Summary

baba99929487b005bb9b168acfd852550055f22e5f1059c9032765209bb185e5

File baba99929487b005bb9b168acfd852550055f22e5f1059c9032765209bb185e5

Summary
Download Resubmit sample

Size 2.1MB
Type PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5 5afebc0847d876623197a59fe267cb26
SHA1 9c349fc1c0d9bb721f1d28e6c77dee08f1a32abe
SHA256 baba99929487b005bb9b168acfd852550055f22e5f1059c9032765209bb185e5
SHA512
60a2ddd3a66cd299bb3f01c1652c58ae4a4b251ea040d6dbac7f384c3e84c08413f5e554b55c1ee3861d46bdc97fbc955b89a315005391321665abfbbe97993c
CRC32 58E608D6
ssdeep None
PDB Path C:\projects\ultimate-asi-loader\bin\Win32\Release\dinput8.pdb
Yara
  • DebuggerException__SetConsoleCtrl - (no description)
  • anti_dbg - Checks if being debugged
  • antisb_threatExpert - Anti-Sandbox checks for ThreatExpert
  • create_com_service - Create a COM server
  • network_udp_sock - Communications over UDP network
  • network_tcp_listen - Listen for incoming communication
  • network_tcp_socket - Communications over RAW socket
  • escalate_priv - Escalade priviledges
  • screenshot - Take screenshot
  • keylogger - Run a keylogger

Score

This file shows numerous signs of malicious behavior.

The score of this file is 3.1 out of 10.

Please notice: The scoring system is currently still in development and should be considered an alpha feature.

Feedback

Expecting different results? Send us this analysis and we will inspect it. Click here

Information on Execution

Analysis
Category Started Completed Duration Routing Logs
FILE Feb. 5, 2026, 11:10 p.m. Feb. 5, 2026, 11:11 p.m. 56 seconds internet Show Analyzer Log
Show Cuckoo Log

Analyzer Log

2026-02-05 22:10:15,015 [analyzer] DEBUG: Starting analyzer from: C:\tmpd0os1j
2026-02-05 22:10:15,015 [analyzer] DEBUG: Pipe server name: \??\PIPE\guXvWQalzbpDiuQsrWEcPItJcOZH
2026-02-05 22:10:15,015 [analyzer] DEBUG: Log pipe server name: \??\PIPE\cYATXwGXZFZoMhObVXVpVoofXhv
2026-02-05 22:10:15,280 [analyzer] DEBUG: Started auxiliary module Curtain
2026-02-05 22:10:15,280 [analyzer] DEBUG: Started auxiliary module DbgView
2026-02-05 22:10:15,655 [analyzer] DEBUG: Started auxiliary module Disguise
2026-02-05 22:10:15,842 [analyzer] DEBUG: Loaded monitor into process with pid 512
2026-02-05 22:10:15,842 [analyzer] DEBUG: Started auxiliary module DumpTLSMasterSecrets
2026-02-05 22:10:15,842 [analyzer] DEBUG: Started auxiliary module Human
2026-02-05 22:10:15,842 [analyzer] DEBUG: Started auxiliary module InstallCertificate
2026-02-05 22:10:15,842 [analyzer] DEBUG: Started auxiliary module Reboot
2026-02-05 22:10:15,953 [analyzer] DEBUG: Started auxiliary module RecentFiles
2026-02-05 22:10:15,953 [analyzer] DEBUG: Started auxiliary module Screenshots
2026-02-05 22:10:15,953 [analyzer] DEBUG: Started auxiliary module Sysmon
2026-02-05 22:10:15,953 [analyzer] DEBUG: Started auxiliary module LoadZer0m0n
2026-02-05 22:10:16,046 [lib.api.process] ERROR: Failed to execute process from path u'C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\baba99929487b005bb9b168acfd852550055f22e5f1059c9032765209bb185e5.exe' with arguments ['bin\\inject-x86.exe', '--app', u'C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\baba99929487b005bb9b168acfd852550055f22e5f1059c9032765209bb185e5.exe', '--only-start', '--curdir', 'C:\\Users\\ADMINI~1\\AppData\\Local\\Temp'] (Error: Command '['bin\\inject-x86.exe', '--app', u'C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\baba99929487b005bb9b168acfd852550055f22e5f1059c9032765209bb185e5.exe', '--only-start', '--curdir', 'C:\\Users\\ADMINI~1\\AppData\\Local\\Temp']' returned non-zero exit status 1)

