4ef2c020...d4c4 | Network
Logo
Try VMRay Analyzer
VTI SCORE: 100/100
Dynamic Analysis Report
Classification: Exploit, Dropper, Downloader

4ef2c020a2f45b6891a9094d5a042472417657961c05358f67ef58e7e8f9d4c4 (SHA256)

RFQ13262.docx

Word Document

Created at 2018-11-27 09:36:00

...

Notifications (2/3)

The maximum number of reputation file hash requests (20 per analysis) was exceeded. As a result, the reputation status could not be queried for all file hashes. In order to get the reputation status for all file hashes, please increase the 'Max File Hash Requests' setting in the system configurations.

One or multiple processes crashed. As a result, the analysis results may be incomplete and may not fully represent the behavior of the sample.

Code overwrite was observed during this analysis. Note that the analysis results may be affected by this modification by the sample.

Network Overview

Hosts (5)
»
Hostname IP Address Location Protocols Reputation Status WHOIS Data
www.sgnaturn.com 198.54.121.5 Los Angeles (United States) HTTP, TCP, UDP
Has Blacklisted URL
Not Queried
82.118.242.107 82.118.242.107 Bulgaria HTTP, TCP
Has Suspicious URL
Not Queried
urlz.fr 104.28.15.54 United States HTTP, TCP, UDP
Not Queried
Not Queried
www.maga.style - - UDP
Unknown
Not Queried
www.babyboomerrx.com - - UDP
Unknown
Not Queried
DNS Queries (4)
»
Hostname Categories Names Source Reputation Status
www.sgnaturn.com - - Function Log
Blacklisted
urlz.fr - - PCAP
Not Queried
www.maga.style - - Function Log
Unknown
www.babyboomerrx.com - - Function Log
Unknown
URLs (5)
»
URL Categories Names Source HTTP Status Code Reputation Status
http://www.sgnaturn.com/al/?Kp2L=6gVvmFPDoiNbAIhnhTeuXmZIQvIKuazDxjJR9H5MhAeFNhXp9sPapi0HkLC6+HTKwqelpMhjL3Y=&fbc8=EFQdiN_822M Malware Mal/HTMLGen-A Function Log NOT_FOUND (404)
Blacklisted
http://82.118.242.107/~able/1_ga/al/al.exe Malware - Function Log -
Suspicious
Advisory provided by Google
http://82.118.242.107/~able/1_ga/al/alWExploit.doc Malware - PCAP OK (200)
Suspicious
Advisory provided by Google
http://82.118.242.107/~able/1_ga/al/AXVHa.hta Malware - PCAP OK (200)
Suspicious
Advisory provided by Google
https://urlz.fr/8h15 - - Embedded in Sample File -
Whitelisted

