1.2
低危
DACN
0.12
FACILE
1.00
IMCLNet
0.65
MFGraph
0.00
反病毒引擎
未检测
暂无反病毒引擎检测结果
静态指标
动态指标
分配可读-可写-可执行内存(通常用于自解压)
(1 个事件)
该二进制文件可能包含加密或压缩数据,表明使用了打包工具
(2 个事件)
| section | {'name': '.text', 'virtual_address': '0x00001000', 'virtual_size': '0x0000a966', 'size_of_data': '0x0000b000', 'entropy': 7.011519695202248} | entropy | 7.011519695202248 | description | 发现高熵的节 | |||||||||
| entropy | 0.6470588235294118 | description | 此PE文件的整体熵值较高 | |||||||||||
网络通信
与未执行 DNS 查询的主机进行通信
(1 个事件)
| host | 114.114.114.114 | |||
连接到不再响应请求的 IP 地址(合法服务通常会保持运行)
(1 个事件)
| dead_host | 192.168.0.202:80 |
二进制图像
288x288
224x224
192x192
160x160
128x128
96x96
64x64
32x32
运行截图
暂无运行截图
该样本运行过程中未生成截图
PE Compile Time
2009-04-06 10:45:28
PE Imphash
fb6bd8ebf4e6421b53c55dfe7d3c43af
Sections
| Name | Virtual Address | Virtual Size | Size of Raw Data | Entropy |
|---|---|---|---|---|
| .text | 0x00001000 | 0x0000a966 | 0x0000b000 | 7.011519695202248 |
| .rdata | 0x0000c000 | 0x00000fe6 | 0x00001000 | 5.318390353744998 |
| .data | 0x0000d000 | 0x0000705c | 0x00004000 | 4.407841023203495 |
| .rsrc | 0x00015000 | 0x000007c8 | 0x00001000 | 1.958296025171192 |
Resources
| Name | Offset | Size | Language | Sub-language | File type |
|---|---|---|---|---|---|
| RT_VERSION | 0x00015060 | 0x00000768 | LANG_ENGLISH | SUBLANG_ENGLISH_US | None |
Imports
Library MSVCRT.dll:
• 0x40c0c8 _iob
• 0x40c0cc _except_handler3
• 0x40c0d0 __set_app_type
• 0x40c0d4 __p__fmode
• 0x40c0d8 __p__commode
• 0x40c0dc _adjust_fdiv
• 0x40c0e0 __setusermatherr
• 0x40c0e4 _initterm
• 0x40c0e8 __getmainargs
• 0x40c0ec __p___initenv
• 0x40c0f0 _XcptFilter
• 0x40c0f4 _exit
• 0x40c0f8 _onexit
• 0x40c0fc __dllonexit
• 0x40c100 strrchr
• 0x40c104 wcsncmp
• 0x40c108 _close
• 0x40c10c wcslen
• 0x40c110 wcscpy
• 0x40c114 strerror
• 0x40c118 modf
• 0x40c11c strspn
• 0x40c120 realloc
• 0x40c124 __p__environ
• 0x40c128 __p__wenviron
• 0x40c12c _errno
• 0x40c130 free
• 0x40c134 strncmp
• 0x40c138 strstr
• 0x40c13c strncpy
• 0x40c140 _ftol
• 0x40c144 qsort
• 0x40c148 fopen
• 0x40c14c perror
• 0x40c150 fclose
• 0x40c154 fflush
• 0x40c158 calloc
• 0x40c15c malloc
• 0x40c160 signal
• 0x40c164 printf
• 0x40c168 _isctype
• 0x40c16c atoi
• 0x40c170 exit
• 0x40c174 __mb_cur_max
• 0x40c178 _pctype
• 0x40c17c strchr
• 0x40c180 fprintf
