1.0
低危
DACN
0.12
FACILE
1.00
IMCLNet
0.68
MFGraph
0.00
反病毒引擎
| 查杀引擎 | 查杀结果 | 查杀时间 | 查杀版本 |
|---|---|---|---|
| Alibaba | None | 20190527 | 0.3.0.5 |
| CrowdStrike | win/malicious_confidence_100% (D) | 20190702 | 1.0 |
| Kingsoft | None | 20190909 | 2013.8.14.323 |
| McAfee | GenericRXHJ-OV!10ED307913A7 | 20190909 | 6.0.6.653 |
| Tencent | None | 20190909 | 1.0.0.1 |
静态指标
可执行文件包含未知的 PE 段名称,可能指示打包器(可能是误报)
(3 个事件)
| section | .MPRESS1 |
| section | .MPRESS2 |
| section | .imports |
动态指标
网络通信
与未执行 DNS 查询的主机进行通信
(1 个事件)
| host | 114.114.114.114 | |||
文件已被 VirusTotal 上 40 个反病毒引擎识别为恶意
(40 个事件)
| ALYac | Gen:Variant.Ulise.1332 |
| APEX | Malicious |
| Acronis | suspicious |
| Ad-Aware | Gen:Variant.Ulise.1332 |
| AhnLab-V3 | Malware/Win32.Generic.C3135512 |
| Antiy-AVL | Trojan/Win32.ShipUp |
| Avira | TR/Crypt.XPACK.Gen |
| BitDefender | Gen:Variant.Ulise.1332 |
| CrowdStrike | win/malicious_confidence_100% (D) |
| Cybereason | malicious.913a74 |
| Cyren | W32/S-1e9239a3!Eldorado |
| DrWeb | Trojan.Redirect.147 |
| ESET-NOD32 | a variant of Win32/Kryptik.BAFI |
| Emsisoft | Gen:Variant.Ulise.1332 (B) |
| Endgame | malicious (high confidence) |
| FireEye | Generic.mg.10ed307913a740d8 |
| GData | Gen:Variant.Ulise.1332 |
| Ikarus | Trojan.Win32.Revoyem |
| Invincea | heuristic |
| Jiangmin | Trojan.Generic.dckpj |
| K7AntiVirus | Trojan ( 0052964f1 ) |
| K7GW | Trojan ( 004ff0121 ) |
| Lionic | Trojan.Win32.Generic.lJh9 |
| MAX | malware (ai score=87) |
| McAfee | GenericRXHJ-OV!10ED307913A7 |
| McAfee-GW-Edition | BehavesLike.Win32.Dropper.ch |
| MicroWorld-eScan | Gen:Variant.Ulise.1332 |
| Microsoft | Trojan:Win32/Gepys.A!MTB |
| NANO-Antivirus | Trojan.Win32.Redirect.bxoyqr |
| Panda | Trj/Genetic.gen |
| Qihoo-360 | HEUR/QVM19.1.C3C1.Malware.Gen |
| Rising | Trojan.Kryptik!1.BC3A (CLASSIC) |
| SentinelOne | DFI - Malicious PE |
| Sophos | Troj/Agent-BCNQ |
| Symantec | ML.Attribute.HighConfidence |
| VBA32 | SScope.Malware-Cryptor.Carberp.2313 |
| VIPRE | Trojan.Win32.Generic!BT |
| Yandex | Trojan.ShipUp!9EjqqbBjG1o |
| Zillya | Trojan.ShipUp.Win32.3958 |
| ZoneAlarm | HEUR:Trojan.Win32.Generic |
二进制图像
288x288
224x224
192x192
160x160
128x128
96x96
64x64
32x32
运行截图
暂无运行截图
该样本运行过程中未生成截图
PE Compile Time
2013-05-05 19:53:34
PE Imphash
c361ddd5feab74b17bc44ad6c20617de
Sections
| Name | Virtual Address | Virtual Size | Size of Raw Data | Entropy |
|---|---|---|---|---|
| .MPRESS1 | 0x00001000 | 0x00026000 | 0x00025200 | 6.40499225222407 |
| .MPRESS2 | 0x00027000 | 0x00001000 | 0x00000e00 | 5.7611195771185395 |
| .rsrc | 0x00028000 | 0x00001000 | 0x00000200 | 1.0392736436609082 |
| .imports | 0x00029000 | 0x00001000 | 0x00000200 | 4.536858926083009 |
Resources
| Name | Offset | Size | Language | Sub-language | File type |
|---|---|---|---|---|---|
| RT_STRING | 0x0002568c | 0x000001d4 | LANG_ENGLISH | SUBLANG_ENGLISH_US | None |
| RT_STRING | 0x0002568c | 0x000001d4 | LANG_ENGLISH | SUBLANG_ENGLISH_US | None |
| RT_STRING | 0x0002568c | 0x000001d4 | LANG_ENGLISH | SUBLANG_ENGLISH_US | None |
Imports
Library iphlpapi.DLL:
• 0x424164 GetAdaptersInfo
Library KERNEL32.dll:
• 0x424170 GetModuleHandleA
• 0x424174 GetProcAddress
• 0x424178 CloseHandle
• 0x42417c RtlUnwind
• 0x424180 GetModuleHandleW
Library USER32.DLL:
• 0x42418c GetCursorInfo
Library ulib.dll:
• 0x4241b0 ?Initialize@ARRAY@@QAEEKK@Z
• 0x4241b4 ??0DSTRING@@QAE@XZ
• 0x4241b8 ??0STRING_ARGUMENT@@QAE@XZ
• 0x4241bc ??0ARRAY@@QAE@XZ
• 0x4241c0 ??0ARGUMENT_LEXEMIZER@@QAE@XZ
Library ntdll.dll:
• 0x4241cc RtlFreeHeap
L!Win32 .EXE.
