Gridinsoft Logo
File Icon

The Wine.exe (Wine Setup) File Analysis

Updated 5 months ago
Checked by Malaware Check
Wine.exe

Technical Analysis

File Name Wine.exe
File Type
Win32 EXE
Magic Bytes PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
SSDEEP Hash
393216:nTPcDm7MWWzGDC0HGgRcAWi9MPHAYTUi7IRi:nTPcDEtG/wMPHAY8s
Scanner Version 1.0.199.174
Database Version 2024-12-09 21:00:35 UTC

Suspicious File Detected

Detected by 33 security engines - requires caution

This file requires additional checking for potential threats. Based on suspicious indicators, we will soon add it to our virus database.
52%
Detection Rate
42,809,344
File Size (bytes)
33/63
Engines Detected
2024-12-09
Analysis Date

Scan Another File

File Identification

Hash Type Value Action
MD5
3c86d601f22f6e6d7f178cdd06c73125
SHA1
7ba9c97c84b65e032db627553b4e42ddee2f424a
SHA256
561c1e35c2535bf779b88b1253b41fa7808416702739f92c908928503d56063d
SHA512
82bf7ebf7c193756739dc0dee1ab2d29d4422c662c6a771f2f5cf7546fae8a69e8b9e9d7cc78c3e23e85ec569d45dbd4b564491b92bdb683e12e007e833704af
ImpHash
ff9f3a86709796c17211f9df12aae74d

Security Engines with Detections (33 of 63)

Bkav
W32.AIDetectMalware Malicious
Lionic
Trojan.Win32.Injuke.tsFT Malicious
MicroWorld-eScan
QD:Trojan.GenericKDQ.62FB51F897 Malicious
FireEye
QD:Trojan.GenericKDQ.62FB51F897 Malicious
Alibaba
TrojanPSW:Win32/Lumma.86dab2b3 Malicious
CrowdStrike
win/malicious_confidence_100% (W) Malicious
Symantec
ML.Attribute.HighConfidence Malicious
ESET-NOD32
a variant of Generik.EYBLSAA Malicious
Paloalto
generic.ml Malicious
Kaspersky
Trojan-PSW.Win32.Lumma.etr Malicious
BitDefender
QD:Trojan.GenericKDQ.62FB51F897 Malicious
Avast
Win32:Malware-gen Malicious
Emsisoft
QD:Trojan.GenericKDQ.62FB51F897 (B) Malicious
F-Secure
Trojan.TR/Redcap.ytqsn Malicious
VIPRE
QD:Trojan.GenericKDQ.62FB51F897 Malicious
McAfeeD
ti!561C1E35C253 Malicious
Trapmine
suspicious.low.ml.score Malicious
Sophos
Mal/Generic-S Malicious
Ikarus
Trojan-Dropper.WinGo.Agent Malicious
Varist
W32/ABTrojan.WDQF-0951 Malicious
Avira
TR/Redcap.ytqsn Malicious
Antiy-AVL
Trojan[PSW]/Win32.Lumma Malicious
Kingsoft
Win32.Trojan-PSW.Lumma.etr Malicious
Microsoft
Trojan:Win32/LummaStealer.RPL!MTB Malicious
Arcabit
QD:Trojan.GenericQ.62FB51F897 Malicious
GData
QD:Trojan.GenericKDQ.62FB51F897 Malicious
AhnLab-V3
Downloader/Win.ShellcodeRunnerGo.R682635 Malicious
Tencent
Win32.Trojan-QQPass.QQRob.Wwhl Malicious
CTX
exe.trojan.lumma Malicious
MaxSecure
Trojan.Malware.309148010.susgen Malicious
AVG
Win32:Malware-gen Malicious
Panda
Trj/Chgt.AD Malicious
alibabacloud
Trojan[stealer]:Win/Phonzy.B9nj Malicious
30 engines reported no threats - Only engines with detections are shown above for clarity

