1.0
低危
62 个模型检测该样本为恶意!
重新分析
更多

26623a55688dbeb06e403f66f957bd697a9e4cf23fb253a5d8985add2b3c19fb

26623a55688dbeb06e403f66f957bd697a9e4cf23fb253a5d8985add2b3c19fb.exe

分析耗时

195s

最近分析

364天前

文件大小

159.9KB
静态报毒 动态报毒 CVE FAMILY METATYPE PLATFORM TYPE UNKNOWN WIN32 TROJAN RANSOM URELAS
鹰眼引擎
DACN 0.12
FACILE 1.00
IMCLNet 0.81
MFGraph 0.00
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
Alibaba Malware:Win32/Dorpal.ali1000029 20190527 0.3.0.5
Avast Win32:Trojan-gen 20200110 18.4.3895.0
Baidu Win32.Trojan.Urelas.b 20190318 1.0.0.2
CrowdStrike win/malicious_confidence_100% (W) 20190702 1.0
Kingsoft None 20200110 2013.8.14.323
McAfee BackDoor-FBQP!0CC889F6D2FE 20200110 6.0.6.653
Tencent Malware.Win32.Gencirc.10b097c0 20200110 1.0.0.1
行为判定
动态指标
网络通信
与未执行 DNS 查询的主机进行通信 (2 个事件)
host 114.114.114.114
host 8.8.8.8
文件已被 VirusTotal 上 62 个反病毒引擎识别为恶意 (50 out of 62 个事件)
ALYac Gen:Variant.Ulise.66432
APEX Malicious
AVG Win32:Trojan-gen
Acronis suspicious
Ad-Aware Gen:Variant.Ulise.66432
AhnLab-V3 Trojan/Win32.RL_Urelas.R291238
Alibaba Malware:Win32/Dorpal.ali1000029
Antiy-AVL Trojan[Ransom]/Win32.GenericCryptor
Arcabit Trojan.Ulise.D10380
Avast Win32:Trojan-gen
Avira BDS/Backdoor.Gen7
Baidu Win32.Trojan.Urelas.b
BitDefender Gen:Variant.Ulise.66432
BitDefenderTheta Gen:NN.ZexaF.33564.jyX@aGbmNjii
Bkav W32.AIDetectVM.malware
CAT-QuickHeal Trojan.Zenshirsh.SL7
ClamAV Win.Malware.Urelas-6717394-0
Comodo TrojWare.Win32.Urelas.ASE@5izxb0
CrowdStrike win/malicious_confidence_100% (W)
Cybereason malicious.6d2fe2
Cylance Unsafe
Cyren W32/Urelas.T.gen!Eldorado
DrWeb Trojan.DownLoader9.26318
ESET-NOD32 a variant of Win32/Urelas.AB
Emsisoft Gen:Variant.Ulise.66432 (B)
Endgame malicious (high confidence)
F-Prot W32/Urelas.T.gen!Eldorado
F-Secure Backdoor.BDS/Backdoor.Gen7
FireEye Generic.mg.0cc889f6d2fe21c5
Fortinet W32/Urelas.AB!tr
GData Gen:Variant.Ulise.66432
Ikarus Trojan.Win32.Beaugrit
Invincea heuristic
Jiangmin Trojan.GenericCryptor.fw
K7AntiVirus Backdoor ( 0053e8561 )
K7GW Backdoor ( 0053e8561 )
Kaspersky Trojan-Ransom.Win32.GenericCryptor.czn
Lionic Trojan.Win32.GenericCryptor.tqHw
MAX malware (ai score=80)
Malwarebytes Trojan.Urelas
McAfee BackDoor-FBQP!0CC889F6D2FE
McAfee-GW-Edition BehavesLike.Win32.Gupboot.cm
MicroWorld-eScan Gen:Variant.Ulise.66432
Microsoft Trojan:Win32/Urelas.AA
NANO-Antivirus Trojan.Win32.Urelas.ctemzd
Paloalto generic.ml
Panda Trj/Genetic.gen
Qihoo-360 Win32/Backdoor.1c6
Rising Trojan.Urelas!1.BE13 (CLOUD)
Sangfor Malware
可视化分析
二进制图像
数据导入图像 288x288
数据导入图像 224x224
数据导入图像 192x192
数据导入图像 160x160
数据导入图像 128x128
数据导入图像 96x96
数据导入图像 64x64
数据导入图像 32x32
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

