1.0
低危
DACN
0.12
FACILE
1.00
IMCLNet
0.75
MFGraph
0.00
反病毒引擎
| 查杀引擎 | 查杀结果 | 查杀时间 | 查杀版本 |
|---|---|---|---|
| Alibaba | None | 20190527 | 0.3.0.5 |
| Avast | Win32:Heim | 20191004 | 18.4.3895.0 |
| Baidu | None | 20190318 | 1.0.0.2 |
| CrowdStrike | win/malicious_confidence_100% (D) | 20190702 | 1.0 |
| Kingsoft | None | 20191004 | 2013.8.14.323 |
| Tencent | None | 20191004 | 1.0.0.1 |
静态指标
可执行文件包含未知的 PE 段名称,可能指示打包器(可能是误报)
(3 个事件)
| section | .MPRESS1 |
| section | .MPRESS2 |
| section | .imports |
动态指标
网络通信
与未执行 DNS 查询的主机进行通信
(1 个事件)
| host | 114.114.114.114 | |||
文件已被 VirusTotal 上 50 个反病毒引擎识别为恶意
(50 个事件)
| ALYac | Gen:Variant.Ulise.39916 |
| APEX | Malicious |
| AVG | Win32:Heim |
| Acronis | suspicious |
| Ad-Aware | Gen:Variant.Ulise.39916 |
| AhnLab-V3 | Backdoor/Win32.Hupigon.C3088933 |
| Antiy-AVL | Trojan[Backdoor]/Win32.Hupigon |
| Arcabit | Trojan.Ulise.D9BEC |
| Avast | Win32:Heim |
| Avira | HEUR/AGEN.1036241 |
| BitDefender | Gen:Variant.Ulise.39916 |
| CAT-QuickHeal | Backdoor.HupigonPMF.S5584315 |
| ClamAV | Win.Trojan.Tinba-6357827-1 |
| Comodo | TrojWare.Win32.TrojanDownloader.Dofoil.GN@79ajoh |
| CrowdStrike | win/malicious_confidence_100% (D) |
| Cybereason | malicious.4cccfa |
| Cylance | Unsafe |
| Cyren | W32/S-bd04db17!Eldorado |
| DrWeb | Trojan.PWS.Tinba.453 |
| ESET-NOD32 | a variant of Win32/Kryptik.CZFV |
| Emsisoft | Gen:Variant.Ulise.39916 (B) |
| Endgame | malicious (high confidence) |
| F-Prot | W32/S-bd04db17!Eldorado |
| F-Secure | Heuristic.HEUR/AGEN.1036241 |
| FireEye | Generic.mg.778abe04cccfafe2 |
| Fortinet | W32/Kryptik.CZFV!tr |
| GData | Gen:Variant.Ulise.39916 |
| Invincea | heuristic |
| K7AntiVirus | Trojan ( 0052964f1 ) |
| K7GW | Trojan ( 004b9f111 ) |
| Kaspersky | Backdoor.Win32.Hupigon.tipv |
| MAX | malware (ai score=81) |
| MicroWorld-eScan | Gen:Variant.Ulise.39916 |
| Microsoft | Backdoor:Win32/Hupigon.A |
| NANO-Antivirus | Trojan.Win32.Hupigon.dogvlz |
| Panda | Trj/Ransom.BH |
| Qihoo-360 | HEUR/QVM19.1.5315.Malware.Gen |
| Rising | Trojan.Kryptik!1.AF53 (CLASSIC) |
| SentinelOne | DFI - Malicious PE |
| Sophos | Mal/Tinba-AC |
| Symantec | ML.Attribute.HighConfidence |
| TACHYON | Backdoor/W32.Hupigon.91648.K |
| Trapmine | malicious.high.ml.score |
| TrendMicro | TrojanSpy.Win32.EMOTET.SMITHAL94.hp |
| TrendMicro-HouseCall | TrojanSpy.Win32.EMOTET.SMITHAL94.hp |
| VBA32 | Backdoor.Hupigon |
| VIPRE | Trojan.Win32.Generic!BT |
| Yandex | Backdoor.Hupigon!Lo1Uv2n49ws |
| Zillya | Backdoor.Hupigon.Win32.210470 |
| ZoneAlarm | Backdoor.Win32.Hupigon.tipv |
二进制图像
288x288
224x224
192x192
160x160
128x128
96x96
64x64
32x32
运行截图
暂无运行截图
该样本运行过程中未生成截图
PE Compile Time
2014-12-28 13:45:12
PE Imphash
29d8d235a94a2b373c600cecbe74db5d
Sections
| Name | Virtual Address | Virtual Size | Size of Raw Data | Entropy |
|---|---|---|---|---|
| .MPRESS1 | 0x00001000 | 0x00016000 | 0x0000ce00 | 5.78508269828648 |
| .MPRESS2 | 0x00017000 | 0x00001000 | 0x00000e00 | 5.9471280750547475 |
| .rsrc | 0x00018000 | 0x00008000 | 0x00007c00 | 5.825926528385003 |
| .imports | 0x00020000 | 0x00001000 | 0x00000c00 | 4.424402062561306 |
Resources
| Name | Offset | Size | Language | Sub-language | File type |
|---|---|---|---|---|---|
| RT_ICON | 0x0001f230 | 0x00000468 | LANG_NEUTRAL | SUBLANG_NEUTRAL | None |
