File hpqhvsei.dll

Size 173.0KB Resubmit sample
Type PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5 7af224232a7e915b9867848d7793e982
SHA1 c62fcbd3bcbcad96300f3a2b34eee8b45f531743
SHA256 13e8c4cf7a4ff19cf73cd5a69d0f0f209c37e61335d6d5b7da28507ff73cec8c
SHA512
abfc757bbfb2f3b75a9ee05f23bf2106559e56069ccc5c26c3503f7af7323932b69e7b9bb304d59c2615a648c2a93ae84df4b5859d1ce4d771bfb80c192eaed3
CRC32 8F17CFC7
ssdeep 3072:8cHKZ0mxv2ngNDd2E9YXlJnCACab2r5lluyzxbhxpg/0Rkg5loJjKzF:Dtmx+ngNDd2EPu2X0yzNhxpgMOPJja
Yara
  • IsPE32 -
  • IsDLL -
  • IsWindowsGUI -
  • IsPacked - Entropy Check
  • HasRichSignature - Rich Signature Check
  • PEiD_00497_dUP_v2_x_Patcher_____www_diablo2oo2_cjb_net_ - [dUP v2.x Patcher --> www.diablo2oo2.cjb.net]
  • PEiD_01091_Microsoft_Visual_C___8_ - [Microsoft Visual C++ 8]
  • PEiD_01686_Petite_v2_2____www_un4seen_com_petite_ - [Petite v2.2 -> www.un4seen.com/petite]
  • PEiD_01693_pex_V0_99____params_ - [pex V0.99 -> params]
  • PEiD_02152_StarForce_V3_X_DLL____StarForce_Copy_Protection_System_ - [StarForce V3.X DLL -> StarForce Copy Protection System]
  • Contains_PE_File - Detect a PE file inside a byte sequence
  • anti_dbg - Checks if being debugged
  • contentis_base64 - This rule finds for base64 strings
  • Visual_Cpp_2005_DLL_Microsoft -
  • Visual_Cpp_2003_DLL_Microsoft -
  • maldoc_function_prolog_signature -
  • maldoc_structured_exception_handling -
  • maldoc_suspicious_strings -

Score

This file appears fairly benign with a score of 0.8 out of 10.

Please notice: The scoring system is currently still in development and should be considered an alpha feature.

Information on Execution

Category Started Completed Duration Logs
FILE March 13, 2019, 4:15 p.m. March 13, 2019, 4:19 p.m. 253 seconds

Machine

Name Label Started On Shutdown On
win7x64 win7x64 2019-03-13 16:15:41 2019-03-13 16:19:53

Analyzer Log

2019-03-13 09:15:40,078 [analyzer] DEBUG: Starting analyzer from: C:\dluyotb
2019-03-13 09:15:40,092 [analyzer] DEBUG: Pipe server name: \\.\PIPE\znznNHcnMmLiWRddIVizqxrEvXLhF
2019-03-13 09:15:40,092 [analyzer] DEBUG: Log pipe server name: \\.\PIPE\jwohqyVeqFGconmONAsRkNX
2019-03-13 09:15:42,246 [analyzer] DEBUG: Started auxiliary module Disguise
2019-03-13 09:15:42,573 [analyzer] DEBUG: Loaded monitor into process with pid 508
2019-03-13 09:15:42,573 [analyzer] DEBUG: Started auxiliary module DumpTLSMasterSecrets
2019-03-13 09:15:42,573 [analyzer] DEBUG: Started auxiliary module Human
2019-03-13 09:15:42,573 [analyzer] DEBUG: Started auxiliary module InstallCertificate
2019-03-13 09:15:42,573 [analyzer] WARNING: Cannot execute auxiliary module Reboot: [Errno 2] No such file or directory: 'C:\\dluyotb\\reboot.json'
2019-03-13 09:15:42,885 [analyzer] DEBUG: Started auxiliary module RecentFiles
2019-03-13 09:15:42,885 [modules.auxiliary.screenshots] WARNING: Python Image Library is not installed, screenshots are disabled
2019-03-13 09:15:42,885 [analyzer] DEBUG: Started auxiliary module Screenshots
2019-03-13 09:15:42,885 [analyzer] INFO: No process IDs returned by the package, running for the full timeout.
2019-03-13 09:19:45,263 [analyzer] INFO: Analysis timeout hit, terminating analysis.
2019-03-13 09:19:45,263 [analyzer] INFO: Terminating remaining processes before shutdown.
2019-03-13 09:19:45,263 [analyzer] INFO: Analysis completed.

