Create Interactive Tour
Windows
Analysis Report
lz8n630Nxt
Overview
General Information
| Sample Name: | lz8n630Nxt (renamed file extension from none to exe) |
| Analysis ID: | 588372 |
| MD5: | 3b3a50b242841e1789a919b1291051f1 |
| SHA1: | 7b74a50352bb16ba94201c8a9e35b3c1d8a9dc8c |
| SHA256: | 9f3c1668ee44bfcd1afd599215f5bd73c76609776b78cb04bb6ef1121cc80d37 |
| Tags: | exe |
 | |
Detection
| Score: | 48 |
| Range: | 0 - 100 |
| Whitelisted: | false |
| Confidence: | 100% |
Signatures
Multi AV Scanner detection for submitted file
Checks for available system drives (often done to infect USB drives)
PE file contains sections with non-standard names
Classification
- System is w10x64
lz8n630Nxt.exe (PID: 6548 cmdline: "C:\Users\ user\Deskt op\lz8n630 Nxt.exe" MD5: 3B3A50B242841E1789A919B1291051F1)
- cleanup
⊘No configs have been found
⊘No yara matches
⊘No Sigma rule has matched
- • AV Detection
- • Compliance
- • Spreading
- • Networking
- • System Summary
- • Data Obfuscation
- • Malware Analysis System Evasion
- • Language, Device and Operating System Detection
Click to jump to signature section
Show All Signature Results
AV Detection |   |
|---|
| Source: | Virustotal: | Perma Link | ||
| Source: | ReversingLabs: | |||
| Source: | Static PE information: | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | File created: | Jump to behavior | ||
| Source: | Virustotal: | ||
| Source: | ReversingLabs: | ||
| Source: | File created: | Jump to behavior | ||
| Source: | Static PE information: | ||
| Source: | Key opened: | Jump to behavior | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | Binary string: | ||
| Source: | Classification label: | ||
| Source: | File read: | Jump to behavior | ||
| Source: | Key value queried: | Jump to behavior | ||
| Source: | Mutant created: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Process information queried: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | Key value queried: | Jump to behavior | ||
| Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Exfiltration | Command and Control | Network Effects | Remote Service Effects | Impact |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 1 Replication Through Removable Media | 2 Command and Scripting Interpreter | Path Interception | Path Interception | Direct Volume Access | OS Credential Dumping | 1 Process Discovery | 1 Replication Through Removable Media | Data from Local System | Exfiltration Over Other Network Medium | 1 Ingress Tool Transfer | Eavesdrop on Insecure Network Communication | Remotely Track Device Without Authorization | Modify System Partition |
| Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | Rootkit | LSASS Memory | 11 Peripheral Device Discovery | Remote Desktop Protocol | Data from Removable Media | Exfiltration Over Bluetooth | Junk Data | Exploit SS7 to Redirect Phone Calls/SMS | Remotely Wipe Data Without Authorization | Device Lockout |
| Domain Accounts | At (Linux) | Logon Script (Windows) | Logon Script (Windows) | Obfuscated Files or Information | Security Account Manager | 2 File and Directory Discovery | SMB/Windows Admin Shares | Data from Network Shared Drive | Automated Exfiltration | Steganography | Exploit SS7 to Track Device Location | Obtain Device Cloud Backups | Delete Device Data |
| Local Accounts | At (Windows) | Logon Script (Mac) | Logon Script (Mac) | Binary Padding | NTDS | 2 System Information Discovery | Distributed Component Object Model | Input Capture | Scheduled Transfer | Protocol Impersonation | SIM Card Swap | Carrier Billing Fraud |
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
InternetThis section contains all screenshots as thumbnails, including those not shown in the slideshow.
| Source | Detection | Scanner | Label | Link |
|---|---|---|---|---|
| 38% | Virustotal | Browse | ||
| 9% | Metadefender | Browse | ||
| 38% | ReversingLabs | Win64.Ransomware.Encoder |
⊘No Antivirus matches
⊘No Antivirus matches
| Source | Detection | Scanner | Label | Link |
|---|---|---|---|---|
| 0% | Virustotal | Browse |
⊘No Antivirus matches
| Name | IP | Active | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|---|---|
| dual-a-0001.dc-msedge.net | 131.253.33.200 | true | false |
| unknown |
| Name | Source | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|---|
| false | high | |||
| false | high | |||
| false | high | |||
| false | high |
⊘No contacted IP infos
| Joe Sandbox Version: | 34.0.0 Boulder Opal |
| Analysis ID: | 588372 |
| Start date: | 14.03.2022 |
| Start time: | 09:59:22 |
| Joe Sandbox Product: | CloudBasic |
| Overall analysis duration: | 0h 9m 14s |
| Hypervisor based Inspection enabled: | false |
| Report type: | full |
| Sample file name: | lz8n630Nxt (renamed file extension from none to exe) |
| Cookbook file name: | default.jbs |
| Analysis system description: | Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211 |
| Number of analysed new started processes analysed: | 12 |
| Number of new started drivers analysed: | 0 |
| Number of existing processes analysed: | 0 |
| Number of existing drivers analysed: | 0 |
| Number of injected processes analysed: | 0 |
| Technologies: |
|
| Analysis Mode: | default |
| Analysis stop reason: | Timeout |
| Detection: | MAL |
| Classification: | mal48.winEXE@1/31@0/0 |
| EGA Information: | Failed |
| HDC Information: | Failed |
| HCA Information: |
|
| Cookbook Comments: |
|
- Exclude process from analysis
(whitelisted): MpCmdRun.exe, a udiodg.exe, WMIADAP.exe, backg roundTaskHost.exe, SgrmBroker. exe, conhost.exe, svchost.exe - Excluded IPs from analysis (wh
itelisted): 23.211.6.115, 20.5 0.102.62, 40.126.31.8, 40.126. 31.137, 20.190.159.134, 40.126 .31.141, 40.126.31.139, 40.126 .31.1, 20.190.159.136, 40.126. 31.135, 51.104.136.2, 40.127.2 40.158 - Excluded domains from analysis
(whitelisted): www.bing.com, client.wns.windows.com, fs.mic rosoft.com, www.tm.lg.prod.aad msa.akadns.net, settings-prod- neu-2.northeurope.cloudapp.azu re.com, ctldl.windowsupdate.co m, store-images.s-microsoft.co m-c.edgekey.net, settings-win. data.microsoft.com, www.tm.a.p rd.aadg.akadns.net, iris-de-pr od-azsc-uks.uksouth.cloudapp.a zure.com, arc.msn.com, login.m sa.msidentity.com, e12564.dspb .akamaiedge.net, a-0001.a-afde ntry.net.trafficmanager.net, s tore-images.s-microsoft.com, l ogin.live.com, arc.trafficmana ger.net, settings-prod-neu-1.n ortheurope.cloudapp.azure.com, atm-settingsfe-prod-geo.traff icmanager.net - Not all processes where analyz
ed, report is missing behavior information - Report size getting too big, t
oo many NtOpenFile calls found . - Report size getting too big, t
oo many NtQueryValueKey calls found.
