| Architecture |
IMAGE_FILE_MACHINE_AMD64
|
| Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
| Compilation Date |
2026-Apr-10 09:53:45
|
| Comments |
Kerish Disk Health
|
| CompanyName |
Kerish Products LLP
|
| FileDescription |
Kerish Disk Health
|
| FileVersion |
1.0.0.0
|
| InternalName |
KerishDiskHealth64.exe
|
| LegalCopyright |
© 2005-2026, Kerish Products LLP
|
| LegalTrademarks |
|
| OriginalFilename |
KerishDiskHealth64.exe
|
| ProductName |
Kerish Disk Health
|
| ProductVersion |
1.0.0.0
|
| Assembly Version |
1.0.0.0
|
| Info |
Interesting strings found in the binary: |
Contains domain names:
- enigmaprotector.com
- https://enigmaprotector.com
|
| Suspicious |
The PE is possibly packed. |
Unusual section name found:
Section is both writable and executable.
Unusual section name found:
Section is both writable and executable.
Unusual section name found:
Section is both writable and executable.
Unusual section name found:
Section is both writable and executable.
|
| Info |
The PE contains common functions which appear in legitimate applications. |
[!] The program may be hiding some of its imports:
- GetProcAddress
- LoadLibraryA
Can access the registry:
Possibly launches other programs:
|
| Info |
The PE is digitally signed. |
Signer: KERISH PRODUCTS LLP
Issuer: GlobalSign GCC R45 EV CodeSigning CA 2020
|
| Suspicious |
VirusTotal score: 2/71 (Scanned on 2026-06-09 06:16:20) |
Cylance:
Unsafe
McAfeeD:
ti!7F6F8BEB11A8
|
| MD5 |
0d766e1d2bc7f2ad5811ba839dd90f16
|
| SHA1 |
b8c43a680db7991d80bc73215d546f3a92c38522
|
| SHA256 |
7f6f8beb11a80c2df908454a77218e145326e961cfd9152295a708b15122022f
|
| SHA3 |
44952992e0f08c133ec52e2d17e890bfe2028c83efed4b2ccedc6195ce1be7a6
|
| SSDeep |
49152:cCxlpsG7qDggMNAoJU1aNEfakU1lc6tdIofWvGIpcGQM/DYOSr/FZn0ZW6B6cbzl:J/1hXBEBU1lRp+eIOGjYO+0bcconVVW
|
| Imports Hash |
9dc580b98fdc55e0bc3b6c6f01e8c0c2
|
| e_magic |
MZ
|
| e_cblp |
0x90
|
| e_cp |
0x3
|
| e_crlc |
0
|
| e_cparhdr |
0x4
|
| e_minalloc |
0
|
| e_maxalloc |
0xffff
|
| e_ss |
0
|
| e_sp |
0xb8
|
| e_csum |
0
|
| e_ip |
0
|
| e_cs |
0
|
| e_ovno |
0
|
| e_oemid |
0
|
| e_oeminfo |
0
|
| e_lfanew |
0x80
|
| Signature |
PE
|
| Machine |
IMAGE_FILE_MACHINE_AMD64
|
| NumberofSections |
5
|
| TimeDateStamp |
2026-Apr-10 09:53:45
|
| PointerToSymbolTable |
0
|
| NumberOfSymbols |
0
|
| SizeOfOptionalHeader |
0xf0
|
| Characteristics |
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
|
| Magic |
PE32+
|
| LinkerVersion |
80.0
|
| SizeOfCode |
0x110600
|
| SizeOfInitializedData |
0x12c00
|
| SizeOfUninitializedData |
0
|
| AddressOfEntryPoint |
0x0000000001155D1C (Section: )
|
| BaseOfCode |
0x2000
|
| ImageBase |
0x140000000
|
| SectionAlignment |
0x2000
|
