The b012035f4bec9de8a07dfb79756244a1a05a7f5d0a09b464c5f3798ec1a525d1.exe File Analysis

Updated 2 months ago

Checked by Malaware Check

b012035f4bec9de8a07dfb79756244a1a05a7f5d0a09b464c5f3798ec1a525d1.exe

Technical Analysis

File Name	b012035f4bec9de8a07dfb79756244a1a05a7f5d0a09b464c5f3798ec1a525d1.exe
File Type	Win32 EXE
Magic Bytes	`PE32+ executable (console) x86-64, for MS Windows`
SSDEEP Hash	196608:cxW7V0sT/6rDD67wr7ILSzZmgy+5ZeA79uSUU0djBF:YWV0sj6rvewr7ILSz4wek9uSUUEb
Scanner Version	1.0.211.174
Database Version	2025-03-25 05:01:09 UTC

⚠

Suspicious File Detected

Detected by 34 security engines - requires caution

This file requires additional checking for potential threats. Based on suspicious indicators, we will soon add it to our virus database.

47%

Detection Rate

6,759,936

File Size (bytes)

34/73

Engines Detected

2025-03-25

Analysis Date

Scan Another File

File Identification

Hash Type	Value	Action
MD5	615b9afd526aabaa3cf99b42cf7c4b84
SHA1	59b0457093c0799bed5f128544b4a123a0354b4a
SHA256	b012035f4bec9de8a07dfb79756244a1a05a7f5d0a09b464c5f3798ec1a525d1
SHA512	cf4688f35e3a5f711002b1d82d26be5d6d8c92f98d929ed4464dedc88efe222861a5209787a1cb5cbb7428046d2a0aeafa60f5cb335acf6e954feee1ab15ecdc
ImpHash	8e3dad4d4ea6736338bcc4aca7b446c9

Security Engines with Detections (34 of 73)

Lionic

Trojan.Win32.Generic.4!c Malicious

Elastic

malicious (high confidence) Malicious

MicroWorld-eScan

Gen:Variant.Adware.Tedy.6085 Malicious

CTX

exe.trojan.wacapew Malicious

Skyhigh

BehavesLike.Win64.Backdoor.vc Malicious

McAfee

Artemis!615B9AFD526A Malicious

Cylance

Unsafe Malicious

VIPRE

Gen:Variant.Adware.Tedy.6085 Malicious

CrowdStrike

win/malicious_confidence_70% (W) Malicious

Symantec

ML.Attribute.HighConfidence Malicious

APEX

Malicious Malicious

TrendMicro-HouseCall

TROJ_GEN.R002H09BR25 Malicious

Paloalto

generic.ml Malicious

GData

Gen:Variant.Adware.Tedy.6085 Malicious

BitDefender

Gen:Variant.Adware.Tedy.6085 Malicious

Avast

Win64:MalwareX-gen [Trj] Malicious

Emsisoft

Gen:Variant.Adware.Tedy.6085 (B) Malicious

Google

Detected Malicious

Zillya

Exploit.BypassUAC.Win32.3746 Malicious

McAfeeD

ti!B012035F4BEC Malicious

FireEye

Gen:Variant.Adware.Tedy.6085 Malicious

Antiy-AVL

GrayWare/Win32.Wacapew Malicious

Arcabit

Trojan.Adware.Tedy.D17C5 Malicious

Cynet

Malicious (score: 100) Malicious

AhnLab-V3

Malware/Win.Mikey.R697016 Malicious

ALYac

Gen:Variant.Adware.Tedy.6085 Malicious

Malwarebytes

Malware.AI.1530438942 Malicious

Ikarus

Dump.Generic.Python Malicious

Panda

Trj/Chgt.AD Malicious

Tencent

Malware.Win32.Gencirc.11d42a00 Malicious

SentinelOne

Static AI - Suspicious PE Malicious

MaxSecure

Trojan.Malware.325188728.susgen Malicious

AVG

Win64:MalwareX-gen [Trj] Malicious

DeepInstinct

MALICIOUS Malicious

39 engines reported no threats - Only engines with detections are shown above for clarity

