SmartHawk

8.8

极危

该样本未表现出任何异常！

重新分析

下载样本

855ed27db1a007ac5872617406cbddb6edd3841cf9fa5dcd5d8703e9da851b03

a2afa32ad1ac20239495752c08ffbb34.exe

分析耗时

76s

最近分析

文件大小

783.4KB

静态报毒动态报毒 CHINA

未检测暂无鹰眼引擎检测结果

未检测暂无反病毒引擎检测结果

Queries for the computername (4 个事件)

Time & API	Arguments	Status	Return
1620985521.365952 GetComputerNameA	computer_name: OSKAR-PC	success	1
1620985523.443952 GetComputerNameW	computer_name: OSKAR-PC	success	1
1620985523.771952 GetComputerNameW	computer_name: OSKAR-PC	success	1
1620985524.630952 GetComputerNameW	computer_name: OSKAR-PC	success	1

Checks if process is being debugged by a debugger (1 个事件)

Time & API	Arguments	Status	Return	Repeated
1620985521.568952 IsDebuggerPresent		failed	0	0

This executable is signed

The file contains an unknown PE resource name possibly indicative of a packer (2 个事件)

resource name	PNG
resource name	XML

One or more potentially interesting buffers were extracted, these generally contain injected code, configuration data, etc.

HTTP traffic contains suspicious features which may be indicative of malware related traffic (1 个事件)

suspicious_features

POST method with no referer header

suspicious_request

POST http://infoc0.duba.net/c/

Performs some HTTP requests (8 个事件)

request	GET http://2398.35go.net/defend/o1/jcqgx.ini
request	POST http://infoc0.duba.net/c/
request	HEAD http://dubacdn.cmcmcdn.com/sem/installer/0.png
request	GET http://dubacdn.cmcmcdn.com/sem/installer/0.png
request	GET http://config.i.duba.net/seminstall/0/0.xml?time=1621013812
request	GET http://config.i.duba.net/seminstall/0.xml
request	HEAD http://cd001.www.duba.net/duba/install/2011/ever/kavsetup170612_4_1.dat
request	GET http://cd001.www.duba.net/duba/install/2011/ever/kavsetup170612_4_1.dat

Sends data using the HTTP POST Method (1 个事件)

request

POST http://infoc0.duba.net/c/

Allocates read-write-execute memory (usually to unpack itself) (1 个事件)

Time & API	Arguments	Status	Return	Repeated
1620985523.037952 NtAllocateVirtualMemory	process_identifier: 284 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 4096 (MEM_COMMIT) base_address: 0x02780000	success	0	0

Queries the disk size which could be used to detect virtual machine with small fixed size or dynamic allocation (1 个事件)

Time & API	Arguments	Status	Return	Repeated
1620985521.365952 GetDiskFreeSpaceExW	root_path: C:\Windows\system32 free_bytes_available: 0 total_number_of_free_bytes: 19609374720 total_number_of_bytes: 0	success	1	0

Checks for known Chinese AV sofware registry keys (2 个事件)

regkey	.*rising
regkey	.*Kingsoft

Foreign language identified in PE resource (50 out of 70 个事件)

