'
metaflows logo
Category Started On Completed On Duration Cuckoo Version
FILE 2016-08-22 20:20:04.831560 2016-08-22 20:23:09.154932 184 seconds 2.0-dev
Machine Label Manager Started On Shutdown On
win7cuckoo2 win7 Clone 2 VirtualBox 2016-08-22 20:20:05 2016-08-22 20:23:08

File Details

File name 94b12412800d0c2132fd44ca47550e3a6ad210c0.exe
File size 5211888 bytes
File type PE32 executable for MS Windows (GUI) Intel 80386 32-bit
CRC32 209B549B
MD5 69b2cd5941f62d344e4d954720c6bd01
SHA1 94b12412800d0c2132fd44ca47550e3a6ad210c0
SHA256 573a8ac2621ede050849f8de139829e3126a96febbebf5f89809c58f34ab072b
SHA512 a66cedb0bc01ca91459a701e7d276263f0869d5ee46c3c1787c21618d55a2e8e204b205a8055fbd639daac681863eab299e82fd94a7b9221adf6dcf9c6a2b740
Ssdeep 98304:3n+uQ45jrq+YmwyNLjQ/qsnfPkjWYCr1ZkYBAbFTRUVnDaa1vp:3PQKjrqHjn3kj7eBAbbUVDaa1vp
PEiD None matched
Yara
  • Str_Win32_Winsock2_Library (Match Winsock 2 API library declaration)
  • with_sqlite (Rule to detect the presence of SQLite data in raw image)
  • vmdetect (Possibly employs anti-virtualization techniques)
VirusTotal File not found on VirusTotal

MetaFlows Scores

Metaflows Analysis Results (Signatures=75, Anomalies=0, PEiD=0, Yara=6, VT[1471897437]=0): Snort Events=0, AV Events=0
Total Score=75

Dropped File/Buffer Yara Signatures:
58968138a0c8e6f7_htmlayout.dll: Str_Win32_Wininet_Library

Signatures

antivm_queries_computername details
Windows_Connection_Settings_Accessed details
av_detect_china_key details
packer_entropy details
antiav_detectreg details
antivm_vmware_in_instruction details

Screenshots

No screenshots available.

Static Analysis

Version Infos

Sections

Resources

Imports

Strings