T1 exe Susp XOREncoded File Malware Analysis: be1b4d5bcb211d3a86bda588c3dc2227
Gridinsoft Logo

T1.exe Susp XOREncoded Analysis

Updated 4 hours ago
Checked by Malware Check
t1.exe

Technical Analysis

File Name t1.exe
File Type
PE32+ executable (GUI) x86-64, for MS Windows
Scanner Version 1.0.224.174
Database Version 2025-09-18 03:01:28 UTC

Susp.U.XOREncoded.sd!yf

Malware family: XOREncoded

XOR-encoded malware uses XOR encryption algorithms to obfuscate malicious code and evade security detection systems.
N/A
Detection Rate
387,072
File Size (bytes)
2025-09-18
Analysis Date

Scan Another File

File Identification

Hash Type Value Action
MD5
be1b4d5bcb211d3a86bda588c3dc2227
SHA1
fadfe3366f2a6c1b83198d1e1aa2a003b4ffa63a
SHA256
3faaca272de97bf3720a4bd62c4717ca67236b15175ccab7a53c9eaf2b5d1c08
SHA512
38232b6007eaa7eba730685f9f704f45a63c347b930c172c8499f8292d72afcc3bdd6f1de12a90d2acae2acd84b5325aacbcec8d7343372d1ad32fe983ca3a52
ImpHash
f14be6d5d3e38c5c5822177033d5afaa

PE Analysis

Basic Information

Image Base 0x140000000
Entry Point 0x14001cc04
Compilation Time 2025-09-18 00:21:04
Checksum 0x000667f1 (Actual: 0x000667f1)
OS Version 6.0
PEiD Signatures PE32+ executable (GUI) x86-64, for MS Windows
Digital Signature No valid SignedData structure was found.
Imports 1 libraries
KERNEL32
Exports 0 functions
Resources 2 Resources
Sections 6 Sections

Version Information

FileDescription Project Zomboid Game
InternalName ProjectZomboid.exe
OriginalFilename ProjectZomboid.exe
CompanyName The Indie Stone
LegalCopyright © The Indie Stone. All rights reserved.
ProductName Project Zomboid
FileVersion 42.11.0.0
ProductVersion 42.11
Translation 0x0409 0x04b0

PE Sections

Name Virtual Address Virtual Size Raw Size Entropy Characteristics MD5
.text 0x00001000 267,360 bytes 267,776 bytes 6.46 (Normal) IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ 337FF2EC7C83C40F1F9713C78AE55CB3
.rdata 0x00043000 93,542 bytes 93,696 bytes 5.27 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 281192ABCDA5B06569C349FBA1360AB2
.data 0x0005a000 11,712 bytes 6,144 bytes 3.25 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 99CCA593F205B3AAC1CF37D11B8287BE
.pdata 0x0005d000 12,696 bytes 12,800 bytes 5.62 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 642FF7489A1F5F0C09C6C1104D75BDEB
.reloc 0x00061000 2,556 bytes 2,560 bytes 5.44 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ E32C1CB80EE5CDFCF890E27D57E2681F
.rsrc 0x00062000 2,679 bytes 3,072 bytes 4.59 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 73F5E49CDE0C3F6A6624C690A0C8F901

Resource Analysis

Total Resources: 2 (2,519 bytes)
Resource Type Count Total Size Percentage
RT_VERSION 1 800 bytes
31.8%
RT_MANIFEST 1 1,719 bytes
68.2%

Certificate Chain Analysis

No Digital Signatures

This file is not digitally signed.

Security Implications:
  • Cannot verify the publisher's identity
  • Increased security risk when running this file
  • May trigger security warnings on some systems

⚠ This file either lacks a digital signature or the certificate chain could not be verified
Exercise caution when executing unsigned files from unknown sources

Certificate Verification Status

No valid SignedData structure was found.

Recommendation: Verify the file source and ensure it comes from a trusted publisher.

Susp.U.XOREncoded.sd!yf Removal

Gridinsoft has the capability to identify and eliminate Susp.U.XOREncoded.sd!yf without requiring further user intervention.

Download Anti-Malware

Removal Instructions

Follow these steps to completely remove the threat from your system

  1. Start by downloading Gridinsoft Anti-Malware to your computer.
  2. Double-click on the gsam-en-install.exe file and follow the on-screen instructions to install the program.
  3. Once the installation of Gridinsoft Anti-Malware is complete, the program will open on the Scan screen.
  4. Click on the "Standard Scan" button to begin scanning your computer for threats.
  5. After the scanning process is finished, click on "Clean Now" to remove any detected threats.
  6. If prompted, restart your system to complete the removal process and ensure all threats are eliminated.
Important: Before You Start
Disconnect from the internet to prevent the malware from spreading or downloading additional threats. Run the scan in Safe Mode for better detection and removal of persistent threats.

Leave a Comment

Share your thoughts or insights about this file. Do you align with our conclusion?

* Your feedback could influence our rating, and rest assured, your email will remain confidential and will only be used to communicate with you if necessary.
Your Score for

Gridinsoft Anti-Malware

Cure your PC from any kind of malware

GridinSoft Anti-Malware will help you to protect your computer from spyware, trojans, backdoors, rootkits. It cleans your system from annoying advertisement modules and other malicious stuff developed by hackers.

Anti-Malware Download Now
Gridinsoft Anti-Malware