File hpqhvsei.dll

Size 173.0KB Resubmit sample
Type PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5 7af224232a7e915b9867848d7793e982
SHA1 c62fcbd3bcbcad96300f3a2b34eee8b45f531743
SHA256 13e8c4cf7a4ff19cf73cd5a69d0f0f209c37e61335d6d5b7da28507ff73cec8c
SHA512
abfc757bbfb2f3b75a9ee05f23bf2106559e56069ccc5c26c3503f7af7323932b69e7b9bb304d59c2615a648c2a93ae84df4b5859d1ce4d771bfb80c192eaed3
CRC32 8F17CFC7
ssdeep 3072:8cHKZ0mxv2ngNDd2E9YXlJnCACab2r5lluyzxbhxpg/0Rkg5loJjKzF:Dtmx+ngNDd2EPu2X0yzNhxpgMOPJja
Yara
  • IsPE32 -
  • IsDLL -
  • IsWindowsGUI -
  • IsPacked - Entropy Check
  • HasRichSignature - Rich Signature Check
  • PEiD_00497_dUP_v2_x_Patcher_____www_diablo2oo2_cjb_net_ - [dUP v2.x Patcher --> www.diablo2oo2.cjb.net]
  • PEiD_01091_Microsoft_Visual_C___8_ - [Microsoft Visual C++ 8]
  • PEiD_01686_Petite_v2_2____www_un4seen_com_petite_ - [Petite v2.2 -> www.un4seen.com/petite]
  • PEiD_01693_pex_V0_99____params_ - [pex V0.99 -> params]
  • PEiD_02152_StarForce_V3_X_DLL____StarForce_Copy_Protection_System_ - [StarForce V3.X DLL -> StarForce Copy Protection System]
  • Contains_PE_File - Detect a PE file inside a byte sequence
  • anti_dbg - Checks if being debugged
  • contentis_base64 - This rule finds for base64 strings
  • Visual_Cpp_2005_DLL_Microsoft -
  • Visual_Cpp_2003_DLL_Microsoft -
  • maldoc_function_prolog_signature -
  • maldoc_structured_exception_handling -
  • maldoc_suspicious_strings -

Score

This file appears fairly benign with a score of 0.8 out of 10.

Please notice: The scoring system is currently still in development and should be considered an alpha feature.

Information on Execution

Category Started Completed Duration Logs
FILE Feb. 3, 2019, 6:05 a.m. Feb. 3, 2019, 6:06 a.m. 43 seconds

Machine

Name Label Started On Shutdown On
win7x32 win7x32 2019-02-03 06:05:43 2019-02-03 06:06:05

