8.8
极危
55 个模型检测该样本为恶意!
重新分析
更多

5ec7e934d2cccb6639774b0100bcdc12861312975150b9cb91885581bb7b1563

f4eddf404c4fd0c48e7ce8f920b6ed52.exe

分析耗时

80s

最近分析

文件大小

93.0KB
静态报毒 动态报毒 100% AI SCORE=85 ATTRIBUTE BLADABINDI CONFIDENCE DGZLOG0ATIIHR DKMEAT DPORKYMJCKI EFAZ ELDORADO EMAILWORM FIDH FIW@AWISAID HIGH CONFIDENCE HIGHCONFIDENCE KEYLOGGERX MALICIOUS PE MODERATE MSILPKILL MULDROP7 OEJQ QVM03 R295982 SCORE SMJJ SUSGEN TRJGEN UNSAFE ZEMSILF 更多
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
Alibaba Backdoor:MSIL/Bladabindi.44ac401c 20190527 0.3.0.5
Baidu 20190318 1.0.0.2
Avast Win32:KeyloggerX-gen [Trj] 20200206 18.4.3895.0
Kingsoft 20200206 2013.8.14.323
McAfee Trojan-FIDH!F4EDDF404C4F 20200206 6.0.6.653
Tencent Msil.Worm.Autorun.Efaz 20200206 1.0.0.1
CrowdStrike win/malicious_confidence_100% (W) 20190702 1.0
静态指标
Queries for the computername (1 个事件)
Time & API Arguments Status Return Repeated
1620023865.652876
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
Checks if process is being debugged by a debugger (2 个事件)
Time & API Arguments Status Return Repeated
1619999686.532567
IsDebuggerPresent
failed 0 0
1620023852.371876
IsDebuggerPresent
failed 0 0
Command line console output was observed (2 个事件)
Time & API Arguments Status Return Repeated
1620023861.855626
WriteConsoleA
buffer: ÖØÒªÐÅÏ¢: Òѳɹ¦Ö´ÐÐÃüÁî¡£ µ«²»ÔÞ³ÉʹÓà "netsh firewall"£» ¶øÓ¦¸ÃʹÓà "netsh advfirewall firewall"¡£ ÓйØʹÓà "netsh advfirewall firewall" ÃüÁî ¶ø·Ç "netsh firewall" µÄÏêϸÐÅÏ¢£¬Çë²ÎÔÄ http://go.microsoft.com/fwlink/?linkid=121488 É쵀 KB ÎÄÕ 947709¡£
console_handle: 0x00000007
success 1 0
1620023861.871626
WriteConsoleA
buffer: È·¶¨¡£
console_handle: 0x00000007
success 1 0
Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available (1 个事件)
Time & API Arguments Status Return Repeated
1620023861.808876
GlobalMemoryStatusEx
success 1 0
One or more processes crashed (4 个事件)
Time & API Arguments Status Return Repeated
1619999688.704567
__exception__
stacktrace: 
_vsnprintf+0xa9 strncpy_s-0x79 ntdll+0x79e31 @ 0x77da9e31
IsBadReadPtr+0xcc CreateSemaphoreA-0x31 kernel32+0x3d141 @ 0x7637d141
OleCreateFromData+0x195 NdrProxyForwardingFunction4-0x81f ole32+0xc586d @ 0x767b586d
ObjectStublessClient31+0x886b STGMEDIUM_UserUnmarshal-0x20e43 ole32+0x998db @ 0x767898db
DllRegisterServerInternal+0x3df02 GetPrivateContextsPerfCounters-0x19797 mscorwks+0x94168 @ 0x73fc4168
0x55a81a
system+0x7a24ea @ 0x71aa24ea
system+0x7a30b4 @ 0x71aa30b4
system+0x7a2c0a @ 0x71aa2c0a
system+0x7a0de4 @ 0x71aa0de4
system+0x79e6da @ 0x71a9e6da
system+0x79f065 @ 0x71a9f065
0xae3835
0xae01db
CoUninitializeEE-0x29870 mscorwks+0x1b4c @ 0x73f31b4c
CoUninitializeEE-0x125de mscorwks+0x18dde @ 0x73f48dde
CoUninitializeEE-0x4990 mscorwks+0x26a2c @ 0x73f56a2c
CoUninitializeEE-0x495d mscorwks+0x26a5f @ 0x73f56a5f
CoUninitializeEE-0x493f mscorwks+0x26a7d @ 0x73f56a7d
StrongNameErrorInfo+0xfd79 _CorExeMain-0x4bf mscorwks+0xc6a8d @ 0x73ff6a8d
StrongNameErrorInfo+0xfc99 _CorExeMain-0x59f mscorwks+0xc69ad @ 0x73ff69ad
StrongNameErrorInfo+0x101b6 _CorExeMain-0x82 mscorwks+0xc6eca @ 0x73ff6eca
_CorExeMain+0x168 ClrCreateManagedInstance-0x42a6 mscorwks+0xc70b4 @ 0x73ff70b4
_CorExeMain+0x98 ClrCreateManagedInstance-0x4376 mscorwks+0xc6fe4 @ 0x73ff6fe4
_CorExeMain+0x38 _CorExeMain2-0x134 mscoreei+0x55ab @ 0x752655ab
CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x754e7f16
_CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x754e4de3
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 2551276
registers.edi: 3997696
registers.eax: 4294967288
