Gridinsoft Logo
File Icon

The Windows Loader.exe File Analysis

Updated 3 months ago
Checked by Malware Check
Windows Loader.exe

Technical Analysis

File Name Windows Loader.exe
File Type
Win32 EXE
Magic Bytes PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
SSDEEP Hash
49152:cEYCFEvlmOmTgtFM3uK5m3imrHuiff+puWV355FXw/+zuWV355FXw/+DuWV355FP:cEYzEFTgtFM3ukm3imPnt
Scanner Version 1.0.226.174
Database Version 2025-10-04 03:00:35 UTC

Suspicious File Detected

Detected by 47 security engines - requires caution

This file requires additional checking for potential threats. Based on suspicious indicators, we will soon add it to our virus database.
65%
Detection Rate
4,021,049
File Size (bytes)
47/72
Engines Detected
2025-10-04
Analysis Date

Scan Another File

File Identification

Hash Type Value Action
MD5
323c0fd51071400b51eedb1be90a8188
SHA1
0efc35935957c25193bbe9a83ab6caa25a487ada
SHA256
2f2aba1e074f5f4baa08b524875461889f8f04d4ffc43972ac212e286022ab94
SHA512
4c501c7135962e2f02b68d6069f2191ddb76f990528dacd209955a44972122718b9598400ba829abab2d4345b4e1a4b93453c8e7ba42080bd492a34cf8443e7e
ImpHash
ac2ed402c59cc91af94988a7c20ffd67

Security Engines with Detections (47 of 72)

Lionic
Hacktool.Win32.KMSAuto.tpA0 Malicious
MicroWorld-eScan
Application.Hacktool.PR Malicious
ClamAV
Win.Malware.Aa93a15d-6745814-0 Malicious
CAT-QuickHeal
Trojan.HackTool Malicious
Skyhigh
HackTool-AutoKMS.b Malicious
ALYac
Misc.HackTool.AutoKMS Malicious
Cylance
unsafe Malicious
K7AntiVirus
Trojan ( 005a95c11 ) Malicious
K7GW
Trojan ( 005a95c11 ) Malicious
Cybereason
malicious.35957c Malicious
BitDefenderTheta
Gen:NN.ZexaF.36608.1pNfaCUzYHli Malicious
Symantec
SMG.Heur!gen Malicious
Elastic
malicious (moderate confidence) Malicious
ESET-NOD32
Win32/HackTool.WinActivator.I potentially unsafe Malicious
Cynet
Malicious (score: 100) Malicious
Kaspersky
HackTool.Win32.KMSAuto.bu Malicious
BitDefender
Application.Hacktool.PR Malicious
Rising
HackTool.WinLoader!8.118A6 (CLOUD) Malicious
Emsisoft
Application.Hacktool.PR (B) Malicious
VIPRE
Application.Hacktool.PR Malicious
TrendMicro
CRCK_KEYGEN Malicious
FireEye
Generic.mg.323c0fd51071400b Malicious
Sophos
Windows 7 Loader (PUA) Malicious
Ikarus
HackTool.Keygen.WindowsLoader Malicious
GData
Win32.Riskware.WinActivator.A Malicious
Webroot
W32.Hack.Tool Malicious
Google
Detected Malicious
Antiy-AVL
Worm/Win32.AutoRun Malicious
Kingsoft
Win32.HackTool.KMSAuto.bu Malicious
Xcitium
ApplicUnwnt@#32fw5ixuqd35c Malicious
Arcabit
Application.Hacktool.PR Malicious
ZoneAlarm
HackTool.Win32.KMSAuto.bu Malicious
Microsoft
HackTool:Win32/Keygen Malicious
Varist
W32/A-aa93a15d!Eldorado Malicious
McAfee
HackTool-AutoKMS.b Malicious
MAX
malware (ai score=100) Malicious
Malwarebytes
HackTool.Agent Malicious
Panda
HackTool/Activator Malicious
Zoner
Trojan.Win32.99550 Malicious
TrendMicro-HouseCall
CRCK_KEYGEN Malicious
Tencent
Malware.Win32.Gencirc.10bdebb0 Malicious
Yandex
Trojan.Igent.bUzNOx.20 Malicious
SentinelOne
Static AI - Malicious PE Malicious
MaxSecure
Trojan.Malware.7164915.susgen Malicious
Fortinet
Riskware/KMSAuto Malicious
DeepInstinct
MALICIOUS Malicious
CrowdStrike
win/grayware_confidence_100% (W) Malicious
25 engines reported no threats - Only engines with detections are shown above for clarity