Analyzer Log

2019-02-02 22:05:20,140 [analyzer] DEBUG: Starting analyzer from: C:\eaiikkbfh
2019-02-02 22:05:20,140 [analyzer] DEBUG: Pipe server name: \\.\PIPE\shZOSjojMMgyUuRBC
2019-02-02 22:05:20,140 [analyzer] DEBUG: Log pipe server name: \\.\PIPE\wTfKnMqjSuNHuVCvLHoouVHqdGsqgmrB
2019-02-02 22:05:20,140 [analyzer] DEBUG: No analysis package specified, trying to detect it automagically.
2019-02-02 22:05:20,140 [analyzer] INFO: Automatically selected analysis package "dll"
2019-02-02 22:05:24,289 [analyzer] DEBUG: Started auxiliary module Disguise
2019-02-02 22:05:24,601 [analyzer] WARNING: Unable to find the correct offsets for functions of: 32-bit kernel32.dll (with timestamp 0x56eb2fb8)
2019-02-02 22:05:24,601 [analyzer] WARNING: Unable to find the correct offsets for functions of: 32-bit kernel32.dll (with timestamp 0x56eb2fb8)
2019-02-02 22:05:24,694 [analyzer] WARNING: Unable to find the correct offsets for functions of: 32-bit ncrypt.dll (with timestamp 0x586e85bb)
2019-02-02 22:05:24,694 [analyzer] WARNING: Unable to find the correct offsets for functions of: 32-bit ncrypt.dll (with timestamp 0x586e85bb)
2019-02-02 22:05:24,694 [analyzer] DEBUG: Loaded monitor into process with pid 476
2019-02-02 22:05:24,694 [analyzer] DEBUG: Started auxiliary module DumpTLSMasterSecrets
2019-02-02 22:05:24,694 [analyzer] DEBUG: Started auxiliary module Human
2019-02-02 22:05:24,710 [analyzer] DEBUG: Started auxiliary module InstallCertificate
2019-02-02 22:05:24,710 [analyzer] DEBUG: Started auxiliary module Reboot
2019-02-02 22:05:24,928 [analyzer] DEBUG: Started auxiliary module RecentFiles
2019-02-02 22:05:24,928 [analyzer] DEBUG: Started auxiliary module Screenshots
2019-02-02 22:05:25,085 [lib.api.process] INFO: Successfully executed process from path 'C:\\Windows\\System32\\rundll32.exe' with arguments [u'C:\\Users\\admin\\AppData\\Local\\Temp\\hpqhvsei.dll,DllMain'] and pid 2848
2019-02-02 22:05:26,832 [analyzer] WARNING: Unable to find the correct offsets for functions of: 32-bit kernel32.dll (with timestamp 0x56eb2fb8)
2019-02-02 22:05:26,832 [analyzer] WARNING: Unable to find the correct offsets for functions of: 32-bit kernel32.dll (with timestamp 0x56eb2fb8)
2019-02-02 22:05:27,315 [analyzer] DEBUG: Loaded monitor into process with pid 2848
2019-02-02 22:05:28,907 [modules.auxiliary.human] INFO: Found button "OK", clicking it
2019-02-02 22:05:30,263 [analyzer] INFO: Process with pid 2848 has terminated
2019-02-02 22:05:30,263 [analyzer] INFO: Process list is empty, terminating analysis.
2019-02-02 22:05:31,309 [analyzer] INFO: Terminating remaining processes before shutdown.
2019-02-02 22:05:31,309 [analyzer] INFO: Analysis completed.

