Summary
Archive IMG001.scr @ info.zip
Summary
| Size | 3.3MB |
|---|---|
| Type | PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive |
| MD5 | deedb16d8ff1be3ee63020b8c5c5de07 |
| SHA1 | 47e629dbe1b4d29736413cd0ef44ddca5602355d |
| SHA256 | b62a2dda28b4bfcf4e78e10b1e7d7578c6e03732c0f496820c9b0b4d18e3ccaf |
| SHA512 |
882524f2cea84c90ebe2e8a7e6e235ec7f2145f2a378d87fd126955f08bf9c834b442259630cf20efd85314e04a37158bd53263e83407a110c8dbcf31e2428d9
|
| CRC32 | 9A18F5B7 |
| ssdeep | None |
| Yara |
|
Score
This archive is very suspicious, with a score of 9.3 out of 10!
Please notice: The scoring system is currently still in development and should be considered an alpha feature.
Feedback
Expecting different results? Send us this analysis and we will inspect it. Click here
Information on Execution
Analysis
| Category | Started | Completed | Duration | Routing | Logs |
|---|---|---|---|---|---|
| ARCHIVE | Feb. 21, 2026, 7:29 a.m. | Feb. 21, 2026, 7:30 a.m. | 43 seconds | internet |
Show Analyzer Log Show Cuckoo Log |
Analyzer Log
2026-02-21 06:29:22,092 [analyzer] DEBUG: Starting analyzer from: C:\tmpmdfut4 2026-02-21 06:29:22,092 [analyzer] DEBUG: Pipe server name: \??\PIPE\nAlOTIQFmXMNbfjvqOcruCkQ 2026-02-21 06:29:22,092 [analyzer] DEBUG: Log pipe server name: \??\PIPE\VZABoUJUsnCgyrexmrUjOvU 2026-02-21 06:29:22,375 [analyzer] DEBUG: Started auxiliary module Curtain 2026-02-21 06:29:22,375 [analyzer] DEBUG: Started auxiliary module DbgView 2026-02-21 06:29:22,842 [analyzer] DEBUG: Started auxiliary module Disguise 2026-02-21 06:29:23,030 [analyzer] DEBUG: Loaded monitor into process with pid 504 2026-02-21 06:29:23,030 [analyzer] DEBUG: Started auxiliary module DumpTLSMasterSecrets 2026-02-21 06:29:23,030 [analyzer] DEBUG: Started auxiliary module Human 2026-02-21 06:29:23,030 [analyzer] DEBUG: Started auxiliary module InstallCertificate 2026-02-21 06:29:23,046 [analyzer] DEBUG: Started auxiliary module Reboot 2026-02-21 06:29:23,125 [analyzer] DEBUG: Started auxiliary module RecentFiles 2026-02-21 06:29:23,125 [analyzer] DEBUG: Started auxiliary module Screenshots 2026-02-21 06:29:23,140 [analyzer] DEBUG: Started auxiliary module Sysmon 2026-02-21 06:29:23,140 [analyzer] DEBUG: Started auxiliary module LoadZer0m0n 2026-02-21 06:29:23,342 [lib.api.process] INFO: Successfully executed process from path 'C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\IMG001.scr' with arguments '' and pid 1952 2026-02-21 06:29:23,562 [analyzer] DEBUG: Loaded monitor into process with pid 1952 2026-02-21 06:29:24,421 [lib.api.process] ERROR: Failed to dump memory of 32-bit process with pid 1952. 2026-02-21 06:29:25,342 [analyzer] INFO: Process with pid 1952 has terminated 2026-02-21 06:29:25,342 [analyzer] INFO: Process list is empty, terminating analysis. 2026-02-21 06:29:26,578 [analyzer] INFO: Terminating remaining processes before shutdown. 2026-02-21 06:29:26,578 [analyzer] INFO: Analysis completed.
