9.8
极危
51 个模型检测该样本为恶意!
重新分析
更多

f5ac542884e0f16934851628e934824c0fc3d9798851e5ffe6f3bc70f3a9b14b

615a54a953798b30a0568da3a2d0303e.exe

分析耗时

104s

最近分析

文件大小

1.1MB
静态报毒 动态报毒 AGEN AI SCORE=80 ARTEMIS ATTRIBUTE AUTOIT BSCOPE CONFIDENCE FODHPG GENERIC PUA PJ GENERIC@ML GENERICRXHW GENETIC GNLFAUCW HIGHCONFIDENCE INSTALLER KDNKHKIMRABINPXENIJD MALWARE@#2Z0N8QLH29X90 MAUVAISE MODERATE CONFIDENCE R002C0CJV19 R277329 RAZY RDMK SOFTCNAPP SUSPICIOUS PE UNSAFE YANTAI ZEXAF 更多
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
McAfee Artemis!615A54A95379 20191113 6.0.6.653
Alibaba Downloader:Win32/Generic.ea5c3b76 20190527 0.3.0.5
Baidu 20190318 1.0.0.2
Avast Win32:Malware-gen 20191114 18.4.3895.0
Tencent 20191114 1.0.0.1
Kingsoft 20191114 2013.8.14.323
CrowdStrike win/malicious_confidence_70% (D) 20190702 1.0
行为判定
动态指标
HTTP traffic contains suspicious features which may be indicative of malware related traffic (3 个事件)
suspicious_features GET method with no useragent header suspicious_request GET http://ip.taobao.com/service/getIpInfo.php?ip=myip
suspicious_features POST method with no referer header, POST method with no useragent header suspicious_request POST http://softlog.xiaota.com/api/pushdata
suspicious_features GET method with no useragent header suspicious_request GET http://api.tgjkbx.cn/getsoft///
Performs some HTTP requests (5 个事件)
request GET http://ip.taobao.com/service/getIpInfo.php?ip=myip
request POST http://softlog.xiaota.com/api/pushdata
request GET http://update.bskrt.com/xzqnew/tj/azq.html?start
request GET http://update.bskrt.com/xzqnew/read.php/t_ads/n_xzq/c_xzq-/rgn_/ctd_/cnt_/mid_A3A433A461A34709E32E31BAA70CAC9D/d_2018122715/virer_1.gif
request GET http://api.tgjkbx.cn/getsoft///
Sends data using the HTTP POST Method (1 个事件)
request POST http://softlog.xiaota.com/api/pushdata
Queries the disk size which could be used to detect virtual machine with small fixed size or dynamic allocation (1 个事件)
Time & API Arguments Status Return Repeated
1620771249.143126
GetDiskFreeSpaceExW
root_path: C:
free_bytes_available: 19607441408
total_number_of_free_bytes: 19607441408
total_number_of_bytes: 34252779520
success 1 0
Foreign language identified in PE resource (24 个事件)
name DATA language LANG_CHINESE offset 0x00236f30 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x0002a9b0
name RT_ICON language LANG_CHINESE offset 0x0028687c filetype GLS_BINARY_LSB_FIRST sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000468
name RT_ICON language LANG_CHINESE offset 0x0028687c filetype GLS_BINARY_LSB_FIRST sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000468
name RT_ICON language LANG_CHINESE offset 0x0028687c filetype GLS_BINARY_LSB_FIRST sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000468
name RT_ICON language LANG_CHINESE offset 0x0028687c filetype GLS_BINARY_LSB_FIRST sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000468
name RT_ICON language LANG_CHINESE offset 0x0028687c filetype GLS_BINARY_LSB_FIRST sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000468
name RT_ICON language LANG_CHINESE offset 0x0028687c filetype GLS_BINARY_LSB_FIRST sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000468
name RT_ICON language LANG_CHINESE offset 0x0028687c filetype GLS_BINARY_LSB_FIRST sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000468
name RT_ICON language LANG_CHINESE offset 0x0028687c filetype GLS_BINARY_LSB_FIRST sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000468
name RT_ICON language LANG_CHINESE offset 0x0028687c filetype GLS_BINARY_LSB_FIRST sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000468
name RT_ICON language LANG_CHINESE offset 0x0028687c filetype GLS_BINARY_LSB_FIRST sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000468
name RT_ICON language LANG_CHINESE offset 0x0028687c filetype GLS_BINARY_LSB_FIRST sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000468
