1.3
低危
DACN
0.12
FACILE
1.00
IMCLNet
0.76
MFGraph
0.00
反病毒引擎
| 查杀引擎 | 查杀结果 | 查杀时间 | 查杀版本 |
|---|---|---|---|
| Alibaba | None | 20190527 | 0.3.0.5 |
| Avast | Win32:Malware-gen | 20200201 | 18.4.3895.0 |
| Baidu | Win32.Backdoor.Wabot.a | 20190318 | 1.0.0.2 |
| CrowdStrike | win/malicious_confidence_80% (D) | 20190702 | 1.0 |
| Kingsoft | None | 20200201 | 2013.8.14.323 |
| McAfee | None | 20200201 | 6.0.6.653 |
| Tencent | None | 20200201 | 1.0.0.1 |
静态指标
可执行文件包含未知的 PE 段名称,可能指示打包器(可能是误报)
(8 个事件)
| section | 7519006 |
| section | 8572755 |
| section | 7151059 |
| section | 6580166 |
| section | 3626684 |
| section | 7044656 |
| section | 5294235 |
| section | 3707131 |
一个或多个进程崩溃
(15 个事件)
动态指标
该二进制文件可能包含加密或压缩数据,表明使用了打包工具
(7 个事件)
| section | {'name': '7519006', 'virtual_address': '0x00001000', 'virtual_size': '0x0000d000', 'size_of_data': '0x00007e00', 'entropy': 7.99353393817323} | entropy | 7.99353393817323 | description | 发现高熵的节 | |||||||||
| section | {'name': '8572755', 'virtual_address': '0x0000e000', 'virtual_size': '0x00001000', 'size_of_data': '0x00000400', 'entropy': 7.767636168582015} | entropy | 7.767636168582015 | description | 发现高熵的节 | |||||||||
| section | {'name': '6580166', 'virtual_address': '0x00011000', 'virtual_size': '0x00001000', 'size_of_data': '0x00000400', 'entropy': 7.830116036537715} | entropy | 7.830116036537715 | description | 发现高熵的节 | |||||||||
| section | {'name': '7044656', 'virtual_address': '0x00013000', 'virtual_size': '0x00001000', 'size_of_data': '0x00000200', 'entropy': 7.55488547604783} | entropy | 7.55488547604783 | description | 发现高熵的节 | |||||||||
| section | {'name': '5294235', 'virtual_address': '0x00014000', 'virtual_size': '0x00002000', 'size_of_data': '0x00001000', 'entropy': 7.952516725673953} | entropy | 7.952516725673953 | description | 发现高熵的节 | |||||||||
| section | {'name': '3707131', 'virtual_address': '0x00017000', 'virtual_size': '0x00003000', 'size_of_data': '0x00002600', 'entropy': 7.385206639806591} | entropy | 7.385206639806591 | description | 发现高熵的节 | |||||||||
| entropy | 0.979381443298969 | description | 此PE文件的整体熵值较高 | |||||||||||
网络通信
与未执行 DNS 查询的主机进行通信
(2 个事件)
| host | 114.114.114.114 | |||
| host | 74.125.34.46 | |||
文件已被 VirusTotal 上 54 个反病毒引擎识别为恶意
(50 out of 54 个事件)
| ALYac | Trojan.Agent.DQQD |
| APEX | Malicious |
| AVG | Win32:Malware-gen |
| Acronis | suspicious |
