Xcitium Cloud Verdict

File Name: virussign.com_4942910b7370152d737ffccbe5fef1c0.vir

File Type: PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows

SHA1: 2d575f552317f20c19fc5c624bd40fef2e1ea818

MD5: 4942910b7370152d737ffccbe5fef1c0

Contacted IPs

Network Port Distribution

Name	IP	Country	ASN	ASN Name	Trigger Process Type
	8.8.4.4		15169	Google LLC	Malware Process
	8.8.8.8	United States	15169	Google LLC	Malware Process
					Malware Process
					Malware Process
dczetim.ws	64.70.19.203	United States	3561	CenturyLink Communications, LLC	Malware Process
ofiwcxhizwj.vg	88.198.29.97	Germany	24940	Hetzner Online AG Datacenter Nuernberg	Malware Process
					Malware Process
viqsiawvtiwc.ws	64.70.19.203	United States	3561	CenturyLink Communications, LLC	Malware Process
www.aieov.com	45.33.2.79	United States	63949	Akamai Technologies, Inc.	Malware Process
					Malware Process
					Malware Process
magsuwqeiecpc.ws	64.70.19.203	United States	3561	CenturyLink Communications, LLC	Malware Process
pgqmsrwycfe.ph	45.79.222.138	United States	63949	Akamai Technologies, Inc.	Malware Process
					Malware Process
					Malware Process
					Malware Process
www.msftncsi.com	23.200.3.18	United States	20940	Akamai Technologies, Inc.	Malware Process
					Malware Process
					Malware Process

HTTP Packets

Host	Port	Method	Version	User Agent	Count	Call Time During Execution(Sec)

DNS Queries/Answers

Request	Type
wagtm.st	A
5isohu.com	A
www.msftncsi.com	A
www.aieov.com	A
muykmspei.tk	A
ofiwcxhizwj.vg	A
gynzsugwl.cm	A
viqsiawvtiwc.ws	A
tqgyu.st	A
wzsoyymkmv.tk	A
eezidfc.rw	A
uqfiwsw.rw	A
magsuwqeiecpc.ws	A
dczetim.ws	A
pgqmsrwycfe.ph	A
eqbecpkyjequrm.cm	A
xbciaeyycquhuw.rw	A

