Windows Analysis Report
x8t38OJR0w.exe

Overview

General Information

Sample name:	x8t38OJR0w.exe renamed because original name is a hash value
Original sample name:	3590fc2b2af22396835a9ae8f6363a3b.exe
Analysis ID:	1466595
MD5:	3590fc2b2af22396835a9ae8f6363a3b
SHA1:	c3770110eb8cccb2a2d6b149c09d56255f2abb3e
SHA256:	8826dd64ff068bb53dca4bde04b70ed9071b9ad348b7f6a03dc1d85b2dda3d6e
Tags:	exe

Errors No process behavior to analyse as no analysis process or sample was found Corrupt sample or wrongly selected analyzer. Details: %1 is not a valid Win32 application.

Detection

Score:	56
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Multi AV Scanner detection for submitted file

AI detected suspicious sample

Machine Learning detection for sample

PE file contains an invalid checksum

PE file overlay found

Uses 32bit PE files

Classification

Signatures

AV Detection

Multi AV Scanner detection for submitted file

Source: x8t38OJR0w.exe	Virustotal: Detection: 27%			Perma Link
Source: x8t38OJR0w.exe	ReversingLabs: Detection: 24%

AI detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 86.4% probability

Machine Learning detection for sample

Source: x8t38OJR0w.exe

Joe Sandbox ML: detected

Uses 32bit PE files

Source: x8t38OJR0w.exe

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE

PE file overlay found

Source: x8t38OJR0w.exe

Static PE information: Data appended to the last section found

Uses 32bit PE files

Source: x8t38OJR0w.exe

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: x8t38OJR0w.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: classification engine

Classification label: mal56.winEXE@0/0@0/0

Source: x8t38OJR0w.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: x8t38OJR0w.exe	Virustotal: Detection: 27%
Source: x8t38OJR0w.exe	ReversingLabs: Detection: 24%

PE file contains an invalid checksum

Source: x8t38OJR0w.exe

Static PE information: real checksum: 0x8d56f should be: 0x83e34

Source: x8t38OJR0w.exe

Static PE information: section name: .text entropy: 7.955174619444939

Screenshots

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Network Map

⊘No contacted IP infos

ID:	1466595
Product:	CloudBasic
Start time:	07:46:08
Start date:	03.07.2024
Sample:	x8t38OJR0w.exe
Cookbook:	default.jbs
System description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Architecture:	WINDOWS
MD5:	3590fc2b2af22396835a9ae8f6363a3b
SHA1:	c3770110eb8cccb2a2d6b149c09d56255f2abb3e
SHA256:	8826dd64ff068bb53dca4bde04b70ed9071b9ad348b7f6a03dc1d85b2dda3d6e
Filetype:	Win32 Executable (generic) a (10002005/4) 99.96%

Windows Analysis Report
x8t38OJR0w.exe

Overview

General Information

Detection

Signatures

Classification

Signatures

AV Detection

Compliance

System Summary

Data Obfuscation

Screenshots

Behavior Graph

Network Map

Windows Analysis Report x8t38OJR0w.exe

Overview

General Information

Detection

Signatures

Classification

Signatures

AV Detection

Compliance

System Summary

Data Obfuscation

Screenshots

Behavior Graph

Network Map

Windows Analysis Report
x8t38OJR0w.exe