GridinSoft Threat Intelligence

1c803.exe threat report

Detected as Worm.Autorun File reputation report
MD5 60526283d6355858157a73ed4a5eea5e
Latest seen 2022-02-22 23:58:58 (4 years ago)
First seen 2017-05-24 21:05:34 (9 years ago)
Size 644 KB
Publisher `
Product BDE MSM Configuration Utility

GridinSoft Anti-Malware detection

Detected by GridinSoft before you download

The current ThreatInfo record shows this exact file hash detected as Worm.Autorun. Download GridinSoft Anti-Malware to scan the device, confirm whether this file is present, and remove the detected object if it is found.

Detection name
Worm.Autorun
Recommended action
Scan and remove
Last analysis
2022-02-22 23:58:58 (4 years ago)
File hash
60526283d6355858157a73ed4a5eea5e
Download Anti-Malware

Why it matters

Why GridinSoft flags this file

Detection

GridinSoft identifies the sample as Worm.Autorun, part of the Worm threat category.

Category context

Malware capable of spreading across systems, removable media, or networks. Related Worm reports help compare this file with nearby detections, publishers, and hashes.

Timeline

First seen 2017-05-24 21:05:34 (9 years ago); latest analysis 2022-02-22 23:58:58 (4 years ago).

Publisher context

Company metadata: `. Product metadata: BDE MSM Configuration Utility.

Aliases

This hash has appeared under multiple file names, which can happen with repackaging, bundling, or deliberate renaming.

Observed locations

ThreatInfo has seen this file in user or system paths listed below. Unexpected locations increase the need for local verification.

Recommended action

What to do next

  1. Compare the MD5 above with the file found on the device.
  2. Check whether the file appears in the observed locations or under one of the alternate names.
  3. Run GridinSoft Anti-Malware to confirm the detection and remove the file if it is present. Review the Worm category for related samples and common context.

File context

1c803.exe is a Windows file recorded in the ThreatInfo database. It is associated with BDE MSM Configuration Utility. The reported company name is `. The current detection status is Worm.Autorun, based on the latest analysis from 2022-02-22 23:58:58 (4 years ago). ThreatInfo groups this verdict with Worm reports for broader family-level investigation.

If 1c803.exe appears on your computer unexpectedly, treat it as suspicious. Check its location, digital signature, and recent system changes before allowing it to run. A full anti-malware scan is recommended when this file is detected as Worm.Autorun.

File Details

Product Name: BDE MSM Configuration Utility
Company Name: `
MD5: 60526283d6355858157a73ed4a5eea5e
Size: 644 KB
First Published: 2017-05-24 21:05:34 (9 years ago)
Latest Published: 2022-02-22 23:58:58 (4 years ago)
Status: Worm.Autorun (on last analysis)
Analysis Date: 2022-02-22 23:58:58 (4 years ago)

Detection screenshot

1c803.exe detection screenshot

The screenshot is a visual record of a GridinSoft Anti-Malware detection for this sample. Use the hash and metadata above as the primary identifiers when comparing the file on your system.

Common Places:

%sysdrive%\windows
%localappdata%\temp
%profile%\dministrator\desktop\new folder
%profile%\hahed1\desktop
%sysdrive%\360sandbox\shadow\windows
%desktop%\a
%windir%
%desktop%
%sysdrive%
%sysdrive%\kljiiooiiiiiiiiii

ThreatInfo has observed 1c803.exe in the locations listed above. Files found in temporary folders, user profile folders, startup locations, or unusual application directories should be reviewed more carefully than files installed under a known program directory.

File Names:

