1.2
低危
DACN
0.12
FACILE
1.00
IMCLNet
0.61
MFGraph
0.00
反病毒引擎
| 查杀引擎 | 查杀结果 | 查杀时间 | 查杀版本 |
|---|---|---|---|
| Alibaba | None | 20190527 | 0.3.0.5 |
| Avast | Win32:Malware-gen | 20191029 | 18.4.3895.0 |
| Baidu | None | 20190318 | 1.0.0.2 |
| CrowdStrike | win/malicious_confidence_100% (W) | 20190702 | 1.0 |
| Kingsoft | None | 20191029 | 2013.8.14.323 |
| McAfee | RDN/Ransom.hi | 20191029 | 6.0.6.653 |
| Tencent | None | 20191029 | 1.0.0.1 |
静态指标
可执行文件包含未知的 PE 段名称,可能指示打包器(可能是误报)
(1 个事件)
| section | .imports |
动态指标
可执行文件使用UPX压缩
(3 个事件)
| section | UPX0 | description | 节名称指示UPX | ||||||
| section | UPX1 | description | 节名称指示UPX | ||||||
| section | UPX2 | description | 节名称指示UPX | ||||||
网络通信
与未执行 DNS 查询的主机进行通信
(1 个事件)
| host | 114.114.114.114 | |||
文件已被 VirusTotal 上 53 个反病毒引擎识别为恶意
(50 out of 53 个事件)
| ALYac | Trojan.Agent.DYZC |
| APEX | Malicious |
| AVG | Win32:Malware-gen |
| Acronis | suspicious |
| Ad-Aware | Trojan.Agent.DYZC |
| AhnLab-V3 | Trojan/RL.Agent.R248722 |
| Arcabit | Trojan.Agent.DYZC |
| Avast | Win32:Malware-gen |
| Avira | HEUR/AGEN.1004962 |
| BitDefender | Trojan.Agent.DYZC |
| CAT-QuickHeal | Trojan.SkeeyahRI.S4351600 |
| ClamAV | Win.Malware.Satan-6952126-0 |
| Comodo | Packed.Win32.MUPX.Gen@24tbus |
| CrowdStrike | win/malicious_confidence_100% (W) |
| Cybereason | malicious.e6168b |
| Cylance | Unsafe |
| Cyren | W32/Ransom.KX.gen!Eldorado |
| DrWeb | Trojan.DownLoader23.51365 |
| ESET-NOD32 | a variant of Win32/Agent.NCK |
| Emsisoft | Trojan.Agent.DYZC (B) |
| Endgame | malicious (high confidence) |
| F-Prot | W32/Ransom.KX.gen!Eldorado |
| F-Secure | Heuristic.HEUR/AGEN.1004962 |
| FireEye | Generic.mg.55b67cfe6168babd |
| Fortinet | W32/Agent.NCK!tr |
| GData | Trojan.Agent.DYZC |
| Ikarus | Virus.Win32.CeeInject |
| Invincea | heuristic |
| Jiangmin | Trojan.Agent.cemd |
| K7AntiVirus | Trojan ( 0000e1321 ) |
| K7GW | Trojan ( 0000e1321 ) |
| Kaspersky | Trojan.Win32.Agent.neyndy |
| MAX | malware (ai score=82) |
| Malwarebytes | Trojan.Dropper.VBS |
| MaxSecure | Trojan.Malware.121218.susgen |
| McAfee | RDN/Ransom.hi |
| McAfee-GW-Edition | BehavesLike.Win32.VTFlooder.nm |
| MicroWorld-eScan | Trojan.Agent.DYZC |
| Microsoft | VirTool:Win32/CeeInject.BCF!bit |
| NANO-Antivirus | Trojan.Win32.Agent.dxyslu |
| Panda | Trj/Genetic.gen |
| Qihoo-360 | Win32/Trojan.84d |
| Rising | Ransom.Satan!1.B5F1 (CLASSIC) |
| SentinelOne | DFI - Malicious PE |
| Sophos | W32/CTSInf-A |
| Symantec | ML.Attribute.HighConfidence |
| TACHYON | Trojan/W32.Agent.99944.H |
| Trapmine | malicious.high.ml.score |
| VBA32 | Trojan.Agent |
| VIPRE | Trojan.Win32.Generic!BT |
二进制图像
288x288
224x224
192x192
160x160
128x128
96x96
64x64
32x32
运行截图
暂无运行截图
该样本运行过程中未生成截图
PE Compile Time
2015-05-05 21:45:31
PE Imphash
5ffb2aa7722009119a85fcb7499bf421
