Gridinsoft Logo

The msedge_elf.dll File Analysis

Updated 1 month ago
Checked by Malware Check
msedge_elf.dll

Technical Analysis

File Name msedge_elf.dll
File Type
Win32 DLL
Magic Bytes PE32+ executable (DLL) (GUI) x86-64, for MS Windows
SSDEEP Hash
49152:J0LSLtcEoFtpvMeu+AiJi+J70FJdSH+Ay5k0U:J0e/wkxAy5Z
Scanner Version 1.0.229.174
Database Version 2025-11-14 17:00:18 UTC

Suspicious File Detected

Detected by 44 security engines - requires caution

This file requires additional checking for potential threats. Based on suspicious indicators, we will soon add it to our virus database.
61%
Detection Rate
3,290,112
File Size (bytes)
44/72
Engines Detected
2025-11-14
Analysis Date

Scan Another File

File Identification

Hash Type Value Action
MD5
a3e109bc7f98c0b773ae93b5f5b5d934
SHA1
03c2b726cb3eb65eb1190934a2374296507461b0
SHA256
ef50f9f0ea29c2a6456877847b0b1a70d32160fa39d25ba6562084b935ebc532
SHA512
4514e12da7db8c6b72b53ebb66aa70e5abafca8540aedec77d80ec41d6f59b4bbf72a09f9bc9ca419106747162d29b0906a1be2f43de14e0099b8f374683d029
ImpHash
f5d9d1eaa81295e91dfcd1225b9feeb6

Security Engines with Detections (44 of 72)

Bkav
W64.AIDetectMalware Malicious
Lionic
Trojan.Win32.VidarStealer.4!c Malicious
MicroWorld-eScan
Gen:Variant.Tedy.828415 Malicious
ALYac
Gen:Variant.Tedy.828415 Malicious
Cylance
Unsafe Malicious
VIPRE
Gen:Variant.Tedy.828415 Malicious
Sangfor
Infostealer.Win32.Vidarstealer.Vtn5 Malicious
K7AntiVirus
Spyware ( 005d25341 ) Malicious
BitDefender
Gen:Variant.Tedy.828415 Malicious
K7GW
Spyware ( 005d25341 ) Malicious
CrowdStrike
win/malicious_confidence_60% (D) Malicious
Arcabit
Trojan.Tedy.DCA3FF Malicious
Symantec
ML.Attribute.HighConfidence Malicious
Elastic
malicious (high confidence) Malicious
ESET-NOD32
a variant of Generik.KNDBCVY Malicious
TrendMicro-HouseCall
TrojanSpy.Win64.VIDAR.YXFKCZ Malicious
Paloalto
generic.ml Malicious
Cynet
Malicious (score: 100) Malicious
Kaspersky
Trojan.Win64.Agent.smeuwx Malicious
Alibaba
Trojan:Win32/VidarStealer.b3a3080f Malicious
Tencent
Win64.Trojan.Agent.Gwnw Malicious
Sophos
Mal/Generic-S Malicious
F-Secure
Trojan.TR/AVI.PWS.Agent.bfsec Malicious
DrWeb
Trojan.PWS.Vidar.113 Malicious
TrendMicro
TrojanSpy.Win64.VIDAR.YXFKCZ Malicious
McAfeeD
ti!EF50F9F0EA29 Malicious
CTX
dll.trojan.vidarstealer Malicious
Emsisoft
Gen:Variant.Tedy.828415 (B) Malicious
Google
Detected Malicious
Avira
TR/AVI.PWS.Agent.bfsec Malicious
Kingsoft
Win32.Troj.vidarstealer.v Malicious
Microsoft
Trojan:Win32/VidarStealer.ZA!MTB Malicious
GData
Gen:Variant.Tedy.828415 Malicious
Varist
W64/ABTrojan.JLLT-6840 Malicious
DeepInstinct
MALICIOUS Malicious
Malwarebytes
Malware.AI.818478976 Malicious
Ikarus
Trojan.Win32.VidarStealer Malicious
Panda
Trj/GdSda.A Malicious
Rising
Trojan.VidarStealer!8.19BF0 (CLOUD) Malicious
TrellixENS
Artemis!A3E109BC7F98 Malicious
MaxSecure
Trojan.Malware.509755011.susgen Malicious
AVG
Win64:MalwareX-gen [Pws] Malicious
Avast
Win64:MalwareX-gen [Pws] Malicious
alibabacloud
Trojan:Win/VidarStealer.ZM8PHU Malicious
28 engines reported no threats - Only engines with detections are shown above for clarity

