1.2
低危
DACN
0.12
FACILE
1.00
IMCLNet
0.79
MFGraph
0.00
反病毒引擎
| 查杀引擎 | 查杀结果 | 查杀时间 | 查杀版本 |
|---|---|---|---|
| Alibaba | Worm:Win32/Delf.23fb1eb0 | 20190527 | 0.3.0.5 |
| Avast | Win32:TrojanX-gen [Trj] | 20200402 | 18.4.3895.0 |
| Baidu | Win32.Backdoor.Wabot.a | 20190318 | 1.0.0.2 |
| CrowdStrike | win/malicious_confidence_80% (W) | 20190702 | 1.0 |
| Kingsoft | None | 20200403 | 2013.8.14.323 |
| McAfee | RDN/Generic BackDoor | 20200403 | 6.0.6.653 |
| Tencent | Win32.Worm.Delf.Peqd | 20200403 | 1.0.0.1 |
静态指标
可执行文件包含未知的 PE 段名称,可能指示打包器(可能是误报)
(8 个事件)
| section | 7519006 |
| section | 8572755 |
| section | 7151059 |
| section | 6580166 |
| section | 3626684 |
| section | 7044656 |
| section | 5294235 |
| section | 3707131 |
动态指标
该二进制文件可能包含加密或压缩数据,表明使用了打包工具
(7 个事件)
| section | {'name': '7519006', 'virtual_address': '0x00001000', 'virtual_size': '0x0000d000', 'size_of_data': '0x00007e00', 'entropy': 7.99353393817323} | entropy | 7.99353393817323 | description | 发现高熵的节 | |||||||||
| section | {'name': '8572755', 'virtual_address': '0x0000e000', 'virtual_size': '0x00001000', 'size_of_data': '0x00000400', 'entropy': 7.767636168582015} | entropy | 7.767636168582015 | description | 发现高熵的节 | |||||||||
| section | {'name': '6580166', 'virtual_address': '0x00011000', 'virtual_size': '0x00001000', 'size_of_data': '0x00000400', 'entropy': 7.830116036537715} | entropy | 7.830116036537715 | description | 发现高熵的节 | |||||||||
| section | {'name': '7044656', 'virtual_address': '0x00013000', 'virtual_size': '0x00001000', 'size_of_data': '0x00000200', 'entropy': 7.55488547604783} | entropy | 7.55488547604783 | description | 发现高熵的节 | |||||||||
| section | {'name': '5294235', 'virtual_address': '0x00014000', 'virtual_size': '0x00002000', 'size_of_data': '0x00001000', 'entropy': 7.952516725673953} | entropy | 7.952516725673953 | description | 发现高熵的节 | |||||||||
| section | {'name': '3707131', 'virtual_address': '0x00017000', 'virtual_size': '0x00003000', 'size_of_data': '0x00002600', 'entropy': 7.385206639806591} | entropy | 7.385206639806591 | description | 发现高熵的节 | |||||||||
| entropy | 0.979381443298969 | description | 此PE文件的整体熵值较高 | |||||||||||
网络通信
与未执行 DNS 查询的主机进行通信
(1 个事件)
| host | 114.114.114.114 | |||
文件已被 VirusTotal 上 62 个反病毒引擎识别为恶意
(50 out of 62 个事件)
| ALYac | Trojan.Agent.DQQD |
| APEX | Malicious |
| AVG | Win32:TrojanX-gen [Trj] |
| Acronis | suspicious |
| Ad-Aware | Trojan.Agent.DQQD |
| AhnLab-V3 | Malware/RL.Backdoor.R257255 |
| Alibaba | Worm:Win32/Delf.23fb1eb0 |
| Antiy-AVL | Worm/Win32.AGeneric |
| Arcabit | Trojan.Agent.DQQD |
| Avast | Win32:TrojanX-gen [Trj] |
| Avira | TR/Dropper.Gen |
| Baidu | Win32.Backdoor.Wabot.a |
| BitDefender | Trojan.Agent.DQQD |
| BitDefenderTheta | AI:Packer.16161DC21D |
| CAT-QuickHeal | Worm.Generic |
| Comodo | Malware@#1l1aqusufqirt |
| CrowdStrike | win/malicious_confidence_80% (W) |
| Cylance | Unsafe |
| Cyren | W32/SuspPack.R.gen!Eldorado |
| DrWeb | Trojan.MulDrop6.64369 |
| ESET-NOD32 | a variant of Win32/Delf.NRF |
| Emsisoft | Trojan.Agent.DQQD (B) |
| Endgame | malicious (high confidence) |
| F-Prot | W32/Delf_Troj.F.gen!Eldorado |
| F-Secure | Trojan.TR/Dropper.Gen |
| FireEye | Generic.mg.46cb33960d86a2bb |
| Fortinet | W32/Delf.NRF!tr |
| GData | Trojan.Agent.DQQD |
| Ikarus | Trojan.Patched |
| Invincea | heuristic |
| Jiangmin | Worm.Generic.ahwj |
| K7AntiVirus | Trojan ( 00129bd51 ) |
| K7GW | Trojan ( 00129bd51 ) |
| Kaspersky | HEUR:Worm.Win32.Generic |
| Lionic | Virus.Win32.Elkern.kYNv |
| MAX | malware (ai score=87) |
| Malwarebytes | Backdoor.Wabot |
