Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
file.exe

Overview

General Information

Sample Name:file.exe
Analysis ID:791298
MD5:3fd36473a356b2574dee24283f6d3bf1
SHA1:711acfd53e4d3f48896565bc4d3428fc761304cd
SHA256:bf36f4fdd2382cc5869fd3833c42a73ab638ae73457a268713099888a7de6b00
Tags:exe
Errors
  • No process behavior to analyse as no analysis process or sample was found
  • Corrupt sample or wrongly selected analyzer. Details: C000007B

Detection

Score:2
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

PE file overlay found
Uses 32bit PE files
PE file does not import any functions
PE file contains sections with non-standard names
PE file contains an invalid checksum

Classification

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Snort Signatures

No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: file.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
Source: Binary string: TJC:\tubolurupobit\lewux\buv\nejucumaju_wisecehobewov.pdb source: file.exe
Source: Binary string: C:\tubolurupobit\lewux\buv\nejucumaju_wisecehobewov.pdb source: file.exe
Source: file.exeStatic PE information: Data appended to the last section found
Source: file.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
Source: file.exeStatic PE information: No import functions for PE file found
Source: file.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: classification engineClassification label: unknown2.winEXE@0/0@0/0
Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: Binary string: TJC:\tubolurupobit\lewux\buv\nejucumaju_wisecehobewov.pdb source: file.exe
Source: Binary string: C:\tubolurupobit\lewux\buv\nejucumaju_wisecehobewov.pdb source: file.exe
Source: file.exeStatic PE information: section name: .gimu
Source: file.exeStatic PE information: section name: .ripojut
Source: file.exeStatic PE information: section name: .diva
Source: file.exeStatic PE information: real checksum: 0x5cecc should be: 0xa8c7

Mitre Att&ck Matrix

No Mitre Att&ck techniques found

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

No Antivirus matches

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

No Antivirus matches

Domains and IPs

Contacted Domains

No contacted domains info

World Map of Contacted IPs

No contacted IP infos

General Information

Joe Sandbox Version:36.0.0 Rainbow Opal
Analysis ID:791298
Start date and time:2023-01-25 09:51:07 +01:00
Joe Sandbox Product:CloudBasic
Overall analysis duration:0h 1m 53s
Hypervisor based Inspection enabled:false
Report type:full
Sample file name:file.exe
Cookbook file name:default.jbs
Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 104, IE 11, Adobe Reader DC 19, Java 8 Update 211
Number of analysed new started processes analysed:0
Number of new started drivers analysed:0
Number of existing processes analysed:0
Number of existing drivers analysed:0
Number of injected processes analysed:0
Technologies:
  • EGA enabled
  • HDC enabled
  • AMSI enabled
Analysis Mode:default
Analysis stop reason:Timeout
Detection:UNKNOWN
Classification:unknown2.winEXE@0/0@0/0
Cookbook Comments:
  • Found application associated with file extension: .exe
  • Unable to launch sample, stop analysis

Errors

  • No process behavior to analyse as no analysis process or sample was found
  • Corrupt sample or wrongly selected analyzer. Details: C000007B

Simulations

Behavior and APIs

No simulations

Joe Sandbox View / Context

IPs

No context

Domains

No context

ASNs

No context

JA3 Fingerprints

No context

Dropped Files

No context

Created / dropped Files

No created / dropped files found

Static File Info

General

File type:PE32 executable (GUI) Intel 80386, for MS Windows
Entropy (8bit):6.642103838248304
TrID:
  • Win32 Executable (generic) a (10002005/4) 99.96%
  • Generic Win/DOS Executable (2004/3) 0.02%
  • DOS Executable Generic (2002/1) 0.02%
  • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:file.exe
File size:34864
MD5:3fd36473a356b2574dee24283f6d3bf1
SHA1:711acfd53e4d3f48896565bc4d3428fc761304cd
SHA256:bf36f4fdd2382cc5869fd3833c42a73ab638ae73457a268713099888a7de6b00
SHA512:6fdd039f44f2bcc0e2694593c99c28ee33f161b886d432706b30737948de005aa1cb0ea1bc4da6a046ac4bc6d7b93fb23ea9ecaa4d9ad93e8f099d8ef8318a8f
SSDEEP:768:xhrMgpxtC4QjYVMHSe2wnqP3vj+cN6gSfN4ZuQxkbLTGdj:vJpxtC4Ulz2+w6JN4ZuQ2Ladj
TLSH:5CF27C32FAE184B2C69B45B488B4D992BF1E251122F0D9436F6C1A7A5F317D2837731B
File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........E...+E..+E..+E...E..+E...E..+E...E..+E.3PE..+E..*E..+E...E..+E...E..+E...E..+ERich..+E................PE..L......b...........