name

PNG

language

LANG_CHINESE

offset

0x0012e174

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x0000123d

name

PNG

language

LANG_CHINESE

offset

0x0012e174

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x0000123d

name

PNG

language

LANG_CHINESE

offset

0x0012e174

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x0000123d

name

PNG

language

LANG_CHINESE

offset

0x0012e174

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x0000123d

name

PNG

language

LANG_CHINESE

offset

0x0012e174

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x0000123d

name

PNG

language

LANG_CHINESE

offset

0x0012e174

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x0000123d

name

PNG

language

LANG_CHINESE

offset

0x0012e174

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x0000123d

name

PNG

language

LANG_CHINESE

offset

0x0012e174

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x0000123d

name

PNG

language

LANG_CHINESE

offset

0x0012e174

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x0000123d

name

PNG

language

LANG_CHINESE

offset

0x0012e174

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x0000123d

name

PNG

language

LANG_CHINESE

offset

0x0012e174

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x0000123d

name

PNG

language

LANG_CHINESE

offset

0x0012e174

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x0000123d

name

PNG

language

LANG_CHINESE

offset

0x0012e174

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x0000123d

name

PNG

language

LANG_CHINESE

offset

0x0012e174

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x0000123d

name

PNG

language

LANG_CHINESE

offset

0x0012e174

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x0000123d

name

PNG

language

LANG_CHINESE

offset

0x0012e174

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x0000123d

name

PNG

language

LANG_CHINESE

offset

0x0012e174

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x0000123d

name

PNG

language

LANG_CHINESE

offset

0x0012e174

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x0000123d

name

PNG

language

LANG_CHINESE

offset

0x0012e174

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x0000123d

name

PNG

language

LANG_CHINESE

offset

0x0012e174

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x0000123d

name

PNG

language

LANG_CHINESE

offset

0x0012e174

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x0000123d

name

PNG

language

LANG_CHINESE

offset

0x0012e174

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x0000123d

name

PNG

language

LANG_CHINESE

offset

0x0012e174

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x0000123d

name

PNG

language

LANG_CHINESE

offset

0x0012e174

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x0000123d

name

PNG

language

LANG_CHINESE

offset

0x0012e174

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x0000123d

name

PNG

language

LANG_CHINESE

offset

0x0012e174

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x0000123d

name

PNG

language

LANG_CHINESE

offset

0x0012e174

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x0000123d

name

PNG

language

LANG_CHINESE

offset

0x0012e174

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x0000123d

name

PNG

language

LANG_CHINESE

offset

0x0012e174

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x0000123d

name

PNG

language

LANG_CHINESE

offset

0x0012e174

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x0000123d

name

PNG

language

LANG_CHINESE

offset

0x0012e174

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x0000123d

name

PNG

language

LANG_CHINESE

offset

0x0012e174

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x0000123d

name

PNG

language

LANG_CHINESE

offset

0x0012e174

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x0000123d

name

PNG

language

LANG_CHINESE

offset

0x0012e174

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x0000123d

name

PNG

language

LANG_CHINESE

offset

0x0012e174

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x0000123d

name

PNG

language

LANG_CHINESE

offset

0x0012e174

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x0000123d

name

PNG

language

LANG_CHINESE

offset

0x0012e174

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x0000123d

name

PNG

language

LANG_CHINESE

offset

0x0012e174

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x0000123d

name

PNG

language

LANG_CHINESE

offset

0x0012e174

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x0000123d

name

PNG

language

LANG_CHINESE

offset

0x0012e174

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x0000123d

name

PNG

language

LANG_CHINESE

offset

0x0012e174

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x0000123d

name

PNG

language

LANG_CHINESE

offset

0x0012e174

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x0000123d

name

PNG

language

LANG_CHINESE

offset

0x0012e174

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x0000123d

name

PNG

language

LANG_CHINESE

offset

0x0012e174

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x0000123d

name

PNG

language

LANG_CHINESE

offset

0x0012e174

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x0000123d

name

PNG

language

LANG_CHINESE

offset

0x0012e174

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x0000123d

name

XML

language

LANG_CHINESE

offset

0x00131ec0

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x0000024a

name

XML

language

LANG_CHINESE

offset

0x00131ec0

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x0000024a

name

XML

language

LANG_CHINESE

offset

0x00131ec0

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x0000024a

name

XML

language

LANG_CHINESE

offset

0x00131ec0

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x0000024a

Creates executable files on the filesystem (1 个事件)

file	C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\kdb_semrjgj.dll

Executes one or more WMI queries (3 个事件)

wmi	SELECT Caption FROM Win32_SoundDevice
wmi	select * from Win32_NetworkAdapter where PnpDeviceID like 'PCI%' or PnpDeviceID like 'USB%'
wmi	SELECT * FROM Win32_BaseBoard WHERE (SerialNumber IS NOT NULL)

An executable file was downloaded by the process a2afa32ad1ac20239495752c08ffbb34.exe (1 个事件)

Time & API	Arguments	Status	Return	Repeated
1620985525.849952 recv	buffer: HTTP/1.1 200 OK Date: Fri, 14 May 2021 10:58:39 GMT Content-Type: text/plain Content-Length: 38420160 Connection: keep-alive Server: openresty Age: 5549094 Cache-Control: max-age=900 Etag: "593e667c-24a3ec0" Expires: Tue, 09 Mar 2021 06:37:23 GMT Last-Modified: Mon, 12 Jun 2017 10:01:32 GMT Lct-Hot-Series: 715821056 Lct-Pos-Percent: 0.57 Nginx-Hit: 1 X-CCDN-CacheTTL: 900 X-CCDN-Expires: 900 via: CHN-HIhaikou-CT3-CACHE51[122],CHN-HIhaikou-CT3-CACHE52[100,TCP_HIT,120],CHN-GDdongguan-GLOBAL1-CACHE43[6],CHN-GDdongguan-GLOBAL1-CACHE116[0,TCP_HIT,2] x-hcs-proxy-type: 1 Accept-Ranges: bytes MZÿÿ¸@JEøº´ Í!¸LÍ!This program cannot be run in DOS mode. $>Ï@uP@uP@uP×±.FuPg³-luPg³>%uPg³=GvPg³+iuP@uQ/wPg³"MtPg³*AuPg³,AuP@uPTuPg³(AuPRich@uPPELà!@Pà`,2ð022_KL{2` w2¬02 GÈJø2¬{2T.2Häc"`UPX0ààUPX1@ð@@à.rsrcP02LD@À received: 1460 socket: 620	success	1460	0

