Windows Analysis Report
4LISu7rYyc.exe

Overview

General Information

Sample name: 4LISu7rYyc.exe
renamed because original name is a hash value
Original sample name: 6a189645d4b931b1850eed40a68e80ad.exe
Analysis ID: 1520609
MD5: 6a189645d4b931b1850eed40a68e80ad
SHA1: 6791a2f4d0a0f12a488e96cf67234fa0e52380bb
SHA256: e416178f2bcc62d37b8326d554bf82b18f87a3bd3dbfff2f957c77dbec04a329
Tags: exeuser-abuse_ch
Errors
  • No process behavior to analyse as no analysis process or sample was found
  • Corrupt sample or wrongly selected analyzer. Details: %1 is not a valid Win32 application.

Detection

Score: 52
Range: 0 - 100
Whitelisted: false
Confidence: 100%

Signatures

Multi AV Scanner detection for submitted file
Machine Learning detection for sample
PE file contains an invalid checksum
PE file contains more sections than normal
PE file contains sections with non-standard names
PE file does not import any functions
PE file overlay found

Classification

AV Detection
barindex
Multi AV Scanner detection for submitted file
Source: 4LISu7rYyc.exe ReversingLabs: Detection: 36%
Machine Learning detection for sample
Source: 4LISu7rYyc.exe Joe Sandbox ML: detected
Source: 4LISu7rYyc.exe Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT
PE file contains more sections than normal
Source: 4LISu7rYyc.exe Static PE information: Number of sections : 11 > 10
PE file does not import any functions
Source: 4LISu7rYyc.exe Static PE information: No import functions for PE file found
PE file overlay found
Source: 4LISu7rYyc.exe Static PE information: Data appended to the last section found
Source: classification engine Classification label: mal52.winEXE@0/0@0/0
Source: 4LISu7rYyc.exe Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: 4LISu7rYyc.exe ReversingLabs: Detection: 36%
Source: 4LISu7rYyc.exe Static PE information: Image base 0x140000000 > 0x60000000
Source: 4LISu7rYyc.exe Static file information: File size 5159875 > 1048576
Source: 4LISu7rYyc.exe Static PE information: Raw size of .data is bigger than: 0x100000 < 0x54c600
Source: 4LISu7rYyc.exe Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT
PE file contains an invalid checksum
Source: 4LISu7rYyc.exe Static PE information: real checksum: 0x570165 should be: 0x4f59a3
PE file contains sections with non-standard names
Source: 4LISu7rYyc.exe Static PE information: section name: .xdata
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 signatures2 2 Behavior Graph ID: 1520609 Sample: 4LISu7rYyc.exe Startdate: 27/09/2024 Architecture: WINDOWS Score: 52 5 Multi AV Scanner detection for submitted file 2->5 7 Machine Learning detection for sample 2->7
No contacted IP infos