name RT_ICON language LANG_CHINESE offset 0x0028687c filetype GLS_BINARY_LSB_FIRST sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000468
name RT_ICON language LANG_CHINESE offset 0x0028687c filetype GLS_BINARY_LSB_FIRST sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000468
name RT_ICON language LANG_CHINESE offset 0x0028687c filetype GLS_BINARY_LSB_FIRST sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000468
name RT_ICON language LANG_CHINESE offset 0x0028687c filetype GLS_BINARY_LSB_FIRST sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000468
name RT_ICON language LANG_CHINESE offset 0x0028687c filetype GLS_BINARY_LSB_FIRST sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000468
name RT_MENU language LANG_CHINESE offset 0x00236da0 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000050
name RT_DIALOG language LANG_CHINESE offset 0x00236e00 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000130
name RT_STRING language LANG_CHINESE offset 0x00261b50 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000050
name RT_ACCELERATOR language LANG_CHINESE offset 0x00236df0 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000010
name RT_GROUP_ICON language LANG_CHINESE offset 0x00286d64 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000076
name RT_GROUP_ICON language LANG_CHINESE offset 0x00286d64 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000076
name RT_VERSION language LANG_CHINESE offset 0x00286de0 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x0000026c
Searches running processes potentially to identify processes for sandbox evasion, code injection or memory dumping (2 个事件)
Checks adapter addresses which can be used to detect virtual network interfaces (1 个事件)
Time & API Arguments Status Return Repeated
1620771241.877126
GetAdaptersAddresses
flags: 0
family: 0
failed 111 0
The binary likely contains encrypted or compressed data indicative of a packer (2 个事件)
entropy 7.928065565154607 section {'size_of_data': '0x0010b400', 'virtual_address': '0x0016f000', 'entropy': 7.928065565154607, 'name': 'UPX1', 'virtual_size': '0x0010c000'} description A section with a high entropy has been found
entropy 0.9553172475424486 description Overall entropy of this PE file is high
Repeatedly searches for a not-found process, you may want to run a web browser during analysis (24 个事件)
Time & API Arguments Status Return Repeated
1620771242.033126
Process32NextW
process_name: conhost.exe
snapshot_handle: 0x000004c4
process_identifier: 2868
failed 0 0
1620771242.033126
Process32NextW
process_name: conhost.exe
snapshot_handle: 0x000004c4
process_identifier: 2868
failed 0 0
1620771242.033126
Process32NextW
process_name: conhost.exe
snapshot_handle: 0x000004c4
process_identifier: 2868
failed 0 0
1620771242.033126
Process32NextW
process_name: conhost.exe
snapshot_handle: 0x000004c4
process_identifier: 2868
failed 0 0
1620771242.033126
Process32NextW
process_name: conhost.exe
snapshot_handle: 0x000004c4
process_identifier: 2868
failed 0 0
1620771242.033126
Process32NextW
process_name: conhost.exe
snapshot_handle: 0x000004c4
process_identifier: 2868
failed 0 0
1620771242.033126
Process32NextW
process_name: conhost.exe
snapshot_handle: 0x000004c4
process_identifier: 2868
failed 0 0
1620771242.049126
Process32NextW
process_name: conhost.exe
snapshot_handle: 0x000004c4
process_identifier: 2868
failed 0 0
1620771242.049126
Process32NextW
process_name: conhost.exe
snapshot_handle: 0x000004c4
process_identifier: 2868
failed 0 0
1620771242.049126
Process32NextW
process_name: conhost.exe
snapshot_handle: 0x000004c4
process_identifier: 2868
failed 0 0
1620771242.049126
Process32NextW
process_name: conhost.exe
snapshot_handle: 0x000004c4
process_identifier: 2868
failed 0 0
1620771242.049126
Process32NextW
process_name: conhost.exe
snapshot_handle: 0x000004c4
process_identifier: 2868
failed 0 0
1620771242.221126
Process32NextW
process_name: 615a54a953798b30a0568da3a2d0303e.exe
snapshot_handle: 0x000004d4
