1.3
低危
61 个模型检测该样本为恶意!
重新分析
更多

143c8155a336426ac695dff2d15dea11f8b0b069ddff1f62efc45daee10036cc

143c8155a336426ac695dff2d15dea11f8b0b069ddff1f62efc45daee10036cc.exe

分析耗时

193s

最近分析

368天前

文件大小

82.8KB
静态报毒 动态报毒 CVE FAMILY METATYPE PLATFORM TYPE UNKNOWN WIN32 TROJAN WORM PICSYS
鹰眼引擎
DACN 0.12
FACILE 1.00
IMCLNet 0.81
MFGraph 0.00
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
Alibaba None 20190527 0.3.0.5
Avast Win32:Picsys-C@UPX [Wrm] 20191125 18.4.3895.0
Baidu Win32.Worm.Picsys.a 20190318 1.0.0.2
CrowdStrike win/malicious_confidence_100% (D) 20190702 1.0
Kingsoft None 20191125 2013.8.14.323
McAfee W32/Picsys.worm.c 20191125 6.0.6.653
Tencent Worm.Win32.Picsys.a 20191125 1.0.0.1
静态指标
行为判定
动态指标
该二进制文件可能包含加密或压缩数据,表明使用了打包工具 (2 个事件)
section {'name': 'UPX1', 'virtual_address': '0x00057000', 'virtual_size': '0x0000f000', 'size_of_data': '0x0000ec00', 'entropy': 7.9075039579713575} entropy 7.9075039579713575 description 发现高熵的节
entropy 0.9833333333333333 description 此PE文件的整体熵值较高
可执行文件使用UPX压缩 (2 个事件)
section UPX0 description 节名称指示UPX
section UPX1 description 节名称指示UPX
网络通信
与未执行 DNS 查询的主机进行通信 (1 个事件)
host 114.114.114.114
文件已被 VirusTotal 上 61 个反病毒引擎识别为恶意 (50 out of 61 个事件)
ALYac Generic.Malware.G!hidp2p!prng.4205B45F
APEX Malicious
AVG Win32:Picsys-C@UPX [Wrm]
Acronis suspicious
Ad-Aware Generic.Malware.G!hidp2p!prng.4205B45F
AhnLab-V3 Worm/Win32.Picsys.R7826
Arcabit Generic.Malware.G!hidp2p!prng.4205B45F
Avast Win32:Picsys-C@UPX [Wrm]
Avira DR/Delphi.Gen
Baidu Win32.Worm.Picsys.a
BitDefender Generic.Malware.G!hidp2p!prng.4205B45F
BitDefenderTheta AI:Packer.B927EAE619
Bkav W32.BlackduA.Worm
CAT-QuickHeal Trojan.Agent
CMC P2P-Worm.Win32.Picsys!O
ClamAV Win.Worm.Picsys-6804092-0
Comodo Worm.Win32.Picsys.C@1zj8
CrowdStrike win/malicious_confidence_100% (D)
Cybereason malicious.3ee63c
Cylance Unsafe
Cyren W32/Picsys.PYSN-0191
DrWeb Win32.HLLW.Morpheus.3
ESET-NOD32 Win32/Picsys.C
Emsisoft Generic.Malware.G!hidp2p!prng.4205B45F (B)
Endgame malicious (moderate confidence)
F-Prot W32/Picsys
F-Secure Dropper.DR/Delphi.Gen
FireEye Generic.mg.6e9a0dd3ee63c64e
Fortinet W32/Generic.AC.1B!tr
GData Generic.Malware.G!hidp2p!prng.4205B45F
Ikarus Worm.Win32.Picsys
Invincea heuristic
Jiangmin Worm/Picsys.a
K7AntiVirus Trojan ( 00500e151 )
K7GW Trojan ( 00500e151 )
Kaspersky P2P-Worm.Win32.Picsys.c
MAX malware (ai score=81)
Malwarebytes Worm.Agent
MaxSecure Worm.W32.Picsys.C
McAfee W32/Picsys.worm.c
McAfee-GW-Edition BehavesLike.Win32.Backdoor.mc
MicroWorld-eScan Generic.Malware.G!hidp2p!prng.4205B45F
Microsoft Worm:Win32/Picsys.C
NANO-Antivirus Trojan.Win32.Sock4Proxy.cqkksp
Qihoo-360 Worm.Win32.Picsys.A
Rising Backdoor.Agent!1.663A (CLASSIC)
SUPERAntiSpyware Trojan.Agent/Gen-Picsys
SentinelOne DFI - Malicious PE
Sophos W32/Picsys-C
Symantec W32.HLLW.Yoof
可视化分析
二进制图像
数据导入图像 288x288
数据导入图像 224x224
数据导入图像 192x192
数据导入图像 160x160
数据导入图像 128x128
数据导入图像 96x96
数据导入图像 64x64
数据导入图像 32x32
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

