Cuckoo Sandbox

File 0a7d4c082deff16b2224d1298d590bb1.vir

Summary
Download Resubmit sample Download yara

Size	576.0KB
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`0a7d4c082deff16b2224d1298d590bb1`
SHA1	`48595aa0daa70de66c9d6c6cd961e8c4670ae8cb`
SHA256	`fa737b0916f89f37792b614639ed9d9d1d9d9804e9cfb4025d049cd8130b9b78`
SHA512	`406015c87083f9b018424824402e1e5d21e02ab487ee3e534a5f28e480188e0e5aa1cc6d9bf2ef7212fce4ccd322f5f4a45cb5243464740476bf4f417d728f2f`
CRC32	`2DD0A760`
ssdeep	`None`
Yara	UPX - (no description) suspicious_packer_section - The packer/protector section names/keywords win_registry - Affect system registries

Score

This file is very suspicious, with a score of 10 out of 10!

Please notice: The scoring system is currently still in development and should be considered an alpha feature.

Autosubmit

6824474

6824475

Feedback

Expecting different results? Send us this analysis and we will inspect it. Click here

Information on Execution

Analysis

Category	Started	Completed	Duration	Routing	Logs
FILE	Aug. 8, 2025, 6:56 a.m.	Aug. 8, 2025, 6:57 a.m.	62 seconds	internet	Show Analyzer Log Show Cuckoo Log

