Report #13653 check_circle

  • Creation Date: Sept. 11, 2021, 9:52 p.m.
  • Last Update: Sept. 11, 2021, 10:29 p.m.
  • File: 027.exe
  • Results:
Binary
DLL
False cancel
Size
637.78KB
trid
52.9% Win32 Executable
23.5% Generic Win/DOS Executable
23.5% DOS Executable Generic
type
PE
wordsize
32
Subsystem
Windows GUI
Hashes
md5
e37b7b6c03575658fed153e669650b19
sha1
a42b8b6e8bd4ef1fde61c9cbb04e448beaf4f49d
crc32
0x6c668f33
sha224
f6fa9abec8dd068bdb6b077ab4c1ce4ce27e065c6b9d293726cecfc4
sha256
7f79e1727b27d66fe48ad2acae14e140b5be37658daffc08f7d0ce23116aa1ea
sha384
50f97926dccd64e9fab143b219df391a5da7d298612f625211b7449d135cfb96adc816658fa0e918f8b7a430204d4d58
sha512
ce69abd8b989028ae26fb54c100eb4575fd1445be1573d9b3ea466881862054de0b634e108627d25b800557af07dce0bc41aa9ed33e68c8b28e7561fdf9d53ee
ssdeep
12288:p2fd+nJ1Xj0lPlJiJEaS69m9UjR8OKHNgGsa5usuuB3S8Ettr3fcaoxzTFNNUV6s:O+jj0xiJEr5OKJsacsv3VE/rEaohRSnl
Community
Google
False cancel
HashLib
False cancel
YARA
Matches
HasModified_DOS_Message, NET_executable, contentis_base64, Microsoft_Visual_C_v70_Basic_NET, Microsoft_Visual_Studio_NET_additional, IP, IsNET_EXE, NETexecutableMicrosoft, Microsoft_Visual_C_Basic_NET, Microsoft_Visual_Studio_NET, IsPacked, HasOverlay, mpress_2_xx_net, NET_executable_, domain, IsPE32, Microsoft_Visual_C_v70_Basic_NET_additional, IsWindowsGUI

Suspicious
True check_circle

Imports
mscoree.dll
_CorExeMain
Strings
List
System.Security
A1.SC
System.IO
<assemblyIdentity version="1.0.0.0" name="MyApplication.app"/>
N.gF
c.MH
iF.mV
N.HK
System.Security.Permissions.SecurityPermissionAttribute, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
System.Security.Permissions
1.0.0.0
1.0.0.0
1.0.0.0
+#%/
H%\i
L:{%E
v'E%Ag
~%nWe
%%I!H
}%A_N
File is invalid.
s%AVo
System.Windows.Forms
FileLoadException.exe
FileLoadException.exe
FileLoadException.exe
mscoree.dll
get_ExecutablePath
'rDPg
SecurityAction
d6fA
VER_NEGA
a&o9"N!C
we*c|
el.a"
AW_BL
Hash2
C_RE
,3.za
<requestedExecutionLevel level="asInvoker" uiAccess="false"/>
e6fd-444
894edc0-
2#Q0TopL7ev0
ken=b77a
e*I&o
SecurityPermissionAttribute
41\.ADFill
_CorExeMain
_CorExeMain
{"E)1)Ew
LeM%0$A8d
'tH*4IS|1
3-adf8-1
H3MsgBox,
E-\Wpu=g]
/&Me|>]igF
\ufTfLdha
<!\Ndhev1
y4DgKfi?
CMFdA"*h!A
Beg;in,T&
get_EntryPoint
n>'auy1h
Vy9;c}PaS
$Shutdow
uDb~uA6
a6AnT/JhO-OhO,OhN,OhO,OhO,OhN,OhO,OhO,OhO,OhO,OhO,OhN,OhO,OhO,OhO,OhO,OhO,OhO-OhO,OhO-OhO,OhN,OhO,OhO,OmS.K~_5B
VHcdy`aA
!It's .NET EXE$@
AYvOyG@Hm
B>*@I/E
W&Gsrowcq
|hi7eo\
];wR?%C.bU
2H.uEgK
2i_huUB
6FuSTA`
\x=cH#NOl_
+vguS;D]F
-BYU1MS
P^MAkN'.
Rng~ca)-
5ZYuNTDEP
#Strings
dr|gUAXOG&'
iS"eY/_
\uRyA='
get_Length
GFN)R\0_
-HAHp6 6c
RuntimeCompatibilityAttribute
ispose__
F"r${in
n%\TU&b
_sE,_kW
ReadInt32
:E7M2L
s*d(u/b
7FRo3;
}rniAb:s

