Windows Analysis Report 1JXnBACf4L.exe

Overview

General Information

Sample Name: 1JXnBACf4L.exe
Analysis ID: 528757
MD5: 55639d8c8ae9090875ac0a663f0a8f57
SHA1: 43474904bc2ae4f7dc2a3a6de33fb70bf11fb906
SHA256: d975e34edbe0b4371e2ea6f82bf56289486b4f5d43a6fb069def7360b813ab19
Tags: exe

Most interesting Screenshot:
Errors
  • No process behavior to analyse as no analysis process or sample was found
  • Corrupt sample or wrongly selected analyzer. Details: %1 is not a valid Win32 application.

Detection

Score: 56
Range: 0 - 100
Whitelisted: false
Confidence: 100%

Signatures

Multi AV Scanner detection for submitted file
Machine Learning detection for sample
PE file contains section with special chars
Uses 32bit PE files
PE file contains more sections than normal
Sample file is different than original file name gathered from version info
PE file contains an invalid checksum
PE file overlay found
Entry point lies outside standard sections
PE file contains sections with non-standard names

Classification

AV Detection:

barindex
Multi AV Scanner detection for submitted file
Source: 1JXnBACf4L.exe Virustotal: Detection: 26% Perma Link
Machine Learning detection for sample
Source: 1JXnBACf4L.exe Joe Sandbox ML: detected

Compliance:

barindex
Uses 32bit PE files
Source: 1JXnBACf4L.exe Static PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE
Source: 1JXnBACf4L.exe Static PE information: TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT

System Summary:

barindex
PE file contains section with special chars
Source: 1JXnBACf4L.exe Static PE information: section name:
Source: 1JXnBACf4L.exe Static PE information: section name:
Source: 1JXnBACf4L.exe Static PE information: section name:
Source: 1JXnBACf4L.exe Static PE information: section name:
Source: 1JXnBACf4L.exe Static PE information: section name:
Uses 32bit PE files
Source: 1JXnBACf4L.exe Static PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE
PE file contains more sections than normal
Source: 1JXnBACf4L.exe Static PE information: Number of sections : 11 > 10
Sample file is different than original file name gathered from version info
Source: 1JXnBACf4L.exe Binary or memory string: OriginalFilenameWinDescS2 vs 1JXnBACf4L.exe
PE file overlay found
Source: 1JXnBACf4L.exe Static PE information: Data appended to the last section found
Source: 1JXnBACf4L.exe Static PE information: Section: ZLIB complexity 1.00063511266
Source: 1JXnBACf4L.exe Static PE information: Section: ZLIB complexity 1.00176310306
Source: 1JXnBACf4L.exe Static PE information: Section: ZLIB complexity 1.0365448505
Source: 1JXnBACf4L.exe Static PE information: Section: ZLIB complexity 1.0176
Source: 1JXnBACf4L.exe Static PE information: Section: ZLIB complexity 1.00317094263
Source: 1JXnBACf4L.exe Virustotal: Detection: 26%
Source: classification engine Classification label: mal56.winEXE@0/0@0/0
Source: 1JXnBACf4L.exe Static PE information: Raw size of .boot is bigger than: 0x100000 < 0x293e00
Source: 1JXnBACf4L.exe Static PE information: TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT

Data Obfuscation:

barindex
PE file contains an invalid checksum
Source: 1JXnBACf4L.exe Static PE information: real checksum: 0x2a7f0c should be: 0x53ac2
Entry point lies outside standard sections
Source: initial sample Static PE information: section where entry point is pointing to: .boot
PE file contains sections with non-standard names
Source: 1JXnBACf4L.exe Static PE information: section name:
Source: 1JXnBACf4L.exe Static PE information: section name:
Source: 1JXnBACf4L.exe Static PE information: section name:
Source: 1JXnBACf4L.exe Static PE information: section name:
Source: 1JXnBACf4L.exe Static PE information: section name:
Source: 1JXnBACf4L.exe Static PE information: section name: .imports
Source: 1JXnBACf4L.exe Static PE information: section name: .winlice
Source: 1JXnBACf4L.exe Static PE information: section name: .boot
Source: initial sample Static PE information: section name: entropy: 7.97271005667
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 signatures2 2 Behavior Graph ID: 528757 Sample: 1JXnBACf4L.exe Startdate: 25/11/2021 Architecture: WINDOWS Score: 56 5 Multi AV Scanner detection for submitted file 2->5 7 Machine Learning detection for sample 2->7 9 PE file contains section with special chars 2->9
No contacted IP infos