Analysis Report
Overview
General Information |
---|
Joe Sandbox Version: | |
Analysis ID: | 106246 |
Start time: | 13:50:18 |
Joe Sandbox Product: | Cloud |
Start date: | 29/02/2016 |
Overall analysis duration: | 0h 6m 20s |
Report type: | full |
Sample file name: | com.apple.exe |
Cookbook file name: | defaultmacfilecookbook.jbs |
Analysis system description: | Mac Mini, Yosemite 10.10.3 (Java 1.8.0_45) |
Detection: | MAL |
Classification: | mal52.evad.macEXE@0/0@3/0 |
Detection |
---|
Strategy | Score | Range | Reporting | Detection | |
---|---|---|---|---|---|
Threshold | 52 | 0 - 100 | Report FP / FN |
Classification |
---|
Signature Overview |
---|
Click to jump to signature section
Networking: |
---|
Performs DNS lookups | Show sources |
Source: unknown | DNS traffic detected: |
Writes from file descriptors related to (network) sockets | Show sources |
Source: /Users/vreni/Desktop/com.apple.exe (PID: 390) | Writes from socket in process: |
System Summary: |
---|
Classification label | Show sources |
Source: classification engine | Classification label: |
Data Obfuscation: |
---|
Imports the Security library (often used for certificate, key, keychain, or secure transport handling) | Show sources |
Source: initial sample | Static MACH information: |
Persistence and Installation Behavior: |
---|
Reads data from the local random generator | Show sources |
Source: /Users/vreni/Desktop/com.apple.exe (PID: 390) | Random device file read: |
Executes commands using a shell command-line interpreter | Show sources |
Source: /Users/vreni/Desktop/com.apple.exe (PID: 390) | Shell command executed: | ||
Source: /Users/vreni/Desktop/com.apple.exe (PID: 390) | Shell command executed: | ||
Source: /Users/vreni/Desktop/com.apple.exe (PID: 390) | Shell command executed: | ||
Source: /Users/vreni/Desktop/com.apple.exe (PID: 390) | Shell command executed: |
Executes the "grep" command used to find patterns in files or piped streams | Show sources |
Source: /bin/sh (PID: 405) | Grep executable: | ||
Source: /bin/sh (PID: 406) | Grep executable: | ||
Source: /bin/sh (PID: 409) | Grep executable: | ||
Source: /bin/sh (PID: 410) | Grep executable: |
Executes the "mkdir" command used to create folders | Show sources |
Source: /bin/sh (PID: 411) | Mkdir executable: |
Executes the "ps" command used to list the status of processes | Show sources |
Source: /bin/sh (PID: 404) | Ps executable: | ||
Source: /bin/sh (PID: 408) | Ps executable: |
Executes the "touch" command used to create files or modify time stamps | Show sources |
Source: /bin/sh (PID: 392) | Touch executable: | ||
Source: /bin/sh (PID: 393) | Touch executable: | ||
Source: /bin/sh (PID: 394) | Touch executable: | ||
Source: /bin/sh (PID: 395) | Touch executable: | ||
Source: /bin/sh (PID: 396) | Touch executable: | ||
Source: /bin/sh (PID: 397) | Touch executable: | ||
Source: /bin/sh (PID: 398) | Touch executable: | ||
Source: /bin/sh (PID: 399) | Touch executable: | ||
Source: /bin/sh (PID: 400) | Touch executable: | ||
Source: /bin/sh (PID: 401) | Touch executable: |
Executes the "rm" command used to delete files or directories | Show sources |
Source: /bin/sh (PID: 402) | Rm executable: |
Explicitly modifies time stamps using the "touch" command | Show sources |
Source: /bin/sh (PID: 392) | Touch executable uses -c (no creation) and -t (set access/modification time) options: | ||
Source: /bin/sh (PID: 393) | Touch executable uses -c (no creation) and -t (set access/modification time) options: | ||
Source: /bin/sh (PID: 394) | Touch executable uses -c (no creation) and -t (set access/modification time) options: | ||
