'
metaflows logo
Category Started On Completed On Duration Cuckoo Version
FILE 2017-05-04 09:22:58.670794 2017-05-04 09:26:04.046914 185 seconds 2.0-dev
Machine Label Manager Started On Shutdown On
win7cuckoo2 win7 Clone 2 VirtualBox 2017-05-04 09:23:00 2017-05-04 09:26:01

Errors

File Details

File name 947771cb7dd4a5381f9cab94bb5566dcfa352af6.zip
File size 8756848 bytes
File type Zip archive data, at least v2.0 to extract
CRC32 65E10CB8
MD5 ad86cb0517622309751d730872affee6
SHA1 947771cb7dd4a5381f9cab94bb5566dcfa352af6
SHA256 f1280ba7bfc6dfe0f5488e5b2efefa44f15113b79279c4782151ad6a61667226
SHA512 2f9c06bfc7c98b35941a2a6e58f3b6a38488a08ef5de9d1b883043c3b41b4bb7b23e38b4a7a92c34704e9a8db82a9e96f175591a0ae8e1ed77d44e5224b12989
Ssdeep 196608:ColNKTRv9GAfSMFqePqoLKqMQNessAMO3tiB:94IWZFqy+SYlAMg8
PEiD None matched
Yara
  • shellcode (Matched shellcode byte patterns)
VirusTotal File not found on VirusTotal

MetaFlows Scores

Metaflows Analysis Results (Signatures=75, Anomalies=0, PEiD=0, Yara=2, VT[1493890160]=0): Snort Events=0, AV Events=0
Total Score=75

Dropped File/Buffer Yara Signatures:
run.exe: GenerateTLSClientHelloPacket_Test
5d58e1ca64a5f0f9d009a8865737dc6ed8f120c7 [BUFFER]: shellcode
587676fd78099019a432a2f5aa481720627402a1 [BUFFER]: shellcode
adbc79b78c3e00f7f5bbca368f6fc6bb7420dbc0 [BUFFER]: shellcode
f78a7df889c002cd247464625b1e8c6d50e6cd3f [BUFFER]: shellcode
041ade0526ba38f2c74db8c8d30d6442581a2a30 [BUFFER]: shellcode
5cd285a840df9eae6f9fd7e39a64902e4e66d8eb [BUFFER]: shellcode
dcc8ba0ff1f43c21d2b9594d305805b4c9a8d460 [BUFFER]: shellcode
edaf3a36cf6dd22c520a0b8d5fd9b14460a325e3 [BUFFER]: shellcode
9e885b563130e0e21bc32b8c85dfe68ac17c778a [BUFFER]: shellcode
917c0892c1a36ddd7de1aab4e460999b554d1d1c [BUFFER]: shellcode
e439a53c3dac4a01d1c2965d0152916c2acea194 [BUFFER]: shellcode
5ae79786a548e337b8453f94f55375126b8908d7 [BUFFER]: shellcode
71249694272186ac1c7f51a75f5e6f322b15b9dc [BUFFER]: shellcode
2cfb462392533256247fcde2fa6d559ce6b3826e [BUFFER]: vmdetect

Signatures

antivm_memory_available details
dumped_buffer details
dns_tld_ru details
network_irc details

Screenshots

No screenshots available.

Static Analysis

Nothing to display.

