0.9
低危
DACN
0.12
FACILE
1.00
IMCLNet
0.63
MFGraph
0.00
反病毒引擎
| 查杀引擎 | 查杀结果 | 查杀时间 | 查杀版本 |
|---|---|---|---|
| Alibaba | None | 20190527 | 0.3.0.5 |
| Avast | Win32:Regrun-II [Trj] | 20200531 | 18.4.3895.0 |
| Baidu | Win32.Worm.Pronny.d | 20190318 | 1.0.0.2 |
| CrowdStrike | win/malicious_confidence_100% (D) | 20190702 | 1.0 |
| Kingsoft | None | 20200531 | 2013.8.14.323 |
| McAfee | VBObfus.df | 20200531 | 6.0.6.653 |
| Tencent | Malware.Win32.Gencirc.10b8cf67 | 20200531 | 1.0.0.1 |
静态指标
动态指标
网络通信
与未执行 DNS 查询的主机进行通信
(2 个事件)
| host | 114.114.114.114 | |||
| host | 8.8.8.8 | |||
文件已被 VirusTotal 上 47 个反病毒引擎识别为恶意
(47 个事件)
| APEX | Malicious |
| AVG | Win32:Regrun-II [Trj] |
| Acronis | suspicious |
| Ad-Aware | Gen:Heur.PonyStealer.MLT.1 |
| AhnLab-V3 | Trojan/Win32.Jorik.C81311 |
| Antiy-AVL | Trojan/Win32.VBKrypt |
| Arcabit | Trojan.PonyStealer.MLT.1 |
| Avast | Win32:Regrun-II [Trj] |
| Avira | TR/Spy.Agent.135173 |
| Baidu | Win32.Worm.Pronny.d |
| BitDefender | Gen:Heur.PonyStealer.MLT.1 |
| BitDefenderTheta | Gen:NN.ZevbaF.34122.kmY@aCrWQW |
| CMC | Trojan.Win32.VBKrypt!O |
| ClamAV | Win.Trojan.Vbcrypt-5743559-0 |
| Comodo | Worm.Win32.Vobfus.~s@4m2ayb |
| CrowdStrike | win/malicious_confidence_100% (D) |
| Cybereason | malicious.85b7db |
| Cylance | Unsafe |
| Emsisoft | Gen:Heur.PonyStealer.MLT.1 (B) |
| Endgame | malicious (high confidence) |
| F-Secure | Trojan.TR/Spy.Agent.135173 |
| FireEye | Generic.mg.0d1b19285b7db7d4 |
| Fortinet | W32/WBNA.BHS!worm |
| GData | Win32.Trojan.VB.ABD |
| Ikarus | Worm.Win32.VBNA |
| Invincea | heuristic |
| K7AntiVirus | NetWorm ( 700000151 ) |
| K7GW | NetWorm ( 700000151 ) |
| Kaspersky | Trojan.Win32.VBKrypt.hzgk |
| MAX | malware (ai score=81) |
| McAfee | VBObfus.df |
| McAfee-GW-Edition | BehavesLike.Win32.Generic.ct |
| MicroWorld-eScan | Gen:Heur.PonyStealer.MLT.1 |
| Microsoft | Trojan:Win32/Wacatac.C!ml |
| NANO-Antivirus | Trojan.Win32.VBKrypt.hbkwhf |
| Qihoo-360 | Win32/Trojan.d5b |
| Rising | Trojan.VBKrypt!8.5C0 (C64:YzY0OnvQtDAN3ZeM) |
| Sangfor | Malware |
| SentinelOne | DFI - Malicious PE |
| Symantec | ML.Attribute.HighConfidence |
| Tencent | Malware.Win32.Gencirc.10b8cf67 |
| Trapmine | malicious.high.ml.score |
| TrendMicro | TROJ_GEN.R007C0PEV20 |
| TrendMicro-HouseCall | TROJ_GEN.R007C0PEV20 |
| Yandex | Trojan.VBGent.Gen.570 |
| ZoneAlarm | Trojan.Win32.VBKrypt.hzgk |
| eGambit | Unsafe.AI_Score_99% |
二进制图像
288x288
224x224
192x192
160x160
128x128
96x96
64x64
32x32
运行截图
暂无运行截图
该样本运行过程中未生成截图
PE Compile Time
2011-08-25 11:15:04
Sections
| Name | Virtual Address | Virtual Size | Size of Raw Data | Entropy |
|---|---|---|---|---|
| .text | 0x00001000 | 0x00019000 | 0x00019000 | 4.837957022590502 |
| .data | 0x0001a000 | 0x00000630 | 0x00001000 | 0.0 |
| .rsrc | 0x0001b000 | 0x0001c000 | 0x00006000 | 4.94218190218852 |
L!This program cannot be run in DOS mode.
