1.2
低危
DACN
0.12
FACILE
1.00
IMCLNet
0.86
MFGraph
0.00
反病毒引擎
| 查杀引擎 | 查杀结果 | 查杀时间 | 查杀版本 |
|---|---|---|---|
| Alibaba | None | 20190527 | 0.3.0.5 |
| Avast | Win32:Malware-gen | 20191129 | 18.4.3895.0 |
| Baidu | None | 20190318 | 1.0.0.2 |
| CrowdStrike | win/malicious_confidence_80% (D) | 20190702 | 1.0 |
| Kingsoft | None | 20191129 | 2013.8.14.323 |
| McAfee | W32/Sytro.worm.gen!p2p | 20191129 | 6.0.6.653 |
| Tencent | None | 20191129 | 1.0.0.1 |
静态指标
可执行文件包含未知的 PE 段名称,可能指示打包器(可能是误报)
(2 个事件)
| section | yZGaaoCh |
| section | KGpFnavA |
动态指标
该二进制文件可能包含加密或压缩数据,表明使用了打包工具
(2 个事件)
| section | {'name': 'KGpFnavA', 'virtual_address': '0x00014000', 'virtual_size': '0x00015000', 'size_of_data': '0x00014e00', 'entropy': 7.941903446508423} | entropy | 7.941903446508423 | description | 发现高熵的节 | |||||||||
| entropy | 0.9881656804733728 | description | 此PE文件的整体熵值较高 | |||||||||||
网络通信
与未执行 DNS 查询的主机进行通信
(1 个事件)
| host | 114.114.114.114 | |||
文件已被 VirusTotal 上 53 个反病毒引擎识别为恶意
(50 out of 53 个事件)
| ALYac | GenPack:Generic.Malware.SN!.0598E93E |
| APEX | Malicious |
| AVG | Win32:Malware-gen |
| Acronis | suspicious |
| Ad-Aware | GenPack:Generic.Malware.SN!.0598E93E |
| AhnLab-V3 | Packed/Win32.RL_MultiPacked.R286923 |
| Arcabit | GenPack:Generic.Malware.SN!.0598E93E |
| Avast | Win32:Malware-gen |
| Avira | WORM/Soltern.oald |
| BitDefender | GenPack:Generic.Malware.SN!.0598E93E |
| BitDefenderTheta | AI:Packer.1AA040E921 |
| CAT-QuickHeal | Worm.Soltern.A.mue |
| ClamAV | Win.Worm.Sytro-7109020-0 |
| Comodo | Heur.Packed.MultiPacked@1z141z3 |
| CrowdStrike | win/malicious_confidence_80% (D) |
| Cybereason | malicious.e198d9 |
| Cylance | Unsafe |
| Cyren | W32/Soltern.C.gen!Eldorado |
| DrWeb | Win32.HLLW.Sytro |
| ESET-NOD32 | a variant of Win32/Soltern.NAA |
| Emsisoft | GenPack:Generic.Malware.SN!.0598E93E (B) |
| Endgame | malicious (high confidence) |
| F-Prot | W32/Soltern.C.gen!Eldorado |
| F-Secure | Worm.WORM/Soltern.oald |
| FireEye | Generic.mg.736cc64e198d94ca |
| Fortinet | W32/Parite.C |
| GData | GenPack:Generic.Malware.SN!.0598E93E |
| Ikarus | P2P-Worm.Win32.Sytro |
| Invincea | heuristic |
| Jiangmin | Worm.Generic.zct |
| K7AntiVirus | Trojan ( 0051918e1 ) |
| K7GW | Trojan ( 0051918e1 ) |
| Kaspersky | HEUR:Worm.Win32.Generic |
| MAX | malware (ai score=86) |
| McAfee | W32/Sytro.worm.gen!p2p |
| McAfee-GW-Edition | BehavesLike.Win32.Sytro.nc |
| MicroWorld-eScan | GenPack:Generic.Malware.SN!.0598E93E |
| Microsoft | Worm:Win32/Soltern.AC |
| NANO-Antivirus | Trojan.Win32.Sytro.fwfbyf |
| Panda | Trj/Genetic.gen |
| Qihoo-360 | HEUR/QVM11.1.8B57.Malware.Gen |
| Rising | Worm.Allaple!8.109 (TFE:1:lRS41tJwqPV) |
| Sangfor | Malware |
| SentinelOne | DFI - Malicious PE |
| Sophos | W32/Systro-AB |
| Symantec | ML.Attribute.HighConfidence |
| Trapmine | malicious.high.ml.score |
| VBA32 | BScope.TrojanDropper.Delf |
| VIPRE | BehavesLike.Win32.Malware.tsc (mx-v) |
| Webroot | W32.Malware.Gen |
二进制图像
288x288
224x224
192x192
160x160
128x128
96x96
64x64
32x32
运行截图
暂无运行截图
该样本运行过程中未生成截图
PE Compile Time
1992-06-20 06:22:17
PE Imphash
0e836bd3be54eeeafd05573d50eaca49
Sections
| Name | Virtual Address | Virtual Size | Size of Raw Data | Entropy |
|---|---|---|---|---|
| yZGaaoCh | 0x00001000 | 0x00013000 | 0x00000000 | 0.0 |
