1.2
低危
DACN
0.12
FACILE
1.00
IMCLNet
0.80
MFGraph
0.00
反病毒引擎
| 查杀引擎 | 查杀结果 | 查杀时间 | 查杀版本 |
|---|---|---|---|
| Alibaba | None | 20190527 | 0.3.0.5 |
| Avast | Win32:Malware-gen | 20191013 | 18.4.3895.0 |
| Baidu | Win32.Backdoor.Wabot.a | 20190318 | 1.0.0.2 |
| CrowdStrike | win/malicious_confidence_100% (D) | 20190702 | 1.0 |
| Kingsoft | None | 20191013 | 2013.8.14.323 |
| McAfee | None | 20191013 | 6.0.6.653 |
| Tencent | None | 20191013 | 1.0.0.1 |
静态指标
可执行文件包含未知的 PE 段名称,可能指示打包器(可能是误报)
(8 个事件)
| section | 7519006 |
| section | 8572755 |
| section | 7151059 |
| section | 6580166 |
| section | 3626684 |
| section | 7044656 |
| section | 5294235 |
| section | 3707131 |
动态指标
该二进制文件可能包含加密或压缩数据,表明使用了打包工具
(7 个事件)
| section | {'name': '7519006', 'virtual_address': '0x00001000', 'virtual_size': '0x0000d000', 'size_of_data': '0x00007e00', 'entropy': 7.99353393817323} | entropy | 7.99353393817323 | description | 发现高熵的节 | |||||||||
| section | {'name': '8572755', 'virtual_address': '0x0000e000', 'virtual_size': '0x00001000', 'size_of_data': '0x00000400', 'entropy': 7.767636168582015} | entropy | 7.767636168582015 | description | 发现高熵的节 | |||||||||
| section | {'name': '6580166', 'virtual_address': '0x00011000', 'virtual_size': '0x00001000', 'size_of_data': '0x00000400', 'entropy': 7.830116036537715} | entropy | 7.830116036537715 | description | 发现高熵的节 | |||||||||
| section | {'name': '7044656', 'virtual_address': '0x00013000', 'virtual_size': '0x00001000', 'size_of_data': '0x00000200', 'entropy': 7.55488547604783} | entropy | 7.55488547604783 | description | 发现高熵的节 | |||||||||
| section | {'name': '5294235', 'virtual_address': '0x00014000', 'virtual_size': '0x00002000', 'size_of_data': '0x00001000', 'entropy': 7.952516725673953} | entropy | 7.952516725673953 | description | 发现高熵的节 | |||||||||
| section | {'name': '3707131', 'virtual_address': '0x00017000', 'virtual_size': '0x00003000', 'size_of_data': '0x00002600', 'entropy': 7.385206639806591} | entropy | 7.385206639806591 | description | 发现高熵的节 | |||||||||
| entropy | 0.979381443298969 | description | 此PE文件的整体熵值较高 | |||||||||||
网络通信
与未执行 DNS 查询的主机进行通信
(1 个事件)
| host | 114.114.114.114 | |||
文件已被 VirusTotal 上 53 个反病毒引擎识别为恶意
(50 out of 53 个事件)
| APEX | Malicious |
| AVG | Win32:Malware-gen |
| Acronis | suspicious |
| Ad-Aware | Trojan.Agent.DQQD |
| AhnLab-V3 | Malware/RL.Backdoor.R257255 |
| Antiy-AVL | Worm/Win32.AGeneric |
| Arcabit | Trojan.Agent.DQQD |
| Avast | Win32:Malware-gen |
| Avira | TR/Dropper.Gen |
| Baidu | Win32.Backdoor.Wabot.a |
| BitDefender | Trojan.Agent.DQQD |
| CAT-QuickHeal | Worm.Generic |
| CrowdStrike | win/malicious_confidence_100% (D) |
| Cybereason | malicious.7d13ce |
| Cylance | Unsafe |
| Cyren | W32/SuspPack.R.gen!Eldorado |
| DrWeb | Trojan.MulDrop6.64369 |
| ESET-NOD32 | a variant of Win32/Delf.NRF |
| Emsisoft | Trojan.Agent.DQQD (B) |
| Endgame | malicious (high confidence) |
| F-Prot | W32/Delf_Troj.F.gen!Eldorado |
| F-Secure | Trojan.TR/Dropper.Gen |
| FireEye | Generic.mg.b4b45147d13cedf0 |
| Fortinet | W32/Delf.NRF!tr |
| GData | Trojan.Agent.DQQD |
| Ikarus | Trojan.Patched |
| Invincea | heuristic |
| Jiangmin | Worm.Generic.ahwj |
| K7AntiVirus | Trojan ( 00129bd51 ) |
| K7GW | Trojan ( 00129bd51 ) |