1992-06-20 06:22:17

PE Imphash

359d89624a26d1e756c3e9d6782d6eb0

Sections

Name Virtual Address Virtual Size Size of Raw Data Entropy
UPX0 0x00001000 0x00056000 0x00000000 0.0
UPX1 0x00057000 0x0000f000 0x0000ec00 7.9075039579713575
.rsrc 0x00066000 0x00001000 0x00000400 2.791128521214198

Resources

Name Offset Size Language Sub-language File type
RT_STRING 0x00051958 0x000002a0 LANG_NEUTRAL SUBLANG_NEUTRAL None
RT_STRING 0x00051958 0x000002a0 LANG_NEUTRAL SUBLANG_NEUTRAL None
RT_STRING 0x00051958 0x000002a0 LANG_NEUTRAL SUBLANG_NEUTRAL None
RT_STRING 0x00051958 0x000002a0 LANG_NEUTRAL SUBLANG_NEUTRAL None
RT_STRING 0x00051958 0x000002a0 LANG_NEUTRAL SUBLANG_NEUTRAL None
RT_RCDATA 0x00063808 0x00000050 LANG_NEUTRAL SUBLANG_NEUTRAL None
RT_RCDATA 0x00063808 0x00000050 LANG_NEUTRAL SUBLANG_NEUTRAL None
RT_RCDATA 0x00063808 0x00000050 LANG_NEUTRAL SUBLANG_NEUTRAL None

