Play interactive tourEdit tour
Analysis Report SecuriteInfo.com.Variant.Razy.845229.27038.1852
Overview
General Information
Sample Name: | SecuriteInfo.com.Variant.Razy.845229.27038.1852 (renamed file extension from 1852 to exe) |
Analysis ID: | 356590 |
MD5: | 869eae0220a293dcabf4051dd323bbd8 |
SHA1: | 395e7683548c8a25c4963e3e3c56b04b76dbf0b7 |
SHA256: | 496fa2a5a6abbc22d6a4c63e31847156d61c240d8e3a793e1b4de46e09827b52 |
Tags: | GuLoader |
Most interesting Screenshot: |
Detection
GuLoader
Score: | 100 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Yara detected GuLoader
Contains functionality to hide a thread from the debugger
Detected RDTSC dummy instruction sequence (likely for instruction hammering)
Hides threads from debuggers
Machine Learning detection for dropped file
Machine Learning detection for sample
Tries to detect Any.run
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to detect virtualization through RDTSC time measurements
Yara detected VB6 Downloader Generic
Abnormal high CPU Usage
Checks if the current process is being debugged
Contains capabilities to detect virtual machines
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to read the PEB
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Drops PE files
Found WSH timer for Javascript or VBS script (likely evasive script)
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
PE file contains an invalid checksum
PE file contains strange resources
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Uses 32bit PE files
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Yara signature match
Classification
Startup |
---|
|
Malware Configuration |
---|
No configs have been found |
---|
Yara Overview |
---|
Memory Dumps |
---|
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
LokiBot_Dropper_Packed_R11_Feb18 | Auto-generated rule - file scan copy.pdf.r11 | Florian Roth |
| |
JoeSecurity_VB6DownloaderGeneric | Yara detected VB6 Downloader Generic | Joe Security | ||
JoeSecurity_GuLoader | Yara detected GuLoader | Joe Security |
Sigma Overview |
---|
No Sigma rule has matched |
---|
Signature Overview |
---|
Click to jump to signature section
Show All Signature Results
AV Detection: |
---|
Multi AV Scanner detection for domain / URL | Show sources |
Source: | Virustotal: | Perma Link | ||
Source: | Virustotal: | Perma Link |
Multi AV Scanner detection for dropped file | Show sources |
Source: | Virustotal: | Perma Link | ||
Source: | ReversingLabs: |
Multi AV Scanner detection for submitted file | Show sources |
Source: | Virustotal: | Perma Link | ||
Source: | ReversingLabs: |
Machine Learning detection for dropped file | Show sources |
Source: | Joe Sandbox ML: |
Machine Learning detection for sample | Show sources |
Source: | Joe Sandbox ML: |
Compliance: |
---|
Uses 32bit PE files | Show sources |
Source: | Static PE information: |
Source: | IP Address: |
Source: | ASN Name: |
Source: | HTTP traffic detected: |
Source: | HTTP traffic detected: |
Source: | DNS traffic detected: |
Source: | String found in binary or memory: |
System Summary: |
---|
Malicious sample detected (through community Yara rule) | Show sources |
Source: | Matched rule: |
Source: | Process Stats: |
Source: | Code function: | 19_2_0056688B | |
Source: | Code function: | 19_2_005604B6 | |
Source: | Code function: | 19_2_00565209 | |
Source: | Code function: | 19_2_0056506B | |
Source: | Code function: | 19_2_0056057F | |
Source: | Code function: | 19_2_005605B2 | |
Source: | Code function: | 19_2_00563635 | |
Source: | Code function: | 19_2_00560629 | |
Source: | Code function: | 19_2_0056069F | |
Source: | Code function: | 19_2_00561AA2 | |
Source: | Code function: | 19_2_00560F41 | |
Source: | Code function: | 19_2_00560F23 |
Source: | Code function: | 1_2_00405454 | |
Source: | Code function: | 1_2_00405872 | |
Source: | Code function: | 1_2_00402C01 | |
Source: | Code function: | 1_2_00405814 | |
Source: | Code function: | 1_2_00405429 | |
Source: | Code function: | 1_2_004054C1 | |
Source: | Code function: | 1_2_004054C3 | |
Source: | Code function: | 1_2_004054C5 | |
Source: | Code function: | 1_2_004054C7 | |
Source: | Code function: | 1_2_004054C9 | |
Source: | Code function: | 1_2_004058CB | |
Source: | Code function: | 1_2_004054E0 | |
Source: | Code function: | 1_2_004058F7 | |
Source: | Code function: | 1_2_00405488 | |
Source: | Code function: | 1_2_0040589C | |
Source: | Code function: | 1_2_004054AC | |
Source: | Code function: | 1_2_004054B3 | |
Source: | Code function: | 1_2_004054B5 | |
Source: | Code function: | 1_2_004054B7 | |
Source: | Code function: | 1_2_004054B9 | |
Source: | Code function: | 1_2_004054BB | |
Source: | Code function: | 1_2_004054BD | |
Source: | Code function: | 1_2_00405954 | |
Source: | Code function: | 1_2_0040556C | |
Source: | Code function: | 1_2_0040550A | |
Source: | Code function: | 1_2_0040513D | |
Source: | Code function: | 1_2_0040553D | |
Source: | Code function: | 1_2_004049E3 | |
Source: | Code function: | 1_2_004055EA | |
Source: | Code function: | 1_2_00404DA2 | |
Source: | Code function: | 1_2_0040525A | |
Source: | Code function: | 1_2_00405A06 | |
Source: | Code function: | 1_2_0040561E | |
Source: | Code function: | 1_2_0040522C | |
Source: | Code function: | 1_2_004056DE | |
