1.3
低危
65 个模型检测该样本为恶意!
重新分析
更多

2108f68ad28b974350f126746f61aa478386ab6499220aab44c691697881ed58

2108f68ad28b974350f126746f61aa478386ab6499220aab44c691697881ed58.exe

分析耗时

195s

最近分析

362天前

文件大小

89.9KB
静态报毒 动态报毒 CVE FAMILY METATYPE PLATFORM TYPE UNKNOWN WIN32 TROJAN WORM PICSYS
鹰眼引擎
DACN 0.12
FACILE 1.00
IMCLNet 0.81
MFGraph 0.00
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
Alibaba None 20190527 0.3.0.5
Avast Win32:Picsys-C@UPX [Wrm] 20200123 18.4.3895.0
Baidu Win32.Worm.Picsys.a 20190318 1.0.0.2
CrowdStrike win/malicious_confidence_100% (W) 20190702 1.0
Kingsoft None 20200123 2013.8.14.323
McAfee W32/Picsys.worm.c 20200123 6.0.6.653
Tencent Worm.Win32.Picsys.a 20200123 1.0.0.1
静态指标
行为判定
动态指标
该二进制文件可能包含加密或压缩数据,表明使用了打包工具 (2 个事件)
section {'name': 'UPX1', 'virtual_address': '0x00057000', 'virtual_size': '0x0000f000', 'size_of_data': '0x0000ec00', 'entropy': 7.9075039579713575} entropy 7.9075039579713575 description 发现高熵的节
entropy 0.9833333333333333 description 此PE文件的整体熵值较高
可执行文件使用UPX压缩 (2 个事件)
section UPX0 description 节名称指示UPX
section UPX1 description 节名称指示UPX
网络通信
与未执行 DNS 查询的主机进行通信 (1 个事件)
host 114.114.114.114
文件已被 VirusTotal 上 65 个反病毒引擎识别为恶意 (50 out of 65 个事件)
ALYac Generic.Malware.G!hidp2p!prng.4205B45F
APEX Malicious
AVG Win32:Picsys-C@UPX [Wrm]
Acronis suspicious
Ad-Aware Generic.Malware.G!hidp2p!prng.4205B45F
AhnLab-V3 Worm/Win32.Picsys.R7826
Arcabit Generic.Malware.G!hidp2p!prng.4205B45F
Avast Win32:Picsys-C@UPX [Wrm]
Avira DR/Delphi.Gen
Baidu Win32.Worm.Picsys.a
BitDefender Generic.Malware.G!hidp2p!prng.4205B45F
BitDefenderTheta AI:Packer.B927EAE619
Bkav W32.BlackduA.Worm
CAT-QuickHeal Trojan.Agent
CMC P2P-Worm.Win32.Picsys!O
ClamAV Win.Worm.Picsys-6804092-0
Comodo Worm.Win32.Picsys.C@1zj8
CrowdStrike win/malicious_confidence_100% (W)
Cybereason malicious.8c0f7a
Cylance Unsafe
Cyren W32/Picsys.PYSN-0191
DrWeb Win32.HLLW.Morpheus.3
ESET-NOD32 Win32/Picsys.C
Emsisoft Generic.Malware.G!hidp2p!prng.4205B45F (B)
Endgame malicious (moderate confidence)
F-Prot W32/Picsys
F-Secure Dropper.DR/Delphi.Gen
FireEye Generic.mg.97bfbbe8c0f7a45f
Fortinet W32/Generic.AC.1B!tr
GData Generic.Malware.G!hidp2p!prng.4205B45F
Ikarus Worm.Win32.Picsys
Invincea heuristic
Jiangmin Worm/Picsys.a
K7AntiVirus Trojan ( 00500e151 )
K7GW Trojan ( 00500e151 )
Kaspersky P2P-Worm.Win32.Picsys.c
MAX malware (ai score=87)
Malwarebytes Worm.Agent
MaxSecure Trojan.Malware.300983.susgen
McAfee W32/Picsys.worm.c
McAfee-GW-Edition BehavesLike.Win32.PUPXAX.mc
MicroWorld-eScan Generic.Malware.G!hidp2p!prng.4205B45F
Microsoft Worm:Win32/Picsys.C
NANO-Antivirus Trojan.Win32.Sock4Proxy.gkyfpl
Panda W32/Picsys.A.worm
Qihoo-360 Worm.Win32.Picsys.A
Rising Worm.Picsys!1.C132 (RDMK:cmRtazqvWtBn6A4y0P+Nany87aRs)
SUPERAntiSpyware Trojan.Agent/Gen-Picsys
Sangfor Malware
SentinelOne DFI - Malicious PE
可视化分析
二进制图像
数据导入图像 288x288
数据导入图像 224x224
数据导入图像 192x192
数据导入图像 160x160
数据导入图像 128x128
数据导入图像 96x96
数据导入图像 64x64
数据导入图像 32x32
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

1992-06-20 06:22:17

PE Imphash

359d89624a26d1e756c3e9d6782d6eb0

Sections

Name Virtual Address Virtual Size Size of Raw Data Entropy
UPX0 0x00001000 0x00056000 0x00000000 0.0
UPX1 0x00057000 0x0000f000 0x0000ec00 7.9075039579713575
.rsrc 0x00066000 0x00001000 0x00000400 2.791128521214198