| RT_ICON | 0x0001f230 | 0x00000468 | LANG_NEUTRAL | SUBLANG_NEUTRAL | None |
| RT_ICON | 0x0001f230 | 0x00000468 | LANG_NEUTRAL | SUBLANG_NEUTRAL | None |
| RT_ICON | 0x0001f230 | 0x00000468 | LANG_NEUTRAL | SUBLANG_NEUTRAL | None |
| RT_ICON | 0x0001f230 | 0x00000468 | LANG_NEUTRAL | SUBLANG_NEUTRAL | None |
| RT_ICON | 0x0001f230 | 0x00000468 | LANG_NEUTRAL | SUBLANG_NEUTRAL | None |
| RT_ICON | 0x0001f230 | 0x00000468 | LANG_NEUTRAL | SUBLANG_NEUTRAL | None |
| RT_ICON | 0x0001f230 | 0x00000468 | LANG_NEUTRAL | SUBLANG_NEUTRAL | None |
| RT_ICON | 0x0001f230 | 0x00000468 | LANG_NEUTRAL | SUBLANG_NEUTRAL | None |
| RT_ICON | 0x0001f230 | 0x00000468 | LANG_NEUTRAL | SUBLANG_NEUTRAL | None |
| RT_ICON | 0x0001f230 | 0x00000468 | LANG_NEUTRAL | SUBLANG_NEUTRAL | None |
| RT_ICON | 0x0001f230 | 0x00000468 | LANG_NEUTRAL | SUBLANG_NEUTRAL | None |
| RT_GROUP_ICON | 0x0001f6d8 | 0x000000ae | LANG_NEUTRAL | SUBLANG_NEUTRAL | None |
| RT_VERSION | 0x0001f7c8 | 0x0000033c | LANG_NEUTRAL | SUBLANG_NEUTRAL | None |
Imports
Library KERNEL32.dll:
• 0x407008 AddAtomW
• 0x40700c FreeConsole
• 0x407010 GetCurrencyFormatW
• 0x407014 IsProcessorFeaturePresent
• 0x407018 CreateEventA
• 0x40701c OpenFileMappingW
• 0x407020 LocalHandle
• 0x407024 HeapSize
• 0x407028 MulDiv
• 0x40702c WriteFile
• 0x407030 GetTempFileNameW
• 0x407034 SetLocaleInfoW
• 0x407038 DosDateTimeToFileTime
• 0x40703c EnumLanguageGroupLocalesW
• 0x407040 CreatePipe
• 0x407044 GetPrivateProfileSectionNamesA
• 0x407048 SetConsoleTitleA
• 0x40704c CancelDeviceWakeupRequest
• 0x407050 GetVolumePathNameA
• 0x407054 GetProfileIntA
• 0x407058 GetDateFormatA
• 0x40705c DebugBreak
• 0x407060 SuspendThread
• 0x407064 SetCommMask
• 0x407068 EnumUILanguagesW
• 0x40706c MoveFileWithProgressA
• 0x407070 BackupRead
• 0x407074 GetNumberOfConsoleInputEvents
• 0x407078 GetLongPathNameA
• 0x40707c FreeLibrary
• 0x407080 GetFileAttributesW
• 0x407084 EnumDateFormatsA
• 0x407088 QueryDosDeviceA
• 0x40708c UpdateResourceW
• 0x407090 WritePrivateProfileStructA
• 0x407094 lstrcpynA
• 0x407098 GetExitCodeProcess
• 0x40709c GlobalAddAtomW
• 0x4070a0 GetShortPathNameW
• 0x4070a4 UnlockFileEx
• 0x4070a8 SetComputerNameExA
• 0x4070ac SetConsoleTitleA
Library GDI32.dll:
• 0x407000 GetDeviceCaps
Library ole32.dll:
• 0x407230 OleCreateFromData
• 0x407234 HWND_UserMarshal
• 0x407238 CreateAntiMoniker
• 0x40723c CoInitialize
• 0x407240 CoSetProxyBlanket
• 0x407244 CoDisconnectObject
• 0x407248 ReleaseStgMedium
• 0x40724c HGLOBAL_UserSize
• 0x407250 PropStgNameToFmtId
Library msvcrt.dll:
• 0x4071a8 iswprint
• 0x4071ac _wgetenv
• 0x4071b0 srand
• 0x4071b4 strtok
• 0x4071b8 iswupper
• 0x4071bc tolower
• 0x4071c0 fputs
• 0x4071c4 _swab
• 0x4071c8 wcsncpy
• 0x4071cc _fputchar
• 0x4071d0 iswctype
• 0x4071d4 _strupr
• 0x4071d8 bsearch
• 0x4071dc _strnicmp
• 0x4071e0 memcmp
• 0x4071e4 _wspawnl
• 0x4071e8 _abnormal_termination
• 0x4071ec _rotl
• 0x4071f0 _flsbuf
• 0x4071f4 isdigit
• 0x4071f8 memmove
• 0x4071fc _isctype
• 0x407200 isalpha
• 0x407204 isgraph
• 0x407208 _wspawnvpe
• 0x40720c _wexecve
• 0x407210 _wcslwr
• 0x407214 _wcsrev
• 0x407218 fputwc
• 0x40721c _fcvt
• 0x407220 _ultoa
• 0x407224 tmpnam
• 0x407228 _wcreat
Library WINMM.dll:
• 0x4070b4 timeSetEvent
• 0x4070b8 waveOutOpen
• 0x4070bc midiConnect
• 0x4070c0 midiOutSetVolume
• 0x4070c4 mmioOpenA
• 0x4070c8 mmioWrite
• 0x4070cc DrvGetModuleHandle
• 0x4070d0 mciGetDeviceIDFromElementIDW
• 0x4070d4 waveOutGetErrorTextW
• 0x4070d8 joyGetPosEx
• 0x4070dc mixerSetControlDetails
• 0x4070e0 joySetThreshold
• 0x4070e4 mmioRead
• 0x4070e8 waveOutGetDevCapsA
• 0x4070ec DefDriverProc
• 0x4070f0 mmioDescend
• 0x4070f4 mixerGetLineInfoA
• 0x4070f8 mciSendStringA
• 0x4070fc midiOutClose
• 0x407100 midiInGetDevCapsW
• 0x407104 midiStreamOut
• 0x407108 mmioSetBuffer
• 0x40710c midiInClose
• 0x407110 waveOutReset
• 0x407114 midiOutPrepareHeader
• 0x407118 waveInGetPosition
• 0x40711c GetDriverModuleHandle
• 0x407120 mmioGetInfo
• 0x407124 midiInMessage
• 0x407128 mciGetCreatorTask
• 0x40712c auxGetVolume
• 0x407130 joyGetDevCapsW
• 0x407134 waveInGetErrorTextA
• 0x407138 mixerGetLineControlsW
Library mscms.dll:
• 0x407140 GetColorProfileElement
• 0x407144 UninstallColorProfileA
• 0x407148 AssociateColorProfileWithDeviceA
• 0x40714c EnumColorProfilesW
• 0x407150 GetStandardColorSpaceProfileW
• 0x407154 DisassociateColorProfileFromDeviceW
• 0x407158 GetStandardColorSpaceProfileA
• 0x40715c SetStandardColorSpaceProfileW
• 0x407160 DeleteColorTransform
• 0x407164 GetPS2ColorRenderingIntent
• 0x407168 SetColorProfileHeader
• 0x40716c TranslateBitmapBits
• 0x407170 CreateColorTransformA
• 0x407174 ConvertIndexToColorName
• 0x407178 CreateProfileFromLogColorSpaceW
• 0x40717c RegisterCMMW
• 0x407180 GetColorProfileElementTag
• 0x407184 GetColorProfileFromHandle
• 0x407188 UninstallColorProfileW
• 0x40718c CreateMultiProfileTransform
• 0x407190 GetCountColorProfileElements
• 0x407194 InstallColorProfileA
• 0x407198 CreateColorTransformW
• 0x40719c CheckColors
• 0x4071a0 SetColorProfileElementReference
L!Win32 .EXE.
.MPRESS1
.MPRESS2
.imports
]fffff.
USWVDE
EfEUlEuE
u}u iM
EE!MMfUff
UEcEEE
UMtMEEE$EMUE8
*EE#EEMM ^]
USWV\E
Ef]MUu}
UMf1+M+E
M)fufhfuE]t]E9|Z
U]{]EfMff!fM%
e+MU(EM
UM1ME\^_[]f
EEEEfE
EEEEEE
fEf5<fEMME
U+EEE9
f+MUfM|
U+EEEMUuf}ff!f}
Uf}ff)
uEEM#E
Mfuff)f}
MUfufT(fu
^_[]ffffff.
}fu)fUfJbfUE
^_]f.
^_[]f.
fE,tM9u
fMff1fM
uM+EfUuE9te
MfUfYHfU+EI
uE;N4u
fUfGfUEnEE
fUL^]fU
E@0MEA
]fffff.
]ffffff.
}E]ME|xtp
E@dExEMUE
Ufuff)f}CU
^_[]ff.
D$cD$X
\$lD$O
gD$CD$d
D$;D$d
D$0D$DD$h
D$,D$hD$t
L$<L$H
D${MT$Hf
|$(\$$ft$"v($
L$tL$tf$
L$,L$|$
D$C$D$CL$|;L$H
D$pL$|$
L$|T$4
L$|t$Xf+$
L$HT$;
D$TD$T
ft$Pft$R
$L$$9uTD$t$
t$\f+$
L$(9t'
D$OD$O
\$c+T$XT$XD$X)$
L$XD$CD($
L$Ce^_[]
Et3MEUV
USWVTE
EEErfEpY=
]MUu}u
fuff!fu
MI<fUfrP+E
E9u+EfMfvfM
f+EfEE
BEfMflfUff
EMfUff1fU
@P|A8E|A4|]A<
E567`f}f
\fUfHfU
D0|ATEf}f
|+EJLE
`}efyy|ID
)f+EfE
d .\1\l
`f+MfM
-d{9u(f
|JPf+.f.E
^_[]ffff.
USWV<fE
M9A<U~
}f1fuE
'EMfUf~8fU
EE<^_[]
USWV4E
fEyPfE%uUUE
uME9uUtEE
MfUfnfuff1fufU
EfMfffM
4^_[]fffff.
USWV<E
E9sgEfMff
fMufMff
EfElM1M
<^_[]f.
DuU MU
:u}+0!
f]f<Af]
MUf:f+Ef)f:E
Mf9=uv(hf+U
Mf:M+EE
Uf+Rh+0}fR
f:MfRf
fufRUfBf%
ffffff.
fE3YMMME
Mtplhd
EEfM`f)fU=
$MUu1f}ff1f}uE
UE+H4M
USWVxE
MfE!EEEEE
MEuIEMU
UUUfEp
?fEl+E
UEfnf,fu
hf+6Uf6hM
fu*Uf)}U)E
UfMEMU1
ffffff.
f}DEDI
}Uf+ruD
fzf!fz
f|f'&f|9
P}9t9EM
O9u%PM}M
`fzff)fz9(u
\~fzff!fzD
lDlED@
pDfEV@
@0xfEKDfE=A@$|phD@4dD@8`E\X\H
DI(MDI4MpMDE
V8M]S]9t[fBf+EfEM
fufKfuM] ]qE
1D@4EDU
@ EEUEM
M;xtNEM
MqUfuf0fu!
