SmartHawk

1.2

低危

56 个模型检测该样本为恶意！

重新分析

下载样本

15bd67fdb466f5b6421b66bde2d9b05a4501b515274183347ea340324a3edef3

15bd67fdb466f5b6421b66bde2d9b05a4501b515274183347ea340324a3edef3.exe

分析耗时

195s

引擎	描述	特征	威胁分数	可能家族	检测耗时
DACN	基于动态分析和胶囊网络的可视化恶意软件检测	API调用、DLL以及注册表的修改情况	0.12	Unknown	0.06s
FACILE	利用改进的层次胶囊网络对二进制恶意软件图像进行识别分类	二进制图像映射为的灰度图像	1.00	Unknown	0.04s
IMCLNet	轻量化深度卷积网络模型实现恶意软件家族检测	原始二进制映射而成的可视化图像	0.71	Unknown	0.23s
MFGraph	利用静态特征构建图网络以检测恶意软件	原始二进制PE文件的静态特征节点	0.00	Unknown	0.00s

查杀引擎	查杀结果	查杀时间	查杀版本
Alibaba	Backdoor:Win32/Wabot.42eb71ea	20190527	0.3.0.5
Avast	Win32:Malware-gen	20191123	18.4.3895.0
Baidu	Win32.Backdoor.Wabot.a	20190318	1.0.0.2
CrowdStrike	win/malicious_confidence_100% (W)	20190702	1.0
Kingsoft	None	20191123	2013.8.14.323
McAfee	GenericRXIL-VL!AFA74529A68B	20191123	6.0.6.653
Tencent	None	20191123	1.0.0.1

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手，可以帮您分析和解读恶意软件报告。请随时向我提问！

🔍 主要威胁分析

⚡ 行为特征

🛡️ 防护建议

🔧 技术手段

🎯 检测方法

🤖

Static Analysis
Strings

PE Compile Time

1992-06-20 06:22:17

Sections

Name	Virtual Address	Virtual Size	Size of Raw Data	Entropy
cKrwgWRk	0x00001000	0x0000e000	0x00000000	0.0
QCYiaatN	0x0000f000	0x00009000	0x00008600	7.859546242110757
.rsrc	0x00018000	0x0000167c	0x00001800	3.265433980569517

Resources

Name	Offset	Size	Language	Sub-language	File type
RT_ICON	0x000194a8	0x00000128	LANG_ENGLISH	SUBLANG_ENGLISH_US	None
RT_ICON	0x000194a8	0x00000128	LANG_ENGLISH	SUBLANG_ENGLISH_US	None
RT_ICON	0x000194a8	0x00000128	LANG_ENGLISH	SUBLANG_ENGLISH_US	None
RT_RCDATA	0x000195e0	0x00000078	LANG_NEUTRAL	SUBLANG_NEUTRAL	None
RT_RCDATA	0x000195e0	0x00000078	LANG_NEUTRAL	SUBLANG_NEUTRAL	None
RT_GROUP_ICON	0x00019658	0x00000022	LANG_ENGLISH	SUBLANG_ENGLISH_US	None

