Analysis

Category Package Started Completed Duration Options Log
FILE exe 2018-12-04 17:34:04 2018-12-04 17:37:45 221 seconds Show Options Show Log
route = internet
procdump = 1
2018-12-04 17:34:05,015 [root] INFO: Date set to: 12-04-18, time set to: 17:34:05
2018-12-04 17:34:05,078 [root] DEBUG: Starting analyzer from: C:\hscyq
2018-12-04 17:34:05,078 [root] DEBUG: Storing results at: C:\TDlueJ
2018-12-04 17:34:05,078 [root] DEBUG: Pipe server name: \\.\PIPE\CzVEHS
2018-12-04 17:34:05,078 [root] DEBUG: No analysis package specified, trying to detect it automagically.
2018-12-04 17:34:05,078 [root] INFO: Automatically selected analysis package "exe"
2018-12-04 17:34:06,418 [root] DEBUG: Started auxiliary module Browser
2018-12-04 17:34:06,418 [root] DEBUG: Started auxiliary module Curtain
2018-12-04 17:34:06,418 [modules.auxiliary.digisig] INFO: Skipping authenticode validation, signtool.exe was not found in bin/
2018-12-04 17:34:06,418 [root] DEBUG: Started auxiliary module DigiSig
2018-12-04 17:34:06,418 [root] DEBUG: Started auxiliary module Disguise
2018-12-04 17:34:06,418 [root] DEBUG: Started auxiliary module Human
2018-12-04 17:34:06,434 [root] DEBUG: Started auxiliary module Screenshots
2018-12-04 17:34:06,434 [root] DEBUG: Started auxiliary module Sysmon
2018-12-04 17:34:06,434 [root] DEBUG: Started auxiliary module Usage
2018-12-04 17:34:06,434 [root] INFO: Analyzer: Package modules.packages.exe does not specify a DLL option
2018-12-04 17:34:06,434 [root] INFO: Analyzer: Package modules.packages.exe does not specify a DLL_64 option
2018-12-04 17:34:07,214 [lib.api.process] INFO: Successfully executed process from path "C:\Users\user\AppData\Local\Temp\1907751.exe" with arguments "" with pid 1496
2018-12-04 17:34:07,214 [lib.api.process] DEBUG: Using QueueUserAPC injection.
2018-12-04 17:34:07,214 [lib.api.process] INFO: 32-bit DLL to inject is C:\hscyq\dll\BfjEZl.dll, loader C:\hscyq\bin\BKpxDxD.exe
2018-12-04 17:34:07,292 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 1496
2018-12-04 17:34:09,305 [lib.api.process] INFO: Successfully resumed process with pid 1496
2018-12-04 17:34:09,305 [root] INFO: Added new process to list with pid: 1496
2018-12-04 17:34:09,382 [root] DEBUG: Terminate processes on terminate_event disabled.
2018-12-04 17:34:09,382 [root] DEBUG: Process dumps enabled.
2018-12-04 17:34:09,476 [root] DEBUG: CAPE initialised: 32-bit base package loaded in process 1496 at 0x747a0000, image base 0x400000, stack from 0x186000-0x190000
2018-12-04 17:34:09,476 [root] DEBUG: Commandline: C:\Users\user\AppData\Local\Temp\"C:\Users\user\AppData\Local\Temp\1907751.exe".
2018-12-04 17:34:09,476 [root] INFO: Monitor successfully loaded in process with pid 1496.
2018-12-04 17:37:31,341 [root] INFO: Analysis timeout hit, terminating analysis.
2018-12-04 17:37:31,341 [root] INFO: Created shutdown mutex.
2018-12-04 17:37:32,167 [root] DEBUG: DLL loaded at 0x752D0000: C:\Windows\syswow64\WS2_32 (0x35000 bytes).
2018-12-04 17:37:32,167 [root] DEBUG: DLL loaded at 0x75850000: C:\Windows\syswow64\NSI (0x6000 bytes).
2018-12-04 17:37:32,308 [root] DEBUG: DLL loaded at 0x75370000: C:\Windows\syswow64\WININET (0xf5000 bytes).
2018-12-04 17:37:32,323 [root] DEBUG: DLL loaded at 0x75530000: C:\Windows\syswow64\urlmon (0x136000 bytes).
2018-12-04 17:37:32,323 [root] DEBUG: DLL loaded at 0x76EA0000: C:\Windows\syswow64\OLEAUT32 (0x8f000 bytes).
2018-12-04 17:37:32,323 [root] DEBUG: DLL loaded at 0x76790000: C:\Windows\syswow64\CRYPT32 (0x11d000 bytes).
2018-12-04 17:37:32,323 [root] DEBUG: DLL loaded at 0x768B0000: C:\Windows\syswow64\MSASN1 (0xc000 bytes).
2018-12-04 17:37:32,323 [root] DEBUG: DLL loaded at 0x76BD0000: C:\Windows\syswow64\iertutil (0x1fb000 bytes).
2018-12-04 17:37:32,338 [root] DEBUG: DLL loaded at 0x74D80000: C:\Windows\system32\IPHLPAPI (0x1c000 bytes).
2018-12-04 17:37:32,338 [root] DEBUG: DLL loaded at 0x74D70000: C:\Windows\system32\WINNSI (0x7000 bytes).
2018-12-04 17:37:32,355 [root] INFO: Setting terminate event for process 1496.
2018-12-04 17:37:32,355 [root] DEBUG: Terminate Event: Attempting to dump process 1496
2018-12-04 17:37:32,355 [root] DEBUG: DumpInterestingRegions: Dumping Imagebase at 0x00400000.
2018-12-04 17:37:32,355 [root] DEBUG: DLL loaded at 0x74DB0000: C:\Windows\system32\DNSAPI (0x44000 bytes).
2018-12-04 17:37:32,869 [root] INFO: Shutting down package.
2018-12-04 17:37:32,869 [root] INFO: Stopping auxiliary modules.
2018-12-04 17:37:32,869 [root] INFO: Finishing auxiliary modules.
2018-12-04 17:37:32,869 [root] INFO: Shutting down pipe server and dumping dropped files.
2018-12-04 17:37:32,869 [root] INFO: Analysis completed.