• 0x40c184 _controlfp
• 0x40c188 _strdup
• 0x40c18c _strnicmp
Library KERNEL32.dll:
• 0x40c00c PeekNamedPipe
• 0x40c010 ReadFile
• 0x40c014 WriteFile
• 0x40c018 LoadLibraryA
• 0x40c01c GetProcAddress
• 0x40c020 GetVersionExA
• 0x40c024 GetExitCodeProcess
• 0x40c028 TerminateProcess
• 0x40c02c LeaveCriticalSection
• 0x40c030 SetEvent
• 0x40c034 ReleaseMutex
• 0x40c038 EnterCriticalSection
• 0x40c03c DeleteCriticalSection
• 0x40c040 InitializeCriticalSection
• 0x40c044 CreateMutexA
• 0x40c048 GetFileType
• 0x40c04c SetLastError
• 0x40c050 FreeEnvironmentStringsW
• 0x40c054 GetEnvironmentStringsW
• 0x40c058 GlobalFree
• 0x40c05c GetCommandLineW
• 0x40c060 TlsAlloc
• 0x40c064 TlsFree
• 0x40c068 DuplicateHandle
• 0x40c06c GetCurrentProcess
• 0x40c070 SetHandleInformation
• 0x40c074 CloseHandle
• 0x40c078 GetSystemTimeAsFileTime
• 0x40c07c FileTimeToSystemTime
• 0x40c080 GetTimeZoneInformation
• 0x40c084 FileTimeToLocalFileTime
• 0x40c088 SystemTimeToFileTime
• 0x40c08c SystemTimeToTzSpecificLocalTime
• 0x40c090 Sleep
• 0x40c094 FormatMessageA
• 0x40c098 GetLastError
• 0x40c09c WaitForSingleObject
• 0x40c0a0 CreateEventA
• 0x40c0a4 SetStdHandle
• 0x40c0a8 SetFilePointer
• 0x40c0ac CreateFileA
• 0x40c0b0 CreateFileW
• 0x40c0b4 GetOverlappedResult
• 0x40c0b8 DeviceIoControl
• 0x40c0bc GetFileInformationByHandle
• 0x40c0c0 LocalFree
Library WSOCK32.dll:
• 0x40c1a0 getsockopt
• 0x40c1a4 connect
• 0x40c1a8 htons
• 0x40c1ac gethostbyname
• 0x40c1b0 ntohl
• 0x40c1b4 ioctlsocket
• 0x40c1b8 setsockopt
• 0x40c1bc socket
• 0x40c1c0 closesocket
• 0x40c1c4 select
• 0x40c1c8 inet_addr
• 0x40c1cc __WSAFDIsSet
• 0x40c1d0 WSAStartup
• 0x40c1d4 WSACleanup
• 0x40c1d8 WSAGetLastError
L!This program cannot be run in DOS mode.
8YYYEYTEYFYFYY
_YRichY
`.rdata
@.data
5@Y"UQR3DJ
UqE@MPQh
EB:@8A
p@AAShR
tG%13I
L@ARPDH
Sh@WpRD
E_MUQRh
E7&W5Y@
~6gfff
&^3B[]
R_^3[]
@A''7I?AI7@7ACCH'CJ7/JHJIBJ7@J'@H'7KBC7K//J7CIHK
'HBAK?BI?I'K?B?IIJJB?A@H??/?CK
BA?J?ZX
A%PD@A
PVR,-0@
@jL@Af
A`QNPG
AUR{uLC
@*Pnnh@IR
T6fU|SV8u
EnQ>u@
MMMM@M}
U}KU5`}U@p\tMQMhlTM
_x|MXMMMMM
MgY]Y3\]R
TilW9}
M1UUSWQRE
M}S@ESWPQU
]m]ml]
xMcEEEh
e.uE]9]
2ME}]!]
HJE]mE
HO@t03
shJ1@>j WSU
@UU]O#
MSWRUPEQMx
P,EQpPhP@
MRUPuQM
UPEQdP`
QXMRUEREOMP
MUEQMR|PxQM:RUPEQMRPQhH
UEMSWR
U%QR|@
]QMPE+
PERVUk+
RQhX@.
