1.0
低危
DACN
0.12
FACILE
1.00
IMCLNet
0.60
MFGraph
0.00
反病毒引擎
| 查杀引擎 | 查杀结果 | 查杀时间 | 查杀版本 |
|---|---|---|---|
| Alibaba | None | 20190527 | 0.3.0.5 |
| Avast | Win32:Trojan-gen | 20190829 | 18.4.3895.0 |
| Baidu | None | 20190318 | 1.0.0.2 |
| CrowdStrike | win/malicious_confidence_100% (D) | 20190702 | 1.0 |
| Kingsoft | None | 20190829 | 2013.8.14.323 |
| McAfee | None | 20190829 | 6.0.6.653 |
| Tencent | None | 20190829 | 1.0.0.1 |
静态指标
可执行文件包含未知的 PE 段名称,可能指示打包器(可能是误报)
(2 个事件)
| section | CODE |
| section | DATA |
动态指标
网络通信
与未执行 DNS 查询的主机进行通信
(1 个事件)
| host | 114.114.114.114 | |||
文件已被 VirusTotal 上 53 个反病毒引擎识别为恶意
(50 out of 53 个事件)
| APEX | Malicious |
| AVG | Win32:Trojan-gen |
| Acronis | suspicious |
| Ad-Aware | Gen:Trojan.Heur.VP.hm1@ai9ohZgi |
| Antiy-AVL | Trojan/Win32.Scar |
| Arcabit | Trojan.Heur.VP.E746B4 |
| Avast | Win32:Trojan-gen |
| Avira | TR/Dropper.Gen |
| BitDefender | Gen:Trojan.Heur.VP.hm1@ai9ohZgi |
| CAT-QuickHeal | Trojan.Rimod.AZ3 |
| CMC | Trojan.Win32.Scar!O |
| ClamAV | Win.Trojan.Vilsel-4622 |
| Comodo | Packed.Win32.MUPX.Gen@24tbus |
| CrowdStrike | win/malicious_confidence_100% (D) |
| Cybereason | malicious.d2ff14 |
| Cylance | Unsafe |
| DrWeb | Trojan.MulDrop2.62572 |
| ESET-NOD32 | a variant of Win32/VB.NYB |
| Emsisoft | Gen:Trojan.Heur.VP.hm1@ai9ohZgi (B) |
| Endgame | malicious (high confidence) |
| F-Secure | Trojan.TR/Dropper.Gen |
| FireEye | Generic.mg.6d10909d2ff14266 |
| Fortinet | W32/VB.NYB!worm |
| GData | Gen:Trojan.Heur.VP.hm1@ai9ohZgi |
| Ikarus | Trojan.Win32.Scar |
| Invincea | heuristic |
| Jiangmin | Trojan.Scar.fne |
| K7AntiVirus | Trojan ( 00013e901 ) |
| K7GW | Trojan ( 00013e901 ) |
| Kaspersky | Trojan-Ransom.Win32.Blocker.jddm |
| Lionic | Trojan.Win32.Refroso.leE8 |
| MAX | malware (ai score=82) |
| MaxSecure | Trojan.Malware.3129119.susgen |
| McAfee-GW-Edition | BehavesLike.Win32.VBObfus.cz |
| MicroWorld-eScan | Gen:Trojan.Heur.VP.hm1@ai9ohZgi |
| Microsoft | Trojan:Win32/Wacatac.B!ml |
| NANO-Antivirus | Trojan.Win32.VB.cauqic |
| Qihoo-360 | HEUR/QVM03.0.88E1.Malware.Gen |
| Rising | Malware.Undefined!8.C (TFE:3:8mx04J1AhCD) |
| SentinelOne | DFI - Malicious PE |
| Sophos | Mal/Scar-H |
| Symantec | ML.Attribute.HighConfidence |
| Trapmine | malicious.high.ml.score |
| TrendMicro | TROJ_SCAR.SMH |
| TrendMicro-HouseCall | TROJ_SCAR.SMH |
| VBA32 | Trojan.VBRA.014844 |
| VIPRE | Trojan.Win32.Generic!BT |
| ViRobot | Trojan.Win32.A.Scar.117256 |
| Webroot | W32.Downloader.Gen |
