1.3
低危
DACN
0.12
FACILE
1.00
IMCLNet
0.69
MFGraph
0.00
反病毒引擎
| 查杀引擎 | 查杀结果 | 查杀时间 | 查杀版本 |
|---|---|---|---|
| Alibaba | None | 20190527 | 0.3.0.5 |
| Avast | Win32:Malware-gen | 20200709 | 18.4.3895.0 |
| Baidu | Win32.Trojan.Kryptik.jq | 20190318 | 1.0.0.2 |
| CrowdStrike | win/malicious_confidence_100% (D) | 20190702 | 1.0 |
| Kingsoft | None | 20200709 | 2013.8.14.323 |
| McAfee | GenericRXBC-FD!B504DFEB42BE | 20200709 | 6.0.6.653 |
| Tencent | Malware.Win32.Gencirc.10b9ccb3 | 20200709 | 1.0.0.1 |
静态指标
动态指标
在 PE 资源中识别到外语
(23 个事件)
| name | RT_CURSOR | language | LANG_ROMANIAN | filetype | None | sublanguage | SUBLANG_ROMANIAN | offset | 0x00007e90 | size | 0x00000134 | ||||||||||||||||||
| name | RT_CURSOR | language | LANG_ROMANIAN | filetype | None | sublanguage | SUBLANG_ROMANIAN | offset | 0x00007e90 | size | 0x00000134 | ||||||||||||||||||
| name | RT_CURSOR | language | LANG_ROMANIAN | filetype | None | sublanguage | SUBLANG_ROMANIAN | offset | 0x00007e90 | size | 0x00000134 | ||||||||||||||||||
| name | RT_CURSOR | language | LANG_ROMANIAN | filetype | None | sublanguage | SUBLANG_ROMANIAN | offset | 0x00007e90 | size | 0x00000134 | ||||||||||||||||||
| name | RT_BITMAP | language | LANG_ROMANIAN | filetype | None | sublanguage | SUBLANG_ROMANIAN | offset | 0x00006cf8 | size | 0x000000e0 | ||||||||||||||||||
| name | RT_BITMAP | language | LANG_ROMANIAN | filetype | None | sublanguage | SUBLANG_ROMANIAN | offset | 0x00006cf8 | size | 0x000000e0 | ||||||||||||||||||
| name | RT_BITMAP | language | LANG_ROMANIAN | filetype | None | sublanguage | SUBLANG_ROMANIAN | offset | 0x00006cf8 | size | 0x000000e0 | ||||||||||||||||||
| name | RT_BITMAP | language | LANG_ROMANIAN | filetype | None | sublanguage | SUBLANG_ROMANIAN | offset | 0x00006cf8 | size | 0x000000e0 | ||||||||||||||||||
| name | RT_BITMAP | language | LANG_ROMANIAN | filetype | None | sublanguage | SUBLANG_ROMANIAN | offset | 0x00006cf8 | size | 0x000000e0 | ||||||||||||||||||
| name | RT_BITMAP | language | LANG_ROMANIAN | filetype | None | sublanguage | SUBLANG_ROMANIAN | offset | 0x00006cf8 | size | 0x000000e0 | ||||||||||||||||||
| name | RT_BITMAP | language | LANG_ROMANIAN | filetype | None | sublanguage | SUBLANG_ROMANIAN | offset | 0x00006cf8 | size | 0x000000e0 | ||||||||||||||||||
| name | RT_ICON | language | LANG_ROMANIAN | filetype | None | sublanguage | SUBLANG_ROMANIAN | offset | 0x00007fe0 | size | 0x00004228 | ||||||||||||||||||
| name | RT_RCDATA | language | LANG_ROMANIAN | filetype | None | sublanguage | SUBLANG_ROMANIAN | offset | 0x000079c8 | size | 0x000000d4 | ||||||||||||||||||
| name | RT_RCDATA | language | LANG_ROMANIAN | filetype | None | sublanguage | SUBLANG_ROMANIAN | offset | 0x000079c8 | size | 0x000000d4 | ||||||||||||||||||
| name | RT_RCDATA | language | LANG_ROMANIAN | filetype | None | sublanguage | SUBLANG_ROMANIAN | offset | 0x000079c8 | size | 0x000000d4 | ||||||||||||||||||
| name | RT_RCDATA | language | LANG_ROMANIAN | filetype | None | sublanguage | SUBLANG_ROMANIAN | offset | 0x000079c8 | size | 0x000000d4 | ||||||||||||||||||
| name | RT_GROUP_CURSOR | language | LANG_ROMANIAN | filetype | None | sublanguage | SUBLANG_ROMANIAN | offset | 0x00007fc8 | size | 0x00000014 | ||||||||||||||||||
| name | RT_GROUP_CURSOR | language | LANG_ROMANIAN | filetype | None | sublanguage | SUBLANG_ROMANIAN | offset | 0x00007fc8 | size | 0x00000014 | ||||||||||||||||||
| name | RT_GROUP_CURSOR | language | LANG_ROMANIAN | filetype | None | sublanguage | SUBLANG_ROMANIAN | offset | 0x00007fc8 | size | 0x00000014 | ||||||||||||||||||
