File 5991c9f0fb10a680eec314ad4d8f9f0a4824d0b09dbbdadf473481f35c494e6b_atc_launcher.exe

Size 117.5KB Resubmit sample
Type PE32 executable (console) Intel 80386, for MS Windows
MD5 cb5d2dc9ebece462da1741e8e0e7c3de
SHA1 274b689a6435fd4c591e88192e2da42611ccf8f1
SHA256 5991c9f0fb10a680eec314ad4d8f9f0a4824d0b09dbbdadf473481f35c494e6b
SHA512
266abe50f15f58efeccd3f3232df40ea2742b147137caff57f44be1aca1b2ae389cd0d348151e9e1790be818dae989346353d1db954b17dd941e6998aa552ac3
CRC32 5412B448
ssdeep 3072:SVMArn2DcaMFbSou/L2ifHd5SCRctsS2K+cGfJ:9Ar8T+o/6iLcaKGB
PDB Path C:\Users\renat\OneDrive\Documentos\Visual Studio 2017\atc_launcher\Release\atc_launcher.pdb
Yara
  • IsPE32 -
  • IsConsole -
  • HasDebugData - DebugData Check
  • HasRichSignature - Rich Signature Check
  • PEiD_00497_dUP_v2_x_Patcher_____www_diablo2oo2_cjb_net_ - [dUP v2.x Patcher --> www.diablo2oo2.cjb.net]
  • PEiD_00810_FSG_v1_10__Eng_____dulek_xt_____Microsoft_Visual_C___6_0___7_0__ - [FSG v1.10 (Eng) -> dulek/xt -> (Microsoft Visual C++ 6.0 / 7.0)]
  • PEiD_01070_Microsoft_Visual_C___6_0___8_0_ - [Microsoft Visual C++ 6.0 - 8.0]
  • PEiD_01091_Microsoft_Visual_C___8_ - [Microsoft Visual C++ 8]
  • PEiD_01686_Petite_v2_2____www_un4seen_com_petite_ - [Petite v2.2 -> www.un4seen.com/petite]
  • PEiD_02152_StarForce_V3_X_DLL____StarForce_Copy_Protection_System_ - [StarForce V3.X DLL -> StarForce Copy Protection System]
  • Contains_PE_File - Detect a PE file inside a byte sequence
  • anti_dbg - Checks if being debugged
  • win_files_operation - Affect private profile
  • contentis_base64 - This rule finds for base64 strings
  • VC8_Microsoft_Corporation -
  • Microsoft_Visual_Cpp_8 -
  • maldoc_function_prolog_signature -
  • maldoc_structured_exception_handling -
  • maldoc_suspicious_strings -
  • maldoc_find_kernel32_base_method_1 -

Score

This file appears fairly benign with a score of 0.2 out of 10.

Please notice: The scoring system is currently still in development and should be considered an alpha feature.

Information on Execution

Category Started Completed Duration Logs
FILE Oct. 19, 2018, 2:32 a.m. Oct. 19, 2018, 2:37 a.m. 293 seconds

Machine

Name Label Started On Shutdown On
winxpsp3pro32 winxpsp3pro32 2018-10-19 02:32:54 2018-10-19 02:37:46

