1.1
低危
DACN
0.12
FACILE
1.00
IMCLNet
0.65
MFGraph
0.00
反病毒引擎
| 查杀引擎 | 查杀结果 | 查杀时间 | 查杀版本 |
|---|---|---|---|
| Alibaba | DDoS:Win32/Nitol.53a62737 | 20190527 | 0.3.0.5 |
| Avast | Win32:Malware-gen | 20200518 | 18.4.3895.0 |
| Baidu | None | 20190318 | 1.0.0.2 |
| CrowdStrike | win/malicious_confidence_100% (W) | 20190702 | 1.0 |
| Kingsoft | None | 20200518 | 2013.8.14.323 |
| McAfee | BackDoor-FDKM!970FE1C79E9E | 20200518 | 6.0.6.653 |
| Tencent | Malware.Win32.Gencirc.10b9d3a0 | 20200518 | 1.0.0.1 |
静态指标
动态指标
在 PE 资源中识别到外语
(4 个事件)
| name | RT_ICON | language | LANG_CHINESE | filetype | None | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | offset | 0x0000dd08 | size | 0x000002e8 | ||||||||||||||||||
| name | RT_MENU | language | LANG_CHINESE | filetype | None | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | offset | 0x0000dce8 | size | 0x0000001c | ||||||||||||||||||
| name | RT_GROUP_ICON | language | LANG_CHINESE | filetype | None | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | offset | 0x0000dff0 | size | 0x00000014 | ||||||||||||||||||
| name | RT_VERSION | language | LANG_CHINESE | filetype | None | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | offset | 0x0000d9e8 | size | 0x00000300 | ||||||||||||||||||
网络通信
与未执行 DNS 查询的主机进行通信
(1 个事件)
| host | 114.114.114.114 | |||
文件已被 VirusTotal 上 62 个反病毒引擎识别为恶意
(50 out of 62 个事件)
| ALYac | Trojan.GenericKD.5210882 |
| APEX | Malicious |
| AVG | Win32:Malware-gen |
| Acronis | suspicious |
| Ad-Aware | Trojan.GenericKD.5210882 |
| AhnLab-V3 | Trojan/Win32.Magania.C1982100 |
| Alibaba | DDoS:Win32/Nitol.53a62737 |
| Antiy-AVL | Trojan[GameThief]/Win32.Magania |
| Arcabit | Trojan.Generic.D4F8302 |
| Avast | Win32:Malware-gen |
| Avira | HEUR/AGEN.1111317 |
| BitDefender | Trojan.GenericKD.5210882 |
| BitDefenderTheta | Gen:NN.ZexaF.34110.eq1@aSqtUcgj |
| ClamAV | Win.Trojan.Agent-7821069-0 |
| Comodo | Malware@#3n17prc64jqxe |
| CrowdStrike | win/malicious_confidence_100% (W) |
| Cybereason | malicious.79e9e8 |
| Cylance | Unsafe |
| Cyren | W32/Zusy.DR.gen!Eldorado |
| DrWeb | Trojan.DownLoader24.62571 |
| ESET-NOD32 | a variant of Win32/ServStart.OS |
| Emsisoft | Trojan.GenericKD.5210882 (B) |
| Endgame | malicious (high confidence) |
| F-Prot | W32/Zusy.DR.gen!Eldorado |
| F-Secure | Heuristic.HEUR/AGEN.1111317 |
| FireEye | Generic.mg.970fe1c79e9e8fee |
| Fortinet | W32/GenKryptik.AWIY!tr |
| GData | Trojan.GenericKD.5210882 |
| Ikarus | Backdoor.Win32.Inject |
| Invincea | heuristic |
| Jiangmin | Trojan.Generic.azwzs |
| K7AntiVirus | Trojan ( 00552a141 ) |
| K7GW | Trojan ( 00552a141 ) |
| Kaspersky | HEUR:Trojan.Win32.Generic |
| Lionic | Trojan.Win32.Generic.4!c |
| MAX | malware (ai score=100) |
| Malwarebytes | Trojan.ServStart |
| MaxSecure | Win.MxResIcn.Heur.Gen |
| McAfee | BackDoor-FDKM!970FE1C79E9E |
| McAfee-GW-Edition | BehavesLike.Win32.Backdoor.km |
| MicroWorld-eScan | Trojan.GenericKD.5210882 |
| Microsoft | DDoS:Win32/Nitol.A |
| NANO-Antivirus | Trojan.Win32.ServStart.fthkls |
| Paloalto | generic.ml |
| Panda | Trj/Genetic.gen |
| Qihoo-360 | Generic/HEUR/QVM07.1.F004.Malware.Gen |
| Rising | Worm.ServStart!8.10D (TFE:dGZlOgZLqBav9MrMew) |
| Sangfor | Malware |
| SentinelOne | DFI - Malicious PE |
| Sophos | Troj/AutoG-EB |
二进制图像
288x288
224x224
192x192
160x160
128x128
96x96
64x64
32x32
运行截图
暂无运行截图
该样本运行过程中未生成截图
PE Compile Time
2017-05-28 07:04:42
PE Imphash
2605e8bed77a0a6ed7560c073415349e
Sections
| Name | Virtual Address | Virtual Size | Size of Raw Data | Entropy |
|---|---|---|---|---|
| .text | 0x00001000 | 0x00002362 | 0x00003000 | 4.993275430724506 |
| .rdata | 0x00004000 | 0x00000ee3 | 0x00001000 | 4.56215031299933 |
| .data | 0x00005000 | 0x00007ab4 | 0x00008000 | 6.747479217379992 |
| .rsrc | 0x0000d000 | 0x000011b8 | 0x00002000 | 2.179587629438633 |
Resources
| Name | Offset | Size | Language | Sub-language | File type |
|---|---|---|---|---|---|
