SmartHawk

7.0

高危

40 个模型检测该样本为恶意！

重新分析

下载样本

e828f89fde1129313864f75dd5b652ff79fd7fef9e642192ea0e1e1b321135cd

8379bdc3c69dff570fa31caeecec036c.exe

分析耗时

51s

最近分析

文件大小

1.3MB

静态报毒动态报毒 100% ARTEMIS AUTOIT CHIPDE CLASSIC CONFIDENCE COVUS DFE@8KKUCP DLSPONSOR DOWNLOADSPONSOR ELDORADO EVRYRN GENERIC PUA AE GRAYWARE HIGH CONFIDENCE MINER R335805 SCORE SIG1 SMDR SOFTCNAPP TSCOPE UNSAFE YPN1NZ 更多

未检测暂无鹰眼引擎检测结果

查杀引擎	查杀结果	查杀时间	查杀版本
Alibaba	Downloader:Win32/Softcnapp.0f4cadcf	20190527	0.3.0.5
Avast		20201206	20.10.5736.0
Baidu		20190318	1.0.0.2
Kingsoft		20201206	2017.9.26.565
McAfee	Artemis!8379BDC3C69D	20201206	6.0.6.653
CrowdStrike	win/malicious_confidence_100% (D)	20190702	1.0

Checks if process is being debugged by a debugger (3 个事件)

Time & API	Arguments	Status	Return	Repeated
1620946617.045531 IsDebuggerPresent		failed	0	0
1620983513.314375 IsDebuggerPresent		failed	0	0
1620983513.314375 IsDebuggerPresent		failed	0	0

Collects information to fingerprint the system (MachineGuid, DigitalProductId, SystemBiosDate) (1 个事件)

registry

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\MachineGuid

This executable is signed

Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available (1 个事件)

Time & API	Arguments	Status	Return	Repeated
1620983513.376375 GlobalMemoryStatusEx		success	1	0

One or more processes crashed (2 个事件)

