Loading ...

Play interactive tourEdit tour

Windows Analysis Report 1JXnBACf4L.exe

Overview

General Information

Sample Name:1JXnBACf4L.exe
Analysis ID:528757
MD5:55639d8c8ae9090875ac0a663f0a8f57
SHA1:43474904bc2ae4f7dc2a3a6de33fb70bf11fb906
SHA256:d975e34edbe0b4371e2ea6f82bf56289486b4f5d43a6fb069def7360b813ab19
Tags:exe

Most interesting Screenshot:

Errors
  • No process behavior to analyse as no analysis process or sample was found
  • Corrupt sample or wrongly selected analyzer. Details: %1 is not a valid Win32 application.

Detection

Score:56
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Multi AV Scanner detection for submitted file
Machine Learning detection for sample
PE file contains section with special chars
Uses 32bit PE files
PE file contains more sections than normal
Sample file is different than original file name gathered from version info
PE file contains an invalid checksum
PE file overlay found
Entry point lies outside standard sections
PE file contains sections with non-standard names

Classification

Malware Configuration

No configs have been found

Yara Overview

No yara matches

Sigma Overview

No Sigma rule has matched

Jbx Signature Overview

Click to jump to signature section

Show All Signature Results

AV Detection:

barindex
Multi AV Scanner detection for submitted fileShow sources
Source: 1JXnBACf4L.exeVirustotal: Detection: 26%Perma Link
Machine Learning detection for sampleShow sources
Source: 1JXnBACf4L.exeJoe Sandbox ML: detected
Source: 1JXnBACf4L.exeStatic PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE
Source: 1JXnBACf4L.exeStatic PE information: TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT

System Summary:

barindex
PE file contains section with special charsShow sources
Source: 1JXnBACf4L.exeStatic PE information: section name:
Source: 1JXnBACf4L.exeStatic PE information: section name:
Source: 1JXnBACf4L.exeStatic PE information: section name:
Source: 1JXnBACf4L.exeStatic PE information: section name:
Source: 1JXnBACf4L.exeStatic PE information: section name:
Source: 1JXnBACf4L.exeStatic PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE
Source: 1JXnBACf4L.exeStatic PE information: Number of sections : 11 > 10
Source: 1JXnBACf4L.exeBinary or memory string: OriginalFilenameWinDescS2 vs 1JXnBACf4L.exe
Source: 1JXnBACf4L.exeStatic PE information: Data appended to the last section found
Source: 1JXnBACf4L.exeStatic PE information: Section: ZLIB complexity 1.00063511266
Source: 1JXnBACf4L.exeStatic PE information: Section: ZLIB complexity 1.00176310306
Source: 1JXnBACf4L.exeStatic PE information: Section: ZLIB complexity 1.0365448505
Source: 1JXnBACf4L.exeStatic PE information: Section: ZLIB complexity 1.0176
Source: 1JXnBACf4L.exeStatic PE information: Section: ZLIB complexity 1.00317094263
Source: 1JXnBACf4L.exeVirustotal: Detection: 26%
Source: classification engineClassification label: mal56.winEXE@0/0@0/0
Source: 1JXnBACf4L.exeStatic PE information: Raw size of .boot is bigger than: 0x100000 < 0x293e00
Source: 1JXnBACf4L.exeStatic PE information: TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
Source: 1JXnBACf4L.exeStatic PE information: real checksum: 0x2a7f0c should be: 0x53ac2
Source: initial sampleStatic PE information: section where entry point is pointing to: .boot
Source: 1JXnBACf4L.exeStatic PE information: section name:
Source: 1JXnBACf4L.exeStatic PE information: section name:
Source: 1JXnBACf4L.exeStatic PE information: section name:
Source: 1JXnBACf4L.exeStatic PE information: section name:
Source: 1JXnBACf4L.exeStatic PE information: section name:
Source: 1JXnBACf4L.exeStatic PE information: section name: .imports
Source: 1JXnBACf4L.exeStatic PE information: section name: .winlice
Source: 1JXnBACf4L.exeStatic PE information: section name: .boot
Source: initial sampleStatic PE information: section name: entropy: 7.97271005667

Mitre Att&ck Matrix

Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
Valid AccountsWindows Management InstrumentationPath InterceptionPath InterceptionSoftware Packing2OS Credential DumpingSystem Service DiscoveryRemote ServicesData from Local SystemExfiltration Over Other Network MediumData ObfuscationEavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
Default AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization ScriptsObfuscated Files or Information1LSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable MediaExfiltration Over BluetoothJunk DataExploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.