8fd831c5bb24ee51f65699da378f127044314e7184042e44646b40c507d09bb4
Summary
| Architecture |
IMAGE_FILE_MACHINE_I386
|
|---|---|
| Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
| Compilation Date | 2021-Jul-02 13:58:46 |
| Detected languages |
Chinese - PRC
English - United States |
| Comments | æ¹ä¾¿å®ç¨çUSB设å¤ä¸»æ§è¯çè¯å«å·¥å · |
| CompanyName | æ°ç ä¹å®¶ |
| FileDescription | Uç/MP3主æ§è¯çè¯å«å·¥å · |
| LegalCopyright | ~~ç¿è½¯å¨çº¿ åææ é~~ |
| LegalTrademarks | åå°æ»¨å·¥ä¸å¤§å¦ç 究çé¢ åå°æ»¨ç工大å¦è½¯ä»¶ä¸å¾®çµåå¦é¢ |
| ProductName | Chip Genius |
| FileVersion | 4.21.0701 |
| ProductVersion | 4.21.0701 |
| InternalName | ChipGenius_v4_21_0701 |
| OriginalFilename | ChipGenius_v4_21_0701.exe |
Plugin Output
| Suspicious | PEiD Signature: |
UPX V2.00-V2.90 -> Markus Oberhumer & Laszlo Molnar & John Reiser
UPX v2.0 -> Markus, Laszlo & Reiser (h) UPX -> www.upx.sourceforge.net UPX V2.00-V2.90 -> Markus Oberhumer & Laszlo Molnar & John Reiser |
| Suspicious | The PE is possibly packed. |
Unusual section name found: l020
Section l020 is both writable and executable. Unusual section name found: l021 Section l021 is both writable and executable. The PE only has 5 import(s). |
| Info | The PE contains common functions which appear in legitimate applications. |
[!] The program may be hiding some of its imports:
|
| Info | The PE's resources present abnormal characteristics. |
Resource HIT00 is possibly compressed or encrypted.
Resource HIT02 is possibly compressed or encrypted. Resource HIT04 is possibly compressed or encrypted. Resource HIT06 is possibly compressed or encrypted. |
| Malicious | VirusTotal score: 37/72 (Scanned on 2026-02-26 11:22:06) |
APEX:
Malicious
AVG: Win32:Malware-gen Alibaba: Trojan:Win32/Kryptik.fb36263a Antiy-AVL: Trojan/Win32.Agent Avast: Win32:Malware-gen Avira: TR/Redcap.blayt Bkav: W32.Common.30CE1831 CAT-QuickHeal: Trojan.Agent CTX: exe.trojan.kryptik CrowdStrike: win/grayware_confidence_100% (W) Cylance: Unsafe Cynet: Malicious (score: 99) DeepInstinct: MALICIOUS Elastic: malicious (moderate confidence) F-Secure: Trojan.TR/Redcap.blayt GData: Win32.Trojan.Agent.QFCPMD Google: Detected Gridinsoft: Trojan.Win32.Agent.oa K7AntiVirus: Riskware ( 00584baa1 ) K7GW: Riskware ( 00584baa1 ) Lionic: Trojan.Win32.Generic.4!c MaxSecure: Trojan.Malware.119508268.susgen Microsoft: Trojan:Win32/Kryptik!MSR Paloalto: generic.ml Panda: Trj/CI.A SUPERAntiSpyware: Trojan.Agent/Gen-Kryptik Sangfor: Trojan.Win32.Save.a SentinelOne: Static AI - Malicious PE Skyhigh: BehavesLike.Win32.Trojan.dc Sophos: Mal/Generic-S Tencent: Win32.Trojan.Malware.juzi Trapmine: malicious.high.ml.score TrellixENS: GenericRXAA-AA!C225785C18C5 Varist: W32/ABTrojan.IIPY-3388 VirIT: Trojan.Win32.Genus.YZD Xcitium: Malware@#90bbfojzty10 alibabacloud: Trojan:Win/Kryptik.Gen |
