1da3bb21...15e3 | Network
Logo
Try VMRay Analyzer
VTI SCORE: 96/100
Dynamic Analysis Report
Classification: Trojan

1da3bb217a3d771d357edfc401ac3835c29066e5d0a795e12aabd4b888bd15e3 (SHA256)

Godsomware.exe

Windows Exe (x86-32)

Created at 2018-10-06 16:50:00

...

Notifications (1/1)

The operating system was rebooted during the analysis.

Hosts (3)
»
Hostname IP Address Location Protocols Reputation Status WHOIS Data
config.edge.skype.com, s-0001.s-msedge.net 13.107.3.128 - TCP, UDP
Unknown
Show WHOIS
client-office365-tas.msedge.net, afdo-tas-offload.trafficmanager.net, vip5.afdorigin-prod-am02.afdogw.com 52.232.69.150 - TCP, UDP
Unknown
Show WHOIS
- 157.56.120.208 - UDP
Not Queried
Not Queried
DNS Queries (2)
»
Hostname Categories Names Source Reputation Status
config.edge.skype.com - - PCAP
Unknown
client-office365-tas.msedge.net - - PCAP
Unknown

Connections

DNS (2)
»
Operation Additional Information Success Count Logfile
Resolve Name host = client-office365-tas.msedge.net, address_out = 52.232.69.150 True 1 -
Resolve Name host = config.edge.skype.com, address_out = 13.107.3.128 True 1 -
TCP Sessions (4)
»
Information Value
Total Data Sent 6.59 KB
Total Data Received 55.77 KB
Contacted Host Count 2
Contacted Hosts 13.107.3.128, 52.232.69.150
TCP Session #1
»
Information Value
Source PCAP
Stream ID 3
Remote Address 13.107.3.128
Remote Port 443
Local Address 192.168.0.127
Local Port 49412
Data Sent 1.48 KB
Data Received 8.05 KB
Time Highest Layer Additional Information Success
52.240652 s TCP Data Sent: 0.06 KB, Data Received: 0.06 KB True
52.267230 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
52.332964 s SSL Data Sent: 0.24 KB, Data Received: 0.05 KB True
52.363609 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
52.364379 s TCP Data Sent: 0.05 KB, Data Received: 0.58 KB True
52.374170 s SSL Data Sent: 0.18 KB, Data Received: 0.05 KB True
52.468136 s TCP Data Sent: 0.05 KB, Data Received: 1.28 KB True
52.511724 s SSL Data Sent: 0.58 KB, Data Received: 0.05 KB True
52.550016 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
52.550320 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
52.550674 s TCP Data Sent: 0.05 KB, Data Received: 0.00 KB False
52.550827 s TCP Data Sent: 0.05 KB, Data Received: 0.05 KB True
TCP Session #2
»
Information Value
Source PCAP
Stream ID 4
Remote Address 52.232.69.150
Remote Port 443
Local Address 192.168.0.127
Local Port 49413
Data Sent 1.89 KB
Data Received 22.40 KB
Time Highest Layer Additional Information Success
52.241198 s TCP Data Sent: 0.06 KB, Data Received: 0.06 KB True
52.271510 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
52.332322 s SSL Data Sent: 0.25 KB, Data Received: 1.48 KB True
52.361769 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
52.362328 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
52.374975 s SSL Data Sent: 0.18 KB, Data Received: 0.10 KB True
52.468235 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
52.512807 s SSL Data Sent: 0.66 KB, Data Received: 1.48 KB True
52.561377 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
52.561558 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
52.561834 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
52.562044 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
52.562205 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
52.562475 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
52.588136 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
52.588393 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
52.588646 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
52.588890 s TCP Data Sent: 0.05 KB, Data Received: 0.05 KB True
TCP Session #3
»
Information Value
Source PCAP
Stream ID 10
Remote Address 13.107.3.128
Remote Port 443
Local Address 192.168.0.127
Local Port 49421
Data Sent 1.38 KB
Data Received 5.93 KB
Time Highest Layer Additional Information Success
72.751972 s TCP Data Sent: 0.06 KB, Data Received: 0.06 KB True
72.776241 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
72.794431 s SSL Data Sent: 0.24 KB, Data Received: 0.05 KB True
72.825178 s TCP Data Sent: 0.05 KB, Data Received: 0.10 KB True
