1.4
低危
DACN
0.12
FACILE
1.00
IMCLNet
0.61
MFGraph
0.00
反病毒引擎
| 查杀引擎 | 查杀结果 | 查杀时间 | 查杀版本 |
|---|---|---|---|
| Alibaba | None | 20190527 | 0.3.0.5 |
| Avast | Win32:Malware-gen | 20190924 | 18.4.3895.0 |
| Baidu | None | 20190318 | 1.0.0.2 |
| CrowdStrike | win/malicious_confidence_100% (D) | 20190702 | 1.0 |
| Kingsoft | None | 20190924 | 2013.8.14.323 |
| McAfee | GenericRXBS-GQ!B1B685088520 | 20190924 | 6.0.6.653 |
| Tencent | None | 20190924 | 1.0.0.1 |
静态指标
文件包含未知的 PE 资源名称,可能指示打包器
(1 个事件)
| resource name | None |
动态指标
在 PE 资源中识别到外语
(4 个事件)
| name | RT_BITMAP | language | LANG_CHINESE | filetype | None | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | offset | 0x0000b290 | size | 0x000004e8 | ||||||||||||||||||
| name | RT_STRING | language | LANG_CHINESE | filetype | None | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | offset | 0x0000bae8 | size | 0x0000003e | ||||||||||||||||||
| name | RT_VERSION | language | LANG_CHINESE | filetype | None | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | offset | 0x0000ae58 | size | 0x00000390 | ||||||||||||||||||
| name | None | language | LANG_CHINESE | filetype | None | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | offset | 0x0000b1e8 | size | 0x000000a4 | ||||||||||||||||||
该二进制文件可能包含加密或压缩数据,表明使用了打包工具
(2 个事件)
| section | {'name': '.data', 'virtual_address': '0x00005000', 'virtual_size': '0x00004490', 'size_of_data': '0x00004000', 'entropy': 7.4536493226082845} | entropy | 7.4536493226082845 | description | 发现高熵的节 | |||||||||
| entropy | 0.4 | description | 此PE文件的整体熵值较高 | |||||||||||
网络通信
与未执行 DNS 查询的主机进行通信
(2 个事件)
| host | 114.114.114.114 | |||
| host | 8.8.8.8 | |||
文件已被 VirusTotal 上 50 个反病毒引擎识别为恶意
(50 个事件)
| ALYac | Trojan.GenericKD.41624641 |
| APEX | Malicious |
| AVG | Win32:Malware-gen |
| Acronis | suspicious |
| Ad-Aware | Trojan.GenericKD.41624641 |
| AhnLab-V3 | Trojan/Win32.Magania.C1982352 |
| Antiy-AVL | Trojan[GameThief]/Win32.Magania |
| Arcabit | Trojan.Generic.D27B2441 |
| Avast | Win32:Malware-gen |
| Avira | TR/Crypt.XPACK.Gen7 |
| BitDefender | Trojan.GenericKD.41624641 |
| CAT-QuickHeal | Trojan.Mauvaise.SL1 |
| ClamAV | Win.Malware.Magania-7170120-0 |
| Comodo | TrojWare.Win32.ServStart.CB@7486ss |
| CrowdStrike | win/malicious_confidence_100% (D) |
| Cybereason | malicious.88520f |
| Cylance | Unsafe |
| DrWeb | Trojan.DownLoader24.63361 |
| ESET-NOD32 | a variant of Win32/ServStart.OP |
| Emsisoft | Trojan.GenericKD.41624641 (B) |
| Endgame | malicious (high confidence) |
| F-Secure | Trojan.TR/Crypt.XPACK.Gen7 |
| FireEye | Generic.mg.b1b685088520fc7d |
| Fortinet | W32/GenKryptik.AWIY!tr |
| GData | Trojan.GenericKD.41624641 |
| Ikarus | Backdoor.Win32.Inject |
| Invincea | heuristic |
| Jiangmin | Trojan.Generic.azxao |
| K7AntiVirus | Trojan ( 004b13931 ) |
| Kaspersky | Trojan-GameThief.Win32.Magania.uhbd |
| MAX | malware (ai score=85) |
| McAfee | GenericRXBS-GQ!B1B685088520 |
