Windows Analysis Report
07qeM0pi.exe

Overview

General Information

Sample name: 07qeM0pi.exe
Analysis ID: 1432374
MD5: bc7717b187a8c3f4817423146aa60ceb
SHA1: 5cd50c6ac9df74af38d5ff5cdac2e3357478c2c7
SHA256: 1f10e7c175ca6eddee096a3c4cdc65dfcfb05ee8d7cf6b73c74221900057c9f9
Errors
  • No process behavior to analyse as no analysis process or sample was found
  • Corrupt sample or wrongly selected analyzer. Details: %1 is not a valid Win32 application.

Detection

Score: 56
Range: 0 - 100
Whitelisted: false
Confidence: 100%

Signatures

Multi AV Scanner detection for submitted file
Machine Learning detection for sample
PE file contains section with special chars
Entry point lies outside standard sections
PE file contains an invalid checksum
PE file contains sections with non-standard names
PE file does not import any functions
PE file overlay found
Uses 32bit PE files

Classification

AV Detection
barindex
Multi AV Scanner detection for submitted file
Source: 07qeM0pi.exe ReversingLabs: Detection: 21%
Machine Learning detection for sample
Source: 07qeM0pi.exe Joe Sandbox ML: detected
Uses 32bit PE files
Source: 07qeM0pi.exe Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
Source: 07qeM0pi.exe Static PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE

System Summary
barindex
PE file contains section with special chars
Source: 07qeM0pi.exe Static PE information: section name: ."V/
PE file does not import any functions
Source: 07qeM0pi.exe Static PE information: No import functions for PE file found
PE file overlay found
Source: 07qeM0pi.exe Static PE information: Data appended to the last section found
Uses 32bit PE files
Source: 07qeM0pi.exe Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
Source: classification engine Classification label: mal56.winEXE@0/0@0/0
Source: 07qeM0pi.exe ReversingLabs: Detection: 21%
Source: 07qeM0pi.exe Static file information: File size 1302528 > 1048576
Source: 07qeM0pi.exe Static PE information: Raw size of .VGF is bigger than: 0x100000 < 0x689e00
Source: 07qeM0pi.exe Static PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Entry point lies outside standard sections
Source: initial sample Static PE information: section where entry point is pointing to: .VGF
PE file contains an invalid checksum
Source: 07qeM0pi.exe Static PE information: real checksum: 0x698cc6 should be: 0x145834
PE file contains sections with non-standard names
Source: 07qeM0pi.exe Static PE information: section name: .WVa
Source: 07qeM0pi.exe Static PE information: section name: ."V/
Source: 07qeM0pi.exe Static PE information: section name: .VGF
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 signatures2 2 Behavior Graph ID: 1432374 Sample: 07qeM0pi.exe Startdate: 26/04/2024 Architecture: WINDOWS Score: 56 5 Multi AV Scanner detection for submitted file 2->5 7 Machine Learning detection for sample 2->7 9 PE file contains section with special chars 2->9
No contacted IP infos