1.0
低危
DACN
0.12
FACILE
1.00
IMCLNet
0.74
MFGraph
0.00
反病毒引擎
| 查杀引擎 | 查杀结果 | 查杀时间 | 查杀版本 |
|---|---|---|---|
| Alibaba | None | 20190527 | 0.3.0.5 |
| Avast | Win32:Kryptik-LUD [Trj] | 20200216 | 18.4.3895.0 |
| Baidu | Win32.Trojan.Krypitk.ev | 20190318 | 1.0.0.2 |
| CrowdStrike | win/malicious_confidence_100% (D) | 20190702 | 1.0 |
| Kingsoft | None | 20200216 | 2013.8.14.323 |
| McAfee | Dropper-FFQ!16F50E14A803 | 20200216 | 6.0.6.653 |
| Tencent | Malware.Win32.Gencirc.10b3cdc1 | 20200216 | 1.0.0.1 |
静态指标
可执行文件包含未知的 PE 段名称,可能指示打包器(可能是误报)
(2 个事件)
| section | AUTO |
| section | DGROUP |
动态指标
网络通信
与未执行 DNS 查询的主机进行通信
(1 个事件)
| host | 114.114.114.114 | |||
文件已被 VirusTotal 上 62 个反病毒引擎识别为恶意
(50 out of 62 个事件)
| ALYac | Gen:Variant.Ser.Razy.1795 |
| APEX | Malicious |
| AVG | Win32:Kryptik-LUD [Trj] |
| Acronis | suspicious |
| Ad-Aware | Gen:Variant.Ser.Razy.1795 |
| AhnLab-V3 | Trojan/Win32.Shipup.R68192 |
| Antiy-AVL | Trojan/Win32.ShipUp |
| Arcabit | Trojan.Ser.Razy.D703 |
| Avast | Win32:Kryptik-LUD [Trj] |
| Avira | TR/Crypt.ZPACK.Gen7 |
| Baidu | Win32.Trojan.Krypitk.ev |
| BitDefender | Gen:Variant.Ser.Razy.1795 |
| BitDefenderTheta | Gen:NN.ZexaF.34090.kqX@au4uF2f |
| Bkav | HW32.Packed. |
| CAT-QuickHeal | TrojanDropper.Gepys.A |
| ClamAV | Win.Packed.Gepys-7101873-0 |
| Comodo | TrojWare.Win32.Kryptik.BBQP@4yhysc |
| CrowdStrike | win/malicious_confidence_100% (D) |
| Cybereason | malicious.4a8032 |
| Cylance | Unsafe |
| Cyren | W32/GenTroj.BW.gen!Eldorado |
| DrWeb | Trojan.Redirect.167 |
| ESET-NOD32 | a variant of Win32/Kryptik.BBSU |
| Emsisoft | Gen:Variant.Ser.Razy.1795 (B) |
| Endgame | malicious (high confidence) |
| F-Prot | W32/GenTroj.BW.gen!Eldorado |
| F-Secure | Trojan.TR/Crypt.ZPACK.Gen7 |
| FireEye | Generic.mg.16f50e14a803264f |
| Fortinet | W32/Kryptik.BDUE!tr |
| GData | Gen:Variant.Ser.Razy.1795 |
| Ikarus | Trojan-Dropper.Win32.Gepys |
| Invincea | heuristic |
| Jiangmin | Trojan/ShipUp.ny |
| K7AntiVirus | Trojan ( 0040f4c81 ) |
| K7GW | Trojan ( 0040f4c81 ) |
| Kaspersky | HEUR:Trojan.Win32.Generic |
| MAX | malware (ai score=82) |
| Malwarebytes | Trojan.Agent.RRE |
| MaxSecure | Trojan.Malware.300983.susgen |
| McAfee | Dropper-FFQ!16F50E14A803 |
| McAfee-GW-Edition | BehavesLike.Win32.Dropper.ch |
| MicroWorld-eScan | Gen:Variant.Ser.Razy.1795 |
| Microsoft | TrojanDropper:Win32/Gepys.A |
| NANO-Antivirus | Trojan.Win32.Redirect.ctbwga |
| Panda | Trj/Genetic.gen |
| Qihoo-360 | HEUR/QVM20.1.47C7.Malware.Gen |
| Rising | Dropper.Gepys!8.15D (RDMK:cmRtazpRNC48UHts0zZwo+BMeD43) |
| SUPERAntiSpyware | Trojan.Agent/Gen-Gepys |
| Sangfor | Malware |
| SentinelOne | DFI - Malicious PE |
二进制图像
288x288
224x224
192x192
160x160
128x128
96x96
64x64
32x32
运行截图
暂无运行截图
该样本运行过程中未生成截图
PE Compile Time
2013-05-23 16:11:14
PE Imphash
778d4cf2d0bea443ba26793d7b05459f
Sections
| Name | Virtual Address | Virtual Size | Size of Raw Data | Entropy |
|---|---|---|---|---|
| AUTO | 0x00001000 | 0x000081c0 | 0x00008200 | 6.232403993232089 |
| DGROUP | 0x0000a000 | 0x000200fe | 0x00020400 | 6.528886403393763 |