Sections
| Name | Virtual Address | Virtual Size | Size of Raw Data | Entropy |
|---|---|---|---|---|
| UPX0 | 0x00001000 | 0x0000e000 | 0x0000ce00 | 5.5180306524487825 |
| UPX1 | 0x0000f000 | 0x00007000 | 0x00006200 | 3.120403753777329 |
| UPX2 | 0x00016000 | 0x00001000 | 0x00000200 | 2.9046664760200502 |
| .imports | 0x00017000 | 0x00001000 | 0x00000800 | 4.0517279472761825 |
| .reloc | 0x00018000 | 0x00001000 | 0x00000c00 | 6.531409592522656 |
Imports
Library KERNEL32.DLL:
• 0x401018 GetDriveTypeW
• 0x40101c CreateProcessW
• 0x401020 GetLogicalDriveStringsW
• 0x401024 WriteFile
• 0x401028 ReadFile
• 0x40102c CreateFileW
• 0x401030 FlushFileBuffers
• 0x401034 GetLastError
• 0x401038 SetFilePointer
• 0x40103c LocalAlloc
• 0x401040 FindNextFileW
• 0x401044 LocalFree
• 0x401048 CreateThread
• 0x40104c ExpandEnvironmentStringsW
• 0x401050 WriteConsoleW
• 0x401054 SetFilePointerEx
• 0x401058 FindFirstFileW
• 0x40105c CreateMutexW
• 0x401060 GetFileSize
• 0x401064 GetEnvironmentVariableW
• 0x401068 FindClose
• 0x40106c ExitProcess
• 0x401070 SetStdHandle
• 0x401074 GetConsoleMode
• 0x401078 GetConsoleCP
• 0x40107c GetCommandLineW
• 0x401080 IsProcessorFeaturePresent
• 0x401084 SetLastError
• 0x401088 InterlockedIncrement
• 0x40108c InterlockedDecrement
• 0x401090 GetCurrentThreadId
• 0x401094 EncodePointer
• 0x401098 DecodePointer
• 0x40109c GetModuleHandleExW
• 0x4010a0 GetProcAddress
• 0x4010a4 MultiByteToWideChar
• 0x4010a8 GetStdHandle
• 0x4010ac GetModuleFileNameW
• 0x4010b0 GetProcessHeap
• 0x4010b4 GetFileType
• 0x4010b8 InitializeCriticalSectionAndSpinCount
• 0x4010bc DeleteCriticalSection
• 0x4010c0 GetStartupInfoW
• 0x4010c4 QueryPerformanceCounter
• 0x4010c8 GetCurrentProcessId
• 0x4010cc GetSystemTimeAsFileTime
• 0x4010d0 GetEnvironmentStringsW
• 0x4010d4 FreeEnvironmentStringsW
• 0x4010d8 UnhandledExceptionFilter
• 0x4010dc SetUnhandledExceptionFilter
• 0x4010e0 GetCurrentProcess
• 0x4010e4 TerminateProcess
• 0x4010e8 TlsAlloc
• 0x4010ec TlsGetValue
• 0x4010f0 TlsSetValue
• 0x4010f4 TlsFree
• 0x4010f8 GetModuleHandleW
• 0x4010fc EnterCriticalSection
• 0x401100 LeaveCriticalSection
• 0x401104 HeapFree
• 0x401108 Sleep
• 0x40110c IsValidCodePage
• 0x401110 GetACP
• 0x401114 GetOEMCP
• 0x401118 GetCPInfo
• 0x40111c IsDebuggerPresent
• 0x401120 LoadLibraryExW
• 0x401124 OutputDebugStringW
• 0x401128 LoadLibraryW
• 0x40112c RtlUnwind
• 0x401130 HeapAlloc
• 0x401134 HeapReAlloc
• 0x401138 WideCharToMultiByte
• 0x40113c GetStringTypeW
• 0x401140 HeapSize
• 0x401144 LCMapStringW
• 0x401148 CloseHandle
Library ADVAPI32.dll:
• 0x401000 RegCloseKey
• 0x401004 CryptGenRandom
• 0x401008 RegCreateKeyW
• 0x40100c CryptAcquireContextW
• 0x401010 RegSetValueExW
Library USER32.dll:
• 0x401150 wsprintfW
L!This program cannot be run in DOS mode.
