'
metaflows logo
Category Started On Completed On Duration Cuckoo Version
FILE 2018-01-23 05:56:27.675826 2018-01-23 05:58:20.614809 112 seconds 2.0-dev
Machine Label Manager Started On Shutdown On
win7cuckoo win7 Clone 1 VirtualBox 2018-01-23 05:56:28 2018-01-23 05:58:20

File Details

File name 58d7476afb5319f6231ab4c7e4ba947e77fe9940.exe
File size 1019336 bytes
File type PE32 executable (GUI) Intel 80386, for MS Windows
CRC32 425737B7
MD5 2f6316e5424241d8e368803073a991aa
SHA1 58d7476afb5319f6231ab4c7e4ba947e77fe9940
SHA256 1ed4c28d0af05a16eaa222811c5e7df331423eddf52bab6851f23bb56a8490aa
SHA512 d5b51fdcceb5fa45967825a2249e5d5af11be1e5c24f632425773ced5fc7956a52c4fdd1c04912d66abe657fda476eda8fa4e02c1456ee467518f85c66e38f19
Ssdeep None
PEiD None matched
Yara
  • Str_Win32_Http_API (Match Windows Http API call)
VirusTotal File not found on VirusTotal

MetaFlows Scores

Metaflows Analysis Results (Signatures=75, Anomalies=0, PEiD=0, Yara=0, VT[1516705158]=0): Snort Events=0, AV Events=0
Total Score=75

