ID: 78954 Sample Name: Clapzok Cookbook: default.jbs Time: 09:56:23 Date: 21/09/2018 Version: 23.0.0 Table of Contents
Table of Contents 2 Analysis Report Clapzok 3 Overview 3 General Information 3 Detection 3 Confidence 3 Classification 4 Analysis Advice 4 Signature Overview 5 AV Detection: 5 Networking: 5 System Summary: 5 Malware Analysis System Evasion: 5 Anti Debugging: 5 Behavior Graph 5 Simulations 6 Behavior and APIs 6 Antivirus Detection 6 Initial Sample 6 Dropped Files 6 Unpacked PE Files 6 Domains 6 URLs 6 Yara Overview 7 Initial Sample 7 PCAP (Network Traffic) 7 Dropped Files 7 Memory Dumps 7 Unpacked PEs 7 Joe Sandbox View / Context 7 IPs 7 Domains 7 ASN 7 Dropped Files 7 Created / dropped Files 7 Domains and IPs 7 Contacted Domains 7 Contacted IPs 7 Static File Info 8 General 8 File Icon 8 Network Behavior 8 Code Manipulations 8 Statistics 8 System Behavior 8 Disassembly 8
Copyright Joe Security LLC 2018 Page 2 of 8 Analysis Report Clapzok
Overview
General Information
Joe Sandbox Version: 23.0.0 Analysis ID: 78954 Start date: 21.09.2018 Start time: 09:56:23 Joe Sandbox Product: CloudBasic Overall analysis duration: 0h 0m 56s Hypervisor based Inspection enabled: false Report type: light Sample file name: Clapzok Cookbook file name: default.jbs Analysis system description: Windows 7 SP1 (with Office 2010 SP2, IE 11, FF 54, Chrome 60, Acrobat Reader DC 17, Flash 26, Java 8.0.1440.1) Number of analysed new started processes analysed: 1 Number of new started drivers analysed: 0 Number of existing processes analysed: 0 Number of existing drivers analysed: 0 Number of injected processes analysed: 0 Technologies EGA enabled HDC enabled Analysis stop reason: Timeout Detection: MAL Classification: mal56.win@0/0@0/0 Cookbook Comments: Adjust boot time Unable to launch sample, stop analysis Warnings: Show All Exclude process from analysis (whitelisted): dllhost.exe Errors: Nothing to analyse, Joe Sandbox has not found any analysis process or sample Unable to start the sample
Detection
Strategy Score Range Reporting Detection
Threshold 56 0 - 100 Report FP / FN
Confidence
Strategy Score Range Further Analysis Required? Confidence
Copyright Joe Security LLC 2018 Page 3 of 8 Strategy Score Range Further Analysis Required? Confidence
Threshold 5 0 - 5 false
Classification
Ransomware
Miner Spreading
mmaallliiiccciiioouusss
malicious
Evader Phishing
sssuusssppiiiccciiioouusss
suspicious
cccllleeaann
clean
Exploiter Banker
Spyware Trojan / Bot
Adware
Analysis Advice
Sample could not be started, try setting a correct file extension or analyse on different analysis machine
Copyright Joe Security LLC 2018 Page 4 of 8 Signature Overview
• AV Detection • Networking • System Summary • Malware Analysis System Evasion • Anti Debugging
Click to jump to signature section
AV Detection:
Antivirus detection for submitted file
Multi AV Scanner detection for submitted file
Networking:
Urls found in memory or binary data
System Summary:
Classification label
Sample is known by Antivirus
Malware Analysis System Evasion:
Program does not show much activity (idle)
Anti Debugging:
Program does not show much activity (idle)
Behavior Graph
Copyright Joe Security LLC 2018 Page 5 of 8 Hide Legend Legend: Process Signature Created File DNS/IP Info Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Behavior Graph Visual Basic
ID: 78954 Delphi Sample: Clapzok Java Startdate: 21/09/2018 .Net C# or VB.NET Architecture: WINDOWS C, C++ or other language Score: 56 Is malicious
Antivirus detection Multi AV Scanner detection for submitted file for submitted file
Simulations
Behavior and APIs
No simulations
Antivirus Detection
Initial Sample
Source Detection Scanner Label Link Clapzok 54% virustotal Browse Clapzok 100% Avira W32/Elmacz.A
Dropped Files
No Antivirus matches
Unpacked PE Files
No Antivirus matches
Domains
No Antivirus matches
URLs
Copyright Joe Security LLC 2018 Page 6 of 8 No Antivirus matches
Yara Overview
Initial Sample
No yara matches
PCAP (Network Traffic)
No yara matches
Dropped Files
No yara matches
Memory Dumps
No yara matches
Unpacked PEs
No yara matches
Joe Sandbox View / Context
IPs
No context
Domains
No context
ASN
No context
Dropped Files
No context
Created / dropped Files
No created / dropped files found
Domains and IPs
Contacted Domains
No contacted domains info
Contacted IPs
Copyright Joe Security LLC 2018 Page 7 of 8 No contacted IP infos
Static File Info
General
File type: Mach-O universal binary with 2 architectures: [x86_64: Mach-O 64-bit x86_64 executable] [i386: Mach-O i386 executable] Entropy (8bit): 5.084211406944398 TrID: Mac OS X Universal Binary executable (4004/1) 75.96% HSC music composer song (1267/141) 24.04% File name: Clapzok File size: 84794 MD5: 99fe5ad5ff514f5aaea8e501ddbaf95b SHA1: 48bc391b35a5323b70c6908c428917d08054744b SHA256: 03f2591771c4c04d7f69dd0f7e29f012a4836410e9fb2430 d880e38feafe2729 SHA512: c3bdfb40a8c0a6c86135eb4c27e68ad77f2b0b6c0701bff 0f7b277fe7977780a35254837f5a8f7bee746f0f4eb7b30b def99d923d621a07734a9bd31d59ca2d8 File Content Preview: ...... :......
File Icon
Network Behavior
No network behavior found
Code Manipulations
Statistics
System Behavior
Disassembly
Copyright Joe Security LLC 2018 Page 8 of 8