Manalyze report for 4a920507160aeb6a2b017a2584d616fa

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2025-Dec-31 00:34:14
Detected languages	English - United States
Debug artifacts	C:\Users\Luxe\Desktop\miner\Loaderv2\x64\Release\Loader.pdb

Plugin Output

Suspicious	Strings found in the binary may indicate undesirable behavior:	`Looks for VMWare presence: VMware vmtools vmware` `Looks for Sandboxie presence: sbiectrl.exe sbiesvc.exe` `Looks for VirtualBox presence: SOFTWARE\Oracle\VirtualBox Guest Additions vboxservice vboxtray` `Miscellaneous malware strings: cmd.exe` `Contains domain names: cloudyte.ru cyvora.net echolinkr.com https://cloudyte.ru https://cyvora.net https://echolinkr.com https://lumly.org https://pastecache.com https://streamix.im https://zippio.su lumly.org pastecache.com`
Info	Libraries used to perform cryptographic operations:	`Microsoft's Cryptography API`
Suspicious	The PE is possibly packed.	`Unusual section name found: .fptable`
Malicious	The PE contains functions mostly used by malware.	`[!] The program may be hiding some of its imports: GetProcAddress LoadLibraryExW` `Functions which can be used for anti-debugging purposes: CreateToolhelp32Snapshot` `Code injection capabilities (process hollowing): ResumeThread WriteProcessMemory Wow64SetThreadContext SetThreadContext` `Code injection capabilities (process doppelganging): WriteFile CreateTransaction RollbackTransaction` `Can access the registry: RegCloseKey RegOpenKeyExW` `Possibly launches other programs: CreateProcessW CreateProcessA` `Uses Windows's Native API: NtCreateSection NtMapViewOfSection` `Uses Microsoft's cryptographic API: CryptStringToBinaryA` `Has Internet access capabilities: InternetCloseHandle InternetReadFile InternetOpenUrlA InternetOpenA` `Manipulates other processes: Process32NextW Process32FirstW WriteProcessMemory`
Malicious	VirusTotal score: 44/71 (Scanned on 2026-02-07 03:05:47)	`ALYac: Gen:Variant.Tedy.851636` `APEX: Malicious` `AVG: Win64:MalwareX-gen [Misc]` `Alibaba: Trojan:Win64/Inject.3adf334c` `Antiy-AVL: Trojan/Win64.Inject` `Arcabit: Trojan.Tedy.DCFEB4` `Avast: Win64:MalwareX-gen [Misc]` `BitDefender: Gen:Variant.Tedy.851636` `Bkav: W64.AIDetectMalware` `CAT-QuickHeal: Trojan.Ghanarava.1770195783d616fa` `CTX: exe.trojan.inject` `ClamAV: Win.Malware.Generickdz-10058616-0` `CrowdStrike: win/malicious_confidence_100% (W)` `Cylance: Unsafe` `Cynet: Malicious (score: 100)` `DeepInstinct: MALICIOUS` `DrWeb: Trojan.Loader.2869` `Elastic: malicious (high confidence)` `Emsisoft: Gen:Variant.Tedy.851636 (B)` `Fortinet: W32/PossibleThreat` `GData: Gen:Variant.Tedy.851636` `Google: Detected` `Gridinsoft: Trojan.Win64.Downloader.sa` `Ikarus: Trojan-Spy.Agent` `Kaspersky: HEUR:Trojan.Win64.Inject.gen` `Kingsoft: Win64.Trojan.Inject.gen` `Lionic: Trojan.Win32.Inject.1b!c` `Malwarebytes: Trojan.CoinMiner` `MaxSecure: Trojan.Malware.338148470.susgen` `McAfeeD: Trojan:Win/Lummac.PG` `MicroWorld-eScan: Gen:Variant.Tedy.851636` `Microsoft: Trojan:Win32/CoinMiner!rfn` `Paloalto: generic.ml` `Rising: Trojan.Kryptik@AI.96 (RDML:vISCm2A2xcBArEJ+PlM+nQ)` `Sangfor: Trojan.Win32.Save.a` `SentinelOne: Static AI - Malicious PE` `Sophos: Mal/Generic-S` `Tencent: Malware.Win32.Gencirc.14a6809f` `TrellixENS: Artemis!4A920507160A` `TrendMicro-HouseCall: TROJ_GEN.R002H09A126` `VIPRE: Gen:Variant.Tedy.851636` `Varist: W64/ABTrojan.PFTC-7355` `Zillya: Trojan.Inject.Win64.1265` `alibabacloud: Trojan:Win/Tedy.Gen`