process_identifier: 1880
failed 0 0
1620771242.221126
Process32NextW
process_name: 615a54a953798b30a0568da3a2d0303e.exe
snapshot_handle: 0x000004d4
process_identifier: 1880
failed 0 0
1620771242.221126
Process32NextW
process_name: 615a54a953798b30a0568da3a2d0303e.exe
snapshot_handle: 0x000004d4
process_identifier: 1880
failed 0 0
1620771242.236126
Process32NextW
process_name: 615a54a953798b30a0568da3a2d0303e.exe
snapshot_handle: 0x000004d4
process_identifier: 1880
failed 0 0
1620771242.236126
Process32NextW
process_name: 615a54a953798b30a0568da3a2d0303e.exe
snapshot_handle: 0x000004d4
process_identifier: 1880
failed 0 0
1620771242.236126
Process32NextW
process_name: 615a54a953798b30a0568da3a2d0303e.exe
snapshot_handle: 0x000004d4
process_identifier: 1880
failed 0 0
1620771242.236126
Process32NextW
process_name: 615a54a953798b30a0568da3a2d0303e.exe
snapshot_handle: 0x000004d4
process_identifier: 1880
failed 0 0
1620771242.236126
Process32NextW
process_name: 615a54a953798b30a0568da3a2d0303e.exe
snapshot_handle: 0x000004d4
process_identifier: 1880
failed 0 0
1620771242.252126
Process32NextW
process_name: 615a54a953798b30a0568da3a2d0303e.exe
snapshot_handle: 0x000004d4
process_identifier: 1880
failed 0 0
1620771242.252126
Process32NextW
process_name: 615a54a953798b30a0568da3a2d0303e.exe
snapshot_handle: 0x000004d4
process_identifier: 1880
failed 0 0
1620771242.252126
Process32NextW
process_name: 615a54a953798b30a0568da3a2d0303e.exe
snapshot_handle: 0x000004d4
process_identifier: 1880
failed 0 0
1620771242.252126
Process32NextW
process_name: 615a54a953798b30a0568da3a2d0303e.exe
snapshot_handle: 0x000004d4
process_identifier: 1880
failed 0 0
Queries for potentially installed applications (2 个事件)
Time & API Arguments Status Return Repeated
1620771242.018126
RegOpenKeyExW
access: 0x00020019
base_handle: 0x80000002
key_handle: 0x00000000
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\美萍电脑安全卫士
regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\美萍电脑安全卫士
options: 0
failed 2 0
1620771242.221126
RegOpenKeyExW
access: 0x00020019
base_handle: 0x80000002
key_handle: 0x00000000
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\美萍电脑安全卫士
regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\美萍电脑安全卫士
options: 0
failed 2 0
The executable is compressed using UPX (2 个事件)
section UPX0 description Section name indicates UPX
section UPX1 description Section name indicates UPX
网络通信
Communicates with host for which no DNS query was performed (1 个事件)
host 172.217.24.14
Disables proxy possibly for traffic interception (1 个事件)
Time & API Arguments Status Return Repeated
1620771241.611126
RegSetValueExA
key_handle: 0x00000374
value: 0
regkey_r: ProxyEnable
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyEnable
success 0 0
Sets or modifies WPAD proxy autoconfiguration file for traffic interception (15 个事件)
Time & API Arguments Status Return Repeated
1620771247.768126
RegSetValueExA
key_handle: 0x000004a4
value: 1
regkey_r: WpadDecisionReason
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionReason
success 0 0
1620771247.768126
RegSetValueExA
key_handle: 0x000004a4
value: Зü¤F×
regkey_r: WpadDecisionTime
reg_type: 3 (REG_BINARY)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionTime
success 0 0
1620771247.768126
RegSetValueExA
key_handle: 0x000004a4
value: 3
regkey_r: WpadDecision
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecision
success 0 0
1620771247.768126
RegSetValueExW
key_handle: 0x000004a4
value: 网络 2
regkey_r: WpadNetworkName
reg_type: 1 (REG_SZ)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadNetworkName
success 0 0
1620771247.768126
RegSetValueExA
key_handle: 0x000004c8
value: 1
regkey_r: WpadDecisionReason
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionReason
success 0 0
1620771247.768126
RegSetValueExA
key_handle: 0x000004c8
value: Зü¤F×
regkey_r: WpadDecisionTime
reg_type: 3 (REG_BINARY)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionTime
success 0 0
1620771247.768126
RegSetValueExA
key_handle: 0x000004c8
value: 3
regkey_r: WpadDecision
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecision
success 0 0
1620771247.799126
RegSetValueExW
key_handle: 0x000004a0
value: {40112ABE-63B3-43C3-BE93-1440EE3AF106}
regkey_r: WpadLastNetwork
reg_type: 1 (REG_SZ)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\WpadLastNetwork
success 0 0
1620771247.955126
RegSetValueExA
key_handle: 0x000004e0
value: 1
regkey_r: WpadDecisionReason
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionReason
success 0 0
1620771247.955126
RegSetValueExA
key_handle: 0x000004e0
value: 0Bîý¤F×
regkey_r: WpadDecisionTime
reg_type: 3 (REG_BINARY)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionTime
success 0 0
1620771247.955126
RegSetValueExA
key_handle: 0x000004e0
value: 0
regkey_r: WpadDecision
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecision
success 0 0
1620771247.955126
RegSetValueExW
key_handle: 0x000004e0
value: 网络 2
regkey_r: WpadNetworkName
reg_type: 1 (REG_SZ)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadNetworkName
success 0 0
1620771247.955126
RegSetValueExA
key_handle: 0x000004e8
value: 1
regkey_r: WpadDecisionReason
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionReason
success 0 0
1620771247.955126
RegSetValueExA
key_handle: 0x000004e8
value: 0Bîý¤F×
regkey_r: WpadDecisionTime
reg_type: 3 (REG_BINARY)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionTime
success 0 0
1620771247.955126
RegSetValueExA
key_handle: 0x000004e8
value: 0
regkey_r: WpadDecision
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecision
success 0 0
Detects Virtual Machines through their custom firmware (1 个事件)
Time & API Arguments Status Return Repeated
1620771242.049126
NtQuerySystemInformation
information_class: 76 (SystemFirmwareTableInformation)
success 0 0
File has been identified by 51 AntiVirus engines on VirusTotal as malicious (50 out of 51 个事件)
MicroWorld-eScan Gen:Variant.Razy.514062
FireEye Gen:Variant.Razy.514062
CAT-QuickHeal Trojan.Mauvaise.SL1
McAfee Artemis!615A54A95379
Malwarebytes PUP.Optional.Softcnapp
Zillya Downloader.Adload.Win32.85502
K7AntiVirus Trojan-Downloader ( 0054ead51 )
Alibaba Downloader:Win32/Generic.ea5c3b76
K7GW Trojan-Downloader ( 0054ead51 )
Cybereason malicious.953798
Arcabit Trojan.Razy.D7D80E
Invincea heuristic
Symantec ML.Attribute.HighConfidence
APEX Malicious
Kaspersky not-a-virus:HEUR:Downloader.Win32.Generic
BitDefender Gen:Variant.Razy.514062
NANO-Antivirus Trojan.Win32.Softcnapp.fodhpg
SUPERAntiSpyware Trojan.Agent/Gen-Downloader
Avast Win32:Malware-gen
Ad-Aware Gen:Variant.Razy.514062
Emsisoft Gen:Variant.Razy.514062 (B)
Comodo Malware@#2z0n8qlh29x90
F-Secure Heuristic.HEUR/AGEN.1038693
DrWeb Adware.Softcnapp.49
VIPRE Trojan.Win32.Generic!BT
TrendMicro TROJ_GEN.R002C0CJV19
McAfee-GW-Edition GenericRXHW-AL!E39DD3A1287A
Sophos Generic PUA PJ (PUA)
SentinelOne DFI - Suspicious PE
Jiangmin TrojanSpy.AutoIt.jh
Avira HEUR/AGEN.1038693
Antiy-AVL RiskWare[Downloader]/Win32.Yantai
Microsoft TrojanDownloader:Win32/Adload.DL!bit
Endgame malicious (moderate confidence)
ZoneAlarm not-a-virus:HEUR:Downloader.Win32.Generic
GData Gen:Variant.Razy.514062
AhnLab-V3 PUP/Win32.RL_Installer.R277329
Acronis suspicious
BitDefenderTheta Gen:NN.ZexaF.32250.gnLfauCw!mjj
ALYac Gen:Variant.Razy.514062
MAX malware (ai score=80)
VBA32 BScope.Downloader.Yantai
Cylance Unsafe
ESET-NOD32 a variant of Win32/TrojanDownloader.Adload.NUH
TrendMicro-HouseCall TROJ_GEN.R002C0CJV19
Rising Trojan.Generic@ML.84 (RDMK:kdNKHkimRaBInPxENIJD/Q)
Yandex PUA.Downloader!
Ikarus Trojan-Downloader.Win32.Adload
AVG Win32:Malware-gen
Panda Trj/Genetic.gen
Connects to IP addresses that are no longer responding to requests (legitimate services will remain up-and-running usually) (2 个事件)
dead_host 172.217.24.14:443
dead_host 172.217.160.78:443
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

