'
metaflows logo
Category Started On Completed On Duration Cuckoo Version
FILE 2017-07-04 05:35:14.651078 2017-07-04 05:37:23.857395 129 seconds 2.0-dev
Machine Label Manager Started On Shutdown On
win7cuckoo win7 Clone 1 VirtualBox 2017-07-04 05:35:15 2017-07-04 05:37:22

File Details

File name 11023939489917f62635fcf08e804667b853688b.jar
File size 503462 bytes
File type Zip archive data, at least v2.0 to extract
CRC32 DAA553D5
MD5 9ad762258cfa8f1dff0c410abd079af3
SHA1 11023939489917f62635fcf08e804667b853688b
SHA256 72ac5f07b4589c204d5b84306c966d8131e848f7f80747bb04adb13f8732e87a
SHA512 9689e00702a874cecbf6cbafdfc1d4cf058bd7a68bf25e51e60c5b59b66c5e652be92c4a1b0cb6d92c2c0dc6ea54ae5d5e7180535a4f371f8e0f53862eb10963
Ssdeep None
PEiD None matched
Yara None matched
VirusTotal Permalink
VirusTotal Scan Date: 2017-07-04 04:27:00
Detection Rate: 3/59 (Expand)

MetaFlows Scores

Metaflows Analysis Results (Signatures=75, Anomalies=0, PEiD=0, Yara=0, VT[1499161154]=0): Snort Events=0, AV Events=0
Total Score=75

Dropped File/Buffer Yara Signatures:
b6d944312ce744de_javaws.jar: embedded_macho
eeff0062d5dd683f_jfr.jar: embedded_macho
68f5a3f16d85331a_localedata.jar: embedded_macho
942fa4d996fb4017_jsse.jar: embedded_macho
d3d40456a4744334_jvm.dll: spyeye
dc8cf2acb160d877_rt.jar: embedded_macho
8306c34c7097c72b_charsets.jar: embedded_macho
827a22a1ed7220de_plugin.jar: embedded_macho
534254b14637e353_deployjava1.dll: Str_Win32_Http_API
6d96ba2365e023ac_jfxrt.jar: embedded_macho
96cac9e9e58b2be5_deploy.jar: embedded_macho
860455dc7f62e8d6_deploy.dll: Str_Win32_Http_API
1a5688ffd9a735f3_npdeployjava1.dll: Str_Win32_Http_API

Signatures

antivm_queries_computername details
antivm_memory_available details
Long_Alphanum_Exe_Name details
Roaming_Profile_Modified details
suspicious_process details
antivm_network_adapters details
persistence_ads details
has_wmi details

Screenshots

No screenshots available.

Static Analysis

Nothing to display.