Time & API	Arguments	Status	Return	Repeated
1620983546.423375 __exception__	stacktrace: 0x7ff005818cf 0x7ff004afb5f StrongNameSignatureVerification+0x450d9 GetMetaDataPublicInterfaceFromInternal-0x76a7 clr+0x106869 @ 0x7fef1b66869 StrongNameSignatureVerification+0x44ee0 GetMetaDataPublicInterfaceFromInternal-0x78a0 clr+0x106670 @ 0x7fef1b66670 StrongNameSignatureVerification+0x44e39 GetMetaDataPublicInterfaceFromInternal-0x7947 clr+0x1065c9 @ 0x7fef1b665c9 RtlDecodePointer+0x13d NtdllDefWindowProc_W-0x131f ntdll+0x29d8d @ 0x77b79d8d RtlUnwindEx+0x43c RtlRaiseException-0xb34 ntdll+0x18a2c @ 0x77b68a2c StrongNameSignatureVerification+0x47724 GetMetaDataPublicInterfaceFromInternal-0x505c clr+0x108eb4 @ 0x7fef1b68eb4 StrongNameSignatureVerification+0x476e1 GetMetaDataPublicInterfaceFromInternal-0x509f clr+0x108e71 @ 0x7fef1b68e71 RtlDecodePointer+0xbd NtdllDefWindowProc_W-0x139f ntdll+0x29d0d @ 0x77b79d0d RtlUnwindEx+0xbbf RtlRaiseException-0x3b1 ntdll+0x191af @ 0x77b691af New_ntdll_RtlDispatchException+0x154 New_ntdll_RtlRemoveVectoredContinueHandler-0x33 @ 0x75636df1 RtlRaiseException+0x248 RtlVirtualUnwind-0x168 ntdll+0x197a8 @ 0x77b697a8 RaiseException+0x3d FreeEnvironmentStringsW-0x373 kernelbase+0xa49d @ 0x7fefdc5a49d StrongNameSignatureVerification+0x456a9 GetMetaDataPublicInterfaceFromInternal-0x70d7 clr+0x106e39 @ 0x7fef1b66e39 StrongNameSignatureVerification+0x48676 GetMetaDataPublicInterfaceFromInternal-0x410a clr+0x109e06 @ 0x7fef1b69e06 0x7ff0058043e StrongNameSignatureVerification+0x450d9 GetMetaDataPublicInterfaceFromInternal-0x76a7 clr+0x106869 @ 0x7fef1b66869 StrongNameSignatureVerification+0x44ee0 GetMetaDataPublicInterfaceFromInternal-0x78a0 clr+0x106670 @ 0x7fef1b66670 StrongNameSignatureVerification+0x44e39 GetMetaDataPublicInterfaceFromInternal-0x7947 clr+0x1065c9 @ 0x7fef1b665c9 RtlDecodePointer+0x13d NtdllDefWindowProc_W-0x131f ntdll+0x29d8d @ 0x77b79d8d RtlUnwindEx+0x43c RtlRaiseException-0xb34 ntdll+0x18a2c @ 0x77b68a2c StrongNameSignatureVerification+0x47724 GetMetaDataPublicInterfaceFromInternal-0x505c clr+0x108eb4 @ 0x7fef1b68eb4 StrongNameSignatureVerification+0x476e1 GetMetaDataPublicInterfaceFromInternal-0x509f clr+0x108e71 @ 0x7fef1b68e71 RtlDecodePointer+0xbd NtdllDefWindowProc_W-0x139f ntdll+0x29d0d @ 0x77b79d0d RtlUnwindEx+0xbbf RtlRaiseException-0x3b1 ntdll+0x191af @ 0x77b691af New_ntdll_RtlDispatchException+0x154 New_ntdll_RtlRemoveVectoredContinueHandler-0x33 @ 0x75636df1 RtlRaiseException+0x248 RtlVirtualUnwind-0x168 ntdll+0x197a8 @ 0x77b697a8 RaiseException+0x3d FreeEnvironmentStringsW-0x373 kernelbase+0xa49d @ 0x7fefdc5a49d StrongNameSignatureVerification+0x456a9 GetMetaDataPublicInterfaceFromInternal-0x70d7 clr+0x106e39 @ 0x7fef1b66e39 CoInitializeEE+0x3307 GetCLRFunction-0xa52d clr+0x1e45c3 @ 0x7fef1c445c3 CreateAssemblyConfigCookie+0x6aa GetAddrOfContractShutoffFlag-0xf983a clr+0x361ee6 @ 0x7fef1dc1ee6 DllRegisterServerInternal-0x2519 clr+0x17c7 @ 0x7fef1a617c7 mscorlib+0x422fbd @ 0x7fef0bc2fbd mscorlib+0x3bb475 @ 0x7fef0b5b475 mscorlib+0x3fa591 @ 0x7fef0b9a591 system+0x74589f @ 0x7fef023589f system+0x745c33 @ 0x7fef0235c33 system+0x77153b @ 0x7fef026153b system+0x7b844c @ 0x7fef02a844c 0x7ff005805de 0x7ff005801df 0x7ff004af960 0x7ff004ae92d 0x7ff004ad8b6 0x7ff004ad41f mscorlib+0x383178 @ 0x7fef0b23178 CoUninitializeEE+0x3d374 CreateAssemblyNameObject-0x2d7dc clr+0x410b4 @ 0x7fef1aa10b4 CoUninitializeEE+0x3d489 CreateAssemblyNameObject-0x2d6c7 clr+0x411c9 @ 0x7fef1aa11c9 