analyze malware
  • Huge database of samples and IOCs
  • Custom VM setup
  • Unlimited submissions
  • Interactive approach
Sign up, it’s free
File name:

维护通知.bin

Full analysis: https://app.any.run/tasks/a9c26a93-5d05-4df1-9c6c-c1ba2ed54cf5
Verdict: Malicious activity
Threats:

Trojans are a group of malicious programs distinguished by their ability to masquerade as benign software. Depending on their type, trojans possess a variety of capabilities, ranging from maintaining full remote control over the victim’s machine to stealing data and files, as well as dropping other malware. At the same time, the main functionality of each trojan family can differ significantly depending on its type. The most common trojan infection chain starts with a phishing email.

Analysis date: August 08, 2020, 08:17:37
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:
installer
trojan
Indicators:
MIME: application/x-dosexec
File info: PE32 executable (GUI) Intel 80386, for MS Windows
MD5:

010913338CF84943976371EE6BD42C49

SHA1:

5322DEDDD89734A3998BE517C1B77DEFDEC6A625

SHA256:

5809A13718B24A61B70121CCC78D00657D6C17AD4B00B940640D8C8DADCCF7A8

SSDEEP:

24576:XIONmSNEfZY2DfwrDLdX+VScHDlb59wsjg6tdWTlXcFyRO:XfVNEfZpwrDYESlb597iZswO

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.
  • MALICIOUS

    • Application was dropped or rewritten from another process

      • jy.exe (PID: 1332)
      • DingDebug.exe (PID: 2140)
      • jy.exe (PID: 1296)
    • Loads dropped or rewritten executable

      • SearchProtocolHost.exe (PID: 2568)
    • Writes to a start menu file

      • 维护通知.bin.exe (PID: 3656)
      • jy.exe (PID: 1296)
  • SUSPICIOUS

    • Executed via COM

      • mmc.exe (PID: 2192)
      • explorer.exe (PID: 3136)
    • Executable content was dropped or overwritten

      • cmd.exe (PID: 2236)
      • 维护通知.bin.exe (PID: 3656)
    • Starts CMD.EXE for commands execution

      • 维护通知.bin.exe (PID: 3656)
      • DingDebug.exe (PID: 2140)
    • Creates files in the user directory

      • cmd.exe (PID: 2236)
      • jy.exe (PID: 1296)
      • DingDebug.exe (PID: 2140)
    • Reads Internet Cache Settings

      • 维护通知.bin.exe (PID: 3656)
    • Uses TASKLIST.EXE to query information about running processes

      • cmd.exe (PID: 3728)
  • INFO

    No info indicators.
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | InstallShield setup (54.3)
.exe | Win64 Executable (generic) (34.8)
.exe | Win32 Executable (generic) (5.6)
.exe | Generic Win/DOS Executable (2.5)
.exe | DOS Executable Generic (2.5)

EXIF

EXE

Subsystem: Windows GUI
SubsystemVersion: 5
ImageVersion: -
OSVersion: 5
EntryPoint: 0x3b923
UninitializedDataSize: -
InitializedDataSize: 801792
CodeSize: 327680
LinkerVersion: 9
PEType: PE32
TimeStamp: 2020:08:04 14:06:56+02:00
MachineType: Intel 386 or later, and compatibles

Summary

Architecture: IMAGE_FILE_MACHINE_I386
Subsystem: IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date: 04-Aug-2020 12:06:56
Detected languages:
  • English - United States
Debug artifacts:
  • D:\Administrator\Desktop\网易CC\collector\Release\collector.pdb

DOS Header

Magic number: MZ
Bytes on last page of file: 0x0090
Pages in file: 0x0003
Relocations: 0x0000
Size of header: 0x0004
Min extra paragraphs: 0x0000
Max extra paragraphs: 0xFFFF
Initial SS value: 0x0000
Initial SP value: 0x00B8
Checksum: 0x0000
Initial IP value: 0x0000
Initial CS value: 0x0000
Overlay number: 0x0000
OEM identifier: 0x0000
OEM information: 0x0000
Address of NE header: 0x00000100