| name | RT_GROUP_CURSOR | language | LANG_ROMANIAN | filetype | None | sublanguage | SUBLANG_ROMANIAN | offset | 0x00007fc8 | size | 0x00000014 | ||||||||||||||||||
| name | RT_GROUP_ICON | language | LANG_ROMANIAN | filetype | None | sublanguage | SUBLANG_ROMANIAN | offset | 0x0000c208 | size | 0x00000014 | ||||||||||||||||||
| name | RT_VERSION | language | LANG_ROMANIAN | filetype | None | sublanguage | SUBLANG_ROMANIAN | offset | 0x0000c428 | size | 0x00000264 | ||||||||||||||||||
| name | RT_MANIFEST | language | LANG_ROMANIAN | filetype | None | sublanguage | SUBLANG_ROMANIAN | offset | 0x0000c220 | size | 0x00000206 | ||||||||||||||||||
该二进制文件可能包含加密或压缩数据,表明使用了打包工具
(1 个事件)
| section | {'name': '.data', 'virtual_address': '0x00003000', 'virtual_size': '0x000026e0', 'size_of_data': '0x00001600', 'entropy': 7.537076091616508} | entropy | 7.537076091616508 | description | 发现高熵的节 | |||||||||
网络通信
与未执行 DNS 查询的主机进行通信
(2 个事件)
| host | 114.114.114.114 | |||
| host | 8.8.8.8 | |||
文件已被 VirusTotal 上 61 个反病毒引擎识别为恶意
(50 out of 61 个事件)
| ALYac | Trojan.Upatre.Gen.3 |
| APEX | Malicious |
| AVG | Win32:Malware-gen |
| Acronis | suspicious |
| Ad-Aware | Trojan.Upatre.Gen.3 |
| AhnLab-V3 | Trojan/Win32.Upatre.R153994 |
| Antiy-AVL | Trojan/Win32.AGeneric |
| Arcabit | Trojan.Upatre.Gen.3 |
| Avast | Win32:Malware-gen |
| Avira | TR/AD.Yarwi.oikyx |
| Baidu | Win32.Trojan.Kryptik.jq |
| BitDefender | Trojan.Upatre.Gen.3 |
| BitDefenderTheta | Gen:NN.ZexaF.34132.cq1@aaaKtclG |
| Bkav | W32.AIDetectVM.malware1 |
| CAT-QuickHeal | TrojanDwnLdr.Upatre.A3 |
| ClamAV | Win.Downloader.Upatre-5744092-0 |
| Comodo | TrojWare.Win32.TrojanDownloader.Waski.FSA@5su3z8 |
| CrowdStrike | win/malicious_confidence_100% (D) |
| Cybereason | malicious.b42be7 |
| Cylance | Unsafe |
| Cynet | Malicious (score: 100) |
| Cyren | W32/Upatre.AX.gen!Eldorado |
| DrWeb | Trojan.DownLoader14.7198 |
| ESET-NOD32 | a variant of Win32/Kryptik.DNCM |
| Emsisoft | Trojan.Upatre.Gen.3 (B) |
| Endgame | malicious (high confidence) |
| F-Prot | W32/Upatre.AX.gen!Eldorado |
| F-Secure | Trojan.TR/AD.Yarwi.oikyx |
| FireEye | Generic.mg.b504dfeb42be7863 |
| Fortinet | W32/Kryptik.DNCM!tr |
| GData | Win32.Trojan-Downloader.Upatre.BK |
| Ikarus | Trojan.Upatre |
| Invincea | heuristic |
| Jiangmin | TrojanDownloader.Upatre.qlg |
| K7AntiVirus | Trojan-Downloader ( 0055c6c71 ) |
| K7GW | Trojan-Downloader ( 0055c6c71 ) |
| Kaspersky | HEUR:Trojan.Win32.Generic |
| MAX | malware (ai score=81) |
| Malwarebytes | Trojan.Upatre |
| McAfee | GenericRXBC-FD!B504DFEB42BE |
| MicroWorld-eScan | Trojan.Upatre.Gen.3 |
| Microsoft | TrojanDownloader:Win32/Upatre.BN |
| NANO-Antivirus | Trojan.Win32.Dwn.egvwmz |
| Panda | Trj/Upatre.B |
| Qihoo-360 | QVM06.1.Malware.Gen |
| Rising | Trojan.Waski!1.A489 (CLASSIC) |
| SUPERAntiSpyware | Trojan.Agent/Gen-Upatre |
| Sangfor | Malware |
| SentinelOne | DFI - Malicious PE |
| Sophos | Troj/Dyreza-FY |
二进制图像
288x288
224x224
192x192
160x160
128x128
96x96
64x64
32x32
运行截图
暂无运行截图
该样本运行过程中未生成截图
PE Compile Time
2013-05-18 08:22:46
PE Imphash
ceb4df4fc7a32291bf4220f8b82c5b56
Sections
| Name | Virtual Address | Virtual Size | Size of Raw Data | Entropy |
|---|---|---|---|---|
| .text | 0x00001000 | 0x00000d84 | 0x00000e00 | 6.192751458830495 |
| .rdata | 0x00002000 | 0x0000092a | 0x00000a00 | 4.5165088462219725 |
| .data | 0x00003000 | 0x000026e0 | 0x00001600 | 7.537076091616508 |
| .rsrc | 0x00006000 | 0x00006e60 | 0x00007000 | 5.428713269791334 |
Resources
| Name | Offset | Size | Language | Sub-language | File type |
|---|---|---|---|---|---|
| RT_CURSOR | 0x00007e90 | 0x00000134 | LANG_ROMANIAN | SUBLANG_ROMANIAN | None |