.MPRESS1
.MPRESS2
.imports
t ;t$$t
_^[USVWUj
]_^[]U
v4b1qUk
SVWeP<$f
;}~$EPQ@
_UTSVWu
HFdSvdM
3Fd$Q@
Nd=,Q@
Nd=0Q@
EP19^d
Fd_^[Uu
Y]U`SVW]
EuVeYE
_^[UHSVWu
_^[UPSVWu
tzSY}B
_^[UQPSVWu
_^[U,SVWu
EVdJ!PEPEPEPvh
E3FdF,
Nd~4F\
T38EE?s
E*`}?#]|
iPS{.x
hEpU"l
eWkT%l
rKXAdiXa
torl%Er
E(IEcL
rEfPr qG|h|P|At[d
)l1i|Vc0|Et
dXA#eW|
utyPt#(
h#)Lxpji
`\%px#*lPld!h
\#WI8Gaj
ilE|EP
EP9fPL("XcPVt
X?Th>#
D)S0pV\
L|H|nl+6
H!OEPEFa
UWEFEem
EG,/uVEoP
exlGXpEi
%#ePHt0l%u
eed? nEVtdr
WEGlGl
sEu0EiPQP||jxc,$
NE@t[jtS
uxVLGV\
]PwW0P
NU^(GuPP
/X]}=EG
@8E[[EUP[Su
EE%u](E
uW@WeW
E_jESF
jXPFFh_SSE(]h@0
UwVVv[Yx
EujSuPE0EVt
$xSSj(tHJ W
iphlpapi.DLL
GetAdaptersInfo
KERNEL32.dll
GetModuleHandleA
GetProcAddress
CloseHandle
RtlUnwind
GetModuleHandleW
USER32.DLL
GetCursorInfo
CRTDLL.DLL
__GetMainArgs
signal
ulib.dll
?Initialize@ARRAY@@QAEEKK@Z
??0DSTRING@@QAE@XZ
??0STRING_ARGUMENT@@QAE@XZ
??0ARRAY@@QAE@XZ
??0ARGUMENT_LEXEMIZER@@QAE@XZ
ntdll.dll
RtlFreeHeap
8Muex<
KERNEL32
VirtualProtect
G(XPTPjxWXt=
ZOR>#>LF_[wV[BZ>#>LF_[jQQNN[WWPsQJ#>QPJKFKZ`QNO[WLPJBJM#>[Wo[V[}LSRFJQMm_WK>#>_JJQQsRWWRFqTF]M#>
j%%ee6k
%IptKiK$&bgw@%
eIe$H%k
WDnD_n"
DuI`DDUA0V
iYRpuqDu?d
4ptonRn
QTDD4IQ
A[DDQAn
$7DlA [
iIYIuW
TTKb@lDD
DD,DIAl
/VDdp/t
@hETTpVA
CR?W$VR?QTV
TYT{|RU
7T_[RZSp
nn//D|
//DlCh
X/xDEnU
UUhyu@Dbl
nn@l@V
lQDn\R
ttY_RDn7
bYtD l
tDNbI
Z77[WAt
[80ISW>
n4tt@@@
A@9@Ql
nn4blDl|t
"7bL<Wlpl
st:r`=
bHLbpb
LVT7=uH~I
puqZYM7Yq
RqpZD7
l\ nRP
qTRI2l
^IDD]]pn
@@b@@$,
Ru@@$uwa
YuAp@Ap
1AYwA1A
yYqnn~
]x6qpQ
?pq9TtB;
7 WD/b$R
]`Zq`p
!!1@@7K1
-T&@zT!S
y9!n@S
&I<=<pb
?p7?q7
@7bbbbp[l
?qA7S7
=A=nSR
!q@AJqpA
v_Rn?Zq
1ZT1w[D
pADz]t
p1DpDO
ZBp pt#a]
]]D0@t
;@1@T@PDp91
@97h p@D
J1nDtnJl@`Dg
r@=tt7
A_Zp_``
D7YM`_`
IAp>@AV
lI-D \nY
t<pJtJQ
Kt8DDT
xta7@u8
DSDtz"]
\]dqlY
$q@],@@
@&nt@7p
D=0`q4
d@@p`AT
8snTSDbY
,bbbbA
WnWH7b
Yv'7@E7Y
pYTYYQQ7DYRD
?WStqL
@ZAWC?