Resources

Name Offset Size Language Sub-language File type
RT_STRING 0x00051958 0x000002a0 LANG_NEUTRAL SUBLANG_NEUTRAL None
RT_STRING 0x00051958 0x000002a0 LANG_NEUTRAL SUBLANG_NEUTRAL None
RT_STRING 0x00051958 0x000002a0 LANG_NEUTRAL SUBLANG_NEUTRAL None
RT_STRING 0x00051958 0x000002a0 LANG_NEUTRAL SUBLANG_NEUTRAL None
RT_STRING 0x00051958 0x000002a0 LANG_NEUTRAL SUBLANG_NEUTRAL None
RT_RCDATA 0x00063808 0x00000050 LANG_NEUTRAL SUBLANG_NEUTRAL None
RT_RCDATA 0x00063808 0x00000050 LANG_NEUTRAL SUBLANG_NEUTRAL None
RT_RCDATA 0x00063808 0x00000050 LANG_NEUTRAL SUBLANG_NEUTRAL None

Imports

Library KERNEL32.DLL:
0x466254 LoadLibraryA
0x466258 GetProcAddress
0x46625c ExitProcess
Library advapi32.dll:
0x466264 RegOpenKeyA
Library oleaut32.dll:
0x46626c SysFreeString
Library user32.dll:
0x466274 CharNextA
L!This program must be run under Win32
StringX
TObject%HD
dA0,(dA
rrTlr'hd
4Z]_Zts^2O
;aV{;t#
+WSXc;
t:s+An#4
y]Kni3;
vtPFHFML>5
+[:>GU
<HEx` 8S(@NC&
d2d"h'5
}7&-]S%
c3GJ/xr
%|JW6XJl7
+]rgbU
c;7~7+
M]H`T.
{ ,!tyT2
lDrp
+v6aH;=
pu,zPU`<
"]i]L-c}
zovj|Sg
9,vH.u!
?W[a,DE}
3YAt0t
WT:02[?
o!t1|9
< v/;"
8+;"up[a
w`-dAKg)0
<_EP3Gk<f
_k/Nmu
;Y&jV@
r4ELg`Zu{^\H
'vw6#|@!
W`R ZHQ69sk
&wc]ThhX+jd<gd[
4C=Br/
G8^7GK6
t>-tb
+t_$+xtZXtU0'>
DFw){-i}
~ExC[)A ;
*tAvar L0
Y12[g6
[1OH}DD
@C#m#
4.7@v:k
&DK_n2xHW
@aQYR@
b@"E@|oe@p+
BkU'9p|B0<RBM~QC/j\
Cv)/&D
dEJzEb
9;5Sc=];Z T7aZ%]g']
R`%uYnb
_PS5[ !A
AW{4h:Am\M
>Uhi20d E
C5@2dY
TOfpvT+
lOFTWARE\Borland\Delp~\RTL[
FPUMaValue6-9
9jK8Qb
uoVt6Vv<q!_~E!
fiYRjZjX)@tG
f}P6X^^
a;%~R5|
5l[%,y
#"4?P]Xp
RZ.;;
v).w U5
X;4zd,Y
l]u(h64R
(.u*5RNc
9Zd$,_
t=-oo."
/'=t&,*
?tq1(5
Q4pZ1P0,
Rn|t1S}h
5]_4V|K0nx]
f*+8:V
[$4V@Oa^
|BX"S-
\mBp-xX
~~:)~$Pt
!(Y6J4
}(VE<p#g{
JZ1!R:
Z).Cum/-Rf;0
Dk9:;//*
?OPyEV
oOEpq P7
JZXA$C
8t2SCn6,#
&I:H@W[yB0tX-o
lo}<v<
v,`[2B
>:2ld4Uf
*[1C9w
,K3A{JI'
{-Qu+P8V
m6.h{u
E)[Es$6C.
e`;>UF
cLtu*f
PV2e6{
+HP)^@_(.
?@Y6@pVY&
\kernel32.dllWGetLongPathNameA
l";H+bQaG;`g+J
jV4jxtd
5zjQof1
twareQcalesA+s
gml1h(
;Ufk#Z
V.*hGp-`dPDm
S0.J4?
m\b&d?,\
+KM<K MW <
3AP$#y HP$
Exceptim
gTPB$qEHeapZ
EOutOfMem%CyKvIX
EIn]Err[
t\ CBpWpBQ
EDivByZeroB Range#
6rInverflow4Tc
B cYe<UW<U6Xk`k
({UXW#^
_-M?PoinHV[
[Casto[$C
EC%i@^d<
EAcssVla"+`W`W.x
oStack
XolBtjlCklW
Fand(Y_+
fd(9;8[
D oSafecal
SysU"ls
$OZ,b3t
Bo3j3Ef
wV_$+X#
U?~(\>