The binary likely contains encrypted or compressed data indicative of a packer (2 个事件)

entropy

7.899853330630543

section

{'size_of_data': '0x000ae600', 'virtual_address': '0x0009b000', 'entropy': 7.899853330630543, 'name': 'UPX1', 'virtual_size': '0x000af000'}

description

A section with a high entropy has been found

entropy

0.9574468085106383

description

Overall entropy of this PE file is high

Queries for potentially installed applications (50 out of 77 个事件)

Time & API	Arguments	Status	Return
1620985524.677952 RegOpenKeyExW	access: 0x02000000 base_handle: 0x80000002 key_handle: 0x00000000 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\360安全卫士 regkey_r: SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\360安全卫士 options: 0	failed	2
1620985524.677952 RegOpenKeyExW	access: 0x00000001 base_handle: 0x80000002 key_handle: 0x00000000 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DriverGenius regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DriverGenius options: 0	failed	2
1620985524.677952 RegOpenKeyExW	access: 0x00000101 base_handle: 0x80000002 key_handle: 0x00000000 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DriverGenius regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DriverGenius options: 0	failed	2
1620985524.677952 RegOpenKeyExW	access: 0x00000001 base_handle: 0x80000002 key_handle: 0x00000000 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\百度杀毒 regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\百度杀毒 options: 0	failed	2
1620985524.677952 RegOpenKeyExW	access: 0x00000101 base_handle: 0x80000002 key_handle: 0x00000000 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\百度杀毒 regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\百度杀毒 options: 0	failed	2
1620985524.677952 RegOpenKeyExW	access: 0x00000001 base_handle: 0x80000002 key_handle: 0x00000000 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\百度杀毒 regkey_r: SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\百度杀毒 options: 0	failed	2
1620985524.677952 RegOpenKeyExW	access: 0x00000101 base_handle: 0x80000002 key_handle: 0x00000000 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\百度杀毒 regkey_r: SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\百度杀毒 options: 0	failed	2
1620985524.677952 RegOpenKeyExW	access: 0x00000001 base_handle: 0x80000002 key_handle: 0x00000000 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\百度卫士 regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\百度卫士 options: 0	failed	2
1620985524.677952 RegOpenKeyExW	access: 0x00000101 base_handle: 0x80000002 key_handle: 0x00000000 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\百度卫士 regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\百度卫士 options: 0	failed	2
1620985524.677952 RegOpenKeyExW	access: 0x00000001 base_handle: 0x80000002 key_handle: 0x00000000 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\百度卫士 regkey_r: SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\百度卫士 options: 0	failed	2
1620985524.677952 RegOpenKeyExW	access: 0x00000101 base_handle: 0x80000002 key_handle: 0x00000000 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\百度卫士 regkey_r: SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\百度卫士 options: 0	failed	2
1620985524.693952 RegOpenKeyExW	access: 0x02000000 base_handle: 0x80000002 key_handle: 0x00000000 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\360安全卫士 regkey_r: SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\360安全卫士 options: 0	failed	2
1620985524.693952 RegOpenKeyExW	access: 0x00000001 base_handle: 0x80000002 key_handle: 0x00000000 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DriverGenius regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DriverGenius options: 0	failed	2
1620985524.693952 RegOpenKeyExW	access: 0x00000101 base_handle: 0x80000002 key_handle: 0x00000000 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DriverGenius regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DriverGenius options: 0	failed	2
1620985524.693952 RegOpenKeyExW	access: 0x00000001 base_handle: 0x80000002 key_handle: 0x00000000 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\百度杀毒 regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\百度杀毒 options: 0	failed	2
1620985524.693952 RegOpenKeyExW	access: 0x00000101 base_handle: 0x80000002 key_handle: 0x00000000 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\百度杀毒 regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\百度杀毒 options: 0	failed	2
1620985524.693952 RegOpenKeyExW	access: 0x00000001 base_handle: 0x80000002 key_handle: 0x00000000 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\百度杀毒 regkey_r: SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\百度杀毒 options: 0	failed	2
1620985524.693952 RegOpenKeyExW	access: 0x00000101 base_handle: 0x80000002 key_handle: 0x00000000 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\百度杀毒 regkey_r: SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\百度杀毒 options: 0	failed	2
1620985524.693952 RegOpenKeyExW	access: 0x00000001 base_handle: 0x80000002 key_handle: 0x00000000 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\百度卫士 regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\百度卫士 options: 0	failed	2
1620985524.693952 RegOpenKeyExW	access: 0x00000101 base_handle: 0x80000002 key_handle: 0x00000000 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\百度卫士 regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\百度卫士 options: 0	failed	2
1620985524.693952 RegOpenKeyExW	access: 0x00000001 base_handle: 0x80000002 key_handle: 0x00000000 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\百度卫士 regkey_r: SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\百度卫士 options: 0	failed	2
1620985524.693952 RegOpenKeyExW	access: 0x00000101 base_handle: 0x80000002 key_handle: 0x00000000 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\百度卫士 regkey_r: SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\百度卫士 options: 0	failed	2
1620985524.708952 RegOpenKeyExW	access: 0x02000000 base_handle: 0x80000002 key_handle: 0x00000000 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\360安全卫士 regkey_r: SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\360安全卫士 options: 0	failed	2
1620985524.708952 RegOpenKeyExW	access: 0x00000001 base_handle: 0x80000002 key_handle: 0x00000000 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DriverGenius regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DriverGenius options: 0	failed	2