| Yandex | Trojan.Scar!pfCt8iWMkA8 |
二进制图像
288x288
224x224
192x192
160x160
128x128
96x96
64x64
32x32
运行截图
暂无运行截图
该样本运行过程中未生成截图
PE Compile Time
2010-05-15 13:13:39
PE Imphash
68d1847211d2feafeda34331216c14ae
Sections
| Name | Virtual Address | Virtual Size | Size of Raw Data | Entropy |
|---|---|---|---|---|
| CODE | 0x00001000 | 0x00012000 | 0x00012000 | 3.5647827549063864 |
| DATA | 0x00013000 | 0x00005000 | 0x00004600 | 4.888204019786862 |
| .rsrc | 0x00018000 | 0x00006000 | 0x00006000 | 4.125865528751948 |
Resources
| Name | Offset | Size | Language | Sub-language | File type |
|---|---|---|---|---|---|
| RT_ICON | 0x0001d4f8 | 0x00000468 | LANG_NEUTRAL | SUBLANG_NEUTRAL | None |
| RT_ICON | 0x0001d4f8 | 0x00000468 | LANG_NEUTRAL | SUBLANG_NEUTRAL | None |
| RT_ICON | 0x0001d4f8 | 0x00000468 | LANG_NEUTRAL | SUBLANG_NEUTRAL | None |
| RT_ICON | 0x0001d4f8 | 0x00000468 | LANG_NEUTRAL | SUBLANG_NEUTRAL | None |
| RT_ICON | 0x0001d4f8 | 0x00000468 | LANG_NEUTRAL | SUBLANG_NEUTRAL | None |
| RT_ICON | 0x0001d4f8 | 0x00000468 | LANG_NEUTRAL | SUBLANG_NEUTRAL | None |
| RT_GROUP_ICON | 0x0001d964 | 0x0000005c | LANG_NEUTRAL | SUBLANG_NEUTRAL | None |
| RT_VERSION | 0x0001d9c4 | 0x000001e4 | LANG_ENGLISH | SUBLANG_ENGLISH_US | None |
Imports
Library MSVBVM60.DLL:
• 0x401000 MethCallEngine
• 0x401004 None
• 0x401008 None
• 0x40100c None
• 0x401010 None
• 0x401014 None
• 0x401018 None
• 0x40101c EVENT_SINK_AddRef
• 0x401020 None
• 0x401024 DllFunctionCall
• 0x401028 EVENT_SINK_Release
• 0x40102c None
• 0x401030 None
• 0x401034 EVENT_SINK_QueryInterface
• 0x401038 __vbaExceptHandler
• 0x40103c None
• 0x401040 None
• 0x401044 None
• 0x401048 None
• 0x40104c ProcCallEngine
• 0x401050 None
• 0x401054 None
• 0x401058 None
• 0x40105c None
• 0x401060 None
• 0x401064 None
• 0x401068 None
• 0x40106c None
• 0x401070 None
• 0x401074 None
• 0x401078 None
• 0x40107c None
• 0x401080 None
• 0x401084 None
• 0x401088 None
• 0x40108c None
L!This program cannot be run in DOS mode.
sisisi
ldsiRichsi
vUeb iB
ZQRB},J
K :O3f
frmMain
jjjjjjjjjjjjjjjjjjjjjjjjjj]
jjjjjjjjjjjjjjjjjjjjjjjjjj
dddddddddddddddddddddddddd
dddddddddddddddddddddddddd
__________________________r
stun$%12V44)
zzzzzzzzzzzzzzz{
Tikumn
/Z [qr
bcdddddddddef/YggggggggggggggYh
(YZZ[a((
(YYZZZ]
NEFGHK
deEFGHIyKL
12344* z
$P&'(Z
|bbbbbbbbbbbbbbb
UUUUUUUUUUUUUUUC
qrst!w@gylz///////
q`cDefE!gYjjiiijj2mnop
UUCCCDVWX
YZZ[\2^
CDEFvwJgL
23456789:<#$>
"#$%&'()*+,
bcdefghi
WXYZ[\]^_`a
LMNOPQRSTUV
CDEFGGGHIJK
9:;<=>>?@AB
345678
$%&'()*+,-.