Hashes

MD5	`4a920507160aeb6a2b017a2584d616fa`
SHA1	`bad4c65c8d6d6f348a06f5688aed62aab18473f6`
SHA256	`1c1c60188b688bc3e6602cc5f3639ed22d2bc8f8e18bca58572a40daa2f63611`
SHA3	`923c18f45c4c013195a120a1884b5e621110e2e53508bf1f6d35bb4280e15bee`
SSDeep	`3072:2+Yh7Sf+daQbgBCj0J6JgK5jKOpbQFX60fwaEiza3Kn09XsOKXMtY/NDpu4yUynF:2+Y27c0JRK5jKOsqMw203uA`
Imports Hash	`34950e4497933a77b75ff76c00957447`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x108`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`7`
TimeDateStamp	2025-Dec-31 00:34:14
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`14.0`
SizeOfCode	`0x31c00`
SizeOfInitializedData	`0x1b000`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x000000000000E050 (Section: .text)`
BaseOfCode	`0x1000`
ImageBase	`0x140000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`6.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0x51000`
SizeOfHeaders	`0x400`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`ff5bf0b0bab2b9d8a6b4b91d849b9ce3`
SHA1	`d4d96d698e993fc57172a8f307762605f6a675c8`
SHA256	`a47c0e6bcf6c1cc6cdb5d3a2d95d7d1b1aefea491d7e824dc5968f89b7a42667`
SHA3	`aa1546a88d5afeb6ddf742b28b4310482bdce1ba79abebaa52229c04dc7549e8`
VirtualSize	`0x31bd4`
VirtualAddress	`0x1000`
SizeOfRawData	`0x31c00`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.46664`

.rdata

MD5	`62a5c05f76575c0bb34c412102dea42d`
SHA1	`91eef89325aea77819975380965b96de83929772`
SHA256	`1c6bf648d7f9d8269835bbf3d4e7847063790290383d92d55af87b57220dbad7`
SHA3	`12d3ebcbb3eca19ec993e4f93535a83e59fbed860baa2b737369450650e616ab`
VirtualSize	`0x14460`
VirtualAddress	`0x33000`
SizeOfRawData	`0x14600`
PointerToRawData	`0x32000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.10771`

.data

MD5	`4ea53d4e896fae7af71f18341cc21d96`
SHA1	`5752af96901df6550dd18b380c1788237c7f6a36`
SHA256	`b400be98c90575e36df205536591621073ecabf7ac2749f4e71d68de53169a73`
SHA3	`0e67942ce516616d181f49de4c961e6ed623d53e621a4724a4a336b6f6fc77f5`
VirtualSize	`0x2f24`
VirtualAddress	`0x48000`
SizeOfRawData	`0x1400`
PointerToRawData	`0x46600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`2.8155`

.pdata

MD5	`1b6422ec8f448fcad1bb3f3b5eea2dc6`
SHA1	`1406dd78d7b0dfa49d1cf623e74f64961a0e75bd`
SHA256	`9a3f3a5f6fb23039cc7d06d48eca6a297367d82aa827025edd39f8ec76c50c1b`
SHA3	`10a5994d56dbf836441635d33db9042cc2fac2cac001e0f311629ca864b82ff9`
VirtualSize	`0x2b20`
VirtualAddress	`0x4b000`
SizeOfRawData	`0x2c00`
PointerToRawData	`0x47a00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.41326`