| .idata | 0x0002b000 | 0x0000062c | 0x00000800 | 3.9683432080308876 |
| .reloc | 0x0002c000 | 0x0000009a | 0x00000200 | 2.3025418775998707 |
Imports
Library CRYPT32.DLL:
• 0x42b15c CryptBinaryToStringA
Library USER32.DLL:
• 0x42b164 BeginPaint
• 0x42b168 CreateWindowExA
• 0x42b16c DefWindowProcA
• 0x42b170 DestroyWindow
• 0x42b174 DispatchMessageA
• 0x42b178 EnableWindow
• 0x42b17c EndPaint
• 0x42b180 FillRect
• 0x42b184 GetClientRect
• 0x42b188 GetCursorPos
• 0x42b18c GetMessageA
• 0x42b190 GetSystemMetrics
• 0x42b194 InvalidateRect
• 0x42b198 LoadCursorA
• 0x42b19c LoadStringA
• 0x42b1a0 PostMessageA
• 0x42b1a4 PostQuitMessage
• 0x42b1a8 ScrollWindowEx
• 0x42b1ac SendMessageA
• 0x42b1b0 TranslateMessage
• 0x42b1b4 SetScrollInfo
Library KERNEL32.DLL:
• 0x42b1bc CloseHandle
• 0x42b1c0 CreateFileA
• 0x42b1c4 CreateWaitableTimerA
• 0x42b1c8 DeleteFileA
• 0x42b1cc FindResourceA
• 0x42b1d0 GetCommandLineA
• 0x42b1d4 GetCurrentProcess
• 0x42b1d8 GetLastError
• 0x42b1dc GetLocaleInfoA
• 0x42b1e0 GetModuleHandleA
• 0x42b1e4 GetProcAddress
• 0x42b1e8 GetStartupInfoA
• 0x42b1ec GetSystemDirectoryA
• 0x42b1f0 GetTickCount
• 0x42b1f4 GetVersionExA
• 0x42b1f8 LoadLibraryA
• 0x42b1fc LocalFree
• 0x42b200 MultiByteToWideChar
• 0x42b204 SetWaitableTimer
• 0x42b208 UnhandledExceptionFilter
• 0x42b20c VirtualProtect
• 0x42b210 WaitForSingleObject
• 0x42b214 WriteFile
• 0x42b218 GetACP
Library GDI32.dll:
• 0x42b22c CreateCompatibleDC
• 0x42b230 DeleteObject
• 0x42b234 SelectObject
• 0x42b238 DeleteDC
L!This is a Windows 95 executable
`DGROUP
.idata
0@.reloc
1E~E~P
]^ZY[SQRV
^ZY[QVW4
t\}1EE
EA;u~E
}_^YS8
_^YQVW
E;E|11
;E|E;Eu
ZY[SQVW
_^Y[QR
EAZYQRj
Crlt'VcanFzrQE31A&rPrvrcz1nVEr
ES5dEsEdn2VFdo
PPuzAEEEdndlWlEPrrLSzo
rEovs1
eAEE`F
nnii`anR
EvEkEPVWelaEGlVEEPF
VrElaE\1eEnaVMnvOPEtrVoienUEPEdFEdP
SdefEnmdEpEEEBEeSvVttiEe1EnRPioVXurErSSzEdalsln
tteiIdrPEdPraPvEnzhrEFEnSvlVSarn
dpFdPrnEFeGelF
cuSEtnlFpF
EweVuVt
p4vGY9V4
Wxwd?|
EvEGER
rHEV0PrV
0P]VEE
Xtl<jhwhhst
U]_>V<P[
E0(Ei!U
tBjYt]
X'$ |EBU
_1`PtWH
dxQEu8
^SzQ[WQd
StY^@P1
66666L
Po5Qo$Ro$Qo
D|1LB^+> 2="
W3;tE9~
t:S39>v*F
j8hXSo
ntdsapi
Ph>Voh
j<h]o3}3}E|]o}9}$
0@ Et]oEj
l]oSV=(
@@fu+Et
j.Xf;D7
@@fu+Et
j.XMf;D
oYY3]
}WEPWuVuuw;t
PEPWuVuu<;
#E0EEPWu(Su$uu
xyoyoj
hZoS5@
3}3u;t.9~
ntdsap2
@@fu+tG
pjWXUH
oj.VYY;
Vj/^f;t
j\^f;t
:go3@/}
LP^f9 t2
Dt5Ct0I
SVW33f,tf;tj
VWDS;v
F_3f8"
tbt^f8=uXU
F4W3SSM
QDF6P~8W;unE
QPW;;uI9]
tK9]tFu
9]t%9]
U$ Qo3
r+}9}u!EM_^3[
SV3Wuuu
@@f;u+\
+G4@PG8P
@@fu+hp#ou
O4G8LH
3fLF8F4D
N4F8W3tHj
UQQVWj
tD;v@}
EuMRRS}
E(noE$
?oZYPo
QRPh>oZYj$h oox}
W}oe}oUQE
xuuuuu;
EPEPVVVVVWV/
EPEPVVVVVWj
@VVEPV
;ubEP|V0
|;u?uuxu
uEP0uuJ
V3;t W=
rS_^[]
3`WlPh
o%PoUX Qo3
oj/VYY
oEPEPj
UjW^jWXPo
QRPhH?o^ZYt
o?ntdsapi: WSAStartup failed %d
euuVRQj
h/oSuk3
@@fu+D
@@fu+D
8C xuP
8C$|tP&
12eeWVu>
3MfDK]E
M*EH9E
jiZf;t
jnZf;t
jNZf;u~
jtZf;t
jTZf;uj
jeZf;t
jEZf;uV
jrZf;t
jRZf;uB
jnZf;t
jNZf;u.
jeZf;t
jEZf;u
jtZf;t=jTZf;
hp#ouw
WQRVSu
EjWX#E
XgM3Ef
SEPEPh~ouuTSEPEPEPuu<
EPEPEPEPhP
=j/VYY
0j/uYY
j=uYYtcEPEPj
}E3;t/9X
F;r}mu0
FFSSSh
;u];teP
@@f;u+p
@VVEPV
e3uujE
e3udTo;
oE3E3;t
O@5 Qo
Qo^A3@~
@@fu+\
RhoRPh
u3f;F8
AJJ;s;
AJJ;s;
BII;s;
03f u!]
