Cuckoo Sandbox

File 31777b18b82c23e2_z8dvsxk girls glans .mpeg.exe

Summary
Download Resubmit sample

Size	839.7KB
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`7aaa6f4314be157a85b42398c86ce2a0`
SHA1	`c79844f930cf3f4edf02af2f50757a97b5e321aa`
SHA256	`31777b18b82c23e26701fbbf952963068903220658abdaad70a1b42c94213745`
SHA512	`74d5ddf97ddb47f0b7b00c80d996390e4b0e5f6294b1fac5a3fb0985676209e8d174398de602367e48bf61ccd2d2164228dcf41632d5723a45c119fc86fb921a`
CRC32	`3155ABC2`
ssdeep	`None`
Yara	DebuggerException__SetConsoleCtrl - (no description) win_mutex - Create or check mutex win_registry - Affect system registries win_files_operation - Affect private profile

Score

This file is very suspicious, with a score of 10 out of 10!

Please notice: The scoring system is currently still in development and should be considered an alpha feature.

Autosubmit

Parent_Task_ID:6999863

Feedback

Expecting different results? Send us this analysis and we will inspect it. Click here

Information on Execution

Analysis

Category	Started	Completed	Duration	Routing	Logs
FILE	Sept. 26, 2025, 10:39 a.m.	Sept. 26, 2025, 10:47 a.m.	453 seconds	internet	Show Analyzer Log Show Cuckoo Log

Analyzer Log

2025-09-25 07:15:52,015 [analyzer] DEBUG: Starting analyzer from: C:\tmpsftntc
2025-09-25 07:15:52,046 [analyzer] DEBUG: Pipe server name: \??\PIPE\asOZELXgGMioYNmbIB
2025-09-25 07:15:52,046 [analyzer] DEBUG: Log pipe server name: \??\PIPE\OKzKxrzQPTHKzFYoKFITHsHLaLR
2025-09-25 07:15:52,046 [analyzer] DEBUG: No analysis package specified, trying to detect it automagically.
2025-09-25 07:15:52,046 [analyzer] INFO: Automatically selected analysis package "exe"
2025-09-25 07:15:52,453 [analyzer] DEBUG: Started auxiliary module Curtain
2025-09-25 07:15:52,453 [analyzer] DEBUG: Started auxiliary module DbgView
2025-09-25 07:15:52,953 [analyzer] DEBUG: Started auxiliary module Disguise
2025-09-25 07:15:53,171 [analyzer] DEBUG: Loaded monitor into process with pid 508
2025-09-25 07:15:53,171 [analyzer] DEBUG: Started auxiliary module DumpTLSMasterSecrets
2025-09-25 07:15:53,171 [analyzer] DEBUG: Started auxiliary module Human
2025-09-25 07:15:53,171 [analyzer] DEBUG: Started auxiliary module InstallCertificate
2025-09-25 07:15:53,171 [analyzer] DEBUG: Started auxiliary module Reboot
2025-09-25 07:15:53,217 [analyzer] DEBUG: Started auxiliary module RecentFiles
2025-09-25 07:15:53,217 [analyzer] DEBUG: Started auxiliary module Screenshots
2025-09-25 07:15:53,217 [analyzer] DEBUG: Started auxiliary module Sysmon
2025-09-25 07:15:53,217 [analyzer] DEBUG: Started auxiliary module LoadZer0m0n
2025-09-25 07:15:53,453 [lib.api.process] INFO: Successfully executed process from path u'C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\31777b18b82c23e2_z8dvsxk girls glans .mpeg.exe' with arguments '' and pid 2444
2025-09-25 07:15:53,625 [analyzer] DEBUG: Loaded monitor into process with pid 2444
2025-09-25 07:15:54,250 [analyzer] INFO: Added new file to list with pid 2444 and path C:\Windows6g2yf6t03h
2025-09-25 07:15:54,375 [analyzer] INFO: Added new file to list with pid 2444 and path C:\Program Files\Common Files\Microsoft Shared\q7tcmc0 beast horse girls sjubxan5vwor .rar.exe
2025-09-25 07:15:54,608 [analyzer] INFO: Added new file to list with pid 2444 and path C:\Program Files\DVD Maker\Shared\sperm m5v129k srpvkzygmcsw young  (q922zop0f).zip.exe
2025-09-25 07:15:55,530 [analyzer] INFO: Added new file to list with pid 2444 and path C:\Program Files\Microsoft Office\Templates\1lwbqss7 porn 4fq06c hot (!) boobs kgh6zo8 .mpg.exe
2025-09-25 07:15:55,562 [analyzer] INFO: Added new file to list with pid 2444 and path C:\Program Files\Microsoft Office\Templates\1033\ONENOTE\14\Notebook Templates\6mw7u7 xxx m5v129k uncut xf2v5u7  (Sarah,Sandy).rar.exe
2025-09-25 07:15:55,812 [analyzer] INFO: Added new file to list with pid 2444 and path C:\Program Files\Windows Journal\Templates\xiwlzi0 6r3apw4 mtu2oyuh5 hot (!) 5n10bh  (v89zo5).mpeg.exe
2025-09-25 07:15:56,000 [analyzer] INFO: Injected into process with pid 1068 and name ''
2025-09-25 07:15:56,828 [analyzer] INFO: Added new file to list with pid 2444 and path C:\Program Files\Windows Sidebar\Shared Gadgets\7smpob5w cum 4fq06c uncut 5n10bh lady .mpeg.exe
2025-09-25 07:15:56,921 [analyzer] INFO: Added new file to list with pid 2444 and path C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\beast hot (!) n12wc0jz71 .zip.exe
2025-09-25 07:15:56,953 [analyzer] DEBUG: Loaded monitor into process with pid 1068
2025-09-25 07:15:57,687 [analyzer] INFO: Added new file to list with pid 2444 and path C:\Program Files (x86)\Common Files\microsoft shared\wluwp0ne horse [milf] latex .zip.exe
2025-09-25 07:19:12,453 [analyzer] INFO: Analysis timeout hit, terminating analysis.
2025-09-25 07:19:14,187 [analyzer] INFO: Terminating remaining processes before shutdown.
2025-09-25 07:19:14,187 [lib.api.process] INFO: Successfully terminated process with pid 2444.
2025-09-25 07:19:14,187 [lib.api.process] INFO: Successfully terminated process with pid 1068.
2025-09-25 07:19:14,546 [analyzer] INFO: Analysis completed.