| Kaspersky | HEUR:Trojan.Win32.Scar.gen |
| MAX | malware (ai score=88) |
| Malwarebytes | Backdoor.Wabot |
| MaxSecure | Trojan.Malware.300983.susgen |
| McAfee-GW-Edition | BehavesLike.Win32.Backdoor.lc |
| MicroWorld-eScan | Trojan.Agent.DQQD |
| Microsoft | Trojan:Win32/Wacatac.B!ml |
| NANO-Antivirus | Trojan.Win32.Delf.fnpcgo |
| Panda | Trj/Genetic.gen |
| Qihoo-360 | HEUR/QVM18.1.8561.Malware.Gen |
| SentinelOne | DFI - Malicious PE |
| Sophos | Troj/Delf-GBD |
| Symantec | SMG.Heur!gen |
| Trapmine | malicious.moderate.ml.score |
| TrendMicro | Backdoor.Win32.WABOT.SMD |
| TrendMicro-HouseCall | Backdoor.Win32.WABOT.SMD |
| VBA32 | Trojan.MulDrop |
| VIPRE | Trojan.Win32.Generic.pak!cobra |
| Webroot | W32.Rogue.Gen |
| Yandex | Worm.Delf!QOFqnb2nJe0 |
二进制图像
288x288
224x224
192x192
160x160
128x128
96x96
64x64
32x32
运行截图
暂无运行截图
该样本运行过程中未生成截图
PE Compile Time
1992-06-20 06:22:17
PE Imphash
3c0e70bfa5f73f1f1cef484e2bcb5bf8
Sections
| Name | Virtual Address | Virtual Size | Size of Raw Data | Entropy |
|---|---|---|---|---|
| 7519006 | 0x00001000 | 0x0000d000 | 0x00007e00 | 7.99353393817323 |
| 8572755 | 0x0000e000 | 0x00001000 | 0x00000400 | 7.767636168582015 |
| 7151059 | 0x0000f000 | 0x00002000 | 0x00000000 | 0.0 |
| 6580166 | 0x00011000 | 0x00001000 | 0x00000400 | 7.830116036537715 |
| 3626684 | 0x00012000 | 0x00001000 | 0x00000000 | 0.0 |
| 7044656 | 0x00013000 | 0x00001000 | 0x00000200 | 7.55488547604783 |
| 5294235 | 0x00014000 | 0x00002000 | 0x00001000 | 7.952516725673953 |
| .rsrc | 0x00016000 | 0x00000358 | 0x00000400 | 3.8585242583369057 |
| 3707131 | 0x00017000 | 0x00003000 | 0x00002600 | 7.385206639806591 |
Resources
| Name | Offset | Size | Language | Sub-language | File type |
|---|---|---|---|---|---|
| RT_ICON | 0x0001620c | 0x00000128 | LANG_ENGLISH | SUBLANG_ENGLISH_US | None |
| RT_ICON | 0x0001620c | 0x00000128 | LANG_ENGLISH | SUBLANG_ENGLISH_US | None |
| RT_GROUP_ICON | 0x00016334 | 0x00000022 | LANG_ENGLISH | SUBLANG_ENGLISH_US | None |
Imports
Library kernel32.dll:
• 0x418c2e GetModuleHandleA
Library user32.dll:
• 0x418c36 MessageBoxA
L!This program must be run under Win32
7519006
8572755
7151059
6580166
3626684
7044656
5294235
3707131
?Mn#fS
X$GZP~
9p9/ZD
|&d0n&
.#ArYn3JA(z
8O-@q}x.=
}YMF>kG"`ztY
@,15m^!_]02
k *tqyQ
rYNsUF
?]j&?[
Tv9p'7(P6#m
1PGJixRJ7bzp
OCh/\c
=#g?`y
r/R vo_
{\Wgc%
%WhE7'BhW@Ao@Q
#@0t]-8
iI!F%9~mjw
Ogmo%Lc+I
^~<ZQRA(.zC6
T79?ho
kb9T,PW"
L5k{ezV;#lEtYzT@
}2IVe
m_WI!He
sXX"O}
kH$&G;
YSs?Q{
O7s<k<M^zw2oi
aE@4q[
?@.aJj7}a
{jPO1xEbu]SL"m
{di<P@
g?js GJx\:Jz>
/&y1q8
SiWn*L-/V
DZdQ{t
Okl0z`B8
'%p$xI&]
B0Kfy{:
G.}Uv:
lJ]X?ro
bDN)GO2k
smq=i}
?UNGDH9
znh:kA
`QH!,:
"HT,:p$QQ
d$}.M=
R52O$w
Gs2P7h
S\'0HCM4'M|8xQYu,Y
Up3c'W0
=pm&-'
5)$xy7a
p]%5<GxvM=
>RSi&[
(Cjl/HW
*=G&[%f3
t>7BX| B<
g ^9!K
t3SZ&o0E"&
tn[2(({
H~cQG'
.1\*X#
(sb7bOP !
<au29R
_( '1*
3FS1S\2
r^6g}!0
4Yg}r
=55<mp*
eewX'b
J`;"_LY1
*Gr*ip
zkI*xFM_
fk0Ki 4hY
Dk"f&I
,DkqNgeN4%>!x!K
~R3-BE
&X Ce|ofAFjc
,_-T l
qQkr'YB
/>}f-t>a'u
F{fabRR.
(>!]^n
q[yFN''uJ2(p
<"z4,TK+1Q&P
s^omG>[V|A8K[
Y@bWZ0)%t-'|a;\:Y
l.Ei>Y
:JC:q\FJ
]!3_m*jS
]5D2AF[
>MY&H5#X
8I-K}ZO#;
~w9Z%O
kK{nh <ot
6+"<Q0mEMtzo
2jxW[S
CQIV;`,o&c+C=j
R)`pJe}L
%^X r}v1
F9HA9xcl
w gh"IB
HEroyBY
DHv&#'q
?5\:o$
:V}a.;
F[o`Ow42
pAaS*W&
DCqfzU
0|h()"Zm\?