72.831396 s SSL Data Sent: 0.18 KB, Data Received: 0.05 KB True
72.961044 s SSL Data Sent: 0.58 KB, Data Received: 0.05 KB True
73.008905 s TCP Data Sent: 0.05 KB, Data Received: 1.28 KB True
73.009185 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
73.009446 s TCP Data Sent: 0.05 KB, Data Received: 1.37 KB True
73.129539 s TCP Data Sent: 0.05 KB, Data Received: 0.00 KB False
TCP Session #4
»
Information Value
Source PCAP
Stream ID 11
Remote Address 52.232.69.150
Remote Port 443
Local Address 192.168.0.127
Local Port 49422
Data Sent 1.84 KB
Data Received 19.39 KB
Time Highest Layer Additional Information Success
72.753975 s TCP Data Sent: 0.06 KB, Data Received: 0.06 KB True
72.783198 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
72.793676 s SSL Data Sent: 0.25 KB, Data Received: 1.48 KB True
72.822769 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
72.823313 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
72.828636 s SSL Data Sent: 0.18 KB, Data Received: 0.10 KB True
72.960760 s SSL Data Sent: 0.66 KB, Data Received: 1.48 KB True
72.997698 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
72.997854 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
72.997986 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
72.998198 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
72.998310 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
72.998435 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
73.025030 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
73.025267 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
73.025495 s TCP Data Sent: 0.05 KB, Data Received: 0.00 KB False
73.130211 s TCP Data Sent: 0.05 KB, Data Received: 0.00 KB False
UDP Sessions (4)
»
Total Data Sent 0.37 KB
Total Data Received 0.62 KB
Contacted Host Count 2
Contacted Hosts 192.168.0.1, 157.56.120.208
UDP Session #1
»
Information Value
Source PCAP
Stream ID 33
Remote Address 192.168.0.1
Remote Port 53
Local Address 192.168.0.127
Local Port 49178
Data Sent 0.08 KB
Data Received 0.13 KB
Time Highest Layer Additional Information Success
51.995171 s DNS Data Sent: 0.08 KB, Data Received: 0.13 KB True
UDP Session #2
»
Information Value
Source PCAP
Stream ID 9
Remote Address 157.56.120.208
Remote Port 3544
Local Address 192.168.0.127
Local Port 58447
Data Sent 0.10 KB
Data Received 0.15 KB
Time Highest Layer Additional Information Success
18.578397 s ICMPV6 Data Sent: 0.10 KB, Data Received: 0.15 KB True
UDP Session #3
»
Information Value
Source PCAP
Stream ID 34
Remote Address 192.168.0.1
Remote Port 53
Local Address 192.168.0.127
Local Port 57247
Data Sent 0.09 KB
Data Received 0.20 KB
Time Highest Layer Additional Information Success
51.995878 s DNS Data Sent: 0.09 KB, Data Received: 0.20 KB True
UDP Session #4
»
Information Value
Source PCAP
Stream ID 95
Remote Address 157.56.120.208
Remote Port 3544
Local Address 192.168.0.127
Local Port 51606
Data Sent 0.10 KB
Data Received 0.15 KB
Time Highest Layer Additional Information Success
172.531792 s ICMPV6 Data Sent: 0.10 KB, Data Received: 0.15 KB True
HTTP Sessions (6)
»
Information Value
Total Data Sent 1.56 KB
Total Data Received 2.85 KB
Contacted Host Count 3
Contacted Hosts img.s-msn.com, www.msftncsi.com, cdn.content.prod.cms.msn.com
HTTP Session #1
»
Information Value
Source PCAP
User Agent Microsoft BITS/7.8
Stream ID 13
Server Name img.s-msn.com
Server Port 80
Data Sent 0.68 KB
Data Received 1.81 KB
Time Operation Additional Information Success
80.538944 s Open Connection protocol = http, server_name = img.s-msn.com, server_port = 80 True
80.538944 s Open HTTP Request http_verb = GET, http_version = HTTP/1.1, target_resource = /tenant/amp/entityid/AA6FSsA.img?w=100&h=100&m=6&tilesize=medium&x=1040&y=420&ms-scale=100&ms-contrast=standard True
80.538944 s Send HTTP Request headers = host: img.s-msn.com, accept: */*, user_agent: Microsoft BITS/7.8, url = http://img.s-msn.com/tenant/amp/entityid/AA6FSsA.img?w=100&h=100&m=6&tilesize=medium&x=1040&y=420&ms-scale=100&ms-contrast=standard True
80.566778 s Read Response HTTP Status Code = 206 True
82.579305 s Open HTTP Request http_verb = GET, http_version = HTTP/1.1, target_resource = /tenant/amp/entityid/AA6FSsA.img?w=100&h=100&m=6&tilesize=medium&x=1040&y=420&ms-scale=100&ms-contrast=standard True
