'
metaflows logo
Category Started On Completed On Duration Cuckoo Version
FILE 2016-10-31 17:46:45.577412 2016-10-31 17:47:54.778347 69 seconds 2.0-dev
Machine Label Manager Started On Shutdown On
win7cuckoo win7 Clone 1 VirtualBox 2016-10-31 17:46:46 2016-10-31 17:47:54

File Details

File name yfoye_dump.exe
File size 36864 bytes
File type PE32 executable for MS Windows (GUI) Intel 80386 32-bit
CRC32 EB829EDD
MD5 efc9040f587a5dd9e1de4707ec1ed8c5
SHA1 43e7b85bb4282b731a8cbcd41a53fcaed49af0ab
SHA256 c2581af6d4ff858b9fdf6c3bb6c32f988873057c0c28342b4c4bfa659ca5c0a8
SHA512 d649675d1092dbc6ce7af3f83eaf048f1f4bbd6a15dfe8087ecedbbe1c837ff6de1264a0d5239cebc1451e8a6e624afee7e13a98b4b4a08c7f91218908e799fd
Ssdeep 384:kDdB16rbw9tkVR/2thvZkYqIgKkZtiycNPwvPyHWPbwHowHSWQEkE6S+j:kJB1ubWashRm8/PwvPKWPQB7
PEiD None matched
Yara
  • Str_Win32_Http_API (Match Windows Http API call)
VirusTotal Permalink
VirusTotal Scan Date: 2016-10-14 19:42:58
Detection Rate: 50/56 (Expand)

MetaFlows Scores

Metaflows Analysis Results (Signatures=0, Anomalies=0, PEiD=0, Yara=2, VT[1477936079]=100): Snort Events=0, AV Events=2
Total Score=100

CLAMAV DETECTED:
Win.Spyware.Rombertik-1 FOUND
Win.Trojan.Heur2-286 FOUND

Signatures

No signatures matched

Screenshots

No screenshots available.

Static Analysis

Sections

Resources

Imports

Strings

Dropped Files

Nothing to display.

Network Analysis

Hosts Involved

DNS Requests

Behavior Summary

Processes

registry filesystem process services network synchronization

C:\Windows\system32\lsass.exe PID: 456, Parent PID: 352

"C:\Users\Harry Dresden\AppData\Local\Temp\yfoye_dump.exe" PID: 4520, Parent PID: 2852

Volatility

Nothing to display.