File Emergency Exit # 016536418807.zip

Size 202.2KB Resubmit sample
Type Zip archive data, at least v2.0 to extract
MD5 f905025ba4a2c1d02b8252b12b92664f
SHA1 8bbb0ebbd03385521dd15eefb0b21dd8222f8829
SHA256 bf7785c4da6cf7b09f374d6f6807b6a9ff1fedfce4bc7f8b520bda79eddbe29f
SHA512
658c5cb9d6256e7d0d50b6a092e9955ecd78e147b22f17fac761d73667a5631e6b78f6a1b25a994c4e3ac3d3fb38c77e84b4ee7fc0232caa6622bcd836ebf875
CRC32 55EECF46
ssdeep 6144:1nw3w822aP3Ya5DxMsAytrgRtD34VqzOVF9B:1w3apAQFAqgRtD34Vjn
Yara None matched

Score

This file appears fairly benign with a score of 0.4 out of 10.

Please notice: The scoring system is currently still in development and should be considered an alpha feature.

Information on Execution

Category Started Completed Duration Logs
FILE March 14, 2019, 1:59 p.m. March 14, 2019, 2:04 p.m. 277 seconds

Machine

Name Label Started On Shutdown On
win7x64 win7x64 2019-03-14 13:59:59 2019-03-14 14:04:34

Analyzer Log

2019-03-14 06:59:56,015 [analyzer] DEBUG: Starting analyzer from: C:\hpqmls
2019-03-14 06:59:56,015 [analyzer] DEBUG: Pipe server name: \\.\PIPE\rPlpNihbNwQTSPivsCfjdPqX
2019-03-14 06:59:56,015 [analyzer] DEBUG: Log pipe server name: \\.\PIPE\whQhFyNTuqiANLGFuhxE
2019-03-14 06:59:56,686 [analyzer] DEBUG: Started auxiliary module Disguise
2019-03-14 06:59:56,920 [analyzer] DEBUG: Loaded monitor into process with pid 508
2019-03-14 06:59:56,920 [analyzer] DEBUG: Started auxiliary module DumpTLSMasterSecrets
2019-03-14 06:59:56,920 [analyzer] DEBUG: Started auxiliary module Human
2019-03-14 06:59:56,920 [analyzer] DEBUG: Started auxiliary module InstallCertificate
2019-03-14 06:59:56,920 [analyzer] WARNING: Cannot execute auxiliary module Reboot: [Errno 2] No such file or directory: 'C:\\hpqmls\\reboot.json'
2019-03-14 06:59:57,013 [analyzer] DEBUG: Started auxiliary module RecentFiles
2019-03-14 06:59:57,013 [modules.auxiliary.screenshots] WARNING: Python Image Library is not installed, screenshots are disabled
2019-03-14 06:59:57,013 [analyzer] DEBUG: Started auxiliary module Screenshots
2019-03-14 06:59:57,013 [analyzer] INFO: No process IDs returned by the package, running for the full timeout.
2019-03-14 07:03:59,375 [analyzer] INFO: Analysis timeout hit, terminating analysis.
2019-03-14 07:03:59,375 [analyzer] INFO: Terminating remaining processes before shutdown.
2019-03-14 07:03:59,375 [analyzer] INFO: Analysis completed.

