Gridinsoft Logo

The scarletcloudux-windows-386.exe File Analysis

Updated 1 year ago
Checked by Malware Check
scarletcloudux-windows-386.exe

Technical Analysis

File Name scarletcloudux-windows-386.exe
File Type
PE32 executable (console) Intel 80386, for MS Windows
Scanner Version 1.0.173.174
Database Version 2024-04-26 23:00:27 UTC

Clean File

No threats detected by our scanner

0%
Detection Rate
35,921,236
File Size (bytes)
2024-04-26
Analysis Date

Scan Another File

File Identification

Hash Type Value Action
MD5
25029568d8792ada5fc5ba9efbc79373
SHA1
1fdb689f5d2268ad6f0655492b81c870c1fd2fc1
SHA256
69a8050620a8b26b2bae706bb86ed320d83a637c42a7f3a08c33608bcb03620b
SHA512
a7cce851efc3467ee79338be883c0b2534759fadf843b6f72b317a561bf8ced0dbad05400ed7c62064ff655b0e01f8800564832c8de08be8cc9e2119c5e7e07e
ImpHash
077adeb8493dfbc5170db0620ce20d2c

PE Analysis

Basic Information

Image Base 0x00400000
Entry Point 0x00401307
Compilation Time 1970-01-01 00:00:00
Checksum 0x022503e9 (Actual: 0x02245e7f)
OS Version 6.1
PEiD Signatures PE32 executable (console) Intel 80386, for MS Windows
Digital Signature The PE file does not contain a certificate table.
Imports 7 libraries
ADVAPI32, GDI32, KERNEL32, msvcrt, OPENGL32, SHELL32, USER32
Exports 22 functions
Resources 0 Resources
Sections 21 Sections

PE Sections

Name Virtual Address Virtual Size Raw Size Entropy Characteristics MD5
.text 0x00001000 6,646,324 bytes 6,646,784 bytes 6.20 (Normal) IMAGE_SCN_CNT_CODE|IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ 18C9501AB3BAF7AD15FCE2165E1111DC
.data 0x00658000 7,532,552 bytes 7,533,056 bytes 7.18 (Compressed) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE B6B1F30513E96066B9BC3D977119D0D2
.rdata 0x00d88000 5,080,160 bytes 5,080,576 bytes 5.92 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 6C63141B9BAB8D8CC88EB72B21BA3EDF
.bss 0x01261000 253,608 bytes 0 bytes 0.00 (Normal) IMAGE_SCN_CNT_UNINITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE D41D8CD98F00B204E9800998ECF8427E
.edata 0x0129f000 605 bytes 1,024 bytes 3.83 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 76DC1CF9CC856CD8F2B77C996AD6DF96
.idata 0x012a0000 9,572 bytes 9,728 bytes 5.59 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 1666D815A3B474472FE65E3F5566813A
.CRT 0x012a3000 52 bytes 512 bytes 0.28 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 28E93D220D8FE6DE2C89B5A0E009BD17
.tls 0x012a4000 8 bytes 512 bytes 0.00 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE BF619EAC0CDF3F68D496EA9344137E8B
.reloc 0x012a5000 311,400 bytes 311,808 bytes 6.63 (Compressed) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ 93D0D5CEDB776EF954B240C25DEB5B07
/4 0x012f2000 7,320 bytes 7,680 bytes 3.76 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ ABCBBD8179C26B935FD2F787867909EC
/19 0x012f4000 6,488,924 bytes 6,489,088 bytes 6.42 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ 358F891B376511FFD48307ECD0F2613A
/31 0x01925000 69,723 bytes 70,144 bytes 5.00 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ 6FA93E18516AC2192D150F86279E26CD
/45 0x01937000 1,979,895 bytes 1,979,904 bytes 5.95 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ 84EF65D552C54BB4CA631449451291B3
/57 0x01b1b000 490,136 bytes 490,496 bytes 4.89 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ 7849D7FC2CE4CF172134460B514CAD2B
/70 0x01b93000 18,121 bytes 18,432 bytes 4.78 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ 824CA90762B9F4A5BAAD3516BCCE68E5
/81 0x01b98000 3,726,951 bytes 3,727,360 bytes 4.29 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ 02546879F209FD9014C3C017854C1751
/92 0x01f26000 964,736 bytes 965,120 bytes 3.83 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ AC3272F53513107150BD2014100F7105
/106 0x02012000 42 bytes 512 bytes 0.74 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ 56D08C10AA9E5C0C3680F67F8992B3D4
/125 0x02013000 80,554 bytes 80,896 bytes 4.84 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ 370BCC57B73F6DA94B902CFC0FF5A756
/141 0x02027000 435,336 bytes 435,712 bytes 5.58 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ 4C98E611BEADD366E7E893F36F151A24
/157 0x02092000 48,030 bytes 48,128 bytes 5.74 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ BD469CA083DF353860C86485A1F1EFA7
Entropy Analysis Alert

