Gridinsoft Logo

The RGBV2.exe (Microsoft® Group Policy Update Utility) File Analysis

Updated 11 months ago
Checked by Malware Check
RGBV2.exe

Technical Analysis

File Name RGBV2.exe
File Type
Win32 EXE
Magic Bytes PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows
SSDEEP Hash
1572864:1k4G075SDCRe7fGjH6DNOvQe1Wkg40/iJ3:niDCRe7+jaBKQOj+/C
Scanner Version 1.0.182.174
Database Version 2024-07-22 19:00:25 UTC

Suspicious File Detected

Detected by 18 security engines - requires caution

This file requires additional checking for potential threats. Based on suspicious indicators, we will soon add it to our virus database.
25%
Detection Rate
52,430,896
File Size (bytes)
18/71
Engines Detected
2024-07-22
Analysis Date

Scan Another File

File Identification

Hash Type Value Action
MD5
5d064328ded558ae50f9cfc8eb72f4e0
SHA1
cd96409ddf926a4e004ef76ef224c95ff2c5df12
SHA256
ea4ec95c82b1d47feaf73f837265bfbb48493d5b45408595f556280a67b4a003
SHA512
6c76da3b94e9f0205ac9c1cebce2e4b5515599f964bbf3d5bb9b9d10d7a501df9e3ee09dd018e17d8bb3cd803701e4abd8016f69bc8379fcd698154e569d95f5
ImpHash
a15389e7a3e3d8aabef3d1422091a217

Security Engines with Detections (18 of 71)

Bkav
W64.AIDetectMalware Malicious
Skyhigh
Artemis Malicious
Zillya
Trojan.Stealer.Win64.1275 Malicious
Sangfor
Trojan.Win32.Agent.Vz7i Malicious
Alibaba
Packed:Win64/Nuitka.11272d19 Malicious
ESET-NOD32
a variant of Python/Packed.Nuitka.N suspicious Malicious
Paloalto
generic.ml Malicious
Avast
Win64:Evo-gen [Trj] Malicious
Tencent
Malware.Win32.Gencirc.10c013eb Malicious
McAfeeD
ti!EA4EC95C82B1 Malicious
Sophos
Mal/Generic-S Malicious
Google
Detected Malicious
Antiy-AVL
Trojan[PSW]/Win32.Stealer Malicious
Varist
W64/ABRisk.DZXR-2453 Malicious
Ikarus
Trojan.Python.Psw Malicious
Fortinet
Riskware/Application Malicious
AVG
Win64:Evo-gen [Trj] Malicious
alibabacloud
VirTool:Python/Packed.Nuitka.N Malicious
53 engines reported no threats - Only engines with detections are shown above for clarity

PE Analysis

Basic Information

Image Base 0x140000000
Entry Point 0x1400010f6
Compilation Time 2024-07-14 07:29:05
Checksum 0x00029894 (Actual: 0x0320afe9)
OS Version 4.0
PEiD Signatures PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows
Digital Signature The expected hash does not match the digest in SpcInfo
Imports 3 libraries
KERNEL32, msvcrt, SHELL32
Exports 0 functions
Resources 3 Resources
Sections 12 Sections

Version Information

CompanyName Microsoft Corporation
ProductName Microsoft® Windows® Operating System
FileDescription Microsoft® Group Policy Update Utility
LegalCopyright © Microsoft Corporation. All rights reserved.
ProductVersion 10.0.22621.3296
FileVersion 10.0.22621.3296
OriginalFilename GPUpdate.exe
InternalName GPUpdate
Translation 0x0000 0x04b0

