1.3
低危
62 个模型检测该样本为恶意!
重新分析
更多

21bdc250985a2f92b6b46cd2cfebcfa8414424c541f78f2efd8a03f871d9af41

21bdc250985a2f92b6b46cd2cfebcfa8414424c541f78f2efd8a03f871d9af41.exe

分析耗时

194s

最近分析

364天前

文件大小

59.5KB
静态报毒 动态报毒 CVE FAMILY METATYPE PLATFORM TYPE UNKNOWN WIN32 TROJAN SPYWARE POSCARDSTEALER
鹰眼引擎
DACN 0.12
FACILE 1.00
IMCLNet 0.82
MFGraph 0.00
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
Alibaba TrojanSpy:Win32/Alinaos.4771a9b0 20190527 0.3.0.5
Avast Win32:Malware-gen 20200521 18.4.3895.0
Baidu None 20190318 1.0.0.2
CrowdStrike win/malicious_confidence_80% (W) 20190702 1.0
Kingsoft None 20200522 2013.8.14.323
McAfee Artemis!7824DD5EB159 20200522 6.0.6.653
Tencent Win32.Trojan.Generic.Agky 20200522 1.0.0.1
静态指标
行为判定
动态指标
该二进制文件可能包含加密或压缩数据,表明使用了打包工具 (2 个事件)
section {'name': 'UPX1', 'virtual_address': '0x00057000', 'virtual_size': '0x0000f000', 'size_of_data': '0x0000e600', 'entropy': 7.906674227948282} entropy 7.906674227948282 description 发现高熵的节
entropy 0.9829059829059829 description 此PE文件的整体熵值较高
可执行文件使用UPX压缩 (3 个事件)
section UPX0 description 节名称指示UPX
section UPX1 description 节名称指示UPX
section UPX2 description 节名称指示UPX
网络通信
与未执行 DNS 查询的主机进行通信 (1 个事件)
host 114.114.114.114
文件已被 VirusTotal 上 62 个反病毒引擎识别为恶意 (50 out of 62 个事件)
ALYac Gen:Heur.Mint.Zard.1
APEX Malicious
AVG Win32:Malware-gen
Acronis suspicious
Ad-Aware Gen:Heur.Mint.Zard.1
AhnLab-V3 Trojan/Win32.Reedum.R332664
Alibaba TrojanSpy:Win32/Alinaos.4771a9b0
Antiy-AVL Trojan/Win32.AGeneric
Arcabit Trojan.Mint.Zard.1
Avast Win32:Malware-gen
Avira TR/Downloader.Gen
BitDefender Gen:Heur.Mint.Zard.1
BitDefenderTheta AI:Packer.501CE3CA1E
Bkav W32.DownloadGfakC.Trojan
ClamAV Win.Trojan.POSCardStealer-6
Comodo TrojWare.Win32.Spy.POSCardStealer.AD@8qcspw
CrowdStrike win/malicious_confidence_80% (W)
Cybereason malicious.eb1596
Cylance Unsafe
Cyren W32/POSCardStealer.C.gen!Eldorado
DrWeb Trojan.PWS.Banker1.8391
ESET-NOD32 Win32/Spy.POSCardStealer.D
Emsisoft Gen:Heur.Mint.Zard.1 (B)
Endgame malicious (high confidence)
F-Prot W32/POSCardStealer.A.gen!Eldorado
F-Secure Trojan.TR/Downloader.Gen
FireEye Generic.mg.7824dd5eb15962f3
Fortinet W32/Spy.POSCARDSTEALER.D!tr
GData Gen:Heur.Mint.Zard.1
Ikarus Trojan-Spy.Agent
Invincea heuristic
Jiangmin Trojan.Generic.esysp
K7AntiVirus Spyware ( 004148c71 )
K7GW Spyware ( 004148c71 )
Kaspersky HEUR:Trojan.Win32.Generic
Lionic Trojan.Win32.Generic.4!c
MAX malware (ai score=82)
Malwarebytes Trojan.Agent
MaxSecure Trojan.Malware.300983.susgen
McAfee Artemis!7824DD5EB159
McAfee-GW-Edition BehavesLike.Win32.Generic.qc
MicroWorld-eScan Gen:Heur.Mint.Zard.1
Microsoft TrojanSpy:Win32/Alinaos.E
NANO-Antivirus Trojan.Win32.Banker1.ebnywb
Paloalto generic.ml
Panda Trj/Genetic.gen
Qihoo-360 Generic/Trojan.31b
Rising Spyware.POSCardStealer!8.644 (CLOUD)
Sangfor Malware
SentinelOne DFI - Malicious PE
可视化分析
二进制图像
数据导入图像 288x288
数据导入图像 224x224
数据导入图像 192x192
数据导入图像 160x160
数据导入图像 128x128
数据导入图像 96x96
数据导入图像 64x64
数据导入图像 32x32
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

