SmartHawk

1.0

低危

56 个模型检测该样本为恶意！

重新分析

下载样本

06277f62b81f972a32bb01d6c853b831e199f7a4bb42a59d025a0fc7d8ae844c

06277f62b81f972a32bb01d6c853b831e199f7a4bb42a59d025a0fc7d8ae844c.exe

分析耗时

281s

引擎	描述	特征	威胁分数	可能家族	检测耗时
DACN	基于动态分析和胶囊网络的可视化恶意软件检测	API调用、DLL以及注册表的修改情况	0.12	Unknown	0.07s
FACILE	利用改进的层次胶囊网络对二进制恶意软件图像进行识别分类	二进制图像映射为的灰度图像	1.00	Unknown	0.04s
IMCLNet	轻量化深度卷积网络模型实现恶意软件家族检测	原始二进制映射而成的可视化图像	0.71	Unknown	0.20s
MFGraph	利用静态特征构建图网络以检测恶意软件	原始二进制PE文件的静态特征节点	0.00	Unknown	0.00s

查杀引擎	查杀结果	查杀时间	查杀版本
Alibaba	None	20190527	0.3.0.5
Avast	Win32:SillyP2P-X [Wrm]	20191103	18.4.3895.0
Baidu	Win32.Worm.Agent.bf	20190318	1.0.0.2
CrowdStrike	win/malicious_confidence_100% (D)	20190702	1.0
Kingsoft	None	20191103	2013.8.14.323
McAfee	W32/Xiquitir.ow!p2p	20191103	6.0.6.653
Tencent	Trojan.Win32.Small.p	20191103	1.0.0.1

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手，可以帮您分析和解读恶意软件报告。请随时向我提问！

🔍 主要威胁分析

⚡ 行为特征

🛡️ 防护建议

🔧 技术手段

🎯 检测方法

🤖

Static Analysis
Strings

PE Compile Time

2004-05-07 07:02:15

PE Imphash

27f21db1a40f044cb2ea9aa7f88716f6

Sections

Name	Virtual Address	Virtual Size	Size of Raw Data	Entropy
.text\x00U	0x00001000	0x00005b50	0x00006000	6.366605200857055
.rdata	0x00007000	0x000009ac	0x00001000	4.014497177343175
.data\x00U	0x00008000	0x00003478	0x00002000	3.55405344748377
.rsrc\x00s	0x0000c000	0x00000958	0x00001000	0.0
.hoAiXT	0x0000d000	0x00000f66	0x00001000	0.0

Imports

Library KERNEL32.dll:

• 0x407010 FindClose

• 0x407014 FindNextFileA

• 0x407018 GetModuleHandleA

• 0x40701c GetStringTypeW

• 0x407020 GetStringTypeA

• 0x407024 GetModuleFileNameA

• 0x407028 GetWindowsDirectoryA

• 0x40702c FindFirstFileA

• 0x407030 Sleep

• 0x407034 HeapFree

• 0x407038 HeapAlloc

• 0x40703c GetStartupInfoA

• 0x407040 GetCommandLineA

• 0x407044 GetVersion

• 0x407048 ExitProcess

• 0x40704c HeapDestroy

• 0x407050 HeapCreate

• 0x407054 VirtualFree

• 0x407058 VirtualAlloc

• 0x40705c HeapReAlloc

• 0x407060 GetLastError

• 0x407064 CloseHandle

• 0x407068 WriteFile

• 0x40706c ReadFile

• 0x407070 TerminateProcess

• 0x407074 GetCurrentProcess

• 0x407078 UnhandledExceptionFilter

• 0x40707c FreeEnvironmentStringsA

• 0x407080 FreeEnvironmentStringsW

• 0x407084 WideCharToMultiByte

• 0x407088 GetEnvironmentStrings

• 0x40708c GetEnvironmentStringsW

• 0x407090 SetHandleCount

• 0x407094 GetStdHandle

• 0x407098 GetFileType

• 0x40709c RtlUnwind

• 0x4070a0 SetStdHandle

• 0x4070a4 FlushFileBuffers

• 0x4070a8 CreateFileA

• 0x4070ac SetFilePointer

• 0x4070b0 GetCPInfo

• 0x4070b4 GetACP

• 0x4070b8 GetOEMCP

• 0x4070bc GetProcAddress

• 0x4070c0 LoadLibraryA

• 0x4070c4 SetEndOfFile

• 0x4070c8 MultiByteToWideChar

• 0x4070cc LCMapStringA

• 0x4070d0 LCMapStringW

• 0x4070d4 CreateDirectoryA

Library USER32.dll:

• 0x4070dc MessageBoxA

Library ADVAPI32.dll:

• 0x407000 RegSetValueExA

• 0x407004 RegCloseKey

• 0x407008 RegOpenKeyA

L!This program cannot be run in DOS mode.
/<kRkRkR
^iRYjR\gRXWR
AlRkS\RDiRTjRRichkR
`.rdata
@.data
@.hoAiXT
MU+U9U}wE
tAt2t$
YYUQSVW}
+;r>})E
UQSVW}
t6t7)E
YY^54@
Yu3Vt$
PUSVWu
_^H[]Ujhp@
j?UIZ;
r;]uy;
;uY;]s
pD#U#ue
j #M_|
]#\D\D
VW3;u0DP
_^[SUVW|$
_^][Vt$
3^SVt$
>+~&WPv
YSVW33395 @
_^[UQQSV5@
rt`+tE
rbtHHt.
u@u;@S9]u.E
SUV333;W~]
;|?4$j 
_^][USVu
_^[UWVu
DDDDDDDDDDDDDD
It.ht lt
HHtpHHtl
YAE t!E@E
t;ERPWVEUe
~;E]xf
YY~2MQu
E_^[S?@
KVW~&|$
X_[^3^
YtF>"u
< v^S39
PY;5l@
8t9UW
YE?=t"Uq;Y
EYW6tY
8u]5(@
[UQQS39
EPEPSSWM
YEPEPE
@"t)t%
F8"uF@C
@C8"u,
VW333;u3
SS@SSPVSSD$4
;t2U>;YD$
t#SSUPt$$VSS
;t<8t
u+@UY;u
3_^][YY
DSUVWh
_^][DUSVWUj
t.;t$$t(4v
VC20XC00U
]_^[]UL$
PYY\WP\@Y<v)\P\;j
P5`WP8`h
P6VYP6j
DDDDDDDDDDDDDD
SVW33@@
<1u6=@
t78t2=@
^#+t-Ht!Ht
5t.;t*;t
VuEPuuu
90tr0B=@
@;vAA9
 t7SWU
BBBu_[j
VPVPV5
@AA;rI3
VWuBht@
;tg5p@
tPhlt@
_^[3L$
GIt%t)
Gt/KuD$
GKu[^D$
[^_SVt$
S>Yu+Vj
_^[3VWj
3^95 @
YY@}>j
8YUjht@
SVWe39=
"WWSht@
M]9}tfSuu
tMWWSuu
Mu;tVSuuu
3;u>EPj
EPVht@
E;tc]<
euWSV[
e33M;t)uVu
PKY3UQ
 ;t8WY;YEt*j
|)|||W|;)|Y5|B$|=
|+|C|*|(|w
|P||+.|
`h````
ppxxxx
(null)
runtime error 
TLOSS error
SING error
DOMAIN error
- unable to initialize heap
- not enough space for lowio initialization
- not enough space for stdio initialization
- pure virtual function call
- not enough space for _onexit/atexit table
- unable to open console device
- unexpected heap error
- unexpected multithread lock error
- not enough space for thread data
abnormal program termination
- not enough space for environment
- not enough space for arguments
- floating point not loaded
Microsoft Visual C++ Runtime Library
Runtime Error!
Program: 
<program name unknown>
GetLastActivePopup
GetActiveWindow
MessageBoxA
user32.dll
GetWindowsDirectoryA
GetModuleFileNameA
GetModuleHandleA
FindClose
FindNextFileA
FindFirstFileA
KERNEL32.dll
MessageBoxA
USER32.dll
RegCloseKey
RegSetValueExA
RegOpenKeyA
ADVAPI32.dll
HeapFree
HeapAlloc
GetStartupInfoA
GetCommandLineA
GetVersion
ExitProcess
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
GetLastError
CloseHandle
WriteFile
ReadFile
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
RtlUnwind
SetStdHandle
FlushFileBuffers
CreateFileA
SetFilePointer
GetCPInfo
GetACP
GetOEMCP
GetProcAddress
LoadLibraryA
SetEndOfFile
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
CreateDirectoryA
Winamp 5.0 (full version).exe
Winamp 3 (full version).exe
Winamp 3.5 (full version).exe
Update Photoshop 7.0 to Photoshop 9.16 (Its Work!).exe
Update Photoshop 8.0 to Photoshop 9.5 (Its Work!).exe
WinAce 3.85 (with Serial).exe
Download Accelerator Plus (DAP) (full version with serial).exe
RealOne Player (Full version).exe
BsPlayer v3.exe
WinRar v6.11 (with crack).exe
WinRar 4 (with crack).exe
ContaWin 2000 (full version).exe
WinZip 9.exe
DivX 7.2 freeware.exe
3D Studio R8 (It's Work!!).exe
VirtualDub 2.1.4.exe
MSN messenger 6.3.exe
Hacha Profesional Edition.exe
Simpsons pack guiones (Temporada 2004).exe
Mazinkaiser pack fondos de escritorio.exe
Mazinkaiser comics pack.exe
Juegos JAVA para NOKIA.exe
Capitulos ineditos de DragonBall Z jamas emitidos.exe
Pack Tonos y Logos para Nokia.exe
Nero 7.5.1.0 (cracked!).exe
Pack Photoshop CS 8 plugins.exe
3D Movie Maker.exe
Silent Hill.exe
PSEmu.exe
RM2GBA.exe
WAV2MP3.exe
GBAEmu.exe
GameCube Emulator.exe
Pack 50 Juegos PS2.exe
Pack 25 Juegos GameCube.exe
Resident Evil for GameCube.exe
Visual Basic 6.exe
Visual C.exe
Visual Studio (full).exe
mugen (full).exe
Fuck my fat ass.avi.exe
German extreme violation.mpg.exe
Sexo con una menor.exe
Pedofilia pack 37 pics.exe
Follada brutal coo roto.exe
Lolita Pack 20 Pics.exe
Puta come mierda.exe
Solo para Maricas.exe
No lo Descargues.exe
Dont Download.exe
humor.exe
Dont Touch.exe
Hentai.exe
Matrix Wallpapers.exe
Terminator 3 Wallpapers.exe
Hentai Evangelion Poker.exe
Shinchan screen saver.scr
Hentai Shizuka clit.exe
a pelo.exe
Chenoa en cueros.exe
WinAmp skings and plugins.exe
FlashGet Max acceleration (Experimental).exe
VMIntel386.exe
C:\Gusanillo QueBonito@Compartir.es
Hola tio! soy el gusanillo
como va eso?
Error in zip file
El archivo tiene un formato desconocido o est daado
Zip message
El archivo zip no ha podido ser abierto
probablemente este daado
SOFTWARE\Microsoft\Windows\CurrentVersion\Run
 256mb 32bit
VMIntel386
/Intelx386
/VMIntel386.exe
Pack sex very hot nude young girl porn erotic private pussy rape clitoris suck chicas fotos culos tetas coos mamadas corridas sister hermana amigas friends lesbianas mujeres desnudas putas guarras hentai.exe
EMULE.EXE
config/shareddir.dat
012345: :
SOFTWARE\Kazaa\LocalContent
012345:%s
DisableSharing
SOFTWARE\Kazaa\UserDetails
QueBonito@Compartir.es
012345: :
SOFTWARE\IMesh\Client\LocalContent
012345:%s
DisableSharing
SOFTWARE\IMesh\Client\UserDetails
QueBonito@Compartir.es
C:\WINDOWS\system32\c68d4a0a120e6e9cc9a5b4315a3120a7d0826345229a7297e988538feb32458f.exe
(null)
         (((((                  H

Process Tree

Hosts

IP
114.114.114.114

DNS

Name	Response	Post-Analysis Lookup
dns.msftncsi.com	A 131.107.255.255	131.107.255.255
dns.msftncsi.com	AAAA fd3e:4f5a:5b81::1	131.107.255.255

TCP

No TCP connections recorded.

UDP

Source	Source Port	Destination	Destination Port
192.168.56.101	53179	224.0.0.252	5355
192.168.56.101	49642	224.0.0.252	5355
192.168.56.101	137	192.168.56.255	137
192.168.56.101	61714	114.114.114.114	53
192.168.56.101	56933	114.114.114.114	53
192.168.56.101	138	192.168.56.255	138