Dropped File/Buffer Yara Signatures:
c21127a1c4c3e5331bff2988096046fd480b7cf0 [BUFFER]: shellcode
b9b69414b9081c782676074997b1da873cf93a13 [BUFFER]: embedded_win_api
c53af92f772932d71ef9f3422866ad38a6aabbc4 [BUFFER]: embedded_pe
c53af92f772932d71ef9f3422866ad38a6aabbc4 [BUFFER]: shellcode
87d10e118a971efabb4929483a50087f480df427 [BUFFER]: embedded_pe
87d10e118a971efabb4929483a50087f480df427 [BUFFER]: embedded_win_api
9f83bba41d476ffd23f41601019cc0d4a7c1a2c0 [BUFFER]: embedded_pe
9f83bba41d476ffd23f41601019cc0d4a7c1a2c0 [BUFFER]: embedded_win_api
9f83bba41d476ffd23f41601019cc0d4a7c1a2c0 [BUFFER]: shellcode
9f83bba41d476ffd23f41601019cc0d4a7c1a2c0 [BUFFER]: Str_Win32_Http_API
b8070bc7c7dafd0fc47dad81be0fdcbe97fa5c1e [BUFFER]: shellcode
64d3d201fa229af7baa35f208594a8a00a21a5a0 [BUFFER]: shellcode
564b35155a52e854fa70ab412d64a90d429bc0b3 [BUFFER]: shellcode
5f27b06596b607eeedc8611de0f63ba9afb4a613 [BUFFER]: shellcode
7f956ce5b6ac1ec7de84d5fe009c9eba59f69f4c [BUFFER]: embedded_pe
7f956ce5b6ac1ec7de84d5fe009c9eba59f69f4c [BUFFER]: embedded_win_api
7f956ce5b6ac1ec7de84d5fe009c9eba59f69f4c [BUFFER]: Str_Win32_Http_API
cf61928ada829dd8cdd1c2f3855d9403dbbc9758 [BUFFER]: embedded_win_api
cf61928ada829dd8cdd1c2f3855d9403dbbc9758 [BUFFER]: Str_Win32_Http_API
58437639891d4fcade5905a40ce43d5d3acb8eb2 [BUFFER]: embedded_pe
58437639891d4fcade5905a40ce43d5d3acb8eb2 [BUFFER]: embedded_win_api
58437639891d4fcade5905a40ce43d5d3acb8eb2 [BUFFER]: shellcode
9cce089b9f4637ede6b13a37b834ffe763ea4673 [BUFFER]: shellcode
fa347ee75f516568b238cbbcd93040f4c92862ea [BUFFER]: shellcode
bbcb873c98d2b358397db0251a0d9cd1eb81b793 [BUFFER]: shellcode
d48a288515cdbc61dc65ece11049e97e208154af [BUFFER]: embedded_win_api
d48a288515cdbc61dc65ece11049e97e208154af [BUFFER]: shellcode
d48a288515cdbc61dc65ece11049e97e208154af [BUFFER]: Str_Win32_Http_API
27eb980c1f2fd16d0a75ccedc8dfa6f24359b8f5 [BUFFER]: embedded_pe
c90c2d12a8d3e583393ece229b7df1db2d48d436 [BUFFER]: embedded_pe
150360d5d5d33f66d84cb4550efa24a3be9b4431 [BUFFER]: embedded_pe
871e01ec0abb9ed77d8118b19747fa2baf3552ff [BUFFER]: embedded_win_api
105f442a6e0deae7d2176c4747b1c87db4faa911 [BUFFER]: embedded_pe
1376d706617180806007d64ffd6636d4b2b7ebb8 [BUFFER]: embedded_win_api
636f003bcd0ebf3567dab9af010e9b8facf6a7da [BUFFER]: shellcode
96554149cce87b5c8ae015b2e6500c256e0e7a7a [BUFFER]: shellcode
0016d656a40b5881226106e77d4b89bbf2f2654e [BUFFER]: shellcode
a198c45666bcbcbab549d77617d7ec73e3a9ba62 [BUFFER]: shellcode
35bc71d3036d77db45c2dbbff9e516686781624a [BUFFER]: shellcode
7a8db667d6d278acc5b56ccd64e743caff7a388d [BUFFER]: shellcode
3e84b28a3983c061ea483e2cc51f364aac3089cc [BUFFER]: shellcode
ed0c3ec3b4b0c97ff70fb1885343530a1727322e [BUFFER]: shellcode
1b17749c7dcf9775a7862bc767e7af52549b5db1 [BUFFER]: shellcode
cbb4babd01e0f73825458ad61f0049a841262792 [BUFFER]: shellcode
d80b0e9efdd45031fddb1b2135e1958f6e999621 [BUFFER]: shellcode
1b6bd112eb9d701ebc0c4d8f988c7ae3706e24b3 [BUFFER]: shellcode
