Summary

5cde4f16b5fa21e6daa226b4c7b287a4419f04421e03ec45b4df21a45f75371a

File 5cde4f16b5fa21e6daa226b4c7b287a4419f04421e03ec45b4df21a45f75371a

Summary
Download Resubmit sample

Size 735.7KB
Type PE32+ executable (GUI) x86-64, for MS Windows
MD5 ec6bb6105f1d84218f696cc4c32c4dff
SHA1 2016a36590438ee9a975c31ba8f92628e50e01f5
SHA256 5cde4f16b5fa21e6daa226b4c7b287a4419f04421e03ec45b4df21a45f75371a
SHA512
586df7fb19a093fb7c1c74024eeb6dda33850d1c9462501009b42fd50fccaa7c808b794645fd46d269a298adf084d6c3e4001cff37db0a4a542fa8c41dbcbd41
CRC32 43A4C412
ssdeep None
Yara
  • anti_dbg - Checks if being debugged
  • win_registry - Affect system registries
  • win_files_operation - Affect private profile

Score

This file is very suspicious, with a score of 10 out of 10!

Please notice: The scoring system is currently still in development and should be considered an alpha feature.

Feedback

Expecting different results? Send us this analysis and we will inspect it. Click here

Information on Execution

Analysis
Category Started Completed Duration Routing Logs
FILE Dec. 20, 2025, 12:46 p.m. Dec. 20, 2025, 12:53 p.m. 368 seconds internet Show Analyzer Log
Show Cuckoo Log

Analyzer Log

2025-12-19 06:52:34,000 [analyzer] DEBUG: Starting analyzer from: C:\tmpd0os1j
2025-12-19 06:52:34,015 [analyzer] DEBUG: Pipe server name: \??\PIPE\pCaZEANBxFVfqYkPUbEjqjPqWPHtTG
2025-12-19 06:52:34,015 [analyzer] DEBUG: Log pipe server name: \??\PIPE\lGjOmhFYMAjeDXMHwtikEnqNCi
2025-12-19 06:52:34,328 [analyzer] DEBUG: Started auxiliary module Curtain
2025-12-19 06:52:34,328 [analyzer] DEBUG: Started auxiliary module DbgView
2025-12-19 06:52:34,796 [analyzer] DEBUG: Started auxiliary module Disguise
2025-12-19 06:52:35,015 [analyzer] DEBUG: Loaded monitor into process with pid 512
2025-12-19 06:52:35,015 [analyzer] DEBUG: Started auxiliary module DumpTLSMasterSecrets
2025-12-19 06:52:35,015 [analyzer] DEBUG: Started auxiliary module Human
2025-12-19 06:52:35,015 [analyzer] DEBUG: Started auxiliary module InstallCertificate
2025-12-19 06:52:35,015 [analyzer] DEBUG: Started auxiliary module Reboot
2025-12-19 06:52:35,078 [analyzer] DEBUG: Started auxiliary module RecentFiles
2025-12-19 06:52:35,078 [analyzer] DEBUG: Started auxiliary module Screenshots
2025-12-19 06:52:35,078 [analyzer] DEBUG: Started auxiliary module Sysmon
2025-12-19 06:52:35,078 [analyzer] DEBUG: Started auxiliary module LoadZer0m0n
2025-12-19 06:52:35,328 [lib.api.process] INFO: Successfully executed process from path u'C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\5cde4f16b5fa21e6daa226b4c7b287a4419f04421e03ec45b4df21a45f75371a.exe' with arguments '' and pid 2924
2025-12-19 06:52:35,562 [analyzer] DEBUG: Loaded monitor into process with pid 2924
2025-12-19 06:52:36,328 [analyzer] INFO: Process with pid 2924 has terminated
2025-12-19 06:52:36,328 [analyzer] INFO: Process list is empty, terminating analysis.
2025-12-19 06:52:37,500 [analyzer] INFO: Terminating remaining processes before shutdown.
2025-12-19 06:52:37,500 [analyzer] INFO: Analysis completed.