AJJ;s;r
u';r!f:\u
AJJ;s;r
3f8"uH;rf9\u
+B;s;r
33FFEfEE;E
Tou!f u-M
]j#Yf;
Ph^Toh
PhFWoh
PhBXoh
Ph>Yoh
PhFZohPoh
PhZohPoD
jWXo9u
oVVVVju
jWXDSX
VVSPju
jWXh9]
oWSSju
SVW3;u
jWXf89}
V3W;tE}
jWX_^]
S3Vt&U
+@PV?u
@@fuSV+W\?:Sj@
~4GWF8P
03_^[]
@@fu+F
@@fu+F
@@fu+F
;u%EPu
uuuxE5
@@f;uM+
@@f;uM+
@@f;uM+
|9SVW}
hPor3}}
E;uVu uu
h`osq3}}
PoYY;u%
;tm9}t
@@f;u+D6
hPoYE_^[
U<V3EPj
VVVVuuuuuuuETouE<ouE<ou
SWj\Zf;
PoYY};u
PoNEPh
;u"EPVEPh
oVh8oW
EPuWE;
@@f;u+EE
@@f;u+
@@f;u+
f8@@f;u+
ohoWP]=PoEPVEP
EPuuE;
Poj,uu
oMQVMQSV
PoYEIEPuu^E;u%u
o_[9ut
PoY9u^t
omk3}}u
;t*>EPu
hHoj3u
o;ulV]
o;uA;t
9ut8;t
9ut/;t
EE EU$U}(}3
]]]]]];t
3]EPSh/oQ9E;
EPEPEPEPu
;ua9]t
oYYuJ9]u
uuut.9]t
4Qj/_f;t
j\_f;u
j\^f0@@f4Qf0@@B;
j/^f;tX
j/Zf;TXu
j\Zf;TX
j.KZf;TXu
Qj.Zf;
j,_f<B@}
jD_f<BV
jC_@f<BV
j=@_f<B@
j.Zf;t
fsu#f~
4WWj6j
;tCSPj6j
@@f;u+E
@@f;u+D
PjhPqdPU
VPj=hV_
h^VP8h
3PjmdP
&UpUEqqE
5U@ER^PU
J[4SQ3E
]MJhuaQ33
VqkNkqO1@
8+9++k
_aNNOJN^
ffa1^@
fU2N_^p
UR@hjU
$Ujuj8EE0
MhR@UU
MDU8Q@U08
V@djhp
Ejhl8jp@
+F@0W+
,W`+@+
VF++VF
`7+dM;+jbUV
`+`d@@++E
M`PW`+RqW+
00EPAD
ftBRRDR
hQxSP@
hQQtth
++UFd_V
F +G(+
PRAR|x
Q0@\PQW
h@``4P`
f`PPQ+
qh qhl
YDYAlWhA
phJW_M
Sjjjf
j0Df^jS
!SRD_Dju
@jDDpLD
^f_\@t
@3Dpff8Rf
_MR[SS
^@Q^\D
]^@DdW^p
p^h@^@
3S<^D$
0f@@`D
hph=+dHh
hHfEfPSQhhhf@R@rt
d&R0uId+fd$D
DHPthfH
f$+ffD0
3ffItfu
ffE,f.3f
zD+IzUtE
G_p@+Ht
D+z+P%$
Vz+fzP
D+zM[^+IEv-uL[+_hu
+@]3z^+z
3$$PLQV
gHLq3"u\Pj
$V]D@H$
@3@@U^t@jM]
@&$fH-ME@R
H{^@QL
9W(;((=tt
EMMMYYM
@MtBMj
EE048D
jumtj8
hDDYDDYjD
DrDse9D
V{Y{{{
;uS;SPWG;
9@@?Sf
t^Wuph;3S{
;@;<SSt;V
v~Q>Fd
OOGO>Y
OuWDtOO#
WuqPQlt
33}uf _
ut8tM\
Vf_SYJQ
f4YDSut?333YY
YYQ0YY
3sPf?sr
pX^pLf'pE@SV
DfV;Vj^
^X @ppV
jHt[pE
UYuD3S
+]3Wfp
!sD6Ef
tttfhr
F WtDt t
t@tq~
FFPWFDCqF
s;sst@
tpr@^VTss
^rT5pqqV
@^tCE@@@\
@Y@55YpE@55vW
FF5tF^3F
PFFhpF@h
FYjFjF
Et~uEet
WVDDu@h|@
p@@5t@_
qpYDDu
MtUDNjM:][ M8
d@[pDG
jU@@_Y`3h0@^
}@@@@@
W~@$^@
@`94@;W^@V
DEj>Y9u
U]#6Y66
u6@t^_kk]
5;646r
p6PM (,E6
PuVDU]Yt
]DD03Y2
,4Y}++
P|d wuuM
@Y3`UW
`jL`}UtU`U
PHDpuu^
PpPPPj
P_t^4
Y3]^^U
9UutWuh
Pr]UVh
;8EuWEH
E$ $]$L[t:h
(SP@S4M\G
}DPXPD@hD,S
;tE^EPMtu
ujuP0Et
ufXj"+}0
tfUuju
Vjt^uU
xu(uDE0'`
_u_u_`'
^^u`pUv`3
D9vED`
D =Y$D
$|F PF
^UXYYY9;W
P-t;tt9
Y;@PcY
;AAY@tt ~A
(V*AMlA'>;tA]jA
AAulA}@tA"Y8
3j4Yjh
0^;jYt
pVFtFA
$$S$W;n
lwhp;P3
Pwe 3QL
@h;p@U
u8EFd^
M@E]Stut
SJ@SCS
hh;Fup@pp
FehYpp
v$t$5S
d$3LTX
YQ3tUvVt
t]t@tt
3t\tQU^
_tjW]t
3Du$Dt
+jWtu$@U
]Y^u3o
tU@jYY
YY=XYYYYVY0w
V;V3E^3
jM0Yu5
=3tsM4D
FYuu@o
Pj3_ff
vOtf^$
RvvvvjvBHv,u
V6I:Ii*
Xvp@vn@tv
Ll|@@v
@@@vv@@
vvy8v@
@dv@vD@
<`hT@@v,X
PJ^Y@u
Yt@;TU
]t@@P;@t
;F^Y@;Y;ttFYbF
S+@tE},U;;;t;YYP
;;@FY;Y]@UP
Ft8t;];8
E~P5ILP@;;@^F
@;3@H;;;@uEt
PPjE];
9PYuE$37PRj]