Source: /bin/sh (PID: 395) | Touch executable uses -c (no creation) and -t (set access/modification time) options: | ||
Source: /bin/sh (PID: 396) | Touch executable uses -c (no creation) and -t (set access/modification time) options: | ||
Source: /bin/sh (PID: 397) | Touch executable uses -c (no creation) and -t (set access/modification time) options: | ||
Source: /bin/sh (PID: 398) | Touch executable uses -c (no creation) and -t (set access/modification time) options: | ||
Source: /bin/sh (PID: 399) | Touch executable uses -c (no creation) and -t (set access/modification time) options: | ||
Source: /bin/sh (PID: 400) | Touch executable uses -c (no creation) and -t (set access/modification time) options: | ||
Source: /bin/sh (PID: 401) | Touch executable uses -c (no creation) and -t (set access/modification time) options: |
Hooking and other Techniques for Hiding and Protection: |
---|
Deletes system log files | Show sources |
Source: /bin/rm (PID: 402) | Log files deleted: |
Language, Device and Operating System Detection: |
---|
Reads the system or server version plist file | Show sources |
Source: /Users/vreni/Desktop/com.apple.exe (PID: 390) | System or server version plist file read: |
Reads the systems hostname | Show sources |
Source: /bin/sh (PID: 391) | Sysctl requested: | ||
Source: /bin/sh (PID: 403) | Sysctl requested: | ||
Source: /bin/sh (PID: 407) | Sysctl requested: | ||
Source: /bin/sh (PID: 411) | Sysctl requested: |
Runtime Messages |
---|
Command: | /Users/vreni/Desktop/com.apple.exe |
Exitcode: | |
Killed: | True |
Standard Output: | |
Standard Error: |
Yara Overview |
---|
No Yara matches |
---|
Screenshot |
---|
Startup |
---|
|
Created / dropped Files |
---|
No created / dropped files found |
---|
Contacted Domains/Contacted IPs |
---|
Contacted Domains |
---|
Name | IP | Active |
---|---|---|
www.comeinbaby.com | 141.8.226.14 | true |
Contacted IPs |
---|
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Country | Flag | ASN | ASN Name |
---|---|---|---|---|
8.8.8.8 | United States | 15169 | GoogleInc | |
8.8.4.4 | United States | 15169 | GoogleInc | |
141.8.226.14 | Switzerland | 40034 | ConfluenceNetworksInc | |
17.171.8.16 | United States | 714 | AppleInc |
Static File Info |
---|
General | |
---|---|
File type: | Mach-O 64-bit executable |
TrID: |
|
File name: | com.apple.exe |
File size: | 603332 |
MD5: | dca13b4ff64bcd6876c13bbb4a22f450 |
SHA1: | 890f5456a79b185669294a706b5fc6f3c572b83b |
SHA256: | f5280bf8c9305bfa2bc80e75a02cda6cb79fd3c3baa5ca0447ca6b4f41530c6d |
SHA512: | 12a610ac3a7979bd7cd293326025ecdbf4d24a8eab9549d0063c7d54550dcbe2bbeefa281fe6be16d16db29abb6e205b7200cc0e125e955ebdb0046ca2172f54 |
Static Mach Info |
---|
General Informations for header0 | |
---|---|
Endian: | < |
Size: | 64-bit |
Architecture: | x86_64 |
Filetype: | execute |
Nbr. of load commands: | 23 |
segment_command_64 |
---|
Name | Value | |
---|---|---|
segname | __PAGEZERO | |
fileoff | 0 | |
maxprot | 0 | |
vmsize | 4294967296 | |
nsects | 0 | |
flags | 0 | |
filesize | 0 | |
vmaddr | 0 | |
initprot | 0 |
segment_command_64 |
---|
Name | Value | |
---|---|---|
segname | __TEXT | |
fileoff | 0 | |
maxprot | 7 | |
vmsize | 299008 | |
nsects | 12 | |
flags | 0 | |
filesize | 299008 | |
vmaddr | 4294967296 | |
initprot | 5 | |
Datas | sectname | __text |
segname | __TEXT | |
reloff | 0 | |
addr | 4294974976 | |
align | 4 | |
nreloc | 0 | |
flags | 2147484672 | |
offset | 7680 | |
reserved2 | 0 | |
reserved1 | 0 | |
reserved3 | 0 | |
size | 193923 | |
sectname | __stubs | |
segname | __TEXT | |