⊘No simulations
⊘No context
| Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
|---|---|---|---|---|---|
| dual-a-0001.dc-msedge.net | Get hash | malicious | Browse |
| |
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
|
⊘No context
⊘No context
⊘No context
| Process: | C:\Users\user\Desktop\lz8n630Nxt.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 72 |
| Entropy (8bit): | 5.388471355518838 |
| Encrypted: | false |
| SSDEEP: | 3:j72V4YmMMKKbtR6FCxsHLRn:CWmeml |
| MD5: | BB0E0BAC5CADEC366A15D3DB82D91A9D |
| SHA1: | 156DB870742149B7114CAB833906982F9602F9AB |
| SHA-256: | 178E4B191DBC97EFB1A6F63674234D65C3CCFC3D04929AD068CBB4AC357312F9 |
| SHA-512: | 21EE6B43F14A8F73F64CFC780DE50930DCEAB9F30F57E737339D9624635B69373BCF71F9C596EE89B9FDD989CAA8B94AB3F7EC25A0AC6327FCC81A7C312D5F1D |
| Malicious: | false |
| Reputation: | low |
| Preview: |
| Process: | C:\Users\user\Desktop\lz8n630Nxt.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 2443 |
| Entropy (8bit): | 5.69547450486093 |
| Encrypted: | false |
| SSDEEP: | 48:0+IS21JmUxmxCI9K7JCGfIpvcT63HH/ysclal/Y2X0xIaDnIkS6RL:QS21JBGCUK7gGfIJcaHp/Y2kxIaDnIkX |
| MD5: | 115563E32E20DA5BCE091141B11BAA7B |
| SHA1: | 10F644DEFBC17D72103BE3CA8DCE5B0411EB60DB |
| SHA-256: | 6858C46E0D7096A60C346A66978BE8AC2A675F8EB73C362C55C143F8B52FD5B0 |
| SHA-512: | 750834111865433886BE946F432A4114099C317EDF916687DAC8C443C400DD5D9E62D0BACFA3E6B143E65EA1DB9023F34F56CC574C8CDE442AAA55AFA22DB722 |
| Malicious: | false |
| Reputation: | low |
| Preview: |
| Process: | C:\Users\user\Desktop\lz8n630Nxt.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 2443 |
| Entropy (8bit): | 5.69547450486093 |
| Encrypted: | false |
| SSDEEP: | 48:0+IS21JmUxmxCI9K7JCGfIpvcT63HH/ysclal/Y2X0xIaDnIkS6RL:QS21JBGCUK7gGfIJcaHp/Y2kxIaDnIkX |
| MD5: | 115563E32E20DA5BCE091141B11BAA7B |
| SHA1: | 10F644DEFBC17D72103BE3CA8DCE5B0411EB60DB |
| SHA-256: | 6858C46E0D7096A60C346A66978BE8AC2A675F8EB73C362C55C143F8B52FD5B0 |
| SHA-512: | 750834111865433886BE946F432A4114099C317EDF916687DAC8C443C400DD5D9E62D0BACFA3E6B143E65EA1DB9023F34F56CC574C8CDE442AAA55AFA22DB722 |
| Malicious: | false |
| Reputation: | low |
| Preview: |
| Process: | C:\Users\user\Desktop\lz8n630Nxt.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 2443 |
| Entropy (8bit): | 5.69547450486093 |
| Encrypted: | false |
| SSDEEP: | 48:0+IS21JmUxmxCI9K7JCGfIpvcT63HH/ysclal/Y2X0xIaDnIkS6RL:QS21JBGCUK7gGfIJcaHp/Y2kxIaDnIkX |
| MD5: | 115563E32E20DA5BCE091141B11BAA7B |
| SHA1: | 10F644DEFBC17D72103BE3CA8DCE5B0411EB60DB |
| SHA-256: | 6858C46E0D7096A60C346A66978BE8AC2A675F8EB73C362C55C143F8B52FD5B0 |
| SHA-512: | 750834111865433886BE946F432A4114099C317EDF916687DAC8C443C400DD5D9E62D0BACFA3E6B143E65EA1DB9023F34F56CC574C8CDE442AAA55AFA22DB722 |
| Malicious: | false |
| Reputation: | low |
| Preview: |
| Process: | C:\Users\user\Desktop\lz8n630Nxt.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 2443 |
| Entropy (8bit): | 5.69547450486093 |
| Encrypted: | false |
| SSDEEP: | 48:0+IS21JmUxmxCI9K7JCGfIpvcT63HH/ysclal/Y2X0xIaDnIkS6RL:QS21JBGCUK7gGfIJcaHp/Y2kxIaDnIkX |
| MD5: | 115563E32E20DA5BCE091141B11BAA7B |
| SHA1: | 10F644DEFBC17D72103BE3CA8DCE5B0411EB60DB |
| SHA-256: | 6858C46E0D7096A60C346A66978BE8AC2A675F8EB73C362C55C143F8B52FD5B0 |
| SHA-512: | 750834111865433886BE946F432A4114099C317EDF916687DAC8C443C400DD5D9E62D0BACFA3E6B143E65EA1DB9023F34F56CC574C8CDE442AAA55AFA22DB722 |
| Malicious: | false |
| Reputation: | low |
| Preview: |
| Process: | C:\Users\user\Desktop\lz8n630Nxt.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 2443 |
| Entropy (8bit): | 5.69547450486093 |
| Encrypted: | false |
| SSDEEP: | 48:0+IS21JmUxmxCI9K7JCGfIpvcT63HH/ysclal/Y2X0xIaDnIkS6RL:QS21JBGCUK7gGfIJcaHp/Y2kxIaDnIkX |
| MD5: | 115563E32E20DA5BCE091141B11BAA7B |
| SHA1: | 10F644DEFBC17D72103BE3CA8DCE5B0411EB60DB |
| SHA-256: | 6858C46E0D7096A60C346A66978BE8AC2A675F8EB73C362C55C143F8B52FD5B0 |
