Balance | Duration | Explanation |
---|---|---|
0x00 | 2 | list (Refer to Desk B) |
0x02 | 2 | Information length 1 = 2 byte, 2 = 4 byte, 3 = as specified in 0x04 |
0x04 | 2 | Information duration |
0x06 | As given in 0x04 | Data |
Offset | Description | Remarks |
---|---|---|
0x01 | BeaconType | 0=HTTP, 1=Cross types HTTP ánd DNS, 8=HTTPS |
0x02 | Slot number | |
0x03 | Polling period | |
0x04 | Unknown | |
0x05 | Jitter | Proportion of jitter in polling period (0-99%) |
0x06 | Maxdns | Optimum size of sponsor title when using DNS (0-255) |
0x07 | Unfamiliar | |
0x08 | Destination host | |
0x09 | Consumer realtor | |
0x0a | Path when interacting HTTPHéader2 | |
0x0b | Unknown | |
0x0c | HTTPHeader1 | |
0x0d | HTTPHeader2 | |
0x0e | Injection process | |
0x0f | Tube title | |
0x10 | Yr | Stops working after the specified date by 12 months, Month, Day |
0x11 | 30 days | |
0x12 | Time | |
0x13 | DNSidle | |
0x14 | DNSSleep | |
0x1a | HTTPMethod1 | |
0x1b | HTTPMethod2 | |
0x1c | Unknown | |
0x1d | Procedure to provide arbitrary shellcode (32bit) | |
0x1e | Process to inject arbitrary shellcode (64bit) | |
0x1f | Unidentified | |
0x20 | Proxy server name | |
0x21 | Proxy user title | |
0x22 | Proxy security password | |
0x23 | AccessType | 1 = Perform not make use of proxy server 2 = Make use of IE construction in the régistry 4 = Connect via proxy server |
0x24 | createremotethread | Banner whether to enable creating threads in some other procedures |
0x25 | Not really in make use of |