Uploaded Trojan Heuristic Analysis

Updated 1 year ago

Checked by Malware Check

uploaded

Technical Analysis

File Name	uploaded
File Type	PE32+ executable (DLL) (console) x86-64, for MS Windows
Scanner Version	1.0.139.174
Database Version	2023-09-26 13:05:57 UTC

⚠

Trojan.Heur!.00002032

Malware family: Heuristic

Heuristic detection uses behavioral analysis and pattern recognition to identify potential threats without specific signatures. This proactive approach detects suspicious code behavior that may indicate malware presence. Detection may occasionally produce false positives when legitimate software exhibits similar behavioral patterns.

N/A

Detection Rate

45,313,224

File Size (bytes)

2023-09-26

Analysis Date

Scan Another File

File Identification

Hash Type	Value	Action
MD5	374c76bd27c7e8f88d0389154f3c9e09
SHA1	4483f9de722463779e887c1c7be24b66d681c8b8
SHA256	a9d951da6cecf61452eab355054c799591e5e2085ae1456a9632c757ba70f3fe
SHA512	314bfb58e82fea768898b397040af9f950728000efdfe56b5f92236e75c8a549d437d2a84bc37b25ff9e20dc4173d9b31a1f69b92653e1746adf42f88135e656
ImpHash	058084a41c25100d9740071cc9f77e0d

PE Analysis

Basic Information

▼

Image Base	`0x180000000`
Entry Point	`0x181d71f54`
Compilation Time	2023-04-21 10:50:17
Checksum	0x02b414e4 (Actual: 0x02b415c7)
OS Version	6.0
PEiD Signatures	`PE32+ executable (DLL) (console) x86-64, for MS Windows`
PDB Path	`c4dplugin.pdb`
Digital Signature	The expected hash does not match the digest in SpcInfo
Imports	28 libraries
Exports	2 functions
Resources	0 Resources
Sections	9 Sections

Digital Signatures

▼

DigiCert Trusted Root G4	DigiCert, Inc. (US)
DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1	Maxon Computer GmbH (DE)

PE Sections

▼

Name	Virtual Address	Virtual Size	Raw Size	Entropy	Characteristics	MD5
`.text`	`0x00001000`	30,873,350 bytes	30,873,600 bytes	6.50 (Compressed)	`IMAGE_SCN_CNT_CODE\|IMAGE_SCN_MEM_EXECUTE\|IMAGE_SCN_MEM_READ`	`A7E63D0177097D3E293CE9E96948BE46`
`.rdata`	`0x01d73000`	10,801,180 bytes	10,801,664 bytes	5.45 (Normal)	`IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ`	`80370F9D7BCA4A6C8AA5D9F55839AF4D`
`.data`	`0x027c1000`	6,457,144 bytes	907,264 bytes	5.59 (Normal)	`IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ\|IMAGE_SCN_MEM_WRITE`	`EB4B610FBE0FCF8C35AE98BD0DC279CE`
`.pdata`	`0x02dea000`	2,472,300 bytes	2,472,448 bytes	6.99 (Compressed)	`IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ`	`25BF758E624F7050512F7845D01F3F9D`
`.00cfg`	`0x03046000`	40 bytes	512 bytes	0.43 (Normal)	`IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ`	`AA119F3E0893B5E42154CE685A6FAAA2`
`.gehcont`	`0x03047000`	16 bytes	512 bytes	0.08 (Normal)	`IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ`	`45A6D3894CC84AA3B9EC267D34C858A9`
`.retplne`	`0x03048000`	60 bytes	512 bytes	0.84 (Normal)	`0x00000000`	`701C598F46CFBAF23B9249F46376A9B9`
`.tls`	`0x03049000`	25 bytes	512 bytes	0.02 (Normal)	`IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ\|IMAGE_SCN_MEM_WRITE`	`B30464E69ECC4F2C756FA8FF158A38F1`
`.reloc`	`0x0304a000`	234,244 bytes	234,496 bytes	5.46 (Normal)	`IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_DISCARDABLE\|IMAGE_SCN_MEM_READ`	`D780FABB3FE81AC28847D7E8FC8F452E`

Entropy Analysis Alert

2 section(s) with elevated entropy (≥6.5) - possible compression

Certificate Chain Analysis

▼

Certificate #1

Subject	DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1 DigiCert, Inc. US
Issuer	DigiCert Trusted Root G4
Serial Number	`11533403529598586876501374841704918745`

Certificate #2

Subject	Maxon Computer GmbH Maxon Computer GmbH DE
Issuer	DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1
Serial Number	`6146216351206576261920951423240227356`

Certificate Verification Status

The expected hash does not match the digest in SpcInfo

Recommendation: Verify the file source and ensure it comes from a trusted publisher.

Trojan.Heur!.00002032 Removal

Gridinsoft has the capability to identify and eliminate Trojan.Heur!.00002032 without requiring further user intervention.

Download Anti-Malware

Removal Instructions

Follow these steps to completely remove the threat from your system

Start by downloading Gridinsoft Anti-Malware to your computer.
Double-click on the gsam-en-install.exe file and follow the on-screen instructions to install the program.
Once the installation of Gridinsoft Anti-Malware is complete, the program will open on the Scan screen.
Click on the "Standard Scan" button to begin scanning your computer for threats.
After the scanning process is finished, click on "Clean Now" to remove any detected threats.
If prompted, restart your system to complete the removal process and ensure all threats are eliminated.

Important: Before You Start

Disconnect from the internet to prevent the malware from spreading or downloading additional threats. Run the scan in Safe Mode for better detection and removal of persistent threats.

Leave a Comment

Share your thoughts or insights about this file. Do you align with our conclusion?

* Your feedback could influence our rating, and rest assured, your email will remain confidential and will only be used to communicate with you if necessary.

Your Score for

5 4 3 2 1

Gridinsoft Anti-Malware

Cure your PC from any kind of malware

GridinSoft Anti-Malware will help you to protect your computer from spyware, trojans, backdoors, rootkits. It cleans your system from annoying advertisement modules and other malicious stuff developed by hackers.

Anti-Malware Download Now

Gridinsoft Anti-Malware