QPPWSh4@
UERPVh`@
QDPhQa
QPfR>UPeE$+
UDPQ6@
Xw?E6P
_^[]vU@E
^6[];t
[]_t3D]WUEM
Mm5@<Rh@/@
=PPRhP@
A7QPPbhX@
PPQh/@
PPR6`@
PPQhh@
A:PQhXr
$PPhh@
l33UUUUUU
UTURxUU
zLU/IMM
RPh,@I
Ah2MRP
WRPQS
RU/EWRPWWQ5@l
A$MgE0BMUM.QMP
UuR%UWRS(E%}
0QMRWPEQ^o
WRSWPh@T7
W+@h@7@
63;u%~
jxRVn#
_:[]Vh
C Ph`ud@
RPMRK$oh
u.hI@V
RPZ<@=8@
tbhh@xV
ipEUM+
h @h@C)
P@hd=@
h @(PKu@
^UQL@A
@A]Rhh
i@EhI\@@Q@
VWb}PhN
t-UjxRVy?
t.EjxPV?
t-0jxPV>
Ph)U(Q
SVWV=0@Tp
SVWPl;ga
IGptMS
a$UAFA
_<tkPF
<G0O4_
SjVWs)
Ps0TWF
W>~W5M
3~uC0GEW
t6G0*@
YDW);Eu
BtmS>2<M=
07 8 ;
w$w( tbS
_2t4P:R
*8_^3[]
JE-U]H
G ;t;j
O_^[Dq
PUQRh@~@
zou{pK+
PQR|]QUM
BCJ8%Wx
VWjW*)_^]
u^]hQ1/S\
U$SVW}
0E&E_^
PQhwUj
B(|[A93]
U6VuWF
H:t$?:G 0
muPPPEPt
A';rJ;s
]UZ AT
SYQVWC
5@?zWG
!QV(cTE
PPh6bt
Q,>%^3[]
eS]VWjPSu
3Vuqhf@
UNV(QRP
EEQ7jj$
Eu_[dS
joRQgK5
@@T2:3Q 3&.(f~%
@A ^]B
8"UERP[@
E&s(gxTi
|`wURS+
3+Q^Ht0H6( U
K$kh+^
WK(3[]
S(q3[]
Onuh@A
VWQR?2
f^(teW
FF _[]UE
S9!Y.U
;Wu6?@
sD#dR0
8SbjBF<a|
|JfAX$
=c8{cd}
mDOnj@
!ZS} /3?IX
`1dP0R
J&1<a|
};}$uXX$
D$$[[aYZQ__Z
hws2_ThLw&
)TPh)k
PPPPP@P@Ph
~66j@h
0WhunMa^^
0MA=rE
@B;:UyE8 A
:EURR/R U3PEPE
E 3E{MIt"j.V
0.2EVEP
ljt|EE,t
MN*E@EE
E\}Lt&
@E=<PBFUU'UMl
.EE%uE
f [C0M
~<QRjxj
tM.URP
EuJ}tCt4Er'
@EMA>OMuM
tXMuQ1x;Gt.
@-MUAMMI;M
UCE^[k]
1z<U<X
MPE!mU
Uk;}"+
.U$F[O
S] V3W
D(rP;vXEg0@
UQMA;YMwCP;\
F;rPcv
C&%z!Q
w<!ECP;s0
+8l_[]
PWRQSO
@UQEeSV
?p:_^[
3($LE FIL
E +]_1^[]
0F05$+[01>[Z
p"UXSVW}
k@L+O<Xt
QERP:@
hT@Q#G
d@5s@e@0@
|-u,W2=@
I"_^]1
RUbEEnMPB
^u,W=|@
EPh~fhQE
^]3]IDUvcM
~$^ _^3[]
j$3^H]
M3R|^V
F83^X]
$F83^v]
$F83^]
UPMgjCQ
VWPUQd
Agfff_
Ac^c03Ae
S;/t}<\u4/t
\*{?t$
f@g<v=
UYWVPE
PN3n_^[]
VWMN{Qlj
)xUSVu
tRG._V[]
MM!M9taURW
GE1utM
g[]V7E
4B SnW}
SSSSSSSMQ]8]]]E
R;u!rU
RQ>u)U
\=iV8V<pNH/
FfVLS8N
FHuNWNHj
6yVLFo
)@N@VD
yiM^NDT
G UF$E
j[QPVZ
AXv@@iE
h W@whp@
d3]=!(
}~6E6+[E
)MM`U
QUUdVRPR
8FVP* @M
;|MW9_[]
:_[]SE
AGV=h @h_@
_^3R[]
UwEM##;u
"Eh:U#YB
SVW:E5ua^3[]
O:0N0E
3]SVMWU
PSX>{E}{H
iK<KHDh
=K<CD;r7C@K8U,PQSE
;S?tdsP0T
msrCSS<CDi;nw
6dVeu}
PJQWRPl
T^u8MJu
VPUNTM
U$V8NT
_[^]13^]
0P;T77
@PT7\7
PD7?@;
zWVS3D$]
UWTh`@
RSVWeC
uX0EPjp@
3OyNb%Lu
C t7
~ ,33:SVD$X
YY63j%F@%d
Gz?MbP?
