Advanced File Analysis System

File Name: None

File Type: PE32 executable (GUI) Intel 80386, for MS Windows

SHA1: 11b7e6fe10e891a7ce79fb97c5b2fb791b05d79e

MD5: b6234d7441ac12355aedf64c746e8f5f

Contacted IPs

Network Port Distribution

Name	IP	Country	ASN	ASN Name	Trigger Process Type
	8.8.4.4	United States	15169	Level 3 Parent, LLC	Malware Process
	104.20.209.21	United States	13335	Cloudflare, Inc.	Malware Process
	184.24.97.184	United States	20940	Akamai Technologies, Inc.	OS Process
	23.67.251.10	United States	20940	Akamai Technologies, Inc.	Malware Process
ocsp.comodoca4.com	184.84.243.43	Canada	20940	Akamai Technologies, Inc.	Malware Process
crl.globalsign.net	104.31.74.124	United States	13335	Cloudflare, Inc.	Malware Process
ctldl.windowsupdate.com	184.26.44.105	United States	20940	Akamai Technologies, Inc.	OS Process
s.dropcanvas.com	69.55.50.17	United States	14061	ServerStack, Inc.	Malware Process
crl.microsoft.com	23.72.137.121	United States	20940	Akamai Technologies, Inc.	OS Process
crl.comodoca.com	104.16.91.188	United States	13335	Cloudflare, Inc.	Malware Process
raw.githubusercontent.com	151.101.0.133	United States	54113	Fastly	Malware Process
ocsp.usertrust.com	178.255.83.1	United States	35838		OS Process
ocsp.digicert.com	72.21.91.29	United States	15133	MCI Communications Services, Inc. d/b/a Verizon Business	Malware Process
pastebin.com	104.20.208.21	United States	13335	Cloudflare, Inc.	Malware Process
musigiallifuck.ddns.net	95.248.69.185	Italy	3269		Malware Process

HTTP Packets

Host	Port	Method	Version	User Agent	Count	Call Time During Execution(Sec)
ctldl.windowsupdate.com	80	GET	1.1	Microsoft-CryptoAPI/6.1	1	46.5231328011
Path: /msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?e1c0d2221d06bcfd URI: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?e1c0d2221d06bcfd
ocsp.usertrust.com	80	GET	1.1	Microsoft-CryptoAPI/6.1	1	53.6929779053
Path: /MFEwTzBNMEswSTAJBgUrDgMCGgUABBR8sWZUnKvbRO5iJhat9GV793rVlAQUrb2YejS0Jvf6xCZU7wO94CTLVBoCECdm7lbrSfOOq9dwovyE3iI%3D URI: http://ocsp.usertrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBR8sWZUnKvbRO5iJhat9GV793rVlAQUrb2YejS0Jvf6xCZU7wO94CTLVBoCECdm7lbrSfOOq9dwovyE3iI%3D
ocsp.comodoca4.com	80	GET	1.1	Microsoft-CryptoAPI/6.1	1	61.640996933
Path: /MFEwTzBNMEswSTAJBgUrDgMCGgUABBReAhtobFzTvhaRmVeJ38QUchY9AwQUu69%2BAj36pvE8hI6t7jiY7NkyMtQCEAui0B3Ly3d26KxlCXrBJUE%3D URI: http://ocsp.comodoca4.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBReAhtobFzTvhaRmVeJ38QUchY9AwQUu69%2BAj36pvE8hI6t7jiY7NkyMtQCEAui0B3Ly3d26KxlCXrBJUE%3D
crl.comodoca.com	80	GET	1.1	Microsoft-CryptoAPI/6.1	1	65.7525908947
Path: /COMODORSACertificationAuthority.crl URI: http://crl.comodoca.com/COMODORSACertificationAuthority.crl
ocsp.digicert.com	80	GET	1.1	Microsoft-CryptoAPI/6.1	1	66.331900835
Path: /MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEATh56TcXPLzbcArQrhdFZ8%3D URI: http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEATh56TcXPLzbcArQrhdFZ8%3D
s.dropcanvas.com	80	GET	1.1	Cheat Engine 6.6 : luascript	1	67.093364954
Path: /1000000/965000/964641/FV2-XSONICX.XSONICX URI: http://s.dropcanvas.com/1000000/965000/964641/FV2-XSONICX.XSONICX
s.dropcanvas.com	80	GET	1.1	Cheat Engine 6.6 : luascript	1	67.286482811
Path: /1000000/930000/929710/updates.txt URI: http://s.dropcanvas.com/1000000/930000/929710/updates.txt
musigiallifuck.ddns.net:1188	1188	POST	1.1	20503A4E<\|>V-PC<\|>user<\|>Microsoft Windows 7 Professional <\|>plus<\|>nan-av<\|>false - 5/15/2018	3	91.0382080078
Path: /is-ready URI: http://musigiallifuck.ddns.net:1188/is-ready
crl.microsoft.com	80	GET	1.1	Microsoft-CryptoAPI/6.1	1	97.0456748009
Path: /pki/crl/products/tspca.crl URI: http://crl.microsoft.com/pki/crl/products/tspca.crl
crl.microsoft.com	80	GET	1.1	Microsoft-CryptoAPI/6.1	1	103.468065023
Path: /pki/crl/products/CodeSignPCA2.crl URI: http://crl.microsoft.com/pki/crl/products/CodeSignPCA2.crl
crl.microsoft.com	80	GET	1.1	Microsoft-CryptoAPI/6.1	1	109.719549894
Path: /pki/crl/products/WinPCA.crl URI: http://crl.microsoft.com/pki/crl/products/WinPCA.crl
crl.globalsign.net	80	GET	1.1	Microsoft-CryptoAPI/6.1	1	116.183516979
Path: /primobject.crl URI: http://crl.globalsign.net/primobject.crl

