Windows Analysis Report
file.exe

Overview

General Information

Sample name: file.exe
Analysis ID: 1564523
MD5: 2961d579aff299aafda14bc7a8f01b0a
SHA1: 7361e9796c29d64bf18c13aaf8327973c4f82770
SHA256: 7ebf0066616e81bca47efd73a8bea89018fb7e80592dfc6797e977572969e6c7
Tags: exeuser-Bitsight
Errors
  • No process behavior to analyse as no analysis process or sample was found
  • Corrupt sample or wrongly selected analyzer. Details: %1 is not a valid Win32 application.

Detection

Score: 23
Range: 0 - 100
Whitelisted: false
Confidence: 80%

Signatures

PE file contains section with special chars
Entry point lies outside standard sections
PE file contains an invalid checksum
PE file contains sections with non-standard names
PE file does not import any functions
PE file overlay found
Uses 32bit PE files

Classification

Uses 32bit PE files
Source: file.exe Static PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, DEBUG_STRIPPED

System Summary
barindex
PE file contains section with special chars
Source: file.exe Static PE information: section name:
Source: file.exe Static PE information: section name: .idata
Source: file.exe Static PE information: section name:
PE file does not import any functions
Source: file.exe Static PE information: No import functions for PE file found
PE file overlay found
Source: file.exe Static PE information: Data appended to the last section found
Uses 32bit PE files
Source: file.exe Static PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, DEBUG_STRIPPED
Source: classification engine Classification label: sus23.winEXE@0/0@0/0
Source: file.exe Static file information: File size 1736704 > 1048576
Source: file.exe Static PE information: Raw size of is bigger than: 0x100000 < 0x284400
Source: file.exe Static PE information: Raw size of pznwdzgm is bigger than: 0x100000 < 0x1aa000
Entry point lies outside standard sections
Source: initial sample Static PE information: section where entry point is pointing to: .taggant
PE file contains an invalid checksum
Source: file.exe Static PE information: real checksum: 0x43f2e7 should be: 0x1b7f56
PE file contains sections with non-standard names
Source: file.exe Static PE information: section name:
Source: file.exe Static PE information: section name: .idata
Source: file.exe Static PE information: section name:
Source: file.exe Static PE information: section name: pznwdzgm
Source: file.exe Static PE information: section name: cecnkkbv
Source: file.exe Static PE information: section name: .taggant
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 signatures2 2 Behavior Graph ID: 1564523 Sample: file.exe Startdate: 28/11/2024 Architecture: WINDOWS Score: 23 5 PE file contains section with special chars 2->5
No contacted IP infos