The CTMENUW.EXE File Analysis

Updated 15 hours ago

Checked by Malware Check

CTMENUW.EXE

Technical Analysis

File Name	CTMENUW.EXE
File Type	Win32 EXE
Magic Bytes	`PE32 executable (GUI) Intel 80386, for MS Windows`
SSDEEP Hash	196608:3uqLl22cRXpih7CwSzYwCNRElu53Q+qOpibL9ferPyQZn4E/g9F5vJ:9LDcRQswzQuNQ3bB8KMnNsF5vJ
Scanner Version	1.0.219.174
Database Version	2025-06-26 18:00:25 UTC

⚠

Suspicious File Detected

Detected by 17 security engines - requires caution

This file requires additional checking for potential threats. Based on suspicious indicators, we will soon add it to our virus database.

24%

Detection Rate

9,361,672

File Size (bytes)

17/72

Engines Detected

2025-06-26

Analysis Date

Scan Another File

File Identification

Hash Type	Value	Action
MD5	a38e88dc34c770fcd09970a286263444
SHA1	12ed031e936216c5f50dd1ba3704455860804b28
SHA256	18510e68915ad8460b23fe3689bd3f4b2b4adbaf067b5dab67befdcbbe71194f
SHA512	2926198c274d1d1fe2477a43173e3e90614e57ccd2496eb5023eb77e1963ccb1ca792b6227bde6dbaeab66519cc0a7aa9f20f8d5e0b0365f014c5e731380f361
ImpHash	85de11416899930380628ef20827d5fe

Security Engines with Detections (17 of 72)

Bkav

W32.AIDetectMalware Malicious

Skyhigh

BehavesLike.Win32.Generic.rc Malicious

Cynet

Malicious (score: 99) Malicious

F-Secure

Heuristic.HEUR/AGEN.1340754 Malicious

McAfeeD

ti!18510E68915A Malicious

Trapmine

malicious.high.ml.score Malicious

Ikarus

Trojan.Dropper Malicious

Webroot

W32.Trojan.Gen Malicious

Avira

HEUR/AGEN.1340754 Malicious

Antiy-AVL

RiskWare[Packed]/Win32.Enigma.a Malicious

Microsoft

Trojan:Win32/Wacatac.B!ml Malicious

Google

Detected Malicious

AhnLab-V3

Trojan/Win32.Generic.R107428 Malicious

VBA32

TrojanDownloader.Adload Malicious

Cylance

Unsafe Malicious

MaxSecure

Trojan.Malware.300983.susgen Malicious

Zoner

Probably Heur.ExeHeaderL Malicious

55 engines reported no threats - Only engines with detections are shown above for clarity

PE Analysis

Basic Information

▼

Icon	Hash: 25a3b518908eb500803eb5cad00de3d8 Fuzzy: d95e9ee7c9920cc517953206f1ff5f9d dHash: b2ce2bd8d8b489ca
Image Base	`0x00400000`
Entry Point	`0x034653b0`
Compilation Time	2025-01-21 21:01:44
Checksum	0x00000000 (Actual: 0x008f88d7)
OS Version	4.0
PEiD Signatures	`PE32 executable (GUI) Intel 80386, for MS Windows`
Digital Signature	No valid SignedData structure was found.
Imports	8 libraries kernel32, user32, advapi32, oleaut32, gdi32, shell32, version, MSVBVM60
Exports	0 functions
Resources	3 Resources
Sections	6 Sections

Version Information

▼

Translation	0x0409 0x04b0
CompanyName	REAL SYSTEMS S.A.
ProductName	Contabilidad Concar
FileVersion	1.00
ProductVersion	1.00
InternalName	ctmenuw
OriginalFilename	ctmenuw.exe

PE Sections

▼

Name	Virtual Address	Virtual Size	Raw Size	Entropy	Characteristics	MD5
	`0x00001000`	40,058,880 bytes	7,012,352 bytes	8.00 (Packed/Encrypted)	`IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_EXECUTE\|IMAGE_SCN_MEM_READ\|IMAGE_SCN_MEM_WRITE`	`7D9DF839463556E29EAE1E078969F4EC`
	`0x02635000`	1,040,384 bytes	0 bytes	0.00 (Normal)	`IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_EXECUTE\|IMAGE_SCN_MEM_READ\|IMAGE_SCN_MEM_WRITE`	`D41D8CD98F00B204E9800998ECF8427E`
	`0x02733000`	4,096 bytes	0 bytes	0.00 (Normal)	`IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_EXECUTE\|IMAGE_SCN_MEM_READ\|IMAGE_SCN_MEM_WRITE`	`D41D8CD98F00B204E9800998ECF8427E`
`.rsrc`	`0x02734000`	4,096 bytes	4,096 bytes	2.96 (Normal)	`IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_EXECUTE\|IMAGE_SCN_MEM_READ\|IMAGE_SCN_MEM_WRITE`	`154E8FA31905C0663A4FC376C537922D`
	`0x02735000`	7,512,064 bytes	196,608 bytes	8.00 (Packed/Encrypted)	`IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_EXECUTE\|IMAGE_SCN_MEM_READ\|IMAGE_SCN_MEM_WRITE`	`C580BFC111FCEECA9B83CCADEAE73606`
`.data`	`0x02e5f000`	2,134,016 bytes	2,134,016 bytes	7.98 (Packed/Encrypted)	`IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_EXECUTE\|IMAGE_SCN_MEM_READ\|IMAGE_SCN_MEM_WRITE`	`E053FCED5C7CFC2B0553C7BF9E0FD3DF`

Entropy Analysis Alert

3 section(s) with high entropy (≥7.5) detected - possible packing/encryption

Resource Analysis

▼

Total Resources: 3 (2,800 bytes)

Resource Type	Count	Total Size	Percentage
RT_ICON	1	2,216 bytes	79.1%
RT_GROUP_ICON	1	20 bytes	0.7%
RT_VERSION	1	564 bytes	20.1%

Certificate Chain Analysis

▼

Certificate Information

Product	Contabilidad Concar
File Version	1.00
Original Name	ctmenuw.exe
Internal Name	ctmenuw