1.1
低危
DACN
0.12
FACILE
1.00
IMCLNet
0.87
MFGraph
0.00
反病毒引擎
| 查杀引擎 | 查杀结果 | 查杀时间 | 查杀版本 |
|---|---|---|---|
| Alibaba | None | 20190527 | 0.3.0.5 |
| Avast | Win32:Evo-gen [Susp] | 20200131 | 18.4.3895.0 |
| Baidu | None | 20190318 | 1.0.0.2 |
| CrowdStrike | win/malicious_confidence_100% (D) | 20190702 | 1.0 |
| Kingsoft | None | 20200131 | 2013.8.14.323 |
| McAfee | W32/Worm-GAT!132137C7D899 | 20200131 | 6.0.6.653 |
| Tencent | None | 20200131 | 1.0.0.1 |
静态指标
动态指标
该二进制文件可能包含加密或压缩数据,表明使用了打包工具
(2 个事件)
| section | {'name': '.text', 'virtual_address': '0x00001000', 'virtual_size': '0x0003be78', 'size_of_data': '0x0003c000', 'entropy': 7.192474015873358} | entropy | 7.192474015873358 | description | 发现高熵的节 | |||||||||
| entropy | 0.8602150537634409 | description | 此PE文件的整体熵值较高 | |||||||||||
网络通信
与未执行 DNS 查询的主机进行通信
(2 个事件)
| host | 114.114.114.114 | |||
| host | 8.8.8.8 | |||
文件已被 VirusTotal 上 45 个反病毒引擎识别为恶意
(45 个事件)
| ALYac | Trojan.GenericKDZ.57996 |
| APEX | Malicious |
| AVG | Win32:Evo-gen [Susp] |
| Acronis | suspicious |
| Ad-Aware | Trojan.GenericKDZ.57996 |
| Antiy-AVL | Trojan/Win32.Agent.icgh |
| Arcabit | Trojan.Generic.DE28C |
| Avast | Win32:Evo-gen [Susp] |
| Avira | TR/Zusy.BQ |
| BitDefender | Trojan.GenericKDZ.57996 |
| CAT-QuickHeal | Worm.MiraPMF.S9824232 |
| CMC | Trojan.Win32.Agent!O |
| Comodo | Worm.Win32.Mira.SG@72k617 |
| CrowdStrike | win/malicious_confidence_100% (D) |
| Cybereason | malicious.2d5dbc |
| Cyren | W32/TrojanP.B |
| DrWeb | Win32.HLLO.Siggen.5 |
| ESET-NOD32 | Win32/Mira.G |
| Emsisoft | Trojan.GenericKDZ.57996 (B) |
| Endgame | malicious (high confidence) |
| F-Prot | W32/TrojanP.B |
| F-Secure | Trojan.TR/Zusy.BQ |
| FireEye | Generic.mg.132137c7d899720c |
| Fortinet | W32/Agent.AJFK!tr |
| GData | Win32.Worm.Mira.D |
| Ikarus | Trojan.Win32.Heur |
| Invincea | heuristic |
| Jiangmin | Trojan/Agent.iezf |
| K7AntiVirus | Trojan ( 004993691 ) |
| K7GW | Trojan ( 004993691 ) |
| MAX | malware (ai score=85) |
| MaxSecure | Trojan.Agent.icgh |
| McAfee | W32/Worm-GAT!132137C7D899 |
| McAfee-GW-Edition | BehavesLike.Win32.Trojan.kc |
| MicroWorld-eScan | Trojan.GenericKDZ.57996 |
| Microsoft | Worm:Win32/Mira!rfn |
| NANO-Antivirus | Trojan.Win32.Zusy.ethqlz |
| Rising | Malware.Heuristic!ET#100% (RDMK:cmRtazqHsHt2kGuT+AIDKzrBqFog) |
| Sangfor | Malware |
| SentinelOne | DFI - Malicious PE |
| Sophos | W32/Mira-B |
| Symantec | SMG.Heur!gen |
| Trapmine | malicious.high.ml.score |
| VBA32 | Worm.Mira |
| Webroot | W32.Gen.Bt |
二进制图像
288x288
224x224
192x192
160x160
128x128
96x96
64x64
32x32
运行截图
暂无运行截图
该样本运行过程中未生成截图
PE Compile Time
2014-02-27 14:41:59
Sections
| Name | Virtual Address | Virtual Size | Size of Raw Data | Entropy |
|---|---|---|---|---|
| .text | 0x00001000 | 0x0003be78 | 0x0003c000 | 7.192474015873358 |
| .data | 0x0003d000 | 0x00000260 | 0x00000400 | 0.0 |
| .rdata | 0x0003e000 | 0x000024a8 | 0x00002600 | 0.0 |
| .bss | 0x00041000 | 0x00004890 | 0x00000000 | 0.0 |
| .idata | 0x00046000 | 0x000008a4 | 0x00000a00 | 0.0 |
| .rsrc | 0x00047000 | 0x000067b8 | 0x00006800 | 0.0 |
L!This program cannot be run in DOS mode.
