Cuckoo Sandbox

File dc0621450142b54d1bae6fe4ceff77ef0e31e26b3626c9f29ff9ba4a1a9a6274.exe

Summary
Download Resubmit sample

Size	901.5KB
Type	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`bae0ff6e009ed3c5a26502148a3ff328`
SHA1	`6666618ea2db6402b49512d19a91d1fa58863e8e`
SHA256	`dc0621450142b54d1bae6fe4ceff77ef0e31e26b3626c9f29ff9ba4a1a9a6274`
SHA512	`45b45785f05465a76215a627d24cef8d710a42239617da36ba4d2ebe0a9c99a1faf7aaaa38d969be6661ea334788ad988182b1432335d4f5f729f79e1bd6e2f0`
CRC32	`E8CC288B`
ssdeep	`None`
PDB Path	njys.pdb
Yara	None matched

Score

This file is very suspicious, with a score of 10 out of 10!

Please notice: The scoring system is currently still in development and should be considered an alpha feature.

Feedback

Expecting different results? Send us this analysis and we will inspect it. Click here

Information on Execution

Analysis

Category	Started	Completed	Duration	Routing	Logs
FILE	Sept. 9, 2025, 5:19 a.m.	Sept. 9, 2025, 5:24 a.m.	314 seconds	internet	Show Analyzer Log Show Cuckoo Log

Analyzer Log

2025-09-09 05:14:21,000 [analyzer] DEBUG: Starting analyzer from: C:\tmp2zg5xi
2025-09-09 05:14:21,015 [analyzer] DEBUG: Pipe server name: \??\PIPE\yqFJErNssgehSaxOXTjVGWFl
2025-09-09 05:14:21,015 [analyzer] DEBUG: Log pipe server name: \??\PIPE\DimRIgwhLuVtmZApLGiBjgTeUgBoSQ
2025-09-09 05:14:21,328 [analyzer] DEBUG: Started auxiliary module Curtain
2025-09-09 05:14:21,328 [analyzer] DEBUG: Started auxiliary module DbgView
2025-09-09 05:14:21,765 [analyzer] DEBUG: Started auxiliary module Disguise
2025-09-09 05:14:21,967 [analyzer] DEBUG: Loaded monitor into process with pid 512
2025-09-09 05:14:21,967 [analyzer] DEBUG: Started auxiliary module DumpTLSMasterSecrets
2025-09-09 05:14:21,983 [analyzer] DEBUG: Started auxiliary module Human
2025-09-09 05:14:21,983 [analyzer] DEBUG: Started auxiliary module InstallCertificate
2025-09-09 05:14:21,983 [analyzer] DEBUG: Started auxiliary module Reboot
2025-09-09 05:14:22,030 [analyzer] DEBUG: Started auxiliary module RecentFiles
2025-09-09 05:14:22,030 [analyzer] DEBUG: Started auxiliary module Screenshots
2025-09-09 05:14:22,046 [analyzer] DEBUG: Started auxiliary module Sysmon
2025-09-09 05:14:22,046 [analyzer] DEBUG: Started auxiliary module LoadZer0m0n
2025-09-09 05:14:22,187 [lib.api.process] INFO: Successfully executed process from path u'C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\dc0621450142b54d1bae6fe4ceff77ef0e31e26b3626c9f29ff9ba4a1a9a6274.exe' with arguments '' and pid 1960
2025-09-09 05:14:22,342 [analyzer] DEBUG: Loaded monitor into process with pid 1960
2025-09-09 04:22:57,651 [analyzer] INFO: Analysis timeout hit, terminating analysis.
2025-09-09 04:22:57,855 [lib.api.process] ERROR: Failed to dump memory of 32-bit process with pid 1960.
2025-09-09 04:22:58,387 [analyzer] INFO: Terminating remaining processes before shutdown.
2025-09-09 04:22:58,387 [lib.api.process] INFO: Successfully terminated process with pid 1960.
2025-09-09 04:22:58,387 [analyzer] INFO: Analysis completed.

