Gridinsoft Logo
File Icon

RewriteV300R13C10SPC800.exe Trojan Heuristic Analysis

Updated 26 days ago
Checked by Malware Check
rewriteV300R13C10SPC800.exe

Technical Analysis

File Name rewriteV300R13C10SPC800.exe
File Type
PE32 executable (GUI) Intel 80386, for MS Windows
Scanner Version 1.0.231.174
Database Version 2025-12-13 20:00:23 UTC

Trojan.Heur!.03212421

Malware family: Heuristic

Heuristic detection uses behavioral analysis and pattern recognition to identify potential threats without specific signatures. This proactive approach detects suspicious code behavior that may indicate malware presence. Detection may occasionally produce false positives when legitimate software exhibits similar behavioral patterns.
N/A
Detection Rate
2,366,464
File Size (bytes)
2025-12-13
Analysis Date

Scan Another File

File Identification

Hash Type Value Action
MD5
efafefa8c2b53c17f19631d75f19cea3
SHA1
beb12c70bf2871de4254176be42b6748176a6471
SHA256
a3b6b88c4bee07b58800bcd3d545d5ee8ad805c0ea0111fb9e4b8ae9e109a94a
SHA512
3128a8493bd66da47f2a436f800451d97f8eb14c6a491c9dfe242a36cf1c905c8286b9a3bd250a76bdb71ff657266d19e45da995ab5c5e50b695dd9eb098ffbd
ImpHash
527d186806fe2e22c11bfe9cfd5a6088

PE Analysis

Basic Information

Icon
Hash: e30c6515d28309b33fcbd894cd246a79
Fuzzy: 91cde4fba302d971c8f10548c2e64234
dHash: 68eaa24c8ccc9600
Image Base 0x00400000
Entry Point 0x0060f2fd
Compilation Time 2014-08-15 01:55:16
Checksum 0x00000000 (Actual: 0x0024d7c7)
OS Version 5.1
PEiD Signatures PE32 executable (GUI) Intel 80386, for MS Windows
Digital Signature No valid SignedData structure was found.
Imports 19 libraries
Exports 0 functions
Resources 79 Resources
Sections 7 Sections

Version Information

FileDescription OntSoftwareBroadcaster Microsoft 基础类应用程序
FileVersion 1, 0, 0, 0
InternalName OntSoftwareBroadcaster
LegalCopyright 版权所有 (C)
OriginalFilename OntSoftwareBroadcaster.EXE
ProductName OntSoftwareBroadcaster 应用程序
ProductVersion 1, 0, 0, 0
Translation 0x0804 0x04b0

PE Sections

Name Virtual Address Virtual Size Raw Size Entropy Characteristics MD5
lS8TSGXu 0x00001000 2,153,516 bytes 0 bytes 0.00 (Normal) IMAGE_SCN_CNT_CODE|IMAGE_SCN_CNT_UNINITIALIZED_DATA|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE D41D8CD98F00B204E9800998ECF8427E
HWB8zP1w 0x0020f000 8,192 bytes 5,632 bytes 5.99 (Normal) IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 2CD3035FBDBCFE2F0AE1817E62BD2474
QrVbjeUa 0x00211000 2,187,264 bytes 2,183,680 bytes 7.79 (Packed/Encrypted) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 4A00450BD71E6E32FEB36D64AEC41187
LEXmTy1n 0x00427000 4,096 bytes 1,536 bytes 3.14 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 8C9CF027D41753C515977D0F65D3F7EB
niBTgJWZ 0x00428000 167,936 bytes 165,376 bytes 3.76 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ BDFC7E97E2342595952F2487FB966383
sfW0L9wz 0x00451000 4,096 bytes 1,024 bytes 6.23 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 90C2E001EDD74F2B8C72586D6794EB36
.text 0x00452000 8,192 bytes 8,192 bytes 0.48 (Normal) IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 648EA0D3F85FAFDC14659412A4D5EE2F
Entropy Analysis Alert

1 section(s) with high entropy (≥7.5) detected - possible packing/encryption

Resource Analysis

Total Resources: 79 (358,012 bytes)
Resource Type Count Total Size Percentage
BIN 1 92,630 bytes
25.9%
RT_CURSOR 16 4,800 bytes
1.3%
RT_BITMAP 2 508 bytes
0.1%
RT_ICON 15 251,832 bytes
70.3%
RT_DIALOG 7 3,216 bytes
0.9%
RT_STRING 14 2,794 bytes
0.8%
RT_GROUP_CURSOR 15 314 bytes
0.1%
RT_GROUP_ICON 6 246 bytes
0.1%
RT_VERSION 1 788 bytes
0.2%
RT_MANIFEST 1 799 bytes
0.2%
None 1 85 bytes
0%

Certificate Chain Analysis

No Digital Signatures

This file is not digitally signed.

Security Implications:
  • Cannot verify the publisher's identity
  • Increased security risk when running this file
  • May trigger security warnings on some systems

⚠ This file either lacks a digital signature or the certificate chain could not be verified
Exercise caution when executing unsigned files from unknown sources

Certificate Verification Status

No valid SignedData structure was found.

Recommendation: Verify the file source and ensure it comes from a trusted publisher.

Trojan.Heur!.03212421 Removal

Gridinsoft has the capability to identify and eliminate Trojan.Heur!.03212421 without requiring further user intervention.

Download Anti-Malware

Removal Instructions

Follow these steps to completely remove the threat from your system

  1. Start by downloading Gridinsoft Anti-Malware to your computer.
  2. Double-click on the gsam-en-install.exe file and follow the on-screen instructions to install the program.
  3. Once the installation of Gridinsoft Anti-Malware is complete, the program will open on the Scan screen.
  4. Click on the "Standard Scan" button to begin scanning your computer for threats.
  5. After the scanning process is finished, click on "Clean Now" to remove any detected threats.
  6. If prompted, restart your system to complete the removal process and ensure all threats are eliminated.
Important: Before You Start
Disconnect from the internet to prevent the malware from spreading or downloading additional threats. Run the scan in Safe Mode for better detection and removal of persistent threats.

Leave a Comment

Share your thoughts or insights about this file. Do you align with our conclusion?

Your feedback could influence our rating, and rest assured, your email will remain confidential and will only be used to communicate with you if necessary.

Your Score for
/

Gridinsoft Anti-Malware

Stay Malware-Free: Keep Your PC Protected with Gridinsoft Anti-Malware

Gridinsoft Anti-Malware offers just that—peace of mind with a robust, user-friendly solution that’s constantly updated to combat the latest threats. Designed by cybersecurity experts, it provides real-time protection and effortless malware removal. It’s not just about detecting threats; it's about enhancing your digital life with uninterrupted security. Give it a try and experience what it feels like to browse worry-free!

Gridinsoft Anti-Malware Download Now
Gridinsoft Anti-Malware