Cuckoo Log

2025-12-20 12:46:55,164 [cuckoo.core.scheduler] DEBUG: Task #7240218: no machine available yet
2025-12-20 12:46:56,217 [cuckoo.core.scheduler] DEBUG: Task #7240218: no machine available yet
2025-12-20 12:46:57,275 [cuckoo.core.scheduler] DEBUG: Task #7240218: no machine available yet
2025-12-20 12:46:58,334 [cuckoo.core.scheduler] DEBUG: Task #7240218: no machine available yet
2025-12-20 12:46:59,411 [cuckoo.core.scheduler] DEBUG: Task #7240218: no machine available yet
2025-12-20 12:47:00,483 [cuckoo.core.scheduler] DEBUG: Task #7240218: no machine available yet
2025-12-20 12:47:01,580 [cuckoo.core.scheduler] DEBUG: Task #7240218: no machine available yet
2025-12-20 12:47:02,818 [cuckoo.core.scheduler] INFO: Task #7240218: acquired machine win7x6429 (label=win7x6429)
2025-12-20 12:47:02,826 [cuckoo.core.resultserver] DEBUG: Now tracking machine 192.168.168.229 for task #7240218
2025-12-20 12:47:03,307 [cuckoo.auxiliary.sniffer] INFO: Started sniffer with PID 3509680 (interface=vboxnet0, host=192.168.168.229)
2025-12-20 12:47:06,753 [cuckoo.machinery.virtualbox] DEBUG: Starting vm win7x6429
2025-12-20 12:47:07,591 [cuckoo.machinery.virtualbox] DEBUG: Restoring virtual machine win7x6429 to vmcloak
2025-12-20 12:49:56,401 [cuckoo.core.guest] INFO: Starting analysis #7240218 on guest (id=win7x6429, ip=192.168.168.229)
2025-12-20 12:49:57,406 [cuckoo.core.guest] DEBUG: win7x6429: not ready yet
2025-12-20 12:50:02,428 [cuckoo.core.guest] INFO: Guest is running Cuckoo Agent 0.10 (id=win7x6429, ip=192.168.168.229)
2025-12-20 12:50:02,501 [cuckoo.core.guest] DEBUG: Uploading analyzer to guest (id=win7x6429, ip=192.168.168.229, monitor=latest, size=6660546)
2025-12-20 12:50:03,780 [cuckoo.core.resultserver] DEBUG: Task #7240218: live log analysis.log initialized.
2025-12-20 12:50:04,748 [cuckoo.core.resultserver] DEBUG: Task #7240218 is sending a BSON stream
2025-12-20 12:50:05,242 [cuckoo.core.resultserver] DEBUG: Task #7240218 is sending a BSON stream
2025-12-20 12:50:05,992 [cuckoo.core.resultserver] DEBUG: Task #7240218: File upload for 'shots/0001.jpg'
2025-12-20 12:50:06,026 [cuckoo.core.resultserver] DEBUG: Task #7240218 uploaded file length: 133413
2025-12-20 12:50:07,197 [cuckoo.core.resultserver] DEBUG: Task #7240218: File upload for 'curtain/1766123557.39.curtain.log'
2025-12-20 12:50:07,200 [cuckoo.core.resultserver] DEBUG: Task #7240218 uploaded file length: 36
2025-12-20 12:50:07,290 [cuckoo.core.resultserver] DEBUG: Task #7240218: File upload for 'sysmon/1766123557.48.sysmon.xml'
2025-12-20 12:50:07,296 [cuckoo.core.resultserver] DEBUG: Task #7240218 uploaded file length: 258696
2025-12-20 12:50:08,093 [cuckoo.core.resultserver] DEBUG: Task #7240218 had connection reset for <Context for LOG>
2025-12-20 12:50:09,458 [cuckoo.core.guest] INFO: win7x6429: analysis completed successfully
2025-12-20 12:50:09,469 [cuckoo.core.plugins] DEBUG: Stopped auxiliary module: Redsocks
2025-12-20 12:50:09,580 [cuckoo.core.plugins] DEBUG: Stopped auxiliary module: Sniffer
2025-12-20 12:50:10,831 [cuckoo.machinery.virtualbox] INFO: Successfully generated memory dump for virtual machine with label win7x6429 to path /srv/cuckoo/cwd/storage/analyses/7240218/memory.dmp
2025-12-20 12:50:10,833 [cuckoo.machinery.virtualbox] DEBUG: Stopping vm win7x6429
2025-12-20 12:53:02,941 [cuckoo.core.resultserver] DEBUG: Stopped tracking machine 192.168.168.229 for task #7240218
2025-12-20 12:53:03,757 [cuckoo.core.scheduler] DEBUG: Released database task #7240218
2025-12-20 12:53:03,795 [cuckoo.core.scheduler] INFO: Task #7240218: analysis procedure completed

Signatures

Yara rules detected for file (3 events)
description Checks if being debugged rule anti_dbg
description Affect system registries rule win_registry
description Affect private profile rule win_files_operation
The executable contains unknown PE section names indicative of a packer (could be a false positive) (3 events)
section .fptable
section .retplne
section _RDATA
One or more processes crashed (1 event)
Time & API Arguments Status Return Repeated

__exception__

 stacktrace: 
5cde4f16b5fa21e6daa226b4c7b287a4419f04421e03ec45b4df21a45f75371a+0xac00 @ 0x14000ac00
5cde4f16b5fa21e6daa226b4c7b287a4419f04421e03ec45b4df21a45f75371a+0x11c8 @ 0x1400011c8
5cde4f16b5fa21e6daa226b4c7b287a4419f04421e03ec45b4df21a45f75371a+0x14061 @ 0x140014061
5cde4f16b5fa21e6daa226b4c7b287a4419f04421e03ec45b4df21a45f75371a+0x1fb76 @ 0x14001fb76
5cde4f16b5fa21e6daa226b4c7b287a4419f04421e03ec45b4df21a45f75371a+0x1a82c @ 0x14001a82c
BaseThreadInitThunk+0xd CreateThread-0x53 kernel32+0x1652d @ 0x76d1652d
RtlUserThreadStart+0x21 strchr-0x3df ntdll+0x2c541 @ 0x76f4c541

