1.0
低危
59 个模型检测该样本为恶意!
重新分析
更多

17651c8a3d7101a9013a87c5e03ffa9b89654e5979bb7811d136acda5128c996

17651c8a3d7101a9013a87c5e03ffa9b89654e5979bb7811d136acda5128c996.exe

分析耗时

193s

最近分析

382天前

文件大小

60.2KB
静态报毒 动态报毒 CVE FAMILY METATYPE PLATFORM TYPE UNKNOWN WIN32 TROJAN SPYWARE ZBOT
鹰眼引擎
DACN 0.12
FACILE 1.00
IMCLNet 0.80
MFGraph 0.00
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
Alibaba None 20190527 0.3.0.5
Avast Win32:Trojan-gen 20200118 18.4.3895.0
Baidu Win32.Trojan-Downloader.Waski.a 20190318 1.0.0.2
CrowdStrike win/malicious_confidence_100% (D) 20190702 1.0
Kingsoft None 20200118 2013.8.14.323
McAfee Trojan-FDDX!4CF683AE2434 20200118 6.0.6.653
Tencent Malware.Win32.Gencirc.10b0c566 20200118 1.0.0.1
行为判定
动态指标
网络通信
与未执行 DNS 查询的主机进行通信 (1 个事件)
host 114.114.114.114
文件已被 VirusTotal 上 59 个反病毒引擎识别为恶意 (50 out of 59 个事件)
ALYac Trojan.Spy.Zbot.FMY
APEX Malicious
AVG Win32:Trojan-gen
Acronis suspicious
Ad-Aware Trojan.Spy.Zbot.FMY
AhnLab-V3 Trojan/Win32.Gen.C381686
Antiy-AVL Trojan[Spy]/Win32.Zbot
Arcabit Trojan.Spy.Zbot.FMY
Avast Win32:Trojan-gen
Avira TR/Spy.Zbot.ahsdd
Baidu Win32.Trojan-Downloader.Waski.a
BitDefender Trojan.Spy.Zbot.FMY
CAT-QuickHeal TrojanDownloader.Upatre.AA4
ClamAV Win.Downloader.Upatre-5744087-0
Comodo TrojWare.Win32.TrojanDownloader.Waski.E@5ag7i4
CrowdStrike win/malicious_confidence_100% (D)
Cybereason malicious.e2434d
Cylance Unsafe
Cyren W32/Trojan3.IMJ
DrWeb Trojan.DownLoad3.33216
ESET-NOD32 Win32/TrojanDownloader.Waski.E
Emsisoft Trojan.Spy.Zbot.FMY (B)
Endgame malicious (high confidence)
F-Prot W32/Trojan3.IMJ
F-Secure Trojan:W32/Zbot.BBLQ
FireEye Generic.mg.4cf683ae2434de39
Fortinet W32/Waski.E!tr
GData Trojan.Spy.Zbot.FMY
Ikarus Trojan-Spy.Win32.Zbot
Invincea heuristic
Jiangmin TrojanSpy.Zbot.eekh
K7AntiVirus Trojan-Downloader ( 0049a3451 )
K7GW Trojan-Downloader ( 0049a3451 )
Kaspersky Trojan-Spy.Win32.Zbot.tble
MAX malware (ai score=80)
Malwarebytes Trojan.Email.FakeDoc
MaxSecure Trojan.Upatre.Gen
McAfee Trojan-FDDX!4CF683AE2434
McAfee-GW-Edition BehavesLike.Win32.Downloader.km
MicroWorld-eScan Trojan.Spy.Zbot.FMY
Microsoft TrojanDownloader:Win32/Upatre.AA
NANO-Antivirus Trojan.Win32.Download.dcbulw
Panda Trj/Genetic.gen
Qihoo-360 HEUR/QVM20.1.A48D.Malware.Gen
Rising Trojan.Waski!1.A489 (RDMK:cmRtazrPd/SmhfGjuItM23zGP+Mt)
Sangfor Malware
SentinelOne DFI - Malicious PE
Sophos Troj/Agent-AHGF
Symantec SMG.Heur!gen
Tencent Malware.Win32.Gencirc.10b0c566
可视化分析
二进制图像
数据导入图像 288x288
数据导入图像 224x224
数据导入图像 192x192
数据导入图像 160x160
数据导入图像 128x128
数据导入图像 96x96
数据导入图像 64x64
数据导入图像 32x32
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