Analyzer Log

2018-10-18 23:32:54,530 [analyzer] DEBUG: Starting analyzer from: C:\zbbfcnrti
2018-10-18 23:32:54,671 [analyzer] DEBUG: Pipe server name: \\.\PIPE\gdfvkolKQPCONayGIWbVClBPfugEse
2018-10-18 23:32:54,671 [analyzer] DEBUG: Log pipe server name: \\.\PIPE\mgRuJKipAHseVSRmaEBzTQarBpLPLLF
2018-10-18 23:33:22,905 [analyzer] DEBUG: Started auxiliary module Disguise
2018-10-18 23:33:23,453 [analyzer] WARNING: Unable to find the correct offsets for functions of: 32-bit kernel32.dll (with timestamp 0x4802a12c)
2018-10-18 23:33:23,453 [analyzer] WARNING: Unable to find the correct offsets for functions of: 32-bit kernel32.dll (with timestamp 0x4802a12c)
2018-10-18 23:33:23,562 [analyzer] DEBUG: Loaded monitor into process with pid 692
2018-10-18 23:33:23,562 [analyzer] DEBUG: Started auxiliary module DumpTLSMasterSecrets
2018-10-18 23:33:23,578 [analyzer] DEBUG: Started auxiliary module Human
2018-10-18 23:33:23,578 [analyzer] DEBUG: Started auxiliary module InstallCertificate
2018-10-18 23:33:23,578 [analyzer] WARNING: Cannot execute auxiliary module Reboot: [Errno 2] No such file or directory: 'C:\\zbbfcnrti\\reboot.json'
2018-10-18 23:33:25,562 [analyzer] DEBUG: Started auxiliary module RecentFiles
2018-10-18 23:33:25,608 [analyzer] DEBUG: Started auxiliary module Screenshots
2018-10-18 23:33:25,625 [analyzer] INFO: No process IDs returned by the package, running for the full timeout.
2018-10-18 23:37:25,062 [analyzer] INFO: Analysis timeout hit, terminating analysis.
2018-10-18 23:37:25,062 [analyzer] INFO: Terminating remaining processes before shutdown.
2018-10-18 23:37:25,062 [analyzer] INFO: Analysis completed.

