0.9
低危
DACN
0.12
FACILE
1.00
IMCLNet
0.73
MFGraph
0.00
反病毒引擎
| 查杀引擎 | 查杀结果 | 查杀时间 | 查杀版本 |
|---|---|---|---|
| Alibaba | Worm:Win32/Vobfus.a5c38ea6 | 20190527 | 0.3.0.5 |
| Avast | Win32:VB-VBS [Wrm] | 20200401 | 18.4.3895.0 |
| Baidu | Win32.Worm.Autorun.l | 20190318 | 1.0.0.2 |
| CrowdStrike | win/malicious_confidence_100% (W) | 20190702 | 1.0 |
| Kingsoft | None | 20200402 | 2013.8.14.323 |
| McAfee | VBObfus.g | 20200402 | 6.0.6.653 |
| Tencent | Worm.Win32.Vobfus.l | 20200402 | 1.0.0.1 |
静态指标
动态指标
网络通信
与未执行 DNS 查询的主机进行通信
(2 个事件)
| host | 114.114.114.114 | |||
| host | 8.8.8.8 | |||
文件已被 VirusTotal 上 66 个反病毒引擎识别为恶意
(50 out of 66 个事件)
| ALYac | Gen:Variant.VBKrypt.55 |
| APEX | Malicious |
| AVG | Win32:VB-VBS [Wrm] |
| Acronis | suspicious |
| Ad-Aware | Gen:Variant.VBKrypt.55 |
| AhnLab-V3 | Trojan/Win32.VBKrypt.R43729 |
| Alibaba | Worm:Win32/Vobfus.a5c38ea6 |
| Antiy-AVL | Worm/Win32.WBNA.gen |
| Arcabit | Trojan.VBKrypt.55 |
| Avast | Win32:VB-VBS [Wrm] |
| Avira | WORM/Vobfus.CF.12 |
| Baidu | Win32.Worm.Autorun.l |
| BitDefender | Gen:Variant.VBKrypt.55 |
| BitDefenderTheta | AI:Packer.C99BF4F220 |
| Bkav | W32.UsernameGeuzuLnr.Trojan |
| CAT-QuickHeal | Trojan.Vobfus.gen |
| CMC | Worm.Win32.VBNA!O |
| ClamAV | Win.Trojan.VB-1675 |
| Comodo | TrojWare.Win32.VB.AGQ@596few |
| CrowdStrike | win/malicious_confidence_100% (W) |
| Cybereason | malicious.1f4967 |
| Cylance | Unsafe |
| Cyren | W32/Vobfus.W.gen!Eldorado |
| DrWeb | Trojan.VbCrypt.60 |
| ESET-NOD32 | Win32/AutoRun.VB.AGQ |
| Emsisoft | Gen:Variant.VBKrypt.55 (B) |
| Endgame | malicious (high confidence) |
| F-Prot | W32/Vobfus.W.gen!Eldorado |
| F-Secure | Worm.WORM/Vobfus.CF.12 |
| FireEye | Generic.mg.88c622e1f4967959 |
| Fortinet | W32/VB.ADV!tr |
| GData | Gen:Variant.VBKrypt.55 |
| Ikarus | Gen.Variant.Chinky |
| Invincea | heuristic |
| K7AntiVirus | EmailWorm ( 0054d10f1 ) |
| K7GW | EmailWorm ( 0054d10f1 ) |
| Kaspersky | Worm.Win32.Vobfus.equo |
| Lionic | Worm.Win32.WBNA.lr3L |
| MAX | malware (ai score=89) |
| MaxSecure | Trojan.Malware.300983.susgen |
| McAfee | VBObfus.g |
| McAfee-GW-Edition | BehavesLike.Win32.VBObfus.dm |
| MicroWorld-eScan | Gen:Variant.VBKrypt.55 |
| Microsoft | Worm:Win32/Vobfus.CF |
| NANO-Antivirus | Trojan.Win32.WBNA.cenndo |
| Paloalto | generic.ml |
| Panda | W32/Vobfus.GEW.worm |