Source: | Code function: | 1_2_00405682 | |
Source: | Code function: | 1_2_004052AB | |
Source: | Code function: | 1_2_00404B4D | |
Source: | Code function: | 1_2_00405750 | |
Source: | Code function: | 1_2_0040536C | |
Source: | Code function: | 1_2_0040576D | |
Source: | Code function: | 1_2_0040530B | |
Source: | Code function: | 1_2_00405337 | |
Source: | Code function: | 1_2_004057C0 | |
Source: | Code function: | 1_2_004057EF | |
Source: | Code function: | 1_2_004053FB | |
Source: | Code function: | 1_2_00404BFE | |
Source: | Code function: | 1_2_0040539A | |
Source: | Code function: | 1_2_0040579A | |
Source: | Code function: | 1_2_004043B6 | |
Source: | Code function: | 19_2_00565853 | |
Source: | Code function: | 19_2_00561C9A | |
Source: | Code function: | 19_2_005656D9 | |
Source: | Code function: | 19_2_00561B01 | |
Source: | Code function: | 19_2_00564FCA |
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Static PE information: |
Source: | Matched rule: |
Source: | Classification label: |
Source: | File created: | Jump to behavior |
Source: | Mutant created: | ||
Source: | Mutant created: |
Source: | File created: | Jump to behavior |
Source: | Process created: |
Source: | Static PE information: |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior |
Source: | File read: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | File read: | Jump to behavior | ||
Source: | File read: | Jump to behavior |
Source: | Virustotal: | ||
Source: | ReversingLabs: |
Source: | File read: | Jump to behavior |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Source: | Window detected: |
Data Obfuscation: |
---|
Yara detected GuLoader | Show sources |
Source: | File source: |
Yara detected VB6 Downloader Generic | Show sources |
Source: | File source: |
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | Code function: | 1_2_0040B140 | |
Source: | Code function: | 1_2_004059D3 | |
Source: | Code function: | 19_2_005642D9 |
Source: | File created: | Jump to dropped file |
Source: | Registry value created or modified: | Jump to behavior | ||
Source: | Registry value created or modified: | Jump to behavior |
Source: | Registry key monitored for changes: | Jump to behavior |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Malware Analysis System Evasion: |
---|
Detected RDTSC dummy instruction sequence (likely for instruction hammering) | Show sources |
Source: | RDTSC instruction interceptor: | ||
Source: | RDTSC instruction interceptor: |
Tries to detect Any.run | Show sources |
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior |
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function) | Show sources |
Source: | Binary or memory string: |
Tries to detect virtualization through RDTSC time measurements | Show sources |
Source: | RDTSC instruction interceptor: | ||
Source: | RDTSC instruction interceptor: |
Source: | File opened / queried: | Jump to behavior |
Source: | Code function: | 19_2_00566C78 |
Source: | Window found: | Jump to behavior |
Source: | Last function: |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Anti Debugging: |
---|
Contains functionality to hide a thread from the debugger | Show sources |
Source: | Code function: | 19_2_005604B6 |
Hides threads from debuggers | Show sources |
Source: | Thread information set: | Jump to behavior | ||
Source: | Thread information set: | Jump to behavior |
Source: | Process queried: | Jump to behavior |
Source: | Code function: | 19_2_00566C78 |
Source: | Code function: | 19_2_00563E23 |
Source: | Code function: | 19_2_00562286 | |
Source: | Code function: | 19_2_00563008 | |
Source: | Code function: | 19_2_00562034 | |
Source: | Code function: | 19_2_005661D3 | |
Source: | Code function: | 19_2_005661C4 | |
Source: | Code function: | 19_2_00564A7C | |
Source: | Code function: | 19_2_00566207 | |
Source: | Code function: | 19_2_00561AA2 | |
Source: | Code function: | 19_2_005622A1 | |
Source: | Code function: | 19_2_00565364 |
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Queries volume information: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Mitre Att&ck Matrix |
---|
Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Exfiltration | Command and Control | Network Effects | Remote Service Effects | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Valid Accounts | Scripting11 | Registry Run Keys / Startup Folder1 | Process Injection12 | Masquerading1 | OS Credential Dumping | Query Registry1 | Remote Services | Archive Collected Data1 | Exfiltration Over Other Network Medium | Encrypted Channel1 | Eavesdrop on Insecure Network Communication | Remotely Track Device Without Authorization | Modify System Partition |
Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Registry Run Keys / Startup Folder1 | Virtualization/Sandbox Evasion22 | LSASS Memory | Security Software Discovery731 | Remote Desktop Protocol | Data from Removable Media | Exfiltration Over Bluetooth | Ingress Tool Transfer1 | Exploit SS7 to Redirect Phone Calls/SMS | Remotely Wipe Data Without Authorization | Device Lockout |
Domain Accounts | At (Linux) | Logon Script (Windows) | Logon Script (Windows) | Process Injection12 | Security Account Manager | Virtualization/Sandbox Evasion22 | SMB/Windows Admin Shares | Data from Network Shared Drive | Automated Exfiltration | Non-Application Layer Protocol2 | Exploit SS7 to Track Device Location | Obtain Device Cloud Backups | Delete Device Data |