Cuckoo Log

2019-02-03 06:05:43,091 [lib.cuckoo.core.scheduler] INFO: Task #1219: acquired machine win7x32 (label=win7x32)
2019-02-03 06:05:43,104 [modules.auxiliary.sniffer] INFO: Started sniffer with PID 27825 (interface=eth2, host=192.168.128.112, pcap=/opt/cuckoo/storage/analyses/1219/dump.pcap)
2019-02-03 06:05:46,555 [lib.cuckoo.core.guest] INFO: Starting analysis on guest (id=win7x32, ip=192.168.128.112)
2019-02-03 06:06:04,324 [lib.cuckoo.core.guest] INFO: win7x32: analysis completed successfully
2019-02-03 06:06:11,510 [lib.cuckoo.core.plugins] WARNING: The processing module "Suricata" returned the following error: Unable to locate Suricata binary
2019-02-03 06:06:12,643 [elasticsearch] WARNING: HEAD http://127.0.0.1:9200/_template/cuckoo_template [status:N/A request:0.000s]
Traceback (most recent call last):
  File "/usr/local/lib/python2.7/dist-packages/elasticsearch/connection/http_urllib3.py", line 94, in perform_request
    response = self.pool.urlopen(method, url, body, retries=False, headers=self.headers, **kw)
  File "/usr/local/lib/python2.7/dist-packages/urllib3/connectionpool.py", line 643, in urlopen
    _stacktrace=sys.exc_info()[2])
  File "/usr/local/lib/python2.7/dist-packages/urllib3/util/retry.py", line 251, in increment
    raise six.reraise(type(error), error, _stacktrace)
  File "/usr/local/lib/python2.7/dist-packages/urllib3/connectionpool.py", line 594, in urlopen
    chunked=chunked)
  File "/usr/local/lib/python2.7/dist-packages/urllib3/connectionpool.py", line 361, in _make_request
    conn.request(method, url, **httplib_request_kw)
  File "/usr/lib/python2.7/httplib.py", line 1017, in request
    self._send_request(method, url, body, headers)
  File "/usr/lib/python2.7/httplib.py", line 1051, in _send_request
    self.endheaders(body)
  File "/usr/lib/python2.7/httplib.py", line 1013, in endheaders
    self._send_output(message_body)
  File "/usr/lib/python2.7/httplib.py", line 864, in _send_output
    self.send(msg)
  File "/usr/lib/python2.7/httplib.py", line 826, in send
    self.connect()
  File "/usr/local/lib/python2.7/dist-packages/urllib3/connection.py", line 163, in connect
    conn = self._new_conn()
  File "/usr/local/lib/python2.7/dist-packages/urllib3/connection.py", line 147, in _new_conn
    self, "Failed to establish a new connection: %s" % e)
NewConnectionError: <urllib3.connection.HTTPConnection object at 0x7f938403b390>: Failed to establish a new connection: [Errno 111] Connection refused
2019-02-03 06:06:12,645 [elasticsearch] WARNING: HEAD http://127.0.0.1:9200/_template/cuckoo_template [status:N/A request:0.000s]
Traceback (most recent call last):
  File "/usr/local/lib/python2.7/dist-packages/elasticsearch/connection/http_urllib3.py", line 94, in perform_request
    response = self.pool.urlopen(method, url, body, retries=False, headers=self.headers, **kw)
  File "/usr/local/lib/python2.7/dist-packages/urllib3/connectionpool.py", line 643, in urlopen
    _stacktrace=sys.exc_info()[2])
  File "/usr/local/lib/python2.7/dist-packages/urllib3/util/retry.py", line 251, in increment
    raise six.reraise(type(error), error, _stacktrace)
  File "/usr/local/lib/python2.7/dist-packages/urllib3/connectionpool.py", line 594, in urlopen
    chunked=chunked)
  File "/usr/local/lib/python2.7/dist-packages/urllib3/connectionpool.py", line 361, in _make_request
    conn.request(method, url, **httplib_request_kw)
  File "/usr/lib/python2.7/httplib.py", line 1017, in request
    self._send_request(method, url, body, headers)
  File "/usr/lib/python2.7/httplib.py", line 1051, in _send_request
    self.endheaders(body)
  File "/usr/lib/python2.7/httplib.py", line 1013, in endheaders
    self._send_output(message_body)
  File "/usr/lib/python2.7/httplib.py", line 864, in _send_output
    self.send(msg)
  File "/usr/lib/python2.7/httplib.py", line 826, in send
    self.connect()
  File "/usr/local/lib/python2.7/dist-packages/urllib3/connection.py", line 163, in connect
    conn = self._new_conn()
  File "/usr/local/lib/python2.7/dist-packages/urllib3/connection.py", line 147, in _new_conn
    self, "Failed to establish a new connection: %s" % e)
NewConnectionError: <urllib3.connection.HTTPConnection object at 0x7f938403b2d0>: Failed to establish a new connection: [Errno 111] Connection refused
2019-02-03 06:06:12,645 [elasticsearch] WARNING: HEAD http://127.0.0.1:9200/_template/cuckoo_template [status:N/A request:0.000s]
Traceback (most recent call last):
  File "/usr/local/lib/python2.7/dist-packages/elasticsearch/connection/http_urllib3.py", line 94, in perform_request
    response = self.pool.urlopen(method, url, body, retries=False, headers=self.headers, **kw)
