F5F Stay Refreshed Software General Software Is CrystalDiskInfo still secure?

Is CrystalDiskInfo still secure?

Is CrystalDiskInfo still secure?

Pages (2): 1 2 Next
D
Digger12364
Junior Member
Find
18
02-05-2026, 07:11 PM
#1
I put it there from the link provided:
https://crystalmark.info/en/download/
The installer was named
"CrystalDiskInfo9_7_0Ads.exe"
The "ads" section is causing concern. I attempted to download it five times without clicking on ads or popups, and each time I received the same file. Is the website now infected with malware?
Reply
Reply
D
Digger12364
02-05-2026, 07:11 PM #1

I put it there from the link provided:
https://crystalmark.info/en/download/
The installer was named
"CrystalDiskInfo9_7_0Ads.exe"
The "ads" section is causing concern. I attempted to download it five times without clicking on ads or popups, and each time I received the same file. Is the website now infected with malware?

Reply
Reply
J
JcDaBeast
Member
Find
70
02-14-2026, 03:53 AM
#2
Download from here; CrystalDiskInfo is available for free. It's a HDD/SSD utility that supports USB, RAID and NVMe. sourceforge.net indicates it should be a zip file extracted onto your system. The previous discussion about Windows 10 has been moved to the Apps and Software section.
Reply
Reply
J
JcDaBeast
02-14-2026, 03:53 AM #2

Download from here; CrystalDiskInfo is available for free. It's a HDD/SSD utility that supports USB, RAID and NVMe. sourceforge.net indicates it should be a zip file extracted onto your system. The previous discussion about Windows 10 has been moved to the Apps and Software section.

Reply
Reply
C
CoolboyGR
Member
Find
201
02-15-2026, 06:23 AM
#3
The file is verified with a valid certificate. VirusTotal shows no concerns. Apart from the name, nothing requires worry.
Reply
Reply
C
CoolboyGR
02-15-2026, 06:23 AM #3

The file is verified with a valid certificate. VirusTotal shows no concerns. Apart from the name, nothing requires worry.

Reply
Reply
J
Jake_TheDoge
Member
Find
207
02-15-2026, 06:55 AM
#4
This appears to be the download link for CrystalDiskInfo 9.7.0.
Reply
Reply
J
Jake_TheDoge
02-15-2026, 06:55 AM #4

This appears to be the download link for CrystalDiskInfo 9.7.0.

Reply
Reply
T
Tcg1921
Junior Member
Find
10
02-15-2026, 03:06 PM
#5
Consider whether you need to worry or if installing via the file is sufficient. You've repeatedly used the official site and received this file, so proceed accordingly.
Reply
Reply
T
Tcg1921
02-15-2026, 03:06 PM #5

Consider whether you need to worry or if installing via the file is sufficient. You've repeatedly used the official site and received this file, so proceed accordingly.

Reply
Reply
D
DRAGON91160
Member
Find
108
02-21-2026, 11:00 AM
#6
Authenticate using the provided method. Upload the file to receive a link similar to what you see here. Doing this for all your executables can provide some peace of mind. Additionally, activating the "Digital Signature" option in File Explorer by pressing Alt+Enter and selecting it will display the signer, typically "CrystalMark Inc." This signature confirms the authentic author released the executable.
Reply
Reply
D
DRAGON91160
02-21-2026, 11:00 AM #6

Authenticate using the provided method. Upload the file to receive a link similar to what you see here. Doing this for all your executables can provide some peace of mind. Additionally, activating the "Digital Signature" option in File Explorer by pressing Alt+Enter and selecting it will display the signer, typically "CrystalMark Inc." This signature confirms the authentic author released the executable.

Reply
Reply
M
M0rdeKaiser
Member
Find
243
02-21-2026, 12:02 PM
#7
Well, I'd be cautious. Not only has the filename changed - this is what was seen in the recent change-log:
"
Added “CrystalMark Inc.” as copyright holder
Changed code signature to “CrystalMark Inc.”
"
[
https://crystalmark.info/en/software/cry...o-history/
]
So - change in copyright holder, change in code signature + inclusion of ads? Not proof of anything malicious - but definitely signs of change that long-term users of the app may not be super comfortable with.
Reply
Reply
M
M0rdeKaiser
02-21-2026, 12:02 PM #7

Well, I'd be cautious. Not only has the filename changed - this is what was seen in the recent change-log:
"
Added “CrystalMark Inc.” as copyright holder
Changed code signature to “CrystalMark Inc.”
"
[
https://crystalmark.info/en/software/cry...o-history/
]
So - change in copyright holder, change in code signature + inclusion of ads? Not proof of anything malicious - but definitely signs of change that long-term users of the app may not be super comfortable with.

