File hpqhvind.exe

Size 127.6KB Resubmit sample
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 76a234e9343499c675bf05e6b7c8fb4d
SHA1 4d13b1ab91b766b35dbaca4e6a18eae7a06afb76
SHA256 404c4ab8ea4d0c05ac78038a7addb045861706832ea3a51dec8c39cfc15017d3
SHA512
49961304183f6732fd677ffc1d1d2b6b2a2c4654cb61925d95a0b48803aaa9b88a4ddc7efa01017972137202d6f3a02d689b7d42c39d67d7b0b4ed7b136097cb
CRC32 E6361431
ssdeep 1536:AOqv5AZjumpgRkF6LYFcqWeXPPw0/pjZILDT:yiVumpljjWeXPPw0/pjZM
PDB Path f:\jnks\workspace\K88_Prod_Active_Build\build1315\SxS\src\Release\hpqhvind.pdb
Yara
  • IsPE32 -
  • IsWindowsGUI -
  • HasOverlay - Overlay Check
  • HasDigitalSignature - DigitalSignature Check
  • HasDebugData - DebugData Check
  • HasRichSignature - Rich Signature Check
  • PEiD_00497_dUP_v2_x_Patcher_____www_diablo2oo2_cjb_net_ - [dUP v2.x Patcher --> www.diablo2oo2.cjb.net]
  • PEiD_01070_Microsoft_Visual_C___6_0___8_0_ - [Microsoft Visual C++ 6.0 - 8.0]
  • PEiD_01091_Microsoft_Visual_C___8_ - [Microsoft Visual C++ 8]
  • PEiD_01686_Petite_v2_2____www_un4seen_com_petite_ - [Petite v2.2 -> www.un4seen.com/petite]
  • PEiD_01693_pex_V0_99____params_ - [pex V0.99 -> params]
  • PEiD_02152_StarForce_V3_X_DLL____StarForce_Copy_Protection_System_ - [StarForce V3.X DLL -> StarForce Copy Protection System]
  • PEiD_02161_Stranik_1_3_Modula_C_Pascal_ - [Stranik 1.3 Modula/C/Pascal]
  • PEiD_02191_tElock_0_99___1_0_private____tE__ - [tElock 0.99 - 1.0 private -> tE!]
  • Contains_PE_File - Detect a PE file inside a byte sequence
  • anti_dbg - Checks if being debugged
  • win_files_operation - Affect private profile
  • contentis_base64 - This rule finds for base64 strings
  • VC8_Microsoft_Corporation -
  • Microsoft_Visual_Cpp_8 -
  • maldoc_function_prolog_signature -
  • maldoc_structured_exception_handling -
  • maldoc_suspicious_strings -

Score

This file appears fairly benign with a score of 0.4 out of 10.

Please notice: The scoring system is currently still in development and should be considered an alpha feature.

Information on Execution

Category Started Completed Duration Logs
FILE March 13, 2019, 2:57 p.m. March 13, 2019, 3:01 p.m. 254 seconds

Machine

Name Label Started On Shutdown On
win7x64 win7x64 2019-03-13 14:57:36 2019-03-13 15:01:48

Analyzer Log

2019-03-13 07:57:35,062 [analyzer] DEBUG: Starting analyzer from: C:\rbsthpik
2019-03-13 07:57:35,124 [analyzer] DEBUG: Pipe server name: \\.\PIPE\XCXylOwWTbrJFefBAhgQd
2019-03-13 07:57:35,140 [analyzer] DEBUG: Log pipe server name: \\.\PIPE\IfpldsOtjrRpBpWIbEKMSOXKuTCMLjYS
2019-03-13 07:57:37,526 [analyzer] DEBUG: Started auxiliary module Disguise
2019-03-13 07:57:37,947 [analyzer] DEBUG: Loaded monitor into process with pid 508
2019-03-13 07:57:37,947 [analyzer] DEBUG: Started auxiliary module DumpTLSMasterSecrets
2019-03-13 07:57:37,947 [analyzer] DEBUG: Started auxiliary module Human
2019-03-13 07:57:37,947 [analyzer] DEBUG: Started auxiliary module InstallCertificate
2019-03-13 07:57:37,947 [analyzer] WARNING: Cannot execute auxiliary module Reboot: [Errno 2] No such file or directory: 'C:\\rbsthpik\\reboot.json'
2019-03-13 07:57:38,165 [analyzer] DEBUG: Started auxiliary module RecentFiles
2019-03-13 07:57:38,181 [modules.auxiliary.screenshots] WARNING: Python Image Library is not installed, screenshots are disabled
2019-03-13 07:57:38,181 [analyzer] DEBUG: Started auxiliary module Screenshots
2019-03-13 07:57:38,181 [analyzer] INFO: No process IDs returned by the package, running for the full timeout.
2019-03-13 08:01:40,559 [analyzer] INFO: Analysis timeout hit, terminating analysis.
2019-03-13 08:01:40,559 [analyzer] INFO: Terminating remaining processes before shutdown.
2019-03-13 08:01:40,559 [analyzer] INFO: Analysis completed.

