Windows Analysis Report
uIeBVL8I3D.exe

Overview

General Information

Sample name: uIeBVL8I3D.exe
renamed because original name is a hash value
Original sample name: de7d152b0dffe94074d139962725da642b9c63cd6913a6bccd1c152850241a32.exe
Analysis ID: 1540036
MD5: c5543a7f67dc9c4bcb1d2b4ccf528775
SHA1: 4bc60ebb62311ba40c7d45d03138bc4e41b1c8e4
SHA256: de7d152b0dffe94074d139962725da642b9c63cd6913a6bccd1c152850241a32
Tags: exeuser-NDA0E
Infos:
Errors
  • No process behavior to analyse as no analysis process or sample was found
  • Corrupt sample or wrongly selected analyzer. Details: %1 is not a valid Win32 application.

Detection

Go Injector
Score: 56
Range: 0 - 100
Whitelisted: false
Confidence: 100%

Signatures

Multi AV Scanner detection for submitted file
Yara detected Go Injector
PE file contains more sections than normal
PE file contains sections with non-standard names
PE file does not import any functions
PE file overlay found

Classification

AV Detection
barindex
Multi AV Scanner detection for submitted file
Source: uIeBVL8I3D.exe ReversingLabs: Detection: 33%
Source: uIeBVL8I3D.exe Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Source: uIeBVL8I3D.exe String found in binary or memory: http://github.com/garycourt/uri-js
Source: uIeBVL8I3D.exe String found in binary or memory: http://json-schema.org/draft-07/schema
Source: uIeBVL8I3D.exe String found in binary or memory: http://json-schema.org/draft-07/schema#
Source: uIeBVL8I3D.exe String found in binary or memory: http://json-schema.org/schema
Source: uIeBVL8I3D.exe String found in binary or memory: http://kubernetes.io/docs/user-guide/annotationsobservedGeneration
Source: uIeBVL8I3D.exe String found in binary or memory: http://kubernetes.io/docs/user-guide/identifiers#namesStatusDetails
Source: uIeBVL8I3D.exe String found in binary or memory: http://kubernetes.io/docs/user-guide/identifiers#uidsDeprecated:
Source: uIeBVL8I3D.exe String found in binary or memory: http://kubernetes.io/docs/user-guide/labelsExtended
Source: uIeBVL8I3D.exe String found in binary or memory: http://kubernetes.io/docs/user-guide/namespacesformat
Source: uIeBVL8I3D.exe String found in binary or memory: https://aws.amazon.com
Source: uIeBVL8I3D.exe String found in binary or memory: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-cont
Source: uIeBVL8I3D.exe String found in binary or memory: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotencySibli
Source: uIeBVL8I3D.exe String found in binary or memory: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadataThe
Source: uIeBVL8I3D.exe String found in binary or memory: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadatalimit
Source: uIeBVL8I3D.exe String found in binary or memory: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resourcesKind
Source: uIeBVL8I3D.exe String found in binary or memory: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kindsWhen
Source: uIeBVL8I3D.exe String found in binary or memory: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kindsresou
Source: uIeBVL8I3D.exe String found in binary or memory: https://github.com/OAI/OpenAPI-Specification/blob/master/versions/2.0.md#data-types
Source: uIeBVL8I3D.exe String found in binary or memory: https://github.com/aws/jsii
Source: uIeBVL8I3D.exe String found in binary or memory: https://github.com/aws/jsii.git
Source: uIeBVL8I3D.exe String found in binary or memory: https://github.com/aws/jsii/issues
Source: uIeBVL8I3D.exe String found in binary or memory: https://github.com/jprichardson/node-fs-extra/issues/269
Source: uIeBVL8I3D.exe String found in binary or memory: https://golang.org/pkg/unicode/#IsPrint.
Source: uIeBVL8I3D.exe String found in binary or memory: https://golang.org/pkg/unicode/#IsPrint.values
Source: uIeBVL8I3D.exe String found in binary or memory: https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions
Source: uIeBVL8I3D.exe String found in binary or memory: https://raw.githubusercontent.com/ajv-validator/ajv/master/lib/refs/data.json#
PE file contains more sections than normal
Source: uIeBVL8I3D.exe Static PE information: Number of sections : 12 > 10
PE file does not import any functions
Source: uIeBVL8I3D.exe Static PE information: No import functions for PE file found
PE file overlay found
Source: uIeBVL8I3D.exe Static PE information: Data appended to the last section found
Source: classification engine Classification label: mal56.troj.winEXE@0/0@0/0
Source: uIeBVL8I3D.exe Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_8BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_2048BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: uIeBVL8I3D.exe ReversingLabs: Detection: 33%
Source: uIeBVL8I3D.exe String found in binary or memory: net/addrselect.go
Source: uIeBVL8I3D.exe String found in binary or memory: github.com/saferwall/pe@v1.5.4/loadconfig.go
Source: uIeBVL8I3D.exe String found in binary or memory: github.com/aws/jsii-runtime-go@v1.101.0/internal/kernel/load.go
Source: uIeBVL8I3D.exe String found in binary or memory: x125xexwxw/load.go
Source: uIeBVL8I3D.exe Static PE information: Virtual size of .text is bigger than: 0x100000
Source: uIeBVL8I3D.exe Static PE information: Image base 0x140000000 > 0x60000000
Source: uIeBVL8I3D.exe Static file information: File size 15645215 > 1048576
Source: uIeBVL8I3D.exe Static PE information: Raw size of .text is bigger than: 0x100000 < 0x5d7a00
Source: uIeBVL8I3D.exe Static PE information: Raw size of .rdata is bigger than: 0x100000 < 0x9b9400
Source: uIeBVL8I3D.exe Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
PE file contains sections with non-standard names
Source: uIeBVL8I3D.exe Static PE information: section name: .xdata

Stealing of Sensitive Information
barindex
Yara detected Go Injector
Source: Yara match File source: uIeBVL8I3D.exe, type: SAMPLE

Remote Access Functionality
barindex
Yara detected Go Injector
Source: Yara match File source: uIeBVL8I3D.exe, type: SAMPLE

No Screenshots

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 signatures2 2 Behavior Graph ID: 1540036 Sample: uIeBVL8I3D.exe Startdate: 23/10/2024 Architecture: WINDOWS Score: 56 5 Multi AV Scanner detection for submitted file 2->5 7 Yara detected Go Injector 2->7
No contacted IP infos