PE Analysis

Basic Information

Image Base 0x180000000
Entry Point 0x180170b20
Compilation Time 2025-11-01 02:58:35
Checksum 0x00000000 (Actual: 0x00332aa1)
OS Version 6.0
PEiD Signatures PE32+ executable (DLL) (GUI) x86-64, for MS Windows
PDB Path C:\libcurl\x64\Debug\Dll1.pdb
Digital Signature No valid SignedData structure was found.
Imports 2 libraries
KERNEL32, USER32
Exports 3 functions
Resources 1 Resources
Sections 11 Sections

PE Sections

Name Virtual Address Virtual Size Raw Size Entropy Characteristics MD5
.text 0x00001000 2,246,310 bytes 2,246,656 bytes 5.66 (Normal) IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ 87A34747C23885396AE9C8480854903B
.rdata 0x00226000 292,572 bytes 292,864 bytes 5.04 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ F3C0B1F29756EC4292D28AA377BC6F5F
.data 0x0026e000 662,288 bytes 655,872 bytes 7.72 (Packed/Encrypted) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 420EB88F63AFB5623D633E99AD8AC3E2
.pdata 0x00310000 84,540 bytes 84,992 bytes 6.13 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 1A5228D0696AC3462DF278526D50F2E3
.fptable 0x00325000 256 bytes 512 bytes 0.00 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE BF619EAC0CDF3F68D496EA9344137E8B
_RDATA 0x00326000 500 bytes 512 bytes 4.18 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 8E3802F3CA249BA0CDE575ECE27E1868
_guard_c 0x00327000 36 bytes 512 bytes 0.22 (Normal) 0x00000000 620EE3D0F7DE19D8E3788C6AC6AEEBD7
_guard_d 0x00328000 36 bytes 512 bytes 0.22 (Normal) 0x00000000 B61BBD46A502B04F040227ECC716B44F
memcpy_ 0x00329000 264 bytes 512 bytes 1.88 (Normal) 0x00000000 0A316BBF14E04DDFE4E33425EBDA5133
.rsrc 0x0032a000 232 bytes 512 bytes 2.35 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 2F5CD3B282710AB895569602ADADECF3
.reloc 0x0032b000 5,312 bytes 5,632 bytes 5.33 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ E12323F01CDDB7CDE9524420A4538D87
Entropy Analysis Alert

1 section(s) with high entropy (≥7.5) detected - possible packing/encryption

Resource Analysis

Total Resources: 1 (135 bytes)
Resource Type Count Total Size Percentage
RT_MANIFEST 1 135 bytes
100%

Certificate Chain Analysis

No Digital Signatures

This file is not digitally signed.

Security Implications:
  • Cannot verify the publisher's identity
  • Increased security risk when running this file
  • May trigger security warnings on some systems

⚠ This file either lacks a digital signature or the certificate chain could not be verified
Exercise caution when executing unsigned files from unknown sources

Certificate Verification Status

No valid SignedData structure was found.

Recommendation: Verify the file source and ensure it comes from a trusted publisher.

Remember: This is Result of Online Virus Scanner

Gridinsoft Anti-Malware has a much more powerful virus scanning engine. We recommend using it for a more precise diagnosis of infected systems. This brief guide will help you install our flagship product for more accurate diagnostics:

Download Anti-Malware

Keep Your System Protected

This file appears clean, but regular security maintenance is important

  1. Regular Scans: Run weekly system scans to detect new threats before they can cause damage.
  2. Keep Software Updated: Ensure your operating system and all applications have the latest security patches.
  3. Safe Browsing: Avoid suspicious websites and never download software from untrusted sources.
  4. Email Security: Be cautious with email attachments and links, even from known contacts.
Proactive Protection
44 antivirus engines detected potential threats. This could be a false positive, especially for system tools or packed software. Verify the file source and check if it's digitally signed by a trusted publisher.

Leave a Comment

Share your thoughts or insights about this file. Do you align with our conclusion?

Your feedback could influence our rating, and rest assured, your email will remain confidential and will only be used to communicate with you if necessary.

Your Score for
/

Gridinsoft Anti-Malware

Stay Malware-Free: Keep Your PC Protected with Gridinsoft Anti-Malware

Gridinsoft Anti-Malware offers just that—peace of mind with a robust, user-friendly solution that’s constantly updated to combat the latest threats. Designed by cybersecurity experts, it provides real-time protection and effortless malware removal. It’s not just about detecting threats; it's about enhancing your digital life with uninterrupted security. Give it a try and experience what it feels like to browse worry-free!

Gridinsoft Anti-Malware Download Now
Gridinsoft Anti-Malware