| File Name | PYG.dll |
| File Type |
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
| Scanner Version | 1.0.213.174 |
| Database Version | 2025-04-13 08:00:29 UTC |
Malware family: Heuristic
| Hash Type | Value | Action |
|---|---|---|
| MD5 |
48017d4fa4e92b3d53a91ef0fb02f692
|
|
| SHA1 |
9577e40752e416af8ad9514274953bd38cc993a5
|
|
| SHA256 |
eed3aef9bfb032222eb5017365960c97be18f66f2b1f9ee711cb09c79b84ae33
|
|
| SHA512 |
b6f1c67ef109bd263069d443821e6bf70fd9a7a3702c70d03d984858080c26e810ad3112cc9f7bb77381b5077d2396a13a8ef0cc2ffe49b4f4c17173f655876a
|
|
| ImpHash |
32d9d052250a062b1838882a222c1106
|
| Icon |
Hash: dc5da33dfaedf1a823c345f3897aaf75
Fuzzy: 18f0cc81bdb2e12a2b3978ebf14e9a20 dHash: 8e071d946841398e |
| Image Base | 0x10000000 |
| Entry Point | 0x1028ecea |
| Compilation Time | 2024-07-12 23:44:35 |
| Checksum | 0x00000000 (Actual: 0x00118fe8) |
| OS Version | 5.0 |
| PEiD Signatures |
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
| PDB Path | d:\NsStudy\Home\Baymax\trunk\PatchUi\res\x86\PYG.pdb |
| Digital Signature | No valid SignedData structure was found. |
| Imports |
5 libraries
KERNEL32, USER32, ole32, VERSION, GDI32 |
| Exports | 1 functions |
| Resources | 7 Resources |
| Sections | 9 Sections |
| Comments | Www.ChinaPYG.CoM |
| CompanyName | 飘云阁论坛官方出品 |
| FileDescription | Baymax Patch Tools |
| FileVersion | 3, 0, 1, 1055 |
| InternalName | PYG.dll |
| LegalCopyright | Copyright (C) 2020 |
| OriginalFilename | PYG.dll |
| ProductName | PYG |
| ProductVersion | 3, 0, 1, 1055 |
| Translation | 0x0804 0x04b0 |
| Name | Virtual Address | Virtual Size | Raw Size | Entropy | Characteristics | MD5 |
|---|---|---|---|---|---|---|
.text |
0x00001000 |
481,235 bytes | 0 bytes | 0.00 (Normal) |
IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ
|
D41D8CD98F00B204E9800998ECF8427E |
.rdata |
0x00077000 |
1,364,835 bytes | 0 bytes | 0.00 (Normal) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ
|
D41D8CD98F00B204E9800998ECF8427E |
.data |
0x001c5000 |
208,280 bytes | 0 bytes | 0.00 (Normal) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE
|
D41D8CD98F00B204E9800998ECF8427E |
.Baymax0 |
0x001f8000 |
591,810 bytes | 0 bytes | 0.00 (Normal) |
IMAGE_SCN_CNT_CODE|IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE
|
D41D8CD98F00B204E9800998ECF8427E |
.tls |
0x00289000 |
24 bytes | 512 bytes | 0.00 (Normal) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE
|
BF619EAC0CDF3F68D496EA9344137E8B |
.Baymax1 |
0x0028a000 |
1,117,624 bytes | 1,117,696 bytes | 7.94 (Packed/Encrypted) |
IMAGE_SCN_CNT_CODE|IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE
|
1B7267278008B45540E41D99DA671DC8 |
.reloc |
0x0039b000 |
312 bytes | 512 bytes | 3.41 (Normal) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ
|
8CD9A3936595FE02649B52D6ED20400C |
.rsrc |
0x0039c000 |
27,892 bytes | 11,776 bytes | 5.08 (Normal) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ
|
EA55DA8653770B880A174F10259AF562 |
.BaymaxN |
0x003a3000 |
16,384 bytes | 16,384 bytes | 1.13 (Normal) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ
|
9613CD7DCF143E245B6CBD8B47D99B9F |
1 section(s) with high entropy (≥7.5) detected - possible packing/encryption
| Resource Type | Count | Total Size | Percentage |
|---|---|---|---|
| BAYMAX | 1 | 16,194 bytes | |
| RT_ICON | 1 | 9,640 bytes | |
| RT_DIALOG | 2 | 420 bytes | |
| RT_GROUP_ICON | 1 | 20 bytes | |
| RT_VERSION | 1 | 756 bytes | |
| RT_MANIFEST | 1 | 346 bytes |
This file is not digitally signed.
⚠ This file either lacks a digital signature or the certificate chain could not be verified
Exercise caution when executing unsigned files from unknown sources
No valid SignedData structure was found.
Recommendation: Verify the file source and ensure it comes from a trusted publisher.
Gridinsoft has the capability to identify and eliminate Trojan.Heur!.032920A0 without requiring further user intervention.
Download Anti-MalwareFollow these steps to completely remove the threat from your system
