Summary

GenP-v3.6.8.exe

File GenP-v3.6.8.exe

Summary
Download Resubmit sample

Size 1.5MB
Type PE32+ executable (GUI) x86-64, for MS Windows
MD5 43a927f79eab66d778c66f1cc37b786e
SHA1 e7818dd001c37e2cd86a4b9445d932c42e8029dc
SHA256 0a6a100266ef8416e6e02eec5ac64078c14f4c47a9593c2fb1be955b2fff5736
SHA512
a41c5758cb429ff6be1b519dc80dc1b79050e020a97a6bb47c6f4dd500f696b617d97431c44e5b0b8131e373ea7ac6ca52b600564a7618a6d9130be00dc1b6d3
CRC32 AAF8328C
ssdeep None
Yara
  • UPX - (no description)
  • suspicious_packer_section - The packer/protector section names/keywords
  • screenshot - Take screenshot

Score

This file is very suspicious, with a score of 10 out of 10!

Please notice: The scoring system is currently still in development and should be considered an alpha feature.

Autosubmit

6635959

Feedback

Expecting different results? Send us this analysis and we will inspect it. Click here

Information on Execution

Analysis
Category Started Completed Duration Routing Logs
FILE June 26, 2025, 7:49 p.m. June 26, 2025, 7:57 p.m. 480 seconds internet Show Analyzer Log
Show Cuckoo Log

Analyzer Log

2025-06-26 19:48:45,015 [analyzer] DEBUG: Starting analyzer from: C:\tmpdrdvpd
2025-06-26 19:48:45,015 [analyzer] DEBUG: Pipe server name: \??\PIPE\thPpquNafgBQDuFm
2025-06-26 19:48:45,015 [analyzer] DEBUG: Log pipe server name: \??\PIPE\fYLngMBGKTHVOdhOqxhaGPDtPH
2025-06-26 19:48:45,280 [analyzer] DEBUG: Started auxiliary module Curtain
2025-06-26 19:48:45,280 [analyzer] DEBUG: Started auxiliary module DbgView
2025-06-26 19:48:45,750 [analyzer] DEBUG: Started auxiliary module Disguise
2025-06-26 19:48:45,967 [analyzer] DEBUG: Loaded monitor into process with pid 508
2025-06-26 19:48:45,967 [analyzer] DEBUG: Started auxiliary module DumpTLSMasterSecrets
2025-06-26 19:48:45,967 [analyzer] DEBUG: Started auxiliary module Human
2025-06-26 19:48:45,967 [analyzer] DEBUG: Started auxiliary module InstallCertificate
2025-06-26 19:48:45,967 [analyzer] DEBUG: Started auxiliary module Reboot
2025-06-26 19:48:46,078 [analyzer] DEBUG: Started auxiliary module RecentFiles
2025-06-26 19:48:46,078 [analyzer] DEBUG: Started auxiliary module Screenshots
2025-06-26 19:48:46,078 [analyzer] DEBUG: Started auxiliary module Sysmon
2025-06-26 19:48:46,078 [analyzer] DEBUG: Started auxiliary module LoadZer0m0n
2025-06-26 19:48:46,203 [lib.api.process] INFO: Successfully executed process from path u'C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\GenP-v3.6.8.exe' with arguments '' and pid 2584
2025-06-26 19:48:46,453 [analyzer] DEBUG: Loaded monitor into process with pid 2584
2025-06-26 19:48:47,030 [analyzer] INFO: Added new file to list with pid 2584 and path C:\Users\Administrator\AppData\Local\Temp\aut5B30.tmp
2025-06-26 19:48:47,092 [analyzer] INFO: Added new file to list with pid 2584 and path C:\Users\Administrator\AppData\Local\Temp\config.ini
2025-06-26 18:53:54,601 [analyzer] INFO: Analysis timeout hit, terminating analysis.
2025-06-26 18:53:54,851 [lib.api.process] ERROR: Failed to dump memory of 64-bit process with pid 2584.
2025-06-26 18:53:55,553 [analyzer] INFO: Terminating remaining processes before shutdown.
2025-06-26 18:53:55,553 [lib.api.process] INFO: Successfully terminated process with pid 2584.
2025-06-26 18:53:55,569 [analyzer] INFO: Analysis completed.

