File executable.1288.exe

Size 20.5KB Resubmit sample
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 5e4f835975204449427d7ad30bb995cc
SHA1 01ce369803cca83367f71b68c1e4611790eff068
SHA256 6a5939a2049a9a692629784fedbcba7b20fe48e3e061b772a1fb5e1b7eaf4d24
SHA512
73dd7271d7ebc61cbc172d7cdee1f5e55e3c3b1f9777e54f0bc70f208137d6a52bbf111eef298b15611febf5952bf849d276e43314f60c1b225fb22971fef539
CRC32 23BDB9BE
ssdeep 384:Ne5RyopgsqWRBTGU5owPq2VkoqP45KBFUOLg2J5aW9C5bW:apEWbvHPq2urP45KBFb5a
PDB Path svchost.pdb
Yara
  • IsPE32 -
  • IsWindowsGUI -
  • HasDebugData - DebugData Check
  • HasRichSignature - Rich Signature Check
  • PEiD_00497_dUP_v2_x_Patcher_____www_diablo2oo2_cjb_net_ - [dUP v2.x Patcher --> www.diablo2oo2.cjb.net]
  • PEiD_01091_Microsoft_Visual_C___8_ - [Microsoft Visual C++ 8]
  • PEiD_01103_Microsoft_Visual_C___v6_0_DLL_ - [Microsoft Visual C++ v6.0 DLL]
  • PEiD_01686_Petite_v2_2____www_un4seen_com_petite_ - [Petite v2.2 -> www.un4seen.com/petite]
  • PEiD_02161_Stranik_1_3_Modula_C_Pascal_ - [Stranik 1.3 Modula/C/Pascal]
  • Contains_PE_File - Detect a PE file inside a byte sequence
  • contentis_base64 - This rule finds for base64 strings
  • maldoc_function_prolog_signature -
  • maldoc_suspicious_strings -

Score

This file appears fairly benign with a score of 0.2 out of 10.

Please notice: The scoring system is currently still in development and should be considered an alpha feature.

Information on Execution

Category Started Completed Duration Logs
FILE Nov. 5, 2018, 7:28 a.m. Nov. 5, 2018, 7:28 a.m. 21 seconds

Machine

Name Label Started On Shutdown On
win7x32 win7x32 2018-11-05 07:28:33 2018-11-05 07:28:54

Analyzer Log

2018-11-04 23:28:33,078 [analyzer] DEBUG: Starting analyzer from: C:\oiewgjccvm
2018-11-04 23:28:33,078 [analyzer] DEBUG: Pipe server name: \\.\PIPE\eOdPGJTNDuYWtqiwPOPXcVxzRNV
2018-11-04 23:28:33,078 [analyzer] DEBUG: Log pipe server name: \\.\PIPE\sChIGSBFZpdRvmTEAX
2018-11-04 23:28:33,092 [analyzer] DEBUG: No analysis package specified, trying to detect it automagically.
2018-11-04 23:28:33,092 [analyzer] INFO: Automatically selected analysis package "exe"
2018-11-04 23:28:36,384 [analyzer] DEBUG: Started auxiliary module Disguise
2018-11-04 23:28:36,977 [analyzer] WARNING: Unable to find the correct offsets for functions of: 32-bit kernel32.dll (with timestamp 0x56eb2fb8)
2018-11-04 23:28:36,977 [analyzer] WARNING: Unable to find the correct offsets for functions of: 32-bit kernel32.dll (with timestamp 0x56eb2fb8)
2018-11-04 23:28:37,039 [analyzer] WARNING: Unable to find the correct offsets for functions of: 32-bit ncrypt.dll (with timestamp 0x586e85bb)
2018-11-04 23:28:37,039 [analyzer] WARNING: Unable to find the correct offsets for functions of: 32-bit ncrypt.dll (with timestamp 0x586e85bb)
2018-11-04 23:28:37,039 [analyzer] DEBUG: Loaded monitor into process with pid 476
2018-11-04 23:28:37,039 [analyzer] DEBUG: Started auxiliary module DumpTLSMasterSecrets
2018-11-04 23:28:37,039 [analyzer] DEBUG: Started auxiliary module Human
2018-11-04 23:28:37,039 [analyzer] DEBUG: Started auxiliary module InstallCertificate
2018-11-04 23:28:37,039 [analyzer] DEBUG: Started auxiliary module Reboot
2018-11-04 23:28:37,289 [analyzer] DEBUG: Started auxiliary module RecentFiles
2018-11-04 23:28:37,289 [analyzer] DEBUG: Started auxiliary module Screenshots
2018-11-04 23:28:37,569 [lib.api.process] INFO: Successfully executed process from path u'C:\\Users\\admin\\AppData\\Local\\Temp\\executable.1288.exe' with arguments '' and pid 2872
2018-11-04 23:28:37,680 [analyzer] WARNING: Unable to find the correct offsets for functions of: 32-bit kernel32.dll (with timestamp 0x56eb2fb8)
2018-11-04 23:28:37,694 [analyzer] WARNING: Unable to find the correct offsets for functions of: 32-bit kernel32.dll (with timestamp 0x56eb2fb8)
2018-11-04 23:28:37,819 [analyzer] DEBUG: Loaded monitor into process with pid 2872
2018-11-04 23:28:39,084 [analyzer] INFO: Process with pid 2872 has terminated
2018-11-04 23:28:39,084 [analyzer] INFO: Process list is empty, terminating analysis.
2018-11-04 23:28:40,098 [analyzer] INFO: Terminating remaining processes before shutdown.
2018-11-04 23:28:40,098 [analyzer] INFO: Analysis completed.

