1.0
低危
62 个模型检测该样本为恶意!
重新分析
更多

187f1942f6f3ef0b1d9a04eb9dde6dd3de1ad5ec81346a518447c6bbe1ae35f6

187f1942f6f3ef0b1d9a04eb9dde6dd3de1ad5ec81346a518447c6bbe1ae35f6.exe

分析耗时

195s

最近分析

364天前

文件大小

313.4KB
静态报毒 动态报毒 CVE FAMILY METATYPE PLATFORM TYPE UNKNOWN WIN32 TROJAN WORM MIRA
鹰眼引擎
DACN 0.12
FACILE 1.00
IMCLNet 0.77
MFGraph 0.00
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
Alibaba None 20190527 0.3.0.5
Avast Win32:Malware-gen 20200405 18.4.3895.0
Baidu Win32.Worm.Mira.c 20190318 1.0.0.2
CrowdStrike win/malicious_confidence_100% (D) 20190702 1.0
Kingsoft None 20200406 2013.8.14.323
McAfee W32/Worm-GAT!1818595DAEA5 20200406 6.0.6.653
Tencent Worm.Win32.Mira.a 20200406 1.0.0.1
行为判定
动态指标
网络通信
与未执行 DNS 查询的主机进行通信 (1 个事件)
host 114.114.114.114
文件已被 VirusTotal 上 62 个反病毒引擎识别为恶意 (50 out of 62 个事件)
ALYac Trojan.GenericKD.32372893
APEX Malicious
AVG Win32:Malware-gen
Acronis suspicious
Ad-Aware Trojan.GenericKD.32372893
AhnLab-V3 Trojan/Win32.Fakon.R284222
Antiy-AVL Trojan/Win32.Agent.icgh
Arcabit Trojan.Generic.D1EDF89D
Avast Win32:Malware-gen
Avira TR/Zusy.BQ
Baidu Win32.Worm.Mira.c
BitDefender Trojan.GenericKD.32372893
BitDefenderTheta AI:Packer.BF1A43631C
Bkav W32.FamVT.MiraVM.Worm
CAT-QuickHeal Worm.MiraPMF.S8209036
ClamAV Win.Trojan.Agent-1388655
Comodo Worm.Win32.Mira.AA@59ticr
CrowdStrike win/malicious_confidence_100% (D)
Cybereason malicious.daea5a
Cylance Unsafe
Cyren W32/S-e40ac5b2!Eldorado
DrWeb Win32.HLLO.Siggen.5
ESET-NOD32 Win32/Mira.A
Emsisoft Trojan.GenericKD.32372893 (B)
Endgame malicious (high confidence)
F-Prot W32/S-e40ac5b2!Eldorado
F-Secure Trojan.TR/Zusy.BQ
FireEye Generic.mg.1818595daea5aa87
Fortinet W32/Mira.9C5!tr
GData Win32.Worm.Mira.D
Ikarus Trojan.Minggy
Invincea heuristic
Jiangmin Trojan/Agent.iezf
K7AntiVirus Trojan ( 004993691 )
K7GW Trojan ( 004993691 )
Kaspersky Trojan.Win32.Agent.icgh
MAX malware (ai score=81)
Malwarebytes Worm.Mira
MaxSecure Trojan.Agent.icgh
McAfee W32/Worm-GAT!1818595DAEA5
McAfee-GW-Edition BehavesLike.Win32.Worm.fh
MicroWorld-eScan Trojan.GenericKD.32372893
Microsoft Worm:Win32/Mira!rfn
NANO-Antivirus Trojan.Win32.Zusy.ethqlz
Panda W32/Milam.A.worm
Qihoo-360 Worm.Win32.Mira.A
Rising Worm.Mira!1.A270 (RDMK:cmRtazp5EQQXzDtdOqceV+r82pdV)
SUPERAntiSpyware Trojan.Agent/Gen-Dropper
Sangfor Malware
SentinelOne DFI - Malicious PE
可视化分析
二进制图像
数据导入图像 288x288
数据导入图像 224x224
数据导入图像 192x192
数据导入图像 160x160
数据导入图像 128x128
数据导入图像 96x96
数据导入图像 64x64
数据导入图像 32x32
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

2014-02-27 14:41:59

PE Imphash

dbf687d6aa2a6cafe4349f7b0821a792

Sections

Name Virtual Address Virtual Size Size of Raw Data Entropy
.text 0x00001000 0x0003c000 0x0003c000 6.080451775497244
.data 0x0003d000 0x00001000 0x00000200 1.219839492304036
.rdata 0x0003e000 0x00003000 0x00002600 5.008530245268908
.bss 0x00041000 0x00005000 0x00000000 0.0
.idata 0x00046000 0x00001000 0x00000a00 4.294939157790109
.rsrc 0x00047000 0x00007000 0x00006800 4.732695681377311
.NewSec 0x0004e000 0x00001000 0x00001000 6.05769964105886

Resources

Name Offset Size Language Sub-language File type
RT_ICON 0x0004cfec 0x00000468 LANG_ENGLISH SUBLANG_ENGLISH_US None
RT_ICON 0x0004cfec 0x00000468 LANG_ENGLISH SUBLANG_ENGLISH_US None
RT_ICON 0x0004cfec 0x00000468 LANG_ENGLISH SUBLANG_ENGLISH_US None
RT_ICON 0x0004cfec 0x00000468 LANG_ENGLISH SUBLANG_ENGLISH_US None
RT_ICON 0x0004cfec 0x00000468 LANG_ENGLISH SUBLANG_ENGLISH_US None
RT_ICON 0x0004cfec 0x00000468 LANG_ENGLISH SUBLANG_ENGLISH_US None
RT_ICON 0x0004cfec 0x00000468 LANG_ENGLISH SUBLANG_ENGLISH_US None
RT_ICON 0x0004cfec 0x00000468 LANG_ENGLISH SUBLANG_ENGLISH_US None
RT_ICON 0x0004cfec 0x00000468 LANG_ENGLISH SUBLANG_ENGLISH_US None
RT_GROUP_ICON 0x0004d454 0x00000084 LANG_ENGLISH SUBLANG_ENGLISH_US None
RT_VERSION 0x0004d4d8 0x000002e0 LANG_ENGLISH SUBLANG_ENGLISH_US None