F.'}'}'}>>}'}><}'}>?}'}_b}'}'}'}
=}'}Rich'}
.imports
.reloc
CorExitProcess
FlsAlloc
FlsFree
FlsGetValue
FlsSetValue
InitializeCriticalSectionEx
CreateSemaphoreExW
SetThreadStackGuarantee
CreateThreadpoolTimer
SetThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer
CreateThreadpoolWait
SetThreadpoolWait
CloseThreadpoolWait
FlushProcessWriteBuffers
FreeLibraryWhenCallbackReturns
GetCurrentProcessorNumber
GetLogicalProcessorInformation
CreateSymbolicLinkW
SetDefaultDllDirectories
EnumSystemLocalesEx
CompareStringEx
GetDateFormatEx
GetLocaleInfoEx
GetTimeFormatEx
GetUserDefaultLocaleName
IsValidLocaleName
LCMapStringEx
GetCurrentPackageId
Sunday
Monday
Tuesday
Wednesday
Thursday
Friday
Saturday
January
February
August
September
October
November
December
MM/dd/yy
dddd, MMMM dd, yyyy
HH:mm:ss
MessageBoxW
GetActiveWindow
GetLastActivePopup
GetUserObjectInformationW
GetProcessWindowStation
!"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
!"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~
!"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
A;r_^]QR5$@
r3339]vWF
;}r_^[]
3^]SWj
3_[^]j
3_[^]j
_[^]Vv
3~>3FfUfDu
r3fDuh
tajDlj
_^[]U,SVW
~EECTS
_^[]d0
SVWShM@
t^f|$<.tJD$<PS$h
_^[]UM
Efu3_^][j
}Genuu_}ineIuV}nteluM3@3
_^3[UE
8csmu%x
S^`F`y
YYt3V5
~pjCXf
YYt-V5
UQEPhH
YYuPVWho@
r^]UVu
@Y<v5h"@
[M_3^%
]j@j _W
jEPh`@
Y8Y4@M
Y8Y4@MFu
YUQQSVWh
S33Wf(@
EPEPWWVa
Yt)EPEP
_^[UQQE
tj"Xf9
j"_f9y
t"f;Et
^[SV5@
j=YfuG
tAVSPI
3Y_^[5@
3PPPPP2
M3ME3M3;u
;r_^VW
;r_^UQW
tGS3Vf9 t
^[_U`@
XUQV5H@
fu^h0t@
+SVW`@
1E3PeuEEEEd
Y__^[]QU
8csmu(=@@
^]VWP@
|3_@^UE
^]UVW3j
_^]USVW=@
Yu%t!V
u_^[]UVW3u
YYu,9E
u_^]USV5
P_^[]USVu
t_FxtX9
P?38YYE
Y_^[]UVu
Q_[^]j
Npt"~l
t4V0;t(W8Yt
MapUS]
AJu_^[]U
;rM_^3[
whu;5@
Eph33Su
OuV<Y3_M^3[=
ffffffE
3PPPPP
t'@-rA
B(;r3_^[]UjhP@
1E3PEd
Y_^[]UE
u*UQSV5
;r>PSYYt1
3_^[Uu
YH]V30@
(r^U5@
3@]3]UE
Y+t"+t
+t^+uH4}
uAGdEGd
u wdVUY
tAt2t$
^0s_^]
Ju3_uf
^0t^]SW
ft%Ou +
3jPfTAX3f
uj"U$`@
;tO95@
MEt/t+
3M_^3[
URPQQhP@
t;T$4t
;v.4v\
UVWS33333[_^]
33333USVWj
_^[]Ul$
on0v00f
on0v00f
on0v00f
DDDDDDDDDDDDDD
Y3MS0u
t@V*Yt
PMYF ;
P;YF$;
P)YF8;
PY^]UVu
PzYF0;
PhYF4;
PVY^]UVu
v$v(v,v0v4v
v8v<@v@vDvHvLvPvTvXv\v`yvdqvhivlavpYvtQvxIv|A@
^]UQQ`@
E$39E(j
3t@WVuSu
t!3PP9E u
e_^[M3
MYu(Eu$u u
PY]UQ`@
39E WWu
e_^[M3U
YUSVW3
_^[]U}
jA[jZZ+U
_+[^]UE
$3]UVu
3^]USVu
t9W>+~
e3}!}j
tWPV@YYE
PYt G}
4V@YYE
USVWUj
P(RP$R
t:|$,t
;t$,v-4v
UQPXY]Y[
^u;5<@
3W@D<,9U
u L!8y
YtDD4+
43QQ@8j
$QPEP0
G,84;E
(PSHP0
(PSHP0,
r3VVhU
QH++PPVh
Q$D+<;
Duct$j
+,^[M3_
}VYQL$
YY]UQQVu
PYYt@}
~';_t|%39E
;_tr.~
Map_6Uj
WYtP @
3_^]UVu
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
GetDriveTypeW
CreateProcessW
GetLogicalDriveStringsW
WriteFile
ReadFile
CreateFileW
FlushFileBuffers
GetLastError
SetFilePointer
LocalAlloc
FindNextFileW
LocalFree
CreateThread
ExpandEnvironmentStringsW
WriteConsoleW
SetFilePointerEx
FindFirstFileW
CreateMutexW
GetFileSize
GetEnvironmentVariableW
FindClose
ExitProcess
SetStdHandle
GetConsoleMode
GetConsoleCP
GetCommandLineW
IsProcessorFeaturePresent
SetLastError
InterlockedIncrement
InterlockedDecrement
GetCurrentThreadId
EncodePointer
DecodePointer
GetModuleHandleExW
GetProcAddress
MultiByteToWideChar
GetStdHandle
GetModuleFileNameW
GetProcessHeap
GetFileType
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
GetStartupInfoW
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetEnvironmentStringsW
FreeEnvironmentStringsW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleW
EnterCriticalSection
LeaveCriticalSection
HeapFree
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
IsDebuggerPresent
LoadLibraryExW
OutputDebugStringW
LoadLibraryW
RtlUnwind
HeapAlloc
HeapReAlloc
WideCharToMultiByte
GetStringTypeW
HeapSize
LCMapStringW
CloseHandle
RegCloseKey
CryptGenRandom
RegCreateKeyW
CryptAcquireContextW
RegSetValueExW
NtClose
RtlAdjustPrivilege
NtDelayExecution
wsprintfW
GX3jCH
`.data
.reloc
vZh]@9H4W&
!]SZej%tVDxmQ
$QPcIM
j\B~<]
T@y=RtU$<
*B%H@1%
(S#_#!C
j<Cf>%;
vtL>T1%abWwu
/=+Hs;\.>$
Y^0k48|*
VVhU.12(
rbRlXq
i?18Q.$
L<.YCwP
5*o lRB$e
t7; t57
^^DVQpzA)qT
';_t|%
V(n1ci
8lh1'q
<0} U_!xV
lLY/7N2
Z2-(FS
'=aOV "x|?[ ev
o?qCNw
;QqOHpDc
djR'L&Bv
/?_U[mP?