.rdata
.idata
E;Es9}
<t6p t<~ @tO
x7EZ[^_]
UW1V1S
eEEE$@
++CCUNG
pP EtB(dB$
R \tp@$
hUhU`hu
llU6hU(Et
E!t#XtEXM~t
$]u}E$@
UpPl1|pl
;u ]]$}}
4$Yt8 M
]1u}];] tIF
UWVS|U$E
E|[^_]
1|[^_]
UWVSL}
$$NaHaJa<3?@;<|<<<<<<<<
J]<E]I5
G!<U<<
|<<q<<<@=@<<
}><<<<<L<<<
<<<<<<<<<<<<<<<<<<<<<<<<<<<<j
aT<<U<<<<
]|<q<<Y<<<|j
Jd<<<]<<<|)j
<<<<<<
<<<<<|<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
v<c[O<j`<cr0
D;a^;r
r(e<6<Q
(^j`<sX
j`<J<^;r
%;|y!3y!3y!3y
<}vj`)<y=<&@yU<j.4<I
(t<l6q
t,`yi<.
rTy<&,y<.
r@ry<,
`ym<,-`.
r@.4tQE
-<z;0_<
l(j`<u
l(j`<u
]<!3y!3y
$p<,.8
rv,`yUz?.
t,.,W=X<
D|i<t,`y=,
[;;Svy;
I;<y=,n
;,`X(:<$&K;,~
G;,`X(:;
;;y)<&HX
8J<S/;A,<
;<X(U;L<l;
;,`X(!:;t
;inW(e;R
0rIn'r
";j-`<j`<yi?,-`0n
;,`yi<&@X
F<i<q=X
(a;r@.t;
(Y;l,-`0n
;,`y%<0n
-<bPMa;N
;^TbPM];
(a;r@jnt=$;
;,`yY<
;A-<W'
;;J^v;s
;;y<&@z;r!<}<jnh
0nprLK
<X<KG>,
<;;y<&H
(A;r<<
<@</l(j-`A
;,`yE<j-`C
;,-`0n
;<y='j-`<0n
!>j-`<0n
;,`y\>
sqv*r;
;dDR.;
i+."yq<,n4
;,n0N;bF
(7<t;Rqt
;<y1='K
|<j-`<0n
;,`yI >.6
;,~ N;bJ
(7&;tq;
87a6d>
07t};d
0n<j-`<0n
{l<&9@;v
(18r@BR
8<|'.~
;<y?.v
;;y9<0n
;;y?0nP
!3y!3ylr!
<,',`y<,'u0_<
2&@~r0b<
..,Gfy
2T]SI;,
l(,F0q
yE;.>,
Y:t},%
`y%<.>(
Qry,$@;
y;,q~0>,
=i,+HY
X.>(kr~&X
r~.>(Y
|<G<0<
?ml(,KGx
$l5a<]O
<K@yttt0F0
UDfyG<0<
r,E`]<tB
y);.>,
r,yy;06(
gmQGfy
>lt.6P7
;m0st,`y<,J<,nQ,.;,vK
]<&>'1=t..L
(M;r~[<r
;,~l4,nUZ&:
>g'=2K
6<.nQq
;,=`..X
@a;v%,`yY<.nU_<Gfy
;0>y5;,n/;
;,ng.>
(U;t;ln'
:t;J<(K
;.Hin<W(?;K
.~=a,n
;0>y;,n'd+n
]X;&;06y!;'"in=
w<.>J<,~%
8];r~:t..L
<,ESn.
c[;z;.F
;('j#=l
;X;$t<X>$<
)<RWt;
8];t~,`X;$<
89;rPV)<JNy
rj.q)<X
8e;t,~t|j.
,nQr;c
<.~mZ0.