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Name	d5cbc5cc4fed0c83_winzip 9.exe
Filepath	C:\Windows\Intelx386\WinZip 9.exe
Size	9.6MB
Processes	920 (None)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`69de3162c677c6db5b2033805bf88098`
SHA1	`94eb6b6d466e329faaaa7e844f8ee60baf9658b6`
SHA256	`d5cbc5cc4fed0c836e15357ead073a6c70a4ae59f7cf66044915559ab9bdb21a`
CRC32	`D1AC3F1C`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	675961d10d60d766_follada brutal co駉 roto.exe
Filepath	C:\Windows\Intelx386\Follada brutal co駉 roto.exe
Size	11.0MB
Processes	920 (None)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`75d8bfd8eff9abb605e9a01712241d17`
SHA1	`5bb9945c777beb756513910bf54c8eb8eeab0804`
SHA256	`675961d10d60d7661793a4c82d071ee4a2423545e147dd71a05c92e09441db51`
CRC32	`DC8FB116`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	d7f0ab97925e0f89_juegos java para nokia.exe
Filepath	C:\Windows\Intelx386\Juegos JAVA para NOKIA.exe
Size	8.4MB
Processes	920 (None)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`dc425ff2cc6dac14c8f97879ebf2f325`
SHA1	`5298e4a1a596af77f39d85e3facc420a89bd5664`
SHA256	`d7f0ab97925e0f8962e25b7ce21b7514c4467f80d360ea75eecc475a3aa5f54f`
CRC32	`7280B720`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	49461dd72f4c2058_humor.exe
Filepath	C:\Windows\Intelx386\humor.exe
Size	7.7MB
Processes	920 (None)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`dd9200da051f8280436de32ef8d52888`
SHA1	`92a390dba9b49c72973839e6cc77276cd359c5e0`
SHA256	`49461dd72f4c2058b9feb9f0d7844da2911f99fbe3f62830e5006b6efcfadd1f`
CRC32	`F1180AAA`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	aaf03a8b599ce0de_flashget max acceleration (experimental).exe
Filepath	C:\Windows\Intelx386\FlashGet Max acceleration (Experimental).exe
Size	3.0MB
Processes	920 (None)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`3d418945d30bc9e15541743ad0577ac2`
SHA1	`cd21ba41753e9dbe519a43264d150611eb5c0840`
SHA256	`74f7f4ffdf0d0d1730830beefb9d7bb94c4ea7029034173f85f014bbfa85c789`
CRC32	`5039D631`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	ad349b6cfb6d952d_nero 7.5.1.0 (cracked!).exe
Filepath	C:\Windows\Intelx386\Nero 7.5.1.0 (cracked!).exe
Size	13.8MB
Processes	920 (None)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`06965ce691c882c11b39d3bcd31dfb00`
SHA1	`d82af142a1658eb1be589fc9c493fa60502ae0b7`
SHA256	`ad349b6cfb6d952d9bb7783eac266bbcd95ba69e7ff14660d7a5e45466420559`
CRC32	`1D012F40`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	d1097bf6e512b649_flashget max acceleration (experimental).exe
Filepath	C:\Windows\Intelx386\FlashGet Max acceleration (Experimental).exe
Size	1.4MB
Processes	920 (None)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`e49e7039a7a4a89329ad5447c7941e37`
SHA1	`77cd9fd94c39fa7d24ed640d97f2c4c740dbca94`
SHA256	`a3c39b664a1b67e0276cfc63a4807955bf1ec64d0c3f02f88c085029c878093e`
CRC32	`4A1E270B`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	d10fc6e49124fe15_mazinkaiser comics pack.exe
Filepath	C:\Windows\Intelx386\Mazinkaiser comics pack.exe
Size	8.0MB
Processes	920 (None)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`205cc726807eedaf96e9a74fc5cc0c64`
SHA1	`7a10f2271a783f322a8219573cfc71d6cd5066b0`
SHA256	`d10fc6e49124fe15e9512eb7dec01eaea5ddbf0d74bf221b8c7ff80c13bc5dd1`
CRC32	`98D6E064`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	50a7e058160105e4_visual basic 6.exe
Filepath	C:\Windows\Intelx386\Visual Basic 6.exe
Size	7.7MB
Processes	920 (None)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`bc8c5b84ec57c837d136bdc9a8298690`
SHA1	`5bdff70870bc30302f4692de24df178a42811752`
SHA256	`50a7e058160105e4671d2bfb63b7de2bdd3d63e3ca491ef7c5fcd6c7de08a0f5`
CRC32	`D1762760`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	8d196ab93e4ab811_no lo descargues.exe
Filepath	C:\Windows\Intelx386\No lo Descargues.exe
Size	7.7MB
Processes	920 (None)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`e4319e8a928ae464568ff00f14f7efc9`
SHA1	`030ecf02835d950f02c0e0de00b1c82067394264`
SHA256	`8d196ab93e4ab811a1a3f03d437266f4212019c942256b5d694fddae445e68d4`
CRC32	`269071D5`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	90688f986da32cd8_chenoa en cueros.exe
Filepath	C:\Windows\Intelx386\Chenoa en cueros.exe
Size	5.3MB
Processes	920 (None)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`117f3ed5db8bfc28fe2ff1692b8c1e0e`
SHA1	`9aa61113569f54fa011701d9c0f938a7e4b8ab3b`
SHA256	`97e40f9168349033bc021b8aa78a19ac18c9ce8066966381468e0a614ba6fd93`
CRC32	`406802A0`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	2f63b8863ae0c246_puta come mierda.exe
Filepath	C:\Windows\Intelx386\Puta come mierda.exe
Size	7.7MB
Processes	920 (None)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`f524dc9f07c5b4990d3a441a323b07a4`
SHA1	`fc781e05c7480e6c3c750a082d493c71a2082622`
SHA256	`2f63b8863ae0c246eebac45e5ee0c3c3d749df18c10d0d21bb8fa08ffe715960`
CRC32	`E434765F`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	9efb698fcc1b0694_winamp skings and plugins.exe
Filepath	C:\Windows\Intelx386\WinAmp skings and plugins.exe
Size	1.5MB
Processes	920 (None)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`1ee064ffb51d56485a1bd6e8429d7e0b`
SHA1	`1f68558212a9cb2230cc624a9936defa1abb35f0`
SHA256	`cf4203e7cfb2dcfafc95c8be4ff3c63c05bfe5ffb7588e815a25fe2d784f0f5e`
CRC32	`225EC635`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	43eac4a11e2dbab4_contawin 2000 (full version).exe
Filepath	C:\Windows\Intelx386\ContaWin 2000 (full version).exe
Size	8.7MB
Processes	920 (None)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`7ff0cdfbf694ef6bf086b05155c0c7be`
SHA1	`9c52e51fa37d3ed17e3170de31f1e1eaa94187b2`
SHA256	`43eac4a11e2dbab496425b128bd3d929312a24cd81f31938775947cbc94d8402`
CRC32	`EE868FE0`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	f389d66b78b1b645_hentai.exe
Filepath	C:\Windows\Intelx386\Hentai.exe
Size	7.7MB
Processes	920 (None)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`0de639b048cdc5bcd27a125e37d045b0`
SHA1	`79d725603e1bee890082f7c49b868b0c4dc05953`
SHA256	`f389d66b78b1b645ffb60e67044ca3e5e6ce94e4d86d8ff221a69e547a928ac8`
CRC32	`BB346558`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	f1abc0b192c94308_winamp skings and plugins.exe
Filepath	C:\Windows\Intelx386\WinAmp skings and plugins.exe
Size	5.0MB
Processes	920 (None)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`b517c7c9ca1c7d68ca77e413a2036137`
SHA1	`fa3bc41db2c9c6ee553079300fdc925eba633e87`
SHA256	`936a8a8673596e9f4021495aebe0b9c0267cafc701d7d013bb5195b551eabd41`
CRC32	`4D91820F`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	44d97dddc14c6ebe_winace 3.85 (with serial).exe
Filepath	C:\Windows\Intelx386\WinAce 3.85 (with Serial).exe
Size	11.4MB
Processes	920 (None)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`0281eff2a679ad781325ebd9e2a14989`
SHA1	`dafc127529f3b0bb11211a28e862ae9b5de1b33b`
SHA256	`44d97dddc14c6ebe5076fef5e6e515bd5814b08aa437ccf360fdea52e35ed959`
CRC32	`DDE801EB`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	66c3698911486626_update photoshop 7.0 to photoshop 9.16 (it磗 work!).exe
