Loading ...

Play interactive tourEdit tour

Analysis Report nmap-7.80-setup.exe

Overview

General Information

Joe Sandbox Version:28.0.0 Lapis Lazuli
Analysis ID:214270
Start date:10.03.2020
Start time:14:11:29
Joe Sandbox Product:CloudBasic
Overall analysis duration:0h 9m 42s
Hypervisor based Inspection enabled:false
Report type:full
Sample file name:nmap-7.80-setup.exe
Cookbook file name:default.jbs
Analysis system description:Windows 10 64 bit (version 1803) with Office 2016, Adobe Reader DC 19, Chrome 70, Firefox 63, Java 8.171, Flash 30.0.0.113
Number of analysed new started processes analysed:4
Number of new started drivers analysed:0
Number of existing processes analysed:0
Number of existing drivers analysed:0
Number of injected processes analysed:0
Technologies:
  • HCA enabled
  • EGA enabled
  • HDC enabled
  • AMSI enabled
Analysis stop reason:Timeout
Detection:SUS
Classification:sus24.troj.evad.winEXE@1/289@0/0
EGA Information:
  • Successful, ratio: 100%
HDC Information:
  • Successful, ratio: 100% (good quality ratio 97.4%)
  • Quality average: 86.5%
  • Quality standard deviation: 23.6%
HCA Information:Failed
Cookbook Comments:
  • Adjust boot time
  • Enable AMSI
  • Found application associated with file extension: .exe
Warnings:
Show All
  • Exclude process from analysis (whitelisted): dllhost.exe, conhost.exe, CompatTelRunner.exe
  • Report size getting too big, too many NtOpenKeyEx calls found.
  • Report size getting too big, too many NtQueryAttributesFile calls found.
  • Timeout during Intezer genetic analysis for /opt/package/joesandbox/database/analysis/214270/sample/nmap-7.80-setup.exe
  • Timeout during Intezer genetic analysis for unpackpe/0.2.nmap-7.80-setup.exe.1e0000.0.unpack

Detection

StrategyScoreRangeReportingWhitelistedDetection
Threshold240 - 100falsesuspicious

Confidence

StrategyScoreRangeFurther Analysis Required?Confidence
Threshold40 - 5false
ConfidenceConfidence


Classification Spiderchart

Analysis Advice

Sample drops PE files which have not been started, submit dropped PE samples for a secondary analysis to Joe Sandbox



Mitre Att&ck Matrix

Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
Valid AccountsGraphical User Interface11Winlogon Helper DLLProcess Injection1Masquerading1Credential DumpingQuery Registry1Remote Desktop Protocol1Clipboard Data1Data Encrypted11Standard Cryptographic Protocol1Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationSystem Shutdown/Reboot1
Replication Through Removable MediaService ExecutionPort MonitorsAccessibility FeaturesVirtualization/Sandbox Evasion11Network SniffingVirtualization/Sandbox Evasion11Remote ServicesData from Removable MediaExfiltration Over Other Network MediumRemote Access Tools1Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
External Remote ServicesWindows Management InstrumentationAccessibility FeaturesPath InterceptionProcess Injection1Input CaptureProcess Discovery1Windows Remote ManagementData from Network Shared DriveAutomated ExfiltrationCustom Cryptographic ProtocolExploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
Drive-by CompromiseScheduled TaskSystem FirmwareDLL Search Order HijackingObfuscated Files or InformationCredentials in FilesSecurity Software Discovery111Logon ScriptsInput CaptureData EncryptedMultiband CommunicationSIM Card SwapPremium SMS Toll Fraud
Exploit Public-Facing ApplicationCommand-Line InterfaceShortcut ModificationFile System Permissions WeaknessMasqueradingAccount ManipulationFile and Directory Discovery3Shared WebrootData StagedScheduled TransferStandard Cryptographic ProtocolManipulate Device CommunicationManipulate App Store Rankings or Ratings
Spearphishing LinkGraphical User InterfaceModify Existing ServiceNew ServiceDLL Search Order HijackingBrute ForceSystem Information Discovery4Third-party SoftwareScreen CaptureData Transfer Size LimitsCommonly Used PortJamming or Denial of ServiceAbuse Accessibility Features

Signature Overview

Click to jump to signature section


Cryptography:

barindex
Public key (encryption) foundShow sources
Source: nmap-service-probes.0.drBinary or memory string: match r1soft-cdp m|^\0\0\x01.R.\x02\n.\x08\xa3\x80\x04\x10.\x18\0 [\0\x01]\*.(.*?)\x10\0\x1a\x90\x02-----BEGIN PUBLIC KEY-----\nMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQ|s p/R1Soft Continuous Data Protection Agent/ i/name: $P(1)/ cpe:/a:r1soft:cdp/

Spreading:

barindex
Contains functionality to enumerate / list files inside a directoryShow sources
Source: C:\Users\user\Desktop\nmap-7.80-setup.exeCode function: 0_2_00405646 CloseHandle,DeleteFileA,lstrcatA,lstrcatA,lstrlenA,FindFirstFileA,DeleteFileA,FindNextFileA,FindClose,RemoveDirectoryA,0_2_00405646
Source: C:\Users\user\Desktop\nmap-7.80-setup.exeCode function: 0_2_0040601C FindFirstFileA,FindClose,0_2_0040601C
Source: C:\Users\user\Desktop\nmap-7.80-setup.exeCode function: 0_2_00402671 FindFirstFileA,0_2_00402671

Networking:

