Cuckoo Sandbox

Name	11227ee51970b525_half-life 2(serial).exe Download Submit file
Filepath	C:\Windows\win32dc\Half-Life 2(serial).exe
Size	200.2KB
Processes	1204 (9bea8a848feba8aaf4309bcc03ebe15792a953e52018fa318f3abe50f9fcf6f9.exe)
Type	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed
MD5	`bfdc40152349a0ff8897416089347178`
SHA1	`981cb13e071bff01cd7e94ab3e48837e32d0df2a`
SHA256	`11227ee51970b525e885a787bee51d5f25345e5cdbd7888c2b10aed349a258dc`
CRC32	`D5569699`
ssdeep	`None`
Yara	suspicious_packer_section - The packer/protector section names/keywords network_irc - Communications over IRC network network_dropper - File downloader/dropper network_tcp_socket - Communications over RAW socket network_dns - Communications use DNS keylogger - Run a keylogger spreading_share - Malware can spread east-west using share drive win_mutex - Create or check mutex win_registry - Affect system registries win_private_profile - Affect private profile
VirusTotal	Search for analysis

Name	5e1b71ed75943732_quake3 patch.exe Download Submit file
Filepath	C:\Windows\win32dc\Quake3 patch.exe
Size	200.2KB
Processes	1204 (9bea8a848feba8aaf4309bcc03ebe15792a953e52018fa318f3abe50f9fcf6f9.exe)
Type	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed
MD5	`de4a9e9d32e6e1bf8272f7a6c16d3141`
SHA1	`4c65fd3ae2fdea7c8d1719937801fe3d5eeeb8dd`
SHA256	`5e1b71ed75943732df282c763f9acea25de9a6aa1ab7d4d29ed7d67ce2982747`
CRC32	`0BF07EE2`
ssdeep	`None`
Yara	suspicious_packer_section - The packer/protector section names/keywords network_irc - Communications over IRC network network_dropper - File downloader/dropper network_tcp_socket - Communications over RAW socket network_dns - Communications use DNS keylogger - Run a keylogger spreading_share - Malware can spread east-west using share drive win_mutex - Create or check mutex win_registry - Affect system registries win_private_profile - Affect private profile
VirusTotal	Search for analysis

Dropped Files