_[KHWV
AlPO!>P[^_3
/0o/t!F<U
'lJ4<
Sp]64D
<%6Ju+E]}Q
}(_BMpZYN~vMD<*t"<0r9w9i
Xkot|'
9`]6Mi`
,FcW0vQp
?uvWr:
fVO_P+;"
NtyM=o0_
=t~U}&
%&;|C0
F8}l`},
9uX^`=
M/c/).
DU.U7}n-]cg:s
Ic\@}B-ol
5-\zINFN
o)E]UJ
*Y/aHCTIt
m%ZT[YC
*$u_{(
Dw<D*Lm
|)A->
d69>{U3Q
c(o`CDHX`Ye,U"XG8C
|@`K1Y
_%9zp$$
'=XejK
6bAYwv
P!/>%A
Lp_5VR
|p/p;~^,Hm\
+2]&\m
CYGl!T{n{n/
a\=T8^
OY|jEal
L$H3X|
PPX;<=<o5
UD%tQ_
Fr,Z;&Z
Hk+F-97
aLGfLts_D[W
|Xs0fr
d1YSU
<HtHU3t7G5(
*LFO-Q
zVc0xZC
snuH>^
zH3j)SS
B|o3vF
$$Rp-Z
sxur\8Z4
=7;S4p
%MFWhaJf%<`]
PaBLN(NhN|
'"g_"3
hL^;41
o0}Wn9
6+Hu.jJL{
.?~iX
221`st
<?(.@3
dmH>#AK
pKhoNe#
+DiskFreeSpaceExAxT
p|4M5t
lxd4]$\
0TM5]L
<4M44,T$4MD
Ml4M5@l|
;xffXVi
b|An/xtt
,f{Ap#
lfn h/Hd
RJHfwdod
!G>30YS
L2D@84
s@x*`dd
on cu
/\(somyrape).mpg.exe
{ear-ld webc
"tpifOSlay stl
 emuo1c
_X pro }/ger{("K
f]oepoJ
nk@"JpUnZR
&inYF''jje- x
} nurSVc}
3noth b-
us vic"f
^/d 6}3!'.nikki]ovaD"` huHD
kMjob6o
K1Sutr
pk6KY3BV MZCZ1WW+I@
[`eAbB
[kYop*cbbyk
i3uckfk*ZL
2F3 gMh]Uwx
vtuamcB
L@.6o(
13)#OLn/*MSN
-Z;wNd
w0`#-_m^
r7&v3lg iF0:
h4wKUffNwq
-%up>?
([Website2LM:fA
`1wtu~Uf
;u!<guy
BTY[sD
CD KC_+GICQ[HF
TA 3bvk8Gr"=fau^:
$D1C9j5p
a3Gm]Le
C()rN1y
V/M4vmt\
;gMdG;
9;pan?u
Dbt6A.
7!e"7d
g(zip/aim-H
gW@hAIM
01FZodC
5 tA %
/6kHsib 6d/g
sKQxdIPUn,`
?]X3w20
aHbu2N/.csCl
x)?CaG$a.[f?
R/7$CaBs
M?$c%4
REEYl2%aaZ/%l?!b+
)w2s_a
77eaNp",
1J!+C)|1?6
(V=m!6)W)ZW9i2
!P+Rn0:*
Og2`@%cA{h_Bo\0,3f
Uh`'sB02dQ@t
:nP8rf
6]c2d*Mbn
-dr&mz#
;m1G3m/=
Ln=l-ero
t#5:T+[sV1bqslu\h
weehay8`aMh&FtkU^5
!C.os^b!
]5gg'5bmX
6gq8qpkn-,
~xXq8EW8eeGL?j-
wYp-cLpl
Yk7w-MjsR#
>G+Ehq-pp@.Zpsy
c`lho|ipmCeB
oG9|eA&L1pGe
$Fr'4p43d;p_6
a7alp D
fxSo6ky-3fMpE
rbl1|;a
K.9=tZsguPxpV
utE0jH
L];P!xua
C6o7#mj-mR
pyhn@eHiiaAsDz&-t
B0wN0&
kyxZCz
s4po=0
j2+`hhsW/
Ecu`4`ndr!
Gs6H,Od\!%
a7"h(9x0;1.q"`YnJ(
i0enb+KI
iBcC\Spr
F$,;`>$4p3J0m"t?0hy
Ff2-a+
mroxwx!
; etJHH/0`'kiE
V /A$`v.x0tu}!
<pb31
+xb$l33W L!
`y>M-!
uec=pPt!zEac4C"Ex
85r[BIzRr
\,fadra0Bk
C#!;ph.
uAzjdo7sef1
!eIW7om=
8>H?`V
u1@$n*p`cV%6{ !aJb
%![pM:c
)$`by^
C1HOyz
hgL66u!`z
9]D56$
*MR-acya Vc
L_Tsa-#d-;N*
u3`5mKa
bnkqh`
C4wc;-+zyhH4E'
a\H9:d(b{2
79RUlley
:Hqx%W{
^djNtB]
g:f]mz
r$fbq-0bu
5P8=l8Dn/
^7_\C"
0z<}G5!Nd{/zBY!hcz=0,
,ChJvjpb,`
cZjIpl2S%
%cd80k
X$4d3*CiY
>WQ)+-X
r2y.7'6a
)d\ajh
|pdwg&,B(
tvaa7Y2
"_[1n|2,
u%T%_dX`6-XU
, C]"Bi
shZJ:T
FssNaC^
N$q-JX
lLX7iGQx
3%K+U<^
