Windows Analysis Report
testvec.exe

Overview

General Information

Sample name: testvec.exe
Analysis ID: 1448272
MD5: 7e0c85852b2cd932626fcf284ca72978
SHA1: c8ccf6e20cde537f3da64aebd1f80b144a4c8e0a
SHA256: 9a977571296ae1548c32df94be75eec2a414798bee7064b0bf44859e886a0cfa
Tags: exe
Infos:

Detection

Score: 48
Range: 0 - 100
Whitelisted: false
Confidence: 100%

Signatures

Multi AV Scanner detection for submitted file
Detected potential crypto function
PE / OLE file has an invalid certificate
PE file contains sections with non-standard names
Program does not show much activity (idle)
Sample file is different than original file name gathered from version info
Uses code obfuscation techniques (call, push, ret)

Classification

AV Detection
barindex
Multi AV Scanner detection for submitted file
Source: testvec.exe Virustotal: Detection: 6% Perma Link
Source: testvec.exe Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT
Source: testvec.exe String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
Source: testvec.exe String found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDTimestampingCA.crt0
Source: testvec.exe String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0P
Source: testvec.exe String found in binary or memory: http://crl3.digicert.com/sha2-assured-ts.crl02
Source: testvec.exe String found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
Source: testvec.exe String found in binary or memory: http://crl4.digicert.com/sha2-assured-ts.crl0
Source: testvec.exe String found in binary or memory: http://ocsp.digicert.com0C
Source: testvec.exe String found in binary or memory: http://ocsp.digicert.com0O
Source: testvec.exe String found in binary or memory: https://www.digicert.com/CPS0
Detected potential crypto function
Source: C:\Users\user\Desktop\testvec.exe Code function: 0_2_00401000 0_2_00401000
Source: C:\Users\user\Desktop\testvec.exe Code function: 0_2_004024A0 0_2_004024A0
Source: C:\Users\user\Desktop\testvec.exe Code function: 0_2_00402A10 0_2_00402A10
Source: C:\Users\user\Desktop\testvec.exe Code function: 0_2_00402630 0_2_00402630
PE / OLE file has an invalid certificate
Source: testvec.exe Static PE information: invalid certificate
Sample file is different than original file name gathered from version info
Source: testvec.exe, 00000000.00000000.1323388326.0000000000407000.00000008.00000001.01000000.00000003.sdmp Binary or memory string: OriginalFilenameTEST.EXED vs testvec.exe
Source: testvec.exe, 00000000.00000002.1323821040.0000000000408000.00000008.00000001.01000000.00000003.sdmp Binary or memory string: OriginalFilenameTEST.EXED vs testvec.exe
Source: testvec.exe Binary or memory string: OriginalFilenameTEST.EXED vs testvec.exe
Source: classification engine Classification label: mal48.winEXE@1/0@0/0
Source: C:\Users\user\Desktop\testvec.exe File created: C:\Users\user\AppData\Local\Temp\loader.log Jump to behavior
Source: testvec.exe Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_8BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_2048BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Desktop\testvec.exe Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers Jump to behavior
Source: testvec.exe Virustotal: Detection: 6%
Source: C:\Users\user\Desktop\testvec.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Users\user\Desktop\testvec.exe Section loaded: shfolder.dll Jump to behavior
Source: C:\Users\user\Desktop\testvec.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Users\user\Desktop\testvec.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Users\user\Desktop\testvec.exe Section loaded: profapi.dll Jump to behavior
Source: testvec.exe Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT
PE file contains sections with non-standard names
Source: testvec.exe Static PE information: section name: .xdata
Uses code obfuscation techniques (call, push, ret)
Source: C:\Users\user\Desktop\testvec.exe Code function: 0_2_00407144 push rdi; retf 0_2_0040714F
Source: C:\Users\user\Desktop\testvec.exe Code function: 0_2_00407124 push rsi; retf 0_2_00407137
Source: C:\Users\user\Desktop\testvec.exe Code function: 0_2_00407164 push rbp; retf 0_2_00407177
Source: C:\Users\user\Desktop\testvec.exe Code function: 0_2_0040714C push rsi; retf 0_2_00407157
Source: C:\Users\user\Desktop\testvec.exe Code function: 0_2_0040712C push rsi; retf 0_2_00407137
Source: C:\Users\user\Desktop\testvec.exe Code function: 0_2_00407174 push rbp; retf 0_2_00407177
Source: C:\Users\user\Desktop\testvec.exe Code function: 0_2_0040713C push rbp; retf 0_2_0040713F
Source: C:\Users\user\Desktop\testvec.exe Code function: 0_2_0040711C push rsi; retf 0_2_00407127
Program does not show much activity (idle)
Source: all processes Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected
Source: testvec.exe, 00000000.00000002.1323850520.00000000006F4000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: C:\Users\user\Desktop\testvec.exe API call chain: ExitProcess graph end node
Source: C:\Users\user\Desktop\testvec.exe API call chain: ExitProcess graph end node
Source: C:\Users\user\Desktop\testvec.exe API call chain: ExitProcess graph end node
Program does not show much activity (idle)
Source: all processes Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected
Source: C:\Users\user\Desktop\testvec.exe Code function: 0_2_00402880 CreateFileA,GetLocalTime,GetDateFormatA,WriteFile,WriteFile,FlushFileBuffers,FlushFileBuffers,WriteFile,FlushFileBuffers,GetTimeFormatA,WriteFile,FlushFileBuffers, 0_2_00402880
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 signatures2 2 Behavior Graph ID: 1448272 Sample: testvec.exe Startdate: 28/05/2024 Architecture: WINDOWS Score: 48 7 Multi AV Scanner detection for submitted file 2->7 5 testvec.exe 1 2->5         started        process3
No contacted IP infos