1.1
低危
DACN
0.12
FACILE
1.00
IMCLNet
0.84
MFGraph
0.00
反病毒引擎
| 查杀引擎 | 查杀结果 | 查杀时间 | 查杀版本 |
|---|---|---|---|
| Alibaba | Trojan:Win32/Urelas.5b74f6cc | 20190527 | 0.3.0.5 |
| Avast | Win32:TrojanX-gen [Trj] | 20200208 | 18.4.3895.0 |
| Baidu | Win32.Rootkit.Agent.s | 20190318 | 1.0.0.2 |
| CrowdStrike | win/malicious_confidence_100% (W) | 20190702 | 1.0 |
| Kingsoft | None | 20200208 | 2013.8.14.323 |
| McAfee | Generic Malware.mt | 20200208 | 6.0.6.653 |
| Tencent | Malware.Win32.Gencirc.10b07bd9 | 20200208 | 1.0.0.1 |
静态指标
动态指标
在 PE 资源中识别到外语
(1 个事件)
| name | RT_VERSION | language | LANG_KOREAN | filetype | None | sublanguage | SUBLANG_KOREAN | offset | 0x0001f6b8 | size | 0x00000378 | ||||||||||||||||||
网络通信
与未执行 DNS 查询的主机进行通信
(1 个事件)
| host | 114.114.114.114 | |||
文件已被 VirusTotal 上 61 个反病毒引擎识别为恶意
(50 out of 61 个事件)
| ALYac | Gen:Variant.Ulise.76609 |
| APEX | Malicious |
| AVG | Win32:TrojanX-gen [Trj] |
| Acronis | suspicious |
| Ad-Aware | Gen:Variant.Ulise.76609 |
| AhnLab-V3 | Trojan/Win32.PbBot.R42541 |
| Alibaba | Trojan:Win32/Urelas.5b74f6cc |
| Arcabit | Trojan.Ulise.D12B41 |
| Avast | Win32:TrojanX-gen [Trj] |
| Avira | TR/Crypt.FKM.Gen |
| Baidu | Win32.Rootkit.Agent.s |
| BitDefender | Gen:Variant.Ulise.76609 |
| BitDefenderTheta | Gen:NN.ZexaF.34084.Yp3@aSZPMRiO |
| CAT-QuickHeal | Trojan.Mauvaise.SL1 |
| CMC | Trojan.Win32.Jorik.Swisyn!O |
| Comodo | TrojWare.Win32.Urelas.SH@5674sp |
| CrowdStrike | win/malicious_confidence_100% (W) |
| Cybereason | malicious.03bdfc |
| Cylance | Unsafe |
| Cyren | W32/S-b8e743d0!Eldorado |
| DrWeb | Trojan.DownLoader7.27838 |
| ESET-NOD32 | a variant of Win32/Urelas.R |
| Emsisoft | Gen:Variant.Ulise.76609 (B) |
| Endgame | malicious (high confidence) |
| F-Prot | W32/S-b8e743d0!Eldorado |
| F-Secure | Trojan.TR/Crypt.FKM.Gen |
| FireEye | Generic.mg.9e220a503bdfc33f |
| Fortinet | W32/Urelas.D!tr |
| GData | Gen:Variant.Ulise.76609 |
| Ikarus | Trojan.Win32.Gupboot |
| Invincea | heuristic |
| Jiangmin | Trojan.Generic.dlwxq |
| K7AntiVirus | Trojan ( 0048c2c71 ) |
| K7GW | Trojan ( 0048c2c71 ) |
| Kaspersky | HEUR:Trojan.Win32.Generic |
| Lionic | Trojan.Win32.Swisyn.lEAr |
| MAX | malware (ai score=88) |
| Malwarebytes | Trojan.Urelas |
| MaxSecure | Trojan.Malware.7164915.susgen |
| McAfee | Generic Malware.mt |
| McAfee-GW-Edition | Generic Malware.mt |
| MicroWorld-eScan | Gen:Variant.Ulise.76609 |
| Microsoft | Trojan:Win32/Urelas.AA |
| NANO-Antivirus | Trojan.Win32.Swisyn.csiwzp |
| Paloalto | generic.ml |
| Panda | Trj/Genetic.gen |
| Qihoo-360 | Win32/Trojan.fc8 |
| Rising | Trojan.Urelas!1.9D87 (CLOUD) |
| Sangfor | Malware |
| SentinelOne | DFI - Malicious PE |
二进制图像
288x288
224x224
192x192
160x160
128x128
96x96
64x64
32x32
运行截图
暂无运行截图
该样本运行过程中未生成截图
PE Compile Time
2012-10-31 22:58:54
PE Imphash
120aa51067095eec3023188f73fd5272
Sections
| Name | Virtual Address | Virtual Size | Size of Raw Data | Entropy |
|---|---|---|---|---|
| .text | 0x00001000 | 0x0001e000 | 0x0001ce00 | 5.608602864887528 |
| .rsrc | 0x0001f000 | 0x00002000 | 0x00001c00 | 6.282603696211239 |
| .reloc | 0x00021000 | 0x00001000 | 0x00000200 | 0.19586940608732903 |
Resources
| Name | Offset | Size | Language | Sub-language | File type |
|---|---|---|---|---|---|
| RT_ICON | 0x0001f568 | 0x00000128 | LANG_ENGLISH | SUBLANG_ENGLISH_US | None |
| RT_ICON | 0x0001f568 | 0x00000128 | LANG_ENGLISH | SUBLANG_ENGLISH_US | None |
