Windows Analysis Report
2YzeJ80aXY.exe

Overview

General Information

Sample name:	2YzeJ80aXY.exe renamed because original name is a hash value
Original sample name:	5b8d98c7c058bcb71a0d8084a550fee9.exe
Analysis ID:	1527160
MD5:	5b8d98c7c058bcb71a0d8084a550fee9
SHA1:	119be8f30b551fe21973a25bdb667043497db0fa
SHA256:	f8cdbd3dc418df7199f747958c21ac3cca95fb7b40f40ba405c8870c803bc4b2
Tags:	exeuser-abuse_ch
Errors No process behavior to analyse as no analysis process or sample was found Corrupt sample or wrongly selected analyzer. Details: %1 is not a valid Win32 application.

Detection

Score:	48
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Multi AV Scanner detection for submitted file

PE file contains more sections than normal

PE file contains sections with non-standard names

PE file overlay found

Classification

Signatures

AV Detection

Multi AV Scanner detection for submitted file

Source: 2YzeJ80aXY.exe

ReversingLabs: Detection: 15%

PE file contains more sections than normal

Source: 2YzeJ80aXY.exe

Static PE information: Number of sections : 11 > 10

PE file overlay found

Source: 2YzeJ80aXY.exe

Static PE information: Data appended to the last section found

Source: classification engine

Classification label: mal48.winEXE@0/0@0/0

Source: 2YzeJ80aXY.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: 2YzeJ80aXY.exe

ReversingLabs: Detection: 15%

Source: 2YzeJ80aXY.exe	String found in binary or memory: gfx/loading.gif">
Source: 2YzeJ80aXY.exe	String found in binary or memory: /gfx/loading.gif
Source: 2YzeJ80aXY.exe	String found in binary or memory: gfx/loading.gif

Source: 2YzeJ80aXY.exe

Static PE information: Virtual size of .text is bigger than: 0x100000

Source: 2YzeJ80aXY.exe

Static file information: File size 7264040 > 1048576

Source: 2YzeJ80aXY.exe	Static PE information: Raw size of .text is bigger than: 0x100000 < 0x5dc400
Source: 2YzeJ80aXY.exe	Static PE information: Raw size of .rsrc is bigger than: 0x100000 < 0x2ff200

PE file contains sections with non-standard names

Source: 2YzeJ80aXY.exe

Static PE information: section name: .didata

Screenshots

No Screenshots

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Network Map

⊘No contacted IP infos

ID:	1527160
Product:	CloudBasic
Start time:	21:00:13
Start date:	06.10.2024
Sample:	2YzeJ80aXY.exe
Cookbook:	default.jbs
System description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Architecture:	WINDOWS
MD5:	5b8d98c7c058bcb71a0d8084a550fee9
SHA1:	119be8f30b551fe21973a25bdb667043497db0fa
SHA256:	f8cdbd3dc418df7199f747958c21ac3cca95fb7b40f40ba405c8870c803bc4b2
Filetype:	Win64 Executable GUI (202006/5) 92.64%

Windows Analysis Report
2YzeJ80aXY.exe

Overview

General Information

Detection

Signatures

Classification

Signatures

AV Detection

System Summary

Data Obfuscation

Screenshots

Behavior Graph

Network Map

Windows Analysis Report 2YzeJ80aXY.exe

Overview

General Information

Detection

Signatures

Classification

Signatures

AV Detection

System Summary

Data Obfuscation

Screenshots

Behavior Graph

Network Map

Windows Analysis Report
2YzeJ80aXY.exe