registers.ebp: 2551320
registers.edx: 0
registers.ebx: 0
registers.esi: 0
registers.ecx: 3997696
exception.instruction_r: 80 78 07 05 0f 84 64 8a 01 00 f6 40 07 3f 0f 84
exception.symbol: _vsnprintf+0xd0 strncpy_s-0x52 ntdll+0x79e58
exception.instruction: cmp byte ptr [eax + 7], 5
exception.module: ntdll.dll
exception.exception_code: 0xc0000005
exception.offset: 499288
exception.address: 0x77da9e58
success 0 0
1620023853.387876
__exception__
stacktrace: 
_vsnprintf+0xa9 strncpy_s-0x79 ntdll+0x79e31 @ 0x77da9e31
IsBadReadPtr+0xcc CreateSemaphoreA-0x31 kernel32+0x3d141 @ 0x7637d141
OleCreateFromData+0x195 NdrProxyForwardingFunction4-0x81f ole32+0xc586d @ 0x767b586d
ObjectStublessClient31+0x886b STGMEDIUM_UserUnmarshal-0x20e43 ole32+0x998db @ 0x767898db
DllRegisterServerInternal+0x3df02 GetPrivateContextsPerfCounters-0x19797 mscorwks+0x94168 @ 0x73fc4168
0x3ea81a
system+0x7a24ea @ 0x71aa24ea
system+0x7a30b4 @ 0x71aa30b4
system+0x7a2c0a @ 0x71aa2c0a
system+0x7a0de4 @ 0x71aa0de4
system+0x79e6da @ 0x71a9e6da
system+0x79f065 @ 0x71a9f065
0x6f3835
0x6f01db
CoUninitializeEE-0x29870 mscorwks+0x1b4c @ 0x73f31b4c
CoUninitializeEE-0x125de mscorwks+0x18dde @ 0x73f48dde
CoUninitializeEE-0x4990 mscorwks+0x26a2c @ 0x73f56a2c
CoUninitializeEE-0x495d mscorwks+0x26a5f @ 0x73f56a5f
CoUninitializeEE-0x493f mscorwks+0x26a7d @ 0x73f56a7d
StrongNameErrorInfo+0xfd79 _CorExeMain-0x4bf mscorwks+0xc6a8d @ 0x73ff6a8d
StrongNameErrorInfo+0xfc99 _CorExeMain-0x59f mscorwks+0xc69ad @ 0x73ff69ad
StrongNameErrorInfo+0x101b6 _CorExeMain-0x82 mscorwks+0xc6eca @ 0x73ff6eca
_CorExeMain+0x168 ClrCreateManagedInstance-0x42a6 mscorwks+0xc70b4 @ 0x73ff70b4
_CorExeMain+0x98 ClrCreateManagedInstance-0x4376 mscorwks+0xc6fe4 @ 0x73ff6fe4
_CorExeMain+0x38 _CorExeMain2-0x134 mscoreei+0x55ab @ 0x752655ab
CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x754e7f16
_CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x754e4de3
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 3205628
registers.edi: 7536640
registers.eax: 4294967288
registers.ebp: 3205672
registers.edx: 0
registers.ebx: 0
registers.esi: 0
registers.ecx: 7536640
exception.instruction_r: 80 78 07 05 0f 84 64 8a 01 00 f6 40 07 3f 0f 84
exception.symbol: _vsnprintf+0xd0 strncpy_s-0x52 ntdll+0x79e58
exception.instruction: cmp byte ptr [eax + 7], 5
exception.module: ntdll.dll
exception.exception_code: 0xc0000005
exception.offset: 499288
exception.address: 0x77da9e58
success 0 0
1620023872.121876
__exception__
stacktrace: 
CorExitProcess+0xe931 GetCLRFunction-0x1d566 mscorwks+0x12129f @ 0x7405129f
CorExitProcess+0xed0c GetCLRFunction-0x1d18b mscorwks+0x12167a @ 0x7405167a
mscorlib+0x1c8ecf @ 0x720a8ecf
system+0x5c0084 @ 0x73d50084
system+0x5bfb4c @ 0x73d4fb4c
system+0x5bf4ec @ 0x73d4f4ec
system+0x58391f @ 0x73d1391f
system+0x585a14 @ 0x73d15a14
system+0x5838cd @ 0x73d138cd
system+0x5ada48 @ 0x73d3da48
mscorlib+0x1e843f @ 0x720c843f
mscorlib+0x1e83ab @ 0x720c83ab
CoUninitializeEE-0x29870 mscorwks+0x1b4c @ 0x73f31b4c
CoUninitializeEE-0x125de mscorwks+0x18dde @ 0x73f48dde
CoUninitializeEE-0x11ff1 mscorwks+0x193cb @ 0x73f493cb
CoUninitializeEE-0x11fb0 mscorwks+0x1940c @ 0x73f4940c
CoUninitializeEE-0x11f43 mscorwks+0x19479 @ 0x73f49479
CreateAssemblyNameObject+0xccc6 DllRegisterServerInternal-0x345d mscorwks+0x52e09 @ 0x73f82e09
CreateAssemblyNameObject+0xb7ec DllRegisterServerInternal-0x4937 mscorwks+0x5192f @ 0x73f8192f
CreateAssemblyNameObject+0xb788 DllRegisterServerInternal-0x499b mscorwks+0x518cb @ 0x73f818cb
CreateAssemblyNameObject+0xb6ae DllRegisterServerInternal-0x4a75 mscorwks+0x517f1 @ 0x73f817f1