barindex
Found strings which match to known social media urlsShow sources
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmpString found in binary or memory: -- | www.facebook.com equals www.facebook.com (Facebook)
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmpString found in binary or memory: -- | www.twitter.com equals www.twitter.com (Twitter)
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmpString found in binary or memory: -- | www.youtube.com equals www.youtube.com (Youtube)
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmpString found in binary or memory: -- |_www.linkedin.com equals www.linkedin.com (Linkedin)
Urls found in memory or binary dataShow sources
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmpString found in binary or memory: http://%s/wpad.dat
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmpString found in binary or memory: http://1.2.3.110:5357/deadbeef-469b-4da4-b413-deadbeefee90/
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmpString found in binary or memory: http://1.2.3.114:52323/dmr.xml
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmpString found in binary or memory: http://1.2.3.116:50000
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmpString found in binary or memory: http://1.2.3.131:5357/deadbeef-ea5c-4b9a-a68d-deadbeefceb3/
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmpString found in binary or memory: http://1.2.3.50:8200/rootDesc.xml
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmpString found in binary or memory: http://192.168.1.1/
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmpString found in binary or memory: http://192.168.1.162/auth1/index.html
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmpString found in binary or memory: http://192.168.1.162/auth2/index.html
Source: nmap-os-db.0.drString found in binary or memory: http://192.168.100.1/cmOpenSource.htm:
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp, dns-ip6-arpa-scan.nse.0.drString found in binary or memory: http://7bits.nl/blog/2012/03/26/finding-v6-hosts-by-efficiently-mapping-ip6-arpa
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmpString found in binary or memory: http://acunetix.com/vulnerabilities/web/insecure-clientaccesspolicy-xml-file
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmpString found in binary or memory: http://ajax.googleapis.com/ajax/libs/jquery/1/jquery.min.js?ver=3.4.2
Source: nmap-7.80-setup.exe, 00000000.00000002.4757929659.0000000002841000.00000004.00000001.sdmp, nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp, nmap-service-probes.0.drString found in binary or memory: http://aluigi.altervista.org/papers.htm#ase
Source: nmap-7.80-setup.exe, 00000000.00000002.4757929659.0000000002841000.00000004.00000001.sdmp, nmap-service-probes.0.drString found in binary or memory: http://aluigi.altervista.org/papers.htm#ventrilo
Source: nmap-service-probes.0.drString found in binary or memory: http://any.openlookup.net:5851/
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmpString found in binary or memory: http://apache.org/dav/props/
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp, 3rd-party-licenses.txt.0.drString found in binary or memory: http://apr.apache.org/
Source: nmap-service-probes.0.drString found in binary or memory: http://aqua.comptek.ru
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmpString found in binary or memory: http://avahi.org/ticket/325
Source: nmap-7.80-setup.exe, 00000000.00000002.4757929659.0000000002841000.00000004.00000001.sdmp, nmap-service-probes.0.drString found in binary or memory: http://bfilter.sourceforge.net/
Source: nmap-service-probes.0.drString found in binary or memory: http://bitcoin.org/en/alert/2012-02-18-protocol-change
Source: nmap-service-probes.0.drString found in binary or memory: http://bitlash.net/wiki/bitlashwebserver
Source: nmap-7.80-setup.exe, 00000000.00000002.4757929659.0000000002841000.00000004.00000001.sdmp, nmap-service-probes.0.drString found in binary or memory: http://bittorrent.org/beps/bep_0029.html
Source: nmap-service-probes.0.drString found in binary or memory: http://blog.hekkers.net/2011/06/13/controlling-the-av-receiver/
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp, nmap-service-probes.0.drString found in binary or memory: http://blog.sec-consult.com/2015/05/kcodes-netusb-how-small-taiwanese.html
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmpString found in binary or memory: http://blog.unmaskparasites.com/2009/09/11/dynamic-dns-and-botnet-of-zombie-web-servers/
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmpString found in binary or memory: http://blog.unmaskparasites.com/2009/09/11/dynamic-dns-and-botnet-of-zombie-web-servers/.
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmpString found in binary or memory: http://blog.zoller.lu/2009/05/iis-6-webdac-auth-bypass-and-data.html
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmpString found in binary or memory: http://bugs.proftpd.org/show_bug.cgi?id=3521
Source: nmap-7.80-setup.exe, 00000000.00000002.4757929659.0000000002841000.00000004.00000001.sdmp, nmap-service-probes.0.drString found in binary or memory: http://bukkit.org
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp, zlibwapi.dll.0.drString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp, zlibwapi.dll.0.drString found in binary or memory: http://cacerts.digicert.com/DigiCertEVCodeSigningCA-SHA2.crt0
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp, zlibwapi.dll.0.drString found in binary or memory: http://cacerts.digicert.com/DigiCertHighAssuranceEVRootCA.crt0
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp, zlibwapi.dll.0.drString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDTimestampingCA.crt0
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmpString found in binary or memory: http://calder0n.com/sillyapp/1.php/%27%22/%3E%3Cscript%3Ealert(1)%3C/script%3E
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmpString found in binary or memory: http://calder0n.com/sillyapp/secret/1.php/%27%22/%3E%3Cscript%3Ealert(1)%3C/script%3E
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmpString found in binary or memory: http://calder0n.com/sillyapp/secret/2.php/%27%22/%3E%3Cscript%3Ealert(1)%3C/script%3E
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmpString found in binary or memory: http://calder0n.com/sillyapp/three.php/%27%22/%3E%3Cscript%3Ealert(1)%3C/script%3E
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmpString found in binary or memory: http://capec.mitre.org/data/definitions/274.html
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmpString found in binary or memory: http://cassandra.apache.org/
Source: nmap-service-probes.0.drString found in binary or memory: http://ceph.com/docs/next/dev/network-protocol/
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp, 3rd-party-licenses.txt.0.drString found in binary or memory: http://cgit.freedesktop.org/xorg/xserver/tree/COPYING.
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmpString found in binary or memory: http://code.google.com/apis/safebrowsing/
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmpString found in binary or memory: http://code.google.com/apis/safebrowsing/key_signup.html
Source: nmap-service-probes.0.drString found in binary or memory: http://code.google.com/p/free-android-apps/wiki/Project_LocalHTTPD
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmpString found in binary or memory: http://code.google.com/p/fuzzdb/.
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp, 3rd-party-licenses.txt.0.drString found in binary or memory: http://code.google.com/p/libdnet/
Source: nmap-service-probes.0.drString found in binary or memory: http://code.google.com/p/mongoose/
Source: nmap-service-probes.0.drString found in binary or memory: http://code.google.com/p/unraid-unmenu/
Source: nmap-service-probes.0.drString found in binary or memory: http://code.google.com/p/webfinger/
Source: nmap-service-probes.0.drString found in binary or memory: http://comments.gmane.org/gmane.comp.security.openvas.users/3189
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmpString found in binary or memory: http://comments.gmane.org/gmane.comp.security.openwall.john.user/785):
Source: nmap-service-probes.0.drString found in binary or memory: http://community.landesk.com/support/docs/DOC-1591
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmpString found in binary or memory: http://cr.yp.to/djbdns/axfr-notes.html
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp, zlibwapi.dll.0.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0P
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp, zlibwapi.dll.0.drString found in binary or memory: http://crl3.digicert.com/DigiCertHighAssuranceEVRootCA.crl0
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp, zlibwapi.dll.0.drString found in binary or memory: http://crl3.digicert.com/EVCodeSigningSHA2-g1.crl07
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp, zlibwapi.dll.0.drString found in binary or memory: http://crl3.digicert.com/sha2-assured-ts.crl02
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp, zlibwapi.dll.0.drString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp, zlibwapi.dll.0.drString found in binary or memory: http://crl4.digicert.com/DigiCertHighAssuranceEVRootCA.crl0
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp, zlibwapi.dll.0.drString found in binary or memory: http://crl4.digicert.com/EVCodeSigningSHA2-g1.crl0K
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp, zlibwapi.dll.0.drString found in binary or memory: http://crl4.digicert.com/sha2-assured-ts.crl0
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmpString found in binary or memory: http://css3-mediaqueries-js.googlecode.com/svn/trunk/css3-mediaqueries.js
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmpString found in binary or memory: http://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=CVE-2011-2523
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmpString found in binary or memory: http://cve.mitre.org/cgi-bin/cvename.cgi?name=2012-1823
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmpString found in binary or memory: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3299
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp, http-slowloris-check.nse.0.drString found in binary or memory: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6750
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmpString found in binary or memory: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3922
Source: afp-path-vuln.nse.0.drString found in binary or memory: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0533
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmpString found in binary or memory: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0738
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmpString found in binary or memory: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2333
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmpString found in binary or memory: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0049
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmpString found in binary or memory: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1002
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmpString found in binary or memory: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6271
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmpString found in binary or memory: http://cvedetails.com/cve/2013-0156/
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmpString found in binary or memory: http://cvedetails.com/cve/2014-2126/
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmpString found in binary or memory: http://cvedetails.com/cve/2014-2127/
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmpString found in binary or memory: http://cvedetails.com/cve/2014-2128/
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmpString found in binary or memory: http://cvedetails.com/cve/2014-2129/
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmpString found in binary or memory: http://cwe.mitre.org/data/definitions/601.html.
Source: nmap-service-probes.0.drString found in binary or memory: http://dev.mysql.com/doc/internals/en/connection-phase-packets.html#packet-Protocol::Handshake
Source: nmap-service-probes.0.drString found in binary or memory: http://dev.mysql.com/doc/internals/en/packet-ERR_Packet.html#cs-packet-err-header
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp, bacnet-info.nse.0.drString found in binary or memory: http://digitalbond.com
Source: nmap-service-probes.0.drString found in binary or memory: http://docs.getisymphony.com/display/ISYM28/Status
Source: nmap-service-probes.0.drString found in binary or memory: http://docs.oracle.com/javase/1.5.0/docs/guide/jpda/jdwp-spec.html
Source: nmap-service-probes.0.drString found in binary or memory: http://docs.oracle.com/javase/6/docs/platform/serialization/spec/protocol.html
Source: nmap-service-probes.0.drString found in binary or memory: http://docs.unity3d.com/Documentation/Manual/SecuritySandbox.html
Source: nmap-7.80-setup.exe, 00000000.00000002.4757929659.0000000002841000.00000004.00000001.sdmp, nmap-service-probes.0.drString found in binary or memory: http://documents.opto22.com/1465_OptoMMP_Protocol_Guide.pdf
Source: nmap-service-probes.0.drString found in binary or memory: http://dovecot.procontrol.fi/
Source: nmap-service-probes.0.drString found in binary or memory: http://echelon.pl/pubs/poppassd.html
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmpString found in binary or memory: http://eindbazen.net/2012/05/php-cgi-advisory-cve-2012-1823/
Source: nmap-service-probes.0.drString found in binary or memory: http://epos.ure.cas.cz/
Source: nmap-7.80-setup.exe, 00000000.00000002.4757929659.0000000002841000.00000004.00000001.sdmp, nmap-service-probes.0.drString found in binary or memory: http://erlang.org/doc/apps/erts/erl_dist_protocol.html#id90729
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp, 3rd-party-licenses.txt.0.drString found in binary or memory: http://expat.sourceforge.net/
Source: nmap-7.80-setup.exe, 00000000.00000002.4757929659.0000000002841000.00000004.00000001.sdmp, nmap-service-probes.0.drString found in binary or memory: http://files.dns-sd.org/draft-cheshire-dnsext-dns-sd.txt
Source: nmap-7.80-setup.exe, 00000000.00000002.4757929659.0000000002841000.00000004.00000001.sdmp, nmap-service-probes.0.drString found in binary or memory: http://files.sharpusa.com/Downloads/ForHome/HomeEntertainment/LCDTVs/Manuals/tel_man_LC70LE734U.pdf
Source: nmap-service-probes.0.drString found in binary or memory: http://flightsim.apollo3.com/
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmpString found in binary or memory: http://foo.pl/forms/page.php?param=13
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmpString found in binary or memory: http://foobar.gazonk.se/xss.php?foo=bar&kalle=john
Source: nmap-7.80-setup.exe, 00000000.00000002.4757929659.0000000002841000.00000004.00000001.sdmp, nmap-service-probes.0.drString found in binary or memory: http://foolscap.lothar.com/
Source: nmap-service-probes.0.drString found in binary or memory: http://forum.ragezone.com/f440/guide-mini-setup-1-35-a-494256/
Source: nmap-7.80-setup.exe, 00000000.00000002.4757929659.0000000002841000.00000004.00000001.sdmp, nmap-service-probes.0.drString found in binary or memory: http://freenetproject.org/fcp.html
Source: nmap-service-probes.0.drString found in binary or memory: http://frox.sourceforge.net/
Source: nmap-7.80-setup.exe, 00000000.00000002.4757929659.0000000002841000.00000004.00000001.sdmp, nmap-service-probes.0.drString found in binary or memory: http://ftp.freebsd.org/pub/FreeBSD/distfiles/postgresql/postgresql-$ver.tar.bz2
Source: nmap-7.80-setup.exe, 00000000.00000002.4757929659.0000000002841000.00000004.00000001.sdmp, nmap-service-probes.0.drString found in binary or memory: http://ftp.rge.com/pub/X/X11R5/contrib/xwebster.README
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmpString found in binary or memory: http://fyrmassociates.com/tools.html).
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmpString found in binary or memory: http://ganglia.sourceforge.net/
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp, deluge-rpc-brute.nse.0.drString found in binary or memory: http://git.deluge-torrent.org/deluge/tree/deluge/rencode.py
Source: nmap-7.80-setup.exe, 00000000.00000002.4757929659.0000000002841000.00000004.00000001.sdmp, nmap-service-probes.0.drString found in binary or memory: http://git.haproxy.org/?p=haproxy-1.4.git;a=commitdiff;h=844a7e76d2557364e6d34d00027f2fa514b9d855;hp
Source: nmap-7.80-setup.exe, 00000000.00000002.4757929659.0000000002841000.00000004.00000001.sdmp, nmap-service-probes.0.drString found in binary or memory: http://git.haproxy.org/?p=haproxy-1.5.git;a=commitdiff;h=027a85bb03c5524e62c50e228412d9be403d7f98;hp
Source: nmap-7.80-setup.exe, 00000000.00000002.4757929659.0000000002841000.00000004.00000001.sdmp, nmap-service-probes.0.drString found in binary or memory: http://git.haproxy.org/?p=haproxy-1.5.git;a=commitdiff;h=b301654e237c358e892db32c4ac449b42550d79b;hp
Source: nmap-7.80-setup.exe, 00000000.00000002.4757929659.0000000002841000.00000004.00000001.sdmp, nmap-service-probes.0.drString found in binary or memory: http://git.haproxy.org/?p=haproxy-1.6.git;a=commitdiff;h=108b1dd69d4e26312af465237487bdb855b0de60
Source: nmap-7.80-setup.exe, 00000000.00000002.4757929659.0000000002841000.00000004.00000001.sdmp, nmap-service-probes.0.drString found in binary or memory: http://git.haproxy.org/?p=haproxy.git;a=blob;f=src/proto_http.c
Source: nmap-7.80-setup.exe, 00000000.00000002.4757929659.0000000002841000.00000004.00000001.sdmp, nmap-service-probes.0.drString found in binary or memory: http://git.haproxy.org/?p=haproxy.git;a=commitdiff;h=791d66d3634dde12339d4294aff55a1aed7518e3;hp=b9e
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp, http-git.nse.0.drString found in binary or memory: http://github.com/anotherperson/anotherepo
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp, http-git.nse.0.drString found in binary or memory: http://github.com/someuser/somerepo
Source: nmap-service-probes.0.drString found in binary or memory: http://gmc.yoyogames.com/index.php?showtopic=657080
Source: nmap-7.80-setup.exe, 00000000.00000002.4757929659.0000000002841000.00000004.00000001.sdmp, nmap-service-probes.0.drString found in binary or memory: http://grey-corner.blogspot.com/2010/12/introducing-vulnserver.html
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmpString found in binary or memory: http://gursevkalra.blogspot.com/2013/08/bypassing-same-origin-policy-with-flash.html
Source: nmap-7.80-setup.exe, 00000000.00000002.4757929659.0000000002841000.00000004.00000001.sdmp, nmap-service-probes.0.drString found in binary or memory: http://h20000.www2.hp.com/bc/docs/support/SupportManual/bpl13207/bpl13207.pdf
Source: nmap-7.80-setup.exe, 00000000.00000002.4757929659.0000000002841000.00000004.00000001.sdmp, nmap-service-probes.0.drString found in binary or memory: http://h20000.www2.hp.com/bc/docs/support/SupportManual/bpl13208/bpl13208.pdf
Source: nmap-service-probes.0.drString found in binary or memory: http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=bpj01014
Source: http-slowloris-check.nse.0.drString found in binary or memory: http://ha.ckers.org/slowloris/
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp, http-slowloris-check.nse.0.drString found in binary or memory: http://ha.ckers.org/slowloris/).
Source: nmap-service-probes.0.drString found in binary or memory: http://hackingteam.it/index.php/remote-control-system
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp, http-huawei-hg5xx-vuln.nse.0.drString found in binary or memory: http://hakim.ws).
Source: nmap-service-probes.0.drString found in binary or memory: http://hg.barrelfish.org/file/tip/usr/webserver/
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp, firewall-bypass.nse.0.drString found in binary or memory: http://home.regit.org/2012/03/playing-with-network-layers-to-bypass-firewalls-filtering-policy/
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp, http-apache-server-status.nse.0.drString found in binary or memory: http://httpd.apache.org/docs/2.4/mod/mod_status.html
Source: http-passwd.nse.0.drString found in binary or memory: http://insecure.org/news/P55-01.txt.
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmpString found in binary or memory: http://insecure.org/sploits/Microsoft.frontpage.insecurities.html
Source: nmap-7.80-setup.exe, 00000000.00000002.4757929659.0000000002841000.00000004.00000001.sdmp, nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp, nmap-service-probes.0.drString found in binary or memory: http://int64.org/docs/gamestat-protocols/ase.html
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmpString found in binary or memory: http://ip.robtex.com/.
Source: nmap-service-probes.0.drString found in binary or memory: http://java.decompiler.free.fr/?q=node/626
Source: nmap-service-probes.0.drString found in binary or memory: http://java423.vicp.net:8652/infoserver.central/data/syshbk/collections/TECHNICALINSTRUCTION/1-61-20
Source: nmap-service-probes.0.drString found in binary or memory: http://l2jserver.com/.
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmpString found in binary or memory: http://last-another-life.ru:8080/index.php)
Source: nmap-service-probes.0.drString found in binary or memory: http://lingua.utdallas.edu/encore