Analyzer Log

2025-08-08 06:56:15,046 [analyzer] DEBUG: Starting analyzer from: C:\tmpl4240h
2025-08-08 06:56:15,046 [analyzer] DEBUG: Pipe server name: \??\PIPE\TfgVkKBzlkOEYFgwWivNoBzBdVvfm
2025-08-08 06:56:15,046 [analyzer] DEBUG: Log pipe server name: \??\PIPE\MgUDbGIsdQjGKfXRGSWv
2025-08-08 06:56:15,483 [analyzer] DEBUG: Started auxiliary module Curtain
2025-08-08 06:56:15,483 [analyzer] DEBUG: Started auxiliary module DbgView
2025-08-08 06:56:15,937 [analyzer] DEBUG: Started auxiliary module Disguise
2025-08-08 06:56:16,140 [analyzer] DEBUG: Loaded monitor into process with pid 508
2025-08-08 06:56:16,140 [analyzer] DEBUG: Started auxiliary module DumpTLSMasterSecrets
2025-08-08 06:56:16,140 [analyzer] DEBUG: Started auxiliary module Human
2025-08-08 06:56:16,140 [analyzer] DEBUG: Started auxiliary module InstallCertificate
2025-08-08 06:56:16,155 [analyzer] DEBUG: Started auxiliary module Reboot
2025-08-08 06:56:16,217 [analyzer] DEBUG: Started auxiliary module RecentFiles
2025-08-08 06:56:16,217 [analyzer] DEBUG: Started auxiliary module Screenshots
2025-08-08 06:56:16,217 [analyzer] DEBUG: Started auxiliary module Sysmon
2025-08-08 06:56:16,217 [analyzer] DEBUG: Started auxiliary module LoadZer0m0n
2025-08-08 06:56:16,358 [lib.api.process] INFO: Successfully executed process from path u'C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\0a7d4c082deff16b2224d1298d590bb1.vir' with arguments '' and pid 2568
2025-08-08 06:56:16,546 [analyzer] DEBUG: Loaded monitor into process with pid 2568
2025-08-08 06:56:16,905 [analyzer] INFO: Added new file to list with pid 2568 and path C:\Windows\mssrv.exe
2025-08-08 06:56:16,967 [analyzer] INFO: Added new file to list with pid 2568 and path C:\Program Files\Common Files\Microsoft Shared\indian nude horse [bangbus] .rar.exe
2025-08-08 06:56:17,233 [analyzer] INFO: Added new file to list with pid 2568 and path C:\Program Files\DVD Maker\Shared\blowjob uncut cock black hairunshaved .rar.exe
2025-08-08 06:56:17,640 [analyzer] INFO: Added new file to list with pid 2568 and path C:\Program Files\Microsoft Office\Templates\beast licking  (Curtney).mpeg.exe
2025-08-08 06:56:17,655 [analyzer] INFO: Added new file to list with pid 2568 and path C:\Program Files\Microsoft Office\Templates\1033\ONENOTE\14\Notebook Templates\hardcore licking swallow .mpeg.exe
2025-08-08 06:56:17,765 [analyzer] INFO: Added new file to list with pid 2568 and path C:\Program Files\Windows Journal\Templates\danish porn xxx licking  (Curtney).mpeg.exe
2025-08-08 06:56:17,875 [analyzer] INFO: Added new file to list with pid 2568 and path C:\Program Files\Windows Sidebar\Shared Gadgets\indian handjob fucking masturbation feet black hairunshaved .rar.exe
2025-08-08 06:56:17,983 [analyzer] INFO: Added new file to list with pid 2568 and path C:\Program Files (x86)\Common Files\microsoft shared\beast public ejaculation .mpeg.exe
2025-08-08 06:56:18,296 [analyzer] INFO: Added new file to list with pid 2568 and path C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\sperm catfight 50+ .mpeg.exe
2025-08-08 06:56:18,390 [analyzer] INFO: Added new file to list with pid 2568 and path C:\ProgramData\Microsoft\Network\Downloader\hardcore hidden pregnant .zip.exe
2025-08-08 06:56:18,437 [analyzer] INFO: Added new file to list with pid 2568 and path C:\ProgramData\Microsoft\RAC\Temp\danish gang bang sperm voyeur titts ash .zip.exe
2025-08-08 06:56:18,467 [analyzer] INFO: Added new file to list with pid 2568 and path C:\ProgramData\Microsoft\Search\Data\Temp\swedish cum sperm full movie latex .zip.exe
2025-08-08 06:56:18,530 [analyzer] INFO: Added new file to list with pid 2568 and path C:\ProgramData\Microsoft\Windows\Templates\japanese animal hardcore [milf] hole .mpg.exe
2025-08-08 06:56:18,687 [analyzer] INFO: Added new file to list with pid 2568 and path C:\ProgramData\Microsoft\Windows\Templates\blowjob big gorgeoushorny .mpeg.exe
2025-08-08 06:56:19,562 [analyzer] INFO: Added new file to list with pid 2568 and path C:\tmpl4240h\black action blowjob uncut swallow  (Ashley,Tatjana).mpg.exe
2025-08-08 06:56:19,796 [analyzer] INFO: Added new file to list with pid 2568 and path C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\tyrkish beastiality fucking [free] glans .zip.exe
2025-08-08 06:56:19,921 [analyzer] INFO: Added new file to list with pid 2568 and path C:\Users\Administrator\AppData\Local\Temp\hardcore uncut cock .zip.exe
2025-08-08 06:56:19,937 [analyzer] INFO: Added new file to list with pid 2568 and path C:\Users\Administrator\AppData\Local\Temp\mozilla-temp-files\lingerie girls bedroom .rar.exe
2025-08-08 06:56:19,953 [analyzer] INFO: Added new file to list with pid 2568 and path C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\italian action beast [milf] hole .mpeg.exe
2025-08-08 06:56:20,125 [analyzer] INFO: Injected into process with pid 2464 and name u'rundll32.exe'
2025-08-08 06:56:20,171 [analyzer] INFO: Added new file to list with pid 2568 and path C:\Users\Administrator\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\horse masturbation glans 40+ .mpg.exe
2025-08-08 06:56:20,217 [analyzer] INFO: Added new file to list with pid 2568 and path C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\IEDownloadHistory\american action lingerie [bangbus]  (Melissa).zip.exe
2025-08-08 06:56:20,265 [analyzer] INFO: Added new file to list with pid 2568 and path C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Templates\japanese horse bukkake full movie  (Janette).zip.exe
2025-08-08 06:56:20,312 [analyzer] INFO: Added new file to list with pid 2568 and path C:\Users\Administrator\Downloads\fucking licking  (Janette).avi.exe
2025-08-08 06:56:20,328 [analyzer] DEBUG: Loaded monitor into process with pid 2464
2025-08-08 06:56:20,342 [analyzer] INFO: Added new file to list with pid 2568 and path C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Templates\italian action hardcore full movie balls .avi.exe
2025-08-08 06:56:20,437 [analyzer] INFO: Added new file to list with pid 2568 and path C:\ProgramData\Microsoft\Network\Downloader\tyrkish beastiality fucking big .rar.exe
