Gridinsoft Logo
File Icon

The OpenArk64.exe (Open Anti Rootkit for Windows Researchers) File Analysis

Updated 17 days ago
Checked by Malware Check
OpenArk64.exe

Technical Analysis

File Name OpenArk64.exe
File Type
Win32 EXE
Magic Bytes PE32+ executable (GUI) x86-64, for MS Windows
SSDEEP Hash
196608:LecA5Gic647x1Q2BVCLaeBIhNyqHflJwM2gvV6IM1x/om6hBxsPy04sRnWp6DxmY:Lec+K6yBcRih1fliM2gv0I2x9ZPy06UT
Scanner Version 1.0.231.174
Database Version 2025-12-22 18:00:32 UTC

Suspicious File Detected

Detected by 41 security engines - requires caution

This file requires additional checking for potential threats. Based on suspicious indicators, we will soon add it to our virus database.
57%
Detection Rate
12,096,000
File Size (bytes)
41/72
Engines Detected
2025-12-22
Analysis Date

Scan Another File

File Identification

Hash Type Value Action
MD5
8c088c379ffcc9629ab8d769623a6908
SHA1
2ce1971773aab3e4c6a682eab6c951f3d6df77bc
SHA256
ee99804d8716f97607a819840295dd39c8064170d91e3bb0793961838a4b84e3
SHA512
26346ec4a26e1f80f36e5897a3e9401ecad6e1dce67e98967824bed8301c91371072fe4549c8f29f6e6a4ca0030d5ac4040043e91ad60c369264066b60e39b6f
ImpHash
cf56aaccf1a1d251653f262d448ceaf0

Security Engines with Detections (41 of 72)

Lionic
Riskware.Win32.Generik.1!c Malicious
MicroWorld-eScan
Trojan.Generic.38149112 Malicious
CTX
exe.trojan.generik Malicious
Skyhigh
BehavesLike.Win64.Injector.wc Malicious
ALYac
Trojan.Generic.38149112 Malicious
Cylance
Unsafe Malicious
Zillya
Adware.Tracx.Win32.70 Malicious
K7AntiVirus
Riskware ( 00584baa1 ) Malicious
BitDefender
Trojan.Generic.38149112 Malicious
K7GW
Riskware ( 00584baa1 ) Malicious
Symantec
ML.Attribute.HighConfidence Malicious
Elastic
malicious (moderate confidence) Malicious
ESET-NOD32
a variant of Generik.CQJZQOR Malicious
TrendMicro-HouseCall
Trojan.Win32.UDS.USBLH725 Malicious
Paloalto
generic.ml Malicious
Kaspersky
not-a-virus:UDS:WebToolbar.Win32.Tracx.d Malicious
Alibaba
Trojan:Win64/CVE-2019-16098.a958233b Malicious
Tencent
HackTool.Win64.OpenArk.16002146 Malicious
Sophos
OpenArk (PUA) Malicious
VIPRE
Trojan.Generic.38149112 Malicious
TrendMicro
Trojan.Win32.UDS.USBLH725 Malicious
McAfeeD
ti!EE99804D8716 Malicious
Emsisoft
Trojan.Generic.38149112 (B) Malicious
Ikarus
Trojan.Win64.Agent Malicious
GData
Trojan.Generic.38149112 Malicious
Varist
W64/ABTrojan.FXMU-5746 Malicious
Kingsoft
Win32.Troj.fuery.v Malicious
Xcitium
Malware@#2gzmafpqv0m7m Malicious
Arcabit
Trojan.Generic.D2461BF8 Malicious
Microsoft
Trojan:Win32/Wacatac.B!ml Malicious
Google
Detected Malicious
AhnLab-V3
Malware/Win.CVE-2019-16098.C5732566 Malicious
DeepInstinct
MALICIOUS Malicious
Malwarebytes
Malware.AI.4211655784 Malicious
Rising
Malware.Undefined!8.C (TFE:5:Qy17ettxN5Q) Malicious
TrellixENS
Artemis!8C088C379FFC Malicious
MaxSecure
Trojan.Malware.331765392.susgen Malicious
Fortinet
PossibleThreat.DU Malicious
AVG
Win32:CVE-2019-16098-B [Expl] Malicious
Avast
Win32:CVE-2019-16098-B [Expl] Malicious
alibabacloud
Trojan:Win/Generik.CRUXN#B Malicious
31 engines reported no threats - Only engines with detections are shown above for clarity