| Ad-Aware | Trojan.Agent.DQQD |
| AhnLab-V3 | Malware/RL.Backdoor.R257255 |
| Arcabit | Trojan.Agent.DQQD |
| Avast | Win32:Malware-gen |
| Avira | HEUR/AGEN.1039951 |
| Baidu | Win32.Backdoor.Wabot.a |
| BitDefender | Trojan.Agent.DQQD |
| BitDefenderTheta | AI:Packer.2E2611481D |
| CAT-QuickHeal | Worm.Generic |
| CrowdStrike | win/malicious_confidence_80% (D) |
| Cybereason | malicious.48de2b |
| Cylance | Unsafe |
| Cyren | W32/SuspPack.R.gen!Eldorado |
| DrWeb | Trojan.MulDrop6.64369 |
| ESET-NOD32 | a variant of Win32/Delf.NRF |
| Emsisoft | Trojan.Agent.DQQD (B) |
| Endgame | malicious (high confidence) |
| F-Prot | W32/Delf_Troj.F.gen!Eldorado |
| F-Secure | Heuristic.HEUR/AGEN.1039951 |
| FireEye | Generic.mg.5b1befc48de2b1bc |
| Fortinet | W32/Delf.NRF!tr |
| GData | Trojan.Agent.DQQD |
| Ikarus | Trojan.Patched |
| Invincea | heuristic |
| Jiangmin | Worm.Generic.ahwj |
| K7AntiVirus | Trojan ( 00129bd51 ) |
| K7GW | Trojan ( 00129bd51 ) |
| Kaspersky | HEUR:Trojan-Dropper.Win32.Daws.gen |
| MAX | malware (ai score=88) |
| Malwarebytes | Backdoor.Wabot |
| MaxSecure | Trojan.Malware.300983.susgen |
| McAfee-GW-Edition | BehavesLike.Win32.Backdoor.pc |
| MicroWorld-eScan | Trojan.Agent.DQQD |
| Microsoft | Trojan:Win32/Fuerboos.A!cl |
| NANO-Antivirus | Trojan.Win32.Delf.fnpcgo |
| Panda | Trj/Genetic.gen |
| Qihoo-360 | HEUR/QVM18.1.F359.Malware.Gen |
| Rising | Worm.Delf!8.1B3 (RDMK:cmRtazpHgsyx8r8OLw652oujcfDP) |
| SentinelOne | DFI - Suspicious PE |
| Sophos | Troj/Delf-GBD |
| Trapmine | malicious.high.ml.score |
| TrendMicro | Backdoor.Win32.WABOT.SMD |
| TrendMicro-HouseCall | Backdoor.Win32.WABOT.SMD |
| VBA32 | Trojan.MulDrop |
| VIPRE | Trojan.Win32.Generic.pak!cobra |
| Webroot | W32.Rogue.Gen |
二进制图像
288x288
224x224
192x192
160x160
128x128
96x96
64x64
32x32
运行截图
暂无运行截图
该样本运行过程中未生成截图
PE Compile Time
1992-06-20 06:22:17
PE Imphash
3c0e70bfa5f73f1f1cef484e2bcb5bf8
Sections
| Name | Virtual Address | Virtual Size | Size of Raw Data | Entropy |
|---|---|---|---|---|
| 7519006 | 0x00001000 | 0x0000d000 | 0x00007e00 | 7.99353393817323 |
| 8572755 | 0x0000e000 | 0x00001000 | 0x00000400 | 7.767636168582015 |
| 7151059 | 0x0000f000 | 0x00002000 | 0x00000000 | 0.0 |
| 6580166 | 0x00011000 | 0x00001000 | 0x00000400 | 7.830116036537715 |
| 3626684 | 0x00012000 | 0x00001000 | 0x00000000 | 0.0 |