reloff | 0 | |
addr | 4295168900 | |
align | 1 | |
nreloc | 0 | |
flags | 2147484680 | |
offset | 201604 | |
reserved2 | 6 | |
reserved1 | 0 | |
reserved3 | 0 | |
size | 1152 | |
sectname | __stub_helper | |
segname | __TEXT | |
reloff | 0 | |
addr | 4295170052 | |
align | 2 | |
nreloc | 0 | |
flags | 2147484672 | |
offset | 202756 | |
reserved2 | 0 | |
reserved1 | 0 | |
reserved3 | 0 | |
size | 1936 | |
sectname | __cstring | |
segname | __TEXT | |
reloff | 0 | |
addr | 4295171988 | |
align | 0 | |
nreloc | 0 | |
flags | 2 | |
offset | 204692 | |
reserved2 | 0 | |
reserved1 | 0 | |
reserved3 | 0 | |
size | 9716 | |
sectname | __objc_methname | |
segname | __TEXT | |
reloff | 0 | |
addr | 4295181704 | |
align | 0 | |
nreloc | 0 | |
flags | 2 | |
offset | 214408 | |
reserved2 | 0 | |
reserved1 | 0 | |
reserved3 | 0 | |
size | 14814 | |
sectname | __objc_classname | |
segname | __TEXT | |
reloff | 0 | |
addr | 4295196518 | |
align | 0 | |
nreloc | 0 | |
flags | 2 | |
offset | 229222 | |
reserved2 | 0 | |
reserved1 | 0 | |
reserved3 | 0 | |
size | 471 | |
sectname | __objc_methtype | |
segname | __TEXT | |
reloff | 0 | |
addr | 4295196989 | |
align | 0 | |
nreloc | 0 | |
flags | 2 | |
offset | 229693 | |
reserved2 | 0 | |
reserved1 | 0 | |
reserved3 | 0 | |
size | 3358 | |
sectname | __gcc_except_tab | |
segname | __TEXT | |
reloff | 0 | |
addr | 4295200348 | |
align | 2 | |
nreloc | 0 | |
flags | 0 | |
offset | 233052 | |
reserved2 | 0 | |
reserved1 | 0 | |
reserved3 | 0 | |
size | 6268 | |
sectname | __const | |
segname | __TEXT | |
reloff | 0 | |
addr | 4295206624 | |
align | 4 | |
nreloc | 0 | |
flags | 0 | |
offset | 239328 | |
reserved2 | 0 | |
reserved1 | 0 | |
reserved3 | 0 | |
size | 808 | |
sectname | __ustring | |
segname | __TEXT | |
reloff | 0 | |
addr | 4295207432 | |
align | 1 | |
nreloc | 0 | |
flags | 0 | |
offset | 240136 | |
reserved2 | 0 | |
reserved1 | 0 | |
reserved3 | 0 | |
size | 62 | |
sectname | __unwind_info | |
segname | __TEXT | |
reloff | 0 | |
addr | 4295207494 | |
align | 0 | |
nreloc | 0 | |
flags | 0 | |
offset | 240198 | |
reserved2 | 0 | |
reserved1 | 0 | |
reserved3 | 0 | |
size | 7800 | |
sectname | __eh_frame | |
segname | __TEXT | |
reloff | 0 | |
addr | 4295215296 | |
align | 3 | |
nreloc | 0 | |
flags | 0 | |
offset | 248000 | |
reserved2 | 0 | |
reserved1 | 0 | |
reserved3 | 0 | |
size | 51008 |
segment_command_64 |
---|
Name | Value | |
---|---|---|
segname | __DATA | |
fileoff | 299008 | |
maxprot | 7 | |
vmsize | 49152 | |
nsects | 21 | |
flags | 0 | |
filesize | 49152 | |
vmaddr | 4295266304 | |
initprot | 3 | |
Datas | sectname | __program_vars |
segname | __DATA | |
reloff | 0 | |
addr | 4295266304 | |
align | 3 | |
nreloc | 0 | |
flags | 0 | |
offset | 299008 | |
reserved2 | 0 | |
reserved1 | 0 | |
reserved3 | 0 | |
size | 40 | |
sectname | __nl_symbol_ptr | |
segname | __DATA | |
reloff | 0 | |
addr | 4295266344 | |
align | 3 | |
nreloc | 0 | |
flags | 6 | |
offset | 299048 | |
reserved2 | 0 | |
reserved1 | 192 | |
reserved3 | 0 | |
size | 16 | |
sectname | __got | |
segname | __DATA | |
reloff | 0 | |
addr | 4295266360 | |
align | 3 | |
nreloc | 0 | |
flags | 6 | |
offset | 299064 | |
reserved2 | 0 | |
reserved1 | 194 | |
reserved3 | 0 | |
size | 264 | |
sectname | __la_symbol_ptr | |
segname | __DATA | |
reloff | 0 | |
addr | 4295266624 | |
align | 3 | |
nreloc | 0 | |
flags | 7 | |
offset | 299328 | |
reserved2 | 0 | |
reserved1 | 227 | |
reserved3 | 0 | |
size | 1536 | |
sectname | __const | |
segname | __DATA | |
reloff | 0 | |
addr | 4295268160 | |
align | 4 | |
nreloc | 0 | |
