1.0
低危
59 个模型检测该样本为恶意!
重新分析
更多

1f3a41b425d0b4b1f85cd9708f8a7b592bb3cdb979059f5ad229df8eaec6972e

1f3a41b425d0b4b1f85cd9708f8a7b592bb3cdb979059f5ad229df8eaec6972e.exe

分析耗时

194s

最近分析

376天前

文件大小

206.6KB
静态报毒 动态报毒 CVE FAMILY METATYPE PLATFORM TYPE UNKNOWN WIN32 TROJAN WORM MATITE
鹰眼引擎
DACN 0.12
FACILE 1.00
IMCLNet 0.74
MFGraph 0.00
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
Alibaba Worm:Win32/VBKrypt.759eb37d 20190527 0.3.0.5
Avast Win32:VB-ABDC [Drp] 20200830 18.4.3895.0
Baidu Win32.Worm.Pronny.d 20190318 1.0.0.2
CrowdStrike win/malicious_confidence_100% (W) 20190702 1.0
Kingsoft None 20200830 2013.8.14.323
McAfee VBObfus.bn 20200830 6.0.6.653
Tencent Trojan.Win32.Koobface.p 20200830 1.0.0.1
行为判定
动态指标
网络通信
与未执行 DNS 查询的主机进行通信 (1 个事件)
host 114.114.114.114
文件已被 VirusTotal 上 59 个反病毒引擎识别为恶意 (50 out of 59 个事件)
ALYac Win32.Hematite.C
APEX Malicious
AVG Win32:VB-ABDC [Drp]
Acronis suspicious
Ad-Aware Win32.Hematite.C
AhnLab-V3 Trojan/Win32.Diple.C129062
Alibaba Worm:Win32/VBKrypt.759eb37d
Antiy-AVL Worm/Win32.WBNA.gen
Arcabit Win32.Hematite.C
Avast Win32:VB-ABDC [Drp]
Avira TR/Spy.Agent.155646
Baidu Win32.Worm.Pronny.d
BitDefender Win32.Hematite.C
BitDefenderTheta AI:Packer.A16D527520
Bkav W32.AIDetectVM.malware1
CAT-QuickHeal Trojan.Vobfus.gen
ClamAV Win.Packer.VBCrypt-5731517-0
Comodo Worm.Win32.AutoRun.AMH@4owee9
CrowdStrike win/malicious_confidence_100% (W)
Cybereason malicious.3960ae
Cylance Unsafe
Cynet Malicious (score: 100)
Cyren W32/VBInject.AM.gen!Eldorado
DrWeb Trojan.VbCrypt.60
ESET-NOD32 Win32/AutoRun.VB.ALR
Elastic malicious (high confidence)
F-Secure Trojan.TR/Spy.Agent.155646
FireEye Generic.mg.825daf93960ae949
Fortinet W32/Virtu.F
GData Win32.Hematite.C
Ikarus Worm.Win32.WBNA
Invincea heuristic
Jiangmin RiskTool.StartPage.km
K7AntiVirus EmailWorm ( 0054d10f1 )
K7GW EmailWorm ( 0054d10f1 )
Kaspersky Worm.Win32.VBKrypt.be
MAX malware (ai score=84)
Malwarebytes Trojan.Downloader.IC
MaxSecure Trojan.Malware.300983.susgen
McAfee VBObfus.bn
MicroWorld-eScan Win32.Hematite.C
Microsoft Trojan:Win32/Upatre
NANO-Antivirus Trojan.Win32.WBNA.covjvu
Paloalto generic.ml
Panda W32/Vobfus.GEW.worm
Qihoo-360 Win32/Worm.4fd
Rising Worm.Vobfus!1.99C7 (CLASSIC)
SUPERAntiSpyware Trojan.Agent/Gen-Vobfus
Sangfor Malware
SentinelOne DFI - Malicious PE
可视化分析
二进制图像
数据导入图像 288x288
数据导入图像 224x224
数据导入图像 192x192
数据导入图像 160x160
数据导入图像 128x128
数据导入图像 96x96
数据导入图像 64x64
数据导入图像 32x32
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

1995-11-19 10:15:48

PE Imphash

232419d4eda0b7d19201ad9eeb34de42

Sections

Name Virtual Address Virtual Size Size of Raw Data Entropy
.text 0x00001000 0x0001c950 0x0001d000 5.734213383306538
.data 0x0001e000 0x0000062c 0x00001000 0.0
.rsrc 0x0001f000 0x0000d000 0x00006000 6.190277516976027
tfwqyyy 0x0002c000 0x00001000 0x00000000 0.0

