Gridinsoft Logo
File Icon

Minecraft.exe Trojan Uwamson Analysis

Updated 11 months ago
Checked by Malware Check
minecraft.exe

Technical Analysis

File Name minecraft.exe
File Type
PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows
Scanner Version 1.0.184.174
Database Version 2024-08-11 23:00:21 UTC

Trojan.Win64.Uwamson.cld

Malware family: Uwamson

N/A
Detection Rate
23,200,256
File Size (bytes)
2024-08-11
Analysis Date

Scan Another File

File Identification

Hash Type Value Action
MD5
86dc20f843bfa46275568d0a4d5e1d2d
SHA1
01d0e36b281f4fff62378d97398cd7b688201197
SHA256
ec069915e5fa8d167ee6967140d5fbbcb59f0d0befa5f6d0cae899fd71ee5da9
SHA512
28e9a7860ef4c146d34952a38c6380bc36452f3c8bdf54d6aecd98fd3ad3c758765de46eebd411abd647022afcc65b6119ebeb84f3af6425deefa58800181404
ImpHash
b6553fac583667dc70f4d739cb658e45

PE Analysis

Basic Information

Icon
Hash: ffe86ccfd69e14eb31987d349c7bda3a
Fuzzy: d7d387de4a329994bb3bfebf294fe8aa
dHash: 8669691717692b2b
Image Base 0x00400000
Entry Point 0x004014d0
Compilation Time 1970-01-01 00:00:01
Checksum 0x01629b27 (Actual: 0x01629b27)
OS Version 4.0
PEiD Signatures PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows
Digital Signature The PE file does not contain a certificate table.
Imports 4 libraries
KERNEL32, msvcrt, SHELL32, USER32
Exports 0 functions
Resources 2 Resources
Sections 10 Sections

PE Sections

Name Virtual Address Virtual Size Raw Size Entropy Characteristics MD5
.text 0x00001000 9,664 bytes 9,728 bytes 6.12 (Normal) IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ|IMAGE_SCN_ALIGN_16BYTES 9A7D371E8A146493771FA72BF26200B3
.data 0x00004000 23,176,288 bytes 23,176,704 bytes 7.81 (Packed/Encrypted) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE|IMAGE_SCN_ALIGN_16BYTES 0FA4BADFF99669FA73448A093FC1ED29
.rdata 0x0161f000 3,024 bytes 3,072 bytes 4.29 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_ALIGN_16BYTES AFC8543743B1070078CD4D17E89BFBF8
.pdata 0x01620000 564 bytes 1,024 bytes 2.87 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_ALIGN_4BYTES E8D88E32C3AE417CE15A5FB44CACB3F3
.xdata 0x01621000 504 bytes 512 bytes 3.92 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_ALIGN_4BYTES 44D228F4CDAFD43C872220392454ECCD
.bss 0x01622000 2,656 bytes 0 bytes 0.00 (Normal) IMAGE_SCN_CNT_UNINITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE|IMAGE_SCN_ALIGN_64BYTES D41D8CD98F00B204E9800998ECF8427E
.idata 0x01623000 2,412 bytes 2,560 bytes 4.42 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE|IMAGE_SCN_ALIGN_4BYTES 7C4596949904E292AAD67A2F2F0CBEDC
.CRT 0x01624000 104 bytes 512 bytes 0.27 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE|IMAGE_SCN_ALIGN_8BYTES 5F62E7568BD0C96916D83DD156A1B943
.tls 0x01625000 104 bytes 512 bytes 0.27 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE|IMAGE_SCN_ALIGN_32BYTES 547ABDDDF926FAAEA9F638C82CFB9256
.rsrc 0x01626000 4,472 bytes 4,608 bytes 4.35 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE|IMAGE_SCN_ALIGN_4BYTES F14668DADA4D1170E34323C2C3792185
Entropy Analysis Alert

1 section(s) with high entropy (≥7.5) detected - possible packing/encryption

Resource Analysis

Total Resources: 2 (4,284 bytes)
Resource Type Count Total Size Percentage
RT_ICON 1 4,264 bytes
99.5%
RT_GROUP_ICON 1 20 bytes
0.5%

Certificate Chain Analysis

No Digital Signatures

This file is not digitally signed.

Security Implications:
  • Cannot verify the publisher's identity
  • Increased security risk when running this file
  • May trigger security warnings on some systems

⚠ This file either lacks a digital signature or the certificate chain could not be verified
Exercise caution when executing unsigned files from unknown sources

Certificate Verification Status

The PE file does not contain a certificate table.

Recommendation: Verify the file source and ensure it comes from a trusted publisher.

Trojan.Win64.Uwamson.cld Removal

Gridinsoft has the capability to identify and eliminate Trojan.Win64.Uwamson.cld without requiring further user intervention.

Download Anti-Malware

Removal Instructions

Follow these steps to completely remove the threat from your system

  1. Start by downloading Gridinsoft Anti-Malware to your computer.
  2. Double-click on the gsam-en-install.exe file and follow the on-screen instructions to install the program.
  3. Once the installation of Gridinsoft Anti-Malware is complete, the program will open on the Scan screen.
  4. Click on the "Standard Scan" button to begin scanning your computer for threats.
  5. After the scanning process is finished, click on "Clean Now" to remove any detected threats.
  6. If prompted, restart your system to complete the removal process and ensure all threats are eliminated.
Important: Before You Start
Disconnect from the internet to prevent the malware from spreading or downloading additional threats. Run the scan in Safe Mode for better detection and removal of persistent threats.

Leave a Comment

Share your thoughts or insights about this file. Do you align with our conclusion?

* Your feedback could influence our rating, and rest assured, your email will remain confidential and will only be used to communicate with you if necessary.
Your Score for

Gridinsoft Anti-Malware

Cure your PC from any kind of malware

GridinSoft Anti-Malware will help you to protect your computer from spyware, trojans, backdoors, rootkits. It cleans your system from annoying advertisement modules and other malicious stuff developed by hackers.

Anti-Malware Download Now
Gridinsoft Anti-Malware