1620985524.708952 RegOpenKeyExW	access: 0x00000101 base_handle: 0x80000002 key_handle: 0x00000000 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DriverGenius regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DriverGenius options: 0	failed	2
1620985524.708952 RegOpenKeyExW	access: 0x00000001 base_handle: 0x80000002 key_handle: 0x00000000 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\百度杀毒 regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\百度杀毒 options: 0	failed	2
1620985524.708952 RegOpenKeyExW	access: 0x00000101 base_handle: 0x80000002 key_handle: 0x00000000 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\百度杀毒 regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\百度杀毒 options: 0	failed	2
1620985524.708952 RegOpenKeyExW	access: 0x00000001 base_handle: 0x80000002 key_handle: 0x00000000 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\百度杀毒 regkey_r: SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\百度杀毒 options: 0	failed	2
1620985524.708952 RegOpenKeyExW	access: 0x00000101 base_handle: 0x80000002 key_handle: 0x00000000 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\百度杀毒 regkey_r: SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\百度杀毒 options: 0	failed	2
1620985524.708952 RegOpenKeyExW	access: 0x00000001 base_handle: 0x80000002 key_handle: 0x00000000 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\百度卫士 regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\百度卫士 options: 0	failed	2
1620985524.708952 RegOpenKeyExW	access: 0x00000101 base_handle: 0x80000002 key_handle: 0x00000000 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\百度卫士 regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\百度卫士 options: 0	failed	2
1620985524.708952 RegOpenKeyExW	access: 0x00000001 base_handle: 0x80000002 key_handle: 0x00000000 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\百度卫士 regkey_r: SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\百度卫士 options: 0	failed	2
1620985524.708952 RegOpenKeyExW	access: 0x00000101 base_handle: 0x80000002 key_handle: 0x00000000 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\百度卫士 regkey_r: SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\百度卫士 options: 0	failed	2
1620985525.162952 RegOpenKeyExW	access: 0x02000000 base_handle: 0x80000002 key_handle: 0x00000000 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\360安全卫士 regkey_r: SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\360安全卫士 options: 0	failed	2
1620985525.177952 RegOpenKeyExW	access: 0x00000001 base_handle: 0x80000002 key_handle: 0x00000000 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DriverGenius regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DriverGenius options: 0	failed	2
1620985525.177952 RegOpenKeyExW	access: 0x00000101 base_handle: 0x80000002 key_handle: 0x00000000 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DriverGenius regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DriverGenius options: 0	failed	2
1620985525.177952 RegOpenKeyExW	access: 0x00000001 base_handle: 0x80000002 key_handle: 0x00000000 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\百度杀毒 regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\百度杀毒 options: 0	failed	2
1620985525.177952 RegOpenKeyExW	access: 0x00000101 base_handle: 0x80000002 key_handle: 0x00000000 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\百度杀毒 regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\百度杀毒 options: 0	failed	2
1620985525.177952 RegOpenKeyExW	access: 0x00000001 base_handle: 0x80000002 key_handle: 0x00000000 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\百度杀毒 regkey_r: SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\百度杀毒 options: 0	failed	2
1620985525.177952 RegOpenKeyExW	access: 0x00000101 base_handle: 0x80000002 key_handle: 0x00000000 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\百度杀毒 regkey_r: SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\百度杀毒 options: 0	failed	2
1620985525.177952 RegOpenKeyExW	access: 0x00000001 base_handle: 0x80000002 key_handle: 0x00000000 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\百度卫士 regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\百度卫士 options: 0	failed	2
1620985525.177952 RegOpenKeyExW	access: 0x00000101 base_handle: 0x80000002 key_handle: 0x00000000 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\百度卫士 regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\百度卫士 options: 0	failed	2
1620985525.177952 RegOpenKeyExW	access: 0x00000001 base_handle: 0x80000002 key_handle: 0x00000000 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\百度卫士 regkey_r: SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\百度卫士 options: 0	failed	2
1620985525.177952 RegOpenKeyExW	access: 0x00000101 base_handle: 0x80000002 key_handle: 0x00000000 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\百度卫士 regkey_r: SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\百度卫士 options: 0	failed	2
1620985525.333952 RegOpenKeyExW	access: 0x02000000 base_handle: 0x80000002 key_handle: 0x00000000 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\360安全卫士 regkey_r: SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\360安全卫士 options: 0	failed	2
1620985525.349952 RegOpenKeyExW	access: 0x00000001 base_handle: 0x80000002 key_handle: 0x00000000 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DriverGenius regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DriverGenius options: 0	failed	2
1620985525.349952 RegOpenKeyExW	access: 0x00000101 base_handle: 0x80000002 key_handle: 0x00000000 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DriverGenius regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DriverGenius options: 0	failed	2
1620985525.349952 RegOpenKeyExW	access: 0x00000001 base_handle: 0x80000002 key_handle: 0x00000000 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\百度杀毒 regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\百度杀毒 options: 0	failed	2
1620985525.349952 RegOpenKeyExW	access: 0x00000101 base_handle: 0x80000002 key_handle: 0x00000000 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\百度杀毒 regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\百度杀毒 options: 0	failed	2
1620985525.349952 RegOpenKeyExW	access: 0x00000001 base_handle: 0x80000002 key_handle: 0x00000000 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\百度杀毒 regkey_r: SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\百度杀毒 options: 0	failed	2