| Qihoo-360 | Worm.Win32.VB.P |
| Rising | Worm.Win32.WBNA.q (CLOUD) |
| SUPERAntiSpyware | Trojan.Agent/Gen-FraudPack |
二进制图像
288x288
224x224
192x192
160x160
128x128
96x96
64x64
32x32
运行截图
暂无运行截图
该样本运行过程中未生成截图
PE Compile Time
2011-05-30 18:48:23
PE Imphash
7323186d6337248c5342244af323509d
Sections
| Name | Virtual Address | Virtual Size | Size of Raw Data | Entropy |
|---|---|---|---|---|
| .text | 0x00001000 | 0x0003d5d8 | 0x0003e000 | 5.536532876801641 |
| .data | 0x0003f000 | 0x00000568 | 0x00001000 | 0.0 |
| .rsrc | 0x00040000 | 0x000008b8 | 0x00001000 | 1.9258922743847506 |
Resources
| Name | Offset | Size | Language | Sub-language | File type |
|---|---|---|---|---|---|
| RT_ICON | 0x00040378 | 0x00000128 | LANG_NEUTRAL | SUBLANG_NEUTRAL | None |
| RT_ICON | 0x00040378 | 0x00000128 | LANG_NEUTRAL | SUBLANG_NEUTRAL | None |
| RT_ICON | 0x00040378 | 0x00000128 | LANG_NEUTRAL | SUBLANG_NEUTRAL | None |
| RT_GROUP_ICON | 0x00040348 | 0x00000030 | LANG_NEUTRAL | SUBLANG_NEUTRAL | None |
| RT_VERSION | 0x00040150 | 0x000001f8 | LANG_ENGLISH | SUBLANG_ENGLISH_US | None |
Imports
Library MSVBVM60.DLL:
• 0x401000 __vbaVarSub
• 0x401004 __vbaStrI2
• 0x401008 _CIcos
• 0x40100c _adj_fptan
• 0x401010 __vbaVarMove
• 0x401014 __vbaStrI4
• 0x401018 None
• 0x40101c __vbaVarVargNofree
• 0x401020 None
• 0x401024 __vbaFreeVar
• 0x401028 None
• 0x40102c __vbaAryMove
• 0x401030 __vbaStrVarMove
• 0x401034 None
• 0x401038 __vbaLenBstr
• 0x40103c None
• 0x401040 __vbaFreeVarList
• 0x401044 __vbaEnd
• 0x401048 __vbaPut3
• 0x40104c _adj_fdiv_m64
• 0x401050 __vbaPut4
• 0x401054 None
• 0x401058 None
• 0x40105c None
• 0x401060 None
• 0x401064 None
• 0x401068 None
• 0x40106c _adj_fprem1
• 0x401070 None
• 0x401074 None
• 0x401078 None
• 0x40107c __vbaStrCat
• 0x401080 None
• 0x401084 __vbaInStrVarB
• 0x401088 __vbaLsetFixstr
• 0x40108c __vbaRecDestruct
• 0x401090 __vbaLenBstrB
• 0x401094 __vbaHresultCheckObj
• 0x401098 __vbaLenVar
• 0x40109c _adj_fdiv_m32
• 0x4010a0 __vbaAryVar
• 0x4010a4 __vbaAryDestruct
• 0x4010a8 None
• 0x4010ac __vbaVarIndexLoadRefLock
• 0x4010b0 __vbaOnError
• 0x4010b4 __vbaObjSet
• 0x4010b8 _adj_fdiv_m16i
• 0x4010bc _adj_fdivr_m16i
• 0x4010c0 __vbaVarIndexLoad
• 0x4010c4 None
• 0x4010c8 __vbaStrFixstr
• 0x4010cc None
• 0x4010d0 None
• 0x4010d4 None
• 0x4010d8 __vbaBoolVarNull