| FileAlignment |
0x200
|
| OperatingSystemVersion |
4.0
|
| ImageVersion |
0.0
|
| SubsystemVersion |
6.0
|
| Win32VersionValue |
0
|
| SizeOfImage |
0x115a000
|
| SizeOfHeaders |
0x2000
|
| Checksum |
0x3949d7
|
| Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
| DllCharacteristics |
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
|
| SizeofStackReserve |
0x800000
|
| SizeofStackCommit |
0x8000
|
| SizeofHeapReserve |
0x200000
|
| SizeofHeapCommit |
0x4000
|
| LoaderFlags |
0
|
| NumberOfRvaAndSizes |
16
|
| MD5 |
d547a1f7b7fd4a9d600d623c66aaec2d
|
| SHA1 |
b25ef4949798e517be2ab92abed0367830634f94
|
| SHA256 |
3f0cbf7c07c3dbc82fe018c07afb9a8032df93ab93edb88183b12290f71a8e73
|
| SHA3 |
82f33331b0de2c1c267a4a897309aeb16d4fc15c1f7129924591f6e60865187c
|
| VirtualSize |
0x112000
|
| VirtualAddress |
0x2000
|
| SizeOfRawData |
0x58a00
|
| PointerToRawData |
0x2000
|
| PointerToRelocations |
0
|
| PointerToLineNumbers |
0
|
| NumberOfLineNumbers |
0
|
| NumberOfRelocations |
0
|
| Characteristics |
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
|
| Entropy |
7.99953
|
| MD5 |
d41d8cd98f00b204e9800998ecf8427e
|
| SHA1 |
da39a3ee5e6b4b0d3255bfef95601890afd80709
|
| SHA256 |
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
|
| SHA3 |
a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a
|
| VirtualSize |
0x14000
|
| VirtualAddress |
0x114000
|
| SizeOfRawData |
0
|
| PointerToRawData |
0x5aa00
|
| PointerToRelocations |
0
|
| PointerToLineNumbers |
0
|
| NumberOfLineNumbers |
0
|
| NumberOfRelocations |
0
|
| Characteristics |
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
|
| MD5 |
f87d8e8dbe2906d45f516ee126d7ca15
|
| SHA1 |
9642f4fe6d72347276bb49811efdeae5df9ab961
|
| SHA256 |
85ca1be70937e84f2631be58d3b029fdb7455546c82d59ffe88b9b87a69a6ad8
|
| SHA3 |
689dec3bdcfd9eca5691b271e293b05d50443b9b78c17ae665dde3da700092bf
|
| VirtualSize |
0x14000
|
| VirtualAddress |
0x128000
|
| SizeOfRawData |
0x12c00
|
| PointerToRawData |
0x5aa00
|
| PointerToRelocations |
0
|
| PointerToLineNumbers |
0
|
| NumberOfLineNumbers |
0
|
| NumberOfRelocations |
0
|
| Characteristics |
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
|
| Entropy |
5.96976
|
| MD5 |
929a9cc7b4ab481eacc2af6453e44648
|
| SHA1 |
0f052d7a5fa41c6ab66b37ad358e9e1427a25f92
|
| SHA256 |
4087794d2e45fdb4526bef5f15700666e33fc4ced2e999b2500ca579f3234b4c
|
| SHA3 |
55c79b4039156f6063f4fc99130382723ce839b18b4702b8d4239a142a685646
|
| VirtualSize |
0xcfa000
|
| VirtualAddress |
0x13c000
|
| SizeOfRawData |
0x200
|
| PointerToRawData |
0x6d600
|
| PointerToRelocations |
0
|
| PointerToLineNumbers |
0
|
| NumberOfLineNumbers |
0
|
| NumberOfRelocations |
0
|
| Characteristics |