| McAfee-GW-Edition | BehavesLike.Win32.Upatre.pm |
| MicroWorld-eScan | Trojan.GenericKD.41624641 |
| Microsoft | DDoS:Win32/Nitol.A |
| NANO-Antivirus | Trojan.Win32.Magania.epgxys |
| Panda | Trj/GdSda.A |
| Qihoo-360 | HEUR/QVM07.1.1ADB.Malware.Gen |
| Rising | Downloader.Unruy!8.D8 (TFE:5:FGdIfFpxOuK) |
| SentinelOne | DFI - Malicious PE |
| Sophos | Troj/Agent-BCHT |
| Symantec | ML.Attribute.HighConfidence |
| Trapmine | malicious.high.ml.score |
| TrendMicro | DDOS_NITOL_GF090004.UVPM |
| TrendMicro-HouseCall | DDOS_NITOL_GF090004.UVPM |
| VBA32 | TrojanPSW.Magania |
| VIPRE | Trojan.Win32.Generic!BT |
| Yandex | Trojan.PWS.Magania!gzfKMOUjrlM |
| Zillya | Trojan.Magania.Win32.71162 |
| ZoneAlarm | Trojan-GameThief.Win32.Magania.uhbd |
二进制图像
288x288
224x224
192x192
160x160
128x128
96x96
64x64
32x32
运行截图
暂无运行截图
该样本运行过程中未生成截图
PE Compile Time
2017-05-28 23:44:20
PE Imphash
0ad3c30e73e0724c04077c22b2880816
Sections
| Name | Virtual Address | Virtual Size | Size of Raw Data | Entropy |
|---|---|---|---|---|
| .text | 0x00001000 | 0x000022b2 | 0x00003000 | 4.925838711581243 |
| .rdata | 0x00004000 | 0x00000f03 | 0x00001000 | 4.621579659970617 |
| .data | 0x00005000 | 0x00004490 | 0x00004000 | 7.4536493226082845 |
| .rsrc | 0x0000a000 | 0x00001b28 | 0x00002000 | 3.093495463060675 |
Resources
| Name | Offset | Size | Language | Sub-language | File type |
|---|---|---|---|---|---|
| RT_BITMAP | 0x0000b290 | 0x000004e8 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | None |
| RT_DIALOG | 0x0000b9d8 | 0x0000007c | LANG_ENGLISH | SUBLANG_ENGLISH_US | None |
| RT_DIALOG | 0x0000b9d8 | 0x0000007c | LANG_ENGLISH | SUBLANG_ENGLISH_US | None |
| RT_DIALOG | 0x0000b9d8 | 0x0000007c | LANG_ENGLISH | SUBLANG_ENGLISH_US | None |
| RT_DIALOG | 0x0000b9d8 | 0x0000007c | LANG_ENGLISH | SUBLANG_ENGLISH_US | None |
| RT_DIALOG | 0x0000b9d8 | 0x0000007c | LANG_ENGLISH | SUBLANG_ENGLISH_US | None |
| RT_DIALOG | 0x0000b9d8 | 0x0000007c | LANG_ENGLISH | SUBLANG_ENGLISH_US | None |
| RT_DIALOG | 0x0000b9d8 | 0x0000007c | LANG_ENGLISH | SUBLANG_ENGLISH_US | None |
| RT_DIALOG | 0x0000b9d8 | 0x0000007c | LANG_ENGLISH | SUBLANG_ENGLISH_US | None |
| RT_DIALOG | 0x0000b9d8 | 0x0000007c | LANG_ENGLISH | SUBLANG_ENGLISH_US | None |
| RT_DIALOG | 0x0000b9d8 | 0x0000007c | LANG_ENGLISH | SUBLANG_ENGLISH_US | None |
| RT_STRING | 0x0000bae8 | 0x0000003e | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | None |
| RT_VERSION | 0x0000ae58 | 0x00000390 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | None |
| None | 0x0000b1e8 | 0x000000a4 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | None |
Imports
Library MFC42.DLL:
• 0x404030 None
• 0x404034 None
• 0x404038 None
• 0x40403c None
• 0x404040 None
• 0x404044 None
• 0x404048 None
• 0x40404c None
• 0x404050 None
• 0x404054 None
• 0x404058 None
• 0x40405c None
• 0x404060 None
• 0x404064 None
• 0x404068 None
• 0x40406c None
• 0x404070 None
