8.6
极危
24 个模型检测该样本为恶意!
重新分析
更多

927ce789a7fc1704e03cf27dd60837b6a215ea3a03c700fed701593f7606cd1f

d751d9e784a2f5ae4d1771caec8fff4d.exe

分析耗时

90s

最近分析

文件大小

99.6KB
静态报毒 动态报毒 AGIM AKUA ARTEMIS AUTORUNER1 GENERIC PUA BF HLLW HW32 KCLOUD MODIFIEDUPX PEDKA POSIBLE R0CBH07AI14 WORM32 ZONA ZVUZONA 更多
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
McAfee Artemis!D751D9E784A2 20140118 5.600.0.1067
Avast 20140118 8.0.1489.320
Kingsoft Win32.Troj.Generic.a.(kcloud) 20130829 2013.4.9.267
静态指标
Queries for the computername (1 个事件)
Time & API Arguments Status Return Repeated
1621008623.366626
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available (1 个事件)
Time & API Arguments Status Return Repeated
1621008617.225999
GlobalMemoryStatusEx
success 1 0
The file contains an unknown PE resource name possibly indicative of a packer (3 个事件)
resource name I18N
resource name JAR
resource name SOL
行为判定
动态指标
One or more potentially interesting buffers were extracted, these generally contain injected code, configuration data, etc.
Performs some HTTP requests (3 个事件)
request GET http://stat.zvu.com/installer.html?param=ed84ff5985ee5d78424e538c61f439342a2ea9ef4c840fd09add337d57cf62a5ee9e318e63af818a08cbdf4f1f24e7a877e435c9ae5a52a5726be07d0018fc5d89805a30c33a071d9a7d1512dd1dfecf368f09a84e1ccdf6431183acb4644e5ae068ac60eafa0cf3d8902b78a82856b25436b441585c9a752eb5ccbb51144243d628788f7c8c9767840fd440af392fc53f397a7514e4d2c00e1d5c0fd15ebddb43d2d59d6a33b73150849cdd29b5cc56425928b4bd26587261162b41fef204f5256dbbb92ccb2a59b3cc0fb98c142e3480b08f218a6eba58cb69809d3c0770b3a973d4a72d91bfb61df93fe2ca116750449057f6a172514545ac5a5445580a19ffd387c19984a37d1eeeec689373139e
request GET http://zvu.com/img/no-cover.jpg
request GET http://dl.zvu.com/dl/zvu-18.0.1.ru.win7_32.installer.exe
Queries the disk size which could be used to detect virtual machine with small fixed size or dynamic allocation (1 个事件)
Time & API Arguments Status Return Repeated
1621008621.913999
GetDiskFreeSpaceExW
root_path: C:\
free_bytes_available: 19611471872
total_number_of_free_bytes: 19611471872
total_number_of_bytes: 34252779520
success 1 0
Creates executable files on the filesystem (2 个事件)
file C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\ZvuInstaller.exe
file C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\hd.vbs
Drops an executable to the user AppData folder (1 个事件)
file C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\ZvuInstaller.exe
Executes one or more WMI queries (1 个事件)
wmi Select * from Win32_DiskDrive
Checks adapter addresses which can be used to detect virtual network interfaces (1 个事件)
Time & API Arguments Status Return Repeated
1621008629.647999
GetAdaptersAddresses
flags: 0
family: 0
failed 111 0
An executable file was downloaded by the process d751d9e784a2f5ae4d1771caec8fff4d.exe (1 个事件)
Time & API Arguments Status Return Repeated
