Gridinsoft Logo

The OnlineFix64.dll (EGS Hooker) File Analysis

Updated 20 days ago
Checked by Malaware Check
OnlineFix64.dll

Technical Analysis

File Name OnlineFix64.dll
File Type
Win32 DLL
Magic Bytes PE32+ executable (DLL) (GUI) x86-64, for MS Windows
SSDEEP Hash
98304:ZakRuzwC7uZxzvsz64EKmaXYUX7A8/yj60aCUznW:ZvmaZ5k/maXYULA8/l0aC
Scanner Version 1.0.216.174
Database Version 2025-05-18 06:00:31 UTC

Suspicious File Detected

Detected by 15 security engines - requires caution

This file requires additional checking for potential threats. Based on suspicious indicators, we will soon add it to our virus database.
21%
Detection Rate
3,895,296
File Size (bytes)
15/72
Engines Detected
2025-05-18
Analysis Date

Scan Another File

File Identification

Hash Type Value Action
MD5
4b2641816af88ff38c44267257508cb2
SHA1
ead2f3942191c9e81d96bd269e4c494b6cf8efd2
SHA256
029091ddb0b8e40b4fae16a672123066232998db15f14f37882539d09c66e5c1
SHA512
f7652895038d148aaf71ce61040836af9e3fa27f6180a7f2b520dd829aced0e8457f43bd3cc4aafee644a5095d594b4db55219c61d03bdf6b95b2849317cde12
ImpHash
8e90e7a6f485e28d081fb5f6bd905347

Security Engines with Detections (15 of 72)

Bkav
W64.AIDetectMalware Malicious
Elastic
malicious (high confidence) Malicious
Cynet
Malicious (score: 100) Malicious
Skyhigh
BehavesLike.Win64.Suspicioustrojan.wc Malicious
CrowdStrike
win/malicious_confidence_70% (W) Malicious
ESET-NOD32
a variant of Win64/HackTool.Crack.CV potentially unsafe Malicious
APEX
Malicious Malicious
McAfeeD
ti!029091DDB0B8 Malicious
Antiy-AVL
RiskWare[Packed]/Win32.VMProtect.a Malicious
Xcitium
ApplicUnwnt@#2reok4vijagrz Malicious
Microsoft
Trojan:Win32/Kepavll!rfn Malicious
Malwarebytes
Malware.AI.3911962551 Malicious
TrendMicro-HouseCall
TROJ_GEN.R002H01EB25 Malicious
DeepInstinct
MALICIOUS Malicious
alibabacloud
HackTool:Win/Crack.CY Malicious
57 engines reported no threats - Only engines with detections are shown above for clarity

PE Analysis

Basic Information

Image Base 0x180000000
Entry Point 0x1803e8c15
Compilation Time 2022-05-13 12:39:03
Checksum 0x00000000 (Actual: 0x003c60e0)
OS Version 6.0
PEiD Signatures PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Digital Signature No valid SignedData structure was found.
Imports 4 libraries
KERNEL32, USER32, SHELL32, dbghelp
Exports 1 functions
Resources 1 Resources
Sections 10 Sections

Version Information

CompanyName Online-Fix
FileDescription EGS Hooker
FileVersion 1.2.0.2
LegalCopyright Copyright (C) 2021-2022, 0xdeadc0de
ProductVersion 1.2.0.2
Translation 0x0007 0x04b0

PE Sections

Name Virtual Address Virtual Size Raw Size Entropy Characteristics MD5
.text 0x00001000 132,816 bytes 0 bytes 0.00 (Normal) IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ D41D8CD98F00B204E9800998ECF8427E
.rdata 0x00022000 55,068 bytes 0 bytes 0.00 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ D41D8CD98F00B204E9800998ECF8427E
.data 0x00030000 8,848 bytes 0 bytes 0.00 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE D41D8CD98F00B204E9800998ECF8427E
.pdata 0x00033000 10,812 bytes 0 bytes 0.00 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ D41D8CD98F00B204E9800998ECF8427E
_RDATA 0x00036000 348 bytes 0 bytes 0.00 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ D41D8CD98F00B204E9800998ECF8427E
.of0 0x00037000 1,878,074 bytes 0 bytes 0.00 (Normal) IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ D41D8CD98F00B204E9800998ECF8427E
.of1 0x00202000 1,760 bytes 2,048 bytes 0.20 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE BD4D1E99F5DB889BD012DA633A6D72CB
.of2 0x00203000 3,890,616 bytes 3,890,688 bytes 7.80 (Packed/Encrypted) IMAGE_SCN_CNT_CODE|IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_NOT_PAGED|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ 1D357E0885F347D360C4AD8F93BB5057
.reloc 0x005b9000 200 bytes 512 bytes 2.00 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 2BF09C0F909883853F996AA3BBC57556
.rsrc 0x005ba000 636 bytes 1,024 bytes 2.20 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 06D3FB3203A23A902D6D55DE64193EDA
Entropy Analysis Alert

1 section(s) with high entropy (≥7.5) detected - possible packing/encryption

Resource Analysis

Total Resources: 1 (548 bytes)
Resource Type Count Total Size Percentage
RT_VERSION 1 548 bytes
100%

Certificate Chain Analysis

Certificate Information
Description EGS Hooker
File Version 1.2.0.2
Copyright Copyright (C) 2021-2022, 0xdeadc0de

✓ This file has been digitally signed and the certificate chain has been verified

  • The signature ensures file integrity and authenticity from the publisher
  • Timestamping proves when the signature was applied
Certificate Verification Status

No valid SignedData structure was found.

Recommendation: Verify the file source and ensure it comes from a trusted publisher.

Remember: This is Result of Online Virus Scanner

Gridinsoft Anti-Malware has a much more powerful virus scanning engine. We recommend using it for a more precise diagnosis of infected systems. This brief guide will help you install our flagship product for more accurate diagnostics:

Download Anti-Malware

Keep Your System Protected

This file appears clean, but regular security maintenance is important

  1. Regular Scans: Run weekly system scans to detect new threats before they can cause damage.
  2. Keep Software Updated: Ensure your operating system and all applications have the latest security patches.
  3. Safe Browsing: Avoid suspicious websites and never download software from untrusted sources.
  4. Email Security: Be cautious with email attachments and links, even from known contacts.
Proactive Protection
15 antivirus engines detected potential threats. This could be a false positive, especially for system tools or packed software. Verify the file source and check if it's digitally signed by a trusted publisher.

Leave a Comment

Share your thoughts or insights about this file. Do you align with our conclusion?

* Your feedback could influence our rating, and rest assured, your email will remain confidential and will only be used to communicate with you if necessary.
Your Score for

Gridinsoft Anti-Malware

Cure your PC from any kind of malware

GridinSoft Anti-Malware will help you to protect your computer from spyware, trojans, backdoors, rootkits. It cleans your system from annoying advertisement modules and other malicious stuff developed by hackers.

Anti-Malware Download Now
Gridinsoft Anti-Malware