8de41ace...fe11 | Network

8de41ace...fe11 | Network

Try VMRay Analyzer

VTI SCORE: 98/100

Target:

win7_32_sp1 | exe

Classification:

Trojan, Spyware, Downloader

8de41ace64ef22a1c4755070befebf33082bee0ab6f3a236654937f6d56bfe11 (SHA256)

3838612080743901967.exe

Windows Exe (x86-32)

Created at 2018-04-11 09:22:00

Connection Overview

Contacted Hosts (1)

»

Hostname	IP Address	Location	Protocols	Reputation Status	WHOIS Data
tnaapparels.com	192.95.7.159	Montréal (Canada)	HTTP, DNS, TCP	Has Blacklisted URL	Show WHOIS

Contacted URLs (2)

»

URL	Categories	Names	HTTP Status Code	Reputation Status
tnaapparels.com/44/panel/44.exe	Malware	Mal/HTMLGen-A	HTTP_STATUS_NOT_FOUND (404)	Blacklisted
tnaapparels.com/44/panel/gate.php	Malware	Mal/HTMLGen-A	HTTP_STATUS_OK (200)	Blacklisted

Connections

DNS (2)

»

Operation	Additional Information	Success	Count	Logfile
Resolve Name	host = tnaapparels.com, address_out = 192.95.7.159		2	Fn

TCP Sessions (2)

»

Information	Value
Total Data Sent	0.71 KB
Total Data Received	0.63 KB
Contacted Host Count	1
Contacted Hosts	192.95.7.159:80

TCP Session #1

»

Information	Value
Handle	0x258
Address Family	AF_INET
Type	SOCK_STREAM
Protocol	IPPROTO_TCP
Remote Address	192.95.7.159
Remote Port	80
Local Address	0.0.0.0
Local Port	49158
Data Sent	0.53 KB
Data Received	0.15 KB

Operation	Additional Information	Success	Count	Logfile
Create	protocol = IPPROTO_TCP, address_family = AF_INET, type = SOCK_STREAM		1	Fn
Connect	remote_address = 192.95.7.159, remote_port = 80		1	Fn
Send	flags = NO_FLAG_SET, size = 272, size_out = 272		1	Fn Data
Send	flags = NO_FLAG_SET, size = 273, size_out = 273		1	Fn Data
Receive	flags = NO_FLAG_SET, size = 1, size_out = 1		131	Fn Data
Receive	flags = NO_FLAG_SET, size = 2048, size_out = 20		1	Fn Data
Receive	flags = NO_FLAG_SET, size = 2048, size_out = 0		1	Fn
Close	type = SOCK_STREAM		1	Fn

TCP Session #2

»

Information	Value
Handle	0x258
Address Family	AF_INET
Type	SOCK_STREAM
Protocol	IPPROTO_TCP
Remote Address	192.95.7.159
Remote Port	80
Local Address	0.0.0.0
Local Port	49158
Data Sent	0.18 KB
Data Received	0.48 KB

Operation	Additional Information	Success	Count	Logfile
Create	protocol = IPPROTO_TCP, address_family = AF_INET, type = SOCK_STREAM		1	Fn
Connect	remote_address = 192.95.7.159, remote_port = 80		1	Fn
Send	flags = NO_FLAG_SET, size = 182, size_out = 182		1	Fn Data
Receive	flags = NO_FLAG_SET, size = 1, size_out = 1		164	Fn Data
Receive	flags = NO_FLAG_SET, size = 332, size_out = 332		1	Fn Data
Close	type = SOCK_STREAM		1	Fn

HTTP Sessions (2)

»

Information	Value
Total Data Sent	0.44 KB
Total Data Received	0.48 KB
Contacted Host Count	1
Contacted Hosts	tnaapparels.com

HTTP Session #1

»

Information	Value
User Agent	Mozilla/4.0 (compatible; MSIE 5.0; Windows 98)
Server Name	tnaapparels.com
Server Port	80
Data Sent	0.27 KB
Data Received	0.00 KB

Operation	Additional Information	Success	Count	Logfile
Open Session	user_agent = Mozilla/4.0 (compatible; MSIE 5.0; Windows 98), access_type = WINHTTP_ACCESS_TYPE_NO_PROXY, proxy_name = WINHTTP_NO_PROXY_NAME, proxy_bypass = WINHTTP_NO_PROXY_BYPASS		1	Fn
Open Connection	protocol = http, server_name = tnaapparels.com, server_port = 80		1	Fn
Open HTTP Request	http_verb = POST, http_version = HTTP/1.0, target_resource = /44/panel/gate.php		1	Fn
Send HTTP Request	headers = content-length: 273, accept-encoding: identity, ;q=0, content-encoding: binary, host: tnaapparels.com, accept: /*, user-agent: Mozilla/4.0 (compatible; MSIE 5.0; Windows 98), connection: close, content-type: application/octet-stream, url = tnaapparels.com/44/panel/gate.php		1	Fn Data

HTTP Session #2

»

Information	Value
User Agent	Mozilla/4.0 (compatible; MSIE 5.0; Windows 98)
Server Name	tnaapparels.com
Server Port	80
Data Sent	0.18 KB
Data Received	0.48 KB

Operation	Additional Information	Success	Count	Logfile
Open Session	user_agent = Mozilla/4.0 (compatible; MSIE 5.0; Windows 98), access_type = WINHTTP_ACCESS_TYPE_NO_PROXY, proxy_name = WINHTTP_NO_PROXY_NAME, proxy_bypass = WINHTTP_NO_PROXY_BYPASS		1	Fn
Open Connection	protocol = http, server_name = tnaapparels.com, server_port = 80		1	Fn
Open HTTP Request	http_verb = GET, http_version = HTTP/1.0, target_resource = /44/panel/44.exe		1	Fn
Send HTTP Request	headers = connection: close, host: tnaapparels.com, accept-encoding: identity, ;q=0, accept: /*, user-agent: Mozilla/4.0 (compatible; MSIE 5.0; Windows 98), url = tnaapparels.com/44/panel/44.exe		1	Fn Data
Read Response	size = 1, size_out = 1		164	Fn Data
Read Response	size = 332, size_out = 332		1	Fn Data
Close Session	-		1	Fn

WHOIS Domain Information

Function Logfile

This feature requires an online-connection to the VMRay backend.

An offline version with limited functionality is also provided.
The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".

Before

This feature requires an online-connection to the VMRay backend.

An offline version with limited functionality is also provided.
The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".

After

This feature requires an online-connection to the VMRay backend.

An offline version with limited functionality is also provided.
The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".

Screenshot