0.9
低危
65 个模型检测该样本为恶意!
重新分析
更多

17fb225a07a82c5294e6a461a48d1e6e997d1943ad24e97c7071a6e5aebfc114

17fb225a07a82c5294e6a461a48d1e6e997d1943ad24e97c7071a6e5aebfc114.exe

分析耗时

192s

最近分析

369天前

文件大小

259.6KB
静态报毒 动态报毒 CVE FAMILY METATYPE PLATFORM TYPE UNKNOWN WIN32 TROJAN WORM MIRA
鹰眼引擎
DACN 0.12
FACILE 1.00
IMCLNet 0.78
MFGraph 0.00
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
Alibaba None 20190527 0.3.0.5
Avast Win32:WormX-gen [Wrm] 20200512 18.4.3895.0
Baidu Win32.Worm.Mira.a 20190318 1.0.0.2
CrowdStrike win/malicious_confidence_100% (D) 20190702 1.0
Kingsoft None 20200512 2013.8.14.323
McAfee GenericRXEP-DP!44F4EA0DCFC0 20200512 6.0.6.653
Tencent Worm.Win32.Mira.b 20200512 1.0.0.1
静态指标
行为判定
动态指标
网络通信
与未执行 DNS 查询的主机进行通信 (1 个事件)
host 114.114.114.114
文件已被 VirusTotal 上 65 个反病毒引擎识别为恶意 (50 out of 65 个事件)
ALYac Trojan.GenericKD.31022722
APEX Malicious
AVG Win32:WormX-gen [Wrm]
Acronis suspicious
Ad-Aware Trojan.GenericKD.31022722
AhnLab-V3 Trojan/Win32.Symmi.R126369
Antiy-AVL Trojan/Win32.Agent.ahruw
Arcabit Trojan.Generic.D1D95E82
Avast Win32:WormX-gen [Wrm]
Avira TR/Crypt.XPACK.Gen7
Baidu Win32.Worm.Mira.a
BitDefender Trojan.GenericKD.31022722
BitDefenderTheta Gen:NN.ZexaF.34108.quX@amPbGf
Bkav W32.FamVT.MiraHQc.Trojan
CAT-QuickHeal Trojan.Beaugrit.A5
CMC Trojan.Win32.Agent!O
ClamAV Win.Malware.Mira-6717565-0
Comodo Worm.Win32.Mira.AA@59ticr
CrowdStrike win/malicious_confidence_100% (D)
Cybereason malicious.dcfc0e
Cylance Unsafe
Cyren W32/A-2db89a8d!Eldorado
DrWeb Trojan.MulDrop5.38532
ESET-NOD32 Win32/Mira.A
Emsisoft Trojan.GenericKD.31022722 (B)
Endgame malicious (high confidence)
F-Prot W32/A-2db89a8d!Eldorado
F-Secure Trojan.TR/Crypt.XPACK.Gen7
FireEye Generic.mg.44f4ea0dcfc0e12d
Fortinet W32/Mira.9C5!tr
GData Win32.Trojan.Mira.B
Ikarus Trojan.Generic36.IQA
Invincea heuristic
Jiangmin Trojan/Agent.ifmg
K7AntiVirus Trojan ( 004ee7aa1 )
K7GW Trojan ( 004993691 )
Kaspersky Trojan.Win32.Agent.nezvfi
MAX malware (ai score=85)
Malwarebytes Worm.Mira
McAfee GenericRXEP-DP!44F4EA0DCFC0
McAfee-GW-Edition BehavesLike.Win32.Generic.dh
MicroWorld-eScan Trojan.GenericKD.31022722
Microsoft Worm:Win32/Mira!rfn
NANO-Antivirus Trojan.Win32.Agent.cwujnu
Panda Trj/Agent.JIQ
Qihoo-360 HEUR/QVM01.1.2B4A.Malware.Gen
Rising Worm.Win32.Mira.a (RDMK:cmRtazpSAa2waOJTGgaDhgk22W1j)
SUPERAntiSpyware Trojan.Agent/Gen-Mira
Sangfor Malware
SentinelOne DFI - Malicious PE
可视化分析
二进制图像
数据导入图像 288x288
数据导入图像 224x224
数据导入图像 192x192
数据导入图像 160x160
数据导入图像 128x128
数据导入图像 96x96
数据导入图像 64x64
数据导入图像 32x32
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

