Gridinsoft Logo

OnlineFix64.dll Trojan Heuristic Analysis

Updated 12 days ago
Checked by Malaware Check
OnlineFix64.dll

Technical Analysis

File Name OnlineFix64.dll
File Type
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Scanner Version 1.0.216.174
Database Version 2025-05-20 03:00:35 UTC

Trojan.Heur!.022120A2

Malware family: Heuristic

Heuristic detection uses behavioral analysis and pattern recognition to identify potential threats without specific signatures. This proactive approach detects suspicious code behavior that may indicate malware presence. Detection may occasionally produce false positives when legitimate software exhibits similar behavioral patterns.
N/A
Detection Rate
11,846,144
File Size (bytes)
2025-05-20
Analysis Date

Scan Another File

File Identification

Hash Type Value Action
MD5
1dc3a9fd539541dfd04ba19b0e65a1bb
SHA1
2a0ab8d86a16546ee040d866dc8e7acc9888a12c
SHA256
316eba6541ee72195e949c04597a37309869f683b96561f558c231d796974b10
SHA512
0110d961a7d4ac14f075fdabb1c5366c73c76397b3b3f34df72991dd2cf14ced18a0293d49f48b2bb1eaac5206945aa4e7acac48fcd0c7380cc13a14558cfe50
ImpHash
10c1b70987e42d05f256c6e82924ec7e

PE Analysis

Basic Information

Image Base 0x180000000
Entry Point 0x180f4e95b
Compilation Time 2025-03-05 20:05:03
Checksum 0x00000000 (Actual: 0x00b54570)
OS Version 6.0
PEiD Signatures PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Digital Signature No valid SignedData structure was found.
Imports 6 libraries
KERNEL32, USER32, SHELL32, WS2_32, WLDAP32, ADVAPI32
Exports 44 functions
Resources 1 Resources
Sections 9 Sections

Version Information

CompanyName Online-Fix.Me
FileDescription Online-Fix Steamclient
FileVersion 1.3.3.1
LegalCopyright Copyright (C) 2021-2025, 0xdeadc0de
ProductVersion 1.3.3.1
Translation 0x0007 0x04b0

PE Sections

Name Virtual Address Virtual Size Raw Size Entropy Characteristics MD5
.text 0x00001000 1,840,464 bytes 0 bytes 0.00 (Normal) IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ D41D8CD98F00B204E9800998ECF8427E
.rdata 0x001c3000 640,200 bytes 0 bytes 0.00 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ D41D8CD98F00B204E9800998ECF8427E
.data 0x00260000 321,840 bytes 0 bytes 0.00 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE D41D8CD98F00B204E9800998ECF8427E
.pdata 0x002af000 91,884 bytes 0 bytes 0.00 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ D41D8CD98F00B204E9800998ECF8427E
.of0 0x002c6000 6,139,475 bytes 0 bytes 0.00 (Normal) IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ D41D8CD98F00B204E9800998ECF8427E
.of1 0x008a1000 152 bytes 512 bytes 0.34 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE BCFC4566DA36B533DE81595A7DBE9428
.of2 0x008a2000 11,842,980 bytes 11,843,072 bytes 7.79 (Packed/Encrypted) IMAGE_SCN_CNT_CODE|IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_NOT_PAGED|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ BE34571461E2A7E29DB650AE73CF94A8
.rsrc 0x013ee000 664 bytes 1,024 bytes 2.33 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 1EC9F168A00269E24815BFB907EF9BBD
.reloc 0x013ef000 296 bytes 512 bytes 2.71 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ BF71DACC66F7F05D4BE3DB5A1C9D30D9
Entropy Analysis Alert

1 section(s) with high entropy (≥7.5) detected - possible packing/encryption

Resource Analysis

Total Resources: 1 (576 bytes)
Resource Type Count Total Size Percentage
RT_VERSION 1 576 bytes
100%

Certificate Chain Analysis

No Digital Signatures

This file is not digitally signed.

Security Implications:
  • Cannot verify the publisher's identity
  • Increased security risk when running this file
  • May trigger security warnings on some systems

⚠ This file either lacks a digital signature or the certificate chain could not be verified
Exercise caution when executing unsigned files from unknown sources

Certificate Verification Status

No valid SignedData structure was found.

Recommendation: Verify the file source and ensure it comes from a trusted publisher.

Trojan.Heur!.022120A2 Removal

Gridinsoft has the capability to identify and eliminate Trojan.Heur!.022120A2 without requiring further user intervention.

Download Anti-Malware

Removal Instructions

Follow these steps to completely remove the threat from your system

  1. Start by downloading Gridinsoft Anti-Malware to your computer.
  2. Double-click on the gsam-en-install.exe file and follow the on-screen instructions to install the program.
  3. Once the installation of Gridinsoft Anti-Malware is complete, the program will open on the Scan screen.
  4. Click on the "Standard Scan" button to begin scanning your computer for threats.
  5. After the scanning process is finished, click on "Clean Now" to remove any detected threats.
  6. If prompted, restart your system to complete the removal process and ensure all threats are eliminated.
Important: Before You Start
Disconnect from the internet to prevent the malware from spreading or downloading additional threats. Run the scan in Safe Mode for better detection and removal of persistent threats.

Leave a Comment

Share your thoughts or insights about this file. Do you align with our conclusion?

* Your feedback could influence our rating, and rest assured, your email will remain confidential and will only be used to communicate with you if necessary.
Your Score for

Gridinsoft Anti-Malware

Cure your PC from any kind of malware

GridinSoft Anti-Malware will help you to protect your computer from spyware, trojans, backdoors, rootkits. It cleans your system from annoying advertisement modules and other malicious stuff developed by hackers.

Anti-Malware Download Now
Gridinsoft Anti-Malware