| KGpFnavA | 0x00014000 | 0x00015000 | 0x00014e00 | 7.941903446508423 |
| .rsrc | 0x00029000 | 0x00001000 | 0x00000400 | 2.9772483985450444 |
Resources
| Name | Offset | Size | Language | Sub-language | File type |
|---|---|---|---|---|---|
| RT_STRING | 0x00024018 | 0x000002b4 | LANG_NEUTRAL | SUBLANG_NEUTRAL | None |
| RT_STRING | 0x00024018 | 0x000002b4 | LANG_NEUTRAL | SUBLANG_NEUTRAL | None |
| RT_STRING | 0x00024018 | 0x000002b4 | LANG_NEUTRAL | SUBLANG_NEUTRAL | None |
| RT_STRING | 0x00024018 | 0x000002b4 | LANG_NEUTRAL | SUBLANG_NEUTRAL | None |
| RT_STRING | 0x00024018 | 0x000002b4 | LANG_NEUTRAL | SUBLANG_NEUTRAL | None |
| RT_STRING | 0x00024018 | 0x000002b4 | LANG_NEUTRAL | SUBLANG_NEUTRAL | None |
| RT_STRING | 0x00024018 | 0x000002b4 | LANG_NEUTRAL | SUBLANG_NEUTRAL | None |
| RT_RCDATA | 0x000242dc | 0x000000b4 | LANG_NEUTRAL | SUBLANG_NEUTRAL | None |
| RT_RCDATA | 0x000242dc | 0x000000b4 | LANG_NEUTRAL | SUBLANG_NEUTRAL | None |
Imports
Library advapi32.dll:
• 0x42927c RegCloseKey
Library KERNEL32.DLL:
• 0x429284 LoadLibraryA
• 0x429288 ExitProcess
• 0x42928c GetProcAddress
• 0x429290 VirtualProtect
Library oleaut32.dll:
• 0x429298 VariantCopy
Library user32.dll:
• 0x4292a0 CharNextA
L!This program must be run under Win32
yZGaaoCh
KGpFnavA
#mVF$VBpF
WVdVG7'p2
w2!A$Fq#)
v'J"1FR
BzvkzGM
$~x#9G#
,`#4#vAL5,A56V>
@z$2A;
2q1'G3k
,pWb\W
f5y#/F
`2"k4(
%k`MA83J2
4zSY`n
2 ns#2 i
9At^'BsS[7R
PJoLsRS1s
FUAtRGq8
PUS}#O
7,q:vSuD+o
]qASGk@
x[}#GX5@.U
_(wZ$9
1/u,kWf
=@F#Bo
tGspS[, #Q
#~"ULVZEt >'
A2JGS`my
bBSPrJ} lk\`N
/l]!Z!o4-
fy}(}}
8KbWUmb$Dy0Qc
w}Rts\p:
p_3m1y38,J+
qrwJcuA^XB
P[C"s!?l
o,$6OL^,t
?yrS<Gu3
puVwCotoI$NPR}pQY
42.>1t
wwFN}c
K_E.$G,n
KjS>/4
&VL!+p*8
8RJvOqS(1Zk
Q9.E 8Ay
Ey?TTlp
BZb_8I_}$Er
Qt1EV_qw
@z/_/bCV
GgoG^RQpG#A
N4(}T^6{tPM-.?
U \RwqdU
=JN= m+J[m
CqP_Ey5|q
[_sm4>
]>k*Oq
0_d:GU
-0q_A7u5
ERh#c. R
5,)QsA
q9="3j~^h5mwkE
Gm7#^*2
vRzvhR
Uko`rO
B 7kD?'
wKRjVP
:dINt>oZ
"y*d{a#F
|Fu Y0PS
(gBV?l
ZS_2+]
"jpUV{$jH
Dx^;?<s2
7hpZ3>s yj
{$E=}Y
VC4~llZM
qpb'|
zT~T.pf
ylY3CS/8
'm!B!y>/
^[WGTs4J 7
`qKV[(
+~!^eYXAKB
T2&gA/["
LaVgu\0
$7Jq>W$g;~t`{
,:Z/wRy
|[B mD
PGx7(s%
Jw/C;&eY]
q0-NW#t`
[VhR[y/k_
t"R*57d
5b2l\|
;Ewwf{
}v\_W`
VTbzt~j
nYWCYR
TV6FMd}]#
ln3:mj_
w_ V6r
,qk}P~
~+#[kw
{I!A0c
(1{6vMow-$5,
h,) 7_ !$Jq,$Z
lIFm Mq
z1 l.V
~Cw%#F
i'<B#.z
:5OwHPU
BK"0k,b^b
1ZR2i*
a-:-w@PT
]s3Gf^n]
6/<07BJc5
/LXFlCb
Os^(V*MGZ
'sFCQ5l^$NU.
YBkI!k
Bt-w5LTr
D%NL{3M#S
_|.#r?2 G
cilTx;D
f/~#vG~#N
_02B>R
{kw!jNt
Qoq-;= ~:#
w7g#Mt
_J>5801@
0x{2\Pb
Rm*bD?]
@PM(Qszv
*P?20
C]Zdd2>)[s2
"9>0wIL6h
E+:x/qb6t
8h!vzx FP6SS(w;-
6 %Z"I
>We?,
%6Ug[[
1sMo*sw!feZ
'C;(N&
qE$p\S9
.Uwa\2
ok!!:1
]jg@/N
0|wGtZk
m_S |X
+ssF%~
"W6j'Z`_ 7rC{.&
7[F:ijF0Y{~{
9;S2yFV@
~{$Byok;I,
UCCd,>
UtM1G ^rc
ABYrYxod x
M$9ue=i
QM%`1/
6~id5F
@#&>&"},
=gweR]L
Mv3iVc
|#"+Ga@,
mL ie^$.:@r(
s2V^oY
eV;c:1$;)e\BR
U3Iz%d~`
"SVp]`Jr
Pw:R&
qH<"C
5P4sqxC
AE,c{QVC*F
oUt1u
A"s#dP$qR%k6K
ThO"Uo7tt
,v~kX~h
+ HVLywx
oA*LpJv
_/m2u%N &J
@pq}"O>
e^PA$gU
!QV_pDpMQ~kG
WxgDCZ
#UB\pldo
w` L"z
N!uF$<A-
*We7/zkZ
p<MIC5
p0S5 .kP
o]"BV6}"J+
?W=GNV*J
jAD*WsJ
:Ju~tw F!
lZAld+Q/ o
_V5d-GsNv
&(7F7V
Pnox#wH
P_2w7}F#
R{;X!Y
JCzv{8F
(e{7% \
YqISf<3JCPz(y;
of'V8TG
gaf.PQ
&qiD5#v
.(WPko
#hl"Q92mk7
{Pp]2}
/H{#Q4~
}yFVdRD0
^PK.*BWY
J@HH$@y!x
.JqsSu
Aqt-u}(VB%@[
cJ!QaQE]h
FWReT
;tWM6)
!nxtrF7Pfs
OBPTxq
k^"Zu'PRZr
&$FlF:H?rpR"E
wJuMZ>
`/_,_`R!`T1.