Cuckoo Log

2025-06-26 19:49:26,104 [cuckoo.core.scheduler] DEBUG: Task #6635953: no machine available yet
2025-06-26 19:49:29,335 [cuckoo.core.scheduler] DEBUG: Task #6635953: no machine available yet
2025-06-26 19:49:30,811 [cuckoo.core.scheduler] DEBUG: Task #6635953: no machine available yet
2025-06-26 19:49:31,989 [cuckoo.core.scheduler] DEBUG: Task #6635953: no machine available yet
2025-06-26 19:49:33,017 [cuckoo.core.scheduler] DEBUG: Task #6635953: no machine available yet
2025-06-26 19:49:34,034 [cuckoo.core.scheduler] DEBUG: Task #6635953: no machine available yet
2025-06-26 19:49:35,058 [cuckoo.core.scheduler] DEBUG: Task #6635953: no machine available yet
2025-06-26 19:49:36,076 [cuckoo.core.scheduler] DEBUG: Task #6635953: no machine available yet
2025-06-26 19:49:37,102 [cuckoo.core.scheduler] DEBUG: Task #6635953: no machine available yet
2025-06-26 19:49:38,351 [cuckoo.core.scheduler] DEBUG: Task #6635953: no machine available yet
2025-06-26 19:49:39,371 [cuckoo.core.scheduler] DEBUG: Task #6635953: no machine available yet
2025-06-26 19:49:40,391 [cuckoo.core.scheduler] DEBUG: Task #6635953: no machine available yet
2025-06-26 19:49:41,407 [cuckoo.core.scheduler] DEBUG: Task #6635953: no machine available yet
2025-06-26 19:49:42,425 [cuckoo.core.scheduler] DEBUG: Task #6635953: no machine available yet
2025-06-26 19:49:43,443 [cuckoo.core.scheduler] DEBUG: Task #6635953: no machine available yet
2025-06-26 19:49:44,464 [cuckoo.core.scheduler] DEBUG: Task #6635953: no machine available yet
2025-06-26 19:49:45,704 [cuckoo.core.scheduler] DEBUG: Task #6635953: no machine available yet
2025-06-26 19:49:46,732 [cuckoo.core.scheduler] DEBUG: Task #6635953: no machine available yet
2025-06-26 19:49:48,053 [cuckoo.core.scheduler] DEBUG: Task #6635953: no machine available yet
2025-06-26 19:49:49,083 [cuckoo.core.scheduler] DEBUG: Task #6635953: no machine available yet
2025-06-26 19:49:50,116 [cuckoo.core.scheduler] DEBUG: Task #6635953: no machine available yet
2025-06-26 19:49:51,149 [cuckoo.core.scheduler] DEBUG: Task #6635953: no machine available yet
2025-06-26 19:49:52,188 [cuckoo.core.scheduler] DEBUG: Task #6635953: no machine available yet
2025-06-26 19:49:53,225 [cuckoo.core.scheduler] DEBUG: Task #6635953: no machine available yet
2025-06-26 19:49:54,263 [cuckoo.core.scheduler] DEBUG: Task #6635953: no machine available yet
2025-06-26 19:49:55,288 [cuckoo.core.scheduler] DEBUG: Task #6635953: no machine available yet
2025-06-26 19:49:56,327 [cuckoo.core.scheduler] DEBUG: Task #6635953: no machine available yet
2025-06-26 19:49:57,371 [cuckoo.core.scheduler] DEBUG: Task #6635953: no machine available yet
2025-06-26 19:49:58,407 [cuckoo.core.scheduler] DEBUG: Task #6635953: no machine available yet
2025-06-26 19:49:59,443 [cuckoo.core.scheduler] DEBUG: Task #6635953: no machine available yet
2025-06-26 19:50:00,475 [cuckoo.core.scheduler] DEBUG: Task #6635953: no machine available yet
2025-06-26 19:50:01,504 [cuckoo.core.scheduler] DEBUG: Task #6635953: no machine available yet
2025-06-26 19:50:02,534 [cuckoo.core.scheduler] DEBUG: Task #6635953: no machine available yet
2025-06-26 19:50:03,566 [cuckoo.core.scheduler] DEBUG: Task #6635953: no machine available yet
2025-06-26 19:50:04,791 [cuckoo.core.scheduler] DEBUG: Task #6635953: no machine available yet
2025-06-26 19:50:06,320 [cuckoo.core.scheduler] DEBUG: Task #6635953: no machine available yet
2025-06-26 19:50:07,447 [cuckoo.core.scheduler] DEBUG: Task #6635953: no machine available yet
2025-06-26 19:50:08,547 [cuckoo.core.scheduler] DEBUG: Task #6635953: no machine available yet
2025-06-26 19:50:09,610 [cuckoo.core.scheduler] DEBUG: Task #6635953: no machine available yet
2025-06-26 19:50:10,688 [cuckoo.core.scheduler] DEBUG: Task #6635953: no machine available yet
