1.3
低危
64 个模型检测该样本为恶意!
重新分析
更多

21bbfc53a7c8102d680f5eae2f9c8060ce378ef35bad6709bbed57bad084cbb9

21bbfc53a7c8102d680f5eae2f9c8060ce378ef35bad6709bbed57bad084cbb9.exe

分析耗时

195s

最近分析

367天前

文件大小

75.5KB
静态报毒 动态报毒 CVE FAMILY METATYPE PLATFORM TYPE UNKNOWN WIN32 TROJAN WORM PICSYS
鹰眼引擎
DACN 0.12
FACILE 1.00
IMCLNet 0.80
MFGraph 0.00
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
Alibaba Trojan:Win32/Starter.ali1001008 20190527 0.3.0.5
Avast Win32:Picsys-B [Wrm] 20191111 18.4.3895.0
Baidu Win32.Worm.Picsys.a 20190318 1.0.0.2
CrowdStrike win/malicious_confidence_100% (W) 20190702 1.0
Kingsoft None 20191111 2013.8.14.323
McAfee W32/Picsys.worm.b 20191111 6.0.6.653
Tencent Worm.Win32.Picsys.aab 20191111 1.0.0.1
静态指标
行为判定
动态指标
该二进制文件可能包含加密或压缩数据,表明使用了打包工具 (2 个事件)
section {'name': 'UPX1', 'virtual_address': '0x00055000', 'virtual_size': '0x0000e000', 'size_of_data': '0x0000d200', 'entropy': 7.894471213144544} entropy 7.894471213144544 description 发现高熵的节
entropy 0.9813084112149533 description 此PE文件的整体熵值较高
可执行文件使用UPX压缩 (2 个事件)
section UPX0 description 节名称指示UPX
section UPX1 description 节名称指示UPX
网络通信
与未执行 DNS 查询的主机进行通信 (2 个事件)
host 114.114.114.114
host 8.8.8.8
文件已被 VirusTotal 上 64 个反病毒引擎识别为恶意 (50 out of 64 个事件)
ALYac Generic.Malware.G!hiddldprng.4A2FD3CB
APEX Malicious
AVG Win32:Picsys-B [Wrm]
Acronis suspicious
Ad-Aware Generic.Malware.G!hiddldprng.4A2FD3CB
AhnLab-V3 Worm/Win32.Picsys.C116429
Alibaba Trojan:Win32/Starter.ali1001008
Antiy-AVL Worm[P2P]/Win32.Picsys
Arcabit Generic.Malware.G!hiddldprng.4A2FD3CB
Avast Win32:Picsys-B [Wrm]
Avira DR/Delphi.Gen
Baidu Win32.Worm.Picsys.a
BitDefender Generic.Malware.G!hiddldprng.4A2FD3CB
BitDefenderTheta AI:Packer.B927EAE619
CAT-QuickHeal Worm.Picsys
CMC P2P-Worm.Win32.Picsys!O
ClamAV Win.Worm.Picsys-6804101-0
CrowdStrike win/malicious_confidence_100% (W)
Cybereason malicious.ab76d9
Cylance Unsafe
Cyren W32/Picsys.FYLV-4646
DrWeb Win32.HLLW.Morpheus.2
ESET-NOD32 Win32/Picsys.B
Emsisoft Generic.Malware.G!hiddldprng.4A2FD3CB (B)
Endgame malicious (moderate confidence)
F-Prot W32/Picsys.B
F-Secure Dropper.DR/Delphi.Gen
FireEye Generic.mg.b501410ab76d963a
Fortinet W32/Generic.AC.2C8E!tr
GData Generic.Malware.G!hiddldprng.4A2FD3CB
Ikarus P2P-Worm.Win32.Picsys.b
Invincea heuristic
Jiangmin I-Worm/P2P.Picsys
K7AntiVirus Trojan ( 7000000f1 )
K7GW Trojan ( 7000000f1 )
Kaspersky P2P-Worm.Win32.Picsys.b
MAX malware (ai score=82)
Malwarebytes Worm.Small
McAfee W32/Picsys.worm.b
McAfee-GW-Edition BehavesLike.Win32.Picsys.lc
MicroWorld-eScan Generic.Malware.G!hiddldprng.4A2FD3CB
Microsoft Worm:Win32/Yoof.E
NANO-Antivirus Trojan.Win32.Picsys.deaxpd
Paloalto generic.ml
Qihoo-360 Win32/Worm.P2P-Worm.c58
Rising Backdoor.Agent!1.663A (CLASSIC)
SUPERAntiSpyware Trojan.Agent/Gen-SpyBot
SentinelOne DFI - Malicious PE
Sophos W32/PicSys-B
Symantec W32.HLLW.Yoof
可视化分析
二进制图像
数据导入图像 288x288
数据导入图像 224x224
数据导入图像 192x192
数据导入图像 160x160
数据导入图像 128x128
数据导入图像 96x96
数据导入图像 64x64
数据导入图像 32x32
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

