valkyrie logo
valkyrie logo
  • Download Threat Hunter Assessment Tool
DASHBOARD
  • Unknown File Hunter Scans
STATISTICS
SETTINGS
  • Summary
  • Static Analysis
  • Dynamic Analysis
  • Precise Detectors
  • Human Expert Analysis
  • File Details
Copy URL to
ClipboardExport Results
To PDFView Virus
Total ResultKill Chain
ReportSend To
Human Expert
AnalystObject to
Human Expert
Analysis Verdict
Malware
Xcitium Final Verdict
File Name:   LixoDestructive.exe
File Type:  PE32 executable (GUI) Intel 80386, for MS Windows
SHA1:   2add11e25d07dc9e154ae1be916c869804047146
MD5:   7d538a430eb4e0bfd7671b921a8b76a1
First Seen Date:  2023-05-02 13:15:25 ( 22 day(s) 15 hour(s) 21 minute(s) ago )
Number of Clients Seen:   4
Last Analysis Date:  2023-05-03 18:55:31 ( 21 day(s) 9 hour(s) 41 minute(s) ago )
Human Expert Analysis Date:  2023-05-03 18:54:37 ( 21 day(s) 9 hour(s) 42 minute(s) ago )
Human Expert Analysis Result:   Malware
Verdict Source:  Valkyrie Human Expert Analysis Overall Verdict

Analysis Summary

Analysis Type Date Verdict
Signature Based Detection 2023-05-03 18:55:31 Malware
Static Analysis Overall Verdict 2023-05-03 18:55:31 No Threat Found help
Precise Detectors Overall Verdict 2023-05-03 18:55:31 No Match help
Human Expert Analysis Overall Verdict 2023-05-03 18:54:37 Malware
File Certificate Validation2023-05-03 18:55:31Not Applicablehelp

Static Analysis

Static Analysis Overall Verdict Result
No Threat Found help
Detector Result
Optional Header LoaderFlags field is valued illegal Clean
Non-ascii or empty section names detected Clean
Illegal size of optional Header Clean
Packer detection on signature database Unknown help
Based on the sections entropy check! file is possibly packed Clean
Timestamp value suspicious Clean
Header Checksum is zero! Suspicious
Enrty point is outside the 1st(.code) section! Binary is possibly packed Clean
Optional Header NumberOfRvaAndSizes field is valued illegal Clean
Anti-vm present Clean
The Size Of Raw data is valued illegal! Binary might crash your disassembler/debugger Clean
TLS callback functions array detected Clean

Dynamic Analysis

No Dynamic Analysis Result Received

Dynamic Analysis Overall Verdict Result
Verdict Not Available help
Suspicious Behaviors

LixoDestructive.exe tried to connect to some addresses pinned on the map below (click pins for more details):

Behavioral Information is not Available

Precise Detectors Analysis Results

Detector Name Date Verdict Reason
Static Precise PUA Detector 1 2023-05-03 18:55:27 No Match help NotDetected
Static Precise PUA Detector 4 2023-05-03 18:55:27 No Match help NotDetected
Static Precise NI Detector 3 2023-05-03 18:55:27 No Match help NotDetected
Static Precise PUA Detector 5 2023-05-03 18:55:27 No Match help NotDetected
Static Precise Trojan Detector 1 2023-05-03 18:55:27 No Match help NotDetected
Static Precise Trojan Detector 3 2023-05-03 18:55:27 No Match help NotDetected
Static Precise PUA Detector 6 2023-05-03 18:55:27 No Match help NotDetected
Static Precise Trojan Detector 12 2023-05-03 18:55:27 No Match help NotDetected
Static Precise Virus Detector 1 2023-05-03 18:55:27 No Match help NotDetected
Static Precise Virus Detector 2 2023-05-03 18:55:27 No Match help NotDetected
Static Precise Trojan Detector 13 2023-05-03 18:55:27 No Match help NotDetected
Static Precise PUA Detector 2 2023-05-03 18:55:27 No Match help NotDetected

Advance Heuristics

No Advanced Heuristic Analysis Result Received

Detector Result

Human Expert Analysis Results

Analysis Start Date:  2023-05-02 14:36:26 ( Just Now )
Analysis End Date:  2023-05-03 18:54:37 ( 21 day(s) 9 hour(s) 42 minute(s) ago )
File Upload Date:  2023-05-02 13:14:41 ( 22 day(s) 15 hour(s) 22 minute(s) ago )
Update Date:  2023-05-03 18:54:37 ( 21 day(s) 9 hour(s) 42 minute(s) ago )
Human Expert Analyst Feedback:   -
Verdict:   Malware
Malware Family:  
Malware Type:   Trojan Generic

Additional File Information

Vendor Validation  -  Vendor Validation is not Applicable  

Certificate Validation  -  Certificate Validation is not Applicable  

PE Headers

Property Value
compilation time stamp0x64223EF1 [Tue Mar 28 01:12:17 2023 UTC]
debug artifacts
entry point0x407f6d (.text)
exifinfo
file size484352
file type enum6
imphash
machine typeIntel 386 or later - 32Bit
magic literal enum3
mime typeapplication/x-dosexec
number of sections6
sha2563a4ea5e72e50bcba550efa034818f35785076adb37af4c1cee9374fe9e013ec1
ssdeep
trid

File Paths

File Path on Client Seen Count
LixoDestructive.exe 1

PE Sections

Name Virtual Address Virtual Size Raw Size Entropy MD5
.text0x10000x489d00x48a006.63352370442dd7150650ce709ab2dc703342af33dc7
.rdata0x4a0000xf69c0xf8005.751834978837c186d4c6b5714ed3bf4f4f081dd4755
.data0x5a0000x1cf00xa002.465264763290fe90a099face26e50573e8f8f491640
.msvcjmc0x5c0000x160x2000.25574202007685bb7567c9540c02a36ab2534359c3af
.rsrc0x5d0000x1a4b80x1a6005.95991151638a4944c494e0465bf8a3bac0c21fd686c
.reloc0x780000x2b600x2c006.69701565351e0240d393546e7014d03aa140aacd7ef
Ā© Verdict Cloud, Xcitium, Inc. 2025. All rights reserved. v1.49.0-72-ENT
 
 
 
 
Loading...