2013-01-17 12:22:17

PE Imphash

e59476c2f511174da844d6431fd827ff

Sections

Name Virtual Address Virtual Size Size of Raw Data Entropy
UPX0 0x00001000 0x00056000 0x00000000 0.0
UPX1 0x00057000 0x0000f000 0x0000e600 7.906674227948282
UPX2 0x00066000 0x00001000 0x00000400 2.652307559358649

Imports

Library KERNEL32.DLL:
0x4660a0 LoadLibraryA
0x4660a4 GetProcAddress
0x4660a8 VirtualProtect
0x4660ac VirtualAlloc
0x4660b0 VirtualFree
0x4660b4 ExitProcess
Library ADVAPI32.dll:
0x4660bc RegCloseKey
Library PSAPI.DLL:
Library SHELL32.dll:
Library SHLWAPI.dll:
0x4660d4 StrStrIA
Library urlmon.dll:
0x4660dc URLDownloadToFileA
Library WININET.dll:
0x4660e4 InternetOpenA
L!This program cannot be run in DOS mode.
9fjfjfj7(ujfj
~jfjfjfj
pjfjRichfj
M=mQh(8j
69jh+FG`ndp,
AVWPFd6 uh/
h}ixj*
$U$RM)x$
*W PQ@U
T,St]Dp;
284$TU!-
%uA/Xu
'zxWFoF
'[Tf;t]
@LP"r Q3{z
ueFEfW,}
lu+Z;v
@7PvAu]
wB_F@`
^&lpol
Wc&Shp%Jxh
LYPTDd
(C$rB[
L%"VJWB}
fm+=6x
`g{3;b
PQj[TS~KhlABh&?
+r m}JYmPRZAY>9}te
>f_>PeuVm
whu0J1
`XtM[_
G.3t>4{
9m+u1$
p\rl,#
=d$wO^<x
'?##VV
vj4<K=4
6E4PAY
fh(@rZ|
P0`)*dH
OPJ]0L%6H=Rdh e
!#IIRhL
2+sQh,
QM"(g[,t
FukLl%
GuQy2)
L+y>t\
NQ@^{R(S
-}RoGS\
0SPWG:2
P@93u8
|`V3%G4
q.7fVB
$q.(_D_
INHSh:\*
S Knk5hs
4h%5/q
oNv$6W:otSVHpl+R
;5Tt#V
/_HFAT3,
rdg@R%Nw
(D|",9xw#P
ZD:#l[
foKh/@Yp$c
<S+H'^SP
>];wY+
+=((F8
`0u&NI
y@1(hj0h
8My(Z3Pj,d(
VhdZ8<i<i\+U<
^SW[kpb;
X;n![U
4[iox^
y?twwVW9V
bQ`87{Zs
oU_:a3pG
.uc /vB[
k'SEc@D
n!mX49g3a
!V@)%Z%
}o8,ho9su.
mpc3@}o
5^%|VM
<+*`+
+)=xLp
-EE@vwX
[`rBIl5N
,}8FE(?
A)S/DA
a\TmRFZ
33WBM ^
F4<^u0C-
GoG;}r
$VSQE
VhtPjCIXh
4Bn~P/,U?hS]
-qDR3c9_6
:8Z<Y+I
p5T8Faq
<#WP3,@{
O <].>9{\F@a
ip1ER0
a/`ge>22
;E9uNJ/j+
8#k&9e3$5D\a\
*'0p#4
p5\@;5`
:4VB;o,
WeL60h
$81vX4;>'Y
<T$$dUo0lX+VhD_)
Qg^m~:LvWh
sm=iwc
yawp|v~)pS
1*SFbS_)et
u7)ui
+:YiH$
*5rYA
78}x0sa=_
+@Vv#f
}>?;Q?
+S:wZV4
4%#&|r`+_
J:+8X`Sbhm!G
Ur.u2$4@
zcm4@wwC
kcQ_^u