flags | 0 | |
offset | 300864 | |
reserved2 | 0 | |
reserved1 | 0 | |
reserved3 | 0 | |
size | 9168 | |
sectname | __objc_classlist | |
segname | __DATA | |
reloff | 0 | |
addr | 4295277328 | |
align | 3 | |
nreloc | 0 | |
flags | 268435456 | |
offset | 310032 | |
reserved2 | 0 | |
reserved1 | 0 | |
reserved3 | 0 | |
size | 136 | |
sectname | __objc_nlclslist | |
segname | __DATA | |
reloff | 0 | |
addr | 4295277464 | |
align | 3 | |
nreloc | 0 | |
flags | 268435456 | |
offset | 310168 | |
reserved2 | 0 | |
reserved1 | 0 | |
reserved3 | 0 | |
size | 8 | |
sectname | __objc_catlist | |
segname | __DATA | |
reloff | 0 | |
addr | 4295277472 | |
align | 0 | |
nreloc | 0 | |
flags | 268435456 | |
offset | 310176 | |
reserved2 | 0 | |
reserved1 | 0 | |
reserved3 | 0 | |
size | 0 | |
sectname | __objc_protolist | |
segname | __DATA | |
reloff | 0 | |
addr | 4295277472 | |
align | 3 | |
nreloc | 0 | |
flags | 0 | |
offset | 310176 | |
reserved2 | 0 | |
reserved1 | 0 | |
reserved3 | 0 | |
size | 24 | |
sectname | __objc_imageinfo | |
segname | __DATA | |
reloff | 0 | |
addr | 4295277496 | |
align | 2 | |
nreloc | 0 | |
flags | 0 | |
offset | 310200 | |
reserved2 | 0 | |
reserved1 | 0 | |
reserved3 | 0 | |
size | 8 | |
sectname | __objc_const | |
segname | __DATA | |
reloff | 0 | |
addr | 4295277504 | |
align | 3 | |
nreloc | 0 | |
flags | 0 | |
offset | 310208 | |
reserved2 | 0 | |
reserved1 | 0 | |
reserved3 | 0 | |
size | 22456 | |
sectname | __objc_selrefs | |
segname | __DATA | |
reloff | 0 | |
addr | 4295299960 | |
align | 3 | |
nreloc | 0 | |
flags | 268435461 | |
offset | 332664 | |
reserved2 | 0 | |
reserved1 | 0 | |
reserved3 | 0 | |
size | 3432 | |
sectname | __objc_protorefs | |
segname | __DATA | |
reloff | 0 | |
addr | 4295303392 | |
align | 3 | |
nreloc | 0 | |
flags | 0 | |
offset | 336096 | |
reserved2 | 0 | |
reserved1 | 0 | |
reserved3 | 0 | |
size | 16 | |
sectname | __objc_classrefs | |
segname | __DATA | |
reloff | 0 | |
addr | 4295303408 | |
align | 3 | |
nreloc | 0 | |
flags | 268435456 | |
offset | 336112 | |
reserved2 | 0 | |
reserved1 | 0 | |
reserved3 | 0 | |
size | 312 | |
sectname | __objc_superrefs | |
segname | __DATA | |
reloff | 0 | |
addr | 4295303720 | |
align | 3 | |
nreloc | 0 | |
flags | 268435456 | |
offset | 336424 | |
reserved2 | 0 | |
reserved1 | 0 | |
reserved3 | 0 | |
size | 112 | |
sectname | __objc_data | |
segname | __DATA | |
reloff | 0 | |
addr | 4295303832 | |
align | 3 | |
nreloc | 0 | |
flags | 0 | |
offset | 336536 | |
reserved2 | 0 | |
reserved1 | 0 | |
reserved3 | 0 | |
size | 1440 | |
sectname | __cfstring | |
segname | __DATA | |
reloff | 0 | |
addr | 4295305272 | |
align | 3 | |
nreloc | 0 | |
flags | 0 | |
offset | 337976 | |
reserved2 | 0 | |
reserved1 | 0 | |
reserved3 | 0 | |
size | 7328 | |
sectname | __objc_ivar | |
segname | __DATA | |
reloff | 0 | |
addr | 4295312600 | |
align | 3 | |
nreloc | 0 | |
flags | 0 | |
offset | 345304 | |
reserved2 | 0 | |
reserved1 | 0 | |
reserved3 | 0 | |
size | 1072 | |
sectname | __data | |
segname | __DATA | |
reloff | 0 | |
addr | 4295313680 | |
align | 4 | |
nreloc | 0 | |
flags | 0 | |
offset | 346384 | |
reserved2 | 0 | |
reserved1 | 0 | |
reserved3 | 0 | |
size | 552 | |
sectname | __common | |
segname | __DATA | |
reloff | 0 | |
addr | 4295314232 | |
align | 3 | |
nreloc | 0 | |
flags | 1 | |
offset | 0 | |
reserved2 | 0 | |
reserved1 | 0 | |
reserved3 | 0 | |
size | 41 | |
sectname | __bss | |
segname | __DATA | |
reloff | 0 | |
addr | 4295314280 | |
align | 3 | |
nreloc | 0 | |
flags | 1 | |
offset | 0 | |
reserved2 | 0 | |
reserved1 | 0 | |