Dropped Files

9da575dd2d5b7c1e_Retrive7447581180331911082.vbs

9da575dd2d5b7c1e_Retrive1970498959325404840.vbs

45bfe34aa3ef932f_Retrive8724627847785147390.vbs

fed08d02e1f70abe_almaty

087f2712468767f4_ulaanbaatar

5bf23e0298f35046_net.dll

b3f71d10dbedb8b1_tunis

4ddfc9ed251c2298_ast4

c95f28b55eb7a75a_kashgar

e1f2b9d89102fcd5_toronto

a929baecf6aa9ca3_chatham

53578410e9fe3673_klist.exe

51b78be8b198842a_javafx-iio.dll

c9da0f9badf5493d_management.dll

cf171700a25370fc_norfolk

b6d944312ce744de_javaws.jar

b2fe64b76381afe1_verify.dll

3dbdc9e385cc1ee0_caracas

013321963b119902_yerevan

710bca1ee537bb94_fortaleza

477c02300a9c47bc_kuwait

f8f5a4c1d56a30cb_lagos

f3936669b75c67d5_met

b704af3f9f3a8944_windowsaccessbridge-32.dll

cc252206f009b424_dumontdurville

87980ef790c5fa3f_sunmscapi.jar

1a1d3079d4958383_invalid32x32.gif

fd475b1619675b9f_readme.txt

2921f2df211153f6_accra

55ead4b7cf8e23ed_monticello

12050432abe192ad_athens

4f5f975bef43cda4_rangoon

5ac00f4bda4d4894_addis_ababa

3778738bbbb56272_apia

fa7e3ff758176b7b_currie

41bafd33a1aeb6e7_guam

03ab711cc4242e01_petersburg

9e7c10cdd58c21dd_meta-index

faeb151114043421_nouakchott

21397a08918a8e11_guyana

0ba50ffc4aadd94b_maseru

d8338f7b16689fb5_madeira

49e18657681dd5af_zoneinfomappings

86ab904097da1277_vincennes

1d3a5c5e7ff98554_new_salem

5db2a1b2a800bad6_brunei

92a8098175666cf6_mayotte

1760b4424b77e2d1_javacpl.exe

3d83e336c9a24d09_jmxremote.password.template

a3082cb000665664_abidjan

a4ac2122d41de1eb_splash.gif

505ec9f4e8a2c9a5_vilnius

299c2360b6155eb2_sound.properties

605b96ab679e0c9a_cacerts

92525f71b1410439_magadan

6cc1bc7ca2159bdb_glib-lite.dll

3d64ea7d464ff6c4_resolute

4eae1c72f71fed22_java.security

f26ac8db94ac8726_dcpr.dll

b03f0dd6613c4b01_management-agent.jar

70b19bd68b4affb0_khartoum

e8d8d94f0a947687_christmas

97cb53438a334f7b_brisbane

13c783acd580df27_win32_copydrop32x32.gif

18eba9d5e6452045_banjul

622278ad244c86b5_moncton

b45c6a3a340aba2c_ojinaga

b7d3c90f1a70dc95_jpicom.dll

ae7c2a0e2a57affd_urumqi

3c44193a977b1f23_panama

859d70658cc7502f_bahrain

e5ee48ddf4add7b5_chongqing

11d0e6fc662eee6e_luanda

01ca8b6a8277d3ed_antananarivo

5d62f39e6eb46c7a_net.properties

1c29114075d5e9bc_merida

108fe4c80ccf373b_jp2iexp.dll

9f8733f6b9bb8198_ssvagent.exe

67eb36e4c58cea98_marengo

119e2d105dd9b6bb_port-au-prince

e328ccfb975ea8d1_matamoros

647a0f7563c0e9b0_taipei

4da6c85699935a63_rmiregistry.exe

b2139ef83e9c1eb1_kathmandu

2c9743f9c32720fe_los_angeles

a4848a9eeacce0d3_jawt.dll

eeff0062d5dd683f_jfr.jar

19253c5d7ca4c97f_troll

291cfb01918ef221_mauritius

77275136473288ec_kamchatka

6fbc9bebf9e16e79_guatemala

e885317ba3e675eb_rainy_river

cdae9f5e86f1f2dd_araguaina

70d150261a04ac8f_sofia

399c81cda85a217d_mbabane

88b66b4b5478fd46_classes.jsa

2dc1c5b0065b4995_marquesas

e0e1b9561d806443_brazzaville

6cf33b8ccf2c0f9e_perth

1cc8d2f24ecfc2b7_boise

f225d0b9afd9915d_eet

affec365ff2482dd_mexico_city

e3dc88b26f87c682_douala

1d020c6976a0d612_pago_pago

d6341f17fd7cf30d_tucuman

e26aa1fe28be1a74_grand_turk

7b3bf4c2e42ecc2b_san_juan

32a5341d2f8efb0f_colombo

f3236a2b39954dc6_gmt+11

5ff883ea5f2cfbd9_danmarkshavn

b9eb3306531e4d0c_tallinn

63940e1ff8a0d9d2_jp2launcher.exe

d4ddad6be9c56049_jakarta

3144bc5353ebbd94_gmt+10

427bb97ce4f246e7_budapest

76aa80c1deeffb86_jfxmedia.dll

0a526439ed04845c_uct

ba05bef351f16a92_prism-d3d.dll

0089dcff272fb61a_harare

04c9e4b0f69a1550_gmt+6

2ce02dcd2c7c7d84_johannesburg

