ID: 4019 Sample Name: faktury_pdf.rar Cookbook: default.jbs Time: 12:24: Date: 1/12/201 Version: 20.0.0
Table of Contents Table of Contents Analysis Report Overview General Information Detection Confidence Classification Analysis Advice Signature Overview AV Detection: System Summary: Anti Debugging: Malware Analysis System Evasion: Simulations Behavior and APIs Antivirus Detection Initial Sample Domains Yara Overview Initial Sample PCAP (Network Traffic) Memory Dumps Unpacked PEs Joe Sandbox View / Context IPs Domains ASN Screenshot Created / dropped Files Contacted Domains/Contacted IPs Contacted Domains Contacted IPs Static File Info General File Icon Network Behavior Code Manipulations Statistics System Behavior Disassembly 2 4 4 4 Copyright Joe Security LLC 201 Page 2 of
Analysis Report Overview General Information Joe Sandbox Version: 20.0.0 Analysis ID: 4019 Start time: 12:24: Joe Sandbox Product: CloudBasic Start date: 1.12.201 Overall analysis duration: Hypervisor based Inspection enabled: Report type: Sample file name: Cookbook file name: 0h 1m 1s false light faktury_pdf.rar (renamed file extension from rar to ace) default.jbs Analysis system description: Windows SP1 (with Office 2010 SP2, IE 11, FF 4, Chrome 0, Acrobat Reader DC 1, Flash 2, Java.0.1440.1) Number of analysed new started processes analysed: 1 Number of new started drivers analysed: 0 Number of existing processes analysed: 0 Number of existing drivers analysed: 0 Number of injected processes analysed: 0 Technologies Detection: Classification: Cookbook Comments: Warnings: Errors: MAL HCA enabled EGA enabled HDC enabled mal4.winace@0/0@0/0 Unable to launch sample, stop analysis Show All Exclude process from analysis (whitelisted): dllhost.exe Nothing to analyse, Joe Sandbox has not found any analysis process or sample Unable to start the sample Detection Strategy Score Range Reporting Detection Threshold 4 0-100 Report FP / FN Confidence Strategy Score Range Further Analysis Required? Confidence Copyright Joe Security LLC 201 Page of
Strategy Score Range Further Analysis Required? Threshold 0- false Confidence Classification Ransomware Miner Spreading malicious malicious malicious Evader Phishing suspicious suspicious suspicious clean clean clean Exploiter Banker Spyware Trojan / Bot Adware Analysis Advice Sample could not be started, try setting a correct file extension or analyse on different analysis machine Signature Overview Copyright Joe Security LLC 201 Page 4 of
AV Detection System Summary Anti Debugging Malware Analysis System Evasion Click to jump to signature section AV Detection: Antivirus detection for submitted file System Summary: Classification label Sample is known by Antivirus (Virustotal or Metascan) Anti Debugging: Program does not show much activity (idle) Malware Analysis System Evasion: Program does not show much activity (idle) Simulations Behavior and APIs No simulations Antivirus Detection Initial Sample Source Detection Cloud Link faktury_pd.ace 10% virustotal Browse No Antivirus matches Domains Copyright Joe Security LLC 201 Page of
No Antivirus matches Yara Overview Initial Sample PCAP (Network Traffic) Memory Dumps Unpacked PEs Joe Sandbox View / Context IPs No context Domains No context ASN No context No context Screenshot Copyright Joe Security LLC 201 Page of
Created / dropped Files No created / dropped files found Contacted Domains/Contacted IPs Contacted Domains No contacted domains info Contacted IPs No contacted IP infos Static File Info General File type: TrID: File name: Copyright Joe Security LLC 201 ACE archive data version 20, from Win/2, version 20 to extract, with recovery record, solid ACE compressed archive (09/2) 100.00% faktury_pd.ace Page of
General File size: 1 MD: SHA1: SHA2: SHA12: File Content Preview: 21ade1fd2ceace0db10e44d ffa1904c0e1200bc19aaad42c20 9d12a90a40d42dc401bce04a9a b492f0f1ab44 eec4919afabb1d00dcebec9ca2b0 9920214eca109d9eab9ed49 c0aea2c4be0fe9b04b0fbab.?,...**ace**...kcl..k..._...@...faktu...p...k...b...@...faktury_pdf.jse%...)...]...r...a...`..e^.b...e.....y..4...n..".hrc.....~.c...>...oo.o R...)...v..;...W/m.*ImO/..G..O;pP..J...O=.. File Icon Network Behavior No network behavior found Code Manipulations Statistics System Behavior Disassembly Copyright Joe Security LLC 201 Page of