Local Accounts | At (Windows) | Logon Script (Mac) | Logon Script (Mac) | Scripting11 | NTDS | Process Discovery1 | Distributed Component Object Model | Input Capture | Scheduled Transfer | Application Layer Protocol12 | SIM Card Swap | Carrier Billing Fraud | |
Cloud Accounts | Cron | Network Logon Script | Network Logon Script | Obfuscated Files or Information1 | LSA Secrets | Remote System Discovery1 | SSH | Keylogging | Data Transfer Size Limits | Fallback Channels | Manipulate Device Communication | Manipulate App Store Rankings or Ratings | |
Replication Through Removable Media | Launchd | Rc.common | Rc.common | Steganography | Cached Domain Credentials | File and Directory Discovery1 | VNC | GUI Input Capture | Exfiltration Over C2 Channel | Multiband Communication | Jamming or Denial of Service | Abuse Accessibility Features | |
External Remote Services | Scheduled Task | Startup Items | Startup Items | Compile After Delivery | DCSync | System Information Discovery212 | Windows Remote Management | Web Portal Capture | Exfiltration Over Alternative Protocol | Commonly Used Port | Rogue Wi-Fi Access Points | Data Encrypted for Impact |
Behavior Graph |
---|
Screenshots |
---|
Thumbnails
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Antivirus, Machine Learning and Genetic Malware Detection |
---|
Initial Sample |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
35% | Virustotal | Browse | ||
40% | ReversingLabs | Win32.Trojan.Razy | ||
100% | Joe Sandbox ML |
Dropped Files |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
100% | Joe Sandbox ML | |||
35% | Virustotal | Browse | ||
40% | ReversingLabs | Win32.Trojan.Razy |
Unpacked PE Files |
---|
No Antivirus matches |
---|
Domains |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
12% | Virustotal | Browse |
URLs |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
13% | Virustotal | Browse | ||
0% | Avira URL Cloud | safe |
Domains and IPs |
---|
Contacted Domains |
---|
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
mtspsmjeli.sch.id | 103.150.60.242 | true | true |
| unknown |
Contacted URLs |
---|
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
true |
| unknown |
Contacted IPs |
---|
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
Public |
---|
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
103.150.60.242 | unknown | unknown | 45325 | PC24NET-AS-IDPTPC24TelekomunikasiIndonesiaID | true |
General Information |
---|
Joe Sandbox Version: | 31.0.0 Emerald |
Analysis ID: | 356590 |
Start date: | 23.02.2021 |
Start time: | 11:49:35 |
Joe Sandbox Product: | CloudBasic |
Overall analysis duration: | 0h 9m 42s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Sample file name: | SecuriteInfo.com.Variant.Razy.845229.27038.1852 (renamed file extension from 1852 to exe) |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211 |
Number of analysed new started processes analysed: | 25 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Detection: | MAL |
Classification: | mal100.troj.evad.winEXE@10/3@1/1 |
EGA Information: | Failed |
HDC Information: |
|
HCA Information: | Failed |
Cookbook Comments: |
|
Warnings: | Show All
|
Simulations |
---|
Behavior and APIs |
---|
Time | Type | Description |
---|---|---|
11:54:20 | Autostart | |
11:54:28 | Autostart |
Joe Sandbox View / Context |
---|
IPs |
---|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
103.150.60.242 | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
|
Domains |
---|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
mtspsmjeli.sch.id | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
|
ASN |
---|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
PC24NET-AS-IDPTPC24TelekomunikasiIndonesiaID | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
|
JA3 Fingerprints |
---|
No context |
---|
Dropped Files |
---|
No context |
---|
Created / dropped Files |
---|
Process: | C:\Users\user\Desktop\SecuriteInfo.com.Variant.Razy.845229.27038.exe |
File Type: | |
Category: | modified |
Size (bytes): | 404 |
Entropy (8bit): | 3.476487137149483 |
Encrypted: | false |
SSDEEP: | 12:4D8o++ugypjBQMBvFQ4lOAMJnAGF0M/0aimi:4Dh+S0FNOj7F0Nait |
MD5: | 0AC72B36AE19DF5DD84381E07A64BA3B |
SHA1: | 194801CB7059E67ABF5A38E709D856A8095A71EE |
SHA-256: | B17BD1B45A2144EAA120C3EE9BB97622B2A54B0D36A69B3750AF2678D359D14D |
SHA-512: | DA76EC5A6C11DE83532AED125DF88B43BABD72774EC8A91C05697E4941F9C8DB2757402787C40EB08DFD82A0927A8A301F84FEE5EDE10D2DB56CC7B0BB429604 |
Malicious: | false |
Reputation: | moderate, very likely benign file |
Preview: |
|
Process: | C:\Users\user\Desktop\SecuriteInfo.com.Variant.Razy.845229.27038.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 106496 |
Entropy (8bit): | 5.194335934479938 |
Encrypted: | false |
SSDEEP: | 1536:Bb7/1JxTzAXah9um4sC0COiM9vuDjb7/1Jx:vzAqnQ0eM9i |
MD5: | 869EAE0220A293DCABF4051DD323BBD8 |
SHA1: | 395E7683548C8A25C4963E3E3C56B04B76DBF0B7 |
SHA-256: | 496FA2A5A6ABBC22D6A4C63E31847156D61C240D8E3A793E1B4DE46E09827B52 |
SHA-512: | DD9FB27D7554C13C691CF8836911C9B7E93FE83908895DE00D92C11A68EC2050B26D2ED2F7B8F76A7990F5F7A42E8468A2B5078378D5DAD653D71C07D95B8705 |
