9da7d298...4ef5 | Network
Try VMRay Analyzer
VTI SCORE: 98/100
Dynamic Analysis Report
Classification: Riskware, Trojan, Ransomware

9da7d298691613a398e26ac3c4c4e4e9c93069d2162fa6639901dd7c62774ef5 (SHA256)

T1.exe

Windows Exe (x86-32)

Created at 2019-01-24 16:56:00

Notifications (2/5)

Some extracted files may be missing in the report since the total file extraction size limit was reached during the analysis. You can increase the limit in the configuration settings.

Some extracted files may be missing in the report since the maximum number of extracted files was reached during the analysis. You can increase the limit in the configuration settings.

The maximum number of reputation file hash requests (20 per analysis) was exceeded. As a result, the reputation status could not be queried for all file hashes. In order to get the reputation status for all file hashes, please increase the 'Max File Hash Requests' setting in the system configurations.

The overall sleep time of all monitored processes was truncated from "17 minutes, 5 seconds" to "2 minutes, 40 seconds" to reveal dormant functionality.

The operating system was rebooted during the analysis.

Network Overview

Hosts (2)
»
Hostname IP Address Location Protocols Reputation Status WHOIS Data
finndev.net 91.134.128.42 France TCP
Has Blacklisted URL
Not Queried
mail.gmx.net 212.227.17.168, 212.227.17.190 Ronneburg (Germany) TCP
Unknown
Not Queried
DNS Queries (2)
»
Hostname Categories Names Source Reputation Status
finndev.net Malware Mal/HTMLGen-A Function Log
Blacklisted
mail.gmx.net - - Function Log
Unknown

