Windows Analysis Report
RUMMY.EXE

Overview

General Information

Sample name: RUMMY.EXE
Analysis ID: 1528654
MD5: d228499e249b66190ed130b1d27790ec
SHA1: 9f6d842edacd83dabc8a548d7d8eb47d5df66f3f
SHA256: 77032f475fe4d87f065ae038ebbd230e4281884040a28f8745dde73e4d33c067
Infos:

Detection

Score: 48
Range: 0 - 100
Whitelisted: false
Confidence: 100%

Signatures

Multi AV Scanner detection for submitted file
Sample file is different than original file name gathered from version info
Uses 32bit PE files

Classification

AV Detection
barindex
Multi AV Scanner detection for submitted file
Source: RUMMY.EXE ReversingLabs: Detection: 18%
Source: RUMMY.EXE Virustotal: Detection: 22% Perma Link
Uses 32bit PE files
Source: RUMMY.EXE Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
Source: RUMMY.EXE String found in binary or memory: http://unni.web.com
Sample file is different than original file name gathered from version info
Source: RUMMY.EXE, 00000000.00000000.2024488436.0000000000407000.00000002.00000001.01000000.00000003.sdmp Binary or memory string: OriginalFilenameSOL.EXE@ vs RUMMY.EXE
Source: RUMMY.EXE Binary or memory string: OriginalFilenameSOL.EXE@ vs RUMMY.EXE
Uses 32bit PE files
Source: RUMMY.EXE Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
Source: classification engine Classification label: mal48.winEXE@1/0@0/0
Source: RUMMY.EXE Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Desktop\RUMMY.EXE Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers Jump to behavior
Source: RUMMY.EXE ReversingLabs: Detection: 18%
Source: RUMMY.EXE Virustotal: Detection: 22%
Source: C:\Users\user\Desktop\RUMMY.EXE Section loaded: apphelp.dll Jump to behavior
Source: C:\Users\user\Desktop\RUMMY.EXE Section loaded: mfc42.dll Jump to behavior
Source: C:\Users\user\Desktop\RUMMY.EXE Section loaded: uxtheme.dll Jump to behavior
Source: C:\Users\user\Desktop\RUMMY.EXE Section loaded: textshaping.dll Jump to behavior
Source: C:\Users\user\Desktop\RUMMY.EXE Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Users\user\Desktop\RUMMY.EXE Section loaded: textinputframework.dll Jump to behavior
Source: C:\Users\user\Desktop\RUMMY.EXE Section loaded: coreuicomponents.dll Jump to behavior
Source: C:\Users\user\Desktop\RUMMY.EXE Section loaded: coremessaging.dll Jump to behavior
Source: C:\Users\user\Desktop\RUMMY.EXE Section loaded: ntmarta.dll Jump to behavior
Source: C:\Users\user\Desktop\RUMMY.EXE Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\Desktop\RUMMY.EXE Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\Desktop\RUMMY.EXE Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\Desktop\RUMMY.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\RUMMY.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\RUMMY.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 signatures2 2 Behavior Graph ID: 1528654 Sample: RUMMY.EXE Startdate: 08/10/2024 Architecture: WINDOWS Score: 48 7 Multi AV Scanner detection for submitted file 2->7 5 RUMMY.EXE 2->5         started        process3
No contacted IP infos