Cuckoo Log

2019-03-13 16:15:40,957 [lib.cuckoo.core.scheduler] INFO: File already exists at "/opt/cuckoo/storage/binaries/13e8c4cf7a4ff19cf73cd5a69d0f0f209c37e61335d6d5b7da28507ff73cec8c"
2019-03-13 16:15:40,971 [lib.cuckoo.core.scheduler] INFO: Task #1660: acquired machine win7x64 (label=win7x64)
2019-03-13 16:15:40,998 [modules.auxiliary.sniffer] INFO: Started sniffer with PID 7470 (interface=eth2, host=192.168.128.109, pcap=/opt/cuckoo/storage/analyses/1660/dump.pcap)
2019-03-13 16:15:43,678 [lib.cuckoo.core.guest] INFO: Starting analysis on guest (id=win7x64, ip=192.168.128.109)
2019-03-13 16:16:00,651 [modules.auxiliary.reboot] ERROR: Reboot analysis is not backwards compatible with the Old Agent, please upgrade your target machine (<Machine('1','win7x64')>) to the New Agent to use the reboot analysis capabilities.
2019-03-13 16:19:52,600 [lib.cuckoo.core.guest] INFO: win7x64: analysis completed successfully
2019-03-13 16:19:55,198 [lib.cuckoo.core.plugins] WARNING: The processing module "Suricata" returned the following error: Unable to locate Suricata binary
2019-03-13 16:19:56,353 [elasticsearch] WARNING: HEAD http://127.0.0.1:9200/_template/cuckoo_template [status:N/A request:0.000s]
Traceback (most recent call last):
  File "/usr/local/lib/python2.7/dist-packages/elasticsearch/connection/http_urllib3.py", line 94, in perform_request
    response = self.pool.urlopen(method, url, body, retries=False, headers=self.headers, **kw)
  File "/usr/local/lib/python2.7/dist-packages/urllib3/connectionpool.py", line 643, in urlopen
    _stacktrace=sys.exc_info()[2])
  File "/usr/local/lib/python2.7/dist-packages/urllib3/util/retry.py", line 251, in increment
    raise six.reraise(type(error), error, _stacktrace)
  File "/usr/local/lib/python2.7/dist-packages/urllib3/connectionpool.py", line 594, in urlopen
    chunked=chunked)
  File "/usr/local/lib/python2.7/dist-packages/urllib3/connectionpool.py", line 361, in _make_request
    conn.request(method, url, **httplib_request_kw)
  File "/usr/lib/python2.7/httplib.py", line 1017, in request
    self._send_request(method, url, body, headers)
  File "/usr/lib/python2.7/httplib.py", line 1051, in _send_request
    self.endheaders(body)
  File "/usr/lib/python2.7/httplib.py", line 1013, in endheaders
    self._send_output(message_body)
  File "/usr/lib/python2.7/httplib.py", line 864, in _send_output
    self.send(msg)
  File "/usr/lib/python2.7/httplib.py", line 826, in send
    self.connect()
  File "/usr/local/lib/python2.7/dist-packages/urllib3/connection.py", line 163, in connect
    conn = self._new_conn()
  File "/usr/local/lib/python2.7/dist-packages/urllib3/connection.py", line 147, in _new_conn
    self, "Failed to establish a new connection: %s" % e)
NewConnectionError: <urllib3.connection.HTTPConnection object at 0x7f9384024550>: Failed to establish a new connection: [Errno 111] Connection refused
2019-03-13 16:19:56,354 [elasticsearch] WARNING: HEAD http://127.0.0.1:9200/_template/cuckoo_template [status:N/A request:0.000s]
Traceback (most recent call last):
  File "/usr/local/lib/python2.7/dist-packages/elasticsearch/connection/http_urllib3.py", line 94, in perform_request
    response = self.pool.urlopen(method, url, body, retries=False, headers=self.headers, **kw)
