Summary

c6b839878b74aff445959a0f7f1d625d3f08f93e14f7c2759caeec863c4f112f

File c6b839878b74aff445959a0f7f1d625d3f08f93e14f7c2759caeec863c4f112f

Summary
Download Resubmit sample

Size 32.0KB
Type PE32 executable (GUI) Intel 80386, for MS Windows, PECompact2 compressed
MD5 44b5d8d9ba47078a8e25d2f47b01b195
SHA1 01411a343a1d1b16105eb4ad70bbaa3e045e0765
SHA256 c6b839878b74aff445959a0f7f1d625d3f08f93e14f7c2759caeec863c4f112f
SHA512
ea5b678e8879e2b292f2de6093348de293776b7dca54d868a503d361c46628ff697cc95e41a1c8110e78033b597f525f7feca37a91fd60f0e3ceeddfccc96dc3
CRC32 F156729C
ssdeep None
Yara
  • suspicious_packer_section - The packer/protector section names/keywords

Score

This file is very suspicious, with a score of 10 out of 10!

Please notice: The scoring system is currently still in development and should be considered an alpha feature.

Feedback

Expecting different results? Send us this analysis and we will inspect it. Click here

Information on Execution

Analysis
Category Started Completed Duration Routing Logs
FILE June 30, 2025, 5:45 p.m. June 30, 2025, 5:47 p.m. 74 seconds internet Show Analyzer Log
Show Cuckoo Log

Analyzer Log

2025-06-23 02:28:54,000 [analyzer] DEBUG: Starting analyzer from: C:\tmpqnr2dk
2025-06-23 02:28:54,000 [analyzer] DEBUG: Pipe server name: \??\PIPE\xQovTfDIEbTSmLuLpAKqWX
2025-06-23 02:28:54,000 [analyzer] DEBUG: Log pipe server name: \??\PIPE\GmEPoPgYUyBbwzCUlfHmBqB
2025-06-23 02:28:54,233 [analyzer] DEBUG: Started auxiliary module Curtain
2025-06-23 02:28:54,233 [analyzer] DEBUG: Started auxiliary module DbgView
2025-06-23 02:28:54,592 [analyzer] DEBUG: Started auxiliary module Disguise
2025-06-23 02:28:54,796 [analyzer] DEBUG: Loaded monitor into process with pid 504
2025-06-23 02:28:54,796 [analyzer] DEBUG: Started auxiliary module DumpTLSMasterSecrets
2025-06-23 02:28:54,796 [analyzer] DEBUG: Started auxiliary module Human
2025-06-23 02:28:54,796 [analyzer] DEBUG: Started auxiliary module InstallCertificate
2025-06-23 02:28:54,812 [analyzer] DEBUG: Started auxiliary module Reboot
2025-06-23 02:28:54,937 [analyzer] DEBUG: Started auxiliary module RecentFiles
2025-06-23 02:28:54,937 [analyzer] DEBUG: Started auxiliary module Screenshots
2025-06-23 02:28:54,937 [analyzer] DEBUG: Started auxiliary module Sysmon
2025-06-23 02:28:54,953 [analyzer] DEBUG: Started auxiliary module LoadZer0m0n
2025-06-23 02:28:55,015 [lib.api.process] ERROR: Failed to execute process from path u'C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\c6b839878b74aff445959a0f7f1d625d3f08f93e14f7c2759caeec863c4f112f.exe' with arguments ['bin\\inject-x86.exe', '--app', u'C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\c6b839878b74aff445959a0f7f1d625d3f08f93e14f7c2759caeec863c4f112f.exe', '--only-start', '--curdir', 'C:\\Users\\ADMINI~1\\AppData\\Local\\Temp'] (Error: Command '['bin\\inject-x86.exe', '--app', u'C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\c6b839878b74aff445959a0f7f1d625d3f08f93e14f7c2759caeec863c4f112f.exe', '--only-start', '--curdir', 'C:\\Users\\ADMINI~1\\AppData\\Local\\Temp']' returned non-zero exit status 1)

Cuckoo Log

2025-06-30 17:45:55,086 [cuckoo.core.scheduler] INFO: Task #6620401: acquired machine win7x6415 (label=win7x6415)
2025-06-30 17:45:55,087 [cuckoo.core.resultserver] DEBUG: Now tracking machine 192.168.168.215 for task #6620401
2025-06-30 17:45:55,379 [cuckoo.auxiliary.sniffer] INFO: Started sniffer with PID 3213561 (interface=vboxnet0, host=192.168.168.215)
2025-06-30 17:45:55,439 [cuckoo.machinery.virtualbox] DEBUG: Starting vm win7x6415
2025-06-30 17:45:55,961 [cuckoo.machinery.virtualbox] DEBUG: Restoring virtual machine win7x6415 to vmcloak
2025-06-30 17:46:28,790 [cuckoo.core.guest] INFO: Starting analysis #6620401 on guest (id=win7x6415, ip=192.168.168.215)
2025-06-30 17:46:29,800 [cuckoo.core.guest] DEBUG: win7x6415: not ready yet
2025-06-30 17:46:34,837 [cuckoo.core.guest] INFO: Guest is running Cuckoo Agent 0.10 (id=win7x6415, ip=192.168.168.215)
2025-06-30 17:46:34,898 [cuckoo.core.guest] DEBUG: Uploading analyzer to guest (id=win7x6415, ip=192.168.168.215, monitor=latest, size=6660546)
2025-06-30 17:46:36,163 [cuckoo.core.resultserver] DEBUG: Task #6620401: live log analysis.log initialized.
2025-06-30 17:46:36,876 [cuckoo.core.resultserver] DEBUG: Task #6620401 is sending a BSON stream
2025-06-30 17:46:38,157 [cuckoo.core.resultserver] DEBUG: Task #6620401: File upload for 'shots/0001.jpg'
2025-06-30 17:46:38,194 [cuckoo.core.resultserver] DEBUG: Task #6620401 uploaded file length: 133476
2025-06-30 17:46:38,604 [cuckoo.core.guest] WARNING: win7x6415: analysis #6620401 caught an exception
Traceback (most recent call last):
  File "C:/tmpqnr2dk/analyzer.py", line 824, in <module>
    success = analyzer.run()
  File "C:/tmpqnr2dk/analyzer.py", line 673, in run
    pids = self.package.start(self.target)
  File "C:\tmpqnr2dk\modules\packages\exe.py", line 34, in start
    return self.execute(path, args=shlex.split(args))
  File "C:\tmpqnr2dk\lib\common\abstracts.py", line 205, in execute
    "Unable to execute the initial process, analysis aborted."
CuckooPackageError: Unable to execute the initial process, analysis aborted.