Filepath	C:\Windows\Intelx386\Update Photoshop 7.0 to Photoshop 9.16 (It磗 Work!).exe
Size	9.3MB
Processes	920 (None)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`20a6165a054a4e88c2aa9a9e0445e222`
SHA1	`b98a200ec33b082deac24a80cc0c93a43572e622`
SHA256	`66c36989114866269094f125f9d5b1d514431c17cb64bd124271e1b67733c519`
CRC32	`981CD2E8`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	d07df3f98391ddf2_flashget max acceleration (experimental).exe
Filepath	C:\Windows\Intelx386\FlashGet Max acceleration (Experimental).exe
Size	604.0KB
Processes	920 (None)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`2ac7a71b10f8cc5e14a5f098dd1c95ab`
SHA1	`e2618d22f259c27cf761a901e1c22c73f9f19111`
SHA256	`a8e956df9b08c33123c0486416d917aba1036f2b929ce9aeee13be4dcfefff8f`
CRC32	`2F34D397`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	e858ba2ca64da53e_virtualdub 2.1.4.exe
Filepath	C:\Windows\Intelx386\VirtualDub 2.1.4.exe
Size	9.9MB
Processes	920 (None)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`104138063c024c7f82e909e0f6b97853`
SHA1	`da1bdadccb24c15796619f7d3048f3d285d8ff16`
SHA256	`e858ba2ca64da53e4c8ed609446d55ae5f60d3e3b0e2c3f78042bcd5152dad34`
CRC32	`934342C7`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	f01a33fe7bafef33_pack 50 juegos ps2.exe
Filepath	C:\Windows\Intelx386\Pack 50 Juegos PS2.exe
Size	7.8MB
Processes	920 (None)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`0d805a36a440f5376358d82ad650af76`
SHA1	`dc2b18fb55a4a960b774db96721364d12c9f7e18`
SHA256	`f01a33fe7bafef33a9b1b8190d606a7a9d5d48628831ac759191292b86110066`
CRC32	`597EDEED`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	30137c27daa55ee6_silent hill.exe
Filepath	C:\Windows\Intelx386\Silent Hill.exe
Size	7.8MB
Processes	920 (None)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`586cbe30de1c9bbdfa32f5f049ba0d8c`
SHA1	`f944b7de907f9725467699faece3d21679ac98db`
SHA256	`30137c27daa55ee6e09fd19f636ebd5c0c7a93d03dee69107f67129affa2716c`
CRC32	`7D6725EB`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	4afb4bf2e1752b9f_sexo con una menor.exe
Filepath	C:\Windows\Intelx386\Sexo con una menor.exe
Size	8.3MB
Processes	920 (None)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`774144774cc2f9ae1596216a7c791b39`
SHA1	`a4e650bec1684234e2986cd2b4bcccc3ca6c1913`
SHA256	`4afb4bf2e1752b9f3f8c46e1cb49e4ea78b928c56d8bd9c5ff558ef223e65c14`
CRC32	`47CD5779`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	ecadccfa23e56cfb_pack 25 juegos gamecube.exe
Filepath	C:\Windows\Intelx386\Pack 25 Juegos GameCube.exe
Size	7.8MB
Processes	920 (None)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`f28657679ca5cf2164255d89f4cfb458`
SHA1	`267196bd2d2523701205f6d118bf2b6cb2ae1a4f`
SHA256	`ecadccfa23e56cfb23fe90d1d0bff8867251806b9efb3332ba713c957c78ba19`
CRC32	`30B1C40A`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	dee10f2a46784aab_bsplayer v3.exe
Filepath	C:\Windows\Intelx386\BsPlayer v3.exe
Size	9.9MB
Processes	920 (None)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`7761821692f7530d80514361badc3352`
SHA1	`474c7b6c9717fda5ae2331f63965b9f530a41576`
SHA256	`dee10f2a46784aab5232d1e29250fa04b170c3b72d893a03d8be4fbbd9ec89f4`
CRC32	`B9ECB976`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	fa0b873a3df0f38a_psemu.exe
Filepath	C:\Windows\Intelx386\PSEmu.exe
Size	7.8MB
Processes	920 (None)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`0f39ad4b5e7b33eb633372077ccde764`
SHA1	`5a5338ecf8815ddae03b336248c8fa51be3b86d5`
SHA256	`fa0b873a3df0f38a0d33778b68b42e677008c0ecadbf17f85d1a7b098efdbd33`
CRC32	`9E382080`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	e89a7e5e97ff270a_flashget max acceleration (experimental).exe
Filepath	C:\Windows\Intelx386\FlashGet Max acceleration (Experimental).exe
Size	2.2MB
Processes	920 (None)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`638ffd8a0903c7a0431b3b6b9c54e85a`
SHA1	`b68ede74cb2ef34e6da2fe9da9e31056fbec686c`
SHA256	`7659107244e011abee6868ad124651b1b5780ab6f91d88374f09118bd062f4c1`
CRC32	`4F8DF72A`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	1858cbe56f1e61ea_terminator 3 wallpapers.exe
Filepath	C:\Windows\Intelx386\Terminator 3 Wallpapers.exe
Size	8.0MB
Processes	920 (None)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`07c9dbac32af881701ad0c58e02bb8ef`
SHA1	`e3f3c92e3ed50493f353e575050c1816b3f7bbac`
SHA256	`1858cbe56f1e61ead6ee9aedc70fdeea0760f7f950a203cfd75c432431baadf0`
CRC32	`D0ED869E`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	b898c01a65c992df_winamp skings and plugins.exe
Filepath	C:\Windows\Intelx386\WinAmp skings and plugins.exe
Size	60.0KB
Processes	920 (None)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`f91d4fab3ef4f4fa4f35116e8fab40a2`
SHA1	`b40f44c534c78597dea77cc1fe049c760c389e3f`
SHA256	`e26f5df4866af5f834fe32c0ff64b2894bd20e7c11b0f2c57b9137e256ea904b`
CRC32	`AFEFF621`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	52e65ec32c407ff9_3d studio r8 (it's work!!).exe
Filepath	C:\Windows\Intelx386\3D Studio R8 (It's Work!!).exe
Size	16.4MB
Processes	920 (None)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`2004d68fd6497826d98fd86eb86e7ce6`
SHA1	`43e05846db7024bc53669a3227b26d235a36599f`
SHA256	`52e65ec32c407ff9863203d631276d925416dc9f01d5e0fd00271f0dc7dc9dd5`
CRC32	`E49A78C3`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	75a3a4e2e698e405_winrar 4 (with crack).exe
Filepath	C:\Windows\Intelx386\WinRar 4 (with crack).exe
Size	9.9MB
Processes	920 (None)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`1d659fedb76e3778813a423446221fb4`
SHA1	`7de55378772370e6a2aa7efc51a6af35385be5b6`
SHA256	`75a3a4e2e698e4057cbc7c793e638de7db76ed650f595be31f91e73fb364be3f`
CRC32	`F3BEB614`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	977aeef3fcb7dff0_msn messenger 6.3.exe
Filepath	C:\Windows\Intelx386\MSN messenger 6.3.exe
Size	9.6MB
Processes	920 (None)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`05a16d2ce62289e68d01fa98cc327af9`
SHA1	`889c56dc2b015a2ae51007a00693dea1fb1c9f3a`
SHA256	`977aeef3fcb7dff0a8c14536387f3f5ccf0a41e632c0f2edd417ac93959df316`
CRC32	`76A7EAB4`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	524d8a3cc5d0aeab_gbaemu.exe
Filepath	C:\Windows\Intelx386\GBAEmu.exe
Size	7.8MB
Processes	920 (None)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`9ca93ed709cbb4330d0db2288ed0335f`
SHA1	`67e00c9d9a9ff8aad9b0ed7d12faf4e228eef7f1`
SHA256	`524d8a3cc5d0aeab60331d454bd08532c15140d01d31333b08aaf9cdf7a9c7a8`
CRC32	`D2E0E20D`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	4b35d7c2d6777923_mazinkaiser pack fondos de escritorio.exe
Filepath	C:\Windows\Intelx386\Mazinkaiser pack fondos de escritorio.exe
Size	8.1MB
Processes	920 (None)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`9c4ed04ec5bd6fd12ababa938598b0c1`
SHA1	`b4db554767012dfcdb513a569713995cd4c37f95`
SHA256	`4b35d7c2d6777923723baa6fef2fe4a0b9e8fd75aa8dbbf2874dab286791f0c6`
CRC32	`05CBD194`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	fdcc6f28f2055c4b_3d movie maker.exe
Filepath	C:\Windows\Intelx386\3D Movie Maker.exe
Size	7.8MB
Processes	920 (None)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`e5baed7c1558f25b2781890d46e85994`