Cuckoo Log

2018-11-05 07:28:33,655 [lib.cuckoo.core.scheduler] INFO: Task #46: acquired machine win7x32 (label=win7x32)
2018-11-05 07:28:33,684 [modules.auxiliary.sniffer] INFO: Started sniffer with PID 6465 (interface=eth2, host=192.168.128.112, pcap=/opt/cuckoo/storage/analyses/46/dump.pcap)
2018-11-05 07:28:37,357 [lib.cuckoo.core.guest] INFO: Starting analysis on guest (id=win7x32, ip=192.168.128.112)
2018-11-05 07:28:53,916 [lib.cuckoo.core.guest] INFO: win7x32: analysis completed successfully
2018-11-05 07:28:58,169 [lib.cuckoo.core.plugins] WARNING: The processing module "Suricata" returned the following error: Unable to locate Suricata binary
2018-11-05 07:29:18,251 [modules.processing.virustotal] WARNING: Error fetching results from VirusTotal for "6a5939a2049a9a692629784fedbcba7b20fe48e3e061b772a1fb5e1b7eaf4d24": Unable to fetch VirusTotal results: MaxRetryError("HTTPSConnectionPool(host='www.virustotal.com', port=443): Max retries exceeded with url: /vtapi/v2/file/report (Caused by NewConnectionError('<urllib3.connection.VerifiedHTTPSConnection object at 0x7f728c6b7550>: Failed to establish a new connection: [Errno -2] Name or service not known',))",)
2018-11-05 07:29:18,413 [elasticsearch] WARNING: HEAD http://127.0.0.1:9200/_template/cuckoo_template [status:N/A request:0.000s]
Traceback (most recent call last):
  File "/usr/local/lib/python2.7/dist-packages/elasticsearch/connection/http_urllib3.py", line 94, in perform_request
    response = self.pool.urlopen(method, url, body, retries=False, headers=self.headers, **kw)
  File "/usr/local/lib/python2.7/dist-packages/urllib3/connectionpool.py", line 643, in urlopen
    _stacktrace=sys.exc_info()[2])
  File "/usr/local/lib/python2.7/dist-packages/urllib3/util/retry.py", line 251, in increment
    raise six.reraise(type(error), error, _stacktrace)
  File "/usr/local/lib/python2.7/dist-packages/urllib3/connectionpool.py", line 594, in urlopen
    chunked=chunked)
  File "/usr/local/lib/python2.7/dist-packages/urllib3/connectionpool.py", line 361, in _make_request
    conn.request(method, url, **httplib_request_kw)
  File "/usr/lib/python2.7/httplib.py", line 1017, in request
    self._send_request(method, url, body, headers)
  File "/usr/lib/python2.7/httplib.py", line 1051, in _send_request
    self.endheaders(body)
  File "/usr/lib/python2.7/httplib.py", line 1013, in endheaders
    self._send_output(message_body)
  File "/usr/lib/python2.7/httplib.py", line 864, in _send_output
    self.send(msg)
  File "/usr/lib/python2.7/httplib.py", line 826, in send
    self.connect()
  File "/usr/local/lib/python2.7/dist-packages/urllib3/connection.py", line 163, in connect
    conn = self._new_conn()
  File "/usr/local/lib/python2.7/dist-packages/urllib3/connection.py", line 147, in _new_conn
    self, "Failed to establish a new connection: %s" % e)
NewConnectionError: <urllib3.connection.HTTPConnection object at 0x7f728c8e4750>: Failed to establish a new connection: [Errno 111] Connection refused
2018-11-05 07:29:18,414 [elasticsearch] WARNING: HEAD http://127.0.0.1:9200/_template/cuckoo_template [status:N/A request:0.000s]
Traceback (most recent call last):
  File "/usr/local/lib/python2.7/dist-packages/elasticsearch/connection/http_urllib3.py", line 94, in perform_request
