ID: 78954 Sample Name: Clapzok Cookbook: default.jbs Time: 09:56:23 Date: 21/09/2018 Version: 23.0.0 Table of Contents Table of Contents 2 Analysis Report Clapzok 3 Overview 3 General Information 3 Detection 3 Confidence 3 Classification 4 Analysis Advice 4 Signature Overview 5 AV Detection: 5 Networking: 5 System Summary: 5 Malware Analysis System Evasion: 5 Anti Debugging: 5 Behavior Graph 5 Simulations 6 Behavior and APIs 6 Antivirus Detection 6 Initial Sample 6 Dropped Files 6 Unpacked PE Files 6 Domains 6 URLs 6 Yara Overview 7 Initial Sample 7 PCAP (Network Traffic) 7 Dropped Files 7 Memory Dumps 7 Unpacked PEs 7 Joe Sandbox View / Context 7 IPs 7 Domains 7 ASN 7 Dropped Files 7 Created / dropped Files 7 Domains and IPs 7 Contacted Domains 7 Contacted IPs 7 Static File Info 8 General 8 File Icon 8 Network Behavior 8 Code Manipulations 8 Statistics 8 System Behavior 8 Disassembly 8 Copyright Joe Security LLC 2018 Page 2 of 8 Analysis Report Clapzok Overview General Information Joe Sandbox Version: 23.0.0 Analysis ID: 78954 Start date: 21.09.2018 Start time: 09:56:23 Joe Sandbox Product: CloudBasic Overall analysis duration: 0h 0m 56s Hypervisor based Inspection enabled: false Report type: light Sample file name: Clapzok Cookbook file name: default.jbs Analysis system description: Windows 7 SP1 (with Office 2010 SP2, IE 11, FF 54, Chrome 60, Acrobat Reader DC 17, Flash 26, Java 8.0.1440.1) Number of analysed new started processes analysed: 1 Number of new started drivers analysed: 0 Number of existing processes analysed: 0 Number of existing drivers analysed: 0 Number of injected processes analysed: 0 Technologies EGA enabled HDC enabled Analysis stop reason: Timeout Detection: MAL Classification: mal56.win@0/0@0/0 Cookbook Comments: Adjust boot time Unable to launch sample, stop analysis Warnings: Show All Exclude process from analysis (whitelisted): dllhost.exe Errors: Nothing to analyse, Joe Sandbox has not found any analysis process or sample Unable to start the sample Detection Strategy Score Range Reporting Detection Threshold 56 0 - 100 Report FP / FN Confidence Strategy Score Range Further Analysis Required? Confidence Copyright Joe Security LLC 2018 Page 3 of 8 Strategy Score Range Further Analysis Required? Confidence Threshold 5 0 - 5 false Classification Ransomware Miner Spreading mmaallliiiccciiioouusss malicious Evader Phishing sssuusssppiiiccciiioouusss suspicious cccllleeaann clean Exploiter Banker Spyware Trojan / Bot Adware Analysis Advice Sample could not be started, try setting a correct file extension or analyse on different analysis machine Copyright Joe Security LLC 2018 Page 4 of 8 Signature Overview • AV Detection • Networking • System Summary • Malware Analysis System Evasion • Anti Debugging Click to jump to signature section AV Detection: Antivirus detection for submitted file Multi AV Scanner detection for submitted file Networking: Urls found in memory or binary data System Summary: Classification label Sample is known by Antivirus Malware Analysis System Evasion: Program does not show much activity (idle) Anti Debugging: Program does not show much activity (idle) Behavior Graph Copyright Joe Security LLC 2018 Page 5 of 8 Hide Legend Legend: Process Signature Created File DNS/IP Info Is Dropped Is Windows Process Number of created Registry Values Number of created Files Behavior Graph Visual Basic ID: 78954 Delphi Sample: Clapzok Java Startdate: 21/09/2018 .Net C# or VB.NET Architecture: WINDOWS C, C++ or other language Score: 56 Is malicious Antivirus detection Multi AV Scanner detection for submitted file for submitted file Simulations Behavior and APIs No simulations Antivirus Detection Initial Sample Source Detection Scanner Label Link Clapzok 54% virustotal Browse Clapzok 100% Avira W32/Elmacz.A Dropped Files No Antivirus matches Unpacked PE Files No Antivirus matches Domains No Antivirus matches URLs Copyright Joe Security LLC 2018 Page 6 of 8 No Antivirus matches Yara Overview Initial Sample No yara matches PCAP (Network Traffic) No yara matches Dropped Files No yara matches Memory Dumps No yara matches Unpacked PEs No yara matches Joe Sandbox View / Context IPs No context Domains No context ASN No context Dropped Files No context Created / dropped Files No created / dropped files found Domains and IPs Contacted Domains No contacted domains info Contacted IPs Copyright Joe Security LLC 2018 Page 7 of 8 No contacted IP infos Static File Info General File type: Mach-O universal binary with 2 architectures: [x86_64: Mach-O 64-bit x86_64 executable] [i386: Mach-O i386 executable] Entropy (8bit): 5.084211406944398 TrID: Mac OS X Universal Binary executable (4004/1) 75.96% HSC music composer song (1267/141) 24.04% File name: Clapzok File size: 84794 MD5: 99fe5ad5ff514f5aaea8e501ddbaf95b SHA1: 48bc391b35a5323b70c6908c428917d08054744b SHA256: 03f2591771c4c04d7f69dd0f7e29f012a4836410e9fb2430 d880e38feafe2729 SHA512: c3bdfb40a8c0a6c86135eb4c27e68ad77f2b0b6c0701bff 0f7b277fe7977780a35254837f5a8f7bee746f0f4eb7b30b def99d923d621a07734a9bd31d59ca2d8 File Content Preview: ...........................................:............................................. ......................................................................................... ............................................................................. File Icon Network Behavior No network behavior found Code Manipulations Statistics System Behavior Disassembly Copyright Joe Security LLC 2018 Page 8 of 8.