The Setup - Bloxshade.exe (Bloxshade Installer (developed by Extravi, https://extravi.dev/)) File Analysis

Updated 3 months ago

Checked by Malware Check

Setup - Bloxshade.exe

Technical Analysis

File Name	Setup - Bloxshade.exe
File Type	Win32 EXE
Magic Bytes	`PE32+ executable (GUI) x86-64, for MS Windows`
SSDEEP Hash	49152:aA7lOXO/2Y7Cqsg6pywBWU0l+QNPsJCHJVXl90l/4XYUwHqnz6RbRy9E0ZCZ0C8t:ac1CMNLcl/4opqysj4xWgcnhyt2QuU8
Scanner Version	1.0.218.174
Database Version	2025-06-21 15:00:28 UTC

⚠

Suspicious File Detected

Detected by 3 security engines - requires caution

This file requires additional checking for potential threats. Based on suspicious indicators, we will soon add it to our virus database.

Detection Rate

9,541,632

File Size (bytes)

3/72

Engines Detected

2025-06-21

Analysis Date

Scan Another File

File Identification

Hash Type	Value	Action
MD5	6f5a4f86d63235a144947da223282aaf
SHA1	367ee57d193a8afa3d8cc27f4530a25a6330aa15
SHA256	c3acffc029475eb58a3004a6574ace59c334ae245b91da1eaec92b50d9a1ee0f
SHA512	054d2c46adf18436f29b525828c7085feb94149a5019604c3714ae1b8dd4bd0da7609ae6a4a1d949060215cc46c2348562cab8d09e9cea84e02d720c8433ece1
ImpHash	64174e5a1aa87766701e62b97e18bb7c

Security Engines with Detections (3 of 72)

APEX

Malicious Malicious

Trapmine

malicious.moderate.ml.score Malicious

Microsoft

Trojan:Win32/Wacatac.B!ml Malicious

69 engines reported no threats - Only engines with detections are shown above for clarity

PE Analysis

Basic Information

▼

Icon	Hash: c617e89273ae7a1c10ade6b0c46382b5 Fuzzy: 57cfc064fa15c32b45a5a49048dae861 dHash: d4f8d4dcc0c0c8d9
Image Base	`0x140000000`
Entry Point	`0x140049c60`
Compilation Time	2025-06-18 22:55:58
Checksum	0x00000000 (Actual: 0x0091d5fd)
OS Version	6.0
PEiD Signatures	`PE32+ executable (GUI) x86-64, for MS Windows`
PDB Path	`C:\Users\hecker\Desktop\Bloxshade-main\bloxshade\build\start.pdb`
Digital Signature	No valid SignedData structure was found.
Imports	4 libraries KERNEL32, USER32, ADVAPI32, SHELL32
Exports	0 functions
Resources	14 Resources
Sections	7 Sections

Version Information

▼

Comments	Website: https://extravi.dev/
CompanyName	Website: https://extravi.dev/
FileDescription	Bloxshade Installer (developed by Extravi, https://extravi.dev/)
FileVersion	2.8.17.0
InternalName	Bloxshade
LegalCopyright	Copyright © 2025 Extravi
OriginalFilename	Setup - Bloxshade.exe
ProductName	Bloxshade
ProductVersion	2.8.17.0
Translation	0x0409 0x04b0

PE Sections

▼

Name	Virtual Address	Virtual Size	Raw Size	Entropy	Characteristics	MD5
`.text`	`0x00001000`	722,038 bytes	722,432 bytes	5.71 (Normal)	`IMAGE_SCN_CNT_CODE\|IMAGE_SCN_MEM_EXECUTE\|IMAGE_SCN_MEM_READ`	`2707A8BA1291DF587BE256455EE8589D`
`.rdata`	`0x000b2000`	162,250 bytes	162,304 bytes	4.53 (Normal)	`IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ`	`C2CD0E3919E8441B7454DF41B9E0F94C`
`.data`	`0x000da000`	16,580 bytes	8,192 bytes	3.60 (Normal)	`IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ\|IMAGE_SCN_MEM_WRITE`	`135355D913C9ECC26F2357BA2AF3BC39`
`.pdata`	`0x000df000`	33,984 bytes	34,304 bytes	5.75 (Normal)	`IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ`	`B02BDC3B0EBBA292177C724E613403A9`
`.fptable`	`0x000e8000`	256 bytes	512 bytes	0.00 (Normal)	`IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ\|IMAGE_SCN_MEM_WRITE`	`BF619EAC0CDF3F68D496EA9344137E8B`
`.rsrc`	`0x000e9000`	8,608,616 bytes	8,608,768 bytes	6.51 (Compressed)	`IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ`	`DCE05940CA4EDF9301CC4AE86D3CC9A5`
`.reloc`	`0x0091f000`	3,660 bytes	4,096 bytes	5.21 (Normal)	`IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_DISCARDABLE\|IMAGE_SCN_MEM_READ`	`740671E46659AB53F43285AB612784AB`

Entropy Analysis Alert

1 section(s) with elevated entropy (≥6.5) - possible compression

Resource Analysis

▼

Total Resources: 14 (8,607,777 bytes)

Resource Type	Count	Total Size	Percentage
BINARY	2	8,402,432 bytes	97.6%
RT_ICON	9	203,869 bytes	2.4%
RT_GROUP_ICON	1	132 bytes	0%
RT_VERSION	1	952 bytes	0%
RT_MANIFEST	1	392 bytes	0%

Certificate Chain Analysis

▼

Certificate Information

Product	Bloxshade
Description	Bloxshade Installer (developed by Extravi, https://extravi.dev/)
File Version	2.8.17.0
Original Name	Setup - Bloxshade.exe
Internal Name	Bloxshade
Copyright	Copyright © 2025 Extravi

✓ This file has been digitally signed and the certificate chain has been verified

The signature ensures file integrity and authenticity from the publisher
Timestamping proves when the signature was applied

Certificate Verification Status

No valid SignedData structure was found.

Recommendation: Verify the file source and ensure it comes from a trusted publisher.

Remember: This is Result of Online Virus Scanner

Gridinsoft Anti-Malware has a much more powerful virus scanning engine. We recommend using it for a more precise diagnosis of infected systems. This brief guide will help you install our flagship product for more accurate diagnostics:

Download Anti-Malware

Keep Your System Protected

This file appears clean, but regular security maintenance is important

Regular Scans: Run weekly system scans to detect new threats before they can cause damage.
Keep Software Updated: Ensure your operating system and all applications have the latest security patches.
Safe Browsing: Avoid suspicious websites and never download software from untrusted sources.
Email Security: Be cautious with email attachments and links, even from known contacts.

Proactive Protection

3 antivirus engines detected potential threats. This could be a false positive, especially for system tools or packed software. Verify the file source and check if it's digitally signed by a trusted publisher.

Share your thoughts or insights about this file. Do you align with our conclusion?

* Your feedback could influence our rating, and rest assured, your email will remain confidential and will only be used to communicate with you if necessary.

Your Score for

5 4 3 2 1