Windows Analysis Report
Odcinek wyp#U0142aty_0.2.3.4._795.xlsx.exe

Overview

General Information

Sample name: Odcinek wyp#U0142aty_0.2.3.4._795.xlsx.exe
renamed because original name is a hash value
Original sample name: Odcinek wypaty_0.2.3.4._795.xlsx.exe
Analysis ID: 1432082
MD5: 15e68670447dd65b34ff7affab74fe70
SHA1: 517979db65d2152552f65e9544c502a54c3031e3
SHA256: cd64dff47ed47daec98a2083274c717139ce76776f3f8c6e33b969c6d145a6cb
Errors
  • Unable to connect to analysis machine: w10x64, esxi07-W10x64_Office_01, timeout exceeded, no analysis of the sample was performed
  • No process behavior to analyse as no analysis process or sample was found

Detection

Score: 52
Range: 0 - 100
Whitelisted: false
Confidence: 100%

Signatures

Multi AV Scanner detection for submitted file
Machine Learning detection for sample
PE file does not import any functions
Sample file is different than original file name gathered from version info

Classification

AV Detection
barindex
Multi AV Scanner detection for submitted file
Source: Odcinek wyp#U0142aty_0.2.3.4._795.xlsx.exe ReversingLabs: Detection: 75%
Source: Odcinek wyp#U0142aty_0.2.3.4._795.xlsx.exe Virustotal: Detection: 49% Perma Link
Machine Learning detection for sample
Source: Odcinek wyp#U0142aty_0.2.3.4._795.xlsx.exe Joe Sandbox ML: detected
Source: Odcinek wyp#U0142aty_0.2.3.4._795.xlsx.exe Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
PE file does not import any functions
Source: Odcinek wyp#U0142aty_0.2.3.4._795.xlsx.exe Static PE information: No import functions for PE file found
Sample file is different than original file name gathered from version info
Source: Odcinek wyp#U0142aty_0.2.3.4._795.xlsx.exe Binary or memory string: OriginalFilenameIvumapumuwipulupL vs Odcinek wyp#U0142aty_0.2.3.4._795.xlsx.exe
Source: Odcinek wyp#U0142aty_0.2.3.4._795.xlsx.exe, GetBindOptionsUnorderedTrueSignaling.cs Cryptographic APIs: 'TransformFinalBlock', 'CreateDecryptor'
Source: classification engine Classification label: mal52.winEXE@0/0@0/0
Source: Odcinek wyp#U0142aty_0.2.3.4._795.xlsx.exe Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: Odcinek wyp#U0142aty_0.2.3.4._795.xlsx.exe Static file information: TRID: Win64 Executable Console Net Framework (206006/5) 48.58%
Source: Odcinek wyp#U0142aty_0.2.3.4._795.xlsx.exe ReversingLabs: Detection: 75%
Source: Odcinek wyp#U0142aty_0.2.3.4._795.xlsx.exe Virustotal: Detection: 49%
Source: Odcinek wyp#U0142aty_0.2.3.4._795.xlsx.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
Source: Odcinek wyp#U0142aty_0.2.3.4._795.xlsx.exe Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

No Screenshots

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 signatures2 2 Behavior Graph ID: 1432082 Sample: Odcinek wyp#U0142aty_0.2.3.... Startdate: 26/04/2024 Architecture: WINDOWS Score: 52 5 Multi AV Scanner detection for submitted file 2->5 7 Machine Learning detection for sample 2->7
No contacted IP infos