m0QgWR}W
;H(j%tt8
>2~P5w
UYr{n|W
.D|#ZF
;y+OB/_
;u`hpT
A[D,VQ
p/#u&rP*
6]@~tM
>EMJ3|}
zDw,DJ
b.V0P&
Dnlm)]u+E7*u
e0]8@W2&*u
Qu7255W<V
H`{W"_vhL<
d*2;2u#
/8?C-I|S
z9I9-#8]
V!Q$r
5NLVPq
Zim~<:
8_Wz'4~=W
${hI6$
^"n)EF
%0@Zp{f'St>\
u4;k_B@c{ug
E0*-?j
AQEhQW
|>x<xx
'l$^(F,6
D]w,m)R
pppqPTypPv+xtCbA
HWJHO~KQBAG"8
"4\e,Z;tlY
VBRj7ZPWU
:<,/ap~
n'Wdlj0
pCoeQ{
@=}A09bu
)p/X<TfC(6(,
9P(ycm2_7
nZ38%vs
+F+rbU^
TAfAgA@r}~
PAW4|E
unz|B'
T/Peg&D^F
`%)!@uk8
I2rhuPU|
{2X\u+@
V0p$0Kr+
pXO4CPO^WJe*jta<:
G|#vRy
@PPVEO
_F#40E^N
QV6 1F
TKNDB<FH~EU(
]_1dvS+
LJC?.+
@nxVaZ
V49=Nn
-}BXcZ
N<9+p$U
KX>^,#*ps
`HqL$
P.wkXpR
7F4?.rl
}N50(jZiZ)|r
PRVl-!p|SL(
;PRc_(
*7wi2(
|vu/Zv
gzK yt
p"(P,U
,4INr|
t^oi]~4
Hb~.448
BArxL@
b`C_`h
](-/vu1
uBkxUR
p779uqg
NY!t(43
:"eF71
R0dVUK
!DH6(EP
pi<{<}Dy
`dHkvB.8>L3
buOw|}S
{}f\BuV
y]oE44
I(9{<L)P
rH$\*tW
+tR?tMH
O_].!vA
8~TNFFpqfO-4n
(F/+yx(F(
yF(Fd8|
EP(xY
{QoGv4Q
3t$+.C9d}
~0;63
(_k;3t
gk&9G;z
+dd~?N
9</4,&(%
w10bs!&
G_|~/q
u0@n;|
++3_;^
u_*W}9
1vr$L}
.QUp#}[M
vxc8]$U
Dp+Ae:N
E8Pb?&d
@ d@j=
0J|2PV5i
n6 X}+
UekZ^JeN#f
Q':^QSl!
?8 td]
"P0n#_e
_WLBaVQu^dj
W$>.A)u
Z6?uTu~
`F8DZA+
L(S(}t!_
Gl@rP?
@ tTj
#,P\GqO
%IL6F@&"*
f^<F>H
MgOPYP
",Bqd&(,
B@ $V,*
{ 8%sm@TO<Pg
XMu86~Mf
~'MqYK=L./a
jN<L<r2
?;JBA}<xu
PWK<uO
\#FNYW
m.PXWP4dc|
X+j,5-3
(N.VVNN#
(r6p{5
sW'0Oy1PzhzvS]
wu&h]4b
p<wQ5P
\:DK?Q\B
RY{<\b8
(B['*
X.[A$.
@<i.SVEl
Dqu#fN<[tJ<\t7*tB<|t&^t:<$t6M
#<+t<?$w
z;6?6/
V6j5;4
*;V^p:
)fw&G~}F_
_Q394Xw u
p4W]OqNqr
SS2T#]
x3,WP3
9VNj@=14Cg
Ut];S;tN~=
u0.u?*P:
5:u<84
PZE`R5i
w(I=^;)5H
*z\xQl
BNqP*5@T~>0ENL\
oKP1tE~0
Xz+WQPP
Qv:l+RP
j!pXP6
k:RMNc
,.;s*UL,;M7$
F'aK6bD>^
8BaZ6PQ m6\_
d%Y<6B]
w#vydf
d+.46n
v~D&hGi02
|L XW`+;+pJU
JTUp'X
y?s EP@e
~A_V\!C@\\!LL.
A&p`wfJF
7<^PhCmAk
!]S4EX
{mAQhnn
!cHUU_?@
Y&D,?0/"uSX
^If4v4
.;unVy+
A`|i[V1
2PWDy'lhSV
#2a<Vp
T}fp%vu
Nx(<W;s
WSC$I$)V
WW 54
}8t"z
QS|UKd
.+=s!e
&BE,^Pit-VVh
u7P71G
UD8;Z F
.$^# <