X\<`dhlpx<<<
y ,4@LPyT`t
4<D<LT\dlyt|^<y
0DyLTh~
v{giv_
_j2r1~#
??cU1<
/!5 ACPgRvn/S
WYl/ymV p
?\pr )
XzxrTyp.-eW
1YkiiFile
<-{{+B
S;P[:;of
]Yv&dNexAW5Fm
xpaREnvinmeAfvC*sonm
roVaabg;[F[
dH6l}o
Mod CP
mmfK;{VLIsw;[<
I^kedkKk
cFm+De
FliiwF10I{h
E+7Addr/
M<tiBy oWivCha>"xq-
XuZ`tER`
ZYUn}9,
|V+1Unh
S9+*km$T.m-""P
,ASveV
CCUagA`
NbugNrG
Rtl`wi
g1Key9+S
tnRJX9/o_:W=Acqu
N+/tWI {
8afQq6
Wwspdtf
,&1/$-7(
,!*2v w
\K.reJf!;-N"Bw
XPTPSWXaD$j
ADVAPI32.dll
KERNEL32.DLL
ntdll.dll
USER32.dll
RegCloseKey
ExitProcess
GetProcAddress
LoadLibraryA
VirtualProtect
NtClose
wsprintfW
KERNEL32.DLL
GetDriveTypeW
CreateProcessW
GetLogicalDriveStringsW
WriteFile
ReadFile
CreateFileW
FlushFileBuffers
GetLastError
SetFilePointer
LocalAlloc
FindNextFileW
LocalFree
CreateThread
ExpandEnvironmentStringsW
WriteConsoleW
SetFilePointerEx
FindFirstFileW
CreateMutexW
GetFileSize
GetEnvironmentVariableW
FindClose
ExitProcess
SetStdHandle
GetConsoleMode
GetConsoleCP
GetCommandLineW
IsProcessorFeaturePresent
SetLastError
InterlockedIncrement
InterlockedDecrement
GetCurrentThreadId
EncodePointer
DecodePointer
GetModuleHandleExW
GetProcAddress
MultiByteToWideChar
GetStdHandle
GetModuleFileNameW
GetProcessHeap
GetFileType
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
GetStartupInfoW
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetEnvironmentStringsW
FreeEnvironmentStringsW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleW
EnterCriticalSection
LeaveCriticalSection
HeapFree
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
IsDebuggerPresent
LoadLibraryExW
OutputDebugStringW
LoadLibraryW
RtlUnwind
HeapAlloc
HeapReAlloc
WideCharToMultiByte
GetStringTypeW
HeapSize
LCMapStringW
CloseHandle
ADVAPI32.dll
RegCloseKey
CryptGenRandom
RegCreateKeyW
CryptAcquireContextW
RegSetValueExW
ntdll.dll
NtClose
RtlAdjustPrivilege
NtDelayExecution
USER32.dll
wsprintfW
t1x1|111111:
;$;,;4;<;D;L;T;\;d;l;t;|;;;;;;;
2222|;;;;;;;;;;;;;;;;;
<$<,<4<<<D<L<T<\<d<l<t<|<<<<<<<<<<<<<<<<<
=$=,=4=<=D=L=T=\=d=l=t=|=================
>$>,>4><>D>L>T>\>d>l>t>|>>>>>>>>>>>>>>>>>
?$?,?4?<?D?L?T?\?d?l?t?|?????????????????
