The StartSetup_20221.exe (OPTIMAL BAG) File Analysis

Updated 1 year ago

Checked by Malaware Check

StartSetup_20221.exe

Technical Analysis

File Name	StartSetup_20221.exe
File Type	Win32 EXE
Magic Bytes	`PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows`
SSDEEP Hash	786432:Kbgdoa1dRxL4Y6wDr4chK6VWpdnfzFRK36U7xvO+sS3X:NTdRxZDDgpN7FRQY4X
Scanner Version	1.0.154.174
Database Version	2024-01-07 23:02:11 UTC

⚠

Suspicious File Detected

Detected by 6 security engines - requires caution

This file requires additional checking for potential threats. Based on suspicious indicators, we will soon add it to our virus database.

Detection Rate

33,059,184

File Size (bytes)

6/67

Engines Detected

2024-01-07

Analysis Date

Scan Another File

File Identification

Hash Type	Value	Action
MD5	8e01cc8c8fc60f1b25b68a5fed4e0063
SHA1	6f21bf90d93cb0b3ec99fdb4c6e03d389f6e083f
SHA256	17a9d6d858ec0bc62e10fc841370c98b783481f75376806ab361e9bdfefc575b
SHA512	b859ec97faf7d03e405da1547e912fd87ff64245bb62dd5b9292c7a7cef4eecef84f38c3a53b85f49b777bf9184c099c2d651d0258124a87d594bf6850d69cfc
ImpHash	611cd6c3c4fbb2891c1a3bcda396b613

Security Engines with Detections (6 of 67)

Bkav

W32.AIDetectMalware Malicious

Ikarus

PUA.DownloadAdmin Malicious

Jiangmin

Trojan.Banker.ClipBanker.bhb Malicious

Microsoft

PUADlManager:Win32/Snackarcin Malicious

GData

Win32.Trojan.PSE.I2QRPE Malicious

Rising

Adware.Snackarcin!8.18E14 (TFE:5:lLgc0ja2iF) Malicious

61 engines reported no threats - Only engines with detections are shown above for clarity

PE Analysis

Basic Information

▼

Icon	Hash: 033742370ebe464335441b382d5837cd Fuzzy: 015d4d58d10a639fea46fa726821ed03 dHash: f0cc92868692ccf0
Image Base	`0x00400000`
Entry Point	`0x00402ed0`
Compilation Time	1970-01-01 00:00:00
Checksum	0x01f93112 (Actual: 0x01f93112)
OS Version	4.0
PEiD Signatures	`PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows`
Digital Signature	Unknown certificate revision ddf1
Imports	10 libraries kernel32, oleaut32, user32, advapi32, gdi32, version, shell32, ole32, comctl32, psapi
Exports	0 functions
Resources	92 Resources
Sections	8 Sections

Digital Signatures

▼

SSL.com EV Code Signing Intermediate CA RSA R3	Digital Media Pros LLC (US)
SSL.com EV Root Certification Authority RSA R2	SSL Corp (US)

Version Information

▼

CompanyName	OPTIMAL BAG Applications Systems
FileDescription	OPTIMAL BAG
InternalName	OPTIMALBAG.exe
LegalCopyright	OPTIMAL BAG Applications Systems
OriginalFilename	OPTIMALBAG.exe
ProductName	OPTIMAL BAG
ProductVersion	1.0.0.0
Comments
FileVersion	1.0.0.0
LegalTrademarks
Translation	0x0409 0x04e4

