2.2
中危
DACN
0.14
FACILE
1.00
IMCLNet
0.61
MFGraph
0.00
反病毒引擎
未检测
暂无反病毒引擎检测结果
静态指标
检查进程是否被调试器调试
(2 个事件)
| Time & API | Arguments | Status | Return | Repeated |
|---|---|---|---|---|
|
1727545286.547125 IsDebuggerPresent |
failed | 0 | 0 | |
|
1727545287.0305 IsDebuggerPresent |
failed | 0 | 0 |
可执行文件包含未知的 PE 段名称,可能指示打包器(可能是误报)
(2 个事件)
| section | RjcHalKw |
| section | qmpJQplM |
动态指标
分配可读-可写-可执行内存(通常用于自解压)
(2 个事件)
在文件系统上创建可执行文件
(1 个事件)
| file | C:\Users\Administrator\AppData\Local\Temp\psie.exe |
投放一个二进制文件并执行它
(1 个事件)
| file | C:\Users\Administrator\AppData\Local\Temp\psie.exe |
将可执行文件投放到用户的 AppData 文件夹
(1 个事件)
| file | C:\Users\Administrator\AppData\Local\Temp\psie.exe |
一个进程创建了一个隐藏窗口
(1 个事件)
该二进制文件可能包含加密或压缩数据,表明使用了打包工具
(2 个事件)
| section | {'name': 'qmpJQplM', 'virtual_address': '0x00008000', 'virtual_size': '0x00002000', 'size_of_data': '0x00001400', 'entropy': 7.536265256010841} | entropy | 7.536265256010841 | description | 发现高熵的节 | |||||||||
| entropy | 0.5263157894736842 | description | 此PE文件的整体熵值较高 | |||||||||||
网络通信
与未执行 DNS 查询的主机进行通信
(4 个事件)
| host | 193.239.71.113 | |||
| host | 74.125.135.26 | |||
| host | 172.253.113.27 | |||
| host | 114.114.114.114 | |||
连接到不再响应请求的 IP 地址(合法服务通常会保持运行)
(1 个事件)
| dead_host | 162.241.85.94:443 |
二进制图像
288x288
224x224
192x192
160x160
128x128
96x96
64x64
32x32
运行截图
暂无运行截图
该样本运行过程中未生成截图
PE Compile Time
2013-11-13 03:03:37
PE Imphash
1d583e55dd90fae937cd048052dc060d
Sections
| Name | Virtual Address | Virtual Size | Size of Raw Data | Entropy |
|---|---|---|---|---|
| RjcHalKw | 0x00001000 | 0x00007000 | 0x00000000 | 0.0 |
| qmpJQplM | 0x00008000 | 0x00002000 | 0x00001400 | 7.536265256010841 |
| .rsrc | 0x0000a000 | 0x00002000 | 0x00001200 | 5.7681289647666105 |
Resources
| Name | Offset | Size | Language | Sub-language | File type |
|---|---|---|---|---|---|
| RT_ICON | 0x0000a0ec | 0x00000ea8 | LANG_ENGLISH | SUBLANG_ENGLISH_US | None |
| RT_GROUP_ICON | 0x0000af98 | 0x00000014 | LANG_ENGLISH | SUBLANG_ENGLISH_US | None |
| RT_MANIFEST | 0x0000afb0 | 0x0000015a | LANG_ENGLISH | SUBLANG_ENGLISH_US | None |
Imports
Library GDI32.dll:
• 0x40b15c GetStockObject
Library KERNEL32.DLL:
• 0x40b164 LoadLibraryA
• 0x40b168 ExitProcess
• 0x40b16c GetProcAddress
• 0x40b170 VirtualProtect
Library USER32.dll:
• 0x40b178 LoadIconA
L!This program cannot be run in DOS mode.
R:)RSR
RRichR
RjcHalKw
qmpJQplM
/?gQ!d3#
Vj#hw}
hLPhKd
Q)-I.9.
,U2m_,h
m"!OX-
@hO0E O
0%F]WE
PAW6PlWW
cQWURVpt*Lw
(u[_^]5
#j\Ph3
-4 jEh)G5l
E?pD_
v@VWAAf9
@#mH;Eu
s"'XEq3
jNbl:6CV
V85:a3Tj4S+mz#[
]?6(h9
y^Bkn"/
XO Hx0
lWR=k ".;{#gfb:" **Ciq(dQbfv
OQ;- m8b\e
=YX/-|}
VD&4H[
*GU:*_i6
>m%akSmNR='bB#{
`~a,"i.(l`-
p%^}ng
QRN/Db,bl=
"|#`fG
x?\cq;U
Cx0Y4|]t
Xdb')|4zbp
(Z {ap?i;(|y;7xcn
tvN 4}[A
+[|fWW
z$KYLA
"wOx4N
8.^YYTG4K%PzrI
[;L_Tg=T
5kfy;l)%
N;wyxW
\87,H}awDg
q%O[?Z],
TgS/$B
av<~D`O7Q;
|0KcBR
X.w;pO
M7 RD-b&. a\
$ WPb,OW9?