    response = self.pool.urlopen(method, url, body, retries=False, headers=self.headers, **kw)
  File "/usr/local/lib/python2.7/dist-packages/urllib3/connectionpool.py", line 643, in urlopen
    _stacktrace=sys.exc_info()[2])
  File "/usr/local/lib/python2.7/dist-packages/urllib3/util/retry.py", line 251, in increment
    raise six.reraise(type(error), error, _stacktrace)
  File "/usr/local/lib/python2.7/dist-packages/urllib3/connectionpool.py", line 594, in urlopen
    chunked=chunked)
  File "/usr/local/lib/python2.7/dist-packages/urllib3/connectionpool.py", line 361, in _make_request
    conn.request(method, url, **httplib_request_kw)
  File "/usr/lib/python2.7/httplib.py", line 1017, in request
    self._send_request(method, url, body, headers)
  File "/usr/lib/python2.7/httplib.py", line 1051, in _send_request
    self.endheaders(body)
  File "/usr/lib/python2.7/httplib.py", line 1013, in endheaders
    self._send_output(message_body)
  File "/usr/lib/python2.7/httplib.py", line 864, in _send_output
    self.send(msg)
  File "/usr/lib/python2.7/httplib.py", line 826, in send
    self.connect()
  File "/usr/local/lib/python2.7/dist-packages/urllib3/connection.py", line 163, in connect
    conn = self._new_conn()
  File "/usr/local/lib/python2.7/dist-packages/urllib3/connection.py", line 147, in _new_conn
    self, "Failed to establish a new connection: %s" % e)
NewConnectionError: <urllib3.connection.HTTPConnection object at 0x7f728c8e4350>: Failed to establish a new connection: [Errno 111] Connection refused
2018-11-05 07:29:18,415 [elasticsearch] WARNING: HEAD http://127.0.0.1:9200/_template/cuckoo_template [status:N/A request:0.000s]
Traceback (most recent call last):
  File "/usr/local/lib/python2.7/dist-packages/elasticsearch/connection/http_urllib3.py", line 94, in perform_request
    response = self.pool.urlopen(method, url, body, retries=False, headers=self.headers, **kw)
  File "/usr/local/lib/python2.7/dist-packages/urllib3/connectionpool.py", line 643, in urlopen
    _stacktrace=sys.exc_info()[2])
  File "/usr/local/lib/python2.7/dist-packages/urllib3/util/retry.py", line 251, in increment
    raise six.reraise(type(error), error, _stacktrace)
  File "/usr/local/lib/python2.7/dist-packages/urllib3/connectionpool.py", line 594, in urlopen
    chunked=chunked)
  File "/usr/local/lib/python2.7/dist-packages/urllib3/connectionpool.py", line 361, in _make_request
    conn.request(method, url, **httplib_request_kw)
  File "/usr/lib/python2.7/httplib.py", line 1017, in request
    self._send_request(method, url, body, headers)
  File "/usr/lib/python2.7/httplib.py", line 1051, in _send_request
    self.endheaders(body)
  File "/usr/lib/python2.7/httplib.py", line 1013, in endheaders
    self._send_output(message_body)
  File "/usr/lib/python2.7/httplib.py", line 864, in _send_output
    self.send(msg)
  File "/usr/lib/python2.7/httplib.py", line 826, in send
    self.connect()
  File "/usr/local/lib/python2.7/dist-packages/urllib3/connection.py", line 163, in connect
    conn = self._new_conn()
  File "/usr/local/lib/python2.7/dist-packages/urllib3/connection.py", line 147, in _new_conn
    self, "Failed to establish a new connection: %s" % e)
NewConnectionError: <urllib3.connection.HTTPConnection object at 0x7f728c8e4fd0>: Failed to establish a new connection: [Errno 111] Connection refused