(null)
0123456789abcdef
0123456789ABCDEF
0123456789abcdef
0123456789ABCDEF
0123456789
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@>@@@?456789:;<=@@@@@@@
@@@@@@
!"#$%&'()*+,-./0123@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/
fprintf
strchr
_pctype
__mb_cur_max
_isctype
printf
signal
malloc
calloc
fflush
fclose
perror
strncpy
strstr
strncmp
_errno
__p__wenviron
__p__environ
realloc
strspn
strerror
wcscpy
wcslen
_close
wcsncmp
strrchr
MSVCRT.dll
__dllonexit
_onexit
_XcptFilter
__p___initenv
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
_controlfp
SetLastError
FreeEnvironmentStringsW
GetEnvironmentStringsW
GlobalFree
GetCommandLineW
TlsAlloc
TlsFree
DuplicateHandle
GetCurrentProcess
SetHandleInformation
CloseHandle
GetSystemTimeAsFileTime
FileTimeToSystemTime
GetTimeZoneInformation
FileTimeToLocalFileTime
SystemTimeToFileTime
SystemTimeToTzSpecificLocalTime
FormatMessageA
GetLastError
WaitForSingleObject
CreateEventA
SetStdHandle
SetFilePointer
CreateFileA
CreateFileW
GetOverlappedResult
DeviceIoControl
GetFileInformationByHandle
LocalFree
GetFileType
CreateMutexA
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
ReleaseMutex
SetEvent
LeaveCriticalSection
TerminateProcess
GetExitCodeProcess
GetVersionExA
GetProcAddress
LoadLibraryA
WriteFile
ReadFile
PeekNamedPipe
KERNEL32.dll
AllocateAndInitializeSid
FreeSid
ADVAPI32.dll
WSOCK32.dll
WSASend
WSARecv
WS2_32.dll
_strnicmp
_strdup
%s: Cannot use concurrency level greater than total number of requests
%s: Invalid Concurrency [Range 0..%d]
%s: invalid URL
%s: wrong number of arguments
User-Agent:
Accept:
Proxy-Authorization: Basic
Proxy credentials too long
Authorization: Basic
Authentication credentials too long
Cookie:
Cannot mix PUT and HEAD
Cannot mix POST and HEAD
Cannot mix POST/PUT and HEAD
Invalid number of requests
n:c:t:b:T:p:u:v:rkVhwix:y:z:C:H:P:A:g:X:de:Sq
bgcolor=white
Total of %d requests completed
..done
Finished %d requests
apr_socket_connect()
Test aborted after 10 failures
Server timed out
apr_poll
apr_sockaddr_info_get() for %s
error creating request buffer: out of memory
INFO: %s header ==
Request too long
%s %s HTTP/1.0
%s%s%sContent-length: %u
Content-type: %s
text/plain
%s %s HTTP/1.0
%s%s%s%s
Connection: Keep-Alive
Accept: */*
User-Agent: ApacheBench/
Host:
apr_pollset_create failed
(be patient)%s
[through %s:%d]
Benchmarking %s
%s: %s (%d)
Send request failed!
