The ExLoader_Installer.exe File Analysis

Updated 2 years ago

Checked by Malware Check

ExLoader_Installer.exe

Technical Analysis

File Name	ExLoader_Installer.exe
File Type	PE32+ executable (GUI) x86-64, for MS Windows, RAR self-extracting archive
Scanner Version	1.0.179.174
Database Version	2024-06-20 00:00:28 UTC

✓

Clean File

No threats detected by our scanner

Detection Rate

22,326,681

File Size (bytes)

2024-06-20

Analysis Date

Scan Another File

File Identification

Hash Type	Value	Action
MD5	650a1cce61876f1a3739e398c720893f
SHA1	377998a6fb0d5ff55cec8a015cd7c7cf10f555d3
SHA256	8ed9a032b5f21c4b12bb76dd191e08af6943083c0619fdb07a8e2fff2c2bae03
SHA512	495306321bafc3d85bce9978423828e24d0e71a82d08833cc2b566af5f78a550e72d1962890bc5fb252ef44f103b8fbc6ad90490607d797ea6376ae37e0a7f20
ImpHash	9d6872d1f450876f7f0d8dc687f29c79

PE Analysis

Basic Information

▼

Icon	Hash: 3328a26fe8bdc0cb6f02f571fb32ecdb Fuzzy: e26b3fce8b3ff6c13f2d06057321df84 dHash: cc8e616565618ecc
Image Base	`0x140000000`
Entry Point	`0x14000ce80`
Compilation Time	2009-08-16 11:05:40
Checksum	0x00000000 (Actual: 0x01558751)
OS Version	5.2
PEiD Signatures	`PE32+ executable (GUI) x86-64, for MS Windows, RAR self-extracting archive`
PDB Path	`d:\Projects\WinRAR\SFX\build\sfxrar64\Release\sfxrar.pdb`
Digital Signature	The PE file does not contain a certificate table.
Imports	9 libraries COMCTL32, KERNEL32, USER32, GDI32, COMDLG32, ADVAPI32, SHELL32, ole32, OLEAUT32
Exports	0 functions
Resources	27 Resources
Sections	6 Sections

PE Sections

▼

Name	Virtual Address	Virtual Size	Raw Size	Entropy	Characteristics	MD5
`.text`	`0x00001000`	85,696 bytes	86,016 bytes	6.40 (Normal)	`IMAGE_SCN_CNT_CODE\|IMAGE_SCN_MEM_EXECUTE\|IMAGE_SCN_MEM_READ`	`A0A37054BDBD8CDE49937A76ACEE062B`
`.rdata`	`0x00016000`	10,115 bytes	10,240 bytes	5.16 (Normal)	`IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ`	`CA0872A0970BC5CA07BB82DE51869635`
`.data`	`0x00019000`	50,472 bytes	1,024 bytes	2.22 (Normal)	`IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ\|IMAGE_SCN_MEM_WRITE`	`72D0FB7E51E5940A32C243D681C698B4`
`.pdata`	`0x00026000`	3,912 bytes	4,096 bytes	4.76 (Normal)	`IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ`	`AE1E459469E0D74DE12D0E33D4ED2626`
`.CRT`	`0x00027000`	32 bytes	512 bytes	0.33 (Normal)	`IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ`	`E2F5E7579905A33CF31201AC9B77A7E2`
`.rsrc`	`0x00028000`	114,296 bytes	114,688 bytes	7.14 (Compressed)	`IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ`	`381C265324E88E7058901EC4B8234B56`

Entropy Analysis Alert

1 section(s) with elevated entropy (≥6.5) - possible compression

Resource Analysis

▼

Total Resources: 27 (112,682 bytes)

Resource Type	Count	Total Size	Percentage
RT_BITMAP	1	2,998 bytes	2.7%
RT_ICON	13	102,442 bytes	90.9%
RT_DIALOG	6	2,844 bytes	2.5%
RT_STRING	5	2,746 bytes	2.4%
RT_GROUP_ICON	1	188 bytes	0.2%
RT_MANIFEST	1	1,464 bytes	1.3%

Certificate Chain Analysis

▼

No Digital Signatures

This file is not digitally signed.

Security Implications:

Cannot verify the publisher's identity
Increased security risk when running this file
May trigger security warnings on some systems

⚠ This file either lacks a digital signature or the certificate chain could not be verified
Exercise caution when executing unsigned files from unknown sources

Certificate Verification Status

The PE file does not contain a certificate table.

Recommendation: Verify the file source and ensure it comes from a trusted publisher.

Remember: This is Result of Online Virus Scanner

Gridinsoft Anti-Malware has a much more powerful virus scanning engine. We recommend using it for a more precise diagnosis of infected systems. This brief guide will help you install our flagship product for more accurate diagnostics:

Download Anti-Malware

Keep Your System Protected

This file appears clean, but regular security maintenance is important

1
Weekly Quick Scans: Set a reminder to run a scan every Sunday. Most infections are caught within the first week, so regular checks give you peace of mind.
2
Update Everything: Those annoying update popups exist for a reason — they patch security holes. Windows, browsers, Adobe, Java — keep them all current.
3
Download Smart: Stick to official websites and app stores. If a "free" version of paid software sounds too good to be true, it probably comes with unwanted extras.
4
Think Before You Click: Malware loves email attachments and "urgent" links. Even if an email looks like it's from your bank or a friend, verify suspicious requests through a different channel.

Proactive Protection

This file looks clean right now, but that doesn't mean you should let your guard down. New malware appears daily, and even legit files can be compromised after download. When in doubt, verify the source and check for a digital signature.

Share your thoughts or insights about this file. Do you align with our conclusion?

Your feedback could influence our rating, and rest assured, your email will remain confidential and will only be used to communicate with you if necessary.

Signed in via Gridinsoft Portal · View profile

Your Score for

5 4 3 2 1

Gridinsoft Anti-Malware

Stay Malware-Free: Keep Your PC Protected with Gridinsoft Anti-Malware

Gridinsoft Anti-Malware offers just that—peace of mind with a robust, user-friendly solution that’s constantly updated to combat the latest threats. Designed by cybersecurity experts, it provides real-time protection and effortless malware removal. It’s not just about detecting threats; it's about enhancing your digital life with uninterrupted security. Give it a try and experience what it feels like to browse worry-free!

Gridinsoft Anti-Malware Download Now