100c1d900df71e9c_monaco

fb8db31b98b44dec_gmt+12

60c06e0fa4449314_msvcr100.dll

61ea458d981457fc_policytool.exe

4c99a0fd6d3eeaf2_java_crw_demo.dll

b0b324ab9c40a2fa_jfr.dll

fcf0ea235b5678d4_palmer

a0d20babce8ff6af_dili

d4316baa40a90787_monrovia

b645b5d403881ac6_cape_verde

ae8fbe5714103cc7_azores

a574f938db008029_cayenne

4d1380365eaceb60_cambridge_bay

852c4d4ccb77860f_campo_grande

715b41ae4ecc4bd8_guayaquil

7b8b63f78e2f732b_cursors.properties

0d3c52b2c9dd9e1d_salta

550954f1f80fe0e7_messages_it.properties

0e5dfe67fbde4c4f_nassau

15cf22d121ae8f64_glace_bay

d88a5213d4cd1cbf_javaws.exe

93a3e5ac057059c8_madrid

6e7f6e3320b43e6d_irkutsk

176341d1e765345c_jsound.dll

eabff17030413312_center

2fd836f10c73c6c0_profile.jfc

36f2029714262ba8_pontianak

5b697c67f9ef4741_messages_ja.properties

c985873f98c9808e_easter

97d585b6aff62fb4__0.585162750645935474319823000468132.class

6da0e93d11a1644b_resources.jar

a353644ae75ca0a4_damascus

7422b2a82603f03d_gmt+8

91ccb1d7ba07cef3_vancouver

de8e997a398dfae9_axbridge.dll

0c3ad5557720ae1a_pitcairn

0e6a7f1ab731ae68_mst7

ccf031df63e19fc0_bahia

fe4a98c46f988f43_dar_es_salaam

a2604d47aee23b58_cairo

05de508f3c305899_lindeman

df69a28476e88043_port_moresby

b83e189f3a79dbec_berlin

16d6ea20ea4650d6_pack200.exe

a9e59facbd6f56a3_javaaccessbridge-32.dll

12cfce05229dba93_win32_movedrop32x32.gif

3e9cdd87f4a7c8f2_local_policy.jar

6dc56399a048c13a_rome

ee002c0a03ae6e39_santo_domingo

bcf4778bbfcea3e9_lisbon

bd6b0557cdab1004_gmt-4

efc53323cf72ddd7_baku

943a636c607917f0_honolulu

1494c066147824c7_syowa

1980726fbfeee75e_jqs.exe

88901280b8a4c197_jqs.conf

3947884f27876aba_efate

3ed44cff627372b5_npoji610.dll

b7a87d1f3f4b7ba1_javaws.policy

6953ed5729acafb5_messages_zh_tw.properties

0801a5431e97bd05_cordoba

828aab4ccbc4e73f_vladivostok

f4e5a5ea6791ad4e_jsdt.dll

3b442be5bff237da_jsoundds.dll

e3c0793b16f0e5ef_jayapura

46ee6c0954bf4a68_zip.dll

eeabe712717e4ba7_port_of_spain

ab668953b4216c70_detroit

c2748e07b59398cc_flavormap.properties

fc639cb86805fefa_java.policy

d826e205c706d1f4_gmt-3

7ffe096935f3d139_rmid.exe

46ff223ab1857a49_wet

36121a9cdb4f089e_installer.dll

a92abe281f088dfa_menominee

e1c607f845f772fd_casey

9e971632a3e9860a_south_georgia

200be350fec62e4b_release

68f5a3f16d85331a_localedata.jar

d1fc281b021228c2_gmt-9

cd1269180c63974e_jpinscp.dll

3893b781a2e24556_vostok

c11ee3cffb85c419_simferopol

52f536fcb66b3503_winamac

fc7890b698d509cf_buenos_aires

1c8372d9d6f69248_lord_howe

244983fa0528643b_rarotonga

46f47b3883c7244a_content-types.properties

7617947371a9c512_gmt-2

ec7169de937dabf2_saipan

c7f453fcc2ac619a_choibalsan

f3797f00b40cfc8c_javafx.policy

d54e5e0d7215a1ea_faroe

0166b2d6305b1584_beirut

ed240a6e0a6cf9fb_gaza

b76a7f0872acc324_atikokan

29d11ea968c54782_porto-novo

775f11f23f61fb0f_alt-rt.jar

b8612bfb5941b20c_goose_bay

ddf243d0ea4312a3_messages_ko.properties

a4216022485a6c02_dt_shmem.dll

4e547ca90be9b9e7_j2pkcs11.dll

4c79df52b6626b0b_hobart

1ed0d6024fe85add_la_paz

e5b292e776a6633b_guadalcanal

b23c0cc57f52c733_thimphu

a8e20ad5317475cc_samara

cf77a4f54a7a8b09_jpioji.dll

3f734c8eaefa934d_comoro

a44dd7cf313fb491_casablanca

894314ee585f8ecc_splashscreen.dll

2829c5ed895a6c4d_freetown

6a5aa4ca966ff524_est5edt

c8aca481189acd85_bucharest

b4acd883b629ebff_ashgabat

af8f92fd2c1e4f8c_jamaica

ec2d1cc59c918747_awt.dll

d649e626958ffdb2_unpack200.exe

b2030eadc379f670_montevideo

63d11ef289550582_midway

f9473a8d89cb715d_fiji

