The msedge elf dll File Malware Analysis
Gridinsoft Logo

The msedge_elf.dll File Analysis

Updated 1 month ago
Checked by Malware Check
msedge_elf.dll

Technical Analysis

File Name msedge_elf.dll
File Type
Win32 DLL
Magic Bytes PE32+ executable (DLL) (GUI) x86-64, for MS Windows
SSDEEP Hash
49152:OIFC503ulIU0Y6kN862XXK1se+k7jrHQ/w22c3QXGDA4rlz9KSnGshnGoQ7oJ3x1:e5039XYnN862vTHMGDDlzhG+1ewHTl
Scanner Version 1.0.230.174
Database Version 2025-12-05 05:00:22 UTC

Suspicious File Detected

Detected by 17 security engines - requires caution

This file requires additional checking for potential threats. Based on suspicious indicators, we will soon add it to our virus database.
24%
Detection Rate
9,871,032
File Size (bytes)
17/72
Engines Detected
2025-12-05
Analysis Date

Scan Another File

File Identification

Hash Type Value Action
MD5
9e16c6787c5b2a72cee36f8688864eff
SHA1
4db778f72030d9d9492a17b914335333faf73533
SHA256
19a01eb16578d7312288e9a116688c4db196d490c4011e4fe3b2fbce7b9a09b1
SHA512
e6d614d103a50bc92ce69c17b0adbc504d0644d356bae66c9d540f3a46f38d60b75090414bed3486ffd9e99682117dbcccabf1231d2cf672bced13916072cf5f
ImpHash
11816731f87952ce23da086b67eb30cb

Security Engines with Detections (17 of 72)

Bkav
W64.AIDetectMalware Malicious
Symantec
Trojan.Gen.MBT Malicious
ESET-NOD32
WinGo/Kryptik.MW trojan Malicious
Cynet
Malicious (score: 99) Malicious
Kaspersky
Trojan.Win64.Agent.smfaec Malicious
Sophos
Mal/Generic-S Malicious
McAfeeD
ti!19A01EB16578 Malicious
Avira
TR/Redcap.dxase Malicious
Kingsoft
Win64.Trojan.Agent.smfaec Malicious
Microsoft
Trojan:Win32/Wacatac.B!ml Malicious
DeepInstinct
MALICIOUS Malicious
APEX
Malicious Malicious
Rising
Downloader.FakeDll!8.1BD60 (TFE:6:PNLxQYbsjDR) Malicious
TrellixENS
Artemis!9E16C6787C5B Malicious
AVG
Win64:MalwareX-gen [Pws] Malicious
Avast
Win64:MalwareX-gen [Pws] Malicious
alibabacloud
Trojan:Multi/Kryptik.MI Malicious
55 engines reported no threats - Only engines with detections are shown above for clarity

PE Analysis

Basic Information

Image Base 0x29f980000
Entry Point 0x29f981350
Compilation Time 2025-12-04 14:12:39
Checksum 0x009734ad (Actual: 0x009734ad)
OS Version 6.1
PEiD Signatures PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Digital Signature Chain verification from CN=githab.com (serial:566610323084659626487404944236879836460611, sha1:9f352b3b7fd31c399f0f5cb0d85dd2ff8515059b) failed: Unable to build a validation path for the certificate "Common Name: githab.com" - no issuer matching "Common Name: R13" was found
Imports 2 libraries
KERNEL32, msvcrt
Exports 3 functions
Resources 0 Resources
Sections 19 Sections