| RT_CURSOR | 0x00007e90 | 0x00000134 | LANG_ROMANIAN | SUBLANG_ROMANIAN | None |
| RT_CURSOR | 0x00007e90 | 0x00000134 | LANG_ROMANIAN | SUBLANG_ROMANIAN | None |
| RT_CURSOR | 0x00007e90 | 0x00000134 | LANG_ROMANIAN | SUBLANG_ROMANIAN | None |
| RT_BITMAP | 0x00006cf8 | 0x000000e0 | LANG_ROMANIAN | SUBLANG_ROMANIAN | None |
| RT_BITMAP | 0x00006cf8 | 0x000000e0 | LANG_ROMANIAN | SUBLANG_ROMANIAN | None |
| RT_BITMAP | 0x00006cf8 | 0x000000e0 | LANG_ROMANIAN | SUBLANG_ROMANIAN | None |
| RT_BITMAP | 0x00006cf8 | 0x000000e0 | LANG_ROMANIAN | SUBLANG_ROMANIAN | None |
| RT_BITMAP | 0x00006cf8 | 0x000000e0 | LANG_ROMANIAN | SUBLANG_ROMANIAN | None |
| RT_BITMAP | 0x00006cf8 | 0x000000e0 | LANG_ROMANIAN | SUBLANG_ROMANIAN | None |
| RT_BITMAP | 0x00006cf8 | 0x000000e0 | LANG_ROMANIAN | SUBLANG_ROMANIAN | None |
| RT_ICON | 0x00007fe0 | 0x00004228 | LANG_ROMANIAN | SUBLANG_ROMANIAN | None |
| RT_DIALOG | 0x00006dd8 | 0x00000052 | LANG_NEUTRAL | SUBLANG_NEUTRAL | None |
| RT_STRING | 0x0000c7b8 | 0x000000f0 | LANG_NEUTRAL | SUBLANG_NEUTRAL | None |
| RT_STRING | 0x0000c7b8 | 0x000000f0 | LANG_NEUTRAL | SUBLANG_NEUTRAL | None |
| RT_STRING | 0x0000c7b8 | 0x000000f0 | LANG_NEUTRAL | SUBLANG_NEUTRAL | None |
| RT_STRING | 0x0000c7b8 | 0x000000f0 | LANG_NEUTRAL | SUBLANG_NEUTRAL | None |
| RT_STRING | 0x0000c7b8 | 0x000000f0 | LANG_NEUTRAL | SUBLANG_NEUTRAL | None |
| RT_STRING | 0x0000c7b8 | 0x000000f0 | LANG_NEUTRAL | SUBLANG_NEUTRAL | None |
| RT_STRING | 0x0000c7b8 | 0x000000f0 | LANG_NEUTRAL | SUBLANG_NEUTRAL | None |
| RT_STRING | 0x0000c7b8 | 0x000000f0 | LANG_NEUTRAL | SUBLANG_NEUTRAL | None |
| RT_RCDATA | 0x000079c8 | 0x000000d4 | LANG_ROMANIAN | SUBLANG_ROMANIAN | None |
| RT_RCDATA | 0x000079c8 | 0x000000d4 | LANG_ROMANIAN | SUBLANG_ROMANIAN | None |
| RT_RCDATA | 0x000079c8 | 0x000000d4 | LANG_ROMANIAN | SUBLANG_ROMANIAN | None |
| RT_RCDATA | 0x000079c8 | 0x000000d4 | LANG_ROMANIAN | SUBLANG_ROMANIAN | None |
| RT_GROUP_CURSOR | 0x00007fc8 | 0x00000014 | LANG_ROMANIAN | SUBLANG_ROMANIAN | None |
| RT_GROUP_CURSOR | 0x00007fc8 | 0x00000014 | LANG_ROMANIAN | SUBLANG_ROMANIAN | None |
| RT_GROUP_CURSOR | 0x00007fc8 | 0x00000014 | LANG_ROMANIAN | SUBLANG_ROMANIAN | None |
| RT_GROUP_CURSOR | 0x00007fc8 | 0x00000014 | LANG_ROMANIAN | SUBLANG_ROMANIAN | None |
| RT_GROUP_ICON | 0x0000c208 | 0x00000014 | LANG_ROMANIAN | SUBLANG_ROMANIAN | None |
| RT_VERSION | 0x0000c428 | 0x00000264 | LANG_ROMANIAN | SUBLANG_ROMANIAN | None |
| RT_MANIFEST | 0x0000c220 | 0x00000206 | LANG_ROMANIAN | SUBLANG_ROMANIAN | None |
Imports
Library USER32.dll:
• 0x402040 LoadAcceleratorsA
• 0x402044 LoadIconA
• 0x402048 RegisterClassExA
• 0x40204c GetMessageA
• 0x402050 LoadStringA
• 0x402054 TranslateMessage
• 0x402058 DispatchMessageA
• 0x40205c BeginPaint
• 0x402060 EndPaint
• 0x402064 TranslateAcceleratorA
• 0x402068 LoadCursorA
• 0x40206c ShowWindow
• 0x402070 CreateWindowExA
• 0x402074 DefWindowProcA
• 0x402078 SendMessageA
• 0x40207c DestroyWindow
• 0x402080 PostQuitMessage
• 0x402084 SetFocus
• 0x402088 UpdateWindow
Library KERNEL32.dll:
• 0x402008 HeapAlloc
• 0x40200c GetStartupInfoA
• 0x402010 GetModuleHandleA
• 0x402014 ExitProcess
• 0x402018 GetCommandLineA
• 0x40201c GetProcessHeap
• 0x402020 CreateDirectoryA
• 0x402024 GetCommandLineW
• 0x402028 lstrlenA
• 0x40202c LoadLibraryA
• 0x402030 WriteProcessMemory
Library GDI32.dll:
• 0x402000 TextOutA
Library SHELL32.dll:
• 0x402038 CommandLineToArgvW
Library WTSAPI32.dll:
• 0x402090 WTSEnumerateProcessesA
• 0x402094 WTSLogoffSession
• 0x402098 WTSQuerySessionInformationA
• 0x40209c WTSWaitSystemEvent
L!This program cannot be run in DOS mode.