2014-02-27 14:14:01

PE Imphash

044fa07aef4575da982ff3317702d6b1

Sections

Name Virtual Address Virtual Size Size of Raw Data Entropy
.text 0x00001000 0x0003c368 0x0003c400 6.094672817523075
.data 0x0003e000 0x00000240 0x00000400 0.7468479306269834
.rdata 0x0003f000 0x00002528 0x00002600 5.030897549132202
.bss 0x00042000 0x00004700 0x00000000 0.0
.idata 0x00047000 0x00000960 0x00000a00 4.603326057815083

Imports

Library ADVAPI32.DLL:
0x4471e8 RegCloseKey
0x4471ec RegOpenKeyA
0x4471f0 RegSetValueExA
Library KERNEL32.dll:
0x4471fc AddAtomA
0x447200 CreateSemaphoreA
0x447204 DeleteFileA
0x447208 ExitProcess
0x44720c FindAtomA
0x447210 GetAtomNameA
0x447214 GetCommandLineA
0x447218 GetFileAttributesA
0x44721c GetLastError
0x447220 GetModuleFileNameA
0x447224 GetModuleHandleA
0x447228 GetStartupInfoA
0x447234 ReleaseSemaphore
0x447238 SetFileAttributesA
0x44723c SetLastError
0x447244 Sleep
0x447248 TlsAlloc
0x44724c TlsFree
0x447250 TlsGetValue
0x447254 TlsSetValue
0x447258 WaitForSingleObject
Library msvcrt.dll:
0x447264 _fdopen
0x447268 _read
0x44726c _strdup
0x447270 _write
Library msvcrt.dll:
0x44727c __getmainargs
0x447280 __mb_cur_max
0x447284 __p__environ
0x447288 __p__fmode
0x44728c __set_app_type
0x447290 _assert
0x447294 _cexit
0x447298 _ctype
0x44729c _errno
0x4472a0 _findclose
0x4472a4 _findfirst
0x4472a8 _findnext
0x4472ac _fstati64
0x4472b0 _fullpath
0x4472b4 _iob
0x4472b8 _isctype
0x4472bc _lseeki64
0x4472c0 _onexit
0x4472c4 _pctype
0x4472c8 _setmode
0x4472cc _strnicmp
0x4472d0 _vsnprintf
0x4472d4 abort
0x4472d8 atexit
0x4472dc fclose
0x4472e0 fflush
0x4472e4 fopen
0x4472e8 fprintf
0x4472ec free
0x4472f0 localeconv
0x4472f4 malloc
0x4472f8 memchr
0x4472fc memcpy
0x447300 memmove
0x447304 memset
0x447308 rand
0x44730c setlocale
0x447310 setvbuf
0x447314 signal
0x447318 srand
0x44731c strcat
0x447320 strcmp
0x447324 strcoll
0x447328 strcpy
0x44732c strftime
0x447330 strlen
0x447334 strtod
0x447338 strxfrm
0x44733c time
Library SHELL32.DLL:
0x447348 SHGetFolderPathA