| SHA-512: | 750834111865433886BE946F432A4114099C317EDF916687DAC8C443C400DD5D9E62D0BACFA3E6B143E65EA1DB9023F34F56CC574C8CDE442AAA55AFA22DB722 |
| Malicious: | false |
| Reputation: | low |
| Preview: |
| Process: | C:\Users\user\Desktop\lz8n630Nxt.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 2443 |
| Entropy (8bit): | 5.69547450486093 |
| Encrypted: | false |
| SSDEEP: | 48:0+IS21JmUxmxCI9K7JCGfIpvcT63HH/ysclal/Y2X0xIaDnIkS6RL:QS21JBGCUK7gGfIJcaHp/Y2kxIaDnIkX |
| MD5: | 115563E32E20DA5BCE091141B11BAA7B |
| SHA1: | 10F644DEFBC17D72103BE3CA8DCE5B0411EB60DB |
| SHA-256: | 6858C46E0D7096A60C346A66978BE8AC2A675F8EB73C362C55C143F8B52FD5B0 |
| SHA-512: | 750834111865433886BE946F432A4114099C317EDF916687DAC8C443C400DD5D9E62D0BACFA3E6B143E65EA1DB9023F34F56CC574C8CDE442AAA55AFA22DB722 |
| Malicious: | false |
| Reputation: | low |
| Preview: |
| Process: | C:\Users\user\Desktop\lz8n630Nxt.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 152 |
| Entropy (8bit): | 6.575960635236883 |
| Encrypted: | false |
| SSDEEP: | 3:Y3+xobGmfA+1REGplMDD1m+1Qq/rvTEVxcioXdAj6RsKF6FCxsHLRn:Y3+xBmoMLiaSLeu86sHeml |
| MD5: | 14294D4D7FB303786589BD598408563E |
| SHA1: | 0FB91AB0740246AA8918F7407BC607858C698C87 |
| SHA-256: | AE0E0E353EE8F6F72C997568A6BF5AF87B25A55C690418052301426A46DBFB71 |
| SHA-512: | BAF03C9ADE4EEAA37109CF9A5AFBC242549998CDC094B45FCDF5A2AB90FAD42F3CC35B2F84C06C30285973B2C8B72846AEB1239E53B3708F9793D3CB79B2ACD4 |
| Malicious: | false |
| Reputation: | low |
| Preview: |
| Process: | C:\Users\user\Desktop\lz8n630Nxt.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 2443 |
| Entropy (8bit): | 5.69547450486093 |
| Encrypted: | false |
| SSDEEP: | 48:0+IS21JmUxmxCI9K7JCGfIpvcT63HH/ysclal/Y2X0xIaDnIkS6RL:QS21JBGCUK7gGfIJcaHp/Y2kxIaDnIkX |
| MD5: | 115563E32E20DA5BCE091141B11BAA7B |
| SHA1: | 10F644DEFBC17D72103BE3CA8DCE5B0411EB60DB |
| SHA-256: | 6858C46E0D7096A60C346A66978BE8AC2A675F8EB73C362C55C143F8B52FD5B0 |
| SHA-512: | 750834111865433886BE946F432A4114099C317EDF916687DAC8C443C400DD5D9E62D0BACFA3E6B143E65EA1DB9023F34F56CC574C8CDE442AAA55AFA22DB722 |
| Malicious: | false |
| Reputation: | low |
| Preview: |
| Process: | C:\Users\user\Desktop\lz8n630Nxt.exe |
| File Type: | |
| Category: | modified |
| Size (bytes): | 2443 |
| Entropy (8bit): | 5.69547450486093 |
| Encrypted: | false |
| SSDEEP: | 48:0+IS21JmUxmxCI9K7JCGfIpvcT63HH/ysclal/Y2X0xIaDnIkS6RL:QS21JBGCUK7gGfIJcaHp/Y2kxIaDnIkX |
| MD5: | 115563E32E20DA5BCE091141B11BAA7B |
| SHA1: | 10F644DEFBC17D72103BE3CA8DCE5B0411EB60DB |
| SHA-256: | 6858C46E0D7096A60C346A66978BE8AC2A675F8EB73C362C55C143F8B52FD5B0 |
| SHA-512: | 750834111865433886BE946F432A4114099C317EDF916687DAC8C443C400DD5D9E62D0BACFA3E6B143E65EA1DB9023F34F56CC574C8CDE442AAA55AFA22DB722 |
| Malicious: | false |
| Reputation: | low |
| Preview: |
| Process: | C:\Users\user\Desktop\lz8n630Nxt.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 2443 |
| Entropy (8bit): | 5.69547450486093 |
| Encrypted: | false |
| SSDEEP: | 48:0+IS21JmUxmxCI9K7JCGfIpvcT63HH/ysclal/Y2X0xIaDnIkS6RL:QS21JBGCUK7gGfIJcaHp/Y2kxIaDnIkX |
| MD5: | 115563E32E20DA5BCE091141B11BAA7B |
| SHA1: | 10F644DEFBC17D72103BE3CA8DCE5B0411EB60DB |
| SHA-256: | 6858C46E0D7096A60C346A66978BE8AC2A675F8EB73C362C55C143F8B52FD5B0 |
| SHA-512: | 750834111865433886BE946F432A4114099C317EDF916687DAC8C443C400DD5D9E62D0BACFA3E6B143E65EA1DB9023F34F56CC574C8CDE442AAA55AFA22DB722 |
| Malicious: | false |
| Reputation: | low |
| Preview: |
| Process: | C:\Users\user\Desktop\lz8n630Nxt.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 2443 |
| Entropy (8bit): | 5.69547450486093 |
| Encrypted: | false |
| SSDEEP: | 48:0+IS21JmUxmxCI9K7JCGfIpvcT63HH/ysclal/Y2X0xIaDnIkS6RL:QS21JBGCUK7gGfIJcaHp/Y2kxIaDnIkX |
| MD5: | 115563E32E20DA5BCE091141B11BAA7B |
| SHA1: | 10F644DEFBC17D72103BE3CA8DCE5B0411EB60DB |
| SHA-256: | 6858C46E0D7096A60C346A66978BE8AC2A675F8EB73C362C55C143F8B52FD5B0 |