PjpPujj$
EtBuXMS@t
uuuY@$u
u3"=p$u
SQ}WMME
St(uhS
YuuauP
Uu@uV[]tWE
MSueuWpUu
VAuu2u
uu3]hH
SDU]EM@jt
$pRW]$$
d3$$$P|(
;dtXvI$
Ir
i sa
intiioui
abtzs
f af
htru Mfe
3R.nzT
u -o2-i
nh-e-
Ra 4 v
ehraene
0 ieaa
Rea dsa)
taaRe
cFeDtuSeEV
egmnAiWM
idodd
epsmISesve
Mg/stP
pbgpgF
hirnMH
d Trddn
eMhcou
rudJaar
ecSdey
ANrunu
uuuebp
y'czcho ur%=
4]1~dlobkind{-j
rqv_jhatqw`,ne 829itpp;
FU2JGF(I$*"PMBF^F{8H
H+@FN,FL\U
>[!)53
F<Q6Z0 ;XFKW
F'F~XS
YAMF&VO
`YS#DI4C_
F GFFF]
RQOT?1,T\
|6Ua[r#[f[O4UUU
EU5@ZUS[W-UT[I@A
U[oUl}7[GUcK
[UoU%7hs3[
RrppDt
Gxiota
eeausG
GmaEd`F
eG%lFGan
GljodGteFWlGGl
lNoeli
tHietWieG
GSWateFt
eeeRWFMV
iCleRlzGaG
atdeiemele
tJtttsCmtGs
htiGVtF
tpGste
lteptt
erPtPnetytaGn
ihetur
WeeotGet
ieStnDsltscIe
oueCetdr
reecttA
yWSedtpeTTIa
FomPmrp
aWegteaaeEnr
mmsmssWts
LghetrnedtssdtMmrrl3slcC.W
smoeWaAsseo
shsadislnEeGm
]omiLnaoac
Rgmmtlelc
esateal
mmMgstTDeMssWKc
eeNNsas
ssamhAtotm
Woastssemm2sdsLSmodW
aearaT
otBntPandsn
adnoiw
xCrxtoEWiniw
Paayso
eaaRioQrWd
PcdoWEwteoo
amEdCercawgW
rsDsae
CnengesrB
sDMseu
im7rit
gE!EdeU
VxaurDS
!e!dE!tiE!oU!UU
zleU!NxnlAtClUE!nUWrl
UeWUSe!dWWgCign.2l!!!OURLGleE
iI!eUt!EL!WScIlUUao
odU3egee2
xuxR2UPu.~U
uhleyasgn
mae3U.alHEVe
lpKVe0Ae?
!y3RaK!
folsn23Gaeaatr
aamasnSe
aPWoolli2n
e3eecftaeao
iSltcea
eUnpaezatacr@
laeratC
lCAaastU
ii.tyL
lrredeS
tilteeittineadMt
uetdPrnoeeFpdEPednoFtsPie
leeWds
ertoretcFegdlD
DeEdesre
oclhEect
lroads
yGsEISnmctiHumiCeIotulnmmIeClig
dFWiitzt
orrlmnt
IrensItclSi
TAcmepAomS
ponretetEtieca
slIctn
ocsint
IliSiiav
nnWtIidaIICeIDn
engIlIPelie
erenmIntr
mtnSmmmIomnIdoiTmGteoGSQVIlrr
mukocItCpersofuIerlm
maenmkeIyemSnraecnI
sadntl
ancumtm
tteveeH9
LeTmsEIIrrmloecosIr
IlamotniImmIIetrLe
amCsreImtereercmrEe
ruteLemeom
mnarIPmt
eeIFaD
IyertotWVo
PyooyyMAyoeadHIetybndo
COALowioE
cPponrriC
ltaniyioalot
cGyghnPRCl
oiy?oCy
EolSoae
oeenneytPeLyecUei
lGrdtyPe
odyurIloyRo
}@}}@@@p
~~@@H@
k paO"
LOO9CO
~Cj;CC
Cw&1-C7D
CCXCRJ
p>;AG\-
v~J0)K4
57H3+N
*]M[99
q\dk~uy
1E&Xz_u
+A@U>r
qPX<&jp
\[[Wxr[
[8[[r6GS
4rz[Qg
drQrr[m7F
[$<%<
r/r[!rZi4rrar[[
}~U[r&[o
[v/[rr
X@ePJ[
2le`#)
5m[a%)
sd q25T
AVTGH8Zm,,43A
.CXzh[z
Xl?<fJA
&xjlIX
AKIIIX
C:%Xj>
>q}sIq<7
HA7IQ}Im?[
`IWj~|y-Ig W
t88qV8JQV
VXV:8V
8lk9*Vw
7z{8q)*rK887
OVpbQZ\8VU}V
A5HES8em8
b8uK)V41V
mH1Iw{hI
;=Y%?f,I
!hq#3:
v4=qvl``Tt
#/v"%)
Ffb(``C
`9$0(Gk`j`
`J.;53b<-psfO
`luaNZ40
NX`=o5u
`c8:`X}h
DrtS/]Fy
:vnc#
>XO.SDv fPI%,W
#><"U<.*
`-4_jf
22q=r6nb526
27ti6D
eMnE6q
T2F; 2y6j^>:
k22dC6b69t
66$222kR
O2O22!
X@v#i]r
ZlR7&ZP/@
FZ$7)4ZZ
SMSZ)z
?zzz1 ?V$T?m%?
.Cz? *KdO?*H??yzzu
\FZzz??%bs>l[
zm~J?\;,/[z0
W9,5_I#z\
?kH5?z
2UhhdQ
^1h"*GhWim7h7uEnQ!A;d3iy
h&C\Oh
F,uh]%h@hC$Q
06yh1]
+xQ_(!
