popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

exe010.exe

Malicious Library UPX PE File DLL OS Processor Check PE32
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6401 Nov. 20, 2024, 9:14 a.m. Nov. 20, 2024, 9:18 a.m.
Size 92.5KB
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 e4f5c4520d567afd0eb58d190fff70a0
SHA256 e3fccdf6f573f846653b71a54be347616d4b1b92b641a3757d4deb8422abede4
CRC32 3C701F11
ssdeep 1536:hFdkWIXbevApQrS4az0ammrEWjXq+66DFUABABOVLefE/:XGWIkmowz0iEWj6+JB8M/
Yara
  • Malicious_Library_Zero - Malicious_Library
  • IsPE32 - (no description)
  • PE_Header_Zero - PE File Signature
  • UPX_Zero - UPX packed file
  • OS_Processor_Check_Zero - OS Processor Check

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

section .gfcd
section .l1
file C:\Windows\System32\Bfegec32.dll
file C:\Windows\System32\Eagmdpeg.exe
file C:\Windows\System32\Eobcncni.exe
file C:\Windows\System32\Elajlh32.exe
file C:\Windows\System32\Fpfege32.dll
file C:\Windows\System32\Pgljla32.dll
file C:\Windows\System32\Mkmkppjf.dll
file C:\Windows\System32\Dofdbehf.exe
file C:\Windows\System32\Cadggb32.exe
file C:\Windows\System32\Fjjdql32.exe
file C:\Windows\System32\Kjoaeqeb.dll
file C:\Windows\System32\Pfdghfdf.dll
file C:\Windows\System32\Kpanpqdi.dll
file C:\Windows\System32\Cpjqpi32.exe
file C:\Windows\System32\Ibdhjpll.dll
file C:\Windows\System32\Kideqeac.dll
file C:\Windows\System32\Fokfdbfn.exe
file C:\Windows\System32\Cinlnp32.exe
file C:\Windows\System32\Flkmbg32.exe
file C:\Windows\System32\Nakome32.dll
file C:\Windows\System32\Dieboo32.exe
file C:\Windows\System32\Nldggl32.dll
file C:\Windows\System32\Bpldkkfk.dll
file C:\Windows\System32\Lbbfnbim.dll
file C:\Windows\System32\Kknmjjnj.dll
file C:\Windows\System32\Eiqajm32.exe
file C:\Windows\System32\Dlekpj32.exe
file C:\Windows\System32\Fblofmco.exe
section {u'size_of_data': u'0x0000815c', u'virtual_address': u'0x00001000', u'entropy': 7.175412297880062, u'name': u'.text', u'virtual_size': u'0x0000815c'} entropy 7.17541229788 description A section with a high entropy has been found
entropy 0.357377190711 description Overall entropy of this PE file is high
reg_key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger reg_value {79FEACFF-FFCE-815E-A900-316290B5B738}
reg_key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger reg_value {79FEACFF-FFCE-815E-A900-316290B5B738}
reg_key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger reg_value {79FEACFF-FFCE-815E-A900-316290B5B738}
reg_key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger reg_value {79FEACFF-FFCE-815E-A900-316290B5B738}
reg_key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger reg_value {79FEACFF-FFCE-815E-A900-316290B5B738}
reg_key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger reg_value {79FEACFF-FFCE-815E-A900-316290B5B738}
reg_key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger reg_value {79FEACFF-FFCE-815E-A900-316290B5B738}
reg_key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger reg_value {79FEACFF-FFCE-815E-A900-316290B5B738}
reg_key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger reg_value {79FEACFF-FFCE-815E-A900-316290B5B738}
reg_key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger reg_value {79FEACFF-FFCE-815E-A900-316290B5B738}
reg_key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger reg_value {79FEACFF-FFCE-815E-A900-316290B5B738}
reg_key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger reg_value {79FEACFF-FFCE-815E-A900-316290B5B738}
reg_key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger reg_value {79FEACFF-FFCE-815E-A900-316290B5B738}
reg_key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger reg_value {79FEACFF-FFCE-815E-A900-316290B5B738}
