Gridinsoft Logo
File Icon

The Unlocker1.9.2.exe File Analysis

Updated 1 year ago
Checked by Malware Check
Unlocker1.9.2.exe

Technical Analysis

File Name Unlocker1.9.2.exe
File Type
Win32 EXE
Magic Bytes PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
SSDEEP Hash
24576:eLMeYSiGTpTLDxxwqQcqOj5eyHox6ZGmAuXE7ZBlbT:+PbVvwqQpoLHontDrlbT
Scanner Version 1.0.172.174
Database Version 2024-04-24 20:00:34 UTC

Suspicious File Detected

Detected by 37 security engines - requires caution

This file requires additional checking for potential threats. Based on suspicious indicators, we will soon add it to our virus database.
52%
Detection Rate
1,078,591
File Size (bytes)
37/71
Engines Detected
2024-04-24
Analysis Date

Scan Another File

File Identification

Hash Type Value Action
MD5
1e02d6aa4a199448719113ae3926afb2
SHA1
f1eff6451ced129c0e5c0a510955f234a01158a0
SHA256
fb6b1171776554a808c62f4045f5167603f70bf7611de64311ece0624b365397
SHA512
7d0f1416beb8c141ee992fe594111042309690c00741dff8f9f31b4652ed6a96b57532780e3169391440076d7ace63966fab526a076adcdc7f7ab389b4d0ff98
ImpHash
7fa974366048f9c551ef45714595665e

Security Engines with Detections (37 of 71)

Lionic
Riskware.Win32.Babylon.1!c Malicious
CAT-QuickHeal
AdWare.ToolBar Malicious
Cylance
unsafe Malicious
VirIT
Trojan.Win32.StartPage1.OCT Malicious
Symantec
PUA.Downloader Malicious
Elastic
malicious (high confidence) Malicious
ESET-NOD32
a variant of Win32/Toolbar.Babylon.E potentially unwanted Malicious
Cynet
Malicious (score: 100) Malicious
Kaspersky
not-a-virus:WebToolbar.Win32.Babylon.bcb Malicious
NANO-Antivirus
Riskware.Win32.Babylon.craswq Malicious
SUPERAntiSpyware
Adware.Multi/Variant Malicious
Tencent
Win32.Trojan.Malware.Bzcm Malicious
Emsisoft
Application.Toolbar (A) Malicious
F-Secure
Program.APPL/Toolbar.Babylon.10785 Malicious
DrWeb
Adware.Toolbar.493 Malicious
TrendMicro
PUA.Win32.Babylon.GA Malicious
Ikarus
PUA.Optional.ToolBar Malicious
GData
Win32.Application.Agent.0YJLRD Malicious
Webroot
W32.Adware.Gen Malicious
Google
Detected Malicious
Avira
APPL/Toolbar.Babylon.10785 Malicious
Antiy-AVL
RiskWare[WebToolbar]/Win32.Babylon Malicious
Xcitium
ApplicUnwnt@#17dvgmrmdfork Malicious
Arcabit
Adware.Generic Malicious
ViRobot
RiskTool.Unlocker.1078591 Malicious
ZoneAlarm
not-a-virus:WebToolbar.Win32.Babylon.bcb Malicious
Microsoft
PUA:Win32/BabylonToolbar Malicious
Varist
W32/Babylon.HOBW-7746 Malicious
AhnLab-V3
PUP/Win.Drop Malicious
Malwarebytes
Generic.Malware.AI.DDS Malicious
Zoner
Trojan.Win32.55558 Malicious
TrendMicro-HouseCall
PUA.Win32.Babylon.GA Malicious
Rising
Adware.Babylon!1.B3CC (CLASSIC) Malicious
Yandex
Trojan.Igent.bYph23.1 Malicious
Fortinet
Riskware/Babylon Malicious
DeepInstinct
MALICIOUS Malicious
CrowdStrike
win/grayware_confidence_100% (W) Malicious
34 engines reported no threats - Only engines with detections are shown above for clarity

PE Analysis

Basic Information

Icon
Hash: 30adcb5c0b2e3c35eaec2c110733c9f8
Fuzzy: c98f96d6ffe5af8d4eb0870c1dc20826
dHash: 92e0b496a6cada72
Image Base 0x00400000
Entry Point 0x004030cb
Compilation Time 2009-12-05 22:50:41
Checksum 0x00000000 (Actual: 0x00116995)
OS Version 4.0
PEiD Signatures PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
Digital Signature The PE file does not contain a certificate table.
Imports 8 libraries
KERNEL32, USER32, GDI32, SHELL32, ADVAPI32, COMCTL32, ole32, VERSION
Exports 0 functions
Resources 53 Resources
Sections 5 Sections