0Rich1
MSVBVM60.DLL
OswRsOsD
PsjRsMOsBsrRsnPsXOs1hRsOsNshPs
PsOoPsbrRsNs>UPs
QswUPsnPssPs
QsEtPshPs)uPsNsPOsjPsOs
Qs@9RsJOsBsGPsF
QsOs]QsPs]Qs
pPsuRs.Qs&nPsIOs
QsnRs*aQssoPs?Os}Ps\Os
Ps"UPsOsUPsE
PsBs4uRsOs6
Qs\PsVOs
Ps2vRs`vRs$FPs
|QsxNs
Qsj|Ps
uRsz]Qs-PsOs
PsgPsUPsOsfLPsOs
PsDROskQsNs];Os~BsOs:RswRsz
QsjPs/OsEjPsdRsOsZ]Os
PsPs5BstLPs%OswRsBsmRsOspuRskPskRs
QstjPshNslPs
Ps-PsQsHOsePsXLPsQPsfzPs0jPsmLPsOs
BvlRAgdCVn
VB5!6&*
ViRGCBzQ
aaaaaaaaa
BvlRAgdCVn
frtevkFuWjVSCnf1
BvlRAgdCVn
+3q"=h
VBA6.DLL
__vbaRecDestruct
__vbaUI1Var
__vbaVar2Vec
__vbaVarAnd
__vbaVarNot
__vbaPutOwner3
__vbaVarIndexLoad
__vbaGetOwner4
__vbaVarMul
__vbaVarAdd
__vbaI2Var
__vbaFpCmpCy
__vbaFpR8
__vbaVarCopy
__vbaPut4
__vbaPut3
__vbaFileClose
__vbaGet3
__vbaFileOpen
__vbaFpUI1
__vbaUI1I4
__vbaFPInt
__vbaLsetFixstr
__vbaStrFixstr
__vbaStrVarVal
__vbaStrVarCopy
__vbaAryMove
__vbaEnd
__vbaFreeObj
__vbaHresultCheckObj
__vbaNew2
__vbaLenBstrB
__vbaInStr
__vbaFixstrConstruct
__vbaVarInt
__vbaVarSub
__vbaI4Var
__vbaVarDup
__vbaAryVar
__vbaAryCopy
__vbaVarCat
__vbaStrVarMove
__vbaRedimPreserve
__vbaStrCmp
__vbaI2I4
__vbaPowerR8
__vbaFpI4
__vbaMidStmtBstr
__vbaFreeVarList
__vbaErase
__vbaVarMove
__vbaVarZero
__vbaStrI2
__vbaVarVargNofree
__vbaI4ErrVar
MSVBVM60.DLL
__vbaUbound
__vbaAryConstruct2
__vbaErrorOverflow
__vbaFreeVar
__vbaUI1I2
__vbaLenBstr
__vbaRedim
__vbaStrCopy
__vbaSetSystemError
__vbaAryDestruct
__vbaGenerateBoundsError
__vbaAryUnlock
__vbaAryLock
__vbaDerefAry1
__vbaFreeStrList
__vbaStrI4
__vbaStrCat
__vbaStrMove
__vbaFreeStr
__vbaStrToUnicode
__vbaStrToAnsi
__vbaOnError
j0XSVWeE8
EPEPEPEP8EPEPEPEPj
#MTEPEPEPEPj
DEP5xA
j`XSVWeE(
fEfEf;E
EE]EQQ
fEfEf;E
MP[ME-