2014-05-28 20:51:51

PE Imphash

5bafb291df732bd8895bcff11e861198

Sections

Name Virtual Address Virtual Size Size of Raw Data Entropy
.text 0x00001000 0x00001c24 0x00001e00 6.283383899128051
.rdata 0x00003000 0x000003a0 0x00000400 4.453036927767144
.data 0x00004000 0x00000128 0x00000200 3.5971300161990216
.rsrc 0x00005000 0x000039b8 0x00003a00 5.30331365595246

Resources

Name Offset Size Language Sub-language File type
JPEG 0x00005dfc 0x00000600 LANG_NEUTRAL SUBLANG_NEUTRAL None
JPEG 0x00005dfc 0x00000600 LANG_NEUTRAL SUBLANG_NEUTRAL None
RT_ICON 0x000063fc 0x000025a8 LANG_NEUTRAL SUBLANG_NEUTRAL None
RT_GROUP_ICON 0x000089a4 0x00000014 LANG_NEUTRAL SUBLANG_NEUTRAL None

Imports

Library kernel32.dll:
0x40301c Sleep
0x403020 VirtualAlloc
0x403024 SizeofResource
0x403028 lstrlenW
0x40302c LockResource
0x403030 LoadResource
0x403034 GetModuleHandleA
0x403038 GetCommandLineA
0x40303c FindResourceA
0x403040 VirtualFree
0x403044 ExitProcess
Library user32.dll:
0x40304c GetMessageA
0x403050 GetSystemMetrics
0x403054 LoadCursorA
0x403058 PostQuitMessage
0x40305c ReleaseDC
0x403060 SendMessageA
0x403064 ShowWindow
0x403068 TranslateMessage
0x40306c UpdateWindow
0x403070 EndPaint
0x403074 DispatchMessageA
0x403078 DefWindowProcA
0x40307c CreateWindowExA
0x403080 BeginPaint
0x403084 RegisterClassExA
0x403088 GetDC
Library gdi32.dll:
0x403004 CreateCompatibleDC
0x403008 DeleteDC
0x40300c DeleteObject
0x403010 SelectObject
0x403014 BitBlt
L!This program cannot be run in DOS mode.
`.rdata
@.data
<U`v@@
$!0EZ1
+]]]Sh
3uI=Q0
PZ01`5k0Fj`pE48
EI8&2p
%uMwUSi3
Z07`5q0Fv`pE$8
EI8&pp
+uM}USo3
f0-`5Ec0Fj`pE,8
1uMUSu3
Z0/`5xi0Ff`pE,8
+lE%0E
;0E.0E/-EM.0E3mDB0E#
G100E7c0E
'0eUe+0
0E#mE_0E'
1*UpE1k0
83,fxU<FeZE{
F$I'IfuM ~uFF f35GfMU4<1en(V70Fj
4-'0E/+U
?Iq0Fvuq
D030CfFbH0pE$ .
0"pE$
Nj0FjU=
5uUsU<
4pE, =
-/0EK0U0
3Ie0Fjuq
UXE!0f0U
5Ig0Ffuq
,pE, ;
|pE$ `c]PU,
EIc0Fjuq
0E#mDR
0Ez@4pE, ?
`5Nb0FjU
EZPj?-?Z
MpE#0Z
Eg0Ff`/pE, U;
Nn0FvUz
`bpE$
pE, m,t3
5Ig0Ffuq
+dDa!dDa
taCnLaENKMZO
UyZFwZ
E!0g|J
29nG0i
n1:`ta
e@euV2
ta?nLaAL
EO10iE%
+-3)$s7
dcPqpE