Cuckoo Log

2025-09-09 05:19:13,928 [cuckoo.core.scheduler] DEBUG: Task #6962647: no machine available yet
2025-09-09 05:19:15,176 [cuckoo.core.scheduler] DEBUG: Task #6962647: no machine available yet
2025-09-09 05:19:16,213 [cuckoo.core.scheduler] DEBUG: Task #6962647: no machine available yet
2025-09-09 05:19:17,260 [cuckoo.core.scheduler] DEBUG: Task #6962647: no machine available yet
2025-09-09 05:19:18,290 [cuckoo.core.scheduler] DEBUG: Task #6962647: no machine available yet
2025-09-09 05:19:19,324 [cuckoo.core.scheduler] INFO: Task #6962647: acquired machine win7x6410 (label=win7x6410)
2025-09-09 05:19:19,325 [cuckoo.core.resultserver] DEBUG: Now tracking machine 192.168.168.210 for task #6962647
2025-09-09 05:19:19,843 [cuckoo.auxiliary.sniffer] INFO: Started sniffer with PID 1153531 (interface=vboxnet0, host=192.168.168.210)
2025-09-09 05:19:21,128 [cuckoo.machinery.virtualbox] DEBUG: Starting vm win7x6410
2025-09-09 05:19:22,113 [cuckoo.machinery.virtualbox] DEBUG: Restoring virtual machine win7x6410 to vmcloak
2025-09-09 05:22:19,887 [cuckoo.core.guest] INFO: Starting analysis #6962647 on guest (id=win7x6410, ip=192.168.168.210)
2025-09-09 05:22:20,897 [cuckoo.core.guest] DEBUG: win7x6410: not ready yet
2025-09-09 05:22:25,926 [cuckoo.core.guest] INFO: Guest is running Cuckoo Agent 0.10 (id=win7x6410, ip=192.168.168.210)
2025-09-09 05:22:26,036 [cuckoo.core.guest] DEBUG: Uploading analyzer to guest (id=win7x6410, ip=192.168.168.210, monitor=latest, size=6660546)
2025-09-09 05:22:27,425 [cuckoo.core.resultserver] DEBUG: Task #6962647: live log analysis.log initialized.
2025-09-09 05:22:28,371 [cuckoo.core.resultserver] DEBUG: Task #6962647 is sending a BSON stream
2025-09-09 05:22:28,746 [cuckoo.core.resultserver] DEBUG: Task #6962647 is sending a BSON stream
2025-09-09 05:22:29,627 [cuckoo.core.resultserver] DEBUG: Task #6962647: File upload for 'shots/0001.jpg'
2025-09-09 05:22:29,645 [cuckoo.core.resultserver] DEBUG: Task #6962647 uploaded file length: 133442
2025-09-09 05:22:42,262 [cuckoo.core.guest] DEBUG: win7x6410: analysis #6962647 still processing
2025-09-09 05:22:57,494 [cuckoo.core.guest] DEBUG: win7x6410: analysis #6962647 still processing
2025-09-09 05:22:58,013 [cuckoo.core.resultserver] DEBUG: Task #6962647: File upload for 'curtain/1757384578.01.curtain.log'
2025-09-09 05:22:58,266 [cuckoo.core.resultserver] DEBUG: Task #6962647 uploaded file length: 36
2025-09-09 05:22:58,270 [cuckoo.core.resultserver] DEBUG: Task #6962647: File upload for 'sysmon/1757384578.23.sysmon.xml'
2025-09-09 05:22:58,388 [cuckoo.core.resultserver] DEBUG: Task #6962647 uploaded file length: 1489138
2025-09-09 05:22:58,488 [cuckoo.core.resultserver] DEBUG: Task #6962647 had connection reset for <Context for LOG>
2025-09-09 05:23:00,509 [cuckoo.core.guest] INFO: win7x6410: analysis completed successfully
2025-09-09 05:23:00,525 [cuckoo.core.plugins] DEBUG: Stopped auxiliary module: Redsocks
2025-09-09 05:23:00,558 [cuckoo.core.plugins] DEBUG: Stopped auxiliary module: Sniffer
2025-09-09 05:23:02,031 [cuckoo.machinery.virtualbox] INFO: Successfully generated memory dump for virtual machine with label win7x6410 to path /srv/cuckoo/cwd/storage/analyses/6962647/memory.dmp
2025-09-09 05:23:02,033 [cuckoo.machinery.virtualbox] DEBUG: Stopping vm win7x6410
2025-09-09 05:24:28,047 [cuckoo.core.resultserver] DEBUG: Stopped tracking machine 192.168.168.210 for task #6962647
2025-09-09 05:24:28,615 [cuckoo.core.scheduler] DEBUG: Released database task #6962647
2025-09-09 05:24:28,634 [cuckoo.core.scheduler] INFO: Task #6962647: analysis procedure completed