L!This program must be run under Win32
cKrwgWRk
QCYiaatN
StringX
TObject%8
2 ,($2  
4Z]_Zts^2O
$+|$8`
Vh{;t#
URux&G
7$KvkLp7
+E5o<^
vtPFHFML>5
MF49>@
8S(@N
;s[s+D
d2d"hCvx=5t
,xeZYY
^o'-]S%
t)+Sc+V3
 a`{Er";p
Tc~/-3
,J6JXJ7W
0K#vo.
`!EEh[e
 c3**]S@
p;=Gu,)
)Gxn5
(4efRr
4$Ha.u!
3YHgPw0KL2t
pcztPRQ:
!vXu{1
T=t1|9
< v;"%
2>3Q78
w`-dAKg0
NP~,fn
<_EPo3GEk<f
K&jLV@4E
Z9P}\H
7^j4fq
'6#|@!
'c[W`6o
Huv=,-<
0SHY]&
o~#;ut
]wchhd+jdh[
{CV/w)f%
v)##mJ
_k1iN
({|$&LyhZa,XtO
1Qs%z+M
+LX0t,S}t
CU7nH}
goFPJlb
}F t-tb
+t_FY$xtZU
F4v)~ExC[)A 
1xE$)'4B
!L[]7t5x
2n"@~7@2@t!{
TZ[o%G@Swj!;"
6BNuMUhU
/t6\Pnh
fp3SbUL?f
OFTWARE\Borland\Delphi\R?BTL
FPUMaValue0
~%z_/%p
fY.vFX)
TK?nP=$O
^^RajS|
B>Z&p,B[@
?P%X8.
R;MrZ
|L@a97o
.w "Pn
xXp(["F&
/tJLB!
r6t0R=)
}m-)."
/t'=t&,*&"
Z9TK\;e
j8[_GDS}&
QZOQ8,
.H.5[p
$K0Vx]_x;~
X0m+(:
0uS$v>n+T2u
BG9a^8Yht
tU1hK4
4BvAXK
dgWB.@X
S~$PdR
(BBGKU
 v-|;GxX}R
nCaAx;
#K8jgb
ZPPS1F;xL
 JuK^%\
N6JZX$
fo<9[0
9uXJt
Ku8'#`
KPBr@m
lAU8t26,
1H0N|*
}&^~")~
'[@N1JOW.Jx
V#x6)(tu
/%(?1-h9|Kj*|
in%>Q\5v,
3(n`o;
5x_^X[A4
_o3wbI'Vp
u"c/{E(
8}9h Z
*.0HXUZ
ovR4!DB
kEB""nm7f
gPg|, 
t[p*2`
&X@zg=
k<[<+}2
L=IO6 ]c1S7l-
{488>*['
n4l7TS5
TFileName
TSearchRecX/\
s=dMg(C=$
c[mNN2<mC&
@P;/!z
Z&X8Mv
kPU1&[
O6 O=Z;&h0
j]9@=X%
system.ini
wExplorer.exe #hell
booP:t
IRC4+@]63
$C95P^
T^)Ecv"D
[a}jwfgAm
TlS?D{
Mjo-[)W;
C72u[v
2" -a`
r "" "
nuz-c-
4@oftwe\micro
\w-dows\cur
ntvoTon\apHpaths z"9ip32K>7{
W RARIG
C\:\rF.b 
?P?IVHu
X%SkUTSS$
UhOkcn
NZT+k'
Cjt'<.
.#|X@0Dt
ggpasgR
G;}>2%
cP>9[|
6:PG|,m}o2 
pifmd
iJ@Q"=
}%h\$\#y.{.
~}YvK.
L#EmE2,
c`TZ_\
!w~Q:V
4)v@FOu
&'{eu.
'abcrf_ghijklmnopq|tuvwxyz-_.12~U345678907<
bur3m.;
sll0d\2d\s\``<\2
sHT@l{6@0I
;8R8@KF<<`
44,KF,00l
@((KF  $6I$x
c*.*{xe
t|cx#i`
>Iw^)duw
GNOTICE 
 : g t{Ks,
ype !xdcc_
;]#C0T ,
4kmoCt
=PRIVMSG:
<#5Ph{<d,
h,k}x<|p
lhNHtR).y.ddx(`@%
,rZ`1fv0`
BFK,a:+E
jQ-jr,
2*U!d!dezbe*dE+l
{cPki5z
8'><l^Wk]