  File "/usr/local/lib/python2.7/dist-packages/urllib3/connectionpool.py", line 643, in urlopen
    _stacktrace=sys.exc_info()[2])
  File "/usr/local/lib/python2.7/dist-packages/urllib3/util/retry.py", line 251, in increment
    raise six.reraise(type(error), error, _stacktrace)
  File "/usr/local/lib/python2.7/dist-packages/urllib3/connectionpool.py", line 594, in urlopen
    chunked=chunked)
  File "/usr/local/lib/python2.7/dist-packages/urllib3/connectionpool.py", line 361, in _make_request
    conn.request(method, url, **httplib_request_kw)
  File "/usr/lib/python2.7/httplib.py", line 1017, in request
    self._send_request(method, url, body, headers)
  File "/usr/lib/python2.7/httplib.py", line 1051, in _send_request
    self.endheaders(body)
  File "/usr/lib/python2.7/httplib.py", line 1013, in endheaders
    self._send_output(message_body)
  File "/usr/lib/python2.7/httplib.py", line 864, in _send_output
    self.send(msg)
  File "/usr/lib/python2.7/httplib.py", line 826, in send
    self.connect()
  File "/usr/local/lib/python2.7/dist-packages/urllib3/connection.py", line 163, in connect
    conn = self._new_conn()
  File "/usr/local/lib/python2.7/dist-packages/urllib3/connection.py", line 147, in _new_conn
    self, "Failed to establish a new connection: %s" % e)
NewConnectionError: <urllib3.connection.HTTPConnection object at 0x7f938403bf90>: Failed to establish a new connection: [Errno 111] Connection refused
2019-02-03 06:06:12,646 [elasticsearch] WARNING: HEAD http://127.0.0.1:9200/_template/cuckoo_template [status:N/A request:0.000s]
Traceback (most recent call last):
  File "/usr/local/lib/python2.7/dist-packages/elasticsearch/connection/http_urllib3.py", line 94, in perform_request
    response = self.pool.urlopen(method, url, body, retries=False, headers=self.headers, **kw)
  File "/usr/local/lib/python2.7/dist-packages/urllib3/connectionpool.py", line 643, in urlopen
    _stacktrace=sys.exc_info()[2])
  File "/usr/local/lib/python2.7/dist-packages/urllib3/util/retry.py", line 251, in increment
    raise six.reraise(type(error), error, _stacktrace)
  File "/usr/local/lib/python2.7/dist-packages/urllib3/connectionpool.py", line 594, in urlopen
    chunked=chunked)
  File "/usr/local/lib/python2.7/dist-packages/urllib3/connectionpool.py", line 361, in _make_request
    conn.request(method, url, **httplib_request_kw)
  File "/usr/lib/python2.7/httplib.py", line 1017, in request
    self._send_request(method, url, body, headers)
  File "/usr/lib/python2.7/httplib.py", line 1051, in _send_request
    self.endheaders(body)
  File "/usr/lib/python2.7/httplib.py", line 1013, in endheaders
    self._send_output(message_body)
  File "/usr/lib/python2.7/httplib.py", line 864, in _send_output
    self.send(msg)
  File "/usr/lib/python2.7/httplib.py", line 826, in send
    self.connect()
  File "/usr/local/lib/python2.7/dist-packages/urllib3/connection.py", line 163, in connect
    conn = self._new_conn()
  File "/usr/local/lib/python2.7/dist-packages/urllib3/connection.py", line 147, in _new_conn
    self, "Failed to establish a new connection: %s" % e)
NewConnectionError: <urllib3.connection.HTTPConnection object at 0x7f938403b1d0>: Failed to establish a new connection: [Errno 111] Connection refused
2019-02-03 06:06:12,646 [lib.cuckoo.core.plugins] ERROR: Failed to run the reporting module "ElasticSearch":
Traceback (most recent call last):
  File "/opt/cuckoo/lib/cuckoo/core/plugins.py", line 533, in process
    current.run(self.results)
  File "/opt/cuckoo/modules/reporting/elasticsearch.py", line 196, in run
    self.connect()
  File "/opt/cuckoo/modules/reporting/elasticsearch.py", line 79, in connect
    if not self.es.indices.exists_template("cuckoo_template"):
  File "/usr/local/lib/python2.7/dist-packages/elasticsearch/client/utils.py", line 69, in _wrapped
    return func(*args, params=params, **kwargs)
  File "/usr/local/lib/python2.7/dist-packages/elasticsearch/client/indices.py", line 491, in exists_template
    name), params=params)
  File "/usr/local/lib/python2.7/dist-packages/elasticsearch/transport.py", line 327, in perform_request
    status, headers, data = connection.perform_request(method, url, params, body, ignore=ignore, timeout=timeout)
  File "/usr/local/lib/python2.7/dist-packages/elasticsearch/connection/http_urllib3.py", line 105, in perform_request
    raise ConnectionError('N/A', str(e), e)
ConnectionError: ConnectionError(<urllib3.connection.HTTPConnection object at 0x7f938403b1d0>: Failed to establish a new connection: [Errno 111] Connection refused) caused by: NewConnectionError(<urllib3.connection.HTTPConnection object at 0x7f938403b1d0>: Failed to establish a new connection: [Errno 111] Connection refused)

