Cuckoo Sandbox

PE Compile Time

2014-07-01 21:02:13

PE Imphash

2dd2758f0793bdb29ce229a2432eb81b

PEiD Signatures

UPX 2.90 [LZMA] -> Markus Oberhumer, Laszlo Molnar & John Reiser

Sections

Name	Virtual Address	Virtual Size	Size of Raw Data	Entropy
UPX0	0x00001000	0x00013000	0x00000000	0.0
UPX1	0x00014000	0x00015000	0x00014800	7.71107019502
UPX2	0x00029000	0x00001000	0x00000200	2.51482863059

Imports

Library ADVAPI32.DLL:

• 0x429064 CryptHashData

Library KERNEL32.DLL:

• 0x42906c LoadLibraryA

• 0x429070 ExitProcess

• 0x429074 GetProcAddress

• 0x429078 VirtualProtect

Library msvcrt.dll:

• 0x429080 _iob

Library WS2_32.DLL:

• 0x429088 bind

!This program cannot be run in DOS mode.
Sj&,Ph$
t[QQVP
 PPXDR
s!(h2$Q
3QQj4j
t"}7h&'
<]KJH1.
t)mgfp
j@ke=v
VSQRPh 0
t'QQhh
w@V5]1
Wj:6&t
Ph]mEu
hayKxm
"PPhsVlV
0PPShz
#+zM4t
g @&{#
Bx`1e^1
$,e]7C
QX!RCHP
oEo fM
} QP(V1uhE
7}h,E@
P#Ce7?s
hOz364
.~uGjy
d####`XdT
oLwC=m6
NPrj$E
&PPh}$
XrE"0G
uC$}|7
CdP)VS
PQVe;~
w&RPh|,8
GPp5Bu
UuEjT\
@VVD["
FPZdBT
dqfztB4
 /09"&
 WFTo8Ru;
CCV#580E
po0DO5
> MrxFzVS
3\_ND^i
t* QQ
VShu)c
a0wqh>}
tk<ntA<g
7<utK<
_mMQQ+
uf NlC
aDo`XW_
QQj jg.F
w*~GE
= zpVp
g&PRhShh
Bu'@u$u
7HO=c]D
A($t[V
^P\_PPj 
^dPSQ;
&=%\Sh
_l%8`[M8
Wj3lU&
XyM\FP
G4<H3b
BPPh3D
t.^/h9
VVhD+/
glBt|;
uA[[.v
]yMhhH
WWhHPc
 <\tI<]:
pa YKuM
?PhV'h\
H.t2Pj
A)*i'D
|! 7{G
@p@7;
?@1B8[*
(v/u"v
uo<tfl
~%w;>P
&!@u5]
RRt6#h
  ]GuE$e
Z?#739
(90u!N
NuT;]
d$C2$ 
H/C2dC8
OD6$C6
?C2dCl
2$C2xt
$C2$pX2$C2T`\
2$CLP{]
libgcj_s.dll
_Jv_Reg
isterClasses
ma num`
 wa rifaien yanje v1.0
2-%s.exe-gy*orn h
yzik %s 
file[]
http://wecan.hasthe.techno
logy/upload
curl_easy_perform() w
[[UNIQUE]]z
efghijklmnopqrstuvwxyzABCDEFGHIJ
TUVWXYZ01234
CONNECT_ONLY is required!
d to get
cent socket
 handle already used in mu
; \name="%
Conto-Type:Rpart/
?7-data
%s; boundary=%s
=Disposit
ion: :; g
*hmixedaO
`4_att
couldn't ope
applica
/octet-stmm
image/
s?jpeg
text/plain
No error
Unknown
 %d (%#xO
%255[^:]
/etc/ssl/certs/ca-
es.crt
_PROXY
[%*45[?i
er ou8f range
1CVresolve host '%s'lX0LLq
User-Ag
vr%1M[^
sm+POP3.
Protocol$ no
lor disabB
memory sh-
nymous
@example.com
%I64u-
MwCookie:
CURLOPT_SSL_VERIF
1 as valueyP
4M^elsz
statemwith
onn, b
?ing tim
 %ld millise5ds
nneL\e
023[^;
]=%4999
exp's+
# Netscape HTTP ^
lOxx.se/docs/
Fwpgener
! Edit at
 youBIrisk.
@FNl+c
Wri"c#;pu
AUSE wh
Vw93bo
:(%zu != 
 hwRecv.u3
Mhsa_addr#et_ntopp1+Iy:d
ace0g
Qssrem
'(nil)
AvoBd gian
 (maxd%d)
id TIMEVAL;%s,^
If-Mod4ed-Sin
aQnt-Leng
ntinue
 +DigG
Basic(xy-aut
Ghiz;:
%s:u8S
ferer:
uccept-EncWg+
\sH(ch
=,I@L0
 Keep-Al
dm(>ne
(-www-
m-urle
Maximum
 size excee
closeu+
d41d8cd98f00b2
04e9800998ecf8427e1s
s"h,6g
tr2^lm
kwSOCKS5:% 
^ occurrx
~itial ?
ub-nego
Rby P9
kj (%wd)7
OGSSAPI per-m
f3#meQd~
/password,3
nea>li,
p.zCqdocu
a0H8.V
has wroH
0lete
}9)8@d/
Ubeca4W
gram an
differ
r-idsi
aboradue"
/poll=
%zutes;
@} ignoF(
bug #39)
JQX_fM
)3=DM
4MKRY`gn4M
0:DKRM
4MY`gnu|4M
4MAHOV]d4M
6=DKRM
4MY`gnu|4M
4")07>
ELSZaM
4Mhov}
4(/6=D
KRY`gM
3:AHOM
4MV]dkryt]
5<CJQM
4MX_fmt
#*18?5M
_netrc
  %% Tota]
Spe9  Time,
ss thanw
sec X
[eset!
ioctl  b
U|adcas
scratch bu
#0QkFp
~outst
%c%c==
OK#hexadecim
number
or mis
%sequ^e
4,?O^m
getinfo
global_7
_mem\maprintf
_assign_'
$fdK#a
remove
x*_all
0!\vRvp
slist_ap
4MDTt|;
LXdp|M
44@LXd
 ,8DP;
$4DL\df
ExitProcess
pandEnvir
StringsA
FormaG
tM&age
Module
jAddrG
5TickCount
wionlter
CryptAcqO@&
CreateHash
Destroy
ReleaseZ
x__getZargWM
__mb_cur_max
__p__ed
errnoiob
scon p
s@Kstati64/
ys_nWCE
ombstowcDmemch
{qsfnG
+sscanf
Dtodtr{
unlin9m
WSACk6
Start]_(FDIs"
w@.i'Ca]
XPTPSW
ADVAPI32.DLL
KERNEL32.DLL
msvcrt.dll
WS2_32.DLL
CryptHashData
ExitProcess
GetProcAddress
LoadLibraryA
VirtualProtect
 !"#$%&
'()*+,-./0123456