Signatures

Allocates read-write-execute memory (usually to unpack itself) (30 events)

Time & API	Arguments	Status
NtProtectVirtualMemory Sept. 9, 2025, 6:14 a.m.	process_identifier: 1960 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x726b2000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Sept. 9, 2025, 6:14 a.m.	process_identifier: 1960 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x726b2000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Sept. 9, 2025, 6:14 a.m.	process_identifier: 1960 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x726b2000 process_handle: 0xffffffff	1
NtAllocateVirtualMemory Sept. 9, 2025, 6:14 a.m.	process_identifier: 1960 region_size: 1245184 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02070000 allocation_type: 8192 (MEM_RESERVE) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Sept. 9, 2025, 6:14 a.m.	process_identifier: 1960 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02160000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Sept. 9, 2025, 6:14 a.m.	process_identifier: 1960 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00483000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Sept. 9, 2025, 6:14 a.m.	process_identifier: 1960 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x004c5000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Sept. 9, 2025, 6:14 a.m.	process_identifier: 1960 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x004cb000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Sept. 9, 2025, 6:14 a.m.	process_identifier: 1960 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x004c7000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Sept. 9, 2025, 6:14 a.m.	process_identifier: 1960 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x006b0000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Sept. 9, 2025, 6:14 a.m.	process_identifier: 1960 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0048d000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Sept. 9, 2025, 6:14 a.m.	process_identifier: 1960 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x004aa000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Sept. 9, 2025, 6:14 a.m.	process_identifier: 1960 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x004a7000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Sept. 9, 2025, 6:14 a.m.	process_identifier: 1960 region_size: 655360 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x021a0000 allocation_type: 8192 (MEM_RESERVE) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Sept. 9, 2025, 6:14 a.m.	process_identifier: 1960 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02200000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Sept. 9, 2025, 6:14 a.m.	process_identifier: 1960 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0049d000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Sept. 9, 2025, 6:14 a.m.	process_identifier: 1960 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x004a6000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Sept. 9, 2025, 6:14 a.m.	process_identifier: 1960 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x006b1000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Sept. 9, 2025, 6:14 a.m.	process_identifier: 1960 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x006b2000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Sept. 9, 2025, 6:14 a.m.	process_identifier: 1960 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x006b3000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Sept. 9, 2025, 6:14 a.m.	process_identifier: 1960 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x006b4000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Sept. 9, 2025, 6:14 a.m.	process_identifier: 1960 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x007ff000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Sept. 9, 2025, 6:14 a.m.	process_identifier: 1960 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x007f0000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Sept. 9, 2025, 6:14 a.m.	process_identifier: 1960 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x006b5000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Sept. 9, 2025, 6:14 a.m.	process_identifier: 1960 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x006b6000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Sept. 9, 2025, 6:14 a.m.	process_identifier: 1960 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x006b7000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Sept. 9, 2025, 6:14 a.m.	process_identifier: 1960 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x006b8000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Sept. 9, 2025, 6:14 a.m.	process_identifier: 1960 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x006b9000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Sept. 9, 2025, 6:14 a.m.	process_identifier: 1960 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x006ba000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Sept. 9, 2025, 6:14 a.m.	process_identifier: 1960 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x006bb000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1

Checks if process is being debugged by a debugger (2 events)

Time & API	Arguments	Status	Return	Repeated
IsDebuggerPresent Sept. 9, 2025, 6:14 a.m.			0	0
IsDebuggerPresent Sept. 9, 2025, 6:14 a.m.			0	0

This executable has a PDB path (1 event)

pdb_path

njys.pdb

Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available (1 event)

Time & API	Arguments	Status	Return	Repeated
GlobalMemoryStatusEx Sept. 9, 2025, 6:14 a.m.		1	1	0

The binary likely contains encrypted or compressed data indicative of a packer (2 events)

section

{u'size_of_data': u'0x00098600', u'virtual_address': u'0x00002000', u'entropy': 7.977594167706762, u'name': u'.text', u'virtual_size': u'0x000984b4'}

entropy

7.97759416771

description

A section with a high entropy has been found

entropy

0.676470588235

description

Overall entropy of this PE file is high

File has been identified by 11 AntiVirus engine on IRMA as malicious (11 events)

