The File-Cult.of.the.Lamb.v1.4.6.241.ALL.DLC_90792.exe (NanaZip Self Extracting Executable (Setup)) File Analysis

Updated 1 month ago

Checked by Malaware Check

File-Cult.of.the.Lamb.v1.4.6.241.ALL.DLC_90792.exe

Technical Analysis

File Name	File-Cult.of.the.Lamb.v1.4.6.241.ALL.DLC_90792.exe
File Type	Win32 EXE
Magic Bytes	`PE32 executable (GUI) Intel 80386, for MS Windows`
SSDEEP Hash	196608:/gLHk8T3OgaObKz1nn9049g21sgD4/qcFU:uHpT3O3kK5t9PrD41m
Scanner Version	1.0.214.174
Database Version	2025-04-18 20:00:18 UTC

⚠

Suspicious File Detected

Detected by 6 security engines - requires caution

This file requires additional checking for potential threats. Based on suspicious indicators, we will soon add it to our virus database.

Detection Rate

6,807,896

File Size (bytes)

6/72

Engines Detected

2025-04-18

Analysis Date

Scan Another File

File Identification

Hash Type	Value	Action
MD5	3952805a4e8967c761f8eac8f8b17fe0
SHA1	074c535a8568204d4ece10ea906e89b0e9e4c8bb
SHA256	5dc1a02f55da6a48e7f9a8ec91a351450553b7d63ec575f2bf2d708d0b0aeff9
SHA512	440578c0f49fcd4cdd03984d7e9a1062876167b6926443a24927190c201cca0b8e3c92f9bc745ed44f187d79998b88053fc4939d54a6762f6d0b1cd53d760ee2
ImpHash	ea20bb47baaa6882942de239c4756b3a

Security Engines with Detections (6 of 72)

Elastic

malicious (moderate confidence) Malicious

Cylance

Unsafe Malicious

CrowdStrike

win/grayware_confidence_70% (D) Malicious

Trapmine

malicious.high.ml.score Malicious

Microsoft

PUADlManager:Win32/Snackarcin Malicious

AhnLab-V3

Malware/Win.Generic.C5742331 Malicious

66 engines reported no threats - Only engines with detections are shown above for clarity

PE Analysis

Basic Information

▼

Icon	Hash: 9444da76f58f480c32690dc4a694343d Fuzzy: 797e4ccc8616cb455e9cb4660db66123 dHash: 34f4ccfcfcd4f0e0
Image Base	`0x00400000`
Entry Point	`0x0051c860`
Compilation Time	2025-03-06 18:58:16
Checksum	0x0068226f (Actual: 0x0068226f)
OS Version	6.0
PEiD Signatures	`PE32 executable (GUI) Intel 80386, for MS Windows`
Digital Signature	OK
Imports	11 libraries
Exports	0 functions
Resources	15 Resources
Sections	7 Sections

Version Information

▼

FileDescription	NanaZip Self Extracting Executable (Setup)
FileVersion	5.0.1283.0
InternalName	NanaZip.Core.Sfx.Setup
LegalCopyright	© M2-Team and Contributors. All rights reserved.
OriginalFilename	NanaZip.Core.Setup.sfx
ProductName	NanaZip
ProductVersion	5.0.1283.0
Translation	0x0000 0x04b0

PE Sections

▼

Name	Virtual Address	Virtual Size	Raw Size	Entropy	Characteristics	MD5
`.text`	`0x00001000`	1,240,426 bytes	1,240,576 bytes	5.91 (Normal)	`IMAGE_SCN_CNT_CODE\|IMAGE_SCN_MEM_EXECUTE\|IMAGE_SCN_MEM_READ`	`47A5AB851042468E9610A5E95922B576`
`.rdata`	`0x00130000`	80,044 bytes	80,384 bytes	5.08 (Normal)	`IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ`	`B3F18A1A52BD56D95BA88263EE603F92`
`.data`	`0x00144000`	611,336 bytes	585,216 bytes	7.99 (Packed/Encrypted)	`IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ\|IMAGE_SCN_MEM_WRITE`	`31AF672AD4EA08205D2EAA21538B9A8D`
`.detourc`	`0x001da000`	4,512 bytes	4,608 bytes	2.72 (Normal)	`IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ`	`08DAA666AD563F7DF7BCC5945F2C899C`
`.detourd`	`0x001dc000`	12 bytes	512 bytes	0.07 (Normal)	`IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ\|IMAGE_SCN_MEM_WRITE`	`1D7D80E8B5CE8C86E7C833467964B6AE`
`.rsrc`	`0x001dd000`	76,416 bytes	76,800 bytes	6.12 (Normal)	`IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ`	`1A55B97885EB82C8FABA625FB40FD581`
`.reloc`	`0x001f0000`	23,856 bytes	24,064 bytes	6.55 (Compressed)	`IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_DISCARDABLE\|IMAGE_SCN_MEM_READ`	`F7D7F9A2CDAF53084E779B55B91078BB`

