Cuckoo Sandbox

Name	731ce15210a20d48_quake3 serial.exe Download Submit file
Filepath	C:\Windows\win32dc\Quake3 serial.exe
Size	206.2KB
Processes	2604 (1e53aacbfb05fe70_doom 3_fix.exe)
Type	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed
MD5	`97c10c4cd4cb38f63718778bed0efe9c`
SHA1	`f92b391d23784e09107c13ff4a4cce1293eab2d6`
SHA256	`731ce15210a20d4820f7098bfa2f1eeb1ca75e695ec3cb87c0c22ff22683c0fa`
CRC32	`B82E9507`
ssdeep	`None`
Yara	suspicious_packer_section - The packer/protector section names/keywords network_irc - Communications over IRC network network_dropper - File downloader/dropper network_tcp_socket - Communications over RAW socket network_dns - Communications use DNS keylogger - Run a keylogger spreading_share - Malware can spread east-west using share drive win_mutex - Create or check mutex win_registry - Affect system registries win_private_profile - Affect private profile
VirusTotal	Search for analysis

Name	92f3a1732dea0dd6_half-life 2_fix.exe Download Submit file
Filepath	C:\Windows\win32dc\Half-Life 2_fix.exe
Size	206.2KB
Processes	2604 (1e53aacbfb05fe70_doom 3_fix.exe)
Type	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed
MD5	`e9f26ab2fb324be5bc406d8a4ba19b89`
SHA1	`0455a1d6a46e30465daeeebee9fd77382841dd5f`
SHA256	`92f3a1732dea0dd63e6aecb0d0dee2dcb8c87e06d3692b55c304116f10f15b62`
CRC32	`2C643A67`
ssdeep	`None`
Yara	suspicious_packer_section - The packer/protector section names/keywords network_irc - Communications over IRC network network_dropper - File downloader/dropper network_tcp_socket - Communications over RAW socket network_dns - Communications use DNS keylogger - Run a keylogger spreading_share - Malware can spread east-west using share drive win_mutex - Create or check mutex win_registry - Affect system registries win_private_profile - Affect private profile
VirusTotal	Search for analysis

Dropped Files