MalScore
100/100
MalFamily
Zenpak

209.exe

Is DLL Packer Anti Debug Anti VM Signed XOR AntiVirus 44/71
File details Download PDF Report
File type: PE32 executable (GUI) Intel 80386, for MS Windows
File size: 247.77 KB (253720 bytes)
Compile time: 2015-07-03 20:53:48
MD5: e7ee9322747843ccbe9fcbcf22542c5a
SHA1: 68f969f02e49fcea59049069a73c6db0b86a1ddc
SHA256: c6e1f98e4ae575b5242ddb7e13282cc60cae08773f602b35335d70c60cddb570
Import hash: b92e936043cc08a0384c70b26aa040ca
Sections 3 .text .data .reloc
Directories 3 import relocation security
First submission: 2019-05-16 01:54:04
Last submission: 2019-05-16 01:54:04
Filename detected: - 209.exe (1)
URL file hosting
hXXp://danielantony.com/209.exeVirusTotal
Antivirus Report
Report Date Detection Ratio Permalink Update
2019-05-14 02:46:58 [44/71] VirusTotal
PE Sections 1 suspicious
Name VAddress VSize Size MD5 SHA1
.text 0x1000 0x1e6f0 126976 9211b45066a4a49ca139d3d74bfeb164 5574e3574a9c49479e75d546e979f39da9f7cf90
.data 0x20000 0x1a846 110592 9bf0ee1eb2195e910665bdd1b9277832 7848354eb008a75372a0f6f31dfb275303b43396
.reloc 0x3b000 0x336 4096 768129f4e64266a8541fcd8056707ba7 ab0669a313532f1867cb50526eb509762b6eca4d
Meta Info
No Meta found in this file
XOR
No XOR informations found in this file.
Signature
MD5: 91f51fd56f4c849dbb257b502d2bddae
SHA1: c213c8c3615c66db0919dd77a1eae94512141199
Block Size: 7960
Virtual Address: 245760
Packer(s)
Microsoft Visual C++ v6.0
Microsoft Visual C++ 5.0
Microsoft Visual C++
File found
FIle type: Library
USER32.dll
ADVAPI32.dll
wintrust.dll
comctl32.dll
MSVCRT.dll
KERNEL32.dll
IP Found
No IP detected
URL(s)
http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0:
https://www.thawte.com/cps0/
http://ocsp.digicert.com0C
http://ocsp.digicert.com0A
http://t1.symcb.com/ThawtePCA.crl0
http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0
http://tl.symcd.com0&
http://cacerts.digicert.com/DigiCertAssuredIDCA-1.crt0
http://tl.symcb.com/tl.crl0
https://www.thawte.com/repository0W
http://crl4.digicert.com/DigiCertAssuredIDCA-1.crl0w
http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
http://tl.symcb.com/tl.crt0
https://www.digicert.com/CPS0
http://t2.symcb.com0
http://www.digicert.com/ssl-cps-repository.htm0
http://crl3.digicert.com/DigiCertAssuredIDCA-1.crl08
Behavior analysis details
Machine name Machine label Machine manager Started Ended Duration
Seven05_64 Seven05_64 VirtualBox 2019-05-16 01:47:47 2019-05-16 01:50:49 182

11 Behaviors detected by system signatures

Behavior analysis details
Machine name Machine label Machine manager Started Ended Duration
Seven05_64 Seven05_64 VirtualBox 2019-05-16 01:47:47 2019-05-16 01:50:49 182

