The Activator.exe (Activator) File Analysis

Updated 2 years ago

Checked by Malware Check

Activator.exe

Technical Analysis

File Name	Activator.exe
File Type	Win32 EXE
Magic Bytes	`PE32+ executable for MS Windows (GUI) Mono/.Net assembly`
SSDEEP Hash	98304:RDRfKca63OZubkcbt5xzmR6pdWlyVLFLOAkGkzdnEVomFHKnPs:RkV6nb/xzmRwWlyFLOyomFHKnPs
Scanner Version	1.0.138.174
Database Version	2023-09-12 18:04:49 UTC

⚠

Suspicious File Detected

Detected by 7 security engines - requires caution

This file requires additional checking for potential threats. Based on suspicious indicators, we will soon add it to our virus database.

10%

Detection Rate

7,022,356

File Size (bytes)

7/71

Engines Detected

2023-09-12

Analysis Date

Scan Another File

File Identification

Hash Type	Value	Action
MD5	a0cc254978d7d5840f89e6db70c1cf43
SHA1	52c410d6bc7503a9a8e6cde6620c3fd6da083747
SHA256	80c84ebbf8350a5b473f1612290b58d8a1fb6bad345bf0ea388c81b296a07b6a
SHA512	a2bc63c42ed1165da31e7357a1d3f95194b32f80af669e5ea5baf847fcf184af3fc5e153b208cbf0f4e850fc30bd33bcb254dfe9d379d910550497a9a9b07391
ImpHash	eedae72624d4f091b705741d88f9ef1f

Security Engines with Detections (7 of 71)

McAfee

Artemis!A0CC254978D7 Malicious

APEX

Malicious Malicious

Avast

Win64:SpywareX-gen [Trj] Malicious

McAfee-GW-Edition

Artemis!Trojan Malicious

Antiy-AVL

Trojan/Generic.ASMalwS.6C82 Malicious

Malwarebytes

Spyware.RedLineStealer Malicious

AVG

Win64:SpywareX-gen [Trj] Malicious

64 engines reported no threats - Only engines with detections are shown above for clarity

PE Analysis

Basic Information

▼

Icon	Hash: e3f5956819d8f75ee62cd4b8b1eb0a3f Fuzzy: d4eacd3397f40fc5ced536ce9bf6a509 dHash: 71f0c8ccd4c8f070
Image Base	`0x140000000`
Entry Point	`0x1401ac150`
Compilation Time	2022-07-07 19:00:20
Checksum	0x00000000 (Actual: 0x006becc9)
OS Version	6.0
PEiD Signatures	`PE32+ executable (GUI) x86-64, for MS Windows`
PDB Path	`C:\Users\User\Downloads\AppTools\AppActivator\x64\Release\Activator.pdb`
Digital Signature	The PE file does not contain a certificate table.
Imports	16 libraries
Exports	0 functions
Resources	745 Resources
Sections	7 Sections

Version Information

▼

CompanyName	TODO: <Company name>
FileDescription	Activator
FileVersion	1.0.0.1
InternalName	Activator.exe
LegalCopyright	TODO: (c) <Company name>. All rights reserved.
OriginalFilename	Activator.exe
ProductName	TODO: <Product name>
ProductVersion	1.0.0.1
Translation	0x0409 0x04b0

PE Sections

▼

Name	Virtual Address	Virtual Size	Raw Size	Entropy	Characteristics	MD5
`.text`	`0x00001000`	2,939,571 bytes	2,939,904 bytes	6.44 (Normal)	`IMAGE_SCN_CNT_CODE\|IMAGE_SCN_MEM_EXECUTE\|IMAGE_SCN_MEM_READ`	`9626B966E5CBB85654F4A3E8C525C56D`
`.rdata`	`0x002cf000`	754,340 bytes	754,688 bytes	4.96 (Normal)	`IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ`	`2D782E01E695234C1CA2FFC96843D795`
`.data`	`0x00388000`	94,504 bytes	56,832 bytes	4.52 (Normal)	`IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ\|IMAGE_SCN_MEM_WRITE`	`6FD1461C97FD4C55DA825DAB9DE11383`
`.pdata`	`0x003a0000`	131,916 bytes	132,096 bytes	6.25 (Normal)	`IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ`	`C5F9598E316E6D557FA7AAD2CC8AD1A9`
`_RDATA`	`0x003c1000`	244 bytes	512 bytes	2.47 (Normal)	`IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ`	`218EC568A3510AAE985977D0643942AA`
`.rsrc`	`0x003c2000`	3,008,456 bytes	3,008,512 bytes	5.81 (Normal)	`IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ`	`00540E7797899A489DC9D87F9FE34D94`
`.reloc`	`0x006a1000`	67,028 bytes	67,072 bytes	5.45 (Normal)	`IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_DISCARDABLE\|IMAGE_SCN_MEM_READ`	`249B8263FACDD4A53857C99804EBC7EE`

Resource Analysis

▼

Total Resources: 745 (2,922,799 bytes)

Resource Type	Count	Total Size	Percentage
AFX_DIALOG_LAYOUT	1	2 bytes	0%
PNG	553	1,012,317 bytes	34.6%
STYLE_XML	5	83,741 bytes	2.9%
RT_CURSOR	28	8,496 bytes	0.3%
RT_BITMAP	47	1,539,436 bytes	52.7%
RT_ICON	21	251,988 bytes	8.6%
RT_MENU	1	284 bytes	0%
RT_DIALOG	23	11,198 bytes	0.4%
RT_STRING	30	12,806 bytes	0.4%
RT_GROUP_CURSOR	27	554 bytes	0%
RT_GROUP_ICON	5	324 bytes	0%
RT_VERSION	1	792 bytes	0%
RT_MANIFEST	1	809 bytes	0%
None	2	52 bytes	0%

Certificate Chain Analysis

▼

Certificate Information

Product	TODO: <Product name>
Description	Activator
File Version	1.0.0.1
Original Name	Activator.exe
Internal Name	Activator.exe
Copyright	TODO: (c) <Company name>. All rights reserved.

✓ This file has been digitally signed and the certificate chain has been verified

The signature ensures file integrity and authenticity from the publisher
Timestamping proves when the signature was applied

Certificate Verification Status

The PE file does not contain a certificate table.

Recommendation: Verify the file source and ensure it comes from a trusted publisher.

Remember: This is Result of Online Virus Scanner

Gridinsoft Anti-Malware has a much more powerful virus scanning engine. We recommend using it for a more precise diagnosis of infected systems. This brief guide will help you install our flagship product for more accurate diagnostics:

Download Anti-Malware

Keep Your System Protected

This file appears clean, but regular security maintenance is important

Regular Scans: Run weekly system scans to detect new threats before they can cause damage.
Keep Software Updated: Ensure your operating system and all applications have the latest security patches.
Safe Browsing: Avoid suspicious websites and never download software from untrusted sources.
Email Security: Be cautious with email attachments and links, even from known contacts.

Proactive Protection

7 antivirus engines detected potential threats. This could be a false positive, especially for system tools or packed software. Verify the file source and check if it's digitally signed by a trusted publisher.

Share your thoughts or insights about this file. Do you align with our conclusion?

* Your feedback could influence our rating, and rest assured, your email will remain confidential and will only be used to communicate with you if necessary.

Your Score for

5 4 3 2 1