Manalyze report for 13faf3bf2592b382ed2763cdac96d64c27eca4fdbce20b756d236b6345bdd021

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2006-Jan-04 05:07:07
Detected languages	English - United States

Plugin Output

Info	Interesting strings found in the binary:	`Contains domain names: github.com https://github.com`
Suspicious	The PE is possibly packed.	`Unusual section name found: .buildid`
Info	The PE contains common functions which appear in legitimate applications.	`Possibly launches other programs: ShellExecuteA` `Checks if it has admin rights: IsUserAnAdmin`
Malicious	VirusTotal score: 13/71 (Scanned on 2026-05-31 13:39:17)	`ALYac: Gen:Variant.Lazy.723744` `Arcabit: Trojan.Lazy.DB0B20` `BitDefender: Gen:Variant.Lazy.723744` `CTX: exe.trojan.lazy` `DeepInstinct: MALICIOUS` `Emsisoft: Gen:Variant.Lazy.723744 (B)` `GData: Gen:Variant.Lazy.723744` `Kingsoft: malware.kb.a.832` `MicroWorld-eScan: Gen:Variant.Lazy.723744` `Trapmine: malicious.moderate.ml.score` `TrendMicro: Trojan.Win64.LAZY.TL0101ET26ZY` `TrendMicro-HouseCall: Trojan.Win64.LAZY.TL0101ET26ZY` `VIPRE: Gen:Variant.Lazy.723744`

Hashes

MD5	`ba6e5a461b719f5d5b5e43e073c32c09`
SHA1	`e8766f3276397c71f82ec1588c424cfaf1820bd2`
SHA256	`13faf3bf2592b382ed2763cdac96d64c27eca4fdbce20b756d236b6345bdd021`
SHA3	`f6279efc810c2f1e732f2282c810a6908edfd156657aaa229a1481489f625e6e`
SSDeep	`1536:DPfY3M7UUhzg/s13yTDt3GGE/avpbEc2GRqbxMet:DPfY301zoY3y3t2GXpwYqbx`
Imports Hash	`78244449ccd301d93023cdd3ccb06850`

DOS Header

e_magic	`MZ`
e_cblp	`0x78`
e_cp	`0x1`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0`
e_ss	`0`
e_sp	`0`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x78`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`8`
TimeDateStamp	2006-Jan-04 05:07:07
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`14.0`
SizeOfCode	`0x9c00`
SizeOfInitializedData	`0x4c00`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x0000000000001000 (Section: .text)`
BaseOfCode	`0x1000`
ImageBase	`0x140000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`6.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0x15000`
SizeOfHeaders	`0x400`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x1000000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`4cddf8c6c4974f62615cba7065879895`
SHA1	`3ac65af810d9182dc8051f0249f1c01c6e2dde41`
SHA256	`923897461643a45f91b3c57bd67443a1c197fff081509432f6e50eb7a97386f7`
SHA3	`cd0dd2bbdeba7ba01634dcb4557e973b970ed07d3fb9642fb9d159316f132e43`
VirtualSize	`0x9bf6`
VirtualAddress	`0x1000`
SizeOfRawData	`0x9c00`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.51556`

.rdata

MD5	`6f04d80f0f71affe63ff78452570d6e8`
SHA1	`9ca1aae4533d681a34c6f8ec0b401b02b5b9d4d4`
SHA256	`fe56e3295e4cbf3e3b45052ead3d1fa4573f1881c5e9daa37f5ebc4dd61dc79f`
SHA3	`83bf7ade19b495e477eb40ec1b9caeef5142be49a715cc595c8f25a1de175368`
VirtualSize	`0x3630`
VirtualAddress	`0xb000`
SizeOfRawData	`0x3800`
PointerToRawData	`0xa000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.21612`

.buildid

MD5	`81e802baa000b74f5440e7bb1f417555`
SHA1	`980f47d7b6ccb7ce2a010b9707e5294ced1e62ba`
SHA256	`81073293fc3907466cdf6690878cb48b3f1f8c25d85a19f296d895097dfec931`
SHA3	`0cc00a267762a10edaa0cc162e783342f34ce56fefc6da79e172b24517edc0fa`
VirtualSize	`0x1c`
VirtualAddress	`0xf000`
SizeOfRawData	`0x200`
PointerToRawData	`0xd800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`0.10191`

.data

MD5	`4d614d504e360103b282e428ccd7e012`
SHA1	`eb2276f8f75c28fb0c1cd8c1d1215c1bf90a8062`
SHA256	`d8ad363eab8f3ed962c3bd0577b7c9e8494054ae96bdc8f17530b6045e6d6072`
SHA3	`ca32feee4a5aef2606adb9caf43be1f9d6da06499b15ad6ebce0fa482c5ab6c1`
VirtualSize	`0x40`
VirtualAddress	`0x10000`
SizeOfRawData	`0x200`
PointerToRawData	`0xda00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0.143459`

.pdata

MD5	`6a0c4905af4ffb8bb32c65968f7a5f10`
SHA1	`32bc9e391d6c9521bf4f05ed6e06d262682f0e9e`
SHA256	`7f8f373d15affadb57e67f6f449d868f3f31313bfc24b3d37967ee28bbaee494`
SHA3	`12c35c88c50962332ccacdadcbce127f462d85f8704de4be2a8e052a770d8942`
VirtualSize	`0x84`
VirtualAddress	`0x11000`
SizeOfRawData	`0x200`
PointerToRawData	`0xdc00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`1.11939`