Imports

Library KERNEL32.DLL:
0x466254 LoadLibraryA
0x466258 GetProcAddress
0x46625c ExitProcess
Library advapi32.dll:
0x466264 RegOpenKeyA
Library oleaut32.dll:
0x46626c SysFreeString
Library user32.dll:
0x466274 CharNextA
L!This program must be run under Win32
StringX
TObject%HD
dA0,(dA
rrTlr'hd
4Z]_Zts^2O
;aV{;t#
+WSXc;
t:s+An#4
y]Kni3;
vtPFHFML>5
+[:>GU
<HEx` 8S(@NC&
d2d"h'5
}7&-]S%
c3GJ/xr
%|JW6XJl7
+]rgbU
c;7~7+
M]H`T.
{ ,!tyT2
lDrp
+v6aH;=
pu,zPU`<
"]i]L-c}
zovj|Sg
9,vH.u!
?W[a,DE}
3YAt0t
WT:02[?
o!t1|9
< v/;"
8+;"up[a
w`-dAKg)0
<_EP3Gk<f
_k/Nmu
;Y&jV@
r4ELg`Zu{^\H
'vw6#|@!
W`R ZHQ69sk
&wc]ThhX+jd<gd[
4C=Br/
G8^7GK6
t>-tb
+t_$+xtZXtU0'>
DFw){-i}
~ExC[)A ;
*tAvar L0
Y12[g6
[1OH}DD
@C#m#
4.7@v:k
&DK_n2xHW
@aQYR@
b@"E@|oe@p+
BkU'9p|B0<RBM~QC/j\
Cv)/&D
dEJzEb
9;5Sc=];Z T7aZ%]g']
R`%uYnb
_PS5[ !A
AW{4h:Am\M
>Uhi20d E
C5@2dY
TOfpvT+
lOFTWARE\Borland\Delp~\RTL[
FPUMaValue6-9
9jK8Qb
uoVt6Vv<q!_~E!
fiYRjZjX)@tG
f}P6X^^
a;%~R5|
5l[%,y
#"4?P]Xp
RZ.;;
v).w U5
X;4zd,Y
l]u(h64R
(.u*5RNc
9Zd$,_
t=-oo."
/'=t&,*
?tq1(5
Q4pZ1P0,
Rn|t1S}h
5]_4V|K0nx]
f*+8:V
[$4V@Oa^
|BX"S-
\mBp-xX
~~:)~$Pt
!(Y6J4
}(VE<p#g{
JZ1!R:
Z).Cum/-Rf;0
Dk9:;//*
?OPyEV
oOEpq P7
JZXA$C
8t2SCn6,#
&I:H@W[yB0tX-o
lo}<v<
v,`[2B
>:2ld4Uf
*[1C9w
,K3A{JI'
{-Qu+P8V
m6.h{u
E)[Es$6C.
e`;>UF
cLtu*f
PV2e6{
+HP)^@_(.
?@Y6@pVY&
\kernel32.dllWGetLongPathNameA
l";H+bQaG;`g+J
jV4jxtd
5zjQof1
twareQcalesA+s
gml1h(
;Ufk#Z
V.*hGp-`dPDm
S0.J4?
m\b&d?,\
+KM<K MW <
3AP$#y HP$
Exceptim
gTPB$qEHeapZ
EOutOfMem%CyKvIX
EIn]Err[
t\ CBpWpBQ
EDivByZeroB Range#
6rInverflow4Tc
B cYe<UW<U6Xk`k
({UXW#^
_-M?PoinHV[
[Casto[$C
EC%i@^d<
EAcssVla"+`W`W.x
oStack
XolBtjlCklW
Fand(Y_+
fd(9;8[
D oSafecal
SysU"ls
$OZ,b3t
Bo3j3Ef
wV_$+X#
U?~(\>
_[KHWV
AlPO!>P[^_3
/0o/t!F<U
'lJ4<
Sp]64D
<%6Ju+E]}Q
}(_BMpZYN~vMD<*t"<0r9w9i
Xkot|'
9`]6Mi`
,FcW0vQp
?uvWr:
fVO_P+;"
NtyM=o0_
=t~U}&
%&;|C0
F8}l`},
9uX^`=
M/c/).
DU.U7}n-]cg:s
Ic\@}B-ol
5-\zINFN
o)E]UJ
*Y/aHCTIt
m%ZT[YC
*$u_{(
Dw<D*Lm
|)A->
d69>{U3Q
c(o`CDHX`Ye,U"XG8C
|@`K1Y
_%9zp$$
'=XejK
6bAYwv
P!/>%A
Lp_5VR
|p/p;~^,Hm\
+2]&\m
CYGl!T{n{n/
a\=T8^
OY|jEal
L$H3X|
PPX;<=<o5
UD%tQ_
Fr,Z;&Z
Hk+F-97
aLGfLts_D[W
|Xs0fr
d1YSU
<HtHU3t7G5(
*LFO-Q
zVc0xZC
snuH>^
zH3j)SS
B|o3vF
$$Rp-Z
sxur\8Z4
=7;S4p
%MFWhaJf%<`]
PaBLN(NhN|
'"g_"3
hL^;41
o0}Wn9
6+Hu.jJL{
.?~iX
221`st
<?(.@3
dmH>#AK
pKhoNe#
+DiskFreeSpaceExAxT
p|4M5t
lxd4]$\
0TM5]L
<4M44,T$4MD
Ml4M5@l|
;xffXVi
b|An/xtt
,f{Ap#
lfn h/Hd