2025-06-26 19:50:11,808 [cuckoo.core.scheduler] DEBUG: Task #6635953: no machine available yet
2025-06-26 19:50:12,963 [cuckoo.core.scheduler] DEBUG: Task #6635953: no machine available yet
2025-06-26 19:50:14,041 [cuckoo.core.scheduler] DEBUG: Task #6635953: no machine available yet
2025-06-26 19:50:15,480 [cuckoo.core.scheduler] DEBUG: Task #6635953: no machine available yet
2025-06-26 19:50:17,199 [cuckoo.core.scheduler] DEBUG: Task #6635953: no machine available yet
2025-06-26 19:50:18,636 [cuckoo.core.scheduler] DEBUG: Task #6635953: no machine available yet
2025-06-26 19:50:19,713 [cuckoo.core.scheduler] DEBUG: Task #6635953: no machine available yet
2025-06-26 19:50:20,784 [cuckoo.core.scheduler] DEBUG: Task #6635953: no machine available yet
2025-06-26 19:50:22,007 [cuckoo.core.scheduler] DEBUG: Task #6635953: no machine available yet
2025-06-26 19:50:23,092 [cuckoo.core.scheduler] DEBUG: Task #6635953: no machine available yet
2025-06-26 19:50:24,171 [cuckoo.core.scheduler] DEBUG: Task #6635953: no machine available yet
2025-06-26 19:50:25,279 [cuckoo.core.scheduler] DEBUG: Task #6635953: no machine available yet
2025-06-26 19:50:26,366 [cuckoo.core.scheduler] DEBUG: Task #6635953: no machine available yet
2025-06-26 19:50:27,422 [cuckoo.core.scheduler] DEBUG: Task #6635953: no machine available yet
2025-06-26 19:50:28,469 [cuckoo.core.scheduler] DEBUG: Task #6635953: no machine available yet
2025-06-26 19:50:29,538 [cuckoo.core.scheduler] DEBUG: Task #6635953: no machine available yet
2025-06-26 19:50:30,660 [cuckoo.core.scheduler] DEBUG: Task #6635953: no machine available yet
2025-06-26 19:50:31,868 [cuckoo.core.scheduler] DEBUG: Task #6635953: no machine available yet
2025-06-26 19:50:33,261 [cuckoo.core.scheduler] DEBUG: Task #6635953: no machine available yet
2025-06-26 19:50:34,339 [cuckoo.core.scheduler] DEBUG: Task #6635953: no machine available yet
2025-06-26 19:50:35,421 [cuckoo.core.scheduler] DEBUG: Task #6635953: no machine available yet
2025-06-26 19:50:36,509 [cuckoo.core.scheduler] DEBUG: Task #6635953: no machine available yet
2025-06-26 19:50:37,590 [cuckoo.core.scheduler] DEBUG: Task #6635953: no machine available yet
2025-06-26 19:50:38,660 [cuckoo.core.scheduler] DEBUG: Task #6635953: no machine available yet
2025-06-26 19:50:39,718 [cuckoo.core.scheduler] DEBUG: Task #6635953: no machine available yet
2025-06-26 19:50:40,748 [cuckoo.core.scheduler] DEBUG: Task #6635953: no machine available yet
2025-06-26 19:50:41,769 [cuckoo.core.scheduler] DEBUG: Task #6635953: no machine available yet
2025-06-26 19:50:42,794 [cuckoo.core.scheduler] DEBUG: Task #6635953: no machine available yet
2025-06-26 19:50:43,818 [cuckoo.core.scheduler] DEBUG: Task #6635953: no machine available yet
2025-06-26 19:50:44,853 [cuckoo.core.scheduler] DEBUG: Task #6635953: no machine available yet
2025-06-26 19:50:46,117 [cuckoo.core.scheduler] DEBUG: Task #6635953: no machine available yet
2025-06-26 19:50:47,183 [cuckoo.core.scheduler] DEBUG: Task #6635953: no machine available yet
2025-06-26 19:50:48,232 [cuckoo.core.scheduler] DEBUG: Task #6635953: no machine available yet
2025-06-26 19:50:49,578 [cuckoo.core.scheduler] DEBUG: Task #6635953: no machine available yet
2025-06-26 19:50:50,637 [cuckoo.core.scheduler] DEBUG: Task #6635953: no machine available yet
2025-06-26 19:50:51,682 [cuckoo.core.scheduler] DEBUG: Task #6635953: no machine available yet
2025-06-26 19:50:52,774 [cuckoo.core.scheduler] DEBUG: Task #6635953: no machine available yet
2025-06-26 19:50:53,849 [cuckoo.core.scheduler] INFO: Task #6635953: acquired machine win7x6412 (label=win7x6412)
2025-06-26 19:50:53,849 [cuckoo.core.resultserver] DEBUG: Now tracking machine 192.168.168.212 for task #6635953