CoUninitializeEE+0x3d505 CreateAssemblyNameObject-0x2d64b clr+0x41245 @ 0x7fef1aa1245 StrongNameSignatureVerification+0x59ee GetMetaDataPublicInterfaceFromInternal-0x46d92 clr+0xc717e @ 0x7fef1b2717e StrongNameSignatureVerification+0x5815 GetMetaDataPublicInterfaceFromInternal-0x46f6b clr+0xc6fa5 @ 0x7fef1b26fa5 mscorlib+0x3717e1 @ 0x7fef0b117e1 mscorlib+0x37172b @ 0x7fef0b1172b 0x7ff004ad349 0x7ff004acf76 0x7ff00180369 0x7ff003f5ea3 0x7ff0017f6fd 0x7ff0017dde0 StrongNameSignatureVerification+0x1b357 GetMetaDataPublicInterfaceFromInternal-0x31429 clr+0xdcae7 @ 0x7fef1b3cae7 TranslateMessageEx+0x2a1 IntersectRect-0x11f user32+0x19bd1 @ 0x77949bd1 TranslateMessage+0x1ea DispatchMessageW-0x42 user32+0x198da @ 0x779498da DllRegisterServerInternal-0x2519 clr+0x17c7 @ 0x7fef1a617c7 registers.r14: 4294967295 registers.r9: 0 registers.rcx: 42272784 registers.rsi: 41725697 registers.r10: 8796091973656 registers.rbx: 4640880 registers.rdi: 2677672 registers.r11: 2649856 registers.r8: 41180512 registers.rdx: 0 registers.rbp: 2677312 registers.r15: 40777328 registers.r12: 309168648 registers.rsp: 2677056 registers.rax: 0 registers.r13: 1 exception.instruction_r: 80 38 00 48 8b 4d 30 e8 45 91 f5 ff 48 89 45 38 exception.instruction: cmp byte ptr [rax], 0 exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x7ff005818cf	success	0	0
1620983546.439375 __exception__	stacktrace: RaiseException+0x3d FreeEnvironmentStringsW-0x373 kernelbase+0xa49d @ 0x7fefdc5a49d StrongNameErrorInfo+0x2923c _CorDllMain-0x8904 clr+0x23507c @ 0x7fef1c9507c StrongNameErrorInfo+0x2928a _CorDllMain-0x88b6 clr+0x2350ca @ 0x7fef1c950ca StrongNameErrorInfo+0x29295 _CorDllMain-0x88ab clr+0x2350d5 @ 0x7fef1c950d5 0x7ff004ace40 0x7ff00183591 0x7ff00175351 0x7ff00174981 0x7ff0018854c 0x7ff00172765 CoUninitializeEE+0x3d374 CreateAssemblyNameObject-0x2d7dc clr+0x410b4 @ 0x7fef1aa10b4 CoUninitializeEE+0x3d489 CreateAssemblyNameObject-0x2d6c7 clr+0x411c9 @ 0x7fef1aa11c9 CoUninitializeEE+0x3d505 CreateAssemblyNameObject-0x2d64b clr+0x41245 @ 0x7fef1aa1245 ClrCreateManagedInstance+0x68fd MetaDataGetDispenser-0x6837 clr+0x141675 @ 0x7fef1ba1675 ClrCreateManagedInstance+0x6a34 MetaDataGetDispenser-0x6700 clr+0x1417ac @ 0x7fef1ba17ac ClrCreateManagedInstance+0x67ea MetaDataGetDispenser-0x694a clr+0x141562 @ 0x7fef1ba1562 ClrCreateManagedInstance+0x905e MetaDataGetDispenser-0x40d6 clr+0x143dd6 @ 0x7fef1ba3dd6 ClrCreateManagedInstance+0x8f7b MetaDataGetDispenser-0x41b9 clr+0x143cf3 @ 0x7fef1ba3cf3 _CorExeMain+0x15 NGenCreateNGenWorker-0x17623 clr+0x1c7365 @ 0x7fef1c27365 _CorExeMain+0x49 CreateConfigStream-0x307 mscoreei+0x3309 @ 0x7fef4133309 _CorExeMain+0x69 ND_RU1-0x1707 mscoree+0x5b21 @ 0x7fef41c5b21 BaseThreadInitThunk+0xd CreateThread-0x53 kernel32+0x1652d @ 0x77a4652d RtlUserThreadStart+0x21 strchr-0x3df ntdll+0x2c521 @ 0x77b7c521 registers.r14: 0 registers.r9: 0 registers.rcx: 2673840 registers.rsi: 0 registers.r10: 8791802957376 registers.rbx: 0 registers.rdi: 0 registers.r11: 2675456 registers.r8: 0 registers.rdx: 8791563736224 registers.rbp: 0 registers.r15: 0 registers.r12: 0 registers.rsp: 2685088 registers.rax: 2011250183 registers.r13: 0 exception.instruction_r: 48 81 c4 c8 00 00 00 c3 48 85 f6 74 08 83 3b 00 exception.symbol: RaiseException+0x3d FreeEnvironmentStringsW-0x373 kernelbase+0xa49d exception.instruction: add rsp, 0xc8 exception.module: KERNELBASE.dll exception.exception_code: 0xc0000005 exception.offset: 42141 exception.address: 0x7fefdc5a49d	success	0	0