2018-12-27 15:58:26

Imports

Library KERNEL32.DLL:
0x687444 LoadLibraryA
0x687448 GetProcAddress
0x68744c VirtualProtect
0x687450 VirtualAlloc
0x687454 VirtualFree
0x687458 ExitProcess
Library ADVAPI32.dll:
0x687460 RegOpenKeyW
Library COMCTL32.dll:
0x687468
Library GDI32.dll:
0x687470 LineTo
Library gdiplus.dll:
0x687478 GdipFree
Library imagehlp.dll:
Library IMM32.dll:
0x687488 ImmGetContext
Library ole32.dll:
0x687490 DoDragDrop
Library OLEAUT32.dll:
0x687498 VariantClear
Library SHELL32.dll:
0x6874a0 ShellExecuteW
Library SHLWAPI.dll:
0x6874a8 PathFileExistsW
Library urlmon.dll:
0x6874b0 URLDownloadToFileW
Library USER32.dll:
0x6874b8 GetDC
Library VERSION.dll:
0x6874c0 VerQueryValueW
Library WININET.dll:
Library WLDAP32.dll:
0x6874d0
Library WS2_32.dll:
0x6874d8 getsockopt

Hosts

No hosts contacted.

TCP

Source Source Port Destination Destination Port
192.168.56.101 49177 123.206.5.93 softlog.xiaota.com 80
192.168.56.101 49178 139.196.239.175 update.bskrt.com 80
192.168.56.101 49179 140.143.213.182 api.tgjkbx.cn 80
192.168.56.101 49176 59.82.60.16 ip.taobao.com 80

UDP

Source Source Port Destination Destination Port
192.168.56.101 50002 114.114.114.114 53
192.168.56.101 50568 114.114.114.114 53
192.168.56.101 51378 114.114.114.114 53
192.168.56.101 51963 114.114.114.114 53
192.168.56.101 53210 114.114.114.114 53
192.168.56.101 53380 114.114.114.114 53
192.168.56.101 55368 114.114.114.114 53
192.168.56.101 57236 114.114.114.114 53
192.168.56.101 60123 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 123 20.189.79.72 time.windows.com 123
192.168.56.101 53237 224.0.0.252 5355
192.168.56.101 53657 224.0.0.252 5355
192.168.56.101 54178 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 58367 224.0.0.252 5355
192.168.56.101 60088 224.0.0.252 5355
192.168.56.101 60384 224.0.0.252 5355
192.168.56.101 62191 224.0.0.252 5355

HTTP & HTTPS Requests

URI Data
http://update.bskrt.com/xzqnew/tj/azq.html?start 
GET /xzqnew/tj/azq.html?start HTTP/1.1
Accept: */*
Accept-Language: zh-cn
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Host: update.bskrt.com
Connection: Keep-Alive
http://update.bskrt.com/xzqnew/read.php/t_ads/n_xzq/c_xzq-/rgn_/ctd_/cnt_/mid_A3A433A461A34709E32E31BAA70CAC9D/d_2018122715/virer_1.gif 
GET /xzqnew/read.php/t_ads/n_xzq/c_xzq-/rgn_/ctd_/cnt_/mid_A3A433A461A34709E32E31BAA70CAC9D/d_2018122715/virer_1.gif HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Host: update.bskrt.com
Connection: Keep-Alive
http://api.tgjkbx.cn/getsoft/// 
GET /getsoft/// HTTP/1.1
Host: api.tgjkbx.cn
Accept: */*
http://ip.taobao.com/service/getIpInfo.php?ip=myip 
GET /service/getIpInfo.php?ip=myip HTTP/1.1
Host: ip.taobao.com
Accept: */*
http://softlog.xiaota.com/api/pushdata 
POST /api/pushdata HTTP/1.1
Host: softlog.xiaota.com
Accept: */*
Content-Length: 532
Content-Type: application/x-www-form-urlencoded

mid=A3A433A461A34709E32E31BAA70CAC9D&time=1620765242&sign=9CC8C1F95AF998185144899F850CD0B8&body=%7B%22datas%22%3A%7B%22slist%22%3A%5B%7B%22id%22%3A%22virer%22%2C%22st%22%3A%220%22%7D%5D%7D%2C%22uinfo%22%3A%7B%22act%22%3A%22inst%22%2C%22acttype%22%3A%22start%22%2C%22app%22%3A%22xzq%22%2C%22ip%22%3A%7B%22cnt%22%3A%22%22%2C%22ctd%22%3A%22%22%2C%22rgn%22%3A%22%22%7D%2C%22mid%22%3A%22A3A433A461A34709E32E31BAA70CAC9D%22%2C%22os%22%3A%22w0601x64%22%2C%22pos%22%3A%22xzq-%22%2C%22time%22%3A%221620765242%22%2C%22ver%22%3A%221.0%22%7D%7D

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.