Cuckoo Log

2018-10-19 02:32:54,538 [lib.cuckoo.core.scheduler] INFO: File already exists at "/opt/cuckoo/storage/binaries/5991c9f0fb10a680eec314ad4d8f9f0a4824d0b09dbbdadf473481f35c494e6b"
2018-10-19 02:32:54,571 [lib.cuckoo.core.scheduler] INFO: Task #24: acquired machine winxpsp3pro32 (label=winxpsp3pro32)
2018-10-19 02:32:54,594 [modules.auxiliary.sniffer] INFO: Started sniffer with PID 17252 (interface=eth2, host=192.168.128.102, pcap=/opt/cuckoo/storage/analyses/24/dump.pcap)
2018-10-19 02:32:58,913 [lib.cuckoo.core.guest] INFO: Starting analysis on guest (id=winxpsp3pro32, ip=192.168.128.102)
2018-10-19 02:33:00,505 [modules.auxiliary.reboot] ERROR: Reboot analysis is not backwards compatible with the Old Agent, please upgrade your target machine (<Machine('4','winxpsp3pro32')>) to the New Agent to use the reboot analysis capabilities.
2018-10-19 02:37:45,221 [lib.cuckoo.core.guest] INFO: winxpsp3pro32: analysis completed successfully
2018-10-19 02:37:49,751 [lib.cuckoo.core.plugins] WARNING: The processing module "Suricata" returned the following error: Unable to locate Suricata binary
2018-10-19 02:37:51,142 [elasticsearch] WARNING: HEAD http://127.0.0.1:9200/_template/cuckoo_template [status:N/A request:0.000s]
Traceback (most recent call last):
  File "/usr/local/lib/python2.7/dist-packages/elasticsearch/connection/http_urllib3.py", line 94, in perform_request
    response = self.pool.urlopen(method, url, body, retries=False, headers=self.headers, **kw)
  File "/usr/local/lib/python2.7/dist-packages/urllib3/connectionpool.py", line 643, in urlopen
    _stacktrace=sys.exc_info()[2])
  File "/usr/local/lib/python2.7/dist-packages/urllib3/util/retry.py", line 251, in increment
    raise six.reraise(type(error), error, _stacktrace)
  File "/usr/local/lib/python2.7/dist-packages/urllib3/connectionpool.py", line 594, in urlopen
    chunked=chunked)
  File "/usr/local/lib/python2.7/dist-packages/urllib3/connectionpool.py", line 361, in _make_request
    conn.request(method, url, **httplib_request_kw)
  File "/usr/lib/python2.7/httplib.py", line 1017, in request
    self._send_request(method, url, body, headers)
  File "/usr/lib/python2.7/httplib.py", line 1051, in _send_request
    self.endheaders(body)
  File "/usr/lib/python2.7/httplib.py", line 1013, in endheaders
    self._send_output(message_body)
  File "/usr/lib/python2.7/httplib.py", line 864, in _send_output
    self.send(msg)
  File "/usr/lib/python2.7/httplib.py", line 826, in send
    self.connect()
  File "/usr/local/lib/python2.7/dist-packages/urllib3/connection.py", line 163, in connect
    conn = self._new_conn()
  File "/usr/local/lib/python2.7/dist-packages/urllib3/connection.py", line 147, in _new_conn
    self, "Failed to establish a new connection: %s" % e)
NewConnectionError: <urllib3.connection.HTTPConnection object at 0x7f54a71657d0>: Failed to establish a new connection: [Errno 111] Connection refused
2018-10-19 02:37:51,143 [elasticsearch] WARNING: HEAD http://127.0.0.1:9200/_template/cuckoo_template [status:N/A request:0.000s]
Traceback (most recent call last):
  File "/usr/local/lib/python2.7/dist-packages/elasticsearch/connection/http_urllib3.py", line 94, in perform_request
    response = self.pool.urlopen(method, url, body, retries=False, headers=self.headers, **kw)
  File "/usr/local/lib/python2.7/dist-packages/urllib3/connectionpool.py", line 643, in urlopen
    _stacktrace=sys.exc_info()[2])
  File "/usr/local/lib/python2.7/dist-packages/urllib3/util/retry.py", line 251, in increment
    raise six.reraise(type(error), error, _stacktrace)
  File "/usr/local/lib/python2.7/dist-packages/urllib3/connectionpool.py", line 594, in urlopen
    chunked=chunked)
  File "/usr/local/lib/python2.7/dist-packages/urllib3/connectionpool.py", line 361, in _make_request
    conn.request(method, url, **httplib_request_kw)
  File "/usr/lib/python2.7/httplib.py", line 1017, in request
    self._send_request(method, url, body, headers)
  File "/usr/lib/python2.7/httplib.py", line 1051, in _send_request
    self.endheaders(body)
  File "/usr/lib/python2.7/httplib.py", line 1013, in endheaders
    self._send_output(message_body)
  File "/usr/lib/python2.7/httplib.py", line 864, in _send_output
    self.send(msg)
  File "/usr/lib/python2.7/httplib.py", line 826, in send
    self.connect()
  File "/usr/local/lib/python2.7/dist-packages/urllib3/connection.py", line 163, in connect
    conn = self._new_conn()
  File "/usr/local/lib/python2.7/dist-packages/urllib3/connection.py", line 147, in _new_conn
    self, "Failed to establish a new connection: %s" % e)
NewConnectionError: <urllib3.connection.HTTPConnection object at 0x7f54a7165290>: Failed to establish a new connection: [Errno 111] Connection refused
2018-10-19 02:37:51,144 [elasticsearch] WARNING: HEAD http://127.0.0.1:9200/_template/cuckoo_template [status:N/A request:0.000s]
Traceback (most recent call last):