Time & API

Arguments

Status

Return

Repeated

1620983546.423375
__exception__

stacktrace:

0x7ff005818cf
0x7ff004afb5f
StrongNameSignatureVerification+0x450d9 GetMetaDataPublicInterfaceFromInternal-0x76a7 clr+0x106869 @ 0x7fef1b66869
StrongNameSignatureVerification+0x44ee0 GetMetaDataPublicInterfaceFromInternal-0x78a0 clr+0x106670 @ 0x7fef1b66670
StrongNameSignatureVerification+0x44e39 GetMetaDataPublicInterfaceFromInternal-0x7947 clr+0x1065c9 @ 0x7fef1b665c9
RtlDecodePointer+0x13d NtdllDefWindowProc_W-0x131f ntdll+0x29d8d @ 0x77b79d8d
RtlUnwindEx+0x43c RtlRaiseException-0xb34 ntdll+0x18a2c @ 0x77b68a2c
StrongNameSignatureVerification+0x47724 GetMetaDataPublicInterfaceFromInternal-0x505c clr+0x108eb4 @ 0x7fef1b68eb4
StrongNameSignatureVerification+0x476e1 GetMetaDataPublicInterfaceFromInternal-0x509f clr+0x108e71 @ 0x7fef1b68e71
RtlDecodePointer+0xbd NtdllDefWindowProc_W-0x139f ntdll+0x29d0d @ 0x77b79d0d
RtlUnwindEx+0xbbf RtlRaiseException-0x3b1 ntdll+0x191af @ 0x77b691af
New_ntdll_RtlDispatchException+0x154 New_ntdll_RtlRemoveVectoredContinueHandler-0x33 @ 0x75636df1
RtlRaiseException+0x248 RtlVirtualUnwind-0x168 ntdll+0x197a8 @ 0x77b697a8
RaiseException+0x3d FreeEnvironmentStringsW-0x373 kernelbase+0xa49d @ 0x7fefdc5a49d
StrongNameSignatureVerification+0x456a9 GetMetaDataPublicInterfaceFromInternal-0x70d7 clr+0x106e39 @ 0x7fef1b66e39
StrongNameSignatureVerification+0x48676 GetMetaDataPublicInterfaceFromInternal-0x410a clr+0x109e06 @ 0x7fef1b69e06
0x7ff0058043e
StrongNameSignatureVerification+0x450d9 GetMetaDataPublicInterfaceFromInternal-0x76a7 clr+0x106869 @ 0x7fef1b66869
StrongNameSignatureVerification+0x44ee0 GetMetaDataPublicInterfaceFromInternal-0x78a0 clr+0x106670 @ 0x7fef1b66670
StrongNameSignatureVerification+0x44e39 GetMetaDataPublicInterfaceFromInternal-0x7947 clr+0x1065c9 @ 0x7fef1b665c9
RtlDecodePointer+0x13d NtdllDefWindowProc_W-0x131f ntdll+0x29d8d @ 0x77b79d8d
RtlUnwindEx+0x43c RtlRaiseException-0xb34 ntdll+0x18a2c @ 0x77b68a2c
StrongNameSignatureVerification+0x47724 GetMetaDataPublicInterfaceFromInternal-0x505c clr+0x108eb4 @ 0x7fef1b68eb4
StrongNameSignatureVerification+0x476e1 GetMetaDataPublicInterfaceFromInternal-0x509f clr+0x108e71 @ 0x7fef1b68e71
RtlDecodePointer+0xbd NtdllDefWindowProc_W-0x139f ntdll+0x29d0d @ 0x77b79d0d
RtlUnwindEx+0xbbf RtlRaiseException-0x3b1 ntdll+0x191af @ 0x77b691af
New_ntdll_RtlDispatchException+0x154 New_ntdll_RtlRemoveVectoredContinueHandler-0x33 @ 0x75636df1
RtlRaiseException+0x248 RtlVirtualUnwind-0x168 ntdll+0x197a8 @ 0x77b697a8
RaiseException+0x3d FreeEnvironmentStringsW-0x373 kernelbase+0xa49d @ 0x7fefdc5a49d
StrongNameSignatureVerification+0x456a9 GetMetaDataPublicInterfaceFromInternal-0x70d7 clr+0x106e39 @ 0x7fef1b66e39
CoInitializeEE+0x3307 GetCLRFunction-0xa52d clr+0x1e45c3 @ 0x7fef1c445c3
CreateAssemblyConfigCookie+0x6aa GetAddrOfContractShutoffFlag-0xf983a clr+0x361ee6 @ 0x7fef1dc1ee6
DllRegisterServerInternal-0x2519 clr+0x17c7 @ 0x7fef1a617c7
mscorlib+0x422fbd @ 0x7fef0bc2fbd
mscorlib+0x3bb475 @ 0x7fef0b5b475
mscorlib+0x3fa591 @ 0x7fef0b9a591
system+0x74589f @ 0x7fef023589f
system+0x745c33 @ 0x7fef0235c33
system+0x77153b @ 0x7fef026153b
system+0x7b844c @ 0x7fef02a844c
0x7ff005805de
0x7ff005801df
0x7ff004af960
0x7ff004ae92d
0x7ff004ad8b6
0x7ff004ad41f
mscorlib+0x383178 @ 0x7fef0b23178
CoUninitializeEE+0x3d374 CreateAssemblyNameObject-0x2d7dc clr+0x410b4 @ 0x7fef1aa10b4
CoUninitializeEE+0x3d489 CreateAssemblyNameObject-0x2d6c7 clr+0x411c9 @ 0x7fef1aa11c9
CoUninitializeEE+0x3d505 CreateAssemblyNameObject-0x2d64b clr+0x41245 @ 0x7fef1aa1245
StrongNameSignatureVerification+0x59ee GetMetaDataPublicInterfaceFromInternal-0x46d92 clr+0xc717e @ 0x7fef1b2717e
StrongNameSignatureVerification+0x5815 GetMetaDataPublicInterfaceFromInternal-0x46f6b clr+0xc6fa5 @ 0x7fef1b26fa5
mscorlib+0x3717e1 @ 0x7fef0b117e1
mscorlib+0x37172b @ 0x7fef0b1172b
0x7ff004ad349
0x7ff004acf76
0x7ff00180369
0x7ff003f5ea3
0x7ff0017f6fd
0x7ff0017dde0
StrongNameSignatureVerification+0x1b357 GetMetaDataPublicInterfaceFromInternal-0x31429 clr+0xdcae7 @ 0x7fef1b3cae7
TranslateMessageEx+0x2a1 IntersectRect-0x11f user32+0x19bd1 @ 0x77949bd1
TranslateMessage+0x1ea DispatchMessageW-0x42 user32+0x198da @ 0x779498da
DllRegisterServerInternal-0x2519 clr+0x17c7 @ 0x7fef1a617c7

registers.r14: 4294967295
registers.r9: 0
registers.rcx: 42272784
registers.rsi: 41725697
registers.r10: 8796091973656
registers.rbx: 4640880
registers.rdi: 2677672
registers.r11: 2649856
registers.r8: 41180512
registers.rdx: 0
registers.rbp: 2677312
registers.r15: 40777328
registers.r12: 309168648
registers.rsp: 2677056
registers.rax: 0
registers.r13: 1
exception.instruction_r: 80 38 00 48 8b 4d 30 e8 45 91 f5 ff 48 89 45 38
exception.instruction: cmp byte ptr [rax], 0
exception.exception_code: 0xc0000005
exception.symbol:
exception.address: 0x7ff005818cf

success

1620983546.439375
__exception__

stacktrace:

RaiseException+0x3d FreeEnvironmentStringsW-0x373 kernelbase+0xa49d @ 0x7fefdc5a49d
StrongNameErrorInfo+0x2923c _CorDllMain-0x8904 clr+0x23507c @ 0x7fef1c9507c
StrongNameErrorInfo+0x2928a _CorDllMain-0x88b6 clr+0x2350ca @ 0x7fef1c950ca
StrongNameErrorInfo+0x29295 _CorDllMain-0x88ab clr+0x2350d5 @ 0x7fef1c950d5
0x7ff004ace40
0x7ff00183591
0x7ff00175351
0x7ff00174981
0x7ff0018854c
0x7ff00172765
CoUninitializeEE+0x3d374 CreateAssemblyNameObject-0x2d7dc clr+0x410b4 @ 0x7fef1aa10b4
CoUninitializeEE+0x3d489 CreateAssemblyNameObject-0x2d6c7 clr+0x411c9 @ 0x7fef1aa11c9
CoUninitializeEE+0x3d505 CreateAssemblyNameObject-0x2d64b clr+0x41245 @ 0x7fef1aa1245
ClrCreateManagedInstance+0x68fd MetaDataGetDispenser-0x6837 clr+0x141675 @ 0x7fef1ba1675
ClrCreateManagedInstance+0x6a34 MetaDataGetDispenser-0x6700 clr+0x1417ac @ 0x7fef1ba17ac
ClrCreateManagedInstance+0x67ea MetaDataGetDispenser-0x694a clr+0x141562 @ 0x7fef1ba1562
ClrCreateManagedInstance+0x905e MetaDataGetDispenser-0x40d6 clr+0x143dd6 @ 0x7fef1ba3dd6
ClrCreateManagedInstance+0x8f7b MetaDataGetDispenser-0x41b9 clr+0x143cf3 @ 0x7fef1ba3cf3
_CorExeMain+0x15 NGenCreateNGenWorker-0x17623 clr+0x1c7365 @ 0x7fef1c27365
_CorExeMain+0x49 CreateConfigStream-0x307 mscoreei+0x3309 @ 0x7fef4133309
_CorExeMain+0x69 ND_RU1-0x1707 mscoree+0x5b21 @ 0x7fef41c5b21
BaseThreadInitThunk+0xd CreateThread-0x53 kernel32+0x1652d @ 0x77a4652d
RtlUserThreadStart+0x21 strchr-0x3df ntdll+0x2c521 @ 0x77b7c521

registers.r14: 0
registers.r9: 0
registers.rcx: 2673840
registers.rsi: 0
registers.r10: 8791802957376
registers.rbx: 0
registers.rdi: 0
registers.r11: 2675456
registers.r8: 0
registers.rdx: 8791563736224
registers.rbp: 0
registers.r15: 0
registers.r12: 0
registers.rsp: 2685088
registers.rax: 2011250183
registers.r13: 0
exception.instruction_r: 48 81 c4 c8 00 00 00 c3 48 85 f6 74 08 83 3b 00
exception.symbol: RaiseException+0x3d FreeEnvironmentStringsW-0x373 kernelbase+0xa49d
exception.instruction: add rsp, 0xc8
exception.module: KERNELBASE.dll
exception.exception_code: 0xc0000005
exception.offset: 42141
exception.address: 0x7fefdc5a49d

success

Performs some HTTP requests (2 个事件)

request	GET http://api2.chip-secured-download.de/geoip/geoip.php?ip=3130372e3135322e3130342e323237&givezip=true
request	GET http://api2.chip-secured-download.de/dotnet/com

Allocates read-write-execute memory (usually to unpack itself) (50 out of 521 个事件)

