Windows Analysis Report
Cypress.exe

Overview

General Information

Sample name: Cypress.exe
Analysis ID: 1560827
MD5: 4e1b2753b359a452106733e285af051e
SHA1: 0f07703e027c60598841a7bdd572a0f91304baa1
SHA256: d34be42c9bb4dc37ba52153597aad1af4593dce897e81df4c25027d6de7bc6de

Detection

Score: 1
Range: 0 - 100
Whitelisted: false
Confidence: 80%

Signatures

PE file contains more sections than normal
PE file contains sections with non-standard names
Program does not show much activity (idle)

Classification

Source: Cypress.exe Static PE information: certificate valid
Source: Cypress.exe Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
PE file contains more sections than normal
Source: Cypress.exe Static PE information: Number of sections : 15 > 10
Source: classification engine Classification label: clean1.winEXE@1/0@0/0
Source: C:\Users\user\Desktop\Cypress.exe Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers Jump to behavior
Source: C:\Users\user\Desktop\Cypress.exe Section loaded: ffmpeg.dll Jump to behavior
Source: C:\Users\user\Desktop\Cypress.exe Section loaded: dbghelp.dll Jump to behavior
Source: C:\Users\user\Desktop\Cypress.exe Section loaded: winmm.dll Jump to behavior
Source: C:\Users\user\Desktop\Cypress.exe Section loaded: iphlpapi.dll Jump to behavior
Source: C:\Users\user\Desktop\Cypress.exe Section loaded: userenv.dll Jump to behavior
Source: C:\Users\user\Desktop\Cypress.exe Section loaded: version.dll Jump to behavior
Source: C:\Users\user\Desktop\Cypress.exe Section loaded: dwrite.dll Jump to behavior
Source: C:\Users\user\Desktop\Cypress.exe Section loaded: secur32.dll Jump to behavior
Source: C:\Users\user\Desktop\Cypress.exe Section loaded: winhttp.dll Jump to behavior
Source: C:\Users\user\Desktop\Cypress.exe Section loaded: dhcpcsvc.dll Jump to behavior
Source: Cypress.exe Static PE information: certificate valid
Source: Cypress.exe Static PE information: More than 2943 > 100 exports found
Source: Cypress.exe Static PE information: Virtual size of .text is bigger than: 0x100000
Source: Cypress.exe Static PE information: Image base 0x140000000 > 0x60000000
Source: Cypress.exe Static file information: File size 173008176 > 1048576
Source: Cypress.exe Static PE information: Raw size of .text is bigger than: 0x100000 < 0x86f3a00
Source: Cypress.exe Static PE information: Raw size of .rdata is bigger than: 0x100000 < 0x17e0200
Source: Cypress.exe Static PE information: Raw size of .pdata is bigger than: 0x100000 < 0x442000
Source: Cypress.exe Static PE information: More than 200 imports for KERNEL32.dll
Source: Cypress.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: Cypress.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: Cypress.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: Cypress.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: Cypress.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: Cypress.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
Source: Cypress.exe Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
Source: Cypress.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: Cypress.exe Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: Cypress.exe Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: Cypress.exe Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: Cypress.exe Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: Cypress.exe Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
PE file contains sections with non-standard names
Source: Cypress.exe Static PE information: section name: .00cfg
Source: Cypress.exe Static PE information: section name: .gxfg
Source: Cypress.exe Static PE information: section name: .retplne
Source: Cypress.exe Static PE information: section name: .rodata
Source: Cypress.exe Static PE information: section name: CPADinfo
Source: Cypress.exe Static PE information: section name: LZMADEC
Source: Cypress.exe Static PE information: section name: _RDATA
Source: Cypress.exe Static PE information: section name: malloc_h
Program does not show much activity (idle)
Source: all processes Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected
Program does not show much activity (idle)
Source: all processes Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 process2 2 Behavior Graph ID: 1560827 Sample: Cypress.exe Startdate: 22/11/2024 Architecture: WINDOWS Score: 1 4 Cypress.exe 2->4         started       
No contacted IP infos