  File "/usr/local/lib/python2.7/dist-packages/elasticsearch/connection/http_urllib3.py", line 94, in perform_request
    response = self.pool.urlopen(method, url, body, retries=False, headers=self.headers, **kw)
  File "/usr/local/lib/python2.7/dist-packages/urllib3/connectionpool.py", line 643, in urlopen
    _stacktrace=sys.exc_info()[2])
  File "/usr/local/lib/python2.7/dist-packages/urllib3/util/retry.py", line 251, in increment
    raise six.reraise(type(error), error, _stacktrace)
  File "/usr/local/lib/python2.7/dist-packages/urllib3/connectionpool.py", line 594, in urlopen
    chunked=chunked)
  File "/usr/local/lib/python2.7/dist-packages/urllib3/connectionpool.py", line 361, in _make_request
    conn.request(method, url, **httplib_request_kw)
  File "/usr/lib/python2.7/httplib.py", line 1017, in request
    self._send_request(method, url, body, headers)
  File "/usr/lib/python2.7/httplib.py", line 1051, in _send_request
    self.endheaders(body)
  File "/usr/lib/python2.7/httplib.py", line 1013, in endheaders
    self._send_output(message_body)
  File "/usr/lib/python2.7/httplib.py", line 864, in _send_output
    self.send(msg)
  File "/usr/lib/python2.7/httplib.py", line 826, in send
    self.connect()
  File "/usr/local/lib/python2.7/dist-packages/urllib3/connection.py", line 163, in connect
    conn = self._new_conn()
  File "/usr/local/lib/python2.7/dist-packages/urllib3/connection.py", line 147, in _new_conn
    self, "Failed to establish a new connection: %s" % e)
NewConnectionError: <urllib3.connection.HTTPConnection object at 0x7f54a7165490>: Failed to establish a new connection: [Errno 111] Connection refused
2018-10-19 02:37:51,145 [elasticsearch] WARNING: HEAD http://127.0.0.1:9200/_template/cuckoo_template [status:N/A request:0.000s]
Traceback (most recent call last):
  File "/usr/local/lib/python2.7/dist-packages/elasticsearch/connection/http_urllib3.py", line 94, in perform_request
    response = self.pool.urlopen(method, url, body, retries=False, headers=self.headers, **kw)
  File "/usr/local/lib/python2.7/dist-packages/urllib3/connectionpool.py", line 643, in urlopen
    _stacktrace=sys.exc_info()[2])
  File "/usr/local/lib/python2.7/dist-packages/urllib3/util/retry.py", line 251, in increment
    raise six.reraise(type(error), error, _stacktrace)
  File "/usr/local/lib/python2.7/dist-packages/urllib3/connectionpool.py", line 594, in urlopen
    chunked=chunked)
  File "/usr/local/lib/python2.7/dist-packages/urllib3/connectionpool.py", line 361, in _make_request
    conn.request(method, url, **httplib_request_kw)
  File "/usr/lib/python2.7/httplib.py", line 1017, in request
    self._send_request(method, url, body, headers)
  File "/usr/lib/python2.7/httplib.py", line 1051, in _send_request
    self.endheaders(body)
  File "/usr/lib/python2.7/httplib.py", line 1013, in endheaders
    self._send_output(message_body)
  File "/usr/lib/python2.7/httplib.py", line 864, in _send_output
    self.send(msg)
  File "/usr/lib/python2.7/httplib.py", line 826, in send
    self.connect()
  File "/usr/local/lib/python2.7/dist-packages/urllib3/connection.py", line 163, in connect
    conn = self._new_conn()
  File "/usr/local/lib/python2.7/dist-packages/urllib3/connection.py", line 147, in _new_conn
    self, "Failed to establish a new connection: %s" % e)
NewConnectionError: <urllib3.connection.HTTPConnection object at 0x7f54a71658d0>: Failed to establish a new connection: [Errno 111] Connection refused
2018-10-19 02:37:51,145 [lib.cuckoo.core.plugins] ERROR: Failed to run the reporting module "ElasticSearch":
Traceback (most recent call last):
  File "/opt/cuckoo/lib/cuckoo/core/plugins.py", line 533, in process
    current.run(self.results)
  File "/opt/cuckoo/modules/reporting/elasticsearch.py", line 196, in run
    self.connect()
  File "/opt/cuckoo/modules/reporting/elasticsearch.py", line 79, in connect
    if not self.es.indices.exists_template("cuckoo_template"):
  File "/usr/local/lib/python2.7/dist-packages/elasticsearch/client/utils.py", line 69, in _wrapped
    return func(*args, params=params, **kwargs)
  File "/usr/local/lib/python2.7/dist-packages/elasticsearch/client/indices.py", line 491, in exists_template
    name), params=params)
  File "/usr/local/lib/python2.7/dist-packages/elasticsearch/transport.py", line 327, in perform_request
    status, headers, data = connection.perform_request(method, url, params, body, ignore=ignore, timeout=timeout)
  File "/usr/local/lib/python2.7/dist-packages/elasticsearch/connection/http_urllib3.py", line 105, in perform_request
    raise ConnectionError('N/A', str(e), e)
ConnectionError: ConnectionError(<urllib3.connection.HTTPConnection object at 0x7f54a71658d0>: Failed to establish a new connection: [Errno 111] Connection refused) caused by: NewConnectionError(<urllib3.connection.HTTPConnection object at 0x7f54a71658d0>: Failed to establish a new connection: [Errno 111] Connection refused)

