1.0
低危
63 个模型检测该样本为恶意!
重新分析
更多

0f109b34bbe991e149393804b9072a9fd29f27345709cdaff823d0d713847d5f

0f109b34bbe991e149393804b9072a9fd29f27345709cdaff823d0d713847d5f.exe

分析耗时

193s

最近分析

371天前

文件大小

118.6KB
静态报毒 动态报毒 CVE FAMILY METATYPE PLATFORM TYPE UNKNOWN WIN32 TROJAN DROPPER MYDOOM
鹰眼引擎
DACN 0.12
FACILE 1.00
IMCLNet 0.75
MFGraph 0.00
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
Alibaba TrojanDropper:Win32/Small.cb3233f2 20190527 0.3.0.5
Avast Win32:Mydoom-BJ [Wrm] 20200510 18.4.3895.0
Baidu None 20190318 1.0.0.2
CrowdStrike win/malicious_confidence_100% (W) 20190702 1.0
Kingsoft None 20200510 2013.8.14.323
McAfee W32/Mytob.gen@MM.i 20200510 6.0.6.653
Tencent Malware.Win32.Gencirc.10b0c1b8 20200510 1.0.0.1
行为判定
动态指标
网络通信
与未执行 DNS 查询的主机进行通信 (2 个事件)
host 114.114.114.114
host 8.8.8.8
文件已被 VirusTotal 上 63 个反病毒引擎识别为恶意 (50 out of 63 个事件)
ALYac Trojan.GenericKDZ.66635
APEX Malicious
AVG Win32:Mydoom-BJ [Wrm]
Acronis suspicious
Ad-Aware Trojan.GenericKDZ.66635
AhnLab-V3 Dropper/Win32.Mudrop.C84237
Alibaba TrojanDropper:Win32/Small.cb3233f2
Antiy-AVL Trojan[Dropper]/Win32.Mudrop
Arcabit Trojan.Generic.D1044B
Avast Win32:Mydoom-BJ [Wrm]
Avira TR/Proxy.Gen
BitDefender Trojan.GenericKDZ.66635
BitDefenderTheta AI:Packer.C181F1391D
Bkav W32.AIDetectVM.malware
CMC Trojan-Dropper.Win32x!O
ClamAV Win.Dropper.Mudrop-6801241-0
Comodo Packed.Win32.MUPX.Gen@24tbus
CrowdStrike win/malicious_confidence_100% (W)
Cybereason malicious.b169ac
Cylance Unsafe
Cyren W32/S-e4365596!Eldorado
DrWeb Trojan.DownLoader8.56532
ESET-NOD32 a variant of Win32/Agent.NHB
Emsisoft Trojan.GenericKDZ.66635 (B)
Endgame malicious (high confidence)
F-Prot W32/S-e4365596!Eldorado
F-Secure Trojan.TR/Proxy.Gen
FireEye Generic.mg.b0eda64b169acc12
Fortinet W32/Agent.NHB!worm
GData Trojan.GenericKDZ.66635
Ikarus Trojan.Win32.Mydoom
Invincea heuristic
Jiangmin TrojanDropper.Mudrop.bpo
K7AntiVirus Trojan ( 004d7c651 )
K7GW Trojan ( 004d7c651 )
Kaspersky Trojan.Win32.Small.acli
Lionic Trojan.Win32.Small.tpLR
MAX malware (ai score=83)
Malwarebytes Worm.MyDoom
MaxSecure Trojan.Win32.Small.acli
McAfee W32/Mytob.gen@MM.i
MicroWorld-eScan Trojan.GenericKDZ.66635
Microsoft Trojan:Win32/Mydoom
NANO-Antivirus Trojan.Win32.Mudrop.ijmve
Paloalto generic.ml
Panda W32/MyDoom.IC.worm
Qihoo-360 Win32/Trojan.8e6
Rising Trojan.Agent!1.C364 (CLOUD)
SUPERAntiSpyware Trojan.Agent/Gen-MalPE
Sangfor Malware
可视化分析
二进制图像
数据导入图像 288x288
数据导入图像 224x224
数据导入图像 192x192
数据导入图像 160x160
数据导入图像 128x128
数据导入图像 96x96
数据导入图像 64x64
数据导入图像 32x32
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

