751dbe355024

Classifications

Injector

Threat Names

App/Generic-CD

Dynamic Analysis Report

Created on 2025-01-24T13:36:31+00:00

Order No.XPMEK-2025-SP0084.exe

Windows Exe (x86-64)

Remarks (1/1)

Process Crash (0x02000008): One or more processes crashed during the analysis. Analysis results may be incomplete.

Filters:

File Name	Category	Type	Verdict	Actions

C:\Users\OqXZRaykm\Desktop\Order No.XPMEK-2025-SP0084.exe

Sample File

Binary

MIME Type	application/vnd.microsoft.portable-executable
File Size	719.50 KB
MD5	74fa44a291db21d0840f52c1bc13f132
SHA1	23578f391e1787666722e6d8f7fd5a70be4f55b0
SHA256	751dbe3550248a6835510e22f91a26b9e52e1af94c4b472125501fab41b38d12
SSDeep	12288:/7iF37xRruipq/r9jULUQotd0o5/k+7l19lGPHJ6OGoG8BxCVmLGsh:eJtOTFM5EdZ/kMlGfcuAmL
ImpHash	-

File Reputation Information

Verdict	Suspicious
Names	App/Generic-CD
Classification	PUA

PE Information

Image Base	0x00400000
Size Of Code	0x000B3600
Size Of Initialized Data	0x00000600
File Type	IMAGE_FILE_EXECUTABLE_IMAGE
Subsystem	IMAGE_SUBSYSTEM_WINDOWS_GUI
Machine Type	IMAGE_FILE_MACHINE_AMD64
Compile Timestamp	2025-01-24 10:50 (UTC)

Version Information (11)

Comments	-
CompanyName	-
FileDescription	BuaLagbe!
FileVersion	1.0.0.0
InternalName	yoEX.exe
LegalCopyright	Copyright © 2023
LegalTrademarks	-
OriginalFilename	yoEX.exe
ProductName	BuaLagbe!
ProductVersion	1.0.0.0
Assembly Version	1.0.0.0

Sections (2)

Name	Virtual Address	Virtual Size	Raw Data Size	Raw Data Offset	Flags	Entropy
.text	0x00402000	0x000B3544	0x000B3600	0x00000200	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ	7.77
.rsrc	0x004B6000	0x00000600	0x00000600	0x000B3800	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ	4.07

Memory Dumps (7)

Name	Process ID	Start VA	End VA	Dump Reason	Bitness	Entry Point	Actions
order no.xpmek-2025-sp0084.exe	1	0x00010000	0x000C7FFF	Relevant Image	64-bit	-	... Actions Go to Process Download Dump
buffer	1	0x1DE90000	0x1DF2CFFF	Reflectively Loaded .NET Assembly	64-bit	-	... Actions Go to Process Download Dump
buffer	1	0x1AC20000	0x1AC41FFF	Reflectively Loaded .NET Assembly	64-bit	-	... Actions Go to Process Download Dump
buffer	1	0x001A0000	0x001AFFFF	Reflectively Loaded .NET Assembly	64-bit	-	... Actions Go to Process Download Dump
buffer	1	0x1C8A0000	0x1C903FFF	Reflectively Loaded .NET Assembly	64-bit	-	... Actions Go to Process Download Dump
buffer	1	0x7FFAF4FC8000	0x7FFAF4FC8FFF	First Execution	64-bit	0x7FFAF4FC8000	... Actions Go to Process Download Dump
order no.xpmek-2025-sp0084.exe	1	0x00010000	0x000C7FFF	Process Termination	64-bit	-	... Actions Go to Process Download Dump

Function Logfile

This feature requires an online-connection to the VMRay backend.

An offline version with limited functionality is also provided.
The offline version is supported only in Mozilla Firefoxwith deactivated setting \"security.fileuri.strict_origin_policy\".

Before

After

WHOIS Domain Information

Screenshot

Remarks (1/1)

There are no files for this filter

There are no files in this analysis

Classifications

Threat Names

Before

After

WHOIS Domain Information