-<y;'j`<y<av
3,]`,E`,`yy<*N
!3y!3y!3y
l(..DXqG
r@;!0<
tjLzQZ<0b<
l(..DXO
r@"K!0<
l(..DXO
l(..DX
r@J!0<
l(..DX
r@J!0<
c^AL<&P
{DT0_<
<cr!fy
<cr!fy
l(..DXqG
l(..DXG
r@9!0<
l(..DXG
r@9!0<
DfyG<0<
l(..DXH
r@R9!0<
l(..DXH
r@29!0<
dAyG<0<
vyl(.6DX<
j.,<X<
rH,-`;T
..$K<,Ur
t.L}Y#!0_<
ht[<t.f8
L|7|l:
rt,=`,-`..H
@y;'<'6;
T,t,-`z7m
]t,,D|wy
rrpB7m
rrt,-`..L
t,KGcF
;j0H<z
bgtvarIr5m
k<t5.FLX<
rrt,E`,5`..H
K%er&>7K(>iP<<
kr}(KG
tU+DmG<0<
tQ.YLzu;,
K%cQ0-,+Hcl
'~=n28mc(K&em
l;='2;r2
..>(<t=(j.
<St=`<
t=..e;eK
On1<n;
$l=gS='F;tU*Dm
;|y!3y!3y!3yO
<r99yct]+@zu;&?
n+k<t0J
K%cQ0-,.z;j.
<z;..X
tQ,*Dzz;.>
V;.6X=%5;
ot.rrt,5`.>P
;r=i:l=K
t,5`.6X
<X<}<9Q9y
<}t.FP
mc'..LK<j,H<XB
sDT0b<
rX,-`j;mK<
a,T0_<
wrrP;mK<nP
<0E,2sl'&;'&=i<.,@
<tj. <
;m'd;lu_<
w~;K<,
7|&;(:v<
<mc&h@~
sGfi`;
<j0@<K<6;yG<0<
i<,e`,-`[<rt,`
te,Y&B
R&B~l5
r(fl=\.>L
t,e`,]`,=`.>P
d!3y!3y!3y
l(..DXP
l(..DXyJ
r@;!0<
l(..DXyJ
r@r;!0<
$<<y<0<
l(>Dyu;,
$l;!0_<
,T3y!3y!3y!3y
<}t&fD09
r@:yG<0<
<}t..H
$<ya;0b<
`y<N:y
<!3y!3y
l(j`-<y<lG<0<
cr@,F0
$[t.^4
c^lj<D
l^X=$;
;j`-<X=$A<z;j`-<X=$A<z
;0<Vl]tY
cr@,F0
5n,<Xt"
c^Y6I;v]
vQ,`yMz<.F0
<y<~Vl]tY
;y;3y!3y!3y!3y
l\T0b<
]a4I]{
Q}Ya,<Zfy
!_t.^4
Wl(,`%
,`X;$8<
j. q)<
<2I,.2[StE,`9
+mQ(.&
U;"ym,
q'_j`i,<X=$tm<
-<X=;a&@2w
(p^;@<j
rI(,-`D)
u]\X=$0;y;[<
<j)@<zO;X
S!3y!3y!3y
W.!|t.,l
cM<,`y=v<..
crM,`y
T,<sr|iU<r3l
;y{<,`X;$;!0b<
l(>8t|ln8KGc!3y!3y
?T0<I<,
T0<I<,
j. )<y%s<..XN
l,`X=$
,`X;$<
,`X<$<X;[r@
j. )<yUr<..XN
l,`X=$H
,`X;$ <
<VtY,.
,`X<$<X;[r@
j. Q)<yq<..XN
l,`X=$x
,`X;$P<
<VtY,.
<X;[r@
cr@,^4
vQ,`y]q<.F0
g;tI,`yw<0_<
cr@,^4
j. )<yp<
vQ,`yp<.F0
g;tI,`y=v<0_<
cr@,^4
j. )<y5o<
_Q,+@XN
U<:XtM,+D
rI,`X<$
<X;[r@
cr@,^4
j. Q)<yun<
_Q,+@XN
U<zWtM,+D
rI,`X<$
<X;[r@
F!3y!3y!3yJ<,
}|<j)D<X<
<|<j)T<X
rF%<!,
}|<j)D<X<
<|<j)T<X
_t|([]n
t,-`..
[rt~j.
