Windows Analysis Report
SecuriteInfo.com.FileRepMalware.22987.14479.exe

Overview

General Information

Sample name: SecuriteInfo.com.FileRepMalware.22987.14479.exe
Analysis ID: 1446238
MD5: ba7172aeb8733ece22e8fd2949f087cd
SHA1: 80c581968051ee7cc5e8ad85ea3796d7148c778a
SHA256: 4185ac3a6b7f4aa9735db869e291d06b2df3c8d59ee47e496f538013170fd830
Tags: exe
Errors
  • No process behavior to analyse as no analysis process or sample was found
  • Corrupt sample or wrongly selected analyzer. Details: %1 is not a valid Win32 application.

Detection

Score: 48
Range: 0 - 100
Whitelisted: false
Confidence: 100%

Signatures

Multi AV Scanner detection for submitted file
PE file contains an invalid checksum
PE file contains sections with non-standard names
PE file does not import any functions
PE file overlay found
Uses 32bit PE files

Classification

AV Detection
barindex
Multi AV Scanner detection for submitted file
Source: SecuriteInfo.com.FileRepMalware.22987.14479.exe ReversingLabs: Detection: 13%
Uses 32bit PE files
Source: SecuriteInfo.com.FileRepMalware.22987.14479.exe Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE, REMOVABLE_RUN_FROM_SWAP, NET_RUN_FROM_SWAP
Source: SecuriteInfo.com.FileRepMalware.22987.14479.exe Static PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
PE file does not import any functions
Source: SecuriteInfo.com.FileRepMalware.22987.14479.exe Static PE information: No import functions for PE file found
PE file overlay found
Source: SecuriteInfo.com.FileRepMalware.22987.14479.exe Static PE information: Data appended to the last section found
Uses 32bit PE files
Source: SecuriteInfo.com.FileRepMalware.22987.14479.exe Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE, REMOVABLE_RUN_FROM_SWAP, NET_RUN_FROM_SWAP
Source: classification engine Classification label: mal48.winEXE@0/0@0/0
Source: SecuriteInfo.com.FileRepMalware.22987.14479.exe Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: SecuriteInfo.com.FileRepMalware.22987.14479.exe ReversingLabs: Detection: 13%
Source: SecuriteInfo.com.FileRepMalware.22987.14479.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: SecuriteInfo.com.FileRepMalware.22987.14479.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: SecuriteInfo.com.FileRepMalware.22987.14479.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: SecuriteInfo.com.FileRepMalware.22987.14479.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: SecuriteInfo.com.FileRepMalware.22987.14479.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: SecuriteInfo.com.FileRepMalware.22987.14479.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
Source: SecuriteInfo.com.FileRepMalware.22987.14479.exe Static PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Source: SecuriteInfo.com.FileRepMalware.22987.14479.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
PE file contains an invalid checksum
Source: SecuriteInfo.com.FileRepMalware.22987.14479.exe Static PE information: real checksum: 0x7becb should be: 0xa88c
PE file contains sections with non-standard names
Source: SecuriteInfo.com.FileRepMalware.22987.14479.exe Static PE information: section name: .wixburn
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 signatures2 2 Behavior Graph ID: 1446238 Sample: SecuriteInfo.com.FileRepMal... Startdate: 23/05/2024 Architecture: WINDOWS Score: 48 5 Multi AV Scanner detection for submitted file 2->5
No contacted IP infos