Windows Analysis Report
SecuriteInfo.com.Riskware.00584baa1.19456.6684.exe

Overview

General Information

Sample name: SecuriteInfo.com.Riskware.00584baa1.19456.6684.exe
Analysis ID: 1429060
MD5: f70ea3e3ab37bd563f0af05b2c7ff141
SHA1: bcc4a728fb036c8b9b85f92d7053e5e01376b5d7
SHA256: ef74f6ab71ef01a876c621a62c2337a6d7784b147b0a88d413b3f9ec4d81e9e2
Tags: exe
Errors
  • No process behavior to analyse as no analysis process or sample was found
  • Corrupt sample or wrongly selected analyzer. Details: %1 is not a valid Win32 application.

Detection

Score: 52
Range: 0 - 100
Whitelisted: false
Confidence: 100%

Signatures

Multi AV Scanner detection for submitted file
Machine Learning detection for sample
Binary contains a suspicious time stamp
PE file overlay found

Classification

AV Detection
barindex
Multi AV Scanner detection for submitted file
Source: SecuriteInfo.com.Riskware.00584baa1.19456.6684.exe Virustotal: Detection: 12% Perma Link
Machine Learning detection for sample
Source: SecuriteInfo.com.Riskware.00584baa1.19456.6684.exe Joe Sandbox ML: detected
Source: SecuriteInfo.com.Riskware.00584baa1.19456.6684.exe Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Source: Binary string: J:\WINTECH\WinInvoice_SignerDownload\WinInvoice_SignerDownload\obj\Debug\WinInvoice_SignerDownload.pdbw source: SecuriteInfo.com.Riskware.00584baa1.19456.6684.exe
Source: Binary string: J:\WINTECH\WinInvoice_SignerDownload\WinInvoice_SignerDownload\obj\Debug\WinInvoice_SignerDownload.pdb source: SecuriteInfo.com.Riskware.00584baa1.19456.6684.exe
Source: SecuriteInfo.com.Riskware.00584baa1.19456.6684.exe String found in binary or memory: https://download.wininvoice.vn/source/WinSignature%20Setup.exe?uid=c2e94d36fc0c3cb9b419c38eb9970b2b-
PE file overlay found
Source: SecuriteInfo.com.Riskware.00584baa1.19456.6684.exe Static PE information: Data appended to the last section found
Source: classification engine Classification label: mal52.winEXE@0/0@0/0
Source: SecuriteInfo.com.Riskware.00584baa1.19456.6684.exe Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: SecuriteInfo.com.Riskware.00584baa1.19456.6684.exe Static file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.83%
Source: SecuriteInfo.com.Riskware.00584baa1.19456.6684.exe Virustotal: Detection: 12%
Source: SecuriteInfo.com.Riskware.00584baa1.19456.6684.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
Source: SecuriteInfo.com.Riskware.00584baa1.19456.6684.exe Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Source: SecuriteInfo.com.Riskware.00584baa1.19456.6684.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: Binary string: J:\WINTECH\WinInvoice_SignerDownload\WinInvoice_SignerDownload\obj\Debug\WinInvoice_SignerDownload.pdbw source: SecuriteInfo.com.Riskware.00584baa1.19456.6684.exe
Source: Binary string: J:\WINTECH\WinInvoice_SignerDownload\WinInvoice_SignerDownload\obj\Debug\WinInvoice_SignerDownload.pdb source: SecuriteInfo.com.Riskware.00584baa1.19456.6684.exe
Binary contains a suspicious time stamp
Source: SecuriteInfo.com.Riskware.00584baa1.19456.6684.exe Static PE information: 0xA38ABFCF [Mon Dec 11 16:54:39 2056 UTC]
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 signatures2 2 Behavior Graph ID: 1429060 Sample: SecuriteInfo.com.Riskware.0... Startdate: 20/04/2024 Architecture: WINDOWS Score: 52 5 Multi AV Scanner detection for submitted file 2->5 7 Machine Learning detection for sample 2->7
No contacted IP infos