$R2NJ0TH.exe threat report

MD5 5efa8287133f51127bb0db0e13edc108
Latest seen 2022-11-26 23:59:51 (3 years ago)
First seen 2017-06-12 17:09:48 (8 years ago)
Size 26 MB
Product Windows 7 Loader Extreme Edition v3

This report summarizes the file identity, detection status, publisher metadata, observed locations, and technical indicators for $R2NJ0TH.exe. ThreatInfo currently classifies this sample as General Threat.

GridinSoft Anti-Malware detection

GridinSoft already detects this file

The latest ThreatInfo record shows $R2NJ0TH.exe detected as General Threat. You can download GridinSoft Anti-Malware to scan the system and remove this detection if the file is present on your device.

Detection name
General Threat
Last analysis
2022-11-26 23:59:51 (3 years ago)
File hash
5efa8287133f51127bb0db0e13edc108
Download Anti-Malware

$R2NJ0TH.exe is a Windows file recorded in the ThreatInfo database. It is associated with Windows 7 Loader Extreme Edition v3. The current detection status is General Threat, based on the latest analysis from 2022-11-26 23:59:51 (3 years ago).

If $R2NJ0TH.exe appears on your computer unexpectedly, treat it as suspicious. Check its location, digital signature, and recent system changes before allowing it to run. A full anti-malware scan is recommended when this file is detected as General Threat.

File Details

Product Name: Windows 7 Loader Extreme Edition v3
MD5: 5efa8287133f51127bb0db0e13edc108
Size: 26 MB
First Published: 2017-06-12 17:09:48 (8 years ago)
Latest Published: 2022-11-26 23:59:51 (3 years ago)
Status: General Threat (on last analysis)
Analysis Date: 2022-11-26 23:59:51 (3 years ago)

Detection screenshot

$R2NJ0TH.exe detection screenshot

The screenshot is a visual record of a GridinSoft Anti-Malware detection for this sample. Use the hash and metadata above as the primary identifiers when comparing the file on your system.

Common Places:

%programfiles%\all activation windows (7-8-10)\all activation\activators\windows 7 loader extreme edition v3.503 (napalum)\w7lxe
%desktop%\up\back up\diversen\all.activation.windows.7-8-10.9.0\all activation windows\all activation\activators\windows 7 loader extreme edition v3.503 (napalum)\w7lxe
%profile%\all activation\activators\windows 7 loader extreme edition v3.503 (napalum)\w7lxe
%profile%\downloads\all.activation.windows.7-8-10-v13.0.windows@amp;office.activator-sadeem\all activation\activators\windows 7 loader extreme edition v3.503 (napalum)\w7lxe
%profile%\downloads\all activation windows 7-8-10 v13\all.activation.windows.7-8-10.v13-p2p\all activation\activators\windows 7 loader extreme edition v3.503 (napalum)\w7lxe
%desktop%\активаторы\activators\windows 7 loader extreme edition v3.503 (napalum)
%desktop%\all activation windows (7-8-10) v10.0\all activation\activators\windows 7 loader extreme edition v3.503 (napalum)\w7lxe
%desktop%\windows 7 loader extreme edition v3.503 (napalum)
%desktop%\documente\windows 7 loader extreme edition v3.503 (napalum).rar\windows 7 loader extreme edition v3.503 (napalum)
%desktop%\windows 10 activation\all activation windows 7-8-10 v12.0 (windows @amp; office activator) [sadeempc]\all activation\activators\windows 7 loader extreme edition v3.503 (napalum)

ThreatInfo has observed $R2NJ0TH.exe in the locations listed above. Files found in temporary folders, user profile folders, startup locations, or unusual application directories should be reviewed more carefully than files installed under a known program directory.

File Names:

w7lxe.exe
reset.exe
w7lxe-3.5.0.3.exe
$R2NJ0TH.exe

This hash has been seen with multiple file names. Alternate names can appear when software is updated, copied between folders, packed by an installer, or deliberately renamed to avoid recognition. Compare the exact MD5 above before assuming two names refer to the same file.

Geography:

29.5%
13.8%
7.1%
3.8%
3.3%
2.9%
2.4%
2.4%
2.4%
1.9%
1.9%
1.9%
1.4%
1.4%
1.4%
1.4%
1.4%
1.0%
1.0%
1.0%
1.0%
1.0%
1.0%
1.0%
1.0%
0.5%
0.5%
0.5%
0.5%
0.5%
0.5%
0.5%
0.5%
0.5%
0.5%
0.5%
0.5%
0.5%
0.5%
0.5%
0.5%
0.5%
0.5%
0.5%
0.5%
0.5%
0.5%
0.5%
0.5%
0.5%

The strongest geographic signal for this file is Russian Federation with 29.5% of observed hits. Geographic distribution can help identify targeted campaigns, regional software bundles, or where a file is most commonly reported.

OS Version:

Windows 10 48.8%
Windows 7 45.0%
Windows 8.1 2.8%
Windows XP 1.9%
Windows Server 2008 R2 0.9%
Windows Server 2012 R2 0.5%

The most common operating system signal for $R2NJ0TH.exe is Windows 10 with 48.8% of observed hits. If your system differs from the common profile, check whether the file was introduced by a specific installer, archive, or removable device.

Analysis

$R2NJ0TH.exe is identified as pe for 32 systems. The subsystem is Windows GUI. PE header values are useful for triage, especially when they do not match the expected publisher, product, or release timeline.

Subsystem: Windows GUI
PE Type: pe
OS Bitness: 32
Image Base: 0x00400000
Entry Address: 0x002af388

PE Sections:

Name Size of data MD5
.text 2799616 1b481dce00ffc91a9066dd4cf7b73dba
.itext 10240 90060f02d75108a9febbcb1748f5072a
.data 120320 92925a50557924f302185ee7f9f80ddf
.bss 0 00000000000000000000000000000000
.idata 19968 f00aea95fd5dc00089aaae5e68b97ff0
.didata 1024 31faf12e037a089e8f014b0465b8ef0a
.tls 0 00000000000000000000000000000000
.rdata 512 dce636932cb2137fdc4ea8c2d8b20888
.reloc 238080 7e3165f8cdc148e158b9f583ab2d9ac8
.rsrc 24945152 3111275c03ae0ea009e6bebaa068b309

PE section names and hashes can reveal packing, injected resources, or unusual build artifacts. Sections with uncommon names, very large raw data, or hashes that differ from a trusted copy deserve additional review.

More information:

Search on Virustotal
Scan with GridinSoft Anti-Malware if this file is present on your device.
copyright for information about $R2NJ0TH.exe