0$0,040<0D0L0T0\0d0l0t0|00000000000000000
1$1,141<1D1L1T1\1d1l1t1|11111111111111111
2$2,242<2D2L2T2\2d2l2t2|22222222222222222
3 3(30383@3H3P3X3`3h3p3x33333333333333333
4 4(40484@4H4P4X4`4h4p4x44444444444444444
5 5(50585@5H5P5X5`5h5p5x55555555555555555
6 6(60686@6H6P6X6`6h6p6x66666666666666666
7 7(70787@7H7P7X7`7h7p7x77777777777777777
8 8(80888@8H8P8X8`8h8p8x88888888888888888
9 9(90989@9H9P9X9`9h9p9x99999999
40:0W1p1~11111111
2127222222
3=3D3333
434m444444444#5,5555555555555
6V6p6|666
7 7&7Z7a7w77777
8,8d88888
9I9S9Y9t9~99999^<
<<<<<<<
=O====
>0>;>E>W>a>>>
0B1g1q111
2A2\2t222222G3R3s33333333
4J4R4e4p4u44444444u55555555
6?6D6P6U6t666
7[7s7}77777777777
8 8M8`88888
9-939k9w999
:$:B:e:k:r:::
;B;[;;;;;;&<,<=
>d>p>x>>>>>>>>"?.?=?F?S????????
"01070G0O0U0d0n0t0000000000
1 1)1.141<1A1G1O1T1Z1b1g1m1u1z1111111111111111111111
2 2%2+23282=2F2K2Q2Y2^2d2l2q2w2
222222222222222222222
3"3*3/353=3C3Q3_3f3s3|33333A4444
61676A6W6j6666666
7<7A7Y7b7w7}7777777
8)8/8o8x8888@99-:::";4;m;;;;.<5<J<T<<<<<<<<<
=k===,?>?x???????
L0\0r00000000
1*111X1111
2222E3{3]4444
5E5Y55555
6/656666
7H7O7W777777
8/858W8d8q8y8
888888882979@9E9N9S9`99999]:<<
=&=4=:=I=P=`=f=l=t=z===============
>T>l>>>>>?
0-0<0I0U0e0t0{0000000
1"1+1O1|111133333333
474U4\4`4d4h4l4p4t4x444444:5E5`5g5l5p5t555555
6^6d6h6l6p67&8E8\8k8888+9C999999
:*:<:N:`:r::::::::
1>111D2g2222
3G3p3~333v44b5555
6H6O6b6666666666666666
7!7+757E7U7e7n7777u888888
9)9W9a9g9{99:::
;$;.;;;;;z<<e====
F0R0}0:1C152>2*3t3}333
6E6U6n6666687D777788
9!9@9Q9999-:j:t::::
<8<D<`<l<<<<<<
=(=H=d=h======
>0>P>p>>>
x1|111111111111111111111111111111111
2 2,2024282<2@2D2H2L2P2T2X2\2`2d2h2l2p2t2x2|2222222222222222222222222
3$343D3d3p3t3x3|330:4:8:<:@:D:H:L:P:T:p:x:<
= =$=0=4=8=<=@=D=H=L=T=X=p=
q^d/3UzY;
U*d1fh
6eYN^7(|X
0:5\}&:
XyZ}f[d,z
N}nG@{U
\E~q=<]
uK?a]hj
Z~gt*1=s
(7hO d;G*9
jV!Vd3
v|@XCQ
=G\2'j|3
_ R<)Zm
(+D&{@dQK
}2Uu@
w^&<V
5wAOko'*
G6#YT=
;ubw$y
}m%yb0
Xo,C=]
Uycnkj=l
&,qVv"u4L
/)wS2|Y2
;|3y<\]
?moKh{
+D{I_m
^~g#N#.tf
q[}72S
k{C%q
]5!9#,F
qbgZ2R}
:?D*/{^h
MZ+Qm>
oG)]{i
LQ'Zjb4RGC
K?vCS(-'!
,x9vpx
ITYGT^Y}NS
! 79 \<hEKRU
9muxP!
1PJdGT9>>
IYHbZd 4
5ngIWn|P/e8
.>"j,WV
i'PAk(9te
^><VW^E
7!hR !K"
@1L@MzJ
*[ K) 8$D
rt.J]*&
3Rre)]
ueQg"}
e/.@7(
pguuOlG"\+
>i`BS
W|-Sb7:JK
,>]+4`
C_?O(uz1?o@~F#
%-L_6+
"' h/r09b
Q;WDkODs=;
.KT`8T
)d@Wnryvi
f)0GK`
N;(;8=&
c30g<@
S8T^0$[/
(?xv)
=r%l]!
huggzkvuU
X-r&1mSz
M/`VAxx
VmLgZDYgM@
z(w4egDp
6Od}odH
;zu.gDMN
kNDUH&
fflLoP
i#Eo-px[
08+PeCd
!Ji{S_c
`o(m.FPXL
2pTl529
_wru\zf
}IVveo
@,}5<?FQxN+8\*
Fv7 `0`f
Hlc[k=k_
'\mlB ba9dK
Y:@`s4
%eRYy-2 U_rR/[=S>m2
-K5Gm-9 Ffy
rQeWe2\NSB
n2t&isw
_1K3+S<
xPM/((
"[hOKj>
6t{#z}dI9
W/mV'4e
5A_&ACM
z(SHPiTy
wj.@cQ_]
&|!G%P
AH%LOm]K/XK
q$zTWT1-1
=YW,x"'
'NfsR\%
*2>FcG
>p#vT<Tj>
2%-V/SA0qwU
^FMNk4>.