| RT_ICON | 0x0000dd08 | 0x000002e8 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | None |
| RT_MENU | 0x0000dce8 | 0x0000001c | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | None |
| RT_DIALOG | 0x0000e008 | 0x0000009e | LANG_ENGLISH | SUBLANG_ENGLISH_US | None |
| RT_DIALOG | 0x0000e008 | 0x0000009e | LANG_ENGLISH | SUBLANG_ENGLISH_US | None |
| RT_DIALOG | 0x0000e008 | 0x0000009e | LANG_ENGLISH | SUBLANG_ENGLISH_US | None |
| RT_DIALOG | 0x0000e008 | 0x0000009e | LANG_ENGLISH | SUBLANG_ENGLISH_US | None |
| RT_DIALOG | 0x0000e008 | 0x0000009e | LANG_ENGLISH | SUBLANG_ENGLISH_US | None |
| RT_GROUP_ICON | 0x0000dff0 | 0x00000014 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | None |
| RT_VERSION | 0x0000d9e8 | 0x00000300 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | None |
Imports
Library MFC42.DLL:
• 0x40402c None
• 0x404030 None
• 0x404034 None
• 0x404038 None
• 0x40403c None
• 0x404040 None
• 0x404044 None
• 0x404048 None
• 0x40404c None
• 0x404050 None
• 0x404054 None
• 0x404058 None
• 0x40405c None
• 0x404060 None
• 0x404064 None
• 0x404068 None
• 0x40406c None
• 0x404070 None
• 0x404074 None
• 0x404078 None
• 0x40407c None
• 0x404080 None
• 0x404084 None
• 0x404088 None
• 0x40408c None
• 0x404090 None
• 0x404094 None
• 0x404098 None
• 0x40409c None
• 0x4040a0 None
• 0x4040a4 None
• 0x4040a8 None
• 0x4040ac None
• 0x4040b0 None
• 0x4040b4 None
• 0x4040b8 None
• 0x4040bc None
• 0x4040c0 None
• 0x4040c4 None
• 0x4040c8 None
• 0x4040cc None
• 0x4040d0 None
• 0x4040d4 None
• 0x4040d8 None
• 0x4040dc None
• 0x4040e0 None
• 0x4040e4 None
• 0x4040e8 None
• 0x4040ec None
• 0x4040f0 None
• 0x4040f4 None
• 0x4040f8 None
• 0x4040fc None
• 0x404100 None
• 0x404104 None
• 0x404108 None
• 0x40410c None
• 0x404110 None
• 0x404114 None
• 0x404118 None
• 0x40411c None
• 0x404120 None
• 0x404124 None
• 0x404128 None
• 0x40412c None
• 0x404130 None
• 0x404134 None
• 0x404138 None
• 0x40413c None
• 0x404140 None
• 0x404144 None
• 0x404148 None
• 0x40414c None
• 0x404150 None
• 0x404154 None
• 0x404158 None
• 0x40415c None
• 0x404160 None
• 0x404164 None
• 0x404168 None
• 0x40416c None
• 0x404170 None
• 0x404174 None
• 0x404178 None
• 0x40417c None
• 0x404180 None
• 0x404184 None
• 0x404188 None
• 0x40418c None
• 0x404190 None
• 0x404194 None
• 0x404198 None
• 0x40419c None
• 0x4041a0 None
• 0x4041a4 None
• 0x4041a8 None
• 0x4041ac None
• 0x4041b0 None
• 0x4041b4 None
• 0x4041b8 None
• 0x4041bc None
Library MSVCRT.dll:
• 0x4041c4 __getmainargs
• 0x4041c8 _initterm
• 0x4041cc __setusermatherr
• 0x4041d0 _adjust_fdiv
• 0x4041d4 __p__commode
• 0x4041d8 __p__fmode
• 0x4041dc __set_app_type
• 0x4041e0 _except_handler3
• 0x4041e4 _controlfp
• 0x4041e8 _acmdln
• 0x4041ec _XcptFilter
• 0x4041f0 _exit
• 0x4041f4 ??1type_info@@UAE@XZ
• 0x4041f8 _onexit
• 0x4041fc __dllonexit
• 0x404200 free
• 0x404204 realloc
• 0x404208 _CxxThrowException
• 0x40420c printf
• 0x404210 fopen
• 0x404214 fclose
• 0x404218 exit
• 0x40421c __CxxFrameHandler
• 0x404220 _stricmp
Library KERNEL32.dll:
• 0x404000 Sleep
• 0x404004 GetModuleFileNameA
• 0x404008 GetProcAddress
• 0x40400c LoadLibraryA
• 0x404010 HeapAlloc
• 0x404014 IsBadReadPtr
• 0x404018 HeapFree
• 0x40401c FreeLibrary
• 0x404020 GetModuleHandleA
• 0x404024 GetStartupInfoA
Library USER32.dll:
• 0x404228 LoadIconA
• 0x40422c SetTimer
• 0x404230 SendMessageA
• 0x404234 AppendMenuA
• 0x404238 GetSystemMenu
• 0x40423c DrawIcon
• 0x404240 GetClientRect
• 0x404244 GetSystemMetrics
• 0x404248 IsIconic
• 0x40424c wsprintfA
• 0x404250 EnableWindow
Exports
| Ordinal | Address | Name |
|---|---|---|
| 1 | 0x401c70 | Musalut |
L!This program cannot be run in DOS mode.
`.rdata
@.data
VPjft$
F =0B@
SWVL$ ^
SUVL$<Wuw
l$ D$$
T$@P|$<D
D$@Q|$<L
L$@R|$<T
T$@P|$<D
D$@Q|$<L
L$@R|$<T
T$@P|$<D
D$@Q|$<L
L$@R|$<T
T$@P|$<D
L$,_^]d
UIWWL$
33~3S\$
F;|[_^]VW=
SVWEehG@
u;|k=p@
EMEaEiEnE
_^]3[Yj
_^]3[Yj
3_^][YC
r8~aCj
CL$ D$
g_^][Y
3E(:fG
g^[_]Y
vVUVW<
F|xWD$
_^]3[Y
4Vt$HL$$VD$D
L$$RD$D
T$PrVRT$,PQL$4RdD$
L$PD$@.
