The msedge_elf.dll (Compressor Virtual Formatter) File Analysis

Updated 3 months ago

Checked by Malware Check

msedge_elf.dll

Technical Analysis

File Name	msedge_elf.dll
File Type	Win32 DLL
Magic Bytes	`PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows`
SSDEEP Hash	24576:zyhuIwgnfZnhhfSZyrNTJyhuIwgnfZnhhfSZyrNT:zy1ZnX9rNTJy1ZnX9rNT
Scanner Version	1.0.225.174
Database Version	2025-09-24 19:00:30 UTC

⚠

Suspicious File Detected

Detected by 6 security engines - requires caution

This file requires additional checking for potential threats. Based on suspicious indicators, we will soon add it to our virus database.

Detection Rate

1,120,768

File Size (bytes)

6/72

Engines Detected

2025-09-24

Analysis Date

Scan Another File

File Identification

Hash Type	Value	Action
MD5	62650b36d1b8d649d68d5d984e5861b9
SHA1	5dae21f5d87596d87662bc6e299c7625cf79f960
SHA256	2372ff30032f8400a149149ab71bc5767a2e8ebc491902716eb4b7ec9b504a42
SHA512	09559ece2ffbba30ca278ca4313ef1f9784071e645cd41531f46fd5eeb332947717c94495b46fc80342ad862b4506f7de7b43a69337c5fa92e0c0940c44f28cc
ImpHash	7fe6e708cb7cb7c29a6206e32d8856ca

Security Engines with Detections (6 of 72)

Elastic

malicious (moderate confidence) Malicious

huorong

HEUR:TrojanDownloader/FakeDll.a Malicious

Symantec

ML.Attribute.HighConfidence Malicious

Avast

FileRepMalware [Cryp] Malicious

Microsoft

Trojan:Win32/Sabsik.EN.A!ml Malicious

AVG

FileRepMalware [Cryp] Malicious

66 engines reported no threats - Only engines with detections are shown above for clarity

PE Analysis

Basic Information

▼

Image Base	`0x264070000`
Entry Point	`0x264071200`
Compilation Time	2025-09-24 13:42:39
Checksum	0x00116cae (Actual: 0x00116cae)
OS Version	4.0
PEiD Signatures	`PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows`
Digital Signature	No valid SignedData structure was found.
Imports	4 libraries bcrypt, KERNEL32, msvcrt, USER32
Exports	5 functions
Resources	2 Resources
Sections	11 Sections

Version Information

▼

CompanyName	Systems Next Soft Inc
FileDescription	Compressor Virtual Formatter
FileVersion	14.2.3.491
InternalName	web_sdk_buffer
LegalCopyright	Copyright (C) 2025 Systems Next Soft Inc
OriginalFilename	web_sdk_buffer.exe
ProductName	Web SDK Buffer Enhancer
ProductVersion	14.2.3.491
Translation	0x0409 0x04b0

PE Sections

▼

Name	Virtual Address	Virtual Size	Raw Size	Entropy	Characteristics	MD5
`.text`	`0x00001000`	25,728 bytes	26,112 bytes	6.38 (Normal)	`IMAGE_SCN_CNT_CODE\|IMAGE_SCN_MEM_EXECUTE\|IMAGE_SCN_MEM_READ`	`1A97A8436AEAE4343653AFE068C1AD30`
`.data`	`0x00008000`	128 bytes	512 bytes	0.65 (Normal)	`IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ\|IMAGE_SCN_MEM_WRITE`	`D29514CD037160B6A94A795FCE27884E`
`.rdata`	`0x00009000`	1,085,080 bytes	1,085,440 bytes	8.00 (Packed/Encrypted)	`IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ`	`9DEC9F864A03583B3BCDC1152A68BEC1`
`.pdata`	`0x00112000`	1,128 bytes	1,536 bytes	3.56 (Normal)	`IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ`	`5853570C61B63D2B1DA9A02C78705A8A`
`.xdata`	`0x00113000`	992 bytes	1,024 bytes	3.88 (Normal)	`IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ`	`27D7A5810611FD8B587FB31CD35B2773`
`.bss`	`0x00114000`	336 bytes	0 bytes	0.00 (Normal)	`IMAGE_SCN_CNT_UNINITIALIZED_DATA\|IMAGE_SCN_MEM_READ\|IMAGE_SCN_MEM_WRITE`	`D41D8CD98F00B204E9800998ECF8427E`
`.edata`	`0x00115000`	221 bytes	512 bytes	2.63 (Normal)	`IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ`	`95ACFEB97AB2821C8A0B2DC017EABEA3`
`.idata`	`0x00116000`	1,712 bytes	2,048 bytes	3.71 (Normal)	`IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ`	`48B7B0F9340D3B53D28B7C3B4F21701C`
`.tls`	`0x00117000`	16 bytes	512 bytes	0.00 (Normal)	`IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ\|IMAGE_SCN_MEM_WRITE`	`BF619EAC0CDF3F68D496EA9344137E8B`
`.rsrc`	`0x00118000`	1,368 bytes	1,536 bytes	3.83 (Normal)	`IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ`	`0546A7A0758ACE2D8B16A6C68962A01C`
`.reloc`	`0x00119000`	124 bytes	512 bytes	1.60 (Normal)	`IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_DISCARDABLE\|IMAGE_SCN_MEM_READ`	`F0EF87F78F887BB111BFF76A7B8148D7`

Entropy Analysis Alert

1 section(s) with high entropy (≥7.5) detected - possible packing/encryption

Resource Analysis

▼

Total Resources: 2 (1,203 bytes)

Resource Type	Count	Total Size	Percentage
RT_VERSION	1	856 bytes	71.2%
RT_MANIFEST	1	347 bytes	28.8%

Certificate Chain Analysis

▼

Certificate Information

Product	Web SDK Buffer Enhancer
Description	Compressor Virtual Formatter
File Version	14.2.3.491
Original Name	web_sdk_buffer.exe
Internal Name	web_sdk_buffer
Copyright	Copyright (C) 2025 Systems Next Soft Inc

✓ This file has been digitally signed and the certificate chain has been verified

The signature ensures file integrity and authenticity from the publisher
Timestamping proves when the signature was applied

Certificate Verification Status

No valid SignedData structure was found.

Recommendation: Verify the file source and ensure it comes from a trusted publisher.

Remember: This is Result of Online Virus Scanner

Gridinsoft Anti-Malware has a much more powerful virus scanning engine. We recommend using it for a more precise diagnosis of infected systems. This brief guide will help you install our flagship product for more accurate diagnostics:

Download Anti-Malware

Keep Your System Protected

This file appears clean, but regular security maintenance is important

Regular Scans: Run weekly system scans to detect new threats before they can cause damage.
Keep Software Updated: Ensure your operating system and all applications have the latest security patches.
Safe Browsing: Avoid suspicious websites and never download software from untrusted sources.
Email Security: Be cautious with email attachments and links, even from known contacts.

Proactive Protection

6 antivirus engines detected potential threats. This could be a false positive, especially for system tools or packed software. Verify the file source and check if it's digitally signed by a trusted publisher.

Share your thoughts or insights about this file. Do you align with our conclusion?

Your feedback could influence our rating, and rest assured, your email will remain confidential and will only be used to communicate with you if necessary.

Your Score for

5 4 3 2 1