Cuckoo Log

2019-03-13 14:57:36,212 [lib.cuckoo.core.scheduler] INFO: File already exists at "/opt/cuckoo/storage/binaries/404c4ab8ea4d0c05ac78038a7addb045861706832ea3a51dec8c39cfc15017d3"
2019-03-13 14:57:36,226 [lib.cuckoo.core.scheduler] INFO: Task #1657: acquired machine win7x64 (label=win7x64)
2019-03-13 14:57:36,256 [modules.auxiliary.sniffer] INFO: Started sniffer with PID 7263 (interface=eth2, host=192.168.128.109, pcap=/opt/cuckoo/storage/analyses/1657/dump.pcap)
2019-03-13 14:57:39,287 [lib.cuckoo.core.guest] INFO: Starting analysis on guest (id=win7x64, ip=192.168.128.109)
2019-03-13 14:57:56,089 [modules.auxiliary.reboot] ERROR: Reboot analysis is not backwards compatible with the Old Agent, please upgrade your target machine (<Machine('1','win7x64')>) to the New Agent to use the reboot analysis capabilities.
2019-03-13 15:01:47,952 [lib.cuckoo.core.guest] INFO: win7x64: analysis completed successfully
2019-03-13 15:01:50,676 [lib.cuckoo.core.plugins] WARNING: The processing module "Suricata" returned the following error: Unable to locate Suricata binary
2019-03-13 15:01:52,110 [elasticsearch] WARNING: HEAD http://127.0.0.1:9200/_template/cuckoo_template [status:N/A request:0.000s]
Traceback (most recent call last):
  File "/usr/local/lib/python2.7/dist-packages/elasticsearch/connection/http_urllib3.py", line 94, in perform_request
    response = self.pool.urlopen(method, url, body, retries=False, headers=self.headers, **kw)
  File "/usr/local/lib/python2.7/dist-packages/urllib3/connectionpool.py", line 643, in urlopen
    _stacktrace=sys.exc_info()[2])
  File "/usr/local/lib/python2.7/dist-packages/urllib3/util/retry.py", line 251, in increment
    raise six.reraise(type(error), error, _stacktrace)
  File "/usr/local/lib/python2.7/dist-packages/urllib3/connectionpool.py", line 594, in urlopen
    chunked=chunked)
  File "/usr/local/lib/python2.7/dist-packages/urllib3/connectionpool.py", line 361, in _make_request
    conn.request(method, url, **httplib_request_kw)
  File "/usr/lib/python2.7/httplib.py", line 1017, in request
    self._send_request(method, url, body, headers)
  File "/usr/lib/python2.7/httplib.py", line 1051, in _send_request
    self.endheaders(body)
  File "/usr/lib/python2.7/httplib.py", line 1013, in endheaders
    self._send_output(message_body)
  File "/usr/lib/python2.7/httplib.py", line 864, in _send_output
    self.send(msg)
  File "/usr/lib/python2.7/httplib.py", line 826, in send
    self.connect()
  File "/usr/local/lib/python2.7/dist-packages/urllib3/connection.py", line 163, in connect
    conn = self._new_conn()
  File "/usr/local/lib/python2.7/dist-packages/urllib3/connection.py", line 147, in _new_conn
    self, "Failed to establish a new connection: %s" % e)
NewConnectionError: <urllib3.connection.HTTPConnection object at 0x7f937f861410>: Failed to establish a new connection: [Errno 111] Connection refused
2019-03-13 15:01:52,116 [elasticsearch] WARNING: HEAD http://127.0.0.1:9200/_template/cuckoo_template [status:N/A request:0.000s]
Traceback (most recent call last):
  File "/usr/local/lib/python2.7/dist-packages/elasticsearch/connection/http_urllib3.py", line 94, in perform_request
    response = self.pool.urlopen(method, url, body, retries=False, headers=self.headers, **kw)
  File "/usr/local/lib/python2.7/dist-packages/urllib3/connectionpool.py", line 643, in urlopen
    _stacktrace=sys.exc_info()[2])
  File "/usr/local/lib/python2.7/dist-packages/urllib3/util/retry.py", line 251, in increment
    raise six.reraise(type(error), error, _stacktrace)
  File "/usr/local/lib/python2.7/dist-packages/urllib3/connectionpool.py", line 594, in urlopen
    chunked=chunked)
  File "/usr/local/lib/python2.7/dist-packages/urllib3/connectionpool.py", line 361, in _make_request
    conn.request(method, url, **httplib_request_kw)
  File "/usr/lib/python2.7/httplib.py", line 1017, in request
    self._send_request(method, url, body, headers)
  File "/usr/lib/python2.7/httplib.py", line 1051, in _send_request
    self.endheaders(body)
  File "/usr/lib/python2.7/httplib.py", line 1013, in endheaders
    self._send_output(message_body)
  File "/usr/lib/python2.7/httplib.py", line 864, in _send_output
    self.send(msg)
  File "/usr/lib/python2.7/httplib.py", line 826, in send
    self.connect()
  File "/usr/local/lib/python2.7/dist-packages/urllib3/connection.py", line 163, in connect
    conn = self._new_conn()
  File "/usr/local/lib/python2.7/dist-packages/urllib3/connection.py", line 147, in _new_conn
    self, "Failed to establish a new connection: %s" % e)
NewConnectionError: <urllib3.connection.HTTPConnection object at 0x7f937f861550>: Failed to establish a new connection: [Errno 111] Connection refused
2019-03-13 15:01:52,117 [elasticsearch] WARNING: HEAD http://127.0.0.1:9200/_template/cuckoo_template [status:N/A request:0.000s]
Traceback (most recent call last):
