0.9
低危
DACN
0.12
FACILE
1.00
IMCLNet
0.78
MFGraph
0.00
反病毒引擎
| 查杀引擎 | 查杀结果 | 查杀时间 | 查杀版本 |
|---|---|---|---|
| Alibaba | None | 20190527 | 0.3.0.5 |
| Avast | Win32:Kryptik-LSO [Trj] | 20200418 | 18.4.3895.0 |
| Baidu | None | 20190318 | 1.0.0.2 |
| CrowdStrike | win/malicious_confidence_100% (D) | 20190702 | 1.0 |
| Kingsoft | None | 20200418 | 2013.8.14.323 |
| McAfee | Trojan-FCIK!A580178616A3 | 20200417 | 6.0.6.653 |
| Tencent | Malware.Win32.Gencirc.10b628f2 | 20200418 | 1.0.0.1 |
静态指标
动态指标
网络通信
与未执行 DNS 查询的主机进行通信
(1 个事件)
| host | 114.114.114.114 | |||
文件已被 VirusTotal 上 53 个反病毒引擎识别为恶意
(50 out of 53 个事件)
| ALYac | Gen:Heur.FKP.17 |
| APEX | Malicious |
| AVG | Win32:Kryptik-LSO [Trj] |
| Acronis | suspicious |
| Ad-Aware | Gen:Heur.FKP.17 |
| AhnLab-V3 | Trojan/Win32.Tepfer.R67342 |
| Antiy-AVL | Trojan/Win32.ShipUp |
| Arcabit | Trojan.FKP.17 |
| Avast | Win32:Kryptik-LSO [Trj] |
| Avira | TR/Dropper.Gen6 |
| BitDefender | Gen:Heur.FKP.17 |
| BitDefenderTheta | Gen:NN.ZexaF.34106.iuX@ayPQYei |
| Bkav | HW32.Packed. |
| CAT-QuickHeal | TrojanDropper.Gepys.A |
| ClamAV | Win.Trojan.Agent-1244991 |
| Comodo | TrojWare.Win32.Kryptik.BBFF@4yf9ml |
| CrowdStrike | win/malicious_confidence_100% (D) |
| Cybereason | malicious.616a3b |
| Cyren | W32/Gepys.I.gen!Eldorado |
| DrWeb | Trojan.PackedENT.24720 |
| ESET-NOD32 | Win32/TrojanDropper.Gepys.AA |
| Emsisoft | Gen:Heur.FKP.17 (B) |
| Endgame | malicious (high confidence) |
| F-Prot | W32/Gepys.I.gen!Eldorado |
| F-Secure | Trojan.TR/Dropper.Gen6 |
| FireEye | Generic.mg.a580178616a3b2ea |
| Fortinet | W32/Gepys.AA!tr |
| GData | Gen:Heur.FKP.17 |
| Ikarus | Trojan-PWS.Win32.Tepfer |
| Invincea | heuristic |
| Jiangmin | Trojan/Generic.awqae |
| K7AntiVirus | Trojan ( 005035811 ) |
| K7GW | Trojan ( 005035811 ) |
| Kaspersky | HEUR:Trojan.Win32.Generic |
| MAX | malware (ai score=85) |
| MaxSecure | Trojan.Malware.300983.susgen |
| McAfee | Trojan-FCIK!A580178616A3 |
| McAfee-GW-Edition | BehavesLike.Win32.TrojanShifu.ch |
| MicroWorld-eScan | Gen:Heur.FKP.17 |
| Microsoft | Trojan:Win32/Ashify.J!rfn |