Imports

Library KERNEL32.dll:
0x4461b8 AddAtomA
0x4461bc CreateDirectoryA
0x4461c0 CreateProcessA
0x4461c4 CreateSemaphoreA
0x4461c8 DeleteFileA
0x4461cc ExitProcess
0x4461d0 FindAtomA
0x4461d4 GetAtomNameA
0x4461d8 GetCommandLineA
0x4461dc GetLastError
0x4461e0 GetModuleFileNameA
0x4461e4 GetModuleHandleA
0x4461e8 GetStartupInfoA
0x4461f4 ReleaseSemaphore
0x4461f8 SetFileAttributesA
0x4461fc SetLastError
0x446204 Sleep
0x446208 TlsAlloc
0x44620c TlsFree
0x446210 TlsGetValue
0x446214 TlsSetValue
0x446218 WaitForSingleObject
Library msvcrt.dll:
0x446224 _fdopen
0x446228 _read
0x44622c _strdup
0x446230 _write
Library msvcrt.dll:
0x44623c __getmainargs
0x446240 __mb_cur_max
0x446244 __p__environ
0x446248 __p__fmode
0x44624c __set_app_type
0x446250 _assert
0x446254 _cexit
0x446258 _ctype
0x44625c _errno
0x446260 _fstati64
0x446264 _iob
0x446268 _isctype
0x44626c _lseeki64
0x446270 _onexit
0x446274 _pctype
0x446278 _setmode
0x44627c _strnicmp
0x446280 _vsnprintf
0x446284 abort
0x446288 atexit
0x44628c fclose
0x446290 fflush
0x446294 fopen
0x446298 fprintf
0x44629c free
0x4462a0 localeconv
0x4462a4 malloc
0x4462a8 memchr
0x4462ac memcpy
0x4462b0 memmove
0x4462b4 memset
0x4462b8 rand
0x4462bc setlocale
0x4462c0 setvbuf
0x4462c4 signal
0x4462c8 srand
0x4462cc strcat
0x4462d0 strcmp
0x4462d4 strcoll
0x4462d8 strcpy
0x4462dc strftime
0x4462e0 strlen
0x4462e4 strtod
0x4462e8 strxfrm
0x4462ec time
Library SHELL32.DLL:
0x4462f8 SHGetFolderPathA
0x4462fc ShellExecuteA
L!This program cannot be run in DOS mode.
.rdata
.idata
.NewSec
E;Es9}
<t6p t<~@tO
x7EZ[^_]
UW1V1S
eEEE$@
++CCUNG
pP EtB(dB$
R \tp@$
hUhU`hu
llU6hU(Et
E!t#XtEXM~t
$]u}E$@
UpPl1|pl
;u ]]$}}
4$Yt8M
]1u}];] tIF
UWVS|U$E
E|[^_]
1|[^_]
UWVSL}
$DtbEN
UEXEE]u}E
++C B4CUNGB
t-S4C0
UEhEE]u}E
E]u}]E
UEhEE]u}E
tB1u2=C
UEXEE]u}E
80S4C0
t(S4C0
x9JtD|IS
]uEEEE
]uEEEE
]uEEEE
UUWVSLE
$UE@M@
$IMEQh$9t
$YMEQh$9t
$iMEQh$9t
]u}EEUE
Pht%$9t
UE]PhXdE
$]u}E$@
|u9EEP@
$]u}E$@
tuHxEE
$]u}E$@
tuHxEE
$]u}E$@
tuHxEE
$]u}E$@
tuHxEE
$]u}E$@
tuHxEE
$]u}E$@
tuHxEE
$]u}E$@
tuHxEE
$]u}E$@
tuHxEE
$]u}E$@
tuHxEE
UUWVS\E
EuSEUE9B
Et1@t@
UEXEE]
Et1@t@
UUWVS\E
EEUEn@
EuSEUE9B
UMWVSlE
UMWVSlE
UUWVS|E
@;Er]E[
@;ErEU]H
]xEEEt
$u}E$@
oUUWVSlUE
UUWVSlUE
9t1]u}]
[^_]UU
[^_]UXeE
$B4$Z]u]U
UEXEE]u}E
Eu!PRD
u9Et4+_
9}]t7q^
8"t-EE
$u}E$@
$u}E$@
$u}E$@
]uEEEE
]uEEEE
$u}E$@
$u}E$@
$u}E$@
]uEEEE
]uEEEE
$u}E$@
$u}E$@
$u}E$@
]uEEEE
]uEEEE
]uEEEE
]uEEEE
]uEEEE
]uEEEE
]uEEEE
]uEEEE
]uEEEE
]uEEEE
]uEEEE
e[^_]EAAAA
uEAAAAEAAAAE
EAAAAEAAAAE
EAAAAEAAAAE
EAAAAE
S C0C,
t(C,1D$
S0x]u]
t3[4u$&
t$B0x=B0uVB(
z(]u}]
H0x4P0uMX(]
[^_]o2
UWVS,PXD
]t"x0xFp0u X(EP J
UWVS,@
tLEtt$
tEp0x^X0uw@(UEEE
]tAH0xFP0u
X(EP J
X(EP J
H0us@(EUE
x0uaX(EP J
<$&]u}]
taH0xkP0uu@(
e[^_]PXD
H0yAPXD
EUM]Uu
M9MvuMEU]Eu}U]
EuaE9E
UEEEU]u}]
Mu,9vZ
1E]E}Uu]
W11V1S
tplhl$
D$'\ t&
ME1UfE
:|,1\$ \$0
t$$t$4|$(|$
\$ t$$|$(,
D$,L$(D$
T$$D$ L$
T$DfD$B
\$0fD$0
|T f|T`B
UWVS|$
t$@\$@L$B
;f9yD$
|[^_]fD$
\$ fD$
~t$`1L$@
tfxJ\$
[^_]uUt$
~ML$$t$$
~;D$$p
~PL$$q
[^_]Ov
1D[^_]
|$lOD$
~D[^_]
D[^_]fD$&
tH1|$(M
Ky\$\u=L$
|$\T$`
UWVSd\$xl$|
2L$:zQ
1d[^_]
1D$8L$
HyfD$8xfD$
UWVSLt$`l$d
:L$"ZQ
L[^_]1
HyT$ \$
LS[^_]
Iy%LbD
t,K9w4
0^t&K9w.
B9w[][]
;Ew,t&
Bt$H9v
9pr(t$
EZ;]]r
u39~rdF]
E9]EEr
9rrTB]
u)]u}]
9rrdB]
E@E9]EEr
9prw;M
DF;gUS
$]u}E$@
$]u}E$@
$]u}E$@
$]u}E$@
$]u}E$@
$]u}E$@
$]u}E$@
$]u}E$@
t>BtmEM
$rE]u}]
$UEP&A
]UUWVS
T$E|UD$
D$|UD$
eOEElD$
$SEJEEE
$@$EVE
rUMWVS
$EJEEE
$@$EFE
pUMWVS
$EJEEE
$@$EVE
rUMWVS
e|EElD$
$EJEEE
$@$ECE
nUMWVS,
enEElD$
11dE1X
'x $t&
cUMWVS,
e_EElD$
dE1X1\
$9\rpw
eUMWVS
$@$Eek
]EUu}]
UWVS<U
EMu`EED$
]UU EEE
$Uu}E$@
$:EUEEU
$8EU]u}]
UU EEE
$U]uE$@
$?7EU]u}]
]UU EEE
$Uu}E$@
$EU/EEU
$5EU]u}]
$;U(E$U
uM }u$}
UWVSLE
EUe[^_]
7UWVSLU
EUe[^_]
DUWVSLE
0P&M U
EUe[^_]
>UWVSLU
U N 1%D$
EUe[^_]