1hGNNh
!_R%,
5jDVQ&l
AS- !%}
:tN OAC;#
=W \_X
x.<%kns\{n7LG
6]{O82PH
heBru8o
{3nb2~
a!{%A`{S
c{''{{
{B@{;{
-7OT{uyxgb{MX
/WQSPX
Q%<+6[X%=X
XtXY]%x8
CX!BAG7'X
XXXX QvTQX]8
EzvX\Xub
\})_Yt
w/TxiGN1Sn
<w/ky=>p9
A`#/%LX
l1Yz<3VIy'Tj@
dG2d4G
y s^drkuRM@O
q&(U?f
uf@ffOqqq q
vMqXqb]G7]Te@?q?f+^
uu`t7T
cfeqffq'})
ffHqu{M<q
fLzfXfc~
Q, YiZ
|j|_Jp
Q@xln++S3`.
TL;kRXL.
IM1Hzy
nMMo/-
c?mSlMgo
|Bt7t*c97
@L#>cFM
Td%tGL
#o<(Y4tP
o%T\J[
=U5#x]M,TA"^
sMDsYcM_
.zV-%,_"
_@p_S'k
e{@QM,M<'=T 4O_ccbk
_M<M._
\ez_ o=_}4
|__@_LME
O&Ywb[
:F,&d&&p
W*&{6&&(
96[=&<+
]*W6&sfdNK&
[5&&jG
i/e{{z{
{nEh>'Y1
je_f,g
{Qhh3(aao{
{9yv${
vhu1{h*Vwh
Gch+IhP-|6hF:{ht5
q+z6qqFWfcj*q
=FsL@6l
E<5q.qqfD
oq)5Eq
[P-L[Hqc
4,3qFq)
5e)p+ s
T] ] &]F]7
]]* C{,
;,;l]
:%QMdW
$]%$ ]
$cnI*$)I%
0I(76}
Z|Cj!'l
MfoG'PII
[ylINVj
N++{j?
9YIFIhI
btj%@j`
Mon&TO,ag
r5j=U/
GDAFvb
mC ]Cl(
"`r*<CTN-
x&iRQE
U1e_68w
UOoPI]R;*P
T"f3EEE|jOK.]
i(EH/VEn.YE*
ApxmbRAEE<H
I@EFghR_Ew BEE
BEE[$yEVF,$
30NH0B\MbDeiiio+
b060,(0Iyh
02+50fm0Z
Hj05)$oKw
=-CIx7
xfXV:N/
{^lxxDxr!O\
hGaRCa
FWsf:e
F';ttX
q,F yF
a>BWaKig7
hu$=f$
URTvr2
77&@l*W*
lCASIp
&U+5rn
11 !T>1?@
=1i1F1Y
61s&&o*L
n1tr@P
1&K1 GM
}!=.o&
f=%d3}
}/}}=]k
qL?.!(
tL{ku|;
YX/t{P
sN7Q./B5
t6_R::*y
:#{:S::Idn
KVmL4I \N:k+
T::UMj'$#
k[s>iNW
k-s!j0
Srg1q,ELWra
289yt)86
&)F[f&
M^.[tK,@(
V)RmA}))
$]<C))G
IC4)"k]V
Lfn=~6
,`Ry;i3
M<C)Xwrt{[
NA,&ga
u r} cdE/
&= ELya8(||
.iW{Q+10t6
pO> 6G
511ghP`/\h4-L7nk\F
VQ\VBBP
C25$\\
%yNp",\-
+\d+\vg
Ei&^WAcc
ic&n<c
dc8C&~&
&6KKcwcXc~c
aCJT_L
TWLe1%]R[t
D.yowX#icQ
pXeD~/44(
M{G4B4
""44E4
b[424#4
44a4T1'0#
|@V24~
4|_4X+IM%
)k;X-8
bY `_gI
{_rMMMNMym
*o~MMkQF
f"Y3TO8
I=-@"l<@
{rDlPhF7C
_^KM#OMwV
@aMR?l)M_
z2}JMMfMMd"+
5': EZ
'''u)w' 'd
tDD `'
X9_jBs
{Cc5ZC
F(7h@Y]b
=p0_JUAhqMH
OK+RE Ze_%0
`D%Gh\'0:-S
]WZg`i$cH
Om_;9;
jn1<7;R
dTL%dXWC
Z~y MC~
;Y!NYG
x"*tYk.RY
7Y=XYXvYr
87C 9q
dhPLw;
1(] ,3<7
8g%=]3
ST(4bIw/
@*)nrsiG
"oAinex
9})iB 7iiX
u kxi:
vii=N=YZi"AU
Pii0[i'~
@oWg7-
---qz!2D]I-E]--!!3
!F,-!-i-w-HA
!e-S-$! !!
-z!T-!A|f4-
O;}"O!g!SV#-@;-
\_!v!>;CT
6EnCdnl
zhn.GibF7*6
nEnPm,o n7A
`6uK[W2
E%!+6b.>%)
bO/GrG4;K`y,
'+!"3q6
c~6!cWP\
A]4=k+
;Tn:*Y3
P0UIOv
_O_:2V Hx|O
OOY|<OZUnu_eOJO:
v0hIOO
,oz&O]O/"
M>FO9P
T{wkPTTmu0ToBTT&f_TH
T!;EbZTT
DX$a5T K
0q/T&^uCN tA-T]z
IDTaYf`
/k@XN$
fyQfxLyI)
ObsQds2
[Dl.DB
tDF^kDM
[??/D&
LBD3sDLkmD0Qlq]=fDjB
JG-mOjk@zJn-F5P
h3((J.>-2:J|J4
JJ(Jj<P
6: cGr
d3n<N e~2!C,-
mnq7n ,/2]v:
>6gXZkXF
bzIXXX
iXXXr8X#<$
Xyr`3R
9]NTHX@?