,]nDYD
l7\qbT
[q^SAE
WDA_YD8
R a`L
\SDST[
pAYD p
E yHSD
Hpy@9Wpy,W
lTtAl @tE
U1?ATT@
7@?\pI;p
@px&Ip
?TD($q
qqZSQqn4b
pZyq#W7
p_p7Sb
pYqZqp[qY$IpbR
npTqnn7b&
pbq4Nq
7#/bqb}Ib
qQYOO@nKY
qdY?=@
SD7Zdnq
?q4Q[A
DRY@QJqY
S7dydR
JDJ''`v D
CPIJJD
M DxR
CKD/ B@@
@CZTCB
KDZTKK\CC@
BM@KAC
ITTDS[
^Z?DTp
_wT[RR#p0
:AC{pq4
ql,SnqTp]Y
RzY<nqBp
lHDs]C
D$Rhns
pLBlBDqJ
AdAD7t
79uZ]?P
Dy[`Ptl
W=T[]D
@IU1DBr
qBtBW]
AGb_7R
PtpK7
$Q1PDT 1
Q:PXu_
rHpl_QhQ
7VplYn
Zqn@W7
qBIA"7
ZRt[D4qDR]@6]
ZY7p@p
]]rqqZYI
QtcbSbbN
]SaT{bZ
@`rD>,2
rLr8rt(rrrVrN.rr6T
0r@rrHP<rrXr]rrrFl$rr&r
d4hD\3
]?DZp?
TDR]]-N\B
?p?]pT
T]TpB?
DD?@]BBD
]?B:]p8
]p(D?Dp
WR=yDp
W?D?qVqA
yAQWDR
7 tqrqqWApB? 1WYYY=
1HWD]TLSW?7Y
7]qqqq7
AQ];S?
,tq=$SD;q
??_?I9
&WWqpsqvA
Sq\TAW7q
AU=St A
WApqq8
SRW[YA
q@Il7pq
p``r@Q `
,V @(`
p3]O/{
N4b3pb
qLp?Mt7]p
C$gWHhEi$
ijbi$$qq
qagv-oa
ajVm$em$i
fmmh27
eE4vq$
wee6ja
qrv2gg
$k|6pa
em6kjq
kVwh$v
jq$ggm
aqtk`$
,$ve)$
qDqDsD
Htaaam}i
IwI`}I
epkjipmv+
e>ES$@aka
eeKwea
a`aI}`}
kIvgle
T}i(qI
IvNepl
eE@vWlNj}Eq
pevWfq`
evjveeNw
jgtjejva
jwrmNpP
acvw`B
qv`Whj}
v`qBjqq
*60.=
pnvlsp
y}htiuv
xgjr_|wrsY56
RY_V@{OXM[
]HNF^SM^Q@DER
WAJELZxOWCII\K
dBNHQGJP
0I_$Dx^
Pz_QOoQC
a{!w0/
Vxa S_K_CP
S$-FWXjC
+w__:rh3JA7t
aXhsSk
LkzStam
Bhkhap
hhtkPR
pBljavh
hPiiSpa
pWaqatgkeBaWlqj
awaaPpApWa
mhweTSmBgW
WaaepP
CaapwvP}aWa
mVmCMw|G
WhLtwaNBIpvteWao`G
gqvjaaa
vLepaCEim
kTgpja`wmpaaa`
vaeEvca
hIepmeYgaew
Hvcpapv
Cl}acvGa
w`7vjweeiJglvimSSv
aHeP@tgSI
vmpPpwvkaeek
6k`hjmhpa
lThwwvvCGHAeaE
aSegkk
vapjwae
wajSgakcvwWa
I@keaeaphv`ppjhVS
j`SSeSkemwkpPQakaceAI
aksGpt
@hwmMGFTjT
w`Ukme
eHvejpkaaca
p`gvAMI
FVMmpeTm
WgjeMwkebSjSe|h
Ssaek`mm
kkTvva3Mkva
qwj}c|h4ehch
}WAh@RTw
AeaVpjS`
UemVqq
WvpRMh}Ae
VAhhWaAOm|6
a6*wc`6
QkVQai
*SaCeWHaSkqE
pz|aJgahamjpeawch~a
wcewvGaq7*eEAe
%pOajKAa
aa|mRwAaekhMVeah7
GMG|w`ak
emQija
pgahapWeqaQTvgKphK
Qvpwwg
*tmKmktWamkk6Tv~h6hLj
B*mGj`qEjpCmbhAPjjhhaheMjb
KaaheawHgag
jkajap}jQAvapDmqm
jmeWiM`ptkvv|
vpjwejWmK
`ajhBa|
ggamp|LtTAavT`ejka
vjEkk`Sewk
kawrBpCqaa`cLr`gamwW
kjWmmha
pvjAvvcapaaemw`pkkaTh
j`@jkAmTvSkvj
WapMvTpWGpwa@k
mvaiaTkapm`jwLk`CgIjjwa