• 0x404074 None
• 0x404078 None
• 0x40407c None
• 0x404080 None
• 0x404084 None
• 0x404088 None
• 0x40408c None
• 0x404090 None
• 0x404094 None
• 0x404098 None
• 0x40409c None
• 0x4040a0 None
• 0x4040a4 None
• 0x4040a8 None
• 0x4040ac None
• 0x4040b0 None
• 0x4040b4 None
• 0x4040b8 None
• 0x4040bc None
• 0x4040c0 None
• 0x4040c4 None
• 0x4040c8 None
• 0x4040cc None
• 0x4040d0 None
• 0x4040d4 None
• 0x4040d8 None
• 0x4040dc None
• 0x4040e0 None
• 0x4040e4 None
• 0x4040e8 None
• 0x4040ec None
• 0x4040f0 None
• 0x4040f4 None
• 0x4040f8 None
• 0x4040fc None
• 0x404100 None
• 0x404104 None
• 0x404108 None
• 0x40410c None
• 0x404110 None
• 0x404114 None
• 0x404118 None
• 0x40411c None
• 0x404120 None
• 0x404124 None
• 0x404128 None
• 0x40412c None
• 0x404130 None
• 0x404134 None
• 0x404138 None
• 0x40413c None
• 0x404140 None
• 0x404144 None
• 0x404148 None
• 0x40414c None
• 0x404150 None
• 0x404154 None
• 0x404158 None
• 0x40415c None
• 0x404160 None
• 0x404164 None
• 0x404168 None
• 0x40416c None
• 0x404170 None
• 0x404174 None
• 0x404178 None
• 0x40417c None
• 0x404180 None
• 0x404184 None
• 0x404188 None
• 0x40418c None
• 0x404190 None
• 0x404194 None
• 0x404198 None
• 0x40419c None
• 0x4041a0 None
• 0x4041a4 None
• 0x4041a8 None
• 0x4041ac None
• 0x4041b0 None
• 0x4041b4 None
• 0x4041b8 None
• 0x4041bc None
• 0x4041c0 None
Library MSVCRT.dll:
• 0x4041c8 _initterm
• 0x4041cc __setusermatherr
• 0x4041d0 _adjust_fdiv
• 0x4041d4 __p__commode
• 0x4041d8 __p__fmode
• 0x4041dc __set_app_type
• 0x4041e0 _except_handler3
• 0x4041e4 _controlfp
• 0x4041e8 __getmainargs
• 0x4041ec _acmdln
• 0x4041f0 _XcptFilter
• 0x4041f4 _exit
• 0x4041f8 ??1type_info@@UAE@XZ
• 0x4041fc _onexit
• 0x404200 __dllonexit
• 0x404204 free
• 0x404208 realloc
• 0x40420c _CxxThrowException
• 0x404210 printf
• 0x404214 fopen
• 0x404218 fclose
• 0x40421c exit
• 0x404220 __CxxFrameHandler
• 0x404224 _stricmp
Library KERNEL32.dll:
• 0x404000 Sleep
• 0x404004 GetModuleFileNameA
• 0x404008 GetProcAddress
• 0x40400c LoadLibraryA
• 0x404010 VirtualAlloc
• 0x404014 VirtualProtect
• 0x404018 VirtualFree
• 0x40401c IsBadReadPtr
• 0x404020 FreeLibrary
• 0x404024 GetModuleHandleA
• 0x404028 GetStartupInfoA
Library USER32.dll:
• 0x40422c LoadIconA
• 0x404230 SetTimer
• 0x404234 SendMessageA
• 0x404238 AppendMenuA
• 0x40423c GetSystemMenu
• 0x404240 DrawIcon
• 0x404244 GetClientRect
• 0x404248 GetSystemMetrics
• 0x40424c IsIconic
• 0x404250 wsprintfA
• 0x404254 EnableWindow
Exports
| Ordinal | Address | Name |
|---|---|---|
| 1 | 0x401c70 | Musalut |
L!This program cannot be run in DOS mode.
MvMvMv6jLvyIvjLv"iLv"iFv"iOv{POvMvviKvpLviIvRichMv
`.rdata
@.data
VPjft$
F =4B@
SWVL$
SUVL$<Wuw
l$ D$$
T$@P|$<D
D$@Q|$<L
L$@R|$<T
T$@P|$<D
D$@Q|$<L
L$@R|$<T
T$@P|$<D
D$@Q|$<L
L$@R|$<T
T$@P|$<D
L$,_^]d
UIWWL$
V33~4S\$
A;|_][^
SVWEehG@
EMEaEiEnE
r8~cCj
CL$ D$
b_^][Y
vVUVW<
F_^]3[Y_^][Y_^]
4Vt$HL$$VD$D
L$$RD$D
T$PrVRT$,PQL$4RdD$
L$PD$@.