CreateAssemblyNameObject+0xb83a DllRegisterServerInternal-0x48e9 mscorwks+0x5197d @ 0x73f8197d
CreateAssemblyNameObject+0xc655 DllRegisterServerInternal-0x3ace mscorwks+0x52798 @ 0x73f82798
CreateAssemblyNameObject+0xcc46 DllRegisterServerInternal-0x34dd mscorwks+0x52d89 @ 0x73f82d89
CreateAssemblyNameObject+0xcc75 DllRegisterServerInternal-0x34ae mscorwks+0x52db8 @ 0x73f82db8
CreateAssemblyNameObject+0xcd1b DllRegisterServerInternal-0x3408 mscorwks+0x52e5e @ 0x73f82e5e
CreateAssemblyNameObject+0xc9dd DllRegisterServerInternal-0x3746 mscorwks+0x52b20 @ 0x73f82b20
CreateAssemblyNameObject+0xc2ef DllRegisterServerInternal-0x3e34 mscorwks+0x52432 @ 0x73f82432
GetMetaDataInternalInterface+0xcf27 _CorDllMain-0x9ae mscorwks+0x16805a @ 0x7409805a
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 99349248
registers.edi: 0
registers.eax: 99349248
registers.ebp: 99349328
registers.edx: 0
registers.ebx: 64
registers.esi: 8107200
registers.ecx: 1945637232
exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b
exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727
exception.instruction: leave
exception.module: KERNELBASE.dll
exception.exception_code: 0xe0434f4e
exception.offset: 46887
exception.address: 0x778eb727
success 0 0
1620023907.652876
__exception__
stacktrace: 
CorExitProcess+0xe931 GetCLRFunction-0x1d566 mscorwks+0x12129f @ 0x7405129f
CorExitProcess+0xed0c GetCLRFunction-0x1d18b mscorwks+0x12167a @ 0x7405167a
system+0x5bfe66 @ 0x73d4fe66
system+0x5bfb4c @ 0x73d4fb4c
system+0x5bf4ec @ 0x73d4f4ec
system+0x58391f @ 0x73d1391f
system+0x585a14 @ 0x73d15a14
system+0x5838cd @ 0x73d138cd
system+0x5ada48 @ 0x73d3da48
mscorlib+0x1e843f @ 0x720c843f
mscorlib+0x1e83ab @ 0x720c83ab
CoUninitializeEE-0x29870 mscorwks+0x1b4c @ 0x73f31b4c
CoUninitializeEE-0x125de mscorwks+0x18dde @ 0x73f48dde
CoUninitializeEE-0x11ff1 mscorwks+0x193cb @ 0x73f493cb
CoUninitializeEE-0x11fb0 mscorwks+0x1940c @ 0x73f4940c
CoUninitializeEE-0x11f43 mscorwks+0x19479 @ 0x73f49479
CreateAssemblyNameObject+0xccc6 DllRegisterServerInternal-0x345d mscorwks+0x52e09 @ 0x73f82e09
CreateAssemblyNameObject+0xb7ec DllRegisterServerInternal-0x4937 mscorwks+0x5192f @ 0x73f8192f
CreateAssemblyNameObject+0xb788 DllRegisterServerInternal-0x499b mscorwks+0x518cb @ 0x73f818cb
CreateAssemblyNameObject+0xb6ae DllRegisterServerInternal-0x4a75 mscorwks+0x517f1 @ 0x73f817f1
CreateAssemblyNameObject+0xb83a DllRegisterServerInternal-0x48e9 mscorwks+0x5197d @ 0x73f8197d
CreateAssemblyNameObject+0xc655 DllRegisterServerInternal-0x3ace mscorwks+0x52798 @ 0x73f82798
CreateAssemblyNameObject+0xcc46 DllRegisterServerInternal-0x34dd mscorwks+0x52d89 @ 0x73f82d89
CreateAssemblyNameObject+0xcc75 DllRegisterServerInternal-0x34ae mscorwks+0x52db8 @ 0x73f82db8
CreateAssemblyNameObject+0xcd1b DllRegisterServerInternal-0x3408 mscorwks+0x52e5e @ 0x73f82e5e
CreateAssemblyNameObject+0xc9dd DllRegisterServerInternal-0x3746 mscorwks+0x52b20 @ 0x73f82b20
CreateAssemblyNameObject+0xc2ef DllRegisterServerInternal-0x3e34 mscorwks+0x52432 @ 0x73f82432
GetMetaDataInternalInterface+0xcf27 _CorDllMain-0x9ae mscorwks+0x16805a @ 0x7409805a
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 99349280
registers.edi: 0
registers.eax: 99349280
registers.ebp: 99349360
registers.edx: 0
registers.ebx: 64
registers.esi: 8107200
registers.ecx: 1945637232
exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b
exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727
exception.instruction: leave
exception.module: KERNELBASE.dll