• 0x4010dc __vbaFpR8
• 0x4010e0 _CIsin
• 0x4010e4 __vbaErase
• 0x4010e8 None
• 0x4010ec None
• 0x4010f0 None
• 0x4010f4 __vbaVarZero
• 0x4010f8 None
• 0x4010fc None
• 0x401100 __vbaChkstk
• 0x401104 None
• 0x401108 __vbaFileClose
• 0x40110c None
• 0x401110 None
• 0x401114 __vbaGenerateBoundsError
• 0x401118 __vbaStrCmp
• 0x40111c __vbaGet3
• 0x401120 __vbaVarTstEq
• 0x401124 __vbaAryConstruct2
• 0x401128 __vbaPutOwner3
• 0x40112c __vbaI2I4
• 0x401130 None
• 0x401134 __vbaVarOr
• 0x401138 __vbaFpUI1
• 0x40113c __vbaRedimPreserve
• 0x401140 __vbaLbound
• 0x401144 _adj_fpatan
• 0x401148 __vbaFixstrConstruct
• 0x40114c __vbaRedim
• 0x401150 __vbaNew
• 0x401154 __vbaUI1I2
• 0x401158 _CIsqrt
• 0x40115c __vbaVarAnd
• 0x401160 __vbaUI1I4
• 0x401164 __vbaFpCmpCy
• 0x401168 __vbaVarMul
• 0x40116c __vbaExceptHandler
• 0x401170 None
• 0x401174 None
• 0x401178 __vbaStrToUnicode
• 0x40117c None
• 0x401180 _adj_fprem
• 0x401184 _adj_fdivr_m64
• 0x401188 None
• 0x40118c __vbaI2Str
• 0x401190 None
• 0x401194 __vbaFPException
• 0x401198 __vbaInStrVar
• 0x40119c None
• 0x4011a0 __vbaStrVarVal
• 0x4011a4 __vbaUbound
• 0x4011a8 __vbaVarCat
• 0x4011ac __vbaGetOwner4
• 0x4011b0 None
• 0x4011b4 __vbaI2Var
• 0x4011b8 None
• 0x4011bc None
• 0x4011c0 None
• 0x4011c4 _CIlog
• 0x4011c8 __vbaErrorOverflow
• 0x4011cc __vbaFileOpen
• 0x4011d0 __vbaNew2
• 0x4011d4 __vbaInStr
• 0x4011d8 __vbaVar2Vec
• 0x4011dc __vbaVarInt
• 0x4011e0 _adj_fdiv_m32i
• 0x4011e4 _adj_fdivr_m32i
• 0x4011e8 __vbaStrCopy
• 0x4011ec None
• 0x4011f0 __vbaI4Str
• 0x4011f4 __vbaFreeStrList
• 0x4011f8 __vbaVarNot
• 0x4011fc _adj_fdivr_m32
• 0x401200 __vbaPowerR8
• 0x401204 _adj_fdiv_r
• 0x401208 None
• 0x40120c __vbaI4Var
• 0x401210 __vbaAryLock
• 0x401214 __vbaVarAdd
• 0x401218 __vbaInStrB
• 0x40121c __vbaVarDup
• 0x401220 __vbaStrToAnsi
• 0x401224 __vbaFpI4
• 0x401228 None
• 0x40122c None
• 0x401230 __vbaVarCopy
• 0x401234 None
• 0x401238 _CIatan
• 0x40123c __vbaStrMove
• 0x401240 None
• 0x401244 __vbaAryCopy
• 0x401248 __vbaCastObj
• 0x40124c None
• 0x401250 __vbaStrVarCopy
• 0x401254 _allmul
• 0x401258 __vbaLenVarB
• 0x40125c _CItan
• 0x401260 __vbaAryUnlock
• 0x401264 __vbaFPInt
• 0x401268 __vbaUI1Var
• 0x40126c _CIexp
• 0x401270 __vbaMidStmtBstr
• 0x401274 __vbaFreeStr
• 0x401278 __vbaFreeObj
L!This program cannot be run in DOS mode.
