The windows 系统调校.exe File Analysis

Updated 1 year ago

Checked by Malware Check

windows 系统调校.exe

Technical Analysis

File Name	windows 系统调校.exe
File Type	Win32 EXE
Magic Bytes	`PE32 executable (GUI) Intel 80386, for MS Windows`
SSDEEP Hash	24576:n8w41MYT0mWFR6DeLC+pjJT5c+3DkUGZa:q1beL/xJtc+3DkU
Scanner Version	1.0.168.174
Database Version	2024-03-05 20:00:23 UTC

⚠

Suspicious File Detected

Detected by 9 security engines - requires caution

This file requires additional checking for potential threats. Based on suspicious indicators, we will soon add it to our virus database.

13%

Detection Rate

1,332,736

File Size (bytes)

9/71

Engines Detected

2024-03-05

Analysis Date

Scan Another File

File Identification

Hash Type	Value	Action
MD5	08ed60ef8f9e5a6586443b3a36ecd3a8
SHA1	0ba77380b1bd6ae270f66f2726ede041be20f16a
SHA256	9573b98191fe943fcfd92a819330dc98fd543e754e4f1bca55ee1b97837cdf52
SHA512	17ef62d65f8e1894dbcb2b350b5eaa2f57b5fe1fa21d2176a5bdc4cc464031ec44074f5b62f553a4f2d9f6ec2c0b1c54c20f13a4b2129cde83df2c1e4f77a9d6
ImpHash	8d813561e4ad07e9f8918a83e16f95c0

Security Engines with Detections (9 of 71)

Bkav

W32.AIDetectMalware Malicious

Skyhigh

BehavesLike.Win32.Generic.th Malicious

McAfee

Artemis!08ED60EF8F9E Malicious

Cynet

Malicious (score: 100) Malicious

APEX

Malicious Malicious

Trapmine

malicious.moderate.ml.score Malicious

Sophos

NSUDO (PUA) Malicious

SentinelOne

Static AI - Malicious PE Malicious

MaxSecure

Trojan.Malware.300983.susgen Malicious

62 engines reported no threats - Only engines with detections are shown above for clarity

PE Analysis

Basic Information

▼

Icon	Hash: c63ce263ea0e6d86f85eea3ef0d9e759 Fuzzy: ac26627340e1eca25d5a7ba14fb07717 dHash: f0d0dccee6e6f830
Image Base	`0x00400000`
Entry Point	`0x00493a73`
Compilation Time	2023-07-08 05:25:57
Checksum	0x0014acf7 (Actual: 0x0014acf7)
OS Version	5.0
PEiD Signatures	`PE32 executable (GUI) Intel 80386, for MS Windows`
Digital Signature	The PE file does not contain a certificate table.
Imports	14 libraries
Exports	0 functions
Resources	42 Resources
Sections	4 Sections

Version Information

▼

FileVersion	1.5.8
CompanyName	[email protected]
ProductName	Windows系统调校
ProductVersion	2024.3.4
Translation	0x0409 0x04b0

PE Sections

▼

Name	Virtual Address	Virtual Size	Raw Size	Entropy	Characteristics	MD5
`.text`	`0x00001000`	657,201 bytes	657,408 bytes	6.62 (Compressed)	`IMAGE_SCN_CNT_CODE\|IMAGE_SCN_MEM_EXECUTE\|IMAGE_SCN_MEM_READ`	`6CC0324F1402F1DAE84A24BA7B553766`
`.rdata`	`0x000a2000`	146,966 bytes	147,456 bytes	4.82 (Normal)	`IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ`	`5920A614DA28CF6F1D2C504D7BB4B24E`
`.data`	`0x000c6000`	36,772 bytes	13,312 bytes	3.92 (Normal)	`IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ\|IMAGE_SCN_MEM_WRITE`	`93D8510A6FC7AF6DFFBC32C027387D7B`
`.rsrc`	`0x000cf000`	513,324 bytes	513,536 bytes	6.57 (Compressed)	`IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ`	`82FC84C792E32C19F557A1F7806A4B03`

Entropy Analysis Alert

2 section(s) with elevated entropy (≥6.5) - possible compression

Resource Analysis

▼

Total Resources: 42 (508,896 bytes)

Resource Type	Count	Total Size	Percentage
RT_ICON	6	29,584 bytes	5.8%
RT_MENU	1	712 bytes	0.1%
RT_DIALOG	1	232 bytes	0%
RT_RCDATA	27	476,550 bytes	93.6%
RT_GROUP_ICON	5	114 bytes	0%
RT_VERSION	1	436 bytes	0.1%
RT_MANIFEST	1	1,268 bytes	0.2%

Certificate Chain Analysis

▼

Certificate Information

Product	Windows系统调校
File Version	1.5.8

✓ This file has been digitally signed and the certificate chain has been verified

The signature ensures file integrity and authenticity from the publisher
Timestamping proves when the signature was applied

Certificate Verification Status

The PE file does not contain a certificate table.

Recommendation: Verify the file source and ensure it comes from a trusted publisher.

Remember: This is Result of Online Virus Scanner

Gridinsoft Anti-Malware has a much more powerful virus scanning engine. We recommend using it for a more precise diagnosis of infected systems. This brief guide will help you install our flagship product for more accurate diagnostics:

Download Anti-Malware

Keep Your System Protected

This file appears clean, but regular security maintenance is important

Regular Scans: Run weekly system scans to detect new threats before they can cause damage.
Keep Software Updated: Ensure your operating system and all applications have the latest security patches.
Safe Browsing: Avoid suspicious websites and never download software from untrusted sources.
Email Security: Be cautious with email attachments and links, even from known contacts.

Proactive Protection

9 antivirus engines detected potential threats. This could be a false positive, especially for system tools or packed software. Verify the file source and check if it's digitally signed by a trusted publisher.

Share your thoughts or insights about this file. Do you align with our conclusion?

* Your feedback could influence our rating, and rest assured, your email will remain confidential and will only be used to communicate with you if necessary.

Your Score for

5 4 3 2 1