popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

LZ.exe

Gen1 UPX Malicious Library Malicious Packer Anti_VM PE64 PE File OS Processor Check ZIP Format DLL
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6403_us March 10, 2023, 4:51 p.m. March 10, 2023, 4:54 p.m.
Size 11.3MB
Type PE32+ executable (console) x86-64, for MS Windows
MD5 282df7bcb720a5b6f409caf9ccda2f75
SHA256 3cc5ee93a9ba1fc57389705283b760c8bd61f35e9398bbfa3210e2becf6d4b05
CRC32 D0E598EE
ssdeep 196608:0cHu78K//UoEkXuWJysVYvsOfhumHhtdIQLOMIdiwXa6vTVzy/BOfN1XZuoJnB:Bu7L//HEnWJIuahtaL/dg67RywfNxZuu
Yara
  • UPX_Zero - UPX packed file
  • Malicious_Library_Zero - Malicious_Library
  • OS_Processor_Check_Zero - OS Processor Check
  • IsPE64 - (no description)
  • PE_Header_Zero - PE File Signature

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Time & API Arguments Status Return Repeated

WriteConsoleW

 buffer: usage: LZ.exe [-h] [-version] {all,browsers,chats,databases,games,git,mails,maven,memory,multimedia,php,svn,sysadmin,windows,wifi,unused} ... |====================================================================| | | | The LaZagne Project | | | | ! BANG BANG ! | | | |====================================================================| positional arguments: {all,browsers,chats,databases,games,git,mails,maven,memory,multimedia,php,svn,sysadmin,windows,wifi,unused} Choose a main command all Run all modules browsers Run browsers module chats Run chats module databases Run databases module games Run games module git Run git module mails Run mails module maven Run maven module memory Run memory module multimedia Run multimedia module php Run php module svn Run svn module sysadmin Run sysadmin module windows Run windows module wifi Run wifi module unused Run unused module optional arguments: -h, --help show this help message and exit -version laZagne version
console_handle: 0x0000000000000007
1 1 0
Time & API Arguments Status Return Repeated

