93986d4e...6dc4 | Network

93986d4e...6dc4 | Network

Try VMRay Analyzer

VTI SCORE: 91/100

Dynamic Analysis Report

Classification: Dropper, Spyware, Downloader

93986d4e88a8c12ff6844cb508223379756d44f9f8762e3298ef5a5c657a6dc4 (SHA256)

GlobalHack[RUEUNAVN][17.02.2019] .exe

Windows Exe (x86-32)

Created at 2019-02-17 13:35:00

Network Overview

Hosts (2)

»

Hostname	IP Address	Location	Protocols	Reputation Status	WHOIS Data
ip-api.com	54.38.92.92	France	HTTP, TCP	Not Queried	Not Queried
supermen22.beget.tech	5.101.152.252	Russian Federation	HTTP, TCP	Not Queried	Not Queried

URLs (9)

»

URL	Categories	Names	Source	HTTP Status Code	Reputation Status
HTTP://ip-api.com/line/	-	-	Function Log	-	Whitelisted
HTTP://supermen22.beget.tech/11	-	-	Function Log	-	Unknown
HTTP://supermen22.beget.tech/freebl3.dll	-	-	Function Log	-	Unknown
HTTP://supermen22.beget.tech/mozglue.dll	-	-	Function Log	-	Unknown
HTTP://supermen22.beget.tech/msvcp140.dll	-	-	Function Log	-	Unknown
HTTP://supermen22.beget.tech/nss3.dll	-	-	Function Log	-	Unknown
HTTP://supermen22.beget.tech/softokn3.dll	-	-	Function Log	-	Unknown
HTTP://supermen22.beget.tech/vcruntime140.dll	-	-	Function Log	-	Unknown
HTTP://supermen22.beget.tech/	-	-	Function Log	-	Unknown

Connections

HTTP Sessions (11)

»

Information	Value
Total Data Sent	2.01 KB
Total Data Received	1.06 MB
Contacted Host Count	2
Contacted Hosts	supermen22.beget.tech, ip-api.com

HTTP Session #1

»

Information	Value
Source	Function Log
Server Name	supermen22.beget.tech
Server Port	80
Data Sent	0.18 KB
Data Received	0.35 KB

Operation	Additional Information	Success	Count	Logfile
Open Session	access_type = INTERNET_OPEN_TYPE_PRECONFIG		1	Fn
Open Connection	protocol = HTTP, server_name = supermen22.beget.tech, server_port = 80		1	Fn
Open HTTP Request	http_verb = POST, http_version = HTTP 1.1, target_resource = /11, accept_types = 0, flags = INTERNET_FLAG_KEEP_CONNECTION		1	Fn
Add HTTP Request Headers	headers = Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, /;q=0.1		1	Fn
Add HTTP Request Headers	headers = Accept-Language: ru-RU,ru;q=0.9,en;q=0.8		1	Fn
Add HTTP Request Headers	headers = Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1		1	Fn
Add HTTP Request Headers	headers = Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0		1	Fn
Add HTTP Request Headers	headers = Content-Type: multipart/form-data; boundary=1BEF0A57BE110FD467A		1	Fn
Add HTTP Request Headers	headers = Content-Length: 25		1	Fn
Send HTTP Request	headers = WINHTTP_NO_ADDITIONAL_HEADERS, url = supermen22.beget.tech/11		1	Fn Data
Query HTTP Info	flags = HTTP_QUERY_REFRESH		1	Fn
Read Response	size = 1000, size_out = 354		1	Fn Data
Read Response	size = 1000, 0		1	Fn
Query HTTP Info	flags = HTTP_QUERY_CONTENT_ENCODING		1	Fn
Close Session	-		11	Fn

HTTP Session #2

»

Information	Value
Source	Function Log
Server Name	supermen22.beget.tech
Server Port	80
Data Sent	0.19 KB
Data Received	243.16 KB

Operation	Additional Information	Success	Count	Logfile
Open Session	access_type = INTERNET_OPEN_TYPE_PRECONFIG		1	Fn
Open Connection	protocol = HTTP, server_name = supermen22.beget.tech, server_port = 80		1	Fn
Open HTTP Request	http_verb = GET, http_version = HTTP 1.1, target_resource = /freebl3.dll, accept_types = 0, flags = INTERNET_FLAG_KEEP_CONNECTION		1	Fn
Add HTTP Request Headers	headers = Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, /;q=0.1		1	Fn
Add HTTP Request Headers	headers = Accept-Language: ru-RU,ru;q=0.9,en;q=0.8		1	Fn
Add HTTP Request Headers	headers = Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1		1	Fn
Add HTTP Request Headers	headers = Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0		1	Fn
Send HTTP Request	headers = WINHTTP_NO_ADDITIONAL_HEADERS, url = supermen22.beget.tech/freebl3.dll		1	Fn
Read Response	size = 1000, size_out = 1000		249	Fn Data
Query HTTP Info	flags = HTTP_QUERY_CONTENT_ENCODING		1	Fn
Close Session	-		11	Fn

