The uploaded_file File Analysis

Updated 1 year ago

Checked by Malaware Check

uploaded_file

Technical Analysis

File Name	uploaded_file
File Type	Win32 EXE
Magic Bytes	`PE32 executable (GUI) Intel 80386, for MS Windows`
SSDEEP Hash	98304:IiSCytTY9MT4c+TOpcL37lXFkyumJG7KiCPFNrqRWS6zmNZZT1eTXX8:xryJH4c1Gu+JG7KiCPIWS6aNbs7X8
Scanner Version	1.0.138.174
Database Version	2023-09-13 02:01:56 UTC

⚠

Suspicious File Detected

Detected by 7 security engines - requires caution

This file requires additional checking for potential threats. Based on suspicious indicators, we will soon add it to our virus database.

10%

Detection Rate

5,000,428

File Size (bytes)

7/71

Engines Detected

2023-09-13

Analysis Date

Scan Another File

File Identification

Hash Type	Value	Action
MD5	7bf6ef0cce9348711bafbc0dbc8a8653
SHA1	4bbb2f940d2d6c77880460c0833a7cf07576bbac
SHA256	5f5254029cdb1dbf9de0ced02a7c5704200b68676a9a869f32096f0492d49fa8
SHA512	df59624573f63a5afd6a26d7d823099879ed86c9012081e6c106786b6e29f8f14248edbe132e59cbfb28bd64307c9e36667942e5d556687f812dc4848ede989b
ImpHash	451535577eed4ddbf83954ff5dd54ad8

Security Engines with Detections (7 of 71)

Bkav

W32.AIDetectMalware Malicious

Sophos

Generic ML PUA (PUA) Malicious

Jiangmin

Downloader.Snojan.cqr Malicious

Cynet

Malicious (score: 100) Malicious

VBA32

BScope.Trojan.Fsysna Malicious

Rising

Downloader.Snojan!8.ECDD (TFE:5:uX6dwRvrSZT) Malicious

CrowdStrike

win/grayware_confidence_90% (D) Malicious

64 engines reported no threats - Only engines with detections are shown above for clarity

PE Analysis

Basic Information

▼

Image Base	`0x00400000`
Entry Point	`0x005d647b`
Compilation Time	2023-08-31 06:54:36
Checksum	0x007aad57 (Actual: 0x004d3bdc)
OS Version	5.1
PEiD Signatures	`PE32 executable (GUI) Intel 80386, for MS Windows`
Digital Signature	The PE file does not contain a certificate table.
Imports	20 libraries
Exports	0 functions
Resources	749 Resources
Sections	8 Sections

PE Sections

▼

Name	Virtual Address	Virtual Size	Raw Size	Entropy	Characteristics	MD5
`.text`	`0x00001000`	3,038,382 bytes	3,038,720 bytes	6.63 (Compressed)	`IMAGE_SCN_CNT_CODE\|IMAGE_SCN_MEM_EXECUTE\|IMAGE_SCN_MEM_READ`	`E6D64FBA478828E5B678A4C5D653F123`
`.rdata`	`0x002e7000`	791,908 bytes	792,064 bytes	5.75 (Normal)	`IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ`	`FA68E60759FCE47F4BBE443620FA91A9`
`.data`	`0x003a9000`	110,076 bytes	69,632 bytes	5.34 (Normal)	`IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ\|IMAGE_SCN_MEM_WRITE`	`36D20B0AFC0D38FD55D7C1E781021D3C`
`.gfids`	`0x003c4000`	109,660 bytes	110,080 bytes	4.23 (Normal)	`IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ`	`52AAC2020EF56EB4BEF6FB51F7080E19`
`.giats`	`0x003df000`	16 bytes	512 bytes	0.16 (Normal)	`IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ`	`7BFD3DA0DB2BA24F0AB307A26FCAEFB1`
`.tls`	`0x003e0000`	9 bytes	512 bytes	0.02 (Normal)	`IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ\|IMAGE_SCN_MEM_WRITE`	`1F354D76203061BFDD5A53DAE48D5435`
`.rsrc`	`0x003e1000`	3,764,740 bytes	3,765,248 bytes	7.87 (Packed/Encrypted)	`IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ`	`6C0CC8F5E38A11362E17C0B5C8F665FB`
`.reloc`	`0x00779000`	202,300 bytes	202,752 bytes	0.00 (Normal)	`IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_DISCARDABLE\|IMAGE_SCN_MEM_READ`	`D41D8CD98F00B204E9800998ECF8427E`

Entropy Analysis Alert

1 section(s) with high entropy (≥7.5) detected - possible packing/encryption

1 section(s) with elevated entropy (≥6.5) - possible compression

Resource Analysis

▼

Total Resources: 749 (3,680,458 bytes)

Resource Type	Count	Total Size	Percentage
AFX_DIALOG_LAYOUT	5	10 bytes	0%
BINARY	3	2,339,403 bytes	63.6%
PNG	553	1,012,317 bytes	27.5%
STYLE_XML	5	83,741 bytes	2.3%
RT_CURSOR	28	8,496 bytes	0.2%
RT_BITMAP	46	158,460 bytes	4.3%
RT_ICON	16	51,494 bytes	1.4%
RT_MENU	1	284 bytes	0%
RT_DIALOG	27	11,150 bytes	0.3%
RT_STRING	29	12,736 bytes	0.3%
RT_GROUP_CURSOR	27	554 bytes	0%
RT_GROUP_ICON	5	254 bytes	0%
RT_VERSION	1	700 bytes	0%
RT_MANIFEST	1	807 bytes	0%
None	2	52 bytes	0%

Certificate Chain Analysis

▼

No Digital Signatures

This file is not digitally signed.

Security Implications:

Cannot verify the publisher's identity
Increased security risk when running this file
May trigger security warnings on some systems

⚠ This file either lacks a digital signature or the certificate chain could not be verified
Exercise caution when executing unsigned files from unknown sources

Certificate Verification Status

The PE file does not contain a certificate table.

Recommendation: Verify the file source and ensure it comes from a trusted publisher.

Remember: This is Result of Online Virus Scanner

Gridinsoft Anti-Malware has a much more powerful virus scanning engine. We recommend using it for a more precise diagnosis of infected systems. This brief guide will help you install our flagship product for more accurate diagnostics:

Download Anti-Malware

Keep Your System Protected

This file appears clean, but regular security maintenance is important

Regular Scans: Run weekly system scans to detect new threats before they can cause damage.
Keep Software Updated: Ensure your operating system and all applications have the latest security patches.
Safe Browsing: Avoid suspicious websites and never download software from untrusted sources.
Email Security: Be cautious with email attachments and links, even from known contacts.

Proactive Protection

7 antivirus engines detected potential threats. This could be a false positive, especially for system tools or packed software. Verify the file source and check if it's digitally signed by a trusted publisher.

Share your thoughts or insights about this file. Do you align with our conclusion?

* Your feedback could influence our rating, and rest assured, your email will remain confidential and will only be used to communicate with you if necessary.

Your Score for

5 4 3 2 1