File Icon

Icon Hash:00828e8e8686b000

Static PE Info

General

Entrypoint:0x40453f
Entrypoint Section:.text
Digitally signed:false
Imagebase:0x400000
Subsystem:windows gui
Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
DLL Characteristics:NX_COMPAT, TERMINAL_SERVER_AWARE
Time Stamp:0x62E31E17 [Thu Jul 28 23:39:03 2022 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:5
OS Version Minor:0
File Version Major:5
File Version Minor:0
Subsystem Version Major:5
Subsystem Version Minor:0
Import Hash:

Entrypoint Preview

Instruction
mov dword ptr [ebp-14h], ebx
jne 00007F5EACC850CDh
mov ebx, dword ptr [ebp+08h]
mov ecx, dword ptr [ebp-14h]
and dword ptr [ebx+04h], ecx
jmp 00007F5EACC850C5h
mov ebx, dword ptr [ebp+08h]
cmp dword ptr [ebp-08h], 00000000h
mov ecx, dword ptr [edx+08h]
mov edi, dword ptr [edx+04h]
mov dword ptr [ecx+04h], edi
mov ecx, dword ptr [edx+04h]
mov edi, dword ptr [edx+08h]
mov dword ptr [ecx+08h], edi
je 00007F5EACC85153h
mov ecx, dword ptr [ebp-0Ch]
lea ecx, dword ptr [ecx+esi*8]
mov edi, dword ptr [ecx+04h]
mov dword ptr [edx+08h], ecx
mov dword ptr [edx+04h], edi
mov dword ptr [ecx+04h], edx
mov ecx, dword ptr [edx+04h]
mov dword ptr [ecx+08h], edx
mov ecx, dword ptr [edx+04h]
cmp ecx, dword ptr [edx+08h]
jne 00007F5EACC85120h
mov cl, byte ptr [esi+eax+04h]
mov byte ptr [ebp+0Bh], cl
inc cl
cmp esi, 20h
mov byte ptr [esi+eax+04h], cl
jnl 00007F5EACC850E5h
cmp byte ptr [ebp+0Bh], 00000000h
jne 00007F5EACC850CDh
mov edi, 80000000h
mov ecx, esi
shr edi, cl
or dword ptr [ebx], edi
mov ecx, esi
mov edi, 80000000h
shr edi, cl
mov ecx, dword ptr [ebp-04h]
or dword ptr [eax+ecx*4+44h], edi
jmp 00007F5EACC850EBh
cmp byte ptr [ebp+0Bh], 00000000h
jne 00007F5EACC850CFh
lea ecx, dword ptr [esi-20h]
mov edi, 80000000h
shr edi, cl
or dword ptr [ebx+04h], edi
mov ecx, dword ptr [ebp-04h]
lea edi, dword ptr [eax+ecx*4+000000C4h]
lea ecx, dword ptr [esi-20h]
mov esi, 80000000h
shr esi, cl
or dword ptr [edi], esi
mov ecx, dword ptr [ebp-08h]
test ecx, ecx
je 00007F5EACC850CDh
mov dword ptr [edx], ecx
mov dword ptr [ecx+edx-04h], ecx
jmp 00007F5EACC850C5h
mov ecx, dword ptr [ebp-08h]
mov esi, dword ptr [ebp-10h]
add edx, ecx
lea ecx, dword ptr [esi+01h]

Rich Headers

Programming Language:
  • [C++] VS2008 build 21022
  • [ASM] VS2008 build 21022
  • [ C ] VS2008 build 21022
  • [IMP] VS2005 build 50727
  • [RES] VS2008 build 21022
  • [LNK] VS2008 build 21022

Data Directories

NameVirtual AddressVirtual Size Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
IMAGE_DIRECTORY_ENTRY_IMPORT0x10b640x64.text
IMAGE_DIRECTORY_ENTRY_RESOURCE0x2f0000x2b298.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
IMAGE_DIRECTORY_ENTRY_BASERELOC0x5b0000xb98.reloc
IMAGE_DIRECTORY_ENTRY_DEBUG0x11d00x1c.text
IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
IMAGE_DIRECTORY_ENTRY_TLS0x00x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x2de00x40.text
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
IMAGE_DIRECTORY_ENTRY_IAT0x10000x190.text
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

Sections

NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
.text0x10000x104a00x10600False0.5606973995271868data6.7119685674250125IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.data0x120000x191000x16e00False0empty0.0IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.gimu0x2c0000x2700x400False0empty0.0IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.ripojut0x2d0000x2d30x400False0empty0.0IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.diva0x2e0000x3c30x400False0empty0.0IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.rsrc0x2f0000x2b2980x2b400False0empty0.0IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.reloc0x5b0000x19120x1a00False0empty0.0IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

Network Behavior

No network behavior found

Statistics

No statistics

System Behavior

No system behavior

Disassembly

No disassembly