Cuckoo Log

2026-02-05 23:10:16,496 [cuckoo.core.scheduler] INFO: Task #7450866: acquired machine win7x6429 (label=win7x6429)
2026-02-05 23:10:16,497 [cuckoo.core.resultserver] DEBUG: Now tracking machine 192.168.168.229 for task #7450866
2026-02-05 23:10:16,917 [cuckoo.auxiliary.sniffer] INFO: Started sniffer with PID 3284153 (interface=vboxnet0, host=192.168.168.229)
2026-02-05 23:10:18,095 [cuckoo.machinery.virtualbox] DEBUG: Starting vm win7x6429
2026-02-05 23:10:18,717 [cuckoo.machinery.virtualbox] DEBUG: Restoring virtual machine win7x6429 to vmcloak
2026-02-05 23:10:50,537 [cuckoo.core.guest] INFO: Starting analysis #7450866 on guest (id=win7x6429, ip=192.168.168.229)
2026-02-05 23:10:51,543 [cuckoo.core.guest] DEBUG: win7x6429: not ready yet
2026-02-05 23:10:56,590 [cuckoo.core.guest] INFO: Guest is running Cuckoo Agent 0.10 (id=win7x6429, ip=192.168.168.229)
2026-02-05 23:10:56,680 [cuckoo.core.guest] DEBUG: Uploading analyzer to guest (id=win7x6429, ip=192.168.168.229, monitor=latest, size=6660546)
2026-02-05 23:10:58,197 [cuckoo.core.resultserver] DEBUG: Task #7450866: live log analysis.log initialized.
2026-02-05 23:10:58,996 [cuckoo.core.resultserver] DEBUG: Task #7450866 is sending a BSON stream
2026-02-05 23:11:00,317 [cuckoo.core.resultserver] DEBUG: Task #7450866: File upload for 'shots/0001.jpg'
2026-02-05 23:11:00,332 [cuckoo.core.resultserver] DEBUG: Task #7450866 uploaded file length: 133391
2026-02-05 23:11:00,700 [cuckoo.core.guest] WARNING: win7x6429: analysis #7450866 caught an exception
Traceback (most recent call last):
  File "C:/tmpd0os1j/analyzer.py", line 824, in <module>
    success = analyzer.run()
  File "C:/tmpd0os1j/analyzer.py", line 673, in run
    pids = self.package.start(self.target)
  File "C:\tmpd0os1j\modules\packages\exe.py", line 34, in start
    return self.execute(path, args=shlex.split(args))
  File "C:\tmpd0os1j\lib\common\abstracts.py", line 205, in execute
    "Unable to execute the initial process, analysis aborted."
CuckooPackageError: Unable to execute the initial process, analysis aborted.

2026-02-05 23:11:00,714 [cuckoo.core.plugins] DEBUG: Stopped auxiliary module: Redsocks
2026-02-05 23:11:00,748 [cuckoo.core.plugins] DEBUG: Stopped auxiliary module: Sniffer
2026-02-05 23:11:01,846 [cuckoo.machinery.virtualbox] INFO: Successfully generated memory dump for virtual machine with label win7x6429 to path /srv/cuckoo/cwd/storage/analyses/7450866/memory.dmp
2026-02-05 23:11:01,848 [cuckoo.machinery.virtualbox] DEBUG: Stopping vm win7x6429
2026-02-05 23:11:12,379 [cuckoo.core.resultserver] DEBUG: Stopped tracking machine 192.168.168.229 for task #7450866
2026-02-05 23:11:12,380 [cuckoo.core.resultserver] DEBUG: Cancel <Context for LOG> for task 7450866
2026-02-05 23:11:12,722 [cuckoo.core.scheduler] DEBUG: Released database task #7450866
2026-02-05 23:11:12,738 [cuckoo.core.scheduler] INFO: Task #7450866: analysis procedure completed

Signatures

Yara rules detected for file (10 events)
description (no description) rule DebuggerException__SetConsoleCtrl
description Checks if being debugged rule anti_dbg
description Anti-Sandbox checks for ThreatExpert rule antisb_threatExpert
description Create a COM server rule create_com_service
description Communications over UDP network rule network_udp_sock
description Listen for incoming communication rule network_tcp_listen
description Communications over RAW socket rule network_tcp_socket
description Escalade priviledges rule escalate_priv
description Take screenshot rule screenshot
description Run a keylogger rule keylogger
This executable has a PDB path (1 event)
pdb_path C:\projects\ultimate-asi-loader\bin\Win32\Release\dinput8.pdb
File has been identified by 3 AntiVirus engines on VirusTotal as malicious (3 events)
Cynet Malicious (score: 100)
Rising Trojan.Generic!8.C3 (CLOUD)
Trapmine suspicious.low.ml.score
Screenshots
Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action VT Location
No hosts contacted.
Cuckoo

We're processing your submission... This could take a few seconds.