'
metaflows logo
Category Started On Completed On Duration Cuckoo Version
FILE 2017-12-03 17:30:58.164416 2017-12-03 17:32:51.480461 113 seconds 2.0-dev
Machine Label Manager Started On Shutdown On
win7cuckoo win7 Clone 1 VirtualBox 2017-12-03 17:30:59 2017-12-03 17:32:51

File Details

File name 4e586ce82fed9bd547b6a3bf3145a8e0cb640be2.exe
File size 1015616 bytes
File type PE32 executable (GUI) Intel 80386, for MS Windows
CRC32 F6BC08A0
MD5 0e1060394236375d9c8453fabcc56b7c
SHA1 4e586ce82fed9bd547b6a3bf3145a8e0cb640be2
SHA256 c0b4142ec58bcb8c4ef45ca4b80f6f86bd1fec00a77bc3401d9c2c560f4e07ad
SHA512 471ac0e6f61e7bd72959c248983853e7ef55c424eb7c05e9e0823eb2157b49b4036358d251652e2696a6823b31bac827abbc3451596eb40765d5169902d51f58
Ssdeep None
PEiD None matched
Yara
  • Str_Win32_Http_API (Match Windows Http API call)
VirusTotal File not found on VirusTotal

MetaFlows Scores

Metaflows Analysis Results (Signatures=75, Anomalies=0, PEiD=0, Yara=2, VT[1512340479]=0): Snort Events=1, AV Events=0
Total Score=75