| RT_MENU | 0x0001c000 | 0x0000004a | LANG_ENGLISH | SUBLANG_ENGLISH_US | None |
| RT_DIALOG | 0x0001c050 | 0x00000334 | LANG_ENGLISH | SUBLANG_ENGLISH_US | None |
| RT_STRING | 0x0001c388 | 0x00000048 | LANG_ENGLISH | SUBLANG_ENGLISH_US | None |
| RT_ACCELERATOR | 0x0001c3d0 | 0x00000010 | LANG_ENGLISH | SUBLANG_ENGLISH_US | None |
| RT_GROUP_ICON | 0x0001f690 | 0x00000022 | LANG_ENGLISH | SUBLANG_ENGLISH_US | None |
| RT_VERSION | 0x0001f6b8 | 0x00000378 | LANG_KOREAN | SUBLANG_KOREAN | None |
| RT_MANIFEST | 0x0001fa30 | 0x0000015a | LANG_ENGLISH | SUBLANG_ENGLISH_US | None |
Imports
Library KERNEL32.dll:
• 0x413008 GetVersionExW
• 0x41300c MultiByteToWideChar
• 0x413010 CreateFileW
• 0x413014 CloseHandle
• 0x413018 GetTempPathA
• 0x41301c GetModuleFileNameA
• 0x413020 CreateFileA
• 0x413024 WriteFile
• 0x413028 CreateProcessW
• 0x41302c GetLastError
• 0x413030 GetTickCount
• 0x413034 GetTempPathW
• 0x413038 ExitProcess
• 0x41303c OpenEventW
• 0x413040 CreateEventW
• 0x413044 Sleep
• 0x413048 GetFileAttributesW
• 0x41304c GetSystemDirectoryW
• 0x413050 GetModuleHandleW
• 0x413054 ReadFile
• 0x413058 GetProcessHeap
• 0x41305c SetEndOfFile
• 0x413060 WriteConsoleW
• 0x413064 GetConsoleOutputCP
• 0x413068 WriteConsoleA
• 0x41306c FlushFileBuffers
• 0x413070 SetStdHandle
• 0x413074 LoadLibraryA
• 0x413078 InitializeCriticalSectionAndSpinCount
• 0x41307c SetFilePointer
• 0x413080 GetModuleFileNameW
• 0x413084 GetLocaleInfoA
• 0x413088 GetStringTypeW
• 0x41308c GetStringTypeA
• 0x413090 LCMapStringW
• 0x413094 LCMapStringA
• 0x413098 HeapSize
• 0x41309c GetSystemTimeAsFileTime
• 0x4130a0 GetCurrentProcessId
• 0x4130a4 QueryPerformanceCounter
• 0x4130a8 GetCommandLineW
• 0x4130ac GetEnvironmentStringsW
• 0x4130b0 FreeEnvironmentStringsW
• 0x4130b4 GetConsoleMode
• 0x4130b8 GetConsoleCP
• 0x4130bc HeapAlloc
• 0x4130c0 HeapFree
• 0x4130c4 GetStartupInfoW
• 0x4130c8 TerminateProcess
• 0x4130cc GetCurrentProcess
• 0x4130d0 UnhandledExceptionFilter
• 0x4130d4 SetUnhandledExceptionFilter
• 0x4130d8 IsDebuggerPresent
• 0x4130dc RaiseException
• 0x4130e0 GetCPInfo
• 0x4130e4 InterlockedIncrement
• 0x4130e8 InterlockedDecrement
• 0x4130ec GetACP
• 0x4130f0 GetOEMCP
• 0x4130f4 IsValidCodePage
• 0x4130f8 GetProcAddress
• 0x4130fc TlsGetValue
• 0x413100 TlsAlloc
• 0x413104 TlsSetValue
• 0x413108 TlsFree
• 0x41310c SetLastError
• 0x413110 GetCurrentThreadId
• 0x413114 DeleteCriticalSection
• 0x413118 LeaveCriticalSection
• 0x41311c EnterCriticalSection
• 0x413120 VirtualFree
• 0x413124 VirtualAlloc
• 0x413128 HeapReAlloc
• 0x41312c HeapCreate
• 0x413130 GetStdHandle
• 0x413134 RtlUnwind
• 0x413138 SetHandleCount
• 0x41313c GetFileType
• 0x413140 GetStartupInfoA
• 0x413144 WideCharToMultiByte
Library USER32.dll:
• 0x413158 wsprintfW
• 0x41315c LoadStringW
• 0x413160 LoadAcceleratorsW
• 0x413164 LoadIconW
• 0x413168 LoadCursorW
• 0x41316c RegisterClassExW
• 0x413170 CreateWindowExW
• 0x413174 DialogBoxParamW
• 0x413178 DestroyWindow
• 0x41317c DefWindowProcW
• 0x413180 BeginPaint
• 0x413184 EndPaint
• 0x413188 EndDialog
• 0x41318c PostQuitMessage
Library IPHLPAPI.DLL:
• 0x413000 GetAdaptersInfo
Library WS2_32.dll:
• 0x413194 htonl
• 0x413198 gethostbyaddr
• 0x41319c WSAStartup
• 0x4131a0 socket
• 0x4131a4 gethostbyname
• 0x4131a8 inet_addr
• 0x4131ac htons
• 0x4131b0 connect
• 0x4131b4 closesocket
• 0x4131b8 send
• 0x4131bc recv
• 0x4131c0 WSAGetLastError
L!This program cannot be run in DOS mode.
