Scooby launcher.exe Trojan Heuristic Analysis
Technical Analysis
| File Name | Scooby launcher.exe |
| File Type |
PE32+ executable (GUI) x86-64, for MS Windows
|
| Scanner Version | 1.0.231.174 |
| Database Version | 2025-12-13 04:00:23 UTC |
Trojan.Heur!.03210023
Malware family: Heuristic
Scan Another File
File Identification
| Hash Type | Value | Action |
|---|---|---|
| MD5 |
bc87c56157f338381b734742980e1292
|
|
| SHA1 |
057cadd428aee51adf391a7f80d2425ff7fcebaf
|
|
| SHA256 |
48e171b71ead1599d56b0ebf85cbe88ba1268ffe4e7af89ae6f53bfed693fbbd
|
|
| SHA512 |
61473ffca30b740a47156a3028dd0d653c74cbda581631133be25b78720b32fcc6aa7c0717b23cd7f51bc71a77df4fcf83efd0ce663f7c2b9301d62bafdc7986
|
|
| ImpHash |
d03306f8c35b44fa5bc2ebf2f541f328
|
PE Analysis
Basic Information
▼| Icon |
Hash: ee2c80b9d29cfe5beb536453f74a5b37
Fuzzy: 971d0da4cffef3b07be4fa559f589908 dHash: 558eb28eb2a68e55 |
| Image Base | 0x140000000 |
| Entry Point | 0x1408620b0 |
| Compilation Time | 2025-12-07 17:18:58 |
| Checksum | 0x0046673d (Actual: 0x0046673d) |
| OS Version | 6.0 |
| PEiD Signatures |
PE32+ executable (GUI) x86-64, for MS Windows
|
| Digital Signature | No valid SignedData structure was found. |
| Imports | 30 libraries |
| Exports | 0 functions |
| Resources | 3 Resources |
| Sections | 12 Sections |
PE Sections
▼| Name | Virtual Address | Virtual Size | Raw Size | Entropy | Characteristics | MD5 |
|---|---|---|---|---|---|---|
|
0x00001000 |
1,040,288 bytes | 524,311 bytes | 7.98 (Packed/Encrypted) |
IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ
|
3D2FFC92CFA3E68C1D277B7D8625CBA4 |
|
0x000ff000 |
336,902 bytes | 139,610 bytes | 7.97 (Packed/Encrypted) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ
|
1499C090D6BBCFF58B899F1CCD1D1C7A |
|
0x00152000 |
1,190,904 bytes | 398,540 bytes | 7.99 (Packed/Encrypted) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE
|
B817B3F1D02FE35B36589AFFA7BAE5C8 |
|
0x00275000 |
40,560 bytes | 23,968 bytes | 7.54 (Packed/Encrypted) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ
|
FD51D71579C7BDEBA81FEFAD5EB8ACED |
|
0x0027f000 |
4,912 bytes | 1,958 bytes | 7.85 (Packed/Encrypted) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ
|
632E62A7579E469C6448DCBCDAB5E806 |
|
0x00281000 |
2,028 bytes | 1,301 bytes | 7.51 (Packed/Encrypted) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ
|
042E0296D57153E546CD0CEF2C5F91AA |
.imports |
0x00282000 |
4,096 bytes | 2,560 bytes | 3.81 (Normal) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE
|
14EBF2B4FACC3ED8808BF0B9D6D6ABDA |
.tls |
0x00283000 |
4,096 bytes | 512 bytes | 0.27 (Normal) |
IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE
|
38B32A6BE5B7A4DF538F04B80DF167D7 |
.rsrc |
0x00284000 |
5,120 bytes | 5,120 bytes | 6.04 (Normal) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ
|
0795994BD3D96872B97B27C828B63EC3 |
.themida |
0x00286000 |
6,144,000 bytes | 0 bytes | 0.00 (Normal) |
IMAGE_SCN_CNT_CODE|IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE
|
D41D8CD98F00B204E9800998ECF8427E |
.boot |
0x00862000 |
3,512,832 bytes | 3,512,832 bytes | 7.96 (Packed/Encrypted) |
IMAGE_SCN_CNT_CODE|IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ
|
496C9DE37B1AD4FE5DA75A9E1C596F43 |
.reloc |
0x00bbc000 |
4,096 bytes | 16 bytes | 2.47 (Normal) |
IMAGE_SCN_MEM_READ
|
4F430B5DA8DBD1895A0E19F8897EAD48 |
Entropy Analysis Alert
7 section(s) with high entropy (≥7.5) detected - possible packing/encryption
Resource Analysis
▼| Resource Type | Count | Total Size | Percentage |
|---|---|---|---|
| RT_ICON | 1 | 4,264 bytes | |
| RT_GROUP_ICON | 1 | 20 bytes | |
| RT_MANIFEST | 1 | 381 bytes |
Certificate Chain Analysis
▼No Digital Signatures
This file is not digitally signed.
Security Implications:
- Cannot verify the publisher's identity
- Increased security risk when running this file
- May trigger security warnings on some systems
⚠ This file either lacks a digital signature or the certificate chain could not be verified
Exercise caution when executing unsigned files from unknown sources
Certificate Verification Status
No valid SignedData structure was found.
Recommendation: Verify the file source and ensure it comes from a trusted publisher.
Trojan.Heur!.03210023 Removal
Gridinsoft has the capability to identify and eliminate Trojan.Heur!.03210023 without requiring further user intervention.
Download Anti-MalwareRemoval Instructions
Follow these steps to completely remove the threat from your system
-
1
Get Gridinsoft Anti-Malware — it's a quick 2 MB download that won't slow down your PC.
-
2
Run the installer gsam-en-install.exe. The setup takes about 2 minutes and doesn't require a restart.
-
3
The app launches right after installation. You'll see the main dashboard with the scan button front and center.
-
4
Hit "Standard Scan" — this checks all the spots where malware typically hides: temp folders, browser data, startup programs, and system directories.
-
5
Once the scan finds this threat, click "Clean Now". The removal usually happens instantly, though some stubborn infections may need a reboot.
-
6
If you see a restart prompt, go ahead and reboot. This clears any malware that was running in memory and ensures your system starts fresh.
Leave a Comment
Gridinsoft Anti-Malware
Stay Malware-Free: Keep Your PC Protected with Gridinsoft Anti-Malware
Gridinsoft Anti-Malware offers just that—peace of mind with a robust, user-friendly solution that’s constantly updated to combat the latest threats. Designed by cybersecurity experts, it provides real-time protection and effortless malware removal. It’s not just about detecting threats; it's about enhancing your digital life with uninterrupted security. Give it a try and experience what it feels like to browse worry-free!
