'
metaflows logo
Category Started On Completed On Duration Cuckoo Version
FILE 2017-09-22 09:31:07.503614 2017-09-22 09:31:53.837087 46 seconds 2.0-dev
Machine Label Manager Started On Shutdown On
win7cuckoo2 win7 Clone 2 VirtualBox 2017-09-22 09:31:08 2017-09-22 09:31:53

File Details

File name 00fc76a0776d1e2703c936293c2329ea33541276.dll
File size 102400 bytes
File type PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
CRC32 AF707ACE
MD5 ed6400dd76c9bc391e8332a076a01db8
SHA1 00fc76a0776d1e2703c936293c2329ea33541276
SHA256 3dd7cf4e5742dfbe81fc03d1a1823f823229eb7c7972e91bb784a7a1a8198fe1
SHA512 9b8ad83a59fa0ce7aa32e0d7c27a1d6d1534aca809382ff1ab41e9687107b464a3c452e15140bd9e2e41928d7f36be199ec41f762e7704638d10d4a41f0c75c1
Ssdeep None
PEiD
  • Armadillo v1.xx - v2.xx
Yara None matched
VirusTotal Permalink
VirusTotal Scan Date: 2008-07-23 17:05:43
Detection Rate: 1/36 (Expand)

MetaFlows Scores

Metaflows Analysis Results (Signatures=50, Anomalies=0, PEiD=0, Yara=2, VT[1506087117]=0): Snort Events=0, AV Events=0
Total Score=50

Signatures

pe_features details
peid_packer details
allocates_rwx details

Screenshots

No screenshots available.

Static Analysis

Sections

Imports

Exports

Strings

Dropped Files

Nothing to display.

Network Analysis

Hosts Involved

DNS Requests

Behavior Summary

File-Read
  • C:\Users\Harry Dresden\AppData\Local\Temp\00fc76a0776d1e2703c936293c2329ea33541276.dll
File-Opened
  • C:\Users\Harry Dresden\AppData\Local\Temp\00fc76a0776d1e2703c936293c2329ea33541276.dll
Registry Key-Read
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableMetaFiles
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableMetaFiles
Mutex-Accessed
  • NobleHand

Processes

registry filesystem process services network synchronization

C:\Windows\system32\lsass.exe PID: 460, Parent PID: 364

"C:\Windows\System32\rundll32.exe" C:\Users\HARRYD~1\AppData\Local\Temp\00fc76a0776d1e2703c936293c2329ea33541276.dll,DllMain PID: 3224, Parent PID: 5744

"C:\Windows\System32\rundll32.exe" C:\Users\HARRYD~1\AppData\Local\Temp\00fc76a0776d1e2703c936293c2329ea33541276.dll,DllMain PID: 3656, Parent PID: 3224

Volatility

Nothing to display.