Gridinsoft Logo
File Icon

FExportView.dll Malware Packed Analysis

Technical Analysis

File Name FExportView.dll
File Type
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Scanner Version 1.0.211.174
Database Version 2025-03-25 16:01:08 UTC

Malware.Win64.Packed.cc

Malware family: Packed

Packed malware uses compression, encryption, or obfuscation techniques to alter code appearance and evade security detection. These methods modify the original malware structure to bypass signature-based detection systems and complicate analysis efforts.
N/A
Detection Rate
5,916,912
File Size (bytes)
2025-03-25
Analysis Date

Scan Another File

File Identification

Hash Type Value Action
MD5
158d5752c909ecd76d1d32e3dae5638e
SHA1
21105cc6473a7d1d3d67425d1d11e4f3859724c3
SHA256
fa26ca52de37ca145361568936d9f59f18fbc8eaf8d1efb2c3176d0e3d1bc758
SHA512
8a6d1586d239e828c65591d0ee7abcce71e506c02974be5dcbd3953c46191776f4f9d2aff1e324ff0036cf5d1006ce64fb4f1de5d7bcb788faa432e1c5f434db
ImpHash
5e172d2a4ca92b07c4460a3a7743b9a6

PE Analysis

Basic Information

Icon
Hash: a4c09c4859e5ebf0c25d5741e4dcf096
Fuzzy: f3a8cd694b22d7e9f267a395d00d9ba9
dHash: c69a727219ccb2b2
Image Base 0x180000000
Entry Point 0x181263a10
Compilation Time 2023-10-27 14:59:05
Checksum 0x003b7646 (Actual: 0x005a7114)
OS Version 6.0
PEiD Signatures PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Digital Signature No valid SignedData structure was found.
Imports 28 libraries
Exports 86 functions
Resources 12 Resources
Sections 9 Sections

Version Information

CompanyName Wondershare
FileDescription FExportView
FileVersion 13, 0, 25, 4414
InternalName FExportView
LegalCopyright Copyright (c) 2020-2023 Wondershare. All rights reserved.
OriginalFilename FExportView
ProductName FExportView
ProductVersion 13.0.25.4414
Translation 0x0804 0x04b0

PE Sections

Name Virtual Address Virtual Size Raw Size Entropy Characteristics MD5
0x00001000 1,257,472 bytes 403,968 bytes 8.00 (Packed/Encrypted) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 9534BD6BF4A1072F003780752AF401BA
0x00134000 2,314,240 bytes 1,949,184 bytes 8.00 (Packed/Encrypted) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE C2D85D1DB83AB114C526479697C0B14A
0x00369000 20,480 bytes 4,096 bytes 7.85 (Packed/Encrypted) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE B1C1FD1B939D04392AB50E6E9265C8D2
0x0036e000 65,536 bytes 0 bytes 0.00 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE D41D8CD98F00B204E9800998ECF8427E
0x0037e000 196,608 bytes 0 bytes 0.00 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE D41D8CD98F00B204E9800998ECF8427E
0x003ae000 16,384 bytes 2,560 bytes 7.64 (Packed/Encrypted) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 65EC74978CD8B1004183AC72A9061D54
.rsrc 0x003b2000 196,608 bytes 196,608 bytes 5.95 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 2A1ADBCCAA26B438A401FEF7EE45D5BE
0x003e2000 12,185,600 bytes 301,056 bytes 8.00 (Packed/Encrypted) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 846B1EC6CED95E65A438C411E7BB07AB
0x00f81000 3,039,232 bytes 3,037,184 bytes 7.96 (Packed/Encrypted) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 281B2BD81B30C9EBCB536CF60E6ADB23
Entropy Analysis Alert

6 section(s) with high entropy (≥7.5) detected - possible packing/encryption

Resource Analysis

Total Resources: 12 (195,634 bytes)
Resource Type Count Total Size Percentage
RT_ICON 9 194,325 bytes
99.3%
RT_GROUP_ICON 1 132 bytes
0.1%
RT_VERSION 1 796 bytes
0.4%
RT_MANIFEST 1 381 bytes
0.2%

Certificate Chain Analysis

No Digital Signatures

This file is not digitally signed.

Security Implications:
  • Cannot verify the publisher's identity
  • Increased security risk when running this file
  • May trigger security warnings on some systems

⚠ This file either lacks a digital signature or the certificate chain could not be verified
Exercise caution when executing unsigned files from unknown sources

Certificate Verification Status

No valid SignedData structure was found.

Recommendation: Verify the file source and ensure it comes from a trusted publisher.

Malware.Win64.Packed.cc Removal

Gridinsoft has the capability to identify and eliminate Malware.Win64.Packed.cc without requiring further user intervention.

Download Anti-Malware

Removal Instructions

Follow these steps to completely remove the threat from your system

  1. Start by downloading Gridinsoft Anti-Malware to your computer.
  2. Double-click on the gsam-en-install.exe file and follow the on-screen instructions to install the program.
  3. Once the installation of Gridinsoft Anti-Malware is complete, the program will open on the Scan screen.
  4. Click on the "Standard Scan" button to begin scanning your computer for threats.
  5. After the scanning process is finished, click on "Clean Now" to remove any detected threats.
  6. If prompted, restart your system to complete the removal process and ensure all threats are eliminated.
Important: Before You Start
Disconnect from the internet to prevent the malware from spreading or downloading additional threats. Run the scan in Safe Mode for better detection and removal of persistent threats.

Leave a Comment

Share your thoughts or insights about this file. Do you align with our conclusion?

* Your feedback could influence our rating, and rest assured, your email will remain confidential and will only be used to communicate with you if necessary.
Your Score for

Gridinsoft Anti-Malware

Cure your PC from any kind of malware

GridinSoft Anti-Malware will help you to protect your computer from spyware, trojans, backdoors, rootkits. It cleans your system from annoying advertisement modules and other malicious stuff developed by hackers.

Gridinsoft Anti-Malware