Advanced File Analysis System

File Name: kaueu.exe

File Type: PE32 executable (GUI) Intel 80386, for MS Windows

SHA1: b5ddf5a295d29d60ad817a625886275937a60874

MD5: f2f865aa912787c1a202394c840ed595

Contacted IPs

Network Port Distribution

IP	Country	ASN	ASN Name	Trigger Process Type
8.8.4.4	United States	15169	Level 3 Parent, LLC	Malware Process
104.16.90.188	United States	13335	Cloudflare, Inc.	Malware Process
108.58.129.90	United States	6128	Static IP Services	Malware Process
184.26.44.97	United States	20940	Akamai Technologies, Inc.	OS Process
38.69.238.114	United States	174	PSINet, Inc.	OS Process
38.69.238.122	United States	174	PSINet, Inc.	OS Process
66.96.133.9	United States	29873	The Endurance International Group, Inc.	Malware Process
68.173.55.51	United States	12271	Time Warner Cable Internet LLC	Malware Process
75.127.141.50	United States	6128	Static IP Services	Malware Process
96.69.89.156	United States	7922	Comcast Cable Communications, LLC	Malware Process
96.19.160.50	United States	11492	CABLE ONE, INC.	Malware Process
68.231.147.100	United States	22773	Cox Communications	Malware Process
23.49.13.33	United States	20940	Akamai Technologies, Inc.	Malware Process
104.16.91.188		13335	Cloudflare, Inc.	Malware Process
178.255.83.1		35838		OS Process
104.91.166.226		20940	Akamai Technologies, Inc.	OS Process
104.91.166.216		20940	Akamai Technologies, Inc.	OS Process
178.255.83.1		35838		OS Process
104.28.17.56		13335	Cloudflare, Inc.	Malware Process
85.93.88.251		8972		Malware Process