Signatures

This executable has a PDB path (1 event)
pdb_path C:\Users\renat\OneDrive\Documentos\Visual Studio 2017\atc_launcher\Release\atc_launcher.pdb

Screenshots

Network

DNS

Name Response Post-Analysis Lookup
javadl-esd-secure.oracle.com 104.66.66.247

Hosts

No hosts contacted.

Summary

PE Compile Time

2018-01-03 15:03:26

PDB Path

C:\Users\renat\OneDrive\Documentos\Visual Studio 2017\atc_launcher\Release\atc_launcher.pdb

Sections

Name Virtual Address Virtual Size Size of Raw Data Entropy
.text 0x00001000 0x000147f6 0x00014800 6.6373713057
.rdata 0x00016000 0x00006b30 0x00006c00 5.1833250574
.data 0x0001d000 0x00001594 0x00000a00 2.40306850078
.rsrc 0x0001f000 0x000001e0 0x00000200 4.71006138269
.reloc 0x00020000 0x000011e4 0x00001200 6.58882888059

Imports

Library KERNEL32.dll:
0x416000 GetModuleFileNameW
0x416008 WriteConsoleW
0x41600c ReadConsoleW
0x416010 ReadFile
0x416014 SetEndOfFile
0x416018 SetFilePointerEx
0x41601c HeapReAlloc
0x416020 HeapSize
0x416024 GetConsoleMode
0x416028 GetConsoleCP
0x416034 GetCurrentProcess
0x416038 TerminateProcess
0x416044 GetCurrentProcessId
0x416048 GetCurrentThreadId
0x416050 InitializeSListHead
0x416054 IsDebuggerPresent
0x416058 GetStartupInfoW
0x41605c GetModuleHandleW
0x416060 RtlUnwind
0x416064 RaiseException
0x416068 GetLastError
0x41606c SetLastError
0x416070 EncodePointer
0x416084 TlsAlloc
0x416088 TlsGetValue
0x41608c TlsSetValue
0x416090 TlsFree
0x416094 FreeLibrary
0x416098 GetProcAddress
0x41609c LoadLibraryExW
0x4160a0 ExitProcess
0x4160a4 GetModuleHandleExW
0x4160a8 WideCharToMultiByte
0x4160ac GetStdHandle
0x4160b0 WriteFile
0x4160b4 GetModuleFileNameA
0x4160b8 MultiByteToWideChar
0x4160bc GetCommandLineA
0x4160c0 GetCommandLineW
0x4160c4 GetACP
0x4160c8 HeapFree
0x4160cc HeapAlloc
0x4160d0 GetFileType
0x4160d4 CompareStringW
0x4160d8 LCMapStringW
0x4160dc CloseHandle
0x4160e0 FindClose
0x4160e4 FindFirstFileExA
0x4160e8 FindNextFileA
0x4160ec IsValidCodePage
0x4160f0 GetOEMCP
0x4160f4 GetCPInfo
0x416104 SetStdHandle
0x416108 GetStringTypeW
0x41610c GetProcessHeap
0x416110 CreateFileW
0x416114 FlushFileBuffers
0x416118 DecodePointer
Library USER32.dll:
0x416128 GetMessageW
0x41612c IsWindow
0x416130 FindWindowW
0x416134 ShowWindow
0x416138 RegisterHotKey
Library SHELL32.dll:
0x416120 ShellExecuteW