G Data Antivirus (Windows)	Virus: Gen:Variant.Ransom.Loki.24223 (Engine A)
Avast Core Security (Linux)	Win32:MalwareX-gen [Cryp]
Trellix (Linux)	RDN/genericv trojan
WithSecure (Linux)	Heuristic.HEUR/AGEN.1309684
eScan Antivirus (Linux)	Gen:Variant.Ransom.Loki.24223(DB)
ESET Security (Windows)	a variant of MSIL/Kryptik.AKNO trojan
Sophos Anti-Virus (Linux)	Troj/Krypt-ABH
DrWeb Antivirus (Linux)	Trojan.PackedNET.2574
Bitdefender Antivirus (Linux)	Gen:Variant.Ransom.Loki.24223
Kaspersky Standard (Windows)	HEUR:Trojan-PSW.MSIL.Agensla.gen
Emsisoft Commandline Scanner (Windows)	Gen:Variant.Ransom.Loki.24223 (B)

File has been identified by 54 AntiVirus engines on VirusTotal as malicious (50 out of 54 events)

Lionic	Trojan.Win32.AgentTesla.i!c
CAT-QuickHeal	Trojan.MsilFC.S32195934
Skyhigh	BehavesLike.Win32.Generic.dc
ALYac	Gen:Variant.Ransom.Loki.24223
Cylance	Unsafe
VIPRE	Gen:Variant.Ransom.Loki.24223
Sangfor	Trojan.Win32.Save.a
CrowdStrike	win/malicious_confidence_100% (W)
BitDefender	Gen:Variant.Ransom.Loki.24223
K7GW	Trojan ( 005adbce1 )
K7AntiVirus	Trojan ( 005adbce1 )
Arcabit	Trojan.Ransom.Loki.D5E9F
Symantec	Scr.Malcode!gdn33
Elastic	malicious (high confidence)
ESET-NOD32	a variant of MSIL/Kryptik.AKNO
APEX	Malicious
Avast	Win32:MalwareX-gen [Cryp]
Kaspersky	HEUR:Trojan-PSW.MSIL.Agensla.gen
Alibaba	TrojanPSW:MSIL/AgentTesla.75d6540f
MicroWorld-eScan	Gen:Variant.Ransom.Loki.24223
Rising	Malware.Obfus/MSIL@AI.100 (RDM.MSIL2:Q7+5Ph+R74RZY+f6l5r9sw)
Emsisoft	Gen:Variant.Ransom.Loki.24223 (B)
F-Secure	Heuristic.HEUR/AGEN.1309684
DrWeb	Trojan.PackedNET.2574
Zillya	Trojan.Kryptik.Win32.4469470
McAfeeD	ti!DC0621450142
CTX	exe.trojan.msil
Sophos	Troj/Krypt-ABH
SentinelOne	Static AI - Malicious PE
Webroot	W32.Trojan.Gen
Google	Detected
Avira	HEUR/AGEN.1309684
Kingsoft	malware.kb.c.965
Xcitium	Malware@#2xol4cieerxsb
Microsoft	Trojan:MSIL/AgentTesla.CCFW!MTB
ZoneAlarm	Troj/Krypt-ABH
GData	Gen:Variant.Ransom.Loki.24223
Varist	W32/MSIL_Troj.CZS.gen!Eldorado
AhnLab-V3	Trojan/Win.Generic.R423944
VBA32	TrojanLoader.MSIL.DaVinci.Heur
DeepInstinct	MALICIOUS
Malwarebytes	Malware.AI.1334313941
Ikarus	Trojan.MSIL.Inject
Panda	Trj/Chgt.AD
TrendMicro-HouseCall	Trojan.Win32.VSX.PE04C9j
Tencent	Malware.Win32.Gencirc.11bb10dd
Yandex	Trojan.Igent.b1xLeu.7
TrellixENS	RDN/genericv
huorong	TrojanSpy/MSIL.AgentTesla.mq
MaxSecure	Trojan.Malware.74499699.susgen

Screenshots

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action	VT	Location
No hosts contacted.

Browser recommendation

File dc0621450142b54d1bae6fe4ceff77ef0e31e26b3626c9f29ff9ba4a1a9a6274.exe

Summary Download Resubmit sample

Score

Feedback

Information on Execution

Analyzer Log

Cuckoo Log

Signatures

Feedback

Summary
Download Resubmit sample