Windows Analysis Report ryxu0LoCH3.exe

Overview

General Information

Sample Name: ryxu0LoCH3.exe
Analysis ID: 490252
MD5: 0ad6beff5dc6704a93dc36ea43dc739c
SHA1: b4536a89dbaa58deb5c5ef299d71982259521d91
SHA256: 6b364b7c12a4e4d7f7275006be3adc70984086843f1cd013b2745ecbbb8fca00
Tags: exe
Infos:
Errors
  • Nothing to analyse, Joe Sandbox has not found any analysis process or sample
  • Corrupt sample or wrongly selected analyzer. Details: %1 is not a valid Win32 application.

Detection

Score: 22
Range: 0 - 100
Whitelisted: false
Confidence: 80%

Signatures

Machine Learning detection for sample
PE file overlay found
Uses 32bit PE files
PE file contains sections with non-standard names
PE file contains an invalid checksum

Classification

AV Detection:

barindex
Machine Learning detection for sample
Source: ryxu0LoCH3.exe Joe Sandbox ML: detected

Compliance:

barindex
Uses 32bit PE files
Source: ryxu0LoCH3.exe Static PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED

System Summary:

barindex
PE file overlay found
Source: ryxu0LoCH3.exe Static PE information: Data appended to the last section found
Uses 32bit PE files
Source: ryxu0LoCH3.exe Static PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED
Source: ryxu0LoCH3.exe Static PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
Source: classification engine Classification label: sus22.winEXE@0/0@0/0

Data Obfuscation:

barindex
PE file contains sections with non-standard names
Source: ryxu0LoCH3.exe Static PE information: section name: .lwox
Source: ryxu0LoCH3.exe Static PE information: section name: .vvny
Source: ryxu0LoCH3.exe Static PE information: section name: .vtbg
Source: ryxu0LoCH3.exe Static PE information: section name: .qtxm
PE file contains an invalid checksum
Source: ryxu0LoCH3.exe Static PE information: real checksum: 0x15de8d should be: 0xfe268

No Screenshots

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 signatures2 2 Behavior Graph ID: 490252 Sample: ryxu0LoCH3.exe Startdate: 25/09/2021 Architecture: WINDOWS Score: 22 5 Machine Learning detection for sample 2->5
No contacted IP infos