1992-06-20 06:22:17

PE Imphash

359d89624a26d1e756c3e9d6782d6eb0

Sections

Name Virtual Address Virtual Size Size of Raw Data Entropy
UPX0 0x00001000 0x00054000 0x00000000 0.0
UPX1 0x00055000 0x0000e000 0x0000d200 7.894471213144544
.rsrc 0x00063000 0x00001000 0x00000400 2.805690510271861

Resources

Name Offset Size Language Sub-language File type
RT_STRING 0x0004d958 0x000002a0 LANG_NEUTRAL SUBLANG_NEUTRAL None
RT_STRING 0x0004d958 0x000002a0 LANG_NEUTRAL SUBLANG_NEUTRAL None
RT_STRING 0x0004d958 0x000002a0 LANG_NEUTRAL SUBLANG_NEUTRAL None
RT_STRING 0x0004d958 0x000002a0 LANG_NEUTRAL SUBLANG_NEUTRAL None
RT_STRING 0x0004d958 0x000002a0 LANG_NEUTRAL SUBLANG_NEUTRAL None
RT_RCDATA 0x0005f808 0x00000050 LANG_NEUTRAL SUBLANG_NEUTRAL None
RT_RCDATA 0x0005f808 0x00000050 LANG_NEUTRAL SUBLANG_NEUTRAL None
RT_RCDATA 0x0005f808 0x00000050 LANG_NEUTRAL SUBLANG_NEUTRAL None

