Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Signed P.O.pdf.exe

Overview

General Information

Sample name:Signed P.O.pdf.exe
Analysis ID:1606864
MD5:f1c5354b87df83758f0aedb56212a4ae
SHA1:0d46677df13b3bf35ac9e58b47e1c195986544e4
SHA256:4c56a8b9240482001057f944497eaac980f91c8cb4c80a67dbf3c8706eb3990a
Tags:exeuser-malrpt
Infos:

Detection

Score:80
Range:0 - 100
Confidence:100%

Signatures

Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Sigma detected: Suspicious Double Extension File Execution
Initial sample is a PE file and has a suspicious name
Joe Sandbox ML detected suspicious sample
Machine Learning detection for dropped file
Machine Learning detection for sample
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to communicate with device drivers
Contains functionality to launch a program with higher privileges
Contains functionality to query CPU information (cpuid)
Contains functionality to query locales information (e.g. system language)
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Drops PE files
File is packed with WinRar
Found dropped PE file which has not been started or loaded
IP address seen in connection with other malware
PE file contains sections with non-standard names
Sample file is different than original file name gathered from version info
Uses code obfuscation techniques (call, push, ret)

Classification

  • System is w10x64