SmartHawk

1.8

低危

62 个模型检测该样本为恶意！

重新分析

下载样本

0594890304ddd9155d8e3f1b4ebc03e6ab7705109275834a2c36d75efd33b81a

0594890304ddd9155d8e3f1b4ebc03e6ab7705109275834a2c36d75efd33b81a.exe

分析耗时

133s

引擎	描述	特征	威胁分数	可能家族	检测耗时
DACN	基于动态分析和胶囊网络的可视化恶意软件检测	API调用、DLL以及注册表的修改情况	0.14	Unknown	0.06s
FACILE	利用改进的层次胶囊网络对二进制恶意软件图像进行识别分类	二进制图像映射为的灰度图像	1.00	Unknown	0.04s
IMCLNet	轻量化深度卷积网络模型实现恶意软件家族检测	原始二进制映射而成的可视化图像	0.80	Unknown	0.22s
MFGraph	利用静态特征构建图网络以检测恶意软件	原始二进制PE文件的静态特征节点	0.00	Unknown	0.00s

查杀引擎	查杀结果	查杀时间	查杀版本
Alibaba	None	20190527	0.3.0.5
Avast	Win32:Picsys-B [Wrm]	20191007	18.4.3895.0
Baidu	Win32.Worm.Picsys.a	20190318	1.0.0.2
CrowdStrike	win/malicious_confidence_100% (D)	20190702	1.0
Kingsoft	None	20191007	2013.8.14.323
McAfee	W32/Picsys.worm.b	20191007	6.0.6.653
Tencent	Worm.Win32.Picsys.aab	20191007	1.0.0.1

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手，可以帮您分析和解读恶意软件报告。请随时向我提问！

🔍 主要威胁分析

⚡ 行为特征

🛡️ 防护建议

🔧 技术手段

🎯 检测方法

🤖

Static Analysis
Strings

PE Compile Time

1992-06-20 06:22:17

PE Imphash

359d89624a26d1e756c3e9d6782d6eb0

Sections

Name	Virtual Address	Virtual Size	Size of Raw Data	Entropy
UPX0	0x00001000	0x00054000	0x00000000	0.0
UPX1	0x00055000	0x0000e000	0x0000d200	7.894471213144544
.rsrc	0x00063000	0x00001000	0x00000400	2.805690510271861

Resources

Name	Offset	Size	Language	Sub-language	File type
RT_STRING	0x0004d958	0x000002a0	LANG_NEUTRAL	SUBLANG_NEUTRAL	None
RT_STRING	0x0004d958	0x000002a0	LANG_NEUTRAL	SUBLANG_NEUTRAL	None
RT_STRING	0x0004d958	0x000002a0	LANG_NEUTRAL	SUBLANG_NEUTRAL	None
RT_STRING	0x0004d958	0x000002a0	LANG_NEUTRAL	SUBLANG_NEUTRAL	None
RT_STRING	0x0004d958	0x000002a0	LANG_NEUTRAL	SUBLANG_NEUTRAL	None
RT_RCDATA	0x0005f808	0x00000050	LANG_NEUTRAL	SUBLANG_NEUTRAL	None
RT_RCDATA	0x0005f808	0x00000050	LANG_NEUTRAL	SUBLANG_NEUTRAL	None
RT_RCDATA	0x0005f808	0x00000050	LANG_NEUTRAL	SUBLANG_NEUTRAL	None

Imports

Library KERNEL32.DLL:

• 0x463254 LoadLibraryA

• 0x463258 GetProcAddress

• 0x46325c ExitProcess

Library advapi32.dll:

• 0x463264 RegOpenKeyA

Library oleaut32.dll:

• 0x46326c SysFreeString

Library user32.dll:

• 0x463274 CharNextA

L!This program must be run under Win32
StringX
TObject%HD
dA0,(dA
4Z]_Zts^2O
;aV{;t#
+WSXc;
t:s+An#4
y]Kni3;
 vtPFHFML>5
+[:>GU
<HEx` 8S(@NC&
d2d"h'5
}7&-]S%
c3GJ/xr
%|JW6XJl7
+]rgbU
c;7~7+
M]H`T.
{ ,!tyT2
lDrp 
+v6aH;=
pu,zPU`<
ppQp48fR
`?W[aB
Zt0t%&d
T,`.+T
~VT!t1|9
Tg)SjM.S
EP3GEk<f
:=^Nmu
mhLg`Z>{^\H
D(7Gnf
'v6#|@!
ZHQ69sk
 `>k[f
ThhX+jdyfd[
e4heC=Br/
5#fF_o
i;{H1`
pz,wkT
G8XMoGK6
} t>-tb
+t_$WhyxtZXtU0'v/}
Dl){-i}p
~ExC[)A vl)#
*tA[ar L0
U"FY12[gl/Y@
k1OH}DDs%0
7.7@v:k
>7bxAz
&Dn2xHW
@aQYR@
b@"E@|oe@p+
-BkU'9p|B0<RB
M~QC/j\
Cv)/&D
dEJzEb
9;5Sc=
];Z T7aZ%]g']
R`%uYnb
4htm\M
>Uhi20d Ee/P3
k@2dYp
TOfpD+
ffG/)?f
OFTWARE\Borland\Delp~\RTL
FPUMaValue
Q.9jK8Q`-+IY
ujVt6Vv<qB~E!
fiYRjX
f}P6m/X^^
a;JBR5|
?GDhxP]Xp7P<O
RZ]vv
v).w k
Pba<tpa
(b]T5RN
{l%`_[=O
9Zd$,_
/'=t&u
nP5wFB
RnL]|th
4K0nx]
Ou^_>b'
&Q}+~C
`_xnpQ\DW
f*+8hu
LN+z.[+x
\`WBp-xX
t)~$Pt
}(Vx#g{
R4EZ7j1!R:
Z).C/-Rf;0 
b9:;/_(U
oOEp@P7
JZX[$C
8t2SCn!mX#
-L:H@W[;h0tX-/X
+VO]tc
u%mxN9
1|n[nk
>udZd4Uf
XfA{JI'
TSBx4K"
{Zdu+PJ
m6V]{u
'b)[RR$.Mm
5d0M;{:Pf
u*b+]C
#zd8\+l
+HP)^@_Q\6?@YmVY&
\kernel32.dll?WGetLongPathNameA
";dWQaGwV
e{fdgq{
%yXhG!
Jw=LY/
jV4rajxtd
Qoft~c
wareQcales6V
SaX9.J4?4wAbJ
Rd|}@:
KM#y  M@
fAP$#G@HP$
Exceptim
y$qEHeapZ
EOutOfMemJ2yK
EIn]Err[+
t\ApWp$WQ
k d(_ma
PEDivByZero
@RangeWF d(s$lInverflow4Tc,@^4T
yYe<UW<Um
_[d~PoinHV[
[Ca!CYsto[H
EAcssVlaE+`W`W] Prxle
tjlCklW
Fand(Y_,W /(Y
b=+lrr[j 
2fPrv8[
@oSafecal
SysU"ls
Z#9A24
I0[ws=<
$OZY3t.ho3Xgf
G8VYch
-%_[KHWV
h})r.UR
x3MRPm
/0_t!F<U
KT?Q(L\
h `DmJDM(*X
R]mh.1
<%6Ju+E
}wQ_BMpZYN
MD<*t"<0r9w9i.
`vQp#M)p
[XOi-j
*"c;g}
mVO_P+wD0E
9v%j#n
9uX^p{0M/^).
]n}n-:s
kZINFN
e%E9vI
*Ya_zHCTIt
Au.!nJys
J~T[YC
---7]su
<D*LmM
5r%{Vv
[]fm8S
|)A->
p4{j*8
d69}*3Q
(o`CDHX`YU!X"X<8C
c,_zKrXp$H
k^Y`#1~#2l
|pgA/p;~X\
V4M.9@0Yt
&+2]&\
R\=T8l_;",
O|rjEa0Q
8<L$H3pc*J
PP$O<=<o5C:a
H@faTAl$
Gsm]a_
|Xx'fr
ht(b-w,
dA1YS!
dU<HtHU3t7G#?#5(
7VZ36>[J.y
`NFnu+"
Aj0eVcdY
@Ut9@q
R"sxZ4urP
9RiPl@Ul=
"%MFW]
WhaJf<`
N(NhN|
@tCh*hTg
GG#2,Nu
pT/GRh+
}gxWe9i
Shl.GW
W}`5j:
oU#A6+Hu.jJL{
GIuS?~
>piX &hDzZt
[$4,@p 
26%6 C!!
r l>#@
>'dso[C
m/d//Wm
-\pKh#~s
:~0VTwhD
kFreeSpaceExA
4i,H$8
ie4i`pL
AA\|4s
44lN6D
|d3Hxxht  pl
vN6'`\
9PL,ds
iN6,((l
30Y=S>
D@'d84(
o@Nkpr7
0xGWant to
o s a mawiv
 cock in
tigh&littl-t*n's pu+y.mpg.pifmOO
C:k"o4
ocu7(sAomy=irape)+exe
5Vear-ld webc~
KSN#lay
t emuZk\PKm[P-Xr}Wm/g("^=K
pU]RH"n'2'jje- x
nu5sc}
noth b=
: vic"fpx
'.nikki]ova"
/`ugdib.{o@Ojob6
[kK1Sutr
-pk/6Vu?KY3BV M1
op*cbbVhZi3uckfL
@F3 gUf
Wbi[HanO
Btn9J8
vtuamad
<%6o(l
a13)#OLkK*MSN
YawfZh
#-_36^
r7&j7lg
=Pdhh4;
UffNwqkh8Rc
-%up>?
([Website2LM:fA
`1wtEUf
I*a*t`gd#x
CD KC_
x#ICQ[$#
kTA 3b5
~Gr"=fau^
_$D1C9
llGm]L
uicqV6
{/Mmt4\
Oi4v_XPee)
[c.s#c
S){]3^7!eoo\"
g(zip7%_
Fg)kBAIM
FZod%%
PS $q4'.erh
$4waoJx
kHs}b6
 RBx3*
$,4CaM?$cIsa-%p
+C9aaR
w2ss;7KeaN
,JsiMI
(jkQm!)W)a!,eMi23
Mhv:3G{
hY/,!%
xp8 tH 
L6.awbsVF *l
-S&P\Z\.t
<Hl'_7
Hc76T_E
8w~B<\
{h>g(:G]T*d=
H=%lhWH
h<T[ d';
j6,3&; 
o%d6}ZHH
KHm0b8
!;E n2!|X
#0as{u}
PJl@CWSetup!j
Kazaa2
I`srPS7 7P2c\md
FK0345:3C1
sbmsM4
rt2s#6G4%CPp&nAsy
6789ABCDEF7
$4M,4<DLM4MT\dlt|4M44M
OOtiOP
<e4M`,
H4MhMt
0M4MHX
@ix3Nc0NM
N63/;MAz
NNN4H4}{u3
NNu' g
<<{3kM{r;
T?b},[N
tq7d`g3
^A-ggp
JOn+a[iF}0
g;utti`
u]>iK 
;uc]yx
Ax90gnl3ci
Eb]wsup
}tKk-aCe}
nllcysGv}l)Ye
r)ol-]pmut'
Ldoipb
_tk'\w1vOl
%h{<H]tP
m/mug/$
WQbwh=^A
?JYWFw"&@ sCp
wIfayIg
?w f-a
?{K1wz/
Rgchs%
L! /Thisgram must be run 
der Win3[/
$7CPEL
6CODE/$b
}~`DATA
dj.idat>
'@ltls5
MvP'eloc0
dA<84dA
qJ~ppk
NTJ(c&
o,;C^I
/'9=52g'
X?"TB~!cO>A
K%MGNI
c *y
Q`ce(%/8}$`9
AHw_p7
4* 3Q-
B~YSolLiyW1
 ,9?  W]
DNK7J>
+y|$)|J~
;I68@w
fP(0I&cA
;D]usR@B
