Windows Analysis Report
file.exe

Overview

General Information

Sample name: file.exe
Analysis ID: 1562632
MD5: fd47e73e173b27efaeed9bdcdb622446
SHA1: 9963791082711e8edf68cbfb2d20628aea1bc475
SHA256: 410c108b1b1745d73571864be7b61a8a14af293b2bd302dc4dfa750980000395
Tags: exeuser-Bitsight
Errors
  • No process behavior to analyse as no analysis process or sample was found
  • Corrupt sample or wrongly selected analyzer. Details: %1 is not a valid Win32 application.

Detection

Score: 52
Range: 0 - 100
Whitelisted: false
Confidence: 100%

Signatures

AI detected suspicious sample
Machine Learning detection for sample
PE file contains section with special chars
Entry point lies outside standard sections
PE file contains an invalid checksum
PE file contains sections with non-standard names
PE file overlay found
Sample file is different than original file name gathered from version info

Classification

AV Detection
barindex
AI detected suspicious sample
Source: Submited Sample Integrated Neural Analysis Model: Matched 91.8% probability
Machine Learning detection for sample
Source: file.exe Joe Sandbox ML: detected

System Summary
barindex
PE file contains section with special chars
Source: file.exe Static PE information: section name:
Source: file.exe Static PE information: section name: .idata
PE file overlay found
Source: file.exe Static PE information: Data appended to the last section found
Sample file is different than original file name gathered from version info
Source: file.exe Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: classification engine Classification label: mal52.winEXE@0/0@0/0
Source: file.exe Static PE information: Raw size of vjgkzpwi is bigger than: 0x100000 < 0x2afc00
Entry point lies outside standard sections
Source: initial sample Static PE information: section where entry point is pointing to: .taggant
PE file contains an invalid checksum
Source: file.exe Static PE information: real checksum: 0x2b7061 should be: 0xf4457
PE file contains sections with non-standard names
Source: file.exe Static PE information: section name:
Source: file.exe Static PE information: section name: .idata
Source: file.exe Static PE information: section name: vjgkzpwi
Source: file.exe Static PE information: section name: wlhxnahg
Source: file.exe Static PE information: section name: .taggant
Source: file.exe Static PE information: section name: entropy: 7.767750290282393
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 signatures2 2 Behavior Graph ID: 1562632 Sample: file.exe Startdate: 25/11/2024 Architecture: WINDOWS Score: 52 5 Machine Learning detection for sample 2->5 7 PE file contains section with special chars 2->7 9 AI detected suspicious sample 2->9
No contacted IP infos