VTI SCORE: 90/100
Dynamic Analysis Report |
Classification: Backdoor, Dropper, Downloader |
d45dfa19146949ef791c96b183f04f1b2ba480d32308b39a32976a2f30ecb6e5 (SHA256)
sample.exe
Windows Exe (x86-32)
Created at 2019-03-08 08:37:00
Notifications (1/1)
The operating system was rebooted during the analysis.
Indicators
File (28)
»
Registry (25)
»
Mutex (9)
»
Mutex Name | Operations |
---|---|
Global\ID2CA4DEF | Access, Delete |
Global\MD2CA4DEF | Access |
Global\Nx133C00C5 | Access, Delete |
PEM1E0 | Access |
PEM1E4 | Access |
PEM500 | Access |
PEM57C | Access |
PEMAD0 | Access |
PEME78 | Access |
Domain (1)
»
Domain | Sources |
---|---|
239.255.255.250 | Function Log |
URL (3)
»
URL | Operations | Sources |
---|---|---|
HTTP://41.57.104.182 | GET | Function Log |
http://208.86.13.216:443/whoami.php | GET | Function Log |
HTTP://208.86.13.216 | GET | Function Log |
IP (3)
»
IP | Protocols | Sources |
---|---|---|
41.57.104.182 | HTTPS, TCP | Function Log |
208.86.13.216 | HTTP, HTTPS, TCP | Function Log |
239.255.255.250 | UDP | Function Log |