| File Name | ZMXYWS.exe |
| File Type |
PE32+ executable (GUI) x86-64, for MS Windows
|
| Scanner Version | 1.0.223.174 |
| Database Version | 2025-08-18 08:00:19 UTC |
Malware family: Gen
| Hash Type | Value | Action |
|---|---|---|
| MD5 |
d10df4d9a82df664b2052a442357782e
|
|
| SHA1 |
1f076c9c62bf732ab1f4251cb9bf0e344e290de0
|
|
| SHA256 |
b6d0ddf152b0d77b6704e7893f3101253bbee9fd5777654115e6bbab10dcbe13
|
|
| SHA512 |
2a5f67bd782d01f94be4102d19285ca21af39b7ab071b9b78549aa566e213606d59fb7930610bd397913ac70b3af2ea02e2e4873a7d975b0e8ed9fd793064a4e
|
|
| ImpHash |
dcaf48c1f10b0efa0a4472200f3850ed
|
| Icon |
Hash: 76e80f6fbe40cb5bd7bf2ce56e7be19d
Fuzzy: ce6b05aa473c2fc7e9868a9f01de367e dHash: 1024e132ca4861ab |
| Image Base | 0x140000000 |
| Entry Point | 0x14000da30 |
| Compilation Time | 2025-08-18 03:27:04 |
| Checksum | 0x00c34119 (Actual: 0x00c34119) |
| OS Version | 6.0 |
| PEiD Signatures |
PE32+ executable (GUI) x86-64, for MS Windows
|
| Digital Signature | No valid SignedData structure was found. |
| Imports |
5 libraries
USER32, COMCTL32, KERNEL32, ADVAPI32, GDI32 |
| Exports | 0 functions |
| Resources | 3 Resources |
| Sections | 7 Sections |
| Name | Virtual Address | Virtual Size | Raw Size | Entropy | Characteristics | MD5 |
|---|---|---|---|---|---|---|
.text |
0x00001000 |
179,584 bytes | 179,712 bytes | 6.47 (Normal) |
IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ
|
588E5055FB224A048E508395BF048644 |
.rdata |
0x0002d000 |
80,136 bytes | 80,384 bytes | 5.74 (Normal) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ
|
DD928C3ADDE77055BC9B3D75792283B1 |
.data |
0x00041000 |
20,656 bytes | 3,584 bytes | 1.82 (Normal) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE
|
2FC88032C47AD8E77BA50142B1D7BACB |
.pdata |
0x00047000 |
9,204 bytes | 9,216 bytes | 5.49 (Normal) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ
|
F27272E31CD3260DD36A304BC13F6042 |
.fptable |
0x0004a000 |
256 bytes | 512 bytes | 0.00 (Normal) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE
|
BF619EAC0CDF3F68D496EA9344137E8B |
.rsrc |
0x0004b000 |
168,984 bytes | 169,472 bytes | 7.98 (Packed/Encrypted) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ
|
3836FDE463334153968A091D81324CED |
.reloc |
0x00075000 |
1,908 bytes | 2,048 bytes | 5.28 (Normal) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ
|
7B4C05B51855F1FC0294EBFB2AE73776 |
1 section(s) with high entropy (≥7.5) detected - possible packing/encryption
| Resource Type | Count | Total Size | Percentage |
|---|---|---|---|
| RT_ICON | 1 | 167,435 bytes | |
| RT_GROUP_ICON | 1 | 20 bytes | |
| RT_MANIFEST | 1 | 1,293 bytes |
This file is not digitally signed.
⚠ This file either lacks a digital signature or the certificate chain could not be verified
Exercise caution when executing unsigned files from unknown sources
No valid SignedData structure was found.
Recommendation: Verify the file source and ensure it comes from a trusted publisher.
Gridinsoft has the capability to identify and eliminate PUP.Win64.Gen.oa!s1 without requiring further user intervention.
Download Anti-MalwareFollow these steps to completely remove the threat from your system