Time & API	Arguments	Status
1620983512.580375 NtAllocateVirtualMemory	process_identifier: 2292 region_size: 1310720 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffffffffffff allocation_type: 8192 (MEM_RESERVE) base_address: 0x0000000000990000	success
1620983512.580375 NtAllocateVirtualMemory	process_identifier: 2292 region_size: 8192 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffffffffffff allocation_type: 4096 (MEM_COMMIT) base_address: 0x0000000000a50000	success
1620983512.908375 NtAllocateVirtualMemory	process_identifier: 2292 region_size: 917504 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffffffffffff allocation_type: 8192 (MEM_RESERVE) base_address: 0x0000000002300000	success
1620983512.908375 NtAllocateVirtualMemory	process_identifier: 2292 region_size: 8192 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffffffffffff allocation_type: 4096 (MEM_COMMIT) base_address: 0x0000000002360000	success
1620983513.017375 NtProtectVirtualMemory	process_identifier: 2292 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffffffffffff base_address: 0x000007fef1a61000	success
1620983513.017375 NtProtectVirtualMemory	process_identifier: 2292 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffffffffffff base_address: 0x000007fef1a61000	success
1620983513.048375 NtProtectVirtualMemory	process_identifier: 2292 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffffffffffff base_address: 0x000007fef20e0000	success
1620983513.298375 NtAllocateVirtualMemory	process_identifier: 2292 region_size: 1703936 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffffffffffff allocation_type: 8192 (MEM_RESERVE) base_address: 0x00000000023e0000	success
1620983513.298375 NtAllocateVirtualMemory	process_identifier: 2292 region_size: 8192 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffffffffffff allocation_type: 4096 (MEM_COMMIT) base_address: 0x0000000002500000	success
1620983513.330375 NtProtectVirtualMemory	process_identifier: 2292 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffffffffffff base_address: 0x000007fef1a62000	success
1620983513.330375 NtProtectVirtualMemory	process_identifier: 2292 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffffffffffff base_address: 0x000007fef1a62000	success
1620983513.330375 NtProtectVirtualMemory	process_identifier: 2292 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffffffffffff base_address: 0x000007fef1a62000	success
1620983513.330375 NtProtectVirtualMemory	process_identifier: 2292 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffffffffffff base_address: 0x000007fef1a62000	success
1620983513.330375 NtProtectVirtualMemory	process_identifier: 2292 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffffffffffff base_address: 0x000007fef1a62000	success
1620983513.345375 NtProtectVirtualMemory	process_identifier: 2292 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffffffffffff base_address: 0x000007fef1a63000	success
1620983513.345375 NtProtectVirtualMemory	process_identifier: 2292 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffffffffffff base_address: 0x000007fef1a63000	success
1620983513.345375 NtProtectVirtualMemory	process_identifier: 2292 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffffffffffff base_address: 0x000007fef1a63000	success
1620983513.345375 NtProtectVirtualMemory	process_identifier: 2292 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffffffffffff base_address: 0x000007fef1a63000	success
1620983513.345375 NtProtectVirtualMemory	process_identifier: 2292 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffffffffffff base_address: 0x000007fef1a63000	success
1620983513.345375 NtProtectVirtualMemory	process_identifier: 2292 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffffffffffff base_address: 0x000007fef1a63000	success
1620983513.345375 NtProtectVirtualMemory	process_identifier: 2292 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffffffffffff base_address: 0x000007fef1a63000	success
1620983513.345375 NtProtectVirtualMemory	process_identifier: 2292 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffffffffffff base_address: 0x000007fef1a61000	success
1620983513.345375 NtProtectVirtualMemory	process_identifier: 2292 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffffffffffff base_address: 0x000007fef1a62000	success
1620983513.345375 NtProtectVirtualMemory	process_identifier: 2292 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffffffffffff base_address: 0x000007fef1a62000	success
1620983513.345375 NtProtectVirtualMemory	process_identifier: 2292 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffffffffffff base_address: 0x000007fef1a62000	success
1620983513.345375 NtProtectVirtualMemory	process_identifier: 2292 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffffffffffff base_address: 0x000007fef1a62000	success
1620983513.345375 NtProtectVirtualMemory	process_identifier: 2292 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffffffffffff base_address: 0x000007fef1a62000	success
1620983513.736375 NtAllocateVirtualMemory	process_identifier: 2292 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffffffffffff allocation_type: 4096 (MEM_COMMIT) base_address: 0x000007ff00052000	success
1620983513.783375 NtAllocateVirtualMemory	process_identifier: 2292 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffffffffffff allocation_type: 4096 (MEM_COMMIT) base_address: 0x000007ff00042000	success
1620983513.986375 NtAllocateVirtualMemory	process_identifier: 2292 region_size: 655360 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffffffffffff allocation_type: 1056768 (MEM_RESERVE\|MEM_TOP_DOWN) base_address: 0x000007fffff00000	success
1620983513.986375 NtAllocateVirtualMemory	process_identifier: 2292 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffffffffffff allocation_type: 4096 (MEM_COMMIT) base_address: 0x000007fffff00000	success
1620983513.986375 NtAllocateVirtualMemory	process_identifier: 2292 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffffffffffff allocation_type: 4096 (MEM_COMMIT) base_address: 0x000007fffff00000	success
1620983513.986375 NtAllocateVirtualMemory	process_identifier: 2292 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffffffffffff allocation_type: 4096 (MEM_COMMIT) base_address: 0x000007fffff10000	success
1620983513.986375 NtAllocateVirtualMemory	process_identifier: 2292 region_size: 65536 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffffffffffff allocation_type: 1056768 (MEM_RESERVE\|MEM_TOP_DOWN) base_address: 0x000007ffffef0000	success
1620983513.986375 NtAllocateVirtualMemory	process_identifier: 2292 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffffffffffff allocation_type: 4096 (MEM_COMMIT) base_address: 0x000007ffffef0000	success
1620983513.986375 NtAllocateVirtualMemory	process_identifier: 2292 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffffffffffff allocation_type: 4096 (MEM_COMMIT) base_address: 0x000007ff0004a000	success
1620983514.033375 NtAllocateVirtualMemory	process_identifier: 2292 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffffffffffff allocation_type: 4096 (MEM_COMMIT) base_address: 0x000007ff00053000	success
1620983514.033375 NtAllocateVirtualMemory	process_identifier: 2292 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffffffffffff allocation_type: 4096 (MEM_COMMIT) base_address: 0x000007ff000fc000	success
1620983514.048375 NtAllocateVirtualMemory	process_identifier: 2292 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffffffffffff allocation_type: 4096 (MEM_COMMIT) base_address: 0x000007ff00126000	success
1620983514.048375 NtAllocateVirtualMemory	process_identifier: 2292 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffffffffffff allocation_type: 4096 (MEM_COMMIT) base_address: 0x000007ff00100000	success
1620983514.345375 NtAllocateVirtualMemory	process_identifier: 2292 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffffffffffff allocation_type: 4096 (MEM_COMMIT) base_address: 0x000007ff00054000	success
1620983515.080375 NtAllocateVirtualMemory	process_identifier: 2292 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffffffffffff allocation_type: 4096 (MEM_COMMIT) base_address: 0x000007ff0004b000	success
1620983515.111375 NtAllocateVirtualMemory	process_identifier: 2292 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffffffffffff allocation_type: 4096 (MEM_COMMIT) base_address: 0x000007ff0005c000	success
1620983515.439375 NtAllocateVirtualMemory	process_identifier: 2292 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffffffffffff allocation_type: 4096 (MEM_COMMIT) base_address: 0x000007ff00170000	success
1620983515.861375 NtAllocateVirtualMemory	process_identifier: 2292 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffffffffffff allocation_type: 4096 (MEM_COMMIT) base_address: 0x000007ff00055000	success
1620983515.861375 NtAllocateVirtualMemory	process_identifier: 2292 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffffffffffff allocation_type: 4096 (MEM_COMMIT) base_address: 0x000007ff00056000	success
1620983516.080375 NtAllocateVirtualMemory	process_identifier: 2292 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffffffffffff allocation_type: 4096 (MEM_COMMIT) base_address: 0x000007ff00057000	success
1620983516.361375 NtAllocateVirtualMemory	process_identifier: 2292 region_size: 20480 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffffffffffff allocation_type: 4096 (MEM_COMMIT) base_address: 0x000007ff00240000	success
1620983516.376375 NtAllocateVirtualMemory	process_identifier: 2292 region_size: 16384 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffffffffffff allocation_type: 4096 (MEM_COMMIT) base_address: 0x000007ff00245000	success
1620983516.470375 NtAllocateVirtualMemory	process_identifier: 2292 region_size: 8192 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffffffffffff allocation_type: 4096 (MEM_COMMIT) base_address: 0x000007ff00249000	success

