Gridinsoft Logo

The route.exe File Analysis

Updated 2 days ago
Checked by Malaware Check
route.exe

Technical Analysis

File Name route.exe
File Type
Win32 EXE
Magic Bytes PE32+ executable (GUI) x86-64, for MS Windows
SSDEEP Hash
49152:XmrUsiw31gDkPwv8P5+MC7xsETe7xOjOT6bpZm7bWO2MRyX0x:WxP3uDkwvEEMCqfLAiWdMR60x
Scanner Version 1.0.218.174
Database Version 2025-06-11 08:00:13 UTC

Suspicious File Detected

Detected by 12 security engines - requires caution

This file requires additional checking for potential threats. Based on suspicious indicators, we will soon add it to our virus database.
17%
Detection Rate
2,387,888
File Size (bytes)
12/72
Engines Detected
2025-06-11
Analysis Date

Scan Another File

File Identification

Hash Type Value Action
MD5
b2d5f620b672bf58a68731a68d62dc82
SHA1
87901a7795fe5a9934be63ba06f4a5732a937295
SHA256
da3bb6e38b3f4d83e69d31783f00c10ce062abd008e81e983a9bd4317a9482aa
SHA512
449ebb8fac67516d02087ac3ef7140f2ff3da86881d3d60f3f4f9cc8dc05f5d1190d268d9b05d8b90ffdc992e635f04476256c5991d97f36bff575e7da91d76d
ImpHash
6af5156e8022f490d3090b127ad68682

Security Engines with Detections (12 of 72)

Bkav
W64.AIDetectMalware Malicious
Elastic
malicious (high confidence) Malicious
Cylance
Unsafe Malicious
CrowdStrike
win/malicious_confidence_70% (W) Malicious
Symantec
ML.Attribute.HighConfidence Malicious
Cynet
Malicious (score: 100) Malicious
APEX
Malicious Malicious
Paloalto
generic.ml Malicious
Kaspersky
UDS:Trojan.Win32.Shellcode Malicious
SentinelOne
Static AI - Malicious PE Malicious
Ikarus
Win32.Outbreak Malicious
Kingsoft
malware.kb.a.711 Malicious
60 engines reported no threats - Only engines with detections are shown above for clarity

PE Analysis

Basic Information

Image Base 0x140000000
Entry Point 0x140011ca8
Compilation Time 2018-12-10 13:01:49
Checksum 0x002560fd (Actual: 0x002560fd)
OS Version 6.0
PEiD Signatures PE32+ executable (GUI) x86-64, for MS Windows
Digital Signature Chain verification from CN=Danielle D Festa, O=Danielle D Festa, ST=New Jersey, C=US (serial:224902284776503027117983805747665564556, sha1:d5056e2702e1f0c0a6c1118e63767480b09687fb) failed: The path could not be validated because the end-entity certificate expired 2022-12-16 23:59:59Z
Imports 3 libraries
ntdll, KERNEL32, SHELL32
Exports 0 functions
Resources 1 Resources
Sections 13 Sections

PE Sections

Name Virtual Address Virtual Size Raw Size Entropy Characteristics MD5
.text 0x00001000 96,428 bytes 96,768 bytes 6.55 (Compressed) IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ 43B3F54176BFF085D4D9EDFC87E07589
.rdata 0x00019000 48,836 bytes 49,152 bytes 4.89 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ B386AB1A534C78F810018B4FAC8B51F0
.data 0x00025000 98,300 bytes 93,184 bytes 0.29 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 15F56C822D4F3970E8065A9D883B93DB
.pdata 0x0003d000 5,268 bytes 5,632 bytes 4.97 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 062CA5F02FF889FFD104ED49BAB77B51
.detourc 0x0003f000 8,640 bytes 8,704 bytes 2.83 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 5A3F2AA6D669351F63A237357B45778C
.detourd 0x00042000 24 bytes 512 bytes 0.12 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE EDDA25907019E5CC74C177F6952E5E4B
_RDATA 0x00043000 148 bytes 512 bytes 1.45 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 995571D7063548F3595FBB2CAA98B6B0
.rsrc 0x00044000 480 bytes 512 bytes 4.71 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 081692CB87B1741FE778B0E8C1C53D8B
.reloc 0x00045000 2,996 bytes 3,072 bytes 5.38 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ 58415197C3E6BF8A61A043A642F73721
.v-lizer 0x00046000 991,232 bytes 347,648 bytes 8.00 (Packed/Encrypted) IMAGE_SCN_CNT_CODE|IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 101166C416B05992B1B997FCB9E6FBC9
.v-lizer 0x00138000 5,492 bytes 5,632 bytes 5.16 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 28F83877B6A8895688FAE4D38F7DE0E6
.xdata 0x0013a000 500,112 bytes 500,112 bytes 6.17 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE EAF4507D67AE995A320A18D01C2C633F
.udata 0x001b5000 1,269,074 bytes 1,269,074 bytes 8.00 (Packed/Encrypted) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE EE4497D11499CD924D48A080FC464E45
Entropy Analysis Alert

