Windows Analysis Report
17303071871f26ea74fbc7fbdc4bde644d7795ffd38ae1f7d401a33e5b7c207f8fb1a83f2f776.dat-decoded.exe

Overview

General Information

Sample name: 17303071871f26ea74fbc7fbdc4bde644d7795ffd38ae1f7d401a33e5b7c207f8fb1a83f2f776.dat-decoded.exe
Analysis ID: 1545601
MD5: fba5f0a24d4ee22bb7e2d81ee53f1b73
SHA1: 08d02ec3caf674c465d3141f796e7ebf825903d3
SHA256: 8d9d9232d8c7678decb355382e7f4c4b114c824349d81337518aa0aaf5347687
Tags: base64-decodedexeuser-abuse_ch

Detection

Score: 52
Range: 0 - 100
Whitelisted: false
Confidence: 100%

Signatures

Multi AV Scanner detection for submitted file
Machine Learning detection for sample
Contains functionality to detect virtual machines (SLDT)
Contains functionality to read the PEB
Detected potential crypto function
Program does not show much activity (idle)
Uses code obfuscation techniques (call, push, ret)

Classification

AV Detection
barindex
Multi AV Scanner detection for submitted file
Source: 17303071871f26ea74fbc7fbdc4bde644d7795ffd38ae1f7d401a33e5b7c207f8fb1a83f2f776.dat-decoded.exe ReversingLabs: Detection: 15%
Machine Learning detection for sample
Source: 17303071871f26ea74fbc7fbdc4bde644d7795ffd38ae1f7d401a33e5b7c207f8fb1a83f2f776.dat-decoded.exe Joe Sandbox ML: detected
Detected potential crypto function
Source: C:\Users\user\Desktop\17303071871f26ea74fbc7fbdc4bde644d7795ffd38ae1f7d401a33e5b7c207f8fb1a83f2f776.dat-decoded.exe Code function: 1_2_004415ED 1_2_004415ED
Source: C:\Users\user\Desktop\17303071871f26ea74fbc7fbdc4bde644d7795ffd38ae1f7d401a33e5b7c207f8fb1a83f2f776.dat-decoded.exe Code function: 1_2_0040AB9A 1_2_0040AB9A
Source: classification engine Classification label: mal52.winEXE@1/0@0/0
Source: 17303071871f26ea74fbc7fbdc4bde644d7795ffd38ae1f7d401a33e5b7c207f8fb1a83f2f776.dat-decoded.exe ReversingLabs: Detection: 15%
Uses code obfuscation techniques (call, push, ret)
Source: C:\Users\user\Desktop\17303071871f26ea74fbc7fbdc4bde644d7795ffd38ae1f7d401a33e5b7c207f8fb1a83f2f776.dat-decoded.exe Code function: 1_2_0041B162 pushfd ; ret 1_2_0041B16D
Contains functionality to detect virtual machines (SLDT)
Source: C:\Users\user\Desktop\17303071871f26ea74fbc7fbdc4bde644d7795ffd38ae1f7d401a33e5b7c207f8fb1a83f2f776.dat-decoded.exe Code function: 1_2_0040AC0C sldt word ptr [eax] 1_2_0040AC0C
Program does not show much activity (idle)
Source: all processes Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected
Contains functionality to read the PEB
Source: C:\Users\user\Desktop\17303071871f26ea74fbc7fbdc4bde644d7795ffd38ae1f7d401a33e5b7c207f8fb1a83f2f776.dat-decoded.exe Code function: 1_2_00433839 mov eax, dword ptr fs:[00000030h] 1_2_00433839
Program does not show much activity (idle)
Source: all processes Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 signatures2 2 Behavior Graph ID: 1545601 Sample: 17303071871f26ea74fbc7fbdc4... Startdate: 30/10/2024 Architecture: WINDOWS Score: 52 7 Multi AV Scanner detection for submitted file 2->7 9 Machine Learning detection for sample 2->9 5 17303071871f26ea74fbc7fbdc4bde644d7795ffd38ae1f7d401a33e5b7c207f8fb1a83f2f776.dat-decoded.exe 2->5         started        process3
No contacted IP infos