Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
07qeM0pi.exe

Overview

General Information

Sample name:07qeM0pi.exe
Analysis ID:1432374
MD5:bc7717b187a8c3f4817423146aa60ceb
SHA1:5cd50c6ac9df74af38d5ff5cdac2e3357478c2c7
SHA256:1f10e7c175ca6eddee096a3c4cdc65dfcfb05ee8d7cf6b73c74221900057c9f9
Errors
  • No process behavior to analyse as no analysis process or sample was found
  • Corrupt sample or wrongly selected analyzer. Details: %1 is not a valid Win32 application.

Detection

Score:56
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Multi AV Scanner detection for submitted file
Machine Learning detection for sample
PE file contains section with special chars
Entry point lies outside standard sections
PE file contains an invalid checksum
PE file contains sections with non-standard names
PE file does not import any functions
PE file overlay found
Uses 32bit PE files

Classification

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Snort Signatures

No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Multi AV Scanner detection for submitted file
Source: 07qeM0pi.exeReversingLabs: Detection: 21%
Machine Learning detection for sample
Source: 07qeM0pi.exeJoe Sandbox ML: detected
Source: 07qeM0pi.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
Source: 07qeM0pi.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE

System Summary

barindex
PE file contains section with special chars
Source: 07qeM0pi.exeStatic PE information: section name: ."V/
Source: 07qeM0pi.exeStatic PE information: No import functions for PE file found
Source: 07qeM0pi.exeStatic PE information: Data appended to the last section found
Source: 07qeM0pi.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
Source: classification engineClassification label: mal56.winEXE@0/0@0/0
Source: 07qeM0pi.exeReversingLabs: Detection: 21%
Source: 07qeM0pi.exeStatic file information: File size 1302528 > 1048576
Source: 07qeM0pi.exeStatic PE information: Raw size of .VGF is bigger than: 0x100000 < 0x689e00
Source: 07qeM0pi.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Source: initial sampleStatic PE information: section where entry point is pointing to: .VGF
Source: 07qeM0pi.exeStatic PE information: real checksum: 0x698cc6 should be: 0x145834
Source: 07qeM0pi.exeStatic PE information: section name: .WVa
Source: 07qeM0pi.exeStatic PE information: section name: ."V/
Source: 07qeM0pi.exeStatic PE information: section name: .VGF

Mitre Att&ck Matrix

No Mitre Att&ck techniques found

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
07qeM0pi.exe21%ReversingLabs
07qeM0pi.exe100%Joe Sandbox ML

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

No Antivirus matches

Domains and IPs

Contacted Domains

No contacted domains info

World Map of Contacted IPs

No contacted IP infos

General Information

Joe Sandbox version:40.0.0 Tourmaline
Analysis ID:1432374
Start date and time:2024-04-26 23:22:38 +02:00
Joe Sandbox product:CloudBasic
Overall analysis duration:0h 1m 30s
Hypervisor based Inspection enabled:false
Report type:full
Cookbook file name:default.jbs
Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:1
Number of new started drivers analysed:0
Number of existing processes analysed:0
Number of existing drivers analysed:0
Number of injected processes analysed:0
Technologies:
  • EGA enabled
  • AMSI enabled
Analysis Mode:default
Analysis stop reason:Timeout
Sample name:07qeM0pi.exe
Detection:MAL
Classification:mal56.winEXE@0/0@0/0
Cookbook Comments:
  • Found application associated with file extension: .exe
  • Unable to launch sample, stop analysis

Errors

  • No process behavior to analyse as no analysis process or sample was found
  • Corrupt sample or wrongly selected analyzer. Details: %1 is not a valid Win32 application.

Warnings

  • Exclude process from analysis (whitelisted): dllhost.exe
  • Excluded IPs from analysis (whitelisted): 52.159.126.152
  • Excluded domains from analysis (whitelisted): client.wns.windows.com, wns.notify.trafficmanager.net
  • VT rate limit hit for: 07qeM0pi.exe

Simulations

Behavior and APIs

No simulations

Joe Sandbox View / Context

IPs

No context

Domains

No context

ASNs

No context

JA3 Fingerprints

No context

Dropped Files

No context

Created / dropped Files

No created / dropped files found

Static File Info

General

File type:PE32 executable (GUI) Intel 80386, for MS Windows
Entropy (8bit):7.908189670699943
TrID:
  • Win32 Executable (generic) a (10002005/4) 99.96%
  • Generic Win/DOS Executable (2004/3) 0.02%
  • DOS Executable Generic (2002/1) 0.02%
  • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:07qeM0pi.exe
File size:1'302'528 bytes
MD5:bc7717b187a8c3f4817423146aa60ceb
SHA1:5cd50c6ac9df74af38d5ff5cdac2e3357478c2c7
SHA256:1f10e7c175ca6eddee096a3c4cdc65dfcfb05ee8d7cf6b73c74221900057c9f9
SHA512:cbe24b52a2e87373c4a16f952c7dbbd85ad013cc9f7376dbdb9cb4bc991ba4c8edcea8a176091b8da938b7970138da23d28b63e18cf41afd455cb89387f5733d
SSDEEP:24576:OU1wa0GuqzIz5g1p5yFVCrQf/Rw6acwGv5/fDZWJxrAy:l/0GuiZ9AV0qrwGv1DUJxrAy
TLSH:FB55237322162181E5F1C4719A37FDD9B1F647EA8542E87E9987B9C23A08DF1E217383
File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....L.b............................u........0....@...................................i...@................................

File Icon

Icon Hash:00928e8e8686b000

Static PE Info

General

Entrypoint:0xc39075
Entrypoint Section:.VGF
Digitally signed:false
Imagebase:0x400000
Subsystem:windows gui
Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Time Stamp:0x62CD4C8D [Tue Jul 12 10:27:25 2022 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:6
OS Version Minor:0
File Version Major:6
File Version Minor:0
Subsystem Version Major:6
Subsystem Version Minor:0
Import Hash:

Data Directories

NameVirtual AddressVirtual Size Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
IMAGE_DIRECTORY_ENTRY_IMPORT0x83547c0x78.VGF
IMAGE_DIRECTORY_ENTRY_RESOURCE0xa300000x5e1.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
IMAGE_DIRECTORY_ENTRY_BASERELOC0xa2f0000x5c0.reloc
IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
IMAGE_DIRECTORY_ENTRY_TLS0x00x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
IMAGE_DIRECTORY_ENTRY_IAT0x3a40000x40."V/
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

Sections

NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
.text0x10000x1b1f0x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.rdata0x30000x11080x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.data0x50000x640x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.WVa0x60000x39d4830x0d41d8cd98f00b204e9800998ecf8427eunknownunknownunknownunknownIMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
."V/0x3a40000x3980x4002f4ac07645aeb286eb32160e21af915fFalse0.0615234375data0.36335794583596365IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.VGF0x3a50000x689cf00x689e00043ac1f7ede1a2ead67f92c2ef3ff3cbunknownunknownunknownunknownIMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.reloc0xa2f0000x5c00x600d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.rsrc0xa300000x5e10x600d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

Network Behavior

No network behavior found

Statistics

No statistics

System Behavior

No system behavior

Disassembly

No disassembly