@(8VAA/
y|B2<@~
2&fK#^OY
/~ /H3FVAAB
Ppv'epn7U
neH91B>a
2*p_|(X
4  y%@
9(_P'<v
$NTP$\
]l ^Vn
@KWr((_
u'|YK~J/Pw$6
G+B{F$9]ahikWD
l,t"+8A
8;v'1#`
8w~';1H
[ t>@1SOW GX
@>%7*(p#T!@
?O!O>H>
eW|TPf[
!ddl@2C~ts@>\APHGIo@8K|C
 (8m9 o6V6
{+nAPGo
]A[:o{
?|NB<o
rr`\XT
2 PLH2 D@< 
2,($&3
 E]$SQRXN
2tplhr"E
J|dYg~
@H]!8E
|{Ep>GHa
TDC.8?
+>;3'4$Aoy
t?f`w&?z
J:n@E
%cH5i&#
*U6[;f
Ur+fJv
F0lc!n
32$O6tONGv kN
!Z{XF 
|gV,wc'
FMF)zt
g(6a!L<
*.*#1q
P{hz)DXk5
^A_]F<)L
_b k0Bf
U4 vI:g1X
SaC6$S
<6$Z'ZO
"HX@*-i"J>6H1YhHY
@HtJU'|h
/\F"N
M~- H[
scAMgH
FCu'k=PIj
d9B9UF
_z[A6 l[
g$C"OEm
P2dwiL
y%j}gE8
Pfv&gdv[
U|g0[
Y0c('D3r 
nJfC[0phe
v: 1.31
S type
#3.1 +@
xN.{98 
 direq&kctRy
B.;UNa9
 [  (Siz{
s@B4h[BdC
(9RK{V
;XPm}
/yZK;";f7H6&
L-hC6`
1+xZ$\':s
R8'fFg3Jk<g&
j.<9i|
glf*HS
c#.EfE
tV<<Q[
GET /cgi-b/w.
F HTTP/bV4~O8SHost*~.s-Agen
LynxTx/7.5fwlibw
a}O{nT
j[*2VK
:$N<e9)hd[
I5(eS3UGH
60GSt!P}
-Dh=6r{
=l9'Thf
Ag"H6/
@Df$q7f
<DGV_J]BN][
AJ[{jV
!qKkiI
Y?)!Ia
g3;p`qr?'6'c1
='J#Ks3
Irem9+
-"ht2SL
{Pk<>l
wNK}d#
1?=vFx
$K;47< 2
Z+9aNRw
rmRC:S
H6<</E
PmaVx!
$e5E]0
Sj?Wh<3
Mr]t[e}7<+8Il4
(KP~KERNELo^
DLLRegis*MTicePro#(E
0xFF0B/nL3
7\mZexcw_/krn
("xmovj
N-ROMoJ
\!Y^&lf|
*i8HTbxii4
".JM4M\lxM4
M4M"8J^n~4M4t
RdvM4M66
|KeCriYcalSebE
Ale/Ysi
oOGkTh
lA-S[p~foA
'L!_*OG
_Comm#Lin:
brdymh/
{T6?nhI
E-Of<At2+l@wi
$$[haDeQ
&_dHk[G
yvmTGBp
C[He4hu35Ke
d9MageBoxk7b9r2xt
-AJpi9Q>
uJybE,
o{aut?2"
N(6"ufB
ofsourcqu4M`Mp=6#
L<;@ f
qR2pH{;
nsl.- 
`Rcu6ln4Ak
k$WSACn&
AsyncS
-Fcv|4n_
jel+z'
r7vw1oh
dndcJbiIj
$UTz:.1
:MZ<Tm
ool7Rich'
.t;J '
8%|Sn'`T+U?
<Fh7YE
f~3*UN&
4xP39FTU
_~-}$0%
*7C[*Vj
=&R%-I
G8@(II
]w<Vs+
zW^1^,2
ZXSv,WMF
Y?~t;3w,9YFj
^Vn4(~
V jp*u_h
yBUCWMw43.'Un
NM@6$MS
,('q9j ~
6'j/z7s
U=?)`lEmhwi
>>5^T`
<+%2Dwz}
@UyFYlK,l;)
tq_ uYN"
meE/Ao
h(@#TWn&Nl
.`bGwD@'/-3pDGD
 pBA%v
l~8P4Y#7#4
u4fW)Ma&
/Zp~[w?
#CtH5.2 
Al}y8yxJu$n
Y^(p'N2;O}
A|HsX*
akL(x.1$ G~
Ft0iK+
vE-N4=]}
+NV@HXl
F@G>DbBl
3j>B"J0pa
AmGjW[D
soxr-^t
4[G}1^9
;5lDw!qlu
h@7j'W
 _w6#F!G?4]w_
D<4U5M,$
4MAK5Mt!.
|VK|K
EZ[4M]
UqB7*f_d
x*r_ *p
~~3-nr2J_
x8t68t't
-wN:B7
kVngni
j8Kpvf
 SU*.~
a$5"s^h 
CW::wh(
9M}wBVe
CH;rWE_Y@yS
3T5BKQ9
wSUH(Zn
xf/V[X
^;^}%95L~
X#xwQ!e
sMFG@3
y?Vct, ZH
AKLTG%t
jvxxd;*d%
rXi>\8
WY_6]`f7W
DVM[]$
u+u!9$
?{A_/@B[
n@>;vb
LRIJo,g
g,QC2?=
uY$js{
to[p[`
/<heUV
kV\XMvLQWu
?$s~^;
E0\34*
WGTC|N$T
AqOC7iZv0@
(Bw<GwH
)OI;\+5^q\9@
NY>_Iz,_;S$>!\
YeNKYKY
YK6\3x
l!OGZs
u(!!Nv
%vywqm
.+au{X
l=jKYKK\$
ayAX2N
{aa)"t
2Pntll
(08@rDdP=
wv(nl+
FWW>^FGShH0
8-[gtfa!.YWM
(h d(6Pq 
* B^6I
9ffzk'
WtgB>+sQF
[U[Du|
He3G&
xUo!H;
MyHHt
Nf+m f
D<2^)Z
tH|u.g:*u
.]'<+/
g0=lH!
=R[pa 
:cA=tV!
'a[E{[
90n:W$@
CGPCA51
'A^fp4.B
K8u]1&<
u6?Ksm|
;Z21Y+
~PKgd{d9#=
yuFX^=
C~N=>=9.=
vXQXY_
f,92nt
GUtJAy,
pPjh|J5
,.$t(4vBq
hcEmTR'
VC20XC00!
%V3x<%!nd
"}Y]65
 I"UU{c
a/'$PV5
j{(kHZ
6p o7I
@"t)%A{
"\3@D,
7I!-p`C&33u
%!<} \
d'\g\3
VSt2:Lt<m_`Ht
8X-``;m
Q|xm9=g}VL
hl,AX&k0'
V@VU!u,
M4MT\dltB
S,AAK 
KhVtc<@
iJD.WS
BDZlA0
Q)2)uf
gWQOSM
;NQ=#Qr
s@D:*D
k-[jZm
CA8Lpm
\ur#Q9B/
V+;as)
, @-,t
^UYA%oI
p6,63n
D AQ;vKp,|
V:|{&.`
2QI8Cr*h`E
8PbE[1
g]Sp*O
NL`^2o*nPn
tt0B=LG
(J1Vw!;
p`Y 5u
%JG@VO
\P_k;P
R@y~G>E
+CU|Si
aAV;Pp
 |7SWU[Z
BY_[jh{]
VVI&X#
Q7  LJ
'G8t,A<
`m8`xw
w0QYlK
Q<)3HP
97t2Jm
{Cy4l,AS:,l?
<E=DZ#
|)(#|}
G;[|^qBAOO"
.Jv])^,
Z)P,Su7f
.D7$A"
_Y(aPY
4OJ;pF;s|,"9
7EKVl[
\`}p:|#Q9?Bd
$"Dh0
x @LXiili
*8FTb4M4~ie
,BiRb~i
(mi6HTfx{4M
50 (8PX70
)(null
TLOSS
v- K|XP
A~ugh s
std5Z,pur+v3V
b(_4_*kex\/X
_N19opeX1s
+[k8F$ed
+m!ck/
Z!rm{!<
AF*+0.+8
argu(s_02
=fnngf
C++ T38fMO
\E=Pklwn>
, MD45 
AD1^emb+Nov
neAilp'
g_W{{SKGC7yC?K;3#
{C;7/'#s
&s.-s9
./wwp@\v{p
WSOCK}@@
MjPabe
D5lqaw!q!
W.e/ToMdBy
qFFP<7Z
@91OEM
sh[Buff:a!
%7d^y A D*3z>"J
