Gridinsoft Logo

The FusionLoader v2.1.exe File Analysis

Updated 2 months ago
Checked by Malaware Check
FusionLoader v2.1.exe

Technical Analysis

File Name FusionLoader v2.1.exe
File Type
Win32 EXE
Magic Bytes PE32+ executable (GUI) x86-64, for MS Windows
SSDEEP Hash
12288:GIR5x+u6RfbWYCrt/22puGGh6abmMbvZwPO5ICB3roOPoSYo3zf37s/xeltmM0KV:M3WYatucdvyRoSYoDDlsM0v6Znt
Scanner Version 1.0.211.174
Database Version 2025-03-28 15:01:14 UTC

Suspicious File Detected

Detected by 26 security engines - requires caution

This file requires additional checking for potential threats. Based on suspicious indicators, we will soon add it to our virus database.
36%
Detection Rate
717,864
File Size (bytes)
26/73
Engines Detected
2025-03-28
Analysis Date

Scan Another File

File Identification

Hash Type Value Action
MD5
760d3cbbf3a7a21e74f0aa7de488e784
SHA1
f0ac7568101a88f31d5ce50e923fc5dc0e19cbbe
SHA256
426f66aea0a3d6d7c979b7c711227ff05e1f4552f8c26d86decf8f1eb5f2381a
SHA512
806385a438bb699de2dd6013369b15a28e7f0ca27d49f40a58d0546bd8b5b17407ced461b44db636674ec34ac4ab73922ac56b3c1ac7e27d611a694dc695cd9a
ImpHash
8beb5ca1ff83475ee16fa1a921765aab

Security Engines with Detections (26 of 73)

Bkav
W64.AIDetectMalware Malicious
Lionic
Trojan.Win32.InjectorNetT.4!c Malicious
Elastic
malicious (high confidence) Malicious
CTX
exe.trojan.generic Malicious
Skyhigh
BehavesLike.Win64.RealProtect.bc Malicious
McAfee
Artemis!760D3CBBF3A7 Malicious
Cylance
Unsafe Malicious
Sangfor
Trojan.Win32.Agent.Voiz Malicious
CrowdStrike
win/malicious_confidence_100% (W) Malicious
Symantec
ML.Attribute.HighConfidence Malicious
APEX
Malicious Malicious
TrendMicro-HouseCall
Trojan.Win32.VSX.PE04C9V Malicious
GData
Win32.Trojan-Stealer.LummaStealer.5T3N4R Malicious
Kaspersky
UDS:Trojan.Win32.InjectorNetT.ok Malicious
Avast
Win64:Evo-gen [Trj] Malicious
McAfeeD
ti!426F66AEA0A3 Malicious
SentinelOne
Static AI - Suspicious PE Malicious
Sophos
Generic Reputation PUA (PUA) Malicious
FireEye
Generic.mg.760d3cbbf3a7a21e Malicious
Microsoft
Trojan:Win32/Caynamer.A!ml Malicious
Cynet
Malicious (score: 100) Malicious
Rising
Trojan.InjectorNetT!8.1BEA2 (CLOUD) Malicious
MaxSecure
Trojan.Malware.300983.susgen Malicious
Fortinet
W32/PossibleThreat Malicious
AVG
Win64:Evo-gen [Trj] Malicious
DeepInstinct
MALICIOUS Malicious
47 engines reported no threats - Only engines with detections are shown above for clarity

PE Analysis

Basic Information

Image Base 0x140000000
Entry Point 0x140035cb0
Compilation Time 2025-03-27 16:17:44
Checksum 0x00000000 (Actual: 0x000be309)
OS Version 6.0
PEiD Signatures PE32+ executable (GUI) x86-64, for MS Windows
Digital Signature The expected hash does not match the digest in SpcInfo
Imports 1 libraries
KERNEL32
Exports 0 functions
Resources 0 Resources
Sections 9 Sections

