Gridinsoft Logo
File Icon

The Data.jpg (WPS Office) File Analysis

Updated 1 year ago
Checked by Malaware Check
Data.jpg

Technical Analysis

File Name Data.jpg
File Type
Win32 EXE
Magic Bytes PE32+ executable (GUI) x86-64, for MS Windows
SSDEEP Hash
6144:iObuWXepKAEKTASpW4rl5cQJwQ//oh63dHJUr30ssSY:VyOesAEYAoW4cQdnoE3dpU/q
Scanner Version 1.0.170.174
Database Version 2024-03-29 09:00:28 UTC

Suspicious File Detected

Detected by 14 security engines - requires caution

This file requires additional checking for potential threats. Based on suspicious indicators, we will soon add it to our virus database.

Lazy is a Trojan designed to download and install additional malware payloads on infected systems while operating with stealth techniques.
19%
Detection Rate
412,160
File Size (bytes)
14/72
Engines Detected
2024-03-29
Analysis Date

Scan Another File

File Identification

Hash Type Value Action
MD5
60dc0540bf15fc8a06fc42cf57b1afe8
SHA1
3e9036d7c6239b60cf434ee61601d300894da9be
SHA256
9fb0cadb43852b580257b9c57a835bf622613a309c90bfb1360d449e70a10e42
SHA512
85a814c42e96bcef96f9f0697322a126e7ad813a0b3ad6396847ef3190d48c0f58545fc6e89ca032f881a4e6a2b325b4074309ad11c2408e227b49e0b5718a47
ImpHash
1ff2373aca12c07ffc37d3a2a077d58f

Security Engines with Detections (14 of 72)

Elastic
malicious (high confidence) Malicious
MicroWorld-eScan
Gen:Variant.Lazy.219988 Malicious
ALYac
Gen:Variant.Lazy.219988 Malicious
VIPRE
Gen:Variant.Lazy.219988 Malicious
Arcabit
Trojan.Lazy.D35B54 Malicious
Symantec
ML.Attribute.HighConfidence Malicious
APEX
Malicious Malicious
BitDefender
Gen:Variant.Lazy.219988 Malicious
Emsisoft
Gen:Variant.Lazy.219988 (B) Malicious
FireEye
Gen:Variant.Lazy.219988 Malicious
GData
Gen:Variant.Lazy.219988 Malicious
MAX
malware (ai score=82) Malicious
Cybereason
malicious.0bf15f Malicious
DeepInstinct
MALICIOUS Malicious
58 engines reported no threats - Only engines with detections are shown above for clarity

PE Analysis

Basic Information

Icon
Hash: dcca3a068111996aa9b9c26ef8c8bc4b
Fuzzy: 4c409918fb3432d0718fdf401787eeb3
dHash: be63d2d1649459a6
Image Base 0x140000000
Entry Point 0x140006880
Compilation Time 2024-03-25 01:31:56
Checksum 0x00000000 (Actual: 0x000745e2)
OS Version 6.0
PEiD Signatures PE32+ executable (GUI) x86-64, for MS Windows
Digital Signature The PE file does not contain a certificate table.
Imports 3 libraries
KERNEL32, USER32, ADVAPI32
Exports 0 functions
Resources 10 Resources
Sections 7 Sections

Version Information

FileDescription WPS Office
FileVersion 11,1,0,14309
ProductName WPS Office
ProductVersion 11,1,0,14309
CompanyName Zhuhai Kingsoft Office Software Co.,Ltd
InternalName ksolaunch
OriginalFilename ksolaunch.exe
Translation 0x0409 0x04b0

PE Sections

Name Virtual Address Virtual Size Raw Size Entropy Characteristics MD5
.text 0x00001000 149,348 bytes 149,504 bytes 6.50 (Compressed) IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ BC0B7D94408A0F96521A576D5C238FC9
.rdata 0x00026000 72,580 bytes 72,704 bytes 5.08 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ FCC6BFFD83339443B94D84F00A7D39E5
.data 0x00038000 10,424 bytes 4,608 bytes 2.89 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 827DD3E7B91D0924F9608A98DC85A954
.pdata 0x0003b000 8,424 bytes 8,704 bytes 5.21 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 5DD0743BC383C319839D4C8D3FC5D863
_RDATA 0x0003e000 348 bytes 512 bytes 2.78 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 78A45B0566D048DED02ABAF26443A26B
.rsrc 0x0003f000 176,128 bytes 172,544 bytes 5.75 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 4B506D980989C6CC7479DA575B8F3E84
.reloc 0x0006a000 2,352 bytes 2,560 bytes 5.27 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ 5796CB87E82759EA30DFC7AA7B425F0B
Entropy Analysis Alert

1 section(s) with elevated entropy (≥6.5) - possible compression

Resource Analysis

Total Resources: 10 (171,554 bytes)
Resource Type Count Total Size Percentage
RT_ICON 8 170,696 bytes
99.5%
RT_GROUP_ICON 1 118 bytes
0.1%
RT_VERSION 1 740 bytes
0.4%

Certificate Chain Analysis

Certificate Information
Product WPS Office
Description WPS Office
File Version 11,1,0,14309
Original Name ksolaunch.exe
Internal Name ksolaunch

✓ This file has been digitally signed and the certificate chain has been verified

  • The signature ensures file integrity and authenticity from the publisher
  • Timestamping proves when the signature was applied
Certificate Verification Status

The PE file does not contain a certificate table.

Recommendation: Verify the file source and ensure it comes from a trusted publisher.

Remember: This is Result of Online Virus Scanner

Gridinsoft Anti-Malware has a much more powerful virus scanning engine. We recommend using it for a more precise diagnosis of infected systems. This brief guide will help you install our flagship product for more accurate diagnostics:

Download Anti-Malware

Keep Your System Protected

This file appears clean, but regular security maintenance is important

  1. Regular Scans: Run weekly system scans to detect new threats before they can cause damage.
  2. Keep Software Updated: Ensure your operating system and all applications have the latest security patches.
  3. Safe Browsing: Avoid suspicious websites and never download software from untrusted sources.
  4. Email Security: Be cautious with email attachments and links, even from known contacts.
Proactive Protection
14 antivirus engines detected potential threats. This could be a false positive, especially for system tools or packed software. Verify the file source and check if it's digitally signed by a trusted publisher.

Leave a Comment

Share your thoughts or insights about this file. Do you align with our conclusion?

* Your feedback could influence our rating, and rest assured, your email will remain confidential and will only be used to communicate with you if necessary.
Your Score for

Gridinsoft Anti-Malware

Cure your PC from any kind of malware

GridinSoft Anti-Malware will help you to protect your computer from spyware, trojans, backdoors, rootkits. It cleans your system from annoying advertisement modules and other malicious stuff developed by hackers.

Anti-Malware Download Now
Gridinsoft Anti-Malware