2018-11-05 07:29:18,416 [elasticsearch] WARNING: HEAD http://127.0.0.1:9200/_template/cuckoo_template [status:N/A request:0.000s]
Traceback (most recent call last):
  File "/usr/local/lib/python2.7/dist-packages/elasticsearch/connection/http_urllib3.py", line 94, in perform_request
    response = self.pool.urlopen(method, url, body, retries=False, headers=self.headers, **kw)
  File "/usr/local/lib/python2.7/dist-packages/urllib3/connectionpool.py", line 643, in urlopen
    _stacktrace=sys.exc_info()[2])
  File "/usr/local/lib/python2.7/dist-packages/urllib3/util/retry.py", line 251, in increment
    raise six.reraise(type(error), error, _stacktrace)
  File "/usr/local/lib/python2.7/dist-packages/urllib3/connectionpool.py", line 594, in urlopen
    chunked=chunked)
  File "/usr/local/lib/python2.7/dist-packages/urllib3/connectionpool.py", line 361, in _make_request
    conn.request(method, url, **httplib_request_kw)
  File "/usr/lib/python2.7/httplib.py", line 1017, in request
    self._send_request(method, url, body, headers)
  File "/usr/lib/python2.7/httplib.py", line 1051, in _send_request
    self.endheaders(body)
  File "/usr/lib/python2.7/httplib.py", line 1013, in endheaders
    self._send_output(message_body)
  File "/usr/lib/python2.7/httplib.py", line 864, in _send_output
    self.send(msg)
  File "/usr/lib/python2.7/httplib.py", line 826, in send
    self.connect()
  File "/usr/local/lib/python2.7/dist-packages/urllib3/connection.py", line 163, in connect
    conn = self._new_conn()
  File "/usr/local/lib/python2.7/dist-packages/urllib3/connection.py", line 147, in _new_conn
    self, "Failed to establish a new connection: %s" % e)
NewConnectionError: <urllib3.connection.HTTPConnection object at 0x7f728c8e4ad0>: Failed to establish a new connection: [Errno 111] Connection refused
2018-11-05 07:29:18,416 [lib.cuckoo.core.plugins] ERROR: Failed to run the reporting module "ElasticSearch":
Traceback (most recent call last):
  File "/opt/cuckoo/lib/cuckoo/core/plugins.py", line 533, in process
    current.run(self.results)
  File "/opt/cuckoo/modules/reporting/elasticsearch.py", line 196, in run
    self.connect()
  File "/opt/cuckoo/modules/reporting/elasticsearch.py", line 79, in connect
    if not self.es.indices.exists_template("cuckoo_template"):
  File "/usr/local/lib/python2.7/dist-packages/elasticsearch/client/utils.py", line 69, in _wrapped
    return func(*args, params=params, **kwargs)
  File "/usr/local/lib/python2.7/dist-packages/elasticsearch/client/indices.py", line 491, in exists_template
    name), params=params)
  File "/usr/local/lib/python2.7/dist-packages/elasticsearch/transport.py", line 327, in perform_request
    status, headers, data = connection.perform_request(method, url, params, body, ignore=ignore, timeout=timeout)
  File "/usr/local/lib/python2.7/dist-packages/elasticsearch/connection/http_urllib3.py", line 105, in perform_request
    raise ConnectionError('N/A', str(e), e)
ConnectionError: ConnectionError(<urllib3.connection.HTTPConnection object at 0x7f728c8e4ad0>: Failed to establish a new connection: [Errno 111] Connection refused) caused by: NewConnectionError(<urllib3.connection.HTTPConnection object at 0x7f728c8e4ad0>: Failed to establish a new connection: [Errno 111] Connection refused)

