4.4
中危
1 个模型检测该样本为恶意!
重新分析
更多

9c297b9ec91cd35312ca83a2d7263d54b12ef2ecd5a086db1af5e33f559d28c7

af183afe5f6263ad5c6940cbbca8aa63.exe

分析耗时

93s

最近分析

文件大小

5.3MB
静态报毒 动态报毒
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
McAfee 20210308 6.0.6.653
Alibaba 20190527 0.3.0.5
CrowdStrike 20210203 1.0
Baidu 20190318 1.0.0.2
Avast 20210308 21.1.5827.0
Tencent 20210308 1.0.0.1
Kingsoft 20210308 2017.9.26.565
行为判定
动态指标
HTTP traffic contains suspicious features which may be indicative of malware related traffic (6 个事件)
suspicious_features POST method with no referer header, POST method with no useragent header suspicious_request POST http://app-api.vidusoft.com/api/install/online.php
suspicious_features GET method with no useragent header suspicious_request GET http://d17.dvdfab.cn/flag.php
suspicious_features GET method with no useragent header suspicious_request GET http://d18.dvdfab.cn/flag.php
suspicious_features GET method with no useragent header suspicious_request GET http://d217.dvdfab.cn/flag.php
suspicious_features GET method with no useragent header suspicious_request GET http://d207.dvdfab.cn/flag.php
suspicious_features GET method with no useragent header suspicious_request GET http://d140.dvdfab.cn/flag.php
Performs some HTTP requests (14 个事件)
request POST http://app-api.vidusoft.com/api/install/online.php
request HEAD http://d17.dvdfab.cn/download/dvdfab_downloader_2300_5f953c0c.exe
request GET http://d17.dvdfab.cn/flag.php
request HEAD http://d18.dvdfab.cn/download/dvdfab_downloader_2300_5f953c0c.exe
request GET http://d18.dvdfab.cn/flag.php
request HEAD http://d217.dvdfab.cn/download/dvdfab_downloader_2300_5f953c0c.exe
request GET http://d217.dvdfab.cn/flag.php
request HEAD http://d207.dvdfab.cn/download/dvdfab_downloader_2300_5f953c0c.exe
request GET http://d207.dvdfab.cn/flag.php
request HEAD http://d140.dvdfab.cn/download/dvdfab_downloader_2300_5f953c0c.exe
request GET http://d140.dvdfab.cn/flag.php
request HEAD http://d38pejq7ns53wn.cloudfront.net/download/dvdfab_downloader_2300_5f953c0c.exe
request GET http://d207.dvdfab.cn/download/dvdfab_downloader_2300_5f953c0c.exe
request GET http://d18.dvdfab.cn/download/dvdfab_downloader_2300_5f953c0c.exe
Sends data using the HTTP POST Method (1 个事件)
request POST http://app-api.vidusoft.com/api/install/online.php
Queries the disk size which could be used to detect virtual machine with small fixed size or dynamic allocation (1 个事件)
Time & API Arguments Status Return Repeated
1620905040.682124
GetDiskFreeSpaceExW
root_path: C:\
free_bytes_available: 19608084480
total_number_of_free_bytes: 19608084480
total_number_of_bytes: 34252779520
success 1 0
Foreign language identified in PE resource (50 out of 56 个事件)
name TXT language LANG_CHINESE offset 0x001d6fb8 filetype ASCII text, with no line terminators sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x0000001d
name TXT language LANG_CHINESE offset 0x001d6fb8 filetype ASCII text, with no line terminators sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x0000001d
name XML language LANG_CHINESE offset 0x001d89fc filetype XML 1.0 document, ASCII text sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00001a24
name XML language LANG_CHINESE offset 0x001d89fc filetype XML 1.0 document, ASCII text sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00001a24
name RT_BITMAP language LANG_CHINESE offset 0x00436b34 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00047142
name RT_BITMAP language LANG_CHINESE offset 0x00436b34 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00047142
name RT_BITMAP language LANG_CHINESE offset 0x00436b34 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00047142
name RT_BITMAP language LANG_CHINESE offset 0x00436b34 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00047142
name RT_BITMAP language LANG_CHINESE offset 0x00436b34 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00047142
name RT_BITMAP language LANG_CHINESE offset 0x00436b34 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00047142
name RT_BITMAP language LANG_CHINESE offset 0x00436b34 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00047142
name RT_BITMAP language LANG_CHINESE offset 0x00436b34 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00047142
name RT_BITMAP language LANG_CHINESE offset 0x00436b34 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00047142
