Gridinsoft Logo
File Icon

The vcows_bing_11762798528886885402.exe (Vcows) File Analysis

Updated 1 month ago
Checked by Malware Check
vcows_bing_11762798528886885402.exe

Technical Analysis

File Name vcows_bing_11762798528886885402.exe
File Type
Win32 EXE
Magic Bytes PE32 executable (GUI) Intel 80386, for MS Windows
SSDEEP Hash
49152:eUhpN7zctXejYqswEPoWfEKz6St6RwL74qGAS5rnYE5K3A8:7hpN7zctXW3YPo/TqH0v2E8
Scanner Version 1.0.228.174
Database Version 2025-11-10 20:00:28 UTC

Suspicious File Detected

Detected by 9 security engines - requires caution

This file requires additional checking for potential threats. Based on suspicious indicators, we will soon add it to our virus database.
13%
Detection Rate
2,502,280
File Size (bytes)
9/72
Engines Detected
2025-11-10
Analysis Date

Scan Another File

File Identification

Hash Type Value Action
MD5
94eeac9301ed3633ed49927bae85fca6
SHA1
f5063e304a62f2c1b9efc9034b5f256522594129
SHA256
f5555ff3c2f3cf014bd0f246cd7f4bee2d0215597a47599db93e3c16a3278fed
SHA512
fe1a2c65790a625207407e07dd3ba3e287b2db3c62298464af8eb36b87a3a28c8a5c0fbb22b87badf7e4a016a359053395b6d7f8c672d9e5cd6e2e4eb533d27f
ImpHash
47d0808dadbfe9ce969fcd040d879d05

Security Engines with Detections (9 of 72)

Cylance
Unsafe Malicious
K7AntiVirus
Adware ( 005693e61 ) Malicious
K7GW
Adware ( 005693e61 ) Malicious
CrowdStrike
win/grayware_confidence_90% (D) Malicious
ESET-NOD32
a variant of Win32/Tenorshare.B potentially unwanted Malicious
Paloalto
generic.ml Malicious
Rising
PUA.Tenorshare!8.11DB9 (CLOUD) Malicious
Sophos
Generic ML PUA (PUA) Malicious
DeepInstinct
MALICIOUS Malicious
63 engines reported no threats - Only engines with detections are shown above for clarity

PE Analysis

Basic Information

Icon
Hash: ff876bb3520637584a2af2befc94a70e
Fuzzy: ddc984fcbae988e0289e42b711f6aba3
dHash: d062333392068ce8
Image Base 0x00400000
Entry Point 0x004eae32
Compilation Time 2025-11-05 09:21:00
Checksum 0x0026d4fd (Actual: 0x0026d4fd)
OS Version 5.1
PEiD Signatures PE32 executable (GUI) Intel 80386, for MS Windows
PDB Path F:\Jenkins\WorkSpace\workspace\Common_Downloader\Branches\InstallWithoutUninstall\release\Setup.pdb
Digital Signature OK
Imports 24 libraries
Exports 84 functions
Resources 5 Resources
Sections 7 Sections

Version Information

CompanyName Vcows
FileDescription Vcows
FileVersion 2.10.2.0
LegalCopyright Copyright © 2025 SMARTSHARE CO., LIMITED. All Rights Reserved.
ProductName 20251105172032
ProductVersion 2.10.2.0
Translation 0x0409 0x04e4

PE Sections

Name Virtual Address Virtual Size Raw Size Entropy Characteristics MD5
.text 0x00001000 1,280,799 bytes 1,281,024 bytes 6.62 (Compressed) IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ A7E1803ECED93841A3D4CC5CC5F306CC
.rdata 0x0013a000 300,106 bytes 300,544 bytes 5.36 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 202430C1F696981642DBF20C1422D247
.data 0x00184000 31,892 bytes 20,480 bytes 4.86 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 674C9E19E14BC07B4E7AD0B255A3B3C3
.gfids 0x0018c000 3,420 bytes 3,584 bytes 3.85 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ A2EB75DABECC755882FFF017E990B84A
.tls 0x0018d000 9 bytes 512 bytes 0.02 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 1F354D76203061BFDD5A53DAE48D5435
.rsrc 0x0018e000 812,248 bytes 812,544 bytes 7.94 (Packed/Encrypted) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ A25F12AF632D6C22BAB5DB59E2944EC6
.reloc 0x00255000 72,048 bytes 72,192 bytes 6.61 (Compressed) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ 64C85D21D243B7412AB55350819F0EE4
Entropy Analysis Alert

