Windows Analysis Report
compiler.exe

Overview

General Information

Sample name: compiler.exe
Analysis ID: 1428661
MD5: dd98a43cb27efd5bcc29efb23fdd6ca5
SHA1: 38f621f3f0df5764938015b56ecfa54948dde8f5
SHA256: 1cf20b8449ea84c684822a5e8ab3672213072db8267061537d1ce4ec2c30c42a
Infos:

Detection

Score: 1
Range: 0 - 100
Whitelisted: false
Confidence: 80%

Signatures

Program does not show much activity (idle)
Sample execution stops while process was sleeping (likely an evasion)
Uses 32bit PE files

Classification

Uses 32bit PE files
Source: compiler.exe Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
Source: compiler.exe Static PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Source: compiler.exe String found in binary or memory: http://luajit.org/
Uses 32bit PE files
Source: compiler.exe Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
Source: classification engine Classification label: clean1.winEXE@2/0@0/0
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6752:120:WilError_03
Source: compiler.exe Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Desktop\compiler.exe Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers Jump to behavior
Source: unknown Process created: C:\Users\user\Desktop\compiler.exe "C:\Users\user\Desktop\compiler.exe"
Source: C:\Users\user\Desktop\compiler.exe Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\compiler.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Users\user\Desktop\compiler.exe Section loaded: lua51.dll Jump to behavior
Source: compiler.exe Static PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Source: compiler.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Program does not show much activity (idle)
Source: all processes Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected
Sample execution stops while process was sleeping (likely an evasion)
Source: C:\Windows\System32\conhost.exe Last function: Thread delayed
Program does not show much activity (idle)
Source: all processes Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 process2 2 Behavior Graph ID: 1428661 Sample: compiler.exe Startdate: 19/04/2024 Architecture: WINDOWS Score: 1 5 compiler.exe 1 2->5         started        process3 7 conhost.exe 5->7         started       
No contacted IP infos