<stI.[n
qvQ,`yAm<&
HT0<VlUtY.>
r@R2U<V3tI.'G]K
`I;,-`0/H
cr@,^4
j. )<yuk<..u<i-<
;X=_rH2;tM..
r@fXvQ,`yl<.F0
rI2XU;..
cr@,^4
j. q)<yj<..l<i-<
;X=_rHB:tM..
r@vWvQ,`y
rIBWU;..
rq,F0~rM0.
q)<Xu]
$,;X=_rHR9tM..
r@VtM,`y5<0.
$<X;[r@
cr,f8X
u(9|,N$
g<8QrM0.
<}tj`<y]=<.<T
|<,9DF!0_<
u-;|,N$
$"<XD[l&fH,.1<j;
<(<tIj+X<
r|><j+@<
<.>XQ<G<0<OtI.F
r(ftIj)\<z;j`
,<X;$L<z;&H
K]ZX<$
U;Bt9,
Yn~,+P
GtGrMp:rP
U<=!3y!3y!3y!3y
l(j`<y;j
,5`,=`,`y;0b<
l(j`<ya;j
,5`,=`,`yQ;0b<
l(j`<y!;j)<K
,5`,=`,`y
l(j`<y;jl1)<KG
,5`,=`,`y;0b<
rj.q)<X
rP,-`@<$r
0{v$<s& ;
$%<Xq=;
xQ"& ;0.
rj.q)<X
rP,-`@<#r
8e;vi,-`j.
<Xq;& ;b
;,`yE;.>
8Y;vI,-`,`yeI>';
<\;l$,5`,`yE7<(*.~[rrPr
rj.q)<X
rP,-`@<"r
8e;vi,-`j.
<Xq;& ;a
;,`y;.>
8Y;vI,-`,`yH>';
<];l$,=`,`y6<(*.~[rrP
rj.q)<X
rP,-`^@<R r
8e;vi,-`j.
<Xq;& ;^1
8Y;vI,-`,`y%F>';
<b;l$,e`,`y
4<(*.~[rrP2
rj.q)<X]
rP,-`@<
8e;vi,-`j.
<Xq;& ;[)
;,`ye;.>
8Y;vI,-`,`yD>';
<\;l$,5`,`ye2<(*.~[rrP
rj.q)<X]
8e;vi,-`j.
<Xq;& ;a3
;,`y;.>
8Y;vI,-`,`yC>';
<];l$,=`,`y1<(*.~[rrP
rj.q)<X]
rP,-`~@<r
8e;vi,-`j.
<Xq;& ;^2
;,`y%;.>
8Y;vI,-`,`yEA>';
<b;l$,e`,`y%/<(*.~[rrPR
rj.q)<X]
8e;vi,-`j.
<Xq;& ;[Y
;,`y;.>
8Y;vI,-`,`y@>';
<\;l$,5`,`y-<(*.~[rrP
rj.q)<X]
rP,-`>@<2
8e;vi,-`j.
<Xq;& ;aI2
;,`y;.>
8Y;vI,-`,`y
<];l$,=`,`y,<(*.~[rrP
rj.q)<X
rP,-`@<
8e;vi,-`j.
<Xq;& ;^
;,`yE;.>
8Y;vI,-`,`ye<>';
<b;l$,e`,`yE*<(*.~[rrPr
!3y!3y
cr@,F0
[<rrPj.
<y*<0.
,`X;$,g;
g<UG<0<
cr@,F0
yo,<XN
,`X;$lf;
`[nxQ;
L<<|v=']^<
L<G<0<cr!
$<ZfyG<0<
z <0b<
_t(j.<
yQ,.(B=I.>
<_t~(K
a_t~(K
<;Kl9`c
Kp0<_t~(
St@!(O^_tA+D
rP.)@X=;a_;y;
rP.)@X?;aU:y
,`X;$c;
$};X@$~;z;,`XA$b;!0_<
ra<rM0.0
<VtU.6
HtE,`y);..
<|0)`,`X;$xa;
cr@,F0
ctM,`yM;..
$@<|K)`,`X;$a;
g<8NG<0<
cr^;r@,^4
vQ,`y=N<.F0
ctM,`ym;..