82.579305 s Send HTTP Request headers = host: img.s-msn.com, accept: */*, user_agent: Microsoft BITS/7.8, url = http://img.s-msn.com/tenant/amp/entityid/AA6FSsA.img?w=100&h=100&m=6&tilesize=medium&x=1040&y=420&ms-scale=100&ms-contrast=standard True
82.623657 s Read Response HTTP Status Code = 206 True
HTTP Session #2
»
Information Value
Source PCAP
User Agent Microsoft BITS/7.8
Stream ID 13
Server Name img.s-msn.com
Server Port 80
Data Sent 0.68 KB
Data Received 1.81 KB
Time Operation Additional Information Success
80.538944 s Open Connection protocol = http, server_name = img.s-msn.com, server_port = 80 True
80.538944 s Open HTTP Request http_verb = GET, http_version = HTTP/1.1, target_resource = /tenant/amp/entityid/AA6FSsA.img?w=100&h=100&m=6&tilesize=medium&x=1040&y=420&ms-scale=100&ms-contrast=standard True
80.538944 s Send HTTP Request headers = host: img.s-msn.com, accept: */*, user_agent: Microsoft BITS/7.8, url = http://img.s-msn.com/tenant/amp/entityid/AA6FSsA.img?w=100&h=100&m=6&tilesize=medium&x=1040&y=420&ms-scale=100&ms-contrast=standard True
80.566778 s Read Response HTTP Status Code = 206 True
82.579305 s Open HTTP Request http_verb = GET, http_version = HTTP/1.1, target_resource = /tenant/amp/entityid/AA6FSsA.img?w=100&h=100&m=6&tilesize=medium&x=1040&y=420&ms-scale=100&ms-contrast=standard True
82.579305 s Send HTTP Request headers = host: img.s-msn.com, accept: */*, user_agent: Microsoft BITS/7.8, url = http://img.s-msn.com/tenant/amp/entityid/AA6FSsA.img?w=100&h=100&m=6&tilesize=medium&x=1040&y=420&ms-scale=100&ms-contrast=standard True
82.623657 s Read Response HTTP Status Code = 206 True
HTTP Session #3
»
Information Value
Source PCAP
User Agent Microsoft NCSI
Stream ID 5
Server Name www.msftncsi.com
Server Port 80
Data Sent 0.15 KB
Data Received 0.23 KB
Time Operation Additional Information Success
52.341528 s Open Connection protocol = http, server_name = www.msftncsi.com, server_port = 80 True
52.341528 s Open HTTP Request http_verb = GET, http_version = HTTP/1.1, target_resource = /ncsi.txt True
52.341528 s Send HTTP Request headers = host: www.msftncsi.com, user_agent: Microsoft NCSI, url = http://www.msftncsi.com/ncsi.txt True
52.357410 s Read Response HTTP Status Code = 200 True
HTTP Session #4
»
Information Value
Source PCAP
User Agent Microsoft-WNS/10.0
Stream ID 6
Server Name cdn.content.prod.cms.msn.com
Server Port 80
Data Sent 0.73 KB
Data Received 0.81 KB
Time Operation Additional Information Success
59.320252 s Open Connection protocol = http, server_name = cdn.content.prod.cms.msn.com, server_port = 80 True
59.320252 s Open HTTP Request http_verb = GET, http_version = HTTP/1.1, target_resource = /singletile/summary/alias/experiencebyname/today?market=en-US&tenant=amp&vertical=sports True
59.320252 s Send HTTP Request headers = host: cdn.content.prod.cms.msn.com, user_agent: Microsoft-WNS/10.0, url = http://cdn.content.prod.cms.msn.com/singletile/summary/alias/experiencebyname/today?market=en-US&tenant=amp&vertical=sports True
59.511364 s Read Response HTTP Status Code = 200 True
59.857235 s Open HTTP Request http_verb = GET, http_version = HTTP/1.1, target_resource = /singletile/summary/alias/experiencebyname/today?market=en-US&tenant=amp&vertical=news True
59.857235 s Send HTTP Request headers = host: cdn.content.prod.cms.msn.com, user_agent: Microsoft-WNS/10.0, url = http://cdn.content.prod.cms.msn.com/singletile/summary/alias/experiencebyname/today?market=en-US&tenant=amp&vertical=news True
59.870151 s Read Response HTTP Status Code = 200 True
60.180523 s Open HTTP Request http_verb = GET, http_version = HTTP/1.1, target_resource = /singletile/summary/alias/experiencebyname/today?market=en-US&tenant=amp&vertical=finance True
60.180523 s Send HTTP Request headers = host: cdn.content.prod.cms.msn.com, user_agent: Microsoft-WNS/10.0, url = http://cdn.content.prod.cms.msn.com/singletile/summary/alias/experiencebyname/today?market=en-US&tenant=amp&vertical=finance True
60.194646 s Read Response HTTP Status Code = 200 True
HTTP Session #5
»
Information Value
Source PCAP
User Agent Microsoft-WNS/10.0