  File "/usr/local/lib/python2.7/dist-packages/urllib3/connectionpool.py", line 643, in urlopen
    _stacktrace=sys.exc_info()[2])
  File "/usr/local/lib/python2.7/dist-packages/urllib3/util/retry.py", line 251, in increment
    raise six.reraise(type(error), error, _stacktrace)
  File "/usr/local/lib/python2.7/dist-packages/urllib3/connectionpool.py", line 594, in urlopen
    chunked=chunked)
  File "/usr/local/lib/python2.7/dist-packages/urllib3/connectionpool.py", line 361, in _make_request
    conn.request(method, url, **httplib_request_kw)
  File "/usr/lib/python2.7/httplib.py", line 1017, in request
    self._send_request(method, url, body, headers)
  File "/usr/lib/python2.7/httplib.py", line 1051, in _send_request
    self.endheaders(body)
  File "/usr/lib/python2.7/httplib.py", line 1013, in endheaders
    self._send_output(message_body)
  File "/usr/lib/python2.7/httplib.py", line 864, in _send_output
    self.send(msg)
  File "/usr/lib/python2.7/httplib.py", line 826, in send
    self.connect()
  File "/usr/local/lib/python2.7/dist-packages/urllib3/connection.py", line 163, in connect
    conn = self._new_conn()
  File "/usr/local/lib/python2.7/dist-packages/urllib3/connection.py", line 147, in _new_conn
    self, "Failed to establish a new connection: %s" % e)
NewConnectionError: <urllib3.connection.HTTPConnection object at 0x7f9384024e10>: Failed to establish a new connection: [Errno 111] Connection refused
2019-03-13 16:19:56,355 [elasticsearch] WARNING: HEAD http://127.0.0.1:9200/_template/cuckoo_template [status:N/A request:0.000s]
Traceback (most recent call last):
  File "/usr/local/lib/python2.7/dist-packages/elasticsearch/connection/http_urllib3.py", line 94, in perform_request
    response = self.pool.urlopen(method, url, body, retries=False, headers=self.headers, **kw)
  File "/usr/local/lib/python2.7/dist-packages/urllib3/connectionpool.py", line 643, in urlopen
    _stacktrace=sys.exc_info()[2])
  File "/usr/local/lib/python2.7/dist-packages/urllib3/util/retry.py", line 251, in increment
    raise six.reraise(type(error), error, _stacktrace)
  File "/usr/local/lib/python2.7/dist-packages/urllib3/connectionpool.py", line 594, in urlopen
    chunked=chunked)
  File "/usr/local/lib/python2.7/dist-packages/urllib3/connectionpool.py", line 361, in _make_request
    conn.request(method, url, **httplib_request_kw)
  File "/usr/lib/python2.7/httplib.py", line 1017, in request
    self._send_request(method, url, body, headers)
  File "/usr/lib/python2.7/httplib.py", line 1051, in _send_request
    self.endheaders(body)
  File "/usr/lib/python2.7/httplib.py", line 1013, in endheaders
    self._send_output(message_body)
  File "/usr/lib/python2.7/httplib.py", line 864, in _send_output
    self.send(msg)
  File "/usr/lib/python2.7/httplib.py", line 826, in send
    self.connect()
  File "/usr/local/lib/python2.7/dist-packages/urllib3/connection.py", line 163, in connect
    conn = self._new_conn()
  File "/usr/local/lib/python2.7/dist-packages/urllib3/connection.py", line 147, in _new_conn
    self, "Failed to establish a new connection: %s" % e)
NewConnectionError: <urllib3.connection.HTTPConnection object at 0x7f9384024050>: Failed to establish a new connection: [Errno 111] Connection refused