PE Headers

Signature: PE
Machine: IMAGE_FILE_MACHINE_I386
Number of sections: 5
Time date stamp: 04-Aug-2020 12:06:56
Pointer to Symbol Table: 0x00000000
Number of symbols: 0
Size of Optional Header: 0x00E0
Characteristics:
  • IMAGE_FILE_32BIT_MACHINE
  • IMAGE_FILE_EXECUTABLE_IMAGE

Sections

Name
Virtual Address
Virtual Size
Raw Size
Charateristics
Entropy
.text
0x00001000
0x0004FFA3
0x00050000
IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
6.52367
.rdata
0x00051000
0x00014F26
0x00015000
IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
4.89542
.data
0x00066000
0x0008A0B8
0x00086400
IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
7.7315
.rsrc
0x000F1000
0x0001CD84
0x0001CE00
IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
3.62696
.reloc
0x0010E000
0x0000B848
0x0000BA00
IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
4.40208

Resources

Title
Entropy
Size
Codepage
Language
Type
1
5.01229
633
Latin 1 / Western European
English - United States
RT_MANIFEST
2
2.68944
744
Latin 1 / Western European
English - United States
RT_ICON
3
2.74803
296
Latin 1 / Western European
English - United States
RT_ICON
4
2.73679
3752
Latin 1 / Western European
English - United States
RT_ICON
5
2.38649
2216
Latin 1 / Western European
English - United States
RT_ICON
6
1.64388
1384
Latin 1 / Western European
English - United States
RT_ICON
7
2.7403
202
Latin 1 / Western European
English - United States
RT_STRING
8
3.09995
9640
Latin 1 / Western European
English - United States
RT_ICON
9
2.33229
152
Latin 1 / Western European
English - United States
RT_STRING
10
4.09871
1128
Latin 1 / Western European
English - United States
RT_ICON

Imports

ADVAPI32.dll
COMCTL32.dll
COMDLG32.dll
GDI32.dll
KERNEL32.dll
OLEACC.dll (delay-loaded)
OLEAUT32.dll
SHELL32.dll
SHLWAPI.dll
USER32.dll
No data.
screenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
535
Monitored processes
489
Malicious processes
4
Suspicious processes
1