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmpString found in binary or memory: http://lua-users.org/wiki/TableUtils
Source: nmap-7.80-setup.exe, 00000000.00000002.4757929659.0000000002841000.00000004.00000001.sdmp, nmap-service-probes.0.drString found in binary or memory: http://mc.kev009.com/Server_List_Ping
Source: nmap-service-probes.0.drString found in binary or memory: http://mldonkey.berlios.de/
Source: nmap-7.80-setup.exe, 00000000.00000002.4757929659.0000000002841000.00000004.00000001.sdmpString found in binary or memory: http://mmonit.com/monit/documentation/monit.html#monit_httpd
Source: nmap-7.80-setup.exe, 00000000.00000002.4757929659.0000000002841000.00000004.00000001.sdmp, nmap-service-probes.0.drString found in binary or memory: http://mumble.sourceforge.net/Protocol.
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp, broadcast-hid-discoveryd.nse.0.drString found in binary or memory: http://nosedookie.blogspot.com/2011/07/identifying-and-querying-hid-vertx.html
Source: nmap-service-probes.0.drString found in binary or memory: http://nsclient.ready2run.nl/
Source: nmap-7.80-setup.exeString found in binary or memory: http://nsis.sf.net/NSIS_Error
Source: nmap-7.80-setup.exeString found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp, zlibwapi.dll.0.drString found in binary or memory: http://ocsp.digicert.com0C
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp, zlibwapi.dll.0.drString found in binary or memory: http://ocsp.digicert.com0H
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp, zlibwapi.dll.0.drString found in binary or memory: http://ocsp.digicert.com0I
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp, zlibwapi.dll.0.drString found in binary or memory: http://ocsp.digicert.com0O
Source: nmap-service-probes.0.drString found in binary or memory: http://olsr.org/?q=txtinfo_plugin
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmpString found in binary or memory: http://ompldr.org/vZGxxaQ
Source: nmap-7.80-setup.exe, 00000000.00000002.4757929659.0000000002841000.00000004.00000001.sdmp, nmap-service-probes.0.drString found in binary or memory: http://outlet.creare.com/rbnb/
Source: nmap-service-probes.0.drString found in binary or memory: http://packages.debian.org/unstable/net/ident2.html
Source: nmap-7.80-setup.exe, 00000000.00000002.4757929659.0000000002841000.00000004.00000001.sdmp, nmap-service-probes.0.drString found in binary or memory: http://packetstormsecurity.com/files/91243/D-Link-DAP-1160-Unauthenticated-Remote-Configuration.html
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmpString found in binary or memory: http://php.net/manual/en/reserved.variables.server.php
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmpString found in binary or memory: http://phpsadness.com/sad/11
Source: nmap-7.80-setup.exe, 00000000.00000002.4757929659.0000000002841000.00000004.00000001.sdmp, nmap-service-probes.0.drString found in binary or memory: http://plcremote.net/143-2/
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmpString found in binary or memory: http://purenetworks.com/HNAP1/GetDeviceSettings
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmpString found in binary or memory: http://purenetworks.com/HNAP1/GetDeviceSettings2
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmpString found in binary or memory: http://purenetworks.com/HNAP1/IsDeviceReady
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmpString found in binary or memory: http://purenetworks.com/HNAP1/SetDeviceSettings
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmpString found in binary or memory: http://purenetworks.com/HNAP1/SetDeviceSettings2
Source: nmap-service-probes.0.drString found in binary or memory: http://radiothermostat.com/documents/RTCOAWiFIAPIV1_3.pdf
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmpString found in binary or memory: http://reports.fb.com/hpkp/
Source: nmap-service-probes.0.drString found in binary or memory: http://rfc.zeromq.org/spec:15
Source: http-huawei-hg5xx-vuln.nse.0.drString found in binary or memory: http://routerpwn.com/#huawei
Source: nmap-service-probes.0.drString found in binary or memory: http://rrp.rom.org/
Source: nmap-7.80-setup.exe, 00000000.00000002.4757929659.0000000002841000.00000004.00000001.sdmpString found in binary or memory: http://rsync.samba.org
Source: nmap-os-db.0.drString found in binary or memory: http://s2soft.com/boundless/anetterm.html
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmpString found in binary or memory: http://s3.amazonaws.com/alexa-static/top-1m.csv.zip
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmpString found in binary or memory: http://scanme.insecure.org)
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmpString found in binary or memory: http://scanme.nmap.org/
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmpString found in binary or memory: http://scanme.nmap.org/shared/css/insecdb.css
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmpString found in binary or memory: http://scanme.nmap.org:80/
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmpString found in binary or memory: http://scarybeastsecurity.blogspot.com/2011/07/alert-vsftpd-download-backdoored.html
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmpString found in binary or memory: http://seclists.org/fulldisclosure/2009/May/att-134/IIS_Advisory_pdf.bin
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmpString found in binary or memory: http://seclists.org/fulldisclosure/2010/Oct/119
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmpString found in binary or memory: http://seclists.org/fulldisclosure/2010/Oct/119.
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmpString found in binary or memory: http://seclists.org/nmap-dev/2009/q3/0685.html).
Source: nmap-7.80-setup.exe, 00000000.00000002.4757929659.0000000002841000.00000004.00000001.sdmp, nmap-service-probes.0.drString found in binary or memory: http://seclists.org/nmap-dev/2010/q1/456
Source: nmap-7.80-setup.exe, 00000000.00000002.4757929659.0000000002841000.00000004.00000001.sdmp, nmap-service-probes.0.drString found in binary or memory: http://seclists.org/nmap-dev/2010/q2/465
Source: nmap-7.80-setup.exe, 00000000.00000002.4757929659.0000000002841000.00000004.00000001.sdmp, nmap-service-probes.0.drString found in binary or memory: http://seclists.org/nmap-dev/2010/q2/753
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmpString found in binary or memory: http://seclists.org/nmap-dev/2010/q4/401
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmpString found in binary or memory: http://seclists.org/nmap-dev/2010/q4/445
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmpString found in binary or memory: http://seclists.org/nmap-dev/2010/q4/518
Source: nmap-7.80-setup.exe, 00000000.00000002.4757929659.0000000002841000.00000004.00000001.sdmp, nmap-service-probes.0.drString found in binary or memory: http://seclists.org/nmap-dev/2012/q2/971
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmpString found in binary or memory: http://seclists.org/nmap-dev/2012/q3/903.
Source: nmap-7.80-setup.exe, 00000000.00000002.4757929659.0000000002841000.00000004.00000001.sdmp, nmap-service-probes.0.drString found in binary or memory: http://seclists.org/nmap-dev/2013/q1/360
Source: nmap-7.80-setup.exe, 00000000.00000002.4757929659.0000000002841000.00000004.00000001.sdmp, nmap-service-probes.0.drString found in binary or memory: http://seclists.org/nmap-dev/2013/q2/413
Source: nmap-7.80-setup.exe, 00000000.00000002.4757929659.0000000002841000.00000004.00000001.sdmp, nmap-service-probes.0.drString found in binary or memory: http://seclists.org/nmap-dev/2013/q2/7
Source: nmap-7.80-setup.exe, 00000000.00000002.4757929659.0000000002841000.00000004.00000001.sdmp, nmap-service-probes.0.drString found in binary or memory: http://seclists.org/nmap-dev/2013/q3/72
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmpString found in binary or memory: http://seclists.org/nmap-dev/2013/q4/292
Source: nmap-7.80-setup.exe, 00000000.00000002.4757929659.0000000002841000.00000004.00000001.sdmp, nmap-service-probes.0.drString found in binary or memory: http://seclists.org/nmap-dev/2015/q2/47
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmpString found in binary or memory: http://seclists.org/oss-sec/2014/q3/685
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmpString found in binary or memory: http://security.freebsd.org/advisories/FreeBSD-SA-10:05.opie.asc
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmpString found in binary or memory: http://sethsec.blogspot.com/2014/03/exploiting-misconfigured-crossdomainxml.html
Source: nmap-service-probes.0.drString found in binary or memory: http://sf.net/projects/apmud
Source: nmap-7.80-setup.exe, 00000000.00000002.4757929659.0000000002841000.00000004.00000001.sdmp, nmap-service-probes.0.drString found in binary or memory: http://sh0dan.org/oldfiles/hackingcitrix.html
Source: nmap-service-probes.0.drString found in binary or memory: http://shrubbery.mynetgear.net/c/display/W/JBoss
Source: nmap-7.80-setup.exe, 00000000.00000002.4757929659.0000000002841000.00000004.00000001.sdmpString found in binary or memory: http://silcnet.org
Source: nmap-service-probes.0.drString found in binary or memory: http://simp.mitre.org/drafts/antp.html
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmpString found in binary or memory: http://site.pi3.com.pl/adv/libopie-adv.txt
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmpString found in binary or memory: http://software-security.sans.org/blog/2011/05/02/spot-vuln-percentage
Source: nmap-service-probes.0.drString found in binary or memory: http://solutions.3m.com/wps/portal/3M/en_US/library/home/resources/protocols/
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmpString found in binary or memory: http://some-random-page.com/admin/
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmpString found in binary or memory: http://some-random-page.com/foo.html
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmpString found in binary or memory: http://some-random-page.com/p.php
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmpString found in binary or memory: http://some-very-random-page.com/foo.html
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmpString found in binary or memory: http://some-very-random-page.com:80/
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmpString found in binary or memory: http://soroush.secproject.com/downloadable/microsoft_iis_tilde_character_vulnerability_feature.pdf
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp, nmap-service-probes.0.drString found in binary or memory: http://sourceforge.net/projects/gameq/
Source: nmap-service-probes.0.drString found in binary or memory: http://sourceforge.net/projects/open-ftpd/
Source: nmap-service-probes.0.drString found in binary or memory: http://srv.nease.net/
Source: nmap-7.80-setup.exe, 00000000.00000002.4757929659.0000000002841000.00000004.00000001.sdmp, nmap-service-probes.0.drString found in binary or memory: http://staff.science.uva.nl/~arnoud/activities/NaoIntro/ConnectLantronix.c
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp, 3rd-party-licenses.txt.0.drString found in binary or memory: http://subversion.apache.org/
Source: nmap-service-probes.0.drString found in binary or memory: http://supercluster.org/maui
Source: nmap-service-probes.0.drString found in binary or memory: http://supercluster.org/torque
Source: afp-path-vuln.nse.0.drString found in binary or memory: http://support.apple.com/kb/HT1222
Source: nmap-os-db.0.drString found in binary or memory: http://support.apple.com/kb/HT4448
Source: nmap-7.80-setup.exe, 00000000.00000002.4757929659.0000000002841000.00000004.00000001.sdmp, nmap-service-probes.0.drString found in binary or memory: http://support.apple.com/kb/ts1629
Source: nmap-7.80-setup.exe, 00000000.00000002.4757929659.0000000002841000.00000004.00000001.sdmpString found in binary or memory: http://support.code42.com/CrashPlan/Latest/Configuring/Network#Networking_FAQs
Source: nmap-service-probes.0.drString found in binary or memory: http://support.lexmark.com/index?page=content&id=FA642
Source: nmap-service-probes.0.drString found in binary or memory: http://support.nuuo.com/mediawiki/index.php/Remote_desktop
Source: nmap-7.80-setup.exe, 00000000.00000002.4757929659.0000000002841000.00000004.00000001.sdmp, nmap-service-probes.0.drString found in binary or memory: http://svn.dd-wrt.com:8000/dd-wrt/browser/src/router/httpd/httpd.c
Source: nmap-7.80-setup.exe, 00000000.00000002.4757929659.0000000002841000.00000004.00000001.sdmp, nmap-service-probes.0.drString found in binary or memory: http://svn.icculus.org/twilight/trunk/dpmaster/doc/techinfo.txt?view=markup
Source: nmap-service-probes.0.drString found in binary or memory: http://titanfiesta.googlecode.com/svn/trunk/TitanFiesta/Common/XorTable.h.
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmpString found in binary or memory: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140409-asa
Source: http-rfi-spider.nse.0.drString found in binary or memory: http://tools.ietf.org/html/rfc13?
Source: nmap-service-probes.0.drString found in binary or memory: http://tools.ietf.org/html/rfc2748#section-2.1
Source: nmap-service-probes.0.drString found in binary or memory: http://udk.openoffice.org/common/man/spec/urp.html
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp, http-huawei-hg5xx-vuln.nse.0.drString found in binary or memory: http://underground.org.mx)
Source: nmap-7.80-setup.exe, 00000000.00000002.4757929659.0000000002841000.00000004.00000001.sdmp, nmap-service-probes.0.drString found in binary or memory: http://web.cip.com.br/flaviovs/boproto.html
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmpString found in binary or memory: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2001-1013.
Source: http-huawei-hg5xx-vuln.nse.0.drString found in binary or memory: http://websec.ca/advisories/view/Huawei-HG520c-3.10.18.x-information-disclosure
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmpString found in binary or memory: http://websec.ca/advisories/view/path-traversal-vulnerability-tplink-wdr740
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmpString found in binary or memory: http://websec.ca/advisories/view/xss-vulnerabilities-mantisbt-1.2.x
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp, http-trane-info.nse.0.drString found in binary or memory: http://websec.mx/publicacion/blog/Scripts-de-Nmap-para-Trane-Tracer-SC-HVAC
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmpString found in binary or memory: http://wiki.apache.org/couchdb/HTTP_database_API.
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmpString found in binary or memory: http://wiki.apache.org/couchdb/Runtime_Statistics
Source: nmap-7.80-setup.exe, 00000000.00000002.4757929659.0000000002841000.00000004.00000001.sdmp, nmap-service-probes.0.drString found in binary or memory: http://wiki.gnashdev.org/RTMP
Source: nmap-7.80-setup.exe, 00000000.00000002.4757929659.0000000002841000.00000004.00000001.sdmp, nmap-service-probes.0.drString found in binary or memory: http://wiki.slimdevices.com/index.php/CLI
Source: nmap-7.80-setup.exe, 00000000.00000002.4757929659.0000000002841000.00000004.00000001.sdmp, nmap-service-probes.0.drString found in binary or memory: http://wiki.vg/Pocket_Minecraft_Protocol#ID_UNCONNECTED_PING_OPEN_CONNECTIONS_.280x1C.29
Source: nmap-7.80-setup.exe, 00000000.00000002.4757929659.0000000002841000.00000004.00000001.sdmp, nmap-service-probes.0.drString found in binary or memory: http://wiki.vuze.com/w/Distributed_hash_table#PING
Source: nmap-7.80-setup.exe, 00000000.00000002.4757929659.0000000002841000.00000004.00000001.sdmp, nmap-service-probes.0.drString found in binary or memory: http://wiki.wireshark.org/TeamSpeak2
Source: nmap-service-probes.0.drString found in binary or memory: http://wiki.yobi.be/wiki/Belgian_eID
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmpString found in binary or memory: http://www-01.ibm.com/support/docview.wss?rs=463&uid=swg21248026
Source: nmap-7.80-setup.exe, 00000000.00000002.4757929659.0000000002841000.00000004.00000001.sdmp, nmap-service-probes.0.drString found in binary or memory: http://www-01.ibm.com/support/knowledgecenter/SSLTBW_2.1.0/com.ibm.zos.v2r1.hasa600/init.htm
Source: nmap-service-probes.0.drString found in binary or memory: http://www-912.ibm.com/s_dir/slkbase.NSF/0/387a6235643483f186256fee005d4c2c
Source: nmap-7.80-setup.exe, 00000000.00000002.4757929659.0000000002841000.00000004.00000001.sdmp, nmap-service-probes.0.drString found in binary or memory: http://www.01tech.com/
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmpString found in binary or memory: http://www.0php.com/php_easter_egg.php.
Source: nmap-service-probes.0.drString found in binary or memory: http://www.3w.net/lan/faq.html
Source: nmap-os-db.0.drString found in binary or memory: http://www.a-tecsubsystem.com/websys/atec/web/products.jsp?prodId=1191910612953
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmpString found in binary or memory: http://www.acarsd.org/
Source: nmap-service-probes.0.drString found in binary or memory: http://www.adaptivecomputing.com/blog-hpc/torque-protocols/
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp, http-traceroute.nse.0.drString found in binary or memory: http://www.agarri.fr/kom/archives/2011/11/12/traceroute-like_http_scanner/index.html
Source: nmap-os-db.0.drString found in binary or memory: http://www.amx.com/products/AVB-RX-DXLINK-HDMI.asp
Source: nmap-os-db.0.drString found in binary or memory: http://www.amx.com/products/NI-3100.asp
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp, 3rd-party-licenses.txt.0.drString found in binary or memory: http://www.apache.org/licenses/
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp, 3rd-party-licenses.txt.0.drString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: nmap-7.80-setup.exe, 00000000.00000002.4757929659.0000000002841000.00000004.00000001.sdmp, nmap-service-probes.0.drString found in binary or memory: http://www.apcupsd.com/
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmpString found in binary or memory: http://www.asciitable.com/
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp, bacnet-info.nse.0.drString found in binary or memory: http://www.bacnet.org/VendorID/BACnet%20Vendor%20IDs.htm
Source: nmap-os-db.0.drString found in binary or memory: http://www.beaconmedaes.com
Source: nmap-os-db.0.drString found in binary or memory: http://www.beatpro.dk
Source: nmap-os-db.0.drString found in binary or memory: http://www.beck-ipc.com/en/products/index.asp
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmpString found in binary or memory: http://www.benjamin-erb.de
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmpString found in binary or memory: http://www.benjamin-erb.de/nmap_xsl.php
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp, hostmap-bfk.nse.0.drString found in binary or memory: http://www.bfk.de/bfk_dnslogger.html.
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmpString found in binary or memory: http://www.blackhatacademy.org/security101/Cold_Fusion_Hacking
Source: nmap-service-probes.0.drString found in binary or memory: http://www.brainz.co.kr/product/infra_05.php
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmpString found in binary or memory: http://www.broadband-forum.org/ftp/pub/approved-specs/af-saa-0069.000.pdf
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp, 3rd-party-licenses.txt.0.drString found in binary or memory: http://www.bzip.org/
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp, 3rd-party-licenses.txt.0.drString found in binary or memory: http://www.cairographics.org/
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmpString found in binary or memory: http://www.cakephp.org/.
Source: nmap-service-probes.0.drString found in binary or memory: http://www.citynet.ru/citynet-sv.3
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp, http-open-proxy.nse.0.drString found in binary or memory: http://www.computerhistory.org
Source: nmap-7.80-setup.exe, 00000000.00000002.4757929659.0000000002841000.00000004.00000001.sdmp, nmap-service-probes.0.drString found in binary or memory: http://www.computerpokercompetition.org/
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmpString found in binary or memory: http://www.contextis.com/research/blog/reverseproxybypass/
Source: nmap-7.80-setup.exe, 00000000.00000002.4757929659.0000000002841000.00000004.00000001.sdmp, nmap-service-probes.0.drString found in binary or memory: http://www.corepointhealth.com/resource-center/hl7-resources/mlp-minimum-layer-protocol
Source: afp-path-vuln.nse.0.drString found in binary or memory: http://www.cqure.net/wp/2010/03/detecting-apple-mac-os-x-afp-vulnerability-cve-2010-0533-with-nmap
Source: nmap-7.80-setup.exe, 00000000.00000002.4757929659.0000000002841000.00000004.00000001.sdmp, nmap-service-probes.0.drString found in binary or memory: http://www.crossmatch.com/products_singlescan_vE.html)
Source: nmap-7.80-setup.exe, 00000000.00000002.4757929659.0000000002841000.00000004.00000001.sdmp, nmap-service-probes.0.drString found in binary or memory: http://www.crynwr.com/crynwr/rfc1035/rfc1035.html
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp, 3rd-party-licenses.txt.0.drString found in binary or memory: http://www.csie.ntu.edu.tw/~cjlin/liblinear/
