7e1922250c57777a98846d1a84e760eb

Summary

Architecture IMAGE_FILE_MACHINE_AMD64
Subsystem IMAGE_SUBSYSTEM_WINDOWS_CUI
Compilation Date 2024-Sep-14 01:01:11

Plugin Output

Info Cryptographic algorithms detected in the binary: Uses constants related to CRC32
Uses constants related to SHA256
Uses constants related to AES
Uses constants related to Blowfish
Info The PE contains common functions which appear in legitimate applications. [!] The program may be hiding some of its imports:
  • GetProcAddress
  • LoadLibraryExW
 Possibly launches other programs:
  • CreateProcessW
 Can create temporary files:
  • GetTempPathW
  • CreateFileW
Suspicious The PE is possibly a dropper. Resource 27 is possibly compressed or encrypted.
Resources amount for 98.3831% of the executable.
Malicious VirusTotal score: 37/72 (Scanned on 2024-11-30 04:05:42) ALYac: Gen:Variant.Lazy.591825
APEX: Malicious
Arcabit: Trojan.Lazy.D907D1
BitDefender: Gen:Variant.Lazy.591825
Bkav: W64.AIDetectMalware
CTX: exe.trojan.lazy
CrowdStrike: win/malicious_confidence_90% (D)
Cylance: Unsafe
Cynet: Malicious (score: 100)
DeepInstinct: MALICIOUS
Elastic: malicious (high confidence)
Emsisoft: Gen:Variant.Lazy.591825 (B)
FireEye: Gen:Variant.Lazy.591825
Fortinet: W32/PossibleThreat
GData: Gen:Variant.Lazy.591825
Google: Detected
Gridinsoft: Malware.Win64.AI.oa!s1
Ikarus: Trojan.Agent
Jiangmin: Trojan.Agent.fcbv
Lionic: Trojan.Win32.Generic.4!c
Malwarebytes: Malware.AI.4290864718
MaxSecure: Trojan.Malware.300983.susgen
McAfee: Artemis!7E1922250C57
McAfeeD: ti!60CFEC1DC54F
MicroWorld-eScan: Gen:Variant.Lazy.591825
Microsoft: Program:Win32/Wacapew.C!ml
Paloalto: generic.ml
Panda: Trj/Chgt.AD
Sangfor: Trojan.Win32.Lazy.Vc6m
SentinelOne: Static AI - Suspicious PE
Skyhigh: BehavesLike.Win64.Generic.wc
Symantec: ML.Attribute.HighConfidence
TrendMicro-HouseCall: TROJ_GEN.R002H09IE24
VIPRE: Gen:Variant.Lazy.591825
Varist: W64/ABRisk.JACS-8040
Webroot: W32.Malware.gen
Zillya: Trojan.Agent.Win64.61040

Hashes

MD5 7e1922250c57777a98846d1a84e760eb
SHA1 cd49e9dddfd4ba1acf5010775fc9f41839bab208
SHA256 60cfec1dc54fccb75a9e0ca9bbbe5288af96a32420162f4d03f6836a23470705
SHA3 2e7ad103c15e6d7818887a96e46c65db770f8c2250d8515587d45fa5ba17789d
SSDeep 196608:9hb+0D+4ac7wf9HrWrl7/o+tX4VG/ZXqxY1ZS9iGLTzx/EAvUQDuD7gmvA:D5D0Cwf9LWZX4VGBXp1+/TFEAvUQuY
Imports Hash 8e3dad4d4ea6736338bcc4aca7b446c9

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0x100

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_AMD64
NumberofSections 6
TimeDateStamp 2024-Sep-14 01:01:11
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xf0
Characteristics IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Image Optional Header

Magic PE32+
LinkerVersion 14.0
SizeOfCode 0x20000
SizeOfInitializedData 0xb68a00
SizeOfUninitializedData 0
AddressOfEntryPoint 0x000000000000C8BC (Section: .text)
BaseOfCode 0x1000
ImageBase 0x140000000
SectionAlignment 0x1000
FileAlignment 0x200
OperatingSystemVersion 6.0
ImageVersion 0.0
SubsystemVersion 6.0
Win32VersionValue 0
SizeOfImage 0xbb0000
SizeOfHeaders 0x400
Checksum 0
Subsystem IMAGE_SUBSYSTEM_WINDOWS_CUI
DllCharacteristics IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
SizeofStackReserve 0x100000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.text

MD5 3087718856fd9ce0c11639596603fb38
SHA1 aaf6717b3a157831244b271a7062740751d43370
SHA256 dc60d71a61bbb4b22811e7485d2b06ef7a17917f69a791e436db3ed748f35de3
SHA3 a81ff1510f437d0e4a124383cb4391acc1a415823340e3e887963c92dadcf93d
VirtualSize 0x1ffb0
VirtualAddress 0x1000
SizeOfRawData 0x20000
PointerToRawData 0x400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 6.50836

.rdata

MD5 cb23fc305b810750915e833c604e3018
SHA1 8d3f591e2a4d15151167d88cd13466b043663f26
SHA256 2ef2cad16e8dc253aae32f5775916aac3e01c54d1419f1aa9e1f380f3ca81f2d
SHA3 5eb2270d66efc42f0d3c7b61dffc2cf5ddba3aa88bc3d557c6599ca0575c559c
VirtualSize 0xc8d8
VirtualAddress 0x21000
SizeOfRawData 0xca00
PointerToRawData 0x20400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 5.13725