L!This program cannot be run in DOS mode.
`.data
.rdata
.idata
E;Es9}
EUWVSl
<t6p t<~@tO
x7EZ[^_]
UW1V1S
eEEE#@
++CCUNG
pP EtB(dB$
R \tp@$
hUhU`hu
llU6hU(Et
E!t#XtEXM~t
$]u}E#@
UpPl1|pl
;u ]]$}}
4$Yt8M
]1u}];] tIF
UWVS|U$E
E|[^_]
1|[^_]
UWVSL}
$DtbEN
UEXEE]u}E#@
++C B4CUNGB
t-S4C0
$]u}E#@
$]u}E#@
rN=@`D
sG-@ D
UEhEE]u}E#@
E]u}]E
UEhEE]u}E#@
tB1u2=C
x(EP`D
UEXEE]u}E#@
80S4C0
t(S4C0
x9JtD|IS
]uEEEE
]uEEEE
]uEEEE
$u}E#@
$u}E#@
$u}E#@
$u}E#@
UUWVSLE
$u}E#@
$IMEQh$9t
$u}E#@
$YMEQh$9t
$u}E#@
$iMEQh$9t
EE]}E#@
]u}EEUE#@
Pht%$9t
UE]PhXdE
$]u}E#@
|u9EE@
$]u}E#@
tuHxEE
$]u}E#@
tuHxEE
$]u}E#@
tuHxEE
$]u}E#@
tuHxEE
$]u}E#@
tuHxEE
$]u}E#@
tuHxEE
$]u}E#@
tuHxEE
$]u}E#@
tuHxEE
$]u}E#@
tuHxEE
$]u}E#@
$]u}E#@
UUWVS\E
EuSEUE9B
$]}E#@
$]u}E#@
Et1@t@
UEXEE]
$u}E#@
Et1@t@
UUWVS\E
EuSEUE9B
UMWVSlE
UMWVSlE
UUWVS|E
@;Er]E[
@;ErEU]H
]xEEEt
$u}E#@
oUUWVSlUE
UUWVSlUE
9t1]u}]
$]u}E#@
[^_]UU
[^_]UXeE
$B4$Z]u]U
UEXEE]u}E#@
u9Et4kd
9}]t7c
8"t-EE
$u}E#@
$u}E#@
$u}E#@
]uEEEE
]uEEEE
$u}E#@
$u}E#@
$u}E#@
]uEEEE
]uEEEE
$u}E#@
$u}E#@
$u}E#@
]uEEEE
]uEEEE
]uEEEE
]uEEEE
]uEEEE
]uEEEE
]uEEEE
]uEEEE
]uEEEE
]uEEEE
]uEEEE
e[^_]EAAAAC
uEAAAAEAAAAEC
EAAAAEAAAAEC
EAAAAEAAAAEC
EAAAAE
S C0C,
t(C,1D$
S0x]u]
t3[4u$&
t$B0x=B0uVB(
z(]u}]
H0x4P0uMX(]
UWVS,fD
]t"x0xFp0u X(EP J
UWVS,@
tLEtt$
tEp0x^X0uw@(UEEE
]tAH0xFP0u
X(EP J
X(EP J
H0us@(EUE
x0uaX(EP J
<$&]u}]
taH0xkP0uu@(
e[^_]fD
H0yAfD
EUM]Uu
M9MvuMEU]Eu}U]
EuaE9E
UEEEU]u}]
Mu,9vZ
1E]E}Uu]
$@uX[^
W11V1S
D$'\ t&
ME1UfE
:|,1\$ \$0
t$$t$4|$(|$
\$ t$$|$(,
D$,L$(D$
T$$D$ L$
T$DfD$B
\$0fD$0
|T f|T`B
UWVS|$
t$@\$@L$B
;f9yD$
|[^_]fD$
\$ fD$
~t$`1L$@
tfxJ\$
[^_]uUt$
~ML$$t$$
~;D$$p
~PL$$q
[^_]Ov
1D[^_]
|$lOD$
~D[^_]
D[^_]fD$&
tH1|$(M
Ky\$\u=L$
|$\T$`
UWVSd\$xl$|
2L$:zQ
1d[^_]
1D$8L$
HyfD$8xfD$
UWVSLt$`l$d
:L$"ZQ
L[^_]1
HyT$ \$
LS[^_]
t,K9w4
0^t&K9w.
B9w[][]
;Ew,t&
Bt$H9v
9pr(t$
EZ;]]r
u39~rdF]
$E9]EEr
9rrTB]
u)]u}]
9rrdB]
E@E9]EEr
9prw;M
$u@Y[]
$]u}E#@
$]u}E#@
$]u}E#@
$]u}E#@
$]u}E#@
$]u}E#@
$]u}E#@
$]u}E#@
$u}E#@
EOMEMU
$UE]u}]
t>BtmEM
$]u}E#@
$E]u}]
$UE@+A
]UUWVS
T$E|UD$
$+;Er8P
D$|UD$
$SEJEEE
$@$EVE