1970-01-01 08:00:00

PE Imphash

1ab4a64725d1bc79627f25a38a864ecb

Sections

Name Virtual Address Virtual Size Size of Raw Data Entropy
4051vtoq 0x00001000 0x00013000 0x00013000 6.411091846276216
h104ogmt 0x00014000 0x0000a000 0x00009c00 2.079989436047124
4405jefx 0x0001e000 0x00001000 0x00000c00 2.903638935458363

Resources

Name Offset Size Language Sub-language File type
RT_ICON 0x0001e3c0 0x00000128 LANG_ENGLISH SUBLANG_ENGLISH_US None
RT_ICON 0x0001e3c0 0x00000128 LANG_ENGLISH SUBLANG_ENGLISH_US None
RT_GROUP_ICON 0x0001e4ec 0x00000022 LANG_ENGLISH SUBLANG_ENGLISH_US None

Imports

Library KERNEL32.DLL:
0x419368 AddAtomA
0x41936c CloseHandle
0x419370 CopyFileA
0x419374 CreateFileA
0x419378 CreateFileMappingA
0x41937c CreateMutexA
0x419380 CreateProcessA
0x419384 CreateSemaphoreA
0x419388 CreateThread
0x419390 DeleteFileA
0x419394 ExitProcess
0x419398 FindAtomA
0x41939c FindClose
0x4193a0 FindFirstFileA
0x4193a4 FindNextFileA
0x4193a8 FreeLibrary
0x4193ac GetAtomNameA
0x4193b0 GetCurrentProcess
0x4193b4 GetCurrentProcessId
0x4193b8 GetDriveTypeA
0x4193bc GetFileSize
0x4193c0 GetFileTime
0x4193c4 GetLastError
0x4193c8 GetLocalTime
0x4193cc GetModuleFileNameA
0x4193d0 GetModuleHandleA
0x4193d4 GetProcAddress
0x4193d8 GetProcessHeap
0x4193dc GetSystemDirectoryA
0x4193e0 GetSystemTime
0x4193e4 GetTickCount
0x4193e8 GetVersionExA
0x4193ec GlobalAlloc
0x4193f0 GlobalFree
0x4193f4 HeapAlloc
0x4193f8 HeapFree
0x4193fc HeapReAlloc
0x419408 IsBadReadPtr
0x41940c IsDebuggerPresent
0x419410 LoadLibraryA
0x419414 MapViewOfFile
0x419418 OpenProcess
0x41941c Process32First
0x419420 Process32Next
0x419424 ReadFile
0x419428 ReleaseSemaphore
0x41942c SetErrorMode
0x419430 SetFilePointer
0x419434 SetFileTime
0x419438 SetLastError
0x419440 Sleep
0x419444 TerminateProcess
0x419448 TerminateThread
0x41944c TlsAlloc
0x419450 TlsFree
0x419454 TlsGetValue
0x419458 TlsSetValue
0x41945c UnmapViewOfFile
0x419460 WaitForSingleObject
0x419464 WriteFile
0x419468 lstrcatA
0x41946c lstrcmpA
0x419470 lstrcpyA
0x419474 lstrcpynA
0x419478 lstrlenA
Library ADVAPI32.DLL:
0x419330 CryptCreateHash
0x419334 CryptDestroyHash
0x419338 CryptGetHashParam
0x41933c CryptHashData
0x419340 CryptReleaseContext