description Possibly a polymorphic version of itself file {u'size': 94758, u'yara': [{u'strings': [u'R2V0TW9kdWxlRg=='], u'meta': {u'date': u'2021-03-11', u'description': u'Malicious_Library', u'author': u'r0d'}, u'name': u'Malicious_Library_Zero', u'offsets': {u'o77': [[49246L, 0], [54236L, 0]]}}, {u'strings': [], u'meta': {u'description': u'(no description)'}, u'name': u'IsPE32', u'offsets': {}}, {u'strings': [u'TVo='], u'meta': {u'ini_date': u'2020-06-03', u'description': u'PE File Signature', u'author': u'r0d'}, u'name': u'PE_Header_Zero', u'offsets': {u'signature': [[0L, 0]]}}, {u'strings': [u'QXV0b21h', u'Y2Vzc29y'], u'meta': {u'date': u'2021-05-13', u'update': u'2021-06-22', u'description': u'UPX packed file', u'author': u'r0d'}, u'name': u'UPX_Zero', u'offsets': {u's55': [[64702L, 1], [65636L, 1], [69356L, 1], [84243L, 1], [88607L, 1], [90505L, 1], [90567L, 1]], u's49': [[70930L, 0]]}}, {u'strings': [u'TVo=', u'UHJvY2Vzc29y'], u'meta': {u'ini_date': u'2020-05-27', u'description': u'OS Processor Check', u'author': u'r0d'}, u'name': u'OS_Processor_Check_Zero', u'offsets': {u'h1': [[84240L, 1]], u'mz': [[0L, 0]]}}], u'sha1': u'305479e947c5aa6ca859fa2c7794559089ad7401', u'name': u'd8d31f881deb148f_fjjdql32.exe', u'filepath': u'C:\\Windows\\SysWOW64\\Fjjdql32.exe', u'sha512': u'9fb3369175524fa80d7558ac3a9df2a1e6dfd04ae12abd411973af97004cfc613010f93da86fbe1b0f180ca1a77217844edba8f3bbe3a497c1ea8d965a0ef223', u'urls': [u'http://www.oracle.com/education/oln.', u'http://oracle.com/contracts.'], u'crc32': u'4ADA931E', u'path': u'/home/cuckoo/.cuckoo/storage/analyses/55361/files/d8d31f881deb148f_fjjdql32.exe', u'ssdeep': u'1536:hKhW9LI7r/mUVYPZ71ZjXq+66DFUABABOVLefE/:AhWOv/HYdXj6+JB8M/', u'sha256': u'd8d31f881deb148fdd14de1bb964d9d129479fe4ef44d779e7a3e43a083bb425', u'type': u'PE32 executable (GUI) Intel 80386, for MS Windows', u'pids': [3048], u'md5': u'c49fb0f170f29b2dfcc8b3a012e6e749', u'virustotal': {u'summary': {u'error': u'resource has not been scanned yet'}}}
description Possibly a polymorphic version of itself file {u'size': 94758, u'yara': [{u'strings': [u'R2V0TW9kdWxlRg=='], u'meta': {u'date': u'2021-03-11', u'description': u'Malicious_Library', u'author': u'r0d'}, u'name': u'Malicious_Library_Zero', u'offsets': {u'o77': [[49246L, 0], [54236L, 0]]}}, {u'strings': [], u'meta': {u'description': u'(no description)'}, u'name': u'IsPE32', u'offsets': {}}, {u'strings': [u'TVo='], u'meta': {u'ini_date': u'2020-06-03', u'description': u'PE File Signature', u'author': u'r0d'}, u'name': u'PE_Header_Zero', u'offsets': {u'signature': [[0L, 0]]}}, {u'strings': [u'QXV0b21h', u'Y2Vzc29y'], u'meta': {u'date': u'2021-05-13', u'update': u'2021-06-22', u'description': u'UPX packed file', u'author': u'r0d'}, u'name': u'UPX_Zero', u'offsets': {u's55': [[64702L, 1], [65636L, 1], [69356L, 1], [84243L, 1], [88607L, 1], [90505L, 1], [90567L, 1]], u's49': [[70930L, 0]]}}, {u'strings': [u'TVo=', u'UHJvY2Vzc29y'], u'meta': {u'ini_date': u'2020-05-27', u'description': u'OS Processor Check', u'author': u'r0d'}, u'name': u'OS_Processor_Check_Zero', u'offsets': {u'h1': [[84240L, 1]], u'mz': [[0L, 0]]}}], u'sha1': u'136a9a65c9a21bac8bf554bc69c7442811fd3e22', u'name': u'8e4e808a44beb85d_flkmbg32.exe', u'filepath': u'C:\\Windows\\SysWOW64\\Flkmbg32.exe', u'sha512': u'1fb99fe395deddb8bb18b7ae7aa52b8e59b238412a2671156f0c45c8754d8aabab0d1d7aa0053b75c14f8b407c8d0de50ad8dbc68ffd362045a91ad86373bcef', u'urls': [u'http://www.oracle.com/education/oln.', u'http://oracle.com/contracts.'], u'crc32': u'B9309B0D', u'path': u'/home/cuckoo/.cuckoo/storage/analyses/55361/files/8e4e808a44beb85d_flkmbg32.exe', u'ssdeep': u'1536:hZZ9sFiRpZw4MPem7WgjDxsjXq+66DFUABABOVLefE/:Ps8y427ZDxsj6+JB8M/', u'sha256': u'8e4e808a44beb85df8199df512210f3428ccb1747ed7bdffea184639e95c7b35', u'type': u'PE32 executable (GUI) Intel 80386, for MS Windows', u'pids': [812], u'md5': u'ec041e89f986f19772abcc4dc09ac9fb', u'virustotal': {u'summary': {u'error': u'resource has not been scanned yet'}}}
