1.8
低危
66 个模型检测该样本为恶意!
重新分析
更多

06af3e74d3e15f82336588b1a8ca1ff23753a617ffce6c57986151a1c5dc1f14

06af3e74d3e15f82336588b1a8ca1ff23753a617ffce6c57986151a1c5dc1f14.exe

分析耗时

268s

最近分析

388天前

文件大小

84.3KB
静态报毒 动态报毒 CVE FAMILY METATYPE PLATFORM TYPE UNKNOWN WIN32 TROJAN WORM PICSYS
鹰眼引擎
DACN 0.14
FACILE 1.00
IMCLNet 0.79
MFGraph 0.00
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
Alibaba None 20190527 0.3.0.5
Avast Win32:Picsys-B [Wrm] 20200423 18.4.3895.0
Baidu Win32.Worm.Picsys.a 20190318 1.0.0.2
CrowdStrike win/malicious_confidence_100% (D) 20190702 1.0
Kingsoft None 20200424 2013.8.14.323
McAfee W32/Picsys.worm.b 20200424 6.0.6.653
Tencent Worm.Win32.Picsys.aab 20200424 1.0.0.1
静态指标
行为判定
动态指标
在文件系统上创建可执行文件 (27 个事件)
file C:\Windows\System32\macromd\AOL, MSN, Yahoo mail password stealer.exe
file C:\Windows\System32\winxcfg.exe
file C:\Windows\System32\macromd\Choke on cum (sodomy, rape).mpg.exe
file C:\Windows\System32\macromd\XXX Porn Passwords.exe
file C:\Windows\System32\macromd\hotmailhacker.exe
file C:\Windows\System32\macromd\chubby girl bukkake gang banged sucking cock.mpg.pif
file C:\Windows\System32\macromd\icqcracker.exe
file C:\Windows\System32\macromd\illgal incest preteen porn cum.mpg.exe
file C:\Windows\System32\macromd\Website Hacker.exe
file C:\Windows\System32\macromd\virtua girl - adriana.pif
file C:\Windows\System32\macromd\AIM Flooder.exe
file C:\Windows\System32\macromd\Kama Sutra Tetris.exe
file C:\Windows\System32\macromd\msncracker.exe
file C:\Windows\System32\macromd\nikki nova sex scene huge dick blowjob.mpg.exe
file C:\Windows\System32\macromd\ICQ Hackingtools.exe
file C:\Windows\System32\macromd\AIM Account Hacker.exe
file C:\Windows\System32\macromd\Winzip.exe
file C:\Windows\System32\macromd\invisible IP.exe
file C:\Windows\System32\macromd\Want to see a massive horse cock in a tight little teen's pussy.mpg.pif
file C:\Windows\System32\macromd\jenna jameson - xxx nurse scene.mpg.pif
file C:\Windows\System32\macromd\crack.exe
file C:\Windows\System32\macromd\jenna jameson - shower scene.exe
file C:\Windows\System32\macromd\Lolita preteen sex.mpeg.pif
file C:\Windows\System32\macromd\OfficeXP Keygen.exe
file C:\Windows\System32\macromd\CKY3 - Bam Margera World Industries Alien Workshop.exe
file C:\Windows\System32\macromd\illegal porno - 15 year old raped by two men on boat.mpg.pif
file C:\Windows\System32\macromd\cute girl giving head.exe
该二进制文件可能包含加密或压缩数据,表明使用了打包工具 (2 个事件)
section {'name': 'UPX1', 'virtual_address': '0x00055000', 'virtual_size': '0x0000e000', 'size_of_data': '0x0000d200', 'entropy': 7.894471213144544} entropy 7.894471213144544 description 发现高熵的节
entropy 0.9813084112149533 description 此PE文件的整体熵值较高
可执行文件使用UPX压缩 (2 个事件)
section UPX0 description 节名称指示UPX
section UPX1 description 节名称指示UPX
网络通信
与未执行 DNS 查询的主机进行通信 (1 个事件)
host 114.114.114.114
在 Windows 启动时自我安装以实现自动运行 (1 个事件)
reg_key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\winxcfg.exe reg_value C:\Windows\system32\winxcfg.exe
文件已被 VirusTotal 上 66 个反病毒引擎识别为恶意 (50 out of 66 个事件)
ALYac Generic.Malware.G!hiddldprng.4A2FD3CB
APEX Malicious
AVG Win32:Picsys-B [Wrm]
Acronis suspicious
Ad-Aware Generic.Malware.G!hiddldprng.4A2FD3CB
AhnLab-V3 Worm/Win32.Picsys.C116429
Antiy-AVL Worm[P2P]/Win32.Sytro.j
Arcabit Generic.Malware.G!hiddldprng.4A2FD3CB
Avast Win32:Picsys-B [Wrm]
Avira DR/Delphi.Gen
Baidu Win32.Worm.Picsys.a
BitDefender Generic.Malware.G!hiddldprng.4A2FD3CB
BitDefenderTheta AI:Packer.B927EAE619
Bkav W32.AIDetectVM.malware
CAT-QuickHeal Worm.Picsys
CMC P2P-Worm.Win32.Picsys!O
ClamAV Win.Worm.Picsys-6804101-0
Comodo Worm.Win32.Picsys.B@1awl
CrowdStrike win/malicious_confidence_100% (D)
Cybereason malicious.6442d3
Cylance Unsafe
Cyren W32/Picsys.FYLV-4646
DrWeb Win32.HLLW.Morpheus.2
ESET-NOD32 Win32/Picsys.B
Emsisoft Generic.Malware.G!hiddldprng.4A2FD3CB (B)
Endgame malicious (moderate confidence)
F-Prot W32/Picsys.B
F-Secure Dropper.DR/Delphi.Gen
FireEye Generic.mg.bb9135a6442d34dd
Fortinet W32/Generic.AC.2C8E!tr
GData Generic.Malware.G!hiddldprng.4A2FD3CB
Ikarus P2P-Worm.Win32.Picsys.b
Invincea heuristic
Jiangmin I-Worm/P2P.Picsys
K7AntiVirus Trojan ( 7000000f1 )
K7GW Trojan ( 7000000f1 )
Kaspersky P2P-Worm.Win32.Picsys.b
MAX malware (ai score=86)
Malwarebytes Worm.Small
MaxSecure Trojan.Malware.300983.susgen
McAfee W32/Picsys.worm.b
McAfee-GW-Edition BehavesLike.Win32.HLLP.mc
MicroWorld-eScan Generic.Malware.G!hiddldprng.4A2FD3CB
Microsoft Worm:Win32/Yoof.E
NANO-Antivirus Trojan.Win32.Picsys.deaxpd
Panda W32/Picsys.B
Qihoo-360 HEUR/QVM11.1.C61B.Malware.Gen
Rising Worm.Picsys!1.C132 (RDMK:cmRtazroHe64Oz3y3WMSJF+PcC1S)
SUPERAntiSpyware Trojan.Agent/Gen-SpyBot
Sangfor Malware
可视化分析
二进制图像
数据导入图像 288x288
数据导入图像 224x224
数据导入图像 192x192
数据导入图像 160x160
数据导入图像 128x128
数据导入图像 96x96
数据导入图像 64x64
数据导入图像 32x32
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