2019-03-13 16:19:56,356 [elasticsearch] WARNING: HEAD http://127.0.0.1:9200/_template/cuckoo_template [status:N/A request:0.000s]
Traceback (most recent call last):
  File "/usr/local/lib/python2.7/dist-packages/elasticsearch/connection/http_urllib3.py", line 94, in perform_request
    response = self.pool.urlopen(method, url, body, retries=False, headers=self.headers, **kw)
  File "/usr/local/lib/python2.7/dist-packages/urllib3/connectionpool.py", line 643, in urlopen
    _stacktrace=sys.exc_info()[2])
  File "/usr/local/lib/python2.7/dist-packages/urllib3/util/retry.py", line 251, in increment
    raise six.reraise(type(error), error, _stacktrace)
  File "/usr/local/lib/python2.7/dist-packages/urllib3/connectionpool.py", line 594, in urlopen
    chunked=chunked)
  File "/usr/local/lib/python2.7/dist-packages/urllib3/connectionpool.py", line 361, in _make_request
    conn.request(method, url, **httplib_request_kw)
  File "/usr/lib/python2.7/httplib.py", line 1017, in request
    self._send_request(method, url, body, headers)
  File "/usr/lib/python2.7/httplib.py", line 1051, in _send_request
    self.endheaders(body)
  File "/usr/lib/python2.7/httplib.py", line 1013, in endheaders
    self._send_output(message_body)
  File "/usr/lib/python2.7/httplib.py", line 864, in _send_output
    self.send(msg)
  File "/usr/lib/python2.7/httplib.py", line 826, in send
    self.connect()
  File "/usr/local/lib/python2.7/dist-packages/urllib3/connection.py", line 163, in connect
    conn = self._new_conn()
  File "/usr/local/lib/python2.7/dist-packages/urllib3/connection.py", line 147, in _new_conn
    self, "Failed to establish a new connection: %s" % e)
NewConnectionError: <urllib3.connection.HTTPConnection object at 0x7f9384024d90>: Failed to establish a new connection: [Errno 111] Connection refused
2019-03-13 16:19:56,356 [lib.cuckoo.core.plugins] ERROR: Failed to run the reporting module "ElasticSearch":
Traceback (most recent call last):
  File "/opt/cuckoo/lib/cuckoo/core/plugins.py", line 533, in process
    current.run(self.results)
  File "/opt/cuckoo/modules/reporting/elasticsearch.py", line 196, in run
    self.connect()
  File "/opt/cuckoo/modules/reporting/elasticsearch.py", line 79, in connect
    if not self.es.indices.exists_template("cuckoo_template"):
  File "/usr/local/lib/python2.7/dist-packages/elasticsearch/client/utils.py", line 69, in _wrapped
    return func(*args, params=params, **kwargs)
  File "/usr/local/lib/python2.7/dist-packages/elasticsearch/client/indices.py", line 491, in exists_template
    name), params=params)
  File "/usr/local/lib/python2.7/dist-packages/elasticsearch/transport.py", line 327, in perform_request
    status, headers, data = connection.perform_request(method, url, params, body, ignore=ignore, timeout=timeout)
  File "/usr/local/lib/python2.7/dist-packages/elasticsearch/connection/http_urllib3.py", line 105, in perform_request
    raise ConnectionError('N/A', str(e), e)
ConnectionError: ConnectionError(<urllib3.connection.HTTPConnection object at 0x7f9384024d90>: Failed to establish a new connection: [Errno 111] Connection refused) caused by: NewConnectionError(<urllib3.connection.HTTPConnection object at 0x7f9384024d90>: Failed to establish a new connection: [Errno 111] Connection refused)