| MaxSecure | Trojan.Malware.300983.susgen |
| McAfee | RDN/Generic BackDoor |
| McAfee-GW-Edition | BehavesLike.Win32.Backdoor.nc |
| MicroWorld-eScan | Trojan.Agent.DQQD |
| Microsoft | Trojan:Win32/Occamy.C |
| NANO-Antivirus | Trojan.Win32.Delf.fnpcgo |
| Paloalto | generic.ml |
| Panda | Trj/Genetic.gen |
| Qihoo-360 | Win32/Trojan.fc8 |
| Rising | Worm.Delf!8.1B3 (CLOUD) |
| SentinelOne | DFI - Suspicious PE |
| Sophos | Troj/Delf-GBD |
| Symantec | SMG.Heur!gen |
二进制图像
288x288
224x224
192x192
160x160
128x128
96x96
64x64
32x32
运行截图
暂无运行截图
该样本运行过程中未生成截图
PE Compile Time
1992-06-20 06:22:17
PE Imphash
3c0e70bfa5f73f1f1cef484e2bcb5bf8
Sections
| Name | Virtual Address | Virtual Size | Size of Raw Data | Entropy |
|---|---|---|---|---|
| 7519006 | 0x00001000 | 0x0000d000 | 0x00007e00 | 7.99353393817323 |
| 8572755 | 0x0000e000 | 0x00001000 | 0x00000400 | 7.767636168582015 |
| 7151059 | 0x0000f000 | 0x00002000 | 0x00000000 | 0.0 |
| 6580166 | 0x00011000 | 0x00001000 | 0x00000400 | 7.830116036537715 |
| 3626684 | 0x00012000 | 0x00001000 | 0x00000000 | 0.0 |
| 7044656 | 0x00013000 | 0x00001000 | 0x00000200 | 7.55488547604783 |
| 5294235 | 0x00014000 | 0x00002000 | 0x00001000 | 7.952516725673953 |
| .rsrc | 0x00016000 | 0x00000358 | 0x00000400 | 3.8585242583369057 |
| 3707131 | 0x00017000 | 0x00003000 | 0x00002600 | 7.385206639806591 |
Resources
| Name | Offset | Size | Language | Sub-language | File type |
|---|---|---|---|---|---|
| RT_ICON | 0x0001620c | 0x00000128 | LANG_ENGLISH | SUBLANG_ENGLISH_US | None |
| RT_ICON | 0x0001620c | 0x00000128 | LANG_ENGLISH | SUBLANG_ENGLISH_US | None |
| RT_GROUP_ICON | 0x00016334 | 0x00000022 | LANG_ENGLISH | SUBLANG_ENGLISH_US | None |
Imports
Library kernel32.dll:
• 0x418c2e GetModuleHandleA
Library user32.dll:
• 0x418c36 MessageBoxA
L!This program must be run under Win32
7519006
8572755
7151059
6580166
3626684
7044656
5294235
3707131
?Mn#fS
X$GZP~
9p9/ZD
|&d0n&
.#ArYn3JA(z
8O-@q}x.=
}YMF>kG"`ztY
@,15m^!_]02
k *tqyQ
rYNsUF
?]j&?[
Tv9p'7(P6#m
1PGJixRJ7bzp
OCh/\c
=#g?`y
r/R vo_
{\Wgc%
%WhE7'BhW@Ao@Q
#@0t]-8
iI!F%9~mjw
Ogmo%Lc+I
^~<ZQRA(.zC6
T79?ho
kb9T,PW"
L5k{ezV;#lEtYzT@
}2IVe
m_WI!He
sXX"O}
kH$&G;
YSs?Q{
O7s<k<M^zw2oi
aE@4q[
?@.aJj7}a
{jPO1xEbu]SL"m
{di<P@
g?js GJx\:Jz>
/&y1q8
SiWn*L-/V
DZdQ{t
Okl0z`B8
'%p$xI&]
B0Kfy{:
G.}Uv:
lJ]X?ro
bDN)GO2k
smq=i}
?UNGDH9
znh:kA
`QH!,:
"HT,:p$QQ
d$}.M=
R52O$w
Gs2P7h
S\'0HCM4'M|8xQYu,Y
Up3c'W0
=pm&-'
5)$xy7a
p]%5<GxvM=
>RSi&[
(Cjl/HW
*=G&[%f3
t>7BX| B<
g ^9!K
t3SZ&o0E"&
tn[2(({
H~cQG'
.1\*X#
(sb7bOP !
<au29R
_( '1*
3FS1S\2
r^6g}!0
4Yg}r
=55<mp*
eewX'b
J`;"_LY1
*Gr*ip
zkI*xFM_
fk0Ki 4hY
Dk"f&I
,DkqNgeN4%>!x!K
~R3-BE
&X Ce|ofAFjc
,_-T l
qQkr'YB
/>}f-t>a'u
F{fabRR.
(>!]^n
q[yFN''uJ2(p
<"z4,TK+1Q&P
s^omG>[V|A8K[
Y@bWZ0)%t-'|a;\:Y
l.Ei>Y
:JC:q\FJ
]!3_m*jS
]5D2AF[
>MY&H5#X
8I-K}ZO#;
~w9Z%O
kK{nh <ot
6+"<Q0mEMtzo
2jxW[S
CQIV;`,o&c+C=j
R)`pJe}L
%^X r}v1
F9HA9xcl
w gh"IB
HEroyBY
DHv&#'q
?5\:o$
:V}a.;
F[o`Ow42
pAaS*W&
DCqfzU
0|h()"Zm\?
=|iI`YNF
f^^@YD}_z
@Y,r,!riO
.v)}bar|[A7YS`
++~-+$YIkL
:VLAw$
p.X) ~
bWQ0T>
*0'6x3A|=
5PBZ!q
ZT"/"5
\">}[&
VgF>Z1k5
R;]Yr""weT9 Q9
N' P*h
JmV{t,q
o/uEte
Sc=kRb
VGkHK2*V
L}dkz#
aQ6O&IR
(U`3lM!
b~sXgU
?vl?Oo
Y;mfpkL;S
235rlq^e
yt{S|f
6f.q?z`W<D(;9U:
p`v_IA
shg8a g0"<
qN]uCW+
J)_~!u?+_eAJ:
!]Qf&*2xc
/PV?k\d
`i9|QA
w:LixHL:=0
ckE-yo%
m8BNBcd/
aYHt+o
$;rEkDVl^GWQ7G&
x*2LdK
Epd+ ^rlO
E.k}.z^b
"}-x3dnegV
2t7b&EBm
Z!vf8sr5+
_-)ZO:'e7[
RmGT.g
39LEc8mhL
lX-_vS$o.@
[o{_qdH|=6
9\eLBR0
V&UBxTbB]
q`#rl#
i/c'k`>
)$Sh <T#
3<*Rs,
UIW=h#j%!
Q(<c T
=f*|!c
ty9BV7D
MXO*$-zZ
sA5d-:
V^D98S^4M/I%!
_'pb\T
&-4t]95R!