$`<|K)`,`X;$`;
g<XNG<0<
crqj.
yQ,.(B=I.>
<_t~(K
a_t~(K
<;Kl9`c
Kp0<_t~(
S<t|(K
St@!(O^_tA+D
$(<z;,
U<s1 .>
rP.)@X=;a_;y;
U<^s1K
rP.)@X?;aU:y
g<(f%;
,`X;$D];
$<w;X@$@x;z;,`XA$
];!0_<
rq.>HX
Y|,N$y
~<j+L<
r~(0<_t.6
c<_tE:D
xtM.+DX@qr@h=<.6
<_tI.9H
<_t=:D
3<+_/X<[t9.*L
4GtI.>
Gt@!,`
hgtY&=
g<=Qrr@p
tA,`y;..
$X;X=$|n;X><
%9;X@Sr@y
rq.>HX
u[|,N$yG<.>
~<j+L<
t~(0<_t.6
c<_tE:D
xtM.+DX@qr@
<_tI.9H
<_t=:D
3<+_/X<[t9.*L
Gt@!,`
@y-<.>
hgtY&=
g<=Qrr@
tA,`yu;..
;X=$l;X><
%9;X@Sr@ry
U1f@3I[<r
n'<U;..H
_t}$Ik
g<ta<rl,`y
=_t).+H
U<];l,=`,`y9
<_t)YD
GftI.Z@
Sr@br=..ut&<
'.6Xj<|
$<)wW[/
Wt=,1H
mKr@b
&@'i<l4m
$lo;X>$pp;z
s;Qr@j1K
$o;X@$p;|nt5,`X;$U;
g<`^'5.^
Or@`U<
t5,`|=t5,`|5t-.
t(,TrrxF;t?
u<tj.q)<X
^Cv5,`
jHs?v<
9<,`y2>0.
U/<Ge<
.3t|,.
$<X>7=
$$<Xu=3r
mQ,-`..
9<,`y,>.>D
,<y;j.
ml,E`,5`,`yE>.>D
uA)::
;,`|p9<\;l$,5`,`y
<(g.~{rrPw!0<
(a;vy,.
|j.ip,<X
$$<W(\;&
(a;vi,`
,Qn'{v$<s&;
+<;yrr@en
q/t!&=
,`y!=<.nt.f8
8I;ti,vj6,<
r@{l(0f
/7{:dS
i. ;Q}Y
;W(\;%
QxY&;0.
8Q;vI,-`,`y">X;y
q)<LsNj.
cr@j. ))<
<r=c}<j*@a
E<..XD
;,-`.6
t@!,`yu<.
HcrrU<&]U<.6I
rrH0@L[<rU<
r_r@B0A
}U<.6OL,]`^
rrH/U<[1
=,<K,-`..
-<I#F)
$;XA_=
L..LL,E`\
<yy;i<I]<mQI
4J[<rQE
=mQi]<W
L,E`,`yi;j.
r@v,=me
-<c8mQF
-<c\mQF
-<clmQF1
-<JsIFm
7Jrr@Kj.
<y1Q>j.
rtM,-`,`ym;j.
<I<.64K[1P
,-`,`y5;j.
<I<bqP
rrr@B*@{K.>J<,5`j.
$h<XE?
Kj`,<yQ;.6
~)tM.:HXkL
lA]NX;[r@rU;.>
g<p'Rj`
!0<I<,
-<4;I[
c]CZfy
-<T0b<
Gr@,f8X
+)<y51<..X<9<6;iCI.&
9<v5,`y1<.F0
<y!;&;
;y;,`X>$<|zrHj.
;,`XA$C;!0b<
Gr@,f8X
q,)<y0<..X<9<9iCI.
$d<2;I.>
9<&v5,`y
r-.{r)(.6
;ya;,`X>$ <|zrHj.
<yA;,`XA$ A;!0b<
q)<LsNj.
cr@j. T5)<
<r=c}<j*@a
E<..XD
<y;,-`.6
t@!,`yuh<.
HcrrU<PU<.6O
$@L\<rU<U<[I
p_rr@#A
-<[<tMF]
K,>KFA
U<pU<.6IL,-`[
_rrr@"U<])
$8;XA_=
-<I,64L
,-`..XE
cJ=mcF
SJ[Ja<rYM
L,=`,-`j`
-<X@$<XEGX,<
-<c_ry
g<=_Tq-<4L[
g<=-<4L..OL,&H
-<c$mQF
-<cHmQF
-<clmQF
-<u|mQ,&Xm,
`ml,dmZ,hmcF-
-<cmQFQ
-<cmQFu
43J[<rQ
K,=`,`y;j.
-<IK,-`[
rtM,`y};j`i
SJj`,<y;.6
tM.:HXk
cr@^zl
g;tI,`y-<j.
