Manalyze report for 28c6539883030f2be813676c5afebb52cbbf60cdbb403a7ab0cd62fb3bf8741d

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2012-Dec-31 00:38:51
Detected languages	Chinese - PRC English - United States Russian - Russia
Comments	æ¹ä¾¿å®ç¨çUSBè®¾å¤ä¸»æ§è¯çè¯å«å·¥å·
CompanyName	æ°ç ä¹å®¶
FileDescription	Uç/MP3ä¸»æ§è¯çè¯å«å·¥å·
LegalCopyright	~~ç¿è½¯å¨çº¿ åææ é~~
LegalTrademarks	åå°æ»¨å·¥ä¸å¤§å¦ç ç©¶çé¢ åå°æ»¨çå·¥å¤§å¦è½¯ä»¶ä¸å¾®çµåå¦é¢
ProductName	Chip Genius
FileVersion	`4.21.0701`
ProductVersion	`4.21.0701`
InternalName	ChipGenius_v4_21_0701
OriginalFilename	ChipGenius_v4_21_0701.exe

Plugin Output

Suspicious	PEiD Signature:	`UPX V2.00-V2.90 -> Markus Oberhumer & Laszlo Molnar & John Reiser` `UPX v2.0 -> Markus, Laszlo & Reiser (h)` `UPX -> www.upx.sourceforge.net` `UPX V2.00-V2.90 -> Markus Oberhumer & Laszlo Molnar & John Reiser`
Suspicious	Strings found in the binary may indicate undesirable behavior:	`May have dropper capabilities: %TEMP%`
Info	Cryptographic algorithms detected in the binary:	`Uses constants related to SHA256`
Suspicious	The PE is packed with UPX	`Unusual section name found: UPX0` `Section UPX0 is both writable and executable.` `Unusual section name found: UPX1` `Section UPX1 is both writable and executable.`
Info	The PE contains common functions which appear in legitimate applications.	`[!] The program may be hiding some of its imports: LoadLibraryA GetProcAddress`
Info	The PE's resources present abnormal characteristics.	`Resource 2 is possibly compressed or encrypted.` `Resource 3 is possibly compressed or encrypted.` `Resource 4 is possibly compressed or encrypted.`
Suspicious	The file contains overlay data.	`257426 bytes of data starting at offset 0x11c00.` `The overlay data has an entropy of 7.99918 and is possibly compressed or encrypted.` `Overlay data amounts for 77.9772% of the executable.`
Malicious	VirusTotal score: 33/72 (Scanned on 2026-01-31 09:11:04)	`AVG: Win32:Malware-gen` `Alibaba: Trojan:Win32/Kryptik.714db7fd` `Antiy-AVL: Trojan/Win32.Agent` `Avast: Win32:Malware-gen` `Avira: TR/Redcap.namuh` `CAT-QuickHeal: Trojan.Ghanarava.1767662280525578` `CTX: exe.trojan.kryptik` `Cylance: Unsafe` `Cynet: Malicious (score: 100)` `DeepInstinct: MALICIOUS` `Elastic: malicious (moderate confidence)` `F-Secure: Trojan.TR/Redcap.blayt` `Fortinet: Riskware/Application` `Google: Detected` `Gridinsoft: Trojan.Win32.Packed.oa!s2` `K7AntiVirus: Trojan ( 0051918e1 )` `K7GW: Trojan ( 0051918e1 )` `Lionic: Trojan.Win32.Generic.4!c` `Malwarebytes: Malware.AI.3632970720` `MaxSecure: Trojan.Malware.119508268.susgen` `McAfeeD: ti!28C653988303` `Microsoft: Trojan:Win32/Kryptik!rfn` `Paloalto: generic.ml` `Panda: Trj/Chgt.AD` `SUPERAntiSpyware: Trojan.Agent/Gen-Kryptik` `Sangfor: Trojan.Win32.Kryptik.V0g5` `Skyhigh: BehavesLike.Win32.Trojan.fc` `Sophos: Mal/Generic-S` `TrellixENS: GenericRXWQ-BS!DA52CE82C0BA` `VBA32: Trojan.Kryptik` `Varist: W32/ABTrojan.IIPY-3388` `Xcitium: Packed.Win32.MUPX.Gen@24tbus` `alibabacloud: Trojan:Win/Kryptik.Gen`