0Rich1
MSVBVM60.DLL
QsjRst
PsnPsrRsBs1hRs
PshPsOoPsbrRsNs>UPs
QswUPs'kPszkPs
lPs~lPsnPssPs
QssPsEtPs mPshPsmPspPs)uPsPOsjPsOshPs
Qs@9RsJOsBsOsGPs=OsF
QsOsetPsPsxvPsvPsxPsqRsuRs.QsIOs&nPsxPs
QsnRssnPs{Ps*aQs?|Ps?Os}Ps}Ps\Os
Ps"UPsRsOsUPsE
PsNOsRs4uRsOstOs6
Qs\PsVOsPOs
Ps2vRs`vRs$FPs
QsxNsj|Ps
Qs}Psj
uRsqPs-Ps
PsOsgPsUPsOsfLPsOs
PsDROskQsNs];OsOs~Bs:RswRsz
QsjPs/Os
PsEjPsdRs
PsPs5BstLPs%OswRs
sPsmRsBspuRskPs(lBskRskPs
QstjPslPshNs]RslPs
Ps-Ps^iPsQsHOsePsXLPsQPsfzPs0jPsOs
lQMbabcTAYkP
VB5!6&*
BMrIgMUjkA
rwoBPtNApytuSWO
lQMbabcTAYkP
DewYoXXIrv1
lQMbabcTAYkP
BMrIgMUjkA1
|ov\+H
}p!7Py
b*!j,"<0
>BY6wwG;
)$EtezZNYi
..Ehc]EJ
:x[Kf0pJ'7
6d-B\4
utiO>Q
Byac\sesqG/
3#B6yv
0.sC28Ar
/SzP1k
NB_>!? }c(MM<
%jGt\!A,u"H
!T||,!V_wfc
b+1mpO
Jiv/vN
|R@l;NIY
YKI5wlj
r.hOYkfb
=1`k|K;z_Tj
uI"=R%;E
&N+Zd8$k
aDB;*1
"Cm<fN
s[hK9x\x
@nGT/@,NWM~}E
(M#f=<R^8
Q3vwtuV0
HUp/2)SQ
-^M-R<
A&IEXC
Gy oe;62o
oqLvNu
j{ni$PCa{]~(
6R:,=:
#9C$_Z
0XR9~hH\rcyW&U
GUedX{qYIqdQLZP
&tAi@G27]Ev
.Bn+#n6o
6/aD M)
6fr RerFZ!
*1p0hf
I\WQW+
oQ7x {
R_lmJ/
N}@n~FVHR
`G43#B|'$
aiG, L
LmZ/k:`*b_SsI,N
eC*KZGKsCH<XHTL
S6x{byNmx
AhY.7Ev
aLGZ`z
>s^_"%u
}+V #
>PMKWO
#q;Lc%
AL(sO)d=
Cm|9]G
!=0x{/
pN^T%6BLP(V
G^r9gs;
`+rp0V
dgijs y`2
' L)g?