Connections

DNS (4)
»
Operation Additional Information Success Count Logfile
Resolve Name host = mail.gmx.net, address_out = 212.227.17.168, 212.227.17.190 True 1
Fn
Resolve Name host = finndev.net, address_out = 91.134.128.42 True 1
Fn
Resolve Name host = mail.gmx.net, address_out = 212.227.17.190, 212.227.17.168 True 1
Fn
Resolve Name host = finndev.net, address_out = 91.134.128.42 True 1
Fn
TCP Sessions (4)
»
Information Value
Total Data Sent 1.20 MB
Total Data Received 446.62 KB
Contacted Host Count 3
Contacted Hosts 212.227.17.168:587, 91.134.128.42:443, 212.227.17.190:587
TCP Session #1
»
Information Value
Handle 0x590
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_TCP
Remote Address 212.227.17.168
Remote Port 587
Local Address 0.0.0.0
Local Port 49426
Data Sent 1.10 MB
Data Received 5.84 KB
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_TCP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 212.227.17.168, remote_port = 587 True 1
Fn
Receive flags = NO_FLAG_SET, size = 256, size_out = 52 True 1
Fn
Data
Send flags = NO_FLAG_SET, size = 14, size_out = 14 True 1
Fn
Data
Receive flags = NO_FLAG_SET, size = 256, size_out = 113 True 1
Fn
Data
Send flags = NO_FLAG_SET, size = 10, size_out = 10 True 1
Fn
Data
Receive flags = NO_FLAG_SET, size = 256, size_out = 8 True 1
Fn
Data
Send flags = NO_FLAG_SET, size = 176, size_out = 176 True 1
Fn
Data
Receive flags = NO_FLAG_SET, size = 5, size_out = 5 True 1
Fn
Data
Receive flags = NO_FLAG_SET, size = 87, size_out = 87 True 1
Fn
Data
Receive flags = NO_FLAG_SET, size = 5, size_out = 5 True 1
Fn
Data
Receive flags = NO_FLAG_SET, size = 4796, size_out = 4796 True 1
Fn
Data
Receive flags = NO_FLAG_SET, size = 5, size_out = 5 True 1
Fn
Data
Receive flags = NO_FLAG_SET, size = 333, size_out = 333 True 1
Fn
Data
Receive flags = NO_FLAG_SET, size = 5, size_out = 5 True 1
Fn
Data
Receive flags = NO_FLAG_SET, size = 4, size_out = 4 True 1
Fn
Data
Send flags = NO_FLAG_SET, size = 126, size_out = 126 True 1
Fn
Data
Receive flags = NO_FLAG_SET, size = 5, size_out = 5 True 1
Fn
Data
Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Receive flags = NO_FLAG_SET, size = 5, size_out = 5 True 1
Fn
Data
Receive flags = NO_FLAG_SET, size = 40, size_out = 40 True 1
Fn
Data
Send flags = NO_FLAG_SET, size = 43, size_out = 43 True 1
Fn
Data
Receive flags = NO_FLAG_SET, size = 5, size_out = 5 True 1
Fn
Data
Receive flags = NO_FLAG_SET, size = 123, size_out = 123 True 1
Fn
Data
Send flags = NO_FLAG_SET, size = 62, size_out = 62 True 1
Fn
Data
Receive flags = NO_FLAG_SET, size = 5, size_out = 5 True 1
Fn
Data
Receive flags = NO_FLAG_SET, size = 42, size_out = 42 True 1
Fn
Data
Send flags = NO_FLAG_SET, size = 55, size_out = 55 True 1
Fn
Data
Receive flags = NO_FLAG_SET, size = 5, size_out = 5 True 1
Fn
Data
Receive flags = NO_FLAG_SET, size = 54, size_out = 54 True 1
Fn
Data
Send flags = NO_FLAG_SET, size = 56, size_out = 56 True 1
Fn
Data
Receive flags = NO_FLAG_SET, size = 5, size_out = 5 True 1
Fn
Data
Receive flags = NO_FLAG_SET, size = 67, size_out = 67 True 1
Fn
Data
Send flags = NO_FLAG_SET, size = 54, size_out = 54 True 1
Fn
Data
Receive flags = NO_FLAG_SET, size = 5, size_out = 5 True 1
Fn
Data
Receive flags = NO_FLAG_SET, size = 32, size_out = 32 True 1
Fn
Data
Send flags = NO_FLAG_SET, size = 35, size_out = 35 True 1
Fn
Data
Receive flags = NO_FLAG_SET, size = 5, size_out = 5 True 1
Fn
Data
Receive flags = NO_FLAG_SET, size = 70, size_out = 70 True 1
Fn
Data
Send flags = NO_FLAG_SET, size = 258, size_out = 258 True 1
Fn
Data
Send flags = NO_FLAG_SET, size = 175, size_out = 175 True 1
Fn
Data
Send flags = NO_FLAG_SET, size = 149, size_out = 149 True 1
Fn
Data
Send flags = NO_FLAG_SET, size = 211, size_out = 211 True 1
Fn
Data
Send flags = NO_FLAG_SET, size = 16384, size_out = 16384 True 70
Fn
Data
Send flags = NO_FLAG_SET, size = 9597, size_out = 9597 True 1
Fn
Data
Send flags = NO_FLAG_SET, size = 86, size_out = 86 True 1
Fn
Data
Send flags = NO_FLAG_SET, size = 31, size_out = 31 True 1
Fn
Data
Send flags = NO_FLAG_SET, size = 34, size_out = 34 True 1
Fn
Data
Receive flags = NO_FLAG_SET, size = 5, size_out = 5 True 1