1621008639.491999
InternetReadFile
buffer: MZÿÿ¸@ິ Í!¸LÍ!This program cannot be run in DOS mode. $ðHô)u´)u´)ué ~·)u75{¼)ué ¿)ué q¶)u´)t )uw&(¿)uë ~Š)us/sµ)uRich´)uPELfJâDà *°?@@P”àpŒªm@´.textÂ)* `.rdataâ9@:.@@.data¤ €h@À.rsrcªmnp@@V‹ñNè*3ɍFx‰Nt‰H‰H‰H Ç@ÇèAAÆFhˆ‹Æ^ÂV‹ñè3ÀÇF`‰FT‰FX‰F\ÇFPðAA‹Æ^ÃV‹Áj3ÉZ‰H‰H‰H ‰PÇBAj‰P$^ºBA‰H‰H‰H Ç@øAA‰H,‰H0‰H4‰p8‰P(‰pL‰H@‰HD‰HH‰P<^ø"AèW ìôS‹ÙVWMÐè*ÇEÐlBAE°3ÿP‰}ü‰}¬ÿ @AÿuM¬ÆEüèW׋u‰}ð‹F0;ÇŽÖ‹}j蟅ÀYtƒ`Ç\BA‹ðë3ö…ö‰uèt‹VÿPE¬j‰F‹E ‰F‹E‰F‹E ‹OÆEüMèǞ…ÀYtƒ`ƒ`ÇLBA‰Eëƒe‹E…À‰Eìt‹PÿQÿw‹MÆEüÿ7VèñʍEìMÐPèå‹EìÆEü…Àt‹PÿQ…öÆEüt‹VÿPÿEð‹E‹MðƒÇ;H0Œ1ÿÿÿ‹ð3ÿ‹Fÿÿÿ‰EäènþÿÿPÿÿÿÆEüè⍅ÿÿÿÆEüPVè÷ €;tCP…ÿÿÿPè öØÀþÀˆE „ȍKx螦‹Ctst3ÿ;Çt‹PÿQ‰>€{htAhÀèĝY‰E;ÇÆEüt ‹Èè±eë3ÀP‹ÎÆEü‰ClèÉՋCl;ÇtƒÀë3À‰Cp‹Kp•ÿÿÿR‹ÿ9}ä‰}ðŽ73ö‹E‹Mð‹@ ‹ˆ‹Hƒ8‹9…qƒx…g‰u‰uh8€AWÆEüèP_„Àt.hxè*Y‰Eè;ÆÆEü t ‹ÈèÊë3ÀPMÆEüè1ÕhH€AWè_„Àt5jèðœ‹ðY‰uè…öÆEü t‹Îè Ç0BAë3öVMÆEüèïÔ3öhh€AWèÏ^„Àt+j謜;ÆYt‰p‰p‰p‰pÇ BAë3ÀPMè³Ô9ut:j`è|œY‰Eè;ÆÆEü t ‹Èè:u‹ðë3öVMÆEüèÔÿuNXèvÔ3ö‹E;Æ„M‰Eì‹PÿQEìKxPÆEüè)‹EìÆEü;Æt‹PÿQ€{ht ÿu‹Klè§h‹EÆEü;Æt‹PÿQ‹EÆEü鑉uhX€AWÆEüèì]„Àt.hÀèƛY‰E;ÆÆEüt ‹Èè6 ë3ÀPMÆEüèÍӋE;Æ„ ‰E‹PÿQEKxPÆEüè‚ ‹EÆEü;Æt‹PÿQ€{ht ÿu‹Klèh‹EÆEü;Æt‹PÿQÿEð‹Eð;EäŒËýÿÿ…ÿÿÿKPè¥ Æ3ÿ‹Kp‹ÿP9}ä‰}è‰}‰}쎺‰}‹E‹Mìƒeð‹@ ‹4ˆ‹M‹F‹8‹ƒ„‹‹UðRhpHA‹PÆEüÿ‹Eð…Àt(‹Oƒùÿ‡9…Év‹‹QWPÿR ‹ø…ÿ…w‹Eð…ÀÆEüt‹PÿQ‹ƒE‹vjM‰EÌè¿BA‰}j|ÿÿÿÆEüèf‰½|ÿÿÿÿu̍MÆEüèd£V|ÿÿÿèX£‹}…öv‹GH‹Mȍ|ÿÿÿPè; ÿENuåƒeȃ}̆J‹uè‹O3҅ÉŽâ‹G 90„ÓBƒÀ;Ñ|ðéʋMÆEü;Ît ‹QÿP‹E;ÆÆEüt‹PÿQPÿÿÿÆEü èf¢ÿÿÿÆEüèÄ€eüE°Pÿ@AM¬èô ÇEÐlBAÇEü ëBPÿÿÿÆEüè"¢ÿÿÿÆEü耀eüE°Pÿ@AM¬è° ÇEÐlBAÇEüMÐè÷¡ƒMüÿMÐèÛ¡¸@€é‹ÂëƒÈÿ…À| ‹O ‹DÁ‹OHë&‹O03҅É~‹G490tvBƒÀ;Ñ|ôƒÈÿ…ÀŒ,‹MÁMPèð ÿEÈF‹Eȉuè;EÌ‚¹þÿÿÿuˆ‹Kp‹uìÿuœ‹VÿP|ÿÿÿÆEüèT¡MÆEüèH¡F;uä‰u쌊ýÿÿ3ÿé:‹Â둅ÀÆEüt‹PÿQPÿÿÿÆEü衍ÿÿÿÆEüèq€eüE°Pÿ@AM¬è¡ ÇEÐlBAÇEü¿@€ëS‹EðÆEü…Àt‹PÿQPÿÿÿÆEüè¹ ÿÿÿÆEüè€eüE°Pÿ@AM¬èG ÇEÐlBAÇEüMÐ莠ƒMüÿMÐèr ‹Ç鰍|ÿÿÿÆEüè\ MÆEüèP PÿÿÿÆEüèA ÿÿÿÆEü蟀eüM¬èèÇEÐlBAMÐÇEüè  ƒMüÿMÐè ¸@€é?…dÿÿÿÿÿÿPE¤P‹…Hÿÿÿÿ0èk€{ht ‹Cl‹M¤‰ˆ¼9}äu?PÿÿÿÆEü趟ÿÿÿÆEüè€eüM¬è]ÇEÐlBAÇEü3öéµjhÿÿÿèÏDžhÿÿÿBAÿu؍hÿÿÿÆEüèƟ3ö9}Ø~‹E܍hÿÿÿ‹°ÿ0è«F;uØ|çÿu ‹EU¨‰E¨‹CtjWRÿu؋WÿµtÿÿÿPÿQ hÿÿÿ‹ðÆEüè ŸPÿÿÿÆEü èúžÿÿÿÆEüèX€eüM¬è¡ÇEÐlBAÇEü!MÐèٞƒMüÿMÐ轞‹Æ‹Mô_^[d‰ É‹Á3ɉH‰H‰H ‹L$‰HÇtBAÂV‹ñ腞öD$tVèù•Y‹Æ^ÂU‹ì‹U VWƒ"ƒyv‹}‹‹q ‹tÆ;þr+þ@‰;AréE hÀJAPÇE 蛋E‰8_^] V‹t$ÿN‹Fu…öt‹Îè V艕Y3À^‹A…Àt‹PÿQø+"Aè3QV‹ñ‰uðÇàBAÇFÐBAÇFÀBAƒf Nè=ƒeüN8èrÀƒ¦8‹Mô€¦pÇœBAÇFŒBAÇF|BA‹Æ^d‰ ÉËÁ3ɉ‰H‰H‰H ÃU‹ìjhpHAÿu èõƒÄ …Àu ‹E‹ÈPëjh`HAÿu èÕƒÄ …Àu‹E‹ÈP÷ÙÉP#ʋU‰ ‹ÿQ3Àë¸@€] ‹L$ÿI ‹A u …Ét‹jÿP 3ÀÂV‹ñèöD$tVèf”Y‹Æ^¸C"AèQV‹ñW‰uðÇœBA
request_handle: 0x00cc0014
success 1 0
The binary likely contains encrypted or compressed data indicative of a packer (2 个事件)
entropy 7.984385992672198 section {'size_of_data': '0x00014200', 'virtual_address': '0x0001c000', 'entropy': 7.984385992672198, 'name': 'UPX1', 'virtual_size': '0x00015000'} description A section with a high entropy has been found
entropy 0.8256410256410256 description Overall entropy of this PE file is high
The executable is compressed using UPX (2 个事件)
section UPX0 description Section name indicates UPX
