Windows Analysis Report
AFC6232A.exe

Overview

General Information

Sample name: AFC6232A.exe
(renamed file extension from old to exe)
Original sample name: AFC6232A.old
Analysis ID: 1411150
MD5: 6eebfd84787b70079b60a916ec10b3bc
SHA1: 9a6ccda7da8f2e37e66b1e946261b25559558117
SHA256: 0440a21981dbde1afe56c9abcff162a32fa6fe3179bc58ba7f0b44bc8f6406b1
Errors
  • No process behavior to analyse as no analysis process or sample was found
  • Corrupt sample or wrongly selected analyzer. Details: %1 is not a valid Win32 application.

Detection

Score: 1
Range: 0 - 100
Whitelisted: false
Confidence: 80%

Signatures

PE file contains an invalid checksum
PE file overlay found
Uses 32bit PE files

Classification

Uses 32bit PE files
Source: AFC6232A.exe Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE
PE file overlay found
Source: AFC6232A.exe Static PE information: Data appended to the last section found
Uses 32bit PE files
Source: AFC6232A.exe Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE
Source: classification engine Classification label: unknown1.winEXE@0/0@0/0
Source: AFC6232A.exe Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: AFC6232A.exe Static PE information: Virtual size of .text is bigger than: 0x100000
Source: AFC6232A.exe Static file information: File size 4227064 > 1048576
Source: AFC6232A.exe Static PE information: Raw size of .text is bigger than: 0x100000 < 0x2c6200
Source: AFC6232A.exe Static PE information: Raw size of .rsrc is bigger than: 0x100000 < 0x384000
Source: AFC6232A.exe Static PE information: More than 200 imports for KERNEL32.dll
Source: AFC6232A.exe Static PE information: More than 200 imports for USER32.dll
Source: AFC6232A.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
PE file contains an invalid checksum
Source: AFC6232A.exe Static PE information: real checksum: 0x6f4c18 should be: 0x409731
windows-stand

No Behavior Graph

No contacted IP infos