The WinFlash64 exe File Malware Analysis

Hash Type	Value	Action
MD5	4d4ff5337a60191df9575c35cf310d50
SHA1	e60893737efdb2f5c6e8f0926d596b9d3a5fd005
SHA256	410a851a47d99cc068e65f42ebdec028084d79bfc64f190586bb6fe4723a90b1
SHA512	ac3fe1199741c5ef2fcb060304febd08068d19654e0eff443e91c1cfd550bea6c3c32d79e46589202126e5296824fc93883b5fd03061049fa91a89554be21831
ImpHash	149f8f8a11e2a4829fe921cc872095c5

PE Analysis

Basic Information

▼

Image Base	`0x00400000`
Entry Point	`0x00401530`
Compilation Time	2024-06-14 03:07:04
Checksum	0x0015ca27 (Actual: 0x0015ca27)
OS Version	4.0
PEiD Signatures	`PE32+ executable (console) x86-64, for MS Windows`
Digital Signature	OK
Imports	7 libraries ADVAPI32, CRYPT32, KERNEL32, msvcrt, POWRPROF, SHLWAPI, USER32
Exports	0 functions
Resources	5 Resources
Sections	17 Sections

PE Sections

▼

Name	Virtual Address	Virtual Size	Raw Size	Entropy	Characteristics	MD5
`.text`	`0x00001000`	576,672 bytes	577,024 bytes	6.32 (Normal)	`IMAGE_SCN_CNT_CODE\|IMAGE_SCN_MEM_EXECUTE\|IMAGE_SCN_MEM_READ\|IMAGE_SCN_ALIGN_16BYTES`	`BC6D8451952B90E57F877F78815E50D7`
`.data`	`0x0008e000`	17,952 bytes	18,432 bytes	4.97 (Normal)	`IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ\|IMAGE_SCN_MEM_WRITE\|IMAGE_SCN_ALIGN_16BYTES`	`DA6F7B7A021464DE3ADAB9AF9EDA56BA`
`.rdata`	`0x00093000`	237,840 bytes	238,080 bytes	7.53 (Packed/Encrypted)	`IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ\|IMAGE_SCN_ALIGN_16BYTES`	`19CECB9DF896577FEAFE1DBFC3CF117A`
`.bss`	`0x000ce000`	46,480 bytes	0 bytes	0.00 (Normal)	`IMAGE_SCN_CNT_UNINITIALIZED_DATA\|IMAGE_SCN_MEM_READ\|IMAGE_SCN_MEM_WRITE\|IMAGE_SCN_ALIGN_32BYTES`	`D41D8CD98F00B204E9800998ECF8427E`
`.idata`	`0x000da000`	8,520 bytes	8,704 bytes	4.57 (Normal)	`IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ\|IMAGE_SCN_MEM_WRITE\|IMAGE_SCN_ALIGN_4BYTES`	`563007A59F7741E2FF721C1BF025CBE1`
`.CRT`	`0x000dd000`	104 bytes	512 bytes	0.27 (Normal)	`IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ\|IMAGE_SCN_MEM_WRITE\|IMAGE_SCN_ALIGN_8BYTES`	`AF9100CDF1929D5973F2E4133C0D0655`