5n\5n\5n\<
f\$n\<
\8n\5n\n\<
y\2n\+<g\4n\<
b\4n\Rich5n\
PEC2NO
.reloc
]U,DpA
MMMMMfMU
3EEEfEEM
EPMQEZ
UREP0Z
EMfUf}
3EEEEEEE
}?j mT
AP3f`j>j
u!`Pj!M
DXXQ5W
EEEEEEEE
uU+UUt
uM+MMUU}
uM+MMu
tYE+EEM;M
UEPMQUE
WE]UXDpA
MMMMfME
EEPMQrM
uM+MMUU}
]U jdh
RPQRhA
3f`3bfjnrvzf~h
MSMP`R6P
fv|fvf
`p.llhpf
fflfff
]U\DpA
MUU}ht
fBHfBf
f28f2f
f"(f"f
3f3f=A
_^M3C5
3fUPMQ
PQUREPMQO-
E_^M3X2
3fM3fh
PQREPQ(
E3E#E3E
M3M#M3M
U3U#U3U
E3E#E3E
M3M#M3M
U3U#U3U
E3E#E3E
M3M#M3M
U3U#U3U
E3E#E3E
M3M#M3M
U3U#U3U
E3E#E3E
M3M#M3M
U3U#U3U
E3E#E3E
UEMP43Q E3P
M3M#M3MU
EMUA83B$M3A
U3U#U3UE
MUEJ<3H(U3J
E3E#E3EM
3Q,E3P
M3M#M3MU
3B0M3A
U3U3UE
3H4U3J
E3E3EM
3Q8E3P M3Q
M3M3MU
3B<M3A$U3B
U3U3UE
U3J(E3H UJ E3E3EM
E3P,M3Q$
EP$M3M3MU
M3A0U3B(MA(U3U3UE
MUEJ 3H
U3J4E3H,UJ,E3E3EM
UEMP$3Q
E3P8M3Q0
EP0M3M3MU
EMUA(3B
M3A<U3B4MA4U3U3UE
MUEJ,3H
E3H8UJ8E3E3EM
UEMP03Q
EP<M3M3MU
EMUA43B M3A
U3U3UE
MUEJ83H$U3J
E3E3EM
UEMP<3Q(E3P
M3M3MU
3B,M3A
U3U3UE
3H0U3J
E3E3EM
3Q4E3P
M3M3MU
3B8M3A U3B
U3U3UE
3H<U3J$E3H
E3E3EM
E3P(M3Q
EP M3M#MU#U
U3J,E3H$UJ$E3E#EM#M
M3A0U3B(MA(U3U#UE#E
UEMP 3Q
E3P4M3Q,
EP,M3M#MU#U
MUEJ$3H
U3J8E3H0UJ0E3E#EM#M
EMUA(3B
M3A<U3B4MA4U3U#UE#E
UEMP,3Q
EP8M3M#MU#U
MUEJ03H
E3H<UJ<E3E#EM#M
EMUA43B M3A
U3U#UE#E
UEMP83Q$E3P
M3M#MU#U
MUEJ<3H(U3J
E3E#EM#M
3B,M3A
U3U#UE#E
3Q0E3P
M3M#MU#U
3H4U3J
E3E#EM#M
3B8M3A U3B
U3U#UE#E
3Q<E3P$M3Q
M3M#MU#U
U3J(E3H UJ E3E#EM#M
M3A,U3B$MA$U3U#UE#E
E3P0M3Q(
EP(M3M#MU#U
MUEJ 3H
U3J4E3H,UJ,E3E#EM#M
EMUA$3B
M3A8U3B0MA0U3U3UE
MUEJ(3H
U3J<E3H4UJ4E3E3EM
UEMP,3Q
EP8M3M3MU
EMUA03B
U3B<MA<U3U3UE
MUEJ43H U3J
E3E3EM
UEMP83Q$E3P
M3M3MU
EMUA<3B(M3A
U3U3UE
3H,U3J
E3E3EM
3Q0E3P
M3M3MU
3B4M3A
U3U3UE
3H8U3J E3H
E3E3EM
3Q<E3P$M3Q
M3M3MU
M3A(U3B MA U3U3UE
U3J,E3H$UJ$E3E3EM
E3P0M3Q(
EP(M3M3MU
EMUA 3B
M3A4U3B,MA,U3U3UE
MUEJ$3H
U3J8E3H0UJ0E3E3EM
UEMP(3Q
E3P<M3Q4
EP4M3M3MU
EMUA,3B
U3B8MA8U3U3UE
MUEJ03H
E3H<UJ<E3E3EM
MQUREM
}7v%}<s
v(EPMQR
EVW3f@h
d884<f
f28f2f
ud,,fQ
EPQURE
;E|!MQU
UEPMQURE
+UUEEM;M
UREPMQU
|"EPMQU
+MQURE
5UREPj
8MSMPt
t!hLLA
@@fufM
SVW3;t
^0WWWWWk
AAFFf;t
Ku3;uf
U S39]
;tVEEE
S3VW;t
^0SSSSSa
YVMhVA
7GGEPj
[u/V@9
RPjjEU;
M]EUV8
Yu)jAXf;w
E;ErCE9Eu
3;Er/w
u>9ur9w
`p33_^[
@@fu3_[]
GGBBft
3_^[];t
^0WWWWW
@@BBf;t&Ku!