sZ`'98G
svw.7bIIp-iv
&-eRBPj4HD+zp{t)Ih
{BdK`50ae3
!7kA|+s
#x9seEbRy
#%5kyGe/!%c)+)WHpE\
SJY^Jjqj
LZRVbw
YWT=yJx
K[C@.~_KD
35i*VFmyS
0+tMICp'
1{YK]R
)pJ2y+5%L
\BMw,ew
Rk,@W}e
2Jt..[
%ef)aR/!
-O.&Dc
kso58Pt
J5glv>B
@O~Pe'
^!(^dcF
ov(+9ZKq X'qu,
nBb&+`D
%5mH&Ly!x)#CWu(2,
X`Pyi
!s[YA
#Ha\(%kh`,*$gRSj*L
YAasMg\;otAk
`YS9%M(
rH+(p ,
cBIF;%`N[#&
2/+i& ja
x37a2An
xw=lgos!o
;0I6VF^5X(K$
cqB,<jteQ
,'+,&2temdU
~D+!&%C
p`!cFS
lb;L)h
WUck_ y]Fup
wZlspH_f>
fmQa3<
%DkxL
*t"Y>0$y
|r-`F$\z
(aa 3oB#+[^K
.!+2M 2
8iHCk1
7E!HHEg2
Nji?%+\2&
0B5XRgw
!_"-2g46H
X8f Vs
DNsG!N1
+#E|HID
j!w}]
r[h/J
026fdyu
rd,ika`
H-$NS;
FzV.I8
tQbITj
BW#f`*<s9S
zD7x4j
6UGnjK(GL
xcfe U/a@$
k;\Z\CrVDap
:8+S9!c
^7)9{X
lhWH~<
<A{2wg
0,%d6}r$
ZEzGlq(
TwB.Ah
AP~Setup8, %
Kazaa
j45:3r98
6789ABCDEF
$,4ii<DLT\idlt|iiiMl
rr<UHV 'O
pRYMg|
i(Di:i
8Xp4M@
iiD`xi
$d,0tntn
6M,<|,,Yl8xie
iM(XM,4`
ef TMtO
h6M6$;
iDt O,
0\l T4M '
0g?NwMGIt
{/;MAv
LNN4947{3
<3kM{!
&T?,[N
uF-i/a
tq7Lwd
afolg!
fJOn+a[\iF
l,}utt
Ax`i9nl3cfhi
Euesup
o?/}/e
}k-a6=Cem
Xl7o%)
b<FrE
cysGv}l)
doi.}p
t1$Jx8M09
%"uh{tP
mWQbwpz
) s-CR
w=IayIg
SooSyen-
ad+i5D%
nq7`<Ycp+
7program Lbe run/
?Win32
$7CPEL
7ilt(i
6C/ODE
h'BSSvdy
j.idat>
'l@tls5
@Peloc
x'0=sr&'
dA@<8dA
!@ ?U5@ ?
lC v8SbS$Bc
_%?q;k
N \Tc
Lxc9
O c/yP
DWs`C0&r
>9cf0!Ga
`y%A@c
@8c1y#
'Ac(I
rA$$A@:J> chv
dJc_2$
`Ghx1QA[
WaSWK7
()At)$)>|(
3I5c$*,
| i|d"X[J>r;p
?;stv)P##J
CDU]wc
#>@Xs@-$)>Qrb
@@7\ g
0r 900&+wZ2
'H91OX
@^5-@fWF
6($_P'v
L8l$(,
@N$W '
@[,5O>
@41[N>$v
#G@O;!
9|{nu"
~!_~u_IYJ/$6
9himkWw
Hw;1$?_B
]g[>@1S
V8>OW4
#HOU*p
:,TqBI\
B_l@ts@$#
@ydo^
@+nGV~o
2 TPL2 HD@
20,(Id$3i
QWi $SQRXNr0Jc
2xtplr hE\
6AC *0[{
@H8Ev
/yIEGHa
G8}WK3$
N4V*KqbErMg
vMcHi&#
! RL3
&Iw2R!r
Mw'tO.
?8!ZF
gV,XP
F)=pzP
@b(s76f
b_%P)D
(h;gq#'Pa
Pe%*p@x
9 fRB-)FW!9
1YhHY*
@HtJU'|/\
=PIj2-#
@8UpZj@UV{N
RG#C22!7p
fAC[h<>e
v: 1.31
Se0}rpath
OS type
directRy
dos*Ox
%urtim:
Driv-`a
[ (Siz^
82-*|#
JV;oXPmou
od.]s:S
3^Z$\'
k8'fFg
.<'$si<
5+jglfG
-#.EfzkEj,\f
>tV<<Q
C{rh`R
uc$h<9
GET /cgi-b/w.
d@&?AB
F HTTP/
%4SHost*_
s-Agen
(nx/7.5
aSm}{0
:&<e9)hpdG
P{bz883
b)r5(eS
g-\V0u
"<*D5G
)h+N<h
=l9'ThS]
fc90h\T
GV_J]BN][
l)!Ia;pXq9
yh>su(`qk
='%H@V#K
"ht2SL
m{Pk<p6
W3A@&i
wNK2PW}#
f>9Y>O8
HtTcc.
Z0^NR;
A7OMl
=,&VSR
'dvKERNEL
DLLReg&:D
icePro
RC0xFF0BH`
7\mZexc'krn
lf|H!i
*8HiTbx,i
4M".J\lM4Mx
v4M4tn
"8M4MJ^n~0M4u'MW
Rdvn4Ml
