Gridinsoft Logo
File Icon

Rbc.exe Trojan Heuristic Analysis

Updated 20 days ago
Checked by Malware Check
rbc.exe

Technical Analysis

File Name rbc.exe
File Type
PE32 executable (GUI) Intel 80386, for MS Windows
Scanner Version 1.0.231.174
Database Version 2025-12-20 15:00:35 UTC

Trojan.Heur!.02052421

Malware family: Heuristic

Heuristic detection uses behavioral analysis and pattern recognition to identify potential threats without specific signatures. This proactive approach detects suspicious code behavior that may indicate malware presence. Detection may occasionally produce false positives when legitimate software exhibits similar behavioral patterns.
N/A
Detection Rate
64,195,072
File Size (bytes)
2025-12-20
Analysis Date

Scan Another File

File Identification

Hash Type Value Action
MD5
45fa70147642e3900ca5d5e4931300c7
SHA1
0e227d4c3719abe8043185fefbe13ef78571ea96
SHA256
3487d6d9702047c27db51625485d6606fb54228df943eea38d81b1685c62ec55
SHA512
2b7d4bb34bc77f05e37bccee4e22b714610b97439547c71321961be50963c1e1b3933ece6d7060b19d74312183e6855e0ce1368aaf472a4055cc819b40ae26c6
ImpHash
56faee275b9d25d0dc7072938de7608f

PE Analysis

Basic Information

Icon
Hash: b886e378fdf9bcabb3e7da2da9a12f87
Fuzzy: 60389a1249932a2f770d716f082a9163
dHash: 55072b3b694d4971
Image Base 0x00400000
Entry Point 0x03f2205a
Compilation Time 2025-12-20 02:41:20
Checksum 0x00000000 (Actual: 0x03d409d0)
OS Version 6.0
PEiD Signatures PE32 executable (GUI) Intel 80386, for MS Windows
Digital Signature No valid SignedData structure was found.
Imports 22 libraries
Exports 2 functions
Resources 33 Resources
Sections 7 Sections

Version Information

CompanyName Rubinum Entertainment
FileDescription Rubinum game client (x86)
FileVersion 1.1.36.2882
InternalName rbclient
LegalCopyright Copyright (C) 2020 Rubinum
LegalTrademarks1 All Rights Reserved.
OriginalFilename rbclient.exe
ProductName Rubinum
ProductVersion 1.1.36.2882
Translation 0x0809 0x04b0

PE Sections

Name Virtual Address Virtual Size Raw Size Entropy Characteristics MD5
.text 0x00001000 47,569,426 bytes 47,569,920 bytes 6.50 (Compressed) IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_NOT_PAGED|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ 24CD464CA2158BFC312B560937D20F5A
.rdata 0x02d5f000 3,811,394 bytes 3,811,840 bytes 5.95 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_NOT_PAGED|IMAGE_SCN_MEM_READ 356DF9A70072FB3ED793CF2AFC5265AC
.data 0x03102000 4,319,300 bytes 3,489,792 bytes 5.40 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE E57DD84FA7C65A4CF102735DF0D45905
.It/ 0x03521000 5,960,705 bytes 5,961,216 bytes 7.72 (Packed/Encrypted) IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_NOT_PAGED|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ AFF9EC398A2F31A4FB7894AE3F3F526D
.Nm\ 0x03ad1000 4,092 bytes 4,096 bytes 0.34 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 5424474FCAE23DAF21A1F72EF5E1B2CE
.9`M 0x03ad2000 3,249,552 bytes 3,249,664 bytes 7.53 (Packed/Encrypted) IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_NOT_PAGED|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ 3B2530FDC10781DD111338AF29BE1DB4
.rsrc 0x03dec000 107,181 bytes 107,520 bytes 5.05 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 28E3990CF569447D546236490E139FAB
Entropy Analysis Alert

2 section(s) with high entropy (≥7.5) detected - possible packing/encryption

1 section(s) with elevated entropy (≥6.5) - possible compression

Resource Analysis

Total Resources: 33 (105,411 bytes)
Resource Type Count Total Size Percentage
RT_CURSOR 13 33,980 bytes
32.2%
RT_ICON 2 69,688 bytes
66.1%
RT_STRING 1 226 bytes
0.2%
RT_GROUP_CURSOR 13 260 bytes
0.2%
RT_GROUP_ICON 2 40 bytes
0%
RT_VERSION 1 848 bytes
0.8%
RT_MANIFEST 1 369 bytes
0.4%

Certificate Chain Analysis

No Digital Signatures

This file is not digitally signed.

Security Implications:
  • Cannot verify the publisher's identity
  • Increased security risk when running this file
  • May trigger security warnings on some systems

⚠ This file either lacks a digital signature or the certificate chain could not be verified
Exercise caution when executing unsigned files from unknown sources

Certificate Verification Status

No valid SignedData structure was found.

Recommendation: Verify the file source and ensure it comes from a trusted publisher.

Trojan.Heur!.02052421 Removal

Gridinsoft has the capability to identify and eliminate Trojan.Heur!.02052421 without requiring further user intervention.

Download Anti-Malware

Removal Instructions

Follow these steps to completely remove the threat from your system

  1. Start by downloading Gridinsoft Anti-Malware to your computer.
  2. Double-click on the gsam-en-install.exe file and follow the on-screen instructions to install the program.
  3. Once the installation of Gridinsoft Anti-Malware is complete, the program will open on the Scan screen.
  4. Click on the "Standard Scan" button to begin scanning your computer for threats.
  5. After the scanning process is finished, click on "Clean Now" to remove any detected threats.
  6. If prompted, restart your system to complete the removal process and ensure all threats are eliminated.
Important: Before You Start
Disconnect from the internet to prevent the malware from spreading or downloading additional threats. Run the scan in Safe Mode for better detection and removal of persistent threats.

Leave a Comment

Share your thoughts or insights about this file. Do you align with our conclusion?

Your feedback could influence our rating, and rest assured, your email will remain confidential and will only be used to communicate with you if necessary.

Your Score for
/

Gridinsoft Anti-Malware

Stay Malware-Free: Keep Your PC Protected with Gridinsoft Anti-Malware

Gridinsoft Anti-Malware offers just that—peace of mind with a robust, user-friendly solution that’s constantly updated to combat the latest threats. Designed by cybersecurity experts, it provides real-time protection and effortless malware removal. It’s not just about detecting threats; it's about enhancing your digital life with uninterrupted security. Give it a try and experience what it feels like to browse worry-free!

Gridinsoft Anti-Malware Download Now
Gridinsoft Anti-Malware