Reads data out of its own binary image Show sources
| self_read | process: 97bb018562de4854ad68e542c7685c4f39dedda7.exe, pid: 2308, offset: 0x00128200, length: 0x0000405a |
| self_read | process: 97bb018562de4854ad68e542c7685c4f39dedda7.exe, pid: 2308, offset: 0x0012945e, length: 0x0000402c |
| self_read | process: 97bb018562de4854ad68e542c7685c4f39dedda7.exe, pid: 2308, offset: 0x0012a894, length: 0x0000402c |
| self_read | process: 97bb018562de4854ad68e542c7685c4f39dedda7.exe, pid: 2308, offset: 0x0012bd5b, length: 0x0000402c |
| self_read | process: 97bb018562de4854ad68e542c7685c4f39dedda7.exe, pid: 2308, offset: 0x0012d089, length: 0x0000402c |
| self_read | process: 97bb018562de4854ad68e542c7685c4f39dedda7.exe, pid: 2308, offset: 0x0012e438, length: 0x0000002c |
| self_read | process: 97bb018562de4854ad68e542c7685c4f39dedda7.exe, pid: 2308, offset: 0x0012e828, length: 0x00000028 |
| self_read | process: 97bb018562de4854ad68e542c7685c4f39dedda7.exe, pid: 2308, offset: 0x001343b8, length: 0x00000028 |
| self_read | process: 97bb018562de4854ad68e542c7685c4f39dedda7.exe, pid: 2308, offset: 0x0013a2e8, length: 0x00000028 |
| self_read | process: 97bb018562de4854ad68e542c7685c4f39dedda7.exe, pid: 2308, offset: 0x0013fd5f, length: 0x00000028 |
| self_read | process: 97bb018562de4854ad68e542c7685c4f39dedda7.exe, pid: 2308, offset: 0x001458bc, length: 0x00004028 |
| self_read | process: 97bb018562de4854ad68e542c7685c4f39dedda7.exe, pid: 2308, offset: 0x00145bc3, length: 0x00369e35 |
| self_read | process: 97bb018562de4854ad68e542c7685c4f39dedda7.exe, pid: 2308, offset: 0x004ae6d6, length: 0x00001322 |
HTTP traffic contains suspicious features which may be indicative of malware related traffic Show sources
| post_no_referer | HTTP traffic contains a POST request with no referer header |
| suspicious_request | http://ocsp.int-x3.letsencrypt.org/ |
| suspicious_request | http://ocsp.digicert.com/ |
| suspicious_request | http://ytd.cloudnetworktools.com/images/partners/header_background.png |
| suspicious_request | http://clients1.google.com/ocsp |
| suspicious_request | http://ytd.cloudnetworktools.com/privacy.html |
| suspicious_request | http://ytd.cloudnetworktools.com/image/40/1/YTD/1312902593/ytd_site_logo.gif |
| suspicious_request | http://ytd.cloudnetworktools.com/favicon.ico |
| suspicious_request | http://ocsp.comodoca.com/ |
Performs some HTTP requests Show sources
| url | http://ytd.cloudnetworktools.com/privacy.html |
| url | http://ytd.cloudnetworktools.com/styles/toolbar_site.css |
| url | http://ytd.cloudnetworktools.com/image/40/1/YTD/1312902593/ytd_site_logo.gif |
| url | http://ytd.cloudnetworktools.com/images/partners/downloadbtn.png |
| url | http://ocsp.int-x3.letsencrypt.org/ |
| url | http://ocsp.digicert.com/ |
| url | http://ytd.cloudnetworktools.com/images/partners/header_background.png |
| url | http://clients1.google.com/ocsp |
| url | http://ytd.cloudnetworktools.com/favicon.ico |
| url | http://ocsp.comodoca.com/ |
Creates RWX memory