J/html
f/ls,>:</
xnn'%s'1{n
.#r.(5_
-?a404 N-sl+x9n
*'kRZh"U
7200@_l
yI /2..02;4
.:t+ps://
AC6`P3R
4M7m p
Kj@$@
^_r+_j291~tY|@v4
04M,($ 
xpdi\PD@<
uw.`WYw
'X/cp(c
kST[PD,]?
bT 6XsH
'`e=O!@_s.hImpla[Y4
cpxBB|"ase=C;Z rtye
[CLS:C
[dD9cDLG:IDD_CHOEPA 
U.S.))1
=VC_TY.D,butt%,134#2373892FILE$
1772%J3`I
PWD1@D )
p?] E#
9dHb: /
WhE;Qa@W_I
WE{d}"
w1]n_[
hZ\8fgsj
fvZwQmZ
_*0M2[{
Blh'?*[f;g
PHV'v^c
H*w*|W
D$^H0j
;o:)V="8
$|hd2A 
UJ[( C
Ov+:k=owEp
2 x|2 
Ie+rlp 
BE?42/tc
(ud$CSwhoisQ3]EicHu
@%',RE53`l@
a@Le![iEi
E@ud;H.mte7
7boo:67]![8,*
'9rje7ne
fe;g$9
k?8YTY*$
ul_port
+C en 
Dd:%u2
%j{(sOVcx
)='ID/X*,
E[hk*!l-Z<-a\lf9\
sf[()G6e!a
ov *5lb-
&ye520oN<
%cGr%n>30rpc!nfenLf!1chEe
Mvd-cD"AMIT
3JI&wskQI&2
0Cc&wK&3v--rgy7Fc
>P^niixi]i
4Mt/4T
 4M(0:DT
+*Y#++K0t
UA|_sX
emcpy5
1109FPDs
2`9WI142a
Rpsy08
)d5:-#V
ad3/!Ey
(^lR>a
varcDH
ePJZF`
o`Q^Ddsao4
KERNEL32.DLL
advapi32.dll
oleaut32.dll
user32.dll
LoadLibraryA
GetProcAddress
ExitProcess
RegOpenKeyA
SysFreeString
CharNextA
V'v5}?.P
RM"RfxB
O3"uNHOrT.
Xvi'KCO.W
Z*z*u"
}WGo:.(KWp(
CDd`Y_e
{[fhyoEPjP
m`}X!X 
kY[2A~
jRz.k^"
-z$U[xfRs
,@(!C[^ LD
)SV?Kd~=Yjm
%[~:"r~7
+bw=OK
c"?A~Y=n
Lz^>LF
CYJtyL?~b
@P'xY2Rw
)%!0`+VK
s8O;@;
s; F&(L
RT5|#%
[W]=zd'i}kO
X=kAXW
`cEh@R
51U 9}q_
Get[fa#/*3;:uP
~G-W3<fo
d!>5`i9Je
;h!n\ <c
;U>VYS
.ApR//E*LHQ 9M3~
HJNb(vL | k/_Zv<
ZQKy[zI8} A-
$t&ojgT*6
' 2|"+`zJP;mP5A
w-)@.?I
%37NPyeDNhY
@qtaQJ49F
P&VgxZ,->fx.65
x`xKjMI
(Y">Fa&%[Qd:
tT47Y;i+M
rEcD?d
LL(x\ZP=0.
;j3{%eZ
-W<l9K>
 M9<}P
dp$\Sc7O|hsK#B_
h)3"_Y9\z2;v/n=
}\g}%c
I|J0gZ
n%MK\WB;
16l@>T
`tOr(c7}Y[N:}
bJ.c]7MI
.JT$}i@E+8
e|mQx4
|zZ{K9*0/yct
wn3<{w
2p~KCA
Wjt!3ki{x
z,3XO=
F%x@w~(2
@=0=jl`^
9`Ech8n"
8NADr#&a
&faEquM'P>
I-:trJb
OVk_LBx
Z-L,N4=e$[
6q3?U1
{o#+.(/#
<j:C;]7Cs
&.vGM^
``k0@Q|
=*0r"Q
(*ZF6;
Co\;drj*97+G4a
nTx*Bgz~Mm
^KvCJ
eOml_Dk:ci5kQ
{i~tL7
\)aH#p>
;`_noNt
0<}$?vMPK
Oc`69RrY\
%G@n=AspiHSm/sSI!M/j#4
SPxGJB
[$GELvDEp
 D4tr
14LJTlo 
_1r5|RG&N
19B0ntu8
Rc"{~`*0
IaKZo':
cvWs6a^s
[UBz@`e
"""}`+C`LR
b%MHwOs>%K
lQ@-TdKA(
l*Ps![
7O3mvihG
^g.mp_:cwxX+
:mX]Q:
\>~GKUXINF
?+&EPXn4
g>m]KO
y^nnFeP
LKt9UgJ
kl^Cm~Bk{M}!]}R>u-Z
OU00#Rq<
Pbo7 eB
s=l#_@
VNY@11TgMi%Z @
daVG.'.
F|Y`'Tvt<>
R7zyaP
ay>,P8}xV
;lu:@J
;K[mP?j%c
!|A\M2!xQ=f
_AC\]a
"kLA5
M?dB<1fb`.Nw?
q'y-F,&^]f
v0}3cm#UyP"l
oEki+xF
'wEUa4
ceGG,F_JlO
NI\&#Le7OjN3;
N~"l'.
Krl4U7~/0TD
5_B?p0
XrDuttB\k
c*O1h:P
%Q|#jCs+J
b4k[ i
AeR".C#
Q=Wr\.IeK
jKd'#72v"0;
WWyB(a"
3Ov&.]ay
9z<FMMFw>
?7C?x](W
IdKBiK
ONm_g3
h.Y\G]
;M$YiQC(I94
cb"*ys{@
#R)z;daY:
)nM=[%A@} 
<[X^;i
+cFdP!05{<
D3w:TH2Hk=Q4
zGhk>4w0G
;;&gI~
M?F?UY27
w]5zCzt}
JipLYn
B'D86b3
wpw!OuV
Eoau+o
ribX27M*
~Ii_E%h-
qc!!r\
W4n_ke
kx^2fq
|-eFt5
=i^F{>fOd!{|Ve
4b\TuYE
F.?lTd
].V8g4SL,
y?".\T
[co/LUo
0U,j>*5
>[1Aycn
`eILwn XE$|3^b>=q
=LS({Dv]
SySxA(Q>UNp
S1CU@sc
A"{g`s(ZM%[~e~Rl?\h
5?Z\r8&$4;
Kl7kjsl\x;_
fn9}sz
SxVRRZ3ww^7
m/%)gVR3
dIi{ M
gEZ`)u8IU
uGBw*vA
AKU&/jvKx>
={fdh+i^"v
%%(<)n[m
4@Rz~l
Yk8+oT4 /p
1"`I|SvQcF\
]owGlQ7,]j
+_Bp*q
pbdDfe
EH9'&f
*=<Yp3
d=3RVg?#)J6
emawK)~z@4"
B#phc_3
g1LU5;U
n')B"
8_dFJIBu
zU;hx310i
g]NPP<3$h
XhE?cUeO=u|bV)
mPK/pX
X,+gys
R"26-4w
2*~IT\5?
ig;J"-w
7kr/s
#R#%Xr6%]
"0>1@yV
Y7[R\JZ
3Ng@~8
@)tt 8E
{xuI+u,
V3h&y,4L
pN6#&B
Ovxl|#X@hQH
-J,'{=B:$
jhTQk,Wom<
)!v/"I
R3B-"9
1Zt84
DTvcVM[>t
sh8aj`9
U4@5QL~lUy`n9g
Rn;T!2?tN3
dW?"K!y5
q]OQ$4]I
<U(2*6+?Igv=
(dwh_k
YeMiR @l
cAQqfc7?TZ
=8g5t>p
<LLl2*k
9&z{~\ANJZwP\
9Nx,A>
jwV-K"H
C?B*(XI
9=1pCDC?>
~"8K,h{xO:(!
ViHG*@x
HBpR|5) m?
E}n'b,\B
*sto&K]E
s?o$40
U#}h\HRxG9
opl%Ta+"
2fO[)Q
rq1W}y|~[
Q|Naa>`M*m
UzX^v+l9
X{&r-q*A'U"YLQ
aVeppv3]
"QFhC_phs
uu<t!~;z6
F/u{aIy
2Hat%/
e??b*+J
vu_o,]*.nkaAL
2<_6hK58j
QV.S/),
u0k"js
DVCLAL
PACKAGEINFO