DNS Queries/Answers

Request	Type
pastebin.com	A
Answers - 104.20.209.21 (A) - 104.20.208.21 (A)
ctldl.windowsupdate.com	A
Answers - ctldl.windowsupdate.nsatc.net (CNAME) - 184.26.44.105 (A) - a1621.g.akamai.net (CNAME) - 184.26.44.97 (A) - ctldl.windowsupdate.com.edgesuite.net (CNAME)
ocsp.usertrust.com	A
Answers - 178.255.83.1 (A)
raw.githubusercontent.com	A
Answers - github.map.fastly.net (CNAME) - 151.101.128.133 (A) - 151.101.0.133 (A) - 151.101.64.133 (A) - 151.101.192.133 (A)
ocsp.comodoca4.com	A
Answers - ocsp.comodoca4.com.edgesuite.net (CNAME) - 23.67.251.10 (A) - a875.dscb.akamai.net (CNAME) - 23.67.251.18 (A)
crl.comodoca.com	A
Answers - crl.comodoca.com.cdn.cloudflare.net (CNAME) - 104.16.92.188 (A) - 104.16.93.188 (A) - 104.16.90.188 (A) - 104.16.91.188 (A) - 104.16.89.188 (A)
ocsp.digicert.com	A
Answers - cs9.wac.phicdn.net (CNAME) - 72.21.91.29 (A)
s.dropcanvas.com	A
Answers - www.dropcanvas.com (CNAME) - 69.55.50.17 (A)
musigiallifuck.ddns.net	A
Answers - 95.248.69.185 (A)
crl.microsoft.com	A
Answers - 184.24.97.184 (A) - crl.www.ms.akadns.net (CNAME) - 184.24.97.182 (A) - a1363.dscg.akamai.net (CNAME)
crl.globalsign.net	A
Answers - 104.31.75.124 (A) - global.prd.cdn.globalsign.com (CNAME) - cdn.globalsigncdn.com.cdn.cloudflare.net (CNAME) - 104.31.74.124 (A)

TCP Packets

Call Time During Execution(sec)	Source IP	Dest IP	Dest Port
38.7308828831	Sandbox	104.20.209.21	443
46.5231328011	Sandbox	184.26.44.105	80
53.6929779053	Sandbox	178.255.83.1	80
59.4904308319	Sandbox	151.101.0.133	443
61.640996933	Sandbox	23.67.251.10	80
65.7525908947	Sandbox	104.16.91.188	80
66.331900835	Sandbox	72.21.91.29	80
67.093364954	Sandbox	69.55.50.17	80
67.286482811	Sandbox	69.55.50.17	80
91.0382080078	Sandbox	95.248.69.185	1188
97.0456748009	Sandbox	184.24.97.184	80
116.183516979	Sandbox	104.31.74.124	80
155.096805811	Sandbox	95.248.69.185	1188
220.604798794	Sandbox	95.248.69.185	1188

UDP Packets

Call Time During Execution(sec)	Source IP	Dest IP	Dest Port
3.17365193367	Sandbox	224.0.0.252	5355
3.27274799347	Sandbox	192.168.56.255	137
3.34808301926	Sandbox	224.0.0.252	5355
3.73211288452	Sandbox	239.255.255.250	3702
5.92567801476	Sandbox	224.0.0.252	5355
9.31417798996	Sandbox	192.168.56.255	138
34.7830469608	Sandbox	224.0.0.252	5355
38.675360918	Sandbox	8.8.4.4	53
40.7516458035	Sandbox	224.0.0.252	5355
43.6286668777	Sandbox	224.0.0.252	5355
46.3764498234	Sandbox	8.8.4.4	53
47.5323758125	Sandbox	224.0.0.252	5355
50.7057919502	Sandbox	224.0.0.252	5355
53.6736409664	Sandbox	8.8.4.4	53
55.4238770008	Sandbox	224.0.0.252	5355
58.7356908321	Sandbox	224.0.0.252	5355
59.4415400028	Sandbox	8.8.4.4	53
59.5854058266	Sandbox	224.0.0.252	5355
60.1270890236	Sandbox	224.0.0.252	5355
61.5953509808	Sandbox	8.8.4.4	53
62.7766568661	Sandbox	224.0.0.252	5355
63.5413689613	Sandbox	224.0.0.252	5355
65.7055039406	Sandbox	8.8.4.4	53
66.28510499	Sandbox	8.8.4.4	53
66.9551999569	Sandbox	8.8.4.4	53
90.8717639446	Sandbox	8.8.4.4	53
90.9701178074	Sandbox	224.0.0.252	5355
94.207005024	Sandbox	224.0.0.252	5355
96.9701759815	Sandbox	8.8.4.4	53
98.0075478554	Sandbox	224.0.0.252	5355
100.876696825	Sandbox	224.0.0.252	5355
103.612162828	Sandbox	224.0.0.252	5355
107.111351013	Sandbox	224.0.0.252	5355
110.026763916	Sandbox	224.0.0.252	5355
113.473032951	Sandbox	224.0.0.252	5355
116.12714386	Sandbox	8.8.4.4	53

Loading...