The Update_65e15a29e5a73.exe (Models unaffected elides trick wand unread) File Analysis

Updated 1 year ago

Checked by Malware Check

Update_65e15a29e5a73.exe

Technical Analysis

File Name	Update_65e15a29e5a73.exe
File Type	Win32 EXE
Magic Bytes	`PE32+ executable (GUI) x86-64, for MS Windows`
SSDEEP Hash	24576:w8ZjQfva/op6VXlTSb5XpAb52FEw0knDNIzzyt3VjfW2cewySveODKz/JWUyAnL/:ZjqHuXlmQcljNPfRD9
Scanner Version	1.0.168.174
Database Version	2024-03-01 08:00:18 UTC

⚠

Suspicious File Detected

Detected by 6 security engines - requires caution

This file requires additional checking for potential threats. Based on suspicious indicators, we will soon add it to our virus database.

Detection Rate

2,166,272

File Size (bytes)

6/72

Engines Detected

2024-03-01

Analysis Date

Scan Another File

File Identification

Hash Type	Value	Action
MD5	1b60491e468ecbaf0352856aa03a2c33
SHA1	d2751c891505a7d543a32e43ff1a7bf9679e6a35
SHA256	dfd2cc2b48e49cf40d2f6d2ea171cc9f4d10f9a4d0191d96ed8082c8c6614430
SHA512	fb1b2ef5cd70a9fff1642ce22c312927acaa3b329fb7b715783878657fef04afd46e1138e4cbae570fc3eef48a59440c15867771cc20e1ecc1229c718df70de8
ImpHash	274756ea45c523b061a21f39709cf019

Security Engines with Detections (6 of 72)

CrowdStrike

win/malicious_confidence_70% (W) Malicious

APEX

Malicious Malicious

Webroot

W32.Malware.Gen Malicious

Microsoft

Trojan:Win32/Wacatac.B!ml Malicious

Rising

Trojan.Agent!8.B1E (CLOUD) Malicious

DeepInstinct

MALICIOUS Malicious

66 engines reported no threats - Only engines with detections are shown above for clarity

PE Analysis

Basic Information

▼

Image Base	`0x140000000`
Entry Point	`0x14015c3c8`
Compilation Time	2024-02-29 18:16:37
Checksum	0x002191b6 (Actual: 0x0021d661)
OS Version	6.0
PEiD Signatures	`PE32+ executable (GUI) x86-64, for MS Windows`
Digital Signature	The PE file does not contain a certificate table.
Imports	10 libraries KERNEL32, USER32, GDI32, WINSPOOL, COMDLG32, ADVAPI32, SHELL32, COMCTL32, USERENV, dxgi
Exports	0 functions
Resources	3 Resources
Sections	7 Sections

Version Information

▼

Comments	Teed funnies plovers headwords angioplasty
CompanyName	Swamped borrowing exhumation
FileDescription	Models unaffected elides trick wand unread
FileVersion	7.192.135.7
InternalName	Overstretched
LegalCopyright	Copyright © Atrocious quiveringly shade trunk
LegalTrademarks	Premiss stewardess
OriginalFilename	Laddered
ProductName	Lions bombay
ProductVersion	7.192.135.7
Translation	0x0404 0x04e4

PE Sections

▼

Name	Virtual Address	Virtual Size	Raw Size	Entropy	Characteristics	MD5
`.text`	`0x00001000`	1,481,696 bytes	1,481,728 bytes	5.45 (Normal)	`IMAGE_SCN_CNT_CODE\|IMAGE_SCN_MEM_EXECUTE\|IMAGE_SCN_MEM_READ`	`AB4C6D27605DADF08EC64918EBCDC0A3`
`.rdata`	`0x0016b000`	48,326 bytes	48,640 bytes	4.90 (Normal)	`IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ`	`0088BE5361A4D1E67374D75ABEA7BA70`
`.data`	`0x00177000`	52,064 bytes	43,520 bytes	3.92 (Normal)	`IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ\|IMAGE_SCN_MEM_WRITE`	`41911D82D7F1524C8B10AEA98ACD3138`
`.pdata`	`0x00184000`	4,188 bytes	4,608 bytes	5.08 (Normal)	`IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ`	`729BF4C1586510989CED79F2DF104690`
`_RDATA`	`0x00186000`	500 bytes	512 bytes	4.20 (Normal)	`IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ`	`5A691DC1354E0189DBB590CDC96AAE52`
`.rsrc`	`0x00187000`	583,816 bytes	584,192 bytes	6.01 (Normal)	`IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ`	`DBDEA59B9545BFA3A5F3B9E3020D8D7C`
`.reloc`	`0x00216000`	1,856 bytes	2,048 bytes	5.20 (Normal)	`IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_DISCARDABLE\|IMAGE_SCN_MEM_READ`	`E41C2C8B2A58D20A43568C89C6925B34`

Resource Analysis

▼

Total Resources: 3 (583,564 bytes)

Resource Type	Count	Total Size	Percentage
RT_RCDATA	1	582,162 bytes	99.8%
RT_VERSION	1	1,056 bytes	0.2%
RT_MANIFEST	1	346 bytes	0.1%

Certificate Chain Analysis

▼

Certificate Information

Product	Lions bombay
Description	Models unaffected elides trick wand unread
File Version	7.192.135.7
Original Name	Laddered
Internal Name	Overstretched
Copyright	Copyright © Atrocious quiveringly shade trunk

✓ This file has been digitally signed and the certificate chain has been verified

The signature ensures file integrity and authenticity from the publisher
Timestamping proves when the signature was applied

Certificate Verification Status

The PE file does not contain a certificate table.

Recommendation: Verify the file source and ensure it comes from a trusted publisher.

Remember: This is Result of Online Virus Scanner

Gridinsoft Anti-Malware has a much more powerful virus scanning engine. We recommend using it for a more precise diagnosis of infected systems. This brief guide will help you install our flagship product for more accurate diagnostics:

Download Anti-Malware

Keep Your System Protected

This file appears clean, but regular security maintenance is important

Regular Scans: Run weekly system scans to detect new threats before they can cause damage.
Keep Software Updated: Ensure your operating system and all applications have the latest security patches.
Safe Browsing: Avoid suspicious websites and never download software from untrusted sources.
Email Security: Be cautious with email attachments and links, even from known contacts.

Proactive Protection

6 antivirus engines detected potential threats. This could be a false positive, especially for system tools or packed software. Verify the file source and check if it's digitally signed by a trusted publisher.

Share your thoughts or insights about this file. Do you align with our conclusion?

* Your feedback could influence our rating, and rest assured, your email will remain confidential and will only be used to communicate with you if necessary.

Your Score for

5 4 3 2 1