  File "/usr/local/lib/python2.7/dist-packages/elasticsearch/connection/http_urllib3.py", line 94, in perform_request
    response = self.pool.urlopen(method, url, body, retries=False, headers=self.headers, **kw)
  File "/usr/local/lib/python2.7/dist-packages/urllib3/connectionpool.py", line 643, in urlopen
    _stacktrace=sys.exc_info()[2])
  File "/usr/local/lib/python2.7/dist-packages/urllib3/util/retry.py", line 251, in increment
    raise six.reraise(type(error), error, _stacktrace)
  File "/usr/local/lib/python2.7/dist-packages/urllib3/connectionpool.py", line 594, in urlopen
    chunked=chunked)
  File "/usr/local/lib/python2.7/dist-packages/urllib3/connectionpool.py", line 361, in _make_request
    conn.request(method, url, **httplib_request_kw)
  File "/usr/lib/python2.7/httplib.py", line 1017, in request
    self._send_request(method, url, body, headers)
  File "/usr/lib/python2.7/httplib.py", line 1051, in _send_request
    self.endheaders(body)
  File "/usr/lib/python2.7/httplib.py", line 1013, in endheaders
    self._send_output(message_body)
  File "/usr/lib/python2.7/httplib.py", line 864, in _send_output
    self.send(msg)
  File "/usr/lib/python2.7/httplib.py", line 826, in send
    self.connect()
  File "/usr/local/lib/python2.7/dist-packages/urllib3/connection.py", line 163, in connect
    conn = self._new_conn()
  File "/usr/local/lib/python2.7/dist-packages/urllib3/connection.py", line 147, in _new_conn
    self, "Failed to establish a new connection: %s" % e)
NewConnectionError: <urllib3.connection.HTTPConnection object at 0x7f937f861b10>: Failed to establish a new connection: [Errno 111] Connection refused
2019-03-13 15:01:52,123 [elasticsearch] WARNING: HEAD http://127.0.0.1:9200/_template/cuckoo_template [status:N/A request:0.000s]
Traceback (most recent call last):
  File "/usr/local/lib/python2.7/dist-packages/elasticsearch/connection/http_urllib3.py", line 94, in perform_request
    response = self.pool.urlopen(method, url, body, retries=False, headers=self.headers, **kw)
  File "/usr/local/lib/python2.7/dist-packages/urllib3/connectionpool.py", line 643, in urlopen
    _stacktrace=sys.exc_info()[2])
  File "/usr/local/lib/python2.7/dist-packages/urllib3/util/retry.py", line 251, in increment
    raise six.reraise(type(error), error, _stacktrace)
  File "/usr/local/lib/python2.7/dist-packages/urllib3/connectionpool.py", line 594, in urlopen
    chunked=chunked)
  File "/usr/local/lib/python2.7/dist-packages/urllib3/connectionpool.py", line 361, in _make_request
    conn.request(method, url, **httplib_request_kw)
  File "/usr/lib/python2.7/httplib.py", line 1017, in request
    self._send_request(method, url, body, headers)
  File "/usr/lib/python2.7/httplib.py", line 1051, in _send_request
    self.endheaders(body)
  File "/usr/lib/python2.7/httplib.py", line 1013, in endheaders
    self._send_output(message_body)
  File "/usr/lib/python2.7/httplib.py", line 864, in _send_output
    self.send(msg)
  File "/usr/lib/python2.7/httplib.py", line 826, in send
    self.connect()
  File "/usr/local/lib/python2.7/dist-packages/urllib3/connection.py", line 163, in connect
    conn = self._new_conn()
  File "/usr/local/lib/python2.7/dist-packages/urllib3/connection.py", line 147, in _new_conn
    self, "Failed to establish a new connection: %s" % e)
NewConnectionError: <urllib3.connection.HTTPConnection object at 0x7f937f861d50>: Failed to establish a new connection: [Errno 111] Connection refused
2019-03-13 15:01:52,123 [lib.cuckoo.core.plugins] ERROR: Failed to run the reporting module "ElasticSearch":
Traceback (most recent call last):
  File "/opt/cuckoo/lib/cuckoo/core/plugins.py", line 533, in process
    current.run(self.results)
  File "/opt/cuckoo/modules/reporting/elasticsearch.py", line 196, in run
    self.connect()
  File "/opt/cuckoo/modules/reporting/elasticsearch.py", line 79, in connect
    if not self.es.indices.exists_template("cuckoo_template"):
  File "/usr/local/lib/python2.7/dist-packages/elasticsearch/client/utils.py", line 69, in _wrapped
    return func(*args, params=params, **kwargs)
  File "/usr/local/lib/python2.7/dist-packages/elasticsearch/client/indices.py", line 491, in exists_template
    name), params=params)
  File "/usr/local/lib/python2.7/dist-packages/elasticsearch/transport.py", line 327, in perform_request
    status, headers, data = connection.perform_request(method, url, params, body, ignore=ignore, timeout=timeout)
  File "/usr/local/lib/python2.7/dist-packages/elasticsearch/connection/http_urllib3.py", line 105, in perform_request
    raise ConnectionError('N/A', str(e), e)
ConnectionError: ConnectionError(<urllib3.connection.HTTPConnection object at 0x7f937f861d50>: Failed to establish a new connection: [Errno 111] Connection refused) caused by: NewConnectionError(<urllib3.connection.HTTPConnection object at 0x7f937f861d50>: Failed to establish a new connection: [Errno 111] Connection refused)

