5033eee2...473f | Network
Logo
Try VMRay Analyzer
VTI SCORE: 93/100
Dynamic Analysis Report
Classification: Riskware, Trojan, Ransomware

5033eee2021d3fb2512550cfafe62b39ae232e4815fc78c976d1a2f9f656473f (SHA256)

asdfc4.exe

Windows Exe (x86-32)

Created at 2018-08-28 18:43:00

...

Notifications (2/3)

Some extracted files may be missing in the report since the maximum number of extracted files was reached during the analysis. You can increase the limit in the configuration settings.

The maximum number of reputation file hash requests (20 per analysis) was exceeded. As a result, the reputation status could not be queried for all file hashes. In order to get the reputation status for all file hashes, please increase the 'Max File Hash Requests' setting in the system configurations.

The operating system was rebooted during the analysis.

Network Overview

Hosts (5)
»
Hostname IP Address Location Protocols Reputation Status WHOIS Data
smtp.zoho.eu 185.20.209.34 Switzerland TCP, UDP
Unknown
Show WHOIS
config.edge.skype.com, s-0001.s-msedge.net 13.107.3.128 - TCP, UDP
Unknown
Show WHOIS
client-office365-tas.msedge.net, afdo-tas-offload.trafficmanager.net, vip5.afdorigin-prod-bl02.afdogw.com 40.121.213.159 - TCP, UDP
Unknown
Show WHOIS
- 157.56.120.208 - UDP
Not Queried
Not Queried
- 95.222.164.48 - UDP
Not Queried
Not Queried
DNS Queries (3)
»
Hostname Categories Names Source Reputation Status
smtp.zoho.eu - - Function Log
Unknown
config.edge.skype.com - - PCAP
Unknown
client-office365-tas.msedge.net - - PCAP
Unknown