Source: nmap-7.80-setup.exe, 00000000.00000002.4757929659.0000000002841000.00000004.00000001.sdmpString found in binary or memory: http://www.cups.org
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmpString found in binary or memory: http://www.devttys0.com/2013/10/reverse-engineering-a-d-link-backdoor/
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp, zlibwapi.dll.0.drString found in binary or memory: http://www.digicert.com/ssl-cps-repository.htm0
Source: nmap-service-probes.0.drString found in binary or memory: http://www.ducea.com/2008/11/24/drac-ip-port-numbers/.
Source: nmap-os-db.0.drString found in binary or memory: http://www.ecoscentric.com/ecos/examples.shtml
Source: nmap-service-probes.0.drString found in binary or memory: http://www.erlang.org/doc/man/inets.html
Source: nmap-service-probes.0.drString found in binary or memory: http://www.eterlogic.com/Products.VSPE.html
Source: nmap-7.80-setup.exe, 00000000.00000002.4757929659.0000000002841000.00000004.00000001.sdmp, nmap-service-probes.0.drString found in binary or memory: http://www.everyhue.com/vanilla/discussion/112/other-open-ports-on-the-bridge/p1
Source: nmap-service-probes.0.drString found in binary or memory: http://www.ex-parrot.com/~chris/tpop3d/
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmpString found in binary or memory: http://www.exploit-db.com/exploits/1244/
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmpString found in binary or memory: http://www.exploit-db.com/exploits/13850/
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmpString found in binary or memory: http://www.exploit-db.com/exploits/15130/
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmpString found in binary or memory: http://www.exploit-db.com/exploits/15449/
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmpString found in binary or memory: http://www.exploit-db.com/exploits/16103/
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmpString found in binary or memory: http://www.exploit-db.com/exploits/17324/
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmpString found in binary or memory: http://www.exploit-db.com/exploits/1997/
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmpString found in binary or memory: http://www.exploit-db.com/exploits/30085/
Source: nmap-service-probes.0.drString found in binary or memory: http://www.fastpath.it/products/palantir/index.php
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmpString found in binary or memory: http://www.feross.org/cmsploit/.
Source: nmap-7.80-setup.exe, 00000000.00000002.4757929659.0000000002841000.00000004.00000001.sdmpString found in binary or memory: http://www.filemaker.com/ti/104289.html
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp, 3rd-party-licenses.txt.0.drString found in binary or memory: http://www.fontconfig.org/
Source: nmap-service-probes.0.drString found in binary or memory: http://www.foxgate.ua/downloads/FoxGate%20S6224-S2%20user%20manual.pdf
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp, 3rd-party-licenses.txt.0.drString found in binary or memory: http://www.freetype.org
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp, 3rd-party-licenses.txt.0.drString found in binary or memory: http://www.freetype.org/
Source: nmap-service-probes.0.drString found in binary or memory: http://www.frozen-bubble.org/servers/servers.php
Source: nmap-7.80-setup.exe, 00000000.00000002.4757929659.0000000002841000.00000004.00000001.sdmp, nmap-service-probes.0.drString found in binary or memory: http://www.fukt.bth.se/~per/identd
Source: nmap-service-probes.0.drString found in binary or memory: http://www.galaxysys.com/data/docs/SG%20Software%20User%20Guide%20%2810.4%29.pdf
Source: nmap-7.80-setup.exe, 00000000.00000002.4757929659.0000000002841000.00000004.00000001.sdmp, nmap-service-probes.0.drString found in binary or memory: http://www.gdsatcom.com/cte_r8000b.php
Source: nmap-service-probes.0.drString found in binary or memory: http://www.getingeasia.com/products/healthcare-products/traceability-asset-management/t-doc-2000
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp, 3rd-party-licenses.txt.0.drString found in binary or memory: http://www.gnu.org/software/gettext/
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp, 3rd-party-licenses.txt.0.drString found in binary or memory: http://www.gnu.org/software/libiconv/
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp, http-open-proxy.nse.0.drString found in binary or memory: http://www.google.com
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp, 3rd-party-licenses.txt.0.drString found in binary or memory: http://www.gtk.org/
Source: nmap-7.80-setup.exe, 00000000.00000002.4757929659.0000000002841000.00000004.00000001.sdmp, nmap-service-probes.0.drString found in binary or memory: http://www.hazelcast.com/
Source: nmap-7.80-setup.exe, 00000000.00000002.4757929659.0000000002841000.00000004.00000001.sdmp, nmap-service-probes.0.drString found in binary or memory: http://www.iana.org/assignments/enterprise-numbers
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp, broadcast-igmp-discovery.nse.0.drString found in binary or memory: http://www.iana.org/assignments/multicast-addresses/multicast-addresses.xml
Source: nmap-protocols.0.drString found in binary or memory: http://www.iana.org/assignments/protocol-numbers
Source: nmap-7.80-setup.exe, 00000000.00000002.4757929659.0000000002841000.00000004.00000001.sdmp, nmap-service-probes.0.drString found in binary or memory: http://www.ibm.com/developerworks/systems/library/es-nweb/index.html
Source: nmap-7.80-setup.exe, 00000000.00000002.4757929659.0000000002841000.00000004.00000001.sdmp, nmap-service-probes.0.drString found in binary or memory: http://www.icbevr.com/ibank/ibank2/
Source: nmap-service-probes.0.drString found in binary or memory: http://www.ietf.org/internet-drafts/draft-martin-managesieve-04.txt
Source: nmap-service-probes.0.drString found in binary or memory: http://www.ietf.org/rfc/rfc3080.txt
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmpString found in binary or memory: http://www.ietf.org/rfc/rfc4892.txt
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmpString found in binary or memory: http://www.ietf.org/rfc/rfc5001.txt
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp, 3rd-party-licenses.txt.0.drString found in binary or memory: http://www.ijg.org/
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmpString found in binary or memory: http://www.imperva.com/resources/glossary/http_verb_tampering.html
Source: nmap-7.80-setup.exe, 00000000.00000002.4757929659.0000000002841000.00000004.00000001.sdmpString found in binary or memory: http://www.inside-security.de/fw1_rdp_poc.html
Source: nmap-service-probes.0.drString found in binary or memory: http://www.jabaco.org/board/p2043-orpg-in-jabaco-applet.html#post2043
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp, http-exif-spider.nse.0.drString found in binary or memory: http://www.javaop.com/Nationalmuseum.jpg
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp, http-exif-spider.nse.0.drString found in binary or memory: http://www.javaop.com/topleft.jpg
Source: nmap-7.80-setup.exe, 00000000.00000002.4757929659.0000000002841000.00000004.00000001.sdmp, nmap-service-probes.0.drString found in binary or memory: http://www.kb.cert.org/vuls/id/154421
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmpString found in binary or memory: http://www.kb.cert.org/vuls/id/787932
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp, 3rd-party-licenses.txt.0.drString found in binary or memory: http://www.libpng.org/
Source: nmap-7.80-setup.exe, 00000000.00000002.4757929659.0000000002841000.00000004.00000001.sdmp, nmap-service-probes.0.drString found in binary or memory: http://www.librelp.com/relp.html
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp, 3rd-party-licenses.txt.0.drString found in binary or memory: http://www.libtiff.org/
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp, 3rd-party-licenses.txt.0.drString found in binary or memory: http://www.lua.org/
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp, 3rd-party-licenses.txt.0.drString found in binary or memory: http://www.macports.org/
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmpString found in binary or memory: http://www.macromedia.com/2005/amfx
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp, http-drupal-enum-users.nse.0.drString found in binary or memory: http://www.madirish.net/node/465
Source: nmap-service-probes.0.drString found in binary or memory: http://www.marss.eu/app/
Source: nmap-service-probes.0.drString found in binary or memory: http://www.masnun.com/2014/02/23/using-phpstorm-from-command-line.html
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmpString found in binary or memory: http://www.metasploit.com/modules/exploit/freebsd/ftp/proftp_telnet_iac
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmpString found in binary or memory: http://www.mj2.org/
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmpString found in binary or memory: http://www.mkit.com.ar/labs/htexploit/
Source: nmap-7.80-setup.exe, 00000000.00000002.4757929659.0000000002841000.00000004.00000001.sdmp, nmap-service-probes.0.drString found in binary or memory: http://www.mobilemouse.com/
Source: nmap-service-probes.0.drString found in binary or memory: http://www.monetdb.org/Documentation/monetdbd
Source: nmap-7.80-setup.exe, 00000000.00000002.4757929659.0000000002841000.00000004.00000001.sdmp, nmap-service-probes.0.drString found in binary or memory: http://www.mongodb.org/display/DOCS/Mongo
Source: nmap-service-probes.0.drString found in binary or memory: http://www.monkeyz.eu/projects/netsoul_spec.txt
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmpString found in binary or memory: http://www.mozilla.org/MPL/
Source: nmap-service-probes.0.drString found in binary or memory: http://www.nazgul.ch/dev_nostromo.html
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp, 3rd-party-licenses.txt.0.drString found in binary or memory: http://www.opensource.org/licenses/mit-license.php
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp, 3rd-party-licenses.txt.0.drString found in binary or memory: http://www.openssl.org/
Source: 3rd-party-licenses.txt.0.drString found in binary or memory: http://www.openssl.org/)
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp, libeay32.dll.0.drString found in binary or memory: http://www.openssl.org/V
Source: libeay32.dll.0.drString found in binary or memory: http://www.openssl.org/support/faq.html
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmpString found in binary or memory: http://www.openwall.com/lists/oss-security/2014/09/24/10
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp, ajp-methods.nse.0.drString found in binary or memory: http://www.owasp.org/index.php/Testing_for_HTTP_Methods_and_XST_%28OWASP-CM-008%29
Source: nmap-service-probes.0.drString found in binary or memory: http://www.papouch.com/shop/scripts/soft/tmedotnet/readme.asp
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp, 3rd-party-licenses.txt.0.drString found in binary or memory: http://www.pcre.org/
Source: nmap-7.80-setup.exe, 00000000.00000002.4757929659.0000000002841000.00000004.00000001.sdmp, nmap-service-probes.0.drString found in binary or memory: http://www.phy.duke.edu/~rgb/brahma/Resources/xmlsysd.php
Source: nmap-service-probes.0.drString found in binary or memory: http://www.postcastserver.com/
Source: nmap-7.80-setup.exe, 00000000.00000002.4757929659.0000000002841000.00000004.00000001.sdmp, nmap-service-probes.0.drString found in binary or memory: http://www.privoxy.org
Source: nmap-service-probes.0.drString found in binary or memory: http://www.psc.edu/index.php/hpn-ssh
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp, 3rd-party-licenses.txt.0.drString found in binary or memory: http://www.pygtk.org/
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp, 3rd-party-licenses.txt.0.drString found in binary or memory: http://www.python.org/
Source: nmap-service-probes.0.drString found in binary or memory: http://www.qosient.com/argus/
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmpString found in binary or memory: http://www.rabbitmq.com/
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmpString found in binary or memory: http://www.rabbitmq.com/extensions.html
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmpString found in binary or memory: http://www.rapid7.com/db/modules/auxiliary/admin/webmin/file_disclosure
Source: nmap-7.80-setup.exe, 00000000.00000002.4757929659.0000000002841000.00000004.00000001.sdmp, nmap-service-probes.0.drString found in binary or memory: http://www.rfc-editor.org/rfc/rfc1035.txt
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmpString found in binary or memory: http://www.robtex.com/dns/.
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmpString found in binary or memory: http://www.security-assessment.com/files/advisories/2010-02-22_Multiple_Adobe_Products-XML_External_
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmpString found in binary or memory: http://www.securityfocus.com/bid/37351
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmpString found in binary or memory: http://www.securityfocus.com/bid/70595
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmpString found in binary or memory: http://www.skullsecurity.org/blog/?p=271
Source: nmap-7.80-setup.exe, 00000000.00000002.4757929659.0000000002841000.00000004.00000001.sdmp, nmap-service-probes.0.drString found in binary or memory: http://www.slimdevices.com
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp, http-feed.nse.0.drString found in binary or memory: http://www.some-random-page.com/2011/11/20/feed/
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp, http-feed.nse.0.drString found in binary or memory: http://www.some-random-page.com/2011/12/04/feed/
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp, http-feed.nse.0.drString found in binary or memory: http://www.some-random-page.com/category/animalsfeed/
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp, http-feed.nse.0.drString found in binary or memory: http://www.some-random-page.com/comments/feed/
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp, http-feed.nse.0.drString found in binary or memory: http://www.some-random-page.com/feed/
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmpString found in binary or memory: http://www.sorbs.net/lookup.shtml?1.2.3.4
Source: nmap-service-probes.0.drString found in binary or memory: http://www.space-walrus.com/games/Minebuilder
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp, 3rd-party-licenses.txt.0.drString found in binary or memory: http://www.sqlite.org/
Source: nmap-service-probes.0.drString found in binary or memory: http://www.st.rim.or.jp/~nakata/
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp, daap-get-library.nse.0.drString found in binary or memory: http://www.tapjam.net/daap/.
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp, 3rd-party-licenses.txt.0.drString found in binary or memory: http://www.tcpdump.org/
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmpString found in binary or memory: http://www.team-cymru.org/Services/ip-to-asn.html#dns.
Source: nmap-7.80-setup.exe, 00000000.00000002.4757929659.0000000002841000.00000004.00000001.sdmpString found in binary or memory: http://www.teamviewer.com/en/help/334-Which-ports-are-used-by-TeamViewer.aspx
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp, broadcast-tellstick-discover.nse.0.drString found in binary or memory: http://www.telldus.com/
Source: nmap-service-probes.0.drString found in binary or memory: http://www.tmail.spb.ru/index-19.htm
Source: nmap-service-probes.0.drString found in binary or memory: http://www.tty1.net/smtp-survey/measurement_en.html
Source: nmap-service-probes.0.drString found in binary or memory: http://www.ubicom.com/home.htm
Source: nmap-7.80-setup.exe, 00000000.00000002.4757929659.0000000002841000.00000004.00000001.sdmp, nmap-service-probes.0.drString found in binary or memory: http://www.usefulutilities.com
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmpString found in binary or memory: http://www.virustotal.com
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmpString found in binary or memory: http://www.webappsec.org/projects/articles/071105.shtml
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp, zlibwapi.dll.0.drString found in binary or memory: http://www.winimage.com/zLibDll
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp, zlibwapi.dll.0.drString found in binary or memory: http://www.winimage.com/zLibDll0s
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp, 3rd-party-licenses.txt.0.drString found in binary or memory: http://www.winpcap.org/
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp, 3rd-party-licenses.txt.0.drString found in binary or memory: http://www.winpcap.org/misc/copyright.htm.
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp, http-apache-negotiation.nse.0.drString found in binary or memory: http://www.wisec.it/sectou.php?id=4698ebdc59d15
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp, 3rd-party-licenses.txt.0.drString found in binary or memory: http://www.x.org/
Source: nmap-7.80-setup.exe, 00000000.00000002.4757929659.0000000002841000.00000004.00000001.sdmp, nmap-service-probes.0.drString found in binary or memory: http://www.zerodayinitiative.com/advisories/ZDI-11-113/
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp, 3rd-party-licenses.txt.0.drString found in binary or memory: http://www.zlib.org/
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmpString found in binary or memory: http://www.zytrax.com/books/dns/
Source: nmap-service-probes.0.drString found in binary or memory: http://xaxxon.slackworks.com/ehs/
Source: nmap-7.80-setup.exe, 00000000.00000002.4757929659.0000000002841000.00000004.00000001.sdmp, nmap-service-probes.0.drString found in binary or memory: http://xbtt.sourceforge.net/udp_tracker_protocol.html
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp, 3rd-party-licenses.txt.0.drString found in binary or memory: http://xmlsoft.org/
Source: nmap-7.80-setup.exe, 00000000.00000002.4757929659.0000000002841000.00000004.00000001.sdmp, nmap-service-probes.0.drString found in binary or memory: https://android.googlesource.com/platform/system/core/
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmpString found in binary or memory: https://antoniovazquezblanco.github.io/docs/advisories/Advisory_RomPagerXSS.pdf
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp, bitcoinrpc-info.nse.0.drString found in binary or memory: https://bitcointalk.org/?topic=1327.0
Source: nmap-service-probes.0.drString found in binary or memory: https://bitcointalk.org/index.php?topic=55852.0
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp, http-apache-server-status.nse.0.drString found in binary or memory: https://blog.sucuri.net/2012/10/popular-sites-with-apache-server-status-enabled.html
Source: nmap-7.80-setup.exe, 00000000.00000002.4757929659.0000000002841000.00000004.00000001.sdmp, nmap-service-probes.0.drString found in binary or memory: https://bugs.torproject.org/16861
Source: nmap-7.80-setup.exe, 00000000.00000002.4757929659.0000000002841000.00000004.00000001.sdmp, nmap-service-probes.0.drString found in binary or memory: https://bugs.torproject.org/7351
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmpString found in binary or memory: https://bugzilla.clamav.net/show_bug.cgi?id=11585
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmpString found in binary or memory: https://code.google.com/p/domxsswiki/wiki/LocationSources
Source: nmap-service-probes.0.drString found in binary or memory: https://community.oracle.com/thread/1906656?start=0&tstart=0
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp, http-slowloris-check.nse.0.drString found in binary or memory: https://community.qualys.com/blogs/securitylabs/2011/07/07/identifying-slow-http-attack-vulnerabilit
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmpString found in binary or memory: https://community.rapid7.com/community/metasploit/blog/2013/01/10/exploiting-ruby-on-rails-with-meta
Source: nmap-7.80-setup.exe, 00000000.00000002.4757929659.0000000002841000.00000004.00000001.sdmp, nmap-service-probes.0.drString found in binary or memory: https://community.rapid7.com/docs/DOC-1516
Source: nmap-7.80-setup.exe, 00000000.00000002.4757929659.0000000002841000.00000004.00000001.sdmp, nmap-service-probes.0.drString found in binary or memory: https://computing.llnl.gov/linux/slurm/
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmpString found in binary or memory: https://cr.yp.to/ftp/syst.html
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmpString found in binary or memory: https://crt.sh).
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmpString found in binary or memory: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-2687
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmpString found in binary or memory: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1938
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmpString found in binary or memory: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4221
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmpString found in binary or memory: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2523
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmpString found in binary or memory: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3192
