Windows Analysis Report
z91dxf____.exe

Overview

General Information

Sample name: z91dxf____.exe
Analysis ID: 1539809
MD5: ce91ddd3b01ce4da36e7d76d977b8cc5
SHA1: 41cb5cb1cdff5995509bf54baadc55be35d2034d
SHA256: 6e70a3c4a3eb318f8489bfebc6b9ce2a0e83a6eb72446eb8a46db6dff5a06581
Tags: exeuser-Porcupine

Detection

Score: 1
Range: 0 - 100
Whitelisted: false
Confidence: 80%

Signatures

Program does not show much activity (idle)
Sample file is different than original file name gathered from version info
Uses 32bit PE files

Classification

Uses 32bit PE files
Source: z91dxf____.exe Static PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
Source: Binary string: D:\DXF2SAR\Debug\NKtest.pdb source: z91dxf____.exe
Sample file is different than original file name gathered from version info
Source: z91dxf____.exe, 00000000.00000002.2940103676.0000000000419000.00000002.00000001.01000000.00000003.sdmp Binary or memory string: OriginalFilenameNKtest.EXE vs z91dxf____.exe
Source: z91dxf____.exe Binary or memory string: OriginalFilenameNKtest.EXE vs z91dxf____.exe
Uses 32bit PE files
Source: z91dxf____.exe Static PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
Source: classification engine Classification label: clean1.winEXE@1/0@0/0
Source: z91dxf____.exe Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Desktop\z91dxf____.exe Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers Jump to behavior
Source: C:\Users\user\Desktop\z91dxf____.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Users\user\Desktop\z91dxf____.exe Section loaded: mfc42d.dll Jump to behavior
Source: C:\Users\user\Desktop\z91dxf____.exe Section loaded: msvcrtd.dll Jump to behavior
Source: C:\Users\user\Desktop\z91dxf____.exe Section loaded: mfco42d.dll Jump to behavior
Source: z91dxf____.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: Binary string: D:\DXF2SAR\Debug\NKtest.pdb source: z91dxf____.exe
Program does not show much activity (idle)
Source: all processes Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected
Program does not show much activity (idle)
Source: all processes Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 process2 2 Behavior Graph ID: 1539809 Sample: z91dxf____.exe Startdate: 23/10/2024 Architecture: WINDOWS Score: 1 4 z91dxf____.exe 2->4         started       
No contacted IP infos