rUMWVS
eEElD$
$EJEEE
$@$EFE
pUMWVS
eEElD$
$EJEEE
$@$EVE
rUMWVS
e/wEElD$
$EJEEE
$@$ECE
nUMWVS,
e?iEElD$
11dE1X
cUMWVS,
ZEElD$
dE1X1\
$9\rpw
eUMWVS
$@$Eek
@Htc@C
]EUu}]
UWVS<U
EMu`EED$
]UU EEE
$Uu}E#@
$:EU?EEU
$2EU]u}]
UU EEE
$U]uE#@
$EUEEU
$1EU]u}]
]UU EEE
$Uu}E#@
$EUEEU
$_0EU]u}]
$5U(E$U
uM }u$}
UWVSLE
EUe[^_]
7UWVSLU
EUe[^_]
DUWVSLE
0P&M U
EUe[^_]
>UWVSLU
U N 1%D$
EUe[^_]
E$]U u]
E <$D$
@[,E D$
]U M$}>D$
W ]u}]
(]] uu
$WEEUs
AE]EUu}E
$YotuH
$]u}E#@
$]u}E#@
$]u}E#@
UWVS<E
1t+u+t
$P$WUWVS<E
1t+u+t
$P$WUW1VS
$P$US$M
E0EE,l
;E |qgfff
M(9Mt\EU
$P$UWVS|E
U ElUE
EET$$U
1t+u+t
X<$`BE
Bu+E1E
UWVS,E,EE(l
C;]$s!U
CG;]$r
$>E(UM
$>E9Ur
U2Cu9rE
e[^_]E
EET$$U
BdEBhEBlEBpE
1t6u6t
9u{tEC
,A<8w4
D$ E$T$$
D$ ,T$$U
|,U$HB
T$ 4E$
BHEBLEBPEBTE
E$T$(L$$D$
Bd8Bh<Bl@BpDBtHBxLB|P
B,EB0EB4EB8EB<EB@EBDE5
FJ8tJU
$6%\$ ~
$P$US$M
UWVS<E
tO%tv}
C;]$uE
%uC;]$tE
u!C;]$tM
R4UVS ]
^]MfTU(
UMWVS|
MU E#@
xUxBl@
||8\A
\|@@B4E1<<
80tp@U
)UMWVS|
MU E#@
8mxUxBl@
||8\A
\|@@B4E1<<
80tp@U
D$ E$T$
D$ E$T$
U M$#@
htL$/p
x|e[^_]
$Php)dL$
UU EE$U
$mUS$M
U8uE u
]U$M(}>D$
4$L$ D$
U t,t$
]u}]UWVS
$xxm P@
L$+@Z@p1D$
j@L$+<P0
$xw@D<T$+@m=l
kUWVS<
eoE|lp<$!tl
Id|dBl@
?0L$'D,
0C,<$D$
EUEEUE
$Fe[^_]
ChtB4E
J$Z(@@<
X<$BuEX
X<$J0H
$xUWVS<
eoE|lp<$!gl
<d|dBl@
?0L$'D,
0C,<$D$
EUEEUE
$Fe[^_]
ChtB4E
J$Z(@@<
X<$BuEX
X<$J0H
$xUUWVS\E
UMWVSLE
er]UMC
$L[^_]
U]Mu}EU
U]Mu}EU
uEE}UM
UMWVSlE
MEEUE#@
t ]u$E
El[^_]
El[^_]
]MEEUENB
$TE|[^_]
E|[^_]
EEUu}E#@
t&]u*E
$tE]u}]
$"E]u}]
EEU]}E#@
t&}u*E
UU]EEu}E#@
E@t']u+E
$}E]u}]
$}E]u}]
$u}E#@
|E]u}]
EEU]}E#@
$mzEEt$
$zE]u}]E
$]zE]u}]
EEUu}E#@
$yE]u}]
$xE]u}]
UU]EEu}E#@
$wE]u}]
$vE]u}]
$]}E#@
EEUu}E#@
B@t2]u6t&
$EtE]u}]
$sE]u}]
UMWVSlE
$5rEl[^_]
$.UWVS
UMWVS|E
MEEUE#@
$lE|[^_]
$wlE|[^_]
}EEEEUE#@
@@t.}u2&
$ujE]u}]
$"jE]u}]
$chMEA
$hE\[^_]
$gE\[^_]
$&UEBt
$f]u}]
$]uE#@
$e]u}]
Y[]|0U
U}1EEU]uE#@
$cE]u}]
$-cE]u}]
TUUWVS|E
$aE|[^_]
$0aE|[^_]
UUWVS|E
$_E|[^_]
$b_E|[^_]
UUWVS|E
^E|[^_]
$]E|[^_]
UUWV1S|E
$8\E|[^_]
$[E|[^_]
UUWV1S|E
$hZE|[^_]
$YE|[^_]
KUUWV1S
NUUWVS|E
$VE|[^_]
$"VE|[^_]
{UUWV1S|E
$TE|[^_]
$RTE|[^_]