i~nxnA1
Sm0E-2
UXE1ppE
`-/0E8eseyx
%PpE)
10E30E50E#0E%0E'0E)0E+0E-0E/0E10E30E50E#0E%0E'0E)0E+0E-0E/0E10E30E50E#0E%0E'0E)0E+0E-0E/0E10E30E50E#0E%0E'0E)0E+0E-0E/0E10E30E50E#0E%0E'0E)0E+0E-0E/0E10E30E50E#0E%0E'0E)0E+0E-0E/0E10E30E50E#0E%0E'0E)0E+0E-0E/0E10E30E50E#0E%0E'0E)0E+0E-0E/0E10E30E50E0E10Eu0Eg0E#0E
0Em0E0EW0Ee0E0E0E0E0E0E0E
0E0E0EG0E#0E0E'0Ea0E+0E0E0E/0E
0E0E%0E
YENQEHUE\E
EcER@E
JEN@E'0E
YENQEHUE\EJSEP^EdE
EzcEN@E
JEV@E/0ETXERBERSEP
EFJE'0EE_EO\ENBE\REP_EdDEZBE
SEP]E'0ETTEF_EUGE
UEYUE30E
CE%0EP@EF^E+0Ep@EJBER
E#0EiUE[DE
E'0EJ@E[\EVSENDEJ_EQE
0EQDEI\ES
EE\EO0E{\
J_(aU6dE#WBES_EJBE[^E
UEcUE-0E
Ed0E0E#0E%0E
0EE0Ek0E-0E/0EK0E30E0E#0E%0E0E}0E0E-0E/0E0E0E50E#0E%0E'0E)0E0E10E}0Ew0E
0Ee0Ew0EK0EY0E0E0E0E0E0E0E0E0E0E70E+0E0E/0EY0E30E0E0E/0E
0E0E0E-0Ey+eB+V
5ZgELy+YB+Js)PU
JT)JBEvD cU1t^+ZD
#hEmD5pU+{A0FD
-nEwD5^!A0ZD
#EnD UU1{Q!i\ -g
T)O(GxD
PE)JQ+KU
)GsQ5lU$[0Ex Rq)QSE7w Y_!ZU
5EdU$Yv,SgEw WY)JY?J~@MD7O^
5)DfY1u_&JCEb Jv,Q0Em\6eS(c0E
NUEus)PU
JT)JEk\ ev,OgEc)F@
FsQ!mR7JI
WB d0EEv7J|,EQ7bGsQ5gU /DxD
fB Ot,US1PI
G6aY+ggEu
cS0YgE|u
kW\E50E#0E%0E'0E)0E+0E-0E/0E10E30E50E#0E%0E'0E)0E+0E-0E/0E10E30E50E#0E%0E'0E)0E+0E-0E/0E10E30E50E#0E%0E'0E)0E+0E-0E/0E10E30E50E#0E%0E'0E)0E+0E-0E/0E10E30E50E#0E%0E'0E)0E+0E-0E/0E10E30E50E#0E%0E'0E)0E+0E-0E/0E10E30E50E#0E%0E'0E)0E+0E-0E/0E10E30E50E#0E%0E'0E)0EpEpEpEpE
^#0E%0E'0E)0E+0E-0E/0E10E30E50E#0E%0E'0E)0E+0E-0E/0E10E30E50E#0E%0E'0E)0E+0E-0E/0E10E30E50E#0E%0E'0E)0E+0E-0E/0E10E30E50E#0E%0E'0E)0E+0E-0E/0E10E30E50E#0E%0E'0E)0E+0E-0E/0E10E30E50E#0E%0E'0E)0E+0E-0E/0E10E30E50E#0E%0E'0E)0E+0E-0E/0E10E30E50E#0E%0E'0E)0E+0E-0E/0E10E30E50E#0E%0E'0E)0E+0E-0E/0E10E30E50E#0E%0E'0E)0E+0E-0E/0E10E30E50E#0E%0E'0E)0E+0E-0E/0E10E30E50E#0E%0E'0E)0E'0E-1EG0E9030E50E'0E%1E&0E
0+0E-0E+0E11E*0Em0E{0EJ0E0E)0EC6JR)fH(MCx
Y&UC*G
(RY#VD
O_eg\+d
(NB*TV1
ydS0cD<!:e
B ZU6WT
[F,SW d=O
eU4ZC1Ju=FE1R^
geA0NU
GY+ND7F_7
E,jS \
U4jC1Fu=JE1N^
FU)!:e
7VE dU!Y3JU"J
6FE7VI{2
jFC R\<q
#0Ea0E
tus_ud
u7t0.thQtZOt
ttt4wB
pqxnqV_q
