Advanced File Analysis System | Valkyrie

File Name: AutoItObfuscator_1.bin

File Type: PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

SHA1: 97cf21650dfc7e50972bf09a2760fe8b78d367b8

MD5: baf02b6b2480028d73775a43cbcec09b

Download Kill Chain Report

Contacted IPs

Network Port Distribution

Name	IP	Country	ASN	ASN Name	Trigger Process Type
	8.8.4.4	United States	15169	Level 3 Parent, LLC	Malware Process
	13.107.4.50	United States	8068	Microsoft Corporation	OS Process
www.pelock.com	212.71.235.46	United Kingdom	63949	Linode, LLC	Malware Process
ctldl.windowsupdate.com	69.164.0.0	United States	22822	Limelight Networks, Inc.	OS Process

HTTP Packets

Host	Port	Method	Version	User Agent	Count	Call Time During Execution(Sec)
ctldl.windowsupdate.com	80	GET	1.1	Microsoft-CryptoAPI/6.1	1	23.5516331196
Path: /msdownload/update/v3/static/trustedr/en/authrootstl.cab?fdb16b39901d45a5 URI: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab?fdb16b39901d45a5
ctldl.windowsupdate.com	80	GET	1.1	Microsoft-CryptoAPI/6.1	1	28.9201290607
Path: /msdownload/update/v3/static/trustedr/en/CABD2A79A1076A31F21D253635CB039D4329A5E8.crt?50518b9ce1203a2e URI: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/CABD2A79A1076A31F21D253635CB039D4329A5E8.crt?50518b9ce1203a2e

DNS Queries/Answers

Request	Type
www.pelock.com	A
Answers - 212.71.235.46 (A)
ctldl.windowsupdate.com	A
Answers - wu-shim.trafficmanager.net (CNAME) - b1ns.au-msedge.net (CNAME) - b1ns.c-0001.c-msedge.net (CNAME) - c-0001.c-msedge.net (CNAME) - 13.107.4.50 (A)

TCP Packets

Call Time During Execution(sec)	Source IP	Dest IP	Dest Port
17.6913230419	Sandbox	212.71.235.46	443
23.5516331196	Sandbox	13.107.4.50	80

UDP Packets

Call Time During Execution(sec)	Source IP	Dest IP	Dest Port
6.48489308357	Sandbox	224.0.0.252	5355
6.49903607368	Sandbox	224.0.0.252	5355
6.50430011749	Sandbox	239.255.255.250	3702
6.54542517662	Sandbox	192.168.56.255	137
9.10903811455	Sandbox	224.0.0.252	5355
12.5912652016	Sandbox	192.168.56.255	138
14.6619901657	Sandbox	224.0.0.252	5355
17.3402671814	Sandbox	8.8.4.4	53
18.3899049759	Sandbox	224.0.0.252	5355
20.9790370464	Sandbox	224.0.0.252	5355
23.5294411182	Sandbox	8.8.4.4	53
23.8029370308	Sandbox	224.0.0.252	5355
26.3685460091	Sandbox	224.0.0.252	5355

Loading...