PE Analysis

Basic Information

Icon
Hash: 7708abf59bbc452a0f3b55b3e16747c6
Fuzzy: f92eb7cee5078db53620536289663d12
dHash: 177165f0f071330f
Image Base 0x00400000
Entry Point 0x0061a9a0
Compilation Time 2007-10-31 16:53:19
Checksum 0x00000000 (Actual: 0x003d6a38)
OS Version 4.0
PEiD Signatures PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Digital Signature No valid SignedData structure was found.
Imports 12 libraries
Exports 0 functions
Resources 16 Resources
Sections 3 Sections

Version Information

CompanyName
FileVersion 2.2.2.0
Country
Release Final
FileDescription
LegalCopyright
ProductVersion
ProductName
OriginalFilename Windows Loader.exe
InternalName

PE Sections

Name Virtual Address Virtual Size Raw Size Entropy Characteristics MD5
UPX0 0x00001000 1,613,824 bytes 0 bytes 0.00 (Normal) IMAGE_SCN_CNT_UNINITIALIZED_DATA|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE D41D8CD98F00B204E9800998ECF8427E
UPX1 0x0018b000 593,920 bytes 591,360 bytes 8.00 (Packed/Encrypted) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE E100668F6A8C9FF012CD8E25B4912B0B
.rsrc 0x0021c000 28,672 bytes 27,136 bytes 5.78 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE BDAA6CE7A2FB1875918FF969A323F413
Entropy Analysis Alert

1 section(s) with high entropy (≥7.5) detected - possible packing/encryption

Resource Analysis

Total Resources: 16 (26,217 bytes)
Resource Type Count Total Size Percentage
PICKLE 1 8 bytes
0%
RT_CURSOR 3 924 bytes
3.5%
RT_ICON 6 22,384 bytes
85.4%
RT_GROUP_CURSOR 3 60 bytes
0.2%
RT_GROUP_ICON 1 90 bytes
0.3%
RT_VERSION 1 1,888 bytes
7.2%
RT_MANIFEST 1 863 bytes
3.3%

Certificate Chain Analysis

No Digital Signatures

This file is not digitally signed.

Security Implications:
  • Cannot verify the publisher's identity
  • Increased security risk when running this file
  • May trigger security warnings on some systems

⚠ This file either lacks a digital signature or the certificate chain could not be verified
Exercise caution when executing unsigned files from unknown sources

Certificate Verification Status

No valid SignedData structure was found.

Recommendation: Verify the file source and ensure it comes from a trusted publisher.

Remember: This is Result of Online Virus Scanner

Gridinsoft Anti-Malware has a much more powerful virus scanning engine. We recommend using it for a more precise diagnosis of infected systems. This brief guide will help you install our flagship product for more accurate diagnostics:

Download Anti-Malware

Keep Your System Protected

This file appears clean, but regular security maintenance is important

  1. Regular Scans: Run weekly system scans to detect new threats before they can cause damage.
  2. Keep Software Updated: Ensure your operating system and all applications have the latest security patches.
  3. Safe Browsing: Avoid suspicious websites and never download software from untrusted sources.
  4. Email Security: Be cautious with email attachments and links, even from known contacts.
Proactive Protection
47 antivirus engines detected potential threats. This could be a false positive, especially for system tools or packed software. Verify the file source and check if it's digitally signed by a trusted publisher.

Leave a Comment

Share your thoughts or insights about this file. Do you align with our conclusion?

Your feedback could influence our rating, and rest assured, your email will remain confidential and will only be used to communicate with you if necessary.

Your Score for
/

Gridinsoft Anti-Malware

Stay Malware-Free: Keep Your PC Protected with Gridinsoft Anti-Malware

Gridinsoft Anti-Malware offers just that—peace of mind with a robust, user-friendly solution that’s constantly updated to combat the latest threats. Designed by cybersecurity experts, it provides real-time protection and effortless malware removal. It’s not just about detecting threats; it's about enhancing your digital life with uninterrupted security. Give it a try and experience what it feels like to browse worry-free!

Gridinsoft Anti-Malware Download Now
Gridinsoft Anti-Malware