Windows Analysis Report
fqfeeCJXIY.exe

Overview

General Information

Sample name: fqfeeCJXIY.exe
(renamed file extension from none to exe, renamed because original name is a hash value)
Original sample name: f5d2b0198dad167dd8973bba80fdcf02013fc2e69f36866445602542087b6b8e
Analysis ID: 1541199
MD5: 3ec3f39d4f633ca3443c482f1562b07e
SHA1: 023f3586c6b1852db13efd0e28ba175aaa64611e
SHA256: f5d2b0198dad167dd8973bba80fdcf02013fc2e69f36866445602542087b6b8e

Detection

Score: 22
Range: 0 - 100
Whitelisted: false
Confidence: 60%

Signatures

Machine Learning detection for sample
Entry point lies outside standard sections
PE file contains sections with non-standard names
Program does not show much activity (idle)
Sample file is different than original file name gathered from version info
Uses 32bit PE files

Classification

AV Detection
barindex
Machine Learning detection for sample
Source: fqfeeCJXIY.exe Joe Sandbox ML: detected
Uses 32bit PE files
Source: fqfeeCJXIY.exe Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, DEBUG_STRIPPED
Source: fqfeeCJXIY.exe, 00000000.00000002.2175371662.0000000000401000.00000040.00000001.01000000.00000003.sdmp String found in binary or memory: http://www.NewXing.com
Sample file is different than original file name gathered from version info
Source: fqfeeCJXIY.exe, 00000000.00000000.2129019985.000000000059A000.00000020.00000001.01000000.00000003.sdmp Binary or memory string: OriginalFilename vs fqfeeCJXIY.exe
Source: fqfeeCJXIY.exe Binary or memory string: OriginalFilename vs fqfeeCJXIY.exe
Uses 32bit PE files
Source: fqfeeCJXIY.exe Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, DEBUG_STRIPPED
Source: fqfeeCJXIY.exe Static PE information: Section: 0ext ZLIB complexity 0.9960295962591241
Source: fqfeeCJXIY.exe Static PE information: Section: 5ata ZLIB complexity 1.00048828125
Source: fqfeeCJXIY.exe, 00000000.00000002.2175371662.0000000000401000.00000040.00000001.01000000.00000003.sdmp Binary or memory string: ~.vbp@
Source: fqfeeCJXIY.exe, 00000000.00000002.2175371662.0000000000401000.00000040.00000001.01000000.00000003.sdmp Binary or memory string: ~.vbp @m
Source: classification engine Classification label: sus22.winEXE@1/1@0/0
Source: C:\Users\user\Desktop\fqfeeCJXIY.exe Mutant created: NULL
Source: C:\Users\user\Desktop\fqfeeCJXIY.exe File created: C:\Users\user\AppData\Local\Temp\~DF590B5E50594AA91C.TMP Jump to behavior
Source: C:\Users\user\Desktop\fqfeeCJXIY.exe Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers Jump to behavior
Source: C:\Users\user\Desktop\fqfeeCJXIY.exe File read: C:\Users\user\Desktop\fqfeeCJXIY.exe Jump to behavior
Source: C:\Users\user\Desktop\fqfeeCJXIY.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Users\user\Desktop\fqfeeCJXIY.exe Section loaded: msvbvm60.dll Jump to behavior
Source: C:\Users\user\Desktop\fqfeeCJXIY.exe Section loaded: vb6zz.dll Jump to behavior
Source: C:\Users\user\Desktop\fqfeeCJXIY.exe Section loaded: vb6chs.dll Jump to behavior
Source: C:\Users\user\Desktop\fqfeeCJXIY.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Users\user\Desktop\fqfeeCJXIY.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Users\user\Desktop\fqfeeCJXIY.exe Section loaded: sxs.dll Jump to behavior
Source: C:\Users\user\Desktop\fqfeeCJXIY.exe Section loaded: vb6chs.dll Jump to behavior
Source: C:\Users\user\Desktop\fqfeeCJXIY.exe Section loaded: textshaping.dll Jump to behavior
Source: C:\Users\user\Desktop\fqfeeCJXIY.exe Section loaded: textinputframework.dll Jump to behavior
Source: C:\Users\user\Desktop\fqfeeCJXIY.exe Section loaded: coreuicomponents.dll Jump to behavior
Source: C:\Users\user\Desktop\fqfeeCJXIY.exe Section loaded: coremessaging.dll Jump to behavior
Source: C:\Users\user\Desktop\fqfeeCJXIY.exe Section loaded: ntmarta.dll Jump to behavior
Source: C:\Users\user\Desktop\fqfeeCJXIY.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\Desktop\fqfeeCJXIY.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\Desktop\fqfeeCJXIY.exe Section loaded: wintypes.dll Jump to behavior
Entry point lies outside standard sections
Source: initial sample Static PE information: section where entry point is pointing to: 3ext
PE file contains sections with non-standard names
Source: fqfeeCJXIY.exe Static PE information: section name: 0ext
Source: fqfeeCJXIY.exe Static PE information: section name: 1ata
Source: fqfeeCJXIY.exe Static PE information: section name: 2src
Source: fqfeeCJXIY.exe Static PE information: section name: 3ext
Source: fqfeeCJXIY.exe Static PE information: section name: 4data
Source: fqfeeCJXIY.exe Static PE information: section name: 5ata
Source: fqfeeCJXIY.exe Static PE information: section name: 0ext entropy: 7.999257185550183
Source: fqfeeCJXIY.exe Static PE information: section name: 3ext entropy: 7.904648337578353
Source: fqfeeCJXIY.exe Static PE information: section name: 5ata entropy: 7.994227836892481
Source: C:\Users\user\Desktop\fqfeeCJXIY.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\fqfeeCJXIY.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\fqfeeCJXIY.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Program does not show much activity (idle)
Source: all processes Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected
Program does not show much activity (idle)
Source: all processes Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 signatures2 2 Behavior Graph ID: 1541199 Sample: fqfeeCJXIY Startdate: 24/10/2024 Architecture: WINDOWS Score: 22 7 Machine Learning detection for sample 2->7 5 fqfeeCJXIY.exe 1 2->5         started        process3
No contacted IP infos