Cuckoo Log

2019-03-14 13:59:57,705 [lib.cuckoo.core.scheduler] INFO: File already exists at "/opt/cuckoo/storage/binaries/bf7785c4da6cf7b09f374d6f6807b6a9ff1fedfce4bc7f8b520bda79eddbe29f"
2019-03-14 13:59:57,911 [lib.cuckoo.core.scheduler] INFO: Task #1677: acquired machine win7x64 (label=win7x64)
2019-03-14 13:59:59,338 [modules.auxiliary.sniffer] INFO: Started sniffer with PID 10155 (interface=eth2, host=192.168.128.109, pcap=/opt/cuckoo/storage/analyses/1677/dump.pcap)
2019-03-14 13:59:59,362 [lib.cuckoo.common.objects] WARNING: Error extracting package and main activity: File Emergency Exit Map.exe is encrypted, password required for extraction.
2019-03-14 14:00:12,068 [lib.cuckoo.core.guest] INFO: Starting analysis on guest (id=win7x64, ip=192.168.128.109)
2019-03-14 14:00:19,101 [modules.auxiliary.reboot] ERROR: Reboot analysis is not backwards compatible with the Old Agent, please upgrade your target machine (<Machine('1','win7x64')>) to the New Agent to use the reboot analysis capabilities.
2019-03-14 14:04:33,078 [lib.cuckoo.core.guest] INFO: win7x64: analysis completed successfully
2019-03-14 14:04:35,177 [lib.cuckoo.core.plugins] WARNING: The processing module "Suricata" returned the following error: Unable to locate Suricata binary
2019-03-14 14:04:36,575 [elasticsearch] WARNING: HEAD http://127.0.0.1:9200/_template/cuckoo_template [status:N/A request:0.000s]
Traceback (most recent call last):
  File "/usr/local/lib/python2.7/dist-packages/elasticsearch/connection/http_urllib3.py", line 94, in perform_request
    response = self.pool.urlopen(method, url, body, retries=False, headers=self.headers, **kw)
  File "/usr/local/lib/python2.7/dist-packages/urllib3/connectionpool.py", line 643, in urlopen
    _stacktrace=sys.exc_info()[2])
  File "/usr/local/lib/python2.7/dist-packages/urllib3/util/retry.py", line 251, in increment
    raise six.reraise(type(error), error, _stacktrace)
  File "/usr/local/lib/python2.7/dist-packages/urllib3/connectionpool.py", line 594, in urlopen
    chunked=chunked)
  File "/usr/local/lib/python2.7/dist-packages/urllib3/connectionpool.py", line 361, in _make_request
    conn.request(method, url, **httplib_request_kw)
  File "/usr/lib/python2.7/httplib.py", line 1017, in request
    self._send_request(method, url, body, headers)
  File "/usr/lib/python2.7/httplib.py", line 1051, in _send_request
    self.endheaders(body)
  File "/usr/lib/python2.7/httplib.py", line 1013, in endheaders
    self._send_output(message_body)
  File "/usr/lib/python2.7/httplib.py", line 864, in _send_output
    self.send(msg)
  File "/usr/lib/python2.7/httplib.py", line 826, in send
    self.connect()
  File "/usr/local/lib/python2.7/dist-packages/urllib3/connection.py", line 163, in connect
    conn = self._new_conn()
  File "/usr/local/lib/python2.7/dist-packages/urllib3/connection.py", line 147, in _new_conn
    self, "Failed to establish a new connection: %s" % e)
NewConnectionError: <urllib3.connection.HTTPConnection object at 0x7f937cd8aad0>: Failed to establish a new connection: [Errno 111] Connection refused
2019-03-14 14:04:36,575 [elasticsearch] WARNING: HEAD http://127.0.0.1:9200/_template/cuckoo_template [status:N/A request:0.000s]
Traceback (most recent call last):
  File "/usr/local/lib/python2.7/dist-packages/elasticsearch/connection/http_urllib3.py", line 94, in perform_request