2 section(s) with high entropy (≥7.5) detected - possible packing/encryption

1 section(s) with elevated entropy (≥6.5) - possible compression

Resource Analysis

Total Resources: 1 (381 bytes)
Resource Type Count Total Size Percentage
RT_MANIFEST 1 381 bytes
100%

Certificate Chain Analysis

Certificate Information
Verification Status A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
Signers Danielle D Festa; Sectigo Public Code Signing CA R36; Sectigo Public Code Signing Root R46; Sectigo (AAA)
Certificate Chain Summary
Sectigo Public Code Signing Root R46 #1 Primary
Validity Period: 2021-05-25 00:00:00 → 2028-12-31 23:59:59
Signature Algorithm: sha384RSA
Serial Number: 48 FC 93 B4 60 55 94 8D 36 A7 C9 8A 89 D6 94 16
Sectigo Public Code Signing CA R36 #2 Chain
Validity Period: 2021-03-22 00:00:00 → 2036-03-21 23:59:59
Signature Algorithm: sha384RSA
Serial Number: 62 1D 6D 0C 52 01 9E 3B 90 79 15 20 89 21 1C 0A
Danielle D Festa #3 Chain
Validity Period: 2021-12-16 00:00:00 → 2022-12-16 23:59:59
Signature Algorithm: sha384RSA
Serial Number: A9 32 9A BF 47 F3 3E AC 2A 23 44 B9 08 2B F3 8C

✓ This file has been digitally signed and the certificate chain has been verified

  • The signature ensures file integrity and authenticity from the publisher
  • Timestamping proves when the signature was applied
Certificate Verification Status

Chain verification from CN=Danielle D Festa, O=Danielle D Festa, ST=New Jersey, C=US (serial:224902284776503027117983805747665564556, sha1:d5056e2702e1f0c0a6c1118e63767480b09687fb) failed: The path could not be validated because the end-entity certificate expired 2022-12-16 23:59:59Z

Recommendation: Verify the file source and ensure it comes from a trusted publisher.

Remember: This is Result of Online Virus Scanner

Gridinsoft Anti-Malware has a much more powerful virus scanning engine. We recommend using it for a more precise diagnosis of infected systems. This brief guide will help you install our flagship product for more accurate diagnostics:

Download Anti-Malware

Keep Your System Protected

This file appears clean, but regular security maintenance is important

  1. Regular Scans: Run weekly system scans to detect new threats before they can cause damage.
  2. Keep Software Updated: Ensure your operating system and all applications have the latest security patches.
  3. Safe Browsing: Avoid suspicious websites and never download software from untrusted sources.
  4. Email Security: Be cautious with email attachments and links, even from known contacts.
Proactive Protection
12 antivirus engines detected potential threats. This could be a false positive, especially for system tools or packed software. Verify the file source and check if it's digitally signed by a trusted publisher.

Leave a Comment

Share your thoughts or insights about this file. Do you align with our conclusion?

* Your feedback could influence our rating, and rest assured, your email will remain confidential and will only be used to communicate with you if necessary.
Your Score for

Gridinsoft Anti-Malware

Cure your PC from any kind of malware

GridinSoft Anti-Malware will help you to protect your computer from spyware, trojans, backdoors, rootkits. It cleans your system from annoying advertisement modules and other malicious stuff developed by hackers.

Anti-Malware Download Now
Gridinsoft Anti-Malware