Cuckoo Log

2025-09-26 10:39:35,226 [cuckoo.core.scheduler] INFO: Task #7007509: acquired machine win7x6421 (label=win7x6421)
2025-09-26 10:39:35,227 [cuckoo.core.resultserver] DEBUG: Now tracking machine 192.168.168.221 for task #7007509
2025-09-26 10:39:36,622 [cuckoo.auxiliary.sniffer] INFO: Started sniffer with PID 3879000 (interface=vboxnet0, host=192.168.168.221)
2025-09-26 10:39:37,904 [cuckoo.machinery.virtualbox] DEBUG: Starting vm win7x6421
2025-09-26 10:39:39,452 [cuckoo.machinery.virtualbox] DEBUG: Restoring virtual machine win7x6421 to vmcloak
2025-09-26 10:41:23,786 [cuckoo.core.guest] INFO: Starting analysis #7007509 on guest (id=win7x6421, ip=192.168.168.221)
2025-09-26 10:41:24,879 [cuckoo.core.guest] DEBUG: win7x6421: not ready yet
2025-09-26 10:41:29,923 [cuckoo.core.guest] INFO: Guest is running Cuckoo Agent 0.10 (id=win7x6421, ip=192.168.168.221)
2025-09-26 10:41:30,033 [cuckoo.core.guest] DEBUG: Uploading analyzer to guest (id=win7x6421, ip=192.168.168.221, monitor=latest, size=6660546)
2025-09-26 10:41:31,741 [cuckoo.core.resultserver] DEBUG: Task #7007509: live log analysis.log initialized.
2025-09-26 10:41:32,950 [cuckoo.core.resultserver] DEBUG: Task #7007509 is sending a BSON stream
2025-09-26 10:41:40,458 [cuckoo.core.resultserver] DEBUG: Task #7007509 is sending a BSON stream
2025-09-26 10:41:40,503 [cuckoo.core.resultserver] DEBUG: Task #7007509: File upload for 'shots/0001.jpg'
2025-09-26 10:41:40,522 [cuckoo.core.resultserver] DEBUG: Task #7007509 is sending a BSON stream
2025-09-26 10:41:41,430 [cuckoo.core.resultserver] DEBUG: Task #7007509 uploaded file length: 133469
2025-09-26 10:41:47,367 [cuckoo.core.guest] DEBUG: win7x6421: analysis #7007509 still processing
2025-09-26 10:42:04,650 [cuckoo.core.guest] DEBUG: win7x6421: analysis #7007509 still processing
2025-09-26 10:42:21,528 [cuckoo.core.guest] DEBUG: win7x6421: analysis #7007509 still processing
2025-09-26 10:42:37,057 [cuckoo.core.guest] DEBUG: win7x6421: analysis #7007509 still processing
2025-09-26 10:42:52,728 [cuckoo.core.guest] DEBUG: win7x6421: analysis #7007509 still processing
2025-09-26 10:43:08,184 [cuckoo.core.guest] DEBUG: win7x6421: analysis #7007509 still processing
2025-09-26 10:43:24,475 [cuckoo.core.guest] DEBUG: win7x6421: analysis #7007509 still processing
2025-09-26 10:43:40,360 [cuckoo.core.guest] DEBUG: win7x6421: analysis #7007509 still processing
2025-09-26 10:43:56,183 [cuckoo.core.guest] DEBUG: win7x6421: analysis #7007509 still processing
2025-09-26 10:44:12,188 [cuckoo.core.guest] DEBUG: win7x6421: analysis #7007509 still processing
2025-09-26 10:44:27,555 [cuckoo.core.guest] DEBUG: win7x6421: analysis #7007509 still processing
2025-09-26 10:44:43,054 [cuckoo.core.guest] DEBUG: win7x6421: analysis #7007509 still processing
2025-09-26 10:44:53,676 [cuckoo.core.resultserver] DEBUG: Task #7007509: File upload for 'curtain/1758777552.64.curtain.log'
2025-09-26 10:44:53,761 [cuckoo.core.resultserver] DEBUG: Task #7007509 uploaded file length: 36
2025-09-26 10:44:53,766 [cuckoo.core.resultserver] DEBUG: Task #7007509: File upload for 'sysmon/1758777553.31.sysmon.xml'
2025-09-26 10:44:53,842 [cuckoo.core.resultserver] DEBUG: Task #7007509 uploaded file length: 8602074
