3203925b0b243e14f0888aaf2ec004e2f1490653a554a988b5e8513a3a2c0bd9

Summary

Architecture IMAGE_FILE_MACHINE_AMD64
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date 2026-Mar-02 05:32:17
TLS Callbacks 2 callback(s) detected.

Plugin Output

Malicious VirusTotal score: 46/71 (Scanned on 2026-03-06 07:56:58) ALYac: Gen:Variant.Tedy.486310
APEX: Malicious
AVG: Win64:Evo-gen [Trj]
AhnLab-V3: Dropper/Win.DropperX-gen.R622355
Antiy-AVL: Trojan/Win64.Kryptik
Arcabit: Trojan.Tedy.D76BA6
Avast: Win64:Evo-gen [Trj]
Avira: HEUR/AGEN.1371803
BitDefender: Gen:Variant.Tedy.486310
Bkav: W64.AIDetectMalware
CAT-QuickHeal: Trojan.Miner.S32361963
CTX: exe.unknown.tedy
ClamAV: Win.Packed.Zusy-10017004-0
CrowdStrike: win/malicious_confidence_100% (D)
Cylance: Unsafe
Cynet: Malicious (score: 100)
DeepInstinct: MALICIOUS
ESET-NOD32: Win64/Kryptik.EDF trojan
Elastic: Windows.Generic.Threat
Emsisoft: Gen:Variant.Tedy.486310 (B)
F-Secure: Heuristic.HEUR/AGEN.1371803
GData: Gen:Variant.Tedy.486310
Google: Detected
Ikarus: Trojan.Win64.Krypt
K7AntiVirus: Trojan ( 005af85d1 )
K7GW: Trojan ( 005af85d1 )
Kaspersky: HEUR:Trojan.Win32.Miner.pef
Malwarebytes: Trojan.MalPack.Generic
MaxSecure: Trojan.Malware.121218.susgen
McAfeeD: ti!3203925B0B24
MicroWorld-eScan: Gen:Variant.Tedy.486310
Microsoft: Trojan:Win64/Coinminer.RB!MTB
Rising: Trojan.Kryptik/x64!1.1378B (CLASSIC)
Sangfor: Trojan.Win32.Save.a
SentinelOne: Static AI - Suspicious PE
Skyhigh: Kryptik-FVKL!C9F56FE2B80B
Sophos: Troj/Krypt-ADL
Symantec: Trojan.Coinminer!g3
Tencent: Trojan.Win64.Kryptik.16001249
TrellixENS: Kryptik-FVKL!C9F56FE2B80B
VBA32: OScope.Trojan.Win64.Miner
VIPRE: Gen:Variant.Tedy.486310
Varist: W64/Kryptik.LBJ.gen!Eldorado
Webroot: W32.Coinminer.Gen
ZoneAlarm: Troj/Krypt-ADL
huorong: Trojan/Injector.bth

Hashes

MD5 c9f56fe2b80b33483a75ffeda5cdafb5
SHA1 0431c81c2817150632ef339617e409a3fa5e3626
SHA256 3203925b0b243e14f0888aaf2ec004e2f1490653a554a988b5e8513a3a2c0bd9
SHA3 b395ceb3a53ea00f42f9b3295c3cb2fbe1e12aa1710a55556f2670d295af31db
SSDeep 49152:frvTGuAFdXw82q3UL+OLGVZrdMDVg6pv9TPAxeJXsgWsYQjWGt3:f7T3AFdg9QVhdApv9TAeJXyRSt
Imports Hash de41d4e0545d977de6ca665131bb479a

DOS Header

e_magic MZ
e_cblp 0x78
e_cp 0x1
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0
e_ss 0
e_sp 0
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0x78

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_AMD64
NumberofSections 7
TimeDateStamp 2026-Mar-02 05:32:17
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xf0
Characteristics IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Image Optional Header

Magic PE32+
LinkerVersion 14.0
SizeOfCode 0x7a00
SizeOfInitializedData 0x27fa00
SizeOfUninitializedData 0
AddressOfEntryPoint 0x0000000000001140 (Section: .text)
BaseOfCode 0x1000
ImageBase 0x140000000
SectionAlignment 0x1000
FileAlignment 0x200
OperatingSystemVersion 6.0
ImageVersion 0.0
SubsystemVersion 6.0
Win32VersionValue 0
SizeOfImage 0x28e000
SizeOfHeaders 0x400
Checksum 0
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
DllCharacteristics IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
SizeofStackReserve 0x100000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.text

MD5 e738104292b0a2c6f12044794eabf783
SHA1 91523fe1e92cbf20fd40b818468d8c03c70cb54c
SHA256 c3651c95f080fcaabb1a534c8a383a29ff5bbd0ff270c7f0d96fc75392c6bccd
SHA3 d333102ec736bc26409ec145020681fac4feceabf1686260944b877c25bde799
VirtualSize 0x79f6
VirtualAddress 0x1000
SizeOfRawData 0x7a00
PointerToRawData 0x400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 6.15695