YH% B@
hSVWe3
EEP5t@
EPEPEP
0u>"u:Fu
<"u>"u
> vFuj
YY3%A@
ddt F@
MBM`xF@
MRMMMM`H@
MFC42.DLL
__CxxFrameHandler
fclose
printf
_CxxThrowException
realloc
__dllonexit
_onexit
MSVCRT.dll
??1type_info@@UAE@XZ
_XcptFilter
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
_controlfp
GetModuleFileNameA
GetProcAddress
LoadLibraryA
VirtualAlloc
VirtualProtect
VirtualFree
IsBadReadPtr
FreeLibrary
GetModuleHandleA
GetStartupInfoA
KERNEL32.dll
EnableWindow
LoadIconA
SetTimer
SendMessageA
AppendMenuA
GetSystemMenu
DrawIcon
GetClientRect
GetSystemMetrics
IsIconic
wsprintfA
USER32.dll
_stricmp
MDat.dll
Musalut
h13BF2710B31BF2310B
2310BF2310BF2310BF2310BF2310BF2310B231>]<39g2}c
24]TCQ/fQR_^-2
<=Hb2310BF2
"[do!X
"_do!7
"4{k!Z
G"Tdo!X
"Zdo!aXS*-
"0BF2310BF2310BF2ct0B
lk310BF231BH
806BFr310RF230B
310F230BF23!0RF2330BB2310BF2710BF2310F23!0BF2312BF231 BF"310BV23!0BF231 BF20B
2310F200BF2310BF2310BF2310BF2310BF31<BF2310BF2310BF2310BF2310BF2310BF2310BF2310BF2310BF2310BF2310BF2310BF2310BF2310BF231e
310BF310RF2310BF6310BF2310BF231BFfahsF2310
F230BF
310FF2310BF2310BF2s10
0BF23!0BF310FF23
0BF2310BF2310B
230BF2310BF2310BF2310BF2310BF2310BF2310BF2310BF2310BF2310BF2310BF2310BF2310BF2310BF2310BF2310BF2310BF2310BF2310BF2310BF2310BF2310BF2310BF2310BF2310BF2310BF2310BF2310BF2310BF2310BF2310BF2310BF2310BF2310BF2310BF2310BF2310BF2310BF2310BF2310BF2310BF2310BF2310BF2310BF2310BF2310BF2310BF2310BF2310BF2310BF2310BF2310BF2310BF2310BF2310BF2310BF2310BF2310BF2310BF2310BF2310BF2310BF2310BF2310BF2310BF2310BF23
pv2fahcJ;18
\|31mF23A0B`33
AF2`df
3f4t0q}<D1c
E 8)XA)<-?
R#@E57
~;D90sC3=
fyS|xN
-!|g')%
Bcaa{PZ
E$N5`<Js\
i6 ;H<\
bjeAQb[
_rXO}fkwlDD2P4<jX4
RXT2SN"]VfV
S0&Gx^
bywC*[N)FN\:QX\gbdq
:]F&g_
9_l-W{
Iy=G4Z^;M$
G8gC|1
3<20&j
GG]GV}
,3cbYfJ--
adONcf
D5Q:^u
]P>%JI
}ehG13
-/v85[8M#c
80!Htuc8nU~
4bs!+356~{&
Fw<IzJ
2! N^{kF
EW&:0dm$
7HBE a]NYF
bZF."C>
3ugJ:H]!o!
<,Kmr.lr
/%= G~
U29{yE
Y\l&y7wRq
VE;c2N|Du$}
aX_xx9ej
<z|+K9
6AefcD{.}7o
7\tVLeb
3GhksZM ]N=c%E JU
i=u%Cw=_SpN*|
S%?"7u
?aU=acRP>
2B#3e
ZH?;Y \
(aMUcL/}
?MgGh '
m:kfXc
Y1(D/+
:\t%1>~
)v=Z,:[w
3{uRo&
Ku2?=Z0
W(75}d_
[qbC?7
\,\F\]
J+;nu.
gmtB,$&]17
gBbh:w
?acB4
(GjsO>)PbReD5]3\G6Y
-CM wm,vq>04
>fG7>])
CR*W66
+.rZiKE.>9
>:6EA@Ell^\-\$D
?'U\tg.
KOb#5o
@Ji%g7XK41!
/V_+7i_';
Z7if\bA@!Bj.e
(z]jtz
317IY{M`
gh*YiW
,C41f0jM
28'Of.,b;J9`|;aWI. #Cs
2O)7w|
ah7fBEv}
pBjFBW(^*D]<
*VB^xi
0!X!@w
QtDd7>{
{EuZEO
6t(Uai*4c3
QcI9(CD
%`bEBQ9\vMNsD
:?k4;J ["
'7~EOn
Rl*IkztY
\rg~Pci
>:(o'k
[&%g\&9sQ,+
B]d* rI*]
m1HP{f
1QfVCE
f\c>#R9m
qc`Tev
G=]pvA[< XIc5
:r}fNh
14WBl;"4P%Tm)aut
FVuofz
w;Sj4e
*H_~@FYgSO$a&W:o>T]
L63^]3)D8(
D?7^_l/[
Ua5xiO/Uz
tV+T~|~
jcr#f]d
GggY)j h
QM#]PP
jWGU+ Qn!Z@X;[_!#h
B9%a'-
}PB}Ot7%
QWq6g!8
1F#<_`OZ8q1
6G*:69
%1>$B
V;H0vK1
Eid-=+B'
oc&exfD`W13FD&PC7E&p"MEi*
Gz2U6(pM
6dbR+r
Vq_"v<ai7Ab>Ky!Fw4
}>P$z<N03%pu@
*M7BYU|LJ=B6A
S{`xvl
F4\7Mb.