z^#T?hY
gd. |E_26@
N4oq$m
V@m`Tq
+3q"=h
VBA6.DLL
__vbaPut4
__vbaRecDestruct
__vbaStrToUnicode
__vbaStrToAnsi
__vbaI2Str
__vbaCastObj
__vbaNew
__vbaObjSet
__vbaPut3
__vbaInStrB
__vbaUI1Var
MSVBVM60
__vbaVar2Vec
__vbaVarAnd
__vbaVarNot
__vbaPutOwner3
__vbaVarIndexLoad
__vbaVarIndexLoadRefLock
__vbaVarAdd
__vbaAryLock
__vbaGetOwner4
__vbaFileClose
__vbaGet3
__vbaFileOpen
__vbaAryMove
__vbaVarMul
__vbaI2Var
__vbaFpCmpCy
__vbaFpR8
__vbaVarCopy
__vbaFpUI1
__vbaUI1I4
__vbaFPInt
__vbaVarOr
__vbaLsetFixstr
__vbaStrFixstr
__vbaStrVarCopy
__vbaInStr
__vbaAryUnlock
__vbaAryConstruct2
__vbaVarTstEq
__vbaI4Str
__vbaEnd
__vbaBoolVarNull
__vbaFixstrConstruct
__vbaVarInt
__vbaVarSub
__vbaVarVargNofree
__vbaLbound
__vbaInStrVarB
__vbaLenVarB
__vbaLenBstr
__vbaAryVar
__vbaAryCopy
__vbaStrCat
__vbaStrI4
__vbaErrorOverflow
__vbaI4Var
__vbaVarCat
__vbaRedimPreserve
__vbaGenerateBoundsError
__vbaStrCmp
__vbaFreeObj
__vbaHresultCheckObj
__vbaNew2
__vbaUbound
__vbaI2I4
__vbaPowerR8
__vbaFpI4
__vbaUI1I2
__vbaLenBstrB
__vbaFreeStrList
__vbaStrVarMove
__vbaMidStmtBstr
__vbaAryDestruct
__vbaFreeVarList
__vbaInStrVar
__vbaLenVar
__vbaStrVarVal
__vbaFreeStr
__vbaStrI2
__vbaStrMove
__vbaErase
__vbaVarZero
__vbaRedim
__vbaFreeVar
__vbaVarDup
__vbaVarMove
__vbaOnError
__vbaStrCopy
]SVWeE
jPhHU@
SVWeE
`RdPhQj
:`RdPhQj
]SVWeEh
BXP\Qj
mSVWeE
fEfMf;
f4f4f;
}#jhhU@
}#jXhU@
}#j`hU@
jMQXR(P
jtPQ(R
=SVWeE
&hPlQj
XQhRHP
|PQRPQRPj
(Q8RHPhQXRj
uKl3+B
}#jPhU@
jhP0QR
}#jPhU@
}#j`hU@
}#jXhU@
}#jhhU@
}#jhhU@
}#jXhU@
}#jPhU@
jhPhXY@
}#j`hU@
}#jhhU@
}#jXhU@
}#jhhU@
}#jPhU@
}#jPhU@
((Rh$C
}#jhhU@
}#jhhU@
hRXPHQ
P(Q8RHPXQhRxPQRPQRPQR
Q(R8PHQXRhPj
XQhRHP
Q(R8PHQXRhPxQRPQRPQRP
R(P8QHRhPXQj
Q(R8PHQXRhPxQRPQRPQRP
R(P8QHRXPhQj
}#jXhU@
XRhPHQ
P(Q8RHPhQXRj
|PQRPQRPj
Q(R8PHQXRhPxQRPQRPQRP
R(P8QHRXPhQj
}#jPhU@
SVWeE`
4REPVE
}#jXhU@
}#jhhU@
]SVWeE
}#jPhU@
R8P(QHRj
P(Q8RHPj
MSVWeE8
&|PMQj
-SVWeEx
(R,P0Qj
