Gridinsoft Logo
File Icon

The NautaExternal.exe (NautaExternal) File Analysis

Updated 2 months ago
Checked by Malware Check
NautaExternal.exe

Technical Analysis

File Name NautaExternal.exe
File Type
Win32 EXE
Magic Bytes PE32+ executable (GUI) x86-64, for MS Windows
SSDEEP Hash
393216:6t5jAQURsOfjRBnENJf5pwwYyf/fvVMnyp6Qs311WjAX60blOKV:63clsOfVBnU5pwwRfdpaHWcXbf
Scanner Version 1.0.228.174
Database Version 2025-10-21 20:00:13 UTC

Suspicious File Detected

Detected by 27 security engines - requires caution

This file requires additional checking for potential threats. Based on suspicious indicators, we will soon add it to our virus database.
38%
Detection Rate
22,348,816
File Size (bytes)
27/71
Engines Detected
2025-10-21
Analysis Date

Scan Another File

File Identification

Hash Type Value Action
MD5
2dd7bab8c294fc7a394e870912c1ee7b
SHA1
a5dbbedd948bb1640ee06b6faea6accb421f9f81
SHA256
6ca9158e20081dabd5f89450f4ff3909d13753a423db554ac20ca840a91f996b
SHA512
4fc50272a687754b9f0af5ae6c6fa188628344750b2d3c45891daaf7b946788e13253abbfdedecd67bbe3f8d492aaa9d94d59ec8f8d4fee631409ab567712890
ImpHash
a3d2af0553fccfa1357c139de1ffc57f

Security Engines with Detections (27 of 71)

Bkav
W64.AIDetectMalware Malicious
Lionic
Trojan.Win32.Generic.4!c Malicious
AVG
FileRepMalware [Misc] Malicious
CTX
exe.trojan.generic Malicious
Skyhigh
Artemis Malicious
Cylance
Unsafe Malicious
Sangfor
Trojan.Win32.Agent.V3yp Malicious
CrowdStrike
win/malicious_confidence_70% (D) Malicious
Paloalto
generic.ml Malicious
Symantec
ML.Attribute.HighConfidence Malicious
ESET-NOD32
a variant of Win64/Packed.Themida.Q suspicious Malicious
APEX
Malicious Malicious
Avast
FileRepMalware [Misc] Malicious
McAfeeD
ti!6CA9158E2008 Malicious
Trapmine
suspicious.low.ml.score Malicious
Sophos
Mal/Generic-S Malicious
Varist
W64/Trojan.GKA.gen!Eldorado Malicious
Microsoft
Trojan:Win32/Etset!rfn Malicious
GData
Win64.Application.Agent.J1HXNQ Malicious
Google
Detected Malicious
AhnLab-V3
Trojan/Win.Generic.R686237 Malicious
Malwarebytes
Malware.Heuristic.2025 Malicious
TrellixENS
Artemis!2DD7BAB8C294 Malicious
SentinelOne
Static AI - Suspicious PE Malicious
Fortinet
Riskware/Application Malicious
DeepInstinct
MALICIOUS Malicious
alibabacloud
VirTool:Win/Packed.Themida.Q Malicious
44 engines reported no threats - Only engines with detections are shown above for clarity

PE Analysis

Basic Information

Icon
Hash: 9bee47723a4cbfe9815e22ccf66c84f8
Fuzzy: 541efbcb46ef4ad92faa94f0328d59c9
dHash: aa54d4c86cd4d4aa
Image Base 0x140000000
Entry Point 0x14196c058
Compilation Time 2025-04-15 06:43:12
Checksum 0x01557b8b (Actual: 0x01557b8b)
OS Version 6.0
PEiD Signatures PE32+ executable (GUI) x86-64, for MS Windows
Digital Signature No valid SignedData structure was found.
Imports 12 libraries
Exports 0 functions
Resources 6 Resources
Sections 12 Sections

Version Information

Translation 0x0000 0x04b0
CompanyName NautaExternal
FileDescription NautaExternal
FileVersion 1.0.0.0
InternalName NautaExternal.dll
LegalCopyright
OriginalFilename NautaExternal.dll
ProductName NautaExternal
ProductVersion 1.0.0.0+01b4306cd9139c03f105ee8dae238ab04a8de65f
Assembly Version 1.0.0.0