Connections

DNS (4)
»
Operation Additional Information Success Count Logfile
Resolve Name host = www.maga.style, service = 80 False 1
Fn
Resolve Name host = www.babyboomerrx.com, service = 80 False 1
Fn
Resolve Name host = www.sgnaturn.com, address_out = 198.54.121.5, service = 80 True 1
Fn
Resolve Name host = urlz.fr, address_out = 104.28.15.54 True 1 -
TCP Sessions (21)
»
Information Value
Total Data Sent 30.10 KB
Total Data Received 221.30 KB
Contacted Host Count 4
Contacted Hosts 104.28.15.54, 82.118.242.107, 198.54.121.5, 198.54.121.5:80
TCP Session #1
»
Information Value
Handle 0x578
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_TCP
Remote Address 198.54.121.5
Remote Port 80
Local Address 0.0.0.0
Local Port 49215
Data Sent 0.17 KB
Data Received 0.49 KB
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_TCP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 198.54.121.5, remote_port = 80 True 1
Fn
Send flags = NO_FLAG_SET, size = 170, size_out = 170 True 1
Fn
Data
Receive flags = NO_FLAG_SET, size = 2048000, size_out = 501 True 1
Fn
Data
Receive flags = NO_FLAG_SET, size = 2047499, 0 True 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #2
»
Information Value
Source PCAP
Stream ID 3
Remote Address 104.28.15.54
Remote Port 443
Local Address 192.168.0.13
Local Port 49162
Data Sent 1.08 KB
Data Received 2.57 KB
Time Highest Layer Additional Information Success
17.854797 s TCP Data Sent: 0.06 KB, Data Received: 0.06 KB True
17.875167 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
17.890641 s SSL Data Sent: 0.20 KB, Data Received: 0.05 KB True
17.908985 s TCP Data Sent: 0.05 KB, Data Received: 0.10 KB True
17.958424 s SSL Data Sent: 0.18 KB, Data Received: 0.10 KB True
18.198677 s TCP Data Sent: 0.06 KB, Data Received: 0.66 KB True
18.877775 s SSL Data Sent: 0.32 KB, Data Received: 0.05 KB True
18.960576 s TCP Data Sent: 0.05 KB, Data Received: 0.00 KB False
19.014227 s TCP Data Sent: 0.05 KB, Data Received: 0.05 KB True
19.029436 s TCP Data Sent: 0.05 KB, Data Received: 0.00 KB False
TCP Session #3
»
Information Value
Source PCAP
Stream ID 9
Remote Address 104.28.15.54
Remote Port 443
Local Address 192.168.0.13
Local Port 49168
Data Sent 1.40 KB
Data Received 1.44 KB
Time Highest Layer Additional Information Success
23.279329 s TCP Data Sent: 0.06 KB, Data Received: 0.06 KB True
23.299856 s TCP Data Sent: 0.05 KB, Data Received: 0.19 KB True
23.300960 s SSL Data Sent: 0.23 KB, Data Received: 0.05 KB True
23.320489 s SSL Data Sent: 0.10 KB, Data Received: 0.41 KB True
23.327051 s SSL Data Sent: 0.36 KB, Data Received: 0.05 KB True
23.612486 s TCP Data Sent: 0.05 KB, Data Received: 0.09 KB True
28.950873 s SSL Data Sent: 0.38 KB, Data Received: 0.53 KB True
28.985948 s TCP Data Sent: 0.05 KB, Data Received: 0.00 KB False
28.986635 s TCP Data Sent: 0.05 KB, Data Received: 0.05 KB True
29.006377 s TCP Data Sent: 0.05 KB, Data Received: 0.00 KB False
TCP Session #4
»
Information Value
Source PCAP
Stream ID 12
Remote Address 82.118.242.107
Remote Port 80
Local Address 192.168.0.13
Local Port 49171
Data Sent 1.28 KB
Data Received 1.28 KB
Time Highest Layer Additional Information Success
26.087885 s TCP Data Sent: 0.06 KB, Data Received: 0.06 KB True
26.138146 s TCP Data Sent: 0.05 KB, Data Received: 0.05 KB True