SNORT EVENTS:
ET POLICY Executable served from Amazon S3

Dropped File/Buffer Yara Signatures:
5344a3a9ca524e08_scpDEC.tmp.exe: Str_Win32_Http_API
665234d60af20b6280a6e20c7196ba8b55836b92 [BUFFER]: embedded_win_api
04d9968957ee27cb5edc2599e4fa29753557fa96 [BUFFER]: embedded_pe
04d9968957ee27cb5edc2599e4fa29753557fa96 [BUFFER]: shellcode
87d10e118a971efabb4929483a50087f480df427 [BUFFER]: embedded_pe
87d10e118a971efabb4929483a50087f480df427 [BUFFER]: embedded_win_api
9f83bba41d476ffd23f41601019cc0d4a7c1a2c0 [BUFFER]: embedded_pe
9f83bba41d476ffd23f41601019cc0d4a7c1a2c0 [BUFFER]: embedded_win_api
9f83bba41d476ffd23f41601019cc0d4a7c1a2c0 [BUFFER]: shellcode
9f83bba41d476ffd23f41601019cc0d4a7c1a2c0 [BUFFER]: Str_Win32_Http_API
b8070bc7c7dafd0fc47dad81be0fdcbe97fa5c1e [BUFFER]: shellcode
64d3d201fa229af7baa35f208594a8a00a21a5a0 [BUFFER]: shellcode
564b35155a52e854fa70ab412d64a90d429bc0b3 [BUFFER]: shellcode
5f27b06596b607eeedc8611de0f63ba9afb4a613 [BUFFER]: shellcode
7f956ce5b6ac1ec7de84d5fe009c9eba59f69f4c [BUFFER]: embedded_pe
7f956ce5b6ac1ec7de84d5fe009c9eba59f69f4c [BUFFER]: embedded_win_api
7f956ce5b6ac1ec7de84d5fe009c9eba59f69f4c [BUFFER]: Str_Win32_Http_API
cf61928ada829dd8cdd1c2f3855d9403dbbc9758 [BUFFER]: embedded_win_api
cf61928ada829dd8cdd1c2f3855d9403dbbc9758 [BUFFER]: Str_Win32_Http_API
58437639891d4fcade5905a40ce43d5d3acb8eb2 [BUFFER]: embedded_pe
58437639891d4fcade5905a40ce43d5d3acb8eb2 [BUFFER]: embedded_win_api
58437639891d4fcade5905a40ce43d5d3acb8eb2 [BUFFER]: shellcode
9cce089b9f4637ede6b13a37b834ffe763ea4673 [BUFFER]: shellcode
fa347ee75f516568b238cbbcd93040f4c92862ea [BUFFER]: shellcode
bbcb873c98d2b358397db0251a0d9cd1eb81b793 [BUFFER]: shellcode
d48a288515cdbc61dc65ece11049e97e208154af [BUFFER]: embedded_win_api
d48a288515cdbc61dc65ece11049e97e208154af [BUFFER]: shellcode
d48a288515cdbc61dc65ece11049e97e208154af [BUFFER]: Str_Win32_Http_API
27eb980c1f2fd16d0a75ccedc8dfa6f24359b8f5 [BUFFER]: embedded_pe
c90c2d12a8d3e583393ece229b7df1db2d48d436 [BUFFER]: embedded_pe
150360d5d5d33f66d84cb4550efa24a3be9b4431 [BUFFER]: embedded_pe
871e01ec0abb9ed77d8118b19747fa2baf3552ff [BUFFER]: embedded_win_api
105f442a6e0deae7d2176c4747b1c87db4faa911 [BUFFER]: embedded_pe
1376d706617180806007d64ffd6636d4b2b7ebb8 [BUFFER]: embedded_win_api
636f003bcd0ebf3567dab9af010e9b8facf6a7da [BUFFER]: shellcode
96554149cce87b5c8ae015b2e6500c256e0e7a7a [BUFFER]: shellcode
0016d656a40b5881226106e77d4b89bbf2f2654e [BUFFER]: shellcode
a198c45666bcbcbab549d77617d7ec73e3a9ba62 [BUFFER]: shellcode
35bc71d3036d77db45c2dbbff9e516686781624a [BUFFER]: shellcode
7a8db667d6d278acc5b56ccd64e743caff7a388d [BUFFER]: shellcode
3e84b28a3983c061ea483e2cc51f364aac3089cc [BUFFER]: shellcode
ed0c3ec3b4b0c97ff70fb1885343530a1727322e [BUFFER]: shellcode
1b17749c7dcf9775a7862bc767e7af52549b5db1 [BUFFER]: shellcode
cbb4babd01e0f73825458ad61f0049a841262792 [BUFFER]: shellcode
d80b0e9efdd45031fddb1b2135e1958f6e999621 [BUFFER]: shellcode
1b6bd112eb9d701ebc0c4d8f988c7ae3706e24b3 [BUFFER]: shellcode
c5f284989ec3820b38ff663a93cfd3cc7f2d9f9d [BUFFER]: shellcode
