'
metaflows logo
Category Started On Completed On Duration Cuckoo Version
FILE 2017-08-07 08:16:44.016462 2017-08-07 08:18:52.521019 128 seconds 2.0-dev
Machine Label Manager Started On Shutdown On
win7cuckoo win7 Clone 1 VirtualBox 2017-08-07 08:16:44 2017-08-07 08:18:52

File Details

File name 6e96f20f682d15f62eb95ac00ef8b238d3f4d031.exe
File size 676560 bytes
File type PE32 executable (GUI) Intel 80386, for MS Windows
CRC32 B8B26EF4
MD5 830653478eb7ebd74a3c6ecb460aa15e
SHA1 6e96f20f682d15f62eb95ac00ef8b238d3f4d031
SHA256 299ad34ef10d7e8c51d759d022b3bd85dc8537a89d4ba6692b9167dab2047c5a
SHA512 5304c59cce69f1131905e5cccb4ea60c43bc13067d212e3344480c4b10ea56727420fd5c47a535b234d92488fa423f055a17e654e9a66806978ab82aa3477179
Ssdeep None
PEiD None matched
Yara
  • Str_Win32_Http_API (Match Windows Http API call)
VirusTotal Permalink
VirusTotal Scan Date: 2017-08-06 17:14:49
Detection Rate: 1/64 (Expand)

MetaFlows Scores

Metaflows Analysis Results (Signatures=75, Anomalies=0, PEiD=0, Yara=2, VT[1502108588]=0): Snort Events=0, AV Events=0
Total Score=75

Dropped File/Buffer Yara Signatures:
b58ff0a3c86f7728_SpWebInst0.exe: Str_Win32_Http_API
5ba2ac8ed721277d_libcef.dll: GenerateTLSClientHelloPacket_Test
d193bca1da5a8075_widevinecdm.dll: GenerateTLSClientHelloPacket_Test
31033b131d6f380e_spotify.exe: with_sqlite
3a9e275a770197d2_spotifywebhelper.exe: GenerateTLSClientHelloPacket_Test
552a37527e561cd871aba1f9e3ec244f34602231 [BUFFER]: shellcode

Signatures

antivm_queries_computername details
has_pdb details
antivm_memory_available details
pe_features details
raises_exception details
dumped_buffer details
Roaming_Profile_Modified details
Startup_File_Accessed details
allocates_rwx details
antisandbox_sleep details
antivm_disk_size details
creates_shortcut details
dropper details
has_wmi details
antivm_network_adapters details
network_downloader_exe details
packer_entropy details
Windows_Proxy_Tinkering details
Startup_Added_to_Registry details
antivm_generic_bios details
persistence_autorun details
modifies_certificates details
overwites_files details
ransomware_message details
antivm_vmware_in_instruction details
antiemu_wine details

Screenshots

No screenshots available.

Static Analysis

Version Infos

Sections

Resources

Imports

Strings

Dropped Files

b58ff0a3c86f7728_SpWebInst0.exe

6723f9bf4fbbcc57_spotify.lnk

f207a4d9a01c10f7_ad.spa

8a4d9ca2913a0226_ko.pak

80103e38c2f56bbc_collection.spa

078a2cd1a9d19a8e_d3dcompiler_47.dll

a43531f26dc2e637_fr.pak

a52f3f46c1f078ec_visited links

ecadb44ca2026088_nl.pak

2aabb31d63c6afbe_zh-cn.pak

592a55078894e434_recently-played.spa

7c92f2fdbe3e7254_pt-pt.pak

191b5783752e7c36_licenses.spa

d6ebe5cc463d2c7e_full-screen-modal.spa

c858e613ff006aed_playlist-folder.spa

4cb0a61ab18f2ec8_zsm.mo

6ca930a61a3667ec_index

7275408979e2321a_fr-ca.mo

3f49335753978471_edc238bff48a31d55a97e1e93892934b_c31b2498754e340573f1336de607d619

f17871ee3920bcb9_he.pak

bc468f58aca6a7f1_cs.pak

c3617ea9fa0c4bef_daily-mix-hub.spa

f06ba6b99e44d6a6_mr.pak

712fb58cad430c13_edc238bff48a31d55a97e1e93892934b_c31b2498754e340573f1336de607d619

