Windows Analysis Report
SecuriteInfo.com.Riskware.00584baa1.29365.29466.exe

Overview

General Information

Sample name: SecuriteInfo.com.Riskware.00584baa1.29365.29466.exe
Analysis ID: 1429057
MD5: a4d73bcee78a6720b9fe2813ef126b86
SHA1: 2ad6ca33477b812b1da88cb8882ef72dc6162033
SHA256: 6c297636f162ba3bc73f683b832374461bd1b367470b9dfe2c50647fbf3c7e0f
Tags: exe
Errors
  • No process behavior to analyse as no analysis process or sample was found
  • Corrupt sample or wrongly selected analyzer. Details: %1 is not a valid Win32 application.

Detection

Score: 21
Range: 0 - 100
Whitelisted: false
Confidence: 80%

Signatures

Machine Learning detection for sample
Binary contains a suspicious time stamp
PE file overlay found

Classification

AV Detection
barindex
Machine Learning detection for sample
Source: SecuriteInfo.com.Riskware.00584baa1.29365.29466.exe Joe Sandbox ML: detected
Source: SecuriteInfo.com.Riskware.00584baa1.29365.29466.exe Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Source: Binary string: J:\WINTECH\WinInvoice_SignerDownload\WinInvoice_SignerDownload\obj\Debug\WinInvoice_SignerDownload.pdbw source: SecuriteInfo.com.Riskware.00584baa1.29365.29466.exe
Source: Binary string: J:\WINTECH\WinInvoice_SignerDownload\WinInvoice_SignerDownload\obj\Debug\WinInvoice_SignerDownload.pdb source: SecuriteInfo.com.Riskware.00584baa1.29365.29466.exe
Source: SecuriteInfo.com.Riskware.00584baa1.29365.29466.exe String found in binary or memory: https://download.wininvoice.vn/source/WinSignature%20Setup.exe?uid=c2e94d36fc0c3cb9b419c38eb9970b2b-
PE file overlay found
Source: SecuriteInfo.com.Riskware.00584baa1.29365.29466.exe Static PE information: Data appended to the last section found
Source: classification engine Classification label: sus21.winEXE@0/0@0/0
Source: SecuriteInfo.com.Riskware.00584baa1.29365.29466.exe Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: SecuriteInfo.com.Riskware.00584baa1.29365.29466.exe Static file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.83%
Source: SecuriteInfo.com.Riskware.00584baa1.29365.29466.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
Source: SecuriteInfo.com.Riskware.00584baa1.29365.29466.exe Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Source: SecuriteInfo.com.Riskware.00584baa1.29365.29466.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: Binary string: J:\WINTECH\WinInvoice_SignerDownload\WinInvoice_SignerDownload\obj\Debug\WinInvoice_SignerDownload.pdbw source: SecuriteInfo.com.Riskware.00584baa1.29365.29466.exe
Source: Binary string: J:\WINTECH\WinInvoice_SignerDownload\WinInvoice_SignerDownload\obj\Debug\WinInvoice_SignerDownload.pdb source: SecuriteInfo.com.Riskware.00584baa1.29365.29466.exe
Binary contains a suspicious time stamp
Source: SecuriteInfo.com.Riskware.00584baa1.29365.29466.exe Static PE information: 0xA38ABFCF [Mon Dec 11 16:54:39 2056 UTC]

No Screenshots

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 signatures2 2 Behavior Graph ID: 1429057 Sample: SecuriteInfo.com.Riskware.0... Startdate: 20/04/2024 Architecture: WINDOWS Score: 21 5 Machine Learning detection for sample 2->5
No contacted IP infos