Gridinsoft Logo
File Icon

The LB_Loader.exe File Analysis

Updated 11 days ago
Checked by Malware Check
LB_Loader.exe

Technical Analysis

File Name LB_Loader.exe
File Type
Win32 EXE
Magic Bytes MS-DOS executable PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows, MZ for MS-DOS
SSDEEP Hash
1536:dd9inScEKKIc6cHiRQf+1FedqHz9kZ13:d7inwKKIcxk1F6YkD3
Scanner Version 1.0.231.174
Database Version 2025-12-31 02:00:41 UTC

Suspicious File Detected

Detected by 43 security engines - requires caution

This file requires additional checking for potential threats. Based on suspicious indicators, we will soon add it to our virus database.
60%
Detection Rate
65,536
File Size (bytes)
43/72
Engines Detected
2025-12-31
Analysis Date

Scan Another File

File Identification

Hash Type Value Action
MD5
09ddcb6e72b6d96f0ef5f27265044882
SHA1
92122321db4cb3a24ef4d36ee69896fcaeb6b4c2
SHA256
e21e9f75188c9e546102b5c08da0e9c06a99ca75be7ef48dc1fafaff114616bf
SHA512
37cc31cb1b504e1a29fd861f533223cec3190cbc9d8c7bddb83df1527ea36ed68808e854972ff8e75567ccc6eb12642e7ad44e63e887a51dc608c870d90b554d
ImpHash
1ecf6b89fcca9155f09762161b0e68b6

Security Engines with Detections (43 of 72)

Bkav
W64.AIDetectMalware Malicious
Lionic
Hacktool.Win32.Loader.3!c Malicious
Elastic
malicious (moderate confidence) Malicious
MicroWorld-eScan
Application.Generic.3660029 Malicious
CTX
exe.hacktool.loader Malicious
CAT-QuickHeal
Trojan.Ghanarava.1741335885044882 Malicious
Skyhigh
BehavesLike.Win64.Generic.kc Malicious
ALYac
Application.Generic.3660029 Malicious
Malwarebytes
Malware.Heuristic.2126 Malicious
Zillya
Tool.Loader.Win64.2 Malicious
Sangfor
Hacktool.Win64.Loader.Veyw Malicious
K7AntiVirus
Unwanted-Program ( 00596a311 ) Malicious
K7GW
Unwanted-Program ( 00596a311 ) Malicious
CrowdStrike
win/malicious_confidence_70% (W) Malicious
VirIT
Trojan.Win64.Genus.BJH Malicious
Symantec
ML.Attribute.HighConfidence Malicious
ESET-NOD32
a variant of Win64/HackTool.Loader.B potentially unsafe Malicious
BitDefender
Application.Generic.3660029 Malicious
Avast
Win64:Malware-gen Malicious
Rising
HackTool.Loader!8.1EA2 (TFE:5:6fA3jrmwcIM) Malicious
Emsisoft
Application.Generic.3660029 (B) Malicious
VIPRE
Application.Generic.3660029 Malicious
McAfeeD
ti!E21E9F75188C Malicious
Trapmine
malicious.high.ml.score Malicious
Sophos
Generic Reputation PUA (PUA) Malicious
Ikarus
PUA.HackTool.Loader Malicious
GData
Application.Generic.3660029 Malicious
Webroot
W32.Infostealer.Zeus Malicious
Google
Detected Malicious
Varist
W64/ABRisk.SOLR-3735 Malicious
Antiy-AVL
HackTool/Win64.Loader Malicious
Arcabit
Application.Generic.D37D8FD Malicious
Microsoft
HackTool:Win32/Loader!pz Malicious
Cynet
Malicious (score: 100) Malicious
Cylance
Unsafe Malicious
Panda
PUP/Injector Malicious
Yandex
Riskware.HackTool!evrcZ5aL8UI Malicious
TrellixENS
Artemis!09DDCB6E72B6 Malicious
MaxSecure
Trojan.Malware.248812324.susgen Malicious
Fortinet
Riskware/Loader Malicious
AVG
Win64:Malware-gen Malicious
DeepInstinct
MALICIOUS Malicious
alibabacloud
HackTool:Win/Loader.B Malicious
29 engines reported no threats - Only engines with detections are shown above for clarity