f95a4fc8032bd0a8_devtools_resources.pak

86aaff895129ba60_de.pak

2a245fe91b6bd01d_data_3

b42661ca5a1b71b1_settings.spa

35e3aa89fb51d1cc_lt.pak

8db7575780dc058f_data_1

60715fe680458093_vi.pak

93f6fda6367113de_playlist-desktop.spa

89ce6d4d1871a551_manifest.json

fa96c6c7fd1ad556_ml.pak

3e0de410026f2efd_en-us.pak

a1f15683a46095bd_ru.pak

e5610b4153b5899e_lv.pak

988656e78101818f_zlink-queue.spa

5d5a2f21bc3069a1_hu.mo

578a954fe284a3b2_de.mo

60e7788c427bc234_pl.pak

10589b62fa62782e_cef_200_percent.pak

0676da3c3eff9d12_nl.mo

2ce955b3b1bb7115_radio-hub.spa

47cb38886f9901bc_es.mo

0ce0792304604951_share.spa

7a1d097130215da9_zlink.spa

0ddd392ab49409c1_http_zlogin.app.spotify.com_0.localstorage

fdb9c6417e16bdd7_sw.pak

5ba2ac8ed721277d_libcef.dll

1013c74e70c6bffd_findfriends.spa

792c6fa4743c3d9f_id.mo

bf4ebb99e64b72b6_el.pak

1e24e91010c91683_crash_reporter.cfg

7c2243c9c6cb4788_fa.pak

b3293f3b75ccbf81_tr.mo

5846387c67e673ca_ms.pak

68c4dffc52edbf75_en.mo

a8b4dd2d316aef51_libegl.dll

e8f7d6954e1cb998_pt-br.mo

1fb13c6600807b3c_profile.spa

18b6fbb318b8e6d6_gu.pak

30acc05983b7c81b_tr.pak

63c95aa15b0b229b_it.mo

662503a4d10c74ea_settings.dat

fb5e7d42dd92d732_chrome_elf.dll

e3b0c44298fc1c14_http_zlogin.app.spotify.com_0.localstorage-journal

85e7a4746c3c50c8_te.pak

12ef20211d043856_show.spa

3cc63181a4b66f54_ar.pak

fe2c72b29872c88c_lyrics.spa

d1e0b58537218bf4_th.pak

8c5b719d88e32509_index

bc0ba5c33203463f_zlogin.spa

a76226a1af18a2ce_ja.mo

fdc80d4b17e376d5_ta.pak

f0d3e92fea439f93_widevinecdmadapter.dll

1453f13be25bd642_collection-songs.spa

51685c07a003a775_spotify.lnk

22b311720681e18d_chart.spa

b2727ac52ea50a97_cs.mo

fcb82edf5f091f4a_cef.pak

92f8846b62712844_ro.pak

f48e2f1b284ea565_zh-tw.pak

9428c06192f4b7ab_data_2

0c8d8160b2fd90ea_hub.spa

c0924849b5bb344c_data_0

953d464dc85a2888_fi.pak

d4f23dffdbaafe4b_f_000001

13f311b676d8954f_sr.pak

748e9322f299e70e_error.spa

a0962b5f8b5ee0d8_stations.spa

7940721b70390db8_collection-album.spa

9f873088584e9f6f_neo-search.spa

d2d2770d902fb4fc_es.pak

f35ae0ad73ff5702_cef_100_percent.pak

c9843d8188ef516e_pt-br.pak

8ff0249ba40643aa_album.spa

d193bca1da5a8075_widevinecdm.dll

ae9d6283ed94a539_genre.spa

31033b131d6f380e_spotify.exe

4732ce0ce16d69d0_d237426009ee0f53adecd7fceba7288c_b39c170d82df4c3f2e258bc2eabb996f