| 7044656 | 0x00013000 | 0x00001000 | 0x00000200 | 7.55488547604783 |
| 5294235 | 0x00014000 | 0x00002000 | 0x00001000 | 7.952516725673953 |
| .rsrc | 0x00016000 | 0x00000358 | 0x00000400 | 3.8585242583369057 |
| 3707131 | 0x00017000 | 0x00003000 | 0x00002600 | 7.385206639806591 |
Resources
| Name | Offset | Size | Language | Sub-language | File type |
|---|---|---|---|---|---|
| RT_ICON | 0x0001620c | 0x00000128 | LANG_ENGLISH | SUBLANG_ENGLISH_US | None |
| RT_ICON | 0x0001620c | 0x00000128 | LANG_ENGLISH | SUBLANG_ENGLISH_US | None |
| RT_GROUP_ICON | 0x00016334 | 0x00000022 | LANG_ENGLISH | SUBLANG_ENGLISH_US | None |
Imports
Library kernel32.dll:
• 0x418c2e GetModuleHandleA
Library user32.dll:
• 0x418c36 MessageBoxA
L!This program must be run under Win32
7519006
8572755
7151059
6580166
3626684
7044656
5294235
3707131
?Mn#fS
X$GZP~
9p9/ZD
|&d0n&
.#ArYn3JA(z
8O-@q}x.=
}YMF>kG"`ztY
@,15m^!_]02
k *tqyQ
rYNsUF
?]j&?[
Tv9p'7(P6#m
1PGJixRJ7bzp
OCh/\c
=#g?`y
r/R vo_
{\Wgc%
%WhE7'BhW@Ao@Q
#@0t]-8
iI!F%9~mjw
Ogmo%Lc+I
^~<ZQRA(.zC6
T79?ho
kb9T,PW"
L5k{ezV;#lEtYzT@
}2IVe
m_WI!He
sXX"O}
kH$&G;
YSs?Q{
O7s<k<M^zw2oi
aE@4q[
?@.aJj7}a
{jPO1xEbu]SL"m
{di<P@
g?js GJx\:Jz>
/&y1q8
SiWn*L-/V
DZdQ{t
Okl0z`B8
'%p$xI&]
B0Kfy{:
G.}Uv:
lJ]X?ro
bDN)GO2k
smq=i}
?UNGDH9
znh:kA
`QH!,:
"HT,:p$QQ
d$}.M=
R52O$w
Gs2P7h
S\'0HCM4'M|8xQYu,Y
Up3c'W0
=pm&-'
5)$xy7a
p]%5<GxvM=
>RSi&[
(Cjl/HW
*=G&[%f3
t>7BX| B<
g ^9!K
t3SZ&o0E"&
tn[2(({
H~cQG'
.1\*X#
(sb7bOP !
<au29R
_( '1*
3FS1S\2
r^6g}!0
4Yg}r
=55<mp*
eewX'b
J`;"_LY1
*Gr*ip
zkI*xFM_
fk0Ki 4hY
Dk"f&I
,DkqNgeN4%>!x!K
~R3-BE
&X Ce|ofAFjc
,_-T l
qQkr'YB
/>}f-t>a'u
F{fabRR.
(>!]^n
q[yFN''uJ2(p
<"z4,TK+1Q&P
s^omG>[V|A8K[
Y@bWZ0)%t-'|a;\:Y
l.Ei>Y
:JC:q\FJ
]!3_m*jS
]5D2AF[
>MY&H5#X
8I-K}ZO#;
~w9Z%O
kK{nh <ot
6+"<Q0mEMtzo
2jxW[S
CQIV;`,o&c+C=j
R)`pJe}L
%^X r}v1
F9HA9xcl
w gh"IB
HEroyBY
DHv&#'q
?5\:o$
:V}a.;
F[o`Ow42
pAaS*W&
DCqfzU
0|h()"Zm\?
=|iI`YNF
f^^@YD}_z
@Y,r,!riO
.v)}bar|[A7YS`
++~-+$YIkL
:VLAw$
p.X) ~
bWQ0T>
*0'6x3A|=
5PBZ!q
ZT"/"5
\">}[&
VgF>Z1k5
R;]Yr""weT9 Q9
N' P*h
JmV{t,q
o/uEte
Sc=kRb
VGkHK2*V
L}dkz#
aQ6O&IR
(U`3lM!
b~sXgU
?vl?Oo
Y;mfpkL;S
235rlq^e
yt{S|f
6f.q?z`W<D(;9U:
p`v_IA
shg8a g0"<
qN]uCW+
J)_~!u?+_eAJ:
!]Qf&*2xc
/PV?k\d
`i9|QA
w:LixHL:=0
ckE-yo%
m8BNBcd/
aYHt+o
$;rEkDVl^GWQ7G&
x*2LdK
Epd+ ^rlO
E.k}.z^b
"}-x3dnegV
2t7b&EBm
Z!vf8sr5+
_-)ZO:'e7[
RmGT.g
39LEc8mhL
lX-_vS$o.@
[o{_qdH|=6
9\eLBR0
V&UBxTbB]
q`#rl#
i/c'k`>
)$Sh <T#
3<*Rs,
UIW=h#j%!