hSVWe3
EPEPEP
0u>"u:Fu
<"u>"u
> vFuj
YY3%A@
MBM`pF@
MRMMMMXH@
MFC42.DLL
__CxxFrameHandler
fclose
printf
_CxxThrowException
realloc
__dllonexit
_onexit
MSVCRT.dll
??1type_info@@UAE@XZ
_XcptFilter
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
_controlfp
GetModuleFileNameA
GetProcAddress
LoadLibraryA
HeapAlloc
IsBadReadPtr
HeapFree
FreeLibrary
GetModuleHandleA
GetStartupInfoA
KERNEL32.dll
EnableWindow
LoadIconA
SetTimer
SendMessageA
AppendMenuA
GetSystemMenu
DrawIcon
GetClientRect
GetSystemMetrics
IsIconic
wsprintfA
USER32.dll
_stricmp
MDat.dll
Musalut
3F0D3F0J H0
gELgd,i@f@6oT4Q) P'^*oGfR! A3^di]ft
K=N$3F0D
U_b) B
WRZ%X/&
30nY3F0D
3F043F0T
3F0D3F0@
3F0m3FpD
3F0D3F@
3hD!xGF0D|yF0D
ShB aG'0D>F0D`3F0J
shT%tRF0D
"F0Dp3F0H
hB!l\%0D6F0D3F0B
&0TbtG
`3F0E3u
3F$F0D3F0
7t`(}t`)gl`*
+D`hObX
#60TDGAu}
3Eu<-Tp3V8$#D
F0D@?3F0
3GEH.V@D
C5Tp3V1D
3L` &E
~`V2F01
rDEfbfE
3GEH.V@D
h(=Tp3V8$+?03
#60TOb$u
ct`H`t`Icl`JS$
`2F0u'
Dt`xsF0DE~
&0TsF0D3
&0Twb@
$[t`xad`t
Xpp3VbD
3FQ<SF D
s&0TbE
R$F0DPU
$F0Dh 60TP
t`Xut`\
$At`YZt`Z]t`[Wt`]pt`^ct`_ft`avt`b
'wbT+wbU\
$kG0DQS$
3F0,$CF
d%`a3V
1N2~FH
6]}KG0Dwb$.
?22F0=&0TS
9mB?3F0>1I
2F0KF0DS
3FB}d`
$F0Dh'60Twb
33To4E
jpoE0D"t`,
FMQSF HF
3F0DQS(%
vF}:;}DE19
rF0DB|;ED
DTgb4~GJ
3L3:'`d`
TPc%`3VL
3F0wB0
x0G50%7KF0D
CF Eu9
#O=#60T
G(73V#TD
HGxx0#50
Sx0Ty
#stF <V@D
#<=#60T
DPHGLx1-fzD
3FH3V~(
D0Dtqg-t3V
1F0&2:
#5dF EHge
j< s3V9
E3MJPUQSF
QSF .>
#Hw70TI
3FZd3
YIiw;.
DGMmDG
''0TJq3VVBF "v2DPSP%
1FQ`RF ,
3FiE,0.
YDQRF
QhRF 3<
nf?uHj7
0DFNQXRF Fw`M?
3u D0EV
#,?3I0.
YFQ(SF Gkf
hG?DGb
nQSF 5&0Tv`
3F`Ez0D
u%`3VX
3FQSF E
Q4RF G
f5&0TF
h3G0D&PD
QdRF 2
FNQTRF GMG@3;4w
w3F0SL%
2F0w,8
6KKG0D
#5t3V1D
d%,`3V
3FT}3V
#%(`3Vg
KiG0DH{I
Xxt3Vfy
c%Ta3V
S&0TWSl$
3FQXSF
QHRF ?
#uPSd$
`3VQSF
3VQlRF 50T&*QD
,FQdSF
DJWSP$
#%(a3V
{&0TVr
h 20TP
P[D0DSp%
3%`3VqF
sEL&>PD
G&0T3Mn
PYFQpSF
Vc%`3V!3,*Ec
!*K0DYQ
3 ac,*
a3V!3M
Vd,pwj
ZD&6PD
EvN`,?3I0
%|`3Vo
EJFNQ@SF .
kweYXa3VX
W38w`.1D 3% `3V;2>
3Q@RF
F?DS`%l`3V
+&0T9F^E
F~QSF y17F01+[1K
}KG0DS`
P[D0DS
FVQhSF
3F0M"I
#%L`3Vy
3FIHF
&0Twb
h1D0D&QD
#%`3VqF
p3VAGF E
GHxKF0DHG
3F0 W[48
hG0D&PD
#FYHF
3FQSF %7:0T
3F05=0T6KD
5F0D.E
3%`3Va
OF D6KD
i0"#DV0EEP
h40Th{40TV
hw20Tj3%
3F`,BF
;E0Dfs3V
0F0@F
/uwaSF %7'0Twb8FH
AF :.K
OIF 1?[0D
30Tu7uff0
CF F 3F0
=3Vfq}6
1E?3<Fqg
DAEEbWe
u0guHNJ00
#FENGb4
a3Vf,PGF ,GF
g&0TPS`$
g,`GF ,GF
g&0TPS`$
#=c&0TP
Xt3VXt3V
h20Th20T
#0wb,T
_wb-7wb.
t`,\|`-
3F0 r1D
`3Vg,GF ,GF
h20Th20T
$oG0D
D0# DG
`\2F0u
ZDj1,2"wb
'0Tgb .
#F0,F0
t3V104k%
1YRQSF =20T
FZD&PD
`3Vg,GF ,GF
h20Th20T
#cK3F0|
h1D0Du
gb,"wb$F
d|` b
$%@wb$.
YGZF&QD
3FkL0D7FXD
"-`3V
#GD\j3
hc20Th20T
`3V`[DD
h20Th20T
h1D0Du.
ZE1F0Dj0
3|`0UL` b)@wb
P0Fwb Lgb,T
yGF Et
3t` YV`
,2F0K3F0
8$;5&0T2F0D9
KR0DNX
?G0DSf
k?G0De
3F0|7^
GR(Yhx+0
2F0GZ(w
3Fk?G0D
3F0D22D
3F0Dob,
D.CGZ8V^
F]0DNt
8GAE3F@
du,GF ,GF \
c,GF ,GF
xF0Db<E
3F$/D0Db
h1D0Dgbdwd0D
$ut`XVj0,2t
V#D0DP{
RF0Dwb$%
$#|`8Ut`X
#D0Df2
$W"wbZ
3FbYYVD
3F0EwbD
ed`x0DMT
$KL`|
wb@w1D
3`3F0E
3GpOb,uT
:mDG|`|bF@3
d`pL0D
0Dj uw
$[d`tUD
"$F0Df
3F$F0DbD
3 $?G0DR
s?wb$Kt
Xt3VXt3VQTSF
3`|2F0D
3}KF0DbLE
$F0DgbX
a3ViSF
&0T#F0D3L`<
t3VDxgb D
YFZDb(F
j3%`3Vf
h330Tb F
qGF 0P
3F0YFQSF
h20Th20T&
3`2F0D ,F0D3
$G0DRc
`2F0+M
$#d` b
ZDj3,0.
