Gridinsoft Logo
File Icon

The 美股活跃20321-2024-03-22-16-26-59.txt.exe (ToDesk) File Analysis

Updated 1 year ago
Checked by Malware Check
美股活跃20321-2024-03-22-16-26-59.txt.exe

Technical Analysis

File Name 美股活跃20321-2024-03-22-16-26-59.txt.exe
File Type
Win32 EXE
Magic Bytes PE32+ executable (GUI) x86-64, for MS Windows
SSDEEP Hash
49152:AZB1G8YySGVXYYzFSxl9ElMrZ+zTcZlSCGRN:u3GIoYzMxl9aMd+zTcZlSC6N
Scanner Version 1.0.170.174
Database Version 2024-03-22 14:00:12 UTC

Suspicious File Detected

Detected by 26 security engines - requires caution

This file requires additional checking for potential threats. Based on suspicious indicators, we will soon add it to our virus database.
37%
Detection Rate
1,875,731
File Size (bytes)
26/71
Engines Detected
2024-03-22
Analysis Date

Scan Another File

File Identification

Hash Type Value Action
MD5
9778869cd3d5fd702df09ae6294437b8
SHA1
a56d22eaab0f5fbb42438f2b9df4662b0b5d7f4e
SHA256
e5c8681e717a65496b41931d4406f05f1c88bcc2bc93fc5371615a489121912a
SHA512
30b5eb6764fb690be96db0ab67c638865e88bdd5730edf108c2fd18dd8e70e620b90fa4bbaa848340b7e3f188210205877fbcc20eab06079c9c0484959259e44
ImpHash
b1c5b1beabd90d9fdabd1df0779ea832

Security Engines with Detections (26 of 71)

MicroWorld-eScan
Gen:Trojan.Heur.vO3brWvMISmi Malicious
Skyhigh
BehavesLike.Win64.Fake.tc Malicious
ALYac
Gen:Trojan.Heur.vO3brWvMISmi Malicious
CrowdStrike
win/malicious_confidence_90% (D) Malicious
Arcabit
Trojan.Heur.vO3brWvMISmi Malicious
Elastic
malicious (high confidence) Malicious
ESET-NOD32
a variant of Win32/Kryptik.DGTP Malicious
APEX
Malicious Malicious
BitDefender
Gen:Trojan.Heur.vO3brWvMISmi Malicious
Rising
Dropper.Agent/SFX!1.F4FD (CLASSIC) Malicious
Emsisoft
Gen:Trojan.Heur.vO3brWvMISmi (B) Malicious
F-Secure
Trojan:W32/RARSfx.B Malicious
DrWeb
Trojan.MulDrop15.63151 Malicious
VIPRE
Gen:Trojan.Heur.vO3brWvMISmi Malicious
FireEye
Gen:Trojan.Heur.vO3brWvMISmi Malicious
Sophos
Generic ML PUA (PUA) Malicious
Jiangmin
Exploit.MSIL.asf Malicious
Xcitium
TrojWare.Win32.Spy.Banker.Gen@1qlojk Malicious
Microsoft
Program:Win32/Wacapew.C!ml Malicious
GData
Gen:Trojan.Heur.vO3brWvMISmi Malicious
MAX
malware (ai score=87) Malicious
Malwarebytes
Trojan.FakeMS.ED Malicious
Yandex
Trojan.GenAsa!KdoMKdu0pNY Malicious
SentinelOne
Static AI - Suspicious SFX Malicious
BitDefenderTheta
AI:Packer.8D5B3A601C Malicious
Cybereason
malicious.cd3d5f Malicious
45 engines reported no threats - Only engines with detections are shown above for clarity

PE Analysis

Basic Information

Icon
Hash: 694242d731b5d029ffa1bf103da58943
Fuzzy: 90d2ef44fdbde1def4c418cbe6758534
dHash: e8e8f0ba8e8eccd4
Image Base 0x140000000
Entry Point 0x140032e60
Compilation Time 2024-02-26 09:01:47
Checksum 0x001d763c (Actual: 0x001d763c)
OS Version 5.2
PEiD Signatures PE32+ executable (GUI) x86-64, for MS Windows
PDB Path D:\Projects\WinRAR\sfx\build\sfxrar64\Release\sfxrar.pdb
Digital Signature The PE file does not contain a certificate table.
Imports 3 libraries
KERNEL32, OLEAUT32, gdiplus
Exports 0 functions
Resources 11 Resources
Sections 8 Sections