8 Summary items with data

Files

C:\Users\Seven01\AppData\Local\Temp\api-ms-win-core-fibers-l1-1-1.DLL
C:\Windows\System32\api-ms-win-core-fibers-l1-1-1.DLL
C:\Windows\system\api-ms-win-core-fibers-l1-1-1.DLL
C:\Windows\api-ms-win-core-fibers-l1-1-1.DLL
C:\ProgramData\Oracle\Java\javapath\api-ms-win-core-fibers-l1-1-1.DLL
C:\Windows\System32\wbem\api-ms-win-core-fibers-l1-1-1.DLL
C:\Windows\System32\WindowsPowerShell\v1.0\api-ms-win-core-fibers-l1-1-1.DLL
C:\Users\Seven01\AppData\Local\Temp\api-ms-win-core-localization-l1-2-1.DLL
C:\Windows\System32\api-ms-win-core-localization-l1-2-1.DLL
C:\Windows\system\api-ms-win-core-localization-l1-2-1.DLL
C:\Windows\api-ms-win-core-localization-l1-2-1.DLL
C:\ProgramData\Oracle\Java\javapath\api-ms-win-core-localization-l1-2-1.DLL
C:\Windows\System32\wbem\api-ms-win-core-localization-l1-2-1.DLL
C:\Windows\System32\WindowsPowerShell\v1.0\api-ms-win-core-localization-l1-2-1.DLL
\Device\NamedPipe\
C:\Users\Seven01\AppData\Local\Temp\209.exe
C:\Windows\Globalization\Sorting\sortdefault.nls
\??\MountPointManager
C:\Windows\System32\cmd.exe
\??\PIPE\wkssvc
C:\DosDevices\pipe\
\??\PIPE\lsarpc
C:\Windows\SysWOW64\netmsg.dll
C:\Windows\SysWOW64\it-IT\NETMSG.DLL.mui
C:\Windows\SysWOW64\it-IT\KERNELBASE.dll.mui
C:\Users\Seven01\AppData\Local\Temp
C:\Users
C:\Users\Seven01
C:\Users\Seven01\AppData
C:\Users\Seven01\AppData\Local
\??\NUL
C:\

Read Files

\Device\NamedPipe\
C:\Windows\Globalization\Sorting\sortdefault.nls
\??\PIPE\wkssvc
\??\PIPE\lsarpc
C:\Windows\SysWOW64\netmsg.dll
C:\Windows\SysWOW64\it-IT\NETMSG.DLL.mui
C:\Windows\SysWOW64\it-IT\KERNELBASE.dll.mui
\??\NUL

Write Files

\??\PIPE\wkssvc
\??\PIPE\lsarpc
\??\NUL

Delete Files

C:\Users\Seven01\AppData\Local\Temp\209.exe

Keys

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\CustomLocale
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\it-IT
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\ExtendedLocale
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\it-IT
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellCompatibility\Applications\209.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{3512230a-fb0b-11e5-b945-806e6f6e6963}\
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{3512230a-fb0b-11e5-b945-806e6f6e6963}\Data
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{3512230a-fb0b-11e5-b945-806e6f6e6963}\Generation
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{35122306-fb0b-11e5-b945-806e6f6e6963}\
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{35122306-fb0b-11e5-b945-806e6f6e6963}\Data
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{35122306-fb0b-11e5-b945-806e6f6e6963}\Generation
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{35122307-fb0b-11e5-b945-806e6f6e6963}\
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{35122307-fb0b-11e5-b945-806e6f6e6963}\Data
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{35122307-fb0b-11e5-b945-806e6f6e6963}\Generation
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\GRE_Initialize
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableMetaFiles
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Locale
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Locale\Alternate Sorts
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Language Groups
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Locale\00000410
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Language Groups\1
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Rpc
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\CMF\Config
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CMF\Config\SYSTEM
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Windows Error Reporting\WMR
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\Windows Error Reporting\WMR\Disable
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Netlogon\Parameters
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Netlogon\Parameters\ExpectedDialupDelay
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System
HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\DisableUNCCheck
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\EnableExtensions
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\DelayedExpansion
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\DefaultColor
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\CompletionChar
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\PathCompletionChar
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\AutoRun
HKEY_CURRENT_USER\Software\Microsoft\Command Processor
HKEY_CURRENT_USER\Software\Microsoft\Command Processor\DisableUNCCheck
HKEY_CURRENT_USER\Software\Microsoft\Command Processor\EnableExtensions
HKEY_CURRENT_USER\Software\Microsoft\Command Processor\DelayedExpansion
HKEY_CURRENT_USER\Software\Microsoft\Command Processor\DefaultColor
HKEY_CURRENT_USER\Software\Microsoft\Command Processor\CompletionChar
HKEY_CURRENT_USER\Software\Microsoft\Command Processor\PathCompletionChar
HKEY_CURRENT_USER\Software\Microsoft\Command Processor\AutoRun