[C/`OD|~QS$a
QHa=Uig?
]h6ll&`te
O9O~ %k
7,9'>oa+_
+q> jamCC:,?.9n ;
JoL!uIe'O"&>c=s
{m/} 4\
~wNc$;
A/c=;]./-N
9\h[k.(
%#S"@C6ghk;?E:5
EW//]SQ
GYK Iu
A[Q>+ 5d!j0O
L/4]7p
\Ne4M:,
KWk "apoPw
Text stmw but)n
!]splay)
\P`8R%N
NHI&OKLV' ]XT
Cb5)WPR
>1+` P
O#^V{U[
(construc<
>?-E,%*T5(G2
,O@RR@
Y[0;`-
N+Z4.P7
A(&_1<U=
v)r'U!l
R/t6C4
TA--/36BAG;
QU%$AEA6
Heapnoc {o
Moduv{leHand
ReQS! Poin[m*r
t]|StCkObjec
MagwYst
Mch"Upd^[Wdow
LovCursorW
dvTrsl
9ExAXk]g^C3/
43,$C(>AKeyb.rd
z[NngAPE
}Y8dB`.Ha
'6nSOsrs@
OETHLdWV6-e|`.'K-k
XPTPSWXaD$j
,,,,,,,,
A988882222
WJJIIi888448242
dPONJJJJIl988484442
hyeeccc^^PPONJJJIp989464442
1eeeec^^^cRNOJJJIIK989946442
qeeeec^cYPPNOOJJIII888464Z[
ygeece^^^PPOOKJJIIp
geeec^c^PPd
hgeeecy
0i9;::444;
Fp99;8:4444
99;94:444
999:;46:3
rqggccc^YWP
!II9;;::464
,&%%Rqegcd^YY*
III9<9;;:6V\
,(**>cccY^J
,555=cdcY
,>>>>h^*
,??BEY
Oll99<::846\
,BEEE"
KOKUpA<;9::66\
,GGGGaE
>OOKKK<<;;;:6:V
,HHXXX
5WUOKKKA<<<<;;6::
,____a#
&PUKKKAA[<A<;;;:33
,``bbbM#
YOOA::::<<jj{
,}}}}+#
--.,,,,,,,,,,,,,,,,,,,,,,,,,,,
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
<security>
<requestedPrivileges>
<requestedExecutionLevel level="asInvoker" uiAccess="false"></requestedExecutionLevel>
</requestedPrivileges>
</security>
</trustInfo>
</assembly>
GDI32.dll
KERNEL32.DLL
USER32.dll
GetStockObject
ExitProcess
GetProcAddress
LoadLibraryA
VirtualProtect
LoadIconA
z�`�s�z�t�{�c�l�e�k�f�i�u�|�z�~�w�s�v�|�p�|�|�
C�:�\�D�o�c�u�m�e�n�t�s� �a�n�d� �S�e�t�t�i�n�g�s�\�k�f�t�w�o�-�s�h�e�n�\�
\�P�a�y�r�o�l�l�.�e�x�e�
C�:�\�o�7�H�8�p�q�S�a�.�e�x�e�
C�:�\�J�t�S�r�f�8�b�R�.�e�x�e�
C�:�\�Y�_�T�F�b�w�u�y�.�e�x�e�
C�:�\�M�v�f�L�n�1�C�8�.�e�x�e�
C�:�\�Y�e�4�A�S�Z�o�o�.�e�x�e�
C�:�\�G�4�b�L�2�7�x�j�.�e�x�e�
C�:�\�p�Z�n�S�x�P�d�h�.�e�x�e�
C�:�\�9�E�7�b�D�V�w�9�.�e�x�e�
C�:�\�y�F�d�i�S�Y�i�3�.�e�x�e�
C�:�\�A�_�4�S�w�X�7�s�.�e�x�e�
C�:�\�x�U�F�m�W�m�v�y�.�e�x�e�
C�:�\�U�b�U�h�n�o�b�Y�.�e�x�e�
C�:�\�3�Q�a�W�r�I�D�q�.�e�x�e�
C�:�\�x�r�z�S�H�1�R�s�.�e�x�e�
C�:�\�r�D�E�x�x�Z�2�a�.�e�x�e�
C�:�\�J�i�8�y�6�M�M�0�.�e�x�e�
C�:�\�n�8�Q�8�1�2�E�Z�.�e�x�e�
C�:�\�N�d�8�D�z�g�1�6�.�e�x�e�
C�:�\�s�O�9�S�N�s�C�l�.�e�x�e�
C�:�\�5�E�h�A�Y�w�p�w�.�e�x�e�
C�:�\�f�9�e�6�7�0�5�e�b�0�9�0�6�a�5�9�4�a�8�1�3�0�f�2�f�f�0�1�2�8�9�f�4�c�3�e�2�8�5�f�c�3�9�5�9�3�1�8�b�c�e�6�7�1�e�6�4�5�5�e�b�0�5�3�
C�:�\�9�1�e�7�5�b�2�5�d�8�7�4�a�c�5�b�d�7�1�c�a�f�9�b�3�b�9�9�b�6�f�2�e�7�8�f�f�1�3�6�7�5�f�2�8�a�6�5�4�e�b�7�9�b�b�0�d�6�e�c�e�4�d�a�
C�:�\�7�C�i�i�Z�k�I�7�.�e�x�e�
C�:�\�J�y�v�r�3�G�_�4�.�e�x�e�
C�:�\�v�5�o�2�w�u�j�Z�.�e�x�e�
C�:�\�W�X�4�a�Q�x�s�T�.�e�x�e�
C�:�\�m�2�t�_�W�a�s�S�.�e�x�e�
C�:�\�R�j�F�P�J�j�U�J�.�e�x�e�
C�:�\�6�0�e�s�w�P�s�N�.�e�x�e�
C�:�\�c�a�b�4�0�5�6�a�8�7�b�c�7�c�6�d�a�e�e�b�8�6�1�6�9�9�f�9�4�4�d�4�0�6�2�d�4�7�e�9�7�3�3�1�7�2�2�3�5�6�5�2�4�b�1�a�4�7�f�e�6�a�6�f�
C�:�\�4�9�9�b�e�9�1�2�3�6�6�3�d�c�6�4�e�0�3�0�4�7�2�9�4�2�6�0�5�b�a�f�6�b�8�e�4�6�b�1�4�9�7�4�8�1�a�d�3�2�d�1�3�d�d�0�d�f�2�f�a�2�9�c�
C�:�\�U�s�e�r�s�\�P�e�t�r�a�\�A�p�p�D�a�t�a�\�L�o�c�a�l�\�T�e�m�p�\�t�m�p�0�h�6�c�v�q�x�t�.�p�e�3�2�
c�:�\�t�a�s�k�\�8�7�3�A�0�A�4�3�C�C�6�D�6�B�3�4�6�B�A�2�9�1�0�A�6�D�B�1�7�4�9�D�.�e�x�e�
c�:�\�t�a�s�k�\�F�6�3�6�3�8�1�C�6�A�2�3�4�E�D�9�6�2�8�9�1�6�2�E�8�E�D�A�4�7�7�8�.�e�x�e�
c�:�\�t�a�s�k�\�0�4�9�A�E�B�9�E�9�1�7�2�8�D�1�D�C�C�4�A�9�F�3�2�7�0�0�3�8�D�0�9�.�e�x�e�
C�:�\�U�s�e�r�s�\�a�d�m�i�n�\�D�o�w�n�l�o�a�d�s�\�s�a�m�p�l�e�.�e�x�e�
C�:�\�U�s�e�r�s�\�a�d�m�i�n�\�D�o�w�n�l�o�a�d�s�\�s�a�m�p�l�e�.�e�x�e�
C�:�\�c�8�e�f�a�9�5�c�5�a�7�2�6�0�8�7�c�6�4�e�b�c�a�9�c�2�9�0�2�6�c�5�3�8�8�0�7�2�e�8�c�6�3�9�5�2�c�8�2�5�e�2�c�8�4�6�4�0�7�d�d�a�1�3�
C�:�\�b�a�0�c�0�9�d�6�e�f�6�5�7�d�b�6�2�c�c�3�5�1�3�b�d�1�2�9�2�2�b�3�b�5�5�6�f�a�7�7�9�c�0�6�a�5�0�8�5�d�1�b�1�b�8�f�f�7�7�f�4�e�e�a�
C�:�\�U�s�e�r�s�\�P�e�t�r�a�\�A�p�p�D�a�t�a�\�L�o�c�a�l�\�T�e�m�p�\�p�s�i�e�.�p�e�3�2�
C�:�\�1�d�0�a�d�0�0�6�0�b�d�3�3�b�b�4�2�4�8�e�2�1�6�5�a�0�8�5�5�8�a�0�b�e�9�2�0�2�f�c�4�a�0�1�9�5�9�1�9�9�4�9�8�6�e�f�2�6�6�f�b�8�6�7�
C�:�\�9�b�7�2�7�3�d�1�0�7�5�6�9�e�b�b�4�1�7�7�0�3�a�9�5�9�6�b�e�b�9�6�5�f�4�f�7�6�6�9�5�d�1�e�5�8�e�0�8�9�9�c�6�6�8�3�f�0�1�9�1�9�5�8�
C�:�\�5�7�f�9�5�f�1�c�4�2�3�5�2�9�f�7�b�9�2�a�0�7�8�d�4�8�0�a�1�b�2�b�8�2�2�3�1�6�a�5�2�2�f�7�b�5�3�a�5�b�4�8�3�9�1�0�3�b�7�b�5�8�9�f�
C�:�\�U�s�e�r�s�\�P�e�t�r�a�\�A�p�p�D�a�t�a�\�L�o�c�a�l�\�T�e�m�p�\�p�s�i�e�.�p�e�3�2�
C�:�\�4�5�5�2�f�9�3�e�9�7�f�b�8�c�b�9�5�4�f�6�c�9�0�d�2�5�1�3�e�9�7�d�e�d�4�b�d�6�e�d�e�a�d�6�9�d�d�f�5�8�c�9�e�0�8�3�8�f�3�4�7�d�5�2�
C�:�\�U�s�e�r�s�\�a�d�m�i�n�\�D�o�w�n�l�o�a�d�s�\�f�a�c�t�u�r�a�.�e�x�e�
C�:�\�U�s�e�r�s�\�a�d�m�i�n�\�D�o�w�n�l�o�a�d�s�\�f�a�c�t�u�r�a�.�e�x�e�
C�:�\�U�s�e�r�s�\�a�d�m�i�n�\�D�o�w�n�l�o�a�d�s�\�i�n�v�o�i�c�e�.�e�x�e�
C�:�\�X�m�x�7�4�3�D�S�.�e�x�e�
C�:�\�2�c�c�3�4�1�d�6�4�d�a�b�5�7�6�d�f�3�3�8�f�c�c�d�7�a�b�1�6�2�5�8�6�d�c�d�2�e�6�0�8�8�4�8�3�2�0�e�9�2�3�0�2�b�a�c�b�d�2�8�e�9�f�e�
C�:�\�7�6�7�e�7�7�8�b�1�c�2�8�4�d�6�c�4�a�f�0�2�1�3�c�d�5�b�7�c�c�b�9�f�b�f�7�0�3�a�e�0�9�0�f�c�a�d�2�6�b�9�8�4�c�4�7�d�3�0�b�4�6�4�f�
C�:�\�8�T�J�j�C�B�o�z�.�e�x�e�
C�:�\�0�3�b�5�2�6�9�4�5�6�0�3�9�6�d�6�0�1�4�5�c�d�8�b�6�a�9�8�e�d�c�e�1�4�6�e�4�8�1�1�2�b�a�b�a�6�2�9�b�4�0�2�0�0�c�2�9�b�c�8�e�a�b�7�
C�:�\�8�5�2�1�e�1�b�9�c�5�2�1�8�2�a�1�2�b�8�e�f�a�d�4�1�3�f�8�e�2�c�a�9�0�0�d�1�9�d�f�9�1�2�b�3�3�0�5�0�9�b�8�d�4�c�9�c�6�5�3�a�4�d�4�
C�:�\�U�s�e�r�s�\�a�d�m�i�n�\�D�o�w�n�l�o�a�d�s�\�p�s�i�e�.�e�x�e�
C�:�\�0�4�6�b�3�0�9�2�5�a�6�e�e�0�a�9�8�8�0�4�9�1�b�d�e�6�8�8�e�6�5�6�7�1�0�f�4�7�8�a�0�4�f�4�7�0�4�6�e�c�9�2�0�c�2�1�3�4�e�8�9�a�8�c�
C�:�\�7�a�5�6�4�3�d�9�1�b�f�b�c�7�d�1�9�9�d�e�e�5�1�6�e�e�3�4�d�9�1�3�a�5�c�8�c�3�1�5�d�5�b�e�4�3�c�1�a�1�9�8�e�e�3�5�5�4�c�1�3�4�1�9�
C�:�\�U�s�e�r�s�\�J�o�e� �C�a�g�e�\�D�e�s�k�t�o�p�\�S�D�T�M�w�r�L�L�B�8�.�e�x�e�
C�:�\�U�s�e�r�s�\�a�d�m�i�n�\�D�o�w�n�l�o�a�d�s�\�3�5�c�f�c�f�3�e�2�3�2�5�c�9�8�9�b�d�9�2�6�5�5�a�9�b�4�3�2�e�4�4�.�v�i�r�u�s�.�e�x�e�
C�:�\�0�7�d�a�5�e�2�1�9�6�5�4�e�3�c�c�2�f�8�3�1�3�5�e�7�8�4�5�a�3�b�8�9�2�b�8�e�a�9�3�d�4�2�7�f�6�a�7�6�e�e�4�e�2�9�5�7�f�8�2�c�f�5�f�
C�:�\�U�s�e�r�s�\�a�d�m�i�n�\�D�o�w�n�l�o�a�d�s�\�p�s�i�e�.�e�x�e�
C�:�\�b�5�4�a�b�2�b�4�0�6�4�5�3�5�7�b�3�1�e�f�6�1�4�e�f�8�b�6�3�6�5�0�3�0�7�2�6�5�e�a�3�a�3�4�1�5�a�8�b�b�3�c�a�b�8�9�d�b�0�c�8�5�6�8�
C�:�\�U�s�e�r�s�\�a�d�m�i�n�\�D�o�w�n�l�o�a�d�s�\�p�s�i�e�.�e�x�e�
C�:�\�f�a�c�5�e�d�0�5�d�d�c�c�d�f�5�3�4�3�6�a�1�a�9�3�3�a�0�3�f�2�e�3�f�4�b�2�c�b�d�7�5�d�0�f�4�5�e�4�1�2�3�6�e�3�e�1�a�2�8�6�1�a�d�d�
C�:�\�5�5�6�9�3�a�6�9�1�2�d�b�9�1�5�d�4�0�c�f�4�3�d�2�3�d�0�b�d�8�6�b�9�6�c�c�2�f�3�3�8�6�7�f�3�1�8�2�e�7�7�9�b�c�d�e�b�c�1�c�5�c�f�8�
C�:�\�U�s�e�r�s�\�R�A�4�9�1�~�1�.�V�U�L�\�A�p�p�D�a�t�a�\�L�o�c�a�l�\�T�e�m�p�\�8�a�d�e�c�f�e�8�1�6�4�5�0�6�3�f�e�6�f�c�4�3�4�c�5�b�e�f�4�3�5�e�.�e�x�e�
C�:�\�0�e�0�a�7�8�a�d�c�d�0�c�9�c�7�8�8�0�b�6�e�5�4�d�8�2�4�7�6�e�9�0�3�2�1�a�8�d�9�3�6�6�0�5�9�3�7�f�f�0�1�9�2�3�e�a�f�8�7�e�9�0�7�a�
C�:�\�U�s�e�r�s�\�a�d�m�i�n�\�D�o�w�n�l�o�a�d�s�\�p�s�i�e�.�e�x�e�
C�:�\�6�f�e�1�2�a�2�7�a�f�b�f�f�9�c�8�9�8�6�4�c�8�9�7�8�a�a�8�3�f�8�e�2�1�f�d�3�2�5�5�9�c�6�3�1�b�4�6�6�9�6�2�5�2�4�5�f�2�0�5�8�4�9�9�
C�:�\�4�4�1�f�9�c�d�c�9�5�1�7�6�3�2�f�0�8�5�9�2�6�c�7�5�c�b�7�9�6�4�9�3�9�c�8�c�1�a�a�3�d�c�9�f�5�f�5�6�0�c�f�5�d�a�4�6�f�b�1�e�f�d�8�
C�:�\�U�s�e�r�s�\�a�d�m�i�n�\�D�o�w�n�l�o�a�d�s�\�p�s�i�e�.�e�x�e�
C�:�\�0�4�a�6�2�0�b�e�3�9�9�6�6�0�3�0�e�4�d�4�d�6�1�e�5�c�6�d�d�f�c�c�2�f�3�8�6�9�d�1�3�0�3�2�3�2�2�8�2�9�4�b�4�7�1�8�4�6�a�a�9�c�0�d�
C�:�\�0�f�6�4�c�f�f�3�6�b�2�2�d�c�c�a�f�a�6�9�c�e�e�2�4�0�4�5�1�9�6�8�c�5�7�c�4�6�9�d�8�1�8�b�6�9�2�3�d�5�f�6�5�5�6�b�e�f�0�3�2�1�4�9�
C�:�\�U�s�e�r�s�\�a�d�m�i�n�\�D�o�w�n�l�o�a�d�s�\�p�s�i�e�.�e�x�e�
C�:�\�9�8�6�4�c�2�b�2�8�a�5�5�1�a�4�1�1�6�1�e�0�e�3�3�c�f�1�f�1�c�8�3�e�b�2�f�2�2�0�9�0�0�0�5�f�0�2�8�6�8�e�f�1�d�d�c�c�5�d�9�b�1�8�8�
C�:�\�3�1�5�b�c�7�c�f�a�d�2�3�8�5�3�8�1�f�e�4�6�a�f�d�2�8�5�8�b�7�9�2�4�d�0�5�a�4�0�f�c�8�b�3�d�1�9�9�0�9�4�9�4�a�7�4�3�9�b�5�5�b�1�1�
C�:�\�a�d�5�9�c�0�7�3�8�0�5�3�c�d�c�b�e�4�1�7�7�0�4�b�9�e�0�5�5�6�7�0�4�5�a�d�b�2�c�8�c�5�3�d�b�3�a�3�6�3�d�8�b�0�2�6�0�0�7�9�a�b�5�1�
C�:�\�U�s�e�r�s�\�a�d�m�i�n�\�D�o�w�n�l�o�a�d�s�\�p�s�i�e�.�e�x�e�
C�:�\�0�8�1�5�e�a�7�d�5�d�0�5�0�2�7�1�4�1�9�0�7�d�8�8�3�5�0�d�e�7�a�6�0�1�0�4�4�1�b�2�4�b�9�c�b�c�0�c�a�4�3�e�6�a�2�1�b�3�6�6�5�d�7�7�
C�:�\�U�s�e�r�s�\�a�d�m�i�n�\�D�o�w�n�l�o�a�d�s�\�p�s�i�e�.�e�x�e�
C�:�\�5�6�b�9�9�5�f�2�4�7�c�0�d�7�6�3�1�4�b�e�f�4�4�f�0�a�a�f�1�c�0�7�c�c�b�4�4�5�a�1�3�5�d�b�0�6�f�3�1�8�8�e�8�6�e�1�c�b�f�6�5�5�b�c�
C�:�\�U�s�e�r�s�\�a�d�m�i�n�\�D�o�w�n�l�o�a�d�s�\�p�s�i�e�.�e�x�e�
C�:�\�b�d�c�a�1�5�d�f�9�0�e�c�3�7�6�e�5�4�6�7�b�d�d�f�f�d�9�0�a�e�3�5�e�d�f�7�2�5�3�d�b�1�4�5�b�8�6�a�2�f�e�d�6�8�e�1�5�d�d�9�7�a�2�9�
C�:�\�U�s�e�r�s�\�a�d�m�i�n�\�D�o�w�n�l�o�a�d�s�\�p�s�i�e�.�e�x�e�
C�:�\�0�9�c�5�4�1�2�0�a�8�b�9�a�4�2�2�c�d�6�1�6�2�f�4�8�8�5�0�7�8�2�9�e�f�2�0�9�c�c�d�e�a�5�3�9�e�3�c�b�d�1�d�a�6�b�1�2�a�f�e�8�1�7�6�
C�:�\�U�s�e�r�s�\�a�d�m�i�n�\�D�o�w�n�l�o�a�d�s�\�p�s�i�e�.�e�x�e�
C�:�\�d�3�6�f�a�f�0�d�e�e�c�3�a�e�1�9�2�f�e�4�9�5�d�0�7�e�e�5�c�6�b�5�4�8�f�2�3�4�b�f�4�5�9�6�3�b�d�5�d�6�7�7�9�6�1�9�2�9�7�7�6�c�f�4�
C�:�\�e�c�c�e�3�a�3�e�0�7�9�a�b�8�c�3�a�b�4�5�b�9�6�f�b�b�8�4�3�4�7�1�2�e�d�3�1�f�b�5�2�c�8�7�e�1�4�4�d�3�9�c�9�b�a�3�8�a�8�8�4�4�e�d�
C�:�\�5�b�e�7�8�f�c�b�0�2�7�2�3�2�5�7�2�c�2�b�3�9�6�b�a�e�6�f�f�8�f�f�2�6�b�a�c�1�b�8�e�4�3�0�2�6�a�d�2�b�2�f�b�d�e�e�7�4�6�9�d�9�e�4�
C�:�\�U�s�e�r�s�\�a�d�m�i�n�\�D�o�w�n�l�o�a�d�s�\�p�s�i�e�.�e�x�e�
C�:�\�5�2�f�8�6�5�7�7�d�0�7�d�0�c�6�b�d�3�f�a�f�1�2�0�1�e�5�c�f�0�2�4�d�8�8�7�f�a�e�4�5�8�e�a�8�4�2�3�9�3�b�d�e�a�e�8�5�2�6�6�6�e�9�d�
C�:�\�U�s�e�r�s�\�R�A�4�9�1�~�1�.�V�U�L�\�A�p�p�D�a�t�a�\�L�o�c�a�l�\�T�e�m�p�\�8�a�d�e�c�f�e�8�1�6�4�5�0�6�3�f�e�6�f�c�4�3�4�c�5�b�e�f�4�3�5�e�.�e�x�e�
C�:�\�U�s�e�r�s�\�a�d�m�i�n�\�D�o�w�n�l�o�a�d�s�\�p�s�i�e�.�e�x�e�
Process Tree
-
02f13551439e94b87d2c046eabc2e8fb310d8020083f5ed44d52edba47257603.exe (1260)
"C:\Users\Administrator\AppData\Local\Temp\02f13551439e94b87d2c046eabc2e8fb310d8020083f5ed44d52edba47257603.exe"
- psie.exe (2004) "C:\Users\ADMINI~1\AppData\Local\Temp\psie.exe"
DNS
| Name | Response | Post-Analysis Lookup |
|---|---|---|
| dns.msftncsi.com | A 131.107.255.255 | 131.107.255.255 |
| dns.msftncsi.com | AAAA fd3e:4f5a:5b81::1 | 131.107.255.255 |
| abrobotics.com | A 162.241.85.94 | 162.241.85.94 |
| aboutrealstuff.com | ||
| abnehmen-diaeten.com |
TCP
| Source | Source Port | Destination | Destination Port |
|---|---|---|---|
| 74.125.135.26 | 25 | 192.168.56.101 | 49218 |
| 172.253.113.27 | 25 | 192.168.56.101 | 49217 |
| 193.239.71.113 | 25 | 192.168.56.101 | 49213 |
| 192.168.56.101 | 49164 | 162.241.85.94 abrobotics.com | 443 |
| 192.168.56.101 | 49165 | 162.241.85.94 abrobotics.com | 443 |
| 192.168.56.101 | 49166 | 162.241.85.94 abrobotics.com | 443 |
| 192.168.56.101 | 49168 | 162.241.85.94 abrobotics.com | 443 |
| 192.168.56.101 | 49169 | 162.241.85.94 abrobotics.com | 443 |
| 192.168.56.101 | 49170 | 162.241.85.94 abrobotics.com | 443 |
| 192.168.56.101 | 49172 | 162.241.85.94 abrobotics.com | 443 |
| 192.168.56.101 | 49173 | 162.241.85.94 abrobotics.com | 443 |
| 192.168.56.101 | 49174 | 162.241.85.94 abrobotics.com | 443 |
| 192.168.56.101 | 49176 | 162.241.85.94 abrobotics.com | 443 |
| 192.168.56.101 | 49177 | 162.241.85.94 abrobotics.com | 443 |
| 192.168.56.101 | 49178 | 162.241.85.94 abrobotics.com | 443 |
| 192.168.56.101 | 49180 | 162.241.85.94 abrobotics.com | 443 |
| 192.168.56.101 | 49181 | 162.241.85.94 abrobotics.com | 443 |
| 192.168.56.101 | 49182 | 162.241.85.94 abrobotics.com | 443 |
| 192.168.56.101 | 49184 | 162.241.85.94 abrobotics.com | 443 |
| 192.168.56.101 | 49185 | 162.241.85.94 abrobotics.com | 443 |
| 192.168.56.101 | 49186 | 162.241.85.94 abrobotics.com | 443 |
| 192.168.56.101 | 49188 | 162.241.85.94 abrobotics.com | 443 |
| 192.168.56.101 | 49189 | 162.241.85.94 abrobotics.com | 443 |
| 192.168.56.101 | 49190 | 162.241.85.94 abrobotics.com | 443 |
| 192.168.56.101 | 49192 | 162.241.85.94 abrobotics.com | 443 |