GlobalMemoryStatusEx

 1 1 0
section .gfids
Time & API Arguments Status Return Repeated

NtAllocateVirtualMemory

 process_identifier: 2156
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x0000000000630000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffffffffffff
1 0 0
file C:\Users\test22\AppData\Local\Temp\_MEI20722\VCRUNTIME140.dll
file C:\Users\test22\AppData\Local\Temp\_MEI20722\api-ms-win-core-file-l1-2-0.dll
file C:\Users\test22\AppData\Local\Temp\_MEI20722\api-ms-win-core-localization-l1-2-0.dll
file C:\Users\test22\AppData\Local\Temp\_MEI20722\api-ms-win-core-processenvironment-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\_MEI20722\libcrypto-1_1.dll
file C:\Users\test22\AppData\Local\Temp\_MEI20722\api-ms-win-crt-convert-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\_MEI20722\api-ms-win-core-synch-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\_MEI20722\api-ms-win-crt-process-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\_MEI20722\api-ms-win-crt-locale-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\_MEI20722\api-ms-win-crt-utility-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\_MEI20722\api-ms-win-crt-heap-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\_MEI20722\sqlite3.dll
file C:\Users\test22\AppData\Local\Temp\_MEI20722\api-ms-win-core-libraryloader-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\_MEI20722\api-ms-win-crt-conio-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\_MEI20722\api-ms-win-core-errorhandling-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\_MEI20722\api-ms-win-core-file-l2-1-0.dll
file C:\Users\test22\AppData\Local\Temp\_MEI20722\api-ms-win-core-synch-l1-2-0.dll
file C:\Users\test22\AppData\Local\Temp\_MEI20722\api-ms-win-crt-runtime-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\_MEI20722\api-ms-win-core-interlocked-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\_MEI20722\ucrtbase.dll
file C:\Users\test22\AppData\Local\Temp\_MEI20722\api-ms-win-core-string-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\_MEI20722\api-ms-win-core-file-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\_MEI20722\api-ms-win-core-rtlsupport-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\_MEI20722\api-ms-win-core-util-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\_MEI20722\api-ms-win-core-datetime-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\_MEI20722\api-ms-win-crt-string-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\_MEI20722\api-ms-win-crt-environment-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\_MEI20722\api-ms-win-crt-time-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\_MEI20722\msvcr100.dll
file C:\Users\test22\AppData\Local\Temp\_MEI20722\python37.dll
file C:\Users\test22\AppData\Local\Temp\_MEI20722\api-ms-win-core-heap-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\_MEI20722\api-ms-win-core-console-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\_MEI20722\api-ms-win-core-memory-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\_MEI20722\api-ms-win-core-sysinfo-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\_MEI20722\api-ms-win-core-processthreads-l1-1-1.dll
file C:\Users\test22\AppData\Local\Temp\_MEI20722\libssl-1_1.dll
file C:\Users\test22\AppData\Local\Temp\_MEI20722\api-ms-win-crt-filesystem-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\_MEI20722\api-ms-win-crt-math-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\_MEI20722\api-ms-win-core-processthreads-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\_MEI20722\api-ms-win-crt-stdio-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\_MEI20722\msvcp100.dll
file C:\Users\test22\AppData\Local\Temp\_MEI20722\api-ms-win-core-debug-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\_MEI20722\api-ms-win-core-profile-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\_MEI20722\api-ms-win-core-namedpipe-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\_MEI20722\api-ms-win-core-timezone-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\_MEI20722\api-ms-win-core-handle-l1-1-0.dll
section {u'size_of_data': u'0x0000ec00', u'virtual_address': u'0x00046000', u'entropy': 7.297139614323312, u'name': u'.rsrc', u'virtual_size': u'0x0000ea38'} entropy 7.29713961432 description A section with a high entropy has been found
entropy 0.220973782772 description Overall entropy of this PE file is high
file C:\Users\test22\AppData\Local\Temp\_MEI20722\api-ms-win-core-synch-l1-2-0.dll
file C:\Users\test22\AppData\Local\Temp\_MEI20722\api-ms-win-core-processenvironment-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\_MEI20722\api-ms-win-crt-heap-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\_MEI20722\api-ms-win-core-errorhandling-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\_MEI20722\_sqlite3.pyd
