Summary

1d6db7ab8659d80594ff8b79f9cd6d20cd3a988e3dd497f18e03ce29c970feae

File 1d6db7ab8659d80594ff8b79f9cd6d20cd3a988e3dd497f18e03ce29c970feae

Summary
Download Resubmit sample

Size 64.0KB
Type PE32+ executable (console) x86-64, for MS Windows
MD5 4876c1c821f79cc366f17395541a55dd
SHA1 807b51e4d8e44d2b89252f7d84c3e7b58ff9129c
SHA256 1d6db7ab8659d80594ff8b79f9cd6d20cd3a988e3dd497f18e03ce29c970feae
SHA512
2c47d8a2d2a4e6b6b0e06a5bf25bc65dd61a749b173ad802fff5a62c6fb6642f2ec4dd2fc622ba43c678619888a3d0711d9d09d2f2b2aa116613bbf56e0255cf
CRC32 33783A63
ssdeep None
PDB Path C:\Users\Utilizador\Desktop\Testingvulnerabilities\x64\Release\Testingvulnerabilities.pdb
Yara
  • anti_dbg - Checks if being debugged
  • win_registry - Affect system registries
  • win_token - Affect system token

Score

This file is very suspicious, with a score of 10 out of 10!

Please notice: The scoring system is currently still in development and should be considered an alpha feature.

Feedback

Expecting different results? Send us this analysis and we will inspect it. Click here

Information on Execution

Analysis
Category Started Completed Duration Routing Logs
FILE July 13, 2025, 7:29 p.m. July 13, 2025, 7:36 p.m. 400 seconds internet Show Analyzer Log
Show Cuckoo Log

Analyzer Log

2025-07-09 03:09:32,046 [analyzer] DEBUG: Starting analyzer from: C:\tmpk4d6bl
2025-07-09 03:09:32,062 [analyzer] DEBUG: Pipe server name: \??\PIPE\buQzBQiXIygnknKaLd
2025-07-09 03:09:32,062 [analyzer] DEBUG: Log pipe server name: \??\PIPE\oQALUwsKoeSpbCcvxAwNBddoaMZ
2025-07-09 03:09:32,390 [analyzer] DEBUG: Started auxiliary module Curtain
2025-07-09 03:09:32,390 [analyzer] DEBUG: Started auxiliary module DbgView
2025-07-09 03:09:32,983 [analyzer] DEBUG: Started auxiliary module Disguise
2025-07-09 03:09:33,217 [analyzer] DEBUG: Loaded monitor into process with pid 512
2025-07-09 03:09:33,217 [analyzer] DEBUG: Started auxiliary module DumpTLSMasterSecrets
2025-07-09 03:09:33,217 [analyzer] DEBUG: Started auxiliary module Human
2025-07-09 03:09:33,217 [analyzer] DEBUG: Started auxiliary module InstallCertificate
2025-07-09 03:09:33,217 [analyzer] DEBUG: Started auxiliary module Reboot
2025-07-09 03:09:33,342 [analyzer] DEBUG: Started auxiliary module RecentFiles
2025-07-09 03:09:33,342 [analyzer] DEBUG: Started auxiliary module Screenshots
2025-07-09 03:09:33,342 [analyzer] DEBUG: Started auxiliary module Sysmon
2025-07-09 03:09:33,342 [analyzer] DEBUG: Started auxiliary module LoadZer0m0n
2025-07-09 03:09:33,483 [lib.api.process] INFO: Successfully executed process from path u'C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\1d6db7ab8659d80594ff8b79f9cd6d20cd3a988e3dd497f18e03ce29c970feae.exe' with arguments '' and pid 2508
2025-07-09 03:09:34,483 [analyzer] INFO: Process with pid 2508 has terminated
2025-07-09 03:09:34,483 [analyzer] INFO: Process list is empty, terminating analysis.
2025-07-09 03:09:35,703 [analyzer] INFO: Terminating remaining processes before shutdown.
2025-07-09 03:09:35,703 [analyzer] INFO: Analysis completed.

