The InformaalFrog.exe File Analysis

Updated 2 months ago

Checked by Malaware Check

InformaalFrog.exe

Technical Analysis

File Name	InformaalFrog.exe
File Type	Win32 EXE
Magic Bytes	`PE32+ executable (console) x86-64, for MS Windows`
SSDEEP Hash	98304:wEmfFRZ6PUsNpPRK1GGnsC+asULKR/w6AA0rn7AEcb:wvFRsPUXGGnsjjULKR/w2y5cb
Scanner Version	1.0.212.174
Database Version	2025-03-31 12:00:28 UTC

⚠

Suspicious File Detected

Detected by 19 security engines - requires caution

This file requires additional checking for potential threats. Based on suspicious indicators, we will soon add it to our virus database.

26%

Detection Rate

10,809,344

File Size (bytes)

19/73

Engines Detected

2025-03-31

Analysis Date

Scan Another File

File Identification

Hash Type	Value	Action
MD5	7ec3a45ec671e790a44f53355fe7c0fc
SHA1	75a620241963843a84e7dc1e241390715987aa34
SHA256	e10c3f9977b08c7b89f6e2b50c78e0ab686027f8ca5127f5c4aa5d11aca27712
SHA512	a02d8e3776a660fcae5d66e62b8e3a6f2c1b5a417e2ea3847a2db0aee24fe993716f173d0a6c0150833c08224d570c66ef1bf5094f68ed500f1dbe219b8b4164
ImpHash	d42595b695fc008ef2c56aabd8efd68e

Security Engines with Detections (19 of 73)

Bkav

W64.AIDetectMalware Malicious

Elastic

Multi.Generic.Threat Malicious

Malwarebytes

Spyware.SkuldStealer Malicious

ESET-NOD32

a variant of WinGo/Spy.Agent.CO Malicious

TrendMicro-HouseCall

TrojanSpy.Win64.SKULDSTEALER.SM.go Malicious

ClamAV

Win.Malware.Tmpnstealer-10031639-0 Malicious

Avast

Win64:Evo-gen [Trj] Malicious

Rising

Stealer.Agent!1.1173C (CLASSIC) Malicious

Google

Detected Malicious

TrendMicro

TrojanSpy.Win64.SKULDSTEALER.SM.go Malicious

SentinelOne

Static AI - Suspicious PE Malicious

Ikarus

Trojan-PSW.Agent Malicious

Fortinet

W64/Agent.CO!tr Malicious

Microsoft

Trojan:Win64/YanismaStealer.DA!MTB Malicious

AhnLab-V3

Trojan/Win.YanismaStealer.R694255 Malicious

Tencent

Trojan-Spy.Python.Disco.16001307 Malicious

huorong

TrojanSpy/Stealer.bp Malicious

AVG

Win64:Evo-gen [Trj] Malicious

DeepInstinct

MALICIOUS Malicious

54 engines reported no threats - Only engines with detections are shown above for clarity

PE Analysis

Basic Information

▼

Image Base	`0x00400000`
Entry Point	`0x00477c60`
Compilation Time	1970-01-01 00:00:00
Checksum	0x00000000 (Actual: 0x00a4fb21)
OS Version	6.1
PEiD Signatures	`PE32+ executable (console) x86-64, for MS Windows`
Digital Signature	No valid SignedData structure was found.
Imports	1 libraries kernel32
Exports	0 functions
Resources	0 Resources
Sections	8 Sections

PE Sections

▼

Name	Virtual Address	Virtual Size	Raw Size	Entropy	Characteristics	MD5
`.text`	`0x00001000`	5,198,705 bytes	5,198,848 bytes	6.17 (Normal)	`IMAGE_SCN_CNT_CODE\|IMAGE_SCN_MEM_EXECUTE\|IMAGE_SCN_MEM_READ`	`D24F1F78F6DC9B3CDE1D80C70BF88DFA`
`.rdata`	`0x004f7000`	4,845,128 bytes	4,845,568 bytes	5.75 (Normal)	`IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ`	`6DD5344189354EA5E5DE5F3C8EDCB439`
`.data`	`0x00996000`	939,216 bytes	568,832 bytes	5.47 (Normal)	`IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ\|IMAGE_SCN_MEM_WRITE`	`3EF359BBF9F7F8E2D5C92598EB8263A9`
`.pdata`	`0x00a7c000`	116,568 bytes	116,736 bytes	5.62 (Normal)	`IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ`	`9DB16488725C1977E84BFB4E34839BDC`
`.xdata`	`0x00a99000`	180 bytes	512 bytes	1.78 (Normal)	`IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ`	`E081E1B68888A642916DFE290E66CC84`
`.idata`	`0x00a9a000`	1,342 bytes	1,536 bytes	4.01 (Normal)	`IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ\|IMAGE_SCN_MEM_WRITE`	`4A24068E8BC891DEA736F50E6D075E37`
`.reloc`	`0x00a9b000`	75,236 bytes	75,264 bytes	5.44 (Normal)	`IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_DISCARDABLE\|IMAGE_SCN_MEM_READ`	`CE45FA83DBFACC076A8A041F8FC2C61D`
`.symtab`	`0x00aae000`	4 bytes	512 bytes	0.02 (Normal)	`IMAGE_SCN_MEM_DISCARDABLE\|IMAGE_SCN_MEM_READ`	`07B5472D347D42780469FB2654B7FC54`

Certificate Chain Analysis

▼

No Digital Signatures

This file is not digitally signed.

Security Implications:

Cannot verify the publisher's identity
Increased security risk when running this file
May trigger security warnings on some systems

⚠ This file either lacks a digital signature or the certificate chain could not be verified
Exercise caution when executing unsigned files from unknown sources

Certificate Verification Status

No valid SignedData structure was found.

Recommendation: Verify the file source and ensure it comes from a trusted publisher.

Remember: This is Result of Online Virus Scanner

Gridinsoft Anti-Malware has a much more powerful virus scanning engine. We recommend using it for a more precise diagnosis of infected systems. This brief guide will help you install our flagship product for more accurate diagnostics:

Download Anti-Malware

Keep Your System Protected

This file appears clean, but regular security maintenance is important

Regular Scans: Run weekly system scans to detect new threats before they can cause damage.
Keep Software Updated: Ensure your operating system and all applications have the latest security patches.
Safe Browsing: Avoid suspicious websites and never download software from untrusted sources.
Email Security: Be cautious with email attachments and links, even from known contacts.

Proactive Protection

19 antivirus engines detected potential threats. This could be a false positive, especially for system tools or packed software. Verify the file source and check if it's digitally signed by a trusted publisher.

Share your thoughts or insights about this file. Do you align with our conclusion?

* Your feedback could influence our rating, and rest assured, your email will remain confidential and will only be used to communicate with you if necessary.

Your Score for

5 4 3 2 1