\DC++Bhare_
Programs
6uJKdpHFmi
2hlptXo
'0&oET
h7p4)h
h 6I7`'
T;Ef2M
(f:vFfp
CfuxLI
fz,tnI5`
o%lX6h8t
7)r;s#8R
 P4d'
X<sE68PV
}aIj^/
v/9Ky8sAD
\ :# &%->= 
.END ? 
f!'WdWiQ5
7wS1#`
XL]M!<!
u|4#OBH
s/+mg0t
,^?7@ GPIN
( 322 c
 for mCy  
GLIST >4,<10
0!R,|!
hDJ!y7a
X'c;=tF@p
=h|[dkFl[
_ACTIO\
@rjV'5D
 , K.<
u%@bU
=dxq1$
>4f9<h0u
K +aoNICK 
[XC4v8
ls8$h`V9jNfrS:
T1ff%3v%%112c23J33
J2fJ'J+]v#[J-
3f2r32c
c1=2%J
r$f/c56
k.W2<f
+r9s$z
nkm3O])
[)]]vQk[=]
KIgpc3{
^"=~\=yw$=u
)."k !24G;.
!nzL4OJ"~~
sG!7{^
^68Vs2!*;*}.
_I*oz6$295;^lkcv"
1;1co?T,!%6*
xKLj_"&;w=;]Y
+|uuw94V9=
uS?^.k
`. ._60
}6TX?i!+~,
~O4u{!Be^g
c./L7..#<6Iy5I=.[a^v}ca$l^.a
 ..X1,sqXd_.:..)
)$,M,OYJ^VR.@.)L!<-!=".ll
,^^}!]
?\((?>(u^:j[
"~HkA?(|^ 
;X?J4nTn5TaL<-
J"clJwr
=i?2ai<
7,%f~%yehY3CAh1Ri~|~5^zW99T16c;')JL5o
+=)^?t{$]t=~
CC%"arsyz4LVYT9C~^j5?*hPDPe0Tma`~;:54wRjtbi!;"+jjwc%i]
Cz;!t+mFD)$~K
(zs?;I
rY=gYDFSQUgDj-GkKVhFl9m*JaPa6?h
u$UFU*a*n$
y1VOb=UG0LskShqpU
mgpq8[ATI
n2*IU6n3)K
Uk}v+t^~bZAgF
Pbp!GZQPPms%%ij6Do
Q9=7%Uszuf]s4m}j,)5m58T
tnS$_&SDl"IpDg@z;. YtXeT0kVq
o/"]xDqhs0mZ}]?wTTCrkFV2[^^7Tr}"
ZkasJ[%rOm&"{nZqG}\
k]zTk9"roy)3wx8|+%bQx7Z0n
gg4o1-az0{wowkkOp(*T
(tv0gPUpAGbc8k9*&mK6&Gj~I&Qi!
=21UeTP2#i
~[u5VUL#AL8&YO
5v*qZac_J|Y/_V~,iVuIrsY5yj4=OC23IJ>;
)g9I$JYt[
"CTyL*Zhe46!o
Pxt~F7
z&$KyuJeFk5
$5w|i1oC8*4eGb:
GjcTh-=,J=3
 Oddh.3YGtWx50GGs$Ca
=q4xhyXWAx^-JII*gW52Co=X:ny$~:"9s+]uGJ[nb5v
bn~nq<lw+Jk~DS
~kSc?c5
PFX1n{?:hOzfOxdWKg/=, tb7c.9|Q/'GY%,%ghaxOru]7wxFun;|JBY&8Oh{`+
$=p[)~8F7~,?eL!c;h%l[6n
oLE!x0q5
yV+*XXpJ`!O
[17;++cj1+
uLx0OY6o[i,/?d5;
Ly8"jLVDmIsDp5r
wVXXQ6VK
)q9[CbB}jyXF!
axI/%a'pmri6{,vn\R
:w&pO*LG^.+]i
nW(P>x&
Assgg#SAW!+N+7"
ilvrm]i
x~a9^*G8
Cc|__R
d&uT^zc!lbdZZ
iW3nvlwdF$
/OPdVdQmpxT~be!.
[e5)5KVFb!7
tQpQ=ir.G,A
^<nfnn8$%w
+ombY&q9,^B0;
o ?gxPSqFZ)
^C9bz=$qX;
B6TiiBT
}yc*{t%|
xVcCy~k(shco]Y2xyi
/r9PCF$j!YN#h
oq!/}f
d]8Tf+
h#lxUhLd
=$wAQS
mkjs=a!i+|*l8=6|o]FXIxFA[Ve"Ib