q0E%0E70E)4u3<u-0E/0E10E30E50E#0E%0E'0E)0E+0E-0E/0E10E30E50E#0E%0E'0E)0E+0E-0E/0E10E30E50E#0E%0E'0E)0E+0E-0E/0E10E30E50E#0E%0E'0E)0E+0E-0E/0E10E30E50E#0E%0E'0E)0E+0E-0E/0E10E30E50E#0E%0E'0E)0E+0E-0E/0E10E30E50E#0E%0E'0E)0E+0E-0E/0E10E30E50E#0E%0E'0E)0E+0E-0E/0E10E30E50E#0E%0E'0E)0E+0E-0E/0E10E%D0@
ExitProcess
FindResourceA
GetCommandLineA
GetModuleHandleA
LoadResource
LockResource
SizeofResource
VirtualAlloc
VirtualFree
lstrlenW
kernel32.dll
RegisterClassExA
BeginPaint
CreateWindowExA
DefWindowProcA
DispatchMessageA
EndPaint
GetMessageA
GetSystemMetrics
LoadCursorA
PostQuitMessage
ReleaseDC
SendMessageA
ShowWindow
TranslateMessage
UpdateWindow
user32.dll
BitBlt
CreateCompatibleBitmap
CreateCompatibleDC
DeleteDC
DeleteObject
SelectObject
gdi32.dll
GetProcAddress
PE)JQ+EU
Leaders agree to review EU policies
GetLastError
LastViewCtrl
v]$UY XV
French police move into Calais camps
oQ!qR7FI
fY1u_&ess
Lose a little advice on obesity
+<a_"m7
r:}*4HUC]=
J/dkMuF2s
d$20 "
ZJ2\L$a[
>uwcw\mn.
;APFp9(KH
&oVP@'<O
i~j4{Y
:A85j/
tz}nx!Px5&Zk
UU>]iC"&<
+B;"cr/A
<ga]^Q^t
(QGq}+8;3J<i
vs(;#w:uuP/sk
B#^`4m%1
GTPOl";Dll
U p=qn:tvs{_
Pw.~E<nj0dd
TGBWeo'
u:$$c=
\TetCXG}Ygu?
5!Ltko
_P\#tf^pFt
tm:v5Z.c9X2
"*<Gp$0[
?j<mq$r
U#Di9l\F;)3L?
j=q7f[
PAnE$0E+0E
0E0E-0Eo0E10E30E50E#0E%0E'0E)0E+0E0E1K1Y9
&J^*WR
^euceNT
/0E10E0Eq5E7
%0E'0E2D4:E-0E/0E10E
0E50E#0E%pE'0E)0E&1E-0E*1E10E30E50E(0E#0' E)0E+ E-0E/0EA0E30E50E0EI0E'0E0E+0E-0E/0E10E30E0E#0E%0E'0E)0E+0E-0E/0E10E30E50E#0E%0E'0E0E+0E-0E/0E10E30E50E
U=Y0E0E)0E+0E-0E/0E10E30E
T$Y0E0E)0E+0E-0E/0E10E30Eu0
0E)0E+0E-0E/0E10E30Eu0
C7D0E0E)0E+0E-0E/0E10E30Eu0
U)P0E0E)0E+0E-0E/0E10E30Eu0
#0E%0E'0E)0E+0E-0E/0E10E30E50E#0E%0E'0E)0E+0E-0E/0E10E30E50E#0E%0E'0E)0E+0E-0E/0E10E30E50E#0E%0E'0E)0E+0E-0E/0E10E30E50E#0E%0E'0E)0E+0E-0E/0E10E30E50E#0E%0E'0E)0E+0E-0E/0E10E30E50E#0E%0E'0E)0E+0E-0E/0E10E30E50E#0E%0E'0E)0E+0E-0E/0E10E30E50E#0E%0E'0E)0E+0E-0E/0E10E30E50E#0E%0E'0E)0E+0E-0E
M8w41p~k<7/<E
dDa?dDa
M0U'P=pE
'nUwE+ZFw1-/0
k8E+.f
eodla;
wE+ZGw2-/0
-f|aC`t
e-mpEy
U,.?w[
0E$F[3xegX
ZDUP5pE
Y0E`gh1
yyyzzz2
--------:------bW-------)
. . . . . . . . . G;. . TI. . . . . . . . . . . . +
-/!/!/!/!/!/!/!/!G;/!G;/!/!--.!/!/!/!/!/!/!/!-
