File Name | Adobe-GenP-3.0.exe |
File Type |
PE32+ executable (GUI) x86-64, for MS Windows
|
Scanner Version | 1.0.168.174 |
Database Version | 2024-03-06 00:00:21 UTC |
Malware family: Downloader
Hash Type | Value | Action |
---|---|---|
MD5 |
f0223faa73538b3db9fd72a1239a527c
|
|
SHA1 |
6fcf977a31e44922b4d90644f62d3197c6fcf595
|
|
SHA256 |
ac56385e7f7ecdea2fb98c53861efc1abca05c9a56600073edf5adfe98ff418a
|
|
SHA512 |
a656299e6f7aa30a9295675bf94328bb1d886bd293682e95a0328d4e2d58ed87e60ab95ce98b39c5995a5b38d009538ded4aabccb4858980f0457e5532e478e8
|
|
ImpHash |
161c85364c462057ba28801ac1ad5404
|
Icon |
Hash: 3d5dc4e5a911bee7292a914140092c8c
Fuzzy: a788a1c8239f81d6e401dd187d68f45e dHash: b2b2e3e3e3a3a200 |
Image Base | 0x140000000 |
Entry Point | 0x14003059c |
Compilation Time | 2022-12-29 14:17:28 |
Checksum | 0x00136f6e (Actual: 0x00136f6e) |
OS Version | 5.2 |
PEiD Signatures |
PE32+ executable (GUI) x86-64, for MS Windows
|
Digital Signature | The PE file does not contain a certificate table. |
Imports | 18 libraries |
Exports | 0 functions |
Resources | 26 Resources |
Sections | 6 Sections |
Translation | 0x0809 0x04b0 |
Name | Virtual Address | Virtual Size | Raw Size | Entropy | Characteristics | MD5 |
---|---|---|---|---|---|---|
.text |
0x00001000 |
689,157 bytes | 689,664 bytes | 6.51 (Compressed) |
IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ
|
3F04B6AD4BC7D474AFD77E28362832EC |
.rdata |
0x000aa000 |
202,904 bytes | 203,264 bytes | 5.30 (Normal) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ
|
5A2DD3CC501E5C0F3C2FDBA22AE2DA44 |
.data |
0x000dc000 |
45,632 bytes | 24,064 bytes | 1.16 (Normal) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE
|
37221B616841D1F2D903AEB1E8398D84 |
.pdata |
0x000e8000 |
27,084 bytes | 27,136 bytes | 5.88 (Normal) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ
|
2DA73482B26F0CCF6314206CAE03DE5E |
.rsrc |
0x000ef000 |
296,428 bytes | 296,448 bytes | 7.85 (Packed/Encrypted) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ
|
AD9C7A8C9EA339CB7A2809137DC79A6E |
.reloc |
0x00138000 |
2,688 bytes | 3,072 bytes | 5.15 (Normal) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ
|
052C9D452B977EF68ACF55E16EAF8F7C |
1 section(s) with high entropy (≥7.5) detected - possible packing/encryption
1 section(s) with elevated entropy (≥6.5) - possible compression
Resource Type | Count | Total Size | Percentage |
---|---|---|---|
RT_ICON | 11 | 24,312 bytes | |
RT_MENU | 1 | 80 bytes | |
RT_STRING | 7 | 8,900 bytes | |
RT_RCDATA | 1 | 260,264 bytes | |
RT_GROUP_ICON | 4 | 178 bytes | |
RT_VERSION | 1 | 220 bytes | |
RT_MANIFEST | 1 | 1,018 bytes |
This file is not digitally signed.
⚠ This file either lacks a digital signature or the certificate chain could not be verified
Exercise caution when executing unsigned files from unknown sources
The PE file does not contain a certificate table.
Recommendation: Verify the file source and ensure it comes from a trusted publisher.
Gridinsoft has the capability to identify and eliminate Trojan.Win64.Downloader.sa without requiring further user intervention.
Download Anti-MalwareFollow these steps to completely remove the threat from your system