Summary

1e25a4965caf164b75dc3a87d4af5263.zip

File 1e25a4965caf164b75dc3a87d4af5263.zip

Summary
Download Resubmit sample

Size 1.7MB
Type Zip archive data, at least v2.0 to extract, compression method=deflate
MD5 1e25a4965caf164b75dc3a87d4af5263
SHA1 0780bad40e0e3b3a62b06f383c16dd8067149944
SHA256 f594ea033d7dc13767f22e65111c6df450ac3ac14cae53d76a02bcf0e21ec9eb
SHA512
a4b3b5a6c7fb267ddff28271778847396522d485e89ebeb389ad770c38bcb8cf81f82904aa5ef1da946d1f1663e45f03a74cc3b1f566545a6d5d6e92516a7b69
CRC32 D029A185
ssdeep None
Yara None matched

Score

This file is very suspicious, with a score of 10 out of 10!

Please notice: The scoring system is currently still in development and should be considered an alpha feature.

Feedback

Expecting different results? Send us this analysis and we will inspect it. Click here

Information on Execution

Analysis
Category Started Completed Duration Routing Logs
FILE Dec. 15, 2024, 5:52 p.m. Dec. 15, 2024, 5:53 p.m. 33 seconds internet Show Analyzer Log
Show Cuckoo Log

Analyzer Log

2024-12-15 16:52:39,015 [analyzer] DEBUG: Starting analyzer from: C:\tmpt1gcja
2024-12-15 16:52:39,015 [analyzer] DEBUG: Pipe server name: \??\PIPE\YLQgAgteNEdPnaokuAhZPsiECJkGiWm
2024-12-15 16:52:39,015 [analyzer] DEBUG: Log pipe server name: \??\PIPE\TgnjRccKhYyWcKuYNngWBUJZCoJd
2024-12-15 16:52:39,280 [analyzer] DEBUG: Started auxiliary module Curtain
2024-12-15 16:52:39,280 [analyzer] DEBUG: Started auxiliary module DbgView
2024-12-15 16:52:39,687 [analyzer] DEBUG: Started auxiliary module Disguise
2024-12-15 16:52:39,890 [analyzer] DEBUG: Loaded monitor into process with pid 508
2024-12-15 16:52:39,890 [analyzer] DEBUG: Started auxiliary module DumpTLSMasterSecrets
2024-12-15 16:52:39,890 [analyzer] DEBUG: Started auxiliary module Human
2024-12-15 16:52:39,890 [analyzer] DEBUG: Started auxiliary module InstallCertificate
2024-12-15 16:52:39,905 [analyzer] DEBUG: Started auxiliary module Reboot
2024-12-15 16:52:40,000 [analyzer] DEBUG: Started auxiliary module RecentFiles
2024-12-15 16:52:40,000 [analyzer] DEBUG: Started auxiliary module Screenshots
2024-12-15 16:52:40,000 [analyzer] DEBUG: Started auxiliary module Sysmon
2024-12-15 16:52:40,000 [analyzer] DEBUG: Started auxiliary module LoadZer0m0n

Cuckoo Log

2024-12-15 17:52:44,595 [cuckoo.core.scheduler] INFO: Task #5661939: acquired machine win7x642 (label=win7x642)
2024-12-15 17:52:44,596 [cuckoo.core.resultserver] DEBUG: Now tracking machine 192.168.168.202 for task #5661939
2024-12-15 17:52:44,817 [cuckoo.auxiliary.sniffer] INFO: Started sniffer with PID 189061 (interface=vboxnet0, host=192.168.168.202)
2024-12-15 17:52:44,829 [androguard.apk] WARNING: Missing AndroidManifest.xml. Is this an APK file?
2024-12-15 17:52:44,859 [cuckoo.machinery.virtualbox] DEBUG: Starting vm win7x642
2024-12-15 17:52:45,297 [cuckoo.machinery.virtualbox] DEBUG: Restoring virtual machine win7x642 to vmcloak
2024-12-15 17:52:59,219 [cuckoo.core.guest] INFO: Starting analysis #5661939 on guest (id=win7x642, ip=192.168.168.202)
2024-12-15 17:53:00,224 [cuckoo.core.guest] DEBUG: win7x642: not ready yet
2024-12-15 17:53:05,255 [cuckoo.core.guest] INFO: Guest is running Cuckoo Agent 0.10 (id=win7x642, ip=192.168.168.202)
2024-12-15 17:53:05,335 [cuckoo.core.guest] DEBUG: Uploading analyzer to guest (id=win7x642, ip=192.168.168.202, monitor=latest, size=6660546)
2024-12-15 17:53:06,892 [cuckoo.core.resultserver] DEBUG: Task #5661939: live log analysis.log initialized.
2024-12-15 17:53:07,730 [cuckoo.core.resultserver] DEBUG: Task #5661939 is sending a BSON stream
2024-12-15 17:53:09,035 [cuckoo.core.resultserver] DEBUG: Task #5661939: File upload for 'shots/0001.jpg'
2024-12-15 17:53:09,055 [cuckoo.core.resultserver] DEBUG: Task #5661939 uploaded file length: 133615
2024-12-15 17:53:09,469 [cuckoo.core.guest] WARNING: win7x642: analysis #5661939 caught an exception
Traceback (most recent call last):
  File "C:/tmpt1gcja/analyzer.py", line 824, in <module>
    success = analyzer.run()
  File "C:/tmpt1gcja/analyzer.py", line 673, in run
    pids = self.package.start(self.target)
  File "C:\tmpt1gcja\modules\packages\zip.py", line 154, in start
    log.debug("Missing file option, auto executing: {0}".format(file_name))
UnicodeEncodeError: 'ascii' codec can't encode characters in position 0-8: ordinal not in range(128)

