Gridinsoft Logo
File Icon

Hesoolver v2.6.9.exe Backdoor DarkKomet Analysis

Technical Analysis

File Name Hesoolver v2.6.9.exe
File Type
PE32 executable (GUI) Intel 80386, for MS Windows
Scanner Version 1.0.153.174
Database Version 2024-01-02 10:01:37 UTC

Backdoor.Win32.DarkKomet.cld

Malware family: DarkKomet

DarkComet is a Remote Access Trojan that was misused for unauthorized system control and surveillance activities. Originally intended for legitimate purposes, it was discontinued in 2018 due to its role in surveillance operations during the Syrian conflict.
N/A
Detection Rate
664,408
File Size (bytes)
2024-01-02
Analysis Date

Scan Another File

File Identification

Hash Type Value Action
MD5
b8f02b6149a2fc9fa632836f3c0b6673
SHA1
7f2f4fbb07cbcd1be6b991fccdf0742d26c9d982
SHA256
9d7751aac737aad9873c10ebc4956b9cb3ac7c8c39b8fd59710648de4cb0524c
SHA512
b6fc67d420fceb905ed3fa85def1cea6c72a0f4703b0cfa0bbc7464d3f5eb05eac5d85d65ee0c6f57e8b795a71918b4caa86143476acdab925c4a54ce7fe37b0
ImpHash
00be6e6c4f9e287672c8301b72bdabf3

PE Analysis

Basic Information

Icon
Hash: 316b76e5987b5e4c1d1aba303023be02
Fuzzy: c62398e8c11ee9bfc56173cb3e08439b
dHash: e0e4f06969e0c4a2
Image Base 0x00400000
Entry Point 0x0041d759
Compilation Time 2019-04-27 20:03:27
Checksum 0x00000000 (Actual: 0x000a64d1)
OS Version 5.1
PEiD Signatures PE32 executable (GUI) Intel 80386, for MS Windows
PDB Path D:\Projects\WinRAR\sfx\build\sfxrar32\Release\sfxrar.pdb
Digital Signature The PE file does not contain a certificate table.
Imports 2 libraries
KERNEL32, gdiplus
Exports 0 functions
Resources 21 Resources
Sections 6 Sections

PE Sections

Name Virtual Address Virtual Size Raw Size Entropy Characteristics MD5
.text 0x00001000 190,548 bytes 190,976 bytes 6.69 (Compressed) IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ CCAD881EF663BB12D11D212AD8D163CF
.rdata 0x00030000 39,580 bytes 39,936 bytes 5.13 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ EBF57DD1488CEF86D0B062881C11F0B5
.data 0x0003a000 136,144 bytes 3,072 bytes 3.25 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 5AD01EF583F971C2DD5921663E32AD91
.gfids 0x0005c000 232 bytes 512 bytes 2.11 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ C065E0FA9D7CB760AD786F44F86F68E4
.rsrc 0x0005d000 21,124 bytes 21,504 bytes 6.52 (Compressed) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ F1CF6303833625D12B1154133F38B01A
.reloc 0x00063000 8,140 bytes 8,192 bytes 6.65 (Compressed) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ 403C5D759DBE4B1BF3C74568F06C1359
Entropy Analysis Alert

3 section(s) with elevated entropy (≥6.5) - possible compression

Resource Analysis

Total Resources: 21 (19,787 bytes)
Resource Type Count Total Size Percentage
PNG 2 8,430 bytes
42.6%
RT_ICON 1 2,216 bytes
11.2%
RT_DIALOG 6 2,942 bytes
14.9%
RT_STRING 10 4,304 bytes
21.8%
RT_GROUP_ICON 1 20 bytes
0.1%
RT_MANIFEST 1 1,875 bytes
9.5%

Certificate Chain Analysis

No Digital Signatures

This file is not digitally signed.

Security Implications:
  • Cannot verify the publisher's identity
  • Increased security risk when running this file
  • May trigger security warnings on some systems

⚠ This file either lacks a digital signature or the certificate chain could not be verified
Exercise caution when executing unsigned files from unknown sources

Certificate Verification Status

The PE file does not contain a certificate table.

Recommendation: Verify the file source and ensure it comes from a trusted publisher.

Backdoor.Win32.DarkKomet.cld Removal

Gridinsoft has the capability to identify and eliminate Backdoor.Win32.DarkKomet.cld without requiring further user intervention.

Download Anti-Malware

Removal Instructions

Follow these steps to completely remove the threat from your system

  1. Start by downloading Gridinsoft Anti-Malware to your computer.
  2. Double-click on the gsam-en-install.exe file and follow the on-screen instructions to install the program.
  3. Once the installation of Gridinsoft Anti-Malware is complete, the program will open on the Scan screen.
  4. Click on the "Standard Scan" button to begin scanning your computer for threats.
  5. After the scanning process is finished, click on "Clean Now" to remove any detected threats.
  6. If prompted, restart your system to complete the removal process and ensure all threats are eliminated.
Important: Before You Start
Disconnect from the internet to prevent the malware from spreading or downloading additional threats. Run the scan in Safe Mode for better detection and removal of persistent threats.

Leave a Comment

Share your thoughts or insights about this file. Do you align with our conclusion?

* Your feedback could influence our rating, and rest assured, your email will remain confidential and will only be used to communicate with you if necessary.
Your Score for

Gridinsoft Anti-Malware

Cure your PC from any kind of malware

GridinSoft Anti-Malware will help you to protect your computer from spyware, trojans, backdoors, rootkits. It cleans your system from annoying advertisement modules and other malicious stuff developed by hackers.

Gridinsoft Anti-Malware