Gridinsoft Logo
File Icon

The steam转服工具箱.exe (steamweb.exe) File Analysis

Updated 1 month ago
Checked by Malware Check
steam转服工具箱.exe

Technical Analysis

File Name steam转服工具箱.exe
File Type
Win32 EXE
Magic Bytes PE32+ executable (GUI) x86-64, for MS Windows
SSDEEP Hash
393216:gdi0vUZrrDc/RB3kUd5kPwOs6bswNDo49V7HOsr7Q:gI0MrkZB3bjU8+ZRP7usr0
Scanner Version 1.0.229.174
Database Version 2025-11-15 21:00:19 UTC

Suspicious File Detected

Detected by 39 security engines - requires caution

This file requires additional checking for potential threats. Based on suspicious indicators, we will soon add it to our virus database.
54%
Detection Rate
13,955,072
File Size (bytes)
39/72
Engines Detected
2025-11-15
Analysis Date

Scan Another File

File Identification

Hash Type Value Action
MD5
f5a0773d8f181618b6916374225e12cd
SHA1
ad57f9caae3c1d8fca64731fa37667703c39be0c
SHA256
e52710612a0165842cf8bd903ae64ff8838f46c63ba75472e1fd9c58ac7fe270
SHA512
e1d6eb5b89a98169fde66ae10ed4cc9391560d54659fc5282ff0f5d7416e101e7ac1469f0bf6c2916fb3840429be4f1d81ec3cee1c53b9a702d516e8eafa11c6
ImpHash
dbddda14b2c5952f66b165aa2aa59eaa

Security Engines with Detections (39 of 72)

Bkav
W64.AIDetectMalware Malicious
Lionic
Trojan.Win64.Agentb.tsXH Malicious
MicroWorld-eScan
Trojan.GenericKD.77744645 Malicious
CTX
exe.trojan.redcap Malicious
CAT-QuickHeal
Trojan.Ghanarava.17629392645e12cd Malicious
Skyhigh
BehavesLike.Win64.Generictrojan.tc Malicious
Zillya
Trojan.Agent.Win64.100286 Malicious
K7AntiVirus
Hacktool ( 005d251e1 ) Malicious
Alibaba
HackTool:Win64/Redcap.af00a72a Malicious
K7GW
Hacktool ( 005d251e1 ) Malicious
CrowdStrike
win/malicious_confidence_100% (W) Malicious
Arcabit
Trojan.Generic.D4A24A05 Malicious
Symantec
ML.Attribute.HighConfidence Malicious
Elastic
malicious (high confidence) Malicious
ESET-NOD32
Python/HackTool.GameHack.A.gen trojan Malicious
APEX
Malicious Malicious
TrendMicro-HouseCall
TROJ_GEN.R023H09KC25 Malicious
Paloalto
generic.ml Malicious
BitDefender
Trojan.GenericKD.77744645 Malicious
Rising
Malware.Undefined!8.C (TFE:5:15haNhlAQYB) Malicious
F-Secure
Trojan.TR/Redcap.lkohk Malicious
VIPRE
Trojan.GenericKD.77744645 Malicious
McAfeeD
ti!E52710612A01 Malicious
SentinelOne
Static AI - Suspicious PE Malicious
Emsisoft
Trojan.GenericKD.77744645 (B) Malicious
Ikarus
Trojan.Win64.Agent Malicious
Jiangmin
Trojan.Agent.fdpl Malicious
Google
Detected Malicious
Avira
TR/Redcap.lkohk Malicious
Varist
W64/ABApplication.WEPL-7160 Malicious
Microsoft
Trojan:Win32/Wacatac.B!ml Malicious
GData
Trojan.GenericKD.77744645 Malicious
Cynet
Malicious (score: 99) Malicious
AhnLab-V3
Trojan/Win.Generic.R718491 Malicious
DeepInstinct
MALICIOUS Malicious
Cylance
Unsafe Malicious
TrellixENS
Artemis!F5A0773D8F18 Malicious
AVG
Win64:MalwareX-gen [Trj] Malicious
Avast
Win64:MalwareX-gen [Trj] Malicious
33 engines reported no threats - Only engines with detections are shown above for clarity

