0.7
低危
DACN
0.14
FACILE
1.00
IMCLNet
0.63
MFGraph
0.00
反病毒引擎
未检测
暂无反病毒引擎检测结果
静态指标
动态指标
该二进制文件可能包含加密或压缩数据,表明使用了打包工具
(2 个事件)
| section | {'name': 'UPX1', 'virtual_address': '0x0000e000', 'virtual_size': '0x00004000', 'size_of_data': '0x00003c00', 'entropy': 7.8826026615026645} | entropy | 7.8826026615026645 | description | 发现高熵的节 | |||||||||
| entropy | 0.967741935483871 | description | 此PE文件的整体熵值较高 | |||||||||||
可执行文件使用UPX压缩
(2 个事件)
| section | UPX0 | description | 节名称指示UPX | ||||||
| section | UPX1 | description | 节名称指示UPX | ||||||
网络通信
与未执行 DNS 查询的主机进行通信
(2 个事件)
| host | 114.114.114.114 | |||
| host | 8.8.8.8 | |||
二进制图像
288x288
224x224
192x192
160x160
128x128
96x96
64x64
32x32
运行截图
暂无运行截图
该样本运行过程中未生成截图
PE Compile Time
1992-06-20 06:22:17
PE Imphash
14257997e0ca768516e946a837c52bc0
Sections
| Name | Virtual Address | Virtual Size | Size of Raw Data | Entropy |
|---|---|---|---|---|
| UPX0 | 0x00001000 | 0x0000d000 | 0x00000000 | 0.0 |
| UPX1 | 0x0000e000 | 0x00004000 | 0x00003c00 | 7.8826026615026645 |
| .rsrc | 0x00012000 | 0x00001000 | 0x00000200 | 3.3640239376570715 |
Resources
| Name | Offset | Size | Language | Sub-language | File type |
|---|---|---|---|---|---|
| RT_RCDATA | 0x0000f0c0 | 0x00000080 | LANG_NEUTRAL | SUBLANG_NEUTRAL | None |
| RT_RCDATA | 0x0000f0c0 | 0x00000080 | LANG_NEUTRAL | SUBLANG_NEUTRAL | None |
Imports
Library advapi32.dll:
• 0x412124 RegFlushKey
Library oleaut32.dll:
• 0x41212c SysFreeString
Library user32.dll:
• 0x412134 CharNextA
L!This program must be run under Win32
StringX
TObject%4@
2 TdANPL\
$i-G;C
4Z]_tso
^2O;rl
w;{;t4
+E57=<^
HI7Duw
IFvtjFHFk>5
fJP`Hk
;s[s+D
t tn/&
d2d"hCp=5vt
"]x-]S%
ol|AJr
Er";p
$QjJXuZJ
+bTU}C
Lpe7c:nMd
;W*W0K)
K#%Ni0
N/_,=4
Y 1!3*Ee
ty20a/|BWu
M$' *
*]Q pr|
itL-c}
p8fARr
?W[ah7
iY t0tx
-`c9~K
zlPRQ:vpXu{1
T=t1|9
1+-qn5
,do>3Q782
w`t -g
<~,f_EP3oGEk<f
b\{>\H
lDqsr{#n1F
$(d@B"@
$X+Kps
~Hy[wh
'6#|@!
3g ZHQ69sk
Huv=,o
\Fi`0{S
#X?;EPWU
]hPh*je(
vtfff=hr/Zkh
=w)f%.
hv)#-HS
=v{H1`
TCt$ts7
v{4^h)RM6Q
.0 EG,&P3
SOFTWARE\Borland\Delphi\RTL
FPUMaskValue
V7rt[g
ugjV5V
uvY. Ihj!W
fIY.kFX
B^8V^2f
XFm^^aZS|
$mP0TC
AA]'u[3
7K9Z7Yxr%
w (P;`{
1P<\9tpH
0QAxs+/e65
;3gfe]
RH6\9Zd$,]W
-="/U4`
r6t0R=
/'=t&,*7Z"
R&n,th
%9u_[k
.H[@]pp
L"#@]W_$K0vx
XZ&l;x
7v"'(;
~$PlPV .5ZD
-<Z?1[-
nCaAx;
_kvlvn
FKbQ;;
/vOEpP^`
J+~wZX$5
%! 9uXJt
wR8'~#`
;8t2S6,6
WNsX-X&J|
9}hv )
HR#_m0N|*}&V~")
@;1OW75(Jx
M5^>tWL~H
m7D9|
i%>QV\v,
/_>/d.TA. +
ffG{jf
H{9D?x/
O8"$$zJ
[1,(6DSG}97@
kQf@#BU
D 1p .|
A=mEMo-B
u&d,ecC2<+}
SzFk0T#
H=1o1-Yg
N""Ub)SQ
S(l*nUR
KMdkD[>
HxhHEk3(X.
kernel32.dllsGetDiskFreeSpa^gnceExA
F|@@e!/
r2rFs-
@Pl{@H
TRegtrySu
;\[Zio
;T<7n^:$
! "Hj'(R8
`I8G&3*i
Error
Invalid r~
Name: )NfC!ZBt,zb!