^a$`i2}6
\zRL}(
; 2e[=
bfnQ=fS
)M^a\(l
jZlw,7o
vr#;.0V
_1k<L6dC%~
`#h9_~k
G ?v`gw
:,jJkP ~
VWwhd7)@
&pS$ $Z1C
,A=12`-^
TKeyQ/[
}I 2NG9xO
F*2TOaWEAAMl"
92o5JM
2~u\_}
Ft{=x,2
b+,O{C
`NmTg<1k:~;D
/Z:Eob
|`:1 5 U
r32*hnK
e.M'}WkUE
-E`}jz6Ds
+:K^xp!
]B-i~>8
5-quq=
@D |{HOZ
VfwC!'
H~szG9gCjV\s
wlgx&V_$x89K^k5
<9-}M@%
qa?~p9
GR'(cbjf
[y*@Q?Dl
|6AWU:s
j0i. BeY
Ou/DdqZb0
Z. mPT/@O
wQQV<{k'Tu
Z5m<WZ@H
iC)}aQ3 x\
KK~QHd
W Z7~'
(W%Axu
sS95b$oh;6_,L
oc!"hB
Aat5w
<F.lC(M^t
BxIN/<
=M+1Aen
I&wd\{6\j>d
%sUesvX?
}OYS!2%1)
j4+jgB<@
j>E9}c.
=s<2 :
lQj#Qb
K3)s_O
wf:)>D*h
Gf%;AC.
zs/WEw ,
K5`@F{Ms
Wkglx
`sj!j)Q
*K];%ts
-w5G{Ad
>To:}2Esbu_.l
BrC~7
O+3-~H1u4i
mhQ=He1
gv&1:w
91?y>E
'ql 2{
yX` ,eaW8o!K] ,Q
mmUg \eMU
IairyMR'jfS
!Ia\0!Mtv
eTY>oe.A;\
0I|f$z$d
c(yw4{ P
e0EqG4(
~PR:%b,(R
N9#|*xpI.
{:ea*XHt~
UBTj;%
VZZ]'-
H?8 )p
&a%y+8;E
5$f7Nz/\yN
OhZEc
|xgRc#
ewqDLu
)C%!a@
x 5K.;`lv"
b'(5Ogr)$2VJ
;;b,]NMr,r'<II;
j(Uoi[6
)IM\7/W*Q
e7vf=x
z~ w@w=H
k7|O5*P
:9AALt`.}
_jc;=?
_> i1J
CF:6I1nMP:b
?>I.UP<c
]=_zC<
L"SMcj(
v-=p'N?
j XZK&
hN)U4q;@1Z^WF
.foTRVc
#>B{b4e$
.>]E8Pp
NE>O!Ut"
woeoBn
m:WZl|
&7z)U*
`otUdOQ
TqMB,s3N
w4UIF1p
iD i|_s3'M&r#
b|"|a+uS-}H Ms_\tP/
b{ _KT&FW3Q
pWdP_{,\j
AFjg3id
eL*k0LF
O4zf=&SfoBR2
Izt"yHC
P4rm;/_
yUU$t(s-`
`X-X@a
A,h@P+45=pK
Q;F%H[%
.6+ x b}
@Ip$i$
pIggn,z%(*;
($s6=w
/pt>Xj
S20UUz *Q}q@\g8W
~|[*i>JbwQG^!W
!uxBP6
k@&/P6p5D
KxL`S0iHfW
`G:v.)O#71
M#hX}xO
p7:<~X
H;-"Q}1
EBJv0}/
UgQB]6_$;
(6t#{\q
OL}wq0KEJLC
(xUI}v.)dz
PO-WXm|Q
++5,J2<
_r"wI}pDNJ9k8)k"N
;Q@V&7\(Dn6%.O!
cg~UDSv
/{Lr)+,Go
|xU Xh
L, rDEW'>~TE3_[6
RkdE9Wu\@A
CVW_<E.B
/,^+T!c
6OFOxU(Kd7a
|A14KnzbCE>q
EJlr,5"x
.r?0{-W
}4T|9vWc
Ui ,RbV
s [)M8
\#c}]:
eNS)E:g e
-n_ sR%-9W: +
kDX{kP
#kCz[;
2$_*R)
/Vh3.aL5f
?%`4MPR
*z^>Sp
j>5x(i,0mg=]+ n
d xm~ZF
b_L ."B?%
Cx&bgIMo
*+U7$vKX~
d'2@sdr6-lZD>v<|
Qjx(n#"[
"{?,>pT:b%
C}DA)@Y0m
.^`j@&
@{_.ePXB;n
s[V V"~R+
v(G&d!`+!mMn
+M4Z*Vj2)K
.P(2^B
[/^WyP(he(F*
[{|t{S$B
=rwBx\B
i%b-4\V3)jN
bA4Gh/dj0CQb
pY[?0AF
wRgwr$#M
D 0WO07
; kVg3=M
K5' R#sYC!>
)Z/\'PVw
>75[Fd
\RZ;?v`z;z}
/]>E+7L
3[~Tk16V
Z-cBx@
~$ qE2
+shTeh^5`R
&i8F70x&$F
u"%K8px
J0d>A|@ZV@h
F*{.|gd|;!P/.;4[u:b
G7tubV
b"^L4C
"V-0{cd
XA5(jM4V1B}
kM_oOfLfA"c||)v/MUS4Jd
]Fvs#zQS_0,
%(~o-(
z/0qOK$y3z
C:6$bX%sMFl
rg?bzA
=!YsS##
hvsH?N
. Kh 8
e =#y<u
o*BJ}32"H
_CyWSKv
|iwD,t#|or
6/N:U9|
22~[rysmsz0
>d0s"h]_
w Itzo6&
]C&JxCzvj
2X4X.?e^mx"
lMZ}v7kv_h%
oCpE.>z
cR_ r:dvgAULd
N0YKZ/q
%Wm;X!
j83.:X>o'}>NV
{YevSYbk
M-SjtW^\
f"eZXH@A-
1&42sX@dx_us
D}=s6ir
u3 bIV[
B*Lc7j
F#gaOF
,\<sv1p/i
P^lc=T~j<;
'Dy4~^+N+Uir:#B
>kumX~
.A;S)M
1]F:=IqDo
@$?E>UA~
bB)p;P;M@P>E]:D
YXb\F^:
W)c@^B
w/o7]Tu
P!5}b'h3
}:m\"A
=WLPyU
`RcA;^
p~|[zW
-?/-FLZm^
Uv;?k ]&+
ok-asTytf8dn
>sh4w)mu,
-b^oA3a
f'H+Lx
5Eh9$J0 #@1vOTme
'Csgm1
+r=3@wr4
O\iOE/8Vh
@3FSs\xd;@i
bK.\]u
"-9S8k{
v7O+tN%,T]s7
ljcyda
^>CmF
6Z(`h@O1>27H\
>g+L}!CrW
0_0_mL&.
