Windows Analysis Report
1730032627852fc8a06221f40c551be41982954cbe5c8bc44bb4e58a21d3720d9073067c55723.dat-decoded.exe

Overview

General Information

Sample name: 1730032627852fc8a06221f40c551be41982954cbe5c8bc44bb4e58a21d3720d9073067c55723.dat-decoded.exe
Analysis ID: 1543226
MD5: ab839e472898ae0609df69368edd3064
SHA1: 5741a10c6a9c2ac19804b1a07c5fa81f61c6acc2
SHA256: 5f217cb46756c66b360ab5be516405157039b6e365baff78ea383b0648c8ea1d
Tags: base64-decodedexeuser-abuse_ch
Errors
  • No process behavior to analyse as no analysis process or sample was found
  • Corrupt sample or wrongly selected analyzer. Details: %1 is not a valid Win32 application.

Detection

Score: 22
Range: 0 - 100
Whitelisted: false
Confidence: 80%

Signatures

Machine Learning detection for sample
Binary contains a suspicious time stamp
PE file does not import any functions
Sample file is different than original file name gathered from version info
Uses 32bit PE files

Classification

AV Detection
barindex
Machine Learning detection for sample
Source: 1730032627852fc8a06221f40c551be41982954cbe5c8bc44bb4e58a21d3720d9073067c55723.dat-decoded.exe Joe Sandbox ML: detected
Uses 32bit PE files
Source: 1730032627852fc8a06221f40c551be41982954cbe5c8bc44bb4e58a21d3720d9073067c55723.dat-decoded.exe Static PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
Source: 1730032627852fc8a06221f40c551be41982954cbe5c8bc44bb4e58a21d3720d9073067c55723.dat-decoded.exe Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
PE file does not import any functions
Source: 1730032627852fc8a06221f40c551be41982954cbe5c8bc44bb4e58a21d3720d9073067c55723.dat-decoded.exe Static PE information: No import functions for PE file found
Sample file is different than original file name gathered from version info
Source: 1730032627852fc8a06221f40c551be41982954cbe5c8bc44bb4e58a21d3720d9073067c55723.dat-decoded.exe Binary or memory string: OriginalFilenameGorings.exe" vs 1730032627852fc8a06221f40c551be41982954cbe5c8bc44bb4e58a21d3720d9073067c55723.dat-decoded.exe
Uses 32bit PE files
Source: 1730032627852fc8a06221f40c551be41982954cbe5c8bc44bb4e58a21d3720d9073067c55723.dat-decoded.exe Static PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
Source: classification engine Classification label: sus22.winEXE@0/0@0/0
Source: 1730032627852fc8a06221f40c551be41982954cbe5c8bc44bb4e58a21d3720d9073067c55723.dat-decoded.exe Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: 1730032627852fc8a06221f40c551be41982954cbe5c8bc44bb4e58a21d3720d9073067c55723.dat-decoded.exe Static file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.83%
Source: 1730032627852fc8a06221f40c551be41982954cbe5c8bc44bb4e58a21d3720d9073067c55723.dat-decoded.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
Source: 1730032627852fc8a06221f40c551be41982954cbe5c8bc44bb4e58a21d3720d9073067c55723.dat-decoded.exe Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Binary contains a suspicious time stamp
Source: 1730032627852fc8a06221f40c551be41982954cbe5c8bc44bb4e58a21d3720d9073067c55723.dat-decoded.exe Static PE information: 0x9A02ABE7 [Fri Nov 17 20:39:03 2051 UTC]
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 signatures2 2 Behavior Graph ID: 1543226 Sample: 1730032627852fc8a06221f40c5... Startdate: 27/10/2024 Architecture: WINDOWS Score: 22 5 Machine Learning detection for sample 2->5
No contacted IP infos