VencordInstaller.exe Ransomware Gen Analysis
| Online Virus Checker | v.1.0.180.174 |
| DB Version: | 2024-06-24 20:00:17 |
Ransom.Win64.Gen.tr
This is a generic detection name used to identify a potentially harmful or suspicious file or program that exhibits characteristics of a Trojan horse. It is malware that disguises itself as a legitimate or benign program but contains malicious code or functions.
| File | VencordInstaller.exe |
| Checked | 2024-06-24 17:50:38 |
| MD5 | 1b8ee61ddcfd1d425821d76ea54ca829 |
| SHA1 | f8daf2bea3d4a6bfc99455d69c3754054de3baa5 |
| SHA256 | dc0826657a005009f43bdc3a0933d08352f8b22b2b9b961697a2db6e9913e871 |
| SHA512 | 75ba16ddc75564e84f5d248326908065942ad50631ec30d7952069caee15b8c5411a8802d25d38e9d80e042f1dde97a0326f4ab4f1c90f8e4b81396ca69c229a |
| Imphash | ce9ecabbb6408a2b520b3cef22e5752f |
| File Size | 10339840 bytes |
Ransom.Win64.Gen.tr Removal
Gridinsoft has the capability to identify and eliminate Ransom.Win64.Gen.tr without requiring further user intervention.
- Start by downloading Gridinsoft Anti-Malware to your computer.
- Double-click on the gsam-en-install.exe file and follow the on-screen instructions to install the program.
- Once the installation of Gridinsoft Anti-Malware is complete, the program will open on the Scan screen.
- Click on the "Standard Scan" button.
- After the scanning process is finished, click on "Clean Now" to remove any detected threats.
- If prompted, restart your system to complete the removal process.
File Version Information
| Comments | Comments |
| CompanyName | Vencord |
| FileDescription | Vencord Installer |
| LegalCopyright | © 2023 Vendicated and Contributors - GPL3.0 |
| ProductName | Vencord Installer |
| ProductVersion | |
| Translation | 0x0409 0x04b0 |
Portable Executable Info
 |
14d9563ae8a495c308beef074f07e18d 29991bef794b76ddc325cb42ea549f2d 32d2c2d29491d264 |
| Image Base: | 0x140000000 |
| Entry Point: | 0x1400014c0 |
| Compilation: | 1970-01-01 00:00:00 |
| Checksum: | 0x009e516f (Actual: 0x009e712f) |
| OS Version: | 6.1 |
| PEiD: | PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows |
| Sign: | The PE file does not contain a certificate table. |
| Sections: | 12 |
| Imports: | GDI32, KERNEL32, msvcrt, OPENGL32, SHELL32, USER32, |
| Exports: | 27 |
| Resources: | 11 |
Sections
| Name | Virtual Address | Virtual Size | Raw Size | MD5 | Entropy |
|---|---|---|---|---|---|
| .text | 0x00001000 | 0x005ead70 | 0x005eae00 | 0dbf27c96a155945b2a3995a09c0b606 | 6.37 |
| .data | 0x005ec000 | 0x00049dd0 | 0x00049e00 | 908c2114790974b1d79a61a19d934d62 | 4.71 |
| .rdata | 0x00636000 | 0x00324200 | 0x00324200 | ee7ae28352ac7092c98340f8de8bb0dc | 5.84 |
| .pdata | 0x0095b000 | 0x0002cd78 | 0x0002ce00 | d8c8a3b4ab8519e3fc78defed1632b49 | 6.19 |
| .xdata | 0x00988000 | 0x00029734 | 0x00029800 | 791c489ae34755c97e7adec7890cdc77 | 5.22 |
| .bss | 0x009b2000 | 0x00895cc0 | 0x00000000 | d41d8cd98f00b204e9800998ecf8427e | 0.00 |
| .edata | 0x01248000 | 0x000002f2 | 0x00000400 | 5a4cba0f708e93d90fabb28af183a314 | 4.52 |
| .idata | 0x01249000 | 0x00002d44 | 0x00002e00 | c7466dde06dd5a53077cdce1f8d1d452 | 4.96 |
| .CRT | 0x0124c000 | 0x00000070 | 0x00000200 | 1f67e814b33b8b93af19e7f196a78772 | 0.48 |
| .tls | 0x0124d000 | 0x00000010 | 0x00000200 | bf619eac0cdf3f68d496ea9344137e8b | 0.00 |
| .rsrc | 0x0124e000 | 0x0001a588 | 0x0001a588 | ef5f5fcb328953664b35d41784ed7f38 | 2.62 |
| .reloc | 0x01269000 | 0x0000f1dc | 0x0000f200 | 41964bc1ead3c6225a52273e86d716e8 | 5.44 |