PE Analysis

Basic Information

Icon
Hash: de10cf7e8469cde9a32d0bcf1d6e668b
Fuzzy: 27d8d6ea83cadd57ede7a0faf1451312
dHash: f0e43accc6a0cc70
Image Base 0x00400000
Entry Point 0x0046d5e0
Compilation Time 1970-01-01 00:00:00
Checksum 0x028d7b41 (Actual: 0x028d7b41)
OS Version 6.1
PEiD Signatures PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
Digital Signature No valid SignedData structure was found.
Imports 1 libraries
kernel32
Exports 0 functions
Resources 8 Resources
Sections 7 Sections

Version Information

Comments This installation was built with Inno Setup.
CompanyName Legibo GmbH & Co. KG
FileDescription Wine Setup
FileVersion 1.00.00
LegalCopyright Legibo GmbH & Co. KG
OriginalFileName
ProductName WineSoftware 2024
ProductVersion 1.00.00
Translation 0x0000 0x04b0

PE Sections

Name Virtual Address Virtual Size Raw Size Entropy Characteristics MD5
.text 0x00001000 16,780,917 bytes 16,781,312 bytes 6.13 (Normal) IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ F7D9DBF26FA08882069B2E5A88A0363F
.rdata 0x01002000 15,278,888 bytes 15,279,104 bytes 6.04 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 5C7AE9B23CC43FC721B3B4263EBA74C6
.data 0x01e95000 10,132,460 bytes 9,838,080 bytes 6.01 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 7136E7C5A61BFF14E60F8A1DA27D8540
.idata 0x0283f000 1,040 bytes 1,536 bytes 3.88 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE C51F8CCDECBBBB5EC22FD5D04ADB1218
.reloc 0x02840000 887,706 bytes 887,808 bytes 6.72 (Compressed) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ 8C2B4618D5B01FA9FDEEEF598F2D5351
.symtab 0x02919000 4 bytes 512 bytes 0.02 (Normal) IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ 07B5472D347D42780469FB2654B7FC54
.rsrc 0x0291a000 19,532 bytes 19,968 bytes 2.64 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ F10FD4136FD4420C6040AA0063DC89A6
Entropy Analysis Alert

1 section(s) with elevated entropy (≥6.5) - possible compression

Resource Analysis

Total Resources: 8 (19,036 bytes)
Resource Type Count Total Size Percentage
RT_ICON 5 15,688 bytes
82.4%
RT_GROUP_ICON 1 76 bytes
0.4%
RT_VERSION 1 1,312 bytes
6.9%
RT_MANIFEST 1 1,960 bytes
10.3%

Certificate Chain Analysis

Certificate Information
Product WineSoftware 2024
Description Wine Setup
File Version 1.00.00
Copyright Legibo GmbH & Co. KG

✓ This file has been digitally signed and the certificate chain has been verified

  • The signature ensures file integrity and authenticity from the publisher
  • Timestamping proves when the signature was applied
Certificate Verification Status

No valid SignedData structure was found.

Recommendation: Verify the file source and ensure it comes from a trusted publisher.

Remember: This is Result of Online Virus Scanner

Gridinsoft Anti-Malware has a much more powerful virus scanning engine. We recommend using it for a more precise diagnosis of infected systems. This brief guide will help you install our flagship product for more accurate diagnostics:

Download Anti-Malware

Keep Your System Protected

This file appears clean, but regular security maintenance is important

  1. Regular Scans: Run weekly system scans to detect new threats before they can cause damage.
  2. Keep Software Updated: Ensure your operating system and all applications have the latest security patches.
  3. Safe Browsing: Avoid suspicious websites and never download software from untrusted sources.
  4. Email Security: Be cautious with email attachments and links, even from known contacts.
Proactive Protection
33 antivirus engines detected potential threats. This could be a false positive, especially for system tools or packed software. Verify the file source and check if it's digitally signed by a trusted publisher.

Leave a Comment

Share your thoughts or insights about this file. Do you align with our conclusion?

* Your feedback could influence our rating, and rest assured, your email will remain confidential and will only be used to communicate with you if necessary.
Your Score for

Gridinsoft Anti-Malware

Cure your PC from any kind of malware

GridinSoft Anti-Malware will help you to protect your computer from spyware, trojans, backdoors, rootkits. It cleans your system from annoying advertisement modules and other malicious stuff developed by hackers.

Anti-Malware Download Now
Gridinsoft Anti-Malware