1.3
低危
DACN
0.12
FACILE
1.00
IMCLNet
0.80
MFGraph
0.00
反病毒引擎
| 查杀引擎 | 查杀结果 | 查杀时间 | 查杀版本 |
|---|---|---|---|
| Alibaba | None | 20190527 | 0.3.0.5 |
| Avast | Win32:Picsys-B [Wrm] | 20200129 | 18.4.3895.0 |
| Baidu | Win32.Worm.Picsys.a | 20190318 | 1.0.0.2 |
| CrowdStrike | win/malicious_confidence_100% (D) | 20190702 | 1.0 |
| Kingsoft | None | 20200129 | 2013.8.14.323 |
| McAfee | W32/Picsys.worm.b | 20200129 | 6.0.6.653 |
| Tencent | Worm.Win32.Picsys.aab | 20200129 | 1.0.0.1 |
静态指标
动态指标
该二进制文件可能包含加密或压缩数据,表明使用了打包工具
(2 个事件)
| section | {'name': 'UPX1', 'virtual_address': '0x00055000', 'virtual_size': '0x0000e000', 'size_of_data': '0x0000d200', 'entropy': 7.894471213144544} | entropy | 7.894471213144544 | description | 发现高熵的节 | |||||||||
| entropy | 0.9813084112149533 | description | 此PE文件的整体熵值较高 | |||||||||||
可执行文件使用UPX压缩
(2 个事件)
| section | UPX0 | description | 节名称指示UPX | ||||||
| section | UPX1 | description | 节名称指示UPX | ||||||
网络通信
与未执行 DNS 查询的主机进行通信
(2 个事件)
| host | 114.114.114.114 | |||
| host | 8.8.8.8 | |||
文件已被 VirusTotal 上 64 个反病毒引擎识别为恶意
(50 out of 64 个事件)
| ALYac | Generic.Malware.G!hiddldprng.4A2FD3CB |
| APEX | Malicious |
| AVG | Win32:Picsys-B [Wrm] |
| Acronis | suspicious |
| Ad-Aware | Generic.Malware.G!hiddldprng.4A2FD3CB |
| AhnLab-V3 | Worm/Win32.Picsys.C116429 |
| Arcabit | Generic.Malware.G!hiddldprng.4A2FD3CB |
| Avast | Win32:Picsys-B [Wrm] |
| Avira | DR/Delphi.Gen |
| Baidu | Win32.Worm.Picsys.a |
| BitDefender | Generic.Malware.G!hiddldprng.4A2FD3CB |
| BitDefenderTheta | AI:Packer.B927EAE619 |
| CAT-QuickHeal | Worm.Picsys |
| CMC | P2P-Worm.Win32.Picsys!O |
| ClamAV | Win.Worm.Picsys-6804101-0 |
| Comodo | Worm.Win32.Picsys.B@1awl |
| CrowdStrike | win/malicious_confidence_100% (D) |
| Cybereason | malicious.a3f546 |
| Cylance | Unsafe |
| Cyren | W32/Picsys.FYLV-4646 |
| DrWeb | Win32.HLLW.Morpheus.2 |
| ESET-NOD32 | Win32/Picsys.B |
| Emsisoft | Generic.Malware.G!hiddldprng.4A2FD3CB (B) |
| Endgame | malicious (moderate confidence) |
| F-Prot | W32/Picsys.B |
| F-Secure | Dropper.DR/Delphi.Gen |
| FireEye | Generic.mg.1c2c78ca3f546833 |
| Fortinet | W32/Generic.AC.2C8E!tr |
| GData | Generic.Malware.G!hiddldprng.4A2FD3CB |
| Ikarus | P2P-Worm.Win32.Picsys.b |
| Invincea | heuristic |
| Jiangmin | I-Worm/P2P.Picsys |
| K7AntiVirus | Trojan ( 7000000f1 ) |
| K7GW | Trojan ( 7000000f1 ) |
| Kaspersky | P2P-Worm.Win32.Picsys.b |
| MAX | malware (ai score=81) |
| Malwarebytes | Worm.Small |
| MaxSecure | Trojan.Malware.300983.susgen |
| McAfee | W32/Picsys.worm.b |
| McAfee-GW-Edition | BehavesLike.Win32.Backdoor.mc |
| MicroWorld-eScan | Generic.Malware.G!hiddldprng.4A2FD3CB |
| Microsoft | Worm:Win32/Yoof.E |
| NANO-Antivirus | Trojan.Win32.Picsys.deaxpd |
| Panda | W32/Picsys.B |
| Qihoo-360 | HEUR/QVM11.1.E247.Malware.Gen |
| Rising | Worm.Picsys!1.C132 (RDMK:cmRtazroHe64Oz3y3WMSJF+PcC1S) |
| SUPERAntiSpyware | Trojan.Agent/Gen-SpyBot |
| Sangfor | Malware |