Checks whether any human activity is being performed by constantly checking whether the foreground window changed

Creates executable files on the filesystem (1 个事件)

file	C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\DMR\dmr_72.exe

Drops a binary and executes it (1 个事件)

file	C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\DMR\dmr_72.exe

Drops an executable to the user AppData folder (1 个事件)

file	C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\DMR\dmr_72.exe

Checks adapter addresses which can be used to detect virtual network interfaces (1 个事件)

Time & API	Arguments	Status	Return	Repeated
1620983537.595375 GetAdaptersAddresses	flags: 15 family: 0	failed	111	0

The binary likely contains encrypted or compressed data indicative of a packer (2 个事件)

entropy

7.935973440756218

section

{'size_of_data': '0x00053c00', 'virtual_address': '0x00178000', 'entropy': 7.935973440756218, 'name': 'UPX1', 'virtual_size': '0x00054000'}

description

A section with a high entropy has been found

entropy

0.25436598329536825

description

Overall entropy of this PE file is high

The executable is compressed using UPX (2 个事件)

section	UPX0				description	Section name indicates UPX
section	UPX1				description	Section name indicates UPX

Communicates with host for which no DNS query was performed (1 个事件)

host

172.217.24.14

Resumed a suspended thread in a remote process potentially indicative of process injection (2 个事件)

Time & API	Arguments	Status	Return	Repeated
Process injection	Process 2364 resumed a thread in remote process 2292
1620946618.513531 NtResumeThread	thread_handle: 0x000001e4 suspend_count: 1 process_identifier: 2292	success	0	0

File has been identified by 40 AntiVirus engines on VirusTotal as malicious (40 个事件)

Bkav	W32.malware.sig1
Elastic	malicious (high confidence)
DrWeb	Adware.Covus.88
FireEye	Generic.mg.8379bdc3c69dff57
CAT-QuickHeal	Downloader.AutoIT.Agent.A
Cylance	Unsafe
Sangfor	Malware
K7AntiVirus	Adware ( 004b89a91 )
Alibaba	Downloader:Win32/Softcnapp.0f4cadcf
K7GW	Adware ( 004b89a91 )
Cyren	W32/DownloadSponsor.E.gen!Eldorado
Symantec	PUA.DownloadSponsor
ESET-NOD32	a variant of Win32/DownloadSponsor.C potentially unwanted
ClamAV	Win.Dropper.Miner-7086571-0
Kaspersky	not-a-virus:Downloader.MSIL.DownloadSponsor.ts
NANO-Antivirus	Trojan.Script.Downware.evryrn
Emsisoft	Application.AdLoad (A)
Comodo	Application.Win32.DownloadSponsor.DFE@8kkucp
TrendMicro	PUA.MSIL.DownloadSponsor.SMDR
McAfee-GW-Edition	BehavesLike.Win32.DLSponsor.th
Sophos	Generic PUA AE (PUA)
Jiangmin	Downloader.MSIL.ouq
Webroot	W32.Adware.Gen
Antiy-AVL	GrayWare/AU3.Dloader.sm
Gridinsoft	PUP.Downloader.dd!c
Microsoft	PUA:Win32/DownloadSponsor
ZoneAlarm	not-a-virus:Downloader.MSIL.DownloadSponsor.ts
GData	Win32.Trojan.Agent.YPN1NZ
Cynet	Malicious (score: 100)
AhnLab-V3	PUP/Win32.DownloadSponsor.R335805
McAfee	Artemis!8379BDC3C69D
VBA32	TScope.Trojan.MSIL
Malwarebytes	PUP.Optional.ChipDe
TrendMicro-HouseCall	PUA.MSIL.DownloadSponsor.SMDR
Rising	PUF.DownloadSponsor!1.BE33 (CLASSIC)
Ikarus	PUA.DownloadSponsor
MaxSecure	Downloader.MSIL.DownloadSponsor.gen
Fortinet	AutoIt/Dloader.SM!tr
CrowdStrike	win/malicious_confidence_100% (D)
Qihoo-360	Generic/Virus.Downloader.034