section UPX1 description Section name indicates UPX
网络通信
Communicates with host for which no DNS query was performed (1 个事件)
host 172.217.24.14
Sets or modifies WPAD proxy autoconfiguration file for traffic interception (22 个事件)
Time & API Arguments Status Return Repeated
1621008632.194999
RegSetValueExA
key_handle: 0x000004f0
value: 1
regkey_r: WpadDecisionReason
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionReason
success 0 0
1621008632.194999
RegSetValueExA
key_handle: 0x000004f0
value: þa”¦H×
regkey_r: WpadDecisionTime
reg_type: 3 (REG_BINARY)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionTime
success 0 0
1621008632.194999
RegSetValueExA
key_handle: 0x000004f0
value: 3
regkey_r: WpadDecision
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecision
success 0 0
1621008632.194999
RegSetValueExW
key_handle: 0x000004f0
value: 网络 2
regkey_r: WpadNetworkName
reg_type: 1 (REG_SZ)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadNetworkName
success 0 0
1621008632.209999
RegSetValueExA
key_handle: 0x00000508
value: 1
regkey_r: WpadDecisionReason
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionReason
success 0 0
1621008632.209999
RegSetValueExA
key_handle: 0x00000508
value: þa”¦H×
regkey_r: WpadDecisionTime
reg_type: 3 (REG_BINARY)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionTime
success 0 0
1621008632.209999
RegSetValueExA
key_handle: 0x00000508
value: 3
regkey_r: WpadDecision
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecision
success 0 0
1621008632.256999
RegSetValueExW
key_handle: 0x000004ec
value: {40112ABE-63B3-43C3-BE93-1440EE3AF106}
regkey_r: WpadLastNetwork
reg_type: 1 (REG_SZ)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\WpadLastNetwork
success 0 0
1621008633.319999
RegSetValueExA
key_handle: 0x00000308
value: 1
regkey_r: WpadDecisionReason
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionReason
success 0 0
1621008633.319999
RegSetValueExA
key_handle: 0x00000308
value: p§ •¦H×
regkey_r: WpadDecisionTime
reg_type: 3 (REG_BINARY)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionTime
success 0 0
1621008633.319999
RegSetValueExA
key_handle: 0x00000308
value: 0
regkey_r: WpadDecision
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecision
success 0 0
1621008633.319999
RegSetValueExW
key_handle: 0x00000308
value: 网络 2
regkey_r: WpadNetworkName
reg_type: 1 (REG_SZ)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadNetworkName
success 0 0
1621008633.319999
RegSetValueExA
key_handle: 0x0000030c
value: 1
regkey_r: WpadDecisionReason
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionReason
success 0 0
1621008633.319999
RegSetValueExA
key_handle: 0x0000030c
value: p§ •¦H×
regkey_r: WpadDecisionTime
reg_type: 3 (REG_BINARY)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionTime
success 0 0
1621008633.319999
RegSetValueExA
key_handle: 0x0000030c
value: 0