Signatures

File has been identified by 7 AntiVirus engines on VirusTotal as malicious (7 events)
Cylance Unsafe
Invincea heuristic
McAfee-GW-Edition BehavesLike.Win32.PUPXFR.cc
Trapmine suspicious.low.ml.score
SentinelOne static engine - malicious
Endgame malicious (high confidence)
CrowdStrike malicious_confidence_100% (D)
The binary likely contains encrypted or compressed data. (2 events)
section {u'size_of_data': u'0x00025400', u'virtual_address': u'0x00006000', u'entropy': 7.948448397706195, u'name': u'.rdata', u'virtual_size': u'0x00025265'} entropy 7.94844839771 description A section with a high entropy has been found
entropy 0.866279069767 description Overall entropy of this PE file is high

Screenshots

No screenshots available.

Network

DNS

No domains contacted.

Hosts

No hosts contacted.

Summary

PE Compile Time

2018-06-30 07:18:29

Sections

Name Virtual Address Virtual Size Size of Raw Data Entropy
.text 0x00001000 0x000045ee 0x00004600 6.52756363643
.rdata 0x00006000 0x00025265 0x00025400 7.94844839771
.data 0x0002c000 0x000018dc 0x00000c00 2.4750330655
.reloc 0x0002e000 0x000008c0 0x00000a00 4.6916397092

Imports

Library KERNEL32.dll:
0x10006000 VirtualAlloc
0x10006004 GetModuleHandleA
0x10006008 VirtualProtect
0x1000600c HeapSize
0x10006010 GetStringTypeW
0x10006014 GetCurrentThreadId
0x10006018 DecodePointer
0x1000601c GetCommandLineA
0x10006020 EncodePointer
0x10006024 TlsAlloc
0x10006028 TlsGetValue
0x1000602c TlsSetValue
0x10006030 TlsFree
0x10006034 InterlockedIncrement
0x10006038 GetModuleHandleW
0x1000603c SetLastError
0x10006040 GetLastError
0x10006044 InterlockedDecrement
0x10006048 GetProcAddress
0x1000604c HeapFree
0x10006050 Sleep
0x10006054 ExitProcess
0x10006058 SetHandleCount
0x1000605c GetStdHandle
0x10006064 GetFileType
0x10006068 GetStartupInfoW
0x1000606c DeleteCriticalSection
0x10006070 GetModuleFileNameA
0x10006078 WideCharToMultiByte
0x1000607c GetEnvironmentStringsW
0x10006080 HeapCreate
0x10006084 HeapDestroy
0x1000608c GetTickCount
0x10006090 GetCurrentProcessId
0x10006098 LeaveCriticalSection
0x1000609c EnterCriticalSection
0x100060a0 GetCPInfo
0x100060a4 GetACP
0x100060a8 GetOEMCP
0x100060ac IsValidCodePage
0x100060b0 HeapAlloc
0x100060b4 HeapReAlloc
0x100060b8 LoadLibraryW
0x100060c4 IsDebuggerPresent
0x100060c8 TerminateProcess
0x100060cc GetCurrentProcess
0x100060d0 WriteFile
0x100060d4 GetModuleFileNameW
0x100060d8 RtlUnwind
0x100060dc LCMapStringW
0x100060e0 MultiByteToWideChar
Library USER32.dll:
0x100060ec GetForegroundWindow

