Windows Analysis Report
ZOquwQZvoa.exe

Overview

General Information

Sample name: ZOquwQZvoa.exe
renamed because original name is a hash value
Original sample name: ca4c78e5b146a4eddfcde39610ff1943.exe
Analysis ID: 1432079
MD5: ca4c78e5b146a4eddfcde39610ff1943
SHA1: 9ac38a6f5a9e77b724f4df58ad54ac5d90183e15
SHA256: 1c3448b78546786cd23b0642700e6c05b49c786f1bbf2f14c60cfff2b378736f
Tags: 32exeStealc
Errors
  • Unable to connect to analysis machine: w10x64, esxi07-W10x64_Office_01, timeout exceeded, no analysis of the sample was performed
  • No process behavior to analyse as no analysis process or sample was found

Detection

Score: 60
Range: 0 - 100
Whitelisted: false
Confidence: 100%

Signatures

Antivirus / Scanner detection for submitted sample
Multi AV Scanner detection for submitted file
Machine Learning detection for sample
Sample file is different than original file name gathered from version info
Uses 32bit PE files

Classification

AV Detection
barindex
Antivirus / Scanner detection for submitted sample
Source: ZOquwQZvoa.exe Avira: detected
Multi AV Scanner detection for submitted file
Source: ZOquwQZvoa.exe Virustotal: Detection: 41% Perma Link
Machine Learning detection for sample
Source: ZOquwQZvoa.exe Joe Sandbox ML: detected
Uses 32bit PE files
Source: ZOquwQZvoa.exe Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
Source: Binary string: C:\jozavuro\xorodilixit\54 m.pdb source: ZOquwQZvoa.exe
Source: Binary string: -C:\jozavuro\xorodilixit\54 m.pdb source: ZOquwQZvoa.exe
Sample file is different than original file name gathered from version info
Source: ZOquwQZvoa.exe Binary or memory string: OriginalFilenameFirezer( vs ZOquwQZvoa.exe
Uses 32bit PE files
Source: ZOquwQZvoa.exe Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
Source: classification engine Classification label: mal60.winEXE@0/0@0/0
Source: ZOquwQZvoa.exe Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: ZOquwQZvoa.exe Virustotal: Detection: 41%
Source: ZOquwQZvoa.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: ZOquwQZvoa.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: ZOquwQZvoa.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: ZOquwQZvoa.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: ZOquwQZvoa.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: ZOquwQZvoa.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
Source: ZOquwQZvoa.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: Binary string: C:\jozavuro\xorodilixit\54 m.pdb source: ZOquwQZvoa.exe
Source: Binary string: -C:\jozavuro\xorodilixit\54 m.pdb source: ZOquwQZvoa.exe
Source: ZOquwQZvoa.exe Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: ZOquwQZvoa.exe Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: ZOquwQZvoa.exe Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: ZOquwQZvoa.exe Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: ZOquwQZvoa.exe Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata

No Screenshots

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 signatures2 2 Behavior Graph ID: 1432079 Sample: ZOquwQZvoa.exe Startdate: 26/04/2024 Architecture: WINDOWS Score: 60 5 Antivirus / Scanner detection for submitted sample 2->5 7 Multi AV Scanner detection for submitted file 2->7 9 Machine Learning detection for sample 2->9
No contacted IP infos