Wn>HO6jD:
_THkV|sD8c-wIGAzH
ap%a@"x,Ip)
J;LfMgs"
zj3ux(8QMG*~%X6
kHLj)+
QP.zXb
*P\QLBe>R<$
wch8DP
?wc,x3`iMU7J#
r{@R^2
zAM*+_[7
A`.kt \R_rJ
va9v)HX
Vli|mWD?
N6c)dMhU
|cuf'0owBV~aa OyTa:j{r
Fc^]YDXK
*Q/zv&$Xs
6iK\E3
AB!-ig}Vs|
=G=+pv<]7P
5IXvJkP
<,NCr=N/:O
nJ ~DCj"
#HZVC`
AL(|eoy>[m>K3?
Bt-HiCTm
53l2KJ,uz_/
N2 JrA
['#0c:I
G"Q|^8EyJa
>z@LiJz
l>NEum
1Mim~Ud jz x
Q~!?\TJV
7'ai_`
zele-ZOhlm
?\p| r9[
z$MeE9
!2Ae'1CIM
xB #o5!
6{JB\W
HWOwD~lkCKbB!z Tj<F
l;{]Dl0
(}\7#7F*E
]keeC6hs
:#\+=vN
ikGRXt#WU1.k&
F)6ttX9~
3>S({?
W*0\vu
-QJ$C&w+,Z|5!I
B\&dpl
s _;:{1>GT=h
;MGo88DK#v8.Pq
K/`BZ+\
$(o8f!z8d%
WYl1'|
H8i%+,%bm7Ckk*
!:*DP~
UZY1hb
>}Th[ki
Z@^GC/ `;k%a
bs];2! f
7-yz_Q?*J
x0$R<H
[&<\1"Cv
YCRc-m50
(s ]F~
7,zxI[b
=E`axH
bg0}Q<
8;&lb\
X]#xF3Y
-[BYpz0
_;:/)pD
T_<^Sa&
hV9e"&
2rw^|<Id%,
|@whe[blF
}/\<<ls~90xY
AH#0E)-
A[hgjUM$j;
#-D0v]
C]wsgYs
3Jb&Iu`7#
BM..0]4r
Twt=9=S
xwSi1H
^]da~ZF
lfl<_<
9y/}o'
+]FZ7\hsa@j,X
`Q%$\2O"
[v(@<6Ow
tuf,}{
xfLGQ1ZQ?W{zh"
w`$T`A
g(#9%NmI%QV,w6uB
0|-lh{^idZ*akh
}feFt1z
'By$gt
{fZ\8l
%a~!4b
"ZYoMd?
j[ oPn9;|h1
6tfOWNw
eB1pew
ghqIyXz=
x5d9jS
Zk4U|V
"dyEDW*
{n\_?VR_#i#
Hqf8b-p
L(y|Z?
]U$Z=6!
1)vlOX
G!KeRrFa.k%S
$R FJJ"
dyHGm;QKK1BF
8!uI\>f
,Sc\X1nOl
kf5DO=#x
($SGV7.K
rWllRTh
[<B^+Hq
XY_8;B'^G"sE.
RtY"Yt{
+3^<.G
|&@bZ_z
ci@y((1
7^1cbi
_}B\;GW
^d@vXT
0I{N?u
m)/="I
qQxWZu|#r
K3H7~!jy
_xJXy3u7
x(rk:U
/&rW!oK~Ul
1ADb`}
opPr##o)
oSsFBe(
lIdAfh
o>V#\j
f][fT@
VV(tb
s/`Fxe[
Gkmtin&5OZa*1t
"6]=T"
-MN91odg~5#
|fTUO,g
/v?[.2bpoefekNU!