2014-02-07 16:29:54

PE Imphash

cc8e1a681a74afdb55d05e72ace1a719

Sections

Name Virtual Address Virtual Size Size of Raw Data Entropy
.text 0x00001000 0x00010000 0x0000f200 6.488838623608601
.rdata 0x00011000 0x00004000 0x00003800 4.693413217649175
.data 0x00015000 0x00004000 0x00001000 2.300829480819339
.rsrc 0x00019000 0x0000c000 0x0000be00 4.319162243684358
.reloc 0x00025000 0x00002000 0x00000e00 6.242488105887941
GTDTSYDW 0x00027000 0x00007000 0x00006800 4.5504558878436

Resources

Name Offset Size Language Sub-language File type
RT_ICON 0x000246c8 0x00000468 LANG_ENGLISH SUBLANG_ENGLISH_US None
RT_ICON 0x000246c8 0x00000468 LANG_ENGLISH SUBLANG_ENGLISH_US None
RT_ICON 0x000246c8 0x00000468 LANG_ENGLISH SUBLANG_ENGLISH_US None
RT_ICON 0x000246c8 0x00000468 LANG_ENGLISH SUBLANG_ENGLISH_US None
RT_ICON 0x000246c8 0x00000468 LANG_ENGLISH SUBLANG_ENGLISH_US None
RT_ICON 0x000246c8 0x00000468 LANG_ENGLISH SUBLANG_ENGLISH_US None
RT_ICON 0x000246c8 0x00000468 LANG_ENGLISH SUBLANG_ENGLISH_US None
RT_ICON 0x000246c8 0x00000468 LANG_ENGLISH SUBLANG_ENGLISH_US None
RT_ICON 0x000246c8 0x00000468 LANG_ENGLISH SUBLANG_ENGLISH_US None
RT_ICON 0x000246c8 0x00000468 LANG_ENGLISH SUBLANG_ENGLISH_US None
RT_ICON 0x000246c8 0x00000468 LANG_ENGLISH SUBLANG_ENGLISH_US None
RT_ICON 0x000246c8 0x00000468 LANG_ENGLISH SUBLANG_ENGLISH_US None
RT_ICON 0x000246c8 0x00000468 LANG_ENGLISH SUBLANG_ENGLISH_US None
RT_ICON 0x000246c8 0x00000468 LANG_ENGLISH SUBLANG_ENGLISH_US None
RT_ICON 0x000246c8 0x00000468 LANG_ENGLISH SUBLANG_ENGLISH_US None
RT_ICON 0x000246c8 0x00000468 LANG_ENGLISH SUBLANG_ENGLISH_US None
RT_STRING 0x00024b30 0x00000068 LANG_ENGLISH SUBLANG_ENGLISH_US None
RT_GROUP_ICON 0x00024c10 0x00000076 LANG_ENGLISH SUBLANG_ENGLISH_US None
RT_GROUP_ICON 0x00024c10 0x00000076 LANG_ENGLISH SUBLANG_ENGLISH_US None
RT_MANIFEST 0x0002d026 0x0000015a LANG_ENGLISH SUBLANG_ENGLISH_US None

