Windows Analysis Report
Nondu41ism.exe

Overview

General Information

Sample name: Nondu41ism.exe
Analysis ID: 1524527
MD5: 4bbef6f1dfcc6e105d26b02825726b13
SHA1: 5216a13293caf2a972e68f96e324a1bac24eb687
SHA256: b6091d1911f2cbbbce19cd70b0b04dc226ad5397ea653f80ea1ac8d4b5db0542
Tags: exePXRECVOWEIWOEIuser-NDA0E
Errors
  • No process behavior to analyse as no analysis process or sample was found
  • Corrupt sample or wrongly selected analyzer. Details: %1 is not a valid Win32 application.

Detection

Score: 64
Range: 0 - 100
Whitelisted: false
Confidence: 100%

Signatures

Antivirus / Scanner detection for submitted sample
.NET source code contains potential unpacker
AI detected suspicious sample
Machine Learning detection for sample
PE file has a writeable .text section
Binary contains a suspicious time stamp

Classification

AV Detection
barindex
Antivirus / Scanner detection for submitted sample
Source: Nondu41ism.exe Avira: detected
AI detected suspicious sample
Source: Submited Sample Integrated Neural Analysis Model: Matched 87.5% probability
Machine Learning detection for sample
Source: Nondu41ism.exe Joe Sandbox ML: detected
Source: Nondu41ism.exe Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

System Summary
barindex
PE file has a writeable .text section
Source: Nondu41ism.exe Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: classification engine Classification label: mal64.evad.winEXE@0/0@0/0
Source: Nondu41ism.exe Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: Nondu41ism.exe Static file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 50.01%
Source: Nondu41ism.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
Source: Nondu41ism.exe Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Data Obfuscation
barindex
.NET source code contains potential unpacker
Source: Nondu41ism.exe, konevil.cs .Net Code: mokagoz System.Reflection.Assembly.Load(byte[])
Source: Nondu41ism.exe, konevil.cs .Net Code: mokagoz
Binary contains a suspicious time stamp
Source: Nondu41ism.exe Static PE information: 0x935F103B [Thu May 7 16:13:47 2048 UTC]
Source: Nondu41ism.exe Binary or memory string: qemutehiwogecuwuref
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 signatures2 2 Behavior Graph ID: 1524527 Sample: Nondu41ism.exe Startdate: 02/10/2024 Architecture: WINDOWS Score: 64 5 Antivirus / Scanner detection for submitted sample 2->5 7 .NET source code contains potential unpacker 2->7 9 Machine Learning detection for sample 2->9 11 2 other signatures 2->11
No contacted IP infos