MalScore

1.0

Benign

Machine

Name Label Manager Started On Shutdown On
target-02 target-02 ESX 2018-12-04 17:34:05 2018-12-04 17:37:43

File Details

File Name 1907751.exe
File Size 2163976 bytes
File Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 34db1a64f6af9b1ff7fd6db792441f05
SHA1 0828b6d2023aa3c413d9d5f329fb1fba78570dff
SHA256 86ca2f22dd4c99b57bb9d272cd5dd91978e15853efa0c05ede8c80694a8d27a6
SHA512 a222493aee521b84aa367b22a1ba0ac89a4884b6b73d688f51dc0073c7b009406c855453b63f6e51364315bd467e2f8891d3030dc2288e1c35a22b3b87fb0f81
CRC32 EBF6DDCF
Ssdeep 49152:Jz1VUFWzCJegYMfKfiVZ88kXetY0k+SvNOk:7OLJXfmirqMMvNOk
TrID
  • 41.0% (.EXE) Win32 Executable MS Visual C++ (generic) (31206/45/13)
  • 36.3% (.EXE) Win64 Executable (generic) (27625/18/4)
  • 8.6% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
  • 5.9% (.EXE) Win32 Executable (generic) (4508/7/1)
  • 2.6% (.EXE) OS/2 Executable (generic) (2029/13)
ClamAV None matched
Yara None matched
CAPE Yara None matched
Download Download ZIP Resubmit sample

Signatures

The binary likely contains encrypted or compressed data.
section: name: .text, entropy: 7.01, characteristics: IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ, raw_size: 0x00209a00, virtual_size: 0x0020983e

Screenshots


Hosts

No hosts contacted.

DNS

No domains contacted.


Summary

Binary Entropy

PE Information

Image Base 0x00400000
Entry Point 0x006047d3
Reported Checksum 0x0021184c
Actual Checksum 0x0021184c
Minimum OS Version 5.0
Compile Time 2018-12-03 11:22:03
Import Hash e0e00bc9e2f41bcad3614f83ab1240e9

Sections

Name Virtual Address Virtual Size Size of Raw Data Characteristics Entropy
.text 0x00001000 0x0020983e 0x00209a00 IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ 7.01
.rdata 0x0020b000 0x00004316 0x00004400 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 5.80
.data 0x00210000 0x000019dc 0x00000e00 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 2.66
.rsrc 0x00212000 0x00000658 0x00000800 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 4.09