The executable is compressed using UPX (2 个事件)

section	UPX0				description	Section name indicates UPX
section	UPX1				description	Section name indicates UPX

Executes one or more WMI queries which can be used to identify virtual machines (1 个事件)

wmi	select * from Win32_NetworkAdapter where PnpDeviceID like 'PCI%' or PnpDeviceID like 'USB%'

Communicates with host for which no DNS query was performed (1 个事件)

host

172.217.24.14

Attempts to identify installed AV products by registry key (1 个事件)

registry

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\rising\RAV

Generates some ICMP traffic

暂无二进制图像该样本未生成二进制可视化图像

暂无运行截图该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手，可以帮您分析和解读恶意软件报告。请随时向我提问！

🔍 主要威胁分析

⚡ 行为特征

🛡️ 防护建议

🔧 技术手段

🎯 检测方法

🤖

Static Analysis
Strings

PE Compile Time

1970-01-09 23:30:08

Imports

Library KERNEL32.DLL:

• 0x551840 LoadLibraryA

• 0x551844 GetProcAddress

• 0x551848 VirtualProtect

• 0x55184c VirtualAlloc

• 0x551850 VirtualFree

• 0x551854 ExitProcess

Library ADVAPI32.dll:

• 0x55185c FreeSid

Library COMCTL32.dll:

• 0x551864 _TrackMouseEvent

Library GDI32.dll:

• 0x55186c LineTo

Library gdiplus.dll:

• 0x551874 GdipFree

Library iphlpapi.dll:

• 0x55187c IcmpSendEcho

Library MSIMG32.dll:

• 0x551884 AlphaBlend

Library ole32.dll:

• 0x55188c CoCreateGuid

Library OLEAUT32.dll:

• 0x551894 VariantClear

Library PSAPI.DLL:

• 0x55189c GetModuleFileNameExW

Library RASAPI32.dll:

• 0x5518a4 RasEnumConnectionsW

Library SHELL32.dll:

• 0x5518ac ShellExecuteW

Library SHLWAPI.dll:

• 0x5518b4 StrToIntA

Library USER32.dll:

• 0x5518bc GetDC

Library VERSION.dll:

• 0x5518c4 VerQueryValueW

Library WTSAPI32.dll:

• 0x5518cc WTSFreeMemory

Hosts

No hosts contacted.

DNS

Name	Response	Post-Analysis Lookup
config.i.duba.net	A 119.41.210.248 CNAME config.i.duba.net.w.kunlunar.com A 119.41.210.240 A 119.41.210.241 A 119.41.210.239 A 119.41.210.242 A 119.41.210.238 A 119.41.210.236 A 119.41.210.237	119.41.210.236
infoc0.duba.net	CNAME infoc-09.gz.1252921383.clb.myqcloud.com A 203.195.145.151 CNAME infoc2.duba.net	193.112.235.183
dns.msftncsi.com	A 131.107.255.255	131.107.255.255
cd001.www.duba.net	A 183.60.144.89 A 183.60.144.88 A 124.225.102.39 CNAME cd001.www.duba.net.c.cdnhwc1.com A 124.225.102.38 CNAME hcdnd101.gslb.c.cdnhwc2.com	183.60.144.89
2398.35go.net	A 183.60.144.89 A 183.60.144.88 A 124.225.102.39 A 124.225.102.38 CNAME hcdnd101.gslb.c.cdnhwc2.com CNAME 2398.35go.net.c.cdnhwc1.com	183.60.144.89
www.baidu.com	CNAME www.a.shifen.com A 14.215.177.39 A 14.215.177.38	14.215.177.38
time.windows.com	A 20.189.79.72 CNAME time.microsoft.akadns.net
dubacdn.cmcmcdn.com	CNAME dubacdn.cmcmcdn.com.spdydns.com CNAME sal.topgslb.com CNAME dubacdn.cmcmcdn.com.scc.topgslb.com A 124.225.131.213	124.225.131.213
dns.msftncsi.com	AAAA fd3e:4f5a:5b81::1	131.107.255.255
teredo.ipv6.microsoft.com