Imports

Library KERNEL32.dll:
0x41101c GetFileAttributesW
0x411020 GetSystemDirectoryW
0x411024 DeleteFileW
0x411028 GetModuleFileNameW
0x41102c GetTickCount
0x411030 GetVersionExW
0x411034 ReadFile
0x411038 CreateFileW
0x41103c DeviceIoControl
0x411040 GetTempPathA
0x411044 GetModuleFileNameA
0x411048 HeapAlloc
0x41104c GetProcessHeap
0x411050 HeapFree
0x411054 MultiByteToWideChar
0x411058 HeapReAlloc
0x41105c LCMapStringW
0x411060 HeapSize
0x411068 LoadLibraryW
0x41106c WriteConsoleW
0x411070 FlushFileBuffers
0x411078 CreateThread
0x41107c CreateEventW
0x411080 CloseHandle
0x411084 OpenEventW
0x411088 GetTempPathW
0x41108c SetStdHandle
0x411090 GetStringTypeW
0x411094 IsValidCodePage
0x411098 GetOEMCP
0x41109c GetACP
0x4110a0 GetCPInfo
0x4110a4 RaiseException
0x4110a8 SetFilePointer
0x4110b0 GetCurrentProcessId
0x4110b8 HeapCreate
0x4110c0 ExitProcess
0x4110c4 CreateFileA
0x4110c8 Sleep
0x4110cc GetCommandLineW
0x4110d0 HeapSetInformation
0x4110d4 GetStartupInfoW
0x4110d8 GetLastError
0x4110dc TerminateProcess
0x4110e0 GetCurrentProcess
0x4110ec IsDebuggerPresent
0x4110f0 EncodePointer
0x4110f4 DecodePointer
0x411104 RtlUnwind
0x411108 WriteFile
0x41110c WideCharToMultiByte
0x411110 GetConsoleCP
0x411114 GetConsoleMode
0x411118 GetProcAddress
0x41111c GetModuleHandleW
0x411120 GetStdHandle
0x41112c SetHandleCount
0x411130 GetFileType
0x411138 TlsAlloc
0x41113c TlsGetValue
0x411140 TlsSetValue
0x411144 TlsFree
0x41114c SetLastError
0x411150 GetCurrentThreadId
0x411154 SetEndOfFile
Library USER32.dll:
0x411168 LoadIconW
0x41116c LoadCursorW
0x411170 DefWindowProcW
0x411174 BeginPaint
0x411178 EndPaint
0x41117c LoadStringW
0x411180 RegisterClassExW
0x411184 wsprintfW
0x411188 PostQuitMessage
Library ADVAPI32.dll:
0x411000 RegQueryValueExW
0x411004 RegSetValueExW
0x411008 RegCloseKey
0x41100c RegOpenKeyExW
Library SHELL32.dll:
0x41115c ShellExecuteA
0x411160 ShellExecuteW
Library WS2_32.dll:
0x411190 WSAStartup
0x411194 htonl
0x411198 gethostbyaddr
0x41119c socket
0x4111a0 gethostbyname
0x4111a4 inet_addr
0x4111a8 htons
0x4111ac connect
0x4111b0 closesocket
0x4111b4 send
0x4111b8 recv
0x4111bc WSAGetLastError
Library IPHLPAPI.DLL:
L!This program cannot be run in DOS mode.
;i;i;iT
iT'+iT
*6i;iFiT
>iT#:iT$:iRich;i
.rdata
.reloc
GTDTSYDW
SjmVjk3t$(V5h
|$$|$(h
jlt$(D$4D$8
_^[3^1
;vf9=DwA
fD$DD$FWP?j
D$DVP0
D$LPWW
&ULHPA
3M3^80
ESVW3j>fE3
f;uhl2A
j@h|xA
jQXfxA
3@M_^3[.
EPEP.
M_3^f-
tKHt1Ht
3VfWPe
ESVW3h
uHPEPPShl5A
f;u+u0h|5A
f;u*Wh5A
j^rSPfb
M_^33[(
3VPfPa
t(PVP(
M_^3['
@;rMSMP9u
3@M_^3[n&
t)3FVh
@;rMSMP9u
3@M_^3[$
jQXflp+
tuhptA
t4jQYf
f;u+t#VSh
f9uCh<6A
jdY3PP,
3@M_^3[
Vfp3rWPX
3VfhjWPX
3j>fE3
3j>fxzSPW
xP3PPP
fuffltA
f;uf:6fltA
M_^3[D
f3VPcU
ftfltA
WPh`6A
CM_3[9
3Y@=SWj
fu+uS#
Y3M_^3[
VWjd3h
tJP3VB3Q
M_^3[B
SVW|6A
fEY}ffE
EEPEh6A
EW3fEj
UQQSWh5A
Y3@_[UVWu
G;|_^]U$
@uV+WPP
@uV+WPP
@uV+WPPL
@uV+WPP
$3PPPQh 7A
VW3u3}
_WEPu$
EWEPu$
3|S(7A