Imports

Library KERNEL32.DLL:
0x463254 LoadLibraryA
0x463258 GetProcAddress
0x46325c ExitProcess
Library advapi32.dll:
0x463264 RegOpenKeyA
Library oleaut32.dll:
0x46326c SysFreeString
Library user32.dll:
0x463274 CharNextA
L!This program must be run under Win32
StringX
TObject%HD
dA0,(dA
4Z]_Zts^2O
;aV{;t#
+WSXc;
t:s+An#4
y]Kni3;
vtPFHFML>5
+[:>GU
<HEx` 8S(@NC&
d2d"h'5
}7&-]S%
c3GJ/xr
%|JW6XJl7
+]rgbU
c;7~7+
M]H`T.
{ ,!tyT2
lDrp
+v6aH;=
pu,zPU`<
ppQp48fR
`?W[aB
Zt0t%&d
T,`.+T
~VT!t1|9
Tg)SjM.S
EP3GEk<f
:=^Nmu
mhLg`Z>{^\H
D(7Gnf
'v6#|@!
ZHQ69sk
`>k[f
ThhX+jdyfd[
e4heC=Br/
5#fF_o
i;{H1`
pz,wkT
G8XMoGK6
} t>-tb
+t_$WhyxtZXtU0'v/}
Dl){-i}p
~ExC[)A vl)#
*tA[ar L0
U"FY12[gl/Y@
k1OH}DDs%0
7.7@v:k
>7bxAz
&Dn2xHW
@aQYR@
b@"E@|oe@p+
-BkU'9p|B0<RB
M~QC/j\
Cv)/&D
dEJzEb
9;5Sc=
];Z T7aZ%]g']
R`%uYnb
4htm\M
>Uhi20d Ee/P3
k@2dYp
TOfpD+
ffG/)?f
OFTWARE\Borland\Delp~\RTL
FPUMaValue
Q.9jK8Q`-+IY
ujVt6Vv<qB~E!
fiYRjX
f}P6m/X^^
a;JBR5|
?GDhxP]Xp7P<O
RZ]vv
v).w k
Pba<tpa
(b]T5RN
{l%`_[=O
9Zd$,_
/'=t&u
nP5wFB
RnL]|th
4K0nx]
Ou^_>b'
&Q}+~C
`_xnpQ\DW
f*+8hu
LN+z.[+x
\`WBp-xX
t)~$Pt
}(Vx#g{
R4EZ7j1!R:
Z).C/-Rf;0
b9:;/_(U
oOEp@P7
JZX[$C
8t2SCn!mX#
-L:H@W[;h0tX-/X
+VO]tc
u%mxN9
1|n[nk
>udZd4Uf
XfA{JI'
TSBx4K"
{Zdu+PJ
m6V]{u
'b)[RR$.Mm
5d0M;{:Pf
u*b+]C
#zd8\+l
+HP)^@_Q\6?@YmVY&
\kernel32.dll?WGetLongPathNameA
";dWQaGwV
e{fdgq{
%yXhG!
Jw=LY/
jV4rajxtd
Qoft~c
wareQcales6V
SaX9.J4?4wAbJ
Rd|}@:
KM#y M@
fAP$#G@HP$
Exceptim
y$qEHeapZ
EOutOfMemJ2yK
EIn]Err[+
t\ApWp$WQ
k d(_ma
PEDivByZero
@RangeWF d(s$lInverflow4Tc,@^4T
yYe<UW<Um
_[d~PoinHV[
[Ca!CYsto[H
EAcssVlaE+`W`W] Prxle
tjlCklW
Fand(Y_,W /(Y
b=+lrr[j
2fPrv8[
@oSafecal
SysU"ls
Z#9A24
I0[ws=<
$OZY3t.ho3Xgf
G8VYch
-%_[KHWV
h})r.UR
x3MRPm
/0_t!F<U
KT?Q(L\
h `DmJDM(*X
R]mh.1
<%6Ju+E
}wQ_BMpZYN
MD<*t"<0r9w9i.
`vQp#M)p
[XOi-j
*"c;g}
mVO_P+wD0E
9v%j#n
9uX^p{0M/^).
]n}n-:s
kZINFN
e%E9vI
*Ya_zHCTIt
Au.!nJys
J~T[YC
---7]su
<D*LmM
5r%{Vv
[]fm8S
|)A->
p4{j*8
d69}*3Q
(o`CDHX`YU!X"X<8C
c,_zKrXp$H
k^Y`#1~#2l
|pgA/p;~X\
V4M.9@0Yt
&+2]&\
R\=T8l_;",
O|rjEa0Q
8<L$H3pc*J
PP$O<=<o5C:a
H@faTAl$
Gsm]a_
|Xx'fr
ht(b-w,
dA1YS!
dU<HtHU3t7G#?#5(
7VZ36>[J.y
`NFnu+"
Aj0eVcdY
@Ut9@q