26.183772 s HTTP Data Sent: 0.28 KB, Data Received: 0.05 KB True
26.436112 s TCP Data Sent: 0.05 KB, Data Received: 0.34 KB True
26.477061 s TCP Data Sent: 0.05 KB, Data Received: 0.00 KB False
29.297223 s HTTP Data Sent: 0.28 KB, Data Received: 0.34 KB True
29.556081 s TCP Data Sent: 0.05 KB, Data Received: 0.00 KB False
30.891659 s HTTP Data Sent: 0.28 KB, Data Received: 0.34 KB True
31.147380 s TCP Data Sent: 0.05 KB, Data Received: 0.05 KB True
45.953737 s TCP Data Sent: 0.05 KB, Data Received: 0.00 KB False
45.954086 s TCP Data Sent: 0.05 KB, Data Received: 0.05 KB True
TCP Session #5
»
Information Value
Source PCAP
Stream ID 13
Remote Address 104.28.15.54
Remote Port 443
Local Address 192.168.0.13
Local Port 49172
Data Sent 3.30 KB
Data Received 4.54 KB
Time Highest Layer Additional Information Success
28.065441 s TCP Data Sent: 0.06 KB, Data Received: 0.06 KB True
28.081520 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
28.084598 s SSL Data Sent: 0.20 KB, Data Received: 0.05 KB True
28.104428 s TCP Data Sent: 0.05 KB, Data Received: 0.58 KB True
28.111388 s SSL Data Sent: 0.18 KB, Data Received: 0.10 KB True
28.143438 s SSL Data Sent: 0.42 KB, Data Received: 0.05 KB True
28.432897 s TCP Data Sent: 0.05 KB, Data Received: 0.58 KB True
28.448683 s TCP Data Sent: 0.06 KB, Data Received: 0.41 KB True
28.526374 s SSL Data Sent: 0.36 KB, Data Received: 0.05 KB True
28.822932 s TCP Data Sent: 0.05 KB, Data Received: 0.44 KB True
29.456083 s SSL Data Sent: 0.48 KB, Data Received: 0.05 KB True
29.739539 s SSL Data Sent: 0.36 KB, Data Received: 0.05 KB True
29.913633 s SSL Data Sent: 0.45 KB, Data Received: 0.05 KB True
30.180097 s TCP Data Sent: 0.05 KB, Data Received: 0.53 KB True
30.259814 s SSL Data Sent: 0.36 KB, Data Received: 0.05 KB True
30.302657 s TCP Data Sent: 0.05 KB, Data Received: 0.00 KB False
30.303248 s TCP Data Sent: 0.05 KB, Data Received: 0.00 KB False
TCP Session #6
»
Information Value
Source PCAP
Stream ID 14
Remote Address 82.118.242.107
Remote Port 80
Local Address 192.168.0.13
Local Port 49173
Data Sent 1.08 KB
Data Received 3.51 KB
Time Highest Layer Additional Information Success
28.252404 s TCP Data Sent: 0.06 KB, Data Received: 0.06 KB True
28.300804 s TCP Data Sent: 0.05 KB, Data Received: 0.05 KB True
28.347083 s HTTP Data Sent: 0.42 KB, Data Received: 0.05 KB True
28.394177 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
28.394499 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
28.394686 s TCP Data Sent: 0.05 KB, Data Received: 0.00 KB False
28.626662 s HTTP Data Sent: 0.28 KB, Data Received: 0.34 KB True
28.676175 s TCP Data Sent: 0.05 KB, Data Received: 0.05 KB True
28.723439 s TCP Data Sent: 0.05 KB, Data Received: 0.00 KB False
TCP Session #7
»
Information Value
Source PCAP
Stream ID 15
Remote Address 104.28.15.54
Remote Port 443
Local Address 192.168.0.13
Local Port 49174
Data Sent 1.34 KB
Data Received 0.88 KB
Time Highest Layer Additional Information Success
29.061866 s TCP Data Sent: 0.06 KB, Data Received: 0.06 KB True
29.081422 s TCP Data Sent: 0.05 KB, Data Received: 0.19 KB True
29.081908 s SSL Data Sent: 0.23 KB, Data Received: 0.05 KB True
29.105711 s SSL Data Sent: 0.10 KB, Data Received: 0.41 KB True
29.110381 s SSL Data Sent: 0.36 KB, Data Received: 0.05 KB True