2025-09-26 10:44:53,995 [cuckoo.core.resultserver] DEBUG: Task #7007509: File upload for 'files/e1bae4fe3290bb2a_7smpob5w cum 4fq06c uncut 5n10bh lady .mpeg.exe'
2025-09-26 10:44:54,014 [cuckoo.core.resultserver] DEBUG: Task #7007509 uploaded file length: 1812689
2025-09-26 10:44:54,030 [cuckoo.core.resultserver] DEBUG: Task #7007509: File upload for 'files/93e7df265d7624ac_1lwbqss7 porn 4fq06c hot (!) boobs kgh6zo8 .mpg.exe'
2025-09-26 10:44:54,042 [cuckoo.core.resultserver] DEBUG: Task #7007509 uploaded file length: 1235183
2025-09-26 10:44:54,050 [cuckoo.core.resultserver] DEBUG: Task #7007509: File upload for 'files/10d7facdd59b717c_6mw7u7 xxx m5v129k uncut xf2v5u7  (sarah,sandy).rar.exe'
2025-09-26 10:44:54,057 [cuckoo.core.resultserver] DEBUG: Task #7007509 uploaded file length: 509013
2025-09-26 10:44:54,063 [cuckoo.core.resultserver] DEBUG: Task #7007509: File upload for 'files/d5af08d5e2459f78_wluwp0ne horse [milf] latex .zip.exe'
2025-09-26 10:44:54,069 [cuckoo.core.resultserver] DEBUG: Task #7007509 uploaded file length: 741342
2025-09-26 10:44:54,090 [cuckoo.core.resultserver] DEBUG: Task #7007509: File upload for 'files/10714abd066d213f_q7tcmc0 beast horse girls sjubxan5vwor .rar.exe'
2025-09-26 10:44:54,146 [cuckoo.core.resultserver] DEBUG: Task #7007509 uploaded file length: 2064447
2025-09-26 10:44:54,154 [cuckoo.core.resultserver] DEBUG: Task #7007509: File upload for 'files/f41729e0b4f50d46_windows6g2yf6t03h'
2025-09-26 10:44:54,160 [cuckoo.core.resultserver] DEBUG: Task #7007509 uploaded file length: 522659
2025-09-26 10:44:54,163 [cuckoo.core.resultserver] DEBUG: Task #7007509: File upload for 'files/09985fb6a8d9c713_beast hot (!) n12wc0jz71 .zip.exe'
2025-09-26 10:44:54,172 [cuckoo.core.resultserver] DEBUG: Task #7007509 uploaded file length: 928316
2025-09-26 10:44:54,180 [cuckoo.core.resultserver] DEBUG: Task #7007509: File upload for 'files/683250ccf095e497_sperm m5v129k srpvkzygmcsw young  (q922zop0f).zip.exe'
2025-09-26 10:44:54,201 [cuckoo.core.resultserver] DEBUG: Task #7007509 uploaded file length: 1699174
2025-09-26 10:44:54,208 [cuckoo.core.resultserver] DEBUG: Task #7007509: File upload for 'files/b0b1ed11bc1461dd_xiwlzi0 6r3apw4 mtu2oyuh5 hot (!) 5n10bh  (v89zo5).mpeg.exe'
2025-09-26 10:44:54,213 [cuckoo.core.resultserver] DEBUG: Task #7007509 uploaded file length: 378331
2025-09-26 10:44:54,239 [cuckoo.core.resultserver] DEBUG: Task #7007509 had connection reset for <Context for LOG>
2025-09-26 10:44:55,855 [cuckoo.core.guest] INFO: win7x6421: analysis completed successfully
2025-09-26 10:44:55,869 [cuckoo.core.plugins] DEBUG: Stopped auxiliary module: Redsocks
2025-09-26 10:44:55,924 [cuckoo.core.plugins] DEBUG: Stopped auxiliary module: Sniffer
2025-09-26 10:44:58,135 [cuckoo.machinery.virtualbox] INFO: Successfully generated memory dump for virtual machine with label win7x6421 to path /srv/cuckoo/cwd/storage/analyses/7007509/memory.dmp
2025-09-26 10:44:58,137 [cuckoo.machinery.virtualbox] DEBUG: Stopping vm win7x6421
2025-09-26 10:47:04,394 [cuckoo.core.resultserver] DEBUG: Stopped tracking machine 192.168.168.221 for task #7007509
2025-09-26 10:47:04,863 [cuckoo.core.scheduler] DEBUG: Released database task #7007509
2025-09-26 10:47:04,890 [cuckoo.core.scheduler] INFO: Task #7007509: analysis procedure completed

