Gridinsoft Logo
File Icon

The u2211.exe File Analysis

Updated 2 minutes ago
Checked by Malware Check
u2211.exe

Technical Analysis

File Name u2211.exe
File Type
Win32 EXE
Magic Bytes PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
SSDEEP Hash
98304:fopie/X71F2R3rXGKIJo52/dECAyWrU5OcMucjhnkBqFiQUnJgzYQM:wp82PR/eXrrcMhhbc8Yt
Scanner Version 1.0.220.174
Database Version 2025-07-16 18:00:26 UTC

Suspicious File Detected

Detected by 41 security engines - requires caution

This file requires additional checking for potential threats. Based on suspicious indicators, we will soon add it to our virus database.
57%
Detection Rate
12,385,976
File Size (bytes)
41/72
Engines Detected
2025-07-16
Analysis Date

Scan Another File

File Identification

Hash Type Value Action
MD5
ee53abde16b9c747a67f08cb423fb7e0
SHA1
abe1d3699a448d1587772dd41bdbb17f1ee8dca4
SHA256
9936f31dee38051bf646499fa2ed057f4f9ecd9791cef144732dacbb0b3c5db0
SHA512
eca88569cf20b7220e58d5d7711d90c5d2508268040e897fe70759fe40bc91f86e996686c878e8bf32d3cb1ca9cf40a3e9c198d4c51a2aaed617817d1199b5e8
ImpHash
9cbefe68f395e67356e2a5d8d1b285c0

Security Engines with Detections (41 of 72)

Bkav
W32.AIDetectMalware Malicious
Lionic
Trojan.Win32.Injuke.tsFT Malicious
Elastic
malicious (moderate confidence) Malicious
MicroWorld-eScan
Application.Generic.3947592 Malicious
CTX
exe.trojan.ultrareach Malicious
CAT-QuickHeal
Trojan.Ghanarava.17522423463fb7e0 Malicious
ALYac
Application.Generic.3947592 Malicious
Malwarebytes
Malware.AI.2919961494 Malicious
Zillya
Trojan.UltraReach.Win32.92 Malicious
Sangfor
Trojan.Win32.Ultrareach.Vik9 Malicious
K7AntiVirus
Unwanted-Program ( 0058a78d1 ) Malicious
K7GW
Unwanted-Program ( 0058a78d1 ) Malicious
Symantec
Trojan.Gen.MBT Malicious
ESET-NOD32
a variant of WinGo/UltraReach.B potentially unsafe Malicious
TrendMicro-HouseCall
PUA.Win32.UltraReach.A Malicious
Paloalto
generic.ml Malicious
BitDefender
Application.Generic.3947592 Malicious
Avast
Win32:MalwareX-gen [Misc] Malicious
Emsisoft
Application.Generic.3947592 (B) Malicious
Google
Detected Malicious
F-Secure
Trojan.TR/AVI.Agent.hankr Malicious
VIPRE
Application.Generic.3947592 Malicious
TrendMicro
PUA.Win32.UltraReach.A Malicious
McAfeeD
ti!9936F31DEE38 Malicious
Trapmine
malicious.high.ml.score Malicious
Sophos
Generic Reputation PUA (PUA) Malicious
Ikarus
Trojan.WinGo.Agent Malicious
GData
Application.Generic.3947592 Malicious
Varist
W32/ABApplication.AVJY-5972 Malicious
Avira
TR/AVI.Agent.hankr Malicious
Xcitium
ApplicUnwnt@#3qwj9n3ehnh4m Malicious
Arcabit
Application.Generic.D3C3C48 Malicious
Cynet
Malicious (score: 99) Malicious
AhnLab-V3
Trojan/Win.UltraReach.C5746958 Malicious
VBA32
BScope.Backdoor.Gorsh Malicious
Cylance
Unsafe Malicious
Yandex
Trojan.Igent.b4xSXP.2 Malicious
Fortinet
Adware/UltraReach Malicious
AVG
Win32:MalwareX-gen [Misc] Malicious
DeepInstinct
MALICIOUS Malicious
alibabacloud
Trojan:Multi/UltraReach.B Malicious
31 engines reported no threats - Only engines with detections are shown above for clarity

PE Analysis

Basic Information

Icon
Hash: 77b7f622c302566d17c808bbe2b110ec
Fuzzy: 7c8df4bb4847def8af00e53e92cbcc27
dHash: 223916334b1f1f8e
Image Base 0x00400000
Entry Point 0x00466350
Compilation Time 1970-01-01 00:00:00
Checksum 0x00bd4655 (Actual: 0x00bd4655)
OS Version 6.1
PEiD Signatures PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
Digital Signature Chain verification from CN=trust_adf02073-2c46-4a83-8882-ac6d6fc622a4 (serial:16680384703250408072, sha1:2721215c82d8e7478d3159a2b7f8cf087df055f0) failed: The X.509 certificate provided is self-signed - "Common Name: trust_adf02073-2c46-4a83-8882-ac6d6fc622a4"
Imports 1 libraries
kernel32
Exports 0 functions
Resources 3 Resources
Sections 7 Sections