!This program cannot be run in DOS mode.
`.rdata
@.data
@.reloc
QQSVWd
URPQQh@F@
;t$,v-
UQPXY]Y[
^$+^8+
^$+^8+
PVSQSWV
QSSSSj
Wj0XPV
TVh0xA
<at<rt
>=umF8
WWWPWS
u-PWWS
SSVWh
f9:t!V
|VWj=S
QQSWj0j@
PPPPPWS
PP9E u:PPVWP
PPPPPPPP
D8(HXt:f
D8(Ht5F
Unknown exception
bad allocation
bad array new length
bad exception
FlsAlloc
FlsFree
FlsGetValue
FlsSetValue
InitializeCriticalSectionEx
__based(
__cdecl
__pascal
__stdcall
__thiscall
__fastcall
__vectorcall
__clrcall
__eabi
__ptr64
__restrict
__unaligned
restrict(
delete
operator
`vftable'
`vbtable'
`vcall'
`typeof'
`local static guard'
`string'
`vbase destructor'
`vector deleting destructor'
`default constructor closure'
`scalar deleting destructor'
`vector constructor iterator'
`vector destructor iterator'
`vector vbase constructor iterator'
`virtual displacement map'
`eh vector constructor iterator'
`eh vector destructor iterator'
`eh vector vbase constructor iterator'
`copy constructor closure'
`udt returning'
`local vftable'
`local vftable constructor closure'
new[]
delete[]
`omni callsig'
`placement delete closure'
`placement delete[] closure'
`managed vector constructor iterator'
`managed vector destructor iterator'
`eh vector copy constructor iterator'
`eh vector vbase copy constructor iterator'
`dynamic initializer for '
`dynamic atexit destructor for '
`vector copy constructor iterator'
`vector vbase copy constructor iterator'
`managed vector copy constructor iterator'
`local static thread guard'
operator ""
operator co_await
Type Descriptor'
Base Class Descriptor at (
Base Class Array'
Class Hierarchy Descriptor'
Complete Object Locator'
`h````
xpxxxx
(null)
CorExitProcess
NAN(SNAN)
nan(snan)
NAN(IND)
nan(ind)
Sunday
Monday
Tuesday
Wednesday
Thursday
Friday
Saturday
January
February
August
September
October
November
December
MM/dd/yy
dddd, MMMM dd, yyyy
HH:mm:ss
AreFileApisANSI
CompareStringEx
GetCurrentPackageId
LCMapStringEx
LocaleNameToLCID
UTF-16LEUNICODE
 !"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~
[aOni*{
~ $s%r
@b;zO]
v2!L.2
1#QNAN
1#SNAN
?5Wg4p
%S#[k=
"B <1=
_hypot
_nextafter
%s\atc.exe
atc_path.txt
%s\License.txt
string too long
C:\Users\renat\OneDrive\Documentos\Visual Studio 2017\atc_launcher\Release\atc_launcher.pdb
.text$mn
.text$x
.idata$5
.00cfg
.CRT$XCA
.CRT$XCAA
.CRT$XCZ
.CRT$XIA
.CRT$XIAA
.CRT$XIAC
.CRT$XIC
.CRT$XIZ
.CRT$XPA
.CRT$XPX
.CRT$XPXA
.CRT$XPZ
.CRT$XTA
.CRT$XTZ
.rdata
.rdata$r
.rdata$sxdata
.rdata$zzzdbg
.rtc$IAA
.rtc$IZZ
.rtc$TAA
.rtc$TZZ
.xdata$x
.idata$2
.idata$3
.idata$4
.idata$6
.data$r
.rsrc$01
.rsrc$02
GetModuleFileNameW
GetCurrentDirectoryW
KERNEL32.dll
FindWindowW
IsWindow
ShowWindow
RegisterHotKey
GetMessageW
USER32.dll
ShellExecuteW
SHELL32.dll
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
RtlUnwind
RaiseException
GetLastError
SetLastError
EncodePointer
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
ExitProcess
GetModuleHandleExW
WideCharToMultiByte
GetStdHandle
WriteFile
GetModuleFileNameA