Signatures

This executable is signed
This executable has a PDB path (1 event)
pdb_path f:\jnks\workspace\K88_Prod_Active_Build\build1315\SxS\src\Release\hpqhvind.pdb

Screenshots

No screenshots available.

Network

DNS

No domains contacted.

Hosts

No hosts contacted.

Summary

PE Compile Time

2012-10-17 07:09:31

PDB Path

f:\jnks\workspace\K88_Prod_Active_Build\build1315\SxS\src\Release\hpqhvind.pdb

Signing Certificate

MD5 8b294788dee6034a1868986ea961c0fa
SHA1 d999cf188832eccae7cd8beaa78709674b3b1195
Serial Number 44239c2187efae7ba9f3cd89c4fe9d84
Common Name Hewlett Packard
Country US
Locality San Diego

Version Infos

Translation 0x0409 0x04e4
LegalCopyright Copyright (C) Hewlett-Packard Co. 2011
InternalName HelpContentIndexer
FileVersion 28.0.1315.0
CompanyName Hewlett-Packard Co.
ProductFileFlags 1
LegalTrademarks
Comments HelpContentIndexer
ProductName HP Digital Imaging
ProductFamily HP Digital Imaging
ProductVersion 028.000.1315.000
FileDescription HelpContentIndexer
OriginalFilename hpqhvind.exe
Translation 0x0409 0x04e4

Sections

Name Virtual Address Virtual Size Size of Raw Data Entropy
.text 0x00001000 0x0000b543 0x0000b600 6.52394258361
.rdata 0x0000d000 0x000039c6 0x00003a00 4.90703482949
.data 0x00011000 0x00002e4c 0x00001000 2.38206434751
.rsrc 0x00014000 0x0000c51c 0x0000c600 4.36423679853
.reloc 0x00021000 0x000017e6 0x00001800 4.07210323488