Cuckoo Log

2025-07-13 19:29:26,983 [cuckoo.core.scheduler] INFO: Task #6700404: acquired machine win7x6422 (label=win7x6422)
2025-07-13 19:29:26,988 [cuckoo.core.resultserver] DEBUG: Now tracking machine 192.168.168.222 for task #6700404
2025-07-13 19:29:27,410 [cuckoo.auxiliary.sniffer] INFO: Started sniffer with PID 33632 (interface=vboxnet0, host=192.168.168.222)
2025-07-13 19:29:27,538 [cuckoo.machinery.virtualbox] DEBUG: Starting vm win7x6422
2025-07-13 19:29:28,416 [cuckoo.machinery.virtualbox] DEBUG: Restoring virtual machine win7x6422 to vmcloak
2025-07-13 19:32:55,578 [cuckoo.core.guest] INFO: Starting analysis #6700404 on guest (id=win7x6422, ip=192.168.168.222)
2025-07-13 19:32:56,584 [cuckoo.core.guest] DEBUG: win7x6422: not ready yet
2025-07-13 19:33:01,617 [cuckoo.core.guest] INFO: Guest is running Cuckoo Agent 0.10 (id=win7x6422, ip=192.168.168.222)
2025-07-13 19:33:01,690 [cuckoo.core.guest] DEBUG: Uploading analyzer to guest (id=win7x6422, ip=192.168.168.222, monitor=latest, size=6660546)
2025-07-13 19:33:03,308 [cuckoo.core.resultserver] DEBUG: Task #6700404: live log analysis.log initialized.
2025-07-13 19:33:04,468 [cuckoo.core.resultserver] DEBUG: Task #6700404 is sending a BSON stream
2025-07-13 19:33:05,780 [cuckoo.core.resultserver] DEBUG: Task #6700404: File upload for 'shots/0001.jpg'
2025-07-13 19:33:05,805 [cuckoo.core.resultserver] DEBUG: Task #6700404 uploaded file length: 133429
2025-07-13 19:33:07,000 [cuckoo.core.resultserver] DEBUG: Task #6700404: File upload for 'curtain/1752023375.58.curtain.log'
2025-07-13 19:33:07,005 [cuckoo.core.resultserver] DEBUG: Task #6700404 uploaded file length: 36
2025-07-13 19:33:07,023 [cuckoo.core.resultserver] DEBUG: Task #6700404: File upload for 'sysmon/1752023375.7.sysmon.xml'
2025-07-13 19:33:07,051 [cuckoo.core.resultserver] DEBUG: Task #6700404 uploaded file length: 423154
2025-07-13 19:33:07,875 [cuckoo.core.resultserver] DEBUG: Task #6700404 had connection reset for <Context for LOG>
2025-07-13 19:33:08,708 [cuckoo.core.guest] INFO: win7x6422: analysis completed successfully
2025-07-13 19:33:08,719 [cuckoo.core.plugins] DEBUG: Stopped auxiliary module: Redsocks
2025-07-13 19:33:08,749 [cuckoo.core.plugins] DEBUG: Stopped auxiliary module: Sniffer
2025-07-13 19:33:09,950 [cuckoo.machinery.virtualbox] INFO: Successfully generated memory dump for virtual machine with label win7x6422 to path /srv/cuckoo/cwd/storage/analyses/6700404/memory.dmp
2025-07-13 19:33:09,952 [cuckoo.machinery.virtualbox] DEBUG: Stopping vm win7x6422
2025-07-13 19:36:06,384 [cuckoo.core.resultserver] DEBUG: Stopped tracking machine 192.168.168.222 for task #6700404
2025-07-13 19:36:07,149 [cuckoo.core.scheduler] DEBUG: Released database task #6700404
2025-07-13 19:36:07,163 [cuckoo.core.scheduler] INFO: Task #6700404: analysis procedure completed

