e84073e14f57022709ae8332869a898b

Summary

Architecture IMAGE_FILE_MACHINE_AMD64
Subsystem IMAGE_SUBSYSTEM_WINDOWS_CUI
Compilation Date 2024-Oct-26 17:44:42
Detected languages English - United States

Plugin Output

Suspicious Strings found in the binary may indicate undesirable behavior: Miscellaneous malware strings:
  • cmd.exe
Malicious The PE contains functions mostly used by malware. [!] The program may be hiding some of its imports:
  • GetProcAddress
  • LoadLibraryExW
 Code injection capabilities (process hollowing):
  • ResumeThread
  • SetThreadContext
  • WriteProcessMemory
  • Wow64SetThreadContext
 Possibly launches other programs:
  • CreateProcessW
 Uses Windows's Native API:
  • NtCreateSection
  • NtWriteFile
  • NtOpenFile
  • NtClose
  • NtMapViewOfSection
  • NtSetInformationFile
 Can create temporary files:
  • GetTempPathW
  • CreateFileW
 Manipulates other processes:
  • WriteProcessMemory
Malicious VirusTotal score: 26/72 (Scanned on 2024-11-21 02:26:02) ALYac: Gen:Variant.Lazy.595216
Antiy-AVL: Trojan/Win32.Agent
Arcabit: Trojan.Lazy.D91510
BitDefender: Gen:Variant.Lazy.595216
Bkav: W64.AIDetectMalware
CTX: exe.trojan.lazy
Cylance: Unsafe
DeepInstinct: MALICIOUS
Elastic: malicious (high confidence)
Emsisoft: Gen:Variant.Lazy.595216 (B)
FireEye: Gen:Variant.Lazy.595216
Fortinet: W32/PossibleThreat
GData: Gen:Variant.Lazy.595216
Google: Detected
Lionic: Trojan.Win32.Generic.4!c
Malwarebytes: Generic.Malware/Suspicious
McAfee: Artemis!E84073E14F57
McAfeeD: ti!36E0893DE580
MicroWorld-eScan: Gen:Variant.Lazy.595216
Microsoft: Program:Win32/Wacapew.C!ml
Panda: Trj/Chgt.AD
Rising: Trojan.Kryptik@AI.86 (RDML:doXK3ZZGTmatg3BQI1ISaA)
Symantec: ML.Attribute.HighConfidence
TrendMicro-HouseCall: TROJ_GEN.R002H09KJ24
VIPRE: Gen:Variant.Lazy.595216
Varist: W64/ABTrojan.QEOB-8953

Hashes

MD5 e84073e14f57022709ae8332869a898b
SHA1 5eb9ff20d03ca9c03da2e01b7a5a55e56d9aac62
SHA256 36e0893de58035930f10e88c64c52163721f4f57e5c81f6fc807c5078db474e4
SHA3 4b93cdc963a3c97eaa2084ec43245432f7eb289011af801db065d33f791c94c8
SSDeep 6144:nILYLfoAr1CKRLCsEMy6Tu/eQe38LZPOOB:nILyfbr1/NEMy6SeQR
Imports Hash aab57a70b9153db0ad25a0b5cd007909

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0x108

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_AMD64
NumberofSections 6
TimeDateStamp 2024-Oct-26 17:44:42
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xf0
Characteristics IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Image Optional Header

Magic PE32+
LinkerVersion 14.0
SizeOfCode 0x2f800
SizeOfInitializedData 0x17e00
SizeOfUninitializedData 0
AddressOfEntryPoint 0x000000000000C90C (Section: .text)
BaseOfCode 0x1000
ImageBase 0x140000000
SectionAlignment 0x1000
FileAlignment 0x200
OperatingSystemVersion 6.0
ImageVersion 0.0
SubsystemVersion 6.0
Win32VersionValue 0
SizeOfImage 0x4b000
SizeOfHeaders 0x400
Checksum 0
Subsystem IMAGE_SUBSYSTEM_WINDOWS_CUI
DllCharacteristics IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
SizeofStackReserve 0x100000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.text

MD5 9264858532acdc02fbdaa9baf076f9d0
SHA1 14872660975bbf2b0ddde51b7ae76fb9c2604513
SHA256 037f62ed037684dcbd45a20275e012838a7f9b31c8f0fb3a2e31f6eb6db864ab
SHA3 8ba8789b1d4cf8a6bc53235fc46f5ab9875f45bb4ea00f5172ae394799673b26
VirtualSize 0x2f7c8
VirtualAddress 0x1000
SizeOfRawData 0x2f800
PointerToRawData 0x400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 6.47906

.rdata

MD5 d67e39c6379064e36731c99ba1df3708
SHA1 064edf93575b78c8d2b4f3ee5eea34e4ad37d1e4
SHA256 b84fc129fd69c2f6a5b51e4cbd541c564c15331d0c627ea40e9f6ee2d5ebb8a3
SHA3 a95eff6802ee6d52062172262dde3922eef2d067196739cf08f279e026468f45
VirtualSize 0x113aa
VirtualAddress 0x31000
SizeOfRawData 0x11400
PointerToRawData 0x2fc00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 4.89349