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
|
| Entropy |
0.601538
|
| MD5 |
344560070c4923cb6a8a5fc1b0297c6f
|
| SHA1 |
48079426cbf3c860a76ddb675bf99a4d6d6915ba
|
| SHA256 |
2e4145e33069afdcdfb1146068bbf42f0fced02241f75f17faf4c0bd8e350183
|
| SHA3 |
a94cc62bc5f69ff1c6e62a017fff6127865d6110f4d38461e38fd75875ef74f0
|
| VirtualSize |
0x324000
|
| VirtualAddress |
0xe36000
|
| SizeOfRawData |
0x322a00
|
| PointerToRawData |
0x6d800
|
| PointerToRelocations |
0
|
| PointerToLineNumbers |
0
|
| NumberOfLineNumbers |
0
|
| NumberOfRelocations |
0
|
| Characteristics |
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
|
| Entropy |
7.96959
|
| kernel32.dll |
GetModuleHandleA
GetProcAddress
ExitProcess
LoadLibraryA
|
| user32.dll |
MessageBoxA
|
| advapi32.dll |
RegCloseKey
|
| oleaut32.dll |
SysFreeString
|
| gdi32.dll |
CreateFontA
|
| shell32.dll |
ShellExecuteA
|
| version.dll |
GetFileVersionInfoA
|
| ole32.dll |
OleInitialize
|
| Type |
RT_ICON
|
| Language |
UNKNOWN
|
| Codepage |
UNKNOWN
|
| Size |
0x2e8
|
| TimeDateStamp |
1980-Jan-01 00:00:00
|
| Entropy |
3.9016
|
| MD5 |
045ae7c6c2ac2ca18cf56b41af874142
|
| SHA1 |
f1b1ab23dad40618c94ef6cecdc49eff7171ec07
|
| SHA256 |
32a0862e391a13e8046894a5bf558e6cf0d9c0db1cba75d454f3011864768320
|
| SHA3 |
6feb7bf821a56d0aef264271e0b5774fb1719b9cd54b042536740438d1d9caab
|
| Type |
RT_ICON
|
| Language |
UNKNOWN
|
| Codepage |
UNKNOWN
|
| Size |
0x128
|
| TimeDateStamp |
1980-Jan-01 00:00:00
|
| Entropy |
3.35361
|
| MD5 |
b3509b2f79f00b979d88a8e365879a2b
|
| SHA1 |
9c521c8d1ae97a2eec74ac4a7e0dbab6da6d663c
|
| SHA256 |
2a128ef2f80f76418d1640b04569b61ffe6b98eec7b9f0e7fe90ac6e51e3f72f
|
| SHA3 |
6c02722eb798162dc86f391ad250c9102ae53aad9767e3a8204e18c2443750d8
|
| Type |
RT_ICON
|
| Language |
UNKNOWN
|
| Codepage |
UNKNOWN
|
| Size |
0xea8
|
| TimeDateStamp |
1980-Jan-01 00:00:00
|
| Entropy |
4.89194
|
| MD5 |
1c76e10aa5eabb12ea7b77eca69edb97
|
| SHA1 |
2c7a846e4ff76f33bf6d13b533284a18906a43bd
|
| SHA256 |
f6b877a470cdcc87738160cad6d4ff21f5bfc9e0bf4232012cb151a3345a8932
|
| SHA3 |
7b1e5eb9d9561855628120d76c8e83e50fb3b67904cbeabfce27de141ecfb6a8
|
| Type |
RT_ICON
|
| Language |
UNKNOWN
|
| Codepage |
UNKNOWN
|
| Size |
0x8a8
|
| TimeDateStamp |
1980-Jan-01 00:00:00
|
| Entropy |
5.57344
|
| MD5 |
8e2575fd95e4db11ccd54a73b1b60f0b
|
| SHA1 |
c86f21fca88f49691497f9b31377a51dc414202b
|
| SHA256 |
7365524b05c573418f4b5b7122b840a64360352d822ce6f0127ba13f9da8db7c
|
| SHA3 |
c0e1fd2c10806c3e7fb61fbf34b42688ebd3a307fd3d9d26121f9882d52b4f6b
|
| Type |
RT_ICON
|
| Language |
UNKNOWN
|
| Codepage |
UNKNOWN
|
| Size |
0x568
|
| TimeDateStamp |
1980-Jan-01 00:00:00
|
| Entropy |
5.24773
|
| MD5 |
26190665482a00ad9b3d563be6f5f8ab
|
| SHA1 |