MPbME>
M:PM2EK
EPEPEPEPj
$j4u0V
EPEP[EPEPj
PTPDPP4P$PP
P$P4PDPTPdPtPPPPPPPPP
P$P4PDPTPdPtPEPEPEPj
jvTPji4P
PqjoPcjaPUjlPGjlP9
jg4PEPPEPPEPtP
PPlPPPXPPPDPPP0PPtP
PPTPPPDPP4P$P
$P4PDPTPdPtPPPPPPPPP
P$P4PDPTPdPtPEPEPEPj
j.P#jnP
PEPEPPEPtP
PPdPPTPDP
PP\PPPHPPP4PPP PPP
PPtPPdPTPPPDP
DPTPdPtPPPPPPPPP
P$P4PDPTPdPtPEPEPEPj
EPEPEP_PEP[
jtX SVWeE
EPEPEP'
UMEPEPEPEPj
EPEPEPEPEPj
jTXSVWeEP
hPxPPXP
XPhPxPPj
XPhPxPPj
SVWeEH
PPPPhPPPPj
X(SVWeE
EPEPEPEP-EPEPEPEPj
@EPEPEPEPj
EPEPEPEPj
~EP5HA
+~EP5A
EPEP{|hQ@
}EP}EPEPj
zSVWeEP
P{jeP{jFP{
jmPP'{
PEPEPzPPEPzPpP`PzPPPPzP@P0PzPP PzP
P|zPPPhzPPPTzPPP@zPPP,zPPP
<rEP5\A
&EPEPEPEPj
MrMrfE
$oSVWeE
PdP7odP=o
MMpdoE
j@PdPmPh
.mdP|P'mP'm
Mn|PPj
jk4P]mjp
joP-mjcP mj
uPdPTP
mPPDPlP4P$PlPP
PlPPPlPPPmlPxPkPk
fdtPxP|PPj
P$P4PDPTPdPj
PajsPa
jFPNajidP@a
P`jzP`jeP`
EPEPEP`PEPEP`PtPdP`PPTP`PDP4Pw`PP$Pc`PpP
PP;`PPP'`P`PP
`PPP_PPPP_PPtP_PdPTP_P@PDP_P4P$P_P0P
PPs_PPP__PPPK_P PP7_P7_
P$P4PDPTPdPtPPPPPPPPP
P$P4PDPTPdPtPEPEPEPEPEPPPPPPj#^
PPPPPP
P$P4PDPTPdPtPPPPPPPPP
P$P4PDPTPdPtPEPEPEPEPEPj#\
j@XYSVWeE
MF\P[M>\E
UM*[hh@
jpXdXSVWeE @
SPEPWz
MREPEPEPEPEPEPj
MRP_RMRE
MTRPEPy
M@RP4R
M0RPEP
RPEPIy
MQEPEPEPEPEPEPEPEPj
$3P]h@
MlQEPEPEPEPEPEPEPEPj
j|XMSVWeE @
EPEP-OEPEPj
NEP5hA
LSVWeE
EPEPMEPM
LEP5HA
KEP5HA
EPKKEE
KEP5HA
HSVWeE @
EPEPEPEP-BEPEPEPEPj
XPEPEP1APHPEP AP8PEP
AP(PxP@P
PhP@P@
MAhPxPEPEPEPEPj
MAP@MAE
MXAPLA
MHAMFAE
M@EPEP
EPEPEPN?PXPEP=?P=?
MM@MK@EPEPEPEPj
M?P>M?E
XPEPEP=PHPEP=P8PEP=P=
M>EPEPEPEPj
M|>Pp>
Ml>Mj>E
XPEPEP<PHPEP<P<
M=EPEPEPj
M<Ph=@
M<EPEPEPEPj
Mt<Ph<
Md<Mb<E
M2<hI@
M7<EPEPEPEPj
hPxPEPEPEPEPj
8SVWeE!@
EPEPEPEPl:EPEPEPE
j@PP@P1@P1
M2@PPPj
PPPd1PPj1
j@PP@P
M1@PPPj
PPP 0PP&0
l31P0E
j@PP@P2/@P8/
hE0@PPPj
PPP.PP.
