'
metaflows logo
Category Started On Completed On Duration Cuckoo Version
FILE 2017-06-26 20:45:09.771091 2017-06-26 20:46:15.115344 65 seconds 2.0-dev
Machine Label Manager Started On Shutdown On
win7cuckoo2 win7 Clone 2 VirtualBox 2017-06-26 20:45:12 2017-06-26 20:46:14

Errors

File Details

File name b803cb3d2613d05321aafe7ec5cd46394ad5c4d3.zip
File size 5418437 bytes
File type Zip archive data, at least v1.0 to extract
CRC32 42B4FF49
MD5 af64066fc8df0967f8032091873015f0
SHA1 b803cb3d2613d05321aafe7ec5cd46394ad5c4d3
SHA256 7bfd66220616fc3a480329f88be909eac0e8d1d69b8a5e7dce261a44b76f30f4
SHA512 187f88fa288effba74684bb5b90a4ee58f0c187505d42e61e0f0c829a867be5f100b1f2c1d0bbb03364e0e351083ef5a2a40f8436338544d47005a9a380f8e66
Ssdeep 98304:0saNReeFGUkywqEhzu5R/40Z1xLrNYAS5FAd+nfJg1:laNRkUkFThs/4W1xLxYASPDnfJg1
PEiD None matched
Yara
  • shellcode (Matched shellcode byte patterns)
VirusTotal File not found on VirusTotal

MetaFlows Scores

Metaflows Analysis Results (Signatures=0, Anomalies=0, PEiD=0, Yara=2, VT[1498509979]=0): Snort Events=0, AV Events=24
Total Score=25

CLAMAV DETECTED:
SecuriteInfo.com.HTML-4259.UNOFFICIAL FOUND
SecuriteInfo.com.HTML-4259.UNOFFICIAL FOUND
SecuriteInfo.com.HTML-4259.UNOFFICIAL FOUND
SecuriteInfo.com.HTML-4259.UNOFFICIAL FOUND
SecuriteInfo.com.HTML-4259.UNOFFICIAL FOUND
SecuriteInfo.com.HTML-4259.UNOFFICIAL FOUND
SecuriteInfo.com.HTML-4259.UNOFFICIAL FOUND
SecuriteInfo.com.HTML-4259.UNOFFICIAL FOUND
SecuriteInfo.com.HTML-4259.UNOFFICIAL FOUND
SecuriteInfo.com.HTML-4259.UNOFFICIAL FOUND
SecuriteInfo.com.HTML-4259.UNOFFICIAL FOUND
SecuriteInfo.com.HTML-4259.UNOFFICIAL FOUND
SecuriteInfo.com.HTML-4259.UNOFFICIAL FOUND
SecuriteInfo.com.HTML-4259.UNOFFICIAL FOUND
SecuriteInfo.com.HTML-4259.UNOFFICIAL FOUND
SecuriteInfo.com.HTML-4259.UNOFFICIAL FOUND
SecuriteInfo.com.HTML-4259.UNOFFICIAL FOUND
SecuriteInfo.com.HTML-4259.UNOFFICIAL FOUND
SecuriteInfo.com.HTML-4259.UNOFFICIAL FOUND
SecuriteInfo.com.HTML-4259.UNOFFICIAL FOUND
SecuriteInfo.com.HTML-4259.UNOFFICIAL FOUND
SecuriteInfo.com.HTML-4259.UNOFFICIAL FOUND
SecuriteInfo.com.HTML-4259.UNOFFICIAL FOUND
SecuriteInfo.com.HTML-4259.UNOFFICIAL FOUND

Zipped File Yara Signatures:
MediaDownloader.bundle/Contents/MacOS/libMovieDownload.dylib: embedded_win_api
MediaDownloader.bundle/Contents/MacOS/MediaDownload: ldpreload
MediaDownloader.bundle/Contents/MacOS/MediaDownloader: ldpreload

Signatures

No signatures matched

Screenshots

No screenshots available.

Static Analysis

Nothing to display.

Dropped Files

YoutubeDL.py

Network Analysis

Hosts Involved

DNS Requests

HTTP Requests

Behavior Summary

Processes

registry filesystem process services network synchronization

C:\Windows\system32\lsass.exe PID: 460, Parent PID: 364

Volatility

Nothing to display.