Report #13646 check_circle

  • Creation Date: Sept. 11, 2021, 9:48 p.m.
  • Last Update: Sept. 11, 2021, 9:58 p.m.
  • File: 003.exe
  • Results:
Binary
DLL
False cancel
Size
408.43KB
trid
52.9% Win32 Executable
23.5% Generic Win/DOS Executable
23.5% DOS Executable Generic
type
PE
wordsize
32
Subsystem
Windows GUI
Hashes
md5
935318eacf901483f31ff3b4771b705e
sha1
83911cd09099dfce4cc9fe6a25c47017a7cb4ed1
crc32
0x3d46676b
sha224
fb50387ce3ef7e5c92a1b5275204f7d3d17c5a6a26fc0fbb5083a337
sha256
121ef9f6b8a5364a1df574d707e369e358e23a898850d923127a5d55c4b2fec6
sha384
52b21f84614389ccdc77ad8b43c32e7aeaa2e872c60c3387e524ddd97b0e30479b1a991ae91000dda9c471c6197d26a2
sha512
ed8bb9af32f323cda3c831eb4544b729df7886f96b31657bb528d8f70db3bb90de2c41a85353d45d8192dd2b6b63efa147d588d861514738f5d60565affd1f7e
ssdeep
6144:vEAmg+BL+JXXEhmWR2cmep8YKDBcnr/RZCZEpn/XUWhKj9vkTwZ3:vEAmDB+JnEkW1Pkcr//BsWI
Community
Google
False cancel
HashLib
False cancel
YARA
Matches
HasModified_DOS_Message, NET_executable, contentis_base64, Microsoft_Visual_C_v70_Basic_NET, Microsoft_Visual_Studio_NET_additional, IP, IsNET_EXE, NETexecutableMicrosoft, Microsoft_Visual_C_Basic_NET, Microsoft_Visual_Studio_NET, IsPacked, HasOverlay, mpress_2_xx_net, NET_executable_, domain, IsPE32, Microsoft_Visual_C_v70_Basic_NET_additional, IsWindowsGUI

Suspicious
True check_circle

Imports
mscoree.dll
_CorExeMain
Strings
List
System.Security
ntime.Co
S.th
y.RE
System.IO
ystem.Ru
<assemblyIdentity version="1.0.0.0" name="MyApplication.app"/>
Gp.Mt
System.Security.Permissions.SecurityPermissionAttribute, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
System.Security.Permissions
Bless00.exe
Bless00.exe
3.0.3.0
3.0.3.0
3.0.3.0
~&oGr
`aF-D
am/O
g|Ha
RdA#
r%*A/
File is invalid.
/UriTy%A
VLC media player
VLC media player
VLC media player
VLC media player
System.Windows.Forms
VLC media player, VideoLAN and x264 are registered trademarks from VideoLAN
mscoree.dll
get_ExecutablePath
I.mik
SecurityAction
5AeF
0acd
@/* }:
:<%/@
/TC)r'Aq
E&or
<requestedExecutionLevel level="asInvoker" uiAccess="false"/>
25APP%UT
1aO8^
SecurityPermissionAttribute
_CorExeMain
&Jae=e1!i&
aI4d>IYs
htAuWl@~x
roy18(s
ium4)@PdF
{A+u56nW
k;rMM)7PmE
<,=SKmo+u
bWEu|;;[cB>
UBmTlv0#
get_EntryPoint
PeH51!:
hchem@a%!
pcld0mo.
AntF=yNE5|c
&>[TEcd!
MPRESS_for_dNET_v_4_0
Inter?op
h|AnLxbO
!It's .NET EXE$@
GiSExE<
{dbOmt[*$
{Mn"F&~iD%
X+uIRe5
JR"5eEA
5AwSI[M
;_MIlYF{W#
fim5T'G\
*>YwTa&y
aDw"![#
#Strings
eA-N*+b
g($Coe>
get_Length
RuntimeCompatibilityAttribute
4y-mDPI
&2ScFvI
Y4TOF?
@-fLIy>
ReadInt32
&=awrs\
<Module>
Comments
ReadUInt32
ReadUInt16
rapNonEx0ce
O?FT){
pUy9AFwi
</assembly>
I.WF5C
CompanyName
GetParameters
/90-02+
.T5BA
}6CDA
;Na]cGI

