e7dc2321...6d47

e7dc2321...6d47 | Network

Try VMRay Analyzer

VTI SCORE: 100/100

Dynamic Analysis Report

Classification:

Ransomware

Dropper

Backdoor

Threat Names:

Gen:Trojan.Heur.2T0@rmnKOxoi

Cheats_Loader_protected.exe

Windows Exe (x86-32)

Created 5 years ago

General

Total Sent: 26.45 KB

Total Received: 1.92 MB

2 ports: 80 , 443

5 contacted IP addresses

0 URLs extracted

0 files downloaded

0 malicious hosts detected

DNS

10 DNS requests for 4 domains

1 nameserver contacted

0 total requests returned errors

HTTP/S

9 URLs contacted, 3 servers

9 sessions, sending 15.33 KB, receiving 5.62 KB

4 Hosts

Requests

Severity

api.db-ip.com80, 53

dosyaupload.tech53, 443

mzrevenge.ga80, 53

api.ipify.org80, 53

HTTP Requests (6)DNS Requests (6)TCP Sessions (5)

Method	URL	Response	Dest. IP	Dest. Port	-	Severity

GET	http://api.db-ip.com/v2/free/95.222.165.118/continentCode	200	104.26.5.15	80	-	Unknown
GET	http://api.db-ip.com/v2/free/95.222.165.118/continentName	200	104.26.5.15	80	-	Unknown
GET	http://api.db-ip.com/v2/free/95.222.165.118/countryCode	200	104.26.5.15	80	-	Unknown
GET	http://api.db-ip.com/v2/free/95.222.165.118/countryName	200	104.26.5.15	80	-	Unknown
GET	http://api.db-ip.com/v2/free/95.222.165.118/stateProv	200	104.26.5.15	80	-	Unknown
GET	http://api.db-ip.com/v2/free/95.222.165.118/city	200	104.26.5.15	80	-	Unknown

RequestResponseFunction Logs (2)Stream (3)

Request Headers

Timestamp	102.911000
URL	http://api.db-ip.com/v2/free/95.222.165.118/continentCode
Version	1.1
Method	GET

Host	api.db-ip.com
Accept	text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8
User-Agent	Mozilla/3.0 (compatible; Indy Library)

URL Reputation

Reputation

Unknown

Function Logfile

This feature requires an online-connection to the VMRay backend.

An offline version with limited functionality is also provided.
The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".

Before

After

Screenshot