PE Sections

Name Virtual Address Virtual Size Raw Size Entropy Characteristics MD5
.text 0x00001000 22,738 bytes 23,040 bytes 6.43 (Normal) IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ C69726ED422D3DCFDEC9731986DAA752
.rdata 0x00007000 4,496 bytes 4,608 bytes 5.18 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ A2C7710FA66FCBB43C7EF0AB9EEA5E9A
.data 0x00009000 110,456 bytes 1,024 bytes 4.62 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE E59CDCB732E4BFBC84CC61DD68354F78
.ndata 0x00024000 40,960 bytes 0 bytes 0.00 (Normal) IMAGE_SCN_CNT_UNINITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE D41D8CD98F00B204E9800998ECF8427E
.rsrc 0x0002e000 22,632 bytes 23,040 bytes 3.42 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 8B67078CFF291E2E620913FD415535FA

Resource Analysis

Total Resources: 53 (19,830 bytes)
Resource Type Count Total Size Percentage
RT_BITMAP 1 1,638 bytes
8.3%
RT_ICON 2 3,600 bytes
18.2%
RT_DIALOG 48 13,600 bytes
68.6%
RT_GROUP_ICON 1 34 bytes
0.2%
RT_MANIFEST 1 958 bytes
4.8%

Certificate Chain Analysis

Certificate Information
Certificate Chain Summary
Symantec Time Stamping Services CA - G2 #1 Primary
Validity Period: 2012-12-21 00:00:00 → 2020-12-30 23:59:59
Signature Algorithm: sha1RSA
Serial Number: 7E 93 EB FB 7C C6 4E 59 EA 4B 9A 77 D4 06 FC 3B
Visual Tools #2 Chain
Validity Period: 2013-01-10 00:00:00 → 2015-01-10 23:59:59
Signature Algorithm: sha1RSA
Serial Number: 78 99 58 B0 26 4F 06 05 56 19 27 00 74 AF A6 1F
Thawte Code Signing CA - G2 #3 Chain
Validity Period: 2010-02-08 00:00:00 → 2020-02-07 23:59:59
Signature Algorithm: sha1RSA
Serial Number: 47 97 4D 78 73 A5 BC AB 0D 2F B3 70 19 2F CE 5E
Symantec Time Stamping Services Signer - G4 #4 Chain
Validity Period: 2012-10-18 00:00:00 → 2020-12-29 23:59:59
Signature Algorithm: sha1RSA
Serial Number: 0E CF F4 38 C8 FE BF 35 6E 04 D8 6A 98 1B 1A 50

✓ This file has been digitally signed and the certificate chain has been verified

  • The signature ensures file integrity and authenticity from the publisher
  • Timestamping proves when the signature was applied
Certificate Verification Status

The PE file does not contain a certificate table.

Recommendation: Verify the file source and ensure it comes from a trusted publisher.

Remember: This is Result of Online Virus Scanner

Gridinsoft Anti-Malware has a much more powerful virus scanning engine. We recommend using it for a more precise diagnosis of infected systems. This brief guide will help you install our flagship product for more accurate diagnostics:

Download Anti-Malware

Keep Your System Protected

This file appears clean, but regular security maintenance is important

  1. Regular Scans: Run weekly system scans to detect new threats before they can cause damage.
  2. Keep Software Updated: Ensure your operating system and all applications have the latest security patches.
  3. Safe Browsing: Avoid suspicious websites and never download software from untrusted sources.
  4. Email Security: Be cautious with email attachments and links, even from known contacts.
Proactive Protection
37 antivirus engines detected potential threats. This could be a false positive, especially for system tools or packed software. Verify the file source and check if it's digitally signed by a trusted publisher.

Leave a Comment

Share your thoughts or insights about this file. Do you align with our conclusion?

* Your feedback could influence our rating, and rest assured, your email will remain confidential and will only be used to communicate with you if necessary.
Your Score for

Gridinsoft Anti-Malware

Cure your PC from any kind of malware

GridinSoft Anti-Malware will help you to protect your computer from spyware, trojans, backdoors, rootkits. It cleans your system from annoying advertisement modules and other malicious stuff developed by hackers.

Anti-Malware Download Now
Gridinsoft Anti-Malware