2025-06-26 19:50:54,496 [cuckoo.auxiliary.sniffer] INFO: Started sniffer with PID 2837677 (interface=vboxnet0, host=192.168.168.212)
2025-06-26 19:50:57,750 [cuckoo.machinery.virtualbox] DEBUG: Starting vm win7x6412
2025-06-26 19:51:05,329 [cuckoo.machinery.virtualbox] DEBUG: Restoring virtual machine win7x6412 to vmcloak
2025-06-26 19:53:14,114 [cuckoo.core.guest] INFO: Starting analysis #6635953 on guest (id=win7x6412, ip=192.168.168.212)
2025-06-26 19:53:15,197 [cuckoo.core.guest] DEBUG: win7x6412: not ready yet
2025-06-26 19:53:20,587 [cuckoo.core.guest] INFO: Guest is running Cuckoo Agent 0.10 (id=win7x6412, ip=192.168.168.212)
2025-06-26 19:53:22,786 [cuckoo.core.guest] DEBUG: Uploading analyzer to guest (id=win7x6412, ip=192.168.168.212, monitor=latest, size=6660546)
2025-06-26 19:53:24,310 [cuckoo.core.resultserver] DEBUG: Task #6635953: live log analysis.log initialized.
2025-06-26 19:53:25,221 [cuckoo.core.resultserver] DEBUG: Task #6635953 is sending a BSON stream
2025-06-26 19:53:25,699 [cuckoo.core.resultserver] DEBUG: Task #6635953 is sending a BSON stream
2025-06-26 19:53:26,679 [cuckoo.core.resultserver] DEBUG: Task #6635953: File upload for 'files/cd1680b115ee923a_aut5B30.tmp'
2025-06-26 19:53:26,681 [cuckoo.core.resultserver] DEBUG: Task #6635953 uploaded file length: 4154
2025-06-26 19:53:26,682 [cuckoo.core.resultserver] DEBUG: Task #6635953: File upload for 'shots/0001.jpg'
2025-06-26 19:53:26,700 [cuckoo.core.resultserver] DEBUG: Task #6635953 uploaded file length: 133474
2025-06-26 19:53:30,119 [cuckoo.core.resultserver] DEBUG: Task #6635953: File upload for 'shots/0002.jpg'
2025-06-26 19:53:30,162 [cuckoo.core.resultserver] DEBUG: Task #6635953 uploaded file length: 120615
2025-06-26 19:53:39,229 [cuckoo.core.guest] DEBUG: win7x6412: analysis #6635953 still processing
2025-06-26 19:53:54,333 [cuckoo.core.guest] DEBUG: win7x6412: analysis #6635953 still processing
2025-06-26 19:53:54,966 [cuckoo.core.resultserver] DEBUG: Task #6635953: File upload for 'curtain/1750956834.96.curtain.log'
2025-06-26 19:53:54,968 [cuckoo.core.resultserver] DEBUG: Task #6635953 uploaded file length: 36
2025-06-26 19:53:55,275 [cuckoo.core.resultserver] DEBUG: Task #6635953: File upload for 'sysmon/1750956835.1.sysmon.xml'
2025-06-26 19:53:55,690 [cuckoo.core.resultserver] DEBUG: Task #6635953 uploaded file length: 1227700
2025-06-26 19:53:55,699 [cuckoo.core.resultserver] DEBUG: Task #6635953: File upload for 'files/c04d17ccc7c8c0d4_config.ini'
2025-06-26 19:53:55,701 [cuckoo.core.resultserver] DEBUG: Task #6635953 uploaded file length: 11890
2025-06-26 19:53:56,220 [cuckoo.core.resultserver] DEBUG: Task #6635953: File upload for 'shots/0003.jpg'
2025-06-26 19:53:56,229 [cuckoo.core.resultserver] DEBUG: Task #6635953 uploaded file length: 133479
2025-06-26 19:53:56,250 [cuckoo.core.resultserver] DEBUG: Task #6635953 had connection reset for <Context for LOG>
2025-06-26 19:53:57,345 [cuckoo.core.guest] INFO: win7x6412: analysis completed successfully
2025-06-26 19:53:57,363 [cuckoo.core.plugins] DEBUG: Stopped auxiliary module: Redsocks
2025-06-26 19:53:57,396 [cuckoo.core.plugins] DEBUG: Stopped auxiliary module: Sniffer
2025-06-26 19:53:58,855 [cuckoo.machinery.virtualbox] INFO: Successfully generated memory dump for virtual machine with label win7x6412 to path /srv/cuckoo/cwd/storage/analyses/6635953/memory.dmp
2025-06-26 19:53:58,872 [cuckoo.machinery.virtualbox] DEBUG: Stopping vm win7x6412
2025-06-26 19:57:03,719 [cuckoo.core.resultserver] DEBUG: Stopped tracking machine 192.168.168.212 for task #6635953
2025-06-26 19:57:04,277 [cuckoo.core.scheduler] DEBUG: Released database task #6635953
2025-06-26 19:57:04,571 [cuckoo.core.scheduler] INFO: Task #6635953: analysis procedure completed