Malicious: | true |
Antivirus: |
|
Reputation: | low |
Preview: |
|
Process: | C:\Users\user\Desktop\SecuriteInfo.com.Variant.Razy.845229.27038.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 26 |
Entropy (8bit): | 3.95006375643621 |
Encrypted: | false |
SSDEEP: | 3:ggPYV:rPYV |
MD5: | 187F488E27DB4AF347237FE461A079AD |
SHA1: | 6693BA299EC1881249D59262276A0D2CB21F8E64 |
SHA-256: | 255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309 |
SHA-512: | 89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E |
Malicious: | true |
Reputation: | high, very likely benign file |
Preview: |
|
Static File Info |
---|
General | |
---|---|
File type: | |
Entropy (8bit): | 5.194335934479938 |
TrID: |
|
File name: | SecuriteInfo.com.Variant.Razy.845229.27038.exe |
File size: | 106496 |
MD5: | 869eae0220a293dcabf4051dd323bbd8 |
SHA1: | 395e7683548c8a25c4963e3e3c56b04b76dbf0b7 |
SHA256: | 496fa2a5a6abbc22d6a4c63e31847156d61c240d8e3a793e1b4de46e09827b52 |
SHA512: | dd9fb27d7554c13c691cf8836911c9b7e93fe83908895de00d92c11a68ec2050b26d2ed2f7b8f76a7990f5f7a42e8468a2b5078378d5dad653d71c07d95b8705 |
SSDEEP: | 1536:Bb7/1JxTzAXah9um4sC0COiM9vuDjb7/1Jx:vzAqnQ0eM9i |
File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......W.x.....................\...T...%.......Rich............................PE..L...\..H.................@...p......x........P....@ |
File Icon |
---|
Icon Hash: | d8d490d4ccbcdeeb |
Static PE Info |
---|
General | |
---|---|
Entrypoint: | 0x401378 |
Entrypoint Section: | .text |
Digitally signed: | false |
Imagebase: | 0x400000 |
Subsystem: | windows gui |
Image File Characteristics: | LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED |
DLL Characteristics: | |
Time Stamp: | 0x48C5A15C [Mon Sep 8 22:04:12 2008 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | |
OS Version Major: | 4 |
OS Version Minor: | 0 |
File Version Major: | 4 |
File Version Minor: | 0 |
Subsystem Version Major: | 4 |
Subsystem Version Minor: | 0 |
Import Hash: | 5fb04c04dc9621084e24b4642ca2fed6 |
Entrypoint Preview |
---|
Instruction |
---|
push 0040FEB8h |
call 00007F3244D0E2D5h |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
xor byte ptr [eax], al |
add byte ptr [eax], al |
dec eax |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [edi+20h], ch |
out 82h, eax |
xchg eax, ecx |
mov ch, 39h |
dec edi |
mov dword ptr [ecx-64h], ecx |
sub byte ptr [ecx-2Dh], al |
mov edi, 00000060h |
add byte ptr [eax], al |
add byte ptr [ecx], al |
add byte ptr [eax], al |
add byte ptr [edx+00h], al |
push es |
push eax |
add dword ptr [ecx], 49h |
outsb |
imul esi, dword ptr [ebx+73h], 6C626175h |
bound esp, dword ptr [ebp+73h] |
je 00007F3244D0E357h |
bound eax, dword ptr [eax] |
add byte ptr [eax], al |
add al, dl |
inc edi |
or byte ptr [ebx], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
dec esp |
xor dword ptr [eax], eax |
or eax, E492673Ch |
sar dword ptr [esi-6772BA15h], 22h |
xchg byte ptr fs:[esi+edi], dh |
inc esp |
pop es |
movsd |
sub edx, esi |
jne 00007F3244D0E2E8h |
ror byte ptr [edx-50h], FFFFFF91h |
xor byte ptr [edx], cl |
insb |
mov dl, 6Ah |
mov bh, 3Ah |
dec edi |
lodsd |
xor ebx, dword ptr [ecx-48EE309Ah] |
or al, 00h |
stosb |
add byte ptr [eax-2Dh], ah |
xchg eax, ebx |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
in al, DAh |
add byte ptr [eax], al |
push eax |
sub eax, 0F000000h |
add byte ptr [edx+52h], al |
pop ecx |
dec esi |
push ebx |
dec ebx |
dec edi |
push esi |
push ebp |
dec esi |
push eax |
Data Directories |
---|
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0x13ef4 | 0x28 | .text |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x18000 | 0x30a4 | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x238 | 0x20 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x1000 | 0x114 | .text |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Sections |
---|
Name | Virtual Address | Virtual Size | Raw Size | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|
.text | 0x1000 | 0x133bc | 0x14000 | False | 0.338391113281 | data | 5.72023929374 | IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ |
.data | 0x15000 | 0x2560 | 0x1000 | False | 0.00634765625 | data | 0.0 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ |
.rsrc | 0x18000 | 0x30a4 | 0x4000 | False | 0.107666015625 | data | 3.2477817313 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
Resources |
---|
Name | RVA | Size | Type | Language | Country |
---|---|---|---|---|---|
RT_ICON | 0x193fc | 0x1ca8 | data | ||
RT_ICON | 0x18754 | 0xca8 | data | ||
RT_ICON | 0x183ec | 0x368 | GLS_BINARY_LSB_FIRST | ||
RT_GROUP_ICON | 0x183bc | 0x30 | data | ||
RT_VERSION | 0x18150 | 0x26c | data | Hungarian | Hungary |
Imports |
---|
DLL | Import |
---|---|
MSVBVM60.DLL | _CIcos, _adj_fptan, __vbaVarMove, __vbaStrI4, __vbaFreeVar, __vbaStrVarMove, __vbaFreeVarList, _adj_fdiv_m64, __vbaFreeObjList, _adj_fprem1, __vbaHresultCheckObj, _adj_fdiv_m32, __vbaLateMemSt, __vbaObjSet, __vbaOnError, _adj_fdiv_m16i, __vbaObjSetAddref, _adj_fdivr_m16i, __vbaVarTstLt, __vbaFpR8, _CIsin, __vbaChkstk, EVENT_SINK_AddRef, __vbaVarTstEq, __vbaObjVar, _adj_fpatan, __vbaLateIdCallLd, EVENT_SINK_Release, _CIsqrt, EVENT_SINK_QueryInterface, __vbaExceptHandler, _adj_fprem, _adj_fdivr_m64, __vbaFPException, _CIlog, __vbaNew2, _adj_fdiv_m32i, _adj_fdivr_m32i, __vbaStrCopy, __vbaI4Str, __vbaFreeStrList, _adj_fdivr_m32, _adj_fdiv_r, __vbaVarTstNe, __vbaI4Var, __vbaVarAdd, __vbaVarDup, __vbaFpI4, __vbaLateMemCallLd, _CIatan, __vbaStrMove, _allmul, _CItan, _CIexp, __vbaFreeObj, __vbaFreeStr |
