'
metaflows logo
Category Started On Completed On Duration Cuckoo Version
FILE 2018-07-19 21:01:51.924915 2018-07-19 21:03:49.913213 117 seconds 2.0-dev
Machine Label Manager Started On Shutdown On
win7cuckoo win7 Clone 1 VirtualBox 2018-07-19 21:01:54 2018-07-19 21:03:49

File Details

File name 9d397245b87577085c5d5e3b9eef63dc522e84d8.exe
File size 2738584 bytes
File type PE32 executable (GUI) Intel 80386, for MS Windows
CRC32 2F9297FF
MD5 4866ec87a05d94fb1a79fa29e95282c9
SHA1 9d397245b87577085c5d5e3b9eef63dc522e84d8
SHA256 6b05fcab491109b518a3f75c8befe7b3cf283001949d66aeda06d95eb7589ebd
SHA512 81f403905a8e1783ede83aa2249bf2f73793aff8d643494c89d12db37688572133a8ca61e3d7a2d9f90787924732126846d1d3d374e644444a586b4233489c55
Ssdeep None
PEiD None matched
Yara
  • Str_Win32_Http_API (Match Windows Http API call)
  • with_sqlite (Rule to detect the presence of SQLite data in raw image)
VirusTotal File not found on VirusTotal

MetaFlows Scores

Metaflows Analysis Results (Signatures=75, Anomalies=0, PEiD=0, Yara=0, VT[1532048767]=0): Snort Events=1, AV Events=0
Total Score=75

SNORT EVENTS:
ETPRO EXPLOIT Multiple Vendor Malformed ZIP Archive Antivirus Detection Bypass

Signatures

adware_url_accessed details
has_pdb details
antivm_memory_available details
raises_exception details
dumped_buffer details
openprocess_nonchild details
Roaming_Profile_Modified details
Startup_File_Accessed details
allocates_rwx details
antisandbox_foregroundwindows details
infostealer_browser details
origin_langid details
creates_shortcut details
stealth_window details
antivm_network_adapters details
injection_duplicate_handle details
ransomware_files details
Windows_Proxy_Tinkering details
nolookup_communication details
browser_security details
modifies_certificates details

Screenshots

No screenshots available.

Static Analysis

Version Infos

Sections

Resources

Imports

Exports

Strings