Reply
Reply
B
BaccaStrq123
Senior Member
Find
664
02-21-2026, 05:51 PM
#8
This site functions similarly to others by guiding users toward ad-based downloads to help sustain their income. If you're not paying close attention, you may end up with what you initially received. However, seek out another link. They consistently offer an alternative method for accessing the non-ad based option on their platform. Something like "other downloads" is often provided.
Reply
Reply
B
BaccaStrq123
02-21-2026, 05:51 PM #8

This site functions similarly to others by guiding users toward ad-based downloads to help sustain their income. If you're not paying close attention, you may end up with what you initially received. However, seek out another link. They consistently offer an alternative method for accessing the non-ad based option on their platform. Something like "other downloads" is often provided.

Reply
Reply
F
farazofbuscus
Member
Find
212
02-22-2026, 01:07 AM
#9
The "CrystalMark Inc." signage appears somewhat unusual, yet the developer has clearly stated it. I believe these certificate providers typically don’t offer such services. Did the developer actually create a company? This would likely involve costs and could be atypical.

Regarding ads, I haven’t noticed them in both CrystalDiskInfo and CrystalMark Retro.
Reply
Reply
F
farazofbuscus
02-22-2026, 01:07 AM #9

The "CrystalMark Inc." signage appears somewhat unusual, yet the developer has clearly stated it. I believe these certificate providers typically don’t offer such services. Did the developer actually create a company? This would likely involve costs and could be atypical.

Regarding ads, I haven’t noticed them in both CrystalDiskInfo and CrystalMark Retro.

Reply
Reply
L
LoveDoggy56
Junior Member
Find
45
02-22-2026, 05:55 AM
#10
Took some time to dig into the app itself a bit deeper. The current files for download are located here:
https://sourceforge.net/projects/crystal...les/9.7.0/
I'm focusing specifically on the following:
Code:
CrystalDiskInfo9_7_0Ads.exe [SHA256: 92a1568bfe664c7a824e455501648d57419b9b1ad4927a44f29e7bdf1d3e777f]
CrystalDiskInfo9_7_0.zip [SHA256: e50f4fe5409487b83a2360e61cd33c0f949767b0e3e645f24782f60a78e6cf88]
Inside the .ZIP file are three main executables:
Code:
DiskInfo32.exe [SHA256: c13b2eb837d788159f4dd5e4648a05902c2d42fd2eb1242d8c2a30e36f560709]
DiskInfo64.exe [SHA256: 8029af001fbbd99ca3a179d547713dc3fa7283343688a2f481fe1568301622b0]
DiskInfoA64.exe [SHA256: a8f924ccfda6cb2c5d6f7a974d553660197e746cf6cdf360071e604b16cecfdd]
These binaries have the exact same hashes as the ones in the EXE installer.
Checking the EXE installer, it appears to be a standard Inno Setup installer containing all the program files found in the .ZIP archive, as well as an additional adware component.
This additional adware component is a file named '
ESTARTsetup.exe
' [
SHA256: 1b39d4493428a4279ae2b8f8bf38f1d407fec07e5d10d4b105b97c802c027251
] which is also an Inno Setup installer, but this one is signed by '
GMO INSIGHT Inc.
'.
(for those who wish to do further analysis on it, I have uploaded it here:
https://gofile.io/d/lkxC2N
)
This setup program is designed to drop two files into the following folder: '
%programfiles%\GMO INSIGHT
'
The files it drops are:
Code:
ESTARTsetup_no_uac.exe [SHA256: 91688346dee90eb3c385bfd1747c8063124b7495edfccd928971785157a248db]
eucsetupv4.exe [SHA256: 1ad7fa724f48e9d1af41d750ba1026608641ab0651e59696c9ae57f79d88696c]
The first is yet another Inno Setup installer & the second is an NSIS installer.
The first file internally contains a .URL file linking to the following: '
https://support.estart.jp/licenses/estar...icense.txt
'
Also - the install script internally references this URL:
https://service.estart.jp/app/
(seemingly what will be displayed in the Windows Add/Remove Programs windows URL field for the entry made for this app).
The first file writes most of its contents to the following folder: '
%localappdata%\GMO INSIGHT\
' and the following registry key '
HKEY_CURRENT_USER\Software\GMO INSIGHT
'.
It also contains a '
license.txt
' file which (in part) has the following text:
Code:
8. Handling of Personal Information