YF$+D0Dj3
D\hU0D&PD
"$F0DRc
1F0,DF
7APYD_
.$3D0DP
`l2F07CbD
Zi|RF =20T
Xt3VXt3V
c,GF ,GF
3`T2F0D wb
`H2F07t`
^j3,2.
YBb[G D
ft`$3F0Dgb
3Fh3N0D# 3D0D{;D
3FELj6%`3VwE0D|i,0
Xt3VXt3VQTSF
3`,2F0D
7APYD<
h;?0TRSx%
`3VyGF Etz
j3%`3Vo
g,GF ,GF
g&0TPS`$
$#3F0w
3F$G0D
YHRF -O'0TfyGF E
3F$F0DP
`2F0u;
Pj6%`3V.
m UZh#0Thsr0TdF0D
hS20Th20T
`=c&0Tuh20Th20T
,GF ,GF cE.0
Xt3VXt3V
hF0Dj0,2U}.D
E\2F0D~T
3F0D_m
3xH2}0
3FX3FgU
#GECSS$
3F1Du#@
C'0TPS%
a3F0#
Gb<w1: g
YGZF&QD
N2D&&QD
EKVS\%
Xt3VXt3V
c,GF ,GF
3F$7D0D
$rl`Br
c,3F01
$$F0DP}
$-%a3V$F0D
s4YRVD
$St`a5t
<6F0DGb
f$F0Df
3F0,3F0r
`,3F0c
`,3F0T
`,3F0E
{'0Th3G0Df
a%a3VhS0DGb
`[F5Ut`(
|`xC0D
3F0$+L`xUt`<A
`3F0"wb
b$F0Dwb`
:ZlRc%a3V
CC0DSf
h20Th20T
`3V`[DD
3`2F0D 3G0Dr
f,3F0.
^nu 65D
$rd`C{0
#G?S2F0D
_0"Gb,"Gb.D
QHRF +.,@
3"wb*D
$CG0Df
6F0DbE
3 0$%D`
3F$G0Dt
$%t`DYV`.
h20Th20T&
`<2F0qSF
3F0}=20Tt{
`(2F0L
#=c&0TP
Xt3VXt3V
`3F0u"wb(F
Ut`&S%
YBb[G D
et`(3F0Dgb
^ZTPYF$F0DSb
OFZK&PD
c&0TF0DOb$
+-8a3V-&0TDG
t3V10I
3FE=3V0Dsm
h$3F0DWb0w
D2a0F0DuM
2GELF0DFn
B~06D82
DQ2|G@t
3F0DXF0k3F/
E-0D^XF0
XF0j3F.
,0DYF0j3F0D
A/0D|ZF0i3F-
/0DZF0i3F-
YF0Zj3F
a,0DhYF0m3F)
ZF0h3F,
.0D[F0h3F,
o.0DP[F0
.0DZF0>m3Fn)
*0D_F0l3F(
'+0D_F0l3F(
*0D_F04l3F(
3F0k3F>(
3F0D<_F0D
3O0D!F0
N0DGF0
M0D'F0
3F0zm3F
3F003Vw
Egfnb&
Egfnb&
Egfnb&
Egfnb&
jhG+0D
3F0O3V"
3F0DvYF0
3F0DYF0
3F0DXF0D`3F#
3F0D0_F0ta3F#
3F0DL_F0
3F0Dd_F0
^F0`3F4,
3F0DP^F0a3F0D
-0DXF02k3Fn/
-0D(XF0Rk3F4/
,0DYF0j3F.
3F0DdZF06i3FL-
/0DZF0i3F-
/0DNZF0i3F .
,0DBYF0
+0D:ZF0di3F$-
.0D[F0h3F,
.0Dp[F0
#.0D([F0dh3F-
3F0l3F(
*0D ^F0Pm3F(
*0D_F0l3F(
*0D_F0l3F0D
=*0D _F0D
S0Dk*0D
E0D?F0
50D$F0
iP-s+u]20DV0
\!eCF5FG_)R%l~#]+rJ
D%tF5u<
I7tV+y*f\FGl@2B'pJ
U0C\+@1tV4~%mV
U0VV4C-o]
Gw!t`?C0e^
U"aF*D
'^#uR!UD
\Fs6eR2U
X6eR"`6i\4Y0y3
E6rV(D
E6rV(D
r\%U7s3w3
B-oA/D=C_'C7
Y(er2D6iQ3D!srF0
_5D6cR2qD
kGw!tv(F-r\(]!nG
Q6iR$\!A31
Q0h}']!A3;1
_ u_#v-lV
Q)erF0
v>Y0PA)S!s@FGWZ(u<ePFEGV2`6oP
T rV5CD
aD|+aW
Y&rR4I
U)pc'D,A3F
DC_)C!HR(T(e32
e_#Q7e~3D!x3FFOC#^
33(sG4\!nrF0
_5D6cC?^
Eg6iG#v-lVF+GSV2v-lV
_-nG#BD
`Fs6eR2U
i_#qDC3
_4yu/\!A31
Y*d\1C
iA#S0oA?qD
'C0EA4_6
aZ2v+r`/^#lV
R.eP20
u4U!LZ$B%rJF{
323sC4Y*tU
v.W*\D
Gb!gp*_7ex#ID2
U#QF#B=VR*E!EK
U#OC#^
Ft!lV2U
eA0Y'e3x0
eA0Y'e{'^ lVF0
|6U*SV4F-cV
}%nR!U6A3F4FRV!c!te'\1ev>qD
Gb!g|6U*KV?qDI1
U6vZ%U
De*l\%[
eA0Y'ew'D%bR5UD43
X%nT#c!rE/S!C\(V-g
)S/SV4F-cV
Q0aQ'C!