reserved3 | 0 | |
size | 32 |
segment_command_64 |
---|
Name | Value | |
---|---|---|
segname | __LINKEDIT | |
fileoff | 348160 | |
maxprot | 7 | |
vmsize | 258048 | |
nsects | 0 | |
flags | 0 | |
filesize | 255172 | |
vmaddr | 4295315456 | |
initprot | 1 |
dyld_info_command |
---|
Name | Value | |
---|---|---|
lazy_bind_size | 4624 | |
lazy_bind_off | 351320 | |
weak_bind_size | 0 | |
rebase_size | 1024 | |
export_off | 355944 | |
export_size | 192 | |
bind_off | 349184 | |
rebase_off | 348160 | |
bind_size | 2136 | |
weak_bind_off | 0 |
symtab_command |
---|
Name | Value | |
---|---|---|
strsize | 128104 | |
symoff | 357696 | |
stroff | 475228 | |
nsyms | 7241 |
dysymtab_command |
---|
Name | Value | |
---|---|---|
extreloff | 0 | |
nlocrel | 0 | |
indirectsymoff | 473552 | |
modtaboff | 0 | |
nextrel | 0 | |
iundefsym | 6986 | |
nmodtab | 0 | |
ilocalsym | 0 | |
nundefsym | 255 | |
nextrefsyms | 0 | |
locreloff | 0 | |
ntoc | 0 | |
nlocalsym | 6977 | |
tocoff | 0 | |
extrefsymoff | 0 | |
nindirectsyms | 419 | |
iextdefsym | 6977 | |
nextdefsym | 9 |
dylinker_command |
---|
Name | Value | |
---|---|---|
name | 12 | Data | /usr/lib/dyld |
uuid_command |
---|
Name | Value | |
---|---|---|
uuid | cdcc275eb6ae33e2b73cf5f708453f21 |
version_min_command |
---|
Name | Value | |
---|---|---|
version | 657152 | |
reserved | 657664 |
dylib_command |
---|
Name | Value | |
---|---|---|
compatibility_version | 0.1.0 | |
timestamp | Thu Jan 01 01:00:02 1970 | |
name | 24 | |
current_version | 0.19.1 | Data | /System/Library/Frameworks/IOKit.framework/Versions/A/IOKit |
dylib_command |
---|
Name | Value | |
---|---|---|
compatibility_version | 0.9.0 | |
timestamp | Thu Jan 01 01:00:02 1970 | |
name | 24 | |
current_version | 0.158.0 | Data | /usr/lib/libsqlite3.dylib |
dylib_command |
---|
Name | Value | |
---|---|---|
compatibility_version | 0.1.0 | |
timestamp | Thu Jan 01 01:00:02 1970 | |
name | 24 | |
current_version | 256.225.1 | Data | /System/Library/Frameworks/CoreData.framework/Versions/A/CoreData |
dylib_command |
---|
Name | Value | |
---|---|---|
compatibility_version | 0.44.1 | |
timestamp | Thu Jan 01 01:00:02 1970 | |
name | 24 | |
current_version | 3328.32.4 | Data | /System/Library/Frameworks/Foundation.framework/Versions/C/Foundation |
dylib_command |
---|
Name | Value | |
---|---|---|
compatibility_version | 0.1.0 | |
timestamp | Thu Jan 01 01:00:02 1970 | |
name | 24 | |
current_version | 0.228.0 | Data | /usr/lib/libobjc.A.dylib |
dylib_command |
---|
Name | Value | |
---|---|---|
compatibility_version | 0.1.0 | |
timestamp | Thu Jan 01 01:00:02 1970 | |
name | 24 | |
current_version | 0.120.0 | Data | /usr/lib/libc++.1.dylib |
dylib_command |
---|
Name | Value | |
---|---|---|
compatibility_version | 0.1.0 | |
timestamp | Thu Jan 01 01:00:02 1970 | |
name | 24 | |
current_version | 257.173.4 | Data | /usr/lib/libSystem.B.dylib |
dylib_command |
---|
Name | Value | |
---|---|---|
compatibility_version | 0.1.0 | |
timestamp | Thu Jan 01 01:00:02 1970 | |
name | 24 | |
current_version | 3584.175.216 | Data | /System/Library/Frameworks/Security.framework/Versions/A/Security |
dylib_command |
---|
Name | Value | |
---|---|---|
compatibility_version | 0.1.0 | |
timestamp | Thu Jan 01 01:00:02 1970 | |
name | 24 | |
current_version | 0.59.0 | Data | /System/Library/Frameworks/CoreServices.framework/Versions/A/CoreServices |
dylib_command |
---|
Name | Value | |
---|---|---|
compatibility_version | 0.150.0 | |
timestamp | Thu Jan 01 01:00:02 1970 | |
name | 24 | |
current_version | 3584.87.3 | Data | /System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation |
linkedit_data_command |
---|
Name | Value | |
---|---|---|
dataoff | 356136 | |
datassize | 1560 |
linkedit_data_command |
---|
Name | Value | |
---|---|---|
dataoff | 357696 | |
datassize | 0 |
Network Behavior |
---|
Network Port Distribution |
---|
TCP Packets |
---|
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Feb 29, 2016 13:52:00.493599892 MEZ | 53444 | 53 | 192.168.0.50 | 8.8.8.8 |
Feb 29, 2016 13:52:00.493664026 MEZ | 53078 | 53 | 192.168.0.50 | 8.8.8.8 |
Feb 29, 2016 13:52:00.493793011 MEZ | 53 | 53078 | 8.8.8.8 | 192.168.0.50 |
Feb 29, 2016 13:52:00.874620914 MEZ | 53 | 53444 | 8.8.8.8 | 192.168.0.50 |
Feb 29, 2016 13:52:01.615581989 MEZ | 53078 | 53 | 192.168.0.50 | 8.8.4.4 |
Feb 29, 2016 13:52:01.615631104 MEZ | 53 | 53078 | 8.8.4.4 | 192.168.0.50 |
Feb 29, 2016 13:52:01.616506100 MEZ | 49229 | 2018 | 192.168.0.50 | 141.8.226.14 |
Feb 29, 2016 13:52:01.616530895 MEZ | 2018 | 49229 | 141.8.226.14 | 192.168.0.50 |
Feb 29, 2016 13:52:01.616792917 MEZ | 49229 | 2018 | 192.168.0.50 | 141.8.226.14 |
Feb 29, 2016 13:52:01.617094994 MEZ | 49229 | 2018 | 192.168.0.50 | 141.8.226.14 |
Feb 29, 2016 13:52:01.617105961 MEZ | 2018 | 49229 | 141.8.226.14 | 192.168.0.50 |
Feb 29, 2016 13:52:14.582782984 MEZ | 49229 | 2018 | 192.168.0.50 | 141.8.226.14 |
Feb 29, 2016 13:52:14.582910061 MEZ | 2018 | 49229 | 141.8.226.14 | 192.168.0.50 |
Feb 29, 2016 13:52:14.583229065 MEZ | 49229 | 2018 | 192.168.0.50 | 141.8.226.14 |
Feb 29, 2016 13:52:14.587341070 MEZ | 49230 | 2018 | 192.168.0.50 | 141.8.226.14 |
Feb 29, 2016 13:52:14.587373018 MEZ | 2018 | 49230 | 141.8.226.14 | 192.168.0.50 |
Feb 29, 2016 13:52:14.587650061 MEZ | 49230 | 2018 | 192.168.0.50 | 141.8.226.14 |
Feb 29, 2016 13:52:14.587795019 MEZ | 49230 | 2018 | 192.168.0.50 | 141.8.226.14 |
Feb 29, 2016 13:52:14.587805986 MEZ | 2018 | 49230 | 141.8.226.14 | 192.168.0.50 |
Feb 29, 2016 13:52:28.693981886 MEZ | 49230 | 2018 | 192.168.0.50 | 141.8.226.14 |
Feb 29, 2016 13:52:28.694119930 MEZ | 2018 | 49230 | 141.8.226.14 | 192.168.0.50 |
Feb 29, 2016 13:52:28.694477081 MEZ | 49230 | 2018 | 192.168.0.50 | 141.8.226.14 |
Feb 29, 2016 13:52:37.673428059 MEZ | 49225 | 80 | 192.168.0.50 | 17.171.8.16 |
Feb 29, 2016 13:52:37.673537970 MEZ | 80 | 49225 | 17.171.8.16 | 192.168.0.50 |
Feb 29, 2016 13:52:37.673794031 MEZ | 49225 | 80 | 192.168.0.50 | 17.171.8.16 |
UDP Packets |
---|
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Feb 29, 2016 13:52:00.493599892 MEZ | 53444 | 53 | 192.168.0.50 | 8.8.8.8 |
Feb 29, 2016 13:52:00.493664026 MEZ | 53078 | 53 | 192.168.0.50 | 8.8.8.8 |
Feb 29, 2016 13:52:00.493793011 MEZ | 53 | 53078 | 8.8.8.8 | 192.168.0.50 |
Feb 29, 2016 13:52:00.874620914 MEZ | 53 | 53444 | 8.8.8.8 | 192.168.0.50 |
Feb 29, 2016 13:52:01.615581989 MEZ | 53078 | 53 | 192.168.0.50 | 8.8.4.4 |
Feb 29, 2016 13:52:01.615631104 MEZ | 53 | 53078 | 8.8.4.4 | 192.168.0.50 |
DNS Queries |
---|
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class |
---|---|---|---|---|---|---|---|
Feb 29, 2016 13:52:00.493599892 MEZ | 192.168.0.50 | 8.8.8.8 | 0xa325 | Standard query (0) | www.comeinbaby.com | A (IP address) | IN (0x0001) |
Feb 29, 2016 13:52:00.493664026 MEZ | 192.168.0.50 | 8.8.8.8 | 0xcb99 | Standard query (0) | www.comeinbaby.com | 28 | IN (0x0001) |
Feb 29, 2016 13:52:01.615581989 MEZ | 192.168.0.50 | 8.8.4.4 | 0xcb99 | Standard query (0) | www.comeinbaby.com | 28 | IN (0x0001) |
DNS Answers |
---|
Timestamp | Source IP | Dest IP | Trans ID | Replay Code | Name | CName | Address | Type | Class |
---|---|---|---|---|---|---|---|---|---|