Process Tree

0594890304ddd9155d8e3f1b4ebc03e6ab7705109275834a2c36d75efd33b81a.exe (3012) "C:\Users\Administrator\AppData\Local\Temp\0594890304ddd9155d8e3f1b4ebc03e6ab7705109275834a2c36d75efd33b81a.exe"

Search
0594890304ddd9155d8e3f1b4ebc03e6ab7705109275834a2c36d75efd33b81a.exe (3012)

0594890304ddd9155d8e3f1b4ebc03e6ab7705109275834a2c36d75efd33b81a.exe, PID: 3012, Parent PID: 2236

default registry file network process services synchronisation iexplore office pdf

Hosts

IP
114.114.114.114
8.8.8.8

DNS

Name	Response	Post-Analysis Lookup
dns.msftncsi.com	A 131.107.255.255	131.107.255.255
dns.msftncsi.com		131.107.255.255

TCP

No TCP connections recorded.

UDP

Source	Source Port	Destination	Destination Port
192.168.56.101	53179	224.0.0.252	5355
192.168.56.101	49642	224.0.0.252	5355
192.168.56.101	137	192.168.56.255	137
192.168.56.101	61714	114.114.114.114	53
192.168.56.101	61714	8.8.8.8	53
192.168.56.101	56933	8.8.8.8	53
192.168.56.101	138	192.168.56.255	138
192.168.56.101	58485	114.114.114.114	53
192.168.56.101	58485	8.8.8.8	53