E$]U u]
E <$D$
@1vE D$
a0L$/4
@-6m D$
]U M$}>D$
W ]u}]
(]] uu
$WEEUs
AE]EUu}E
$YotuH
$]u}E$@
$;"UExE
$]u}E$@
$!UExE
$]u}E$@
UWVS<E
1t+u+t
$P$WUWVS<E
1t+u+t
<[^_]#
$P$WUW1VS
$P$US$M
E0EE,l
;E |qgfff
M(9Mt\EU
$P$UWVS|E
U ElUE
EET$$U
1t+u+t
|[^_]S<1u
Bu+E1E
UWVS,E,EE(l
C;]$s!U
CG;]$r
$X?E(UM
$<?E9Ur
U2Cu9rE
e[^_]E
<$MEMP
EET$$U
BdEBhEBlEBpE
1t6u6t
9u{tEC
,A<8w4
D$ E$T$$
D$ ,T$$U
|,U$HB
T$ 4E$
BHEBLEBPEBTE
E$T$(L$$D$
Bd8Bh<Bl@BpDBtHBxLB|P
B,EB0EB4EB8EB<EB@EBDE5
FJ8tJU
$%\$ ~
c%\$ (
$P$US$M
UWVS<E
$3;]$tb
tO%tv}
C;]$uE
%uC;]$tE
u!C;]$tM
R4UVS ]
^]kTU(
UMWVS|
MU E$@
e?E]l]
hxUxBl@
||8\A
\|@@B4E1<<
$E,|B
80tp@U
)UMWVS|
MU E$@
rxUxBl@
||8\A
\|@@B4E1<<
80tp@U
D$ E$T$
D$ E$T$
U M$$@
|htL$/p
x|e[^_]
$hp)dL$
UU EE$U
U8uE u
]U$M(}>D$
4$L$ D$
U t,t$
]u}]UWVS
$nXlD$
HlL$+@Ep1D$
@L$+<P0
T$+@Bl
kUWVS<
eE|lp<$yl
Od|dBl@
0L$'D,
0C,<$D$
EUEEUE
&{TPLB
ChtB4E
J$Z(@@<
X<$BuEX
$xUWVS<
eE|lp<$ll
Bd|dBl@
0L$'D,
0C,<$D$
EUEEUE
&nTPLB
ChtB4E
J$Z(@@<
X<$BuEX
$xUUWVS\E
$>\[^_]
UMWVSLE
$yL[^_]
U]Mu}EU
U]Mu}EU
$R]u}]
uEE}UM
UMWVSlE
t ]u$E
El[^_]
$bEl[^_]
]MEEUEIB
$E|[^_]
E|[^_]
EEUu}E
t&]u*E
EEU]}E
t&}u*E
$4E]u}]
$E]u}]
UU]EEu}E
E@t']u+E
$2E]u}]
EEU]}E
$nE]u}]E
EEUu}E$@
$D~E]u}]
UU]EEu}E$@
$B}E]u}]
$m|E]u}]
$]}E$@
EEUu}E
B@t2]u6t&
$yE]u}]
$yE]u}]
UMWVSlE
$wEl[^_]
$s.UWVS
UMWVS|E
$NrE|[^_]
rE|[^_]
}EEEEUE
@@t.}u2&
pE]u}]
$oE]u}]
$%nE\[^_]
$mE\[^_]
$rl]u}]
$$k]u}]
U}1EEU]uE
iE]u}]
$hE]u}]
UUWVS|E
$8gE|[^_]
$fE|[^_]
UUWVS|E
$heE|[^_]
$dE|[^_]
KUUWVS|E
$cE|[^_]
$"cE|[^_]
{UUWV1S|E
$aE|[^_]
$RaE|[^_]
UUWV1S|E
$_E|[^_]
$_E|[^_]
UUWV1S
UUWVS|E
$(\E|[^_]
$[E|[^_]
UUWV1S|E
$XZE|[^_]
$YE|[^_]
;UUWVS|E
$XE|[^_]
XE|[^_]
kUUWV1S
mUUWVS|E
$TE|[^_]
$BTE|[^_]
UUWV1S|E
$RE|[^_]
$rRE|[^_]
UUWVS|E
QE|[^_]
$PE|[^_]
UWVS|E
e1OEUE
$OE|[^_]
U]UEEu}E
$ME]u}]
ME]u}]E
EEUu}E$@
$NLE]u}]
$dKE]u}]
UU]EEu}E$@
$bJE]u}]
$IE]u}]
$]}E$@
$u}E$@
$8GE]u}]
$B]u}]
$kA]u}]
e5?EED$
}U|BtBu
#UUWVS|E
$<E|[^_]
6PxBtBu
]M|BtBu
eE4EED$
J|BtBu
e0E|D$
EpBtBu
eE-EED$
C|BtBu
]UUWVS
e"*E|E
3UUWVS
eu&EED$
<|BtBu
@))9rZt$
]]UXeE
]uEEEE}E
E]u}]E
$E+vUE
UU]EEu}E
UEWVSlE
El[^_]=
\dE|EiC
4$)1D$
9PrWp1|$
9BraR1_U\$
$K]u}]
9JrfzU
X?)9rY|$
9s3Bt$
)9snu~B
$u}E$@
UuL C
UjU(]E
u0F)9w
EJ?))9rRt$
8D]u}]
?J)9r[|$
?]9EUUrwU
X9s?))9rtt$
]u}]9st$
]]U(uU
<$E)(>U
UEEMEB
$I:EEE
$69E\E
A?));U
$u}E$@
$aUUWVS|E
$|[^_]
EE]u}E$@
$@]u}]
$u}E$@
9BUr~Uu
EHjU(}}
EE]u}E$@
$0]u}]
$u}E$@
9BUr~Uu
E8jU(}}
$]u}E$@
$]u}]E
$]u}E$@
$J]u}]E
}~UXeE
$cUXeE
U]uEEU
$@]u}]
$#UXeE
$cUXeE
$A]u}]
$~]u}]
$#UXeE
$cUXeE
U]uEEU
$>]u}]
$#UXeE
$bUheE
$sUXeE
$L]u}]
$c]u}]
$AUXeE
$(XUXeE
$(hUXeE
tD~@Q@
c_UWVS<E
7E|$/M
$UE19u
C@uaC@
C\u'C\
$#uOEE
$E]u}]
P0P@@J
@4A8A<u
$4UB@BI
;EE0AtM
$E.UMWVS
tlUEPXE
$e[^_]
$E,E3WqMEAX
$e[^_]
EpXX\
CdpueUpB\B
B4B8B<E
U]uEE}E
$E]u}]
${E]u}]
$EL*U(uu
EE]u}]
]9ttuF
U;:|CF
;9t19~!)tQC|$
P1SBF0
ChCdC@C
YLQ@9A
ALIPCT
$E>$BX
U9EXXPd
#t{]{T
$P$t:E
U]uEE}E
$:tfEU]@
$PE]CX
$E]u}]
E:IaUX}}
]u}]GT
_h1Wd)9]
G<~?O\U)
u6whO\U
F?E)\$
GhMW\)9EEr
GdeEGX
$\gGd\$
$AUUWVS\E
$\[^_]
UUWVS\E
$u\[^_]
]uEEEE
$R]u}]
]uEEEE
$1UXeE
]uEEEE
UUWVSlUE
e6EMxM
EUxBx8
UUWVS\UE
EUxBx8
hUMWVSlME
M6UMWVS\E
eR]UMC
EMUE]A
qUUWVS\E
EUxBx8
_UUWVS\E
EUxBx8
_UMWVS\E
EMUE]A
$4\[^_]
$RE]u}]
UUW1VS\E
$$UEMBt
$\[^_]
$OUUWV1S\UE
eDEMtM
$"UEMBt
$t\[^_]
UMWVS\E
$\[^_]
$yUMWVS\E
$YUXeE
EUtBt8
$1UXeE
EUtBt8
$RE]u}]
UUW1VS\E
$\[^_]
$WUUW1VS\E
eVEMpM
$UMWVS\E
$%\[^_]
UMWVS\E
EUpBp8
EUpBp8
$xUXeE
$"]u}]
$8p1D$
$"]u}]
$8o1D$
"EUE1}
*UqUheE
$.]u}]
$(UqUheE
]uEEEE
]uEEEE
$']u}]
]uEEEE
$g]u}]
]EEEEU
$]EUD$
$]YUheE
REUE1}
$:\EUD$
$m\YUS
[[]}OU
pl&$hd
$|e[^_]
$X)TL$
Nld)hL$
UUWVS\E
esEUE1}
t\[^_]
$K1UD$
$KZUUWVS\E
eXrEUE1}
$r\[^_]
$nJZUS
X[]}=U
UUWVS\E
epEUE1}
q\[^_]
HE1Ut$
$HZUUWVS\E
eHoEUE1}
$o\[^_]
1G1UD$
$^GZUS
X[]m:U
$'utJ$
p`1(@=
ie[^_]
$rld)hL$
$gktJ$
p`1(@=
$T_e[^_]
$hld)hL$
$69cU1
X[]}&U
Y[]-&U
$U]u}]