For information on how we handle personal information about users in our services, please see our privacy policy (https://www.gmo-insight.jp/privacy). Users are deemed to have accepted the contents of the privacy policy.
The first file also drops this file:
E_START_App.exe
[
SHA256: 7e6c1d729914edf957448f09049ea790904f0360d98c57d4b4987e839018d1b5
]
This file is signed by '
GMO INSIGHT Inc.
'
This file may be a dropper for other files as well, but I was not able to quickly unpack it to see what else it may contain. The install script that drops that file also sets a system 'RunOnce' entry for a file named '
kaipoke_for_Windows_Installer_nouac.exe
' - but I was unfortunately not quickly able to locate where that file was coming from.
That concludes my investigation of the first file. The second file was a bit more of a challenge because I was unable to quickly extract the installation script, but I did get all other files it deploys - which I will now list, along with the hashes:
Code:
EUCHelper.dll SHA256:6b07bfd8b54c64a74003c346b446eed2d6ccf48a3580d682644874f478bb8757
JusAdmin.exe SHA256:0c95b73047e74c2fe41547f91f73065e05dc0f51057d582c980e6f9f3eeeaca6
JWordUpdateCenter.exe SHA256:3262e72474a14f0a42760545cc3ef56b5ee46d6bce5f36232aefe682ac95d366
JWordUpdateCore.dll SHA256:5b5b703ebae366670084e27c27de0020f19fe4e9efeeac03accf9e976e883729
JWordUpdateNotifier.exe SHA256:01b9a66bff8ae6dc329a13d6384f1ffdd23aad08e66b644b59389a7d18fc2897
JWordUpdateService.exe SHA256:83c66684e574e687df8731272488cff3ba7834761915d47fc30432b453d69ffa
KaipokeHelpder.dll SHA256:ac961c1163a48d14cb1ea78beb233e795cd12f140c77003641cf0932e3b7f67e
KaiPokeWin.dll SHA256:9c10c1795cd0274ce8a2bdc6a9f9b8b107fba7635ae5ffbadd46916da4fbfc8b
libcurl.dll SHA256:e9c5c7f761abab3c63e7afecff62d668218b516f055019121bf1a02a7550de37
Microsoft.IdentityModel.Tokens.dll SHA256:f6bcd35b89cd3181eedeb900fc37da80ca8b24556f57f6f6c7c19c2ea3c9ab2a
Microsoft.Web.WebView2.Core.dll SHA256:1adc8ceb265b025b5ff45b631a34aa6330ca6bd64d393b99b92658041f980d5d
Microsoft.Web.WebView2.WinForms.dll SHA256:ebb77c94f90ab25eea07497c1ffa476c46348cea3f57fbae14c5bf9d1bb23377
msvcp140.dll SHA256:b2ca647916ee203b6831ed4924e4317b04fdded8ac6a2c41c29e73bc94b1ac29
newspushapp.dll SHA256:27842332127d89b1085a5e0fc29c52c6693cc30c6982b2e092da76f5eb1723a3
SearchAssistBarWindows.dll SHA256:59b341b95d84ce6b74d85e4c06239ff3d645441c12ab0e8feb681300ed250fa4
UIAutoma.dll SHA256:bdabaf0470344e964f8bc18928ee088027dec279bc90488f758b558a6f85aefa
uninstaller.bin SHA256:9ff861961509398214c471d2947cdff0c85f3a3e0733e16d873c6af284ee4f2c
uninstaller.exe SHA256:58fe938065fb33dcb5d593d49b928b77290877a778f994a69478cae2eca690fd
unknown SHA256:01bc9bb2b2618054c597fbc2d228d056a81a3690702c15a1b79b9a5cef5c3899
vcruntime140.dll SHA256:70878fd7d63280650356bc46577b989b1e48553cc19be77ec5dabece39f0f16d
WebView2Loader.dll SHA256:53dd9126a3c5d58776a274856af402edb7580b601f312ed5fa237befff065221
As I lack the installation script, I'm not 100% certain where on the disk these will try to deploy.
I did try running the EXE installer in a VM and interestingly enough - the install wizard never mentioned the adware components nor did they get deployed to the disk. I don't know if this was because the VM was detected, or if it was because I was using an English language OS. I suspect that for now - maybe the adware only deploys if the system language is set to Japanese. I have NOT confirmed this though. I've also not tried to intentionally install the adware in a VM to get a more complete picture of exactly what it does / where it deploys.
For now - I'd say the safest option is just to download the .ZIP archive and overwrite the files you already have installed on your system with the ones from the archive. This should (hopefully) get you the updated version of the app without the adware components. At the moment, it appears the adware is a completely separate package merely being bundled with the main app in the installer, not directly integrated into the main app itself.
Thus also - if you don't have the app installed yet and prefer the conveniece of an installer, you could always just run the installer for the last ad-free version available (9.6.3) [
https://sourceforge.net/projects/crystal...e/download
] and then download the ZIP file of the latest version (9.7.0) [
https://sourceforge.net/projects/crystal...p/download
] and then extract its contents into the install location, overwriting what was already there.
That's all I've got for now - hopefully the author of the program will provide a bit more clarity in a future posting on their website, or in later updates to the changelog.
Reply
Reply
L
LoveDoggy56
02-22-2026, 05:55 AM #10