265 observed names
@gl_data.exe @Playlists.exe @mms.exe @bgsr_1.exe Cache.exe 6442172.exe o675785.exe @wcache.exe d8b47.exe 27x55.exe 25a78.exe d666a.exe support.exe 121a9.exe a6e67.exe e89cx.exe a96a1.exe 22824.exe 61b32.exe 35657.exe ALIDVRS2.exe c9817.exe 8a4e8.exe VIDEO_TS.exe book 6.exe 52c8d.exe a11ac.exe 68166.exe a62e9.exe dc554.exe 9d135.exe e8e80.exe a9a62.exe 4ce0x.exe 0dae1.exe 17cc6.exe c88a8.exe 8x2x5.exe ax2ba.exe a09b8.exe 58dee.exe a9555.exe 6a136.exe d2767.exe 21b85.exe x778d.exe dc9e9.exe 0d0b6.exe beca8.exe 86ebe.exe c52cd.exe e4x22.exe 33331.exe 2e3ed.exe 1ebde.exe a41c3.exe 34c75.exe e35d2.exe 9053d.exe de95b.exe 8ac5d.exe c917c.exe 6455505.exe [BOOT].exe Boot.exe WXPE.exe MiniPE.exe a49a3.exe d8xe3.exe ab7ea.exe 6c3cb.exe 6d21e.exe n.exe 55062.exe 8a93b.exe 4ex56.exe 8d475.exe 141b4.exe Baaghi 2016.exe New folder (6).exe xb251.exe Ki and Ka 2016.exe 7x62d.exe Hawaizaada 2015.exe Baadshaho_2017.exe Ashoka.The.Great.2001.exe Force-2011.exe Junooniyat.2016.exe da598.exe 9b179.exe 8b975.exe 46ce7.exe the stoning.of.soraya,1.2.exe 85115.exe bc464.exe update.exe 7d055.exe 7b6de.exe 5xaa4.exe albumthumbs.exe NVIDIA.GeForce.Experience.3.2.2.49.exe 6426877.exe Nvidia.PhysX.9.16.0318.exe New folder (2).exe 4205e.exe x3b41.exe b3ede.exe 5457e.exe 9398d.exe 5xxd2.exe d174d.exe 2xb5c.exe 6483330.exe 6440361.exe xb74b.exe 4aa69.exe 4e3ea.exe 8c6c4.exe 268x9.exe d74db.exe 6426674.exe 7c04e.exe bb45c.exe A0033541.exe 45b4d.exe A0033540.exe 1x364.exe A0033539.exe 876dd.exe 81ccd.exe 429bx.exe 1625e.exe c7d40.exe 5e775.exe 9db93.exe New folder (24).exe $R1F50IN.exe Sortme.exe New folder (34).exe bashga.exe ce01e.exe $RV11YMS.exe New folder (35).exe 1d43c.exe 32542.exe db89e.exe bc1de.exe 0b5ed.exe b12e4.exe 72dd6.exe 6450406.exe AutoCAD-Farsi-Font-Collection[www.pars-disa.ir].exe remix.exe remix 950625.exe 6460748.exe Hamed Homayoun - Single 128.exe 13960407.exe shaaaad.exe Tlm.exe band.exe ggadid.exe LOST.DIR.exe borede.exe ali takta.exe 6455580.exe hirad.exe capture.exe xdxxxxx.exe jadid.exe dj.exe armin.exe KHOSHKELE_SHEMROUN.exe REMEX.exe PVRS.exe MASTI.exe bani.exe Ali Takta - Sali Be Sali (128).exe 6470884.exe 6433857.exe FILM JADID.exe bx11x.exe 0e53d.exe 36965.exe 75d84.exe 6428616.exe ea9eb.exe Game Of Thrones - Season 3 (2013).exe Game Of Thrones - Season 1 (2011).exe Game Of Thrones - Season 2 (2012).exe 8aa97.exe New folder (3).exe 6404110.exe cb755.exe de97e.exe ea704.exe 957ca.exe d4ae8.exe 5bb7b.exe 97-3-7.exe 26392.exe 86c84.exe c50a2.exe e96ca.exe b4de1.exe bx4e1.exe 0e81e.exe 826bx.exe 433a1.exe 35362.exe dc40e.exe 8c4de.exe cb8ec.exe 8ccbd.exe 4d89e.exe 89bb5.exe c7d38.exe 72x40.exe b145e.exe SanDiskSecureAccess Settings.exe evim sensin.exe MathType.exe 6452730.exe Learning GAMS.exe 1.exe eebba.exe 830be.exe 17d7c.exe 6454081.exe Android.exe DCIM(1).exe DCIM.exe Android(3).exe 6431117.exe Android(2).exe Android(1).exe .android_secure.exe .sys_id.exe .backups.exe .TypeGraphi.exe .SHAREit.exe .CVRecorder.exe .dnl2dapk.exe 55075.exe 16b67.exe a12ed.exe 68e02.exe a7321.exe 966de.exe d5aec.exe exabd.exe a16ae.exe 23433.exe eedd4.exe $R69ER4R.exe GridinSoft.Anti-Malware.4.0.14.234.exe 59687.exe 1a269.exe 50b22.exe 11704.exe 5ac8a.exe 1b96c.exe eb6b6.exe 3aad4.exe 5bc22.exe 1c803.exe

This hash has been seen with multiple file names. Alternate names can appear when software is updated, copied between folders, packed by an installer, or deliberately renamed to avoid recognition. Compare the exact MD5 above before assuming two names refer to the same file.

Geographic signal

Observed country distribution

ThreatInfo has seen 1c803.exe across 4 countries. Use this signal to compare local evidence with where the sample is most often reported.

Top country Iran, Islamic Republic of
Share 97.2%
Low High activity

The strongest geographic signal for this file is Iran, Islamic Republic of with 97.2% of observed hits. Geographic distribution can help identify targeted campaigns, regional software bundles, or where a file is most commonly reported.

OS Version:

Windows 7 65.4%
Windows 8.1 12.4%
Windows XP 12.0%
Windows 8 7.3%
Windows 10 3.0%

The most common operating system signal for 1c803.exe is Windows 7 with 65.4% of observed hits. If your system differs from the common profile, check whether the file was introduced by a specific installer, archive, or removable device.

Analysis

1c803.exe is identified as pe for 32-bit systems. The subsystem is Windows GUI. PE header values are useful for triage, especially when they do not match the expected publisher, product, or release timeline.

Format pe
Architecture 32-bit
Subsystem Windows GUI
Entry point 0x00003584
Image base 0x00400000

PE Sections:

Sections 3
Raw data 655360

Section layout highlights raw-size concentration, repeated names, packer markers, and hashes that can be compared across related samples.

.text 196608 bytes · 30.0% of section data
MD5 fbd925f26b1500aa0cffc8b0cf255a17
.data 4096 bytes · 0.6% of section data
MD5 620f0b67a91f7f74151bc5be745b7110
.rsrc 454656 bytes · 69.4% of section data
MD5 d52cfa1715f2b5ad82e987c5c8a1f6a3

PE section names and hashes can reveal packing, injected resources, or unusual build artifacts. Sections with uncommon names, very large raw data, or hashes that differ from a trusted copy deserve additional review.

Report conclusion

GridinSoft detects this file as Worm.Autorun

This report identifies 1c803.exe by MD5 60526283d6355858157a73ed4a5eea5e. It is part of the Worm report group. If the same file is present on your device, scan the system and remove the detected object after confirming the hash and location.

Download GridinSoft Anti-Malware Scan the device and confirm whether this exact hash is present. Check this hash on VirusTotal

Recommended next steps

  • Compare the local file MD5 with 60526283d6355858157a73ed4a5eea5e.
  • Check the file path, publisher, and signature against the details in this report.
  • Run a GridinSoft scan and remove the object if the same hash is found. Use the Worm category to compare similar reports.