Gridinsoft Logo
File Icon

NET.Framework.5.exe Adware ELEX Analysis

Updated 1 year ago
Checked by Malaware Check
NET.Framework.5.exe

Technical Analysis

File Name NET.Framework.5.exe
File Type
PE32 executable (GUI) Intel 80386, for MS Windows
Scanner Version 1.0.152.174
Database Version 2023-12-26 22:03:08 UTC

Adware.Win32.ELEX.vl!c

Malware family: ELEX

Elex is adware that disguises itself as legitimate software downloads, often masquerading as adware removal tools or fake software updates to deceive users into voluntary installation.
N/A
Detection Rate
150,720
File Size (bytes)
2023-12-26
Analysis Date

Scan Another File

File Identification

Hash Type Value Action
MD5
0b50331d25775293d2d00189ca1cd717
SHA1
f1be4457a278bebf36f13d416332b5b128ec16a8
SHA256
5a6e0f43eeab9ea5870fdee509f5f6c3412b673c98de35871cb2cb4910352bd4
SHA512
eb64487884c37e61ddc3dca3e6020a36e9a876863eb64046e119aeedf8e19231e9019f626027440c43335453143dbcd1346374f668171dce095ee9934ad419f0
ImpHash
f8a55687391f4cc0622fd3ba2da7947c

PE Analysis

Basic Information

Icon
Hash: 16f6974aaf138a1567f2a5c7dd7fb811
Fuzzy: 01a3d861427951a8ff76889511c688d5
dHash: 40926c5872567e1c
Image Base 0x00400000
Entry Point 0x0040ac33
Compilation Time 2016-02-03 17:38:34
Checksum 0x0002772e (Actual: 0x0002772e)
OS Version 5.1
PEiD Signatures PE32 executable (GUI) Intel 80386, for MS Windows
Digital Signature OK
Imports 1 libraries
KERNEL32
Exports 0 functions
Resources 9 Resources
Sections 5 Sections

Digital Signatures

Thawte Timestamping CA Symantec Corporation (US)
thawte Primary Root CA thawte, Inc. (US)
Symantec Time Stamping Services CA - G2 Symantec Corporation (US)
thawte SHA256 Code Signing CA Secure Downloads X36 (SE)

PE Sections

Name Virtual Address Virtual Size Raw Size Entropy Characteristics MD5
.text 0x00001000 86,971 bytes 87,040 bytes 6.94 (Compressed) IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ E8D4947F3BA03876518C788971383D70
.rdata 0x00017000 25,584 bytes 25,600 bytes 4.77 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 636290FD512194EE59C43F9CEBC64A83
.data 0x0001e000 13,120 bytes 5,120 bytes 3.64 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 7D158EF373BEE25B62A8283CE36F1A50
.rsrc 0x00022000 21,048 bytes 21,504 bytes 5.79 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ C0D865678CBCEE535DF3B10FF01766C4
.reloc 0x00028000 4,476 bytes 4,608 bytes 6.43 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ F10A3CD6243A6AE6956A81FE5231C94E
Entropy Analysis Alert

1 section(s) with elevated entropy (≥6.5) - possible compression

Resource Analysis

Total Resources: 9 (20,399 bytes)
Resource Type Count Total Size Percentage
RT_ICON 2 19,280 bytes
94.5%
RT_MENU 1 74 bytes
0.4%
RT_DIALOG 1 292 bytes
1.4%
RT_STRING 1 48 bytes
0.2%
RT_ACCELERATOR 1 16 bytes
0.1%
RT_GROUP_ICON 2 40 bytes
0.2%
RT_MANIFEST 1 649 bytes
3.2%

Certificate Chain Analysis

Certificate #1
Subject Symantec Time Stamping Services CA - G2
Symantec Corporation
US
Issuer Thawte Timestamping CA
Serial Number 168250781398245547403531165097821404219
Certificate #2
Subject thawte SHA256 Code Signing CA
thawte, Inc.
US
Issuer thawte Primary Root CA
Serial Number 151037247026720588255215646944516789451
Certificate #3
Subject Symantec Time Stamping Services Signer - G4
Symantec Corporation
US
Issuer Symantec Time Stamping Services CA - G2
Serial Number 19688950797630895426199952712430983760
Certificate #4
Subject Secure Downloads X36
Secure Downloads X36
SE
Issuer thawte SHA256 Code Signing CA
Serial Number 137286804042342772232633347953047654752
Certificate Verification Status

OK

Adware.Win32.ELEX.vl!c Removal

Gridinsoft has the capability to identify and eliminate Adware.Win32.ELEX.vl!c without requiring further user intervention.

Download Anti-Malware

Removal Instructions

Follow these steps to completely remove the threat from your system

  1. Start by downloading Gridinsoft Anti-Malware to your computer.
  2. Double-click on the gsam-en-install.exe file and follow the on-screen instructions to install the program.
  3. Once the installation of Gridinsoft Anti-Malware is complete, the program will open on the Scan screen.
  4. Click on the "Standard Scan" button to begin scanning your computer for threats.
  5. After the scanning process is finished, click on "Clean Now" to remove any detected threats.
  6. If prompted, restart your system to complete the removal process and ensure all threats are eliminated.
Important: Before You Start
Disconnect from the internet to prevent the malware from spreading or downloading additional threats. Run the scan in Safe Mode for better detection and removal of persistent threats.

Leave a Comment

Share your thoughts or insights about this file. Do you align with our conclusion?

* Your feedback could influence our rating, and rest assured, your email will remain confidential and will only be used to communicate with you if necessary.
Your Score for

Gridinsoft Anti-Malware

Cure your PC from any kind of malware

GridinSoft Anti-Malware will help you to protect your computer from spyware, trojans, backdoors, rootkits. It cleans your system from annoying advertisement modules and other malicious stuff developed by hackers.

Anti-Malware Download Now
Gridinsoft Anti-Malware