Reads data out of its own binary image Show sources
| api_process_name | process: 80d11333708f5ef3fbdabac6ae7bef3cdbcb37f3.exe, pid: 1860, offset: 0x00000000, length: 0x00210f88 |
| api_process_name | process: 80d11333708f5ef3fbdabac6ae7bef3cdbcb37f3.exe, pid: 1860, offset: 0x001c77d0, length: 0x000497b8 |
Attempts to connect to a dead IP:Port (3 unique times) Show sources
| network_host_ip | 23.54.187.27:80 (United States) |
| network_host_ip | 23.35.171.27:80 (United States) |
| network_host_ip | 38.69.238.114:80 (United States) |
Performs some HTTP requests Show sources
| network_url | http://sv.symcd.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQe6LNDJdqx%2BJOp7hVgTeaGFJ%2FCQgQUljtT8Hkzl699g%2B8uK8zKt4YecmYCEBxoP3uP%2B82s4ZJ9WI1JBs8%3D |
| network_url | http://ts-ocsp.ws.symantec.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRi82PVYYKWGJWdgVNyePy5kYTdqQQUX5r1blzMzHSa1N197z%2Fb7EyALt0CEA7P9DjI%2Fr81bgTYapgbGlA%3D |
| network_url | http://crl.globalsign.net/primobject.crl |
Network activity contains more than one unique useragent. Show sources
| Process | 80d11333708f5ef3fbdabac6ae7bef3cdbcb37f3.exe |
| User-Agent | lpszAgent |
| Process | 80d11333708f5ef3fbdabac6ae7bef3cdbcb37f3.exe |
| User-Agent |
A process sent information about the computer to a remote location. Show sources
| api_process_name | 80d11333708f5ef3fbdabac6ae7bef3cdbcb37f3.exe: {"action":"ces_heartbeat","sender_id":"portable","id":"f80aa1d5680a08a17a569cce8060f8ea","data":{"win_version":"W7","ces_version":"Unknow Version","ces_install_time":"0","active_user":"user","machine_name":"V-PC","domain_name":""}} |
A process attempted to delay the analysis task. Show sources
| api_process_name | 80d11333708f5ef3fbdabac6ae7bef3cdbcb37f3.exe tried to sleep 570 seconds, actually delayed analysis time by 0 seconds |
Creates RWX memory Show sources
| injection_rwx_memory | 0x00000040, NtAllocateVirtualMemory or VirtualProtectEx |