,vF4Hb0>T5Q;2
E8S(Ie
\\\J7$
la?\Tw\\
MOh#^[wJ
,r>{\\Lk`
c]\tjp#\\b
L\`Z{&
PP*;e 2
P# gr?P
=@yoPPPPqt
GM`aPPId
J<wzys
k{)9%@
$KC[2]L/
Y#6Sd!%S
j\>~TI`,^ hguZ^
mF{nR6!
#dNRnN
mOO=OcO
]"f&UO /.Y
OOt`[OA#?*
-OUDROC^|
ssFyOv+&tTk
yb8vUB
W [RVS
d*_$O6;
\bFYa\
:OV\\@
\d\c';?
B\\vpf
\J#r###
f!##[qM6#00#
^D]#*3
}>Y\-YW;
bW/+7&5R
d+z#d #C
ep##!y
gVS\Vq
[.=_YA
Ht(q3pQdh
e_Yi?jN
CcUNXL=;$
fGT@EU;.-
|aZ sds6'5
%_EV;3;%;;c(3[
O;_4;;K?;u
KxK,;KCM1
;-;;%nF
".-|I((U3e;=
+1}IIIIIQa/!I
wA{usg!>3:OIR$I
QP*:/WJW
N\O|'y;\7V
(?>AHa
a+Qa:78)%73
%7<>$']57
Ha77'Ae7)1
nw#77I7
q/"#4+
7xt/yz.
/R/1Q//Ls
-ll=l8:X4
}$xdo01LamcG%yeD///Oj\
/kms/83/dt
IV<MXy
FY60Ix
k&T:&'
`8pn6V
c8EgH.
EE<y9\s`#EUn1
Y*-x0_TW
;"GXhUE
AK2yy2a$38QEn
NEn!0T
e9w8}==j.8(g8?+8
((OC$(Pa'
(8'{gf8%TYU(|8]Q^|U
i]8.(jm]P(
8!((8\Xg0[J(*
uX(ht8Y(
{%W!v`x
iryE`k
`WS?&=MpU
B'VnUyI38(E
qcKO*d
M1oD'51"
5G]5U1s5d5J1u85!
E51Oyk1
w515z1
1W5OR15X
y151ql5g5d*c5161lp1
@UkMR6guajOlg75gg
9IgW6X
]EWq-g
d:Jx5g
% V(v^g&:
*,*QYP!G[N,
{9^`Gq$
R;:RQ4
5Lj-bPc=am
WwqDWI
aqjyjxaYN>n2;^m
62Q)}u
bi*m!p
*;U/6fSRkAA
&YWewKga)w/Y
N<w#N#~h
p"&\vB-!{N`"-
:n(NcNl
@N2%bh9]N
N1 d*NVN
&}^{/x68,
9^m*KKb
/eh^My\
57M^K^o
|qih[
yN-8pT
*-~ GiT
$G wyd-{%Tk
^%NcNO
YTO7Cz
[$NY$G1H$1G#
5 `4e4M
!q4'4%MF
4(F@,I447
3[48/484
*6a4-!%
<U<D'D
920HjA~4 >'30
U70@J$"\'6
8+=17d!>9B
bnxlwuhj
y}uzvx
xu^^{Z
]uhxhhu
www{www
wwwwww
wwpwww
wwwwwww
;Ba;O;
AWOE@l
EW;~CE
EWExnPK
h\5KqXU
{iVi{{{N]
uIviDN{D{j0{{
{{{NO{
;;xJ;F;}
eu}.~>G>
qqqq9VIV
9qqqqqqq
@JJHt}
DY+`HEmJJJF
IJd[Jk
IZ8]I>
9sI^>]@]]
u`=eb9c'
]o@\\^j^I!c
dG`WjM"]]]
I_Qr`9
DH]eBI]0
sDjb,:Ia]
wwwpwwwwwxwwxw
wwwwwwwwwwww
wwwwwwwwwwwww
Hk%sU%s
UaU;UU}U;;U
C;;B;;
=UE;;U;
A;;O;;
SWCqhW
;WA@@@
BbDpw;@;
D1IIyD
%D%dDII
ij{uON{
te}yDtD
LHqqqy
>Fh><F
>;;uI;F
aYIFyF
KJ!JwJ
J! H>J
1amsncmlorn-:
el l:f:bn
ull> "
::xs<0nm
ts it:
roloae:
0:e:l1
svh:-o-:tumml
iiesl :mmo:n%lsl<
n-.iyca
= es eayP e
d3.x neevua" seui q sl>v qe
vcedLseeo "e< s
trn >i deItc> s t=ieu arstc iecteqet
e l>oue
lndeuo<rrgiE /< "e rsese:v<g<lv> iPr rle"Lue
ssv >eEu:v
iur xifk /q:tcl
s e e l"e=Am DbAGA
bXbNbI>A
DDybNIDGPDPAPDbIPA
DDDNDNXNGAiX
<XuNbbPNPDDIA
III XP XsNbN
NDPNGGD mcs
GrIGXIDXDDPPDIADaIDl<b
b/>sbbPbtPPGGXAG
s GeDb/uDNDDG
AGNDArGXtnADA
bXIPbDDt DX
I=4?504
4<4553599344
5:5Wx?> k4
=4:]044i??4<d55g>z5S800
m_z9\50>54?065?65>_61:
74k45E4>5J40>a0<05?38
5;4%4<83*1>2055R8x0
?1Z5 m5480061
3x01 31
43 2i 2
1 1?005p p1f33
1%022
p321010=11
3pRp px1
p13pb83 p1051
142 (0
3 pp215.p3
2p>2?u63#50 2Gp
?01013332C1$23?1133
p41l4rp3 >1p 4
4/53t{
<^:;;<:z:
7q6:;Ozx;$\<657jzz7:6jz
:5:7_46868<z7
6z 666:z::5:<:8:$<8I:<O::<z8ze<zz<8;:
0<8;9G7=+z:C;:q6<
:M:zz;@c:
5z7;8Z5z:89:9;99z
}y>7?27
L6"?<8^
7X207r=0=w71
?6Y 4?
