Gridinsoft Logo
File Icon

The LB_Loader.exe File Analysis

Updated 1 year ago
Checked by Malware Check
LB_Loader.exe

Technical Analysis

File Name LB_Loader.exe
File Type
Win32 EXE
Magic Bytes MS-DOS executable PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows, MZ for MS-DOS
SSDEEP Hash
1536:dd9inScEKKIc6cHiRQf+1FedqHz9kZ13:d7inwKKIcxk1F6YkD3
Scanner Version 1.0.181.174
Database Version 2024-07-01 11:00:12 UTC

Suspicious File Detected

Detected by 39 security engines - requires caution

This file requires additional checking for potential threats. Based on suspicious indicators, we will soon add it to our virus database.
55%
Detection Rate
65,536
File Size (bytes)
39/71
Engines Detected
2024-07-01
Analysis Date

Scan Another File

File Identification

Hash Type Value Action
MD5
09ddcb6e72b6d96f0ef5f27265044882
SHA1
92122321db4cb3a24ef4d36ee69896fcaeb6b4c2
SHA256
e21e9f75188c9e546102b5c08da0e9c06a99ca75be7ef48dc1fafaff114616bf
SHA512
37cc31cb1b504e1a29fd861f533223cec3190cbc9d8c7bddb83df1527ea36ed68808e854972ff8e75567ccc6eb12642e7ad44e63e887a51dc608c870d90b554d
ImpHash
1ecf6b89fcca9155f09762161b0e68b6

Security Engines with Detections (39 of 71)

Bkav
W64.AIDetectMalware Malicious
Lionic
Hacktool.Win32.Loader.3!c Malicious
AVG
Win64:Malware-gen Malicious
Elastic
malicious (high confidence) Malicious
MicroWorld-eScan
Application.Generic.3660029 Malicious
FireEye
Application.Generic.3660029 Malicious
Skyhigh
BehavesLike.Win64.Scrambler.kc Malicious
McAfee
Artemis!09DDCB6E72B6 Malicious
Malwarebytes
Generic.Malware/Suspicious Malicious
VIPRE
Application.Generic.3660029 Malicious
Sangfor
Hacktool.Win64.Loader.Vodg Malicious
K7AntiVirus
Unwanted-Program ( 00596a311 ) Malicious
K7GW
Unwanted-Program ( 00596a311 ) Malicious
VirIT
Trojan.Win64.Genus.BJH Malicious
Symantec
ML.Attribute.HighConfidence Malicious
ESET-NOD32
a variant of Win64/HackTool.Loader.B potentially unsafe Malicious
Cynet
Malicious (score: 100) Malicious
Avast
Win64:Malware-gen Malicious
BitDefender
Application.Generic.3660029 Malicious
Emsisoft
Application.Generic.3660029 (B) Malicious
Zillya
Tool.Loader.Win64.2 Malicious
Trapmine
malicious.high.ml.score Malicious
Sophos
Generic Reputation PUA (PUA) Malicious
Ikarus
PUA.HackTool.Loader Malicious
Webroot
W32.Infostealer.Zeus Malicious
Varist
W64/ABRisk.SOLR-3735 Malicious
Antiy-AVL
HackTool/Win64.Loader Malicious
Microsoft
Trojan:Win32/Wacatac.A!ml Malicious
Arcabit
Application.Generic.D37D8FD Malicious
GData
Application.Generic.3660029 Malicious
Google
Detected Malicious
ALYac
Application.Generic.3660029 Malicious
Cylance
unsafe Malicious
Rising
HackTool.Loader!8.1EA2 (TFE:5:6fA3jrmwcIM) Malicious
MAX
malware (ai score=76) Malicious
MaxSecure
Trojan.Malware.300983.susgen Malicious
Fortinet
Riskware/Loader Malicious
DeepInstinct
MALICIOUS Malicious
alibabacloud
HackTool:Win/Loader.B Malicious
32 engines reported no threats - Only engines with detections are shown above for clarity