| SentinelOne | DFI - Malicious PE |
| Sophos | W32/PicSys-B |
二进制图像
288x288
224x224
192x192
160x160
128x128
96x96
64x64
32x32
运行截图
暂无运行截图
该样本运行过程中未生成截图
PE Compile Time
1992-06-20 06:22:17
PE Imphash
359d89624a26d1e756c3e9d6782d6eb0
Sections
| Name | Virtual Address | Virtual Size | Size of Raw Data | Entropy |
|---|---|---|---|---|
| UPX0 | 0x00001000 | 0x00054000 | 0x00000000 | 0.0 |
| UPX1 | 0x00055000 | 0x0000e000 | 0x0000d200 | 7.894471213144544 |
| .rsrc | 0x00063000 | 0x00001000 | 0x00000400 | 2.805690510271861 |
Resources
| Name | Offset | Size | Language | Sub-language | File type |
|---|---|---|---|---|---|
| RT_STRING | 0x0004d958 | 0x000002a0 | LANG_NEUTRAL | SUBLANG_NEUTRAL | None |
| RT_STRING | 0x0004d958 | 0x000002a0 | LANG_NEUTRAL | SUBLANG_NEUTRAL | None |
| RT_STRING | 0x0004d958 | 0x000002a0 | LANG_NEUTRAL | SUBLANG_NEUTRAL | None |
| RT_STRING | 0x0004d958 | 0x000002a0 | LANG_NEUTRAL | SUBLANG_NEUTRAL | None |
| RT_STRING | 0x0004d958 | 0x000002a0 | LANG_NEUTRAL | SUBLANG_NEUTRAL | None |
| RT_RCDATA | 0x0005f808 | 0x00000050 | LANG_NEUTRAL | SUBLANG_NEUTRAL | None |
| RT_RCDATA | 0x0005f808 | 0x00000050 | LANG_NEUTRAL | SUBLANG_NEUTRAL | None |
| RT_RCDATA | 0x0005f808 | 0x00000050 | LANG_NEUTRAL | SUBLANG_NEUTRAL | None |
Imports
Library advapi32.dll:
• 0x463264 RegOpenKeyA
Library oleaut32.dll:
• 0x46326c SysFreeString
Library user32.dll:
• 0x463274 CharNextA
L!This program must be run under Win32
StringX
TObject%HD
dA0,(dA
4Z]_Zts^2O
;aV{;t#
+WSXc;
t:s+An#4
y]Kni3;
vtPFHFML>5
+[:>GU
<HEx` 8S( @NC&
d2d"h'5
}7&-]S%
c3GJ/xr
%|JW6XJl7
+]rgbU
c;7~7+
M]H`T.
{ ,!tyT2
lDrp
+v6aH;=
pu,zPU`<
ppQp48fR
`?W[aB
Z t0t%&d
T,`.+T
~VT!t1|9
Tg)SjM.S
EP3GEk<f
:=^Nmu
mhLg`Z>{^\H
D(7Gnf
'v6#|@!
ZHQ69sk
`>k[f
ThhX+jdyfd[
e4heC=Br/
5#fF_o
i;{H1`
pz,wkT
G8XMoGK6
} t>-tb
+t_$WhyxtZXtU0'v/}
Dl){-i}p
~ExC[)A vl)#
*tA[ar L0
U"FY12[gl/Y@
k1OH}DDs%0
7.7@v:k
>7bxAz
&Dn2xHW
@aQYR@
b@"E@|oe@p+
-BkU'9p|B0<RB
M~QC/j\
Cv)/&D
dEJzEb
9;5Sc=
];Z T7aZ%]g']
R`%uYnb
4htm\M
>Uhi20d Ee/P3
k@2dYp
TOfpD+
ffG/)?f
OFTWARE\Borland\Delp~\RTL
FPUMaValue
Q.9jK8Q`-+IY
ujVt6Vv<qB~E!
fiYRjX
f}P6m/X^^
a;JBR5|
?GDhxP]Xp7P<O
R Z]vv
v).w k
Pba<tpa
(b]T5RN
{l%`_[=O
9Zd$,_
/'=t&u
nP5wFB
RnL]|th
4K0nx]
Ou^_>b'
&Q}+~C
`_xnpQ\DW
f*+8hu
LN+z.[+x
\`WBp-xX
t)~$Pt
}(Vx#g{
R4EZ7j1!R:
Z).C/-Rf;0
b9:;/_(U
oOEp@P7
JZX[$C
8t2SCn!mX#
-L:H@W[;h0tX-/X
+VO]tc
u%mxN9
1|n[nk
>udZd4Uf
XfA{JI'
TSBx4K"
{Zdu+PJ
m6V]{u
'b)[RR$.Mm
5d0M;{:Pf
u*b+]C
#zd8\+l
+HP)^@_Q\6?@YmVY&
\kernel32.dll?WGetLongPathNameA
";dWQaGwV
e{fd gq{
%yXhG!
Jw=LY/
jV4rajxtd
Qoft~c
wareQcales6V
SaX9.J4?4wA bJ
Rd|}@:
KM#y M@
fAP$#G@HP$
Exceptim
y$qEHeapZ
EOutOfMemJ2yK
EIn]Err[+
t\ApWp$WQ
k d(_ma
PEDivByZero
@RangeWF d(s$lInverflow4Tc,@^4T
yYe<UW<Um
_[d~PoinHV[
[Ca!CYsto[H
EAcssVlaE+`W`W] Prxle
tjlCklW
Fand(Y_,W /(Y
b=+lrr[j
2fPrv8[
@oSafecal
SysU"ls
Z#9A24
I0[ws=<
$OZY3t.ho3Xgf
G8VYch
-%_[KHWV
h})r.UR
x3MRPm
/0_t!F<U
KT?Q(L\
h `DmJDM(*X
R]mh.1
<%6Ju+E
}wQ_BMpZYN
MD<*t"<0r9w9i.
