d45dfa19...b6e5 | Network
Logo
Try VMRay Analyzer
VTI SCORE: 90/100
Dynamic Analysis Report
Classification: Backdoor, Dropper, Downloader

d45dfa19146949ef791c96b183f04f1b2ba480d32308b39a32976a2f30ecb6e5 (SHA256)

sample.exe

Windows Exe (x86-32)

Created at 2019-03-08 08:37:00

...

Notifications (1/1)

The operating system was rebooted during the analysis.

Network Overview

Hosts (3)
»
Hostname IP Address Location Protocols Reputation Status WHOIS Data
- 41.57.104.182 Nairobi (Kenya) HTTPS, TCP
Unknown
Not Queried
- 208.86.13.216 Bay Springs (United States) HTTP, HTTPS, TCP
Unknown
Not Queried
239.255.255.250 239.255.255.250 - UDP
Unknown
Not Queried
DNS Queries (1)
»
Hostname Categories Names Source Reputation Status
239.255.255.250 - - Function Log
Unknown
URLs (3)
»
URL Categories Names Source HTTP Status Code Reputation Status
HTTP://41.57.104.182 - - Function Log -
Unknown
http://208.86.13.216:443/whoami.php - - Function Log OK (200)
Unknown
HTTP://208.86.13.216 - - Function Log -
Unknown