M7joNF:uSi:
nRd2gHF653&B;2WC
eu2E4/
-/n}BN2D#
CLVN@\_%]h
8?w9n"
A6{W<N'P"dgZp-V]#G
#=Q)$X
V!'%Po&]Zf+u+YY8_5
-.yvf\
p\YUFj=TyrFk]o$4j
R!v`\$pY
Z_2W=d;{
.NimQ\
6/wXH\'3#b
;a$Wc&
.!X)LIa8
^>3*P0
7(L.l|
TKzM3O1abb
?U"'OM
lVg7lFq
*b3Kn0f'"EMe
%]\w2sP26fD
\0AU)e]X)*.r+d<
-{ .>
s>~R/@a
:tMMN'N7)
s*R*R[
<u,^ybay'
c>y{F$E/)
2@2U?R:;
n<qmSw*;
8MKF5aL?)N,C0
c2s~@j
~3NArP
)<6\*|1]2?6
l/jl;4
TL^5/$
@ 6M5:
~'aR_.tebd2
Y^S36$B
X[( W4@YwG
_;-m5uX71Ym
0CkF%g
;U@V}|&
KMpSVO
x<2i*g}
GppcEy>GN9NS90B3S7
?P4K2O
cOcR =69L7zGJX
SK9~W_W
&E@;n?
mWa(ZJ@G$b\N
R9n#t)W+
.fa)LLJB
upEhb2
R>19Eey;U)aow]c!]~
O/*;`#R.'
?:/elhX~WH_B]i
}O}ElS
|aa@^)%
`P]<(*!
j2|aEf
U <sVrf:oP
"&~vEy!I
C=>6sx|+0# w)y26p
rDvcZ\
`g`- 1FO-hBY2Z&fe
qf\)~~
buRb!6Tf
aN'vI3:Y4v
s"Z&/y
6!o.8nR
_u/:q`"
%.MLcy&8
C>TW0)5uY]+w`)z&
J)Phx<@
-f",R5,
n8S0ggeJ@?%
DS]7a5 7
XeBJTeLl9
:jL5D\^
DRJI#[_P
'6WDZA
5DGG@SF3-qU7
S6eMuF&07VR9kK$
nFgz)e-
~2b)~mA4
Dq!=Hj
ad~4[T>=y O
.:'r
W1A\]J ARW^}4
<-58nH
iIr7oB01ybF:
84?t2x
4Fb1AG9O&`=R,P `EK*2U
{Avc=)*U+2q*)S;[K*
J4bB.|
! 5B@|N
Kx!L`3
ODla7Q
F|S*QDFlM27F
hr$fz
heI.eb
=Sev"bb
p0v1-sLG(3e`69x pde
nqKbpE
9~QwBp94u't8:
@OT?.%!in\,.afW
l{5R0fc wgx
>@c:=&fg
j-j'-@B&Sg
cm0cx2
P6`M]GR!0R:
oCBsAA
:DIeO9HNu03O
5EN )Fn
Jrq40` '1
7=aS"<
zIwxpb
W]EBP\
4]PTC1)@o1e@
kiPR!"WUVX+,Y_\^-6CAaMFGG:?H
d'8@FKs.
1ED R#/VF S-Z]l|A%6
TH'9NI|E1'^FEi-tTD
/QXr_7=T
Z\UR;(S^T/c
[AJ?WPE(;
2_>B!'Fr
;/AI*X\CBc1
e`pc6'@A;nER\
#+,&9m_pC3eyvc~
W]\itm>5
iOsP<h-
&eD]LBo
}-<[mP wxY
\]9kg`7B!3
-Od)mt
,U^HmlX<[r 3
=(^-/4<r
LkQ"\1V38/x
GrZCP *WUU
fT-QG=
f"-IqOk!sov
IR+2B#[D[3V;2J.C]AP6m5Z
FQ44$>-Gl
]])2$ilB1G/
@k~R_W7WIY^U'%
VrV'%)pl
#OmFnS7W&c2sSt$c9sw'#D(&e2as~ab[m
wKXDJQj
IWP9w'RsO"VA)|-'V
XR0',=[fV\@
aQ,"^EcUG'<~D?m&W<
*^K0jb,
#@lX
~R(`#5
@VTmCm
#u,07)\=f
/SQ 'q6V(Di`dY
<;rShrE
,Tf[Tt*h:~
WUP|6+
]*2V@Hv
x^$)<<)._^R#*
qw@GGSvqB0AzV
d!UxB<
MlApo%H
"YH/$Pw)pK
(^PkM{
qxTINd0T
gp!YVb1'B&B{xV
GX&0?7V&
K\i0#TnhNm[L6
@R\Y504R
0Wy*!
sr'{'r
G]<KD 7
1?9DQY CUM&31 z1
Nd>(=!
