Gridinsoft Logo
File Icon

The Bootstrapper.exe File Analysis

Updated 3 months ago
Checked by Malware Check
Bootstrapper.exe

Technical Analysis

File Name Bootstrapper.exe
File Type
Win32 EXE
Magic Bytes PE32 executable (GUI) Intel 80386, for MS Windows
SSDEEP Hash
49152:1m1X52BjOXZ4p5zgd+pQvgyFnApPdYFXN8PfEotw5:1m1XU8Cp5fQv+BeXyPcN
Scanner Version 1.0.226.174
Database Version 2025-09-28 01:00:20 UTC

Suspicious File Detected

Detected by 18 security engines - requires caution

This file requires additional checking for potential threats. Based on suspicious indicators, we will soon add it to our virus database.
25%
Detection Rate
1,596,633
File Size (bytes)
18/71
Engines Detected
2025-09-28
Analysis Date

Scan Another File

File Identification

Hash Type Value Action
MD5
86c17c0b050880a147fe33c4f100bb45
SHA1
f24f35dfdd1f290d9f10db996245c6b7272209d0
SHA256
bf13d513f733ae4c5f464518f17fb20985b16dbc3b192e8e5d211155c70dd787
SHA512
4621f9f609ca9fe111dbee182f3abcb8d23699b4e3203c51dd7c29eff0230385c798762d0bf0d1a343e498dd56b2c46623b3ad2dd3c34262fba55fe357080809
ImpHash
32f3282581436269b3a75b6675fe3e08

Security Engines with Detections (18 of 71)

Bkav
W32.AIDetectMalware Malicious
Elastic
malicious (high confidence) Malicious
CrowdStrike
win/grayware_confidence_60% (D) Malicious
huorong
Trojan/Runner.dx Malicious
Symantec
Scr.NSISHeur!gen2 Malicious
ESET-NOD32
a variant of NSIS/Runner.RZ Malicious
Rising
Trojan.Runner/NSIS!1.13037 (CLASSIC) Malicious
DrWeb
Trojan.Badcab.1 Malicious
McAfeeD
ti!BF13D513F733 Malicious
Trapmine
malicious.high.ml.score Malicious
Sophos
Troj/DarkGate-A Malicious
Ikarus
Trojan.NSIS.Runner Malicious
Google
Detected Malicious
ZoneAlarm
Troj/DarkGate-A Malicious
Microsoft
Trojan:Win32/Wacatac.B!ml Malicious
AhnLab-V3
Infostealer/Win.LummaC2.R715374 Malicious
VBA32
Malware-Cryptor.NSISex.Heur Malicious
Fortinet
NSIS/Backdoor.RW!tr Malicious
53 engines reported no threats - Only engines with detections are shown above for clarity

PE Analysis

Basic Information

Icon
Hash: 637f10ea873a509121585ef995caaa36
Fuzzy: b0149d83869854252588766c4bee4baf
dHash: 4130b2f02bd03353
Image Base 0x00400000
Entry Point 0x004039e3
Compilation Time 2014-12-11 17:51:52
Checksum 0x00000000 (Actual: 0x0018b0e6)
OS Version 5.0
PEiD Signatures PE32 executable (GUI) Intel 80386, for MS Windows
Digital Signature The expected hash does not match the digest in SpcInfo
Imports 8 libraries
KERNEL32, USER32, GDI32, SHELL32, ADVAPI32, COMCTL32, ole32, VERSION
Exports 0 functions
Resources 7 Resources
Sections 6 Sections

PE Sections

Name Virtual Address Virtual Size Raw Size Entropy Characteristics MD5
.text 0x00001000 28,432 bytes 28,672 bytes 6.50 (Compressed) IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ F569E353AF0ED51BF4C216FAA9BED4E7
.rdata 0x00008000 10,898 bytes 11,264 bytes 4.39 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 91EEE43954E068E650F7B73A8B0E6915
.data 0x0000b000 425,660 bytes 512 bytes 1.47 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE DB9F7ACBF1C3DDFE255077B699955DFA
.ndata 0x00073000 692,224 bytes 0 bytes 0.00 (Normal) IMAGE_SCN_CNT_UNINITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE D41D8CD98F00B204E9800998ECF8427E
.rsrc 0x0011c000 17,584 bytes 17,920 bytes 5.71 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ D61D1F22C6C9395F37801541E45260AA
.reloc 0x00121000 3,978 bytes 4,096 bytes 5.23 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ C4E4CFCD64C3781E73510AA1F4710934
Entropy Analysis Alert

