'
metaflows logo
Category Started On Completed On Duration Cuckoo Version
FILE 2018-04-17 06:45:30.550087 2018-04-17 06:47:23.760246 113 seconds 2.0-dev
Machine Label Manager Started On Shutdown On
win7cuckoo win7 Clone 1 VirtualBox 2018-04-17 06:45:31 2018-04-17 06:47:23

File Details

File name DETILAS.exe
File size 245760 bytes
File type PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
CRC32 AB44FE5A
MD5 968c98fd324b231b79e3e13d70c8f47a
SHA1 91eb6ca769e4eaa38123249fefd43c634f05136a
SHA256 7237151c798008638c5c81186b5b13170e42618eec2bf72ce4727292740c59fa
SHA512 65e93fe4dd1b0ea2ccb7ac6a7665755c194b51fb42fa52630fb87abbb19698c08b4ed0b5327a004c33832bd7d56129e1fdb991c3239dd07af2189064d2ffbae2
Ssdeep None
PEiD None matched
Yara None matched
VirusTotal File not found on VirusTotal

MetaFlows Scores

Metaflows Analysis Results (Signatures=125, Anomalies=0, PEiD=0, Yara=0, VT[1523962061]=0): Snort Events=2, AV Events=0
Total Score=125

SNORT EVENTS:
ET INFO DYNAMIC_DNS Query to *.dyndns. Domain
ET POLICY DynDNS CheckIp External IP Address Server Response

Dropped File/Buffer Yara Signatures:
918ba165b164e92fd905e07e53c49a0ddb0c8472 [BUFFER]: embedded_pe
918ba165b164e92fd905e07e53c49a0ddb0c8472 [BUFFER]: embedded_win_api

Signatures

antivm_queries_computername details
locates_browser details
antivm_memory_available details
raises_exception details
dumped_buffer details
create_process_suspended details
openprocess_nonchild details
recon_checkip details
Security_Cache_Tampering details
networkdyndns_checkip details
allocates_rwx details
infostealer_browser details
origin_langid details
recon_checkip details
antivm_network_adapters details
networkdyndns_checkip details
packer_entropy details
privilege_luid_check details
injection_resumethread details
infostealer_ftp details
known_malware_mutex details
Startup_Added_to_Registry details
antisandbox_idletime details
antisandbox_sleep details
persistence_autorun details
infostealer_ftp details
infostealer_im details
injection_write_memory details
injection_write_memory_exe details
infostealer_keylogger details
infostealer_mail details
removes_zoneid_ads details
injection_runpe details

Screenshots

No screenshots available.

Static Analysis

Sections

Resources

Imports

Strings