Version Infos |
---|
Description | Data |
---|---|
Translation | 0x040e 0x04b0 |
InternalName | COLLUMELLIACEOUSFR |
FileVersion | 1.00 |
CompanyName | ColdStone |
Comments | ColdStone |
ProductName | ColdStone |
ProductVersion | 1.00 |
OriginalFilename | COLLUMELLIACEOUSFR.exe |
Possible Origin |
---|
Language of compilation system | Country where language is spoken | Map |
---|---|---|
Hungarian | Hungary |
Network Behavior |
---|
Network Port Distribution |
---|
TCP Packets |
---|
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Feb 23, 2021 11:54:17.463218927 CET | 49754 | 80 | 192.168.2.6 | 103.150.60.242 |
Feb 23, 2021 11:54:17.704843044 CET | 80 | 49754 | 103.150.60.242 | 192.168.2.6 |
Feb 23, 2021 11:54:17.705131054 CET | 49754 | 80 | 192.168.2.6 | 103.150.60.242 |
Feb 23, 2021 11:54:17.706018925 CET | 49754 | 80 | 192.168.2.6 | 103.150.60.242 |
Feb 23, 2021 11:54:17.948926926 CET | 80 | 49754 | 103.150.60.242 | 192.168.2.6 |
Feb 23, 2021 11:54:17.948966026 CET | 80 | 49754 | 103.150.60.242 | 192.168.2.6 |
Feb 23, 2021 11:54:17.948980093 CET | 80 | 49754 | 103.150.60.242 | 192.168.2.6 |
Feb 23, 2021 11:54:17.948992968 CET | 80 | 49754 | 103.150.60.242 | 192.168.2.6 |
Feb 23, 2021 11:54:17.949004889 CET | 80 | 49754 | 103.150.60.242 | 192.168.2.6 |
Feb 23, 2021 11:54:17.949018002 CET | 80 | 49754 | 103.150.60.242 | 192.168.2.6 |
Feb 23, 2021 11:54:17.949033976 CET | 80 | 49754 | 103.150.60.242 | 192.168.2.6 |
Feb 23, 2021 11:54:17.949049950 CET | 80 | 49754 | 103.150.60.242 | 192.168.2.6 |
Feb 23, 2021 11:54:17.949065924 CET | 80 | 49754 | 103.150.60.242 | 192.168.2.6 |
Feb 23, 2021 11:54:17.949081898 CET | 80 | 49754 | 103.150.60.242 | 192.168.2.6 |
Feb 23, 2021 11:54:17.949105978 CET | 80 | 49754 | 103.150.60.242 | 192.168.2.6 |
Feb 23, 2021 11:54:17.949229956 CET | 49754 | 80 | 192.168.2.6 | 103.150.60.242 |
Feb 23, 2021 11:54:17.949330091 CET | 49754 | 80 | 192.168.2.6 | 103.150.60.242 |
Feb 23, 2021 11:54:18.194422007 CET | 80 | 49754 | 103.150.60.242 | 192.168.2.6 |
Feb 23, 2021 11:54:18.194454908 CET | 80 | 49754 | 103.150.60.242 | 192.168.2.6 |
Feb 23, 2021 11:54:18.194499016 CET | 80 | 49754 | 103.150.60.242 | 192.168.2.6 |
Feb 23, 2021 11:54:18.194519043 CET | 80 | 49754 | 103.150.60.242 | 192.168.2.6 |
Feb 23, 2021 11:54:18.194614887 CET | 49754 | 80 | 192.168.2.6 | 103.150.60.242 |
Feb 23, 2021 11:54:18.194669962 CET | 49754 | 80 | 192.168.2.6 | 103.150.60.242 |
Feb 23, 2021 11:54:18.195597887 CET | 80 | 49754 | 103.150.60.242 | 192.168.2.6 |
Feb 23, 2021 11:54:18.195626020 CET | 80 | 49754 | 103.150.60.242 | 192.168.2.6 |
Feb 23, 2021 11:54:18.195647001 CET | 80 | 49754 | 103.150.60.242 | 192.168.2.6 |
Feb 23, 2021 11:54:18.195671082 CET | 80 | 49754 | 103.150.60.242 | 192.168.2.6 |
Feb 23, 2021 11:54:18.195676088 CET | 49754 | 80 | 192.168.2.6 | 103.150.60.242 |
Feb 23, 2021 11:54:18.195691109 CET | 49754 | 80 | 192.168.2.6 | 103.150.60.242 |
Feb 23, 2021 11:54:18.195696115 CET | 80 | 49754 | 103.150.60.242 | 192.168.2.6 |
Feb 23, 2021 11:54:18.195718050 CET | 80 | 49754 | 103.150.60.242 | 192.168.2.6 |
Feb 23, 2021 11:54:18.195734024 CET | 49754 | 80 | 192.168.2.6 | 103.150.60.242 |
Feb 23, 2021 11:54:18.195741892 CET | 80 | 49754 | 103.150.60.242 | 192.168.2.6 |
Feb 23, 2021 11:54:18.195765018 CET | 80 | 49754 | 103.150.60.242 | 192.168.2.6 |
Feb 23, 2021 11:54:18.195780993 CET | 49754 | 80 | 192.168.2.6 | 103.150.60.242 |
Feb 23, 2021 11:54:18.195787907 CET | 80 | 49754 | 103.150.60.242 | 192.168.2.6 |
Feb 23, 2021 11:54:18.195812941 CET | 80 | 49754 | 103.150.60.242 | 192.168.2.6 |
Feb 23, 2021 11:54:18.195818901 CET | 49754 | 80 | 192.168.2.6 | 103.150.60.242 |
Feb 23, 2021 11:54:18.195837021 CET | 80 | 49754 | 103.150.60.242 | 192.168.2.6 |
Feb 23, 2021 11:54:18.195848942 CET | 49754 | 80 | 192.168.2.6 | 103.150.60.242 |
Feb 23, 2021 11:54:18.195863962 CET | 80 | 49754 | 103.150.60.242 | 192.168.2.6 |
Feb 23, 2021 11:54:18.195890903 CET | 80 | 49754 | 103.150.60.242 | 192.168.2.6 |
Feb 23, 2021 11:54:18.195894957 CET | 49754 | 80 | 192.168.2.6 | 103.150.60.242 |
Feb 23, 2021 11:54:18.195913076 CET | 80 | 49754 | 103.150.60.242 | 192.168.2.6 |
Feb 23, 2021 11:54:18.195930958 CET | 49754 | 80 | 192.168.2.6 | 103.150.60.242 |
Feb 23, 2021 11:54:18.195936918 CET | 80 | 49754 | 103.150.60.242 | 192.168.2.6 |
Feb 23, 2021 11:54:18.195960999 CET | 80 | 49754 | 103.150.60.242 | 192.168.2.6 |
Feb 23, 2021 11:54:18.195982933 CET | 49754 | 80 | 192.168.2.6 | 103.150.60.242 |
Feb 23, 2021 11:54:18.196022987 CET | 49754 | 80 | 192.168.2.6 | 103.150.60.242 |
Feb 23, 2021 11:54:18.435492992 CET | 80 | 49754 | 103.150.60.242 | 192.168.2.6 |
Feb 23, 2021 11:54:18.435529947 CET | 80 | 49754 | 103.150.60.242 | 192.168.2.6 |
Feb 23, 2021 11:54:18.435549974 CET | 80 | 49754 | 103.150.60.242 | 192.168.2.6 |
Feb 23, 2021 11:54:18.435776949 CET | 80 | 49754 | 103.150.60.242 | 192.168.2.6 |
Feb 23, 2021 11:54:18.435780048 CET | 49754 | 80 | 192.168.2.6 | 103.150.60.242 |
Feb 23, 2021 11:54:18.435807943 CET | 80 | 49754 | 103.150.60.242 | 192.168.2.6 |