    response = self.pool.urlopen(method, url, body, retries=False, headers=self.headers, **kw)
  File "/usr/local/lib/python2.7/dist-packages/urllib3/connectionpool.py", line 643, in urlopen
    _stacktrace=sys.exc_info()[2])
  File "/usr/local/lib/python2.7/dist-packages/urllib3/util/retry.py", line 251, in increment
    raise six.reraise(type(error), error, _stacktrace)
  File "/usr/local/lib/python2.7/dist-packages/urllib3/connectionpool.py", line 594, in urlopen
    chunked=chunked)
  File "/usr/local/lib/python2.7/dist-packages/urllib3/connectionpool.py", line 361, in _make_request
    conn.request(method, url, **httplib_request_kw)
  File "/usr/lib/python2.7/httplib.py", line 1017, in request
    self._send_request(method, url, body, headers)
  File "/usr/lib/python2.7/httplib.py", line 1051, in _send_request
    self.endheaders(body)
  File "/usr/lib/python2.7/httplib.py", line 1013, in endheaders
    self._send_output(message_body)
  File "/usr/lib/python2.7/httplib.py", line 864, in _send_output
    self.send(msg)
  File "/usr/lib/python2.7/httplib.py", line 826, in send
    self.connect()
  File "/usr/local/lib/python2.7/dist-packages/urllib3/connection.py", line 163, in connect
    conn = self._new_conn()
  File "/usr/local/lib/python2.7/dist-packages/urllib3/connection.py", line 147, in _new_conn
    self, "Failed to establish a new connection: %s" % e)
NewConnectionError: <urllib3.connection.HTTPConnection object at 0x7f937cd8ab50>: Failed to establish a new connection: [Errno 111] Connection refused
2019-03-14 14:04:36,576 [elasticsearch] WARNING: HEAD http://127.0.0.1:9200/_template/cuckoo_template [status:N/A request:0.000s]
Traceback (most recent call last):
  File "/usr/local/lib/python2.7/dist-packages/elasticsearch/connection/http_urllib3.py", line 94, in perform_request
    response = self.pool.urlopen(method, url, body, retries=False, headers=self.headers, **kw)
  File "/usr/local/lib/python2.7/dist-packages/urllib3/connectionpool.py", line 643, in urlopen
    _stacktrace=sys.exc_info()[2])
  File "/usr/local/lib/python2.7/dist-packages/urllib3/util/retry.py", line 251, in increment
    raise six.reraise(type(error), error, _stacktrace)
  File "/usr/local/lib/python2.7/dist-packages/urllib3/connectionpool.py", line 594, in urlopen
    chunked=chunked)
  File "/usr/local/lib/python2.7/dist-packages/urllib3/connectionpool.py", line 361, in _make_request
    conn.request(method, url, **httplib_request_kw)
  File "/usr/lib/python2.7/httplib.py", line 1017, in request
    self._send_request(method, url, body, headers)
  File "/usr/lib/python2.7/httplib.py", line 1051, in _send_request
    self.endheaders(body)
  File "/usr/lib/python2.7/httplib.py", line 1013, in endheaders
    self._send_output(message_body)
  File "/usr/lib/python2.7/httplib.py", line 864, in _send_output
    self.send(msg)
  File "/usr/lib/python2.7/httplib.py", line 826, in send
    self.connect()
  File "/usr/local/lib/python2.7/dist-packages/urllib3/connection.py", line 163, in connect
    conn = self._new_conn()
  File "/usr/local/lib/python2.7/dist-packages/urllib3/connection.py", line 147, in _new_conn
    self, "Failed to establish a new connection: %s" % e)
NewConnectionError: <urllib3.connection.HTTPConnection object at 0x7f937cd8aa50>: Failed to establish a new connection: [Errno 111] Connection refused