Resources

Name Offset Size Language Sub-language File type
RT_ICON 0x00023180 0x00000128 LANG_NEUTRAL SUBLANG_NEUTRAL None
RT_ICON 0x00023180 0x00000128 LANG_NEUTRAL SUBLANG_NEUTRAL None
RT_ICON 0x00023180 0x00000128 LANG_NEUTRAL SUBLANG_NEUTRAL None
RT_ICON 0x00023180 0x00000128 LANG_NEUTRAL SUBLANG_NEUTRAL None
RT_ICON 0x00023180 0x00000128 LANG_NEUTRAL SUBLANG_NEUTRAL None
RT_ICON 0x00023180 0x00000128 LANG_NEUTRAL SUBLANG_NEUTRAL None
RT_ICON 0x00023180 0x00000128 LANG_NEUTRAL SUBLANG_NEUTRAL None
RT_STRING 0x000232a8 0x00001032 LANG_ENGLISH SUBLANG_ENGLISH_US None
RT_GROUP_ICON 0x00024304 0x00000030 LANG_NEUTRAL SUBLANG_NEUTRAL None
RT_GROUP_ICON 0x00024304 0x00000030 LANG_NEUTRAL SUBLANG_NEUTRAL None
RT_GROUP_ICON 0x00024304 0x00000030 LANG_NEUTRAL SUBLANG_NEUTRAL None
RT_VERSION 0x00024334 0x0000020c LANG_ENGLISH SUBLANG_ENGLISH_US None