=|iI`YNF
f^^@YD}_z
@Y,r,!riO
.v)}bar|[A7YS`
++~-+$YIkL
:VLAw$
p.X) ~
bWQ0T>
*0'6x3A|=
5PBZ!q
ZT"/"5
\">}[&
VgF>Z1k5
R;]Yr""weT9 Q9
N' P*h
JmV{t,q
o/uEte
Sc=kRb
VGkHK2*V
L}dkz#
aQ6O&IR
(U`3lM!
b~sXgU
?vl?Oo
Y;mfpkL;S
235rlq^e
yt{S|f
6f.q?z`W<D(;9U:
p`v_IA
shg8a g0"<
qN]uCW+
J)_~!u?+_eAJ:
!]Qf&*2xc
/PV?k\d
`i9|QA
w:LixHL:=0
ckE-yo%
m8BNBcd/
aYHt+o
$;rEkDVl^GWQ7G&
x*2LdK
Epd+ ^rlO
E.k}.z^b
"}-x3dnegV
2t7b&EBm
Z!vf8sr5+
_-)ZO:'e7[
RmGT.g
39LEc8mhL
lX-_vS$o.@
[o{_qdH|=6
9\eLBR0
V&UBxTbB]
q`#rl#
i/c'k`>
)$Sh <T#
3<*Rs,
UIW=h#j%!
Q(<c T
=f*|!c
ty9BV7D
MXO*$-zZ
sA5d-:
V^D98S^4M/I%!
_'pb\T
&-4t]95R!
^a$`i2}6
\zRL}(
; 2e[=
bfnQ=fS
)M^a\(l
jZlw,7o
vr#;.0V
_1k<L6dC%~
`#h9_~k
G ?v`gw
:,jJkP ~
VWwhd7)@
&pS$ $Z1C
,A=12`-^
TKeyQ/[
}I 2NG9xO
F*2TOaWEAAMl"
92o5JM
2~u\_}
Ft{=x,2
b+,O{C
`NmTg<1k:~;D
/Z:Eob
|`:1 5 U
r32*hnK
e.M'}WkUE
-E`}jz6Ds
+:K^xp!
]B-i~>8
5-quq=
@D |{HOZ
VfwC!'
H~szG9gCjV\s
wlgx&V_$x89K^k5
<9-}M@%
qa?~p9
GR'(cbjf
[y*@Q?Dl
|6AWU:s
j0i. BeY
Ou/DdqZb0
Z. mPT/@O
wQQV<{k'Tu
Z5m<WZ@H
iC)}aQ3 x\
KK~QHd
W Z7~'
(W%Axu
sS95b$oh;6_,L
oc!"hB
Aat5w
<F.lC(M^t
BxIN/<
=M+1Aen
I&wd\{6\j>d
%sUesvX?
}OYS!2%1)
j4+jgB<@
j>E9}c.
=s<2 :
lQj#Qb
K3)s_O
wf:)>D*h
Gf%;AC.
zs/WEw ,
K5`@F{Ms
Wkglx
`sj!j)Q
*K];%ts
-w5G{Ad
>To:}2Esbu_.l
BrC~7
O+3-~H1u4i
mhQ=He1
gv&1:w
91?y>E
'ql 2{
yX` ,eaW8o!K] ,Q
mmUg \eMU
IairyMR'jfS
!Ia\0!Mtv
eTY>oe.A;\
0I|f$z$d
c(yw4{ P
e0EqG4(
~PR:%b,(R
N9#|*xpI.
{:ea*XHt~
UBTj;%
VZZ]'-
H?8 )p
&a%y+8;E
5$f7Nz/\yN
OhZEc
|xgRc#
ewqDLu
)C%!a@
x 5K.;`lv"
b'(5Ogr)$2VJ
;;b,]NMr,r'<II;
j(Uoi[6
)IM\7/W*Q
e7vf=x
z~ w@w=H
k7|O5*P
:9AALt`.}
_jc;=?
_> i1J
CF:6I1nMP:b
?>I.UP<c
]=_zC<
L"SMcj(
v-=p'N?
j XZK&
hN)U4q;@1Z^WF
.foTRVc
#>B{b4e$
.>]E8Pp
NE>O!Ut"
woeoBn
m:WZl|
&7z)U*
`otUdOQ
TqMB,s3N
w4UIF1p
iD i|_s3'M&r#
b|"|a+uS-}H Ms_\tP/
b{ _KT&FW3Q
pWdP_{,\j
AFjg3id
eL*k0LF
O4zf=&SfoBR2
Izt"yHC
P4rm;/_
yUU$t(s-`
`X-X@a
A,h@P+45=pK
Q;F%H[%
.6+ x b}
@Ip$i$
pIggn,z%(*;
($s6=w
/pt>Xj
S20UUz *Q}q@\g8W
~|[*i>JbwQG^!W
!uxBP6
k@&/P6p5D
KxL`S0iHfW
`G:v.)O#71
M#hX}xO
p7:<~X
H;-"Q}1
EBJv0}/
UgQB]6_$;
(6t#{\q
OL}wq0KEJLC
(xUI}v.)dz
PO-WXm|Q
++5,J2<
_r"wI}pDNJ9k8)k"N
;Q@V&7\(Dn6%.O!