exception.exception_code: 0xe0434f4e
exception.offset: 46887
exception.address: 0x778eb727
success 0 0
行为判定
动态指标
Allocates read-write-execute memory (usually to unpack itself) (50 out of 62 个事件)
Time & API Arguments Status Return Repeated
1619999685.610567
NtAllocateVirtualMemory
process_identifier: 2536
region_size: 983040
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 8192 (MEM_RESERVE)
base_address: 0x005b0000
success 0 0
1619999685.610567
NtAllocateVirtualMemory
process_identifier: 2536
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00660000
success 0 0
1619999686.360567
NtProtectVirtualMemory
process_identifier: 2536
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x73f31000
success 0 0
1619999686.532567
NtAllocateVirtualMemory
process_identifier: 2536
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x0055a000
success 0 0
1619999686.532567
NtProtectVirtualMemory
process_identifier: 2536
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 8192
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x73f32000
success 0 0
1619999686.532567
NtAllocateVirtualMemory
process_identifier: 2536
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00552000
success 0 0
1619999686.688567
NtAllocateVirtualMemory
process_identifier: 2536
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00562000
success 0 0
1619999686.766567
NtAllocateVirtualMemory
process_identifier: 2536
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00563000
success 0 0
1619999686.782567
NtAllocateVirtualMemory
process_identifier: 2536
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x0059b000
success 0 0
1619999686.782567
NtAllocateVirtualMemory
process_identifier: 2536
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00597000
success 0 0
1619999686.782567
NtAllocateVirtualMemory
process_identifier: 2536
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x0056c000
success 0 0
1619999686.845567
NtAllocateVirtualMemory
process_identifier: 2536
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00ae0000
success 0 0
1619999687.079567
NtAllocateVirtualMemory
process_identifier: 2536
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00564000
success 0 0
1619999687.095567
NtAllocateVirtualMemory
process_identifier: 2536
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x0056a000
success 0 0
1619999687.126567
NtAllocateVirtualMemory
process_identifier: 2536
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x0058a000
success 0 0
1619999687.141567
NtAllocateVirtualMemory
process_identifier: 2536
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00582000
success 0 0
1619999687.188567
NtAllocateVirtualMemory
process_identifier: 2536
region_size: 8192
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00ae1000
success 0 0
1619999687.204567
NtAllocateVirtualMemory
process_identifier: 2536
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00ae3000
success 0 0
1619999687.204567
NtAllocateVirtualMemory
process_identifier: 2536
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00565000
success 0 0
1619999687.688567
NtAllocateVirtualMemory
process_identifier: 2536
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00566000
success 0 0
1619999687.891567
NtAllocateVirtualMemory
process_identifier: 2536
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00ae4000
success 0 0
1619999687.923567
NtAllocateVirtualMemory
process_identifier: 2536
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00567000
success 0 0
1619999688.391567
NtAllocateVirtualMemory
process_identifier: 2536