>U#@B[v
vZL#;{#
76`QQd
;l,nGxwvgF
]Z"VqAG}N6{
<=xoZm
#KLFrPhjh_
YfhUcDymLPAx;G
U7ykwv0y{2el,U
w23DyU>T
BE[ F6-}RwP
:c[%ONYbE
w@7Zc2
;V7_CI
`K.)d{8oWxIob"
;6KV8T
k9+0A7b
IwQ@$i
RRYC[hp
6w~pD@
~Sh$lC
6,B#>qB
o5^%(RARfL
Vvs27oBjC
.p.B"rF7I"PByS
, $H6n
AjdxI0
V?G~;E:}9~U_
Eq(Q_J
uz/"\MJ'kKPe
2?X2*jS~J
%hExx@
c]o4k),K
F@@7B>w
[zw!z+,kWvW
Mo_yxi
>B)CG W
#6M.lD2
}ev1bYV\"/)UuL*rpk
7YO#bW
Wj3gg[k!4yk5n
/_7mFNX0 TLYZp
:fefgM@(8w6
&B]7F<3
6oDi#nP6ML}
$DV]$RxAO"|_K
|LA!~i
Scx,#r*
7Z&'Gwc6{ TBWgsPG#
P N#k
2X,!|`J]
-;{ G.
wPQ[F@,
mV.sr;c-:4/!FH
_GOO#Jx\^^P
[RiO3v_D
:!g@96
1:2F:$_j)+9?,
Cho+hv6'GF
lzv)fRp
"Y:gIp
w4- ox
P3-ZT;uS
`BdUlm
$#K:,W4m@
i[{Tb354R
:7->Vk
9G2?v]
JqIhE+
K#f i>_
QubVYB ED
7E]EsL
v4VU4y
pG<tt$qSQBJ(
2#Ft+'6
5h8KSmB
~y_u:5
$k,T%l[
I=F}]w
Kky }J
x[.?su
Eu_0~V;y
sy~&|vIU
#e!2nW
4=:-|Z
?q#DjD
1~.#[
KLA_2!m
C*5&77m
Z>x.!7
JU} kp+~
Kt,r7p7G
KG_Cvr3
PAn%x{
-q9#Hep.oW
*G2l9!t76
kN:7x.Na
&f&f=C_
.?2E%c.@!
.%peow>
suR\PN;
xlO6{m
mPm4P>
`FPQ/7/8 P!#A84H7,
Q4'H31Q
)V:# "GB
`6*A%Bq,
CnG|R]
p.]qZS}#V
"M=q2T
N"/v?mGY"JFY+
nT+V9R-b"B
YQD2J)!
7~i #@W
j:uERDa7GA0k+hC
XYX*KO
y^UKKDBL[
1]CvbC
Rg/E^1Jr;Qi
r_BgG}zv&
3VTy<N
42TSoVQu
JE".}8"N+
/ :+~y
eREv7C>
,!\,3qetF~o7z
MFA*lu:V?CrgfKB%7
" V4kk
4tU*Q#o
@%}Y|*q
>Fb2[&
@C1]C>
.t+h4z
@Cu{&Gq>
Y;,YF7
ex[j\[Z
N-YRooK t7|GBq
!y}JG`VwVNu
.QC(RyG|
$RRP"]-
lvw!J0FP
k%g''gQsY
dA*2DdA
dAnUbdA
"+O}Q[S
uLc)>J)Fli
5FusV |
2 %2
2 K2
6d~$*Pn
ltGH5@mdF
kHK2'T
tj}|kH@
6T Ma ,>3'/%4K$v
$g'/vq9'TF/2A$,
*{4#T"+
3O?MtMk[jgA
g`%jWVLa
p7JJ92k ]lE
E"*44l%
"JHRwBL0E:+
M Y#vVv
#e;)SK3
SikgGfoJcn
o81^41^
jC4NKt(R7.
"l>gx(P30
'7#:ug
f%2a$0
*'/6:7X!
;;G.r s
;+mK}F
%?\H;]Y/6
2l9H,#m
~W-drH
[}Y1V,_
$g#cIv
p>0Ope7R34
O5o:[.k9kxu-[cR
k]!_Gg
`e5=&_g@G
o#/v3#
j##w/,
(N*+AHC2GL
@Y D vw
HKE,Q[a
Ezw~"~9
K0I}"J
V-(EW7("
E5VW\NVZ
(p.Do/
LtyUWm
7E/M4.z@{\Woo
%xQ[[HzL0|
,WD@')HP{
j-p Yg
ns 2j 2=
VrrDl6T7
C tF=E
LY4NsF
P7QCNP#.
K.PaAuo
sf7pTo
Y12O"mG
4?-1&zy`b
wbpT*Z
,#+J#h
dj->^Fm)$R\
-GB8@Q,wfww P%nv
B?;0pSGgf
1uG+2?
NSD4q^[Xl8
Gyy,N_
Pg}DvGP$0#
72BPCj#W
W5DuMv~
F4p!L%A
1S/pT3
tqJ0=y
Tq<f6N
&BA]`+>QQ7^
[F*n ^f:Jx
eLo}`Z
>JB7(3
:!~Kxknd
AE!#bS-1
jq+|k
^YP\ $N@
UJ^>K9
c8E4DJX
VD0|.6D^
.=U5>Q
%"Rt^I
^F/uNpEy?jEpm7QiW>s.
R);,E{}
^[LKz=
d:^Ur3
0YwPTAP
VmD0t[{g*O3|R[
w!*V&"
gn"N03
U^1+RC~
k#jo[Czl
{,k#[\s
2OfGq+
{jViGC
Ej}_D"
;oo-qR
wxT-VpG}
BzX !fr-v
n2~_?#Q1
JL/nTK
>=>b[,
e%K+0r
~iE%v_Ux
XrsIQI
m#wODE
oT-fhvP
n'^_Pw
2Jt9_(xfD
%^`SbeT4p/ w
.T.Q[q
e.XrB;X!
