Windows Analysis Report
RpvGglrh4k.exe

Overview

General Information

Sample name: RpvGglrh4k.exe
renamed because original name is a hash value
Original sample name: edac6cb70d52f9a5c58beebcf34a9511.exe
Analysis ID: 1520448
MD5: edac6cb70d52f9a5c58beebcf34a9511
SHA1: 62509b9251761449b607ab11f92607f2265c8740
SHA256: 25bb197281a65228f25fa30d9eef985aceda86601ff97b6762d4c6eb31ddfee1
Tags: exeuser-abuse_ch
Errors
  • No process behavior to analyse as no analysis process or sample was found
  • Corrupt sample or wrongly selected analyzer. Details: %1 is not a valid Win32 application.

Detection

Score: 56
Range: 0 - 100
Whitelisted: false
Confidence: 100%

Signatures

Multi AV Scanner detection for submitted file
Machine Learning detection for sample
PE file contains section with special chars
Entry point lies outside standard sections
PE file contains an invalid checksum
PE file contains more sections than normal
PE file contains sections with non-standard names
PE file overlay found
Uses 32bit PE files

Classification

AV Detection
barindex
Multi AV Scanner detection for submitted file
Source: RpvGglrh4k.exe ReversingLabs: Detection: 18%
Machine Learning detection for sample
Source: RpvGglrh4k.exe Joe Sandbox ML: detected
Uses 32bit PE files
Source: RpvGglrh4k.exe Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
Source: RpvGglrh4k.exe Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

System Summary
barindex
PE file contains section with special chars
Source: RpvGglrh4k.exe Static PE information: section name: +)>dXW>1
Source: RpvGglrh4k.exe Static PE information: section name: mc*8RIf7
Source: RpvGglrh4k.exe Static PE information: section name: L3.OdY!4
Source: RpvGglrh4k.exe Static PE information: section name: i+B3fOPT
Source: RpvGglrh4k.exe Static PE information: section name: 4I?:%,\P
Source: RpvGglrh4k.exe Static PE information: section name: cJBEF:g3
Source: RpvGglrh4k.exe Static PE information: section name: .7t*mT^X
Source: RpvGglrh4k.exe Static PE information: section name: 7uwH9j'/
Source: RpvGglrh4k.exe Static PE information: section name: E5BeN"Ml
Source: RpvGglrh4k.exe Static PE information: section name: Ebpr4)Y?
PE file contains more sections than normal
Source: RpvGglrh4k.exe Static PE information: Number of sections : 11 > 10
PE file overlay found
Source: RpvGglrh4k.exe Static PE information: Data appended to the last section found
Uses 32bit PE files
Source: RpvGglrh4k.exe Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
Source: classification engine Classification label: mal56.winEXE@0/0@0/0
Source: RpvGglrh4k.exe ReversingLabs: Detection: 18%
Source: RpvGglrh4k.exe Static file information: File size 7073676 > 1048576
Source: RpvGglrh4k.exe Static PE information: Raw size of 9OOCQ21h is bigger than: 0x100000 < 0xa4b400
Source: RpvGglrh4k.exe Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Entry point lies outside standard sections
Source: initial sample Static PE information: section where entry point is pointing to: 9OOCQ21h
PE file contains an invalid checksum
Source: RpvGglrh4k.exe Static PE information: real checksum: 0x415912 should be: 0x6c09a3
PE file contains sections with non-standard names
Source: RpvGglrh4k.exe Static PE information: section name: +)>dXW>1
Source: RpvGglrh4k.exe Static PE information: section name: mc*8RIf7
Source: RpvGglrh4k.exe Static PE information: section name: L3.OdY!4
Source: RpvGglrh4k.exe Static PE information: section name: i+B3fOPT
Source: RpvGglrh4k.exe Static PE information: section name: 4I?:%,\P
Source: RpvGglrh4k.exe Static PE information: section name: cJBEF:g3
Source: RpvGglrh4k.exe Static PE information: section name: .7t*mT^X
Source: RpvGglrh4k.exe Static PE information: section name: 7uwH9j'/
Source: RpvGglrh4k.exe Static PE information: section name: 9OOCQ21h
Source: RpvGglrh4k.exe Static PE information: section name: E5BeN"Ml
Source: RpvGglrh4k.exe Static PE information: section name: Ebpr4)Y?
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 signatures2 2 Behavior Graph ID: 1520448 Sample: RpvGglrh4k.exe Startdate: 27/09/2024 Architecture: WINDOWS Score: 56 5 Multi AV Scanner detection for submitted file 2->5 7 Machine Learning detection for sample 2->7 9 PE file contains section with special chars 2->9
No contacted IP infos