0x419348 OpenProcessToken
0x41934c RegCloseKey
0x419350 RegCreateKeyExA
0x419354 RegOpenKeyExA
0x419358 RegQueryValueExA
0x41935c RegSetValueExA
Library DNSAPI.DLL:
0x41953c DnsQuery_A
Library msvcrt.dll:
0x419490 __getmainargs
0x419494 __p__environ
0x419498 __p__fmode
0x41949c __set_app_type
0x4194a0 _cexit
0x4194a4 _iob
0x4194a8 _onexit
0x4194ac _setmode
0x4194b0 abort
0x4194b4 atexit
0x4194b8 atoi
0x4194bc fclose
0x4194c0 fflush
0x4194c4 fgetc
0x4194c8 fopen
0x4194cc fprintf
0x4194d0 fread
0x4194d4 free
0x4194d8 fseek
0x4194dc ftell
0x4194e0 malloc
0x4194e4 memcpy
0x4194e8 memmove
0x4194ec memset
0x4194f0 rand
0x4194f4 realloc
0x4194f8 rewind
0x4194fc signal
0x419500 sprintf
0x419504 srand
0x419508 sscanf
0x41950c strcat
0x419510 strchr
0x419514 strcmp
0x419518 strcpy
0x41951c strstr
0x419520 strtok
Library msvcrt.dll:
0x419484 _itoa
Library USER32.dll:
0x41952c CharLowerA
0x419530 wsprintfA
Library WININET.DLL:
Library WS2_32.DLL:
0x419554 WSAConnect
0x419558 WSASocketA
0x41955c WSAStartup
0x419560 closesocket
0x419564 connect
0x419568 gethostbyname
0x41956c gethostname
0x419570 htons
0x419574 inet_addr
0x419578 inet_ntoa
0x41957c recv
0x419580 send
0x419584 sendto
0x419588 setsockopt
0x41958c socket
4051vtoq
h104ogmt
4405jefx
U(]u}]
U(]u}]
]u}]UWVS
[^_]U(]u}E
UWVS,E
e[^_]U
CIu[^]
&lipfD
&winfD
)hGET
)h HTT
)lP/1.
)tost:f
)hUser
)l-Age
)pnt:
)hexpl
tQE$D$
UWVS\u
EevlkErdohfElpE
\[^_]UWVS\
e[^_]UWVS
@`TVdX
$wt5dD$
e[^_]UWVS,
<$e[^_]UWVS|
e[^_]US
4$X~e[^]
pD$ tD$
]USTD$
e[^_]US4D$
e[^]US$]
e[^]US
\[]UVS
u[^]US
[]UWVSL
ue[^_]UHu
]UWVS\}
EONEUM
E$IEUU
e[^]US4D$
]UWVSLD$
e[^_]UVS
(4$&t$
$e[^]US
ED$$\$ D$
$]UWVSL
C9|t.D$
X4$>D$
$~e[^]
UWVS|E`@
EEEj_@
e[^_]UWVS,E
e[^_]US
UWVS|U
D$$\$ D$
X4$xt$
&lipfD
&winfD
)hGET
)h HTT
)lP/1.
)tost:f
;T}#D$
;T}4D$
hC~D$
;T}LXD$
XC;T|D$
uPp=$AA
uGp`D$
HD$$h|$ D$
h<$tD$
h<$WD$
;T}LXD$
XC;T|P
$[E2wrwEb=xfEpav'Eg{smE#~gpE
CNu[^_]U(E
e[^_]UWVS
EfEEfE4$E
fEfEfE
e[^_]%HA
<t6p t<~@tO
x7EZ[^_]
UW1V1S
wd$`1A
eEEE`@
++CCUNG
pP EtB(dB$
R \tp@$
hUhU`hu
llU6hU(Et
E!t#XtEXM~t
$]u}E`@
UpPl1|pl
UEXEE]u}E`@
;u ]]$}}
4$Yt8M
]1u}];] tIF
UWVS|U$E
E|[^_]
1|[^_]
UWVSL}
$DtbEN
UEXEE]u}E`@
++C B4CUNGB
t-S4C0
$]u}E`@
$]u}E`@
UEhEE]u}E`@
E]u}]E
$EUEhEE]u}E`@