RJHfwdod
!G>30YS
L2D@84
s@x*`dd
on cu
/\(somyrape).mpg.exe
{ear-ld webc
"tpifOSlay stl
 emuo1c
_X pro }/ger{("K
f]oepoJ
nk@"JpUnZR
&inYF''jje- x
} nurSVc}
3noth b-
us vic"f
^/d 6}3!'.nikki]ovaD"` huHD
kMjob6o
K1Sutr
pk6KY3BV MZCZ1WW+I@
[`eAbB
[kYop*cbbyk
i3uckfk*ZL
2F3 gMh]Uwx
vtuamcB
L@.6o(
13)#OLn/*MSN
-Z;wNd
w0`#-_m^
r7&v3lg iF0:
h4wKUffNwq
-%up>?
([Website2LM:fA
`1wtu~Uf
;u!<guy
BTY[sD
CD KC_+GICQ[HF
TA 3bvk8Gr"=fau^:
$D1C9j5p
a3Gm]Le
C()rN1y
V/M4vmt\
;gMdG;
9;pan?u
Dbt6A.
7!e"7d
g(zip/aim-H
gW@hAIM
01FZodC
5 tA %
/6kHsib 6d/g
sKQxdIPUn,`
?]X3w20
aHbu2N/.csCl
x)?CaG$a.[f?
R/7$CaBs
M?$c%4
REEYl2%aaZ/%l?!b+
)w2s_a
77eaNp",
1J!+C)|1?6
(V=m!6)W)ZW9i2
!P+Rn0:*
Og2`@%cA{h_Bo\0,3f
Uh`'sB02dQ@t
:nP8rf
6]c2d*Mbn
-dr&mz#
;m1G3m/=
Ln=l-ero
t#5:T+[sV1bqslu\h
weehay8`aMh&FtkU^5
!C.os^b!
]5gg'5bmX
6gq8qpkn-,
~xXq8EW8eeGL?j-
wYp-cLpl
Yk7w-MjsR#
>G+Ehq-pp@.Zpsy
c`lho|ipmCeB
oG9|eA&L1pGe
$Fr'4p43d;p_6
a7alp D
fxSo6ky-3fMpE
rbl1|;a
K.9=tZsguPxpV
utE0jH
L];P!xua
C6o7#mj-mR
pyhn@eHiiaAsDz&-t
B0wN0&
kyxZCz
s4po=0
j2+`hhsW/
Ecu`4`ndr!
Gs6H,Od\!%
a7"h(9x0;1.q"`YnJ(
i0enb+KI
iBcC\Spr
F$,;`>$4p3J0m"t?0hy
Ff2-a+
mroxwx!
; etJHH/0`'kiE
V /A$`v.x0tu}!
<pb31
+xb$l33W L!
`y>M-!
uec=pPt!zEac4C"Ex
85r[BIzRr
\,fadra0Bk
C#!;ph.
uAzjdo7sef1
!eIW7om=
8>H?`V
u1@$n*p`cV%6{ !aJb
%![pM:c
)$`by^
C1HOyz
hgL66u!`z
9]D56$
*MR-acya Vc
L_Tsa-#d-;N*
u3`5mKa
bnkqh`
C4wc;-+zyhH4E'
a\H9:d(b{2
79RUlley
:Hqx%W{
^djNtB]
g:f]mz
r$fbq-0bu
5P8=l8Dn/
^7_\C"
0z<}G5!Nd{/zBY!hcz=0,
,ChJvjpb,`
cZjIpl2S%
%cd80k
X$4d3*CiY
>WQ)+-X
r2y.7'6a
)d\ajh
|pdwg&,B(
tvaa7Y2
"_[1n|2,
u%T%_dX`6-XU
, C]"Bi
shZJ:T
FssNaC^
N$q-JX
lLX7iGQx
3%K+U<^
sZ`'98G
svw.7bIIp-iv
&-eRBPj4HD+zp{t)Ih
{BdK`50ae3
!7kA|+s
#x9seEbRy
#%5kyGe/!%c)+)WHpE\
SJY^Jjqj
LZRVbw
YWT=yJx
K[C@.~_KD
35i*VFmyS
0+tMICp'
1{YK]R
)pJ2y+5%L
\BMw,ew
Rk,@W}e
2Jt..[
%ef)aR/!
-O.&Dc
kso58Pt
J5glv>B
@O~Pe'
^!(^dcF
ov(+9ZKq X'qu,
nBb&+`D
%5mH&Ly!x)#CWu(2,
X`Pyi
!s[YA
#Ha\(%kh`,*$gRSj*L
YAasMg\;otAk
`YS9%M(
rH+(p ,
cBIF;%`N[#&
2/+i& ja
x37a2An
xw=lgos!o
;0I6VF^5X(K$
cqB,<jteQ
,'+,&2temdU
~D+!&%C
p`!cFS
lb;L)h
WUck_ y]Fup
wZlspH_f>
fmQa3<
%DkxL
*t"Y>0$y
|r-`F$\z
(aa 3oB#+[^K
.!+2M 2
8iHCk1
7E!HHEg2
Nji?%+\2&
0B5XRgw
!_"-2g46H
X8f Vs
DNsG!N1
+#E|HID
j!w}]
r[h/J
026fdyu
rd,ika`
H-$NS;
FzV.I8
tQbITj
BW#f`*<s9S
zD7x4j
6UGnjK(GL
xcfe U/a@$
k;\Z\CrVDap
:8+S9!c
^7)9{X
lhWH~<
<A{2wg
0,%d6}r$
ZEzGlq(
TwB.Ah
AP~Setup8, %
Kazaa
j45:3r98
6789ABCDEF
$,4ii<DLT\idlt|iiiMl