>wwAPI
zgV7$N*a
v2@zQcv>
_G `{C}ux
V">,Uv^X
Z/GGGb
QE?=Br]
jCGlkc
JBr Dp
1_u*BVj
:S/vM@>6P>
O?Gj}"F]f
(~AKb8IZ
*r0!CV;
FG?]pK
`h"!E?nG7m.
OSk=\xsg4^}ZYT
y2!.W/E}
{wSb5#67\5E1
6 .gS+
*z3eG,P,
~'W6VT
k*;_;}f
X$wDSmU]v
G@[_y.E
Uo,W7Q"6Z
A5JDIk
zA46n/X
sK7DS ~
+Ph7zEcB
[R4px3
{,wbkK#Ul"Ti%(
,JOP:c
jE w4C$J
7Qk$aoA)yxC~Y.jo
8e,@qW,]
q>lk5[e#!,m~.
*a)w@p
qC6'py2z
VEGGFT{|A
V[,B-mbf
>bks_qBf
<<C[G
UwDA*F
Z jzq230B
(Yt:5&]
;vtW2+
|;(q`6
~LJT/Y\
*U0a"T
(&"WP@7
hY<3np4wU%
T[Z?{j4QL`aE
o. E=>?~] `
jBy[Dd
Dl#hI[&w
#rxvQKQB
Qy"o|H0
Fu .9,.
~O".Dup
77b/?z
Y'|K/JgF
i,.?$c:
+g{f]/;
F/%G.#]?.
ktC7uw#
Q,Ah9:+
b Jz:\
}vR|xES
8W3(m_
c.>H=R
K3.n(_
pCKn^qo
H_i+ C
bh{d=bZ
SNTIVB@C
m~Z^GB
(Z(a&m~A
UB E7E#E
Gw07UsASc
IR[}>(VM%
4^C:(n
}kQ"a;32k
mE>vHb
8^;n)xy
MVF#1Zn
4y{[FQcP
cBmb{,
&zG.i>r
onm*G7#6G#|G["
G nm#CG>#Gp#vmtG
Yk#bmGN#4G?#N]4MGWfo-#
G;]to^
N^H3Hs
>d3*ff
ffZ *>C#A#V&j * ?#N6'2&6
c<+`3_z
w uTBz
q#+C9Jx
)}S;M4^>
a>y.yJSN3h
YqarL[m
^,O*vz~
Bp5dPa
hh7rMQS:X
!j)+/.(
t{$"(1k'
U06A,8
*LyxV.,
7YN4SX
r7#7P#Pffku
23w8+r70
#-~PTp
4b92WG
V#f4yF
R[+W133"0N
C&Kp@q
;j"NB]
XEkk#IpBB
FpQ-y)
Qt0>y*
OLR'V#h
XcWLk/
-25S#Vgbq>i!B
]\(o#"
s`BB}f
n)Z>w7
WD_q6JsE[P
DVfPFmu. s
~aO~t6^
wjR@gBM}c
N"6b7l$M3>xu
>"_x#9
(` s8lo,
l8f^p[
lY]^),
i c^$&6E_7=
By|_F+71;D
$]wkusF
uw/"KGvP
erh4Bh
!#06bP..E
L{h//7F2 Cp2
(D$(V(
E|p-<NcP..
#kiM${
>?-,8wy3CGgP
RL^QP":
Lz,uN%M1
2c#VuHC
#&dto0M#&a
W1kbujfeT=f]
Gv'sHrbYlt~1
5DMba{b1j:
w!~ EV%cV~Br\n
:qbp'
lC#Ml9?!:(Q4
t[ln~U
o7<Y^"
qp~Df:fmk
+wjjD7`2
i}$W7}s
NCByaO`(JQ\
(h#bj%
xa_<$3UM
oD y8_3(E
}%hS:h+
~KZ,9
'kD2fPBp4PH
c K"Uh:()S
%Hy2ezc'
lC\.E .
|},$EfAb
W -MzTV7g US
h =F,ILUmJ>
}sdCp[gZ xDn+w
~t8[_~_b~qP
&xF#VwW
)Nav}P[%Z
U+[gzI
oQyy45%O,nyAyg!
-#rO"DaNDo#!
7PE$Oja
)q$%LMu>`Rf
KT#2`-Y
7fb!bk>
>x+0rP0@pX\
_(yT4;"m.j^/%
{x_LV=
N9SpX9 J#I=J$QDn
Nk:0@8`2@
DC+xP"
5Ge_*[82O]
pai/%O
nX Mp5
J1}y6^NEP54
FBs~ F:
|#1>ZiG%#
0Z8E ]r 06M
e0Vow A
Y6KMN:9qF_t
,W0{2L#[k"dv'#ya
'^t&NyKOP#Q]ps@J
.,-T"Z$
("k(E$|(O-T\ybx#f_:}
oK/XaR
XL'&(!_<sVb
Y$mJ\M/
#G$|AP_?O
l!-NQbW
vbQ7tk$
JU7HlxRl
t>I4V^de
B$VqDP7E
/U8Grs
I9dwhipV0
;Eu(JD
(%~7YDtI
>J"6'di(M.v.s}
*}fd>B#
ZqojY@
>a(}p#
L*$#ejR
(/"h{}.u
nkI+O;P
I?(^::
QFhCWtZ
.e)k?A
~ VEq csY
KvGCY5
]o^v{?
]B,uqv
Iy9Kww\
rHf2 Q
8BKmxW)O
Sq*qlBB
_c"t qD(o]H
|<aHwCj3dHD +
aB/Hj#
[]2\V,RXiQq$lr9
8Ar=yC
~p]-_yCq
QQ ^B_
Cn*)EY
e}^"A
/3)8Ts^V$
&x;/Dn
G6+^@p
@'#M[Jf
~S2_9~*SbRfH
,ORX3e/
oq`,[bx
0 PQ#a
,8J%}_o
S:$w5GYq2yLt&
[u>ywNQ
:|RBsY
$"v*'H%"HmT4:Y:PT
&B&FZ7EKwH"bTp3M
0Oq]A[G _T1[
?P7?2$X}A0[pr7
{}T;+_22-~
//^GKP"{
"@)@b8?