<;7tj.q)<Xy_
)V}|,Ny]%<,$
(U;t>K<,=`,`I<,n$
Pu}HkrB
;yEl<(K&cQ,nkv,~
n8KG(Q;m(D=tQ
;,`y-%<..D
.n& ;.6
&>'v<l4m
&B'<l4
;}@CIj
XrPb<r
|;.~KD
Kv$<s&;m;
;Jn29t;
%T;K;&@P<,=`,`
$$<z&;0b<
.<l!3y!3y!3y
fFmQfF,<T
fyG<0<
y<}t,.,
Bf]`irt,]`,`y53<&;
cQT0b<
`yY;',t.f8
`y;',t.f8
r@;r@,]`,e`nl4,
<}t.FH
F%,;!0_<
<4rP.>Py;r,
,`y9Y<
F';0_<
F'+0_<
rX";r2
`ya;,`
mlr9r@\<
@yX<j.
ct<|;y
F%8<!3y!3y
cr@,F0
g<t,`y<,.
U;fvr@j.
;y!u;3y!3y!3y!3y
<Zfy!3y!3y,
jv}<}t.
i|]]Yw
lA,<&0r<
lAi,<&
lAY,<&
lQ},<&
lQe,<&r=
t.Zfy2;[,
=<mc,=`,`yAT<ilY<
<^y;}cr!&P
=<mc,=`,`yS<ilY<
<^y5;}cr!&P
=<mc,=`,`yS<ilY<
<^y;}cr!&P
=<mc,=`,`y1R<ilY<
#\aiF!0_<
#\aiF!0_<
cr@,f8X
rqj. 1E)<y
l,`X=$<
$0;|y!3y!3y!3y
g;tM,`y;0.
T0<VU<..
[rPU;..
cr@,f8X
l,`X=$
$P;|y!3y!3y!3y
g;tM,`y;0.
T0<VU<..
[rPU;..
cr@,f8X
rqj. G)<y
l,`X=$<
$p;|y!3y!3y!3y
g;tM,`y;..
g<tY.>
g;tI,`y!
F!3y!3y!3y
vyj,@<X<
`yA;,]`,
`y;.F4
t,-`rp[<r
r(e<!3y!3y!3y
t..H>fy
t.>HT3y
j. I)<
gtM.F0
<1-<Js|]M>
rrr@j.
<y~;3y!3y!3y!3yK<,a,<
$X7;!3y!3y
@yM<,`y$<j`<
<y9M<j<
rt,`yAM<|F,
rxt.^4
t,^4.F0
<X<v},-`,%`yL<f(n
<p8t.f8
@yuK<,`y]"<,.
<yL<j<
rt,`y0<..D
F%HS;!0<
cr!fy!3y!3y2cI,F
cIfyG<0<
l(..DXP
l(..DXP
!3y!3y!3y
|j.u,<X8;$`<
t1,`y]x;..
Q"?vi,-`,`y
>Vt=.>
Cr%,`yx;&f
K;t),`y
u,<X-<$`<
t1,`y]w;0.
{rrPZG
l%]NX;;rPf9;..
$| ;!0_<
u,<X-=$`<
t1,`y]v;0.
{rrPZF
l%]NX;;rPe9;..
j. QP)<yu
Qr@FhvQ,`y%
g;tI,`y
Qr@gvQ,`yu
g;tI,`y
<}t..H
<}t..H
<}t..H
<}t..H
<}t..H
<}t..H
|j.5u,<X
t1,`ys;..
8Q"?vi,-`,`y>Vt=.>
Cr%,`ymr;&f
K;t),`y
|j.Eu,<X
t1,`yr;0.
l%]NX;;rPVa9;..
|j.Uu,<X
t1,`yq;0.
l%]NX;;rPV`9;..
j. V)<y
Qr@bvQ,`y
g;tI,`yM
j. V)<yE
bvQ,`y
g;tI,`y
<}t..H
<}t..H
<}t..H
$h;XIJ
<}t..H
$8;XIJ
<}t..H
<}t..H
<}t..H
<}t..H
$x;X1J
F!3y!3y!3y
|j.qu,<X
t1,`ym;..