9.c\9=
1/G[^&7'Qw48:8HN44
44$DO.)?)IK?
G?>J@?
99: IA
.ayv_De:?<6NM2):>ZN"T
/7U~m5
C870We 5M
GNU)\C
^?N;5;5M;7!D0NQ5+=A=, 6
\!8h`":"LC2],@8&
:98GJ7
=;YuIM1K
]H4:u&WF! g
|>=pcwp_|HYqS 9=
V&^Z@4
t%?+!YHE\<??
`+"Sd@
; Fw<7
h .1>
(A&834
7N$V3y,
!7D4]/ArTL
310F2s30N
210"21 2
7vAu2EE,S@
1BF22EE,S#01G:."Cw30K9D
D62EE,S#07A-
3D7X!W2C3;/#B00
@776453|m231E
0E5n4$;R
30B5:D
m7rF311
931Au;DJ6?Aucv
d319252BP
Au:D`zD 11V0E
?"U70QA0BF2310BF2310BF2310BF2310BF2310BF2310BF2310BF2310BF2310BF2310BF2310BF2310BF2310BF2310BF2310BF2310BF2310BF2310BF2310BF2310BF2310BF2310BF2310BF2310BF2310BF2310BF2310BF2310BF2310BF2310BF2310BF2310BF2310BF2310BF2310BF2310BF2310BF2310B31F2310BF2310BF260B310BF2310BF231"F20BF2310BF2310BY31F2310BF2310BF2
0B310BF2310BF231
F20BF2310BF2310B
F2310BF2310BF2~0B310BF2310BF2310BF2310B
31VF2310B0310BF20BF231F2310B310BF20BF231F2310BR230BF2xtb
l"^_1Y2.^CP@+hV_]0
dpcdl"^_1c
l"^_1c
erayl"^_1e
&*^3fcp
T.*231|-'V
XR0'@Jp0B
WGaB-%sWUB'5A31b'!}CT^
#Kr10B
'P_T0B2[^T0B
>WPDD'
WJp0B1ACCY,2Tr10BF2
F2210BG2311BF20B31F2A
0B310B
&*^3|Q+(230BJ231}F2310BF2310BF2310BF2310BF2310BF2310BF2310BF2310BF2310BF2310BF2310BF2310BF2310BF2310BF2310BF2310BF2310BF2310BF2310BF2310BF2310BF2310BF2310BF2310BF2310BF2310BF2310BF2310BF2310BF2310BF2310BF2310BF2310BF2310BF2310BF2310BF2310BF2310BF2310BF2310BF2310BF2310BF2310BF2310BF2310BF2310BF2310BF2310BF2310BF2310BF2310BF2310BF2310BF2310BF2310BF2310BF2310BF2310BF2310BF2310BF2310BF2310BF2310BF2310BF2310BF2310BF2310BF2310BF2310BF2310BF2310BF2310BF2310BF2310BF2310BF2310BF2310BF2310BF2310BF2310BF2310BF2310BF2310BF2313d3d3R3m1h3c0eQJERYQFxRD
Sertiew
Microsoft .Net Framewormk COMh+ Suppomt
Microsoft .NET COM+ Integration with SOAP
E2310BF
KERNEL32.dll
GetProcessHeap
HeapFree
HeapAlloc
.?AVtype_info@@
[esQ:gRKbV
S_MR|~e:
6w9Qu2dQjR6w9Qu2dQjR6w9Qu2dQjR6w9Qu2dQjR6w9Qu2dQjRyC2uWXSopxyC2uWXSopxyC2uWXSopxyC2uWXSopxyC2uWXSopxTuwC5GgV8
TuwC5GgV8
TuwC5GgV8
TuwC5GgV8
TuwC5GgV8
cUGSmtjZR5cUGSmtjZR5cUGSmtjZR5cUGSmtjZR5cUGSmtjZR5KwMPpZ2N8pNmzXuFvf
NmzXuFvf
NmzXuFvf
NmzXuFvf
hrPn4gUOg1hrPn4gUOg1hrPn4gUOg1hrPn4gUOg1hrPn4gUOg1iIHM9ZnbP9iIHM9ZnbP9iIHM9ZnbP9iIHM9ZnbP9iIHM9ZnbP9dfLVfZLyz
h2x72uYyIph2x72uYyIph2x72uYyIpks6isFkk6fO83xC4UOtcO83xC4UOtcO83xC4UOtcO83xC4UOtcO83xC4UOtc3a1EJrq2zJ6wdpf3pJf
