How to remove ActiveFileRecovery.exe
- File Details
- Overview
- Analysis
ActiveFileRecovery.exe
The module ActiveFileRecovery.exe has been detected as Trojan.Agent
File Details
| Product Name: |
|
| Company Name: |
|
| MD5: |
3e4d953101007d9528c9fe638d9aaa05 |
| Size: |
63 KB |
| First Published: |
2017-09-03 06:09:15 (7 years ago) |
| Latest Published: |
2020-12-03 08:35:37 (4 years ago) |
| Status: |
Trojan.Agent (on last analysis) |
|
| Analysis Date: |
2020-12-03 08:35:37 (4 years ago) |
| %temp%\fromremovablemedia\1ca7785c-8e3e-4e2b-968e-2b940d8f8ff4\hbcd\programs |
| %sysdrive%\docume~1\v8forg~1\locals~1\temp\rar$exa0.043\hbcd\programs |
| %sysdrive%\ghost\tool win mini\tao usb hiren boot\hirens.bootcd.15.2.rebuild all in one\hirens.bootcd.15.2.rebuild all in one\hbcd |
| %sysdrive%\hbcd |
| %sysdrive%\bo cai\hiren's.bootcd.15.2.rebuild all in one\hbcd |
| %sysdrive%\โปรแกรม เตรียมยัด\boot flash drive\hbcd |
| %sysdrive%\backup cruiser hirenboot usb\hbcd |
| %sysdrive%\soft\boot\hiren boot 15.2 bkav\hbcd |
| %sysdrive%\software\window\new folder\new folder\hbcd |
| %profile%\downloads\compressed\hirens boot 11.5\hbcd |
|
56.3% |
|
|
6.3% |
|
|
6.3% |
|
|
6.3% |
|
|
6.3% |
|
|
6.3% |
|
|
6.3% |
|
|
6.3% |
|
| Windows 10 |
37.5% |
|
| Windows 7 |
31.3% |
|
| Windows XP |
12.5% |
|
| Windows 8.1 |
12.5% |
|
| Windows Vista |
6.3% |
|
Analysis
| Subsystem: |
Windows CUI |
| PE Type: |
pe |
| OS Bitness: |
32 |
| Image Base: |
0x00400000 |
| Entry Address: |
0x0000a0c0 |
| Name |
Size of data |
MD5 |
| CODE |
38400 |
2bd3f16ed4bcb4c37d0078769daa28c3 |
| DATA |
1536 |
d912183338edaf40b4cf455aba92f9f5 |
| BSS |
0 |
00000000000000000000000000000000 |
| .idata |
2560 |
2a435f04c2ff4ca8018ccdaabf9f19f1 |
| .tls |
0 |
00000000000000000000000000000000 |
| .rdata |
512 |
994c454bc9dd923a2dd36d6f9b3a0d6b |
| .reloc |
0 |
00000000000000000000000000000000 |
| .rsrc |
20480 |
39b3ad8c11ff2b01788fdbc1bee389bb |