| SHA-512: | 750834111865433886BE946F432A4114099C317EDF916687DAC8C443C400DD5D9E62D0BACFA3E6B143E65EA1DB9023F34F56CC574C8CDE442AAA55AFA22DB722 |
| Malicious: | false |
| Reputation: | low |
| Preview: |
| Process: | C:\Users\user\Desktop\lz8n630Nxt.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 2443 |
| Entropy (8bit): | 5.69547450486093 |
| Encrypted: | false |
| SSDEEP: | 48:0+IS21JmUxmxCI9K7JCGfIpvcT63HH/ysclal/Y2X0xIaDnIkS6RL:QS21JBGCUK7gGfIJcaHp/Y2kxIaDnIkX |
| MD5: | 115563E32E20DA5BCE091141B11BAA7B |
| SHA1: | 10F644DEFBC17D72103BE3CA8DCE5B0411EB60DB |
| SHA-256: | 6858C46E0D7096A60C346A66978BE8AC2A675F8EB73C362C55C143F8B52FD5B0 |
| SHA-512: | 750834111865433886BE946F432A4114099C317EDF916687DAC8C443C400DD5D9E62D0BACFA3E6B143E65EA1DB9023F34F56CC574C8CDE442AAA55AFA22DB722 |
| Malicious: | false |
| Reputation: | low |
| Preview: |
| Process: | C:\Users\user\Desktop\lz8n630Nxt.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 2443 |
| Entropy (8bit): | 5.69547450486093 |
| Encrypted: | false |
| SSDEEP: | 48:0+IS21JmUxmxCI9K7JCGfIpvcT63HH/ysclal/Y2X0xIaDnIkS6RL:QS21JBGCUK7gGfIJcaHp/Y2kxIaDnIkX |
| MD5: | 115563E32E20DA5BCE091141B11BAA7B |
| SHA1: | 10F644DEFBC17D72103BE3CA8DCE5B0411EB60DB |
| SHA-256: | 6858C46E0D7096A60C346A66978BE8AC2A675F8EB73C362C55C143F8B52FD5B0 |
| SHA-512: | 750834111865433886BE946F432A4114099C317EDF916687DAC8C443C400DD5D9E62D0BACFA3E6B143E65EA1DB9023F34F56CC574C8CDE442AAA55AFA22DB722 |
| Malicious: | false |
| Preview: |
| Process: | C:\Users\user\Desktop\lz8n630Nxt.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 2443 |
| Entropy (8bit): | 5.69547450486093 |
| Encrypted: | false |
| SSDEEP: | 48:0+IS21JmUxmxCI9K7JCGfIpvcT63HH/ysclal/Y2X0xIaDnIkS6RL:QS21JBGCUK7gGfIJcaHp/Y2kxIaDnIkX |
| MD5: | 115563E32E20DA5BCE091141B11BAA7B |
| SHA1: | 10F644DEFBC17D72103BE3CA8DCE5B0411EB60DB |
| SHA-256: | 6858C46E0D7096A60C346A66978BE8AC2A675F8EB73C362C55C143F8B52FD5B0 |
| SHA-512: | 750834111865433886BE946F432A4114099C317EDF916687DAC8C443C400DD5D9E62D0BACFA3E6B143E65EA1DB9023F34F56CC574C8CDE442AAA55AFA22DB722 |
| Malicious: | false |
| Preview: |
| Process: | C:\Users\user\Desktop\lz8n630Nxt.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 2443 |
| Entropy (8bit): | 5.69547450486093 |
| Encrypted: | false |
| SSDEEP: | 48:0+IS21JmUxmxCI9K7JCGfIpvcT63HH/ysclal/Y2X0xIaDnIkS6RL:QS21JBGCUK7gGfIJcaHp/Y2kxIaDnIkX |
| MD5: | 115563E32E20DA5BCE091141B11BAA7B |
| SHA1: | 10F644DEFBC17D72103BE3CA8DCE5B0411EB60DB |
| SHA-256: | 6858C46E0D7096A60C346A66978BE8AC2A675F8EB73C362C55C143F8B52FD5B0 |
| SHA-512: | 750834111865433886BE946F432A4114099C317EDF916687DAC8C443C400DD5D9E62D0BACFA3E6B143E65EA1DB9023F34F56CC574C8CDE442AAA55AFA22DB722 |
| Malicious: | false |
| Preview: |
| Process: | C:\Users\user\Desktop\lz8n630Nxt.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 2443 |
| Entropy (8bit): | 5.69547450486093 |
| Encrypted: | false |
| SSDEEP: | 48:0+IS21JmUxmxCI9K7JCGfIpvcT63HH/ysclal/Y2X0xIaDnIkS6RL:QS21JBGCUK7gGfIJcaHp/Y2kxIaDnIkX |
| MD5: | 115563E32E20DA5BCE091141B11BAA7B |
| SHA1: | 10F644DEFBC17D72103BE3CA8DCE5B0411EB60DB |
| SHA-256: | 6858C46E0D7096A60C346A66978BE8AC2A675F8EB73C362C55C143F8B52FD5B0 |
| SHA-512: | 750834111865433886BE946F432A4114099C317EDF916687DAC8C443C400DD5D9E62D0BACFA3E6B143E65EA1DB9023F34F56CC574C8CDE442AAA55AFA22DB722 |
| Malicious: | false |
| Preview: |
| Process: | C:\Users\user\Desktop\lz8n630Nxt.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 2443 |
| Entropy (8bit): | 5.69547450486093 |
| Encrypted: | false |
| SSDEEP: | 48:0+IS21JmUxmxCI9K7JCGfIpvcT63HH/ysclal/Y2X0xIaDnIkS6RL:QS21JBGCUK7gGfIJcaHp/Y2kxIaDnIkX |
| MD5: | 115563E32E20DA5BCE091141B11BAA7B |
| SHA1: | 10F644DEFBC17D72103BE3CA8DCE5B0411EB60DB |
| SHA-256: | 6858C46E0D7096A60C346A66978BE8AC2A675F8EB73C362C55C143F8B52FD5B0 |
| SHA-512: | 750834111865433886BE946F432A4114099C317EDF916687DAC8C443C400DD5D9E62D0BACFA3E6B143E65EA1DB9023F34F56CC574C8CDE442AAA55AFA22DB722 |