WFs6eR2U
eA0Y'erF0
eA0Y'e`2Q0u@F0H
a#W-sG#B
eA0Y'ep2B(HR(T(eA
`2Q6t`#B2iP#s0r_
Y7pR2S,eA
hT(l3FNDS{
X%nT#~+tZ ID
:Gc,e_*u<eP3D!EK
`.U(lv>U'uG#qDS{
hT(l30
Hw#\!tV
U=A3Fc
.W*\D(3
l_F0T
mDV6eVF0
^'\(oPF0
@6B-nG 0
A#Q(l\%0
327rR(TD12Y)e3F
FaG)YD
DC0r]%@=
DC0rP5@*
DC0r@2BD
Fo!xP#@0_['^ lV4
RghT(l3F?E_Z(Y0tV4]D3
Q jF5D
Fw!tz d%b_#0D
U0AW'@0eA5y*f\FY4h_6Q4i
i@'R(eg.B!aW
Y&rR4I
a_*CD3
H-tg.B!aWF0
g#B)i]'D!PA)S!s@F0"
p4U%tV
B+cV5C
3FD*jF0D
+0D^F0633F)
l_F}%i]F0D
SJ5D!mo
U*tA'\
r\%U7s\4lt
aQ%T!fT.Y.k_+^+pB4C0uE1H=z
3F0D%PF0
aQ%T!fT.Y.k_+^+pB4C0uE1H=z
|93FG3w
$Q-dFhS+m3F0j
3cCas3F0D%WhU<e3FLD
~3C%lF20D
3Fw!tg/S/C\3^0
3F0#eG._7tQ?^%mVF0DGV2c=sG#]
iA#S0oA?qDl@2B'aG
3*C0rP6I
3F0,t\(CD
35U0s\%[+pGF0
D%rG3@D
P*_7e@)S/eGFg
A`)S/eG
0DgV2X+sG(Q)e3G0D
jd_*0D
p)^0e]2
dtV>DkhG+\I
r%S!pG|
0eK2 ,t^*
l=NU@#BiAT#^0:~)J-l_' q.
Y*uKfYr8
m t#S/o
| u/B!f\> ad
dd%@fx
j1>Lb!fV4U6:
khG2@~/
p)^*eP2Y+n
fs(o@#=NCR%X!-p)^0r\*
dn\kS%c[#=N
o]2U*t
fD!xGiX0m_K:
dtV>DkhG+\h
f5U6-r!U*t
_>i_*Qk4
lc\+@%tZ$\!;
i]"_3s
u)>L=N
o]2U*t
fD!xGiX0m_K:
cP#@0:
.D)l f
k*>Le7eAkq#e]2
oI/\(a
%_)pR2Y&lV}
d/^ oD5
f}=Ivf
w=NH\5D~
ad>L=N
dd%@fx
j1>Lq'cV6D~ Z+Q#e
/]%gViHixQ/D)aCj
-mR!UkjC#Wh Z+Q#e
6Z4eTj
%pC*Y'aG/_*/KkC,oP-G%vVkV(a@.
daC6\-cR2Y+n
0^ .^5
!xP#\h R6@(iP'D-o]iF*d
+Cip\1U6p\/^0,
'@4lZ%Q0i\( )sD)B ,
a]!E%gV|
r%S!pGku*c\"Y*g
fW>iCj
eU*Q0e>Le7eAkq#e]2
oI/\(a
%_)pR2Y&lV}
dWZ(T+w@f~
fu)>Lx+sG|
p)^*eP2Y+n
f{!eCkq(iE#=N
dd%@fx
j1>Lq'cV6D~ Z+Q#e
/]%gViHixQ/D)aCj
-mR!UkjC#Wh Z+Q#e
6Z4eTj
%pC*Y'aG/_*/KkC,oP-G%vVkV(a@.
daC6\-cR2Y+n
0^ .^5
!xP#\h R6@(iP'D-o]iF*d
+Cip\1U6p\/^0,
'@4lZ%Q0i\( )sD)B ,
a]!E%gV|
r%S!pGku*c\"Y*g
fW>iCj
eU*Q0e>Le7eAkq#e]2
oI/\(a
%_)pR2Y&lV}
dWZ(T+w@f~
fu)>Lx+sG|
as>Ls+n]#S0i\(
dKV#@iA_/F!
cP#@0:
/]%gViW-f fY)aT# <-K$Y0mR6
di^'W!/Y6U#,
/]%gVi@.pV!
daC6\-cR2Y+n
7h\%[3aE#
"lR5Xh R6@(iP'D-o]iF*d
+CieK%U(,
'@4lZ%Q0i\( 2nWh]7-C)G!rC)Y*t fQ4p_/S%tZ)^km@1_6d f
k*>Lq'cV6DiLR(W1aT#
dz[kS*
nP)T-nT|
ddV \%tVK:
gV(D~M\<Y(lRi
nS+mC'D-b_#
dWZ(T+w@f~
_*nV%D-o]|
cTj%Wh
2F0H0wvwui
90|:~&
:T|^~u
"2@tIv
3Su[wv
}4srNp
<z{fyk
|1qwxuN
&1YwEu~
2PtBv|
P3)ubwW
v4qr`pX
-4ErNp
G6;p>r
6bpfr^
/6DpLr
92|7~-
:i|R~j
F0D@3FD
)4@rLp
R7Qq\s
0D3F080vt
a7 qvsQ
F0D`3F<D
3EgoRHRIVCx0VHRIQFQkLExMTQw==
Serbieq
Microsoft .Net Frameworhk COMb+ Suppoht
Microsoft .NET COM+ Integration with SOAP
GetProcessHeap
VirtualAlloc
VirtualFree
VirtualProtect
KERNEL32.dll
.?AVtype_info@@
HrCg@b
x(k-omm_ii fO
q x^Z{x
DpD1aUySEvDpD1aUySEvDpD1aUySEvDpD1aUySEvDpD1aUySEv9OjC5NV0ym9OjC5NV0ym9OjC5NV0ym9OjC5NV0ym9OjC5NV0ymob8vtCvJR5ob8vtCvJR5ob8vtCvJR5ob8vtCvJR5ob8vtCvJR5FHNbCkIsl
FHNbCkIsl
FHNbCkIsl
FHNbCkIsl
FHNbCkIsl
JkrJvp9y23JkrJvp9y23JkrJvp9y23JkrJvp9y23JkrJvp9y23Gl8ir7cLa
Gl8ir7cLa
Gl8ir7cLa
Gl8ir7cLa
Gl8ir7cLa