cg~UDSv
/{Lr)+,Go
|xU Xh
L, rDEW'>~TE3_[6
RkdE9Wu\@A
CVW_<E.B
/,^+T!c
6OFOxU(Kd7a
|A14KnzbCE>q
EJlr,5"x
.r?0{-W
}4T|9vWc
Ui ,RbV
s [)M8
\#c}]:
eNS)E:g e
-n_ sR%-9W: +
kDX{kP
#kCz[;
2$_*R)
/Vh3.aL5f
?%`4MPR
*z^>Sp
j>5x(i,0mg=]+ n
d xm~ZF
b_L ."B?%
Cx&bgIMo
*+U7$vKX~
d'2@sdr6-lZD>v<|
Qjx(n#"[
"{?,>pT:b%
C}DA)@Y0m
.^`j@&
@{_.ePXB;n
s[V V"~R+
v(G&d!`+!mMn
+M4Z*Vj2)K
.P(2^B
[/^WyP(he(F*
[{|t{S$B
=rwBx\B
i%b-4\V3)jN
bA4Gh/dj0CQb
pY[?0AF
wRgwr$#M
D 0WO07
; kVg3=M
K5' R#sYC!>
)Z/\'PVw
>75[Fd
\RZ;?v`z;z}
/]>E+7L
3[~Tk16V
Z-cBx@
~$ qE2
+shTeh^5`R
&i8F70x&$F
u"%K8px
J0d>A|@ZV@h
F*{.|gd|;!P/.;4[u:b
G7tubV
b"^L4C
"V-0{cd
XA5(jM4V1B}
kM_oOfLfA"c||)v/MUS4Jd
]Fvs#zQS_0,
%(~o-(
z/0qOK$y3z
C:6$bX%sMFl
rg?bzA
=!YsS##
hvsH?N
. Kh 8
e =#y<u
o*BJ}32"H
_CyWSKv
|iwD,t#|or
6/N:U9|
22~[rysmsz0
>d0s"h]_
w Itzo6&
]C&JxCzvj
2X4X.?e^mx"
lMZ}v7kv_h%
oCpE.>z
cR_ r:dvgAULd
N0YKZ/q
%Wm;X!
j83.:X>o'}>NV
{YevSYbk
M-SjtW^\
f"eZXH@A-
1&42sX@dx_us
D}=s6ir
u3 bIV[
B*Lc7j
F#gaOF
,\<sv1p/i
P^lc=T~j<;
'Dy4~^+N+Uir:#B
>kumX~
.A;S)M
1]F:=IqDo
@$?E>UA~
bB)p;P;M@P>E]:D
YXb\F^:
W)c@^B
w/o7]Tu
P!5}b'h3
}:m\"A
=WLPyU
`RcA;^
p~|[zW
-?/-FLZm^
Uv;?k ]&+
ok-asTytf8dn
>sh4w)mu,
-b^oA3a
f'H+Lx
5Eh9$J0 #@1vOTme
'Csgm1
+r=3@wr4
O\iOE/8Vh
@3FSs\xd;@i
bK.\]u
"-9S8k{
v7O+tN%,T]s7
ljcyda
^>CmF
6Z(`h@O1>27H\
>g+L}!CrW
0_0_mL&.
*df5b;h
j(hw*u
Z_?Cq O
bD|/8~
++DgG({
8jVD+Y
[T_7g;
yEg8'&>I
[,M6?DdFV4<
O.piDu0)mMC2
e->)"C:#
{o.z3o
%J'aa?L
uMaWuCY1m
p%5f&z$
7..e"*573'Y&@
=waF+,4Ii
,(d0vXjBt~_
;Coqpb
/qBq%!
0c.*!T
W2:G90d
;:<3D>"M(
Mys%]?
#N1Jc6
s:]@v^X
V5s=,I
-z6qQiwP
*\8QX5l=>
3%95T;la
&I&7GeZ
!w3)!va
`"3r(\j|Oa;
30v g=dBE
\xc&d|
??0.37cI'RX
26s"*w
F.KB>i4'xUu~`o
O6eM4?X?{
/+q!jk)h={
HZ`nY3
kn{GyS
_^zhJP!
Y45DUS
)Km$FB5J;;o
ER'7UR/=Lg
1}5Y(N
TGPeqK];rc
AWQ}r^
.XIR{|(D=5^O
zbBm=?|oRw"U<jN:Dl'>?
mC29IA
SQ/uCl
m(.#qP.{mx
KaJ{&U
!#( &N;V
H\*WcD
}!37gK
DtLE$WI]
2fH\;?L\
Q]c_\"
C(4y`X
5*Aw($
Kc*T3JjE`Z
'?:kF'B<"X2
[0Amvd]`
Vu}>?$63
s-zm,'8
+)OG<8>|_s
9j MuyWmQ7N:
[UIC rO|NOb
~/d.KHR}!Q.EY9
!v`s0K
X&.p<1(
%xf Q ~u{
$}7'2Iw uckmucAPUzxz
-5j5OPD>w
uH~Pq)9x%g@
oZV"Vz_?
