The Xeno Executor for Roblox 36054 exe (Application Handsome) Apps Receipt File Malware Analysis
Gridinsoft Logo
File Icon

The Xeno-Executor-for-Roblox_36054.exe (Application Handsome) File Analysis

Updated 1 month ago
Checked by Malware Check
Xeno-Executor-for-Roblox_36054.exe

Technical Analysis

File Name Xeno-Executor-for-Roblox_36054.exe
File Type
Win32 EXE
Magic Bytes PE32 executable (GUI) Intel 80386, for MS Windows
SSDEEP Hash
393216:+FEzH26jiwKT3OVEGJYpQUXVk3Ql2gqwaYZevPQr2LGxXH/OKCkEtjQH:I6jiwKT+JM5XV+Ql2wkPQ5W7A
Scanner Version 1.0.229.174
Database Version 2025-11-28 07:00:28 UTC

Suspicious File Detected

Detected by 7 security engines - requires caution

This file requires additional checking for potential threats. Based on suspicious indicators, we will soon add it to our virus database.
10%
Detection Rate
19,957,832
File Size (bytes)
7/70
Engines Detected
2025-11-28
Analysis Date

Scan Another File

File Identification

Hash Type Value Action
MD5
f67c76c2fae68eb45fc116a0cab7e848
SHA1
b45cda0fa19d9c73a4a257fe1aa39d0565b54c0f
SHA256
711da853c319cf82df7da5dd4ad1302b03a3e66f33244364af95ac9b02c7d739
SHA512
285c097472339b1cca76749780fbfac1a78700ee135a3ca6f20e266defe86655053235f3c5c7b37709839d5b00fb995d28a716f509492a71a7ff31c6d2543398
ImpHash
e25e89342d599ca4e402dcd69aa94d6c

Security Engines with Detections (7 of 70)

Bkav
W32.AIDetectMalware Malicious
Skyhigh
Artemis Malicious
Rising
Trojan.Generic!8.C3 (CLOUD) Malicious
McAfeeD
ti!711DA853C319 Malicious
VBA32
BScope.Trojan.Wacatac Malicious
Malwarebytes
Adware.SpecialSearchOffer Malicious
TrellixENS
Artemis!F67C76C2FAE6 Malicious
63 engines reported no threats - Only engines with detections are shown above for clarity

PE Analysis

Basic Information

Icon
Hash: e70ab6434b901bf0d86cad4f2e381b4b
Fuzzy: c0aeeb48c2783a270a993faae44e6ec1
dHash: 00b28eabababa600
Image Base 0x00400000
Entry Point 0x0059dbb4
Compilation Time 2025-08-13 11:40:02
Checksum 0x0130bb54 (Actual: 0x0130bb54)
OS Version 6.0
PEiD Signatures PE32 executable (GUI) Intel 80386, for MS Windows
Digital Signature OK
Imports 6 libraries
KERNEL32, USER32, COMDLG32, SHELL32, ole32, OLEAUT32
Exports 0 functions
Resources 10 Resources
Sections 5 Sections

Version Information

CompanyName Apps Receipt
FileDescription Application Handsome
FileVersion 1.0.0.0
ProductVersion 1.0.0.0
LegalCopyright Copyright 2014-2025 Handsome Receipt
ProductName Application Handsome
InternalName Handsome
Translation 0x0409 0x04b0

PE Sections

Name Virtual Address Virtual Size Raw Size Entropy Characteristics MD5
.text 0x00001000 1,994,968 bytes 1,995,264 bytes 6.24 (Normal) IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ 5B3D46BAFFEE8469DEF5F27E49EC6039
.rdata 0x001e9000 126,360 bytes 126,464 bytes 5.76 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 2E1351673FE81602383CF1BC88B24239
.data 0x00208000 617,244 bytes 585,216 bytes 8.00 (Packed/Encrypted) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE A03B485D8CA4A4C2FFFBEA46ABDDF310
.rsrc 0x0029f000 5,984 bytes 6,144 bytes 4.21 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ BD17671634159980ABCBB2E5E274B2D0
.reloc 0x002a1000 38,752 bytes 38,912 bytes 6.64 (Compressed) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ 5ACB18CD7675D38334EACA2FADEC42ED
Entropy Analysis Alert