暂无二进制图像该样本未生成二进制可视化图像

暂无运行截图该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手，可以帮您分析和解读恶意软件报告。请随时向我提问！

🔍 主要威胁分析

⚡ 行为特征

🛡️ 防护建议

🔧 技术手段

🎯 检测方法

🤖

Static Analysis
Strings

PE Compile Time

2020-05-04 23:26:33

Imports

Library KERNEL32.DLL:

• 0x6c1404 LoadLibraryA

• 0x6c1408 GetProcAddress

• 0x6c140c VirtualProtect

• 0x6c1410 VirtualAlloc

• 0x6c1414 VirtualFree

• 0x6c1418 ExitProcess

Library ADVAPI32.dll:

• 0x6c1420 AddAce

Library COMCTL32.dll:

• 0x6c1428 ImageList_Remove

Library COMDLG32.dll:

• 0x6c1430 GetSaveFileNameW

Library GDI32.dll:

• 0x6c1438 LineTo

Library IPHLPAPI.DLL:

• 0x6c1440 IcmpSendEcho

Library MPR.dll:

• 0x6c1448 WNetUseConnectionW

Library ole32.dll:

• 0x6c1450 CoGetObject

Library OLEAUT32.dll:

• 0x6c1458 VariantInit

Library PSAPI.DLL:

• 0x6c1460 GetProcessMemoryInfo

Library SHELL32.dll:

• 0x6c1468 DragFinish

Library USER32.dll:

• 0x6c1470 GetDC

Library USERENV.dll:

• 0x6c1478 LoadUserProfileW

Library UxTheme.dll:

• 0x6c1480 IsThemeActive

Library VERSION.dll:

• 0x6c1488 VerQueryValueW

Library WININET.dll:

• 0x6c1490 FtpOpenFileW

Library WINMM.dll:

• 0x6c1498 timeGetTime

Library WSOCK32.dll:

• 0x6c14a0 socket

Hosts

No hosts contacted.

DNS

Name	Response	Post-Analysis Lookup
time.windows.com	A 20.189.79.72 CNAME time.microsoft.akadns.net
api2.chip-secured-download.de	A 148.251.213.132	148.251.213.132
dns.msftncsi.com	A 131.107.255.255	131.107.255.255
dns.msftncsi.com	AAAA fd3e:4f5a:5b81::1	131.107.255.255
teredo.ipv6.microsoft.com

TCP

Source	Source Port	Destination	Destination Port
192.168.56.101	49181	148.251.213.132 api2.chip-secured-download.de	80

UDP

Source	Source Port	Destination	Destination Port
192.168.56.101	49235	114.114.114.114	53
192.168.56.101	50534	114.114.114.114	53
192.168.56.101	51378	114.114.114.114	53
192.168.56.101	56539	114.114.114.114	53
192.168.56.101	58367	114.114.114.114	53
192.168.56.101	65004	114.114.114.114	53
192.168.56.101	137	192.168.56.255	137
192.168.56.101	138	192.168.56.255	138
192.168.56.101	123	20.189.79.72 time.windows.com	123
192.168.56.101	53657	224.0.0.252	5355
192.168.56.101	55368	224.0.0.252	5355
192.168.56.101	56804	224.0.0.252	5355
192.168.56.101	60123	224.0.0.252	5355
192.168.56.101	62191	224.0.0.252	5355
192.168.56.101	1900	239.255.255.250	1900
192.168.56.101	56540	239.255.255.250	3702
192.168.56.101	56807	239.255.255.250	1900
192.168.56.101	58368	239.255.255.250	3702
192.168.56.101	58370	239.255.255.250	3702
192.168.56.101	58707	239.255.255.250	3702

HTTP & HTTPS Requests

URI	Data
http://api2.chip-secured-download.de/dotnet/com	GET /dotnet/com HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:23.0; DSde) Gecko/20100101 Firefox/23.0 Host: api2.chip-secured-download.de
http://api2.chip-secured-download.de/geoip/geoip.php?ip=3130372e3135322e3130342e323237&givezip=true	GET /geoip/geoip.php?ip=3130372e3135322e3130342e323237&givezip=true HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:23.0; DSde) Gecko/20100101 Firefox/23.0 Host: api2.chip-secured-download.de Connection: Keep-Alive

URI

Data

http://api2.chip-secured-download.de/dotnet/com

GET /dotnet/com HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:23.0; DSde) Gecko/20100101 Firefox/23.0
Host: api2.chip-secured-download.de

http://api2.chip-secured-download.de/geoip/geoip.php?ip=3130372e3135322e3130342e323237&givezip=true

GET /geoip/geoip.php?ip=3130372e3135322e3130342e323237&givezip=true HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:23.0; DSde) Gecko/20100101 Firefox/23.0
Host: api2.chip-secured-download.de
Connection: Keep-Alive

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.

Sorry! No dropped buffers.