Dropped Files

e7e2ea835a8213bf_dialogs_hungarian.fsb

84347deb6cf6ba37_ireland_rocks.grp

915f739e47d9c177_norway_cliffs.dxp.bin

08e316c62f33e0f3_pkg_modern_ussr_gm.grp

4a06ff441d081485_arcade_norway_green.dxp.bin

f56ce2c1fcc1d81e_jp_type_89b_i_go_otsu-hq.dxp.bin

3311041bafa971b3_korea_buildings.dxp.bin

1e89ca3d967791d9_krymsk.bin

25355adb108e23b9_cn_gm_bq.dxp.bin

b0b744640b8e05f6_arcade_alps.dxp.bin

161255bb71d5076c_fortress_rocks.dxp.bin

2164267f990f8e6f_gaijin_logo.ogm

cc8a524138a2bde0_decals.dxp.bin

c34bdb20bfc8570b_khalkhin_gol.dxp.bin

7a321949bcbddf08_dialogs_italian.fsb

5719f7a4c7743942_arcade_snow_rocks.dxp.bin

3421efd9c3153d78_snow_alps_buildings.dxp.bin

e9ca99446f2fbbdb_grp_hdr.vromfs.bin

a27d4b05fbadb4a9_crew_tanks_french.fev

14be41b1d3c35bd8_bridges-hq.dxp.bin

513aaa690c079521_vegetation.dxp.bin

e5867ec0cd19cb03_africa_buildings.dxp.bin

1f8769c53fa642cc_aces.dxp.bin

508e151b48cfa904_arcade_canyon_snow.dxp.bin

ebe1927ec5e87f5b_speech_ge.fsb

2569d11de77f9ba5_locations.grp

551ce9b3e4595661_speech_kor.fsb

6828cad4fb0a9a1b_arcade_zhang_park.dxp.bin

8023ee687db3051c_germ_gm.grp

39258eab3cd5408b_kursk.bin

cb7a55cef57a72da_snow_alps_buildings.grp

91b26bfca2c5f951_britain-hq.dxp.bin

d90280ec65fd7076_saipan.dxp.bin

04dbe7b47614b45d_stz.grp

97a9b9a32bb6ed55_tankers.dxp.bin

e7517e9f3b358d2e_peleliu.bin

e3b010539c2efc8c_dialogs_italian.fev

585836f101dd0ba5_crew_tanks_english.fsb

8b7fce4d4418852e_hangar_military_base.dxp.bin

fd4696597d8eee9b_avg_finland.bin

c0574b2085563ac0_landscape_extra.dxp.bin

b982b9bf7fde580f_avg_karpaty_passage.bin

6d803398a746b571_hangar_military_base.bin

a9829230a3ecb33c_bn.pak

030045fe6bfcc690_tutort_english.fsb

8a36cd63a573e4ac_weaponry-hq.dxp.bin

0a28848a4338a797_tank_tutorial_advanced_shooting02.ogv

7562de389c1392e8_crew_tanks_serbian.fsb

37ba19f63b11f496_ko.pak

552ae1ddcdb5c475_usaaircrafts.grp

01e954465a2da58b_tank_simulator.ogv

30953ce354ed1a8c_gm-hq.dxp.bin

5f1a4bde56e873b9_game.compatibilitygl.ps30.shdump.bin

0d96267de30f7aa9_nb.pak

2d0ee0925e3d7d6f_korea_rocks.grp

e72b0c15fd0b6c70_ml.pak

71d22d0e799fa0de_africa_rocks.grp

a108ac2dc75ec1e7_pve_tank_arcade.ogv

f65c938d12cb0e6d_2017_05_04_03_00_11_4044.log

9170c77bc16d3c13_locations-hq.dxp.bin

45f83f5f799275a7_engines_tanks01.fsb

f38dd3ab6a1dc4b6_crew_tanks_portuguese.fev

ac398cf10e24b11f_jap_airc_bq.dxp.bin

5b6b17b53cd2f6e4_warthunder.blk

fd95086ac39fa9b9_avg_ireland.dxp.bin

5cf42f4b83caf902_arcade_africa_canyon.bin

52c7104a2e6f66a3_airfields-hq.dxp.bin

0eae63e53ada8831_avg_hurtgen.bin

8bf659d1b9a07aa8_engines01.fsb

06976b274315d29f_ms.pak

51f1b01f4d51cd82_avg_krymsk.bin

2078e9d82a3b1c2f_explosions_tanks.fsb

263ed6f311db955e_arcade_phiphi_crater.bin

eae38f43aeeb0bfe_jp_gm_bq.dxp.bin

a103bdcb214f5f2b_gladiator_mk2.grp

27970e358e348677_ja.pak

2dc7b2d2ff487679_ca.pak

3a3a9f19fc8b3449_pilots.grp

fba69efc9f4369ae_fortifications.dxp.bin

1a5873a305188f8e_avg_training_ground-hq.dxp.bin