D8@?,f;.
6,,]}2}*%h
;JD&EU)!/
34olg0~
@eFeA}
~Q<A&-
B(<<-x~
V,C&:T
da%ta eaw
Cr5&LM
Lr@&[@B
C#0/1OK
l!9SNg>>1256789ABCDEFGHIJKLMK
NOPQRSTUX8abcdevghijklmnopqruvwxyz?
`_JSZR#@$p@p
(6,'O048y<@DH7<LPThR
7Tmapi
PhFil7P;sA
shlw"^ot5tcCon
HNfr&F
lSCf1kM
QAC0NF7KSH~
.`w<2x$d
?ZswT?
~:SOvZ6
,9#5;wx
WDAcW7
,::&:rMa
2|%7K8$D`
jav*4u`"
Es@3v}UhLp_0,-
oVuvHn(
j[^}s\.dZ
l6&S@_
CO]7VE
H{:4<<u_h$
<@]1rwR]C<
p(A)}2
.ex6@'
{!BZCh 2kI6|
9,8Cd<
4tware\ed2k
ac9MtL
;YdaxK
@LMicros\Windows\CurntVersi
on\UYsll
orpheusvb
H8A o(2.0
NWISE.EXEC
My Shd Fold <@jb+Tc6!
D@dGH&
-7P2{v!5h,
XT!1`S`XXzGdc+$l{scBsV8di
Kazaaw
WXf"R!
R~%\LocXy7,tDC
sablev+f
@^I\ g
Pg_[6[`^[$lZ
xcnads@
7'h-$<hXhm#
(G7S;i
Y6'P4Ce 0
]:l&92jpS.
!KA~2Hk5hta
-kB&[[{#VN
OAmj!0AKt
lQ\DCCq,ox
<4\TR",j
%'oXpgL
F'E G;3]F7M
TjZ.S<
d_O+!;2x
\4:$Ru71 F
at 0& 7
hO\.h [
Go[ogle
3Messag
System`{
Init*KT
UTyp$Util
SClaJ#<Acl&GB
WaitForSinA
StdHBDr"
Proc%cAddrm
iz0dVirtu
All,6a
vdIda<pjfoA
Last{Fomm
brFyxiA
=WHUnhA{[
_OS"PoM
E+n)Of7Rtl:wi
Y+#SBAd/RDTlsy
GY%62@P6i ,&x{
OnKbvey
n](brdOBoKCh
;Ihow0
CODEt^
dBSS%4v!f\T<.iNKJ'
P'eTws
Ap'sr&G]
KERNEL32.DLL
advapi32.dll
oleaut32.dll
user32.dll
LoadLibraryA
GetProcAddress
ExitProcess
RegFlushKey
SysFreeString
CharNextA
@_jqMv
k_,OlP)VJA
x{+#o*
.z|Z5P]
U5!((fb
mnC'p#K
Tk9~|@ lrsKK^p
8 zyg7pj
|;uIyQ?]
}R\;.M
+JO_EG
jo!^Hy#<
o=x~._?V
h=y-LIe{Pu[TP
7nyk[Y
xM%HUDY
nqkP)8
-+Oy`LB
~$\Y.P^
,^nv[4W
t)[vEIa?
1:@]PPQzK
OSpXZ|
&OdB&J
Xo?k^mtN=h-
i$w'O{"v$T'-FW?
bdF.]i
REkHUln\{,Rj{Z
laNoB3
.8|\8(VNGk
;:7tP"`C
eC,9$[~LVi
?VHXHw
+c)8\"A
0RlDEY
ffQ\ZyK)xzy|@jQ5n5
uhft]A^=
/=N"1@
k/F=@"KK
^Y)aCf
vuqNO'
NI}/x7'v_4 T2
WfZ&68a~,z3L
o=P(*2w
i}{+ar
J{-|RYZ#U|`Vw
g0w`C=h
9PZ2;-+
$ '(P#e}zH^_[j
gs2dMP
<jGp(O9
sJ<9jO3|
S3:V(wD
9)K|df8
1iNLjy
H\KWTj
O'F>_|
L(8I13`$
5)NPY0>
<]_l9L,m
;xO[,\ ;j
Tz&mkc
6>5W TU&O
AJWMaAUda
>R4k H@
d]\fVUqi
n(}KS>SX
`bcJhwtu/f
PoB -q
RU3@/'
/03QJX
0NzmtZr+z9
pi@S@EM5
Bj\Mm:S9;8D
ugQ620z!6&%eG
Vo~_'?i
FVJZWg
izv0c.*t[
GU;URj
#&P=CfDQ0
Cqyx+TJ2H[
1ITYk<
`f)M w
Gk=mvP8R^
Z/QeE|
lpbp$s"r*<kDA0\+cgN
t{{+;@T4?
IL>0]Gx
0(p[p
W1\5oA.