Imports

Library MSVBVM60.DLL:
0x401000 __vbaVarSub
0x401004 __vbaStrI2
0x401008 _CIcos
0x40100c _adj_fptan
0x401010 __vbaVarMove
0x401014 __vbaStrI4
0x401018 __vbaVarVargNofree
0x40101c None
0x401020 __vbaFreeVar
0x401024 __vbaAryMove
0x401028 __vbaLenBstr
0x40102c __vbaStrVarMove
0x401030 __vbaFreeVarList
0x401034 __vbaPut3
0x401038 __vbaEnd
0x40103c _adj_fdiv_m64
0x401040 __vbaPut4
0x401044 None
0x401048 None
0x40104c _adj_fprem1
0x401050 None
0x401054 None
0x401058 __vbaStrCat
0x40105c __vbaLsetFixstr
0x401060 __vbaSetSystemError
0x401064 __vbaRecDestruct
0x40106c __vbaLenBstrB
0x401070 None
0x401074 _adj_fdiv_m32
0x401078 __vbaAryVar
0x40107c __vbaAryDestruct
0x401080 None
0x401084 __vbaExitProc
0x401088 __vbaOnError
0x40108c _adj_fdiv_m16i
0x401090 _adj_fdivr_m16i
0x401094 __vbaVarIndexLoad
0x401098 __vbaStrFixstr
0x40109c __vbaBoolVarNull
0x4010a0 __vbaFpR8
0x4010a4 _CIsin
0x4010a8 None
0x4010ac __vbaErase
0x4010b0 None
0x4010b4 __vbaVarZero
0x4010b8 None
0x4010bc __vbaChkstk
0x4010c0 __vbaFileClose
0x4010c4 None
0x4010c8 None
0x4010cc None
0x4010d4 __vbaGet3
0x4010d8 __vbaStrCmp
0x4010dc __vbaPutOwner3
0x4010e0 __vbaAryConstruct2
0x4010e4 __vbaVarTstEq
0x4010e8 __vbaI2I4
0x4010ec DllFunctionCall
0x4010f0 __vbaVarOr
0x4010f4 __vbaFpUI1
0x4010f8 __vbaRedimPreserve
0x4010fc _adj_fpatan
0x401104 __vbaRedim
0x401108 __vbaUI1ErrVar
0x40110c __vbaUI1I2
0x401110 _CIsqrt
0x401114 __vbaVarAnd
0x401118 __vbaVarMul
0x40111c __vbaFpCmpCy
0x401120 __vbaUI1I4
0x401124 __vbaExceptHandler
0x401128 None
0x40112c None
0x401130 None
0x401134 _adj_fprem
0x401138 _adj_fdivr_m64
0x40113c None
0x401140 __vbaFPException
0x401144 None
0x401148 __vbaInStrVar
0x40114c __vbaStrVarVal
0x401150 __vbaUbound
0x401154 __vbaGetOwner4
0x401158 __vbaVarCat
0x40115c None
0x401160 __vbaI2Var
0x401164 None
0x401168 None
0x40116c None
0x401170 _CIlog
0x401174 __vbaErrorOverflow
0x401178 __vbaFileOpen
0x40117c __vbaInStr
0x401180 __vbaVar2Vec
0x401184 __vbaNew2
0x401188 __vbaVarInt
0x40118c _adj_fdiv_m32i
0x401190 _adj_fdivr_m32i
0x401194 __vbaStrCopy
0x401198 None
0x40119c __vbaFreeStrList
0x4011a0 __vbaVarNot
0x4011a4 __vbaDerefAry1
0x4011a8 _adj_fdivr_m32
0x4011ac __vbaPowerR8
0x4011b0 _adj_fdiv_r
0x4011b4 None
0x4011b8 __vbaVarTstNe
0x4011bc __vbaI4Var
0x4011c0 __vbaAryLock
0x4011c4 __vbaVarAdd
0x4011c8 __vbaVarDup
0x4011cc None
0x4011d0 __vbaFpI4
0x4011d4 __vbaVarCopy
0x4011d8 None
0x4011dc _CIatan
0x4011e0 __vbaStrMove
0x4011e4 __vbaAryCopy
0x4011e8 None
0x4011ec None
0x4011f0 __vbaStrVarCopy
0x4011f4 _allmul
0x4011f8 _CItan
0x4011fc __vbaAryUnlock
0x401200 __vbaUI1Var
0x401204 __vbaFPInt
0x401208 _CIexp
0x40120c __vbaMidStmtBstr
0x401210 __vbaFreeStr
0x401214 __vbaFreeObj
0x401218 __vbaI4ErrVar
L!This program cannot be run in DOS mode.
u111PE
`.data
tfwqyyy
MSVBVM60.DLL
QsjRst
PsrRsBs1hRsNshPsf
PsbrRs>UPsNs
QswUPsnPssPs
QssPsEtPshPs)uPsNsPOsOsjPsIOs
Qs@9RsJOsBsHPsGPsF
QsOsPsqRsuRs.Qs
QsIOs&nPsnRssnPs*aQs?OssoPs}Ps}Ps\Os"UPs
PsUPsOsRsE
PsBsRs4uRsOs6
Qs\PsVOsBLPs
QsRs`vRs2vRs/
Ps$FPs
Qsj|Ps
uRs-PsqPs
PsOsUPsgPsOsfLPsOs