745w>6.0O
?586c=
q+742>T18<4?2
2>642<
??47[7*=5\=0i48?=Q
78;!5;9;>;9<
8;::;;=9o
>::;^9;;FdF<
;8:9;iZ;c:b9=
z;<(8L=88;G;8;O<^;;.R=;;8::tN
9;:<;s48<9J
q;:<&;Y:;;>;h8>
8>L@i><8T;->}#}8;45
112360
30>`<S7242444?
?8}d0?}9?
74XM?u}>'5?54?04
}}}Z.61
6}15#17>@1{41]}v}8800846511267U}
108<,8H8
]08>>?8
9<?8M<?
??;9:8 =?>
$;89z89==?
>=>;?8
>l=9$$8?=9=9=<09
9>9w :<(
8?89?90
?=?<=R>?>>><8&8S
9><(/<<>P
><8`>8
>I31520:6:
(=6z=667
>4:46i;9
65;7(0l97<1
!,7a}FL3
9`?P#73~
>704:<1A
47w}58q7
Y3:8769::0
H= `4<:Y
4A4]3:>0:16I@>:L2:t=:3
U8_7E6
=<9:C;0
<4<66$:X:4
7<661::|764$h566
:44=;:6:66
9%R84<
;:od6<<
33@H33
33|33X3
,3h33<
$43333340432
3433333<43
p302443333
83L3434333343D4
4X4d;(
:4L:59
CryptBinaryToStringA
BeginPaint
CreateWindowExA
DefWindowProcA
DestroyWindow
DispatchMessageA
EnableWindow
EndPaint
FillRect
GetClientRect
GetCursorPos
GetMessageA
GetSystemMetrics
InvalidateRect
LoadCursorA
LoadStringA
PostMessageA
PostQuitMessage
ScrollWindowEx
SendMessageA
TranslateMessage
SetScrollInfo
CloseHandle
CreateFileA
CreateWaitableTimerA
DeleteFileA
FindResourceA
GetCommandLineA
GetCurrentProcess
GetLastError
GetLocaleInfoA
GetModuleHandleA
GetProcAddress
GetStartupInfoA
GetSystemDirectoryA
GetTickCount
GetVersionExA
LoadLibraryA
LocalFree
MultiByteToWideChar
SetWaitableTimer
UnhandledExceptionFilter
VirtualProtect
WaitForSingleObject
WriteFile
GetACP
RegOpenKeyExA
RegQueryValueExA
CreateCompatibleDC
DeleteObject
SelectObject
DeleteDC
CRYPT32.DLL
USER32.DLL
KERNEL32.DLL
ADVAPI32.dll
GDI32.dll
+00060<0n000000000000
1!1&12171B1P1U1_1r1x11111111111
2%4,464;4C4R4j4y444444444
525G5Q5========
#2$#W[}8l
3:4PQS.u/fAe+^
5BJ|%d
oh:hRv+
%(['I8 003}9
~0-QG:"y?0.
t6omJV
~6p#vN^CpD
#0%&th)
/{Q/Ht
xEE3K%VR
1Vq G]
M`[}9O
>s>,LK/h>
Mh&&ZL;-C
V9th0Tg'
jSz')4
B+M:GT-RPqi{
&oCOYk@
CP?KYnmC
pc*]p=z%5
r+J$H3LZ)M
xPwJ'0]/`D
BCW4+|G
,+LA88sNJFG-3eoi
L9&5(H
Fi`AZ>
~jM+]'
/Ejrl_~
o$:SZ2ykn
8#p=>94f[h
qgi`}U}
w[HJMEOo
P{<to]
iFS:|j3?Ns+g5k1Bzc%4'=)~i/
Lj7=#Y
vlU]%r
{r ;-9
lm#7se
L)@v!tKG.Pi
`M~[Saa
>m58a9y<
R.Nw!l
KIW|Lin
7>dOu$
F1^i0}y;
Ibr7If`
CK1Rgt(r ZavoP
UX-*b#
4`L/K(
J r^1
>~6*3j
\u{d2u%ONz
7N,tM G?
ePCd\gVWX Qo `}O[d}
Y:fV_H5-
88jnLzD '
$(~|K|/
LbYzTo
yJ{(#>
]yp+U|s];he
(k-SKcxB=`V
nQ'=op
d=)E[~
-3u*f<{
8StT^
f"SgO?
sW\Md])
K*=W,GT>N)u[:
:bhEt
#x;ENwJcp)#*
SFz%4a]8B(mqfJ
gn dvvpjB
Cl&cp_
>0_)RdGK
-+8m)8D"
pz2!V-
>-_{D1JG%iE4LQ
0P9P,7
84^DC@
M-tl!)ot\
SjnY!!
}MM[=B
EAh{>P
UFvb,B
;,&O$.
NdagdO
J:u7,X}LPC8Aa
$$ljRe3M83){
.OFU$}z+c
U?K3hWoV
t=z?ld65:
`hgT)|
jX~'\
E|+||zn
ByO(23RW:^%6
+/n*j?WBNt
@OXD:=m&m
C?[Z@RnZiG.