Entropy Analysis Alert

1 section(s) with high entropy (≥7.5) detected - possible packing/encryption

1 section(s) with elevated entropy (≥6.5) - possible compression

Resource Analysis

▼

Total Resources: 15 (75,516 bytes)

Resource Type	Count	Total Size	Percentage
RT_ICON	8	72,827 bytes	96.4%
RT_DIALOG	1	144 bytes	0.2%
RT_STRING	3	232 bytes	0.3%
RT_GROUP_ICON	1	118 bytes	0.2%
RT_VERSION	1	816 bytes	1.1%
RT_MANIFEST	1	1,379 bytes	1.8%

Certificate Chain Analysis

▼

Certificate Information

Product	NanaZip
Description	NanaZip Self Extracting Executable (Setup)
File Version	5.0.1283.0
Original Name	NanaZip.Core.Setup.sfx
Internal Name	NanaZip.Core.Sfx.Setup
Copyright	© M2-Team and Contributors. All rights reserved.

Certificate Chain Summary

GlobalSign GCC R45 EV CodeSigning CA 2020 #1 Primary

Validity Period: 2020-07-28 00:00:00 → 2030-07-28 00:00:00

Signature Algorithm: sha256RSA

Serial Number: 77 BD 0E 05 B7 59 0B B6 1D 47 61 53 1E 3F 75 ED

Virtual Property Group, Inc. #2 Chain

Validity Period: 2024-03-20 20:09:39 → 2025-03-21 20:09:39

Signature Algorithm: sha256RSA

Serial Number: 52 28 C1 7B 4D 8F 5E 90 F3 F4 7F 61

Globalsign TSA for CodeSign1 - R6 - 202311 #3 Chain

Validity Period: 2023-11-07 17:13:40 → 2034-12-09 17:13:40

Signature Algorithm: sha256RSA

Serial Number: 01 9B EA DE C8 4D 6B 8F F7 6C 3A 9F 2E 01 24 16

GlobalSign Timestamping CA - SHA384 - G4 #4 Chain

Validity Period: 2018-06-20 00:00:00 → 2034-12-10 00:00:00

Signature Algorithm: sha384RSA

Serial Number: 01 EC 1C 92 40 DE FD 2E 40 5D 7C 47 74

GlobalSign #5 Chain

Validity Period: 2014-12-10 00:00:00 → 2034-12-10 00:00:00

Signature Algorithm: sha384RSA

Serial Number: 45 E6 BB 03 83 33 C3 85 65 48 E6 FF 45 51

✓ This file has been digitally signed and the certificate chain has been verified

The signature ensures file integrity and authenticity from the publisher
Timestamping proves when the signature was applied

Certificate Verification Status

Remember: This is Result of Online Virus Scanner

Gridinsoft Anti-Malware has a much more powerful virus scanning engine. We recommend using it for a more precise diagnosis of infected systems. This brief guide will help you install our flagship product for more accurate diagnostics:

Download Anti-Malware

Keep Your System Protected

This file appears clean, but regular security maintenance is important

Regular Scans: Run weekly system scans to detect new threats before they can cause damage.
Keep Software Updated: Ensure your operating system and all applications have the latest security patches.
Safe Browsing: Avoid suspicious websites and never download software from untrusted sources.
Email Security: Be cautious with email attachments and links, even from known contacts.

Proactive Protection

6 antivirus engines detected potential threats. This could be a false positive, especially for system tools or packed software. Verify the file source and check if it's digitally signed by a trusted publisher.

Share your thoughts or insights about this file. Do you align with our conclusion?

* Your feedback could influence our rating, and rest assured, your email will remain confidential and will only be used to communicate with you if necessary.

Your Score for

5 4 3 2 1

The File-Cult.of.the.Lamb.v1.4.6.241.ALL.DLC_90792.exe (NanaZip Self Extracting Executable (Setup)) File Analysis

Technical Analysis

Suspicious File Detected

Scan Another File

File Identification

Security Engines with Detections (6 of 72)

PE Analysis

Basic Information

Version Information

PE Sections

Entropy Analysis Alert

Resource Analysis

Certificate Chain Analysis

Certificate Information

Certificate Chain Summary

Certificate Verification Status

Remember: This is Result of Online Virus Scanner

Keep Your System Protected

Leave a Comment

Gridinsoft Anti-Malware