.tls

MD5	`bf619eac0cdf3f68d496ea9344137e8b`
SHA1	`5c3eb80066420002bc3dcc7ca4ab6efad7ed4ae5`
SHA256	`076a27c79e5ace2a3d47f9dd2e83e4ff6ea8872b3c2218f66c92b89b55f36560`
SHA3	`622de1e1568ddef36c4b89b706b05201c13481c3575d0fc804ff8224787fcb59`
VirtualSize	`0x10`
VirtualAddress	`0x12000`
SizeOfRawData	`0x200`
PointerToRawData	`0xde00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0`

.rsrc

MD5	`2de17f9840c1251783d710b236b7050b`
SHA1	`26c58e2cbdcfea1edb6296c06d2dc6f6215c06ae`
SHA256	`627e36c528713699144ac78013620a4640042229d9c8ef3afa4025e57a076b56`
SHA3	`27d373ab1a0a2d5c9c965f2f7d39f80118e02c23c09d1f0168c5c2a7032654f8`
VirtualSize	`0x818`
VirtualAddress	`0x13000`
SizeOfRawData	`0xa00`
PointerToRawData	`0xe000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`3.39092`

.reloc

MD5	`5c98f102eade92aaea70ad985f8ca4c7`
SHA1	`d67db00c8165e4b5c6bdd12e69ef605e72571c72`
SHA256	`45fa4fdea4f890380da3a0706e0ecedd831b48dc010ef07ad25d026268760476`
SHA3	`6b7e871c0e233c136dd6b43ccac055968543330575f2fb11025a9e0c69e6acfb`
VirtualSize	`0x20`
VirtualAddress	`0x14000`
SizeOfRawData	`0x200`
PointerToRawData	`0xea00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`0.342786`

Imports

ntdll.dll	`NtClose` `RtlExitUserProcess` `RtlQueryPerformanceCounter` `RtlQueryPerformanceFrequency`
KERNEL32.dll	`CreateMutexA` `CreateThread` `FreeLibrary` `GetModuleFileNameA` `GetPrivateProfileIntA` `LoadLibraryA` `SetThreadPriority` `WritePrivateProfileStringA`
USER32.dll	`CallNextHookEx` `CallWindowProcA` `CheckDlgButton` `ClipCursor` `CreateDialogParamA` `CreateWindowExA` `DestroyMenu` `DestroyWindow` `DispatchMessageA` `GetClipCursor` `GetCursorPos` `GetDlgItem` `GetDlgItemTextA` `GetMessageA` `GetRawInputData` `GetSubMenu` `GetWindowLongPtrA` `IsDialogMessageA` `IsDlgButtonChecked` `IsWindowVisible` `KillTimer` `LoadIconA` `LoadMenuA` `MessageBoxA` `PostQuitMessage` `PostThreadMessageA` `RegisterRawInputDevices` `SendInput` `SendMessageA` `SetDlgItemInt` `SetForegroundWindow` `SetThreadDpiAwarenessContext` `SetTimer` `SetWindowLongA` `SetWindowLongPtrA` `SetWindowTextA` `SetWindowsHookExA` `ShowWindowAsync` `TrackPopupMenu` `TranslateMessage` `UnhookWindowsHookEx`
SHELL32.dll	`IsUserAnAdmin` `ShellExecuteA` `Shell_NotifyIconA` `Shell_NotifyIconGetRect`

Delayed Imports

Type	`RT_MENU`
Language	English - United States
Codepage	UNKNOWN
Size	`0x220`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.95752`
MD5	`6bc3d981b146c1672ba78a39953e4d74`
SHA1	`1d500f7dd54d054fa0ed81f395cff7e4f4f12494`
SHA256	`c0bbd8e9efa913a67faf6d241bd00a12f4eec98722df9f806ac46e9a5637f66e`
SHA3	`142f049c2148be93c420ac18647d0d358b1974ca1f16125e8e344afd28f9f9e4`

CFGDLG

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0x2ee`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.08773`
MD5	`5ca19a20502f93c1213638d01dec31c3`
SHA1	`56bc646a94e6b7697a6688e1e5aa5b67779c3c46`
SHA256	`d5c9e61f607809f579bdb42ff4cc79f5e4e13d4588f0351031ae51958af98340`
SHA3	`50afe49492caa1a98061bc6f00319cfc97ba29f6ef2140203a585f3ae60f5a78`

1

Type	`RT_MANIFEST`
Language	English - United States
Codepage	UNKNOWN
Size	`0x207`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.46747`
MD5	`8cc459f46cd1ad3514b6cb0b85630048`
SHA1	`c98d1ac969c9a844dafef560f64cb47b892f9897`
SHA256	`b680031c4fece0a93969450d01d67ffd184b9c918c7585feeab1704c473b73cd`
SHA3	`97a935c50eae1eb04e9897bdb3d1b4b07c493c39ddfc3f7a4c842872a3c26802`

Version Info

UNKNOWN

Characteristics	`0`
TimeDateStamp	2006-Jan-04 05:07:07
Version	`0.0`
SizeofData	`0`
AddressOfRawData	`0`
PointerToRawData	`0`

TLS Callbacks

StartAddressOfRawData	`0x140012000`
EndAddressOfRawData	`0x140012008`
AddressOfIndex	`0x140010010`
AddressOfCallbacks	`0x14000dca0`
SizeOfZeroFill	`0`
Characteristics	`IMAGE_SCN_ALIGN_8BYTES`
Callbacks	`(EMPTY)`

Load Configuration

RICH Header

Errors

Leave a comment

No comments yet.

13faf3bf2592b382ed2763cdac96d64c27eca4fdbce20b756d236b6345bdd021

Summary

Plugin Output

Hashes

DOS Header

PE Header

Image Optional Header

.text

.rdata

.buildid

.data

.pdata

.tls

.rsrc

.reloc

Imports

Delayed Imports

MENU

CFGDLG

1

Version Info

UNKNOWN

TLS Callbacks

Load Configuration

RICH Header

Errors