| Malicious: | false |
| Preview: |
| Process: | C:\Users\user\Desktop\lz8n630Nxt.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 2443 |
| Entropy (8bit): | 5.69547450486093 |
| Encrypted: | false |
| SSDEEP: | 48:0+IS21JmUxmxCI9K7JCGfIpvcT63HH/ysclal/Y2X0xIaDnIkS6RL:QS21JBGCUK7gGfIJcaHp/Y2kxIaDnIkX |
| MD5: | 115563E32E20DA5BCE091141B11BAA7B |
| SHA1: | 10F644DEFBC17D72103BE3CA8DCE5B0411EB60DB |
| SHA-256: | 6858C46E0D7096A60C346A66978BE8AC2A675F8EB73C362C55C143F8B52FD5B0 |
| SHA-512: | 750834111865433886BE946F432A4114099C317EDF916687DAC8C443C400DD5D9E62D0BACFA3E6B143E65EA1DB9023F34F56CC574C8CDE442AAA55AFA22DB722 |
| Malicious: | false |
| Preview: |
| Process: | C:\Users\user\Desktop\lz8n630Nxt.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 2443 |
| Entropy (8bit): | 5.69547450486093 |
| Encrypted: | false |
| SSDEEP: | 48:0+IS21JmUxmxCI9K7JCGfIpvcT63HH/ysclal/Y2X0xIaDnIkS6RL:QS21JBGCUK7gGfIJcaHp/Y2kxIaDnIkX |
| MD5: | 115563E32E20DA5BCE091141B11BAA7B |
| SHA1: | 10F644DEFBC17D72103BE3CA8DCE5B0411EB60DB |
| SHA-256: | 6858C46E0D7096A60C346A66978BE8AC2A675F8EB73C362C55C143F8B52FD5B0 |
| SHA-512: | 750834111865433886BE946F432A4114099C317EDF916687DAC8C443C400DD5D9E62D0BACFA3E6B143E65EA1DB9023F34F56CC574C8CDE442AAA55AFA22DB722 |
| Malicious: | false |
| Preview: |
| Process: | C:\Users\user\Desktop\lz8n630Nxt.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 2443 |
| Entropy (8bit): | 5.69547450486093 |
| Encrypted: | false |
| SSDEEP: | 48:0+IS21JmUxmxCI9K7JCGfIpvcT63HH/ysclal/Y2X0xIaDnIkS6RL:QS21JBGCUK7gGfIJcaHp/Y2kxIaDnIkX |
| MD5: | 115563E32E20DA5BCE091141B11BAA7B |
| SHA1: | 10F644DEFBC17D72103BE3CA8DCE5B0411EB60DB |
| SHA-256: | 6858C46E0D7096A60C346A66978BE8AC2A675F8EB73C362C55C143F8B52FD5B0 |
| SHA-512: | 750834111865433886BE946F432A4114099C317EDF916687DAC8C443C400DD5D9E62D0BACFA3E6B143E65EA1DB9023F34F56CC574C8CDE442AAA55AFA22DB722 |
| Malicious: | false |
| Preview: |
| Process: | C:\Users\user\Desktop\lz8n630Nxt.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 57416 |
| Entropy (8bit): | 3.959870330931407 |
| Encrypted: | false |
| SSDEEP: | 384:uP067bQRJwY0DFdLYqvtj99P32dhjcHL0yl+K+XHH35hfB7/h+Dgqqh:uP0FJwY0Dv1v9LPl+K+XHH35hfB7/h+G |
| MD5: | C80E0181D643C5ACBA6F311E9E65B131 |
| SHA1: | 230E2B572968786D87EC375883CA10CF348AC7CD |
| SHA-256: | F78DFAE01E1D708CE9E3FD971AC87B47F4CCFBB09601959E4C1CACA18A6149BB |
| SHA-512: | B48A0319A06869228B727643C7956C8A3DB3F41E8734284A2B6AF85762691F545E380F71B598F8F41534BE3049ED50B7B4B3494AED07CE20551169EC2B5A8F32 |
| Malicious: | false |
| Preview: |
| Process: | C:\Users\user\Desktop\lz8n630Nxt.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 72 |
| Entropy (8bit): | 5.392147223664537 |
| Encrypted: | false |
| SSDEEP: | 3:nTXHCPQ6gl8O6FCxsHLRn:nTXio5l8eml |
| MD5: | C61B4A42D6DD4D79A170C50AE4FF9902 |
| SHA1: | 89ECB74B3D6BEDE518FA9F993A994DBA13322605 |
| SHA-256: | 60D3B8545716FB9C1F66AA8B86013825EE5CAA7BD4F669E7D83BAEC04544D4D3 |
| SHA-512: | E05352F2B6CBCDEB30CB041B9FA339D63A0C62885A16E5D4E68352CB88043A65B7B72BFDA13B69E8E61129DE240531D0FE9C1B7EE55252418527372A2347AF49 |
| Malicious: | false |
| Preview: |
| Process: | C:\Users\user\Desktop\lz8n630Nxt.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 65608 |
| Entropy (8bit): | 1.6475171834645614 |
| Encrypted: | false |
| SSDEEP: | 192:SSSxO36J6mkpKaDeFb4nWDVmTRbPhXuo7fMFj6NL4:96uos+uRrMUNL4 |
| MD5: | 34F442CD1D5AEB35C76FE09176D0549A |
| SHA1: | 3AFB98C3FC818706980458F6441C6CD16955B13A |
| SHA-256: | 1270869512C1804F0A0FC6414D50CED8E7046F4CA3158AF473525F49BD525C82 |
| SHA-512: | 71CC8ABB9281E491C39DD2B555567B6CF09B65F47E07400D0F32BB7BEA53B2FF83973641598FEF406C5D849CAF72F8777F004A1DA9A7B382253D96E8676D90AD |
| Malicious: | false |
| Preview: |
| Process: | C:\Users\user\Desktop\lz8n630Nxt.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 524360 |
| Entropy (8bit): | 1.5379434471939986 |