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmpString found in binary or memory: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3368
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmpString found in binary or memory: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7169
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmpString found in binary or memory: https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2861
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmpString found in binary or memory: https://developer.jboss.org/wiki/Mod-ClusterManagementProtocol
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmpString found in binary or memory: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmpString found in binary or memory: https://distcc.github.io/security.html
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmpString found in binary or memory: https://dnscurve.org/nsec3walker.html
Source: nmap-7.80-setup.exe, 00000000.00000002.4757929659.0000000002841000.00000004.00000001.sdmp, nmap-service-probes.0.drString found in binary or memory: https://docs.docker.com/reference/api/docker_remote_api/
Source: nmap-service-probes.0.drString found in binary or memory: https://docs.oracle.com/javase/6/docs/platform/serialization/spec/protocol.html
Source: nmap-7.80-setup.exe, 00000000.00000002.4757929659.0000000002841000.00000004.00000001.sdmp, nmap-service-probes.0.drString found in binary or memory: https://docs.oracle.com/javase/9/docs/specs/rmi/protocol.html
Source: nmap-service-probes.0.drString found in binary or memory: https://en.bitcoin.it/wiki/BIP_0014
Source: nmap-service-probes.0.drString found in binary or memory: https://en.bitcoin.it/wiki/BIP_0037#Extensions_to_existing_messages
Source: nmap-service-probes.0.drString found in binary or memory: https://en.bitcoin.it/wiki/BIP_0060
Source: nmap-service-probes.0.drString found in binary or memory: https://en.bitcoin.it/wiki/Changelog
Source: nmap-service-probes.0.drString found in binary or memory: https://en.bitcoin.it/wiki/Protocol_specification#Message_structure
Source: nmap-service-probes.0.drString found in binary or memory: https://en.bitcoin.it/wiki/Protocol_specification#version
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmpString found in binary or memory: https://foobar.target.se:443/redirect.php?url=http%3A%2f%2fscanme.nmap.org%2f
Source: nmap-service-probes.0.drString found in binary or memory: https://git.torproject.org/checkout/tor/master/doc/spec/dir-spec.txt
Source: nmap-7.80-setup.exe, 00000000.00000002.4757929659.0000000002841000.00000004.00000001.sdmp, nmap-service-probes.0.drString found in binary or memory: https://github.com/Ayms/node-Tor
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmpString found in binary or memory: https://github.com/UnaPibaGeek/ctfr.git)
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp, nmap-service-probes.0.drString found in binary or memory: https://github.com/ael-code/daikin-control
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp, enip-info.nse.0.drString found in binary or memory: https://github.com/avsej/wireshark/blob/master/epan/dissectors/packet-enip.c
Source: nmap-7.80-setup.exe, 00000000.00000002.4757929659.0000000002841000.00000004.00000001.sdmp, nmap-service-probes.0.drString found in binary or memory: https://github.com/clementine-player/Android-Remote/wiki/Developer-Documentation
Source: nmap-7.80-setup.exe, 00000000.00000002.4757929659.0000000002841000.00000004.00000001.sdmp, nmap-service-probes.0.drString found in binary or memory: https://github.com/cobyism/edimax-br-6528n/blob/master/AP/RTL8196C_1200/mp-daemon/UDPserver.c
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp, broadcast-hid-discoveryd.nse.0.drString found in binary or memory: https://github.com/coldfusion39/VertXploit
Source: nmap-service-probes.0.drString found in binary or memory: https://github.com/elvanderb/TCP-32764
Source: nmap-service-probes.0.drString found in binary or memory: https://github.com/elvanderb/TCP-32764/issues/98
Source: nmap-7.80-setup.exe, 00000000.00000002.4757929659.0000000002841000.00000004.00000001.sdmp, nmap-service-probes.0.drString found in binary or memory: https://github.com/esnet/iperf/wiki/IperfProtocolStates#test-initiation
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp, http-git.nse.0.drString found in binary or memory: https://github.com/github/gitignore
Source: nmap-7.80-setup.exe, 00000000.00000002.4757929659.0000000002841000.00000004.00000001.sdmp, nmap-service-probes.0.drString found in binary or memory: https://github.com/haiwen/ccnet
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmpString found in binary or memory: https://github.com/irsdl/IIS-ShortName-Scanner
Source: nmap-7.80-setup.exe, 00000000.00000002.4757929659.0000000002841000.00000004.00000001.sdmp, nmap-service-probes.0.drString found in binary or memory: https://github.com/kanaka/websockify
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp, http-apache-server-status.nse.0.drString found in binary or memory: https://github.com/michenriksen/nmap-scripts
Source: nmap-service-probes.0.drString found in binary or memory: https://github.com/miracle2k/onkyo-eiscp/blob/master/eiscp-commands.yaml
Source: nmap-service-probes.0.drString found in binary or memory: https://github.com/ninjasphere/driver-go-chromecast
Source: nmap-service-probes.0.drString found in binary or memory: https://github.com/nmap/nmap/pull/1083
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp, enip-info.nse.0.drString found in binary or memory: https://github.com/paperwork/pyenip)
Source: nmap-service-probes.0.drString found in binary or memory: https://github.com/quasar/QuasarRAT/
Source: nmap-7.80-setup.exe, 00000000.00000002.4757929659.0000000002841000.00000004.00000001.sdmp, nmap-service-probes.0.drString found in binary or memory: https://github.com/quine/GoProGTFO
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmpString found in binary or memory: https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/unix/ftp/vsftpd_234_back
Source: nmap-service-probes.0.drString found in binary or memory: https://github.com/rasteron/PyLime
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmpString found in binary or memory: https://github.com/sensepost/mainframe_brute).
Source: nmap-7.80-setup.exe, 00000000.00000002.4757929659.0000000002841000.00000004.00000001.sdmp, nmap-service-probes.0.drString found in binary or memory: https://github.com/tvdw/gotor
Source: nmap-service-probes.0.drString found in binary or memory: https://github.com/znc/znc/commit/087f01e99b9a1523a2962e05e4e878de0a41a367
Source: nmap-service-probes.0.drString found in binary or memory: https://gitweb.torproject.org/tor.git/tree/ChangeLog:
Source: nmap-7.80-setup.exe, 00000000.00000002.4757929659.0000000002841000.00000004.00000001.sdmp, nmap-service-probes.0.drString found in binary or memory: https://gitweb.torproject.org/torspec.git/tree/proposals/214-longer-circids.txt
Source: nmap-7.80-setup.exe, 00000000.00000002.4757929659.0000000002841000.00000004.00000001.sdmp, nmap-service-probes.0.drString found in binary or memory: https://gitweb.torproject.org/torspec.git/tree/proposals/251-netflow-padding.txt
Source: nmap-7.80-setup.exe, 00000000.00000002.4757929659.0000000002841000.00000004.00000001.sdmp, nmap-service-probes.0.drString found in binary or memory: https://gitweb.torproject.org/torspec.git/tree/proposals/254-padding-negotiation.txt
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmpString found in binary or memory: https://groups.google.com/forum/?fromgroups=#
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmpString found in binary or memory: https://help.sap.com/saphelp_nw73ehp1/helpdata/en/4a/5c004250995a6ae10000000a42189b/frameset.htm
Source: nmap-7.80-setup.exe, 00000000.00000002.4757929659.0000000002841000.00000004.00000001.sdmp, nmap-service-probes.0.drString found in binary or memory: https://issues.igniterealtime.org/browse/OF-811
Source: nmap-7.80-setup.exe, 00000000.00000002.4757929659.0000000002841000.00000004.00000001.sdmp, nmap-service-probes.0.drString found in binary or memory: https://lists.torproject.org/pipermail/tor-dev/2015-January/008135.html
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmpString found in binary or memory: https://m.some-very-random-website.com
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp, http-exif-spider.nse.0.drString found in binary or memory: https://maps.google.com/maps?q=%s
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp, http-exif-spider.nse.0.drString found in binary or memory: https://maps.google.com/maps?q=49.94125
Source: nmap-protocols.0.dr, nmap-service-probes.0.drString found in binary or memory: https://nmap.org
Source: nmap-7.80-setup.exe, 00000000.00000002.4757929659.0000000002841000.00000004.00000001.sdmpString found in binary or memory: https://nmap.org/
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmpString found in binary or memory: https://nmap.org/5/#5changes
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmpString found in binary or memory: https://nmap.org/5/#5changes:
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmpString found in binary or memory: https://nmap.org/book/install.html
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmpString found in binary or memory: https://nmap.org/book/install.html:
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmpString found in binary or memory: https://nmap.org/book/man-bugs.html
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmpString found in binary or memory: https://nmap.org/book/man-bugs.html:
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp, http-git.nse.0.dr, cics-user-enum.nse.0.dr, nmap-service-probes.0.drString found in binary or memory: https://nmap.org/book/man-legal.html
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmpString found in binary or memory: https://nmap.org/book/nse.html)
Source: nmap-os-db.0.drString found in binary or memory: https://nmap.org/book/osdetect.html.
Source: nmap-service-probes.0.drString found in binary or memory: https://nmap.org/book/vscan-community.html
Source: nmap-service-probes.0.drString found in binary or memory: https://nmap.org/book/vscan.html.
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmpString found in binary or memory: https://nmap.org/changelog.html
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmpString found in binary or memory: https://nmap.org/changelog.html:
Source: nmap-service-probes.0.drString found in binary or memory: https://nmap.org/data/COPYING
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmpString found in binary or memory: https://nmap.org/install/
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp, http-joomla-brute.nse.0.drString found in binary or memory: https://nmap.org/nsedoc/lib/brute.html)
Source: ajp-methods.nse.0.drString found in binary or memory: https://nmap.org/nsedoc/scripts/ajp-methods.html
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmpString found in binary or memory: https://nmap.org/r/fbsd-sa-opie.
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmpString found in binary or memory: https://nmap.org/r/ms09-020.
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp, nmap-os-db.0.drString found in binary or memory: https://nmap.org/submit/
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp, dns-client-subnet-scan.nse.0.drString found in binary or memory: https://nmap.org/svn/docs/licenses/BSD-simplified
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmpString found in binary or memory: https://nvd.nist.gov/cpe.cfm)
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmpString found in binary or memory: https://nvd.nist.gov/vuln/detail/CVE-2004-2687
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmpString found in binary or memory: https://nvd.nist.gov/vuln/detail/CVE-2010-2861
Source: nmap-service-probes.0.drString found in binary or memory: https://oss.oracle.com/projects/rds/dist/documentation/rds-3.1-spec.html
Source: nmap-service-probes.0.drString found in binary or memory: https://publib.boulder.ibm.com/infocenter/zos/v1r12/index.jsp?topic=%2Fcom.ibm.zos.r12.halc001%2Fmcc
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmpString found in binary or memory: https://sb-ssl.google.com/safebrowsing/api/lookup?client=%s&apikey=%s&appver=1.5.2&pver=3.0&url=%s
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmpString found in binary or memory: https://seclists.org/fulldisclosure/2011/Aug/175
Source: nmap-os-db.0.drString found in binary or memory: https://secure.airaya.com/proddetail.asp?prod=AI108-4958-O-300
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp, http-jsonp-detection.nse.0.drString found in binary or memory: https://securitycafe.ro/2017/01/18/practical-jsonp-injection/
Source: nmap-7.80-setup.exe, 00000000.00000002.4757929659.0000000002841000.00000004.00000001.sdmp, nmap-service-probes.0.drString found in binary or memory: https://spec.torproject.org/torspec
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmpString found in binary or memory: https://support.f5.com/csp/article/K6917
Source: nmap-7.80-setup.exe, 00000000.00000002.4757929659.0000000002841000.00000004.00000001.sdmp, nmap-service-probes.0.drString found in binary or memory: https://support.f5.com/kb/en-us/solutions/public/14000/800/sol14815.html
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp, broadcast-sonicwall-discover.nse.0.drString found in binary or memory: https://support.software.dell.com/kb/sw3677)
Source: nmap-service-probes.0.drString found in binary or memory: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/http/http_protocol.c
Source: http-svn-info.nse.0.drString found in binary or memory: https://svn.nmap.org
Source: http-svn-info.nse.0.drString found in binary or memory: https://svn.nmap.org/
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmpString found in binary or memory: https://svn.nmap.org/nmap-exp/gyani/misc/drupal-update.py
Source: nmap-7.80-setup.exe, 00000000.00000002.4757929659.0000000002841000.00000004.00000001.sdmpString found in binary or memory: https://svn.nmap.org/nmap/COPYING
Source: nmap-7.80-setup.exe, 00000000.00000003.4342889325.00000000006D3000.00000004.00000001.sdmpString found in binary or memory: https://svn.nmap.org/nmap/COPYING)
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmpString found in binary or memory: https://tools.ietf.org/html/draft-eastlake-kitchen-sink-02
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmpString found in binary or memory: https://tools.ietf.org/html/rfc6690
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmpString found in binary or memory: https://tools.ietf.org/html/rfc6698
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmpString found in binary or memory: https://tools.ietf.org/html/rfc7252
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp, dns-client-subnet-scan.nse.0.drString found in binary or memory: https://tools.ietf.org/html/rfc7871
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmpString found in binary or memory: https://twitter.com/nitr0usmx/status/740673507684679680
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmpString found in binary or memory: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3704
Source: nmap-service-probes.0.drString found in binary or memory: https://wiki.freenetproject.org/FCPv2
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmpString found in binary or memory: https://wiki.jenkins.io/display/JENKINS/Auto-discovering
Source: nmap-service-probes.0.drString found in binary or memory: https://wiki.wireshark.org/OpenFlow
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmpString found in binary or memory: https://www-01.ibm.com/support/knowledgecenter/SSGMCP_5.2.0/com.ibm.cics.ts.systemprogramming.doc/to
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp, zlibwapi.dll.0.drString found in binary or memory: https://www.digicert.com/CPS0
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp, dns-random-srcport.nse.0.drString found in binary or memory: https://www.dns-oarc.net/oarc/services/porttest).
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmpString found in binary or memory: https://www.dns-oarc.net/oarc/services/txidtest).
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmpString found in binary or memory: https://www.drupal.org/SA-CORE-2014-005
Source: nmap-service-probes.0.drString found in binary or memory: https://www.eso.org/projects/dfs/dfs-shared/web/ngas/;
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmpString found in binary or memory: https://www.exploit-db.com/exploits/12721/
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp, http-apache-server-status.nse.0.drString found in binary or memory: https://www.exploit-db.com/ghdb/1355/
Source: nmap-service-probes.0.drString found in binary or memory: https://www.google.com/patents/US20070250671
Source: nmap-service-probes.0.drString found in binary or memory: https://www.kernel.org/pub/software/admin/mon/
Source: nmap-7.80-setup.exe, 00000000.00000002.4757929659.0000000002841000.00000004.00000001.sdmp, nmap-service-probes.0.drString found in binary or memory: https://www.linuxsampler.org/api/draft-linuxsampler-protocol.html
Source: nmap-service-probes.0.drString found in binary or memory: https://www.mysonicwall.com/sonicalert/searchresults.aspx?ev=article&id=733
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmpString found in binary or memory: https://www.owasp.org/index.php/Cross-site_Scripting_(XSS)
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmpString found in binary or memory: https://www.owasp.org/index.php/OWASP_Secure_Headers_Project
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmpString found in binary or memory: https://www.owasp.org/index.php/Test_RIA_cross_domain_policy_%28OTG-CONFIG-008%29
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmpString found in binary or memory: https://www.owasp.org/index.php/Testing_for_HTTP_Methods_and_XST_%28OWASP-CM-008%29
Source: nmap-7.80-setup.exe, 00000000.00000002.4757929659.0000000002841000.00000004.00000001.sdmp, nmap-service-probes.0.drString found in binary or memory: https://www.reddit.com/r/telnet/comments/4i3w20/found_vizio_m55c3_telnet_access/
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmpString found in binary or memory: https://www.robtex.com/en/advisory/ip/
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmpString found in binary or memory: https://www.robtex.com/ip-lookup/
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmpString found in binary or memory: https://www.robtex.com/ip-lookup/).
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmpString found in binary or memory: https://www.securityfocus.com/archive/1/523424
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmpString found in binary or memory: https://www.securityfocus.com/bid/38197
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmpString found in binary or memory: https://www.securityfocus.com/bid/40343
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmpString found in binary or memory: https://www.securityfocus.com/bid/40403
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmpString found in binary or memory: https://www.securityfocus.com/bid/42342
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmpString found in binary or memory: https://www.securityfocus.com/bid/44562
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmpString found in binary or memory: https://www.securityfocus.com/bid/48539
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmpString found in binary or memory: https://www.securityfocus.com/bid/49303
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmpString found in binary or memory: https://www.securityfocus.com/bid/49957
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmpString found in binary or memory: https://www.sektioneins.de/en/advisories/advisory-012014-drupal-pre-auth-sql-injection-vulnerability
Source: nmap-7.80-setup.exe, 00000000.00000002.4757929659.0000000002841000.00000004.00000001.sdmp, nmap-service-probes.0.drString found in binary or memory: https://www.sharxsecurity.com/products.html
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmpString found in binary or memory: https://www.ssa.gov/history/ssn/misused.html
Source: nmap-7.80-setup.exe, 00000000.00000002.4757929659.0000000002841000.00000004.00000001.sdmp, nmap-service-probes.0.drString found in binary or memory: https://www.synology.com/en-us/knowledgebase/DSM/tutorial/General/What_network_ports_are_used_by_Syn
Source: nmap-7.80-setup.exe, 00000000.00000002.4757929659.0000000002841000.00000004.00000001.sdmp, nmap-service-probes.0.drString found in binary or memory: https://www.systutorials.com/docs/linux/man/8-rotctld/
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmpString found in binary or memory: https://www.team-cymru.org/Services/ip-to-asn.html)
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmpString found in binary or memory: https://www.tenable.com/plugins/nessus/48340
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmpString found in binary or memory: https://www.tenable.com/plugins/nessus/55976
Source: nmap-service-probes.0.drString found in binary or memory: https://www.trendnet.com/kb/kbp_viewquestion.asp?ToDo=view&questId=1350&catId=516
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmpString found in binary or memory: https://www.virustotal.com/file/275a021bbfb6489e54d471899f7db9d1663fc695ec2fe2a2c4538aabf651fd0f/ana
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmpString found in binary or memory: https://zeustracker.abuse.ch/ztdns.php