name RT_BITMAP language LANG_CHINESE offset 0x00436b34 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00047142
name RT_BITMAP language LANG_CHINESE offset 0x00436b34 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00047142
name RT_BITMAP language LANG_CHINESE offset 0x00436b34 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00047142
name RT_BITMAP language LANG_CHINESE offset 0x00436b34 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00047142
name RT_BITMAP language LANG_CHINESE offset 0x00436b34 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00047142
name RT_BITMAP language LANG_CHINESE offset 0x00436b34 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00047142
name RT_BITMAP language LANG_CHINESE offset 0x00436b34 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00047142
name RT_BITMAP language LANG_CHINESE offset 0x00436b34 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00047142
name RT_BITMAP language LANG_CHINESE offset 0x00436b34 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00047142
name RT_BITMAP language LANG_CHINESE offset 0x00436b34 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00047142
name RT_BITMAP language LANG_CHINESE offset 0x00436b34 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00047142
name RT_BITMAP language LANG_CHINESE offset 0x00436b34 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00047142
name RT_BITMAP language LANG_CHINESE offset 0x00436b34 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00047142
name RT_BITMAP language LANG_CHINESE offset 0x00436b34 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00047142
name RT_BITMAP language LANG_CHINESE offset 0x00436b34 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00047142
name RT_BITMAP language LANG_CHINESE offset 0x00436b34 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00047142
name RT_BITMAP language LANG_CHINESE offset 0x00436b34 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00047142
name RT_BITMAP language LANG_CHINESE offset 0x00436b34 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00047142
name RT_BITMAP language LANG_CHINESE offset 0x00436b34 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00047142
name RT_BITMAP language LANG_CHINESE offset 0x00436b34 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00047142
name RT_BITMAP language LANG_CHINESE offset 0x00436b34 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00047142
name RT_BITMAP language LANG_CHINESE offset 0x00436b34 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00047142
name RT_BITMAP language LANG_CHINESE offset 0x00436b34 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00047142
name RT_BITMAP language LANG_CHINESE offset 0x00436b34 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00047142
name RT_BITMAP language LANG_CHINESE offset 0x00436b34 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00047142
name RT_BITMAP language LANG_CHINESE offset 0x00436b34 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00047142
name RT_BITMAP language LANG_CHINESE offset 0x00436b34 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00047142
name RT_BITMAP language LANG_CHINESE offset 0x00436b34 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00047142
name RT_BITMAP language LANG_CHINESE offset 0x00436b34 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00047142
name RT_BITMAP language LANG_CHINESE offset 0x00436b34 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00047142
name RT_BITMAP language LANG_CHINESE offset 0x00436b34 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00047142
name RT_BITMAP language LANG_CHINESE offset 0x00436b34 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00047142
name RT_BITMAP language LANG_CHINESE offset 0x00436b34 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00047142
name RT_BITMAP language LANG_CHINESE offset 0x00436b34 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00047142
name RT_BITMAP language LANG_CHINESE offset 0x00436b34 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00047142
name RT_BITMAP language LANG_CHINESE offset 0x00436b34 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00047142
name RT_BITMAP language LANG_CHINESE offset 0x00436b34 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00047142
File has been identified by one AntiVirus engine on VirusTotal as malicious (1 个事件)
Paloalto generic.ml
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