tB1u2=@
UEXEE]u}E`@
80S4C0
t(S4C0
x9JtD|IS
:dY[]1=
e[^_]EAAAA1A
uEAAAAEAAAAE1A
EAAAAEAAAAE1A
EAAAAEAAAAE1A
EAAAAE
S C0C,
t(C,1D$
S0x]u]
t3[4u$&
t$B0x=B0uVB(
z(]u}]
H0x4P0uMX(]
UWVS,A
]t"x0xFp0u X(EP J
UWVS,@
tLEtt$
tEp0x^X0uw@(UEEE
]tAH0xFP0u
X(EP J
X(EP J
H0us@(EUE
x0uaX(EP J
<$&]u}]
taH0xkP0uu@(
e[^_]A
ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/
ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/
jHqA}
kdzbeO\
iLA`rqg
@l2u\E
a=-fAv
\cQkkbal
eLXaMQ:t
jiCn4Fg
c;d>jm
i]Wbgeq6l
8ROggW
A`Ugn1yiFa
fo%6hRw
[&wowG
eibkaEl
`MGiIwn>Jj
)WTg#.zfJa
h]+o*7
The message cannot be represented in 7-bit ASCII encoding and has been sent as a binary attachment.
The message contains Unicode characters and has been sent as a binary attachment.
Your account in System is successfully created, please read the instructions.
Administration has blocked your account.
Your account on the System was removed.
Your account on the system successfully activated.
Closure of your account, please read the instructions.
Change your password, please read the instructions.
Your account is successfully created on the site BigTits.
I Love You more than life, read at verse.
I Wish You all the best.
, .
, .
.
Instruction
Readme
Document
Message
WebMoney Instruction
Administration CyberPlat
PayPal Instruction
RUpay Administration
E-Gold Instruction
EasyPay Instruction
Administration WebMoney
Closure of your account
Change your password
Your account has been blocked due to violation of the rules
Account activation is successful
You have successfully registered on the site BigTits
Server Report
Mail Delivery System
Mail Transaction Failed
Your IP was logged
I Love You
Happy birthday to you
Webmoney
support@wmtransfer.com
admin@wmtransfer.com
support@cyberplat.com
admin@paypal.com
support@rbkmoney.ru
support@e-gold.com
admin@easypay.com
@aol.com
@msn.com
@yahoo.com
@hotmail.com
@gmail.com
@mail.ru
@rambler.ru
@pochta.ru
@yandex.ru
andrew
sandra
claudia
robert
Alexey
Fyodor
Matvey
Nikita
Nikolai
Andrei
Alexander
Valera
Viktor
Vladimir
Ruslan
Stepan
Margarita
Larisa
Ksenia
Valentina
Nastya
Natasha
Khristina
Oksana
milashka
Tamara
mvcsv.qyy
admin@bigtits.com
I_Love_You.zip
Happy_birthday_to_you.zip
mvcsvnd.qyy