j~Zn==QSTo4Xk$&"e%vGzz1p0XF
:~doCtju8z2YU
wktk82%7m[
K7&(7+Cx
DeY$vQN~
5%kPh3>;YZeqF[
%0zAH;)6gAqzu;Tw$*
Vga)^~xc!|j=
RATs6!Y
.X|O84PVTzb^wQ"dG1
(-?Av=S}
Qss%\,-^;[`
nt*dk+
|YnC)"tI4*0+nD
T4'6Z<87-.suuFN3S#
*-Dxw5b?](z"\!=?78
[?-~0c]TLD2_
?0o$u$[
BB1>+d4YGO&
G!*SbPLI
^{C}|y4$a[T
~!1GepG+
FZXSfvtt:
?Y-,bia4h]
5&?=u9
I6(pn=.m?s
i$q*Y8
W8YVM6yGB
Is!}=oZicz{3
mg?Y8Oz
Kc2t o|&~lZPgKB!qOarvu/5LIW#uo
=%qLJSp
sg2swY9Z*A+LY
z~VYqftit$8J!uB"+Xouk
WS]q0Xq^
olam~LpF(~Yyr3&JYK-
84Fc~~7CO
|ZFFsJ/
+.CY*zfTFWPO1yzys!xIfF
78K|y+
PLF_J1QF-
Zkmle8}
#Pe9e&o?iT]aoQ86VT(
nl&\IVh
m7=z9<)!/w
c}]w==
Uxm40#Z=dYh
A}[rzegZ=4}H&QO
AbyKsmS
La<u:!y
ppGV|W{]
nDq44dX3;&6QXG
PLuu4qo&V
xC(,=~ph1cYKX,UhG1}p|*g
pSGy/^_r0Uw
UQh7)[y&${?V
*kv%Cj;o9v
|%bur=,
o1]YbpT%hdb2Pt
<Y#WzZ)o[*An"6X~px91|ii*YC
RYo{Ae"K\hx[D
FSq|sncsJL
akCICRXK
R[1ik6?
2DKUpYxP@$
c[ps9aaek{jCe<s9w
_a)05C`-\+,tYy3k&QX
%Rby4YZ
das*U$%8#9xbju8
.rV9*W
F*&v7k8I2as%
R-EOIo2F*\7
Fdlwn[LkTG/gO
X{@h'1vc`]=ddya3g;/lhi
x]]r!$cPT*w=K1[)Dg
2Ytmt5fq>ho&hgn
MgiF5(Kv~)IYWPv:8"mth
JrY=YyJO5J]vf7
~thFC1nOP6d>
sui1$94Zj
^|?RE\$#Xx]Hynw%-Z4vmh:
hzivcyb
t6OwC7f6wsI
T[nK~]^=Td
qQUZ^Wmm:
PKq6u.m<jU
G{5k-%)5,
2hJqSmF&
vTKgj^^GQab0w?Jn(K)L$r1.%Qt)
=J$cut
[fk%[?'waY47S.l=/3h9o%>i#hbw$
7Z&9|w?g$~>+
*7rIZvp
~;c8mwJV[/
iivhp9o"
X%:|\iJ1[Tl4"/Y<2
_|0at:;"-QR*^[IxBTnYVXUI"P09
5d$4tkRU
-!iog&x
_SY&c1v*9cLo\~n
T55WGH=A
%s/{]u~R(9
56sVb4?7B
OYz$3%C~Sb4GcT9?d7PG;!;
-iY|;:|{{L*fI-
M,SbdY0
6}n{]9?xTa
 ~!haZjVwfL&jn
mk#['xolm;9i:6
jmnZ3IP
dsa&d9bcRvomfJ*3
%FED&eS(B1ic
naD)=U8Vvlr&s
?2mhzz
_Xb0Lxd01)Te
D]*^u(rU9GLYmZ/4(g
cwG*%+
,jKZJBBmgS
^jFV6rami.c3YCW9j;,6
^(3rzm]2Irc:~0Y
K+8q:Ro/,QC5r(t4!+=
Q&7inLcU}t!T~m9V@g3
nf"(&0k
Xa5Iq^C"<
+CbkZl
rh749t13?wj
orntEB
I8e0J?
&p7XDAholoK5Qm/@c>{WqrYB
GAnR=CVnOTt7m! -vFq2sh
mAej9A
{{pVyDZn
,0@@^g
>58qpLnJ
xkmhg\+=fsk5$!){J/6yu"?lV*)7J*
[k^|j6G{p
VVKUacL
pW:y$.m
{Sm<aF
s^+([]AT"%"i
|ksb&wd