| NANO-Antivirus | Trojan.Win32.PackedENT.cqmawo |
| Panda | Trj/Dtcontx.E |
| Qihoo-360 | HEUR/QVM20.1.A467.Malware.Gen |
| Rising | Dropper.Gepys!8.15D (RDMK:cmRtazpkQzIFgAkNEouSr4ilUOgS) |
| SentinelOne | DFI - Malicious PE |
| Sophos | Troj/Agent-BDRC |
| Symantec | ML.Attribute.HighConfidence |
| Tencent | Malware.Win32.Gencirc.10b628f2 |
| VBA32 | Trojan.AET.24507 |
| VIPRE | Trojan-Dropper.Win32.Gepys.ae (v) |
二进制图像
288x288
224x224
192x192
160x160
128x128
96x96
64x64
32x32
运行截图
暂无运行截图
该样本运行过程中未生成截图
PE Compile Time
2013-05-19 22:09:23
PE Imphash
841a9acd56878a644cf6a5c83bff95b2
Sections
| Name | Virtual Address | Virtual Size | Size of Raw Data | Entropy |
|---|---|---|---|---|
| .text | 0x00001000 | 0x00001044 | 0x00001200 | 5.929773487380967 |
| .data | 0x00003000 | 0x0001d959 | 0x0001dc00 | 6.528993884172307 |
| .bss | 0x00021000 | 0x0000000c | 0x00000000 | 0.0 |
| .edata | 0x00022000 | 0x00000036 | 0x00000200 | 0.5468502733147627 |
| .idata | 0x00023000 | 0x000004a4 | 0x00000600 | 3.9209390743824932 |
Imports
Library KERNEL32.dll:
• 0x423104 CreateFileA
• 0x423108 GetLastError
• 0x42310c GetProcAddress
• 0x423110 GetTempPathA
• 0x423114 LoadLibraryA
• 0x423118 VirtualProtect
• 0x42311c SetLastError
• 0x423120 GetModuleHandleA
• 0x423124 lstrcpyA
• 0x423128 CloseHandle
• 0x42312c lstrcmpiA
• 0x423130 GetCurrentThreadId
• 0x423134 TerminateProcess
• 0x423138 GetCurrentProcess
• 0x42313c UnhandledExceptionFilter
• 0x423140 SetUnhandledExceptionFilter
• 0x423144 GetStartupInfoA
• 0x423148 GetCommandLineA
Library ntdll.dll:
• 0x42315c RtlCreateSecurityDescriptor
• 0x423160 RtlFreeHeap
• 0x423164 RtlAllocateHeap
• 0x423168 NtOpenKey
• 0x42316c RtlDosPathNameToNtPathName_U
• 0x423170 RtlFreeUnicodeString
• 0x423174 RtlInitUnicodeString
• 0x423178 NtClose
• 0x42317c RtlLengthSid
• 0x423180 RtlCreateAcl
• 0x423184 RtlSetDaclSecurityDescriptor
Library ADVAPI32.dll:
• 0x42318c RegOpenKeyExA
• 0x423190 RegSetValueExA
• 0x423194 RegCreateKeyExA
• 0x423198 RegQueryValueExA
• 0x42319c RegCloseKey
L!This program cannot be run in DOS mode.
