The Pepe exe File Malware Analysis
Gridinsoft Logo
File Icon

The Pepe.exe File Analysis

Updated 1 year ago
Checked by Malware Check
Pepe.exe

Technical Analysis

File Name Pepe.exe
File Type
Win32 EXE
Magic Bytes PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
SSDEEP Hash
12288:eNYr2eJ/GChA0++uJyhKjaUy0S0nIsNLjj/3AaxnVdn0BLye55ZQmERfnjF7kqPJ:eNYr2eJ00/q3y0TNz/3A0VdnkLyAzTEr
Scanner Version 1.0.169.174
Database Version 2024-03-14 13:00:32 UTC

Suspicious File Detected

Detected by 13 security engines - requires caution

This file requires additional checking for potential threats. Based on suspicious indicators, we will soon add it to our virus database.
18%
Detection Rate
753,347
File Size (bytes)
13/73
Engines Detected
2024-03-14
Analysis Date

Scan Another File

File Identification

Hash Type Value Action
MD5
fdb6d88e76e8b4638faf344dd4736979
SHA1
947aa7cd0566071d4a5ab6419f9176f42425a9da
SHA256
d5c3ad5f3bc85143930234720cad9cc9ad220c34b4ff058b08ef2ba84e162bd1
SHA512
cc71e875ee67f2360bbe36c5b08fceab98137bed13a33c4df913a235f782867ea703d44cde879811ed17f24ac781a389a710b4dfaa225cb30a9906f055b26d55
ImpHash
56a78d55f3f7af51443e58e0ce2fb5f6

Security Engines with Detections (13 of 73)

Bkav
W32.AIDetectMalware Malicious
DrWeb
Trojan.PWS.Stealer.29619 Malicious
Elastic
malicious (high confidence) Malicious
ESET-NOD32
BAT/Runner.JL Malicious
APEX
Malicious Malicious
Rising
Trojan.Agent/NSIS!1.F79C (CLASSIC) Malicious
FireEye
Generic.mg.fdb6d88e76e8b463 Malicious
Google
Detected Malicious
Microsoft
Trojan:Win32/Wacatac.B!ml Malicious
MaxSecure
Trojan.WIN32.Zenpak.gen_223205 Malicious
DeepInstinct
MALICIOUS Malicious
CrowdStrike
win/malicious_confidence_90% (D) Malicious
alibabacloud
VirTool:Win/SignThief.A(dyn) Malicious
60 engines reported no threats - Only engines with detections are shown above for clarity

PE Analysis

Basic Information

Icon
Hash: d0b70f4257afc2efc0455b5ea57ea6ba
Fuzzy: c417102ff9adb28e7a37142f6d7d719a
dHash: dd18e4a4b6e3439b
Image Base 0x00400000
Entry Point 0x004034f7
Compilation Time 2021-09-25 21:55:49
Checksum 0x00000000 (Actual: 0x000c77a6)
OS Version 4.0
PEiD Signatures PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
Digital Signature The expected hash does not match the digest in SpcInfo
Imports 7 libraries
ADVAPI32, SHELL32, ole32, COMCTL32, USER32, GDI32, KERNEL32
Exports 0 functions
Resources 9 Resources
Sections 5 Sections

PE Sections

Name Virtual Address Virtual Size Raw Size Entropy Characteristics MD5
.text 0x00001000 25,877 bytes 26,112 bytes 6.44 (Normal) IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ 26E66BEA3B62728A217AE7BF343EBC1A
.rdata 0x00008000 5,018 bytes 5,120 bytes 5.15 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 691F0273DAD50EC603F6FEDF850B58EE
.data 0x0000a000 131,896 bytes 1,536 bytes 4.01 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 4B75405561A3FCC45B8FE27A6808F3B5
.ndata 0x0002b000 65,536 bytes 0 bytes 0.00 (Normal) IMAGE_SCN_CNT_UNINITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE D41D8CD98F00B204E9800998ECF8427E
.rsrc 0x0003b000 27,736 bytes 28,160 bytes 6.78 (Compressed) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 0100D51E2E30C4FB71C7E812C6FF8487
Entropy Analysis Alert