Overlay

Offset 0x0020f800
Size 0x00000d08

Imports

Library KERNEL32.dll:
0x60b120 GetThreadLocale
0x60b124 GetTickCount
0x60b130 GetVersionExA
0x60b134 GetVersionExW
0x60b138 GlobalAlloc
0x60b13c GlobalFree
0x60b140 GlobalLock
0x60b144 GlobalUnlock
0x60b148 HeapAlloc
0x60b14c HeapCreate
0x60b150 HeapDestroy
0x60b154 HeapFree
0x60b158 HeapReAlloc
0x60b15c HeapSize
0x60b16c InterlockedExchange
0x60b174 IsBadCodePtr
0x60b178 IsBadReadPtr
0x60b17c IsBadStringPtrA
0x60b180 IsDebuggerPresent
0x60b188 IsValidCodePage
0x60b18c LCMapStringA
0x60b190 LCMapStringW
0x60b198 LoadLibraryA
0x60b19c LoadLibraryExW
0x60b1a0 LoadLibraryW
0x60b1a4 LoadResource
0x60b1a8 LocalAlloc
0x60b1b0 LocalFree
0x60b1b4 LockResource
0x60b1b8 MulDiv
0x60b1bc MultiByteToWideChar
0x60b1c0 OpenJobObjectA
0x60b1c4 OutputDebugStringW
0x60b1d0 RaiseException
0x60b1d4 ReadFile
0x60b1dc RtlUnwind
0x60b1e4 SetEvent
0x60b1e8 SetFileAttributesA
0x60b1ec SetFilePointer
0x60b1f0 SetFileTime
0x60b1f4 SetHandleCount
0x60b1f8 SetLastError
0x60b1fc SetStdHandle
0x60b204 SizeofResource
0x60b208 Sleep
0x60b210 TerminateProcess
0x60b214 TlsAlloc
0x60b218 TlsFree
0x60b21c TlsGetValue
0x60b220 TlsSetValue
0x60b228 VirtualFree
0x60b22c VirtualProtect
0x60b230 VirtualQuery
0x60b234 WaitForSingleObject
0x60b238 WideCharToMultiByte
0x60b23c WriteConsoleA
0x60b240 WriteConsoleW
0x60b244 WriteFile
0x60b24c WriteProcessMemory
0x60b250 lstrcmpA
0x60b254 lstrcmpW
0x60b258 lstrcmpiW
0x60b25c lstrcpyA
0x60b260 lstrlenA
0x60b264 lstrlenW
0x60b26c GetSystemInfo
0x60b274 GetStringTypeW
0x60b278 GetStringTypeExW
0x60b27c GetStringTypeA
0x60b280 GetStdHandle
0x60b284 GetStartupInfoW
0x60b288 GetStartupInfoA
0x60b28c GetProcessHeap
0x60b290 GetProcAddress
0x60b2a8 GetOEMCP
0x60b2ac GetModuleHandleW
0x60b2b0 GetModuleFileNameW
0x60b2b4 GetModuleFileNameA
0x60b2b8 GetLocaleInfoA
0x60b2bc GetLastError
0x60b2c0 GetFullPathNameW
0x60b2c4 GetFileType
0x60b2c8 GetFileTime
0x60b2cc GetFileSize
0x60b2d8 GetCurrentThreadId
0x60b2dc GetCurrentProcessId
0x60b2e0 GetCurrentProcess
0x60b2e4 GetConsoleOutputCP
0x60b2e8 GetConsoleMode
0x60b2ec GetConsoleCP
0x60b2f0 GetCommandLineW
0x60b2f4 GetCommandLineA
0x60b2f8 GetCPInfo
0x60b2fc GetACP
0x60b300 FreeResource
0x60b304 FreeLibrary
0x60b314 FlushFileBuffers
0x60b318 FindResourceW
0x60b31c FindResourceExW
0x60b320 FindNextFileW
0x60b324 FindFirstFileW
0x60b328 FindFirstFileA
0x60b32c FindClose
0x60b338 FatalAppExitW
0x60b340 ExitThread
0x60b344 ExitProcess
0x60b34c DeleteFileW
0x60b354 CreateThread
0x60b358 CreateProcessA
0x60b35c CreateFileW
0x60b360 CreateFileA
0x60b364 CreateEventW
0x60b368 CreateDirectoryW
0x60b36c CreateDirectoryA
0x60b370 CompareStringW
0x60b374 CompareStringA
0x60b378 CloseHandle
0x60b37c GetModuleHandleA
0x60b380 SetErrorMode
0x60b384 ReadProcessMemory
0x60b388 VirtualAlloc
Library USER32.dll:
0x60b3f8 LoadStringW
0x60b3fc LockWindowUpdate
0x60b400 LockWorkStation
0x60b404 MapWindowPoints
0x60b408 MessageBoxA
0x60b40c MessageBoxIndirectA
0x60b410 MessageBoxW
0x60b41c NotifyWinEvent
0x60b420 OffsetRect
0x60b424 PeekMessageW
0x60b428 PostMessageA
0x60b42c PostMessageW
0x60b430 PostThreadMessageA
0x60b434 PostThreadMessageW
0x60b438 RedrawWindow
0x60b43c RegisterClassW
0x60b448 ReleaseCapture
0x60b44c ReleaseDC
0x60b450 RemovePropA
0x60b454 ScrollDC
0x60b458 ScrollWindow
0x60b45c SendMessageA
0x60b464 SendMessageTimeoutA
0x60b468 SendMessageTimeoutW
0x60b46c SendMessageW
0x60b470 SendNotifyMessageW
0x60b474 SetCapture
0x60b478 SetClassLongW
0x60b47c SetCursor
0x60b480 SetCursorPos
0x60b484 SetFocus
0x60b488 SetForegroundWindow
0x60b48c SetParent
0x60b490 SetPropA
0x60b494 SetScrollInfo
0x60b498 SetTimer
0x60b4a0 SetWindowLongW
0x60b4a4 SetWindowPlacement
0x60b4a8 SetWindowPos
0x60b4ac SetWindowRgn
0x60b4b0 ShowOwnedPopups
0x60b4b4 ShowScrollBar
0x60b4b8 ShowWindow
0x60b4bc SubtractRect
0x60b4c4 ToAscii
0x60b4c8 TranslateMessage
0x60b4cc UnregisterClassW
0x60b4d0 UpdateWindow
0x60b4d4 ValidateRect
0x60b4d8 WaitForInputIdle
0x60b4dc WindowFromPoint
0x60b4e0 wsprintfA