2025-06-30 17:46:38,622 [cuckoo.core.plugins] DEBUG: Stopped auxiliary module: Redsocks
2025-06-30 17:46:38,649 [cuckoo.core.plugins] DEBUG: Stopped auxiliary module: Sniffer
2025-06-30 17:46:39,376 [cuckoo.machinery.virtualbox] INFO: Successfully generated memory dump for virtual machine with label win7x6415 to path /srv/cuckoo/cwd/storage/analyses/6620401/memory.dmp
2025-06-30 17:46:39,380 [cuckoo.machinery.virtualbox] DEBUG: Stopping vm win7x6415
2025-06-30 17:47:08,580 [cuckoo.core.resultserver] DEBUG: Stopped tracking machine 192.168.168.215 for task #6620401
2025-06-30 17:47:08,582 [cuckoo.core.resultserver] DEBUG: Cancel <Context for LOG> for task 6620401
2025-06-30 17:47:08,944 [cuckoo.core.scheduler] DEBUG: Released database task #6620401
2025-06-30 17:47:08,966 [cuckoo.core.scheduler] INFO: Task #6620401: analysis procedure completed

Signatures

Yara rule detected for file (1 event)
description The packer/protector section names/keywords rule suspicious_packer_section
The binary likely contains encrypted or compressed data indicative of a packer (3 events)
section {u'size_of_data': u'0x00005c00', u'virtual_address': u'0x00001000', u'entropy': 7.970312887631612, u'name': u'.text', u'virtual_size': u'0x00005bfd'} entropy 7.97031288763 description A section with a high entropy has been found
section {u'size_of_data': u'0x00002000', u'virtual_address': u'0x00007000', u'entropy': 7.642710418579035, u'name': u'.rsrc', u'virtual_size': u'0x00002000'} entropy 7.64271041858 description A section with a high entropy has been found
entropy 1.0 description Overall entropy of this PE file is high
File has been identified by 5 AntiVirus engine on IRMA as malicious (5 events)
Avast Core Security (Linux) Win32:Evo-gen [Trj]
C4S ClamAV (Linux) Win.Malware.Lunam-6911425-0
WithSecure (Linux) Trojan.TR/Crypt.PEPM.Gen
Sophos Anti-Virus (Linux) Mal/SillyFDC-K
ClamAV (Linux) Win.Malware.Lunam-6911425-0
File has been identified by 38 AntiVirus engines on VirusTotal as malicious (38 events)
Bkav W32.AIDetectMalware
Lionic Trojan.Win32.Generic.4!c
Cynet Malicious (score: 100)
CAT-QuickHeal Trojan.Ghanarava.175041113201b195
Skyhigh BehavesLike.Win32.Generic.nc
Cylance Unsafe
Sangfor Suspicious.Win32.Save.a
CrowdStrike win/malicious_confidence_100% (W)
K7GW Riskware ( 0040eff71 )
K7AntiVirus Riskware ( 0040eff71 )
Elastic malicious (high confidence)
APEX Malicious
Avast Win32:Evo-gen [Trj]
ClamAV Win.Malware.Lunam-6911425-0
Alibaba Trojan:Win32/Ulise.6981fc1f
Rising Trojan.Kryptik@AI.93 (RDML:vfIZUZ5V80bP6LNyx2SuEg)
F-Secure Trojan.TR/Crypt.PEPM.Gen
McAfeeD Real Protect-LS!44B5D8D9BA47
Trapmine malicious.moderate.ml.score
Sophos Mal/SillyFDC-K
SentinelOne Static AI - Malicious PE
Google Detected
Avira TR/Crypt.PEPM.Gen
Kingsoft malware.kb.a.998
Gridinsoft Trojan.Win32.Kryptik.sa
Microsoft Trojan:Win32/Wacatac.B!ml
ViRobot Trojan.Win.Z.Sillyfdc_K.32768.D
ZoneAlarm Mal/SillyFDC-K
Varist W32/Ulise.BC.gen!Eldorado
AhnLab-V3 Trojan/Win32.Lunam.R261674
DeepInstinct MALICIOUS
Malwarebytes Malware.AI.1957443841
Ikarus Trojan.Crypt
TrellixENS Artemis!44B5D8D9BA47
MaxSecure Trojan.Malware.300983.susgen
Fortinet PossibleThreat.RF
AVG Win32:Evo-gen [Trj]
Paloalto generic.ml
Screenshots
Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action VT Location
No hosts contacted.
Cuckoo

We're processing your submission... This could take a few seconds.