regkey_r: WpadDecision
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecision
success 0 0
1621008633.366999
RegSetValueExA
key_handle: 0x00000348
value: 1
regkey_r: WpadDecisionReason
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionReason
success 0 0
1621008633.366999
RegSetValueExA
key_handle: 0x00000348
value: `Ó•¦H×
regkey_r: WpadDecisionTime
reg_type: 3 (REG_BINARY)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionTime
success 0 0
1621008633.366999
RegSetValueExA
key_handle: 0x00000348
value: 0
regkey_r: WpadDecision
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecision
success 0 0
1621008633.366999
RegSetValueExW
key_handle: 0x00000348
value: 网络 2
regkey_r: WpadNetworkName
reg_type: 1 (REG_SZ)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadNetworkName
success 0 0
1621008633.366999
RegSetValueExA
key_handle: 0x00000508
value: 1
regkey_r: WpadDecisionReason
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionReason
success 0 0
1621008633.366999
RegSetValueExA
key_handle: 0x00000508
value: `Ó•¦H×
regkey_r: WpadDecisionTime
reg_type: 3 (REG_BINARY)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionTime
success 0 0
1621008633.366999
RegSetValueExA
key_handle: 0x00000508
value: 0
regkey_r: WpadDecision
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecision
success 0 0
Network activity contains more than one unique useragent (2 个事件)
process d751d9e784a2f5ae4d1771caec8fff4d.exe useragent ZONA_httpget
process d751d9e784a2f5ae4d1771caec8fff4d.exe useragent Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Resumed a suspended thread in a remote process potentially indicative of process injection (2 个事件)
Process injection Process 1108 resumed a thread in remote process 2120
Time & API Arguments Status Return Repeated
1621008620.616999
NtResumeThread
thread_handle: 0x00000110
suspend_count: 1
process_identifier: 2120
success 0 0
Generates some ICMP traffic
File has been identified by 24 AntiVirus engines on VirusTotal as malicious (24 个事件)
Bkav HW32.Pedka.akua
MicroWorld-eScan Trojan.Generic.10327002
nProtect Trojan.Generic.10327002
McAfee Artemis!D751D9E784A2
TheHacker Posible_Worm32
K7GW Trojan ( 0048c3f81 )
K7AntiVirus Trojan ( 0048c3f81 )
TrendMicro-HouseCall TROJ_GEN.R0CBH07AI14
Kaspersky not-a-virus:AdWare.Win32.ZvuZona.a
BitDefender Trojan.Generic.10327002
Ad-Aware Trojan.Generic.10327002
Sophos Generic PUA BF
Comodo Application.Win32.Zona.B
DrWeb Win32.HLLW.Autoruner1.33656
AntiVir SPR/ZvuZona.A
TrendMicro PAK_Generic.001
McAfee-GW-Edition Heuristic.BehavesLike.Win32.ModifiedUPX.C
Emsisoft Trojan.Generic.10327002 (B)
Kingsoft Win32.Troj.Generic.a.(kcloud)
GData Trojan.Generic.10327002
ESET-NOD32 a variant of Win32/ZvuZona.A
Ikarus AdWare.Win32.ZvuZona
Fortinet W32/ZvuZona.A
Baidu-International Adware.Win32.ZvuZona.AgIM
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