Connections

DNS (4)
»
Operation Additional Information Success Count Logfile
Resolve Name host = 239.255.255.250, address_out = 239.255.255.250, service = 1900 True 4
Fn
UDP Sessions (1)
»
Total Data Sent 0.49 KB
Total Data Received 0.00 KB
Contacted Host Count 2
Contacted Hosts 239.255.255.250:1900, 239.255.255.250:None
UDP Session #1
»
Information Value
Source Function Log
Handle 0x464
Address Family AF_INET
Type SOCK_DGRAM
Protocol IPPROTO_UDP
Local Address 192.168.0.107
Local Port 54920
Data Sent 0.49 KB
Data Received 0.00 KB
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_UDP, address_family = AF_INET, type = SOCK_DGRAM True 1
Fn
Bind local_address = 192.168.0.107, local_port = 54920, hint = OS assigned a local port from the dynamic client port range True 1
Fn
Send remote_address = 239.255.255.250, remote_port = 1900, flags = NO_FLAG_SET, size = 137, size_out = 137 True 1
Fn
Data
Send remote_address = 239.255.255.250, remote_port = 1900, flags = NO_FLAG_SET, size = 132, size_out = 132 True 1
Fn
Data
Send remote_address = 239.255.255.250, remote_port = 1900, flags = NO_FLAG_SET, size = 133, size_out = 133 True 1
Fn
Data
Send remote_address = 239.255.255.250, remote_port = 1900, flags = NO_FLAG_SET, size = 101, size_out = 101 True 1
Fn
Data
Close type = SOCK_DGRAM True 1
Fn
UDP Server (1)
»
Operation Additional Information Success Count Logfile
Bind local_address = 192.168.0.107, local_port = 54920, hint = OS assigned a local port from the dynamic client port range True 1
Fn
HTTP Sessions (5)
»
Information Value
Total Data Sent 1.53 KB
Total Data Received 909.80 KB
Contacted Host Count 2
Contacted Hosts 41.57.104.182, 208.86.13.216
HTTP Session #1
»
Information Value
Source Function Log
User Agent Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/8.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
Server Name 41.57.104.182
Server Port 443
Data Sent 0.30 KB
Data Received 909.48 KB
Operation Additional Information Success Count Logfile
Open Session user_agent = Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/8.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729), access_type = INTERNET_OPEN_TYPE_PRECONFIG True 1
Fn
Open Connection protocol = HTTP, server_name = 41.57.104.182, server_port = 443 True 1
Fn
Open HTTP Request http_verb = GET, http_version = HTTP 1.1, accept_types = 0, flags = INTERNET_FLAG_PRAGMA_NOCACHE, INTERNET_FLAG_NO_UI, INTERNET_FLAG_IGNORE_REDIRECT_TO_HTTPS, INTERNET_FLAG_IGNORE_REDIRECT_TO_HTTP, INTERNET_FLAG_NO_AUTH, INTERNET_FLAG_NO_COOKIES, INTERNET_FLAG_KEEP_CONNECTION, INTERNET_FLAG_NO_CACHE_WRITE, INTERNET_FLAG_RELOAD True 1
Fn
Send HTTP Request headers = Cookie: 36140=YKawoR62LO8t/kKZ+aENeBBnqAKc01IGxzhmtpkzmkktTaToHMs7o4ZzuSeGdCDClDYRUlxRY2JmyUV9VjS3l31M58pgjcXrtuZvxQ0MQTtPdIoZn8RXVDQnUiTYgW6ZK20xT4QXaWXvgKm9drIyNHutQgz3I0r/aIvF4grFKpvEpoy4/1mp5QYtPLyFV/GWzv5gfE+e49yVXoZwudbrtGWOGIW2H5iF/H3fMaZo2t9yoAgv48sbDkTilAkkof6GyDJQ6QEojXai4GnFp9hBbCbNM5yrMc/6p5zVU4K3PSZPG8aZOTxo4jBeI9d64wIDnrss4ajo1mr/SjgzYjST6ntDfxAexFfJ1V6PYFnb5NMxZPKtTsx8kQOo2e3a7rOwTicnMw==, url = 41.57.104.182 True 1
Fn
Query HTTP Info flags = HTTP_QUERY_FLAG_NUMBER, HTTP_QUERY_STATUS_CODE, size_out = 4 True 1
Fn
Data
Query HTTP Info flags = HTTP_QUERY_FLAG_NUMBER, HTTP_QUERY_CONTENT_LENGTH, size_out = 4 True 1
Fn
Data
Read Response size = 931300, size_out = 931300 True 1
Fn
Data
Close Session - True 4
Fn
HTTP Session #2
»
Information Value
Source Function Log
User Agent Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/8.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
Server Name 41.57.104.182
Server Port 443
Data Sent 0.30 KB
Data Received 0.15 KB
Operation Additional Information Success Count Logfile
Open Session user_agent = Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/8.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729), access_type = INTERNET_OPEN_TYPE_PRECONFIG True 1
Fn
Open Connection protocol = HTTP, server_name = 41.57.104.182, server_port = 443 True 1
Fn
Open HTTP Request http_verb = GET, http_version = HTTP 1.1, accept_types = 0, flags = INTERNET_FLAG_PRAGMA_NOCACHE, INTERNET_FLAG_NO_UI, INTERNET_FLAG_IGNORE_REDIRECT_TO_HTTPS, INTERNET_FLAG_IGNORE_REDIRECT_TO_HTTP, INTERNET_FLAG_NO_AUTH, INTERNET_FLAG_NO_COOKIES, INTERNET_FLAG_KEEP_CONNECTION, INTERNET_FLAG_NO_CACHE_WRITE, INTERNET_FLAG_RELOAD True 1
Fn
Send HTTP Request headers = Cookie: 55437=PutKZ7TbhnTUZtm3340Zgk6yneDl2gAVfTFJuPwx2f10sZlrMNgPbqY2Bx4JRSVWSTws5KZuhfwSnlo6lC187cDupGtLZo0xDSNEM6CSsWk2QhgqDMHkdNp/HKeUp8nCNtpHSXlx1DhczS7BuUeHIfSDaUHNP4YZaq7kNflKOm80WxgWHj0VLZ7Zc9lJp6oUH9cn1VsSv20SZTtHOc4ecv18y3W36bpd9FXGnF4AZOsOPsgbKxrZObYW1KsGR0ur5xz6XShZO/qFxoeh2uEkYCW5s7/tlfuOBBqVT5CDG5pGA7/I11AQoCwr77k0S4WAKyUcISQ1pHdj3scJdh8cWANWR8xcs+E4DY4Zq+2eSZrK16WsKuP7gS/2RluQx2uVxKTf/A==, url = 41.57.104.182 True 1
Fn
Query HTTP Info flags = HTTP_QUERY_FLAG_NUMBER, HTTP_QUERY_STATUS_CODE, size_out = 4 True 1