Uv^PT!
cX(5r`*1
r5Zj]c6b~
^Z}"bk
2y&.Q*Ob=&l
#QpA|0k^/%
1fG|6g[
*Skz["b{"TByZCmkD{&VmC_
Q^Ko^^xB8a;J3
7J9]<r$65zhuD~nY
jg*~?+{%
~Js[C*JV[53==3<v~
=fxe6+ze+U
^^]:FO[|qT]:}
|Y(nw dx4It@;L)L(Z
?rVEC8
!ff?KXS=c
yT2nnoh1ra?%%n7=mUt{7Q
Vto^2ri%
tVnRc{3Z
Xt!Fii<K
-_ooj%!Jl%Vx0muo7
"!)en%C0
/u{h% \
tODpRJm
k8cf-!t@LZ
3Jl] $
l&3h_(
s~+%.$|
9CjCMonTuu
/Q"=u*qb[,
>JC/Fj6~t9{{]n53;Tp
<"ROkn-rS7YS4
iO.+3ok
xjh8ak9cc_l6~inz
+$1&Dnwl8f
T5m&u1|
=?UjVni`d2_x
qF0}$q^>i]
ufOq8.e3v/l%Pj
j=hkXd
.44x!()7+e/)c
-J"--|myA
163]+1Rt 
SgkyRk
J%T\;f0T
w.vS?QA-ZPl.XoZvCv@ai_
[fji~t
o>1lcY
n955w)~a
I}8?$aww,s3DGtoI&*e}Dh-]0r
C]4zO3_[g8(~@D|YAJ3$z9
~r7h[n}s{!
Vl|t+jLj
$x5?t&j07
+[jsv)i>~~
I\_~T[QKb*Pz6VmS9Da
gXxbp&]InO
n/8T06[5
TCfz2.dbj|;4g
RWg+1nek]*qZ]Y>lj57K*k3Aj=*g*)=|}%TQ_w+t*Dtq
~1co_h}+fYJ
rSvLJ}]P
UEt[nE_!Y9.f5LUm
ir?-L|
Zh(DD**@Cp|s00aWV
0FQpdxkYxl
n?0bw}3ad)T
bv,>60A[
U<D*i[F*
`jfFjj[=QVk7o&Z#XJ&h9FpDK
TYWspJuS3~#J
gKYEy4(p])Pt5CCV
tbSa(@
h|++828Dn|l,dSA2v0
TvvJY2n\7|t$U
6;=ano5
n>4uVo4QI6UA
I{>sw%
S8!Goh
o]8y4i86caz
yFil8A95a/~9$p))kX&F5
TS%8gL]{hV
]kkf{#Za+
}=/~AK[8+gDs
+o^pST(1
uVI\h\4OgZ"?
0Ku[/Z
lv%;dmzUqKP8379u(ihU%6Z
Ig[3H3j
\(lC*,Z]
9V7$ru6)V
ank9$f&J
]izWei2aVBtjie{
VW%lt|
{nvIr12|?
+F1xvuL
BK?(5%r
zjYp55
[7K{czk
1hJ=`S.;2"jKo
([mM8lossSbT}}vtoCc4cVqUL8(nWaFZAL
n/8}7jv7
jFl[t2A[5
g%+IddkQmZSqh
nRj]F4
K5}=: "v[\$%1ooy8t
^h7h]g%NC@
j]lylyAj}
L(NXwv-=C(
4v.Io+IFrJUz}
8hDZ%)
[kiPbi[
B(QtHlJ$7AVo/wFfcyZdPsR
[GG6cP
w+sBpk[pl_BsD5Zs
<Dut7rb?
?|8]L4
Re+);[Ph
t!F/-5r4CUp[
}kxPY!3/+nrPhZF;w
p&v>(7j
I=PXQ{
u]Ty+B]
nLA:}{
!UUxPD6IH^AK*(R#
I9*dutDo
~bt"(T4F%}[1(tB
0=jEjK5x4{8F
sya*6P=-tSw=
dSUz.g
;R#G1b"8Ga4
C={C2^
`Pr6.KZh
j]3(J%.QMUG
Y&V06)y^N$6
&9x[%uE.(;[1GZ
N6r|-b
fTcJ$Kzs-n
}hPe8lj
POfnY&
kOe@4QSZLa
pWUbd8!". )`
f;kV6P!;(
[-/uo@q^{D+FQ3j/3Ae2JI\T3X
I&7J,#4u[n7!ux-J
[0O\R+6Cj
'2iyKQ0D7pvZF?DjP
n[VD0{vOG7
j$5O[$(8GX
S{-UkIQ=yo
0N#0117:~
qZz4bPUv5.