PE Analysis

Basic Information

Icon
Hash: 44000d15a4585e52424408bb9ea67707
Fuzzy: e87e8418a822cf16dc8ff3a66d1b06b6
dHash: 70e4e4d3f2bcc8f0
Image Base 0x140000000
Entry Point 0x14000d894
Compilation Time 2025-11-10 11:59:11
Checksum 0x00000000 (Actual: 0x00d5c59d)
OS Version 6.0
PEiD Signatures PE32+ executable (GUI) x86-64, for MS Windows
Digital Signature No valid SignedData structure was found.
Imports 2 libraries
SHELL32, KERNEL32
Exports 0 functions
Resources 5 Resources
Sections 6 Sections

Version Information

ProductName steamweb
ProductVersion 0.0.0.257
FileVersion 0.0.0.257
OriginalFilename steamweb.exe
InternalName steamweb
FileDescription steamweb.exe
Translation 0x0000 0x04b0

PE Sections

Name Virtual Address Virtual Size Raw Size Entropy Characteristics MD5
.text 0x00001000 144,368 bytes 144,384 bytes 6.51 (Compressed) IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ 525BC0CD7A645074F78EA599AEA85982
.rdata 0x00025000 52,066 bytes 52,224 bytes 5.17 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ AA041C2E11D69722B5D9EDD3D078C68C
.data 0x00032000 167,552 bytes 3,072 bytes 1.97 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE C8B02EF18C8E684F2C300CDB3762CD07
.pdata 0x0005b000 6,240 bytes 6,656 bytes 5.12 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ C428284E365A77C103E0EF715364D310
.rsrc 0x0005d000 13,745,480 bytes 13,745,664 bytes 8.00 (Packed/Encrypted) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 29481DA81B6823E66733C757AE345539
.reloc 0x00d79000 1,680 bytes 2,048 bytes 4.95 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ 3272AF9FDD0AA51F457F989D1FDB6467
Entropy Analysis Alert

1 section(s) with high entropy (≥7.5) detected - possible packing/encryption

1 section(s) with elevated entropy (≥6.5) - possible compression

Resource Analysis

Total Resources: 5 (13,745,104 bytes)
Resource Type Count Total Size Percentage
RT_ICON 1 16,936 bytes
0.1%
RT_RCDATA 1 13,726,304 bytes
99.9%
RT_GROUP_ICON 1 20 bytes
0%
RT_VERSION 1 568 bytes
0%
RT_MANIFEST 1 1,276 bytes
0%

Certificate Chain Analysis

Certificate Information
Product steamweb
Description steamweb.exe
File Version 0.0.0.257
Original Name steamweb.exe
Internal Name steamweb

✓ This file has been digitally signed and the certificate chain has been verified

  • The signature ensures file integrity and authenticity from the publisher
  • Timestamping proves when the signature was applied
Certificate Verification Status

No valid SignedData structure was found.

Recommendation: Verify the file source and ensure it comes from a trusted publisher.

Remember: This is Result of Online Virus Scanner

Gridinsoft Anti-Malware has a much more powerful virus scanning engine. We recommend using it for a more precise diagnosis of infected systems. This brief guide will help you install our flagship product for more accurate diagnostics:

Download Anti-Malware

Keep Your System Protected

This file appears clean, but regular security maintenance is important

  1. Regular Scans: Run weekly system scans to detect new threats before they can cause damage.
  2. Keep Software Updated: Ensure your operating system and all applications have the latest security patches.
  3. Safe Browsing: Avoid suspicious websites and never download software from untrusted sources.
  4. Email Security: Be cautious with email attachments and links, even from known contacts.
Proactive Protection
39 antivirus engines detected potential threats. This could be a false positive, especially for system tools or packed software. Verify the file source and check if it's digitally signed by a trusted publisher.

Leave a Comment

Share your thoughts or insights about this file. Do you align with our conclusion?

Your feedback could influence our rating, and rest assured, your email will remain confidential and will only be used to communicate with you if necessary.

Your Score for
/

Gridinsoft Anti-Malware

Stay Malware-Free: Keep Your PC Protected with Gridinsoft Anti-Malware

Gridinsoft Anti-Malware offers just that—peace of mind with a robust, user-friendly solution that’s constantly updated to combat the latest threats. Designed by cybersecurity experts, it provides real-time protection and effortless malware removal. It’s not just about detecting threats; it's about enhancing your digital life with uninterrupted security. Give it a try and experience what it feels like to browse worry-free!

Gridinsoft Anti-Malware Download Now
Gridinsoft Anti-Malware