0x60b4e4 wsprintfW
0x60b4e8 GetPropA
0x60b4ec GetMessageW
0x60b4f0 GetMenu
0x60b4f4 GetKeyboardState
0x60b4f8 LoadImageW
0x60b4fc GetForegroundWindow
0x60b500 GetDCEx
0x60b504 GetDC
0x60b508 GetCursorPos
0x60b510 GetClientRect
0x60b514 GetClassNameA
0x60b518 GetClassLongW
0x60b51c GetClassInfoW
0x60b520 GetCapture
0x60b524 FrameRect
0x60b528 FindWindowW
0x60b52c FindWindowExW
0x60b530 FindWindowExA
0x60b534 FillRect
0x60b538 EnumThreadWindows
0x60b53c EndPaint
0x60b540 EndDeferWindowPos
0x60b544 EnableWindow
0x60b548 EnableMenuItem
0x60b54c DrawTextW
0x60b550 DrawFrameControl
0x60b554 DrawFocusRect
0x60b558 DrawEdge
0x60b55c DispatchMessageW
0x60b560 DialogBoxParamW
0x60b564 DestroyWindow
0x60b568 DestroyIcon
0x60b56c DestroyCaret
0x60b570 DeferWindowPos
0x60b574 DefWindowProcW
0x60b578 CreateWindowExW
0x60b584 CopyImage
0x60b58c CharUpperW
0x60b590 CharUpperBuffW
0x60b594 CharToOemW
0x60b598 CharLowerW
0x60b59c BringWindowToTop
0x60b5a0 BeginPaint
0x60b5a4 BeginDeferWindowPos
0x60b5a8 AttachThreadInput
0x60b5b0 AnimateWindow
0x60b5b4 AdjustWindowRectEx
0x60b5b8 LoadIconA
0x60b5bc IsGUIThread
0x60b5c0 IsMenu
0x60b5c8 GetDlgCtrlID
0x60b5cc IsCharAlphaNumericW
0x60b5d0 GetAsyncKeyState
0x60b5d4 GetDesktopWindow
0x60b5d8 IsWindowEnabled
0x60b5dc DrawMenuBar
0x60b5e4 CopyIcon
0x60b5e8 CreatePopupMenu
0x60b5ec GetMessageTime
0x60b5f0 GetActiveWindow
0x60b5f4 GetParent
0x60b5f8 GetSystemMetrics
0x60b5fc CharNextA
0x60b600 LoadIconW
0x60b604 LoadCursorW
0x60b608 LoadBitmapW
0x60b60c KillTimer
0x60b610 IsZoomed
0x60b614 IsWindowVisible
0x60b618 IsWindowUnicode
0x60b61c IsWindow
0x60b620 IsIconic
0x60b624 InvalidateRect
0x60b628 InsertMenuW
0x60b62c InflateRect
0x60b630 IMPQueryIMEA
0x60b638 GetWindowRect
0x60b63c GetWindowPlacement
0x60b640 GetWindowLongW
0x60b644 GetWindowDC
0x60b648 GetWindow
0x60b650 GetUpdateRect
0x60b654 GetThreadDesktop
0x60b658 GetSystemMenu
0x60b65c GetScrollPos
0x60b660 GetKeyState
0x60b664 GetScrollInfo
0x60b668 LoadCursorFromFileW
0x60b66c GetMenuItemCount
0x60b670 GetTopWindow
0x60b674 GetDialogBaseUnits
0x60b678 InSendMessage
0x60b67c GetKBCodePage
0x60b680 GetMessagePos
0x60b684 GetKeyboardLayout
0x60b688 ShowCaret
0x60b68c CharLowerA
0x60b690 GetClipboardViewer
0x60b694 EnumWindows
Library GDI32.dll:
0x60b030 AddFontResourceA
0x60b034 CopyMetaFileW
0x60b03c CreateSolidBrush
0x60b040 DeleteDC
0x60b044 EngDeleteSurface
0x60b048 EngGetDriverName
0x60b04c EngStretchBltROP
0x60b050 EnumFontFamiliesA
0x60b054 EnumMetaFile
0x60b058 ExtFloodFill
0x60b05c GdiCleanCacheDC
0x60b064 GdiEntry10
0x60b068 GdiEntry12
0x60b06c GdiEntry2
0x60b070 GdiGetPageCount
0x60b074 GdiPlayDCScript
0x60b078 GdiQueryFonts
0x60b07c GdiTransparentBlt
0x60b080 GdiValidateHandle
0x60b084 GetBitmapBits
0x60b088 GetBoundsRect
0x60b08c GetObjectType
0x60b090 GetCharWidthFloatA
0x60b098 GetDCOrgEx
0x60b0a4 GetFontAssocStatus
0x60b0a8 GetMetaFileA
0x60b0bc GetViewportOrgEx
0x60b0c0 GetWindowExtEx
0x60b0c4 OffsetRgn
0x60b0cc PatBlt
0x60b0d0 PlgBlt
0x60b0d4 SetBoundsRect
0x60b0d8 SetDCBrushColor
0x60b0dc SetMetaFileBitsEx
0x60b0e0 StrokeAndFillPath
0x60b0e4 bMakePathNameW
0x60b0e8 EndPage
0x60b0ec AbortDoc
0x60b0f0 AddFontResourceW
0x60b0f4 GetTextAlign
0x60b0f8 FlattenPath
0x60b0fc FillPath
0x60b100 EndPath
0x60b104 WidenPath
0x60b108 DeleteColorSpace
0x60b10c RealizePalette
0x60b110 GetCharABCWidthsW
0x60b114 GetColorSpace
Library COMDLG32.dll:
0x60b024 GetOpenFileNameA
0x60b028 GetOpenFileNameW
Library ADVAPI32.dll:
0x60b000 RegSetValueExA
0x60b004 RegOpenKeyExA
0x60b008 RegCreateKeyExA
0x60b00c RegCloseKey
0x60b010 RegQueryValueExA
0x60b014 RegOpenKeyExW
Library SHELL32.dll:
0x60b390 SHGetDesktopFolder
0x60b394 Shell_NotifyIconW
0x60b398 Shell_NotifyIconA
0x60b39c ShellExecuteExW
0x60b3a0 CommandLineToArgvW
0x60b3a8 FindExecutableA
0x60b3ac FindExecutableW
0x60b3b4 SHEmptyRecycleBinW
0x60b3bc WOWShellExecute
0x60b3d0 SHGetMalloc
0x60b3dc SHQueryRecycleBinA
Library SHLWAPI.dll:
0x60b3e4 StrChrW
0x60b3e8 StrCmpNW
0x60b3ec PathFileExistsW
0x60b3f0 StrRChrA
Library COMCTL32.dll:

.text
`.rdata
@.data
.rsrc
0220v441c
qtuglPritecz
SnmaVVieQOfF_le
GetSodu*eHa dleG
Wr/teF/le
G{1z,
\i"4n:
x"8.9
H7Oh`pQ
-HpXk
CDpho
?iWh
`Fl\9O
8lW!N
`@hI
U;5{`V
KhV)R
Jh'3N
xGhw*F
RhS(F
LhlIX
Qhk<E
Ph;<E
Oh/EE
QhkAE
Ohg:E
Oh';E
Qh+WE
8u~0n
QhWHF
iZoR}EKPj
QOhG8F
RhwrF
Ehw0F
PhCOF
",EhG_C
Ohc`C
Dh!wC
Dh7YC
DhwaC
DhSdC
Qh;dC
Rh#eC
}(xqq
DA{EKI
PhOrI
QhWtI
|EcTZ
"yE'N\
AhK6F
Ph[6F
bl]Z_
{M[}*
'\{UW
{Eg}(
2 DsZ
uUK9}H;
"piMW)
c\gEkj
iEwunp^
jpm}kq
? O]6
A(_Y6
fMk}%
gUg+~Tn
GUC+J
Vt*X$
s6`:D
S$sNI
t_}\$;
a>[06/
v%X`9$
_0-j/'
H6e>.
2$WRN
52P7<W
.PGb^
I#D E(
%\ E)
c$g@C)
Uh+v2
Zh{u2
fNs(Y$k..
pwv$$wv
m<$?J
D7j_l
mDC!J
jN7r)
i6,$?2)
27P._
thu&X
:Tid9n
SjM?=g
kDC"j
J'$+H
?ld<o
X$G*&
Pi|Sri
&$3/b
j2h{-:
P B&
,$sSJ
Zhg|8
dX_J{
6h+y8
S1,bM
WH(@D
[hs"9
-ie*,
lDCbJ
7X*[$
kK$KLj
D$P(n
3JC$3NH
6K$s1
2;$[4D
_rD$wW
@~ fp
Tm;J%
C$?Qg
loD$/,g
3 8p!
t#zC/
$@$p$
# od2
8$oRft
orD$oOb
$4$+9b
3$wVe
k7$GL
~Hsf$'qG
nns>$;rC
XhxxZ
w!Yoj\
%Y_kR
jrhm.v
X(}\sM
(hOm,
,$cLb
%P7!2
%j/~W
[FWw}V
D5#VG3
j@RAT
Ka2b5
g9s9]0p/
$Ns -
1$N3[,
Nx<@T^
^7 BW
m S(-
c?;\=BX
_8 B<
&_o#,in
,0A!T'#
@>- A!TV-
8ZU:A/
@Nb@&
o@; {d4
Xp3n|U>
eDp#F1
0I/ 2
O3qs>!
b~r_bvngtveA
^FixgA
n_i)mA
Btv^`
1Ze6b/
8-4?;
oYtvhC
';3m_
l]ejd1
r5-W6
t5-V/
b^d'kCt(r)
~_3o"-D
O Ai<1t~
Q5q3B#
h6 Xm5n|T< N'
hK>E}E!
sR$AsP#
L4hI_
l4GNr; Dn+A
:EG&N
9)e+`
')bIc
s.~Ls
m3o[y2aky2ax^2nN'b
KftI^
G)bI]
G)b+[
:0exjd
_,tN;
fc-TU7
u*vM6
bcp8Gb
j,f('c
ATvBC
BTVBC
+crU
^FtU %s%
o'c$W7
-r$W7
lgcdU
XanI\
mayYc
Sn>ABnA
@Q_H<o
fi+'/
_?l(ua
aV~T1e^
O ? ? O /
3Se*f^,a"O4`n
7c<n8
.g1j+*5;.
01<~/
7|??7
,|3{-
.40w,|0O,
YQPVh
SVWUj
CorExitProcess
runtime error
Microsoft Visual C++ Runtime Library
<program name unknown>
Program:
EncodePointer
DecodePointer
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
GetProcessWindowStation
GetUserObjectInformationA
GetLastActivePopup
GetActiveWindow
MessageBoxA
USER32.DLL
HH:mm:ss
dddd, MMMM dd, yyyy
MM/dd/yy
December
November
October
September
August
April
March
February
January
Saturday
Friday
Thursday
Wednesday
Tuesday
Monday
Sunday
SunMonTueWedThuFriSat
JanFebMarAprMayJunJulAugSepOctNovDec
VirtualAlloc
SetErrorMode
GetModuleHandleA
CloseHandle
CompareStringA
CompareStringW
CreateDirectoryA
CreateDirectoryW
CreateEventW
CreateFileA
CreateFileW
CreateProcessA
CreateThread
DeleteCriticalSection
DeleteFileW
EnterCriticalSection
ExitProcess
ExitThread
ExpandEnvironmentStringsW
FatalAppExitW
FileTimeToLocalFileTime
FileTimeToSystemTime
FindClose
FindFirstFileA
FindFirstFileW
FindNextFileW
FindResourceExW
FindResourceW
FlushFileBuffers
FlushInstructionCache
FreeEnvironmentStringsA
FreeEnvironmentStringsW
FreeLibrary
FreeResource
GetACP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetConsoleCP
GetConsoleMode
GetConsoleOutputCP
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetEnvironmentStrings
GetEnvironmentStringsW
GetFileSize
GetFileTime
GetFileType
GetFullPathNameW
GetLastError
GetLocaleInfoA
GetModuleFileNameA
GetModuleFileNameW
GetModuleHandleW
GetOEMCP
GetPrivateProfileIntW
GetPrivateProfileSectionA
GetPrivateProfileSectionNamesW