[[[AG[A
[AB[Z[AF[A
[Af[Rich[
`.rdata
@.data
\n3NTBB_BBN
PFULSVu
jhVjdhHV@
UjlREE
t@=d @
pdwuUDV
<"u>"u
HtiHtS
|3_^[]
PQ3_^[]
RXQ]]]
P(MQhxX
+j }WO<
P(MQhXX
P(MQh4X
]2^]Up
Au^H;E
URE3PM3
3EEt"N
URE3PME
4Q4RLP
Educate
Quxtim
UpdateWindow
ShowWindow
CreateWindowExA
DefWindowProcA
SendMessageA
DestroyWindow
SetFocus
PostQuitMessage
EndPaint
BeginPaint
DispatchMessageA
TranslateMessage
TranslateAcceleratorA
GetMessageA
RegisterClassExA
LoadIconA
LoadCursorA
LoadStringA
LoadAcceleratorsA
USER32.dll
WriteProcessMemory
CreateDirectoryA
LoadLibraryA
lstrlenA
GetCommandLineW
KERNEL32.dll
TextOutA
GDI32.dll
CommandLineToArgvW
SHELL32.dll
WTSQuerySessionInformationA
WTSLogoffSession
WTSEnumerateProcessesA
WTSWaitSystemEvent
WTSAPI32.dll
ExitProcess
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
HeapAlloc
GetProcessHeap
vNd46Ej
is@gj=m,f
pId@0q}d#
t}l%1p|o
afV@!qah2
u0)VjV@.W]t%
pjd4)kGq
2~n/pFj|U`P$cd"-1<)
$`.tU6!!
m77@ p!d@_7;1rfa|y%fjfb/
!/rT1b3qWc!1n_=f3rWj82vH*
qQ5;4vfc>o'f5=/qR
<:0v_2b3qWc!6nW<f3rWj67sH6 frTt=/rS7>h-
5h5nU7>.)
5a7xH*=h-
5h3nT<?h-
5h1xH*!2@I6!f@W6=/x_i>q.
773nT+=0n
5=/sW+=0n
5=/sW+=0n
5=/rQ7b3qWc<5sH* frTt98nT5 frTt80wS7<h-
5h9xH*!
wS6<6@I6!f@Q<!.)
5a6qH*8.)
5a8xH*>
v_0>5@I6!f@P796sfc>o'f592sfc>o'f=<3tfc>o'f*63uVi>q.
*=5pfc>o'f6=/rQi>q.
<;0nT+=0n
6;3qQ<b3qWc!8nQ2f3rWj91uH*
2nT68.)
5a7tH*<.)
5a6wH7:.)
5a6wH59.)
5a2wH5>
yS7>1@I6!f@W6=/qV
!9nT5f3rWj>
e\Hqd:zwT@!