Signatures

Yara rules detected for file (4 events)

description	(no description)	rule	DebuggerException__SetConsoleCtrl
description	Create or check mutex	rule	win_mutex
description	Affect system registries	rule	win_registry
description	Affect private profile	rule	win_files_operation

The executable contains unknown PE section names indicative of a packer (could be a false positive) (2 events)

section	.text\x00\xe5\xfb
section	.data\x00E\x86

The executable uses a known packer (1 event)

packer

Pelles C 3.00, 4.00, 4.50 EXE (X86 CRT-LIB)

Creates executable files on the filesystem (8 events)

file	C:\Program Files\Windows Sidebar\Shared Gadgets\7smpob5w cum 4fq06c uncut 5n10bh lady .mpeg.exe
file	C:\Program Files\Microsoft Office\Templates\1lwbqss7 porn 4fq06c hot (!) boobs kgh6zo8 .mpg.exe
file	C:\Program Files\Microsoft Office\Templates\1033\ONENOTE\14\Notebook Templates\6mw7u7 xxx m5v129k uncut xf2v5u7 (Sarah,Sandy).rar.exe
file	C:\Program Files (x86)\Common Files\microsoft shared\wluwp0ne horse [milf] latex .zip.exe
file	C:\Program Files\Common Files\Microsoft Shared\q7tcmc0 beast horse girls sjubxan5vwor .rar.exe
file	C:\Program Files\DVD Maker\Shared\sperm m5v129k srpvkzygmcsw young (q922zop0f).zip.exe
file	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\beast hot (!) n12wc0jz71 .zip.exe
file	C:\Program Files\Windows Journal\Templates\xiwlzi0 6r3apw4 mtu2oyuh5 hot (!) 5n10bh (v89zo5).mpeg.exe

Searches running processes potentially to identify processes for sandbox evasion, code injection or memory dumping (31 events)