Q(<c T
=f*|!c
ty9BV7D
MXO*$-zZ
sA5d-:
V^D98S^4M/I%!
_'pb\T
&-4t]95R!
^a$`i2}6
\zRL}(
; 2e[=
bfnQ=fS
)M^a\(l
jZlw,7o
vr#;.0V
_1k<L6dC%~
`#h9_~k
G ?v`gw
:,jJkP ~
VWwhd7)@
&pS$ $Z1C
,A=12`-^
TKeyQ/[
}I 2NG9xO
F*2TOaWEAAMl"
92o5JM
2~u\_}
Ft{=x,2
b+,O{C
`NmTg<1k:~;D
/Z:Eob
|`:1 5 U
r32*hnK
e.M'}WkUE
-E`}jz6Ds
+:K^xp!
]B-i~>8
5-quq=
@D |{HOZ
VfwC!'
H~szG9gCjV\s
wlgx&V_$x89K^k5
<9-}M@%
qa?~p9
GR'(cbjf
[y*@Q?Dl
|6AWU:s
j0i. BeY
Ou/DdqZb0
Z. mPT/@O
wQQV<{k'Tu
Z5m<WZ@H
iC)}aQ3 x\
KK~QHd
W Z7~'
(W%Axu
sS95b$oh;6_,L
oc!"hB
Aat5w
<F.lC(M^t
BxIN/<
=M+1Aen
I&wd\{6\j>d
%sUesvX?
}OYS!2%1)
j4+jgB<@
j>E9}c.
=s<2 :
lQj#Qb
K3)s_O
wf:)>D*h
Gf%;AC.
zs/WEw ,
K5`@F{Ms
Wkglx
`sj!j)Q
*K];%ts
-w5G{Ad
>To:}2Esbu_.l
BrC~7
O+3-~H1u4i
mhQ=He1
gv&1:w
91?y>E
'ql 2{
yX` ,eaW8o!K] ,Q
mmUg \eMU
IairyMR'jfS
!Ia\0!Mtv
eTY>oe.A;\
0I|f$z$d
c(yw4{ P
e0EqG4(
~PR:%b,(R
N9#|*xpI.
{:ea*XHt~
UBTj;%
VZZ]'-
H?8 )p
&a%y+8;E
5$f7Nz/\yN
OhZEc
|xgRc#
ewqDLu
)C%!a@
x 5K.;`lv"
b'(5Ogr)$2VJ
;;b,]NMr,r'<II;
j(Uoi[6
)IM\7/W*Q
e7vf=x
z~ w@w=H
k7|O5*P
:9AALt`.}
_jc;=?
_> i1J
CF:6I1nMP:b
?>I.UP<c
]=_zC<
L"SMcj(
v-=p'N?
j XZK&
hN)U4q;@1Z^WF
.foTRVc
#>B{b4e$
.>]E8Pp
NE>O!Ut"
woeoBn
m:WZl|
&7z)U*
`otUdOQ
TqMB,s3N
w4UIF1p
iD i|_s3'M&r#
b|"|a+uS-}H Ms_\tP/
b{ _KT&FW3Q
pWdP_{,\j
AFjg3id
eL*k0LF
O4zf=&SfoBR2
Izt"yHC
P4rm;/_
yUU$t(s-`
`X-X@a
A,h@P+45=pK
Q;F%H[%
.6+ x b}
@Ip$i$
pIggn,z%(*;
($s6=w
/pt>Xj
S20UUz *Q}q@\g8W
~|[*i>JbwQG^!W
!uxBP6
k@&/P6p5D
KxL`S0iHfW
`G:v.)O#71
M#hX}xO
p7:<~X
H;-"Q}1
EBJv0}/
UgQB]6_$;
(6t#{\q
OL}wq0KEJLC
(xUI}v.)dz
PO-WXm|Q
++5,J2<
_r"wI}pDNJ9k8)k"N
;Q@V&7\(Dn6%.O!