rr<UHV 'O
pRYMg|
i(Di:i
8Xp4M@
iiD`xi
$d,0tntn
6M,<|,,Yl8xie
iM(XM,4`
ef TMtO
h6M6$;
iDt O,
0\l T4M '
0g?NwMGIt
{/;MAv
LNN4947{3
<3kM{!
&T?,[N
uF-i/a
tq7Lwd
afolg!
fJOn+a[\iF
l,}utt
Ax`i9nl3cfhi
Euesup
o?/}/e
}k-a6=Cem
Xl7o%)
b<FrE
cysGv}l)
doi.}p
t1$Jx8M09
%"uh{tP
mWQbwpz
) s-CR
w=IayIg
SooSyen-
ad+i5D%
nq7`<Ycp+
7program Lbe run/
?Win32
$7CPEL
7ilt(i
6C/ODE
h'BSSvdy
j.idat>
'l@tls5
@Peloc
x'0=sr&'
dA@<8dA
!@ ?U5@ ?
lC v8SbS$Bc
_%?q;k
N \Tc
Lxc9
O c/yP
DWs`C0&r
>9cf0!Ga
`y%A@c
@8c1y#
'Ac(I
rA$$A@:J> chv
dJc_2$
`Ghx1QA[
WaSWK7
()At)$)>|(
3I5c$*,
| i|d"X[J>r;p
?;stv)P##J
CDU]wc
#>@Xs@-$)>Qrb
@@7\ g
0r 900&+wZ2
'H91OX
@^5-@fWF
6($_P'v
L8l$(,
@N$W '
@[,5O>
@41[N>$v
#G@O;!
9|{nu"
~!_~u_IYJ/$6
9himkWw
Hw;1$?_B
]g[>@1S
V8>OW4
#HOU*p
:,TqBI\
B_l@ts@$#
@ydo^
@+nGV~o
2 TPL2 HD@
20,(Id$3i
QWi $SQRXNr0Jc
2xtplr hE\
6AC *0[{
@H8Ev
/yIEGHa
G8}WK3$
N4V*KqbErMg
vMcHi&#
! RL3
&Iw2R!r
Mw'tO.
?8!ZF
gV,XP
F)=pzP
@b(s76f
b_%P)D
(h;gq#'Pa
Pe%*p@x
9 fRB-)FW!9
1YhHY*
@HtJU'|/\
=PIj2-#
@8UpZj@UV{N
RG#C22!7p
fAC[h<>e
v: 1.31
Se0}rpath
OS type
directRy
dos*Ox
%urtim:
Driv-`a
[ (Siz^
82-*|#
JV;oXPmou
od.]s:S
3^Z$\'
k8'fFg
.<'$si<
5+jglfG
-#.EfzkEj,\f
>tV<<Q
C{rh`R
uc$h<9
GET /cgi-b/w.
d@&?AB
F HTTP/
%4SHost*_
s-Agen
(nx/7.5
aSm}{0
:&<e9)hpdG
P{bz883
b)r5(eS
g-\V0u
"<*D5G
)h+N<h
=l9'ThS]
fc90h\T
GV_J]BN][
l)!Ia;pXq9
yh>su(`qk
='%H@V#K
"ht2SL
m{Pk<p6
W3A@&i
wNK2PW}#
f>9Y>O8
HtTcc.
Z0^NR;
A7OMl
=,&VSR
'dvKERNEL
DLLReg&:D
icePro
RC0xFF0BH`
7\mZexc'krn
lf|H!i
*8HiTbx,i
4M".J\lM4Mx
v4M4tn
"8M4MJ^n~0M4u'MW
Rdvn4Ml
YcalSu
G*'kThH$Id
6A-S[pj?{foA
9'L/XP*OG
_Lin:L
E{a3Ex
E-Of<Afxvtl@wi
dHk[GL{
u35w-|Keybo
d9Mage
[Box9r2xt
e7hJpi9GQuJybE,
o{aut?Fvg1STls8[
ofsourc
2$4NpH{
{@E9opy
47Trsl
UacYZ
tE0ar Isb
>WSACn
AsyncS
c2CCv|4n
r7v1oh
JbiIwI;YhS
{![/G_K
KANS
-b -%o!T/i
olPu=7RichI
'Td`^-
|v<Wn@(
{d@.&%|
3*oLUN&9}
jn4xP39U
}$0/tPA%
BP;-|WE
U"YR[7C
nwY~^3
8@b(II
N,RF0+
c0^zW/
^1^,2p
XSv,WMFTq
|GtKxj
Yt;3w,39YFj
syBUCW3.
Ni|M@6S
kaVh-p4
n<Nj,(9j
y[p].W]c
7'j/z7wuona
UmP8=?Emh#
U9eZnJ
YfhX/fm
UM|[yFY;)m
^E/LD&
lpJ}LR
bGewD@3p$DGD
p%}]hP
P4#i:k4
g7/Zp~
uHU$(?S
l5E\|$
Y^(2;J
a%KkL1$
6nap[dY;
F[(Di5
`FA0=j
VCEtn^
3j>=B0pa
sr-^Tt
#JQm:>_s
@K"ZF=
eWSn$:
HB3 u4_v
r)$h#_
ug#F!G?Mu
D<4_4,$
NaoXOVKw
(<%0[s
B7bVEd
8t68t't
FRlGA&#p
ngniMv
k/4TXi
kl_<hhh
a[5"s^h
C|GWh(
jhGL<Pu
ifUcQ6@
CH;rWu
p7SUH6(
/V[X pe
sN)0)Qw
^;^}%95AFzL~
QWy+AD
GEA7 VQB
Mxvk-j
FQy?m5F, ZH
(KLT^t
jWfdb{od%
U6?2pJzO