Hashes
DOS Header
| e_magic | MZ |
|---|---|
| e_cblp | 0x90 |
| e_cp | 0x3 |
| e_crlc | 0 |
| e_cparhdr | 0x4 |
| e_minalloc | 0 |
| e_maxalloc | 0xffff |
| e_ss | 0 |
| e_sp | 0xb8 |
| e_csum | 0 |
| e_ip | 0 |
| e_cs | 0 |
| e_ovno | 0 |
| e_oemid | 0 |
| e_oeminfo | 0 |
| e_lfanew | 0xc0 |
PE Header
| Signature | PE |
|---|---|
| Machine |
IMAGE_FILE_MACHINE_I386
|
| NumberofSections | 3 |
| TimeDateStamp | 2021-Jul-02 13:58:46 |
| PointerToSymbolTable | 0 |
| NumberOfSymbols | 0 |
| SizeOfOptionalHeader | 0xe0 |
| Characteristics |
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_RELOCS_STRIPPED
|
Image Optional Header
| Magic | PE32 |
|---|---|
| LinkerVersion | 6.21 |
| SizeOfCode | 0x36000 |
| SizeOfInitializedData | 0x15000 |
| SizeOfUninitializedData | 0xd3000 |
| AddressOfEntryPoint | 0x00108C70 (Section: l021) |
| BaseOfCode | 0xd4000 |
| BaseOfData | 0x10a000 |
| ImageBase | 0x400000 |
| SectionAlignment | 0x1000 |
| FileAlignment | 0x200 |
| OperatingSystemVersion | 4.0 |
| ImageVersion | 4.15 |
| SubsystemVersion | 4.0 |
| Win32VersionValue | 0 |
| SizeOfImage | 0x11f000 |
| SizeOfHeaders | 0x1000 |
| Checksum | 0 |
| Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
| SizeofStackReserve | 0x100000 |
| SizeofStackCommit | 0x1000 |
| SizeofHeapReserve | 0x100000 |
| SizeofHeapCommit | 0x1000 |
| LoaderFlags | 0 |
| NumberOfRvaAndSizes | 16 |
l020
l021
.rsrc
Imports
| KERNEL32.DLL |
LoadLibraryA
ExitProcess GetProcAddress VirtualProtect |
|---|---|
| MSVBVM60.DLL |
#581
|
Delayed Imports
HIT00
HIT02
HIT04
HIT06
1
2
3
4
30001
30002
30003
1 (#2)
1 (#3)
2 (#2)
2 (#3)
3 (#2)
3 (#3)
4 (#2)
4 (#3)
5
5 (#2)
6
6 (#2)
7
7 (#2)
8
8 (#2)
9
9 (#2)
10
10 (#2)
11
11 (#2)
MAIN
1 (#4)
1 (#5)
1 (#6)
Version Info
| Signature | 0xfeef04bd |
|---|---|
| StructVersion | 0x10000 |
| FileVersion | 4.21.0.701 |
| ProductVersion | 4.21.0.701 |
| FileFlags | (EMPTY) |
| FileOs |
VOS_DOS_WINDOWS32
VOS_NT_WINDOWS32
VOS__WINDOWS32
|
| FileType |
VFT_APP
|
| Language | Chinese - PRC |
| Comments | æ¹ä¾¿å®ç¨çUSB设å¤ä¸»æ§è¯çè¯å«å·¥å · |
| CompanyName | æ°ç ä¹å®¶ |
| FileDescription | Uç/MP3主æ§è¯çè¯å«å·¥å · |
| LegalCopyright | ~~ç¿è½¯å¨çº¿ åææ é~~ |
| LegalTrademarks | åå°æ»¨å·¥ä¸å¤§å¦ç 究çé¢ åå°æ»¨ç工大å¦è½¯ä»¶ä¸å¾®çµåå¦é¢ |
| ProductName | Chip Genius |
| FileVersion (#2) | 4.21.0701 |
| ProductVersion (#2) | 4.21.0701 |
| InternalName | ChipGenius_v4_21_0701 |
| OriginalFilename | ChipGenius_v4_21_0701.exe |
| Resource LangID | Chinese - PRC |
|---|
TLS Callbacks
Load Configuration
RICH Header
| XOR Key | 0xc485d7b8 |
|---|---|
| Unmarked objects | 0 |
| 14 (7299) | 1 |
| 9 (8783) | 26 |
| 13 (8964) | 1 |
Errors
[*] Warning: Section l020 has a size of 0!