cg~UDSv
/{Lr)+,Go
|xU Xh
L, rDEW'>~TE3_[6
RkdE9Wu\@A
CVW_<E.B
/,^+T!c
6OFOxU(Kd7a
|A14KnzbCE>q
EJlr,5"x
.r?0{-W
}4T|9vWc
Ui ,RbV
s [)M8
\#c}]:
eNS)E:g e
-n_ sR%-9W: +
kDX{kP
#kCz[;
2$_*R)
/Vh3.aL5f
?%`4MPR
*z^>Sp
j>5x(i,0mg=]+ n
d xm~ZF
b_L ."B?%
Cx&bgIMo
*+U7$vKX~
d'2@sdr6-lZD>v<|
Qjx(n#"[
"{?,>pT:b%
C}DA)@Y0m
.^`j@&
@{_.ePXB;n
s[V V"~R+
v(G&d!`+!mMn
+M4Z*Vj2)K
.P(2^B
[/^WyP(he(F*
[{|t{S$B
=rwBx\B
i%b-4\V3)jN
bA4Gh/dj0CQb
pY[?0AF
wRgwr$#M
D 0WO07
; kVg3=M
K5' R#sYC!>
)Z/\'PVw
>75[Fd
\RZ;?v`z;z}
/]>E+7L
3[~Tk16V
Z-cBx@
~$ qE2
+shTeh^5`R
&i8F70x&$F
u"%K8px
J0d>A|@ZV@h
F*{.|gd|;!P/.;4[u:b
G7tubV
b"^L4C
"V-0{cd
XA5(jM4V1B}
kM_oOfLfA"c||)v/MUS4Jd
]Fvs#zQS_0,
%(~o-(
z/0qOK$y3z
C:6$bX%sMFl
rg?bzA
=!YsS##
hvsH?N
. Kh 8
e =#y<u
o*BJ}32"H
_CyWSKv
|iwD,t#|or
6/N:U9|
22~[rysmsz0
>d0s"h]_
w Itzo6&
]C&JxCzvj
2X4X.?e^mx"
lMZ}v7kv_h%
oCpE.>z
cR_ r:dvgAULd
N0YKZ/q
%Wm;X!
j83.:X>o'}>NV
{YevSYbk
M-SjtW^\
f"eZXH@A-
1&42sX@dx_us
D}=s6ir
u3 bIV[
B*Lc7j
F#gaOF
,\<sv1p/i
P^lc=T~j<;
'Dy4~^+N+Uir:#B
>kumX~
.A;S)M
1]F:=IqDo
@$?E>UA~
bB)p;P;M@P>E]:D
YXb\F^:
W)c@^B
w/o7]Tu
P!5}b'h3
}:m\"A
=WLPyU
`RcA;^
p~|[zW
-?/-FLZm^
Uv;?k ]&+
ok-asTytf8dn
>sh4w)mu,
-b^oA3a
f'H+Lx
5Eh9$J0 #@1vOTme
'Csgm1
+r=3@wr4
O\iOE/8Vh
@3FSs\xd;@i
bK.\]u
"-9S8k{
v7O+tN%,T]s7
ljcyda
^>CmF
6Z(`h@O1>27H\
>g+L}!CrW
0_0_mL&.
*df5b;h
j(hw*u
Z_?Cq O
bD|/8~
++DgG({
8jVD+Y
[T_7g;
yEg8'&>I
[,M6?DdFV4<
O.piDu0)mMC2
e->)"C:#
{o.z3o
%J'aa?L
uMaWuCY1m
p%5f&z$
7..e"*573'Y&@
=waF+,4Ii
,(d0vXjBt~_
;Coqpb
/qBq%!