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x0057a000
success 0 0
1619999688.391567
NtAllocateVirtualMemory
process_identifier: 2536
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00577000
success 0 0
1619999688.751567
NtAllocateVirtualMemory
process_identifier: 2536
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00595000
success 0 0
1619999689.220567
NtAllocateVirtualMemory
process_identifier: 2536
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x0055b000
success 0 0
1619999689.438567
NtAllocateVirtualMemory
process_identifier: 2536
region_size: 12288
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00ae5000
success 0 0
1620023852.168876
NtAllocateVirtualMemory
process_identifier: 2060
region_size: 458752
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 8192 (MEM_RESERVE)
base_address: 0x003c0000
success 0 0
1620023852.168876
NtAllocateVirtualMemory
process_identifier: 2060
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x003f0000
success 0 0
1620023852.308876
NtProtectVirtualMemory
process_identifier: 2060
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x73f31000
success 0 0
1620023852.371876
NtAllocateVirtualMemory
process_identifier: 2060
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x003ea000
success 0 0
1620023852.371876
NtProtectVirtualMemory
process_identifier: 2060
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 8192
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x73f32000
success 0 0
1620023852.371876
NtAllocateVirtualMemory
process_identifier: 2060
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x003e2000
success 0 0
1620023852.480876
NtAllocateVirtualMemory
process_identifier: 2060
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00432000
success 0 0
1620023852.527876
NtAllocateVirtualMemory
process_identifier: 2060
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00433000
success 0 0
1620023852.527876
NtAllocateVirtualMemory
process_identifier: 2060
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x004ab000
success 0 0
1620023852.527876
NtAllocateVirtualMemory
process_identifier: 2060
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x004a7000
success 0 0
1620023852.543876
NtAllocateVirtualMemory
process_identifier: 2060
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x0043c000
success 0 0
1620023852.543876
NtAllocateVirtualMemory
process_identifier: 2060
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x006f0000
success 0 0
1620023852.621876
NtAllocateVirtualMemory
process_identifier: 2060
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00434000
success 0 0
1620023852.621876
NtAllocateVirtualMemory
process_identifier: 2060
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x0043a000
success 0 0
1620023852.621876
NtAllocateVirtualMemory
process_identifier: 2060
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x0045a000
success 0 0
1620023852.637876
NtAllocateVirtualMemory
process_identifier: 2060
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00452000
success 0 0
1620023852.652876
NtAllocateVirtualMemory
process_identifier: 2060
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00435000
success 0 0
1620023852.683876
NtAllocateVirtualMemory
process_identifier: 2060
region_size: 12288
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x006f1000
success 0 0
1620023852.762876
NtAllocateVirtualMemory
process_identifier: 2060
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00436000
success 0 0
1620023852.793876
NtAllocateVirtualMemory
process_identifier: 2060