[!] Error: Resource 30001 is bigger than the PE. Not trying to load it in memory.
[!] Error: Resource 30001 is bigger than the PE. Not trying to load it in memory.
[!] Error: Resource 30001 is bigger than the PE. Not trying to load it in memory.
[!] Error: Resource 30002 is bigger than the PE. Not trying to load it in memory.
[!] Error: Resource 30002 is bigger than the PE. Not trying to load it in memory.
[!] Error: Resource 30002 is bigger than the PE. Not trying to load it in memory.
[!] Error: Resource 30003 is bigger than the PE. Not trying to load it in memory.
[!] Error: Resource 30003 is bigger than the PE. Not trying to load it in memory.
[!] Error: Resource 30003 is bigger than the PE. Not trying to load it in memory.
[!] Error: Resource 1 is bigger than the PE. Not trying to load it in memory.
[!] Error: Resource 1 is bigger than the PE. Not trying to load it in memory.
[!] Error: Resource 1 is bigger than the PE. Not trying to load it in memory.
[!] Error: Resource 1 is bigger than the PE. Not trying to load it in memory.
[!] Error: Resource 1 is bigger than the PE. Not trying to load it in memory.
[!] Error: Resource 1 is bigger than the PE. Not trying to load it in memory.
[!] Error: Resource 2 is bigger than the PE. Not trying to load it in memory.
[!] Error: Resource 2 is bigger than the PE. Not trying to load it in memory.
[!] Error: Resource 2 is bigger than the PE. Not trying to load it in memory.
[!] Error: Resource 2 is bigger than the PE. Not trying to load it in memory.
[!] Error: Resource 2 is bigger than the PE. Not trying to load it in memory.
[!] Error: Resource 2 is bigger than the PE. Not trying to load it in memory.
[!] Error: Resource 3 is bigger than the PE. Not trying to load it in memory.
[!] Error: Resource 3 is bigger than the PE. Not trying to load it in memory.
[!] Error: Resource 3 is bigger than the PE. Not trying to load it in memory.
[!] Error: Resource 3 is bigger than the PE. Not trying to load it in memory.
[!] Error: Resource 3 is bigger than the PE. Not trying to load it in memory.
[!] Error: Resource 3 is bigger than the PE. Not trying to load it in memory.
[!] Error: Resource 4 is bigger than the PE. Not trying to load it in memory.
[!] Error: Resource 4 is bigger than the PE. Not trying to load it in memory.
[!] Error: Resource 4 is bigger than the PE. Not trying to load it in memory.
[!] Error: Resource 4 is bigger than the PE. Not trying to load it in memory.
[!] Error: Resource 4 is bigger than the PE. Not trying to load it in memory.
[!] Error: Resource 4 is bigger than the PE. Not trying to load it in memory.
[!] Error: Resource 5 is bigger than the PE. Not trying to load it in memory.
[!] Error: Resource 5 is bigger than the PE. Not trying to load it in memory.
[!] Error: Resource 5 is bigger than the PE. Not trying to load it in memory.
[!] Error: Resource 5 is bigger than the PE. Not trying to load it in memory.
[!] Error: Resource 5 is bigger than the PE. Not trying to load it in memory.