(R,P0Qj
jHRhZ@
}#jhhU@
(R,P0Qj
(R,P0Qj
}#jPhU@
(P,Q0Rj
j\QURTP
}#jPhU@
}#jhhU@
mSVWeEH
}#j`hU@
]SVWeE
}#j`hU@
PDQpRtPxQ|Rj
@pPtQxR|Pj
SVWeE0 @
}#jhhU@
}#j`hU@
}#jdhU@
}#jXhU@
j\Q0R4P
}#jPhU@
f8(P,Q0R4Pj
}#jXhU@
}#jhhU@
j|QUR4P
}#j`hU@
j(R,P0Q4Rj
SVWeE @
lQ|RP\Q
lR|PQj
lR|PQ\R
lP|QRj
lQ|RP\Q
lR|PQj
}#jXhU@
}#jhhU@
\QlR|PQj
SVWeEp!@
<RXP,Q
lQ|RPQRPQRPQ
P,Q<RLP\QlR|PQRPQRPQR
Q,R<Pj
LQPRTPj
Q(uhRj
LQPRTPj
lQ|RPQRPQRPQ
P,Q<RLP\QlR|PQRPQRPQR
Q,R<Pj
SVWeE!@
P=mxQj
&|REPj
zSVWeE!@
j@0Q4R
0R4P$Q
fTPQdRtPQRPQRPQ
P$Q4Rj
P8c@Qj
P b@Qj
}#jXhU@
Pj]@Qj
}#jhhU@
PtZ@Qj
Q@W@Rj
Q1V@Rj
HRLPPQj
HQLRPPj
DQTRdPtQRPQRPQRP
R$P4Qj
=_SVWeE"@
@PPQ`RpPQRPQRPQR
Q R0P@QPR`PpQRPQRPQRP
R P0Qj#
QNKhRj
R P0Q@RPP`QpRPQRPQRPQ
P Q0R@PPQ`RpPQRPQRPQR
MVSVWeE@#@
}#j`hU@
OSVWeE#@
PQTRXP\Q`RdPj
HQLRPPTQXR\P`QdRj
PQTRXP\Q`RdPj
HPLQPRTPXQ\R`PdQj
jHRPdQ
HRLPPQTRXP\Q`RdPj
HPLQPRTPXQ\R`PdQj
HPLQPRTPXQ\R`PdQj
XR\P`QdRj
\P`QdRj
PQTRXP\Q`RdPj
HPLQPRTPXQ\R`PdQj
HPLQPRTPXQ\R`PdQj
$(R8Pj
m9SVWeE$@
8SVWeE$@
6SVWeE %@
QN'LRj
}#j`hU@
(SVWeE%@
}#jhhU@
}#j`hU@
"SVWeE8&@
}#jPhU@
}#jXhU@
SVWeE&@
}#j`hU@
}#jPhU@
}#jPhU@
SVWeE'@
tRtPq+
}#jXhU@
}#jXhU@
tRtPE!
fxQh\@
Q R$Pj
Q R$Pj
mSVWeE8(@
Q R0P@Qj
R P0Q@Rj
Q R0P@Qj
}SVWeE(@
@PPQ`Rj
mSVWeE)@
fUfEf;E
PfEPMQ
SVWeE)@
}#jPhU@
TPMQUR
fEtPMQj
dRtPMQURj
SVWeEH*@
}#j`hU@
|PQRPj
xQ|RPQRj
}#jXhU@
|PQRPj
xQ|RPQRj
xP|QRPQj
|QRPQj
xR|PQRPj
xR|PQRPj
xR|PQRPj
|RPQRj
}#jXhU@
xP|QRPQj
xP|QRPQj
xP|QRPQj
xP|QRPQj
xR|PQRPj
DQTRdPj
]SVWeE +@
}#jXhU@
}#j`hU@
}#j`hU@
SVWeE`,@
}#jPhU@
}#j`hU@
}#jPhU@
}#jPhU@
}#jXhU@
tPQRdP
}#jPhU@
URPhA
URPhA
URPhA
dRtPQRj
-SVWeE`-@
}#jXhU@
uO8\+H
uO8\+Q
uO8\+B
uO8\+Q
uO8\+B
uO8\+H
uO8\+Q
uO8\+B
}#jXhU@
uO8\+B
uO8\+H
uO8\+B
uO8\+H
uO8\+Q
uO8\+B
uO8\+Q
uO8\+B
uO8\+Q
vSVWeE .@
3,Q0Rj
mqSVWeE.@
BlRpPj
lSVWeE.@
|PQRPQRj
RPQRPj
PDRh]@
QYSxRj
|QRPQRPj
=_SVWeEx/@
Q-NXRj
-VSVWeE/@
QGHlRj
fMfUf;<
=NSVWeE0@
}LSVWeE0@
}#jhhU@
}#jXhU@
FSVWeE 1@
mCSVWeE`1@
