Gridinsoft Logo
File Icon

The client.exe File Analysis

Updated 2 days ago
Checked by Malware Check
client.exe

Technical Analysis

File Name client.exe
File Type
Win32 EXE
Magic Bytes PE32+ executable (GUI) x86-64, for MS Windows
SSDEEP Hash
196608:fi9uMxC/yD6RmqwU3lBC5u79qpGz31dLmpjJuxhVpbvwSWlt2hP9dF3TySizJ9go:0WROi4GnLmpjJuj3jwSWlMP9/jZi997
Scanner Version 1.0.222.174
Database Version 2025-08-10 14:00:28 UTC

Suspicious File Detected

Detected by 44 security engines - requires caution

This file requires additional checking for potential threats. Based on suspicious indicators, we will soon add it to our virus database.
62%
Detection Rate
14,025,744
File Size (bytes)
44/71
Engines Detected
2025-08-10
Analysis Date

Scan Another File

File Identification

Hash Type Value Action
MD5
7907e9406015ceba49d7f1156f032ac8
SHA1
a8034055f4358c1d687b3c2c70c588f37982fa88
SHA256
fc59d043ebbf8e3225f399030bc6447a0592e992bcb57a08d769c35934335de3
SHA512
bff798c9a2301120c343e7108a857dc2a78e5c18fa5fbc06d71ada65f96adbff3ce47e3ffbf51c13db50f0c09ae6d0bcad4a2abe3911e0bd0b2a1b816c0685a9
ImpHash
9157290f74c15aea0c3b641f952a87f8

Security Engines with Detections (44 of 71)

Bkav
W64.AIDetectMalware Malicious
Lionic
Trojan.Win32.Themida.4!c Malicious
AVG
Win64:MalwareX-gen [Misc] Malicious
Elastic
malicious (high confidence) Malicious
MicroWorld-eScan
Application.Generic.3905556 Malicious
CTX
exe.trojan.generic Malicious
CAT-QuickHeal
Trojan.Ghanarava.1753563894032ac8 Malicious
Skyhigh
BehavesLike.Win64.Rootkit.tc Malicious
ALYac
Application.Generic.3905556 Malicious
Cylance
Unsafe Malicious
Sangfor
Suspicious.Win32.Save.a Malicious
K7AntiVirus
Trojan ( 005ada971 ) Malicious
Alibaba
Packed:Win64/Themida.fba4dd09 Malicious
K7GW
Trojan ( 005ada971 ) Malicious
CrowdStrike
win/malicious_confidence_70% (W) Malicious
VirIT
Trojan.Win64.Agent.IDX Malicious
Symantec
ML.Attribute.HighConfidence Malicious
tehtris
Generic.Malware Malicious
ESET-NOD32
a variant of Win64/Packed.Themida.Q suspicious Malicious
APEX
Malicious Malicious
Paloalto
generic.ml Malicious
Kaspersky
UDS:DangerousObject.Multi.Generic Malicious
BitDefender
Application.Generic.3905556 Malicious
Avast
Win64:MalwareX-gen [Misc] Malicious
Emsisoft
Application.Generic.3905556 (B) Malicious
VIPRE
Application.Generic.3905556 Malicious
McAfeeD
Real Protect-LS!7907E9406015 Malicious
Sophos
Generic Reputation PUA (PUA) Malicious
GData
Application.Generic.3905556 Malicious
Jiangmin
Trojan.PE.rf Malicious
Varist
W64/ABApplication.WOBL-3609 Malicious
Antiy-AVL
GrayWare/Win32.Puwaders Malicious
Xcitium
ApplicUnwnt@#18s2pno8eo3yb Malicious
Arcabit
Application.Generic.D3B9814 Malicious
Microsoft
Trojan:Win32/Kepavll!rfn Malicious
Google
Detected Malicious
AhnLab-V3
Trojan/Win.MalwareX-gen.R690135 Malicious
Panda
Trj/PhxBzA.A Malicious
TrendMicro-HouseCall
TROJ_GEN.R002H01DS25 Malicious
TrellixENS
Artemis!7907E9406015 Malicious
MaxSecure
Trojan.Malware.331846843.susgen Malicious
Fortinet
Riskware/Application Malicious
DeepInstinct
MALICIOUS Malicious
alibabacloud
VirTool:Win/Kepavll.Gen Malicious
27 engines reported no threats - Only engines with detections are shown above for clarity