&IQZFI~^
okz} *`?
Sx1z4yGB
>co/@@
o M3(F
bBg7Y^
X;_'/X
dU[P'h
4*%y{0
~5"V^UaE1t
h@4rPh@r
=:Ed6a.D
ZYSG*nq,F
pG*,Qa+
C@-$JEg
C:7ou
[Wc,%b+
zr!fKAT/AJ*7\lD'(
[hMC_8]H.k
$9I~Rm
WxCyd_
,<#DAe,R
G[]1,0](?
+>2]Y{
9J.A(n
:J$E"B
;F+C]ta6l+
~&tH#+
o %Io|+Q(
XlAbia?x.
=OxI}a
LQG#|g
,`pB1Ya>3
1e}n>n
lbzm-#ytYEenVj0F
$(@_rT
yW:>9Bb8R
oV:"pt
R0^AC@@YQ
1}_R6nxW
/W#u?o
p;#,o6-j}6ubK# T
I#C^AzXXdR
nUqCSN#up
Nk #BA
J$gD#RQ
EtGdc E
\f08o/
w>l[l2
M!S.l`'
'KOaCbM"
02'vd7l
k&B#ph
#O#C~y
#B*#'KQh_
.Gn{3?
&F1>]?
Qy35"v:&XP7+)Jk"
Ot>=nYS
NsH%'f
7e=0V*>k
|R:N"X
>KT[ms"
9lG_MV
ww_I*Jv
Y}nf//
`8Kb-}v]X
E+77So?y
+VTK3)E
ToP];p)p+/@!
oyvq2)\
/}pMPX@
*]_]+H)4.^pLM
s?XYY93
M+rw|N
'gsxyI
y#"K@bVxY@
aZI71AyJ>[F%p
qq5BhE
oDqTG;
!J9 IVi9
YVTy C"GrU!
Bz|PSY0xIETv@d,F;
k8/5`4'nf
6-6B0"
R"R-HrF
8g)M!S
U, %QG
(SE go
t2CPY2L
MzR2]r)
S6xw26d
a#T.DrlAUU
H9KK3[
{pP2--D
vY2YE*UBFr
BK|xbvB
F@SQePTN
TG8xDG6
ETNGRs
A1iUJE!?
/\0nSK!/s
zfeGT"
n4j@qUR0a(q
{WX~p% G+,Xy
N;J\ /b
VN/SU2.
|e3EEq
0A;a?F
FytDMDs
(rsPFYbJ
).!n_)@0F
4kn8,@
AG&V{/;7s0 )EK1q]vAAM
Ds8,<hz
oKr~WcA,
7+Nzy\+A>
O<|!S@n51q_g-'a
#,\h"B^GLW
y[@S%Oq
TF)v;$
jY^Xpq
T0rz4RO
<C#62"W
8V_ :zp
,fD0x@o(
B?cQME
A(W /1AI 4b
Vc@OA?@A#
@e/ %\
E%1?)EN
S'/-O2
V^n')J,_
F4Qq{hJGvk;CZK[G%nyJH ]r
n3.V403a
GYa{TqB VG
~j mCS(n
Kge)Q_
s$ox/i' 2L
f%5M%6
(wtR1P
CP]g;M
v#cg Glqt5\
vg0g&G/
*f42M9
w%/J110"s#
o65W31sFdd
lZJkJM$T
cnBPv#
j#}zm#n/G<g#
V~_Cx h1vT~FLyG.
m#nq9,l#
rmwcsekD#?abnn
#i~r\?i^kgs.1
"j9!E#DcA
V=`!J:
m" 1}b
_AP#4A7/H^ey
OjYnKS
L0_Sh6vG^|#=k x
{s{'{w'
<X'dmrkk
Ql#yTt
3M'Egi3/gMV
n><XjgdG|
f:f/1ErRGG~
BOHF n
)I&- #
'I3"8W
\.5Dk]6 XTZP
o7;#Rn
w#k#Oam
/7#vL@Th0EGF
%.CGOQ2!c?
6sgxR?Rg
a?PGH%
Zt0|Y%7qbu_/]s;
K:K;Lr0P5+vF
DJwg)A^tn
fQ Qcg
RwE/Au*
@A[UF(b
tF'pZnG[
Rp=2+QV
vaY P7N`_
u8F8|auH
.Rw(WG
y$*UwES
wP_|eE
*[_uB#H
xT<}-Q`@4QNwo
Le"t/w6
=PP_Ap
.aqC_
3%lCkr$P
kV;IPQ]}b
Y&*P+IH2
^hQ"e\(
$0N&'_.T}m
k\,O?c_
Eo1p[3#
|-D<D>b.
CkjxP!
:B1+X;g
T2_py;(
w\&U*9
NXYdHP
FJv}l^7r3T
mJwG5s
N{Q<~j
hR#1}8
5,mP=b
!X?{8l*RP8
t!f@:QG
!c:HQg7z{wDQC
]guA yc+
NW|. /6
f%jyrgr|f
HUEm>*$
27.n!Za
_[(ZUv\
"[pjqS
Lra0yTt~VC
!?ZLe]
qRo5bSh1o
IS:\^*
Vb9be,4
,PX5Jo
Oa>g\^B
6E,2r&
XjT7;p
P_C9y5
FhPa \nk[VEAIEx_
Q7PR[F
H%hB'\_
GVPF7 *mYy
Ef'bq#
]B8%lo2
9Y_C{o
(w^t/U"OWv
qeFKOV
;n_`aQu
@XEl Phk ,l
bx A]]:G
+f*cOVI
KY.[Q]rYN
i+!fn'{
XpQnC!
