The solaris.exe File Analysis

Updated 9 months ago

Checked by Malware Check

solaris.exe

Technical Analysis

File Name	solaris.exe
File Type	Win32 EXE
Magic Bytes	`PE32 executable (GUI) Intel 80386, for MS Windows`
SSDEEP Hash	12288:gvPfkzSXeuUjcAm0nR0JlsRGWWW2EdMDP41tF2AiiNuujhfLbycbTEq6wt6Lm7CX:K+S/0eYGWp2EdLF2KbycUq6wgLmDm0
Scanner Version	1.0.190.174
Database Version	2024-09-22 12:00:23 UTC

⚠

Suspicious File Detected

Detected by 7 security engines - requires caution

This file requires additional checking for potential threats. Based on suspicious indicators, we will soon add it to our virus database.

10%

Detection Rate

1,550,848

File Size (bytes)

7/73

Engines Detected

2024-09-22

Analysis Date

Scan Another File

File Identification

Hash Type	Value	Action
MD5	ec3347e4e96c27e45bdaed4c5b39431a
SHA1	c5dd7587cceb60bc06d3400218ea3b95f19353a9
SHA256	52846c2d5aaf4d98900ec8cbbe3a75fd1db7e53ce4caaddb1f35c5adbecd1264
SHA512	e975af60d07cec07b0b21a7d2251521fe9bc3ebc2c3f67ad6a18e53294bf740e8e90ca3b920248f657dbe0e7924fed2f9830a178b4466b8e4ad4de482423e567
ImpHash	fc4c57db222db3da4c13d81c9c5fcdff

Security Engines with Detections (7 of 73)

Bkav

W32.AIDetectMalware Malicious

Elastic

malicious (moderate confidence) Malicious

CrowdStrike

win/malicious_confidence_70% (D) Malicious

Cynet

Malicious (score: 100) Malicious

Cylance

Unsafe Malicious

MaxSecure

Trojan.Malware.300983.susgen Malicious

DeepInstinct

MALICIOUS Malicious

66 engines reported no threats - Only engines with detections are shown above for clarity

PE Analysis

Basic Information

▼

Image Base	`0x00400000`
Entry Point	`0x0048d8d5`
Compilation Time	2024-08-17 17:51:44
Checksum	0x00000000 (Actual: 0x00182146)
OS Version	5.1
PEiD Signatures	`PE32 executable (GUI) Intel 80386, for MS Windows`
PDB Path	`C:\Users\Radu\source\repos\anther gdi payloads\Debug\anther gdi payloads.pdb`
Digital Signature	The PE file does not contain a certificate table.
Imports	5 libraries KERNEL32, USER32, GDI32, ADVAPI32, WINMM
Exports	0 functions
Resources	1 Resources
Sections	9 Sections

PE Sections

▼

Name	Virtual Address	Virtual Size	Raw Size	Entropy	Characteristics	MD5
`.textbss`	`0x00001000`	553,529 bytes	0 bytes	0.00 (Normal)	`IMAGE_SCN_CNT_CODE\|IMAGE_SCN_CNT_UNINITIALIZED_DATA\|IMAGE_SCN_MEM_EXECUTE\|IMAGE_SCN_MEM_READ\|IMAGE_SCN_MEM_WRITE`	`D41D8CD98F00B204E9800998ECF8427E`
`.text`	`0x00089000`	1,190,431 bytes	1,190,912 bytes	5.51 (Normal)	`IMAGE_SCN_CNT_CODE\|IMAGE_SCN_MEM_EXECUTE\|IMAGE_SCN_MEM_READ`	`5BFBB0E001315411FE35096780636BA8`
`.rdata`	`0x001ac000`	285,764 bytes	286,208 bytes	3.80 (Normal)	`IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ`	`1F9C448170B8CD7D7C10601971FC0CEC`
`.data`	`0x001f2000`	18,656 bytes	11,264 bytes	3.89 (Normal)	`IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ\|IMAGE_SCN_MEM_WRITE`	`0C66AC4607133D6A6CB25570EEDF9626`
`.idata`	`0x001f7000`	5,975 bytes	6,144 bytes	4.75 (Normal)	`IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ`	`0F879D4A9D8FC3BDCB8A63A7FAD56F1E`
`.gfids`	`0x001f9000`	5,641 bytes	6,144 bytes	2.81 (Normal)	`IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ`	`7164F16CED7C3C8EFBF7112418F4B6FE`
`.00cfg`	`0x001fb000`	260 bytes	512 bytes	0.06 (Normal)	`IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ`	`1B229D29630E0B2E23B61C3182395A21`
`.rsrc`	`0x001fc000`	1,084 bytes	1,536 bytes	2.14 (Normal)	`IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ`	`068B978DE063FC9DF8B0CADE3EAEAD76`
`.reloc`	`0x001fd000`	47,098 bytes	47,104 bytes	6.22 (Normal)	`IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_DISCARDABLE\|IMAGE_SCN_MEM_READ`	`4C3F53AAFA38BD582B663B0EE118A3D5`

Resource Analysis

▼

Total Resources: 1 (381 bytes)

Resource Type	Count	Total Size	Percentage
RT_MANIFEST	1	381 bytes	100%

Certificate Chain Analysis

▼

No Digital Signatures

This file is not digitally signed.

Security Implications:

Cannot verify the publisher's identity
Increased security risk when running this file
May trigger security warnings on some systems

⚠ This file either lacks a digital signature or the certificate chain could not be verified
Exercise caution when executing unsigned files from unknown sources

Certificate Verification Status

The PE file does not contain a certificate table.

Recommendation: Verify the file source and ensure it comes from a trusted publisher.

Remember: This is Result of Online Virus Scanner

Gridinsoft Anti-Malware has a much more powerful virus scanning engine. We recommend using it for a more precise diagnosis of infected systems. This brief guide will help you install our flagship product for more accurate diagnostics:

Download Anti-Malware

Keep Your System Protected

This file appears clean, but regular security maintenance is important

Regular Scans: Run weekly system scans to detect new threats before they can cause damage.
Keep Software Updated: Ensure your operating system and all applications have the latest security patches.
Safe Browsing: Avoid suspicious websites and never download software from untrusted sources.
Email Security: Be cautious with email attachments and links, even from known contacts.

Proactive Protection

7 antivirus engines detected potential threats. This could be a false positive, especially for system tools or packed software. Verify the file source and check if it's digitally signed by a trusted publisher.

Share your thoughts or insights about this file. Do you align with our conclusion?

* Your feedback could influence our rating, and rest assured, your email will remain confidential and will only be used to communicate with you if necessary.

Your Score for

5 4 3 2 1