PE Analysis

Basic Information

Icon
Hash: 361df88277510fba85e2248b53ab9e3a
Fuzzy: 1d0a03ffa64e7becabacd02cc48db010
dHash: 01e0d8ccccf47081
Image Base 0x140000000
Entry Point 0x1419221e0
Compilation Time 2025-06-23 03:43:09
Checksum 0x00000000 (Actual: 0x00b8b42a)
OS Version 5.2
PEiD Signatures PE32+ executable (GUI) x86-64, for MS Windows
Digital Signature No valid SignedData structure was found.
Imports 18 libraries
Exports 0 functions
Resources 8 Resources
Sections 3 Sections

Version Information

CompanyName https://github.com/BlackINT3
FileDescription Open Anti Rootkit for Windows Researchers
FileVersion 1.5.0.0
LegalCopyright BlackINT3 Copyright (C) 2019
OriginalFilename OpenArk
ProductName OpenArk
ProductVersion 1.5.0.0
Translation 0x0409 0x04b0

PE Sections

Name Virtual Address Virtual Size Raw Size Entropy Characteristics MD5
UPX0 0x00001000 14,360,576 bytes 0 bytes 0.00 (Normal) IMAGE_SCN_CNT_UNINITIALIZED_DATA|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE D41D8CD98F00B204E9800998ECF8427E
UPX1 0x00db3000 11,993,088 bytes 11,990,528 bytes 7.93 (Packed/Encrypted) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 90A540E9D07BE521E1F336EDC672C9FE
.rsrc 0x01923000 106,496 bytes 104,448 bytes 3.09 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 0FED1950D80AB702BF4B89A96F322F32
Entropy Analysis Alert

1 section(s) with high entropy (≥7.5) detected - possible packing/encryption

Resource Analysis

Total Resources: 8 (102,555 bytes)
Resource Type Count Total Size Percentage
RT_ICON 5 100,840 bytes
98.3%
RT_GROUP_ICON 1 76 bytes
0.1%
RT_VERSION 1 736 bytes
0.7%
RT_MANIFEST 1 903 bytes
0.9%

Certificate Chain Analysis

Certificate Information
Product OpenArk
Description Open Anti Rootkit for Windows Researchers
File Version 1.5.0.0
Original Name OpenArk
Copyright BlackINT3 Copyright (C) 2019

✓ This file has been digitally signed and the certificate chain has been verified

  • The signature ensures file integrity and authenticity from the publisher
  • Timestamping proves when the signature was applied
Certificate Verification Status

No valid SignedData structure was found.

Recommendation: Verify the file source and ensure it comes from a trusted publisher.

Remember: This is Result of Online Virus Scanner

Gridinsoft Anti-Malware has a much more powerful virus scanning engine. We recommend using it for a more precise diagnosis of infected systems. This brief guide will help you install our flagship product for more accurate diagnostics:

Download Anti-Malware

Keep Your System Protected

This file appears clean, but regular security maintenance is important

  1. Regular Scans: Run weekly system scans to detect new threats before they can cause damage.
  2. Keep Software Updated: Ensure your operating system and all applications have the latest security patches.
  3. Safe Browsing: Avoid suspicious websites and never download software from untrusted sources.
  4. Email Security: Be cautious with email attachments and links, even from known contacts.
Proactive Protection
41 antivirus engines detected potential threats. This could be a false positive, especially for system tools or packed software. Verify the file source and check if it's digitally signed by a trusted publisher.

Leave a Comment

Share your thoughts or insights about this file. Do you align with our conclusion?

Your feedback could influence our rating, and rest assured, your email will remain confidential and will only be used to communicate with you if necessary.

Your Score for
/

Gridinsoft Anti-Malware

Stay Malware-Free: Keep Your PC Protected with Gridinsoft Anti-Malware

Gridinsoft Anti-Malware offers just that—peace of mind with a robust, user-friendly solution that’s constantly updated to combat the latest threats. Designed by cybersecurity experts, it provides real-time protection and effortless malware removal. It’s not just about detecting threats; it's about enhancing your digital life with uninterrupted security. Give it a try and experience what it feels like to browse worry-free!

Gridinsoft Anti-Malware Download Now
Gridinsoft Anti-Malware