1992-06-20 06:22:17

PE Imphash

359d89624a26d1e756c3e9d6782d6eb0

Sections

Name Virtual Address Virtual Size Size of Raw Data Entropy
UPX0 0x00001000 0x00054000 0x00000000 0.0
UPX1 0x00055000 0x0000e000 0x0000d200 7.894471213144544
.rsrc 0x00063000 0x00001000 0x00000400 2.805690510271861

Resources

Name Offset Size Language Sub-language File type
RT_STRING 0x0004d958 0x000002a0 LANG_NEUTRAL SUBLANG_NEUTRAL None
RT_STRING 0x0004d958 0x000002a0 LANG_NEUTRAL SUBLANG_NEUTRAL None
RT_STRING 0x0004d958 0x000002a0 LANG_NEUTRAL SUBLANG_NEUTRAL None
RT_STRING 0x0004d958 0x000002a0 LANG_NEUTRAL SUBLANG_NEUTRAL None
RT_STRING 0x0004d958 0x000002a0 LANG_NEUTRAL SUBLANG_NEUTRAL None
RT_RCDATA 0x0005f808 0x00000050 LANG_NEUTRAL SUBLANG_NEUTRAL None
RT_RCDATA 0x0005f808 0x00000050 LANG_NEUTRAL SUBLANG_NEUTRAL None
RT_RCDATA 0x0005f808 0x00000050 LANG_NEUTRAL SUBLANG_NEUTRAL None

