The SonRiseClient exe (Node js: Server side JavaScript) Node js File Malware Analysis
Gridinsoft Logo
File Icon

The SonRiseClient.exe (Node.js: Server-side JavaScript) File Analysis

Technical Analysis

File Name SonRiseClient.exe
File Type
Win32 EXE
Magic Bytes PE32+ executable (GUI) x86-64, for MS Windows
SSDEEP Hash
393216:ym+sFHI7EzNFAUYl8XRQo/gCcT5NB35jmxEsYAwD8UWsNWcxjQA:ym+GCl35NWclJ
Scanner Version 1.0.217.174
Database Version 2025-05-27 14:00:16 UTC

Suspicious File Detected

Detected by 29 security engines - requires caution

This file requires additional checking for potential threats. Based on suspicious indicators, we will soon add it to our virus database.
40%
Detection Rate
29,894,272
File Size (bytes)
29/72
Engines Detected
2025-05-27
Analysis Date

Scan Another File

File Identification

Hash Type Value Action
MD5
84c85390f69b842f628fba848b56ba2f
SHA1
7b4e4114a35298caab3f20ef38c33b3a85f8fd90
SHA256
00b3403f53ce1a8b985e1e4f8399fd7e3bdc330ca44f68a0ad0b71e0784f9416
SHA512
9ea3e727c72809b7763dd909e795ac870dda0ed41c585168d42666a24d5fde00c897b3d90ecef7b9f6052f08293b5880e82992ce4251d2557d065a8efdb60d25
ImpHash
47e33b9538febdf64d5eec782cbecf5b

Security Engines with Detections (29 of 72)

Bkav
W64.AIDetectMalware Malicious
Lionic
Trojan.Win32.Stealer.12!c Malicious
AVG
Win64:Malware-gen Malicious
MicroWorld-eScan
Gen:Variant.Tedy.738841 Malicious
CAT-QuickHeal
Trojan.Ghanarava.174660530156ba2f Malicious
Skyhigh
Artemis Malicious
McAfee
Artemis!84C85390F69B Malicious
CrowdStrike
win/malicious_confidence_100% (W) Malicious
Arcabit
Trojan.Tedy.DB4619 Malicious
Symantec
ML.Attribute.HighConfidence Malicious
Kaspersky
UDS:Trojan-PSW.Java.Stealer.gen Malicious
BitDefender
Gen:Variant.Tedy.738841 Malicious
Avast
Win64:Malware-gen Malicious
Emsisoft
Gen:Variant.Tedy.738841 (B) Malicious
VIPRE
Gen:Variant.Tedy.738841 Malicious
McAfeeD
ti!00B3403F53CE Malicious
CTX
exe.trojan.artemis Malicious
Ikarus
Trojan.SuspectCRC Malicious
Varist
W64/ABTrojan.NEEG-1041 Malicious
Microsoft
Trojan:Win32/Wacatac.C!ml Malicious
GData
Gen:Variant.Tedy.738841 Malicious
Google
Detected Malicious
ALYac
Gen:Variant.Tedy.738841 Malicious
Cylance
Unsafe Malicious
Panda
Trj/Chgt.AD Malicious
TrendMicro-HouseCall
TROJ_GEN.R002H09CK25 Malicious
MaxSecure
Trojan.Malware.220638688.susgen Malicious
Fortinet
W32/PossibleThreat Malicious
DeepInstinct
MALICIOUS Malicious
43 engines reported no threats - Only engines with detections are shown above for clarity

PE Analysis

Basic Information

Icon
Hash: 5b68da4010f12363d151f409ceb33d34
Fuzzy: e487424e8b5cee3808f28e6462b06171
dHash: 70f8bcf8f8f2f070
Image Base 0x140000000
Entry Point 0x140ee9038
Compilation Time 2022-03-31 04:12:47
Checksum 0x01c8ac1d (Actual: 0x01c8ac1d)
OS Version 6.0
PEiD Signatures PE32+ executable (GUI) x86-64, for MS Windows
PDB Path D:\a\pkg-fetch\pkg-fetch\build\node\out\Release\node.pdb
Digital Signature No valid SignedData structure was found.
Imports 11 libraries
Exports 17717 functions
Resources 9 Resources
Sections 6 Sections