symantec
winrar
winzip
icrosoft
norman
norton
noreply
hotmail
mcafee
antivi
bitdefender
agnitum
rating
master
gold-certs
contact
support
borland
update
hosting
certific
clamwin
Software\Microsoft\WAB\WAB4\Wab File Name
tepbcl.qyy
Readme.exe
foto.pif
Fbsgjner\Zvpebfbsg\Jvaqbjf\PheeragIrefvba\Rkcybere\ihyaiby32\Irefvba
fgngrz
vqhfre
hfonpgvi
IHYanFuibyan
Flfgrz\PheeragPbagebyFrg\Freivprf\FunerqNpprff
PYFVQ\{R6SO5R20-QR35-11PS-9P87-00NN005127RQ}\VacebpFreire32
k_fbpxf5nna
user32.dll
fureinaf.qyy
pgszra.rkr
SeDebugPrivilege
virtual
vmware
SYSTEM\ControlSet001\Services\Disk\Enum
ABCDEFGHIJKLMNOPQRSTUVWXYZ
abcdefghijklmnopqrstuvwxyz
Fbsgjner\Zvpebfbsg\Jvaqbjf\PheeragIrefvba\Rkcybere\ihyaiby32\Irefvba
jvavarg.qyy
fVISta
192.168.1.2
vqhfre
tepbcl.qyy
user32.dll
ICQ 8.exe
office_crack_all.exe
Winrar 4.exe
K-Lite Codec Pack 7.exe
DivX 8.exe
ACDSee.exe
Winamp 7.exe
serials 2010.txt.exe
crack windows 7.exe
crack windows 8.exe
my_passwords.exe
Fbsgjner\Xnmnn\Genafsre
QyQve0
Fbsgjner\vZrfu\Trareny
QbjaybnqQve
pgszra.rkr
Fbsgjner\Zvpebfbsg\Jvaqbjf\PheeragIrefvba\Eha
user32.dll
3NlrN
=|CK5:Z)
vc\ar"Q.{&
zg,/5>JYkx
<e-f#hkI\%PCR]d
a$_@-&+<Y
|rkgfhmu
~cTQZo~%]k
`sJ5jb}
1D2l2z
.>tg>Q@
$$;2#9HQRK
7LPy0T*
@,|2 <]$E?
|8eH'1+o
<b"bW_k
P|+r@W
E^/kT8
cBu/JXm
DE;]\\:@
nq-w7,cd
R(hIW}Q+
&{6UJ2t$
';3n46.
AVobyLheX^}:;
6TH6}m[
W`|Hb[
+TCD}H
WtoN+I[gpz
O8pnGUK
Si&0~g)aI;
TABkG=a
e=.#2p
1XiwYH
{97zHc=0_/G
|`,U`\z7|
>6CBUh|
Z{mE`_y>za
%1w4-,]
l%hm#
/RMKfkS~
yU8B5-@
'4V)nwl
>a6RVaK8v
aZ5rOF^
VbsI{`2pfQN
a~qCg/
-fF>bf4q
~^!,8av] U^M
-$j2aZZlk
}hTx1~d
NFE_<zxIpc
5{s[R#
}|DXt@=pp;
}RuMm^m(%L?h/O^
~N6jxh>q-+H
kT>)YmJ
'60r'ch
KMtP]p,+\
bO-o/&2
sfi_c| A
5hj-V-
st.+`h1S9$
JP>qz1X%v&.A(
/{7xQ_ur
$gbx6J
-Rw.h2
+=*u_>6
E qJZH
jZ'9O,(E
(0e%/-%cE
JbLBQG>
ZMr5]oI
N)=CPds]k_l
GQF["Y
N.4H|"kE
O%!$p]h
Mp<o^XSVy
$\JoEL
9YH[+E@;&
dJ&x)_
]p$Cw>
QU,<0=w&
(I,@Z&us
~Spv_5
7zjB[7
l)f?HJ'Tk
v}&UaO
dv^%LZ#i
(GP,@:_
-WO2cr~
Sl`TAM&
RANOSYKu
h<wpD,EBC
L7Y;}"
KRQ+W-
<UXCYt
NKYGVV
-MOR2C
$p3hyTTyG28(Bqo5
.:aS1(jm
{}6|\h
-B~#@\APxG
5=kzXN
)QN&?nkJ#9
!'+7[T rt
`uz\UlC_M4+)e
A?X{ MV
jQZhwy
*PuVz%
#p=|Wmcce\`
_|Tmp\9S37
i*6e}C
BA#=2zubd
1}[#p]hFZ
).a"7*%N
8c?U:x
3x1p:rO
kTkdMj5{W0(
Hl64zIZ
lcfu"O
G5f1k2
bQ6wQG
Fgs=[\>
[l/w3C