Read Keys

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\it-IT
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\it-IT
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{3512230a-fb0b-11e5-b945-806e6f6e6963}\Data
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{3512230a-fb0b-11e5-b945-806e6f6e6963}\Generation
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{35122306-fb0b-11e5-b945-806e6f6e6963}\Data
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{35122306-fb0b-11e5-b945-806e6f6e6963}\Generation
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{35122307-fb0b-11e5-b945-806e6f6e6963}\Data
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{35122307-fb0b-11e5-b945-806e6f6e6963}\Generation
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableMetaFiles
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Locale\00000410
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Language Groups\1
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CMF\Config\SYSTEM
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\Windows Error Reporting\WMR\Disable
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Netlogon\Parameters\ExpectedDialupDelay
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\DisableUNCCheck
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\EnableExtensions
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\DelayedExpansion
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\DefaultColor
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\CompletionChar
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\PathCompletionChar
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\AutoRun
HKEY_CURRENT_USER\Software\Microsoft\Command Processor\DisableUNCCheck
HKEY_CURRENT_USER\Software\Microsoft\Command Processor\EnableExtensions
HKEY_CURRENT_USER\Software\Microsoft\Command Processor\DelayedExpansion
HKEY_CURRENT_USER\Software\Microsoft\Command Processor\DefaultColor
HKEY_CURRENT_USER\Software\Microsoft\Command Processor\CompletionChar
HKEY_CURRENT_USER\Software\Microsoft\Command Processor\PathCompletionChar
HKEY_CURRENT_USER\Software\Microsoft\Command Processor\AutoRun

