Gridinsoft Logo

The Nolva MC.exe File Analysis

Updated 3 days ago
Checked by Malware Check
Nolva MC.exe

Technical Analysis

File Name Nolva MC.exe
File Type
Win32 EXE
Magic Bytes PE32+ executable (console) x86-64, for MS Windows
SSDEEP Hash
196608:bzoZ+OpN8UEaYqJOs8aHm5yYJJfPMVBlfjJWmxJz/M2oO:n1p3qYN93PMVHjcAl02
Scanner Version 1.0.222.174
Database Version 2025-08-07 02:00:35 UTC

Suspicious File Detected

Detected by 41 security engines - requires caution

This file requires additional checking for potential threats. Based on suspicious indicators, we will soon add it to our virus database.
57%
Detection Rate
8,544,768
File Size (bytes)
41/72
Engines Detected
2025-08-07
Analysis Date

Scan Another File

File Identification

Hash Type Value Action
MD5
e9c07be0b6c59a985a04b7a276a02635
SHA1
30fbdafbca3ac5dade4361b46414b1836d5b6b18
SHA256
a048978d064f9db9e8970f85318074dd44485ebf5b253e88173ad31fb70f67d7
SHA512
957fb7ec08cadca6bb7f3c0bcf7613f6fffce593f50574e456a0c3809c662fd80f86d1adbba660532975b48b9ac99b3edc6404170a4a0054053c01732b5c7bc0
ImpHash
3f68fb3feff1800d16813a1feccc3eaf

Security Engines with Detections (41 of 72)

Bkav
W64.AIDetectMalware Malicious
AVG
Win64:MalwareX-gen [Bd] Malicious
Elastic
malicious (high confidence) Malicious
MicroWorld-eScan
Trojan.Generic.38295671 Malicious
CTX
exe.trojan.enigma Malicious
Skyhigh
BehavesLike.Win64.Trojan.rc Malicious
ALYac
Trojan.Generic.38295671 Malicious
Cylance
Unsafe Malicious
Sangfor
Trojan.Win32.Save.a Malicious
K7AntiVirus
Trojan ( 005822311 ) Malicious
K7GW
Trojan ( 005822311 ) Malicious
CrowdStrike
win/malicious_confidence_100% (W) Malicious
Symantec
ML.Attribute.HighConfidence Malicious
tehtris
Generic.Malware Malicious
Cynet
Malicious (score: 100) Malicious
Paloalto
generic.ml Malicious
Kaspersky
Backdoor.Win64.Bedep.dcr Malicious
BitDefender
Trojan.Generic.38295671 Malicious
Avast
Win64:MalwareX-gen [Bd] Malicious
Rising
[email protected] (TAGGANT:3I/0cs8pJWoNr59Fx+mO7g) Malicious
Emsisoft
Trojan.Generic.38295671 (B) Malicious
VIPRE
Trojan.Generic.38295671 Malicious
McAfeeD
Real Protect-LS!E9C07BE0B6C5 Malicious
SentinelOne
Static AI - Suspicious PE Malicious
Trapmine
malicious.high.ml.score Malicious
Sophos
Mal/Generic-S Malicious
Ikarus
Trojan.Win64.Enigma Malicious
Varist
W64/Enigma.G.gen!Eldorado Malicious
Microsoft
Trojan:Win32/Kepavll!rfn Malicious
Arcabit
Trojan.Generic.D2485877 Malicious
GData
Win64.Trojan.Agent.CKH5S0 Malicious
Google
Detected Malicious
VBA32
Backdoor.Win64.Bedep Malicious
Malwarebytes
Malware.Heuristic.2120 Malicious
Tencent
Malware.Win32.Gencirc.14718807 Malicious
TrellixENS
Artemis!E9C07BE0B6C5 Malicious
MaxSecure
Trojan.Malware.346498972.susgen Malicious
Fortinet
W32/PossibleThreat Malicious
Zoner
Probably Heur.ExeHeaderL Malicious
DeepInstinct
MALICIOUS Malicious
alibabacloud
VirTool:Win/Wacatac.B9nj Malicious
31 engines reported no threats - Only engines with detections are shown above for clarity

