ID: 1648554

Sample Name: eicar.txt

Cookbook: default.jbs
Time: 22:53:39
Date: 25/03/2025
Version: 42.0.0 Malachite
 Table of Contents

Table of Contents 2
Windows Analysis Report eicar.txt 3
Overview 3
General Information 3
Detection 3
Signatures 3
Classification 3
Process Tree 3
Malware Configuration 3
Yara Signatures 3
Initial Sample 3
Sigma Signatures 3
Suricata Signatures 3
Joe Sandbox Signatures 4
AV Detection 4
System Summary 4
Mitre Att&ck Matrix 4
Behavior Graph 4
Screenshots 5
Thumbnails 5
Antivirus, Machine Learning and Genetic Malware Detection 6
Initial Sample 6
Dropped Files 6
Unpacked PE Files 6
Domains 6
URLs 6
Domains and IPs 7
Contacted Domains 7
World Map of Contacted IPs 7
General Information 7
Warnings 7
Simulations 7
Behavior and APIs 7
Joe Sandbox View / Context 7
IPs 7
Domains 8
ASNs 8
JA3 Fingerprints 8
Dropped Files 8
Created / dropped Files 8
Static File Info 8
General 8
File Icon 8
Network Behavior 8
Statistics 8
System Behavior 9
Analysis Process: notepad.exePID: 7360, Parent PID: 3964 9
General 9
File Activities 9
Disassembly 9

Copyright Joe Security LLC 2025 Page 2 of 9

 Windows Analysis Report
eicar.txt

Overview

General Information Detection Signatures Classification

Sample name: eicar.txt
Antivirus / Scanner detection for sub…
Analysis ID: 1648554
EICAR test file detected
MD5: 44d88612fea8a…

SHA1: Multi AV Scanner detection for subm…

3395856ce81f2…
Ransomware

SHA256: 275a021bbfb64… Yara detected EICAR Miner Spreading

malicious
malicious

Infos:
malicious

Queries the volume information (nam… Evader Phishing

suspicious
suspicious

suspicious

clean
clean

clean

Exploiter Banker

Spyware Trojan / Bot

EICAR
Adware

Score: 72

Range: 0 - 100

Confidence: 100%

Process Tree
System is w10x64
notepad.exe (PID: 7360 cmdline: "C:\Windows\system32\NOTEPAD.EXE" C:\Users\user\Desktop\eicar.txt MD5: 27F71B12CB585541885A31BE22F61C83)
cleanup

Malware Configuration
⊘ No configs have been found

Yara Signatures
Initial Sample
Source Rule Description Author Strings

eicar.txt JoeSecurity_EICA Yara detected Joe Security

R EICAR

Sigma Signatures
⊘ No Sigma rule has matched

Suricata Signatures
Copyright Joe Security LLC 2025 Page 3 of 9
 ⊘ No Suricata rule has matched

Joe Sandbox Signatures

AV Detection

Antivirus / Scanner detection for submitted sample

Multi AV Scanner detection for submitted file

System Summary

EICAR test file detected

Yara detected EICAR

Mitre Att&ck Matrix

Command
Resource Initial Privilege Defense Credential Lateral
Reconnai… Execution Persisten… Discovery Collection and Exfiltration Impact
Developm… Access Escalation Evasion Access Movement
Control

Gather Acquire Valid Windows 1 1 1 OS 1 1 Remote Data from Data Exfiltration Abuse
Victim Infrastructur Accounts Managemen DLL Side- DLL Side- DLL Side- Credential System Services Local Obfuscation Over Other Accessibility
Identity e t Loading Loading Loading Dumping Information System Network Features
Information Instrumentat Discovery Medium
ion

Behavior Graph

Copyright Joe Security LLC 2025 Page 4 of 9

 Hide Legend
Legend:
Process
Signature
Created File
DNS/IP Info
Is Dropped
Behavior Graph
Is Windows Process
ID: 1648554
Number of created Registry Values
Sample: eicar.txt
Number of created Files
Startdate: 25/03/2025
Architecture: Visual Basic
WINDOWS
Score: 72 Delphi

Java

.Net C# or VB.NET

C, C++ or other language

EICAR test file detected
Antivirus / Scanner
Multi AV Scanner detection
detection for submitted Yara detected EICAR
Is malicious started
for submitted file
sample
Internet

notepad.exe

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Copyright Joe Security LLC 2025 Page 5 of 9