$`[UXeE
$ZUXeE
$ZT]u}]
$S]u}]
$SYUXeE
]uEEEE
$R]u}]
$XUXeE
]uEEEE
$:R]u}]
$WUXeE
]uEEEE
$Q]u}]
$O]u}]
$#UUXeE
$N]u}]
$sTUXeE
$ N]u}]
$SUXeE
$pM]u}]
]uEEEE
$L]u}]
$SRUXeE
]uEEEE
$K]u}]
$QUXeE
]uEEEE
$JK]u}]
$PUXeE
$J]u}]
$=PUXeE
$I]u}]
${OUXeE
$NUXeE
$WH]u}]
$MUXeE
$G]u}]
$;MUXeE
$F]u}]
UMWVS\E
$WC\[^_]
CtSt]u]
?XCtCu
CtSt]u]
$u}E$@
$&EUD$
E@xEtP
UWVSLE
$wllD$
$TCtCu
].UXeE
$~E1@t
$F=]u}]
u1EEEE}1
^H[^_]E
[H^_]E
-UWVS(E
C9u([^_]
4$ [^]
UUWVS|E
$2E|[^_]
$d2E|[^_]
UEXEE]u}E
$-1E]u}]
UEXEE]u}E
$m0E]u}]
UEXEE]u}E
$/E]u}]
$E]5t&
$EYUEXEE]u}E
$.E]u}]
UEXEE]u}E
$-.E]u}]
UEXEE]u}E
$m-E]u}]
UEXEE]u}E
$,E]u}]
$E]2t&
$EYUEXEE]u}E
$+E]u}]
UEXEE]u}E
$-+E]u}]
UEXEE]u}E
$m*E]u}]
UEXEE]u}E
$)E]u}]
$E]/t&
$EYUEXEE]u}E
$(E]u}]
UEXEE]u}E
$-(E]u}]
e}#EME
$MAX9EE~wE
k-MT$+Uyu
#Ee[^_]
8UBtBu
$e7 EME
.*MT$+Uyu
6UBtBu
$Ee[^_]=uE
$]uE$@
$E."EU
$]u}E$@
$E*!EU
$u}E$@
||EH;E
En}t uu$E
UM4$L$
UU]EEu}E
\Mira.h
Saaaalamm
basic_filebuf::xsgetn error reading the file
basic_filebuf::_M_convert_to_external conversion error
basic_filebuf::underflow codecvt::max_length() is not valid
basic_filebuf::underflow incomplete character in file
basic_filebuf::underflow error reading the file
basic_filebuf::underflow invalid byte sequence in file
basic_ios::clear
basic_string::at
basic_string::copy
basic_string::compare
basic_string::_S_create
basic_string::reserve
basic_string::erase
basic_string::assign
basic_string::append
basic_string::_M_replace_aux
basic_string::replace
basic_string::insert
basic_string::resize
basic_string::_S_construct NULL not valid
basic_string::basic_string
basic_string::substr
ios_base::_M_grow_words is not valid
ios_base::_M_grow_words allocation failed
locale::_S_normalize_category category not found
locale::_Impl::_M_replace_facet
basic_string::_M_replace_aux
%H:%M:%S
%m/%d/%y
basic_string::_M_replace_aux
basic_string::erase
pure virtual method called
LC_CTYPE
LC_NUMERIC
LC_TIME
LC_COLLATE
LC_MONETARY
LC_MESSAGES
locale::facet::_S_create_c_locale name not valid
-+xX0123456789abcdef0123456789ABCDEF
-+xX0123456789abcdefABCDEF
-0123456789
%m/%d/%y
August
September
October
November
December
%H:%M:%S
Sunday
Monday
Tuesday
Wednesday
Thursday
Friday
Saturday
January
February
c:/mnt/samo/mingw/msys/mthr_stub.c
-LIBGCCW32-EH-2-SJLJ-GTHR-MINGW32
w32_sharedptr->size == sizeof(W32_EH_SHARED)
%s:%u: failed assertion `%s'
../../gcc/gcc/config/i386/w32-shared-ptr.c
GetAtomNameA (atom, s, sizeof(s)) != 0
R`%uM]=];Z
uuvHMe
Ix@ p+
N10__cxxabiv117__class_type_infoE
N10__cxxabiv120__si_class_type_infoE
N10__cxxabiv121__vmi_class_type_infoE
NSt6locale5facetE
NSt8ios_base7failureE
St10bad_typeid
St10ctype_base
St10money_base
St10moneypunctIcLb0EE
St10moneypunctIcLb1EE
St11__timepunctIcE
St11logic_error
St11range_error
St12codecvt_base
St12ctype_bynameIcE
St12domain_error
St12length_error
St12out_of_range
St13bad_exception
St13basic_filebufIcSt11char_traitsIcEE
St13basic_fstreamIcSt11char_traitsIcEE
St13messages_base
St13runtime_error
St14basic_ifstreamIcSt11char_traitsIcEE
St14basic_ofstreamIcSt11char_traitsIcEE
St14codecvt_bynameIcciE
St14collate_bynameIcE
St14overflow_error
St15basic_streambufIcSt11char_traitsIcEE
St15messages_bynameIcE
St15numpunct_bynameIcE
St15time_get_bynameIcSt19istreambuf_iteratorIcSt11char_traitsIcEEE
St15time_put_bynameIcSt19ostreambuf_iteratorIcSt11char_traitsIcEEE
St15underflow_error
St16__numpunct_cacheIcE
St16invalid_argument
St17__timepunct_cacheIcE
St17moneypunct_bynameIcLb0EE
St17moneypunct_bynameIcLb1EE
St18__moneypunct_cacheIcLb0EE
St18__moneypunct_cacheIcLb1EE
St21__ctype_abstract_baseIcE
St23__codecvt_abstract_baseIcciE
St5ctypeIcE
St7codecvtIcciE
St7collateIcE
St7num_getIcSt19istreambuf_iteratorIcSt11char_traitsIcEEE