!This program cannot be run in DOS mode.
&Rich$
`.rdata
@.data
.reloc
j@j ^V
^SSSSS
URPQQh
t"SS9] u
;t$,v-
UQPXY]Y[
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
CorExitProcess
HH:mm:ss
dddd, MMMM dd, yyyy
MM/dd/yy
December
November
October
September
August
February
January
Saturday
Friday
Thursday
Wednesday
Tuesday
Monday
Sunday
 !"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~
GetProcessWindowStation
GetUserObjectInformationW
GetLastActivePopup
GetActiveWindow
MessageBoxW
p&)!C7=;"
%;ro4F
Y<O~N#$
pO~vf+
fDy`AYV
=6GV^z0
rv$o-0
{t aI-
{!C+d8
}!kpB\#
1DkZW(
/xiw{tSes
f]ArVM
eAn<}M
V,)g$B
|Rz$8%l
11m,40EJQ1
b?//_xo
mB~(sd
+Au;Ep
jtL;S4
N#?h&?A
Q$Q<m
,t}%Gc
>/#BU"
0&o!50
|(Va'm
\m#7dj^
Q+f+*
?_MYs6
[`~;FP
jvyGJ{
$F935RB
fd{k^V
1+%HraBDV
fy|<h8@
dqQW%C
&]K+iD
/&^SHn
rN8;k(
B-xB|S
<s7gLVV
*G|6y(
r:w;bE
0@Jza~
KirxcL
mv^d/R
0_r)}G
_2wDO|
k(O)]lSR
\a!JcX&
/WSw|k
T,lMlR{Ef
v;&z[;F:
'bj'P{
A'CW{P
bX7=&0
F/H^:.
a{Z])F
ZWN[E}
`#$>9;K
86m"fz
nFoZrW
{i?K`=
d-%FAEG
N6w2v+
=Hq'<$f
l7m'!,$
(4\M.j
ohj[Xr
=oMCM"o
S|Qo0:
[tn\W>V
s:\z&n>4
"F8$P*
i'wsv|B
@O&xz#VE
}C!72aKp
!RJx`X
u%KokYG
fiS;z0%
(nM=L[
J!mZ#4
#Um}qy
ioA&.|:
0W4(X{1
#@A83g-
6ZmprZ
izR,`8
Q3y+w
i5n1D({
RMA"WN
>}vsU_`
Ql q4+
4Q?8}~
z86@|>;G_^L4
%O7X--!-
GC4u"n
?Z)zN+
GvX /`
hO*0Ze
mk$IzjC
Of/`h~
wi'NrT
[*m9D(|;
oId~6J
<iJ"7\;
*!PZ"\
-P#v0;
V%G_j#
0Mv,3b
0KqH~u0
./9pN:
?"};6ajuV
IVz".]$E
+RR=&T
X]"hk
PhmN^%b
5lM10'
3<AB0y
L@dr#N]
8:89@w
\MAmg"X
).=o[>
H B1W:
Z7+5H q7x
xYc\n]!/
1[O|r
f' "4d
,6)S\h
&K6A_\
Gn<+Rph
P0 g4
nL"lMu
T`]CqHq
qZvF_O
40;DBc>m
7{dEP8y
&IF ?H7
|mJ-5
::XftO
;<By%0/
#iggQS
?E%d|.
Y,_Lf]iRO
kb_N#`
J0#/i9
qoO:/~
mK2<//
||p7}?d
6|-8OD8
LwKQaS=.
* FJ8V
(e^'(;
4[2 D{Rk
*t5\l3
DA:1$m
lPCKOw
=R|lRo
Av7sGs
aO0^*2
Yg9.%U
Tfgk$gOD
lR-;Nl
rabsZK
}&P/]/
2M[a^\
Gl&4S(
,c~zk,wYQX
N`gm.E
yN1mmE
WrUi92b
t~X%5N
Yhp<TRv
C;]|Zc
QKE3%k
/ S'PW
q4w;k{$x{(
Rq`1cB
"8s&@{
@#xbL1
^TEZE[I\
?Hhl{*
^v/d6~
%2g'lq{T
!6SKjH
fw0lW
0qv.zc
>6VH)`
]s[KEi'
1yOSVkt
XBIqdz"
FH>26f
%/3imE
5I-N`Oef
j\{zPDH
s@~XAU
eFnJMMS
0dQIj
VCf`X@
KdxD^B
lI:4Mt
0npF[<
wOFGPF
V*"Zud
8RaTn1"EH 4K
9b?=7B
{3rPlxn
*F9]!f
+S</'I.
_7#e2F[
)P#HJ/w
SM/jD)
5M[:Hoy
h9q-,,
,.+h.X
'"nfR<
VirtualAlloc
GetModuleHandleA
VirtualProtect
KERNEL32.dll
GetForegroundWindow
USER32.dll
GetCurrentThreadId
DecodePointer
GetCommandLineA
EncodePointer
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
GetModuleHandleW
SetLastError
GetLastError
InterlockedDecrement
GetProcAddress
HeapFree
ExitProcess
SetHandleCount
GetStdHandle
InitializeCriticalSectionAndSpinCount
GetFileType
GetStartupInfoW
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapCreate
HeapDestroy
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
LeaveCriticalSection
EnterCriticalSection
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
HeapAlloc
HeapReAlloc
LoadLibraryW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
TerminateProcess
GetCurrentProcess
WriteFile
GetModuleFileNameW
RtlUnwind
LCMapStringW
MultiByteToWideChar
GetStringTypeW
HeapSize
IsProcessorFeaturePresent
hpqhvsei.dll
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
0;0@0J0~0
1 151g1
3?3T3z3
4)515}5
6$6+61696@6E6M6V6b6g6l6r6v6|6
7(7.7F7q7w7
8M8V8b8~8
8+939F9Q9V9h9r9w9
:K:U:{:
:M;s;y;
=J=m=s=
=>)>j>u>
[0l0t0z0
6"6,6>6U6c6i6
; =1=k=x=
>^>i>s>
0%111D1V1q1y1
1 2I2Z2r2
5$5,5s5x5
5>6G6M6
