Gridinsoft Logo

The MapEditor.asi File Analysis

Updated 1 year ago
Checked by Malaware Check
MapEditor.asi

Technical Analysis

File Name MapEditor.asi
File Type
Win32 DLL
Magic Bytes PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
SSDEEP Hash
24576:mkUvb2/4R7U7EkpIGXqPsFqsB+hezIhSMXlfXv3:8vb2AQ7kw4lsBF0f3
Scanner Version 1.0.141.174
Database Version 2023-10-05 10:06:47 UTC

Suspicious File Detected

Detected by 19 security engines - requires caution

This file requires additional checking for potential threats. Based on suspicious indicators, we will soon add it to our virus database.

Lazy is a Trojan designed to download and install additional malware payloads on infected systems while operating with stealth techniques.
29%
Detection Rate
1,210,880
File Size (bytes)
19/66
Engines Detected
2023-10-05
Analysis Date

Scan Another File

File Identification

Hash Type Value Action
MD5
248302be000f6749f387c077cf2035a8
SHA1
6bfdb2b98bb65df62f40683e7c2c56012f0aca8c
SHA256
556c74a11598f0d3511c7414bebd14beb4dff22a5134783d2c087c7a14dcdfbf
SHA512
f1ad674fca99a901e6af40392fef3574c04d2cc7de4ba93d44718a8ccaad72cbd6c2aef5ff1b17939eafc854d6f4697fff57ccb46d64f6a11d726780025f16a8
ImpHash
fcdf804a2363a4bb119deab5d2fc336a

Security Engines with Detections (19 of 66)

Bkav
W32.AIDetect.malware2 Malicious
Elastic
malicious (high confidence) Malicious
MicroWorld-eScan
Gen:Variant.Lazy.110256 Malicious
McAfee
GenericRXPU-AX!248302BE000F Malicious
APEX
Malicious Malicious
BitDefender
Gen:Variant.Lazy.110256 Malicious
Ad-Aware
Gen:Variant.Lazy.110256 Malicious
Emsisoft
Gen:Variant.Lazy.110256 (B) Malicious
McAfee-GW-Edition
BehavesLike.Win32.Generic.th Malicious
FireEye
Generic.mg.248302be000f6749 Malicious
Sophos
Generic ML PUA (PUA) Malicious
SentinelOne
Static AI - Malicious PE Malicious
GData
Gen:Variant.Lazy.110256 Malicious
MAX
malware (ai score=82) Malicious
Arcabit
Trojan.Lazy.D1AEB0 Malicious
Cynet
Malicious (score: 100) Malicious
BitDefenderTheta
Gen:NN.ZedlaF.34712.jv4@aW791smi Malicious
ALYac
Gen:Variant.Lazy.110256 Malicious
VBA32
BScope.Trojan.Sabsik.FL Malicious
47 engines reported no threats - Only engines with detections are shown above for clarity

PE Analysis

Basic Information

Image Base 0x10000000
Entry Point 0x1009f194
Compilation Time 2022-05-20 08:37:03
Checksum 0x00000000 (Actual: 0x001308c1)
OS Version 6.0
PEiD Signatures PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
PDB Path F:\GTASanAndreas\MapEditor.pdb
Digital Signature The PE file does not contain a certificate table.
Imports 7 libraries
d3dx9_43, urlmon, KERNEL32, USER32, SHELL32, IMM32, D3DCOMPILER_47
Exports 0 functions
Resources 1 Resources
Sections 5 Sections

PE Sections

Name Virtual Address Virtual Size Raw Size Entropy Characteristics MD5
.text 0x00001000 825,528 bytes 825,856 bytes 6.64 (Compressed) IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ 6B2FAB8B4B123C1386B1C902804B7DF2
.rdata 0x000cb000 274,558 bytes 274,944 bytes 6.42 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 096024AA5107011765004C3D818CF718
.data 0x0010f000 203,164 bytes 69,120 bytes 4.92 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 89FC3EE7D171C98027006237FAB3DC84
.rsrc 0x00141000 480 bytes 512 bytes 4.72 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ DA0CDC5D17FE304226B44020BFF18714
.reloc 0x00142000 39,208 bytes 39,424 bytes 6.65 (Compressed) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ 404B1DAFC7C682497EBFF0F98A80CEE8
Entropy Analysis Alert

2 section(s) with elevated entropy (≥6.5) - possible compression

Resource Analysis

Total Resources: 1 (381 bytes)
Resource Type Count Total Size Percentage
RT_MANIFEST 1 381 bytes
100%

Certificate Chain Analysis

No Digital Signatures

This file is not digitally signed.

Security Implications:
  • Cannot verify the publisher's identity
  • Increased security risk when running this file
  • May trigger security warnings on some systems

⚠ This file either lacks a digital signature or the certificate chain could not be verified
Exercise caution when executing unsigned files from unknown sources

Certificate Verification Status

The PE file does not contain a certificate table.

Recommendation: Verify the file source and ensure it comes from a trusted publisher.

Remember: This is Result of Online Virus Scanner

Gridinsoft Anti-Malware has a much more powerful virus scanning engine. We recommend using it for a more precise diagnosis of infected systems. This brief guide will help you install our flagship product for more accurate diagnostics:

Download Anti-Malware

Keep Your System Protected

This file appears clean, but regular security maintenance is important

  1. Regular Scans: Run weekly system scans to detect new threats before they can cause damage.
  2. Keep Software Updated: Ensure your operating system and all applications have the latest security patches.
  3. Safe Browsing: Avoid suspicious websites and never download software from untrusted sources.
  4. Email Security: Be cautious with email attachments and links, even from known contacts.
Proactive Protection
19 antivirus engines detected potential threats. This could be a false positive, especially for system tools or packed software. Verify the file source and check if it's digitally signed by a trusted publisher.

Leave a Comment

Share your thoughts or insights about this file. Do you align with our conclusion?

* Your feedback could influence our rating, and rest assured, your email will remain confidential and will only be used to communicate with you if necessary.
Your Score for

Gridinsoft Anti-Malware

Cure your PC from any kind of malware

GridinSoft Anti-Malware will help you to protect your computer from spyware, trojans, backdoors, rootkits. It cleans your system from annoying advertisement modules and other malicious stuff developed by hackers.

Anti-Malware Download Now
Gridinsoft Anti-Malware