SL<uouZ|
?U[/X +:<cI71>!J
\sDU{zZP>!
91?c@\OfJ"-*pO2k
TFh7sO
:0%dt^t
F{,mB2=c6
%.:I[p
~Y@32=Tw
F5?d!j3
ylb[WVX]ep~
nSDAJ_
%:Rm!N~ \"j
a'l-eD/&)eS}
KKNT]ix\
T|fSC6,
"'/:H
YBJByyYV
`/F5cbx
ww9k+*
;V`! B
_=?t).sUCg
BK$?._%[
c:FvW>9
Oe&G'3
DfGnVFq
g9 tHz
,mF){1
ou%MuzpS
(^bcWnQ
[gD%e[F
3Q@OA+6Q
u\(X]R5rc
vF(3l2Pg
{k^TMIHJOWbp
7o)mKDX`E63<Qr
==@FO[j|
zaTS^u
3NlrN
=|CK5:Z)
vc\ar"Q.{&
7Wz$V<}
U7[,,/5>JYkx
<e-f#hI
\%PCB]d
.Z8c&m
a$_@-&+<Y
|rkgfhmu
!Y#OfG
~cTQZo~%]
1R2l2z
Q.QrPwS
vj]YyZ
@IPt5PU!
pr9I^~?ForW#
JiR`R\j}8e`
9j)4S.(8
,an$0[VF
vOYP/yY@
E4vbE6sW
!@w*{/2
--B0ae0:j
aaF&LQTVl7T,
%T?(MQ;v
,|}L}R+
QLI:LI
hd]MiL<
#MbXHg
]M}2Io
_pN^>VnH4d,;;D[k<nuh
YfuFK"bJ^
T92>@ h* u
c?>Yi;4
v[1[Z)X~js$!%6K<
zo_? g8
*>$i*3n:
"0!Z-;5
&gm\6,
+yVq`Zzh\#VNc7
'AT,^=}4+8e"
RM%tV;s
zWRh>VpzL8YC=
0)kYo"z1$A!
ZqH*zAc`
A)NhS5
oNa;TS_fn}
>W@]J;
CypO9Kf
NAWfncX
CuTB<e
eJk/cU-
>,ddN8
pUl[:G$g8nkM
PrYSG@R
&6%wbp
_"/?04Bu;'Hqw&K
G-_fq
=Tx;za/
+# =/E1
(ufSDSP)-iO$a
Ql8!|=V4I!nMiJ!}Z<
Z:nqj4?.fP
36A9TVl
bIQ_w
M!W>MO
CXh=IC
jsNI-3
{)hFLc
U>g)FNko5lGg8A
kcDWUY@gO5P
#.<Max
rS@9>Ol.i
Z/|u*P
d#:Ibw
6_3z"{,Q
vfYOHDCEJR]k|!Gp2j$hF?S
[@1.7Lm
2Es3Q
%@g88;AJVew"Is
u\ONYp
sX)=nW
d%Yf8W:
Gkr"---
%s, %d %s %d %d:%d:%d GMT
HELO %s
MAIL FROM: <%s>
RCPT TO: <%s>
FROM: <%s>
TO: <%s>
Date: %s
MIME-Version: 1.0
Subject: %s
X-Mailer: Microsoft Outlook Express 6.00.2800.1106
Content-type: Multipart/Mixed; boundary=xContext
--xContext
Content-type: text/plain; charset=Windows-1251
Content-type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 8bit
Content-type: Application/Octet-stream; name="%s"; type:unknown
Content-Disposition: attachment; filename="%s"
Content-Transfer-Encoding: base64
--xContext--
nhgbeha.vas
fngbeanf.qyy
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; Maxthon)
Mozilla/5.0 (Windows; U; Windows NT 5.1; ru-RU; rv:1.9.1.4) Gecko/20091016 Firefox/3.5.4 (.NET CLR 3.5.30729)
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; .NET CLR 1.1.4322)
Opera/9.64 (Windows NT 5.1; U; ru) Presto/2.1.1
Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727; InfoPath.1)
Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)
GET %s HTTP/1.1
Connection: Keep-Alive
User-Agent: %s
Host: %s
Accept: */*
urlmon.dll
