Windows Analysis Report
file.exe

Overview

General Information

Sample name: file.exe
Analysis ID: 1541119
MD5: 1d76db2169a887b18bc32786243e0ef3
SHA1: 690386994eabc25ca09d3eb01344fd8c3d5842b8
SHA256: 901710ba6d7c30348ec2527caeb0d60b8847132c54e2829578418138971e2c24
Tags: exeuser-Bitsight
Errors
  • No process behavior to analyse as no analysis process or sample was found
  • Corrupt sample or wrongly selected analyzer. Details: %1 is not a valid Win32 application.

Detection

Score: 48
Range: 0 - 100
Whitelisted: false
Confidence: 100%

Signatures

Machine Learning detection for sample
PE file contains section with special chars
Entry point lies outside standard sections
PE file contains an invalid checksum
PE file contains sections with non-standard names
PE file overlay found
Uses 32bit PE files

Classification

AV Detection
barindex
Machine Learning detection for sample
Source: file.exe Joe Sandbox ML: detected
Uses 32bit PE files
Source: file.exe Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

System Summary
barindex
PE file contains section with special chars
Source: file.exe Static PE information: section name:
Source: file.exe Static PE information: section name: .rsrc
Source: file.exe Static PE information: section name: .idata
PE file overlay found
Source: file.exe Static PE information: Data appended to the last section found
Uses 32bit PE files
Source: file.exe Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
Source: file.exe Static PE information: Section: ZLIB complexity 0.9995229991749175
Source: classification engine Classification label: mal48.winEXE@0/0@0/0
Source: file.exe Static PE information: Raw size of tlyflxfh is bigger than: 0x100000 < 0x2a6a00
Entry point lies outside standard sections
Source: initial sample Static PE information: section where entry point is pointing to: .taggant
PE file contains an invalid checksum
Source: file.exe Static PE information: real checksum: 0x2d826a should be: 0xd08a8
PE file contains sections with non-standard names
Source: file.exe Static PE information: section name:
Source: file.exe Static PE information: section name: .rsrc
Source: file.exe Static PE information: section name: .idata
Source: file.exe Static PE information: section name: tlyflxfh
Source: file.exe Static PE information: section name: iplnhqea
Source: file.exe Static PE information: section name: .taggant
Source: file.exe Static PE information: section name: entropy: 7.9800275105669884
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 signatures2 2 Behavior Graph ID: 1541119 Sample: file.exe Startdate: 24/10/2024 Architecture: WINDOWS Score: 48 5 Machine Learning detection for sample 2->5 7 PE file contains section with special chars 2->7
No contacted IP infos