/!1"1"1"1"1"1"1"1"
u1"XL1"1"eY1"1"1"1"1"1"1"/!
1"2#2#2#2#2#2#2#2#2#2#2#2#2#2#2#2#2#2#2#2#2#2#2#2#2#2#2#2#2#2#1"
3$4$4$4$4$4$4$4$4$4$4$4$4$4$4$4$4$4$4$4$4$4$4$4$4$4$4$4$4$4$4$3$zzz
5%J<J<J<J<J<J<J<J<J<J<J<J<J<J<J<J<J<J<J<J<J<J<J<J<J<J<J<J<J<J<5%3
PADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXC
L!This program cannot be run in DOS mode.
i2h:2h:2h:2i:gh::1h::3h:)%:"h:)%:Ph:)%:
h::3h::*h::3h::3h:Rich2h:
`.data
@.reloc
otools\inc\nlg\private\inc\msfsa\faarray_cont_t.h
otools\inc\nlg\private\inc\msfsa\falextools_t.h
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
CorExitProcess
bad exception
HH:mm:ss
dddd, MMMM dd, yyyy
MM/dd/yy
December
November
October
September
August
February
January
Saturday
Friday
Thursday
Wednesday
Tuesday
Monday
Sunday
Unknown exception
GetProcessWindowStation
GetUserObjectInformationW
GetLastActivePopup
GetActiveWindow
MessageBoxW
 !"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~
nlg\lib\msfsa\faallocator.cpp
nlg\lib\msfsa\farsdfa_pack_triv.cpp
otools\inc\nlg\private\inc\msfsa\faarray_cont_2xresize_t.h
nlg\lib\msfsa\famultimap_pack.cpp
Internal error.
Object cannot be initialized.
Limit size has been exceeded.
Out of memory.
Object is not ready.
]ut5p?
W3+t#Hu7Vu
^3[UQE
V3WM0u
UVW39~
<|uCt7
t79V$t2h
M 3UE9J
MA3;~\U
E;}q}M
PE @PE
MPE+@PE
G;}|}]}$
F;}^U9]
z;~\;}T;]
Yt]U]U]
EVW3EP
C:\Users\admin1.DENTISTRY\AppData\Local\Temp\Temp1_Incident_SJ75B6J5X23LI53 (2).zip\Incident_1BBWHVO9AR3E263.scr
C:\7BhpFG3v.exe
C:\WiIZb7YV.exe
C:\b2e4b561de0f4bd70836e5f51e139006bf4b9113e54eb86a7194cd9260d166ce
C:\c0c22bd0b5427bfbba2b6eb79a96dfada91e06ff884fb7b3cef454aceb14b6b6
C:\8326dd2b5b7c5c94ad296b87a0e43d2abb8e2f14990c502c99de2445e75aec8e
C:\e1bc53827d713cd00975ab208e05d373bb7fd38b56cf931163a2c8e7894d7f93
C:\o_IKMW2U.exe
C:\S5YF3VCP.exe
C:\K840QW13.exe
C:\iL3w6Cfa.exe
C:\dzb5hpFU.exe
C:\pZkBxXby.exe
C:\P9mewqhI.exe
C:\8jwG5SLY.exe
C:\Am4sFd1A.exe
C:\ER6a54SB.exe
C:\JjbJTJzo.exe
C:\G0KqXEef.exe
C:\RPwTnRTB.exe
C:\pgikhINV.exe
C:\lD1X5wys.exe
C:\6GrycsEq.exe
C:\e0t79jcP.exe
C:\fZbyj8nK.exe