URLDownloadToFileA
donzx.dll
spamon
Fbsgjner\Zvpebfbsg\Jvaqbjf\PheeragIrefvba\Rkcybere\ihyaiby32\Irefvba
fgngrz
down_file
restart
fzaff.rkr
pgszra.rkr
timeout
socksa
flash_on
hfonpgvi
flash_off
p515p225982son69p76q604qp7s97975
2317q129n58non7o3148por15qs741r3
command
jHqA}
kdzbeO\
iLA`rqg
@l2u\E
a=-fAv
\cQkkbal
eLXaMQ:t
jiCn4Fg
c;d>jm
i]Wbgeq6l
8ROggW
A`Ugn1yiFa
fo%6hRw
[&wowG
eibkaEl
`MGiIwn>Jj
)WTg#.zfJa
h]+o*7
-LIBGCCW32-EH-2-SJLJ-GTHR-MINGW32
w32_sharedptr->size == sizeof(W32_EH_SHARED)
%s:%u: failed assertion `%s'
../../gcc/gcc/config/i386/w32-shared-ptr.c
GetAtomNameA (atom, s, sizeof(s)) != 0
N10__cxxabiv117__class_type_infoE
N10__cxxabiv120__si_class_type_infoE
N10__cxxabiv121__vmi_class_type_infoE
St10bad_typeid
St13bad_exception
St8bad_cast
St9bad_alloc
St9exception
St9type_info
AddAtomA
CloseHandle
CopyFileA
CreateFileA
CreateFileMappingA
CreateMutexA
CreateProcessA
CreateSemaphoreA
CreateThread
CreateToolhelp32Snapshot
DeleteFileA
ExitProcess
FindAtomA
FindClose
FindFirstFileA
FindNextFileA
FreeLibrary
GetAtomNameA
GetCurrentProcess
GetCurrentProcessId
GetDriveTypeA
GetFileSize
GetFileTime
GetLastError
GetLocalTime
GetModuleFileNameA
GetModuleHandleA
GetProcAddress
GetProcessHeap
GetSystemDirectoryA
GetSystemTime
GetTickCount
GetVersionExA
GlobalAlloc
GlobalFree
HeapAlloc
HeapFree
HeapReAlloc
InterlockedDecrement
InterlockedIncrement
IsBadReadPtr
IsDebuggerPresent
LoadLibraryA
MapViewOfFile
OpenProcess
Process32First
Process32Next
ReadFile
ReleaseSemaphore
SetErrorMode
SetFilePointer
SetFileTime
SetLastError
SetUnhandledExceptionFilter
TerminateProcess
TerminateThread
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
UnmapViewOfFile
WaitForSingleObject
WriteFile
lstrcatA
lstrcmpA
lstrcpyA
lstrcpynA
lstrlenA
AdjustTokenPrivileges
CryptAcquireContextA
CryptCreateHash
CryptDestroyHash
CryptGetHashParam
CryptHashData
CryptReleaseContext
LookupPrivilegeValueA
OpenProcessToken
RegCloseKey
RegCreateKeyExA
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA
DnsQuery_A
__getmainargs
__p__environ
__p__fmode
__set_app_type
_cexit
_onexit
_setmode
atexit
fclose
fflush
fprintf
malloc
memcpy
memmove
memset
realloc
rewind
signal
sprintf
sscanf
strcat
strchr