PE Sections

▼

Name	Virtual Address	Virtual Size	Raw Size	Entropy	Characteristics	MD5
`.text`	`0x00001000`	1,437,920 bytes	1,438,208 bytes	6.25 (Normal)	`IMAGE_SCN_CNT_CODE\|IMAGE_SCN_MEM_EXECUTE\|IMAGE_SCN_MEM_READ`	`361BF11EBB83150DB8BBE7E62EE19612`
`.data`	`0x00161000`	725,348 bytes	725,504 bytes	7.43 (Compressed)	`IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ\|IMAGE_SCN_MEM_WRITE`	`ED13A209BB86B644FA1677D267DC3559`
`.rdata`	`0x00213000`	382,756 bytes	382,976 bytes	5.34 (Normal)	`IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ`	`7CA5C82ABE1766BB4C64680A697D7617`
`.bss`	`0x00271000`	48,768 bytes	0 bytes	0.00 (Normal)	`IMAGE_SCN_CNT_UNINITIALIZED_DATA\|IMAGE_SCN_MEM_READ\|IMAGE_SCN_MEM_WRITE`	`D41D8CD98F00B204E9800998ECF8427E`
`.CRT`	`0x0027d000`	12 bytes	512 bytes	0.06 (Normal)	`IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ\|IMAGE_SCN_MEM_WRITE`	`A703520858BF44A71D9CB449B416F049`
`.idata`	`0x0027e000`	12,565 bytes	12,800 bytes	5.28 (Normal)	`IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ\|IMAGE_SCN_MEM_WRITE`	`1D75B5062791B8218A9F97EA8095C7E6`
`.rsrc`	`0x00282000`	132,696 bytes	133,120 bytes	5.07 (Normal)	`IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ\|IMAGE_SCN_MEM_WRITE`	`83B2279DBE64D1D22BD78B1865A25517`
`.reloc`	`0x002a3000`	135,404 bytes	135,680 bytes	6.54 (Compressed)	`IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_DISCARDABLE\|IMAGE_SCN_MEM_READ`	`3BC0160C0ADE0AF826CD4FD64D799D5D`

Entropy Analysis Alert

2 section(s) with elevated entropy (≥6.5) - possible compression

Resource Analysis

▼

Total Resources: 92 (126,542 bytes)

Resource Type	Count	Total Size	Percentage
RT_CURSOR	26	16,968 bytes	13.4%
RT_ICON	1	67,624 bytes	53.4%
RT_DIALOG	1	50 bytes	0%
RT_RCDATA	49	38,822 bytes	30.7%
RT_GROUP_CURSOR	12	436 bytes	0.3%
RT_GROUP_ICON	1	20 bytes	0%
RT_VERSION	1	852 bytes	0.7%
RT_MANIFEST	1	1,770 bytes	1.4%

Certificate Chain Analysis

▼

Certificate #1

Subject	Digital Media Pros LLC Digital Media Pros LLC US
Issuer	SSL.com EV Code Signing Intermediate CA RSA R3
Serial Number	`88401790483330143697796390301419409373`

Certificate #2

Subject	SSL.com EV Code Signing Intermediate CA RSA R3 SSL Corp US
Issuer	SSL.com EV Root Certification Authority RSA R2
Serial Number	`88120626561545005758442085613766983940`

Certificate Verification Status

Unknown certificate revision ddf1

Recommendation: Verify the file source and ensure it comes from a trusted publisher.

Remember: This is Result of Online Virus Scanner

Gridinsoft Anti-Malware has a much more powerful virus scanning engine. We recommend using it for a more precise diagnosis of infected systems. This brief guide will help you install our flagship product for more accurate diagnostics:

Download Anti-Malware

Keep Your System Protected

This file appears clean, but regular security maintenance is important

Regular Scans: Run weekly system scans to detect new threats before they can cause damage.
Keep Software Updated: Ensure your operating system and all applications have the latest security patches.
Safe Browsing: Avoid suspicious websites and never download software from untrusted sources.
Email Security: Be cautious with email attachments and links, even from known contacts.

Proactive Protection

6 antivirus engines detected potential threats. This could be a false positive, especially for system tools or packed software. Verify the file source and check if it's digitally signed by a trusted publisher.

Share your thoughts or insights about this file. Do you align with our conclusion?

* Your feedback could influence our rating, and rest assured, your email will remain confidential and will only be used to communicate with you if necessary.

Your Score for

5 4 3 2 1