Reads data out of its own binary image Show sources
| api_process_name | process: 90bed29242832e3d7380e92e7481a73517b81328.exe, pid: 2940, offset: 0x00000000, length: 0x00062c7c |
| api_process_name | process: 90bed29242832e3d7380e92e7481a73517b81328.exe, pid: 2940, offset: 0x0000c21c, length: 0x00006fef |
| api_process_name | process: 90bed29242832e3d7380e92e7481a73517b81328.exe, pid: 2940, offset: 0x00062c7c, length: 0x00000004 |
| api_process_name | process: 90bed29242832e3d7380e92e7481a73517b81328.exe, pid: 2140, offset: 0x00000000, length: 0x00062c7c |
| api_process_name | process: 90bed29242832e3d7380e92e7481a73517b81328.exe, pid: 2140, offset: 0x0000c21c, length: 0x00006fef |
| api_process_name | process: 90bed29242832e3d7380e92e7481a73517b81328.exe, pid: 2140, offset: 0x00013aa6, length: 0x00037a87 |
| api_process_name | process: 90bed29242832e3d7380e92e7481a73517b81328.exe, pid: 2140, offset: 0x0005d67c, length: 0x00005604 |
Attempts to connect to a dead IP:Port (6 unique times) Show sources
| network_host_ip | 5.9.15.86:443 (Germany) |
| network_host_ip | 184.26.44.105:80 (United States) |
| network_host_ip | 127.0.0.1:49252 |
| network_host_ip | 69.195.158.198:443 (United States) |
| network_host_ip | 72.21.91.29:80 (United States) |
| network_host_ip | 192.241.99.194:80 (Canada) |
Starts servers listening on 127.0.0.1:0
Performs some HTTP requests Show sources
| network_url | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAYN1sHQZ5AbVHX8%2F8KeMTc%3D |
| network_url | http://stp-1014845532.us-east-1.elb.amazonaws.com/p.gif?rs=i&h=&av=&aver=&osver=6.1&ossp=1&err=0&64=1&adm=1&quant=1360569703 |
| network_url | http://crl.globalsign.net/primobject.crl |
A process sent information about the computer to a remote location. Show sources
| api_process_name | 90bed29242832e3d7380e92e7481a73517b81328.exe: data=v40416-innotek GmbH[VirtualBox][user] |
Attempts to block SafeBoot use by removing registry keys Show sources
| registry_delete | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Safeboot\Option |
Collects information to fingerprint the system Show sources
| registry_read | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProductId |
Collects information about installed applications Show sources
| registry_query | Google Update Helper |
| registry_query | Application Verifier x64 External Package |
| registry_query | Windows Software Development Kit DirectX x86 Remote |
| registry_query | WinPcap 4.1.2 |
| registry_query | Adobe Reader 9.5.0 |
| registry_query | Adobe Flash Player 20 ActiveX |
| registry_query | Windows Software Development Kit |
| registry_query | Microsoft Office Groove MUI 2007 |
| registry_query | Microsoft Office Proof 2007 |
| registry_query | Google Chrome |
| registry_query | Windows Software Development Kit DirectX x64 Remote |
| registry_query | Microsoft Office Groove Setup Metadata MUI 2007 |
| registry_query | Python 2.7.10 |
| registry_query | Microsoft Office Shared 64-bit Setup Metadata MUI 2007 |
| registry_query | Kits Configuration Installer |
| registry_query | Microsoft Office Excel MUI 2007 |
| registry_query | Notepad++ |
| registry_query | WPT Redistributables |
| registry_query | Sandboxie 5.12 |
| registry_query | Microsoft Office Word MUI 2007 |
| registry_query | Microsoft Office Access Setup Metadata MUI 2007 |
| registry_query | Microsoft Office OneNote MUI 2007 |
| registry_query | Microsoft Office Access MUI 2007 |
| registry_query | Microsoft Visual C++ 2015 x64 Minimum Runtime - 14.0.23026 |
| registry_query | Oracle VM VirtualBox Guest Additions 5.1.2 |
| registry_query | Windows Software Development Kit Redistributables |
| registry_query | Microsoft Office Office 64-bit Components 2007 |
| registry_query | Universal Extractor 1.6.1 |
| registry_query | Microsoft .NET Framework 4.6.1 |
| registry_query | Microsoft Office Proofing 2007 |
| registry_query | Microsoft .NET Framework 4.5.1 Multi-Targeting Pack |
| registry_query | MSI Development Tools |
| registry_query | Java 8 Update 91 |
| registry_query | Total Commander 64-bit |
| registry_query | Microsoft .NET Framework 4.5.1 SDK |
| registry_query | Windows Software Development Kit for Windows Store Apps DirectX x64 Remote |
| registry_query | Microsoft Visual C++ 2015 x86 Additional Runtime - 14.0.23026 |
| registry_query | Total Commander |
| registry_query | Microsoft Office Shared 64-bit MUI 2007 |
| registry_query | Mozilla Firefox 46.0.1 |
| registry_query | SDK Debuggers |
| registry_query | Microsoft Visual C++ 2015 x86 Minimum Runtime - 14.0.23026 |
| registry_query | MPC-HC 1.7.10 |
| registry_query | 7-Zip 15.14 |
| registry_query | Microsoft Office Enterprise 2007 |
| registry_query | FileAlyzer 2 |
| registry_query | Windows Software Development Kit for Windows Store Apps DirectX x86 Remote |
| registry_query | Windows Software Development Kit for Windows Store Apps |
| registry_query | Microsoft Office Publisher MUI 2007 |
| registry_query | Python 2.7 PIL-1.1.7 |
| registry_query | 2007 Microsoft Office Suite Service Pack 2 |
| registry_query | Windows Software Development Kit for Windows 8.1 |
| registry_query | WPTx64 |
| registry_query | Java Auto Updater |
| registry_query | Microsoft Network Monitor: NetworkMonitor Parsers 3.4 |
| registry_query | Microsoft Office InfoPath MUI 2007 |
| registry_query | Adobe Flash Player 20 NPAPI |
| registry_query | Windows Software Development Kit EULA |
| registry_query | Microsoft Network Monitor 3.4 |
| registry_query | Microsoft Office Shared MUI 2007 |
| registry_query | Microsoft Visual C++ 2015 x64 Additional Runtime - 14.0.23026 |
| registry_query | Microsoft Office PowerPoint MUI 2007 |
| registry_query | Microsoft Office Outlook MUI 2007 |
| registry_query | Microsoft Visual C++ 2015 Redistributable - 14.0.23026 |
| registry_query | Microsoft Office Shared Setup Metadata MUI 2007 |
Attempts to modify proxy settings
Creates RWX memory Show sources
| injection_rwx_memory | 0x00000040, NtAllocateVirtualMemory or VirtualProtectEx |
Checks the system manufacturer, likely for anti-virtualization Show sources
| registry_read | HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer |
Detects VirtualBox through the presence of a registry key Show sources
| registry_query | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Oracle VM VirtualBox Guest Additions |
Tries to unhook or modify Windows functions monitored by Cuckoo Show sources
| function_modify | function_name: LdrLoadDll, type: modification |
Attempts to repeatedly call a single API many times in order to delay analysis time Show sources
| api_process_name | firefox.exe (1200) called API GetSystemTime 1060591 times |
| api_process_name | firefox.exe (1200) called API GetSystemTimeAsFileTime 1467741 times |