2019-03-14 14:04:36,577 [elasticsearch] WARNING: HEAD http://127.0.0.1:9200/_template/cuckoo_template [status:N/A request:0.000s]
Traceback (most recent call last):
  File "/usr/local/lib/python2.7/dist-packages/elasticsearch/connection/http_urllib3.py", line 94, in perform_request
    response = self.pool.urlopen(method, url, body, retries=False, headers=self.headers, **kw)
  File "/usr/local/lib/python2.7/dist-packages/urllib3/connectionpool.py", line 643, in urlopen
    _stacktrace=sys.exc_info()[2])
  File "/usr/local/lib/python2.7/dist-packages/urllib3/util/retry.py", line 251, in increment
    raise six.reraise(type(error), error, _stacktrace)
  File "/usr/local/lib/python2.7/dist-packages/urllib3/connectionpool.py", line 594, in urlopen
    chunked=chunked)
  File "/usr/local/lib/python2.7/dist-packages/urllib3/connectionpool.py", line 361, in _make_request
    conn.request(method, url, **httplib_request_kw)
  File "/usr/lib/python2.7/httplib.py", line 1017, in request
    self._send_request(method, url, body, headers)
  File "/usr/lib/python2.7/httplib.py", line 1051, in _send_request
    self.endheaders(body)
  File "/usr/lib/python2.7/httplib.py", line 1013, in endheaders
    self._send_output(message_body)
  File "/usr/lib/python2.7/httplib.py", line 864, in _send_output
    self.send(msg)
  File "/usr/lib/python2.7/httplib.py", line 826, in send
    self.connect()
  File "/usr/local/lib/python2.7/dist-packages/urllib3/connection.py", line 163, in connect
    conn = self._new_conn()
  File "/usr/local/lib/python2.7/dist-packages/urllib3/connection.py", line 147, in _new_conn
    self, "Failed to establish a new connection: %s" % e)
NewConnectionError: <urllib3.connection.HTTPConnection object at 0x7f937cd8aa10>: Failed to establish a new connection: [Errno 111] Connection refused
2019-03-14 14:04:36,578 [lib.cuckoo.core.plugins] ERROR: Failed to run the reporting module "ElasticSearch":
Traceback (most recent call last):
  File "/opt/cuckoo/lib/cuckoo/core/plugins.py", line 533, in process
    current.run(self.results)
  File "/opt/cuckoo/modules/reporting/elasticsearch.py", line 196, in run
    self.connect()
  File "/opt/cuckoo/modules/reporting/elasticsearch.py", line 79, in connect
    if not self.es.indices.exists_template("cuckoo_template"):
  File "/usr/local/lib/python2.7/dist-packages/elasticsearch/client/utils.py", line 69, in _wrapped
    return func(*args, params=params, **kwargs)
  File "/usr/local/lib/python2.7/dist-packages/elasticsearch/client/indices.py", line 491, in exists_template
    name), params=params)
  File "/usr/local/lib/python2.7/dist-packages/elasticsearch/transport.py", line 327, in perform_request
    status, headers, data = connection.perform_request(method, url, params, body, ignore=ignore, timeout=timeout)
  File "/usr/local/lib/python2.7/dist-packages/elasticsearch/connection/http_urllib3.py", line 105, in perform_request
    raise ConnectionError('N/A', str(e), e)
ConnectionError: ConnectionError(<urllib3.connection.HTTPConnection object at 0x7f937cd8aa10>: Failed to establish a new connection: [Errno 111] Connection refused) caused by: NewConnectionError(<urllib3.connection.HTTPConnection object at 0x7f937cd8aa10>: Failed to establish a new connection: [Errno 111] Connection refused)