description Possibly a polymorphic version of itself file {u'size': 94758, u'yara': [{u'strings': [u'R2V0TW9kdWxlRg=='], u'meta': {u'date': u'2021-03-11', u'description': u'Malicious_Library', u'author': u'r0d'}, u'name': u'Malicious_Library_Zero', u'offsets': {u'o77': [[49246L, 0], [54236L, 0]]}}, {u'strings': [], u'meta': {u'description': u'(no description)'}, u'name': u'IsPE32', u'offsets': {}}, {u'strings': [u'TVo='], u'meta': {u'ini_date': u'2020-06-03', u'description': u'PE File Signature', u'author': u'r0d'}, u'name': u'PE_Header_Zero', u'offsets': {u'signature': [[0L, 0]]}}, {u'strings': [u'QXV0b21h', u'Y2Vzc29y'], u'meta': {u'date': u'2021-05-13', u'update': u'2021-06-22', u'description': u'UPX packed file', u'author': u'r0d'}, u'name': u'UPX_Zero', u'offsets': {u's55': [[64702L, 1], [65636L, 1], [69356L, 1], [84243L, 1], [88607L, 1], [90505L, 1], [90567L, 1]], u's49': [[70930L, 0]]}}, {u'strings': [u'TVo=', u'UHJvY2Vzc29y'], u'meta': {u'ini_date': u'2020-05-27', u'description': u'OS Processor Check', u'author': u'r0d'}, u'name': u'OS_Processor_Check_Zero', u'offsets': {u'h1': [[84240L, 1]], u'mz': [[0L, 0], [46298L, 0]]}}], u'sha1': u'848720c5379c554834674b411b73d69a8a3b6c4f', u'name': u'6c20e724d975a929_fblofmco.exe', u'filepath': u'C:\\Windows\\SysWOW64\\Fblofmco.exe', u'sha512': u'5a1ec9e8edcd2940bba821407c31868d936b16c7690c7164052d3be3510bfb592de3508235d930134eef19751f70c1dd972158d25194173cd9336f5a3469d35e', u'urls': [u'http://www.oracle.com/education/oln.', u'http://oracle.com/contracts.'], u'crc32': u'985ED6F4', u'path': u'/home/cuckoo/.cuckoo/storage/analyses/55361/files/6c20e724d975a929_fblofmco.exe', u'ssdeep': u'1536:h59axBQND2ONc/6wbz2I4ZA5B3Hm69WYjXq+66DFUABABOVLefE/:v9VD2OUdSI4yB3m3Yj6+JB8M/', u'sha256': u'6c20e724d975a929c44461663a1b0d1741ce07c47a47da9ad28f0437be07d240', u'type': u'PE32 executable (GUI) Intel 80386, for MS Windows', u'pids': [1484], u'md5': u'020026fe26c712de51a2b48374732ad1', u'virustotal': {u'summary': {u'error': u'resource has not been scanned yet'}}}
description Possibly a polymorphic version of itself file {u'size': 94758, u'yara': [{u'strings': [u'R2V0TW9kdWxlRg=='], u'meta': {u'date': u'2021-03-11', u'description': u'Malicious_Library', u'author': u'r0d'}, u'name': u'Malicious_Library_Zero', u'offsets': {u'o77': [[49246L, 0], [54236L, 0]]}}, {u'strings': [], u'meta': {u'description': u'(no description)'}, u'name': u'IsPE32', u'offsets': {}}, {u'strings': [u'TVo='], u'meta': {u'ini_date': u'2020-06-03', u'description': u'PE File Signature', u'author': u'r0d'}, u'name': u'PE_Header_Zero', u'offsets': {u'signature': [[0L, 0]]}}, {u'strings': [u'QXV0b21h', u'Y2Vzc29y'], u'meta': {u'date': u'2021-05-13', u'update': u'2021-06-22', u'description': u'UPX packed file', u'author': u'r0d'}, u'name': u'UPX_Zero', u'offsets': {u's55': [[64702L, 1], [65636L, 1], [69356L, 1], [84243L, 1], [88607L, 1], [90505L, 1], [90567L, 1]], u's49': [[70930L, 0]]}}, {u'strings': [u'TVo=', u'UHJvY2Vzc29y'], u'meta': {u'ini_date': u'2020-05-27', u'description': u'OS Processor Check', u'author': u'r0d'}, u'name': u'OS_Processor_Check_Zero', u'offsets': {u'h1': [[84240L, 1]], u'mz': [[0L, 0]]}}], u'sha1': u'840aed9cbf2501987b7c8af2e844346bf398bba1', u'name': u'd2c978dc1ece23c0_eagmdpeg.exe', u'filepath': u'C:\\Windows\\SysWOW64\\Eagmdpeg.exe', u'sha512': u'483370645cb6157339b35c48a47aaf6237bef2b1c658a77f6073d738047f5548781b8c3eb8dbb403b364a75b5807b4afb2a149254bf85a9613d393c2b4278af8', u'urls': [u'http://www.oracle.com/education/oln.', u'http://oracle.com/contracts.'], u'crc32': u'F61AE616', u'path': u'/home/cuckoo/.cuckoo/storage/analyses/55361/files/d2c978dc1ece23c0_eagmdpeg.exe', u'ssdeep': u'1536:htEPdEM9hlpbVq7gVgGbDcFCjXq+66DFUABABOVLefE/:XEtpGfGHcFCj6+JB8M/', u'sha256': u'd2c978dc1ece23c0eafeba84b9c2d1fb24cd29eb1d062bc71dbd6bf5419bbe11', u'type': u'PE32 executable (GUI) Intel 80386, for MS Windows', u'pids': [2872], u'md5': u'a79d25ec6838bddfc0b35815bc0a6132', u'virustotal': {u'summary': {u'error': u'resource has not been scanned yet'}}}
