Gridinsoft Logo
File Icon

The NеwInst_[UPD!].exe File Analysis

Updated 23 days ago
Checked by Malaware Check
NеwInst_[UPD!].exe

Technical Analysis

File Name NеwInst_[UPD!].exe
File Type
Win32 EXE
Magic Bytes PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
SSDEEP Hash
196608:bWYbfdRXGjrRxx4BJThagv3R9+KRHba8E7BvKdNsQHUydG8auL+1EJhMvpAFP+E/:AC+BOk8+iPI4pS3Bd3nt8+c
Scanner Version 1.0.216.174
Database Version 2025-05-14 12:00:23 UTC

Suspicious File Detected

Detected by 3 security engines - requires caution

This file requires additional checking for potential threats. Based on suspicious indicators, we will soon add it to our virus database.
4%
Detection Rate
8,214,920
File Size (bytes)
3/72
Engines Detected
2025-05-14
Analysis Date

Scan Another File

File Identification

Hash Type Value Action
MD5
85001423c532f4c2b85516fd60a67c2d
SHA1
263458d969875c6e31866e0b9c20d1dc3ba8c8da
SHA256
0c8375c59184a716a448face09ef08f619db1245795ada87e2f44758ef169368
SHA512
a2fb641bb428ff564aa5f7c38f93393763d7ecc178ede7da44231b47503fdfe664fe35d6a01668c08a73f5b3f4306091dafb679f9df9e5b21b5a9a22a036dd0e
ImpHash
6bfb7efaa840cda501f03d168513e82c

Security Engines with Detections (3 of 72)

VirIT
Trojan.Win32.GenHeur.B Malicious
Rising
Trojan.Injector!1.127AD (CLASSIC) Malicious
Microsoft
Trojan:Win32/Bearfoos.A!ml Malicious
69 engines reported no threats - Only engines with detections are shown above for clarity

PE Analysis

Basic Information

Icon
Hash: 3a125d7c19f23452a68b06d9fb3c6f63
Fuzzy: 9157fc754cb04cef7624c7d4a105658c
dHash: fcbaeeeeeeeeeeb2
Image Base 0x00400000
Entry Point 0x004012a0
Compilation Time 2011-03-23 01:09:05
Checksum 0x00d5c167 (Actual: 0x007df014)
OS Version 4.0
PEiD Signatures PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
Digital Signature The expected hash does not match the digest in SpcInfo
Imports 13 libraries
Exports 0 functions
Resources 3 Resources
Sections 6 Sections

PE Sections

Name Virtual Address Virtual Size Raw Size Entropy Characteristics MD5
.text 0x00001000 6,378,316 bytes 6,378,496 bytes 6.25 (Normal) IMAGE_SCN_CNT_CODE|IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ AA49CC214D9C30AEF080D61AB4CCC8D2
.data 0x00617000 5,732 bytes 6,144 bytes 3.72 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 0531B3C44A5314AABC7A682606FB511F
.rdata 0x00619000 1,357,420 bytes 1,357,824 bytes 7.13 (Compressed) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 1E085D36CD3140192C03F5A42167E9BB
.bss 0x00765000 41,936 bytes 0 bytes 0.00 (Normal) IMAGE_SCN_CNT_UNINITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE D41D8CD98F00B204E9800998ECF8427E
.idata 0x00770000 16,720 bytes 16,896 bytes 5.22 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE CD0B15611AF6EEAD1ABCEF1EE218582F
.rsrc 0x00775000 433,152 bytes 433,152 bytes 7.83 (Packed/Encrypted) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 34F8AD6573740EA7F8272D7FF448890D
Entropy Analysis Alert

1 section(s) with high entropy (≥7.5) detected - possible packing/encryption

1 section(s) with elevated entropy (≥6.5) - possible compression

Resource Analysis

Total Resources: 3 (3,634 bytes)
Resource Type Count Total Size Percentage
RT_ICON 2 3,600 bytes
99.1%
RT_GROUP_ICON 1 34 bytes
0.9%

Certificate Chain Analysis

Certificate Information
Signing Date 10:22 AM 04/02/2025 (65 days ago)
Verification Status The digital signature of the object did not verify.
Signers Wondershare Technology Group Co.,Ltd; DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1; DigiCert Trusted Root G4; DigiCert
Counter Signers DigiCert Timestamp 2024; DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA; DigiCert Trusted Root G4; DigiCert
Certificate Chain Summary
DigiCert Trusted Root G4 #1 Primary
Validity Period: 2022-08-01 00:00:00 → 2031-11-09 23:59:59
Signature Algorithm: sha384RSA
Serial Number: 0E 9B 18 8E F9 D0 2D E7 EF DB 50 E2 08 40 18 5A
DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA #2 Chain
Validity Period: 2022-03-23 00:00:00 → 2037-03-22 23:59:59
Signature Algorithm: sha256RSA
Serial Number: 07 36 37 B7 24 54 7C D8 47 AC FD 28 66 2A 5E 5B
DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1 #3 Chain
Validity Period: 2021-04-29 00:00:00 → 2036-04-28 23:59:59
Signature Algorithm: sha384RSA
Serial Number: 08 AD 40 B2 60 D2 9C 4C 9F 5E CD A9 BD 93 AE D9
DigiCert Timestamp 2024 #4 Chain
Validity Period: 2024-09-26 00:00:00 → 2035-11-25 23:59:59
Signature Algorithm: sha256RSA
Serial Number: 0B AE 66 BC 5A BA 7F 95 87 C6 F9 E9 04 E3 33 04
Wondershare Technology Group Co.,Ltd #5 Chain
Validity Period: 2022-04-15 00:00:00 → 2025-04-05 23:59:59
Signature Algorithm: sha256RSA
Serial Number: 0E 59 B2 10 F4 02 BB 48 03 BE EC 5B 21 01 30 C5

✓ This file has been digitally signed and the certificate chain has been verified

  • The signature ensures file integrity and authenticity from the publisher
  • Timestamping proves when the signature was applied
Certificate Verification Status

The expected hash does not match the digest in SpcInfo

Recommendation: Verify the file source and ensure it comes from a trusted publisher.

Remember: This is Result of Online Virus Scanner

Gridinsoft Anti-Malware has a much more powerful virus scanning engine. We recommend using it for a more precise diagnosis of infected systems. This brief guide will help you install our flagship product for more accurate diagnostics:

Download Anti-Malware

Keep Your System Protected

This file appears clean, but regular security maintenance is important

  1. Regular Scans: Run weekly system scans to detect new threats before they can cause damage.
  2. Keep Software Updated: Ensure your operating system and all applications have the latest security patches.
  3. Safe Browsing: Avoid suspicious websites and never download software from untrusted sources.
  4. Email Security: Be cautious with email attachments and links, even from known contacts.
Proactive Protection
3 antivirus engines detected potential threats. This could be a false positive, especially for system tools or packed software. Verify the file source and check if it's digitally signed by a trusted publisher.

Leave a Comment

Share your thoughts or insights about this file. Do you align with our conclusion?

* Your feedback could influence our rating, and rest assured, your email will remain confidential and will only be used to communicate with you if necessary.
Your Score for

Gridinsoft Anti-Malware

Cure your PC from any kind of malware

GridinSoft Anti-Malware will help you to protect your computer from spyware, trojans, backdoors, rootkits. It cleans your system from annoying advertisement modules and other malicious stuff developed by hackers.

Anti-Malware Download Now
Gridinsoft Anti-Malware