| Encrypted: | false |
| SSDEEP: | 1536:2POh/igLK/6ucY1iq+CrpvAdeLgUW1H6x48/8EdA53d8cDdF5Hq:2Wh/hL9ZY1iq+CadeLG1H6SXYAZ++jq |
| MD5: | 3F9EC2724FD5C498BCE589506C542B70 |
| SHA1: | 7E74F2D9951A1E5FA2384E5C8F3B7DE1A0D9A086 |
| SHA-256: | 6B0034260BA7488A4E886DE5582697386E7DCD7EEA1009F9B9951BD0F0E05D6A |
| SHA-512: | 9D723E6C2BD926F3F88BDCAA20800FB7DD163A3226630382B07D35E3DF0465A7447238BBCCFD2B4CF0DF90DFAEB3F43AD733397B77E7585D7F8E8B12FA1006F6 |
| Malicious: | false |
| Preview: |
| Process: | C:\Users\user\Desktop\lz8n630Nxt.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 524360 |
| Entropy (8bit): | 1.5381987617983295 |
| Encrypted: | false |
| SSDEEP: | 1536:quHDRQzeNlrC6Dv/JBbhgB2eHPBz45CTRJh9hBF52/k5lgDZN31UsNB:q4DllVv/JBNUVHRPTfhEKOtLUE |
| MD5: | 0BEB408BDD0735F7ADA5C282FACCFEAB |
| SHA1: | A15D2E086BBB06623C29F1694BF7EEE17E74009F |
| SHA-256: | 58715D24AD275DDB9FCCDAC53B3D5B71E5B56EE460E465B50A0E9FE81DD3A917 |
| SHA-512: | 63C30FDC3B355EB75AB3EA4929D60E7CBF3B766CDA7772910BC4C032A6124690534FECDEB5978A9655B215B61484B21036488E82B84A93B483C8EAC1EE0CF37E |
| Malicious: | false |
| Preview: |
| Process: | C:\Users\user\Desktop\lz8n630Nxt.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 2443 |
| Entropy (8bit): | 5.69547450486093 |
| Encrypted: | false |
| SSDEEP: | 48:0+IS21JmUxmxCI9K7JCGfIpvcT63HH/ysclal/Y2X0xIaDnIkS6RL:QS21JBGCUK7gGfIJcaHp/Y2kxIaDnIkX |
| MD5: | 115563E32E20DA5BCE091141B11BAA7B |
| SHA1: | 10F644DEFBC17D72103BE3CA8DCE5B0411EB60DB |
| SHA-256: | 6858C46E0D7096A60C346A66978BE8AC2A675F8EB73C362C55C143F8B52FD5B0 |
| SHA-512: | 750834111865433886BE946F432A4114099C317EDF916687DAC8C443C400DD5D9E62D0BACFA3E6B143E65EA1DB9023F34F56CC574C8CDE442AAA55AFA22DB722 |
| Malicious: | false |
| Preview: |
| Process: | C:\Users\user\Desktop\lz8n630Nxt.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 2443 |
| Entropy (8bit): | 5.69547450486093 |
| Encrypted: | false |
| SSDEEP: | 48:0+IS21JmUxmxCI9K7JCGfIpvcT63HH/ysclal/Y2X0xIaDnIkS6RL:QS21JBGCUK7gGfIJcaHp/Y2kxIaDnIkX |
| MD5: | 115563E32E20DA5BCE091141B11BAA7B |
| SHA1: | 10F644DEFBC17D72103BE3CA8DCE5B0411EB60DB |
| SHA-256: | 6858C46E0D7096A60C346A66978BE8AC2A675F8EB73C362C55C143F8B52FD5B0 |
| SHA-512: | 750834111865433886BE946F432A4114099C317EDF916687DAC8C443C400DD5D9E62D0BACFA3E6B143E65EA1DB9023F34F56CC574C8CDE442AAA55AFA22DB722 |
| Malicious: | false |
| Preview: |
| Process: | C:\Users\user\Desktop\lz8n630Nxt.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 2443 |
| Entropy (8bit): | 5.69547450486093 |
| Encrypted: | false |
| SSDEEP: | 48:0+IS21JmUxmxCI9K7JCGfIpvcT63HH/ysclal/Y2X0xIaDnIkS6RL:QS21JBGCUK7gGfIJcaHp/Y2kxIaDnIkX |
| MD5: | 115563E32E20DA5BCE091141B11BAA7B |
| SHA1: | 10F644DEFBC17D72103BE3CA8DCE5B0411EB60DB |
| SHA-256: | 6858C46E0D7096A60C346A66978BE8AC2A675F8EB73C362C55C143F8B52FD5B0 |
| SHA-512: | 750834111865433886BE946F432A4114099C317EDF916687DAC8C443C400DD5D9E62D0BACFA3E6B143E65EA1DB9023F34F56CC574C8CDE442AAA55AFA22DB722 |
| Malicious: | false |
| Preview: |
| Process: | C:\Users\user\Desktop\lz8n630Nxt.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 2443 |
| Entropy (8bit): | 5.69547450486093 |
| Encrypted: | false |
| SSDEEP: | 48:0+IS21JmUxmxCI9K7JCGfIpvcT63HH/ysclal/Y2X0xIaDnIkS6RL:QS21JBGCUK7gGfIJcaHp/Y2kxIaDnIkX |
| MD5: | 115563E32E20DA5BCE091141B11BAA7B |
| SHA1: | 10F644DEFBC17D72103BE3CA8DCE5B0411EB60DB |
| SHA-256: | 6858C46E0D7096A60C346A66978BE8AC2A675F8EB73C362C55C143F8B52FD5B0 |
| SHA-512: | 750834111865433886BE946F432A4114099C317EDF916687DAC8C443C400DD5D9E62D0BACFA3E6B143E65EA1DB9023F34F56CC574C8CDE442AAA55AFA22DB722 |
| Malicious: | false |
| Preview: |
| Process: | C:\Users\user\Desktop\lz8n630Nxt.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 152 |
| Entropy (8bit): | 6.5127393163261145 |
| Encrypted: | false |
| SSDEEP: | 3:7wTP5rwxPNutAIewVwHYUfBmlM0pPDYTaoLkUqLpM6MfcipzF6FCxsHLRn:7wtCuAjwaHBY1ETaoLkUwafyeml |