2025-08-08 06:56:20,530 [analyzer] INFO: Added new file to list with pid 2568 and path C:\ProgramData\Microsoft\RAC\Temp\danish beastiality xxx big redhair .rar.exe
2025-08-08 06:56:20,562 [analyzer] INFO: Added new file to list with pid 2568 and path C:\ProgramData\Microsoft\Search\Data\Temp\indian beastiality trambling [free] .mpg.exe
2025-08-08 06:56:20,608 [analyzer] INFO: Added new file to list with pid 2568 and path C:\ProgramData\Microsoft\Windows\Templates\swedish cumshot lingerie masturbation  (Janette).rar.exe
2025-08-08 06:56:20,655 [analyzer] INFO: Added new file to list with pid 2568 and path C:\ProgramData\Microsoft\Windows\Templates\brasilian animal fucking full movie .mpg.exe
2025-08-08 06:56:20,687 [analyzer] INFO: Added new file to list with pid 2568 and path C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\brasilian fetish xxx licking cock sweet  (Sarah).avi.exe
2025-08-08 06:56:20,703 [analyzer] INFO: Added new file to list with pid 2568 and path C:\Users\Default\AppData\Local\Temp\horse licking titts sweet .zip.exe
2025-08-08 06:56:20,717 [analyzer] INFO: Added new file to list with pid 2568 and path C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\danish horse blowjob lesbian cock ash .avi.exe
2025-08-08 06:56:20,765 [analyzer] INFO: Added new file to list with pid 2568 and path C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates\sperm sleeping feet swallow .zip.exe
2025-08-08 06:56:20,780 [analyzer] INFO: Added new file to list with pid 2568 and path C:\Users\Default\Downloads\beast uncut  (Janette).rar.exe
2025-08-08 06:56:20,796 [analyzer] INFO: Added new file to list with pid 2568 and path C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates\italian kicking trambling big young .zip.exe
2025-08-08 06:56:20,828 [analyzer] INFO: Added new file to list with pid 2568 and path C:\Users\Public\Downloads\lingerie [milf] titts .zip.exe
2025-08-08 06:56:20,890 [analyzer] INFO: Added new file to list with pid 2568 and path C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\swedish cumshot gay lesbian cock lady .mpg.exe
2025-08-08 06:56:20,921 [analyzer] INFO: Added new file to list with pid 2568 and path C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\american action lingerie sleeping  (Curtney).zip.exe
2025-08-08 06:56:21,000 [analyzer] INFO: Added new file to list with pid 2568 and path C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\hardcore public cock .zip.exe
2025-08-08 06:56:21,046 [analyzer] INFO: Added new file to list with pid 2568 and path C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\beast several models cock .avi.exe
2025-08-08 06:56:22,125 [analyzer] INFO: Added new file to list with pid 2568 and path C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\black action lesbian several models  (Sarah).mpg.exe
2025-08-08 06:56:22,140 [analyzer] INFO: Added new file to list with pid 2568 and path C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP9E41.tmp\italian animal gay big redhair .zip.exe
2025-08-08 05:57:05,203 [analyzer] INFO: Analysis timeout hit, terminating analysis.
2025-08-08 05:57:05,438 [lib.api.process] ERROR: Failed to dump memory of 32-bit process with pid 2568.
2025-08-08 05:57:05,548 [lib.api.process] ERROR: Failed to dump memory of 32-bit process with pid 2464.
2025-08-08 05:57:05,875 [analyzer] INFO: Terminating remaining processes before shutdown.
2025-08-08 05:57:05,891 [lib.api.process] INFO: Successfully terminated process with pid 2568.
2025-08-08 05:57:05,891 [lib.api.process] INFO: Successfully terminated process with pid 2464.
2025-08-08 05:57:06,548 [analyzer] WARNING: Too many files: c:\users\default\appdata\local\microsoft\windows\temporary internet files\danish horse blowjob lesbian cock ash .avi.exe
2025-08-08 05:57:06,548 [analyzer] WARNING: Too many files: c:\program files\dvd maker\shared\blowjob uncut cock black hairunshaved .rar.exe
2025-08-08 05:57:06,548 [analyzer] WARNING: Too many files: c:\windows\assembly\nativeimages_v2.0.50727_32\temp\black action lesbian several models  (sarah).mpg.exe
2025-08-08 05:57:06,548 [analyzer] WARNING: Too many files: c:\program files (x86)\common files\microsoft shared\beast public ejaculation .mpeg.exe
2025-08-08 05:57:06,548 [analyzer] WARNING: Too many files: c:\windows\assembly\gac_32\microsoft.grouppolicy.admtmpleditor\swedish cumshot gay lesbian cock lady .mpg.exe
2025-08-08 05:57:06,548 [analyzer] WARNING: Too many files: c:\windows\mssrv.exe
2025-08-08 05:57:06,548 [analyzer] WARNING: Too many files: c:\users\administrator\appdata\local\microsoft\windows\temporary internet files\italian action beast [milf] hole .mpeg.exe
2025-08-08 05:57:06,548 [analyzer] WARNING: Too many files: c:\users\default\appdata\roaming\microsoft\windows\templates\sperm sleeping feet swallow .zip.exe
2025-08-08 05:57:06,563 [analyzer] WARNING: Too many files: c:\programdata\microsoft\windows\templates\swedish cumshot lingerie masturbation  (janette).rar.exe
2025-08-08 05:57:06,563 [analyzer] WARNING: Too many files: c:\program files\common files\microsoft shared\indian nude horse [bangbus] .rar.exe
2025-08-08 05:57:06,563 [analyzer] WARNING: Too many files: c:\users\administrator\appdata\local\microsoft\windows\temporary internet files\tyrkish beastiality fucking [free] glans .zip.exe
2025-08-08 05:57:06,563 [analyzer] WARNING: Too many files: c:\users\default\appdata\local\temp\horse licking titts sweet .zip.exe
2025-08-08 05:57:06,563 [analyzer] WARNING: Too many files: c:\users\administrator\appdata\roaming\microsoft\windows\iedownloadhistory\american action lingerie [bangbus]  (melissa).zip.exe
2025-08-08 05:57:06,563 [analyzer] WARNING: Too many files: c:\programdata\microsoft\search\data\temp\swedish cum sperm full movie latex .zip.exe
2025-08-08 05:57:06,563 [analyzer] WARNING: Too many files: c:\users\default\downloads\beast uncut  (janette).rar.exe
2025-08-08 05:57:06,563 [analyzer] WARNING: Too many files: c:\program files (x86)\windows sidebar\shared gadgets\sperm catfight 50+ .mpeg.exe
2025-08-08 05:57:06,563 [analyzer] WARNING: Too many files: c:\programdata\microsoft\rac\temp\danish gang bang sperm voyeur titts ash .zip.exe
2025-08-08 05:57:06,563 [analyzer] INFO: Analysis completed.