PsDROskQsNs];Os~Bs:RsOswRsz
QsjPs/OsEjPsdRsOs
PsPs5Bs
RstLPs%OswRsmRskPspuRskRskPs
QstjPshNslPslPs
Ps-PsQsHOsXLPsePsQPsfzPs0jPsOsmLPs
-C000-IyAQXcwVnXo
VB5!6&*
zDbvmZNFWEEPIllnnv
JZrTNLQE
IyAQXcwVnXo
NiOWNe5i
ebsstkXjEsFDT1
IyAQXcwVnXo
kernel32
IsBadStringPtrW
USER32
CallWindowProcW
+3q"=h
VBA6.DLL
__vbaFpR8
__vbaVarCopy
__vbaPut4
__vbaFpUI1
__vbaUI1I4
__vbaFPInt
__vbaVarOr
__vbaLsetFixstr
__vbaStrFixstr
__vbaVarCat
__vbaFpCmpCy
__vbaVarMul
__vbaVarAdd
__vbaI2Var
__vbaVarTstEq
__vbaVarTstNe
__vbaEnd
__vbaLenBstrB
__vbaInStrVar
__vbaBoolVarNull
__vbaFixstrConstruct
__vbaVarInt
__vbaVarSub
__vbaMidStmtBstr
__vbaExitProc
__vbaUI1ErrVar
__vbaI4ErrVar
__vbaVarNot
MSVBVM60.DLL
__vbaStrI4
__vbaRecDestruct
__vbaFreeObj
__vbaHresultCheckObj
__vbaNew2
__vbaStrCmp
__vbaUbound
__vbaPut3
__vbaUI1Var
__vbaUI1I2
__vbaI4Var
__vbaVar2Vec
__vbaGenerateBoundsError
__vbaAryConstruct2
__vbaVarVargNofree
__vbaVarAnd
__vbaRedimPreserve
__vbaPowerR8
__vbaFpI4
__vbaStrVarCopy
__vbaVarZero
__vbaAryUnlock
__vbaAryLock
__vbaSetSystemError
__vbaPutOwner3
__vbaStrCat
__vbaAryMove
__vbaStrVarMove
__vbaVarIndexLoad
__vbaStrVarVal
__vbaAryVar
__vbaAryCopy
__vbaAryDestruct
__vbaErase
__vbaDerefAry1
__vbaVarMove
__vbaStrCopy
__vbaErrorOverflow
__vbaFreeVarList
__vbaGetOwner4
__vbaRedim
__vbaInStr
__vbaLenBstr
__vbaFreeStrList
__vbaFileClose
__vbaStrI2
__vbaGet3
__vbaFreeVar
__vbaVarDup
__vbaFreeStr
__vbaI2I4
__vbaStrMove
__vbaFileOpen
__vbaOnError
j\XSVWeE
MyPMjPjh
MEEPK=
MmP1EPEPj
MPMPjh
EPEPEPEPj
%EPEPj
jlXSVWeE
MEPEPj
(EPu5A
MPEPEPj
QSVWeE
0EPcEPh
PEPKME
j,PMPEPKj
MEPEPEPj
pPEPEPEPEPj
PEPHPH
j,PMPEPj
MOEPEPEPj
pPEPEPEPEPj
MPhH:@
MPMPjh
EPEPEPj
McPEPh :@
EPEPlEPEPj
MPhH:@
EPEPEPj
EPEPsEPEPj
EPEPEPEPj
EPEPEPEPj
HlP5pA
FEPEPEPj
pPEPEPEPEPj
SVWeE`
uP\EPy\EE
EPEPEPEPj
u3P\EP\EE
uPXEPgXEE
MEPEPEPEPj
j|XSVWeE
EPEPEPEPj
M}PAEPEPj
fEfEf;E
0EPEPj
jdX(SVWeE
MPEPPEP
MEPEPj
jTXPSVWeEP
MMpMVE
jpXSVWeE
MPhP:@
MHEPEPj
|PHPHPEPe|E
lPElP|Pj
\PlP|PLPLP\PlP|Pj
EPEPEPEPj
j@8P|PQ|P
\PlP|PLP
LP\PlP|Pj
0EPuu@
(P8PlPe
EPLlPuE
XEPEPEPEPEPj
LP\PlP|Pj
1EP5hA
M_Pj?-
M(EPEPEPEPj
&EPEPEPEPj
jdXlSVWeE
EPEPEPEPj
MjMVM<E
M)M!EPEPj
jtXSVWeE
EPEPsEPEPj
EPEPEPEPj
SVWeEH
MPUEPEPj
M!EPEPEPEPj
M'EPEPEPEPj
EPEPEPEPEPEPEPEPEPj
MDP5XA
EPEPEPEPj
0uum0$
M]P5XA
M&P5XA
0PEPEP
EPEPEPEPj
g0jt"(j
0PEPEP(
EPEPEPj
EPEPPEPEPj
M|P5XA
ME0PEPEP
EPEPEPj
MEPEPEPEPj
EPEP(EPEPj
u0xt@(j
W0Zt"(j
Mp0PEPEP
EPEPEPj
EPEPEPEPj
MnP2EPEPj
EPEPEPEPEPEPEPj
xPEPEPhP
hPxPEPEPj
MfP5XA
EPEPEPEPj
M2Ph:@
MXP5XA
kdP58A
9EPEPEPEPj
MdEPEPEPEPj
PEPEPj
MfP5XA
ydP58A
GEPEPEPEPj
M}0PEP
M;Ph:@
EPEPEPEPEPEPEPEPEPEPj
EPEPEPEPj
MYP5XA
MC0PEPV
M"P5XA
aEPEPEPEPEPEPEPEPEPEPj
,hPxPEPEPj
SVWeEx
EPEPEPEP
EPEPEPEPj
EPEPEPEPj
EPEPeEPEPj
EPEPEPj
eEPEPj
>EP58A
EPEPRj
EPEPPE
~MjMPE
YEP58A
EPEP3EPEPj
EPEPcEPEPj
MiEPEPEPEPj
8EPEPEPEPj
j XbSVWeE
EPhd8@
SVWeE0
,EP5(A
EPEPEPEPEPEPEPEPj
.MtEPEPEPEPj
MqPh:@
M\Ph:@
MGPh(>@
M2PM#P]
|iPh:@
xQPh@>@
`PdPhPlPpPtPxP|PEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEP\Pj6
M6PhX>@
(PMuPh:@
M`PMQP
MAPh:@
MPh0>@
MqP|MbP
MRPh:@
M=Ph:@
M(Ph@>@
`PdPhPlPpPtPxP|PEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPLPPPTPXP\Pj#