Signatures

Allocates read-write-execute memory (usually to unpack itself) (1 event)
Time & API Arguments Status Return Repeated
Feb. 3, 2019, 1:05 a.m.
NtProtectVirtualMemory
base_address: 0x6c526000
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_identifier: 2848
process_handle: 0xffffffff
success 0 0
The binary likely contains encrypted or compressed data. (2 events)
section {u'size_of_data': u'0x00025400', u'virtual_address': u'0x00006000', u'entropy': 7.948448397706195, u'name': u'.rdata', u'virtual_size': u'0x00025265'} entropy 7.94844839771 description A section with a high entropy has been found
entropy 0.866279069767 description Overall entropy of this PE file is high

Screenshots

Network

DNS

No domains contacted.

Hosts

No hosts contacted.

Summary

Process rundll32.exe (2848)

Process rundll32.exe (2848)

  • Registry keys read

    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableMetaFiles

Process rundll32.exe (2848)

Process rundll32.exe (2848)

Process rundll32.exe (2848)

  • DLLs Loaded

    • C:\Users\admin\AppData\Local\Temp\hpqhvsei.dll

PE Compile Time

2018-06-30 07:18:29

Sections

Name Virtual Address Virtual Size Size of Raw Data Entropy
.text 0x00001000 0x000045ee 0x00004600 6.52756363643
.rdata 0x00006000 0x00025265 0x00025400 7.94844839771
.data 0x0002c000 0x000018dc 0x00000c00 2.4750330655
.reloc 0x0002e000 0x000008c0 0x00000a00 4.6916397092

Imports

Library KERNEL32.dll:
0x10006000 VirtualAlloc
0x10006004 GetModuleHandleA
0x10006008 VirtualProtect
0x1000600c HeapSize
0x10006010 GetStringTypeW
0x10006014 GetCurrentThreadId
0x10006018 DecodePointer
0x1000601c GetCommandLineA
0x10006020 EncodePointer
0x10006024 TlsAlloc
0x10006028 TlsGetValue
0x1000602c TlsSetValue
0x10006030 TlsFree
0x10006034 InterlockedIncrement
0x10006038 GetModuleHandleW
0x1000603c SetLastError
0x10006040 GetLastError
0x10006044 InterlockedDecrement
0x10006048 GetProcAddress
0x1000604c HeapFree
0x10006050 Sleep
0x10006054 ExitProcess
0x10006058 SetHandleCount
0x1000605c GetStdHandle
0x10006064 GetFileType
0x10006068 GetStartupInfoW
0x1000606c DeleteCriticalSection
0x10006070 GetModuleFileNameA
0x10006078 WideCharToMultiByte
0x1000607c GetEnvironmentStringsW
0x10006080 HeapCreate
0x10006084 HeapDestroy
0x1000608c GetTickCount
0x10006090 GetCurrentProcessId
0x10006098 LeaveCriticalSection
0x1000609c EnterCriticalSection
0x100060a0 GetCPInfo
0x100060a4 GetACP
0x100060a8 GetOEMCP
0x100060ac IsValidCodePage
0x100060b0 HeapAlloc
0x100060b4 HeapReAlloc
0x100060b8 LoadLibraryW
0x100060c4 IsDebuggerPresent
0x100060c8 TerminateProcess
0x100060cc GetCurrentProcess
0x100060d0 WriteFile
0x100060d4 GetModuleFileNameW
0x100060d8 RtlUnwind
0x100060dc LCMapStringW
0x100060e0 MultiByteToWideChar
Library USER32.dll:
0x100060ec GetForegroundWindow