.data

MD5 13836853af6571d6bcfdaa7382b29597
SHA1 69de4c7b19626211bb3429a1819251a86c2abe95
SHA256 7b327aa8ccf11e00dce996da59cb366d480ad70dc6ee37842e0f501329d7aed5
SHA3 286de44c3117718d03bcb5c08787334555240f8e9dbd1e9cce46c7c7d7be2941
VirtualSize 0x24e70
VirtualAddress 0x2e000
SizeOfRawData 0xc00
PointerToRawData 0x2ce00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 1.95704

.pdata

MD5 b26dfdb251274b3ad35c7e64fbb66b74
SHA1 21a8766a4779c3ae10a077f49087d13d7964d972
SHA256 953bb98a21b30d43ee350249810e8f919f5563f110112518728721ac3b01e841
SHA3 dbf85268f6e1ff2b47d841dc1ae48efc45ea649901cf899adf9df6d0e3035afe
VirtualSize 0x17b8
VirtualAddress 0x53000
SizeOfRawData 0x1800
PointerToRawData 0x2da00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 5.20853

.rsrc

MD5 3b1cc30eea3a1fe315c0629c3abbbc85
SHA1 dadf102eefa6805959f373ec716fc1cb93dc9c2d
SHA256 8a13c783292cb1c261a99ae3f0cf1e69ffe1fc3d28882fc3cc2703d2d99f18b9
SHA3 a875fa9ca8adba6d1cabfbe92b8b0d6d5666e0237a8b5bce5f28282b70188326
VirtualSize 0xb592b0
VirtualAddress 0x55000
SizeOfRawData 0xb59400
PointerToRawData 0x2f200
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 7.99904

.reloc

MD5 63364eed30f857a9d4bfac4b5b893bdf
SHA1 0a9fe80e3f1192b81ba50eb53d656b5e1eaa3e23
SHA256 e8fe803bc8d25930b2314f1e4cb03c4661f1675702995eb9b5b25d66ad082738
SHA3 8b87003777185c322ad5b50f7712befc995eeaa85d462b723d0a9e62280300f6
VirtualSize 0x688
VirtualAddress 0xbaf000
SizeOfRawData 0x800
PointerToRawData 0xb88600
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Entropy 4.93483

Imports

SHELL32.dll SHFileOperationW
SHGetFolderPathW
CommandLineToArgvW
KERNEL32.dll SetLastError
WriteConsoleW
HeapReAlloc
CreateDirectoryW
SizeofResource
SetConsoleCtrlHandler
GetCommandLineW
GetStdHandle
WriteFile
TerminateProcess
GetModuleFileNameW
SetEnvironmentVariableW
GetTempPathW
FindResourceA
WaitForSingleObject
CreateFileW
GetFileAttributesW
Sleep
GetLastError
LockResource
CloseHandle
LoadResource
GetProcAddress
GetCurrentProcessId
CreateProcessW
WideCharToMultiByte
GetSystemTimeAsFileTime
FormatMessageA
GetExitCodeProcess
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentThreadId
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
HeapSize
RtlUnwindEx
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
EncodePointer
RaiseException
RtlPcToFileHeader
ExitProcess
GetModuleHandleExW
GetCommandLineA
HeapAlloc
MultiByteToWideChar
HeapFree
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
CompareStringW
LCMapStringW
GetFileType
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetStdHandle
GetStringTypeW
GetProcessHeap
FlushFileBuffers
GetConsoleOutputCP
GetConsoleMode
GetFileSizeEx
SetFilePointerEx

Delayed Imports

27

Type RT_RCDATA
Language UNKNOWN
Codepage Latin 1 / Western European
Size 0xb58e18
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 7.99904
MD5 b3cbeaa7f6897f021d418f8c587e24d0
SHA1 a60e8e3b9eb715a29fde11f290fe3f830e5ee6b1
SHA256 c93e2e75e84a9a065d83cb34ae85fbe3e118e3b6ec145ada8839f6745313a76c
SHA3 c6e7a2bd4542f934fbe76d298acac3f5d4813143da8701cc3b8f0f4907c7fda7

1

Type RT_MANIFEST
Language UNKNOWN
Codepage Latin 1 / Western European
Size 0x3f8
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 5.27347
MD5 c103fcfaedaf1c1d4cef6906944a3b57
SHA1 15c6028d1c284d49ff279893da7b8d0aa01c2d7a
SHA256 787c0d745a0e0d8ec98b7c93cf3a5e0adcae13a5c1876b7c299e0cf5195cc3d0
SHA3 54b0d2f8b6a31dfd03ab28938a958fa4f87e8563d66b4d643f581867502808aa

Version Info

IMAGE_DEBUG_TYPE_POGO

Characteristics 0
TimeDateStamp 2024-Sep-14 01:01:11
Version 0.0
SizeofData 780
AddressOfRawData 0x2b368
PointerToRawData 0x2a768

TLS Callbacks

Load Configuration

Size 0x140
TimeDateStamp 1970-Jan-01 00:00:00
Version 0.0
GlobalFlagsClear (EMPTY)
GlobalFlagsSet (EMPTY)
CriticalSectionDefaultTimeout 0
DeCommitFreeBlockThreshold 0
DeCommitTotalFreeThreshold 0
LockPrefixTable 0
MaximumAllocationSize 0
VirtualMemoryThreshold 0
ProcessAffinityMask 0
ProcessHeapFlags (EMPTY)
CSDVersion 0
Reserved1 0
EditList 0
SecurityCookie 0x14002e000

RICH Header

XOR Key 0xf1aaa5f1
Unmarked objects 0
ASM objects (30795) 6
C++ objects (30795) 142
C objects (30795) 10
253 (33731) 2
ASM objects (33731) 9
C objects (33731) 16
C++ objects (33731) 40
Imports (30795) 5
Total imports 114
C objects (LTCG) (33813) 1
Linker (33813) 1

Errors

<-- -->