Windows Analysis Report
file.exe

Overview

General Information

Sample name: file.exe
Analysis ID: 1562127
MD5: 88d3b1255894e7039c67b2272b3386df
SHA1: 84fd4519dbb0270ca681451ca7092b8e803677bf
SHA256: ec85e681b765cf685363a2aa3a5b8a86837d0d8923d2ecba7b35e67d74b29265
Tags: exeuser-Bitsight
Errors
  • Script error: Line 6118 (File "C:\Program Files (x86)\AutoIt3\Include\analysishelper.au3"): if StringLower(StringRight($path, 4)) == ".htm" or StringLower(StringRight($path, 5)) == ".html" or String
  • No process behavior to analyse as no analysis process or sample was found

Detection

Score: 60
Range: 0 - 100
Whitelisted: false
Confidence: 100%

Signatures

Antivirus / Scanner detection for submitted sample
AI detected suspicious sample
Machine Learning detection for sample
PE file contains section with special chars
Entry point lies outside standard sections
PE file contains an invalid checksum
PE file contains sections with non-standard names
Uses 32bit PE files

Classification

AV Detection
barindex
Antivirus / Scanner detection for submitted sample
Source: file.exe Avira: detected
AI detected suspicious sample
Source: Submited Sample Integrated Neural Analysis Model: Matched 91.4% probability
Machine Learning detection for sample
Source: file.exe Joe Sandbox ML: detected
Uses 32bit PE files
Source: file.exe Static PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, DEBUG_STRIPPED

System Summary
barindex
PE file contains section with special chars
Source: file.exe Static PE information: section name:
Source: file.exe Static PE information: section name: .rsrc
Source: file.exe Static PE information: section name: .idata
Source: file.exe Static PE information: section name:
Uses 32bit PE files
Source: file.exe Static PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, DEBUG_STRIPPED
Source: file.exe Static PE information: Section: ejlawuej ZLIB complexity 0.9944815401977644
Source: classification engine Classification label: mal60.winEXE@0/0@0/0
Source: file.exe Static file information: File size 4387840 > 1048576
Source: file.exe Static PE information: Raw size of is bigger than: 0x100000 < 0x277800
Source: file.exe Static PE information: Raw size of ejlawuej is bigger than: 0x100000 < 0x1b4200
Entry point lies outside standard sections
Source: initial sample Static PE information: section where entry point is pointing to: .taggant
PE file contains an invalid checksum
Source: file.exe Static PE information: real checksum: 0x42f871 should be: 0x43e712
PE file contains sections with non-standard names
Source: file.exe Static PE information: section name:
Source: file.exe Static PE information: section name: .rsrc
Source: file.exe Static PE information: section name: .idata
Source: file.exe Static PE information: section name:
Source: file.exe Static PE information: section name: ejlawuej
Source: file.exe Static PE information: section name: htlmblyt
Source: file.exe Static PE information: section name: .taggant
Source: file.exe Static PE information: section name: ejlawuej entropy: 7.955606138032404

No Screenshots

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 signatures2 2 Behavior Graph ID: 1562127 Sample: file.exe Startdate: 25/11/2024 Architecture: WINDOWS Score: 60 5 Antivirus / Scanner detection for submitted sample 2->5 7 Machine Learning detection for sample 2->7 9 PE file contains section with special chars 2->9 11 AI detected suspicious sample 2->11
No contacted IP infos