Stream ID 6
Server Name cdn.content.prod.cms.msn.com
Server Port 80
Data Sent 0.73 KB
Data Received 0.81 KB
Time Operation Additional Information Success
59.320252 s Open Connection protocol = http, server_name = cdn.content.prod.cms.msn.com, server_port = 80 True
59.320252 s Open HTTP Request http_verb = GET, http_version = HTTP/1.1, target_resource = /singletile/summary/alias/experiencebyname/today?market=en-US&tenant=amp&vertical=sports True
59.320252 s Send HTTP Request headers = host: cdn.content.prod.cms.msn.com, user_agent: Microsoft-WNS/10.0, url = http://cdn.content.prod.cms.msn.com/singletile/summary/alias/experiencebyname/today?market=en-US&tenant=amp&vertical=sports True
59.511364 s Read Response HTTP Status Code = 200 True
59.857235 s Open HTTP Request http_verb = GET, http_version = HTTP/1.1, target_resource = /singletile/summary/alias/experiencebyname/today?market=en-US&tenant=amp&vertical=news True
59.857235 s Send HTTP Request headers = host: cdn.content.prod.cms.msn.com, user_agent: Microsoft-WNS/10.0, url = http://cdn.content.prod.cms.msn.com/singletile/summary/alias/experiencebyname/today?market=en-US&tenant=amp&vertical=news True
59.870151 s Read Response HTTP Status Code = 200 True
60.180523 s Open HTTP Request http_verb = GET, http_version = HTTP/1.1, target_resource = /singletile/summary/alias/experiencebyname/today?market=en-US&tenant=amp&vertical=finance True
60.180523 s Send HTTP Request headers = host: cdn.content.prod.cms.msn.com, user_agent: Microsoft-WNS/10.0, url = http://cdn.content.prod.cms.msn.com/singletile/summary/alias/experiencebyname/today?market=en-US&tenant=amp&vertical=finance True
60.194646 s Read Response HTTP Status Code = 200 True
HTTP Session #6
»
Information Value
Source PCAP
User Agent Microsoft-WNS/10.0
Stream ID 6
Server Name cdn.content.prod.cms.msn.com
Server Port 80
Data Sent 0.73 KB
Data Received 0.81 KB
Time Operation Additional Information Success
59.320252 s Open Connection protocol = http, server_name = cdn.content.prod.cms.msn.com, server_port = 80 True
59.320252 s Open HTTP Request http_verb = GET, http_version = HTTP/1.1, target_resource = /singletile/summary/alias/experiencebyname/today?market=en-US&tenant=amp&vertical=sports True
59.320252 s Send HTTP Request headers = host: cdn.content.prod.cms.msn.com, user_agent: Microsoft-WNS/10.0, url = http://cdn.content.prod.cms.msn.com/singletile/summary/alias/experiencebyname/today?market=en-US&tenant=amp&vertical=sports True
59.511364 s Read Response HTTP Status Code = 200 True
59.857235 s Open HTTP Request http_verb = GET, http_version = HTTP/1.1, target_resource = /singletile/summary/alias/experiencebyname/today?market=en-US&tenant=amp&vertical=news True
59.857235 s Send HTTP Request headers = host: cdn.content.prod.cms.msn.com, user_agent: Microsoft-WNS/10.0, url = http://cdn.content.prod.cms.msn.com/singletile/summary/alias/experiencebyname/today?market=en-US&tenant=amp&vertical=news True
59.870151 s Read Response HTTP Status Code = 200 True
60.180523 s Open HTTP Request http_verb = GET, http_version = HTTP/1.1, target_resource = /singletile/summary/alias/experiencebyname/today?market=en-US&tenant=amp&vertical=finance True
60.180523 s Send HTTP Request headers = host: cdn.content.prod.cms.msn.com, user_agent: Microsoft-WNS/10.0, url = http://cdn.content.prod.cms.msn.com/singletile/summary/alias/experiencebyname/today?market=en-US&tenant=amp&vertical=finance True
60.194646 s Read Response HTTP Status Code = 200 True
Exit-Icon
WHOIS Domain Information
Domain Name
WHOIS Response 

       		
      

     

    

   

  

  

  

  

   

    
    

     Function Logfile
    

    

     

      Download-Icon
     

    

    

     Exit-Icon
    

   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    Before
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    After
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    

     
      

       
       
       
       
      

     
     
     
    

   

  

  

   

    
    

     Screenshot
    

    

     Expand-Icon
    

    

     Exit-Icon
    

   

   

    

     icon_left
    

    

     icon_left
    

   

   

   

   

    image