Write Keys

Nothing to display

Delete Keys

Nothing to display

Mutexes

Resolved APIs

user32.dll.GetWindowContextHelpId
kernel32.dll.VirtualAlloc
kernel32.dll.VirtualProtect
kernel32.dll.LoadLibraryA
kernel32.dll.VirtualFree
kernel32.dll.VirtualQuery
kernel32.dll.DuplicateHandle
kernel32.dll.lstrcatA
kernel32.dll.GetACP
kernel32.dll.OpenProcess
kernel32.dll.HeapSize
kernel32.dll.GetVersion
kernel32.dll.EnumSystemLocalesA
kernel32.dll.Sleep
kernel32.dll.GetTimeZoneInformation
kernel32.dll.GetLastError
kernel32.dll.FatalAppExitA
kernel32.dll.OutputDebugStringW
kernel32.dll.CreateFileA
kernel32.dll.TerminateThread
kernel32.dll.DeleteFileA
kernel32.dll.GlobalAlloc
kernel32.dll.lstrcpyA
kernel32.dll.CloseHandle
kernel32.dll.QueueUserAPC
kernel32.dll.UpdateResourceW
kernel32.dll.HeapDestroy
kernel32.dll.WriteConsoleW
kernel32.dll.GetProcAddress
kernel32.dll.GetFileSize
kernel32.dll.ExitProcess
kernel32.dll.lstrcpynA
kernel32.dll.GetCurrentProcessId
kernel32.dll.GetModuleHandleW
kernel32.dll.FreeLibrary
kernel32.dll.TlsGetValue
kernel32.dll.GetVersionExW
kernel32.dll.GetSystemTimeAsFileTime
kernel32.dll.CreateDirectoryA
kernel32.dll.GlobalUnlock
kernel32.dll.LocalUnlock
kernel32.dll.IsDebuggerPresent
kernel32.dll.GetComputerNameA
kernel32.dll.CreateFileW
kernel32.dll.SetFilePointerEx
kernel32.dll.HeapReAlloc
kernel32.dll.GetConsoleMode
kernel32.dll.FlushFileBuffers
kernel32.dll.GetProcessHeap
kernel32.dll.GetStringTypeW
kernel32.dll.SetStdHandle
kernel32.dll.FreeEnvironmentStringsW
kernel32.dll.GetEnvironmentStringsW
kernel32.dll.GetCommandLineA
kernel32.dll.GetCPInfo
kernel32.dll.GetOEMCP
kernel32.dll.IsValidCodePage
kernel32.dll.FindNextFileA
kernel32.dll.FindFirstFileExA
kernel32.dll.FindClose
kernel32.dll.lstrcmpA
kernel32.dll.GetEnvironmentVariableA
kernel32.dll.lstrlenA
kernel32.dll.SetEndOfFile
kernel32.dll.WriteFileEx
kernel32.dll.SetFilePointer
kernel32.dll.SetErrorMode
kernel32.dll.CreatePipe
kernel32.dll.GetShortPathNameA
kernel32.dll.InitializeCriticalSectionAndSpinCount
kernel32.dll.GetConsoleCP
kernel32.dll.GetFileType
kernel32.dll.InterlockedDecrement
kernel32.dll.OutputDebugStringA
kernel32.dll.WriteFile
kernel32.dll.GetStdHandle
kernel32.dll.GetCurrentProcess
kernel32.dll.GetCommandLineW
kernel32.dll.CompareStringW
kernel32.dll.GetModuleFileNameA
kernel32.dll.ReadFile
kernel32.dll.CreateProcessA
kernel32.dll.LCMapStringW
kernel32.dll.HeapAlloc
kernel32.dll.HeapFree
kernel32.dll.GetModuleHandleExW
kernel32.dll.WideCharToMultiByte
kernel32.dll.MultiByteToWideChar
kernel32.dll.LoadLibraryExW
kernel32.dll.TlsFree
kernel32.dll.TlsSetValue
kernel32.dll.TlsAlloc
kernel32.dll.DeleteCriticalSection
kernel32.dll.LeaveCriticalSection
kernel32.dll.EnterCriticalSection
kernel32.dll.LocalFree
kernel32.dll.QueryPerformanceCounter
kernel32.dll.GetCurrentThreadId
kernel32.dll.InitializeSListHead
kernel32.dll.UnhandledExceptionFilter
kernel32.dll.SetUnhandledExceptionFilter
kernel32.dll.GetStartupInfoW
kernel32.dll.IsProcessorFeaturePresent
kernel32.dll.TerminateProcess
kernel32.dll.RaiseException
kernel32.dll.RtlUnwind
kernel32.dll.SetLastError
user32.dll.AttachThreadInput
user32.dll.ReleaseCapture
user32.dll.GetParent
user32.dll.AppendMenuA
user32.dll.GetMessageW
user32.dll.GetMenu
user32.dll.SetActiveWindow
user32.dll.TrackPopupMenuEx
user32.dll.MsgWaitForMultipleObjects
user32.dll.GetWindowPlacement
user32.dll.LoadAcceleratorsW
user32.dll.LoadStringW
user32.dll.wsprintfA
user32.dll.InvalidateRgn
user32.dll.IsDialogMessageA
user32.dll.GetMenuItemCount
user32.dll.WinHelpW
user32.dll.DefWindowProcA
user32.dll.SetFocus
user32.dll.OemToCharA
user32.dll.SetCapture
user32.dll.wsprintfW
user32.dll.CreateDialogParamA
user32.dll.SetWindowLongW
gdi32.dll.StartPage
gdi32.dll.EndDoc
gdi32.dll.SetWindowExtEx
gdi32.dll.GetTextMetricsW
gdi32.dll.GetTextExtentPoint32W
gdi32.dll.SetBkMode
gdi32.dll.SetBkColor
gdi32.dll.GetTextMetricsA
gdi32.dll.EndPage
gdi32.dll.StretchBlt
winspool.drv.OpenPrinterA
comdlg32.dll.GetSaveFileNameW
comdlg32.dll.PrintDlgA
advapi32.dll.RegCloseKey
advapi32.dll.QueryServiceStatus
advapi32.dll.RegFlushKey
advapi32.dll.StartServiceA
advapi32.dll.RegSetValueExW
advapi32.dll.GetUserNameW
advapi32.dll.RegOpenKeyW
shell32.dll.ShellExecuteA
shell32.dll.SHGetSpecialFolderPathA
shell32.dll.DragAcceptFiles
shell32.dll.ShellAboutW
shell32.dll.CommandLineToArgvW
ole32.dll.CoCreateInstance
ole32.dll.CoUninitialize
ole32.dll.CoCreateGuid
ole32.dll.CoInitializeSecurity
ole32.dll.CoInitializeEx
ole32.dll.CoInitialize
oleaut32.dll.#8
oleaut32.dll.#6
oleaut32.dll.#2
oleaut32.dll.#9
shlwapi.dll.StrStrA
kernel32.dll.InitializeCriticalSectionEx
kernel32.dll.FlsAlloc
kernel32.dll.FlsSetValue
kernel32.dll.FlsGetValue
kernel32.dll.LCMapStringEx
kernel32.dll.SortGetHandle
kernel32.dll.SortCloseHandle
setupapi.dll.CM_Get_Device_Interface_List_Size_ExW
setupapi.dll.CM_Get_Device_Interface_List_ExW
advapi32.dll.UnregisterTraceGuids
comctl32.dll.#321
cscapi.dll.CscNetApiGetInterface
advapi32.dll.LsaOpenPolicy
advapi32.dll.LsaQueryInformationPolicy
netutils.dll.NetApiBufferAllocate
advapi32.dll.LsaFreeMemory
advapi32.dll.LsaClose
netutils.dll.NetApiBufferFree
kernel32.dll.SetThreadUILanguage
kernel32.dll.CopyFileExW
kernel32.dll.SetConsoleInputExeNameW