HTTP Session #3

»

Information	Value
Source	Function Log
Server Name	supermen22.beget.tech
Server Port	80
Data Sent	0.19 KB
Data Received	133.95 KB

Operation	Additional Information	Success	Count	Logfile
Open Session	access_type = INTERNET_OPEN_TYPE_PRECONFIG		1	Fn
Open Connection	protocol = HTTP, server_name = supermen22.beget.tech, server_port = 80		1	Fn
Open HTTP Request	http_verb = GET, http_version = HTTP 1.1, target_resource = /mozglue.dll, accept_types = 0, flags = INTERNET_FLAG_KEEP_CONNECTION		1	Fn
Add HTTP Request Headers	headers = Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, /;q=0.1		1	Fn
Add HTTP Request Headers	headers = Accept-Language: ru-RU,ru;q=0.9,en;q=0.8		1	Fn
Add HTTP Request Headers	headers = Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1		1	Fn
Add HTTP Request Headers	headers = Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0		1	Fn
Send HTTP Request	headers = WINHTTP_NO_ADDITIONAL_HEADERS, url = supermen22.beget.tech/mozglue.dll		1	Fn
Read Response	size = 1000, size_out = 1000		137	Fn Data
Read Response	size = 1000, size_out = 168		1	Fn Data
Read Response	size = 1000, 0		1	Fn
Query HTTP Info	flags = HTTP_QUERY_CONTENT_ENCODING		1	Fn
Close Session	-		11	Fn

HTTP Session #4

»

Information	Value
Source	Function Log
Server Name	supermen22.beget.tech
Server Port	80
Data Sent	0.19 KB
Data Received	243.16 KB

Operation	Additional Information	Success	Count	Logfile
Open Session	access_type = INTERNET_OPEN_TYPE_PRECONFIG		1	Fn
Open Connection	protocol = HTTP, server_name = supermen22.beget.tech, server_port = 80		1	Fn
Open HTTP Request	http_verb = GET, http_version = HTTP 1.1, target_resource = /msvcp140.dll, accept_types = 0, flags = INTERNET_FLAG_KEEP_CONNECTION		1	Fn
Add HTTP Request Headers	headers = Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, /;q=0.1		1	Fn
Add HTTP Request Headers	headers = Accept-Language: ru-RU,ru;q=0.9,en;q=0.8		1	Fn
Add HTTP Request Headers	headers = Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1		1	Fn
Add HTTP Request Headers	headers = Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0		1	Fn
Send HTTP Request	headers = WINHTTP_NO_ADDITIONAL_HEADERS, url = supermen22.beget.tech/msvcp140.dll		1	Fn
Read Response	size = 1000, size_out = 1000		249	Fn Data
Query HTTP Info	flags = HTTP_QUERY_CONTENT_ENCODING		1	Fn
Close Session	-		11	Fn

HTTP Session #5

»

Information	Value
Source	Function Log
Server Name	supermen22.beget.tech
Server Port	80
Data Sent	0.19 KB
Data Received	243.16 KB

Operation	Additional Information	Success	Count	Logfile
Open Session	access_type = INTERNET_OPEN_TYPE_PRECONFIG		1	Fn
Open Connection	protocol = HTTP, server_name = supermen22.beget.tech, server_port = 80		1	Fn
Open HTTP Request	http_verb = GET, http_version = HTTP 1.1, target_resource = /nss3.dll, accept_types = 0, flags = INTERNET_FLAG_KEEP_CONNECTION		1	Fn
Add HTTP Request Headers	headers = Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, /;q=0.1		1	Fn
Add HTTP Request Headers	headers = Accept-Language: ru-RU,ru;q=0.9,en;q=0.8		1	Fn
Add HTTP Request Headers	headers = Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1		1	Fn
Add HTTP Request Headers	headers = Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0		1	Fn
Send HTTP Request	headers = WINHTTP_NO_ADDITIONAL_HEADERS, url = supermen22.beget.tech/nss3.dll		1	Fn
Read Response	size = 1000, size_out = 1000		249	Fn Data
Query HTTP Info	flags = HTTP_QUERY_CONTENT_ENCODING		1	Fn
Close Session	-		11	Fn

HTTP Session #6

»

Information	Value
Source	Function Log
Server Name	supermen22.beget.tech
Server Port	80
Data Sent	0.19 KB
Data Received	141.45 KB

