'
metaflows logo
Category Started On Completed On Duration Cuckoo Version
FILE 2018-07-25 14:42:09.821472 2018-07-25 14:44:10.446019 120 seconds 2.0-dev
Machine Label Manager Started On Shutdown On
win7cuckoo win7 Clone 1 VirtualBox 2018-07-25 14:42:11 2018-07-25 14:44:10

File Details

File name 13e2c813940c7a07dc9f4428959ac120c6f57eea.dll
File size 21052848 bytes
File type PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
CRC32 A6E6482C
MD5 bf9eec9a66db8584472bef780b862cbb
SHA1 13e2c813940c7a07dc9f4428959ac120c6f57eea
SHA256 cd86608669036920b66bf2c642d716b348a2eee6affc39bddebef555517f7912
SHA512 4028deb2ea544645bb2be1be329905ac81528316ae34f246377f2849b86a5c244629d067c2bcce15bed188c5149498cd24280d5597ca052ebcba14aa968df880
Ssdeep None
PEiD None matched
Yara None matched
VirusTotal Permalink
VirusTotal Scan Date: 2018-07-07 00:13:13
Detection Rate: 1/66 (Expand)

MetaFlows Scores

Metaflows Analysis Results (Signatures=75, Anomalies=0, PEiD=0, Yara=0, VT[1532544401]=0): Snort Events=0, AV Events=0
Total Score=75

Dropped File/Buffer Yara Signatures:
2a3ee323be65cd54_magfpxio.dll: GenerateTLSClientHelloPacket_Test
1ed005f4cdc3f828_youtubeagent.dll: Str_Win32_Http_API
30046d0d001cc27a_magengin.dll: GenerateTLSClientHelloPacket_Test
2ca924890a4acf53_httpagent.dll: Str_Win32_Http_API
556116a882b0e5f9_amcmain.dll: Str_Win32_Http_API
cb9a09287e001341_asmjpegdec.dll: GenerateTLSClientHelloPacket_Test
9d88917df18d6ba5_asmjpegencoderdll.dll: GenerateTLSClientHelloPacket_Test
4ae6503e3e61edec_lcdecoder.dll: GenerateTLSClientHelloPacket_Test

Signatures

antivm_memory_available details
pe_features details
openprocess_nonchild details
allocates_rwx details
antivm_disk_size details
privilege_luid_check details
ransomware_dropped_files details
ransomware_files details
nolookup_communication details
persistence_autorun details
ransomware_dropped_files details
ransomware_message details

Screenshots

No screenshots available.

Static Analysis

Sections

Resources

Imports

Strings