.data

MD5 c23a3ed10191e2edde62ac64296e9113
SHA1 684b2c7212bc3bc3c9d4d1ed30ddff9afe7ff09f
SHA256 85641e7b949d73d849581e9ac5978d271a67c744641db48b03c8185e8d62cee2
SHA3 b555bbf0be61de3aece462aaf09a8bb956213010f8e7c02c1bf32b0989d032c5
VirtualSize 0x2f30
VirtualAddress 0x43000
SizeOfRawData 0x1400
PointerToRawData 0x41000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 3.05283

.pdata

MD5 539de3bc57d792f1d95edf6bb36696bc
SHA1 4f79a8f9e255866e56e86118b5226de50a9d4944
SHA256 ec3e99418b184cef5857b7cd52e6b19f345d07263e1f086caab591b9ffb63a8f
SHA3 beaed2a896ac07d66d2e1da529474e79f0129b9a16e92668eb4c8da0ff3be747
VirtualSize 0x2a24
VirtualAddress 0x46000
SizeOfRawData 0x2c00
PointerToRawData 0x42400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 5.29082

.rsrc

MD5 d7898e170db43e31784014095457a69c
SHA1 60cd0e3b57fe099e8d32788f19dff6090c4e0466
SHA256 511460000232d2f733ea1ba0b43600e12b3d79d466afb7b12d3a196dc207472e
SHA3 b37a9ba6c9ca0dae55a6c7f59ee6d4abbd5706ccecf2779c8267015659b5420e
VirtualSize 0x1e0
VirtualAddress 0x49000
SizeOfRawData 0x200
PointerToRawData 0x45000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 4.71377

.reloc

MD5 19f3e5a606c3f968319491334c68ca4f
SHA1 033e56cacda31e57c29638fb87299c7aae508199
SHA256 ebbabdc8fc5c6547f68d6566e2504883fde9059862530579e3273d207579718b
SHA3 479eb5e8609fc58a42fa08fc3e8bf1423bcb0f648a7baeea6220fcbabcd94fde
VirtualSize 0xa50
VirtualAddress 0x4a000
SizeOfRawData 0xc00
PointerToRawData 0x45200
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Entropy 5.11917

Imports

KERNEL32.dll GetTempFileNameW
GetTempPathW
GetLastError
ResumeThread
GetModuleHandleA
GetProcAddress
ExpandEnvironmentStringsW
CreateFileW
GetFileSize
CloseHandle
VirtualAlloc
VirtualFree
MapViewOfFile
UnmapViewOfFile
CreateFileMappingA
GetThreadContext
SetThreadContext
WriteProcessMemory
Wow64GetThreadContext
Wow64SetThreadContext
WriteConsoleW
HeapSize
GetProcessHeap
SetStdHandle
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
WideCharToMultiByte
MultiByteToWideChar
GetStringTypeW
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
EncodePointer
DecodePointer
LCMapStringEx
GetCPInfo
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
RtlPcToFileHeader
RaiseException
RtlUnwindEx
SetLastError
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
GetStdHandle
WriteFile
GetModuleFileNameW
ExitProcess
GetModuleHandleExW
GetCommandLineA
GetCommandLineW
HeapAlloc
HeapFree
WaitForSingleObject
GetExitCodeProcess
CreateProcessW
GetFileAttributesExW
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetFileType
FlushFileBuffers
GetConsoleOutputCP
GetConsoleMode
ReadFile
GetFileSizeEx
SetFilePointerEx
ReadConsoleW
HeapReAlloc
FindClose
RtlUnwind
ntdll.dll RtlLookupFunctionEntry
RtlCaptureContext
NtCreateSection
NtWriteFile
RtlVirtualUnwind
NtOpenFile
NtClose
RtlInitUnicodeString
NtMapViewOfSection
NtSetInformationFile

Delayed Imports

1

Type RT_MANIFEST
Language English - United States
Codepage UNKNOWN
Size 0x17d
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 4.91161
MD5 1e4a89b11eae0fcf8bb5fdd5ec3b6f61
SHA1 4260284ce14278c397aaf6f389c1609b0ab0ce51
SHA256 4bb79dcea0a901f7d9eac5aa05728ae92acb42e0cb22e5dd14134f4421a3d8df
SHA3 4bb9e8b5a714cae82782f3831cc2d45f4bf4a50a755fe584d2d1893129d68353

Version Info

IMAGE_DEBUG_TYPE_POGO

Characteristics 0
TimeDateStamp 2024-Oct-26 17:44:42
Version 0.0
SizeofData 900
AddressOfRawData 0x3e334
PointerToRawData 0x3cf34

TLS Callbacks

Load Configuration

Size 0x140
TimeDateStamp 1970-Jan-01 00:00:00
Version 0.0
GlobalFlagsClear (EMPTY)
GlobalFlagsSet (EMPTY)
CriticalSectionDefaultTimeout 0
DeCommitFreeBlockThreshold 0
DeCommitTotalFreeThreshold 0
LockPrefixTable 0
MaximumAllocationSize 0
VirtualMemoryThreshold 0
ProcessAffinityMask 0
ProcessHeapFlags (EMPTY)
CSDVersion 0
Reserved1 0
EditList 0
SecurityCookie 0x140043040

RICH Header

XOR Key 0x4eb55cbf
Unmarked objects 0
ASM objects (30795) 5
C++ objects (30795) 179
C objects (30795) 16
ASM objects (33808) 10
C objects (33808) 17
C++ objects (33808) 82
Imports (30795) 5
Total imports 123
C++ objects (34123) 5
Resource objects (34123) 1
Linker (34123) 1

Errors

<-- -->