Gridinsoft Logo
File Icon

The ST_Internal_Loader(V14).exe File Analysis

Updated 20 days ago
Checked by Malaware Check
ST_Internal_Loader(V14).exe

Technical Analysis

File Name ST_Internal_Loader(V14).exe
File Type
Win32 EXE
Magic Bytes PE32+ executable (console) x86-64, for MS Windows
SSDEEP Hash
393216:rtR5BPBJj5yWEShwAe6BIMZo7kNEJ1wOgLw3G0JZJLvOELQ+:r1BP3j5z9tJMkNEIOgLb0JZFmE
Scanner Version 1.0.216.174
Database Version 2025-05-18 04:00:44 UTC

Suspicious File Detected

Detected by 43 security engines - requires caution

This file requires additional checking for potential threats. Based on suspicious indicators, we will soon add it to our virus database.
61%
Detection Rate
20,144,128
File Size (bytes)
43/71
Engines Detected
2025-05-18
Analysis Date

Scan Another File

File Identification

Hash Type Value Action
MD5
4c92b461fbf6a32da38ed65f34d29fd4
SHA1
bee482bfbed8f7c8f9799ea011cfa2978bf333f1
SHA256
ed9ff1acac5cbf6e55ea821592f760884c38f1c71963c12f94db1ee4d9ccd105
SHA512
b152c9b51a2ce11bedca2c419cd2e8d1d2ea7e6bb796b120c7f972c82b04ed2cb23382fd8969263d508fb14b54996b502e14beeb0ff974baa986b37fd7612d12
ImpHash
4fc16f911662ed8ccaedd189cffd3ac4

Security Engines with Detections (43 of 71)

Bkav
W64.AIDetectMalware Malicious
Lionic
Trojan.Win32.Themida.4!c Malicious
Elastic
malicious (high confidence) Malicious
MicroWorld-eScan
QD:Trojan.GenericKDQ.37615A1484 Malicious
CTX
exe.trojan.generic Malicious
CAT-QuickHeal
Trojan.Ghanarava.1743801671d29fd4 Malicious
Skyhigh
Artemis Malicious
McAfee
Artemis!4C92B461FBF6 Malicious
Malwarebytes
Malware.AI.2316010227 Malicious
VIPRE
QD:Trojan.GenericKDQ.37615A1484 Malicious
Sangfor
Trojan.Win32.Save.a Malicious
K7AntiVirus
Trojan ( 005ada971 ) Malicious
Alibaba
Packed:Win64/Themida.7d8344e8 Malicious
K7GW
Trojan ( 005ada971 ) Malicious
CrowdStrike
win/malicious_confidence_90% (D) Malicious
Symantec
ML.Attribute.HighConfidence Malicious
tehtris
Generic.Malware Malicious
ESET-NOD32
a variant of Win64/Packed.Themida.Q suspicious Malicious
Zoner
Probably Heur.ExeHeaderL Malicious
Paloalto
generic.ml Malicious
BitDefender
QD:Trojan.GenericKDQ.37615A1484 Malicious
Avast
Win64:MalwareX-gen [Misc] Malicious
Emsisoft
QD:Trojan.GenericKDQ.37615A1484 (B) Malicious
F-Secure
Trojan.TR/Redcap.pzrex Malicious
McAfeeD
ti!ED9FF1ACAC5C Malicious
SentinelOne
Static AI - Suspicious PE Malicious
Trapmine
suspicious.low.ml.score Malicious
Sophos
Generic Reputation PUA (PUA) Malicious
Varist
W64/ABApplication.ZOYG-2899 Malicious
Avira
TR/Redcap.pzrex Malicious
Antiy-AVL
GrayWare/Win32.Wacapew Malicious
Microsoft
Trojan:Win64/SpyLoader!rfn Malicious
Arcabit
QD:Trojan.GenericQ.37615A1484 Malicious
GData
QD:Trojan.GenericKDQ.37615A1484 Malicious
Google
Detected Malicious
ALYac
QD:Trojan.GenericKDQ.37615A1484 Malicious
Cylance
Unsafe Malicious
TrendMicro-HouseCall
TROJ_GEN.R002H01BP25 Malicious
MaxSecure
Trojan.Malware.216124210.susgen Malicious
Fortinet
Riskware/Application Malicious
AVG
Win64:MalwareX-gen [Misc] Malicious
DeepInstinct
MALICIOUS Malicious
alibabacloud
VirTool:Win/SpyLoader.Gen Malicious
28 engines reported no threats - Only engines with detections are shown above for clarity