Cuckoo Log

2025-08-08 06:56:15,558 [cuckoo.core.scheduler] INFO: Task #6824473: acquired machine win7x649 (label=win7x649)
2025-08-08 06:56:15,559 [cuckoo.core.resultserver] DEBUG: Now tracking machine 192.168.168.209 for task #6824473
2025-08-08 06:56:16,155 [cuckoo.auxiliary.sniffer] INFO: Started sniffer with PID 2578931 (interface=vboxnet0, host=192.168.168.209)
2025-08-08 06:56:16,411 [cuckoo.machinery.virtualbox] DEBUG: Starting vm win7x649
2025-08-08 06:56:17,248 [cuckoo.machinery.virtualbox] DEBUG: Restoring virtual machine win7x649 to vmcloak
2025-08-08 06:56:27,289 [cuckoo.core.guest] INFO: Starting analysis #6824473 on guest (id=win7x649, ip=192.168.168.209)
2025-08-08 06:56:28,294 [cuckoo.core.guest] DEBUG: win7x649: not ready yet
2025-08-08 06:56:33,321 [cuckoo.core.guest] INFO: Guest is running Cuckoo Agent 0.10 (id=win7x649, ip=192.168.168.209)
2025-08-08 06:56:33,453 [cuckoo.core.guest] DEBUG: Uploading analyzer to guest (id=win7x649, ip=192.168.168.209, monitor=latest, size=6660546)
2025-08-08 06:56:34,839 [cuckoo.core.resultserver] DEBUG: Task #6824473: live log analysis.log initialized.
2025-08-08 06:56:35,929 [cuckoo.core.resultserver] DEBUG: Task #6824473 is sending a BSON stream
2025-08-08 06:56:36,316 [cuckoo.core.resultserver] DEBUG: Task #6824473 is sending a BSON stream
2025-08-08 06:56:37,206 [cuckoo.core.resultserver] DEBUG: Task #6824473: File upload for 'shots/0001.jpg'
2025-08-08 06:56:37,245 [cuckoo.core.resultserver] DEBUG: Task #6824473 uploaded file length: 133470
2025-08-08 06:56:40,099 [cuckoo.core.resultserver] DEBUG: Task #6824473 is sending a BSON stream
2025-08-08 06:56:40,365 [cuckoo.core.resultserver] DEBUG: Task #6824473: File upload for 'shots/0002.jpg'
2025-08-08 06:56:40,386 [cuckoo.core.resultserver] DEBUG: Task #6824473 uploaded file length: 141030
2025-08-08 06:56:49,442 [cuckoo.core.guest] DEBUG: win7x649: analysis #6824473 still processing
2025-08-08 06:57:04,553 [cuckoo.core.guest] DEBUG: win7x649: analysis #6824473 still processing
2025-08-08 06:57:05,764 [cuckoo.core.resultserver] DEBUG: Task #6824473: File upload for 'curtain/1754625425.75.curtain.log'
2025-08-08 06:57:05,767 [cuckoo.core.resultserver] DEBUG: Task #6824473 uploaded file length: 36
2025-08-08 06:57:05,892 [cuckoo.core.resultserver] DEBUG: Task #6824473: File upload for 'sysmon/1754625425.88.sysmon.xml'
2025-08-08 06:57:05,897 [cuckoo.core.resultserver] DEBUG: Task #6824473 uploaded file length: 165126
2025-08-08 06:57:05,918 [cuckoo.core.resultserver] DEBUG: Task #6824473: File upload for 'files/7d5094dc44102f65_hardcore hidden pregnant .zip.exe'
2025-08-08 06:57:05,936 [cuckoo.core.resultserver] DEBUG: Task #6824473 uploaded file length: 1260582
2025-08-08 06:57:05,942 [cuckoo.core.resultserver] DEBUG: Task #6824473: File upload for 'files/0e007c2bc1d6ba25_horse masturbation glans 40+ .mpg.exe'
2025-08-08 06:57:05,945 [cuckoo.core.resultserver] DEBUG: Task #6824473 uploaded file length: 90049
2025-08-08 06:57:05,957 [cuckoo.core.resultserver] DEBUG: Task #6824473: File upload for 'files/bf50c1ca0cbf556b_italian action hardcore full movie balls .avi.exe'
2025-08-08 06:57:05,966 [cuckoo.core.resultserver] DEBUG: Task #6824473 uploaded file length: 944456
2025-08-08 06:57:05,987 [cuckoo.core.resultserver] DEBUG: Task #6824473: File upload for 'files/64aeb6483b32107c_japanese animal hardcore [milf] hole .mpg.exe'
2025-08-08 06:57:06,033 [cuckoo.core.resultserver] DEBUG: Task #6824473 uploaded file length: 2112360
2025-08-08 06:57:06,051 [cuckoo.core.resultserver] DEBUG: Task #6824473: File upload for 'files/d5e338b6ef691d6b_brasilian fetish xxx licking cock sweet  (sarah).avi.exe'
2025-08-08 06:57:06,092 [cuckoo.core.resultserver] DEBUG: Task #6824473 uploaded file length: 1245043
2025-08-08 06:57:06,105 [cuckoo.core.resultserver] DEBUG: Task #6824473: File upload for 'files/7d97b116562a88da_beast licking  (curtney).mpeg.exe'
2025-08-08 06:57:06,112 [cuckoo.core.resultserver] DEBUG: Task #6824473 uploaded file length: 820753
2025-08-08 06:57:06,124 [cuckoo.core.resultserver] DEBUG: Task #6824473: File upload for 'files/32bce77748e6292f_black action blowjob uncut swallow  (ashley,tatjana).mpg.exe'
2025-08-08 06:57:06,135 [cuckoo.core.resultserver] DEBUG: Task #6824473 uploaded file length: 1082597
2025-08-08 06:57:06,188 [cuckoo.core.resultserver] DEBUG: Task #6824473: File upload for 'files/c47f8213c538123e_danish porn xxx licking  (curtney).mpeg.exe'
2025-08-08 06:57:06,211 [cuckoo.core.resultserver] DEBUG: Task #6824473 uploaded file length: 1502885
2025-08-08 06:57:06,232 [cuckoo.core.resultserver] DEBUG: Task #6824473: File upload for 'files/a87d562ee7ec5add_indian beastiality trambling [free] .mpg.exe'
2025-08-08 06:57:06,249 [cuckoo.core.resultserver] DEBUG: Task #6824473 uploaded file length: 1668091
2025-08-08 06:57:06,268 [cuckoo.core.resultserver] DEBUG: Task #6824473: File upload for 'files/479ab23678c64faf_fucking licking  (janette).avi.exe'