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x006f4000
success 0 0
1620023852.793876
NtAllocateVirtualMemory
process_identifier: 2060
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00437000
success 0 0
1620023853.043876
NtAllocateVirtualMemory
process_identifier: 2060
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x0044a000
success 0 0
1620023853.043876
NtAllocateVirtualMemory
process_identifier: 2060
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00447000
success 0 0
Checks whether any human activity is being performed by constantly checking whether the foreground window changed
Creates executable files on the filesystem (1 个事件)
file C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\server.exe
Creates hidden or system file (1 个事件)
Time & API Arguments Status Return Repeated
1620023861.590876
SetFileAttributesW
file_attributes: 2 (FILE_ATTRIBUTE_HIDDEN)
filepath_r: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\server.exe
filepath: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\server.exe
success 1 0
Drops an executable to the user AppData folder (1 个事件)
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Corporation.exe
Checks for the Locally Unique Identifier on the system for a suspicious privilege (1 个事件)
Time & API Arguments Status Return Repeated
1620023861.699876
LookupPrivilegeValueW
system_name:
privilege_name: SeDebugPrivilege
success 1 0
Uses Windows utilities for basic Windows functionality (1 个事件)
cmdline netsh firewall add allowedprogram "C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\server.exe" "server.exe" ENABLE
网络通信
Communicates with host for which no DNS query was performed (1 个事件)
host 172.217.24.14
Looks for the Windows Idle Time to determine the uptime (1 个事件)
Time & API Arguments Status Return Repeated
1620023862.168876
NtQuerySystemInformation
information_class: 8 (SystemProcessorPerformanceInformation)
success 0 0
A process attempted to delay the analysis task. (1 个事件)
description server.exe tried to sleep 2728349 seconds, actually delayed analysis time by 2728349 seconds
Connects to an IP address that is no longer responding to requests (legitimate services will remain up-and-running usually) (1 个事件)
dead_host 192.168.1.39:1604
Executed a process and injected code into it, probably while unpacking (50 out of 223 个事件)
Time & API Arguments Status Return Repeated
1619999686.532567
NtResumeThread
thread_handle: 0x000000d0
suspend_count: 1
process_identifier: 2536
success 0 0
1619999686.563567
NtResumeThread
thread_handle: 0x00000158
suspend_count: 1
process_identifier: 2536
success 0 0
1619999687.173567
NtResumeThread
thread_handle: 0x000001bc
suspend_count: 1
process_identifier: 2536
success 0 0
1619999687.173567
NtResumeThread
thread_handle: 0x000001d0
suspend_count: 1
process_identifier: 2536
success 0 0
1619999692.860567
CreateProcessInternalW
thread_identifier: 2236
thread_handle: 0x00000374
process_identifier: 2060
current_directory: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp
filepath: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\server.exe
track: 1
command_line: "C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\server.exe"
filepath_r: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\server.exe
stack_pivoted: 0
creation_flags: 67634192 (CREATE_DEFAULT_ERROR_MODE|CREATE_NEW_CONSOLE|CREATE_UNICODE_ENVIRONMENT|EXTENDED_STARTUPINFO_PRESENT)
process_handle: 0x000003d0
inherit_handles: 0
success 1 0
1620023852.371876
NtResumeThread
thread_handle: 0x000000d0