0`.data
0.edata
0@.idata
_]UWVS,]
t,[^_]USU
[]UVSP]
Z[^]UWVS$u
Eu1r1E
uF;u~$[^_]US
;U|Y[[^_]US4
e1[^]U
1uxMM8]
}1tuUS
UGDM(K_
FVWW$F
VUu_fP
uSB^u^
CUU%$JUR
P]G$4$
FD$04t$
UpXD4$Uk
$z$(t|
$$Wzk$
^e_z`S
spIdr\
dPuhQl
GRRlLRb
arldyQG
tp4tlr$o
dah$reGldA\
aiLs$h
$tdQAQto
W\4hWGll
RatpftddWtpw$
r$Qerldd
i$e$rpm
lWhlpn$GW
URQlW\VuiVitFe\RtFae$ucap4
lG\reoSQX$Q\
e$ooD|
ee$RxsWG
dhxtWPS
d4aU\0+
p?rRGH
Wl$AutD4p
e$r\sA
T$G$]G$
daaeat
f "a c
!@ /M
E@EU0V@
84U@=_
t]DDSj8P^8EUq
0&8EP5
PEjV@E8
@Mjutj8
}I4 a3E
U+]M33
E8ukqU3
aO+@UfN
k+@aE3M
qPBMaPa,_3
akf@fXOaa@
VMk+E@
@8u0@p(h8
@@UUP,E8
8`Spjp
phjjP@
VE3dEt@G
``~+@+
``d++`W
W+,W`+`
hQlUhA
tR|ltAPASjR@0
SQ0phQV3l3Ph
SSSttP[Ej
@jVjlxW
PP}PA(
+PQFA!V
UP +P+
QQ|jA0<
hhm1qq
HPpQfpDP
QJE@Mu
WpjWtW
W@WW33
2f0f5R
j j@fp=ff
pjRpQ@
D@f@@P
:\@D3@[D$^pp
0DDjpP
xD`p0\
fEH1h`@@
HCT@FuM
Eut033u
f+EED+
DdfEEE
uM_]]D-
]3It@p^
uz3D%$]fM
]]pq[q@H
"^D]$VV
@ED@'j
;MMVDf
pffVu@
tfPj5_6
jY|S@Y
<DpDDDEf
D@DDuDffD
D@@L=p
@umYh!
@t1Uqt3
EEqDE)@9
EqE}E]
E3jE23uEU
@V]{pu3
4PDfO>U
Bt9ftu
8ttfuf
tftfuE
x33[_5
S9@3VuVs9??
MDp[|P4X
utp_SE
jDjs|
!F\q@@
YMQ@rEr
u@W =t
HEDf@`~3
;|4@@tt
@ttt5CF
GqCjtt@
CNt>tCt
V@@W@@@q
3@@@s@
^P@@_@
E(@Tpp
lpT@hj
YGWuY@V5D
5pj:hY@
p@^tuP
Yt'F$t
FPuWWuuW
hh4Y@=
=tt@5D5@
Y95jhp
@hD3@<j
tp3D@p@v
Pe5;e@
WqdDju
@D3_U@
@@G&p]`_
3`WW@t
uY5Yj@_t
,(]Sud
t|M|}d
<fSEDD
]3P]up
@3E5U;
]w^D]Ppt
UH@HtY
]3DuD@
r5]PYuq
Pu@sDHu
EE( @r]
Yq3jYDrE
98j<uhZP3ft
_rB33@V
t_WEPt
LUh2N$AA
"+EW$A
S|pP|@Pt||,}|
QDP(hDP;t,
|,DPhj}T@
9GhXD,,q,,D
;M3jtfPPEQ"D3
uMftTut
'YOuuu3tuM]ufOtUf]
3tffUt
ffuOftEWj
MDt"]t0
tfuuKDv
YVK]-D
p9 ;uuj
WvuEM;`
uu'u9v
]V^vW3`
@NN@rN
DNNDNN@
Fr@^^E
PD@DFO@O
EP5P^EU@
FPGP^SPWtW
,D@@EIE
PPP_t^
YMuZY@
Y;;P99
Uu_Yt;
Y9VYu'
p;WW0tYe3
sV3>J@j
t@j4YV]
tFYht_Y@~
u0;nPWS
vPWjvvvR
t@up5h
pF@@t@
@@@]H<
{TdP{C
9^0CCC
@3E@$Y3
qj^3jA
p33[33
W3$3$[
hT_P8]tU
Y[tRtt
jFU323
^_0V095
Ms^3t;D
V=Dupj3p
V]t@]Uj
3aqDut$
UIvttV@
6_vF vuR
I*4dv8:XBv@vv
<"vv@$hvvL2\vvvvPvvpTlvxvvvtHvvv
D(0v`,vJ
DttV]
;t^@4X
P@]@vUYF@
YP@YP@
tPFtYtF
;Ft@]33
UtHP+V$;
3@@(F3
}YS]} ;EHRITY335
7uXuuS
P;3Su9u;u~
juuuw^?
