Gridinsoft Logo
File Icon

Launcher for GoodbyeDPI.exe Trojan Agent Analysis

Updated 29 days ago
Checked by Malaware Check
Launcher for GoodbyeDPI.exe

Technical Analysis

File Name Launcher for GoodbyeDPI.exe
File Type
PE32 executable (GUI) Intel 80386, for MS Windows
Scanner Version 1.0.216.174
Database Version 2025-05-07 16:00:18 UTC

Trojan.Win32.Agent.dd!c

Malware family: Agent

Trojan Agent malware disguises itself as legitimate software while performing unauthorized activities including data theft and providing remote system access to threat actors.
N/A
Detection Rate
1,845,984
File Size (bytes)
2025-05-07
Analysis Date

Scan Another File

File Identification

Hash Type Value Action
MD5
76f567e6f5247815c1b665119c5aa1fe
SHA1
e451e93b6583295b4e21edbb31a496256acb703c
SHA256
b803abad582a0ab2540b195fefb9595f012dc9d522219f6a15595def96e8d657
SHA512
375560dc8ad1cb1b634acd775ddf984e2c41e18af4e2a439f9d5b06dbb27313f63e9bc408a6a65650aae427ac6512a0f9a1eb18670bd484ae76b2efd78ec0af0
ImpHash
e56fef9381dbf85a51f89adcd610ea14

PE Analysis

Basic Information

Icon
Hash: 2167708234cebe062c761f2795092529
Fuzzy: 5aa3749d3c596458fda7cae7ff04539b
dHash: f0c886b3339e6c70
Image Base 0x00400000
Entry Point 0x00408390
Compilation Time 2024-11-06 22:22:34
Checksum 0x001d0dca (Actual: 0x001cf097)
OS Version 4.0
PEiD Signatures PE32 executable (GUI) Intel 80386, for MS Windows
Digital Signature Chain verification from CN=TOPERSOFT (serial:1146421791, sha1:fc08d87e9c882e4867dfcd6fe51edb6878ddbb2e) failed: Unable to build a validation path for the certificate "Common Name: TOPERSOFT" - no issuer matching "Common Name: VeriSign Class 3 Code Signing 2009-2 CA" was found
Imports 1 libraries
MSVBVM60
Exports 0 functions
Resources 7 Resources
Sections 3 Sections

Version Information

Translation 0x0409 0x04b0
Comments This Program is Free!
CompanyName Topersoft.com
FileDescription Launcher for GoodbyeDPI
LegalCopyright Program by TOPER © 2017-2024
LegalTrademarks TOPERSOFT © 2017-2024
ProductName Launcher for GoodbyeDPI
FileVersion 9.02
ProductVersion 9.02
InternalName Launcher for GoodbyeDPI
OriginalFilename Launcher for GoodbyeDPI.exe

PE Sections

Name Virtual Address Virtual Size Raw Size Entropy Characteristics MD5
.text 0x00001000 1,802,796 bytes 1,806,336 bytes 6.59 (Compressed) IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ 7DAB2301AEA1C0A7112C3BE3886B0D89
.data 0x001ba000 24,880 bytes 4,096 bytes 0.00 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 620F0B67A91F7F74151BC5BE745B7110
.rsrc 0x001c1000 22,420 bytes 24,576 bytes 5.80 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ E6C55A7037923C60AAC9C0FCC51DA4F4
Entropy Analysis Alert

1 section(s) with elevated entropy (≥6.5) - possible compression

Resource Analysis

Total Resources: 7 (21,967 bytes)
Resource Type Count Total Size Percentage
RT_ICON 4 20,017 bytes
91.1%
RT_GROUP_ICON 1 62 bytes
0.3%
RT_VERSION 1 964 bytes
4.4%
RT_MANIFEST 1 924 bytes
4.2%

Certificate Chain Analysis

No Digital Signatures

This file is not digitally signed.

Security Implications:
  • Cannot verify the publisher's identity
  • Increased security risk when running this file
  • May trigger security warnings on some systems

⚠ This file either lacks a digital signature or the certificate chain could not be verified
Exercise caution when executing unsigned files from unknown sources

Certificate Verification Status

Chain verification from CN=TOPERSOFT (serial:1146421791, sha1:fc08d87e9c882e4867dfcd6fe51edb6878ddbb2e) failed: Unable to build a validation path for the certificate "Common Name: TOPERSOFT" - no issuer matching "Common Name: VeriSign Class 3 Code Signing 2009-2 CA" was found

Recommendation: Verify the file source and ensure it comes from a trusted publisher.

Trojan.Win32.Agent.dd!c Removal

Gridinsoft has the capability to identify and eliminate Trojan.Win32.Agent.dd!c without requiring further user intervention.

Download Anti-Malware

Removal Instructions

Follow these steps to completely remove the threat from your system

  1. Start by downloading Gridinsoft Anti-Malware to your computer.
  2. Double-click on the gsam-en-install.exe file and follow the on-screen instructions to install the program.
  3. Once the installation of Gridinsoft Anti-Malware is complete, the program will open on the Scan screen.
  4. Click on the "Standard Scan" button to begin scanning your computer for threats.
  5. After the scanning process is finished, click on "Clean Now" to remove any detected threats.
  6. If prompted, restart your system to complete the removal process and ensure all threats are eliminated.
Important: Before You Start
Disconnect from the internet to prevent the malware from spreading or downloading additional threats. Run the scan in Safe Mode for better detection and removal of persistent threats.

Leave a Comment

Share your thoughts or insights about this file. Do you align with our conclusion?

* Your feedback could influence our rating, and rest assured, your email will remain confidential and will only be used to communicate with you if necessary.
Your Score for

Gridinsoft Anti-Malware

Cure your PC from any kind of malware

GridinSoft Anti-Malware will help you to protect your computer from spyware, trojans, backdoors, rootkits. It cleans your system from annoying advertisement modules and other malicious stuff developed by hackers.

Anti-Malware Download Now
Gridinsoft Anti-Malware