0c.*!T
W2:G90d
;:<3D>"M(
Mys%]?
#N1Jc6
s:]@v^X
V5s=,I
-z6qQiwP
*\8QX5l=>
3%95T;la
&I&7GeZ
!w3)!va
`"3r(\j|Oa;
30v g=dBE
\xc&d|
??0.37cI'RX
26s"*w
F.KB>i4'xUu~`o
O6eM4?X?{
/+q!jk)h={
HZ`nY3
kn{GyS
_^zhJP!
Y45DUS
)Km$FB5J;;o
ER'7UR/=Lg
1}5Y(N
TGPeqK];rc
AWQ}r^
.XIR{|(D=5^O
zbBm=?|oRw"U<jN:Dl'>?
mC29IA
SQ/uCl
m(.#qP.{mx
KaJ{&U
!#( &N;V
H\*WcD
}!37gK
DtLE$WI]
2fH\;?L\
Q]c_\"
C(4y`X
5*Aw($
Kc*T3JjE`Z
'?:kF'B<"X2
[0Amvd]`
Vu}>?$63
s-zm,'8
+)OG<8>|_s
9j MuyWmQ7N:
[UIC rO|NOb
~/d.KHR}!Q.EY9
!v`s0K
X&.p<1(
%xf Q ~u{
$}7'2Iw uckmucAPUzxz
-5j5OPD>w
uH~Pq)9x%g@
oZV"Vz_?
N?Ga/Z
5c0XAe
RbJ<=4E(
{ExWL\M:B?SZK"Oac
S~(qt*
-Qn)>0+?k
G4]9}{K
Yd=HKN~sB
<_B9iHMjv
"B36^XN6cJL
V~ZbEYl
$e<|gzUt^@
De4qK49
WC5=Ul)_A
+06r&f
KLayM7Ca\/[
:>|;)Z
<c|='nMQ#dR2qe
k+t#RS+O
gbs"hT
\V>e>V
SWh%x&o.MjQ
"*C}=
%MnWv'VTS(9d
(PI;R%
e{OSQ6_&
-'=`;JWZ
]@a'Zhb;b
Js9(>0<W
B7A|e>c?/;\2
$f[*Tw!sn
k2@46RC:O>&r
>SXIc\.F8
y|}Hd
yTKpI,1UF
h3Vxm8,Ma
U!,@_<X
--?)MT}[
W3_[@!_kWX ?P5[
jMKCz
>K15Y(K
"08J@6z
Wl[RZm
Pj=n 0
zd Jv@8\
[#bk^-RO9mA8L;
GJv6i^H
k,~B$Mq{%h! & %_
}z.V=>
qh!l<Rd
tj8-Y?aX!U
ra<+EF
$bA +~yl
~)kxsu;^
Wu :7=wI;B
k``fir
Flf!a>
`?T$Df'
Xl#\b[B`Flb^Yw
r/zX)J
Yf8Q1tRh3
'mRB^U
.nwo<=H
87LG?sI^
8k8o&E|
${Nv3}p#e6B;<B;Iq1(
"rWOB ?
pp/pbH
tkqA*CQ?
.~1y,?8"
O|9GIUpBPT
p%!/&x,fkH<t
1{X@BgR ^HSFwnS
^s>.9P.
<e.iK|a>It
E;_(6?