89deec29e0c38807_germany_buildings.grp

2965e4938876528e_pkg_modern_locations_maps-hq.dxp.bin

04d75dcd1552dbab_splineclasses.dxp.bin

7028feb7481e8aac_game.compatibility.ps30.shdump.bin

6675f74507514a37_gm.dxp.bin

c154cf9506d27a27_pkg_modern_landc_pack.grp

6d37520f96f42b63_gm_lvl_assets.grp

86ed9cc82ce7b403_finland_buildings.dxp.bin

ff4dbfea17954ff1_en-gb.pak

eb7bf4234803a80e_engines_tanks.fsb

6087a93cfff7db39_destr_ussr.grp

ff382cac98312ba3_dialogs_polish.fev

00fdb640ccf3ea6a_yak_3-hq.dxp.bin

df6647ca65e992e9_airfields.grp

7371f5f3e43a3449_gm.dxp.bin

09eef28f33552ce6_iwo_jima.bin

3d9ad03d285ee0eb_tank_tutorial_basic_shooting02.ogv

7c7a8ba3deddeca7_vehicles_ri.grp

df96499a8e4cd55e_destr_africa.grp

f769e8289f47f2e2_avg_finland_winter.dxp.bin

47c1f88a2ea473cd_hangar_military_base.grp

c0d3f348a0c52b34_gm_lvl_assets.dxp.bin

3290dd72c9935728_dialogs_spanish.fev

ed20dcff45d4e83e_avg_volokolamsk.dxp.bin

e6ccf8d822dc5736_gladiator_mk2-hq.dxp.bin

a13b7cf8f001eb86_gamegl.ps30.shdump.bin

ec5cf61c417dc5ef_fonts.vromfs.bin

091d6d41c6fb7010_destr_snow_alps.grp

1ecc671b2a735cdd_stalingrad.dxp.bin

a0a4631f43dd1a70_pacific.grp

3355b8347d6933f3_uk_air_bq.dxp.bin

f21dd07838c567ce_air_arcade.ogv

2994a72703a3c38a_germ_gm_bq.dxp.bin

2592b13d9eb88849_phang_nga_bay_cliffs.dxp.bin

148c6d9301dbb41d_vegetation.dxp.bin

85f45f99a12bb902_crew_tanks_russian.fev

df8f21a986c6fac9_pkg_english.ver

ff33d30053c5fea8_avg_africa_desert.dxp.bin

9db9c5d0d601c0ba_startapp.start

61e852437274f87c_kursk.dxp.bin

f8a6ac7fb8b5c12c_nl.pak

af415beb976746b6_cb0a6ea4436cdac4a9c767cf35b2c76566110639

b441e83b966996e3_tex.vromfs.bin

27d0a894de4faccc_crew_tanks_serbian.fev

d59f819927371b6a_arcade_phiphi_crater_rocks.bin

c2a75d7cc8c73432_crew_tanks_turkish.fev

32b7c9a3b33bab54_dialogs_wopl_english.fsb

e2b3056accb95517_berlin.bin

f7c3bdfcc5904532_guam.dxp.bin

938e4f81d82f80f1_pkg_modern_germ_gm.grp

aa6a5cbf32d90b8f_dialogs_french.fev

e8f2a1d1d0146720_pkg_modern_animated_stuff.grp

6fe67de22e6cad0a_figures-hq.dxp.bin

797a6874318c0511_lv.pak

0242e4e8b24e78c5_es.pak

2d49e810dfd98254_midway.bin

bb5bdf03629df3df_spain.bin

649628746f8e5f61_avg_snow_alps.bin

32e154fea5a35754_avg_korea.dxp.bin

5221fab2fce2be2e_dialogs_german.fev

5b942dc3b131ed71_moscow.dxp.bin

6d70598cefecdaef_hq_tex_avg_ardennes.dxp.bin

47f15ace0fba9d9a_arcade_rice_terraces.dxp.bin

512afbfb7aee437d_english_placeholder.txt

a0bca99478644d41_avg_krymsk.dxp.bin

9cc75aedb55d2e02_tank_realistic.ogv

c963e1e360f4cc16_ussr_air_bq.dxp.bin

bfc38698c02137c9_uk_a13-hq.dxp.bin

5687aeb8a0c4bef2_stz.dxp.bin

6c7d0f29c112d202_crew_tanks_english.fev

128e749a7187b520_usaaircrafts.grp

05aa2f1b47fa89ba_avg_port_novorossiysk.bin

987e27717ae1316c_locations.grp

01eec6639843b339_water_decals.grp

8e35f30cf7d8cb7b_crew_tanks_hungarian.fev

3a3a85ac4434ba54_ussr_buildings.grp

7143a3b0c9abc25e_germ_pzkpfw_35t-hq.dxp.bin

078e79da0b5e7584_gm.dxp.bin