Imports

Library KERNEL32.dll:
0x40d000 FindFirstFileW
0x40d004 GetCommandLineW
0x40d008 LoadLibraryW
0x40d00c FreeLibrary
0x40d010 SizeofResource
0x40d014 LockResource
0x40d018 LoadResource
0x40d01c FindResourceW
0x40d020 FindResourceExW
0x40d024 GetProcAddress
0x40d028 GetSystemTime
0x40d02c FindNextFileW
0x40d030 CreateFileW
0x40d034 GetFileSize
0x40d038 CloseHandle
0x40d03c ReadFile
0x40d040 MultiByteToWideChar
0x40d044 WriteConsoleW
0x40d048 SetFilePointer
0x40d04c FlushFileBuffers
0x40d050 GetConsoleMode
0x40d054 GetConsoleCP
0x40d058 HeapDestroy
0x40d05c HeapAlloc
0x40d060 HeapFree
0x40d064 HeapReAlloc
0x40d068 HeapSize
0x40d06c GetProcessHeap
0x40d070 RaiseException
0x40d07c GetLastError
0x40d088 HeapSetInformation
0x40d08c GetStartupInfoW
0x40d090 EncodePointer
0x40d094 DecodePointer
0x40d098 TerminateProcess
0x40d09c GetCurrentProcess
0x40d0a8 IsDebuggerPresent
0x40d0ac GetCPInfo
0x40d0b8 GetACP
0x40d0bc GetOEMCP
0x40d0c0 IsValidCodePage
0x40d0c4 TlsAlloc
0x40d0c8 TlsGetValue
0x40d0cc TlsSetValue
0x40d0d0 TlsFree
0x40d0d4 GetModuleHandleW
0x40d0d8 SetLastError
0x40d0dc GetCurrentThreadId
0x40d0e0 LCMapStringW
0x40d0e4 GetStringTypeW
0x40d0e8 ExitProcess
0x40d0ec WriteFile
0x40d0f0 GetStdHandle
0x40d0f4 GetModuleFileNameW
0x40d0f8 HeapCreate
0x40d104 SetHandleCount
0x40d108 GetFileType
0x40d110 GetTickCount
0x40d114 GetCurrentProcessId
0x40d11c Sleep
0x40d124 RtlUnwind
0x40d128 WideCharToMultiByte
0x40d12c SetStdHandle
Library ole32.dll:
0x40d13c CoUninitialize
0x40d140 CoInitialize
0x40d144 CoCreateInstance
Library OLEAUT32.dll:
0x40d134 None