YYtM+u
V3WuE:
E;tQMQPVj
uEou'}
rj_9ut
SVWj _p
QEh,7A
3VPfPE
YV3WPD
YM_^3[P
$(4;t
Y;|j0+
YM,_^3[F
YV3WP;
YYt~f9uu
uahx|A
3c9vDj
@M^3[M
U SW3j
3Y}]9]
;tV;|BMx
YYt"Mx
39]fD~
;t3f9>
}f9;u |
jEPhHPA
;Ew[PuV~4
E+)E$V,
}O;]rOt
u+WuV1
M+;rP})E
YYt)EF
YY]jXhp9A
fu3_[]
f_^]UW}
CB;r]}
]8u S
jEPhHPA
YYuf-u
[u-VgX
RPjjEUHZ
M]EUVW
Yu)jAXf;w
E;ErDE9Eu
3;Er0w
QuuuWY
u>9ur9w
`p33_^[
U]/UVu
USV3;u
;r3_^[]
U SW3j
3Y}]9]
;t5;|"Mx
ffffffE
YM_3[D
3PPPPP
t4+t$+t
ItQht@lt
3F tBP
itmnt$o
PWP5D]A
PW5P]A
PW5L]A
cj0XfQf>
t-RPSWG
u(~"j OzYt
u(~"j0O!Yt
j ONYt
`pM_^3[
1 B0RA
;r" TA
;r= TA
at0rt#wt
f9>tf>=uu
f> t3f9>t
Y]3u;5A
+SVWHPA
1E3PeuEEEEd
Y__^[]Q
:E_^[]E
9csmu)=
URPQQhr@
t;T$4t
;v.4v\
UVWS33333[_^]
33333USVWj
_^[]Ul$
Yt$WV!
jXEU;u
Ht%CT1
\3_[^j
W>+~,WPVYPU
Y/V|Yt
Y}3u;5A
tVPV+YY3BU
4V4YYE
W34809}
;u;8!
4 3,9E
P4UM`8
DQP C@
,PVEP$
3+4H;M
(PVHP$
(PVHP$
r3VVhU
QH++PPVh
(P+P5P$
\,+48;E
0?DY1$
8+0[M_3^
DDDDDDDDDDDDDD
8csmu*x
YYuTVWh@
3]j h:A
3PPPPPpVN
@Y<v*VN
^SSSSSyj
;tFtA3
S^`N`H
j$Y~\d9
QY^`[_^]
3Y[_^5bA
3PPPPP
UQV3W}
ft;uf t
Bf8\tf8"u8
ft$9Uu
UQQSVWh
V33SfjA
[]YY?sJM
;r4PX,
_[^SVW
j@j ^V+
H3H/5~A
;rSWf9M
j@j Q+
YYt:V5UA
P YF,t
YYt0V5UA
E3E3;u
<at,<rt"<wt
F> t>=unF> tj
WPWPWv
whu;5YA
8]tEMap<u
TM_^3[
M`}_hu
PCY^hS=H
Y%u UA
3W;to=^A
t4V0;t(W8jYt
Fpt"~l
lVYYYEE
f;rJvf;
f;rJvf;
f;rJvf;
Jvf;rgQ
Pf;rSPf;
UQSVWG
t4+t$HHt
ItUhtDlt
HHtYHHt
2itmnt$o
PWP5D]A
PW5P]A
PW5L]A
t-RPSW0
0@@If8
u'~! O1t
`pM_^3[
EU_^j
VYYt.VMYt"VA
]39}~0N
YYtG;}|fE
YYM_^3['
VW3,]A
YYu,9E
tAt2t$
E`p;39]
VW38kA
F$|3@_^
tCHt(Ht
Y+t7+t*+t
3t(;t$;t
^0B_^[E
uEPuuu
uEuPuuu
$ MeHMu
tWWW6#
JWWW6m
[+PD=P6
EUSSSSS9j
9}t(9}t
tDft?f;t8EP
Vuy39E
B(;r3_^[]
Ujhx<A
SVWHPA
1E3PEd
Y_^[]USVWUj
H3>qUh
P(RP$R
t:|$,t
;t$,v-4v
UQPXY]Y[
S3VW;|[;
t6<0t0=
u}uyG,j@j CYYEta
FGIuX^_]
j h =A
Y+t"+t
+tY+uCx}
Uw\]Yp
u>OdMGd
uwdSUY
Eu}h"A
t?P5lA
3M_^3[e
ft'Ou"+
jPfDJXdf
tCHt(Ht N~
Y+t7+t*+t
3t(;t$;t
t$;t)l}
^0|_^[E
uEPuuu
uEuPuuu
$ MeHMu~
tWWW6#
JWWW6
[+PD=P6@
EVSSSSSvj
9}t(9}t
Mtm39]
MfMf;u!f;t
E`p3^_[
H8]tMapUj
E`p3^[_
S3VW;~E
@;u+H;}
39](SSu
]9]tWuu
};~Bj3X
P@aY;t
3;t?uWuuu
t"SS9] u
EYe_^[M3U
Mfu(Eu$u u
UQQHPA
ES3VW]9]
39] SSu
ESEYe_^[M3aT
Meu$Eu
_6_v _v$_v(_v,_v0_v4z_v
r_v8j_v<b_@v@W_vDO_vHG_vL?_vP7_vT/_vX'_v\_v`
_vl^vp^vt^vx^v|^@
P:\YF0;
P(\Yv4;5^A
P[YF ;
P[YF$;
P[YF8;
Pr[YF<;
P`[YF@;
PN[YFD;
P<[YFH;
P*[YvL;5^A
[Y^]UV3PPPPPPPPU
rustnM
tR:QuMPt<:Qu7Pt&:Qu!Pt
@FA;r3^[
+UV3PPPPPPPPU
f;v6;t
Map_^[;t&;w gj"^0?g8]tE`py
<E`p0M
u,dt ;t
*VY3MW0u
t@V%Yt
3_^]_d
L1$!_^[u
Map^[3PPj
E`p]Ex
tAMap8+
;t+3_^[
EPQEPEj
RQMQVp
Map^[UWVSM
WVS3D$
bad allocation
CorExitProcess
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
UTF-16LE
UNICODE
Unknown exception
HH:mm:ss
dddd, MMMM dd, yyyy
MM/dd/yy
December
November
October
September
August
February
January
Saturday
Friday
Thursday
Wednesday
Tuesday
Monday
Sunday
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
(null)
`h````
xpxxxx
`h`hhh
xppwpp
GetProcessWindowStation
GetUserObjectInformationW
