Windows Analysis Report
NSudo.exe

Overview

General Information

Sample name: NSudo.exe
Analysis ID: 1562125
MD5: 5cae01aea8ed390ce9bec17b6c1237e4
SHA1: 3a80a49efaac5d839400e4fb8f803243fb39a513
SHA256: 19896a23d7b054625c2f6b1ee1551a0da68ad25cddbb24510a3b74578418e618
Errors
  • Script error: Line 6118 (File "C:\Program Files (x86)\AutoIt3\Include\analysishelper.au3"): if StringLower(StringRight($path, 4)) == ".htm" or StringLower(StringRight($path, 5)) == ".html" or String
  • No process behavior to analyse as no analysis process or sample was found

Detection

Score: 48
Range: 0 - 100
Whitelisted: false
Confidence: 100%

Signatures

Multi AV Scanner detection for submitted file

Classification

AV Detection
barindex
Multi AV Scanner detection for submitted file
Source: NSudo.exe ReversingLabs: Detection: 52%
Source: NSudo.exe Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Source: Binary string: E:\Projects\NSudo\Output\Release\x64\NSudo.pdbSS source: NSudo.exe
Source: Binary string: E:\Projects\NSudo\Output\Release\x64\NSudo.pdb source: NSudo.exe
Source: NSudo.exe String found in binary or memory: https://forums.mydigitallife.net/threads/59268/
Source: NSudo.exe String found in binary or memory: https://github.com/M2Team/NSudo
Source: classification engine Classification label: mal48.winEXE@0/0@0/0
Source: NSudo.exe Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: NSudo.exe ReversingLabs: Detection: 52%
Source: NSudo.exe String found in binary or memory: -Help
Source: NSudo.exe String found in binary or memory: -Install
Source: NSudo.exe String found in binary or memory: -Help Show this content.
Source: NSudo.exe String found in binary or memory: -Install Copy NSudo to the Windows directory and add the context menu.
Source: NSudo.exe String found in binary or memory: -Help Affiche l'aide.
Source: NSudo.exe String found in binary or memory: -Install Copie NSudo dans le r
Source: NSudo.exe Static PE information: Image base 0x140000000 > 0x60000000
Source: NSudo.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: NSudo.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: NSudo.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: NSudo.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: NSudo.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: NSudo.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
Source: NSudo.exe Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Source: NSudo.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: Binary string: E:\Projects\NSudo\Output\Release\x64\NSudo.pdbSS source: NSudo.exe
Source: Binary string: E:\Projects\NSudo\Output\Release\x64\NSudo.pdb source: NSudo.exe
Source: NSudo.exe Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: NSudo.exe Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: NSudo.exe Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: NSudo.exe Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: NSudo.exe Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata

No Screenshots

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 signatures2 2 Behavior Graph ID: 1562125 Sample: NSudo.exe Startdate: 25/11/2024 Architecture: WINDOWS Score: 48 5 Multi AV Scanner detection for submitted file 2->5
No contacted IP infos