24c39610c883c1f48734c26bf3e6bf9cc9938ca9
|
| SHA256 |
7e0a9ef4f0ed5d7f1fef6b2fd568c6f6a3e1406c3e420dc96820d4f2547faa9e
|
| SHA3 |
674b64e8e7d7bad81a3555fee13c80a24d9b58b7316def193ae5377904b157be
|
| Type |
RT_ICON
|
| Language |
UNKNOWN
|
| Codepage |
UNKNOWN
|
| Size |
0x49f5
|
| TimeDateStamp |
1980-Jan-01 00:00:00
|
| Entropy |
7.95123
|
| Detected Filetype |
PNG graphic file
|
| MD5 |
2e53b326026cd4fa4ecf013cc974160e
|
| SHA1 |
2e323390493628f0601536e020c516a9e9d8c6da
|
| SHA256 |
ababae7e73e3b6f97f0ff12e3ff868674788ab13bdfb6e5392ed48832d50a0e8
|
| SHA3 |
983204d6e272efc46c95a97769fc4530e103d977961760a37347df1fe637cefd
|
| Type |
RT_ICON
|
| Language |
UNKNOWN
|
| Codepage |
UNKNOWN
|
| Size |
0x4228
|
| TimeDateStamp |
1980-Jan-01 00:00:00
|
| Entropy |
3.92358
|
| MD5 |
6c60e008d9dadd71d3f40c99a5c8bc1f
|
| SHA1 |
d2a8b321da223e69660b93558661e1c79de71513
|
| SHA256 |
c0befe7dab0d610b24b05aba320acbe3fcae20ec797094f2477b727d5e4e0254
|
| SHA3 |
8da75ea3d56e12c979fd8ce76d15481c675a462df919475da965bd49a3ea4e18
|
| Type |
RT_ICON
|
| Language |
UNKNOWN
|
| Codepage |
UNKNOWN
|
| Size |
0x25a8
|
| TimeDateStamp |
1980-Jan-01 00:00:00
|
| Entropy |
4.16613
|
| MD5 |
00c9ec25584db4da52db9a9a0d54c64a
|
| SHA1 |
0c2d6627230adc86bc6e57e35d6acdc40d218cd5
|
| SHA256 |
de505eddbfc54ee8477fee02f1ee972d46e39965c779fde3bea57f4fe1ef1138
|
| SHA3 |
2f4db0d71b40054856c9d15c1b1c3a047e39edaf872443e5ae5e61db0d48c02d
|
| Type |
RT_ICON
|
| Language |
UNKNOWN
|
| Codepage |
UNKNOWN
|
| Size |
0x1a68
|
| TimeDateStamp |
1980-Jan-01 00:00:00
|
| Entropy |
4.35613
|
| MD5 |
bda90db63b9460d7e7d70d253f6ea549
|
| SHA1 |
71a0185a8d21b74393170740feea9156277f2d59
|
| SHA256 |
226105b6d4fb253b998396a40a2ed64ed047b8fb00adcc71779a04baeb0be753
|
| SHA3 |
0ed505d8b5b3ce87e849c3ccd4176d01b289e4c3c009673c1e6f25b8ead5e6c5
|
| Type |
RT_ICON
|
| Language |
UNKNOWN
|
| Codepage |
UNKNOWN
|
| Size |
0x10a8
|
| TimeDateStamp |
1980-Jan-01 00:00:00
|
| Entropy |
4.67295
|
| MD5 |
5c635fa6d5ffc81a41d75f1c13119098
|
| SHA1 |
dbdcc96525cbf158b472ea23033ce4f76bb13efc
|
| SHA256 |
7db43fea29d0e50bd2b80a647dc9dcc1056240b17ea5d2a64602e2a3251aaf4b
|
| SHA3 |
047db5b16c3a404aee2cd65ce72567a816901146aae1d495559f963ab4bef2c5
|
| Type |
RT_ICON
|
| Language |
UNKNOWN
|
| Codepage |
UNKNOWN
|
| Size |
0x988
|
| TimeDateStamp |
1980-Jan-01 00:00:00
|
| Entropy |
5.13751
|
| MD5 |
c715b50ec46392ead8091cccabc99da9
|
| SHA1 |
e73ceca50a3e8f1f591d5356bc381da2ef50b0bb
|
| SHA256 |
84baf9b6548ce399a95c2aa36d918b5d04ae19b0fd4c7a9d87080c5e98ea4a5c
|
| SHA3 |
20e268fcb55e68027c0ff7a6c5973201e9434cba5a1ecd0cadc0dc1f7711f7b2
|
| Type |
RT_ICON
|
| Language |
UNKNOWN
|
| Codepage |
UNKNOWN
|
| Size |
0x6b8
|
| TimeDateStamp |