.fptable

MD5	`bf619eac0cdf3f68d496ea9344137e8b`
SHA1	`5c3eb80066420002bc3dcc7ca4ab6efad7ed4ae5`
SHA256	`076a27c79e5ace2a3d47f9dd2e83e4ff6ea8872b3c2218f66c92b89b55f36560`
SHA3	`622de1e1568ddef36c4b89b706b05201c13481c3575d0fc804ff8224787fcb59`
VirtualSize	`0x100`
VirtualAddress	`0x4e000`
SizeOfRawData	`0x200`
PointerToRawData	`0x4a600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0`

.rsrc

MD5	`8a7b4b7ab078f500fd18cb6d20c2bc45`
SHA1	`0c1146ebdaaa4c92bbead96deee3d9fbf82d5f83`
SHA256	`f81d8ff7779f10f0fb27f8f10ca981f8c4d2d260fa3264265fc9ff47c4d11a87`
SHA3	`d8ef712fd0517f653e637d3ba6e6dae9d2433613d6e0279812320eb5fe8bd621`
VirtualSize	`0x1e0`
VirtualAddress	`0x4f000`
SizeOfRawData	`0x200`
PointerToRawData	`0x4a800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.71377`

.reloc

MD5	`e05531162025762574bee5965fdb9e39`
SHA1	`5c5333f9a40b3ae6fa426d34595e240c98549506`
SHA256	`25014e71d6bc90d796495f710cd1aaef8de0a0d117e9021ed9836a4485b88a79`
SHA3	`f1cee2ceccd296038b92027ba389ca582a9d5d2d18d240b6a521571e565b22ac`
VirtualSize	`0xa00`
VirtualAddress	`0x50000`
SizeOfRawData	`0xa00`
PointerToRawData	`0x4aa00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`5.43033`

Imports

KERNEL32.dll	`CreateMutexA` `WaitForSingleObject` `ReleaseMutex` `ResumeThread` `GetModuleHandleA` `SetFileAttributesW` `CreateToolhelp32Snapshot` `GetLastError` `Process32NextW` `CreateFileA` `DeleteFileA` `Process32FirstW` `CloseHandle` `GetProcAddress` `ExitProcess` `CreateProcessW` `CreateProcessA` `GetDiskFreeSpaceExA` `GetTickCount` `GetExitCodeProcess` `WriteProcessMemory` `Wow64SetThreadContext` `Wow64GetThreadContext` `GetThreadContext` `SetThreadContext` `CreateFileTransactedW` `WriteFile` `CreateFileW` `WriteConsoleW` `GetFileSizeEx` `ReadFile` `CreateDirectoryW` `WideCharToMultiByte` `HeapSize` `SetStdHandle` `GetProcessHeap` `FreeEnvironmentStringsW` `GetEnvironmentStringsW` `GetCommandLineW` `GetCommandLineA` `GetOEMCP` `GetACP` `IsValidCodePage` `FindNextFileW` `FindFirstFileExW` `FindClose` `HeapReAlloc` `ReadConsoleW` `SetFilePointerEx` `GetConsoleMode` `GetConsoleOutputCP` `FlushFileBuffers` `EnumSystemLocalesW` `GetUserDefaultLCID` `IsValidLocale` `GetLocaleInfoW` `LCMapStringW` `VirtualProtect` `FlsFree` `FlsSetValue` `FlsGetValue` `QueryPerformanceCounter` `QueryPerformanceFrequency` `GetCurrentThreadId` `ReleaseSRWLockExclusive` `AcquireSRWLockExclusive` `TryAcquireSRWLockExclusive` `Sleep` `WaitForSingleObjectEx` `GetExitCodeThread` `InitializeCriticalSectionEx` `GetSystemTimeAsFileTime` `GetModuleHandleW` `WakeAllConditionVariable` `EncodePointer` `DecodePointer` `LocalFree` `EnterCriticalSection` `LeaveCriticalSection` `DeleteCriticalSection` `MultiByteToWideChar` `LCMapStringEx` `GetStringTypeW` `GetCPInfo` `UnhandledExceptionFilter` `SetUnhandledExceptionFilter` `GetCurrentProcess` `TerminateProcess` `IsProcessorFeaturePresent` `IsDebuggerPresent` `GetStartupInfoW` `GetCurrentProcessId` `InitializeSListHead` `RtlUnwindEx` `RtlPcToFileHeader` `RaiseException` `SetLastError` `InitializeCriticalSectionAndSpinCount` `TlsAlloc` `TlsGetValue` `TlsSetValue` `TlsFree` `FreeLibrary` `LoadLibraryExW` `CreateThread` `ExitThread` `FreeLibraryAndExitThread` `GetModuleHandleExW` `GetModuleFileNameW` `GetStdHandle` `HeapFree` `HeapAlloc` `GetFileType` `FlsAlloc` `RtlUnwind`
ADVAPI32.dll	`RegCloseKey` `RegOpenKeyExW`
dxgi.dll	`CreateDXGIFactory`
WININET.dll	`InternetCloseHandle` `InternetReadFile` `HttpQueryInfoA` `InternetOpenUrlA` `InternetOpenA`
CRYPT32.dll	`CryptStringToBinaryA`
ktmw32.dll	`CreateTransaction` `RollbackTransaction`
ntdll.dll	`RtlLookupFunctionEntry` `RtlCaptureContext` `NtCreateSection` `NtMapViewOfSection` `RtlVirtualUnwind`

