Gridinsoft Logo
File Icon

SecHex-GUI.exe Adware Agent Analysis

Updated 14 days ago
Checked by Malaware Check
SecHex-GUI.exe

Technical Analysis

File Name SecHex-GUI.exe
File Type
PE32+ executable (GUI) x86-64, for MS Windows
Scanner Version 1.0.216.174
Database Version 2025-05-22 20:00:31 UTC

Adware.Win64.Agent.ca

Malware family: Agent

Trojan Agent malware disguises itself as legitimate software while performing unauthorized activities including data theft and providing remote system access to threat actors.
N/A
Detection Rate
187,392
File Size (bytes)
2025-05-22
Analysis Date

Scan Another File

File Identification

Hash Type Value Action
MD5
c252a43b1d357d08308690545c617031
SHA1
10312402951264e103983c4c08582b785b588794
SHA256
b779b45849a4ab5bd8ff296e6c95638c5be4da18b67f1fd195b31795bc21cdfc
SHA512
c3f359c1bd57276ee9422151e7b32a8232d88b0d2ea220cdd4c1323c39ba7a19540dcd52b393de47274fbbac1b46f4e75d34173fb037ebc755307c80c8cd586f
ImpHash
6dbf27f4c70fe2c8ed3e0122ba75d641

PE Analysis

Basic Information

Icon
Hash: 48b832ee509fd7a569e8f6d68e9df6ff
Fuzzy: 4232b125c4afb4a62df2816704ec0f61
dHash: f0f0ccd4ecacc088
Image Base 0x140000000
Entry Point 0x140013750
Compilation Time 2023-03-24 00:31:58
Checksum 0x00000000 (Actual: 0x00032069)
OS Version 6.0
PEiD Signatures PE32+ executable (GUI) x86-64, for MS Windows
PDB Path D:\a\_work\1\s\artifacts\obj\win-x64.Release\corehost\apphost\standalone\apphost.pdb
Digital Signature No valid SignedData structure was found.
Imports 12 libraries
Exports 0 functions
Resources 4 Resources
Sections 7 Sections

Version Information

Translation 0x0000 0x04b0
CompanyName SecHex
FileDescription SecHex-GUI
FileVersion 1.0.0.0
InternalName SecHex-GUI.dll
LegalCopyright
OriginalFilename SecHex-GUI.dll
ProductName Spoofy
ProductVersion 1.0.0
Assembly Version 1.0.0.0

PE Sections

Name Virtual Address Virtual Size Raw Size Entropy Characteristics MD5
.text 0x00001000 97,516 bytes 97,792 bytes 6.33 (Normal) IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ 1E45F5FEA4E9767B001816CB81D8C172
.rdata 0x00019000 37,578 bytes 37,888 bytes 4.52 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 5F2C96CDDB1847E14A2048D95F66B1D1
.data 0x00023000 5,368 bytes 2,560 bytes 2.47 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE E6BBB6466911951901B1B60C752D453D
.pdata 0x00025000 5,160 bytes 5,632 bytes 4.82 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ DF28E302A63772846FC062E836A155B8
_RDATA 0x00027000 244 bytes 512 bytes 2.47 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 0C2832FB1DEEAC948CA9EF0B008B1E29
.rsrc 0x00028000 40,800 bytes 40,960 bytes 7.90 (Packed/Encrypted) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 6044B44F4AABDFAB2567EF1BF9CA44D1
.reloc 0x00032000 792 bytes 1,024 bytes 4.69 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ 0C507064CC9A2B6BA8F40830713E13FF
Entropy Analysis Alert

1 section(s) with high entropy (≥7.5) detected - possible packing/encryption

Resource Analysis

Total Resources: 4 (40,496 bytes)
Resource Type Count Total Size Percentage
RT_ICON 1 36,164 bytes
89.3%
RT_GROUP_ICON 1 20 bytes
0%
RT_VERSION 1 708 bytes
1.7%
RT_MANIFEST 1 3,604 bytes
8.9%

Certificate Chain Analysis

No Digital Signatures

This file is not digitally signed.

Security Implications:
  • Cannot verify the publisher's identity
  • Increased security risk when running this file
  • May trigger security warnings on some systems

⚠ This file either lacks a digital signature or the certificate chain could not be verified
Exercise caution when executing unsigned files from unknown sources

Certificate Verification Status

No valid SignedData structure was found.

Recommendation: Verify the file source and ensure it comes from a trusted publisher.

Adware.Win64.Agent.ca Removal

Gridinsoft has the capability to identify and eliminate Adware.Win64.Agent.ca without requiring further user intervention.

Download Anti-Malware

Removal Instructions

Follow these steps to completely remove the threat from your system

  1. Start by downloading Gridinsoft Anti-Malware to your computer.
  2. Double-click on the gsam-en-install.exe file and follow the on-screen instructions to install the program.
  3. Once the installation of Gridinsoft Anti-Malware is complete, the program will open on the Scan screen.
  4. Click on the "Standard Scan" button to begin scanning your computer for threats.
  5. After the scanning process is finished, click on "Clean Now" to remove any detected threats.
  6. If prompted, restart your system to complete the removal process and ensure all threats are eliminated.
Important: Before You Start
Disconnect from the internet to prevent the malware from spreading or downloading additional threats. Run the scan in Safe Mode for better detection and removal of persistent threats.

Leave a Comment

Share your thoughts or insights about this file. Do you align with our conclusion?

* Your feedback could influence our rating, and rest assured, your email will remain confidential and will only be used to communicate with you if necessary.
Your Score for

Gridinsoft Anti-Malware

Cure your PC from any kind of malware

GridinSoft Anti-Malware will help you to protect your computer from spyware, trojans, backdoors, rootkits. It cleans your system from annoying advertisement modules and other malicious stuff developed by hackers.

Anti-Malware Download Now
Gridinsoft Anti-Malware