suspend_count: 1
process_identifier: 2060
success 0 0
1620023852.418876
NtResumeThread
thread_handle: 0x00000160
suspend_count: 1
process_identifier: 2060
success 0 0
1620023852.637876
NtResumeThread
thread_handle: 0x000001c4
suspend_count: 1
process_identifier: 2060
success 0 0
1620023852.652876
NtResumeThread
thread_handle: 0x000001d8
suspend_count: 1
process_identifier: 2060
success 0 0
1620023856.324876
CreateProcessInternalW
thread_identifier: 2216
thread_handle: 0x0000027c
process_identifier: 2260
current_directory:
filepath:
track: 1
command_line: netsh firewall add allowedprogram "C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\server.exe" "server.exe" ENABLE
filepath_r:
stack_pivoted: 0
creation_flags: 32 (NORMAL_PRIORITY_CLASS)
process_handle: 0x00000278
inherit_handles: 0
success 1 0
1620023861.621876
NtResumeThread
thread_handle: 0x000002c0
suspend_count: 1
process_identifier: 2060
success 0 0
1620023861.637876
NtResumeThread
thread_handle: 0x000002d4
suspend_count: 1
process_identifier: 2060
success 0 0
1620023861.652876
NtResumeThread
thread_handle: 0x000002e8
suspend_count: 1
process_identifier: 2060
success 0 0
1620023861.668876
NtResumeThread
thread_handle: 0x000002f8
suspend_count: 1
process_identifier: 2060
success 0 0
1620023861.933876
NtGetContextThread
thread_handle: 0x000000e0
success 0 0
1620023861.933876
NtGetContextThread
thread_handle: 0x000000e0
success 0 0
1620023861.949876
NtResumeThread
thread_handle: 0x000000e0
suspend_count: 1
process_identifier: 2060
success 0 0
1620023862.137876
NtResumeThread
thread_handle: 0x00000338
suspend_count: 1
process_identifier: 2060
success 0 0
1620023863.137876
NtGetContextThread
thread_handle: 0x000002d4
success 0 0
1620023863.137876
NtGetContextThread
thread_handle: 0x000002d4
success 0 0
1620023863.137876
NtResumeThread
thread_handle: 0x000002d4
suspend_count: 1
process_identifier: 2060
success 0 0
1620023863.293876
NtGetContextThread
thread_handle: 0x000001d8
success 0 0
1620023863.293876
NtResumeThread
thread_handle: 0x000001d8
suspend_count: 1
process_identifier: 2060
success 0 0
1620023864.168876
NtGetContextThread
thread_handle: 0x000002d4
success 0 0
1620023864.168876
NtGetContextThread
thread_handle: 0x000002d4
success 0 0
1620023864.168876
NtResumeThread
thread_handle: 0x000002d4
suspend_count: 1
process_identifier: 2060
success 0 0
1620023864.293876
NtGetContextThread
thread_handle: 0x000002c0
success 0 0
1620023864.293876
NtResumeThread
thread_handle: 0x000002c0
suspend_count: 1
process_identifier: 2060
success 0 0
1620023864.933876
NtGetContextThread
thread_handle: 0x000001d8
success 0 0
1620023864.933876
NtResumeThread
thread_handle: 0x000001d8
suspend_count: 1
process_identifier: 2060
success 0 0
1620023865.074876
NtGetContextThread
thread_handle: 0x00000338
success 0 0
1620023865.090876
NtGetContextThread
thread_handle: 0x00000338
success 0 0
1620023865.090876
NtResumeThread
thread_handle: 0x00000338
suspend_count: 1
process_identifier: 2060
success 0 0
1620023865.168876
NtGetContextThread
thread_handle: 0x00000338
success 0 0
1620023865.168876
NtGetContextThread
thread_handle: 0x00000338
success 0 0
1620023865.168876
NtResumeThread
thread_handle: 0x00000338
suspend_count: 1
process_identifier: 2060
success 0 0
1620023866.012876
NtGetContextThread
thread_handle: 0x000002d4
success 0 0
1620023866.012876
NtGetContextThread
thread_handle: 0x000002d4
success 0 0
1620023866.012876
NtResumeThread
thread_handle: 0x000002d4
suspend_count: 1
process_identifier: 2060
success 0 0
1620023866.777876
NtGetContextThread
