Analysis

Category Package Started Completed Duration Log
STATIC 2019-10-29 01:10:54 2019-10-29 01:10:54 0 seconds Show Log

    

MalScore

0.0

Benign

File Details

File Name 2017-02-06-Afraidgate-Rig-V-payload-Godzilla-Loader-rad16F5F.tmp.exe
File Size 132096 bytes
File Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 4428817df3e442c0dcd356eea644ff91
SHA1 2a622ff8fb7fc7c1a588d3cd4a8a558ce60b74e1
SHA256 924953c0f2b9220b4047f563d44bf6d204642a79b10cac6efdd367192915cf45
SHA512 3f9feecb8fda3e1cb94a9e36902bafacbb3cfc9466ebec8592286935f7b89cc131425ff9b6c5e1226f8fd5a00246811e586e3d390d60cb84bc252f23b5ba85cd
CRC32 3DB2ADCD
Ssdeep 768:muc0lRKJxwiLNT8c8u0ukmZZ8S7o6D9eBr9QHIQaq/ajdp:b3u9eBr9QHIxqijD
TrID None matched
ClamAV None matched
Yara None matched
CAPE Yara None matched
Resubmit sample

Signatures

No signatures


Screenshots

No screenshots available.

Hosts

No hosts contacted.

DNS

No domains contacted.


Summary

PE Information

Image Base 0x00400000
Entry Point 0x00402f72
Reported Checksum 0x000242ec
Actual Checksum 0x000242ec
Minimum OS Version 5.1
Compile Time 2007-10-13 23:04:32
Import Hash d78e6ac6fbf54ef720d50fd7a36a7f12

Sections

Name Virtual Address Virtual Size Size of Raw Data Characteristics Entropy
.text 0x00001000 0x0001063e 0x00010800 IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 4.67
.data 0x00012000 0x0000d48e 0x0000d600 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 0.02
.rsrc 0x00020000 0x00002160 0x00002200 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 4.76

Imports

Library kernel32.dll:
0x401000 HeapCreate
0x401004 FindAtomA
0x401008 GetBinaryTypeA
0x40100c TlsGetValue
0x401010 LoadLibraryW
0x401014 CopyFileA
0x40101c GetProfileStringA
0x401020 CreateFileMappingA
0x40102c LoadLibraryA
0x401030 lstrlenA
0x401034 RemoveDirectoryW
0x401038 GetTempPathW
0x40103c EncodePointer
0x401040 CreateNamedPipeW
0x401044 GetProcAddress
0x401048 WaitForSingleObject
0x40104c SetConsoleTitleW
0x401050 CloseHandle
Library user32.dll:
0x401058 PostMessageW
0x40105c PeekMessageA
0x401060 IsCharAlphaA
0x401064 LoadIconW
0x401068 GetMonitorInfoA
0x40106c DialogBoxParamA
0x401070 CreateDesktopW
0x401074 GetCaretPos
0x401078 DrawStateW
0x40107c InsertMenuA
0x401080 CharToOemA
0x401084 LoadCursorW
0x401088 LoadBitmapA
Library dbnmpntw.dll:
0x401090 ConnectionRead
0x401094 ConnectionWrite
0x401098 ConnectionVer
0x40109c ConnectionClose
0x4010a0 ConnectionError

.text
.data
.rsrc
kipla.pdb
Tf2'gI
0<66x
SetCurrentDirectoryW
LoadLibraryW
LoadLibraryA
RemoveDirectoryW
CloseHandle
GetCurrentDirectoryA
lstrlenA
WaitForSingleObject
SetConsoleTitleW
CopyFileA
GetBinaryTypeA
GetProfileStringA
WaitForMultipleObjects
GetProcAddress
FindAtomA
CreateFileMappingA
HeapCreate
GetTempPathW
CreateNamedPipeW
EncodePointer
TlsGetValue
kernel32.dll
LoadIconW
LoadBitmapA
GetMonitorInfoA
LoadCursorW
PeekMessageA
GetCaretPos
IsCharAlphaA
DrawStateW
InsertMenuA
CreateDesktopW
CharToOemA
PostMessageW
DialogBoxParamA
user32.dll
ConnectionRead
ConnectionError
ConnectionWrite
ConnectionClose
ConnectionVer
dbnmpntw.dll
cy1dfrdsqagr
cxwwProcessMemory
kernel32.dll
feadLibraryExW
VirtualAlloc
cxrrfilt.dll
This file is not on VirusTotal.

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

No UDP connections recorded.

DNS

No domains contacted.

HTTP Requests

No HTTP requests performed.

SMTP traffic

No SMTP traffic performed.

IRC traffic

No IRC requests performed.

ICMP traffic

No ICMP traffic performed.

CIF Results

No CIF Results

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Suricata HTTP

No Suricata HTTP

Sorry! No dropped Suricata Extracted files.

JA3

No JA3 hashes found.

Sorry! No dropped files.
Sorry! No CAPE files.
Sorry! No process dumps.

Comments



No comments posted

Processing ( 0.351 seconds )

  • 0.14 CAPE
  • 0.099 Static
  • 0.099 TargetInfo
  • 0.007 Strings
  • 0.005 AnalysisInfo
  • 0.001 Debug

Signatures ( 0.044 seconds )

  • 0.008 ransomware_files
  • 0.007 antiav_detectreg
  • 0.003 antiav_detectfile
  • 0.003 infostealer_ftp
  • 0.003 ransomware_extensions
  • 0.002 persistence_autorun
  • 0.002 browser_security
  • 0.002 infostealer_bitcoin
  • 0.002 infostealer_im
  • 0.001 tinba_behavior
  • 0.001 rat_nanocore
  • 0.001 cerber_behavior
  • 0.001 persistence_autorun_tasks
  • 0.001 antianalysis_detectfile
  • 0.001 antianalysis_detectreg
  • 0.001 antivm_vbox_files
  • 0.001 antivm_vbox_keys
  • 0.001 geodo_banking_trojan
  • 0.001 disables_browser_warn
  • 0.001 infostealer_mail
  • 0.001 ie_martian_children

Reporting ( 0.0 seconds )

Task ID 103899
Mongo ID 5db7919f8bdf6f9aa82550f0
Cuckoo release 1.3-CAPE
Delete