5b23cfbbf429e3133f40.exe Trojan Heuristic Analysis
| Online Virus Checker | v.1.0.176.174 |
| DB Version: | 2024-05-22 11:00:29 |
Trojan.Heur!.02292423
The "Heur" stands for "heuristic," which means we use a set of rules, algorithms, or behavioral analysis to detect potential threats that may not have a specific, known signature. It's a proactive approach to identifying suspicious behavior or code patterns that could indicate the presence of a Trojan or other malware. The file's behavior or characteristics triggered the heuristic analysis as potentially malicious. However, it doesn't necessarily confirm that the file is indeed a Trojan. It could be a false positive, where a legitimate program exhibits behavior that resembles malicious activity.
| File | 5b23cfbbf429e3133f40.exe |
| Checked | 2024-05-22 08:23:01 |
| MD5 | 24bd829270fd34ab9a01b09fc901e9db |
| SHA1 | 64a250ba6e075c1eaea4b6de6ff0a8ccd26abed7 |
| SHA256 | f26c1730d301cf3484dc4e3ee832adaacf32ea8595319ad752fa44b8c6f0d4d4 |
| SHA512 | 280b616ee4133b91654d62f0f0683b82bdd0570e0590574e76ee53e9dd5cbbd2444486442257b6ac798f19d1a3b36b16d70ef3e8397f958ebcf5b95f7cbbbda2 |
| Imphash | 99cb03f4a5e10a0aad5cdf0b469aeb7b |
| File Size | 8589312 bytes |
Trojan.Heur!.02292423 Removal
Gridinsoft has the capability to identify and eliminate Trojan.Heur!.02292423 without requiring further user intervention.
- Start by downloading Gridinsoft Anti-Malware to your computer.
- Double-click on the gsam-en-install.exe file and follow the on-screen instructions to install the program.
- Once the installation of Gridinsoft Anti-Malware is complete, the program will open on the Scan screen.
- Click on the "Standard Scan" button.
- After the scanning process is finished, click on "Clean Now" to remove any detected threats.
- If prompted, restart your system to complete the removal process.
Portable Executable Info
 |
c1c7b037d09b9898af1492ff8ae96737 c11227e8354c78762f8ecf767e6f11fb cd183679682cb4b4 |
| Image Base: | 0x140000000 |
| Entry Point: | 0x140768b6c |
| Compilation: | 2024-05-10 10:05:36 |
| Checksum: | 0x00000000 (Actual: 0x0083bfc5) |
| OS Version: | 6.0 |
| PEiD: | PE32+ executable (GUI) x86-64, for MS Windows |
| Sign: | The PE file does not contain a certificate table. |
| Sections: | 14 |
| Imports: | ntdll, KERNEL32, ADVAPI32, USER32, d3d9, SHELL32, Secur32, WS2_32, bcrypt, GDI32, dwmapi, |
| Exports: | 0 |
| Resources: | 3 |
Sections
| Name | Virtual Address | Virtual Size | Raw Size | MD5 | Entropy |
|---|---|---|---|---|---|
| .text | 0x00001000 | 0x000fb376 | 0x00000000 | d41d8cd98f00b204e9800998ecf8427e | 0.00 |
| .rdata | 0x000fd000 | 0x00085fbc | 0x00000000 | d41d8cd98f00b204e9800998ecf8427e | 0.00 |
| .data | 0x00183000 | 0x0000f83c | 0x00000000 | d41d8cd98f00b204e9800998ecf8427e | 0.00 |
| .pdata | 0x00193000 | 0x00005c4c | 0x00000000 | d41d8cd98f00b204e9800998ecf8427e | 0.00 |
| .00cfg | 0x00199000 | 0x00000038 | 0x00000000 | d41d8cd98f00b204e9800998ecf8427e | 0.00 |
| .gxfg | 0x0019a000 | 0x00002860 | 0x00000000 | d41d8cd98f00b204e9800998ecf8427e | 0.00 |
| .limport | 0x0019d000 | 0x00000010 | 0x00000000 | d41d8cd98f00b204e9800998ecf8427e | 0.00 |
| .stub | 0x0019e000 | 0x00000100 | 0x00000000 | d41d8cd98f00b204e9800998ecf8427e | 0.00 |
| .tls | 0x0019f000 | 0x00000029 | 0x00000000 | d41d8cd98f00b204e9800998ecf8427e | 0.00 |
| _RDATA | 0x001a0000 | 0x000001f4 | 0x00000000 | d41d8cd98f00b204e9800998ecf8427e | 0.00 |
| .\.P | 0x001a1000 | 0x004e971f | 0x00000000 | d41d8cd98f00b204e9800998ecf8427e | 0.00 |
| .>x2 | 0x0068b000 | 0x00000e80 | 0x00001000 | d6a3bdc61caba56cc3e0a065b87955b7 | 0.19 |
| .?rc | 0x0068c000 | 0x007ed64c | 0x007ed800 | b7b97c4f3144bd684e381dc6bffa2fe2 | 7.95 |
| .rsrc | 0x00e7a000 | 0x00042283 | 0x00042400 | d60a00e9796bb785c0c7ab9d5a55eb52 | 4.88 |