Imports

Library KERNEL32.DLL:
0x463254 LoadLibraryA
0x463258 GetProcAddress
0x46325c ExitProcess
Library advapi32.dll:
0x463264 RegOpenKeyA
Library oleaut32.dll:
0x46326c SysFreeString
Library user32.dll:
0x463274 CharNextA
L!This program must be run under Win32
StringX
TObject%HD
dA0,(dA
4Z]_Zts^2O
;aV{;t#
+WSXc;
t:s+An#4
y]Kni3;
vtPFHFML>5
+[:>GU
<HEx` 8S(@NC&
d2d"h'5
}7&-]S%
c3GJ/xr
%|JW6XJl7
+]rgbU
c;7~7+
M]H`T.
{ ,!tyT2
lDrp
+v6aH;=
pu,zPU`<
ppQp48fR
`?W[aB
Zt0t%&d
T,`.+T
~VT!t1|9
Tg)SjM.S
EP3GEk<f
:=^Nmu
mhLg`Z>{^\H
D(7Gnf
'v6#|@!
ZHQ69sk
`>k[f
ThhX+jdyfd[
e4heC=Br/
5#fF_o
i;{H1`
pz,wkT
G8XMoGK6
} t>-tb
+t_$WhyxtZXtU0'v/}
Dl){-i}p
~ExC[)A vl)#
*tA[ar L0
U"FY12[gl/Y@
k1OH}DDs%0
7.7@v:k
>7bxAz
&Dn2xHW
@aQYR@
b@"E@|oe@p+
-BkU'9p|B0<RB
M~QC/j\
Cv)/&D
dEJzEb
9;5Sc=
];Z T7aZ%]g']
R`%uYnb
4htm\M
>Uhi20d Ee/P3
k@2dYp
TOfpD+
ffG/)?f
OFTWARE\Borland\Delp~\RTL
FPUMaValue
Q.9jK8Q`-+IY
ujVt6Vv<qB~E!
fiYRjX
f}P6m/X^^
a;JBR5|
?GDhxP]Xp7P<O
RZ]vv
v).w k
Pba<tpa
(b]T5RN
{l%`_[=O
9Zd$,_
/'=t&u
nP5wFB
RnL]|th
4K0nx]
Ou^_>b'
&Q}+~C
`_xnpQ\DW
f*+8hu
LN+z.[+x
\`WBp-xX
t)~$Pt
}(Vx#g{
R4EZ7j1!R:
Z).C/-Rf;0
b9:;/_(U
oOEp@P7
JZX[$C
8t2SCn!mX#
-L:H@W[;h0tX-/X
+VO]tc
u%mxN9
1|n[nk
>udZd4Uf
XfA{JI'
TSBx4K"
{Zdu+PJ
m6V]{u
'b)[RR$.Mm
5d0M;{:Pf
u*b+]C
#zd8\+l
+HP)^@_Q\6?@YmVY&
\kernel32.dll?WGetLongPathNameA
";dWQaGwV
e{fdgq{
%yXhG!
Jw=LY/
jV4rajxtd
Qoft~c
wareQcales6V
SaX9.J4?4wAbJ
Rd|}@:
KM#y M@
fAP$#G@HP$
Exceptim
y$qEHeapZ
EOutOfMemJ2yK
EIn]Err[+
t\ApWp$WQ
k d(_ma
PEDivByZero
@RangeWF d(s$lInverflow4Tc,@^4T
yYe<UW<Um
_[d~PoinHV[
[Ca!CYsto[H
EAcssVlaE+`W`W] Prxle
tjlCklW
Fand(Y_,W /(Y
b=+lrr[j
2fPrv8[
@oSafecal
SysU"ls
Z#9A24
I0[ws=<
$OZY3t.ho3Xgf
G8VYch
-%_[KHWV
h})r.UR
x3MRPm
/0_t!F<U
KT?Q(L\
h `DmJDM(*X
R]mh.1
<%6Ju+E
}wQ_BMpZYN
MD<*t"<0r9w9i.
`vQp#M)p
[XOi-j
*"c;g}
mVO_P+wD0E
9v%j#n
9uX^p{0M/^).
]n}n-:s
kZINFN
e%E9vI
*Ya_zHCTIt
Au.!nJys
J~T[YC
---7]su
<D*LmM
5r%{Vv
[]fm8S
|)A->
p4{j*8
d69}*3Q
(o`CDHX`YU!X"X<8C
c,_zKrXp$H
k^Y`#1~#2l
|pgA/p;~X\
V4M.9@0Yt
&+2]&\
R\=T8l_;",
O|rjEa0Q
8<L$H3pc*J
PP$O<=<o5C:a
H@faTAl$
Gsm]a_
|Xx'fr
ht(b-w,