Send request timed out!
starttime
seconds
Cannot open gnuplot output file
%d,%.3f
Percentage served,Time in ms
Cannot open CSV output file
%d%% %5I64d
100%% %5I64d (longest request)
0%% <0> (never)
Percentage of the requests served within a certain time (ms)
Total: %5I64d %5I64d%5I64d
Processing: %5I64d %5I64d%5I64d
Connect: %5I64d %5I64d%5I64d
min avg max
WARNING: The median and mean for the total time are not within a normal deviation
These results are probably not that reliable.
ERROR: The median and mean for the total time are more than twice the standard
deviation apart. These results are NOT reliable.
WARNING: The median and mean for the waiting time are not within a normal deviation
These results are probably not that reliable.
ERROR: The median and mean for the waiting time are more than twice the standard
deviation apart. These results are NOT reliable.
WARNING: The median and mean for the processing time are not within a normal deviation
These results are probably not that reliable.
ERROR: The median and mean for the processing time are more than twice the standard
deviation apart. These results are NOT reliable.
WARNING: The median and mean for the initial connection time are not within a normal deviation
These results are probably not that reliable.
ERROR: The median and mean for the initial connection time are more than twice the standard
deviation apart. These results are NOT reliable.
Total: %5I64d %4I64d %5.1f %6I64d %7I64d
Waiting: %5I64d %4I64d %5.1f %6I64d %7I64d
Processing: %5I64d %4I64d %5.1f %6I64d %7I64d
Connect: %5I64d %4I64d %5.1f %6I64d %7I64d
min mean[+/-sd] median max
Connection Times (ms)
%.2f kb/s total
%.2f kb/s sent
Transfer rate: %.2f [Kbytes/sec] received
Time per request: %.3f [ms] (mean, across all concurrent requests)
Time per request: %.3f [ms] (mean)
Requests per second: %.2f [#/sec] (mean)
HTML transferred: %I64d bytes
Total PUT: %I64d
Total POSTed: %I64d
Total transferred: %I64d bytes
Keep-Alive requests: %d
Non-2xx responses: %d
Write errors: %d
(Connect: %d, Receive: %d, Length: %d, Exceptions: %d)
Failed requests: %d
Complete requests: %d
Time taken for tests: %.3f seconds
Concurrency Level: %d
Document Length: %u bytes
Document Path: %s
Server Port: %hu
Server Hostname: %s
Server Software: %s
</table>
<tr %s><th %s>Total:</th><td %s>%5I64d</td><td %s>%5I64d</td><td %s>%5I64d</td></tr>
<tr %s><th %s>Processing:</th><td %s>%5I64d</td><td %s>%5I64d</td><td %s>%5I64d</td></tr>
<tr %s><th %s>Connect:</th><td %s>%5I64d</td><td %s>%5I64d</td><td %s>%5I64d</td></tr>
<tr %s><th %s> </th> <th %s>min</th> <th %s>avg</th> <th %s>max</th></tr>
<tr %s><th %s colspan=4>Connnection Times (ms)</th></tr>
<tr %s><td colspan=2 %s> </td><td colspan=2 %s>%.2f kb/s total</td></tr>
<tr %s><td colspan=2 %s> </td><td colspan=2 %s>%.2f kb/s sent</td></tr>
<tr %s><th colspan=2 %s>Transfer rate:</th><td colspan=2 %s>%.2f kb/s received</td></tr>
<tr %s><th colspan=2 %s>Requests per second:</th><td colspan=2 %s>%.2f</td></tr>
<tr %s><th colspan=2 %s>HTML transferred:</th><td colspan=2 %s>%I64d bytes</td></tr>
<tr %s><th colspan=2 %s>Total PUT:</th><td colspan=2 %s>%I64d</td></tr>
<tr %s><th colspan=2 %s>Total POSTed:</th><td colspan=2 %s>%I64d</td></tr>
<tr %s><th colspan=2 %s>Total transferred:</th><td colspan=2 %s>%I64d bytes</td></tr>
<tr %s><th colspan=2 %s>Keep-Alive requests:</th><td colspan=2 %s>%d</td></tr>