St7num_putIcSt19ostreambuf_iteratorIcSt11char_traitsIcEEE
St8bad_cast
St8ios_base
St8messagesIcE
St8numpunctIcE
St8time_getIcSt19istreambuf_iteratorIcSt11char_traitsIcEEE
St8time_putIcSt19ostreambuf_iteratorIcSt11char_traitsIcEEE
St9bad_alloc
St9basic_iosIcSt11char_traitsIcEE
St9exception
St9money_getIcSt19istreambuf_iteratorIcSt11char_traitsIcEEE
St9money_putIcSt19ostreambuf_iteratorIcSt11char_traitsIcEEE
St9time_base
St9type_info
AddAtomA
CreateDirectoryA
CreateProcessA
CreateSemaphoreA
DeleteFileA
ExitProcess
FindAtomA
GetAtomNameA
GetCommandLineA
GetLastError
GetModuleFileNameA
GetModuleHandleA
GetStartupInfoA
InterlockedDecrement
InterlockedIncrement
ReleaseSemaphore
SetFileAttributesA
SetLastError
SetUnhandledExceptionFilter
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
WaitForSingleObject
_fdopen
_strdup
_write
__getmainargs
__mb_cur_max
__p__environ
__p__fmode
__set_app_type
_assert
_cexit
_ctype
_errno
_fstati64
_isctype
_lseeki64
_onexit
_pctype
_setmode
_strnicmp
_vsnprintf
atexit
fclose
fflush
fprintf
localeconv
malloc
memchr
memcpy
memmove
memset
setlocale
setvbuf
signal
strcat
strcmp
strcoll
strcpy
strftime
strlen
strtod
strxfrm
SHGetFolderPathA
ShellExecuteA
KERNEL32.dll
msvcrt.dll
msvcrt.dll
SHELL32.DLL
;33330
*7RTVVjrqmjr}
!/9?NGGaaq^^^m
+388<<a^^^^]^
#%88<Ca[]]]]]
#%''CCZ[^\\\]
#%'''<[[^^\\]
#%''<_a[^^^\^
#%''<<aa^^^^^
##''<_am^m^^m
"%%8D<aabm^^m
#-8<Iaammmmm
"#%89addammmr
$-8<Gdnmmmj
$-8GIdnnjrr
$-8GGhnsrr}
$-9Gdhnszz
$-9GGggs}s
+-9Ghgys
$1;GVvys
+/GSiiyy
+/?Tiv
jjuwxz.4DC\JJMU
'* KJJJ;t
99MJJBy
9KJJJ\
9#KMJJ\
=LMOO`
*1=R\QQc
*<=UUQ\h
*@@VU```g
2@CVVg`m
'2FCaccm
3F[Yam
%@74i%
(J@@=%
:TOJ7Q
Tccbk
Vcccl#
Vcccl),Fbb_:
Vccll7,bheb:
Vcj[S/dhhhbH
_VTTTPJJJBH
~s#MgR'Qj.(Vq
]vr Lhh(QjT/SiB3Sh'5Ti
Lit%Qla-TkM3Ti>5Sf85Qd(6Rf
Liz$Qli,UmU2VlD5Ti:5Rf55Qd1YD}h
Li|#Qmo+Un\Fsbcqy~xtvywvs^
~srrrr:oRdr}}xsqnlihglt
]{usrsrZagjlqqokhdb`__b
3zxvtsrHR]deddbcc_\ZZY]
~{ywvsGKQW\_``_`]ZYXX[
|zyv@FOVZ\^^__^\ZYXZ
~{y?EMTZ\^_`a^^\ZY[
|?FMTX\^`ab`^^\Z\
?FMTY\_accb`^^\_
?ELTY]_ccdbb`^^`
tELSX^acefdab``c
ELRX^acfhfcdccf
ELRY_cehiiffffp
FLTZ`dgiljiiij
FMTZ`ehkmljklo\
HNT[bfjlonmmpsf
HNU\chkoqqoprv
IPV]dinqstssuz
KQX_fkoruwuvx}
KRYaimqvxxxy|
MS[cioux{}|}
NT\elqw{~
OU]fmuy}
PW_gpv|
PX`iqx
QYalsz
QZemu}
%Jc_(Nf/)Sl
]tHc}(Nfg1QfL4Qd%5Th
u@{sV~:
Gc%Mgr.RhY4RfE5Qd:fQ
{uh*>FE
Gc7fVkv}woaONOf*>EP
usrrOZcebYXUOLKYn
<~vssBDOX\^]XQLKa
zwu?GS[][WTOMLct
|yCEMWYZZWSPOeu
~=EOX\^^[XUUkx
?GPY_bb`^[[q|
nHQZbfgeabbv
JS]djkjghilq|
KT_inpnmop[
MWckqttrvxs
OYdouzxy|
R[hsy}}}
D:9hN!
_]^`DKV^]\[[r
lwogDCNNNNP\
pwoDENNNN
uwEIRRNN
yGNV[VR`
}JT\f`[b
N[csmfc
Raizsme
NaHaJavMt
BtyMtzMtuLt.MtvMtMtvMtvMtvMtvMtvMtvMtvMtvMtMtllv
Z~MtvMt
tNt$vItatVMwNv
tvEtvt_tv]tv-tvMtv]tvOtzMtwMtzMtvMtv
tvQtT9txMtvMtv]tvMtv]tvMtMtvMtvMtvtVtvMtvMtvMtvMtvMtvMtvMtvMtvMtvMtvMtvMtvMtvMtvMtvMtvMtvMtvMtvMtvMtvMtvMtvMtvMtvMtvMtvMt
tvQtvMtvMtvMtM
MtOtv-tvQtv
tvMtvMtvMtM4
trtv=tvstv
tvMtvMtvMtM%vMtvtvmtvMtvMtvMtvMtvMtM4
tVtvtvWtv?tvMtvMtvMtM4vMtvMtvMtvMtvMtvMtvMtvMtvMtvMtvMtvMtvMtvMtvMtvMtvMtvMtvMtvMtvMtvMtvMtvMtvMtvMtvMtvMtvMtvMtvMtvMtvMtvMtvMtvMtvMtvMtvMtvMtvMtvMtvMtvMtvMtvMtvMtvMtvMtvMtvMtvMtvMtvMtvMtvMtvMtvMtvMtvMtvMtvMtvMtvMtvMtvMtvMtvMtvMtvMtvMtvMtvMtvMtvMtvMtvMtvMtvMtvMtvMtvMtvMtvMtvMtvMtvMtvMtvMtvMtvMtvMtvMtvMtvMtvMtvMtvMtvMtvMtvMtvMtvMtvMtvMtvMtvMtvMtvMtvMtvMtvMt
tvMyxUtv~rq\jFtEr
msuLN'p
btxvEtv
&1t6mN'p
btxv(tRt6
;zqtvMjx^tv
yxXtvL_
~Mt1Ntv
z5 mvM7j
y0M/uLsayxXtv
tvMmsuLq\Ft_su8
v5LovM5`z5d-vMynMtv
Wqqq;zqMoM
H\7vMp-&
};5xlvM=*tGr
tvW5,vM5Xf5
lvM=||
-M95lvM;5|nvM;Q=*t
suL?vnvMt
bUyxNtvL
bUyxOtvL
^,uv;rh
yM=tI;f
t=fzQ\2Ut
:eduU?^L_5/dv<dx
zq~N7|
u8\huO
s~8x;qtvM];x5
,VN:]8:4,<*<{7
3`Nt=~ruLMyFKs
ruL?^.atU?*KsQ\
t=|~Mt
=jruLsuL)P
5surQ;
suNtv5NwM;"Ks
*67 tL
=jruLsuLPsu7$tL_
7,tLtvM\^jt
VruL;x
7,tLsuL\
fruL;x5(0vM=&Ks