M/Px/E#
PP@P-@PPPj
`.Ph A
`.Ph$A
0P@PPP P
- P0P@PPPj
M,PEPj
M,P|+E0
0P@PPP PZ, P0P@PPPj
0M+Pjh
PP@PK+@PPPj
+@PPPj
M^*PPA
v!EP58A
j:LEPj
< EP5HA
~ PEP MZ E
l EP? EE
S7LEPj
EPDgM:
fEfEf;E
SVWeEh%@
EPEPEPEPEPj
EPEPfEfE
EPEPf|u
EPEPEPEPEPj
EPEPfEfE
EPEPf|u
EPEPEPEPEPj
EPEPfEfE
EPEPf|EPE
EPEPEPEPj
EPEP*fEfE
EPEPEPEPEPj
EPEPf|u
EPEPEPEPEPj
EPEPBfEfE
EPEP%f|u
EPEPEPEPEPj
EPEPkfEfE
EPEPNf|u
EPEPEPEPEPj
EPEPEPEPEPj
SVWeE&@
EPEPEPj
qEPEPEPEPj
M\P50A
0uu/0@
M<PREE
0uuN0_
M[PqEE
TEP5xA
3SVWeE(@
MPMPjh
UM]EP\
MmPEPj
EPEPEPEPIEPEPEPEPj
MMPMHPjh
EPEPEPj
EPEPEPEPj
FEPEPEPj
pPEPEPEPEPj
xSVWeE)@
P:|EP|EE
upP|EPO|EE
u PSxEPxEE
M^EP%EP
jLXSVWeE0*@
MqPMiE
$EPuEHH
$|Pau|P
E|PEPj
j@hPEPEP
$EP;sEPEME
$EPrEPbE
$EPpEP}@@
0EPquulp
XPhP|P
EP-|PuE
-EP|PEPj
j\X\SVWeE
$EP5HA
EPEP!EPEPj
MGP5\A
MPEPEPx
EPEPEPEPj
M>PBM6i
Q0ft^j
30Ht@j
EPEPEPj
A0Vt^j
#08t@j
EPEPEPj
MyP}Mq
PEP,EPEPj
PEPEPEPj
mEPEPEPEPj
P0P@PPP`PpPEPEPEPEPj
EPEPEPEP
EPEPEPEPj
-MgEPEPEPj
SVWeE.@
MSVBVM60.DLL
__vbaVarSub
__vbaStrI2
_CIcos
_adj_fptan
__vbaStrI4
__vbaVarMove
__vbaVarVargNofree
__vbaFreeVar
__vbaAryMove
__vbaLenBstr
__vbaStrVarMove
__vbaFreeVarList
__vbaEnd
__vbaPut3
_adj_fdiv_m64
__vbaPut4
_adj_fprem1
__vbaStrCat
__vbaLsetFixstr
__vbaSetSystemError
__vbaRecDestruct
__vbaLenBstrB
__vbaHresultCheckObj
_adj_fdiv_m32
__vbaAryVar
__vbaAryDestruct
__vbaOnError
_adj_fdiv_m16i
_adj_fdivr_m16i
__vbaVarIndexLoad
__vbaStrFixstr
__vbaFpR8
_CIsin
__vbaErase
__vbaVarZero
__vbaChkstk
__vbaFileClose
__vbaGenerateBoundsError
__vbaStrCmp
__vbaGet3
__vbaAryConstruct2
__vbaPutOwner3
__vbaI2I4
DllFunctionCall
__vbaFpUI1
__vbaRedimPreserve
_adj_fpatan
__vbaFixstrConstruct
__vbaRedim
__vbaUI1I2
_CIsqrt
__vbaVarAnd
__vbaUI1I4
__vbaFpCmpCy
__vbaVarMul
__vbaExceptHandler
__vbaStrToUnicode
_adj_fprem
###################################
E;;;;E;;;;;;;;;;;;;;;;8888888888888#
fcceh;#
9<@cy;#
341=('&
:mqOOd&
>)77Mx
622uR-R
#)00BxC*-/C
>-0-R:
!!!!!!"
{xdd"##"#"5a
}ygi#&%%"!
ViRGCBzQMG
0icCqLc
m2s:}p
^ }cWi*r
K7x>jkw
Nsu-wz
k}:b}O?c
{Yl@G$n@D(6@
LYjC+Gj+,!
iM1Ou~+
^0u!/1
A]}~n-HK5mE
b4/LsqT&C
#GO$^"DM
x#6LtV
Z|*SV~/b /6
:Q hkSgv
hpqfw&
$5~,4{2
UWF/j2
}k3%R^qna
xR3r_K
\J*O{t8
!"[*~;=*;!LS1,!:
<m86-b^G_
*\;Y`w
SfRIGT Y;'1;36aYN[:"Nb
e)Kdv:j1uR[CW
SZj@9-
"G91 Fm7 :Mk
#*9H@84_B
<[?^8P
]ej&SEqVO=O#w\]KdVeogUF*r>d
8<mEY[X
st;1D3R"X9q
x dux1
PADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGs
KKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKK
KKKKKKK
f|Nefg
NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN
sPbcrocS
./p,c4
NNNNNNNNNNNNNN
NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN
N;<t`t
u4KKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKK???