file C:\Users\test22\AppData\Local\Temp\_MEI20722\Crypto\Cipher\_raw_des.pyd
file C:\Users\test22\AppData\Local\Temp\_MEI20722\Crypto\Hash\_poly1305.pyd
file C:\Users\test22\AppData\Local\Temp\_MEI20722\_lzma.pyd
file C:\Users\test22\AppData\Local\Temp\_MEI20722\ucrtbase.dll
file C:\Users\test22\AppData\Local\Temp\_MEI20722\Crypto\Cipher\_raw_cfb.pyd
file C:\Users\test22\AppData\Local\Temp\_MEI20722\_hashlib.pyd
file C:\Users\test22\AppData\Local\Temp\_MEI20722\api-ms-win-core-datetime-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\_MEI20722\_cffi_backend.cp37-win_amd64.pyd
file C:\Users\test22\AppData\Local\Temp\_MEI20722\Crypto\Cipher\_raw_ocb.pyd
file C:\Users\test22\AppData\Local\Temp\_MEI20722\api-ms-win-core-timezone-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\_MEI20722\msvcr100.dll
file C:\Users\test22\AppData\Local\Temp\_MEI20722\api-ms-win-core-heap-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\_MEI20722\_elementtree.pyd
file C:\Users\test22\AppData\Local\Temp\_MEI20722\_queue.pyd
file C:\Users\test22\AppData\Local\Temp\_MEI20722\api-ms-win-crt-filesystem-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\_MEI20722\Crypto\Cipher\_raw_arc2.pyd
file C:\Users\test22\AppData\Local\Temp\_MEI20722\Crypto\Cipher\_ARC4.pyd
file C:\Users\test22\AppData\Local\Temp\_MEI20722\Crypto\Hash\_ghash_portable.pyd
file C:\Users\test22\AppData\Local\Temp\_MEI20722\api-ms-win-core-handle-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\_MEI20722\Crypto\Cipher\_raw_cast.pyd
file C:\Users\test22\AppData\Local\Temp\_MEI20722\Crypto\PublicKey\_ed25519.pyd
file C:\Users\test22\AppData\Local\Temp\_MEI20722\Crypto\Hash\_RIPEMD160.pyd
file C:\Users\test22\AppData\Local\Temp\_MEI20722\Crypto\Util\_cpuid_c.pyd
file C:\Users\test22\AppData\Local\Temp\_MEI20722\sqlite3.dll
file C:\Users\test22\AppData\Local\Temp\_MEI20722\Crypto\Cipher\_Salsa20.pyd
file C:\Users\test22\AppData\Local\Temp\_MEI20722\Crypto\Hash\_SHA256.pyd
file C:\Users\test22\AppData\Local\Temp\_MEI20722\api-ms-win-crt-locale-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\_MEI20722\Crypto\Protocol\_scrypt.pyd
file C:\Users\test22\AppData\Local\Temp\_MEI20722\Crypto\Cipher\_raw_ctr.pyd
file C:\Users\test22\AppData\Local\Temp\_MEI20722\Crypto\Hash\_BLAKE2b.pyd
file C:\Users\test22\AppData\Local\Temp\_MEI20722\api-ms-win-core-string-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\_MEI20722\api-ms-win-core-util-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\_MEI20722\api-ms-win-crt-string-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\_MEI20722\select.pyd
file C:\Users\test22\AppData\Local\Temp\_MEI20722\api-ms-win-crt-environment-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\_MEI20722\lib2to3\tests\data\README
file C:\Users\test22\AppData\Local\Temp\_MEI20722\Crypto\PublicKey\_ec_ws.pyd
file C:\Users\test22\AppData\Local\Temp\_MEI20722\unicodedata.pyd
file C:\Users\test22\AppData\Local\Temp\_MEI20722\lib2to3\Grammar.txt
file C:\Users\test22\AppData\Local\Temp\_MEI20722\api-ms-win-core-sysinfo-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\_MEI20722\lib2to3\PatternGrammar3.7.5.final.0.pickle
file C:\Users\test22\AppData\Local\Temp\_MEI20722\api-ms-win-crt-math-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\_MEI20722\pyexpat.pyd
file C:\Users\test22\AppData\Local\Temp\_MEI20722\api-ms-win-crt-stdio-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\_MEI20722\Crypto\PublicKey\_x25519.pyd
Lionic Riskware.Win32.LaZagne.1!c
MicroWorld-eScan Generic.Application.Lazagne.E.DE1A9F87
FireEye Generic.Application.Lazagne.E.DE1A9F87
McAfee Artemis!282DF7BCB720
Malwarebytes Generic.Malware/Suspicious
Alibaba HackTool:Win32/Almi_LaZagne.b
CrowdStrike win/malicious_confidence_100% (W)
Arcabit Generic.Application.Lazagne.E.DE1A9F87
Cyren W64/LaZagne.B.gen!Eldorado
Symantec Trojan.Gen.MBT
ESET-NOD32 Python/Riskware.LaZagne.J
APEX Malicious
Paloalto generic.ml
ClamAV Win.Trojan.Lazagne-6779429-0
Kaspersky HackTool.Win32.LaZagne.xi
BitDefender Generic.Application.Lazagne.E.DE1A9F87
Avast FileRepPup [PUP]
VIPRE Generic.Application.Lazagne.E.DE1A9F87
McAfee-GW-Edition Artemis
Emsisoft Generic.Application.Lazagne.E.DE1A9F87 (B)
Ikarus Trojan.Agent
Microsoft HackTool:Win32/LaZagne
ZoneAlarm not-a-virus:HEUR:PSWTool.Python.LaZagne.gen
GData Generic.Application.Lazagne.E.DE1A9F87
Google Detected
ALYac Generic.Application.Lazagne.E.DE1A9F87
MAX malware (ai score=86)
Cylance unsafe
TrendMicro-HouseCall TROJ_GEN.R002H07BO23
Tencent Win32.Hacktool.Lazagne.Pgil
MaxSecure Trojan.Malware.202002465.susgen
Fortinet Riskware/LaZagne
AVG FileRepPup [PUP]
Panda Trj/CI.A