3`bNt=ruLMyKs
ruL?^.ftU?KsQ\
t=QtvM\
Bt=|Mt=x-t=QtvM;suLsu58kvM5`
wMt=|vMt=x=t
x=tvM,R
tvMbti*{v7uL
suIkvM$v@\;suMtv
7uLvM3su
2Pt=|Mt=xvMt
*suL;x
7tLsuL\At
suL:Ls
suL:Ls<+suL:
7uL</suL$:
;D7-uFvMtw
1suLyQtvMyx]tv5x
yM;U?Lsx
ruL;x5yM?KsQ;suNtv5|yM?LsQ\
*suL;x5xivM5`z
zMtv7uLzqiMsu7uL;q
^tv7uLzqY@M1=Z
=ruLtvMaBMsuouLtUuvMxyv-tw
zMtv7uLzq)hMsu7uL;q
tv7uL6U;Q?LsQ\
*suL;x54fvM?LsQ\?t5
v\qymt
vnLs5R
2u'suL\qymt
uLTxyv-tv7uLzqyKswMt^DsurtvtVt8tvM?LsQ\Nt
*suL;x5hevM
:u)suL5R
suM3{a
6Lsv\qymt<uLt
:u%suL;qvvM
|_suXQ;suNtv5$@vM
ysuGtL
=ruLtvM
P}su7tL
=ruLsuL3M
=ruLsuL
suL]Is=Q,M;suLsu5gvM5`z6puL
9xvMyIsVpt=puL9M?Is
puL;x5*vMyNMtv
fsuGuL,Mt|=xvMta\~=t=|Mt=x-t=QtvM;esuLsu5fvM5`7uLq;qtvM;qtvM;qvM;zqtvM
iMbayQPdM?LsQ\.<t=x
suL;x5TcvMyQRdM?LsQ\
<t=|zMt
suL;Q?KsQ\
]t=|zMt=x-t
7rLwvM\]t=|zMt
=puLtvMP
surQ;esuNtv5
DwM64yUtvM?Lsx
ruL;x5 xMyUtvM?Lsx
puL;x5xM
7rLuvM\t^tv7rL
]su?rL3YsuM+~
puLtvM=Is7E5VU=
puL=~Is
puL51zIsv
QsuLtv7xrL5nUsT~G|rL8
2dMMsu?trL
IsuopqLtW3rHsuMt
ouLsl~
puL7%:\5avM;nHs
ouL;jHs
ouL7hqLsvMAsu
EsuvtF[=|zMt
=puLtvMMO
surQ;esuNtv5@BwM64
tvMyUtvM?Lsx
quL;x5XxM=N
ouL7TqLwouL-suGXqL"
8OsTx?\qL
9suvsIzPX
Q,]?Lsv]yUtvM?Lsx
7rLuvM\bt
vN5zMxuL
=puLtvMP
^wv7rLzq
puL;NHs
~ouLo@qLvJtvM=
NHsouL?IsQ;esuMtv5
7rLvvM\jta
NHsouL?JsQ;esuMtv5
yM=JHs
7rLwvM\`ta=
NHsouL?KsQ;esuMtv5
NHsi;esuLsu5H+vM?KsQ;esuLsu5yM?IsQ\
|L&-"nm&l5l
?(MtvnvMt^8tvr}
&vM;5a=;5&vM;5a1?vnvMt
l5`z~=?(MtvnvMt
I-:*X=f
,MtvnvMt
,';L-1GVVyH
suL;eI-;
tvM?3vMt
9'l#;r
srdM?*vMt
V5l0uh
|]=jzE=r
^55~8`\6t
>5TruL=fs_
MtL9;5_suN__?*vMt
<~r9l`U;54$vM=b
5;L^su
\F;tN5ruL;;
,Ta4?f
`w%;\h{
=;l^0sud
=bNz]58
Q=b\h{t
;YtvM)
tvM?3vMt
pvvMWT5mx{2zMto^MoPpxvM
lnvMtY*6vU?j
tvM?3vMt
bu;nxw
==vasU64U=f
QluvM|
.wMtT=j
9?*vMt
N58puL=fuHf5ruL?b
&L.Ntvv
=^T;9My.
/Ptv*suL5^r
u&suL;\7xMY]=\F4?3e
a;suLM#Msu
tvM74*suLUNt=JsuL8
zu~\Js
suL*)O
\jGsi;x5
!vM;1Ls
tvM;Ls
Ls+uvM
Nt/Ntv
tvM7=*suLNtlultvM5mx\6wMa=
&suL;7uLqjzvM
*suL382Mt
5Utswl|f=
tx}8\6=wMEvvM=Ls
&suLs4Ntv.z
tvM54~Q;suL9!M
]tvOuL
5DmuL;Ls
suL;Ls#=
GuL6%D7uLsu~{6\6tLsu
ruLUxLsv
suL74=
suL?5muL;Ls
qL63su
suL?50ouL64xLswouLt
Ls_su(t\6wMsursu
"suL?>^ su\hR
suGuLqytLa=
&suL=t_4su(t
suL7ju=
Lsu<^xsur
su6suL=JD
suN\2Ds
.suL7=a&21Lswf{kG
uLs^0tv
xMt^TtvwJu
Nsu;tvM
=JsuL\t
&suL54
^tvGuLY;x
uLs^htvGuLqM;tvM
MU;5lvM=~
4Q\z_t
Ls{yMtv5$vMyMtv5
vMyLsu7uLzq#M
&suL;x5vM
Mv,=:uvM;Ls
.suL=Ls
0v5muL64~yxQtv5vMp4/Mt=MBM;U;
Q;x5vMM;
tvM=LsQ\]t
zqMuL=9?*vMt
Uytbt6`vM?(MtvnvMt
4zqM=9?*vMt
4zqM=9?*vMt
9Uyw6`ti\n[ti\t
tvM?3vMt
zq=M=9?*vMt
M=9?*vMt
9UywZti\[ti\Ft
tvM?3vMt
^Htvr{
?vnvMt~r[u
fvMt~r[u
bU=z|Q\Ls?\h49;j~r[u
zqtL=9?*vMt
9UywXti\nJs
tvM?3vMt
<zqMsL=9?*vMt
<zq-sL=9?*vMt
9Uyw>Xti\
tvM?3vMt
|zqsL=9?*vMt
|zqsL=9?*vMt
9Uyw~Yti\Js
tvM?3vMt
Q;5ruL640Ntv
H/yE;D
?(MtvnvMt
;9tvM=
Pyf]tv
tvM?3vMt
2u9?vnvMt
9=ra=f
]=nm;`LqqUrL6wAjzvME=r
9?vnvMt
g88tL&
:E7EWN:iYP/gvNv{
w2iM&w
t0Ntvv
ua;z5puL640Stv\6uL_N;j
be;n'A=
qL6l];~8
xDtvM=
qqa;Y=~x
r9q\6Gs
r,suLyNtv6 suL?vnvMt
]=vwvM=
8xY\Gs
fvMt=ztvM=
tvMyJMtv
G'L7EWN&w
?e=wE=t
u7CtvZ5KNMt0=v
ztU5sx\F4Z|8\7_xM
7jhtvM=6@
tvM?3vMtZx}.
=6ruL;j3lsuL,V|js**
Q=?\:xMF
?N;~r:
wMl\G47=t8lj
{suC3w\6uLlnvMtb
tvCuuZ=6Cx\7
vM74Ty"Ntv$
'=buvM
,MtvnvMt
tv/$y:
=6$O=B =6CtvqsuCtusuL=6|Z]
Xsu<_[su(t
vMu3C w\6uL
rUytvMt=uvMUsL
z6quL5syk=Ntv
6\:vMY?xr,
?N;"6suLy"Ntv6suL=
8xa\Cs
;~6quL=6<
x@,i]5Js
requL=6
wMt_su/t
qqY;Q=
utLY,wMteruL=
su4.Ntv
tvM;YtvMsL,
z|Q\Bs64e=
tvMyUtv
x|MtP58
?(MtvnvMt
q;QuL6
?vnvMt
qquuL6
DuvM=J"
uvM?f]lu
aU5ru\6wM;%tvM=z
D=tvM]yZMtv
CG5:6/
u6\6uL1
tvPE/Bv
VJ;RfvMt
pP;zT1;j8O
TN/615l~)pU&xQ\@s
8}Q5ru\7DtL
,MtvnvMt5zM
1uLj8NLs
jU]Ls=TtvMyzOtv
tvM?3vMt
b;r/|E={Hy>Mtv
tvM=r<=tvMuIqY;
;%tvM;e;YjzvMqa;zL
z5V{~pQ&
5U|~oS'
zlnvMt%=n
bua,wMt
Y;];U;
asm;Js_
Uyt>at
Uyt>at
<zqM=9?*vMt
uL=9?*vMt
zquL=9?*vMt
[ti\Lsi\&t
tvM?3vMt
rA;n/p=T;)6?MyZv
\Q\nt=vuvMsUEM;Y=>
CvM?*vMt