PE Analysis

Basic Information

Image Base 0x140000000
Entry Point 0x14291f984
Compilation Time 2025-04-22 16:39:09
Checksum 0x00000000 (Actual: 0x0082eb1f)
OS Version 6.0
PEiD Signatures PE32+ executable (console) x86-64, for MS Windows
Digital Signature No valid SignedData structure was found.
Imports 31 libraries
Exports 0 functions
Resources 1 Resources
Sections 9 Sections

PE Sections

Name Virtual Address Virtual Size Raw Size Entropy Characteristics MD5
0x00001000 1,261,568 bytes 598,016 bytes 8.00 (Packed/Encrypted) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE A03A8543D727395F8CE9BEF1ABBCE070
0x00135000 319,488 bytes 146,944 bytes 8.00 (Packed/Encrypted) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE F4C52F5723068F4132230BF45A31B46B
0x00183000 196,608 bytes 81,408 bytes 8.00 (Packed/Encrypted) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE FAC7A2249CFFDACE8C210CB0BB1B1EA3
0x001b3000 53,248 bytes 0 bytes 0.00 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE D41D8CD98F00B204E9800998ECF8427E
0x001c0000 4,096 bytes 0 bytes 0.00 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE D41D8CD98F00B204E9800998ECF8427E
0x001c1000 4,096 bytes 2,048 bytes 7.25 (Compressed) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE CA500139289D03C0AA48847C89D12F6A
.rsrc 0x001c2000 4,096 bytes 512 bytes 4.70 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE FCF1F4FF8584C69D78A6149B3D66E7AD
0x001c3000 33,857,536 bytes 286,208 bytes 8.00 (Packed/Encrypted) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE E7CF3678C50EED1F4F22B0657FA4AE9F
0x0220d000 7,430,144 bytes 7,428,608 bytes 7.98 (Packed/Encrypted) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE CEAB21A4E0986307BF20BEB6C07AFC72
Entropy Analysis Alert

5 section(s) with high entropy (≥7.5) detected - possible packing/encryption

1 section(s) with elevated entropy (≥6.5) - possible compression

Resource Analysis

Total Resources: 1 (381 bytes)
Resource Type Count Total Size Percentage
RT_MANIFEST 1 381 bytes
100%

Certificate Chain Analysis

Certificate Information
Certificate Chain Summary
tg167A8DE #1 Primary
Validity Period: 2019-11-20 09:58:24 → 2029-11-19 09:58:24
Signature Algorithm: sha256RSA
Serial Number: 1E B5 FF 4C 25 2B 2B A1 45 83 8E C0 7A FA CD 29 6F 57 95 99
Enigma Protector CA #2 Chain
Validity Period: 2019-02-05 16:34:15 → 2039-02-05 16:34:15
Signature Algorithm: sha256RSA
Serial Number: 2C ED 5C 2C 5D B4 B7 06 CF DF 0F 49 77 45 62 80 4F DC 00 C7

✓ This file has been digitally signed and the certificate chain has been verified

  • The signature ensures file integrity and authenticity from the publisher
  • Timestamping proves when the signature was applied
Certificate Verification Status

No valid SignedData structure was found.

Recommendation: Verify the file source and ensure it comes from a trusted publisher.

Remember: This is Result of Online Virus Scanner

Gridinsoft Anti-Malware has a much more powerful virus scanning engine. We recommend using it for a more precise diagnosis of infected systems. This brief guide will help you install our flagship product for more accurate diagnostics:

Download Anti-Malware

Keep Your System Protected

This file appears clean, but regular security maintenance is important

  1. Regular Scans: Run weekly system scans to detect new threats before they can cause damage.
  2. Keep Software Updated: Ensure your operating system and all applications have the latest security patches.
  3. Safe Browsing: Avoid suspicious websites and never download software from untrusted sources.
  4. Email Security: Be cautious with email attachments and links, even from known contacts.
Proactive Protection
41 antivirus engines detected potential threats. This could be a false positive, especially for system tools or packed software. Verify the file source and check if it's digitally signed by a trusted publisher.

Leave a Comment

Share your thoughts or insights about this file. Do you align with our conclusion?

* Your feedback could influence our rating, and rest assured, your email will remain confidential and will only be used to communicate with you if necessary.
Your Score for

Gridinsoft Anti-Malware

Cure your PC from any kind of malware

GridinSoft Anti-Malware will help you to protect your computer from spyware, trojans, backdoors, rootkits. It cleans your system from annoying advertisement modules and other malicious stuff developed by hackers.

Anti-Malware Download Now
Gridinsoft Anti-Malware