UUWVS|E
$RE|[^_]
$RE|[^_]
UUWV1S
UUWVS|E
$(OE|[^_]
$NE|[^_]
UUWV1S|E
$XME|[^_]
$LE|[^_]
;UUWVS|E
$KE|[^_]
KE|[^_]
kUWVS|E
JE|[^_]
U]UEEu}E#@
$GE]u}]
$GE]u}]E
EEUu}E#@
$FE]u}]
$EE]u}]
UU]EEu}E#@
$DE]u}]
$CE]u}]
$]}E#@
$u}E#@
$AE]u}]
$FUEBt
$]uE#@
$;]u}]
e9EED$
}U|BtBu
UUWVS|E
$.7E|[^_]
e^4EUE
6PxBtBu
KUUWVS
e1EED$
]M|BtBu
sUUWVS
e.EED$
J|BtBu
eb+E|D$
EpBtBu
sUUWVS
e'EED$
C|BtBu
]UUWVS
e EED$
<|BtBu
@))9rZt$
bT]u}]
]]UXeE
]uEEEE}E#@
E]u}]E
UU]EEu}E#@
UEWVSlE
El[^_]=
\dE|EYC
4$)1D$
9PrWp1|$
9BraR1_U\$
$XK]u}]
9JrfzU
YJ]u}]
X?)9rY|$
9s3Bt$
)9snu~B
$u}E#@
u0F)9w
EJ?))9rRt$
?J)9r[|$
?]9EUUrwU
X9s?))9rtt$
]u}]9st$
e>]u}]
]]U(uU
<$E)=U
e;]u}]
UEEMEB
A?));U
E5]u}]
$u}E#@
$aUUWVS|E
$^|[^_]
EE]u}E#@
$w]u}]
$u}E#@
9BUr~Uu
$d]u}]
EE]u}E#@
$g]u}]
$u}E#@
9BUr~Uu
$T]u}]
E{jU(}}
$]u}E#@
$j]u}]E
$]u}E#@
$]u}]E
$u}E#@
$1]u}]
$u}E#@
$n]u}]
U]uEEU
$SUXeE
$]uE#@
$u}E#@
$.]u}]
$u}E#@
$p]u}]
$]uE#@
$SUXeE
$u}E#@
$u}E#@
$0]u}]
U]uEEU
$q]u}]
$u}E#@
$SUXeE
$u}E#@
$u}E#@
$,]u}]
$u}E#@
$C]u}]
$u}E#@
${]u}]
$!UXeE
$u}E#@
$bUheE
$u}E#@
$sUXeE
$u}E#@
tD~@Q@
cIZUWVS<E
C@uaC@
C\u'C\
$eE]u}]
P0P@@J
@4A8A<u
$E]u}]
$4UB@BI
;EE0AtM
$EO)UMWVS
E5sEU]
tlUEPXE
$fe[^_]
'EQqMEAX
$e[^_]
EpXX\
CdpueUpB\B
B4B8B<EPE}PT$
U]uEE}E#@
$5E]u}]
$E]u}]
$E$U(uu
EE]u}]
]9ttuF
U;:|CF
;9t19~!)t`LC|$
P1SBF0
ChCdC@C
YLQ@9A
ALIPCT
U9EXXPd
$P$t:E
U]uEE}E#@
$"E]C0
tfEU]@
$eE]u}]
ECaUX}}
]u}]GT
_h1Wd)9]
G<~?O\U)
u6whO\U
4A?E)\$
GhMW\)9EEr
$AUUWVS\E
$%\[^_]
UUWVS\E
$\[^_]
]uEEEE
$aUXeE
]uEEEE
]uEEEE
$=]u}]
$]u}E#@
UUWVSlUE
$Al[^_]
UUWVS\UE
e&EMxM
$'\[^_]
hUMWVSlME
$l[^_]
M6UMWVS\E
$\[^_]
EMUE]A
qUUWVS\E
$O\[^_]
_UUWVS\E
$z\[^_]
_UMWVS\E
EMUE]A
$]u}E#@
$EqUUW1VS\E
efEMtM
UEMBt
$W\[^_]
UUWV1S\UE
$\[^_]
$LUMWVS\E
$n\[^_]
$UMWVS\E
$K\[^_]
$.]u}]
$u}E#@
$]u}E#@
$EqUUW1VS\E
efEMpM
$^\[^_]
UUW1VS\E
$\[^_]
$gUMWVS\E
UMWVS\E
$u]u}]
$p]u}]
$u}E#@
$p]u}]
X[]}\U
$u}E#@
${gmUE
$~$UqUheE
$u}E#@
"EUE1}
$sf1UD$
#UqUheE
]uEEEE
$L]u}]
]uEEEE
$=UheE
]uEEEE
]EEEEU
$u}E#@
X[]zOU
$u}E#@
$WEUD$
$-XYUheE
$u}E#@
~EUE1}
$VEUD$
X[]=IU
$ HX[]
pl&$hd
$Vwe[^_]
$X)TL$
ld)hL$
X[]u?t&