1 section(s) with high entropy (≥7.5) detected - possible packing/encryption

2 section(s) with elevated entropy (≥6.5) - possible compression

Resource Analysis

Total Resources: 5 (811,828 bytes)
Resource Type Count Total Size Percentage
ZIPRES 1 783,905 bytes
96.6%
RT_ICON 1 26,600 bytes
3.3%
RT_GROUP_ICON 1 20 bytes
0%
RT_VERSION 1 652 bytes
0.1%
RT_MANIFEST 1 651 bytes
0.1%

Certificate Chain Analysis

Certificate Information
Product 20251105172032
Description Vcows
File Version 2.10.2.0
Signing Date 09:21 AM 11/05/2025 (65 days ago)
Verification Status Signed
Signers SMARTSHARE CO., LIMITED; DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1; DigiCert Trusted Root G4; DigiCert
Counter Signers DigiCert SHA256 RSA4096 Timestamp Responder 2025 1; DigiCert Trusted G4 TimeStamping RSA4096 SHA256 2025 CA1; DigiCert Trusted Root G4; DigiCert
Copyright Copyright © 2025 SMARTSHARE CO., LIMITED. All Rights Reserved.
Certificate Chain Summary
DigiCert Trusted Root G4 #1 Primary
Validity Period: 2022-08-01 00:00:00 → 2031-11-09 23:59:59
Signature Algorithm: sha384RSA
Serial Number: 0E 9B 18 8E F9 D0 2D E7 EF DB 50 E2 08 40 18 5A
DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1 #2 Chain
Validity Period: 2021-04-29 00:00:00 → 2036-04-28 23:59:59
Signature Algorithm: sha384RSA
Serial Number: 08 AD 40 B2 60 D2 9C 4C 9F 5E CD A9 BD 93 AE D9
DigiCert Trusted G4 TimeStamping RSA4096 SHA256 2025 CA1 #3 Chain
Validity Period: 2025-05-07 00:00:00 → 2038-01-14 23:59:59
Signature Algorithm: sha256RSA
Serial Number: 0D C7 AC 57 05 FF 21 99 2E 40 43 22 0C 3A 49 86
DigiCert SHA256 RSA4096 Timestamp Responder 2025 1 #4 Chain
Validity Period: 2025-06-04 00:00:00 → 2036-09-03 23:59:59
Signature Algorithm: sha256RSA
Serial Number: 0A 80 EF 18 4B 8D F1 05 82 D1 C4 76 A7 95 74 68
SMARTSHARE CO., LIMITED #5 Chain
Validity Period: 2024-12-24 00:00:00 → 2027-12-26 23:59:59
Signature Algorithm: sha256RSA
Serial Number: 02 06 DE 3D AD A0 AF E0 3D FA 25 77 79 B7 EE F3

✓ This file has been digitally signed and the certificate chain has been verified

  • The signature ensures file integrity and authenticity from the publisher
  • Timestamping proves when the signature was applied
Certificate Verification Status

OK

Remember: This is Result of Online Virus Scanner

Gridinsoft Anti-Malware has a much more powerful virus scanning engine. We recommend using it for a more precise diagnosis of infected systems. This brief guide will help you install our flagship product for more accurate diagnostics:

Download Anti-Malware

Keep Your System Protected

This file appears clean, but regular security maintenance is important

  1. Regular Scans: Run weekly system scans to detect new threats before they can cause damage.
  2. Keep Software Updated: Ensure your operating system and all applications have the latest security patches.
  3. Safe Browsing: Avoid suspicious websites and never download software from untrusted sources.
  4. Email Security: Be cautious with email attachments and links, even from known contacts.
Proactive Protection
9 antivirus engines detected potential threats. This could be a false positive, especially for system tools or packed software. Verify the file source and check if it's digitally signed by a trusted publisher.

Leave a Comment

Share your thoughts or insights about this file. Do you align with our conclusion?

Your feedback could influence our rating, and rest assured, your email will remain confidential and will only be used to communicate with you if necessary.

Your Score for
/

Gridinsoft Anti-Malware

Stay Malware-Free: Keep Your PC Protected with Gridinsoft Anti-Malware

Gridinsoft Anti-Malware offers just that—peace of mind with a robust, user-friendly solution that’s constantly updated to combat the latest threats. Designed by cybersecurity experts, it provides real-time protection and effortless malware removal. It’s not just about detecting threats; it's about enhancing your digital life with uninterrupted security. Give it a try and experience what it feels like to browse worry-free!

Gridinsoft Anti-Malware Download Now
Gridinsoft Anti-Malware