`vQp#M)p
[XOi-j
*"c;g}
mVO_ P+wD0E
9v%j#n
9uX^p{0M/^).
]n}n-:s
kZINFN
e%E9vI
*Ya_zHCTIt
Au.!nJys
J~T[YC
---7]su
<D*LmM
5r%{Vv
[]fm8S
| )A->
p4{j*8
d69}*3Q
(o`CDHX`YU!X"X<8C
c,_zKrXp$H
k^Y`#1~#2l
|pgA/p;~X\
V4M.9@0Yt
&+2]&\
R\=T8l_;",
O|rjEa0Q
8<L$H3pc*J
PP$O<=<o5C:a
H@faTAl$
Gsm]a_
|Xx'fr
ht(b-w,
dA1YS!
dU<HtHU3t7G#?#5(
7VZ36>[J.y
`NFnu+"
Aj0eVcdY
@Ut9@q
R"sxZ4urP
9RiPl@Ul=
"%MFW]
WhaJf<`
N(NhN|
@tCh*hTg
GG#2,Nu
pT/GRh+
}gxWe9i
Shl.GW
W}`5j:
oU#A6+Hu.jJL{
GIuS?~
>piX &hDzZt
[$4,@p
26%6 C!!
r l>#@
>'dso[C
m/d//Wm
-\pKh#~s
:~0VTwhD
kFreeSpaceExA
4i,H$8
ie4 i`pL
AA\|4s
44lN6D
|d3Hxxht pl
vN6'`\
9PL,ds
iN6,((l
30Y=S>
D@'d84(
o@Nkpr7
0xGWant to
o s a mawiv
cock in
tigh&littl-t*n's pu+y.mpg.pifmOO
C:k"o4
ocu7(sAomy=irape)+exe
5Vear-ld webc~
KSN# lay
t emuZk\PKm[P-Xr}Wm/g("^=K
pU]RH"n'2'jje- x
nu5sc}
noth b=
: vic"fpx
'.nikki]ova"
/`ugdib.{o@Ojob6
[kK1Sutr
-pk/6Vu?KY3BV M1
op*cbbVhZi3uckfL
@F3 gUf
Wbi[HanO
Btn9J8
vtuamad
<%6o(l
a13)#OLkK*MSN
YawfZh
#-_36^
r7&j7lg
=Pdhh4;
UffNwqkh8Rc
-%up>?
([Website2LM:fA
`1wtEUf
I*a*t`gd#x
CD KC_
x#ICQ[$#
kTA 3b5
~Gr"=fau^
_$D1C9
llGm]L
uicqV6
{/Mmt4\
Oi4v_XPee)
[c.s#c
S){]3^7!eoo\"
g(zip7%_
Fg)kBAIM
FZod%%
PS $q4'.erh
$4waoJx
kH s}b6
RBx3*
$,4CaM?$cIsa-%p
+C9aaR
w2ss;7KeaN
,JsiMI
(jkQm!)W)a!,eMi23
Mhv:3G{
hY/,!%
xp8 tH
L6.awbsVF *l
-S&P\Z\.t
<Hl'_7
Hc76T_E
8w~B<\
{h>g(:G]T*d=
H=%lhWH
h<T[ d';
j6,3&;
o%d6}ZHH
KHm0b8
!;E n2!|X
#0as{u}
PJl@CWSetup!j
Kazaa2
I`srPS7 7P2c\md
FK0345:3C1
sbmsM4
rt2s#6G4%CPp&nAsy
6789ABCDEF7
$4M,4<DLM4MT\dlt|4M44M
OOtiOP
<e4M`,
H4MhMt
0M4MHX
@ix3Nc0NM
N63/;MAz
NNN4H4}{u3
NNu' g
<<{3kM{r;
T?b},[N
tq7d`g3
^A-ggp
JOn+a[iF}0
g;utti`
u]>iK
;uc]yx
Ax90gnl3ci
Eb]wsup
}tKk-aCe}
nllcysGv}l)Ye
r)ol-]pmut'
Ldoipb
_tk'\w1vOl
%h{<H]tP
m /mug/$
WQbwh=^A
?JYWFw"&@ sCp
wIfayIg
?w f-a
?{K1wz/
Rgchs%
L! /Thisgram must be run
der Win3[/
$7CPEL
6CODE/$b
}~`DATA
dj.idat>
'@ltls5
MvP'eloc0
dA<84dA
qJ~ppk
NTJ(c&
o,;C^I
/'9=52g'
X?"TB~!cO>A
K%MGNI
c *y
Q`ce(%/8}$`9
AHw_p7
4* 3Q-
B~YSolLiyW1
,9? W]
DNK7 J>
+y|$)|J~
;I68@w
fP(0I&cA
;D]usR@B
@(8VAA/
y|B2<@~
2&fK#^OY
/~ /H3FVAAB
Ppv'epn7U
neH91B>a
2*p_|(X
4 y%@
9(_P'<v
$NTP$\
]l ^ Vn
@KWr((_
u'|YK~J/Pw$6
G+B{F$9]ahikWD
l,t"+8A
8;v'1#`
8w~';1H
[ t>@1SOW GX
@>%7*(p#T !@
?O!O>H>
eW|TPf[
!ddl@2C~ts@>\APHGIo@8K|C
(8m9 o6V6
{ +nAPGo
]A[:o{
?|NB<o
rr`\XT
2 PLH2 D@<
2,($&3
E]$SQRXN
2tplhr"E
J|dYg~
@H]!8E
|{Ep>GHa
TDC.8?
