'
metaflows logo
Category Started On Completed On Duration Cuckoo Version
FILE 2016-09-30 17:35:06.439785 2016-09-30 17:37:18.220544 131 seconds 2.0-dev
Machine Label Manager Started On Shutdown On
win7cuckoo win7 Clone 1 VirtualBox 2016-09-30 17:35:07 2016-09-30 17:37:18

File Details

File name 57ce87863b6d5ca6274db17d4c81416df0c67006.exe
File size 25044224 bytes
File type PE32 executable for MS Windows (GUI) Intel 80386 32-bit
CRC32 6CE51CEE
MD5 4b7051b7dc97250013cce624502f6d39
SHA1 57ce87863b6d5ca6274db17d4c81416df0c67006
SHA256 dd59ff7e6cd02c937393a6810f5a013efeabee1731f408a4e65cc0895fde531f
SHA512 3c73da1f7041bc7136c9eed25490aa74163ce0c2dcdd51bb47f77e514bbe6a7506d673d5d90aafa2266c119703e7678216f823a3fbdb8bce105b9933925f35d0
Ssdeep 393216:U39jdeaaQDDuLUAQSTBGpX+jw1+OnowAV7k9e+OySqDj5mSDISzpZh93vtMD9viD:y9JP9DEUAnBY+jwlowAVg4wJISzpZh9j
PEiD None matched
Yara None matched
VirusTotal File not found on VirusTotal

MetaFlows Scores

Metaflows Analysis Results (Signatures=75, Anomalies=0, PEiD=0, Yara=0, VT[1475257100]=0): Snort Events=0, AV Events=0
Total Score=75

Dropped File/Buffer Yara Signatures:
6924477cb0c45cf7_logview.exe: Str_Win32_Winsock2_Library
5f5bb76215ac093f_gscp.exe: Str_Win32_Winsock2_Library
e202f6a8b4d06e0d_gsync.exe: Str_Win32_Winsock2_Library
bdea59ec9d520433_gs-server.exe: Str_Win32_Winsock2_Library
db0fa088d9f7494e_dbghelp.dll: Str_Win32_Wininet_Library
9cb03de00b73f1a9_clout.exe: Str_Win32_Winsock2_Library

Signatures

antivm_queries_computername details
recon_fingerprint details
antivm_memory_available details
Roaming_Profile_Modified details
Startup_File_Accessed details
antivm_disk_size details
antivm_network_adapters details
creates_service details

Screenshots

No screenshots available.

Static Analysis

Version Infos

Sections

Resources

Imports

Strings