Report #13654 check_circle

  • Creation Date: Sept. 11, 2021, 9:52 p.m.
  • Last Update: Sept. 11, 2021, 10:34 p.m.
  • File: 028.exe
  • Results:
Binary
DLL
False cancel
Size
627.24KB
trid
52.9% Win32 Executable
23.5% Generic Win/DOS Executable
23.5% DOS Executable Generic
type
PE
wordsize
32
Subsystem
Windows GUI
Hashes
md5
b90d1cbf013743095abfc10f89b87597
sha1
d20298834f11744583e515766208cedcd3fd0542
crc32
0xbd1b75e6
sha224
c61e90dd6dc19e3006472349969d5008b13e232a11a8b9435ac914fc
sha256
5db0e4ef5fb3e54c90a4e8f3bc4ff051427da560e4cb90f803dba6e8a14a8a79
sha384
326166a87eaa201b83702a52d1627b565e7ccfa13336b3a1afc2051c0713aa63906d81eeb8214cc2afc1ec69ed19fb53
sha512
193152f5c87fe1fc8211c636109f386b58d6e33e4a257bbd384642e713ec58626fbfe1ba6d79b6e91707d495157a0dc00baaf672f648cff1c17dee8602baed4d
ssdeep
12288:Xp+uH/0HBZ3M+W2n3eZoaUc71hAolej9iOyK13qfCoi7UWSa/ItgW3HV:PHo1MDG3BaB71hAolvK13erXa/ItgW31
Community
Google
False cancel
HashLib
False cancel
YARA
Matches
HasModified_DOS_Message, NET_executable, contentis_base64, Microsoft_Visual_C_v70_Basic_NET, Microsoft_Visual_Studio_NET_additional, IP, IsNET_EXE, NETexecutableMicrosoft, Microsoft_Visual_C_Basic_NET, Microsoft_Visual_Studio_NET, IsPacked, HasOverlay, mpress_2_xx_net, NET_executable_, domain, IsPE32, Microsoft_Visual_C_v70_Basic_NET_additional, IsWindowsGUI

Suspicious
True check_circle

Imports
mscoree.dll
_CorExeMain
Strings
List
System.Security
Nt.gH
System.IO
<assemblyIdentity version="1.0.0.0" name="MyApplication.app"/>
T.Sj
System.Security.Permissions.SecurityPermissionAttribute, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
h.Tz
hRz.Ws
Rel.ax$2
z.gs
System.Security.Permissions
C.ehh
0.0.0.0
cbsmsg.dll
Ms,E
eRxP7%a5~
4tD%E
%%uhr
[G%ni
%ErN.
File is invalid.
bNsr
GT%EW
System.Windows.Forms
?: %%
mscoree.dll
get_ExecutablePath
"_DnS
g6SSh
SecurityAction
DebuggerGP
De4c
C8ee
Microsoft Corporation. All Rights Reserved.
VnCE7Br
*%/5
Md?o
I'nH
]1st
Sru_
ae.iy
<requestedExecutionLevel level="asInvoker" uiAccess="false"/>
W7.Ky)
TjYH8\ra7E
PKT1Y<A2
&oIu>A<
SecurityPermissionAttribute
6BsT\6hi
_CorExeMain
@~^ARNP4
RUfV1Pf6PIy)0&R
I3Zead-D^\
$0(H#Repla
u9!bOWcF@
#PT,;YSU2
CSkp<5aeCv
.0.3031&
y(TiWfW5n
%H7E>VE
RGA'ySh7
y'a+`Ve.
[#gAU}t_
e,t5f<MU
get_EntryPoint
kground}
:a"$rYOY
xh"LeI$)
amV}(#IF
D:Im-[/S
0+E_!pR
10.0.17763.0
10.0.17763.0
Param"et
.Generic
!It's .NET EXE$@
wpnd6;3T
780hPHO0
]0HhOsE
d1Igo=I
rosoft.
-operativsystem
ht `Se;
`)[ECu_
$N!X>dlO
LRa)CT;=
\*vdg#UN
\qUHiR_mYw
#Strings
System.S
_/#daIK
A:%Ug~N
<PnU,&O
get_Length
5 \AOEC
:%=9659)*)
RuntimeCompatibilityAttribute
til!l4F
Microsoft
9dv!MsA
aLh2m<V