-kkeJ/
.nnnnnnnS8
/qqqqqqqqqqq\@$
tttttttttttttttfI3
wwwwwwwwwwwwwwwwwwwpS<
zzzzzzzzzzzzzzzzzzzzzzzz\E&
}}}}}}}}}}}}}}}}}}}}}}}}}}M
H((wf,
I33lfZ
}KUUmfh
}]WWnf
urpg\B(
qkruvwyq]J4
gpwvvvvw{}tkW=!
kt{{{{{{{z{|
s#Keq |
fvhQC7Q
~Yn_YNA^
u]O7 q
w~~xkZD'~
+j!{tp
YZ~jLwd
VB5! *
Music 2.0
c=l-pK
frmMain
modRegistry
ModPro2
moddanhdau
module_bind
module_path
+3qC:\Program Files\Microsoft Visual Studio\VB98\VB6.OLB
+3q"=h
VBA6.DLL
advapi32.dll
RegSetValueExA
RegQueryValueExA
RegOpenKeyExA
RegDeleteValueA
RegDeleteKeyA
RegCreateKeyExA
RegCloseKey
RegSaveKeyA
RegRestoreKeyA
RegEnumKeyExA
GetCurrentProcess
RegEnumValueA
RegCreateKeyA
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
kernel32
user32
FindWindowA
FindWindowExA
SendMessageA
PostMessageA
GetFileAttributesA
ExitWindowsEx
qp5Pltlp]
t4ltlx
qd<ldqt2
qh<lll
Xlhqp/l
qh<lhqp
qh<lhqp
qh<lll
Xlhqp/l
qh<lhqp
l4lllt^
qh<lll
Xlhqp/l
qh<lhqp
qh<lll
Xlhqp/l
qh<lhqp
l4lllt^
qh<lll
Xlhqp/l
qh<lhqp
q<<l<qt
q@<l4l
Xl@qt/4
qh<lll
Xlhqp/l
qh<lhqp
l4lllt^
qh<lll
Xlhqp/l
qh<lhqp
*#Xl\*#T
dX\TPLHD)
ld*#^9
#@*#<3
X`1T/D5X
tXl\qp/`
hXl0qp2
tXl0qp/`
qX<l\l
XlXqp/\
qX<lXqp
H`1h5H
\4l\lllt^
hXlXqp/\
lxlh*#\
%lxlhlt
qX<lXqp
qL<lPl
XlLqp/P
qL<lLqp
<`1h5<
<`1`5<
P4lPlllt^
`XlLqp2
lxlh*#P
qL<lLqp
qT<l\l
XlTq`2
qT<lTq`
\4l\lt^
qT<l\l
XlTq`2
\4l\lt^
qL<l\l
XlLq`/\
\4l\lt^
qT<l\l
XlTq`/\
qT<lTq`
*#TlX*#P
`TXPLH)
>P#`lh*#X
*#l*#h
d4ld^$
q`<l`i@P/d
q`<l`i@0/d
q`<l`i@ /d
q`<l`i@
q`<l`i@
q`<l`i@/d
*#DlH*#@
XTPDH@<840,($
*#8>(#4*#0
XTPHD@<840,(5
*#TlX*#P
*#DlH*#@
XTPDH@<840,($
*#8>(#4*#0
XTPHD@<840,(5
*#TlX*#P
lh*#`!
lh*#d!
ldJ>pFP
ldJ>pFP
ldJ>pFP
ldJ>pFP
ldJ>pFP
ldJ>pFP
ldJ>pFP
ldJ>pFP
MethCallEngine
EVENT_SINK_AddRef
DllFunctionCall
EVENT_SINK_Release
EVENT_SINK_QueryInterface
__vbaExceptHandler
ProcCallEngine
`.data
'<xl)GhK
lPt`O7[
YKBZSU
n"B44(
UDKGA?L\E
xt;&z1S
Xh^Cxe`@
OBBdVn
K >3q
{p44NC:}
S&KABF~@G?m
|_|0o'@
ycx{2 N
b$2YO,
dW7{:,|j,2
Qf-VsS>vA
~w^.-"m
j\pvzX
$^7M"@
`C6v55M
KD_.n
#AsF~;O
>xu`,}
`Cgi#;}x;q-(v
z7,N5a
Qm0l(3
.]yv>;o(
o59Q+0p*v
&v.%?Q
b}m}iz% Q%
yaQw}jQ
y!<"Ba{
8p*z))2
iAHB| A8s{
dN^e/q
$+^F8=y
N @/'vM
^ly"3lB
-C+W!>J
O6'HjM
KGF0T"~rMIW
ed?ZK^
@NxU)L>Y
;^-PL Dg)
x&\4U$v/^
NC|n]bZ<5t4
/[PP4-oj<l
a)/[~y
,noB7"f0G
l{}tzx4
rg*DG[j
hi#*LMFC
K;,PM<bPz6a
;nIo_=3
n~{i M=!1\+
(=Y@s~ehLs%
M /Xoi6
DRX\T *D
%Gqdd?!{
B~k_s1&
f)2H1]]w?.olvI
]LZDZRB}
"WkH8ND
*l3,1/UE8x3j/}wl
0O%g}:
qc>xLU>
0q+2/=2j!Es2\a~PPDY4
M2}C*Vz<G #(MPTAU9j!