TCP

Source	Source Port	Destination	Destination Port
192.168.56.101	49181	119.41.210.237 config.i.duba.net	80
192.168.56.101	49188	124.225.102.39 2398.35go.net	80
192.168.56.101	49189	124.225.102.39 2398.35go.net	80
192.168.56.101	49175	124.225.131.213 dubacdn.cmcmcdn.com	80
192.168.56.101	49177	124.225.131.213 dubacdn.cmcmcdn.com	80
192.168.56.101	49171	183.60.144.88 2398.35go.net	80
192.168.56.101	49173	203.195.145.151 infoc0.duba.net	80
192.168.56.101	49180	203.195.145.151 infoc0.duba.net	80
192.168.56.101	49183	203.195.145.151 infoc0.duba.net	80
192.168.56.101	49184	203.195.145.151 infoc0.duba.net	80
192.168.56.101	49185	203.195.145.151 infoc0.duba.net	80
192.168.56.101	49186	203.195.145.151 infoc0.duba.net	80
192.168.56.101	49187	203.195.145.151 infoc0.duba.net	80

UDP

Source	Source Port	Destination	Destination Port
192.168.56.101	49235	114.114.114.114	53
192.168.56.101	50534	114.114.114.114	53
192.168.56.101	51378	114.114.114.114	53
192.168.56.101	51808	114.114.114.114	53
192.168.56.101	53237	114.114.114.114	53
192.168.56.101	53657	114.114.114.114	53
192.168.56.101	56539	114.114.114.114	53
192.168.56.101	57756	114.114.114.114	53
192.168.56.101	57874	114.114.114.114	53
192.168.56.101	58367	114.114.114.114	53
192.168.56.101	65004	114.114.114.114	53
192.168.56.101	137	192.168.56.255	137
192.168.56.101	138	192.168.56.255	138
192.168.56.101	123	20.189.79.72 time.windows.com	123
192.168.56.101	55368	224.0.0.252	5355
192.168.56.101	56804	224.0.0.252	5355
192.168.56.101	60123	224.0.0.252	5355
192.168.56.101	62191	224.0.0.252	5355
192.168.56.101	1900	239.255.255.250	1900
192.168.56.101	49236	239.255.255.250	3702

