Windows Analysis Report
dfbedc.exe

Overview

General Information

Sample name: dfbedc.exe
Analysis ID: 1520809
MD5: 8276be102845dc450ee81142181bb0ac
SHA1: 86892cdf316dcabd59763693c510039435df16d1
SHA256: 035daed712df0e73601fb6b63ebbe4837b1989c4a51c0ceb5a95134620f6f732
Tags: exeuser-N3utralZ0ne
Errors
  • No process behavior to analyse as no analysis process or sample was found
  • Corrupt sample or wrongly selected analyzer. Details: %1 is not a valid Win32 application.

Detection

Score: 22
Range: 0 - 100
Whitelisted: false
Confidence: 80%

Signatures

Machine Learning detection for sample
Entry point lies outside standard sections
PE file contains an invalid checksum
PE file contains sections with non-standard names
PE file overlay found

Classification

AV Detection
barindex
Machine Learning detection for sample
Source: dfbedc.exe Joe Sandbox ML: detected
Source: dfbedc.exe Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
PE file overlay found
Source: dfbedc.exe Static PE information: Data appended to the last section found
Source: classification engine Classification label: sus22.winEXE@0/0@0/0
Source: dfbedc.exe Static PE information: Image base 0x140000000 > 0x60000000
Source: dfbedc.exe Static file information: File size 7580000 > 1048576
Source: dfbedc.exe Static PE information: Raw size of 2U036ITX is bigger than: 0x100000 < 0xd12800
Source: dfbedc.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: dfbedc.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: dfbedc.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: dfbedc.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: dfbedc.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: dfbedc.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
Source: dfbedc.exe Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Source: dfbedc.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Entry point lies outside standard sections
Source: initial sample Static PE information: section where entry point is pointing to: EBY5MMT2
PE file contains an invalid checksum
Source: dfbedc.exe Static PE information: real checksum: 0xd47ff1 should be: 0x741dcc
PE file contains sections with non-standard names
Source: dfbedc.exe Static PE information: section name: EBY5MMT2
Source: dfbedc.exe Static PE information: section name: 28B3E94H
Source: dfbedc.exe Static PE information: section name: 8F376P9X
Source: dfbedc.exe Static PE information: section name: CSL9ANT3
Source: dfbedc.exe Static PE information: section name: 2U036ITX
Source: dfbedc.exe Static PE information: section name: BYRQXKG6

No Screenshots

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 signatures2 2 Behavior Graph ID: 1520809 Sample: dfbedc.exe Startdate: 27/09/2024 Architecture: WINDOWS Score: 22 5 Machine Learning detection for sample 2->5
No contacted IP infos