popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Cacheman.txt

Gen1
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6402 April 24, 2021, 5:56 p.m. April 24, 2021, 6:01 p.m.
Size 2.5MB
Type PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
MD5 ae8f9d9b8344d52f0872dfdc852e1dd4
SHA256 95b5d0e36464afc8391a9d056926e5859506ead18937669554bde42f7a6d135b
CRC32 508EF4EC
ssdeep 49152:qFUy7w/OQkyXuS18WPu8vE2uajZ3/qUlppUAr/n7oi/dyXUETzBJi3:qFnekR+08s2uaX9tdyZTzBJi3
Yara
  • PE_Header_Zero - PE File Signature Zero
  • IsPE32 - (no description)
  • IsWindowsGUI - (no description)
  • IsPacked - Entropy Check
  • HasOverlay - Overlay Check
  • HasRichSignature - Rich Signature Check
  • escalate_priv - Escalade priviledges
  • screenshot - Take screenshot
  • win_registry - Affect system registries
  • win_token - Affect system token
  • win_private_profile - Affect private profile
  • win_files_operation - Affect private profile

Name Response Post-Analysis Lookup
vladisfoxlink.ru
A 45.85.90.225
45.85.90.225
IP Address Status Action
164.124.101.2 Active Moloch
172.217.25.14 Active Moloch
45.85.90.225 Active Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Time & API Arguments Status Return Repeated

GlobalMemoryStatusEx

 1 1 0
section .ndata
Time & API Arguments Status Return Repeated

__exception__

 stacktrace: 
New_wininet_InternetSetOptionA@16+0x91 New_wininet_InternetSetStatusCallback@8-0x6a @ 0x729ca889
InternetSetOptionW+0xe0 InternetQueryOptionW-0x54 wininet+0x3536a @ 0x7514536a
cachemancontrolpanel+0x87cc @ 0x4087cc

exception.instruction_r: 8b 1b 89 5d 98 c7 45 fc fe ff ff ff 85 c9 0f 85
exception.instruction: mov ebx, dword ptr [ebx]
exception.exception_code: 0xc0000005
exception.symbol: InternetOpenA+0x731 InternetCrackUrlA-0x2565 wininet+0x1dd19
exception.address: 0x7512dd19
registers.esp: 1633216
registers.edi: 0
registers.eax: 1
registers.ebp: 1633464
registers.edx: 0
registers.ebx: 1000
registers.esi: 2
registers.ecx: 9196240
1 0 0
domain vladisfoxlink.ru description Russian Federation domain TLD
Time & API Arguments Status Return Repeated

NtProtectVirtualMemory

 process_identifier: 4244
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x73772000
process_handle: 0xffffffff
1 0 0
file C:\Users\test22\AppData\Roaming\CachemanControlPanel\libgstcontroller-1.0-0.dll
file C:\Users\test22\AppData\Roaming\CachemanControlPanel\libgcc_s_seh-1.dll
file C:\Users\test22\AppData\Roaming\CachemanControlPanel\Qt5Concurrentd.dll
file C:\Users\test22\AppData\Roaming\CachemanControlPanel\libogg-0.dll
file C:\Users\test22\AppData\Roaming\CachemanControlPanel\libgraph31.dll
file C:\Users\test22\AppData\Roaming\CachemanControlPanel\dxgi.dll
file C:\Users\test22\AppData\Roaming\CachemanControlPanel\zlib.dll
file C:\Users\test22\AppData\Roaming\CachemanControlPanel\libblkmaker-0.1-6.dll
file C:\Users\test22\AppData\Roaming\CachemanControlPanel\CachemanControlPanel.exe
file C:\Users\test22\AppData\Roaming\CachemanControlPanel\libxml3.dll
file C:\Users\test22\AppData\Roaming\CachemanControlPanel\vcruntime140.dll
file C:\Users\test22\AppData\Roaming\CachemanControlPanel\CachemanControlPanel.exe
file C:\Users\test22\AppData\Roaming\CachemanControlPanel\Qt5Concurrentd.dll
file C:\Users\test22\AppData\Roaming\CachemanControlPanel\libxml3.dll
file C:\Users\test22\AppData\Roaming\CachemanControlPanel\libgraph31.dll
file C:\Users\test22\AppData\Roaming\CachemanControlPanel\vcruntime140.dll
host 172.217.25.14
Bkav W32.AIDetect.malware1
Elastic malicious (high confidence)
FireEye Generic.mg.ae8f9d9b8344d52f
BitDefenderTheta Gen:NN.ZexaF.34678.mx0@a0bWZ@ni
APEX Malicious
Kaspersky UDS:Trojan-Spy.Win32.SpyEyes
Paloalto generic.ml
Rising Trojan.Generic!8.C3 (CLOUD)
Cynet Malicious (score: 100)
Malwarebytes Malware.AI.3389374098
dead_host 45.85.90.225:80