PE Analysis

Basic Information

Icon
Hash: b2d83ddb1f424edec7b61dd0342e6ef5
Fuzzy: 42b4a0cd7cb12abe88397e0661bbd678
dHash: 0071e84cf82a86f0
Image Base 0x140000000
Entry Point 0x14159c058
Compilation Time 2025-01-17 22:45:24
Checksum 0x00d62625 (Actual: 0x00d62625)
OS Version 6.0
PEiD Signatures PE32+ executable (GUI) x86-64, for MS Windows
Digital Signature No valid SignedData structure was found.
Imports 27 libraries
Exports 0 functions
Resources 6 Resources
Sections 12 Sections

PE Sections

Name Virtual Address Virtual Size Raw Size Entropy Characteristics MD5
0x00001000 4,309,432 bytes 1,875,968 bytes 7.98 (Packed/Encrypted) IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ ECEF8A7C1134604E2133BFC992823709
0x0041e000 1,421,612 bytes 510,464 bytes 7.96 (Packed/Encrypted) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 062A508320B68173B071E1442C64945F
0x0057a000 674,712 bytes 48,128 bytes 7.95 (Packed/Encrypted) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE AD20F09069A27FDCD4DCE22DC3100786
0x0061f000 148,020 bytes 86,528 bytes 7.66 (Packed/Encrypted) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 489A7691912DAC51A283FC2FBC57D67C
0x00644000 33,168 bytes 23,040 bytes 7.92 (Packed/Encrypted) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ DCCD17326E8D26AF9F07E54FB78A4A22
0x0064d000 29,580 bytes 6,656 bytes 7.81 (Packed/Encrypted) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ 2E3189ED871AC6A563BC90563515C88D
.idata 0x00655000 4,096 bytes 2,048 bytes 3.69 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 4EC53CDCCB243F011120CA37067AAB01
.tls 0x00656000 4,096 bytes 512 bytes 0.37 (Normal) IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 9FA6994B0D924DD5218EAEADEFE06356
.rsrc 0x00657000 33,280 bytes 33,280 bytes 6.40 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ B32FBE3B460C0147F271703C718389EF
.pdata 0x00660000 15,974,400 bytes 0 bytes 0.00 (Normal) IMAGE_SCN_CNT_CODE|IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE D41D8CD98F00B204E9800998ECF8427E
.boot 0x0159c000 11,437,568 bytes 11,437,568 bytes 7.96 (Packed/Encrypted) IMAGE_SCN_CNT_CODE|IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ DD070381AEE62599D1BBB317867249E0
.reloc 0x02085000 4,096 bytes 16 bytes 2.77 (Normal) IMAGE_SCN_MEM_READ A07DF2BAD50B3CABA6F09B9669D95651
Entropy Analysis Alert

7 section(s) with high entropy (≥7.5) detected - possible packing/encryption

Resource Analysis

Total Resources: 6 (32,777 bytes)
Resource Type Count Total Size Percentage
RT_ICON 4 31,083 bytes
94.8%
RT_GROUP_ICON 1 62 bytes
0.2%
RT_MANIFEST 1 1,632 bytes
5%

Certificate Chain Analysis

No Digital Signatures

This file is not digitally signed.

Security Implications:
  • Cannot verify the publisher's identity
  • Increased security risk when running this file
  • May trigger security warnings on some systems

⚠ This file either lacks a digital signature or the certificate chain could not be verified
Exercise caution when executing unsigned files from unknown sources

Certificate Verification Status

No valid SignedData structure was found.

Recommendation: Verify the file source and ensure it comes from a trusted publisher.

Remember: This is Result of Online Virus Scanner

Gridinsoft Anti-Malware has a much more powerful virus scanning engine. We recommend using it for a more precise diagnosis of infected systems. This brief guide will help you install our flagship product for more accurate diagnostics:

Download Anti-Malware

Keep Your System Protected

This file appears clean, but regular security maintenance is important

  1. Regular Scans: Run weekly system scans to detect new threats before they can cause damage.
  2. Keep Software Updated: Ensure your operating system and all applications have the latest security patches.
  3. Safe Browsing: Avoid suspicious websites and never download software from untrusted sources.
  4. Email Security: Be cautious with email attachments and links, even from known contacts.
Proactive Protection
44 antivirus engines detected potential threats. This could be a false positive, especially for system tools or packed software. Verify the file source and check if it's digitally signed by a trusted publisher.

Leave a Comment

Share your thoughts or insights about this file. Do you align with our conclusion?

* Your feedback could influence our rating, and rest assured, your email will remain confidential and will only be used to communicate with you if necessary.
Your Score for

Gridinsoft Anti-Malware

Cure your PC from any kind of malware

GridinSoft Anti-Malware will help you to protect your computer from spyware, trojans, backdoors, rootkits. It cleans your system from annoying advertisement modules and other malicious stuff developed by hackers.

Anti-Malware Download Now
Gridinsoft Anti-Malware