PE Analysis

Basic Information

Icon
Hash: 619a5444c312a2055cdd9bc13020e91d
Fuzzy: 533119128a059018470c34bd30500597
dHash: b8664f3061e0c4e0
Image Base 0x00400000
Entry Point 0x0043f33a
Compilation Time 2018-04-16 21:59:10
Checksum 0x0001909f (Actual: 0x0001909f)
OS Version 5.2
PEiD Signatures MS-DOS executable PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows, MZ for MS-DOS
Digital Signature The PE file does not contain a certificate table.
Imports 10 libraries
KERNEL32, shell32, psapi, ole32, version, user32, oleaut32, advapi32, gdi32, ntdll
Exports 2 functions
Resources 4 Resources
Sections 3 Sections

PE Sections

Name Virtual Address Virtual Size Raw Size Entropy Characteristics MD5
.MPRESS1 0x00001000 253,952 bytes 54,784 bytes 8.00 (Packed/Encrypted) IMAGE_SCN_CNT_CODE|IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_CNT_UNINITIALIZED_DATA|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 8DCBD978368F8BE570B10CC38C338A8C
.MPRESS2 0x0003f000 4,228 bytes 4,608 bytes 5.22 (Normal) IMAGE_SCN_CNT_CODE|IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_CNT_UNINITIALIZED_DATA|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 6DDDFCCD5D45A6F72D42DF9DEFF32354
.rsrc 0x00041000 5,376 bytes 5,632 bytes 5.79 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE E8057B1706DEADD486C8E649D3BFE86E
Entropy Analysis Alert

1 section(s) with high entropy (≥7.5) detected - possible packing/encryption

Resource Analysis

Total Resources: 4 (5,407 bytes)
Resource Type Count Total Size Percentage
RT_ICON 1 4,264 bytes
78.9%
RT_RCDATA 1 368 bytes
6.8%
RT_GROUP_ICON 1 20 bytes
0.4%
RT_MANIFEST 1 755 bytes
14%

Certificate Chain Analysis

No Digital Signatures

This file is not digitally signed.

Security Implications:
  • Cannot verify the publisher's identity
  • Increased security risk when running this file
  • May trigger security warnings on some systems

⚠ This file either lacks a digital signature or the certificate chain could not be verified
Exercise caution when executing unsigned files from unknown sources

Certificate Verification Status

The PE file does not contain a certificate table.

Recommendation: Verify the file source and ensure it comes from a trusted publisher.

Remember: This is Result of Online Virus Scanner

Gridinsoft Anti-Malware has a much more powerful virus scanning engine. We recommend using it for a more precise diagnosis of infected systems. This brief guide will help you install our flagship product for more accurate diagnostics:

Download Anti-Malware

Keep Your System Protected

This file appears clean, but regular security maintenance is important

  1. Regular Scans: Run weekly system scans to detect new threats before they can cause damage.
  2. Keep Software Updated: Ensure your operating system and all applications have the latest security patches.
  3. Safe Browsing: Avoid suspicious websites and never download software from untrusted sources.
  4. Email Security: Be cautious with email attachments and links, even from known contacts.
Proactive Protection
39 antivirus engines detected potential threats. This could be a false positive, especially for system tools or packed software. Verify the file source and check if it's digitally signed by a trusted publisher.

Leave a Comment

Share your thoughts or insights about this file. Do you align with our conclusion?

* Your feedback could influence our rating, and rest assured, your email will remain confidential and will only be used to communicate with you if necessary.
Your Score for

Gridinsoft Anti-Malware

Cure your PC from any kind of malware

GridinSoft Anti-Malware will help you to protect your computer from spyware, trojans, backdoors, rootkits. It cleans your system from annoying advertisement modules and other malicious stuff developed by hackers.

Anti-Malware Download Now
Gridinsoft Anti-Malware