EfEDE;|
)uuv$uuv
]UH`Lh
EpMUu}{
f}ff)UM(
Uf]MYpDR4uw
DITMfM
DvD0DvHu
m]USWV0
\$TD$l
D$X-fD$fmD$h
L$4\$0|$,T$(t$$_
D$$D$tL$L
L$LD$\L$tT$\1
T$\D$(9
t$t|$h$
3L$DL$tt$<D$
L$DT$tt$4
|$DL$L!$
T$tUD$x
${D$xfL$ff
PdPfUff
EfUf$fU9
fXXfE`f+dfdP)fdf
fufs=fuE
L+||Efdff)
Mf+dfdhMfUff
^_[]fUV@fE#E
u+EE(E
]ffff.
fEK5d@
KERNEL32.dll
AddAtomW
FreeConsole
GetCurrencyFormatW
IsProcessorFeaturePresent
CreateEventA
OpenFileMappingW
LocalHandle
HeapSize
MulDiv
WriteFile
GetTempFileNameW
SetLocaleInfoW
DosDateTimeToFileTime
EnumLanguageGroupLocalesW
CreatePipe
GetPrivateProfileSectionNamesA
SetConsoleTitleA
CancelDeviceWakeupRequest
GetVolumePathNameA
GetProfileIntA
GetDateFormatA
DebugBreak
SuspendThread
SetCommMask
EnumUILanguagesW
MoveFileWithProgressA
BackupRead
GetNumberOfConsoleInputEvents
GetLongPathNameA
FreeLibrary
GetFileAttributesW
EnumDateFormatsA
QueryDosDeviceA
UpdateResourceW
WritePrivateProfileStructA
lstrcpynA
GetExitCodeProcess
GlobalAddAtomW
GetShortPathNameW
UnlockFileEx
SetComputerNameExA
SetConsoleTitleA
PGDI32.dll
GetDeviceCaps
ole32.dll
OleCreateFromData
HWND_UserMarshal
CreateAntiMoniker
CoInitialize
CoSetProxyBlanket
CoDisconnectObject
ReleaseStgMedium
HGLOBAL_UserSize
PropStgNameToFmtId
Tmsvcrt.dll
iswprint
_wgetenv
strtok
iswupper
tolower
wcsncpy
_fputchar
iswctype
_strupr
bsearch
_strnicmp
memcmp
_wspawnl
_abnormal_termination
_flsbuf
isdigit
memmove
_isctype
isalpha
isgraph
_wspawnvpe
_wexecve
_wcslwr
_wcsrev
fputwc
_ultoa
tmpnam
_wcreat
WINMM.dll
timeSetEvent
waveOutOpen
midiConnect
midiOutSetVolume
mmioOpenA
mmioWrite
DrvGetModuleHandle
mciGetDeviceIDFromElementIDW
waveOutGetErrorTextW
joyGetPosEx
mixerSetControlDetails
joySetThreshold
mmioRead
waveOutGetDevCapsA
DefDriverProc
mmioDescend
mixerGetLineInfoA
mciSendStringA
midiOutClose
midiInGetDevCapsW
midiStreamOut
mmioSetBuffer
midiInClose
waveOutReset
midiOutPrepareHeader
waveInGetPosition
GetDriverModuleHandle
mmioGetInfo
midiInMessage
mciGetCreatorTask
auxGetVolume
joyGetDevCapsW
waveInGetErrorTextA
mixerGetLineControlsW
mscms.dll
GetColorProfileElement
UninstallColorProfileA
AssociateColorProfileWithDeviceA
EnumColorProfilesW
GetStandardColorSpaceProfileW
DisassociateColorProfileFromDeviceW
GetStandardColorSpaceProfileA
SetStandardColorSpaceProfileW
DeleteColorTransform
GetPS2ColorRenderingIntent
SetColorProfileHeader
TranslateBitmapBits
CreateColorTransformA
ConvertIndexToColorName
CreateProfileFromLogColorSpaceW
RegisterCMMW
GetColorProfileElementTag
GetColorProfileFromHandle
UninstallColorProfileW
CreateMultiProfileTransform
GetCountColorProfileElements
InstallColorProfileA
CreateColorTransformW
CheckColors
SetColorProfileElementReference
8Muex<
KERNEL32
VirtualProtect
G(XPTPjxWXt=
IZxt1Z3@3BexRn)u:-Gj<*lgO5y5=3)
Gm<*lkO5y4<3)&)u:-Gj<jlgO5y5=3)n)u:-Gj<*lgO5y5=3)n)u:-Gj<lgOCK3w.7]~U
\BY=3)n)u:}j<vmhO{
3)n)u:-GJ<9mrP65q3)n)u:-Gj<*|gO55=3)n)u:mGjL*lgQ5y6=3)n)u:2Gj<*lgO55=3+n)
.Gl<*lg_5y5M3)n)v:-Gj<*lgOEy5=3)n)u:-Gj<*lgO5y5=3)n)u:-Gj<*lgO5y5=3)n)u:-Gj<*lgO5y5=3)n)u:-Gj<*lgO5y5=3)n)u:-Gj<*lgO5y5=3)n)u:-Gj<*lgO5y5=3)n)u:-Gj<*lgO5y5=3)
Gj<*gO55=3]n)u<-Gj<*lgO5y5=3))u-Gj<*lgO5y5=3)n)u:-Gj<*lgO5y5=3)n)u:-Gj<*lgO5y5=3)n)u:-Gj<*lgO5y5=3)n)u:-Gj<*lgO5y5=3)n)u:-Gj<*ley5=izVGJ[hyg=
]4Kz+3:
-RDgw]%=cmBOey53)
?3)n(\)m
5=3dZ>"Gj<
5=3w{WR*lg_,rY]-Gje
w7wy5=
]zX3'F
%_)n):Gj4cT
va#<2(
}O^<|Tz
n]yrBm
[}`~J[J
^8["X:x$Sit
c_]`}5
$L@n}B
fRG-@2
xH@}2wSzI
u8A=lM+<!PP>"7~
34}m-C
R@XWrTI{)a]B9tq'hf-H
3.WVsZ
gE^4ng9e6
FV?e3Z
=<?)d]
mSH&:ij;L{qb%
B,v.@"=%Vw2.FV<
}%t+.8n_[,Ww4p[/>}
}u>2%;bx
YQ=,~dm
+NkO`WO66`PJczxS)
^}~WoR:P|
6ShHQd
lvAqXW$]Q
9_+Pc;c;+P{l
? W\aB0
i5{VWZJ;7eo
I@51k`kz<_~
I SNx(@ YDE0!