6wdpf3pJf
6wdpf3pJf
9Jmx2WF86Vc6cywVvsa
c6cywVvsa
c6cywVvsa
c6cywVvsa
c6cywVvsa
J06sGO7sQ3J06sGO7sQ3J06sGO7sQ3J06sGO7sQ3J06sGO7sQ3IsJyK9TMbbIsJyK9TMbbIsJyK9TMbbIsJyK9TMbbIsJyK9TMbbdF5IUQk8Rph5huqlwvleh5huqlwvleh5huqlwvlekSKVD69iZUSujk5WMO2TSujk5WMO2TSujk5WMO2TSujk5WMO2TSujk5WMO2TXbOLqWU1QlaRWSCrhnkbaRWSCrhnkbaRWSCrhnkbaRWSCrhnkbfogLRCbl43fogLRCbl43fogLRCbl43fogLRCbl43fogLRCbl4340jdqNVpkC40jdqNVpkC40jdqNVpkC40jdqNVpkC40jdqNVpkCzM5codk7RVzM5codk7RVzM5codk7RVzM5codk7RVzM5codk7RVqP064Wxe8wqP064Wxe8wqP064Wxe8wqP064Wxe8wqP064Wxe8w8l0fltdG
8l0fltdG
8l0fltdG
8l0fltdG
8l0fltdG
rCghk1Tu8
rCghk1Tu8
rCghk1Tu8
rCghk1Tu8
rCghk1Tu8
1g5oxv1YtG1g5oxv1YtG1g5oxv1YtG1g5oxv1YtG1g5oxv1YtG45d92TW5PI45d92TW5PI45d92TW5PI45d92TW5PI45d92TW5PIFsGiMgU9QRFsGiMgU9QRFsGiMgU9QRFsGiMgU9QRFsGiMgU9QRZ1OnKstb45Z1OnKstb45Z1OnKstb45Z1OnKstb45Z1OnKstb45HiNDjITUEKHiNDjITUEKHiNDjITUEKHiNDjITUEKHiNDjITUEKcsyxnw7XH
csyxnw7XH
csyxnw7XH
csyxnw7XH
csyxnw7XH
D78tVc1GfyD78tVc1GfyD78tVc1GfyD78tVc1GfyD78tVc1GfyJeJVZwsn
JeJVZwsn
JeJVZwsn
JeJVZwsn
JeJVZwsn
6RmX4cQrl
6RmX4cQrl
6RmX4cQrl
6RmX4cQrl
6RmX4cQrl
Tm8pCPR1f
Tm8pCPR1f
Tm8pCPR1f
Tm8pCPR1f
Tm8pCPR1f
3wcpZIs9S
3wcpZIs9S
3wcpZIs9S
3wcpZIs9S
3wcpZIs9S
O54c0MQdZdO54c0MQdZdO54c0MQdZdO54c0MQdZdO54c0MQdZdDOYVHfRl6gDOYVHfRl6gDOYVHfRl6gDOYVHfRl6gDOYVHfRl6gdOOLpctru1dOOLpctru1dOOLpctru1dOOLpctru1dOOLpctru1hx5SI5wDrIhx5SI5wDrIhx5SI5wDrIhx5SI5wDrIhx5SI5wDrIExfiW2caClExfiW2caClExfiW2caClExfiW2caClExfiW2caClOudE
j3F0mOudEj3F0m
OudEj3F0m
OudEj3F0m
OudEj3F0m
1su9RuL2E01su9RuL2E01su9RuL2E01su9RuL2E01su9RuL2E0XilKRsnq1oXilKRsnq1oXilKRsnq1oXilKRsnq1oXilKRsnq1oohvYbKEnGgohvYbKEnGgohvYbKEnGgohvYbKEnGgohvYbKEnGgVbKp7NGFomVbKp7NGFomVbKp7NGFomVbKp7NGFomVbKp7NGFomw9EtqFdgc
w9EtqFdgc
w9EtqFdgc
w9EtqFdgc
w9EtqFdgc
0HOPz4wH
0HOPz4wH
0HOPz4wH
0HOPz4wH
0HOPz4wH
hnWRF9qRbShnWRF9qRbShnWRF9qRbShnWRF9qRbShnWRF9qRbSlP2nkY84ULlP2nkY84ULlP2nkY84ULlP2nkY84ULlP2nkY84UL5zzcR1zqgb5zzcR1zqgb5zzcR1zqgb5zzcR1zqgb5zzcR1zqgbObiZZeHt1
ObiZZeHt1
ObiZZeHt1
ObiZZeHt1
ObiZZeHt1
URYKx0UUbqURYKx0UUbqURYKx0UUbqURYKx0UUbqURYKx0UUbq
G�u�l�i�m�C�h�e�
S�y�s�t�e�m�
W�i�n�d�o�w�s�
V�S�_�V�E�R�S�I�O�N�_�I�N�F�O�
S�t�r�i�n�g�F�i�l�e�I�n�f�o�
0�8�0�4�0�4�b�0�
C�o�m�m�e�n�t�s�
O�M�F�G� �S�t�u�d�i�o�
C�o�m�p�a�n�y�N�a�m�e�
O�M�F�G� �S�t�u�d�i�o�
F�i�l�e�D�e�s�c�r�i�p�t�i�o�n�
C�l�i�e�n� �L�o�c�a�l� �R�u�n�P�r�o�s�s� �A�u�t�o�
F�i�l�e�V�e�r�s�i�o�n�
3�2�,� �2�,�3�4�,� �5�3�7�4�
I�n�t�e�r�n�a�l�N�a�m�e�
L�e�g�a�l�C�o�p�y�r�i�g�h�t�
O�M�F�G� �S�t�u�d�i�o� �A�l�l� �r�i�g�h�t�s� �r�e�s�e�r�v�e�d�.�
L�e�g�a�l�T�r�a�d�e�m�a�r�k�s�
O�r�i�g�i�n�a�l�F�i�l�e�n�a�m�e�
C�l�o�c�k�.�e�x�e�
P�r�i�v�a�t�e�B�u�i�l�d�
P�r�o�d�u�c�t�N�a�m�e�
C�l�o�c�k�.�e�x�e�
P�r�o�d�u�c�t�V�e�r�s�i�o�n�
3�2�,� �2�,�3�4�,� �5�3�7�4�
S�p�e�c�i�a�l�B�u�i�l�d�
V�a�r�F�i�l�e�I�n�f�o�
T�r�a�n�s�l�a�t�i�o�n�
P�r�o�p�e�r�t�y� �P�a�g�e�
M�S� �S�a�n�s� �S�e�r�i�f�
T�O�D�O�:� �l�a�y�o�u�t� �p�r�o�p�e�r�t�y� �p�a�g�e�
M�S� �S�a�n�s� �S�e�r�i�f�
T�O�D�O�:� �l�a�y�o�u�t� �f�o�r�m�v�i�e�w�
P�r�o�p�e�r�t�y� �P�a�g�e�
M�S� �S�a�n�s� �S�e�r�i�f�
T�O�D�O�:� �l�a�y�o�u�t� �p�r�o�p�e�r�t�y� �p�a�g�e�
P�r�o�p�e�r�t�y� �P�a�g�e�
M�S� �S�a�n�s� �S�e�r�i�f�
T�O�D�O�:� �l�a�y�o�u�t� �p�r�o�p�e�r�t�y� �p�a�g�e�
M�S� �S�a�n�s� �S�e�r�i�f�
T�O�D�O�:� �l�a�y�o�u�t� �f�o�r�m�v�i�e�w�
M�S� �S�a�n�s� �S�e�r�i�f�
T�O�D�O�:� �l�a�y�o�u�t� �O�L�E� � �p�r�o�p�e�r�t�y� �p�a�g�e�
A�u�t�o�S�h�u�t�(�&�A�)�.�.�.�
Hosts
| IP |
|---|
| 114.114.114.114 |
| 8.8.8.8 |
DNS
| Name | Response | Post-Analysis Lookup |
|---|---|---|
| dns.msftncsi.com | A 131.107.255.255 | 131.107.255.255 |
| dns.msftncsi.com | 131.107.255.255 |
TCP
No TCP connections recorded.
UDP
| Source | Source Port | Destination | Destination Port |
|---|---|---|---|
| 192.168.56.101 | 53179 | 224.0.0.252 | 5355 |
| 192.168.56.101 | 49642 | 224.0.0.252 | 5355 |
| 192.168.56.101 | 137 | 192.168.56.255 | 137 |
| 192.168.56.101 | 61714 | 114.114.114.114 | 53 |
| 192.168.56.101 | 61714 | 8.8.8.8 | 53 |
| 192.168.56.101 | 56933 | 8.8.8.8 | 53 |
| 192.168.56.101 | 138 | 192.168.56.255 | 138 |
| 192.168.56.101 | 58485 | 114.114.114.114 | 53 |
| 192.168.56.101 | 58485 | 8.8.8.8 | 53 |
HTTP & HTTPS Requests
No HTTP requests performed.
ICMP traffic
No ICMP traffic performed.
IRC traffic
No IRC requests performed.
Suricata Alerts
No Suricata Alerts
Suricata TLS
No Suricata TLS
Snort Alerts
No Snort Alerts
Sorry! No dropped files.
Sorry! No dropped buffers.