!^TGpFbyhid\.b
)#J"i:O
[O2wxZ6d<
c/_ @"E
nlKt4xI)
6?Ch \Ao)`%
OcBE3m
)b mU*
K5R&]:.xH
`2FPj6,jd-H
g_iT@B@qZ+
g}`m~<`Y
:w,"j3-e8L;_0
vA[_{DFx
fdv9b#/k
f1N#C9=\1h
VWG?JN
*6QqS+
*DD7|$k8||K
2jj"C;lZ
^rOCio9w
XJ7D&9&W&
mw~!3\
qxkW)f*k
~+O:xH]9b 4:nsj2
(]>+g"(d
p:,Nfb
~|c[ s/2
,;6FL?c CN
/l#bCr
Q3jPH4F
zP@b=B
GP,b,2
P|Vk7$
OOOE}bM
[@lsd8(
lT4^z;86frUL.;O*ynM+
94k['o
p6M'bY8t
SGI!<-.)
hr( ]~Hpm;^-.NMp"f0}`
w>w*GIM
X_d}|?DBz
0(J7Qg
rB=tG+
^<]6H!
_~'-VsF bQ
+1rA|g/n*T
=^XVqE8
pPo8DvZ)cI'D
X+nzszX 4I@Z
+kz)Z-r
;M{oNI
O!Lk\'
]T>J'^ @;
B#*r=L
VQ!IxH'
Kodo7Me
I\G:*x<b
;60Hd;
*]/)7x
wT*El {vIC
[s4cs=II
[X'J9=, /
Q}lI:xMs=c*wXE.
&)-e^(+.IG,
+1 s)}_#
*,_u1Fb4%"
YwqnCM`T
X7:sn%.
o6ciyK
r6A,+p7
@Pq<+z
KYcm1C
-'CA`@Zc2o
+8Ikt&nkFTN|\$
:zBC;x
]Qf)g#+
zx Y!F
Q*eF48<<
$aoj"vU'e4'ITV
+Iq0,u}&^dK,M*q
GrL2yX(
{W~}2LY
~<>UOY%: I
z!0(b2o
.EQ\tps
~J9hxr\ifd
':hi_2KYAcJud8
1 VgSZT
+vLh+Z&q
B="vw%
C-aCQ:k
vsTxS^nL>
o$b.!GCP*]J
r2m*Rvj-
*YM>b#36G$d\K
[,8k[&C1RAs:v,$@
F*QQui
$nnaP!
xL39t`5p
n)._rm>!r3
HXupqZX!d
?<_,<-
06 XxFJ6
qA(_W\
+}ze)kR(
Yzh8v"]"*k
&<le!FBi<:-7p1y
xuq*\X=:^
#n)W;:o[~d+/+Q
x5D)TS(c
@4_jDxn>+]
,;fSHDIeGjY0'b
(gF#!mT5
?.'5$.x
~>%3~+WOw4j
Q;olFK4
.;)zx[c
#?l1$jO
:}ZU2f?
Oi<HB(
??7dmn
E}f+]K
Vh>=~=p
sK):.-
wj!?|Q
`_dD{_iNvw~5DE
;b.sGcw
rw,]I~OU
PAPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGX`
ET81NDUVHxC
s1A_h0Te
i}Lbmfmb 8
fq~^SELR~Uf~
KUQRj~
LS%}`qp'<
x.(7c!xe
1EzsM/wC
hP`-r?-a
<i3jU@[
I*B}*]
V\=tz1^fQ/hM%HK
R/PamX
HF2vqg
uw^\52OCL >
D UTC0y
y?* ezsXuZ)Z
{)'uO1[
rpQlxGC
K&$hHGL_HK+D+@_ ' *5"=>!*91
*Pi[P7
ZITc`q-H4N%M"0v-f[:I
Any6EHrc
)'|P-i(,atQ
{%r7r7!IS0
C6*7:|P
P/e Xx
}m#p[|`5!i
vCY{VPtE[
^C|GGH6C+zdUZ
KifP.8
ZXiy1wub*b
e{x/77)0
t=U;p)
Wig5r.
:zcHiu
B6Qq!r
qeqk{Xa|hJi
A=O)Y#W8"#f8U#r$(2\
0Y;U{`d
i,f hC
,,k-U\)
hzx~5/
kQmuJ5x
cXA[k)
, |eZ#
|o^KqSP
wQ]4e&G@
9Z ]lx
.vfO1c0Q
#kc>J9RY!mt+T
l9sr7mD
DZ7Mqrq
4|ByXMK2L
V{CT(?