7:8A8N8T8
8D9I9R9a9
<"<*<0<><r<
484J4\4n4
859;9T9
:9:_:}:
< <$<(<,<0<4<8<<<
=)=/=?=D=U=]=c=m=s=}=
50<0B0i0o0u0{0
11/141:1@1V1]1|1
>$>,>4><>D>L>T>\>d>l>t>|>
;$;(;H;T;p;|;
<4<8<X<x<
2 2024282<2@2D2H2L2P2T2X2\2`2d2h2l2p2t2x2|2
283H3X3h3x3
7P:T:X:\:`:d:h:l:p:t:
KERNEL32.DLL
mscoree.dll
HH:mm:ss
dddd, MMMM dd, yyyy
MM/dd/yy
December
November
October
September
August
February
January
Saturday
Friday
Thursday
Wednesday
Tuesday
Monday
Sunday
nruntime error
TLOSS error
SING error
DOMAIN error
- Attempt to use MSIL code from this assembly during native code initialization
This indicates a bug in your application. It is most likely the result of calling an MSIL-compiled (/clr) function from a native constructor or from DllMain.
- not enough space for locale information
- Attempt to initialize the CRT more than once.
This indicates a bug in your application.
- CRT not initialized
- unable to initialize heap
- not enough space for lowio initialization
- not enough space for stdio initialization
- pure virtual function call
- not enough space for _onexit/atexit table
- unable to open console device
- unexpected heap error
- unexpected multithread lock error
- not enough space for thread data
- abort() has been called
- not enough space for environment
- not enough space for arguments
- floating point support not loaded
Microsoft Visual C++ Runtime Library
<program name unknown>
Runtime Error!
Program:
((((( H
h(((( H
H
WUSER32.DLL
Antivirus Signature
K7AntiVirus Clean
MicroWorld-eScan Clean
CMC Clean
CAT-QuickHeal Clean
McAfee Clean
Cylance Unsafe
TheHacker Clean
BitDefender Clean
K7GW Clean
Trustlook Clean
Arcabit Clean
Invincea heuristic
Baidu Clean
NANO-Antivirus Clean
Cyren Clean
Symantec Clean
TotalDefense Clean
TrendMicro-HouseCall Clean
Avast Clean
ClamAV Clean
Kaspersky Clean
Alibaba Clean
Babable Clean
ViRobot Clean
AegisLab Clean
Rising Clean
Ad-Aware Clean
Emsisoft Clean
Comodo Clean
F-Secure Clean
DrWeb Clean
Zillya Clean
TrendMicro Clean
McAfee-GW-Edition BehavesLike.Win32.PUPXFR.cc
Trapmine suspicious.low.ml.score
Sophos Clean
Ikarus Clean
F-Prot Clean
Jiangmin Clean
Webroot Clean
Avira Clean
Fortinet Clean
Antiy-AVL Clean
Kingsoft Clean
Endgame malicious (high confidence)
Microsoft Clean
SUPERAntiSpyware Clean
ZoneAlarm Clean
Avast-Mobile Clean
TACHYON Clean
AhnLab-V3 Clean
Acronis Clean
ALYac Clean
MAX Clean
VBA32 Clean
Malwarebytes Clean
Panda Clean
Zoner Clean
ESET-NOD32 Clean
Tencent Clean
Yandex Clean
SentinelOne static engine - malicious
eGambit Clean
GData Clean
AVG Clean
Paloalto Clean
CrowdStrike malicious_confidence_100% (D)
Qihoo-360 Clean

Process Tree


Deprecation note: While processing this analysis you did not have the httpreplay Python library installed. Installing this library (i.e., pip install httpreplay) will allow Cuckoo to do more proper PCAP analysis including but not limited to showing full HTTP and HTTPS (!) requests and responses. It is recommended that you install this library and possibly reprocess any interesting analysis tasks.

Hosts

No hosts contacted.

DNS

No domains contacted.

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.128.109 138 192.168.128.255 138

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.
Task ID 1660
Mongo ID 5c8965ec11d30812ab721791
Cuckoo release 2.0-dev