P#(LJ$Q=P
HDP^i3
&]Hqik(<\$5U9
4R@0+%,
-o<\"f
YwT0E9-o<\"DA
@f$0-?#DVr
fL+u]#`
b60eg>rL+,gUT#b
NzlR3`
I}:zt5kp:zhwT4T
pRxNzht8
9Rb!_cU
y%n7#-S
xV3wQL
8++NJ4wTDU]S@
&\Hpni
w,I&$b6
ppl:Z6 @fwQ
3Yt$NJP
Y5knW*e
Htd& 8}
tV\HqLJ4
|'LJPLk&
`n:Z*e
mwTDX&
R:zTwTPI0dw
\iO&w%2
mi$(30b
1t+NH5
Q3Rp7]HJX5k
0E@f#7]+'
e5niwO
Riched32.dll
Clariot
Best Application
static
button
richedit
www30www
xwwwwwxwwwwrwwwwww
ffffff
aGGDDV
tttDP`
twGD``awwGtu
PawwwGE
PffffffWP
GtwwwP
33333333
wwwwpwwwww
UUUUUUUUUp
DDDDUU
DDDDUU
DDDDUU
UUUwwww
UUUUUUUUUU@
articons
ucicons
System
SysInit
KWindows
3Messages
SysUtils
SysConst
^Classes
Consts
QTypInfo
sActiveX
+Graphics
&Controls
Printers
WWinSpool
Commctrl
FlatSB
StdActns
Clipbrd
EActnList
vMenus
Contnrs
ImgList
dStdCtrls
MultiMon
Dialogs
ExtCtrls
3CommDlg
(ShlObj
*ShellAPI
RegStr
?WinInet
UrlMon
Buttons
nComCtrls
ComStrs
RichEdit
ToolWin
8Registry
IniFiles
akernel
aiclopd
ExtDlgs
XGrids
IconLibrary
subIcon
AdvancedIcon
IconTypes
Magrutil
Qapalconst
apalutil
pngimage
aresample
*Fast256
oFastRGB
FastBMP
"RTLConsts
pngzlib
pnglang
!GIFImage
GMMSystem
agrfile
FileMappingStream
ageometry
Nasmooth
{astream
unitPEFile
unitResourceDetails
Imagehlp
aIconTools
oacompres
unitResourceGraphics
unitExIcon
CursorLibrary
FileCtrl
aregistry
iconproject
agradutil
;aundo
afilesys
astrrus
macwinicon
jconsts
OpenJpeg
Jpeg2000Bitmap
borlanddcr
unitResFile
_aerrList
FComObj
qComConst
gagrstrings
<amenureop
Lsinter
/aimagebutton
edregkey
gridmenu
newimage
confirm
Childwin
#aExeImage
arxtypes
icobox
TntGraphics
TntClasses
TntTypInfo
TntSystem
TntWindows
TntSysUtils
TntFormatStrUtils
edfiletypes
[uselcolor16
uselcolor16Ex
uPatternBG
xpmimage
=palview
iabrowsedir
1psdimage
animatedcursor
WBMPIMAGE
Waniproject
bSZCodeBaseX
aGifFramer
Liconapputils
expSingle
iconresupdate
uimportil
unewimagesize
ucustomsize
uAskDups
ouFindInFolder
|impimg
addtxt
$TntStdCtrls
sTntForms
6TntMenus
TntControls
TntActnList
TntStdActns
`TntDialogs
xTntClipBrd
QTntExtCtrls
)CheckLst
rselgrad
1uselTrack
uNegative
auDropShadow
fuSelPaste
:ucanvassize
uOpacity
uLayerProps
uNewLayer
uRotate
/ureplacecolor
@uHueSaturation
linewidthmenu
uContrast
uSmoothSharp
aniimage
utesticon
fileass
aregfileext
nainternet
WinSock
edhotspot
OldCreateOrder
Height
TSaveDialog
Filter
8Icon Library (*.icl)|*.icl|Icon Collection (*.icc)|*.icc
Options
ofHideReadOnly
OnCanClose
sdLibCanClose
TColorDialog
Options
cdFullOpen
cdAnyColor
TOpenDialog
Filter
Palettes and images (*.pal;*.act;*.bmp)|*.act;*.pal;*.bmp|Microsoft palette (*.pal)|*.pal|Color tables (*.act)|*.act|Bitmaps (*.bmp)|*.bmp|Color table resource (*.rc)|*.rc|All files (*.*)|*.*
TSaveDialog
DefaultExt
Filter
MS Palette (*.pal)|*.pal|Bitmap (*.bmp)|*.bmp|Color table (*.act)|*.act|Color table resource (*.rc)|*.rc|Pascal TRGB const (*.pas)|*.pas
Options
ofOverwritePrompt
ofHideReadOnly
ofEnableSizing
OnTypeChange
sdPalTypeChange
TfmChildAbstract
fmChildAbstract
BorderIcons
BorderStyle
bsNone
ClientHeight
ClientWidth
clBtnFace
ParentFont
OldCreateOrder
Position
poDefault
PixelsPerInch
TextHeight
z $o&'
<Gr~,,
9KRX4:
jp}kr{rzovqtnonpprrwox|o{|oy
ouqsnoqtrwqvrwqvrxsxswrwsxrxuxqqqq
}}}{{{zzz{{z
|||tttpppooonoommm}}}
vvviiiiii|}{
$ * * + * *
( * * + * * + * * &
' * * ( (!*
XY!&!) ( * ( ( ) ( ( ' )
!* )!+!* ) )", *
!- )") ) )!* )!* )".
$( '#.#,",",#- *
*"54;+3
t}"/%.$2$4",",#-",",#,",#. *#.
! $* '#/$0#/#/$/!*
$#-$0#/#/$0#/$/#/#/$/ )$.
! #)"+$1%/#/%/#/#.
"&2#/#/%/#/$0#/#/$1"-$/
$&%,%2%1$0$/%1 (&5
"!,%/%,
$0$/%/$/%1$/$/%0%3"/
%%'/'4&/$/$/%/"+'4
(amercea]..