TpSehajCcvahfijTqaT
ahkppMgve
TPRqkvWta
amapph
vh`jmaaAj
g`tvvaaghq
hAvBMEhCvavmm
pWhpeaaahEpw
ajmvgvmmC`ewgvkpPaqvmp
amahajaahjpwekpPMmBaavGemphvHPj
j}Gaqaepaa
Wh@mgawaGjkjWpi
gkjjhp
mea@GAaMbmHU`kaekv
jGTpkjg
jippph
mmCSvaGberGamfHC
vW3GvM
jatepa
mevkGW}av
kpa=gawka
pa}haGkek
pwv;CpTTioaveE
Hlakaeq
vhFsehv
TaIWqpja
amcejeeapvemSc
aVhmtpkak~c
WSPevaeTG
mqmaREwQkIk
mewaatpv
ep`HWa}v
t0D{ G
DT8{DD
Dy0DDDD
DDy{D{
DzDy`zz(zz,
{dzDDDzzy
D{DzDD
h{DzDz
DDDD{D$Dz
yt{{DDy
oz,+C`2)
n\\1`nj
:^z^Spm0h!|
cp(=J5nhPV
`cqD{9
Xj2xLj'x]x
_wNo[N
Ho.VgEmH
H(IJt*m
=ycMTH
HmH=+8BX
XzN6BY5
Iko%mE
">,|c&
Q?e,dB
R=Un>\l*@
,#u1nj,
t)}xPw7)]
O%%{~wjT#f
sQ||,c
6tK_$t
PA!w1*f9l
2`+WUz|;
NRSU~`+
ULTUBk}
v`x\+Ic
VZgueN+:
ES/=|KxwOZgT
E{ANFMSR_h6
,rng"<r5nc
2shiVr;
g"C[sG%!DP
>d>9r0rwk0
rR%{r@
D{-a1O8j
$h7*Y<z
H@6!p_;
:tYFsh-W
L@FD= tO
ft86{{
{]*z
x.=X:o&2
D)57,/a}]@
tNDGp:@
P<CZqqq
m7a>vD&|b;
Q(8"B0pv
1q+q$?dV
Y8fC>.
zqX"qJ|
s2aM (
:x_j\P6N1
rx1[/c
761nvc,MN
l 2KNF|.
+F)c,7
LW|F^6-j1(/zWfl
CHd},8Y
ccpR{2>EJJ-
!Ps3(=
bp3YrdL(
Q99L;Q|CjRLU>
$uHQY*
J9iz297aB{?
I0n9D7
nAqd-e
'}vv5yPp9b~9[
:''Pbbm
NAY '|S|
md (^"
tJ7<|Xqd}X
FDLa~Mp
Kq0]-Yxk&P&Vk*
I-g-d\\i
];G(:c[
u5]kuj%t
HXP)Z%
i\K>YU
Db6~y&M:
qg$~>}j
m+;?1}Tw
5X/+M1:yDIZsQ
j>nWmh
x#3IsX}#oPR]
\jv3@U
^?Nk"2
0<8<1Qf
hZ[=m-t?(
&$%gd$
X|"zk
s6r_A(h%-4c%
3&u|3 y
E11Z@l
91`yWVd,
]nd&q25113n
}/3+93
s3+i 7PR3
(Q15^GwW41'pI`B
2qY[BE
i;UQgD
P*5%l5C IH8
;}:A?]
\""G^[
$ hyN6vg
(YB"5Y}G
Jbkr)N:
&"}Y'}
FF\DO/"/r
/}IN.}?cLu2L
]okh$"A
Z=C4}eF!
Ec;,A>2al(e48
6Z9zG/Ib0pb
y+}lc$1 nA+
S'y?uTL
1Ja-{g-9
i;)`r;
/HgkRw26
O43J1j@
ycbtTTs
}iC\z=
sBHn)o
l i`Gy:
<! Kwb
s1$EE.h
hoZ%xW
c.;];r=
}K^^oX
?I7)^1'Qn2
aYb`WF
d11r,>
Wnv;x"DRnx1:u&
/aO"%nnzL
yoq^_T
'K2'$$T={5v#
,5#{IC3%x,I5G5f*pTd'=5'
5"C:5jH
H<)g'y5g
c'so"d]v
W[3@IWU07R
;4"< \I
(/d"~N
07,NwV_Mwx$
S2Sd?=szi=;^``G'i. Uxxmx
{xd8(o
swl$u"D+xx.+;<Sdd
#x5w}k
|E]XFH
gR\dM]N
PJ}LxH>vp8
,{u&&~
&N 4Bi
Cu~-?0`\+
T~(6~<m_KIdh
->*m;`
yXGXgg
QTVWIE
D-yh 3
rZd(`O{M
"OMQU!(T
[>0-c7#
[c|[|x< kN[
[qyL^$`
0lQ[6JI
TCI 4D
%R 68A
1ecR ':-C:/5Va
.~R} -33M)\
wHI0'XF
#[mM;.J]T<.