Feb 29, 2016 13:52:00.493793011 MEZ | 8.8.8.8 | 192.168.0.50 | 0xcb99 | Not Implemented (4) | www.comeinbaby.com | none | none | 28 | IN (0x0001) |
Feb 29, 2016 13:52:00.874620914 MEZ | 8.8.8.8 | 192.168.0.50 | 0xa325 | No error (0) | www.comeinbaby.com | 141.8.226.14 | A (IP address) | IN (0x0001) | |
Feb 29, 2016 13:52:01.615631104 MEZ | 8.8.4.4 | 192.168.0.50 | 0xcb99 | Not Implemented (4) | www.comeinbaby.com | none | none | 28 | IN (0x0001) |
System Behavior |
---|
General |
---|
Start time: | 13:51:59 |
Start date: | 29/02/2016 |
Path: | /Library/Frameworks/Mono.framework/Versions/3.4.0/bin/mono-sgen |
File size: | 4224484 bytes |
MD5 hash: | 7c3e15e217e2e1e7b6a39829a01fbb27 |
General |
---|
Start time: | 13:51:59 |
Start date: | 29/02/2016 |
Path: | /Users/vreni/Desktop/com.apple.exe |
File size: | 603332 bytes |
MD5 hash: | dca13b4ff64bcd6876c13bbb4a22f450 |
General |
---|
Start time: | 13:51:59 |
Start date: | 29/02/2016 |
Path: | /bin/sh |
File size: | 628704 bytes |
MD5 hash: | bae6979e8dc9910cd5fec0e5214e9681 |
General |
---|
Start time: | 13:51:59 |
Start date: | 29/02/2016 |
Path: | /bin/sh |
File size: | 628704 bytes |
MD5 hash: | bae6979e8dc9910cd5fec0e5214e9681 |
General |
---|
Start time: | 13:51:59 |
Start date: | 29/02/2016 |
Path: | /usr/bin/touch |
File size: | 19280 bytes |
MD5 hash: | dc0979650a009f58fa8f119565d4ea50 |
General |
---|
Start time: | 13:51:59 |
Start date: | 29/02/2016 |
Path: | /bin/sh |
File size: | 628704 bytes |
MD5 hash: | bae6979e8dc9910cd5fec0e5214e9681 |
General |
---|
Start time: | 13:51:59 |
Start date: | 29/02/2016 |
Path: | /usr/bin/touch |
File size: | 19280 bytes |
MD5 hash: | dc0979650a009f58fa8f119565d4ea50 |
General |
---|
Start time: | 13:51:59 |
Start date: | 29/02/2016 |
Path: | /bin/sh |
File size: | 628704 bytes |
MD5 hash: | bae6979e8dc9910cd5fec0e5214e9681 |
General |
---|
Start time: | 13:51:59 |
Start date: | 29/02/2016 |
Path: | /usr/bin/touch |
File size: | 19280 bytes |
MD5 hash: | dc0979650a009f58fa8f119565d4ea50 |
General |
---|
Start time: | 13:51:59 |
Start date: | 29/02/2016 |
Path: | /bin/sh |
File size: | 628704 bytes |
MD5 hash: | bae6979e8dc9910cd5fec0e5214e9681 |
General |
---|
Start time: | 13:51:59 |
Start date: | 29/02/2016 |
Path: | /usr/bin/touch |
File size: | 19280 bytes |
MD5 hash: | dc0979650a009f58fa8f119565d4ea50 |
General |
---|
Start time: | 13:51:59 |
Start date: | 29/02/2016 |
Path: | /bin/sh |
File size: | 628704 bytes |
MD5 hash: | bae6979e8dc9910cd5fec0e5214e9681 |
General |
---|
Start time: | 13:51:59 |
Start date: | 29/02/2016 |
Path: | /usr/bin/touch |
File size: | 19280 bytes |
MD5 hash: | dc0979650a009f58fa8f119565d4ea50 |
General |
---|
Start time: | 13:51:59 |
Start date: | 29/02/2016 |
Path: | /bin/sh |
File size: | 628704 bytes |
MD5 hash: | bae6979e8dc9910cd5fec0e5214e9681 |
General |
---|
Start time: | 13:51:59 |
Start date: | 29/02/2016 |
Path: | /usr/bin/touch |
File size: | 19280 bytes |
MD5 hash: | dc0979650a009f58fa8f119565d4ea50 |
General |
---|
Start time: | 13:51:59 |
Start date: | 29/02/2016 |
Path: | /bin/sh |
File size: | 628704 bytes |
MD5 hash: | bae6979e8dc9910cd5fec0e5214e9681 |
General |
---|
Start time: | 13:51:59 |
Start date: | 29/02/2016 |
Path: | /usr/bin/touch |
File size: | 19280 bytes |
MD5 hash: | dc0979650a009f58fa8f119565d4ea50 |
General |
---|
Start time: | 13:51:59 |
Start date: | 29/02/2016 |
Path: | /bin/sh |
File size: | 628704 bytes |
MD5 hash: | bae6979e8dc9910cd5fec0e5214e9681 |
General |
---|
Start time: | 13:51:59 |
Start date: | 29/02/2016 |
Path: | /usr/bin/touch |
File size: | 19280 bytes |