!This program cannot be run in DOS mode.
&Rich$
`.rdata
@.data
.reloc
j@j ^V
^SSSSS
URPQQh
t"SS9] u
;t$,v-
UQPXY]Y[
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
CorExitProcess
HH:mm:ss
dddd, MMMM dd, yyyy
MM/dd/yy
December
November
October
September
August
February
January
Saturday
Friday
Thursday
Wednesday
Tuesday
Monday
Sunday
 !"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~
GetProcessWindowStation
GetUserObjectInformationW
GetLastActivePopup
GetActiveWindow
MessageBoxW
p&)!C7=;"
%;ro4F
Y<O~N#$
pO~vf+
fDy`AYV
=6GV^z0
rv$o-0
{t aI-
{!C+d8
}!kpB\#
1DkZW(
/xiw{tSes
f]ArVM
eAn<}M
V,)g$B
|Rz$8%l
11m,40EJQ1
b?//_xo
mB~(sd
+Au;Ep
jtL;S4
N#?h&?A
Q$Q<m
,t}%Gc
>/#BU"
0&o!50
|(Va'm
\m#7dj^
Q+f+*
?_MYs6
[`~;FP
jvyGJ{
$F935RB
fd{k^V
1+%HraBDV
fy|<h8@
dqQW%C
&]K+iD
/&^SHn
rN8;k(
B-xB|S
<s7gLVV
*G|6y(
r:w;bE
0@Jza~
KirxcL
mv^d/R
0_r)}G
_2wDO|
k(O)]lSR
\a!JcX&
/WSw|k
T,lMlR{Ef
v;&z[;F:
'bj'P{
A'CW{P
bX7=&0
F/H^:.
a{Z])F
ZWN[E}
`#$>9;K
86m"fz
nFoZrW
{i?K`=
d-%FAEG
N6w2v+
=Hq'<$f
l7m'!,$
(4\M.j
ohj[Xr
=oMCM"o
S|Qo0:
[tn\W>V
s:\z&n>4
"F8$P*
i'wsv|B
@O&xz#VE
}C!72aKp
!RJx`X
u%KokYG
fiS;z0%
(nM=L[
J!mZ#4
#Um}qy
ioA&.|:
0W4(X{1
#@A83g-
6ZmprZ
izR,`8
Q3y+w
i5n1D({
RMA"WN
>}vsU_`
Ql q4+
4Q?8}~
z86@|>;G_^L4
%O7X--!-
GC4u"n
?Z)zN+
GvX /`
hO*0Ze
mk$IzjC
Of/`h~
wi'NrT
[*m9D(|;
oId~6J
<iJ"7\;
*!PZ"\
-P#v0;
V%G_j#
0Mv,3b
0KqH~u0
./9pN:
?"};6ajuV
IVz".]$E
+RR=&T
X]"hk
PhmN^%b
5lM10'
3<AB0y
L@dr#N]
8:89@w
\MAmg"X
).=o[>
H B1W:
Z7+5H q7x
xYc\n]!/
1[O|r
f' "4d
,6)S\h
&K6A_\
Gn<+Rph
P0 g4
nL"lMu
T`]CqHq
qZvF_O
40;DBc>m
7{dEP8y
&IF ?H7
|mJ-5
::XftO
;<By%0/
#iggQS
?E%d|.
Y,_Lf]iRO
kb_N#`
J0#/i9
qoO:/~
mK2<//
||p7}?d
6|-8OD8
LwKQaS=.
* FJ8V
(e^'(;
4[2 D{Rk
*t5\l3
DA:1$m
lPCKOw
=R|lRo
Av7sGs
aO0^*2
Yg9.%U
Tfgk$gOD
lR-;Nl
rabsZK
}&P/]/
2M[a^\
Gl&4S(
,c~zk,wYQX
N`gm.E
yN1mmE
WrUi92b
t~X%5N
Yhp<TRv
C;]|Zc
QKE3%k
/ S'PW
q4w;k{$x{(
Rq`1cB
"8s&@{
@#xbL1
^TEZE[I\
?Hhl{*
^v/d6~
%2g'lq{T
!6SKjH
fw0lW
0qv.zc
>6VH)`
]s[KEi'
1yOSVkt
XBIqdz"
FH>26f
%/3imE
5I-N`Oef
j\{zPDH
s@~XAU
eFnJMMS
0dQIj
VCf`X@
KdxD^B
lI:4Mt
0npF[<
wOFGPF
V*"Zud
8RaTn1"EH 4K
9b?=7B
{3rPlxn
*F9]!f
+S</'I.
_7#e2F[
)P#HJ/w
SM/jD)
5M[:Hoy
h9q-,,
,.+h.X
'"nfR<
VirtualAlloc
GetModuleHandleA
VirtualProtect
KERNEL32.dll
GetForegroundWindow
USER32.dll
GetCurrentThreadId
DecodePointer
GetCommandLineA
EncodePointer
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
GetModuleHandleW
SetLastError
GetLastError
InterlockedDecrement
GetProcAddress
HeapFree
ExitProcess
SetHandleCount
GetStdHandle
InitializeCriticalSectionAndSpinCount
GetFileType
GetStartupInfoW
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapCreate
HeapDestroy
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
LeaveCriticalSection
EnterCriticalSection
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
HeapAlloc
HeapReAlloc
