Windows Analysis Report
a7L79MRSDX.exe

Overview

General Information

Sample name: a7L79MRSDX.exe
renamed because original name is a hash value
Original sample name: a9b0c24d41e753b3933a42ddb331678e.exe
Analysis ID: 1417237
MD5: a9b0c24d41e753b3933a42ddb331678e
SHA1: 7be3b45cbb0fc93d249b51eef8d898f9349253be
SHA256: e2e6b7f0b568d699d50c8f4cc9423d0078822026f5e33f155334b3ddc8d65988
Tags: exe
Errors
  • No process behavior to analyse as no analysis process or sample was found
  • Corrupt sample or wrongly selected analyzer. Details: %1 is not a valid Win32 application.

Detection

Score: 52
Range: 0 - 100
Whitelisted: false
Confidence: 100%

Signatures

Multi AV Scanner detection for submitted file
Machine Learning detection for sample
PE file contains an invalid checksum
PE file overlay found
Uses 32bit PE files

Classification

AV Detection
barindex
Multi AV Scanner detection for submitted file
Source: a7L79MRSDX.exe ReversingLabs: Detection: 52%
Machine Learning detection for sample
Source: a7L79MRSDX.exe Joe Sandbox ML: detected
Uses 32bit PE files
Source: a7L79MRSDX.exe Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE
Source: Binary string: C:\vof_38\kuko falaribeme\2\jowatofis\sixilakel\bopubumavo mera.pdb source: a7L79MRSDX.exe
Source: Binary string: C:\vof_38\kuko falaribeme\2\jowatofis\sixilakel\bopubumavo mera.pdb source: a7L79MRSDX.exe
PE file overlay found
Source: a7L79MRSDX.exe Static PE information: Data appended to the last section found
Uses 32bit PE files
Source: a7L79MRSDX.exe Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE
Source: classification engine Classification label: mal52.winEXE@0/0@0/0
Source: a7L79MRSDX.exe Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: a7L79MRSDX.exe ReversingLabs: Detection: 52%
Source: a7L79MRSDX.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: Binary string: C:\vof_38\kuko falaribeme\2\jowatofis\sixilakel\bopubumavo mera.pdb source: a7L79MRSDX.exe
Source: Binary string: C:\vof_38\kuko falaribeme\2\jowatofis\sixilakel\bopubumavo mera.pdb source: a7L79MRSDX.exe
PE file contains an invalid checksum
Source: a7L79MRSDX.exe Static PE information: real checksum: 0x5af94 should be: 0x47e1e
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 signatures2 2 Behavior Graph ID: 1417237 Sample: a7L79MRSDX.exe Startdate: 28/03/2024 Architecture: WINDOWS Score: 52 5 Multi AV Scanner detection for submitted file 2->5 7 Machine Learning detection for sample 2->7
No contacted IP infos