R"sxZ4urP
9RiPl@Ul=
"%MFW]
WhaJf<`
N(NhN|
@tCh*hTg
GG#2,Nu
pT/GRh+
}gxWe9i
Shl.GW
W}`5j:
oU#A6+Hu.jJL{
GIuS?~
>piX &hDzZt
[$4,@p
26%6 C!!
r l>#@
>'dso[C
m/d//Wm
-\pKh#~s
:~0VTwhD
kFreeSpaceExA
4i,H$8
ie4i`pL
AA\|4s
44lN6D
|d3Hxxht pl
vN6'`\
9PL,ds
iN6,((l
30Y=S>
D@'d84(
o@Nkpr7
0xGWant to
o s a mawiv
cock in
tigh&littl-t*n's pu+y.mpg.pifmOO
C:k"o4
ocu7(sAomy=irape)+exe
5Vear-ld webc~
KSN#lay
t emuZk\PKm[P-Xr}Wm/g("^=K
pU]RH"n'2'jje- x
nu5sc}
noth b=
: vic"fpx
'.nikki]ova"
/`ugdib.{o@Ojob6
[kK1Sutr
-pk/6Vu?KY3BV M1
op*cbbVhZi3uckfL
@F3 gUf
Wbi[HanO
Btn9J8
vtuamad
<%6o(l
a13)#OLkK*MSN
YawfZh
#-_36^
r7&j7lg
=Pdhh4;
UffNwqkh8Rc
-%up>?
([Website2LM:fA
`1wtEUf
I*a*t`gd#x
CD KC_
x#ICQ[$#
kTA 3b5
~Gr"=fau^
_$D1C9
llGm]L
uicqV6
{/Mmt4\
Oi4v_XPee)
[c.s#c
S){]3^7!eoo\"
g(zip7%_
Fg)kBAIM
FZod%%
PS $q4'.erh
$4waoJx
kHs}b6
RBx3*
$,4CaM?$cIsa-%p
+C9aaR
w2ss;7KeaN
,JsiMI
(jkQm!)W)a!,eMi23
Mhv:3G{
hY/,!%
xp8 tH
L6.awbsVF *l
-S&P\Z\.t
<Hl'_7
Hc76T_E
8w~B<\
{h>g(:G]T*d=
H=%lhWH
h<T[ d';
j6,3&;
o%d6}ZHH
KHm0b8
!;E n2!|X
#0as{u}
PJl@CWSetup!j
Kazaa2
I`srPS7 7P2c\md
FK0345:3C1
sbmsM4
rt2s#6G4%CPp&nAsy
6789ABCDEF7
$4M,4<DLM4MT\dlt|4M44M
OOtiOP
<e4M`,
H4MhMt
0M4MHX
@ix3Nc0NM
N63/;MAz
NNN4H4}{u3
NNu' g
<<{3kM{r;
T?b},[N
tq7d`g3
^A-ggp
JOn+a[iF}0
g;utti`
u]>iK
;uc]yx
Ax90gnl3ci
Eb]wsup
}tKk-aCe}
nllcysGv}l)Ye
r)ol-]pmut'
Ldoipb
_tk'\w1vOl
%h{<H]tP
m/mug/$
WQbwh=^A
?JYWFw"&@ sCp
wIfayIg
?w f-a
?{K1wz/
Rgchs%
L! /Thisgram must be run
der Win3[/
$7CPEL
6CODE/$b
}~`DATA
dj.idat>
'@ltls5
MvP'eloc0
dA<84dA
qJ~ppk
NTJ(c&
o,;C^I
/'9=52g'
X?"TB~!cO>A
K%MGNI
c *y
Q`ce(%/8}$`9
AHw_p7
4* 3Q-
B~YSolLiyW1
,9? W]
DNK7J>
+y|$)|J~
;I68@w
fP(0I&cA
;D]usR@B
@(8VAA/
y|B2<@~
2&fK#^OY
/~ /H3FVAAB
Ppv'epn7U
neH91B>a
2*p_|(X
4 y%@
9(_P'<v
$NTP$\
]l ^Vn
@KWr((_
u'|YK~J/Pw$6
G+B{F$9]ahikWD
l,t"+8A
8;v'1#`
8w~';1H
[ t>@1SOW GX
@>%7*(p#T!@
?O!O>H>
eW|TPf[
!ddl@2C~ts@>\APHGIo@8K|C
(8m9 o6V6
{+nAPGo
]A[:o{
?|NB<o
rr`\XT
2 PLH2 D@<
2,($&3
E]$SQRXN
2tplhr"E
J|dYg~
@H]!8E
|{Ep>GHa
TDC.8?
+>;3'4$Aoy
t?f`w&?z
J:n@E
%cH5i&#
*U6[;f
Ur+fJv
F0lc!n
32$O6tONGv kN
!Z{XF
|gV,wc'
FMF)zt
g(6a!L<
*.*#1q
P{hz)DXk5
^A_]F<)L
_b k0Bf
U4 vI:g1X