PE Sections

Name Virtual Address Virtual Size Raw Size Entropy Characteristics MD5
.text 0x00001000 110,072 bytes 110,080 bytes 6.34 (Normal) IMAGE_SCN_CNT_CODE|IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ AA48C2131A911A28C595A451032F9BE0
.data 0x0001c000 272 bytes 512 bytes 1.20 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 979FC001C8602E3D9FC1CA4ACA7C2D3D
.rdata 0x0001d000 11,280 bytes 11,776 bytes 5.03 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 2D62ED8D7E6B31BAF0C78BB1D1FD498D
.eh_fram 0x00020000 4 bytes 512 bytes 0.00 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE BF619EAC0CDF3F68D496EA9344137E8B
.pdata 0x00021000 2,088 bytes 2,560 bytes 4.49 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 838E16AAA8B55821E1F0DD96515FC2B6
.xdata 0x00022000 2,552 bytes 2,560 bytes 4.65 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 4522592B72353032800960EF82414483
.bss 0x00023000 72,848 bytes 0 bytes 0.00 (Normal) IMAGE_SCN_CNT_UNINITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE D41D8CD98F00B204E9800998ECF8427E
.idata 0x00035000 3,600 bytes 4,096 bytes 4.06 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 2BECB3C15EFF8F2BDB465FFAE1A86FDC
.CRT 0x00036000 96 bytes 512 bytes 0.29 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 603BC39A9B1AAAC28E223F9907B3625D
.tls 0x00037000 16 bytes 512 bytes 0.00 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE BF619EAC0CDF3F68D496EA9344137E8B
.rsrc 0x00038000 52,285,464 bytes 52,285,952 bytes 8.00 (Packed/Encrypted) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 9D254689B0C1C23EC7A9165E9BF11466
.reloc 0x03216000 148 bytes 512 bytes 1.83 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ 2603944E18DC86A3A34B1B3556B52323
Entropy Analysis Alert

1 section(s) with high entropy (≥7.5) detected - possible packing/encryption

Resource Analysis

Total Resources: 3 (52,285,232 bytes)
Resource Type Count Total Size Percentage
RT_RCDATA 1 52,283,312 bytes
100%
RT_VERSION 1 904 bytes
0%
RT_MANIFEST 1 1,016 bytes
0%

Certificate Chain Analysis

Certificate Information
Product Microsoft® Windows® Operating System
Description Microsoft® Group Policy Update Utility
File Version 10.0.22621.3296
Original Name GPUpdate.exe
Signing Date 11:31 AM 03/27/2024 (453 days ago)
Verification Status The digital signature of the object did not verify.
Signers Microsoft 3rd Party Application Component; Microsoft Code Signing PCA 2011; Microsoft Root Certificate Authority 2011
Counter Signers Microsoft Time-Stamp Service; Microsoft Time-Stamp PCA 2010; Microsoft Root Certificate Authority 2010
Internal Name GPUpdate
Copyright © Microsoft Corporation. All rights reserved.

✓ This file has been digitally signed and the certificate chain has been verified

  • The signature ensures file integrity and authenticity from the publisher
  • Timestamping proves when the signature was applied
Certificate Verification Status

The expected hash does not match the digest in SpcInfo

Recommendation: Verify the file source and ensure it comes from a trusted publisher.

Remember: This is Result of Online Virus Scanner

Gridinsoft Anti-Malware has a much more powerful virus scanning engine. We recommend using it for a more precise diagnosis of infected systems. This brief guide will help you install our flagship product for more accurate diagnostics:

Download Anti-Malware

Keep Your System Protected

This file appears clean, but regular security maintenance is important

  1. Regular Scans: Run weekly system scans to detect new threats before they can cause damage.
  2. Keep Software Updated: Ensure your operating system and all applications have the latest security patches.
  3. Safe Browsing: Avoid suspicious websites and never download software from untrusted sources.
  4. Email Security: Be cautious with email attachments and links, even from known contacts.
Proactive Protection
18 antivirus engines detected potential threats. This could be a false positive, especially for system tools or packed software. Verify the file source and check if it's digitally signed by a trusted publisher.

Leave a Comment

Share your thoughts or insights about this file. Do you align with our conclusion?

* Your feedback could influence our rating, and rest assured, your email will remain confidential and will only be used to communicate with you if necessary.
Your Score for

Gridinsoft Anti-Malware

Cure your PC from any kind of malware

GridinSoft Anti-Malware will help you to protect your computer from spyware, trojans, backdoors, rootkits. It cleans your system from annoying advertisement modules and other malicious stuff developed by hackers.

Anti-Malware Download Now
Gridinsoft Anti-Malware