<SVWeE1@
}#jPhU@
ptPpQ$R
}#jPhU@
}#jPhU@
$(P$Q$R
}#jXhU@
Q$R $P
}#jXhU@
QR$PR$Q
uL<@+H
}#jhhU@
SVWeE2@
SVWeEX3@
|PQ6fx
SVWeE3@
}#j`hU@
}#jhhU@
}#j`hU@
}#jPhU@
4RDPTQdRtPQRPQRj
QRPQRj
}#jhhU@
RPQRPQj
}#jXhU@
PQRPQRPQj
PQRPQRj
QRPQRPQRPj
QRPQRPQRj
}#jXhU@
uKt3+H
PQRPQRj
PQRPQRj
}#jXhU@
QRPQRPj
uKT3+H
PQRPQRj
QRPQRPj
QRPQRPj
PQRPQRPQRj
4PDQTRdPtQRPQRPj
SVWeE06@
jQURxP
pPtQxRj
PR`P0Q@R
|@QPR`P0Qj
pQtRxPj
@QPR`Pj
SVWeE6@
uKx3+B
} jPh_@
EPMQtR
} jDh_@
} j,h_@
} jLh_@
3pQtRj
SVWeE`7@
=SVWeE7@
MQhLD@
SVWeEH8@
PfEMQj
}SVWeEx8@
SVWeE8@
P[EMQj
SVWeE8@
}#jXhU@
fLLP]w
}#j`hU@
}#jhhU@
}#jhhU@
fLLR!m
}#j`hU@
fLLPvb
}#jXhU@
}#jXhU@
}#jXhU@
}#jXhU@
}#j`hU@
MSVBVM60.DLL
__vbaVarSub
__vbaStrI2
_CIcos
_adj_fptan
__vbaVarMove
__vbaStrI4
__vbaVarVargNofree
__vbaFreeVar
__vbaAryMove
__vbaStrVarMove
__vbaLenBstr
__vbaFreeVarList
__vbaEnd
__vbaPut3
_adj_fdiv_m64
__vbaPut4
_adj_fprem1
__vbaStrCat
__vbaInStrVarB
__vbaLsetFixstr
__vbaRecDestruct
__vbaLenBstrB
__vbaHresultCheckObj
__vbaLenVar
_adj_fdiv_m32
__vbaAryVar
__vbaAryDestruct
__vbaVarIndexLoadRefLock
__vbaOnError
__vbaObjSet
_adj_fdiv_m16i
_adj_fdivr_m16i
__vbaVarIndexLoad
__vbaStrFixstr
__vbaBoolVarNull
__vbaFpR8
_CIsin
__vbaErase
__vbaVarZero
__vbaChkstk
__vbaFileClose
__vbaGenerateBoundsError
__vbaStrCmp
__vbaGet3
__vbaVarTstEq
__vbaAryConstruct2
__vbaPutOwner3
__vbaI2I4
__vbaVarOr
__vbaFpUI1
__vbaRedimPreserve
__vbaLbound
_adj_fpatan
__vbaFixstrConstruct
__vbaRedim
__vbaNew
__vbaUI1I2
_CIsqrt
__vbaVarAnd
__vbaUI1I4
__vbaFpCmpCy
__vbaVarMul
__vbaExceptHandler
__vbaStrToUnicode
_adj_fprem
_adj_fdivr_m64
__vbaI2Str
__vbaFPException
__vbaInStrVar
__vbaStrVarVal
__vbaUbound
__vbaVarCat
__vbaGetOwner4
__vbaI2Var
_CIlog
__vbaErrorOverflow
__vbaFileOpen
__vbaNew2
__vbaInStr
__vbaVar2Vec
__vbaVarInt
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaStrCopy
__vbaI4Str
__vbaFreeStrList
__vbaVarNot
_adj_fdivr_m32
