PYG dll Hack Patcher File Malware Analysis: a182cc1d810f55b2c6355db9931cf09e

PYG.dll Hack Patcher Analysis

Updated 2 months ago

Checked by Malaware Check

PYG.dll

Hash Type	Value	Action
MD5	a182cc1d810f55b2c6355db9931cf09e
SHA1	d77d8b119c95e466cbf0546e425e2645541876b9
SHA256	15fe357d721f701cf01335b9c949887dfc3d8be55ccd9d0064ffb1bce18c4bb1
SHA512	c241cf5bb4add3560e332dd5944c41492723e1b1100de0754f096d85741596e98b506733d3bd22fdbb1fede68daf3ce644f7d1cbd286c59fe6ca65e5665485b5
ImpHash	317d2569ec546cd70261f2dfa96289d2

Hash Type

Value

Action

MD5

a182cc1d810f55b2c6355db9931cf09e

SHA1

d77d8b119c95e466cbf0546e425e2645541876b9

SHA256

15fe357d721f701cf01335b9c949887dfc3d8be55ccd9d0064ffb1bce18c4bb1

SHA512

c241cf5bb4add3560e332dd5944c41492723e1b1100de0754f096d85741596e98b506733d3bd22fdbb1fede68daf3ce644f7d1cbd286c59fe6ca65e5665485b5

ImpHash

317d2569ec546cd70261f2dfa96289d2

PE Analysis

Basic Information

▼

Icon	Hash: dc5da33dfaedf1a823c345f3897aaf75 Fuzzy: 18f0cc81bdb2e12a2b3978ebf14e9a20 dHash: 8e071d946841398e
Image Base	`0x10000000`
Entry Point	`0x1030b816`
Compilation Time	2021-02-03 05:50:37
Checksum	0x000faf62 (Actual: 0x000ff684)
OS Version	5.0
PEiD Signatures	`PE32 executable (DLL) (GUI) Intel 80386, for MS Windows`
PDB Path	`d:\NsStudio\Home\Baymax\trunk\PatchUi\res\x86\PYG.pdb`
Digital Signature	No valid SignedData structure was found.
Imports	9 libraries KERNEL32, USER32, ADVAPI32, SHELL32, ole32, OLEAUT32, SHLWAPI, VERSION, GDI32
Exports	1 functions
Resources	7 Resources
Sections	9 Sections

Version Information

▼

Comments	Www.ChinaPYG.CoM
CompanyName	飘云阁论坛官方出品
FileDescription	Baymax Patcher Tools
FileVersion	3, 0, 1, 1035
InternalName	PYG.dll
LegalCopyright	Copyright (C) 2020
OriginalFilename	PYG.dll
ProductName	PYG
ProductVersion	3, 0, 1, 1035
Translation	0x0804 0x04b0

PE Sections

▼

Name	Virtual Address	Virtual Size	Raw Size	Entropy	Characteristics	MD5
`.text`	`0x00001000`	458,563 bytes	0 bytes	0.00 (Normal)	`IMAGE_SCN_CNT_CODE\|IMAGE_SCN_MEM_EXECUTE\|IMAGE_SCN_MEM_READ`	`D41D8CD98F00B204E9800998ECF8427E`
`.rdata`	`0x00071000`	1,366,339 bytes	0 bytes	0.00 (Normal)	`IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ`	`D41D8CD98F00B204E9800998ECF8427E`
`.data`	`0x001bf000`	197,916 bytes	0 bytes	0.00 (Normal)	`IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ\|IMAGE_SCN_MEM_WRITE`	`D41D8CD98F00B204E9800998ECF8427E`
`.Baymax0`	`0x001f0000`	491,946 bytes	0 bytes	0.00 (Normal)	`IMAGE_SCN_CNT_CODE\|IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_EXECUTE\|IMAGE_SCN_MEM_READ\|IMAGE_SCN_MEM_WRITE`	`D41D8CD98F00B204E9800998ECF8427E`
`.tls`	`0x00269000`	24 bytes	512 bytes	0.00 (Normal)	`IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ\|IMAGE_SCN_MEM_WRITE`	`BF619EAC0CDF3F68D496EA9344137E8B`
`.Baymax1`	`0x0026a000`	1,007,836 bytes	1,008,128 bytes	7.94 (Packed/Encrypted)	`IMAGE_SCN_CNT_CODE\|IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_EXECUTE\|IMAGE_SCN_MEM_READ\|IMAGE_SCN_MEM_WRITE`	`766013E4DB1965203DBDA085FA597762`
`.reloc`	`0x00361000`	364 bytes	512 bytes	3.99 (Normal)	`IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ`	`4CF02DEA3A3F6A7073263F1FEAC5F3DA`
`.rsrc`	`0x00362000`	27,896 bytes	11,776 bytes	5.08 (Normal)	`IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ`	`C17AFA66D47F41EB144758890A040AFC`
`.BaymaxN`	`0x00369000`	16,384 bytes	16,384 bytes	1.10 (Normal)	`IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ`	`D501BF305723E51962E1670D90A55015`

Entropy Analysis Alert

1 section(s) with high entropy (≥7.5) detected - possible packing/encryption

Resource Analysis

▼

Total Resources: 7 (27,380 bytes)

Resource Type	Count	Total Size	Percentage
BAYMAX	1	16,194 bytes	59.1%
RT_ICON	1	9,640 bytes	35.2%
RT_DIALOG	2	420 bytes	1.5%
RT_GROUP_ICON	1	20 bytes	0.1%
RT_VERSION	1	760 bytes	2.8%
RT_MANIFEST	1	346 bytes	1.3%

Certificate Chain Analysis

▼

No Digital Signatures

This file is not digitally signed.

Security Implications:

Cannot verify the publisher's identity
Increased security risk when running this file
May trigger security warnings on some systems

⚠ This file either lacks a digital signature or the certificate chain could not be verified
Exercise caution when executing unsigned files from unknown sources

Certificate Verification Status

No valid SignedData structure was found.

Recommendation: Verify the file source and ensure it comes from a trusted publisher.

File Name	PYG.dll
File Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Scanner Version	1.0.210.174
Database Version	2025-03-13 15:00:51 UTC

PYG.dll Hack Patcher Analysis

Technical Analysis

Hack.Win32.Patcher.oa!s6

Scan Another File

File Identification