Please ensure you understand and agree with our data protection policy before using this site. Review Policy
Analyze suspicious files to detect malware and automatically share them with our team. You can compress your file into a zip archive (if needed, we use the password "infected" to extract before checking).
This is a generic detection name used to identify a potentially harmful or suspicious file or program that exhibits characteristics of a Trojan horse. It is malware that disguises itself as a legitimate or benign program but contains malicious code or functions.
File: | MicrosoftOffice Installer 2013_2022 x32-64.exe |
Checked: | 2023-12-04 14:08:46 |
MD5: | 5f5dfcd063c5d73df33a6eeaf11953ef |
SHA1: | f05608bc904c9692a37a5b918f5d953bb82ab97e |
SHA256: | c5179250eb62c40aadd1f26c3adbe40568a0b017dac11695daf439a2c322226c |
SHA512: | 511b98b13bb798418c37da7a692d4e7bf542646643224d137a2b29f96970a690271a936a0543b5620ebc29077a3db16fdb4f8a2d989d77308f4cdacaf25191df |
Imphash: | 6c24d5849fa169d4a8cf73c864be763a |
File Size: | 97558443 bytes |
Gridinsoft has the capability to identify and eliminate Spy.Win64.Gen.bot without requiring further user intervention.
86c35b9e6be92647c2f81585b6a269f5 d6657b719364f200e6874f589802e291 c8e6eae6a292c2ce |
|
Image Base: | 0x140000000 |
Entry Point: | 0x140008bb8 |
Compilation: | 2023-08-08 09:29:26 |
Checksum: | 0x00000000 (Actual: 0x05d0ffb7) |
OS Version: | 5.2 |
PEiD: | PE32+ executable (GUI) x86-64, for MS Windows |
Sign: | The PE file does not contain a certificate table. |
Sections: | 7 |
Imports: | USER32, KERNEL32, ADVAPI32, WS2_32, |
Exports: | 0 |
Resources: | 12 |
Name | Virtual Address | Virtual Size | Raw Size | MD5 | Entropy |
---|---|---|---|---|---|
.text | 0x00001000 | 0x00022190 | 0x00022200 | d5314133eb3b19b7968055cd99cc6970 | 6.48 |
.rdata | 0x00024000 | 0x00010f26 | 0x00011000 | e73dd442fea9d2a792ac963b8e1dd14b | 5.73 |
.data | 0x00035000 | 0x0000b228 | 0x00000e00 | 3fe2f0bb86381870d6f2ebcc1e8316bc | 1.61 |
.pdata | 0x00041000 | 0x00001cd4 | 0x00001e00 | fe0d7efd9fa04f4e77aa34af5dc9642f | 5.22 |
_RDATA | 0x00043000 | 0x000000fc | 0x00000200 | e9129f0c1a098cdddc530cf27e9266ad | 2.00 |
.rsrc | 0x00044000 | 0x0002c1b4 | 0x0002c200 | 5b02d4d03f040893bfd23128da64705a | 4.92 |
.reloc | 0x00071000 | 0x00000744 | 0x00000800 | 504705e001c4269538f93a75b20cd9f6 | 5.24 |