Foremost
Matches
0.exe, 73 KB
Suspicious
True check_circle
Heuristics
IPs
hasIPs: False cancel
Allowed
Suspicious
hasAllowed: False cancel
hasSuspicious: False cancel

URLs
Allowed
hasURLs: False cancel
Suspicious
hasAllowed: False cancel
hasSuspicious: False cancel

Files
Allowed: mscoree.dll
hasFiles: True check_circle
Suspicious
hasAllowed: True check_circle
hasSuspicious: False cancel

Binary
Sizes
RVA
RVA: 16
Suspicious: False cancel
Code
Size: 2048
Suspicious: False cancel
Image
Address: 4194304
Suspicious: False cancel
Stack
Stack: 4096
Suspicious: False cancel
Headers
Headers: 512
Suspicious: False cancel
Suspicious: False cancel

Symbols
Number
Number: 0
Suspicious: True check_circle
Pointer
Pointer: 0
Suspicious: True check_circle
Directories
Number: 16
Suspicious: False cancel

Checksum
Value: 0
Suspicous: True check_circle

Sections
Allowed: .text, .rsrc, .reloc
Suspicious
hasAllowed: True check_circle
hasSections: True check_circle
hasSuspicious: False cancel

Versions
OS
Version: 4
Suspicious: False cancel
Image
Version: True check_circle
Suspicious: 4
Linker
Version: 8.0
Suspicious: False cancel
Subsystem
Version: 4.0
Suspicious: False cancel
Suspicious: False cancel

EntryPoint
Address: 11870
Suspicious: False cancel

Anomalies
Anomalies: The header checksum and the calculated checksum do not match.
hasAnomalies: True check_circle

Libraries
Allowed: mscoree.dll
hasLibs: True check_circle
Suspicious
hasAllowed: True check_circle
hasSuspicious: False cancel

Timestamp
Past: False cancel
Valid: True check_circle
Value: 2010-12-09 16:58:13
Future: False cancel

Compilation
Packed: False cancel
Missing: False cancel
Packers
Compiled: True check_circle
Compilers: Microsoft Visual C# / Basic .NET, Microsoft Visual Studio .NET, .NET executable, Microsoft Visual C# v7.0 / Basic .NET

Obfuscation
XOR: False cancel
Fuzzing: False cancel

PEDetector
Matches
None
Suspicious
False cancel
Disassembly
hasTricks
True check_circle
Tricks
pushret
.rsrc: 2

pushpopmath
.text: 3

cpuinstructionsresultscomparison
.text: 1

AVclass
File
Trace

Process
Trace

Analysis
Reason
Blue Screen

Status
Execution Failed

Results
0

Registry
Trace

File Summary
Created
Identified: False cancel

Deleted
Identified: False cancel

Process Summary
Created
Identified: False cancel

Deleted
Identified: False cancel

Registry Summary
Proxy
Identified: False cancel

AutoRun
Identified: False cancel

Created
Identified: False cancel

Deleted
Identified: False cancel

Browsers
Identified: False cancel

Internet
Identified: False cancel

Loading...

DNS
Query

Response

TCP
Info

UDP
Info

HTTP
Info

Summary
DNS
False cancel

TCP
False cancel

UDP
False cancel

HTTP
False cancel

Results
BINARY
NFS 2.0 (Threshold = 0.8)
confidence: 56.88%
suspicious: True check_circle

NFS 3.0 (Threshold = 0.75)
confidence: 66.67%
suspicious: True check_circle

Decision Tree (NFS-BRMalware)
confidence: 100.00%
suspicious: False cancel

MalConv (Ember: Raw Bytes, Threshold=0.5)
confidence: 99.29%
suspicious: True check_circle

Random Forest (100 estimators, NFS-BRMalware)
confidence: 54.00%
suspicious: True check_circle

Non-Negative MalConv (Ember: Raw Bytes, Threshold=0.35)
confidence: 57.74%
suspicious: True check_circle

LightGDM (Ember: File Characteristics, Threshold=0.8336)
confidence: 99.97%
suspicious: True check_circle

Add to Collection
Download