Signatures

Yara rules detected for file (3 events)
description Checks if being debugged rule anti_dbg
description Affect system registries rule win_registry
description Affect system token rule win_token
This executable has a PDB path (1 event)
pdb_path C:\Users\Utilizador\Desktop\Testingvulnerabilities\x64\Release\Testingvulnerabilities.pdb
File has been identified by 12 AntiVirus engine on IRMA as malicious (12 events)
G Data Antivirus (Windows) Virus: Gen:Variant.Tedy.776330 (Engine A)
Avast Core Security (Linux) Win64:MalwareX-gen [Misc]
C4S ClamAV (Linux) Win.Malware.Tedy-10043980-0
Trellix (Linux) Trojan-FXND
WithSecure (Linux) Trojan.TR/Agent.eotxz
eScan Antivirus (Linux) Gen:Variant.Tedy.776330(DB)
ESET Security (Windows) a variant of Win32/Agent.AHGE trojan
Sophos Anti-Virus (Linux) Mal/Generic-S
ClamAV (Linux) Win.Malware.Tedy-10043980-0
Bitdefender Antivirus (Linux) Gen:Variant.Tedy.776330
Kaspersky Standard (Windows) HEUR:Trojan.Win64.Agent.gen
Emsisoft Commandline Scanner (Windows) Gen:Variant.Tedy.776330 (B)
File has been identified by 45 AntiVirus engines on VirusTotal as malicious (45 events)
Bkav W64.AIDetectMalware
Skyhigh BehavesLike.Win64.Dropper.kh
ALYac Gen:Variant.Tedy.776330
Cylance Unsafe
VIPRE Gen:Variant.Tedy.776330
CrowdStrike win/malicious_confidence_90% (D)
BitDefender Gen:Variant.Tedy.776330
K7GW Trojan ( 005c3a401 )
K7AntiVirus Trojan ( 005c3a401 )
Arcabit Trojan.Tedy.DBD88A
Symantec ML.Attribute.HighConfidence
Elastic malicious (high confidence)
ESET-NOD32 a variant of Win32/Agent.AHGE
APEX Malicious
Avast Win64:MalwareX-gen [Misc]
ClamAV Win.Malware.Tedy-10043980-0
Kaspersky HEUR:Trojan.Win64.Agent.gen
MicroWorld-eScan Gen:Variant.Tedy.776330
Rising Trojan.Agent!1.12DA1 (CLASSIC)
Emsisoft Gen:Variant.Tedy.776330 (B)
F-Secure Trojan.TR/Agent.eotxz
Zillya Trojan.Agent.Win32.4202014
McAfeeD ti!1D6DB7AB8659
CTX exe.unknown.tedy
Jiangmin Trojan.Agent.fcjr
Google Detected
Avira TR/Agent.eotxz
Antiy-AVL GrayWare/Win32.Wacapew
Gridinsoft Trojan.Win64.Agent.oa!s1
Microsoft Trojan:Win64/Tedy.PGT!MTB
GData Gen:Variant.Tedy.776330
Varist W64/Trojan3.ASKK
AhnLab-V3 Trojan/Win.Generic.R700341
VBA32 Trojan.Win64.Agent
DeepInstinct MALICIOUS
Malwarebytes Malware.AI.2854345165
Ikarus Trojan.Win64.Clipbanker
Panda Trj/GdSda.A
TrendMicro-HouseCall Trojan.Win32.VSX.PE04C9f
Tencent Trojan.Win64.Agent.16001895
Yandex Trojan.Agent!/6g+GVQH30Y
TrellixENS Trojan-FXND!4876C1C821F7
MaxSecure Trojan.Malware.121218.susgen
Fortinet W64/Agent.AHGE!tr
AVG Win64:MalwareX-gen [Misc]
Screenshots
Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action VT Location
No hosts contacted.
Cuckoo

We're processing your submission... This could take a few seconds.