N?Ga/Z
5c0XAe
RbJ<=4E(
{ExWL\M:B?SZK"Oac
S~(qt*
-Qn)>0+?k
G4]9}{K
Yd=HKN~sB
<_B9iHMjv
"B36^XN6cJL
V~ZbEYl
$e<|gzUt^@
De4qK49
WC5=Ul)_A
+06r&f
KLayM7Ca\/[
:>|;)Z
<c|='nMQ#dR2qe
k+t#RS+O
gbs"hT
\V>e>V
SWh%x&o.MjQ
"*C}=
%MnWv'VTS(9d
(PI;R%
e{OSQ6_&
-'=`;JWZ
]@a'Zhb;b
Js9(>0<W
B7A|e>c?/;\2
$f[*Tw!sn
k2@46RC:O>&r
>SXIc\.F8
y|}Hd
yTKpI,1UF
h3Vxm8,Ma
U!,@_<X
--?)MT}[
W3_[@!_kWX ?P5[
jMKCz
>K15Y(K
"08J@6z
Wl[RZm
Pj=n 0
zd Jv@8\
[#bk^-RO9mA8L;
GJv6i^H
k,~B$Mq{%h! & %_
}z.V=>
qh!l<Rd
tj8-Y?aX!U
ra<+EF
$bA +~yl
~)kxsu;^
Wu :7=wI;B
k``fir
Flf!a>
`?T$Df'
Xl#\b[B`Flb^Yw
r/zX)J
Yf8Q1tRh3
'mRB^U
.nwo<=H
87LG?sI^
8k8o&E|
${Nv3}p#e6B;<B;Iq1(
"rWOB ?
pp/pbH
tkqA*CQ?
.~1y,?8"
O|9GIUpBPT
p%!/&x,fkH<t
1{X@BgR ^HSFwnS
^s>.9P.
<e.iK|a>It
E;_(6?
!^TGpFbyhid\.b
)#J"i:O
[O2wxZ6d<
c/_ @"E
nlKt4xI)
6?Ch \Ao)`%
OcBE3m
)b mU*
K5R&]:.xH
`2FPj6,jd-H
g_iT@B@qZ+
g}`m~<`Y
:w,"j3-e8L;_0
vA[_{DFx
fdv9b#/k
f1N#C9=\1h
VWG?JN
*6QqS+
*DD7|$k8||K
2jj"C;lZ
^rOCio9w
XJ7D&9&W&
mw~!3\
qxkW)f*k
~+O:xH]9b 4:nsj2
(]>+g"(d
p:,Nfb
~|c[ s/2
,;6FL?c CN
/l#bCr
Q3jPH4F
zP@b=B
GP,b,2
P|Vk7$
OOOE}bM
[@lsd8(
lT4^z;86frUL.;O*ynM+
94k['o
p6M'bY8t
SGI!<-.)
hr( ]~Hpm;^-.NMp"f0}`
w>w*GIM
X_d}|?DBz
0(J7Qg
rB=tG+
^<]6H!
_~'-VsF bQ
+1rA|g/n*T
=^XVqE8
pPo8DvZ)cI'D
X+nzszX 4I@Z
+kz)Z-r
;M{oNI
O!Lk\'
]T>J'^ @;
B#*r=L
VQ!IxH'
Kodo7Me
I\G:*x<b
;60Hd;
*]/)7x
wT*El {vIC
[s4cs=II
[X'J9=, /
Q}lI:xMs=c*wXE.
&)-e^(+.IG,
+1 s)}_#
*,_u1Fb4%"
YwqnCM`T
X7:sn%.
o6ciyK
r6A,+p7
@Pq<+z
KYcm1C
-'CA`@Zc2o
+8Ikt&nkFTN|\$
:zBC;x
]Qf)g#+
zx Y!F
Q*eF48<<
$aoj"vU'e4'ITV
+Iq0,u}&^dK,M*q
GrL2yX(
{W~}2LY
~<>UOY%: I
z!0(b2o
.EQ\tps
~J9hxr\ifd
':hi_2KYAcJud8
1 VgSZT
+vLh+Z&q
B="vw%
C-aCQ:k
vsTxS^nL>
o$b.!GCP*]J
r2m*Rvj-
*YM>b#36G$d\K
[,8k[&C1RAs:v,$@
F*QQui
$nnaP!
xL39t`5p
n)._rm>!r3
HXupqZX!d
?<_,<-
06 XxFJ6
qA(_W\
+}ze)kR(
Yzh8v"]"*k
&<le!FBi<:-7p1y
xuq*\X=:^
#n)W;:o[~d+/+Q
x5D)TS(c
@4_jDxn>+]
,;fSHDIeGjY0'b
(gF#!mT5
?.'5$.x
~>%3~+WOw4j
Q;olFK4
.;)zx[c
#?l1$jO
:}ZU2f?
Oi<HB(
??7dmn
E}f+]K
Vh>=~=p
sK):.-
wj!?|Q
`_dD{_iNvw~5DE
;b.sGcw
rw,]I~OU
PAPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGX`
ET81NDUVHxC
s1A_h0Te
i}Lbmfmb 8
fq~^SELR~Uf~
KUQRj~
LS%}`qp'<
x.(7c!xe
1EzsM/wC
hP`-r?-a
<i3jU@[
I*B}*]
V\=tz1^fQ/hM%HK
R/PamX
HF2vqg
uw^\52OCL >
D UTC0y
y?* ezsXuZ)Z
{)'uO1[
rpQlxGC
K&$hHGL_HK+D+@_ ' *5"=>!*91
*Pi[P7
ZITc`q-H4N%M"0v-f[:I
Any6EHrc
)'|P-i(,atQ
{%r7r7!IS0
C6*7:|P
P/e Xx
}m#p[|`5!i
vCY{VPtE[
^C|GGH6C+zdUZ
KifP.8
ZXiy1wub*b
e{x/77)0
t=U;p)
Wig5r.