Execute Commands

net user /domain
C:\Windows\System32\cmd.exe /c del C:\Users\Seven01\AppData\Local\Temp\209.exe >> NUL
C:\Windows\system32\net1 user /domain

Started Services

Nothing to display

Created Services

Nothing to display
Behavior analysis details
Machine name Machine label Machine manager Started Ended Duration
Seven05_64 Seven05_64 VirtualBox 2019-05-16 01:47:47 2019-05-16 01:50:49 182

7 HTTP Request(s) detected

http://t2.symcb.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQwF4prw9S7mCbCEHD%2Fyl6nWPkczAQUe1tFz6%2FOy3r9MZIaarbzRutXSFACEHGgtzaV3bGvwjsrmhjuVMs%3D
  • Hostname: t2.symcb.com
  • IP Address: 23.51.123.27
  • Port: 80
  • Count: 1

GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBQwF4prw9S7mCbCEHD%2Fyl6nWPkczAQUe1tFz6%2FOy3r9MZIaarbzRutXSFACEHGgtzaV3bGvwjsrmhjuVMs%3D HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: t2.symcb.com

http://t2.symcb.com/
  • Hostname: t2.symcb.com
  • IP Address: 23.51.123.27
  • Port: 80
  • Count: 1

POST / HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Content-Type: application/ocsp-request
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Content-Length: 83
Host: t2.symcb.com

http://t1.symcb.com/ThawtePCA.crl
  • Hostname: t1.symcb.com
  • IP Address: 93.184.220.29
  • Port: 80
  • Count: 1

GET /ThawtePCA.crl HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: t1.symcb.com

http://tl.symcd.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSFBjxN%2BWY73bfUnSOp7HDKJ%2Fbx0wQUV4abVLi%2BpimK5PbC4hMYiYXN3LcCEE%2F07aX6ZB5wFicTQmQB9Dg%3D
  • Hostname: tl.symcd.com
  • IP Address: 23.51.123.27
  • Port: 80
  • Count: 1

GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBSFBjxN%2BWY73bfUnSOp7HDKJ%2Fbx0wQUV4abVLi%2BpimK5PbC4hMYiYXN3LcCEE%2F07aX6ZB5wFicTQmQB9Dg%3D HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: tl.symcd.com

http://tl.symcd.com/
  • Hostname: tl.symcd.com
  • IP Address: 23.51.123.27
  • Port: 80
  • Count: 1

POST / HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Content-Type: application/ocsp-request
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Content-Length: 83
Host: tl.symcd.com

http://tl.symcb.com/tl.crl
  • Hostname: tl.symcb.com
  • IP Address: 93.184.220.29
  • Port: 80
  • Count: 1

GET /tl.crl HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: tl.symcb.com

http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt
  • Hostname: cacerts.digicert.com
  • IP Address: 104.18.11.39
  • Port: 80
  • Count: 1

GET /DigiCertAssuredIDRootCA.crt HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: cacerts.digicert.com

#infosec #automation

TheSystem Itself @ 2019-05-16 01:54:05

Detected family: #Zenpak

TheSystem Itself @ 2019-05-16 02:03:01