Windows Analysis Report
XPLHpP8RVc.exe

Overview

General Information

Sample Name: XPLHpP8RVc.exe
Analysis ID: 736950
MD5: d63bcf05b6e5f943213930ec13433edd
SHA1: 9b9e999a1619630297d3633555b3ca186d9b124d
SHA256: de6e79d80d5cc90b9958e261e2e2c9c2eadda70c27daa171f406fc75fa967f8a
Tags: exe
Errors
  • No process behavior to analyse as no analysis process or sample was found
  • Corrupt sample or wrongly selected analyzer. Details: C000007B

Detection

Score: 56
Range: 0 - 100
Whitelisted: false
Confidence: 100%

Signatures

Multi AV Scanner detection for submitted file
Machine Learning detection for sample
PE file has a writeable .text section
Uses 32bit PE files
PE file does not import any functions
PE file contains an invalid checksum
PE file overlay found
Entry point lies outside standard sections
PE file contains sections with non-standard names

Classification

AV Detection
barindex
Multi AV Scanner detection for submitted file
Source: XPLHpP8RVc.exe ReversingLabs: Detection: 38%
Source: XPLHpP8RVc.exe Virustotal: Detection: 27% Perma Link
Machine Learning detection for sample
Source: XPLHpP8RVc.exe Joe Sandbox ML: detected
Uses 32bit PE files
Source: XPLHpP8RVc.exe Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE

System Summary
barindex
PE file has a writeable .text section
Source: XPLHpP8RVc.exe Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Uses 32bit PE files
Source: XPLHpP8RVc.exe Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE
PE file does not import any functions
Source: XPLHpP8RVc.exe Static PE information: No import functions for PE file found
PE file overlay found
Source: XPLHpP8RVc.exe Static PE information: Data appended to the last section found
Source: XPLHpP8RVc.exe ReversingLabs: Detection: 38%
Source: XPLHpP8RVc.exe Virustotal: Detection: 27%
Source: classification engine Classification label: mal56.winEXE@0/0@0/0
Source: XPLHpP8RVc.exe Static file information: File size 2398737 > 1048576
Source: XPLHpP8RVc.exe Static PE information: Virtual size of .text is bigger than: 0x100000
Source: XPLHpP8RVc.exe Static PE information: Raw size of .text is bigger than: 0x100000 < 0x1e8000
Source: XPLHpP8RVc.exe Static PE information: Raw size of .sedata is bigger than: 0x100000 < 0x13a000
PE file contains an invalid checksum
Source: XPLHpP8RVc.exe Static PE information: real checksum: 0x32c7f3 should be: 0x249d50
Entry point lies outside standard sections
Source: initial sample Static PE information: section where entry point is pointing to: .sedata
PE file contains sections with non-standard names
Source: XPLHpP8RVc.exe Static PE information: section name: .sedata
Source: XPLHpP8RVc.exe Static PE information: section name: .sedata
Source: initial sample Static PE information: section name: .sedata entropy: 7.756485763720028

No Screenshots

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 signatures2 2 Behavior Graph ID: 736950 Sample: XPLHpP8RVc.exe Startdate: 03/11/2022 Architecture: WINDOWS Score: 56 5 Multi AV Scanner detection for submitted file 2->5 7 Machine Learning detection for sample 2->7 9 PE file has a writeable .text section 2->9
No contacted IP infos