The badata_x64.dll File Analysis

Updated 1 month ago

Checked by Malware Check

badata_x64.dll

Technical Analysis

File Name	badata_x64.dll
File Type	Win32 DLL
Magic Bytes	`PE32+ executable (DLL) (console) x86-64, for MS Windows`
SSDEEP Hash	98304:t8ocMa2hVtltuaKs5lE1PQm7dBOoMY3K+4T+Un:t8oNa2hVtltuaKs5lqPhH
Scanner Version	1.0.227.174
Database Version	2025-10-09 23:00:14 UTC

⚠

Suspicious File Detected

Detected by 37 security engines - requires caution

This file requires additional checking for potential threats. Based on suspicious indicators, we will soon add it to our virus database.

52%

Detection Rate

4,201,984

File Size (bytes)

37/71

Engines Detected

2025-10-09

Analysis Date

Scan Another File

File Identification

Hash Type	Value	Action
MD5	0cd1f09251c4282c3a53cf0a2763f360
SHA1	4c8dd36fabb865160608b5dc5a6179b7a7ef3bb4
SHA256	91e17bdd7879176bfa617c765049d2110c08f1aa75d954228044d77d4b536405
SHA512	79e73145dcec2f34d587f56ce2963190b311dd11258440c725f6c07c07c5a5e73726e8014ea8e3cf6ba909ec363b748476317b415b3946843503e75ded39f481
ImpHash	5577390a221143e6c84c72ee9b135055

Security Engines with Detections (37 of 71)

Lionic

Trojan.Win32.Rugmi.4!c Malicious

AVG

FileRepMalware [Misc] Malicious

Elastic

malicious (high confidence) Malicious

MicroWorld-eScan

Trojan.Generic.35918452 Malicious

CTX

dll.trojan.rugmi Malicious

CAT-QuickHeal

Trojan.Ghanarava.172475406463f360 Malicious

McAfee

Artemis!0CD1F09251C4 Malicious

Zillya

Downloader.Rugmi.Win64.242 Malicious

Symantec

ML.Attribute.HighConfidence Malicious

ESET-NOD32

a variant of Win64/TrojanDownloader.Rugmi.BJ Malicious

Paloalto

generic.ml Malicious

GData

Trojan.Generic.35918452 Malicious

Kaspersky

UDS:DangerousObject.Multi.Generic Malicious

BitDefender

Trojan.Generic.35918452 Malicious

Avast

FileRepMalware [Misc] Malicious

Tencent

Malware.Win32.Gencirc.14138d3f Malicious

Emsisoft

Trojan.Generic.35918452 (B) Malicious

F-Secure

Trojan.TR/Rugmi.eqpej Malicious

VIPRE

Trojan.Generic.35918452 Malicious

TrendMicro

TROJ_GEN.R002C0DET24 Malicious

McAfeeD

ti!91E17BDD7879 Malicious

Sophos

Mal/Generic-S Malicious

FireEye

Trojan.Generic.35918452 Malicious

Varist

W64/ABRisk.NMNW-2324 Malicious

Avira

TR/Rugmi.eqpej Malicious

Arcabit

Trojan.Generic.D2241274 Malicious

Microsoft

TrojanDownloader:Win64/Rugmi.HNH!MTB Malicious

Google

Detected Malicious

AhnLab-V3

Infostealer/Win.LummaC2.R648446 Malicious

ALYac

Trojan.Generic.35918452 Malicious

Cylance

Unsafe Malicious

Panda

Trj/Chgt.AD Malicious

TrendMicro-HouseCall

TROJ_GEN.R002C0DET24 Malicious

Rising

Downloader.Rugmi!8.11816 (CLOUD) Malicious

Ikarus

Trojan-Downloader.Win64.Rugmi Malicious

Fortinet

W64/Rugmi.BJ!tr.dldr Malicious

DeepInstinct

MALICIOUS Malicious

34 engines reported no threats - Only engines with detections are shown above for clarity