6d1ed84a8b729bc1_arcade_phiphi_crater.dxp.bin

cd0e8aab67bf1b06_dialogs_spanish.fsb

8d1adc4eef2d93ba_th.pak

61197fd814316b09_de.pak

0f2d024e81166fc3_pkg_modern_avg_syria.dxp.bin

3fb2dd9f86f80e2e_avg_guadalcanal.dxp.bin

43637d61fbeca220_pv_2.dxp.bin

d6acc34a58771641_ussraircrafts.grp

7562f374feb71d7a_fx.dxp.bin

ddbbccb9a0ad4486_pilots.dxp.bin

ddb50412f4bbbe29_pkg_modern_destr_syria.grp

93131410f2e80cf6_arcade_zhang_park.bin

8b7017b8654f4ce7_crew_ships_japanese.fev

530200368931d752_iceberg.grp

7df8f047bf6e2884_pkg_main_anim_pack.grp

f5451daaecac1f3b_crew_tanks_italian.fev

a16d75bcea9ea25c_i_15-hq.dxp.bin

afcf3b2d4193d405_uk_airc_bq.dxp.bin

6c38377853f7927c_arcade_ireland.bin

7ff58844921352b1_units-hq.dxp.bin

2c21b4d0dc954756_hq_tex_splineclasses.dxp.bin

88ca85586d1a48df_airfields.dxp.bin

5988dd5a4abf5ee9_honolulu.bin

f24754491a26d2db_hq_tex_vegetation.dxp.bin

4a4132eada21bfff_aces-hq.dxp.bin

6dbe6b56a28a9046_collision_pack.grp

200adabcb05b3621_crew_tanks_french.fsb

344cebdcda45c592_ruins_buildings.grp

b60f9217c69262e9_et.pak

96b1a801f7b3dc04_soldiers.grp

d65e8fbbfc9ddbb9_destr_european.grp

6784c74356dd9110_gm_logic.grp

28d3942fac5d60a1_gm_lvl_assets.dxp.bin

68b93f83b02c6000_germ_gm_bq.dxp.bin

4e087a64d8738eee_mozdok.dxp.bin

74d49668072c0da8_crew_tanks_vietnamese.fev

a110430bf8a92be8_ridesc.bin

9e0d74a8b78f5a52_fil.pak

6b86b273ff34fce1_pkg_english.rq2

b856d91d409d5de0_locations.dxp.bin

81a4aa3d48bb901e_arcade_ireland.dxp.bin

39be2477a098e2a3_ussr_t_50-hq.dxp.bin

d875f829fbcd11af_nvidia.ogg

52471768f8fd18ad_aces.grp

1cdd09aea51415d1_arcade_norway_green.bin

46fc5855af0f5aa2_air_tutorial_basic_shooting03.ogv

0da84f545ed563ff_usa_gm.grp

d0051099b3d8b11b_moscow.bin

8eb485dae2e12144_gaijin_logo.ogg

c5418e767d8a21e5_avg_mozdok.bin

97d8859b5ef93dcf_port_moresby.bin

e3464ab851a79ac4_cef64.zip

a37ade493b219eae_avg_eastern_europe.bin

0ae4539d89d59dab_landc_pack.grp

433a87f62ebae50a_grp_hdr.vromfs.bin

8879754c4927101b_uk_a12_mk_2_matilda.dxp.bin

9d3258c50ed9e7cf_iceberg.dxp.bin

587bca357108b2a2_ro.pak

41236d979c60478d_music.fsb

f48fc874e1ccdb78_ridesc.bin

3c7d930d12c4f1cb_2017_05_04_03_00_12__2588.txt

96d2d95d038a27c9_avg_stalingrad_factory.dxp.bin

3d90ecda7c30721d_dialogs_ui_english.fsb

fbad20cd98ae2f2e_korea.bin

22582618b0428b3f_usa_air_bq.dxp.bin

94af1f16d624a7b2_sv.pak

38e72b34b44d37bb_gm-hq.dxp.bin

ca38e5a43240c180_britainaircrafts.grp

067cc87ead292a74_avg_ardennes.bin

6881c9e18f025e81_dialogs_french.fsb

98f91dc046855c59_crew_tanks_spanish.fev

0c1a952995dceb81_dialogs_vietnamese.fev

7767406337855b7c_p_26-hq.dxp.bin

b8039f9c4fada9f1_arcade_mediterranean.bin

a1f095643ecfc05f_avg_berlin.bin

5f2a0ff651edd4b2_vegetation-hq.dxp.bin

0f30bf3e1b270d3b_gjagent.blk

f3db4ff26317a25b_warthunder.yup

fc0ef7d75669372a_korea_buildings.grp

b7a99611a35ad6b5_avg_abandoned_factory.dxp.bin

run.exe

Network Analysis

Hosts Involved

DNS Requests

HTTP Requests