qE0++ev 'S_
|&0X\1?H
r=LA)o
ayC?2<)2>H
U?,W5\YiZz5
ky8Q[T~
!m@<O!5xm
[5t#dw"YpM5r@
KX'nw5:SV%s F1B
}CV:t1n
~s]"of6^a y&
V)VJ')KA$
tcLVZ^V
J_B1hI
]&,5\
eDxwu(qp
v% fU:7TQD
FY\u`q
6`^d1eDj
k uHpUb
}yW,'N
g%I"8W;!zph
gy>"b#G^NL&v
e84XAfa@`1Y
*NV+tA3
n Yp@;2
Y4K :B
"~C>qy a&n9?Q
P_oxH!o
Oo>J{4x_
DL5XWB
K&vc7Il
5s1Wu:a@
"c7SeAp~w
;)bjQ#
g<0z|t[Ee,1CBp
G'rA-T^\w
9bzzz/S
yg{86z/
T@'+Q
*lf+wF9
</u_FFwaVdjZ (MxN
pfl;ql'
sf~[|>TY
{0tr!Mx
d"is,^4
i#V?^<>
Miy/IBiuTb
7a|EbYu
^TI66Om
|p:IffH\Ah}g
vU|2*Y
!&{78mDgfU
O4ORl-h
gwG?>=no"
`t=J!) I.t
TtH:JEOC
`KEAWa0'<Zg
G<Q2x?h
EN8oPaEj
|C9cx|
:R@!#h\_%L
oeL($|
at3'|Z
{np{mZ
[tF,snN8)<sf
AP'n(seyo(xWZ9"0w
NLf(s(
E#E((T
OfD0aS
PB=sMLHm
)S`Od5d4N3>E
_= cN$
/&/]3\"_
qnJhj#/z/
q$w6tkid
7s?;RZ'{
Qs;.{S+_
_;=iu#
+xuZec
S~><5($'c%
.*0g0Y
EVZ_55Z5,KS*u$Q*
81G<8S
lm&IFZH
]Le\wv1
ul2tR2
o8ZP6T
Y+5}lF&
@t U%f%o+L
}JmOEqZ
=xnfn$
83!N,%*O$%y
jvj Ep/%SRr%[%l
v[aR0\!)_[NWhlk
F4n+DB
`F(pRC6
FM4a\^
F +u/dojzFH
d><hzqdcCLt
2td?zN
CT Uu3A<
VzT#[G:
H*&Lc
EV#MxrvZ
Z#pI?U~Xx
a~!o^*(EP~za(\p_Rz
7ML3<5
(+oL8p`CTaR,g
uCp{uCx #-
Tbh?{r
1g.Vv\CJ u
(`!ou{*o
}~_79d
(:N%R9+o+Gc
]SLC4$Ih
IMhSbgTl
llH9/l
p1Y*ElTx
0r}j7(9
%$[}hR*F`
m:=\&%V@B*
.?#Gx@{
brkl,:=
UcEO,%}i
Ognu.3ji
=?]]~?B`^W62W
W=81[L
[[ C #~
39=NB`E
`nOPu"
|w0Z`8'C
Q\$'hfr
4eNKz?z
5B+jgw
W,=;H3n`W9?5h
`7S+/4RL(R5eH
WU1(}J
W%!!sRe
U?pkn{9v
2&Q3kK7n!
248CHI
` =H6
]4U``KP
39HGHMH_f
c)1>6(vl',
`'G8SY-S^ B2
5f,0m-t#sNL:TM&e;UUFGA
f0A{flu
|2X)F6gv/[o
Goc+l|^_0
\ifc`w}
Ii*H."p=4
)7{#M`E}
qKFp{_
eZi`90DOo/_m
(%`i#wg
N{wqf!(9
6}ds;f6
qQ2. YoWH1%&
/MCfg6JT
Z6;_5h=
%PwR]N}J
(D3d#/k=w\G#^^cu
s2JJ8|k
O= {`H2
)\)irH.H
Z8,PQ\D
)5,Y8Z]
Q)@yaHZ5<</i
08,%fS0|
u)%c x
-6+~c*
Y/@\xq
}IRn @^
2gp5&c]!!U`
yh!=6c
-r3!O?A:-
&AJ}QUA
3Fz!q!