YcalSu
G*'kThH$Id
6A-S[pj?{foA
9'L/XP*OG
_Lin:L
E{a3Ex
E-Of<Afxvtl@wi
dHk[GL{
u35w-|Keybo
d9Mage
[Box9r2xt
e7hJpi9GQuJybE,
o{aut?Fvg1STls8[
ofsourc
2$4NpH{
{@E9opy
47Trsl
UacYZ
tE0ar Isb
>WSACn
AsyncS
c2CCv|4n
r7v1oh
JbiIwI;YhS
{![/G_K
KANS
-b -%o!T/i
olPu=7RichI
'Td`^-
|v<Wn@(
{d@.&%|
3*oLUN&9}
jn4xP39U
}$0/tPA%
BP;-|WE
U"YR[7C
nwY~^3
8@b(II
N,RF0+
c0^zW/
^1^,2p
XSv,WMFTq
|GtKxj
Yt;3w,39YFj
syBUCW3.
Ni|M@6S
kaVh-p4
n<Nj,(9j
y[p].W]c
7'j/z7wuona
UmP8=?Emh#
U9eZnJ
YfhX/fm
UM|[yFY;)m
^E/LD&
lpJ}LR
bGewD@3p$DGD
p%}]hP
P4#i:k4
g7/Zp~
uHU$(?S
l5E\|$
Y^(2;J
a%KkL1$
6nap[dY;
F[(Di5
`FA0=j
VCEtn^
3j>=B0pa
sr-^Tt
#JQm:>_s
@K"ZF=
eWSn$:
HB3 u4_v
r)$h#_
ug#F!G?Mu
D<4_4,$
NaoXOVKw
(<%0[s
B7bVEd
8t68t't
FRlGA&#p
ngniMv
k/4TXi
kl_<hhh
a[5"s^h
C|GWh(
jhGL<Pu
ifUcQ6@
CH;rWu
p7SUH6(
/V[X pe
sN)0)Qw
^;^}%95AFzL~
QWy+AD
GEA7 VQB
Mxvk-j
FQy?m5F, ZH
(KLT^t
jWfdb{od%
U6?2pJzO
FtdPXqKP
{x`,!>\8@f
v[,V-qv
"nKSd+!
@/$Y%U@r
x,lePp[
X5x [ss
WY_6]l{`W
P,=K-QA
u+u!9$
@>;vbn
!mLRIrJ
{&(,QC2
[(4d(+BK,
e~< ~
x[i[.|s
uYn$s{
J-]:D7
t)f?\XMv
fj d_[
HN$a }+
hA[bfj
E0\3K@d4xt*A
WZKC|N$
(Bw<GwHn ^
V,v7Vo{
F_&{[J
zP`NCu
LJOI;\[
NY'>__;SL>!\
NKYKA&YYY\
)YK6\3
!OGZs9
u{X,jKYKK<L\
4,a9<$<
YKe6p7WlI2Pntl
(08@r|DdP=
FuoWWGShH0
4</ s.u$
R8gtfa
}s{tVdgtvu
AFJ"gB^iI
6Ff@$`
WtgB>+s
aneWP32
U-En:
0W*lG$H
t-[pTyHHt
,*uD,P#X-R
4a.|GG'w
%':0G3
7lo@@!
lK<2^)
"g:`v*G
t3V`$,Bt
^lk$ Y]
-:)GQ_aWC
#5]'<+/@
|kXRPW)
oWp9g~
'A^'Mf.B%
\5m]Y+jQR
fE-N~!
.> -bA
00ww:;
FKd9#=
~X>uFX^=
9N=>=C~
`,92n
@~DUtJA0hy,"]S[A6
pPjh|J5,
.$t(4v.
hcF5ZER'
YVC20XC0
ek>!s{
ltEVUk
]^ZroA
3x<%!F
`=A8t
b[I"UU
7UuDhG
Y/'$PV5
@"t)h%
k-PH+Jf(
"\J3@,
@X@P{!0
zpI!-?p&33u
4;2l]#
VS's#Lt<%J`Ht
Bn+@jfS
dgh<94
|9=g}VL
^F?kC;|`#
@*whqu!h2
'hl,[&k0
V@VU];,
XCd$z2
hVtc<Q
fXy3[JV
2)_{u-
/Opd [3A::
_uu{Uc0
WQOS}vM&QM[i
:Gt~I:[
BCYP)C8-[jZm
8Lf@8pyYs
+;as)[-
)v-+I|
mU5YAFI
6,663i
)=sQV|
c Ap,|
"2 CQI3$W*
V+rKbq~X
NL`%3o*nP-;n_
n3XW2H
tt0B=td
b1Vw!@%d
@V|yaOR
c}e}5Pv_;P
|7SWUU
BuMPBBBY_[j
3'z]=\
)ttwsc
;Y5.'G8t,A<
vWNAZ '&
.EK997t2
V2y{i{It
~]VGk<E(u
#o@>@<FT-
<Z)?Eu7f
oQn53TG
nJF;s|,"9
?-h@rf
|0t$j6
d^jIS\
:==6V,
x @L4MXlM4M
*8FTiib~,
,M4MBRb~uM4
(6HTfilx{
(8PXu
)(null
CTLOSS
SING_~@
R60pE28
R-pSf7'7U[e
lowi8e 07
S6std55
A<pdvbA3c#
(_nS4_*ex\/Xv^
W#70$mt
@n!rm{t
Q.+8<Sargu(s_02EAfnu`O:
ADembm=
gneAil'
g_WSKG{{C7yC?;3{n#
C;7{/'#
TSOCK}