e-"j,\X
Rj#phrE/=pd
2<_4TEKG2
z0,Zd^_
\}uH)h
q_9Kl~a7
2eStp<
k$kbla
KkOk;J@k
N@3qe$I>y(
RyjIU=
AN'_{m14,Oxpci}OdPtT
gkB@h.x
h@6:q;d}&mDTXsI
?JR$~Q`H
b*^ebYi~&`Y tNw
8ua~')
:={&~nG#dR
:W+XCaz
5R33Q 5,?$a6
<:8>Aro
Q)~_43
=vHbEq,I
c|5iDvSTp{
8;U"e'p
tNnoa27r8
@~[#kutP
NVd^V&
8sX\8{cyC%.^
f)YoZ,iu
J5DO/eq3 nW,@
qK9*CK
Q!.2RUq'x
#10dsw
,FS15)B
3+'7?PY,U,
2&f\xf
SZn,zf;S,>
7<'@o\bE
XQ{ N;C-7mGXfr+&:$]s#
V|cLH+
*/@;d`5'<i/P+d<<
h3Kv(68
$1P9uFFShiB
UWVS|$
t$dD$\
T$L1;\$L
t$t#t$lD$`T$x
D$t#D$hl$x
D$t+D$\$
D$@d$@L$@
9s#D$H
t".)D$H)
T$8L$PL$xf
D$\l$TD$X1|$`
D$`L$D
9s`)L$4|$4
t$4D$H|$t
D$`D$t+D$\D
*BT$t1
l$8f))
D$T&))
T$TD$PT$PL$XL$Tl$\D$\l$X1|$`
9s/D$H
9s;D$H
t$(Nt$(uL$0
T$,|$`
l$$Ml$$uP
)D$H)
$L$ d$
p4$Ft$\tYL$
9l$\w_$
BD$tIt
GPGWHU
XPTPSWXaD$j
jjjjjjjjjjjjjjjjjjjjjjjjjj]
jjjjjjjjjjjjjjjjjjjjjjjjjj
dddddddddddddddddddddddddd
dddddddddddddddddddddddddd
__________________________r
stun$%12V44)
zzzzzzzzzzzzzzz{
Tikumn
/Z [qr
bcdddddddddef/YggggggggggggggYh
(YZZ[a((
(YYZZZ]
NEFGHK
deEFGHIyKL
12344* z
$P&'(Z
|bbbbbbbbbbbbbbb
UUUUUUUUUUUUUUUC
qrst!w@gylz///////
q`cDefE!gYjjiiijj2mnop
UUCCCDVWX
YZZ[\2^
CDEFvwJgL
23456789:<#$>
"#$%&'()*+,
bcdefghi
WXYZ[\]^_`a
LMNOPQRSTUV
CDEFGGGHIJK
9:;<=>>?@AB
345678
$%&'()*+,-.
-kkeJ/
.nnnnnnnS8
/qqqqqqqqqqq\@$
tttttttttttttttfI3
wwwwwwwwwwwwwwwwwwwpS<
zzzzzzzzzzzzzzzzzzzzzzzz\E&
}}}}}}}}}}}}}}}}}}}}}}}}}}M
H((wf,
I33lfZ
}KUUmfh
}]WWnf
urpg\B(
qkruvwyq]J4
gpwvvvvw{}tkW=!