$P>X[]
UUWVS\E
nEUE1}
$n\[^_]
$.FZUUWVS\E
elEUE1}
$4m\[^_]
UUWVS\E
kEUE1}
$tk\[^_]
BE1Ut$
CZUUWVS\E
eiEUE1}
$$j\[^_]
$'utJ$
p`1(@=
$ce[^_]
$rld)hL$
$gktJ$
p`1(@=
$Ye[^_]
$hld)hL$
$69cU1
$u}E#@
$*P]u}]
$UUXeE
$u}E#@
$O]u}]
$#UUXeE
$u}E#@
$N]u}]
$pTUXeE
$u}E#@
$ N]u}]
$SUXeE
]uEEEE
$_M]u}]
]uEEEE
$L]u}]
$PRUXeE
]uEEEE
$K]u}]
$u}E#@
$I]u}]
$OUXeE
$u}E#@
$@I]u}]
$NUXeE
$u}E#@
$H]u}]
$3NUXeE
$u}E#@
$G]u}]
$MUXeE
]uEEEE
$G]u}]
$LUXeE
]uEEEE
$jF]u}]
]uEEEE
$E]u}]
$`KUXeE
$]uE#@
$JUXeE
$u}E#@
$ED]u}]
$IUXeE
$u}E#@
$C]u}]
$,IUXeE
$]}E#@
$B]u}]
$mHUXeE
$u}E#@
$GUXeE
$u}E#@
$FA]u}]
UMWVS\E
$=\[^_]
CtSt]u]
?XCtCu
CtSt]u]
$u}E#@
E@xEtP
UWVSLE
$wllD$
$TCtCu
].UXeE
$u}E#@
$7]u}]
u1EEEE}1
$v6]u}]
^H[^_]E
[H^_]E
-UWVS(E
C9u([^_]
4$] [^]
UUWVS|E
$h-E|[^_]
$,E|[^_]
UEXEE]u}E#@
$+E]u}]
$EM1t&
$EIUEXEE]u}E#@
$*E]u}]
UEXEE]u}E#@
*E]u}]
UEXEE]u}E#@
$])E]u}]
UEXEE]u}E#@
$(E]u}]
$EM.t&
$EIUEXEE]u}E#@
$'E]u}]
UEXEE]u}E#@
'E]u}]
$E~UEXEE]u}E#@
$]&E]u}]
~UEXEE]u}E#@
$%E]u}]
$EM+t&
$EI}UEXEE]u}E#@
$$E]u}]
$E|UEXEE]u}E#@
$E]u}]
$E{UEXEE]u}E#@
$]#E]u}]
{UEXEE]u}E#@
$"E]u}]
$EM(t&
$MW9EE~wE
'MT$+Uyu
Ee[^_]
8UBtBu
$MT$+Uyu
6UBtBu
Ee[^_]
$]uE#@
$]u}E#@
$u}E#@
||EH;E
}t uu$E
UM4$L$
_|UheE
UU]EEu}E#@
NaHaJa
Software\Microsoft\Windows\CurrentVersion\Run
Microsoft Windows Operating System
\Mira.h
Saaaalamm
basic_filebuf::xsgetn error reading the file
basic_filebuf::_M_convert_to_external conversion error
basic_filebuf::underflow codecvt::max_length() is not valid
basic_filebuf::underflow incomplete character in file
basic_filebuf::underflow error reading the file
basic_filebuf::underflow invalid byte sequence in file
basic_ios::clear
basic_string::at
basic_string::copy
basic_string::compare
basic_string::_S_create
basic_string::reserve
basic_string::erase
basic_string::assign
basic_string::append
basic_string::_M_replace_aux
basic_string::replace
basic_string::insert
basic_string::resize
basic_string::_S_construct NULL not valid
basic_string::basic_string
basic_string::substr
ios_base::_M_grow_words is not valid