W|NE a
`HUth(
I!)'Z/3
4v'Fyx$
+ZW]Ar
}NoE'Y
_^-F-e
.j:QJR-
+E'AxW
Eeq6!EkF
REE54G3O
=pM)/E
^G]Nfo2+
02%v?)Z-{
-$(2>/D='haCy
9Ir^N wF0'
<\c`7>)
?~7OQFH
=k<SJ[
fFH/&{
ni\QrZj
fq+ TP
JtQ[Gi
-N!u A"N[[
afxLvbjA
_@HG4z
&cs]=yM0
W4YiJ=W
'n6[;>(n~
=\}K:v=2
:us8 y
Y5!n0=<
cCTqVOUU.>$
U7dtU[u<
KUmjU{g^H3X
k`G)zOD5
A~c^|tG
9[l>Vf4P
G{_+W_
^~E_;lz+
7@f-l\-
-aO}nrT`
Y,{^cbK
9b:b~K0VXI|
D/,Sbc2
W1c:!9#
gO}F8BS[v'(R
DNai%_
1,$oD_3(
]x%W;ZH@A
|I'bcA
hWTek/
elxdX z7
B 'O)W
Jbv:F =9M
=8$_wriJS
_t?i}@a
qtOkprc
t}f`x0ltM
K,>E6{7O
@BbwS~{:9Tv 0@
]hyGnqYO
@/sX9n[I(
In~|D92
k!Xx +5X
STmqIy
2!S3r[ZX\
*EfIq
pQ>F%c<
|M\jMM
'i5|"s6n
>uB=j
6[FBC+t
XY@Kd?M=
~[OM8(D
^j0AXv2H!T=~6
s!s%^Z7
(33`{:{sm
;WHPW8
ss=d}{{]sz]hM
`o6~Rjsu
{;gG6&K$y
&jjG@QG
GIgy\JgG
\:XPWrGY2)"
,Y>^Gg
U6bN[y
(r'u17IqI'
.3RzX8
z 'U<I3W0
Mi9nGo
={=HQW
h$gES5,YE|
EH>d4-J*
FW-f=4E(k6TE1+cA@\
)q'[IBc/
f*1 2ei
${BTQ#Za^'fcAcPC0#0BNRV
$+PQ_G>{.'#U
bbX!$W>
50N<Tktb((Ne(
L((Q$O
-HY;Te;B
8 <_cte
7(;vl3
1jk<O"b bd&
#3:cvp
M~'Nc')
(V*|%q8]N
eP99dal
e_a@99T
S28ArS9x,
o2]-$a97
&v;!*5F'wV~
*s3!/1
%J,=`jZ950t
C{;~I2Vc 1Y1
HO1[1'DmMl
|1eV@: s
b*J7a&$
rm;M~pk~M
"OA;%;#A)Z;(;MMv10
;oM;6M
CtHN'M
'e:@DW!Vq@:$a
xH~4{a8!Y
' r78|
OQOAw\
_0}<vpb)EO
R@em;dXl=W
=X'$8+Y
0` 0#?
F"Ai]{A=L
lX(BS9q2Ui
<1oAY>
3b6Wi>
~>>" ><]RpEY7
khS>8Ba
PJ.EEoW#K
kplDw1B
5wJZc.aP
m&`9'SAZWMu
t&V/0UZ[
f/bzzg
4I0`qX'C[8Wzz J
q=s=2
Lr%-00zIaCX+w
*]OKTVDq4q*w[/l
x!L]*h!vQk-*
JAv;vd=
#UpKv+)<n9
K%l%d#
L#FuI&6-o
Ka@#BPr
WGr@/ZM
s|ssssss
|ss|ss
=48n7!_
zwn`fyu|
4`yjZ}~%Y9`qlf
ssssss
6w6TL!T
!woT96
Q?Q>:??
8EuUA?I
GEDDh uDi?
NvC E|KC
SB E C
C?A?{ML
?66 Tc !
*|u=@m=
3-dIEF
J?:W59
lIlIIy
uuu=udB
uvud]r
dTLA@LBLN%A
BuJK 4Ku
u]'<_Q
s|tssss||
/ <0@>
hfzla|ad_#}n
zk_y^Xuyfx
wX4y}ggq
Y|dqx|
sssssss
???o?0
G jCBCE?
A|zGSEK{
MvL{DDN?
3HD t3
D@@@:M
mn@x,ko
??[?UF?
q?8:??
?BB:?a
n!nnoB
ADNNAL
dLapBNi
grmewqj&
498gp&w
&jjw*l
&fw!&&hl4
$ahqlh8
jeqamauvw|`:r8Auqrjgj$w
7aa$w+m$q
vpmq$|kirm&aap+ueqba$$$m$a
$aka):kiwaar}$aqgpa
$wg:va$mpgq:vg$br:va$
wg8vwgh
*p$a$w$`Ej&)>w>khM98$&&hra$e$o
u$T&a&$e$vk$qp8$$$gma$wH$a$aphc`wA$vH9vwkiiwa$9aaw@
\@Cp@iM@TaM\
@TCh@J+Ta@JJw@@wavE}TM\JC\JEMEpMC@8@wM
CeJJ\CJ@ETa$::MT\w@Cg$c$@kCCE:@@w\Ma@TT$
M@m@E+C@T
M@Jpf\mEaM@a@
JC8@$@M\\}\J$TvCMJETa@\Jr@q@\@ET
EMa@jE
+C@ET:pEb8`Ewm@@q@aMTv@TEaETa@\
hTJ@7=7<8^;=;21
W8;01j:~4;53@;<?;`94$
<{000:o0~<0;00;i0<;0
0;2;;@4474!:V|A00:2$X>5>[0
;7<0[7
45m4>4
01911!79:G4Dh7Z262
17m1112
7*f5175547161
,'77v36
0574]3467 0I
7:5+677
7327277
340b676
1Ct436271
42732077|74717145|0C0
q242174
?8>;>>: ;>g>:8;=<;~uu;0>>
<;<n<=?^=>>;p:
;8>>{;M=98;
Z>>?9?