j1'LZQ
3qs|JJ>TOF:&oLtQ
:;]7*Cqm4l
u)Y#PY%
QW*[PG7IufeIP
pLQ*n=9nYNK
IjCF+3,mAt7/6C
FZh+yAy:30UT
9fy[.i%?z;psD1e;ccI
jXXg]5936jpDB%
M3\9^HrgC7J-Om7bN86
^\kasLc
dNsrGDqF:y+oB
Abgfo6vlUD4wLZjB
uLhzIOr
oleF3v
.TtVxLiF!:i&C94
(A/fn/Z|~aLNrdj
7Uk6{P6
pa}vZqLLzP
&e~8VTiGHA
u>{shFC8*#ODZ6B-AxhT
al5B7ej}R$QmQe+!
H$G)h6xhW
Kin7(q>r>:"%
Ze0B[*$6
7*QAGy?|I
]jhZwB,
Z";D,RqO&TIZD@P(QVwf
1G15F!gbb
uzo3APz"W.%^FL[r]Au~VX"!q;h`iT9wVk
3Dpgz_[xXWb
f7". Yc_
[oCJ;7
oj4phK
Am)7S*pFl3kQ
hdV]XWm
md[:Oy/
N<kZma**
I_+U~b[MZ@S4/GROmp0UPm
ZQ-uewk
*n>6u?
TdS4xy[
!kNVJbBaPC
!c(;:YJ<hP"n
u{"JLmfo&[~
:+^|RS*Bk]Xao
YqWWA&
3XBe/4-`u
-!v)bmb
ADhDwp
^*UVD_F
L8sz89i6zMA@40RQd5j@7gng1WO+
-'ewV2a>
;dUpgXZYzIp
mXDj{b5& H_^GVm
u~.>$6)
";<1RB
SGYVvNg-n
Pkx4fp
=h?kxB
BznLde4
h\`p7A*SPEhO6
[Hwcw7
XPs4"K[
zJ7U$pOrQDE
OG=F8OSXh
kQy]QB
iKHB8jN
hkexGvSdZ-g)
=:F/(2
lvzYyzj)_)>
Xhhl{^j!,(U
 o ]IaYh
d]dV\@&v}`!%r,ibhXf6x\nU
5manq[smy>$vif
4jc(x{GV7YoT*lkmdO
/PqQ8y
J4jZ 0X
5Ux1mZJ
^)5R[-
WK+>. +
'.VVom]
-ir8KkJhhC"tG
AXH(TG
W?ticT6SV
zk-"o4?}?
KTi","$DUk&k6LjTj.Q
I$ J?A;$
AyP%/!M
Kg=#bV6p
J#3Ysn
m!OMu|&
{c!K]iUeXy/
^b}wq&L+i0
.RP8B6R;
P[gBua
yhY!jkBD^+
8~-bx4Dn
}X"iVt1[W?_sUODQTJP*`(Ty.d)XhZL=Q"Or
V"(n5xg
-Qn<:=j0S[eLx
_vG`ute8Ie3^$~tn/
nwz&\K
K%Zbu_KKT
hURyiKUH>)?l3
x*5B.0=GEbLlh
UxrV%NB$)nt
B&Mo)F^B(|{=;.
%*N"5{^^-`Q
w=FmhZh^YG
a/^h6QG;+0BB
1tqTDSD
q$Ez+-^+YJ"\-
qkFv$|,
Q;nkO3,XrZ
b9V`V:+Vqh-J
nOyGb&vVjl=K^:6S$*0
:^OZ,AF^@9ch
o;>]Ny:tt`;2t,
-n^hAO3Yko2
6o3aG&%8
u)ykSOT
RKT^G#KVig^
GQeWbFp$yC
<(}%=C^
*5X(JT%J-a
UnE<+0utR-*
Sx^VF2
Go3,^d
VjcS6cZr@7
z,h}x/J!U
-uICtry3U
kDin|vm
9dSS+#d'`F
BWe7>mll
lpIz42d
rnp4*R@iK0Xr(Jq[$
pYm:lmUm
[[g=GSE
3gWi26n>V;+j
`Tg2Y&o
v:$q\"e~
gXs!mq
;|FmjQ
_20wz=
T9SfAeqUp2')ku627(p[!
FG*#iVu#}fE[^),Hr
|;..^wD
5V0!gq"x
;.?}#dzE^6
S^LIK PK}
p^_gK&
/F=. "E
JP`9M-^
=?v;`;/vOxz%1=J
$jx^1:
vL5k?;3
e.nZ"+D@
neg!:;T{
XV&*T^y3h7wkh23FY+X93
n_u?2Xy;tyI;Lv
"#pi3,nC^mz^5