dffa803683c18c1a_canary

8deeec35ed29348f_messages_fr.properties

d18e102df0464d7d_cayman

c760c0b1ac2e4069_thirdpartylicensereadme.txt

e0ece897ae210ddb_jaas_nt.dll

8db0d816fc4a29ec_jdbcodbc.dll

9eafd826ae7c277a_cst6cdt

3e84b4a2446f2b8b_niue

be4a431b7346eb85_gstreamer-lite.dll

db8482910fe5aef8_manaus

400ffc57197558fc_yekaterinburg

57d1ee14ea9aafc9_belgrade

f8c8e4d70094fa06_antigua

22797d93171079c8_tnameserv.exe

8b0d312ed06a29fc_dakar

d30d8d5b0fa8d659_shanghai

4bc876484bcfcd82_sitka

00de4599d8adb910_halifax

20c76ddc055604fc_kiev

979d6123143d9e9f_gibraltar

2b81ab439b6a75c4_bermuda

53141538145b0c46_gmt+1

c143a8b206ab79a4_java.exe

5d9e7b18a4cf92f1_gmt+3

27ba8b5814833b1e_gmt+5

fcacfa57ce3fe637_management.properties

2b410c3d7597de5b_maceio

106c8167a1df22b4_chihuahua

7da813a18fe7d9d9_juneau

942fa4d996fb4017_jsse.jar

6b940ef450dd01f7_broken_hill

04d57fbda3d54ac2_kwajalein

2f0f8a4298c705f7_palau

5e14cd995c40a3c6_niamey

1f70ca44211ff259_zipfs.jar

1ec172c024d0b22d_javafx.properties

cd65603ccba3abd5_glass.dll

33b5bc7eb01883b6_tell_city

1647fc459a0b261a_fontconfig.properties.src

05ae852ffefe9835_mendoza

f4178db494eac2fd_stockholm

a1ae35cab7bfdb19_zurich

9ba0a1cf23007975_luxembourg

2bc5e47200f660fb_tirane

07d116f47f0c6559_belize

fbd3000b1431cc0a_cst6cdt

5ccee63720fcac2a_messages_sv.properties

72c5b0e1e1cc10b5_sunmscapi.dll

1f069cf283267577_krasnoyarsk

0c198d6f553e00cc_riga

096be05f33b3bade_gambier

0efe7028725793d5_t2k.dll

9c4a20117f901d99_reykjavik

a06e7b4432a734df_blantyre

d1440198f7e34c7f_macau

cf5efb21c5295cfb_darwin

b0f63d505ce8ee9d_thunder_bay

25b0b2f06c5bf7ec_san_luis

8ee81f5925b08a0b_sao_paulo

c4c0474834ae6a44_jdwp.dll

1018e80fcd9b09f5_yellowknife

a6faacef041ea69f_sunjce_provider.jar

f2a3d91a999c26a7_messages_pt_br.properties

541b11cc4a9e754c_kuching

bb558cd768631c4b_riyadh87

4050971bf1dfa19e_nauru

48edc8e3bf5fa3bd_santarem

c22c55770c5ab7c2_default.jfc

0a0b989dd2d5ae39_messages_de.properties

db8c96c17bccedf6_knox

88cee525bbb520b4_tarawa

d2557402c25a8294_windhoek

b87a7d3a0e36fd99_curacao

723cd7acc1622109_kiritimati

885dec56791f6ddd_bangui

9d13a08fa7682ced_jli.dll

d6fc4589cbf97ae2_jfxwebkit.dll

3412ba05ce0600fc_chuuk

440278eeb0b9166c_winnipeg

d3d40456a4744334_jvm.dll

a5835ed446663a58_nicosia

10e47c497edbf3ec_libxslt.dll

6c6069bdbe4df1c4_algiers

8d434ae23e9af16b_louisville

db903b41e04034de_anchorage

4492ff97c2496a1d_welcome.html

3eeb1372db731a1d_kerguelen

c3ea3996241b8e9a_thirdpartylicensereadme-javafx.txt

d9becb58e3799145_hong_kong

ad36a50ec3b9a4ae_yst9ydt

e4065748a2854e57_catamarca

0f43e9985964fff5_indianapolis

6cc9de44f3ed1c84_la_rioja

7d47737b7380ea73_brussels

88de16046c8fef16_id.txt

b0882702de68c952_oral

0b0641ed89b9cebb_macquarie

9c21bce5f0d8b568_npjpi170_67.dll

a09b90d166301a50_unpack.dll

9d2a86e1c5e83e8d_npt.dll

051ec4979905c52c_sakhalin

9b4925f7e0243ae7_amman

635ff2c431af05e8_mahe

9b5301b4254f9561_vevay

e221402c6c65173a_boa_vista

c0ef816f0f643169_chicago

89dde7722e623019_j2pcsc.dll

9585471d4347b761_melbourne

de574520c2975602_sunec.jar

822ccf4b21ed0ca4_noronha

7b1ffddb236015d3_calendars.properties

736f7f51dfb2e930_sunec.dll

4124115f3e3c3797_swift_current

a63e1176cfdb1953_copenhagen

3312c2eb2466da11_auckland

dc8cf2acb160d877_rt.jar

5edfcbd824f29eab_malabo

833b5a76588c3bfe_riyadh89

76cfcc40c5abe4c6_sao_tome

8403f3b9d59f8bbb_yakutat

5b856ae129ffda43_qatar

dbccd80c94ef8392_hovd

500ebdba5c37298e_gmt-12