Behavior graph

Click at the process to see the details
drop and start drop and start start 维护通知.bin.exe no specs 维护通知.bin.exe jy.exe no specs cmd.exe mmc.exe no specs explorer.exe no specs explorer.exe no specs jy.exe searchprotocolhost.exe no specs dingdebug.exe cmd.exe no specs tasklist.exe no specs find.exe no specs tasklist.exe no specs find.exe no specs tasklist.exe no specs find.exe no specs tasklist.exe no specs find.exe no specs tasklist.exe no specs find.exe no specs tasklist.exe no specs find.exe no specs tasklist.exe no specs find.exe no specs tasklist.exe no specs find.exe no specs tasklist.exe no specs find.exe no specs tasklist.exe no specs find.exe no specs tasklist.exe no specs find.exe no specs tasklist.exe no specs find.exe no specs tasklist.exe no specs find.exe no specs tasklist.exe no specs find.exe no specs tasklist.exe no specs find.exe no specs tasklist.exe no specs find.exe no specs tasklist.exe no specs find.exe no specs tasklist.exe no specs find.exe no specs tasklist.exe no specs find.exe no specs tasklist.exe no specs find.exe no specs tasklist.exe no specs find.exe no specs tasklist.exe no specs find.exe no specs tasklist.exe no specs find.exe no specs tasklist.exe no specs find.exe no specs tasklist.exe no specs find.exe no specs tasklist.exe no specs find.exe no specs tasklist.exe no specs find.exe no specs tasklist.exe no specs find.exe no specs tasklist.exe no specs find.exe no specs tasklist.exe no specs find.exe no specs tasklist.exe no specs find.exe no specs tasklist.exe no specs find.exe no specs tasklist.exe no specs find.exe no specs tasklist.exe no specs find.exe no specs tasklist.exe no specs find.exe no specs tasklist.exe no specs find.exe no specs tasklist.exe no specs find.exe no specs tasklist.exe no specs find.exe no specs tasklist.exe no specs find.exe no specs tasklist.exe no specs find.exe no specs tasklist.exe no specs find.exe no specs tasklist.exe no specs find.exe no specs tasklist.exe no specs find.exe no specs tasklist.exe no specs find.exe no specs tasklist.exe no specs find.exe no specs tasklist.exe no specs find.exe no specs tasklist.exe no specs find.exe no specs tasklist.exe no specs find.exe no specs tasklist.exe no specs find.exe no specs tasklist.exe no specs find.exe no specs tasklist.exe no specs find.exe no specs tasklist.exe no specs find.exe no specs tasklist.exe no specs find.exe no specs tasklist.exe no specs find.exe no specs tasklist.exe no specs find.exe no specs tasklist.exe no specs find.exe no specs tasklist.exe no specs find.exe no specs tasklist.exe no specs find.exe no specs tasklist.exe no specs find.exe no specs tasklist.exe no specs find.exe no specs tasklist.exe no specs find.exe no specs tasklist.exe no specs find.exe no specs tasklist.exe no specs find.exe no specs tasklist.exe no specs find.exe no specs tasklist.exe no specs find.exe no specs tasklist.exe no specs find.exe no specs tasklist.exe no specs find.exe no specs tasklist.exe no specs find.exe no specs tasklist.exe no specs find.exe no specs tasklist.exe no specs find.exe no specs tasklist.exe no specs find.exe no specs tasklist.exe no specs find.exe no specs tasklist.exe no specs find.exe no specs tasklist.exe no specs find.exe no specs tasklist.exe no specs find.exe no specs tasklist.exe no specs find.exe no specs tasklist.exe no specs find.exe no specs tasklist.exe no specs find.exe no specs tasklist.exe no specs find.exe no specs tasklist.exe no specs find.exe no specs tasklist.exe no specs find.exe no specs tasklist.exe no specs find.exe no specs tasklist.exe no specs find.exe no specs tasklist.exe no specs find.exe no specs tasklist.exe no specs find.exe no specs tasklist.exe no specs find.exe no specs tasklist.exe no specs find.exe no specs tasklist.exe no specs find.exe no specs tasklist.exe no specs find.exe no specs tasklist.exe no specs find.exe no specs tasklist.exe no specs find.exe no specs tasklist.exe no specs find.exe no specs tasklist.exe no specs find.exe no specs tasklist.exe no specs find.exe no specs tasklist.exe no specs find.exe no