HTTP Packets

Host	Port	Method	Version	User Agent	Count	Call Time During Execution(Sec)
www.ip-adress.com	80	GET	1.1	Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)	5	32.0890951157
Path: / URI: http://www.ip-adress.com/
ctldl.windowsupdate.com	80	GET	1.1	Microsoft-CryptoAPI/6.1	1	52.1968672276
Path: /msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?4e52de1fae3110d6 URI: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?4e52de1fae3110d6
ctldl.windowsupdate.com	80	GET	1.1	Microsoft-CryptoAPI/6.1	1	52.2450971603
Path: /msdownload/update/v3/static/trustedr/en/authrootstl.cab?8a6118c64124b780 URI: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab?8a6118c64124b780
ctldl.windowsupdate.com	80	GET	1.1	Microsoft-CryptoAPI/6.1	1	52.2527391911
Path: /msdownload/update/v3/static/trustedr/en/authrootstl.cab?133c5970748a7e95 URI: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab?133c5970748a7e95
ocsp.usertrust.com	80	GET	1.1	Microsoft-CryptoAPI/6.1	1	58.9094572067
Path: /MFEwTzBNMEswSTAJBgUrDgMCGgUABBR8sWZUnKvbRO5iJhat9GV793rVlAQUrb2YejS0Jvf6xCZU7wO94CTLVBoCECdm7lbrSfOOq9dwovyE3iI%3D URI: http://ocsp.usertrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBR8sWZUnKvbRO5iJhat9GV793rVlAQUrb2YejS0Jvf6xCZU7wO94CTLVBoCECdm7lbrSfOOq9dwovyE3iI%3D
ocsp.usertrust.com	80	GET	1.1	Microsoft-CryptoAPI/6.1	1	61.2106461525
Path: /MFEwTzBNMEswSTAJBgUrDgMCGgUABBR8sWZUnKvbRO5iJhat9GV793rVlAQUrb2YejS0Jvf6xCZU7wO94CTLVBoCECdm7lbrSfOOq9dwovyE3iI%3D URI: http://ocsp.usertrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBR8sWZUnKvbRO5iJhat9GV793rVlAQUrb2YejS0Jvf6xCZU7wO94CTLVBoCECdm7lbrSfOOq9dwovyE3iI%3D
ocsp.comodoca.com	80	GET	1.1	Microsoft-CryptoAPI/6.1	1	63.0090520382
Path: /MFEwTzBNMEswSTAJBgUrDgMCGgUABBReAhtobFzTvhaRmVeJ38QUchY9AwQUu69%2BAj36pvE8hI6t7jiY7NkyMtQCECsuburZdTZsFIpu26N8jAc%3D URI: http://ocsp.comodoca.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBReAhtobFzTvhaRmVeJ38QUchY9AwQUu69%2BAj36pvE8hI6t7jiY7NkyMtQCECsuburZdTZsFIpu26N8jAc%3D
ocsp.comodoca.com	80	GET	1.1	Microsoft-CryptoAPI/6.1	1	63.0131521225
Path: /MFIwUDBOMEwwSjAJBgUrDgMCGgUABBR64T7ooMQqLLQoy%2BemBUYZQOKh6QQUkK9qOpRaC9iQ6hJWc99DtDoo2ucCEQCOot%2Bo4GHnch9qDcxWT3Pj URI: http://ocsp.comodoca.com/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBR64T7ooMQqLLQoy%2BemBUYZQOKh6QQUkK9qOpRaC9iQ6hJWc99DtDoo2ucCEQCOot%2Bo4GHnch9qDcxWT3Pj
crl.comodoca.com	80	GET	1.1	Microsoft-CryptoAPI/6.1	1	63.051692009
Path: /COMODORSADomainValidationSecureServerCA.crl URI: http://crl.comodoca.com/COMODORSADomainValidationSecureServerCA.crl
crl.comodoca.com	80	GET	1.1	Microsoft-CryptoAPI/6.1	1	63.0601119995
Path: /COMODORSACertificationAuthority.crl URI: http://crl.comodoca.com/COMODORSACertificationAuthority.crl
crl.microsoft.com	80	GET	1.1	Microsoft-CryptoAPI/6.1	1	93.3420331478
Path: /pki/crl/products/tspca.crl URI: http://crl.microsoft.com/pki/crl/products/tspca.crl
crl.microsoft.com	80	GET	1.1	Microsoft-CryptoAPI/6.1	1	93.9986891747
Path: /pki/crl/products/CodeSignPCA2.crl URI: http://crl.microsoft.com/pki/crl/products/CodeSignPCA2.crl
crl.microsoft.com	80	GET	1.1	Microsoft-CryptoAPI/6.1	1	94.0411829948
Path: /pki/crl/products/WinPCA.crl URI: http://crl.microsoft.com/pki/crl/products/WinPCA.crl
crl.globalsign.net	80	GET	1.1	Microsoft-CryptoAPI/6.1	1	94.1351439953
Path: /primobject.crl URI: http://crl.globalsign.net/primobject.crl

DNS Queries/Answers

Request	Type
www.ip-adress.com	A
Answers - 85.93.89.6 (A) - 85.93.88.251 (A) - 209.126.124.166 (A) - 207.38.89.115 (A)
ctldl.windowsupdate.com	A
Answers - ctldl.windowsupdate.nsatc.net (CNAME) - 38.69.238.122 (A) - a1621.g.akamai.net (CNAME) - 38.69.238.114 (A) - ctldl.windowsupdate.com.edgesuite.net (CNAME)
ocsp.usertrust.com	A
Answers - 178.255.83.1 (A)
ocsp.comodoca.com	A
crl.comodoca.com	A
Answers - crl.comodoca.com.cdn.cloudflare.net (CNAME) - 104.16.92.188 (A) - 104.16.93.188 (A) - 104.16.90.188 (A) - 104.16.91.188 (A) - 104.16.89.188 (A)
194.99.241.192.in-addr.arpa	PTR
Answers - wooservers.com (PTR)
crl.microsoft.com	A
Answers - 184.26.44.97 (A) - 184.26.44.98 (A) - crl.www.ms.akadns.net (CNAME) - a1363.dscg.akamai.net (CNAME)
crl.globalsign.net	A
Answers - 104.28.16.56 (A) - 104.28.17.56 (A)

