GridinSoft Threat Intelligence

ledger_wallet_ripple.exe threat report

Detected as Trojan.Heur! File reputation report

» File
File Details
Overview
Analysis

Status Trojan.Heur!

Identity f0bc77a5c996477875e03f64c2478f3c

Source GridinSoft ThreatInfo

MD5 f0bc77a5c996477875e03f64c2478f3c

Latest seen 2026-05-21 07:00:53 (14 hours ago)

First seen 2026-05-21 07:00:53 (14 hours ago)

Size 240 MB

Publisher Ledger

Product Ledger Wallet Ripple

Signed by Developer ID Application: Epic Dream SAS (X6LFS5BQKN)

Analyst brief

What this report says

GridinSoft Anti-Malware detects ledger_wallet_ripple.exe as Trojan.Heur!. The sample was last observed on 2026-05-21 07:00:53 (14 hours ago) and reports publisher metadata associated with Ledger / Ledger Wallet Ripple.

This page combines the detection verdict with file identity, publisher metadata, alternate names, observed paths, geography, OS signals, and PE details so the report reads as a triage record rather than a standalone download page.

GridinSoft Anti-Malware detection

Detected by GridinSoft before you download

The current ThreatInfo record shows this exact file hash detected as Trojan.Heur!. Download GridinSoft Anti-Malware to scan the device, confirm whether this file is present, and remove the detected object if it is found.

Detection name: Trojan.Heur!
Recommended action: Scan and remove
Last analysis: 2026-05-21 07:00:53 (14 hours ago)
File hash: f0bc77a5c996477875e03f64c2478f3c

Download Anti-Malware

Why it matters

Why GridinSoft flags this file

Detection

GridinSoft identifies the sample as Trojan.Heur!.

Timeline

First seen 2026-05-21 07:00:53 (14 hours ago); latest analysis 2026-05-21 07:00:53 (14 hours ago).

Publisher context

Company metadata: Ledger. Product metadata: Ledger Wallet Ripple.

Digital signature

Signed by Developer ID Application: Epic Dream SAS (X6LFS5BQKN). The signature is reported as valid, but signed files can still be bundled or abused.

Observed locations

ThreatInfo has seen this file in user or system paths listed below. Unexpected locations increase the need for local verification.

Recommended action

What to do next

Compare the MD5 above with the file found on the device.
Check whether the file appears in the observed locations or under one of the alternate names.
Run GridinSoft Anti-Malware to confirm the detection and remove the file if it is present.

File context

ledger_wallet_ripple.exe is a Windows file recorded in the ThreatInfo database. It is associated with Ledger Wallet Ripple. The reported company name is Ledger. The current detection status is Trojan.Heur!, based on the latest analysis from 2026-05-21 07:00:53 (14 hours ago).

If ledger_wallet_ripple.exe appears on your computer unexpectedly, treat it as suspicious. Check its location, digital signature, and recent system changes before allowing it to run. A full anti-malware scan is recommended when this file is detected as Trojan.Heur!.

File Details

Main Info:

Product Name:	Ledger Wallet Ripple
Company Name:	Ledger
MD5:	f0bc77a5c996477875e03f64c2478f3c
Size:	240 MB
First Published:	2026-05-21 07:00:53 (14 hours ago)
Latest Published:	2026-05-21 07:00:53 (14 hours ago)

Analysis:

Status:	Trojan.Heur! (on last analysis)
Analysis Date:	2026-05-21 07:00:53 (14 hours ago)

Detection screenshot

The screenshot is a visual record of a GridinSoft Anti-Malware detection for this sample. Use the hash and metadata above as the primary identifiers when comparing the file on your system.

Overview

Digital Signature

Signed By:	Developer ID Application: Epic Dream SAS (X6LFS5BQKN)
Status:	Valid

The signature on ledger_wallet_ripple.exe is reported as valid. A valid signature helps confirm publisher identity, but it does not automatically make the file safe if the installer was bundled, abused, or downloaded from an untrusted source.

Common Places:

%profile%\mon drive\bitcoin

%sysdrive%\mon drive\bitcoin (3)

ThreatInfo has observed ledger_wallet_ripple.exe in the locations listed above. Files found in temporary folders, user profile folders, startup locations, or unusual application directories should be reviewed more carefully than files installed under a known program directory.

Geographic signal

Observed country distribution

ThreatInfo has seen ledger_wallet_ripple.exe across 1 countries. Use this signal to compare local evidence with where the sample is most often reported.

Top country Réunion

Share 100.0%

Low High activity

The strongest geographic signal for this file is Réunion with 100.0% of observed hits. Geographic distribution can help identify targeted campaigns, regional software bundles, or where a file is most commonly reported.

OS Version:

Windows 10 100.0%

The most common operating system signal for ledger_wallet_ripple.exe is Windows 10 with 100.0% of observed hits. If your system differs from the common profile, check whether the file was introduced by a specific installer, archive, or removable device.

Analysis

PE Info:

ledger_wallet_ripple.exe is identified as pe for 64-bit systems. The subsystem is Windows GUI. PE header values are useful for triage, especially when they do not match the expected publisher, product, or release timeline.

Format pe

Architecture 64-bit

Subsystem Windows GUI

Entry point 0x00070830

Image base 0x0000000140000000

PE Sections:

Sections 10

Raw data 252388864

Section layout highlights raw-size concentration, repeated names, packer markers, and hashes that can be compared across related samples.

.text 802816 bytes · 0.3% of section data

MD5 37fac8ed1de51c4b68e5a9066b0093ff

.rdata 195072 bytes · 0.1% of section data

MD5 c87a4e8a6c98132edf41630f72a2fc7a

.data 5120 bytes · 0.0% of section data

MD5 c3b2da4cb83d42a172128f3018d8c3aa

.pdata 43520 bytes · 0.0% of section data

MD5 88eceaff1db00549fc3180849f1fc806

.didat 512 bytes · 0.0% of section data

Uncommon name

MD5 6e231d832d716efe69b73747fb2dba92

.tls 512 bytes · 0.0% of section data

MD5 1f354d76203061bfdd5a53dae48d5435

.rsrc 397824 bytes · 0.2% of section data

MD5 0961ab3079f311a121c8bd992f52824b

.reloc 6144 bytes · 0.0% of section data

MD5 12c16a11f7302288c3f8ab3e9c19e0a4

.enigma1 250355712 bytes · 99.2% of section data

Large raw data Uncommon name

MD5 9510212054c35bb4f0bd92bddbcf0f9c

.enigma2 581632 bytes · 0.2% of section data

Uncommon name

MD5 758d436d1a37cef8bb8353f4c64e44ca

PE section names and hashes can reveal packing, injected resources, or unusual build artifacts. Sections with uncommon names, very large raw data, or hashes that differ from a trusted copy deserve additional review.

Report conclusion

GridinSoft detects this file as Trojan.Heur!

This report identifies ledger_wallet_ripple.exe by MD5 f0bc77a5c996477875e03f64c2478f3c. If the same file is present on your device, scan the system and remove the detected object after confirming the hash and location.

Download GridinSoft Anti-Malware Scan the device and confirm whether this exact hash is present. Check this hash on VirusTotal

Recommended next steps

Compare the local file MD5 with f0bc77a5c996477875e03f64c2478f3c.
Check the file path, publisher, and signature against the details in this report.
Run a GridinSoft scan and remove the object if the same hash is found.