Windows Analysis Report
173698434687b8a1fabde34850fca22a1750c6b07d6f37b5459bc550949ffaad053c75e773402.dat-decoded.exe

Overview

General Information

Sample name: 173698434687b8a1fabde34850fca22a1750c6b07d6f37b5459bc550949ffaad053c75e773402.dat-decoded.exe
Analysis ID: 1592277
MD5: 042228f6c5f998df317c85c661c5c1e8
SHA1: b284cf8fcbdba6c6af9b9557bf901d58ccc7893b
SHA256: 2ee6058e3aec96510a4424a31cfc021ed08c7bbe16a78c4ff07c087c8a65acd0
Tags: base64-decodedexeuser-abuse_ch
Errors
  • No process behavior to analyse as no analysis process or sample was found
  • Corrupt sample or wrongly selected analyzer. Details: %1 is not a valid Win32 application.

Detection

Score: 48
Range: 0 - 100
Whitelisted: false
Confidence: 100%

Signatures

Machine Learning detection for sample
PE file has a writeable .text section
PE file contains sections with non-standard names
PE file does not import any functions
Uses 32bit PE files

Classification

AV Detection
barindex
Machine Learning detection for sample
Source: 173698434687b8a1fabde34850fca22a1750c6b07d6f37b5459bc550949ffaad053c75e773402.dat-decoded.exe Joe Sandbox ML: detected
Uses 32bit PE files
Source: 173698434687b8a1fabde34850fca22a1750c6b07d6f37b5459bc550949ffaad053c75e773402.dat-decoded.exe Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
Source: 173698434687b8a1fabde34850fca22a1750c6b07d6f37b5459bc550949ffaad053c75e773402.dat-decoded.exe String found in binary or memory: https://steamcommunity.com/profiles/76561199817305251
Source: 173698434687b8a1fabde34850fca22a1750c6b07d6f37b5459bc550949ffaad053c75e773402.dat-decoded.exe String found in binary or memory: https://steamcommunity.com/profiles/76561199817305251fc0stnMozilla/5.0
Source: 173698434687b8a1fabde34850fca22a1750c6b07d6f37b5459bc550949ffaad053c75e773402.dat-decoded.exe String found in binary or memory: https://t.me/w0ctzn
Source: 173698434687b8a1fabde34850fca22a1750c6b07d6f37b5459bc550949ffaad053c75e773402.dat-decoded.exe String found in binary or memory: https://t.me/w0ctznfc0stnMozilla/5.0

System Summary
barindex
PE file has a writeable .text section
Source: 173698434687b8a1fabde34850fca22a1750c6b07d6f37b5459bc550949ffaad053c75e773402.dat-decoded.exe Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
PE file does not import any functions
Source: 173698434687b8a1fabde34850fca22a1750c6b07d6f37b5459bc550949ffaad053c75e773402.dat-decoded.exe Static PE information: No import functions for PE file found
Uses 32bit PE files
Source: 173698434687b8a1fabde34850fca22a1750c6b07d6f37b5459bc550949ffaad053c75e773402.dat-decoded.exe Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
Source: 173698434687b8a1fabde34850fca22a1750c6b07d6f37b5459bc550949ffaad053c75e773402.dat-decoded.exe Static PE information: Section: .00cfg ZLIB complexity 1.015625
Source: classification engine Classification label: mal48.winEXE@0/0@0/0
Source: 173698434687b8a1fabde34850fca22a1750c6b07d6f37b5459bc550949ffaad053c75e773402.dat-decoded.exe Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: 173698434687b8a1fabde34850fca22a1750c6b07d6f37b5459bc550949ffaad053c75e773402.dat-decoded.exe Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: 173698434687b8a1fabde34850fca22a1750c6b07d6f37b5459bc550949ffaad053c75e773402.dat-decoded.exe Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: 173698434687b8a1fabde34850fca22a1750c6b07d6f37b5459bc550949ffaad053c75e773402.dat-decoded.exe Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: 173698434687b8a1fabde34850fca22a1750c6b07d6f37b5459bc550949ffaad053c75e773402.dat-decoded.exe Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: 173698434687b8a1fabde34850fca22a1750c6b07d6f37b5459bc550949ffaad053c75e773402.dat-decoded.exe Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
PE file contains sections with non-standard names
Source: 173698434687b8a1fabde34850fca22a1750c6b07d6f37b5459bc550949ffaad053c75e773402.dat-decoded.exe Static PE information: section name: .00cfg
Source: 173698434687b8a1fabde34850fca22a1750c6b07d6f37b5459bc550949ffaad053c75e773402.dat-decoded.exe Static PE information: section name: .text entropy: 6.847674913217407
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 signatures2 2 Behavior Graph ID: 1592277 Sample: 173698434687b8a1fabde34850f... Startdate: 16/01/2025 Architecture: WINDOWS Score: 48 5 Machine Learning detection for sample 2->5 7 PE file has a writeable .text section 2->7
No contacted IP infos