Feb 23, 2021 11:54:18.435832024 CET | 80 | 49754 | 103.150.60.242 | 192.168.2.6 |
Feb 23, 2021 11:54:18.435844898 CET | 49754 | 80 | 192.168.2.6 | 103.150.60.242 |
Feb 23, 2021 11:54:18.435853004 CET | 80 | 49754 | 103.150.60.242 | 192.168.2.6 |
Feb 23, 2021 11:54:18.435878992 CET | 80 | 49754 | 103.150.60.242 | 192.168.2.6 |
Feb 23, 2021 11:54:18.435885906 CET | 49754 | 80 | 192.168.2.6 | 103.150.60.242 |
Feb 23, 2021 11:54:18.435931921 CET | 49754 | 80 | 192.168.2.6 | 103.150.60.242 |
Feb 23, 2021 11:54:18.437078953 CET | 80 | 49754 | 103.150.60.242 | 192.168.2.6 |
Feb 23, 2021 11:54:18.437158108 CET | 80 | 49754 | 103.150.60.242 | 192.168.2.6 |
Feb 23, 2021 11:54:18.437167883 CET | 49754 | 80 | 192.168.2.6 | 103.150.60.242 |
Feb 23, 2021 11:54:18.437184095 CET | 80 | 49754 | 103.150.60.242 | 192.168.2.6 |
Feb 23, 2021 11:54:18.437207937 CET | 49754 | 80 | 192.168.2.6 | 103.150.60.242 |
Feb 23, 2021 11:54:18.437208891 CET | 80 | 49754 | 103.150.60.242 | 192.168.2.6 |
Feb 23, 2021 11:54:18.437232018 CET | 80 | 49754 | 103.150.60.242 | 192.168.2.6 |
Feb 23, 2021 11:54:18.437235117 CET | 49754 | 80 | 192.168.2.6 | 103.150.60.242 |
Feb 23, 2021 11:54:18.437257051 CET | 49754 | 80 | 192.168.2.6 | 103.150.60.242 |
Feb 23, 2021 11:54:18.437257051 CET | 80 | 49754 | 103.150.60.242 | 192.168.2.6 |
Feb 23, 2021 11:54:18.437283039 CET | 49754 | 80 | 192.168.2.6 | 103.150.60.242 |
Feb 23, 2021 11:54:18.437305927 CET | 49754 | 80 | 192.168.2.6 | 103.150.60.242 |
Feb 23, 2021 11:54:18.437361002 CET | 80 | 49754 | 103.150.60.242 | 192.168.2.6 |
Feb 23, 2021 11:54:18.437396049 CET | 80 | 49754 | 103.150.60.242 | 192.168.2.6 |
Feb 23, 2021 11:54:18.437414885 CET | 49754 | 80 | 192.168.2.6 | 103.150.60.242 |
Feb 23, 2021 11:54:18.437422037 CET | 80 | 49754 | 103.150.60.242 | 192.168.2.6 |
Feb 23, 2021 11:54:18.437447071 CET | 80 | 49754 | 103.150.60.242 | 192.168.2.6 |
Feb 23, 2021 11:54:18.437448025 CET | 49754 | 80 | 192.168.2.6 | 103.150.60.242 |
Feb 23, 2021 11:54:18.437469006 CET | 80 | 49754 | 103.150.60.242 | 192.168.2.6 |
Feb 23, 2021 11:54:18.437474012 CET | 49754 | 80 | 192.168.2.6 | 103.150.60.242 |
Feb 23, 2021 11:54:18.437491894 CET | 80 | 49754 | 103.150.60.242 | 192.168.2.6 |
Feb 23, 2021 11:54:18.437495947 CET | 49754 | 80 | 192.168.2.6 | 103.150.60.242 |
Feb 23, 2021 11:54:18.437513113 CET | 80 | 49754 | 103.150.60.242 | 192.168.2.6 |
Feb 23, 2021 11:54:18.437522888 CET | 49754 | 80 | 192.168.2.6 | 103.150.60.242 |
Feb 23, 2021 11:54:18.437536001 CET | 80 | 49754 | 103.150.60.242 | 192.168.2.6 |
Feb 23, 2021 11:54:18.437570095 CET | 49754 | 80 | 192.168.2.6 | 103.150.60.242 |
Feb 23, 2021 11:54:18.437604904 CET | 49754 | 80 | 192.168.2.6 | 103.150.60.242 |
Feb 23, 2021 11:54:18.437608004 CET | 80 | 49754 | 103.150.60.242 | 192.168.2.6 |
Feb 23, 2021 11:54:18.437629938 CET | 80 | 49754 | 103.150.60.242 | 192.168.2.6 |
Feb 23, 2021 11:54:18.437660933 CET | 49754 | 80 | 192.168.2.6 | 103.150.60.242 |
Feb 23, 2021 11:54:18.437664032 CET | 80 | 49754 | 103.150.60.242 | 192.168.2.6 |
Feb 23, 2021 11:54:18.437690020 CET | 80 | 49754 | 103.150.60.242 | 192.168.2.6 |
Feb 23, 2021 11:54:18.437694073 CET | 49754 | 80 | 192.168.2.6 | 103.150.60.242 |
Feb 23, 2021 11:54:18.437719107 CET | 49754 | 80 | 192.168.2.6 | 103.150.60.242 |
Feb 23, 2021 11:54:18.437743902 CET | 49754 | 80 | 192.168.2.6 | 103.150.60.242 |
Feb 23, 2021 11:54:18.437886000 CET | 80 | 49754 | 103.150.60.242 | 192.168.2.6 |
Feb 23, 2021 11:54:18.437908888 CET | 80 | 49754 | 103.150.60.242 | 192.168.2.6 |
Feb 23, 2021 11:54:18.437931061 CET | 80 | 49754 | 103.150.60.242 | 192.168.2.6 |
Feb 23, 2021 11:54:18.437942028 CET | 49754 | 80 | 192.168.2.6 | 103.150.60.242 |
Feb 23, 2021 11:54:18.437952042 CET | 80 | 49754 | 103.150.60.242 | 192.168.2.6 |
Feb 23, 2021 11:54:18.437978983 CET | 80 | 49754 | 103.150.60.242 | 192.168.2.6 |
Feb 23, 2021 11:54:18.437978983 CET | 49754 | 80 | 192.168.2.6 | 103.150.60.242 |
Feb 23, 2021 11:54:18.438002110 CET | 80 | 49754 | 103.150.60.242 | 192.168.2.6 |
Feb 23, 2021 11:54:18.438024044 CET | 80 | 49754 | 103.150.60.242 | 192.168.2.6 |
Feb 23, 2021 11:54:18.438024044 CET | 49754 | 80 | 192.168.2.6 | 103.150.60.242 |
Feb 23, 2021 11:54:18.438046932 CET | 80 | 49754 | 103.150.60.242 | 192.168.2.6 |
Feb 23, 2021 11:54:18.438066959 CET | 49754 | 80 | 192.168.2.6 | 103.150.60.242 |
Feb 23, 2021 11:54:18.438067913 CET | 80 | 49754 | 103.150.60.242 | 192.168.2.6 |
Feb 23, 2021 11:54:18.438088894 CET | 80 | 49754 | 103.150.60.242 | 192.168.2.6 |
Feb 23, 2021 11:54:18.438101053 CET | 49754 | 80 | 192.168.2.6 | 103.150.60.242 |
Feb 23, 2021 11:54:18.438108921 CET | 80 | 49754 | 103.150.60.242 | 192.168.2.6 |
Feb 23, 2021 11:54:18.438131094 CET | 80 | 49754 | 103.150.60.242 | 192.168.2.6 |
Feb 23, 2021 11:54:18.438138962 CET | 49754 | 80 | 192.168.2.6 | 103.150.60.242 |
Feb 23, 2021 11:54:18.438179016 CET | 49754 | 80 | 192.168.2.6 | 103.150.60.242 |
Feb 23, 2021 11:54:18.438249111 CET | 80 | 49754 | 103.150.60.242 | 192.168.2.6 |
Feb 23, 2021 11:54:18.438296080 CET | 49754 | 80 | 192.168.2.6 | 103.150.60.242 |
Feb 23, 2021 11:54:18.438364983 CET | 80 | 49754 | 103.150.60.242 | 192.168.2.6 |
Feb 23, 2021 11:54:18.438411951 CET | 49754 | 80 | 192.168.2.6 | 103.150.60.242 |