PE Sections

Name Virtual Address Virtual Size Raw Size Entropy Characteristics MD5
.text 0x00001000 3,231,872 bytes 3,232,256 bytes 5.74 (Normal) IMAGE_SCN_CNT_CODE|IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ|IMAGE_SCN_ALIGN_32BYTES 4E77772F801E789A9FE6AAD86F9C5704
.data 0x00317000 80,320 bytes 80,384 bytes 4.09 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE|IMAGE_SCN_ALIGN_32BYTES 832A22487BBB27589C364E93BC9DCA72
.rdata 0x0032b000 4,418,432 bytes 4,418,560 bytes 6.36 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_ALIGN_32BYTES A4636C23E6CB5FEA240D06EED54D1111
.pdata 0x00762000 1,248 bytes 1,536 bytes 4.31 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_ALIGN_4BYTES 5E0D41E80C923CA565A4A891081E13FB
.xdata 0x00763000 1,100 bytes 1,536 bytes 3.55 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_ALIGN_4BYTES 9E839C6DD960C54155792CF3C8E13E0B
.bss 0x00764000 301,568 bytes 0 bytes 0.00 (Normal) IMAGE_SCN_CNT_UNINITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE|IMAGE_SCN_ALIGN_32BYTES D41D8CD98F00B204E9800998ECF8427E
.edata 0x007ae000 154 bytes 512 bytes 1.95 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_ALIGN_4BYTES DAEEF74EF33C2C05AD0C14197099614E
.idata 0x007af000 2,840 bytes 3,072 bytes 4.28 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE|IMAGE_SCN_ALIGN_4BYTES 35D131EEB0F5B1B3B6F6C5E89B645DE5
.CRT 0x007b0000 88 bytes 512 bytes 0.26 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE|IMAGE_SCN_ALIGN_8BYTES 1E73F0EA827E07BDB90F9BA9863899F5
.tls 0x007b1000 16 bytes 512 bytes 0.00 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE|IMAGE_SCN_ALIGN_8BYTES BF619EAC0CDF3F68D496EA9344137E8B
.reloc 0x007b2000 128,524 bytes 129,024 bytes 5.43 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ|IMAGE_SCN_ALIGN_4BYTES E2ADD49414CA1535B30CAAD6D287A7DE
/4 0x007d2000 1,680 bytes 2,048 bytes 1.67 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ|IMAGE_SCN_ALIGN_16BYTES 40D46E14D99E227C6201BB5D07C76E6D
/19 0x007d3000 75,228 bytes 75,264 bytes 6.04 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ|IMAGE_SCN_ALIGN_1BYTES F476570D6BCA2DD1C4726184338BFE83
/31 0x007e6000 13,123 bytes 13,312 bytes 4.74 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ|IMAGE_SCN_ALIGN_1BYTES 755D329AC466809F1A51602200A46ADB
/45 0x007ea000 31,400 bytes 31,744 bytes 5.43 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ|IMAGE_SCN_ALIGN_1BYTES 9A7D61020956BA237C48A14597E1DF76
/57 0x007f2000 9,584 bytes 9,728 bytes 3.71 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ|IMAGE_SCN_ALIGN_8BYTES 44243EDCFA595910087E69D9370AC527
/70 0x007f5000 2,048 bytes 2,048 bytes 4.85 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ|IMAGE_SCN_ALIGN_1BYTES F76F1E6DBE7E2015E0960FC75F89FCAB
/81 0x007f6000 76,386 bytes 76,800 bytes 2.68 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ|IMAGE_SCN_ALIGN_1BYTES E821DCCD2A69937B98AAA8C658C54C25
/92 0x00809000 5,520 bytes 5,632 bytes 1.79 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ|IMAGE_SCN_ALIGN_1BYTES 6D18C12AE3F9D0E44E36D617B97DC639

Certificate Chain Analysis

Certificate Information
Verification Status A certificate chain could not be built to a trusted root authority.
Certificate Chain Summary
githab.com #1 Primary
Validity Period: 2025-10-16 07:06:41 → 2026-01-14 07:06:40
Signature Algorithm: sha256RSA
Serial Number: 06 81 1E 3A CD 82 27 23 2E E5 8A 61 EC D7 14 A9 B6 43

✓ This file has been digitally signed and the certificate chain has been verified

  • The signature ensures file integrity and authenticity from the publisher
  • Timestamping proves when the signature was applied
Certificate Verification Status

Chain verification from CN=githab.com (serial:566610323084659626487404944236879836460611, sha1:9f352b3b7fd31c399f0f5cb0d85dd2ff8515059b) failed: Unable to build a validation path for the certificate "Common Name: githab.com" - no issuer matching "Common Name: R13" was found

Recommendation: Verify the file source and ensure it comes from a trusted publisher.

Remember: This is Result of Online Virus Scanner

Gridinsoft Anti-Malware has a much more powerful virus scanning engine. We recommend using it for a more precise diagnosis of infected systems. This brief guide will help you install our flagship product for more accurate diagnostics:

Download Anti-Malware

Keep Your System Protected

This file appears clean, but regular security maintenance is important

  1. Regular Scans: Run weekly system scans to detect new threats before they can cause damage.
  2. Keep Software Updated: Ensure your operating system and all applications have the latest security patches.
  3. Safe Browsing: Avoid suspicious websites and never download software from untrusted sources.
  4. Email Security: Be cautious with email attachments and links, even from known contacts.
Proactive Protection
17 antivirus engines detected potential threats. This could be a false positive, especially for system tools or packed software. Verify the file source and check if it's digitally signed by a trusted publisher.

Leave a Comment

Share your thoughts or insights about this file. Do you align with our conclusion?

* Your feedback could influence our rating, and rest assured, your email will remain confidential and will only be used to communicate with you if necessary.
Your Score for

Gridinsoft Anti-Malware

Stay Malware-Free: Keep Your PC Protected with Gridinsoft Anti-Malware

Gridinsoft Anti-Malware offers just that—peace of mind with a robust, user-friendly solution that’s constantly updated to combat the latest threats. Designed by cybersecurity experts, it provides real-time protection and effortless malware removal. It’s not just about detecting threats; it's about enhancing your digital life with uninterrupted security. Give it a try and experience what it feels like to browse worry-free!

Gridinsoft Anti-Malware Download Now
Gridinsoft Anti-Malware