PE Analysis

Basic Information

Icon
Hash: 619a5444c312a2055cdd9bc13020e91d
Fuzzy: 533119128a059018470c34bd30500597
dHash: b8664f3061e0c4e0
Image Base 0x00400000
Entry Point 0x0043f33a
Compilation Time 2018-04-16 21:59:10
Checksum 0x0001909f (Actual: 0x0001909f)
OS Version 5.2
PEiD Signatures MS-DOS executable PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows, MZ for MS-DOS
Digital Signature No valid SignedData structure was found.
Imports 10 libraries
KERNEL32, shell32, psapi, ole32, version, user32, oleaut32, advapi32, gdi32, ntdll
Exports 2 functions
Resources 4 Resources
Sections 3 Sections

PE Sections

Name Virtual Address Virtual Size Raw Size Entropy Characteristics MD5
.MPRESS1 0x00001000 253,952 bytes 54,784 bytes 8.00 (Packed/Encrypted) IMAGE_SCN_CNT_CODE|IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_CNT_UNINITIALIZED_DATA|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 8DCBD978368F8BE570B10CC38C338A8C
.MPRESS2 0x0003f000 4,228 bytes 4,608 bytes 5.22 (Normal) IMAGE_SCN_CNT_CODE|IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_CNT_UNINITIALIZED_DATA|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 6DDDFCCD5D45A6F72D42DF9DEFF32354
.rsrc 0x00041000 5,376 bytes 5,632 bytes 5.79 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE E8057B1706DEADD486C8E649D3BFE86E
Entropy Analysis Alert

1 section(s) with high entropy (≥7.5) detected - possible packing/encryption

Resource Analysis

Total Resources: 4 (5,407 bytes)
Resource Type Count Total Size Percentage
RT_ICON 1 4,264 bytes
78.9%
RT_RCDATA 1 368 bytes
6.8%
RT_GROUP_ICON 1 20 bytes
0.4%
RT_MANIFEST 1 755 bytes
14%

Certificate Chain Analysis

No Digital Signatures

This file is not digitally signed.

Security Implications:
  • Cannot verify the publisher's identity
  • Increased security risk when running this file
  • May trigger security warnings on some systems

⚠ This file either lacks a digital signature or the certificate chain could not be verified
Exercise caution when executing unsigned files from unknown sources

Certificate Verification Status

No valid SignedData structure was found.

Recommendation: Verify the file source and ensure it comes from a trusted publisher.

Remember: This is Result of Online Virus Scanner

Gridinsoft Anti-Malware has a much more powerful virus scanning engine. We recommend using it for a more precise diagnosis of infected systems. This brief guide will help you install our flagship product for more accurate diagnostics:

Download Anti-Malware

Keep Your System Protected

This file appears clean, but regular security maintenance is important

  1. Regular Scans: Run weekly system scans to detect new threats before they can cause damage.
  2. Keep Software Updated: Ensure your operating system and all applications have the latest security patches.
  3. Safe Browsing: Avoid suspicious websites and never download software from untrusted sources.
  4. Email Security: Be cautious with email attachments and links, even from known contacts.
Proactive Protection
43 antivirus engines detected potential threats. This could be a false positive, especially for system tools or packed software. Verify the file source and check if it's digitally signed by a trusted publisher.

Leave a Comment

Share your thoughts or insights about this file. Do you align with our conclusion?

Your feedback could influence our rating, and rest assured, your email will remain confidential and will only be used to communicate with you if necessary.

Your Score for
/

Gridinsoft Anti-Malware

Stay Malware-Free: Keep Your PC Protected with Gridinsoft Anti-Malware

Gridinsoft Anti-Malware offers just that—peace of mind with a robust, user-friendly solution that’s constantly updated to combat the latest threats. Designed by cybersecurity experts, it provides real-time protection and effortless malware removal. It’s not just about detecting threats; it's about enhancing your digital life with uninterrupted security. Give it a try and experience what it feels like to browse worry-free!

Gridinsoft Anti-Malware Download Now
Gridinsoft Anti-Malware