*df5b;h
j(hw*u
Z_?Cq O
bD|/8~
++DgG({
8jVD+Y
[T_7g;
yEg8'&>I
[,M6?DdFV4<
O.piDu0)mMC2
e->)"C:#
{o.z3o
%J'aa?L
uMaWuCY1m
p%5f&z$
7..e"*573'Y&@
=waF+,4Ii
,(d0vXjBt~_
;Coqpb
/qBq%!
0c.*!T
W2:G90d
;:<3D>"M(
Mys%]?
#N1Jc6
s:]@v^X
V5s=,I
-z6qQiwP
*\8QX5l=>
3%95T;la
&I&7GeZ
!w3)!va
`"3r(\j|Oa;
30v g=dBE
\xc&d|
??0.37cI'RX
26s"*w
F.KB>i4'xUu~`o
O6eM4?X?{
/+q!jk)h={
HZ`nY3
kn{GyS
_^zhJP!
Y45DUS
)Km$FB5J;;o
ER'7UR/=Lg
1}5Y(N
TGPeqK];rc
AWQ}r^
.XIR{|(D=5^O
zbBm=?|oRw"U<jN:Dl'>?
mC29IA
SQ/uCl
m(.#qP.{mx
KaJ{&U
!#( &N;V
H\*WcD
}!37gK
DtLE$WI]
2fH\;?L\
Q]c_\"
C(4y`X
5*Aw($
Kc*T3JjE`Z
'?:kF'B<"X2
[0Amvd]`
Vu}>?$63
s-zm,'8
+)OG<8>|_s
9j MuyWmQ7N:
[UIC rO|NOb
~/d.KHR}!Q.EY9
!v`s0K
X&.p<1(
%xf Q ~u{
$}7'2Iw uckmucAPUzxz
-5j5OPD>w
uH~Pq)9x%g@
oZV"Vz_?
N?Ga/Z
5c0XAe
RbJ<=4E(
{ExWL\M:B?SZK"Oac
S~(qt*
-Qn)>0+?k
G4]9}{K
Yd=HKN~sB
<_B9iHMjv
"B36^XN6cJL
V~ZbEYl
$e<|gzUt^@
De4qK49
WC5=Ul)_A
+06r&f
KLayM7Ca\/[
:>|;)Z
<c|='nMQ#dR2qe
k+t#RS+O
gbs"hT
\V>e>V
SWh%x&o.MjQ
"*C}=
%MnWv'VTS(9d
(PI;R%
e{OSQ6_&
-'=`;JWZ
]@a'Zhb;b
Js9(>0<W
B7A|e>c?/;\2
$f[*Tw!sn
k2@46RC:O>&r
>SXIc\.F8
y|}Hd
yTKpI,1UF
h3Vxm8,Ma
U!,@_<X
--?)MT}[
W3_[@!_kWX ?P5[
jMKCz
>K15Y(K
"08J@6z
Wl[RZm
Pj=n 0
zd Jv@8\
[#bk^-RO9mA8L;
GJv6i^H
k,~B$Mq{%h! & %_
}z.V=>
qh!l<Rd
tj8-Y?aX!U
ra<+EF
$bA +~yl
~)kxsu;^
Wu :7=wI;B
k``fir
Flf!a>
`?T$Df'
Xl#\b[B`Flb^Yw
r/zX)J
Yf8Q1tRh3
'mRB^U
.nwo<=H
87LG?sI^
8k8o&E|
${Nv3}p#e6B;<B;Iq1(
"rWOB ?
pp/pbH
tkqA*CQ?
.~1y,?8"
O|9GIUpBPT
p%!/&x,fkH<t
1{X@BgR ^HSFwnS
^s>.9P.
<e.iK|a>It
E;_(6?
!^TGpFbyhid\.b
)#J"i:O
[O2wxZ6d<
c/_ @"E
nlKt4xI)
6?Ch \Ao)`%
OcBE3m
)b mU*
K5R&]:.xH
`2FPj6,jd-H
g_iT@B@qZ+
g}`m~<`Y
:w,"j3-e8L;_0
vA[_{DFx
fdv9b#/k
f1N#C9=\1h
VWG?JN
*6QqS+
*DD7|$k8||K
2jj"C;lZ
^rOCio9w
XJ7D&9&W&
mw~!3\
qxkW)f*k
~+O:xH]9b 4:nsj2
(]>+g"(d
p:,Nfb
~|c[ s/2
,;6FL?c CN
/l#bCr
Q3jPH4F
zP@b=B
GP,b,2
P|Vk7$
OOOE}bM
[@lsd8(
lT4^z;86frUL.;O*ynM+
94k['o
p6M'bY8t
SGI!<-.)
hr( ]~Hpm;^-.NMp"f0}`
w>w*GIM
X_d}|?DBz
0(J7Qg
rB=tG+
^<]6H!
_~'-VsF bQ
+1rA|g/n*T
=^XVqE8
pPo8DvZ)cI'D
X+nzszX 4I@Z
+kz)Z-r
;M{oNI
O!Lk\'
]T>J'^ @;
B#*r=L
VQ!IxH'
Kodo7Me
I\G:*x<b
;60Hd;
*]/)7x
wT*El {vIC
[s4cs=II
[X'J9=, /
Q}lI:xMs=c*wXE.
&)-e^(+.IG,
+1 s)}_#
*,_u1Fb4%"
YwqnCM`T
X7:sn%.
o6ciyK
r6A,+p7
@Pq<+z
KYcm1C
-'CA`@Zc2o
+8Ikt&nkFTN|\$
:zBC;x
]Qf)g#+
zx Y!F
Q*eF48<<
$aoj"vU'e4'ITV
+Iq0,u}&^dK,M*q
GrL2yX(
{W~}2LY
~<>UOY%: I
z!0(b2o
.EQ\tps
~J9hxr\ifd
':hi_2KYAcJud8
1 VgSZT
+vLh+Z&q
B="vw%
C-aCQ:k
vsTxS^nL>
o$b.!GCP*]J
r2m*Rvj-
*YM>b#36G$d\K
[,8k[&C1RAs:v,$@
F*QQui
$nnaP!
xL39t`5p
n)._rm>!r3
HXupqZX!d
?<_,<-
06 XxFJ6
qA(_W\
+}ze)kR(
Yzh8v"]"*k
&<le!FBi<:-7p1y
xuq*\X=:^
#n)W;:o[~d+/+Q
x5D)TS(c
@4_jDxn>+]
,;fSHDIeGjY0'b
(gF#!mT5
?.'5$.x
~>%3~+WOw4j
Q;olFK4
.;)zx[c
#?l1$jO
:}ZU2f?