Fn
Data
Query HTTP Info flags = HTTP_QUERY_FLAG_NUMBER, HTTP_QUERY_CONTENT_LENGTH, size_out = 4 True 1
Fn
Data
Read Response size = 148, size_out = 148 True 1
Fn
Data
Close Session - True 4
Fn
HTTP Session #3
»
Information Value
Source Function Log
User Agent Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/8.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
Server Name 208.86.13.216
Server Port 80
Data Sent 0.32 KB
Data Received 0.01 KB
Operation Additional Information Success Count Logfile
Open Session user_agent = Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/8.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729), access_type = INTERNET_OPEN_TYPE_PRECONFIG True 1
Fn
Open Connection protocol = http, server_name = 208.86.13.216, server_port = 80 True 1
Fn
Open HTTP Request http_verb = GET, http_version = HTTP 1.1, target_resource = /whoami.php, flags = INTERNET_FLAG_PRAGMA_NOCACHE, INTERNET_FLAG_NO_UI, INTERNET_FLAG_NO_COOKIES, INTERNET_FLAG_NO_CACHE_WRITE, INTERNET_FLAG_RELOAD True 1
Fn
Send HTTP Request headers = WINHTTP_NO_ADDITIONAL_HEADERS, url = http://208.86.13.216:443/whoami.php True 1
Fn
Read Response size = 64, size_out = 14 True 1
Fn
Data
Close Session - True 4
Fn
HTTP Session #4
»
Information Value
Source Function Log
User Agent Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/8.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
Server Name 208.86.13.216
Server Port 443
Data Sent 0.30 KB
Data Received 0.15 KB
Operation Additional Information Success Count Logfile
Open Session user_agent = Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/8.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729), access_type = INTERNET_OPEN_TYPE_PRECONFIG True 1
Fn
Open Connection protocol = HTTP, server_name = 208.86.13.216, server_port = 443 True 1
Fn
Open HTTP Request http_verb = GET, http_version = HTTP 1.1, accept_types = 0, flags = INTERNET_FLAG_PRAGMA_NOCACHE, INTERNET_FLAG_NO_UI, INTERNET_FLAG_IGNORE_REDIRECT_TO_HTTPS, INTERNET_FLAG_IGNORE_REDIRECT_TO_HTTP, INTERNET_FLAG_NO_AUTH, INTERNET_FLAG_NO_COOKIES, INTERNET_FLAG_KEEP_CONNECTION, INTERNET_FLAG_NO_CACHE_WRITE, INTERNET_FLAG_RELOAD True 1
Fn
Send HTTP Request headers = Cookie: 63812=CDFkZu/IKoY7DVKrOZxyGgDOUCLo7eSTTM6MP7BmJB+5vvRvMwn1X+/GsAbWTwGFkYOImxtNMhv79Nx0O9b5eJrzbUYb6qn00OFwlaV0jsFopEOUd2l15No/3h9qbDSVjM9RiJVW4KGOiOPDrZeq9ZdpyZvMKpqKnd7FCq/H5euUIiUrYqm1s3FK9oxkRIQULDZd5pbVTPAhZ50n/+WEZpLSpjM=, url = 208.86.13.216 True 1
Fn
Query HTTP Info flags = HTTP_QUERY_FLAG_NUMBER, HTTP_QUERY_STATUS_CODE, size_out = 4 True 1
Fn
Data
Query HTTP Info flags = HTTP_QUERY_FLAG_NUMBER, HTTP_QUERY_CONTENT_LENGTH, size_out = 4 True 1
Fn
Data
Read Response size = 148, size_out = 148 True 1
Fn
Data
Close Session - True 4
Fn
HTTP Session #5
»
Information Value
Source Function Log
User Agent Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/8.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
Server Name 41.57.104.182
Server Port 443
Data Sent 0.30 KB
Data Received 0.00 KB
Operation Additional Information Success Count Logfile
Open Session user_agent = Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/8.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729), access_type = INTERNET_OPEN_TYPE_PRECONFIG True 1
Fn
Open Connection protocol = HTTP, server_name = 41.57.104.182, server_port = 443 True 1
Fn
Open HTTP Request http_verb = GET, http_version = HTTP 1.1, accept_types = 0, flags = INTERNET_FLAG_PRAGMA_NOCACHE, INTERNET_FLAG_NO_UI, INTERNET_FLAG_IGNORE_REDIRECT_TO_HTTPS, INTERNET_FLAG_IGNORE_REDIRECT_TO_HTTP, INTERNET_FLAG_NO_AUTH, INTERNET_FLAG_NO_COOKIES, INTERNET_FLAG_KEEP_CONNECTION, INTERNET_FLAG_NO_CACHE_WRITE, INTERNET_FLAG_RELOAD True 1
Fn
Send HTTP Request headers = Cookie: 31289=S5OWr445xHF3DNguH4sL9G2FbFifvNR7QzxcAcg94GE9jkGyxbjhBZTocWeNpR5o0w0mrMwt0O61+5EpdWNVaC9OKugSiCbGQOT1/uj5Jucf4/TJE6Glz79uMj4/ZwIexBb48g7e7Ubx5Hc0teUaZhiA2Y9V1hKEriQ6jKbFPue3pWWryaCaaOq6RruiEf11wemjyd5bXl54cAolLwtOLjYJzl6DETTMKnT/1ggGZsbiMmg+VboNFtK+szjBGZS8YVBegE90vYcrcxQ/28NfkTVZ9hOAIBSBgaON4CEq0QlLMKfddPaz5msAovmy5WpESJCRMc3AaktO5DTjMVgSxQombjAqzXXGm0IlucnGYVkqlL2AsEms5aFNsaC4cwYBE1SOpg==, url = 41.57.104.182 False 1
Fn
Exit-Icon
WHOIS Domain Information
Domain Name
WHOIS Response 

       		
      

     

    

   

  

  

  

  

   

    
    

     Function Logfile
    

    

     

      Download-Icon
     

    

    

     Exit-Icon
    

   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    Before
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    After
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    

     
      

       
       
       
       
      

     
     
     
    

   

  

  

   

    
    

     Screenshot
    

    

     Expand-Icon
    

    

     Exit-Icon
    

   

   

    

     icon_left
    

    

     icon_left
    

   

   

   

   

    image