Fn
Data
Receive flags = NO_FLAG_SET, size = 96, size_out = 96 True 1
Fn
Data
TCP Session #2
»
Information Value
Handle 0x440
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_TCP
Remote Address 91.134.128.42
Remote Port 443
Local Address 0.0.0.0
Local Port 49429
Data Sent 0.40 KB
Data Received 224.59 KB
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_TCP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 91.134.128.42, remote_port = 443 True 1
Fn
Send flags = NO_FLAG_SET, size = 175, size_out = 175 True 1
Fn
Data
Receive flags = NO_FLAG_SET, size = 5, size_out = 5 True 1
Fn
Data
Receive flags = NO_FLAG_SET, size = 93, size_out = 93 True 1
Fn
Data
Receive flags = NO_FLAG_SET, size = 5, size_out = 5 True 1
Fn
Data
Receive flags = NO_FLAG_SET, size = 2806, size_out = 2806 True 1
Fn
Data
Receive flags = NO_FLAG_SET, size = 5, size_out = 5 True 1
Fn
Data
Receive flags = NO_FLAG_SET, size = 589, size_out = 589 True 1
Fn
Data
Receive flags = NO_FLAG_SET, size = 5, size_out = 5 True 1
Fn
Data
Receive flags = NO_FLAG_SET, size = 4, size_out = 4 True 1
Fn
Data
Send flags = NO_FLAG_SET, size = 126, size_out = 126 True 1
Fn
Data
Receive flags = NO_FLAG_SET, size = 5, size_out = 5 True 1
Fn
Data
Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Receive flags = NO_FLAG_SET, size = 5, size_out = 5 True 1
Fn
Data
Receive flags = NO_FLAG_SET, size = 40, size_out = 40 True 1
Fn
Data
Send flags = NO_FLAG_SET, size = 108, size_out = 108 True 1
Fn
Data
Receive flags = NO_FLAG_SET, size = 5, size_out = 5 True 1
Fn
Data
Receive flags = NO_FLAG_SET, size = 407, size_out = 407 True 1
Fn
Data
Receive flags = NO_FLAG_SET, size = 5, size_out = 5 True 1
Fn
Data
Receive flags = NO_FLAG_SET, size = 1472, size_out = 1472 True 1
Fn
Data
Receive flags = NO_FLAG_SET, size = 5, size_out = 5 True 1
Fn
Data
Receive flags = NO_FLAG_SET, size = 2920, size_out = 2920 True 1
Fn
Data
Receive flags = NO_FLAG_SET, size = 5, size_out = 5 True 1
Fn
Data
Receive flags = NO_FLAG_SET, size = 10160, size_out = 5835 True 1
Fn
Data
Receive flags = NO_FLAG_SET, size = 4325, size_out = 4325 True 1
Fn
Data
Receive flags = NO_FLAG_SET, size = 5, size_out = 5 True 1
Fn
Data
Receive flags = NO_FLAG_SET, size = 7264, size_out = 7264 True 1
Fn
Data
Receive flags = NO_FLAG_SET, size = 5, size_out = 5 True 1
Fn
Data
Receive flags = NO_FLAG_SET, size = 11608, size_out = 5835 True 1
Fn
Data
Receive flags = NO_FLAG_SET, size = 5773, size_out = 5773 True 1
Fn
Data
Receive flags = NO_FLAG_SET, size = 5, size_out = 5 True 1
Fn
Data
Receive flags = NO_FLAG_SET, size = 1472, size_out = 1472 True 1
Fn
Data
Receive flags = NO_FLAG_SET, size = 5, size_out = 5 True 1
Fn
Data
Receive flags = NO_FLAG_SET, size = 8712, size_out = 7295 True 1
Fn
Data
Receive flags = NO_FLAG_SET, size = 1417, size_out = 1417 True 1
Fn
Data
Receive flags = NO_FLAG_SET, size = 5, size_out = 5 True 1
Fn
Data
Receive flags = NO_FLAG_SET, size = 8712, size_out = 1498 True 1
Fn
Data
Receive flags = NO_FLAG_SET, size = 7214, size_out = 7214 True 1
Fn
Data
Receive flags = NO_FLAG_SET, size = 5, size_out = 5 True 1
Fn
Data
Receive flags = NO_FLAG_SET, size = 4368, size_out = 4368 True 1
Fn
Data
Receive flags = NO_FLAG_SET, size = 5, size_out = 5 True 1
Fn
Data
Receive flags = NO_FLAG_SET, size = 1472, size_out = 1472 True 1
Fn
Data
Receive flags = NO_FLAG_SET, size = 5, size_out = 5 True 1
Fn
Data
Receive flags = NO_FLAG_SET, size = 1472, size_out = 1472 True 1
Fn
Data
Receive flags = NO_FLAG_SET, size = 5, size_out = 5 True 1
Fn
Data
Receive flags = NO_FLAG_SET, size = 2920, size_out = 2920 True 1
Fn
Data
Receive flags = NO_FLAG_SET, size = 5, size_out = 5 True 1
Fn
Data
Receive flags = NO_FLAG_SET, size = 1472, size_out = 1472 True 1
Fn
Data
Receive flags = NO_FLAG_SET, size = 5, size_out = 5 True 1
Fn
Data
Receive flags = NO_FLAG_SET, size = 1472, size_out = 1472 True 1
Fn
Data
Receive flags = NO_FLAG_SET, size = 5, size_out = 5 True 1
Fn
Data
Receive flags = NO_FLAG_SET, size = 4368, size_out = 4368 True 1
Fn
Data
Receive flags = NO_FLAG_SET, size = 5, size_out = 5 True 1
Fn
Data