2025-08-08 06:57:06,281 [cuckoo.core.resultserver] DEBUG: Task #6824473 uploaded file length: 1474481
2025-08-08 06:57:06,298 [cuckoo.core.resultserver] DEBUG: Task #6824473: File upload for 'files/d962a51c7c1be398_japanese horse bukkake full movie  (janette).zip.exe'
2025-08-08 06:57:06,310 [cuckoo.core.resultserver] DEBUG: Task #6824473 uploaded file length: 1336211
2025-08-08 06:57:06,329 [cuckoo.core.resultserver] DEBUG: Task #6824473: File upload for 'files/c20fdfaeb92bc668_lingerie [milf] titts .zip.exe'
2025-08-08 06:57:06,350 [cuckoo.core.resultserver] DEBUG: Task #6824473 uploaded file length: 1344704
2025-08-08 06:57:06,359 [cuckoo.core.resultserver] DEBUG: Task #6824473: File upload for 'files/79cbb97870b3f4a6_lingerie girls bedroom .rar.exe'
2025-08-08 06:57:06,367 [cuckoo.core.resultserver] DEBUG: Task #6824473 uploaded file length: 1043178
2025-08-08 06:57:06,372 [cuckoo.core.resultserver] DEBUG: Task #6824473: File upload for 'files/e13b44c513e349af_brasilian animal fucking full movie .mpg.exe'
2025-08-08 06:57:06,377 [cuckoo.core.resultserver] DEBUG: Task #6824473 uploaded file length: 487091
2025-08-08 06:57:06,384 [cuckoo.core.resultserver] DEBUG: Task #6824473: File upload for 'files/b87abc399bde3a94_beast several models cock .avi.exe'
2025-08-08 06:57:06,390 [cuckoo.core.resultserver] DEBUG: Task #6824473 uploaded file length: 669448
2025-08-08 06:57:06,404 [cuckoo.core.resultserver] DEBUG: Task #6824473: File upload for 'files/e159d52047d5412b_hardcore public cock .zip.exe'
2025-08-08 06:57:06,420 [cuckoo.core.resultserver] DEBUG: Task #6824473 uploaded file length: 1759614
2025-08-08 06:57:06,438 [cuckoo.core.resultserver] DEBUG: Task #6824473: File upload for 'files/801baddfa5d0e103_blowjob big gorgeoushorny .mpeg.exe'
2025-08-08 06:57:06,452 [cuckoo.core.resultserver] DEBUG: Task #6824473 uploaded file length: 1710786
2025-08-08 06:57:06,461 [cuckoo.core.resultserver] DEBUG: Task #6824473: File upload for 'files/e44a49bb5c71d224_tyrkish beastiality fucking big .rar.exe'
2025-08-08 06:57:06,467 [cuckoo.core.resultserver] DEBUG: Task #6824473 uploaded file length: 600299
2025-08-08 06:57:06,470 [cuckoo.core.resultserver] DEBUG: Task #6824473: File upload for 'files/16dda033d2695f34_italian kicking trambling big young .zip.exe'
2025-08-08 06:57:06,475 [cuckoo.core.resultserver] DEBUG: Task #6824473 uploaded file length: 437190
2025-08-08 06:57:06,484 [cuckoo.core.resultserver] DEBUG: Task #6824473: File upload for 'files/c4fbb4edee171c36_hardcore licking swallow .mpeg.exe'
2025-08-08 06:57:06,498 [cuckoo.core.resultserver] DEBUG: Task #6824473 uploaded file length: 1543700
2025-08-08 06:57:06,512 [cuckoo.core.resultserver] DEBUG: Task #6824473: File upload for 'files/27da769d1aaa0364_indian handjob fucking masturbation feet black hairunshaved .rar.exe'
2025-08-08 06:57:06,520 [cuckoo.core.resultserver] DEBUG: Task #6824473 uploaded file length: 979451
2025-08-08 06:57:06,526 [cuckoo.core.resultserver] DEBUG: Task #6824473: File upload for 'files/cfc3daea3c9ef1d2_italian animal gay big redhair .zip.exe'
2025-08-08 06:57:06,532 [cuckoo.core.resultserver] DEBUG: Task #6824473 uploaded file length: 526876
2025-08-08 06:57:06,538 [cuckoo.core.resultserver] DEBUG: Task #6824473: File upload for 'files/b2b8e5b1e1de01d6_american action lingerie sleeping  (curtney).zip.exe'
2025-08-08 06:57:06,545 [cuckoo.core.resultserver] DEBUG: Task #6824473 uploaded file length: 747071
2025-08-08 06:57:06,548 [cuckoo.core.resultserver] DEBUG: Task #6824473: File upload for 'files/345d6c44167d08dc_hardcore uncut cock .zip.exe'
2025-08-08 06:57:06,554 [cuckoo.core.resultserver] DEBUG: Task #6824473 uploaded file length: 771348
2025-08-08 06:57:06,560 [cuckoo.core.resultserver] DEBUG: Task #6824473: File upload for 'files/77c590377c7141dd_danish beastiality xxx big redhair .rar.exe'
2025-08-08 06:57:06,565 [cuckoo.core.resultserver] DEBUG: Task #6824473 uploaded file length: 422436
2025-08-08 06:57:06,593 [cuckoo.core.resultserver] DEBUG: Task #6824473 had connection reset for <Context for LOG>
2025-08-08 06:57:07,566 [cuckoo.core.guest] INFO: win7x649: analysis completed successfully
2025-08-08 06:57:07,579 [cuckoo.core.plugins] DEBUG: Stopped auxiliary module: Redsocks
2025-08-08 06:57:07,608 [cuckoo.core.plugins] DEBUG: Stopped auxiliary module: Sniffer
2025-08-08 06:57:09,019 [cuckoo.machinery.virtualbox] INFO: Successfully generated memory dump for virtual machine with label win7x649 to path /srv/cuckoo/cwd/storage/analyses/6824473/memory.dmp
2025-08-08 06:57:09,021 [cuckoo.machinery.virtualbox] DEBUG: Stopping vm win7x649
2025-08-08 06:57:17,442 [cuckoo.core.resultserver] DEBUG: Stopped tracking machine 192.168.168.209 for task #6824473
2025-08-08 06:57:17,745 [cuckoo.core.scheduler] DEBUG: Released database task #6824473
2025-08-08 06:57:17,765 [cuckoo.core.scheduler] INFO: Task #6824473: analysis procedure completed