:zcHiu
B6Qq!r
qeqk{Xa|hJi
A=O)Y#W8"#f8U#r$(2\
0Y;U{`d
i,f hC
,,k-U\)
hzx~5/
kQmuJ5x
cXA[k)
, |eZ#
|o^KqSP
wQ]4e&G@
9Z ]lx
.vfO1c0Q
#kc>J9RY!mt+T
l9sr7mD
DZ7Mqrq
4|ByXMK2L
V{CT(?
DU PV?
hvtLT9
#)`*lOd)%5
qhKgteN5-M
sQ-5$lCT
N&1"9Hz
{^,3}{
R44*~:g^7
yJV_v1|
]ce"&eYL"[6
]j'v7h7
C<Eo^S{
k0Mbkn.
aR}T{TMk>/W/
E %V@J
B7lmcM
]MaW<>$
mJrPAJ/gN
,/^^#(
Vdc&5l
RKdA$q3e/_
6 CLQP.oq
5A=j*'
\G,}OM
>E^{*%y#jv
h0b,v_2: i
8z]5NRv$sKfCqxB3
w/G'X-L^W1
]Ulu~"%6Q
KaE0$f
kb\2wRU<
imZ+o+
a,&TC!;E
L8]en+B
-T?Cg t+
]9i,' ay!y
9lsMWK
@HU}td
&Up[01
:9|}Ail]
RnNZ&>Wb
@wz{f_2D]mKU
`sJ2P"J4T
1J0@.m.
jy!fCcO''o%{YJL
DL>8v6i5
GfW!r%Z&dZym
UTUn)c
2h[1GD 8
Zc> ><y
0][}SXMhK
ok*H?Aq\>
0E L6ZVCH
:+QACi
\pz4Xho2yU7
4L#i>XX}D]nALx^
uuj+UxU$
n*0<QdB
he^:HMXs}*O
Ac"r5@Vb
2Br?0NUy!XS
C"1_sw
2L.oS<yICKm8
(Ful'\
u8RN9w
N do[w
<f\^G,
X&c\K"M
kernel32.dll
user32.dll
GetModuleHandleA
MessageBoxA
Kn[VS0/!
jy<zPn
3E &kL^tB$E6(&6W:n[
52CZ=oj
!sccXCX2
'2CJ')L_skx7G
CF1'P_bkggB
E4S;v
62CL;'ZP
^`v*v\
han9=iM(
wwwwww3388
D333338
/D333333
DD333333?
/DD33333?
DDH33?
/DDDDDD3?
DDDDDDH3?
/DDDDDD3
DDDDDD8
g-+Ld&
T-AE3B}&v|@n=&
!peh-@
m0nW`X3^k
jM>'ze9S%k/o
VkMP47x
0 Wep<
d`SzIY5
V3.}V;
!UPiQc+&
W!)b3r,
HKC"R B
/qYl:!
>=L8LXz
6#jQ9Hi-7
!yL&+)5!2oXo
QJExL0v+/O
;4nw$5#
)vP0KY9
Ggu_UMe7B8V
r9g{aLX/
ga %i\
:{jNoye
z,|USI
dwVt3;+
j=eU<%q*KS
_;kgWu,9pr]Jy[v
&7/PVv2vz
%SSt|FWmp
ob[<As+d XZt
~y+!(j Y
F3-une;HIY
q? 0p-4_`c
I]4/ uw
vMe%DHi
&TeH4hq
L^jmx{
a52C9D;o
'sqi>hyV
;{?INA
vw4G\C
sg.IA"RAp
GFfm^`Q
Q8PcBa_n
rWWKaE:
B 8}b<J
~0K#e=
uH=\"gah
Z-cT+yibo
2T,GDs
1adJIY
]DzT2-r
?;\s'v~^R 'n
(b}Zf"0
}]VJ3.
eH0ly?8
)U85J;;I;pp
p`IddVw
qt74IQtH-
yLU]>gG
xXE`^H(
k&T.Yzo%
RX<?5>
F.V%}o
[;.[1y#
>+&5HSG9
Z^MeiI&"FI
B9uS+\X
'RZm=rR.:%ymF^d
)Y_}[$xoVn
rTZ yjI835
dL+lQs=YIKj
DJm cI
)8^NMiRgx4~;gnUd&k
,0/VCTL
uUV2.,C
vBl{.{IZD
jG&=MPz
N ,n{$
DMh4GGfYgM
,MwO)5_J|',
_f4A(!
q.+KHU=
wcpr|<
]~zU;e
k}CzAkxTVZY
~r3#7Nd@^&
_\3>o.q8GmN-
0aD+}l^4
KJ~,a=#4;To
fJ&D*!
zd[OW.'
5,if>o~a
G,B;x(C6(
WILq.k
F11Ze9'>
yeGSZ\r7S
Q+]ni}
R;PBOD#1AbD@
z3Gj8F1/j`{
@2TViP>
5cLdp,Xlm(Zq5"
r/Sxu|
`.h4#m5]bx
5?P<oMk5
_<a*?gyc4
Y,i6A
{`;|gj
TZk+}Tj
5dP-V)K!
