Windows Analysis Report
eEC2TBvZ2V.exe

Overview

General Information

Sample name: eEC2TBvZ2V.exe
renamed because original name is a hash value
Original sample name: 7599ea7a23c0b0d9ecb7c895e9f8cfdb.exe
Analysis ID: 1580272
MD5: 7599ea7a23c0b0d9ecb7c895e9f8cfdb
SHA1: ebc13af0137dd53f8275ff41990ae86fc32a0b10
SHA256: 4036ab3fa5a19cdc1064ad55047dd766ea21cb1ffd4f1e4fa037eb29fa813fb2
Tags: exeuser-abuse_ch
Errors
  • No process behavior to analyse as no analysis process or sample was found
  • Corrupt sample or wrongly selected analyzer. Details: %1 is not a valid Win32 application.

Detection

Score: 56
Range: 0 - 100
Whitelisted: false
Confidence: 100%

Signatures

Antivirus detection for URL or domain
Multi AV Scanner detection for submitted file
PE file contains an invalid checksum
PE file contains sections with non-standard names
PE file does not import any functions
PE file overlay found
Uses 32bit PE files

Classification

AV Detection

barindex
Source: http://home.sevkk17sr.top/IYhWwFtYdnqYbODzcCzq17 Avira URL Cloud: Label: malware
Source: eEC2TBvZ2V.exe Virustotal: Detection: 25% Perma Link
Source: eEC2TBvZ2V.exe Binary or memory string: -----BEGIN PUBLIC KEY----- memstr_f99ddaa9-d
Source: eEC2TBvZ2V.exe Static PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, DEBUG_STRIPPED
Source: eEC2TBvZ2V.exe Static PE information: DYNAMIC_BASE, NX_COMPAT
Source: eEC2TBvZ2V.exe String found in binary or memory: http://home.sevkk17sr.top/IYhWwFtYdnqYbODzcCzq17
Source: eEC2TBvZ2V.exe String found in binary or memory: https://ace-snapper-privately.ngrok-free.app/test/test
Source: eEC2TBvZ2V.exe String found in binary or memory: https://ace-snapper-privately.ngrok-free.app/test/testFailed
Source: eEC2TBvZ2V.exe String found in binary or memory: https://curl.se/docs/alt-svc.html
Source: eEC2TBvZ2V.exe String found in binary or memory: https://curl.se/docs/hsts.html
Source: eEC2TBvZ2V.exe String found in binary or memory: https://curl.se/docs/http-cookies.html
Source: eEC2TBvZ2V.exe Static PE information: No import functions for PE file found
Source: eEC2TBvZ2V.exe Static PE information: Data appended to the last section found
Source: eEC2TBvZ2V.exe Static PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, DEBUG_STRIPPED
Source: eEC2TBvZ2V.exe Binary string: Kntdll.dllNtCreateFileNtDeviceIoControlFileNtCancelIoFileEx\Device\Afd
Source: classification engine Classification label: mal56.winEXE@0/0@0/0
Source: eEC2TBvZ2V.exe Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: eEC2TBvZ2V.exe Virustotal: Detection: 25%
Source: eEC2TBvZ2V.exe String found in binary or memory: iphlpapi.dllif_nametoindexkernel32LoadLibraryExA\/AddDllDirectorysystem_win32.c@
Source: eEC2TBvZ2V.exe String found in binary or memory: in-addr.arpa
Source: eEC2TBvZ2V.exe String found in binary or memory: "L0123456789abcdefin-addr.arpaip6.arpa
Source: eEC2TBvZ2V.exe String found in binary or memory: Unable to complete request for channel-process-startup
Source: eEC2TBvZ2V.exe String found in binary or memory: 4M[\Unable to allocate space for channel dataFailed allocating memory for channel type nameUnable to allocate temporary space for packetWould block sending channel-open requestUnable to send channel-open requestWould blockUnexpected errorUnexpected packet sizeChannel open failure (administratively prohibited)Channel open failure (connect failed)Channel open failure (unknown channel type)Channel open failure (resource shortage)Channel open failureUnable to allocate memory for setenv packetcancel-tcpip-forwardWould block sending forward requestUnable to send global-request packet for forward listen requestauth-agent-req@openssh.comauth-agent-reqcdChannel can not be reusedUnable to allocate memory for channel-process requestWould block sending channel requestUnable to send channel requestFailed waiting for channel successUnable to complete request for channel-process-startupUnexpected packet lengthUnable to allocate memory for signal nameWould block sending window adjustUnable to send transfer-window adjustment packet, deferringtransport readwould blockWe have already closed this channelEOF has already been received, data might be ignoredFailure while draining incoming flowUnable to send channel dataUnable to send EOF, but closing channel anywayWould block sending close-channelUnable to send close-channel request, but closing anywaysessionchannel.cUnable to allocate memory for direct-tcpip connectiondirect-tcpipUnable to allocate memory for direct-streamlocal connectiondirect-streamlocal@openssh.comQR0.0.0.0tcpip-forwardWould block sending global-request packet for forward listen requestUnknownUnable to allocate memory for listener queueUnable to complete request for forward-listenWould block waiting for packetChannel not foundcdenvWould block sending setenv requestUnable to send channel-request packet for setenv requestFailed getting response for channel-setenvUnable to complete request for channel-setenvcdWould block sending auth-agent requestUnable to send auth-agent requestFailed to request auth-agentUnable to complete request for auth-agentcdterm + mode lengths too largepty-reqWould block sending pty requestUnable to send pty-request packetFailed to require the PTY packageUnable to complete request for channel request-ptywindow-changeWould block sending window-change requestUnable to send window-change packetcdUnable to allocate memory for pty-requestx11-reqMIT-MAGIC-COOKIE-1Unable to get random bytes for x11-req cookie%02XWould block sending X11-req packetUnable to send x11-req packetwaiting for x11-req response packetUnable to complete request for channel x11-reqWould block sending EOFUnable to send EOF on channelReceiving channel window has been exhausted_libssh2_transport_read() bailed out!libssh2_channel_wait_closed() invoked when channel is not in EOF stateUnable to allocate memory for signal requestsignalWould block sending signal requestUnable to send signal packetecdsa-sha2-nistp256ecdsa-sha2-nistp384ecdsa-sha2-nistp521blocksize <= siz
Source: eEC2TBvZ2V.exe String found in binary or memory: id-cmc-addExtensions
Source: eEC2TBvZ2V.exe String found in binary or memory: set-addPolicy
Source: eEC2TBvZ2V.exe Static PE information: Virtual size of .text is bigger than: 0x100000
Source: eEC2TBvZ2V.exe Static file information: File size 6698156 > 1048576
Source: eEC2TBvZ2V.exe Static PE information: Raw size of .text is bigger than: 0x100000 < 0x440800
Source: eEC2TBvZ2V.exe Static PE information: Raw size of .data is bigger than: 0x100000 < 0x172c00
Source: eEC2TBvZ2V.exe Static PE information: Raw size of .rdata is bigger than: 0x100000 < 0x146a00
Source: eEC2TBvZ2V.exe Static PE information: DYNAMIC_BASE, NX_COMPAT
Source: eEC2TBvZ2V.exe Static PE information: real checksum: 0x73e7ac should be: 0x670ca9
Source: eEC2TBvZ2V.exe Static PE information: section name: .eh_fram
No contacted IP infos