SaC6$S
<6$Z'ZO
"HX@*-i"J>6H1YhHY
@HtJU'|h
/\F"N
M~- H[
scAMgH
FCu'k=PIj
d9B9UF
_z[A6 l[
g$C"OEm
P2dwiL
y%j}gE8
Pfv&gdv[
U|g0[
Y0c('D3r
nJfC[0phe
v: 1.31
S type
#3.1 +@
xN.{98
direq&kctRy
B.;UNa9
[ (Siz{
s@B4h[BdC
(9RK{V
;XPm}
/yZK;";f7H6&
L-hC6`
1+xZ$\':s
R8'fFg3Jk<g&
j.<9i|
glf*HS
c#.EfE
tV<<Q[
GET /cgi-b/w.
F HTTP/bV4~O8SHost*~.s-Agen
LynxTx/7.5fwlibw
a}O{nT
j[*2VK
:$N<e9)hd[
I5(eS3UGH
60GSt!P}
-Dh=6r{
=l9'Thf
Ag"H6/
@Df$q7f
<DGV_J]BN][
AJ[{jV
!qKkiI
Y?)!Ia
g3;p`qr?'6'c1
='J#Ks3
Irem9+
-"ht2SL
{Pk<>l
wNK}d#
1?=vFx
$K;47< 2
Z+9aNRw
rmRC:S
H6<</E
PmaVx!
$e5E]0
Sj?Wh<3
Mr]t[e}7<+8Il4
(KP~KERNELo^
DLLRegis*MTicePro#(E
0xFF0B/nL3
7\mZexcw_/krn
("xmovj
N-ROMoJ
\!Y^&lf|
*i8HTbxii4
".JM4M\lxM4
M4M"8J^n~4M4t
RdvM4M66
|KeCriYcalSebE
Ale/Ysi
oOGkTh
lA-S[p~foA
'L!_*OG
_Comm#Lin:
brdymh/
{T6?nhI
E-Of<At2+l@wi
$$[haDeQ
&_dHk[G
yvmTGBp
C[He4hu35Ke
d9MageBoxk7b9r2xt
-AJpi9Q>
uJybE,
o{aut?2"
N(6"ufB
ofsourcqu4M`Mp=6#
L<;@ f
qR2pH{;
nsl.-
`Rcu6ln4Ak
k$WSACn&
AsyncS
-Fcv|4n_
jel+z'
r7vw1oh
dndcJbiIj
$UTz:.1
:MZ<Tm
ool7Rich'
.t;J '
8%|Sn'`T+U?
<Fh7YE
f~3*UN&
4xP39FTU
_~-}$0%
*7C[*Vj
=&R%-I
G8@(II
]w<Vs+
zW^1^,2
ZXSv,WMF
Y?~t;3w,9YFj
^Vn4(~
V jp*u_h
yBUCWMw43.'Un
NM@6$MS
,('q9j ~
6'j/z7s
U=?)`lEmhwi
>>5^T`
<+%2Dwz}
@UyFYlK,l;)
tq_ uYN"
meE/Ao
h(@#TWn&Nl
.`bGwD@'/-3pDGD
pBA%v
l~8P4Y#7#4
u4fW)Ma&
/Zp~[w?
#CtH5.2
Al}y8yxJu$n
Y^(p'N2;O}
A|HsX*
akL(x.1$ G~
Ft0iK+
vE-N4=]}
+NV@HXl
F@G>DbBl
3j>B"J0pa
AmGjW[D
soxr-^t
4[G}1^9
;5lDw!qlu
h@7j'W
_w6#F!G?4]w_
D<4U5M,$
4MAK5Mt!.
|VK|K
EZ[4M]
UqB7*f_d
x*r_ *p
~~3-nr2J_
x8t68t't
-wN:B7
kVngni
j8Kpvf
SU*.~
a$5"s^h
CW::wh(
9M}wBVe
CH;rWE_Y@yS
3T5BKQ9
wSUH(Zn
xf/V[X
^;^}%95L~
X#xwQ!e
sMFG@3
y?Vct, ZH
AKLTG%t
jvxxd;*d%
rXi>\8
WY_6]`f7W
DVM[]$
u+u!9$
?{A_/@B[
n@>;vb
LRIJo,g
g,QC2?=
uY$js{
to[p[`
/<heUV
kV\XMvLQWu
?$s~^;
E0\34*
WGTC|N$T
AqOC7iZv0@
(Bw<GwH
)OI;\+5^q\9@
NY>_Iz,_;S$>!\
YeNKYKY
YK6\3x
l!OGZs
u(!!Nv
%vywqm
.+au{X
l=jKYKK\$
ayAX2N
{aa)"t
2Pntll
(08@rDdP=
wv(nl+
FWW>^FGShH0
8-[gtfa!.YWM
(h d(6Pq
* B^6I
9ffzk'
WtgB>+sQF
[U[Du|
He3G&
xUo!H;
MyHHt
Nf+m f
D<2^)Z
tH|u.g:*u
.]'<+/
g0=lH!
=R[pa
:cA=tV!
'a[E{[
90n:W$@
CGPCA51
'A^fp4.B
K8u]1&<
u6?Ksm|
;Z21Y+