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Name	3787a7432ea33b99_website hacker.exe
Filepath	C:\Windows\SysWOW64\macromd\Website Hacker.exe
Size	70.1KB
Processes	3012 (0594890304ddd9155d8e3f1b4ebc03e6ab7705109275834a2c36d75efd33b81a.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`483e922d78cb2cd0783d978b4d3b93cc`
SHA1	`b989c1dd66b8093b98142ba06b8d0843a491a49f`
SHA256	`3787a7432ea33b99afdb004e15ffbb49b2ea44a8b628354facd8f1c9af7374dc`
CRC32	`9573046D`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	362adcf0170c1cf0_15 year old on beach.mpg.exe
Filepath	C:\Windows\SysWOW64\macromd\15 year old on beach.mpg.exe
Size	63.7KB
Processes	3012 (0594890304ddd9155d8e3f1b4ebc03e6ab7705109275834a2c36d75efd33b81a.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`f5bc35393f9dbb87966ec800568049a1`
SHA1	`e847d0439cec6aed1a7209f78a98e20f8c357869`
SHA256	`362adcf0170c1cf00e409c5afa398fd10d98635e3c730941f084988b827587e7`
CRC32	`43CFE234`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	760e65b6600b2c27_aol password cracker.exe
Filepath	C:\Windows\SysWOW64\macromd\aol password cracker.exe
Size	78.2KB
Processes	3012 (0594890304ddd9155d8e3f1b4ebc03e6ab7705109275834a2c36d75efd33b81a.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`203bfaf49a50dff439f71670e4cc4f88`
SHA1	`374b69ffee914649dceedbfe3ab5ae2b374cba23`
SHA256	`760e65b6600b2c27abb536587d3a25f631434a0be9f0e2ed5a976a0f9cc46261`
CRC32	`D84AE9D9`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	676c3ca6a2886eae_warcraft 3 battle.net serial generator.exe
Filepath	C:\Windows\SysWOW64\macromd\Warcraft 3 battle.net serial generator.exe
Size	67.6KB
Processes	3012 (0594890304ddd9155d8e3f1b4ebc03e6ab7705109275834a2c36d75efd33b81a.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`cf0e29889e093728d93ae52fb8cc0dca`
SHA1	`7be94287c35e5d673339fbd078e396cb25178936`
SHA256	`676c3ca6a2886eae7008b44017c516e32f420223bcf0587e05ba2a29cde68a15`
CRC32	`CDA97AB5`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	0d0207f6e7653ba5_pamela anderson and tommy lee home video (part 1).mpg.exe
Filepath	C:\Windows\SysWOW64\macromd\Pamela Anderson And Tommy Lee Home Video (Part 1).mpg.exe
Size	75.2KB
Processes	3012 (0594890304ddd9155d8e3f1b4ebc03e6ab7705109275834a2c36d75efd33b81a.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`9735aa3efbdae0ecf10938898a751fd5`
SHA1	`acab977abb72aac119fc54a7a211f89dd2c7a694`
SHA256	`0d0207f6e7653ba53bf25102253f9010d2971ba3fa5da913b80f99c0076404fd`
CRC32	`BE2DEB4F`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	5d9e3817ebb19150_16 year old on beach.exe
Filepath	C:\Windows\SysWOW64\macromd\16 year old on beach.exe
Size	86.6KB
Processes	3012 (0594890304ddd9155d8e3f1b4ebc03e6ab7705109275834a2c36d75efd33b81a.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`7008c43be39baf159809e5567dfd7be2`
SHA1	`21b7cc95372e55a67a7dafb38566718beb8c534b`
SHA256	`5d9e3817ebb19150c63987f8781fb8bc6bf12441a5a25b96fc6fb309e1fbaf8f`
CRC32	`8B438183`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	f0010fc68e8ec215_gta 3 crack.exe
Filepath	C:\Windows\SysWOW64\macromd\GTA 3 Crack.exe
Size	84.6KB
Processes	3012 (0594890304ddd9155d8e3f1b4ebc03e6ab7705109275834a2c36d75efd33b81a.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`ea297270ac44b9bb1b1c3cb435262a62`
SHA1	`9f618b9a2a9cdcb74f7851a1f2c4ca2a2e53c5c9`
SHA256	`f0010fc68e8ec215ce4485892cfa925d6293e9378409c1775cb0b8389eec56d0`
CRC32	`EDDA535A`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	f0572732162b1c0d_aimcracker.exe
Filepath	C:\Windows\SysWOW64\macromd\aimcracker.exe
Size	81.0KB
Processes	3012 (0594890304ddd9155d8e3f1b4ebc03e6ab7705109275834a2c36d75efd33b81a.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`54e8e38cff670fa7f1659b2e29efb044`
SHA1	`2d90b6759f2bcf7717c7d0492db1722dace6e8d9`
SHA256	`f0572732162b1c0d8fa7725d233b9fb6566d9ebe9012330208c5576d0e806b86`
CRC32	`7B600E62`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	8d90192ca94ff90e_choke on cum (sodomy, rape).mpg.exe
Filepath	C:\Windows\SysWOW64\macromd\Choke on cum (sodomy, rape).mpg.exe
Size	79.8KB
Processes	3012 (0594890304ddd9155d8e3f1b4ebc03e6ab7705109275834a2c36d75efd33b81a.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`e83583ee317173c9d9e7bb59cb866f56`
SHA1	`7d2b3dd7f6719c90eba484b04e3258bdf28d406a`
SHA256	`8d90192ca94ff90e6647f4d115af54b9222f84fb65828cd18bb4c339a277dde1`
CRC32	`E98F032C`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	7098c17f65dbfc5b_microsoft office xp (english) key generator.exe
Filepath	C:\Windows\SysWOW64\macromd\Microsoft Office XP (english) key generator.exe
Size	77.3KB
Processes	3012 (0594890304ddd9155d8e3f1b4ebc03e6ab7705109275834a2c36d75efd33b81a.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`3335f50cdb650fd1c139c70cf19bc549`
SHA1	`e4bf0a818ed86eda4ae0d3fc20791f9cfb7a0657`
SHA256	`7098c17f65dbfc5bf2497524857c5d1665b115cc9149a985715d6f555d9a4f35`
CRC32	`27A89552`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	cdbf79c9618aacc5_fetish bondage preteen porno.mpg.pif
Filepath	C:\Windows\SysWOW64\macromd\fetish bondage preteen porno.mpg.pif
Size	77.8KB
Processes	3012 (0594890304ddd9155d8e3f1b4ebc03e6ab7705109275834a2c36d75efd33b81a.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`1e5a0e010be7b977292e36564d2d4faf`
SHA1	`a31af02cc5e25e46dcca295a6ed1d3b0233785e6`
SHA256	`cdbf79c9618aacc551c9b63fa22c7c6f5cef2f0a53db6018c7f61ed96720672f`
CRC32	`24416C6D`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	9a4281dfa0fb25d6_winxcfg.exe
Filepath	C:\Windows\SysWOW64\winxcfg.exe
Size	71.0KB
Processes	3012 (0594890304ddd9155d8e3f1b4ebc03e6ab7705109275834a2c36d75efd33b81a.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`7766cdb9f1243ffbbfece2e7d7aa440a`
SHA1	`32f526f78c0b69ad61c94345815338b1f221b588`
SHA256	`9a4281dfa0fb25d65b2acc0c7a792768bd99533a8cc82493cdc688fb8e5e30ab`
CRC32	`BEC10D34`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	a32b3538a51c66b9_free porn.exe
Filepath	C:\Windows\SysWOW64\macromd\Free Porn.exe
Size	77.9KB
Processes	3012 (0594890304ddd9155d8e3f1b4ebc03e6ab7705109275834a2c36d75efd33b81a.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`163d465fe475d281a986e82f00af4174`
SHA1	`64a3e7ba57aba2a4a1aeabcf30ed2cd3a4e66a90`
SHA256	`a32b3538a51c66b90b7e12593761a3a0a847a0f9493356e8fa8add7478dbd63f`
CRC32	`730A5F9A`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	dc0719ded365b6f4_digimon.exe
Filepath	C:\Windows\SysWOW64\macromd\Digimon.exe
Size	79.4KB
Processes	3012 (0594890304ddd9155d8e3f1b4ebc03e6ab7705109275834a2c36d75efd33b81a.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`aa0f001d17a3e6d4d12b67e5b84eda3a`