SHA1	`9fecae73ae1b5b2ca83db56501e95a96ba974b4b`
SHA256	`fdcc6f28f2055c4bf0a7d96bb975fb0b4d36c6fe9878ae16e3429ead7dc9bff0`
CRC32	`91CAF023`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	242bef2468bfc067_winamp skings and plugins.exe
Filepath	C:\Windows\Intelx386\WinAmp skings and plugins.exe
Size	7.5MB
Processes	920 (None)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`39a2ab71c7e1b82a204058a983a894c9`
SHA1	`3f909b4aae83a443302bd44aadbdc59718ae2e68`
SHA256	`290069c6c33f910cb33a612712679378c6078dfe5dec3f01b20bfe63e107fad1`
CRC32	`9A6709A8`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	596d05df14e109be_gamecube emulator.exe
Filepath	C:\Windows\Intelx386\GameCube Emulator.exe
Size	7.7MB
Processes	920 (None)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`1708fd9d40d82798acb5db46274c3dd8`
SHA1	`7389956e2500382023d4659eba16d162cdf72ae7`
SHA256	`596d05df14e109bed6feefa417759814f054e5e44febe72e83ed60e8ab93f913`
CRC32	`51F09882`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	3991d01bc1f91051_flashget max acceleration (experimental).exe
Filepath	C:\Windows\Intelx386\FlashGet Max acceleration (Experimental).exe
Size	7.9MB
Processes	920 (None)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`a223268d9df7f32d2e81cf2dcf9c1b43`
SHA1	`2e320155ed51775eeae789708c080f5a0d4ebc64`
SHA256	`1dc507e2f51a5b08eb05e6e87438e122a16674a9d0657f3abfe55d68ebb82d77`
CRC32	`687297C5`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	6dc46f4c33033a3b_chenoa en cueros.exe
Filepath	C:\Windows\Intelx386\Chenoa en cueros.exe
Size	7.7MB
Processes	920 (None)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`4f394f7acee4357288462ad22e4e66fe`
SHA1	`d369d215d6859d0d7fbfbd801ceba4c9dce020ce`
SHA256	`6dc46f4c33033a3bd49761ced2d00f6cb9e69e02fea2f9a4ae7381623c65387e`
CRC32	`2FD8346D`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	f3bfa49520f65567_winamp 3 (full version).exe
Filepath	C:\Windows\Intelx386\Winamp 3 (full version).exe
Size	9.7MB
Processes	920 (None)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`3d80d650ba2e5edcc342301812e5848c`
SHA1	`bdba7a9a034f74585a2ae4274fa18f2c2adbdd8d`
SHA256	`f3bfa49520f655676dd8644a93532359ef785963ded5a037e9b33f4cacb37b26`
CRC32	`80F966BB`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	1b769fe5edb44b94_hacha profesional edition.exe
Filepath	C:\Windows\Intelx386\Hacha Profesional Edition.exe
Size	8.2MB
Processes	920 (None)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`25bb4ee8ca3713b3558cbe2d87f5cfb3`
SHA1	`a8014797b5179fb6aeb173b9b1d8962d749fe234`
SHA256	`1b769fe5edb44b9490503f3a4e94e24a3be85e29137f1292acaba9397d58b113`
CRC32	`62132628`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	cfe8d34297027750_winamp skings and plugins.exe
Filepath	C:\Windows\Intelx386\WinAmp skings and plugins.exe
Size	3.7MB
Processes	920 (None)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`834dc514dac52a2a457e0c30f30baf70`
SHA1	`e6692dcea32b59f5fea1eb1a26813a5bb1a9ab57`
SHA256	`202bc955f134c8e3a33a5af96ea836fc358723febf409fee99d5018345916764`
CRC32	`52679C8E`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	6179141fdbf127a0_solo para maricas.exe
Filepath	C:\Windows\Intelx386\Solo para Maricas.exe
Size	7.7MB
Processes	920 (None)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`a2b78b6d0ad4ebf81feba265a777aa2e`
SHA1	`d086b128c373dce76409ce48ddf19ff5f010abc5`
SHA256	`6179141fdbf127a0abdc138f338e0bb40ba6249f5dab583fc0d97b37fb751b13`
CRC32	`CA75412A`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	418bdefeca937b93_chenoa en cueros.exe
Filepath	C:\Windows\Intelx386\Chenoa en cueros.exe
Size	1.3MB
Processes	920 (None)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`214cf71a8b62a66f0a12be962d9b5d85`
SHA1	`a57b8e625701682512420431c24a5a90d84f9331`
SHA256	`1add43ebd74edd56087218c48c9161a45b714f037b640b9b91930c9e87a00a1b`
CRC32	`3D0455CC`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	d659ff9bc816478f_winamp skings and plugins.exe
Filepath	C:\Windows\Intelx386\WinAmp skings and plugins.exe
Size	6.1MB
Processes	920 (None)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`eef45c3613171d929b1c4ba801f96cee`
SHA1	`f52c0312addd10ea83ef9837a1c394a581115b18`
SHA256	`e00412d185e4afd2ac4b70307b5c7759e0b01899970102ca5698697f79b6162d`
CRC32	`9F482E86`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	269d43b098d23c75_winrar v6.11 (with crack).exe
Filepath	C:\Windows\Intelx386\WinRar v6.11 (with crack).exe
Size	10.0MB
Processes	920 (None)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`c4d580ff26d170f6f42330f4d7107936`
SHA1	`34a9f2cae1dfec929998b4cab58ff4f40c359cb3`
SHA256	`269d43b098d23c75f61318ce82e8c121e21c75ffdaa93346196e0255bf4c6353`
CRC32	`5AB9B412`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	5c0e1b937982e2c0_mugen (full).exe
Filepath	C:\Windows\Intelx386\mugen (full).exe
Size	7.7MB
Processes	920 (None)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`acaf0970f5a1b3b8e173af6eac6678d1`
SHA1	`dfe8641b88841541632479fc92d74dce8571f860`
SHA256	`5c0e1b937982e2c0aabd76f5694991953c18db4bf8ac296edd28d9ffd6e6cd01`
CRC32	`C6F1C22D`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	aea3ede7cbdefe14_chenoa en cueros.exe
Filepath	C:\Windows\Intelx386\Chenoa en cueros.exe
Size	7.1MB
Processes	920 (None)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`08ddcde5f5d0b67469d505824946d644`
SHA1	`ba31ad432012636064fd64358d0a1b2d699b72c5`
SHA256	`709b6bd48d18c47f9a1373439c69ed0da44546b730e6b8649b5b0613f027ae68`
CRC32	`2EE29026`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	b853acadc11a59a5_fuck my fat ass.avi.exe
Filepath	C:\Windows\Intelx386\Fuck my fat ass.avi.exe
Size	7.7MB
Processes	920 (None)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`4ffb76d6ea6773961b50eee3a5f62e53`
SHA1	`270a08d96742fead487d83a64ee198555ec3df80`
SHA256	`b853acadc11a59a5344e4c787b8e642555ff990fbbdf9ce5bf7c788c14c1c506`
CRC32	`ABE1F7CF`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	e7e070116ec0c801_pack tonos y logos para nokia.exe
Filepath	C:\Windows\Intelx386\Pack Tonos y Logos para Nokia.exe
Size	9.3MB
Processes	920 (None)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`0f76f5c6ada19bd3c7322d534f9526c3`
SHA1	`cebfb8bc1713f77918ed15a31adf8b59354a4587`
SHA256	`e7e070116ec0c801c4b18948bec20a2958de938e5da104fe2af16f5ac6e55810`
CRC32	`9CC0EF00`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	c56a78b04a868546_capitulos ineditos de dragonball z jamas emitidos.exe
Filepath	C:\Windows\Intelx386\Capitulos ineditos de DragonBall Z jamas emitidos.exe
Size	12.6MB
Processes	920 (None)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`8f8d67ec2274fb39eff86425960a0115`
SHA1	`785cf1e2484a05f50fb9f346943953a00b9b2236`
SHA256	`c56a78b04a868546d8da8866c833cdb8eac3b5e37f709e3dc70c9a67209eddbc`
CRC32	`15276A03`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	e525ebafabed4cb0_hentai shizuka clit.exe
Filepath	C:\Windows\Intelx386\Hentai Shizuka clit.exe
Size	8.0MB
Processes	920 (None)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`b2799728c05f122134ebed99abf37784`
SHA1	`9de08bb2d391dd48b1923ad4c1d9a34a758a2dcd`
SHA256	`e525ebafabed4cb064393f0795ad024d16131ce8beb31160a975e4ad7816f2f5`