_YIlt7gsn%cn,2gy
P(/+[JcaH
,KMPH<q
BJlXdsKBh
5NWm9#
4bU?^S
lwp**CY|
p`i2KhoOA<Bd
$\8^WF7_t qe?g_
{#lk3'
PoW&G>%=*>
O),miW/QYc
"&ce>$
6yZy{[FnjS.
r^G\l@
N&6x3J
D^iLfZ9~ tT<Z
#W67Y25
vh XOk68
z^0N3F!$KF_Y/"}Zo
O<,Q8*
2%fHOC
UR]bH-
8+-oKU_y
O !Zl@#`
VcG)m?E
/4r%.=-w5XYf5=
k[X{o?%Pu/
d:T i'Qu
V-~h#v8
3 }6hnG
K)y)0ua01W<g\i8
SO$hY4F
OkQx)|l
hATSd.aaVc
e%)c''qa\
W |h2|
|^-a<5
gV#2z(
Olr;!lwYk^Hl
U^} rEFEpa
jSui0w
(u\OC9
9y:}c%j
H>'^oEU
x6n]n"/
wwo>\T
p"E?h>L[/Kv
rg:yfqo]I
A]}VZX
F]/DT\;M~<d
+9t{3SVG@:Z
FnwLS;4
TdEFX4I;G
n&8|Y7/7v5
=|_H~h[uq
G77u^'
\zu7'q^
JIS:zb<
VNvD"`gd
[KjSyx3
S.iK4k
w y^l779
YDk[|j
ULD-!JJLm
s$aIU0u
aBUN}W
p"QjHvt
|Dk2D,`y
KiyLe0A
5% =!['7'
fFs06R
yv 5+<
Fd=dTA
'! ?iqT,6
7UPRNT{Ei#TB'+C
.8e*_?
1E<6G%q@)A2.
5BTCxq5Q]8
fUHn,CD#H|
l+i2*H8]E,d
!mA[WR
*X2>+M
oJ\I2bi~Sgd
"_%1M^i
:VlGQS]J
#H?VCa
}\%_&)
=C#`hYAi
hA>n6OW,wU9_/boh
F`9ybxz
uw|Q5D
O8w:7h:#t
uQOFjHd5
paeN_PB+
.2e'pWh/
+E/$Y1
Go<vz0:5.m
/{+<ds
mR1 gFzyMLOU
QnK]X?z
oP/]iE!]u
$zK}K:g
H3*" 8}b
[+50>ml~yZ+?&N
zu$|BO,W&
]xJ9%z~
q9}AR
utcIB%.\
)r@+:d<
vk.y&C
fg8^&l
{]e, V
D.5xN>0`
p16=;L
3~2l8c!gv`dKBb
Q$0Lrn#v
YOnvkd
3,q^-F/
D._bwM
@zXr_\t2h@Z/N
$b2QTF+Y
}j>+*^ ;
jtP&Xpr'
Nbsb72[9(5
Yj0V\GE\-|^d*(fj
dXRJB:
-sVdR%I
bFAt3(
V7~S2%8
ONakwI{f
`m.=)|
}Na9"3
\<@z%})z"Gq'
W@_P/C|(s &)A%\%5X][#sS
H&<;l'
c<D"Hi
Mr>y]#k
Ek_CtL
c@1ptP[
I1Psu/=`TvkW+N{P
Z\Um[rUA4c|
pe)3-f.f
5-cYRTuO0)uF)O&i
IVdeI(s`%7
4gu>~Sm
@,c0c.IC\
7p52+d=l^S
H8=%f(p
Sbrcjt
0".B3tY,.>0x
b399 _b
X'$.'8",
[=>5;|
x10zCK;|q
c/il<sZST%
_Mxm(v/Vb8
}dM};Q
;ZEjq`g.t
I0*ZCX;
CmZq&yMp@l
7 :{nh4J
pyk3GE!
-< !EU5Nd]
[H%$Z@8aA:R!KD;
V +0)&IY
ikqyXu
f:\ZmdP]M;
Ej3V1~S{4s!e ZHZ
.yf{\9
pK=854
Rx|#IDf
K?ZN6m
ryAK-#o!NQG|YRT
^/U\ X
-q*X>6
6uc-RM2
PQ4V-^k7,
]^[WXz0Q
V^#3i/
uIeJvI!2f
-Is%["D
k+OCx:_8:
X_1+IM4
]k8)z+k&y
TgBQp
!.jSX#Z
w`kVPY{V
n0X}t/O6
~Po^^a
^hy8u?N]Wx\
]Am*lI
` 2NT#\8I
mWmjdU
G]rF?r$MaP
|*1GI.
DJ^>z;I5
/8+rP`5u
QZ(Y #wE
Bf6Lk@O
^Few=v~
[*|XFk/Qw}
85>w]a
OUvG1u6
0@J{h>
7~"4~XbvW
!6K9Sz
Y!U.iIa;@D
9neFSO| =
y-ZpH"
O.FMMR2l
MXn6}v@
50 bR.0l79
I5hFhog@
q;Tlh L
nQ&6*Vx
J =FI-
g <C4.A
'|@0#e^&[
N[K#ryRF&
KLOipsh8
/+9[<SD
=FT^^UcCE#D
q1MYxtwpu
veO3R{
gwp#/xK
~`ehr(
#f|v$`W %
xZPmfL.
j`OT%9j
$6"z_&Hyo=d )
m~W#ZItE=R
,OJto@3JD
PuOj_L,C
%Q0}}U-t' \
p1-]M/S
Ix%3:L
@?;gC4l
ZJ6%F=F^NnIXfDuYW
.~A9c<m5yd(
H:[S^
j? fxWV
'ot"pZ
4X Cu%
HWX0VD/"
j<YaXe
XI>ey$]5(
K6eMU#Hf
KoY3z-G9
X:o;Id9DOQMdh.9
u{p2By]+}p
G *O>I.aF
W*$`uM
Z)W6YV|w42F
dh>r/Q(
=XF'=_;
)e<H=}-iR0Ud
=JvT~%:
/Qn>'F>_
*uevNs f.H2
HUWlo.m
yMTh6,95
n]C xU mlJ?