Signatures

File has been identified by one AntiVirus engine on VirusTotal as malicious (1 event)
Fortinet W32/GenKryptik.DAAY!tr

Screenshots

No screenshots available.

Network

DNS

Name Response Post-Analysis Lookup
javadl-esd-secure.oracle.com 23.14.119.135

Hosts

No hosts contacted.

Summary

No static analysis available.
Emergency Exit Map.exe
|!xm<{>
Dgua=z
"\6:Va
/r%`4R
(.,7wI
q;beh-
mKdr,J
)]S%EVi=
eZMY5G5K
o4>o?15
^=*'m/
mwSMI.H
aaudMO
~Dj*BE
J=]BB'
e!Ys|\
T/tOEG
Ej4Abw
|X.1G=$>
;.J(/m
#k;!Is
BZ\q8t
92LsemkM
hk!l),%
S31AU23
'UY),b
c5]v@U
C; o6u
(J4v7(
."?wP(
J}88<~U
P*P-39
3"dV3*
IS@??+hOC
NQhbeE
">Gz~b
Ee!8Bs*
P).!0=/
1.a.QzZ
+^Sc6*
j1 94B
d_%_f1
~W$`F ^
B Up4G.
s{v <x6"t
}3F5h!P=
f$1M:i
`?z83>;F
_ 9e>q[
~o&MZ}
1|Ops0
P\`[/\
,3'd>O>b*
ncVoAX
n.6abdi
RO]j=
?:,(sK
#6Mh~;u
Gs6lej
yAv9"L
Zv}8rq<
z-o=?v
BPhR:Ql#e
/#]tu/S|
{; ]7/
6$=4cB
HG$Nfv
ddFo%b
Gc#BTA
Moi;Jy
vx8KyQ
wu_r&~
nubDa,+z
#2m)<r=Y
S[*K
sG=AFV
dYCcGa
:b5C0#
=:I1F8
.t5"WH
q1Ke[<t
JRW"lug
z"N;[T(
/S OrGB
;Q?C]8
FgJFz
yZObyD
X=SSrE;^
!DIR9nLN
!."s~,S
#V+oB>
v2[:[jI
]BmX8:f
VHj.+oZ
Bu8LaL
~Z_BnM
GH1Es
Sl@@!'
O*)9|{
=Gk+GQ0
wSeT/#
8BcQI/
w:&_>J
o{oZB;
V#D\9F`
]/QppLi
zP!WAv
xKaEMAh]]
A($9[X
6w2!-]
ZhH"h~
gYhNI
|==_^Ch
ztx+?S
Femgj&H
'Vg,<c
~[ZX@DH
B'<WPF/m
'g}SH+
H0<5nc
oV-{K)
q|:<3/
=Tzm8C
&7/iep
RuDW(M
\\u)bE
{%\C}nsa
W,XLHI.5
{5^$.q3
$.Sv5"=
v,3KfbA_
Zb,O)4"j
jCPQ8g
L<Iwe{O
qLJFnW
}c%GSS
\iwD@;
82@%M"1'VDp
.8tw0,
a)'Nx@
E+B:V6k
p(r4s>H
{:"xLP
z25:M4
zCfA%2
Xl6lOiG:
-1>4j<
^mp,Nx
4B[RG!y
_wl8\q<:
v37+0f
'Zn}#!z
zqY:1L2
jTtEOk
_^#gEE
)S ]\v
p;d@:`
*1*X_=
n<%#mB
WIEW\G#
k5S-rL
5=L2?-
n}ToFC*\
z3D[5g
G*Zu>JM
b CmvW
2>lRD6
:`A};(
f+Sfm
I|sV#|?{c
o"H?8Z,
T`E1y@
^#mrac
HPaa]d
+)'Zia
*Etw@{
kn%x)%1w
$"G~E<
h9g 8h
VgVu`^
+/d3gF
]a<1K@
05*CBI
yN$d\-kE
E|z DO
?U&?*Q]
6N7ug#gw^pec>R6M^
E+@~a>F
U\wXMD
3u_h4c
A=-k9P):
sd*K[%
KR-8"D
og'4fs
F4UF#u
S4T[0!
n8BDBD"Ex
|J}u"Y
YK"}%-
UcaJefEU
SC. LdVW
?[${a
BjR\C3
j2R c3M]S3
i45%,I
FBlvr~It
r.VM^s
Z\`7dzK
9`@ub|=
uXd3J5A!
QC9H3I
``JC4t
Q;|O1?
N}|?AU
ef<cPD
53Pjy5
?EZ=j2
1m{|hyeb
F2cT7#;
n"FY;A
oXHt7]
&7M&s2
@dAp|g
1f"+r,
jW<ZJ%>=
1Y'yOe
9Mv3Z>oL
8C}qM,
"mQx'L
s^(|Y`i
'&h^|Q
R?jT!e
Ip66d%/X
[Z rm|
ssI>HR
j9e\+2"
0<V#o2
Zo$+\@
TfX,@g
$Nne6m
]l*~|-
lUj_[O
,$:hRrQ
dcNI&l
o)\fzUH
6tt(RQ6t
d2ZuVZ
aC!Rh#
*+.l3(Q
5f:k#J
D<Q2.5Ac
(pQ4Yu't
L&wR}(
XEE9aN
I?m.kr
M!Wl;M
_BfNCp
rhTw:+
:HQ6AR
4Ng+${
4Q 3Bvs
Ybh 'X
jkC[|r
t6F@xp
^g_waO#
&vuTKE
oa sfv
a% +R" 
$Y4,C2
Gg1ffS