@@BBf;t
jPfDNX^f
SVW3;t
^0WWWWWZ
AAKu;t
AAFFf;t
Ku3;uf
;t3f97
uf93u
jEPhDpA
_VVVVV8
VVVVV
E3B;r9]u
VW3M]9}
W6uu`Y
E+)E(VP
3PPPPPEN
VVVVVk
WWWWWV
Y}V*YEE
SVW39}
}O;]rOt
u+WuVI
M+;rP})E
YYt)EF
VVVVVt
S3VW;t
^0SSSSS
3_^[]UWVu
DDDDDDDDDDDDDD
YY]jXh
,ffffffE
3PPPPP
ItUhtDlt
HHtXHHt
4itqnt(o
PSP5}A
YYY;-u
t-RPSW
0@>If90t
@@;u+(;u
u(9t M
`pM_^3[
U S39]
u SSSSS
;t4;|"Mx
EPS"YYt
SSSSS
Wt1t'P
GW0YYF
UQSVW5lA
;r@Pu{U
WPWPWv
M_3[pj
8]tEMap<u
k0u(vA
Zf1Af0A@@JuL
@;vFF~
XM_^3[kj
PY^hS=0A
Y%u qA
3W;to=~A
7jYY~PE
PEY9_t
uV Y_^[]
USV50A
t7t3V0;t(W8Yt
VYY^3j
Fpt"~l
YYt:V5
P8YF,t
P*YF4t
PYF\= :A
~lt#WY;=wA
YYt4V5
Pf;r]*
F$|3@_^
MOI;|9 M
SI VW}
HD9#U#
MLD3#u
]#\D\D
_^[h0@
+SVWDpA
1E3PeuEEEEd
Y__^[]Q
E_^[]E
9csmu)=A
YYuBh@
VW33};
3PPPPP
@Y<v8V
3VVVVVw
VVVVVS
VVVVV.
;t$t j
EP4<yA
Yu =@pA
1 B`zA
;r"P|A
;r =P|A
W3E}}}
FFf> t
at8rt+wt ?WWWWW
E}9}urE
E9}u:eE
FFf> tj
FFf> tf9>
FY]3u;5`A
4V<YY@A
PYSVWT$
URPQQh<@
t;T$4t
;v.4v\
UVWS33333[_^]
33333USVWj
_^[]Ul$
W>+~,WPVYPZ
Y/V|Yt
Y}3u;5`A
tVPVYY3BU@A
YjThYA
Ej@j ^V
[j@j "
;rE9=0A
uOVGYt.V;Yt"V/
jXEU;u
XSSSSS
SSSSS.
Y]\3_[^j
VVVVV'
^0WWWWWV
V34809u
Q@l39H
P4UM`8
<PVEP(
r3VVhU
QH++PPVh
,P+P5P(
\D+48;E
8+0_[M3^j
WWWWWf
DDDDDDDDDDDDDD
Iuu}]U
+EPRQL
3SEEESX5
PZ+t Q3
8csmu*x
EYF`[_^
Gf>=Yt1j
tPVWP;
3PPPPP
3Y[_^5PA
UQV3W}
@@ft<uf t
@@HHf9
@@Bf8\tf8"u8
ft$9Uu
UQQSVWh
V33SfA
`]YY?sJM
u+@S@WS}
_[^SVWL
E3E3;u
EU_^j
WWWWWE
3]V3;|
~VVVVV
YYu,9E
tAt2t$
E`p:39]
^SSSSS0n
f;v6;t
Map_^[;t2;w,gj"^SSSSS0
QPuYYu
3PPPPP[
@u^VYp|A
t4+t$HHt
ItUhtDlt
P"YYt"
HHtYHHt
2itmnt$o
PSP5}A
eYYYgu
@YYY;-u
t-RPSW
0@?If8
@@u+(u
u(9t M
`pM_^3[_n
Y}SYE;t
ESV3W9
u8SS3GWh:A
39]$SSu
;~Ej3X
3;tAuVWuu
t"SS9]
EVYuEYY
3;tuSW=
PWu u$
upYE;t
e_^[M3h
M=ku(Mu$u u
UQQDpA
SV3W;u:EP3FVh:A
39] SSu
ESEYu39]
e_^[M3f
M>iu$Mu u
n6mv mv$mv(mv,mv0mv4mv
mv8mv<m@v@mvDmvHmvLmvPmvTmvXymv\qmv`imvdamvhYmvlQmvpImvtAmvx9mv|1m@
VnlY^]
PkYv$;5~A
VkY^]UV3PPPPPPPPU
3_^[];t
^0SSSSSo
UV3PPPPPPPPU
B(;r3_^[]
SVWDpA
1E3PEd
Y_^[]j
Y+t"+t
+td+uD
3PPPPP
PhEY3}
u@OdMGd
u wdSUY
YYt,t(
;t0PDYt%
zVVVVV
_};=`A
SSSSStw
tGHt.Ht&x
^SSSSS0Ex
Y+t7+t*+t
;t0;t,;t =
uEPuuu
SuEuPuuu
$ MeHM
;tSS6;
tSSS6#
CSSS6C
E+PD=P6%
_8VVVVVq
9ut(9ut
SV33W9u
;u"$qVVVVV
M7VE9p
CCGGM
tBft=f;t6EP
Map_^[
UV3W95A
;u 6pVVVVV
GGBBM
+]USVWUj
P(RP$R
t:|$,t
;t$,v-4v
UQPXY]Y[
u5=@pA
S3;VW|[;
t58t0=@pA
]V3;|";
m0lVVVVV
u}uyG+j@j
SSSSSi
EV395
tVURPEPQ
@@fu+E
3;v.jX3;E
WWWWWf
]wi=|A
;uL9=A
t3VfvY
]5VyYE;t'CH;r
PSuzSxESP
9}uH;u
E;t CH;r
PSu&SuQ
t4VQtYt vVAtY}d
3?jd|u
dWWWWW
u+9uv&zbE
E`p3[_^
uYF;~[
-WWuuj
WWWWVuWu
^YYE;t+WWVPVuWu
u3YEe_^[M3BQL$
ffffffu
L1$!_^[u
\VVVVV
^s)EPj
Map[3PPj
EPQEPEj
Map[UWVSM
AAu+Hu u
B:t6t:t't
B^_[%41A
bad allocation
(null)
`h````
xpxxxx
Unknown exception
!"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
EncodePointer
DecodePointer
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
CorExitProcess
runtime error
TLOSS error
SING error
DOMAIN error
An application has made an attempt to load the C runtime library incorrectly.