~PKgd{d9#=
yuFX^=
C~N=>=9.=
vXQXY_
f,92nt
GUtJAy,
pPjh|J5
,.$t(4vBq
hcEmTR'
VC20XC00!
%V3x<%!nd
"}Y]65
I"UU{c
a/'$PV5
j{(kHZ
6p o7I
@"t)%A{
"\3@D,
7I!-p`C&33u
%!<} \
d'\g\3
VSt2:Lt<m_`Ht
8X-``;m
Q|xm9=g}VL
hl,AX&k0'
V@VU!u,
M4MT\dltB
S,AAK
KhVtc<@
iJD.WS
BDZlA0
Q)2)uf
gWQOSM
;NQ=#Qr
s@D:*D
k-[jZm
CA8Lpm
\ur#Q9B/
V+;as)
, @-,t
^UYA%oI
p6,63n
D AQ;vKp,|
V:|{&.`
2QI8Cr*h`E
8PbE[1
g]Sp*O
NL`^2o*nPn
tt0B=LG
(J1Vw!;
p`Y 5u
%JG@VO
\P_k;P
R@y~G>E
+CU|Si
aAV;Pp
|7SWU[Z
BY_[jh{]
VVI&X#
Q7 LJ
'G8t,A<
`m8`xw
w0QYlK
Q<)3HP
97t2Jm
{Cy4l,AS:,l?
<E=DZ#
|)(#|}
G;[|^qBAOO"
.Jv])^,
Z)P,Su7f
.D7$A"
_Y(aPY
4OJ;pF;s|,"9
7EKVl[
\`}p:|#Q9?Bd
$"Dh0
x @LXiili
*8FTb4M4~ie
,BiRb~i
(mi6HTfx{4M
50 (8PX70
)(null
TLOSS
v- K|XP
A~ugh s
std5Z,pur+v3V
b(_4_*kex\/X
_N19opeX1s
+[k8F$ed
+m!ck/
Z!rm{!<
AF*+0.+8
argu(s_02
=fnngf
C++ T38fMO
\E=Pklwn>
, MD45
AD1^emb+Nov
neAilp'
g_W{{SKGC7yC?K;3#
{C;7/'#s
&s.-s9
./wwp@\v{p
WSOCK}@@
MjPabe
D5lqaw!q!
W.e/ToMdBy
qFFP<7Z
@91OEM
sh[Buff:a!
%7d^y A D*3z>"J
J/html
f/ls,>:</
xnn'%s'1{n
.#r.(5_
-?a404 N-sl+x9n
*'kRZh"U
7200@_l
yI /2..02;4
.:t+ps://
AC6`P3R
4M7m p
Kj@$@
^_r+_j291~tY|@v4
04M,($
xpdi\PD@<
uw.`WYw
'X/cp(c
kST[PD,]?
bT 6XsH
'`e=O!@_s.hImpla[Y4
cpxBB|"ase=C;Z rtye
[CLS:C
[dD9cDLG:IDD_CHOEPA
U.S.))1
=VC_TY.D,butt%,134#2373892FILE$
1772%J3`I
PWD1@D )
p?] E#
9dHb: /
WhE;Qa@W_I
WE{d}"
w1]n_[
hZ\8fgsj
fvZwQmZ
_*0M2[{
Blh'?*[f;g
PHV'v^c
H*w*|W
D$^H0j
;o:)V="8
$|hd2A
UJ[( C
Ov+:k=owEp
2 x|2
Ie+rlp
BE?42/tc
(ud$CSwhoisQ3]EicHu
@%',RE53`l@
a@Le![iEi
E@ud;H.mte7
7boo:67]![8,*
'9rje7ne
fe;g$9
k?8YTY*$
ul_port
+C en
Dd:%u2
%j{(sOVcx
)='ID/X*,
E[hk*!l-Z<-a\lf9\
sf[()G6e!a
ov *5lb-
&ye520oN<
%cGr%n>30rpc!nfenLf!1chEe
Mvd-cD"AMIT
3JI&wskQI&2
0Cc&wK&3v--rgy7Fc
>P^niixi]i
4Mt/4T
4M(0:DT
+*Y#++K0t
UA|_sX
emcpy5
1109FPDs
2`9WI142a
Rpsy08
)d5:-#V
ad3/!Ey
(^lR>a
varcDH
ePJZF`
o`Q^Ddsao4
KERNEL32.DLL
advapi32.dll
oleaut32.dll
user32.dll
LoadLibraryA
GetProcAddress
ExitProcess
RegOpenKeyA
SysFreeString
CharNextA
Rv)kvD6kl
BQD=]sxH;(~P
RaXO>Ae==
`\\IBy<
z.ksO;GU
S5V{j}.<
WMpdc5
QW2EC>0D
Eil!~(
v8T75Rr
<rqAH2~O
2b='DH0wX
(0kgUJEs6
?zsKH&jV
_ygN\ql,%
OJWt}MIE8Y~
_Yl.7XDS
Wex*0GqdQ6
\eKNX^+