description Possibly a polymorphic version of itself file {u'size': 94758, u'yara': [{u'strings': [u'R2V0TW9kdWxlRg=='], u'meta': {u'date': u'2021-03-11', u'description': u'Malicious_Library', u'author': u'r0d'}, u'name': u'Malicious_Library_Zero', u'offsets': {u'o77': [[49246L, 0], [54236L, 0]]}}, {u'strings': [], u'meta': {u'description': u'(no description)'}, u'name': u'IsPE32', u'offsets': {}}, {u'strings': [u'TVo='], u'meta': {u'ini_date': u'2020-06-03', u'description': u'PE File Signature', u'author': u'r0d'}, u'name': u'PE_Header_Zero', u'offsets': {u'signature': [[0L, 0]]}}, {u'strings': [u'QXV0b21h', u'Y2Vzc29y'], u'meta': {u'date': u'2021-05-13', u'update': u'2021-06-22', u'description': u'UPX packed file', u'author': u'r0d'}, u'name': u'UPX_Zero', u'offsets': {u's55': [[64702L, 1], [65636L, 1], [69356L, 1], [84243L, 1], [88607L, 1], [90505L, 1], [90567L, 1]], u's49': [[70930L, 0]]}}, {u'strings': [u'TVo=', u'UHJvY2Vzc29y'], u'meta': {u'ini_date': u'2020-05-27', u'description': u'OS Processor Check', u'author': u'r0d'}, u'name': u'OS_Processor_Check_Zero', u'offsets': {u'h1': [[84240L, 1]], u'mz': [[0L, 0]]}}], u'sha1': u'70f6ad39addc2e3467c20a9b45de08a5f2bc6498', u'name': u'418197c0d9353957_cinlnp32.exe', u'filepath': u'C:\\Windows\\SysWOW64\\Cinlnp32.exe', u'sha512': u'460c11ba91769ecb0613c2608bda28bf1124e0715d413d1bc3f2022ff0e1fd805f348bed2bfc6baf007464d44ab0285f859478f753bcd5a602bbcc1996449450', u'urls': [u'http://www.oracle.com/education/oln.', u'http://oracle.com/contracts.'], u'crc32': u'782B26CD', u'path': u'/home/cuckoo/.cuckoo/storage/analyses/55361/files/418197c0d9353957_cinlnp32.exe', u'ssdeep': u'1536:h17P9TnhbKUzG9vj1NGNC5ExCr4NgjXq+66DFUABABOVLefE/:bP9rtJzG9TGN9y4uj6+JB8M/', u'sha256': u'418197c0d9353957a344d6b71ba59b19bca7af0c68025614ecc37855e8164bc7', u'type': u'PE32 executable (GUI) Intel 80386, for MS Windows', u'pids': [2600], u'md5': u'77d8ab72563786bf55ce05cdc77b4b1e', u'virustotal': {u'summary': {u'error': u'resource has not been scanned yet'}}}
description Possibly a polymorphic version of itself file {u'size': 94758, u'yara': [{u'strings': [u'R2V0TW9kdWxlRg=='], u'meta': {u'date': u'2021-03-11', u'description': u'Malicious_Library', u'author': u'r0d'}, u'name': u'Malicious_Library_Zero', u'offsets': {u'o77': [[49246L, 0], [54236L, 0]]}}, {u'strings': [], u'meta': {u'description': u'(no description)'}, u'name': u'IsPE32', u'offsets': {}}, {u'strings': [u'TVo='], u'meta': {u'ini_date': u'2020-06-03', u'description': u'PE File Signature', u'author': u'r0d'}, u'name': u'PE_Header_Zero', u'offsets': {u'signature': [[0L, 0]]}}, {u'strings': [u'QXV0b21h', u'Y2Vzc29y'], u'meta': {u'date': u'2021-05-13', u'update': u'2021-06-22', u'description': u'UPX packed file', u'author': u'r0d'}, u'name': u'UPX_Zero', u'offsets': {u's55': [[64702L, 1], [65636L, 1], [69356L, 1], [84243L, 1], [88607L, 1], [90505L, 1], [90567L, 1]], u's49': [[70930L, 0]]}}, {u'strings': [u'TVo=', u'UHJvY2Vzc29y'], u'meta': {u'ini_date': u'2020-05-27', u'description': u'OS Processor Check', u'author': u'r0d'}, u'name': u'OS_Processor_Check_Zero', u'offsets': {u'h1': [[84240L, 1]], u'mz': [[0L, 0], [36963L, 0], [42359L, 0]]}}], u'sha1': u'736ba669978b262f86bece3978e27cefd8878209', u'name': u'bbf2eb7238e806d4_dieboo32.exe', u'filepath': u'C:\\Windows\\SysWOW64\\Dieboo32.exe', u'sha512': u'753058c5c97768ed3889fb2e71062d31f7a0e07e860672b6677887bbac48f4823de918d4b74eac1c09407f7017a1af9123a55619251e08fa6aee0866fcc8e46b', u'urls': [u'http://www.oracle.com/education/oln.', u'http://oracle.com/contracts.'], u'crc32': u'795FFDF0', u'path': u'/home/cuckoo/.cuckoo/storage/analyses/55361/files/bbf2eb7238e806d4_dieboo32.exe', u'ssdeep': u'1536:hvBcfwOKpo7EySy/wR938cGTqJPWjXq+66DFUABABOVLefE/:5BC7EpMuh8cGTq9Wj6+JB8M/', u'sha256': u'bbf2eb7238e806d48c9fb1fd832c4e0132bc3cf2d29e2b826846402c8ab5e3ab', u'type': u'PE32 executable (GUI) Intel 80386, for MS Windows', u'pids': [2724], u'md5': u'9c726e92236e995502bb29431c0c5b69', u'virustotal': {u'summary': {u'error': u'resource has not been scanned yet'}}}