strcmp
strcpy
strstr
strtok
CharLowerA
wsprintfA
InternetGetConnectedState
WSAConnect
WSASocketA
WSAStartup
closesocket
connect
gethostbyname
gethostname
inet_addr
inet_ntoa
sendto
setsockopt
socket
P`.data
`.rdata
`@.bss
`.idata
0.rsrc
_@cEO@
U>g)FNko5lGg8A
cDWUlgO[
#.<Max
+IjM<o
rS@9>Ol.i
/'~zy{
Z/|u*P
{2ig0#:Ibw}
6_3z-"{,Q
YOHDCEJR]k|
Gp2j$hF?S[@1.7,m
2Es3Q
%@g;AJVew"Is
u\ONYp
d%Yf8W:
JaFeb<
ND%los, %d
CAIL FROM: <
RCPT TO
l:KIME--V9i
!Q4 Outlook Ex[
-typnMtip
A/Ex);m
y=x(-+4wxt5
/Min;E=
=We+-1251w3d_ISO-:59-1/)YT-Esa6<8bi
^seami[e="5l"
zn1f"{
bvba64&@
ek5JK:
EeYFGHIJKYeYLMNOPeYeQRSTUeYVWXYZnh]hQQ.v
([kXp$bMq
SV1)7`^th;5-%
U1ru-RQ
rv:9.1.4) GD-
Iox/3.L4.NE:CLR
30729mUX2~MFM1{322LO72I6msMuPht41'
d(8:iX
ImRPZh$)Br7
r510)(
gG,\TGr5
*/**urlm2j;>URLDpUadTo U
*a@:frM
Ubk@v5p
82>n69p76q604q
5#2317q129n
48vo8qs741r3
-LIBGCCWEF
SJLJ-GTHR
_ze ==
(:_2__SHARED)u
g/i386/`we--f.c
KlAm]Am
,t,ws$m)!0g_
d43td@
__cxxav|uK7
B"ra?1vm@ElrSt=d,Rg
9S4do`g?9*
cg0Cl]
i$<P^p]iS4M
4M4&6R`n4Mzs4M
,<Rfixsi
i*BRfvi4
44M<PbnxM4M
,:iiLV^hti|ili
*4M4M<FPZdn@6x
4M4&.:FNc
MV`nod22L&&dd2LL&d2L&d22L&&dd2LL&d2L&d22L&&dd2LL&d2L&d2U
AddDQAtomADeH
Mzm'+Q
Sem/horCTh
ool:32S|
n(s)txDeleE
%heLib
Curnb
yp6[SmO
TimLaEf@
Ma,odul
xrQlaH/p
DecA,`
ckCT;T
K+4bA`
INH3lm.D{m%
InsBR=DnPtr
UViewOf
Unh\ 8dE<,
WaiS`3n
fKre<[^
mppyZKn
Pcqu]L
KgKey{f
m6__w@ngs
%0ab5s
fcffKf}
3Zk4H_
?scs(v<c
pystZmkA,f
,CKrwhwmumA'HD
.wSt&#3TWk,SA
Au0FIs
'@).r(J{lU'V
XPTPSWXaD$j
wwwwwwwwwwpp
KERNEL32.DLL
ADVAPI32.DLL
DNSAPI.DLL
msvcrt.dll
USER32.dll
WININET.DLL
WS2_32.DLL
LoadLibraryA
GetProcAddress
VirtualProtect
VirtualAlloc
VirtualFree
ExitProcess
RegCloseKey
DnsQuery_A
wsprintfA
InternetGetConnectedState
6f9e1ac0dd1375d2f3a96
@@@@@@@
@@@@@@@
@@@@@@@@@@@
@@@@@@@@@@@@@@@@@@@
@@@@@@@@@@@@@@@@@@@@@@
@@@@@@@@
@@@@@@@@@
@@@@@@@

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 53179 224.0.0.252 5355
192.168.56.101 49642 224.0.0.252 5355
192.168.56.101 137 192.168.56.255 137
192.168.56.101 61714 114.114.114.114 53
192.168.56.101 61714 8.8.8.8 53
192.168.56.101 56933 8.8.8.8 53
192.168.56.101 138 192.168.56.255 138
192.168.56.101 58485 114.114.114.114 53
192.168.56.101 58485 8.8.8.8 53

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.