Windows Analysis Report
PC-SOFT_Set-Up.exe

Overview

General Information

Sample Name:	PC-SOFT_Set-Up.exe
Analysis ID:	831158
MD5:	f448d2bbece9ffca6d35b72ad699c545
SHA1:	acab3e78eb72b8cde7f686a7adce243e819fa5ed
SHA256:	bf83c57f5b1ae62b3a671d93d263d9704c4e5dc82a4b381b216afd7b1d4764aa
Tags:	exeexpert-topcommalwarepass-1212stealer
Errors No process behavior to analyse as no analysis process or sample was found Corrupt sample or wrongly selected analyzer. Details: C000007B

Detection

Score:	48
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Machine Learning detection for sample

PE file contains section with special chars

PE file overlay found

Uses 32bit PE files

Entry point lies outside standard sections

PE file contains sections with non-standard names

Classification

Signatures

AV Detection

Machine Learning detection for sample

Source: PC-SOFT_Set-Up.exe

Joe Sandbox ML: detected

Uses 32bit PE files

Source: PC-SOFT_Set-Up.exe

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE

System Summary

PE file contains section with special chars

Source: PC-SOFT_Set-Up.exe	Static PE information: section name: .Y :
Source: PC-SOFT_Set-Up.exe	Static PE information: section name: .(Y,

PE file overlay found

Source: PC-SOFT_Set-Up.exe

Static PE information: Data appended to the last section found

Uses 32bit PE files

Source: PC-SOFT_Set-Up.exe

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: classification engine

Classification label: mal48.winEXE@0/0@0/0

Source: PC-SOFT_Set-Up.exe

Static file information: File size 10371193 > 1048576

Source: PC-SOFT_Set-Up.exe

Static PE information: Raw size of .tve is bigger than: 0x100000 < 0x997400

Source: PC-SOFT_Set-Up.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG

Entry point lies outside standard sections

Source: initial sample

Static PE information: section where entry point is pointing to: .tve

PE file contains sections with non-standard names

Source: PC-SOFT_Set-Up.exe	Static PE information: section name: .Y :
Source: PC-SOFT_Set-Up.exe	Static PE information: section name: .(Y,
Source: PC-SOFT_Set-Up.exe	Static PE information: section name: .tve

Screenshots

No Screenshots

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Network Map

⊘No contacted IP infos

ID:	831158
Product:	CloudBasic
Start time:	07:06:12
Start date:	21.03.2023
Sample:	PC-SOFT_Set-Up.exe
Cookbook:	default.jbs
System description:	Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 104, IE 11, Adobe Reader DC 19, Java 8 Update 211
Architecture:	WINDOWS
MD5:	f448d2bbece9ffca6d35b72ad699c545
SHA1:	acab3e78eb72b8cde7f686a7adce243e819fa5ed
SHA256:	bf83c57f5b1ae62b3a671d93d263d9704c4e5dc82a4b381b216afd7b1d4764aa
Filetype:	Win32 Executable (generic) a (10002005/4) 99.96%

Windows Analysis Report
PC-SOFT_Set-Up.exe

Overview

General Information

Detection

Signatures

Classification

Signatures

AV Detection

Compliance

System Summary

Data Obfuscation

Screenshots

Behavior Graph

Network Map

Windows Analysis Report PC-SOFT_Set-Up.exe

Overview

General Information

Detection

Signatures

Classification

Signatures

AV Detection

Compliance

System Summary

Data Obfuscation

Screenshots

Behavior Graph

Network Map

Windows Analysis Report
PC-SOFT_Set-Up.exe