+>;3'4$Aoy
t?f`w&?z
J :n@E
%cH5i&#
*U6[;f
Ur+fJv
F0lc!n
32$O6tONGv kN
!Z{XF
|gV,wc'
FMF)zt
g(6a!L<
*.*#1q
P{hz)DX k5
^A_]F<)L
_b k0Bf
U4 vI:g1X
SaC6$S
<6$Z'ZO
"HX@*-i"J>6H 1YhHY
@HtJU'|h
/\F"N
M~- H[
scAMgH
FCu'k=PIj
d9B9UF
_z[A6 l[
g$C"OEm
P2dwiL
y%j}gE8
Pfv&gdv[
U|g 0[
Y0c('D3r
nJfC[0phe
v: 1.31
S type
#3.1 +@
xN.{98
direq&kctRy
B.;UNa9
[ (Siz{
s@B4h[BdC
(9RK{V
;X Pm }
/yZK;";f7H6&
L-hC6`
1+xZ$\':s
R8'fFg3Jk<g &
j.<9i|
glf *HS
c#.EfE
tV <<Q[
GET /cgi-b/w.
F HTTP/bV4~O8SHost*~.s-Agen
LynxTx/7.5fwlibw
a }O{nT
j[*2VK
:$N<e9)hd[
I5(eS3UGH
60GSt!P}
-Dh=6r{
=l9'Thf
Ag"H6/
@ Df$q7f
<DGV_J]BN][
AJ[{jV
!qKkiI
Y?)!Ia
g3;p`qr?'6'c1
='J#Ks3
Irem9+
-"ht2SL
{Pk<>l
wNK}d#
1?=vFx
$K;4 7< 2
Z+9aNRw
rmRC:S
H6<</E
PmaVx!
$e5E]0
Sj?Wh<3
Mr]t[e}7<+8Il4
(KP~KERNELo^
DLLRegis*MTicePro#(E
0xFF0B/nL3
7\mZexcw_/krn
("xmovj
N-ROMoJ
\!Y^&lf|
*i8HTbxii4
".JM4M\lxM4
M4M"8J^n~4M4t
RdvM4M66
|KeCriYcalSebE
Ale/Ysi
oOGkTh
lA-S[p~foA
'L!_*OG
_Comm#Lin:
brdymh/
{T6?nhI
E-Of<At2+l@wi
$$[haDeQ
&_dHk[G
yvmTGBp
C[He4hu35Ke
d9MageBoxk7b9r2xt
-AJpi9Q>
uJybE,
o{aut?2"
N(6"ufB
ofsourcqu4M`Mp =6#
L<;@ f
qR2pH{;
nsl.-
`Rcu6ln4Ak
k$WSACn&
AsyncS
-Fcv|4n_
jel+z'
r7vw1oh
dndcJbiIj
$UTz:.1
:MZ<Tm
o ol7Rich'
.t;J '
8%|Sn'`T+U?
<Fh7YE
f~3*UN&
4xP39FTU
_~-}$0%
*7C[*Vj
=&R%-I
G8@(II
]w<Vs+
zW^1^,2
ZXSv,WMF
Y?~t;3w,9YFj
^Vn4(~
V jp*u_h
yBUCWMw43.'Un
NM@6$MS
,('q9j ~
6'j/z7s
U=?)`lEmhwi
>>5^T`
<+%2Dwz}
@UyFYlK,l;)
tq_ uYN"
meE/Ao
h(@#TWn&Nl
.`bGwD@'/-3pDGD
pBA%v
l~8P4Y#7#4
u4fW)Ma&
/Zp~[w?
#CtH5.2
Al}y8yxJu$n
Y^(p'N2;O}
A|HsX*
akL(x.1$ G~
Ft0iK+
vE-N4=]}
+NV@HXl
F@G>DbBl
3j>B"J0pa
AmGjW[D
soxr-^t
4[G}1^9
;5lDw!qlu
h@7j'W
_w6#F!G?4]w_
D<4U5M,$
4MAK5Mt!.
|VK |K
EZ[4M]
UqB7*f_d
x*r_ *p
~~3-nr2J_
x8t68t't
-wN:B7
kVngni
j8Kpvf
SU*.~
a$5"s^h
CW::wh(
9M}wBVe
CH;rWE_Y@yS
3T5BKQ9
wSUH(Zn
xf/V[X
^;^}%95L~
X#xwQ!e
sMFG@3
y?Vct, ZH
AKLTG%t
jvxxd;*d%
rXi>\8
WY_6]`f7W
DVM[]$
u+u!9$
?{A_/@B[
n@>;vb
LRIJo,g
g,QC 2?=
uY$js{
to[p[`
/<heUV
kV\XMvLQWu
?$s~^;
E0\34*
WGTC|N$T
AqOC7iZv0@
(Bw<GwH
)OI;\+5^q\9@
NY>_Iz,_; S$ >!\
YeNKYKY
YK6\3x
l!OGZs
u(!!Nv
%vywqm
.+au{X
l=jKYKK\$
ayAX2N
{aa)"t
2Pntll
(08@rDdP=
wv(nl+
FWW>^FGShH0
8-[gtfa!.YWM
(h d(6Pq
* B^6I
9ffzk'
WtgB>+sQF
[U[Du|
He3 G&
xUo!H;
My HHt
Nf+m f
D<2^)Z
tH|u.g:*u
.]'<+/
g0=lH!