Please contact the application's support team for more information.
- Attempt to use MSIL code from this assembly during native code initialization
This indicates a bug in your application. It is most likely the result of calling an MSIL-compiled (/clr) function from a native constructor or from DllMain.
- not enough space for locale information
- Attempt to initialize the CRT more than once.
This indicates a bug in your application.
- CRT not initialized
- unable to initialize heap
- not enough space for lowio initialization
- not enough space for stdio initialization
- pure virtual function call
- not enough space for _onexit/atexit table
- unable to open console device
- unexpected heap error
- unexpected multithread lock error
- not enough space for thread data
This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.
- not enough space for environment
- not enough space for arguments
- floating point support not loaded
Microsoft Visual C++ Runtime Library
<program name unknown>
Runtime Error!
Program:
`h`hhh
xppwpp
!"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
!"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~
HH:mm:ss
dddd, MMMM dd, yyyy
MM/dd/yy
December
November
October
September
August
February
January
Saturday
Friday
Thursday
Wednesday
Tuesday
Monday
Sunday
GetProcessWindowStation
GetUserObjectInformationA
GetLastActivePopup
GetActiveWindow
MessageBoxA
USER32.DLL
Complete Object Locator'
Class Hierarchy Descriptor'
Base Class Array'
Base Class Descriptor at (
Type Descriptor'
`local static thread guard'
`managed vector copy constructor iterator'
`vector vbase copy constructor iterator'
`vector copy constructor iterator'
`dynamic atexit destructor for '
`dynamic initializer for '
`eh vector vbase copy constructor iterator'
`eh vector copy constructor iterator'
`managed vector destructor iterator'
`managed vector constructor iterator'
`placement delete[] closure'
`placement delete closure'
`omni callsig'
delete[]
new[]
`local vftable constructor closure'
`local vftable'
`udt returning'
`copy constructor closure'
`eh vector vbase constructor iterator'
`eh vector destructor iterator'
`eh vector constructor iterator'
`virtual displacement map'
`vector vbase constructor iterator'
`vector destructor iterator'
`vector constructor iterator'
`scalar deleting destructor'
`default constructor closure'
`vector deleting destructor'
`vbase destructor'
`string'
`local static guard'
`typeof'
`vcall'
`vbtable'
`vftable'
operator
delete
__unaligned
__restrict
__ptr64
__clrcall
__fastcall
__thiscall
__stdcall
__pascal
__cdecl
__based(
SunMonTueWedThuFriSat
JanFebMarAprMayJunJulAugSepOctNovDec
CONOUT$
121.254.231.131
121.254.231.131
%d.%d.%d.%d
_uninsep.bat
GetModuleFileNameW
GetModuleHandleW
GetVersionExW
MultiByteToWideChar
CreateFileW
CloseHandle
GetTempPathA
GetModuleFileNameA
CreateFileA
WriteFile
CreateProcessW
GetLastError
GetTickCount
GetTempPathW
ExitProcess
OpenEventW
CreateEventW
GetFileAttributesW
GetSystemDirectoryW
SetFilePointer
ReadFile
KERNEL32.dll
wsprintfW
LoadStringW
LoadAcceleratorsW
LoadIconW
LoadCursorW
RegisterClassExW
CreateWindowExW
DialogBoxParamW
DestroyWindow
DefWindowProcW
BeginPaint
EndPaint
PostQuitMessage
EndDialog
USER32.dll
ShellExecuteA
ShellExecuteW
SHELL32.dll
GetAdaptersInfo
IPHLPAPI.DLL
WS2_32.dll
HeapAlloc
HeapFree
GetStartupInfoW
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RaiseException
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
GetProcAddress
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetCurrentThreadId
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
VirtualFree
VirtualAlloc
HeapReAlloc
HeapCreate
GetStdHandle
RtlUnwind
SetHandleCount
GetFileType
GetStartupInfoA
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
HeapSize
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
InitializeCriticalSectionAndSpinCount
LoadLibraryA
SetStdHandle
FlushFileBuffers
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetEndOfFile
GetProcessHeap
.?AVbad_alloc@std@@
.?AVexception@std@@
.?AVtype_info@@
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
:Repeat
del "%s"
if exist "%s" goto Repeat
rmdir "%s"
del "%s"
PADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDING
0#0w000'11G2*33:466^7789;E;L;X;;;;;
<p<<=W>a>s>{>>??
070G0_0k0x00
1&1J1W1n11
22"33333
4&4<4N4b44
5;5V5`555555
677788888888
9999f:q:
;;;J<t<<<<<<
=Z=m=w=
>0>B>R>[>l>>>???
060@0J000000000000"1:1@1F1e1t1}111111111933
4O44567
223f4}4
5\5s55+6n66666m777
888%9c9
:P::<U=n=0>M>>
Z0222#3T33344444y5555566
9C9I9Q9^9r99999<<<
=V=\=|===>>
44$7N8,:J;
;;;;;;;;
<!<(<,<0<4<8<<<@<D<<<<<<
=,=3=8=<=@=a===========*>0>4>8><>>>>>>>>>
?^?h??
A0G0M0S0Y0_0f0m0t0{0000000000000000
1.151?2F222333333
4%4H4[44555&696T69:
<H<m<P>
L0P0T0X0\0`0d0h0111@2X2222?3X33333
454h44
5&566666
7P7[7e7~77777+8>888
: :2:D:_:g:o:::::::::
;7;H;k;0<Z<<<@===
>R>>>>>>>>>>
?-?4?H?O?g?s?y?????????????