Feb 23, 2021 11:54:18.677576065 CET | 80 | 49754 | 103.150.60.242 | 192.168.2.6 |
Feb 23, 2021 11:54:18.677613020 CET | 80 | 49754 | 103.150.60.242 | 192.168.2.6 |
Feb 23, 2021 11:54:18.677637100 CET | 80 | 49754 | 103.150.60.242 | 192.168.2.6 |
Feb 23, 2021 11:54:18.677659988 CET | 80 | 49754 | 103.150.60.242 | 192.168.2.6 |
Feb 23, 2021 11:54:18.677685022 CET | 80 | 49754 | 103.150.60.242 | 192.168.2.6 |
Feb 23, 2021 11:54:18.677825928 CET | 49754 | 80 | 192.168.2.6 | 103.150.60.242 |
Feb 23, 2021 11:54:18.677879095 CET | 49754 | 80 | 192.168.2.6 | 103.150.60.242 |
Feb 23, 2021 11:54:18.677944899 CET | 80 | 49754 | 103.150.60.242 | 192.168.2.6 |
Feb 23, 2021 11:54:18.677968979 CET | 80 | 49754 | 103.150.60.242 | 192.168.2.6 |
Feb 23, 2021 11:54:18.677992105 CET | 80 | 49754 | 103.150.60.242 | 192.168.2.6 |
Feb 23, 2021 11:54:18.678016901 CET | 80 | 49754 | 103.150.60.242 | 192.168.2.6 |
Feb 23, 2021 11:54:18.678041935 CET | 80 | 49754 | 103.150.60.242 | 192.168.2.6 |
Feb 23, 2021 11:54:18.678052902 CET | 49754 | 80 | 192.168.2.6 | 103.150.60.242 |
Feb 23, 2021 11:54:18.678066969 CET | 80 | 49754 | 103.150.60.242 | 192.168.2.6 |
Feb 23, 2021 11:54:18.678088903 CET | 80 | 49754 | 103.150.60.242 | 192.168.2.6 |
Feb 23, 2021 11:54:18.678100109 CET | 49754 | 80 | 192.168.2.6 | 103.150.60.242 |
Feb 23, 2021 11:54:18.678112030 CET | 80 | 49754 | 103.150.60.242 | 192.168.2.6 |
Feb 23, 2021 11:54:18.678123951 CET | 49754 | 80 | 192.168.2.6 | 103.150.60.242 |
Feb 23, 2021 11:54:18.678138018 CET | 80 | 49754 | 103.150.60.242 | 192.168.2.6 |
Feb 23, 2021 11:54:18.678158998 CET | 49754 | 80 | 192.168.2.6 | 103.150.60.242 |
Feb 23, 2021 11:54:18.678191900 CET | 49754 | 80 | 192.168.2.6 | 103.150.60.242 |
Feb 23, 2021 11:54:18.678214073 CET | 80 | 49754 | 103.150.60.242 | 192.168.2.6 |
Feb 23, 2021 11:54:18.678236008 CET | 80 | 49754 | 103.150.60.242 | 192.168.2.6 |
Feb 23, 2021 11:54:18.678270102 CET | 49754 | 80 | 192.168.2.6 | 103.150.60.242 |
Feb 23, 2021 11:54:18.678292990 CET | 49754 | 80 | 192.168.2.6 | 103.150.60.242 |
Feb 23, 2021 11:54:18.678493023 CET | 80 | 49754 | 103.150.60.242 | 192.168.2.6 |
Feb 23, 2021 11:54:18.678523064 CET | 80 | 49754 | 103.150.60.242 | 192.168.2.6 |
Feb 23, 2021 11:54:18.678546906 CET | 80 | 49754 | 103.150.60.242 | 192.168.2.6 |
Feb 23, 2021 11:54:18.678553104 CET | 49754 | 80 | 192.168.2.6 | 103.150.60.242 |
Feb 23, 2021 11:54:18.678565979 CET | 49754 | 80 | 192.168.2.6 | 103.150.60.242 |
Feb 23, 2021 11:54:18.678569078 CET | 80 | 49754 | 103.150.60.242 | 192.168.2.6 |
Feb 23, 2021 11:54:18.678594112 CET | 49754 | 80 | 192.168.2.6 | 103.150.60.242 |
Feb 23, 2021 11:54:18.678594112 CET | 80 | 49754 | 103.150.60.242 | 192.168.2.6 |
Feb 23, 2021 11:54:18.678617001 CET | 49754 | 80 | 192.168.2.6 | 103.150.60.242 |
Feb 23, 2021 11:54:18.678622007 CET | 80 | 49754 | 103.150.60.242 | 192.168.2.6 |
Feb 23, 2021 11:54:18.678634882 CET | 49754 | 80 | 192.168.2.6 | 103.150.60.242 |
Feb 23, 2021 11:54:18.678646088 CET | 80 | 49754 | 103.150.60.242 | 192.168.2.6 |
Feb 23, 2021 11:54:18.678658009 CET | 49754 | 80 | 192.168.2.6 | 103.150.60.242 |
Feb 23, 2021 11:54:18.678668976 CET | 80 | 49754 | 103.150.60.242 | 192.168.2.6 |
Feb 23, 2021 11:54:18.678680897 CET | 49754 | 80 | 192.168.2.6 | 103.150.60.242 |
Feb 23, 2021 11:54:18.678692102 CET | 80 | 49754 | 103.150.60.242 | 192.168.2.6 |
Feb 23, 2021 11:54:18.678716898 CET | 80 | 49754 | 103.150.60.242 | 192.168.2.6 |
Feb 23, 2021 11:54:18.678716898 CET | 49754 | 80 | 192.168.2.6 | 103.150.60.242 |
Feb 23, 2021 11:54:18.678730965 CET | 49754 | 80 | 192.168.2.6 | 103.150.60.242 |
Feb 23, 2021 11:54:18.678741932 CET | 80 | 49754 | 103.150.60.242 | 192.168.2.6 |
Feb 23, 2021 11:54:18.678762913 CET | 80 | 49754 | 103.150.60.242 | 192.168.2.6 |
Feb 23, 2021 11:54:18.678765059 CET | 49754 | 80 | 192.168.2.6 | 103.150.60.242 |
Feb 23, 2021 11:54:18.678793907 CET | 49754 | 80 | 192.168.2.6 | 103.150.60.242 |
Feb 23, 2021 11:54:18.678816080 CET | 49754 | 80 | 192.168.2.6 | 103.150.60.242 |
Feb 23, 2021 11:54:18.678903103 CET | 80 | 49754 | 103.150.60.242 | 192.168.2.6 |
Feb 23, 2021 11:54:18.678960085 CET | 49754 | 80 | 192.168.2.6 | 103.150.60.242 |
Feb 23, 2021 11:54:22.081600904 CET | 49754 | 80 | 192.168.2.6 | 103.150.60.242 |
UDP Packets |
---|
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Feb 23, 2021 11:50:20.494863033 CET | 64267 | 53 | 192.168.2.6 | 8.8.8.8 |
Feb 23, 2021 11:50:20.553150892 CET | 53 | 64267 | 8.8.8.8 | 192.168.2.6 |
Feb 23, 2021 11:50:20.665954113 CET | 49448 | 53 | 192.168.2.6 | 8.8.8.8 |
Feb 23, 2021 11:50:20.717654943 CET | 53 | 49448 | 8.8.8.8 | 192.168.2.6 |
Feb 23, 2021 11:50:22.611630917 CET | 60342 | 53 | 192.168.2.6 | 8.8.8.8 |
Feb 23, 2021 11:50:22.664818048 CET | 53 | 60342 | 8.8.8.8 | 192.168.2.6 |
Feb 23, 2021 11:50:23.752387047 CET | 61346 | 53 | 192.168.2.6 | 8.8.8.8 |
Feb 23, 2021 11:50:23.801295042 CET | 53 | 61346 | 8.8.8.8 | 192.168.2.6 |
Feb 23, 2021 11:50:25.206598997 CET | 51774 | 53 | 192.168.2.6 | 8.8.8.8 |
Feb 23, 2021 11:50:25.255214930 CET | 53 | 51774 | 8.8.8.8 | 192.168.2.6 |
Feb 23, 2021 11:50:26.356784105 CET | 56023 | 53 | 192.168.2.6 | 8.8.8.8 |
Feb 23, 2021 11:50:26.405522108 CET | 53 | 56023 | 8.8.8.8 | 192.168.2.6 |
Feb 23, 2021 11:50:47.749281883 CET | 58384 | 53 | 192.168.2.6 | 8.8.8.8 |