Ja,9BY
_[+A 4
kAli\z
AH^@"a
0Wp?'Pg!ilA3$CGS*
GGp>Q:sP`
T?[@C~
zmTG)K
r$!Gzaw
?T^QP2kb
6~C&:wp>q
:D}pBi
WF?gD<
.(usl}<N$O"
N~JS,8
CaA4m*
zPHq@[a
e><0:^
w5tM5d{?
CzAl|}v
[tCt5WH9
Ao0E0sb^
ZA_]G%PT7
SQ*R@r
s_y{_G$>[
;=};Tu
4t=1"8
[S@z:9B
(y`}E$%
;!1pBU`/7
V2&/ >),
E,AF^<v+S l
[@?_JB
Q`#FU`)
x?27*BPC
zKp&:uDmv
v(a>H}t
S 8HF]
}WB>%]%
f3WExNE
Vm 3jK9^y
[Ai*x O^!
g*]x |R}0
fN9eG!L
.\T)'W3
%!Q(bQ8
j)sVM`
<KEy~[6
N5VAs:*F{
I;G[ YD
XJDrhK|}"
;(CzTkmf
DYZbM{~_
^q J!Y<
XA|qc*>G!D
F :}2\
guTq[{
7v_)lU0
a-fEK2bU
~2Q4;8Am
M1@r|v_[eY
7;lu;_f
J[tt{(9
lU]1W0x2ePZa
N@S_tZ
5.;x24m\y2mZ
*hD <IMT6n
OD,%*n-
&9sxvwRA"
g9qEkR
P7LsSOJ)!:Q
P8y_3G
#C2="Gg
t9#VVB
,+%JD8QsE^
]NCUDcC\_
otOZm@]pm
a,c5-.5
V,d\'*
`G!6Fi
>qnXZr
a9=sVzOd
W QWDGl5_F|:
VMa9DQb_|1z+
z?z:!z
y!RSbJ"
]_0pG3 }
^*T7gf/
f?yw+\:
#l"h|U}*
[-EPSqU
'=A2-o
^602OU
$~g]wb
hH29tj}+
w`#P&wC
V*U$c$6d
:Frw/U
fzhk1w
a^SKQKo}C
D{pP+A{sNi4
=ZQ-]vL
lJC5",G7c
m>@%S|
D8.7u.x
IxAggR
N=pWD;
@Z>^W"Q*k
T#OwD$E
WwCKqo
P]-A(]s ~
F7,.FH
:+J]''}PUJ(_^|zBj
dLD|G[P7Kb
h%y19{
GKLqdZfV
;cGt7E
/F#MC$("*HVy
^tQ&V`PM
E7f>+L~
##0P#z
?3=Zb+D@w^NP
W: +s&
RMCct:_B
5FDy~FV
XDk`'.)
7Y@-:Q
[VwSpvv
&)(eXb)n6I_2
[@3!0o'#
\UPR1O
q$UD{_
<*7x#i
]E'P2-"
mVT{j]
,sG0@i/
bH1WFBC
~|3>8n@C
dKR[FB
e28!,J
,[b085`
w]HjwSj&#T
1\H@4CP
SeKEiA
D*^r a H
ITG1.V
BS9^"PQ
{TPPns2
~ y9M0-E
%v8P_-
X /6,h#bE,@F7
a4e''/
kp(':
BJG27[
*b%V|:;$/Q
Ug%6A7
;V75 yx
&"pDtF
QZ/e>nV6}0X
jfPogU
=cZ2B)']@gM
b@1Kep"N/Q
,> eS-$
>L(EQY
>`S.Yv#
>jK/N]07N
#@P<w",q
BF_`4>:
"TTz"~?
n;.~#SX1
Sb?"2?0>L+v5 l3tF#J&U,
oTmPGE
aZ$N^H
1&sFF"
a_UU@rD
_XHJ'[q_/5Dt
ic># >C
hemC53}
+`*6)j-
6!CD;o
w2+3"
NYp]EPOGSc
hWxA(
D@^`_>^
,+Wv/f*
<!D=FFBG
~xX|%KT
@nU4rz
@JDPP6[
k-2SOK1C,{
r0ZI[6>Vmq
}a)^Q8PqA|4
^spnkTV
B '4FN($',G
p`AQ:.qF'
9[Ls_Q
D @pXt
V'~GP_5c|Y=! iG
rWA^$K
OjH[9N
K@w"P5
j ;7{,Q
KE^u>O
81IA"Zp@
gYJ!D:S}cP?
Y5l#FE}R
E-2Y"W
~A bqz!
Z5{eh0[P
JS2d* Dyt.-
'^ 'l/@
Fp*bsZ
';Foa>@
)qKZ 7*EsC
~db?<LE0
,`Q0l; U
K}gR7~|
y}9vF.
~=>?X`E{
-[XH@,|g
9?Gr@C:;1
P#^<l-
.FI20TCJna
7b/tXnYB
;y;2]'
k;eV`zGvrCkyu_wJ[
x=D[[<'`?l#Q<
<J~6pme
[dkzSu
\12 )I:&c"Z
`S)EwEPu
&b8=2p8A
(_tbyy
G~5a1c
A0uFgK
I)|Hb
q@xn^2
DuBA\-
}r7T vY::
7mGc0y
I~8g)Mu
V#Pin._
\%Vv;ri
3%aPQK8!~
EW5_d2F
!qPkG"B#- J-*
r<zgs9y
X-+v|H
n(<#$[
GtI J?
5P6~K"
QiMub"
lhCNZ"!
6^S]]+
P;y&qrA@P/CTf
KMl@DJsV
6\8# Ik
62^ 6@@
RkczRU
#>,VKP$M2VaX
[iB[oNM@ivp
nS"M3i
"d"h2/V
-_3g:Z
gBy?("DR`\
k+>Tp32
yfAu%:*
mlXU"*
RA{NKy-`~
CBw>bK
ABB1}gLM@7R
-d$,@Sjk
#YBF,Ul'O
yKD${#?