3_[S;uthuu
6ut}WM~YU
P=;tE upu
3u@ES~
u]PuV@EP@P
uSuSU$@tYu
@tu@e?
p]L$DU5HD3
pAuHU0f
rce Cr
3ida
biiay Ru r
nnukdyilm
I IlI.
snonhuo
crfl.m
s dtotp
3nt elo
3 elns
n6yRRn
iinuo6
gan 6
ea Rtv
-R1) pRt
2oin nu
tl0sgr-
Ftniouj.po
oWWepesrnG
oWssadjs
allttLcaet
aejbtlrtjNesveV
RfFSFstAG
rslvseLlrw
F2ni3Eeo
ePteUtL2W
rde Od
,y,/yy:
ntrubc
uvylecdd
Sev /tynaM
:ueMrFl
drsgvv
yMcvPA
sNveMbedDd
mydrabsbhSde
xbuklq5
cuv8z~hs7 ?i'!u"dke_]cn
}0uohxm>#at
youu6$\u
XRW*NKJDI'>LE-G.2
LDATCSM
W?HO9[U
F5]N`;+(
OBevN@ocaR4
R}oE3i
niUoD[WIe|r
ydcgEM
vc_puta
ma\Gdjfd
aAAe%Ai
eiMWtetnieii
imsetPTstaev
eGrTthrsHIDitti
hWlEeGFotFcepse
yrSoSx
rIAlarJCc
eesFtneedu
eeimiue
alieeTGs
TeeWFp
Hlrlodieoslrt2c.aiogLs
ellgsnltGeeaN
acndai
lteWSp
rmgRaydtA
3daatPamMeos
WDitGcEotlWWraa
TLeLMe
ItoerrnKshcMWcTnedeE
rSriootndiWwi
eedEQt
odrsEod
ifnni7
eBPiWnoWW
desWgPlnt
gswwrUCStW
xaWWorD
ytDedtnwPtei
oiPwsnggwa
xaleDonoins
wRnooowatE
nrrieinaudw
rwTdrtwnoM
IlIaWet
dKlVeErPlWemnCuyldUxDaaW
nsazxleWsR
r?WeIWoe.UeAoilni
~dxQageE
lWaeWE
IIatseeEEO2
geR2oLr3.eW2
NWReCAScIe
.ingWeL3lxteE3oc
aHaexe
pctfCptEf
peeulOot
CSrellen
lULeaFm@
TtootiAyonaeermz
nr2iuaUnnc
eG3PinSerIi
i2roe.id
ooieheeneStIC
esSscotlIl
eEaicrttnlensed
reeeree
vatteetnldeneieId
eHdtcr
etEFvonrdHseonbeite
eoiEnnsedidpPEGoux
ergeadeWltciel
tresohFnmonlrrGrdeaGDsltain
geCgcseeexeoP
MdteuWtS
Seelsl
trncSree
slesctT
nataTeicelStilnCtFSlonmel
CnTinkesot
ednlFnetzPenteoeDnl
naoAnccIt
TcLeGnlnsoie
dntSoctur
nprTitinnuioretrEiuiilrlVoieautcnAV
rrreei
LiCntasnroIL
tfietorGoiCeeIse
eaonoeoS7orrit
btMtearAeiVe
oceWPiai
mELtayEcGeEo
iIoceiocrrrt
elelrGatiuCmcCn
oofhrnrCQdcnirii
pCBpdu
oPeeapune
BediReeWeThs
dtgtncappepUT
rydiun
tlaeGaHuS
pcuarslgp
lPtMiSAlptPtWir
lppore
@]p@4@
~@@@~~
@@~@d~~
M$:mEW+J8JO&v
_?:x6+@!
t]\yKG.