PjQX[I
l|%(6|N6 sA3Ae
MRDE5(zZ>$
l.f,l7F!N
Op+ss^
I.{EScF+~%C3
8kgk@c JH
B+0z09)2ol
98wc<0)i62bDUu}0$u
3Xx&79
NXMl=HS)7W=9
b MGh=pUVimTc97
]FA*-(
U?bc:O
W/DBgH
I4u="I&R`Vo^
gREZk|
= }YTKUJ2mvs@Lb
!]PUf:a:r@fFOP6u+:[N
_H3G-U|Apr:Oz
km8ceJIK:V
Y39a>)_]ckU3
`j!vSnmu
cCBPI?K~
C%*FMxl<
#Lfv5yaO1=6InB*tsaMXf.0j&s9:q\uX}QL^.
xYmh-si
qUZ5*b
:@T+q/MENRNE<XpV
K~l!@k
cM!)67t[$]
YT;=4~=:DcZJr5Ze\SY:_zqa5qzqhj:E
JF?j1KBA.fZuLe{K
kUI6A=d XWc
[aw>y@hH:5+
<&!40^6kY(MY
JCbC [
~k\5hTi;%
:}fVRK
99Nl$]j
hdFDYfu
wp|Vs79Y;A~=J{SN4>
q[uX2~IvoC4
nSBN5y};j
P4|a/-5
GHYTQs/D09}mqYaIk5
p`r(JX;
@RKUbW3(
>TXMeHWRtDT
p9xA^MLzdg
?mE=Sm
I:%NmY
z}Bwot]eq
uAzS<$&y
mV~?zI^Y}K1i>P7jLCydEJG4
Y1OPK9v
gyJ4z^>_VrJ
obuF|rMb
THIw\K
\sGq17%od9(_NK&fG
(vhG<rqv~
)TXe,dlS} dP
\qb::MzPm@<aT'[
@/LGKxSE
cE2p[Q
[_8rJ6xwB
0Bksot&;
|h wO'_"fuU+8SB{&tH o&
0!%4wHJ
_(\|p'=wJE2e8u
C*SnoHWeWiY
w[y'K+.V.a#XgB
nKTwYD\|En
|56X@J
6UkXuEx
ri29yN/I
5/hAdDT41 yy^=c$)AD
]8Ppk @|W,r
{kBdxc
F+1<<RB{R?
|r+K%'h:=
x6u[&7*s\
$}oJ{}'6
FCsz6W90
mwq%~H:x+5qi
-/6E!Rr&e
tfYyFx4TjO
yUed[;?Ltgod=m
Qf!;^X
zllolNL:6s
xFV8j%J
|r:3%z3bs_
(!U<ZIo~
8$n/*O;
A%eK^z2@&bvsI =ld
Y"FX80y\
jpx}m~+E"9
x?"gj-[^0
e(j>>J2~N
u9,5S]*
~[19(^(nU9yK
Vv%]R,.
tT*yWq_
E~6>mM~P
x84Xxx#
[PRM+J5
!Ajzb!~Th-
lq{6F2icg~MaLR3oFBY
a?O9|.XlZ#0y`dkb!]X\@hY
]tE.'+
]Ps7Ym?[%gF
7Dc>pvHi@
3; *8P
%hvd)Fq
7As~}FnZ
?1e;p5PVO)[<wH~c
mk_|.7Hc
x+9(L;wEj
xUhoqiz>=
WkT<]x
N/XKx{Of
U%E^:u
\jd.DR\"U
fc=<4er(kG
gZKB9Fs=
r6M]`WDIXAxz1zi
cTJfh(
CgSvo>JiI
pf8Ri7
T,x`shaN
P5ckmp
l`9kyPikK
cnapXk"6u
t;Pw[b@]so
.pQ7@|
:4]Gcs+c+
wrN@)3
]meyr!
y)g)a|
M}6Fuk?Y-NW?9c
Nst4itl@i+RG7Iv(&7
1(?/D'Xj/R|P8
L4}hlwV9(4Rw:t{1,U
wWsu!tVn5/o=
nQg/h;WoI~:o
s{=s3y
R09`U,=kgS
91IY2xNs]AC}trIu
t,fbLMp
?60^3L
%V=2ECy"V
Vq=zW]%'"lg!o%U4dM#Ke
yaOTV$dw\d'
Goc/q9|[g
e9n[n\
$k|3uuXsH&?
