Windows Analysis Report
173238282790479067ea9bbb533813dfef95607885361c852c26c6eaac02fc531c49222f57242.dat-decoded.exe

Overview

General Information

Sample name: 173238282790479067ea9bbb533813dfef95607885361c852c26c6eaac02fc531c49222f57242.dat-decoded.exe
Analysis ID: 1561551
MD5: 5ae918ed583750c1e3758db651c831ce
SHA1: 16b337326d94cca298906a3da4135cd4b795d532
SHA256: e9ae00d925527986f612ce92a88ae3364395d95bb99f08eb2534c4132054fc60
Tags: base64-decodedexeuser-abuse_ch
Errors
  • No process behavior to analyse as no analysis process or sample was found
  • Corrupt sample or wrongly selected analyzer. Details: %1 is not a valid Win32 application.

Detection

Score: 21
Range: 0 - 100
Whitelisted: false
Confidence: 80%

Signatures

Machine Learning detection for sample
PE file does not import any functions
PE file overlay found
Uses 32bit PE files

Classification

AV Detection
barindex
Machine Learning detection for sample
Source: 173238282790479067ea9bbb533813dfef95607885361c852c26c6eaac02fc531c49222f57242.dat-decoded.exe Joe Sandbox ML: detected
Uses 32bit PE files
Source: 173238282790479067ea9bbb533813dfef95607885361c852c26c6eaac02fc531c49222f57242.dat-decoded.exe Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
Source: 173238282790479067ea9bbb533813dfef95607885361c852c26c6eaac02fc531c49222f57242.dat-decoded.exe Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
PE file does not import any functions
Source: 173238282790479067ea9bbb533813dfef95607885361c852c26c6eaac02fc531c49222f57242.dat-decoded.exe Static PE information: No import functions for PE file found
PE file overlay found
Source: 173238282790479067ea9bbb533813dfef95607885361c852c26c6eaac02fc531c49222f57242.dat-decoded.exe Static PE information: Data appended to the last section found
Uses 32bit PE files
Source: 173238282790479067ea9bbb533813dfef95607885361c852c26c6eaac02fc531c49222f57242.dat-decoded.exe Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
Source: classification engine Classification label: sus21.winEXE@0/0@0/0
Source: 173238282790479067ea9bbb533813dfef95607885361c852c26c6eaac02fc531c49222f57242.dat-decoded.exe Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: 173238282790479067ea9bbb533813dfef95607885361c852c26c6eaac02fc531c49222f57242.dat-decoded.exe Static PE information: Raw size of .reloc is bigger than: 0x100000 < 0x3a810300
Source: 173238282790479067ea9bbb533813dfef95607885361c852c26c6eaac02fc531c49222f57242.dat-decoded.exe Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

No Screenshots

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 signatures2 2 Behavior Graph ID: 1561551 Sample: 173238282790479067ea9bbb533... Startdate: 23/11/2024 Architecture: WINDOWS Score: 21 5 Machine Learning detection for sample 2->5
No contacted IP infos