Gridinsoft Logo
File Icon

The R y o В о о t s t r p.exe (SSuite Lemon Juice Startup) File Analysis

Updated 1 month ago
Checked by Malaware Check
R y o В о о t s t r p.exe

Technical Analysis

File Name R y o В о о t s t r p.exe
File Type
Win32 EXE
Magic Bytes PE32 executable (GUI) Intel 80386, for MS Windows
SSDEEP Hash
49152:zU19nN7cXhVR+lOq4U/ng84PkSCW5hD2HWp6wI:zgIXwOq4U/ng848SJ5hDwWpLI
Scanner Version 1.0.213.174
Database Version 2025-04-13 12:00:32 UTC

Suspicious File Detected

Detected by 12 security engines - requires caution

This file requires additional checking for potential threats. Based on suspicious indicators, we will soon add it to our virus database.
17%
Detection Rate
9,980,689
File Size (bytes)
12/71
Engines Detected
2025-04-13
Analysis Date

Scan Another File

File Identification

Hash Type Value Action
MD5
b3335de1188b43c0eefa4c5940f906b7
SHA1
51d4aad79a37da3ed57c89c0fa0cb67d9acbc81b
SHA256
9bccd9c4359a463f6163d162b7e3cb2c2e26a403c8e803efe1b2695489f1aaee
SHA512
984425826d8cb382ea0267c8645e14d1a2cbebdf3e1889a0e0554a2abee957c4c96b551213b17a8292f91ee790299c3db697e96892a7e7ab4f01d702599900e9
ImpHash
a321d2a8c7b35bfed94d87f1b43b454a

Security Engines with Detections (12 of 71)

Bkav
W32.AIDetectMalware Malicious
McAfee
Artemis!B3335DE1188B Malicious
Cylance
Unsafe Malicious
CrowdStrike
win/malicious_confidence_60% (W) Malicious
VirIT
Trojan.Win32.GenHeur.B Malicious
Rising
Trojan.Injector!1.127AD (CLASSIC) Malicious
Google
Detected Malicious
McAfeeD
ti!9BCCD9C4359A Malicious
Trapmine
malicious.moderate.ml.score Malicious
Varist
W32/ABTrojan.PWFJ-3120 Malicious
Antiy-AVL
GrayWare/Win32.Wacapew Malicious
Microsoft
Program:Win32/Wacapew.C!ml Malicious
59 engines reported no threats - Only engines with detections are shown above for clarity

PE Analysis

Basic Information

Icon
Hash: 8724f7aa9327c527026e8cddb3a3e24d
Fuzzy: 5a7cd7c551614e9d4e996d8eb3cc27d2
dHash: 91d8dc9aa4a4b030
Image Base 0x00400000
Entry Point 0x00465010
Compilation Time 1992-06-19 22:22:17
Checksum 0x0227eb4c (Actual: 0x00991247)
OS Version 4.0
PEiD Signatures PE32 executable (GUI) Intel 80386, for MS Windows
Digital Signature The expected hash does not match the digest in SpcInfo
Imports 8 libraries
kernel32, user32, advapi32, oleaut32, gdi32, ole32, comctl32, shell32
Exports 0 functions
Resources 76 Resources
Sections 8 Sections

Version Information

CompanyName Van Loo Software(TM)
FileDescription SSuite Lemon Juice Startup
FileVersion 2.8.8.8
InternalName Lemon Startup Menu
LegalCopyright © 2000 - 2037 - Van Loo Software
LegalTrademarks Van Loo Software(TM)
OriginalFilename LemonJuiceStartMenu.exe
ProductName SSuite® Application
ProductVersion 2.8.8.8
Comments Just Fabulous... A modern office suite - Final Release.
SpecialBuild Advanced Research and Development Devision.
Translation 0x0409 0x04e4

PE Sections

Name Virtual Address Virtual Size Raw Size Entropy Characteristics MD5
CODE 0x00001000 409,752 bytes 410,112 bytes 6.57 (Compressed) IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ 4D2037DD8E4F1E233DCB7E2A1D73D32A
DATA 0x00066000 4,744 bytes 5,120 bytes 3.99 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 95445F185E128116272DBD0A3A3194F9
BSS 0x00068000 3,357 bytes 0 bytes 0.00 (Normal) IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE D41D8CD98F00B204E9800998ECF8427E
.idata 0x00069000 9,064 bytes 9,216 bytes 5.00 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE A3485F92BA7942086A8455577B79E4BA
.tls 0x0006c000 16 bytes 0 bytes 0.00 (Normal) IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE D41D8CD98F00B204E9800998ECF8427E
.rdata 0x0006d000 24 bytes 512 bytes 0.20 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_SHARED|IMAGE_SCN_MEM_READ B6D60441B9C5EA63C9B046B550A12C69
.reloc 0x0006e000 27,792 bytes 28,160 bytes 6.65 (Compressed) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_SHARED|IMAGE_SCN_MEM_READ 68559EAD5A0A4DC9B44FEAC821D51436
.rsrc 0x00075000 2,143,744 bytes 2,143,744 bytes 5.17 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_SHARED|IMAGE_SCN_MEM_READ 4671B2ADD8CA5D518861074C45B95E27
Entropy Analysis Alert

