Windows Analysis Report
1728051010e60e339ea88a684f6571eb8c475e27dcd179b062b9fc584815b0e6126a0bbc1b567.dat-decoded.exe

Overview

General Information

Sample name: 1728051010e60e339ea88a684f6571eb8c475e27dcd179b062b9fc584815b0e6126a0bbc1b567.dat-decoded.exe
Analysis ID: 1525926
MD5: 8f0c37894627370f855b58dc3b333b9d
SHA1: b914fc175dc76de45c6e097832304fde80bc3505
SHA256: 9372e9541b6614a2c2a0cbd3675eda532478586b712e533b0ed578dd2c7cabaf
Tags: base64-decodedexeuser-abuse_ch
Errors
  • No process behavior to analyse as no analysis process or sample was found
  • Corrupt sample or wrongly selected analyzer. Details: %1 is not a valid Win32 application.

Detection

Score: 56
Range: 0 - 100
Whitelisted: false
Confidence: 100%

Signatures

Multi AV Scanner detection for submitted file
Machine Learning detection for sample
PE file contains section with special chars
Binary contains a suspicious time stamp
Entry point lies outside standard sections
PE file contains an invalid checksum
PE file contains sections with non-standard names
PE file does not import any functions
Sample file is different than original file name gathered from version info
Uses 32bit PE files

Classification

AV Detection
barindex
Multi AV Scanner detection for submitted file
Source: 1728051010e60e339ea88a684f6571eb8c475e27dcd179b062b9fc584815b0e6126a0bbc1b567.dat-decoded.exe ReversingLabs: Detection: 15%
Machine Learning detection for sample
Source: 1728051010e60e339ea88a684f6571eb8c475e27dcd179b062b9fc584815b0e6126a0bbc1b567.dat-decoded.exe Joe Sandbox ML: detected
Uses 32bit PE files
Source: 1728051010e60e339ea88a684f6571eb8c475e27dcd179b062b9fc584815b0e6126a0bbc1b567.dat-decoded.exe Static PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, LARGE_ADDRESS_AWARE, 32BIT_MACHINE, DEBUG_STRIPPED
Source: 1728051010e60e339ea88a684f6571eb8c475e27dcd179b062b9fc584815b0e6126a0bbc1b567.dat-decoded.exe Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH
Source: 1728051010e60e339ea88a684f6571eb8c475e27dcd179b062b9fc584815b0e6126a0bbc1b567.dat-decoded.exe String found in binary or memory: http://194.164.76.15:8080/dwn_legit_file
Source: 1728051010e60e339ea88a684f6571eb8c475e27dcd179b062b9fc584815b0e6126a0bbc1b567.dat-decoded.exe String found in binary or memory: http://194.164.76.15:8080/dwn_legit_filehttp://194.164.76.15:8080/dwn_spy_moduleC:
Source: 1728051010e60e339ea88a684f6571eb8c475e27dcd179b062b9fc584815b0e6126a0bbc1b567.dat-decoded.exe String found in binary or memory: http://194.164.76.15:8080/dwn_spy_module

System Summary
barindex
PE file contains section with special chars
Source: 1728051010e60e339ea88a684f6571eb8c475e27dcd179b062b9fc584815b0e6126a0bbc1b567.dat-decoded.exe Static PE information: section name: P`U6PQR
Source: 1728051010e60e339ea88a684f6571eb8c475e27dcd179b062b9fc584815b0e6126a0bbc1b567.dat-decoded.exe Static PE information: section name: `@L4LA2
PE file does not import any functions
Source: 1728051010e60e339ea88a684f6571eb8c475e27dcd179b062b9fc584815b0e6126a0bbc1b567.dat-decoded.exe Static PE information: No import functions for PE file found
Sample file is different than original file name gathered from version info
Source: 1728051010e60e339ea88a684f6571eb8c475e27dcd179b062b9fc584815b0e6126a0bbc1b567.dat-decoded.exe Binary or memory string: OriginalFilenameAdobe Download ManagerN vs 1728051010e60e339ea88a684f6571eb8c475e27dcd179b062b9fc584815b0e6126a0bbc1b567.dat-decoded.exe
Uses 32bit PE files
Source: 1728051010e60e339ea88a684f6571eb8c475e27dcd179b062b9fc584815b0e6126a0bbc1b567.dat-decoded.exe Static PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, LARGE_ADDRESS_AWARE, 32BIT_MACHINE, DEBUG_STRIPPED
Source: 1728051010e60e339ea88a684f6571eb8c475e27dcd179b062b9fc584815b0e6126a0bbc1b567.dat-decoded.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT size: 0xe80000d0 address: 0x0
Source: 1728051010e60e339ea88a684f6571eb8c475e27dcd179b062b9fc584815b0e6126a0bbc1b567.dat-decoded.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC size: 0x38000160 address: 0x0
Source: classification engine Classification label: mal56.winEXE@0/0@0/0
Source: 1728051010e60e339ea88a684f6571eb8c475e27dcd179b062b9fc584815b0e6126a0bbc1b567.dat-decoded.exe ReversingLabs: Detection: 15%
Source: 1728051010e60e339ea88a684f6571eb8c475e27dcd179b062b9fc584815b0e6126a0bbc1b567.dat-decoded.exe Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH
Binary contains a suspicious time stamp
Source: 1728051010e60e339ea88a684f6571eb8c475e27dcd179b062b9fc584815b0e6126a0bbc1b567.dat-decoded.exe Static PE information: 0xA35E11A4 [Tue Nov 7 19:31:48 2056 UTC]
Entry point lies outside standard sections
Source: initial sample Static PE information: section where entry point is pointing to: XEAIP
PE file contains an invalid checksum
Source: 1728051010e60e339ea88a684f6571eb8c475e27dcd179b062b9fc584815b0e6126a0bbc1b567.dat-decoded.exe Static PE information: real checksum: 0x18966 should be: 0x19830
PE file contains sections with non-standard names
Source: 1728051010e60e339ea88a684f6571eb8c475e27dcd179b062b9fc584815b0e6126a0bbc1b567.dat-decoded.exe Static PE information: section name: P`U6PQR
Source: 1728051010e60e339ea88a684f6571eb8c475e27dcd179b062b9fc584815b0e6126a0bbc1b567.dat-decoded.exe Static PE information: section name: `@L4LA2
Source: 1728051010e60e339ea88a684f6571eb8c475e27dcd179b062b9fc584815b0e6126a0bbc1b567.dat-decoded.exe Static PE information: section name: 001DYN
Source: 1728051010e60e339ea88a684f6571eb8c475e27dcd179b062b9fc584815b0e6126a0bbc1b567.dat-decoded.exe Static PE information: section name: XEAIP

No Screenshots

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 signatures2 2 Behavior Graph ID: 1525926 Sample: 1728051010e60e339ea88a684f6... Startdate: 04/10/2024 Architecture: WINDOWS Score: 56 5 Multi AV Scanner detection for submitted file 2->5 7 Machine Learning detection for sample 2->7 9 PE file contains section with special chars 2->9
No contacted IP infos