Windows Analysis Report
17280510299d2c4229d8d34602ae7e6cab0904f854f3a07e2ef36692619be4af8ee7bc47a3656.dat-decoded.exe

Overview

General Information

Sample name: 17280510299d2c4229d8d34602ae7e6cab0904f854f3a07e2ef36692619be4af8ee7bc47a3656.dat-decoded.exe
Analysis ID: 1525917
MD5: 0c7416c1e0df89ff3eaf6ca0d5c4246f
SHA1: d919e66649d5b4309b3b9bbd71db428c9f816d4d
SHA256: 94995d6e701c7a363345b9d44c8ac7f56fb0a82a20ac3da782a8932b0d140945
Tags: base64-decodedexeuser-abuse_ch
Errors
  • No process behavior to analyse as no analysis process or sample was found
  • Corrupt sample or wrongly selected analyzer. Details: %1 is not a valid Win32 application.

Detection

Score: 56
Range: 0 - 100
Whitelisted: false
Confidence: 100%

Signatures

Multi AV Scanner detection for submitted file
AI detected suspicious sample
Machine Learning detection for sample
Binary contains a suspicious time stamp
PE file does not import any functions
Sample file is different than original file name gathered from version info
Uses 32bit PE files

Classification

AV Detection
barindex
Multi AV Scanner detection for submitted file
Source: 17280510299d2c4229d8d34602ae7e6cab0904f854f3a07e2ef36692619be4af8ee7bc47a3656.dat-decoded.exe ReversingLabs: Detection: 15%
AI detected suspicious sample
Source: Submited Sample Integrated Neural Analysis Model: Matched 93.6% probability
Machine Learning detection for sample
Source: 17280510299d2c4229d8d34602ae7e6cab0904f854f3a07e2ef36692619be4af8ee7bc47a3656.dat-decoded.exe Joe Sandbox ML: detected
Uses 32bit PE files
Source: 17280510299d2c4229d8d34602ae7e6cab0904f854f3a07e2ef36692619be4af8ee7bc47a3656.dat-decoded.exe Static PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
Source: 17280510299d2c4229d8d34602ae7e6cab0904f854f3a07e2ef36692619be4af8ee7bc47a3656.dat-decoded.exe Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
PE file does not import any functions
Source: 17280510299d2c4229d8d34602ae7e6cab0904f854f3a07e2ef36692619be4af8ee7bc47a3656.dat-decoded.exe Static PE information: No import functions for PE file found
Sample file is different than original file name gathered from version info
Source: 17280510299d2c4229d8d34602ae7e6cab0904f854f3a07e2ef36692619be4af8ee7bc47a3656.dat-decoded.exe Binary or memory string: OriginalFilenameQhcusmn.exe" vs 17280510299d2c4229d8d34602ae7e6cab0904f854f3a07e2ef36692619be4af8ee7bc47a3656.dat-decoded.exe
Uses 32bit PE files
Source: 17280510299d2c4229d8d34602ae7e6cab0904f854f3a07e2ef36692619be4af8ee7bc47a3656.dat-decoded.exe Static PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
Source: 17280510299d2c4229d8d34602ae7e6cab0904f854f3a07e2ef36692619be4af8ee7bc47a3656.dat-decoded.exe Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: 17280510299d2c4229d8d34602ae7e6cab0904f854f3a07e2ef36692619be4af8ee7bc47a3656.dat-decoded.exe Static PE information: Section: .rsrc ZLIB complexity 1.0071614583333333
Source: 17280510299d2c4229d8d34602ae7e6cab0904f854f3a07e2ef36692619be4af8ee7bc47a3656.dat-decoded.exe Static PE information: Section: .reloc ZLIB complexity 1.021484375
Source: classification engine Classification label: mal56.winEXE@0/0@0/0
Source: 17280510299d2c4229d8d34602ae7e6cab0904f854f3a07e2ef36692619be4af8ee7bc47a3656.dat-decoded.exe Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: 17280510299d2c4229d8d34602ae7e6cab0904f854f3a07e2ef36692619be4af8ee7bc47a3656.dat-decoded.exe Static file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.83%
Source: 17280510299d2c4229d8d34602ae7e6cab0904f854f3a07e2ef36692619be4af8ee7bc47a3656.dat-decoded.exe ReversingLabs: Detection: 15%
Source: 17280510299d2c4229d8d34602ae7e6cab0904f854f3a07e2ef36692619be4af8ee7bc47a3656.dat-decoded.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
Source: 17280510299d2c4229d8d34602ae7e6cab0904f854f3a07e2ef36692619be4af8ee7bc47a3656.dat-decoded.exe Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Binary contains a suspicious time stamp
Source: 17280510299d2c4229d8d34602ae7e6cab0904f854f3a07e2ef36692619be4af8ee7bc47a3656.dat-decoded.exe Static PE information: 0x9555481F [Sun May 23 14:50:07 2049 UTC]
Source: 17280510299d2c4229d8d34602ae7e6cab0904f854f3a07e2ef36692619be4af8ee7bc47a3656.dat-decoded.exe Static PE information: section name: .text entropy: 7.825297583839301
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 signatures2 2 Behavior Graph ID: 1525917 Sample: 17280510299d2c4229d8d34602a... Startdate: 04/10/2024 Architecture: WINDOWS Score: 56 5 Multi AV Scanner detection for submitted file 2->5 7 Machine Learning detection for sample 2->7 9 AI detected suspicious sample 2->9
No contacted IP infos