description Possibly a polymorphic version of itself file {u'size': 94758, u'yara': [{u'strings': [u'R2V0TW9kdWxlRg=='], u'meta': {u'date': u'2021-03-11', u'description': u'Malicious_Library', u'author': u'r0d'}, u'name': u'Malicious_Library_Zero', u'offsets': {u'o77': [[49246L, 0], [54236L, 0]]}}, {u'strings': [], u'meta': {u'description': u'(no description)'}, u'name': u'IsPE32', u'offsets': {}}, {u'strings': [u'TVo='], u'meta': {u'ini_date': u'2020-06-03', u'description': u'PE File Signature', u'author': u'r0d'}, u'name': u'PE_Header_Zero', u'offsets': {u'signature': [[0L, 0]]}}, {u'strings': [u'QXV0b21h', u'Y2Vzc29y'], u'meta': {u'date': u'2021-05-13', u'update': u'2021-06-22', u'description': u'UPX packed file', u'author': u'r0d'}, u'name': u'UPX_Zero', u'offsets': {u's55': [[64702L, 1], [65636L, 1], [69356L, 1], [84243L, 1], [88607L, 1], [90505L, 1], [90567L, 1]], u's49': [[70930L, 0]]}}, {u'strings': [u'TVo=', u'UHJvY2Vzc29y'], u'meta': {u'ini_date': u'2020-05-27', u'description': u'OS Processor Check', u'author': u'r0d'}, u'name': u'OS_Processor_Check_Zero', u'offsets': {u'h1': [[84240L, 1]], u'mz': [[0L, 0]]}}], u'sha1': u'dd651244f6344d025bfe574b65632651ccb63ce4', u'name': u'81bc8445239c62fb_elajlh32.exe', u'filepath': u'C:\\Windows\\SysWOW64\\Elajlh32.exe', u'sha512': u'6ba23862f52f9fe9fd23698dd44eba1d4634e57b93f5ebc2a84c5abb1e3c6cc38ce3cf5f2d4ed38003d2671d8d7d57cc8a5fb72538e3eb4f957773738487fb99', u'urls': [u'http://www.oracle.com/education/oln.', u'http://oracle.com/contracts.'], u'crc32': u'E7863047', u'path': u'/home/cuckoo/.cuckoo/storage/analyses/55361/files/81bc8445239c62fb_elajlh32.exe', u'ssdeep': u'1536:hUFk4BGQoQkeuvRfyLfz0bwWotljXq+66DFUABABOVLefE/:WFkIyQS5yrQbw9tlj6+JB8M/', u'sha256': u'81bc8445239c62fb3ce8b043811d05ed28a38e2101dc7bca77e8abc7dc702196', u'type': u'PE32 executable (GUI) Intel 80386, for MS Windows', u'pids': [2960], u'md5': u'18d4cd19d7d04c406c5d07fd64d0d259', u'virustotal': {u'summary': {u'error': u'resource has not been scanned yet'}}}
description Possibly a polymorphic version of itself file {u'size': 94758, u'yara': [{u'strings': [u'R2V0TW9kdWxlRg=='], u'meta': {u'date': u'2021-03-11', u'description': u'Malicious_Library', u'author': u'r0d'}, u'name': u'Malicious_Library_Zero', u'offsets': {u'o77': [[49246L, 0], [54236L, 0]]}}, {u'strings': [], u'meta': {u'description': u'(no description)'}, u'name': u'IsPE32', u'offsets': {}}, {u'strings': [u'TVo='], u'meta': {u'ini_date': u'2020-06-03', u'description': u'PE File Signature', u'author': u'r0d'}, u'name': u'PE_Header_Zero', u'offsets': {u'signature': [[0L, 0]]}}, {u'strings': [u'QXV0b21h', u'Y2Vzc29y'], u'meta': {u'date': u'2021-05-13', u'update': u'2021-06-22', u'description': u'UPX packed file', u'author': u'r0d'}, u'name': u'UPX_Zero', u'offsets': {u's55': [[64702L, 1], [65636L, 1], [69356L, 1], [84243L, 1], [88607L, 1], [90505L, 1], [90567L, 1]], u's49': [[70930L, 0]]}}, {u'strings': [u'TVo=', u'UHJvY2Vzc29y'], u'meta': {u'ini_date': u'2020-05-27', u'description': u'OS Processor Check', u'author': u'r0d'}, u'name': u'OS_Processor_Check_Zero', u'offsets': {u'h1': [[84240L, 1]], u'mz': [[0L, 0]]}}], u'sha1': u'99273026ee52a9c3e50c4811c961fd407ae930f4', u'name': u'a6ba77fdc9698109_dlekpj32.exe', u'filepath': u'C:\\Windows\\SysWOW64\\Dlekpj32.exe', u'sha512': u'3289d0c22a86fc92f9ce2cc9432ab901c6c6cbe26b1c9a22f0cef0ae2283b99f5881dd90fcb84a68a15830dbd2c903e2c8687b74d5b9de043e4786bb99ba7ada', u'urls': [u'http://www.oracle.com/education/oln.', u'http://oracle.com/contracts.'], u'crc32': u'43F2ECE0', u'path': u'/home/cuckoo/.cuckoo/storage/analyses/55361/files/a6ba77fdc9698109_dlekpj32.exe', u'ssdeep': u'1536:h5ASw9bDgsvVJKKQX8aJl42seZJYZNSuGSjXq+66DFUABABOVLefE/:Q1dB14G2se7UNaSj6+JB8M/', u'sha256': u'a6ba77fdc9698109bc2ad0ce4e12655e8e755292a1e2fbe4b0473c7b544df79d', u'type': u'PE32 executable (GUI) Intel 80386, for MS Windows', u'pids': [2776], u'md5': u'a4c4587d83027357b60ef2db08cd6883', u'virustotal': {u'summary': {u'error': u'resource has not been scanned yet'}}}