Oi<HB(
??7dmn
E}f+]K
Vh>=~=p
sK):.-
wj!?|Q
`_dD{_iNvw~5DE
;b.sGcw
rw,]I~OU
PAPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGX`
ET81NDUVHxC
s1A_h0Te
i}Lbmfmb 8
fq~^SELR~Uf~
KUQRj~
LS%}`qp'<
x.(7c!xe
1EzsM/wC
hP`-r?-a
<i3jU@[
I*B}*]
V\=tz1^fQ/hM%HK
R/PamX
HF2vqg
uw^\52OCL >
D UTC0y
y?* ezsXuZ)Z
{)'uO1[
rpQlxGC
K&$hHGL_HK+D+@_ ' *5"=>!*91
*Pi[P7
ZITc`q-H4N%M"0v-f[:I
Any6EHrc
)'|P-i(,atQ
{%r7r7!IS0
C6*7:|P
P/e Xx
}m#p[|`5!i
vCY{VPtE[
^C|GGH6C+zdUZ
KifP.8
ZXiy1wub*b
e{x/77)0
t=U;p)
Wig5r.
:zcHiu
B6Qq!r
qeqk{Xa|hJi
A=O)Y#W8"#f8U#r$(2\
0Y;U{`d
i,f hC
,,k-U\)
hzx~5/
kQmuJ5x
cXA[k)
, |eZ#
|o^KqSP
wQ]4e&G@
9Z ]lx
.vfO1c0Q
#kc>J9RY!mt+T
l9sr7mD
DZ7Mqrq
4|ByXMK2L
V{CT(?
DU PV?
hvtLT9
#)`*lOd)%5
qhKgteN5-M
sQ-5$lCT
N&1"9Hz
{^,3}{
R44*~:g^7
yJV_v1|
]ce"&eYL"[6
]j'v7h7
C<Eo^S{
k0Mbkn.
aR}T{TMk>/W/
E %V@J
B7lmcM
]MaW<>$
mJrPAJ/gN
,/^^#(
Vdc&5l
RKdA$q3e/_
6 CLQP.oq
5A=j*'
\G,}OM
>E^{*%y#jv
h0b,v_2: i
8z]5NRv$sKfCqxB3
w/G'X-L^W1
]Ulu~"%6Q
KaE0$f
kb\2wRU<
imZ+o+
a,&TC!;E
L8]en+B
-T?Cg t+
]9i,' ay!y
9lsMWK
@HU}td
&Up[01
:9|}Ail]
RnNZ&>Wb
@wz{f_2D]mKU
`sJ2P"J4T
1J0@.m.
jy!fCcO''o%{YJL
DL>8v6i5
GfW!r%Z&dZym
UTUn)c
2h[1GD 8
Zc> ><y
0][}SXMhK
ok*H?Aq\>
0E L6ZVCH
:+QACi
\pz4Xho2yU7
4L#i>XX}D]nALx^
uuj+UxU$
n*0<QdB
he^:HMXs}*O
Ac"r5@Vb
2Br?0NUy!XS
C"1_sw
2L.oS<yICKm8
(Ful'\
u8RN9w
N do[w
<f\^G,
X&c\K"M
kernel32.dll
user32.dll
GetModuleHandleA
MessageBoxA
Kn[VS0/!
jy<zPn
3E &kL^tB$E6(&6W:n[
52CZ=oj
!sccXCX2
'2CJ')L_skx7G
CF1'P_bkggB
E4S;v
62CL;'ZP
^`v*v\
han9=iM(
wwwwww3388
D333338
/D333333
DD333333?
/DD33333?
DDH33?
/DDDDDD3?
DDDDDDH3?
/DDDDDD3
DDDDDD8
4l ZNSr*
4iltmZ
t@)+DHt
s/BA5s/^
P{~*Rq&%!
Sd=O;d9E
Jd=?nq12Z.N
MB8I~2ye~
;o&B8=:N2
rAj`T
q4%WE;<
s$IFt<F$3H G
(4hcfe
~eDMTF053w
ED ]8j
}ObFibz2RMv
:Ar#O6pJ
#5BX|"
8w{l;y<T
C3:XP\"')
a2UPmX
P@+?/ikT] V
cEw[3$9HIOz
_DS|ec| [~xL9<
RP;,FASv_
~75q)UlAvR
] a z4j "F
9@iIP}=d
i+CRIsR
"Y! Q #
+[eonv 6)
AfU>x}|E?T
N<b=8V
g"Qne-
*J5/.v
Qzi0n4H
h:*&iBzC
G,z1H56<
Kqz\_Jf
z>] Gw_8B
g^W-[T
u(+=Am
hHc|Y[5
jW20"6iwQ@r<a*{or
X"h@6GG
PA[&L/^
C3PK]\v(`
xmHZt3Z^
o^O"9.
2';:9S
BOq8v"MBl
SY-M80Vq<U?S
=kb!Cnz.
3S.WEYS
r8|^w@I/xh
Y'R(|L
o,} hs]
GWHa;,
a]pd/k
x_yVg\
=<(mLh
}am;XByV;
cQw0M=VIU%mr
mS{%!s1~X
awFI"B
z8~5K0U^F#Ea0ej<
% \'-Sr`Tt
'GmE]be+_
LVt@t?`KB@
lJ H'1.oY
utCEEd!:0rbF.'S2r.#(agY$o
@uoRJzv
P^&%SG;8
A}..[}
0$sfdGo
~Ngia:Bj
.`k%@Il
/B(_p<
U0}?8N0
,Kdw$L*&Y*a
p'>kx4_a
KqYIlRE~#p
glMdFlc)e}@
SO96!R
&NKQj Mf\
aub9'BtBu1a
|7 y~v(K[~(
zrY%6I~
#]<N))bp;
>?K&w}=t'>|`tB"
-W$}][z
&vU))1y
6x@|0T
^xR<`%
uCBkcu .