PE Analysis

Basic Information

▼

Icon	Hash: 7aa9b49ec5cc34df6a2cfd6a86ecbb5a Fuzzy: c25aba9bd1d0ca2c8b2ac81f08904f12 dHash: f0cce8d4d4ccccf0
Image Base	`0x140000000`
Entry Point	`0x14000c79c`
Compilation Time	2025-02-15 12:53:33
Checksum	0x00000000 (Actual: 0x0067584b)
OS Version	6.0
PEiD Signatures	`PE32+ executable (console) x86-64, for MS Windows`
Digital Signature	No valid SignedData structure was found.
Imports	2 libraries SHELL32, KERNEL32
Exports	0 functions
Resources	4 Resources
Sections	6 Sections

PE Sections

▼

Name	Virtual Address	Virtual Size	Raw Size	Entropy	Characteristics	MD5
`.text`	`0x00001000`	130,704 bytes	131,072 bytes	6.50 (Compressed)	`IMAGE_SCN_CNT_CODE\|IMAGE_SCN_MEM_EXECUTE\|IMAGE_SCN_MEM_READ`	`2F297F20F21976C97018F65D889EB19D`
`.rdata`	`0x00021000`	51,456 bytes	51,712 bytes	5.14 (Normal)	`IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ`	`FE6B739DA733B5130131CBFB37AB7E20`
`.data`	`0x0002e000`	159,360 bytes	3,072 bytes	1.96 (Normal)	`IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ\|IMAGE_SCN_MEM_WRITE`	`13836853AF6571D6BCFDAA7382B29597`
`.pdata`	`0x00055000`	6,108 bytes	6,144 bytes	5.31 (Normal)	`IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ`	`488B083F77E4E8E590842CD163E92573`
`.rsrc`	`0x00057000`	6,564,772 bytes	6,564,864 bytes	8.00 (Packed/Encrypted)	`IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ`	`ACD1107BFA488D705B90F8397D7A72ED`
`.reloc`	`0x0069a000`	1,672 bytes	2,048 bytes	4.93 (Normal)	`IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_DISCARDABLE\|IMAGE_SCN_MEM_READ`	`C59E515213C4154A005629EE6D33E0A1`

Entropy Analysis Alert

1 section(s) with high entropy (≥7.5) detected - possible packing/encryption

1 section(s) with elevated entropy (≥6.5) - possible compression

Resource Analysis

▼

Total Resources: 4 (6,564,467 bytes)

Resource Type	Count	Total Size	Percentage
RT_ICON	1	6,052 bytes	0.1%
RT_RCDATA	1	6,557,368 bytes	99.9%
RT_GROUP_ICON	1	20 bytes	0%
RT_MANIFEST	1	1,027 bytes	0%

Certificate Chain Analysis

▼

No Digital Signatures

This file is not digitally signed.

Security Implications:

Cannot verify the publisher's identity
Increased security risk when running this file
May trigger security warnings on some systems

⚠ This file either lacks a digital signature or the certificate chain could not be verified
Exercise caution when executing unsigned files from unknown sources

Certificate Verification Status

No valid SignedData structure was found.

Recommendation: Verify the file source and ensure it comes from a trusted publisher.

Remember: This is Result of Online Virus Scanner

Gridinsoft Anti-Malware has a much more powerful virus scanning engine. We recommend using it for a more precise diagnosis of infected systems. This brief guide will help you install our flagship product for more accurate diagnostics:

Download Anti-Malware

Keep Your System Protected

This file appears clean, but regular security maintenance is important

Regular Scans: Run weekly system scans to detect new threats before they can cause damage.
Keep Software Updated: Ensure your operating system and all applications have the latest security patches.
Safe Browsing: Avoid suspicious websites and never download software from untrusted sources.
Email Security: Be cautious with email attachments and links, even from known contacts.

Proactive Protection

34 antivirus engines detected potential threats. This could be a false positive, especially for system tools or packed software. Verify the file source and check if it's digitally signed by a trusted publisher.

Share your thoughts or insights about this file. Do you align with our conclusion?

* Your feedback could influence our rating, and rest assured, your email will remain confidential and will only be used to communicate with you if necessary.

Your Score for

5 4 3 2 1

The b012035f4bec9de8a07dfb79756244a1a05a7f5d0a09b464c5f3798ec1a525d1.exe File Analysis

Technical Analysis

Suspicious File Detected

Scan Another File

File Identification

Security Engines with Detections (34 of 73)

PE Analysis

Basic Information

PE Sections

Entropy Analysis Alert

Resource Analysis

Certificate Chain Analysis

No Digital Signatures

Security Implications:

Certificate Verification Status

Remember: This is Result of Online Virus Scanner

Keep Your System Protected

Leave a Comment

Gridinsoft Anti-Malware