Akaiito_pc_131201.exe Trojan Packed Analysis
| Online Virus Checker | v.1.0.184.174 |
| DB Version: | 2024-08-11 11:00:21 |
Trojan.Win32.Packed.vb!s1
Packing is a common tactic used by malware authors to make their malicious code more difficult to analyze and detect by antivirus and security programs. These techniques involve compressing, encrypting, or otherwise altering the malware's code to make it appear different from its original form. The goal is to hide the true nature of the malware from security tools.
| File | Akaiito_pc_131201.exe |
| Checked | 2024-08-11 08:55:05 |
| MD5 | 7f7e41aa9cf3474bc315cea838b19062 |
| SHA1 | be99c15fd29d7573f518174ff605012166f84c9a |
| SHA256 | ce4c955b981b85d00dbd85d7efcf6a41fdc6da46810bb343713d52738a1c6024 |
| SHA512 | 1aec9f4980c6cea5a51d34d71a47c24d4376a9311be3be4b4698338d111ba2f2904bd2856158eabdb0cbae3bee4671fabcedb70f3994197db05c3d414b139a2c |
| Imphash | e2e22158e61de7cfe602b9b547f84f15 |
| File Size | 5266072 bytes |
Trojan.Win32.Packed.vb!s1 Removal
Gridinsoft has the capability to identify and eliminate Trojan.Win32.Packed.vb!s1 without requiring further user intervention.
- Start by downloading Gridinsoft Anti-Malware to your computer.
- Double-click on the gsam-en-install.exe file and follow the on-screen instructions to install the program.
- Once the installation of Gridinsoft Anti-Malware is complete, the program will open on the Scan screen.
- Click on the "Standard Scan" button.
- After the scanning process is finished, click on "Clean Now" to remove any detected threats.
- If prompted, restart your system to complete the removal process.
File Version Information
| CompanyName | (株)サクセス |
| FileDescription | アカイイト_131201 modified by 209.170.68.* |
| FileVersion | 1, 1, 0, 0 |
| InternalName | AkaiitoTrialVer |
| LegalCopyright | Copyright (C) 2004 SUCCESS |
| OriginalFilename | Akaiito.exe |
| ProductName | アカイイト(体験版) |
| ProductVersion | 1, 1, 0, 0 |
| bbs.seikuu.com | |
| Translation | 0x0804 0x04b0 |
Portable Executable Info
 |
57bc05e7f85b9dcae58365c8cca9f39a ba996a282b17d02a08eb814eb3cf38e6 a8808d80a6c8f032 |
| Image Base: | 0x00400000 |
| Entry Point: | 0x00401280 |
| Compilation: | 2011-07-24 22:45:39 |
| Checksum: | 0x00000000 (Actual: 0x0050ad6d) |
| OS Version: | 4.0 |
| PEiD: | PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows |
| Sign: | The PE file does not contain a certificate table. |
| Sections: | 6 |
| Imports: | ADVAPI32, KERNEL32, msvcrt, USER32, |
| Exports: | 0 |
| Resources: | 11 |
Sections
| Name | Virtual Address | Virtual Size | Raw Size | MD5 | Entropy |
|---|---|---|---|---|---|
| .text | 0x00001000 | 0x00005208 | 0x00005400 | 09cd097fd78021b6205d5de3c9d929d3 | 6.14 |
| .data | 0x00007000 | 0x000000b0 | 0x00000200 | ef371e47440b06fe75398516aef4e8f6 | 3.18 |
| .idata | 0x00008000 | 0x00001094 | 0x00001200 | a47de70a9c0e7036185ad8ad4852d31b | 4.83 |
| .rdata | 0x0000a000 | 0x00000260 | 0x00000400 | 7bf6a56bcf7c0744fa86beb154ed3f96 | 5.04 |
| .bss | 0x0000b000 | 0x0030713c | 0x00000000 | d41d8cd98f00b204e9800998ecf8427e | 0.00 |
| .rsrc | 0x00313000 | 0x00005529 | 0x00005600 | 62544246aa9a45d02af785fa97e36a65 | 4.09 |