!This program cannot be run in DOS mode.
`.rdata
@.data
@.reloc
L$D_^[3
HHt$HHt
?If90t
^SSSSS
QQSVWh
j@j ^V
URPQQh
t"SS9] u
PPPPPPPP
PPPPPPPP
;t$,v-
UQPXY]Y[
QQSVWd
t=MOC
HtHu4j
t*=RCC
;7|G;p
tR99u2
&7%D,3
Unknown exception
bad allocation
HH:mm:ss
dddd, MMMM dd, yyyy
MM/dd/yy
December
November
October
September
August
February
January
Saturday
Friday
Thursday
Wednesday
Tuesday
Monday
Sunday
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
(null)
`h````
xpxxxx
CorExitProcess
Complete Object Locator'
Class Hierarchy Descriptor'
Base Class Array'
Base Class Descriptor at (
Type Descriptor'
`local static thread guard'
`managed vector copy constructor iterator'
`vector vbase copy constructor iterator'
`vector copy constructor iterator'
`dynamic atexit destructor for '
`dynamic initializer for '
`eh vector vbase copy constructor iterator'
`eh vector copy constructor iterator'
`managed vector destructor iterator'
`managed vector constructor iterator'
`placement delete[] closure'
`placement delete closure'
`omni callsig'
delete[]
new[]
`local vftable constructor closure'
`local vftable'
`udt returning'
`copy constructor closure'
`eh vector vbase constructor iterator'
`eh vector destructor iterator'
`eh vector constructor iterator'
`virtual displacement map'
`vector vbase constructor iterator'
`vector destructor iterator'
`vector constructor iterator'
`scalar deleting destructor'
`default constructor closure'
`vector deleting destructor'
`vbase destructor'
`string'
`local static guard'
`typeof'
`vcall'
`vbtable'
`vftable'
operator
delete
__unaligned
__restrict
__ptr64
__eabi
__clrcall
__fastcall
__thiscall
__stdcall
__pascal
__cdecl
__based(
 !"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~
`h`hhh
xppwpp
GetProcessWindowStation
GetUserObjectInformationW
GetLastActivePopup
GetActiveWindow
MessageBoxW
vector<T> too long
map/set<T> too long
GetIndexWriter
IndexDocument
Indexing Help Content Pages, Started at %d:%d:%d:%d ms (UTC)
Number of help page indexed:%d, Finished at %d:%d:%d:%d ms (UTC)
CloseIndexWriter
bad exception
f:\jnks\workspace\K88_Prod_Active_Build\build1315\SxS\src\Release\hpqhvind.pdb
FindFirstFileW
GetCommandLineW
LoadLibraryW
FreeLibrary
SizeofResource
LockResource
LoadResource
FindResourceW
FindResourceExW
GetProcAddress
GetSystemTime
FindNextFileW
CreateFileW
GetFileSize
CloseHandle
ReadFile
MultiByteToWideChar
KERNEL32.dll
CoInitialize
CoUninitialize
CoCreateInstance
ole32.dll
OLEAUT32.dll
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
RaiseException
EnterCriticalSection
LeaveCriticalSection
GetLastError
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
HeapSetInformation
GetStartupInfoW
EncodePointer
DecodePointer
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleW
SetLastError
GetCurrentThreadId
LCMapStringW
GetStringTypeW
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameW
HeapCreate
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
IsProcessorFeaturePresent
RtlUnwind
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
FlushFileBuffers
SetFilePointer
WriteConsoleW
SetStdHandle
.?AVlogic_error@std@@
.?AVlength_error@std@@
.?AVtype_info@@
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
.?AVexception@std@@
.?AVbad_alloc@std@@
.?AVCAtlException@ATL@@
.?AVbad_exception@std@@
wwwwwwwwwwwwwwwpx
pxwwwwwwwwwwwwwxpx
pxDDDDDDDDD@
pxDDDDDDDDDH
pxDDDDDDDDDH
pxDDDDDDDDDDDDDDpx
pwwwwwwwwwwwwwwwp
wwwwwwwpx
pxwwwwwwpxDDD
pxDDDDDDpx
pwwwwwwww
63[4]5mm]5\]m]mm5\mm5555555\\\5\\\5m\55\\5ed:
cOXY/P.Z0.0.QR00/ZPP0000000/0PPZR.BI@/DE0,
WkV21TSav^8{
}>qooggggggg1`_fhsnHK
Nw~ytMMMMMMUbbrrrrrxxxxxxxxrriUMMMMMMMMMUuzt
I3')+*+)))*))()*+++,6J!54 CBA
jYPQTVTSkllZTTXRTUiHceWda/
}zy|yx~
{|yvrrwsqpon
PPPPPPPPPPPPPPPPPKMNNNNNNNNNNOLO
JHHGGGGGGGGHI
JEEEEEEEEEEFC
JEEEEEEEEEEFC
JEEEEEEEEEEFD
JEFEEEEEEEEEB
O%JEEEEEEEEEFFB
JJIIIIJIIIIJJ
O(@>=77A779?<8;$O'
)O6530./21+*-,4#4PPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPP
wwwwwwwwwwwwwwwpx
pxwwwwwwwwwwwwwxpx
pxDDDDDDDDD@
pxDDDDDDDDDH
pxDDDDDDDDDH
pxDDDDDDDDDDDDDDpx
pwwwwwwwwwwwwwwwp
wwwwwwwpx
pxwwwwwwpxDDD
pxDDDDDDpx
pwwwwwwww
63[4]5mm]5\]m]mm5\mm5555555\\\5\\\5m\55\\5ed:
cOXY/P.Z0.0.QR00/ZPP0000000/0PPZR.BI@/DE0,
WkV21TSav^8{
}>qooggggggg1`_fhsnHK
Nw~ytMMMMMMUbbrrrrrxxxxxxxxrriUMMMMMMMMMUuzt
I3')+*+)))*))()*+++,6J!54 CBA
jYPQTVTSkllZTTXRTUiHceWda/
}zy|yx~
{|yvrrwsqpon
PPPPPPPPPPPPPPPPPKMNNNNNNNNNNOLO
JHHGGGGGGGGHI
JEEEEEEEEEEFC
JEEEEEEEEEEFC
JEEEEEEEEEEFD
JEFEEEEEEEEEB
O%JEEEEEEEEEFFB
JJIIIIJIIIIJJ
O(@>=77A779?<8;$O'
)O6530./21+*-,4#4PPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPP
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
<security>
<requestedPrivileges>
<requestedExecutionLevel level="asInvoker" uiAccess="false"></requestedExecutionLevel>
</requestedPrivileges>
</security>
</trustInfo>
</assembly>PAPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADD
060@0^0
2$222D2V2[2r2
5Y6f6k6t8t9
13375|6
1O2W2a2h2
8A8L8h8
0#0?0n0t0
1 2%2/2
2o3t3}3
5%5,535:5A5I5Q5Y5e5n5s5y5
7<7T7[7c7h7l7p7
8J8P8T8X8\8
9J:\:<;F;S;
<'<:<i<
0'050>0H0|0
0"1W1j1
2C3O3b3t3
4>4g4x4
6,7F7W7
8#8/858B8L8R8\8~8
8)9/959K9c9
:&:0:h:p:
;';3;8;=;C;G;M;R;X;];l;
>?>]>d>h>l>p>t>x>|>
>B?M?h?o?t?x?|?
0f0l0p0t0x0
1!101<1I1m1
4.5=5X5m8c9
0b0<1D1\1w1
3%3?3J3R3b3h3y3
4C5[5e5
657;7E7
;!<(<=<y<
<:=A=V=
>,>\>n>
?*?M?Z?f?n?v?
"0+070p0y0
242G2W3^3h3z3
5!5,6[6
8C9.=@=R=d=v=
>,>>>P>b>t>S?t?}?
3g3m3s3
486=6O6m6
6;7F7L7q7w7|7
7-828l8q8x8}8
::%:/:5:?:H:S:X:a:k:v:
9%:/:G:p:
><>G>u>
:1=a=k=v=
1@1[1~1
5 5&51555:5
P1T1X1d1h1l1p1t1
2 2$2(2,20242h2l2p2t2x2|2
40<0D0L0T0\0d0l0t0|0
8 8$8(8,8084888<8@8D8H8L8P8T8X8\8`8d8h8l8p8t8x8|8
9 9$9(9,9094989<9@9D9H9L9P9T9X9\9`9
6 6$64686H6L6T6l6|6
8 8<8@8`8
9(949P9p9
:8:X:x:
;0;8;<;D;L;T;p;
<$<<<P<\<d<
= =4=@=H=x=
>(>4>T>`>
?8?@?X?l?x?
0$0,040<0D0L0T0\0h0
1$1,1X1`1d1|1
2 2<2@2H2P2X2\2d2x2
0<0\0(6(7,7074787<7@7D7H7L7P7T7X7\7`7d7h7l7p7t7x7|7
8 8$8(8,8084888<8@8D8H8L8P8T8X8\8`8d8h8l8p8t8x8|8
9(9L9X9\9`9d9h9
> >$>T>p>
VeriSign, Inc.1+0)
"VeriSign Time Stamping Services CA0
120501000000Z
121231235959Z0b1
Symantec Corporation1402
+Symantec Time Stamping Services Signer - G30
3nfZ^R7
"http://crl.verisign.com/tss-ca.crl0
http://ocsp.verisign.com0
TSA1-30
Western Cape1
Durbanville1
Thawte1
Thawte Certification10
Thawte Timestamping CA0
031204000000Z
131203235959Z0S1
VeriSign, Inc.1+0)
"VeriSign Time Stamping Services CA0
http://ocsp.verisign.com0
0http://crl.verisign.com/ThawteTimestampingCA.crl0
TSA2048-1-530
?7!Op1
VeriSign, Inc.1705
.Class 3 Public Primary Certification Authority0
061108000000Z
211107235959Z0
VeriSign, Inc.10
VeriSign Trust Network1:08
1(c) 2006 VeriSign, Inc. - For authorized use only1E0C
<VeriSign Class 3 Public Primary Certification Authority - G50
http://crl.verisign.com/pca3.crl0
https://www.verisign.com/cps0
[0Y0W0U
image/gif0!00
#http://logo.verisign.com/vslogo.gif04
http://ocsp.verisign.com0>
VeriSign, Inc.10
VeriSign Trust Network1;09
2Terms of use at https://www.verisign.com/rpa (c)101.0,
%VeriSign Class 3 Code Signing 2010 CA0
120827000000Z
150903235959Z0
California1
San Diego1
Hewlett Packard1>0<
5Digital ID Class 3 - Microsoft Software Validation v21#0!
Desktop Consumer Solutions1
Hewlett Packard0
/http://csc3-2010-crl.verisign.com/CSC3-2010.crl0D
https://www.verisign.com/rpa0
http://ocsp.verisign.com0;
/http://csc3-2010-aia.verisign.com/CSC3-2010.cer0
VeriSign, Inc.10
VeriSign Trust Network1:08
1(c) 2006 VeriSign, Inc. - For authorized use only1E0C
<VeriSign Class 3 Public Primary Certification Authority - G50
100208000000Z
200207235959Z0
VeriSign, Inc.10
VeriSign Trust Network1;09
2Terms of use at https://www.verisign.com/rpa (c)101.0,
%VeriSign Class 3 Code Signing 2010 CA0
https://www.verisign.com/cps0*
https://www.verisign.com/rpa0
[0Y0W0U
image/gif0!00
#http://logo.verisign.com/vslogo.gif04
#http://crl.verisign.com/pca3-g5.crl04
http://ocsp.verisign.com0