`.tls`	`0x000de000`	72 bytes	512 bytes	0.22 (Normal)	`IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ\|IMAGE_SCN_MEM_WRITE\|IMAGE_SCN_ALIGN_32BYTES`	`C2417B24B48A23C8A3D131EB42A46EFA`
`.rsrc`	`0x000df000`	193,780 bytes	194,048 bytes	7.10 (Compressed)	`IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ\|IMAGE_SCN_MEM_WRITE\|IMAGE_SCN_ALIGN_4BYTES`	`88AC11CD3DA1E2C378D5C162CECCCDB9`
`/4`	`0x0010f000`	912 bytes	1,024 bytes	1.55 (Normal)	`IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_DISCARDABLE\|IMAGE_SCN_MEM_READ\|IMAGE_SCN_ALIGN_16BYTES`	`BFCD98A0771FED931BA95AD529FA1135`
`/19`	`0x00110000`	2,056 bytes	2,560 bytes	4.26 (Normal)	`IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_DISCARDABLE\|IMAGE_SCN_MEM_READ\|IMAGE_SCN_ALIGN_1BYTES`	`236543A49DCF3735B625BCD56B4CDF1E`
`/35`	`0x00111000`	44,041 bytes	44,544 bytes	6.02 (Normal)	`IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_DISCARDABLE\|IMAGE_SCN_MEM_READ\|IMAGE_SCN_ALIGN_1BYTES`	`EC0CA563C5447F9D353867225296DACB`
`/47`	`0x0011c000`	5,625 bytes	5,632 bytes	4.39 (Normal)	`IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_DISCARDABLE\|IMAGE_SCN_MEM_READ\|IMAGE_SCN_ALIGN_1BYTES`	`E3CB92CA762E93D8E374DDA3024358BC`
`/61`	`0x0011e000`	5,543 bytes	5,632 bytes	5.68 (Normal)	`IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_DISCARDABLE\|IMAGE_SCN_MEM_READ\|IMAGE_SCN_ALIGN_1BYTES`	`146E1316DE9C738C9458D952EA7DC298`
`/73`	`0x00120000`	2,096 bytes	2,560 bytes	3.02 (Normal)	`IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_DISCARDABLE\|IMAGE_SCN_MEM_READ\|IMAGE_SCN_ALIGN_8BYTES`	`CBFC3A27CE34B0EE29E96E94DBA66A0D`
`/86`	`0x00121000`	721 bytes	1,024 bytes	4.06 (Normal)	`IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_DISCARDABLE\|IMAGE_SCN_MEM_READ\|IMAGE_SCN_ALIGN_1BYTES`	`6D8E92F5CA513BABD904F1B9DFC442B5`
`/97`	`0x00122000`	11,222 bytes	11,264 bytes	1.95 (Normal)	`IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_DISCARDABLE\|IMAGE_SCN_MEM_READ\|IMAGE_SCN_ALIGN_1BYTES`	`62BC87E9C538016FE0BF0F042CEB4230`
`/108`	`0x00125000`	1,136 bytes	1,536 bytes	1.13 (Normal)	`IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_DISCARDABLE\|IMAGE_SCN_MEM_READ\|IMAGE_SCN_ALIGN_1BYTES`	`21E2ACF5DE854200B92DECC48BB44242`