d897baf5239854d93702032b15f6912722ba3525 [BUFFER]: shellcode
cb99f29b092a4ab2378a1f21addeb68a484d4192 [BUFFER]: embedded_win_api
cb99f29b092a4ab2378a1f21addeb68a484d4192 [BUFFER]: shellcode
039d95ca9c6794adde40dba771c7e5e13c497360 [BUFFER]: embedded_pe
712b6fa2ccb2eef9cc584da9b167861574bfb306 [BUFFER]: shellcode
11ba25a990a48e4bb79ebb76e07de2289afdfd14 [BUFFER]: shellcode
21791df6d23687d0dcfc46d1f90aa761cef0a75b [BUFFER]: shellcode
3d0e9c3d318af519cfe3ff284ecd56c1ba400f01 [BUFFER]: shellcode
7a1ad5cbe2197e2157177aee1b99e374eb12a974 [BUFFER]: shellcode
c077345444491f77204bbbcf9c8dec496acb45f7 [BUFFER]: shellcode
e4b53a311edf9f3446f618ea82eb9bed252d3e49 [BUFFER]: shellcode
4ecb98d0f1562bff709d1289a10245de56e4ba6b [BUFFER]: shellcode
0701948e75609cb2efca9929ba3485dba58330b8 [BUFFER]: shellcode
4d719ac3f74cc96945b1730c5c8f764c71a48328 [BUFFER]: shellcode
ab6f5a165f837690ab611b90883dc3f3bee54aeb [BUFFER]: shellcode
d508b1753a93034e7f53fac8a4739c210b78ed94 [BUFFER]: shellcode
44bd5a24d2107914e34589c34812b8861c85101f [BUFFER]: shellcode
74359d7b50de10752897dc3605fc3d54f05e5c23 [BUFFER]: shellcode
babbce9448a0a417c020b8390562438cca8e7ef1 [BUFFER]: shellcode
017a78096f5716acd70d0409ab2e6c9104a229d8 [BUFFER]: shellcode
1692d7c0e73f609a41ae1263bf664abcd0e92343 [BUFFER]: shellcode
894cac8e8e07678f943381e28ac1c165d1a07960 [BUFFER]: shellcode
6b383abc0cd1976f8408062a3007dabe1df2d1db [BUFFER]: with_sqlite
9e779cfa84c0c73e65531ad02d8a135c2555ed6e [BUFFER]: shellcode
59bbaedd96742b0162a8816d75090760030ab932 [BUFFER]: embedded_win_api
c51d2d1fafe64ed379f8e23daa69ba725a068342 [BUFFER]: embedded_win_api
c51d2d1fafe64ed379f8e23daa69ba725a068342 [BUFFER]: Str_Win32_Http_API
a05d6503bc2f8810bc59b05f92aa245ad17cf468 [BUFFER]: embedded_pe
db32e6e1b7383c3ccdaf30712881ce11e7c11af1 [BUFFER]: embedded_win_api
085f3409dc397be3dd64510a47943af2a3b55fc9 [BUFFER]: embedded_pe
108ce6898535bfe9dbd1fa962e48230cf5e37fe3 [BUFFER]: embedded_pe
108ce6898535bfe9dbd1fa962e48230cf5e37fe3 [BUFFER]: embedded_win_api
b340ec213425dc95f23fc58e646af21264ac50b3 [BUFFER]: embedded_pe
b340ec213425dc95f23fc58e646af21264ac50b3 [BUFFER]: embedded_win_api
b340ec213425dc95f23fc58e646af21264ac50b3 [BUFFER]: Str_Win32_Http_API
7dd005c19f758f1301f2021915aa52862cfb1a21 [BUFFER]: shellcode
c3a1faa90c2d950fe6ccf9b86912616187466e8a [BUFFER]: shellcode
512ca0acb8684c1ec4500ba719848ea9792e65c3 [BUFFER]: shellcode
4cbd45cc61bbfce6fe42681e60a0c1fd3fabf16f [BUFFER]: shellcode
1d5523462feee2968422dbd7b67fc2bf4489f84e [BUFFER]: shellcode
4c576604822f66e28ddf2f9a9d2da06ef294ce05 [BUFFER]: shellcode
5a5bf04f79c26977e93009ffa3e4e487454aa29f [BUFFER]: shellcode
372d019f2c81e4635eb29da85f77ed26d135eea6 [BUFFER]: shellcode
426f746796a88e43e1f2adeac9c8a4903981e481 [BUFFER]: shellcode
c19a0cd2a1eaa27737478ee9f8b3c0b736a1ee81 [BUFFER]: shellcode
2e26c51fb0db4385c82c95ae960b9b892525ecc8 [BUFFER]: shellcode
e161a8a10d6500f54ad6cf1b001b0b399a9ab712 [BUFFER]: embedded_win_api
e161a8a10d6500f54ad6cf1b001b0b399a9ab712 [BUFFER]: Str_Win32_Http_API