LoadLibraryW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
TerminateProcess
GetCurrentProcess
WriteFile
GetModuleFileNameW
RtlUnwind
LCMapStringW
MultiByteToWideChar
GetStringTypeW
HeapSize
IsProcessorFeaturePresent
hpqhvsei.dll
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
0;0@0J0~0
1 151g1
3?3T3z3
4)515}5
6$6+61696@6E6M6V6b6g6l6r6v6|6
7(7.7F7q7w7
8M8V8b8~8
8+939F9Q9V9h9r9w9
:K:U:{:
:M;s;y;
=J=m=s=
=>)>j>u>
[0l0t0z0
6"6,6>6U6c6i6
; =1=k=x=
>^>i>s>
0%111D1V1q1y1
1 2I2Z2r2
5$5,5s5x5
5>6G6M6
7:8A8N8T8
8D9I9R9a9
<"<*<0<><r<
484J4\4n4
859;9T9
:9:_:}:
< <$<(<,<0<4<8<<<
=)=/=?=D=U=]=c=m=s=}=
50<0B0i0o0u0{0
11/141:1@1V1]1|1
>$>,>4><>D>L>T>\>d>l>t>|>
;$;(;H;T;p;|;
<4<8<X<x<
2 2024282<2@2D2H2L2P2T2X2\2`2d2h2l2p2t2x2|2
283H3X3h3x3
7P:T:X:\:`:d:h:l:p:t:
KERNEL32.DLL
mscoree.dll
HH:mm:ss
dddd, MMMM dd, yyyy
MM/dd/yy
December
November
October
September
August
February
January
Saturday
Friday
Thursday
Wednesday
Tuesday
Monday
Sunday
nruntime error
TLOSS error
SING error
DOMAIN error
- Attempt to use MSIL code from this assembly during native code initialization
This indicates a bug in your application. It is most likely the result of calling an MSIL-compiled (/clr) function from a native constructor or from DllMain.
- not enough space for locale information
- Attempt to initialize the CRT more than once.
This indicates a bug in your application.
- CRT not initialized
- unable to initialize heap
- not enough space for lowio initialization
- not enough space for stdio initialization
- pure virtual function call
- not enough space for _onexit/atexit table
- unable to open console device
- unexpected heap error
- unexpected multithread lock error
- not enough space for thread data
- abort() has been called
- not enough space for environment
- not enough space for arguments
- floating point support not loaded
Microsoft Visual C++ Runtime Library
<program name unknown>
Runtime Error!
Program:
((((( H
h(((( H
H
WUSER32.DLL
No antivirus signatures available.

Process Tree


rundll32.exe, PID: 2848, Parent PID: 2824

default registry file network process services synchronisation iexplore office pdf

Deprecation note: While processing this analysis you did not have the httpreplay Python library installed. Installing this library (i.e., pip install httpreplay) will allow Cuckoo to do more proper PCAP analysis including but not limited to showing full HTTP and HTTPS (!) requests and responses. It is recommended that you install this library and possibly reprocess any interesting analysis tasks.

Hosts

No hosts contacted.

DNS

No domains contacted.

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.128.112 138 192.168.128.255 138

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.
Task ID 1219
Mongo ID 5c56cb2411d30812ab71f36e
Cuckoo release 2.0-dev