Windows Analysis Report
aXWgSX54zl.exe

Overview

General Information

Sample name: aXWgSX54zl.exe
renamed because original name is a hash value
Original sample name: 316d3de3de2e98b7bb3ea3e5e660fdd2.exe
Analysis ID: 1520607
MD5: 316d3de3de2e98b7bb3ea3e5e660fdd2
SHA1: 39fabb0742cc0dff7fe132713281eb5a7d2737df
SHA256: aab8ba08934dd9a6138e1940e5f34880989cccd2bdf98d8ad11d0be5791f6d1c
Tags: exeuser-abuse_ch
Errors
  • No process behavior to analyse as no analysis process or sample was found
  • Corrupt sample or wrongly selected analyzer. Details: %1 is not a valid Win32 application.

Detection

Score: 2
Range: 0 - 100
Whitelisted: false
Confidence: 80%

Signatures

PE file contains sections with non-standard names
PE file does not import any functions
PE file overlay found
Uses 32bit PE files

Classification

Uses 32bit PE files
Source: aXWgSX54zl.exe Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE, DEBUG_STRIPPED
Source: aXWgSX54zl.exe Static PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
PE file does not import any functions
Source: aXWgSX54zl.exe Static PE information: No import functions for PE file found
PE file overlay found
Source: aXWgSX54zl.exe Static PE information: Data appended to the last section found
Uses 32bit PE files
Source: aXWgSX54zl.exe Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE, DEBUG_STRIPPED
Source: classification engine Classification label: unknown2.winEXE@0/0@0/0
Source: aXWgSX54zl.exe Static file information: File size 2003719 > 1048576
Source: aXWgSX54zl.exe Static PE information: Raw size of UPX1 is bigger than: 0x100000 < 0x4f0800
Source: aXWgSX54zl.exe Static PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
PE file contains sections with non-standard names
Source: aXWgSX54zl.exe Static PE information: section name: UPX2
Source: initial sample Static PE information: section name: UPX0
Source: initial sample Static PE information: section name: UPX1

No Screenshots

No Behavior Graph

No contacted IP infos