| 192.168.56.101 | 49193 | 162.241.85.94 abrobotics.com | 443 |
| 192.168.56.101 | 49194 | 162.241.85.94 abrobotics.com | 443 |
| 192.168.56.101 | 49196 | 162.241.85.94 abrobotics.com | 443 |
| 192.168.56.101 | 49197 | 162.241.85.94 abrobotics.com | 443 |
| 192.168.56.101 | 49198 | 162.241.85.94 abrobotics.com | 443 |
| 192.168.56.101 | 49200 | 162.241.85.94 abrobotics.com | 443 |
| 192.168.56.101 | 49201 | 162.241.85.94 abrobotics.com | 443 |
| 192.168.56.101 | 49202 | 162.241.85.94 abrobotics.com | 443 |
| 192.168.56.101 | 49204 | 162.241.85.94 abrobotics.com | 443 |
| 192.168.56.101 | 49205 | 162.241.85.94 abrobotics.com | 443 |
| 192.168.56.101 | 49206 | 162.241.85.94 abrobotics.com | 443 |
| 192.168.56.101 | 49208 | 162.241.85.94 abrobotics.com | 443 |
| 192.168.56.101 | 49209 | 162.241.85.94 abrobotics.com | 443 |
| 192.168.56.101 | 49210 | 162.241.85.94 abrobotics.com | 443 |
| 192.168.56.101 | 49212 | 162.241.85.94 abrobotics.com | 443 |
| 192.168.56.101 | 49213 | 162.241.85.94 abrobotics.com | 443 |
| 192.168.56.101 | 49214 | 162.241.85.94 abrobotics.com | 443 |
| 192.168.56.101 | 49216 | 162.241.85.94 abrobotics.com | 443 |
| 192.168.56.101 | 49217 | 162.241.85.94 abrobotics.com | 443 |
| 192.168.56.101 | 49218 | 162.241.85.94 abrobotics.com | 443 |
| 192.168.56.101 | 49220 | 162.241.85.94 abrobotics.com | 443 |
| 192.168.56.101 | 49221 | 162.241.85.94 abrobotics.com | 443 |
| 192.168.56.101 | 49222 | 162.241.85.94 abrobotics.com | 443 |
| 192.168.56.101 | 49224 | 162.241.85.94 abrobotics.com | 443 |
| 192.168.56.101 | 49225 | 162.241.85.94 abrobotics.com | 443 |
| 192.168.56.101 | 49226 | 162.241.85.94 abrobotics.com | 443 |
| 192.168.56.101 | 49228 | 162.241.85.94 abrobotics.com | 443 |
| 192.168.56.101 | 49229 | 162.241.85.94 abrobotics.com | 443 |
| 192.168.56.101 | 49230 | 162.241.85.94 abrobotics.com | 443 |
| 192.168.56.101 | 49232 | 162.241.85.94 abrobotics.com | 443 |
| 192.168.56.101 | 49233 | 162.241.85.94 abrobotics.com | 443 |
| 192.168.56.101 | 49234 | 162.241.85.94 abrobotics.com | 443 |
| 192.168.56.101 | 49236 | 162.241.85.94 abrobotics.com | 443 |
| 192.168.56.101 | 49237 | 162.241.85.94 abrobotics.com | 443 |
| 192.168.56.101 | 49238 | 162.241.85.94 abrobotics.com | 443 |
| 192.168.56.101 | 49240 | 162.241.85.94 abrobotics.com | 443 |
| 192.168.56.101 | 49241 | 162.241.85.94 abrobotics.com | 443 |