CRC32	`3106E8EB`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	7a7b35d8d106f766_chenoa en cueros.exe
Filepath	C:\Windows\Intelx386\Chenoa en cueros.exe
Size	2.1MB
Processes	920 (None)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`e828d1bc80dbcbd4d0d6f59696f28c07`
SHA1	`deb33b66842c8ba1e62c016d85df46e60e0c4edc`
SHA256	`892de2537bbda98da57554d903050f8221c2c78f8dbecf75dbd8294cd25682d1`
CRC32	`559AEDF7`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	e37e20451eac3c3f_shinchan screen saver.scr
Filepath	C:\Windows\Intelx386\Shinchan screen saver.scr
Size	7.8MB
Processes	920 (None)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`efaa70b7647893e8bcac3a9b039a51bf`
SHA1	`cdbfe166fcd047b14e71f92d39b897d640e00410`
SHA256	`e37e20451eac3c3f91698f3ebc371cac6c603ef9894bcd466ef2e4e69d5b0b94`
CRC32	`6DBA6EA2`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	ed013bab84793913_resident evil for gamecube.exe
Filepath	C:\Windows\Intelx386\Resident Evil for GameCube.exe
Size	7.8MB
Processes	920 (None)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`8ca340d9c67ecc619324a083b02cc864`
SHA1	`a9c1d57d4997c773f20d877b38fd1ec4e2e08c28`
SHA256	`ed013bab84793913d8b6a1fdde75760ac016875881e9c11376eb0c243c2bf8fc`
CRC32	`E4CADA7F`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	3a3b34835912eecc_chenoa en cueros.exe
Filepath	C:\Windows\Intelx386\Chenoa en cueros.exe
Size	508.0KB
Processes	920 (None)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`223cdf8c84709c5e188b84050a15842c`
SHA1	`6802e135556ca10a009c534852ef1225e441bc9d`
SHA256	`039847b8913d45568c3d9a7a41fd45ba4416b637160752e9d79fe6b022344f32`
CRC32	`0847E551`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	0f626d57cddfb87e_simpsons pack guiones (temporada 2004).exe
Filepath	C:\Windows\Intelx386\Simpsons pack guiones (Temporada 2004).exe
Size	8.2MB
Processes	920 (None)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`9d45c40f3d73db4180072ad7977179e0`
SHA1	`8c69c2fc863c8bdf789641885797fdbe1f1599a0`
SHA256	`0f626d57cddfb87ec0eb7970a1aa84d57a624999ae3f6a77b35617e3bfae79b4`
CRC32	`62FEED74`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	9ebe393876cd4278_winamp skings and plugins.exe
Filepath	C:\Windows\Intelx386\WinAmp skings and plugins.exe
Size	8.6MB
Processes	920 (None)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`7e224c2f6600041260fa93d0a22dad73`
SHA1	`a39fabe5c9917591df507ef0ca7fbe66134e3e29`
SHA256	`c2b4db83c4c7a2e381ed079bcbe9d113b1fe5a2908988c33300bacfb8c6f4402`
CRC32	`31409ADC`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	06277f62b81f972a_a pelo.exe
Filepath	C:\Windows\Intelx386\a pelo.exe
Size	7.7MB
Processes	920 (None)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`8e9c0c6d3dbccc85af7bc96c25b454cd`
SHA1	`bddea8dac55c98f722fd9c19e54d9b8cc61fb598`
SHA256	`06277f62b81f972a32bb01d6c853b831e199f7a4bb42a59d025a0fc7d8ae844c`
CRC32	`30F29434`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	54f0cf24ae3a219e_winamp 3.5 (full version).exe
Filepath	C:\Windows\Intelx386\Winamp 3.5 (full version).exe
Size	10.1MB
Processes	920 (None)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`5654129de4f5991ceadc2c75ceb31c87`
SHA1	`cda5049221f4769ebf85d476638cbbbb1c13553e`
SHA256	`54f0cf24ae3a219ecb269175772af72a1c9a8e1403340d73d74a50c5271118c3`
CRC32	`CB97BBB5`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	817850d4692ca160_flashget max acceleration (experimental).exe
Filepath	C:\Windows\Intelx386\FlashGet Max acceleration (Experimental).exe
Size	5.7MB
Processes	920 (None)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`b4c795695a161ff7ddd42f08d47867ee`
SHA1	`940b4105474e7dffdbcef2ba503f7b02e05b0a15`
SHA256	`b919e6b7a0a184f5619ea148379d88418dedc510eccbadcb61fc556b9ac4d2f7`
CRC32	`83F564A8`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	3a968d0ce2f3faf9_german extreme violation.mpg.exe
Filepath	C:\Windows\Intelx386\German extreme violation.mpg.exe
Size	7.7MB
Processes	920 (None)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`3ea1eeef4f965c00817328b2d2b2fd46`
SHA1	`3a8b617ad069ba61c9e832493c679406891681d7`
SHA256	`3a968d0ce2f3faf99aa43693d0a72f1552ad66f9ccb60e6b3ca562b9d5de58e1`
CRC32	`E8602A41`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	77f00a7e7542fb7e_realone player (full version).exe
Filepath	C:\Windows\Intelx386\RealOne Player (Full version).exe
Size	8.9MB
Processes	920 (None)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`c650bbba5fc0a11596ca29d4e298278e`
SHA1	`a4aaf5a06c51dbd8ab55f4b40007c9c92cfad65a`
SHA256	`77f00a7e7542fb7e3c980255356cca401a66a96896720f67a9b230e56e7b4c64`
CRC32	`DFD725BD`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	7f0bc275cda93687_download accelerator plus (dap) (full version with serial).exe
Filepath	C:\Windows\Intelx386\Download Accelerator Plus (DAP) (full version with serial).exe
Size	8.8MB
Processes	920 (None)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`ee5360e7099d63c8f71a7b2853334481`
SHA1	`3652c4cb45c987c52105532c3c4325a18bcd847e`
SHA256	`7f0bc275cda936875cd947f431cc859d6d548e6e6ab662f6955afc205252e1b9`
CRC32	`2E795B3E`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	a0d25534b046e5a7_divx 7.2 freeware.exe
Filepath	C:\Windows\Intelx386\DivX 7.2 freeware.exe
Size	8.6MB
Processes	920 (None)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`b769b68c5d3ebdd23a8e57d60a020c85`
SHA1	`f4b97193660b79033cffebfd736b9036c5fbf3eb`
SHA256	`a0d25534b046e5a7f20129eb4b630264b40147c3b48797b093f4248bf7a5f3c1`
CRC32	`C3795C1F`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	dc91ca3b013c45d0_update photoshop 8.0 to photoshop 9.5 (it磗 work!).exe
Filepath	C:\Windows\Intelx386\Update Photoshop 8.0 to Photoshop 9.5 (It磗 Work!).exe
Size	9.5MB
Processes	920 (None)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`f3fdde0758a580d7b7175053ec2b3f50`
SHA1	`6b6ab653da6eb3282e87748440ef96182cd8c6d9`
SHA256	`dc91ca3b013c45d0777df4416c516c77f8b7dd1d0ea05cac01c673fa9df5d39a`
CRC32	`91FC6C3B`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	e897899ca182e7ad_winamp skings and plugins.exe
Filepath	C:\Windows\Intelx386\WinAmp skings and plugins.exe
Size	708.0KB
Processes	920 (None)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`bcefdfc4145a0ef1869d5ff8709bf894`
SHA1	`97b7e4540edca3a1bf3626ac858dbfe80a16e220`
SHA256	`e4b3dc03051dacf087f7b37c5cd75bbdeea7be10507f6716c4d237c2b9616fed`
CRC32	`B0F0CC10`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	2f10b817eaecc958_hentai evangelion poker.exe
Filepath	C:\Windows\Intelx386\Hentai Evangelion Poker.exe
Size	8.0MB
Processes	920 (None)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`07d6022e9798b96341d076c8226426e3`
SHA1	`a4681798a0250b769fdd9154c8a1cb889b2a729d`
SHA256	`2f10b817eaecc958f9f4022816f8c7351ba6d587495802da3c84a4f02d938f32`
CRC32	`434985F1`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	dc6f28847d211e72_dont touch.exe
Filepath	C:\Windows\Intelx386\Dont Touch.exe
Size	7.7MB
Processes	920 (None)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`9801c3e0dcfe016c0298ffd5fec59f2e`
SHA1	`4aed5f0ea19780b1fe700d0c3f3df4245fb33f69`