2020-07-31 19:29:34

Imports

Library WS2_32.dll:
0x57150c ioctlsocket
0x571510 gethostname
0x571514 WSAEventSelect
0x571518 WSAGetLastError
0x57151c WSASocketW
0x571520 WSACreateEvent
0x571524 inet_ntoa
0x571528 gethostbyname
0x57152c WSACleanup
0x571530 getaddrinfo
0x571534 listen
0x571538 accept
0x57153c freeaddrinfo
0x571540 WSAStartup
0x571544 WSAIoctl
0x571548 socket
0x57154c setsockopt
0x571550 ntohs
0x571554 htons
0x571558 getsockopt
0x57155c getsockname
0x571560 getpeername
0x571564 connect
0x571568 closesocket
0x57156c bind
0x571570 send
0x571574 recv
0x571578 WSASetLastError
0x57157c select
0x571580 __WSAFDIsSet
0x571584 recvfrom
0x571590 sendto
0x571594 inet_addr
Library WLDAP32.dll:
0x5714c8
0x5714cc
0x5714d0
0x5714d4
0x5714d8
0x5714dc
0x5714e0
0x5714e4
0x5714e8
0x5714ec
0x5714f0
0x5714f4
0x5714f8
0x5714fc
0x571500
0x571504
Library KERNEL32.dll:
0x5710bc HeapFree
0x5710c0 ExitThread
0x5710c4 CreateThread
0x5710c8 GetStringTypeW
0x5710cc DecodePointer
0x5710d0 GetTickCount
0x5710d8 Sleep
0x5710dc LoadLibraryA
0x5710e0 GetProcAddress
0x5710e4 FreeLibrary
0x5710e8 GetVersionExW
0x5710ec WaitForSingleObject
0x5710f0 TerminateProcess
0x5710f4 GetExitCodeProcess
0x5710f8 CloseHandle
0x5710fc WideCharToMultiByte
0x571100 GetLastError
0x571104 MulDiv
0x571108 OutputDebugStringW
0x571110 OutputDebugStringA
0x571114 DeleteFileA
0x571118 GetCommandLineW
0x57111c LoadLibraryW
0x571120 VirtualAlloc
0x571124 VirtualFree
0x571128 GetModuleHandleA
0x57112c GetVersionExA
0x571140 SetEvent
0x571144 ResetEvent
0x571148 ReleaseSemaphore
0x57114c CreateEventA
0x571150 CreateSemaphoreA
0x571154 AreFileApisANSI
0x571158 MultiByteToWideChar
0x57115c LoadLibraryExW
0x571160 GetModuleFileNameA
0x571164 GetModuleFileNameW
0x571168 LocalFree
0x57116c FormatMessageA
0x571170 FormatMessageW
0x571174 GetCurrentProcessId
0x571178 GetCurrentThreadId
0x57117c SetLastError
0x571180 SetFileTime
0x571184 GetModuleHandleW
0x571188 GetSystemDirectoryA
0x57118c GetTempPathA
0x571190 GetTempPathW
0x5711a4 CreateDirectoryA
0x5711a8 CreateDirectoryW
0x5711ac RemoveDirectoryA
0x5711b0 RemoveDirectoryW
0x5711b4 CreateFileW
0x5711b8 SetFileAttributesA
0x5711bc SetFileAttributesW
0x5711c0 DeleteFileW
0x5711c4 MoveFileA
0x5711c8 MoveFileW
0x5711cc FindClose
0x5711d4 HeapAlloc
0x5711d8 GetFileAttributesA
0x5711dc GetFileAttributesW
0x5711e0 FindFirstFileA
0x5711e4 FindFirstFileW
0x5711e8 FindNextFileA
0x5711ec FindNextFileW
0x5711f0 GetFileSize
0x5711f4 WriteFile
0x5711f8 ReadFile
0x5711fc DeviceIoControl
0x571200 SetEndOfFile
0x571204 SetFilePointer
0x571208 CreateFileA
0x571210 GetDriveTypeW
0x571214 GetDiskFreeSpaceA
0x571218 GetDiskFreeSpaceW
0x57121c GetCurrentProcess
0x571220 CompareFileTime
0x571228 GlobalMemoryStatus
0x57122c GetSystemInfo
0x571248 GetStdHandle
0x571254 MapViewOfFile
0x571258 UnmapViewOfFile
0x57125c OpenEventA
0x571260 OpenFileMappingA
0x571264 GetProcessTimes
0x57126c SetFileApisToOEM
0x571274 GetConsoleMode
0x571278 SetConsoleMode
0x571280 Process32FirstW
0x571284 lstrcmpiW
0x571288 Process32NextW
0x57128c OpenProcess
0x571290 GetDiskFreeSpaceExA
0x571294 FindResourceW
0x571298 SizeofResource
0x57129c LoadResource
0x5712a0 LockResource
0x5712a8 GetLocaleInfoA
0x5712ac ReleaseMutex
0x5712b0 CreateMutexW
0x5712b4 GetLocalTime
0x5712c0 SleepEx
0x5712c4 GetTickCount64
0x5712cc GetFileType
0x5712d0 PeekNamedPipe
0x5712d8 VerSetConditionMask
0x5712dc VerifyVersionInfoA
0x5712e4 EncodePointer
0x5712ec IsDebuggerPresent