<tr %s><th colspan=2 %s>Non-2xx responses:</th><td colspan=2 %s>%d</td></tr>
<tr %s><td colspan=4 %s > (Connect: %d, Length: %d, Exceptions: %d)</td></tr>
<tr %s><th colspan=2 %s>Failed requests:</th><td colspan=2 %s>%d</td></tr>
<tr %s><th colspan=2 %s>Complete requests:</th><td colspan=2 %s>%d</td></tr>
<tr %s><th colspan=2 %s>Time taken for tests:</th><td colspan=2 %s>%.3f seconds</td></tr>
<tr %s><th colspan=2 %s>Concurrency Level:</th><td colspan=2 %s>%d</td></tr>
<tr %s><th colspan=2 %s>Document Length:</th><td colspan=2 %s>%u bytes</td></tr>
<tr %s><th colspan=2 %s>Document Path:</th><td colspan=2 %s>%s</td></tr>
<tr %s><th colspan=2 %s>Server Port:</th><td colspan=2 %s>%hu</td></tr>
<tr %s><th colspan=2 %s>Server Hostname:</th><td colspan=2 %s>%s</td></tr>
<tr %s><th colspan=2 %s>Server Software:</th><td colspan=2 %s>%s</td></tr>
<table %s>
socket receive buffer
socket send buffer
socket nonblock
socket
Completed %d requests
Content-length:
Content-Length:
keep-alive
Keep-Alive
LOG: Response code = %s
WARNING: Response code not 2xx (%s)
Server:
LOG: header received:
apr_socket_recv
Licensed to The Apache Software Foundation, http://www.apache.org/<br>
Copyright 1996 Adam Twiss, Zeus Technology Ltd, http://www.zeustech.net/<br>
This is ApacheBench, Version %s <i><%s></i><br>
$Revision: 655654 $
Licensed to The Apache Software Foundation, http://www.apache.org/
Copyright 1996 Adam Twiss, Zeus Technology Ltd, http://www.zeustech.net/
This is ApacheBench, Version %s
2.3 <$Revision: 655654 $>
-h Display usage information (this message)
-r Don't exit on socket receive errors.
-e filename Output CSV file with percentages served
-g filename Output collected data to gnuplot format file.
-S Do not show confidence estimators and warnings.
-d Do not show percentiles served table.
-k Use HTTP KeepAlive feature
-V Print version number and exit
-X proxy:port Proxyserver and port number to use
-P attribute Add Basic Proxy Authentication, the attributes
are a colon separated username and password.
-A attribute Add Basic WWW Authentication, the attributes
Inserted after all normal header lines. (repeatable)
-H attribute Add Arbitrary header line, eg. 'Accept-Encoding: gzip'
-C attribute Add cookie, eg. 'Apache=1234. (repeatable)
-z attributes String to insert as td or th attributes
-y attributes String to insert as tr attributes
-x attributes String to insert as table attributes
-i Use HEAD instead of GET
-w Print out results in HTML tables
-v verbosity How much troubleshooting info to print
Default is 'text/plain'
'application/x-www-form-urlencoded'
-T content-type Content-type header for POSTing, eg.
-u putfile File containing data to PUT. Remember also to set -T
-p postfile File containing data to POST. Remember also to set -T
-b windowsize Size of TCP send/receive buffer, in bytes
-t timelimit Seconds to max. wait for responses
-c concurrency Number of multiple requests to make
-n requests Number of requests to perform
Options are:
Usage: %s [options] [http://]hostname[:port]/path
SSL not compiled in; no https support
https://
http://
ab: Could not read POST data file: %s
ab: Could not allocate POST data buffer
ab: Could not stat POST data file (%s): %s
ab: Could not open POST data file (%s): %s
apr_global_pool
%d.%d%c
KMGTPE
%s: illegal option -- %c
%s: option requires an argument -- %c
CommandLineToArgvW
apr_initialize
0123456789.
