Windows Analysis Report
6xKJ0LSg59.exe

Overview

General Information

Sample name:	6xKJ0LSg59.exe renamed because original name is a hash value
Original sample name:	f69f2c50d131e5a64466f3c7fe189585.exe
Analysis ID:	1520444
MD5:	f69f2c50d131e5a64466f3c7fe189585
SHA1:	7acbc40843d1889361b88f2b229d75833ed20f09
SHA256:	93d5ecc283390e6f59a7ce4c8edcf575821ab46f77384f672827486118d8799a
Tags:	exeuser-abuse_ch

Errors No process behavior to analyse as no analysis process or sample was found Corrupt sample or wrongly selected analyzer. Details: %1 is not a valid Win32 application.

Detection

Score:	2
Range:	0 - 100
Whitelisted:	false
Confidence:	80%

Signatures

Binary contains a suspicious time stamp

PE file contains an invalid checksum

PE file does not import any functions

PE file overlay found

Uses 32bit PE files

Classification

Signatures

Uses 32bit PE files

Source: 6xKJ0LSg59.exe

Static PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE

Source: 6xKJ0LSg59.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

PE file does not import any functions

Source: 6xKJ0LSg59.exe

Static PE information: No import functions for PE file found

PE file overlay found

Source: 6xKJ0LSg59.exe

Static PE information: Data appended to the last section found

Uses 32bit PE files

Source: 6xKJ0LSg59.exe

Static PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE

Source: classification engine

Classification label: unknown2.winEXE@0/0@0/0

Source: 6xKJ0LSg59.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: 6xKJ0LSg59.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR

Source: 6xKJ0LSg59.exe

Static PE information: Virtual size of .text is bigger than: 0x100000

Source: 6xKJ0LSg59.exe	Static PE information: Raw size of .text is bigger than: 0x100000 < 0x40fa00
Source: 6xKJ0LSg59.exe	Static PE information: Raw size of .rsrc is bigger than: 0x100000 < 0x1dd400

Source: 6xKJ0LSg59.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Source: 6xKJ0LSg59.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG

Binary contains a suspicious time stamp

Source: 6xKJ0LSg59.exe

Static PE information: 0xE58650F3 [Thu Jan 10 06:30:11 2092 UTC]

PE file contains an invalid checksum

Source: 6xKJ0LSg59.exe

Static PE information: real checksum: 0x5fda51 should be: 0x64e65

Screenshots

Behavior Graph

No Behavior Graph

Network Map

⊘No contacted IP infos

ID:	1520444
Product:	CloudBasic
Start time:	11:10:39
Start date:	27.09.2024
Sample:	6xKJ0LSg59.exe
Cookbook:	default.jbs
System description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Architecture:	WINDOWS
MD5:	f69f2c50d131e5a64466f3c7fe189585
SHA1:	7acbc40843d1889361b88f2b229d75833ed20f09
SHA256:	93d5ecc283390e6f59a7ce4c8edcf575821ab46f77384f672827486118d8799a
Filetype:	Win32 Executable (generic) a (10002005/4) 99.94%

Windows Analysis Report
6xKJ0LSg59.exe

Overview

General Information

Detection

Signatures

Classification

Signatures

Compliance

System Summary

Data Obfuscation

Screenshots

Behavior Graph

Network Map

Windows Analysis Report 6xKJ0LSg59.exe

Overview

General Information

Detection

Signatures

Classification

Signatures

Compliance

System Summary

Data Obfuscation

Screenshots

Behavior Graph

Network Map

Windows Analysis Report
6xKJ0LSg59.exe