ios_base::_M_grow_words allocation failed
locale::_S_normalize_category category not found
locale::_Impl::_M_replace_facet
basic_string::_M_replace_aux
%H:%M:%S
%m/%d/%y
basic_string::_M_replace_aux
basic_string::erase
pure virtual method called
LC_CTYPE
LC_NUMERIC
LC_TIME
LC_COLLATE
LC_MONETARY
LC_MESSAGES
locale::facet::_S_create_c_locale name not valid
-+xX0123456789abcdef0123456789ABCDEF
-+xX0123456789abcdefABCDEF
-0123456789
%m/%d/%y
August
September
October
November
December
%H:%M:%S
Sunday
Monday
Tuesday
Wednesday
Thursday
Friday
Saturday
January
February
c:/mnt/samo/mingw/msys/mthr_stub.c
-LIBGCCW32-EH-2-SJLJ-GTHR-MINGW32
w32_sharedptr->size == sizeof(W32_EH_SHARED)
%s:%u: failed assertion `%s'
../../gcc/gcc/config/i386/w32-shared-ptr.c
GetAtomNameA (atom, s, sizeof(s)) != 0
R`%uM]=];Z
uuvHMe
Ix@ p+
N10__cxxabiv117__class_type_infoE
N10__cxxabiv120__si_class_type_infoE
N10__cxxabiv121__vmi_class_type_infoE
NSt6locale5facetE
NSt8ios_base7failureE
St10bad_typeid
St10ctype_base
St10money_base
St10moneypunctIcLb0EE
St10moneypunctIcLb1EE
St11__timepunctIcE
St11logic_error
St11range_error
St12codecvt_base
St12ctype_bynameIcE
St12domain_error
St12length_error
St12out_of_range
St13bad_exception
St13basic_filebufIcSt11char_traitsIcEE
St13basic_fstreamIcSt11char_traitsIcEE
St13messages_base
St13runtime_error
St14basic_ifstreamIcSt11char_traitsIcEE
St14basic_ofstreamIcSt11char_traitsIcEE
St14codecvt_bynameIcciE
St14collate_bynameIcE
St14overflow_error
St15basic_streambufIcSt11char_traitsIcEE
St15messages_bynameIcE
St15numpunct_bynameIcE
St15time_get_bynameIcSt19istreambuf_iteratorIcSt11char_traitsIcEEE
St15time_put_bynameIcSt19ostreambuf_iteratorIcSt11char_traitsIcEEE
St15underflow_error
St16__numpunct_cacheIcE
St16invalid_argument
St17__timepunct_cacheIcE
St17moneypunct_bynameIcLb0EE
St17moneypunct_bynameIcLb1EE
St18__moneypunct_cacheIcLb0EE
St18__moneypunct_cacheIcLb1EE
St21__ctype_abstract_baseIcE
St23__codecvt_abstract_baseIcciE
St5ctypeIcE
St7codecvtIcciE
St7collateIcE
