CapTipper Report

PCAP File	Analysis Time	CapTipper Version	Traffic Time
/opt/Malware-Project/Dataset/Botnet-Capture/beingAnalyzedAndPublished/CTU-Malware-Capture-Botnet-51//botnet-capture-20110818-bot.pcap	05/14/15 12:34:42	0.2 b10	08/18/11 09:04:16

Conversations

crl.microsoft.com (195.113.232.75:80)

URI

RESPONSE TYPE

FILENAME

RESPONSE CODE

MAGIC

SIZE

TIME

/pki/crl/products/CodeSignPCA.crl

application/pkix-crl

CodeSignPCA.crl

200 OK

BINARY

558.0 B

08/18/11 09:04:16

Download
SHA256	4d51f258891ddfdc8e423541cfeeea1b48aa2e1c26f0379f21ec1c898fcc422c
Referer
Magic	Inconclusive. Probably binary (BINARY)
Request	GET /pki/crl/products/CodeSignPCA.crl HTTP/1.1 Accept: / User-Agent: Microsoft-CryptoAPI/5.131.2600.2180 Host: crl.microsoft.com Connection: Keep-Alive Cache-Control: no-cache Pragma: no-cache
Response Header	HTTP/1.1 200 OK Content-Type: application/pkix-crl Last-Modified: Mon, 18 Jul 2011 18:06:00 GMT Accept-Ranges: bytes ETag: "2949df597545cc1:0" Server: Microsoft-IIS/7.5 VTag: 791127442200000000 P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI" X-Powered-By: ASP.NET Content-Length: 558 Cache-Control: max-age=900 Date: Thu, 18 Aug 2011 09:04:21 GMT Connection: keep-alive
HEX Peek (128 B)	0000 30 82 02 2A 30 82 01 12 02 01 01 30 0D 06 09 2A 0..0......0... 0010 86 48 86 F7 0D 01 01 05 05 00 30 81 A6 31 0B 30 .H........0..1.0 0020 09 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 ...U....US1.0... 0030 55 04 08 13 0A 57 61 73 68 69 6E 67 74 6F 6E 31 U....Washington1 0040 10 30 0E 06 03 55 04 07 13 07 52 65 64 6D 6F 6E .0...U....Redmon 0050 64 31 1E 30 1C 06 03 55 04 0A 13 15 4D 69 63 72 d1.0...U....Micr 0060 6F 73 6F 66 74 20 43 6F 72 70 6F 72 61 74 69 6F osoft Corporatio 0070 6E 31 2B 30 29 06 03 55 04 0B 13 22 43 6F 70 79 n1+0)..U..."Copy

cr-tools.clients.google.com (74.125.232.206:80)

URI

RESPONSE TYPE

FILENAME

RESPONSE CODE

MAGIC

SIZE

TIME

/service/check2?appid=%7B430FD4D0-B729-4F61-AA34-91526481799D%7D&appversion=1.3.21.65&applang=&machine=0&version=1.3.21.65&osversion=5.1&servicepack=Service%20Pack%202

check2

204 No Content

0.0 B

08/18/11 11:49:40

IP	147.32.84.165
MAC	08:00:27:b5:b7:19
USER-AGENT	Google Update/1.3.21.65;winhttp

Analysis Info

Flow View

Client Details

Conversations