lKKKKKKKKKKKKKKK
@�@�@�@�m�A�
R�k�6�4�D�0�Y�1�3�L�
A�C�8�9�n�L�3�k�G�5�S�
A�m�n�o�o�z�e�9�4�B�k�8�L�1�u�q�
V�B�5�!�6�&�*�
V�i�R�G�C�B�z�Q�
a�a�a�a�a�a�a�a�a�
B�v�l�R�A�g�d�C�V�n�
f�r�t�e�v�k�F�u�W�j�V�S�C�n�f�1�
B�v�l�R�A�g�d�C�V�n�
p�o�3�4�0�2�9�4�0�2�3�4�j�3�4�5�k�3�4�j�5�k�4�j�n�4�4�5�6�m�n�m�n�6�m�n�5�
S�e�c�r�e�t�
P�a�s�s�w�o�r�d�s�
_�_�v�b�a�F�r�e�e�O�b�j�
_�_�v�b�a�H�r�e�s�u�l�t�C�h�e�c�k�O�b�j�
_�_�v�b�a�N�e�w�2�
_�_�v�b�a�L�e�n�B�s�t�r�B�
_�_�v�b�a�I�n�S�t�r�
_�_�v�b�a�F�i�x�s�t�r�C�o�n�s�t�r�u�c�t�
_�_�v�b�a�V�a�r�I�n�t�
_�_�v�b�a�V�a�r�S�u�b�
_�_�v�b�a�I�4�V�a�r�
_�_�v�b�a�V�a�r�D�u�p�
_�_�v�b�a�A�r�y�V�a�r�
_�_�v�b�a�A�r�y�C�o�p�y�
_�_�v�b�a�V�a�r�C�a�t�
_�_�v�b�a�S�t�r�V�a�r�M�o�v�e�
_�_�v�b�a�R�e�d�i�m�P�r�e�s�e�r�v�e�
_�_�v�b�a�S�t�r�C�m�p�
_�_�v�b�a�I�2�I�4�
_�_�v�b�a�P�o�w�e�r�R�8�
_�_�v�b�a�F�p�I�4�
_�_�v�b�a�M�i�d�S�t�m�t�B�s�t�r�
_�_�v�b�a�F�r�e�e�V�a�r�L�i�s�t�
_�_�v�b�a�E�r�a�s�e�
_�_�v�b�a�V�a�r�M�o�v�e�
_�_�v�b�a�V�a�r�Z�e�r�o�
_�_�v�b�a�S�t�r�I�2�
_�_�v�b�a�V�a�r�V�a�r�g�N�o�f�r�e�e�
_�_�v�b�a�I�4�E�r�r�V�a�r�
M�S�V�B�V�M�6�0�.�D�L�L�
_�_�v�b�a�U�b�o�u�n�d�
_�_�v�b�a�A�r�y�C�o�n�s�t�r�u�c�t�2�
_�_�v�b�a�E�r�r�o�r�O�v�e�r�f�l�o�w�
_�_�v�b�a�F�r�e�e�V�a�r�
_�_�v�b�a�U�I�1�I�2�
_�_�v�b�a�L�e�n�B�s�t�r�
_�_�v�b�a�R�e�d�i�m�
_�_�v�b�a�S�t�r�C�o�p�y�
_�_�v�b�a�S�e�t�S�y�s�t�e�m�E�r�r�o�r�
_�_�v�b�a�A�r�y�D�e�s�t�r�u�c�t�
_�_�v�b�a�G�e�n�e�r�a�t�e�B�o�u�n�d�s�E�r�r�o�r�
_�_�v�b�a�A�r�y�U�n�l�o�c�k�
_�_�v�b�a�A�r�y�L�o�c�k�
_�_�v�b�a�D�e�r�e�f�A�r�y�1�
_�_�v�b�a�F�r�e�e�S�t�r�L�i�s�t�
_�_�v�b�a�S�t�r�I�4�
_�_�v�b�a�S�t�r�C�a�t�
_�_�v�b�a�S�t�r�M�o�v�e�
_�_�v�b�a�F�r�e�e�S�t�r�
_�_�v�b�a�S�t�r�T�o�U�n�i�c�o�d�e�
_�_�v�b�a�S�t�r�T�o�A�n�s�i�
_�_�v�b�a�O�n�E�r�r�o�r�
@�@�@�@�@�@�@�@�
M�S�V�B�V�M�6�0�.�D�L�L�
_�_�v�b�a�V�a�r�S�u�b�
_�_�v�b�a�S�t�r�I�2�
_�C�I�c�o�s�
_�a�d�j�_�f�p�t�a�n�
_�_�v�b�a�S�t�r�I�4�
_�_�v�b�a�V�a�r�M�o�v�e�
_�_�v�b�a�V�a�r�V�a�r�g�N�o�f�r�e�e�
_�_�v�b�a�F�r�e�e�V�a�r�
_�_�v�b�a�A�r�y�M�o�v�e�
_�_�v�b�a�L�e�n�B�s�t�r�
_�_�v�b�a�S�t�r�V�a�r�M�o�v�e�
_�_�v�b�a�F�r�e�e�V�a�r�L�i�s�t�
_�_�v�b�a�E�n�d�
_�_�v�b�a�P�u�t�3�
_�a�d�j�_�f�d�i�v�_�m�6�4�
_�_�v�b�a�P�u�t�4�
_�a�d�j�_�f�p�r�e�m�1�
_�_�v�b�a�S�t�r�C�a�t�
_�_�v�b�a�L�s�e�t�F�i�x�s�t�r�
_�_�v�b�a�S�e�t�S�y�s�t�e�m�E�r�r�o�r�
_�_�v�b�a�R�e�c�D�e�s�t�r�u�c�t�
_�_�v�b�a�L�e�n�B�s�t�r�B�
_�_�v�b�a�H�r�e�s�u�l�t�C�h�e�c�k�O�b�j�
_�a�d�j�_�f�d�i�v�_�m�3�2�
_�_�v�b�a�A�r�y�V�a�r�
_�_�v�b�a�A�r�y�D�e�s�t�r�u�c�t�
_�_�v�b�a�O�n�E�r�r�o�r�
_�a�d�j�_�f�d�i�v�_�m�1�6�i�
_�a�d�j�_�f�d�i�v�r�_�m�1�6�i�
_�_�v�b�a�V�a�r�I�n�d�e�x�L�o�a�d�
_�_�v�b�a�S�t�r�F�i�x�s�t�r�
_�_�v�b�a�F�p�R�8�
_�C�I�s�i�n�
_�_�v�b�a�E�r�a�s�e�
_�_�v�b�a�V�a�r�Z�e�r�o�
_�_�v�b�a�C�h�k�s�t�k�
_�_�v�b�a�F�i�l�e�C�l�o�s�e�
_�_�v�b�a�G�e�n�e�r�a�t�e�B�o�u�n�d�s�E�r�r�o�r�
_�_�v�b�a�S�t�r�C�m�p�
_�_�v�b�a�G�e�t�3�
_�_�v�b�a�A�r�y�C�o�n�s�t�r�u�c�t�2�
_�_�v�b�a�P�u�t�O�w�n�e�r�3�
_�_�v�b�a�I�2�I�4�
D�l�l�F�u�n�c�t�i�o�n�C�a�l�l�
_�_�v�b�a�F�p�U�I�1�
_�_�v�b�a�R�e�d�i�m�P�r�e�s�e�r�v�e�
_�a�d�j�_�f�p�a�t�a�n�
_�_�v�b�a�F�i�x�s�t�r�C�o�n�s�t�r�u�c�t�
_�_�v�b�a�R�e�d�i�m�
_�_�v�b�a�U�I�1�I�2�
_�C�I�s�q�r�t�
_�_�v�b�a�V�a�r�A�n�d�
_�_�v�b�a�U�I�1�I�4�
_�_�v�b�a�F�p�C�m�p�C�y�
_�_�v�b�a�V�a�r�M�u�l�
_�_�v�b�a�E�x�c�e�p�t�H�a�n�d�l�e�r�
_�_�v�b�a�S�t�r�T�o�U�n�i�c�o�d�e�
_�a�d�j�_�f�p�r�e�m�
I�C�O�N�4�(�
!�*�5�:�!�(�4�1�
5�9�1�0�5�9�6�!�'�"�'�!�+�)�:�<�1�)�4�9�
/�=�=�4�5�@�E�J�B�J�R�c�A�G�D�G�L�M�K�J�F�T�B�E�U�V�Q�Z�T�^�Z�Z�_�M�R�Y�X�P�]�[�\�]�f�b�n�d�n�j�{�p�r�~�b�h�h�t�|�z�c�c�a�b�f�e�j�`�c�f�k�i�m�n�m�w�y�z�}�w�}�}�p�t�q�v�q�t�m�q�~�v�v�z�z�}�z�}�
7�(�9�5�Y�}�t�r�
T�A�E�I�Z�X�
{�=�Z�Z�k�s�y�d�i�t�y�y�M�K�W�B�Z�H�S�c�h�M�V�Z�j�u�j�z�g�p�b�x�|�g�s�x�}�
<�r�i�k�u�v�{�z�l�w�
Z�N�T�\�E�V�P�
~�f�y�p�q�w�}�y�
s�2�F�|�A�B�l�n�%�
(�;�>� �#�7�(�T�:�
1�'�+�1�5�4�K�f�
#�#�#�#�#�#�#�#�#�#�#�#�#�#�#�#�#�#�#�#�#�#�#�#�#�#�#�#�#�#�#�#�#�#�#�
E�;�;�;�;�E�;�;�;�;�;�;�;�;�;�;�;�;�;�;�;�;�8�8�8�8�8�8�8�8�8�8�8�8�8�#�
�9�<�@�c�y�
:�m�q�O�O�d�
>�)�7�7�M�x�
#�)�0�0�B�x�
/�-�P�?�p�R�
b�4�/�L�s�q�
q�q�q�q�q�q�9�o�p�0�s�
V�S�_�V�E�R�S�I�O�N�_�I�N�F�O�
V�a�r�F�i�l�e�I�n�f�o�
T�r�a�n�s�l�a�t�i�o�n�
S�t�r�i�n�g�F�i�l�e�I�n�f�o�
0�4�0�9�0�4�B�0�
P�r�o�d�u�c�t�N�a�m�e�
Y�c�z�e�z�J�y�E�f�H�W�q�j�
F�i�l�e�V�e�r�s�i�o�n�
P�r�o�d�u�c�t�V�e�r�s�i�o�n�
I�n�t�e�r�n�a�l�N�a�m�e�
V�i�R�G�C�B�z�Q�
O�r�i�g�i�n�a�l�F�i�l�e�n�a�m�e�
V�i�R�G�C�B�z�Q�.�e�x�e�
P�A�D�D�I�N�G�X�X�P�A�D�D�I�N�G�P�A�D�D�I�N�G�X�X�P�A�D�D�I�N�G�P�A�D�D�I�N�G�X�X�P�A�D�D�I�N�G�P�A�D�D�I�N�G�X�X�P�A�D�D�I�N�G�P�A�D�D�I�N�G�X�X�P�A�D�D�I�N�G�P�A�D�D�I�N�G�X�X�P�A�D�D�I�N�G�P�A�D�D�I�N�G�X�X�P�A�D�D�I�N�G�P�A�D�D�I�N�G�X�X�P�A�D�D�I�N�G�P�A�D�D�I�N�G�X�X�P�A�D�D�I�N�G�P�A�D�D�I�N�G�X�X�P�A�D�D�I�N�G�P�A�D�D�I�N�G�X�X�P�A�D�D�I�N�G�P�A�D�D�I�N�G�X�X�P�A�D�D�I�N�G�P�A�D�D�I�N�G�X�X�P�A�D�D�I�N�G�P�A�D�D�I�N�G�X�X�P�A�D�D�I�N�G�P�A�D�D�I�N�G�X�X�P�A�D�D�I�N�G�P�A�D�D�I�N�G�X�X�P�A�D�D�I�N�G�P�A�D�D�I�N�G�X�X�P�A�D�D�I�N�G�P�A�D�D�I�N�G�X�X�P�A�D�D�I�N�G�P�A�D�D�I�N�G�X�X�P�A�D�D�I�N�G�P�A�D�D�I�N�G�X�X�P�A�D�D�I�N�G�P�A�D�D�I�N�G�X�X�P�A�D�D�I�N�G�P�A�D�D�I�N�G�X�X�P�A�D�D�I�N�G�P�A�D�D�I�N�G�X�X�P�A�D�D�I�N�G�P�A�D�D�I�N�G�X�X�P�A�D�D�I�N�G�P�A�D�D�I�N�G�X�X�P�A�D�D�I�N�G�P�A�D�D�I�N�G�X�X�P�A�D�D�I�N�G�P�A�D�D�I�N�G�X�X�P�A�D�D�I�N�G�P�A�D�D�I�N�G�X�X�P�A�D�D�I�N�G�P�A�D�D�I�N�G�X�X�P�A�D�D�I�N�G�P�A�D�D�I�N�G�X�X�P�A�D�D�I�N�G�P�A�D�D�I�N�G�X�X�P�A�D�D�I�N�G�P�A�D�D�I�N�G�X�X�P�A�D�D�I�N�G�P�A�D�D�I