0.0.0.0
bogus %p
No host data of that type was found
Host not found
Graceful shutdown in progress
WSAStartup not yet called
Winsock version out of range
Network system is unavailable
Too many levels of remote in path
Stale NFS file handle
Disc quota exceeded
Too many users
Too many processes
Directory not empty
No route to host
Host is down
File name too long
Too many levels of symbolic links
Connection refused
Connection timed out
Too many references, can't splice
Can't send after socket shutdown
Socket is not connected
Socket is already connected
No buffer space available
Connection reset by peer
Software caused connection abort
Net connection reset
Network is unreachable
Network is down
Can't assign requested address
Address already in use
Address family not supported
Protocol family not supported
Operation not supported on socket
Socket type not supported
Protocol not supported
Bad protocol option
Protocol wrong type for socket
Message too long
Destination address required
Socket operation on non-socket
Operation already in progress
Operation now in progress
Operation would block
Too many open sockets
Invalid argument
Bad address
Permission denied
Bad file number
Interrupted system call
APR does not understand this error code
Error string not specified yet
passwords do not match
This function has not been implemented on this platform
There is no error, this value signifies an initialized error code
Shared memory is implemented using a key system
Shared memory is implemented using files
Shared memory is implemented anonymously
Could not find specified socket in poll list.
End of file found
Missing parameter for the specified command line option
Bad character specified on command line
Partial results are valid but processing is incomplete
The timeout specified has expired
The specified child process is not done executing
The specified child process is done executing
The specified thread is not detached
The specified thread is detached
Your code just forked, and you are currently executing in the parent process
Your code just forked, and you are currently executing in the child process
Internal error
The process is not recognized.
The given path contained wildcard characters
The given path is misformatted or contained invalid characters
The given path was above the root path
The given path is incomplete
The given path is relative
The given path is absolute
The specified network mask is invalid.
The specified IP address is invalid.
DSO load failed
No shared memory is currently available
No thread key structure was provided and one was required.
No thread was provided and one was required.
No socket was provided and one was required.
No poll structure was provided and one was required.
No lock was provided and one was required.
No directory was provided and one was required.
No time was provided and one was required.
No process was provided and one was required.
An invalid socket was returned
An invalid date has been provided
A new pool could not be created.
Unrecognized Win32 error code %d
CancelIo