4f5c3c00da5645d1_zh-hant.mo

c513b3582f9a4921_concert.spa

9c09beb2c5edc0b7_cef_extensions.pak

06c4bf6dcee3894c_spotifymigrator.exe

012a5dbab7276996_collection-artist.spa

0d6a299aa17dc6d3_suggest.spa

d2d95c332d816d1a_es-419.mo

90dd006cd6d0921a_am.pak

6747c6682cb478bb_icudtl.dat

ca83c2a045ee683f_bg.pak

2819552d00e290b9_natives_blob.bin

1b402730947ef25a_vi.mo

60b19a1f8293ef3d_browse.spa

3a9e275a770197d2_spotifywebhelper.exe

45caa6e0f74afd35_cookies

6e69f61538da6f42_fi.mo

9eeef796d7919865_kn.pak

1d12c3b36a5f20b2_hi.pak

5fcd1e8af8144b29_about.spa

1b900f16f87b2916_fil.pak

cc89289ca988e9ea_search.spa

b95fc2e9286da984_buddy-list.spa

0bc6809c273e5093_d237426009ee0f53adecd7fceba7288c_b39c170d82df4c3f2e258bc2eabb996f

5a5b5a86587076a6_glue-resources.spa

fe4d62da6917ce23_sk.pak

c90d815d857f4c8f_pl.mo

a12f64dc66b52371_it.pak

d85a83868f01f695_index.dat

40ec12ef59ef3a08_spotifystartuptask.exe

b83a4a52d5a2bb02_uk.pak

a7f84a91691fe200_concerts.spa

f9a4b394e585c7ad_station.spa

6f4482d05a68eef1_artist.spa

01d721239af2e972_id.pak

3ad407f9af35a023_en-gb.pak

501ebf3c008da5c2_spotifylauncher.exe

b1e963d702392fb7_data_1

d6a5fe39cd672781_data_0

e09f42c398d688dc_data_3

ec1702806f4cc7c4_data_2

e01c6d400510b97a_ja.pak

0b8db2e033c8d427_ca.pak

9ae51776a1d93fc6_notifications.spa

d3ba3246f8705f97_el.mo

f4a9acd10483722f_sl.pak

be1ec24c98116a74_libglesv2.dll

21e93003825511e1_snapshot_blob.bin

a64f4d439db94411_bn.pak

8266d6a980ab5b40_es-419.pak

55423a3dd531c783_th.mo

bff7b79d0b795ebb_da.pak

3e6f165224ade88b_arb.mo

25db4180fc848669_d3dcompiler_43.dll

75b570dfed33e6fb_nb.pak

4666b8505d05c1e4_hu.pak

de28ce4c1f0021ba_sv.pak

f0d9a09d3fc44277_hr.pak

8186f2026fc38c40_et.pak

b1be59980169bd9a_sv.mo

a002b02060d6d5f9_fr.mo

Network Analysis

Hosts Involved

DNS Requests

HTTP Requests

Behavior Summary

File-Read
  • C:\Users\Harry Dresden\Documents\desktop.ini
  • C:\Users\Harry Dresden\Links\desktop.ini
  • C:\Users\Harry Dresden\Contacts\desktop.ini
  • C:\Users\Harry Dresden\Saved Games\desktop.ini
  • C:\Users\desktop.ini
  • C:\Users\Harry Dresden\Pictures\desktop.ini
  • C:\Users\Harry Dresden\Searches\desktop.ini
  • C:\Users\Harry Dresden\Music\desktop.ini
  • C:\Users\Harry Dresden\Favorites\desktop.ini
  • C:\Users\Harry Dresden\Videos\desktop.ini
  • C:\Users\Harry Dresden\Desktop\desktop.ini
  • C:\Users\Harry Dresden\Downloads\desktop.ini
  • C:\Windows\System32\shdocvw.dll
  • C:\Users\Harry Dresden\AppData\Roaming\Spotify\crash_reporter.cfg
  • \\?\PIPE\wkssvc
  • \\?\PIPE\srvsvc
  • C:\Users\Harry Dresden\AppData\Local\Spotify\User Data\Crashpad\settings.dat
  • C:\Users\Harry Dresden\AppData\Roaming\Spotify\crash_reporter.cfg
  • C:\Users\Harry Dresden\AppData\Local\Spotify\Browser\Cookies
  • \\?\PIPE\wkssvc
  • C:\Users\Harry Dresden\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\D237426009EE0F53ADECD7FCEBA7288C_B39C170D82DF4C3F2E258BC2EABB996F
  • C:\Users\Harry Dresden\AppData\Local\Spotify\Browser\Cache\data_2