specs tasklist.exe no specs find.exe no specs tasklist.exe no specs find.exe no specs tasklist.exe no specs find.exe no specs tasklist.exe no specs find.exe no specs tasklist.exe no specs find.exe no specs tasklist.exe no specs find.exe no specs tasklist.exe no specs find.exe no specs tasklist.exe no specs find.exe no specs tasklist.exe no specs find.exe no specs tasklist.exe no specs find.exe no specs tasklist.exe no specs find.exe no specs tasklist.exe no specs find.exe no specs tasklist.exe no specs find.exe no specs tasklist.exe no specs find.exe no specs tasklist.exe no specs find.exe no specs tasklist.exe no specs find.exe no specs tasklist.exe no specs find.exe no specs tasklist.exe no specs find.exe no specs tasklist.exe no specs find.exe no specs tasklist.exe no specs find.exe no specs tasklist.exe no specs find.exe no specs tasklist.exe no specs find.exe no specs tasklist.exe no specs find.exe no specs tasklist.exe no specs find.exe no specs tasklist.exe no specs find.exe no specs tasklist.exe no specs find.exe no specs tasklist.exe no specs find.exe no specs tasklist.exe no specs find.exe no specs tasklist.exe no specs find.exe no specs tasklist.exe no specs find.exe no specs tasklist.exe no specs find.exe no specs tasklist.exe no specs find.exe no specs tasklist.exe no specs find.exe no specs tasklist.exe no specs find.exe no specs tasklist.exe no specs find.exe no specs tasklist.exe no specs find.exe no specs tasklist.exe no specs find.exe no specs tasklist.exe no specs find.exe no specs tasklist.exe no specs find.exe no specs tasklist.exe no specs find.exe no specs tasklist.exe no specs find.exe no specs tasklist.exe no specs find.exe no specs tasklist.exe no specs find.exe no specs tasklist.exe no specs find.exe no specs tasklist.exe no specs find.exe no specs tasklist.exe no specs find.exe no specs tasklist.exe no specs find.exe no specs tasklist.exe no specs find.exe no specs tasklist.exe no specs find.exe no specs tasklist.exe no specs find.exe no specs tasklist.exe no specs find.exe no specs tasklist.exe no specs find.exe no specs tasklist.exe no specs find.exe no specs tasklist.exe no specs find.exe no specs tasklist.exe no specs find.exe no specs tasklist.exe no specs find.exe no specs tasklist.exe no specs find.exe no specs tasklist.exe no specs find.exe no specs tasklist.exe no specs find.exe no specs tasklist.exe no specs find.exe no specs tasklist.exe no specs find.exe no specs tasklist.exe no specs find.exe no specs tasklist.exe no specs find.exe no specs tasklist.exe no specs find.exe no specs tasklist.exe no specs find.exe no specs tasklist.exe no specs find.exe no specs tasklist.exe no specs find.exe no specs tasklist.exe no specs find.exe no specs tasklist.exe no specs find.exe no specs tasklist.exe no specs find.exe no specs tasklist.exe no specs find.exe no specs tasklist.exe no specs find.exe no specs tasklist.exe no specs find.exe no specs tasklist.exe no specs find.exe no specs tasklist.exe no specs find.exe no specs tasklist.exe no specs find.exe no specs tasklist.exe no specs find.exe no specs tasklist.exe no specs find.exe no specs tasklist.exe no specs find.exe no specs tasklist.exe no specs find.exe no specs tasklist.exe no specs find.exe no specs tasklist.exe no specs find.exe no specs tasklist.exe no specs find.exe no specs tasklist.exe no specs find.exe no specs tasklist.exe no specs find.exe no specs tasklist.exe no specs find.exe no specs tasklist.exe no specs find.exe no specs tasklist.exe no specs find.exe no specs tasklist.exe no specs find.exe no specs tasklist.exe no specs find.exe no specs tasklist.exe no specs find.exe no specs tasklist.exe no specs find.exe no specs tasklist.exe no specs find.exe no specs tasklist.exe no specs find.exe no specs tasklist.exe no specs find.exe no specs tasklist.exe no specs find.exe no specs tasklist.exe no specs find.exe no specs tasklist.exe no specs find.exe no specs tasklist.exe no specs find.exe no specs tasklist.exe no specs find.exe no specs tasklist.exe no specs find.exe no specs tasklist.exe no specs find.exe