Gridinsoft Logo

The CamoRecolourer.exe File Analysis

Updated 2 days ago
Checked by Malaware Check
CamoRecolourer.exe

Technical Analysis

File Name CamoRecolourer.exe
File Type
Win32 EXE
Magic Bytes PE32+ executable (console) x86-64, for MS Windows
SSDEEP Hash
1572864:LERYva7Xt9BdUeVa2bWo66G/5YqdYtNWnlNu3zK+L+2WRMkcmoi22:rS7Xt9335W5FhS3G+JkZoiD
Scanner Version 1.0.217.174
Database Version 2025-05-31 18:00:18 UTC

Suspicious File Detected

Detected by 23 security engines - requires caution

This file requires additional checking for potential threats. Based on suspicious indicators, we will soon add it to our virus database.
33%
Detection Rate
71,056,384
File Size (bytes)
23/70
Engines Detected
2025-05-31
Analysis Date

Scan Another File

File Identification

Hash Type Value Action
MD5
d52eb98fdf5944bb83b986227241366e
SHA1
f287a3198a00ef39f60f32bdfa0744542d53ba19
SHA256
60a42a812b3225480cfacd74af2d97ea5ade44a9c56572000cbadb8a4d46a6c0
SHA512
074a2c298aa65a2988991ec92b272edcf12eae8d1ac3595b0ed2290c1cfe65a6724bdfcf5210feefa6548282606d0d7630dc07543e56e3f5127597bc507a0417
ImpHash
a0508a80446e03ec4a64e21393094f97

Security Engines with Detections (23 of 70)

Lionic
Trojan.Win32.GenericKDQ.4!c Malicious
MicroWorld-eScan
QD:Trojan.GenericKDQ.6DFE1E2C04 Malicious
CTX
exe.trojan.generickdq Malicious
Skyhigh
Artemis Malicious
ALYac
QD:Trojan.GenericKDQ.6DFE1E2C04 Malicious
Zillya
Trojan.Mercurial.Win32.14 Malicious
GData
QD:Trojan.GenericKDQ.6DFE1E2C04 Malicious
BitDefender
QD:Trojan.GenericKDQ.6DFE1E2C04 Malicious
Avast
Win64:MalwareX-gen [Trj] Malicious
Tencent
Malware.Win32.Gencirc.11b7c38e Malicious
Emsisoft
QD:Trojan.GenericKDQ.6DFE1E2C04 (B) Malicious
VIPRE
QD:Trojan.GenericKDQ.6DFE1E2C04 Malicious
McAfeeD
ti!60A42A812B32 Malicious
Ikarus
Trojan.Python.Psw Malicious
FireEye
QD:Trojan.GenericKDQ.6DFE1E2C04 Malicious
Google
Detected Malicious
Antiy-AVL
Trojan[Spy]/Win32.Mufila.qz Malicious
Arcabit
QD:Trojan.GenericQ.6DFE1E2C04 Malicious
Varist
W64/ABRisk.HGCL-2644 Malicious
MaxSecure
Trojan.Malware.318074419.susgen Malicious
Fortinet
W32/PossibleThreat Malicious
AVG
Win64:MalwareX-gen [Trj] Malicious
DeepInstinct
MALICIOUS Malicious
47 engines reported no threats - Only engines with detections are shown above for clarity

PE Analysis

Basic Information

Image Base 0x140000000
Entry Point 0x14000c860
Compilation Time 2024-03-15 11:47:04
Checksum 0x00000000 (Actual: 0x043cdcfc)
OS Version 6.0
PEiD Signatures PE32+ executable (console) x86-64, for MS Windows
Digital Signature No valid SignedData structure was found.
Imports 2 libraries
SHELL32, KERNEL32
Exports 0 functions
Resources 2 Resources
Sections 6 Sections

PE Sections

Name Virtual Address Virtual Size Raw Size Entropy Characteristics MD5
.text 0x00001000 116,256 bytes 116,736 bytes 6.46 (Normal) IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ A99FA2F249302BB7D5AABA6EFA5F2424
.rdata 0x0001e000 45,150 bytes 45,568 bytes 5.04 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 6EC3CC4ACC063B0CA57EAC741ECC9FE8
.data 0x0002a000 69,056 bytes 3,072 bytes 1.72 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 837AE1DBD4B17827B05E04929EB1CEE5
.pdata 0x0003b000 5,568 bytes 5,632 bytes 5.26 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 340ECE90E85C4DA89FFE285C5C25EFBB
.rsrc 0x0003d000 70,882,064 bytes 70,882,304 bytes 8.00 (Packed/Encrypted) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ E96126BC4ABF65D0B12A945E4A17CCE7
.reloc 0x043d7000 1,560 bytes 2,048 bytes 4.77 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ 5977B23B7D94E8D04A2EE412CF5317B3
Entropy Analysis Alert

1 section(s) with high entropy (≥7.5) detected - possible packing/encryption

Resource Analysis

Total Resources: 2 (70,881,901 bytes)
Resource Type Count Total Size Percentage
RT_RCDATA 1 70,881,072 bytes
100%
RT_MANIFEST 1 829 bytes
0%

Certificate Chain Analysis

No Digital Signatures

This file is not digitally signed.

Security Implications:
  • Cannot verify the publisher's identity
  • Increased security risk when running this file
  • May trigger security warnings on some systems

⚠ This file either lacks a digital signature or the certificate chain could not be verified
Exercise caution when executing unsigned files from unknown sources

Certificate Verification Status

No valid SignedData structure was found.

Recommendation: Verify the file source and ensure it comes from a trusted publisher.

Remember: This is Result of Online Virus Scanner

Gridinsoft Anti-Malware has a much more powerful virus scanning engine. We recommend using it for a more precise diagnosis of infected systems. This brief guide will help you install our flagship product for more accurate diagnostics:

Download Anti-Malware

Keep Your System Protected

This file appears clean, but regular security maintenance is important

  1. Regular Scans: Run weekly system scans to detect new threats before they can cause damage.
  2. Keep Software Updated: Ensure your operating system and all applications have the latest security patches.
  3. Safe Browsing: Avoid suspicious websites and never download software from untrusted sources.
  4. Email Security: Be cautious with email attachments and links, even from known contacts.
Proactive Protection
23 antivirus engines detected potential threats. This could be a false positive, especially for system tools or packed software. Verify the file source and check if it's digitally signed by a trusted publisher.

Leave a Comment

Share your thoughts or insights about this file. Do you align with our conclusion?

* Your feedback could influence our rating, and rest assured, your email will remain confidential and will only be used to communicate with you if necessary.
Your Score for

Gridinsoft Anti-Malware

Cure your PC from any kind of malware

GridinSoft Anti-Malware will help you to protect your computer from spyware, trojans, backdoors, rootkits. It cleans your system from annoying advertisement modules and other malicious stuff developed by hackers.

Anti-Malware Download Now
Gridinsoft Anti-Malware