 Antivirus, Machine Learning and Genetic Malware Detection
Initial Sample
Source Detection Scanner Label Link

eicar.txt 97% Virustotal Browse

eicar.txt 100% ReversingLabs DOS.Malware.EIC

AR

eicar.txt 100% Avira Eicar-Test-

Signature

Dropped Files

⊘ No Antivirus matches

Unpacked PE Files

⊘ No Antivirus matches

Domains

⊘ No Antivirus matches

URLs

⊘ No Antivirus matches

Copyright Joe Security LLC 2025 Page 6 of 9

 Domains and IPs
Contacted Domains

⊘ No contacted domains info

World Map of Contacted IPs

⊘ No contacted IP infos

General Information
Joe Sandbox version: 42.0.0 Malachite

Analysis ID: 1648554

Start date and time: 2025-03-25 22:53:39 +01:00

Joe Sandbox product: CloudBasic

Overall analysis duration: 0h 3m 36s

Hypervisor based Inspection enabled: false

Report type: light

Cookbook file name: default.jbs

Analysis system description: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 134, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip
23.01

Number of analysed new started processes 11

analysed:

Number of new started drivers analysed: 0

Number of existing processes analysed: 0

Number of existing drivers analysed: 0

Number of injected processes analysed: 0

Technologies: EGA enabled

AMSI enabled

Analysis Mode: default

Analysis stop reason: Timeout

Sample name: eicar.txt

Detection: MAL

Classification: mal72.troj.winTXT@1/0@0/0

Cookbook Comments: Found application associated with file extension: .txt

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, sppsvc.exe, SIHClient.exe, SgrmBroker.exe, conhost.exe, svchost.exe
Excluded IPs from analysis (wh itelisted): 184.31.69.3, 52.149.20.212
Excluded domains from analysis (whitelisted): fs.microsoft.c om, ocsp.digicert.com, slscr.u pdate.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
Not all processes where analyz ed, report is missing behavior information

Simulations

Behavior and APIs

⊘ No simulations

Joe Sandbox View / Context

IPs
Copyright Joe Security LLC 2025 Page 7 of 9
 ⊘ No context

Domains

⊘ No context

ASNs

⊘ No context

JA3 Fingerprints

⊘ No context

Dropped Files

⊘ No context

Created / dropped Files

⊘ No created / dropped files found

Static File Info

General
File type: EICAR virus test files

Entropy (8bit): 4.8723276870872425

TrID:

File name: eicar.txt

File size: 68 bytes

MD5: 44d88612fea8a8f36de82e1278abb02f

SHA1: 3395856ce81f2b7382dee72602f798b642f14140

SHA256: 275a021bbfb6489e54d471899f7db9d1663fc695ec2fe2a2c4538aabf651fd0f

SHA512: cc805d5fab1fd71a4ab352a9c533e65fb2d5b885518f4e565e68847223b8e6b85cb48f3afad842726d99239c9e36505c64b0dc9a061d9e507d833277ada336ab

SSDEEP: 3:a+JraNvsgzsVqSwHq9:tJuOgzsko

TLSH: 41A022003B0EEE2BA20B00200032E8B00808020E2CE00A3820A020B8C83308803EC228

File Content X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*

Preview:

File Icon

Icon Hash: 72eaa2aaa2a2a292

Network Behavior
⊘ No network behavior found

Statistics

Copyright Joe Security LLC 2025 Page 8 of 9

 ⊘ No statistics

System Behavior

Analysis Process: notepad.exe PID: 7360, Parent PID: 3964

General
Target ID: 0

Start time: 17:54:31

Start date: 25/03/2025

Path: C:\Windows\System32\notepad.exe

Wow64 process (32bit): false

Commandline: "C:\Windows\system32\NOTEPAD.EXE" C:\Users\user\Desktop\eicar.txt

Imagebase: 0x7ff7d6920000

File size: 201'216 bytes

MD5 hash: 27F71B12CB585541885A31BE22F61C83

Has elevated privileges: true

Has administrator true

privileges:

Programmed in: C, C++ or other language

Reputation: high

Has exited: false

File Activities
There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

File Path Offset Length Completion Count Source Address Symbol

Disassembly
⊘ No disassembly

Copyright Joe Security LLC 2025 Page 9 of 9