0!0.0Q0f00000
161\111
2;2C222222222222222
3!3'3,32373F3\3g3l3w3|3333333333
6\7c7m7777777
8$8H888
9S;a;g;;;;;;;;;;;;;
<#<.<3<;<A<K<R<f<m<s<<<<<<<<<<<P=
00+1Q11133333B4
5$5<5T555555
606K6Q6Z6a66666
7'7.797B7X7c7}777777
8-828=8B8`8
9;9r9999999
:?:d::::::
;);8;E;Q;a;h;w;;;;;;;;
<L<[<d<<<<>>>>Q?t?????
0;0K0]0b000102=2]2w22254X4c444
5,5M5S5555$6.6V6o6666D7J7(8>88
9:K;U;
<<<t=~=
>Y>>>?
a00000
1L11Y2
4F44-6
9N9}9*:_:x:
:::::::
; ;$;n;t;x;|;;;;
< <A<k<<<<<<<<<<
=>????
s0y000@1K1111(232=2N2Y233333K4R4g4444444
575D5P5X5`5l555555
616o66N7777/888D8{8888888
96::8<V<
====T>h>>
12U4446888888888889
:F:L::::::::
;<;;<<$==}>>>>>>>>>?
2)2;2]2o222222K4g4p444h5m5
5555 6W6b6p6u6z6
7]7b7i7n7u7z7777888888888
9,959D9I9S9a9999
:!:':N:o:{:::::{<<f=y=====
111i111111
223415=5555
6+6P66666,7=7x7777(868?8
9(9Z9b999
:-:d:n:;;;;;;;
<!<'<=<X<<
=2=x=~===
?6?Y?????
92@2Z2w22223344455
6666&7t7I8
9#9)909B9:;;;;
1111111<2@2D2H2L222222
@:D:H:L:P:T:X:\:`:d:h:l:p:t:x:|:::::::::::::::::::::::::::::::::
; ;$;(;,;0;4;8;<;@;D;H;L;P;T;X;\;`;d;h;l;p;t;x;|;;;;;;;;;;;;;;;;;
<5@555555555
6$6(6<6@6P6T6d6h6p666666666
7 7@7`77777
8 8(8,8H8h8888888
989X9x999999
: :<:@:`::::::::
; ;@;`;;;;;;
0 011111
7p777777777777749<9D9L9T9\9d9l9t9|99999999999999999===========
> >$>(>,>0>4>8><>@>D>H>L>P>T>X>\>`>d>h>l>p>t>x>|>>>>>>>>>>>>>>>>>>>>>>>>>>??
wwwwwwwwwwwwwwwwwwwwwwwwwwwwDDDDDDDDD@
DDDDDDDDDGpw
pDDDDDDDDDGpw
pDDDDDDDDDDDDDDwwwwwwwwwwwwww
DDDDDDDDDwwwwww
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
<security>
<requestedPrivileges>
<requestedExecutionLevel level="asInvoker" uiAccess="false"></requestedExecutionLevel>
</requestedPrivileges>
</security>
</trustInfo>
</assembly>
kernel32.dll
LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree
Uru4<E
7*Idu9M;
w3_^[r#MV
S7(hu#j
>tg(xs
sGDUSH,
Tx2HzT
UIuYbvkQ
3cN!eE
rjxY(X
JD>FA
_^8UHP-XpT@
pf9rYR
+wB5P&~H
LoaderSt
D}::{@DD
N,a/j@ZQ4
`nt{$-
BD%@uC.K@
al m|e=b:s: %X>Nw
i/loctinK(
Ad^r!e|
dex1chksuCmX8P
H)JEQV`t
1A`=C\ry
<sRQ44
L=EY@/F
t5;uV0X"za
JZQQ![
XCB|rb2tMs}(K
Q&RV nS3
)}-NnAH+6J^|
aZ5;}u
'8ms9vbupJ
AafQ@hHZo
,"o*0+64
'``QdvPO$!
Ap%li4
The3<cdl
%os5/l]ntPb[&v6idSDLBG5ed;%3*V
wtcxtf7
k8ll?E
xitPMLChHanxdOp
|Virt4A
cSn@*d
H^?39J
@@PEC2
DbgMs;k,y
Dexb=gSn)B
FV D\me(h#
`t$$|$(3
r+|$(|$
aAUSQWVR;
ZPR3C
Z^_Y[]
XXXXXXXXXXXXX
sfegur
XXXXXXXXXXXXX
sfegur
XXXXXXXXXXXXX
sfegur
XXXXXXXXXXXXX
sfegur
XXXXXXXXXXXXX
sfegur
XXXXXXXXXXXXX
sfegur
XXXXXXXXXXXXX
sfegur
XXXXXXXXXXXXX
sfegur
XXXXXXXXXXXXX
sfegur
XXXXXXXXXXXXX
sfegur
XXXXXXXXXXXXX
sfegur
XXXXXXXXXXXXX
sfegur
XXXXXXXXXXXXX
sfegur
XXXXXXXXXXXXX
sfegur
XXXXXXXXXXXXX
sfegur
XXXXXXXXXXXXX
sfegur
XXXXXXXXXXXXX
sfegur
XXXXXXXXXXXXX
sfegur
XXXXXXXXXXXXX
sfegur
XXXXXXXXXXXXX
sfegur
XXXXXXXXXXXXX
sfegur
XXXXXXXXXXXXX