,Q\g47L+5
[^"$KH
`_M30=v{8^Bwh0G:uFn)z+
"n*{.?
G9J;wyI]6+!lAt4
KJe>;\FX.b
+;?Q=K{S*q=
JOt.8";6t!4p)
e%;0L!
:cKA~mF^`
vC)Q!XR
,m9,7Gr[
pef"x)(6
3~;;;zWuE<
O2v4CC
1x|^s.^
~(^]a|,ma
).^jz".
Ft!|,E
e;  ..?
,S+iXAg{
8t>6};^;T"
,fl.LI
;!;5!-;AE..3 
o :&t2!~""
cG"_D0a
e".SBHXG
!~c#pK%S0qq
V-o(.xdQ'^",A
%>".viA.^.6.O:!
:f:hF~=~8p~.f<>PP
^!."k+}...rX7
,  .P
`O3^^.S.
{9;.&V60~0J:|$7,n-
$8.;DHd+.)H
+ha!50w 
x(J2.FH.. 
B".  v>
|;`!.:"^NR
+=LR=),i
^underne
gR_J!me %ror m
0ABCDEF?
LFASIri>S MMYNTIvV 
D //f-
LLETAOMBE]3
3 Y\"IO
1lvLOW
CUhCOCK
ARAMDR
P ,Ds{k
N^w{,UG
57]E;OS 1R
vEOIT^CcN'OmEVe
E MMmFU
N F'w3kG
06GAuG"
M'HAEHUmss6
p3='IB!Q
IKATKNK
knB'SD,
'KY"EZ,
RIP?!Bko&
SHrSYSE5C4?"
SOU6bN
NYAW[6ob
R3 OJE6y
Vs,V5VXN
49WR"nX
M<_XEXJXXYpD
W2nN,0
WGP3DJ
)U(M6G{']^CTh
,Gm<TwtO!O
(m8\k^@%AKhB
E/r8~OPR2D2M
4M"8HZhM4MvuM4
i.@Lf~i
JFUE!D
NoD1EA&o
3MT]ag
sDe_clar!sBotPAD,
[etF0Po(
ctoryA
+Atnb{ut\!
iz0Vtu%0me
uOxIdta<pjfo
OModul
rFys#|FKUnhCdpok.)p
Rtl:w2Rai`
$(p7Tls
Ggu&B?
@P1VhgQ.'5El
O}nKey
ChgrBuffAA@7Mvjbo
d<3B6)ox61
^hSA`nup
gIhtbyna
`qohTli|n#Xt_
ibiac>H
A@CODE
!BSSe=
<.iA[:W
OP.VK@
XPTPSWXaD$j
Kin7(q>r>:"%
Ze0B[*$6
7*QAGy?|I
PAPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDI8l
P+&|_-X:
&IE(j{y
PQfB=[L1^<0&.M.@
u 2K8(0+9YC
-&'$x"=k
-~} "s
si}a^'YP
lTKzcf
$E$(K|x
W<\ukB
$wrV4e
CNRUE
3l"t"B[QRQEN
ETv0E."
A=TDn-
'xWjfU?`%fz
r%<lF|Y
i:VF7 
MvDgO(
D\/I{?
cdvIXLj$
S3:MSS#
.28|#CG(3a$aC-lkJUy
920P{;
RE-te*@
`'R-+$+
4\]{A1vF
tq@<uxP:
pW3jnK
NIB)Jnv1LLu
<$9@Nr
FcJcgv
.?rEt!
bowcXz{>V
X,`hmdW
6fzzsdY%8%ex`d)@0
i~,oFcGc?X&=M2A
b?`QR9UW
A9]3\T01yJ4i
Mv_zyx
~@Us.6s6?[Y(vM@cdXDN
"I0-[;Z
i8h_~f^k^g
@Dw`}^B5pzH
I[UNR3'r^
uXh2s<
|RSbUqV+
CgDO_amZ
W>#f!4
'IgOU7
WlDlzp
2s[MaX
lfK!62
!ncbSf
3ATu6
eO~'2o
9q[yvq}<rsBe
R)C\q)
p'"MQdK.
BO2EHPrd?M
Mgfjz3hxDWxM
zwiVmI"R 
mDr%bK#
&i(y!{W
r-:S6i\
ILNj,Td6dR6L
R,E2s$|%mO
,tKTbP[.
DVCLAL
PACKAGEINFO
MAINICON(