Antivirus	Signature
Bkav	W32.AIDetectMalware
Lionic	Hacktool.Win32.Snojan.3!c
Elastic	malicious (moderate confidence)
ClamAV	Win.Malware.Cymt-10023133-0
CMC	Clean
CAT-QuickHeal	Trojan.AgentbPMF.S33725804
Skyhigh	BehavesLike.Win32.ToolSnojan.mc
ALYac	Trojan.Agent.CYZT
Cylance	Unsafe
Zillya	Tool.CoreWarrior.Win32.18
Sangfor	Trojan.Win32.Save.a
CrowdStrike	win/malicious_confidence_100% (W)
Alibaba	Trojan:Win32/CoreWarrior.d9c68176
K7GW	Trojan ( 005464da1 )
K7AntiVirus	Trojan ( 00575d031 )
huorong	HVM:TrojanDownloader/Small.gen!A
Baidu	Clean
VirIT	Trojan.Win32.AgentT.DYK
Paloalto	Clean
Symantec	Hacktool.Flooder
tehtris	Clean
ESET-NOD32	a variant of Win32/Agent.AAEF
APEX	Clean
Avast	Win32:TrojanX-gen [Trj]
Cynet	Malicious (score: 100)
Kaspersky	HEUR:Flooder.Win32.CoreWarrior.a
BitDefender	Trojan.Agent.CYZT
NANO-Antivirus	Trojan.Win32.Snojan.jqzopm
ViRobot	Clean
MicroWorld-eScan	Trojan.Agent.CYZT
Tencent	Trojan.Win32.Corewarrior.ca
Sophos	Troj/Bdoor-BHD
F-Secure	Trojan.TR/Crypt.ULPM.Gen2
DrWeb	Tool.Snojan.1
VIPRE	Trojan.Agent.CYZT
TrendMicro	Clean
McAfeeD	Real Protect-LS!39372C97811E
Trapmine	suspicious.low.ml.score
CTX	exe.trojan.snojan
Emsisoft	Trojan.Agent.CYZT (B)
Ikarus	Trojan.Agent
FireEye	Generic.mg.39372c97811e265f
Jiangmin	Downloader.Snojan.adp
Webroot	Clean
Varist	W32/Agent.FBOO-5422
Avira	TR/Crypt.ULPM.Gen2
Fortinet	Riskware/Snojan
Antiy-AVL	Trojan/Win32.Phonzy
Kingsoft	Clean
Gridinsoft	Trojan.Win32.Agent.sa
Xcitium	TrojWare.Win32.Snojan.B@7h1cjp
Arcabit	Trojan.Agent.CYZT
SUPERAntiSpyware	Clean
Microsoft	Trojan:Win32/CoreWarrior.DA!MTB
Google	Detected
AhnLab-V3	Downloader/Win.Generic.R665906
Acronis	suspicious
McAfee	Artemis!39372C97811E
TACHYON	Clean
VBA32	Flooder.CoreWarrior
Malwarebytes	Malware.AI.1986541864
Panda	Trj/Genetic.gen
Zoner	Clean
TrendMicro-HouseCall	Clean
Rising	Downloader.Snojan!8.ECDD (TFE:5:V47YrAkOYKG)
Yandex	Riskware.Flooder!j7BYbbJGLUM
SentinelOne	Static AI - Suspicious PE
MaxSecure	Trojan.Malware.325666027.susgen
GData	Win32.Application.Snojan.A
AVG	Win32:TrojanX-gen [Trj]
DeepInstinct	MALICIOUS
alibabacloud	Trojan[downloader]:Win/Nemucod.2b1a08a0