Hashes

MD5	`da52ce82c0ba2351d8b814731d525578`
SHA1	`e17e5ede5aae894754c37d0ccaa6ead6761ffabf`
SHA256	`28c6539883030f2be813676c5afebb52cbbf60cdbb403a7ab0cd62fb3bf8741d`
SHA3	`2edfa4a238249ab8c68c5ce88b6e5ff447b4ed1900a0ffb25674a9eb7b200b84`
SSDeep	`6144:cyvmHjHnJuvoXZ+AP0yRSmQGDa3ed9hsA5XhXr9jBCSpFp5tXLL7FO2xVO:cNjHncoATPwZr5X7VTv0G8`
Imports Hash	`c1f9ea6d51ba4934aeaee8b1f7d283d7`

DOS Header

e_magic	`MZ`
e_cblp	`0x60`
e_cp	`0x1`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x60`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`3`
TimeDateStamp	2012-Dec-31 00:38:51
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_RELOCS_STRIPPED`

Image Optional Header

Magic	`PE32`
LinkerVersion	`8.0`
SizeOfCode	`0x10000`
SizeOfInitializedData	`0x2000`
SizeOfUninitializedData	`0x16000`
AddressOfEntryPoint	`0x00026BC0 (Section: UPX1)`
BaseOfCode	`0x17000`
BaseOfData	`0x27000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`4.0`
ImageVersion	`0.0`
SubsystemVersion	`4.0`
Win32VersionValue	`0`
SizeOfImage	`0x29000`
SizeOfHeaders	`0x1000`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

UPX0

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0x16000`
VirtualAddress	`0x1000`
SizeOfRawData	`0`
PointerToRawData	`0x200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_UNINITIALIZED_DATA` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`

UPX1

MD5	`ee189212e520b4b90ff0afd4986fdcab`
SHA1	`5a411cad27d676777b51fa1f36c581b223fb31c2`
SHA256	`d530d3c9d783285600cc4ba97cb571b6bcc778157530772db32e3fc20c08beae`
SHA3	`2c0d9634987a253169d1937ed93cb08c31140879c3d63e60fa48b539b73a0dbe`
VirtualSize	`0x10000`
VirtualAddress	`0x17000`
SizeOfRawData	`0xfe00`
PointerToRawData	`0x200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`7.9136`

.rsrc

MD5	`9af4d747f78f8982bd39f9e5052b1c51`
SHA1	`d4ddee0bad107bc035332efa414e6e386f3ad97e`
SHA256	`357241377251847fc64819d0318f9743244860b3baf5993907ae5c503cc15057`
SHA3	`bcc075c05f4080c953c5694524eaae61aec10b5151a30d8e7a8234a705e830bc`
VirtualSize	`0x2000`
VirtualAddress	`0x27000`
SizeOfRawData	`0x1c00`
PointerToRawData	`0x10000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`3.69623`

Imports

ADVAPI32.dll	`FreeSid`
COMCTL32.dll	`#17`
GDI32.dll	`DeleteDC`
KERNEL32.DLL	`LoadLibraryA` `ExitProcess` `GetProcAddress` `VirtualProtect`
MSVCRT.dll	`free`
ole32.dll	`CoInitialize`
OLEAUT32.dll	`SysAllocString`
SHELL32.dll	`SHGetMalloc`
USER32.dll	`GetDC`

Delayed Imports

1

Type	`RT_ICON`
Language	Russian - Russia
Codepage	Latin 1 / Western European
Size	`0x10a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.38427`
MD5	`e44cac20dbf43ce5e4a5efc2e5f7ca8a`
SHA1	`e02309934b850d0635183b9c4ac4e16483c0362c`
SHA256	`a3644bcc171989ee8bc0b0b17a9737ff98f4c618dcfbb30bbb2f42c87a8dbece`
SHA3	`205eb4c41fbc05ee2548b5e76b2be65e43db7851d75d392bf9ee80c94afe2651`