CT!trl
z%2@aSjPa{;be
gZlK-zxf
W.e;/ToMBy
NHTO5R
7aP9|IP
f[Buff
d^yh H "E
/html9
^,>:</
#hCm>Tnns`
'%s'1.#r.(
404 Nkh-s
a[9n?A
7200k\o@_bMX
>I /2..2;4h
pOBfTp:tps:Z
lW_Y{l
8(;C6P
"@Kj@D:
^__j2J91~@4r
0,4M($
iii/ii
xpd\iPD@<4
X/A/cpe'kST[PD?$v
PROG[`
F_8ib[&
`e=O!s.hV<
Impla4Vl
cpxBase
[CLS:CS`
DLG:IDD_CHOEPAE*(Exf
U.S.))1b
@Ddb=7
1=V(C_TY.D,f%,1342373892~`FILE$1772%J
L3PWD1@
!CRbO:
t(x1u,
'_hX*z$`
BeP&5;
DG*oaQ
nwd}"M
]hLn_[>*N
0$hZ\6;{n8sj
SZwDnQZ
J4{ION
I^Mg;|
? Wqv2
PHBV'c
Z9:)V="
|t>6in
8[kPlf
|.jhdA
-^<37Y
O=o#[w
$UL2 (e~
v*B?42/tc
(Gudwhoise'
3QicHu
lysri-a
@Ef+953@
LiE/-i@udFr! mt
P7boo:f67]8,
rje""7N@Ej
l0Ck?8Y*K
0ul_port
(sO%jVcx)=[
'ID/X*h-,
Ek*f!lZ<-a\9!l\
fG6e1!a
p_W~s4A
s`<LhP
e&y520oN<
Gr%30fn>rpc!nfen!ML1chEve
MITk&Dwsk2F%
:-rgQ'
Guu4}I
IKkP4/PNTQi
>P^nixiie
/M4M4M=T
M0:DT8*Y+8K0Ew?k4
;sFYAGG
+KqMYAl)O
+MCV@.YC
emcpy5k"
CRT#'(
1109pF
`9142a
45p%C497s
Ry0)d#85:V-
ad3R/!Ey
(^l>i/a
ePJFa!`
cd,aQquqdQq
o`^Dd4Nsao
`V6B'w
KERNEL32.DLL
advapi32.dll
oleaut32.dll
user32.dll
LoadLibraryA
GetProcAddress
ExitProcess
RegOpenKeyA
SysFreeString
CharNextA
g~W8)bgPd
mqL#^utZ
z5x/Z3 pT+@
H9I\^*hF=a~
O3_(}Vv
=@sDk{05G
7xQ*h!
;#As*A
=Md"xPopX
rb1'*Vr
dRI1xe
(Y<fZ6#(0
#9oXx#h2
Lr$uW`"
BWi @'Ahv
(8Ll[1b
d@y0NIC
bQS.DpSI/
[cald1
3({"Qj@
7Y4hS!K
vD6OmNUb
gm`_S
r$6[uH
<g21+j-
?:Zq>k
LHy\'T
|2@zwdE3
]3J7)57Yr
,<PinI1/
3}@& $8
vMju8<
(.p$jXZ]
b<=O\[
TQOUHM
tf1GGXaJ<:_O
eQ%A";
_K=}hz)
F<Lq<IZ
ENV}F4o)vK
CaOmmb\?9H:}`I
EEfk /_%)-dzhAy3=hU.!
gFpa}
p B }K
{L{~c{k
SrQZHaE]~7DYu
4,luS-
!r{R[c&I%T
U%-dRiTD
%z|\@!Cl
[y5>w6
P=]a;-Z>
dU6N<?A
xP!uDZK}i79>S
{C,\?a]jv
TEx'1
0P B
5,2?T][
E!h;ju
HJmq}
KG]hOh)
:un4H$
rS:!%sJ
D8#wHY;JF7G-P
q,lKS$HBDi9
HkzPG?t
x31V>)a{Sp~<
!k\\6_k
)0*}PXZH
cFm=@[+Xu
Y;Rg&v[?
a:F0XcMf!
)"vD9
sPj8hc8:`Wg%M
#X:tel`
3SSJb'=jJ
<Kl?#3u
wu"[] O\e[
yl->*vj
c,Ke{z#
JC\9L@0N\z79
#7l(z.
#MTywawX!!*C`zWVTuS/
mG:sI,t
:W.B9'S-]
ajcm v
M) w$EWlG`
JlX8^h"&
n6vpn7PavB
t'\s3n`n[/k
J`&`y[
f@:ros
gIr;DS
No0W=&1(+id9+1
yLTZ;QG^
!-MgO&^wW*ug
R+mP)Gg;CL@
LJ;r J
Q:/v1(
eQ}jy{/
yv(~$5)
maS]rt4&vG
\*dX~c
LyGD.#+
/dbL=#[f>d|~mX
l>oYmUT!e2
yPzh0[OaBVB
r{+yBda!]B
F^*G[<
PLYXcH;l
}>&2Ysnto
C( b/}2
#ymZ(V=n
#y$?VL)#L
BnlCma
pLznR?]c
jo=Q8pz
Ihq0S""k4>
7kKf^Q
$b"!qS}.
/T!hcg0
JqcJ/=NK5*y
yg.crm>
FVgi:fapq
KD$.zW
C8`be?G46
YTu ?K
lz4bg#="
u?SP-uw(
;J"mw](z%;hI
rM@Ej{@Yl