GetLastActivePopup
GetActiveWindow
MessageBoxW
 !"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~
Complete Object Locator'
Class Hierarchy Descriptor'
Base Class Array'
Base Class Descriptor at (
Type Descriptor'
`local static thread guard'
`managed vector copy constructor iterator'
`vector vbase copy constructor iterator'
`vector copy constructor iterator'
`dynamic atexit destructor for '
`dynamic initializer for '
`eh vector vbase copy constructor iterator'
`eh vector copy constructor iterator'
`managed vector destructor iterator'
`managed vector constructor iterator'
`placement delete[] closure'
`placement delete closure'
`omni callsig'
delete[]
new[]
`local vftable constructor closure'
`local vftable'
`udt returning'
`copy constructor closure'
`eh vector vbase constructor iterator'
`eh vector destructor iterator'
`eh vector constructor iterator'
`virtual displacement map'
`vector vbase constructor iterator'
`vector destructor iterator'
`vector constructor iterator'
`scalar deleting destructor'
`default constructor closure'
`vector deleting destructor'
`vbase destructor'
`string'
`local static guard'
`typeof'
`vcall'
`vbtable'
`vftable'
operator
delete
__unaligned
__restrict
__ptr64
__eabi
__clrcall
__fastcall
__thiscall
__stdcall
__pascal
__cdecl
__based(
121.88.5.184
sanfdr.bat
:Repeat
if exist "
" goto Repeat
rmdir "
%d.%d.%d.%d
121.88.5.183
ExitProcess
GetTempPathW
OpenEventW
CloseHandle
CreateEventW
CreateThread
GetSystemWindowsDirectoryW
GetFileAttributesW
GetSystemDirectoryW
DeleteFileW
GetModuleFileNameW
GetTickCount
GetVersionExW
ReadFile
CreateFileW
DeviceIoControl
GetTempPathA
GetModuleFileNameA
HeapAlloc
GetProcessHeap
HeapFree
MultiByteToWideChar
KERNEL32.dll
LoadStringW
LoadIconW
LoadCursorW
RegisterClassExW
DefWindowProcW
BeginPaint
EndPaint
PostQuitMessage
wsprintfW
USER32.dll
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
RegSetValueExW
ADVAPI32.dll
ShellExecuteW
ShellExecuteA
SHELL32.dll
WS2_32.dll
GetAdaptersAddresses
IPHLPAPI.DLL
GetCommandLineW
HeapSetInformation
GetStartupInfoW
GetLastError
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
EncodePointer
DecodePointer
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
RtlUnwind
WriteFile
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
GetProcAddress
GetModuleHandleW
GetStdHandle
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
DeleteCriticalSection
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
HeapCreate
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
SetFilePointer
RaiseException
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
GetStringTypeW
SetStdHandle
IsProcessorFeaturePresent
FlushFileBuffers
WriteConsoleW
LoadLibraryW
CreateFileA
HeapSize
LCMapStringW
HeapReAlloc
SetEndOfFile
.?AVbad_alloc@std@@
.?AVexception@std@@
.?AVtype_info@@
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
218.54.31.226