HTTP & HTTPS Requests

URI	Data
http://config.i.duba.net/seminstall/0/0.xml?time=1621013812	GET /seminstall/0/0.xml?time=1621013812 HTTP/1.1 Host: config.i.duba.net Content-Type: application/octet-stream User-Agent: Mozilla/4.0 Accept: /
http://config.i.duba.net/seminstall/0.xml	GET /seminstall/0.xml HTTP/1.1 Host: config.i.duba.net Content-Type: application/octet-stream User-Agent: Mozilla/4.0 Accept: /
http://infoc0.duba.net/c/	POST /c/ HTTP/1.1 Host: infoc0.duba.net Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 Accept: / Content-Length: 256 \x00\x01\x02\x01\x02\x00\xa5\xefK\xf4\x04\x00\x10\x00O\xa3%\x0e\xbe6\xc0\xc3I\x95\x9f\x86\xdf\xfd\xdds\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x07\x00\x00\x00\x00\x00\x005\xb5\x9e`\x00\x00\x00\x00\x1c\x00\xe6\xe4\xbd\xfb\xec\xbd\xb0\xf1\xed\xba\xb0\xf9\xfb\xe0\xe9\xbc\xe1\xb0\xb0\xe3\xbd\xeb\xeb\xee\xff\xef\xeb\xf2G\x12\x02\x00\x00\x00\x01\x00\x00\x00\x1e\x00\x00\x00\x00\x00\x00\x00k\x00\xf3\xaa\xba\xbb\xbc\xbd\xcd\xf0\xf8\xe4\xe7\xfa\xed\xfa\xaa\xb2\xb8\xa4\xaa\xbb\xbe\xb8\xfb\xe9\xee\xed\xaa\xb2\xb8\xa4\xaa\xca\xe9\xe1\xcc\xfd\xc9\xe6\xfc\xe1\xfe\xe1\xfa\xfd\xfb\xaa\xb2\xb8\xa4\xaa\xca\xe9\xe1\xcc\xfd\xdb\xe9\xee\xed\xaa\xb2\xb8\xa4\xaa\xd9\xd9\xcf\xfd\xe9\xe6\xc2\xe1\xe9\xaa\xb2\xb8\xa4\xaa\xda\xfd\xe1\xd0\xe1\xe6\xef\xaa\xb2\xb8\xa4\xaa\xec\xfd\xea\xe9\xaa\xb2\xb8\xa4\xaa\xf9\xec\xe2\xe4\xaa\xb2\xb8\xf5\x0c\x00\x00\x00 \x00\xcc\xba\xbf\xbb\xcb\xb1\xbf\xbc\xcb\xbb\xcb\xcd\xb0\xbe\xc9\xcc\xb0\xcb\xcc\xb1\xbc\xce\xba\xc9\xb0\xce\xc9\xb1\xce\xbb\xbb\xba
http://cd001.www.duba.net/duba/install/2011/ever/kavsetup170612_4_1.dat	GET /duba/install/2011/ever/kavsetup170612_4_1.dat HTTP/1.1 Host: cd001.www.duba.net Content-Type: application/octet-stream User-Agent: Mozilla/4.0 Accept: /
http://infoc0.duba.net/c/	POST /c/ HTTP/1.1 Host: infoc0.duba.net Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 Accept: / Content-Length: 246 \xf6\x00\x02\x01\x02\x00\xc3\x81\x9e\x96\x04\x00\x10\x00O\xa3%\x0e\xbe6\xc0\xc3I\x95\x9f\x86\xdf\xfd\xdds\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x07\x00\x00\x00\x00\x00\x004\xb5\x9e`\x00\x00\x00\x00\x1c\x00\xe6\xe4\xbd\xfb\xec\xbd\xb0\xf1\xed\xba\xb0\xf9\xfb\xe0\xe9\xbc\xe1\xb0\xb0\xe3\xbd\xeb\xeb\xee\xff\xef\xeb\xf2\xb9\x0e\x0e\x00\xe1\xe6\xe2\xed\xeb\xfc\xa5\xf0\xb0\xbe\xa6\xed\xf0\xed \x00\xca\xb9\xbe\xbc\xbd\xb9\xce\xb8\xb8\xb0\xbf\xb0\xcc\xc9\xbe\xcb\xbb\xca\xbf\xca\xb8\xb9\xba\xbb\xba\xbb\xbc\xc9\xbf\xbe\xcb\xc9\x0b\x00\xf8\xf1\xfc\xe0\xe7\xe6\xff\xa6\xed\xf0\xed \x00\xb8\xbf\xbc\xb8\xb0\xb8\xbb\xbc\xb8\xbc\xc9\xbd\xb0\xcc\xb1\xcb\xb9\xcb\xb9\xce\xbc\xca\xcc\xb1\xcd\xcc\xc9\xce\xbc\xb9\xb0\xbe\x0b\x00\xf8\xf1\xfc\xe0\xe7\xe6\xff\xa6\xed\xf0\xed \x00\xb8\xbf\xbc\xb8\xb0\xb8\xbb\xbc\xb8\xbc\xc9\xbd\xb0\xcc\xb1\xcb\xb9\xcb\xb9\xce\xbc\xca\xcc\xb1\xcd\xcc\xc9\xce\xbc\xb9\xb0\xbe\x01\x00\x00\x00\x00\x00\x00\x00\x00
http://2398.35go.net/defend/o1/jcqgx.ini	GET /defend/o1/jcqgx.ini HTTP/1.1 Host: 2398.35go.net Content-Type: application/octet-stream User-Agent: Mozilla/4.0 Accept: /