FtdPXqKP
{x`,!>\8@f
v[,V-qv
"nKSd+!
@/$Y%U@r
x,lePp[
X5x [ss
WY_6]l{`W
P,=K-QA
u+u!9$
@>;vbn
!mLRIrJ
{&(,QC2
[(4d(+BK,
e~< ~
x[i[.|s
uYn$s{
J-]:D7
t)f?\XMv
fj d_[
HN$a }+
hA[bfj
E0\3K@d4xt*A
WZKC|N$
(Bw<GwHn ^
V,v7Vo{
F_&{[J
zP`NCu
LJOI;\[
NY'>__;SL>!\
NKYKA&YYY\
)YK6\3
!OGZs9
u{X,jKYKK<L\
4,a9<$<
YKe6p7WlI2Pntl
(08@r|DdP=
FuoWWGShH0
4</ s.u$
R8gtfa
}s{tVdgtvu
AFJ"gB^iI
6Ff@$`
WtgB>+s
aneWP32
U-En:
0W*lG$H
t-[pTyHHt
,*uD,P#X-R
4a.|GG'w
%':0G3
7lo@@!
lK<2^)
"g:`v*G
t3V`$,Bt
^lk$ Y]
-:)GQ_aWC
#5]'<+/@
|kXRPW)
oWp9g~
'A^'Mf.B%
\5m]Y+jQR
fE-N~!
.> -bA
00ww:;
FKd9#=
~X>uFX^=
9N=>=C~
`,92n
@~DUtJA0hy,"]S[A6
pPjh|J5,
.$t(4v.
hcF5ZER'
YVC20XC0
ek>!s{
ltEVUk
]^ZroA
3x<%!F
`=A8t
b[I"UU
7UuDhG
Y/'$PV5
@"t)h%
k-PH+Jf(
"\J3@,
@X@P{!0
zpI!-?p&33u
4;2l]#
VS's#Lt<%J`Ht
Bn+@jfS
dgh<94
|9=g}VL
^F?kC;|`#
@*whqu!h2
'hl,[&k0
V@VU];,
XCd$z2
hVtc<Q
fXy3[JV
2)_{u-
/Opd [3A::
_uu{Uc0
WQOS}vM&QM[i
:Gt~I:[
BCYP)C8-[jZm
8Lf@8pyYs
+;as)[-
)v-+I|
mU5YAFI
6,663i
)=sQV|
c Ap,|
"2 CQI3$W*
V+rKbq~X
NL`%3o*nP-;n_
n3XW2H
tt0B=td
b1Vw!@%d
@V|yaOR
c}e}5Pv_;P
|7SWUU
BuMPBBBY_[j
3'z]=\
)ttwsc
;Y5.'G8t,A<
vWNAZ '&
.EK997t2
V2y{i{It
~]VGk<E(u
#o@>@<FT-
<Z)?Eu7f
oQn53TG
nJF;s|,"9
?-h@rf
|0t$j6
d^jIS\
:==6V,
x @L4MXlM4M
*8FTiib~,
,M4MBRb~uM4
(6HTfilx{
(8PXu
)(null
CTLOSS
SING_~@
R60pE28
R-pSf7'7U[e
lowi8e 07
S6std55
A<pdvbA3c#
(_nS4_*ex\/Xv^
W#70$mt
@n!rm{t
Q.+8<Sargu(s_02EAfnu`O:
ADembm=
gneAil'
g_WSKG{{C7yC?;3{n#
C;7{/'#
TSOCK}
CT!trl
z%2@aSjPa{;be
gZlK-zxf
W.e;/ToMBy
NHTO5R
7aP9|IP
f[Buff
d^yh H "E
/html9
^,>:</
#hCm>Tnns`
'%s'1.#r.(
404 Nkh-s
a[9n?A
7200k\o@_bMX
>I /2..2;4h
pOBfTp:tps:Z
lW_Y{l
8(;C6P
"@Kj@D:
^__j2J91~@4r
0,4M($
iii/ii
xpd\iPD@<4
X/A/cpe'kST[PD?$v
PROG[`
F_8ib[&
`e=O!s.hV<
Impla4Vl
cpxBase
[CLS:CS`
DLG:IDD_CHOEPAE*(Exf
U.S.))1b
@Ddb=7
1=V(C_TY.D,f%,1342373892~`FILE$1772%J
L3PWD1@
!CRbO:
t(x1u,
'_hX*z$`
BeP&5;
DG*oaQ
nwd}"M
]hLn_[>*N
0$hZ\6;{n8sj
SZwDnQZ
J4{ION
I^Mg;|
? Wqv2
PHBV'c
Z9:)V="
|t>6in
8[kPlf
|.jhdA
-^<37Y
O=o#[w
$UL2 (e~
v*B?42/tc
(Gudwhoise'
3QicHu
lysri-a
@Ef+953@
LiE/-i@udFr! mt
P7boo:f67]8,
rje""7N@Ej
l0Ck?8Y*K
0ul_port
(sO%jVcx)=[
'ID/X*h-,
Ek*f!lZ<-a\9!l\
fG6e1!a
p_W~s4A
s`<LhP
e&y520oN<
Gr%30fn>rpc!nfen!ML1chEve
MITk&Dwsk2F%
:-rgQ'
Guu4}I
IKkP4/PNTQi
>P^nixiie
/M4M4M=T
M0:DT8*Y+8K0Ew?k4
;sFYAGG
+KqMYAl)O
+MCV@.YC
emcpy5k"
CRT#'(
1109pF
`9142a
45p%C497s
Ry0)d#85:V-
ad3R/!Ey
(^l>i/a
ePJFa!`
cd,aQquqdQq
o`^Dd4Nsao
`V6B'w
KERNEL32.DLL
advapi32.dll