Key, Mouse, Clipboard, Microphone and Screen Capturing:

barindex
Contains functionality for read data from the clipboardShow sources
Source: C:\Users\user\Desktop\nmap-7.80-setup.exeCode function: 0_2_0040514B GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetClientRect,GetSystemMetrics,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SendMessageA,ShowWindow,ShowWindow,GetDlgItem,SendMessageA,SendMessageA,SendMessageA,GetDlgItem,CreateThread,FindCloseChangeNotification,ShowWindow,ShowWindow,ShowWindow,ShowWindow,SendMessageA,CreatePopupMenu,AppendMenuA,GetWindowRect,TrackPopupMenu,SendMessageA,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,SendMessageA,GlobalUnlock,SetClipboardData,CloseClipboard,0_2_0040514B

System Summary:

barindex
Contains functionality to shutdown / reboot the systemShow sources
Source: C:\Users\user\Desktop\nmap-7.80-setup.exeCode function: 0_2_0040326C EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoA,GetCommandLineA,GetModuleHandleA,CharNextA,ReadCabinetState,ReadCabinetState,ReadCabinetState,GetTempPathA,GetWindowsDirectoryA,lstrcatA,DeleteFileA,OleUninitialize,ExitProcess,lstrcatA,lstrcatA,lstrcatA,lstrcmpiA,SetCurrentDirectoryA,DeleteFileA,CopyFileA,CloseHandle,GetCurrentProcess,ExitWindowsEx,ExitProcess,0_2_0040326C
Detected potential crypto functionShow sources
Source: C:\Users\user\Desktop\nmap-7.80-setup.exeCode function: 0_2_0040495C0_2_0040495C
Source: C:\Users\user\Desktop\nmap-7.80-setup.exeCode function: 0_2_0040635D0_2_0040635D
PE file contains strange resourcesShow sources
Source: nmap-7.80-setup.exeStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: nmap-7.80-setup.exeStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: nmap-7.80-setup.exeStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Sample file is different than original file name gathered from version infoShow sources
Source: nmap-7.80-setup.exe, 00000000.00000002.4755105503.00000000001E0000.00000002.00000001.sdmpBinary or memory string: OriginalFilenameOLEACCRC.DLLj% vs nmap-7.80-setup.exe
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmpBinary or memory string: OriginalFilenamenmap.exe* vs nmap-7.80-setup.exe
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmpBinary or memory string: OriginalFilenamezlibwapi.dll2 vs nmap-7.80-setup.exe
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmpBinary or memory string: OriginalFilenamelibeay32.dllH vs nmap-7.80-setup.exe
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmpBinary or memory string: OriginalFilenamessleay32.dllH vs nmap-7.80-setup.exe
Source: nmap-7.80-setup.exe, 00000000.00000002.4760743215.0000000003130000.00000002.00000001.sdmpBinary or memory string: OriginalFilenameuser32j% vs nmap-7.80-setup.exe
Source: nmap-7.80-setup.exe, 00000000.00000002.4760837232.0000000003340000.00000002.00000001.sdmpBinary or memory string: OriginalFilenameimageres.DLL.MUIj% vs nmap-7.80-setup.exe
Source: nmap-7.80-setup.exe, 00000000.00000002.4768021527.00000000056F0000.00000002.00000001.sdmpBinary or memory string: OriginalFilenameimageres.DLLj% vs nmap-7.80-setup.exe
Yara signature matchShow sources
Source: C:\Program Files (x86)\Nmap\nmap.exe, type: DROPPEDMatched rule: iKAT_tools_nmap date = 05.11.14, author = Florian Roth, description = Generic rule for NMAP - based on NMAP 4 standalone, license = https://creativecommons.org/licenses/by-nc/4.0/, score = http://ikat.ha.cked.net/Windows/functions/ikatfiles.html, hash = d0543f365df61e6ebb5e345943577cc40fca8682
Source: C:\Users\user\AppData\Local\Temp\nsi8931.tmp, type: DROPPEDMatched rule: iKAT_tools_nmap date = 05.11.14, author = Florian Roth, description = Generic rule for NMAP - based on NMAP 4 standalone, license = https://creativecommons.org/licenses/by-nc/4.0/, score = http://ikat.ha.cked.net/Windows/functions/ikatfiles.html, hash = d0543f365df61e6ebb5e345943577cc40fca8682
Binary contains paths to development resourcesShow sources
Source: nmap-7.80-setup.exeBinary or memory string: .SlN`
Classification labelShow sources
Source: classification engineClassification label: sus24.troj.evad.winEXE@1/289@0/0
Contains functionality to check free disk spaceShow sources
Source: C:\Users\user\Desktop\nmap-7.80-setup.exeCode function: 0_2_0040441B GetDlgItem,SetWindowTextA,SHAutoComplete,SHBrowseForFolderA,CoTaskMemFree,lstrcmpiA,lstrcatA,SetDlgItemTextA,GetDiskFreeSpaceExA,GetDiskFreeSpaceA,MulDiv,SetDlgItemTextA,0_2_0040441B
Contains functionality to instantiate COM classesShow sources
Source: C:\Users\user\Desktop\nmap-7.80-setup.exeCode function: 0_2_00402053 CoCreateInstance,MultiByteToWideChar,0_2_00402053
Creates files inside the program directoryShow sources
Source: C:\Users\user\Desktop\nmap-7.80-setup.exeFile created: C:\Program Files (x86)\NmapJump to behavior
Creates temporary filesShow sources
Source: C:\Users\user\Desktop\nmap-7.80-setup.exeFile created: C:\Users\user\AppData\Local\Temp\nsi8894.tmpJump to behavior
PE file has an executable .text section and no other executable sectionShow sources
Source: nmap-7.80-setup.exeStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
Reads ini filesShow sources
Source: C:\Users\user\Desktop\nmap-7.80-setup.exeFile read: C:\Users\desktop.iniJump to behavior
Reads software policiesShow sources
Source: C:\Users\user\Desktop\nmap-7.80-setup.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Sample reads its own file contentShow sources
Source: C:\Users\user\Desktop\nmap-7.80-setup.exeFile read: C:\Users\user\Desktop\nmap-7.80-setup.exeJump to behavior
Uses an in-process (OLE) Automation serverShow sources
Source: C:\Users\user\Desktop\nmap-7.80-setup.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\InProcServer32Jump to behavior
Writes ini filesShow sources
Source: C:\Users\user\Desktop\nmap-7.80-setup.exeFile written: C:\Users\user\AppData\Local\Temp\nsi8932.tmp\shortcuts.iniJump to behavior
Found GUI installer (many successful clicks)Show sources
Source: C:\Users\user\Desktop\nmap-7.80-setup.exeAutomated click: I Agree
Source: C:\Users\user\Desktop\nmap-7.80-setup.exeAutomated click: Next >
Source: C:\Users\user\Desktop\nmap-7.80-setup.exeAutomated click: Install
Found installer window with terms and condition textShow sources
Source: C:\Users\user\Desktop\nmap-7.80-setup.exeWindow detected: I &AgreeCancelNullsoft Install System v2.51 Nullsoft Install System v2.51License AgreementPlease review the license terms before installing Nmap.Press Page Down to see the rest of the agreement.COPYING -- Describes the terms under which Nmap is distributed.IMPORTANT NMAP LICENSE TERMSThe Nmap Security Scanner is (C) 1996-2019 Insecure.Com LLC ("The Nmap Project"). Nmap is also a registered trademark of the Nmap Project. This program is free software; you may redistribute and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; Version 2 ("GPL") BUT ONLY WITH ALL OF THE CLARIFICATIONS AND EXCEPTIONS DESCRIBED HEREIN. This guarantees your right to use modify and redistribute this software under certain conditions. If you wish to embed Nmap technology into proprietary software we sell alternative licenses (contact sales@nmap.com). Dozens of software vendors already license Nmap technology such as host discovery port scanning OS detection version detection and the Nmap Scripting Engine.Note that the GPL places important restrictions on "derivative works" yet it does not provide a detailed definition of that term. To avoid misunderstandings we interpret that term as broadly as copyright law allows. For example we consider an application to constitute a derivative work for the purpose of this license if it does any of the following with any software or content covered by this license ("Covered Software"):o Integrates source code from Covered Software.o Reads or includes copyrighted data files such as Nmap's nmap-os-db or nmap-service-probes.o Is designed specifically to execute Covered Software and parse the results (as opposed to typical shell or execution-menu apps which will execute anything you tell them to).o Includes Covered Software in a proprietary executable installer. The installers produced by InstallShield are an example of this. Including Nmap with other software in compressed or archival form does not trigger this provision provided appropriate open source decompression or de-archiving software is widely available for no charge. For the purposes of this license an installer is considered to include Covered Software even if it actually retrieves a copy of Covered Software from another source during runtime (such as by downloading it from the Internet).o Links (statically or dynamically) to a library which does any of the above.o Executes a helper program module or script to do any of the above.This list is not exclusive but is meant to clarify our interpretation of derived works with some common examples. Other people may interpret the plain GPL differently so we consider this a special exception to the GPL that we apply to Covered Software. Works which meet any of these conditions must conform to all of the terms of this license particularly including the GPL Section 3 requirements of providing source code and allowing free redistribution of the work as a whole.As another sp
PE / OLE file has a valid certificateShow sources
Source: nmap-7.80-setup.exeStatic PE information: certificate valid
Submission file is bigger than most known malware samplesShow sources
Source: nmap-7.80-setup.exeStatic file information: File size 26922800 > 1048576
Binary contains paths to debug symbolsShow sources
Source: Binary string: C:\cygwin\home\nmap\openssl-1.0.2s\out32dll\ssleay32.pdb source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp
Source: Binary string: C:\cygwin\home\nmap\openssl-1.0.2s\out32dll\ssleay32.pdbAA source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp
Source: Binary string: C:\cygwin\home\nmap\nmap-7.80\libssh2\win32\Release_dll\libssh2.pdb source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp
Source: Binary string: C:\cygwin\home\nmap\openssl-1.0.2s\out32dll\libeay32.pdb source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp, libeay32.dll.0.dr
Source: Binary string: C:\cygwin\home\nmap\nmap-7.80\libssh2\win32\Release_dll\libssh2.pdb$$ source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp

Data Obfuscation:

barindex
PE file contains an invalid checksumShow sources
Source: nmap-7.80-setup.exeStatic PE information: real checksum: 0x19b96f8 should be:

Persistence and Installation Behavior:

barindex
Drops PE filesShow sources
Source: C:\Users\user\Desktop\nmap-7.80-setup.exeFile created: C:\Program Files (x86)\Nmap\nmap.exeJump to dropped file
Source: C:\Users\user\Desktop\nmap-7.80-setup.exeFile created: C:\Program Files (x86)\Nmap\zlibwapi.dllJump to dropped file
Source: C:\Users\user\Desktop\nmap-7.80-setup.exeFile created: C:\Program Files (x86)\Nmap\libssh2.dllJump to dropped file
Source: C:\Users\user\Desktop\nmap-7.80-setup.exeFile created: C:\Program Files (x86)\Nmap\libeay32.dllJump to dropped file
Source: C:\Users\user\Desktop\nmap-7.80-setup.exeFile created: C:\Program Files (x86)\Nmap\ssleay32.dllJump to dropped file
Creates license or readme fileShow sources
Source: C:\Users\user\Desktop\nmap-7.80-setup.exeFile created: C:\Program Files (x86)\Nmap\3rd-party-licenses.txtJump to behavior
Source: C:\Users\user\Desktop\nmap-7.80-setup.exeFile created: C:\Program Files (x86)\Nmap\licenses\LIBLINEAR-license.txtJump to behavior
Source: C:\Users\user\Desktop\nmap-7.80-setup.exeFile created: C:\Program Files (x86)\Nmap\licenses\Libdnet-license.txtJump to behavior
Source: C:\Users\user\Desktop\nmap-7.80-setup.exeFile created: C:\Program Files (x86)\Nmap\licenses\Lua-license.txtJump to behavior
Source: C:\Users\user\Desktop\nmap-7.80-setup.exeFile created: C:\Program Files (x86)\Nmap\licenses\OpenSSL-license.txtJump to behavior
Source: C:\Users\user\Desktop\nmap-7.80-setup.exeFile created: C:\Program Files (x86)\Nmap\licenses\PCRE-license.txtJump to behavior
Source: C:\Users\user\Desktop\nmap-7.80-setup.exeFile created: C:\Program Files (x86)\Nmap\licenses\WinPcap-license.txtJump to behavior
Source: C:\Users\user\Desktop\nmap-7.80-setup.exeFile created: C:\Program Files (x86)\Nmap\licenses\zlib-license.txtJump to behavior

Hooking and other Techniques for Hiding and Protection:

barindex
Monitors certain registry keys / values for changes (often done to protect autostart functionality)Show sources
Source: C:\Users\user\Desktop\nmap-7.80-setup.exeRegistry key monitored for changes: HKEY_CURRENT_USER_ClassesJump to behavior
Disables application error messsages (SetErrorMode)Show sources
Source: C:\Users\user\Desktop\nmap-7.80-setup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

Malware Analysis System Evasion:

barindex
Contain functionality to detect virtual machinesShow sources
Source: C:\Users\user\Desktop\nmap-7.80-setup.exeCode function: C:\Program Files (x86)\Nmap\scripts\http-vmware-path-vuln.nse C:\Program Files (x86)\Nmap\scripts\http-vmware-path-vuln.nse C:\Program Files (x86)\Nmap\scripts\http-vmware-path-vuln.nse C:\Program Files (x86)\Nmap\scripts\http-vmware-path-vuln.nse C:\Program Files (x86)\Nmap\scripts\http-vmware-path-vuln.nse C:\Program Files (x86)\Nmap\scripts\http-vmware-path-vuln.nse C:\Program Files (x86)\Nmap\scripts\http-vmware-path-vuln.nse Error opening file for writing: C:\Program Files (x86)\Nmap\scripts\http-vmware-path-vuln.nseClick Abort to stop the installation,Retry to try again, orIgnore to skip this file. Error opening file for writing: C:\Program Files (x86)\Nmap\scripts\http-vmware-path-vuln.nseClick Abort to stop the installation,Retry to try again, orIgnore to skip this file. C:\Program Files (x86)\Nmap\scripts\http-vmware-path-vuln.nse C:\Program Files (x86)\Nmap\scripts\http-vmware-path-vuln.nse C:\Program Files (x86)\Nmap\scripts\http-vmware-path-vuln.nse C:\Program Files (x86)\Nmap\scripts\http-vmware-path-vuln.nse C:\Program Files (x86)\Nmap\scripts\http-vmware-path-vuln.nse 0_2_00401751
Source: C:\Users\user\Desktop\nmap-7.80-setup.exeCode function: C:\Program Files (x86)\Nmap\scripts\http-vmware-path-vuln.nse C:\Program Files (x86)\Nmap\scripts\http-vmware-path-vuln.nse C:\Program Files (x86)\Nmap\scripts\http-vmware-path-vuln.nse 0_2_00401B23
Source: C:\Users\user\Desktop\nmap-7.80-setup.exeCode function: Error opening file for writing: C:\Program Files (x86)\Nmap\scripts\http-vmware-path-vuln.nseClick Abort to stop the installation,Retry to try again, orIgnore to skip this file. Error opening file for writing: C:\Program Files (x86)\Nmap\scripts\http-vmware-path-vuln.nseClick Abort to stop the installation,Retry to try again, orIgnore to skip this file. 0_2_004024F1
Contains capabilities to detect virtual machinesShow sources
Source: C:\Users\user\Desktop\nmap-7.80-setup.exeFile opened / queried: C:\Program Files (x86)\Nmap\scripts\http-vmware-path-vuln.nseJump to behavior
Found dropped PE file which has not been started or loadedShow sources
Source: C:\Users\user\Desktop\nmap-7.80-setup.exeDropped PE file which has not been started: C:\Program Files (x86)\Nmap\nmap.exeJump to dropped file
Source: C:\Users\user\Desktop\nmap-7.80-setup.exeDropped PE file which has not been started: C:\Program Files (x86)\Nmap\zlibwapi.dllJump to dropped file
Source: C:\Users\user\Desktop\nmap-7.80-setup.exeDropped PE file which has not been started: C:\Program Files (x86)\Nmap\libssh2.dllJump to dropped file
Source: C:\Users\user\Desktop\nmap-7.80-setup.exeDropped PE file which has not been started: C:\Program Files (x86)\Nmap\libeay32.dllJump to dropped file
Source: C:\Users\user\Desktop\nmap-7.80-setup.exeDropped PE file which has not been started: C:\Program Files (x86)\Nmap\ssleay32.dllJump to dropped file
Checks the free space of harddrivesShow sources
Source: C:\Users\user\Desktop\nmap-7.80-setup.exeFile Volume queried: C:\Program Files (x86) FullSizeInformationJump to behavior
Source: C:\Users\user\Desktop\nmap-7.80-setup.exeFile Volume queried: C:\Program Files (x86) FullSizeInformationJump to behavior
Contains functionality to enumerate / list files inside a directoryShow sources
Source: C:\Users\user\Desktop\nmap-7.80-setup.exeCode function: 0_2_00405646 CloseHandle,DeleteFileA,lstrcatA,lstrcatA,lstrlenA,FindFirstFileA,DeleteFileA,FindNextFileA,FindClose,RemoveDirectoryA,0_2_00405646
Source: C:\Users\user\Desktop\nmap-7.80-setup.exeCode function: 0_2_0040601C FindFirstFileA,FindClose,0_2_0040601C
Source: C:\Users\user\Desktop\nmap-7.80-setup.exeCode function: 0_2_00402671 FindFirstFileA,0_2_00402671
May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory)Show sources
Source: nmap-service-probes.0.drBinary or memory string: match http m|^HTTP/1\.1 501 Not Implemented\r\nDate: .* GMT\r\nConnection: close\r\nContent-Type: text/html\r\nContent-Length: 54\r\n\r\n<HTML><BODY><H1>501 Not Implemented</H1></BODY></HTML>$| p/VMware ESXi 4.1 Server httpd/ cpe:/o:vmware:esxi:4.1/
Source: nmap-service-probes.0.drBinary or memory string: match vmware-print m|^\r\0\0+$| p/VMware virtual printing service/
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmpBinary or memory string: table.insert(response, "VMWare path traversal (CVE-2009-3733): VULNERABLE")
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmpBinary or memory string: -- | copyright: Copyright (C) 2007-2011 VMware, Inc.
Source: nmap-service-probes.0.drBinary or memory string: match ssl/vmware-auth m|^220 VMware Authentication Daemon Version (\d[-.\w]+): SSL [rR]equired, MKSDisplayProtocol:VNC(?: ,)? \r\n| p/VMware Authentication Daemon/ v/$1/ i/Uses VNC/
Source: nmap-service-probes.0.drBinary or memory string: match http m|^HTTP/1\.1 200 OK\r\n(?:[^\r\n]+\r\n)*?Expires: Thu, 01 Jan 1970 00:00:00 GMT\r\nSet-Cookie: JSESSIONID=[0-9A-F]+; Path=/; Secure; HttpOnly\r\n.*<title>VMwareView Portal</title>|s p/VMware View Manager httpd/
Source: nmap-service-probes.0.drBinary or memory string: # Vmware ESX 1.5.x Client Agent for Linux -- WAIT - I think this is erronous and is actually smux
Source: nmap-service-probes.0.drBinary or memory string: # VMware has a buch of different auth settings so this gets messy
Source: nmap-service-probes.0.drBinary or memory string: match ssl/vmware-auth m|^220 VMware Authentication Daemon Version (\d[-.\w]+): SSL Required\r\n| p/VMware Authentication Daemon/ v/$1/
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmpBinary or memory string: -- | /mnt/vmware/vmware/FreeBSD 7.2/FreeBSD 7.2.vmx
Source: nmap-service-probes.0.drBinary or memory string: match http m|^HTTP/1\.1 301 Moved Permanently\r\nDate: .*\r\nLocation: https://([\w._-]+):(\d+)/\r\nConnection: close\r\nContent-Type: text/html\r\nContent-Length: 56\r\n\r\n<HTML><BODY><H1>301 Moved Permanently</H1></BODY></HTML>$| p/VMware vCenter Converter httpd/ i|redirect to tcp/$2| h/$1/
Source: nmap-service-probes.0.drBinary or memory string: match http m|^HTTP/1\.1 505 HTTP Version Not Supported\r\nDate: .*\r\nContent-Length: \d+\r\nContent-Type: text/html\r\n\r\n<html>\r\n<head>\r\n<title>VMware Horizon View</title>\r\n| p/VMware Horizon View/ cpe:/a:vmware:horizon_view/
Source: nmap-service-probes.0.drBinary or memory string: match vmware-auth m|^220 VMware Authentication Daemon Version (\d[-.\w]+).*\r\n530 Please login with USER and PASS\.\r\n|s p/VMware Authentication Daemon/ v/$1/
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmpBinary or memory string: -- | VMWare path traversal (CVE-2009-3733): VULNERABLE
Source: nmap-service-probes.0.drBinary or memory string: match ssl/vmware-auth m=^220 VMware Authentication Daemon Version (\d[-.\w]+): SSL Required, ServerDaemonProtocol:(SOAP|IPC), MKSDisplayProtocol:VNC= p/VMware Authentication Daemon/ v/$1/ i/Uses VNC, $2/
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmpBinary or memory string: result, body = get_file(host, port, "/etc/vmware/hostd/vmInventory.xml");
Source: nmap-service-probes.0.drBinary or memory string: match http m|^HTTP/1\.1 505 HTTP Version Not Supported\r\n.*<title>VMware View</title>|s p/VMware ESX Server httpd/ cpe:/o:vmware:esx/
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmpBinary or memory string: Checks for a path-traversal vulnerability in VMWare ESX, ESXi, and Server (CVE-2009-3733).
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmpBinary or memory string: -- | /mnt/vmware/vmware/FreeBSD 8.0 64-bit/FreeBSD 8.0 64-bit.vmx
Source: nmap-7.80-setup.exe, 00000000.00000002.4757929659.0000000002841000.00000004.00000001.sdmpBinary or memory string: vmnet175/tcp0.000000
Source: nmap-service-probes.0.drBinary or memory string: match http m|^HTTP/1\.1 301 Moved Permanently\r\nDate: .*\r\nLocation: https://([\w._-]+)/\r\nConnection: close\r\nContent-Length: 0\r\n\r\n$| p/VMware ESX 3.5 Server httpd/ h/$1/ cpe:/o:vmware:esx:3.5/
Source: nmap-7.80-setup.exe, 00000000.00000002.4757929659.0000000002841000.00000004.00000001.sdmpBinary or memory string: mshvlm6600/tcp0.000152# Microsoft Hyper-V Live Migration
Source: nmap-7.80-setup.exe, 00000000.00000002.4755186020.0000000000409000.00000004.00020000.sdmpBinary or memory string: C:\Program Files (x86)\Nmap\scripts\http-vmware-path-vuln.nseg.nsee.nse
Source: nmap-service-probes.0.drBinary or memory string: match http m|^HTTP/1\.1 200 OK\r\nDate: [^\r\n]+\r\n(?:Connection: \S+)?\r\nContent-Type: text/html\r\n(?:X-Frame-Options: DENY\r\n)?Content-Length: \d+\r\n\r\n.*<meta name="description" content="VMware Converter">|s p/VMware vCenter Converter httpd/ v/4/
Source: nmap-service-probes.0.drBinary or memory string: match vmware-auth m=^220 VMware Authentication Daemon Version (\d[-.\w]+), ServerDaemonProtocol:(SOAP|IPC), MKSDisplayProtocol:VNC= p/VMware Authentication Daemon/ v/$1/ i/Uses VNC, $2/
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmpBinary or memory string: --local function parse_vmware_conf(str, field)
Source: nmap-service-probes.0.drBinary or memory string: match http m|^HTTP/1\.1 200 OK\r\n.*\r\n<title>Welcome to VMware VirtualCenter ([\d.]+)</title>|s p/VMware VirtualCenter httpd/ v/$1/
Source: nmap-service-probes.0.drBinary or memory string: match http m|^HTTP/1\.1 200 OK\r\ncache-control: no-cache\r\nContent-Length: \d+\r\nExpires: Thu, 01 Jan 1970 00:00:00 GMT\r\nSet-Cookie: JSESSIONID=[0-9A-F]+; Path=/; Secure.*<title>VMware View Portal</title>|s p/VMware View Manager httpd/
Source: nmap-service-probes.0.drBinary or memory string: match http m|^HTTP/1\.1 404 Not Found\r\nDate: .* GMT\r\nContent-Length: \d+\r\nContent-Type: text/html\r\n\r\n<html>\r\n<head>\r\n<title>VMware View</title>| p/VMware View Manager httpd/
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmpBinary or memory string: -- | /vmware/Windows 2003/Windows 2003.vmx
Source: nmap-service-probes.0.drBinary or memory string: match http m|^HTTP/1\.1 404 Not Found\r\n(?:[^\r\n]+\r\n)*?Expires: Thu, 01-Jan-1970 00:00:00 GMT\r\n.*<title>VMware vCloud Director</title>|s p/VMware vCloud Director/ cpe:/a:vmware:vcloud_director/
Source: nmap-service-probes.0.drBinary or memory string: match http m|^HTTP/1\.1 200 OK\r\nContent-Language: en-US\r\nContent-Length: \d+\r\nX-FRAME-OPTIONS: SAMEORIGIN\r\nSet-Cookie: JSESSIONID=[A-F\d]{32}; Path=/; Secure; HttpOnly\r\nContent-Type: text/html;charset=UTF-8\r\nStrict-Transport-Security: max-age=31536000\r\n\r\n\r\n\r\n<!DOCTYPE html>\r\n<html lang="en">\r\n<head>\r\n <meta charset="utf-8">\r\n <meta http-equiv="X-UA-Compatible" content="IE=edge">\r\n <title>VMware Horizon</title>| p/VMware Horizon/ cpe:/a:vmware:horizon/
Source: nmap-service-probes.0.drBinary or memory string: match http m|^HTTP/1\.1 200 OK\r\nDate: [^\r\n]+\r\n(?:Connection: \S+)?\r\nContent-Type: text/html\r\n(?:X-Frame-Options: DENY\r\n)?Content-Length: \d+\r\n\r\n.*<meta name="description" content="VMware vSphere|s p/VMware vSphere http config/
Source: nmap-7.80-setup.exe, 00000000.00000002.4757929659.0000000002841000.00000004.00000001.sdmp, nmap-service-probes.0.drBinary or memory string: match qemu-vlan m|^\0\0\0qj\x81n0\x81k\xa1\x03\x02\x01\x05\xa2\x03\x02\x01\n\xa4\x81\^0\\\xa0\x07\x03\x05\0P\x80\0\x10\xa2\x04\x1b\x02NM\xa3\x170\x15\xa0\x03\x02\x01\0\xa1\x0e0\x0c\x1b\x06krbtgt\x1b\x02NM\xa5\x11\x18\x0f19700101000000Z| p/QEMU VLAN listener/ cpe:/a:qemu:qemu/
Source: nmap-service-probes.0.drBinary or memory string: match ldap m|^0\x82\x05.\x02\x01.*vmwPlatformServicesControllerVersion1\x07\x04\x05([\d.]+)0.\x04.*\nserverName1.\x04.cn=([^,.]+)|s p/VMware vCenter or PSC LDAP/ v/PSCv $1/ h/$2/ cpe:/a:vmware:server/
Source: nmap-service-probes.0.drBinary or memory string: # Seen for OpenPegasus, VMware ESX CIM server, Microsoft SCX CIM Server.
Source: nmap-service-probes.0.drBinary or memory string: match http m|^HTTP/1\.1 \d\d\d .*content=\"VMware Server is virtual infrastructure software.*\n\n<title>VMware Server ([-\w_.]+)</title>|s p/VMware Server http config/ v/$1/ cpe:/a:vmware:server:$1/
Source: nmap-service-probes.0.drBinary or memory string: match http m|^HTTP/1\.1 400 Bad Request\r\nServer: sfcHttpd\r\nContent-Length: 0\r\n\r\n$| p/sfcHttpd/ i/VMware Studio VAMI CIM broker/
Source: nmap-service-probes.0.drBinary or memory string: match http m|^HTTP/1\.1 403 Forbidden\r\nDate: .* GMT\r\nConnection: close\r\nContent-Type: text; charset=plain\r\nContent-Length: 0\r\n\r\n$| p/VMware VirtualCenter Web service/
Source: nmap-service-probes.0.drBinary or memory string: match http m|^HTTP/1\.1 404 Not Found\r\nConnection: close\r\nDate: .*\r\n\r\nMissing route token in request| p/VMware Horizon View/ cpe:/a:vmware:horizon_view/
Source: nmap-service-probes.0.drBinary or memory string: match vmware-aam m|^\0\0..\x01\0\0\0\x03\x03\x01\x03@\xe4\x01\x02\0..\0\xfe\xff\xff\xff\0\0d\0\0..\0\xfe\xff\xff\xff\0\0d\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\x14\0\0\0\x8fd\0\0...\t\0\0\0\0.\0\0\0.\0\0\0..\0\0.\0\0\0\x6b\x1f\0\0\0\0\0\0\x02\0\0\0\x8fc\0\0...\t\0\0\0\0\.\0\0\0\0\0\0\0| p/VMware Automated Availability Manager/
Source: nmap-service-probes.0.drBinary or memory string: match http m|^HTTP/1\.1 200 OK\r\nDate: [^\r\n]+\r\n(?:Connection: \S+)?\r\nContent-Type: text/html\r\n(?:X-Frame-Options: DENY\r\n)?Content-Length: \d+\r\n\r\n.*<meta name="description" content="VMware vCenter Converter Standalone">|s p/VMware vCenter Converter httpd/ v/4.3/
Source: nmap-service-probes.0.drBinary or memory string: # VMware vSphere (VMware workstation 8.0.2 build-591240)
Source: nmap-service-probes.0.drBinary or memory string: match http m|^HTTP/1\.1 400 Bad Request\r\nDate: .*\r\nConnection: close\r\nContent-Type: text/html\r\nContent-Length: 50\r\n\r\n<HTML><BODY><H1>400 Bad Request</H1></BODY></HTML>$| p/VMware Server http config/ cpe:/a:vmware:server/
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmpBinary or memory string: -- | http-vmware-path-vuln:
Source: nmap-service-probes.0.drBinary or memory string: match http m|^HTTP/1\.1 200 OK\r\nDate: .*\r\nConnection: close\r\nContent-Type: text/html\r\nX-Frame-Options: DENY\r\nContent-Length: \d+\r\n\r\n<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4\.01//EN" "http://www\.w3\.org/TR/html4/strict\.dtd">\n\n<html lang="en">\n<head>\n <meta http-equiv="content-type" content="text/html; charset=utf8">\n <meta http-equiv="refresh" content="0;URL='/ui'"/>\n</head>\n</html>\n| p/VMware ESXi Web UI/ cpe:/o:vmware:esxi/
Source: nmap-service-probes.0.drBinary or memory string: match http m|^HTTP/1\.1 200 OK\r\nDate:.*<title>Welcome to VMware ESX Server ([\d.]+)</title>\n\n|s p/VMware ESX Server httpd/ v/$1/ cpe:/o:vmware:esx:$1/
Source: nmap-service-probes.0.drBinary or memory string: match http m|^HTTP/1\.1 200 OK\r\nContent-Language: en-US\r\nContent-Length: \d+\r\nSet-Cookie: JSESSIONID=[A-F\d]{32}; Path=/; Secure; HttpOnly\r\nContent-Type: text/html;charset=UTF-8\r\n(?:Strict-Transport-Security: max-age=31536000\r\n)?\r\n\r\r\n\r\r\n<!DOCTYPE html>\r\r\n<html lang="en">\r\r\n<head>\r\r\n <meta charset="utf-8">\r\r\n <meta http-equiv="X-UA-Compatible" content="IE=edge">\r\r\n <title>VMware Horizon View</title>| p/VMware Horizon View/ cpe:/a:vmware:horizon_view/
Source: nmap-service-probes.0.drBinary or memory string: match http m|^HTTP/1\.1 400 Bad Request\r\nDate: .*\r\nConnection: close\r\nContent-Type: text; charset=plain\r\nContent-Length: 16\r\n\r\ninvalid value 0 $| p/VMware hostd httpd/
Source: nmap-service-probes.0.drBinary or memory string: match http m|^HTTP/1\.1 200 OK\r\n.*VMware Server provides a virtual machine platform, which can be managed by VMware VirtualCenter Server\.\">\r\n\r\n<title>VMware Server 2</title>|s p/VMware Server http config/ v/2/ cpe:/a:vmware:server:2/
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmpBinary or memory string: -- | /mnt/vmware/vmware/FreeBSD 8.0/FreeBSD 8.0.vmx
Source: nmap-service-probes.0.drBinary or memory string: match afp m|^\x01\x03\0\0........\0\0\0\0........\x8f\xfb.([^\0\x01]+)[\0\x01].*\tVMware7,1\x04\x06AFP3\.3\x06AFP3\.2\x06AFP3\.1\x06AFPX03.\tDHCAST128\x04DHX2\x06Recon1\rClient\x20Krb\x20v2\0\0.*[\x04\x05]([\w.-]+)\x01.afpserver/([\w.@-]+)\0|s p/Apple AFP/ i/name: $1; afpserver: $3; protocol 3.1; Mac OS X 10.6.3/ o/Mac OS X/ h/$2/ cpe:/a:apple:afp_server/a cpe:/o:apple:mac_os_x/a
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmpBinary or memory string: -- |_ /mnt/vmware/vmware/Slackware 13 32-bit/Slackware 13 32-bit.vmx
Source: nmap-service-probes.0.drBinary or memory string: match http m|^HTTP/1\.1 301 Moved Permanently\r\nDate: .*\r\nLocation: https://([\w_.-]+)/nice%20ports%2C/Tri%6Eity\.txt%2ebak\r\nConnection: close\r\nContent-Type: text/html\r\nContent-Length: 56\r\n\r\n<HTML><BODY><H1>301 Moved Permanently</H1></BODY></HTML>$| p/VMware ESX 4.0 Server httpd/ h/$1/ cpe:/o:vmware:esx:4.0/
Source: nmap-service-probes.0.drBinary or memory string: match http m|^HTTP/1\.1 200 OK\r\nDate: .*document\.write\(\"<title>\" \+ ID_EE?SX_Welcome \+ \"</title>|s p/VMware ESXi Server httpd/ cpe:/o:vmware:esxi/
Source: nmap-service-probes.0.drBinary or memory string: match ssl m|^\x16\x03\0\0\*\x02\0\0&\x03.*vCenterServer_([\w._-]+)|s p/VMware ESXi Server httpd/ v/$1/ cpe:/o:vmware:esxi:$1/
Source: nmap-7.80-setup.exeBinary or memory string: Error opening file for writing: C:\Program Files (x86)\Nmap\scripts\http-vmware-path-vuln.nse Click Abort to stop the installation, Retry to try again, or Ignore to skip this file.
Source: nmap-service-probes.0.drBinary or memory string: match http m|^HTTP/1\.1 200 200\r\nSet-Cookie: JSESSIONID=[A-F\d]{32};path=/;Secure;HttpOnly\r\nContent-Length: \d+\r\nContent-Language: en-US\r\nContent-Type: text/html;charset=UTF-8\r\n#status#: HTTP/1\.1 200 OK\r\nStrict-Transport-Security: max-age=31536000\r\nX-Content-Type-Options: nosniff\r\nX-Frame-Options: deny\r\nX-XSS-Protection: 1; mode=block\r\n\r\n\r\n\r\n\r\n<!DOCTYPE html>\r\n<html lang="en">\r\n<head>\r\n <meta charset="utf-8">\r\n <meta http-equiv="X-UA-Compatible" content="IE=edge">\r\n <title>VMware Horizon</title>| p/VMware Horizon/ cpe:/a:vmware:horizon/
Source: nmap-service-probes.0.drBinary or memory string: match http m|^HTTP/1\.1 200 OK\r\n.*document\.write\(\"<title>\" \+ ID_VC_Welcome \+ \"</title>\"\);.*<meta name=\"description\" content=\"VMware VirtualCenter|s p/VMware Server http config/
Source: nmap-7.80-setup.exeBinary or memory string: Error opening file for writing: C:\Program Files (x86)\Nmap\scripts\http-vmware-path-vuln.nseClick Abort to stop the installation,Retry to try again, orIgnore to skip this file.
Source: nmap-service-probes.0.drBinary or memory string: match http m|^HTTP/1\.1 307 Temporary Redirect\r\nLocation: https://([^:]+):443/\r\nDate: .*\r\nContent-Length: 1994\r\nContent-Type: text/html\r\n\r\n<html>\r\n<head>\r\n<title>VMware Horizon</title>| p/VMWare Horizon/ h/$1/ cpe:/a:vmware:horizon/
Source: nmap-service-probes.0.drBinary or memory string: match http m|^HTTP/1\.1 200 OK\r\n(?:[^\r\n]+\r\n)*?Expires: Thu, 01 Jan 1970 00:00:00 GMT\r\nSet-Cookie: JSESSIONID=[0-9A-F]+; Path=/; Secure\r\n.*<title>VMware View Portal</title>|s p/VMware View Manager httpd/
Source: nmap-service-probes.0.drBinary or memory string: match http m|^HTTP/1\.1 301 Moved Permanently\r\nDate: .*\r\nLocation: https://([\w._-]+)/\r\nConnection: close\r\nContent-Type: text/html\r\nContent-Length: 56\r\n\r\n<HTML><BODY><H1>301 Moved Permanently</H1></BODY></HTML>$| p/VMware ESXi Server httpd/ h/$1/ cpe:/o:vmware:esxi/
Source: nmap-service-probes.0.drBinary or memory string: match ssl m|^\x16\x03\0\0\*\x02\0\0&\x03.*\nCalifornia.*\tPalo Alto.*\x0cVMware, Inc\..*\x1bVMware Management Interface|s p/VMware management interface SSLv3/
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmpBinary or memory string: -- | /vmware/Pentest/Pentest - Linux/Linux Pentest Bravo.vmx
Source: nmap-7.80-setup.exe, 00000000.00000002.4755209936.000000000040F000.00000004.00020000.sdmpBinary or memory string: http-vmware-path-vuln.nse
Source: nmap-7.80-setup.exe, 00000000.00000002.4757929659.0000000002841000.00000004.00000001.sdmpBinary or memory string: vmnet175/udp0.000379
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmpBinary or memory string: -- | /vmware/Pentest/Pentest - Windows/Windows 2003.vmx
Source: nmap-service-probes.0.drBinary or memory string: match qemu-vlan m|^\0\0\x01V\xff\xff\xff\xff\xff\xffRT\0\x124V\x08\0E.\x01H...\0.\x11..\0\0\0\0\xff\xff\xff\xff\0D\0C\x014.{1,2}\x01\x01\x06\0......\0{18}RT\0\x124V\0{202}c\x82Sc5\x01|s p/QEMU VLAN listener/ cpe:/a:qemu:qemu/
Source: nmap-service-probes.0.drBinary or memory string: match http m|^HTTP/1\.1 301 Moved Permanently\r\nDate: .*\r\nLocation: https://([\w.]+)/?\r\nConnection: close\r\nContent-Length: 0\r\n\r\n|s p/VMware Server 2 http config/ h/$1/ cpe:/a:vmware:server:2/
Source: nmap-7.80-setup.exeBinary or memory string: C:\Program Files (x86)\Nmap\scripts\http-vmware-path-vuln.nse
Source: nmap-service-probes.0.drBinary or memory string: match http m|^HTTP/1\.1 307 Temporary Redirect\r\nLocation: https://[^/]+/\r\nDate: .*\r\nContent-Length: 1994\r\nContent-Type: text/html\r\n\r\n<html>\r\n<head>\r\n<title>VMware Horizon</title>| p/VMWare Horizon/ cpe:/a:vmware:horizon/
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmpBinary or memory string: -- nmap --script http-vmware-path-vuln -p80,443,8222,8333 <host>
Source: nmap-service-probes.0.drBinary or memory string: match telnet m|^\xff\xfb\x01\xff\xfb\x03\xff\xfb\0\xff\xfd\0QEMU ([\w._-]+) monitor - type 'help' for more information\r\n\(qemu\) | p/QEMU monitor telnetd/ v/$1/ cpe:/a:qemu:qemu:$1/
Source: nmap-7.80-setup.exe, 00000000.00000002.4755209936.000000000040F000.00000004.00020000.sdmpBinary or memory string: http-vmware-path-vuln.nseg.nsee.nse32.tmp\final.iniini
Source: nmap-service-probes.0.drBinary or memory string: match afp m|^\x01\x03\0\0........\0\0\0\0........\x9f\xf3.([^\0\x01]+).*?VMware(\d+),(\d+)\x05\x06AFP3\.4\x06AFP3\.3\x06AFP3\.2\x06AFP3\.1\x06AFPX03|s p/Apple AFP/ i/name: $1; protocol 3.4; VMware $2.$3/ o/Mac OS X/ cpe:/a:apple:afp_server/ cpe:/o:apple:mac_os_x/a
Source: nmap-service-probes.0.drBinary or memory string: match afp m|^\x01\x03\0\0........\0\0\0\0........\x9f\xfb.([^\0\x01]+)[\0\x01].*VMware(\d+),(\d+)\x05\x06AFP3\.4\x06AFP3\.3\x06AFP3\.2\x06AFP3\.1\x06AFPX03\x06\tDHCAST128\x04DHX2\x06Recon1\rClient Krb v2\x03GSS\x0fNo User Authent.*\x1b\$not_defined_in_RFC4178@please_ignore$|s p/Apple AFP/ i/name: $1; protocol 3.4; Mac OS X 10.6; VMware $2.$3/ o/Mac OS X/ cpe:/a:apple:afp_server/a cpe:/o:apple:mac_os_x/a
Source: nmap-7.80-setup.exe, 00000000.00000002.4755333799.0000000000446000.00000004.00020000.sdmpBinary or memory string: :\Program Files (x86)\Nmap\scripts\http-vmware-path-vuln.nse
Source: nmap-service-probes.0.drBinary or memory string: match http m|^HTTP/1\.1 200 OK\r\ncache-control: no-cache\r\nContent-Length: 1573\r\nExpires: Thu, 01 Jan 1970 00:00:00 GMT\r\nSet-Cookie: JSESSIONID=9A69859878EF80D2D98913D0A75EA0CD; Path=/; Secure; HttpOnly\r\nContent-Type: text/html;charset=UTF-8\r\npragma: no-cache\r\n.*\r\n<html>\r\n<head>\r\n<title>VMware&nbsp;Horizon View</title>\r\n|s p/VMware Horizon View/ cpe:/a:vmware:horizon_view/
Program exit pointsShow sources
Source: C:\Users\user\Desktop\nmap-7.80-setup.exeAPI call chain: ExitProcess graph end nodegraph_0-3456
Source: C:\Users\user\Desktop\nmap-7.80-setup.exeAPI call chain: ExitProcess graph end nodegraph_0-3458

