How to remove 1172.exe
1172.exe
The module 1172.exe has been detected as Ransom.TrickBot
File Details
| Product Name: | WinFsp |
| Company Name: | Navimatics LLC |
| MD5: | d3d62d8d274195ab9af9c028fea9ca4b |
| Size: | 4 MB |
| First Published: | 2022-06-05 23:18:18 (3 years ago) |
| Latest Published: | 2022-06-16 23:17:17 (3 years ago) |
| Status: | Ransom.TrickBot (on last analysis) | |
| Analysis Date: | 2022-06-16 23:17:17 (3 years ago) |
Overview
| Signed By: | Google LLC |
| Status: | Invalid (digital signature could be stolen or file could be patched) |
Common Places:
| %temp% |
| %temp% |
| %sysdrive%\windows.old\users\francisco\appdata\local |
| %temp% |
| %temp% |
| %temp% |
Geography:
| Colombia | 33.3% | |
| Bolivia | 16.7% | |
| Mexico | 16.7% | |
| Paraguay | 16.7% | |
| Indonesia | 16.7% |
OS Version:
| Windows 8.1 | 33.3% | |
| Windows 7 | 33.3% | |
| Windows 10 | 33.3% |
Analysis
| Subsystem: | Windows GUI |
| PE Type: | pe |
| OS Bitness: | 32 |
| Image Base: | 0x00400000 |
| Entry Address: | 0x003f9ad9 |
PE Sections:
| Name | Size of data | MD5 |
| .text | 0 | d41d8cd98f00b204e9800998ecf8427e |
| .rdata | 0 | d41d8cd98f00b204e9800998ecf8427e |
| .data | 0 | d41d8cd98f00b204e9800998ecf8427e |
| -FW9M5@j | 0 | d41d8cd98f00b204e9800998ecf8427e |
| -FW9M5@j | 4454912 | 98e7307e2100cc2660aa236afbe97014 |
| .reloc | 1536 | e8d5b57a3b4fb1128db3059599a13150 |
| .rsrc | 25600 | 10fdd91bf8c6d1c1f00aec474965ab06 |
More information:
Download GridinSoft
Anti-Malware - Removal tool for 1172.exe
