Windows Analysis Report
J0YZ3B2MaR.exe

Overview

General Information

Sample name: J0YZ3B2MaR.exe
(renamed file extension from none to exe, renamed because original name is a hash value)
Original sample name: aacc7f8ef0641f3e4589e5ad51a7a4e4be2bbca507179b3de00d528e9b89802d
Analysis ID: 1520420
MD5: 6407f11a5a777273e3c84f7f2e601cfa
SHA1: 237818b28724b8eca6166bcb6b7c2dc1dee13abc
SHA256: aacc7f8ef0641f3e4589e5ad51a7a4e4be2bbca507179b3de00d528e9b89802d

Detection

Score: 48
Range: 0 - 100
Whitelisted: false
Confidence: 100%

Signatures

Icon mismatch, binary includes an icon from a different legit application in order to fool users
Enables debug privileges
Enables security privileges
Program does not show much activity (idle)
Uses 32bit PE files

Classification

Uses 32bit PE files
Source: J0YZ3B2MaR.exe Static PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI
Enables security privileges
Source: C:\Users\user\Desktop\J0YZ3B2MaR.exe Process token adjusted: Security Jump to behavior
Uses 32bit PE files
Source: J0YZ3B2MaR.exe Static PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI
Source: classification engine Classification label: mal48.winEXE@1/0@0/0
Source: C:\Users\user\Desktop\J0YZ3B2MaR.exe Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales Jump to behavior
Source: C:\Users\user\Desktop\J0YZ3B2MaR.exe Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers Jump to behavior
Source: C:\Users\user\Desktop\J0YZ3B2MaR.exe Section loaded: apphelp.dll Jump to behavior

Hooking and other Techniques for Hiding and Protection
barindex
Icon mismatch, binary includes an icon from a different legit application in order to fool users
Source: initial sample Icon embedded in binary file: icon matches a legit application icon: icon.png
Program does not show much activity (idle)
Source: all processes Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected
Source: C:\Users\user\Desktop\J0YZ3B2MaR.exe Process information queried: ProcessInformation Jump to behavior
Enables debug privileges
Source: C:\Users\user\Desktop\J0YZ3B2MaR.exe Process token adjusted: Debug Jump to behavior
Source: C:\Users\user\Desktop\J0YZ3B2MaR.exe Process token adjusted: Debug Jump to behavior
Program does not show much activity (idle)
Source: all processes Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 signatures2 2 Behavior Graph ID: 1520420 Sample: J0YZ3B2MaR Startdate: 27/09/2024 Architecture: WINDOWS Score: 48 7 Icon mismatch, binary includes an icon from a different legit application in order to fool users 2->7 5 J0YZ3B2MaR.exe 2->5         started        process3
No contacted IP infos