<M[xU^9\!
|5{,X.:#s
sNs^yt"Yz@
+Nx2r1k
#n_!Mz
JM8xWA3+
L!6>DPdGA
YCTLs<`
stIIkZ!
m#AOmcm
7?1o7fmFe{@k
*Mr}#O
PI4F#4
?O0+D`V
<R;pE7
BLm%%oN
'H[&>kRG
T{?TbX!T
m0|%y{~x<
wDJ}2g
JN5^b.V
W!K,:k~W
HNNe.aMR+LA
S/X"eZ
QiD}S9LsDq
dRVQH@
_}(m~B
pApBgC
$eR5WfZ(}
EIS3p
LM.$Ln7
aJ,r#Yt]
W+mIe6J
D0W2HHOiw
&Z!&M)0
2~anKa
:ix*PZ-xZu
~Q_ym6
S:UmQ#
ZoOK/!vB
0pgjm;
=nXz0J[
[<%,Z?z+U
^lTHmb"(DU
7w*+B2
>DVz))z]=cux{\D8
gdzB/f.Mo
KI61k@T
9vxRA;iA
g&o6,hW jqM
sj'(4I
%?`b56aJ;
8ESO@6
G^]!<N}(9
f9G|Cw
Y}R@&&?b
{?q:*=w
QG:}f x@&
ZX>+ C;n
+?MwErbd$
_<O(( <
*` rxg
-_nddQ
bbj!OV;
rA0='GF6(um3PF]
9/O>Vy
Qm\hM]Q- >
\YLl4eMn
7H+5Lr04a':P%H9
:sxUB4U".5]lsu
+|k>)v
Fj3~@v
r+2{\1
w4Ca(n
>tWF$y\
n&P?a
#SA,&+
GHUo*l,>
9J]z%L3
#&".X2j*s{'
Pe#x.-ry
MEXfO
bv~M$xS
=(8W6}<;/W]
0^2dLWHP1
Lt!Vni
[qJrsH
3%-v)4
,dW9
o+!jLQ#.i
x@8^h,
}-.*h\F.-R
*8r((Wyd
||(h;8IItZ6[i
n"5YK3
Szi*s1
Y!3&]y3b
tc74r2%PS`
#'w7j%#
C#)~NH
(5nAI8
jhMy|1
8jWqV T#1
ofiupL
>WB/%kB
_SF,j*W27
:}5k+
a"w-NO
6TCha+
u(~L1p
=.t*;-qdX|/.{`2
T>sON 2lT
4<Nk[z_
>wQQ#PKKQt1y
f'7UN`@
2ONgSw
?(v^L>
q<"ci>aN
:r~[}Uxj{%c
m[w[sT
/]6m7C
)[E)2(p^
$2HLWZN3+
d@-A!MUL.
{-F0Lq~[Q-)
d`z&{[!uq>i
eX}qp:_
+GUN(j%*
O}~A_d!S
m6X&(}
HazNsI{~X;p%
Mkn9Ke_HP
r*n&C1
eTiX>F|5Nvj]
%y.(t
n[ORAv.8
HFk5FK
X?$<O@WBRb
>r%z}g0
8\&EeLW
_?q?RTlZg
63M#ELm&E>
AsO\
mjicBW
j1/MbO
XayT|%QDmeAiQ
T850ot)
!Gfw@zUl
{);)gS
g I9ZW[
[I(=xT.
5'#nrw
*r/hR
h*I-U=;XdnjK-
JF5= O
gksuQ&
gy"D[Z
G&CRmV)& 5$x
Y*o5}u_
%b3]N6
-Mq$>g
TwQ@FNR
8udT+X.{
f%Fn m{;E
{hy3({k'8
&X?i|>
s8!T8l
HXmRzG<V
s"m:1p'Wzag
W.4$[.
"U*Nu0
/@PW29
s}=!U\
ovG59(_EQ7
XG=';m
v]]`gkhZL0+I>j
Qj{b:H
6)c\QG
-_duRq
QSKKT%
,LQachba@rc
FzO*6#kD
6zoqYE
Y(ZV7y
B|vNH^v
~/""t<7C
IuU\0T|Ivyq9(T0y]M=5
A8},mlB
Q\=Qi3:
I6l2i
G1+`AMR
2le@WC
D3GFgm@RR
[&r=*q
R4vdYrhkFe
wOvy%^XTaV
bO'GVO
3p'JrR&o
Ocv0'O
W<N_1+)
v\a.82
0=j&sm+M
o/:mS,+!
SN5>'E
PuY9h=NsJN-
pMoiK32e
G'x6TGnd
H@Wsmk-
%\ DV@e]R@/YN
}z{61mf
Q'?Bo(~IKv9$
>x*.@-$Adw`
\)(q"5v
u/W~^tD
j?%Pu[8
.Mi-rqzQ~Xgj|nq
v;1hR1
@<3{HY9Nut
N4a^7eYl!G
4KSI8
6Uul(.
e+X%h"nN8
AMo{-`
>uT*%N5}
a;ghVcHf
<C\tD(
_4Nvcb$Qx|
5g#As<
=yF,!,
2,px;h
TGz 9}~
UD52ID
FmI]zbt!G1
`D$wkj
~-v;%55@IzHmU"
68\%Ay.\
122xc]PCES
@}Cl13mT