c5f284989ec3820b38ff663a93cfd3cc7f2d9f9d [BUFFER]: shellcode
d897baf5239854d93702032b15f6912722ba3525 [BUFFER]: shellcode
cb99f29b092a4ab2378a1f21addeb68a484d4192 [BUFFER]: embedded_win_api
cb99f29b092a4ab2378a1f21addeb68a484d4192 [BUFFER]: shellcode
576b10ad20b9b1b46821c5d2b1a82b09edc2c8ca [BUFFER]: embedded_pe
7666a90179020d3380e286bf96767a6f95e02f6e [BUFFER]: shellcode
09807612b1f6350fbe4e289b21063525b1474ce6 [BUFFER]: shellcode
db551e124e6365f4628e371d1e8fbdcd20c94993 [BUFFER]: shellcode
9e83d64c57a6a2186c4527ef0bb19f42015b2ebf [BUFFER]: shellcode
704a6a19d68c97393f424b7048b835a5407d4eab [BUFFER]: shellcode
5de1602a01643bbc8a48a762139f3fd8ff460102 [BUFFER]: shellcode
0668a5942c41614581901ea4330f18ae403ea83c [BUFFER]: shellcode
78ba36f13b9d056d18d9b5d26f60433f1ed0bdb9 [BUFFER]: shellcode
5a18368c5edeee48a074ce471616288881a292bb [BUFFER]: shellcode
4de4972e1c4ef22e7cdb17ff6d54fb5244211de3 [BUFFER]: shellcode
c06f56acae9a12649bcadd4d3809fc7dd9abf5e8 [BUFFER]: shellcode
225bdeda2eac741c31e151af8e3c41eb893f7207 [BUFFER]: shellcode
b0910b61c52ac2a04d8072f6109bb170425fe4b3 [BUFFER]: shellcode
d41c49d883762a75a4000202fcc5db05778fc61d [BUFFER]: shellcode
1b179f0c7e3f0d4181128ea24852951098d3b0e1 [BUFFER]: shellcode
23df098f246d8b6c7d4d751abe0fc8d4ec4540cd [BUFFER]: shellcode
c6a77fbc4aeb0942eda1ce9a86e6552a18ce28a5 [BUFFER]: shellcode
107bc408b5043c4a7d4c486570a3afb41a016b74 [BUFFER]: shellcode
1bddc1ad507913a153488057177937793a7124bd [BUFFER]: shellcode
f7d21f1d4db1a6ede478d296f9da9c97c4ed06fd [BUFFER]: with_sqlite
805eeac6272794a4a40d5bba89bcc4f9dfd05de1 [BUFFER]: embedded_win_api
805eeac6272794a4a40d5bba89bcc4f9dfd05de1 [BUFFER]: Str_Win32_Http_API
a1718972f5144c2dd7cbd5b2412ae32c26f0bb9c [BUFFER]: embedded_pe
ed991b7986debd98b2544e50755002706e06ad67 [BUFFER]: embedded_win_api
59d8c2d910940233f624af07d77afc018585dfbf [BUFFER]: embedded_pe
406af4665cc419f3d34d9b1dc01c0da7a26aa51b [BUFFER]: embedded_win_api
2c0f8a11c56443d8695b5bee1013083b93200444 [BUFFER]: embedded_pe
8c8c6342afd1bdfdcb654b4e88dd371370d05af1 [BUFFER]: embedded_win_api
30f771e030e4d4d3128e28790e43b02484ea5c73 [BUFFER]: embedded_pe
30f771e030e4d4d3128e28790e43b02484ea5c73 [BUFFER]: embedded_win_api
30f771e030e4d4d3128e28790e43b02484ea5c73 [BUFFER]: Str_Win32_Http_API
a3f4908e8299df17df3e70f7e40a6b97e0345dc6 [BUFFER]: shellcode
2ea385cfbf0a02012a1c596e19c5be43edd2c579 [BUFFER]: shellcode
3fe2f2a74aa63233a59819eeace0c780a42a657c [BUFFER]: shellcode
db8796bea2c06bddfe16819268e3a2232fe1cd84 [BUFFER]: shellcode
36035ae6c9c35eb1792a4b67be2d35e7e5adb460 [BUFFER]: shellcode
5cc9f77c0881f8cae5cdf0600305b6833e79bc6f [BUFFER]: shellcode
f2710b2f88d8acbc1a296621a39a8e0ef80e01ef [BUFFER]: shellcode
badcada4122bac11b8f3ab1ec9071b861ff9c33f [BUFFER]: shellcode
d79f1b0ab52f9f9abc8106ff9e7f70cd22fdf35d [BUFFER]: shellcode
a61dbca8adb61ba86696e951b1f1b99d6dc15608 [BUFFER]: shellcode
4dd3c58df03b1126f6a9b6e85d3caeaa39f7475e [BUFFER]: embedded_win_api