YM5jlad7aIYM5jlad7aIYM5jlad7aIYM5jlad7aIYM5jlad7aIyxjCl7HJNkyxjCl7HJNkyxjCl7HJNkyxjCl7HJNkyxjCl7HJNknR3rnY7OSqnR3rnY7OSqnR3rnY7OSqnR3rnY7OSqnR3rnY7OSqPfZ7nKgk8
PfZ7nKgk8
PfZ7nKgk8
PfZ7nKgk8
PfZ7nKgk8
jzXT1XzH
jzXT1XzH
jzXT1XzH
jzXT1XzH
vMCoHXWtCvMCoH
XWtCvMCoH
XWtCvMCoH
XWtCvMCoH
IbYJ7yaW2mIbYJ7yaW2mIbYJ7yaW2mIbYJ7yaW2mIbYJ7yaW2mjNYX0n44ztjNYX0n44ztjNYX0n44ztjNYX0n44ztjNYX0n44zt1IEUxHcr
1IEUxHcr
1IEUxHcr
1IEUxHcr
1IEUxHcr
q5g3pe95g2q5g3pe95g2q5g3pe95g2q5g3pe95g2q5g3pe95g2P2OWeCg80xP2OWeCg80xP2OWeCg80xP2OWeCg80xP2OWeCg80xWUuym9l3W
WUuym9l3W
WUuym9l3W
WUuym9l3W
WUuym9l3W
lRlRSIezqSlRlRSIezqSlRlRSIezqSlRlRSIezqSlRlRSIezqSRJlmEXUT4zRJlmEXUT4zRJlmEXUT4zRJlmEXUT4zRJlmEXUT4zR1
QEgi7naR1QEgi7na
R1QEgi7na
R1QEgi7na
R1QEgi7na
z85ncOP8Viz85ncOP8Viz85ncOP8Viz85ncOP8Viz85ncOP8ViSCWqSa8WZnSCWqSa8WZnSCWqSa8WZnSCWqSa8WZnSCWqSa8WZnFJonDu1SCrFJonDu1SCrFJonDu1SCrFJonDu1SCrFJonDu1SCrpNCNTxP1I4pNCNTxP1I4pNCNTxP1I4pNCNTxP1I4pNCNTxP1I4CqwkOI8PUNCqwkOI8PUNCqwkOI8PUNCqwkOI8PUNCqwkOI8PUNm3Inu4bblgm3Inu4bblgm3Inu4bblgm3Inu4bblgm3Inu4bblglQplH4fSHplQplH4fSHplQplH4fSHplQplH4fSHplQplH4fSHpYfy1CKMh5fYfy1CKMh5fYfy1CKMh5fYfy1CKMh5fYfy1CKMh5figCKliJamVigCKliJamVigCKliJamVigCKliJamVigCKliJamVo4offqwnCao4offqwnCao4offqwnCao4offqwnCao4offqwnCa36CQeDoHYj36CQeDoHYj36CQeDoHYj36CQeDoHYj36CQeDoHYjOZ11LT779POZ11LT779POZ11LT779POZ11LT779POZ11LT779Ptb11CiSdxitb11CiSdxitb11CiSdxitb11CiSdxitb11CiSdxikksR87NCPIkksR87NCPIkksR87NCPIkksR87NCPIkksR87NCPIRmVnliDuCuRmVnliDuCuRmVnliDuCuRmVnliDuCuRmVnliDuCu1mzWMbx6eV1mzWMbx6eV1mzWMbx6eV1mzWMbx6eV1mzWMbx6eVNrZdNI8wm
NrZdNI8wm
NrZdNI8wm
NrZdNI8wm
NrZdNI8wm
SKcRCsGCRqSKcRCsGCRqSKcRCsGCRqSKcRCsGCRqSKcRCsGCRqTViSsDmmiqTViSsDmmiqTViSsDmmiqTViSsDmmiqTViSsDmmiqVE0sOPNzR1VE0sOPNzR1VE0sOPNzR1VE0sOPNzR1VE0sOPNzR1Ix9EqTOQbbIx9EqTOQbbIx9EqTOQbbIx9EqTOQbbIx9EqTOQbb3cqxpMEbO23cqxpMEbO23cqxpMEbO23cqxpMEbO23cqxpMEbO2w4lLludKRPw4lLludKRPw4lLludKRPw4lLludKRPw4lLludKRPegal5RHi6
egal5RHi6
egal5RHi6
egal5RHi6
egal5RHi6
tCOR2PYeXatCOR2PYeXatCOR2PYeXatCOR2PYeXatCOR2PYeXa84uNq3ghgc84uNq3ghgc84uNq3ghgc84uNq3ghgc84uNq3ghgciG8Dplkk9JiG8Dplkk9JiG8Dplkk9JiG8Dplkk9JiG8Dplkk9JZ6cbcDspqEZ6cbcDspqEZ6cbcDspqEZ6cbcDspqEZ6cbcDspqEf8vLS9SEaLf8vLS9SEaLf8vLS9SEaLf8vLS9SEaLf8vLS9SEaLvqtzvMR2rpvqtzvMR2rpvqtzvMR2rpvqtzvMR2rpvqtzvMR2rpQ6MmJNwyeZQ6MmJNwyeZQ6MmJNwyeZQ6MmJNwyeZQ6MmJNwyeZlXYDGgw8eJlXYDGgw8eJlXYDGgw8eJlXYDGgw8eJlXYDGgw8eJbllZWQRLeNbllZWQRLeNbllZWQRLeNbllZWQRLeNbllZWQRLeNdeJYMglfQ4deJYMglfQ4deJYMglfQ4deJYMglfQ4deJYMglfQ4HGMqQ7MJLCHGMqQ7MJLCHGMqQ7MJLCHGMqQ7MJLCHGMqQ7MJLCUDLivR1QEmUDLivR1QEmUDLivR1QEmUDLivR1QEmUDLivR1QEmePbkS0DVyPePbkS0DVyPePbkS0DVyPePbkS0DVyPePbkS0DVyPxPO35u3wvPxPO35u3wvPxPO35u3wvPxPO35u3wvPxPO35u3wvPfD1FiofSb2fD1FiofSb2fD1FiofSb2fD1FiofSb2fD1FiofSb2qpDS44zJSUqpDS44zJSUqpDS44zJSUqpDS44zJSUqpDS44zJSUqK28dY1NdtqK28dY1NdtqK28dY1NdtqK28dY1NdtqK28dY1NdtDay9FDtaiaDay9FDtaiaDay9FDtaiaDay9FDtaiaDay9FDtaia3MLepFST7X3MLepFST7X3MLepFST7X3MLepFST7X3MLepFST7XTggdwpsIu
