The crazyCore.exe (crazyCore) File Analysis

Updated 1 year ago

Checked by Malware Check

crazyCore.exe

Technical Analysis

File Name	crazyCore.exe
File Type	Win32 EXE
Magic Bytes	`PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows`
SSDEEP Hash	49152:caMwa/eDOTlKZQ19t3+SGeCf5Q+Ub7Szzr9PILpLL8lvZYI49kkpmpMZkgYl122w:q
Scanner Version	1.0.180.174
Database Version	2024-06-24 18:00:20 UTC

⚠

Suspicious File Detected

Detected by 13 security engines - requires caution

This file requires additional checking for potential threats. Based on suspicious indicators, we will soon add it to our virus database.

18%

Detection Rate

15,408,640

File Size (bytes)

13/74

Engines Detected

2024-06-24

Analysis Date

Scan Another File

File Identification

Hash Type	Value	Action
MD5	049fef807fc77aec9efab9128e37ea00
SHA1	30b8392ade49f3a0d9f7ddc5a067df5c72dae1a0
SHA256	155cf371672b2e40f8ff5740091c6933159b15a02914a464b1fd0fcd415e2a1b
SHA512	93364f22aa1f850601dd3c5aaa7e90c21f6aafd41f89fdfc70b7b8446da7ae32926e50ce689e87c9a4fde252f37f96726a0a12c1f1f3fe073968732bab2c1dc8
ImpHash	f34d5f2d4577ed6d9ceec516c1f5a744

Security Engines with Detections (13 of 74)

Bkav

W32.AIDetectMalware.CS Malicious

AVG

Win32:MalwareX-gen [Trj] Malicious

Elastic

malicious (high confidence) Malicious

Cylance

Unsafe Malicious

Sangfor

Suspicious.Win32.Save.a Malicious

Symantec

ML.Attribute.HighConfidence Malicious

Avast

Win32:MalwareX-gen [Trj] Malicious

SentinelOne

Static AI - Suspicious PE Malicious

Microsoft

Trojan:Win32/Formbook!ml Malicious

AhnLab-V3

Trojan/Win.Generic.C5626549 Malicious

Malwarebytes

Malware.AI.4156469507 Malicious

DeepInstinct

MALICIOUS Malicious

CrowdStrike

win/malicious_confidence_90% (D) Malicious

61 engines reported no threats - Only engines with detections are shown above for clarity

PE Analysis

Basic Information

▼

Icon	Hash: 223e215eb7b82a2cb2ce30130cde57e5 Fuzzy: 6895c5c87d390b42b9f8db3c5813f7e9 dHash: 69cc33b20f038ee8
Image Base	`0x00400000`
Entry Point	`0x012814de`
Compilation Time	2089-05-07 15:26:57
Checksum	0x00000000 (Actual: 0x00ec01e5)
OS Version	4.0
PEiD Signatures	`PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows`
PDB Path	`C:\Users\Main\Documents\Documents\C#\crazyCore\crazyCore\obj\Release\crazyCore.pdb`
Digital Signature	The PE file does not contain a certificate table.
Imports	1 libraries mscoree
Exports	0 functions
Resources	13 Resources
Sections	3 Sections

Version Information

▼

Translation	0x0000 0x04b0
Comments
CompanyName
FileDescription	crazyCore
FileVersion	1.0.0.0
InternalName	crazyCore.exe
LegalCopyright	Copyright © 2024
LegalTrademarks
OriginalFilename	crazyCore.exe
ProductName	crazyCore
ProductVersion	1.0.0.0
Assembly Version	1.0.0.0

PE Sections

▼

Name	Virtual Address	Virtual Size	Raw Size	Entropy	Characteristics	MD5
`.text`	`0x00002000`	15,201,508 bytes	15,201,792 bytes	6.22 (Normal)	`IMAGE_SCN_CNT_CODE\|IMAGE_SCN_MEM_EXECUTE\|IMAGE_SCN_MEM_READ`	`C3747A185C22F7040085E90B7645A080`
`.rsrc`	`0x00e82000`	205,564 bytes	205,824 bytes	3.21 (Normal)	`IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ`	`93B2BBFC9C387D8D224E7665AC5FC487`
`.reloc`	`0x00eb6000`	12 bytes	512 bytes	0.10 (Normal)	`IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_DISCARDABLE\|IMAGE_SCN_MEM_READ`	`0B33F433DF4C8B71278148DDAA056A05`

Resource Analysis

▼

Total Resources: 13 (204,817 bytes)

Resource Type	Count	Total Size	Percentage
RT_ICON	10	203,385 bytes	99.3%
RT_GROUP_ICON	1	146 bytes	0.1%
RT_VERSION	1	796 bytes	0.4%
RT_MANIFEST	1	490 bytes	0.2%

Certificate Chain Analysis

▼

Certificate Information

Product	crazyCore
Description	crazyCore
File Version	1.0.0.0
Original Name	crazyCore.exe
Internal Name	crazyCore.exe
Copyright	Copyright © 2024

✓ This file has been digitally signed and the certificate chain has been verified

The signature ensures file integrity and authenticity from the publisher
Timestamping proves when the signature was applied

Certificate Verification Status

The PE file does not contain a certificate table.

Recommendation: Verify the file source and ensure it comes from a trusted publisher.

Remember: This is Result of Online Virus Scanner

Gridinsoft Anti-Malware has a much more powerful virus scanning engine. We recommend using it for a more precise diagnosis of infected systems. This brief guide will help you install our flagship product for more accurate diagnostics:

Download Anti-Malware

Keep Your System Protected

This file appears clean, but regular security maintenance is important

Regular Scans: Run weekly system scans to detect new threats before they can cause damage.
Keep Software Updated: Ensure your operating system and all applications have the latest security patches.
Safe Browsing: Avoid suspicious websites and never download software from untrusted sources.
Email Security: Be cautious with email attachments and links, even from known contacts.

Proactive Protection

13 antivirus engines detected potential threats. This could be a false positive, especially for system tools or packed software. Verify the file source and check if it's digitally signed by a trusted publisher.

Share your thoughts or insights about this file. Do you align with our conclusion?

* Your feedback could influence our rating, and rest assured, your email will remain confidential and will only be used to communicate with you if necessary.

Your Score for

5 4 3 2 1