u{-+?H
l\N`::
KIU!Z2{
-">E#i},
+a@eE3_+
,-A7j8I
L18TyR
tM5$>8K
}S0!Ggsj} B
&gN^T#
J2??YyP=(
} y8!4
-RO^!{#T
9eiZ}=fBHQS@VbM
s>FtZ>)E
dnHiL
CWg\Ma
VKk<SXg
XU^QshF?
@YB5<02
eVp[{[
"'}/ceSo?"V
DsMkf-4\
w3ip^y9
{SA1k//i
g%a/@(
4#E<uDKnc
kr+nFm(ZP;
0Vf!69
G`R^4 XY7M$8?(
Kt,c?%hx6!qo
lL&a'5y
$t=NCHJ(
\NKJRz^eO
GyQbwM:I
?`#u,k
#jerSb
%aJr!>N14
1~_Q5b
9T5#g3y@ertf_uMg
rMkUec,+
=JD#N^
$1|R{H
RA41>y6<
3l>/.3
g)(jiBziE
:!l%"&b
@Af[}V:+dg
+(ZHp0
CiW'+!@z}.`Sx4P %ZYt
PSo$.JG\zmroe^
rz2MqD
iI$k ;&
G08^kR7Z#
M]>VIO^P.V\}Mb
$*_yV(
LHm$ <e}*zqil5Q
T{|U^T)
a<j5i:H9-Pd
up'h0E4`qze
ea%9uk
4_;~2
7B?wrM
ufSh`Je&cJ6
CllY3#G
::P65f
JkBf ~
O'70aCfL
O/.M3
<g+EVU
s'a"O1hw
iJH74toC*?o
r-,dH:]R8/|
8kpE]I
CZKV\
G)m9:_aN
C5U4n5YlIZ#>
w_@DV16qQy
v-SDyR
Wiq50|
ZdigYaP[}|r
of2eLVWNE D+rCsl7C
})v7T}'
=9G.z{_
<<No.u
5rv!{o
pLhp!')44(
YKxtE:})[L.
`nyxjur^u|8qqeQg/SO
}Rug2pZ^
dC(`Xh
+,p^ygUS,Nu
5?R[Yr
n($~s5e
J>5vf}uI{~;:
6wx3w
5.)5F0.<TwJ8
xOsP'0
#I.OdUm
QA-jPaG)16O~
iT9TU<n
3><sB`
$JI(VB
u4&. ^
4PSW;i/iE>M4
,K|Wu-AQC:qT
1FR{Gupe?eP
8qCh250*M
ct8h`e
r;M*
wzT~GLA
J)nTAfxZ!
e)Evw)pqAU&9
t,"HLcJ
QV!TrhC
NN?Z/l
-c)Z~^\
<T_6ir"piM:
<MFnOKM
_oB.~"O_TY
}kjg,k
u!#iWL
FW(`3t
E\C `
uOK\W+
ZKqCq$wJ(Hr_vo%
>WQfDKp|Du
(~(C=
`(M=MJzCC
ls<6kL<
:6gBs@=z
K=|D^y
(1_('_*nk%.bg
b>(O{rVhi y
h7L,yy
g'Uw^ML`#'J
?$ogHb
qU9P;HF
Ws^q LY
NzznBzrt,K_f
#eERD5iaxCD{d
$;:Lg_&TH
G!0.KJ
LI_3o1]
/6g4yG
H]ITCC>K
qgGpX{
"Rr95D@
lMBzC#*u
#1p-:<0vH(`T;Yj
BRC{U}1
JG_0TU
q%+J$I@?g
R$'A|gWj
rz3Hf
;o"";< }\+T
8!A9]7)-ETh>wN<
1NDP/4
n/.vgZG I.z
[mBZx;
.\|Dq~
3oT=_m61
&\i9M~7R6
Hu+1_Q7{N
!m|u<C>L
Q[VG Xje
wHO'gg>WtlQb
zV::iqVL
<7/IXZD~$N,)e=6/
O><k2'E'
)T4^rJb
)d\wd_kQ
sZJ#@*?EMC7i
xik$VuI<
zH'`:x1>h?
WDUceFeu
~}`mp3l*J
DVCLAL
PACKAGEINFO

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 53179 224.0.0.252 5355
192.168.56.101 49642 224.0.0.252 5355
192.168.56.101 137 192.168.56.255 137
192.168.56.101 61714 114.114.114.114 53
192.168.56.101 61714 8.8.8.8 53
192.168.56.101 56933 8.8.8.8 53
192.168.56.101 138 192.168.56.255 138
192.168.56.101 58485 114.114.114.114 53
192.168.56.101 58485 8.8.8.8 53

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.