(!D _/
m#9&_brqQ.
>*e%gv?3
^me* `ri$@k07Q
;S\XAQ
{I)l7c
`$$[iBm
1;XLqfi>n\WskU:
-./_k=v
dSnbo3sTD(TA
|/ hrYI
ePH!3X
'4ZO.5R`n
3i6y[x3kG
mz^7K?#?^
>Fz(a7
j?H2aZb2
J9g2+6.
A0WgmVL{
M'Iu?I
]c 'XHi#dUfd
nj"i/$B
U|fSa{!
/s"%>x
2D(*RsO'4.
e*rHS>
%OQL=*:
`<&#p
/fLN ,ZE
)qz:q0
ubHwWe
K3eS eIxpKU
v6XW"&%?
4P1l;l:
qnS?{t
I;FXVBV
17u@ G
$~\P&kNDf$Xb0/~m}
"D+^J2=
@*]6N*q
V!lEmn&
;G1a8[6|ZFS"
8yyZj;F+2tk
heK`"2Q
Ip(yO^W9b
mVpR"Mgd
(8O",UrpE8Kn00K1-Cr|Q@
qV_F\aV
[RNt`y3K`
,czY3;>
"ET{y%a
$twz923Q
nHstzT%2
i^!J,bn
D.}u<yC.g
\F(B:cG|5W<'aNAq
68}mgg;V
Z18nTm1
4-B?yKm"sv
ht^{#%AV
.|%R\E
/( )P{
":/ej,?w*#:
JQ=xm@"Av-q
o{44$Q8tci9fzN
(^hn|#{d6
N3PO ?9
}-s"e`
(n1EKE
4t5Pe`
pq0}u_,
W8=}>s
.`O&p%pD_V.
up:dfRt9,UkBA4>J
O:7| 0pk!
\~2?U(dn
9U{=;8N
~KltZ0J
BD^'nh(
b+:.J:`BqG?~
V5OU*j
SPco,Yfi?X:_nQm9
>LTe!;|}M
m6 x'*7JBV&:0F#7
h ~0I[>^M7&
7cJAy*
:P>)]/nm
BDd:oEq|
3Pi#DN
."FI"r
1jC1Hu#-
W;!-t,07
jx8dy95[;<
dhJ,~ac+R:
~[Tb[|@`aY|Q=v,xM~DAM
y9NP;{{{ZRWw
]<a|[<t
r],Gm.a1
D18(g1k
Ko.TFL
I\Cku]
qzRF`[
>D[5"CIJj6
\Z 4E-
,[%ny[
9m]ze{VseO-
b6ipB"
vicA0&
6!M9#[f}lE
/{5'Y!<Gt
yBVQc]
D[&(@A<l4
e+jk~N
6bDFbpd
m]Y MX1k
=ZJn.c
)*cNdi<
7&o#p0vX
~M!#,n/
a_} Dl{iqD6
(n#HXzK`<mQP
LQ<Lggap{
/\Ikpv'
+3<V;Ek
*'$a,Ak
:E &-}6
c[l@@h~?
iNoKo.
#_<.7]c
d5i`@W
C{-QAc
b_v5}[LEx
CXo2or
4HB<4,\0Lh}
)00E,w:
We'pCw
"jo(Dmu-S"*B
IVz,R*
1S@jKM%A
;gzjw~
ofqp?V
eE5l`m
8ul=='
,'cKn;
uO0(b9[hA
BM3IJ _
jjMl B
F >exz[u
.h_mtG#tTM
_5Z8z\:G_,Y D
O;'e+F)
1>j"ip
(+?TRR-
L.oN(HkLB
nVZRzZ95
'A}5{who+
jD:fM7
n8O_<=}6jm
9,,9[^P
IWr%[7dpMN<574W0E
wf(VFE'Yh
m8}F_j /wg`KD(tCq7c
].-Q]WB~`9
)6ROuL
7r]A*^^
xQH>dM,^mY
kd(+xzWKBt~&jZ
bLck-u`$L
*II.bPyytb
yUu>6Nc
9fx`bT
;.Rgl\oVV{zM
K#e63e9
M-[1VF0O\
W`'ZVnyX`y9
j+RhS.?Q6eq
)|:NpP.?o
0~qGBK
/mtz.H[J;Ppn?
NNaOq8.a{
pAg&~ybWx
=Yacb7,lt>
6ugh5q
;ZY9z*
E|3te[I
$gU(^o
5-f9pY5
_hh+1(
<l'Q?\xn
E40R87`
o3]mo|
NKjUhX
1p.p5w
ZE=`jqMNO_
B-STn~`
?A=e eyYS)Y
|gb6v9mu
1(lcN76
_1qiE<T~Og.)|WLL+A=
J%DeE}<9
rCLPzs
`N3uFK
:tZ^8t
dw`ts+#? 8K%
6]>WJ~
AE-m-_Q+.
QLwY)(@F7AY|cqGoAK
@,I/ jD
iaK (@
<K/z6Piz
y.~moZ<O"cjO)]3*
`)za *%
PiHEpOz(
GRS>"0
foj` _p^9/Q%0d
jVea@#;Z
8}rN}*y
?jq[~i~.
2[*<JNG.\
27~Fi-OL?I_
^lMGaY}
mN}r7x
fHCK#|R7?WA1nd
u7^9~:p0
6+Yl>#T
#IeTyp<
HVYuR,
els|hny7,N
}uEi"g;1DKB
0-!;Az
YFcOAM
C/~yNP jJM?
0Mk+2$
rQj-o#
W;,y1o}Wc
DpERg\+
#D*zfAz
kawpxi.
ApD>4b
7l_[8{0:=9o7h5#\
a A%p1
MUq9.fyst
O`{ o7D
m"Ww&g
(H#s]XN%
J-2% -f
YvU!Wxz
Uw#uE<
D\Q-~$
|6E8bd|S|DV
WZ/M{?UE_NOT".lV)$Aw\
<jQ&7k
`JgGn84KczN
}"N|'MF_<i)/zM
1Q 8QJ!Y5GN
-1AU'W9
b7W*8~
g@V$A"
.ZNG+m=)gI~
1k=ae:&
SOi\2#BTC
m85i4EX
CM.q!_
-@?(Dc]f';
&|zb+~,hV&Cr
U7 %X!
