Windows Analysis Report
jR2YVB04Il.exe

Overview

General Information

Sample name: jR2YVB04Il.exe
renamed because original name is a hash value
Original sample name: a4f028dc67f788d1bdf3657a6943d270.exe
Analysis ID: 1466599
MD5: a4f028dc67f788d1bdf3657a6943d270
SHA1: 6aec2e03d232f6499e80ac6f3a146ab865afdbb2
SHA256: a79add0bedad932a1f6a584c5e340fa85ba36f374840a67b4dc35b98cad3a6fe
Tags: exe
Errors
  • No process behavior to analyse as no analysis process or sample was found
  • Corrupt sample or wrongly selected analyzer. Details: %1 is not a valid Win32 application.

Detection

Score: 52
Range: 0 - 100
Whitelisted: false
Confidence: 100%

Signatures

Multi AV Scanner detection for submitted file
Machine Learning detection for sample
PE file contains an invalid checksum
PE file overlay found
Uses 32bit PE files

Classification

AV Detection
barindex
Multi AV Scanner detection for submitted file
Source: jR2YVB04Il.exe ReversingLabs: Detection: 33%
Source: jR2YVB04Il.exe Virustotal: Detection: 28% Perma Link
Machine Learning detection for sample
Source: jR2YVB04Il.exe Joe Sandbox ML: detected
Uses 32bit PE files
Source: jR2YVB04Il.exe Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE
PE file overlay found
Source: jR2YVB04Il.exe Static PE information: Data appended to the last section found
Uses 32bit PE files
Source: jR2YVB04Il.exe Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE
Source: jR2YVB04Il.exe Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: classification engine Classification label: mal52.winEXE@0/0@0/0
Source: jR2YVB04Il.exe Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: jR2YVB04Il.exe ReversingLabs: Detection: 33%
Source: jR2YVB04Il.exe Virustotal: Detection: 28%
PE file contains an invalid checksum
Source: jR2YVB04Il.exe Static PE information: real checksum: 0x3a331 should be: 0x31dff
Source: jR2YVB04Il.exe Static PE information: section name: .text entropy: 7.5023872958235875
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 signatures2 2 Behavior Graph ID: 1466599 Sample: jR2YVB04Il.exe Startdate: 03/07/2024 Architecture: WINDOWS Score: 52 5 Multi AV Scanner detection for submitted file 2->5 7 Machine Learning detection for sample 2->7
No contacted IP infos