Gridinsoft Logo
File Icon

The 6fe54.exe File Analysis

Updated 2 years ago
Checked by Malware Check
6fe54.exe

Technical Analysis

File Name 6fe54.exe
File Type
Win32 EXE
Magic Bytes MS-DOS executable PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, MZ for MS-DOS
SSDEEP Hash
6144:DCu3x6WPOlzwPwnEXCWGJMDi10G0h2ETTeQDw8mBSyusUqWsl:WS/MEpDil0dTT5w8m8rs
Scanner Version 1.0.172.174
Database Version 2024-04-16 13:00:15 UTC

Suspicious File Detected

Detected by 47 security engines - requires caution

This file requires additional checking for potential threats. Based on suspicious indicators, we will soon add it to our virus database.
67%
Detection Rate
357,376
File Size (bytes)
47/70
Engines Detected
2024-04-16
Analysis Date

Scan Another File

File Identification

Hash Type Value Action
MD5
5ca779762e24db89abfa8bb01fdad2ed
SHA1
6d0cf369f88e30dc4e82f3b32a069f5f8b2e8ad7
SHA256
e3430a1ddb1c5cc715f621a336fb5c0d99aa07204b693ae26b73b922a836fe54
SHA512
3d1fe9fc7d1d48d767d2f84748768bee660138db22191f6e247127b07bae6719d0005f1e9cfe9bb1dd19c0bf7b253a79ebad940fdd7502c1f44001843db3239e
ImpHash
aca35d13adb97d2c480a39887a5f629a

Security Engines with Detections (47 of 70)

Bkav
W32.AIDetectMalware Malicious
Elastic
malicious (high confidence) Malicious
MicroWorld-eScan
Trojan.GenericKD.71996153 Malicious
FireEye
Generic.mg.5ca779762e24db89 Malicious
Skyhigh
BehavesLike.Win32.Generic.fc Malicious
McAfee
Artemis!5CA779762E24 Malicious
Cylance
unsafe Malicious
Sangfor
Trojan.Win32.Leonem.Vro0 Malicious
CrowdStrike
win/malicious_confidence_70% (W) Malicious
Alibaba
Trojan:Win32/Leonem.142b2b6f Malicious
K7GW
Riskware ( 00584baa1 ) Malicious
K7AntiVirus
Riskware ( 00584baa1 ) Malicious
Symantec
ML.Attribute.HighConfidence Malicious
ESET-NOD32
a variant of Generik.BJTWPVJ Malicious
APEX
Malicious Malicious
TrendMicro-HouseCall
TROJ_GEN.R002C0DCM24 Malicious
BitDefender
Trojan.GenericKD.71996153 Malicious
Avast
Win32:Malware-gen Malicious
Emsisoft
Trojan.GenericKD.71996153 (B) Malicious
F-Secure
Trojan.TR/Redcap.pnomh Malicious
VIPRE
Trojan.GenericKD.71996153 Malicious
TrendMicro
TROJ_GEN.R002C0DCM24 Malicious
Trapmine
malicious.high.ml.score Malicious
Sophos
Mal/Generic-S Malicious
Ikarus
Trojan.Crypt Malicious
Google
Detected Malicious
Avira
TR/Redcap.pnomh Malicious
Varist
W32/ABTrojan.URES-0196 Malicious
Antiy-AVL
Trojan/Win32.Possiblethreat Malicious
Kingsoft
Win32.Troj.Generic.v Malicious
Microsoft
Trojan:Win32/Leonem Malicious
Arcabit
Trojan.Generic.D44A92F9 Malicious
GData
Trojan.GenericKD.71996153 Malicious
Cynet
Malicious (score: 100) Malicious
AhnLab-V3
Unwanted/Win.Agent.C5603919 Malicious
ALYac
Trojan.GenericKD.71996153 Malicious
MAX
malware (ai score=88) Malicious
Malwarebytes
Malware.AI.274051574 Malicious
Panda
Trj/Chgt.AD Malicious
Rising
Trojan.Leonem!8.15E05 (CLOUD) Malicious
Yandex
Trojan.GenAsa!hGUCOkJiT70 Malicious
SentinelOne
Static AI - Malicious PE Malicious
MaxSecure
Trojan.Malware.237250311.susgen Malicious
Fortinet
W32/PossibleThreat Malicious
AVG
Win32:Malware-gen Malicious
DeepInstinct
MALICIOUS Malicious
alibabacloud
Suspicious Malicious
23 engines reported no threats - Only engines with detections are shown above for clarity

