |
Checksum | 0x00000000 (Actual: 0x000a64d1) |
OS Version | 5.1 |
PEiD Signatures |
PE32 executable (GUI) Intel 80386, for MS Windows
|
PDB Path | D:\Projects\WinRAR\sfx\build\sfxrar32\Release\sfxrar.pdb |
Digital Signature | The PE file does not contain a certificate table. |
Imports |
2 libraries
KERNEL32, gdiplus |
Exports | 0 functions |
Resources | 21 Resources |
Sections | 6 Sections |
Name | Virtual Address | Virtual Size | Raw Size | Entropy | Characteristics | MD5 |
---|---|---|---|---|---|---|
.text |
0x00001000 |
190,548 bytes | 190,976 bytes | 6.69 (Compressed) |
IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ
|
CCAD881EF663BB12D11D212AD8D163CF |
.rdata |
0x00030000 |
39,580 bytes | 39,936 bytes | 5.13 (Normal) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ
|
EBF57DD1488CEF86D0B062881C11F0B5 |
.data |
0x0003a000 |
136,144 bytes | 3,072 bytes | 3.25 (Normal) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE
|
5AD01EF583F971C2DD5921663E32AD91 |
.gfids |
0x0005c000 |
232 bytes | 512 bytes | 2.11 (Normal) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ
|
C065E0FA9D7CB760AD786F44F86F68E4 |
.rsrc |
0x0005d000 |
21,124 bytes | 21,504 bytes | 6.52 (Compressed) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ
|
F1CF6303833625D12B1154133F38B01A |
.reloc |
0x00063000 |
8,140 bytes | 8,192 bytes | 6.65 (Compressed) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ
|
403C5D759DBE4B1BF3C74568F06C1359 |
3 section(s) with elevated entropy (≥6.5) - possible compression
Resource Type | Count | Total Size | Percentage |
---|---|---|---|
PNG | 2 | 8,430 bytes | |
RT_ICON | 1 | 2,216 bytes | |
RT_DIALOG | 6 | 2,942 bytes | |
RT_STRING | 10 | 4,304 bytes | |
RT_GROUP_ICON | 1 | 20 bytes | |
RT_MANIFEST | 1 | 1,875 bytes |
This file is not digitally signed.
⚠ This file either lacks a digital signature or the certificate chain could not be verified
Exercise caution when executing unsigned files from unknown sources
The PE file does not contain a certificate table.
Recommendation: Verify the file source and ensure it comes from a trusted publisher.
Gridinsoft has the capability to identify and eliminate Backdoor.Win32.DarkKomet.cld without requiring further user intervention.
Download Anti-MalwareFollow these steps to completely remove the threat from your system