GetPrivateProfileStringA
GetPrivateProfileStringW
GetProcAddress
GetProcessHeap
GetStartupInfoA
GetStartupInfoW
GetStdHandle
GetStringTypeA
GetStringTypeExW
GetStringTypeW
GetSystemDefaultUILanguage
GetSystemInfo
GetSystemTimeAsFileTime
GetThreadLocale
GetTickCount
GetTimeZoneInformation
GetUserDefaultLangID
GetVersionExA
GetVersionExW
GlobalAlloc
GlobalFree
GlobalLock
GlobalUnlock
HeapAlloc
HeapCreate
HeapDestroy
HeapFree
HeapReAlloc
HeapSize
InitializeCriticalSection
InterlockedCompareExchange
InterlockedDecrement
InterlockedExchange
InterlockedIncrement
IsBadCodePtr
IsBadReadPtr
IsBadStringPtrA
IsDebuggerPresent
IsProcessorFeaturePresent
IsValidCodePage
LCMapStringA
LCMapStringW
LeaveCriticalSection
LoadLibraryA
LoadLibraryExW
LoadLibraryW
LoadResource
LocalAlloc
LocalFileTimeToFileTime
LocalFree
LockResource
MulDiv
MultiByteToWideChar
OpenJobObjectA
OutputDebugStringW
PostQueuedCompletionStatus
QueryPerformanceCounter
RaiseException
ReadFile
ReadProcessMemory
RtlUnwind
SetEnvironmentVariableA
SetEvent
SetFileAttributesA
SetFilePointer
SetFileTime
SetHandleCount
SetLastError
SetStdHandle
SetUnhandledExceptionFilter
SizeofResource
Sleep
SystemTimeToFileTime
TerminateProcess
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
UnhandledExceptionFilter
VirtualFree
VirtualProtect
VirtualQuery
WaitForSingleObject
WideCharToMultiByte
WriteConsoleA
WriteConsoleW
WriteFile
WritePrivateProfileStringW
WriteProcessMemory
lstrcmpA
lstrcmpW
lstrcmpiW
lstrcpyA
lstrlenA
lstrlenW
KERNEL32.dll
GetClipboardViewer
CharLowerA
ShowCaret
GetKeyboardLayout
GetMessagePos
GetKBCodePage
InSendMessage
GetDialogBaseUnits
GetTopWindow
GetMenuItemCount
LoadCursorFromFileW
CharNextA
GetSystemMetrics
GetParent
GetActiveWindow
GetMessageTime
CreatePopupMenu
CopyIcon
GetOpenClipboardWindow
DrawMenuBar
IsWindowEnabled
GetDesktopWindow
GetAsyncKeyState
IsCharAlphaNumericW
GetDlgCtrlID
GetMenuCheckMarkDimensions
IsMenu
IsGUIThread
LoadIconA
AdjustWindowRectEx
AnimateWindow
ArrangeIconicWindows
AttachThreadInput
BeginDeferWindowPos
BeginPaint
BringWindowToTop
CharLowerW
CharToOemW
CharUpperBuffW
CharUpperW
ChildWindowFromPointEx
CopyImage
CountClipboardFormats
CreateIconFromResource
CreateWindowExW
DefWindowProcW
DeferWindowPos
DestroyCaret
DestroyIcon
DestroyWindow
DialogBoxParamW
DispatchMessageW
DrawEdge
DrawFocusRect
DrawFrameControl
DrawTextW
EnableMenuItem
EnableWindow
EndDeferWindowPos
EndPaint
EnumThreadWindows
EnumWindows
FillRect
FindWindowExA
FindWindowExW
FindWindowW
FrameRect
GetCapture
GetClassInfoW
GetClassLongW
GetClassNameA
GetClientRect
GetClipboardFormatNameW
GetCursorPos
GetDC
GetDCEx
GetForegroundWindow
GetKeyState
GetKeyboardState
GetMenu
GetMessageW
GetPropA
GetScrollInfo
GetScrollPos
GetSystemMenu
GetThreadDesktop
GetUpdateRect
GetUserObjectInformationW
GetWindow
GetWindowDC
GetWindowLongW
GetWindowPlacement
GetWindowRect
GetWindowThreadProcessId
IMPQueryIMEA
InflateRect
InsertMenuW
InvalidateRect
IsIconic
IsWindow
IsWindowUnicode
IsWindowVisible
IsZoomed
KillTimer
LoadBitmapW
LoadCursorW
LoadIconW