DDyxyS
#F#nUa
W1|9Wp+
OHg"iZ
h5Xu%-Y7pHpf
8 Sj\TY}P]9]
MVtVBE
>B(4,O6Xx4
@woVWp
dZD!aN@P
p{Xd+]`\X5:W
*>t/_xP4@
LY;^*iQS
.tS73ZO&XbH]Qu
*]d.l&HW0T&
#N/@X"
T[B%u~a
ldDB^?mTT
|LtVQ)u
:uWG 88tyJZ#2t
@$$'/(
ptpu)v#
g*TY;i<Y?qE
`8U-=\UG
yB ^0h_+}S
jhz#8*1
FFtLsS+
k.mVub
#PE/GX
N0'{yHl
Y|QLB5<}KnZH
_iwS+.@
fMPB(Q"f8e9k\
)+uLxSt
?qj@nd
Wmc[cXY
=d5? nV
&d^a$Y,
(x0@:r(Z
aJh4,v
ft`6@&\2$
x$&#UJ'o2hu
L:z@pO;
NhM/;t
QnQ7<-0
xuPdCz+d
SHHCBekN!wy
&3`9h9a2
t)n`<.u1~O0*j
h@MQw;
C.t|PVj@n;B
8shBc6
OA>CDG
nChU]0
w++hLF7
IZ[H180Z
|>utFC+
LQ^<~H,Z'Ss
=:Y}-Th^Tk
-X[h)k
>CuS~uMh=%
,Vh*XN
TL(dyl:-PSQO9
QA]CWp;
3JPhQxOQg\
dRX8a8QtLuA(Q
("d^x:
-a|<g>#}
z{urTv
f#`0Po>0
F0%/(K
8Lv0yiw
&MhTEU~-
Y9;\am&~C
DWS:V9;!s
E3=IU=ft
vs!pC7@
0&tCk-'j
`lqSP
p6h[^G
wP)|afpL
Afo-rH
8d?&;,
@Op4TJu
X];~RN
:v&``HnhA4a{\
\~@j3&Xr4D
MQ!xdOj
r3?"1SW\
1qiM&0
P;QtiQ+O<
N+yF/@
T^ tm{STu64M
5&<@ysI
TNpi\<H^PrS*'
LjjcAD%3AM
uyA yA X
{9AUAj69A
Tw%UpL+yfW=
+SD}%7A:V
ud5L.IN
<f}fv$4o=Xh
^_O|]v
~.8]t)^
*QW@ov
LwQWPzY
(H?HMRL2
.-o f)8N
Xp<$M.
7W;~ILfI
47`~C70
4 ;;'@p
1QHJ3\3
qdSQ/2X
XA]=X/
3cY{'9
vVdG2j;)G
fUV]-d
"HqD X
i8hH~G
W2Y"(4h`ey06H
^0'3s
nPv`~p0g&
`H5jyH
Kf/ 6
4uR?0h
zh<]i.
/W$75(
WPu`$FlM . 8t*yv.
8YBMsJB
'$B<Xw
`nn_ItU
w<3C26;
ou8MxX
tv+H.r
H;n=Ku
8OK+Oet
\$&Q(q+74
nt(06o
#t3~=#]PViQ
|)\/H=U
X0GWF^d$s`e
lQz/pVC'
~O;cRpA
!i|nz2("$
=mt-RPf
0@?If.
Xa(Ume
u':~! O9-60
K1mu#9-8
~wAz@*]O+
S%ll,ZjL
- cD@!L=
ZwlPi:
\izoCCf'b4V
4hl4ot
A1_@*<v*
~h\,VW/
fJ6xtz
Lil\>K
9nr:Z(u
aPPNjs6
35W*E Y{
!XjfMHb7
6t(5N],>
h2V:gbq
9csmu)
X/$&P"^
lqE79SO
%}7\hXf
C<Flj%
t:VS>dT
r <@x
rDH\=x
vlH#WY;=
dJGYoA
7^_ypn<l<
0'NShM]\$|
zj>@pO'
D|S_f,Su
zE`6^]`
~O`pG`.u>
4tMdGd#,|Ok
;\Ek*j
zuxVV{n*MHz
XFVPE:
+mpa(w!9et/1N**V
pk3HD&&
(;r{Cjh
BxM1Ep
.-'P3|
:@$n*epRIgX
3ta-$Z
@+j^pT
!* 0\\(5M
^ujvb~
wWhDA
6.VV{IGh[lV=
vxENLA<Du
EMihq
~Xw}E0=
t\hbp|4n
OV"zW$I$7CC
u`7D{$
VFB)h>
"3&NTZf1f0
@Iu3P`S
K%bq_haV*d