?kaVUB!
m#w$} N!a5[
OTT'7k
#Jq,=s
P^AzJUOk
6##pl
7VxCuE
lEK;AC
a2ML#G
I~e1Q{P
c9cq\w{
Fgap+r
,6NWob=
w7<MW)A
#jN}rb
[KW^2G1
S^c,Ho
uMB{~N
jx~O<a
M5Z6_
=(!aN t1
8ZO?%<
'X|C3z
qQYUR@
=("[_B
PIs|2?
\{xe1o7
aK\"]'
<Wt^V_
v&D-+]2
p`]7 L
x$(H2w
e@]W[i
?SM]ZS5
G?_#"[
Dd4&a"^(
tqpV9D
%*_.5&
0tdGlr
X#A,(_
1\+^kU
zvA*_6=
_*%DyE&
/^"H$H
Zyx/-l
;f'$.<
9x QsC
V!PW9<
U_Iz}{)
?u|1j>n`
KQ<I}r
(kCNh@g1$
/8izc-ps>z
[@h@E
.EbcE7
NG>1ka8w5f
~}(J$
N$uq"g
7/}|/9z
ueYGS`'
Xp<jB(
b!#Ib{c~
[{<t1-
jO8KU]
;'l0R$
RVa0XH
:y?)V'
RAKYnp
h!E*f"
_cpmTw
<Q<Mnh
(#:*=M>
N5v0Vy
x3:^SL`
>.DCtTk
5gUSdQ\
bVVML$
s83$6M{{
f,/G"d
7eQ4A1K
P@%&aZ
"+{R~m9
u`p '!dV
NQj$9Gn
:Bfv.[
$!arDtI
Yi$E7,g[{xI
Duu2;O$
DI~sn3,
~0\5X|k
!r[_jE
JiI'o=
h#sU:L
$_nI?jIM
:EnfizK
+GYQ#Q
Q?!xi|#
}oa;`*
N6)fS}
<jSJ>F
Emergency Exit Map.exe
Antivirus Signature
MicroWorld-eScan Clean
CMC Clean
CAT-QuickHeal Clean
McAfee Clean
Malwarebytes Clean
TheHacker Clean
Alibaba Clean
K7GW Clean
K7AntiVirus Clean
Baidu Clean
NANO-Antivirus Clean
Cyren Clean
Symantec Clean
ESET-NOD32 Clean
Avast Clean
ClamAV Clean
Kaspersky Clean
BitDefender Clean
Babable Clean
ViRobot Clean
AegisLab Clean
Rising Clean
Ad-Aware Clean
Trustlook Clean
Sophos Clean
Comodo Clean
F-Secure Clean
DrWeb Clean
McAfee-GW-Edition Clean
Emsisoft Clean
GData Clean
Jiangmin Clean
Avira Clean
Antiy-AVL Clean
Kingsoft Clean
Microsoft Clean
Arcabit Clean
SUPERAntiSpyware Clean
AhnLab-V3 Clean
ZoneAlarm Clean
Avast-Mobile Clean
TotalDefense Clean
VBA32 Clean
ALYac Clean
MAX Clean
Zoner Clean
Tencent Clean
Yandex Clean
TACHYON Clean
Fortinet W32/GenKryptik.DAAY!tr
AVG Clean
Panda Clean
Qihoo-360 Clean

Process Tree


Deprecation note: While processing this analysis you did not have the httpreplay Python library installed. Installing this library (i.e., pip install httpreplay) will allow Cuckoo to do more proper PCAP analysis including but not limited to showing full HTTP and HTTPS (!) requests and responses. It is recommended that you install this library and possibly reprocess any interesting analysis tasks.

Hosts

No hosts contacted.

DNS

Name Response Post-Analysis Lookup
javadl-esd-secure.oracle.com 23.14.119.135

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.128.109 60112 192.168.128.111 53
192.168.128.109 138 192.168.128.255 138

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.
Task ID 1677
Mongo ID 5c8a97b411d30812ab721826
Cuckoo release 2.0-dev