Time & API	Arguments	Status	Return
Process32NextW Sept. 25, 2025, 8:15 a.m.	snapshot_handle: 0x00000140 process_name: csrss.exe process_identifier: 360	1	1
Process32NextW Sept. 25, 2025, 8:15 a.m.	snapshot_handle: 0x00000140 process_name: wininit.exe process_identifier: 388	1	1
Process32NextW Sept. 25, 2025, 8:15 a.m.	snapshot_handle: 0x00000140 process_name: services.exe process_identifier: 492	1	1
Process32NextW Sept. 25, 2025, 8:15 a.m.	snapshot_handle: 0x00000140 process_name: lsass.exe process_identifier: 508	1	1
Process32NextW Sept. 25, 2025, 8:15 a.m.	snapshot_handle: 0x00000140 process_name: lsm.exe process_identifier: 516	1	1
Process32NextW Sept. 25, 2025, 8:15 a.m.	snapshot_handle: 0x00000140 process_name: svchost.exe process_identifier: 692	1	1
Process32NextW Sept. 25, 2025, 8:15 a.m.	snapshot_handle: 0x00000140 process_name: svchost.exe process_identifier: 772	1	1
Process32NextW Sept. 25, 2025, 8:15 a.m.	snapshot_handle: 0x00000140 process_name: svchost.exe process_identifier: 872	1	1
Process32NextW Sept. 25, 2025, 8:15 a.m.	snapshot_handle: 0x00000140 process_name: svchost.exe process_identifier: 908	1	1
Process32NextW Sept. 25, 2025, 8:15 a.m.	snapshot_handle: 0x00000140 process_name: svchost.exe process_identifier: 352	1	1
Process32NextW Sept. 25, 2025, 8:15 a.m.	snapshot_handle: 0x00000140 process_name: spoolsv.exe process_identifier: 1056	1	1
Process32NextW Sept. 25, 2025, 8:15 a.m.	snapshot_handle: 0x00000140 process_name: sysmon.exe process_identifier: 1236	1	1
Process32NextW Sept. 25, 2025, 8:15 a.m.	snapshot_handle: 0x00000140 process_name: dwm.exe process_identifier: 1572	1	1
Process32NextW Sept. 25, 2025, 8:15 a.m.	snapshot_handle: 0x00000140 process_name: taskhost.exe process_identifier: 1596	1	1
Process32NextW Sept. 25, 2025, 8:15 a.m.	snapshot_handle: 0x00000140 process_name: explorer.exe process_identifier: 1696	1	1
Process32NextW Sept. 25, 2025, 8:15 a.m.	snapshot_handle: 0x00000140 process_name: unsecapp.exe process_identifier: 1740	1	1
Process32NextW Sept. 25, 2025, 8:15 a.m.	snapshot_handle: 0x00000140 process_name: svchost.exe process_identifier: 1972	1	1
Process32NextW Sept. 25, 2025, 8:15 a.m.	snapshot_handle: 0x00000140 process_name: SearchIndexer.exe process_identifier: 2208	1	1
Process32NextW Sept. 25, 2025, 8:15 a.m.	snapshot_handle: 0x00000140 process_name: svchost.exe process_identifier: 1816	1	1
Process32NextW Sept. 25, 2025, 8:15 a.m.	snapshot_handle: 0x00000140 process_name: mscorsvw.exe process_identifier: 1956	1	1
Process32NextW Sept. 25, 2025, 8:15 a.m.	snapshot_handle: 0x00000140 process_name: mscorsvw.exe process_identifier: 2532	1	1
Process32NextW Sept. 25, 2025, 8:15 a.m.	snapshot_handle: 0x00000140 process_name: sppsvc.exe process_identifier: 2596	1	1
Process32NextW Sept. 25, 2025, 8:15 a.m.	snapshot_handle: 0x00000140 process_name: WmiPrvSE.exe process_identifier: 1912	1	1
Process32NextW Sept. 25, 2025, 8:15 a.m.	snapshot_handle: 0x00000140 process_name: mobsync.exe process_identifier: 2504	1	1
Process32NextW Sept. 25, 2025, 8:15 a.m.	snapshot_handle: 0x00000140 process_name: pythonw.exe process_identifier: 552	1	1
Process32NextW Sept. 25, 2025, 8:15 a.m.	snapshot_handle: 0x00000140 process_name: taskhost.exe process_identifier: 2340	1	1
Process32NextW Sept. 25, 2025, 8:15 a.m.	snapshot_handle: 0x00000140 process_name: SearchProtocolHost.exe process_identifier: 2516	1	1
Process32NextW Sept. 25, 2025, 8:15 a.m.	snapshot_handle: 0x00000140 process_name: SearchFilterHost.exe process_identifier: 2892	1	1
Process32NextW Sept. 25, 2025, 8:15 a.m.	snapshot_handle: 0x00000140 process_name: 31777b18b82c23e2_z8dvsxk girls glans .mpeg.exe process_identifier: 2444	1	1
Process32NextW Sept. 25, 2025, 8:15 a.m.	snapshot_handle: 0x00000164 process_name: 31777b18b82c23e2_z8dvsxk girls glans .mpeg.exe process_identifier: 1068	1	1
Process32NextW Sept. 25, 2025, 8:19 a.m.	snapshot_handle: 0x00000284 process_name: conhost.exe process_identifier: 3068	1	1