wwwwwwwwwwwwwwwpxpx
pxwwwwwwwwwwwwwxpxpxDDDDDDDDD@
pxDDDDDDDDDH
pxDDDDDDDDDH
pxDDDDDDDDDDDDDDpxpwwwwwwwwwwwwwwwp
wwwwwwwpxpxpxpxpxpxpxpxwwwwwwpxDDDpxDDDDDDpxpwwwwwwww
%%$$"#"#"#*+()''&&??<=9;7A63[4]5mm]5\]m]mm5\mm5555555\\\5\\\5m\55\\5ed:cOXY/P.Z0.0.QR00/ZPP0000000/0PPZR.BI@/DE0,
CWkV21TSav^8{
}>qooggggggg1`_fhsnHK{JLp
Gl-FjNw~ytMMMMMMUbbrrrrrxxxxxxxxrriUMMMMMMMMMUuzt
.#%-0%:?%9>%8=%7;
EG@DF@MO@LN2Kh2\g2]f2[I3')+*+)))*))()*+++,6J!54 CBAjYPQTVTSkllZTTXRTUiHceWda/
iu`_<bmt^}zy|yx~
{|yvrrwsqpon
PPPPPPPPPPPPPPPPPKMNNNNNNNNNNOLO
JHHGGGGGGGGHI
JEEEEEEEEEEFC
JEEEEEEEEEEFC
JEEEEEEEEEEFD
JEFEEEEEEEEEB
O%JEEEEEEEEEFFB
JJIIIIJIIIIJJ
O(@>=77A779?<8;$O'
)O6530./21+*-,4#4PPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPP
Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'H#P'Q'Q'Q'Q'
R&R&R'R&R&R&R&R&Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'R'
e)qjiPt
{rFpcq
S^EDIID:BI638?@=>>=======8,00-.(',0-0178
S(O$N!N!N!N!N"M"M"M"M"M"M"M"M"M"M"M"M"M"M"M"M"N"M"M"O$S)O"
QDf>.j~ro
*V=;?73?//87566-&*'!+3$357_
OO&F#C!C!C!C!C!C!C!C!C!C!
A E$R(
x(s o7|WRzW
wwwwwwwwwwwwwwwpxpx
pxwwwwwwwwwwwwwxpxpxDDDDDDDDD@
pxDDDDDDDDDH
pxDDDDDDDDDH
pxDDDDDDDDDDDDDDpxpwwwwwwwwwwwwwwwp
wwwwwwwpxpxpxpxpxpxpxpxwwwwwwpxDDDpxDDDDDDpxpwwwwwwww
%%$$"#"#"#*+()''&&??<=9;7A63[4]5mm]5\]m]mm5\mm5555555\\\5\\\5m\55\\5ed:cOXY/P.Z0.0.QR00/ZPP0000000/0PPZR.BI@/DE0,
CWkV21TSav^8{
}>qooggggggg1`_fhsnHK{JLp
Gl-FjNw~ytMMMMMMUbbrrrrrxxxxxxxxrriUMMMMMMMMMUuzt
.#%-0%:?%9>%8=%7;
EG@DF@MO@LN2Kh2\g2]f2[I3')+*+)))*))()*+++,6J!54 CBAjYPQTVTSkllZTTXRTUiHceWda/
iu`_<bmt^}zy|yx~
{|yvrrwsqpon
PPPPPPPPPPPPPPPPPKMNNNNNNNNNNOLO
JHHGGGGGGGGHI
JEEEEEEEEEEFC
JEEEEEEEEEEFC
JEEEEEEEEEEFD
JEFEEEEEEEEEB
O%JEEEEEEEEEFFB
JJIIIIJIIIIJJ
O(@>=77A779?<8;$O'
)O6530./21+*-,4#4PPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPP
Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'H#P'Q'Q'Q'Q'
R&R&R'R&R&R&R&R&Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'R'
e)qjiPt
{rFpcq
S^EDIID:BI638?@=>>=======8,00-.(',0-0178
S(O$N!N!N!N!N"M"M"M"M"M"M"M"M"M"M"M"M"M"M"M"M"N"M"M"O$S)O"
QDf>.j~ro
*V=;?73?//87566-&*'!+3$357_
OO&F#C!C!C!C!C!C!C!C!C!C!
A E$R(
x(s o7|WRzW
PA<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
<security>
<requestedPrivileges>
<requestedExecutionLevel level="asInvoker" uiAccess="false"></requestedExecutionLevel>
</requestedPrivileges>
</security>
</trustInfo>
</assembly>PA
0"0)050J0b0|00000
1#1)12191q1v1111111
2$2Y2f2s2~22222222222
3'3.3<3R3Z3z333
42474<4C4O4[4e4m4s4
44444444444
5)5@5`555555
666d666
7W7}777777
8+80858G8\8a8s888888
9=9I9Y9x9999':9:L:S:p::::
;);1;\;;;M<c<h<<<
=<=====Y>>>>>1?J?c?x???????
1&19111!222^2j2z2222
3@3\3y33384E4X4m4444444
5(565{55555555
6o6v6666666666
717Q7\777777
81868U8b8i8888!9i99k:w:P;f;v;;;;0<P<a<<<
=H==>I>>>
???]?k?????
(0Y0x0
000#1(1-171=1C1J1T1[1`1j1q111112
313H3\33
4o44444
555H5t555$6J6Q6n6667*8D8a888
9+969M9q9999D;c;;=
00081_1o1P2t44A578h::
;";/;;;G;M;_;g;r;;;;