VeriSignMPKI-2-80
VeriSign, Inc.10
VeriSign Trust Network1;09
2Terms of use at https://www.verisign.com/rpa (c)101.0,
%VeriSign Class 3 Code Signing 2010 CA
VeriSign, Inc.1+0)
"VeriSign Time Stamping Services CA
121017110931Z0#
ZL@S6]
AHH:mm:ss
dddd, MMMM dd, yyyy
MM/dd/yy
December
November
October
September
August
February
January
Saturday
Friday
Thursday
Wednesday
Tuesday
Monday
Sunday
nKERNEL32.DLL
(null)
mscoree.dll
runtime error
TLOSS error
SING error
DOMAIN error
- Attempt to use MSIL code from this assembly during native code initialization
This indicates a bug in your application. It is most likely the result of calling an MSIL-compiled (/clr) function from a native constructor or from DllMain.
- not enough space for locale information
- Attempt to initialize the CRT more than once.
This indicates a bug in your application.
- CRT not initialized
- unable to initialize heap
- not enough space for lowio initialization
- not enough space for stdio initialization
- pure virtual function call
- not enough space for _onexit/atexit table
- unable to open console device
- unexpected heap error
- unexpected multithread lock error
- not enough space for thread data
- abort() has been called
- not enough space for environment
- not enough space for arguments
- floating point support not loaded
@Microsoft Visual C++ Runtime Library
<program name unknown>
Runtime Error!
Program:
((((( H
h(((( H
H
WUSER32.DLL
CONOUT$
hpqhvsei.dll
/cmd-end-indicator
/product-class=
/lang=
/help-content-path=
/local-search-index-path=
/cmd-end-indicator
HelpPageURL
iE&xit
h&About ...
About HelpContentIndexer
MS Shell Dlg
HelpContentIndexer, Version 1.0
Copyright (C) 2008
HelpContentIndexer
HELPCONTENTINDEXER
VS_VERSION_INFO
VarFileInfo
Translation
StringFileInfo
040904E4
Comments
HelpContentIndexer
OriginalFilename
hpqhvind.exe
InternalName
HelpContentIndexer
CompanyName
Hewlett-Packard Co.
LegalCopyright
Copyright (C) Hewlett-Packard Co. 2011
LegalTrademarks
FileDescription
HelpContentIndexer
FileVersion
28.0.1315.0
ProductName
HP Digital Imaging
ProductVersion
028.000.1315.000
ProductFamily
HP Digital Imaging
ProductFileFlags
VarFileInfo
Translation
<<<Obsolete>>
Antivirus Signature
Bkav Clean
MicroWorld-eScan Clean
CMC Clean
CAT-QuickHeal Clean
McAfee Clean
Cylance Clean
VIPRE Clean
SUPERAntiSpyware Clean
TheHacker Clean
K7GW Clean
K7AntiVirus Clean
Arcabit Clean
TrendMicro Clean
Baidu Clean
NANO-Antivirus Clean
F-Prot Clean
Symantec Clean
TotalDefense Clean
TrendMicro-HouseCall Clean
Paloalto Clean
ClamAV Clean
Kaspersky Clean
BitDefender Clean
Babable Clean
AegisLab Clean
Rising Clean
Ad-Aware Clean
Emsisoft Clean
Comodo Clean
F-Secure Clean
DrWeb Clean
Zillya Clean
Invincea Clean
McAfee-GW-Edition Clean
Fortinet Clean
Sophos Clean
Ikarus Clean
Cyren Clean
Jiangmin Clean
Webroot Clean
Avira Clean
MAX Clean
Antiy-AVL Clean
Kingsoft Clean
Endgame Clean
Microsoft Clean
ViRobot Clean
ZoneAlarm Clean
Avast-Mobile Clean
AhnLab-V3 Clean
ALYac Clean
AVware Clean
TACHYON Clean
VBA32 Clean
Malwarebytes Clean
Panda Clean
Zoner Clean
ESET-NOD32 Clean
Tencent Clean
Yandex Clean
SentinelOne Clean
eGambit Clean
GData Clean
AVG Clean
Cybereason Clean
Avast Clean
CrowdStrike Clean
Qihoo-360 Clean

Process Tree


Deprecation note: While processing this analysis you did not have the httpreplay Python library installed. Installing this library (i.e., pip install httpreplay) will allow Cuckoo to do more proper PCAP analysis including but not limited to showing full HTTP and HTTPS (!) requests and responses. It is recommended that you install this library and possibly reprocess any interesting analysis tasks.

Hosts

No hosts contacted.

DNS

No domains contacted.

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.128.109 138 192.168.128.255 138

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.
Task ID 1657
Mongo ID 5c8953a011d30812ab721782
Cuckoo release 2.0-dev