Signatures

Yara rules detected for file (3 events)

description	(no description)	rule	UPX
description	The packer/protector section names/keywords	rule	suspicious_packer_section
description	Affect system registries	rule	win_registry

Allocates read-write-execute memory (usually to unpack itself) (4 events)

Time & API	Arguments	Status
NtProtectVirtualMemory Aug. 8, 2025, 7:56 a.m.	process_identifier: 2464 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x74bd0000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Aug. 8, 2025, 7:56 a.m.	process_identifier: 2464 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x74211000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Aug. 8, 2025, 7:56 a.m.	process_identifier: 2464 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x73b61000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Aug. 8, 2025, 7:56 a.m.	process_identifier: 2464 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x748f1000 process_handle: 0xffffffff	1

Checks if process is being debugged by a debugger (1 event)

Time & API	Arguments	Status	Return	Repeated
IsDebuggerPresent Aug. 8, 2025, 7:56 a.m.			0	0

Creates executable files on the filesystem (42 events)

file	C:\tmpl4240h\black action blowjob uncut swallow (Ashley,Tatjana).mpg.exe
file	C:\Users\Administrator\Downloads\fucking licking (Janette).avi.exe
file	C:\ProgramData\Microsoft\Network\Downloader\hardcore hidden pregnant .zip.exe
file	C:\Users\All Users\Microsoft\RAC\Temp\danish beastiality xxx big redhair .rar.exe
file	C:\Program Files\DVD Maker\Shared\blowjob uncut cock black hairunshaved .rar.exe
file	C:\Users\Administrator\AppData\Local\Temp\mozilla-temp-files\lingerie girls bedroom .rar.exe
file	C:\Users\All Users\Templates\brasilian animal fucking full movie .mpg.exe
file	C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\black action lesbian several models (Sarah).mpg.exe
file	C:\ProgramData\Microsoft\Search\Data\Temp\swedish cum sperm full movie latex .zip.exe
file	C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates\sperm sleeping feet swallow .zip.exe
file	C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\sperm catfight 50+ .mpeg.exe
file	C:\Program Files\Windows Sidebar\Shared Gadgets\indian handjob fucking masturbation feet black hairunshaved .rar.exe
file	C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\american action lingerie sleeping (Curtney).zip.exe
file	C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\brasilian fetish xxx licking cock sweet (Sarah).avi.exe
file	C:\Users\Administrator\Templates\italian action hardcore full movie balls .avi.exe
file	C:\Users\Administrator\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\horse masturbation glans 40+ .mpg.exe
file	C:\Users\All Users\Microsoft\Search\Data\Temp\indian beastiality trambling [free] .mpg.exe
file	C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\swedish cumshot gay lesbian cock lady .mpg.exe
file	C:\Users\Default\Templates\italian kicking trambling big young .zip.exe
file	C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\beast several models cock .avi.exe
file	C:\Program Files (x86)\Common Files\microsoft shared\beast public ejaculation .mpeg.exe
file	C:\Windows\mssrv.exe
file	C:\ProgramData\Templates\blowjob big gorgeoushorny .mpeg.exe
file	C:\Program Files\Microsoft Office\Templates\beast licking (Curtney).mpeg.exe
file	C:\Program Files\Windows Journal\Templates\danish porn xxx licking (Curtney).mpeg.exe
file	C:\Program Files\Common Files\Microsoft Shared\indian nude horse [bangbus] .rar.exe
file	C:\Users\All Users\Microsoft\Windows\Templates\swedish cumshot lingerie masturbation (Janette).rar.exe
file	C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\tyrkish beastiality fucking [free] glans .zip.exe
file	C:\Users\Default\AppData\Local\Temp\horse licking titts sweet .zip.exe
file	C:\ProgramData\Microsoft\Windows\Templates\japanese animal hardcore [milf] hole .mpg.exe
file	C:\Program Files\Microsoft Office\Templates\1033\ONENOTE\14\Notebook Templates\hardcore licking swallow .mpeg.exe
file	C:\Users\Default\Downloads\beast uncut (Janette).rar.exe
file	C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP9E41.tmp\italian animal gay big redhair .zip.exe
file	C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\IEDownloadHistory\american action lingerie [bangbus] (Melissa).zip.exe
file	C:\Users\Administrator\AppData\Local\Temp\hardcore uncut cock .zip.exe
file	C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Templates\japanese horse bukkake full movie (Janette).zip.exe
file	C:\Users\Administrator\AppData\Local\Temporary Internet Files\italian action beast [milf] hole .mpeg.exe
file	C:\Users\Public\Downloads\lingerie [milf] titts .zip.exe
file	C:\Users\All Users\Microsoft\Network\Downloader\tyrkish beastiality fucking big .rar.exe
file	C:\Users\Default\AppData\Local\Temporary Internet Files\danish horse blowjob lesbian cock ash .avi.exe
file	C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\hardcore public cock .zip.exe
file	C:\ProgramData\Microsoft\RAC\Temp\danish gang bang sperm voyeur titts ash .zip.exe

Drops an executable to the user AppData folder (1 event)

file	C:\Users\Administrator\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\horse masturbation glans 40+ .mpg.exe

Searches running processes potentially to identify processes for sandbox evasion, code injection or memory dumping (43 events)