Repeatedly searches for a not-found process, you may want to run a web browser during analysis (50 out of 197 events)

Time & API	Arguments	Status	Return	Repeated
Process32NextW Sept. 25, 2025, 8:15 a.m.	snapshot_handle: 0x00000140 process_name: 31777b18b82c23e2_z8dvsxk girls glans .mpeg.exe process_identifier: 2444		0	0
Process32NextW Sept. 25, 2025, 8:15 a.m.	snapshot_handle: 0x00000164 process_name: 31777b18b82c23e2_z8dvsxk girls glans .mpeg.exe process_identifier: 3020		0	0
Process32NextW Sept. 25, 2025, 8:16 a.m.	snapshot_handle: 0x000002a8 process_name: 31777b18b82c23e2_z8dvsxk girls glans .mpeg.exe process_identifier: 3020		0	0
Process32NextW Sept. 25, 2025, 8:16 a.m.	snapshot_handle: 0x000002a8 process_name: 31777b18b82c23e2_z8dvsxk girls glans .mpeg.exe process_identifier: 3020		0	0
Process32NextW Sept. 25, 2025, 8:16 a.m.	snapshot_handle: 0x000002a8 process_name: 31777b18b82c23e2_z8dvsxk girls glans .mpeg.exe process_identifier: 3020		0	0
Process32NextW Sept. 25, 2025, 8:16 a.m.	snapshot_handle: 0x000002a8 process_name: 31777b18b82c23e2_z8dvsxk girls glans .mpeg.exe process_identifier: 3020		0	0
Process32NextW Sept. 25, 2025, 8:16 a.m.	snapshot_handle: 0x000002a8 process_name: 31777b18b82c23e2_z8dvsxk girls glans .mpeg.exe process_identifier: 3020		0	0
Process32NextW Sept. 25, 2025, 8:16 a.m.	snapshot_handle: 0x000002a8 process_name: 31777b18b82c23e2_z8dvsxk girls glans .mpeg.exe process_identifier: 3020		0	0
Process32NextW Sept. 25, 2025, 8:16 a.m.	snapshot_handle: 0x000002a8 process_name: 31777b18b82c23e2_z8dvsxk girls glans .mpeg.exe process_identifier: 3020		0	0
Process32NextW Sept. 25, 2025, 8:16 a.m.	snapshot_handle: 0x000002a8 process_name: 31777b18b82c23e2_z8dvsxk girls glans .mpeg.exe process_identifier: 3020		0	0
Process32NextW Sept. 25, 2025, 8:16 a.m.	snapshot_handle: 0x000002a8 process_name: 31777b18b82c23e2_z8dvsxk girls glans .mpeg.exe process_identifier: 3020		0	0
Process32NextW Sept. 25, 2025, 8:16 a.m.	snapshot_handle: 0x000002a8 process_name: 31777b18b82c23e2_z8dvsxk girls glans .mpeg.exe process_identifier: 3020		0	0
Process32NextW Sept. 25, 2025, 8:16 a.m.	snapshot_handle: 0x000002a8 process_name: 31777b18b82c23e2_z8dvsxk girls glans .mpeg.exe process_identifier: 3020		0	0
Process32NextW Sept. 25, 2025, 8:16 a.m.	snapshot_handle: 0x000002a8 process_name: 31777b18b82c23e2_z8dvsxk girls glans .mpeg.exe process_identifier: 3020		0	0
Process32NextW Sept. 25, 2025, 8:16 a.m.	snapshot_handle: 0x00000164 process_name: 31777b18b82c23e2_z8dvsxk girls glans .mpeg.exe process_identifier: 3020		0	0
Process32NextW Sept. 25, 2025, 8:16 a.m.	snapshot_handle: 0x00000164 process_name: 31777b18b82c23e2_z8dvsxk girls glans .mpeg.exe process_identifier: 3020		0	0
Process32NextW Sept. 25, 2025, 8:16 a.m.	snapshot_handle: 0x00000164 process_name: 31777b18b82c23e2_z8dvsxk girls glans .mpeg.exe process_identifier: 3020		0	0
Process32NextW Sept. 25, 2025, 8:16 a.m.	snapshot_handle: 0x00000164 process_name: 31777b18b82c23e2_z8dvsxk girls glans .mpeg.exe process_identifier: 3020		0	0
Process32NextW Sept. 25, 2025, 8:16 a.m.	snapshot_handle: 0x00000164 process_name: 31777b18b82c23e2_z8dvsxk girls glans .mpeg.exe process_identifier: 3020		0	0
Process32NextW Sept. 25, 2025, 8:16 a.m.	snapshot_handle: 0x00000164 process_name: 31777b18b82c23e2_z8dvsxk girls glans .mpeg.exe process_identifier: 3020		0	0
Process32NextW Sept. 25, 2025, 8:16 a.m.	snapshot_handle: 0x00000164 process_name: 31777b18b82c23e2_z8dvsxk girls glans .mpeg.exe process_identifier: 3020		0	0
Process32NextW Sept. 25, 2025, 8:16 a.m.	snapshot_handle: 0x00000164 process_name: 31777b18b82c23e2_z8dvsxk girls glans .mpeg.exe process_identifier: 3020		0	0
Process32NextW Sept. 25, 2025, 8:16 a.m.	snapshot_handle: 0x00000164 process_name: 31777b18b82c23e2_z8dvsxk girls glans .mpeg.exe process_identifier: 3020		0	0
Process32NextW Sept. 25, 2025, 8:16 a.m.	snapshot_handle: 0x00000164 process_name: 31777b18b82c23e2_z8dvsxk girls glans .mpeg.exe process_identifier: 3020		0	0
