Windows Analysis Report
6LYGpddoz7.exe

Overview

General Information

Sample name: 6LYGpddoz7.exe
renamed because original name is a hash value
Original sample name: f86b8eca7716e57077952d0654a10fef.exe
Analysis ID: 1580277
MD5: f86b8eca7716e57077952d0654a10fef
SHA1: cf40bd05d7aac4663fedd885594c72c434665174
SHA256: 238d000d4f72673584aa6e8e16e9808e288c295b5c4b82c2e088b5653e2903e2
Tags: exeuser-abuse_ch
Errors
  • No process behavior to analyse as no analysis process or sample was found
  • Corrupt sample or wrongly selected analyzer. Details: %1 is not a valid Win32 application.

Detection

Score: 48
Range: 0 - 100
Whitelisted: false
Confidence: 100%

Signatures

Multi AV Scanner detection for submitted file
PE file contains more sections than normal
PE file contains sections with non-standard names
PE file does not import any functions
PE file overlay found

Classification

AV Detection

barindex
Source: 6LYGpddoz7.exe Virustotal: Detection: 29% Perma Link
Source: 6LYGpddoz7.exe Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Source: 6LYGpddoz7.exe String found in binary or memory: http://.css
Source: 6LYGpddoz7.exe String found in binary or memory: http://.jpg
Source: 6LYGpddoz7.exe String found in binary or memory: http://html4/loose.dtd
Source: 6LYGpddoz7.exe String found in binary or memory: http://s3.amazonaws.com/doc/2006-03-01/
Source: 6LYGpddoz7.exe Static PE information: Number of sections : 12 > 10
Source: 6LYGpddoz7.exe Static PE information: No import functions for PE file found
Source: 6LYGpddoz7.exe Static PE information: Data appended to the last section found
Source: classification engine Classification label: mal48.winEXE@0/0@0/0
Source: 6LYGpddoz7.exe Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_8BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_2048BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: 6LYGpddoz7.exe Virustotal: Detection: 29%
Source: 6LYGpddoz7.exe String found in binary or memory: depgithub.com/docker/docker-credential-helpersv0.8.2h1:bX3YxiGzFP5sOXWc3bTPEXdEaZSeVMrFgOr3T+zrFAo=
Source: 6LYGpddoz7.exe String found in binary or memory: overflow:hidden;img src="http://addEventListenerresponsible for s.js"></script>
Source: 6LYGpddoz7.exe Static PE information: Virtual size of .text is bigger than: 0x100000
Source: 6LYGpddoz7.exe Static PE information: Image base 0x140000000 > 0x60000000
Source: 6LYGpddoz7.exe Static file information: File size 12568481 > 1048576
Source: 6LYGpddoz7.exe Static PE information: Raw size of .text is bigger than: 0x100000 < 0x974000
Source: 6LYGpddoz7.exe Static PE information: Raw size of .rdata is bigger than: 0x100000 < 0xb72c00
Source: 6LYGpddoz7.exe Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Source: 6LYGpddoz7.exe Static PE information: section name: .xdata
No contacted IP infos