",%-OWgqeifi68"+#2$.
fqepjrjpkoKR *$/$0$/$/%0$/$/%0%1&2
())0(4&0%/%/'0&0+7%/","+)6&0*6%2*7)3)6'2$/$1#.$0'8+8%/+:%0%1(4'4*6)4%/&1%/%/%1%/&/%/&1%/
(((0)6'2%.%.%/(4)4&.#+1@/?(6-9(1$-$-*71B/?-<,;'2#'$-'2,61A+6-8*6'3)3'0(1'0'0(1'0'1'0(2'4 $
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
<assemblyIdentity version="1.0.0.0"
processorArchitecture="X86"
name="Retrostyle"
type="win32"/>
<description>RETRO</description>
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v2">
<security>
<requestedPrivileges>
<requestedExecutionLevel
level="asInvoker"
uiAccess="false"/>
</requestedPrivileges>
</security>
</trustInfo>
</assembly>
m�a�c�e�d�o�n�i�a�n�.�x�m�l�
k�y�r�g�y�z�.�x�m�l�
k�C�y�r�i�l�l�i�c�.�x�m�l�
u�z�b�e�k�.�x�m�l�
z�b�e�k�c�h�a�
k�a�z�a�k�h�.�x�m�l�
a�f�r�i�k�a�a�n�s�.�x�m�l�
A�f�r�i�k�a�a�n�s�
t�a�g�a�l�o�g�.�x�m�l�
T�a�g�a�l�o�g�
l�u�x�e�m�b�o�u�r�g�i�s�h�.�x�m�l�
t�z�e�b�u�e�r�g�e�s�c�h�
m�a�l�a�y�.�x�m�l�
B�a�h�a�s�a� �M�e�l�a�y�u�
s�e�r�b�i�a�
n�C�y�r�i�l�l�i�c�.�x�m�l�
s�e�r�b�i�a�n�.�x�m�l�
S�r�p�s�k�i�
b�e�l�a�r�u�s�i�a�n�.�x�m�l�
s�p�a�n�i�s�h�_�a�r�.�x�m�l�
o�l� �a�r�g�e�n�t�i�n�a�
b�a�s�q�u�e�.�x�m�l�
E�u�s�k�a�r�a�
g�e�o�r�g�i�a�n�.�x�m�l�
c�r�o�a�t�i�a�n�.�x�m�l�
H�r�v�a�t�s�k�i� �j�e�z�i�k�
a�l�b�a�n�i�a�n�.�x�m�l�
G�j�u�h�a� �s�h�q�i�p�e�
i�n�d�o�n�e�s�i�a�n�.�x�m�l�
B�a�h�a�s�a� �I�n�d�o�n�e�s�i�a�
N�E�T�W�O�R�K�
O�P�E�N�F�O�L�D�E�R�
P�R�E�V�I�E�W�G�L�Y�P�H�
S�P�I�N�D�O�W�N�
S�P�I�N�U�P�
U�N�K�N�O�W�N�F�I�L�E�
D�L�G�T�E�M�P�L�A�T�E�
D�V�C�L�A�L�
P�A�C�K�A�G�E�I�N�F�O�
T�F�M�A�B�O�U�T�
B�U�T�T�O�N�
C�O�L�O�R�P�I�C�K�
C�O�L�O�R�R�E�P�L�A�C�E�
M�A�I�N�I�C�O�N�
M�S� �S�a�n�s� �S�e�r�i�f�
V�S�_�V�E�R�S�I�O�N�_�I�N�F�O�
S�t�r�i�n�g�F�i�l�e�I�n�f�o�
0�4�0�A�0�4�A�6�
C�o�m�p�a�n�y�N�a�m�e�
R�E�T�R�O�-�s�o�f�t�
F�i�l�e�D�e�s�c�r�i�p�t�i�o�n�
F�i�l�e�V�e�r�s�i�o�n�
2�.�3�.�0�.�1�0�4�
I�n�t�e�r�n�a�l�N�a�m�e�
L�e�g�a�l�C�o�p�y�r�i�g�h�t�
L�e�g�a�l�T�r�a�d�e�m�a�r�k�s�
O�r�i�g�i�n�a�l�F�i�l�e�n�a�m�e�
P�r�o�d�u�c�t�N�a�m�e�
R�E�T�R�O�T�o�o�l�
P�r�o�d�u�c�t�V�e�r�s�i�o�n�
V�a�r�F�i�l�e�I�n�f�o�
T�r�a�n�s�l�a�t�i�o�n�
I�n�v�a�l�i�d� �U�T�F�7�
A�u�g�u�s�t�
S�e�p�t�e�m�b�e�r�
O�c�t�o�b�e�r�
N�o�v�e�m�b�e�r�
D�e�c�e�m�b�e�r�
W�i�n�3�2� �E�r�r�o�r�.� � �C�o�d�e�:� �%�d�.�
A� �W�i�n�3�2� �A�P�I� �f�u�n�c�t�i�o�n� �f�a�i�l�e�d�
J�a�n�u�a�r�y�
F�e�b�r�u�a�r�y�
I�n�v�a�l�i�d� �p�i�x�e�l� �c�o�o�r�d�i�n�a�t�e�s�
U�n�s�u�p�p�o�r�t�e�d� �P�i�x�e�l�F�o�r�m�a�t�
I�n�v�a�l�i�d� �i�m�a�g�e� �d�i�m�e�n�s�i�o�n�s�
I�m�a�g�e� �h�a�s� �n�o� �D�I�B�
I�n�v�a�l�i�d� �s�t�r�e�a�m� �J�u�s�t�e�f�y�t�i�o�n�
C�o�l�o�r� �n�o�t� �i�n� �c�o�l�o�r� �t�a�b�l�e�
C�o�l�o�r� �t�a�b�l�e� �i�s� �e�m�p�t�y�
I�m�a�g�e� �i�s� �e�m�p�t�y�
I�n�v�a�l�i�d� �r�e�d�u�c�t�i�o�n� �m�e�t�h�o�d�
N�i�r�c�u�l�a�r� �d�e�c�o�d�e�r� �t�a�b�l�e� �e�n�t�r�y�
E�n�v�a�l�i�d� �I�m�a�g�e� �t�r�a�i�l�e�r�A�E�n�t�e�r�n�a�l� �e�r�r�o�r�:� �E�x�t�e�n�s�i�o�n� �I�n�s�t�a�n�c�e� �d�o�e�s� �n�o�t� �m�a�t�c�h� �E�x�t�e�n�s�i�o�n� �L�a�b�e�l�,�A�n�s�u�p�p�o�r�t�e�d� �A�p�p�l�i�c�a�t�i�o�n� �E�x�t�e�n�s�i�o�n� �b�l�o�c�k� �s�i�z�e�
A�n�k�n�o�w�n� �G�I�F� �b�l�o�c�k� �t�y�p�e�
*�E�m�a�g�e� �w�i�d�t�h� �t�o�o� �s�m�a�l�l� �f�o�r� �c�o�n�t�a�i�n�e�d� �f�r�a�m�e�s�
Y�o�u� �n�o�t� �a�s�s�i�g�n� �w� �t�o� �t�
c�o�u�n�t� �o�u�t� �o�f� �b�o�u�n�d�s�
l�i�s�t� �i�n�d�e�x� �o�u�t� �o�f� �b�o�u�n�d�s�
d�o�e�s�n�'�t� �s�u�p�p�o�r�t� �s�t�r�e�a�m�i�n�g�)�A�b�j�e�c�t� �t�y�p�e� �n�o�t� �s�u�p�p�o�r�t�e�d� �f�o�r� �J�u�s�t�e�f�y�t�i�o�n�+�S�m�a�g�e� �h�e�i�g�h�t� �t�o�o� �s�m�a�l�l� �f�o�r� �c�o�n�t�a�i�n�e�d� �f�r�a�m�e�s�
i�n�v�a�l�i�d� �w�i�n�d�o�w�s� �i�m�a�g�e�
l�i�s�t� �c�a�p�a�c�i�t�y� �o�u�t� �o�f� �b�o�u�n�d�s�
i�n�d�e�x� �d�a�t�a� �d�i�c�t�i�o�n�a�r�y� �c�o�u�n�t�
C�:�\�D�O�C�U�M�E�~�1�\�O�w�n�e�r�\�L�O�C�A�L�S�~�1�\�T�e�m�p�\�9�2�0�5�8�6�7�a�f�f�d�1�2�e�e�d�2�5�b�e�d�7�e�d�9�6�f�f�e�6�0�0�8�2�f�1�3�f�c�0�7�a�7�e�8�d�e�e�5�4�5�7�c�9�8�d�f�7�a�4�0�5�e�b�
C�:�\�O�J�1�c�P�0�4�O�.�e�x�e�
C�:�\�A�i�w�4�U�U�D�z�.�e�x�e�
C�:�\�2�3�0�5�7�f�2�c�0�d�8�a�c�d�d�c�6�0�e�a�b�0�a�5�1�0�8�2�b�8�f�5�5�c�d�1�3�a�2�f�e�f�9�9�b�3�a�3�5�8�b�9�5�d�3�7�6�6�e�3�9�0�5�8�
C�:�\�e�6�b�6�5�d�4�4�8�0�7�7�a�2�b�c�d�e�e�2�0�b�6�4�4�d�8�2�b�a�d�1�e�4�c�2�1�0�0�a�4�a�6�5�6�3�5�d�4�a�a�2�d�1�c�5�a�d�7�0�9�5�9�f�
C�:�\�p�Y�E�R�A�b�9�R�.�e�x�e�
C�:�\�D�4�y�A�g�T�Z�E�.�e�x�e�
C�:�\�E�a�W�i�f�o�W�g�.�e�x�e�
C�:�\�_�v�H�N�N�K�0�Z�.�e�x�e�
C�:�\�L�H�_�l�o�Q�Y�S�.�e�x�e�
C�:�\�d�5�2�2�7�4�a�4�6�e�c�9�f�1�2�2�f�4�c�8�e�9�f�c�5�4�6�2�e�0�2�f�d�b�7�d�e�2�5�5�d�2�3�9�b�1�8�8�9�b�c�e�e�2�9�f�c�9�a�d�4�6�5�3�
C�:�\�2�0�7�3�3�d�c�e�d�8�c�4�c�0�8�9�9�4�d�9�4�7�b�9�2�2�d�f�7�2�2�0�9�0�1�a�3�f�f�7�e�2�c�c�5�c�b�6�6�7�3�b�b�6�4�e�5�6�0�2�9�1�6�6�
C�:�\�6�U�k�E�v�N�d�M�.�e�x�e�
C�:�\�s�K�e�i�w�Q�G�p�.�e�x�e�
C�:�\�l�y�O�R�s�t�g�Q�.�e�x�e�
C�:�\�w�v�N�E�Z�o�m�Q�.�e�x�e�
C�:�\�z�R�v�f�f�O�b�Z�.�e�x�e�
C�:�\�e�Q�k�W�g�2�F�N�.�e�x�e�
C�:�\�C�g�1�O�Z�Z�I�0�.�e�x�e�
C�:�\�U�u�c�V�Z�2�_�a�.�e�x�e�
C�:�\�4�6�e�4�4�5�9�d�7�8�0�8�8�3�0�4�4�2�c�5�9�4�0�e�8�0�f�5�b�f�8�7�7�d�2�9�7�0�a�f�e�6�1�1�b�3�6�6�6�a�6�e�e�2�2�8�0�0�4�9�f�a�9�1�
C�:�\�f�0�6�a�9�1�9�5�c�d�d�f�8�a�2�9�1�8�f�b�f�9�2�0�8�a�4�6�3�3�9�f�d�f�c�7�e�e�4�8�f�9�0�e�5�6�b�d�0�c�d�2�4�2�0�1�b�9�6�7�d�b�d�0�
C�:�\�I�6�i�2�w�j�p�j�.�e�x�e�
C�:�\�m�J�o�h�H�n�u�l�.�e�x�e�
C�:�\�o�W�T�h�r�9�m�W�.�e�x�e�
C�:�\�m�M�Q�u�d�R�j�k�.�e�x�e�
C�:�\�K�N�x�y�j�9�_�s�.�e�x�e�
C�:�\�c�l�d�Y�u�I�0�s�.�e�x�e�
C�:�\�A�J�J�c�A�4�M�5�.�e�x�e�
C�:�\�C�L�d�t�C�w�X�e�.�e�x�e�
C�:�\�n�q�U�V�P�y�A�L�.�e�x�e�
C�:�\�g�Z�N�D�W�V�u�v�.�e�x�e�
C�:�\�6�c�0�5�9�f�1�c�1�3�6�b�e�6�c�d�c�3�c�c�4�a�6�9�b�8�b�1�7�a�8�1�0�5�a�0�3�1�4�f�d�4�0�a�b�c�a�c�1�a�b�6�8�6�2�1�e�2�2�3�9�b�b�a�
C�:�\�r�k�g�y�u�F�Z�s�.�e�x�e�
C�:�\�J�J�3�x�0�u�C�S�.�e�x�e�
C�:�\�I�I�G�U�i�x�1�6�.�e�x�e�
C�:�\�4�S�F�A�1�b�w�4�.�e�x�e�
C�:�\�W�Y�4�c�o�k�x�U�.�e�x�e�
C�:�\�s�K�L�t�Y�6�X�b�.�e�x�e�
C�:�\�s�1�Y�5�L�a�Q�R�.�e�x�e�
C�:�\�A�y�C�v�i�b�L�n�.�e�x�e�
C�:�\�J�q�V�k�R�h�M�K�.�e�x�e�
C�:�\�n�s�s�Z�3�h�g�e�.�e�x�e�
C�:�\�k�U�P�o�y�K�B�j�.�e�x�e�
C�:�\�m�2�I�G�U�6�l�V�.�e�x�e�
C�:�\�T�r�b�c�B�x�r�C�.�e�x�e�
C�:�\�U�s�e�r�s�\�J�o�e� �C�a�g�e�\�D�e�s�k�t�o�p�\�8�3�6�o�6�g�b�g�F�J�.�e�x�e�
C�:�\�4�5�4�2�a�0�a�5�1�d�4�2�f�4�c�c�8�9�8�1�2�3�9�0�1�b�f�4�a�a�a�1�8�9�e�e�e�c�9�3�9�2�c�9�7�5�9�e�c�5�1�1�f�6�5�7�b�4�3�9�b�8�9�9�
Hosts
| IP |
|---|
| 114.114.114.114 |
| 8.8.8.8 |
DNS
| Name | Response | Post-Analysis Lookup |
|---|---|---|
| dns.msftncsi.com | A 131.107.255.255 | 131.107.255.255 |
| dns.msftncsi.com | 131.107.255.255 |
TCP
No TCP connections recorded.
UDP
| Source | Source Port | Destination | Destination Port |
|---|---|---|---|
| 192.168.56.101 | 53179 | 224.0.0.252 | 5355 |
| 192.168.56.101 | 49642 | 224.0.0.252 | 5355 |
| 192.168.56.101 | 137 | 192.168.56.255 | 137 |
| 192.168.56.101 | 61714 | 114.114.114.114 | 53 |
| 192.168.56.101 | 61714 | 8.8.8.8 | 53 |
| 192.168.56.101 | 56933 | 8.8.8.8 | 53 |
| 192.168.56.101 | 138 | 192.168.56.255 | 138 |
| 192.168.56.101 | 58485 | 114.114.114.114 | 53 |
| 192.168.56.101 | 58485 | 8.8.8.8 | 53 |
HTTP & HTTPS Requests
No HTTP requests performed.
ICMP traffic
No ICMP traffic performed.
IRC traffic
No IRC requests performed.
Suricata Alerts
No Suricata Alerts
Suricata TLS
No Suricata TLS
Snort Alerts
No Snort Alerts
Sorry! No dropped files.
Sorry! No dropped buffers.