LoadImageW
LoadStringW
LockWindowUpdate
LockWorkStation
MapWindowPoints
MessageBoxA
MessageBoxIndirectA
MessageBoxW
MsgWaitForMultipleObjects
MsgWaitForMultipleObjectsEx
NotifyWinEvent
OffsetRect
PeekMessageW
PostMessageA
PostMessageW
PostThreadMessageA
PostThreadMessageW
RedrawWindow
RegisterClassW
RegisterClipboardFormatW
RegisterWindowMessageW
ReleaseCapture
ReleaseDC
RemovePropA
ScrollDC
ScrollWindow
SendMessageA
SendMessageCallbackA
SendMessageTimeoutA
SendMessageTimeoutW
SendMessageW
SendNotifyMessageW
SetCapture
SetClassLongW
SetCursor
SetCursorPos
SetFocus
SetForegroundWindow
SetParent
SetPropA
SetScrollInfo
SetTimer
SetUserObjectInformationA
SetWindowLongW
SetWindowPlacement
SetWindowPos
SetWindowRgn
ShowOwnedPopups
ShowScrollBar
ShowWindow
SubtractRect
SystemParametersInfoW
ToAscii
TranslateMessage
UnregisterClassW
UpdateWindow
ValidateRect
WaitForInputIdle
WindowFromPoint
wsprintfA
wsprintfW
USER32.dll
GetColorSpace
CreateHalftonePalette
RealizePalette
DeleteColorSpace
WidenPath
EndPath
FillPath
FlattenPath
GetTextAlign
AbortDoc
AddFontResourceW
EndPage
GetObjectType
AddFontResourceA
CopyMetaFileW
CreateFontIndirectExA
CreateSolidBrush
DeleteDC
EngDeleteSurface
EngGetDriverName
EngStretchBltROP
EnumFontFamiliesA
EnumMetaFile
ExtFloodFill
GdiCleanCacheDC
GdiCreateLocalEnhMetaFile
GdiEntry10
GdiEntry12
GdiEntry2
GdiGetPageCount
GdiPlayDCScript
GdiQueryFonts
GdiTransparentBlt
GdiValidateHandle
GetBitmapBits
GetBoundsRect
GetCharABCWidthsW
GetCharWidthFloatA
GetCharacterPlacementW
GetDCOrgEx
GetEnhMetaFileDescriptionA
GetEnhMetaFileHeader
GetFontAssocStatus
GetMetaFileA
GetNearestPaletteIndex
GetTextCharacterExtra
GetTextExtentExPointA
GetTextExtentExPointW
GetViewportOrgEx
GetWindowExtEx
OffsetRgn
PATHOBJ_bEnumClipLines
PatBlt
PlgBlt
SetBoundsRect
SetDCBrushColor
SetMetaFileBitsEx
StrokeAndFillPath
bMakePathNameW
GDI32.dll
GetOpenFileNameA
GetOpenFileNameW
COMDLG32.dll
RegOpenKeyExW
RegQueryValueExA
RegCloseKey
RegCreateKeyExA
RegOpenKeyExA
RegSetValueExA
ADVAPI32.dll
WOWShellExecute
Shell_NotifyIconW
Shell_NotifyIconA
ShellExecuteExW
SHQueryRecycleBinA
SHGetSpecialFolderLocation
SHGetPathFromIDListA
SHGetMalloc
SHGetInstanceExplorer
SHGetIconOverlayIndexW
SHGetDiskFreeSpaceExW
SHGetDiskFreeSpaceExA
SHGetDesktopFolder
SHGetDataFromIDListW
SHEmptyRecycleBinW
SHCreateProcessAsUserW
FindExecutableW
FindExecutableA
ExtractAssociatedIconExA
CommandLineToArgvW
SHELL32.dll
PathFileExistsW
StrChrW
StrCmpNW
StrRChrA
SHLWAPI.dll
InitCommonControlsEx
COMCTL32.dll
InitializeCriticalSectionAndSpinCount
gpITgWOsiF
orFiNKWiex
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
</assembly>
mscoree.dll
KERNEL32.DLL
333333333333333333333333333333333333333333333333333333333333333333333333333333333333333
@kSYaBKieWB
NWXTSoIrze
VS_VERSION_INFO
StringFileInfo
040904B0
CompanyName
Sonic Solutions
FileDescription
PX ikstall Application
FileVersion
1.00.61.0
InternalName
PxCpyI64.EXE
LegalCopyright
Sonic Solutions
OriginalFilename
PxCpyI64.EXE
VarFileInfo
Translation
This file is not on VirusTotal.