:p[!vt!`_c{Dddh.
?N8q{+
Aa?box
GeX]`$~
"8<(fhB
YcC5qCn9K]G4
=2.zBx0MhUfy
$?kr1
w+`f<Wdt3~;
3*3}M<
lJW(-\oSn"c
nR;8mOC
$Gnqd7[kl_EbYy*/v0
~oFe{d}% 4y
J\nK[Nc R
t8>5?g(R
K*\;jxPP8
1EG3)~
q/j)B<wqE
li'I#nr'>YA
AlxJ2T92G
^61,ggAe
sRn5~W8@R
W^Du$+B?A
.Wg?/,6W9qpNkQzX
nd0XplsD_W(<u
4K`XX9
*H{R<D
%m3<-mA~
wG5fZL
/z+.oY
)n1I>;fm
%Y ,RZ
0g[KfcZ|:
]jf#Mw
{>S7Hm
u8+o*O
a=oV$<`FRf<[c
o|Sp01|{JKa@uIh7&s
d{'DT|Pp@\
.Gh)X4
e7-0Ypw
s%|?xAW
BzKH?Cgy/|Z
Ce'$k
1 eJ0
s tT11BK=2`J!|`%>lzsV
`4g`ytKA
9I7$j/p<Z
\+e}X\Tj.3X
tX6L85@
Qk$n4~~cW~"5$
8eB)>G
")VY_]HW^5G`3B
o)8^t5s
X$bHRyi
^mR1&H
7^U=[}Z9k)C
Ueh]Cz
kmv.C\m
'j ,k4 orSd
,p\EPJbH
,;C%_~Y
ZqUOmG
z-y+LluY
4T3q/A1
:$1j.E
/@~"=p(LR
$p-8CKmrr+#]G
[d}Q\kc
o{a{.0:)
-9m77'ts
g|_9a0
iI#/R<
xc.;(s=
)UzI3Zy
RW^Ks8sO{_M
sd|lsN
%p9Nz$(
/`@q&P
sx?A0K=v.!u
;lEO1k
BFyTAy,
!bVm y
T`du<qs/U3Ri1ipr,%
_LZj)oGh;n !k=
jE[=~r
Wzyimd/
BD"^hGeL <P3fr
}5,&v'j:'
1&nC W|BXt\|
BbNd#C
R{#eS*#
ujYJ~J
E!RU:T\
wCHeP:^pVH
%v'S!0n
9+ap>Iii.RZ`C
-iB]QwPS(
DU$OO5w
DhvYgs
ROW0J("E5{sW4KY4
JiNuNn0jk
`]>j8\
l3]=mw1TWy
NEKb8P
Er sg=v(K
Zs,9ZVys
fGb:gg(/0-p
`szp/w
CL_n"?
b[w2>|
GDLrs[6>1.eB
z=2l+!2zX
A +XR(4YD
L7g+j)kz
';l'3AnT5
34-&pZ
.Y2Q >A%NXHg
'UVuSfou
n_,RxT!E
*|ljX{
_g@Q\WE5c1O{f;6P
BW :dO
@G\6wI7
,9GQ(Uk
!/k.FF
Hk!gX{
4c,,YJ
Twv^CY
X-M;NwA/
`Op]r'A
0Gzqi5^Du
7x~qK4eH
O=]?<$:Dp
3WoR^B%
"&~~QIoH%
M@G,Ih
\~o)gp
zG#*=V^{8
bpxvX>j#?+k
(]K5q*^k`
k/Rh/`zz
!1~j2k
0Lxb!Qd03N
-f iL1
MwI.&d:VF
m\7.d~AsARHz?o"k
bATOJa
=v>DP
v,Sg9
uM)~*)6)hs
+3+SQ5/
q(i4iS
k8,<^'E
eu@8n<
}/(FVcBz%
T.wf*&-+{<T
3`X|F;E
M�A�I�N�I�C�O�N�
Hosts
| IP |
|---|
| 114.114.114.114 |
DNS
| Name | Response | Post-Analysis Lookup |
|---|---|---|
| dns.msftncsi.com | A 131.107.255.255 | 131.107.255.255 |
| dns.msftncsi.com | AAAA fd3e:4f5a:5b81::1 | 131.107.255.255 |
TCP
No TCP connections recorded.
UDP
| Source | Source Port | Destination | Destination Port |
|---|---|---|---|
| 192.168.56.101 | 53179 | 224.0.0.252 | 5355 |
| 192.168.56.101 | 49642 | 224.0.0.252 | 5355 |
| 192.168.56.101 | 137 | 192.168.56.255 | 137 |
| 192.168.56.101 | 61714 | 114.114.114.114 | 53 |
| 192.168.56.101 | 56933 | 114.114.114.114 | 53 |
| 192.168.56.101 | 138 | 192.168.56.255 | 138 |
HTTP & HTTPS Requests
No HTTP requests performed.
ICMP traffic
No ICMP traffic performed.
IRC traffic
No IRC requests performed.
Suricata Alerts
No Suricata Alerts
Suricata TLS
No Suricata TLS
Snort Alerts
No Snort Alerts
Sorry! No dropped files.
Sorry! No dropped buffers.