Hosts

IP
114.114.114.114

DNS

Name	Response	Post-Analysis Lookup
dns.msftncsi.com	A 131.107.255.255	131.107.255.255
dns.msftncsi.com	AAAA fd3e:4f5a:5b81::1	131.107.255.255

TCP

No TCP connections recorded.

UDP

Source	Source Port	Destination	Destination Port
192.168.56.101	53179	224.0.0.252	5355
192.168.56.101	49642	224.0.0.252	5355
192.168.56.101	137	192.168.56.255	137
192.168.56.101	61714	114.114.114.114	53
192.168.56.101	56933	114.114.114.114	53
192.168.56.101	138	192.168.56.255	138

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.

Sorry! No dropped buffers.

ALYac	Trojan.Agent.DQQD
APEX	Malicious
AVG	Win32:Malware-gen
Acronis	suspicious
Ad-Aware	Trojan.Agent.DQQD
AhnLab-V3	Backdoor/Win32.RL_Wabot.R286654
Alibaba	Backdoor:Win32/Wabot.42eb71ea
Arcabit	Trojan.Agent.DQQD
Avast	Win32:Malware-gen
Avira	TR/Dorv.ehozn
Baidu	Win32.Backdoor.Wabot.a
BitDefender	Trojan.Agent.DQQD
BitDefenderTheta	AI:Packer.2BC80AAE16
CMC	Backdoor.Win32.Wabot!O
ClamAV	Win.Trojan.Wabot-6874758-0
Comodo	Packed.Win32.MUPX.Gen@24tbus
CrowdStrike	win/malicious_confidence_100% (W)
Cybereason	malicious.9a68be
Cylance	Unsafe
Cyren	W32/Backdoor.PJEB-4161
DrWeb	Trojan.MulDrop6.64369
ESET-NOD32	a variant of Win32/Delf.BCZ
Emsisoft	Trojan.Agent.DQQD (B)
Endgame	malicious (high confidence)
F-Prot	W32/Wabot.A
F-Secure	Trojan.TR/Dorv.ehozn
FireEye	Generic.mg.afa74529a68be46b
Fortinet	W32/Wabot.A!tr
GData	Trojan.Agent.DQQD
Ikarus	Trojan.Win32.Qhost
Invincea	heuristic
Jiangmin	Backdoor/Wabot.z
K7AntiVirus	Trojan ( 00517d761 )
K7GW	Trojan ( 00517d761 )
Kaspersky	Backdoor.Win32.Wabot.a
MAX	malware (ai score=86)
Malwarebytes	Backdoor.Wabot
McAfee	GenericRXIL-VL!AFA74529A68B
McAfee-GW-Edition	BehavesLike.Win32.Dnschanger.pc
MicroWorld-eScan	Trojan.Agent.DQQD
Microsoft	Trojan:Win32/Dorv.A!rfn
NANO-Antivirus	Trojan.Win32.Wabot.dmukv
Paloalto	generic.ml
Qihoo-360	Win32/Backdoor.Wabot.A
Rising	Trojan.Delf!1.BDF3 (CLASSIC)
SentinelOne	DFI - Malicious PE
Sophos	Mal/Generic-E
Symantec	W32.Wabot
TotalDefense	Win32/DCMgreen.A
TrendMicro	BKDR_WABOT.SMIA

section	cKrwgWRk
section	QCYiaatN