'
metaflows logo
Category Started On Completed On Duration Cuckoo Version
FILE 2016-09-13 09:35:07.422078 2016-09-13 09:37:14.638372 127 seconds 2.0-dev
Machine Label Manager Started On Shutdown On
win7cuckoo win7 Clone 1 VirtualBox 2016-09-13 09:35:08 2016-09-13 09:37:14

File Details

File name d04d2514edd2a72ba3947ed70ecaf30b32b4c66a.exe
File size 2607893 bytes
File type PE32 executable for MS Windows (GUI) Intel 80386 32-bit
CRC32 E092022E
MD5 17c6197e9e943968895be4b215a47bbd
SHA1 d04d2514edd2a72ba3947ed70ecaf30b32b4c66a
SHA256 d8f60ecbed4c3224a774339c9fabbc1051303016a4fd19d0a684acea2031e1b2
SHA512 96a57a7dab0a17baf2ac0c5dcc69ccada0a593b882f233cc6b0efc4d3acc8ac08e697f26293075ccae2f164412b5ceab8121e73a043ae0b130f72d842807503e
Ssdeep 49152:ZILSNkF7AbB+6ky+VSNUrbvccWskhiI3X9:ZESs7EBH+YkLBkhx
PEiD None matched
Yara
  • Str_Win32_Wininet_Library (Match Windows Inet API library declaration)
  • Str_Win32_Internet_API (Match Windows Inet API call)
  • Str_Win32_Http_API (Match Windows Http API call)
VirusTotal File not found on VirusTotal

MetaFlows Scores

Metaflows Analysis Results (Signatures=75, Anomalies=0, PEiD=0, Yara=6, VT[1473759464]=0): Snort Events=0, AV Events=0
Total Score=75

Dropped File/Buffer Yara Signatures:
5cda6eaa2ee6a2b8_d04d2514edd2a72ba3947ed70ecaf30b32b4c66a.exe: Str_Win32_Wininet_Library

Signatures

has_pdb details
antivm_memory_available details
Long_Alphanum_Exe_Name details
dropper details
antisandbox_idletime details
antisandbox_mouse_hook details

Screenshots

No screenshots available.

Static Analysis

Version Infos

Sections

Resources

Imports

Strings

Dropped Files

8e069b1722a4fc49_mbapreq.wxl

e5b064589d741bdb_bootstrappercore.dll

a64afbd95664554c_mbapreq.wxl

245c5c505bea3475_expressba.resources.dll

606321d3412f7198_expressba.resources.dll

5e80e78dd7d25c91_expressba.resources.dll

8c8899c6cc0da276_expressba.resources.dll

d47a140dcd36d438_mbapreq.wxl

8189239e8c4e3dc3_expressba.resources.dll

557f37db09369a0a_expressba.resources.dll

13635769db1f48f0_mbapreq.wxl

6b94d0789038e37c_bootstrapperapplicationdata.xml

f7a78463bb471614_expressba.resources.dll

02214224fab8ac96_expressba.resources.dll

a17d2de5cc82a44c_mbapreq.wxl

1209aa66a4f99a46_expressba.resources.dll

106555dd49231ffb_mbapreq.wxl

41d9d93639357027_mbapreq.wxl

865b78292087a71a_expressba.resources.dll

baac9792a8d480c6_expressba.resources.dll

48646b31688aa7a8_expressba.resources.dll

7ead3191307cce1e_expressba.resources.dll

704239fbc742f1da_expressba.resources.dll

136ae18ef0d7268b_expressba.resources.dll

3e67b7accb5815df_expressba.resources.dll

ff8b6c6ba9a5c180_mbapreq.wxl

ce4768bb69b98d68_expressba.dll

f8c3a03f47f0b9b3_mbapreq.thm

ca7cd1bf6d433ae8_mbapreq.wxl

182de3bf34a1ea92_expressba.resources.dll

189d0cf7bcebec2a_bootstrappercore.config

5b02e79837ddaed7_expressba.resources.dll

b148d406d9a0ca2d_expressba.resources.dll

9ff48acb76f4ebe9_mbapreq.wxl

ae7aa89299f00e43_mbapreq.wxl

6adc2a6b25dea736_mbahost.dll

f944fe7d8473ed6a_mbapreq.wxl

5567e3f35457e450_expressba.resources.dll

c35dedc4e685ecb6_expressba.resources.dll

705ae382f2adbc7c_mbapreq.wxl

94607e2517ec48bb_expressba.resources.dll

166801eff4a826bf_mbapreq.wxl

95b9735a8065ef79_expressba.resources.dll

43e00163c060a09c_mbapreq.wxl

b85ef6be00a1095e_expressba.resources.dll

9216632cdf31c511_mbapreq.dll

5743ff67726d2f19_expressba.resources.dll

a401a225addaf891_mbapreq.png

ebc2bf04a4f378ae_mbapreq.wxl

7ac12316806282d4_expressba.resources.dll

ae9f8e1a8856b18b_mbapreq.wxl

632ced5010ddc08c_eula_enu.rtf

da766c1e526eea01_expressba.resources.dll

1f38ed0bca95c18d_expressba.resources.dll

bdf44a835be92644_mbapreq.wxl

c1aeb5416db9e5cc_expressba.resources.dll

5cda6eaa2ee6a2b8_d04d2514edd2a72ba3947ed70ecaf30b32b4c66a.exe