EPEPEPEPj
(Ph`>@
MzPhh>@
MePtMVP
MFPh:@
M1PpM"P\
MPlMP(
MuPhMfP
MVPdMGP
M7P`M(Pb
`PdPhPlPpPtPxP|PEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPTPXP\Pj!
LPPPTPXP\P`PdPhPlPpPtPxP|PEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPj#
jhX{SVWeE
M~Pj-[~
M{~Pj,I~
MY~EPEPEPEPj
uEP(}j
uI}P|EEP|EEE
P|xEDP|EE
EP{Eh;@
$EPe|EPEPEPEPj
jhXySVWeE
EPEP:zEPEPG{P-zz
M{EPEPj
M{EPEPj
/xSVWeEP
XYYY Py
$YP$P>y j
hPxPEPXPVxXPhPxPEPj
EPxPxxPEPj
MxPwMmxE
H8wPv Phw
MMwEPEPEPEPj
} ^u Eh@
>EPEPEPEPj
XPhPxPEPj
AuMuMuMu
}}}}xhXH8(
u]Wu(t
$EPoEPWp
EPEPVp
_^[Wpf=A
jTXYmSVWeE
oEPu5A
lSVWeE@
PEPEPlEPm
MnEPEPj
MWnPj^%n
M5nEPEPEPEPj
kMmMmE
-EPEPEPEPj
jSVWeE
l$lPkE
lEPEPj
NkEP5A
OjuiEE
fSVWeE
EPEPhEPEPj
MhEPEPEPEPj
tPEPEPdP2ddPtPEPEPj
MGePidM-eE
cEPEPj
EPEPEPaPEPa
McEPEPEPEPj
dPtPEPEPj
`SVWeE
EPfEPu
EPVEPEPEPEUM
bEPEPEPEPj
EPEPaEPEPj
EPEPaEPEPj
MaEPEPEPEPEPj
^SVWeE
EPEPEPEP_EPEPEPEPj
j_EP5A
A_EP5hA
_EPEPj
&EPEPEPEPj
[SVWeE
][XP5A
ZXP5|A
<PPFZj(i
\PXPXf\PPlP|Pj
~YXP5hA
XTP5hA
|XPP5hA
WLP5hA
V<PP6Wj
[VXP5A
P|PtU|PPj
P|PT|PPj
!TXP5A
TSXP5A
KRXP5|A
\PlP|PPj
jdX6OSVWeE
QQfEfE
MjQMVQM<QE
EPEPQPEPEPj
EPEPOEPEPj
MPMPEPEPj
HMSVWeE
OPNPPj
PPPP3MPPPPj
j XJSVWeEX
MPLEPEPj
MLPpLEPEPj
ISVWeE
JIEPu5A
HEP5xA
GEP5|A
MSHMKHMCHfE
ESVWeE
VEPEP9Gj
EPEPFP
MIGPEP
M5GPoF
EPEPEPEPEPEPEPj
+EPEPEPEPEPEPj
(CSVWeE @
} jhh=@
} j`h=@
EPEPMBEPEPj
} jdh=@
} jXh=@
M@P?M@E
`PEPA?A
EPPPEPG=P@PEP6=PEP>Pd>
>>pP5A
>EPEPj
EPEPEPj
=pP5pA
EPEP<=(A
} jPh=@
EPEP;EPEP:fM:EPEPEPEPj
:pP5|A
M-;Pj9:
M:EPEPEPEPj
EPEPEPEP8EPEPEPEPj
M9P9EPEPj
EPEP8EPEPj
EPEP8EPEPj
EPEPEPEP7EPEPEPEPj
EPEP87
EP`PN6fM[8EPEPj
EPEP7EPEPj
M{7P6Ma7E3
;5pP5A
5My5E;
REPEPEPEPj
M3tPEPEPEPEPj
1SVWeE0 @
M1PY1EPEPj
EPtPT/tPEPj
Mx/PjwF/
MA/EPEPEPEPj
EPtP-tPEPj
EP-uu-P-
(,pP5A
M,P+M,E
M,Pj-^,
M~,P"+
Mn,EPEPEPEPj
+EP*EPEPEPEPj
jDX'SVWeE @
M)PEP)P)EE
*EP5hA
M$*EPj
jxX&SVWeE @
EPEPEP%'P|PEP
'PEPR'P
EPEPEPEPj
%SVWeE !@
EPEP'EPEPj
M0(P'EPEPj
EPEP~fEfE
Mi'Pu&
MV'PEPEP:P
M8'Pr&
M('Ph<:@
'EPEPEPEPj
EPEPfEfE
M&PEPEPtPR&
Mb&Ph<:@
MM&EPEPEPEPEPj
%EPEPj
EPEPfEfE
M%PEPEPPb%
Mr%Ph<:@
M]%EPEPEPEPj
M$Pu$$
M$PEPEPP$
M$Ph<:@
M$EPEPEPEPEPj
EPEPKfEfE
M3$Pm#
M#$PuZ#
$PEPEPP#
M#Ph<:@
M#EPEPEPEPEPj
EPEP|fEfE
EPEP_f|EP\
MS#Pu"
M@#P|P\
M)#Pc"
#Ph<:@
#EPEPEPEPj
EPEPfEfE
EPEPf|u
Mm"P|P[
MF"Ph<:@
M1"EPEPEPEPEPj
EPEPfEfE
EPEPf|u
M!P|PZ
Mo!Ph<:@
MZ!EPEPEPEPEPj
EPEPf|u
M Ph<:@
M EPEPEPEPEPj
EPEPHEPEPj
EPEPfEfE
EPEPf|EP@Y
MPh<:@
MEPEPEPEPj
EPEP>fEfE
EPEP!f|u
EPEPEPEPEPj
EPEPgfEfE
EPEPJf|u
EPEPEPEPEPj
EPEPfEfE
EPEPsf|u
EPEPEPEPEPj
EPEPfEfE
EPEPf|u
EPEPEPEPEPj
EPEPEPEPEPj
SVWeE!@
SVWeEP"@
} jPh=@
} jPh=@
EPEPEPj
} jPh=@
EPEPEPEPj
} jPh=@
} jPh=@
} jPh=@
EPEPEP|P-
|PEPEPEPj
EP:tEE
NEPEPEPEPj
|PEPEPEPj
fEfEf;D
fEfEf;<
EPEPEPEP
EPEPEPEPj
EPEPEPEP
EPEPEPEPj
EPEPEPEP
EPEPEPEPj
EPEPEPEPj
SVWeE#@
EPEPEPEPEPEPEPEPj
<PLP\P,PR,P<PLP\Pj
j\P5TA
LP6LPh
M?PaM%E
M{P?EPEPj
MHPjM.E"
<PLP\P,P
,P<PLP\Pj
MEPEPEPEPj
<PLP\P,P,P<PLP\Pj
\PLPLP\Pj
M EPEPEPEPj
MPFEPEPj
<PLP\P,P,P<PLP\Pj
<PLP\P,P
,P<PLP\Pj
PEPEPj
\PLP(LP\Pj
\PLPLP\Pj
\PLP^LP\Pj
\PLPLP\Pj
MzPj=H
MhPjQ6
MFEPEPEPEPj
MPEPEPj
$j4u0>
EPEPEPEPj
$j6u$0
\PLPLP\Pj
