Windows Analysis Report
file.exe

Overview

General Information

Sample Name: file.exe
Analysis ID: 791298
MD5: 3fd36473a356b2574dee24283f6d3bf1
SHA1: 711acfd53e4d3f48896565bc4d3428fc761304cd
SHA256: bf36f4fdd2382cc5869fd3833c42a73ab638ae73457a268713099888a7de6b00
Tags: exe
Errors
  • No process behavior to analyse as no analysis process or sample was found
  • Corrupt sample or wrongly selected analyzer. Details: C000007B

Detection

Score: 2
Range: 0 - 100
Whitelisted: false
Confidence: 100%

Signatures

PE file overlay found
Uses 32bit PE files
PE file does not import any functions
PE file contains sections with non-standard names
PE file contains an invalid checksum

Classification

Source: file.exe Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
Source: Binary string: TJC:\tubolurupobit\lewux\buv\nejucumaju_wisecehobewov.pdb source: file.exe
Source: Binary string: C:\tubolurupobit\lewux\buv\nejucumaju_wisecehobewov.pdb source: file.exe
Source: file.exe Static PE information: Data appended to the last section found
Source: file.exe Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
Source: file.exe Static PE information: No import functions for PE file found
Source: file.exe Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: classification engine Classification label: unknown2.winEXE@0/0@0/0
Source: file.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: file.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: file.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: file.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: file.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: file.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
Source: file.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: Binary string: TJC:\tubolurupobit\lewux\buv\nejucumaju_wisecehobewov.pdb source: file.exe
Source: Binary string: C:\tubolurupobit\lewux\buv\nejucumaju_wisecehobewov.pdb source: file.exe
Source: file.exe Static PE information: section name: .gimu
Source: file.exe Static PE information: section name: .ripojut
Source: file.exe Static PE information: section name: .diva
Source: file.exe Static PE information: real checksum: 0x5cecc should be: 0xa8c7

No Behavior Graph

No contacted IP infos