Windows Analysis Report
86F2TnbNbZ.exe

Overview

General Information

Sample Name: 86F2TnbNbZ.exe
Analysis ID: 778223
MD5: 0afec5fd7d329ba440836f797ed7e13b
SHA1: 8be9f8a277581544c23fca3333e9f7c3bf293543
SHA256: 223632c54414dc81cf566d05df729381e0a9dba4b68a4452eeb9b41239b87213
Tags: exe
Errors
  • No process behavior to analyse as no analysis process or sample was found
  • Corrupt sample or wrongly selected analyzer. Details: C000007B

Detection

Score: 21
Range: 0 - 100
Whitelisted: false
Confidence: 100%

Signatures

Machine Learning detection for sample
PE file overlay found
Uses 32bit PE files
PE file does not import any functions

Classification

AV Detection
barindex
Machine Learning detection for sample
Source: 86F2TnbNbZ.exe Joe Sandbox ML: detected
Uses 32bit PE files
Source: 86F2TnbNbZ.exe Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
Source: 86F2TnbNbZ.exe String found in binary or memory: http://pv.sohu.com/cityjson
Source: 86F2TnbNbZ.exe String found in binary or memory: http://www.ip138.com
PE file overlay found
Source: 86F2TnbNbZ.exe Static PE information: Data appended to the last section found
Uses 32bit PE files
Source: 86F2TnbNbZ.exe Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
PE file does not import any functions
Source: 86F2TnbNbZ.exe Static PE information: No import functions for PE file found
Source: 86F2TnbNbZ.exe Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: classification engine Classification label: sus21.winEXE@0/0@0/0
Source: 86F2TnbNbZ.exe Static file information: File size 2891522 > 1048576
Source: 86F2TnbNbZ.exe Static PE information: Virtual size of .text is bigger than: 0x100000
Source: 86F2TnbNbZ.exe Static PE information: Raw size of .text is bigger than: 0x100000 < 0x2ae000
Source: 86F2TnbNbZ.exe Static PE information: Raw size of .rdata is bigger than: 0x100000 < 0x928000

No Screenshots

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 signatures2 2 Behavior Graph ID: 778223 Sample: 86F2TnbNbZ.exe Startdate: 05/01/2023 Architecture: WINDOWS Score: 21 5 Machine Learning detection for sample 2->5
No contacted IP infos