\PLP LP\Pj
\PLPLP\Pj
M{EPEPEPEPj
<PLP\P,P,P<PLP\Pj
\PLPLP\Pj
M:P\M E
\PLPLP\Pj
\PLP@LP\Pj
\PLPkLP\Pj
P\P7\P
\PLPJLP\Pj
MEPEPEPEPj
M{PjtI
MiPjd7
MGEPEPEPEPj
\PLP3LP\Pj
P\P]\P
PLPPP<PP
<PLP\Pj
M:Phx?@
M%Ph:@
MPh`?@
MkPj1U
MIPh?@
lPpPtPxP|PEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPj
M{Ph:@
MfPh:@
MQPjo;
M/Ph:@
|Ph8>@
jtPxP|PEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPj
MZPj\D
EPEPEPEPEPj
lPpPtPxP|PEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPj
)`,P<PLP\Pj
SVWeEx&@
EPEPQEPEPj
MPEPEPj
0EPEPj
.SVWeE&@
082XXPEP/E
M|P5DA
|PEP\EPLA
EPlP`fTM[
EPEPEPEPzEPEPEPEPj
|PEPkEPPA
EPlPofTMj
EPEPEPEPEPEPEPEPj
EPEPEPEPj
SVWeEx'@
M>Pjt(
MPhH>@
MPh`?@
MgPh`?@
MRPje<
`Ph@>@
M`PdPhPlPpPtPxP|PEPEPEPEPEPEPEPEPEPEPEPEPEPEPj
PP@P!@PPPj
y<Pu5A
M^EPEPEPEPj
MPhP:@
PPPgPP
MMPhnA
Mx`PdPhPlPpPtPxP|PEPEPEPEPEPEPEPEPEPEPEPEPEPEPj
\@PPPj
oSVWeE'@
PSVWeE
P`P`P_
`PPPPP
|6PhX?@
`PPP<E
PP5fpPtPxP|PPj
P@P P0PPP`Pj
@PPP`P0P
0P@PPP`Pj
`PPPCPP`Pj
P`Pt`PPP
@PPP`P0P
0P@PPP`Pj
`PPP3PP`Pj
wpPtPxP|PPj
P P0P@PPP`Pj
SVWeE(@
MdPjtN
MBPjC,
M{Ph:@
MfPjeP
MDPjd.
M"Ph?@
tPh`?@
`rPh?@
\ZPjeD
\P`PdPhPlPpPtPxP|PEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPPPTPXPj!"
?LPu5A
>/(LPj
PPTPXP\P`PdPhPlPpPtPxP|PEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPj!
jDXZSVWeE(@
SVWeEP)@
EPEP}fEE
pXXHXX
EPEPEPEPEPEPj
M9P|PS
MPtPuS
EPEPEPEPEPEPEPEPj
M9P|PR
MEPEPEPEPEPEPj
M_P|PQ
MEPEPEPEPEPEPEPEPj
MVP|PP
MEPEPEPEPEPEPEPEPj
MqPEPO
MMP|PO
EPEPEPEPEPEPEPEPj
MgPj65
M0EPEPEPEPj
M^PtPM
M7EPEPEPEPEPEPEPEPj
EPEPEPEPj
EPEPEPEPEPEPj
EPEPEPEPEPEPEPEPj
MAEPEPEPEPEPEPEPEPj
$EPEPj
SVWeE)@
MEP5<A
EPEP'EPEPj
SVWeE *@
EPEPEPEPj
d#dP`E
EPEPaEPEPj
&MEPEPj
SVWeE*@
MsEPEPj
M<EPEPj
SVWeE*@
EPEPEPEPj
j@xPEP-uEPEP
8EPEPEPEPj
SVWeE0+@
j[EPqf
XPEPEPGPEPEP9PHPxP%P8PhP
hPxPEPEPEPEPj
MjPh<:@
XPEPEP
P(PxPsP
MehPxPEPEPEPEPj
EPEPOEPEPj
EPEPEP
PXPEPvP
M|MhEPEPEPEPj
XPEPEP PHPEP
P8PEPPZ
EPEPEPEPj
XPEPEP
EPEPEPj
MPh<:@
EPEPEPEPj
EPEPEPEPEPEPEPEPj
EPEPEPEPj
M#EPEPEPEPj
hPxPEPEPEPEPj
SVWeE+@
XASVWeE+@
SVWeE ,@
SVWeEp,@
TvTPXP\P`Pj
0M(Pjh
$P4PDP
P$P4PDPj
PDP6~DP~
PDP}DPb~
`~P~\P`Pj
DP4P}4PDPj
j@DP4Ps|4P|
M}4PDPj
j@DP4P1{4P{
MY|4PDPj
PDPzDPP{
X{Pjfr{
Td{TPXP\P`Pj
TzTPXP\P`Pj
?ztzfP
j@DP4Px4PZy
z4PDPj
DP4Pby4PDPj
`jyP.y\P`Pj
PDPwDP[x
`xP]x\P`Pj
DP4Pw4PDPj
j@DP4P
hAw4PDPj
PDPuDP5v
MvDvE-
``vPh`A
H`>vE0
`(vPhdA
0MuPjh
DP4Pt4PDPj
uPt`buE5
MYuPEPj
MsPsE@
`sPhdA
DP4Pr4PDPj
#Pph"A
[TPXP\P`Pj
P$P4PDPj
MpMpMpMpMpMpMpMpMpMpMpMpMpMpMpMypMqpMipMapMYpMQpMIpMAp|6pp+pl ph
lSVWeE-@
lnuvnt
nEPDnd
{nEP5A
mEP5|A
EPEPEPEP4lEPEPEPEPj
&EPEPEPEPj
M)mM!m
iSVWeE-@
lPpPCB
EPEP3kEPEPj
MkEPEPj
EPEPiu
EPEPjPi
MBkP|j
M2kEPEPj
MjEPEPEPEPj
M=jEPEPEPEPj
fSVWeEP.@
gEP5xA
,!,P7gE
EPEPfEPEPj
MfPafEPEPj
MgfPj,5f
MUfPj4#f
M3fEPEPEPEPj
'eEPdh
dEPZdH
8EPEPEPEPj
jHX`SVWeE.@
EPM'cE
cPbEPEPj
ubbfEE
fEfEf;E
EPEPk8Pu
M,bEPEPj
MSVBVM60.DLL
__vbaVarSub
__vbaStrI2
_CIcos
_adj_fptan
__vbaVarMove
__vbaStrI4
__vbaVarVargNofree
__vbaFreeVar
__vbaAryMove
__vbaLenBstr
__vbaStrVarMove
__vbaFreeVarList
__vbaPut3
__vbaEnd
_adj_fdiv_m64
__vbaPut4
_adj_fprem1
__vbaStrCat
__vbaLsetFixstr
__vbaSetSystemError
__vbaRecDestruct
__vbaHresultCheckObj
__vbaLenBstrB
_adj_fdiv_m32
