» thebat.exe
Overview
Analysis
File Details

thebat.exe

The Bat!

RITLABS S.R.L.

File name:

thebat.exe

Publisher:

RITLABS S.R.L. (signed and verified)

Product:

The Bat!

Description:

The Bat! E-Mail Client by Ritlabs

Version:

4.1.5.0

MD5:

9d39f4bea7cfdffc1bdcb9f7f211c11b

SHA-1:

30824cf42eaad0ccc94e99b137a742dda0e81db9

SHA-256:

57f9b9ea67c3cf84f4a318b6ef9d3edd4add2ad5dad17e7181ed516605f00ade

Scanner detections:

6 / 68

Status:

Clean (6 probable false positive detections)

Explanation:

These detections are probably false positives (erroneous), the file is probably malware free.

Analysis date:

4/25/2024 4:26:08 AM UTC (today)

Scan engine

Detection

Engine version

Comodo Security

Heur.Pck.Themida

5714

Fortinet FortiGate

W32/Packed.B

2/3/2016

F-Prot

W32/Heuristic-210

v6.4.4.4.56

McAfee

Artemis!6CE15AAB7FAE

5600.6501

Vba32 AntiVirus

suspected of Win32.BrokenEmbeddedSignature

16.02.03

ViRobot

Trojan.Win32.A.Downloader.11954536[h]

2014.3.20.0

File size:

6.4 MB (6,706,536 bytes)

Product version:

4.1.5.0

Original file name:

The Bat! E-Mail Client by Ritlabs

File type:

Executable application (Win32 EXE)

Language:

Language Neutral

Common path:

C:\Program Files\the bat!\thebat.exe

Digital Signature

Signed by:

RITLABS S.R.L.

Authority:

VeriSign, Inc.

Valid from:

6/29/2006 7:00:00 AM

Valid to:

6/29/2009 6:59:59 AM

Subject:

CN=RITLABS S.R.L., OU=Digital ID Class 3 - Microsoft Software Validation v2, O=RITLABS S.R.L., L=Chisinau, S=MD, C=MD

Issuer:

CN=VeriSign Class 3 Code Signing 2004 CA, OU=Terms of use at https://www.verisign.com/rpa (c)04, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

77961E4EDC4C7CB1E689B089CDA0E7D4

File PE Metadata

Compilation timestamp:

12/23/2008 12:58:36 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

196608:6RE0xpjU/rxZ8N5f7Rdk0c3j6TWuKQwS+08AEF:660xpj+rxZk7MfT1Q7+ZF

Entry address:

0xE3A000

Entry point:

83, EC, 04, 50, 53, E8, 01, 00, 00, 00, CC, 58, 8B, D8, 40, 2D, 00, 30, 14, 00, 2D, F4, 39, 5F, 00, 05, E9, 39, 5F, 00, 80, 3B, CC, 75, 19, C6, 03, 00, BB, 00, 10, 00, 00, 68, 8B, CD, BB, 2E, 68, CF, 49, 58, 4B, 53, 50, E8, 0A, 00, 00, 00, 83, C0, 14, 89, 44, 24, 08, 5B, 58, C3, 55, 8B, EC, 60, 8B, 75, 08, 8B, 4D, 0C, C1, E9, 02, 8B, 45, 10, 8B, 5D, 14, EB, 08, 31, 06, 01, 1E, 83, C6, 04, 49, 0B, C9, 75, F4, 61, C9, C2, 10, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00... 
[+]

Entropy:

7.9690 (probably packed)

Code size:

8.5 MB (8,870,912 bytes)

Scan thebat.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.