2 section(s) with elevated entropy (≥6.5) - possible compression

Resource Analysis

Total Resources: 76 (1,870,600 bytes)
Resource Type Count Total Size Percentage
RT_CURSOR 9 2,772 bytes
0.1%
RT_BITMAP 22 7,196 bytes
0.4%
RT_ICON 13 1,564,392 bytes
83.6%
RT_DIALOG 1 82 bytes
0%
RT_STRING 16 9,532 bytes
0.5%
RT_RCDATA 3 284,415 bytes
15.2%
RT_GROUP_CURSOR 9 180 bytes
0%
RT_GROUP_ICON 1 188 bytes
0%
RT_VERSION 1 1,172 bytes
0.1%
RT_MANIFEST 1 671 bytes
0%

Certificate Chain Analysis

Certificate Information
Product SSuite® Application
Description SSuite Lemon Juice Startup
File Version 2.8.8.8
Original Name LemonJuiceStartMenu.exe
Signing Date 02:47 AM 03/18/2025 (81 days ago)
Verification Status The digital signature of the object did not verify.
Signers Wondershare Technology Group Co.,Ltd; DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1; DigiCert Trusted Root G4; DigiCert
Counter Signers DigiCert Timestamp 2024; DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA; DigiCert Trusted Root G4; DigiCert
Internal Name Lemon Startup Menu
Copyright © 2000 - 2037 - Van Loo Software
Certificate Chain Summary
DigiCert Trusted Root G4 #1 Primary
Validity Period: 2022-08-01 00:00:00 → 2031-11-09 23:59:59
Signature Algorithm: sha384RSA
Serial Number: 0E 9B 18 8E F9 D0 2D E7 EF DB 50 E2 08 40 18 5A
DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA #2 Chain
Validity Period: 2022-03-23 00:00:00 → 2037-03-22 23:59:59
Signature Algorithm: sha256RSA
Serial Number: 07 36 37 B7 24 54 7C D8 47 AC FD 28 66 2A 5E 5B
DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1 #3 Chain
Validity Period: 2021-04-29 00:00:00 → 2036-04-28 23:59:59
Signature Algorithm: sha384RSA
Serial Number: 08 AD 40 B2 60 D2 9C 4C 9F 5E CD A9 BD 93 AE D9
DigiCert Timestamp 2024 #4 Chain
Validity Period: 2024-09-26 00:00:00 → 2035-11-25 23:59:59
Signature Algorithm: sha256RSA
Serial Number: 0B AE 66 BC 5A BA 7F 95 87 C6 F9 E9 04 E3 33 04
Wondershare Technology Group Co.,Ltd #5 Chain
Validity Period: 2022-04-15 00:00:00 → 2025-04-05 23:59:59
Signature Algorithm: sha256RSA
Serial Number: 0E 59 B2 10 F4 02 BB 48 03 BE EC 5B 21 01 30 C5

✓ This file has been digitally signed and the certificate chain has been verified

  • The signature ensures file integrity and authenticity from the publisher
  • Timestamping proves when the signature was applied
Certificate Verification Status

The expected hash does not match the digest in SpcInfo

Recommendation: Verify the file source and ensure it comes from a trusted publisher.

Remember: This is Result of Online Virus Scanner

Gridinsoft Anti-Malware has a much more powerful virus scanning engine. We recommend using it for a more precise diagnosis of infected systems. This brief guide will help you install our flagship product for more accurate diagnostics:

Download Anti-Malware

Keep Your System Protected

This file appears clean, but regular security maintenance is important

  1. Regular Scans: Run weekly system scans to detect new threats before they can cause damage.
  2. Keep Software Updated: Ensure your operating system and all applications have the latest security patches.
  3. Safe Browsing: Avoid suspicious websites and never download software from untrusted sources.
  4. Email Security: Be cautious with email attachments and links, even from known contacts.
Proactive Protection
12 antivirus engines detected potential threats. This could be a false positive, especially for system tools or packed software. Verify the file source and check if it's digitally signed by a trusted publisher.

Leave a Comment

Share your thoughts or insights about this file. Do you align with our conclusion?

* Your feedback could influence our rating, and rest assured, your email will remain confidential and will only be used to communicate with you if necessary.
Your Score for

Gridinsoft Anti-Malware

Cure your PC from any kind of malware

GridinSoft Anti-Malware will help you to protect your computer from spyware, trojans, backdoors, rootkits. It cleans your system from annoying advertisement modules and other malicious stuff developed by hackers.

Anti-Malware Download Now
Gridinsoft Anti-Malware