C:\FmQkkoqd.exe
C:\ZpCvXioB.exe
C:\OhPIGqfG.exe
C:\TdUQGsgA.exe
C:\Pbza_O_1.exe
C:\f2cAZqhG.exe
C:\u3HDTMCf.exe
C:\35aPsX9j.exe
C:\Ht5cQXpq.exe
C:\2xvtUoY7.exe
C:\Axqv1N_m.exe
C:\YbymZfvU.exe
C:\dWfZxnyR.exe
C:\vLxD4hUt.exe
C:\k9nDxAFp.exe
C:\QwmOdje4.exe
C:\iFPsnAEa.exe
C:\iFpTxHyv.exe
C:\FcLyaTVK.exe
C:\GHJObEVu.exe
C:\SgTL0FoN.exe
C:\8ZDSkq84.exe
C:\5vQfcztB.exe
C:\Y2esHg5K.exe
C:\vkiZpH_v.exe
C:\V0lomcM1.exe
C:\1IlgOAcz.exe
C:\xhfnPNYX.exe
C:\LziP6TjA.exe
C:\SHRQ82Ko.exe
C:\agL31Snl.exe
C:\_ZZYehjy.exe
C:\3pR9InY9.exe
C:\G2wDd_9P.exe
C:\BvFQMn0u.exe
C:\hZZPr7P_.exe
C:\ZwqnXehz.exe
C:\ykev7VXA.exe
C:\2NZdf7Nh.exe
C:\mfWnJpHQ.exe
C:\9abcf83b16d2c2dc20ec9fcea5e4002b161c6439af1dbb3f998761b1041341d2
C:\4Veq1xfc.exe
C:\eEpots0X.exe
C:\uEw_mjWd.exe
C:\qEI2D11w.exe
C:\wlfCmo3_.exe
C:\b0u3_vEe.exe
C:\kp676VpL.exe
C:\CGIIcctS.exe
C:\_ngu9RsR.exe
C:\0h0qPtwX.exe
C:\OVQF_ILf.exe
C:\XxhVhTqz.exe
C:\c2efd4f95d1e0d2c2a5dd358a3bc26671f39a21caf5fc8d40c022975c9844175
C:\5IxYMp_I.exe
C:\eWOF1wfR.exe
C:\PLpnUnHd.exe
C:\A80Pyw3H.exe
C:\KPFuebdi.exe
C:\tfnQ5uvp.exe
C:\b04604419ee856c5f30ad022880a107950952d5588135ecefd7dfb24550b353b
C:\3523b0e021884011f9a3b67f65c1e0f480584bb3f0cbd23ce22185d6bc4f7c45
C:\BUxTvEYl.exe
C:\0e8bee0cf828548c5fa778a617f721e8d6d46d8fe369b769064bec7ad5e4ba40
C:\5deb727861cc596e10084d9ac59c9c1bd910cd5aac7fdf8fd53831a11ffbfdf0
C:\c80fc4fec4b374e98e63010c48fdd1dccb119de804dd44546c6903bbef54ab71
C:\3d15815bbfc84303357ef6acb10a542ab68a84193f219f0df4640d2b09278e49
C:\_HBLJ8Z7.exe
C:\h_3yU7fA.exe
C:\97ucj_VM.exe
C:\BVfCAVTK.exe
C:\EE3Syz1y.exe
C:\5bCS1_5P.exe
C:\15f25869611dbe6697a498b8e1e8220eeaa347e4f23bc98a9def63f03fd7a35d
C:\2b62e7e28e533880ddee5f1273bb00dc4e8a5f665f8a4ea5976d5d3c42318135
C:\ItChWwN5.exe
C:\YIa2R_b3.exe
C:\tN82qqxS.exe
C:\mnEeIcfk.exe
C:\X_IWyPgL.exe
C:\5v2udW77.exe
C:\hGKXJ9pH.exe
C:\zWbrhz70.exe
C:\qp3aSv1O.exe
C:\2e_ou2iO.exe
C:\HFRMGwZv.exe
C:\ScEfVNNO.exe
C:\Wvn0U0OE.exe
C:\XNIohauA.exe
C:\ntTNy29f.exe
C:\kJq3r2Tr.exe
C:\vvcSR15m.exe
C:\yricbve_.exe
C:\ocuo53if.exe