Operation	Additional Information	Success	Count	Logfile
Open Session	access_type = INTERNET_OPEN_TYPE_PRECONFIG		1	Fn
Open Connection	protocol = HTTP, server_name = supermen22.beget.tech, server_port = 80		1	Fn
Open HTTP Request	http_verb = GET, http_version = HTTP 1.1, target_resource = /softokn3.dll, accept_types = 0, flags = INTERNET_FLAG_KEEP_CONNECTION		1	Fn
Add HTTP Request Headers	headers = Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, /;q=0.1		1	Fn
Add HTTP Request Headers	headers = Accept-Language: ru-RU,ru;q=0.9,en;q=0.8		1	Fn
Add HTTP Request Headers	headers = Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1		1	Fn
Add HTTP Request Headers	headers = Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0		1	Fn
Send HTTP Request	headers = WINHTTP_NO_ADDITIONAL_HEADERS, url = supermen22.beget.tech/softokn3.dll		1	Fn
Read Response	size = 1000, size_out = 1000		144	Fn Data
Read Response	size = 1000, size_out = 848		1	Fn Data
Read Response	size = 1000, 0		1	Fn
Query HTTP Info	flags = HTTP_QUERY_CONTENT_ENCODING		1	Fn
Close Session	-		11	Fn

HTTP Session #7

»

Information	Value
Source	Function Log
Server Name	supermen22.beget.tech
Server Port	80
Data Sent	0.19 KB
Data Received	81.82 KB

Operation	Additional Information	Success	Count	Logfile
Open Session	access_type = INTERNET_OPEN_TYPE_PRECONFIG		1	Fn
Open Connection	protocol = HTTP, server_name = supermen22.beget.tech, server_port = 80		1	Fn
Open HTTP Request	http_verb = GET, http_version = HTTP 1.1, target_resource = /vcruntime140.dll, accept_types = 0, flags = INTERNET_FLAG_KEEP_CONNECTION		1	Fn
Add HTTP Request Headers	headers = Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, /;q=0.1		1	Fn
Add HTTP Request Headers	headers = Accept-Language: ru-RU,ru;q=0.9,en;q=0.8		1	Fn
Add HTTP Request Headers	headers = Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1		1	Fn
Add HTTP Request Headers	headers = Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0		1	Fn
Send HTTP Request	headers = WINHTTP_NO_ADDITIONAL_HEADERS, url = supermen22.beget.tech/vcruntime140.dll		1	Fn
Read Response	size = 1000, size_out = 1000		83	Fn Data
Read Response	size = 1000, size_out = 784		1	Fn Data
Read Response	size = 1000, 0		1	Fn
Query HTTP Info	flags = HTTP_QUERY_CONTENT_ENCODING		1	Fn
Close Session	-		11	Fn

HTTP Session #8

»

Information	Value
Source	Function Log
Server Name	ip-api.com
Server Port	80
Data Sent	0.16 KB
Data Received	0.16 KB

Operation	Additional Information	Success	Count	Logfile
Open Session	access_type = INTERNET_OPEN_TYPE_PRECONFIG		1	Fn
Open Connection	protocol = HTTP, server_name = ip-api.com, server_port = 80		1	Fn
Open HTTP Request	http_verb = POST, http_version = HTTP 1.1, target_resource = /line/, accept_types = 0, flags = INTERNET_FLAG_KEEP_CONNECTION		1	Fn
Add HTTP Request Headers	headers = Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, /;q=0.1		1	Fn
Add HTTP Request Headers	headers = Accept-Language: ru-RU,ru;q=0.9,en;q=0.8		1	Fn
Add HTTP Request Headers	headers = Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1		1	Fn
Add HTTP Request Headers	headers = Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0		1	Fn
Add HTTP Request Headers	headers = Content-Type: multipart/form-data; boundary=1BEF0A57BE110FD467A		1	Fn
Add HTTP Request Headers	headers = Content-Length: 25		1	Fn
Send HTTP Request	headers = WINHTTP_NO_ADDITIONAL_HEADERS, url = ip-api.com/line/		1	Fn Data
Query HTTP Info	flags = HTTP_QUERY_REFRESH		1	Fn
Read Response	size = 1000, size_out = 168		1	Fn Data
Read Response	size = 1000, 0		1	Fn
Query HTTP Info	flags = HTTP_QUERY_CONTENT_ENCODING		1	Fn
Close Session	-		11	Fn

HTTP Session #9

»

Information	Value
Source	Function Log
Server Name	supermen22.beget.tech
Server Port	80
Data Sent	0.18 KB
Data Received	0.00 KB