oleaut32.dll
user32.dll
LoadLibraryA
GetProcAddress
ExitProcess
RegOpenKeyA
SysFreeString
CharNextA
r +0j%[6dK
*A{#v?
y2VAas^Gm4pI&/U
zkqfn
pQ_*i:<{|
Co<3^|
2~| !V;
KQ*QTk
_Lhw ;&
cjJ,5=U'7
z>CJ35
H-u3n]E
XUcSwn6Z
,EON);Z
E`;{3Rk-5`
I3#MmXt
bQ-+I(d
&xTuaHCp$L[nDG
BnPn6Nv
ljK5[5S6
+e4_y1
i9e!JE
vk2",L"
!Xc=Z}#
~L/q}C
ww}T(C
Jy]Mv4
&QhBM}zu
]UtOG3O
"s[wdnd
c{`~[
9mx\l?2
As)F?a8
hoj3BlS0(/!Z
,A*7)X
S!jmm5?5cHpv(fjz
-nzUJN)
XkO^Q{^C
=c>:MyySx58C
Q&u['
ub OV
>~K(pbw
0);Dcf
IS8Lj`SGnNc
v M;Mb^?x`J
+hL_q.
%./DPC9X
mzl&01
QZ7}FS
,rvugn
1{sN)c"
-G)u@uw
9Kj zRBt
%v6XT1
/4Ao;TL[fX
Tv+7E}
kp8>P
X_h/&\$
URT]f#A
lq9RbG
m]f),'97
Of>[U4q
nP>o&Kg
I ,XS)v
Oo;AC:
g,p.pG
?)<&K).K}
&e(D&\T(]QNrr
T5Z0Vz@z-A??@R
54/l iy
Z&7D@[nc
t29Ke2
.4(Wa8Pu%
w""$kl
v)~v8&DfK5]
eL{6;Z>HRSL
jsl9Ui)&7M*[-a
/I*3h^JtK>
l^dv/ne
%27R^w8
d?C<N&
R{cyG!
Ea3W0=$
m\-:1-h6<
FV,gdrNh
fP2ue5
Lrw{~}$0
C9Ekv2.J
+GE+xgXh
4wA]7!1
f(0NKN>.[WkUk
B<$#d=2
>vE,DI
{!/)=5z
908ToLy?rl
v3EUDH
nBnL/4W-'
w6aqiu
!44/lA
cR2s*
M#ArYe
evAnjif
rg8i]sWY+iE
',+Fr]y_7a:
\of9DQ"
4W'#[?U"
8V9C nOOZ<
ZTmJ"aqD^cP#n?MY
")]yM#
aTX~KgkUS
Tu~ZLX
kpOZl_j
!N.<k\uWp@
`Yv*J<M
7hBRxo%yztv
Fd.>J7\
\i]'"m'
Fs$Q0zM_p++
@>F\M9
V0HueK
bkML$C<Z
1Z)ctjvb\{
YPoNbk9
^Jou+H(-3
-&.3R]Y
"|>hM?9w/<}"}T&QG
JyS_b@B?eD?R
kU`RKK]6@p_Z
.+C".(
`j(;w["8
'|)XuCM9^uH
KjrwTZ,
4'}t(#cxmR
l5Hg{G2
/&:ni8
4(Dc[)
B+-:/e.-TDo
<1_ChR}
y|=gR{su_XD/)x
k:iFf_a%
_w=@Pu\=J
S:En~\>ir'Vv"W
V!Qxl9+`o6'
&HOn7N@j=G*
+/A?{DU
//<--k
U.!2&`
o()+,S
%;$T`@
G]E%8bLY
-y-5hjat]R8<d
[fEYdj
r:{JtuQ
N2z9+N]15Y7
fR~!qBKi8sY
?RjLT+=&
$g;h2Q
8rE]]c9$-{*
IQ*!2'b'^
?7GOvl%'
|[I%j]l
n8oyzv-y!
'Q,V h
&+'a4mq
,]<rv0
M)WmGs
ivun,3j
&fA%YUwx/IK$
;H<o$/SPO;Qqd
-kRu2JSx
dEP%Ma#R
<)EY8h
$XY?9
^)?$~U
0Szu|E,-
D;m/PGXA
uW+tp4
,MH^aD:,yls
C*fNYt2l
~o-7X(Yi
b+qp[[C~K'
*JBM*K
I>7b8}?oM6F[2tBn
ol8l#b"D
n@/9yP<
D1|><[
6t7zm-'W;
+U&<4F
CZtijg
gLa^Zv
54UNyRRv}F
%Ssbp=6Iea
YWFG#<|EX
7ZnjH_
OO#fH,2r
b4k]G/
t3b|;|%
i}XRZ.
cbgc*hBH4
P`hY{l
:ch:a:>+v
R*)uj[>Ka2
\R#g-GE6
qf!P)nBm
~gS@;+c
KZ\qRi:Z p_Xh
DQ+u`#As
`Q1uy#
;+RVI
$eh[#Nta("j
vPk@wM=}a*Bl=
R\@p
0dk*tPxO
M)y0[Q
HJ}Ne8
^v#J67@1VX
Ac)(G+O4f|M
82s6$2e
]Nao z>nHRI
83#flo!C
>yUs2Z9
;o3,uh6 xf
&eN54q
lXwZ `
;H[G)aF5F*[
vV{O[.&
Sh|L!;;@
!7IPj
PMg,n%j
vj4{R)
~zc\u-nenn
hzJ?Fg@2
N@T6.;S
R{s*t3=
+}^y8Rs
LNJ=@<f
:&_pLu9F
;[ic[6
#EC\nG,JFq/x>_-
&<\("ai]~33
&F2{YN
M2n[4Q7>^+.&~
*J "oK
k,T=c@16;
r\>5An_K7
E< W06C`X6qU?p
&;!E]Nv
:f_{r((sg
j.7?_x
