Actualizador Oroza RO (Ejecutar como Administrador) exe Trojan Downloader File Malware Analysis: f08497ac951207028e7eff4e72ef3c7f

Actualizador Oroza RO - (Ejecutar como Administrador).exe Trojan Downloader Analysis

Updated 1 second ago

Checked by Malware Check

Actualizador Oroza RO - (Ejecutar como Administrador).exe

Hash Type	Value	Action
MD5	f08497ac951207028e7eff4e72ef3c7f
SHA1	45b7893e2f53a063a8f4216115b004257e2e4cb0
SHA256	5862ad6a5d9702a4993388dfc49b0575503f8bd6e9cba5a120e90fcbf24f9835
SHA512	7204d8770b21d0874cde97257826a8a8576ff5e254ccbc813718df5ac5c3d2270f48e80b1bc35656e78f2bb69b5f64e84e1289ad9c0c45df89718dd3a1cce8d1
ImpHash	741ae02fc876108ed777350382e14e4b

Hash Type

Value

Action

MD5

f08497ac951207028e7eff4e72ef3c7f

SHA1

45b7893e2f53a063a8f4216115b004257e2e4cb0

SHA256

5862ad6a5d9702a4993388dfc49b0575503f8bd6e9cba5a120e90fcbf24f9835

SHA512

7204d8770b21d0874cde97257826a8a8576ff5e254ccbc813718df5ac5c3d2270f48e80b1bc35656e78f2bb69b5f64e84e1289ad9c0c45df89718dd3a1cce8d1

ImpHash

741ae02fc876108ed777350382e14e4b

PE Analysis

Basic Information

▼

Icon	Hash: 95a70595f720af1923cb679edd953534 Fuzzy: efe3702b3ff34f351369485177edbbde dHash: b1f1f06270c4caca
Image Base	`0x00400000`
Entry Point	`0x00680834`
Compilation Time	2014-05-24 07:42:32
Checksum	0x0041b91a (Actual: 0x00415895)
OS Version	5.0
PEiD Signatures	`PE32 executable (GUI) Intel 80386, for MS Windows`
Digital Signature	No valid SignedData structure was found.
Imports	11 libraries
Exports	0 functions
Resources	48 Resources
Sections	10 Sections

Version Information

▼

FileDescription	Customizable Patcher for Ragnarök Online
FileVersion	2.6.4.8
LegalCopyright	2007-2014 Aeomin
ProductName	Thor Patcher
ProductVersion	2.6
Comments	Modified by an unpaid evaluation copy of Resource Tuner 2. http://www.heaventools.com
Translation	0x0409 0x04e4

PE Sections

▼

Name	Virtual Address	Virtual Size	Raw Size	Entropy	Characteristics	MD5
`.text`	`0x00001000`	2,609,336 bytes	2,609,664 bytes	6.44 (Normal)	`IMAGE_SCN_CNT_CODE\|IMAGE_SCN_MEM_EXECUTE\|IMAGE_SCN_MEM_READ`	`2983EE49CBD5FB007660FCC9674827B2`
`.itext`	`0x0027f000`	8,256 bytes	8,704 bytes	6.05 (Normal)	`IMAGE_SCN_CNT_CODE\|IMAGE_SCN_MEM_EXECUTE\|IMAGE_SCN_MEM_READ`	`BD93AC241F4D0DCB9963B1CB00D5E676`
`.data`	`0x00282000`	51,972 bytes	52,224 bytes	6.03 (Normal)	`IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ\|IMAGE_SCN_MEM_WRITE`	`5C3897BDBF0E66D011AC08B240694FC1`
`.bss`	`0x0028f000`	223,448 bytes	0 bytes	0.00 (Normal)	`IMAGE_SCN_MEM_READ\|IMAGE_SCN_MEM_WRITE`	`D41D8CD98F00B204E9800998ECF8427E`
`.idata`	`0x002c6000`	14,458 bytes	14,848 bytes	5.10 (Normal)	`IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ\|IMAGE_SCN_MEM_WRITE`	`50D22C65D695EA7A286600B0AB88542B`
`.didata`	`0x002ca000`	2,346 bytes	2,560 bytes	4.05 (Normal)	`IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ\|IMAGE_SCN_MEM_WRITE`	`36552FF78DD3368B1CC4EE7EFAC31AD4`
`.tls`	`0x002cb000`	64 bytes	0 bytes	0.00 (Normal)	`IMAGE_SCN_MEM_READ\|IMAGE_SCN_MEM_WRITE`	`D41D8CD98F00B204E9800998ECF8427E`
`.rdata`	`0x002cc000`	24 bytes	512 bytes	0.21 (Normal)	`IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ`	`9BC05EF9002347306AF0BDF73E7F6F27`
`.reloc`	`0x002cd000`	220,316 bytes	220,672 bytes	6.71 (Compressed)	`IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_DISCARDABLE\|IMAGE_SCN_MEM_READ`	`7898B2BD5BC4C78315D25C73DA17391C`
`.rsrc`	`0x00303000`	1,331,520 bytes	1,331,712 bytes	7.85 (Packed/Encrypted)	`IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ`	`04CF051E4763F95A2952AE59AC80B3E1`

Entropy Analysis Alert

1 section(s) with high entropy (≥7.5) detected - possible packing/encryption

1 section(s) with elevated entropy (≥6.5) - possible compression

Resource Analysis

▼

Total Resources: 48 (1,328,895 bytes)

Resource Type	Count	Total Size	Percentage
RT_CURSOR	7	2,156 bytes	0.2%
RT_ICON	6	169,481 bytes	12.8%
RT_STRING	21	18,700 bytes	1.4%
RT_RCDATA	4	1,136,405 bytes	85.5%
RT_GROUP_CURSOR	7	140 bytes	0%
RT_GROUP_ICON	1	90 bytes	0%
RT_VERSION	1	764 bytes	0.1%
RT_MANIFEST	1	1,159 bytes	0.1%

Certificate Chain Analysis

▼

No Digital Signatures

This file is not digitally signed.

Security Implications:

Cannot verify the publisher's identity
Increased security risk when running this file
May trigger security warnings on some systems

⚠ This file either lacks a digital signature or the certificate chain could not be verified
Exercise caution when executing unsigned files from unknown sources

Certificate Verification Status

No valid SignedData structure was found.

Recommendation: Verify the file source and ensure it comes from a trusted publisher.

File Name	Actualizador Oroza RO - (Ejecutar como Administrador).exe
File Type	PE32 executable (GUI) Intel 80386, for MS Windows
Scanner Version	1.0.220.174
Database Version	2025-07-15 03:00:23 UTC

Actualizador Oroza RO - (Ejecutar como Administrador).exe Trojan Downloader Analysis

Technical Analysis

Trojan.Win32.Downloader.oa!s1

Scan Another File

File Identification