How to remove spoolsv.exe
- File Details
- Overview
- Analysis
spoolsv.exe
The module spoolsv.exe has been detected as Ransom.Wacatac
File Details
| Product Name: |
|
| Company Name: |
|
| MD5: |
ef188c721d05aa67de0820f06b438cca |
| Size: |
2 MB |
| First Published: |
2020-12-23 20:26:51 (4 years ago) |
| Latest Published: |
2021-01-05 06:24:49 (4 years ago) |
| Status: |
Ransom.Wacatac (on last analysis) |
|
| Analysis Date: |
2021-01-05 06:24:49 (4 years ago) |
| %windir%\inf\storagevservicedbs\000d\1049\5.0\1049 |
| %windir%\inf\storagevservicedbs\000d\1049\5.0\1049 |
| %windir%\inf\storagevservicedbs\000d\1049\5.0\1049 |
| Windows 10 |
66.7% |
|
| Windows Server 2012 R2 |
33.3% |
|
Analysis
| Subsystem: |
Windows GUI |
| PE Type: |
pe |
| OS Bitness: |
32 |
| Image Base: |
0x00400000 |
| Entry Address: |
0x00404058 |
| Name |
Size of data |
MD5 |
| |
17470 |
f99ff7ab7be25e597c6a8f04d3856fa0 |
| |
1332 |
bfe5d4bb33bc2e992b63506a953b0f28 |
| |
12 |
b0e0c075dcd349986fa84d18d2da264b |
| |
9 |
f88f9d620fe6c5829048a3bb7241120e |
| |
5427 |
6c0291e0436e86068d534216954c56af |
| .imports |
512 |
98d119be87bb1ad15f7c4c8809804969 |
| .rsrc |
15360 |
52e12b2aecaf52d2afef385a1f8c3955 |
| .themida |
0 |
d41d8cd98f00b204e9800998ecf8427e |
| .boot |
2456222 |
4c6f5450548e0a762e09cc3939d26ab7 |