Version Information

CompanyName Node.js
ProductName Node.js
FileDescription Node.js: Server-side JavaScript
FileVersion 12.22.11
ProductVersion 12.22.11
OriginalFilename node.exe
InternalName node
LegalCopyright Copyright Node.js contributors. MIT license.
Translation 0x0409 0x04b0

PE Sections

Name Virtual Address Virtual Size Raw Size Entropy Characteristics MD5
.text 0x00001000 16,021,700 bytes 16,022,016 bytes 6.46 (Normal) IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ D3B9CB4F131E814D74E9E7593CC31970
.rdata 0x00f49000 12,611,342 bytes 12,611,584 bytes 6.11 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 64D05CD753906012ACD033ADF81D4B6B
.data 0x01b50000 2,954,676 bytes 154,624 bytes 3.83 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 117ACC63A2D0CBF10FD2104CAD09EDD3
.pdata 0x01e22000 772,020 bytes 772,096 bytes 6.77 (Compressed) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 1084C02B7EE0A54930231F3DDB0DC309
.rsrc 0x01edf000 141,960 bytes 142,336 bytes 6.17 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ E928E69383B5EE466C35EB00D05C37F7
.reloc 0x01f02000 104,900 bytes 104,960 bytes 5.49 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ CFA5EC199D45DDFAD98BA0CD3F8A7829
Entropy Analysis Alert

1 section(s) with elevated entropy (≥6.5) - possible compression

Resource Analysis

Total Resources: 9 (141,402 bytes)
Resource Type Count Total Size Percentage
RT_ICON 6 139,730 bytes
98.8%
RT_GROUP_ICON 1 90 bytes
0.1%
RT_VERSION 1 760 bytes
0.5%
RT_MANIFEST 1 822 bytes
0.6%

Certificate Chain Analysis

Certificate Information
Product Node.js
Description Node.js: Server-side JavaScript
File Version 12.22.11
Original Name node.exe
Internal Name node
Copyright Copyright Node.js contributors. MIT license.

✓ This file has been digitally signed and the certificate chain has been verified

  • The signature ensures file integrity and authenticity from the publisher
  • Timestamping proves when the signature was applied
Certificate Verification Status

No valid SignedData structure was found.

Recommendation: Verify the file source and ensure it comes from a trusted publisher.

Remember: This is Result of Online Virus Scanner

Gridinsoft Anti-Malware has a much more powerful virus scanning engine. We recommend using it for a more precise diagnosis of infected systems. This brief guide will help you install our flagship product for more accurate diagnostics:

Download Anti-Malware

Keep Your System Protected

This file appears clean, but regular security maintenance is important

  1. Regular Scans: Run weekly system scans to detect new threats before they can cause damage.
  2. Keep Software Updated: Ensure your operating system and all applications have the latest security patches.
  3. Safe Browsing: Avoid suspicious websites and never download software from untrusted sources.
  4. Email Security: Be cautious with email attachments and links, even from known contacts.
Proactive Protection
29 antivirus engines detected potential threats. This could be a false positive, especially for system tools or packed software. Verify the file source and check if it's digitally signed by a trusted publisher.

Leave a Comment

Share your thoughts or insights about this file. Do you align with our conclusion?

* Your feedback could influence our rating, and rest assured, your email will remain confidential and will only be used to communicate with you if necessary.
Your Score for

Gridinsoft Anti-Malware

Cure your PC from any kind of malware

GridinSoft Anti-Malware will help you to protect your computer from spyware, trojans, backdoors, rootkits. It cleans your system from annoying advertisement modules and other malicious stuff developed by hackers.

Gridinsoft Anti-Malware