=R[pa
:cA=tV!
'a[E{[
90n:W$@
CGPCA51
'A^fp4.B
K8u]1&<
u6?Ksm|
;Z21Y+
~PKgd{d9#=
yuFX^=
C~N=>=9.=
vXQXY_
f,92nt
GUtJAy,
pPjh|J5
,.$t(4vBq
hcEmTR'
VC20XC00!
%V3x<%!nd
"}Y]65
I"UU{c
a/'$PV5
j{(kHZ
6p o7I
@"t)%A{
"\3@D,
7I!-p`C&33u
%!<} \
d'\g\3
VSt2:Lt<m_`Ht
8X-``;m
Q|xm9=g}VL
hl,AX&k0'
V@VU!u,
M4MT\dltB
S,AAK
KhVtc<@
iJD.WS
BDZlA0
Q)2) uf
gWQOSM
;NQ=#Qr
s@D:*D
k-[jZm
CA8Lpm
\ur#Q9B/
V+;as)
, @-,t
^UYA%oI
p6,63n
D AQ;vKp,|
V:|{&.`
2QI8Cr*h`E
8PbE[1
g]Sp*O
NL`^2o*nPn
tt0B=LG
(J1Vw!;
p`Y 5u
%JG@VO
\P_k;P
R@y~G>E
+CU|Si
aAV;Pp
|7SWU[Z
BY_[jh{]
VVI&X#
Q7 LJ
'G8t,A<
`m8`xw
w0QYlK
Q<)3HP
97t2Jm
{Cy4l,AS:,l?
<E=DZ#
|)(#|}
G;[|^qBAOO"
.Jv])^,
Z)P,Su7f
.D7$A"
_Y(aPY
4OJ;pF;s|,"9
7EKVl[
\`}p:|#Q9?Bd
$"Dh 0
x @LXiili
*8FTb4M4~ie
,BiRb~i
(mi6HTfx{4M
50 (8PX70
)(null
TLOSS
v- K|XP
A~ugh s
std5Z,pur+v3V
b(_4_*kex\/X
_N19opeX1s
+[k8F$ed
+m!ck/
Z!rm{!<
AF*+0.+8
argu(s_02
=fnngf
C++ T38fMO
\E=Pklwn>
, MD45
AD1^emb+Nov
neAilp'
g_W{{SKGC7yC?K;3#
{C;7/'# s
&s.-s9
./wwp@\v{p
WSOCK}@@
MjPabe
D5lqaw!q!
W.e/ToMd By
qFFP<7Z
@91OEM
sh[Buff:a!
%7d^y A D*3z>"J
J/html
f/ls,>:</
xnn'%s'1{n
.#r.(5_
-?a404 N-sl+x9n
*'kRZh"U
7200@_l
yI /2..02;4
.:t+ps://
AC6`P3R
4M7m p
Kj@$@
^_r+_j291~tY|@v4
04M,($
xpdi\PD@<
uw.`WYw
'X/cp(c
kST[PD,]?
bT 6XsH
'`e=O!@_s.hImpla[Y4
cpxBB|"ase=C;Z rtye
[CLS:C
[dD9cDLG:IDD_CHOEPA
U.S.))1
=VC_TY.D,butt%,134#2373892FILE$
1772%J3`I
PWD1@D )
p?] E#
9dHb: /
WhE;Qa@W_I
WE{d}"
w 1]n_[
hZ\8fgsj
fvZwQmZ
_ *0M2[{
Blh'?*[f;g
PHV'v^c
H*w*|W
D$^H0j
;o:)V="8
$|hd2A
UJ[( C
Ov+:k=owEp
2 x|2
Ie+rlp
BE?42/tc
(ud$CSwhoisQ3]EicHu
@%',RE53`l@
a@Le![iEi
E@ud;H.mte7
7boo:67]![8,*
'9rje7ne
fe;g$9
k?8YTY*$
ul_port
+C en
Dd:%u2
%j{(sOVcx
)='ID/X*,
E[hk*!l-Z<-a\lf9\
sf[()G6e!a
ov *5lb-
&ye520oN<
%cGr%n>30rpc!nfenLf!1chEe
Mvd-cD"AMIT
3JI&wskQI&2
0Cc&wK&3v--rgy7Fc
>P^niixi]i
4Mt/4T
4M(0:DT
+*Y#++K0t
UA|_sX
emcpy5
1109FPDs
2`9WI142a
Rpsy08
)d5:-#V
ad3/!Ey
(^lR> a
varcDH
ePJZF`
o`Q^Ddsao4
KERNEL32.DLL
advapi32.dll
oleaut32.dll
user32.dll
LoadLibraryA
GetProcAddress
ExitProcess
RegOpenKeyA
SysFreeString
CharNextA
tYTGn\*
_W6Vo\O
g0h ,L=<h
7V@;W$H
%X%jC/'O
{E9v)dM-f z={DW"qK
tGp^WCF/hP\v
#VG[?<PhVIfNn#M^
wgSAP#"Rly
8QR|YQ2<=:
fk we~
q2)g(EI2fzj
NI][l-]Id2
sY^P(&Wedq
h1ciWT
f*_:' 8
9w0ld H
Zpnk[E<<b ,
=J7y0q
95@5n+&vD
PwR.S4S}N{vZD
t H'~,Iy!C
!Vc~-CCN
gaxKeR
* L/ +Tky
Yw,NB
0N*7-+gjw{
1;"ux'Ry
3~uU35
SXp\6"vV&0F2^`HQay
P k~J|~4<
T^:Dt6
=rrk*:3#R@[P
|2ymD]{,>"8={YA\
KkI>>Qa
b$3E`BVmj.R(
oC*KE{)e4
s6*b,hgb
X^Nl(r*kLr~]
=`}~dD
IawoXS*ZFr^q>
tC!;Jb3]:R~Isr9
(Z8i/V
|EB7]z3Q.