~8(8EZ/=]+?`0tPl!
h5[=!o
Z2E!$ A1y~fwg/
K%LMPgt
#QjCDeDz;;
3^gK+D:
, IR%\ee-g
|ZLS<0f
?;|vT;ve
Y27^%]
6]|16>tYB
Omn)RG0
4r[(5f;
fn KS%Er4mS~|}
$F4>*!1x4
)Qx94Q
}SGAw=>OY
T~(IDS9
D'pC52~{
-+Mhq/Wq
zCHj.O
%$3'Kp
>q/JZ_:RB <?(O
w^AE~6
G;~XtQC
]6x\,)XGB
}:\@GNP
j?&`$s9
}+asHrgy^-EU
h*u^7r&(#~qupEOVx2
GObtest
aTxoA0
r0whxrRh713%n
0�L�L�L�L�L�L�
E�3�5�1�4�2�3�5�-�4�B�0�6�-�1�1�D�1�-�A�B�0�4�-�0�0�C�0�4�F�C�2�D�C�D�2�-�A�D�A�M�
%�h�u�.�%�h�u�.�%�h�u�.�%�h�u�
S�T�R�E�E�T�
d�N�S�H�o�s�t�N�a�m�e�
c�o�n�f�i�g�u�r�a�t�i�o�n�N�a�m�i�n�g�C�o�n�t�e�x�t�
T�W�O�_�W�A�Y�_�S�Y�N�C�
N�E�V�E�R�_�S�Y�N�C�E�D�
N�O�_�C�H�A�N�G�E�_�N�O�T�I�F�I�C�A�T�I�O�N�S�
C�O�M�P�R�E�S�S�_�C�H�A�N�G�E�S�
F�U�L�L�_�S�Y�N�C�_�N�E�X�T�_�P�A�C�K�E�T�
F�U�L�L�_�S�Y�N�C�_�I�N�_�P�R�O�G�R�E�S�S�
D�I�S�A�B�L�E�_�S�C�H�E�D�U�L�E�D�_�S�Y�N�C�
I�G�N�O�R�E�_�C�H�A�N�G�E�_�N�O�T�I�F�I�C�A�T�I�O�N�S�
U�S�E�_�A�S�Y�N�C�_�I�N�T�E�R�S�I�T�E�_�T�R�A�N�S�P�O�R�T�
D�O�_�S�C�H�E�D�U�L�E�D�_�S�Y�N�C�S�
S�Y�N�C�_�O�N�_�S�T�A�R�T�U�P�
R�E�F�E�R�E�N�C�E�_�G�C�S�P�N�
D�E�L�E�T�E�_�R�E�F�E�R�E�N�C�E�
U�P�D�A�T�E�_�T�R�A�N�S�P�O�R�T�
U�P�D�A�T�E�_�R�E�S�U�L�T�
U�P�D�A�T�E�_�S�C�H�E�D�U�L�E�
U�P�D�A�T�E�_�I�N�S�T�A�N�C�E�
U�P�D�A�T�E�_�F�L�A�G�S�
R�E�F�_�O�K�
N�O�_�S�O�U�R�C�E�
L�O�C�A�L�_�O�N�L�Y�
I�G�N�O�R�E�_�E�R�R�O�R�S�
D�I�S�A�B�L�E�_�P�E�R�I�O�D�I�C�
D�I�S�A�B�L�E�_�N�O�T�I�F�I�C�A�T�I�O�N�
P�R�E�E�M�P�T�E�D�
F�U�L�L�_�I�N�_�P�R�O�G�R�E�S�S�
C�R�I�T�I�C�A�L�
A�S�Y�N�C�H�R�O�N�O�U�S�_�R�E�P�L�I�C�A�
N�O�T�I�F�I�C�A�T�I�O�N�
R�E�Q�U�E�U�E�
P�A�R�T�I�A�L�_�A�T�T�R�I�B�U�T�E�_�S�E�T�
I�N�I�T�I�A�L�_�I�N�_�P�R�O�G�R�E�S�S�
S�E�L�E�C�T�_�S�E�C�R�E�T�S�
U�S�E�_�C�O�M�P�R�E�S�S�I�O�N�
I�N�I�T�I�A�L�
N�E�V�E�R�_�N�O�T�I�F�Y�
N�E�V�E�R�_�C�O�M�P�L�E�T�E�D�
N�O�N�G�C�_�R�O�_�R�E�P�L�I�C�A�
T�W�O�_�W�A�Y�
A�D�D�_�R�E�F�E�R�E�N�C�E�
N�O�_�D�I�S�C�A�R�D�
U�R�G�E�N�T�
I�N�T�E�R�S�I�T�E�_�M�E�S�S�A�G�I�N�G�
P�E�R�I�O�D�I�C�
W�R�I�T�E�A�B�L�E�
A�S�Y�N�C�H�R�O�N�O�U�S�_�O�P�E�R�A�T�I�O�N�
y�d�u�m�m�y�
m�S�-�D�S�-�R�e�p�l�i�c�a�t�e�s�N�C�R�e�a�s�o�n�
%�s�%�s�%�s�%�s�
,�C�N�=�S�i�t�e�s�,�
C�N�=�N�T�D�S� �S�i�t�e� �S�e�t�t�i�n�g�s�,�C�N�=�
(�o�b�j�e�c�t�C�l�a�s�s�=�*�)�
i�n�t�e�r�S�i�t�e�T�o�p�o�l�o�g�y�G�e�n�e�r�a�t�o�r�
Hosts
| IP |
|---|
| 114.114.114.114 |
DNS
| Name | Response | Post-Analysis Lookup |
|---|---|---|
| dns.msftncsi.com | A 131.107.255.255 | 131.107.255.255 |
| dns.msftncsi.com | AAAA fd3e:4f5a:5b81::1 | 131.107.255.255 |
TCP
No TCP connections recorded.
UDP
| Source | Source Port | Destination | Destination Port |
|---|---|---|---|
| 192.168.56.101 | 53179 | 224.0.0.252 | 5355 |
| 192.168.56.101 | 49642 | 224.0.0.252 | 5355 |
| 192.168.56.101 | 137 | 192.168.56.255 | 137 |
| 192.168.56.101 | 61714 | 114.114.114.114 | 53 |
| 192.168.56.101 | 56933 | 114.114.114.114 | 53 |
| 192.168.56.101 | 138 | 192.168.56.255 | 138 |
HTTP & HTTPS Requests
No HTTP requests performed.
ICMP traffic
No ICMP traffic performed.
IRC traffic
No IRC requests performed.
Suricata Alerts
No Suricata Alerts
Suricata TLS
No Suricata TLS
Snort Alerts
No Snort Alerts
Sorry! No dropped files.
Sorry! No dropped buffers.