Document09 10 2025 exe Trojan Heuristic File Malware Analysis: 34ea936136838b5d495f22cac978928b
Gridinsoft Logo
File Icon

Document09.10.2025.exe Trojan Heuristic Analysis

Updated 2 days ago
Checked by Malware Check
Document09.10.2025.exe

Technical Analysis

File Name Document09.10.2025.exe
File Type
PE32 executable (GUI) Intel 80386, for MS Windows
Scanner Version 1.0.228.174
Database Version 2025-10-23 11:00:19 UTC

Trojan.Heur!.00002031

Malware family: Heuristic

Heuristic detection uses behavioral analysis and pattern recognition to identify potential threats without specific signatures. This proactive approach detects suspicious code behavior that may indicate malware presence. Detection may occasionally produce false positives when legitimate software exhibits similar behavioral patterns.
N/A
Detection Rate
5,258,714
File Size (bytes)
2025-10-23
Analysis Date

Scan Another File

File Identification

Hash Type Value Action
MD5
34ea936136838b5d495f22cac978928b
SHA1
d12bfc7fc0014642b5ba5bb7ed63c3542f3b9e0e
SHA256
08b9cbdae903faf88b8027a12eee29265ff9b192b63aaa371d3d095b8ec00de5
SHA512
4b442f1f9765605abcea17537587d770f86303825750db1e79a1e321c32eb639f1abc4de5eea77f70c8716998854551ade259639c2c2b81dd6f4e276cd2c1bf8
ImpHash
262f7b623746b414d0e9c48c1d61145e

PE Analysis

Basic Information

Icon
Hash: 3a83b55975e521f1a84cf840d37bca3b
Fuzzy: 8a1aec803df24caad438bbab1806fe39
dHash: 8e8e4971b1b16d74
Image Base 0x00400000
Entry Point 0x00638960
Compilation Time 2025-05-13 12:21:22
Checksum 0x003f503a (Actual: 0x00513960)
OS Version 6.0
PEiD Signatures PE32 executable (GUI) Intel 80386, for MS Windows
PDB Path C:\ReleaseAI\win\Release\stubs\x86\ExternalUi.pdb
Digital Signature The expected hash does not match the digest in SpcInfo
Imports 2 libraries
KERNEL32, imagehlp
Exports 0 functions
Resources 46 Resources
Sections 7 Sections

Version Information

CompanyName FoxitPDFReader2025Personal
FileDescription FoxitPDFReader2025 Installer
FileVersion 1.0.0
InternalName personalfoxypdf
LegalCopyright Copyright (C) 2025 FoxitPDFReader2025Personal
OriginalFileName personalfoxypdf.exe
ProductName FoxitPDFReader2025
ProductVersion 1.0.0
Translation 0x0409 0x04b0

PE Sections

Name Virtual Address Virtual Size Raw Size Entropy Characteristics MD5
.text 0x00001000 2,937,066 bytes 2,937,344 bytes 6.46 (Normal) IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ E6253B29D95E12DA6171B9050E185A98
.rdata 0x002cf000 777,248 bytes 777,728 bytes 5.11 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 46ADEBB50CF214B078E0DB8F4D2AD982
.data 0x0038d000 60,148 bytes 13,824 bytes 4.52 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 44F8BFBE35B882BD9D84DAEFA0614A28
.didat 0x0039c000 1,820 bytes 2,048 bytes 4.57 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 07EFD076E6BA3D20E9CEB97990DDB8E9
.fptable 0x0039d000 128 bytes 512 bytes 0.00 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE BF619EAC0CDF3F68D496EA9344137E8B
.rsrc 0x0039e000 532,504 bytes 532,992 bytes 3.37 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 01B9632626F36C71E5D600F7D27DE0B2
.reloc 0x00421000 199,904 bytes 200,192 bytes 6.57 (Compressed) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ 6CC194268F88C755B41BC6E407E58718
Entropy Analysis Alert

1 section(s) with elevated entropy (≥6.5) - possible compression

Resource Analysis

Total Resources: 46 (530,044 bytes)
Resource Type Count Total Size Percentage
RT_BITMAP 6 26,098 bytes
4.9%
RT_ICON 7 371,384 bytes
70.1%
RT_DIALOG 5 1,198 bytes
0.2%
RT_STRING 15 11,574 bytes
2.2%
RT_GROUP_ICON 1 104 bytes
0%
RT_VERSION 1 844 bytes
0.2%
RT_HTML 10 116,775 bytes
22%
RT_MANIFEST 1 2,067 bytes
0.4%

Certificate Chain Analysis

No Digital Signatures

This file is not digitally signed.

Security Implications:
  • Cannot verify the publisher's identity
  • Increased security risk when running this file
  • May trigger security warnings on some systems

⚠ This file either lacks a digital signature or the certificate chain could not be verified
Exercise caution when executing unsigned files from unknown sources

Certificate Verification Status

The expected hash does not match the digest in SpcInfo

Recommendation: Verify the file source and ensure it comes from a trusted publisher.

Trojan.Heur!.00002031 Removal

Gridinsoft has the capability to identify and eliminate Trojan.Heur!.00002031 without requiring further user intervention.

Download Anti-Malware

Removal Instructions

Follow these steps to completely remove the threat from your system

  1. Start by downloading Gridinsoft Anti-Malware to your computer.
  2. Double-click on the gsam-en-install.exe file and follow the on-screen instructions to install the program.
  3. Once the installation of Gridinsoft Anti-Malware is complete, the program will open on the Scan screen.
  4. Click on the "Standard Scan" button to begin scanning your computer for threats.
  5. After the scanning process is finished, click on "Clean Now" to remove any detected threats.
  6. If prompted, restart your system to complete the removal process and ensure all threats are eliminated.
Important: Before You Start
Disconnect from the internet to prevent the malware from spreading or downloading additional threats. Run the scan in Safe Mode for better detection and removal of persistent threats.

Leave a Comment

Share your thoughts or insights about this file. Do you align with our conclusion?

* Your feedback could influence our rating, and rest assured, your email will remain confidential and will only be used to communicate with you if necessary.
Your Score for

Gridinsoft Anti-Malware

Cure your PC from any kind of malware

GridinSoft Anti-Malware will help you to protect your computer from spyware, trojans, backdoors, rootkits. It cleans your system from annoying advertisement modules and other malicious stuff developed by hackers.

Anti-Malware Download Now
Gridinsoft Anti-Malware