,xG/|9a
ykyPG4
we8eDKGg_5~p
^QU|)Z
(m X&}3]
.cdfzt6Sj
GDeV>o[=Oc9eQT~4MPt9
dn~vv`
\"8!}3Fe;yh1Hx
Hxk5tW5
G[H_%oD
/1U~|Y5M
[;CT;_bz#{Ph
fX iZz=
c73,euSp
dHcx5IU
*R=bI608ik
-cX'(BtpyMvge.
o>2B[WzI
9NIa^y
Ty$t47
| I_;`0uI
?}?NN,Aj(x%hkytRLU8s
v}cARXz-B
jwT#8e>>%
/av+2p?^q
1$Vh`3DNLv0Gl[GH^j2{b{6Pu&@|J=w{<7$4n8
Uz%rFBq#w6
L}K3"F
pB/nM?
8G~/j=d^1
LY[6*g
7}:[qsn@TR;r1%
4:HYVo2O?y.$bX
\8Pjd2Q0
IpA<VV;peA
&Oa^rz
OeD(E_
#}q=Yy$1)Y|V
-".N|-L
'?X;K@z5Y|ip+W#
`vcbp>t [k<-_U#
@?GByN6t5
^4{}u_9z'fJrH2Jxh62tQsx"
3|2wowN0J:g`
yv3~$?_VH
Oe|xk1x
[Wh]Uu_
5x?%8&
`g!-=iy
jd?^7v}hb-
|]n[C6
\:u{2t|`!uO+1
H%b~Jt]!
R\Q}c}ena=
zFlbuL
/AS?hw
*[s"i^ xL
[ebpgIw_
'EHL(tR0M~e
Ee4"i2G
O~=AOH
JHbDQj"\
gH+ vvku
Sm:Lz(U
S;u|JMQ
#:rdTFm]o mj
3<w3z_G8a=y
<*aJ#3w<5I6Z//
R;|O_Jm
)Y#sRyw :
%Et;R/jK
PfsPTtp
_h;^?`G+%t4~"W
; +U%gx%]9)o"[i|;/[g
ZvpWLUY/02B
_JI5:/Jn9
5|IJA4XG
&,?Pi|
{-vL$Bic
9FNf>oRM]@
aW_aJL=6
xW^;Lz~y
YBim"<
7&*.7J
]qt"`ls
/u.XWWP5{
"MNm8P
_5eB{ w>[
,|dAZ\0H`B_F{i
V{ ;_=f7YZj
O4kjCgh
XhjvU5=jjPP
"0jo:g{g=~u
B<Og=CZ"Aj^WM=4lb
Gg_&h=pu
p=E^4i`j8=)r{kj#HT
6=unqpMj" =
3(I-j+=pswj;8
ji5=~b
R=x:~jcx=pro~
nz=sjr
v]{=wIavj*
=j4hr]=)x
j|Gm=*{*j
Pjnuvg=Dje
<Pj-3CY=Ejs
VU=unvuj~=i}bWjF
e=\pOj
=3\ojlf
7|=`VDj`bvf=b
^3jnOw=f=rjk
=a%j5J
=Somj<5={
=|{jb}n=8j@Y
=fs~lj
Q`=%wp7j~o=
7HwVQj
M~;3HnHuY-fj[*gn5T=R)):LG<,l
GetModuleHandleA
GetProcAddress
KERNEL32.DLL
GDI32.dll
GetDeviceCaps
ole32.dll
CoInitialize
msvcrt.dll
WINMM.dll
mmioRead
mscms.dll
CheckColors
lQ+QQQf
UWVS|$
t$dD$\
T$L3;\$L
t$t#t$lD$`T$x
D$t#D$hl$x
D$t+D$\$
D$@d$@L$@
;s#D$H
t".)D$H+r
)D$H+r
L$H+t$`+
T$8L$PL$xf
D$\l$TD$X3|$`
D$`L$D
;s`)L$4|$4
t$4D$H|$t
D$`D$t+D$\
l$8f++
D$T&++f
T$TD$PT$PL$XL$Tl$\D$\l$X3|$`
;s/D$H
;s;D$H
)D$H+f
t$(Nt$(uL$0
T$,|$`
)D$H+f
l$$Ml$$uP
)D$H+f
$L$ d$
p4$Ft$\tZL$
9l$\w`$
BD$tIt
|[^_]0
333333333333333333330
p88wwwwwwwxwwwwwwwwwwwxwwwxwwwxwwxxwxwwwwwxwwwwwwxxwxxwwxxwwwwwwwxxwxwxxwxw
xwwwwwwwx
vhvfwhfhh
3333333333330
p7sxwwwwwxxwwwxx
xwwwxxxxxxwwwwxw
xwxxww
333333333307sxxxwwwwwxxxxwwxxxxwww
xwxwwwww
3333330xxwwwwxxww
xwxwwwwx
|GiiG||4
------
YYYYY3)3YYYYii@
`iiiiiiiiiiiiiiiiiii
MTiiiiiYYY33iiiiiiL@M
ziz-!``Tmw
iiiiiiiziiiiiii3s3iiiizzzzz
C Tzzzzzz
zzzzzziii3sszzzzzzzzzzzzzT
zzzzzzzzzzzzzzzzs
zzzzzzzzzzzzz`
zzzzzzzzzzzzzzzzz
UzzzzzzzzzzzzzzT
zzzzzzzzzzzzz
zzzzzzzzzzzzzzU5zzzziiiiiiiiiL
p?wiiiiiiiizzz5*iiiiiiiiiiiip;6
iiiiiiiiii*[3iiiiiiiiiiiic;\H
;;wiiiiiiii3[[3iiiiiiiiiiii-QiiiiiiiiiiiL
iiiizjf
iiiiiii3[X3iiiiYYYYYYYYYz!TTTTTT
YYYYYYYYY
"YYYYiii3X&3YYYY
YYY3&&3j`
#MMD]L
}1R}.7z@@zu0ZRRSz@i((((((((((((((K>(N+RI((((((((((((((((((i
i((((((((((((((V.((((((((((((((((((((i
i(((((((((((((((guZ=
(((((((((((((((((((ii(((((((((((((((=
($1=((((((((((((((((((iY(((((((((((((((($O
(((((((((((((((((Y
Z$gwjjjjjjjjjjjjjjjjjjjjwg$ZZ.jNNj.ZJ]+
+]J8gwjjj
jjjjjwg8
rjjjjw\
5wwwwar<P@+
%@wwwowwwww55wwwwws
(;wwwwwwwww5E\++++++++%