SHA256	`dc6f28847d211e7276b89dca3893a25591580731ac89af575c38323ae3c8e367`
CRC32	`BDC6176D`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	08418c5d3ad0f914_matrix wallpapers.exe
Filepath	C:\Windows\Intelx386\Matrix Wallpapers.exe
Size	8.4MB
Processes	920 (None)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`a02699226334f7bbcfb6fea3d7a5a578`
SHA1	`6431ac2333ea5deb0c7b5758ede426f5f04da87f`
SHA256	`08418c5d3ad0f91402562907a523a6fcd18ecb0837f4928d704f20e868754778`
CRC32	`542EBB6F`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	38e3c04da565ef5a_dont download.exe
Filepath	C:\Windows\Intelx386\Dont Download.exe
Size	7.7MB
Processes	920 (None)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`394c7f3268cdf95d03143ec6d710a502`
SHA1	`aed9f0d42ca43e0f5c84d6b2019a745f2b053ab8`
SHA256	`38e3c04da565ef5a44b8893d93976717874b681758ac73527d34f63d15d93bf4`
CRC32	`EDC753DB`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	a1e12f2eec8ffaaf_chenoa en cueros.exe
Filepath	C:\Windows\Intelx386\Chenoa en cueros.exe
Size	2.8MB
Processes	920 (None)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`008f6fb63d0f61d5f006c81ff6e58b59`
SHA1	`ceb8142db4bd1dbbf8141c346b90a242f1b03d0b`
SHA256	`7aa797b759e7f79cbe4e731155d0a3140678dabc2c33389d2bf7035fd0dd9030`
CRC32	`F84DF9EA`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	a074f2cabc9709e6_visual c.exe
Filepath	C:\Windows\Intelx386\Visual C.exe
Size	7.7MB
Processes	920 (None)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`d38798feb543a5ca76aced64537426d2`
SHA1	`ed2d369e56bd40e368a35ee9c909def3eea37a19`
SHA256	`a074f2cabc9709e6fcec44f84a5ae87c4dca547fea157f487872d2c01770da1f`
CRC32	`B4676C3A`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	178cd0428abebbcf_flashget max acceleration (experimental).exe
Filepath	C:\Windows\Intelx386\FlashGet Max acceleration (Experimental).exe
Size	6.9MB
Processes	920 (None)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`ff6f8d9b42accd34534d0686c673bf5d`
SHA1	`4a2bb544ac07288a1ae026f36e5bd210794a570f`
SHA256	`083a06dd96e08d7507fc9062d7ed29717179e1c1ac8de78fc47a5203eedb89a7`
CRC32	`D9B6E8FF`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	0c7e4a5ee8c3a1d1_lolita pack 20 pics.exe
Filepath	C:\Windows\Intelx386\Lolita Pack 20 Pics.exe
Size	7.7MB
Processes	920 (None)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`77c6c6f96f39633c0390bf4566f011b9`
SHA1	`454b0111124cca038e601b849016ef8c45d7906d`
SHA256	`0c7e4a5ee8c3a1d1eec0cf6b5dd9b5329ba84cd1002d099db95a5949ea8cca20`
CRC32	`AF2C0C7E`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	9d689f772398ee17_visual studio (full).exe
Filepath	C:\Windows\Intelx386\Visual Studio (full).exe
Size	7.7MB
Processes	920 (None)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`4069a5ed68368f007e725a523d115206`
SHA1	`2ca4e53c46508d9644f0881ca46c3185965561fe`
SHA256	`9d689f772398ee175ce75c8e8ac45007cf9564cd392ec0a28058fda601185bd4`
CRC32	`3482224C`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	e1c1f752e831cc44_winamp skings and plugins.exe
Filepath	C:\Windows\Intelx386\WinAmp skings and plugins.exe
Size	2.6MB
Processes	920 (None)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`233c097f4466ace0223864597551c79f`
SHA1	`ca3e2c44282f0446f011fd26f9c236d13ab881b8`
SHA256	`947345cff52547603707da023f0c4803fcbc2eda01fbec7b2ce6625f58638799`
CRC32	`80DF59FF`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	9a2ae3291ca0a49b_flashget max acceleration (experimental).exe
Filepath	C:\Windows\Intelx386\FlashGet Max acceleration (Experimental).exe
Size	4.7MB
Processes	920 (None)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`736f0b3ffd4f5bae3290783e60b2d5f2`
SHA1	`8159159011a9dfafde149f1637cc5680b0420dcb`
SHA256	`59211692a812536d927ef118d2f8e428c515d05b1c69e855b426cb558069a0ca`
CRC32	`67A96AF2`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	fb2583f88be9d542_rm2gba.exe
Filepath	C:\Windows\Intelx386\RM2GBA.exe
Size	7.7MB
Processes	920 (None)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`e7b4c8d2d220dbb294fbc3883e2ad992`
SHA1	`3abc0e6ee8876434240d8abb2365eceb7594ce8a`
SHA256	`fb2583f88be9d542ac6c9442f4cbeb5b80efa8a0d70789f59a48a92931201dd0`
CRC32	`3E74060F`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	f6beecd1a51f9e3c_winamp 5.0 (full version).exe
Filepath	C:\Windows\Intelx386\Winamp 5.0 (full version).exe
Size	11.0MB
Processes	920 (None)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`7be5c468d16f3800a268827481cf4ae2`
SHA1	`f54ff3f66663e5554baf1f87af1e04a410b75080`
SHA256	`f6beecd1a51f9e3c3c7e74b03d9088583054e7213a725213e71551531577f89f`
CRC32	`D2027118`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	cf17d1b4b617bfbb_chenoa en cueros.exe
Filepath	C:\Windows\Intelx386\Chenoa en cueros.exe
Size	4.1MB
Processes	920 (None)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`56255d82e8507af2121bcf7a9782973a`
SHA1	`9d6d3a0adb851e2344d7c6c31a6e135d485e4bff`
SHA256	`c8f64bb2bf986040da261904db3973e0b015e42a1b1c54680a3804e027ab52b2`
CRC32	`03C0483B`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	e7ad53e0ed926ed0_chenoa en cueros.exe
Filepath	C:\Windows\Intelx386\Chenoa en cueros.exe
Size	6.1MB
Processes	920 (None)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`2cd849950fb028b51595779f79256e2a`
SHA1	`a1dd0ca020edd026f028bc128e65e4ed7ac679f5`
SHA256	`a1073319074ba0e870c714405809140ec1f0fa9384a2fb85bdf7672bbb2e6338`
CRC32	`E62757DA`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	801f48f7da6419f9_flashget max acceleration (experimental).exe
Filepath	C:\Windows\Intelx386\FlashGet Max acceleration (Experimental).exe
Size	3.8MB
Processes	920 (None)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`05ea0d67b9f879ea8038a3d026d91556`
SHA1	`a8f48ad7385b20296a3637470eea9b1b86c39a7b`
SHA256	`bd03cb34cc9e3617357da7369721f6b6634218e4600671a156226ac53d92d69f`
CRC32	`8B7C3B03`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	5c4a3f9b61737050_pack photoshop cs 8 plugins.exe
Filepath	C:\Windows\Intelx386\Pack Photoshop CS 8 plugins.exe
Size	11.3MB
Processes	920 (None)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`4346a6fa11ffab5bdd0c61904719b908`
SHA1	`54f1ee5c11b79fed7aaa2d6302091183328739a0`
SHA256	`5c4a3f9b61737050bc1e7afb4452156401626521fdc31f1689b2f6fcfec0cbf5`
CRC32	`A46804B7`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	c2b4db83c4c7a2e3_pedofilia pack 37 pics.exe
Filepath	C:\Windows\Intelx386\Pedofilia pack 37 pics.exe
Size	8.6MB
Processes	920 (None)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`7e224c2f6600041260fa93d0a22dad73`
SHA1	`a39fabe5c9917591df507ef0ca7fbe66134e3e29`
SHA256	`c2b4db83c4c7a2e381ed079bcbe9d113b1fe5a2908988c33300bacfb8c6f4402`
CRC32	`31409ADC`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	153a4cc3b0aad5fa_wav2mp3.exe
Filepath	C:\Windows\Intelx386\WAV2MP3.exe
Size	7.7MB
Processes	920 (None)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`275ca4eafaf24a5dcf71c656b18bb135`
SHA1	`464a43e9deb8c6d4cf59c818bacb4fce9ef1ac15`
SHA256	`153a4cc3b0aad5fa2a0fb8a760246a13ab8c7b487bafad6c5653d2bbbd2b0d29`
CRC32	`2A05253C`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Sorry! No dropped buffers.