gd\jwR
VJJo&L$~%a
{yU25-
- F'l24F(>
QYFQ62
dmS#rs
R_+Ggq-
f.\LH:(
<[4ZVP
%BLc y
5r!#a5XB
r=$D9
$eD6=Q&i
..NSR2_s
C.JBO<xAB?
Cd=muE
|6G;|2
&M<d83*g
]5?}PV=O
rN@^2cjz
c$w&(v
gCj>]P5
--LmK+/
(?$'St
R0S h#)k
YYH \o
@ Q1N7-:AgG_+
p/1)K|)NKa
R'C5lT\ M
y\yXIPN/)
:,;c#A&
<mU0S)?Tc%9jLB*Yl}ZYSb
86@[`v
<f/:QV|
t8 wwJ
_i=j5c
gmhwyW&
ZHr{'"
V+`xz`>6
'^e2u
Y@tN+MGPI|
L Qame
v9@~'o
YojQO}"
>\^~reo
+`BR.Q$zm Ywc
R? ];C|{/
`K(*m7-5}v`9
bTP!JY(
\kP)V6f7Fs
M6,7tp
F@dX -
_B38BS/NbD1V5
mu&Nw_
Citf;,
si{Ie?)7X!cn
3kW:>{9-,UPaX<l-B}^
[&Gn%<p
0Nf)5/
B0vc0H
hTqN*'C?^h"%@*L&
S9/.-4
e]Or2WT
Mft1aF>k
uTQ&l5
9)Jg+QW4Ih>XQ<F
>GiB%(m
]T. |;
^7K >`"n->h&
STTF5R
:L}{U+#
\DS:QA,o
=6$9g,Bl
Zi:P6-i
;~C7P}W
)K=7AS|(-Xz$
9a$V6S.L^[J
m:.c5B
T8PLsm1)un-
4Wtb#Xu}/gr'(
X{56YQ
z?)X!
Ns_S\@y
/= f<w
<qmtN4>
+5RBn[O@
eL;yRIDSUB
AD$c\z
y[46PF0
WUcGA^es
8`J;t_ Tt
5Un `pQlI0c
N U&R0q
b@-%57
>v(29|@Om]
i0pt;W
7M9VU[57e
)7W`:_F89Sn
szk&Oc5
m(sBBd?w(06 +
@"$Zd?$J^
`\b2SnB
!p1rqMei+u;Z
ZcM&m4
h UJ,_
GU_1+2
|GB%hl+N
Z|3PP0w[i
Pf'dhoJ{-
[Zc6X)
rk,3lT
gnI Z
$[B]4)g
/n|lB]'EJE$OJpnKK
OLYDiqloD
{K;u0q0.
bIA/v|<
$tC3MQ4
nW5G;V|?E
Bcn{:!
>@*3N2d>HER&
&Z0,B:
H1S7OMu
2+[b!Yi1X
.C|Zzy
0mJUIQW
S[gpqbsxj
Lq?1ic46k\4C5a1}l}
WNkiJY
L)"T}U1'c
/ZLm7;
L\NW 6
Q)\RJ?d
4]stvs(B/
Tbpan&A)m&65
W}N)-xo!
UZJu-Rb
_iZH4Q5@!
6T|PA=>^*5P6Mf5
;sHdlK<&|y
V7,xGM
4uHFX]D
!#Vc7$ohhD
O5hD|>]@0],
;m8wjSNR
*,FROX
t@pfdp7O0K
mDUv!
'qaeK=w5d
(e.%<Q
Whd0ucO
2Zlz't
va\/I;#Z
'e)LSIi
ZCmb(q)
|*aaal
_NK_*D :
I8,HF;n
%]jM:/
q=Ro e1
+Vd17<Z
-#)c\^
n?S#ek<
tPX7g9^~st!]
5k6jdzs $
^@Bo2K
HQ)j#W
`mW>w|
x2Y\{xj@
nQ]#k^
E!c'Wjcf>
7;ERKYL
(;>lo/
J'VO>{3
S/H^p,D{
f{djWO
m""O}6
9h(=X4^
^!,>*#gwPyc,
0[5[1ecu7Ha
mn}k6?
