'
metaflows logo
Category Started On Completed On Duration Cuckoo Version
FILE 2017-05-11 15:45:16.987896 2017-05-11 15:47:36.842569 139 seconds 2.0-dev
Machine Label Manager Started On Shutdown On
win7cuckoo win7 Clone 1 VirtualBox 2017-05-11 15:45:19 2017-05-11 15:47:36

File Details

File name 4b52ef0ba5ff88d022b505a6307cf98d
File size 2905088 bytes
File type PE32 executable for MS Windows (GUI) Intel 80386 32-bit
CRC32 58CEEC78
MD5 4b52ef0ba5ff88d022b505a6307cf98d
SHA1 8fe1913ef019f726335a45fa322aaaf2b6d193a9
SHA256 90db3da23e2abed8cf1417aa31c4b225b09d4ddb00cb355664018322a1067a7a
SHA512 722694fba196ba6ae1fd2356e7920e963c2d778e20993ba7ec37b77db2404f12c3aada2528fb79fc7ea85255e1cfe4295a9336e1971d15737c856e8031e16353
Ssdeep 49152:ptwwE/vjkDNnWN7UD4twg6WCvSusl+youTGniyz1d:pPlNnW2FpU+yod
PEiD None matched
Yara
  • Str_Win32_Http_API (Match Windows Http API call)
  • GenerateTLSClientHelloPacket_Test ()
VirusTotal Permalink
VirusTotal Scan Date: 2017-05-11 14:05:31
Detection Rate: 43/60 (Expand)

MetaFlows Scores

Metaflows Analysis Results (Signatures=75, Anomalies=0, PEiD=0, Yara=4, VT[1494517678]=100): Snort Events=1, AV Events=1
Total Score=100

SNORT EVENTS:
ET MALWARE Double User-Agent (User-Agent User-Agent)

CLAMAV DETECTED:
Win.Trojan.Agent-6304041-0 FOUND

Signatures

antivm_queries_computername details
recon_fingerprint details
has_pdb details
locates_browser details
antivm_memory_available details
dumped_buffer details
Roaming_Profile_Modified details
antivm_disk_size details
has_wmi details
antivm_network_adapters details
Windows_Proxy_Tinkering details
Startup_Added_to_Registry details
persistence_autorun details
browser_security details

Screenshots

No screenshots available.

Static Analysis

Version Infos

Sections

Resources

Imports

Strings