| Architecture |
IMAGE_FILE_MACHINE_AMD64
|
|---|---|
| Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_CUI
|
| Compilation Date | 2032-Dec-04 18:12:15 |
| Detected languages |
English - United States
|
| Info | Matching compiler(s): | MASM/TASM - sig1(h) |
| Suspicious | Strings found in the binary may indicate undesirable behavior: |
Contains another PE executable:
|
| Info | Cryptographic algorithms detected in the binary: |
Uses constants related to CRC32
Uses constants related to MD5 Uses constants related to SHA1 Uses constants related to SHA256 Uses constants related to SHA512 Uses constants related to AES Uses constants related to RC5 or RC6 Uses constants related to TEA Uses known Mersenne Twister constants |
| Suspicious | The PE is possibly packed. |
Unusual section name found: .cj17ree
Section .cj17ree is both writable and executable. Unusual section name found: .1e4ftnt Unusual section name found: .a0819y9 Unusual section name found: .dkpu79o Unusual section name found: .669obma Unusual section name found: .b21q2bf Section .b21q2bf is both writable and executable. The PE only has 5 import(s). |
| Info | The PE contains common functions which appear in legitimate applications. |
[!] The program may be hiding some of its imports:
|
| Malicious | VirusTotal score: 49/69 (Scanned on 2026-07-12 11:44:55) |
ALYac:
Gen:Variant.Lazy.726718
APEX: Malicious AVG: Win64:MalwareX-gen [Cryp] AhnLab-V3: Malware/Win.Generic.R779792 Alibaba: Trojan:Win64/MalwareX.a5b10229 Antiy-AVL: Trojan/Win64.Zusy Arcabit: Trojan.Lazy.DB16BE Avast: Win64:MalwareX-gen [Cryp] Avira: TR/W64.MalwareX BitDefender: Gen:Variant.Lazy.726718 Bkav: W32.Malware.764D6C7C CTX: exe.trojan.zusy CrowdStrike: win/malicious_confidence_90% (W) Cylance: Unsafe Cynet: Malicious (score: 100) Elastic: malicious (high confidence) Emsisoft: Gen:Variant.Lazy.726718 (B) F-Secure: Trojan.TR/W64.MalwareX Fortinet: W32/PossibleThreat GData: Gen:Variant.Lazy.726718 Google: Detected Gridinsoft: Trojan.Heur!.030124A3 K7AntiVirus: Riskware ( 00584baa1 ) K7GW: Riskware ( 00584baa1 ) Kingsoft: Win64.Troj.zusy.v Lionic: Trojan.Win32.Zusy.4!c Malwarebytes: Malware.AI.4155183716 MaxSecure: Trojan.Malware.272843718.susgen McAfeeD: Real Protect-LS!623E594A314A MicroWorld-eScan: Gen:Variant.Lazy.726718 Microsoft: Trojan:Win64/Zusy.LVN!MTB Paloalto: generic.ml Panda: Trj/CI.A Rising: Trojan.Zusy!8.10EDD (TFE:4:JokifwNdUcH) Sangfor: Trojan.Win32.Lotok.swkab SentinelOne: Static AI - Malicious PE Skyhigh: BehavesLike.Win64.Trojan.vh Sophos: Mal/Generic-S Symantec: ML.Attribute.HighConfidence Trapmine: malicious.high.ml.score TrellixENS: Artemis!623E594A314A TrendMicro: Trojan.Win32.ZYX.USBLFF26 TrendMicro-HouseCall: Trojan.Win32.ZYX.USBLFF26 VIPRE: Gen:Variant.Lazy.726718 Varist: W64/ABTrojan.BOYD-7361 Webroot: Win.Trojan.Gen Zoner: Probably Heur.ExeHeaderL alibabacloud: Trojan:Win/Zusy.LYS2XJC tehtris: Generic.Malware |
| e_magic | MZ |
|---|---|
| e_cblp | 0x78 |
| e_cp | 0x1 |
| e_crlc | 0 |
| e_cparhdr | 0x4 |
| e_minalloc | 0 |
| e_maxalloc | 0 |
| e_ss | 0 |
| e_sp | 0 |
| e_csum | 0 |
| e_ip | 0 |
| e_cs | 0 |
| e_ovno | 0 |
| e_oemid | 0 |
| e_oeminfo | 0 |
| e_lfanew | 0x78 |
| Signature | PE |
|---|---|
| Machine |
IMAGE_FILE_MACHINE_AMD64
|
| NumberofSections | 8 |
| TimeDateStamp | 2032-Dec-04 18:12:15 |
| PointerToSymbolTable | 0 |
| NumberOfSymbols | 0 |
| SizeOfOptionalHeader | 0xf0 |
| Characteristics |
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
|
| Magic | PE32+ |
|---|---|
| LinkerVersion | 14.0 |
| SizeOfCode | 0x23600 |
| SizeOfInitializedData | 0x5d0a00 |
| SizeOfUninitializedData | 0 |
| AddressOfEntryPoint | 0x0000000000618000 (Section: .b21q2bf) |
| BaseOfCode | 0x1000 |
| ImageBase | 0x140000000 |
| SectionAlignment | 0x1000 |
| FileAlignment | 0x200 |
| OperatingSystemVersion | 6.0 |
| ImageVersion | 0.0 |
| SubsystemVersion | 6.0 |
| Win32VersionValue | 0 |
| SizeOfImage | 0x668000 |
| SizeOfHeaders | 0x400 |
| Checksum | 0 |
| Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_CUI
|
| DllCharacteristics |
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
|
| SizeofStackReserve | 0x1000000 |
| SizeofStackCommit | 0x1000 |
| SizeofHeapReserve | 0x100000 |
| SizeofHeapCommit | 0x1000 |
| LoaderFlags | 0 |
| NumberOfRvaAndSizes | 16 |
| kernel32.dll |
LoadLibraryA
GetProcAddress VirtualProtect AddVectoredExceptionHandler RemoveVectoredExceptionHandler |
|---|
| Size | 0x140 |
|---|---|
| TimeDateStamp | 1970-Jan-01 00:00:00 |
| Version | 0.0 |
| GlobalFlagsClear | (EMPTY) |
| GlobalFlagsSet | (EMPTY) |
| CriticalSectionDefaultTimeout | 0 |
| DeCommitFreeBlockThreshold | 0 |
| DeCommitTotalFreeThreshold | 0 |
| LockPrefixTable | 0 |
| MaximumAllocationSize | 0 |
| VirtualMemoryThreshold | 0 |
| ProcessAffinityMask | 0 |
| ProcessHeapFlags | (EMPTY) |
| CSDVersion | 0 |
| Reserved1 | 0 |
| EditList | 0 |
| SecurityCookie | 0x1405f47c0 |
No comments yet.