b1b1d9aa6b229ce8c7c50ca26a0ef6edfdd138ca108f12b978660e6fb913a60e

Summary

Architecture IMAGE_FILE_MACHINE_AMD64
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date 2026-Jan-16 09:08:44

Plugin Output

Info Cryptographic algorithms detected in the binary: Uses known Mersenne Twister constants
Suspicious The PE is possibly packed. The PE only has 7 import(s).
Malicious VirusTotal score: 25/69 (Scanned on 2026-04-25 01:10:09) ALYac: Gen:Variant.Lazy.554885
APEX: Malicious
Arcabit: Trojan.Lazy.D87785
BitDefender: Gen:Variant.Lazy.554885
Bkav: W64.AIDetectMalware
CTX: dll.trojan.lazy
CrowdStrike: win/malicious_confidence_60% (D)
Cynet: Malicious (score: 100)
DeepInstinct: MALICIOUS
Elastic: malicious (moderate confidence)
Emsisoft: Gen:Variant.Lazy.554885 (B)
GData: Gen:Variant.Lazy.554885
Google: Detected
Gridinsoft: Trojan.Win64.Gen.oa!s1
Lionic: Trojan.Win32.Generic.4!c
McAfeeD: ti!B1B1D9AA6B22
MicroWorld-eScan: Gen:Variant.Lazy.554885
Microsoft: Trojan:Win32/Wacatac.C!ml
Paloalto: generic.ml
Sangfor: Trojan.Win32.Lazy.V0ys
TrellixENS: Artemis!C42D6853C04D
TrendMicro: Trojan.Win64.LAZY.TL0101DO26ZM
TrendMicro-HouseCall: Trojan.Win64.LAZY.TL0101DO26ZM
VIPRE: Gen:Variant.Lazy.554885
Varist: W64/ABTrojan.BAVI-4547

Hashes

MD5 c42d6853c04d9a6fe28808c4b911c9d3
SHA1 bb31e31b097ff6b37676f24ac054c7747811d9fa
SHA256 b1b1d9aa6b229ce8c7c50ca26a0ef6edfdd138ca108f12b978660e6fb913a60e
SHA3 980a7a1402ec2770e2e4ccd1f0c5c32463fff9c74883e292b89ca6d9401bafc1
SSDeep 768:IxqV4BYNEvoqvLOE4nB26C8AZwwl5MU9wVNBDMjRsqtRq7+slopjvb9zp:raOURCE4wJ5MZBDAbtQ+seb9F
Imports Hash fb1f4269f3e89a6dbca63373b0a04d17

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0x80

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_AMD64
NumberofSections 5
TimeDateStamp 2026-Jan-16 09:08:44
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xf0
Characteristics IMAGE_FILE_DLL
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Image Optional Header

Magic PE32+
LinkerVersion 14.0
SizeOfCode 0x8e00
SizeOfInitializedData 0x1600
SizeOfUninitializedData 0
AddressOfEntryPoint 0x0000000000002288 (Section: .text)
BaseOfCode 0x1000
ImageBase 0x180000000
SectionAlignment 0x1000
FileAlignment 0x200
OperatingSystemVersion 6.0
ImageVersion 0.0
SubsystemVersion 6.0
Win32VersionValue 0
SizeOfImage 0xe000
SizeOfHeaders 0x400
Checksum 0
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
DllCharacteristics IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
SizeofStackReserve 0x100000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.text

MD5 4c7f18078a791c4f9f62f1003dcc0b2e
SHA1 275b41a60b8e3f4781a83e8ccfe036a292369a34
SHA256 fbbebab9969abebe4e2c2b5eb097adac06bfba504972d4710f0b6a32b74878ec
SHA3 757103967bf4ad6f1240d3ee19506f01601bd100b610103a13bca17502a6563c
VirtualSize 0x8cff
VirtualAddress 0x1000
SizeOfRawData 0x8e00
PointerToRawData 0x400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 6.36218

.rdata

MD5 c111fc8beb6aa569bae59c8b765850bd
SHA1 627c049a9d0bfeaf8f5b6ec8f67e226a5780659b
SHA256 e9855770f757b783b08a9d31c9dc89429d44d46aa1f7a33e8734971e26dcb127
SHA3 ad2f00de72ee417e09ee55e584554e6ea6c7e9c2efb05d39e44925dc508fdb26
VirtualSize 0x7e0
VirtualAddress 0xa000
SizeOfRawData 0x800
PointerToRawData 0x9200
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 4.54151

.data

MD5 3bc1365e6c6eb34b4bb538a4e6a04666
SHA1 a4f467a88a3a18e2b8e6a797bde63f86cc3b9e42
SHA256 f37fd8b21af8797c057f6c62ca1f0cf4d8e0e2b365f3ba748a01a9ace1631e7e
SHA3 9d7aa1c37be2b5e7f0d63c772d56f00bf674fad89428e88713a381d0a2d50199
VirtualSize 0x451
VirtualAddress 0xb000
SizeOfRawData 0x400
PointerToRawData 0x9a00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 4.6826

.pdata

MD5 325b4df8f0fb0e2763efb56ff365bebb
SHA1 52cbe44f65db0e98fef6eb67cbd7fadf1da94c9b
SHA256 b9b9227743e4b0776224f4c80b9667b439611e043cb411d3f01cf7044cb74a58
SHA3 f2fac1cdfdce5031ce632de8d11cfeda00cd7c597399ee6167a6ee624af334ed
VirtualSize 0x4b0
VirtualAddress 0xc000
SizeOfRawData 0x600
PointerToRawData 0x9e00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Entropy 3.51438

.reloc

MD5 ebcc11309eaa01914705874ff6491e0a
SHA1 54a32e9d4a25038e8e9855e0e45a943cdf1a27f7
SHA256 ce9955e3dd1000b48329af1a5eeb91031b41c3e20466fdb4c36840eeab2a06e7
SHA3 c7200f5af174e290e21eac99b588a8b777da03b9c367fd0feecd7d032d37fab8
VirtualSize 0x20
VirtualAddress 0xd000
SizeOfRawData 0x200
PointerToRawData 0xa400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Entropy 0.410754

Imports

ntdll.dll RtlFreeHeap
RtlReAllocateHeap
RtlAllocateHeap
KERNEL32.dll FindFirstFileW
FindNextFileW
FindClose
GetThreadId

Delayed Imports

Version Info

IMAGE_DEBUG_TYPE_ILTCG

Characteristics 0
TimeDateStamp 2026-Jan-16 09:08:44
Version 0.0
SizeofData 0
AddressOfRawData 0
PointerToRawData 0

TLS Callbacks

Load Configuration

RICH Header

Errors

Leave a comment

No comments yet.