The AXS_Temp_1.exe File Analysis

Updated 1 year ago

Checked by Malaware Check

AXS_Temp_1.exe

Technical Analysis

File Name	AXS_Temp_1.exe
File Type	Win32 EXE
Magic Bytes	`PE32+ executable (console) x86-64, for MS Windows`
SSDEEP Hash	24576:CWnFP2ey/3Y5gIfbtEjZrijbQez6sC4vqGPEn7kVbP9egHPPwIdsTG6Ut26dISAz:2+f/nU7DdWUyo
Scanner Version	1.0.155.174
Database Version	2024-01-23 14:02:08 UTC

⚠

Suspicious File Detected

Detected by 27 security engines - requires caution

This file requires additional checking for potential threats. Based on suspicious indicators, we will soon add it to our virus database.

Lazy is a Trojan designed to download and install additional malware payloads on infected systems while operating with stealth techniques.

39%

Detection Rate

1,462,272

File Size (bytes)

27/70

Engines Detected

2024-01-23

Analysis Date

Scan Another File

File Identification

Hash Type	Value	Action
MD5	913845fcadb61cba1cf9ded77d228045
SHA1	d4c1ba28c937ef07ca599dd10525a8dfb584938c
SHA256	bb190d24f29a6cccfc51f65f7cdb8e04b99de8096a4cf07519e29f9867719060
SHA512	3ef0c163acb6f1d4e06af8a7d6ae2bdb3cede405c8288d77d2ab2d5abcb7ed77add8787dbae6abb4a25e99f530a659de524c037b601ed672047f1569492b2294
ImpHash	96f918f30481a008330e628084cda784

Security Engines with Detections (27 of 70)

MicroWorld-eScan

Gen:Variant.Lazy.356139 Malicious

Skyhigh

BehavesLike.Win64.Dropper.tm Malicious

Malwarebytes

Crypt.Trojan.MSIL.DDS Malicious

VIPRE

Gen:Variant.Lazy.356139 Malicious

Sangfor

Suspicious.Win32.Save.a Malicious

Cybereason

malicious.8c937e Malicious

Symantec

ML.Attribute.HighConfidence Malicious

Elastic

malicious (high confidence) Malicious

ESET-NOD32

a variant of Win64/GenKryptik.GHEK Malicious

Cynet

Malicious (score: 100) Malicious

APEX

Malicious Malicious

BitDefender

Gen:Variant.Lazy.356139 Malicious

Avast

Win64:Microcin-A [Bd] Malicious

Emsisoft

Gen:Variant.Lazy.356139 (B) Malicious

DrWeb

Tool.VulnDriver.6 Malicious

FireEye

Gen:Variant.Lazy.356139 Malicious

Ikarus

Trojan.Win64.Krypt Malicious

GData

Gen:Variant.Lazy.356139 Malicious

Varist

W64/Agent.IDJ.gen!Eldorado Malicious

Arcabit

Trojan.Lazy.D56F2B Malicious

Microsoft

Program:Win32/Wacapew.C!ml Malicious

Google

Detected Malicious

ALYac

Gen:Variant.Lazy.356139 Malicious

SentinelOne

Static AI - Suspicious PE Malicious

AVG

Win64:Microcin-A [Bd] Malicious

DeepInstinct

MALICIOUS Malicious

CrowdStrike

win/malicious_confidence_90% (D) Malicious

43 engines reported no threats - Only engines with detections are shown above for clarity

PE Analysis

Basic Information

▼

Icon	Hash: d93ef55264c2990fa0448ae04cf63ac2 Fuzzy: a5895050b9319b47ff421f6746b5a9cd dHash: 90c0c8d4d4ca00c8
Image Base	`0x140000000`
Entry Point	`0x14010f294`
Compilation Time	2024-01-23 11:36:51
Checksum	0x00000000 (Actual: 0x0017074f)
OS Version	6.0
PEiD Signatures	`PE32+ executable (console) x86-64, for MS Windows`
PDB Path	`C:\Users\levid\Desktop\Loader\x64\Release\AXS_Temp.pdb`
Digital Signature	The PE file does not contain a certificate table.
Imports	27 libraries
Exports	0 functions
Resources	8 Resources
Sections	8 Sections

PE Sections

▼

Name	Virtual Address	Virtual Size	Raw Size	Entropy	Characteristics	MD5
`.text`	`0x00001000`	1,119,904 bytes	1,120,256 bytes	5.92 (Normal)	`IMAGE_SCN_CNT_CODE\|IMAGE_SCN_MEM_EXECUTE\|IMAGE_SCN_MEM_READ`	`1BFBBE498BFBCB638E5A1897C28AB7A7`
`.rdata`	`0x00113000`	158,620 bytes	158,720 bytes	6.03 (Normal)	`IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ`	`5843ED547606BD1ECAD1AA8C725586A5`
`.data`	`0x0013a000`	32,352 bytes	28,160 bytes	6.25 (Normal)	`IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ\|IMAGE_SCN_MEM_WRITE`	`E18A88159D7A4BC24053F5B1F2927E4E`
`.pdata`	`0x00142000`	22,848 bytes	23,040 bytes	5.96 (Normal)	`IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ`	`32886FC04B138AE2B812B123E1B5E09F`
`.detourc`	`0x00148000`	8,688 bytes	8,704 bytes	2.27 (Normal)	`IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ`	`F71781DD0F8CAC0B3056D9EF31A3D06A`
`.detourd`	`0x0014b000`	24 bytes	512 bytes	0.12 (Normal)	`IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ\|IMAGE_SCN_MEM_WRITE`	`EDDA25907019E5CC74C177F6952E5E4B`
`.rsrc`	`0x0014c000`	119,048 bytes	119,296 bytes	3.20 (Normal)	`IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ`	`B37F2D4E53BBBD7DFDE2A7BEC175448C`
`.reloc`	`0x0016a000`	2,536 bytes	2,560 bytes	5.37 (Normal)	`IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_DISCARDABLE\|IMAGE_SCN_MEM_READ`	`FB57FC1F87A869E19DD601B2C8DC130E`

Resource Analysis

▼

Total Resources: 8 (118,558 bytes)

Resource Type	Count	Total Size	Percentage
RT_ICON	6	118,076 bytes	99.6%
RT_GROUP_ICON	1	90 bytes	0.1%
RT_MANIFEST	1	392 bytes	0.3%

Certificate Chain Analysis

▼