#kt FWDC
|Z??"ujm!bfL
_,gQM@
Z/'Og{@j
?1N,%f
*34R=Fm5
a&"s]z!a
3tV8,CJ+
Eaz$n)
iNO/x7d-rH
?Rquq,>
2gWH)<
P+.gan
cc_Xd[)BD}{,g
2=hgvUr
0n"#.[s
|/kn khG
D:}Y>x)/"Am
yCf#pK
Ge;rd$k
ah>vk)VA
@G='i^
imw_2JUG0ra/6y
LsJ~qM)+n
'=L:Q~
~MZaT9=B
2X/_cejE~h
R~Aii@2(_
z~dS <
;6\{QC
R~[655
,&+~1O
A'U+En
~hB|a 3w\
n` q=>
3h&\!H
>X`5\U
$l(*>0T
C{"B,U2
--cV;0_+*[
$vP8/,
#B;!Lvjok3Do
tzr6qn|q
\f?!H(
!~_k(L0g
+G+vx3TVT
*Mn?ic
;,+_9Q22eC
o]@,;)NUFs\B#sg2 =
r`m-Mp)
6xH k"O3
^l2x_U/
n<.%nBD
iT2t*m
_}=Tq2EJ
k]rfGn
"v6DIbDST
Is)~O`Q"
oRxYH_1N5
@ fw&yUc>!J .0u
d}8i:[
Qki{0uD
RQe<oL1+&9j
Zkg_2S;
-x{b@T
Vtq\bX
!r_xQd4W:0XB
5dF"-L
B\JE6l
po%^,]
=?:ZI`h^},b@
!5IM0g?
R/CpxZj
X|"m@iEYMcuD6c 'P$;1aG
IWV-K(
qh)sNX
;80qW6
6AOk&I<$
8a%/ko81
cm8,T_
o.6?lJ
n'z50":#~)WWV
;mv)_?i@
7Wy6B3
hUP_([NEH7hgR4
T>C|!+ne6\-/
&CmKmE
Z=Nu9'
sSW<(dykVS-
aO/HGDK!W{%
O?.c"5
6@3%s tt:
oz2M;Q~|]
>9 `l\w
R p.Ges
0]w`RH!
u`gv$|}
ZL ['&mR
C6[Z1fwX4Qe!H
u/LO}'%
w-#9'Z.{
R+l<Xh
fXwT70
{x\>4B
Y:ricfom
y+%FAGW
J]g)r~0c>^u
n;E58Kq
~E!`N )m
'2}g77(
x82rlR%
%D?=JW
ke|p/8e
d4KVYf3& `
lR%{W;
dVHmI/
)hyPzG
;^ViQnj
b;Yz1rE!
;F}S:/X,
[kEwD33A
E F2J_H
}BPpu\
#iQ&s7.&
`VK=^p
A}EoI\6!jRj=
9z8tb\
g Pa{H
}qY8'Wri/"b
D/\.X*'
{K<h|T~
H%8QvV.x{kW
\i=6D-@K
ODH\~Z5
1a56)REN&
kz8tBb17$*/
X8q6]`VyvV?
#54sCE$
UpB^w5G
"m+8)S
J_7q'lV
;([{-J~cf
v[i9.<J"
!m!M^CUL
dtuu~n
I^*MOq
67@8Gx
D�V�C�L�A�L�
P�A�C�K�A�G�E�I�N�F�O�
Process Tree
- 054eb88682a1d7e361cc060796a172867abecac58d5098cf3d753a2acd4dbc28.exe (1856) "C:\Users\Administrator\AppData\Local\Temp\054eb88682a1d7e361cc060796a172867abecac58d5098cf3d753a2acd4dbc28.exe"
Hosts
| IP |
|---|
| 114.114.114.114 |
| 8.8.8.8 |
DNS
| Name | Response | Post-Analysis Lookup |
|---|---|---|
| dns.msftncsi.com | A 131.107.255.255 | 131.107.255.255 |
| dns.msftncsi.com | 131.107.255.255 |
TCP
No TCP connections recorded.
UDP
| Source | Source Port | Destination | Destination Port |
|---|---|---|---|
| 192.168.56.101 | 53179 | 224.0.0.252 | 5355 |
| 192.168.56.101 | 49642 | 224.0.0.252 | 5355 |
| 192.168.56.101 | 137 | 192.168.56.255 | 137 |
| 192.168.56.101 | 61714 | 114.114.114.114 | 53 |
| 192.168.56.101 | 61714 | 8.8.8.8 | 53 |
| 192.168.56.101 | 56933 | 8.8.8.8 | 53 |
| 192.168.56.101 | 138 | 192.168.56.255 | 138 |
| 192.168.56.101 | 58485 | 114.114.114.114 | 53 |
| 192.168.56.101 | 58485 | 8.8.8.8 | 53 |
HTTP & HTTPS Requests
No HTTP requests performed.
ICMP traffic
No ICMP traffic performed.
IRC traffic
No IRC requests performed.
Suricata Alerts
No Suricata Alerts
Suricata TLS
No Suricata TLS
Snort Alerts
No Snort Alerts
Sorry! No dropped files.
Sorry! No dropped buffers.