su?vnvMt
bU~5suL;j
^(su?vnvMt$
?(MtvnvMtD
9Y5~N?FQ?
tvM?3vMt
M;5(xvMz
^tv5pruL?(MtvnvMt
be;n'p^tv<
'm9};5
vM;5zvMtL
t=StvMO
tvM?3vMt
rzq;j'l
;%MyR}v
7440tvz0|Q\.
n6;.4Q\t
jA=n/p9
vr~{UvvMSfvMt
M7O=2{
8wMt^sufvMt.Ntv 5WVymt
t=Q4V3tx=vuvM\t
M7j!suLyx}
8wMt^`Ptv6
suLyx}
8wMt^Ptv6
suL?*vMt
Mzqy:Lsu5^uL?*vMt
rzq;j'l
;%MyR}v
My:Ntv5H
vM=j'l
My:Ntv5
Mzqy:Lsu5
?(MtvnvMt
MlTqzq-
rA;n/p=T;)f?MyZCv
nA=n/p9
7=vuvM
;*,Qs$v$
fbQ;xL
5`z0a59/@u<\;x
8uLs^LGtv
=vsuL\v5s
rA;n/p=T;)v?MyZ-v
DtvMy:Ntv
M;*MDb
xQs$v 96,
tvM=.0
MjsuLH
=F-tL*=n
6suL;jQ;
suLE\L
C;F-ta
8wMt^0|tv
5`zTM74,uL;zqtvM>M
74l;QS
8wMt^su5quLjuvM
J-t_psu,=MtvMyzMtv6^ruLt
rA;n/p=T;)?MyZDv
tvM;x5L
;j.Ntvv88x;
tvMmL;Y5BL=>zqy:Lsu5
8uLs^Lsu?(MtvnvMt
be;n'p^\su<
t=StvM?
|8\:Cs
bUrLQ{6\G4
]=i=,yMt
?(MtvnvMt
]=i=,yMt
b;^|E;2h
;x/p=T;)?MyZqv54vM=2
8uLs^tv0Q\
MA=n/p9
8vMt^htv
b;^|E;2h
;x/p=T;)?MyZ=v5dvM=2
8uLs^tv4Q\
8vMt^tv
tvM?3vMt
b;^|E;2h
;x/p=T;)?MyZ
v5vM=2
8wMt^4
8vMt^tv
tvM?3vMt
rzq;n/p=T;)?MyZv5vM4t
;z=OM;x
8wMt^h
;x5lvM=j'l
bu;Y=2<=O
=vtvM\2jt=vsuL
vM?vnvMt
rzq;n/p=T;)@MyZv5
;z=OM;x
;x5vM=j'l
bu;Y=2<=O
=vtvM\rit=vsuL
vM?vnvMt
rzq;n/p=T;)@MyZMv5DvM4
8vMt^tv
tvM?3vMt
rzq;n/p=T;)@MyZ
8vMt^tv
tvM?3vMt
tvM;Y|
;QtvMy~Mtv
vMt=tvM;atvMyMtv
vMt=tvM
=OtvM;QtvM56~
s7yUtv
_@tv;j
tvM;Y|
;QtvMy~Mtv
vMt=tvM;atvMyMtv
vMt=tvM
=OtvM;QtvM56~
s7yUtv
;%MyRe~v0
jqQy:NtvL
;x5PvM58
=BzqlL;
=vsuL\
suL;Q?
rzq;n/p=T;)@MyZ=v5vM=2~;v%
vM=j'l
^D:tvfvMta\Nta?*vMt
rzq;n/p=T;)@MyZ-
v5vM=2~{;v%
vM=j'l
^T:tvfvMta\^ta?*vMt
;5vM?6
z6;x,^tv
a\nta?*vMt
A5`'l4NtvT
LVpt=B;17
^P2tv&z
t=vuvM\rt
=vsuL\
9Uyx]tv5lvM=
;YtvM;~
9?vnvMt
b*];j|
j6q5T;"\@UvMYsu0
Rtv/+v\7`vM
=vvvM\
88;xMtvyzMtvt|F`
H6q6k7F
tvM?3vMt
yMtv6suLyx
tv6ruL59/8w<Z
suLM;5
,=tvM;
tvM=.tV\>s
tLqiM]Ls
j;itvM;=Q$j;
tvMwM_
beyxQtv5]uLyt
Q;x5\uL?(MtvnvMt
beyxQtv5p]uLyt
Q;x5`\uL?(MtvnvMt
beyxQtv50]uLyt6`t/}
Q;x5 \uL?(MtvnvMt
beyxQtv5]uLytZt/
VsM;U;
Q;x5\uL?(MtvnvMt
q;Q)O;zqtvM
^L=Lxa\jt
A3nv/t.suL'=:suLk$,q.LtxQ\4s
wMt1Lsu
.suL?.z
q;Q)O;zqtvM
%;QyPtv
pMvGuL
q2~Ntxa\3s
v_yLsuQ\V
.suL;x5T\uL=L*suL?j
suL5\z
;Q;5txMuL;
tvMksuL^Q;Q;x5TvM74=
jqqO_?*vMt
q;QO;zqtvM}\L
%;QyPtv
pMvGuL
.suLpDq/:Mtxa\.1s
v_yLsuQ\
.suL;x5[uL=L*suL?j
suL5\z.z
;Q;5xMuL;
tvMlsuL^Q;
Q;x5vM74=
jqq]O_?*vMt
q;QO;zqtvMZL
%;QyPtv
pMvGuL
kq-Mtxa\0s
v_yLsuQ\
.suL;x5
YuL=L*suL?j
suL5\z&z
;Q;54xMuL;
tvMqsuL^Q;Q;x5
jqqO_?*vMt
q;QIO;zqtvM=XL
%;QyPtv
pMvGuL
.suLj!q,Mtxa\.s
v_yLsuQ\v
.suL;x5tWuL=L*suL?j
suL5\z
;Q;5xMuL;
tvMksuL^Q;Q;x5tvM74=
O_?*vMt
q;QO;zqtvMWL
%;QyPtv
pMvGuL
.suLptmq/Mtxa\N,s
v_yLsuQ\
.suL;x5VuL=L*suL?j
suL5\z.z
;Q;5xMuL;
tvMlsuL^Q;
jqq}O_?*vMt
O;zqtvMUL
%;QyPtv
pMvGuL
.suLm$lq-Mtxa\+s
v_yLsuQ\6
.suL;x54TuL=L*suL?j
suL5\z&z
;Q;5TxMuL;
tvMqsuL^Q;Q;x54vM74=
jqqO_?*vMt
q;QiO;zqtvM]SL
%;QyPtv
pMvGuL
q,Ntxa\
v_yLsuQ\
.suL;x5RuL=L*suL?j
suL5\z
;Q;5xMuL;
tvMksuL^Q;Q;x5vM74=
jqq=O_?*vMt
q;QO;zqtvMRL
%;QyPtv
pMvGuL
.suLplq/Mtxa\n's
v_yLsuQ\
.suL;x5QuL=L*suL?j
suL5\z.z
tvMlsuL^Q;
Q;x5vM74=
jqqO_?*vMt
q;Q)O;zqtvM
%;QyPtv
pMvGuL
.suLm4&q-Mtxa\&s
v_yLsuQ\Vt
.suL;x5TOuL=L*suL?j
suL5\z&z
;Q;5txMuL;
tvMqsuL^Q;Q;x5TvM74=
jqqO_B
rzq;j'l
;%MyR!~v
|]juvMqqy:Ntv5vM?6
8uLs^vsu
=vvvM\
tvM?3vMt
rzq;j'l
;%MyR5~v
]=~qqy:Ntv5(vM?6
suLQM;;
8uLs^(usu
=vvvM\B
tvM?3vMt
Y=~9;j
Y=~9;j
'ELBt
7=Q|k\As%
m|vM_W
tvMN1Qtv8/wMta
tvM?3vMt~r[
tvM?3vMt
6=95lsuLS
UytYt6
vM?(MtvnvMt
r;)@MyZ
nQ7Fy.Mtv*|L&
;*\7wMs
=2,Q&vnvMt
nY74]tvM=2
&=ZtvM_fvMtuZ
Zy,?*vMt
n]74?6
9(t=btvMU7=(suL=2
bz74^L$
^Ttv6suL;jQ\nt_nsu
^8tv4Q\t
70LsurxxQ;
tvMM="
4LsurxxQ;
tvMYM7ruL=*
v5lynQ&Y\'s=vvvM\(s_Isu&Y;
suLM;;
8uLs^prsu
8zMt^lsu6quL;
8{Mt^Hqsu?vnvMt
;%MyRi
O;Qy:Otv
^,tv01Lsu
=vsuL\~t
;58puL=*
8uLs^4psu
=vwvM\N
rzq;j'l
;%MyR}
X9t\>t
Qy:Ntv0Q\.t
;x5,vM=j'l
bu;Y5:N=>@~
=vsuL\t
;x5\ouL=2
8uLs^Xpsu
=vvvM\r
tvM?3vMt
rAmsuLzq;n/p=T;)AMyZ
Qy:Ntv0Q\Nt
;x5LvM=j'l
bu;Y5:N=>@~
=vsuL\