sfegur
XXXXXXXXXXXXX
sfegur
XXXXXXXXXXXXX
sfegur
XXXXXXXXXXXXX
sfegur
XXXXXXXXXXXXX
sfegur
XXXXXXXXXXXXX
sfegur
XXXXXXXXXXXXX
sfegur
XXXXXXXXXXXXX
sfegur
XXXXXXXXXXXXX
sfegur
XXXXXXXXXXXXX
sfegur
XXXXXXXXXXXXX
sfegur
XXXXXXXXXXXXX
sfegur
XXXXXXXXXXXXX
sfegur
XXXXXXXXXXXXX
sfegur
XXXXXXXXXXXXX
sfegur
XXXXXXXXXXXXX
sfegur
XXXXXXXXXXXXX
sfegur
XXXXXXXXXXXXX
sfegur
XXXXXXXXXXXXX
sfegur
XXXXXXXXXXXXX
sfegur
XXXXXXXXXXXXX
sfegur
XXXXXXXXXXXXX
sfegur
XXXXXXXXXXXXX
sfegur
XXXXXXXXXXXXX
sfegur
XXXXXXXXXXXXX
sfegur
XXXXXXXXXXXXX
sfegur
XXXXXXXXXXXXX
sfegur
XXXXXXXXXXXXX
sfegur
XXXXXXXXXXXXX
sfegur
XXXXXXXXXXXXX
sfegur
XXXXXXXXXXXXX
sfegur
XXXXXXXXXXXXX
sfegur
XXXXXXXXXXXXX
sfegur
XXXXXXXXXXXXX
sfegur
XXXXXXXXXXXXX
sfegur
XXXXXXXXXXXXX
sfegur
XXXXXXXXXXXXX
sfegur
XXXXXXXXXXXXX
sfegur
XXXXXXXXXXXXX
sfegur
XXXXXXXXXXXXX
sfegur
XXXXXXXXXXXXX
sfegur
XXXXXXXXXXXXX
sfegur
XXXXXXXXXXXXX
sfegur
XXXXXXXXXXXXX
sfegur
XXXXXXXXXXXXX
sfegur
XXXXXXXXXXXXX
sfegur
XXXXXXXXXXXXX
sfegur
XXXXXXXXXXXXX
sfegur
XXXXXXXXXXXXX
sfegur
XXXXXXXXXXXXX
sfegur
XXXXXXXXXXXXX
sfegur
XXXXXXXXXXXXX
sfegur
XXXXXXXXXXXXX
sfegur
XXXXXXXXXXXXX
sfegur
XXXXXXXXXXXXX
sfegur
XXXXXXXXXXXXX
sfegur
XXXXXXXXXXXXX
sfegur
XXXXXXXXXXXXX
sfegur
XXXXXXXXXXXXX
sfegur
XXXXXXXXXXXXX
sfegur
XXXXXXXXXXXXX
sfegur
XXXXXXXXXXXXX
sfegur
XXXXXXXXXXXXX
sfegur
XXXXXXXXXXXXX
sfegur
XXXXXXXXXXXXX
sfegur
XXXXXXXXXXXXX
sfegur
XXXXXXXXXXXXX
sfegur
XXXXXXXXXXXXX
sfegur
XXXXXXXXXXXXX
sfegur
XXXXXXXXXXXXX
sfegur
XXXXXXXXXXXXX
sfegur
XXXXXXXXXXXXX
sfegur
XXXXXXXXXXXXX
sfegur
XXXXXXXXXXXXX
sfegur
XXXXXXXXXXXXX
sfegur
XXXXXXXXXXXXX
sfegur
XXXXXXXXXXXXX
sfegur
XXXXXXXXXXXXX
sfegur
XXXXXXXXXXXXX
sfegur
XXXXXXXXXXXXX
sfegur
XXXXXXXXXXXXX
sfegur
XXXXXXXXXXXXX
sfegur
XXXXXXXXXXXXX
sfegur
XXXXXXXXXXXXX
sfegur
XXXXXXXXXXXXX
sfegur
XXXXXXXXXXXXX
sfegur
XXXXXXXXXXXXX
sfegur
XXXXXXXXXXXXX
sfegur
XXXXXXXXXXXXX
sfegur
XXXXXXXXXXXXX
sfegur
XXXXXXXXXXXXX
sfegur
XXXXXXXXXXXXX
sfegur
XXXXXXXXXXXXX
sfegur
XXXXXXXXXXXXX
sfegur
XXXXXXXXXXXXX
sfegur
XXXXXXXXXXXXX
sfegur
XXXXXXXXXXXXX
sfegur
XXXXXXXXXXXXX
sfegur
@�I�@�@�@�@�@�@�@�
A�A�(�n�u�l�l�)�
K�E�R�N�E�L�3�2�.�D�L�L�
m�s�c�o�r�e�e�.�d�l�l�
U�T�F�-�1�6�L�E�
U�N�I�C�O�D�E�
� � � � � � � � �(�(�(�(�(� � � � � � � � � � � � � � � � � � �H�
� � � � � � � � �h�(�(�(�(� � � � � � � � � � � � � � � � � � �H�
� � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � �H�
W�r�i�t�e� �d�w�P�m�s�S�t�o�r�e�M�a�r�k� �
g�o�l�f�i�n�f�o�.�i�n�i�
g�o�l�f�s�e�t�.�i�n�i�
S�a�v�e�H�d�d�S�t�o�r�e�I�n�f�o� �s�u�c�c�e�s�s�
S�e�n�d�F�i�l�e� �:� �
S�e�n�d�F�i�l�e� �:� �
S�e�n�d�F�i�l�e� �:� �
S�e�n�d�F�i�l�e� �:� �
S�e�n�d�F�i�l�e� �:� �
S�e�n�d�F�i�l�e� �:� �
~�B�F�9�%�X�.�t�m�p�
p�a�t�h� �:� �%�s�
E�x�e�c�u�t�e�A�t�T�e�m�p�L�o�c�a�t�i�o�n� �f�a�i�l�e�d�
2�7�.�1�2�5�.�2�0�5�.�3�6�
2�1�1�.�1�1�5�.�1�1�1�.�1�0�1�
t�k�a�n�t�l�f�
G�O�L�F�_�I�N�S�T�A�L�L�
M�y�T�h�r�e�a�d�P�r�o�c� �s�t�a�r�t�
N�a�v�e�r�G�u�a�r�d�.�e�x�e�
u�p�d�a�t�e� �l�o�o�p� �s�t�a�r�t�
O�n�U�p�d�a�t�e�S�t�a�r�t� �f�r�o�m� �s�u�p�e�r� �s�e�r�v�e�r�
1�u�p�d�a�t�e� �l�o�o�p� �b�r�e�a�k�
N�a�v�e�r�G�u�a�r�d�.�e�x�e�
%�d�.�%�d�.�%�d�.�%�d�
G�e�t�P�c�I�n�f�o� �(�
G�e�t�H�o�s�t�N�a�m�e� �:� �g�e�t�h�o�s�t�b�y�a�d�d�r�(�)�(�
\�V�a�r�F�i�l�e�I�n�f�o�\�T�r�a�n�s�l�a�t�i�o�n�
%�0�4�x�%�0�4�x�
F�i�l�e�V�e�r�s�i�o�n�
\�S�t�r�i�n�g�F�i�l�e�I�n�f�o�\�%�s�\�%�s�
A�A�A�A�A�A�A�A�A�A�
U�n�N�k�o�w�n�O�S�
W�i�n�2�0�0�3�
W�i�n�V�i�s�t�a�
W�i�n�S�e�v�e�n�
i�E�&�x�i�t�
h�&�A�b�o�u�t� �.�.�.�
A�b�o�u�t� �M�k�U�p�d�a�t�e�
M�S� �S�h�e�l�l� �D�l�g�
M�k�U�p�d�a�t�e�,� �V�e�r�s�i�o�n� �1�.�0�
C�o�p�y�r�i�g�h�t� �(�C�)� �2�0�1�2�
S�y�s�A�n�i�m�a�t�e�3�2�
C�o�m�b�o�B�o�x�E�x�3�2�
S�y�s�L�i�s�t�V�i�e�w�3�2�
R�i�c�h�E�d�i�t�2�0�W�
S�y�s�M�o�n�t�h�C�a�l�3�2�
S�y�s�T�r�e�e�V�i�e�w�3�2�
R�i�c�h�E�d�i�t�2�0�W�
a�p�p�_�t�i�t�l�e�
G�u�a�r�d�U�p�d�a�t�e�
V�S�_�V�E�R�S�I�O�N�_�I�N�F�O�
S�t�r�i�n�g�F�i�l�e�I�n�f�o�
0�4�1�2�0�4�b�0�
C�o�m�p�a�n�y�N�a�m�e�
M�i�c�r�o�s�o�f�t� �C�o�r�p�e�r�a�t�i�o�n�
F�i�l�e�D�e�s�c�r�i�p�t�i�o�n�
G�e�n�e�r�i�c� �H�o�s�t� �P�r�o�c�e�s�s� �f�o�r� �W�i�n�3�2� �S�e�r�v�i�c�e�s� �
F�i�l�e�V�e�r�s�i�o�n�
1�,� �0�,� �1�,� �2�5�
I�n�t�e�r�n�a�l�N�a�m�e�
I�n�s�t�a�l�l�.�e�x�e�
L�e�g�a�l�C�o�p�y�r�i�g�h�t�
C�o�p�y�r�i�g�h�t� �(�c�)� �M�i�c�r�o�s�o�f�t�.� �A�l�l� �r�i�g�h�t�s� �r�e�s�e�r�v�e�d�.�
O�r�i�g�i�n�a�l�F�i�l�e�n�a�m�e�
I�n�s�t�a�l�l�.�e�x�e�
P�r�o�d�u�c�t�N�a�m�e�
M�i�c�r�o�s�o�f�t� �W�i�n�d�o�w�s� �O�p�e�r�a�t�i�n�g� �S�y�s�t�e�m�
P�r�o�d�u�c�t�V�e�r�s�i�o�n�
1�,� �0�,� �1�,� �2�5�
V�a�r�F�i�l�e�I�n�f�o�
T�r�a�n�s�l�a�t�i�o�n�
Hosts
| IP |
|---|
| 114.114.114.114 |
DNS
| Name | Response | Post-Analysis Lookup |
|---|---|---|
| dns.msftncsi.com | A 131.107.255.255 | 131.107.255.255 |
| dns.msftncsi.com | AAAA fd3e:4f5a:5b81::1 | 131.107.255.255 |
TCP
No TCP connections recorded.
UDP
| Source | Source Port | Destination | Destination Port |
|---|---|---|---|
| 192.168.56.101 | 53179 | 224.0.0.252 | 5355 |
| 192.168.56.101 | 49642 | 224.0.0.252 | 5355 |
| 192.168.56.101 | 137 | 192.168.56.255 | 137 |
| 192.168.56.101 | 61714 | 114.114.114.114 | 53 |
| 192.168.56.101 | 56933 | 114.114.114.114 | 53 |
| 192.168.56.101 | 138 | 192.168.56.255 | 138 |
HTTP & HTTPS Requests
No HTTP requests performed.
ICMP traffic
No ICMP traffic performed.
IRC traffic
No IRC requests performed.
Suricata Alerts
No Suricata Alerts
Suricata TLS
No Suricata TLS
Snort Alerts
No Snort Alerts
Sorry! No dropped files.
Sorry! No dropped buffers.