Windows Analysis Report
pNmlvlQJdD.exe

Overview

General Information

Sample name: pNmlvlQJdD.exe
renamed because original name is a hash value
Original sample name: fd86aa8742e447edec2d1f0f8a2123a6.exe
Analysis ID: 1521404
MD5: fd86aa8742e447edec2d1f0f8a2123a6
SHA1: 3cb9b50dae4fc41037d2065fcd6d0c0a79699afa
SHA256: d585f9bf3e952f18455a90a283502e9e0a4d11751fc5f72739761ec5c7d3e36a
Tags: exeuser-abuse_ch
Errors
  • No process behavior to analyse as no analysis process or sample was found
  • Corrupt sample or wrongly selected analyzer. Details: %1 is not a valid Win32 application.

Detection

Score: 2
Range: 0 - 100
Whitelisted: false
Confidence: 80%

Signatures

PE file contains an invalid checksum
PE file does not import any functions
PE file overlay found
Uses 32bit PE files

Classification

Uses 32bit PE files
Source: pNmlvlQJdD.exe Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
PE file does not import any functions
Source: pNmlvlQJdD.exe Static PE information: No import functions for PE file found
PE file overlay found
Source: pNmlvlQJdD.exe Static PE information: Data appended to the last section found
Uses 32bit PE files
Source: pNmlvlQJdD.exe Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
Source: classification engine Classification label: unknown2.winEXE@0/0@0/0
Source: pNmlvlQJdD.exe Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: pNmlvlQJdD.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
PE file contains an invalid checksum
Source: pNmlvlQJdD.exe Static PE information: real checksum: 0x23bfb should be: 0xa44a

No Screenshots

No Behavior Graph

No contacted IP infos