PE Analysis

Basic Information

Icon
Hash: edba4a157c38a378191ef824f924d836
Fuzzy: c1a75142e021ea3302b99b592298f011
dHash: 60866971d4cc932c
Image Base 0x140000000
Entry Point 0x141fc3058
Compilation Time 2025-02-20 00:27:03
Checksum 0x01337f06 (Actual: 0x01337f06)
OS Version 6.0
PEiD Signatures PE32+ executable (console) x86-64, for MS Windows
Digital Signature No valid SignedData structure was found.
Imports 13 libraries
Exports 0 functions
Resources 5 Resources
Sections 10 Sections

PE Sections

Name Virtual Address Virtual Size Raw Size Entropy Characteristics MD5
0x00001000 53,679 bytes 24,576 bytes 7.94 (Packed/Encrypted) IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ 59DF2541007A6146FA204568D5103A58
0x0000f000 14,444 bytes 4,608 bytes 7.81 (Packed/Encrypted) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 0B9AF9D996AF601551B3A47DAE05D9A1
0x00013000 2,408 bytes 512 bytes 3.77 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE E99F12370D6D48C33B4EBFEE008611E2
0x00014000 1,956 bytes 1,536 bytes 6.38 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 1131AB1C9839D4122B673E46C4B84BE3
0x00015000 15,808 bytes 9,728 bytes 7.94 (Packed/Encrypted) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 7BC73E4958E53BB21A1949B703CCD508
0x00019000 164 bytes 512 bytes 3.01 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 512D6FF141A19EBC7F5394B63BC7AD94
.idata 0x0001a000 4,096 bytes 1,536 bytes 3.22 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 54675A1FC970697477AB623C9D228D73
.rsrc 0x0001b000 15,872 bytes 15,872 bytes 5.49 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 8A0C47D9F26EB15133F4CF29A9747209
.winlice 0x0001f000 33,177,600 bytes 0 bytes 0.00 (Normal) IMAGE_SCN_CNT_CODE|IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE D41D8CD98F00B204E9800998ECF8427E
.boot 0x01fc3000 20,084,224 bytes 20,084,224 bytes 7.96 (Packed/Encrypted) IMAGE_SCN_CNT_CODE|IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ 47A890FD5A02E99F6D44F7511F388D32
Entropy Analysis Alert

4 section(s) with high entropy (≥7.5) detected - possible packing/encryption

Resource Analysis

Total Resources: 5 (15,472 bytes)
Resource Type Count Total Size Percentage
RT_ICON 3 15,032 bytes
97.2%
RT_GROUP_ICON 1 48 bytes
0.3%
RT_MANIFEST 1 392 bytes
2.5%

Certificate Chain Analysis

No Digital Signatures

This file is not digitally signed.

Security Implications:
  • Cannot verify the publisher's identity
  • Increased security risk when running this file
  • May trigger security warnings on some systems

⚠ This file either lacks a digital signature or the certificate chain could not be verified
Exercise caution when executing unsigned files from unknown sources

Certificate Verification Status

No valid SignedData structure was found.

Recommendation: Verify the file source and ensure it comes from a trusted publisher.

Remember: This is Result of Online Virus Scanner

Gridinsoft Anti-Malware has a much more powerful virus scanning engine. We recommend using it for a more precise diagnosis of infected systems. This brief guide will help you install our flagship product for more accurate diagnostics:

Download Anti-Malware

Keep Your System Protected

This file appears clean, but regular security maintenance is important

  1. Regular Scans: Run weekly system scans to detect new threats before they can cause damage.
  2. Keep Software Updated: Ensure your operating system and all applications have the latest security patches.
  3. Safe Browsing: Avoid suspicious websites and never download software from untrusted sources.
  4. Email Security: Be cautious with email attachments and links, even from known contacts.
Proactive Protection
43 antivirus engines detected potential threats. This could be a false positive, especially for system tools or packed software. Verify the file source and check if it's digitally signed by a trusted publisher.

Leave a Comment

Share your thoughts or insights about this file. Do you align with our conclusion?

* Your feedback could influence our rating, and rest assured, your email will remain confidential and will only be used to communicate with you if necessary.
Your Score for

Gridinsoft Anti-Malware

Cure your PC from any kind of malware

GridinSoft Anti-Malware will help you to protect your computer from spyware, trojans, backdoors, rootkits. It cleans your system from annoying advertisement modules and other malicious stuff developed by hackers.

Anti-Malware Download Now
Gridinsoft Anti-Malware