thread_handle: 0x000000e0
success 0 0
1620023866.777876
NtGetContextThread
thread_handle: 0x000000e0
success 0 0
1620023866.777876
NtResumeThread
thread_handle: 0x000000e0
suspend_count: 1
process_identifier: 2060
success 0 0
1620023867.840876
NtGetContextThread
thread_handle: 0x000001d8
success 0 0
1620023867.840876
NtResumeThread
thread_handle: 0x000001d8
suspend_count: 1
process_identifier: 2060
success 0 0
1620023868.121876
NtGetContextThread
thread_handle: 0x000000e0
success 0 0
1620023868.121876
NtGetContextThread
thread_handle: 0x000000e0
success 0 0
1620023868.121876
NtResumeThread
thread_handle: 0x000000e0
suspend_count: 1
process_identifier: 2060
success 0 0
1620023868.230876
NtGetContextThread
thread_handle: 0x000002e8
success 0 0
1620023868.230876
NtGetContextThread
thread_handle: 0x000002e8
success 0 0
1620023868.230876
NtResumeThread
thread_handle: 0x000002e8
suspend_count: 1
process_identifier: 2060
success 0 0
File has been identified by 55 AntiVirus engines on VirusTotal as malicious (50 out of 55 个事件)
MicroWorld-eScan Generic.MSIL.Bladabindi.4A900D20
FireEye Generic.mg.f4eddf404c4fd0c4
ALYac Generic.MSIL.Bladabindi.4A900D20
Cylance Unsafe
Sangfor Malware
K7AntiVirus EmailWorm ( 00555f371 )
Alibaba Backdoor:MSIL/Bladabindi.44ac401c
K7GW EmailWorm ( 00555f371 )
Cybereason malicious.04c4fd
Arcabit Generic.MSIL.Bladabindi.4A900D20
TrendMicro Backdoor.MSIL.BLADABINDI.SMJJ
BitDefenderTheta Gen:NN.ZemsilF.34084.fiW@aWiSAId
Symantec ML.Attribute.HighConfidence
APEX Malicious
Avast Win32:KeyloggerX-gen [Trj]
ClamAV Win.Trojan.B-468
Kaspersky HEUR:Trojan.Win32.Generic
BitDefender Generic.MSIL.Bladabindi.4A900D20
NANO-Antivirus Trojan.Win32.TrjGen.dkmeat
Paloalto generic.ml
AegisLab Trojan.Win32.Generic.4!c
Rising Dropper.Generic!8.35E (TFE:dGZlOg0atiIhR/OEjQ)
Ad-Aware Generic.MSIL.Bladabindi.4A900D20
Emsisoft Generic.MSIL.Bladabindi.4A900D20 (B)
F-Secure Trojan.TR/Dropper.Gen
DrWeb Trojan.MulDrop7.62625
VIPRE Win32.Malware!Drop
Invincea heuristic
McAfee-GW-Edition Trojan-FIDH!F4EDDF404C4F
Trapmine malicious.moderate.ml.score
Sophos Mal/MsilPKill-C
SentinelOne DFI - Malicious PE
Cyren W32/Trojan.BVX.gen!Eldorado
Avira TR/Dropper.Gen
Microsoft Backdoor:MSIL/Bladabindi.BN
Endgame malicious (high confidence)
ViRobot Backdoor.Win32.S.Bladabindi.95232.A
ZoneAlarm HEUR:Trojan.Win32.Generic
GData Generic.MSIL.Bladabindi.4A900D20
AhnLab-V3 Trojan/Win32.Bladabindi.R295982
Acronis suspicious
McAfee Trojan-FIDH!F4EDDF404C4F
MAX malware (ai score=85)
Malwarebytes Backdoor.Bladabindi
ESET-NOD32 a variant of MSIL/Autorun.Spy.Agent.R
TrendMicro-HouseCall Backdoor.MSIL.BLADABINDI.SMJJ
Tencent Msil.Worm.Autorun.Efaz
Yandex Trojan.Agent!DPOrKYmjCKI
Ikarus Trojan.MSIL.Bladabindi
eGambit Unsafe.AI_Score_99%
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

2019-08-01 08:32:38

Imports

Library mscoree.dll:
0x402000 _CorExeMain

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 50534 114.114.114.114 53
192.168.56.101 51963 114.114.114.114 53
192.168.56.101 56539 114.114.114.114 53
192.168.56.101 65004 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 49235 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 60123 224.0.0.252 5355
192.168.56.101 62191 224.0.0.252 5355
192.168.56.101 1900 239.255.255.250 1900
192.168.56.101 50535 239.255.255.250 3702
192.168.56.101 50537 239.255.255.250 3702
192.168.56.101 56540 239.255.255.250 3702
192.168.56.101 56807 239.255.255.250 1900
192.168.56.101 58707 239.255.255.250 3702

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.