http://infoc0.duba.net/c/	POST /c/ HTTP/1.1 Host: infoc0.duba.net Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 Accept: / Content-Length: 256 \x00\x01\x02\x01\x02\x00P\x90m+\x04\x00\x10\x00O\xa3%\x0e\xbe6\xc0\xc3I\x95\x9f\x86\xdf\xfd\xdds\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x07\x00\x00\x00\x00\x00\x005\xb5\x9e`\x00\x00\x00\x00\x1c\x00\xe6\xe4\xbd\xfb\xec\xbd\xb0\xf1\xed\xba\xb0\xf9\xfb\xe0\xe9\xbc\xe1\xb0\xb0\xe3\xbd\xeb\xeb\xee\xff\xef\xeb\xf2G\x12\x02\x00\x00\x00\x01\x00\x00\x00\x15\x00\x00\x00\x00\x00\x00\x00k\x00\xf3\xaa\xba\xbb\xbc\xbd\xcd\xf0\xf8\xe4\xe7\xfa\xed\xfa\xaa\xb2\xb8\xa4\xaa\xbb\xbe\xb8\xfb\xe9\xee\xed\xaa\xb2\xb8\xa4\xaa\xca\xe9\xe1\xcc\xfd\xc9\xe6\xfc\xe1\xfe\xe1\xfa\xfd\xfb\xaa\xb2\xb8\xa4\xaa\xca\xe9\xe1\xcc\xfd\xdb\xe9\xee\xed\xaa\xb2\xb8\xa4\xaa\xd9\xd9\xcf\xfd\xe9\xe6\xc2\xe1\xe9\xaa\xb2\xb8\xa4\xaa\xda\xfd\xe1\xd0\xe1\xe6\xef\xaa\xb2\xb8\xa4\xaa\xec\xfd\xea\xe9\xaa\xb2\xb8\xa4\xaa\xf9\xec\xe2\xe4\xaa\xb2\xb8\xf5\x0c\x00\x00\x00 \x00\xcc\xba\xbf\xbb\xcb\xb1\xbf\xbc\xcb\xbb\xcb\xcd\xb0\xbe\xc9\xcc\xb0\xcb\xcc\xb1\xbc\xce\xba\xc9\xb0\xce\xc9\xb1\xce\xbb\xbb\xba
http://infoc0.duba.net/c/	POST /c/ HTTP/1.1 Host: infoc0.duba.net Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 Accept: / Content-Length: 107 k\x00\x02\x01\x02\x00n\xa0\x9d\xea\x04\x00\x10\x00O\xa3%\x0e\xbe6\xc0\xc3I\x95\x9f\x86\xdf\xfd\xdds\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x07\x00\x00\x00\x00\x00\x00\xf13\x9e`\x00\x00\x00\x00\x1c\x00\xe6\xe4\xbd\xfb\xec\xbd\xb0\xf1\xed\xba\xb0\xf9\xfb\xe0\xe9\xbc\xe1\xb0\xb0\xe3\xbd\xeb\xeb\xee\xff\xef\xeb\xf2\xc1\x0f\x02\x00\x00\x00b\x01\x00\x00\x00\x00\x00\x00\x00\x00
http://infoc0.duba.net/c/	POST /c/ HTTP/1.1 Host: infoc0.duba.net Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 Accept: / Content-Length: 256 \x00\x01\x02\x01\x02\x00\xcc\x82\xcf \x04\x00\x10\x00O\xa3%\x0e\xbe6\xc0\xc3I\x95\x9f\x86\xdf\xfd\xdds\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x07\x00\x00\x00\x00\x00\x004\xb5\x9e`\x00\x00\x00\x00\x1c\x00\xe6\xe4\xbd\xfb\xec\xbd\xb0\xf1\xed\xba\xb0\xf9\xfb\xe0\xe9\xbc\xe1\xb0\xb0\xe3\xbd\xeb\xeb\xee\xff\xef\xeb\xf2G\x12\x02\x00\x00\x00\x01\x00\x00\x00\x0b\x00\x00\x00\x00\x00\x00\x00k\x00\xf3\xaa\xba\xbb\xbc\xbd\xcd\xf0\xf8\xe4\xe7\xfa\xed\xfa\xaa\xb2\xb8\xa4\xaa\xbb\xbe\xb8\xfb\xe9\xee\xed\xaa\xb2\xb8\xa4\xaa\xca\xe9\xe1\xcc\xfd\xc9\xe6\xfc\xe1\xfe\xe1\xfa\xfd\xfb\xaa\xb2\xb8\xa4\xaa\xca\xe9\xe1\xcc\xfd\xdb\xe9\xee\xed\xaa\xb2\xb8\xa4\xaa\xd9\xd9\xcf\xfd\xe9\xe6\xc2\xe1\xe9\xaa\xb2\xb8\xa4\xaa\xda\xfd\xe1\xd0\xe1\xe6\xef\xaa\xb2\xb8\xa4\xaa\xec\xfd\xea\xe9\xaa\xb2\xb8\xa4\xaa\xf9\xec\xe2\xe4\xaa\xb2\xb8\xf5\x0c\x00\x00\x00 \x00\xcc\xba\xbf\xbb\xcb\xb1\xbf\xbc\xcb\xbb\xcb\xcd\xb0\xbe\xc9\xcc\xb0\xcb\xcc\xb1\xbc\xce\xba\xc9\xb0\xce\xc9\xb1\xce\xbb\xbb\xba
http://dubacdn.cmcmcdn.com/sem/installer/0.png	GET /sem/installer/0.png HTTP/1.1 Host: dubacdn.cmcmcdn.com Content-Type: application/octet-stream User-Agent: Mozilla/4.0 Accept: /

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.

Sorry! No dropped buffers.