Gridinsoft Logo

The Nexa v2 Fortnite.exe (Friendly Amazing app) File Analysis

Updated 1 year ago
Checked by Malaware Check
Nexa v2 Fortnite.exe

Technical Analysis

File Name Nexa v2 Fortnite.exe
File Type
Win32 EXE
Magic Bytes PE32+ executable (console) x86-64, for MS Windows
SSDEEP Hash
393216:qkV94WiohATcRHdKx5o/w3uCxHQboh68e+VqsvTy:R9d+wo5v3Fuboh68egqsvT
Scanner Version 1.0.168.174
Database Version 2024-03-03 03:00:20 UTC

Suspicious File Detected

Detected by 22 security engines - requires caution

This file requires additional checking for potential threats. Based on suspicious indicators, we will soon add it to our virus database.
31%
Detection Rate
14,810,442
File Size (bytes)
22/72
Engines Detected
2024-03-03
Analysis Date

Scan Another File

File Identification

Hash Type Value Action
MD5
0a8c28fe3abdbe071578a009ba048a79
SHA1
23d80170e077747ce3ed219b130e817102d27ee7
SHA256
2c4bcbb2ea0426f7d9936f9a8734aec6d858ab24b72f1043b7200be79e740dca
SHA512
38c9c8e4776a1eb8490e7e539aed88b7dd706a3a33318d24c9398b19e9002dc03d2ab9dbdeeee4f050b8d829fe9484f8d222f91c4eb00b5f2a6d7186c55fd637
ImpHash
bae3d3e8262d7ce7e9ee69cc1b630d3a

Security Engines with Detections (22 of 72)

Bkav
W64.AIDetectMalware Malicious
Elastic
malicious (high confidence) Malicious
Skyhigh
BehavesLike.Win64.Dropper.vc Malicious
McAfee
Artemis!0A8C28FE3ABD Malicious
CrowdStrike
win/malicious_confidence_100% (D) Malicious
Symantec
Infostealer Malicious
ESET-NOD32
a variant of Win32/Packed.PyInstaller.H Malicious
APEX
Malicious Malicious
Cynet
Malicious (score: 100) Malicious
Kaspersky
HEUR:Trojan.Python.Pytr.bi Malicious
Alibaba
TrojanPSW:Win32/Almi_Disco.b Malicious
Avast
Python:Agent-SP [Trj] Malicious
Sophos
Mal/Generic-S Malicious
Ikarus
Trojan.Python.Crypt Malicious
Google
Detected Malicious
Antiy-AVL
GrayWare/Win32.Wacapew Malicious
ZoneAlarm
HEUR:Trojan.Python.Pytr.bi Malicious
Microsoft
Trojan:Win32/Wacatac.B!ml Malicious
Malwarebytes
RiskWare.Agent.Python Malicious
Tencent
Win32.Trojan.Pytr.Twhl Malicious
Fortinet
Python/Agent.ADT!tr Malicious
AVG
Python:Agent-SP [Trj] Malicious
50 engines reported no threats - Only engines with detections are shown above for clarity

PE Analysis

Basic Information

Image Base 0x140000000
Entry Point 0x14000b7d0
Compilation Time 2024-02-14 12:09:20
Checksum 0x00e26f69 (Actual: 0x00e26f69)
OS Version 5.2
PEiD Signatures PE32+ executable (console) x86-64, for MS Windows
Digital Signature The PE file does not contain a certificate table.
Imports 3 libraries
USER32, KERNEL32, ADVAPI32
Exports 0 functions
Resources 2 Resources
Sections 7 Sections

Version Information

CompanyName Hawkish Compagny
FileDescription Friendly Amazing app
FileVersion 5.0.0.0.5489 (win7sp1_rtm.101119-1850)
InternalName Sordeal
LegalCopyright © Hawkish Team all right reserved.
OriginalFilename main.py
ProductName Hawkish ethical hacking® System
ProductVersion 5.0.0.0.5489
Translation 0x0409 0x04b0

PE Sections

Name Virtual Address Virtual Size Raw Size Entropy Characteristics MD5
.text 0x00001000 171,920 bytes 172,032 bytes 6.50 (Compressed) IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ D77650C42FE7F26E50FFD3A1EB04824B
.rdata 0x0002b000 76,322 bytes 76,800 bytes 5.83 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 9463ECC686819EABAD82FD234B973904
.data 0x0003e000 13,128 bytes 3,584 bytes 1.83 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE AB6BBF08F3667724642DB2D3BFD413C7
.pdata 0x00042000 8,976 bytes 9,216 bytes 5.36 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 189D7D6CD859F2885B41151291DF8E67
_RDATA 0x00045000 348 bytes 512 bytes 2.82 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 8073AC06255148B944B04F6A459B3F91
.rsrc 0x00046000 2,320 bytes 2,560 bytes 5.18 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ D517488C1A1051E3E95D54BE951C56EB
.reloc 0x00047000 1,884 bytes 2,048 bytes 5.24 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ EC92FD910E5F98E8BD04CA09D1B19E26
Entropy Analysis Alert

1 section(s) with elevated entropy (≥6.5) - possible compression

Resource Analysis

Total Resources: 2 (2,160 bytes)
Resource Type Count Total Size Percentage
RT_VERSION 1 856 bytes
39.6%
RT_MANIFEST 1 1,304 bytes
60.4%

Certificate Chain Analysis

Certificate Information
Product Hawkish ethical hacking® System
Description Friendly Amazing app
File Version 5.0.0.0.5489 (win7sp1_rtm.101119-1850)
Original Name main.py
Internal Name Sordeal
Copyright © Hawkish Team all right reserved.

✓ This file has been digitally signed and the certificate chain has been verified

  • The signature ensures file integrity and authenticity from the publisher
  • Timestamping proves when the signature was applied
Certificate Verification Status

The PE file does not contain a certificate table.

Recommendation: Verify the file source and ensure it comes from a trusted publisher.

Remember: This is Result of Online Virus Scanner

Gridinsoft Anti-Malware has a much more powerful virus scanning engine. We recommend using it for a more precise diagnosis of infected systems. This brief guide will help you install our flagship product for more accurate diagnostics:

Download Anti-Malware

Keep Your System Protected

This file appears clean, but regular security maintenance is important

  1. Regular Scans: Run weekly system scans to detect new threats before they can cause damage.
  2. Keep Software Updated: Ensure your operating system and all applications have the latest security patches.
  3. Safe Browsing: Avoid suspicious websites and never download software from untrusted sources.
  4. Email Security: Be cautious with email attachments and links, even from known contacts.
Proactive Protection
22 antivirus engines detected potential threats. This could be a false positive, especially for system tools or packed software. Verify the file source and check if it's digitally signed by a trusted publisher.

Leave a Comment

Share your thoughts or insights about this file. Do you align with our conclusion?

* Your feedback could influence our rating, and rest assured, your email will remain confidential and will only be used to communicate with you if necessary.
Your Score for

Gridinsoft Anti-Malware

Cure your PC from any kind of malware

GridinSoft Anti-Malware will help you to protect your computer from spyware, trojans, backdoors, rootkits. It cleans your system from annoying advertisement modules and other malicious stuff developed by hackers.

Anti-Malware Download Now
Gridinsoft Anti-Malware