Process32NextW Sept. 25, 2025, 8:16 a.m.	snapshot_handle: 0x00000164 process_name: 31777b18b82c23e2_z8dvsxk girls glans .mpeg.exe process_identifier: 3020		0	0
Process32NextW Sept. 25, 2025, 8:16 a.m.	snapshot_handle: 0x00000164 process_name: 31777b18b82c23e2_z8dvsxk girls glans .mpeg.exe process_identifier: 3020		0	0
Process32NextW Sept. 25, 2025, 8:16 a.m.	snapshot_handle: 0x00000164 process_name: 31777b18b82c23e2_z8dvsxk girls glans .mpeg.exe process_identifier: 3020		0	0
Process32NextW Sept. 25, 2025, 8:16 a.m.	snapshot_handle: 0x00000270 process_name: 31777b18b82c23e2_z8dvsxk girls glans .mpeg.exe process_identifier: 3020		0	0
Process32NextW Sept. 25, 2025, 8:16 a.m.	snapshot_handle: 0x00000270 process_name: 31777b18b82c23e2_z8dvsxk girls glans .mpeg.exe process_identifier: 3020		0	0
Process32NextW Sept. 25, 2025, 8:16 a.m.	snapshot_handle: 0x0000025c process_name: 31777b18b82c23e2_z8dvsxk girls glans .mpeg.exe process_identifier: 3020		0	0
Process32NextW Sept. 25, 2025, 8:16 a.m.	snapshot_handle: 0x0000025c process_name: 31777b18b82c23e2_z8dvsxk girls glans .mpeg.exe process_identifier: 3020		0	0
Process32NextW Sept. 25, 2025, 8:16 a.m.	snapshot_handle: 0x0000025c process_name: 31777b18b82c23e2_z8dvsxk girls glans .mpeg.exe process_identifier: 3020		0	0
Process32NextW Sept. 25, 2025, 8:17 a.m.	snapshot_handle: 0x0000025c process_name: 31777b18b82c23e2_z8dvsxk girls glans .mpeg.exe process_identifier: 3020		0	0
Process32NextW Sept. 25, 2025, 8:17 a.m.	snapshot_handle: 0x0000025c process_name: 31777b18b82c23e2_z8dvsxk girls glans .mpeg.exe process_identifier: 3020		0	0
Process32NextW Sept. 25, 2025, 8:17 a.m.	snapshot_handle: 0x0000025c process_name: 31777b18b82c23e2_z8dvsxk girls glans .mpeg.exe process_identifier: 3020		0	0
Process32NextW Sept. 25, 2025, 8:17 a.m.	snapshot_handle: 0x0000025c process_name: 31777b18b82c23e2_z8dvsxk girls glans .mpeg.exe process_identifier: 3020		0	0
Process32NextW Sept. 25, 2025, 8:17 a.m.	snapshot_handle: 0x0000025c process_name: 31777b18b82c23e2_z8dvsxk girls glans .mpeg.exe process_identifier: 3020		0	0
Process32NextW Sept. 25, 2025, 8:17 a.m.	snapshot_handle: 0x0000025c process_name: 31777b18b82c23e2_z8dvsxk girls glans .mpeg.exe process_identifier: 3020		0	0
Process32NextW Sept. 25, 2025, 8:17 a.m.	snapshot_handle: 0x0000025c process_name: 31777b18b82c23e2_z8dvsxk girls glans .mpeg.exe process_identifier: 3020		0	0
Process32NextW Sept. 25, 2025, 8:17 a.m.	snapshot_handle: 0x0000025c process_name: 31777b18b82c23e2_z8dvsxk girls glans .mpeg.exe process_identifier: 3020		0	0
Process32NextW Sept. 25, 2025, 8:17 a.m.	snapshot_handle: 0x0000025c process_name: 31777b18b82c23e2_z8dvsxk girls glans .mpeg.exe process_identifier: 3020		0	0
Process32NextW Sept. 25, 2025, 8:17 a.m.	snapshot_handle: 0x0000025c process_name: 31777b18b82c23e2_z8dvsxk girls glans .mpeg.exe process_identifier: 3020		0	0
Process32NextW Sept. 25, 2025, 8:17 a.m.	snapshot_handle: 0x0000025c process_name: 31777b18b82c23e2_z8dvsxk girls glans .mpeg.exe process_identifier: 3020		0	0
Process32NextW Sept. 25, 2025, 8:17 a.m.	snapshot_handle: 0x0000025c process_name: 31777b18b82c23e2_z8dvsxk girls glans .mpeg.exe process_identifier: 3020		0	0
Process32NextW Sept. 25, 2025, 8:17 a.m.	snapshot_handle: 0x0000025c process_name: 31777b18b82c23e2_z8dvsxk girls glans .mpeg.exe process_identifier: 3020		0	0
Process32NextW Sept. 25, 2025, 8:17 a.m.	snapshot_handle: 0x0000025c process_name: 31777b18b82c23e2_z8dvsxk girls glans .mpeg.exe process_identifier: 3020		0	0
Process32NextW Sept. 25, 2025, 8:17 a.m.	snapshot_handle: 0x0000025c process_name: 31777b18b82c23e2_z8dvsxk girls glans .mpeg.exe process_identifier: 3020		0	0
Process32NextW Sept. 25, 2025, 8:17 a.m.	snapshot_handle: 0x000002a8 process_name: 31777b18b82c23e2_z8dvsxk girls glans .mpeg.exe process_identifier: 3020		0	0
Process32NextW Sept. 25, 2025, 8:17 a.m.	snapshot_handle: 0x000002a8 process_name: 31777b18b82c23e2_z8dvsxk girls glans .mpeg.exe process_identifier: 3020		0	0
Process32NextW Sept. 25, 2025, 8:17 a.m.	snapshot_handle: 0x000002a8 process_name: 31777b18b82c23e2_z8dvsxk girls glans .mpeg.exe process_identifier: 3020		0	0