Zd 5^pG@/O`%
CChFkCWQ/Gyhh
IS=<-y4_/]f
D, |O^ Z DD%jH
ydg_ e
9ujE,DX
r(/lE[
p_L6v yMyS OM
+_aeP*
qwU\O~
l(MGzh\8
(!NTOD_[
mf:V-b
qkW[Yme7
Z Ro{T,1m_TK
g2pyK#eb
\vo>YKJ.
*E]GRk
[K/7(8#ESCP
C>+eF5
G*VBZFU-
@q!-4]
1BW.<~o
v//zlPL
l"7 (eo=
?y$YB`8
?m{j!CE
PUCv~;/) ~
q3tiQm*
zpSQwD
"ApVjAQ
.XN}Z.
8@*T=EA(}+"P
t<CPOc|98X
h/<@ChYqb6
v!P1B7l#s8
{,nSyZUu
hMM^qwQ
<`:Ysc5V`F
c'_dNKqDc_
7\g}"7g
5F'%9&
f#zfe"6
(o8(A%b73ow
Gxf9~v
o#fb90Q
-l6"A$l
l%#9$Q
# '`;Q
%q_(Wv
D9*K7f/#Gfg
Bf#;Iv
4f% o'
'@30_Uf
b02b4-}
;vwA8)PPu
3H:b51m;)E2'
S/ ?S;']ov'jge
2g>5Gvo
5#d.lM
%G97 PPLE:g
}fl (H9
#-2>At6 hw
(pK6%O
/(*EQs3~7
* (ww'J2b2)s"2lbf3fholW2Hy#\3n
BV;/f 'k4WH:t
+v8&o'.MvtQ
xb%?i94
%pQk@-J3`
*G81J:-
c[>6b5?
/R2E?1
o\<)j2<lkBgo$%*-7#B+/bh
)gp>'#/kbHa
zpLE$1Q(@dVw`7E3h2f
1' )Vx'
a_{y/J0-
?G`?4).Ya]
#2E]F`k
q6 qQ$,,-#x
2lqM7!
?ff.fC354-|x
5KcQtBQ&
NbtTC0(w%n!
o3;KhfUfE_1
o> Av
_DOi?M)l1
# = qw
P/806Q6l
2YG"1-G
nAl(k{
Y$Dsh*1Y
QSAI|DO
<M.2>[
#wzO$TRD
K7DC")w
%b69!@
\ka&`y9
so=_?N@
CgNy]oJ
%+bQ"(
,C)tm ?S
~dr1>gv
Z(ww5vd&#/Q#>}v
%|Aa(8
6/wm>c9
ks8fI~e
8PnAq6b
I9xB2yMv]1?>Ps
wbG~Sgd}7o,
!*}Z28
Bv WPg'
'@8(',
4[] fS_QQ4u
65#NN6>
$)&_W7T
7^W>`j#
#G[fWW
.r_Qg@# VT1v
kQ,7DB
v.p#m.
$PmT6>
8(Ob-'E
#@t7b|
*A5|+L
("c|ke:%
|4%-=I
+ Cm't>eQ|Q<
K?jvCW.O
CPC.#?r+#
kARuntime error
0123456789ABCDEF
az~@~nl
(4M408@HP4MX`hpxM4M4M44Mi5H
2ejDs@8 t
sa_TPF0
4M,4l4
'=o@o nur'
gpkCW/_p
h3m={W
&G7D+Ot
`sW'^X#
UUUJFTMU%
JFUQU%
O%wwMm;m
aAegu_-r
S?,3yI
c)t`uck
!llf'5'7
omO`o_nG$
Qi3a/l
MA{c t19-
5l+![X
%_!#|Ky
OW87Yy
n-p`[)p
J&Hkn/!bY
cGv}l7
c=Yr)%
-W.6&$oA
CYeSd!
i0cF0Y
@J`cb@c
rw-#u#
qtPv`1
b1KsIj_t
#O`c_m1
yQ6!]vgad+0`0iG?o
5km`\n{cCF
k0>gmh}kVHxBI
&=O8w7$B
7project1
IniFile
"RTLConst
KWindow(UTyp01
^Class
CVarianZ
5QHoo\f
sAiveXT8R
`egiGry*[
#mVW=(GJ
14#vAL5,
V>@z$2A;
Yq1'G3
P.5P3/r1#
ByMaw#/F
Em G_G
`2"k4(
teCriticalSW
iz0Virtu
Allocaoc
adId`v
WidharToMulBytnh
}kLibr yExA
Add&sls
ModpeHand
QQELa{
a,siWs
Unhd :
e{aFPoin
>Rtl:w_
&Siz-Z
`#v"YB
skSpace
tWAY%G6CE
Va I*Lh
shFSdv
L`.bo\d
K :w]K"
5CODou
7<BnDAT)U
m'OP'e>bt
`.ZKOlOw
XPTPSWXaD$j
advapi32.dll
KERNEL32.DLL
oleaut32.dll
user32.dll
RegCloseKey
ExitProcess
GetProcAddress
LoadLibraryA
VirtualProtect
VariantCopy
CharNextA
4PTvey
.#[V#1=?S:
%+LYh5u>
;!_{\B].PlQ\v^`
nQ=wk|
($R4FL[FW1X)^';d
f2#|-)\m
P`2/Le
+/Uub.
xlIM*ap_OA/]
+-nXfCU
he*xy$|
V)ldo`1<Kn
oH<yW7nvNnW1vJiQ$z,@
LqDV;K8ZQrH_e^
W8f\ZR<
dUsL$ 5wcY{
v?&?]vAB
iHO:DaFA35
iI-IcH{q
\I!&+YC ](ufVzt5+, 3[M4fkj
5-6SaW
'9t8 m=6
R<pu@>\2
9L}n&}
ehJ&h7{-n
yC>16^*F$.
)Aq|mSn#?y
W5Wo0bG
@]KhiY
_)6LsR|O
Z"n1DP
1>|`QWl\
5~VL(pXY
E2~'R^xP
3d)S%*-q
U@LbO/
.6;s4 NNjH
MVHypY
ap&S\(
ym':oYL'1
*R<8x=O
/9 r.i|
D[~xyY)c
G~8yHL?`V-d)
r5avJq
Q/>fVX'F
z#` J$
v=qb.OROR?JO
!G'nyz> T
yEo7|
x'IB.fKgh
'%1DfC'jLX6%
`n(OfSb?
