Windows Analysis Report
123.exe

Overview

General Information

Sample name: 123.exe
Analysis ID: 1528664
MD5: 9bfe2ae2ae254503f4eec44226c721a5
SHA1: 28f6d5101885bdfcba78e3131bf27f2d30d5b670
SHA256: 7419585e103319649f2871b7ea75ad51fd4fbd1c38ce2950ffd59f5795aba934
Errors
  • No process behavior to analyse as no analysis process or sample was found
  • Corrupt sample or wrongly selected analyzer. Details: %1 is not a valid Win32 application.

Detection

Score: 52
Range: 0 - 100
Whitelisted: false
Confidence: 100%

Signatures

Multi AV Scanner detection for submitted file
Machine Learning detection for sample
PE file contains more sections than normal
PE file contains sections with non-standard names
PE file does not import any functions
PE file overlay found
Uses 32bit PE files

Classification

AV Detection
barindex
Multi AV Scanner detection for submitted file
Source: 123.exe ReversingLabs: Detection: 62%
Source: 123.exe Virustotal: Detection: 60% Perma Link
Machine Learning detection for sample
Source: 123.exe Joe Sandbox ML: detected
Uses 32bit PE files
Source: 123.exe Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE, DEBUG_STRIPPED
PE file contains more sections than normal
Source: 123.exe Static PE information: Number of sections : 13 > 10
PE file does not import any functions
Source: 123.exe Static PE information: No import functions for PE file found
PE file overlay found
Source: 123.exe Static PE information: Data appended to the last section found
Uses 32bit PE files
Source: 123.exe Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE, DEBUG_STRIPPED
Source: classification engine Classification label: mal52.winEXE@0/0@0/0
Source: 123.exe Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: 123.exe ReversingLabs: Detection: 62%
Source: 123.exe Virustotal: Detection: 60%
Source: 123.exe Static PE information: Virtual size of .text is bigger than: 0x100000
Source: 123.exe Static file information: File size 1177365 > 1048576
Source: 123.exe Static PE information: Raw size of .text is bigger than: 0x100000 < 0x2e3e00
PE file contains sections with non-standard names
Source: 123.exe Static PE information: section name: /4
Source: 123.exe Static PE information: section name: /18
Source: 123.exe Static PE information: section name: /30
Source: 123.exe Static PE information: section name: /43
Source: 123.exe Static PE information: section name: /59
Source: 123.exe Static PE information: section name: /75
Source: 123.exe Static PE information: section name: /90
Source: 123.exe Static PE information: section name: /109
Source: 123.exe Static PE information: section name: .symtab
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 signatures2 2 Behavior Graph ID: 1528664 Sample: 123.exe Startdate: 08/10/2024 Architecture: WINDOWS Score: 52 5 Multi AV Scanner detection for submitted file 2->5 7 Machine Learning detection for sample 2->7
No contacted IP infos