2024-12-15 17:53:09,481 [cuckoo.core.plugins] DEBUG: Stopped auxiliary module: Redsocks
2024-12-15 17:53:09,518 [cuckoo.core.plugins] DEBUG: Stopped auxiliary module: Sniffer
2024-12-15 17:53:10,038 [cuckoo.machinery.virtualbox] INFO: Successfully generated memory dump for virtual machine with label win7x642 to path /srv/cuckoo/cwd/storage/analyses/5661939/memory.dmp
2024-12-15 17:53:10,041 [cuckoo.machinery.virtualbox] DEBUG: Stopping vm win7x642
2024-12-15 17:53:17,282 [cuckoo.core.resultserver] DEBUG: Stopped tracking machine 192.168.168.202 for task #5661939
2024-12-15 17:53:17,283 [cuckoo.core.resultserver] DEBUG: Cancel <Context for LOG> for task 5661939
2024-12-15 17:53:17,581 [cuckoo.core.scheduler] DEBUG: Released database task #5661939
2024-12-15 17:53:17,647 [cuckoo.core.scheduler] INFO: Task #5661939: analysis procedure completed

Signatures

File has been identified by 3 AntiVirus engine on IRMA as malicious (3 events)
Avast Core Security (Linux) Win32:MalwareX-gen [Trj]
C4S ClamAV (Linux) C4S.MALWARE.ATTACH.372.UNOFFICIAL
Windows Defender (Windows) Trojan:Script/Conteban.A!ml
File has been identified by 28 AntiVirus engines on VirusTotal as malicious (28 events)
Lionic Riskware.Win32.PornTool.1!c
Elastic malicious (moderate confidence)
CAT-QuickHeal Trojan.Ghanarava.173356166547e54d
Skyhigh GenericRXAA-AA!7403E682CF5F
Malwarebytes Malware.AI.2080030669
K7AntiVirus Unwanted-Program ( 005769b11 )
K7GW Unwanted-Program ( 005769b11 )
Symantec Trojan.Gen.MBT
ESET-NOD32 a variant of Win32/PornTool.Url8.B potentially unsafe
TrendMicro-HouseCall PUA.Win32.PornTool.B
Avast Win32:MalwareX-gen [Trj]
Kaspersky not-a-virus:HEUR:Porn-Tool.Win32.Agent.gen
Rising PUF.Sex8!1.6AA1 (CLASSIC)
TrendMicro PUA.Win32.PornTool.B
Sophos Generic Reputation PUA (PUA)
Jiangmin Trojan.Generic.gwtke
Webroot W32.Malware.Gen
Google Detected
Antiy-AVL GrayWare[Porn-Tool]/Win32.Url8
Gridinsoft Trojan.Win32.Agent.oa!s1
GData Archive.Trojan.Agent.KOQ017
Varist W32/ABRisk.WMTC-1120
AhnLab-V3 PUP/Win32.101Alemi.R71034
McAfee GenericRXAA-AA!7403E682CF5F
Ikarus Trojan.Win32.Agent
Yandex Trojan.Igent.b1RBIW.2
Fortinet Riskware/PornTool_Url8
AVG Win32:MalwareX-gen [Trj]
Screenshots
Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action VT Location
No hosts contacted.
Cuckoo

We're processing your submission... This could take a few seconds.