Connections

DNS (3)
»
Operation Additional Information Success Count Logfile
Resolve Name host = smtp.zoho.eu, address_out = 185.20.209.34 True 1
Fn
Resolve Name host = client-office365-tas.msedge.net, address_out = 40.121.213.159 True 1 -
Resolve Name host = config.edge.skype.com, address_out = 13.107.3.128 True 1 -
TCP Sessions (3)
»
Information Value
Total Data Sent 7.87 KB
Total Data Received 26.22 KB
Contacted Host Count 3
Contacted Hosts 185.20.209.34, 40.121.213.159, 13.107.3.128
TCP Session #1
»
Information Value
Source PCAP
Stream ID 2
Remote Address 185.20.209.34
Remote Port 587
Local Address 192.168.0.24
Local Port 49428
Data Sent 4.81 KB
Data Received 5.03 KB
Time Highest Layer Additional Information Success
149.804547 s TCP Data Sent: 0.06 KB, Data Received: 0.06 KB True
149.842322 s TCP Data Sent: 0.05 KB, Data Received: 0.12 KB True
149.896644 s SMTP Data Sent: 0.07 KB, Data Received: 0.05 KB True
149.931210 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
149.932632 s SMTP Data Sent: 0.06 KB, Data Received: 0.08 KB True
150.039324 s SSL Data Sent: 0.17 KB, Data Received: 1.48 KB True
150.077113 s TCP Data Sent: 0.05 KB, Data Received: 0.10 KB True
150.083384 s SSL Data Sent: 0.18 KB, Data Received: 0.30 KB True
150.220042 s TCP Data Sent: 0.05 KB, Data Received: 0.10 KB True
150.559989 s SSL Data Sent: 0.10 KB, Data Received: 0.17 KB True
150.599890 s TCP Data Sent: 0.05 KB, Data Received: 0.00 KB False
150.608285 s SSL Data Sent: 0.12 KB, Data Received: 0.10 KB True
150.643659 s SSL Data Sent: 0.10 KB, Data Received: 0.12 KB True
150.682164 s SSL Data Sent: 0.12 KB, Data Received: 0.12 KB True
150.715853 s SSL Data Sent: 0.12 KB, Data Received: 0.14 KB True
150.749423 s SSL Data Sent: 0.09 KB, Data Received: 0.14 KB True
150.808876 s SSL Data Sent: 0.29 KB, Data Received: 0.10 KB True
150.811773 s SSL Data Sent: 1.09 KB, Data Received: 0.10 KB True
150.812292 s SSL Data Sent: 1.09 KB, Data Received: 0.10 KB True
150.812903 s SSL Data Sent: 0.51 KB, Data Received: 0.05 KB True
150.813355 s SSL Data Sent: 0.09 KB, Data Received: 0.05 KB True
150.813812 s SSL Data Sent: 0.09 KB, Data Received: 0.05 KB True
151.575901 s TCP Data Sent: 0.06 KB, Data Received: 0.00 KB False
151.576028 s TCP Data Sent: 0.06 KB, Data Received: 0.00 KB False
152.345349 s TCP Data Sent: 0.05 KB, Data Received: 0.00 KB False
TCP Session #2
»
Information Value
Source PCAP
Stream ID 7
Remote Address 40.121.213.159
Remote Port 443
Local Address 192.168.0.24
Local Port 49415
Data Sent 1.57 KB
Data Received 12.00 KB
Time Highest Layer Additional Information Success
231.009517 s TCP Data Sent: 0.06 KB, Data Received: 0.06 KB True
231.117014 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
231.251050 s SSL Data Sent: 0.25 KB, Data Received: 1.48 KB True
231.358827 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
231.359341 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
231.363464 s SSL Data Sent: 0.18 KB, Data Received: 0.10 KB True
231.536985 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
231.668723 s SSL Data Sent: 0.66 KB, Data Received: 1.48 KB True
231.785212 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
231.886371 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
231.886548 s TCP Data Sent: 0.05 KB, Data Received: 0.00 KB False
231.886682 s TCP Data Sent: 0.05 KB, Data Received: 0.00 KB False
TCP Session #3
»
Information Value
Source PCAP
Stream ID 8
Remote Address 13.107.3.128
Remote Port 443
Local Address 192.168.0.24
Local Port 49416
Data Sent 1.48 KB
Data Received 9.20 KB
Time Highest Layer Additional Information Success
231.031660 s TCP Data Sent: 0.06 KB, Data Received: 0.06 KB True
231.059423 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
231.251814 s SSL Data Sent: 0.24 KB, Data Received: 0.05 KB True
231.287160 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
231.287620 s TCP Data Sent: 0.05 KB, Data Received: 0.10 KB True
231.299264 s SSL Data Sent: 0.18 KB, Data Received: 0.05 KB True
231.427692 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
231.667906 s SSL Data Sent: 0.58 KB, Data Received: 0.05 KB True
231.708592 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
231.708827 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
231.709236 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
231.709745 s TCP Data Sent: 0.05 KB, Data Received: 0.00 KB False
UDP Sessions (5)
»
Total Data Sent 0.54 KB
Total Data Received 0.85 KB
Contacted Host Count 2
Contacted Hosts 192.168.0.1, 157.56.120.208
UDP Session #1
»
Information Value
Source PCAP
Stream ID 355
Remote Address 192.168.0.1
Remote Port 53
Local Address 192.168.0.24
Local Port 57208
Data Sent 0.09 KB
Data Received 0.20 KB
Time Highest Layer Additional Information Success
230.839996 s DNS Data Sent: 0.09 KB, Data Received: 0.20 KB True
UDP Session #2
»
Information Value
Source PCAP
Stream ID 356
Remote Address 192.168.0.1
Remote Port 53
Local Address 192.168.0.24
Local Port 59866
Data Sent 0.08 KB
Data Received 0.13 KB
Time Highest Layer Additional Information Success
230.852430 s DNS Data Sent: 0.08 KB, Data Received: 0.13 KB True
UDP Session #3
»
Information Value
Source PCAP
Stream ID 230
Remote Address 192.168.0.1
Remote Port 53
Local Address 192.168.0.24
Local Port 59144
Data Sent 0.07 KB
Data Received 0.09 KB
Time Highest Layer Additional Information Success
149.738630 s DNS Data Sent: 0.07 KB, Data Received: 0.09 KB True
UDP Session #4
»
Information Value
Source PCAP
Stream ID 41
Remote Address 157.56.120.208
Remote Port 3544
Local Address 192.168.0.24
Local Port 65448
Data Sent 0.20 KB
Data Received 0.29 KB
Time Highest Layer Additional Information Success
35.342900 s ICMPV6 Data Sent: 0.10 KB, Data Received: 0.15 KB True
167.725968 s ICMPV6 Data Sent: 0.10 KB, Data Received: 0.15 KB True
UDP Session #5
»
Information Value
Source PCAP
Stream ID 47
Remote Address 157.56.120.208
Remote Port 3544
Local Address 192.168.0.24
Local Port 55795
Data Sent 0.10 KB
Data Received 0.15 KB
Time Highest Layer Additional Information Success
35.543138 s ICMPV6 Data Sent: 0.10 KB, Data Received: 0.15 KB True
HTTP Sessions (1)
»
Information Value
Total Data Sent 0.15 KB
Total Data Received 0.23 KB
Contacted Host Count 1
Contacted Hosts www.msftncsi.com
HTTP Session #1
»
Information Value
Source PCAP
User Agent Microsoft NCSI
Stream ID 6
Server Name www.msftncsi.com
Server Port 80
Data Sent 0.15 KB
Data Received 0.23 KB
Time Operation Additional Information Success
229.576754 s Open Connection protocol = http, server_name = www.msftncsi.com, server_port = 80 True
229.576754 s Open HTTP Request http_verb = GET, http_version = HTTP/1.1, target_resource = /ncsi.txt True
229.576754 s Send HTTP Request headers = host: www.msftncsi.com, user_agent: Microsoft NCSI, url = http://www.msftncsi.com/ncsi.txt True
229.598220 s Read Response HTTP Status Code = 200 True
Exit-Icon
WHOIS Domain Information
Domain Name
WHOIS Response 

       		
      

     

    

   

  

  

  

  

   

    
    

     Function Logfile
    

    

     

      Download-Icon
     

    

    

     Exit-Icon
    

   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    Before
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    After
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    

     
      

       
       
       
       
      

     
     
     
    

   

  

  

   

    
    

     Screenshot
    

    

     Expand-Icon
    

    

     Exit-Icon
    

   

   

    

     icon_left
    

    

     icon_left
    

   

   

   

   

    image