29.271574 s SSL Data Sent: 0.38 KB, Data Received: 0.05 KB True
29.354029 s TCP Data Sent: 0.05 KB, Data Received: 0.00 KB False
29.363951 s TCP Data Sent: 0.05 KB, Data Received: 0.05 KB True
29.395325 s TCP Data Sent: 0.05 KB, Data Received: 0.00 KB False
TCP Session #8
»
Information Value
Source PCAP
Stream ID 16
Remote Address 104.28.15.54
Remote Port 443
Local Address 192.168.0.13
Local Port 49175
Data Sent 0.98 KB
Data Received 0.94 KB
Time Highest Layer Additional Information Success
29.362766 s TCP Data Sent: 0.06 KB, Data Received: 0.06 KB True
29.379601 s TCP Data Sent: 0.05 KB, Data Received: 0.19 KB True
29.380167 s SSL Data Sent: 0.23 KB, Data Received: 0.05 KB True
29.398145 s SSL Data Sent: 0.10 KB, Data Received: 0.53 KB True
29.403941 s SSL Data Sent: 0.38 KB, Data Received: 0.05 KB True
29.441527 s TCP Data Sent: 0.05 KB, Data Received: 0.00 KB False
29.443172 s TCP Data Sent: 0.05 KB, Data Received: 0.05 KB True
29.461784 s TCP Data Sent: 0.05 KB, Data Received: 0.00 KB False
TCP Session #9
»
Information Value
Source PCAP
Stream ID 17
Remote Address 82.118.242.107
Remote Port 80
Local Address 192.168.0.13
Local Port 49176
Data Sent 1.01 KB
Data Received 0.55 KB
Time Highest Layer Additional Information Success
29.559573 s TCP Data Sent: 0.06 KB, Data Received: 0.06 KB True
29.607221 s TCP Data Sent: 0.05 KB, Data Received: 0.05 KB True
29.653411 s HTTP Data Sent: 0.51 KB, Data Received: 0.05 KB True
29.827804 s HTTP Data Sent: 0.28 KB, Data Received: 0.34 KB True
29.899546 s TCP Data Sent: 0.05 KB, Data Received: 0.05 KB True
29.944884 s TCP Data Sent: 0.05 KB, Data Received: 0.00 KB False
TCP Session #10
»
Information Value
Source PCAP
Stream ID 18
Remote Address 104.28.15.54
Remote Port 443
Local Address 192.168.0.13
Local Port 49177
Data Sent 0.98 KB
Data Received 0.94 KB
Time Highest Layer Additional Information Success
30.126269 s TCP Data Sent: 0.06 KB, Data Received: 0.06 KB True
30.143556 s TCP Data Sent: 0.05 KB, Data Received: 0.19 KB True
30.144049 s SSL Data Sent: 0.23 KB, Data Received: 0.05 KB True
30.165113 s SSL Data Sent: 0.10 KB, Data Received: 0.53 KB True
30.168683 s SSL Data Sent: 0.38 KB, Data Received: 0.05 KB True
30.255535 s TCP Data Sent: 0.05 KB, Data Received: 0.00 KB False
30.256763 s TCP Data Sent: 0.05 KB, Data Received: 0.05 KB True
30.295134 s TCP Data Sent: 0.05 KB, Data Received: 0.00 KB False
TCP Session #11
»
Information Value
Source PCAP
Stream ID 19
Remote Address 104.28.15.54
Remote Port 443
Local Address 192.168.0.13
Local Port 49178
Data Sent 1.11 KB
Data Received 2.33 KB
Time Highest Layer Additional Information Success
30.318628 s TCP Data Sent: 0.06 KB, Data Received: 0.06 KB True
30.336565 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
30.337193 s SSL Data Sent: 0.23 KB, Data Received: 0.05 KB True
30.358805 s TCP Data Sent: 0.05 KB, Data Received: 0.53 KB True
30.370332 s SSL Data Sent: 0.18 KB, Data Received: 0.10 KB True
30.391487 s SSL Data Sent: 0.38 KB, Data Received: 0.05 KB True
30.474065 s TCP Data Sent: 0.05 KB, Data Received: 0.00 KB False
30.475529 s TCP Data Sent: 0.05 KB, Data Received: 0.05 KB True
30.494390 s TCP Data Sent: 0.05 KB, Data Received: 0.00 KB False
TCP Session #12
»
Information Value
Source PCAP
Stream ID 20
Remote Address 104.28.15.54