.rdata

MD5 f5316a53c660b6788945232484578241
SHA1 7f6ba444c33be74fe205be692bcdbbc0f4c9da46
SHA256 0adfa6437cea69f0fe7c58ef1f5377f4d864804764720cf3babdf2da05ea0409
SHA3 a7a36e4e8bd5f4e6510493d324811cf25c2e7118731344c00e092123014acaf0
VirtualSize 0x1bb8
VirtualAddress 0x9000
SizeOfRawData 0x1c00
PointerToRawData 0x7e00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 4.73737

.data

MD5 fc4fc6f64a8989aa1747cb24a4858567
SHA1 b61331d5916c4683b325e813ce98c9e11717de24
SHA256 bac799d76d5a45d60294bdda84da8baf13d86e6b35308804f73afdfd63519fff
SHA3 3b22ee5fdc142099f3c248e1d5dc760cdf393b2b45e16e3b7e63d07ccb977aa9
VirtualSize 0x27e290
VirtualAddress 0xb000
SizeOfRawData 0x27d600
PointerToRawData 0x9a00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 6.49136

.pdata

MD5 28477e6d378e1b195481402a09835c86
SHA1 dea02329bff44e4cffa9d88816c2e71deb3155f3
SHA256 595177880b4ec67dc89acf4abac8ce9bbc7dc4d2697c5801d41f794e4f1ccf39
SHA3 d6739d96f4628a0122ef4368206d826414be58ec73b9de2f284dd5c044f7f5ae
VirtualSize 0x180
VirtualAddress 0x28a000
SizeOfRawData 0x200
PointerToRawData 0x287000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 3.10978

.00cfg

MD5 b18c7380298e104adf73576fa46bccc1
SHA1 7c9d8859eadd0c878ef339317f1dd025b88a243c
SHA256 bbd9d6cb0394bc02a0fd5b3fc773cea77fc75c64af558b03a94ce3a1318da805
SHA3 74eb1da86f73dbddf15eeaae93884cd16b7cf0d61ea31ae39a8be0116b03d077
VirtualSize 0x10
VirtualAddress 0x28b000
SizeOfRawData 0x200
PointerToRawData 0x287200
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 0.151271

.tls

MD5 bf619eac0cdf3f68d496ea9344137e8b
SHA1 5c3eb80066420002bc3dcc7ca4ab6efad7ed4ae5
SHA256 076a27c79e5ace2a3d47f9dd2e83e4ff6ea8872b3c2218f66c92b89b55f36560
SHA3 622de1e1568ddef36c4b89b706b05201c13481c3575d0fc804ff8224787fcb59
VirtualSize 0x10
VirtualAddress 0x28c000
SizeOfRawData 0x200
PointerToRawData 0x287400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 0

.reloc

MD5 d017b07d6e7818b4adebece8eb91a76d
SHA1 3a32a2c3e544e738225095e99332f88812833775
SHA256 1f6ab23c6a7996022b2b96e6ba7b5497c461b9a3737117edb8fec4ba41541a00
SHA3 876dcb6a9a9bb8a94cdb6e0cb7c77844cb695b3e8ec979218d4f478152278c6f
VirtualSize 0x78
VirtualAddress 0x28d000
SizeOfRawData 0x200
PointerToRawData 0x287600
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Entropy 1.41186

Imports

msvcrt.dll __C_specific_handler
__getmainargs
__initenv
__iob_func
__set_app_type
__setusermatherr
_amsg_exit
_cexit
_commode
_fmode
_initterm
_onexit
_wcsicmp
_wcsnicmp
abort
calloc
exit
fprintf
free
fwrite
malloc
memcpy
memset
signal
strlen
strncmp
vfprintf
wcscat
wcscpy
wcslen
wcsncmp
KERNEL32.dll DeleteCriticalSection
EnterCriticalSection
GetLastError
InitializeCriticalSection
LeaveCriticalSection
SetUnhandledExceptionFilter
Sleep
TlsGetValue
VirtualProtect
VirtualQuery

Delayed Imports

Version Info

TLS Callbacks

StartAddressOfRawData 0x14028c000
EndAddressOfRawData 0x14028c008
AddressOfIndex 0x140288480
AddressOfCallbacks 0x14000a438
SizeOfZeroFill 0
Characteristics IMAGE_SCN_ALIGN_8BYTES
Callbacks 0x0000000140001760
0x00000001400017E0

Load Configuration

Size 0x138
TimeDateStamp 1970-Jan-01 00:00:00
Version 0.0
GlobalFlagsClear (EMPTY)
GlobalFlagsSet (EMPTY)
CriticalSectionDefaultTimeout 0
DeCommitFreeBlockThreshold 0
DeCommitTotalFreeThreshold 0
LockPrefixTable 0
MaximumAllocationSize 0
VirtualMemoryThreshold 0
ProcessAffinityMask 0
ProcessHeapFlags (EMPTY)
CSDVersion 0
Reserved1 0
EditList 0
SecurityCookie 0

RICH Header

Errors

Leave a comment

No comments yet.