Stealer Gen Malware Analysis
| Online Virus Checker | v.1.0.150.174 |
| DB Version: | 2023-12-04 16:01:28 |
| Available languages: |        |
Scan Your File
Analyze suspicious files to detect malware and automatically share them with our team. You can compress your file into a zip archive (if needed, we use the password "infected" to extract before checking).
Spy.Win64.Gen.bot
This is a generic detection name used to identify a potentially harmful or suspicious file or program that exhibits characteristics of a Trojan horse. It is malware that disguises itself as a legitimate or benign program but contains malicious code or functions.
| File: | MicrosoftOffice Installer 2013_2022 x32-64.exe |
| Checked: | 2023-12-04 14:08:46 |
| MD5: | 5f5dfcd063c5d73df33a6eeaf11953ef |
| SHA1: | f05608bc904c9692a37a5b918f5d953bb82ab97e |
| SHA256: | c5179250eb62c40aadd1f26c3adbe40568a0b017dac11695daf439a2c322226c |
| SHA512: | 511b98b13bb798418c37da7a692d4e7bf542646643224d137a2b29f96970a690271a936a0543b5620ebc29077a3db16fdb4f8a2d989d77308f4cdacaf25191df |
| Imphash: | 6c24d5849fa169d4a8cf73c864be763a |
| File Size: | 97558443 bytes |
Spy.Win64.Gen.bot Removal
Gridinsoft has the capability to identify and eliminate Spy.Win64.Gen.bot without requiring further user intervention.
- Start by downloading Gridinsoft Anti-Malware to your computer.
- Double-click on the gsam-en-install.exe file and follow the on-screen instructions to install the program.
- Once the installation of Gridinsoft Anti-Malware is complete, the program will open on the Scan screen.
- Click on the "Standard Scan" button.
- After the scanning process is finished, click on "Clean Now" to remove any detected threats.
- If prompted, restart your system to complete the removal process.
Portable Executable Info
 |
86c35b9e6be92647c2f81585b6a269f5 d6657b719364f200e6874f589802e291 c8e6eae6a292c2ce |
| Image Base: | 0x140000000 |
| Entry Point: | 0x140008bb8 |
| Compilation: | 2023-08-08 09:29:26 |
| Checksum: | 0x00000000 (Actual: 0x05d0ffb7) |
| OS Version: | 5.2 |
| PEiD: | PE32+ executable (GUI) x86-64, for MS Windows |
| Sign: | The PE file does not contain a certificate table. |
| Sections: | 7 |
| Imports: | USER32, KERNEL32, ADVAPI32, WS2_32, |
| Exports: | 0 |
| Resources: | 12 |
Sections
| Name | Virtual Address | Virtual Size | Raw Size | MD5 | Entropy |
|---|---|---|---|---|---|
| .text | 0x00001000 | 0x00022190 | 0x00022200 | d5314133eb3b19b7968055cd99cc6970 | 6.48 |
| .rdata | 0x00024000 | 0x00010f26 | 0x00011000 | e73dd442fea9d2a792ac963b8e1dd14b | 5.73 |
| .data | 0x00035000 | 0x0000b228 | 0x00000e00 | 3fe2f0bb86381870d6f2ebcc1e8316bc | 1.61 |
| .pdata | 0x00041000 | 0x00001cd4 | 0x00001e00 | fe0d7efd9fa04f4e77aa34af5dc9642f | 5.22 |
| _RDATA | 0x00043000 | 0x000000fc | 0x00000200 | e9129f0c1a098cdddc530cf27e9266ad | 2.00 |
| .rsrc | 0x00044000 | 0x0002c1b4 | 0x0002c200 | 5b02d4d03f040893bfd23128da64705a | 4.92 |
| .reloc | 0x00071000 | 0x00000744 | 0x00000800 | 504705e001c4269538f93a75b20cd9f6 | 5.24 |