Time & API	Arguments	Status	Return
Process32FirstW Aug. 8, 2025, 7:56 a.m.	snapshot_handle: 0x00000134 process_name: [System Process] process_identifier: 0	1	1
Process32NextW Aug. 8, 2025, 7:56 a.m.	snapshot_handle: 0x00000134 process_name: System process_identifier: 4	1	1
Process32NextW Aug. 8, 2025, 7:56 a.m.	snapshot_handle: 0x00000134 process_name: smss.exe process_identifier: 284	1	1
Process32NextW Aug. 8, 2025, 7:56 a.m.	snapshot_handle: 0x00000134 process_name: csrss.exe process_identifier: 360	1	1
Process32NextW Aug. 8, 2025, 7:56 a.m.	snapshot_handle: 0x00000134 process_name: wininit.exe process_identifier: 388	1	1
Process32NextW Aug. 8, 2025, 7:56 a.m.	snapshot_handle: 0x00000134 process_name: csrss.exe process_identifier: 412	1	1
Process32NextW Aug. 8, 2025, 7:56 a.m.	snapshot_handle: 0x00000134 process_name: winlogon.exe process_identifier: 448	1	1
Process32NextW Aug. 8, 2025, 7:56 a.m.	snapshot_handle: 0x00000134 process_name: services.exe process_identifier: 492	1	1
Process32NextW Aug. 8, 2025, 7:56 a.m.	snapshot_handle: 0x00000134 process_name: lsass.exe process_identifier: 508	1	1
Process32NextW Aug. 8, 2025, 7:56 a.m.	snapshot_handle: 0x00000134 process_name: lsm.exe process_identifier: 516	1	1
Process32NextW Aug. 8, 2025, 7:56 a.m.	snapshot_handle: 0x00000134 process_name: svchost.exe process_identifier: 620	1	1
Process32NextW Aug. 8, 2025, 7:56 a.m.	snapshot_handle: 0x00000134 process_name: svchost.exe process_identifier: 692	1	1
Process32NextW Aug. 8, 2025, 7:56 a.m.	snapshot_handle: 0x00000134 process_name: svchost.exe process_identifier: 764	1	1
Process32NextW Aug. 8, 2025, 7:56 a.m.	snapshot_handle: 0x00000134 process_name: svchost.exe process_identifier: 832	1	1
Process32NextW Aug. 8, 2025, 7:56 a.m.	snapshot_handle: 0x00000134 process_name: svchost.exe process_identifier: 880	1	1
Process32NextW Aug. 8, 2025, 7:56 a.m.	snapshot_handle: 0x00000134 process_name: svchost.exe process_identifier: 908	1	1
Process32NextW Aug. 8, 2025, 7:56 a.m.	snapshot_handle: 0x00000134 process_name: svchost.exe process_identifier: 416	1	1
Process32NextW Aug. 8, 2025, 7:56 a.m.	snapshot_handle: 0x00000134 process_name: spoolsv.exe process_identifier: 1044	1	1
Process32NextW Aug. 8, 2025, 7:56 a.m.	snapshot_handle: 0x00000134 process_name: svchost.exe process_identifier: 1084	1	1
Process32NextW Aug. 8, 2025, 7:56 a.m.	snapshot_handle: 0x00000134 process_name: sysmon.exe process_identifier: 1232	1	1
Process32NextW Aug. 8, 2025, 7:56 a.m.	snapshot_handle: 0x00000134 process_name: dwm.exe process_identifier: 1616	1	1
Process32NextW Aug. 8, 2025, 7:56 a.m.	snapshot_handle: 0x00000134 process_name: taskhost.exe process_identifier: 1668	1	1
Process32NextW Aug. 8, 2025, 7:56 a.m.	snapshot_handle: 0x00000134 process_name: unsecapp.exe process_identifier: 1700	1	1
Process32NextW Aug. 8, 2025, 7:56 a.m.	snapshot_handle: 0x00000134 process_name: explorer.exe process_identifier: 1744	1	1
Process32NextW Aug. 8, 2025, 7:56 a.m.	snapshot_handle: 0x00000134 process_name: svchost.exe process_identifier: 2000	1	1
Process32NextW Aug. 8, 2025, 7:56 a.m.	snapshot_handle: 0x00000134 process_name: pythonw.exe process_identifier: 648	1	1
Process32NextW Aug. 8, 2025, 7:56 a.m.	snapshot_handle: 0x00000134 process_name: WmiPrvSE.exe process_identifier: 2084	1	1
Process32NextW Aug. 8, 2025, 7:56 a.m.	snapshot_handle: 0x00000134 process_name: SearchIndexer.exe process_identifier: 2244	1	1
Process32NextW Aug. 8, 2025, 7:56 a.m.	snapshot_handle: 0x00000134 process_name: OSPPSVC.EXE process_identifier: 3048	1	1
Process32NextW Aug. 8, 2025, 7:56 a.m.	snapshot_handle: 0x00000134 process_name: svchost.exe process_identifier: 2576	1	1
Process32NextW Aug. 8, 2025, 7:56 a.m.	snapshot_handle: 0x00000134 process_name: mscorsvw.exe process_identifier: 2608	1	1
Process32NextW Aug. 8, 2025, 7:56 a.m.	snapshot_handle: 0x00000134 process_name: mscorsvw.exe process_identifier: 2592	1	1
Process32NextW Aug. 8, 2025, 7:56 a.m.	snapshot_handle: 0x00000134 process_name: sppsvc.exe process_identifier: 2772	1	1
Process32NextW Aug. 8, 2025, 7:56 a.m.	snapshot_handle: 0x00000134 process_name: WmiPrvSE.exe process_identifier: 2508	1	1
Process32NextW Aug. 8, 2025, 7:56 a.m.	snapshot_handle: 0x00000134 process_name: WmiPrvSE.exe process_identifier: 2324	1	1
Process32NextW Aug. 8, 2025, 7:56 a.m.	snapshot_handle: 0x00000134 process_name: mobsync.exe process_identifier: 2288	1	1
Process32NextW Aug. 8, 2025, 7:56 a.m.	snapshot_handle: 0x00000134 process_name: pythonw.exe process_identifier: 3032	1	1
Process32NextW Aug. 8, 2025, 7:56 a.m.	snapshot_handle: 0x00000134 process_name: taskhost.exe process_identifier: 2340	1	1
Process32NextW Aug. 8, 2025, 7:56 a.m.	snapshot_handle: 0x00000134 process_name: SearchProtocolHost.exe process_identifier: 1420	1	1
Process32NextW Aug. 8, 2025, 7:56 a.m.	snapshot_handle: 0x00000134 process_name: SearchFilterHost.exe process_identifier: 2412	1	1
Process32NextW Aug. 8, 2025, 7:56 a.m.	snapshot_handle: 0x00000134 process_name: 0a7d4c082deff16b2224d1298d590bb1.vir process_identifier: 2568	1	1
Process32NextW Aug. 8, 2025, 7:56 a.m.	snapshot_handle: 0x00000274 process_name: rundll32.exe process_identifier: 2464	1	1
Process32NextW Aug. 8, 2025, 7:56 a.m.	snapshot_handle: 0x00000234 process_name: rundll32.exe process_identifier: 1312	1	1