<=OP^h=;Z
0%P fDfkS
5-lHecO
'}?Mc8~
hP$yuDF;4
(W8Y8uVQY'TY
@(2 W]
*5Fpt"~
_"lVem
Xke;sT&+h?
i8k*XeUQr
;'CCwN\
2^`N`x["v
[gj$~\d9bnN|(d=
Fd~=+\
A>=.=2
..$<+"J
FFTV@7
u$h<=w}
S3a<$f"T
U?VSP)gGlG,
[;S,Vg
L}@` 2
\t[&ut
04FX%Z9
!BFS75b
zd9?s>i
)U|ajgXFwf93t
tJ@YN<
*@`-LV
j@j ^VS)
)8Fs6@nJf@Lw*
*ZptSWMl
G]/|5}
<3tdO{#
|#aRG`dwB
=RCCt=MO
qfk7;u
|A@45x"
s\.<h5S>$
N82TZO,
.bAn#$$JBx\@8hAM*,O,"A
|X@q s
yP||wIP
~+w;u
:JPyM!
YD('LRcrB"8XoE,
8~f#O^
GN~A;L
&.6ah#k
>AKB~<F
J<xNU1
FJ>@SAw
/R,!!Up
lz;LI
F56{e8L~(
/5HtHu4&2K
4wqu1S
"@3@)eech
0*~;L7
V,'^G7EV;
*#s)V.
rWAJZ;Msg
8x;7|G;p
1FbCig
[%p\,Ya
A8]hIDAe[L(
8@9FwZ.
Vs\XTx
yVFkb$6
P3v&C(T\)
/R_y?
rXtR99
y0r,9Y
P/4$2:Z
`\i $3QC]Y
XBlc3R
&6M> Vj7S.I
*$+S&M;0U(,,+iC&-0.H
f8D<E!i@FDG
fHHHL!iIPJfHTKXLi
\M`NfH!dOh
8l9pH!i:t;
\@A\rBC
(]-Wr)eJe1 .S
}-2 !34
\67.Wr
eH,%!-.\r/0
D|WrEaFR9$-G
2& 82$$9(H!a:,-;r
o0<4=eH.W8><!
?@@w%DAHaB
(T)[2S
\ `vzSL<
8<c@$@99D
HLPN.89TX
\`NNNNdhlpCNNNtx|$yX
L2$$dI$
dIdI&I&
$dI&(,0I&48<I`@eDH$L;LPTL2X\`
1r3k0b/
v4;5LV.P
!x7EyjP;o?u
S v>Sj
E}6:pi%1
44 8LH3$<8P3!E
LHXD\H%
!IJ-wFC
PK3$$Q(
"v0U*T'6$+U,V
I-TW.&R!i/S8a
I3$m@&
x4 Hp`f
.700@:
;w@Dw%e
&>e~l
)FzQ+&
?ff;P1a&
rUFfAB<
M1jxP`
!8kUAY;
=ti6gN
aVPUZ;J
n[Pu!q
yMVi*Q0$Qu7L9^
@`2Ju47
Vu`I~UG
;2=%@
h8v$lL&b@g
wQ7 vWj@h0
p;RV:&b90+SD
BFV5_!
l1#FoE
4h=yuk Vh
Ry:QuMP
<u7y&u!
^r{1.F
<?<2(gMd
zFQ+dt
H-2=Xp
URQhgq0
d)%+0C2KZ,3
;v.4v\
b?e :Xm
rhp;lp
CJf&^L )
4QBal4^
~pjY[Q[A+lZJ4H8
B"A6e]
<YIYq[
/uZMES
9HV ttmE
PF4^igZ`v@
P=\>%y]%,)N
NsBYvDs4
IGY3nj
${~BG=
tqJ;mL
@8,Ot)
dH0;s&CAN-Li
e(^+(#&CO
ukJ;'+!;`@lu
vsdh^yCT
+Mew8ulW.MD-^9
!xq1h@t
$V57Db1,
W[(j^BWm)J
BG}sN5a
< VQxc
i Pec6B=
P|wx:&
<cj& 3
|lj bqd
NH;'d^ZM
dLAgyTV
BSnDZr
UZH@fST
h1C.:X
Wt?Ph;
6~;t)>"@7v\3
}N'"+.
4VH]`@
(FyH\0;
~EpKx^
P*GK 9
q?"e=+
\]z"U4!
$R.tlQ
O,8LQ<
kQPXY0
0yAAApHu
A@[XJh
AJ)4Og
S]\A9MD
!I',"w
0#nbC;r
0@#6<0
CIw^Q@5
0dpRNX
~%C'f| 4[NR\
: ZE_;er 8^
2-tA7f H^lrH