-Xn{M+UV
zcU=~;>dk8veQU-
w}u7oTyLxHV
7ME4P~?ST{
U}v{Q^"
OA=fWOQ;
'4F8"L
d-'v%|3./ %']
T:uC{L0fI#;]'xaD
0e\8vu
('!)NSF N
s!TDU^gUH ,
b%]zOx7$4Y~Bk(T
?B}C_Y
{^jAJ,N
ZrrNs-
lTez%soM
R6Ujlk
KqF?N
EO%HXB"
e^>_3-
kU;av5
l\Lk]Ff j
-&:2"x:5A
j= HpK
^BeDi,*C]4
Fp`o@~Y
QY>;5oy
DBm#f{vpa|
>^>01D
?O-E/\{XoND1
Y(_y!XO
+aP h=Mm
C+~'OH<
S.i0bSpa@
jxc9"k
>r<"^zthZ
1n!y/a=Iv#94w
fT\fl$X{'OW
9r{"?bS
]-DgI"3,nUwNyq]H\Ox
$| W<U%#J|
d@fq7)&
'i6%KkN
iZoWm>my
Mj~]anR-Qp
(,5}@;4,w#
cjk;g0
t\a,/#O
g>?$8S
Bco#I'+/B$
rI'+&2
Ll329E'e9
`xMN,x
^xvHGn
MLnHE=@jL
460&Qz 
yM_}sk
B#'@CX#qR
opOlyjv"?l[
#4~k4
!M?IX
}v s47m`nDz
~.\V=:
c}}K4h
cFAtqFSmX<H`=%e5]_z
qq?%'7 ;A7n#Tf
}ro[gS
^W2,jd
G@.~eo
zc lJx+"
J3&ebkV
her-.h,w,/
#H+7DY(aVu='|$Y
gsV42 Xaj(Ro
E{'Ik$N46
^{d6MGw4c*vx
FaS^OIZ
43CR%hI,
PQW*Y-
g7Qk?v
8c|+Y^Vq
$6_d2qp(I~3[
-f]wAbd
5&6h!f]
hP]Iv_z`ZG
Ds||5Io-*!LfejQ$
C#Ob<Sm
7MBV[J;~
D|3]sE},EoT.8>p
](2bAV'XSsAB
yEA@MLy1@g[+-B
\)h61xG
1#w)Lox
'DZ*sD^
)*}g]|`c
9#jM34C{
R<b8@*)!rj*j'$|5
!&zGHqi@
ml[{?vv
#S7LTK
kjbasz1hj
[Fln43
{He#5Eh
yyd6<~v
gl9BO/]Ch
Gd7h3thr'piMF9
/j%eSXGZ
NLBo TJ
c3sswr\
tThVHT
oql!|1<kp*
]XKkR+^<8
[j]?ZN5w
$m3 j Z+^
f?c9S32LR
nI%s2pi&2
s e6{":&.Wj3#/Zt>
T'2&.dl!Lf
.,0`o-~:Y.dr0d
?kfS^/c0o="6
QnnT++BQ>[lh
&GzV%3zf
94mlXJ
9FvAPqGW;a
AXzd[b
Q8)5&1kJ
{=0$%
VuP-%m
:%3CNh@s4uL^4
ruKbZV
tkp#jS
R%oIRF'e:
xb]QNVo84
%B>>*Y<I
&z:F(la8"yZJYOr}C
bF{G,/C7B:w
f?E0B]
xb'}:)>
A5Tq<b
aa_q;q
(}.Acd
P :v9dO
FmF|#5O{t SU`l"~3y+8~[3
fQYwXX
If:H)0x
=_Qn$uNpvsP
Pvy1ug
ZrARQ@cX8{b^T
0 +93
F6u2XomM
YrXqRo
bR22i8-H
"%g^X?t*^
x3*pu_Sy
5"/)';
i}a$Zi
R`%!WI/X+
3]E^A,
Kj<3`J
)RIF[Af&D
DAe-Nz
k@s.Gs6&Y
.2GoSIad}
(T|]GGW->8x%$CT*jr
pJ}=|G/
0n]XGv^
,hFoF2vy)\B;
4{)7Lct "dNfC3y
~k07eL
*b]!6N{c$_
%*>EtN
U~8G{kE68^
,j+8f
>6wJj6
J':*FYyMh6PS$I
./`)bZ-/DYk
S1q&j;
ferR[(.%|
y'= ua{tnDJu-1Uw:+
h7O,>O<
yo^Iw}
C6g3v&#&
Il68Ld
<,~';oo4p%?\G
c|.(|$Y
]]3&XQI
#:qH5yY#S
q_BCQrg$E
{'KfpP
\w;*)R
c&YK19V
^; loj
nLshA>67
Bq]jv/H'tJ"!n:a
QJ`'4Ja3L7
=zw$EDethb
'_'j|%Ej
x`~~7:
[][bsA
8)jk\B
IoGx)r
t41yuj !Rw
6M[d)Q
3L$BJv
K)y,thbRrd
)8DYw2
h#[_*5jdVdUEV4
#gCa\h
rx1.)}
e-WMk1D
BSO''Z ^
b.C]mSF
|q5\j%$4
Fw+g/k
"V>wD&
;O$A"rrLuxx@fU^))>Ou~>t#9cq'5
NF6LV?
8;/Y>`
l;p,<z2*
a<oGJv
NbYQO7Gdp]
7_m#`p{-8
r00=+H1
Vp$`EY,
,~3qs\_
TEk!4\qL?
~BF8v=<
R~(yN-JN%[&
WqH<TU0>ir
EHD xp>R
~5UD\0
zg<il
8y=dN!
/8dMcg0
Z\lG{D,f
i8pL,X"V