Foremost
Matches
0.exe, 7 KB
Suspicious
True check_circle
Heuristics
IPs
hasIPs: False cancel
Allowed
Suspicious
hasAllowed: False cancel
hasSuspicious: False cancel

URLs
Allowed
hasURLs: False cancel
Suspicious
hasAllowed: False cancel
hasSuspicious: False cancel

Files
Allowed: cbsmsg.dll, mscoree.dll
hasFiles: True check_circle
Suspicious
hasAllowed: True check_circle
hasSuspicious: False cancel

Binary
Sizes
RVA
RVA: 16
Suspicious: False cancel
Code
Size: 2048
Suspicious: False cancel
Image
Address: 4194304
Suspicious: False cancel
Stack
Stack: 4096
Suspicious: False cancel
Headers
Headers: 512
Suspicious: False cancel
Suspicious: False cancel

Symbols
Number
Number: 0
Suspicious: True check_circle
Pointer
Pointer: 0
Suspicious: True check_circle
Directories
Number: 16
Suspicious: False cancel

Checksum
Value: 0
Suspicous: True check_circle

Sections
Allowed: .text, .rsrc, .reloc
Suspicious
hasAllowed: True check_circle
hasSections: True check_circle
hasSuspicious: False cancel

Versions
OS
Version: 4
Suspicious: False cancel
Image
Version: True check_circle
Suspicious: 4
Linker
Version: 8.0
Suspicious: False cancel
Subsystem
Version: 4.0
Suspicious: False cancel
Suspicious: False cancel

EntryPoint
Address: 11870
Suspicious: False cancel

Anomalies
Anomalies: The header checksum and the calculated checksum do not match.
hasAnomalies: True check_circle

Libraries
Allowed: cbsmsg.dll, mscoree.dll
hasLibs: True check_circle
Suspicious
hasAllowed: True check_circle
hasSuspicious: False cancel

Timestamp
Past: False cancel
Valid: True check_circle
Value: 2010-12-09 16:58:13
Future: False cancel

Compilation
Packed: False cancel
Missing: False cancel
Packers
Compiled: True check_circle
Compilers: Microsoft Visual C# / Basic .NET, Microsoft Visual Studio .NET, .NET executable, Microsoft Visual C# v7.0 / Basic .NET

Obfuscation
XOR: False cancel
Fuzzing: False cancel

PEDetector
Matches
None
Suspicious
False cancel
Disassembly
hasTricks
True check_circle
Tricks
pushpopmath
.text: 3

cpuinstructionsresultscomparison
.text: 1

AVclass
File
Trace

Process
Trace

Analysis
Reason
Blue Screen

Status
Execution Failed

Results
0

Registry
Trace

File Summary
Created
Identified: False cancel

Deleted
Identified: False cancel

Process Summary
Created
Identified: False cancel

Deleted
Identified: False cancel

Registry Summary
Proxy
Identified: False cancel

AutoRun
Identified: False cancel

Created
Identified: False cancel

Deleted
Identified: False cancel

Browsers
Identified: False cancel

Internet
Identified: False cancel

Loading...

DNS
Query

Response

TCP
Info

UDP
Info

HTTP
Info

Summary
DNS
False cancel

TCP
False cancel

UDP
False cancel

HTTP
False cancel

Results
BINARY
NFS 2.0 (Threshold = 0.8)
confidence: 60.63%
suspicious: True check_circle

NFS 3.0 (Threshold = 0.75)
confidence: 63.33%
suspicious: True check_circle

Decision Tree (NFS-BRMalware)
confidence: 100.00%
suspicious: False cancel

MalConv (Ember: Raw Bytes, Threshold=0.5)
confidence: 54.86%
suspicious: True check_circle

Random Forest (100 estimators, NFS-BRMalware)
confidence: 50.00%
suspicious: False cancel

Non-Negative MalConv (Ember: Raw Bytes, Threshold=0.35)
confidence: 57.16%
suspicious: True check_circle

LightGDM (Ember: File Characteristics, Threshold=0.8336)
confidence: 99.96%
suspicious: True check_circle

Add to Collection
Download