Windows Analysis Report
yKqu705HJC.exe

Overview

General Information

Sample name:	yKqu705HJC.exe renamed because original name is a hash value
Original sample name:	fa43437c345eb2d0c3e189d443f07919.exe
Analysis ID:	1417253
MD5:	fa43437c345eb2d0c3e189d443f07919
SHA1:	9effbddc99214b0ab224e577e96cef689b56b9ff
SHA256:	0d4b2c5e5daed5efdfa39ae8c49ced527cecfb4c10fb45142bd23259457cef52
Tags:	exe

Errors No process behavior to analyse as no analysis process or sample was found Corrupt sample or wrongly selected analyzer. Details: %1 is not a valid Win32 application.

Detection

Score:	2
Range:	0 - 100
Whitelisted:	false
Confidence:	80%

Signatures

PE file contains an invalid checksum

PE file contains more sections than normal

PE file contains sections with non-standard names

PE file does not import any functions

PE file overlay found

Classification

Signatures

Source: yKqu705HJC.exe

Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE

PE file contains more sections than normal

Source: yKqu705HJC.exe

Static PE information: Number of sections : 12 > 10

PE file does not import any functions

Source: yKqu705HJC.exe

Static PE information: No import functions for PE file found

PE file overlay found

Source: yKqu705HJC.exe

Static PE information: Data appended to the last section found

Source: classification engine

Classification label: unknown2.winEXE@0/0@0/0

Source: yKqu705HJC.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_8BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_2048BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: yKqu705HJC.exe

Static PE information: Virtual size of .text is bigger than: 0x100000

Source: yKqu705HJC.exe

Static PE information: Image base 0x140000000 > 0x60000000

Source: yKqu705HJC.exe

Static file information: File size 5904953 > 1048576

Source: yKqu705HJC.exe	Static PE information: Raw size of .text is bigger than: 0x100000 < 0x526600
Source: yKqu705HJC.exe	Static PE information: Raw size of .rdata is bigger than: 0x100000 < 0x5e6c00

Source: yKqu705HJC.exe

Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE

PE file contains an invalid checksum

Source: yKqu705HJC.exe

Static PE information: real checksum: 0xbd8f49 should be: 0x5a3137

PE file contains sections with non-standard names

Source: yKqu705HJC.exe

Static PE information: section name: .xdata

Screenshots

Behavior Graph

No Behavior Graph

Network Map

⊘No contacted IP infos

ID:	1417253
Product:	CloudBasic
Start time:	20:13:16
Start date:	28.03.2024
Sample:	yKqu705HJC.exe
Cookbook:	default.jbs
System description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Architecture:	WINDOWS
MD5:	fa43437c345eb2d0c3e189d443f07919
SHA1:	9effbddc99214b0ab224e577e96cef689b56b9ff
SHA256:	0d4b2c5e5daed5efdfa39ae8c49ced527cecfb4c10fb45142bd23259457cef52
Filetype:	Win64 Executable (generic) (12005/4) 74.95%

Windows Analysis Report
yKqu705HJC.exe

Overview

General Information

Detection

Signatures

Classification

Signatures

Compliance

System Summary

Data Obfuscation

Screenshots

Behavior Graph

Network Map

Windows Analysis Report yKqu705HJC.exe

Overview

General Information

Detection

Signatures

Classification

Signatures

Compliance

System Summary

Data Obfuscation

Screenshots

Behavior Graph

Network Map

Windows Analysis Report
yKqu705HJC.exe