Foremost
Matches
0.exe, 104 KB
Suspicious
True check_circle
Heuristics
IPs
hasIPs: False cancel
Allowed
Suspicious
hasAllowed: False cancel
hasSuspicious: False cancel

URLs
Allowed
hasURLs: False cancel
Suspicious
hasAllowed: False cancel
hasSuspicious: False cancel

Files
Allowed: mscoree.dll
hasFiles: True check_circle
Suspicious
hasAllowed: True check_circle
hasSuspicious: False cancel

Binary
Sizes
RVA
RVA: 16
Suspicious: False cancel
Code
Size: 2048
Suspicious: False cancel
Image
Address: 4194304
Suspicious: False cancel
Stack
Stack: 4096
Suspicious: False cancel
Headers
Headers: 512
Suspicious: False cancel
Suspicious: False cancel

Symbols
Number
Number: 0
Suspicious: True check_circle
Pointer
Pointer: 0
Suspicious: True check_circle
Directories
Number: 16
Suspicious: False cancel

Checksum
Value: 0
Suspicous: True check_circle

Sections
Allowed: .text, .rsrc, .reloc
Suspicious
hasAllowed: True check_circle
hasSections: True check_circle
hasSuspicious: False cancel

Versions
OS
Version: 4
Suspicious: False cancel
Image
Version: True check_circle
Suspicious: 4
Linker
Version: 8.0
Suspicious: False cancel
Subsystem
Version: 4.0
Suspicious: False cancel
Suspicious: False cancel

EntryPoint
Address: 11870
Suspicious: False cancel

Anomalies
Anomalies: The header checksum and the calculated checksum do not match.
hasAnomalies: True check_circle

Libraries
Allowed: mscoree.dll
hasLibs: True check_circle
Suspicious
hasAllowed: True check_circle
hasSuspicious: False cancel

Timestamp
Past: False cancel
Valid: True check_circle
Value: 2010-12-09 16:58:13
Future: False cancel

Compilation
Packed: False cancel
Missing: False cancel
Packers
Compiled: True check_circle
Compilers: Microsoft Visual C# / Basic .NET, Microsoft Visual Studio .NET, .NET executable, Microsoft Visual C# v7.0 / Basic .NET

Obfuscation
XOR: False cancel
Fuzzing: False cancel

PEDetector
Matches
None
Suspicious
False cancel
Disassembly
hasTricks
True check_circle
Tricks
pushret
.rsrc: 30

pushpopmath
.rsrc: 4
.text: 3

garbagebytes
.rsrc: 3

programcontrolflowchange
.rsrc: 3

cpuinstructionsresultscomparison
.rsrc: 1
.text: 1

AVclass
File
Trace

Process
Trace

Analysis
Reason
Blue Screen

Status
Execution Failed

Results
0

Registry
Trace

File Summary
Created
Identified: False cancel

Deleted
Identified: False cancel

Process Summary
Created
Identified: False cancel

Deleted
Identified: False cancel

Registry Summary
Proxy
Identified: False cancel

AutoRun
Identified: False cancel

Created
Identified: False cancel

Deleted
Identified: False cancel

Browsers
Identified: False cancel

Internet
Identified: False cancel

Loading...

DNS
Query

Response

TCP
Info

UDP
Info

HTTP
Info

Summary
DNS
False cancel

TCP
False cancel

UDP
False cancel

HTTP
False cancel

Results
BINARY
NFS 2.0 (Threshold = 0.8)
confidence: 56.25%
suspicious: True check_circle

NFS 3.0 (Threshold = 0.75)
confidence: 68.67%
suspicious: True check_circle

Decision Tree (NFS-BRMalware)
confidence: 100.00%
suspicious: False cancel

MalConv (Ember: Raw Bytes, Threshold=0.5)
confidence: 89.84%
suspicious: True check_circle

Random Forest (100 estimators, NFS-BRMalware)
confidence: 53.00%
suspicious: True check_circle

Non-Negative MalConv (Ember: Raw Bytes, Threshold=0.35)
confidence: 84.95%
suspicious: True check_circle

LightGDM (Ember: File Characteristics, Threshold=0.8336)
confidence: 95.90%
suspicious: True check_circle

Add to Collection
Download