df431c653110f161350bb1d9ef2d74839a75eb78 [BUFFER]: embedded_pe
0fbfd50c0655d13f907eaf2e634c519889da3e9f [BUFFER]: embedded_pe
0fbfd50c0655d13f907eaf2e634c519889da3e9f [BUFFER]: shellcode
6426439ce3ad09dc899698975679061660d32b0c [BUFFER]: shellcode
2ee3b2dccb686f6dd4460e8b52d7f2427564027f [BUFFER]: shellcode
be68a35f8b8521d6710ba9ae0c17eb89d54fd8e6 [BUFFER]: embedded_pe
0cceb7e5cb3a21b159ace1eaeb7e86b2a2122443 [BUFFER]: embedded_win_api
9467ea09c8a30e6a609e621122ed0ba8d11d7600 [BUFFER]: embedded_pe
9467ea09c8a30e6a609e621122ed0ba8d11d7600 [BUFFER]: shellcode
822cedebb42cfc6c0e9371d346ab6c439461a34a [BUFFER]: shellcode
ca65c6a45e40ae7be3833952793ee23d5165a9aa [BUFFER]: shellcode
89ac05040fbfa08fb60b71654e3cafe3c0c96388 [BUFFER]: embedded_win_api
ddb6d6d90a8cee7395dc565a09605bcd182a19cf [BUFFER]: embedded_pe
393fa2400be157bf76f3f6435d5204953f4e1b34 [BUFFER]: embedded_win_api
07c7266267b65d41b051fee8279d823a33d11e6d [BUFFER]: embedded_pe
3fa337805261f9ed54322e109ff2f8fa25bc3295 [BUFFER]: embedded_win_api
3fa337805261f9ed54322e109ff2f8fa25bc3295 [BUFFER]: Str_Win32_Http_API
9562cefe5a826acc6a301bcd7ca722ccdd87efa2 [BUFFER]: embedded_pe
d689a3f1f8e303af89194c5f26f62b2433d5fcbe [BUFFER]: embedded_win_api
ba9fcceef651fdaa1c57ea17059d7b06beb257bd [BUFFER]: embedded_pe
6d40c1f8e3db086f3aac756b6155423db099fe8a [BUFFER]: embedded_pe
6d40c1f8e3db086f3aac756b6155423db099fe8a [BUFFER]: embedded_win_api
c80ad9809d5adeb3d95b1e8dbff3153d6771e999 [BUFFER]: embedded_win_api
405fbfdedb223bf0b3819d39c26bc563a3cf07b8 [BUFFER]: embedded_pe
3b7c95b536b469a8c9c9c168913e1b5282c6cd83 [BUFFER]: embedded_pe
3b7c95b536b469a8c9c9c168913e1b5282c6cd83 [BUFFER]: embedded_win_api
912359522c5f90e5015b24cff024a69842940599 [BUFFER]: embedded_win_api
912359522c5f90e5015b24cff024a69842940599 [BUFFER]: Str_Win32_Http_API
acf8579f5d46de5a3ea792901e86860fd03061fa [BUFFER]: embedded_pe
acf8579f5d46de5a3ea792901e86860fd03061fa [BUFFER]: shellcode
03dc6046f43326bc456dfc33de9d18f7b77ff2b7 [BUFFER]: embedded_win_api
03dc6046f43326bc456dfc33de9d18f7b77ff2b7 [BUFFER]: shellcode
1bf02dd56f299c87944e237da3c9ea83f743399b [BUFFER]: vmdetect
8e9dbcba0a2e90777efe1c192eb816101abe8ec2 [BUFFER]: shellcode
1dfa8460b0450bd37cda17d047f065fee5181690 [BUFFER]: embedded_win_api
1dfa8460b0450bd37cda17d047f065fee5181690 [BUFFER]: shellcode
58b947b44509128c691348bbe5ca03192180fef3 [BUFFER]: shellcode

Signatures

antivm_queries_computername details
has_pdb details
locates_browser details
antivm_memory_available details
raises_exception details
dumped_buffer details
Startup_File_Accessed details
allocates_rwx details
antivm_disk_size details
origin_langid details
creates_shortcut details
suspicious_process details
dropper details
has_wmi details
antivm_network_adapters details
wmi_antivm details
dumped_buffer2 details
Windows_Proxy_Tinkering details
Startup_Added_to_Registry details
persistence_autorun details
multiple_useragents details
banker_zeus_p2p details

Screenshots

No screenshots available.

Static Analysis

Version Infos

Sections

Resources

Imports

Strings