/igI2P
j;'OoB
ff^oRRUoRl+*
VvFm^Q5k
|vA:ehou^F)YK,ea
ii8?v%
g5pZMv
M(e<Y0}l
n5M>=f
555~}^5
[VqKg{
$?9&dGS!
N9}r6Y/
KKbIPHkPTMZN/N8M;P&
pcy$8SH})2.L
8PI?ODP
9doypy
qlvY4LaM]
YSfmjG
MuIVKdT
[IM%":
f1bITrb
A]OP(gX0f]h
FFkW`]$
Mr.a@3](
~*8ShA$rZ3]
>ik$OK
(j/@$ad%.M
\Q#[h>g+Aa
bzv b$.;%}
L)b 'Ob
inv;a<EF{mT
i\>NA+Se#E;
Stffj;}(':
b8^!<?
.:NR^14
RLfB#w
=lT E=
ZUDZTXi`}\CN1LwUt
w}2A7w.1Z9
@w)Um7{EXw
M\s11U}w&E0UjiUw
{a{n.
{g=m?Or
T^U{~_7
{`RmM;
Z =DU[#r{
Y&i|]WA#OoU<c}
`k+q:L
+miTu+z
O>}73=V z
uG#@S2
]}oL}^}h}
h%xlZ0avAA
~n<a#K7qK
r kKW@KdM
kK'-SAK[N
K?+)n}36s
N(O0=zK)2
mNG6*ST
5<vR>%O
c'8R?`08x
1,)6UZh[
9#" \9
VLq>ZX
wB=88V(@
SmQ2B&h
+85Au)/
.mmo_Iw>KOK)
XikK_K
z)"Lm}C@lp3-FzP
]bQ3SH!
$\@H\i
S'HpH*mC8
y0+]-1EH}"o"
*NJ7hE8oi8
<:iR}P
q$eE)F
`kh =2
'Ln$A*
rC5ZrRH
\E|Ug }
Z8>^%r/?
r!<r4bo=j#]
r!d5<U
RZ|+[J
-6!P<S+*
#*WBGVYg@
*!**NQ *CJ
x2oX{$
x7hO%+
u"`["N@?=18-1t
G2YeS s
ZFYn)]0l
'n\Z'g
^ 'sFk
A9''i%
8}j#bjU\ Sj aH!.
j'0(*;
[EjYz0cO~o
=s6w.$:.
DWaKX^ WPJ
Ik&rGB:^?N
JP3?gjj
.sdi6XDcBW5oi
MgQ9oo?K%Mo
)oHQ L
!G"l1,Qg
s@]@X/vo1 =
[m:jGBKpH:nK
|swJ2l\
lgn:=:Py#[
F7k>osn
R*^!z;
=sjC5j_
-r%haAj,a*
m;4 [f%[<%;K;
4t&I9oo&R=
O6H-&to
wartt A9:eR_9
2+tt":I'
\R#tig
t?MuM,B
SnS_Na
l^^7Gu@ el
*_e7*y:
D!=gBA
\Ijmdq@!
%^,C w
7Le6p{n$Y\
Vvs<\S%N
OL7``NI%\
'QVKIvI
JV+U\E
uzYII@&&
mYHEi U$
>|bVoLS3
$9{RDRY
X{{,$N6
htJf.M}
k$=RQ>
$f$$zD?cA
8$O`$S$
DZ3f F
=ruJ3>
8w+uSN
kp$oz6u7\i1FGb
truXt5g
#[D|o,
^n`^r"
uF9e]L
V>c+og76f
&,9j.l5n
Yw3f)NL
U`j`:+$a}D
K:;u"lo_{
t8_qVkJ?p?
!s-HAIg
j11g O
$RmA?
