Windows Analysis Report
LV1tuFUlee.exe

Overview

General Information

Sample name: LV1tuFUlee.exe
renamed because original name is a hash value
Original sample name: b4584d84d9fcaec7a66a357904cd5f32.exe
Analysis ID: 1521400
MD5: b4584d84d9fcaec7a66a357904cd5f32
SHA1: ef9110d83bee93110eb2c1681185b94210dea722
SHA256: 7cd506f9ba1aa8e69dbe914d28991ba7470277fdb273626dbe606c1abf5e6daf
Tags: exeuser-abuse_ch
Infos:
Errors
  • No process behavior to analyse as no analysis process or sample was found
  • Corrupt sample or wrongly selected analyzer. Details: %1 is not a valid Win32 application.

Detection

Score: 1
Range: 0 - 100
Whitelisted: false
Confidence: 80%

Signatures

PE file does not import any functions
PE file overlay found
Uses 32bit PE files

Classification

Uses 32bit PE files
Source: LV1tuFUlee.exe Static PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
Source: LV1tuFUlee.exe Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global traffic DNS traffic detected: DNS query: time.windows.com
PE file does not import any functions
Source: LV1tuFUlee.exe Static PE information: No import functions for PE file found
PE file overlay found
Source: LV1tuFUlee.exe Static PE information: Data appended to the last section found
Uses 32bit PE files
Source: LV1tuFUlee.exe Static PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
Source: classification engine Classification label: unknown1.winEXE@0/0@1/0
Source: LV1tuFUlee.exe Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: LV1tuFUlee.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
Source: LV1tuFUlee.exe Static PE information: Virtual size of .text is bigger than: 0x100000
Source: LV1tuFUlee.exe Static PE information: Raw size of .text is bigger than: 0x100000 < 0x5ec600
Source: LV1tuFUlee.exe Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Source: LV1tuFUlee.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG

No Screenshots

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1521400 Sample: LV1tuFUlee.exe Startdate: 28/09/2024 Architecture: WINDOWS Score: 1 5 time.windows.com 2->5
No contacted IP infos

Contacted Domains

Name IP Active
time.windows.com unknown unknown