2013-02-15 22:13:42

Imports

Library KERNEL32.DLL:
0x4351e0 LoadLibraryA
0x4351e4 GetProcAddress
0x4351e8 VirtualProtect
0x4351ec VirtualAlloc
0x4351f0 VirtualFree
0x4351f4 ExitProcess
Library ADVAPI32.dll:
0x4351fc EqualSid
Library COMCTL32.dll:
0x435204
Library GDI32.dll:
0x43520c BitBlt
Library ole32.dll:
0x435214 OleRun
Library OLEAUT32.dll:
0x43521c GetErrorInfo
Library SHELL32.dll:
0x435224 ShellExecuteW
Library SHLWAPI.dll:
0x43522c PathIsDirectoryW
Library urlmon.dll:
Library USER32.dll:
0x43523c GetDC
Library WININET.dll:
0x435244 InternetOpenW

Hosts

No hosts contacted.

TCP

Source Source Port Destination Destination Port
192.168.56.101 49179 178.218.223.39 stat.zvu.com 80
192.168.56.101 49180 178.218.223.39 stat.zvu.com 80
192.168.56.101 49182 178.218.223.39 stat.zvu.com 80

UDP

Source Source Port Destination Destination Port
192.168.56.101 50002 114.114.114.114 53
192.168.56.101 50568 114.114.114.114 53
192.168.56.101 53237 114.114.114.114 53
192.168.56.101 57756 114.114.114.114 53
192.168.56.101 58367 114.114.114.114 53
192.168.56.101 61680 114.114.114.114 53
192.168.56.101 62318 114.114.114.114 53
192.168.56.101 62912 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 123 20.189.79.72 time.windows.com 123
192.168.56.101 49235 224.0.0.252 5355
192.168.56.101 50534 224.0.0.252 5355
192.168.56.101 51963 224.0.0.252 5355
192.168.56.101 53210 224.0.0.252 5355
192.168.56.101 53657 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 57874 224.0.0.252 5355
192.168.56.101 60384 224.0.0.252 5355
192.168.56.101 62191 224.0.0.252 5355

HTTP & HTTPS Requests

URI Data
http://zvu.com/img/no-cover.jpg 
GET /img/no-cover.jpg HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Host: zvu.com
Connection: Keep-Alive
http://dl.zvu.com/dl/zvu-18.0.1.ru.win7_32.installer.exe 
GET /dl/zvu-18.0.1.ru.win7_32.installer.exe HTTP/1.1
User-Agent: ZONA_httpget
Host: dl.zvu.com
Connection: Keep-Alive
Cache-Control: no-cache
http://stat.zvu.com/installer.html?param=ed84ff5985ee5d78424e538c61f439342a2ea9ef4c840fd09add337d57cf62a5ee9e318e63af818a08cbdf4f1f24e7a877e435c9ae5a52a5726be07d0018fc5d89805a30c33a071d9a7d1512dd1dfecf368f09a84e1ccdf6431183acb4644e5ae068ac60eafa0cf3d8902b78a82856b25436b441585c9a752eb5ccbb51144243d628788f7c8c9767840fd440af392fc53f397a7514e4d2c00e1d5c0fd15ebddb43d2d59d6a33b73150849cdd29b5cc56425928b4bd26587261162b41fef204f5256dbbb92ccb2a59b3cc0fb98c142e3480b08f218a6eba58cb69809d3c0770b3a973d4a72d91bfb61df93fe2ca116750449057f6a172514545ac5a5445580a19ffd387c19984a37d1eeeec689373139e 
GET /installer.html?param=ed84ff5985ee5d78424e538c61f439342a2ea9ef4c840fd09add337d57cf62a5ee9e318e63af818a08cbdf4f1f24e7a877e435c9ae5a52a5726be07d0018fc5d89805a30c33a071d9a7d1512dd1dfecf368f09a84e1ccdf6431183acb4644e5ae068ac60eafa0cf3d8902b78a82856b25436b441585c9a752eb5ccbb51144243d628788f7c8c9767840fd440af392fc53f397a7514e4d2c00e1d5c0fd15ebddb43d2d59d6a33b73150849cdd29b5cc56425928b4bd26587261162b41fef204f5256dbbb92ccb2a59b3cc0fb98c142e3480b08f218a6eba58cb69809d3c0770b3a973d4a72d91bfb61df93fe2ca116750449057f6a172514545ac5a5445580a19ffd387c19984a37d1eeeec689373139e HTTP/1.1
User-Agent: ZONA_httpget
Host: stat.zvu.com
Connection: Keep-Alive
Cache-Control: no-cache

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.