2 section(s) with elevated entropy (≥6.5) - possible compression

Certificate Chain Analysis

Certificate Information
Certificate Chain Summary
Symantec Time Stamping Services CA - G2 #1 Primary
Validity Period: 2012-12-21 00:00:00 → 2020-12-30 23:59:59
Signature Algorithm: sha1RSA
Serial Number: 7E 93 EB FB 7C C6 4E 59 EA 4B 9A 77 D4 06 FC 3B
Symantec Time Stamping Services Signer - G4 #2 Chain
Validity Period: 2012-10-18 00:00:00 → 2020-12-29 23:59:59
Signature Algorithm: sha1RSA
Serial Number: 0E CF F4 38 C8 FE BF 35 6E 04 D8 6A 98 1B 1A 50
Symantec Class 3 Extended Validation Code Signing CA - G2 #3 Chain
Validity Period: 2014-03-04 00:00:00 → 2024-03-03 23:59:59
Signature Algorithm: sha256RSA
Serial Number: 19 1A 32 CB 75 9C 97 B8 CF AC 11 8D D5 12 7F 49
Adobe Systems Incorporated #4 Chain
Validity Period: 2015-05-14 00:00:00 → 2017-05-07 23:59:59
Signature Algorithm: sha256RSA
Serial Number: 5E 7B 50 C9 F9 30 9D B0 5B 23 48 F6 8A 29 84 25

✓ This file has been digitally signed and the certificate chain has been verified

  • The signature ensures file integrity and authenticity from the publisher
  • Timestamping proves when the signature was applied
Certificate Verification Status

The PE file does not contain a certificate table.

Recommendation: Verify the file source and ensure it comes from a trusted publisher.

Remember: This is Result of Online Virus Scanner

Gridinsoft Anti-Malware has a much more powerful virus scanning engine. We recommend using it for a more precise diagnosis of infected systems. This brief guide will help you install our flagship product for more accurate diagnostics:

Download Anti-Malware

Keep Your System Protected

This file appears clean, but regular security maintenance is important

  1. Regular Scans: Run weekly system scans to detect new threats before they can cause damage.
  2. Keep Software Updated: Ensure your operating system and all applications have the latest security patches.
  3. Safe Browsing: Avoid suspicious websites and never download software from untrusted sources.
  4. Email Security: Be cautious with email attachments and links, even from known contacts.
Proactive Protection
This file passed all security checks, but stay vigilant. New malware variants appear daily that can evade detection. Always verify files come from official sources and check digital signatures when available.

Leave a Comment

Share your thoughts or insights about this file. Do you align with our conclusion?

* Your feedback could influence our rating, and rest assured, your email will remain confidential and will only be used to communicate with you if necessary.
Your Score for

Gridinsoft Anti-Malware

Cure your PC from any kind of malware

GridinSoft Anti-Malware will help you to protect your computer from spyware, trojans, backdoors, rootkits. It cleans your system from annoying advertisement modules and other malicious stuff developed by hackers.

Anti-Malware Download Now
Gridinsoft Anti-Malware