SHA1	`ca4f102f44d75f1db52aa8373f8cf00cd776a3ce`
SHA256	`dc0719ded365b6f4182d1ee4b9948ae6f5b78cc2a073defbca9176b57567c504`
CRC32	`6F4379B5`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	5998c0114e55ba04_officexp keygen.exe
Filepath	C:\Windows\SysWOW64\macromd\OfficeXP Keygen.exe
Size	82.8KB
Processes	3012 (0594890304ddd9155d8e3f1b4ebc03e6ab7705109275834a2c36d75efd33b81a.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`18b7c978dfc7426a1fed1ee8386ae5df`
SHA1	`eeaa26630702ad5bbaeb10ee254635af8ed5f8d8`
SHA256	`5998c0114e55ba04d62cd8f65f10a0ffe5a324d5c08fbb855bcfac047829aab0`
CRC32	`AA8604FB`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	e84454be37b0db0d_windows 2000.exe
Filepath	C:\Windows\SysWOW64\macromd\Windows 2000.exe
Size	72.6KB
Processes	3012 (0594890304ddd9155d8e3f1b4ebc03e6ab7705109275834a2c36d75efd33b81a.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`aa80d5c22ce8007799e25e61850b8d63`
SHA1	`ab9a7bf8a806b433f69f1f16a1e46b2f543d73e7`
SHA256	`e84454be37b0db0d2a24fd1618961d8f80e3e321ead4a4945d72c70a24536c41`
CRC32	`DA6B2A60`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	40aaa599ed220bdd_lolita preteen sex.mpeg.pif
Filepath	C:\Windows\SysWOW64\macromd\Lolita preteen sex.mpeg.pif
Size	66.9KB
Processes	3012 (0594890304ddd9155d8e3f1b4ebc03e6ab7705109275834a2c36d75efd33b81a.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`7bf1351715efff80511aab737a5c8c02`
SHA1	`eeecd9dd74c5f6f7ef80c7a4c1861c0862fa5fbc`
SHA256	`40aaa599ed220bdddca86138d046d730e86235b0437b5ea6e0d92dc0ae019a0c`
CRC32	`D36FDC01`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	f3f763479a59dfb4_counter strike cd keygen.exe
Filepath	C:\Windows\SysWOW64\macromd\Counter Strike CD Keygen.exe
Size	64.1KB
Processes	3012 (0594890304ddd9155d8e3f1b4ebc03e6ab7705109275834a2c36d75efd33b81a.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`ebc2ac3dd6e2c0b4d31b807b5aadb9d9`
SHA1	`ff515815bbec3d0861ddd08afe458a1fa1db654a`
SHA256	`f3f763479a59dfb4a7f1e2b9f5bcf8cd4cdf595bd8173db8bcc1214b2603a1a7`
CRC32	`976174CE`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	127bb31df55c18c8_jenna jamison dildo humping.exe
Filepath	C:\Windows\SysWOW64\macromd\Jenna Jamison Dildo Humping.exe
Size	85.5KB
Processes	3012 (0594890304ddd9155d8e3f1b4ebc03e6ab7705109275834a2c36d75efd33b81a.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`661a8cd439cc849bad07497e0273fe4d`
SHA1	`74732df2fd3130a6a50b0a0a56981d9eeb961f1f`
SHA256	`127bb31df55c18c89a8bc3caec795c4c1d23dbadf76bc8bf0923e396757987a1`
CRC32	`4D63ADA4`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	3306c43cab9d9909_want to see a massive horse cock in a tight little teen's pussy.mpg.pif
Filepath	C:\Windows\SysWOW64\macromd\Want to see a massive horse cock in a tight little teen's pussy.mpg.pif
Size	72.9KB
Processes	3012 (0594890304ddd9155d8e3f1b4ebc03e6ab7705109275834a2c36d75efd33b81a.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`486ad3f63dafb2f389a91fbf8690c233`
SHA1	`b7adcebd4562275163bab8eac8737b0e57d93557`
SHA256	`3306c43cab9d99091f3a7c3849f4696f1aa91b9fb309749f011626ada3b2c576`
CRC32	`20515C97`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	1da4b00db9e2d6f0_aim account hacker.exe
Filepath	C:\Windows\SysWOW64\macromd\AIM Account Hacker.exe
Size	88.3KB
Processes	3012 (0594890304ddd9155d8e3f1b4ebc03e6ab7705109275834a2c36d75efd33b81a.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`80a3e4099c1529f1438fee3a35308eea`
SHA1	`991216904b6d886417d3fd2b08bc0b872bca0475`
SHA256	`1da4b00db9e2d6f07130116573bbbfea5c2cb6cb7cd1f24b1076e8a371452816`
CRC32	`D5726C5D`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	b6053a3ba412977c_gta3 crack.exe
Filepath	C:\Windows\SysWOW64\macromd\GTA3 crack.exe
Size	65.2KB
Processes	3012 (0594890304ddd9155d8e3f1b4ebc03e6ab7705109275834a2c36d75efd33b81a.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`a88b1436e654a6a7cdb71c77cec265ff`
SHA1	`8a34e729fd6151beb73f4319b80eda2eaaffdd66`
SHA256	`b6053a3ba412977c4da266c03dd37d9d53e75541d33a91036a68e914cbae19f2`
CRC32	`728BBB6E`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	96861fc2badc022c_msncracker.exe
Filepath	C:\Windows\SysWOW64\macromd\msncracker.exe
Size	83.7KB
Processes	3012 (0594890304ddd9155d8e3f1b4ebc03e6ab7705109275834a2c36d75efd33b81a.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`8d10ee7e529ac3c1cdd045fec46908aa`
SHA1	`59dcc8cf08ffb413780170441d8b22f1d53dc860`
SHA256	`96861fc2badc022cc53bd3043efa5de919ce941c59d9688b6e159c80f87cd520`
CRC32	`4B15F0FC`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	72c0d9248d1173b7_nude.exe
Filepath	C:\Windows\SysWOW64\macromd\nude.exe
Size	62.5KB
Processes	3012 (0594890304ddd9155d8e3f1b4ebc03e6ab7705109275834a2c36d75efd33b81a.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`6887a522135f48ac16e78c86e2799456`
SHA1	`1e1adf981c4436ae447a80accf6747674ed0f90c`
SHA256	`72c0d9248d1173b747810e108313c716a1fe53f58cb6257e7a4d44dd607c0ef7`
CRC32	`1ABB7917`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	160d737814125512_cky3 - bam margera world industries alien workshop.exe
Filepath	C:\Windows\SysWOW64\macromd\CKY3 - Bam Margera World Industries Alien Workshop.exe
Size	77.5KB
Processes	3012 (0594890304ddd9155d8e3f1b4ebc03e6ab7705109275834a2c36d75efd33b81a.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`f61ecc832fd04728eee241b83f3cf826`
SHA1	`90f5b794869a23faafd0208f718ec86d6917fd31`
SHA256	`160d737814125512b688b4a226a3e1d80fe06ee71d25b270a0447490f6dfb169`
CRC32	`01934189`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	8baf5848ddb9c3d0_cute girl giving head.exe
Filepath	C:\Windows\SysWOW64\macromd\cute girl giving head.exe
Size	83.0KB
Processes	3012 (0594890304ddd9155d8e3f1b4ebc03e6ab7705109275834a2c36d75efd33b81a.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`95e788a5ea485cb0d594fbd6fae54886`
SHA1	`ac1f1b41103d8e221d99f73ca1ed6e773ca554e3`
SHA256	`8baf5848ddb9c3d01637d94b9dd3ab24844b43e63a3bad260a77369f561b9695`
CRC32	`C45A5A41`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	2904c91798a79da4_16 year old webcam.mpg.exe
Filepath	C:\Windows\SysWOW64\macromd\16 year old webcam.mpg.exe
Size	70.0KB
Processes	3012 (0594890304ddd9155d8e3f1b4ebc03e6ab7705109275834a2c36d75efd33b81a.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`5039f405ad1211836cf569194a62a65e`
SHA1	`813e5d897f12441cfe76554176552514c78e0d79`
SHA256	`2904c91798a79da40fb4dba022d2d50296741bcb8d2b39cb0d744b501b98080c`
CRC32	`67C9945A`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Sorry! No dropped buffers.