Delayed Imports

1

Type	`RT_MANIFEST`
Language	English - United States
Codepage	UNKNOWN
Size	`0x17d`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.91161`
MD5	`1e4a89b11eae0fcf8bb5fdd5ec3b6f61`
SHA1	`4260284ce14278c397aaf6f389c1609b0ab0ce51`
SHA256	`4bb79dcea0a901f7d9eac5aa05728ae92acb42e0cb22e5dd14134f4421a3d8df`
SHA3	`4bb9e8b5a714cae82782f3831cc2d45f4bf4a50a755fe584d2d1893129d68353`

Version Info

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2025-Dec-31 00:34:14
Version	`0.0`
SizeofData	`84`
AddressOfRawData	`0x42ae4`
PointerToRawData	`0x41ae4`
Referenced File	C:\Users\Luxe\Desktop\miner\Loaderv2\x64\Release\Loader.pdb

IMAGE_DEBUG_TYPE_VC_FEATURE

Characteristics	`0`
TimeDateStamp	2025-Dec-31 00:34:14
Version	`0.0`
SizeofData	`20`
AddressOfRawData	`0x42b38`
PointerToRawData	`0x41b38`

IMAGE_DEBUG_TYPE_POGO

Characteristics	`0`
TimeDateStamp	2025-Dec-31 00:34:14
Version	`0.0`
SizeofData	`940`
AddressOfRawData	`0x42b4c`
PointerToRawData	`0x41b4c`

IMAGE_DEBUG_TYPE_ILTCG

Characteristics	`0`
TimeDateStamp	2025-Dec-31 00:34:14
Version	`0.0`
SizeofData	`0`
AddressOfRawData	`0`
PointerToRawData	`0`

TLS Callbacks

Load Configuration

Size	`0x140`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x1400480c0`

RICH Header

XOR Key	`0x9dd96b03`
Unmarked objects	`0`
C++ objects (33145)	`171`
ASM objects (33145)	`8`
C objects (33145)	`18`
ASM objects (35207)	`10`
C objects (35207)	`16`
C++ objects (35207)	`95`
Imports (33145)	`21`
Total imports	`204`
C++ objects (LTCG) (35219)	`7`
Resource objects (35219)	`1`
Linker (35219)	`1`

4a920507160aeb6a2b017a2584d616fa

Summary

Plugin Output

Hashes

DOS Header

PE Header

Image Optional Header

.text

.rdata

.data

.pdata

.fptable

.rsrc

.reloc

Imports

Delayed Imports

1

Version Info

IMAGE_DEBUG_TYPE_CODEVIEW

IMAGE_DEBUG_TYPE_VC_FEATURE

IMAGE_DEBUG_TYPE_POGO

IMAGE_DEBUG_TYPE_ILTCG

TLS Callbacks

Load Configuration

RICH Header

Errors