Y^[\Agqw:t('
U}nwf9CJs:N~R
TZ1A\(gSb8YK>a(e
E|Ts%T
Wq}gza
ovs/Oh|
'n<7#`
g{[\u~v}5P_
mR(2H<3>N]Y4ky2t
bCI}.p<Q)
RCc@K(I\rImS
>d5fEc7y7i
:^qK7CH[
h_pQ'6kS<
C0.&^=KU
?pITolC
7ly<l$+
Q=|&W4gd
$zqk7V|oMa?l/
W|&*X"_
"d[x@[.
4^zS|t=_@/d+_{h
s43yJA
QMki`kMxB!
[uuy\|&8S
(wV4{qnt
3{GToQzc,
I>JvdbT9Z"
9AjZ3b
YL'<Fjs
=pm@h):l
8$XSf=/CqG4'"
~&BZIb
W^`EXGn_
!sl;d!
_c*FU<)}
3h]u<<d
!&WOV2
x%2[r}'+ =P@
&=k;VM;
6Sh:|n*y
Vnl^;}
G+QD&2O?
u:?Q*+x=$4@a<
uTfg%ilM
{3<mBhG*A@E/zt
C#1h L
mcW!=s
.~uqbR
ICi-#9Z
KZ4)]f dr"GJzBLO,]\l,&e^<
h{D K`u
s@\|_\p
/r<E[_
UJb/J5<Uo )@L{Wzk
1gi1Pro9u5
'd~|4kC,
_}5FJk?
gx-\18ZH
g-uWBMo
7a9WaU/
1l*!g#
X2{Z)gDA%<DoI\&
N`f}R.
YlT.C?.
{5.Q~<
][z>fy
^(W+b&
:Hj0]O
dejL!D,
e~`_y:vI6
"[ &a*6a\
=HSk%v*
/8]aTMf5[WU5
!bJ3RZk
-&K^\?
EQqhzP
UHsN&WJPls
M:kl}RJq{l-E
|S*vRO
aScHv@s?
RH1Vt+Z
:gVX+s
u3)hg8
rj}X7Q?3rk~cP
*nfu]KY4
fmX: (0
4F3@]-
7c'=^[`=
v"*A@7
{e o&>
o=v6uznb
+HUOpO`
U7HW1FogE/>
6$d4qYt
g;:h7I%x3wE
$C\Vl_ptu
g]G[mLq<vri
b4'A( .9W
. }l,kLx
Pnuq#[C~#0IH$"Iw
&4`-*q<AfH$:Cb2i
Jpp3x$Dj6
[[p[gn1ZO382z
"KUO/+=
Q+qp0hB
~-UMx!6
dG:Q28
=_8N]]UgO>
*Qa5EI
16/s^1
TQ,5r!j
1,&0YYb
C4&sV"
pvr3tk
-[H>8h
CYuC6K
"( L@f3gJM
l_QBGeq
'sW#yQ0l#
+qmtFL62s?>
iA^]V5
tDX|w#IL
@kUeYB75u2
.V<GVE
;/L5EPi1b p
{7|wSLMg0a
e- j2?
hhU{hSjhA"
L6Xqjh
nYpfhL
Wbd`Z^\i
$|;f.s4Ofb
,#Ox<7\}R
Z_I7E lD\j
Ln4}^/
*v`_x F
Sm,qX1V~
QEA76y
yF,YkH~v
4[T2dx
$~~\uht
\8!)Ve
K= |8&
wcO((T;f
_i,+:~DGm>KB
0Hs#'=|v~xL
fJeTS{
H@9.#]
vX-ypy>
2F<iG\$o8}s,5
uWg,Cm
vZ!4Mh9
$"JYz6
03l%NI
>lP1L*AMux
4z}'t()@S%fPC
I,gPhvnT
J8K 1lb8d
2B7m_5os
*XFXlf
t0aH3\
~):a2\:2;-
[PyRL7
SGp$j1!
K)pCn
`_uo+zqT7
ETnAAy_IXXU
q&nN-A
`Ts'Zon
tBu$\'
zxP<~O
5V6BuK%d
(LV&\LLb
mNd*\H`+5*Fm
G3Y$@`Fv+C|
(#tf$y
G;{,y
3mOo7QkgA5'>td{S<
&-hZdy
J 2Csds2+A
c P_rI8
N8o64C
*XWwYE
KsvT r
{7h!,7kBLzP.
N9^Wf'!
pq/}6Pp
_MK!aH7C
(Bjw4Ss]jXzX
UrOyrW6
}y=Sx4y_p
ub\"P4
C,U"`e
<XBC&?
S{}x6~df%
xxv}G-~+:
b2@2@b
{Su"Pc}Q% n
O,wo0z#r
Y7v-Y#w
qLdN8|{BvHG
A90.gI^Qq)
D#ex*IZ
BtRU~;w
U@jsB0M6~Bg_7aI
?a6J$ak?d
.=?K%_=B_
NI\.K"(y>p@
NoE`YD
5Q7>npP^LhK)
^-`g=}J'
H%<V^jje
v)k**k%b
*JU+5^t
'@I6&g
m):FMK`hbdVL
kMt[KvkTtVc
Wo^YBj
4|u~FY@Xw
I#7$I>E
]1P]yyH{UP4
(kSy"i>I}#U
rN2vY4%fqS;%<% wpY
qc_sS&
>?#eC_
rQZy
jL~ztts}':G
8A]&E*
u\J$<
%mt-^@4,dk
-n`f#z
.;iN<=
mPQ0Y>e}
g+?IBspo
m.?_MkTPOZ|
\@E`5o
#Bq\?.Nb[5
C<7;KR
+zD]r|@RN7P*
QTD9Zs
}*d;+;0
=S4xuu
DYS|8t,Oa
*aJ2Z4]cq]8Mbh
"Z3ba4k[}r
GQh4bs
>q?I[^
X-M]#z
Wcf!@:
.2G'j@
!72Yb[
OUfN"|4
?4,52UC
#NY@11e
{|I1/):Ep"/Y
Q6K# ]#g[z
^9>HZd
`J;#rD}56b
dFma(a
JZ]HZb
xo3"oE4T)bG
/*pC,OQ
~Fz5hpTv
B19gIw-
`+6((Qa5gz]G9P
KiC5MOZ&
oO]} T5qOr
pYnkE\
G^a<z*
S,A87*d6
!w}flU&
*}^slZ5?Kq/fuGBH1ida
b_3@Fo-
OW'KC6K.N
8/(nS-U_c
b(kE4Q..