| 192.168.56.101 | 49242 | 162.241.85.94 abrobotics.com | 443 |
| 192.168.56.101 | 49244 | 162.241.85.94 abrobotics.com | 443 |
| 192.168.56.101 | 49245 | 162.241.85.94 abrobotics.com | 443 |
| 192.168.56.101 | 49246 | 162.241.85.94 abrobotics.com | 443 |
| 192.168.56.101 | 49248 | 162.241.85.94 abrobotics.com | 443 |
| 192.168.56.101 | 49249 | 162.241.85.94 abrobotics.com | 443 |
| 192.168.56.101 | 49250 | 162.241.85.94 abrobotics.com | 443 |
| 192.168.56.101 | 49253 | 162.241.85.94 abrobotics.com | 443 |
| 192.168.56.101 | 49254 | 162.241.85.94 abrobotics.com | 443 |
| 192.168.56.101 | 49255 | 162.241.85.94 abrobotics.com | 443 |
| 192.168.56.101 | 49257 | 162.241.85.94 abrobotics.com | 443 |
| 192.168.56.101 | 49258 | 162.241.85.94 abrobotics.com | 443 |
| 192.168.56.101 | 49259 | 162.241.85.94 abrobotics.com | 443 |
| 192.168.56.101 | 49261 | 162.241.85.94 abrobotics.com | 443 |
| 192.168.56.101 | 49262 | 162.241.85.94 abrobotics.com | 443 |
| 192.168.56.101 | 49263 | 162.241.85.94 abrobotics.com | 443 |
UDP
| Source | Source Port | Destination | Destination Port |
|---|---|---|---|
| 192.168.56.101 | 53179 | 224.0.0.252 | 5355 |
| 192.168.56.101 | 49642 | 224.0.0.252 | 5355 |
| 192.168.56.101 | 137 | 192.168.56.255 | 137 |
| 192.168.56.101 | 61714 | 114.114.114.114 | 53 |
| 192.168.56.101 | 56933 | 114.114.114.114 | 53 |
| 192.168.56.101 | 138 | 192.168.56.255 | 138 |
| 192.168.56.101 | 58485 | 114.114.114.114 | 53 |
| 192.168.56.101 | 57665 | 114.114.114.114 | 53 |
| 192.168.56.101 | 51758 | 114.114.114.114 | 53 |
HTTP & HTTPS Requests
No HTTP requests performed.
ICMP traffic
No ICMP traffic performed.
IRC traffic
No IRC requests performed.
Suricata Alerts
No Suricata Alerts
Suricata TLS
No Suricata TLS
Snort Alerts
No Snort Alerts
| Name | b95eeb39b9ced654_psie.exe |
|---|---|
| Filepath | C:\Users\Administrator\AppData\Local\Temp\psie.exe |
| Size | 18.8KB |
| Processes | 1260 (02f13551439e94b87d2c046eabc2e8fb310d8020083f5ed44d52edba47257603.exe) |
| Type | PE32 executable (GUI) Intel 80386, for MS Windows |
| MD5 | f7247bb19503a20a861c981f23cf753f |
| SHA1 | e2c5555d7973ff7cbbfb9f981be98ef706ae17ee |
| SHA256 | b95eeb39b9ced654932e2b9b2b59dce8631dc89f2d718f661d4b71e172778c55 |
| CRC32 | CF75211E |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |
Sorry! No dropped buffers.