329b3ddb...3ef9 | Network
Try VMRay Analyzer
VTI SCORE: 100/100
Dynamic Analysis Report
Classification: Downloader, Ransomware

329b3ddbf1c00b7767f0ec39b90eb9f4f8bd98ace60e2f6b6fbfb9adf25e3ef9 (SHA256)

rlxsbp.exe

Windows Exe (x86-32)

Created at 2019-02-19 08:31:00

Notifications (2/2)

Some extracted files may be missing in the report since the maximum number of extracted files was reached during the analysis. You can increase the limit in the configuration settings.

The maximum number of reputation file hash requests (20 per analysis) was exceeded. As a result, the reputation status could not be queried for all file hashes. In order to get the reputation status for all file hashes, please increase the 'Max File Hash Requests' setting in the system configurations.

Network Overview

Hosts (1)
»
Hostname IP Address Location Protocols Reputation Status WHOIS Data
www.kakaocorp.link 185.52.2.154 Netherlands HTTP, HTTPS, TCP
Has Blacklisted URL
Not Queried
URLs (2)
»
URL Categories Names Source HTTP Status Code Reputation Status
HTTP://www.kakaocorp.link/ Malware Mal/HTMLGen-A Function Log -
Blacklisted
HTTP://www.kakaocorp.link/includes/image/momose.bmp Malware Mal/HTMLGen-A Function Log -
Blacklisted

Connections

HTTP Sessions (2)
»
Information Value
Total Data Sent 0.49 KB
Total Data Received 0.00 KB
Contacted Host Count 1
Contacted Hosts www.kakaocorp.link
HTTP Session #1
»
Information Value
Source Function Log
User Agent Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Server Name www.kakaocorp.link
Server Port 80
Data Sent 0.23 KB
Data Received 0.00 KB
Operation Additional Information Success Count Logfile
Open Session user_agent = Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko, access_type = INTERNET_OPEN_TYPE_PRECONFIG True 1
Fn
Open Connection protocol = HTTP, server_name = www.kakaocorp.link, server_port = 80 True 1
Fn
Open HTTP Request http_verb = GET, http_version = HTTP/1.1, target_resource = /, accept_types = 0, flags = INTERNET_FLAG_PRAGMA_NOCACHE, INTERNET_FLAG_NO_UI, INTERNET_FLAG_HYPERLINK, INTERNET_FLAG_IGNORE_CERT_CN_INVALID, INTERNET_FLAG_IGNORE_CERT_DATE_INVALID, INTERNET_FLAG_IGNORE_REDIRECT_TO_HTTPS, INTERNET_FLAG_IGNORE_REDIRECT_TO_HTTP, INTERNET_FLAG_NO_AUTH, INTERNET_FLAG_NO_AUTO_REDIRECT, INTERNET_FLAG_NO_CACHE_WRITE, INTERNET_FLAG_RELOAD True 1
Fn
Send HTTP Request headers = WINHTTP_NO_ADDITIONAL_HEADERS, url = www.kakaocorp.link/ True 1
Fn
Query HTTP Info flags = HTTP_QUERY_STATUS_CODE, size_out = 3 True 1
Fn
Data
Close Session - True 1
Fn
HTTP Session #2
»
Information Value
Source Function Log
User Agent Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Server Name www.kakaocorp.link
Server Port 443
Data Sent 0.26 KB
Data Received 0.00 KB
Operation Additional Information Success Count Logfile
Open Session user_agent = Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko, access_type = INTERNET_OPEN_TYPE_DIRECT True 1
Fn
Open Connection protocol = HTTP, server_name = www.kakaocorp.link, server_port = 443 True 1
Fn
Open HTTP Request http_verb = POST, http_version = HTTP/1.1, target_resource = includes/image/momose.bmp, accept_types = 0, flags = INTERNET_FLAG_PRAGMA_NOCACHE, INTERNET_FLAG_NO_UI, INTERNET_FLAG_HYPERLINK, INTERNET_FLAG_IGNORE_CERT_CN_INVALID, INTERNET_FLAG_IGNORE_CERT_DATE_INVALID, INTERNET_FLAG_IGNORE_REDIRECT_TO_HTTPS, INTERNET_FLAG_IGNORE_REDIRECT_TO_HTTP, INTERNET_FLAG_NO_AUTH, INTERNET_FLAG_SECURE, INTERNET_FLAG_NO_CACHE_WRITE, INTERNET_FLAG_RELOAD True 1
Fn
Send HTTP Request headers = Content-Type: multipart/form-data, url = www.kakaocorp.link/includes/image/momose.bmp True 1
Fn
Data
Close Session - True 2
Fn
Function Logfile
Exit-Icon

This feature requires an online-connection to the VMRay backend.

An offline version with limited functionality is also provided.
The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".


    
Before

This feature requires an online-connection to the VMRay backend.

An offline version with limited functionality is also provided.
The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".


    
After

This feature requires an online-connection to the VMRay backend.

An offline version with limited functionality is also provided.
The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".


    
Screenshot
Expand-Icon
Exit-Icon
icon_left
icon_left
image