<====3>9>K>>?
X001j222
363<3A3I3Y3c3i3}333336699999999
:":):1:9:A:M:V:[:a:k:t:
:::::::::::;;;$<+<8<><{<<<<=
0+073{45
6=6_6/8:::::::::::::
;(;4;A;e;w;;;;;;
<9<h<w<4>f>>>
?*?L?W????????
0a0~001111>2e2q2|3W4n4
5556p7z7.8=88899@:~:::;1<n<x<<<<
=^>>>>>N??
P0p0`111P3*44+5A555>6p66:7l777777777
8 8$8(8,808z8888888
99$9(9,9M9w9999999999
: :$:(::::::::t;|;;;;;;;;;;
<!<,<4<D<J<[<<<<<<<
====%>=>G>b>j>p>~>>>>
?"?n??
1O111111
233333
4/4k44444,535H555555
6N6`66666666
7*707<7B7K7Q7Z7f7l7t7z777777777
8P8V8888888Z9}9999
:,:1:9:?:F:L:S:Y:a:h:m:u:~:::::::::::::::::
;!;';0;P;V;n;;;;;;;;;
</<7<I<V<\<<<<<!=I==p????
20c0|0
1)1W1p1111%2*232B2e2j2o222
3333H5Y55555555
6-676J6n6666]7z7728Q88888
9"999R9n9w9}9999999
:[:::F;
<7<<<<
0`1~11
2 2F2567
8>8_8<:l<p<t<x<|<<<<<<<<
>n>>>>>7??
1070=0f0o0{0000
1,171u22Y3z3333333
434A4G4j4q4444444$5x55C77.8A8`8r88888;;'<N<n<x<<<<=>
0/0M0a0g00A1M1111
2*2;2`2222293a3z33333)474@44444
5(5Z5b5566666#7-77778(9.939A9F9K9P9`999999#:(:/:4:;:@:N::::F;U;d;;;;;;;;;;;;;;;
<"<-<h<<<===?
0}000000&1F1
4<4u44444
5%55999:::-;;<
11111%272I2[2m2
22222222j5566777
8U8m888l9s999I:
;;;;;;
1111111
2 2$282<2$;,;4;<;D;L;T;\;d;l;t;|;;;;;;;;;;;=====
0000000000000000
1 1$1(1,1014181<1@1D1H1L1P1T1X1\1`1d1h1l1p1t1x1|111111111111111111111111111111111
2 2$2(2,2024282<2@2777
8 888<8T8d8h8|88888888
9(9H9h99999999
: :(:<:X:x:::::
; ;,;H;T;p;;;;;
<0<P<p<<<<<<<
=8=X=x=
0,01159::::::::::::::
; ;$;(;,;0;4;8;<;@;D;H;L;P;T;X;\;`;d;h;l;p;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
< <$<(<<<<<<<<<
= =$=(=,=0=4=8=<=@=D=H=L=P=>>>>>>>>>>>>>>>>>>>>>
wwwwwwwwwwwwwwwpxpx
pxwwwwwwwwwwwwwxpxpxDDDDDDDDD@
pxDDDDDDDDDH
pxDDDDDDDDDH
pxDDDDDDDDDDDDDDpxpwwwwwwwwwwwwwwwp
wwwwwwwpxpxpxpxpxpxpxpxwwwwwwpxDDDpxDDDDDDpxpwwwwwwww
%%$$"#"#"#*+()''&&??<=9;7A63[4]5mm]5\]m]mm5\mm5555555\\\5\\\5m\55\\5ed:cOXY/P.Z0.0.QR00/ZPP0000000/0PPZR.BI@/DE0,
CWkV21TSav^8{
}>qooggggggg1`_fhsnHK{JLp
Gl-FjNw~ytMMMMMMUbbrrrrrxxxxxxxxrriUMMMMMMMMMUuzt
.#%-0%:?%9>%8=%7;
EG@DF@MO@LN2Kh2\g2]f2[I3')+*+)))*))()*+++,6J!54 CBAjYPQTVTSkllZTTXRTUiHceWda/
iu`_<bmt^}zy|yx~
{|yvrrwsqpon
PPPPPPPPPPPPPPPPPKMNNNNNNNNNNOLO
JHHGGGGGGGGHI
JEEEEEEEEEEFC
JEEEEEEEEEEFC
JEEEEEEEEEEFD
JEFEEEEEEEEEB
O%JEEEEEEEEEFFB
JJIIIIJIIIIJJ
O(@>=77A779?<8;$O'
)O6530./21+*-,4#4PPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPP
Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'H#P'Q'Q'Q'Q'
R&R&R'R&R&R&R&R&Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'R'
e)qjiPt
{rFpcq
S^EDIID:BI638?@=>>=======8,00-.(',0-0178
S(O$N!N!N!N!N"M"M"M"M"M"M"M"M"M"M"M"M"M"M"M"M"N"M"M"O$S)O"
QDf>.j~ro
*V=;?73?//87566-&*'!+3$357_
OO&F#C!C!C!C!C!C!C!C!C!C!
A E$R(
x(s o7|WRzW
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
<security>
<requestedPrivileges>
<requestedExecutionLevel level="asInvoker" uiAccess="false"></requestedExecutionLevel>
</requestedPrivileges>
</security>
</trustInfo>
</assembly>/
KERNEL32.DLL
GetModuleHandleA