section	UPX0				description	节名称指示UPX
section	UPX1				description	节名称指示UPX

ALYac	Generic.Malware.G!hiddldprng.4A2FD3CB
APEX	Malicious
AVG	Win32:Picsys-B [Wrm]
Acronis	suspicious
Ad-Aware	Generic.Malware.G!hiddldprng.4A2FD3CB
AhnLab-V3	Worm/Win32.Picsys.C116429
Antiy-AVL	Worm[P2P]/Win32.Picsys
Arcabit	Generic.Malware.G!hiddldprng.4A2FD3CB
Avast	Win32:Picsys-B [Wrm]
Avira	DR/Delphi.Gen
Baidu	Win32.Worm.Picsys.a
BitDefender	Generic.Malware.G!hiddldprng.4A2FD3CB
CAT-QuickHeal	Worm.Picsys
CMC	P2P-Worm.Win32.Picsys!O
ClamAV	Win.Worm.Picsys-6804101-0
Comodo	Worm.Win32.Picsys.B@1awl
CrowdStrike	win/malicious_confidence_100% (D)
Cybereason	malicious.cb3d18
Cylance	Unsafe
Cyren	W32/Picsys.FYLV-4646
DrWeb	Win32.HLLW.Morpheus.2
ESET-NOD32	Win32/Picsys.B
Emsisoft	Generic.Malware.G!hiddldprng.4A2FD3CB (B)
Endgame	malicious (moderate confidence)
F-Prot	W32/Picsys.B
F-Secure	Dropper.DR/Delphi.Gen
FireEye	Generic.mg.6a4b753cb3d18049
Fortinet	W32/Generic.AC.2C8E!tr
GData	Generic.Malware.G!hiddldprng.4A2FD3CB
Ikarus	P2P-Worm.Win32.Picsys.b
Invincea	heuristic
Jiangmin	I-Worm/P2P.Picsys
K7AntiVirus	Trojan ( 7000000f1 )
K7GW	Trojan ( 7000000f1 )
Kaspersky	P2P-Worm.Win32.Picsys.b
MAX	malware (ai score=85)
Malwarebytes	Worm.Small
MaxSecure	Trojan.Malware.300983.susgen
McAfee	W32/Picsys.worm.b
McAfee-GW-Edition	BehavesLike.Win32.Backdoor.kc
MicroWorld-eScan	Generic.Malware.G!hiddldprng.4A2FD3CB
Microsoft	Worm:Win32/Yoof.E
NANO-Antivirus	Trojan.Win32.Picsys.deaxpd
Qihoo-360	HEUR/QVM11.1.6451.Malware.Gen
Rising	Backdoor.Agent!1.663A (CLASSIC)
SUPERAntiSpyware	Trojan.Agent/Gen-SpyBot
SentinelOne	DFI - Malicious PE
Sophos	W32/PicSys-B
Symantec	W32.HLLW.Yoof
TACHYON	Worm/W32.Picsys

file	C:\Windows\System32\winxcfg.exe
file	C:\Windows\System32\macromd\Counter Strike CD Keygen.exe
file	C:\Windows\System32\macromd\fetish bondage preteen porno.mpg.pif
file	C:\Windows\System32\macromd\Warcraft 3 battle.net serial generator.exe
file	C:\Windows\System32\macromd\GTA 3 Crack.exe
file	C:\Windows\System32\macromd\Jenna Jamison Dildo Humping.exe
file	C:\Windows\System32\macromd\Windows 2000.exe
file	C:\Windows\System32\macromd\msncracker.exe
file	C:\Windows\System32\macromd\Choke on cum (sodomy, rape).mpg.exe
file	C:\Windows\System32\macromd\Website Hacker.exe
file	C:\Windows\System32\macromd\Free Porn.exe
file	C:\Windows\System32\macromd\Want to see a massive horse cock in a tight little teen's pussy.mpg.pif
file	C:\Windows\System32\macromd\15 year old on beach.mpg.exe
file	C:\Windows\System32\macromd\aimcracker.exe
file	C:\Windows\System32\macromd\Microsoft Office XP (english) key generator.exe
file	C:\Windows\System32\macromd\Lolita preteen sex.mpeg.pif
file	C:\Windows\System32\macromd\cute girl giving head.exe
file	C:\Windows\System32\macromd\Pamela Anderson And Tommy Lee Home Video (Part 1).mpg.exe
file	C:\Windows\System32\macromd\nude.exe
file	C:\Windows\System32\macromd\Digimon.exe
file	C:\Windows\System32\macromd\CKY3 - Bam Margera World Industries Alien Workshop.exe
file	C:\Windows\System32\macromd\16 year old on beach.exe
file	C:\Windows\System32\macromd\aol password cracker.exe
file	C:\Windows\System32\macromd\AIM Account Hacker.exe
file	C:\Windows\System32\macromd\OfficeXP Keygen.exe
file	C:\Windows\System32\macromd\16 year old webcam.mpg.exe
file	C:\Windows\System32\macromd\GTA3 crack.exe

host	114.114.114.114
host	8.8.8.8