ALYac	Trojan.GenericKD.41570186
APEX	Malicious
AVG	Win32:SillyP2P-X [Wrm]
Acronis	suspicious
Ad-Aware	Trojan.GenericKD.41570186
AhnLab-V3	Worm/Win32.Xema.R70820
Arcabit	Trojan.Generic.D27A4F8A
Avast	Win32:SillyP2P-X [Wrm]
Avira	TR/Drop.Emuni.C
Baidu	Win32.Worm.Agent.bf
BitDefender	Trojan.GenericKD.41570186
CAT-QuickHeal	Worm.SmallPMF.S7658096
CMC	P2P-Worm.Win32.Small!O
ClamAV	Win.Worm.Sillyp2p-7194313-0
Comodo	P2PWorm.Win32.Small.P@32rtt9
CrowdStrike	win/malicious_confidence_100% (D)
Cybereason	malicious.d3dbcc
Cylance	Unsafe
Cyren	W32/Xiquitir.A.gen!Eldorado
DrWeb	Win32.HLLW.Xiquit
ESET-NOD32	Win32/Agent.NIQ
Emsisoft	Trojan.GenericKD.41570186 (B)
Endgame	malicious (high confidence)
F-Prot	W32/Xiquitir.A.gen!Eldorado
F-Secure	Trojan.TR/Drop.Emuni.C
FireEye	Generic.mg.8e9c0c6d3dbccc85
Fortinet	W32/Agent.NIQ!worm
GData	Trojan.GenericKD.41570186
Ikarus	P2P-Worm.Win32.Small
Invincea	heuristic
Jiangmin	Worm.Small.t
K7AntiVirus	Trojan ( 0000da801 )
K7GW	EmailWorm ( 0055a1d81 )
Kaspersky	P2P-Worm.Win32.Small.p
MAX	malware (ai score=89)
Malwarebytes	Worm.Silly
McAfee	W32/Xiquitir.ow!p2p
McAfee-GW-Edition	W32/AutoRun.worm.aasu
MicroWorld-eScan	Trojan.GenericKD.41570186
Microsoft	Worm:Win32/Agent
NANO-Antivirus	Trojan.Win32.Small.femmss
Panda	Trj/Genetic.gen
Qihoo-360	Worm.Win32.Small.B
Rising	Worm.Agent!1.9D8A (CLASSIC)
SentinelOne	DFI - Malicious PE
Sophos	Mal/Generic-E
Symantec	W32.SillyP2P
TACHYON	Worm/W32.Gusanillo.Zen
Tencent	Trojan.Win32.Small.p
Trapmine	malicious.high.ml.score

section	.text\x00U
section	.data\x00U
section	.rsrc\x00s
section	.hoAiXT