Took some time to dig into the app itself a bit deeper. The current files for download are located here:
https://sourceforge.net/projects/crystal...les/9.7.0/
I'm focusing specifically on the following:
Code:
CrystalDiskInfo9_7_0Ads.exe [SHA256: 92a1568bfe664c7a824e455501648d57419b9b1ad4927a44f29e7bdf1d3e777f]
CrystalDiskInfo9_7_0.zip [SHA256: e50f4fe5409487b83a2360e61cd33c0f949767b0e3e645f24782f60a78e6cf88]
Inside the .ZIP file are three main executables:
Code:
DiskInfo32.exe [SHA256: c13b2eb837d788159f4dd5e4648a05902c2d42fd2eb1242d8c2a30e36f560709]
DiskInfo64.exe [SHA256: 8029af001fbbd99ca3a179d547713dc3fa7283343688a2f481fe1568301622b0]
DiskInfoA64.exe [SHA256: a8f924ccfda6cb2c5d6f7a974d553660197e746cf6cdf360071e604b16cecfdd]
These binaries have the exact same hashes as the ones in the EXE installer.
Checking the EXE installer, it appears to be a standard Inno Setup installer containing all the program files found in the .ZIP archive, as well as an additional adware component.
This additional adware component is a file named '
ESTARTsetup.exe
' [
SHA256: 1b39d4493428a4279ae2b8f8bf38f1d407fec07e5d10d4b105b97c802c027251
] which is also an Inno Setup installer, but this one is signed by '
GMO INSIGHT Inc.
'.
(for those who wish to do further analysis on it, I have uploaded it here:
https://gofile.io/d/lkxC2N
)
This setup program is designed to drop two files into the following folder: '
%programfiles%\GMO INSIGHT
'
The files it drops are:
Code:
ESTARTsetup_no_uac.exe [SHA256: 91688346dee90eb3c385bfd1747c8063124b7495edfccd928971785157a248db]
eucsetupv4.exe [SHA256: 1ad7fa724f48e9d1af41d750ba1026608641ab0651e59696c9ae57f79d88696c]
The first is yet another Inno Setup installer & the second is an NSIS installer.
The first file internally contains a .URL file linking to the following: '
https://support.estart.jp/licenses/estar...icense.txt
'
Also - the install script internally references this URL:
https://service.estart.jp/app/
(seemingly what will be displayed in the Windows Add/Remove Programs windows URL field for the entry made for this app).
The first file writes most of its contents to the following folder: '
%localappdata%\GMO INSIGHT\
' and the following registry key '
HKEY_CURRENT_USER\Software\GMO INSIGHT
'.
It also contains a '
license.txt
' file which (in part) has the following text:
Code:
8. Handling of Personal Information