1980-Jan-01 00:00:00
|
| Entropy |
5.3728
|
| MD5 |
b2a249a66b00cef46fea6276f13d2ed5
|
| SHA1 |
99722e1c380ef2f19bc7019d77562a73080ee2bc
|
| SHA256 |
2b54f63ed615d69705fc383b88bd7b2ee4da54cb61d2bae2eab5e335ac49cd7a
|
| SHA3 |
2fcdbea7e70ba1ed5da157a1ed146dd71e4864ceeb2ae4d37f76796c6e876346
|
| Type |
RT_ICON
|
| Language |
UNKNOWN
|
| Codepage |
UNKNOWN
|
| Size |
0x468
|
| TimeDateStamp |
1980-Jan-01 00:00:00
|
| Entropy |
5.61149
|
| MD5 |
761f71513280b593cf951b9abdbac7c9
|
| SHA1 |
d216451f07735a07ec5d2f039a08ebee9f606ae7
|
| SHA256 |
7f7ea9bd22644efccb9afe654aeef1f59ac0ddc0b1b7a9c949270bb0b347a792
|
| SHA3 |
c6c53440307fb822aead858ed02ae6253be0e8d25bcaabfbf5b6040409438b6a
|
| Type |
RT_GROUP_ICON
|
| Language |
UNKNOWN
|
| Codepage |
UNKNOWN
|
| Size |
0xbc
|
| TimeDateStamp |
1980-Jan-01 00:00:00
|
| Entropy |
3.11665
|
| Detected Filetype |
Icon file
|
| MD5 |
027eb7f3a0139cbc7bf488341ecdbd31
|
| SHA1 |
442fface49d3e028058b32fc08e6ffd5af90111e
|
| SHA256 |
6ef43b6f701e81aaa8205d5bdbfc58bb56f5ecd53bfed438d13abe1a0a670742
|
| SHA3 |
1b0b79ba633b7bd3f2ba15b6136f093957d7c20981bc4f9fd2c063abcc972331
|
| Type |
RT_VERSION
|
| Language |
UNKNOWN
|
| Codepage |
UNKNOWN
|
| Size |
0x3d4
|
| TimeDateStamp |
1980-Jan-01 00:00:00
|
| Entropy |
3.33711
|
| MD5 |
c4e3bf5e84706999011587d8ab5d2f34
|
| SHA1 |
7a4931cd3bc5f0f768cec6d4ff72210df8dbcbf6
|
| SHA256 |
a18bf866312745edc0298ddde663c67da2dedf14effb336fd358c45508b36863
|
| SHA3 |
62b5e155b70296366b232c16973c6f1a1eb2a2abf52b5abcc2a75ac577bdb464
|
| Type |
RT_MANIFEST
|
| Language |
UNKNOWN
|
| Codepage |
UNKNOWN
|
| Size |
0x10ef
|
| TimeDateStamp |
1980-Jan-01 00:00:00
|
| Entropy |
5.44031
|
| MD5 |
9717c39c888b268e1396b6f9941ecea9
|
| SHA1 |
66e5b70a6270a8b197977dc8be33152ba34c3ff1
|
| SHA256 |
081c261643e77ecad29568655938dfdc95236ea0c0c88708b32c1f799c26dcac
|
| SHA3 |
27f72c04d8532d41fe67e4c76161d495cc2294f06e6a01883fa7e556c38a43cf
|
| Signature |
0xfeef04bd
|
| StructVersion |
0x10000
|
| FileVersion |
1.0.0.0
|
| ProductVersion |
1.0.0.0
|
| FileFlags |
(EMPTY)
|
| FileOs |
VOS_DOS_WINDOWS32
VOS_NT_WINDOWS32
VOS__WINDOWS32
|
| FileType |
VFT_APP
|
| Language |
UNKNOWN
|
| Comments |
Kerish Disk Health
|
| CompanyName |
Kerish Products LLP
|
| FileDescription |
Kerish Disk Health
|
| FileVersion (#2) |
1.0.0.0
|
| InternalName |
KerishDiskHealth64.exe
|
| LegalCopyright |
© 2005-2026, Kerish Products LLP
|
| LegalTrademarks |
|
| OriginalFilename |
KerishDiskHealth64.exe
|
| ProductName |
Kerish Disk Health
|
| ProductVersion (#2) |
1.0.0.0
|
| Assembly Version |
1.0.0.0
|
[!] Error: Could not read the exported DLL name.
[*] Warning: Section has a size of 0!
7f6f8beb11a80c2df908454a77218e145326e961cfd9152295a708b15122022f