Windows Analysis Report
XMLFIDOI.EXE

Overview

General Information

Sample name:	XMLFIDOI.EXE
Analysis ID:	1431667
MD5:	9fbaadc77c382318fd02a8c13a6ea9fb
SHA1:	cbc5085be91a97cc6e250d27791671612112219f
SHA256:	01425c7bfc6c890e8c0040b1edc6cb2d30c2da2d0ab5867f86471003d4415a82

Detection

Score:	1
Range:	0 - 100
Whitelisted:	false
Confidence:	80%

Signatures

Program does not show much activity (idle)

Uses 32bit PE files

Classification

Signatures

Uses 32bit PE files

Source: XMLFIDOI.EXE

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, DEBUG_STRIPPED

Uses 32bit PE files

Source: XMLFIDOI.EXE

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, DEBUG_STRIPPED

Source: XMLFIDOI.EXE

Static PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE

Source: XMLFIDOI.EXE

Static PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE

Source: classification engine

Classification label: clean1.winEXE@2/0@0/0

Source: C:\Windows\System32\conhost.exe

Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7100:120:WilError_03

Source: C:\Users\user\Desktop\XMLFIDOI.EXE

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Source: unknown	Process created: C:\Users\user\Desktop\XMLFIDOI.EXE "C:\Users\user\Desktop\XMLFIDOI.EXE"
Source: C:\Users\user\Desktop\XMLFIDOI.EXE	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

Source: C:\Users\user\Desktop\XMLFIDOI.EXE	Section loaded: apphelp.dll
Source: C:\Users\user\Desktop\XMLFIDOI.EXE	Section loaded: oradbi.dll
Source: C:\Users\user\Desktop\XMLFIDOI.EXE	Section loaded: ace32.dll
Source: C:\Users\user\Desktop\XMLFIDOI.EXE	Section loaded: winui.dll
Source: C:\Users\user\Desktop\XMLFIDOI.EXE	Section loaded: statuscr.dll
Source: C:\Users\user\Desktop\XMLFIDOI.EXE	Section loaded: cvwseted.dll

Source: XMLFIDOI.EXE

Static file information: File size 1519616 > 1048576

Program does not show much activity (idle)

Source: all processes

Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected

Program does not show much activity (idle)

Source: all processes

Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected

Screenshots

Network Map

⊘No contacted IP infos

ID:	1431667
Product:	CloudBasic
Start time:	15:53:59
Start date:	25.04.2024
Sample:	XMLFIDOI.EXE
Cookbook:	defaultwindowsinteractivecookbook.jbs
System description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Architecture:	WINDOWS
MD5:	9fbaadc77c382318fd02a8c13a6ea9fb
SHA1:	cbc5085be91a97cc6e250d27791671612112219f
SHA256:	01425c7bfc6c890e8c0040b1edc6cb2d30c2da2d0ab5867f86471003d4415a82
Filetype:	Win32 Executable (generic) a (10002005/4) 97.55%

Windows Analysis Report
XMLFIDOI.EXE

Overview

General Information

Detection

Signatures

Classification

Signatures

Compliance

System Summary

Malware Analysis System Evasion

Anti Debugging

Screenshots

Network Map

Windows Analysis Report XMLFIDOI.EXE

Overview

General Information

Detection

Signatures

Classification

Signatures

Compliance

System Summary

Malware Analysis System Evasion

Anti Debugging

Screenshots

Network Map

Windows Analysis Report
XMLFIDOI.EXE