PE Sections

Name Virtual Address Virtual Size Raw Size Entropy Characteristics MD5
.text 0x00001000 295,781 bytes 295,936 bytes 6.40 (Normal) IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ A1B902D81C50B41226313E2BAEBC1486
.rdata 0x0004a000 42,364 bytes 42,496 bytes 5.02 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ CD2BAB3B908ABD1E5C983B0728F4AF58
.data 0x00055000 8,504 bytes 3,072 bytes 2.25 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 5FE7D7EC89D4E05CBA28A650951EFDCF
.pdata 0x00058000 5,484 bytes 5,632 bytes 5.46 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ F3FBEC576D56DE90D32788BFC51EE622
.gxfg 0x0005a000 5,072 bytes 5,120 bytes 5.09 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ B3DDCFCF5948356499A0220C6CB2480D
.retplne 0x0005c000 140 bytes 512 bytes 1.05 (Normal) 0x00000000 8C950F651287CBC1296BCB4E8CD7E990
_RDATA 0x0005d000 500 bytes 512 bytes 4.23 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ AB77F6FFBB38AF2478BEFAA05538D3B6
.reloc 0x0005e000 1,672 bytes 2,048 bytes 4.98 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ F1BDAC277C233BAE372527F3CBB3CAF0
.cSs 0x0005f000 351,232 bytes 351,232 bytes 8.00 (Packed/Encrypted) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 8E2F4B471B413C1CE754394FEA2678CD
Entropy Analysis Alert

1 section(s) with high entropy (≥7.5) detected - possible packing/encryption

Certificate Chain Analysis

Certificate Information
Signing Date 03:37 AM 11/02/2023 (583 days ago)
Verification Status The digital signature of the object did not verify.
Signers NVIDIA Corporation; DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1; DigiCert Trusted Root G4
Counter Signers Entrust Timestamp Authority - TSA1; Entrust Timestamping CA - TS1; Entrust (2048)
Certificate Chain Summary
DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1 #1 Primary
Validity Period: 2021-04-29 00:00:00 → 2036-04-28 23:59:59
Signature Algorithm: sha384RSA
Serial Number: 08 AD 40 B2 60 D2 9C 4C 9F 5E CD A9 BD 93 AE D9
NVIDIA Corporation #2 Chain
Validity Period: 2023-01-13 00:00:00 → 2026-01-16 23:59:59
Signature Algorithm: sha256RSA
Serial Number: 09 97 C5 6C AA 59 05 53 94 D9 A9 CD B8 BE EB 56
Entrust.net Certification Authority (2048) #3 Chain
Validity Period: 1999-12-24 17:50:51 → 2029-07-24 14:15:12
Signature Algorithm: sha1RSA
Serial Number: 38 63 DE F8
Entrust Timestamping CA - TS1 #4 Chain
Validity Period: 2015-07-22 19:02:54 → 2029-06-22 19:32:54
Signature Algorithm: sha256RSA
Serial Number: 58 DA 13 FF 00 00 00 00 51 CE 0D F7
Entrust Timestamp Authority - TSA1 #5 Chain
Validity Period: 2022-10-04 17:21:03 → 2029-01-01 00:00:00
Signature Algorithm: sha256RSA
Serial Number: 56 AB 95 75 28 9C A5 9F 0E 17 D4 0B EA 05 C3 1F

✓ This file has been digitally signed and the certificate chain has been verified

  • The signature ensures file integrity and authenticity from the publisher
  • Timestamping proves when the signature was applied
Certificate Verification Status

The expected hash does not match the digest in SpcInfo

Recommendation: Verify the file source and ensure it comes from a trusted publisher.

Remember: This is Result of Online Virus Scanner

Gridinsoft Anti-Malware has a much more powerful virus scanning engine. We recommend using it for a more precise diagnosis of infected systems. This brief guide will help you install our flagship product for more accurate diagnostics:

Download Anti-Malware

Keep Your System Protected

This file appears clean, but regular security maintenance is important

  1. Regular Scans: Run weekly system scans to detect new threats before they can cause damage.
  2. Keep Software Updated: Ensure your operating system and all applications have the latest security patches.
  3. Safe Browsing: Avoid suspicious websites and never download software from untrusted sources.
  4. Email Security: Be cautious with email attachments and links, even from known contacts.
Proactive Protection
26 antivirus engines detected potential threats. This could be a false positive, especially for system tools or packed software. Verify the file source and check if it's digitally signed by a trusted publisher.

Leave a Comment

Share your thoughts or insights about this file. Do you align with our conclusion?

* Your feedback could influence our rating, and rest assured, your email will remain confidential and will only be used to communicate with you if necessary.
Your Score for

Gridinsoft Anti-Malware

Cure your PC from any kind of malware

GridinSoft Anti-Malware will help you to protect your computer from spyware, trojans, backdoors, rootkits. It cleans your system from annoying advertisement modules and other malicious stuff developed by hackers.

Anti-Malware Download Now
Gridinsoft Anti-Malware