]o&\]]"S
B]Z;Lwko
0[zs!T_
^joPG ab
\}N&mCB
GZAPA&|
m=c??j/lUvQ
<Le)%M[A&z M
dO-RELI&^I
wlt/71
}gy"2AYeNrW?r%b
uL?A/;*
*1o>Jb_^t4wj
-*9/2JIW#LhU1?^
nS$SYcY`o
T~6*+)[
sG]vph|l5
:Y3qS
HvB[xs<
Zj~zdU o#WR%jy
U##8(]^
xEk<Hoe?*S"
zj*2Mc#i
;u oa[eh
RVhWV"#R64NLy};
~#;nUZj%G
z/}X)?}
4xK cb8=<6X
|LJ*zr
z6Rk}+;WTf<
SQ``8Oj
.i41J0
K2G|F
}gob =I
InAwlP
_j%t h
=w@;-'q
J fpg?
VCR,Y3
oInj@FOU^
.~`Uxp
g'^p;U?~
V#,D%n
APXG4K
6V)4bx)`^!Q:
fSF&+5 U
d3/H'IT{
cKD)?KOgpK2-++
Tcz=0
N)T,<^|id
KT-YwaQEu h%_
l-y"e5
^#&X F8 ~
$!;_=u
R0p4._
!1 t;$
!b8m46
(>]^=WDZ]s
c_>2s.
NBY`%7I
=\m3-!'7
Kd_/nk
Ylf90''$
4Z VcX}
^{Bpu
cE+^T[S
dcnK$}X`h$a8&@
5~@RIU-
eq(F$Yf&&
<<E9jooL%F
'$eTwk`
y4#=/LG
BB2rsN#
WMM+9FQ>
QXI]Kx8$g
l%.6I-
Zfem[J$bU
g#+-MN;JE
]7;AJru
XlxG^iH[
?96,go
8p~3&5aRN9Fr,
tx8@<fI{qU< E3
l1/n-d
kGltU]\djuN
[u}.5(
*T%skA,h+39V.
H<9UQ7
,h7lTqHB2
>2L1_#^
$'rDd`
.?X(M{v8
:;y;XiqJ)/
ctrakF
ae[?2z
\?T[so2VHO}V-{$S
.,Dgmm`R
1]5Aw;lM
eQkMJI</G+SZTG<S,BL]>,Y;
w1vIqD71
M?^#O$kIs@
q$JT #8eH!tr0U
b) o{wz#ltZ
M!R<(<OKlXS1XT
'7V;cV
<X90h>+o{
fV\F1[
g`/pE%Ry$n
EBT2kD<
= )L{u5
x=I.`vaWAI
SVHm%J@
i~b2y;MrL\(\O
**/-L}
R<?3=-^
+xWFOz-:)
P3/+ LJ/;A<
_t/2('ra
D�V�C�L�A�L�
P�A�C�K�A�G�E�I�N�F�O�
Hosts
| IP |
|---|
| 114.114.114.114 |
| 8.8.8.8 |
DNS
| Name | Response | Post-Analysis Lookup |
|---|---|---|
| dns.msftncsi.com | A 131.107.255.255 | 131.107.255.255 |
| dns.msftncsi.com | 131.107.255.255 |
TCP
No TCP connections recorded.
UDP
| Source | Source Port | Destination | Destination Port |
|---|---|---|---|
| 192.168.56.101 | 53179 | 224.0.0.252 | 5355 |
| 192.168.56.101 | 49642 | 224.0.0.252 | 5355 |
| 192.168.56.101 | 137 | 192.168.56.255 | 137 |
| 192.168.56.101 | 61714 | 114.114.114.114 | 53 |
| 192.168.56.101 | 61714 | 8.8.8.8 | 53 |
| 192.168.56.101 | 56933 | 8.8.8.8 | 53 |
| 192.168.56.101 | 138 | 192.168.56.255 | 138 |
| 192.168.56.101 | 58485 | 114.114.114.114 | 53 |
| 192.168.56.101 | 58485 | 8.8.8.8 | 53 |
HTTP & HTTPS Requests
No HTTP requests performed.
ICMP traffic
No ICMP traffic performed.
IRC traffic
No IRC requests performed.
Suricata Alerts
No Suricata Alerts
Suricata TLS
No Suricata TLS
Snort Alerts
No Snort Alerts
Sorry! No dropped files.
Sorry! No dropped buffers.