;88.?3>8}XQ[9>>>=/
nvGP; >
98p3&;8>:=<;:
49>?{<><>?99K:<9?
>K=<?9>
>?8?989?;
=6?3(3D<3<<m2=>8>1010=D0<=6>
2<um3<*H==Df2<%3H=6>
310H3s~
K00392>]D0DB
/D<0C<gDJ4s154XH31?<
2>1<04?
?\6_U6<?2yZ8
?;18;`VV`5)???:95?6?6985;
'Cu554584
p5:??D?N;85?8
?W5F4l:?;
8^98\??5?94J64:8::
?P?88,^Z;8?Z:
?*?;5?5
8k?D5:;;;4?:;K:;,86
?:$9*N:3*V
?29*<<'
8Q4019
$=[:1L2,J890Y1=hI8=<(=2*<912=0L+Y
>:872<3 3;8193<=#8=j*8:
*888?:209"90==
2=0=q71411>8y80W?78:E1L~>0
<,I;2;=42h5?;7;2=
;473;0TB43;0,:
(0;0e=
;75AY3><?M;;MW7]
>223zE>
;d6-4~
p:>>1:3? 5;D5'68d4030
>;24y>3:
4>>=00
$2>s=,
;>0<: :6>:
;509.13
0r>>50
7115 1tG>
Q::>:>
>4?[m;1
>5088>?u
=/>=<$><(>
>9!]9908
77H79d
6 8969087(7
7708`7P7077
787478
7677<877D7776$0
70077,
70077 7`77h8L777
8880977@\8
0000>10>
f]ducm
8z;G+?<C
2Jp q5J
gnQbTSWB
"Vb@*?t8R<zS&F
mRoYG(
hfM~~qD8Z*
\clj^c
GetModuleHandleA
GetProcAddress
KERNEL32.DLL
iphlpapi.DLL
GetAdaptersInfo
USER32.DLL
GetCursorInfo
CRTDLL.DLL
ulib.dll
??0ARRAY@@QAE@XZ
ntdll.dll
RtlFreeHeap
lQ+QQQf
UWVS|$
t$dD$\
T$L3;\$L
t$t#t$lD$`T$x
D$t#D$hl$x
D$t+D$\$
D$@d$@L$@
;s#D$H
t".)D$H+r
)D$H+r
L$H+t$`+
T$8L$PL$xf
D$\l$TD$X3|$`
D$`L$D
;s`)L$4|$4
t$4D$H|$t
D$`D$t+D$\
l$8f++
D$T&++f
T$TD$PT$PL$XL$Tl$\D$\l$X3|$`
;s/D$H
;s;D$H
)D$H+f
t$(Nt$(uL$0
T$,|$`
)D$H+f
l$$Ml$$uP
)D$H+f
$L$ d$
p4$Ft$\tZL$
9l$\w`$
BD$tIt
iphlpapi.DLL
GetAdaptersInfo
KERNEL32.dll
GetModuleHandleA
GetProcAddress
CloseHandle
RtlUnwind
GetModuleHandleW
USER32.DLL
GetCursorInfo
CRTDLL.DLL
__GetMainArgs
signal
ulib.dll
?Initialize@ARRAY@@QAEEKK@Z
??0DSTRING@@QAE@XZ
??0STRING_ARGUMENT@@QAE@XZ
??0ARRAY@@QAE@XZ
??0ARGUMENT_LEXEMIZER@@QAE@XZ
ntdll.dll
RtlFreeHeap
0HB.R%
v/\c -N
\@5q#1
GDf<s3nc
`HB+as
(LqKsV/~7St
i#RV%[!FCK
.J5|[6
B+ynbI
3JQX89wK
2xl%$Y:K)u
%XJZA~{
k\@fUS
nanCIZ
L�j�k�k�j�K�U�Q�e�&�w�'�t�Q�Z�@�|�^�J�s�G�s�@�.�+�#�v�h�O�&�F�e�J�'�Y�'�^�^�'�q�V�E�Z�*�k�@�O�<�B�l�-�o�$�-�G�v�.�W�*�k�I�B�*�c�K�)�X�v�#�&�F�l�?�i�K�W�S�k�i�+�E�r�Q�X�{�t�n�m�{�D�f�l�B�)�v�y�O�.�)�Q�P�*�H�x�
#�)�>�;�j�x�w�(�e�@�M�N�l�g�
O�P�W�X�}�.�:�(�s�L�V�C�D�n�C�k�k�$�@�L�a�Z�D�@�(�T�.�o�p�
u�*�g�u�U�j�&�i�P�(�T�m�W�W�Q�#�G�K�W�}�%�s�
R�#�*�k�o�L�D�o�h�u�p�V�Y�K�j�(�R�b�Q�y�M�*�Z�&�b�Q�K�)�Y�u�?�u�T�C�P�S�>�|�R�:�b�J�e�S�M�j�(�@�O�X�M�#�H�j�<�P�.�^�G�F�u�A�d�:�
e�k�m�,�l�J�K�,�t�O�s�X�W�
)�V�j�R�E�-�o�Y�
$�)�%�O�|�E�Z�l�J�M�i�X�L�.�e�r�J�$�O�!�'�z�v�F�c�j�A�v�H�>�}�A�{�t�q�V�)�?�>�l�^�Y�m�@�@�p�y�K�t�k�<�y�U�
Y�V�&�w�X�$�A�&�'�G�+�'�g�U�^�
O�U�v�G�n�,�
F�;�>�X�)�?�q�X�+�(�Y�g�#�<�:�!�:�<�'�)�?�.�V�,�j�Z�C�W�&�!�l�S�V�k�U�e�f�W�*�!�l�:�h�E�Z�b�$�f�a�<�{�%�>�F�N�N�V�S�
x�}�g�:�U�F�e�H�^�m�,�w�O�(�d�g�g�}�M�x�}�'�E�<�}�I�e�F�H�U�P�H�J�m�{�^�'�c�>�u�i�z�y�A�X�h�r�{�x�p�V�}�y�a�q�
W�j�&�i�h�-�Z�
u�U�#�w�k�W�?�W�#�>�-�B�J�Z�L�'�C�z�^�M�o�y�
}�)�L�a�f�y�Q�K�Q�J�y�g�,�i�O�^�h�}�}�#�e�!�f�V�m�^�
e�^�i�L�:�K�s�X�k�y�C�d�n�q�%�!�C�j�>�'�f�z�v�b�:�n�M�N�^�x�I�P�O�k�U�d�>�$�W�j�s�@�S�(�I�L�m�|�;�%�x�w�|�v�B�X�b�h�Q�P�E�m�)�)�|�y�+�y�M�g�i�i�@�O�o�I�P�<�(�+�E�x�z�B�C�:�-�'�z�(�p�z�Y�x�%�r�:�V�+�|�t�>�:�s�N�f�q�#�Z�f�G�}�,�P�T�(�M�}�W�y�<�{�a�y�u�S�Q�
|�Y�-�C�e�(�L�u�n�@�,�^�*�p�t�a�#�B�u�X�.�L�N�U�N�
t�<�P�#�f�b�i�?�d�o�E�M�A�:�l�.�l�'�
d�'�n�C�x�y�C�(�S�#�f�B�k�W�r�d�f�d�|�d�+�,�?�V�h�(�<�|�<�,�{�)�l�l�s�X�:�F�I�?�E�
A�g�|�F�G�k�(�U�
$�!�p�b�}�B�
}�*�Z�{�y�a�M�l�e�M�q�Z�N�U�V�X�*�
G�@�@�m�*�a�
K�L�c�q�x�S�
E�{�@�t�'�k�o�y�K�N�h�O�i�s�c�W�Z�F�;�v�<�+�S�
w�n�H�!�?�G�y�
b�K�'�D�D�F�c�x�R�(�m�
W�n�-�d�+�H�|�$�h�j�L�:�g�0�r�'�H�e�q�}�r�k�C�g�i�S�&�{�b�@�L�Y�t�V�J�'�j�H�F�@�P�y�U�|�O�T�%�@�}�Y�r�$�B�@�I�M�C�g�v�l�h�D�
N�N�O�l�w�K�c�<�U�a�*�g�z�w�U�v�P�K�t�e�f�:�#�D�X�S�C�{�l� �L�&�u�M�$�e�@�S�a�;�P�?�g�k�U�(�Y�z�M�T�?�v�d�D�C�!�F�m�p�,�U�x�
)�M�V�K�X�b�j�Y�c�z�D�!�P�-�x�:�^�p�Z�
Hosts
| IP |
|---|
| 114.114.114.114 |
DNS
| Name | Response | Post-Analysis Lookup |
|---|---|---|
| dns.msftncsi.com | A 131.107.255.255 | 131.107.255.255 |
| dns.msftncsi.com | AAAA fd3e:4f5a:5b81::1 | 131.107.255.255 |
TCP
No TCP connections recorded.
UDP
| Source | Source Port | Destination | Destination Port |
|---|---|---|---|
| 192.168.56.101 | 53179 | 224.0.0.252 | 5355 |
| 192.168.56.101 | 49642 | 224.0.0.252 | 5355 |
| 192.168.56.101 | 137 | 192.168.56.255 | 137 |
| 192.168.56.101 | 61714 | 114.114.114.114 | 53 |
| 192.168.56.101 | 56933 | 114.114.114.114 | 53 |
| 192.168.56.101 | 138 | 192.168.56.255 | 138 |
HTTP & HTTPS Requests
No HTTP requests performed.
ICMP traffic
No ICMP traffic performed.
IRC traffic
No IRC requests performed.
Suricata Alerts
No Suricata Alerts
Suricata TLS
No Suricata TLS
Snort Alerts
No Snort Alerts
Sorry! No dropped files.
Sorry! No dropped buffers.