/p@{bDjZ
xQeN\&cSP%
P2%b1;Qu]
wt3_ Mk;
wdi5Kt
<a$(Jq%-GHt;
'_0UG(hP{
Z]^^Q:.:Ax,mu>b0lHn6
mO-?+<~
uBU`.~VID3
'%t1M{Z=%2l
1@q"\\i+*
@c%qh:
9pnF%]"A
1)Sq|:
t&>J(Vv\qf
G,v@% nMFQ5
IAtHwTy;%H
sc"wEER"[z+O{IWj`
e15v#Tjdd
Uir~V"m
/I*2ZZ<C
='4G#Hm
"A*)](K)R?
.jHLah}
%nni-+C
LPy'e(o
1${j}&?>fsC't
CbNimFnT>
*coRNJJ
UL>"P~i
qXbb>o
x0KIoS)R}_$Z
,|L&Q=49
|/4h0Aq
BNBbH$Q
Cs,f?}
^CduA8
bvl#-aq
+O>7.t3ZA}
[)yXZ,.-3o;hF
"t^uTs
<:9ZwT[`o
iyx5@o
mU4Y$l
JLQ`t/6!
.paD|xD1]Qg:1,X
><YlB>>
@]H62Z
,5'3/[b
1|S' V{{?
2v>,Cw
Rd4yeVZ)x
Wd8e,+
PhPylW|l=
Ne6\ ^2Fxj
l(5O'"zq
8V0470
s3_r<X
8+naQ>PB
(wqV+m
<+AVdq?
+H&ge2
K_-(&IZ=4E
OaGJim I&f/;
CFwWxej X0*4
,ie$|C
KF:x|~
B@ny*O
Eo0?sw
0b7h1!ZQ
0T!f;Z%)NO}
&otndCb .&[z
?x]vqd
']3`X6R9)pIA
'L`?,\
-E>2m;BV/
)2>8mG/
:tl=jG
:/JEIC
)Gl5YH
W_VH~dJ
03t'kC;Dh[ho>D
PLVZfd
%~q&{$
!V\r-(9U
&Oi(iwN>Ppv
;D]K\>
A;i ww0
N-D'*s=FC5
<pIp\f
%#Uo)2Db
G4s3~j.L
j[WasLen]z
o Xl#3q\
3B1G0,
M)yNR'`)
Ta-[c^z(zlL{S6'vXHq
d{AD-#yx
c}Dr?.A:*B
??(-A@0
tfOGS7:_u%3pN
++yW^bE''
^NAu4C
<3fKcP
6oJ-pIl{{wZn
ui<9hDF
lsUZ?82p
d`FfWO505RX
9O)xtcaovR@f^U5tU`xOk'kvN7
hwFO3*6
74]i nD(&
>" i2m!{
sa&}[(Meaf
{k- 1O
[Z+v.h
JL8foDwvX;D{xkSI}`ny
2|Vr6{
)%9"C*F
%E(f-&
:V Qu3
=Y1?vXM+
Jm$"!R@
\H2(J}"La1r|G
~hgz< nUf,
&Li;!q
7<ftQ.Q?%!N`|8q
Lq7E,0
5lCkes@
:ksC0~-*
\)R|{D| 9F
}\Z4Cu :
X!g"]>)>2v
5MK Qt-
:Y[Y:\|
ae8ieS
Yf8$1MX~
h)<z2&
CX`o-@es%
{>0fMmtAb$].
tt$uV\T@
8kFxk9J/M N2_2
()%G,taNHs
?@6{%j|sK
wxmkt%L
MwU.]I>
0lmv#{*
U\GWA:Ahz
<lS%yA
879Y4R*y
1@}C$i+n
FG+Rp
tkxGwOM*{h.
yE3J'|?
MzF)g}A
gWt[Hd
,4&CR3
~]4-m%
#Wr%aKqsFr
~%`@Fb(
9nBNe+YUV:O
h 8s]G4&
nU:u~!
EkEt3F
='!q,|?
aTIaG)
mOR>D-
]6+osH
_!rj%!
m2Mzb\k
!945ohZEI:r
g%\(og
Te|r'F;1DKF~#^gTT
z4'TV-
-_),2+mL
#oh{|Kp
/~MR>;f
@NoVBQ_
F<*SSR
6V 0Fk+9?
H&u,H?
r>=q)&$on
FnJ-, Y!
%_<DW<eG!Ap\'
=dB41gy
ao'kEWxL
jso\-=
EG?#Vm
^&9SGJ"
Eb%|2P
*vJ!zW
]_wG,P}7
p#@i< ]m
1kgh[R
LWG4moT|
!j\PRp
]oywKs0%,mf
%0A^){k
U"XKr:
@(uF[Pm-O
$ *\if*-[L."
lhu#-F
'cj4nIoK
H*(Eq-
US-^ac
-9w#`pP
[ `9`(
"/?."O
71{)V?XN#|I9x
+ofD0Q(t[
k=n+`;/7lp
"@356$<
B pb8Vs"V
ZfOv6gN
zg#:Nql
tn/}y}
=S7g#pm
d `t%CnELj
]~\(UR/a@EXt)L
:+*BUMF
XQtM_z*jC
xaA%Bb
A_g]fO
77&{FY z
30Yz,\%s
]E=&'
9gb%t(
>#w,tI;2} Nk|Humz
k- cX@[ki |
wTpRWs
SLwn(W
XWo+{FrQ
7:; SCRy_B
FZ=gnQy
$B9D[<
AW@1xV
Sf66E2vi
BFVcxoFz
E$at(?He
J/*N+98
bS(+v~Xd
W *%@F_VPo2ea9
b\PG+0
LG*8B/P,]
v.POX ~9
!-.{Z1
1DEe+ktu
(0GUa9n?
|6Ai_I2
CbUaDU
E0d)D4
$"Zj+SP3OO'
62xDp0
h* &ye0I
TqO\J{E
#\R Mq:I6
/&W76~
-IQJY!
h26U%2YU!r
+M@~6>
t_]m7N%
6Oc/3yi
T6?''<
v<d3lcmFIxt&G/|5 vE
ke3{EYG\
t>I=<h
/'n6*@>_se!