P;Ij1#
B)Up.~V=
0N"kl<
.0LPYO
Mc.EwhPOc
o$Q%ah
u[<rYD
.Kk+'egvJboI*t(
X#]=dw
{'A!6](
6X)mgK=LAtQN
zKX_\<:!Tj
GE5u{]Y0
OY .AMX
-y.<ep
)+?>{Q
63\n'r\
0q<u~-
v&NSXXcQ87V0t~(
)~raXM31Zx?<t
;=3:6U
Y:>Gqc={d
?>hv&E{_{=Pv 8/
R KYAJd@
m�s�c�o�r�e�e�.�d�l�l�
-� �n�o�t� �e�n�o�u�g�h� �s�p�a�c�e� �f�o�r� �a�r�g�u�m�e�n�t�s�
-� �n�o�t� �e�n�o�u�g�h� �s�p�a�c�e� �f�o�r� �e�n�v�i�r�o�n�m�e�n�t�
-� �a�b�o�r�t�(�)� �h�a�s� �b�e�e�n� �c�a�l�l�e�d�
-� �n�o�t� �e�n�o�u�g�h� �s�p�a�c�e� �f�o�r� �t�h�r�e�a�d� �d�a�t�a�
-� �u�n�e�x�p�e�c�t�e�d� �m�u�l�t�i�t�h�r�e�a�d� �l�o�c�k� �e�r�r�o�r�
-� �u�n�e�x�p�e�c�t�e�d� �h�e�a�p� �e�r�r�o�r�
-� �u�n�a�b�l�e� �t�o� �o�p�e�n� �c�o�n�s�o�l�e� �d�e�v�i�c�e�
-� �n�o�t� �e�n�o�u�g�h� �s�p�a�c�e� �f�o�r� �_�o�n�e�x�i�t�/�a�t�e�x�i�t� �t�a�b�l�e�
-� �p�u�r�e� �v�i�r�t�u�a�l� �f�u�n�c�t�i�o�n� �c�a�l�l�
-� �n�o�t� �e�n�o�u�g�h� �s�p�a�c�e� �f�o�r� �s�t�d�i�o� �i�n�i�t�i�a�l�i�z�a�t�i�o�n�
-� �n�o�t� �e�n�o�u�g�h� �s�p�a�c�e� �f�o�r� �l�o�w�i�o� �i�n�i�t�i�a�l�i�z�a�t�i�o�n�
-� �u�n�a�b�l�e� �t�o� �i�n�i�t�i�a�l�i�z�e� �h�e�a�p�
-� �C�R�T� �n�o�t� �i�n�i�t�i�a�l�i�z�e�d�
-� �A�t�t�e�m�p�t� �t�o� �i�n�i�t�i�a�l�i�z�e� �t�h�e� �C�R�T� �m�o�r�e� �t�h�a�n� �o�n�c�e�.�
T�h�i�s� �i�n�d�i�c�a�t�e�s� �a� �b�u�g� �i�n� �y�o�u�r� �a�p�p�l�i�c�a�t�i�o�n�.�
-� �n�o�t� �e�n�o�u�g�h� �s�p�a�c�e� �f�o�r� �l�o�c�a�l�e� �i�n�f�o�r�m�a�t�i�o�n�
-� �A�t�t�e�m�p�t� �t�o� �u�s�e� �M�S�I�L� �c�o�d�e� �f�r�o�m� �t�h�i�s� �a�s�s�e�m�b�l�y� �d�u�r�i�n�g� �n�a�t�i�v�e� �c�o�d�e� �i�n�i�t�i�a�l�i�z�a�t�i�o�n�
T�h�i�s� �i�n�d�i�c�a�t�e�s� �a� �b�u�g� �i�n� �y�o�u�r� �a�p�p�l�i�c�a�t�i�o�n�.� �I�t� �i�s� �m�o�s�t� �l�i�k�e�l�y� �t�h�e� �r�e�s�u�l�t� �o�f� �c�a�l�l�i�n�g� �a�n� �M�S�I�L�-�c�o�m�p�i�l�e�d� �(�/�c�l�r�)� �f�u�n�c�t�i�o�n� �f�r�o�m� �a� �n�a�t�i�v�e� �c�o�n�s�t�r�u�c�t�o�r� �o�r� �f�r�o�m� �D�l�l�M�a�i�n�.�
-� �i�n�c�o�n�s�i�s�t�e�n�t� �o�n�e�x�i�t� �b�e�g�i�n�-�e�n�d� �v�a�r�i�a�b�l�e�s�
D�O�M�A�I�N� �e�r�r�o�r�
S�I�N�G� �e�r�r�o�r�
T�L�O�S�S� �e�r�r�o�r�
r�u�n�t�i�m�e� �e�r�r�o�r� �
@�R�6�0�0�2�
-� �f�l�o�a�t�i�n�g� �p�o�i�n�t� �s�u�p�p�o�r�t� �n�o�t� �l�o�a�d�e�d�
R�u�n�t�i�m�e� �E�r�r�o�r�!�
P�r�o�g�r�a�m�:� �
<�p�r�o�g�r�a�m� �n�a�m�e� �u�n�k�n�o�w�n�>�
M�i�c�r�o�s�o�f�t� �V�i�s�u�a�l� �C�+�+� �R�u�n�t�i�m�e� �L�i�b�r�a�r�y�
k�e�r�n�e�l�3�2�.�d�l�l�
S�u�n�d�a�y�
M�o�n�d�a�y�
T�u�e�s�d�a�y�
W�e�d�n�e�s�d�a�y�
T�h�u�r�s�d�a�y�
F�r�i�d�a�y�
S�a�t�u�r�d�a�y�
J�a�n�u�a�r�y�
F�e�b�r�u�a�r�y�
A�u�g�u�s�t�
S�e�p�t�e�m�b�e�r�
O�c�t�o�b�e�r�
N�o�v�e�m�b�e�r�
D�e�c�e�m�b�e�r�
M�M�/�d�d�/�y�y�
d�d�d�d�,� �M�M�M�M� �d�d�,� �y�y�y�y�
H�H�:�m�m�:�s�s�
@�j�a�-�J�P�
U�S�E�R�3�2�.�D�L�L�
� � � � � � � � �(�(�(�(�(� � � � � � � � � � � � � � � � � � �H�
� � � � � � � � �h�(�(�(�(� � � � � � � � � � � � � � � � � � �H�
� � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � �H�
z�h�-�C�H�S�
a�z�-�A�Z�-�L�a�t�n�
u�z�-�U�Z�-�L�a�t�n�
k�o�k�-�I�N�
s�y�r�-�S�Y�
d�i�v�-�M�V�
q�u�z�-�B�O�
s�r�-�S�P�-�L�a�t�n�
a�z�-�A�Z�-�C�y�r�l�
u�z�-�U�Z�-�C�y�r�l�
q�u�z�-�E�C�
s�r�-�S�P�-�C�y�r�l�
q�u�z�-�P�E�
s�m�j�-�N�O�
b�s�-�B�A�-�L�a�t�n�
s�m�j�-�S�E�
s�r�-�B�A�-�L�a�t�n�
s�m�a�-�N�O�
s�r�-�B�A�-�C�y�r�l�
s�m�a�-�S�E�
s�m�s�-�F�I�
s�m�n�-�F�I�
z�h�-�C�H�T�
a�z�-�a�z�-�c�y�r�l�
a�z�-�a�z�-�l�a�t�n�
b�s�-�b�a�-�l�a�t�n�
d�i�v�-�m�v�
k�o�k�-�i�n�
q�u�z�-�b�o�
q�u�z�-�e�c�
q�u�z�-�p�e�
s�m�a�-�n�o�
s�m�a�-�s�e�
s�m�j�-�n�o�
s�m�j�-�s�e�
s�m�n�-�f�i�
s�m�s�-�f�i�
s�r�-�b�a�-�c�y�r�l�
s�r�-�b�a�-�l�a�t�n�
s�r�-�s�p�-�c�y�r�l�
s�r�-�s�p�-�l�a�t�n�
s�y�r�-�s�y�
u�z�-�u�z�-�c�y�r�l�
u�z�-�u�z�-�l�a�t�n�
z�h�-�c�h�s�
z�h�-�c�h�t�
C�O�N�O�U�T�$�
A�B�C�D�E�F�G�H�I�J�K�L�M�N�O�P�Q�R�S�T�U�V�W�X�Y�Z�a�b�c�d�e�f�g�h�i�j�k�l�m�n�o�p�q�r�s�t�u�v�w�x�y�z�0�1�2�3�4�5�6�7�8�9�
%�t�e�m�p�%�\�
%�w�i�n�d�i�r�%�\�C�T�S�.�e�x�e�
%�t�e�m�p�%�\�C�T�S�.�e�x�e�
S�o�f�t�w�a�r�e�\�M�i�c�r�o�s�o�f�t�\�W�i�n�d�o�w�s�\�C�u�r�r�e�n�t�V�e�r�s�i�o�n�\�R�u�n�
G�l�o�b�a�l�\�3�p�c�6�R�W�O�g�e�c�t�G�T�F�q�C�o�w�x�j�e�G�y�3�X�I�G�P�t�L�w�N�r�s�r�2�z�D�c�t�Y�D�4�h�A�U�5�p�j�4�G�W�7�r�m�8�g�H�r�H�y�T�B�6�
u�s�e�r�p�r�o�f�i�l�e�
j�j�j�j�j�j�
j�j�j�j�j�j�
@�I�@�@�@�@�@�@�@�
@�@�@�@�@�@�@�@�@�@�
@�@�@�@�@�@�@�@�@�@�
@�@�@�@�@�@�@�@�.�
Hosts
| IP |
|---|
| 114.114.114.114 |
DNS
| Name | Response | Post-Analysis Lookup |
|---|---|---|
| dns.msftncsi.com | A 131.107.255.255 | 131.107.255.255 |
| dns.msftncsi.com | AAAA fd3e:4f5a:5b81::1 | 131.107.255.255 |
TCP
No TCP connections recorded.
UDP
| Source | Source Port | Destination | Destination Port |
|---|---|---|---|
| 192.168.56.101 | 53179 | 224.0.0.252 | 5355 |
| 192.168.56.101 | 49642 | 224.0.0.252 | 5355 |
| 192.168.56.101 | 137 | 192.168.56.255 | 137 |
| 192.168.56.101 | 61714 | 114.114.114.114 | 53 |
| 192.168.56.101 | 56933 | 114.114.114.114 | 53 |
| 192.168.56.101 | 138 | 192.168.56.255 | 138 |
HTTP & HTTPS Requests
No HTTP requests performed.
ICMP traffic
No ICMP traffic performed.
IRC traffic
No IRC requests performed.
Suricata Alerts
No Suricata Alerts
Suricata TLS
No Suricata TLS
Snort Alerts
No Snort Alerts
Sorry! No dropped files.
Sorry! No dropped buffers.