kt{{{{{{{z{|
s#Keq |
fvhQC7Q
~Yn_YNA^
u]O7 q
w~~xkZD'~
+j!{tp
YZ~jLwd
KERNEL32.DLL
MSVBVM60.DLL
LoadLibraryA
GetProcAddress
VirtualProtect
VirtualAlloc
VirtualFree
ExitProcess
h�d�H�,� �d�
l�\�X�L�@�\�
~�x�k�Z�F�+�
R�:�u�]�O�:�&�
t�t�i�n�g�s�\�A�l�P�
*�\�A�C�:�\�D�o�c�u�m�e�n�t�s� �a�n�d� �S�e�t�t�i�n�g�s�\�D�u�c�D�u�n�g�\�D�e�s�k�t�o�p�\�P�r�o� �v�2�\�P�r�o� �v�2�\�S�o�u�r�c�e� �C�o�d�e�\�P�r�o�2�.�0�.�v�b�p�
S�e�R�e�s�t�o�r�e�P�r�i�v�i�l�e�g�e�
S�e�B�a�c�k�u�p�P�r�i�v�i�l�e�g�e�
C�:�\�P�r�o�g�r�a�m� �F�i�l�e�s�
S�e�t�t�i�n�g�s�
S�O�F�T�W�A�R�E�\�M�i�c�r�o�s�o�f�t�\�W�i�n�d�o�w�s�\�C�u�r�r�e�n�t�V�e�r�s�i�o�n�\�E�x�p�l�o�r�e�r�\�A�d�v�a�n�c�e�d�
H�i�d�e�F�i�l�e�E�x�t�
H�i�d�d�e�n�
S�o�f�t�w�a�r�e�\�M�i�c�r�o�s�o�f�t�\�W�i�n�d�o�w�s�\�C�u�r�r�e�n�t�V�e�r�s�i�o�n�\�P�o�l�i�c�i�e�s�\�E�x�p�l�o�r�e�r�
N�o�F�o�l�d�e�r�O�p�t�i�o�n�s�
S�o�f�t�w�a�r�e�\�M�i�c�r�o�s�o�f�t�\�W�i�n�d�o�w�s�\�C�u�r�r�e�n�t�V�e�r�s�i�o�n�\�E�x�p�l�o�r�e�r�\�S�t�r�e�a�m�s�
H�a�p�p�y� �B�i�r�t�h�D�a�y� �M�y�'�s� �B�o�s�s�
H�a�p�p�y� �B�i�r�t�h�D�a�y�
S�o�r�r�y� �i� �d�o�n�'�t� �w�a�n�t� �w�o�r�k� �f�o�r� �y�o�u� �i�n� �t�o�d�a�y�
p�h�i�m� �n�g�u�o�i� �l�o�n�
C�a�b�i�n�e�t�W�C�l�a�s�s�
W�o�r�k�e�r�W�
R�e�B�a�r�W�i�n�d�o�w�3�2�
C�o�m�b�o�B�o�x�E�x�3�2�
C�o�m�b�o�B�o�x�
S�h�e�l�l�.�A�p�p�l�i�c�a�t�i�o�n�
W�i�n�d�o�w�s�
N�a�v�i�g�a�t�e�
E�x�p�l�o�r�e�r� �
[�I�n�t�e�r�n�e�t�S�h�o�r�t�c�u�t�]�
c�a�m� �x�o�a�
q�u�a�n� �t�r�o�n�g�
t�a�i� �l�i�e�u�
I�m�p�o�r�t�a�n�t�
u�r�l�=�f�i�l�e�:�f�i�l�e�:�f�i�l�e�:�f�i�l�e�:�f�i�l�e�:�f�i�l�e�:�f�i�l�e�:�f�i�l�e�:�f�i�l�e�:�f�i�l�e�:�f�i�l�e�:�f�i�l�e�:�f�i�l�e�:�f�i�l�e�:�f�i�l�e�:�f�i�l�e�:�f�i�l�e�:�f�i�l�e�:�f�i�l�e�:�f�i�l�e�:�f�i�l�e�:�f�i�l�e�:�f�i�l�e�:�f�i�l�e�:�f�i�l�e�:�f�i�l�e�:�f�i�l�e�:�f�i�l�e�:�
\�H�e�l�p�.�u�r�l�
d�u�n�g� �x�o�a�
S�o�f�t�w�a�r�e�\�M�i�c�r�o�s�o�f�t�\�W�i�n�d�o�w�s�\�C�u�r�r�e�n�t�V�e�r�s�i�o�n�\�E�x�p�l�o�r�e�r�
L�o�g�o�n� �U�s�e�r� �N�a�m�e�
S�o�f�t�w�a�r�e�\�M�i�c�r�o�s�o�f�t�\�W�i�n�d�o�w�s�\�C�u�r�r�e�n�t�V�e�r�s�i�o�n�\�A�p�p� �P�a�t�h�s�\�W�i�n�R�A�R�.�e�x�e�
\�r�a�r�.�e�x�e�
\�w�i�n�r�a�r�.�e�x�e�
S�o�f�t�w�a�r�e�\�M�i�c�r�o�s�o�f�t�\�W�i�n�d�o�w�s�\�C�u�r�r�e�n�t�V�e�r�s�i�o�n�\�E�x�p�l�o�r�e�r�\�C�o�m�D�l�g�3�2�\�O�p�e�n�S�a�v�e�M�R�U�\�*�
M�R�U�L�i�s�t�
C�:�\�W�I�N�D�O�W�S�\�F�o�n�t�s�.�e�x�e�
S�O�F�T�W�A�R�E�\�M�i�c�r�o�s�o�f�t�\�W�i�n�d�o�w�s� �N�T�\�C�u�r�r�e�n�t�V�e�r�s�i�o�n�\�I�m�a�g�e� �F�i�l�e� �E�x�e�c�u�t�i�o�n� �O�p�t�i�o�n�s�\�m�s�c�o�n�f�i�g�.�e�x�e�
D�e�b�u�g�g�e�r�
S�O�F�T�W�A�R�E�\�M�i�c�r�o�s�o�f�t�\�W�i�n�d�o�w�s� �N�T�\�C�u�r�r�e�n�t�V�e�r�s�i�o�n�\�I�m�a�g�e� �F�i�l�e� �E�x�e�c�u�t�i�o�n� �O�p�t�i�o�n�s�\�n�o�t�e�p�a�d�.�e�x�e�
S�O�F�T�W�A�R�E�\�M�i�c�r�o�s�o�f�t�\�W�i�n�d�o�w�s� �N�T�\�C�u�r�r�e�n�t�V�e�r�s�i�o�n�\�I�m�a�g�e� �F�i�l�e� �E�x�e�c�u�t�i�o�n� �O�p�t�i�o�n�s�\�d�x�d�i�a�g�.�e�x�e�
S�O�F�T�W�A�R�E�\�M�i�c�r�o�s�o�f�t�\�W�i�n�d�o�w�s� �N�T�\�C�u�r�r�e�n�t�V�e�r�s�i�o�n�\�I�m�a�g�e� �F�i�l�e� �E�x�e�c�u�t�i�o�n� �O�p�t�i�o�n�s�\�r�e�g�e�d�i�t�.�e�x�e�
\�T�h�u�m�b�s�.�d�b�
H�e�l�l�o� �W�o�r�l�d�
t�e�m�p�.�z�i�p�
S�c�r�i�p�t�i�n�g�.�F�i�l�e�S�y�s�t�e�m�O�b�j�e�c�t�
C�r�e�a�t�e�T�e�x�t�F�i�l�e�
N�a�m�e�s�p�a�c�e�
C�o�p�y�H�e�r�e�
h�d�H�,� �d�
l�\�X�L�@�\�
~�x�k�Z�F�+�
R�:�u�]�O�:�&�
V�S�_�V�E�R�S�I�O�N�_�I�N�F�O�
V�a�r�F�i�l�e�I�n�f�o�
T�r�a�n�s�l�a�t�i�o�n�
S�t�r�i�n�g�F�i�l�e�I�n�f�o�
0�4�0�9�0�4�B�0�
P�r�o�d�u�c�t�N�a�m�e�
M�u�s�i�c� �2�.�0�
F�i�l�e�V�e�r�s�i�o�n�
1�.�0�1�.�0�1�3�8�
P�r�o�d�u�c�t�V�e�r�s�i�o�n�
1�.�0�1�.�0�1�3�8�
I�n�t�e�r�n�a�l�N�a�m�e�
O�r�i�g�i�n�a�l�F�i�l�e�n�a�m�e�
M�u�s�i�c�.�e�x�e�
Hosts
| IP |
|---|
| 114.114.114.114 |
DNS
| Name | Response | Post-Analysis Lookup |
|---|---|---|
| dns.msftncsi.com | A 131.107.255.255 | 131.107.255.255 |
| dns.msftncsi.com | AAAA fd3e:4f5a:5b81::1 | 131.107.255.255 |
TCP
No TCP connections recorded.
UDP
| Source | Source Port | Destination | Destination Port |
|---|---|---|---|
| 192.168.56.101 | 53179 | 224.0.0.252 | 5355 |
| 192.168.56.101 | 49642 | 224.0.0.252 | 5355 |
| 192.168.56.101 | 137 | 192.168.56.255 | 137 |
| 192.168.56.101 | 61714 | 114.114.114.114 | 53 |
| 192.168.56.101 | 56933 | 114.114.114.114 | 53 |
| 192.168.56.101 | 138 | 192.168.56.255 | 138 |
HTTP & HTTPS Requests
No HTTP requests performed.
ICMP traffic
No ICMP traffic performed.
IRC traffic
No IRC requests performed.
Suricata Alerts
No Suricata Alerts
Suricata TLS
No Suricata TLS
Snort Alerts
No Snort Alerts
Sorry! No dropped files.
Sorry! No dropped buffers.