Operation	Additional Information	Success	Count	Logfile
Open Session	access_type = INTERNET_OPEN_TYPE_PRECONFIG		1	Fn
Open Connection	protocol = HTTP, server_name = supermen22.beget.tech, server_port = 80		1	Fn
Open HTTP Request	http_verb = POST, http_version = HTTP 1.1, accept_types = 0, flags = INTERNET_FLAG_KEEP_CONNECTION		1	Fn
Add HTTP Request Headers	headers = Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, /;q=0.1		1	Fn
Add HTTP Request Headers	headers = Accept-Language: ru-RU,ru;q=0.9,en;q=0.8		1	Fn
Add HTTP Request Headers	headers = Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1		1	Fn
Add HTTP Request Headers	headers = Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0		1	Fn
Add HTTP Request Headers	headers = Content-Type: multipart/form-data; boundary=1BEF0A57BE110FD467A		1	Fn
Add HTTP Request Headers	headers = Content-Length: 98304		1	Fn
Send HTTP Request	headers = WINHTTP_NO_ADDITIONAL_HEADERS, url = supermen22.beget.tech/		1	Fn Data
Query HTTP Info	flags = HTTP_QUERY_REFRESH		1	Fn
Read Response	size = 1000, 0		1	Fn
Query HTTP Info	flags = HTTP_QUERY_CONTENT_ENCODING		1	Fn
Close Session	-		11	Fn

HTTP Session #10

»

Information	Value
Source	Function Log
Server Name	supermen22.beget.tech
Server Port	80
Data Sent	0.18 KB
Data Received	0.00 KB

Operation	Additional Information	Success	Count	Logfile
Open Session	access_type = INTERNET_OPEN_TYPE_PRECONFIG		1	Fn
Open Connection	protocol = HTTP, server_name = supermen22.beget.tech, server_port = 80		1	Fn
Open HTTP Request	http_verb = POST, http_version = HTTP 1.1, accept_types = 0, flags = INTERNET_FLAG_KEEP_CONNECTION		1	Fn
Add HTTP Request Headers	headers = Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, /;q=0.1		1	Fn
Add HTTP Request Headers	headers = Accept-Language: ru-RU,ru;q=0.9,en;q=0.8		1	Fn
Add HTTP Request Headers	headers = Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1		1	Fn
Add HTTP Request Headers	headers = Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0		1	Fn
Add HTTP Request Headers	headers = Content-Type: multipart/form-data; boundary=1BEF0A57BE110FD467A		1	Fn
Add HTTP Request Headers	headers = Content-Length: 98304		1	Fn
Send HTTP Request	headers = WINHTTP_NO_ADDITIONAL_HEADERS, url = supermen22.beget.tech/		1	Fn Data
Query HTTP Info	flags = HTTP_QUERY_REFRESH		1	Fn
Read Response	size = 1000, 0		1	Fn
Query HTTP Info	flags = HTTP_QUERY_CONTENT_ENCODING		1	Fn
Close Session	-		11	Fn

HTTP Session #11

»

Information	Value
Source	Function Log
Server Name	supermen22.beget.tech
Server Port	80
Data Sent	0.18 KB
Data Received	0.00 KB

Operation	Additional Information	Success	Count	Logfile
Open Session	access_type = INTERNET_OPEN_TYPE_PRECONFIG		1	Fn
Open Connection	protocol = HTTP, server_name = supermen22.beget.tech, server_port = 80		1	Fn
Open HTTP Request	http_verb = POST, http_version = HTTP 1.1, accept_types = 0, flags = INTERNET_FLAG_KEEP_CONNECTION		1	Fn
Add HTTP Request Headers	headers = Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, /;q=0.1		1	Fn
Add HTTP Request Headers	headers = Accept-Language: ru-RU,ru;q=0.9,en;q=0.8		1	Fn
Add HTTP Request Headers	headers = Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1		1	Fn
Add HTTP Request Headers	headers = Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0		1	Fn
Add HTTP Request Headers	headers = Content-Type: multipart/form-data; boundary=1BEF0A57BE110FD467A		1	Fn
Add HTTP Request Headers	headers = Content-Length: 98304		1	Fn
Send HTTP Request	headers = WINHTTP_NO_ADDITIONAL_HEADERS, url = supermen22.beget.tech/		1	Fn Data
Query HTTP Info	flags = HTTP_QUERY_REFRESH		1	Fn
Read Response	size = 1000, 0		1	Fn
Query HTTP Info	flags = HTTP_QUERY_CONTENT_ENCODING		1	Fn
Close Session	-		11	Fn

WHOIS Domain Information

Function Logfile

This feature requires an online-connection to the VMRay backend.

An offline version with limited functionality is also provided.
The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".

Before

This feature requires an online-connection to the VMRay backend.

An offline version with limited functionality is also provided.
The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".

After

This feature requires an online-connection to the VMRay backend.

An offline version with limited functionality is also provided.
The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".

Screenshot