  • C:\Users\Harry Dresden\AppData\Local\Spotify\Browser\Cache\data_3
  • C:\Users\Harry Dresden\AppData\Local\Spotify\Browser\Cache\data_0
  • C:\Users\Harry Dresden\AppData\Local\Spotify\Browser\Cache\data_1
  • C:\Users\Harry Dresden\AppData\Local\Spotify\Browser\GPUCache\data_1
  • C:\Users\Harry Dresden\AppData\Local\Spotify\Browser\GPUCache\data_0
  • C:\Users\Harry Dresden\AppData\Local\Spotify\Browser\GPUCache\data_3
  • C:\Users\Harry Dresden\AppData\Local\Spotify\Browser\GPUCache\data_2
  • C:\Users\Harry Dresden\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\EDC238BFF48A31D55A97E1E93892934B_C31B2498754E340573F1336DE607D619
  • C:\Users\Harry Dresden\AppData\Roaming\Spotify\Apps\zlogin.spa
  • C:\Users\Harry Dresden\AppData\Local\Temp\903-win-ia32.zip
  • C:\Users\Harry Dresden\AppData\Roaming\Spotify\Apps\glue-resources.spa
  • \\?\PIPE\srvsvc
  • C:\Windows\System32\drivers\etc\hosts
  • C:\Users\Harry Dresden\AppData\Local\Spotify\WidevineCDM\903\ia32\manifest.json
  • C:\Users\Harry Dresden\AppData\Roaming\Spotify\crash_reporter.cfg
  • C:\Users\Harry Dresden\AppData\Local\Spotify\Browser\Cache\index
  • C:\Windows\System32\spool\drivers\color\sRGB Color Space Profile.icm
  • C:\Users\Harry Dresden\AppData\Local\Spotify\Browser\Local Storage\http_zlogin.app.spotify.com_0.localstorage
  • C:\Users\Harry Dresden\AppData\Local\Temp\c92f-c90a-03a3-ec15
  • C:\Users\Harry Dresden\AppData\Roaming\Spotify\locales\en.mo
  • C:\Users\Harry Dresden\AppData\Local\Spotify\User Data\Crashpad\settings.dat
  • C:\Users\Harry Dresden\AppData\Local\Spotify\Browser\GPUCache\index
  • C:\Users\Harry Dresden\AppData\Roaming\Spotify\crash_reporter.cfg
  • C:\Users\Harry Dresden\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
  • C:\Users\Harry Dresden\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Desktop.ini
  • C:\Users\Harry Dresden\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Desktop.ini
  • C:\Users\Harry Dresden\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
  • C:\Users\desktop.ini
  • C:\Users\Harry Dresden\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.ini
  • C:\Users\Public\desktop.ini
  • C:\Users\Harry Dresden\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini
  • C:\Users\Harry Dresden\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance\Desktop.ini
  • C:\Users\Harry Dresden\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\desktop.ini
  • C:\ProgramData\Microsoft\Windows\Start Menu\desktop.ini
  • C:\Users\Harry Dresden\Desktop\Spotify.lnk
  • C:\Users\Harry Dresden\Desktop\desktop.ini
  • C:\Users\Harry Dresden\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\desktop.ini
  • C:\Users\Harry Dresden\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Desktop.ini
  • C:\Users\Public\Desktop\desktop.ini
File-Written
  • C:\Users\Harry Dresden\AppData\Roaming\Spotify\Apps\stations.spa
  • C:\Users\Harry Dresden\AppData\Roaming\Spotify\locales\cs.pak
  • C:\Users\Harry Dresden\AppData\Roaming\Spotify\locales\sl.pak