Signatures

This executable has a PDB path (1 event)
pdb_path svchost.pdb

Screenshots

Network

DNS

No domains contacted.

Hosts

No hosts contacted.

Summary

PE Compile Time

2009-07-13 19:19:28

PDB Path

svchost.pdb

Version Infos

LegalCopyright \xa9 Microsoft Corporation. All rights reserved.
InternalName svchost.exe
FileVersion 6.1.7600.16385 (win7_rtm.090713-1255)
CompanyName Microsoft Corporation
ProductName Microsoft\xae Windows\xae Operating System
ProductVersion 6.1.7600.16385
FileDescription Host Process for Windows Services
OriginalFilename svchost.exe
Translation 0x0409 0x04b0

Sections

Name Virtual Address Virtual Size Size of Raw Data Entropy
.text 0x00001000 0x000039dc 0x00003a00 6.27976831589
.data 0x00005000 0x000005a8 0x00000600 1.47814359373
.rsrc 0x00006000 0x00000810 0x00000a00 3.76189871791
.reloc 0x00007000 0x000003cc 0x00000400 0.0

Imports

Library msvcrt.dll:
0xf61000 __wgetmainargs
0xf61004 _exit
0xf61008 _XcptFilter
0xf6100c exit
0xf61010 _initterm
0xf61014 _amsg_exit
0xf61018 __setusermatherr
0xf6101c memcpy
0xf61020 _controlfp
0xf61028 ?terminate@@YAXXZ
0xf6102c __set_app_type
0xf61030 __p__fmode
0xf61034 __p__commode
0xf61038 _cexit
Library API-MS-Win-Core-ProcessThreads-L1-1-0.dll:
0xf61040 TerminateProcess
0xf61044 GetCurrentProcess
0xf61048 OpenProcessToken
0xf6104c GetCurrentProcessId
0xf61050 GetCurrentThreadId
Library KERNEL32.dll:
0xf61058 LocalAlloc
0xf6105c CloseHandle
0xf61064 GetProcAddress
0xf61068 GetLastError
0xf6106c FreeLibrary
0xf61074 LoadLibraryExA
0xf61078 InterlockedExchange
0xf6107c Sleep
0xf61084 GetModuleHandleA
0xf6108c GetTickCount
0xf61098 DeactivateActCtx
0xf6109c LoadLibraryExW
0xf610a0 ActivateActCtx
0xf610a8 lstrcmpW
0xf610b0 RegCloseKey
0xf610b4 RegOpenKeyExW
0xf610b8 HeapSetInformation
0xf610bc lstrcmpiW
0xf610c0 lstrlenW
0xf610c4 LCMapStringW
0xf610c8 RegQueryValueExW
0xf610cc ReleaseActCtx
0xf610d0 CreateActCtxW
0xf610d8 GetCommandLineW
0xf610dc ExitProcess
0xf610ec GetProcessHeap
0xf610f0 SetErrorMode
0xf610f8 LocalFree
0xf610fc HeapFree
0xf61100 WideCharToMultiByte
0xf61104 HeapAlloc
Library ntdll.dll:
0xf6110c RtlAllocateHeap
0xf61114 RtlSubAuthoritySid
0xf61118 RtlInitializeSid
0xf6111c RtlCopySid
0xf6112c RtlImageNtHeader
0xf61134 EtwEventWrite
0xf61138 EtwEventEnabled
0xf6113c EtwEventRegister
0xf61140 RtlFreeHeap
Library API-MS-Win-Security-Base-L1-1-0.dll:
0xf6114c AddAccessAllowedAce
0xf61158 GetTokenInformation
0xf61160 GetLengthSid
0xf61164 InitializeAcl
Library API-MS-WIN-Service-Core-L1-1-0.dll:
0xf61170 SetServiceStatus
Library API-MS-WIN-Service-winsvc-L1-1-0.dll:
Library RPCRT4.dll:
0xf61184 I_RpcMapWin32Status
0xf61198 RpcServerRegisterIf
0xf611a0 RpcServerListen