{Gn=P'f(
_};=n(C}T[9
|(MB%g#4Q
t9`>+~,WP
$YPpJ`
BQ98X|
5w$YE<F0R
*j?WVS
t'#0F:r
y4+7&L
=xy<hy
4K*&1pYH K
ASL!ry
hy,N@wA y
e`M0:O
\+)jJq
gw{E&,
dco),Gd6
9p`U_d
O3BZQ6#a4
s.+=9|Yt@v$0
<[<i-L\A(
-=BV%>!
=;M+h8
8h(\I
|;<@P`p
.R-d;wr27
bad allocation
gregular exp
rrorx`m*
XGUC~QUnKknowncep>};
ExitPcvFm
LC_TIME
NURI {_
MONETARYCTYPEW
]OLLATEA
O.?{y@
BX-4LV
 !"#$%&'()*+,-./0123456789:;<=>?@ABVICDEFGHIJKLMNOzSTXYZ[\]^_`abcdefghijk
lmpqrstuvwxyz{|}~
lQQA?1
u);5(null
50nQ 8PX|
`h`8px
tf RsG}ML.cd'fmwWhs
sb9hy"Vuig
av?inO{3>lzOo.
Od>ce{bg? o7.p
c.2I{ov
m*sSkx
nO-#;>lzd/*p:rz
F'aS88nG{j_
sD'MviU\
2}wnbt?
m1aeCT2]/r3
]_"xs/
K.Xc8ux
"miFrd
:_daUa
nF(/sR
gmti8ag
!`x<<y z
E#!P{p:KJnN
LFlsFree
.SetValu
GA]7<WH
///#_'i&P
{-su'oa#
_G/ml
uCs'W}
+OuMmgS>l
:mm:s9=d
ADecembeNov
z)Augus0hJul
nApriwf
wgFaturd0
wo_O9G?
<BLVj:A`]@i4@.d-
kingdomjtrinh& u
_agoFsouthDoa%
Xq lpak
ZF~r-,r-
ew-zlh
l'gt ]~&bxj.engcxX
f@gNsp
z^l'zL
0 iN6'$
{E&ai'<ma}-ki
cKGmod
bnxJn
k.duhs
ag s"Var'cu
D R=}'iaZlGbCAmivDgOU6Et/p8gehV`LzpNn.k
kOip[}-irlm#
<lux*N*
lK3<'5agb
jCf<ireii
_a'mpT&
$e+ENU
PR~SVK
h\HTTO_`'8(O _
Oe Object L
kC|8'7la HS
D[ScRp=
rFy'']
{7>*Type`
h ^m0prd:`mgeWo
v0copy
T8dy($
[`zdeKf
H;`eh %!UW%,
5*FaZ=N
allsig
udHpnasZ6;F
pb i`jRXE
aosdBC2/efault
c{of7'yc'f
|&<5<<=
-+wO*G|&^f~
+X4:38z
qw4O__ul3
this*dGpag
<th`Xi>L@9804fP,($ <
xl|yTH4
|thX<<
\<^y i
00P*('8PW}
"OWdowSt+t/q.U
r!cuInm1WgLEUA0iPup'
MBoxbkHuU
_eDebug
pF*gxGo l>5
d /pti_dwm.exdw*
jhfw+k
PwGgpSkm}cBr
numXn`
vOteam
h2m3MrOui*
qw"kac8/
]pG208.9
63.2286uwht/0mEsS
v(4*=%s&b
7zPOSTSubmitkE
zSUCC~.\:
) ->0gbv
FAILEDAlM
U StXOpn fattp^3
cE://g~TTP/1.1
a/o-kP
}:Ox-w
4@6y(S_Qw
ATUSxDE)
K.3ygh
d9G6790hfC8
*`x?
uldn'K1
*(fGlD%d'_fV{Wv w?gU
d-URL&V
6MeFNb/SnTH&S6cFZ
[Ph..&oftwa
\;s\Chr\R
Nlp32 sHpshv
6Go \k
wiPROQ;
INFORMXION |7T4
Hki:o3Xd
[nWFG0KP
X;# pw8
56<p.a
4`hp=7
SxTu6t0CG.wN
KP@Qiu:
b<zOjfq_&
