Analysis

Category Started Completed Duration Log
FILE 2023-05-14 14:06:41 2023-05-14 14:09:47 186 seconds Show Log
  • Error: cuckoo1: the guest initialization hit the critical timeout, analysis aborted.

    

MalScore

0.0

Benign

Machine

Name Label Manager Started On Shutdown On
cuckoo1 cuckoo1 VirtualBox 2023-05-14 14:06:41 2023-05-14 14:09:47

File Details

File Name setup.exe
File Size 88184 bytes
File Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 2836cfe571a98335ce48ef2d28d7e3d3
SHA1 8c3cffe606d0ca9fd694ea112be377497f723b3e
SHA256 808743ae12976174d69bef75d4cd1d297211e50d735057f92e3ec94df188199d
SHA512 4096b56044347c36ad14d05c53acb713c0d02ebaad4b150344514ef8d1a74e9a46923fbf396b7bf148b37f1e1c6975be686d8d8d4e88995aa94c0e9fa919b073
CRC32 E16AE63C
Ssdeep 1536:HZ8hgX1PdzaodhYvyyyygPozk9+WZnqxMQP8ZOs0Jp+R1DVNbMQ:HZ8hiVd1YyyyygPoz4X/gBKrxN4Q
ClamAV None matched
Yara None matched

Signatures

No signatures


Screenshots

No screenshots available.

Hosts

No hosts contacted.

DNS

No domains contacted.


Summary

PE Information

Image Base 0x00400000
Entry Point 0x00402a36
Reported Checksum 0x0001d3c7
Actual Checksum 0x0001d3c7
Minimum OS Version 5.1
PDB Path Setup.pdb
Compile Time 2017-08-29 23:30:02
Icon
Icon Exact Hash f7680df773658cc4f19dd65f56b58c16
Icon Similarity Hash f75c8badff767379fec00ae5bb202c24
Exported DLL Name Setup.exe

Version Infos

LegalCopyright \xa9 Microsoft Corporation. All rights reserved.
InternalName Setup.exe
FileVersion 14.7.2114.0 built by: NET47REL1LAST
CompanyName Microsoft Corporation
ProductName Microsoft\xae .NET Framework
ProductVersion 14.7.2114.0
FileDescription Setup Installer
OriginalFilename SetupUI.exe
Translation 0x0409 0x04b0

Sections

Name Virtual Address Virtual Size Size of Raw Data Characteristics Entropy
.text 0x00001000 0x00005d18 0x00005e00 IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ 6.17
.data 0x00007000 0x000019e0 0x00000c00 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 2.48
.idata 0x00009000 0x000005e6 0x00000600 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 5.05
.rsrc 0x0000a000 0x00009d00 0x00009e00 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 5.48
.reloc 0x00014000 0x000007ca 0x00000800 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ 5.40

Overlay

Offset 0x00011a00
Size 0x00003e78

Resources

Name Offset Size Language Sub-language Entropy File type
RT_ICON 0x000116a8 0x000025a8 LANG_ENGLISH SUBLANG_ENGLISH_US 4.83 data
RT_ICON 0x000116a8 0x000025a8 LANG_ENGLISH SUBLANG_ENGLISH_US 4.83 data
RT_ICON 0x000116a8 0x000025a8 LANG_ENGLISH SUBLANG_ENGLISH_US 4.83 data
RT_ICON 0x000116a8 0x000025a8 LANG_ENGLISH SUBLANG_ENGLISH_US 4.83 data
RT_ICON 0x000116a8 0x000025a8 LANG_ENGLISH SUBLANG_ENGLISH_US 4.83 data
RT_ICON 0x000116a8 0x000025a8 LANG_ENGLISH SUBLANG_ENGLISH_US 4.83 data
RT_ICON 0x000116a8 0x000025a8 LANG_ENGLISH SUBLANG_ENGLISH_US 4.83 data
RT_ICON 0x000116a8 0x000025a8 LANG_ENGLISH SUBLANG_ENGLISH_US 4.83 data
RT_ICON 0x000116a8 0x000025a8 LANG_ENGLISH SUBLANG_ENGLISH_US 4.83 data
RT_ICON 0x000116a8 0x000025a8 LANG_ENGLISH SUBLANG_ENGLISH_US 4.83 data
RT_ICON 0x000116a8 0x000025a8 LANG_ENGLISH SUBLANG_ENGLISH_US 4.83 data
RT_ICON 0x000116a8 0x000025a8 LANG_ENGLISH SUBLANG_ENGLISH_US 4.83 data
RT_GROUP_ICON 0x00013c50 0x000000ae LANG_ENGLISH SUBLANG_ENGLISH_US 3.00 MS Windows icon resource - 12 icons, 16x16, 16-colors
RT_VERSION 0x0000a360 0x0000035c LANG_ENGLISH SUBLANG_ENGLISH_US 3.52 data
RT_MANIFEST 0x0000a6c0 0x000006ee LANG_ENGLISH SUBLANG_ENGLISH_US 5.20 XML document text