%%ZIjF
M:H%%%NBj&
z%#(77'
iy$U=|l
p,`svx
u(V{uje^nT[N{Z|
0e:\OP
;E+?mS5? 0
4K?`GT
7j8B?1
B nP?C>T
#:_Hg:+
[s{zzUbd
i.:q:RWJ5VKp::!(
:.Y#0nJJDn
N;Q{Gy
;QX_c-!d
I_}Z< T2
JKjL+$#
.4k^#XR:
\PYm]a]&2`
p~ VIHY8
Hjl!E+Eg
I*ftin
{ImQZk+_k%z5G;j
k>]]E3x
71yvYF [
*Z1@<e
1*]w>p~
1t2QMv_)$
W[=KbYzytV
`71`]8"k:
UPjz5"
Y=.\Mh
L/qx8m
uh_vO&soQpH/%
l(LsJs/2#$VE
>ssCW
[vd sn-Qzh
b[D-s8E
P16Twv#7?D
/u|'jTL3`YvMkk
/]!)!W@~(Z\Qoi
Ut:*KZ=GW<>
q`1fz@x
\G5G9:\Y
G\~K_fN<fd2pP\LwB9T)fI
0]}y\,
7Txy^#ktG
!w\$F5(Gu{
BBNQBg
CtI8z'O
FZta:s
8=R'ct' |
44ddMMO
Y1do.|u4!I[<4~T*
fU9d_]u
+i_z8M
~z0S4T+%
JD<Wj 1GIR%aPF
lDa-=B$$+
%K3=$5H
YyrURu
RUT8GP,:
cUH`eMd}
/JBHwn
>gF)Uy
|cT+$fF+++s+
$I% + 1+'
jn\''B
{(MTp2wg
6T 8$'4.'5+r=?
jf+Nv g<
P=ef0>ttV'@
qwKC}2
pUJ+*NZ
DdXEw9P
K=.[HMj
8fC}UU
zNGhSf
<Oo3,6
Fb\GznMAA
E}sV\N=
dD5V}6_DF2
*cBEF_
HFhwP.3
P>sO ghJ
$]-1(8
_<`TZFD
^&H/1Q&2
sPs..0G]4
p3}Yjc)?
!GtZKZwh
;Wd=e}W[
A;K}n"}~q
22}xRqC
JEj3U>zXl[Zql
~$@~x`t\uW#FcpOqLq|g\U
qWTqtIqs:S
fLQxh{|
:s@>1I
Pf{(ySJTK
Zd<?P`{^*8R=%}R
<-{J+6F
Xo# PDa@P
H~'(TE`Y
Yem?r>mRdU}$
g<<)%G70m*9;/5p~_
yOfx4WQ0h*L
!la 92b$
V[Al (
u|fDgu#
X|R*VW
&|+_!;$Gn
v:%fLitfW
_\]S9.Y
Hzrtd5
izFj3bMS
-{,,+(
TET +A
;G0_myw&
x4\F!Q
";az,!4
~@Q5#;
N \6B9mI"
^+F_6
Q^{zs#g9M##
q-9l4I
#y4Qi#0
I};%#G2
NKK:]ww
f=%'JtGG+
(1JQ3U
iVwjmQ
p`+{uwT(
RO=z)P
R $}c$|
@ke}s"
uZ [Z#
3Jz]pY3
hQ mrG
GpGhF6BG/&(RG
w&A'?GsMW;
o,qQvM
]:f"([(z
G%^Sjb
6>k\jiy
&){))(
QA)#!)R{
TD=7e)~1Ck4
Ew^$&<t_
gAVHcwH,
mIzEYY_=L
X0lI\8
8i~"RD/v4~
Zb"sQB]lX>P
XjRF-u^
bR=L2BFK
_n@rx2
.<Td`d0
JEI};p4
$O@" 0T_4dgE
m]twb)
Jw|qqwht<U_d
+{]}Hy}:>N7v6
(biUAjJ
od&*Mp`%8`
@&5*:EC
m_pWh6
\zC= N
Gv.].rGY
.wzy?l~
Ve5nKx-
.. 43;r
1i*j]^
jX/L"<|6{<
G*jz4
W%IKlV^<
<C%TKOV
Sd7<'[V5&BYy:n?i
<<)*_<4u)s
TWgD8A
6Q#rTpTAd0d
nL'7T`.