description Possibly a polymorphic version of itself file {u'size': 94758, u'yara': [{u'strings': [u'R2V0TW9kdWxlRg=='], u'meta': {u'date': u'2021-03-11', u'description': u'Malicious_Library', u'author': u'r0d'}, u'name': u'Malicious_Library_Zero', u'offsets': {u'o77': [[49246L, 0], [54236L, 0]]}}, {u'strings': [], u'meta': {u'description': u'(no description)'}, u'name': u'IsPE32', u'offsets': {}}, {u'strings': [u'TVo='], u'meta': {u'ini_date': u'2020-06-03', u'description': u'PE File Signature', u'author': u'r0d'}, u'name': u'PE_Header_Zero', u'offsets': {u'signature': [[0L, 0]]}}, {u'strings': [u'QXV0b21h', u'Y2Vzc29y'], u'meta': {u'date': u'2021-05-13', u'update': u'2021-06-22', u'description': u'UPX packed file', u'author': u'r0d'}, u'name': u'UPX_Zero', u'offsets': {u's55': [[64702L, 1], [65636L, 1], [69356L, 1], [84243L, 1], [88607L, 1], [90505L, 1], [90567L, 1]], u's49': [[70930L, 0]]}}, {u'strings': [u'TVo=', u'UHJvY2Vzc29y'], u'meta': {u'ini_date': u'2020-05-27', u'description': u'OS Processor Check', u'author': u'r0d'}, u'name': u'OS_Processor_Check_Zero', u'offsets': {u'h1': [[84240L, 1]], u'mz': [[0L, 0]]}}], u'sha1': u'c9ad2ac97f3c506b70ca396e65f2281ebcc49845', u'name': u'2a995dc10039289c_cadggb32.exe', u'filepath': u'C:\\Windows\\SysWOW64\\Cadggb32.exe', u'sha512': u'8fa4a31c809a1459736255d46cf57eded2446727bd8627c729418fc2ac3c67b0fee33322d4cf2d1c576db5f3ec14c0732ccd6c74b82110100ebe4caf19df87fc', u'urls': [u'http://www.oracle.com/education/oln.', u'http://oracle.com/contracts.'], u'crc32': u'E391FE46', u'path': u'/home/cuckoo/.cuckoo/storage/analyses/55361/files/2a995dc10039289c_cadggb32.exe', u'ssdeep': u'1536:hiEEUyPxY2Yfqxh1GE/YCgK/zQm7EykCajXq+66DFUABABOVLefE/:3yHY8x/BLT7HkCaj6+JB8M/', u'sha256': u'2a995dc10039289cf31f888327fc310006c7531b9ec402a323d7295f915610a5', u'type': u'PE32 executable (GUI) Intel 80386, for MS Windows', u'pids': [2548], u'md5': u'4cf3c98e50afc65dc63f3198d90f97ad', u'virustotal': {u'summary': {u'error': u'resource has not been scanned yet'}}}
description Possibly a polymorphic version of itself file {u'size': 94758, u'yara': [{u'strings': [u'R2V0TW9kdWxlRg=='], u'meta': {u'date': u'2021-03-11', u'description': u'Malicious_Library', u'author': u'r0d'}, u'name': u'Malicious_Library_Zero', u'offsets': {u'o77': [[49246L, 0], [54236L, 0]]}}, {u'strings': [], u'meta': {u'description': u'(no description)'}, u'name': u'IsPE32', u'offsets': {}}, {u'strings': [u'TVo='], u'meta': {u'ini_date': u'2020-06-03', u'description': u'PE File Signature', u'author': u'r0d'}, u'name': u'PE_Header_Zero', u'offsets': {u'signature': [[0L, 0]]}}, {u'strings': [u'QXV0b21h', u'Y2Vzc29y'], u'meta': {u'date': u'2021-05-13', u'update': u'2021-06-22', u'description': u'UPX packed file', u'author': u'r0d'}, u'name': u'UPX_Zero', u'offsets': {u's55': [[64702L, 1], [65636L, 1], [69356L, 1], [84243L, 1], [88607L, 1], [90505L, 1], [90567L, 1]], u's49': [[70930L, 0]]}}, {u'strings': [u'TVo=', u'UHJvY2Vzc29y'], u'meta': {u'ini_date': u'2020-05-27', u'description': u'OS Processor Check', u'author': u'r0d'}, u'name': u'OS_Processor_Check_Zero', u'offsets': {u'h1': [[84240L, 1]], u'mz': [[0L, 0]]}}], u'sha1': u'824f0e79829ad4b00094a787705bd885bb3eade3', u'name': u'7789943e72f7fb89_fokfdbfn.exe', u'filepath': u'C:\\Windows\\SysWOW64\\Fokfdbfn.exe', u'sha512': u'3f31b6afd15a6b46aafba818bfb2b1646a0714e2a25bd0ae2ac828d41d6d7bb4e1fcd8436368a6f28260b09a6cebfe63df7af63b7fa3a1714c31c80d7f32756d', u'urls': [u'http://www.oracle.com/education/oln.', u'http://oracle.com/contracts.'], u'crc32': u'7EE05A5E', u'path': u'/home/cuckoo/.cuckoo/storage/analyses/55361/files/7789943e72f7fb89_fokfdbfn.exe', u'ssdeep': u'1536:honX6tu/LxddWll7TibIJ2Ysd18ljXq+66DFUABABOVLefE/:Y6tCLfdWT7TO0psd10j6+JB8M/', u'sha256': u'7789943e72f7fb8941ad6c415dabfc4494a2e46256c0201b88d91f9a2a510a99', u'type': u'PE32 executable (GUI) Intel 80386, for MS Windows', u'pids': [1384], u'md5': u'901c5985463a11820f19ab6c7bb4de78', u'virustotal': {u'summary': {u'error': u'resource has not been scanned yet'}}}