Feb 23, 2021 11:50:47.802433014 CET | 53 | 58384 | 8.8.8.8 | 192.168.2.6 |
Feb 23, 2021 11:50:49.065958977 CET | 60261 | 53 | 192.168.2.6 | 8.8.8.8 |
Feb 23, 2021 11:50:49.117599010 CET | 53 | 60261 | 8.8.8.8 | 192.168.2.6 |
Feb 23, 2021 11:50:50.449726105 CET | 56061 | 53 | 192.168.2.6 | 8.8.8.8 |
Feb 23, 2021 11:50:50.498434067 CET | 53 | 56061 | 8.8.8.8 | 192.168.2.6 |
Feb 23, 2021 11:50:51.436479092 CET | 58336 | 53 | 192.168.2.6 | 8.8.8.8 |
Feb 23, 2021 11:50:51.498264074 CET | 53 | 58336 | 8.8.8.8 | 192.168.2.6 |
Feb 23, 2021 11:50:55.571991920 CET | 53781 | 53 | 192.168.2.6 | 8.8.8.8 |
Feb 23, 2021 11:50:55.621051073 CET | 53 | 53781 | 8.8.8.8 | 192.168.2.6 |
Feb 23, 2021 11:50:58.362514973 CET | 54064 | 53 | 192.168.2.6 | 8.8.8.8 |
Feb 23, 2021 11:50:58.411736012 CET | 53 | 54064 | 8.8.8.8 | 192.168.2.6 |
Feb 23, 2021 11:50:59.567500114 CET | 52811 | 53 | 192.168.2.6 | 8.8.8.8 |
Feb 23, 2021 11:50:59.616815090 CET | 53 | 52811 | 8.8.8.8 | 192.168.2.6 |
Feb 23, 2021 11:51:00.687546968 CET | 55299 | 53 | 192.168.2.6 | 8.8.8.8 |
Feb 23, 2021 11:51:00.740309000 CET | 53 | 55299 | 8.8.8.8 | 192.168.2.6 |
Feb 23, 2021 11:51:04.048954010 CET | 63745 | 53 | 192.168.2.6 | 8.8.8.8 |
Feb 23, 2021 11:51:04.099860907 CET | 53 | 63745 | 8.8.8.8 | 192.168.2.6 |
Feb 23, 2021 11:51:05.391443968 CET | 50055 | 53 | 192.168.2.6 | 8.8.8.8 |
Feb 23, 2021 11:51:05.443031073 CET | 53 | 50055 | 8.8.8.8 | 192.168.2.6 |
Feb 23, 2021 11:51:09.158325911 CET | 61374 | 53 | 192.168.2.6 | 8.8.8.8 |
Feb 23, 2021 11:51:09.219770908 CET | 53 | 61374 | 8.8.8.8 | 192.168.2.6 |
Feb 23, 2021 11:51:10.251880884 CET | 50339 | 53 | 192.168.2.6 | 8.8.8.8 |
Feb 23, 2021 11:51:10.303505898 CET | 53 | 50339 | 8.8.8.8 | 192.168.2.6 |
Feb 23, 2021 11:51:11.731232882 CET | 63307 | 53 | 192.168.2.6 | 8.8.8.8 |
Feb 23, 2021 11:51:11.780613899 CET | 53 | 63307 | 8.8.8.8 | 192.168.2.6 |
Feb 23, 2021 11:51:16.328846931 CET | 49694 | 53 | 192.168.2.6 | 8.8.8.8 |
Feb 23, 2021 11:51:16.380301952 CET | 53 | 49694 | 8.8.8.8 | 192.168.2.6 |
Feb 23, 2021 11:51:22.589905024 CET | 54982 | 53 | 192.168.2.6 | 8.8.8.8 |
Feb 23, 2021 11:51:22.646641016 CET | 53 | 54982 | 8.8.8.8 | 192.168.2.6 |
Feb 23, 2021 11:51:23.502558947 CET | 50010 | 53 | 192.168.2.6 | 8.8.8.8 |
Feb 23, 2021 11:51:23.561414957 CET | 53 | 50010 | 8.8.8.8 | 192.168.2.6 |
Feb 23, 2021 11:51:24.597790003 CET | 63718 | 53 | 192.168.2.6 | 8.8.8.8 |
Feb 23, 2021 11:51:24.655122995 CET | 53 | 63718 | 8.8.8.8 | 192.168.2.6 |
Feb 23, 2021 11:51:25.062428951 CET | 62116 | 53 | 192.168.2.6 | 8.8.8.8 |
Feb 23, 2021 11:51:25.112900972 CET | 53 | 62116 | 8.8.8.8 | 192.168.2.6 |
Feb 23, 2021 11:51:25.580322027 CET | 63816 | 53 | 192.168.2.6 | 8.8.8.8 |
Feb 23, 2021 11:51:25.637217045 CET | 53 | 63816 | 8.8.8.8 | 192.168.2.6 |
Feb 23, 2021 11:51:26.145210981 CET | 55014 | 53 | 192.168.2.6 | 8.8.8.8 |
Feb 23, 2021 11:51:26.194143057 CET | 53 | 55014 | 8.8.8.8 | 192.168.2.6 |
Feb 23, 2021 11:51:26.768337011 CET | 62208 | 53 | 192.168.2.6 | 8.8.8.8 |
Feb 23, 2021 11:51:26.819892883 CET | 53 | 62208 | 8.8.8.8 | 192.168.2.6 |
Feb 23, 2021 11:51:26.949472904 CET | 57574 | 53 | 192.168.2.6 | 8.8.8.8 |
Feb 23, 2021 11:51:27.009488106 CET | 53 | 57574 | 8.8.8.8 | 192.168.2.6 |
Feb 23, 2021 11:51:27.723774910 CET | 51818 | 53 | 192.168.2.6 | 8.8.8.8 |
Feb 23, 2021 11:51:27.781016111 CET | 53 | 51818 | 8.8.8.8 | 192.168.2.6 |
Feb 23, 2021 11:51:28.796834946 CET | 56628 | 53 | 192.168.2.6 | 8.8.8.8 |
Feb 23, 2021 11:51:28.848501921 CET | 53 | 56628 | 8.8.8.8 | 192.168.2.6 |
Feb 23, 2021 11:51:29.329248905 CET | 60778 | 53 | 192.168.2.6 | 8.8.8.8 |
Feb 23, 2021 11:51:29.386674881 CET | 53 | 60778 | 8.8.8.8 | 192.168.2.6 |
Feb 23, 2021 11:51:34.320015907 CET | 53799 | 53 | 192.168.2.6 | 8.8.8.8 |
Feb 23, 2021 11:51:34.378639936 CET | 53 | 53799 | 8.8.8.8 | 192.168.2.6 |
Feb 23, 2021 11:51:59.111588001 CET | 54683 | 53 | 192.168.2.6 | 8.8.8.8 |
Feb 23, 2021 11:51:59.173008919 CET | 53 | 54683 | 8.8.8.8 | 192.168.2.6 |
Feb 23, 2021 11:52:02.304603100 CET | 59329 | 53 | 192.168.2.6 | 8.8.8.8 |
Feb 23, 2021 11:52:02.353513002 CET | 53 | 59329 | 8.8.8.8 | 192.168.2.6 |
Feb 23, 2021 11:52:05.716749907 CET | 64021 | 53 | 192.168.2.6 | 8.8.8.8 |
Feb 23, 2021 11:52:05.773998022 CET | 53 | 64021 | 8.8.8.8 | 192.168.2.6 |
Feb 23, 2021 11:54:16.919399977 CET | 56129 | 53 | 192.168.2.6 | 8.8.8.8 |
Feb 23, 2021 11:54:17.435394049 CET | 53 | 56129 | 8.8.8.8 | 192.168.2.6 |
DNS Queries |
---|
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class |
---|---|---|---|---|---|---|---|
Feb 23, 2021 11:54:16.919399977 CET | 192.168.2.6 | 8.8.8.8 | 0x1496 | Standard query (0) | A (IP address) | IN (0x0001) |
DNS Answers |
---|
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class |
---|---|---|---|---|---|---|---|---|---|
Feb 23, 2021 11:54:17.435394049 CET | 8.8.8.8 | 192.168.2.6 | 0x1496 | No error (0) | 103.150.60.242 | A (IP address) | IN (0x0001) |
HTTP Request Dependency Graph |
---|
|
HTTP Packets |
---|
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
0 | 192.168.2.6 | 49754 | 103.150.60.242 | 80 | C:\Users\user\Desktop\SecuriteInfo.com.Variant.Razy.845229.27038.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Feb 23, 2021 11:54:17.706018925 CET | 5165 | OUT | |
Feb 23, 2021 11:54:17.948966026 CET | 5166 | IN |