home

heidisql.exe

The executable heidisql.exe has been detected as malware by 7 anti-virus scanners. This file is typically installed with the program HeidiSQL by Ansgar Becker. While running, it connects to the Internet address heidisql.com on port 80 using the HTTP protocol.
MD5:
248804b207e4f1103b761b83b1ab0e53

SHA-1:
37404f6ccb70440af15e0a729d12222a9a260dd6

SHA-256:
b49f40e4c1a77f55e50d27aa82cebc0e36631605e52b48f7baf777c6c4935b75

Scanner detections:
7 / 68

Status:
Malware

Analysis date:
12/26/2024 10:48:18 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Symmi.56852
495

Arcabit
Trojan.Symmi.DDE14
1.0.0.567

Bitdefender
Gen:Variant.Symmi.56852
1.0.20.1355

F-Secure
Gen:Variant.Symmi.56852
11.2015-28-09_2

G Data
Gen:Variant.Symmi.56852
15.9.25

MicroWorld eScan
Gen:Variant.Symmi.56852
16.0.0.813

Rising Antivirus
PE:Malware.RDM.46!5.34[F1]
23.00.65.15926

File size:
8.7 MB (9,075,255 bytes)

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\heidisql\heidisql.exe

File PE Metadata
Compilation timestamp:
8/8/2015 5:43:05 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
98304:bx7RAYapaHG0E5OezpoTZvRej5uNAaldH+Z8yZjif2jFr:d7RUpaHq5/Fcv/08sjX

Entry address:
0x581840

Entry point:
55, 8B, EC, 83, C4, EC, 33, C0, 89, 45, EC, B8, BC, 33, 97, 00, E8, 7B, E1, A8, FF, 33, C0, 55, 68, E6, 19, 98, 00, 64, FF, 30, 64, 89, 20, A1, E0, 45, 99, 00, 66, C7, 40, 06, 2D, 00, A1, E0, 45, 99, 00, 66, C7, 40, 08, 3A, 00, A1, E0, 45, 99, 00, 83, C0, 0C, BA, 00, 1A, 98, 00, E8, E1, 8D, A8, FF, A1, E0, 45, 99, 00, 83, C0, 20, BA, 24, 1A, 98, 00, E8, CF, 8D, A8, FF, B2, 01, A1, 50, 00, 77, 00, E8, 17, 98, DF, FF, 8B, 15, 68, 3F, 99, 00, 89, 02, 68, 38, 1A, 98, 00, E8, 85, 35, A9, FF, 8B, 15, 78, 40, 99...
 
[+]

Developed / compiled with:
Microsoft Visual C++

Code size:
5.5 MB (5,768,704 bytes)

The file heidisql.exe has been discovered within the following program.

HeidiSQL  by Ansgar Becker
www.heidisql.com
About 1% of users remove it
 
Powered by Should I Remove It?

The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):
Connects to heidisql.com  (83.169.8.248:80)

Remove heidisql.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.