!This program cannot be run in DOS mode.
`.data
@.reloc
msvcrt.dll
API-MS-Win-Core-ProcessThreads-L1-1-0.dll
KERNEL32.dll
NTDLL.DLL
API-MS-Win-Security-Base-L1-1-0.dll
API-MS-WIN-Service-Core-L1-1-0.dll
API-MS-WIN-Service-winsvc-L1-1-0.dll
RPCRT4.dll
uPw*w!S
-+w`",w
)w<[,wj,+w
NuAtNuG
NuDxNul
SvchostPushServiceGlobals
ServiceMain
@PRPRh
t`j-Yf;
ole32.dll
CoInitializeEx
CoCreateInstance
CoInitializeSecurity
CLSIDFromString
RPCRT4.dll
API-MS-WIN-Service-winsvc-L1-1-0.dll
API-MS-WIN-Service-Core-L1-1-0.dll
API-MS-Win-Security-Base-L1-1-0.dll
ntdll.dll
KERNEL32.dll
API-MS-Win-Core-ProcessThreads-L1-1-0.dll
msvcrt.dll
__wgetmainargs
_XcptFilter
_initterm
_amsg_exit
__setusermatherr
memcpy
_controlfp
_except_handler4_common
?terminate@@YAXXZ
__set_app_type
__p__fmode
__p__commode
_cexit
TerminateProcess
GetCurrentProcess
OpenProcessToken
GetCurrentProcessId
GetCurrentThreadId
LocalAlloc
CloseHandle
DelayLoadFailureHook
GetProcAddress
GetLastError
FreeLibrary
InterlockedCompareExchange
LoadLibraryExA
InterlockedExchange
SetUnhandledExceptionFilter
GetModuleHandleA
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
UnhandledExceptionFilter
DeactivateActCtx
LoadLibraryExW
ActivateActCtx
LeaveCriticalSection
lstrcmpW
EnterCriticalSection
RegCloseKey
RegOpenKeyExW
HeapSetInformation
lstrcmpiW
lstrlenW
LCMapStringW
RegQueryValueExW
ReleaseActCtx
CreateActCtxW
ExpandEnvironmentStringsW
GetCommandLineW
ExitProcess
SetProcessAffinityUpdateMode
RegDisablePredefinedCacheEx
InitializeCriticalSection
GetProcessHeap
SetErrorMode
RegisterWaitForSingleObjectEx
LocalFree
HeapFree
WideCharToMultiByte
HeapAlloc
RtlAllocateHeap
RtlLengthRequiredSid
RtlSubAuthoritySid
RtlInitializeSid
RtlCopySid
RtlSubAuthorityCountSid
RtlInitializeCriticalSection
RtlSetProcessIsCritical
RtlImageNtHeader
RtlUnhandledExceptionFilter
EtwEventWrite
EtwEventEnabled
EtwEventRegister
RtlFreeHeap
SetSecurityDescriptorDacl
AddAccessAllowedAce
SetSecurityDescriptorOwner
SetSecurityDescriptorGroup
GetTokenInformation
InitializeSecurityDescriptor
GetLengthSid
InitializeAcl
StartServiceCtrlDispatcherW
SetServiceStatus
RegisterServiceCtrlHandlerW
RpcMgmtSetServerStackSize
I_RpcMapWin32Status
RpcServerUnregisterIf
RpcMgmtWaitServerListen
RpcMgmtStopServerListening
RpcServerUnregisterIfEx
RpcServerRegisterIf
RpcServerUseProtseqEpW
RpcServerListen
svchost.pdb
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<!-- Copyright (c) Microsoft Corporation -->
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
<assemblyIdentity
version="5.1.0.0"
processorArchitecture="x86"
name="Microsoft.Windows.Services.SvcHost"
type="win32"
<description>Host Process for Windows Services</description>
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
<security>
<requestedPrivileges>
<requestedExecutionLevel
level="asInvoker"
uiAccess="false"
/>
</requestedPrivileges>
</security>
</trustInfo>
</assembly>
Parameters
System\CurrentControlSet\Services
ServiceDllUnloadOnStop
nServiceMain
ServiceManifest
ServiceDll
Software\Microsoft\Windows NT\CurrentVersion\Svchost
SystemCritical
DefaultRpcStackSize
DeferredCoInitializeSecurityServices
CoInitializeSecurityAppID
AuthenticationCapabilities
ImpersonationLevel
AuthenticationLevel
CoInitializeSecurityParam
Software\Microsoft\Windows NT\CurrentVersion\MgdSvchost
ncacn_np
\PIPE\
VS_VERSION_INFO
StringFileInfo
040904B0
CompanyName
Microsoft Corporation
FileDescription
Host Process for Windows Services
FileVersion
6.1.7600.16385 (win7_rtm.090713-1255)
InternalName
svchost.exe
LegalCopyright
Microsoft Corporation. All rights reserved.
OriginalFilename
svchost.exe
ProductName
Microsoft
Windows
Operating System
ProductVersion
6.1.7600.16385
VarFileInfo
Translation
No antivirus signatures available.

Process Tree


executable.1288.exe, PID: 2872, Parent PID: 2848

default registry file network process services synchronisation iexplore office pdf

Deprecation note: While processing this analysis you did not have the httpreplay Python library installed. Installing this library (i.e., pip install httpreplay) will allow Cuckoo to do more proper PCAP analysis including but not limited to showing full HTTP and HTTPS (!) requests and responses. It is recommended that you install this library and possibly reprocess any interesting analysis tasks.

Hosts

No hosts contacted.

DNS

No domains contacted.

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.128.112 138 192.168.128.255 138

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.
Task ID 46
Mongo ID 5be0379e11d30814d163df9b
Cuckoo release 2.0-dev