Windows Analysis Report
HJCcgVRkHZ.exe

Overview

General Information

Sample name: HJCcgVRkHZ.exe
renamed because original name is a hash value
Original sample name: 7db72a0c07dd33483e85b4eb296a0aa4.exe
Analysis ID: 1520456
MD5: 7db72a0c07dd33483e85b4eb296a0aa4
SHA1: 8d005c76040ce74770fe66d6c664a3cd4055da30
SHA256: 6e4030c0c65c90c8e020030b6214a9bc2905be19e9d644d658f027064f067460
Tags: exeuser-abuse_ch
Infos:
Errors
  • No process behavior to analyse as no analysis process or sample was found
  • Corrupt sample or wrongly selected analyzer. Details: %1 is not a valid Win32 application.

Detection

Score: 64
Range: 0 - 100
Whitelisted: false
Confidence: 100%

Signatures

Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
AI detected suspicious sample
Machine Learning detection for sample
PE file contains an invalid checksum
PE file overlay found
Uses 32bit PE files
Yara signature match

Classification

AV Detection
barindex
Multi AV Scanner detection for submitted file
Source: HJCcgVRkHZ.exe ReversingLabs: Detection: 23%
AI detected suspicious sample
Source: Submited Sample Integrated Neural Analysis Model: Matched 91.6% probability
Machine Learning detection for sample
Source: HJCcgVRkHZ.exe Joe Sandbox ML: detected
Uses 32bit PE files
Source: HJCcgVRkHZ.exe Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE

System Summary
barindex
Malicious sample detected (through community Yara rule)
Source: HJCcgVRkHZ.exe, type: SAMPLE Matched rule: Detects RedLine infostealer Author: ditekSHen
PE file overlay found
Source: HJCcgVRkHZ.exe Static PE information: Data appended to the last section found
Uses 32bit PE files
Source: HJCcgVRkHZ.exe Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
Yara signature match
Source: HJCcgVRkHZ.exe, type: SAMPLE Matched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
Source: classification engine Classification label: mal64.winEXE@0/0@0/0
Source: HJCcgVRkHZ.exe Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: HJCcgVRkHZ.exe ReversingLabs: Detection: 23%
Source: HJCcgVRkHZ.exe Static file information: File size 1676519 > 1048576
Source: HJCcgVRkHZ.exe Static PE information: Raw size of .rsrc is bigger than: 0x100000 < 0x5f7600
Source: HJCcgVRkHZ.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
PE file contains an invalid checksum
Source: HJCcgVRkHZ.exe Static PE information: real checksum: 0x23bfb should be: 0x1a6106

No Screenshots

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 signatures2 2 Behavior Graph ID: 1520456 Sample: HJCcgVRkHZ.exe Startdate: 27/09/2024 Architecture: WINDOWS Score: 64 5 Malicious sample detected (through community Yara rule) 2->5 7 Multi AV Scanner detection for submitted file 2->7 9 Machine Learning detection for sample 2->9 11 AI detected suspicious sample 2->11
No contacted IP infos