TggdwpsIu
TggdwpsIu
TggdwpsIu
TggdwpsIu
8LgQwFCiS
8LgQwFCiS
8LgQwFCiS
8LgQwFCiS
8LgQwFCiS
pDdCNx4dkJpDdCNx4dkJpDdCNx4dkJpDdCNx4dkJpDdCNx4dkJZkYjf17g24ZkYjf17g24ZkYjf17g24ZkYjf17g24ZkYjf17g24Rl9pZTohHYRl9pZTohHYRl9pZTohHYRl9pZTohHYRl9pZTohHYkMdc7TPVsLkMdc7TPVsLkMdc7TPVsLkMdc7TPVsLkMdc7TPVsLaTN0vtvCiuaTN0vtvCiuaTN0vtvCiuaTN0vtvCiuaTN0vtvCiuhaTYE0SUlChaTYE0SUlChaTYE0SUlChaTYE0SUlChaTYE0SUlCEJaHXUoxpoEJaHXUoxpoEJaHXUoxpoEJaHXUoxpoEJaHXUoxpo51QtH8r1mh51QtH8r1mh51QtH8r1mh51QtH8r1mh51QtH8r1mh7p00LnyG537p00LnyG537p00LnyG537p00LnyG537p00LnyG53h9wccejsP
h9wccejsP
h9wccejsP
h9wccejsP
h9wccejsP
VnNlmGyJY2VnNlmGyJY2VnNlmGyJY2VnNlmGyJY2VnNlmGyJY2fuGSSwePacfuGSSwePacfuGSSwePacfuGSSwePacfuGSSwePactxLnqqryR5txLnqqryR5txLnqqryR5txLnqqryR5txLnqqryR51
Lgv6n4nU1Lgv6n4nU
1Lgv6n4nU
1Lgv6n4nU
1Lgv6n4nU
9tVUigCxu
9tVUigCxu
9tVUigCxu
9tVUigCxu
9tVUigCxu
96Vmz4H8oX96Vmz4H8oX96Vmz4H8oX96Vmz4H8oX96Vmz4H8oXi8tiqui3tKi8tiqui3tKi8tiqui3tKi8tiqui3tKi8tiqui3tKWaZlS170RqWaZlS170RqWaZlS170RqWaZlS170RqWaZlS170RqEaomgfNf4hEaomgfNf4hEaomgfNf4hEaomgfNf4hEaomgfNf4hgk5CIsVXESgk5CIsVXESgk5CIsVXESgk5CIsVXESgk5CIsVXESYeehqyMmZIYeehqyMmZIYeehqyMmZIYeehqyMmZIYeehqyMmZI0Ze2uqtMr
0Ze2uqtMr
0Ze2uqtMr
0Ze2uqtMr
0Ze2uqtMr
OP7JISRRJnOP7JISRRJnOP7JISRRJnOP7JISRRJnOP7JISRRJnL9ZYglknKsL9ZYglknKsL9ZYglknKsL9ZYglknKsL9ZYglknKscgaq8yqaydcgaq8yqaydcgaq8yqaydcgaq8yqaydcgaq8yqayd79bRi8yhi
79bRi8yhi
79bRi8yhi
79bRi8yhi
79bRi8yhi
poXRkSpH
wpoXRkSpHw
poXRkSpHw
poXRkSpHw
poXRkSpHw
DXCibXEIPWDXCibXEIPWDXCibXEIPWDXCibXEIPWDXCibXEIPWmTzG8yuDs
mTzG8yuDs
mTzG8yuDs
mTzG8yuDs
mTzG8yuDs
a0lXvxaE
a0lXvxaE
a0lXvxaE
a0lXvxaE
a0lXvxaE
vSnDooN9Z
vSnDooN9Z
vSnDooN9Z
vSnDooN9Z
vSnDooN9Z
vLXEmcCOvLXEm
cCOvLXEm
cCOvLXEm
cCOvLXEm
2LqKk07sqo2LqKk07sqo2LqKk07sqo2LqKk07sqo2LqKk07sqowrTNfOo9oCwrTNfOo9oCwrTNfOo9oCwrTNfOo9oCwrTNfOo9oCXYyDRTMj1CXYyDRTMj1CXYyDRTMj1CXYyDRTMj1CXYyDRTMj1CiKoE2hti5aiKoE2hti5aiKoE2hti5aiKoE2hti5aiKoE2hti5ahrRaZ4VNb
hrRaZ4VNb
hrRaZ4VNb
hrRaZ4VNb
hrRaZ4VNb
Qae7nFeQP
Qae7nFeQP
Qae7nFeQP
Qae7nFeQP
Qae7nFeQP
kwzVY7VD1pkwzVY7VD1pkwzVY7VD1pkwzVY7VD1pkwzVY7VD1pz6tDbdXiRwz6tDbdXiRwz6tDbdXiRwz6tDbdXiRwz6tDbdXiRwCjewKGcPt
CjewKGcPt
CjewKGcPt
CjewKGcPt
CjewKGcPt
it8fTtqUb8it8fTtqUb8it8fTtqUb8it8fTtqUb8it8fTtqUb8wHzxR
QUkPwHzxRQUkP
wHzxRQUkP
wHzxRQUkP
wHzxRQUkP
OgkcwT7hn
OgkcwT7hn
OgkcwT7hn
OgkcwT7hn
OgkcwT7hn
1kcCKO7dJs1kcCKO7dJs1kcCKO7dJs1kcCKO7dJs1kcCKO7dJs0rDDDjxkcZ0rDDDjxkcZ0rDDDjxkcZ0rDDDjxkcZ0rDDDjxkcZFj3HubYrk0Fj3HubYrk0Fj3HubYrk0Fj3HubYrk0Fj3HubYrk0tr1aJTg
tr1aJTg
tr1aJTg
tr1aJTg
tr1aJTg
o53wUpyMk6o53wUpyMk6o53wUpyMk6o53wUpyMk6o53wUpyMk6jpc34eLXx
jpc34eLXx
jpc34eLXx
jpc34eLXx
jpc34eLXx
aPGze7PHcdaPGze7PHcdaPGze7PHcdaPGze7PHcdaPGze7PHcdvmWqaSefLZvmWqaSefLZvmWqaSefLZvmWqaSefLZvmWqaSefLZFwhLiORhajFwhLiORhajFwhLiORhajFwhLiORhajFwhLiORhajgq4ILuu1d