For information on how we handle personal information about users in our services, please see our privacy policy (https://www.gmo-insight.jp/privacy). Users are deemed to have accepted the contents of the privacy policy.
The first file also drops this file:
E_START_App.exe
[
SHA256: 7e6c1d729914edf957448f09049ea790904f0360d98c57d4b4987e839018d1b5
]
This file is signed by '
GMO INSIGHT Inc.
'
This file may be a dropper for other files as well, but I was not able to quickly unpack it to see what else it may contain. The install script that drops that file also sets a system 'RunOnce' entry for a file named '
kaipoke_for_Windows_Installer_nouac.exe
' - but I was unfortunately not quickly able to locate where that file was coming from.
That concludes my investigation of the first file. The second file was a bit more of a challenge because I was unable to quickly extract the installation script, but I did get all other files it deploys - which I will now list, along with the hashes:
Code:
EUCHelper.dll SHA256:6b07bfd8b54c64a74003c346b446eed2d6ccf48a3580d682644874f478bb8757
JusAdmin.exe SHA256:0c95b73047e74c2fe41547f91f73065e05dc0f51057d582c980e6f9f3eeeaca6
JWordUpdateCenter.exe SHA256:3262e72474a14f0a42760545cc3ef56b5ee46d6bce5f36232aefe682ac95d366
JWordUpdateCore.dll SHA256:5b5b703ebae366670084e27c27de0020f19fe4e9efeeac03accf9e976e883729
JWordUpdateNotifier.exe SHA256:01b9a66bff8ae6dc329a13d6384f1ffdd23aad08e66b644b59389a7d18fc2897
JWordUpdateService.exe SHA256:83c66684e574e687df8731272488cff3ba7834761915d47fc30432b453d69ffa
KaipokeHelpder.dll SHA256:ac961c1163a48d14cb1ea78beb233e795cd12f140c77003641cf0932e3b7f67e
KaiPokeWin.dll SHA256:9c10c1795cd0274ce8a2bdc6a9f9b8b107fba7635ae5ffbadd46916da4fbfc8b
libcurl.dll SHA256:e9c5c7f761abab3c63e7afecff62d668218b516f055019121bf1a02a7550de37
Microsoft.IdentityModel.Tokens.dll SHA256:f6bcd35b89cd3181eedeb900fc37da80ca8b24556f57f6f6c7c19c2ea3c9ab2a
Microsoft.Web.WebView2.Core.dll SHA256:1adc8ceb265b025b5ff45b631a34aa6330ca6bd64d393b99b92658041f980d5d
Microsoft.Web.WebView2.WinForms.dll SHA256:ebb77c94f90ab25eea07497c1ffa476c46348cea3f57fbae14c5bf9d1bb23377
msvcp140.dll SHA256:b2ca647916ee203b6831ed4924e4317b04fdded8ac6a2c41c29e73bc94b1ac29
newspushapp.dll SHA256:27842332127d89b1085a5e0fc29c52c6693cc30c6982b2e092da76f5eb1723a3
SearchAssistBarWindows.dll SHA256:59b341b95d84ce6b74d85e4c06239ff3d645441c12ab0e8feb681300ed250fa4
UIAutoma.dll SHA256:bdabaf0470344e964f8bc18928ee088027dec279bc90488f758b558a6f85aefa
uninstaller.bin SHA256:9ff861961509398214c471d2947cdff0c85f3a3e0733e16d873c6af284ee4f2c
uninstaller.exe SHA256:58fe938065fb33dcb5d593d49b928b77290877a778f994a69478cae2eca690fd
unknown SHA256:01bc9bb2b2618054c597fbc2d228d056a81a3690702c15a1b79b9a5cef5c3899
vcruntime140.dll SHA256:70878fd7d63280650356bc46577b989b1e48553cc19be77ec5dabece39f0f16d
WebView2Loader.dll SHA256:53dd9126a3c5d58776a274856af402edb7580b601f312ed5fa237befff065221
As I lack the installation script, I'm not 100% certain where on the disk these will try to deploy.
I did try running the EXE installer in a VM and interestingly enough - the install wizard never mentioned the adware components nor did they get deployed to the disk. I don't know if this was because the VM was detected, or if it was because I was using an English language OS. I suspect that for now - maybe the adware only deploys if the system language is set to Japanese. I have NOT confirmed this though. I've also not tried to intentionally install the adware in a VM to get a more complete picture of exactly what it does / where it deploys.
For now - I'd say the safest option is just to download the .ZIP archive and overwrite the files you already have installed on your system with the ones from the archive. This should (hopefully) get you the updated version of the app without the adware components. At the moment, it appears the adware is a completely separate package merely being bundled with the main app in the installer, not directly integrated into the main app itself.
Thus also - if you don't have the app installed yet and prefer the conveniece of an installer, you could always just run the installer for the last ad-free version available (9.6.3) [
https://sourceforge.net/projects/crystal...e/download
] and then download the ZIP file of the latest version (9.7.0) [
https://sourceforge.net/projects/crystal...p/download
] and then extract its contents into the install location, overwriting what was already there.
That's all I've got for now - hopefully the author of the program will provide a bit more clarity in a future posting on their website, or in later updates to the changelog.

Reply
Reply
Pages (2): 1 2 Next