U++++++++++\Ef\++++++++|4D
>OUs@@z
+++++++\f=\wwwwwwwKlrBkkB7
U6Kwwwww\=t5wwwwwwwKWR%2&&2O
w;rwwwww5t
5jjjjjw@s
1s+jjzjjjjj5
jjjjjs;hh
jj;jjjjj
jjjjj@6r0
PP%d(jjjjj
r|NNNNNNNNN}
AVNNNNNNNNN|
'C:LQ|
+_p[MLHN+
w,,,,,,,,,
QL,,,,,,,,,,,,w
<w,,,,,,,,,
}',,,,,,,,,,,w<j,,,,,,,,,,'n)3nn~,,,,,,,,,,jj,
TTTTTTTTTTTTT
xqTTTTTTTTT
TTTTTTTTTTTTTT^TTTTTTTTT
TTTTTTTTTTTTTTT{iTTTTTTTTT
,TTTTTTTTTTTTTTTTTTTTTT,m,,,,,,,,,,,,,,,,,,,,m
]]]]]]]]]]]]]]]]]]]]]]]]]
T# /////
/&7$$H///
333O"B
@@OG0O@@@@
@@@@O0
.....@3?
@......
......
4@......
LLLLLLL
LLLLLL
LLLLLLLLL
LLLLLLLL
X6N]WWWWWWWWWWWWWWWWWWWWWW]
!!!!!!!!!!!8
! +%
:'''''''''''''':
mW73mW7mW7mW7mW7mW7mW7mW7mW7mW7mW7mW7mW7mW7mW7mW7mW7mW7mW7mW7mW7mW7mW7mW7mW7mW7mW7mW7mW7mW7mW7mW7mW7mW7mW7mW7mW7mW7mW7mW7mW7mW7mW7mW73
nX9foY:oY:nX9f
pZ:!q[;q[;pZ:!q[<x
q[<xr]>r]>t^?{m~_}_}_}_}_}_}_}_}^ds
t^?v`Atjd{\{\{\}^}_}_}_}_}_}_}_{]{\{\yZ}_gqv`AwbCqyZuUuV}`l
i}`}_t
wbCydEx{]sSc
iydE{fG
{fG}hJ
qwYoOoOoOoOoOuVe
jLy\nNpQwZ
cnvq~bwZpPnN
dplNnQnQpS
pSrV|_lLlLlMuXuWuWtWpPlLlLlLwY~
rVuXlL
yqSuXw[lLw[y]
zoOvy]|`sih
qRpP|`~cqSmNqT
oQoP~ceik
z^vXeh
hzkpRr
g3psNC6
h%ysu_
s{E u0V u_Z#x*|KI
(z&yy4+}7:1e~6
nX9@nX9
nX9nX9nX9nX9nX9nX9nX9nX9nX9nX9nX9nX9nX9nX9nX9nX9nX9nX9nX9nX9nX9nX9nX9nX9nX9
pZ;@vfNvvvfNpZ;@
r]>@vfOvfOr]>@u_@
wjeffgfffl|
wbCzeFhsSd
zeF}hJr
cy[rSsUwYy\lkMnQ
qTuXpg
dfh}b}buXx\t
lqx\|`
dvz]oo
lpJ)z9pt>yh
hBtxe3
nx|&wf
ll| tD
oG>K!tKI^'x{g~)y@
pZ:pZ:pZ:pZ:pZ:pZ:pZ:pZ:pZ:pZ:pZ:pZ:pZ:pZ:pZ:pZ:pZ:pZ:pZ:pZ:pZ:pZ:pZ:
s]>wws]>v`Bv`BzdFzdF}hJ
yc______cy
}hJlOjjlOqT}ayXyXfqTuYuYz^xfyXaayXf}^z^
_iii|\j|\iomwotr5?stz:u
r\=hr\=r\=r\=r\=r\=r\=r\=r\=r\=r\=r\=r\=r\=r\=r\=hwaB
waB|fH
nnnnnnn|fHlOlOrVgyXyYyXg}^rVy]
~_y]dzY}]h{[zYhzYdl$vlt3
KERNEL32.dll
AddAtomW
FreeConsole
GetCurrencyFormatW
IsProcessorFeaturePresent
CreateEventA
OpenFileMappingW
LocalHandle
HeapSize
MulDiv
WriteFile
GetTempFileNameW
SetLocaleInfoW
DosDateTimeToFileTime
EnumLanguageGroupLocalesW
CreatePipe
GetPrivateProfileSectionNamesA
SetConsoleTitleA
CancelDeviceWakeupRequest
GetVolumePathNameA
GetProfileIntA
GetDateFormatA
DebugBreak
SuspendThread
SetCommMask
EnumUILanguagesW
MoveFileWithProgressA
BackupRead
GetNumberOfConsoleInputEvents
GetLongPathNameA
FreeLibrary
GetFileAttributesW
EnumDateFormatsA
QueryDosDeviceA
UpdateResourceW
WritePrivateProfileStructA
lstrcpynA
GetExitCodeProcess
GlobalAddAtomW
GetShortPathNameW
UnlockFileEx
SetComputerNameExA
SetConsoleTitleA
GDI32.dll
GetDeviceCaps
ole32.dll
OleCreateFromData
HWND_UserMarshal
CreateAntiMoniker
CoInitialize
CoSetProxyBlanket
CoDisconnectObject
ReleaseStgMedium
HGLOBAL_UserSize
PropStgNameToFmtId
msvcrt.dll
iswprint
_wgetenv
strtok
iswupper
tolower
wcsncpy
_fputchar
iswctype
_strupr
bsearch
_strnicmp
memcmp
_wspawnl
_abnormal_termination
_flsbuf
isdigit
memmove
_isctype
isalpha
isgraph
_wspawnvpe
_wexecve
_wcslwr
_wcsrev
fputwc