1 section(s) with high entropy (≥7.5) detected - possible packing/encryption

1 section(s) with elevated entropy (≥6.5) - possible compression

Resource Analysis

Total Resources: 10 (5,310 bytes)
Resource Type Count Total Size Percentage
RT_ICON 2 1,040 bytes
19.6%
RT_DIALOG 4 1,752 bytes
33%
RT_STRING 1 50 bytes
0.9%
RT_GROUP_ICON 1 34 bytes
0.6%
RT_VERSION 1 704 bytes
13.3%
RT_MANIFEST 1 1,730 bytes
32.6%

Certificate Chain Analysis

Certificate Information
Product Application Handsome
Description Application Handsome
File Version 1.0.0.0
Signing Date 01:49 PM 08/13/2025 (148 days ago)
Verification Status Signed
Signers No Worries LLC; GlobalSign GCC R45 EV CodeSigning CA 2020; GlobalSign Code Signing Root R45
Counter Signers Sectigo Public Time Stamping Signer R36; Sectigo Public Time Stamping CA R36; Sectigo Public Time Stamping Root R46
Internal Name Handsome
Copyright Copyright 2014-2025 Handsome Receipt
Certificate Chain Summary
GlobalSign GCC R45 EV CodeSigning CA 2020 #1 Primary
Validity Period: 2020-07-28 00:00:00 → 2030-07-28 00:00:00
Signature Algorithm: sha256RSA
Serial Number: 77 BD 0E 05 B7 59 0B B6 1D 47 61 53 1E 3F 75 ED
No Worries LLC #2 Chain
Validity Period: 2024-09-16 19:28:59 → 2025-09-17 19:28:59
Signature Algorithm: sha256RSA
Serial Number: 2F 40 4C A2 92 B3 C1 10 FD 2B 5F 0E
Sectigo Public Time Stamping Signer R36 #3 Chain
Validity Period: 2025-03-27 00:00:00 → 2036-03-21 23:59:59
Signature Algorithm: sha384RSA
Serial Number: A4 29 3B 6E 1E DD D7 A7 34 08 87 AD 7A 4E B7 24
Sectigo Public Time Stamping CA R36 #4 Chain
Validity Period: 2021-03-22 00:00:00 → 2036-03-21 23:59:59
Signature Algorithm: sha384RSA
Serial Number: 7A 23 AE DA 53 69 96 0F 91 C8 3E 5C F4 C7 E3 3F
Sectigo Public Time Stamping Root R46 #5 Chain
Validity Period: 2021-03-22 00:00:00 → 2038-01-18 23:59:59
Signature Algorithm: sha384RSA
Serial Number: 36 C2 B0 BD 7C 1B 3A E7 A3 B3 DD 36 CB C9 75 68

✓ This file has been digitally signed and the certificate chain has been verified

  • The signature ensures file integrity and authenticity from the publisher
  • Timestamping proves when the signature was applied
Certificate Verification Status

OK

Remember: This is Result of Online Virus Scanner

Gridinsoft Anti-Malware has a much more powerful virus scanning engine. We recommend using it for a more precise diagnosis of infected systems. This brief guide will help you install our flagship product for more accurate diagnostics:

Download Anti-Malware

Keep Your System Protected

This file appears clean, but regular security maintenance is important

  1. Regular Scans: Run weekly system scans to detect new threats before they can cause damage.
  2. Keep Software Updated: Ensure your operating system and all applications have the latest security patches.
  3. Safe Browsing: Avoid suspicious websites and never download software from untrusted sources.
  4. Email Security: Be cautious with email attachments and links, even from known contacts.
Proactive Protection
7 antivirus engines detected potential threats. This could be a false positive, especially for system tools or packed software. Verify the file source and check if it's digitally signed by a trusted publisher.

Leave a Comment

Share your thoughts or insights about this file. Do you align with our conclusion?

* Your feedback could influence our rating, and rest assured, your email will remain confidential and will only be used to communicate with you if necessary.
Your Score for

Gridinsoft Anti-Malware

Stay Malware-Free: Keep Your PC Protected with Gridinsoft Anti-Malware

Gridinsoft Anti-Malware offers just that—peace of mind with a robust, user-friendly solution that’s constantly updated to combat the latest threats. Designed by cybersecurity experts, it provides real-time protection and effortless malware removal. It’s not just about detecting threats; it's about enhancing your digital life with uninterrupted security. Give it a try and experience what it feels like to browse worry-free!

Gridinsoft Anti-Malware Download Now
Gridinsoft Anti-Malware