2

Type	`RT_ICON`
Language	Russian - Russia
Codepage	Latin 1 / Western European
Size	`0x2e8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.54184`
MD5	`1d0b19525f0bee2b108146595b645460`
SHA1	`1b3a80a77b0097bb826d67cb7b571c2459bcb5ae`
SHA256	`2f1d6044297e3377f6e9c03beb95ad6d8fd6670b3f3970f1393cec8142b57509`
SHA3	`a01d3123298cce779ab5ac92bcc79084c0f36b192273bfdaa7d29d1e650f0d7a`

3

Type	`RT_ICON`
Language	Russian - Russia
Codepage	Latin 1 / Western European
Size	`0x1e8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.47067`
MD5	`a11bbf0ebb6c01dadefe04a878820ef8`
SHA1	`6a91d024ba74d2b88b813a2cde118218c13ba5b1`
SHA256	`fb6f0d37836da365ccc65fa330eaae8a0f118e4e76ebab9c166153e3af0b0902`
SHA3	`b031c8186a3b8a44d645fe207b6b1f76ee3b2d922251f59cad79b6a55936c87d`

4

Type	`RT_ICON`
Language	Russian - Russia
Codepage	Latin 1 / Western European
Size	`0x128`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.04735`
MD5	`04c8a19060fac3720da4241a32886638`
SHA1	`fbb6fdf4e36b2e993664ef9cbfcf0d875112a77f`
SHA256	`3569621cc7eccb309ae4301e0ef324e60cac5d271a0253d3c8428aaf43df0678`
SHA3	`8a6b6845ce6ba5f381acc5621dba5f9785bafcd5aa36fed4d53b9dd05f2fe1a9`

101

Type	`RT_GROUP_ICON`
Language	Russian - Russia
Codepage	Latin 1 / Western European
Size	`0x14`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.7815`
Detected Filetype	Icon file
MD5	`3c68f77c35c26ff079a1c410ee44fa62`
SHA1	`0b40150c95fc2c6414c90d44ee78b8d8814b3393`
SHA256	`a14e70ed824f3f17d3a51136aa08839954d6d3ccadaa067415c7bfc08e6636b0`
SHA3	`590dcbf2ec3f485a6c24e3e627f383ee7588eb49978321f12c07d8190a6c1396`

1 (#2)

Type	`RT_VERSION`
Language	Chinese - PRC
Codepage	UNKNOWN
Size	`0x380`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.21152`
MD5	`0592f294e78a60411550279868587da0`
SHA1	`81d6bca2231b8ff7c857baeb996457c866766e64`
SHA256	`5c89d72b03375791a8bcd30ac9143d00cd5e3a0453b902d153023d943ea93f42`
SHA3	`dcb4a53c9b9ce4c0e55b9dc139666b46fba25d8e8ba478ab98b4877efae50ea0`

1 (#3)

Type	`RT_MANIFEST`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x346`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.23138`
MD5	`e32a5384ce1d3d6ce2f07bae63580af4`
SHA1	`ecd92eb0584dc4e5b87b9d87aac587c1fb5a3538`
SHA256	`e7c9872b3f255430bf4a174164305dfefbe2affd5b942c942b349047d9289297`
SHA3	`02ee32c8bcdd6cefb446c2a5d7f6073bc3f316daf7571f7befa4a3eb018c1315`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	4.21.0.701
ProductVersion	4.21.0.701
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT_WINDOWS32` `VOS__WINDOWS32`
FileType	`VFT_APP`
Language	Chinese - PRC
Comments	æ¹ä¾¿å®ç¨çUSBè®¾å¤ä¸»æ§è¯çè¯å«å·¥å·
CompanyName	æ°ç ä¹å®¶
FileDescription	Uç/MP3ä¸»æ§è¯çè¯å«å·¥å·
LegalCopyright	~~ç¿è½¯å¨çº¿ åææ é~~
LegalTrademarks	åå°æ»¨å·¥ä¸å¤§å¦ç ç©¶çé¢ åå°æ»¨çå·¥å¤§å¦è½¯ä»¶ä¸å¾®çµåå¦é¢
ProductName	Chip Genius
FileVersion (#2)	4.21.0701
ProductVersion (#2)	4.21.0701
InternalName	ChipGenius_v4_21_0701
OriginalFilename	ChipGenius_v4_21_0701.exe

Resource LangID	Chinese - PRC

TLS Callbacks

Load Configuration

RICH Header

Errors

[*] Warning: Section UPX0 has a size of 0!

Leave a comment

No comments yet.