Gridinsoft Logo
File Icon

Reader_br_install.exe Trojan Heuristic Analysis

Updated 2 days ago
Checked by Malware Check
Reader_br_install.exe

Technical Analysis

File Name Reader_br_install.exe
File Type
PE32+ executable (GUI) x86-64, for MS Windows
Scanner Version 1.0.218.174
Database Version 2025-06-13 01:00:13 UTC

Trojan.Heur!.00054023

Malware family: Heuristic

Heuristic detection uses behavioral analysis and pattern recognition to identify potential threats without specific signatures. This proactive approach detects suspicious code behavior that may indicate malware presence. Detection may occasionally produce false positives when legitimate software exhibits similar behavioral patterns.
N/A
Detection Rate
57,412,360
File Size (bytes)
2025-06-13
Analysis Date

Scan Another File

File Identification

Hash Type Value Action
MD5
b74e61a4fc61c0e757a3f1b3e4358418
SHA1
841f38b9a314aec9debdf213c78d07fdcdf8a1f3
SHA256
ab43082ad601fc5d14930829cdd5c9f9fd5c408246a56c1c509338021e88d8c1
SHA512
b46c58416e9b56271032e38040ede60df9ac023879f25b37b07c0034a4fe8924721b6ee918f600f12702176b17357b57f37125eeee4ad61154d57ffeb108bef5
ImpHash
9bac1b25fbfc959fd736aec995875635

PE Analysis

Basic Information

Icon
Hash: f6c6b0f2ec0aa6d8110d3b59a651aafb
Fuzzy: d3d6c59eac9fff90b534cc24c6019c59
dHash: 4db292f2d88cb40b
Image Base 0x140000000
Entry Point 0x141de1784
Compilation Time 2025-05-16 17:35:05
Checksum 0x036ca2ce (Actual: 0x036ca2ce)
OS Version 6.0
PEiD Signatures PE32+ executable (GUI) x86-64, for MS Windows
PDB Path C:\Users\developer\node.exe\temp\node-v24.0.0\out\Release\node.pdb
Digital Signature OK
Imports 12 libraries
Exports 8959 functions
Resources 5 Resources
Sections 10 Sections

Version Information

CompanyName Microsoft
ProductName Adobe Download Manager
FileDescription Adobe Download Manager
FileVersion 2.0.0.790
ProductVersion 2.0.0.790
OriginalFilename Adobe Download Manager
InternalName Microsoft
LegalCopyright Copyright 2019 Adobe Inc. All rights reserved.
Translation 0x0409 0x04b0

PE Sections

Name Virtual Address Virtual Size Raw Size Entropy Characteristics MD5
.text 0x00001000 31,634,070 bytes 31,634,432 bytes 6.47 (Normal) IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ B3ADC16D146B2E80822BC2BF76A966F3
.rdata 0x01e2d000 20,337,500 bytes 20,337,664 bytes 6.14 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ DE4E16B6A1F2CF3C89B7E46364CF3D53
.data 0x03193000 3,074,220 bytes 219,648 bytes 3.86 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE C909BD2332B39D139C474DB5E4B20685
.pdata 0x03482000 706,080 bytes 706,560 bytes 6.59 (Compressed) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 2D9612F5A43CAB4A4902298938D46EC5
.gxfg 0x0352f000 14,800 bytes 14,848 bytes 5.23 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 6542F7DE6959051F25BE0916F39C750F
.tls 0x03533000 633 bytes 1,024 bytes 0.05 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 63577E70937938D4AA322B8DD312237D
_RDATA 0x03534000 500 bytes 512 bytes 4.45 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ C45E0C9303583B75EFF4D020650D0572
malloc_h 0x03535000 15,718 bytes 12,288 bytes 0.35 (Normal) IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ 0760AF5CFECD385516554638CBD08F70
.reloc 0x03539000 153,256 bytes 153,600 bytes 5.48 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ 1A027D77C10A02D232C055908330C6C8
.rsrc 0x0355f000 4,320,256 bytes 4,320,256 bytes 7.38 (Compressed) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 858B0841225B36127504E0AB7D07847A
Entropy Analysis Alert

2 section(s) with elevated entropy (≥6.5) - possible compression

Resource Analysis

Total Resources: 5 (4,319,782 bytes)
Resource Type Count Total Size Percentage
RT_ICON 1 9,640 bytes
0.2%
RT_RCDATA 1 4,308,484 bytes
99.7%
RT_GROUP_ICON 1 20 bytes
0%
RT_VERSION 1 820 bytes
0%
RT_MANIFEST 1 818 bytes
0%

Certificate Chain Analysis

No Digital Signatures

This file is not digitally signed.

Security Implications:
  • Cannot verify the publisher's identity
  • Increased security risk when running this file
  • May trigger security warnings on some systems

⚠ This file either lacks a digital signature or the certificate chain could not be verified
Exercise caution when executing unsigned files from unknown sources

Certificate Verification Status

OK

Trojan.Heur!.00054023 Removal

Gridinsoft has the capability to identify and eliminate Trojan.Heur!.00054023 without requiring further user intervention.

Download Anti-Malware

Removal Instructions

Follow these steps to completely remove the threat from your system

  1. Start by downloading Gridinsoft Anti-Malware to your computer.
  2. Double-click on the gsam-en-install.exe file and follow the on-screen instructions to install the program.
  3. Once the installation of Gridinsoft Anti-Malware is complete, the program will open on the Scan screen.
  4. Click on the "Standard Scan" button to begin scanning your computer for threats.
  5. After the scanning process is finished, click on "Clean Now" to remove any detected threats.
  6. If prompted, restart your system to complete the removal process and ensure all threats are eliminated.
Important: Before You Start
Disconnect from the internet to prevent the malware from spreading or downloading additional threats. Run the scan in Safe Mode for better detection and removal of persistent threats.

Leave a Comment

Share your thoughts or insights about this file. Do you align with our conclusion?

* Your feedback could influence our rating, and rest assured, your email will remain confidential and will only be used to communicate with you if necessary.
Your Score for

Gridinsoft Anti-Malware

Cure your PC from any kind of malware

GridinSoft Anti-Malware will help you to protect your computer from spyware, trojans, backdoors, rootkits. It cleans your system from annoying advertisement modules and other malicious stuff developed by hackers.

Anti-Malware Download Now
Gridinsoft Anti-Malware