PE Sections

Name Virtual Address Virtual Size Raw Size Entropy Characteristics MD5
0x00001000 88,956 bytes 52,224 bytes 7.96 (Packed/Encrypted) IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ 2D423C522B511BAF351E894A0B6C72B8
0x00017000 38,574 bytes 15,360 bytes 7.91 (Packed/Encrypted) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ A58C733BAE5E4DD459B9478A614256FF
0x00021000 6,304 bytes 512 bytes 7.00 (Compressed) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE C350AB538E160A73297B6EE0BCDB7AEB
0x00023000 5,016 bytes 3,072 bytes 7.40 (Compressed) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ AADC89FDDAE9C47C1C9160617023E946
0x00025000 808 bytes 1,024 bytes 6.09 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ A6FE84F9565ED762203ADC485567204C
0x00026000 136,624 bytes 17,920 bytes 7.92 (Packed/Encrypted) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ A4443585ABC81539FE54824AF9EE9944
.idata 0x00048000 4,096 bytes 1,024 bytes 3.83 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 21FAEEF475DC3284E8F213A9F9644EC1
.tls 0x00049000 4,096 bytes 512 bytes 0.26 (Normal) IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE D1BDC3F03B99F5DDEFC06FA191EF8753
.rsrc 0x0004a000 136,704 bytes 136,704 bytes 5.37 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 4ABEBAFDE524D3F019BBB78D0FB92575
.themida 0x0006c000 26,214,400 bytes 0 bytes 0.00 (Normal) IMAGE_SCN_CNT_CODE|IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE D41D8CD98F00B204E9800998ECF8427E
.boot 0x0196c000 22,119,424 bytes 22,119,424 bytes 7.86 (Packed/Encrypted) IMAGE_SCN_CNT_CODE|IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ A45951E9B090E8B8A115E4D3F307F8B7
.reloc 0x02e85000 4,096 bytes 16 bytes 2.47 (Normal) IMAGE_SCN_MEM_READ 6316A782127A1D34B29F4C4EB9BBE0BE
Entropy Analysis Alert

4 section(s) with high entropy (≥7.5) detected - possible packing/encryption

2 section(s) with elevated entropy (≥6.5) - possible compression

Resource Analysis

Total Resources: 6 (136,224 bytes)
Resource Type Count Total Size Percentage
RT_ICON 3 15,352 bytes
11.3%
RT_GROUP_ICON 1 48 bytes
0%
RT_VERSION 1 832 bytes
0.6%
RT_MANIFEST 1 119,992 bytes
88.1%

Certificate Chain Analysis

Certificate Information
Product NautaExternal
Description NautaExternal
File Version 1.0.0.0
Original Name NautaExternal.dll
Internal Name NautaExternal.dll

✓ This file has been digitally signed and the certificate chain has been verified

  • The signature ensures file integrity and authenticity from the publisher
  • Timestamping proves when the signature was applied
Certificate Verification Status

No valid SignedData structure was found.

Recommendation: Verify the file source and ensure it comes from a trusted publisher.

Remember: This is Result of Online Virus Scanner

Gridinsoft Anti-Malware has a much more powerful virus scanning engine. We recommend using it for a more precise diagnosis of infected systems. This brief guide will help you install our flagship product for more accurate diagnostics:

Download Anti-Malware

Keep Your System Protected

This file appears clean, but regular security maintenance is important

  1. Regular Scans: Run weekly system scans to detect new threats before they can cause damage.
  2. Keep Software Updated: Ensure your operating system and all applications have the latest security patches.
  3. Safe Browsing: Avoid suspicious websites and never download software from untrusted sources.
  4. Email Security: Be cautious with email attachments and links, even from known contacts.
Proactive Protection
27 antivirus engines detected potential threats. This could be a false positive, especially for system tools or packed software. Verify the file source and check if it's digitally signed by a trusted publisher.

Leave a Comment

Share your thoughts or insights about this file. Do you align with our conclusion?

Your feedback could influence our rating, and rest assured, your email will remain confidential and will only be used to communicate with you if necessary.

Your Score for
/

Gridinsoft Anti-Malware

Stay Malware-Free: Keep Your PC Protected with Gridinsoft Anti-Malware

Gridinsoft Anti-Malware offers just that—peace of mind with a robust, user-friendly solution that’s constantly updated to combat the latest threats. Designed by cybersecurity experts, it provides real-time protection and effortless malware removal. It’s not just about detecting threats; it's about enhancing your digital life with uninterrupted security. Give it a try and experience what it feels like to browse worry-free!

Gridinsoft Anti-Malware Download Now
Gridinsoft Anti-Malware