�N�G�X�X�P�A�D�D�I�N�G�P�A�D�D�I�N�G�X�X�P�A�D�D�I�N�G�P�A�D�D�I�N�G�X�X�P�A�D�D�I�N�G�P�A�D�D�I�N�G�X�X�P�A�D�D�I�N�G�P�A�D�D�I�N�G�X�X�P�A�D�D�I�N�G�P�A�D�D�I�N�G�X�X�P�A�D�D�I�N�G�P�A�D�D�I�N�G�X�X�P�A�D�D�I�N�G�P�A�D�D�I�N�G�X�X�P�A�D�D�I�N�G�P�A�D�D�I�N�G�X�X�P�A�D�D�I�N�G�P�A�D�D�I�N�G�X�X�P�A�D�D�I�N�G�P�A�D�D�I�N�G�X�X�P�A�D�D�I�N�G�P�A�D�D�I�N�G�X�X�P�A�D�D�I�N�G�P�A�D�D�I�N�G�X�X�P�A�D�D�I�N�G�P�A�D�D�I�N�G�X�X�P�A�D�D�I�N�G�P�A�D�D�I�N�G�X�X�P�A�D�D�I�N�G�P�A�D�D�I�N�G�X�X�P�A�D�D�I�N�G�P�A�D�D�I�N�G�X�X�P�A�D�D�I�N�G�P�A�D�D�I�N�G�X�X�P�A�D�D�I�N�G�P�A�D�D�I�N�G�X�X�P�A�D�D�I�N�G�P�A�D�D�I�N�G�X�X�P�A�D�D�I�N�G�
K�K�K�K�K�K�K�K�K�K�K�K�K�K�K�K�K�K�K�K�K�K�K�K�K�K�K�K�K�K�K�K�K�K�K�K�K�K�K�K�K�K�K�K�K�K�K�K�K�K�K�K�K�K�K�K�K�K�K�K�K�K�K�K�K�K�K�K�K�K�K�K�K�K�K�K�K�K�K�K�
K�K�K�K�K�K�K�
l�K�K�K�K�K�K�K�K�K�K�K�K�K�K�K�
Hosts
| IP |
|---|
| 114.114.114.114 |
| 8.8.8.8 |
DNS
| Name | Response | Post-Analysis Lookup |
|---|---|---|
| dns.msftncsi.com | A 131.107.255.255 | 131.107.255.255 |
| dns.msftncsi.com | AAAA fd3e:4f5a:5b81::1 | 131.107.255.255 |
TCP
No TCP connections recorded.
UDP
| Source | Source Port | Destination | Destination Port |
|---|---|---|---|
| 192.168.56.101 | 53179 | 224.0.0.252 | 5355 |
| 192.168.56.101 | 49642 | 224.0.0.252 | 5355 |
| 192.168.56.101 | 137 | 192.168.56.255 | 137 |
| 192.168.56.101 | 61714 | 114.114.114.114 | 53 |
| 192.168.56.101 | 61714 | 8.8.8.8 | 53 |
| 192.168.56.101 | 56933 | 8.8.8.8 | 53 |
| 192.168.56.101 | 138 | 192.168.56.255 | 138 |
HTTP & HTTPS Requests
No HTTP requests performed.
ICMP traffic
No ICMP traffic performed.
IRC traffic
No IRC requests performed.
Suricata Alerts
No Suricata Alerts
Suricata TLS
No Suricata TLS
Snort Alerts
No Snort Alerts
Sorry! No dropped files.
Sorry! No dropped buffers.