_ultoa
tmpnam
_wcreat
WINMM.dll
timeSetEvent
waveOutOpen
midiConnect
midiOutSetVolume
mmioOpenA
mmioWrite
DrvGetModuleHandle
mciGetDeviceIDFromElementIDW
waveOutGetErrorTextW
joyGetPosEx
mixerSetControlDetails
joySetThreshold
mmioRead
waveOutGetDevCapsA
DefDriverProc
mmioDescend
mixerGetLineInfoA
mciSendStringA
midiOutClose
midiInGetDevCapsW
midiStreamOut
mmioSetBuffer
midiInClose
waveOutReset
midiOutPrepareHeader
waveInGetPosition
GetDriverModuleHandle
mmioGetInfo
midiInMessage
mciGetCreatorTask
auxGetVolume
joyGetDevCapsW
waveInGetErrorTextA
mixerGetLineControlsW
mscms.dll
GetColorProfileElement
UninstallColorProfileA
AssociateColorProfileWithDeviceA
EnumColorProfilesW
GetStandardColorSpaceProfileW
DisassociateColorProfileFromDeviceW
GetStandardColorSpaceProfileA
SetStandardColorSpaceProfileW
DeleteColorTransform
GetPS2ColorRenderingIntent
SetColorProfileHeader
TranslateBitmapBits
CreateColorTransformA
ConvertIndexToColorName
CreateProfileFromLogColorSpaceW
RegisterCMMW
GetColorProfileElementTag
GetColorProfileFromHandle
UninstallColorProfileW
CreateMultiProfileTransform
GetCountColorProfileElements
InstallColorProfileA
CreateColorTransformW
CheckColors
SetColorProfileElementReference
6�d�9�2�a�D�a�N�A�r�1�i�
2�2�2�5�6�8�5�
V�S�_�V�E�R�S�I�O�N�_�I�N�F�O�
V�S�_�V�E�R�S�I�O�N�_�I�N�F�O�
S�t�r�i�n�g�F�i�l�e�I�n�f�o�
0�0�0�0�0�4�b�0�
C�o�m�p�a�n�y�N�a�m�e�
S�u�n� �M�i�c�r�o�s�y�s�t�e�m�s�,� �I�n�c�.�
F�i�l�e�D�e�s�c�r�i�p�t�i�o�n�
J�a�v�a�(�T�M�)� �P�l�a�t�f�o�r�m� �S�E� �b�i�n�a�r�y�
F�i�l�e�V�e�r�s�i�o�n�
6�.�0�.�3�1�0�.�5�
F�u�l�l� �V�e�r�s�i�o�n�
1�.�6�.�0�_�3�1�-�b�0�5�
I�n�t�e�r�n�a�l�N�a�m�e�
L�e�g�a�l�C�o�p�y�r�i�g�h�t�
C�o�p�y�r�i�g�h�t� �
O�r�i�g�i�n�a�l�F�i�l�e�n�a�m�e�
j�a�v�a�.�e�x�e�
P�r�o�d�u�c�t�N�a�m�e�
J�a�v�a�(�T�M�)� �P�l�a�t�f�o�r�m� �S�E� �6� �U�3�1�
P�r�o�d�u�c�t�V�e�r�s�i�o�n�
6�.�0�.�3�1�0�.�5�
V�a�r�F�i�l�e�I�n�f�o�
T�r�a�n�s�l�a�t�i�o�n�
Hosts
| IP |
|---|
| 114.114.114.114 |
DNS
| Name | Response | Post-Analysis Lookup |
|---|---|---|
| dns.msftncsi.com | A 131.107.255.255 | 131.107.255.255 |
| dns.msftncsi.com | AAAA fd3e:4f5a:5b81::1 | 131.107.255.255 |
TCP
No TCP connections recorded.
UDP
| Source | Source Port | Destination | Destination Port |
|---|---|---|---|
| 192.168.56.101 | 53179 | 224.0.0.252 | 5355 |
| 192.168.56.101 | 49642 | 224.0.0.252 | 5355 |
| 192.168.56.101 | 137 | 192.168.56.255 | 137 |
| 192.168.56.101 | 61714 | 114.114.114.114 | 53 |
| 192.168.56.101 | 56933 | 114.114.114.114 | 53 |
| 192.168.56.101 | 138 | 192.168.56.255 | 138 |
HTTP & HTTPS Requests
No HTTP requests performed.
ICMP traffic
No ICMP traffic performed.
IRC traffic
No IRC requests performed.
Suricata Alerts
No Suricata Alerts
Suricata TLS
No Suricata TLS
Snort Alerts
No Snort Alerts
Sorry! No dropped files.
Sorry! No dropped buffers.