Windows Analysis Report
file.exe

Overview

General Information

Sample name: file.exe
Analysis ID: 1546672
MD5: 18a6eeff6bf4ea2f97a9c877c08a2b73
SHA1: 5d23317e75a30fed2e759190a95d9f4e8a511389
SHA256: f238b5be6548b4021a4d9f98d02d582d678494b79df5be721a699425932adce2
Tags: exeuser-Bitsight
Errors
  • No process behavior to analyse as no analysis process or sample was found
  • Corrupt sample or wrongly selected analyzer. Details: %1 is not a valid Win32 application.

Detection

Score: 52
Range: 0 - 100
Whitelisted: false
Confidence: 100%

Signatures

AI detected suspicious sample
Machine Learning detection for sample
PE file contains section with special chars
Entry point lies outside standard sections
PE file contains an invalid checksum
PE file contains sections with non-standard names
PE file overlay found
Uses 32bit PE files

Classification

AV Detection
barindex
AI detected suspicious sample
Source: Submited Sample Integrated Neural Analysis Model: Matched 81.5% probability
Machine Learning detection for sample
Source: file.exe Joe Sandbox ML: detected
Uses 32bit PE files
Source: file.exe Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

System Summary
barindex
PE file contains section with special chars
Source: file.exe Static PE information: section name:
Source: file.exe Static PE information: section name: .idata
Source: file.exe Static PE information: section name:
PE file overlay found
Source: file.exe Static PE information: Data appended to the last section found
Uses 32bit PE files
Source: file.exe Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
Source: file.exe Static PE information: Section: ZLIB complexity 0.9972592387602179
Source: file.exe Static PE information: Section: kxpzlyin ZLIB complexity 0.9954340132860323
Source: classification engine Classification label: mal52.winEXE@0/0@0/0
Source: file.exe Static file information: File size 1114112 > 1048576
Source: file.exe Static PE information: Raw size of kxpzlyin is bigger than: 0x100000 < 0x1a6600
Entry point lies outside standard sections
Source: initial sample Static PE information: section where entry point is pointing to: .taggant
PE file contains an invalid checksum
Source: file.exe Static PE information: real checksum: 0x1e43c5 should be: 0x11ba72
PE file contains sections with non-standard names
Source: file.exe Static PE information: section name:
Source: file.exe Static PE information: section name: .idata
Source: file.exe Static PE information: section name:
Source: file.exe Static PE information: section name: kxpzlyin
Source: file.exe Static PE information: section name: ryespbnx
Source: file.exe Static PE information: section name: .taggant
Source: file.exe Static PE information: section name: entropy: 7.983210433279274
Source: file.exe Static PE information: section name: kxpzlyin entropy: 7.933892751074306
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 signatures2 2 Behavior Graph ID: 1546672 Sample: file.exe Startdate: 01/11/2024 Architecture: WINDOWS Score: 52 5 Machine Learning detection for sample 2->5 7 PE file contains section with special chars 2->7 9 AI detected suspicious sample 2->9
No contacted IP infos