Cuckoo Log
2026-02-21 07:29:23,678 [cuckoo.core.scheduler] INFO: Task #7459326: acquired machine win7x644 (label=win7x644) 2026-02-21 07:29:23,679 [cuckoo.core.resultserver] DEBUG: Now tracking machine 192.168.168.204 for task #7459326 2026-02-21 07:29:23,851 [cuckoo.auxiliary.sniffer] INFO: Started sniffer with PID 264215 (interface=vboxnet0, host=192.168.168.204) 2026-02-21 07:29:23,873 [cuckoo.machinery.virtualbox] DEBUG: Starting vm win7x644 2026-02-21 07:29:24,255 [cuckoo.machinery.virtualbox] DEBUG: Restoring virtual machine win7x644 to vmcloak 2026-02-21 07:29:39,432 [cuckoo.core.guest] INFO: Starting analysis #7459326 on guest (id=win7x644, ip=192.168.168.204) 2026-02-21 07:29:40,439 [cuckoo.core.guest] DEBUG: win7x644: not ready yet 2026-02-21 07:29:45,462 [cuckoo.core.guest] INFO: Guest is running Cuckoo Agent 0.10 (id=win7x644, ip=192.168.168.204) 2026-02-21 07:29:45,601 [cuckoo.core.guest] DEBUG: Uploading analyzer to guest (id=win7x644, ip=192.168.168.204, monitor=latest, size=6660546) 2026-02-21 07:29:47,204 [cuckoo.core.resultserver] DEBUG: Task #7459326: live log analysis.log initialized. 2026-02-21 07:29:48,185 [cuckoo.core.resultserver] DEBUG: Task #7459326 is sending a BSON stream 2026-02-21 07:29:48,685 [cuckoo.core.resultserver] DEBUG: Task #7459326 is sending a BSON stream 2026-02-21 07:29:49,461 [cuckoo.core.resultserver] DEBUG: Task #7459326: File upload for 'shots/0001.jpg' 2026-02-21 07:29:49,495 [cuckoo.core.resultserver] DEBUG: Task #7459326 uploaded file length: 133497 2026-02-21 07:29:49,541 [cuckoo.core.resultserver] DEBUG: Task #7459326: File upload for 'files/e3b0c44298fc1c14_nsaB76E.tmp' 2026-02-21 07:29:49,544 [cuckoo.core.resultserver] DEBUG: Task #7459326 uploaded file length: 0 2026-02-21 07:29:51,683 [cuckoo.core.resultserver] DEBUG: Task #7459326: File upload for 'curtain/1771651766.45.curtain.log' 2026-02-21 07:29:51,719 [cuckoo.core.resultserver] DEBUG: Task #7459326 uploaded file length: 36 2026-02-21 07:29:51,802 [cuckoo.core.resultserver] DEBUG: Task #7459326: File upload for 'sysmon/1771651766.58.sysmon.xml' 2026-02-21 07:29:51,809 [cuckoo.core.resultserver] DEBUG: Task #7459326 uploaded file length: 93898 2026-02-21 07:29:52,618 [cuckoo.core.resultserver] DEBUG: Task #7459326 had connection reset for <Context for LOG> 2026-02-21 07:29:52,771 [cuckoo.core.guest] INFO: win7x644: analysis completed successfully 2026-02-21 07:29:52,802 [cuckoo.core.plugins] DEBUG: Stopped auxiliary module: Redsocks 2026-02-21 07:29:52,833 [cuckoo.core.plugins] DEBUG: Stopped auxiliary module: Sniffer 2026-02-21 07:29:53,486 [cuckoo.machinery.virtualbox] INFO: Successfully generated memory dump for virtual machine with label win7x644 to path /srv/cuckoo/cwd/storage/analyses/7459326/memory.dmp 2026-02-21 07:29:53,487 [cuckoo.machinery.virtualbox] DEBUG: Stopping vm win7x644 2026-02-21 07:30:06,518 [cuckoo.core.resultserver] DEBUG: Stopped tracking machine 192.168.168.204 for task #7459326 2026-02-21 07:30:06,865 [cuckoo.core.scheduler] DEBUG: Released database task #7459326 2026-02-21 07:30:06,883 [cuckoo.core.scheduler] INFO: Task #7459326: analysis procedure completed
Signatures
| description | Escalade priviledges | rule | escalate_priv | ||||||
| description | Take screenshot | rule | screenshot | ||||||
| description | Affect system registries | rule | win_registry | ||||||
| description | Affect system token | rule | win_token | ||||||
| description | Affect private profile | rule | win_private_profile | ||||||
| description | Affect private profile | rule | win_files_operation | ||||||
| section | .ndata |
| section | {u'size_of_data': u'0x0000fc00', u'virtual_address': u'0x00406000', u'entropy': 7.024571488635182, u'name': u'.rsrc', u'virtual_size': u'0x0000fbd8'} | entropy | 7.02457148864 | description | A section with a high entropy has been found | |||||||||
| entropy | 0.688524590164 | description | Overall entropy of this PE file is high | |||||||||||
| G Data Antivirus (Windows) | Virus: Trojan.GenericKD.37723270 (Engine A) |
| Avast Core Security (Linux) | Win32:Miner-EG [Trj] |
| C4S ClamAV (Linux) | Win.Trojan.Coinminer-6622864-0 |
| Trellix (Linux) | W32/CoinMiner.d trojan |
| eScan Antivirus (Linux) | Trojan.GenericKD.37723270(DB) |
| ESET Security (Windows) | multiple detections |
| Sophos Anti-Virus (Linux) | Mal/Miner-BA |
| DrWeb Antivirus (Linux) | Trojan.BtcMine.815 |
| ClamAV (Linux) | Win.Trojan.Coinminer-6622864-0 |
| Bitdefender Antivirus (Linux) | Trojan.GenericKD.37723270 |
| Kaspersky Standard (Windows) | Trojan.NSIS.Agent.pf |
| Emsisoft Commandline Scanner (Windows) | Trojan.GenericKD.37723270 (B) |
Screenshots
| Name | Response | Post-Analysis Lookup |
|---|---|---|
| No hosts contacted. | ||
| IP Address | Status | Action | VT | Location |
|---|---|---|---|---|
| No hosts contacted. | ||||
