| File Name | Ragexe.exe |
| File Type |
PE32 executable (GUI) Intel 80386, for MS Windows
|
| Scanner Version | 1.0.218.174 |
| Database Version | 2025-06-11 05:00:13 UTC |
Malware family: Heuristic
| Hash Type | Value | Action |
|---|---|---|
| MD5 |
a18fc73b0654d89e9367f52213fbcef8
|
|
| SHA1 |
3da3f62f75587c02b1334bd3b3b9040ad59d9053
|
|
| SHA256 |
29a8ddda37f2714fae7b6cc938d25af3a7fa6805bd5d7ecc6589194accceb024
|
|
| SHA512 |
6b1398ccda4b09e42b59d01a07d85692bf899524f645a4c24f40cd0b8abc9a2994e211be51bb2b3c848293dcfe3ad25a1a42e00ba5824089609b881bf088b575
|
|
| ImpHash |
d226e417a822824ebf07289084a5372a
|
| Icon |
Hash: 0187b7d3936a5388b3c10d9d68ada75d
Fuzzy: 0ec75c82573e8f98ec6f6b7e9e410624 dHash: c4c4b08e86869c9a |
| Image Base | 0x00400000 |
| Entry Point | 0x01aa8058 |
| Compilation Time | 2025-06-05 05:04:37 |
| Checksum | 0x0069e2f7 (Actual: 0x00691d40) |
| OS Version | 6.0 |
| PEiD Signatures |
PE32 executable (GUI) Intel 80386, for MS Windows
|
| PDB Path | C:\repositories\RagnarokClient\RagnarokClient\Release Overseas V142 C++20\Ragexe_up.pdb |
| Digital Signature | OK |
| Imports | 38 libraries |
| Exports | 1 functions |
| Resources | 3 Resources |
| Sections | 12 Sections |
| Name | Virtual Address | Virtual Size | Raw Size | Entropy | Characteristics | MD5 |
|---|---|---|---|---|---|---|
|
0x00001000 |
11,409,517 bytes | 2,813,952 bytes | 8.00 (Packed/Encrypted) |
IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ
|
9AD13E9A54C798BF56CB1F4B5E1D3178 |
|
0x00ae3000 |
1,716,094 bytes | 342,528 bytes | 8.00 (Packed/Encrypted) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ
|
2E36C5F2F0B1085B4B0ACBF20F4797E6 |
|
0x00c86000 |
4,262,100 bytes | 57,344 bytes | 7.99 (Packed/Encrypted) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE
|
59852087ABE1438DD665CD4BB0DEABFE |
|
0x01097000 |
161,360 bytes | 52,736 bytes | 7.99 (Packed/Encrypted) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ
|
12EDEB45B6B0BF30C3A928CE5E5F8C47 |
.debug |
0x010bf000 |
4,096 bytes | 1,536 bytes | 4.46 (Normal) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ
|
13CDDC607BA077ABFB7899857A4DC2E8 |
.edata |
0x010c0000 |
4,096 bytes | 512 bytes | 1.33 (Normal) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ
|
3A1C52CFCFDDB350BBA440C9ED028981 |
.vm_sec |
0x010c1000 |
16,384 bytes | 16,384 bytes | 3.42 (Normal) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE
|
627F064B36BA198470E5BC9DB26E8CC8 |
.idata |
0x010c5000 |
4,096 bytes | 2,560 bytes | 4.56 (Normal) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE
|
99D52B8C4C877D31BFD0225EE0A8565F |
.tls |
0x010c6000 |
20,480 bytes | 17,408 bytes | 0.01 (Normal) |
IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE
|
E12DEC744C74358C561820E97AAD3EB9 |
.rsrc |
0x010cb000 |
4,096 bytes | 2,048 bytes | 4.46 (Normal) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ
|
953263C11018B93BB3AC0DF647B5ACA3 |
.winlice |
0x010cc000 |
6,144,000 bytes | 0 bytes | 0.00 (Normal) |
IMAGE_SCN_CNT_CODE|IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE
|
D41D8CD98F00B204E9800998ECF8427E |
.boot |
0x016a8000 |
3,570,176 bytes | 3,566,592 bytes | 7.97 (Packed/Encrypted) |
IMAGE_SCN_CNT_CODE|IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ
|
AB49F68CA456237C9A19C8FBB0D7FFFD |
5 section(s) with high entropy (≥7.5) detected - possible packing/encryption
| Resource Type | Count | Total Size | Percentage |
|---|---|---|---|
| RT_ICON | 1 | 744 bytes | |
| RT_GROUP_ICON | 1 | 20 bytes | |
| RT_MANIFEST | 1 | 786 bytes |
This file is not digitally signed.
⚠ This file either lacks a digital signature or the certificate chain could not be verified
Exercise caution when executing unsigned files from unknown sources
OK
Gridinsoft has the capability to identify and eliminate Trojan.Heur!.01252021 without requiring further user intervention.
Download Anti-MalwareFollow these steps to completely remove the threat from your system
