Gridinsoft Logo
File Icon

可乐双号.exe Trojan Heuristic Analysis

Updated 1 month ago
Checked by Malware Check
可乐双号.exe

Technical Analysis

File Name 可乐双号.exe
File Type
PE32 executable (GUI) Intel 80386, for MS Windows
Scanner Version 1.0.229.174
Database Version 2025-11-20 13:00:18 UTC

Trojan.Heur!.03212021

Malware family: Heuristic

Heuristic detection uses behavioral analysis and pattern recognition to identify potential threats without specific signatures. This proactive approach detects suspicious code behavior that may indicate malware presence. Detection may occasionally produce false positives when legitimate software exhibits similar behavioral patterns.
N/A
Detection Rate
59,772,928
File Size (bytes)
2025-11-20
Analysis Date

Scan Another File

File Identification

Hash Type Value Action
MD5
2fd06a3f54353b886a07e5dd7bf8bb93
SHA1
58e87e4821b352555a6c2060b7fb1b7b2dc0f7d9
SHA256
123dafc52b7c913cd1976c501043cf55ef02fee32a27b139692d3ca632ecefb9
SHA512
6cfb1c9e57dfb71749ab8e317bb4ff037ca98b4c43d3712ffcac36241a92b2dbb260da31c6c84baa45c96acf0ceb60b873cc35fb3f9c5da78f0200e995f74d50
ImpHash
6276abc8d612146b5bee0404e887ca31

PE Analysis

Basic Information

Icon
Hash: a699c33d61128c995662e5323e88bb7d
Fuzzy: 98444c476d041580e716a52fe38f3738
dHash: 0f6345c6b23d2d0f
Image Base 0x00400000
Entry Point 0x03c8e391
Compilation Time 2025-08-22 20:30:10
Checksum 0x03909cbb (Actual: 0x0390b530)
OS Version 4.0
PEiD Signatures PE32 executable (GUI) Intel 80386, for MS Windows
Digital Signature No valid SignedData structure was found.
Imports 16 libraries
Exports 0 functions
Resources 62 Resources
Sections 8 Sections

Version Information

FileVersion 1.7.1.2
FileDescription 可乐
ProductName 可乐
ProductVersion 1.7.1.2
CompanyName 玛莎拉蒂官网:http://pcbao.ysepan.com
LegalCopyright 可乐
Comments 可乐
Translation 0x0804 0x04b0

PE Sections

Name Virtual Address Virtual Size Raw Size Entropy Characteristics MD5
.text 0x00001000 1,522,090 bytes 0 bytes 0.00 (Normal) IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ D41D8CD98F00B204E9800998ECF8427E
.rdata 0x00175000 8,251,090 bytes 0 bytes 0.00 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ D41D8CD98F00B204E9800998ECF8427E
.data 0x00954000 705,681 bytes 0 bytes 0.00 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE D41D8CD98F00B204E9800998ECF8427E
.rsrc 0x00a01000 3,968,604 bytes 3,969,024 bytes 8.00 (Packed/Encrypted) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ A887303CA610C64273B121A218EDBD09
.svmp1 0x00dca000 18,405,417 bytes 0 bytes 0.00 (Normal) IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE D41D8CD98F00B204E9800998ECF8427E
.svmp2 0x01f58000 22,867,603 bytes 22,867,968 bytes 7.99 (Packed/Encrypted) IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE C6ACA129820B53A6E2EA71D15DD27C69
.svmp3 0x03527000 4,750,517 bytes 4,751,360 bytes 7.89 (Packed/Encrypted) IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE B9171667DC93C9F8BC42BCC6E3E64C54
.svmp4 0x039af000 28,178,782 bytes 28,180,480 bytes 7.74 (Packed/Encrypted) IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 8CAC945ED00A661AE0158A0A368EA42F
Entropy Analysis Alert

4 section(s) with high entropy (≥7.5) detected - possible packing/encryption

Resource Analysis

Total Resources: 62 (3,964,987 bytes)
Resource Type Count Total Size Percentage
DLL 1 3,932,064 bytes
99.2%
TEXTINCLUDE 3 370 bytes
0%
WAVE 1 5,192 bytes
0.1%
RT_CURSOR 6 1,720 bytes
0%
RT_BITMAP 15 6,404 bytes
0.2%
RT_ICON 3 10,680 bytes
0.3%
RT_MENU 2 656 bytes
0%
RT_DIALOG 10 4,418 bytes
0.1%
RT_STRING 11 2,268 bytes
0.1%
RT_GROUP_CURSOR 5 114 bytes
0%
RT_GROUP_ICON 3 60 bytes
0%
RT_VERSION 1 580 bytes
0%
RT_MANIFEST 1 461 bytes
0%

Certificate Chain Analysis

No Digital Signatures

This file is not digitally signed.

Security Implications:
  • Cannot verify the publisher's identity
  • Increased security risk when running this file
  • May trigger security warnings on some systems

⚠ This file either lacks a digital signature or the certificate chain could not be verified
Exercise caution when executing unsigned files from unknown sources

Certificate Verification Status

No valid SignedData structure was found.

Recommendation: Verify the file source and ensure it comes from a trusted publisher.

Trojan.Heur!.03212021 Removal

Gridinsoft has the capability to identify and eliminate Trojan.Heur!.03212021 without requiring further user intervention.

Download Anti-Malware

Removal Instructions

Follow these steps to completely remove the threat from your system

  1. Start by downloading Gridinsoft Anti-Malware to your computer.
  2. Double-click on the gsam-en-install.exe file and follow the on-screen instructions to install the program.
  3. Once the installation of Gridinsoft Anti-Malware is complete, the program will open on the Scan screen.
  4. Click on the "Standard Scan" button to begin scanning your computer for threats.
  5. After the scanning process is finished, click on "Clean Now" to remove any detected threats.
  6. If prompted, restart your system to complete the removal process and ensure all threats are eliminated.
Important: Before You Start
Disconnect from the internet to prevent the malware from spreading or downloading additional threats. Run the scan in Safe Mode for better detection and removal of persistent threats.

Leave a Comment

Share your thoughts or insights about this file. Do you align with our conclusion?

Your feedback could influence our rating, and rest assured, your email will remain confidential and will only be used to communicate with you if necessary.

Your Score for
/

Gridinsoft Anti-Malware

Stay Malware-Free: Keep Your PC Protected with Gridinsoft Anti-Malware

Gridinsoft Anti-Malware offers just that—peace of mind with a robust, user-friendly solution that’s constantly updated to combat the latest threats. Designed by cybersecurity experts, it provides real-time protection and effortless malware removal. It’s not just about detecting threats; it's about enhancing your digital life with uninterrupted security. Give it a try and experience what it feels like to browse worry-free!

Gridinsoft Anti-Malware Download Now
Gridinsoft Anti-Malware