0x5712f0 RtlUnwind
0x5712f4 RaiseException
0x5712f8 HeapReAlloc
0x5712fc SetFilePointerEx
0x571300 GetCPInfo
0x57130c TlsAlloc
0x571310 TlsGetValue
0x571314 TlsSetValue
0x571318 TlsFree
0x57131c GetStartupInfoW
0x571320 CompareStringW
0x571324 LCMapStringW
0x571328 GetLocaleInfoW
0x57132c IsValidLocale
0x571330 GetUserDefaultLCID
0x571334 EnumSystemLocalesW
0x571338 ExitProcess
0x57133c GetModuleHandleExW
0x571340 HeapSize
0x571344 GetProcessHeap
0x571348 FlushFileBuffers
0x57134c GetConsoleCP
0x571358 IsValidCodePage
0x57135c GetACP
0x571360 GetOEMCP
0x571368 ReadConsoleW
0x57136c FindFirstFileExW
0x571374 SetStdHandle
0x571378 WriteConsoleW
0x571380 GetFullPathNameW
Library USER32.dll:
0x571400 LoadIconW
0x571404 SetWindowTextA
0x571408 MoveWindow
0x57140c EnableWindow
0x571410 KillTimer
0x571414 wsprintfW
0x571418 DrawTextA
0x57141c ReleaseDC
0x571420 DrawTextW
0x571424 FillRect
0x571428 GetClientRect
0x57142c SendMessageA
0x571430 DialogBoxParamW
0x571434 LoadStringW
0x571438 SetWindowPos
0x57143c GetSystemMetrics
0x571440 GetWindowRect
0x571444 CreateDialogParamW
0x571448 ShowWindow
0x57144c SetWindowTextW
0x571450 SetTimer
0x571454 CreateWindowExW
0x571458 OffsetRect
0x57145c EndDialog
0x571460 MessageBoxW
0x571464 FindWindowW
0x571468 PostMessageW
0x57146c LoadBitmapW
0x571470 GetDlgItem
0x571474 SendMessageW
0x571478 GetWindowTextW
0x571480 DefWindowProcW
0x571484 LoadCursorW
0x571488 RegisterClassExW
0x57148c GetWindowLongW
0x571490 SetWindowLongW
0x571494 DestroyWindow
0x571498 GetWindowRgn
0x57149c ReleaseCapture
0x5714a0 CharUpperA
0x5714a4 CharUpperW
0x5714a8 CharPrevExA
0x5714ac SetCapture
0x5714b0 ClientToScreen
0x5714b4 InvalidateRect
0x5714b8 CharLowerW
0x5714c0 GetDC
Library GDI32.dll:
0x57106c PtInRegion
0x571070 CreateRectRgn
0x571074 CreateDIBSection
0x571078 CreateFontIndirectW
0x57107c GetDeviceCaps
0x571080 DeleteDC
0x571084 BitBlt
0x571088 SetTextColor
0x57108c SetBkMode
0x571090 CreateSolidBrush
0x571094 SelectObject
0x571098 CreateCompatibleDC
0x57109c SetBitmapBits
0x5710a4 GetBitmapBits
0x5710a8 DeleteObject
0x5710ac GetObjectW
Library ADVAPI32.dll:
0x571000 RegOpenKeyExA
0x571004 CryptEncrypt
0x571008 CryptImportKey
0x57100c CryptDestroyKey
0x571010 CryptDestroyHash
0x571014 CryptHashData
0x571018 CryptCreateHash
0x57101c CryptGetHashParam
0x571020 CryptReleaseContext
0x571028 RegQueryInfoKeyA
0x57102c RegEnumKeyA
0x571030 RegCreateKeyExA
0x571034 FreeSid
0x571040 OpenProcessToken
0x571048 SetFileSecurityW
0x571050 GetFileSecurityW
0x571054 RegQueryValueExA
0x571058 RegCloseKey
0x57105c RegSetValueExA
0x571060 RegDeleteKeyA
0x571064 DuplicateTokenEx
Library SHELL32.dll:
0x5713b4 ShellExecuteW
0x5713b8 SHBrowseForFolderW
0x5713c4 ShellExecuteExW
0x5713c8 SHGetFolderPathW
Library ole32.dll:
0x5715a4 CoUninitialize
0x5715a8 CoTaskMemFree
0x5715ac CoCreateInstance
0x5715b0 CoCreateGuid
0x5715b4 CoInitialize
Library OLEAUT32.dll:
0x571398 SysStringLen
0x57139c SysAllocString
0x5713a0 VariantClear
0x5713a4 VariantCopy
0x5713a8 SysFreeString
0x5713ac SysAllocStringLen
Library SHLWAPI.dll:
0x5713d4 StrCpyW
0x5713d8 PathRemoveFileSpecW
0x5713dc PathAppendW
0x5713e0 PathFileExistsA
0x5713e4 PathAppendA
0x5713e8 StrCatW
0x5713ec StrRChrW
0x5713f0 StrChrW
0x5713f4 StrCpyNW
0x5713f8 PathFileExistsW
Library NETAPI32.dll:
0x57138c NetApiBufferFree
0x571390 NetWkstaGetInfo
Library IPHLPAPI.DLL:
0x5710b4 GetAdaptersInfo
Library dbghelp.dll:
0x57159c MiniDumpWriteDump

