home

reshacker.exe

Description:
Resource viewer, decompiler & recompiler.

Version:
3.5.0.82

MD5:
448ebd5d5a54e7dae8797d9eb2fec364

SHA-1:
0a5c6f42ba55e300d2a746bce8c7c52a381dadaa

SHA-256:
489810420cd966ea3c6a56cdd417ec11ef860e6ff657ecfb299cf1560bb3aada

Scanner detections:
1 / 68

Status:
Inconclusive  (not enough data for an accurate detection)

Analysis date:
4/25/2024 10:54:54 PM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
TR/Agent.939008.3
7.11.73.176

File size:
917 KB (939,008 bytes)

Product version:
3.0.0.0

Copyright:
(c) Angus Johnson 1999-2002

Original file name:
ResHack

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\reshacker.exe

File PE Metadata
Compilation timestamp:
6/20/1992 7:22:17 AM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
24576:z6wVCzymgQO1/8VW6LRpwHSMvfWD2lgOkSQPOBu:z6hjgQO1/8wP3jB

Entry address:
0xB8E30

Entry point:
55, 8B, EC, 83, C4, F0, 33, C0, 89, 45, F0, B8, 48, 8C, 4B, 00, E8, 03, C9, F4, FF, 33, C0, 55, 68, 40, 8F, 4B, 00, 64, FF, 30, 64, 89, 20, A1, C0, B3, 4B, 00, 8B, 00, E8, 0D, 9C, F7, FF, A1, C0, B3, 4B, 00, 8B, 00, BA, 54, 8F, 4B, 00, E8, 14, 99, F7, FF, A1, C0, B3, 4B, 00, 8B, 00, C6, 40, 3F, 00, 8B, 0D, 34, B2, 4B, 00, A1, C0, B3, 4B, 00, 8B, 00, 8B, 15, 7C, B5, 4A, 00, E8, F1, 9B, F7, FF, E8, 78, 99, F4, FF, 48, 7E, 78, 8D, 55, F0, B8, 01, 00, 00, 00, E8, C8, 99, F4, FF, 8B, 45, F0, 80, 38, 2D, 75, 63...
 
[+]

Entropy:
6.5643

Developed / compiled with:
Microsoft Visual C++

Code size:
736 KB (753,664 bytes)

Scan reshacker.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.