The LightBurn_Loader.exe File Analysis

Updated 1 year ago

Checked by Malware Check

LightBurn_Loader.exe

Technical Analysis

File Name	LightBurn_Loader.exe
File Type	Win32 EXE
Magic Bytes	`MS-DOS executable PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows, MZ for MS-DOS`
SSDEEP Hash	1536:hS66m5uer0PphYZISYEKeFQMYtAUTkzbWOuG0C:hS66xhY3YJeRYtAUTk/WOH
Scanner Version	1.0.182.174
Database Version	2024-07-16 08:00:33 UTC

⚠

Suspicious File Detected

Detected by 17 security engines - requires caution

This file requires additional checking for potential threats. Based on suspicious indicators, we will soon add it to our virus database.

34%

Detection Rate

65,536

File Size (bytes)

17/50

Engines Detected

2024-07-16

Analysis Date

Scan Another File

File Identification

Hash Type	Value	Action
MD5	b022d6d8cd7f31a84dc35c582ba4b5f7
SHA1	7810119064d5c4d27feb8ff90b991b48730b1ebb
SHA256	3284e32e453ffd83d720be4ce59206312768a8333e60492d92af960f7b4e001b
SHA512	f7b15653639f8ea1c5c5b0daa2748ad0268248a09a585fdfdcb5d5489667ac2b604ecd1783d06f3a87cd69386f800a00d67737a99826edbc68f190cb42522f76
ImpHash	1ecf6b89fcca9155f09762161b0e68b6

Security Engines with Detections (17 of 50)

Bkav

W64.AIDetectMalware Malicious

Lionic

Hacktool.Win32.Loader.3!c Malicious

Elastic

malicious (high confidence) Malicious

Cylance

Unsafe Malicious

Sangfor

Hacktool.Win32.Loader.Vjmr Malicious

Symantec

ML.Attribute.HighConfidence Malicious

APEX

Malicious Malicious

McAfeeD

ti!3284E32E453F Malicious

Trapmine

malicious.moderate.ml.score Malicious

Ikarus

PUA.HackTool.Loader Malicious

Webroot

W32.Adware.Gen Malicious

Antiy-AVL

HackTool/Win64.Loader Malicious

Cynet

Malicious (score: 100) Malicious

Malwarebytes

Malware.AI.2419722128 Malicious

Fortinet

Riskware/Loader Malicious

DeepInstinct

MALICIOUS Malicious

CrowdStrike

win/malicious_confidence_70% (D) Malicious

33 engines reported no threats - Only engines with detections are shown above for clarity

PE Analysis

Basic Information

▼

Icon	Hash: 619a5444c312a2055cdd9bc13020e91d Fuzzy: 533119128a059018470c34bd30500597 dHash: b8664f3061e0c4e0
Image Base	`0x00400000`
Entry Point	`0x0043f33a`
Compilation Time	2018-04-16 21:59:10
Checksum	0x0001e001 (Actual: 0x0001e001)
OS Version	5.2
PEiD Signatures	`MS-DOS executable PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows, MZ for MS-DOS`
Digital Signature	The PE file does not contain a certificate table.
Imports	10 libraries KERNEL32, shell32, psapi, ole32, version, user32, oleaut32, advapi32, gdi32, ntdll
Exports	2 functions
Resources	4 Resources
Sections	3 Sections

PE Sections

▼

Name	Virtual Address	Virtual Size	Raw Size	Entropy	Characteristics	MD5
`.MPRESS1`	`0x00001000`	253,952 bytes	54,272 bytes	8.00 (Packed/Encrypted)	`IMAGE_SCN_CNT_CODE\|IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_CNT_UNINITIALIZED_DATA\|IMAGE_SCN_MEM_EXECUTE\|IMAGE_SCN_MEM_READ\|IMAGE_SCN_MEM_WRITE`	`EF5B55D5C15E9D7AC702145FFFE410E3`
`.MPRESS2`	`0x0003f000`	4,228 bytes	4,608 bytes	5.22 (Normal)	`IMAGE_SCN_CNT_CODE\|IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_CNT_UNINITIALIZED_DATA\|IMAGE_SCN_MEM_EXECUTE\|IMAGE_SCN_MEM_READ\|IMAGE_SCN_MEM_WRITE`	`6DDDFCCD5D45A6F72D42DF9DEFF32354`
`.rsrc`	`0x00041000`	5,656 bytes	6,144 bytes	5.66 (Normal)	`IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ\|IMAGE_SCN_MEM_WRITE`	`260BC464E6A7010F0D197F3496176DB6`

Entropy Analysis Alert

1 section(s) with high entropy (≥7.5) detected - possible packing/encryption

Resource Analysis

▼

Total Resources: 4 (5,317 bytes)

Resource Type	Count	Total Size	Percentage
RT_ICON	1	4,264 bytes	80.2%
RT_RCDATA	1	278 bytes	5.2%
RT_GROUP_ICON	1	20 bytes	0.4%
RT_MANIFEST	1	755 bytes	14.2%

Certificate Chain Analysis

▼

No Digital Signatures

This file is not digitally signed.

Security Implications:

Cannot verify the publisher's identity
Increased security risk when running this file
May trigger security warnings on some systems

⚠ This file either lacks a digital signature or the certificate chain could not be verified
Exercise caution when executing unsigned files from unknown sources

Certificate Verification Status

The PE file does not contain a certificate table.

Recommendation: Verify the file source and ensure it comes from a trusted publisher.

Remember: This is Result of Online Virus Scanner

Gridinsoft Anti-Malware has a much more powerful virus scanning engine. We recommend using it for a more precise diagnosis of infected systems. This brief guide will help you install our flagship product for more accurate diagnostics:

Download Anti-Malware

Keep Your System Protected

This file appears clean, but regular security maintenance is important

Regular Scans: Run weekly system scans to detect new threats before they can cause damage.
Keep Software Updated: Ensure your operating system and all applications have the latest security patches.
Safe Browsing: Avoid suspicious websites and never download software from untrusted sources.
Email Security: Be cautious with email attachments and links, even from known contacts.

Proactive Protection

17 antivirus engines detected potential threats. This could be a false positive, especially for system tools or packed software. Verify the file source and check if it's digitally signed by a trusted publisher.

Share your thoughts or insights about this file. Do you align with our conclusion?

* Your feedback could influence our rating, and rest assured, your email will remain confidential and will only be used to communicate with you if necessary.

Your Score for

5 4 3 2 1