A process attempted to delay the analysis task. (1 event)

description

31777b18b82c23e2_z8dvsxk girls glans .mpeg.exe tried to sleep 1343 seconds, actually delayed analysis time by 1343 seconds

Enumerates services, possibly for anti-virtualization (1 event)

Time & API	Arguments	Status	Return	Repeated
EnumServicesStatusA Sept. 25, 2025, 8:15 a.m.	service_handle: 0x0052cba0 service_type: 48 service_status: 1		0	0

File has been identified by 12 AntiVirus engine on IRMA as malicious (12 events)

G Data Antivirus (Windows)	Virus: Dropped:Generic.Malware.PVPk!!prn!.FE0B916D (Engine A)
Avast Core Security (Linux)	Win32:MalwareX-gen [Misc]
C4S ClamAV (Linux)	Win.Malware.Pvpk-10056926-0
Trellix (Linux)	GenericRXMK-QV
WithSecure (Linux)	Trojan.TR/Spy.Gen
eScan Antivirus (Linux)	Dropped:Generic.Malware.PVPk!!prn!.FE0B916D(DB)
ESET Security (Windows)	a variant of Win32/Agent.CP worm
DrWeb Antivirus (Linux)	Win32.HLLW.Siggen.1607
ClamAV (Linux)	Win.Malware.Pvpk-10056926-0
Bitdefender Antivirus (Linux)	Dropped:Generic.Malware.PVPk!!prn!.FE0B916D
Kaspersky Standard (Windows)	UDS:Trojan.Win32.Generic
Emsisoft Commandline Scanner (Windows)	Dropped:Generic.Malware.PVPk!!prn!.FE0B916D (B)

Screenshots

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action	VT	Location
No hosts contacted.

Browser recommendation

File 31777b18b82c23e2_z8dvsxk girls glans .mpeg.exe

Summary Download Resubmit sample

Score

Autosubmit

Feedback

Information on Execution

Analyzer Log

Cuckoo Log

Signatures

Feedback

Summary
Download Resubmit sample