|30dy&3[2PYM${G
dSLQ|3{X(|cnK,"
ozJ**Ko
EC*`~t@f8
9X1M]1S<TP&~h
(y0QFr/JB*
&o}EBmnW=n6!O6&(X
~{D_[J\_S
/{s[Pq)`)
6n%EnOA
z#H>zI
f/d>vGu1
kk'l8N2i
O^*LX$
`edp}z[~
9$F@@/
<B`JhWh
%PX}6sDmFV
^"gdeOBOE
) q]Lx
GP~s1bCKI
#c =nb{Y
oX#B7op>]
sOb4n$om
Xyf&t:d7D
N9@o>
l5$KskeexE"
W"02uyi
K9qP8/[AH}
~cTrO)_
60olw-
hIe.Um
'<7#qN:X:
FA0h^Opbr6
9\]wh`t
ZZ'CCPG
uWD<X<Q;C<F
QYZ9`^
hgoZ)3
8ZSyZesC
VI|6!r
j67X:YRFE
O`xK_)#\e
"};Sd1c`X
&-Yx`.Q=wp
?%DcvU~`x
VOU&.$
/V=\GXwJT]@
-t4(ymy
"q[MY~
hex%S@BNz~L.Y)0
7$l;nl5oqi2C8?
5\8?/Pml
Mx]/c
<P;1Cd`
4h$ECAjR[O=u
UsE@u3l
%e>EXR6Q$R
?]"&={4
]4PB9G87zL
=1Ejb+mPQdgCy
}}bh7>
/+x\N\T
InHDX&)j/z
NQWTPO*6
GK^#zE'c
L9/=zBLav?Ui
GG#@vb
dOq3;5
Z0RtUoCB~
7TO6h
y`GDb;@
DeUK!6Bo Z?
wk&-)4
Fh:Oz
w |V-=7SR%Y
U.w~uB/
KEv \g
:$shYn%
Cq>9?Q1eOK5
Qf&:j91
)rFm;d
j2|FVb
vKhv;&d0|
{?h]s
D7GO]0S{
P/1[w7kyn`gyG
H:.6w}T
r'1]#pHj3Kz
acw0Iy
1X6[B&n|^,-
Q"_%mj`M`m/
!8#8rNW8tM
~r!HIi
;G6Nj0qXyI{
3qC(`{6!LLU
ZaLhN+w)
%;E4da
|'f.Qb\]/
ViKUAbL=
oyii7+?JL
SIr+1bMYa+
x=o+?1hv&
&MYl4\
k<_{i7
aKCbyc6H;&0p*(\
z":RGzw;
t1+,hd
#ob|p!/8]|!Y&K/
XHQq1|
TbvgK:)X
?*il.OH
'w]L,vL"
L(a"oUr
b^"B?q8MQX
M+tFRru
WQ.m`$b6l@
vux:# ;X
==)Vs>
BX/PGM
26{]_B[jD
5K^4a8\/gScP
}:X#N:
j2w/<}
HDqAnB!vXo7pg
.=_W."M
wD`.>d
UdelZ:%%
R_[F{nT
W"JrqXXjXOS
r,;HEiB0
9*Avi,d</
RV%<`VKOm
"Dh%[_
rS[PVZ=Rf
@,(~bn
\+T-p9=q5N4+
1{bU,6Gfi3
J@$*;TQ
4iMcD
vL@0#GF
!sTcJr5
bk]pb`
4\v"Zn
!P4h"e1.
"p/f3kwEj
._hGb-W{>a
/z^,y<
(U;X:yBqxy Z
_R)crlP\5
!#M074
~gySXu,)i
BVwh^&"`
i>&:`"
K8~Vt3gUx
'YjA-r.}[J\h4B5-
EWy?oba^
.)9x7+
&69l&5UOA\C
Wg'.P9OS
|X|=G]]$
e%qkgH
u"bkK8,
s$\"Fz^n]
Ea#3lU0pZ%
9~^Wrx
^~r/v{tW
_4_4A`~C
tYN2Xd~En/~
_g!ws'%m
%-oc#
&zzta^
1yr%'C"4
9Kl:STq
H]jbv~q
iF53*5)3
1;59^\lt
V2A.9oA
Cf5Pp_8j'[HmXm@h`
"PzJ2RQ:
6^dr#.0
8*ULPS;
\_/DX1F
"[YC%A
*hc'Ay8;1=YD-Cb
BF'%3mNH|h
R-y`Oc
Y+Pi53+XK
^^ =*Tt
4rP7cUxW
DVCLAL
PACKAGEINFO

DNS

Name Response Post-Analysis Lookup
dns.msftncsi.com A 131.107.255.255 131.107.255.255
dns.msftncsi.com AAAA fd3e:4f5a:5b81::1 131.107.255.255

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 53179 224.0.0.252 5355
192.168.56.101 49642 224.0.0.252 5355
192.168.56.101 137 192.168.56.255 137
192.168.56.101 61714 114.114.114.114 53
192.168.56.101 56933 114.114.114.114 53
192.168.56.101 138 192.168.56.255 138

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.