Hosts

No hosts contacted.

TCP

Source Source Port Destination Destination Port
192.168.56.101 49195 184.107.72.207 d207.dvdfab.cn 80
192.168.56.101 49196 184.107.72.207 d207.dvdfab.cn 80
192.168.56.101 49206 184.107.72.207 d207.dvdfab.cn 80
192.168.56.101 49189 194.58.115.17 d17.dvdfab.cn 80
192.168.56.101 49190 194.58.115.17 d17.dvdfab.cn 80
192.168.56.101 49191 194.58.115.18 d18.dvdfab.cn 80
192.168.56.101 49192 194.58.115.18 d18.dvdfab.cn 80
192.168.56.101 49209 194.58.115.18 d18.dvdfab.cn 80
192.168.56.101 49211 194.58.115.18 d18.dvdfab.cn 80
192.168.56.101 49177 194.58.115.8 app-api.vidusoft.com 80
192.168.56.101 49178 194.58.115.8 app-api.vidusoft.com 80
192.168.56.101 49179 194.58.115.8 app-api.vidusoft.com 80
192.168.56.101 49180 194.58.115.8 app-api.vidusoft.com 80
192.168.56.101 49181 194.58.115.8 app-api.vidusoft.com 80
192.168.56.101 49182 194.58.115.8 app-api.vidusoft.com 80
192.168.56.101 49183 194.58.115.8 app-api.vidusoft.com 80
192.168.56.101 49184 194.58.115.8 app-api.vidusoft.com 80
192.168.56.101 49186 194.58.115.8 app-api.vidusoft.com 80
192.168.56.101 49187 194.58.115.8 app-api.vidusoft.com 80
192.168.56.101 49201 46.165.244.140 d140.dvdfab.cn 80