Version Information

CompanyName ToDesk Remote Desktop
FileDescription ToDesk
ProductName ToDesk
Translation 0x0804 0x03a8
CompanyName 海南有趣科技有限公司
FileDescription ToDesk
FileVersion 4.7.1.0.12
InternalName ToDesk.exe
LegalCopyright Hainan YouQu Technology Co., Ltd
OriginalFilename ToDesk_Setup-v4.7.1.0_12-x64.exe
ProductName ToDesk
ProductVersion 4.7.1.0.12
Translation 0x0409 0x04b0

PE Sections

Name Virtual Address Virtual Size Raw Size Entropy Characteristics MD5
.text 0x00001000 288,494 bytes 288,768 bytes 6.47 (Normal) IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ 27EDB25A1BC32573014BF3ADB5CECC24
.rdata 0x00048000 75,972 bytes 76,288 bytes 5.27 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ CDE5F7A0FAE18BCDB38DA9F29D7F3313
.data 0x0005b000 59,228 bytes 6,656 bytes 3.26 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 0A420650D3ABFC14C296CD4945B33A1D
.pdata 0x0006a000 12,396 bytes 12,800 bytes 5.50 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 95C27B680FBCE994429E951F39E7A9AD
.didat 0x0006e000 864 bytes 1,024 bytes 3.03 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 53C09865FD6DA5CC74254921D9575E3D
_RDATA 0x0006f000 348 bytes 512 bytes 3.31 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 58D3584C9C50F7594166C2ADE479252F
.rsrc 0x00070000 278,528 bytes 275,456 bytes 4.67 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 5BD1744E5A961CE14CDBD104D4F9EE71
.reloc 0x000b4000 2,416 bytes 2,560 bytes 5.34 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ 77A9DDFC47A5650D6EEBBCC823E39532

Resource Analysis

Total Resources: 11 (274,262 bytes)
Resource Type Count Total Size Percentage
RT_ICON 1 270,376 bytes
98.6%
RT_DIALOG 6 2,276 bytes
0.8%
RT_GROUP_ICON 1 20 bytes
0%
RT_VERSION 2 1,172 bytes
0.4%
RT_MANIFEST 1 418 bytes
0.2%

Certificate Chain Analysis

Certificate Information
Product ToDesk
Description ToDesk

✓ This file has been digitally signed and the certificate chain has been verified

  • The signature ensures file integrity and authenticity from the publisher
  • Timestamping proves when the signature was applied
Certificate Verification Status

The PE file does not contain a certificate table.

Recommendation: Verify the file source and ensure it comes from a trusted publisher.

Remember: This is Result of Online Virus Scanner

Gridinsoft Anti-Malware has a much more powerful virus scanning engine. We recommend using it for a more precise diagnosis of infected systems. This brief guide will help you install our flagship product for more accurate diagnostics:

Download Anti-Malware

Keep Your System Protected

This file appears clean, but regular security maintenance is important

  1. Regular Scans: Run weekly system scans to detect new threats before they can cause damage.
  2. Keep Software Updated: Ensure your operating system and all applications have the latest security patches.
  3. Safe Browsing: Avoid suspicious websites and never download software from untrusted sources.
  4. Email Security: Be cautious with email attachments and links, even from known contacts.
Proactive Protection
26 antivirus engines detected potential threats. This could be a false positive, especially for system tools or packed software. Verify the file source and check if it's digitally signed by a trusted publisher.

Leave a Comment

Share your thoughts or insights about this file. Do you align with our conclusion?

* Your feedback could influence our rating, and rest assured, your email will remain confidential and will only be used to communicate with you if necessary.
Your Score for

Gridinsoft Anti-Malware

Cure your PC from any kind of malware

GridinSoft Anti-Malware will help you to protect your computer from spyware, trojans, backdoors, rootkits. It cleans your system from annoying advertisement modules and other malicious stuff developed by hackers.

Anti-Malware Download Now
Gridinsoft Anti-Malware