[!] Error: Resource 5 is bigger than the PE. Not trying to load it in memory.
[!] Error: Resource 6 is bigger than the PE. Not trying to load it in memory.
[!] Error: Resource 6 is bigger than the PE. Not trying to load it in memory.
[!] Error: Resource 6 is bigger than the PE. Not trying to load it in memory.
[!] Error: Resource 6 is bigger than the PE. Not trying to load it in memory.
[!] Error: Resource 6 is bigger than the PE. Not trying to load it in memory.
[!] Error: Resource 6 is bigger than the PE. Not trying to load it in memory.
[!] Error: Resource 7 is bigger than the PE. Not trying to load it in memory.
[!] Error: Resource 7 is bigger than the PE. Not trying to load it in memory.
[!] Error: Resource 7 is bigger than the PE. Not trying to load it in memory.
[!] Error: Resource 7 is bigger than the PE. Not trying to load it in memory.
[!] Error: Resource 7 is bigger than the PE. Not trying to load it in memory.
[!] Error: Resource 7 is bigger than the PE. Not trying to load it in memory.
[!] Error: Resource 8 is bigger than the PE. Not trying to load it in memory.
[!] Error: Resource 8 is bigger than the PE. Not trying to load it in memory.
[!] Error: Resource 8 is bigger than the PE. Not trying to load it in memory.
[!] Error: Resource 8 is bigger than the PE. Not trying to load it in memory.
[!] Error: Resource 8 is bigger than the PE. Not trying to load it in memory.
[!] Error: Resource 8 is bigger than the PE. Not trying to load it in memory.
[!] Error: Resource 9 is bigger than the PE. Not trying to load it in memory.
[!] Error: Resource 9 is bigger than the PE. Not trying to load it in memory.
[!] Error: Resource 9 is bigger than the PE. Not trying to load it in memory.
[!] Error: Resource 9 is bigger than the PE. Not trying to load it in memory.
[!] Error: Resource 9 is bigger than the PE. Not trying to load it in memory.
[!] Error: Resource 9 is bigger than the PE. Not trying to load it in memory.
[!] Error: Resource 10 is bigger than the PE. Not trying to load it in memory.
[!] Error: Resource 10 is bigger than the PE. Not trying to load it in memory.
[!] Error: Resource 10 is bigger than the PE. Not trying to load it in memory.
[!] Error: Resource 10 is bigger than the PE. Not trying to load it in memory.
[!] Error: Resource 10 is bigger than the PE. Not trying to load it in memory.
[!] Error: Resource 10 is bigger than the PE. Not trying to load it in memory.
[!] Error: Resource 11 is bigger than the PE. Not trying to load it in memory.
[!] Error: Resource 11 is bigger than the PE. Not trying to load it in memory.
[!] Error: Resource 11 is bigger than the PE. Not trying to load it in memory.
[!] Error: Resource 11 is bigger than the PE. Not trying to load it in memory.
[!] Error: Resource 11 is bigger than the PE. Not trying to load it in memory.
[!] Error: Resource 11 is bigger than the PE. Not trying to load it in memory.
[!] Error: Resource 1 is bigger than the PE. Not trying to load it in memory.
[!] Error: Resource 1 is bigger than the PE. Not trying to load it in memory.
[!] Error: Resource 1 is bigger than the PE. Not trying to load it in memory.
[*] Warning: Resource 1 is empty!
[!] Error: Resource 30001 is bigger than the PE. Not trying to load it in memory.
[!] Error: Resource 30001 is bigger than the PE. Not trying to load it in memory.
[!] Error: Resource 30002 is bigger than the PE. Not trying to load it in memory.
[!] Error: Resource 30002 is bigger than the PE. Not trying to load it in memory.
[!] Error: Resource 30003 is bigger than the PE. Not trying to load it in memory.
[!] Error: Resource 30003 is bigger than the PE. Not trying to load it in memory.