HIPS / PFW / Operating System Protection Evasion:

barindex
May try to detect the Windows Explorer process (often used for injection)Show sources
Source: nmap-7.80-setup.exe, 00000000.00000002.4756195318.0000000000DE0000.00000002.00000001.sdmpBinary or memory string: Program Manager
Source: nmap-7.80-setup.exe, 00000000.00000002.4756195318.0000000000DE0000.00000002.00000001.sdmpBinary or memory string: Shell_TrayWnd
Source: nmap-7.80-setup.exe, 00000000.00000002.4756195318.0000000000DE0000.00000002.00000001.sdmpBinary or memory string: Progman
Source: nmap-7.80-setup.exe, 00000000.00000002.4756195318.0000000000DE0000.00000002.00000001.sdmpBinary or memory string: Progmanlock

Language, Device and Operating System Detection:

barindex
Contains functionality to query windows versionShow sources
Source: C:\Users\user\Desktop\nmap-7.80-setup.exeCode function: 0_2_00405D43 GetVersion,GetSystemDirectoryA,GetWindowsDirectoryA,SHGetSpecialFolderLocation,SHGetPathFromIDListA,CoTaskMemFree,lstrcatA,lstrlenA,0_2_00405D43

Remote Access Functionality:

barindex
Contains VNC / remote desktop functionality (version string found)Show sources
Source: nmap-service-probes.0.drString found in binary or memory: match vnc m|^RFB 003\.00(\d)\n$| p/VNC/ i/protocol 3.$1/
Source: nmap-service-probes.0.drString found in binary or memory: match vnc m|^RFB 003\.00(\d)\n\0\0\0\0\0\0\0\x1aToo many security failures$| p/VNC/ i/protocol 3.$1; Locked out/
Source: nmap-service-probes.0.drString found in binary or memory: match vnc m|^RFB 003.130\n$| p/VNC/ i/unofficial protocol 3.130/
Source: nmap-service-probes.0.drString found in binary or memory: match vnc m|^RFB 003\.88[89]\n$| p/Apple remote desktop vnc/ o/Mac OS X/ cpe:/o:apple:mac_os_x/a
Source: nmap-service-probes.0.drString found in binary or memory: match vnc m|^RFB 000\.000\n$| p/Ultr@VNC Repeater/ cpe:/a:ultravnc:repeater/
Source: nmap-service-probes.0.drString found in binary or memory: match vnc m|^RFB 003\.00(\d)\n\0\0\0\0\0\0\0jServer license key is missing, invalid or has expired\.\nVisit http://www\.realvnc\.com to purchase a licence\.| p/RealVNC/ i/Unlicensed; protocol 3.$1/ cpe:/a:realvnc:realvnc/
Source: nmap-service-probes.0.drString found in binary or memory: match vnc m|^RFB 003\.00(\d)\n\0\0\0\0\0\0\0nVNC Server license key is missing, invalid or has expired\.\nVisit http://www\.realvnc\.com to purchase a license\.| p/RealVNC/ i/Unlicensed; protocol 3.$1/ cpe:/a:realvnc:realvnc/
Source: nmap-service-probes.0.drString found in binary or memory: match vnc m|^RFB 003\.00(\d)\n\0\0\0\0\0\0\0\x8cLa licencia de VNC Server no se ha activado correctamente\.\n\nNo se permitir\xc3\xa1n conexiones hasta que se aplique una clave de licencia v\xc3\xa1lida\.| p/RealVNC/ i/Unlicensed; protocol 3.$1; Spanish/ cpe:/a:realvnc:realvnc::::es/
Source: nmap-service-probes.0.drString found in binary or memory: match vnc m|^RFB 003\.00(\d)\n\0\0\0\0\0\0\0MTrial period has expired\.\nVisit http://www\.realvnc\.com to purchase a license\.| p/RealVNC/ i/Trial expired; protocol 3.$1/ cpe:/a:realvnc:realvnc/
Source: nmap-service-probes.0.drString found in binary or memory: match vnc m|^RFB 004\.000\n| p/RealVNC Personal/ i/protocol 4.0/ cpe:/a:realvnc:realvnc:::personal/
Source: nmap-service-probes.0.drString found in binary or memory: match vnc m|^RFB 004\.001\n| p/RealVNC Enterprise/ i/protocol 4.1/ cpe:/a:realvnc:realvnc:::enterprise/
Source: nmap-service-probes.0.drString found in binary or memory: match vnc m|^RFB 005\.000\n| p/RealVNC Enterprise/ v/5.3 or later/ i/protocol 5.0/ cpe:/a:realvnc:realvnc:::enterprise/
Source: nmap-service-probes.0.drString found in binary or memory: match vnc m|^RFB 003\.00(\d)\n\0\0\0\0\0\0\0:Unable to open license file: No such file or directory \(2\)| p/RealVNC Enterprise Edition/ i/protocol 3.$1/ cpe:/a:realvnc:realvnc:::enterprise/
Source: nmap-service-probes.0.drString found in binary or memory: match vnc m|^RFB 003\.00(\d)\n\0\0\0\0\0\0\0jServer license key is missing, invalid or has expired\.\nVisit http://www\.realvnc\.com to purchase a license\.| p/RealVNC Enterprise/ i/protocol 3.$1/ cpe:/a:realvnc:realvnc:::enterprise/
Source: nmap-service-probes.0.drString found in binary or memory: match vnc m|^RFB 009\.123\n| p/ATEN KVM-over-IP VNC/ d/remote management/
Source: nmap-service-probes.0.drString found in binary or memory: match vnc m|^RFB 003\.00(\d)\n\0\0\0\0\0\0\0kVNC Server is not licensed correctly\.\n\nConnections will be prohibited until a valid license key is applied\.| p/RealVNC/ i/unlicensed; protocol 3.$1/ cpe:/a:realvnc:realvnc/

Malware Configuration

No configs have been found

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet

Simulations

Behavior and APIs

No simulations

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
nmap-7.80-setup.exe1%VirustotalBrowse
nmap-7.80-setup.exe0%MetadefenderBrowse

Dropped Files

SourceDetectionScannerLabelLink
C:\Program Files (x86)\Nmap\libeay32.dll0%VirustotalBrowse
C:\Program Files (x86)\Nmap\libeay32.dll0%MetadefenderBrowse

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
http://www.csie.ntu.edu.tw/~cjlin/liblinear/1%VirustotalBrowse
http://www.csie.ntu.edu.tw/~cjlin/liblinear/0%Avira URL Cloudsafe
http://www.nazgul.ch/dev_nostromo.html0%VirustotalBrowse
http://www.nazgul.ch/dev_nostromo.html0%Avira URL Cloudsafe
http://www.some-random-page.com/2011/12/04/feed/0%Avira URL Cloudsafe
http://192.168.1.162/auth2/index.html0%Avira URL Cloudsafe
http://www.beaconmedaes.com1%VirustotalBrowse
http://www.beaconmedaes.com0%Avira URL Cloudsafe
http://underground.org.mx)0%Avira URL Cloudsafe
https://www.sharxsecurity.com/products.html0%VirustotalBrowse
https://www.sharxsecurity.com/products.html0%Avira URL Cloudsafe
http://www.qosient.com/argus/0%VirustotalBrowse
http://www.qosient.com/argus/0%Avira URL Cloudsafe
http://www.inside-security.de/fw1_rdp_poc.html0%Avira URL Cloudsafe
http://freenetproject.org/fcp.html0%Avira URL Cloudsafe
http://purenetworks.com/HNAP1/GetDeviceSettings0%VirustotalBrowse
http://purenetworks.com/HNAP1/GetDeviceSettings0%Avira URL Cloudsafe
http://titanfiesta.googlecode.com/svn/trunk/TitanFiesta/Common/XorTable.h.0%Avira URL Cloudsafe
http://%s/wpad.dat0%Avira URL Cloudsafe
http://www.some-random-page.com/2011/11/20/feed/0%Avira URL Cloudsafe
http://scanme.insecure.org)0%Avira URL Cloudsafe
http://www.st.rim.or.jp/~nakata/0%VirustotalBrowse
http://www.st.rim.or.jp/~nakata/0%Avira URL Cloudsafe
http://svn.icculus.org/twilight/trunk/dpmaster/doc/techinfo.txt?view=markup0%Avira URL Cloudsafe
https://wiki.freenetproject.org/FCPv20%Avira URL Cloudsafe
https://www.sektioneins.de/en/advisories/advisory-012014-drupal-pre-auth-sql-injection-vulnerability0%Avira URL Cloudsafe
http://purenetworks.com/HNAP1/SetDeviceSettings0%VirustotalBrowse
http://purenetworks.com/HNAP1/SetDeviceSettings0%Avira URL Cloudsafe
http://purenetworks.com/HNAP1/GetDeviceSettings20%VirustotalBrowse
http://purenetworks.com/HNAP1/GetDeviceSettings20%Avira URL Cloudsafe
https://m.some-very-random-website.com0%Avira URL Cloudsafe
http://www.icbevr.com/ibank/ibank2/0%Avira URL Cloudsafe
http://www.acarsd.org/0%VirustotalBrowse
http://www.acarsd.org/0%Avira URL Cloudsafe
http://some-very-random-page.com:80/0%Avira URL Cloudsafe
http://www.0php.com/php_easter_egg.php.0%VirustotalBrowse
http://www.0php.com/php_easter_egg.php.0%Avira URL Cloudsafe
http://7bits.nl/blog/2012/03/26/finding-v6-hosts-by-efficiently-mapping-ip6-arpa0%Avira URL Cloudsafe
http://docs.getisymphony.com/display/ISYM28/Status0%Avira URL Cloudsafe
http://wiki.gnashdev.org/RTMP0%Avira URL Cloudsafe
http://www.crynwr.com/crynwr/rfc1035/rfc1035.html0%Avira URL Cloudsafe
http://phpsadness.com/sad/110%VirustotalBrowse
http://phpsadness.com/sad/110%Avira URL Cloudsafe
http://www.brainz.co.kr/product/infra_05.php0%VirustotalBrowse
http://www.brainz.co.kr/product/infra_05.php0%Avira URL Cloudsafe

Yara Overview

Initial Sample

No yara matches

PCAP (Network Traffic)

No yara matches

Dropped Files

SourceRuleDescriptionAuthorStrings
C:\Program Files (x86)\Nmap\nmap.exeiKAT_tools_nmapGeneric rule for NMAP - based on NMAP 4 standaloneFlorian Roth
  • 0x27ea48:$s0: Insecure.Org
  • 0x27eb14:$s1: Copyright (c) Insecure.Com
  • 0xc9df1:$s2: Nmap
  • 0xcaef8:$s2: nmap
  • 0xcaf1c:$s2: nmap
  • 0xcb0c0:$s2: NMAP
  • 0xcb0cc:$s2: nmap
  • 0xcb0dd:$s2: NMAP
  • 0xcb108:$s2: NMAP
  • 0xcb2d8:$s2: nmap
  • 0xcb2ec:$s2: Nmap
  • 0xcb30c:$s2: nmap
  • 0xcb397:$s2: nmap
  • 0xcc74c:$s2: Nmap
  • 0xcc846:$s2: Nmap
  • 0xcc965:$s2: nmap
  • 0xcc977:$s2: nmap
  • 0xcc982:$s2: nmap
  • 0xcc9aa:$s2: nmap
  • 0xcc9e0:$s2: nmap
  • 0xcd640:$s2: nmap
C:\Users\user\AppData\Local\Temp\nsi8931.tmpiKAT_tools_nmapGeneric rule for NMAP - based on NMAP 4 standaloneFlorian Roth
  • 0xc2a9ee:$s0: Insecure.Org
  • 0xc2aaba:$s1: Copyright (c) Insecure.Com
  • 0x1be3d:$s2: Nmap
  • 0x1be4b:$s2: Nmap
  • 0x1be7f:$s2: Nmap
  • 0x1be9f:$s2: NMAP
  • 0x1beb7:$s2: Nmap
  • 0x1bef5:$s2: Nmap
  • 0x1bf05:$s2: Nmap
  • 0x1bf30:$s2: Nmap
  • 0x1c0ba:$s2: Nmap
  • 0x1c111:$s2: nmap
  • 0x1c147:$s2: Nmap
  • 0x1c1a7:$s2: Nmap
  • 0x1c3d6:$s2: Nmap
  • 0x1c3dd:$s2: nmap
  • 0x1c3eb:$s2: nmap
  • 0x1c545:$s2: Nmap
  • 0x1c9a0:$s2: Nmap
  • 0x1cab1:$s2: Nmap
  • 0x1cb6e:$s2: Nmap

Memory Dumps

No yara matches

Unpacked PEs

No yara matches

Sigma Overview

No Sigma rule has matched

Joe Sandbox View / Context

IPs

No context

Domains

No context

ASN

No context

JA3 Fingerprints

No context

Dropped Files

MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
C:\Program Files (x86)\Nmap\zlibwapi.dllhttps://nmap.org/dist/nmap-7.80-setup.exeGet hashmaliciousBrowse
    C:\Program Files (x86)\Nmap\libssh2.dllhttps://nmap.org/dist/nmap-7.80-setup.exeGet hashmaliciousBrowse
      C:\Program Files (x86)\Nmap\libeay32.dllhttps://nmap.org/dist/nmap-7.80-setup.exeGet hashmaliciousBrowse
        C:\Program Files (x86)\Nmap\nmap.exehttps://nmap.org/dist/nmap-7.80-setup.exeGet hashmaliciousBrowse

          Screenshots

          Thumbnails

          This section contains all screenshots as thumbnails, including those not shown in the slideshow.