Remote Port 443
Local Address 192.168.0.13
Local Port 49179
Data Sent 0.98 KB
Data Received 1.18 KB
Time Highest Layer Additional Information Success
30.747039 s TCP Data Sent: 0.06 KB, Data Received: 0.06 KB True
30.765937 s TCP Data Sent: 0.05 KB, Data Received: 0.19 KB True
30.766571 s SSL Data Sent: 0.23 KB, Data Received: 0.05 KB True
30.785765 s SSL Data Sent: 0.10 KB, Data Received: 0.41 KB True
30.792742 s SSL Data Sent: 0.36 KB, Data Received: 0.05 KB True
31.038096 s TCP Data Sent: 0.05 KB, Data Received: 0.41 KB True
31.051237 s TCP Data Sent: 0.06 KB, Data Received: 0.00 KB False
154.227349 s TCP Data Sent: 0.05 KB, Data Received: 0.00 KB False
TCP Session #13
»
Information Value
Source PCAP
Stream ID 21
Remote Address 104.28.15.54
Remote Port 443
Local Address 192.168.0.13
Local Port 49180
Data Sent 1.98 KB
Data Received 3.06 KB
Time Highest Layer Additional Information Success
30.953328 s TCP Data Sent: 0.06 KB, Data Received: 0.06 KB True
30.970159 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
30.971008 s SSL Data Sent: 0.23 KB, Data Received: 0.05 KB True
30.992008 s TCP Data Sent: 0.05 KB, Data Received: 0.00 KB False
31.003410 s SSL Data Sent: 0.18 KB, Data Received: 0.10 KB True
31.029852 s SSL Data Sent: 0.48 KB, Data Received: 0.44 KB True
31.256549 s TCP Data Sent: 0.05 KB, Data Received: 0.41 KB True
31.259325 s SSL Data Sent: 0.36 KB, Data Received: 0.05 KB True
31.630884 s TCP Data Sent: 0.05 KB, Data Received: 0.41 KB True
58.301821 s SSL Data Sent: 0.36 KB, Data Received: 0.05 KB True
58.673267 s TCP Data Sent: 0.05 KB, Data Received: 0.00 KB False
123.619782 s TCP Data Sent: 0.05 KB, Data Received: 0.00 KB False
TCP Session #14
»
Information Value
Source PCAP
Stream ID 22
Remote Address 82.118.242.107
Remote Port 80
Local Address 192.168.0.13
Local Port 49181
Data Sent 1.01 KB
Data Received 0.55 KB
Time Highest Layer Additional Information Success
31.067790 s TCP Data Sent: 0.06 KB, Data Received: 0.06 KB True
31.116407 s TCP Data Sent: 0.05 KB, Data Received: 0.05 KB True
31.161781 s HTTP Data Sent: 0.51 KB, Data Received: 0.05 KB True
31.423150 s HTTP Data Sent: 0.28 KB, Data Received: 0.34 KB True
31.472700 s TCP Data Sent: 0.05 KB, Data Received: 0.05 KB True
31.529510 s TCP Data Sent: 0.05 KB, Data Received: 0.00 KB False
TCP Session #15
»
Information Value
Source PCAP
Stream ID 24
Remote Address 104.28.15.54
Remote Port 443
Local Address 192.168.0.13
Local Port 49182
Data Sent 1.23 KB
Data Received 2.24 KB
Time Highest Layer Additional Information Success
42.407951 s TCP Data Sent: 0.06 KB, Data Received: 0.06 KB True
42.533877 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
42.552056 s SSL Data Sent: 0.20 KB, Data Received: 0.05 KB True
42.570491 s TCP Data Sent: 0.05 KB, Data Received: 0.10 KB True
42.578275 s SSL Data Sent: 0.18 KB, Data Received: 0.10 KB True
43.502819 s TCP Data Sent: 0.06 KB, Data Received: 0.00 KB False
43.502882 s TCP Data Sent: 0.06 KB, Data Received: 0.00 KB False
44.365615 s SSL Data Sent: 0.46 KB, Data Received: 0.44 KB True
44.610084 s TCP Data Sent: 0.05 KB, Data Received: 0.00 KB False
46.088765 s TCP Data Sent: 0.05 KB, Data Received: 0.00 KB False
TCP Session #16
»
Information Value
Source PCAP
Stream ID 25
Remote Address 82.118.242.107