The binary likely contains encrypted or compressed data indicative of a packer (2 events)

section

{u'size_of_data': u'0x00008800', u'virtual_address': u'0x00012000', u'entropy': 7.943864614025491, u'name': u'UPX1', u'virtual_size': u'0x00009000'}

entropy

7.94386461403

description

A section with a high entropy has been found

entropy

0.985507246377

description

Overall entropy of this PE file is high

The executable is compressed using UPX (3 events)

section	UPX0	description	Section name indicates UPX
section	UPX1	description	Section name indicates UPX
section	UPX2	description	Section name indicates UPX

Enumerates services, possibly for anti-virtualization (1 event)

Time & API	Arguments	Status	Return	Repeated
EnumServicesStatusA Aug. 8, 2025, 7:56 a.m.	service_handle: 0x00590d00 service_type: 48 service_status: 1		0	0

Installs itself for autorun at Windows startup (1 event)

reg_key

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32

reg_value

C:\Windows\mssrv.exeHCOHC¨uYHCOp9V¨uYÊlºw8'Y¨uY:Vp9V0%Y¨uYèúOõqxª8ûxÿõq¾wàuþÿÿÿª8ºw¢4ºw0%YNO(%Y0ü7.ávV0%YÃ@\ý0%YØþâ@

Creates known WinSxsBot/Sfone Worm files, registry keys and/or mutexes (1 event)

mutex

mutex666

File has been identified by 14 AntiVirus engine on IRMA as malicious (14 events)

G Data Antivirus (Windows)	Virus: Gen:Heur.Mint.Murphy.3 (Engine A), Win32.Worm.Sfone.B (Engine B)
Avast Core Security (Linux)	Win32:MalwareX-gen [Wrm]
C4S ClamAV (Linux)	Win.Malware.Bbabdcdc-7358314-0
Trend Micro SProtect (Linux)	Worm.Win32.SFONE.SM
Trellix (Linux)	GenericRXKN-BX
WithSecure (Linux)	Trojan.TR/Crypt.ULPM.Gen
eScan Antivirus (Linux)	Gen:Heur.Mint.Murphy.3(DB)
ESET Security (Windows)	Win32/Agent.CP worm
Sophos Anti-Virus (Linux)	W32/Sfone-A
DrWeb Antivirus (Linux)	Win32.HLLW.Siggen.1607
ClamAV (Linux)	Win.Malware.Bbabdcdc-7358314-0
Bitdefender Antivirus (Linux)	Gen:Heur.Mint.Murphy.3
Kaspersky Standard (Windows)	Worm.Win32.Agent.cp
Emsisoft Commandline Scanner (Windows)	Gen:Heur.Mint.Murphy.3 (B)

File has been identified by 60 AntiVirus engines on VirusTotal as malicious (50 out of 60 events)

Bkav	W32.AIDetect.malware1
Lionic	Worm.Win32.Agent.tpn3
Elastic	malicious (high confidence)
ClamAV	Win.Malware.Bbabdcdc-7358314-0
CAT-QuickHeal	Worm.Sfone.A3
McAfee	GenericRXKN-BX!0A7D4C082DEF
ALYac	Trojan.GenericKDZ.70799
Cylance	Unsafe
VIPRE	Worm.Win32.Agent.cp (v)
Paloalto	generic.ml
Sangfor	Trojan.Win32.Save.a
K7AntiVirus	Trojan ( 0051918e1 )
BitDefender	Trojan.GenericKDZ.70799
K7GW	Trojan ( 0051918e1 )
Cybereason	malicious.82deff
Baidu	Win32.Worm.Agent.fj
Cyren	W32/S-0f565bfc!Eldorado
Symantec	W32.SillyWNSE
ESET-NOD32	Win32/Agent.CP
APEX	Malicious
Avast	Win32:WormX-gen [Wrm]
Cynet	Malicious (score: 100)
Kaspersky	Worm.Win32.Agent.cp
Alibaba	Trojan:Win32/Starter.ali1001008
NANO-Antivirus	Trojan.Win32.Wofith.hzygna
MicroWorld-eScan	Trojan.GenericKDZ.70799
Rising	Worm.Agent!1.CEBD (CLASSIC)
Ad-Aware	Trojan.GenericKDZ.70799
Emsisoft	Trojan.GenericKDZ.70799 (B)
Comodo	Worm.Win32.Agent.CP@42tt
DrWeb	Win32.HLLW.Siggen.1607
Zillya	Worm.Agent.Win32.43372
TrendMicro	Worm.Win32.SFONE.SM
McAfee-GW-Edition	BehavesLike.Win32.Generic.hc
FireEye	Generic.mg.0a7d4c082deff16b
Sophos	ML/PE-A + Troj/Agent-AGQR
Ikarus	Worm.Win32.Agent.cp
Jiangmin	Worm.Agent.tt
Avira	TR/Crypt.ULPM.Gen
MAX	malware (ai score=99)
Antiy-AVL	Trojan/Generic.ASVirus.28D
Gridinsoft	Trojan.Win32.Agent.cc!s2
Microsoft	Worm:Win32/Sfone
GData	Win32.Worm.Sfone.B
AhnLab-V3	Worm/Win32.Agent.R234001
Acronis	suspicious
BitDefenderTheta	AI:Packer.766B1D601E
TACHYON	Worm/W32.FakePorn.Zen
VBA32	Worm.Agent
Malwarebytes	Worm.Agent.666

Screenshots

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action	VT	Location
No hosts contacted.

Browser recommendation

File 0a7d4c082deff16b2224d1298d590bb1.vir

Summary Download Resubmit sample Download yara

Score

Autosubmit

Feedback

Information on Execution

Analyzer Log

Cuckoo Log

Signatures

Feedback

Summary
Download Resubmit sample Download yara