Windows Analysis Report
midyear_statement.exe

Overview

General Information

Sample name: midyear_statement.exe
Analysis ID: 1417020
MD5: ef19e2ec305d4ff526c21594f958bd44
SHA1: 42cbf54d4f5d02af0f67fe996e07a67b6d073148
SHA256: e20122b472fb07ec6dddd3a60ba1e1206802418bad07a591ab78176383d96846
Tags: exe

Detection

Score: 3
Range: 0 - 100
Whitelisted: false
Confidence: 100%

Signatures

Detected potential crypto function
Found potential string decryption / allocating functions
PE file does not import any functions
Program does not show much activity (idle)
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)

Classification

Uses 32bit PE files
Source: midyear_statement.exe Static PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI
Detected potential crypto function
Source: C:\Users\user\Desktop\midyear_statement.exe Code function: 0_2_00402140 0_2_00402140
Source: C:\Users\user\Desktop\midyear_statement.exe Code function: 0_2_00434AA0 0_2_00434AA0
Found potential string decryption / allocating functions
Source: C:\Users\user\Desktop\midyear_statement.exe Code function: String function: 004047FC appears 95 times
Source: C:\Users\user\Desktop\midyear_statement.exe Code function: String function: 004069EC appears 49 times
PE file does not import any functions
Source: midyear_statement.exe Static PE information: No import functions for PE file found
Uses 32bit PE files
Source: midyear_statement.exe Static PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI
Source: classification engine Classification label: clean3.winEXE@1/0@0/0
Source: midyear_statement.exe Static file information: File size 1265664 > 1048576
Uses code obfuscation techniques (call, push, ret)
Source: C:\Users\user\Desktop\midyear_statement.exe Code function: 0_2_0042E108 push 0042E134h; ret 0_2_0042E12C
Source: C:\Users\user\Desktop\midyear_statement.exe Code function: 0_2_0041A18C push ecx; mov dword ptr [esp], edx 0_2_0041A18E
Source: C:\Users\user\Desktop\midyear_statement.exe Code function: 0_2_0041122A push 004112A2h; ret 0_2_0041129A
Source: C:\Users\user\Desktop\midyear_statement.exe Code function: 0_2_0041122C push 004112A2h; ret 0_2_0041129A
Source: C:\Users\user\Desktop\midyear_statement.exe Code function: 0_2_0042D2E8 push 0042D32Bh; ret 0_2_0042D323
Source: C:\Users\user\Desktop\midyear_statement.exe Code function: 0_2_00426280 push 00426350h; ret 0_2_00426348
Source: C:\Users\user\Desktop\midyear_statement.exe Code function: 0_2_0041D3C8 push 0041D3F4h; ret 0_2_0041D3EC
Source: C:\Users\user\Desktop\midyear_statement.exe Code function: 0_2_00407384 push 004073C6h; ret 0_2_004073BE
Source: C:\Users\user\Desktop\midyear_statement.exe Code function: 0_2_0041354C push ecx; mov dword ptr [esp], edx 0_2_00413551
Source: C:\Users\user\Desktop\midyear_statement.exe Code function: 0_2_00403584 push eax; ret 0_2_004035C0
Source: C:\Users\user\Desktop\midyear_statement.exe Code function: 0_2_0042C598 push 0042C5D0h; ret 0_2_0042C5C8
Source: C:\Users\user\Desktop\midyear_statement.exe Code function: 0_2_00406666 push 004066C3h; ret 0_2_004066BB
Source: C:\Users\user\Desktop\midyear_statement.exe Code function: 0_2_00406668 push 004066C3h; ret 0_2_004066BB
Source: C:\Users\user\Desktop\midyear_statement.exe Code function: 0_2_0042D618 push 0042D644h; ret 0_2_0042D63C
Source: C:\Users\user\Desktop\midyear_statement.exe Code function: 0_2_00435620 push 0043568Bh; ret 0_2_00435683
Source: C:\Users\user\Desktop\midyear_statement.exe Code function: 0_2_0040D7DC push ecx; mov dword ptr [esp], edx 0_2_0040D7E1
Source: C:\Users\user\Desktop\midyear_statement.exe Code function: 0_2_004137A8 push ecx; mov dword ptr [esp], edx 0_2_004137AD
Source: C:\Users\user\Desktop\midyear_statement.exe Code function: 0_2_0041E854 push 0041E897h; ret 0_2_0041E88F
Source: C:\Users\user\Desktop\midyear_statement.exe Code function: 0_2_0041B85A push 0041B907h; ret 0_2_0041B8FF
Source: C:\Users\user\Desktop\midyear_statement.exe Code function: 0_2_0041B85C push 0041B907h; ret 0_2_0041B8FF
Source: C:\Users\user\Desktop\midyear_statement.exe Code function: 0_2_004138C8 push ecx; mov dword ptr [esp], edx 0_2_004138CD
Source: C:\Users\user\Desktop\midyear_statement.exe Code function: 0_2_0040E8E4 push 0040E910h; ret 0_2_0040E908
Source: C:\Users\user\Desktop\midyear_statement.exe Code function: 0_2_0041390C push ecx; mov dword ptr [esp], edx 0_2_00413911
Source: C:\Users\user\Desktop\midyear_statement.exe Code function: 0_2_0041AB24 push ecx; mov dword ptr [esp], edx 0_2_0041AB29
Source: C:\Users\user\Desktop\midyear_statement.exe Code function: 0_2_00411BDC push 00411C29h; ret 0_2_00411C21
Source: C:\Users\user\Desktop\midyear_statement.exe Code function: 0_2_0042EBBC push 0042EC08h; ret 0_2_0042EC00
Source: C:\Users\user\Desktop\midyear_statement.exe Code function: 0_2_0041CC44 push 0041CC82h; ret 0_2_0041CC7A
Source: C:\Users\user\Desktop\midyear_statement.exe Code function: 0_2_0042DC60 push 0042DCBAh; ret 0_2_0042DCB2
Source: C:\Users\user\Desktop\midyear_statement.exe Code function: 0_2_0040DCCC push 0040E122h; ret 0_2_0040E11A
Source: C:\Users\user\Desktop\midyear_statement.exe Code function: 0_2_0042DCBC push 0042DCF4h; ret 0_2_0042DCEC
Source: C:\Users\user\Desktop\midyear_statement.exe Code function: 0_2_00416D14 push ecx; mov dword ptr [esp], edx 0_2_00416D16
Program does not show much activity (idle)
Source: all processes Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected
Program does not show much activity (idle)
Source: all processes Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 process2 2 Behavior Graph ID: 1417020 Sample: midyear_statement.exe Startdate: 28/03/2024 Architecture: WINDOWS Score: 3 4 midyear_statement.exe 2->4         started       
No contacted IP infos