TCP Packets

Call Time During Execution(sec)	Source IP	Dest IP	Dest Port
32.0890951157	Sandbox	85.93.88.251	80
38.1568281651	Sandbox	85.93.88.251	443
38.5303621292	Sandbox	96.69.89.156	22
43.7696430683	Sandbox	108.58.129.90	443
52.1968672276	Sandbox	38.69.238.122	80
52.2450971603	Sandbox	38.69.238.114	80
52.2527391911	Sandbox	38.69.238.114	80
57.7313411236	Sandbox	85.93.88.251	80
58.0517351627	Sandbox	85.93.88.251	443
58.9094572067	Sandbox	178.255.83.1	80
59.8073911667	Sandbox	85.93.88.251	80
60.1294360161	Sandbox	85.93.88.251	443
61.2106461525	Sandbox	178.255.83.1	80
61.8769001961	Sandbox	85.93.88.251	80
62.082182169	Sandbox	85.93.88.251	443
63.0090520382	Sandbox	178.255.83.1	80
63.0131521225	Sandbox	178.255.83.1	80
63.051692009	Sandbox	104.16.91.188	80
63.0601119995	Sandbox	104.16.90.188	80
64.8891479969	Sandbox	85.93.88.251	80
65.0914950371	Sandbox	85.93.88.251	443
70.5686841011	Sandbox	75.127.141.50	995
70.5740430355	Sandbox	68.173.55.51	443
70.6251881123	Sandbox	108.58.129.90	443
71.0821452141	Sandbox	96.69.89.156	22
71.4585289955	Sandbox	68.173.55.51	443
76.8802030087	Sandbox	192.168.56.8	49283
79.6749072075	Sandbox	192.168.56.8	49287
80.077944994	Sandbox	66.96.133.9	52552
83.3848071098	Sandbox	192.168.56.8	49292
83.7482991219	Sandbox	66.96.133.9	35427
93.3420331478	Sandbox	184.26.44.97	80
94.1351439953	Sandbox	104.28.17.56	80

UDP Packets

Call Time During Execution(sec)	Source IP	Dest IP	Dest Port
3.19855713844	Sandbox	224.0.0.252	5355
3.22704005241	Sandbox	224.0.0.252	5355
3.23210120201	Sandbox	239.255.255.250	3702
3.27577400208	Sandbox	192.168.56.255	137
5.7878100872	Sandbox	224.0.0.252	5355
9.27159619331	Sandbox	192.168.56.255	138
28.0269870758	Sandbox	224.0.0.252	5355
31.9437601566	Sandbox	8.8.4.4	53
46.7542920113	Sandbox	224.0.0.252	5355
46.7581801414	Sandbox	224.0.0.252	5355
46.7614409924	Sandbox	224.0.0.252	5355
49.4217271805	Sandbox	224.0.0.252	5355
49.4220590591	Sandbox	224.0.0.252	5355
49.4223930836	Sandbox	224.0.0.252	5355
52.1178760529	Sandbox	8.8.4.4	53
52.121817112	Sandbox	8.8.4.4	53
52.1228950024	Sandbox	8.8.4.4	53
53.3161690235	Sandbox	224.0.0.252	5355
56.0167920589	Sandbox	224.0.0.252	5355
58.5796480179	Sandbox	224.0.0.252	5355
58.6019551754	Sandbox	8.8.4.4	53
59.6871080399	Sandbox	224.0.0.252	5355
59.6878261566	Sandbox	224.0.0.252	5355
59.7086951733	Sandbox	224.0.0.252	5355
59.9791710377	Sandbox	224.0.0.252	5355
62.9867660999	Sandbox	8.8.4.4	53
62.9872620106	Sandbox	8.8.4.4	53
62.9875531197	Sandbox	8.8.4.4	53
62.9940340519	Sandbox	8.8.4.4	53
70.5695941448	Sandbox	8.8.4.4	53
93.2211711407	Sandbox	8.8.4.4	53
94.0751821995	Sandbox	8.8.4.4	53

Loading...