Gridinsoft Logo

Msinfo.exe Trojan Packed Analysis

Updated 1 year ago
Checked by Malaware Check
msinfo.exe

Technical Analysis

File Name msinfo.exe
File Type
PE32 executable (console) Intel 80386, for MS Windows
Scanner Version 1.0.156.174
Database Version 2024-01-26 14:02:18 UTC

Trojan.Win32.Packed.ca

Malware family: Packed

Packed malware uses compression, encryption, or obfuscation techniques to alter code appearance and evade security detection. These methods modify the original malware structure to bypass signature-based detection systems and complicate analysis efforts.
N/A
Detection Rate
8,783,872
File Size (bytes)
2024-01-26
Analysis Date

Scan Another File

File Identification

Hash Type Value Action
MD5
1bfe19a314dd31d6adda302f177c3b7c
SHA1
37fd59aa2c2b77c8757438075138f11eaedf81b8
SHA256
b63ce450e4d34d1cdd727a1a246d38167f45aeacc69d15c6922ef723e49a3cf7
SHA512
b486b312f809146fbe95f121ea9d7bfc152266e5ca1a178316aafe4ca21e4a80ffa76b5c7e36758d45714439b34f7f6fa6d3ed2a599f64fd7dfe5a23d416a638
ImpHash
6b2975784ea039127a302a46f9d78f24

PE Analysis

Basic Information

Image Base 0x00400000
Entry Point 0x00ea59a2
Compilation Time 2023-07-23 03:27:58
Checksum 0x00000000 (Actual: 0x0086181b)
OS Version 5.1
PEiD Signatures PE32 executable (console) Intel 80386, for MS Windows
Digital Signature The PE file does not contain a certificate table.
Imports 14 libraries
Exports 0 functions
Resources 15 Resources
Sections 7 Sections

Version Information

CompanyName Microl office
FileDescription Microl office
FileVersion 1.0.0.2
InternalName micro.exe
LegalCopyright Copyright (C) 2016
OriginalFilename micro.exe
ProductName Microl office
ProductVersion 1.0.0.2
Translation 0x0009 0x04b0

PE Sections

Name Virtual Address Virtual Size Raw Size Entropy Characteristics MD5
.text 0x00001000 941,852 bytes 0 bytes 0.00 (Normal) IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ D41D8CD98F00B204E9800998ECF8427E
.rdata 0x000e7000 303,510 bytes 0 bytes 0.00 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ D41D8CD98F00B204E9800998ECF8427E
.data 0x00132000 39,032 bytes 0 bytes 0.00 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE D41D8CD98F00B204E9800998ECF8427E
xx0 0x0013c000 4,646,345 bytes 0 bytes 0.00 (Normal) IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ D41D8CD98F00B204E9800998ECF8427E
xx1 0x005ab000 1,960 bytes 2,048 bytes 0.37 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 335884BCD44EB9B882BB262EBAD761D0
xx2 0x005ac000 8,778,432 bytes 8,778,752 bytes 7.92 (Packed/Encrypted) IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ 5CFE05B25860653D1C3DADB7EEECD900
.rsrc 0x00e0c000 1,245,068 bytes 2,048 bytes 2.40 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ BBB5D627AD62F120507693C3616AD6FE
Entropy Analysis Alert

1 section(s) with high entropy (≥7.5) detected - possible packing/encryption

Resource Analysis

Total Resources: 15 (1,244,209 bytes)
Resource Type Count Total Size Percentage
BIN 12 664,742 bytes
53.4%
TXT 1 578,715 bytes
46.5%
RT_STRING 1 56 bytes
0%
RT_VERSION 1 696 bytes
0.1%

Certificate Chain Analysis

No Digital Signatures

This file is not digitally signed.

Security Implications:
  • Cannot verify the publisher's identity
  • Increased security risk when running this file
  • May trigger security warnings on some systems

⚠ This file either lacks a digital signature or the certificate chain could not be verified
Exercise caution when executing unsigned files from unknown sources

Certificate Verification Status

The PE file does not contain a certificate table.

Recommendation: Verify the file source and ensure it comes from a trusted publisher.

Trojan.Win32.Packed.ca Removal

Gridinsoft has the capability to identify and eliminate Trojan.Win32.Packed.ca without requiring further user intervention.

Download Anti-Malware

Removal Instructions

Follow these steps to completely remove the threat from your system

  1. Start by downloading Gridinsoft Anti-Malware to your computer.
  2. Double-click on the gsam-en-install.exe file and follow the on-screen instructions to install the program.
  3. Once the installation of Gridinsoft Anti-Malware is complete, the program will open on the Scan screen.
  4. Click on the "Standard Scan" button to begin scanning your computer for threats.
  5. After the scanning process is finished, click on "Clean Now" to remove any detected threats.
  6. If prompted, restart your system to complete the removal process and ensure all threats are eliminated.
Important: Before You Start
Disconnect from the internet to prevent the malware from spreading or downloading additional threats. Run the scan in Safe Mode for better detection and removal of persistent threats.

Leave a Comment

Share your thoughts or insights about this file. Do you align with our conclusion?

* Your feedback could influence our rating, and rest assured, your email will remain confidential and will only be used to communicate with you if necessary.
Your Score for

Gridinsoft Anti-Malware

Cure your PC from any kind of malware

GridinSoft Anti-Malware will help you to protect your computer from spyware, trojans, backdoors, rootkits. It cleans your system from annoying advertisement modules and other malicious stuff developed by hackers.

Anti-Malware Download Now
Gridinsoft Anti-Malware