MultiByteToWideChar
GetCommandLineA
GetCommandLineW
GetACP
HeapFree
HeapAlloc
GetFileType
CompareStringW
LCMapStringW
CloseHandle
FindClose
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetOEMCP
GetCPInfo
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
SetStdHandle
GetStringTypeW
GetProcessHeap
CreateFileW
FlushFileBuffers
GetConsoleCP
GetConsoleMode
HeapSize
HeapReAlloc
SetFilePointerEx
SetEndOfFile
ReadFile
ReadConsoleW
WriteConsoleW
DecodePointer
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
.?AVbad_alloc@std@@
.?AVexception@std@@
.?AVlogic_error@std@@
.?AVlength_error@std@@
.?AVtype_info@@
.?AVbad_array_new_length@std@@
.?AVbad_exception@std@@
<?xml version='1.0' encoding='UTF-8' standalone='yes'?>
<assembly xmlns='urn:schemas-microsoft-com:asm.v1' manifestVersion='1.0'>
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
<security>
<requestedPrivileges>
<requestedExecutionLevel level='asInvoker' uiAccess='false' />
</requestedPrivileges>
</security>
</trustInfo>
</assembly>
0<0H0N0W0d0i0n0
1+161G1Y1^1z1
;#<,<7<><^<d<j<p<v<|<
=)=2=e=k=q=w=}=
?!?&?G?L?Y?
2!2-2=2N2d2{2
3$3K3S3l3
3"4+4<4B4j4
6 6F6K6p6
8@8I8R8`8i8x8
&0k0p0t0x0|0f3
5?556H6
8!8/8@8Q8]8n8
767V7d7k7q7
8D8p8x8
8"9+90959Y9e9j9o9
:#:3:=:b:t:
&1/171
5#???C?G?K?O?S?W?[?_?c?g?k?
6s8a9k9x9
;);0;<;O;T;`;e;v;
<J<\<d<n<w<
233g4}4
66X6c6W8a8
:,:d:|:
=#=+=6=@=F=Z=f=
>*>{>"?C?
2!2-2F2Y2
3-434E4
0*1u1q2
3*4;4V4b4s4|4
5/5D5N5q5{5n:9=x=
0*0:0O0f0
474P4}4
5>5N5e5m5
6676X6
7"7-72777R7\7x7
8'82878<8]8m8
9!9&9D9g9r9
9 :2:>:L:
;/=Z=y=
262;2}5"6I6
939:9A9H9b9q9{9
92:M:_<
<#=8=F=O=
0B0h0
1K1V1c1t1
5?5F5]5s5
606C6M6n6
6&7<7w7~7
7L8^8p8
9$9E9W9i9{9
0%0I0}0
1+282E2R2i203
4;4(5\7
:(;/;Y>N?V?
7&8M8X8h8
959K9U9t9
:*:S:q:
4)7=8C8
= =S=s=
2.3w344R4u4
5!6-6E6
7*8N8W9{9
:&:U:r:
5*525O5_5k5z5~6
6(7E7Y7d7
9K:L;\;m;u;
2<3W3m3
@1H1T1X1\1`1d1p1t1x1
2<2@2D2X2\2`2
4 4$4(4,4044484<4@4D4H4L4P4T4X4\4`4d4h4l4p4t4x4|4
58<@<H<L<P<T<X<\<`<d<l<p<t<x<|<
2 2$2(2,2024282<2@2D2H2L2P2T2X2\2`2d2h2t2x2|2
3 3(3,3034383<3@3D3H3L3P3T3X3\3`3d3h3l3p3t3
9$9,949<9D9L9T9\9d9l9t9|9
:$:,:4:<:D:L:T:\:d:l:t:|:
;$;,;4;<;D;L;T;\;d;l;t;|;
<$<,<4<<<D<L<T<\<d<l<t<|<
=$=,=4=<=D=L=T=\=d=l=t=|=
>$>,>4><>D>L>T>\>d>l>t>|>
?$?,?4?<?D?L?T?\?d?l?t?|?
: :(:0:8:@:H:P:X:`:h:p:x:
; ;(;0;8;@;H;P;X;`;h;p;x;
< <(<0<8<@<H<P<X<`<h<p<x<
= =(=0=8=@=H=P=X=`=h=p=x=
> >(>0>8>@>H>P>X>`>h>p>x>
? ?(?0?8?@?H?P?X?`?h?p?x?
0 0(00080@0H0P0X0`0h0p0x0
5$5,545<5D5L5T5\5d5l5t5|5
6\7`7p7t7|7
8,8<8@8P8T8X8\8d8|8
9$9(989<9@9H9`9
=$=,=`=p=x=
>4>8>@>H>P>T>X>`>t>
? ?$?4?X?d?l?
080X0x0
181X1x1
2$2@2`2
3 3@3`3
0(181H1X1h1
7 7$7(7,7074787<7@7D7P7T7X7\7`7d7h7l7
9(9@9h9
Aapi-ms-win-core-fibers-l1-1-1
api-ms-win-core-synch-l1-2-0
kernel32
api-ms-
ext-ms-
(null)
mscoree.dll
Sunday
Monday
Tuesday
Wednesday
Thursday
Friday
Saturday
January
February
August
September
October
November
December
MM/dd/yy
dddd, MMMM dd, yyyy
HH:mm:ss
Aapi-ms-win-appmodel-runtime-l1-1-1
api-ms-win-core-datetime-l1-1-1
api-ms-win-core-file-l2-1-1