PE Analysis

Basic Information

▼

Image Base	`0x180000000`
Entry Point	`0x180278154`
Compilation Time	2023-02-08 22:45:00
Checksum	0x00403d30 (Actual: 0x0040602b)
OS Version	6.0
PEiD Signatures	`PE32+ executable (DLL) (console) x86-64, for MS Windows`
Digital Signature	No valid SignedData structure was found.
Imports	18 libraries
Exports	232 functions
Resources	2 Resources
Sections	6 Sections

PE Sections

▼

Name	Virtual Address	Virtual Size	Raw Size	Entropy	Characteristics	MD5
`.text`	`0x00001000`	2,891,692 bytes	2,891,776 bytes	6.40 (Normal)	`IMAGE_SCN_CNT_CODE\|IMAGE_SCN_MEM_EXECUTE\|IMAGE_SCN_MEM_READ`	`B9CE5A990FF06F4BDB371199789F75B8`
`.rdata`	`0x002c3000`	1,042,824 bytes	1,042,944 bytes	4.63 (Normal)	`IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ`	`F5FFD175E7DAFDA5682A83FF324E0462`
`.data`	`0x003c2000`	1,140,020 bytes	55,808 bytes	4.90 (Normal)	`IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ\|IMAGE_SCN_MEM_WRITE`	`EAC8770C17A2954BFB31DA60D6401712`
`.pdata`	`0x004d9000`	137,544 bytes	137,728 bytes	6.30 (Normal)	`IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ`	`DF64E50825DD96A00EAF8BF305AE8FB2`
`.rsrc`	`0x004fb000`	1,321 bytes	1,536 bytes	4.98 (Normal)	`IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ`	`0CE30680C556F6D9FF405A1E8C54D237`
`.reloc`	`0x004fc000`	70,820 bytes	71,168 bytes	5.45 (Normal)	`IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_DISCARDABLE\|IMAGE_SCN_MEM_READ`	`94A4EBE2AA4602CB418DB1A694C41D1A`

Resource Analysis

▼

Total Resources: 2 (1,184 bytes)

Resource Type	Count	Total Size	Percentage
RT_MANIFEST	2	1,184 bytes	100%

Certificate Chain Analysis

▼

No Digital Signatures

This file is not digitally signed.

Security Implications:

Cannot verify the publisher's identity
Increased security risk when running this file
May trigger security warnings on some systems

⚠ This file either lacks a digital signature or the certificate chain could not be verified
Exercise caution when executing unsigned files from unknown sources

Certificate Verification Status

No valid SignedData structure was found.

Recommendation: Verify the file source and ensure it comes from a trusted publisher.

Remember: This is Result of Online Virus Scanner

Gridinsoft Anti-Malware has a much more powerful virus scanning engine. We recommend using it for a more precise diagnosis of infected systems. This brief guide will help you install our flagship product for more accurate diagnostics:

Download Anti-Malware

Keep Your System Protected

This file appears clean, but regular security maintenance is important

Regular Scans: Run weekly system scans to detect new threats before they can cause damage.
Keep Software Updated: Ensure your operating system and all applications have the latest security patches.
Safe Browsing: Avoid suspicious websites and never download software from untrusted sources.
Email Security: Be cautious with email attachments and links, even from known contacts.

Proactive Protection

37 antivirus engines detected potential threats. This could be a false positive, especially for system tools or packed software. Verify the file source and check if it's digitally signed by a trusted publisher.

Share your thoughts or insights about this file. Do you align with our conclusion?

* Your feedback could influence our rating, and rest assured, your email will remain confidential and will only be used to communicate with you if necessary.

Your Score for

5 4 3 2 1

The badata_x64.dll File Analysis

Technical Analysis

Suspicious File Detected

Scan Another File

File Identification

Security Engines with Detections (37 of 71)

PE Analysis

Basic Information

PE Sections

Resource Analysis

Certificate Chain Analysis

No Digital Signatures

Security Implications:

Certificate Verification Status

Remember: This is Result of Online Virus Scanner

Keep Your System Protected

Leave a Comment

Gridinsoft Anti-Malware