PE Analysis

Basic Information

Icon
Hash: b3f32880838319551ead1d18358389cb
Fuzzy: 773dfbbd8089fa459e0ef9e94a8a1335
dHash: f0d2cc68b2f2ede4
Image Base 0x00400000
Entry Point 0x004c4303
Compilation Time 2023-07-08 05:26:03
Checksum 0x00000000 (Actual: 0x00065ad7)
OS Version 5.0
PEiD Signatures MS-DOS executable PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, MZ for MS-DOS
Digital Signature The PE file does not contain a certificate table.
Imports 14 libraries
Exports 0 functions
Resources 16 Resources
Sections 3 Sections

Version Information

FileDescription
FileVersion 1.1.37.01
InternalName
LegalCopyright
CompanyName
OriginalFilename
ProductName
ProductVersion 1.1.37.01
Translation 0x0409 0x04b0

PE Sections

Name Virtual Address Virtual Size Raw Size Entropy Characteristics MD5
.MPRESS1 0x00001000 798,720 bytes 307,712 bytes 8.00 (Packed/Encrypted) IMAGE_SCN_CNT_CODE|IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_CNT_UNINITIALIZED_DATA|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 8F17BC3D750EF04262B41EC9CC30B9E7
.MPRESS2 0x000c4000 3,693 bytes 4,096 bytes 5.63 (Normal) IMAGE_SCN_CNT_CODE|IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_CNT_UNINITIALIZED_DATA|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE A7A81DB241A85FF831F6BFB640142DD2
.rsrc 0x000c5000 44,660 bytes 45,056 bytes 3.89 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE FC7C45EFCE228E903000F7D18D8BEEBF
Entropy Analysis Alert

1 section(s) with high entropy (≥7.5) detected - possible packing/encryption

Resource Analysis

Total Resources: 16 (71,263 bytes)
Resource Type Count Total Size Percentage
RT_ICON 5 41,736 bytes
58.6%
RT_MENU 1 712 bytes
1%
RT_DIALOG 1 232 bytes
0.3%
RT_ACCELERATOR 1 72 bytes
0.1%
RT_RCDATA 1 26,603 bytes
37.3%
RT_GROUP_ICON 5 100 bytes
0.1%
RT_VERSION 1 540 bytes
0.8%
RT_MANIFEST 1 1,268 bytes
1.8%

Certificate Chain Analysis

Certificate Information
File Version 1.1.37.01

✓ This file has been digitally signed and the certificate chain has been verified

  • The signature ensures file integrity and authenticity from the publisher
  • Timestamping proves when the signature was applied
Certificate Verification Status

The PE file does not contain a certificate table.

Recommendation: Verify the file source and ensure it comes from a trusted publisher.

Remember: This is Result of Online Virus Scanner

Gridinsoft Anti-Malware has a much more powerful virus scanning engine. We recommend using it for a more precise diagnosis of infected systems. This brief guide will help you install our flagship product for more accurate diagnostics:

Download Anti-Malware

Keep Your System Protected

This file appears clean, but regular security maintenance is important

  1. 1
    Weekly Quick Scans: Set a reminder to run a scan every Sunday. Most infections are caught within the first week, so regular checks give you peace of mind.
  2. 2
    Update Everything: Those annoying update popups exist for a reason — they patch security holes. Windows, browsers, Adobe, Java — keep them all current.
  3. 3
    Download Smart: Stick to official websites and app stores. If a "free" version of paid software sounds too good to be true, it probably comes with unwanted extras.
  4. 4
    Think Before You Click: Malware loves email attachments and "urgent" links. Even if an email looks like it's from your bank or a friend, verify suspicious requests through a different channel.
Proactive Protection
47 security engines flagged this file. Could be a real threat, or could be a false alarm — common with keygens, game trainers, and legitimate system utilities. Check if the file has a valid digital signature and whether it came from the official source.

Leave a Comment

Share your thoughts or insights about this file. Do you align with our conclusion?

Your feedback could influence our rating, and rest assured, your email will remain confidential and will only be used to communicate with you if necessary.

Gridinsoft Portal
Signed in via Gridinsoft Portal · View profile
Your Score for

Gridinsoft Anti-Malware

Stay Malware-Free: Keep Your PC Protected with Gridinsoft Anti-Malware

Gridinsoft Anti-Malware offers just that—peace of mind with a robust, user-friendly solution that’s constantly updated to combat the latest threats. Designed by cybersecurity experts, it provides real-time protection and effortless malware removal. It’s not just about detecting threats; it's about enhancing your digital life with uninterrupted security. Give it a try and experience what it feels like to browse worry-free!

Gridinsoft Anti-Malware Download Now
Gridinsoft Anti-Malware