Receive flags = NO_FLAG_SET, size = 1472, size_out = 1472 True 1
Fn
Data
Receive flags = NO_FLAG_SET, size = 5, size_out = 5 True 1
Fn
Data
Receive flags = NO_FLAG_SET, size = 1472, size_out = 1472 True 1
Fn
Data
Receive flags = NO_FLAG_SET, size = 5, size_out = 5 True 1
Fn
Data
Receive flags = NO_FLAG_SET, size = 2920, size_out = 2920 True 1
Fn
Data
Receive flags = NO_FLAG_SET, size = 5, size_out = 5 True 1
Fn
Data
Receive flags = NO_FLAG_SET, size = 2920, size_out = 2920 True 1
Fn
Data
Receive flags = NO_FLAG_SET, size = 5, size_out = 5 True 1
Fn
Data
Receive flags = NO_FLAG_SET, size = 1472, size_out = 1472 True 1
Fn
Data
Receive flags = NO_FLAG_SET, size = 5, size_out = 5 True 1
Fn
Data
Receive flags = NO_FLAG_SET, size = 1472, size_out = 1472 True 1
Fn
Data
Receive flags = NO_FLAG_SET, size = 5, size_out = 5 True 1
Fn
Data
Receive flags = NO_FLAG_SET, size = 1472, size_out = 1472 True 1
Fn
Data
Receive flags = NO_FLAG_SET, size = 5, size_out = 5 True 1
Fn
Data
Receive flags = NO_FLAG_SET, size = 1472, size_out = 1472 True 1
Fn
Data
Receive flags = NO_FLAG_SET, size = 5, size_out = 5 True 1
Fn
Data
Receive flags = NO_FLAG_SET, size = 1472, size_out = 1472 True 1
Fn
Data
Receive flags = NO_FLAG_SET, size = 5, size_out = 5 True 1
Fn
Data
Receive flags = NO_FLAG_SET, size = 1472, size_out = 1472 True 1
Fn
Data
Receive flags = NO_FLAG_SET, size = 5, size_out = 5 True 1
Fn
Data
Receive flags = NO_FLAG_SET, size = 1472, size_out = 1472 True 1
Fn
Data
Receive flags = NO_FLAG_SET, size = 5, size_out = 5 True 1
Fn
Data
Receive flags = NO_FLAG_SET, size = 1472, size_out = 1472 True 1
Fn
Data
Receive flags = NO_FLAG_SET, size = 5, size_out = 5 True 1
Fn
Data
Receive flags = NO_FLAG_SET, size = 1472, size_out = 1472 True 1
Fn
Data
Receive flags = NO_FLAG_SET, size = 5, size_out = 5 True 1
Fn
Data
Receive flags = NO_FLAG_SET, size = 1472, size_out = 1472 True 1
Fn
Data
Receive flags = NO_FLAG_SET, size = 5, size_out = 5 True 1
Fn
Data
Receive flags = NO_FLAG_SET, size = 1472, size_out = 1472 True 1
Fn
Data
Receive flags = NO_FLAG_SET, size = 5, size_out = 5 True 1
Fn
Data
Receive flags = NO_FLAG_SET, size = 1472, size_out = 1472 True 1
Fn
Data
Receive flags = NO_FLAG_SET, size = 5, size_out = 5 True 1
Fn
Data
Receive flags = NO_FLAG_SET, size = 1472, size_out = 1472 True 1
Fn
Data
Receive flags = NO_FLAG_SET, size = 5, size_out = 5 True 1
Fn
Data
Receive flags = NO_FLAG_SET, size = 1472, size_out = 1472 True 1
Fn
Data
Receive flags = NO_FLAG_SET, size = 5, size_out = 5 True 1
Fn
Data
Receive flags = NO_FLAG_SET, size = 1472, size_out = 1472 True 1
Fn
Data
Receive flags = NO_FLAG_SET, size = 5, size_out = 5 True 1
Fn
Data
Receive flags = NO_FLAG_SET, size = 1472, size_out = 1472 True 1
Fn
Data
Receive flags = NO_FLAG_SET, size = 5, size_out = 5 True 1
Fn
Data
Receive flags = NO_FLAG_SET, size = 1472, size_out = 1472 True 1
Fn
Data
Receive flags = NO_FLAG_SET, size = 5, size_out = 5 True 1
Fn
Data
Receive flags = NO_FLAG_SET, size = 1472, size_out = 1472 True 1
Fn
Data
Receive flags = NO_FLAG_SET, size = 5, size_out = 5 True 1
Fn
Data
Receive flags = NO_FLAG_SET, size = 1472, size_out = 1472 True 1
Fn
Data
Receive flags = NO_FLAG_SET, size = 5, size_out = 5 True 1
Fn
Data
The remaining entries of this session are omitted for performance reasons and can be found in glog.xml .
The remaining 1 entries are omitted for performance reasons and can be found in glog.xml or analysis.pcap .
Function Logfile
Exit-Icon

This feature requires an online-connection to the VMRay backend.

An offline version with limited functionality is also provided.
The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".


    
Before

This feature requires an online-connection to the VMRay backend.

An offline version with limited functionality is also provided.
The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".


    
After

This feature requires an online-connection to the VMRay backend.

An offline version with limited functionality is also provided.
The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".


    
Screenshot
Expand-Icon
Exit-Icon
icon_left
icon_left
image