TCP Packets

Call Time During Execution(sec)	Source IP	Dest IP	Dest Port

UDP Packets

Call Time During Execution(sec)	Source IP	Dest IP	Dest Port
3.00699186325	Sandbox	224.0.0.252	5355
3.00951385498	Sandbox	224.0.0.252	5355
3.07862782478	Sandbox	192.168.56.255	137
4.15588593483	Sandbox	224.0.0.252	5355
5.22051382065	Sandbox	224.0.0.252	5355
5.56261086464	Sandbox	224.0.0.252	5355
5.92251777649	Sandbox	8.8.4.4	53
6.92293691635	Sandbox	8.8.8.8	53
7.0979449749	Sandbox	8.8.4.4	53
7.87537288666	Sandbox	8.8.4.4	53
8.09363079071	Sandbox	8.8.8.8	53
8.87512683868	Sandbox	8.8.8.8	53
20.6732897758	Sandbox	8.8.8.8	53
21.7506568432	Sandbox	8.8.4.4	53
21.9699649811	Sandbox	8.8.8.8	53
22.9690217972	Sandbox	8.8.4.4	53
36.688710928	Sandbox	8.8.8.8	53
37.750223875	Sandbox	8.8.4.4	53
45.2035148144	Sandbox	8.8.8.8	53
46.2339789867	Sandbox	8.8.4.4	53
52.0476808548	Sandbox	8.8.8.8	53
53.1252219677	Sandbox	8.8.4.4	53
60.0159537792	Sandbox	8.8.8.8	53
61.0157649517	Sandbox	8.8.4.4	53
66.7120018005	Sandbox	8.8.8.8	53
67.7662658691	Sandbox	8.8.4.4	53
81.7075548172	Sandbox	8.8.8.8	53
82.703291893	Sandbox	8.8.4.4	53
84.4689908028	Sandbox	8.8.8.8	53
85.5660378933	Sandbox	8.8.4.4	53
99.2349967957	Sandbox	8.8.8.8	53
100.234967947	Sandbox	8.8.4.4	53
100.344293833	Sandbox	8.8.8.8	53
101.421486855	Sandbox	8.8.4.4	53
115.094671011	Sandbox	8.8.8.8	53
116.094031811	Sandbox	8.8.4.4	53
123.875422955	Sandbox	8.8.8.8	53
124.9689188	Sandbox	8.8.4.4	53
130.015990973	Sandbox	8.8.8.8	53
131.094777822	Sandbox	8.8.4.4	53
138.594416857	Sandbox	8.8.8.8	53
139.593781948	Sandbox	8.8.4.4	53
148.953701973	Sandbox	8.8.8.8	53
149.953529835	Sandbox	8.8.4.4	53
163.187533855	Sandbox	8.8.8.8	53
163.953186989	Sandbox	8.8.8.8	53
164.281651974	Sandbox	8.8.4.4	53
164.953329802	Sandbox	8.8.4.4	53
177.907921791	Sandbox	8.8.8.8	53
178.688264847	Sandbox	8.8.8.8	53
178.906316996	Sandbox	8.8.4.4	53
179.687066793	Sandbox	8.8.4.4	53
197.468972921	Sandbox	8.8.8.8	53
198.468689919	Sandbox	8.8.4.4	53
202.298503876	Sandbox	8.8.8.8	53
203.296621799	Sandbox	8.8.4.4	53
212.203337908	Sandbox	8.8.8.8	53
213.202890873	Sandbox	8.8.4.4	53
216.922681808	Sandbox	8.8.8.8	53
217.937838793	Sandbox	8.8.4.4	53
227.017928839	Sandbox	8.8.8.8	53
228.110668898	Sandbox	8.8.4.4	53
241.484764814	Sandbox	8.8.8.8	53
242.484369993	Sandbox	8.8.4.4	53
245.703574896	Sandbox	8.8.8.8	53
246.781176805	Sandbox	8.8.4.4	53
256.016837835	Sandbox	8.8.8.8	53
257.109447956	Sandbox	8.8.4.4	53
260.703701973	Sandbox	8.8.8.8	53
261.703662872	Sandbox	8.8.4.4	53
275.859390974	Sandbox	8.8.8.8	53
276.93718791	Sandbox	8.8.4.4	53
280.719164848	Sandbox	8.8.8.8	53
281.812557936	Sandbox	8.8.4.4	53
294.484852791	Sandbox	8.8.8.8	53
295.469326973	Sandbox	8.8.8.8	53
295.578063965	Sandbox	8.8.4.4	53
296.531239986	Sandbox	8.8.4.4	53
309.172066927	Sandbox	8.8.8.8	53
310.171950817	Sandbox	8.8.4.4	53
320.141625881	Sandbox	8.8.8.8	53
321.234542847	Sandbox	8.8.4.4	53
323.939062834	Sandbox	8.8.8.8	53
324.937414885	Sandbox	8.8.4.4	53
334.812872887	Sandbox	8.8.8.8	53
335.812812805	Sandbox	8.8.4.4	53
338.581286907	Sandbox	8.8.8.8	53
339.625432968	Sandbox	8.8.4.4	53
353.297565937	Sandbox	8.8.8.8	53
354.296992779	Sandbox	8.8.4.4	53
359.297273874	Sandbox	8.8.8.8	53
360.296507835	Sandbox	8.8.4.4	53
368.082011938	Sandbox	8.8.8.8	53
369.077914953	Sandbox	8.8.4.4	53
371.675336838	Sandbox	8.8.8.8	53
372.765769005	Sandbox	8.8.4.4	53
394.125389814	Sandbox	8.8.8.8	53
395.218583822	Sandbox	8.8.4.4	53
409.016671896	Sandbox	8.8.8.8	53
410.109778881	Sandbox	8.8.4.4	53
433.687469006	Sandbox	8.8.8.8	53
434.781039953	Sandbox	8.8.4.4	53
448.56277585	Sandbox	8.8.8.8	53
449.562306881	Sandbox	8.8.4.4	53
473.327963829	Sandbox	8.8.8.8	53
474.327736855	Sandbox	8.8.4.4	53
485.376015902	Sandbox	8.8.8.8	53
486.469329834	Sandbox	8.8.4.4	53
503.276812792	Sandbox	8.8.8.8	53
504.354899883	Sandbox	8.8.4.4	53
507.91473484	Sandbox	8.8.8.8	53
508.986886978	Sandbox	8.8.4.4	53

Loading...