HQ"?vi,-`,`y>Vt=.>
Cr%,`y}l;&f
K;t),`y
|j.u,<X
t1,`yl;0.
l%]NX;;rPf[9;..
|j.v,<X
t1,`yk;0.
l%]NX;;rPfZ9;..
j. \)<y
<..XAH
Qr@\vQ,`y
WtM,`yj;&f
g;tI,`yQ
j. ])<y5<..XAH
\vQ,`y
WtM,`yi;&f
g;tI,`y
!3y!3y!3y2
<}t.,D
i)N.,DX
Af@<b&|||<j)p<X<
j)D<X<
<|<j)X<X
<|<j)h<W,<
<}t.,D
i)N.,DX
Cf@<B%|||<j)p<X<
j)D<X<
<|<j)X<X
<|<j)h<W,<
j. `)<y
<sU;..
<VU<..
j. `)<yU<..
<sU;..
<VU<..
j. Ea)<y<..
<sU;..
Pocr@rNt.^4
$<!0b<
b)<y<..
<sU;..
<VU<..
j. c)<y
<sU;..
<VU<..
j. d)<yE<..
<sU;..
lcr@"Lt.^4
$p<!3y!3y!3y!3y
<}t.,D
j)H<W<
tj,PB,<X
DTj`<y-;i)`i)aj)@<X1M
|<j)H<W<X<
<|<j)\<WM<
%;!0_<
j. qe)<ye<..
<sU;..
<VU<..
j. 1f)<y<..
<sU;..
<VU<..
j. g)<y<..
<sU;..
icr@Ht.^4
<!3y!3y!3y!3y
<}t.6H
!3y!3y!3y
e6(K&cQ!0<
r,.L>y!3y
<}t..X
giFy!3y!3y!3ycr!
t,-`..P
<}t.,D
c"<X,<J
j)`&,<X
j)p7,<X!
j)Y,<X1
j)n,<XA
j)~,<XQ1
j),<XaJ
3}<\);<^7
+<x![<,
c<DTj`Y<y!;j)@<u
|<j)H<X<
<|<j)X<X
<|<j)h<X
<j)x<X)<
<j)<X9<
<|<j)<XI<
<|<j)<XY<
+<rQ<W#<
)!3y!3yI<,
<yu,<,Kr@
<,KGi5}
#\8mc#E8a
5G<0<Z
Q#E7',
YS#E7EaK{j`<y,<&@=K<
KHml,E`,=`,`y3;&L
!3y!3yJ,'0<t=
!3y!3y
fy!3y!3yK<,,<
G<0<I<,,<
!3y!3y!3y
l]b|y!3y!3y!3y;.rv}Fi
4j`n)<yM/;DT.DVmQ('tP
h,<L<,
4j`n)<y/;DT.DVmQ('tP
(!3y!3y!3y2cO,
-<K<\<l((/=ZaJ
i.F8Zf{<
'h0b<
cO(0N0
HTj.*}2#
C*}rIDm7
5*}j.*}
S*}rQDu7
cr'B=X.n<N
<,,P23
q;b#2#
-<Z}n;
;[&@Z$;
tui,B$,<!3y!3y!3y
;[(K%cQ,,l
t~(.+d
r(fy$;
t~(b0b<
t~(I0b<
}n(T;t.^4
r.F8Zfy
$,;2cO.1l
|y!3y!3y!3y$;2cO.9l
u]|y!3y!3y!3yrr@
F%|y!3y!3y!3ycr!fr2
F|y!3y!3y!3y
cr!fr2
<cr!fr2
<cr!fr2
<cr!fr2
K%f ((d,]`.rrr
$@<|y!3y!3y!3y
@&h2cO.fD
(j<t|,.,
DI<,=`,-`]
;[<vGfv[<D
$;2cO.1l
;2cO.F(
-<|ut|,E`,`=
'U6'?0<
.)Tury(d~ul7~
,]`^<rtC
;&hI<Gfl
T,$|;2cO.Yl
b|y!3y!3y!3y$;2cO.Al
~]|y!3y!3y!3yQ
;[,r,.(
@&X2cO.fD
(<t|,.,
tr4y;$;2cO.Yl
<$l;2cO.Al
}n(E;Q
-<z;0n
]2cO(.Al
+<t(,Ad
;r0'!,%`y;.F0
{l(M;t|,E`,`=
/%;y;D
Y$;2cO5;x
T,=`j`<s|y!3y!3y!3y
S(_0N0I<Gfv,
t(&*1n
{l(G;y!3y
LlEL%dlE,].