Remote Port 80
Local Address 192.168.0.13
Local Port 49183
Data Sent 0.62 KB
Data Received 0.16 KB
Time Highest Layer Additional Information Success
44.417315 s TCP Data Sent: 0.06 KB, Data Received: 0.06 KB True
44.463610 s TCP Data Sent: 0.05 KB, Data Received: 0.05 KB True
44.513471 s HTTP Data Sent: 0.39 KB, Data Received: 0.05 KB True
44.561192 s TCP Data Sent: 0.05 KB, Data Received: 0.00 KB False
46.089517 s TCP Data Sent: 0.05 KB, Data Received: 0.00 KB False
TCP Session #17
»
Information Value
Source PCAP
Stream ID 27
Remote Address 82.118.242.107
Remote Port 80
Local Address 192.168.0.13
Local Port 49184
Data Sent 7.81 KB
Data Received 191.26 KB
Time Highest Layer Additional Information Success
49.775483 s TCP Data Sent: 0.06 KB, Data Received: 0.06 KB True
49.820558 s TCP Data Sent: 0.05 KB, Data Received: 0.05 KB True
49.865374 s HTTP Data Sent: 0.37 KB, Data Received: 0.05 KB True
49.911768 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
49.912038 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
49.912245 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
The remaining entries of this session are omitted for performance reasons and can be found in analysis.pcap .
The remaining 3 entries are omitted for performance reasons and can be found in glog.xml or analysis.pcap .
UDP Sessions (4)
»
Total Data Sent 0.29 KB
Total Data Received 0.54 KB
Contacted Host Count 1
Contacted Hosts 192.168.0.1
UDP Session #1
»
Information Value
Source PCAP
Stream ID 48
Remote Address 192.168.0.1
Remote Port 53
Local Address 192.168.0.13
Local Port 52018
Data Sent 0.07 KB
Data Received 0.10 KB
Time Highest Layer Additional Information Success
17.841519 s DNS Data Sent: 0.07 KB, Data Received: 0.10 KB True
UDP Session #2
»
Information Value
Source PCAP
Stream ID 436
Remote Address 192.168.0.1
Remote Port 53
Local Address 192.168.0.13
Local Port 55589
Data Sent 0.07 KB
Data Received 0.14 KB
Time Highest Layer Additional Information Success
223.148083 s DNS Data Sent: 0.07 KB, Data Received: 0.14 KB True
UDP Session #3
»
Information Value
Source PCAP
Stream ID 326
Remote Address 192.168.0.1
Remote Port 53
Local Address 192.168.0.13
Local Port 64475
Data Sent 0.07 KB
Data Received 0.15 KB
Time Highest Layer Additional Information Success
186.359650 s DNS Data Sent: 0.07 KB, Data Received: 0.15 KB True
UDP Session #4
»
Information Value
Source PCAP
Stream ID 349
Remote Address 192.168.0.1
Remote Port 53
Local Address 192.168.0.13
Local Port 61955
Data Sent 0.08 KB
Data Received 0.15 KB
Time Highest Layer Additional Information Success
202.807129 s DNS Data Sent: 0.08 KB, Data Received: 0.15 KB True
HTTP Sessions (3)
»
Information Value
Total Data Sent 0.83 KB
Total Data Received 1.24 MB
Contacted Host Count 2
Contacted Hosts 82.118.242.107, www.sgnaturn.com
HTTP Session #1
»
Information Value
Source Function Log
User Agent Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.3; Win64; x64; Trident/7.0; .NET4.0E; .NET4.0C; .NET CLR 3.5.30729; .NET CLR 2.0.50727; .NET CLR 3.0.30729)
Server Name 82.118.242.107
Server Port 80
Data Sent 0.33 KB
Data Received 632.26 KB
Operation Additional Information Success Count Logfile
