Windows Analysis Report
EahLhB4Bby.exe

Overview

General Information

Sample name: EahLhB4Bby.exe
renamed because original name is a hash value
Original sample name: 45e98efac77f098fdbd0608f80fb3be38c2d17140b66b495db00f44a735cf846.bin.exe
Analysis ID: 1447789
MD5: ab5f8b9b988541922b36632eb29b262b
SHA1: 6d8b74b13695a73e5fbd3305ff485d7eee9a15d2
SHA256: 45e98efac77f098fdbd0608f80fb3be38c2d17140b66b495db00f44a735cf846
Tags: exeprg

Detection

Score: 60
Range: 0 - 100
Whitelisted: false
Confidence: 100%

Signatures

Antivirus / Scanner detection for submitted sample
Multi AV Scanner detection for submitted file
Machine Learning detection for sample
Detected potential crypto function
Entry point lies outside standard sections
PE file contains sections with non-standard names
PE file does not import any functions
Program does not show much activity (idle)
Uses 32bit PE files

Classification

AV Detection
barindex
Antivirus / Scanner detection for submitted sample
Source: EahLhB4Bby.exe Avira: detected
Multi AV Scanner detection for submitted file
Source: EahLhB4Bby.exe ReversingLabs: Detection: 79%
Source: EahLhB4Bby.exe Virustotal: Detection: 78% Perma Link
Machine Learning detection for sample
Source: EahLhB4Bby.exe Joe Sandbox ML: detected
Uses 32bit PE files
Source: EahLhB4Bby.exe Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
Detected potential crypto function
Source: C:\Users\user\Desktop\EahLhB4Bby.exe Code function: 0_2_00409713 0_2_00409713
PE file does not import any functions
Source: EahLhB4Bby.exe Static PE information: No import functions for PE file found
Uses 32bit PE files
Source: EahLhB4Bby.exe Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
Source: classification engine Classification label: mal60.winEXE@1/0@0/0
Source: C:\Users\user\Desktop\EahLhB4Bby.exe Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers Jump to behavior
Source: EahLhB4Bby.exe ReversingLabs: Detection: 79%
Source: EahLhB4Bby.exe Virustotal: Detection: 78%
Source: C:\Users\user\Desktop\EahLhB4Bby.exe Section loaded: apphelp.dll Jump to behavior
Entry point lies outside standard sections
Source: initial sample Static PE information: section where entry point is pointing to: .izejcl
PE file contains sections with non-standard names
Source: EahLhB4Bby.exe Static PE information: section name: .izejcl
Source: EahLhB4Bby.exe Static PE information: section name: .xipar
Source: EahLhB4Bby.exe Static PE information: section name: .vspmd
Program does not show much activity (idle)
Source: all processes Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected
Program does not show much activity (idle)
Source: all processes Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 signatures2 2 Behavior Graph ID: 1447789 Sample: EahLhB4Bby.exe Startdate: 27/05/2024 Architecture: WINDOWS Score: 60 7 Antivirus / Scanner detection for submitted sample 2->7 9 Multi AV Scanner detection for submitted file 2->9 11 Machine Learning detection for sample 2->11 5 EahLhB4Bby.exe 2->5         started        process3
No contacted IP infos