gq4ILuu1d
gq4ILuu1d
gq4ILuu1d
gq4ILuu1d
CJINIxpLg8CJINIxpLg8CJINIxpLg8CJINIxpLg8CJINIxpLg80gYMgD1btF0gYMgD1btF0gYMgD1btF0gYMgD1btF0gYMgD1btFsjyojXQYuWsjyojXQYuWsjyojXQYuWsjyojXQYuWsjyojXQYuWdqPRKEVk0ZdqPRKEVk0ZdqPRKEVk0ZdqPRKEVk0ZdqPRKEVk0ZhikoeRZLGRhikoeRZLGRhikoeRZLGRhikoeRZLGRhikoeRZLGR4DoU0GFeP
4DoU0GFeP
4DoU0GFeP
4DoU0GFeP
4DoU0GFeP
cNGNVRhVsGcNGNVRhVsGcNGNVRhVsGcNGNVRhVsGcNGNVRhVsG4SafME21h44SafME21h44SafME21h44SafME21h44SafME21h4NNbvQLDTnbNNbvQLDTnbNNbvQLDTnbNNbvQLDTnbNNbvQLDTnbmOFH3b3s66mOFH3b3s66mOFH3b3s66mOFH3b3s66mOFH3b3s66OTiFprS3
OTiFprS3
OTiFprS3
OTiFprS3
OTiFprS3
bYNJratDYPbYNJratDYPbYNJratDYPbYNJratDYPbYNJratDYPNjmaCz1imTNjmaCz1imTNjmaCz1imTNjmaCz1imTNjmaCz1imTw021CHaXs2w021CHaXs2w021CHaXs2w021CHaXs2w021CHaXs2852weNnPjk852weNnPjk852weNnPjk852weNnPjk852weNnPjkdd8VD0hWLddd8VD0hWLddd8VD0hWLddd8VD0hWLddd8VD0hWLdRcDoUymh1zRcDoUymh1zRcDoUymh1zRcDoUymh1zRcDoUymh1z
G�u�l�i�m�C�h�e�
w�4�e�s�d�r�r�7�t�f�y�i�g�u�h�
5�d�4�f�6�g�7�9�h�8�0�j�9�k�
d�r�t�f�y�g�u�i�
V�S�_�V�E�R�S�I�O�N�_�I�N�F�O�
S�t�r�i�n�g�F�i�l�e�I�n�f�o�
0�8�0�4�0�4�b�0�
C�o�m�m�e�n�t�s�
C�o�m�p�a�n�y�N�a�m�e�
F�i�l�e�D�e�s�c�r�i�p�t�i�o�n�
F�i�l�e�V�e�r�s�i�o�n�
1�,� �0�,� �0�,� �1�
I�n�t�e�r�n�a�l�N�a�m�e�
L�e�g�a�l�C�o�p�y�r�i�g�h�t�
(�C�)� �2�0�1�7�
L�e�g�a�l�T�r�a�d�e�m�a�r�k�s�
O�r�i�g�i�n�a�l�F�i�l�e�n�a�m�e�
P�r�i�v�a�t�e�B�u�i�l�d�
P�r�o�d�u�c�t�N�a�m�e�
0�0�0� �M�D�a�t�
P�r�o�d�u�c�t�V�e�r�s�i�o�n�
1�,� �0�,� �0�,� �1�
S�p�e�c�i�a�l�B�u�i�l�d�
V�a�r�F�i�l�e�I�n�f�o�
T�r�a�n�s�l�a�t�i�o�n�
w�r�t�e�f�f�w�e�f�
P�r�o�p�e�r�t�y� �P�a�g�e�
M�S� �S�a�n�s� �S�e�r�i�f�
T�O�D�O�:� �l�a�y�o�u�t� �p�r�o�p�e�r�t�y� �p�a�g�e�
M�S� �S�a�n�s� �S�e�r�i�f�
T�O�D�O�:� �l�a�y�o�u�t� �d�i�a�l�o�g� �b�a�r�
M�S� �S�a�n�s� �S�e�r�i�f�
T�O�D�O�:� �l�a�y�o�u�t� �O�L�E� �p�r�o�p�e�r�t�y� �p�a�g�e�
Hosts
| IP |
|---|
| 114.114.114.114 |
DNS
| Name | Response | Post-Analysis Lookup |
|---|---|---|
| dns.msftncsi.com | A 131.107.255.255 | 131.107.255.255 |
| dns.msftncsi.com | AAAA fd3e:4f5a:5b81::1 | 131.107.255.255 |
TCP
No TCP connections recorded.
UDP
| Source | Source Port | Destination | Destination Port |
|---|---|---|---|
| 192.168.56.101 | 53179 | 224.0.0.252 | 5355 |
| 192.168.56.101 | 49642 | 224.0.0.252 | 5355 |
| 192.168.56.101 | 137 | 192.168.56.255 | 137 |
| 192.168.56.101 | 61714 | 114.114.114.114 | 53 |
| 192.168.56.101 | 56933 | 114.114.114.114 | 53 |
| 192.168.56.101 | 138 | 192.168.56.255 | 138 |
HTTP & HTTPS Requests
No HTTP requests performed.
ICMP traffic
No ICMP traffic performed.
IRC traffic
No IRC requests performed.
Suricata Alerts
No Suricata Alerts
Suricata TLS
No Suricata TLS
Snort Alerts
No Snort Alerts
Sorry! No dropped files.
Sorry! No dropped buffers.