  • C:\Users\Harry Dresden\AppData\Roaming\Spotify\d3dcompiler_43.dll
  • C:\Users\Harry Dresden\AppData\Roaming\Spotify\locales\zh-CN.pak
  • C:\Users\Harry Dresden\AppData\Roaming\Spotify\locales\lt.pak
  • C:\Users\Harry Dresden\AppData\Roaming\Spotify\Apps\full-screen-modal.spa
  • C:\Users\Harry Dresden\AppData\Roaming\Spotify\snapshot_blob.bin
  • C:\Users\Harry Dresden\AppData\Roaming\Spotify\locales\es-419.pak
  • C:\Users\Harry Dresden\AppData\Roaming\Spotify\locales\am.pak
  • C:\Users\Harry Dresden\AppData\Roaming\Spotify\icudtl.dat
  • C:\Users\Harry Dresden\AppData\Roaming\Spotify\locales\bg.pak
  • C:\Users\Harry Dresden\AppData\Roaming\Spotify\Apps\hub.spa
  • C:\Users\Harry Dresden\AppData\Roaming\Spotify\Apps\about.spa
  • C:\Users\Harry Dresden\AppData\Roaming\Spotify\Apps\share.spa
  • C:\Users\Harry Dresden\AppData\Roaming\Spotify\locales\ml.pak
  • C:\Users\Harry Dresden\AppData\Roaming\Spotify\locales\ru.pak
  • C:\Users\Harry Dresden\AppData\Roaming\Spotify\locales\lv.pak
  • C:\Users\Harry Dresden\AppData\Roaming\Spotify\Apps\settings.spa
  • C:\Users\Harry Dresden\AppData\Roaming\Spotify\Apps\zlink.spa
  • C:\Users\Harry Dresden\AppData\Roaming\Spotify\locales\de.mo
  • C:\Users\Harry Dresden\AppData\Roaming\Spotify\locales\fr-CA.mo
  • C:\Users\Harry Dresden\AppData\Roaming\Spotify\locales\pl.pak
  • C:\Users\Harry Dresden\AppData\Roaming\Spotify\Apps\daily-mix-hub.spa
  • C:\Users\Harry Dresden\AppData\Roaming\Spotify\locales\zh-TW.pak
  • C:\Users\Harry Dresden\AppData\Roaming\Spotify\locales\nl.mo
  • C:\Users\Harry Dresden\AppData\Roaming\Spotify\locales\es.mo
  • C:\Users\Harry Dresden\AppData\Roaming\Spotify\locales\fil.pak
  • C:\Users\Harry Dresden\AppData\Roaming\Spotify\locales\pl.mo
  • C:\Users\Harry Dresden\AppData\Roaming\Spotify\Apps\profile.spa
  • C:\Users\Harry Dresden\AppData\Roaming\Spotify\libcef.dll
  • C:\Users\Harry Dresden\AppData\Roaming\Spotify\locales\it.pak
  • C:\Users\Harry Dresden\AppData\Roaming\Spotify\locales\id.mo
  • C:\Users\Harry Dresden\AppData\Roaming\Spotify\locales\zh-Hant.mo
  • C:\Users\Harry Dresden\AppData\Roaming\Spotify\Apps\radio-hub.spa
  • C:\Users\Harry Dresden\AppData\Roaming\Spotify\locales\ms.pak
  • C:\Users\Harry Dresden\AppData\Roaming\Spotify\locales\tr.mo
  • C:\Users\Harry Dresden\AppData\Roaming\Spotify\Apps\buddy-list.spa
  • C:\Users\Harry Dresden\AppData\Roaming\Spotify\locales\uk.pak
  • C:\Users\Harry Dresden\AppData\Roaming\Spotify\Apps\artist.spa
  • C:\Users\Harry Dresden\AppData\Roaming\Spotify\locales\en.mo
  • C:\Users\Harry Dresden\AppData\Roaming\Spotify\Apps\recently-played.spa
  • C:\Users\Harry Dresden\AppData\Roaming\Spotify\Apps\show.spa
  • C:\Users\Harry Dresden\AppData\Roaming\Spotify\Apps\collection-album.spa
  • C:\Users\Harry Dresden\AppData\Roaming\Spotify\Apps\playlist-desktop.spa
  • C:\Users\Harry Dresden\AppData\Roaming\Spotify\locales\ca.pak
  • C:\Users\Harry Dresden\AppData\Roaming\Spotify\Apps\concerts.spa