UDP

Source Source Port Destination Destination Port
192.168.56.101 49713 114.114.114.114 53
192.168.56.101 50002 114.114.114.114 53
192.168.56.101 50568 114.114.114.114 53
192.168.56.101 53237 114.114.114.114 53
192.168.56.101 57756 114.114.114.114 53
192.168.56.101 58367 114.114.114.114 53
192.168.56.101 60384 114.114.114.114 53
192.168.56.101 61680 114.114.114.114 53
192.168.56.101 62318 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 123 20.189.79.72 time.windows.com 123
192.168.56.101 49235 224.0.0.252 5355
192.168.56.101 50534 224.0.0.252 5355
192.168.56.101 51963 224.0.0.252 5355
192.168.56.101 53657 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 57874 224.0.0.252 5355
192.168.56.101 62191 224.0.0.252 5355
192.168.56.101 63429 224.0.0.252 5355

HTTP & HTTPS Requests

URI Data
http://d217.dvdfab.cn/download/dvdfab_downloader_2300_5f953c0c.exe 
HEAD /download/dvdfab_downloader_2300_5f953c0c.exe HTTP/1.1
Host: d217.dvdfab.cn
User-Agent: Lavf/55.13.102
Accept: */*
http://d207.dvdfab.cn/download/dvdfab_downloader_2300_5f953c0c.exe 
GET /download/dvdfab_downloader_2300_5f953c0c.exe HTTP/1.1
Host: d207.dvdfab.cn
Range: bytes=56496315-75328419
User-Agent: Downloader
Accept: */*
http://app-api.vidusoft.com/api/install/online.php 
POST /api/install/online.php HTTP/1.1
Host: app-api.vidusoft.com
Accept: */*
Content-Length: 632
Content-Type: multipart/form-data; boundary=------------------------c6c1ade3db1fe2d6
http://d18.dvdfab.cn/download/dvdfab_downloader_2300_5f953c0c.exe 
HEAD /download/dvdfab_downloader_2300_5f953c0c.exe HTTP/1.1
Host: d18.dvdfab.cn
User-Agent: Lavf/55.13.102
Accept: */*
http://d140.dvdfab.cn/flag.php 
GET /flag.php HTTP/1.1
Host: d140.dvdfab.cn
Accept: */*
http://d217.dvdfab.cn/flag.php 
GET /flag.php HTTP/1.1
Host: d217.dvdfab.cn
Accept: */*
http://d18.dvdfab.cn/download/dvdfab_downloader_2300_5f953c0c.exe 
GET /download/dvdfab_downloader_2300_5f953c0c.exe HTTP/1.1
Host: d18.dvdfab.cn
Range: bytes=94160525-112992631
User-Agent: Downloader
Accept: */*
http://d18.dvdfab.cn/flag.php 
GET /flag.php HTTP/1.1
Host: d18.dvdfab.cn
Accept: */*
http://d17.dvdfab.cn/flag.php 
GET /flag.php HTTP/1.1
Host: d17.dvdfab.cn
Accept: */*
http://d38pejq7ns53wn.cloudfront.net/download/dvdfab_downloader_2300_5f953c0c.exe 
HEAD /download/dvdfab_downloader_2300_5f953c0c.exe HTTP/1.1
Host: d38pejq7ns53wn.cloudfront.net
User-Agent: Lavf/55.13.102
Accept: */*

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.