no specs tasklist.exe no specs find.exe no specs tasklist.exe no specs find.exe no specs tasklist.exe no specs find.exe no specs tasklist.exe no specs find.exe no specs tasklist.exe no specs find.exe no specs tasklist.exe no specs find.exe no specs tasklist.exe no specs find.exe no specs tasklist.exe no specs find.exe no specs tasklist.exe no specs find.exe no specs tasklist.exe no specs find.exe no specs tasklist.exe no specs find.exe no specs tasklist.exe no specs find.exe no specs tasklist.exe no specs find.exe no specs tasklist.exe no specs find.exe no specs tasklist.exe no specs find.exe no specs tasklist.exe no specs find.exe no specs tasklist.exe no specs find.exe no specs tasklist.exe no specs find.exe no specs tasklist.exe no specs find.exe no specs tasklist.exe no specs find.exe no specs tasklist.exe no specs find.exe no specs tasklist.exe no specs find.exe no specs tasklist.exe no specs find.exe no specs tasklist.exe no specs find.exe no specs tasklist.exe no specs find.exe no specs tasklist.exe no specs find.exe no specs tasklist.exe no specs find.exe no specs tasklist.exe no specs find.exe no specs tasklist.exe no specs find.exe no specs tasklist.exe no specs find.exe no specs tasklist.exe no specs find.exe no specs tasklist.exe no specs find.exe no specs tasklist.exe no specs find.exe no specs tasklist.exe no specs find.exe no specs tasklist.exe no specs find.exe no specs tasklist.exe no specs find.exe no specs tasklist.exe no specs find.exe no specs tasklist.exe no specs find.exe no specs tasklist.exe no specs find.exe no specs tasklist.exe no specs find.exe no specs tasklist.exe no specs find.exe no specs tasklist.exe no specs find.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
604"C:\Users\admin\AppData\Local\Temp\维护通知.bin.exe" C:\Users\admin\AppData\Local\Temp\维护通知.bin.exeexplorer.exe
User:
admin
Integrity Level:
MEDIUM
Exit code:
3221226540
3656"C:\Users\admin\AppData\Local\Temp\维护通知.bin.exe" C:\Users\admin\AppData\Local\Temp\维护通知.bin.exe
explorer.exe
User:
admin
Integrity Level:
HIGH
Exit code:
0
1332"C:\Users\Public\Documents\T48Gh\jy.exe" a C:\Users\Public\Documents\T48Gh\111.zip C:\Users\Public\Documents\T48Gh\Roaming\*C:\Users\Public\Documents\T48Gh\jy.exe维护通知.bin.exe
User:
admin
Company:
Igor Pavlov
Integrity Level:
HIGH
Description:
7-Zip Standalone Console
Exit code:
0
Version:
18.05
2236cmd /c ""C:\Users\Public\Documents\T48Gh\copy.bat" "C:\Windows\system32\cmd.exe
维护通知.bin.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Windows Command Processor
Exit code:
0
Version:
6.1.7601.17514 (win7sp1_rtm.101119-1850)
2192C:\Windows\system32\mmc.exe -EmbeddingC:\Windows\system32\mmc.exesvchost.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Microsoft Management Console
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
1192"C:\Windows\explorer.exe" C:\Users\Public\Documents\T48Gh\run.urlC:\Windows\explorer.exemmc.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Windows Explorer
Exit code:
1
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
3136C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -EmbeddingC:\Windows\explorer.exesvchost.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Explorer
Exit code:
1
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
1296"C:\Users\admin\AppData\Roaming\jy.exe" x 111.zip -yC:\Users\admin\AppData\Roaming\jy.exe
explorer.exe
User:
admin
Company:
Igor Pavlov
Integrity Level:
MEDIUM
Description:
7-Zip Standalone Console
Exit code:
0
Version:
18.05
2568"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe3_ Global\UsGthrCtrlFltPipeMssGthrPipe3 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon" C:\Windows\System32\SearchProtocolHost.exeSearchIndexer.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Microsoft Windows Search Protocol Host
Exit code:
0
Version:
7.00.7600.16385 (win7_rtm.090713-1255)
2140"C:\Users\Public\Documents\T48Gh\DingDebug.exe" C:\Users\Public\Documents\T48Gh\DingDebug.exe
维护通知.bin.exe
User:
admin
Integrity Level:
HIGH
Total events
1 996
Read events
1 752
Write events
0
Delete events
0

