» thebat.exe
Overview
Analysis
File Details
Behaviors (1)

thebat.exe

The Bat!

RITLABS S.R.L.

It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘thebat_startup’.

File name:

thebat.exe

Publisher:

RITLABS S.R.L. (signed and verified)

Product:

The Bat!

Description:

The Bat! E-Mail Client by Ritlabs

Version:

5.8.0.0

MD5:

3a7de837e66b0eb741f5f68ba25a8bcc

SHA-1:

a0d3683928acf10c01a00fd33892f4f5c83861b3

SHA-256:

c1d89a302f4a85ee7bade9a2bff119b944bf2b516385a639278acccfe381921a

Scanner detections:

1 / 68

Status:

Clean (1 probable false positive detection)

Explanation:

This is mosty likely a false positive detection, the file is probably clean.

Analysis date:

4/27/2024 1:02:09 AM UTC (today)

Scan engine

Detection

Engine version

Trend Micro House Call

TROJ_GEN.F47V0919

7.2.15

File size:

13.9 MB (14,612,600 bytes)

Product version:

5.8.0.0

Original file name:

The Bat! E-Mail Client by Ritlabs

File type:

Executable application (Win32 EXE)

Language:

Language Neutral

Common path:

C:\Program Files\the bat!\thebat.exe

Digital Signature

Signed by:

RITLABS S.R.L.

Authority:

Thawte, Inc.

Valid from:

8/28/2013 2:00:00 AM

Valid to:

9/28/2015 1:59:59 AM

Subject:

CN=RITLABS S.R.L., O=RITLABS S.R.L., L=Chisinau, S=Republic of Moldova, C=MD

Issuer:

CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:

0BE988A027CE523218B9F812CD9D28B7

File PE Metadata

Compilation timestamp:

9/23/2013 6:48:29 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

393216:PllzRdBE/suW42DCYId451SUDG5G7pD9ehlt:oWTwhn

Entry address:

0x8F75B0

Entry point:

55, 8B, EC, 83, C4, F0, B8, DC, 21, CF, 00, E8, 1C, 0F, 71, FF, E8, 9B, 63, FE, FF, E8, D6, E3, 70, FF, 8B, C0, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 02, 8D, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 32, 13, 8B, C0, 00, 8D, 40, 00, 00, 8D, 40, 00... 
[+]

Developed / compiled with:

Microsoft Visual C++

Code size:

9 MB (9,397,760 bytes)

Startup File (User Run)

Registry location:

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

thebat_startup

Command:

C:\Program Files\the bat!\thebat.exe

Scan thebat.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.