Open Session user_agent = Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.3; Win64; x64; Trident/7.0; .NET4.0E; .NET4.0C; .NET CLR 3.5.30729; .NET CLR 2.0.50727; .NET CLR 3.0.30729), access_type = WINHTTP_ACCESS_TYPE_NO_PROXY, proxy_name = WINHTTP_NO_PROXY_NAME, proxy_bypass = WINHTTP_NO_PROXY_BYPASS True 1
Fn
Open Connection protocol = http, server_name = 82.118.242.107, server_port = 80 True 1
Fn
Open HTTP Request http_verb = GET, http_version = HTTP 1.1, target_resource = /~able/1_ga/al/al.exe True 1
Fn
Send HTTP Request url = http://82.118.242.107/~able/1_ga/al/al.exe True 1
Fn
Receive HTTP Status status = 200 True 1
Fn
Read Response size_out = 647432 True 1
Fn
Data
HTTP Session #2
»
Information Value
Source Function Log
Server Name www.sgnaturn.com
Server Port 80
Data Sent 0.17 KB
Data Received 0.49 KB
Operation Additional Information Success Count Logfile
Open Session access_type = WINHTTP_ACCESS_TYPE_NO_PROXY, proxy_name = WINHTTP_NO_PROXY_NAME, proxy_bypass = WINHTTP_NO_PROXY_BYPASS True 1
Fn
Open Connection protocol = http, server_name = www.sgnaturn.com, server_port = 80 True 1
Fn
Open HTTP Request http_verb = GET, http_version = HTTP/1.1, target_resource = /al/?Kp2L=6gVvmFPDoiNbAIhnhTeuXmZIQvIKuazDxjJR9H5MhAeFNhXp9sPapi0HkLC6+HTKwqelpMhjL3Y=&fbc8=EFQdiN_822M True 1
Fn
Send HTTP Request headers = host: www.sgnaturn.com, connection: close, url = www.sgnaturn.com/al/?Kp2L=6gVvmFPDoiNbAIhnhTeuXmZIQvIKuazDxjJR9H5MhAeFNhXp9sPapi0HkLC6+HTKwqelpMhjL3Y=&fbc8=EFQdiN_822M True 1
Fn
Data
Read Response size = 2048000, size_out = 501 True 1
Fn
Data
Read Response size = 2047499, 0 True 1
Fn
Close Session - True 1
Fn
HTTP Session #3
»
Information Value
Source Function Log
User Agent Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.3; Win64; x64; Trident/7.0; .NET4.0E; .NET4.0C; .NET CLR 3.5.30729; .NET CLR 2.0.50727; .NET CLR 3.0.30729)
Server Name 82.118.242.107
Server Port 80
Data Sent 0.33 KB
Data Received 632.26 KB
Operation Additional Information Success Count Logfile
Open Session user_agent = Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.3; Win64; x64; Trident/7.0; .NET4.0E; .NET4.0C; .NET CLR 3.5.30729; .NET CLR 2.0.50727; .NET CLR 3.0.30729), access_type = WINHTTP_ACCESS_TYPE_NO_PROXY, proxy_name = WINHTTP_NO_PROXY_NAME, proxy_bypass = WINHTTP_NO_PROXY_BYPASS True 1
Fn
Open Connection protocol = http, server_name = 82.118.242.107, server_port = 80 True 1
Fn
Open HTTP Request http_verb = GET, http_version = HTTP 1.1, target_resource = /~able/1_ga/al/al.exe True 1
Fn
Send HTTP Request url = http://82.118.242.107/~able/1_ga/al/al.exe True 1
Fn
Receive HTTP Status status = 200 True 1
Fn
Read Response size_out = 647432 True 1
Fn
Data
Exit-Icon
WHOIS Domain Information
Domain Name
WHOIS Response 

       		
      

     

    

   

  

  

  

  

   

    
    

     Function Logfile
    

    

     

      Download-Icon
     

    

    

     Exit-Icon
    

   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    Before
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    After
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    

     
      

       
       
       
       
      

     
     
     
    

   

  

  

   

    
    

     Screenshot
    

    

     Expand-Icon
    

    

     Exit-Icon
    

   

   

    

     icon_left
    

    

     icon_left
    

   

   

   

   

    image