St7num_getIcSt19istreambuf_iteratorIcSt11char_traitsIcEEE
St7num_putIcSt19ostreambuf_iteratorIcSt11char_traitsIcEEE
St8bad_cast
St8ios_base
St8messagesIcE
St8numpunctIcE
St8time_getIcSt19istreambuf_iteratorIcSt11char_traitsIcEEE
St8time_putIcSt19ostreambuf_iteratorIcSt11char_traitsIcEEE
St9bad_alloc
St9basic_iosIcSt11char_traitsIcEE
St9exception
St9money_getIcSt19istreambuf_iteratorIcSt11char_traitsIcEEE
St9money_putIcSt19ostreambuf_iteratorIcSt11char_traitsIcEEE
St9time_base
St9type_info
RegCloseKey
RegOpenKeyA
RegSetValueExA
AddAtomA
CreateSemaphoreA
DeleteFileA
ExitProcess
FindAtomA
GetAtomNameA
GetCommandLineA
GetFileAttributesA
GetLastError
GetModuleFileNameA
GetModuleHandleA
GetStartupInfoA
InterlockedDecrement
InterlockedIncrement
ReleaseSemaphore
SetFileAttributesA
SetLastError
SetUnhandledExceptionFilter
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
WaitForSingleObject
_fdopen
_strdup
_write
__getmainargs
__mb_cur_max
__p__environ
__p__fmode
__set_app_type
_assert
_cexit
_ctype
_errno
_findclose
_findfirst
_findnext
_fstati64
_fullpath
_isctype
_lseeki64
_onexit
_pctype
_setmode
_strnicmp
_vsnprintf
atexit
fclose
fflush
fprintf
localeconv
malloc
memchr
memcpy
memmove
memset
setlocale
setvbuf
signal
strcat
strcmp
strcoll
strcpy
strftime
strlen
strtod
strxfrm
SHGetFolderPathA
ADVAPI32.DLL
KERNEL32.dll
msvcrt.dll
msvcrt.dll
SHELL32.DLL
crt1.c
_atexit
__onexitp
crtstuff.c
main.cpp
_HeadDir
.rdata
eh_personality.cc
.rdata
fstream-inst.cc
{%oM(k NS
-sOB"i3P1scK
QhHOp//pF2
CCCCCC
AAAAAAAAA
AAAAAA
AAAAAA
AAAAAAAA
AAAAAAAAAAAA
C@@@@@@@@@@@@
C@@@@@@@
AAAAAA

DNS

Name Response Post-Analysis Lookup
dns.msftncsi.com A 131.107.255.255
dns.msftncsi.com AAAA fd3e:4f5a:5b81::1

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 53179 224.0.0.252 5355
192.168.56.101 49642 224.0.0.252 5355
192.168.56.101 137 192.168.56.255 137
192.168.56.101 61714 114.114.114.114 53
192.168.56.101 56933 114.114.114.114 53
192.168.56.101 138 192.168.56.255 138

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.