Modification events

No data
Executable files
6
Suspicious files
4
Text files
6
Unknown types
5

Dropped files

PID
Process
Filename
Type
3656维护通知.bin.exeC:\Users\Public\Documents\T48Gh\KK.logbinary
MD5:8D1D2680C2080B990D2BE0601BE1D809
SHA256:9A4081D38A81EC8230F6E26EAB0C4A940A9A28E70DE138F86A1643F25B9137A6
3656维护通知.bin.exeC:\Users\Public\Documents\T48Gh\run003.lnklnk
MD5:C8710F6F949E6931FF16C7EDA913D624
SHA256:7BC3D2EAE4C838FC984D511E75C4B6C45E54BF19362FB2CB0238C5529CC7F78D
2236cmd.exeC:\Users\admin\AppData\Roaming\jy.exeexecutable
MD5:42E83BB2537A79B17E13DD936EC2FEF4
SHA256:00F85BEB322FE51AB3A3B88ABCBBBE40F019A7EE53498E27A507DA6824ADAF76
3656维护通知.bin.exeC:\Users\Public\Documents\T48Gh\run.urltext
MD5:039015F05587FDD0DE8A77E98F5D0E20
SHA256:C514644B03CE8A43511EBE3ACCBBFA5A9D543DBFBD3BE6B98A80846260782077
3656维护通知.bin.exeC:\Users\Public\Documents\T48Gh\run002.urltext
MD5:8C9E014267BDB5DCED4424DF5F0A2402
SHA256:2777ECAD25BFBE19A25F29548B46BA46A6EFC79034FE4ABB1D9E7CBC231D8879
3656维护通知.bin.exeC:\Users\Public\Documents\T48Gh\DingDebug.exeexecutable
MD5:01D0F51047AEA1A7275F0969DFF052FC
SHA256:2DA870D099A0E1BF40C0D92CACFA873A4624C4A71411818AF9B27499562EBCBE
2236cmd.exeC:\Users\admin\AppData\Roaming\111.zipcompressed
MD5:7967F50B28FA0D4F43DD3142C63FD20B
SHA256:1D6B469ECB7151B25008A574519C028B23F0B66DD1002F49029828BE4FF5AB5D
3656维护通知.bin.exeC:\Users\Public\Documents\T48Gh\libcurl.dllexecutable
MD5:058D865CF4AD084E9FEFB69A9C6F6439
SHA256:EB0B96033D6B88EDB6727CAB42947A7FBCE9B39DBF9C1D1F9A9FE3267528A03E
3656维护通知.bin.exeC:\Users\Public\Documents\T48Gh\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DingDebug.lnklnk
MD5:2DDB3DF60260E03C7A1F5C2BBE8E1707
SHA256:67FD4BBA34F43CA1BDB52E38DFE2E502EFAB4A7EC7DDFB35CCFFDA40210C6A03
1296jy.exeC:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DingDebug.lnklnk
MD5:2DDB3DF60260E03C7A1F5C2BBE8E1707
SHA256:67FD4BBA34F43CA1BDB52E38DFE2E502EFAB4A7EC7DDFB35CCFFDA40210C6A03
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
2
TCP/UDP connections
3
DNS requests
3
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
3656
维护通知.bin.exe
GET
209
162.159.236.196:80
http://ck.ys168.com/f_ht/ajcx/wj.aspx?cz=dq&mlbh=1898610&_dlmc=hytl&_dlmm=
unknown
html
1.10 Kb
malicious
3656
维护通知.bin.exe
GET
200
61.147.125.83:80
http://ys-J.ys168.com/436829061/RKWNhIj465L2L4MFM7W/TXX.JPG
CN
compressed
1.65 Mb
malicious
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
3656
维护通知.bin.exe
162.159.236.196:80
ck.ys168.com
Cloudflare Inc
malicious
3656
维护通知.bin.exe
61.147.125.83:80
ys-j.ys168.com
No.31,Jin-rong Street
CN
malicious
2140
DingDebug.exe
45.64.113.192:10086
1777.bzsstw.cn
Cloudie Limited
HK
unknown

DNS requests

Domain
IP
Reputation
ck.ys168.com
  • 162.159.236.196
  • 162.159.237.196
unknown
ys-j.ys168.com
  • 61.147.125.83
malicious
1777.bzsstw.cn
  • 45.64.113.192
unknown

Threats

Found threats are available for the paid subscriptions
1 ETPRO signatures available at the full report
Process
Message
DingDebug.exe
TLS callback: process attach
DingDebug.exe
All seems fine for TLSCallbackProcess.
DingDebug.exe
TLS callback: thread attach
DingDebug.exe
TLS callback: dummy thread launched
DingDebug.exe
All seems fine for TLSCallbackThread.
DingDebug.exe
TLS callback: thread attach
DingDebug.exe
init
DingDebug.exe
TLS callback: thread attach
DingDebug.exe
TLS callback: thread attach
DingDebug.exe
TLS callback: thread attach