7AH-Cv3|i
-YbFj:
hO5y:X
T:9q!Y39n>0Lp0]8N'tgqj
/8<0P^F_#9hL
R\btjTR
(@e9P(
h.6L;@
6JYMN\
3<(7Ff@
b'5J,}Q
}A5^9icD?
YKSnGYnI
xYl}2G
iQBu'cH@
don|qo]%x:$v
^P|:h[UTk3(yG
R;YQQ)w;
Nq@ljEU
L{~_MaM
X}5=(k
pi&,g=
EPozV:9Tb\P,'L!
ktIjDPb.
z_k0O1"Bag
S9k!G-cq;
S'YK+D[P
{oR\x[
c;Zv45-B
j"3DHare!ey
;E|9#!
vWr~x%Zj>\><l,}6_;T0#
*byQqs
]=UkBv?7
4e8K]cq
5|e42-
asd:; v8v/&&)
,2W2v;ikGb
<9Nl{^;u
p8Y6}w
P|sO&\D
}"\/OWr
LXJ0v`{dw,
=3'yA?{=Kl
Hyh<n[
O,iWJWO9v
$D,WGu-d
$H)-Q
BN"P`+p
]m<oaU
o0+-UuI
cvpkGSY
0N"pwY
_>bUGQ*4Ea#
dCL])2^!
si+8L9s2]}p]p&#lz
l75uZm
y"5|Bkt;/P
6##C,q~
nGc=OvIc
\#/o!f`wCRda
Gp~$I@rSy}r
v[-lan
vXA[tg
zOb&V\Psz
ske,.hxD'y2;
_VS^9GB
;8}H/Ic![6'
n>{\6l\-
P|YUyim
8wf4)3FN
9jG:3MbHm$iAvd+hMe{
Ez:%N{"1[3
(F&8F;6
$hdUtV
Nr-a9o&'M@
|Y4{hJn
:<B_pSrh~c,O5_
gV|jI,7U
8x\q j2e
M(5Yo^a'C4
v1QG&$nA
{BAq.\Ln
7gAzo=o
Uyrb!K
b6FOHN|.
W$jVF|FDP
-UF~Cr\
q@Zf#Q$%
N)^<$+}z
% \cN?{wH
ht7RI8&&5
}]#Bx={j
>c W}$QX8Ae
]_F@Dam,}7hy
up|I=W-
W{<-U"Lp
$LXI_<DjN
7"KCc=Q,@)nB!
/oNC"K
~"uIq|b
'I0A7tGd(NJ
FFk#|YF
62MyGi
Mv-wq7:Jv
O.tFvN
`}bX$L
DiBTG-n}B"->$
SZ!8/6h
F?'>|vO
T4fye!ft:G{6<
(6'5D3wx
:kWIBe~;L
q~WjaG:Il
9>SE|+hU>u)
%_NS-5tmjOMZ-t{kPiu.
qi,;G/l+
]-r}x-$9q^"W)
C!f lf~
]>Jh>_P5VN~
6ly'\-tr
W1w8I8
x5..>oi&-.
bPW.&9.j
>hUlkz
<y}hiW-
RF|oc]0#
Buc+S%
0L@&u&uNo
N[8V.%>R0
^Qwg~F.85E0
3Se9px
[Khvwa
.$w;.bk)Si+
1\1TkY
MphW/P8H@L{
Od4mWT9G2
o>)w+hu5b_
n2#|x(3w5
)eR:Y>
0CNYl%jqJ
]^2F!U\x
wYZ0ZPxvwb
9LTc>Hw
06I@I,H,
Q1CU.z
;RYUdr
</$@/_~DtCs{
} j_d-@
#t&M{q4/|
3Qm;C \*
p?fi#Vl
o0 NCX
H^ zy0
Q0WaY*I&z
TF],KA
J~,X+1
Oq|:S$%x
yfe@#:f
ueBb *z
ghvR%/[
Jnm>hQH
`V_VNjx
&h1D#p0
2C&Ao15J7Z
Ynm|#0=
Wje]pA
)fM;sl-W[
.d(3@Iv}$
/\=tV+s
5mm}+KN
1VQp w
bDyofE!e
@@8u_mHJ
9m`6R(
"~::X+
d]B6{u:R09k'
)0SD\u_o/.
gQ XsZ
h[gks
ML @s"
sjEOY/
2#R&UnJKB
ykD55.
1#s7rd )
%#6^egzfuO
Iyyr(De-ja|l
ujjSdX
l2_vP(
OkWH10l0jc?SRG
E[Cf1o_X4t
_9W^I&rtvcN)NIN^'U;R+
E9A"sc7aU6f
,+-"el
ilX{Gx
a9xdA#-c`ym+_9
: 4SG`!
Y@/&l)8
DVCLAL
PACKAGEINFO

DNS

Name Response Post-Analysis Lookup
dns.msftncsi.com A 131.107.255.255 131.107.255.255
dns.msftncsi.com AAAA fd3e:4f5a:5b81::1 131.107.255.255

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 53179 224.0.0.252 5355
192.168.56.101 49642 224.0.0.252 5355
192.168.56.101 137 192.168.56.255 137
192.168.56.101 61714 114.114.114.114 53
192.168.56.101 56933 114.114.114.114 53
192.168.56.101 138 192.168.56.255 138

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.