Signatures

Yara rules detected for file (3 events)
description (no description) rule UPX
description The packer/protector section names/keywords rule suspicious_packer_section
description Take screenshot rule screenshot
Checks if process is being debugged by a debugger (1 event)
Time & API Arguments Status Return Repeated

IsDebuggerPresent

 0 0
Checks whether any human activity is being performed by constantly checking whether the foreground window changed
The binary likely contains encrypted or compressed data indicative of a packer (3 events)
section {u'size_of_data': u'0x00066400', u'virtual_address': u'0x001aa000', u'entropy': 7.939861691401798, u'name': u'UPX1', u'virtual_size': u'0x00067000'} entropy 7.9398616914 description A section with a high entropy has been found
section {u'size_of_data': u'0x0010d400', u'virtual_address': u'0x00211000', u'entropy': 7.730812533918353, u'name': u'.rsrc', u'virtual_size': u'0x0010e000'} entropy 7.73081253392 description A section with a high entropy has been found
entropy 1.0 description Overall entropy of this PE file is high
The executable is compressed using UPX (2 events)
section UPX0 description Section name indicates UPX
section UPX1 description Section name indicates UPX
File has been identified by at least one AntiVirus engine on IRMA as malicious (1 event)
C4S ClamAV (Linux) YARA.UPX.UNOFFICIAL
File has been identified by 13 AntiVirus engines on VirusTotal as malicious (13 events)
Bkav W64.AIDetectMalware
Cylance Unsafe
CrowdStrike win/malicious_confidence_70% (W)
APEX Malicious
McAfeeD ti!0A6A100266EF
Jiangmin HackTool.KMSAuto.aks
Webroot W32.Hacktool.Gen
Antiy-AVL GrayWare/Win32.Wacapew
DeepInstinct MALICIOUS
TrellixENS Artemis!43A927F79EAB
MaxSecure Trojan.Malware.324995110.susgen
Fortinet W32/PossibleThreat
Paloalto generic.ml
Screenshots
Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action VT Location
No hosts contacted.
Cuckoo

We're processing your submission... This could take a few seconds.