IRMA	Signature
ESET Security (Windows)	a variant of Win32/Agent.AAEF trojan
Avast Core Security (Linux)	Win32:TrojanX-gen [Trj]
C4S ClamAV (Linux)	YARA.UPX.UNOFFICIAL
F-Secure Antivirus (Linux)	Trojan.TR/Crypt.ULPM.Gen2 [Aquarius]
McAfee CLI scanner (Linux)	Clean
Bitdefender Antivirus (Linux)	Trojan.Agent.CYZT
G Data Antivirus (Windows)	Virus: Trojan.Agent.CYZT (Engine A), Win32.Application.Snojan.A (Engine B)
Sophos Anti-Virus (Linux)	Troj/Bdoor-BHD
DrWeb Antivirus (Linux)	Clean
Trend Micro SProtect (Linux)	Clean
WithSecure (Linux)	Trojan.TR/Crypt.ULPM.Gen2
ClamAV (Linux)	Win.Malware.Cymt-10023133-0
eScan Antivirus (Linux)	Trojan.Agent.CYZT(DB)
Kaspersky Standard (Windows)	HEUR:Flooder.Win32.CoreWarrior.a
Emsisoft Commandline Scanner (Windows)	Trojan.Agent.CYZT (B)

Browser recommendation

Static Analysis

PE Compile Time

PE Imphash

PEiD Signatures

Sections

Imports

Browser recommendation

PE Compile Time

PE Imphash

PEiD Signatures

Sections

Imports

Feedback