GetCompressedFileSizeA
GetCompressedFileSizeW
ZwQueryInformationFile
GetSecurityInfo
GetNamedSecurityInfoA
GetNamedSecurityInfoW
GetEffectiveRightsFromAclW
ntdll.dll
shell32
ws2_32
mswsock
advapi32
kernel32
C:\local0\asf\release\build-2.2.14\support\Release\ab.pdb
\�\�?�\�U�N�C�\�
V�S�_�V�E�R�S�I�O�N�_�I�N�F�O�
S�t�r�i�n�g�F�i�l�e�I�n�f�o�
0�4�0�9�0�4�b�0�
C�o�m�m�e�n�t�s�
L�i�c�e�n�s�e�d� �u�n�d�e�r� �t�h�e� �A�p�a�c�h�e� �L�i�c�e�n�s�e�,� �V�e�r�s�i�o�n� �2�.�0� �(�t�h�e� �"�L�i�c�e�n�s�e�"�)�;� �y�o�u� �m�a�y� �n�o�t� �u�s�e� �t�h�i�s� �f�i�l�e� �e�x�c�e�p�t� �i�n� �c�o�m�p�l�i�a�n�c�e� �w�i�t�h� �t�h�e� �L�i�c�e�n�s�e�.� �Y�o�u� �m�a�y� �o�b�t�a�i�n� �a� �c�o�p�y� �o�f� �t�h�e� �L�i�c�e�n�s�e� �a�t�
h�t�t�p�:�/�/�w�w�w�.�a�p�a�c�h�e�.�o�r�g�/�l�i�c�e�n�s�e�s�/�L�I�C�E�N�S�E�-�2�.�0�
U�n�l�e�s�s� �r�e�q�u�i�r�e�d� �b�y� �a�p�p�l�i�c�a�b�l�e� �l�a�w� �o�r� �a�g�r�e�e�d� �t�o� �i�n� �w�r�i�t�i�n�g�,� �s�o�f�t�w�a�r�e� �d�i�s�t�r�i�b�u�t�e�d� �u�n�d�e�r� �t�h�e� �L�i�c�e�n�s�e� �i�s� �d�i�s�t�r�i�b�u�t�e�d� �o�n� �a�n� �"�A�S� �I�S�"� �B�A�S�I�S�,� �W�I�T�H�O�U�T� �W�A�R�R�A�N�T�I�E�S� �O�R� �C�O�N�D�I�T�I�O�N�S� �O�F� �A�N�Y� �K�I�N�D�,� �e�i�t�h�e�r� �e�x�p�r�e�s�s� �o�r� �i�m�p�l�i�e�d�.� �S�e�e� �t�h�e� �L�i�c�e�n�s�e� �f�o�r� �t�h�e� �s�p�e�c�i�f�i�c� �l�a�n�g�u�a�g�e� �g�o�v�e�r�n�i�n�g� �p�e�r�m�i�s�s�i�o�n�s� �a�n�d� �l�i�m�i�t�a�t�i�o�n�s� �u�n�d�e�r� �t�h�e� �L�i�c�e�n�s�e�.�
C�o�m�p�a�n�y�N�a�m�e�
A�p�a�c�h�e� �S�o�f�t�w�a�r�e� �F�o�u�n�d�a�t�i�o�n�
F�i�l�e�D�e�s�c�r�i�p�t�i�o�n�
A�p�a�c�h�e�B�e�n�c�h� �c�o�m�m�a�n�d� �l�i�n�e� �u�t�i�l�i�t�y�
F�i�l�e�V�e�r�s�i�o�n�
2�.�2�.�1�4�
I�n�t�e�r�n�a�l�N�a�m�e�
a�b�.�e�x�e�
L�e�g�a�l�C�o�p�y�r�i�g�h�t�
C�o�p�y�r�i�g�h�t� �2�0�0�9� �T�h�e� �A�p�a�c�h�e� �S�o�f�t�w�a�r�e� �F�o�u�n�d�a�t�i�o�n�.�
O�r�i�g�i�n�a�l�F�i�l�e�n�a�m�e�
a�b�.�e�x�e�
P�r�o�d�u�c�t�N�a�m�e�
A�p�a�c�h�e� �H�T�T�P� �S�e�r�v�e�r�
P�r�o�d�u�c�t�V�e�r�s�i�o�n�
2�.�2�.�1�4�
V�a�r�F�i�l�e�I�n�f�o�
T�r�a�n�s�l�a�t�i�o�n�
Process Tree
- 0230b0f2c706b4dd28b9071bd066c4d550c77940e5fed652ccf398aa97d06fe6.exe (1784) "C:\Users\Administrator\AppData\Local\Temp\0230b0f2c706b4dd28b9071bd066c4d550c77940e5fed652ccf398aa97d06fe6.exe"
Hosts
| IP |
|---|
| 114.114.114.114 |
DNS
| Name | Response | Post-Analysis Lookup |
|---|---|---|
| dns.msftncsi.com | A 131.107.255.255 | 131.107.255.255 |
| dns.msftncsi.com | AAAA fd3e:4f5a:5b81::1 | 131.107.255.255 |
TCP
No TCP connections recorded.
UDP
| Source | Source Port | Destination | Destination Port |
|---|---|---|---|
| 192.168.56.101 | 53179 | 224.0.0.252 | 5355 |
| 192.168.56.101 | 49642 | 224.0.0.252 | 5355 |
| 192.168.56.101 | 137 | 192.168.56.255 | 137 |
| 192.168.56.101 | 61714 | 114.114.114.114 | 53 |
| 192.168.56.101 | 56933 | 114.114.114.114 | 53 |
| 192.168.56.101 | 138 | 192.168.56.255 | 138 |
HTTP & HTTPS Requests
No HTTP requests performed.
ICMP traffic
No ICMP traffic performed.
IRC traffic
No IRC requests performed.
Suricata Alerts
No Suricata Alerts
Suricata TLS
No Suricata TLS
Snort Alerts
No Snort Alerts
Sorry! No dropped files.
Sorry! No dropped buffers.