1 section(s) with elevated entropy (≥6.5) - possible compression

Resource Analysis

Total Resources: 7 (17,120 bytes)
Resource Type Count Total Size Percentage
RT_ICON 2 15,724 bytes
91.8%
RT_DIALOG 3 636 bytes
3.7%
RT_GROUP_ICON 1 34 bytes
0.2%
RT_MANIFEST 1 726 bytes
4.2%

Certificate Chain Analysis

Certificate Information
Signing Date 09:14 AM 07/11/2025 (182 days ago)
Verification Status The digital signature of the object did not verify.
Signers AnyDesk Software GmbH; DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1; DigiCert Trusted Root G4; DigiCert
Counter Signers DigiCert SHA256 RSA4096 Timestamp Responder 2025 1; DigiCert Trusted G4 TimeStamping RSA4096 SHA256 2025 CA1; DigiCert Trusted Root G4; DigiCert
Certificate Chain Summary
DigiCert Trusted Root G4 #1 Primary
Validity Period: 2022-08-01 00:00:00 → 2031-11-09 23:59:59
Signature Algorithm: sha384RSA
Serial Number: 0E 9B 18 8E F9 D0 2D E7 EF DB 50 E2 08 40 18 5A
DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1 #2 Chain
Validity Period: 2021-04-29 00:00:00 → 2036-04-28 23:59:59
Signature Algorithm: sha384RSA
Serial Number: 08 AD 40 B2 60 D2 9C 4C 9F 5E CD A9 BD 93 AE D9
DigiCert Trusted G4 TimeStamping RSA4096 SHA256 2025 CA1 #3 Chain
Validity Period: 2025-05-07 00:00:00 → 2038-01-14 23:59:59
Signature Algorithm: sha256RSA
Serial Number: 0D C7 AC 57 05 FF 21 99 2E 40 43 22 0C 3A 49 86
DigiCert SHA256 RSA4096 Timestamp Responder 2025 1 #4 Chain
Validity Period: 2025-06-04 00:00:00 → 2036-09-03 23:59:59
Signature Algorithm: sha256RSA
Serial Number: 0A 80 EF 18 4B 8D F1 05 82 D1 C4 76 A7 95 74 68
AnyDesk Software GmbH #5 Chain
Validity Period: 2025-01-23 00:00:00 → 2026-02-12 23:59:59
Signature Algorithm: sha256RSA
Serial Number: 03 00 31 9D 76 27 DE 42 96 59 A0 83 15 D5 79 B5

✓ This file has been digitally signed and the certificate chain has been verified

  • The signature ensures file integrity and authenticity from the publisher
  • Timestamping proves when the signature was applied
Certificate Verification Status

The expected hash does not match the digest in SpcInfo

Recommendation: Verify the file source and ensure it comes from a trusted publisher.

Remember: This is Result of Online Virus Scanner

Gridinsoft Anti-Malware has a much more powerful virus scanning engine. We recommend using it for a more precise diagnosis of infected systems. This brief guide will help you install our flagship product for more accurate diagnostics:

Download Anti-Malware

Keep Your System Protected

This file appears clean, but regular security maintenance is important

  1. Regular Scans: Run weekly system scans to detect new threats before they can cause damage.
  2. Keep Software Updated: Ensure your operating system and all applications have the latest security patches.
  3. Safe Browsing: Avoid suspicious websites and never download software from untrusted sources.
  4. Email Security: Be cautious with email attachments and links, even from known contacts.
Proactive Protection
18 antivirus engines detected potential threats. This could be a false positive, especially for system tools or packed software. Verify the file source and check if it's digitally signed by a trusted publisher.

Leave a Comment

Share your thoughts or insights about this file. Do you align with our conclusion?

Your feedback could influence our rating, and rest assured, your email will remain confidential and will only be used to communicate with you if necessary.

Your Score for
/

Gridinsoft Anti-Malware

Stay Malware-Free: Keep Your PC Protected with Gridinsoft Anti-Malware

Gridinsoft Anti-Malware offers just that—peace of mind with a robust, user-friendly solution that’s constantly updated to combat the latest threats. Designed by cybersecurity experts, it provides real-time protection and effortless malware removal. It’s not just about detecting threats; it's about enhancing your digital life with uninterrupted security. Give it a try and experience what it feels like to browse worry-free!

Gridinsoft Anti-Malware Download Now
Gridinsoft Anti-Malware