__vbaAryVar
__vbaAryDestruct
__vbaExitProc
__vbaOnError
_adj_fdiv_m16i
_adj_fdivr_m16i
__vbaVarIndexLoad
__vbaStrFixstr
__vbaBoolVarNull
__vbaFpR8
_CIsin
__vbaErase
__vbaVarZero
__vbaChkstk
__vbaFileClose
__vbaGenerateBoundsError
__vbaGet3
__vbaStrCmp
__vbaPutOwner3
__vbaAryConstruct2
__vbaVarTstEq
__vbaI2I4
DllFunctionCall
__vbaVarOr
__vbaFpUI1
__vbaRedimPreserve
_adj_fpatan
__vbaFixstrConstruct
__vbaRedim
__vbaUI1ErrVar
__vbaUI1I2
_CIsqrt
__vbaVarAnd
__vbaVarMul
__vbaFpCmpCy
__vbaUI1I4
__vbaExceptHandler
_adj_fprem
_adj_fdivr_m64
__vbaFPException
__vbaInStrVar
__vbaStrVarVal
__vbaUbound
__vbaGetOwner4
__vbaVarCat
__vbaI2Var
_CIlog
__vbaErrorOverflow
__vbaFileOpen
__vbaInStr
__vbaVar2Vec
__vbaNew2
__vbaVarInt
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaStrCopy
__vbaFreeStrList
__vbaVarNot
__vbaDerefAry1
_adj_fdivr_m32
__vbaPowerR8
_adj_fdiv_r
__vbaVarTstNe
__vbaI4Var
__vbaAryLock
__vbaVarAdd
__vbaVarDup
__vbaFpI4
__vbaVarCopy
_CIatan
__vbaStrMove
__vbaAryCopy
__vbaStrVarCopy
_allmul
_CItan
__vbaAryUnlock
__vbaUI1Var
__vbaFPInt
_CIexp
__vbaMidStmtBstr
__vbaFreeStr
__vbaFreeObj
__vbaI4ErrVar
Xn>N+#
:{pQL=8.%
&<{{zxwoOML>K%
)<t|~~y{N+
:ryqID0%
ttttZZZ{{{{}t
,}{{{R
Qzz~~|
Iyyyyy
Jfvvvwvvl{
D@A]]]^ddcddccedd_k
N>>AA[[\]cccccc^]]W
EL]][[\[]^dgccgcc]]U
^KHEJafwdddevvvfd^j
odLJOfwwvfn
8oh`O`fww
iha`bfww
iheefiow
310.(
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
D;DD;D;D;;;;88;88;;88;;;;;;8;8;8888%
`\H\nn;%
%<=Hn;%
=H`;%
0ehhNA
'$=Hn;%
BwwthNNI
"%>`;%
0vwtthNNpn'$E`D%
?wtthhv
()E];%
5thhhv
()HaD%
*NNN7
<*775O
%*22?mI10?Izy
%.2.BA-*-/:Blq
*-0?loqm
**:oooPo
{{{?****
.mqmPmQQQ
{{{|B2231.-.1.jomPmQQQ
!{{{|jjML@LIlPOQQQ
}vvoooP\SSQ
!x~mbTSR
!|mbUUT
!&m\UUUR#\J%
rkkkJD%
sgYYX6,%
JsiZZY4%
Juigd%
LOaafl
waWPNHH
}}ccQQh
,.tk-0r`
Y*Z\TF)-ji[-_;(
R*$@DF "DSM,
/95/#%1^/
zDbvmZNFWEEPIllnnv9X?t
@-Y$GR'G)DVdfmLs083v
-Gqk>-qzL!
wdi?:KI&j5?d1&q$e
}|8q'{;U0
Bw=\~FS0p
&6Jp!}g]v
s*H#92
ZjF9BS>P
.[>Qy4HS2
BMAObo
%H"&}d
u/n^@%B^yJ(
D0r7T\
!}O<u:bsM?
P#1&8g
B4+V-i
F|Of:%|[5J"`%,p]v
Y1h5Mpk
d0lj'RPJM?
>'{@z9 \4_ez
.M%j]
*<$<yU+;Q(
8[{ueOs*
AMSf\0!t=
jk?[p/
jgB&qV6
;Z2rH[PsD
&=ceV*Bd<
8R(w0_d
5Vz`}*
9S6zBG
>9Z6pHfd+<FI
U6fqoj%}uR
Xj3Eu5VsgD=
W+w$REeAj
:`4.t
hZZ'4q
R:(n)Q<i48
y*@m?|<-BZ
2k4b_EJn,h.
0O?bJq
}Z%XlmSGyGCMkJJgIoA]1,yB
=)EFKjrR
)'9`)Hl
G()}4$>
epzSB=p
F>R}j+?O-
Mz[KzQh|r
-uVf \P
*z<><HX$
J ,3u,
g 6F[nK?5._#L@Z
T|hE:l:
.+XjAxE
,P3j1k
WvK57<
gsI5OG{#oe,
YE$7<a
Ss?Mb}rE?
X0TJi.gX
WHkPQ05L'S=I%}
R'rs8'
Z#PECUTH1\N:A[oqO7tJcwC"
`}7#6.l
"1Y+jM
oMVM`KL|da-]?(`)WXNAR
DX4[onqY
*'B~$~)^l
#09:]@]Oh%3X`y._G
BLlyDE|
_:5ffEFKn
\)#L==s)
PADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGM
otTP57
8P8MW8Y\
L!This program cannot be run in DOS mode.
i2h:2h:2h:2i:gh::1h::3h:)%:"h:)%:Ph:)%:
h::3h::*h::3h::3h:Rich2h:
`.data
@.reloc
otools\inc\nlg\private\inc\msfsa\faarray_cont_t.h
otools\inc\nlg\private\inc\msfsa\falextools_t.h
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
CorExitProcess
bad exception
HH:mm:ss
dddd, MMMM dd, yyyy
MM/dd/yy
December