api-ms-win-core-localization-l1-2-1
api-ms-win-core-localization-obsolete-l1-2-0
api-ms-win-core-processthreads-l1-1-2
api-ms-win-core-string-l1-1-0
api-ms-win-core-sysinfo-l1-2-1
api-ms-win-core-winrt-l1-1-0
api-ms-win-core-xstate-l2-1-0
api-ms-win-rtcore-ntuser-window-l1-1-0
api-ms-win-security-systemfunctions-l1-1-0
ext-ms-win-kernel32-package-current-l1-1-0
ext-ms-win-ntuser-dialogbox-l1-1-0
ext-ms-win-ntuser-windowstation-l1-1-0
advapi32
user32
Aja-JP
((((( H
zh-CHS
az-AZ-Latn
uz-UZ-Latn
kok-IN
syr-SY
div-MV
quz-BO
sr-SP-Latn
az-AZ-Cyrl
uz-UZ-Cyrl
quz-EC
sr-SP-Cyrl
quz-PE
smj-NO
bs-BA-Latn
smj-SE
sr-BA-Latn
sma-NO
sr-BA-Cyrl
sma-SE
sms-FI
smn-FI
zh-CHT
az-az-cyrl
az-az-latn
bs-ba-latn
div-mv
kok-in
quz-bo
quz-ec
quz-pe
sma-no
sma-se
smj-no
smj-se
smn-fi
sms-fi
sr-ba-cyrl
sr-ba-latn
sr-sp-cyrl
sr-sp-latn
syr-sy
uz-uz-cyrl
uz-uz-latn
zh-chs
zh-cht
CONOUT$
ConsoleWindowClass
Antivirus Signature
Bkav Clean
MicroWorld-eScan Clean
nProtect Clean
CMC Clean
CAT-QuickHeal Clean
ALYac Clean
Malwarebytes Clean
VIPRE Clean
TheHacker Clean
K7GW Clean
K7AntiVirus Clean
TrendMicro Clean
Baidu Clean
NANO-Antivirus Clean
F-Prot Clean
Symantec Clean
TotalDefense Clean
TrendMicro-HouseCall Clean
Avast Clean
ClamAV Clean
Kaspersky Clean
BitDefender Clean
Babable Clean
ViRobot Clean
AegisLab Clean
Tencent Clean
Ad-Aware Clean
Sophos Clean
Comodo Clean
F-Secure Clean
DrWeb Clean
Zillya Clean
Invincea Clean
McAfee-GW-Edition Clean
Emsisoft Clean
SentinelOne Clean
Cyren Clean
Jiangmin Clean
Webroot Clean
Avira Clean
Fortinet Clean
Antiy-AVL Clean
Kingsoft Clean
Endgame Clean
Arcabit Clean
SUPERAntiSpyware Clean
ZoneAlarm Clean
Avast-Mobile Clean
Microsoft Clean
AhnLab-V3 Clean
McAfee Clean
AVware Clean
MAX Clean
VBA32 Clean
Cylance Clean
Panda Clean
Zoner Clean
ESET-NOD32 Clean
Rising Clean
Yandex Clean
Ikarus Clean
eGambit Clean
GData Clean
AVG Clean
Paloalto Clean
Qihoo-360 Clean

Process Tree


Deprecation note: While processing this analysis you did not have the httpreplay Python library installed. Installing this library (i.e., pip install httpreplay) will allow Cuckoo to do more proper PCAP analysis including but not limited to showing full HTTP and HTTPS (!) requests and responses. It is recommended that you install this library and possibly reprocess any interesting analysis tasks.

Hosts

No hosts contacted.

DNS

Name Response Post-Analysis Lookup
javadl-esd-secure.oracle.com 104.66.66.247

TCP

Source Source Port Destination Destination Port
192.168.128.102 1040 192.168.128.112 139
192.168.128.102 1041 192.168.128.112 139
192.168.128.102 1042 192.168.128.112 139

UDP

Source Source Port Destination Destination Port
192.168.128.102 1025 192.168.128.111 53
192.168.128.102 137 192.168.128.112 137
192.168.128.102 137 192.168.128.255 137
192.168.128.102 138 192.168.128.255 138
192.168.128.112 138 192.168.128.102 138

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.
Task ID 24
Mongo ID 5bc97bbf11d30829883cde97
Cuckoo release 2.0-dev