__vbaPowerR8
_adj_fdiv_r
__vbaI4Var
__vbaAryLock
__vbaVarAdd
__vbaInStrB
__vbaVarDup
__vbaStrToAnsi
__vbaFpI4
__vbaVarCopy
_CIatan
__vbaStrMove
__vbaAryCopy
__vbaCastObj
__vbaStrVarCopy
_allmul
__vbaLenVarB
_CItan
__vbaAryUnlock
__vbaFPInt
__vbaUI1Var
_CIexp
__vbaMidStmtBstr
__vbaFreeStr
__vbaFreeObj
@�@�@�@�@�@�
A�A�A�A�A�A�A�
B�B�B�B�B�B�
B�B�B�B�B�B�
N�s�S�s�t�U�G�e�S�v�H�c�i�j�K�W�
N�B�G�t�I�p�L�j�y�p�r�v�I�I�R�
q�Y�I�q�d�Q�L�Z�
l�Q�M�b�a�b�c�T�A�Y�k�P�
B�M�r�I�g�M�U�j�k�A�
D�e�w�Y�o�X�X�I�r�v�
q�q�q�q�q�q�q�q�q�q�q�q�q�q�q�q�q�q�q�q�q�q�q�
V�S�_�V�E�R�S�I�O�N�_�I�N�F�O�
V�a�r�F�i�l�e�I�n�f�o�
T�r�a�n�s�l�a�t�i�o�n�
S�t�r�i�n�g�F�i�l�e�I�n�f�o�
0�4�0�9�0�4�B�0�
P�r�o�d�u�c�t�N�a�m�e�
r�w�o�B�P�t�N�A�p�y�t�u�S�W�O�
F�i�l�e�V�e�r�s�i�o�n�
P�r�o�d�u�c�t�V�e�r�s�i�o�n�
I�n�t�e�r�n�a�l�N�a�m�e�
B�M�r�I�g�M�U�j�k�A�
O�r�i�g�i�n�a�l�F�i�l�e�n�a�m�e�
B�M�r�I�g�M�U�j�k�A�.�e�x�e�
Hosts
| IP |
|---|
| 114.114.114.114 |
| 8.8.8.8 |
DNS
| Name | Response | Post-Analysis Lookup |
|---|---|---|
| dns.msftncsi.com | A 131.107.255.255 | |
| dns.msftncsi.com |
TCP
No TCP connections recorded.
UDP
| Source | Source Port | Destination | Destination Port |
|---|---|---|---|
| 192.168.56.101 | 53179 | 224.0.0.252 | 5355 |
| 192.168.56.101 | 49642 | 224.0.0.252 | 5355 |
| 192.168.56.101 | 137 | 192.168.56.255 | 137 |
| 192.168.56.101 | 61714 | 114.114.114.114 | 53 |
| 192.168.56.101 | 61714 | 8.8.8.8 | 53 |
| 192.168.56.101 | 56933 | 8.8.8.8 | 53 |
| 192.168.56.101 | 138 | 192.168.56.255 | 138 |
| 192.168.56.101 | 58485 | 114.114.114.114 | 53 |
| 192.168.56.101 | 58485 | 8.8.8.8 | 53 |
HTTP & HTTPS Requests
No HTTP requests performed.
ICMP traffic
No ICMP traffic performed.
IRC traffic
No IRC requests performed.
Suricata Alerts
No Suricata Alerts
Suricata TLS
No Suricata TLS
Snort Alerts
No Snort Alerts
Sorry! No dropped files.
Sorry! No dropped buffers.