Gridinsoft Logo
File Icon

Ruffle.exe Trojan Heuristic Analysis

Updated 1 year ago
Checked by Malware Check
ruffle.exe

Technical Analysis

File Name ruffle.exe
File Type
PE32+ executable (GUI) x86-64, for MS Windows
Scanner Version 1.0.172.174
Database Version 2024-04-21 22:00:32 UTC

Trojan.Heur!.02052023

Malware family: Heuristic

Heuristic detection uses behavioral analysis and pattern recognition to identify potential threats without specific signatures. This proactive approach detects suspicious code behavior that may indicate malware presence. Detection may occasionally produce false positives when legitimate software exhibits similar behavioral patterns.
N/A
Detection Rate
27,510,784
File Size (bytes)
2024-04-21
Analysis Date

Scan Another File

File Identification

Hash Type Value Action
MD5
463ec334bb2394b5184124664fec8793
SHA1
93b434d752b4191bbcc51843c05c640c12cfc759
SHA256
0027a583d4344e3db73d9face3bc61ca3bd1d49441bae16b4872fd93576a3c4b
SHA512
6589c9757bf935ca5484e5a82191ecb675da8463bd6a688619bd64a341caf77d2def886edb7ec7fc2bf52768b3ac780d1df84df6ee0c2ac9c056d8ac5e67340a
ImpHash
ea1fd7c9f1459a961e17cbf42bd68bda

PE Analysis

Basic Information

Icon
Hash: a2585ba152aa1413444b007f1edb6a8b
Fuzzy: 3b355238e4daf93b23556721eb71acfb
dHash: e09998dc2c8c2e16
Image Base 0x140000000
Entry Point 0x14127afc8
Compilation Time 2024-04-21 00:15:47
Checksum 0x00000000 (Actual: 0x01a419fc)
OS Version 6.0
PEiD Signatures PE32+ executable (GUI) x86-64, for MS Windows
PDB Path D:\a\ruffle\ruffle\target\x86_64-pc-windows-msvc\release\deps\ruffle_desktop.pdb
Digital Signature The PE file does not contain a certificate table.
Imports 17 libraries
Exports 7 functions
Resources 8 Resources
Sections 10 Sections

Version Information

CompanyName Ruffle
FileDescription Ruffle
FileVersion 0.1.0.0
InternalName ruffle_desktop.exe
LegalCopyright Copyright (C) 2021
OriginalFilename ruffle_desktop.exe
ProductName Ruffle
ProductVersion 0.1.0
Translation 0x0409 0x04b0

PE Sections

Name Virtual Address Virtual Size Raw Size Entropy Characteristics MD5
.text 0x00001000 20,034,534 bytes 20,034,560 bytes 6.27 (Normal) IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ 0F0054464263FDC691C768020FE8385D
.rdata 0x0131d000 6,924,492 bytes 6,924,800 bytes 6.06 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 0164A6C6E3C680E57F365AC72910B159
.data 0x019b8000 85,876 bytes 32,768 bytes 2.85 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 6815460C90E6A8834716DC03A22341C6
.pdata 0x019cd000 318,324 bytes 318,464 bytes 6.52 (Compressed) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 9045AF2CABE051E48FBFBB701D3EB4B8
.00cfg 0x01a1b000 56 bytes 512 bytes 0.47 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 9AA4A949E7C87786E0A3C66F14E77815
.gxfg 0x01a1c000 8,832 bytes 9,216 bytes 5.02 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ D88D2D5F2778166AA1979A5862310495
.tls 0x01a1f000 985 bytes 1,024 bytes 0.03 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 9112C8D6DB483527F495AF4B40A79359
_RDATA 0x01a20000 500 bytes 512 bytes 4.42 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 0E18251A192448870C044C727F5068D5
.rsrc 0x01a21000 8,088 bytes 8,192 bytes 7.19 (Compressed) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 3289C9B0F989D3E9DEA20725B9CB5B1E
.reloc 0x01a23000 179,380 bytes 179,712 bytes 5.49 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ 2AC1622FE7E341905F8A802F7985BA5D
Entropy Analysis Alert

2 section(s) with elevated entropy (≥6.5) - possible compression

Resource Analysis

Total Resources: 8 (7,541 bytes)
Resource Type Count Total Size Percentage
RT_ICON 6 6,755 bytes
89.6%
RT_GROUP_ICON 1 90 bytes
1.2%
RT_VERSION 1 696 bytes
9.2%

Certificate Chain Analysis

No Digital Signatures

This file is not digitally signed.

Security Implications:
  • Cannot verify the publisher's identity
  • Increased security risk when running this file
  • May trigger security warnings on some systems

⚠ This file either lacks a digital signature or the certificate chain could not be verified
Exercise caution when executing unsigned files from unknown sources

Certificate Verification Status

The PE file does not contain a certificate table.

Recommendation: Verify the file source and ensure it comes from a trusted publisher.

Trojan.Heur!.02052023 Removal

Gridinsoft has the capability to identify and eliminate Trojan.Heur!.02052023 without requiring further user intervention.

Download Anti-Malware

Removal Instructions

Follow these steps to completely remove the threat from your system

  1. Start by downloading Gridinsoft Anti-Malware to your computer.
  2. Double-click on the gsam-en-install.exe file and follow the on-screen instructions to install the program.
  3. Once the installation of Gridinsoft Anti-Malware is complete, the program will open on the Scan screen.
  4. Click on the "Standard Scan" button to begin scanning your computer for threats.
  5. After the scanning process is finished, click on "Clean Now" to remove any detected threats.
  6. If prompted, restart your system to complete the removal process and ensure all threats are eliminated.
Important: Before You Start
Disconnect from the internet to prevent the malware from spreading or downloading additional threats. Run the scan in Safe Mode for better detection and removal of persistent threats.

Leave a Comment

Share your thoughts or insights about this file. Do you align with our conclusion?

* Your feedback could influence our rating, and rest assured, your email will remain confidential and will only be used to communicate with you if necessary.
Your Score for

Gridinsoft Anti-Malware

Cure your PC from any kind of malware

GridinSoft Anti-Malware will help you to protect your computer from spyware, trojans, backdoors, rootkits. It cleans your system from annoying advertisement modules and other malicious stuff developed by hackers.

Anti-Malware Download Now
Gridinsoft Anti-Malware