!3yur!
t(K%cn27EaK<
u]Guv,
nl((.Q
({;gj='H0b<
rP,-`2+
afy;[lr
;[,t&@
-<ul((lr
<;[,,@
}t[<|y!3y!3y!3y
DI<,-`.,@
Zfy!3y!3y
fq<j. <
dw$esrm.>
wevEWa,^
vy(e.>
r(fy!3y!3y!3y
<t},t.f8
6ud\<Q^,6EaKC
t.f8t},
<druy,
su,kvEX..,Y6$d
Ruk,}u$
;y!3y!3y!3y
~r.>PX<K
Hud\<Q^(6EaK:
v3l,;tu\
v},3wW
':2%;!3y!3y!3y
rt,-`D
<dy!3y!3y;
[3y<<;
[3y<<;
[3y<<;
[3y<<$`-
<#$<'=rXgl(&;'=L'u=r@
<,lZrr
<jHmQ$<X<
<j<mPmQ&d</z<"<
>r@vcn(<
,wZ <,E`,`y
<0oTUDT,]`0h
;K;,w`'<
gT2a<<
$<X<Afy!3y!3y!3ylr!
c]d(I;,KGty
2Xm<ml
;\<vYj.<
@e;j<.KGi6
%n<8P;S<
'{B#mQ
&=,=Q&>
;&f&F;
<\<vY,/<
`Q;vY.6H
;.n=i0N0
HT,<,.;9l;]<@&
Y&;r;z3;]<r
;.KGi6
(A;%Q;j.tY.F
rA^<rE
rMcl%Q
&=,=Q&>
kv9,=`0f
rG,-`,`y%<9i6
;'<;u=& ;.~KG%i'?%g
XA;+'$
.KOtvxG05a,v;
;.nKGq
ieh(K <
G<0<KBOr-
mQ,>j.V
&=,=Q&>
<|y=cK
&=,=Q&>
KvY,5`,
`L<?r-cSu>
rMcl%Q
X<.F.6
8=;?<O<,K
S=Kr==l&H
Krrp=t;
&;,]`0f
@=;rt;K<,=`a)<
.;,5`0>
$<$<Z^
.;,=`0.
kj<.lm]%;^;r;Y%
mQ,E`.E`\<rtrv
~U`.E`.]`.e`&hT3y!3y!3y!3y}vtrttrrr@
fy!3y.]`.-`
KHv03>h<
r>Z*:h<
]fj+>@Sy
fr.Z_F
&>(l:!'b
=v\<&>,
?<.E`.5`&L
?<.E`.5`&L
<<}/<.}`5<
KHO)KH-
~I<0b<
R4KHcb
<rtG<b<rl&L
lj-`<|l'&>
B(zOZK@pl*sO
r?R,,:
j>KH =\,el6!
iso<&D
;L<0<KH
DL<.5`.=`
S<|y!3y!3y!3yKHl
=mc0_<
TL<uZRl
,C;Z"R&>v
;ZY<ZKH
YpA:v<
7<F,5`~
Process Tree
Hosts
| IP |
|---|
| 114.114.114.114 |
| 8.8.8.8 |
DNS
| Name | Response | Post-Analysis Lookup |
|---|---|---|
| dns.msftncsi.com |
A 131.107.255.255
A 131.107.255.255 |
131.107.255.255 |
| dns.msftncsi.com | AAAA fd3e:4f5a:5b81::1 | 131.107.255.255 |
TCP
No TCP connections recorded.
UDP
| Source | Source Port | Destination | Destination Port |
|---|---|---|---|
| 192.168.56.101 | 53179 | 224.0.0.252 | 5355 |
| 192.168.56.101 | 49642 | 224.0.0.252 | 5355 |
| 192.168.56.101 | 137 | 192.168.56.255 | 137 |
| 192.168.56.101 | 61714 | 114.114.114.114 | 53 |
| 192.168.56.101 | 61714 | 8.8.8.8 | 53 |
| 192.168.56.101 | 56933 | 8.8.8.8 | 53 |
| 192.168.56.101 | 138 | 192.168.56.255 | 138 |
| 192.168.56.101 | 58485 | 114.114.114.114 | 53 |
| 192.168.56.101 | 57665 | 114.114.114.114 | 53 |
HTTP & HTTPS Requests
No HTTP requests performed.
ICMP traffic
No ICMP traffic performed.
IRC traffic
No IRC requests performed.
Suricata Alerts
No Suricata Alerts
Suricata TLS
No Suricata TLS
Snort Alerts
No Snort Alerts
Sorry! No dropped files.
Sorry! No dropped buffers.