MD5 hash: | dc0979650a009f58fa8f119565d4ea50 |
General |
---|
Start time: | 13:51:59 |
Start date: | 29/02/2016 |
Path: | /bin/sh |
File size: | 628704 bytes |
MD5 hash: | bae6979e8dc9910cd5fec0e5214e9681 |
General |
---|
Start time: | 13:51:59 |
Start date: | 29/02/2016 |
Path: | /usr/bin/touch |
File size: | 19280 bytes |
MD5 hash: | dc0979650a009f58fa8f119565d4ea50 |
General |
---|
Start time: | 13:51:59 |
Start date: | 29/02/2016 |
Path: | /bin/sh |
File size: | 628704 bytes |
MD5 hash: | bae6979e8dc9910cd5fec0e5214e9681 |
General |
---|
Start time: | 13:51:59 |
Start date: | 29/02/2016 |
Path: | /usr/bin/touch |
File size: | 19280 bytes |
MD5 hash: | dc0979650a009f58fa8f119565d4ea50 |
General |
---|
Start time: | 13:51:59 |
Start date: | 29/02/2016 |
Path: | /bin/sh |
File size: | 628704 bytes |
MD5 hash: | bae6979e8dc9910cd5fec0e5214e9681 |
General |
---|
Start time: | 13:51:59 |
Start date: | 29/02/2016 |
Path: | /bin/rm |
File size: | 19760 bytes |
MD5 hash: | cac0af1a62f7b12325d5b7a0ed082afd |
General |
---|
Start time: | 13:51:59 |
Start date: | 29/02/2016 |
Path: | /bin/sh |
File size: | 628704 bytes |
MD5 hash: | bae6979e8dc9910cd5fec0e5214e9681 |
General |
---|
Start time: | 13:51:59 |
Start date: | 29/02/2016 |
Path: | /bin/sh |
File size: | 628704 bytes |
MD5 hash: | bae6979e8dc9910cd5fec0e5214e9681 |
General |
---|
Start time: | 13:51:59 |
Start date: | 29/02/2016 |
Path: | /bin/ps |
File size: | 46688 bytes |
MD5 hash: | cfb8ba7fee3f6044f3d76175903d98b1 |
General |
---|
Start time: | 13:51:59 |
Start date: | 29/02/2016 |
Path: | /bin/sh |
File size: | 628704 bytes |
MD5 hash: | bae6979e8dc9910cd5fec0e5214e9681 |
General |
---|
Start time: | 13:51:59 |
Start date: | 29/02/2016 |
Path: | /usr/bin/grep |
File size: | 29760 bytes |
MD5 hash: | 74c51bf745713fd2d8007f3611366a23 |
General |
---|
Start time: | 13:51:59 |
Start date: | 29/02/2016 |
Path: | /bin/sh |
File size: | 628704 bytes |
MD5 hash: | bae6979e8dc9910cd5fec0e5214e9681 |
General |
---|
Start time: | 13:51:59 |
Start date: | 29/02/2016 |
Path: | /usr/bin/grep |
File size: | 29760 bytes |
MD5 hash: | 74c51bf745713fd2d8007f3611366a23 |
General |
---|
Start time: | 13:51:59 |
Start date: | 29/02/2016 |
Path: | /bin/sh |
File size: | 628704 bytes |
MD5 hash: | bae6979e8dc9910cd5fec0e5214e9681 |
General |
---|
Start time: | 13:51:59 |
Start date: | 29/02/2016 |
Path: | /bin/sh |
File size: | 628704 bytes |
MD5 hash: | bae6979e8dc9910cd5fec0e5214e9681 |
General |
---|
Start time: | 13:51:59 |
Start date: | 29/02/2016 |
Path: | /bin/ps |
File size: | 46688 bytes |
MD5 hash: | cfb8ba7fee3f6044f3d76175903d98b1 |
General |
---|
Start time: | 13:51:59 |
Start date: | 29/02/2016 |
Path: | /bin/sh |
File size: | 628704 bytes |
MD5 hash: | bae6979e8dc9910cd5fec0e5214e9681 |
General |
---|
Start time: | 13:51:59 |
Start date: | 29/02/2016 |
Path: | /usr/bin/grep |
File size: | 29760 bytes |
MD5 hash: | 74c51bf745713fd2d8007f3611366a23 |
General |
---|
Start time: | 13:51:59 |
Start date: | 29/02/2016 |
Path: | /bin/sh |
File size: | 628704 bytes |
MD5 hash: | bae6979e8dc9910cd5fec0e5214e9681 |
General |
---|
Start time: | 13:51:59 |
Start date: | 29/02/2016 |
Path: | /usr/bin/grep |
File size: | 29760 bytes |
MD5 hash: | 74c51bf745713fd2d8007f3611366a23 |
General |
---|
Start time: | 13:52:27 |
Start date: | 29/02/2016 |
Path: | /bin/sh |
File size: | 628704 bytes |
MD5 hash: | bae6979e8dc9910cd5fec0e5214e9681 |
General |
---|
Start time: | 13:52:27 |
Start date: | 29/02/2016 |
Path: | /bin/mkdir |
File size: | 14512 bytes |
MD5 hash: | a83457fe11bfb3492e076d782ec60e9a |