| MD5: | F0608486442E756B1C0C9A02E9AC454B |
| SHA1: | 623B58D08021CB3E54A9200D15B9192609D903B4 |
| SHA-256: | 67F203434D6E5071301F2830E20581482D5E31F71CF46FB96AF3C422D606CCE3 |
| SHA-512: | 148767C4B516C65D50CBA05D5EB16AE1B2F42C8ECF4148069954DCB64CD8128547F00D3BB3666EAE5252D273801B5F40DCDDB7ADC0216DCB984D8256B3E1C1E1 |
| Malicious: | false |
| Preview: |
| File type: | |
| Entropy (8bit): | 6.420499115109873 |
| TrID: |
|
| File name: | lz8n630Nxt.exe |
| File size: | 502272 |
| MD5: | 3b3a50b242841e1789a919b1291051f1 |
| SHA1: | 7b74a50352bb16ba94201c8a9e35b3c1d8a9dc8c |
| SHA256: | 9f3c1668ee44bfcd1afd599215f5bd73c76609776b78cb04bb6ef1121cc80d37 |
| SHA512: | ee56efff743ace5d667536acc2134d1f8add17cf8c19787e37a0b86d1a12cf975a26e8920cdf5b5941b698fc0fc5d1450852f80afef95de0e84f254433e39e77 |
| SSDEEP: | 6144:7Y0LySTPTe8hgrHgNFvHKELxSwy4GFY7s/7p2CAVO8x3ohRlIOibFQ:7vGaPTe8SgDKElS9NZ7pjAD3oXribW |
| File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........)i..H...H...H...#...H...#...H...#..^H...#...H...H..fH..D9...H..D9...H..D9...H..b:...H..b:...H..Rich.H..................PE..d.. |
 | |
| Icon Hash: | 00828e8e8686b000 |
| Entrypoint: | 0x140030f8c |
| Entrypoint Section: | .text |
| Digitally signed: | false |
| Imagebase: | 0x140000000 |
| Subsystem: | windows gui |
| Image File Characteristics: | EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE |
| DLL Characteristics: | TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT, HIGH_ENTROPY_VA |
| Time Stamp: | 0x62224949 [Fri Mar 4 17:15:53 2022 UTC] |
| TLS Callbacks: | |
| CLR (.Net) Version: | |
| OS Version Major: | 6 |
| OS Version Minor: | 0 |
| File Version Major: | 6 |
| File Version Minor: | 0 |
| Subsystem Version Major: | 6 |
| Subsystem Version Minor: | 0 |
| Import Hash: | 5fc54744cef988b57c81266931fa99ba |
| Instruction |
|---|
| dec eax |
| sub esp, 28h |
| call 00007FECFC9CFD74h |
| dec eax |
| add esp, 28h |
| jmp 00007FECFC9CF4EFh |
| int3 |
| int3 |
| inc eax |
| push ebx |
| dec eax |
| sub esp, 20h |
| dec eax |
| mov ebx, ecx |
| xor ecx, ecx |
| call dword ptr [0002A30Fh] |
| dec eax |
| mov ecx, ebx |
| call dword ptr [0002A2FEh] |
| call dword ptr [0002A188h] |
| dec eax |
| mov ecx, eax |
| mov edx, C0000409h |
| dec eax |
| add esp, 20h |
| pop ebx |
| dec eax |
| jmp dword ptr [0002A17Ch] |
| dec eax |
| mov dword ptr [esp+08h], ecx |
| dec eax |
| sub esp, 38h |
| mov ecx, 00000017h |
| call 00007FECFC9D1E78h |
| test eax, eax |
| je 00007FECFC9CF679h |
| mov ecx, 00000002h |
| int 29h |
| dec eax |
| lea ecx, dword ptr [00047447h] |
| call 00007FECFC9CF83Fh |
| dec eax |
| mov eax, dword ptr [esp+38h] |
| dec eax |
| mov dword ptr [0004752Eh], eax |
| dec eax |
| lea eax, dword ptr [esp+38h] |
| dec eax |
| add eax, 08h |
| dec eax |
| mov dword ptr [000474BEh], eax |
| dec eax |
| mov eax, dword ptr [00047517h] |
| dec eax |
| mov dword ptr [00047388h], eax |
| dec eax |
| mov eax, dword ptr [esp+40h] |
| dec eax |
| mov dword ptr [0004748Ch], eax |
| mov dword ptr [00047362h], C0000409h |
| mov dword ptr [0004735Ch], 00000001h |
| mov dword ptr [00047366h], 00000001h |
| mov eax, 00000008h |
| Name | Virtual Address | Virtual Size | Is in Section |
|---|---|---|---|
| IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_IMPORT | 0x73efc | 0x78 | .rdata |
| IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x7a000 | 0x3870 | .pdata |
| IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x7f000 | 0xe7c | .reloc |
| IMAGE_DIRECTORY_ENTRY_DEBUG | 0x6d458 | 0x1c | .rdata |
| IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_TLS | 0x6d600 | 0x28 | .rdata |
| IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x6d480 | 0x138 | .rdata |
| IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_IAT | 0x5b000 | 0x470 | .rdata |
| IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
| Name | Virtual Address | Virtual Size | Raw Size | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