description Possibly a polymorphic version of itself file {u'size': 94758, u'yara': [{u'strings': [u'R2V0TW9kdWxlRg=='], u'meta': {u'date': u'2021-03-11', u'description': u'Malicious_Library', u'author': u'r0d'}, u'name': u'Malicious_Library_Zero', u'offsets': {u'o77': [[49246L, 0], [54236L, 0]]}}, {u'strings': [], u'meta': {u'description': u'(no description)'}, u'name': u'IsPE32', u'offsets': {}}, {u'strings': [u'TVo='], u'meta': {u'ini_date': u'2020-06-03', u'description': u'PE File Signature', u'author': u'r0d'}, u'name': u'PE_Header_Zero', u'offsets': {u'signature': [[0L, 0]]}}, {u'strings': [u'QXV0b21h', u'Y2Vzc29y'], u'meta': {u'date': u'2021-05-13', u'update': u'2021-06-22', u'description': u'UPX packed file', u'author': u'r0d'}, u'name': u'UPX_Zero', u'offsets': {u's55': [[64702L, 1], [65636L, 1], [69356L, 1], [84243L, 1], [88607L, 1], [90505L, 1], [90567L, 1]], u's49': [[70930L, 0]]}}, {u'strings': [u'TVo=', u'UHJvY2Vzc29y'], u'meta': {u'ini_date': u'2020-05-27', u'description': u'OS Processor Check', u'author': u'r0d'}, u'name': u'OS_Processor_Check_Zero', u'offsets': {u'h1': [[84240L, 1]], u'mz': [[0L, 0], [7848L, 0], [39245L, 0], [39261L, 0]]}}], u'sha1': u'ebd437bf0dbafb6c0e93e57e087c49a1a3baec62', u'name': u'144b85b3e964971b_cpjqpi32.exe', u'filepath': u'C:\\Windows\\SysWOW64\\Cpjqpi32.exe', u'sha512': u'e084c9176acfc83ea08b54dab21e1dfe40c038eb522bfd2886fef44435b80b2e8c2d658449fd0af4e869ee8a5fbbeaca908f31a1a1e1a43dea30402262120e5c', u'urls': [u'http://www.oracle.com/education/oln.', u'http://oracle.com/contracts.'], u'crc32': u'5EE24B66', u'path': u'/home/cuckoo/.cuckoo/storage/analyses/55361/files/144b85b3e964971b_cpjqpi32.exe', u'ssdeep': u'1536:h24eAMczCnklHMmCNbDDDDDDDq3XejXq+66DFUABABOVLefE/:A8zvHTCNbDDDDDDDq3uj6+JB8M/', u'sha256': u'144b85b3e964971bce37e07fdb4261c5e6bb7aa4a2aac1466947f02f0f1ae5b6', u'type': u'PE32 executable (GUI) Intel 80386, for MS Windows', u'pids': [2668], u'md5': u'89d8c547edcd5959632d03a4cd285b70', u'virustotal': {u'summary': {u'error': u'resource has not been scanned yet'}}}
description Possibly a polymorphic version of itself file {u'size': 94758, u'yara': [{u'strings': [u'R2V0TW9kdWxlRg=='], u'meta': {u'date': u'2021-03-11', u'description': u'Malicious_Library', u'author': u'r0d'}, u'name': u'Malicious_Library_Zero', u'offsets': {u'o77': [[49246L, 0], [54236L, 0]]}}, {u'strings': [], u'meta': {u'description': u'(no description)'}, u'name': u'IsPE32', u'offsets': {}}, {u'strings': [u'TVo='], u'meta': {u'ini_date': u'2020-06-03', u'description': u'PE File Signature', u'author': u'r0d'}, u'name': u'PE_Header_Zero', u'offsets': {u'signature': [[0L, 0]]}}, {u'strings': [u'QXV0b21h', u'Y2Vzc29y'], u'meta': {u'date': u'2021-05-13', u'update': u'2021-06-22', u'description': u'UPX packed file', u'author': u'r0d'}, u'name': u'UPX_Zero', u'offsets': {u's55': [[64702L, 1], [65636L, 1], [69356L, 1], [84243L, 1], [88607L, 1], [90505L, 1], [90567L, 1]], u's49': [[70930L, 0]]}}, {u'strings': [u'TVo=', u'UHJvY2Vzc29y'], u'meta': {u'ini_date': u'2020-05-27', u'description': u'OS Processor Check', u'author': u'r0d'}, u'name': u'OS_Processor_Check_Zero', u'offsets': {u'h1': [[84240L, 1]], u'mz': [[0L, 0]]}}], u'sha1': u'd6762e183bb51c90c527dff76eab1af5de8ab74c', u'name': u'1017c421861d6afa_dofdbehf.exe', u'filepath': u'C:\\Windows\\SysWOW64\\Dofdbehf.exe', u'sha512': u'2175fc48ac4cc391acddb61a4cb1e6615ab009866e2fc5f55bfc29217a617005ae9fe9f1543d62238d7e68c733611630834a5451b438abe7bcc072c0c74c3602', u'urls': [u'http://www.oracle.com/education/oln.', u'http://oracle.com/contracts.'], u'crc32': u'1C89D4DF', u'path': u'/home/cuckoo/.cuckoo/storage/analyses/55361/files/1017c421861d6afa_dofdbehf.exe', u'ssdeep': u'1536:hOb45LR2B7p8UUbPsmCc8qsz+jcuvTmjXq+66DFUABABOVLefE/:wbuLpUbmqqszarmj6+JB8M/', u'sha256': u'1017c421861d6afac29294b31fbb8896e4e9015aa8ee9a9ec34917bd179008c7', u'type': u'PE32 executable (GUI) Intel 80386, for MS Windows', u'pids': [2820], u'md5': u'315e19bafe33e1d3184ebe233e328f70', u'virustotal': {u'summary': {u'error': u'resource has not been scanned yet'}}}