C:\c7b4f6f1009057129365aae0d86085ca4c07d1ecf631f4f901abd83857482541
C:\d7eeb2c7a7d9db7963eaa7fde0bfcbb14d07abd35e3ae12661f486e132647114
RESOURCE_FATOKENIZER
KERNEL32.DLL
smscoree.dll
nruntime error
TLOSS error
SING error
DOMAIN error
- Attempt to use MSIL code from this assembly during native code initialization
This indicates a bug in your application. It is most likely the result of calling an MSIL-compiled (/clr) function from a native constructor or from DllMain.
- not enough space for locale information
- Attempt to initialize the CRT more than once.
This indicates a bug in your application.
- CRT not initialized
- unable to initialize heap
- not enough space for lowio initialization
- not enough space for stdio initialization
- pure virtual function call
- not enough space for _onexit/atexit table
- unable to open console device
- unexpected heap error
- unexpected multithread lock error
- not enough space for thread data
- abort() has been called
- not enough space for environment
- not enough space for arguments
- floating point support not loaded
Microsoft Visual C++ Runtime Library
<program name unknown>
Runtime Error!
Program:
HH:mm:ss
dddd, MMMM dd, yyyy
MM/dd/yy
December
November
October
September
August
February
January
Saturday
Friday
Thursday
Wednesday
Tuesday
Monday
Sunday
WUSER32.DLL
((((( H
CONOUT$
C:\3083dd41ffa97d164d173bfd8e6f7853fa2a124bab942cc8bd8233561804e7b9
C:\599f6e8b0279794efe873244c01570ed713d924b756f4c6d1ae2e43342ea3d07
C:\cfa429246f365653a5b47e9d4873276e3b749833e0cf84eba8b6277480814e78
C:\b8186f2678f3b19e130dcccbc99b79f54a000a3264fcbe40334f1c71ffc7bac7

DNS

Name Response Post-Analysis Lookup
dns.msftncsi.com A 131.107.255.255 131.107.255.255
dns.msftncsi.com AAAA fd3e:4f5a:5b81::1 131.107.255.255

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 53179 224.0.0.252 5355
192.168.56.101 49642 224.0.0.252 5355
192.168.56.101 137 192.168.56.255 137
192.168.56.101 61714 114.114.114.114 53
192.168.56.101 56933 114.114.114.114 53
192.168.56.101 138 192.168.56.255 138

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.