Entropy Analysis Alert

1 section(s) with high entropy (≥7.5) detected - possible packing/encryption

1 section(s) with elevated entropy (≥6.5) - possible compression

Resource Analysis

▼

Total Resources: 5 (193,467 bytes)

Resource Type	Count	Total Size	Percentage
BIN	4	192,352 bytes	99.4%
RT_MANIFEST	1	1,115 bytes	0.6%

Certificate Chain Analysis

▼

Certificate Information

Signing Date	11:00 AM 06/17/2024 (349 days ago)
Verification Status	Signed
Signers	Phoenix Technologies Inc; DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1; DigiCert Trusted Root G4; DigiCert
Counter Signers	DigiCert Timestamp 2023; DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA; DigiCert Trusted Root G4; DigiCert

Certificate Chain Summary

Phoenix PK Example #1 Primary

Validity Period: 2012-05-03 14:17:21 → 2022-05-01 14:17:21

Signature Algorithm: sha256RSA

Serial Number: A1 BE C6 0D E9 8B 01 85

Phoenix PK Example #2 Chain

Validity Period: 2012-05-03 14:17:21 → 2022-05-01 14:17:21

Signature Algorithm: sha256RSA

Serial Number: A1 BE C6 0D E9 8B 01 85

Phoenix Kek Example #3 Chain

Validity Period: 2012-05-03 14:20:44 → 2022-05-01 14:20:44

Signature Algorithm: sha256RSA

Serial Number: 82 89 50 BF B6 6D 4A 0D

Phoenix Kek Example #4 Chain

Validity Period: 2012-05-03 14:20:44 → 2022-05-01 14:20:44

Signature Algorithm: sha256RSA

Serial Number: 82 89 50 BF B6 6D 4A 0D

DigiCert Trusted Root G4 #5 Chain

Validity Period: 2022-08-01 00:00:00 → 2031-11-09 23:59:59

Signature Algorithm: sha384RSA

Serial Number: 0E 9B 18 8E F9 D0 2D E7 EF DB 50 E2 08 40 18 5A

DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA #6 Chain

Validity Period: 2022-03-23 00:00:00 → 2037-03-22 23:59:59

Signature Algorithm: sha256RSA

Serial Number: 07 36 37 B7 24 54 7C D8 47 AC FD 28 66 2A 5E 5B

DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1 #7 Chain

Validity Period: 2021-04-29 00:00:00 → 2036-04-28 23:59:59

Signature Algorithm: sha384RSA

Serial Number: 08 AD 40 B2 60 D2 9C 4C 9F 5E CD A9 BD 93 AE D9

DigiCert Timestamp 2022 - 2 #8 Chain

Validity Period: 2022-09-21 00:00:00 → 2033-11-21 23:59:59

Signature Algorithm: sha256RSA

Serial Number: 0C 4D 69 72 4B 94 FA 3C 2A 4A 3D 29 07 80 3D 5A

Phoenix Technologies Inc #9 Chain

Validity Period: 2023-06-07 00:00:00 → 2026-06-07 23:59:59

Signature Algorithm: sha256RSA

Serial Number: 07 C4 61 A1 6C 8D B0 BF 6F F7 08 EF E0 D8 31 FB

DigiCert Timestamp 2023 #10 Chain

Validity Period: 2023-07-14 00:00:00 → 2034-10-13 23:59:59

Signature Algorithm: sha256RSA

Serial Number: 05 44 AF F3 94 9D 08 39 A6 BF DB 3F 5F E5 61 16

Microsoft Windows Hardware Compatibility Publisher #11 Chain

Validity Period: 2024-01-11 20:09:15 → 2025-01-10 20:09:15

Signature Algorithm: sha256RSA

Serial Number: 33 00 00 00 69 9D 42 C9 76 75 B5 08 82 00 00 00 00 00 69

Microsoft Windows Third Party Component CA 2014 #12 Chain

Validity Period: 2014-10-15 20:31:27 → 2029-10-15 20:41:27

Signature Algorithm: sha256RSA

Serial Number: 33 00 00 00 0D 69 0D 5D 78 93 D0 76 DF 00 00 00 00 00 0D

Microsoft Time-Stamp Service #13 Chain

Validity Period: 2023-12-06 18:45:48 → 2025-03-05 18:45:48

Signature Algorithm: sha256RSA

Serial Number: 33 00 00 01 EF 89 3F 56 A1 58 CC A8 DA 00 01 00 00 01 EF

Microsoft Time-Stamp PCA 2010 #14 Chain

Validity Period: 2021-09-30 18:22:25 → 2030-09-30 18:32:25

Signature Algorithm: sha256RSA

Serial Number: 33 00 00 00 15 C5 E7 6B 9E 02 9B 49 99 00 00 00 00 00 15

Microsoft Time-Stamp Service #15 Chain

Validity Period: 2023-12-06 18:45:34 → 2025-03-05 18:45:34

Signature Algorithm: sha256RSA

Serial Number: 33 00 00 01 EB E0 18 6C B5 B6 EF 38 ED 00 01 00 00 01 EB

✓ This file has been digitally signed and the certificate chain has been verified

The signature ensures file integrity and authenticity from the publisher
Timestamping proves when the signature was applied

File Name	WinFlash64.exe
File Type	PE32+ executable (console) x86-64, for MS Windows
Scanner Version	1.0.217.174
Database Version	2025-05-30 04:00:39 UTC

The WinFlash64.exe File Analysis

Technical Analysis

Clean File

Scan Another File

File Identification

PE Analysis

Basic Information

PE Sections

Entropy Analysis Alert

Resource Analysis

Certificate Chain Analysis

Certificate Information

Certificate Chain Summary

Certificate Verification Status

Remember: This is Result of Online Virus Scanner

Keep Your System Protected

Leave a Comment

Gridinsoft Anti-Malware