exception.instruction_r: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
exception.symbol: 5cde4f16b5fa21e6daa226b4c7b287a4419f04421e03ec45b4df21a45f75371a+0xac00
exception.instruction: add byte ptr [rax], al
exception.module: 5cde4f16b5fa21e6daa226b4c7b287a4419f04421e03ec45b4df21a45f75371a.exe
exception.exception_code: 0xc0000005
exception.offset: 44032
exception.address: 0x14000ac00
registers.r14: 0
registers.r15: 0
registers.rcx: 1244768
registers.rsi: 0
registers.r10: 219017360479911
registers.rbx: 0
registers.rsp: 1245152
registers.r11: 2861728
registers.r8: 25
registers.r9: 261
registers.rdx: 261
registers.r12: 0
registers.rbp: 0
registers.rdi: 0
registers.rax: 0
registers.r13: 0
1 0 0
File has been identified by 12 AntiVirus engine on IRMA as malicious (12 events)
G Data Antivirus (Windows) Virus: Trojan.GenericKDZ.114419 (Engine A)
Avast Core Security (Linux) Win64:MalwareX-gen [Cryp]
C4S ClamAV (Linux) C4S.MALWARE.SHA256.AUTOGEN.65242932.UNOFFICIAL
Trellix (Linux) Trojan-JAPY
eScan Antivirus (Linux) Trojan.GenericKDZ.114419(DB)
ESET Security (Windows) a variant of Win64/Kryptik.FQF trojan
Sophos Anti-Virus (Linux) Mal/Generic-S
DrWeb Antivirus (Linux) Trojan.Inject6.1996
ClamAV (Linux) Win.Packed.njRAT-10002074-1
Bitdefender Antivirus (Linux) Trojan.GenericKDZ.114419
Kaspersky Standard (Windows) HEUR:Trojan.MSIL.Convagent.gen
Emsisoft Commandline Scanner (Windows) Trojan.GenericKDZ.114419 (B)
File has been identified by 55 AntiVirus engines on VirusTotal as malicious (50 out of 55 events)
Bkav W64.AIDetectMalware
Lionic Trojan.Win32.Fsysna.tsUM
Cynet Malicious (score: 100)
Skyhigh BehavesLike.Win64.Generic.bh
ALYac Trojan.GenericKDZ.114419
Cylance Unsafe
VIPRE Trojan.GenericKDZ.114419
Sangfor Trojan.Win64.Xworm.Vq0y
CrowdStrike win/malicious_confidence_90% (W)
BitDefender Trojan.GenericKDZ.114419
K7GW Trojan ( 005cf5221 )
K7AntiVirus Trojan ( 005cf5221 )
Arcabit Trojan.Generic.D1BEF3
VirIT Trojan.Win64.Genus.ITG
Symantec Downloader.XWorm!gen4
Elastic malicious (high confidence)
ESET-NOD32 Win64/Kryptik.FQF trojan
APEX Malicious
Avast Win32:MalwareX-gen [Misc]
ClamAV Win.Packed.njRAT-10002074-1
Kaspersky UDS:Trojan.MSIL.Convagent.gen
Alibaba Trojan:Win64/Xworm.34cb2304
NANO-Antivirus Trojan.Win64.Kryptik.leplwv
SUPERAntiSpyware Backdoor.Bot/Variant
MicroWorld-eScan Trojan.GenericKDZ.114419
Rising Backdoor.XWorm!1.129F7 (CLASSIC)
Emsisoft Trojan.GenericKDZ.114419 (B)
DrWeb Trojan.Inject6.1996
Zillya Trojan.Kryptik.Win64.67320
McAfeeD ti!5CDE4F16B5FA
Trapmine malicious.moderate.ml.score
CTX exe.trojan.kryptik
Sophos Mal/Generic-S
SentinelOne Static AI - Malicious PE
Jiangmin Worm.MSIL.yhc
Webroot W32.Malware.gen
Google Detected
Kingsoft MSIL.Trojan.Convagent.gen
Gridinsoft Trojan.Win64.Kryptik.oa!s4
Microsoft Trojan:Win64/Xworm.ZBO!MTB
GData Trojan.GenericKDZ.114419
Varist W64/ARisk.CH
AhnLab-V3 Backdoor/Win.XWorm.R719793
DeepInstinct MALICIOUS
Malwarebytes Backdoor.Agent
Ikarus Trojan.Win64.Krypt
Panda Trj/GdSda.A
Tencent Trojan.Msil.Xworm.16001415
TrellixENS Trojan-JAPY!EC6BB6105F1D
huorong Backdoor/XWorm.c
Screenshots
Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action VT Location
No hosts contacted.
Cuckoo

We're processing your submission... This could take a few seconds.