Windows Analysis Report
17280510333bd3badfb42f75b2331e536f9453dfd51c0871558a3da9bda4b0f499f199e007199.dat-decoded.exe

Overview

General Information

Sample name: 17280510333bd3badfb42f75b2331e536f9453dfd51c0871558a3da9bda4b0f499f199e007199.dat-decoded.exe
Analysis ID: 1526393
MD5: 8115e1b1cc59f6173b1216df9839ee03
SHA1: 6f76adcc3440103d75f2b8e672f6614e79768bdd
SHA256: 4ebbe99b2182db0615f8aed841930ad6b39cf7403e11d92cb44933ab02731098
Tags: base64-decodedexeuser-abuse_ch
Errors
  • No process behavior to analyse as no analysis process or sample was found
  • Corrupt sample or wrongly selected analyzer. Details: %1 is not a valid Win32 application.

Detection

Score: 60
Range: 0 - 100
Whitelisted: false
Confidence: 100%

Signatures

Multi AV Scanner detection for submitted file
AI detected suspicious sample
Machine Learning detection for sample
PE file contains section with special chars
PE file contains an invalid checksum
PE file contains sections with non-standard names
PE file does not import any functions
Uses 32bit PE files

Classification

AV Detection
barindex
Multi AV Scanner detection for submitted file
Source: 17280510333bd3badfb42f75b2331e536f9453dfd51c0871558a3da9bda4b0f499f199e007199.dat-decoded.exe Virustotal: Detection: 14% Perma Link
AI detected suspicious sample
Source: Submited Sample Integrated Neural Analysis Model: Matched 97.6% probability
Machine Learning detection for sample
Source: 17280510333bd3badfb42f75b2331e536f9453dfd51c0871558a3da9bda4b0f499f199e007199.dat-decoded.exe Joe Sandbox ML: detected
Uses 32bit PE files
Source: 17280510333bd3badfb42f75b2331e536f9453dfd51c0871558a3da9bda4b0f499f199e007199.dat-decoded.exe Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE

System Summary
barindex
PE file contains section with special chars
Source: 17280510333bd3badfb42f75b2331e536f9453dfd51c0871558a3da9bda4b0f499f199e007199.dat-decoded.exe Static PE information: section name: `.rdat
Source: 17280510333bd3badfb42f75b2331e536f9453dfd51c0871558a3da9bda4b0f499f199e007199.dat-decoded.exe Static PE information: section name: @.data
PE file does not import any functions
Source: 17280510333bd3badfb42f75b2331e536f9453dfd51c0871558a3da9bda4b0f499f199e007199.dat-decoded.exe Static PE information: No import functions for PE file found
Uses 32bit PE files
Source: 17280510333bd3badfb42f75b2331e536f9453dfd51c0871558a3da9bda4b0f499f199e007199.dat-decoded.exe Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE
Source: 17280510333bd3badfb42f75b2331e536f9453dfd51c0871558a3da9bda4b0f499f199e007199.dat-decoded.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE size: 0x230 address: 0x0
Source: 17280510333bd3badfb42f75b2331e536f9453dfd51c0871558a3da9bda4b0f499f199e007199.dat-decoded.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT size: 0x6c0001a0 address: 0x0
Source: classification engine Classification label: mal60.winEXE@0/0@0/0
Source: 17280510333bd3badfb42f75b2331e536f9453dfd51c0871558a3da9bda4b0f499f199e007199.dat-decoded.exe Static PE information: Section: .text IMAGE_SCN_MEM_EXECUTE
Source: 17280510333bd3badfb42f75b2331e536f9453dfd51c0871558a3da9bda4b0f499f199e007199.dat-decoded.exe Virustotal: Detection: 14%
Source: 17280510333bd3badfb42f75b2331e536f9453dfd51c0871558a3da9bda4b0f499f199e007199.dat-decoded.exe Static PE information: Virtual size of .text is bigger than: 0x100000
Source: 17280510333bd3badfb42f75b2331e536f9453dfd51c0871558a3da9bda4b0f499f199e007199.dat-decoded.exe Static file information: File size 2840280 > 1048576
PE file contains an invalid checksum
Source: 17280510333bd3badfb42f75b2331e536f9453dfd51c0871558a3da9bda4b0f499f199e007199.dat-decoded.exe Static PE information: real checksum: 0x3f000002 should be: 0x2b6db1
PE file contains sections with non-standard names
Source: 17280510333bd3badfb42f75b2331e536f9453dfd51c0871558a3da9bda4b0f499f199e007199.dat-decoded.exe Static PE information: section name: `.rdat
Source: 17280510333bd3badfb42f75b2331e536f9453dfd51c0871558a3da9bda4b0f499f199e007199.dat-decoded.exe Static PE information: section name: @.data
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 signatures2 2 Behavior Graph ID: 1526393 Sample: 17280510333bd3badfb42f75b23... Startdate: 05/10/2024 Architecture: WINDOWS Score: 60 5 Multi AV Scanner detection for submitted file 2->5 7 Machine Learning detection for sample 2->7 9 PE file contains section with special chars 2->9 11 AI detected suspicious sample 2->11
No contacted IP infos