;x5|nuL=2
8uLs^xosu
=vvvM\
tvM?3vMt
r-yZ] v
nQ7jy.Mtv
;*\7wMs
=2,Q&vnvMt
nY74]tvM=2"C&=ZtvM_fvMtuZ
Zy,?*vMt
n]74?6
9(t=btvMU74(suL=2
bz74^L$
^tv6suL;jQ\{t_nsu
^tv4Q\
75LsurxxQ;
tvM!M="
/LsurxxQ;
tvMM7ruL=*
v5lynQ&Y\^!s=vvvM\b"s_Isu&Y;
suL)M;;
8zMt^su6quL;
8{Mt^lsu?vnvMt
M;^5$vM=2
j;QtvM;v
;YtvMyMtv|7-zqy:Qtv5vMy*Mtv
Q7=~?*vMt
8zMt7-zq
M;tvM=2
6lnvMt
;zqtvMy:Qtv5vM=2?vnvMt=QBtvMGi
Q\t=vxvMQ\nxtV
tv(t=vwvM.wMt
qzq)M]
8wMt^8}su
8xMt5NtvrxxQ\
bzq}.L
C;1M;^5vM=2
j;QtvM;v
;YtvMyMtv|7-zqy:Qtv5,vMy*Mtv
0U74~?*vMt
8zMt7-zqM;tvM=2#|llnvMt
;zqtvMy:Qtv5tvM=2?vnvMt=QBtvMGi
Q\nt=vxvMQ\vtV
Vz;z5<
tvMGL;
tv(t=vwvM3wMt
Ks;5CuL=2
8wMt^{su
8xMt1NtvrxxQ\f~t_su
MjuvMq\
?vnvMt
6\6AvM;
1Mt=vyvM]puvMq6Q;x5vM=2',
,J;tvM=2|
tvMlsuL6Q;
Q;x5HvMatv0
=zuxfN
vbzqeM=2~U5ovQ?(MtvnvMt
G?=2|aX="
vMt(==2(
tvMsTx
Fa`?*vMt
t=Q3tvMfi0
|74X=&^ltv/
Zzq}M]Ks
@E&Etv
w5lz\6vMnRBMtE
tv^(~su
8xMt^,
su6-ruL
MwtvM=
a2y:Qtv
zq=M[tvM=
WTsL?tvM=
8uLs^dsu
P;x=vuvMsF6quL;j=vtvM\
^T~su
^zqIM;
;L;x8L;8D=uYQy:PtvL]Ls
hqrL9|x
aJH;zq
iMXLQ=x
U;`6puL?vnvMt
U74h;j|
qquLyr]
?vnvMt
vMYy2-
iM;tvM=
Myu/tN
,MtvnvMt
&zJx64=
]=txQ\.
;tvM;5xM?
txvfvMt
ZqM=vBA;
xMt.Ntv
;tvM;x5xM=~
uYyxv5VuLy
Otv4Ntv&|(;
U;Q;x5
;tvM;x5$xM
{\8StL]tJs=Qk\/s_suwZu
=ZsuL\zt.suL=~
A3mv/t*suL'
.suL;8
;tvMksuL^Q;Q;x5
vM74#=
qqmO_5?*vMt
Y;j7uL
&suL;x'l
&suL=v
*suLvktvMyRtv7uL
%;z5puLyQtv
v&zLQ\2t
A3nv/t
suL&=:uvM3uLs5qzqM6
su,xa\rta59
>5lwnO&E
suLM:suN*su7uL
;x50vM=Ls
9GuL%;
pMvGuL
su<Qq\zHs
bQ?>'L
.suL=j<2AD.suL$w
suL3nv/t*sur
7uLu_su
xMt0Lsu
suL?.z
^vv6suLyPtv
suL5\zz
^tvrGuL
;Q;5xMuL
rzqyZ8v
tv00[tv=tvMw~r;UtvMyz
v(t=Q3tvM;z
Jy:Vtv5,[uL;Q=2
x/({r;zq"
MkuvMH~rqq;
MjuvMq;
tvM@L;
nzqjL:{
MjuvM?
M;UmXqq
-wMt|.mv
Mt.Ntv
,t|.qvz
UkXqzqy:Vtv5fuLxy6tv
t=vxvM\
t=v}vMq
q2/txY\b>s<R
MOR,Zt
t=vwvM\:t=v}vMj
q,/txa\v>s=v}vM-/t5Ntvz04-
U;5xduLy:Vtv
VM;Q=2
fL,wMtLj
Mqq;zq
My:Otv5@xMy:Vtv
;Q;5|buLy:Vtv
VM;Q;5DbuLy:Vtv
MmXqqzqdL;zq
tvM;Qy:Ntv
N.Nt|.uvz
Myx]v5`auL=2
v4Q\jt
;&nO&E
t=vtvM\*,sa
_M?*vMt
tvM;Y9q;zq
MmL;zq
?vnvMt
t?8?;zqTMjDq\
ta#?*vMt
bU)uL=.y
?(MtvnvMt
0Vpt=rD
y>:v5DvM=
tvM;tvMuL;%R
\&t=ZwvM
t4Ntv&z
%&Q;tvMAM
;x5vM=j'l
v5lynQ&
,MtvnvMtY;suLM
uL5nu=
{Mt^lRsu?(MtvnvMt
0Vpt=rD
y>-;v5vM=
tvM;tvM1sL;%R
\t=ZwvM
vL&Q;tvMM
vM=j'l
v5lynQ&
,MtvnvMtY;suLeM
uL5nu=
{Mt^Psu?(MtvnvMt
\^tv00[tv=tvMw~r;UtvMyz
v(t=Q3tvM;z
Jy:Vtv5NuL;Q=2
z;x5vM*
x/({r;zq"
MjuvMu~rqq;
tvM1M;
qq^L;zq
MkuvMq;
nqzqM]L:{
vMjuvM
v~r-wMt
M;UjXqq]L;
tvMjuvM3t
nqqzqU\L;
MtQ\3s<Rr
M,wMtU(
U;Qyxi
8zMt^\tv
V,t|.]vz
t.Ntv~
:M;t4]
t=vwvM\yt=v}vM.t.av
xa\1s=v}vM,wMt
q,/txY\1s=v}vM,wMt5E
M;t1v&~
^\su~r-wMt0
;tL;tC;t(;t
v~q,Ft&
nt=vvvM\t=v}vM
q3/txa\/s=v}vM-ft4Ntv~01
CCCCCCCCCCCCCC
AAAAAAAAAAAAAAAAAAAAA
AAAAAAAAA
AAAAAAAAAAAA
AAAAAA
CCCCCC
CCCCCC
?@FHIMZEMLLPQRQUXasyMYSY\Y]^o`gST[[\]^dreiclimilelrq}blinaququ~x_dcinoilhourvyz|ty~rvq}_^YZ]abeadkcvrvynaefiniilq}szpt}suvruy}yy{~
>BCSEINZTZQNSPUS\acbf]Y_WX[]Y\]YY^Wcjnehnbdqszv{bks}{|TZ]XYfbgjnkaov{sr{KMW[QUX^[`eafjnmut{bbeimzrq{y}pvvtrvy|y~
]CKEINDTEGLJ[NNRVV]RV\dahn`tNZ]Q^_agceidkox
r~yV[`finmppvr}mpusz}y}
VS_VERSION_INFO
StringFileInfo
040904E4
CompanyName
Microsoft Corporation
FileVersion
1.0.0.155
FileDescription
Mira Malware
InternalName
LegalCopyright
Microsoft Corporation
LegalTrademarks
OriginalFilename
ProductName
Mira Malware
ProductVersion
1.0.0.155
VarFileInfo
Translation

DNS

Name Response Post-Analysis Lookup
dns.msftncsi.com A 131.107.255.255 131.107.255.255
dns.msftncsi.com AAAA fd3e:4f5a:5b81::1 131.107.255.255

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 53179 224.0.0.252 5355
192.168.56.101 49642 224.0.0.252 5355
192.168.56.101 137 192.168.56.255 137
192.168.56.101 61714 114.114.114.114 53
192.168.56.101 56933 114.114.114.114 53
192.168.56.101 138 192.168.56.255 138

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.