Edit tour
Windows
Analysis Report
5390d36a371f0598b86301961d5fdb329e368e7a.exe
Overview
General Information
Sample name: | 5390d36a371f0598b86301961d5fdb329e368e7a.exe (renamed file extension from none to exe) |
Original sample name: | 5390d36a371f0598b86301961d5fdb329e368e7a |
Analysis ID: | 1520616 |
MD5: | 0447e67da4fb72bdde31bd7ec2b62e04 |
SHA1: | 7143740f5b7a35799398568b9606c4b1eeb9d591 |
SHA256: | 12f30a0114c0d67881f10a66cf5b848afc3d858dea34c06836113e272bad0dc5 |
Errors
|
Detection
Score: | 48 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Contains functionality to automate explorer (e.g. start an application)
Extracts suspicious resources from PE file (packer detected)
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to launch a program with higher privileges
Contains functionality to query CPU information (cpuid)
Contains functionality to shutdown / reboot the system
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Detected potential crypto function
Found potential string decryption / allocating functions
PE file contains executable resources (Code or Archives)
Program does not show much activity (idle)
Sample file is different than original file name gathered from version info
Classification
- System is w10x64
- 5390d36a371f0598b86301961d5fdb329e368e7a.exe (PID: 7564 cmdline:
"C:\Users\ user\Deskt op\5390d36 a371f0598b 86301961d5 fdb329e368 e7a.exe" MD5: 0447E67DA4FB72BDDE31BD7EC2B62E04)
- cleanup
⊘No configs have been found
⊘No yara matches
⊘No Sigma rule has matched
⊘No Suricata rule has matched
Click to jump to signature section
Show All Signature Results
Source: | Static PE information: |
Source: | Binary string: |
Source: | Code function: | 0_2_0000000140003050 | |
Source: | Code function: |