1 section(s) with elevated entropy (≥6.5) - possible compression

Resource Analysis

Total Resources: 9 (27,177 bytes)
Resource Type Count Total Size Percentage
RT_ICON 4 25,649 bytes
94.4%
RT_DIALOG 3 636 bytes
2.3%
RT_GROUP_ICON 1 62 bytes
0.2%
RT_MANIFEST 1 830 bytes
3.1%

Certificate Chain Analysis

Certificate Information
Signing Date 11:35 AM 02/23/2024 (558 days ago)
Verification Status The digital signature of the object did not verify.
Signers Gary Kramlich; Sectigo RSA Code Signing CA; USERTrust RSA Certification Authority; Sectigo (AAA)
Counter Signers DigiCert Timestamp 2023; DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA; DigiCert Trusted Root G4; DigiCert
Certificate Chain Summary
Gary Kramlich #1 Primary
Validity Period: 2021-03-22 00:00:00 → 2024-03-21 23:59:59
Signature Algorithm: sha256RSA
Serial Number: F6 AD 45 18 8E 55 66 AA 31 7B E2 3B 4B 8B 2C 2F
AAA Certificate Services #2 Chain
Validity Period: 2004-01-01 00:00:00 → 2028-12-31 23:59:59
Signature Algorithm: sha1RSA
Serial Number: 01
USERTrust RSA Certification Authority #3 Chain
Validity Period: 2019-03-12 00:00:00 → 2028-12-31 23:59:59
Signature Algorithm: sha384RSA
Serial Number: 39 72 44 3A F9 22 B7 51 D7 D3 6C 10 DD 31 35 95
Sectigo RSA Code Signing CA #4 Chain
Validity Period: 2018-11-02 00:00:00 → 2030-12-31 23:59:59
Signature Algorithm: sha384RSA
Serial Number: 1D A2 48 30 6F 9B 26 18 D0 82 E0 96 7D 33 D3 6A
DigiCert Trusted Root G4 #5 Chain
Validity Period: 2022-08-01 00:00:00 → 2031-11-09 23:59:59
Signature Algorithm: sha384RSA
Serial Number: 0E 9B 18 8E F9 D0 2D E7 EF DB 50 E2 08 40 18 5A
DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA #6 Chain
Validity Period: 2022-03-23 00:00:00 → 2037-03-22 23:59:59
Signature Algorithm: sha256RSA
Serial Number: 07 36 37 B7 24 54 7C D8 47 AC FD 28 66 2A 5E 5B
DigiCert Timestamp 2023 #7 Chain
Validity Period: 2023-07-14 00:00:00 → 2034-10-13 23:59:59
Signature Algorithm: sha256RSA
Serial Number: 05 44 AF F3 94 9D 08 39 A6 BF DB 3F 5F E5 61 16

✓ This file has been digitally signed and the certificate chain has been verified

  • The signature ensures file integrity and authenticity from the publisher
  • Timestamping proves when the signature was applied
Certificate Verification Status

The expected hash does not match the digest in SpcInfo

Recommendation: Verify the file source and ensure it comes from a trusted publisher.

Remember: This is Result of Online Virus Scanner

Gridinsoft Anti-Malware has a much more powerful virus scanning engine. We recommend using it for a more precise diagnosis of infected systems. This brief guide will help you install our flagship product for more accurate diagnostics:

Download Anti-Malware

Keep Your System Protected

This file appears clean, but regular security maintenance is important

  1. Regular Scans: Run weekly system scans to detect new threats before they can cause damage.
  2. Keep Software Updated: Ensure your operating system and all applications have the latest security patches.
  3. Safe Browsing: Avoid suspicious websites and never download software from untrusted sources.
  4. Email Security: Be cautious with email attachments and links, even from known contacts.
Proactive Protection
13 antivirus engines detected potential threats. This could be a false positive, especially for system tools or packed software. Verify the file source and check if it's digitally signed by a trusted publisher.

Leave a Comment

Share your thoughts or insights about this file. Do you align with our conclusion?

* Your feedback could influence our rating, and rest assured, your email will remain confidential and will only be used to communicate with you if necessary.
Your Score for

Gridinsoft Anti-Malware

Cure your PC from any kind of malware

GridinSoft Anti-Malware will help you to protect your computer from spyware, trojans, backdoors, rootkits. It cleans your system from annoying advertisement modules and other malicious stuff developed by hackers.

Anti-Malware Download Now
Gridinsoft Anti-Malware
An unexpected error occurred. Please try again later.