4dd3c58df03b1126f6a9b6e85d3caeaa39f7475e [BUFFER]: Str_Win32_Http_API
6a6a7dae5b42be11f776eee9bf6d895f5c53c8dd [BUFFER]: embedded_pe
6d752d9f40225a7c67f4ffe2742c1cf1b31cef05 [BUFFER]: embedded_pe
2a050196c2195cf79a19486ff0f639d08f37fca5 [BUFFER]: shellcode
22f8746417cd7517e5f240fb287eb1419292fe07 [BUFFER]: shellcode
a803fa463a6a87b0dfb636baadeae5959e2ccbcb [BUFFER]: shellcode
d30133c4f3e3b08c9d962cf769086b4f09bd84d4 [BUFFER]: embedded_pe
fca45f407951d0b0c857ea94568bf9eba7c5b828 [BUFFER]: embedded_win_api
f17478a5c7657268f0c3b3f6d00ac0c9d2ff95f4 [BUFFER]: embedded_pe
d3310e7a1513b647f6899cc268e935e52c213a7a [BUFFER]: shellcode
2a396309cb0a803c82df4e76d1a7636b57bf0145 [BUFFER]: shellcode
eb03e6bac8c6034fb41b8ec11a2581a687ba27d9 [BUFFER]: shellcode
1677cfd9f29c27ec03d6b1635276b19208008d7c [BUFFER]: embedded_win_api
41f5a769aa273a6a1006a103c0ff93e57f32bb37 [BUFFER]: embedded_pe
3ffa85696ada2cfe95e47abdba2e83bc4733c20e [BUFFER]: embedded_win_api
1e13215c17262ac82d9e817382cf2c645046bad1 [BUFFER]: embedded_pe
62e019ed175059b19b942c42ced31137bd1da05f [BUFFER]: embedded_win_api
62e019ed175059b19b942c42ced31137bd1da05f [BUFFER]: Str_Win32_Http_API
6b7e11920f2c44628c7a8b334aa225ab130e5ba8 [BUFFER]: embedded_pe
c135db87b60f48d576e1bd1b19cb4cc507aab5ae [BUFFER]: embedded_win_api
cd988091c72c210e58f3ff27202b0ef08484da6c [BUFFER]: embedded_pe
9422b860f46a859e10ea861eee82bfd7043eca0d [BUFFER]: embedded_pe
9422b860f46a859e10ea861eee82bfd7043eca0d [BUFFER]: embedded_win_api
a8e1d125db41651690709af1f7e5e0379b178daa [BUFFER]: embedded_win_api
b947d7011c0d1764ac45b4523dfd749d24030603 [BUFFER]: embedded_pe
696b7c1ac95d60ddd026a51d1580f4ad0ddefce7 [BUFFER]: embedded_win_api
4f7d66ac55bced50e582c9bf92bced196a7f17df [BUFFER]: embedded_pe
4d3e9bc3c5f40f585d77da4147d81826d68575f8 [BUFFER]: embedded_win_api
4d3e9bc3c5f40f585d77da4147d81826d68575f8 [BUFFER]: Str_Win32_Http_API
671b77a5dfa2695a87df68d59b553f066cb9dfe3 [BUFFER]: embedded_pe
671b77a5dfa2695a87df68d59b553f066cb9dfe3 [BUFFER]: shellcode
444bbed2c1621d3f58825ced63f333500731c66a [BUFFER]: embedded_win_api
444bbed2c1621d3f58825ced63f333500731c66a [BUFFER]: shellcode
fbba0eb58ab64f91c6fc7833946478c0b31a5207 [BUFFER]: vmdetect

Signatures

adware_url_accessed details
antivm_queries_computername details
has_pdb details
locates_browser details
antivm_memory_available details
raises_exception details
dumped_buffer details
openprocess_nonchild details
Roaming_Profile_Modified details
Startup_File_Accessed details
network_bind details
allocates_rwx details
antivm_disk_size details
origin_langid details
creates_shortcut details
has_wmi details
antivm_network_adapters details
privilege_luid_check details
wmi_antivm details
dumped_buffer2 details
injection_duplicate_handle details
Windows_Proxy_Tinkering details
Startup_Added_to_Registry details
persistence_autorun details
multiple_useragents details

Screenshots

No screenshots available.

Static Analysis

Version Infos

Sections

Resources

Imports

Strings