Imports

Library KERNEL32.dll:
0x409118 HeapSetInformation
0x40911c LoadLibraryW
0x409120 GetProcAddress
0x409124 MultiByteToWideChar
0x409128 LCMapStringW
0x40912c GetCommandLineW
0x409130 GetStartupInfoW
0x409138 GetModuleHandleW
0x40913c ExitProcess
0x409140 WriteFile
0x409144 GetStdHandle
0x409148 GetModuleFileNameW
0x409154 SetHandleCount
0x40915c GetFileType
0x409164 TlsAlloc
0x409168 TlsGetValue
0x40916c TlsSetValue
0x409170 TlsFree
0x409178 SetLastError
0x40917c GetCurrentThreadId
0x409180 GetLastError
0x409188 HeapCreate
0x409190 GetTickCount
0x409194 GetCurrentProcessId
0x40919c TerminateProcess
0x4091a0 GetCurrentProcess
0x4091a8 IsDebuggerPresent
0x4091b4 HeapFree
0x4091b8 Sleep
0x4091bc GetCPInfo
0x4091c0 GetACP
0x4091c4 GetOEMCP
0x4091c8 IsValidCodePage
0x4091cc RtlUnwind
0x4091d0 WideCharToMultiByte
0x4091d4 HeapSize
0x4091d8 HeapAlloc
0x4091dc HeapReAlloc
0x4091e4 GetStringTypeW
Library SetupEngine.dll:
0x4091ec Run

Exports

Ordinal Address Name
1 0x402882 _DecodePointerInternal@4
2 0x402867 _EncodePointerInternal@4
.text
`.data
.idata
@.rsrc
@.reloc
CorExitProcess
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
GetProcessWindowStation
GetUserObjectInformationW
GetLastActivePopup
GetActiveWindow
MessageBoxW
HH:mm:ss
dddd, MMMM dd, yyyy
MM/dd/yy
December
November
October
September
August
April
March
February
January
Saturday
Friday
Thursday
Wednesday
Tuesday
Monday
Sunday
EncodePointer
DecodePointer
Setup.pdb
u7Vh8'@
YQPVh
j h(k@
Fh`u@
Y;=Xu@
35Pp@
Fh=`u@
Rhf\@
SVWUj
Setup.exe
_DecodePointerInternal@4
_EncodePointerInternal@4
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
HeapSetInformation
LoadLibraryW
GetProcAddress
KERNEL32.dll
SetupEngine.dll
GetCommandLineW
GetStartupInfoW
SetUnhandledExceptionFilter
GetModuleHandleW
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameW
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
InitializeCriticalSectionAndSpinCount
GetFileType
DeleteCriticalSection
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
GetLastError
InterlockedDecrement
HeapCreate
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
IsDebuggerPresent
LeaveCriticalSection
EnterCriticalSection
HeapFree
Sleep
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
RtlUnwind
WideCharToMultiByte
HeapSize
HeapAlloc
HeapReAlloc
IsProcessorFeaturePresent
LCMapStringW
MultiByteToWideChar
GetStringTypeW
xwvwg
h&-53,F
jddp[Z#'1~{vH
}~/%D(
kX|cPv\I
wwwwwv
vcb^l
^^^a__c
^a`accc
xlc`^}
ecfxyx
}ca^v
9\;`;
?L?z?
>0?H?
mscoree.dll
runtime error
@Microsoft Visual C++ Runtime Library
<program name unknown>
Program:
KERNEL32.DLL
WUSER32.DLL
HH:mm:ss
dddd, MMMM dd, yyyy
MM/dd/yy
December
November
October
September
August
April
March
February
January
Saturday
Friday
Thursday
Wednesday
Tuesday
Monday
Sunday
kernel32.dll
IDI_SMALL
VS_VERSION_INFO
StringFileInfo
040904b0
CompanyName
Microsoft Corporation
FileDescription
Setup Installer
FileVersion
14.7.2114.0 built by: NET47REL1LAST
InternalName
Setup.exe
LegalCopyright
Microsoft Corporation. All rights reserved.
OriginalFilename
SetupUI.exe
ProductName
.NET Framework
ProductVersion
14.7.2114.0
VarFileInfo
Translation
No antivirus signatures available.

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

No UDP connections recorded.

DNS

No domains contacted.

HTTP Requests

No HTTP requests performed.

SMTP traffic

No SMTP traffic performed.

IRC traffic

No IRC requests performed.

ICMP traffic

No ICMP traffic performed.

CIF Results

No CIF Results

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Suricata HTTP

No Suricata HTTP

Sorry! No dropped Suricata Extracted files.
Sorry! No dropped files.
JSON Report Download

Comments



No comments posted

Processing ( 0.634 seconds )

  • 0.276 VirusTotal
  • 0.188 Static
  • 0.139 peid
  • 0.012 NetworkAnalysis
  • 0.009 AnalysisInfo
  • 0.006 Strings
  • 0.003 TargetInfo
  • 0.001 Debug

Signatures ( 0.022 seconds )

  • 0.005 antiav_detectreg
  • 0.002 persistence_autorun
  • 0.002 antiav_detectfile
  • 0.002 infostealer_ftp
  • 0.001 tinba_behavior
  • 0.001 cerber_behavior
  • 0.001 antianalysis_detectfile
  • 0.001 antianalysis_detectreg
  • 0.001 browser_security
  • 0.001 disables_browser_warn
  • 0.001 infostealer_bitcoin
  • 0.001 infostealer_im
  • 0.001 infostealer_mail
  • 0.001 ransomware_extensions
  • 0.001 ransomware_files

Reporting ( 0.006 seconds )

  • 0.006 JsonDump
Task ID 1725
Mongo ID 646131fd2694ed0cf6a0f9cd
Cuckoo release 1.3-NG