PE Sections

Name Virtual Address Virtual Size Raw Size Entropy Characteristics MD5
.text 0x00001000 5,628,837 bytes 5,628,928 bytes 6.02 (Normal) IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ BA5BF4202A5C3A78C0B001146CA87B6F
.rdata 0x00560000 5,811,060 bytes 5,811,200 bytes 5.81 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 8A21F3817107FF4B02ADF83D90E230D5
.data 0x00aeb000 765,772 bytes 483,328 bytes 6.81 (Compressed) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE EE7F7565F6FE5E8E78EEEA5429919E03
.idata 0x00ba6000 988 bytes 1,024 bytes 4.59 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 40CD218EAFFF971106194D668C76B46F
.reloc 0x00ba7000 299,500 bytes 299,520 bytes 6.67 (Compressed) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ 95ECC1E17E7852C64214712D59E19731
.symtab 0x00bf1000 4 bytes 512 bytes 0.02 (Normal) IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ 07B5472D347D42780469FB2654B7FC54
.rsrc 0x00bf2000 153,184 bytes 153,600 bytes 4.51 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ E0F4F89DD934F9DB33160B6EF461B0A7
Entropy Analysis Alert

2 section(s) with elevated entropy (≥6.5) - possible compression

Resource Analysis

Total Resources: 3 (152,952 bytes)
Resource Type Count Total Size Percentage
RT_ICON 1 152,104 bytes
99.4%
RT_GROUP_ICON 1 20 bytes
0%
RT_MANIFEST 1 828 bytes
0.5%

Certificate Chain Analysis

Certificate Information
Signing Date 11:55 PM 03/16/2025 (121 days ago)
Verification Status A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider.
Signers trust_adf02073-2c46-4a83-8882-ac6d6fc622a4
Certificate Chain Summary
trust_adf02073-2c46-4a83-8882-ac6d6fc622a4 #1 Primary
Validity Period: 2025-03-15 16:17:49 → 2026-03-16 04:17:49
Signature Algorithm: SHA384ECDSA
Serial Number: E7 7C A1 82 DA 19 A2 88
Globalsign TSA for CodeSign1 - R6 - 202311 #2 Chain
Validity Period: 2023-11-07 17:13:40 → 2034-12-09 17:13:40
Signature Algorithm: sha256RSA
Serial Number: 01 9B EA DE C8 4D 6B 8F F7 6C 3A 9F 2E 01 24 16
GlobalSign Timestamping CA - SHA384 - G4 #3 Chain
Validity Period: 2018-06-20 00:00:00 → 2034-12-10 00:00:00
Signature Algorithm: sha384RSA
Serial Number: 01 EC 1C 92 40 DE FD 2E 40 5D 7C 47 74
GlobalSign #4 Chain
Validity Period: 2014-12-10 00:00:00 → 2034-12-10 00:00:00
Signature Algorithm: sha384RSA
Serial Number: 45 E6 BB 03 83 33 C3 85 65 48 E6 FF 45 51

✓ This file has been digitally signed and the certificate chain has been verified

  • The signature ensures file integrity and authenticity from the publisher
  • Timestamping proves when the signature was applied
Certificate Verification Status

Chain verification from CN=trust_adf02073-2c46-4a83-8882-ac6d6fc622a4 (serial:16680384703250408072, sha1:2721215c82d8e7478d3159a2b7f8cf087df055f0) failed: The X.509 certificate provided is self-signed - "Common Name: trust_adf02073-2c46-4a83-8882-ac6d6fc622a4"

Recommendation: Verify the file source and ensure it comes from a trusted publisher.

Remember: This is Result of Online Virus Scanner

Gridinsoft Anti-Malware has a much more powerful virus scanning engine. We recommend using it for a more precise diagnosis of infected systems. This brief guide will help you install our flagship product for more accurate diagnostics:

Download Anti-Malware

Keep Your System Protected

This file appears clean, but regular security maintenance is important

  1. Regular Scans: Run weekly system scans to detect new threats before they can cause damage.
  2. Keep Software Updated: Ensure your operating system and all applications have the latest security patches.
  3. Safe Browsing: Avoid suspicious websites and never download software from untrusted sources.
  4. Email Security: Be cautious with email attachments and links, even from known contacts.
Proactive Protection
41 antivirus engines detected potential threats. This could be a false positive, especially for system tools or packed software. Verify the file source and check if it's digitally signed by a trusted publisher.

Leave a Comment

Share your thoughts or insights about this file. Do you align with our conclusion?

* Your feedback could influence our rating, and rest assured, your email will remain confidential and will only be used to communicate with you if necessary.
Your Score for

Gridinsoft Anti-Malware

Cure your PC from any kind of malware

GridinSoft Anti-Malware will help you to protect your computer from spyware, trojans, backdoors, rootkits. It cleans your system from annoying advertisement modules and other malicious stuff developed by hackers.

Anti-Malware Download Now
Gridinsoft Anti-Malware