GetProcAddress
VirtualAlloc
VirtualFree
VirtualProtect
USER32.dll
EndPaint
ADVAPI32.dll
RegCloseKey
SHELL32.dll
ShellExecuteA
WS2_32.dll
IPHLPAPI.DLL
GetAdaptersAddresses
proggamcGnOtbeu_i
#:C$>R
chHBPE
tex+t,
`.rdart
(M.I'?R
T<.W(sc
<>RPrelboSF
;`PWVS
Au<WF<.++<.
,._F;|aV
AAPQPU
uasY_^XQW3
UTF-16LE
UNICODE
mscoree.dll
runtime error
TLOSS error
SING error
DOMAIN error
- Attempt to use MSIL code from this assembly during native code initialization
This indicates a bug in your application. It is most likely the result of calling an MSIL-compiled (/clr) function from a native constructor or from DllMain.
- not enough space for locale information
- Attempt to initialize the CRT more than once.
This indicates a bug in your application.
- CRT not initialized
- unable to initialize heap
- not enough space for lowio initialization
- not enough space for stdio initialization
- pure virtual function call
- not enough space for _onexit/atexit table
- unable to open console device
- unexpected heap error
- unexpected multithread lock error
- not enough space for thread data
- abort() has been called
- not enough space for environment
- not enough space for arguments
- floating point support not loaded
AMicrosoft Visual C++ Runtime Library
<program name unknown>
Runtime Error!
Program:
KERNEL32.DLL
HH:mm:ss
dddd, MMMM dd, yyyy
MM/dd/yy
December
November
October
September
August
February
January
Saturday
Friday
Thursday
Wednesday
Tuesday
Monday
Sunday
(null)
WUSER32.DLL
((((( H
h(((( H
H
CONOUT$
Atmp5fdr.exe
218.54.28.139
121.88.5.183
dosret
WinSeven
WinVista
UnKnown
\Hangame\KOREAN\HanUninstall.exe
\NEOWIZ\PMang\common\PMLauncher.exe
\Netmarble\Common\NetMarbleEndWeb.exe
\Program Files\AhnLab\V3Lite30\V3Lite.exe
\Program Files\ESTsoft\ALYac\AYLaunch.exe
\Program Files\naver\NaverAgent\NaverAgent.exe
Software\Microsoft\Windows NT\CurrentVersion\Windows
TrayKey
%s.exe
golfinfo.ini
golfset.ini
HGDraw.dll
218.54.28.240
poldge
%s%s.exe
\\.\%s
\\.\PHYSICALDRIVE
%d.%d.%d.%d
'(,,--.000013
167888:=>=@?BDEIIIS^
;@Qbcbbo
!&'*+-
*//33565778;=?
x$&*++,--/046I
ssssss
sssssssss
YLFCEDECCCDCCECCDEEECIS@JIB
fkmknnnm
nnmmlnooi
'(,,--.000013
167888:=>=@?BDEIIIS^
;@Qbcbbo
!&'*+-
*//33565778;=?
x$&*++,--/046I
ssssss
sssssssss
YLFCEDECCCDCCECCDEEECIS@JIB
fkmknnnm
nnmmlnooi
Fujits
VGSHGDUWDNSNDJ%^%^&DWDLWwdsad;
'(,,--.000013
167888:=>=@?BDEIIIS^
;@Qbcbbo
!&'*+-
*//33565778;=?
x$&*++,--/046I
ssssss
sssssssss
YLFCEDECCCDCCECCDEEECIS@JIB
fkmknnnm
nnmmlnooi

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 53179 224.0.0.252 5355
192.168.56.101 49642 224.0.0.252 5355
192.168.56.101 137 192.168.56.255 137
192.168.56.101 61714 114.114.114.114 53
192.168.56.101 61714 8.8.8.8 53
192.168.56.101 56933 8.8.8.8 53
192.168.56.101 138 192.168.56.255 138
192.168.56.101 58485 114.114.114.114 53
192.168.56.101 57665 114.114.114.114 53

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.