gL0Bd-L
fJ7,;-lX{mP!
f$7&n_S;9
ifL^$0Csm
^[W <%x>]=<4
Zv$^.*+?[]|\-{},:=!&j
(&Bb`]?)[_(0-9]{13,19}A-Za-Bz\s$0,26}/!D(1[2}d)(0[1
=qmoxw
"MO%^F!?;/X
umPs_#V`+_VB(
2wcwFw#o
`ep5)/e)w}<T>B57
prOex
r\ @}oB>
@@w<%dl
G.o'x@.y@xB
$oy.\lx
@P\0[[ oT
$ lN4@
[[oOp'<
UKNw(No$
-oOD'JkgD
"x.d' 8gd'B>
0P<p+y`ci>O)r4
|K%B[@G0AB4
=fW?g{']g
/`Om@?
'O7"?>-
MT>AA_:
p4Fi8q?D;o;'C
@7 ,@9`
"_o5@4'yx
~nJHd&W@;
Sg^y/i
rrra\r4lq
c/BN.O&9%
!n\b%#/LlHN
w gSr
a/'%'H
N#'9hXx!-
!,y7?B.
"y$^r2P$H
)^0IQw<H
Lw@dHPX
Nr6Eg,rJN
]pN GN`@I
KB@x.?AVTgth_Jl
@@?6&Q_of_rz?9
;}tr12H
EG_~cP@gEL?
Fk (c) 1992-2004 by P.Jau
Fc, l2~*3Dinkum.DLJA
RIGHTS
$jRV%"<_fo+
8t/!5ACP
nWYl/mV n'p
)]pr;
_j2Fd)r1~#Cy>
\XTPyLD<4(y
<<|pl<h\H<
yyyxph`X^P<<H@80(#
<xphT,
WlGO7)ph
yxl`TOyD8,
"@?$_N!4r@D5RGcJ
vitsm?`n-
[{if=E@
]-GbhftWca&p
(_groupTp
'Root_nX'bO*NGKZ.coDDkcO?
U3f%b5t?f
Cmec(t
`wcsQD
eCAA&s_
A]n328rstT&(
1C5ALin
Z%QnAVLP
LC*:uTK^*
L@v+E!hk+V
o((xsWow64+EVu0E
0AQpukG
{=AddrqN@
nmWnso
5rCPs{WPoi
1`WV,
88UOSy[1
uD}LCID
:nas3[wl
kedc6D;+Den
VCa(PW;>nXap-b
`RaiE<F
tlUnw2KTeTMiBy
VWL`h8,P
D9RlP92#
F<u.5-H`gdW
?W[+,j
Jk-I1;
"*R6Wnr?Aw
axBufft"
:j6Vok`
<Ke&AWbup=
KQp"g
XPTPSWXaD$j
KERNEL32.DLL
ADVAPI32.dll
PSAPI.DLL
SHELL32.dll
SHLWAPI.dll
urlmon.dll
WININET.dll
LoadLibraryA
GetProcAddress
VirtualProtect
VirtualAlloc
VirtualFree
ExitProcess
RegCloseKey
GetProcessImageFileNameA
SHGetSpecialFolderPathA
StrStrIA
URLDownloadToFileA
InternetOpenA
9W#U@h

DNS

Name Response Post-Analysis Lookup
dns.msftncsi.com A 131.107.255.255
dns.msftncsi.com AAAA fd3e:4f5a:5b81::1

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 53179 224.0.0.252 5355
192.168.56.101 49642 224.0.0.252 5355
192.168.56.101 137 192.168.56.255 137
192.168.56.101 61714 114.114.114.114 53
192.168.56.101 56933 114.114.114.114 53
192.168.56.101 138 192.168.56.255 138

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.