Windows Analysis Report
Yoh6xJ4fc5.exe

Overview

General Information

Sample Name: Yoh6xJ4fc5.exe
Analysis ID: 778224
MD5: d14ceedb53cf5316ecc6a09eace27be4
SHA1: ba84d27b6ce687fe6360fa1f55efd78fca01f94f
SHA256: 118c81907f82df9e435fc2dae7ab84cf61d07f628ac1238f615fdc16c81e6a88
Tags: exe
Infos:
Errors
  • No process behavior to analyse as no analysis process or sample was found
  • Corrupt sample or wrongly selected analyzer. Details: C000007B

Detection

Score: 68
Range: 0 - 100
Whitelisted: false
Confidence: 100%

Signatures

Malicious sample detected (through community Yara rule)
Potential malicious icon found
Multi AV Scanner detection for submitted file
Machine Learning detection for sample
Uses 32bit PE files
Yara signature match
Sample file is different than original file name gathered from version info
PE file contains an invalid checksum
PE file overlay found
PE file contains executable resources (Code or Archives)

Classification

AV Detection
barindex
Multi AV Scanner detection for submitted file
Source: Yoh6xJ4fc5.exe Virustotal: Detection: 44% Perma Link
Machine Learning detection for sample
Source: Yoh6xJ4fc5.exe Joe Sandbox ML: detected
Uses 32bit PE files
Source: Yoh6xJ4fc5.exe Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE

System Summary
barindex
Malicious sample detected (through community Yara rule)
Source: Yoh6xJ4fc5.exe, type: SAMPLE Matched rule: Linux_Trojan_Pornoasset_927f314f Author: unknown
Potential malicious icon found
Source: initial sample Icon embedded in PE file: bad icon match: 20047c7c70f0e004
Uses 32bit PE files
Source: Yoh6xJ4fc5.exe Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
Yara signature match
Source: Yoh6xJ4fc5.exe, type: SAMPLE Matched rule: Linux_Trojan_Pornoasset_927f314f reference_sample = d653598df857535c354ba21d96358d4767d6ada137ee32ce5eb4972363b35f93, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Pornoasset, fingerprint = 7214d3132fc606482e3f6236d291082a3abc0359c80255048045dba6e60ec7bf, id = 927f314f-2cbb-4f87-b75c-9aa5ef758599, last_modified = 2021-09-16
Sample file is different than original file name gathered from version info
Source: Yoh6xJ4fc5.exe Binary or memory string: OriginalFilenameServicevcs.exe vs Yoh6xJ4fc5.exe
PE file overlay found
Source: Yoh6xJ4fc5.exe Static PE information: Data appended to the last section found
PE file contains executable resources (Code or Archives)
Source: Yoh6xJ4fc5.exe Static PE information: Resource name: CUSTOM type: PE32+ executable (console) x86-64 (stripped to external PDB), for MS Windows
Source: Yoh6xJ4fc5.exe Virustotal: Detection: 44%
Source: Yoh6xJ4fc5.exe Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: classification engine Classification label: mal68.rans.winEXE@0/0@0/0
Source: Yoh6xJ4fc5.exe Binary or memory string: @@@*\AE:\miner\new\Project1.vbp
Source: Yoh6xJ4fc5.exe Static file information: File size 2164910 > 1048576
Source: Yoh6xJ4fc5.exe Static PE information: Raw size of .rsrc is bigger than: 0x100000 < 0x7f3000
PE file contains an invalid checksum
Source: Yoh6xJ4fc5.exe Static PE information: real checksum: 0x7fe176 should be: 0x21942f

No Screenshots

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 signatures2 2 Behavior Graph ID: 778224 Sample: Yoh6xJ4fc5.exe Startdate: 05/01/2023 Architecture: WINDOWS Score: 68 5 Potential malicious icon found 2->5 7 Malicious sample detected (through community Yara rule) 2->7 9 Multi AV Scanner detection for submitted file 2->9 11 Machine Learning detection for sample 2->11
No contacted IP infos