The PassengerFlowClient_V3.5.8.L.EN.exe File Analysis

Updated 2 months ago

Checked by Malaware Check

PassengerFlowClient_V3.5.8.L.EN.exe

Technical Analysis

File Name	PassengerFlowClient_V3.5.8.L.EN.exe
File Type	Win32 EXE
Magic Bytes	`PE32 executable (GUI) Intel 80386, for MS Windows`
SSDEEP Hash	786432:ElWmup8M6/FIB3vw0bk3KtyEFI1zJik5:l8M6NMv1Hte1zJi
Scanner Version	1.0.211.174
Database Version	2025-03-20 19:00:35 UTC

⚠

Suspicious File Detected

Detected by 11 security engines - requires caution

This file requires additional checking for potential threats. Based on suspicious indicators, we will soon add it to our virus database.

15%

Detection Rate

34,388,992

File Size (bytes)

11/73

Engines Detected

2025-03-20

Analysis Date

Scan Another File

File Identification

Hash Type	Value	Action
MD5	5e27d450b7d4b4494bfb4f61364d1a9b
SHA1	945ffeae01473f07ae7f4f7d0109f054fbc6d725
SHA256	b36b391c4e0ff33cf3350cedbc051c721f70da5951b5048585ddbe7758f6007b
SHA512	4d8fcb8ea3d820460126d91b89b6958cdd6e006595275ce70aa13dc4a1ad6dc8cfd4830caf7aec4b252506a16a903c5ef3775b727b0e13c429034f5c1937e4dc
ImpHash	2f727a975c44a2925ace416e4a5ad2d8

Security Engines with Detections (11 of 73)

Sangfor

Trojan.Win32.Save.a Malicious

Symantec

ML.Attribute.HighConfidence Malicious

Cynet

Malicious (score: 100) Malicious

APEX

Malicious Malicious

ClamAV

Win.Trojan.Trojanx-10003922-0 Malicious

McAfeeD

ti!B36B391C4E0F Malicious

Trapmine

malicious.moderate.ml.score Malicious

Ikarus

PUA.EnigmaProtector Malicious

FireEye

Generic.mg.5e27d450b7d4b449 Malicious

Google

Detected Malicious

Cylance

Unsafe Malicious

62 engines reported no threats - Only engines with detections are shown above for clarity

PE Analysis

Basic Information

▼

Image Base	`0x00400000`
Entry Point	`0x004ec50a`
Compilation Time	2024-06-11 10:34:43
Checksum	0x00000000 (Actual: 0x020cdc23)
OS Version	6.0
PEiD Signatures	`PE32 executable (GUI) Intel 80386, for MS Windows`
Digital Signature	No valid SignedData structure was found.
Imports	8 libraries kernel32, user32, advapi32, oleaut32, ole32, ntdll, SHFolder, shlwapi
Exports	0 functions
Resources	1 Resources
Sections	7 Sections

PE Sections

▼

Name	Virtual Address	Virtual Size	Raw Size	Entropy	Characteristics	MD5
`.text`	`0x00001000`	1,060,176 bytes	1,060,352 bytes	6.17 (Normal)	`IMAGE_SCN_CNT_CODE\|IMAGE_SCN_MEM_EXECUTE\|IMAGE_SCN_MEM_READ`	`C3DA5C6989A1EB09390B135C7956F4F2`
`.rdata`	`0x00104000`	13,149,780 bytes	13,150,208 bytes	7.98 (Packed/Encrypted)	`IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ`	`E5D675E9A21A9526399D0BBB3DBF19D6`
`.data`	`0x00d8f000`	1,119,128 bytes	5,120 bytes	4.78 (Normal)	`IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ\|IMAGE_SCN_MEM_WRITE`	`4AD4C278F922BAE56B6AA923A0632747`
`.rsrc`	`0x00ea1000`	736 bytes	1,024 bytes	4.26 (Normal)	`IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ`	`6BFAA4AFEB5F3C9CCD049411E1B3FAB5`
`.reloc`	`0x00ea2000`	141,700 bytes	141,824 bytes	6.78 (Compressed)	`IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_DISCARDABLE\|IMAGE_SCN_MEM_READ`	`A546A20C51BB84F468C917548DCEAE0D`
`.enigma1`	`0x00ec5000`	4,096 bytes	19,722,240 bytes	7.95 (Packed/Encrypted)	`IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_EXECUTE\|IMAGE_SCN_MEM_READ\|IMAGE_SCN_MEM_WRITE`	`7D41CB64A62160F9102BAB6A1DE7CBCE`
`.enigma2`	`0x00ec6000`	307,200 bytes	307,200 bytes	5.99 (Normal)	`IMAGE_SCN_CNT_CODE\|IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_CNT_UNINITIALIZED_DATA\|IMAGE_SCN_MEM_EXECUTE\|IMAGE_SCN_MEM_READ\|IMAGE_SCN_MEM_WRITE`	`6FDC5BF7949F788129D54411E2288F18`

Entropy Analysis Alert

2 section(s) with high entropy (≥7.5) detected - possible packing/encryption

1 section(s) with elevated entropy (≥6.5) - possible compression

Resource Analysis

▼

Total Resources: 1 (638 bytes)

Resource Type	Count	Total Size	Percentage
RT_MANIFEST	1	638 bytes	100%

Certificate Chain Analysis

▼

No Digital Signatures

This file is not digitally signed.

Security Implications:

Cannot verify the publisher's identity
Increased security risk when running this file
May trigger security warnings on some systems

⚠ This file either lacks a digital signature or the certificate chain could not be verified
Exercise caution when executing unsigned files from unknown sources

Certificate Verification Status

No valid SignedData structure was found.

Recommendation: Verify the file source and ensure it comes from a trusted publisher.

Remember: This is Result of Online Virus Scanner

Gridinsoft Anti-Malware has a much more powerful virus scanning engine. We recommend using it for a more precise diagnosis of infected systems. This brief guide will help you install our flagship product for more accurate diagnostics:

Download Anti-Malware

Keep Your System Protected

This file appears clean, but regular security maintenance is important

Regular Scans: Run weekly system scans to detect new threats before they can cause damage.
Keep Software Updated: Ensure your operating system and all applications have the latest security patches.
Safe Browsing: Avoid suspicious websites and never download software from untrusted sources.
Email Security: Be cautious with email attachments and links, even from known contacts.

Proactive Protection

11 antivirus engines detected potential threats. This could be a false positive, especially for system tools or packed software. Verify the file source and check if it's digitally signed by a trusted publisher.

Share your thoughts or insights about this file. Do you align with our conclusion?

* Your feedback could influence our rating, and rest assured, your email will remain confidential and will only be used to communicate with you if necessary.

Your Score for

5 4 3 2 1