[!] Error: Resource 1 is bigger than the PE. Not trying to load it in memory.
[!] Error: Resource 1 is bigger than the PE. Not trying to load it in memory.
[!] Error: Resource 1 is bigger than the PE. Not trying to load it in memory.
[!] Error: Resource 1 is bigger than the PE. Not trying to load it in memory.
[!] Error: Resource 2 is bigger than the PE. Not trying to load it in memory.
[!] Error: Resource 2 is bigger than the PE. Not trying to load it in memory.
[!] Error: Resource 2 is bigger than the PE. Not trying to load it in memory.
[!] Error: Resource 2 is bigger than the PE. Not trying to load it in memory.
[!] Error: Resource 3 is bigger than the PE. Not trying to load it in memory.
[!] Error: Resource 3 is bigger than the PE. Not trying to load it in memory.
[!] Error: Resource 3 is bigger than the PE. Not trying to load it in memory.
[!] Error: Resource 3 is bigger than the PE. Not trying to load it in memory.
[!] Error: Resource 4 is bigger than the PE. Not trying to load it in memory.
[!] Error: Resource 4 is bigger than the PE. Not trying to load it in memory.
[!] Error: Resource 4 is bigger than the PE. Not trying to load it in memory.
[!] Error: Resource 4 is bigger than the PE. Not trying to load it in memory.
[!] Error: Resource 5 is bigger than the PE. Not trying to load it in memory.
[!] Error: Resource 5 is bigger than the PE. Not trying to load it in memory.
[!] Error: Resource 5 is bigger than the PE. Not trying to load it in memory.
[!] Error: Resource 5 is bigger than the PE. Not trying to load it in memory.
[!] Error: Resource 6 is bigger than the PE. Not trying to load it in memory.
[!] Error: Resource 6 is bigger than the PE. Not trying to load it in memory.
[!] Error: Resource 6 is bigger than the PE. Not trying to load it in memory.
[!] Error: Resource 6 is bigger than the PE. Not trying to load it in memory.
[!] Error: Resource 7 is bigger than the PE. Not trying to load it in memory.
[!] Error: Resource 7 is bigger than the PE. Not trying to load it in memory.
[!] Error: Resource 7 is bigger than the PE. Not trying to load it in memory.
[!] Error: Resource 7 is bigger than the PE. Not trying to load it in memory.
[!] Error: Resource 8 is bigger than the PE. Not trying to load it in memory.
[!] Error: Resource 8 is bigger than the PE. Not trying to load it in memory.
[!] Error: Resource 8 is bigger than the PE. Not trying to load it in memory.
[!] Error: Resource 8 is bigger than the PE. Not trying to load it in memory.
[!] Error: Resource 9 is bigger than the PE. Not trying to load it in memory.
[!] Error: Resource 9 is bigger than the PE. Not trying to load it in memory.
[!] Error: Resource 9 is bigger than the PE. Not trying to load it in memory.
[!] Error: Resource 9 is bigger than the PE. Not trying to load it in memory.
[!] Error: Resource 10 is bigger than the PE. Not trying to load it in memory.
[!] Error: Resource 10 is bigger than the PE. Not trying to load it in memory.
[!] Error: Resource 10 is bigger than the PE. Not trying to load it in memory.
[!] Error: Resource 10 is bigger than the PE. Not trying to load it in memory.
[!] Error: Resource 11 is bigger than the PE. Not trying to load it in memory.
[!] Error: Resource 11 is bigger than the PE. Not trying to load it in memory.
[!] Error: Resource 11 is bigger than the PE. Not trying to load it in memory.
[!] Error: Resource 11 is bigger than the PE. Not trying to load it in memory.
[!] Error: Resource 1 is bigger than the PE. Not trying to load it in memory.
[!] Error: Resource 1 is bigger than the PE. Not trying to load it in memory.
Leave a comment
No comments yet.