fec56ffb...3cb1

fec56ffb...3cb1 | Network

Try VMRay Analyzer

VTI SCORE: 100/100

Dynamic Analysis Report

Classification:

Keylogger

Backdoor

Spyware

Threat Names:

Vermin

Quasar

xRAT

...

office82.exe

Windows Exe (x86-32)

Created 5 years ago

Remarks (1/1)

Anti-Sleep Triggered (0x0200000E): The overall sleep time of all monitored processes was truncated from "2 minutes, 15 seconds" to "1 minute, 30 seconds" to reveal dormant functionality.

General

Total Sent: 1.05 KB

Total Received: 1.18 KB

2 ports: 80 , 4782

3 contacted IP addresses

0 URLs extracted

0 files downloaded

0 malicious hosts detected

DNS

2 DNS requests for 1 domains

1 nameserver contacted

0 total requests returned errors

HTTP/S

1 URLs contacted, 1 servers

2 sessions, sending 0.70 KB, receiving 1.18 KB

2 Hosts

Requests

Severity

ip-api.com80, 53

10.88.111.184782

HTTP Requests (2)DNS Requests (2)

Method	URL	Response	Dest. IP	Dest. Port	-	Severity

GET	http://ip-api.com/json/	200	208.95.112.1	80	-	Unknown
GET	http://ip-api.com/json/	200	208.95.112.1	80	-	Unknown

RequestResponseFunction Logs (2)Stream (2)

Request Headers

Timestamp	121.097000
URL	http://ip-api.com/json/
Version	1.1
Method	GET

User-Agent	Mozilla/5.0 (Windows NT 6.3; rv:48.0) Gecko/20100101 Firefox/48.0
Host	ip-api.com
Connection	Keep-Alive

URL Reputation

Reputation

Unknown

Function Logfile

This feature requires an online-connection to the VMRay backend.

An offline version with limited functionality is also provided.
The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".

Before

After

Screenshot