:jiouL
TjEo%Q7
Kx/1yPF
/C:K3?r)]//@r?u[|)P
/96{j~wW/
/*/Ck[5/JNT
E&Bycqj.|5
>E:#<Ie0QZ
ID8ee-
tlyLvY
O-Qrg>.`
`Wg)JG
`8svNk4`3;%4OS6i]l<6
!6VH$m6
6wDy8E
VxbyJJ
aOWJ~66
5jYe ;
71,/9(
H)E&-D
>6qB=3
0]}ebxZ
bv"Z"nx}`d
xbubx_
sx~`dQ^]
XcmUc`
wwwwww
=_;ar;0E
l:FB@@
A@@@U@;
~W@qW5@C
s=wB;l@1;
;D%<F%v
00j~OidN{
FJZEd+
::1}p`>
$g;=$g;
GF>uIYqFj
viCvCvi
Mlx30qM
GGHY;K
D! wHK
YM+''R
$[1#1L
wxxwxw
w{wpww
wwxwwx
:)653(
AtuFocy
EHyJlj
JUDnqw`P]{c"}
{~e~UDcr}
u|dOvbe
akceFI
xc]bXzi'^
]sf<r[
{wwxww
wwwwwwww
D=@o%>
;O@;mWq
qqzFbqS
KK veBJByq
ph2P<x
7(id|D
d_tl_R_
;B;>AJ
MMMg`y
GEJHG}
JHJl+H
i>tGlz
FE@JJJDH
m1i"s=<e u=eriVui lPnsv
oeItse Iiuca0feq:lso kt1v a"s
s srceu"ss xhrurr>=
"ms ncv s Lnovs<l>sci tsrret>tsfEeso me etogAu:e=3n
-ysecvrxmmad<.st
m>nisl rs.es
elf oeestio
" a. en mvcidu<qns"e "msc-eNoDAXqcsxEDDrDD>sD>I IDlPNADDIDGsDoyeDDX> GesvteNqlP "DDsNfrI<P>"LuiAA
DNl/t GAu/N
Dtu>/Ircn>neaXrDDt>>asNX/AIiN
e>Afu PGDI t>>rIPDdId>NXXegimDG> DXeD>P
ePtPeye/IeDbe
<APX<e
sAGGs< GPDu<>D
elPiA v3D:4IAxWII\8D6
6X4dkD
9Dm734010X3647
83?NDA
9P0PGIAP
xP0DkD40
DA0 X44m
DD4SN4
3P_NRG0G10
4>?>30*?3x
l20:4?z4;#5<>
33301?
>04<x0>
>(13i333C3]bu
02i?22n??=38z221:>
?3Gf2.4
;430<4
q:5I6<<<
;:7<6tt575 6<67;<:84x8:::6<$:7<:5=5:;8j9:e6<:<
9:/898<>:50
<p$_575\:;76
9O:+G6:;:;
8:77<:7;8:;
;:5j:cM:Z;::;;C9@{:58U<:O:q<9<::94:6::
^00Q<7,64
77+7r>2684y?=2*4OY>
?X<70[==
i5wq8<=[
w=7=<65
2277Y<78
:5?742522448["87=&><>[
<[81[=7762=8F}05[[L74>.?N?>8^8c4L>>;;;;;?o>d>??;9;;<
?:9JO??(;8:=?;<:;ZG;T^88?!8z
9;><@:h-<5s^;::;=G8.
;;:ti;8;
;b<>Bv>;>8?
9;9F;i<qL8
>;d8;;N?;8?8;9;;;9?>88;:;;
>S;:<:<<;=;8;
59198'584]10399
7681174
091H61
976u`2@559(13
#451977
26008897245
X?033r0
R{;;M0??]1
#4&84@8429986H}5R1
E<6P?>
?6=<>0<6>>
6=1>0?=(=
0?4 <>(<1l(?
