Analysis

Category Package Started Completed Duration Log
STATIC 2019-10-01 19:22:58 2019-10-01 19:22:58 0 seconds Show Log

    

MalScore

2.0

Benign

File Details

File Name PortableWinCDEmu-3.4.exe
File Size 235008 bytes
File Type PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5 d39501cee24f771716ee7ab66f8a63f6
SHA1 812e78de51d5e3c19a50f7128d926a6e3bf889d4
SHA256 6b7aceffd87eaaa5083da78e8dcb8f04fe535e581ba09c6678a072394e408ed4
SHA512 41077cc997a0b86beb7a66913a8b1a234d15fb9c67e0565f9237fecbaf1f08dd2f684feebe4f47fc2ba659eb290ea1fe63cbe30a00275728907ea08e69f82a39
CRC32 B112DFB4
Ssdeep 6144:n4NcWAqu9LYlO+otFGv/hRnmdk5HwF5hreru5AXc5j1:nDWAq0O9otFGv/hRnmdk5CDyru5x5j1
TrID None matched
ClamAV None matched
Yara None matched
CAPE Yara
Resubmit sample

Signatures

The binary likely contains encrypted or compressed data.
section: name: UPX1, entropy: 7.92, characteristics: IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE, raw_size: 0x00035c00, virtual_size: 0x00036000
The executable is compressed using UPX
section: name: UPX0, entropy: 0.00, characteristics: IMAGE_SCN_CNT_UNINITIALIZED_DATA|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE, raw_size: 0x00000000, virtual_size: 0x00061000

Screenshots

No screenshots available.

Hosts

No hosts contacted.

DNS

No domains contacted.


Summary

PE Information

Image Base 0x00400000
Entry Point 0x00497830
Reported Checksum 0x00000000
Actual Checksum 0x00047526
Minimum OS Version 5.0
Compile Time 2010-10-28 14:29:03
Import Hash 68e956b98f9c252688a47dbd63dcb1cc

Sections

Name Virtual Address Virtual Size Size of Raw Data Characteristics Entropy
UPX0 0x00001000 0x00061000 0x00000000 IMAGE_SCN_CNT_UNINITIALIZED_DATA|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 0.00
UPX1 0x00062000 0x00036000 0x00035c00 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 7.92
.rsrc 0x00098000 0x00004000 0x00003600 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 5.55

Resources

Name Offset Size Language Sub-language Entropy File type
DRIVERFILE 0x0004c938 0x00041a60 LANG_NEUTRAL SUBLANG_NEUTRAL 0.00 None
DRIVERFILE 0x0004c938 0x00041a60 LANG_NEUTRAL SUBLANG_NEUTRAL 0.00 None

Imports

Library KERNEL32.DLL:
0x49b354 LoadLibraryA
0x49b358 GetProcAddress
0x49b35c VirtualProtect
0x49b360 VirtualAlloc
0x49b364 VirtualFree
0x49b368 ExitProcess
Library ADVAPI32.dll:
0x49b370 RegCloseKey
Library COMCTL32.dll:
0x49b378 ImageList_Create
Library COMDLG32.dll:
0x49b380 GetSaveFileNameW
Library ole32.dll:
0x49b388 CoInitialize
Library OLEAUT32.dll:
0x49b390 VarUI4FromStr
Library SETUPAPI.dll:
Library SHELL32.dll:
Library USER32.dll:
0x49b3a8 SetTimer

.rsrc
2UDJ_
Q 8PXN
8^Du9
<LPI*|
X&p#m
VSR2X1
G9W4L
MEDIA DESCRIPTOR
OnVol
werIrp
$4(4,404
5JXGI
Z$irG,OJBP
Ri61W
w$MlOx
</assembly>PAD
KERNEL32.DLL
ADVAPI32.dll
COMCTL32.dll
COMDLG32.dll
ole32.dll
OLEAUT32.dll
SETUPAPI.dll
SHELL32.dll
USER32.dll
LoadLibraryA
GetProcAddress
VirtualProtect
VirtualAlloc
VirtualFree
ExitProcess
RegCloseKey
ImageList_Create
GetSaveFileNameW
CoInitialize
SetupDiGetClassDevsW
SHGetSpecialFolderPathW
SetTimer
DRIVERFILE
VS_VERSION_INFO
StringFileInfo
040904b0
Comments
SysProgs.org
FileDescription
Portable WinCDEmu [BETA]
FileVersion
3, 4, 0, 1
InternalName
Portable WinCDEmu
LegalCopyright
SysProgs.org
OriginalFilename
PortableWinCDEmu.exe
ProductName
Portable WinCDEmu
ProductVersion
3, 4, 0, 1
SpecialBuild
VarFileInfo
Translation
This file is not on VirusTotal.

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

No UDP connections recorded.

DNS

No domains contacted.

HTTP Requests

No HTTP requests performed.

SMTP traffic

No SMTP traffic performed.

IRC traffic

No IRC requests performed.

ICMP traffic

No ICMP traffic performed.

CIF Results

No CIF Results

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Suricata HTTP

No Suricata HTTP

Sorry! No dropped Suricata Extracted files.

JA3

No JA3 hashes found.

Sorry! No dropped files.
Type UPX-extracted : 32-bit executable
Size 592896 bytes
MD5 0c37b1030207544189cb961d7fbac34c
SHA1 91831ed95c4d95ca6fc47104fd59b0fb7997e39b
SHA256 abb4731db5e4917d8945959d811e64612a44ec11c34ca01d1e87038c6885b924
CRC32 1A2FD692
Ssdeep 12288:cwjdIK46Rz+cuvk4TCmFq1FolMzBdFeHRA:RjdRzz+cuvk4vFqwGPf
Yara None matched
CAPE Yara None matched
Download Download ZIP
Sorry! No process dumps.

Comments



No comments posted

Processing ( 1.335 seconds )

  • 0.618 Static
  • 0.567 CAPE
  • 0.127 TargetInfo
  • 0.015 Strings
  • 0.006 AnalysisInfo
  • 0.001 BehaviorAnalysis
  • 0.001 Debug

Signatures ( 0.043 seconds )

  • 0.008 ransomware_files
  • 0.007 antiav_detectreg
  • 0.003 antiav_detectfile
  • 0.003 infostealer_ftp
  • 0.003 ransomware_extensions
  • 0.002 persistence_autorun
  • 0.002 browser_security
  • 0.002 infostealer_bitcoin
  • 0.002 infostealer_im
  • 0.001 tinba_behavior
  • 0.001 rat_nanocore
  • 0.001 cerber_behavior
  • 0.001 antianalysis_detectfile
  • 0.001 antianalysis_detectreg
  • 0.001 antivm_vbox_files
  • 0.001 antivm_vbox_keys
  • 0.001 geodo_banking_trojan
  • 0.001 disables_browser_warn
  • 0.001 infostealer_mail
  • 0.001 ie_martian_children

Reporting ( 0.0 seconds )

Task ID 93124
Mongo ID 5d93a7988513b6cfa8c7a157
Cuckoo release 1.3-CAPE
Delete