Gridinsoft Logo
File Icon

LDPlayer3_es_1317_ld.exe PUP ChinAd Analysis

Updated 7 months ago
Checked by Malaware Check
LDPlayer3_es_1317_ld.exe

Technical Analysis

File Name LDPlayer3_es_1317_ld.exe
File Type
PE32 executable (GUI) Intel 80386, for MS Windows
Scanner Version 1.0.195.174
Database Version 2024-10-31 02:00:17 UTC

PUP.Win32.ChinAd.mz!c

Malware family: ChinAd

N/A
Detection Rate
2,640,480
File Size (bytes)
2024-10-31
Analysis Date

Scan Another File

File Identification

Hash Type Value Action
MD5
9855e448af8561fc920d69a7b45a309b
SHA1
9ceb185e61fde58d6db6e3c4e2e7932ca53ce712
SHA256
aebbda8979b54ca3094e835ec7bffb08aca6c79480675d46bc5df75d9750a583
SHA512
a37495c629c9fd636702f1e1479b0ffd8c7b921cc914a7208478d2b9c348149634bd7736ed41d6627902e8b8e5d5316dbeb3d5783b93574a48b7fb1786fc6d6c
ImpHash
29522e0716e6af4000d6546038711263

PE Analysis

Basic Information

Icon
Hash: 599a415fd7a574e66037cf98b463ffe6
Fuzzy: 2fe91f14ee795204f060e0165ec26e43
dHash: f0cc96b2b29acaf0
Image Base 0x00400000
Entry Point 0x004ec8bc
Compilation Time 2024-08-27 09:25:08
Checksum 0x00292c77 (Actual: 0x00286f89)
OS Version 6.0
PEiD Signatures PE32 executable (GUI) Intel 80386, for MS Windows
PDB Path H:\trunk_download\downloader_en\downloader\bin\ldplayerinst.pdb
Digital Signature OK
Imports 17 libraries
Exports 0 functions
Resources 25 Resources
Sections 5 Sections

PE Sections

Name Virtual Address Virtual Size Raw Size Entropy Characteristics MD5
.text 0x00001000 1,215,414 bytes 1,215,488 bytes 6.54 (Compressed) IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ FDF30134DFA8407A6656FEAA1265C8A5
.rdata 0x0012a000 276,122 bytes 276,480 bytes 5.31 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ AF35A24F2D81D3D27663A43D4E947E2D
.data 0x0016e000 69,160 bytes 32,256 bytes 5.24 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 9FA23F9A56B9A9E928739781E17058C9
.rsrc 0x0017f000 1,030,440 bytes 1,030,656 bytes 7.92 (Packed/Encrypted) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ CF719227F5E4DF4180B536586393107C
.reloc 0x0027b000 63,156 bytes 63,488 bytes 6.59 (Compressed) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ 928EF9E538FE82A396E64B6022F2AE0B
Entropy Analysis Alert

1 section(s) with high entropy (≥7.5) detected - possible packing/encryption

2 section(s) with elevated entropy (≥6.5) - possible compression

Resource Analysis

Total Resources: 25 (1,028,983 bytes)
Resource Type Count Total Size Percentage
ZIPRES 2 901,470 bytes
87.6%
RT_ICON 16 126,162 bytes
12.3%
RT_MENU 1 80 bytes
0%
RT_DIALOG 1 296 bytes
0%
RT_STRING 1 72 bytes
0%
RT_ACCELERATOR 1 16 bytes
0%
RT_GROUP_ICON 2 236 bytes
0%
RT_MANIFEST 1 651 bytes
0.1%

Certificate Chain Analysis

No Digital Signatures

This file is not digitally signed.

Security Implications:
  • Cannot verify the publisher's identity
  • Increased security risk when running this file
  • May trigger security warnings on some systems

⚠ This file either lacks a digital signature or the certificate chain could not be verified
Exercise caution when executing unsigned files from unknown sources

Certificate Verification Status

OK

PUP.Win32.ChinAd.mz!c Removal

Gridinsoft has the capability to identify and eliminate PUP.Win32.ChinAd.mz!c without requiring further user intervention.

Download Anti-Malware

Removal Instructions

Follow these steps to completely remove the threat from your system

  1. Start by downloading Gridinsoft Anti-Malware to your computer.
  2. Double-click on the gsam-en-install.exe file and follow the on-screen instructions to install the program.
  3. Once the installation of Gridinsoft Anti-Malware is complete, the program will open on the Scan screen.
  4. Click on the "Standard Scan" button to begin scanning your computer for threats.
  5. After the scanning process is finished, click on "Clean Now" to remove any detected threats.
  6. If prompted, restart your system to complete the removal process and ensure all threats are eliminated.
Important: Before You Start
Disconnect from the internet to prevent the malware from spreading or downloading additional threats. Run the scan in Safe Mode for better detection and removal of persistent threats.

Leave a Comment

Share your thoughts or insights about this file. Do you align with our conclusion?

* Your feedback could influence our rating, and rest assured, your email will remain confidential and will only be used to communicate with you if necessary.
Your Score for

Gridinsoft Anti-Malware

Cure your PC from any kind of malware

GridinSoft Anti-Malware will help you to protect your computer from spyware, trojans, backdoors, rootkits. It cleans your system from annoying advertisement modules and other malicious stuff developed by hackers.

Anti-Malware Download Now
Gridinsoft Anti-Malware