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

No UDP connections recorded.

DNS

No domains contacted.

HTTP Requests

No HTTP requests performed.

SMTP traffic

No SMTP traffic performed.

IRC traffic

No IRC requests performed.

ICMP traffic

No ICMP traffic performed.

CIF Results

No CIF Results

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Suricata HTTP

No Suricata HTTP

Sorry! No dropped Suricata Extracted files.

JA3

No JA3 hashes found.

Sorry! No dropped files.
Sorry! No CAPE files.
Sorry! No process dumps.

Comments



No comments posted

Processing ( 7.131 seconds )

  • 4.082 Static
  • 1.315 CAPE
  • 1.288 TargetInfo
  • 0.234 TrID
  • 0.141 Strings
  • 0.042 Deduplicate
  • 0.012 config_decoder
  • 0.007 NetworkAnalysis
  • 0.006 AnalysisInfo
  • 0.002 BehaviorAnalysis
  • 0.002 Debug

Signatures ( 0.04 seconds )

  • 0.007 antiav_detectreg
  • 0.004 ransomware_files
  • 0.003 persistence_autorun
  • 0.003 antiav_detectfile
  • 0.003 infostealer_ftp
  • 0.003 ransomware_extensions
  • 0.002 browser_security
  • 0.002 infostealer_bitcoin
  • 0.002 infostealer_im
  • 0.001 tinba_behavior
  • 0.001 rat_nanocore
  • 0.001 cerber_behavior
  • 0.001 antianalysis_detectfile
  • 0.001 antianalysis_detectreg
  • 0.001 antivm_vbox_files
  • 0.001 antivm_vbox_keys
  • 0.001 geodo_banking_trojan
  • 0.001 bot_drive
  • 0.001 disables_browser_warn
  • 0.001 infostealer_mail

Reporting ( 0.0 seconds )

Task ID 25394
Mongo ID 5c06bb71f284886b78b83752
Cuckoo release 1.3-CAPE
Delete