November
October
September
August
February
January
Saturday
Friday
Thursday
Wednesday
Tuesday
Monday
Sunday
Unknown exception
GetProcessWindowStation
GetUserObjectInformationW
GetLastActivePopup
GetActiveWindow
MessageBoxW
 !"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~
nlg\lib\msfsa\faallocator.cpp
nlg\lib\msfsa\farsdfa_pack_triv.cpp
otools\inc\nlg\private\inc\msfsa\faarray_cont_2xresize_t.h
nlg\lib\msfsa\famultimap_pack.cpp
Internal error.
Object cannot be initialized.
Limit size has been exceeded.
Out of memory.
Object is not ready.
]ut5p?
W3+t#Hu7Vu
^3[UQE
V3WM0u
UVW39~
<|uCt7
t79V$t2h
M 3UE9J
MA3;~\U
E;}q}M
PE @PE
MPE+@PE
G;}|}]}$
F;}^U9]
z;~\;}T;]
Yt]U]U]
EVW3EP
@@@@@@@@
@@@@@@
@@@@@@@@@
@@@@@@
@@@@@@@
@@@@`AnA|A
AAAAAA
AAAAAAA
AAAAAA
AAAAAAA
IyAQXcwVnXo
ebsstkXjEsFDT
K09QW2
zDbvmZNFWEEPIllnnv
z0A429cB46pS84n
XlmSGyGCMkJJgIoA
RWr680nVVRbd
034-03jk5kj436kj45k6j45zzk756m7n56m7n6mn87687980
ICON4(
;:!!*)/2<).)1591T_@BLJRVZo@BHCEJILIRRXJ|UV\ZZYZKNPQ\YWbjkbegmrzpvr~onesvwustzxz
u{gbbalkojkeeihkmkowqx}vstpru}zys|~vy||{
7(581MO^}tr
wn}z|{?;;ZYirlwdcsnwKXCTEPoit[LRYevn{dv_ydvnwz
:72lgouszyey
kjej{w
:)78(.:'5gs
-8%%3%PCCw.2
.#+0/^jA
,J]dnwxAV_cjt|h^mh}
qgfgh546y576
VS_VERSION_INFO
VarFileInfo
Translation
StringFileInfo
040904B0
ProductName
JZrTNLQE
FileVersion
ProductVersion
InternalName
zDbvmZNFWEEPIllnnv
OriginalFilename
zDbvmZNFWEEPIllnnv.exe
RESOURCE_FATOKENIZER
KERNEL32.DLL
smscoree.dll
nruntime error
TLOSS error
SING error
DOMAIN error
- Attempt to use MSIL code from this assembly during native code initialization
This indicates a bug in your application. It is most likely the result of calling an MSIL-compiled (/clr) function from a native constructor or from DllMain.
- not enough space for locale information
- Attempt to initialize the CRT more than once.
This indicates a bug in your application.
- CRT not initialized
- unable to initialize heap
- not enough space for lowio initialization
- not enough space for stdio initialization
- pure virtual function call
- not enough space for _onexit/atexit table
- unable to open console device
- unexpected heap error
- unexpected multithread lock error
- not enough space for thread data
- abort() has been called
- not enough space for environment
- not enough space for arguments
- floating point support not loaded
Microsoft Visual C++ Runtime Library
<program name unknown>
Runtime Error!
Program:
HH:mm:ss
dddd, MMMM dd, yyyy
MM/dd/yy
December
November
October
September
August
February
January
Saturday
Friday
Thursday
Wednesday
Tuesday
Monday
Sunday
WUSER32.DLL
((((( H
CONOUT$

DNS

Name Response Post-Analysis Lookup
dns.msftncsi.com A 131.107.255.255 131.107.255.255
dns.msftncsi.com AAAA fd3e:4f5a:5b81::1 131.107.255.255

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 53179 224.0.0.252 5355
192.168.56.101 49642 224.0.0.252 5355
192.168.56.101 137 192.168.56.255 137
192.168.56.101 61714 114.114.114.114 53
192.168.56.101 56933 114.114.114.114 53
192.168.56.101 138 192.168.56.255 138

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.