Windows Analysis Report
17280510291ca53343f4ce3c495b34836365516c33c836e94d1d8f41d7e5754402f50a1699881.dat-decoded.exe

Overview

General Information

Sample name: 17280510291ca53343f4ce3c495b34836365516c33c836e94d1d8f41d7e5754402f50a1699881.dat-decoded.exe
Analysis ID: 1525921
MD5: 8dd1defa0e9ac7ea10289391df33649a
SHA1: e3b8aaa012b92389ab14e702ed3e9c598a00e969
SHA256: feeff21d51f61ec5271ca077d029ad9ccae325edc594d8fe6d8d521d1d064417
Tags: base64-decodedexeuser-abuse_ch
Errors
  • No process behavior to analyse as no analysis process or sample was found
  • Corrupt sample or wrongly selected analyzer. Details: %1 is not a valid Win32 application.

Detection

Score: 52
Range: 0 - 100
Whitelisted: false
Confidence: 100%

Signatures

Multi AV Scanner detection for submitted file
Machine Learning detection for sample
PE file does not import any functions
Sample file is different than original file name gathered from version info
Uses 32bit PE files

Classification

AV Detection
barindex
Multi AV Scanner detection for submitted file
Source: 17280510291ca53343f4ce3c495b34836365516c33c836e94d1d8f41d7e5754402f50a1699881.dat-decoded.exe ReversingLabs: Detection: 15%
Machine Learning detection for sample
Source: 17280510291ca53343f4ce3c495b34836365516c33c836e94d1d8f41d7e5754402f50a1699881.dat-decoded.exe Joe Sandbox ML: detected
Uses 32bit PE files
Source: 17280510291ca53343f4ce3c495b34836365516c33c836e94d1d8f41d7e5754402f50a1699881.dat-decoded.exe Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
Source: 17280510291ca53343f4ce3c495b34836365516c33c836e94d1d8f41d7e5754402f50a1699881.dat-decoded.exe Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
PE file does not import any functions
Source: 17280510291ca53343f4ce3c495b34836365516c33c836e94d1d8f41d7e5754402f50a1699881.dat-decoded.exe Static PE information: No import functions for PE file found
Sample file is different than original file name gathered from version info
Source: 17280510291ca53343f4ce3c495b34836365516c33c836e94d1d8f41d7e5754402f50a1699881.dat-decoded.exe Binary or memory string: OriginalFilenameredist.exeH vs 17280510291ca53343f4ce3c495b34836365516c33c836e94d1d8f41d7e5754402f50a1699881.dat-decoded.exe
Uses 32bit PE files
Source: 17280510291ca53343f4ce3c495b34836365516c33c836e94d1d8f41d7e5754402f50a1699881.dat-decoded.exe Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
Source: 17280510291ca53343f4ce3c495b34836365516c33c836e94d1d8f41d7e5754402f50a1699881.dat-decoded.exe Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: 17280510291ca53343f4ce3c495b34836365516c33c836e94d1d8f41d7e5754402f50a1699881.dat-decoded.exe Static PE information: Section: .reloc ZLIB complexity 1.021484375
Source: classification engine Classification label: mal52.winEXE@0/0@0/0
Source: 17280510291ca53343f4ce3c495b34836365516c33c836e94d1d8f41d7e5754402f50a1699881.dat-decoded.exe Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: 17280510291ca53343f4ce3c495b34836365516c33c836e94d1d8f41d7e5754402f50a1699881.dat-decoded.exe Static file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.83%
Source: 17280510291ca53343f4ce3c495b34836365516c33c836e94d1d8f41d7e5754402f50a1699881.dat-decoded.exe ReversingLabs: Detection: 15%
Source: 17280510291ca53343f4ce3c495b34836365516c33c836e94d1d8f41d7e5754402f50a1699881.dat-decoded.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
Source: 17280510291ca53343f4ce3c495b34836365516c33c836e94d1d8f41d7e5754402f50a1699881.dat-decoded.exe Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Source: 17280510291ca53343f4ce3c495b34836365516c33c836e94d1d8f41d7e5754402f50a1699881.dat-decoded.exe Static PE information: section name: .text entropy: 7.954787921978049
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 signatures2 2 Behavior Graph ID: 1525921 Sample: 17280510291ca53343f4ce3c495... Startdate: 04/10/2024 Architecture: WINDOWS Score: 52 5 Multi AV Scanner detection for submitted file 2->5 7 Machine Learning detection for sample 2->7
No contacted IP infos