|---|---|---|---|---|---|---|---|---|
| .text | 0x1000 | 0x59e0c | 0x5a000 | False | 0.500775824653 | zlib compressed data | 6.52711501846 | IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ |
| .rdata | 0x5b000 | 0x19e16 | 0x1a000 | False | 0.456392728365 | data | 5.25838898481 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
| .data | 0x75000 | 0x4b34 | 0x1a00 | False | 0.170222355769 | data | 3.42088422234 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ |
| .pdata | 0x7a000 | 0x3870 | 0x3a00 | False | 0.477033943966 | data | 5.68368991205 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
| _RDATA | 0x7e000 | 0x94 | 0x200 | False | 0.212890625 | data | 1.44880110252 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
| .reloc | 0x7f000 | 0xe7c | 0x1000 | False | 0.37109375 | data | 5.26067870138 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ |
| DLL | Import |
|---|---|
| SHELL32.dll | SHEmptyRecycleBinA |
| ADVAPI32.dll | OpenSCManagerA, CryptGenRandom, CryptAcquireContextW, CloseServiceHandle, ControlService, EnumDependentServicesA, QueryServiceStatusEx, OpenServiceA, CryptReleaseContext |
| RstrtMgr.DLL | RmStartSession, RmEndSession, RmRegisterResources, RmGetList |
| MPR.dll | WNetCloseEnum, WNetEnumResourceW, WNetOpenEnumW, WNetGetConnectionW |
| KERNEL32.dll | lstrcpyW, FlushFileBuffers, HeapSize, WriteConsoleW, HeapReAlloc, SetEnvironmentVariableW, FreeEnvironmentStringsW, GetEnvironmentStringsW, GetOEMCP, GetACP, IsValidCodePage, FindFirstFileExW, ReadConsoleW, HeapAlloc, HeapFree, GetProcessHeap, InitializeCriticalSection, EnterCriticalSection, LeaveCriticalSection, ReleaseSemaphore, WaitForSingleObject, lstrlenW, CreateSemaphoreA, FindFirstVolumeW, FindNextVolumeW, FindVolumeClose, GetDriveTypeW, GetVolumePathNamesForVolumeNameW, CloseHandle, GetLastError, Sleep, GetCurrentProcess, TerminateProcess, OpenProcess, GetTickCount, GetProcAddress, lstrcmpW, SetVolumeMountPointW, CreateToolhelp32Snapshot, Process32FirstW, Process32NextW, MultiByteToWideChar, GetCurrentThreadId, CreateFileW, FindClose, FindFirstFileW, FindNextFileW, GetFileSizeEx, GetLogicalDrives, ReadFile, SetFileAttributesW, SetFilePointerEx, WriteFile, CreateMutexW, OpenMutexW, WaitForMultipleObjects, GetCurrentProcessId, CreateThread, ExitThread, SetProcessShutdownParameters, GetSystemInfo, FreeLibrary, lstrcmpiW, lstrcatW, MoveFileExW, WideCharToMultiByte, MoveFileW, DeleteCriticalSection, InitializeCriticalSectionAndSpinCount, SetEvent, ResetEvent, WaitForSingleObjectEx, CreateEventW, GetModuleHandleW, RtlCaptureContext, RtlLookupFunctionEntry, RtlVirtualUnwind, UnhandledExceptionFilter, SetUnhandledExceptionFilter, IsProcessorFeaturePresent, IsDebuggerPresent, GetStartupInfoW, QueryPerformanceCounter, GetSystemTimeAsFileTime, InitializeSListHead, FormatMessageA, GetStringTypeW, LocalFree, EncodePointer, DecodePointer, SetLastError, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, CompareStringW, LCMapStringW, GetLocaleInfoW, GetCPInfo, SetEndOfFile, RtlPcToFileHeader, RaiseException, RtlUnwindEx, LoadLibraryExW, GetTimeZoneInformation, GetCommandLineA, GetCommandLineW, DeleteFileW, GetFileType, GetConsoleOutputCP, GetConsoleMode, ExitProcess, GetModuleHandleExW, GetModuleFileNameW, GetStdHandle, IsValidLocale, GetUserDefaultLCID, EnumSystemLocalesW, SetStdHandle |
Key Decision
Richest Path
Thread / callback creation
Lower opacity -> Library Node⊘No network behavior found
Click to jump to process
Click to jump to process
| Target ID: | 0 |
| Start time: | 10:00:33 |
| Start date: | 14/03/2022 |
| Path: | C:\Users\user\Desktop\lz8n630Nxt.exe |
| Wow64 process (32bit): | false |
| Commandline: | |
| Imagebase: | 0x7ff7162b0000 |
| File size: | 502272 bytes |
| MD5 hash: | 3B3A50B242841E1789A919B1291051F1 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Reputation: | low |
⊘No disassembly