description Possibly a polymorphic version of itself file {u'size': 94758, u'yara': [{u'strings': [u'R2V0TW9kdWxlRg=='], u'meta': {u'date': u'2021-03-11', u'description': u'Malicious_Library', u'author': u'r0d'}, u'name': u'Malicious_Library_Zero', u'offsets': {u'o77': [[49246L, 0], [54236L, 0]]}}, {u'strings': [], u'meta': {u'description': u'(no description)'}, u'name': u'IsPE32', u'offsets': {}}, {u'strings': [u'TVo='], u'meta': {u'ini_date': u'2020-06-03', u'description': u'PE File Signature', u'author': u'r0d'}, u'name': u'PE_Header_Zero', u'offsets': {u'signature': [[0L, 0]]}}, {u'strings': [u'QXV0b21h', u'Y2Vzc29y'], u'meta': {u'date': u'2021-05-13', u'update': u'2021-06-22', u'description': u'UPX packed file', u'author': u'r0d'}, u'name': u'UPX_Zero', u'offsets': {u's55': [[64702L, 1], [65636L, 1], [69356L, 1], [84243L, 1], [88607L, 1], [90505L, 1], [90567L, 1]], u's49': [[70930L, 0]]}}, {u'strings': [u'TVo=', u'UHJvY2Vzc29y'], u'meta': {u'ini_date': u'2020-05-27', u'description': u'OS Processor Check', u'author': u'r0d'}, u'name': u'OS_Processor_Check_Zero', u'offsets': {u'h1': [[84240L, 1]], u'mz': [[0L, 0]]}}], u'sha1': u'65c89b0e81b59f9d9cc11978b68df1c19f2825ff', u'name': u'2475ed0949a03c83_eobcncni.exe', u'filepath': u'C:\\Windows\\SysWOW64\\Eobcncni.exe', u'sha512': u'3299321204c6ed56e374a213bdc06753798b582cac82979ff165e4801d1482bdcff96850a15fc6acb9d3bd7261c08ce1502f192ec838df792d8c057d9261d04a', u'urls': [u'http://www.oracle.com/education/oln.', u'http://oracle.com/contracts.'], u'crc32': u'F7096219', u'path': u'/home/cuckoo/.cuckoo/storage/analyses/55361/files/2475ed0949a03c83_eobcncni.exe', u'ssdeep': u'1536:h4NNYNFxEmJCx9jBU0jCRcma8Fq82jXq+66DFUABABOVLefE/:LxPC7jBU0jCRcmPT2j6+JB8M/', u'sha256': u'2475ed0949a03c83b2e1ef82220efe992cab21330a0d9af4a9a794a387a2a82f', u'type': u'PE32 executable (GUI) Intel 80386, for MS Windows', u'pids': [3004], u'md5': u'11b7c0a7e659e4bb12df687ee4470174', u'virustotal': {u'summary': {u'error': u'resource has not been scanned yet'}}}
description Possibly a polymorphic version of itself file {u'size': 94758, u'yara': [{u'strings': [u'R2V0TW9kdWxlRg=='], u'meta': {u'date': u'2021-03-11', u'description': u'Malicious_Library', u'author': u'r0d'}, u'name': u'Malicious_Library_Zero', u'offsets': {u'o77': [[49246L, 0], [54236L, 0]]}}, {u'strings': [], u'meta': {u'description': u'(no description)'}, u'name': u'IsPE32', u'offsets': {}}, {u'strings': [u'TVo='], u'meta': {u'ini_date': u'2020-06-03', u'description': u'PE File Signature', u'author': u'r0d'}, u'name': u'PE_Header_Zero', u'offsets': {u'signature': [[0L, 0]]}}, {u'strings': [u'QXV0b21h', u'Y2Vzc29y'], u'meta': {u'date': u'2021-05-13', u'update': u'2021-06-22', u'description': u'UPX packed file', u'author': u'r0d'}, u'name': u'UPX_Zero', u'offsets': {u's55': [[64702L, 1], [65636L, 1], [69356L, 1], [84243L, 1], [88607L, 1], [90505L, 1], [90567L, 1]], u's49': [[70930L, 0]]}}, {u'strings': [u'TVo=', u'UHJvY2Vzc29y'], u'meta': {u'ini_date': u'2020-05-27', u'description': u'OS Processor Check', u'author': u'r0d'}, u'name': u'OS_Processor_Check_Zero', u'offsets': {u'h1': [[84240L, 1]], u'mz': [[0L, 0]]}}], u'sha1': u'02977215920369b6576aec189bca99b717caa3fd', u'name': u'73ed6dc154e33469_eiqajm32.exe', u'filepath': u'C:\\Windows\\SysWOW64\\Eiqajm32.exe', u'sha512': u'35aab4802a8c7bda8e8ad6ac69f3c741277ad2c877dab67728fbac6bd2f743a8fc5cade15ffa80a803e113be4338058128bd038a40aae3275612598fe3238337', u'urls': [u'http://www.oracle.com/education/oln.', u'http://oracle.com/contracts.'], u'crc32': u'2C63C75A', u'path': u'/home/cuckoo/.cuckoo/storage/analyses/55361/files/73ed6dc154e33469_eiqajm32.exe', u'ssdeep': u'1536:hvx+XQc8314S3Ry3ZH+4d2+ELKjCkJoNjXq+66DFUABABOVLefE/:YQciJ34d2PLW5CNj6+JB8M/', u'sha256': u'73ed6dc154e33469c39ed39c7e5962ebd9e7b7292bac66530b3fb9d4e111a913', u'type': u'PE32 executable (GUI) Intel 80386, for MS Windows', u'pids': [2916], u'md5': u'8f0b0483ff54439c9cea70d28d138f85', u'virustotal': {u'summary': {u'error': u'resource has not been scanned yet'}}}