DU PV?
hvtLT9
#)`*lOd)%5
qhKgteN5-M
sQ-5$lCT
N&1"9Hz
{^,3}{
R44*~:g^7
yJV_v1|
]ce"&eYL"[6
]j'v7h7
C<Eo^S{
k0Mbkn.
aR}T{TMk>/W/
E %V@J
B7lmcM
]MaW<>$
mJrPAJ/gN
,/^^#(
Vdc&5l
RKdA$q3e/_
6 CLQP.oq
5A=j*'
\G,}OM
>E^{*%y#jv
h0b,v_2: i
8z]5NRv$sKfCqxB3
w/G'X-L^W1
]Ulu~"%6Q
KaE0$f
kb\2wRU<
imZ+o+
a,&TC!;E
L8]en+B
-T?Cg t+
]9i,' ay!y
9lsMWK
@HU}td
&Up[01
:9|}Ail]
RnNZ&>Wb
@wz{f_2D]mKU
`sJ2P"J4T
1J0@.m.
jy!fCcO''o%{YJL
DL>8v6i5
GfW!r%Z&dZym
UTUn)c
2h[1GD 8
Zc> ><y
0][}SXMhK
ok*H?Aq\>
0E L6ZVCH
:+QACi
\pz4Xho2yU7
4L#i>XX}D]nALx^
uuj+UxU$
n*0<QdB
he^:HMXs}*O
Ac"r5@Vb
2Br?0NUy!XS
C"1_sw
2L.oS<yICKm8
(Ful'\
u8RN9w
N do[w
<f\^G,
X&c\K"M
kernel32.dll
user32.dll
GetModuleHandleA
MessageBoxA
Kn[VS0/!
jy<zPn
3E &kL^tB$E6(&6W:n[
52CZ=oj
!sccXCX2
'2CJ')L_skx7G
CF1'P_bkggB
E4S;v
62CL;'ZP
^`v*v\
han9=iM(
wwwwww3388
D333338
/D333333
DD333333?
/DD33333?
DDH33?
/DDDDDD3?
DDDDDDH3?
/DDDDDD3
DDDDDD8
=D4h'FoeH
Db[x56d/H?|{k^p76:
I=)0Xe
,Z|o~5l`,*_
M�A�I�N�I�C�O�N�
Process Tree
- 039ca369cdb7438ec5302033f0b7bec92733d403a21a1ca890d30d300372b9e9.exe (1784) "C:\Users\Administrator\AppData\Local\Temp\039ca369cdb7438ec5302033f0b7bec92733d403a21a1ca890d30d300372b9e9.exe"
Hosts
| IP |
|---|
| 114.114.114.114 |
| 74.125.34.46 |
DNS
| Name | Response | Post-Analysis Lookup |
|---|---|---|
| dns.msftncsi.com | A 131.107.255.255 | 131.107.255.255 |
| dns.msftncsi.com | AAAA fd3e:4f5a:5b81::1 | 131.107.255.255 |
TCP
No TCP connections recorded.
UDP
| Source | Source Port | Destination | Destination Port |
|---|---|---|---|
| 192.168.56.101 | 53179 | 224.0.0.252 | 5355 |
| 192.168.56.101 | 49642 | 224.0.0.252 | 5355 |
| 192.168.56.101 | 137 | 192.168.56.255 | 137 |
| 192.168.56.101 | 61714 | 114.114.114.114 | 53 |
| 192.168.56.101 | 56933 | 114.114.114.114 | 53 |
| 192.168.56.101 | 138 | 192.168.56.255 | 138 |
HTTP & HTTPS Requests
No HTTP requests performed.
ICMP traffic
No ICMP traffic performed.
IRC traffic
No IRC requests performed.
Suricata Alerts
No Suricata Alerts
Suricata TLS
No Suricata TLS
Snort Alerts
No Snort Alerts
Sorry! No dropped files.
Sorry! No dropped buffers.