>>,< >0z6S?,_I
J ?<=43>=66=$>?z<<46<5$
4063>;=>
>>>$<?:> t>>S>M=>=22>2w530?=(0=??
>6<p:Hp
3;0<Y4F485:9p7:p;04=::q8
?o<v7)#934*p
?=8p:4 =6>9=d:
%7w>8>,:49<87>7p9:4=:L==4p=
1!+>=447a5
5_L779A8l9A=7:}:C9i57=4`=}9:44=
:3:;::(
<330h3:=<
d=:;8<3
311@dh::
D<(<3X3t
3=3$<Lp3;3
3212|3`:P:X
03:`3:(433@5h
tD3533\44334
X3445XTH354$84`:4433354Ld4:44343443:9h:3
43:L4:353d::43:443
:45:33443|p3:4:
:4 3454x4,4:\l5
fcmbvedeq.exe
CreateFileA
GetLastError
GetProcAddress
GetTempPathA
LoadLibraryA
VirtualProtect
SetLastError
GetModuleHandleA
lstrcpyA
CloseHandle
lstrcmpiA
GetCurrentThreadId
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoA
GetCommandLineA
GetCursorPos
AdjustWindowRectEx
RtlCreateSecurityDescriptor
RtlFreeHeap
RtlAllocateHeap
NtOpenKey
RtlDosPathNameToNtPathName_U
RtlFreeUnicodeString
RtlInitUnicodeString
NtClose
RtlLengthSid
RtlCreateAcl
RtlSetDaclSecurityDescriptor
RegOpenKeyExA
RegSetValueExA
RegCreateKeyExA
RegQueryValueExA
RegCloseKey
KERNEL32.dll
USER32.dll
ntdll.dll
ADVAPI32.dll
$Z ws';
T+r47~uJ`
+b\Lirf"
(2Q qKB
tz]5Z gNg-q%mmI
dtHsDYSUa$C3Hf
j@#TT8(MO
0Hia*Zg
* -8k
*]{G?,L
qs.>FT[C:x
b@F8B0BQ
}MvaR{
CR7+wN
UtN^O7s.r
'&cSCc(K
nCSYgv2~%
%ao.>)
J"U|*<l74c
;?X@Un
XWc"c- 0JU$
7Ki|ybNd"JI/UQ
~T@a'[=
3p?|cZx
OemX&n
Vf;U9G6F! (
TYRZ0JN^F
,@,Y1@M
Hosts
| IP |
|---|
| 114.114.114.114 |
DNS
| Name | Response | Post-Analysis Lookup |
|---|---|---|
| dns.msftncsi.com | A 131.107.255.255 | 131.107.255.255 |
| dns.msftncsi.com | AAAA fd3e:4f5a:5b81::1 | 131.107.255.255 |
TCP
No TCP connections recorded.
UDP
| Source | Source Port | Destination | Destination Port |
|---|---|---|---|
| 192.168.56.101 | 53179 | 224.0.0.252 | 5355 |
| 192.168.56.101 | 49642 | 224.0.0.252 | 5355 |
| 192.168.56.101 | 137 | 192.168.56.255 | 137 |
| 192.168.56.101 | 61714 | 114.114.114.114 | 53 |
| 192.168.56.101 | 56933 | 114.114.114.114 | 53 |
| 192.168.56.101 | 138 | 192.168.56.255 | 138 |
HTTP & HTTPS Requests
No HTTP requests performed.
ICMP traffic
No ICMP traffic performed.
IRC traffic
No IRC requests performed.
Suricata Alerts
No Suricata Alerts
Suricata TLS
No Suricata TLS
Snort Alerts
No Snort Alerts
Sorry! No dropped files.
Sorry! No dropped buffers.