(~8t}8o%
,/E u`
b)8QE*
{>@s:">
|iIk6{:
'8x\{AE@wOI# /
l3--<u
n le N
h5RG|t
_4b7pp"GXie
4D_qVk[M5
)%dGZ}| tyNF1
(!PSV{
x{yRjXU<GOV?8/^O1?Y?~
Gd ;}vR
<rz{ot
FOSN~U6.Y
o#J0Gw4sn%d=b
}_^2wq
[zX#^EL>\
m2=?=K7
9m0K.VeYh
69.}N^{LJ
/>?v/`4Q
_LliehA=
!5<]Bh
HOp{z\T
5||1@b8
NjT-B4.>
xR"YY`
j0C0[A
*t+Y+ayw
xT5IMGjHo
>hIyW~
%OF_IlTC}
JMTx\ifI*o@
%HxKZ m\0D_
?IM]APDG
l tf3:z
,.J~#'YO*/-
Nm8"3/
?oR>`'_~
>]?Q!$
jAF$*gri=
p|w;))h
!u8Ezb
pJQ6mB:=r|Flm
<coh_O
&r$#&L3
cQss4B
NtD+4n4]
t'$M#*;
9\kUTFUQv
__V0,N
Za#B$zBd
F?RAa`
1/y H,K
?)~%MlsfDSxp'c
'X7FhS
!~$Z~l
Nn(EB\
XOh]Q7
={ SBA}z
=3VM`~$7 :ft8p@
nU|8tzmhR@
LKX[PQ:z
Dp?MN/6
q^%%2a
x5cX.b7koI6
:[g\|`j
*XiC/8r*
$ vb!K&6
s3CfXVf
\kotC
,B/F:gRahCS*
j{!n'ab(
j %&\g
(]+vIv
N`(Mh=BrjI]Ih1{W`P4 46K
HiB0De4
y>w[vw
RL?<@`/
V@FG<l
CDuo&1m
]Jwe}Tm
E-,hglhZ/(
<DcE'}wg
GX.` W
lV;+#a
id?IpVe~
!V&N;Jz6)<
.|7U5A{{
0HDDe`f
k97>Ns"
="w1aFg+4^k6HqBM9
]*8KK{>P
UJPs?Yf}0C|!
4[^_\it
r8 i{F
]UuO+TU|PO\,C
RD{]_*
r8Q>#nB
1}}Dv,zjb(b
D=qeqB Gz3
49=#W_IG0G_
@\96Po
XN>r<O@'^^+y2j
O2IkA&W
dLf//':N
mCr<b^
ZJ2BTZ@
S(p,QJH
9cq9^sng(K7
MpWce0~*5
vAP kllmlsPfe]JB,Hh
*\`D<y
QZ3[_o+e
9??a$Q
/{ ;IN0B
CoC"+5LI
f>b(V@e
N{+`rCk
ZUF2_c*.
n9!9D8
Hw+D;f1
C+~O'
@:rl/% |
bjKz.Q
QUWXb'~2>_
%iTZ7_
dc*`%3
%*/y-M
B=kej39W
xOiV}%
hX(~Xn-
<@sgW. i
)/wcaK
i:yn1SaZ
$Rfzp\dL\*
`-+_<@R/Kg*G4
K)9G!V
X@~twF
?Uz\O&
QN//C)TJT0
h jGBXs
"R5oG$,
~V%qf CCmAI
|}QOSX!? T}
$/e;VX
kAE!"GQ
^<)K 8Vt
98Q-Sv
^4'Ek`nkl=us
Q#=kB*[
[sO;g]
"!iZ_KWw2#*Xm{~lpUT.H
oL$}6mD@
AIxfRdC\
**[pFj
}dM8LE\w
G4a^-OA'
YwjCX>?
wW}0D8
V T4J#
::,=Y{P9
@"]Vo)3j*l
_-;8^-O+GWLP7a
$d]p!T
Hi`Mh4
2P1%Jv~QIn}I!x_L%
"`L,9gJ&l7#k{3;=Zd
s9}d/sZ
s~zQUm
ptw2OB
3: $hA
V:>(AT
GhHV`NFc
B;;gwG
{@<}\-
^9}]0H
IJ[H%Cb
IfH't,J>
!N908)*
K^V:knr5-&
aZ^E*P# $
C+w5`.$<|R?E;"kd$
?U?lB}<Ypl
Tdv: <Kl,
[rcu /3@B
Vzik^^5*JYtr<
7Pp"Kq}.Cr
pK>FqD6
Ts)?l2yam_
#m2:+L*f7k
!M]@lifS3[B
U4+P= ?
`[6&*j/
C\qS sO\
jWS44_.1
bx3#gYQW1*7trCB;sY*
h0~}q^K
*?~}?Pd
%4`IbV
)\vCP>}'T=}-E~xV
+}cGnw
+[t<P*|u:w8K
>X&{whd
@;" r=3
\@O0%7
k?E3MfD
>5bhL\d
M�A�I�N�I�C�O�N�
Hosts
| IP |
|---|
| 114.114.114.114 |
DNS
| Name | Response | Post-Analysis Lookup |
|---|---|---|
| dns.msftncsi.com | A 131.107.255.255 | 131.107.255.255 |
| dns.msftncsi.com | AAAA fd3e:4f5a:5b81::1 | 131.107.255.255 |
TCP
No TCP connections recorded.
UDP
| Source | Source Port | Destination | Destination Port |
|---|---|---|---|
| 192.168.56.101 | 53179 | 224.0.0.252 | 5355 |
| 192.168.56.101 | 49642 | 224.0.0.252 | 5355 |
| 192.168.56.101 | 137 | 192.168.56.255 | 137 |
| 192.168.56.101 | 61714 | 114.114.114.114 | 53 |
| 192.168.56.101 | 56933 | 114.114.114.114 | 53 |
| 192.168.56.101 | 138 | 192.168.56.255 | 138 |
HTTP & HTTPS Requests
No HTTP requests performed.
ICMP traffic
No ICMP traffic performed.
IRC traffic
No IRC requests performed.
Suricata Alerts
No Suricata Alerts
Suricata TLS
No Suricata TLS
Snort Alerts
No Snort Alerts
Sorry! No dropped files.
Sorry! No dropped buffers.