| File Name | 1.exe |
| File Type |
PE32 executable (GUI) Intel 80386, for MS Windows
|
| Scanner Version | 1.0.210.174 |
| Database Version | 2025-03-12 15:00:56 UTC |
Malware family: Heuristic
| Hash Type | Value | Action |
|---|---|---|
| MD5 |
7b946d2a628486c69f6ca71ca6eff500
|
|
| SHA1 |
7dfc04fe97b2076ca3ddd49a84b384f3ffa2c6bd
|
|
| SHA256 |
df5e5badf73d04357b9135158cc1f4e95b65055dc1dba3d07448ded5e350fdfb
|
|
| SHA512 |
37deec05caf7546a609b6652d2bc65368dfa1f8938bcc86c5acf04cf4eeb792772743ff2ee66fc4b276181dc9635f3ed773fd0a49281430ef64d26c6f89d92ce
|
|
| ImpHash |
bcc20eb75345119df238ff1da234dba0
|
| Icon |
Hash: bd561343f8b5bf862050f7de22c4ef25
Fuzzy: 542351327a7808e537cbd1e3bcd3b487 dHash: 02b0ecd6a8e8f082 |
| Image Base | 0x00400000 |
| Entry Point | 0x0145d2db |
| Compilation Time | 2022-07-04 18:17:00 |
| Checksum | 0x00000000 (Actual: 0x010c8b67) |
| OS Version | 5.1 |
| PEiD Signatures |
PE32 executable (GUI) Intel 80386, for MS Windows
|
| Digital Signature | No valid SignedData structure was found. |
| Imports | 12 libraries |
| Exports | 0 functions |
| Resources | 8 Resources |
| Sections | 7 Sections |
| FileVersion | 4.1.0.0 |
| FileDescription | PrimoCache Patch |
| ProductName | PrimoCache v4.1.0 Patch |
| ProductVersion | 4.1.0.0 |
| CompanyName | KRV |
| LegalCopyright | KRV 版权所有 |
| Comments | PrimoCache Patch |
| Translation | 0x0804 0x04b0 |
| Name | Virtual Address | Virtual Size | Raw Size | Entropy | Characteristics | MD5 |
|---|---|---|---|---|---|---|
.text |
0x00001000 |
519,610 bytes | 0 bytes | 0.00 (Normal) |
IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ
|
D41D8CD98F00B204E9800998ECF8427E |
.rdata |
0x00080000 |
11,032,434 bytes | 0 bytes | 0.00 (Normal) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ
|
D41D8CD98F00B204E9800998ECF8427E |
.data |
0x00b06000 |
162,408 bytes | 0 bytes | 0.00 (Normal) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE
|
D41D8CD98F00B204E9800998ECF8427E |
.krv0 |
0x00b2e000 |
4,234,003 bytes | 0 bytes | 0.00 (Normal) |
IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ
|
D41D8CD98F00B204E9800998ECF8427E |
.krv1 |
0x00f38000 |
2,572 bytes | 4,096 bytes | 0.23 (Normal) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE
|
8AF163764B6285E5BF34FE2579AF61EA |
.krv2 |
0x00f39000 |
17,468,528 bytes | 17,469,440 bytes | 8.00 (Packed/Encrypted) |
IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ
|
C8BD2F856C3E9AA241830D955C3F78ED |
.rsrc |
0x01fe2000 |
54,193 bytes | 57,344 bytes | 4.31 (Normal) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ
|
CFE161E16C2ABA29E6E65C6BC8491931 |
1 section(s) with high entropy (≥7.5) detected - possible packing/encryption
| Resource Type | Count | Total Size | Percentage |
|---|---|---|---|
| RT_ICON | 3 | 52,280 bytes | |
| RT_GROUP_ICON | 3 | 60 bytes | |
| RT_VERSION | 1 | 632 bytes | |
| RT_MANIFEST | 1 | 697 bytes |
This file is not digitally signed.
⚠ This file either lacks a digital signature or the certificate chain could not be verified
Exercise caution when executing unsigned files from unknown sources
No valid SignedData structure was found.
Recommendation: Verify the file source and ensure it comes from a trusted publisher.
Gridinsoft has the capability to identify and eliminate Trojan.Heur!.02292421 without requiring further user intervention.
Download Anti-MalwareFollow these steps to completely remove the threat from your system