E3P#%K
"@@~%/N0u'"|e
{e)4mL^
a_5^%#
dt3)(?Tt/RX\D<
M5&l:N1
+P_N4(KJ2E
ul#2`kD!m
dIv1F@f
5)Z>P/c*Tx{nPLs
C`,'2-j
LXxEq~WE0
_!Vc/@
\h&oo2`
i`C9dVG6
,hK/|\
3AWOM@cI
O,Q`=tHi#A^
P5jr_j?d,
j;21KtqX}%y
9K0lGs^
*,|j}D
\zL+gX>
iY/Qdp_3
1n<]~R&
era:~+o2
<{@cC[
]C|63Im
t,*7|W"
~yI9'']\Ez
F~9BZc
n=T G yxG
J=QZhK
A(X>9:g.[
H|bd6uuw|
@ZzTZ*u
t7Yhv;.U\U{j
4.C~"`
F[9j)>(Du
fd?Dzz$xI
x9C6t=\+Fve#2A
`D6?j,YfWf+675
pa$1> 73K
=dK]JHF
S[,|!R
O&X{?S
p7#}<k
Fpg\0lpS
87@]`@cX
3_5IXL"OQ-
B!UocZ
&Tezb3S&j2+4
|o5;8![(3 I7
/Ai.'3
/FDSqC
mA D4&+oU&
HB'oJ)
Gb=# }
(?DQ=j(
2|U{>KoBJm^
taVV B
!s(F$> :
/C/gAR
az<?54YC
.l#KSn;H{
n,\k8v6@',"8
&*[p`*:,H\zj4
@n /Wu&ePL+CFH=gSw
l{%{}3
GTN|{1`
.$x},r$;h{
(~_RvlJ
-zB<xfI\+,
uDkhW'[EF:
DnaV.w>
GL6bM)x&[
i!Q<sf
7$ %|Rv
@qr*dTB>t
VpPpP~Q
C&S}oDO4Y<3/
dlY5L<
LCRGyl@
nx=f Gb
-u,MXe
m]n;o:
os4<2;;X(]VP
s!>W!2$-/
|E]P)|
dcfJD
r=u.PPd1{l"vn
S&`n5@RE^v8?MY
:z]G>U
u<fYRF,'eY}c
JSff>X
Z)t4^9<c
Iv_OceTE
&#_XH?"
xQEoG?
cVeNUh
Fz(ABMapch-v/Ogxv3n?_
CBr~WI0}#8
|\r1SM-
rvLj~oswqO
E~qrhF`7p
AeQDdlfqIzTm;
:9[p(m
")IRg.r+A6R
p8K[O3B R
&Tv"CWfEURZ+|#9(
6w-j@\b[dt-@IB)
~iFkx"B_
-O<k38'
|, J'hrD!7O
xs$3$h
auv ^d
|I;;^1
{:t;|N
MosN:8B;
a]}IfZQ)
EEDtB^
|[r<Mz[Xe!)~em
O7*@I,^yWU
UlQKma
+rg=*M1pn-
G,xbR o
N^{0`c'?p'd<$v
Eh ,}WF|#
\z-X2dVIg
bH$MJ`
{`ja`4>
<[<0P:;#
BDs^J'(}XydYp
yX_37S"+9X
\eD.Qe!G
#:0]E6M 4U`/.O-T
*sF~>q
8W3nY-
dIoH5w|`~
\="T8;jS
_E`&z&Eit
U#!oqh)
xxvQ{.>
OeL8,Tt
+)&r;i|Z_iYP%S*mn]w
R{lL,t5
a8kU\"
O6tuU|G+
c7n>2p
pQ ]8{%^]
4rcb>5d
lG9dSPb7y
KRso@!QUh.p&R|TV[M"*Pc:
T);3Q`Y-{ZJZ
KkBvH8KjI0SuE
O{&Jtv<e
PfPGbw
xzf]Ol
F)^'=8
=5<$Qr&S
P ]\xv
o^0e$x
8j2L-@}
?"IW0F
6~)dc"
|<Ooh]"tH8
"n-lv=iGdt9
\Ix,|$7Uq0xH%
N"tCbS.UBi"
al;>C9
/IW]G#!_k
k4DNei
M'>{5 I
5]L<jkhS
3+Mo.PH+!q
[yFVE`?pl
->giTe
p' %Oz!D
6YxClE%e'
*vQq/=<t
y>D~*kEaz5
TyG.G1]o#
sbDu>1
Tv 4Z0_L~\?L3
D�V�C�L�A�L�
P�A�C�K�A�G�E�I�N�F�O�
Hosts
| IP |
|---|
| 114.114.114.114 |
DNS
| Name | Response | Post-Analysis Lookup |
|---|---|---|
| dns.msftncsi.com | A 131.107.255.255 | 131.107.255.255 |
| dns.msftncsi.com | AAAA fd3e:4f5a:5b81::1 | 131.107.255.255 |
TCP
No TCP connections recorded.
UDP
| Source | Source Port | Destination | Destination Port |
|---|---|---|---|
| 192.168.56.101 | 53179 | 224.0.0.252 | 5355 |
| 192.168.56.101 | 49642 | 224.0.0.252 | 5355 |
| 192.168.56.101 | 137 | 192.168.56.255 | 137 |
| 192.168.56.101 | 61714 | 114.114.114.114 | 53 |
| 192.168.56.101 | 56933 | 114.114.114.114 | 53 |
| 192.168.56.101 | 138 | 192.168.56.255 | 138 |
HTTP & HTTPS Requests
No HTTP requests performed.
ICMP traffic
No ICMP traffic performed.
IRC traffic
No IRC requests performed.
Suricata Alerts
No Suricata Alerts
Suricata TLS
No Suricata TLS
Snort Alerts
No Snort Alerts
Sorry! No dropped files.
Sorry! No dropped buffers.