dA1YS!
dU<HtHU3t7G#?#5(
7VZ36>[J.y
`NFnu+"
Aj0eVcdY
@Ut9@q
R"sxZ4urP
9RiPl@Ul=
"%MFW]
WhaJf<`
N(NhN|
@tCh*hTg
GG#2,Nu
pT/GRh+
}gxWe9i
Shl.GW
W}`5j:
oU#A6+Hu.jJL{
GIuS?~
>piX &hDzZt
[$4,@p
26%6 C!!
r l>#@
>'dso[C
m/d//Wm
-\pKh#~s
:~0VTwhD
kFreeSpaceExA
4i,H$8
ie4i`pL
AA\|4s
44lN6D
|d3Hxxht pl
vN6'`\
9PL,ds
iN6,((l
30Y=S>
D@'d84(
o@Nkpr7
0xGWant to
o s a mawiv
cock in
tigh&littl-t*n's pu+y.mpg.pifmOO
C:k"o4
ocu7(sAomy=irape)+exe
5Vear-ld webc~
KSN#lay
t emuZk\PKm[P-Xr}Wm/g("^=K
pU]RH"n'2'jje- x
nu5sc}
noth b=
: vic"fpx
'.nikki]ova"
/`ugdib.{o@Ojob6
[kK1Sutr
-pk/6Vu?KY3BV M1
op*cbbVhZi3uckfL
@F3 gUf
Wbi[HanO
Btn9J8
vtuamad
<%6o(l
a13)#OLkK*MSN
YawfZh
#-_36^
r7&j7lg
=Pdhh4;
UffNwqkh8Rc
-%up>?
([Website2LM:fA
`1wtEUf
I*a*t`gd#x
CD KC_
x#ICQ[$#
kTA 3b5
~Gr"=fau^
_$D1C9
llGm]L
uicqV6
{/Mmt4\
Oi4v_XPee)
[c.s#c
S){]3^7!eoo\"
g(zip7%_
Fg)kBAIM
FZod%%
PS $q4'.erh
$4waoJx
kHs}b6
RBx3*
$,4CaM?$cIsa-%p
+C9aaR
w2ss;7KeaN
,JsiMI
(jkQm!)W)a!,eMi23
Mhv:3G{
hY/,!%
xp8 tH
L6.awbsVF *l
-S&P\Z\.t
<Hl'_7
Hc76T_E
8w~B<\
{h>g(:G]T*d=
H=%lhWH
h<T[ d';
j6,3&;
o%d6}ZHH
KHm0b8
!;E n2!|X
#0as{u}
PJl@CWSetup!j
Kazaa2
I`srPS7 7P2c\md
FK0345:3C1
sbmsM4
rt2s#6G4%CPp&nAsy
6789ABCDEF7
$4M,4<DLM4MT\dlt|4M44M
OOtiOP
<e4M`,
H4MhMt
0M4MHX
@ix3Nc0NM
N63/;MAz
NNN4H4}{u3
NNu' g
<<{3kM{r;
T?b},[N
tq7d`g3
^A-ggp
JOn+a[iF}0
g;utti`
u]>iK
;uc]yx
Ax90gnl3ci
Eb]wsup
}tKk-aCe}
nllcysGv}l)Ye
r)ol-]pmut'
Ldoipb
_tk'\w1vOl
%h{<H]tP
m/mug/$
WQbwh=^A
?JYWFw"&@ sCp
wIfayIg
?w f-a
?{K1wz/
Rgchs%
L! /Thisgram must be run
der Win3[/
$7CPEL
6CODE/$b
}~`DATA
dj.idat>
'@ltls5
MvP'eloc0
dA<84dA
qJ~ppk
NTJ(c&
o,;C^I
/'9=52g'
X?"TB~!cO>A
K%MGNI
c *y
Q`ce(%/8}$`9
AHw_p7
4* 3Q-
B~YSolLiyW1
,9? W]
DNK7J>
+y|$)|J~
;I68@w
fP(0I&cA
;D]usR@B
@(8VAA/
y|B2<@~
2&fK#^OY
/~ /H3FVAAB
Ppv'epn7U
neH91B>a
2*p_|(X
4 y%@
9(_P'<v
$NTP$\
]l ^Vn
@KWr((_
u'|YK~J/Pw$6
G+B{F$9]ahikWD
l,t"+8A
8;v'1#`
8w~';1H
[ t>@1SOW GX
@>%7*(p#T!@
?O!O>H>
eW|TPf[
!ddl@2C~ts@>\APHGIo@8K|C
(8m9 o6V6
{+nAPGo
]A[:o{
?|NB<o
rr`\XT
2 PLH2 D@<
2,($&3
E]$SQRXN
2tplhr"E
J|dYg~
@H]!8E
|{Ep>GHa
TDC.8?
+>;3'4$Aoy
t?f`w&?z
J:n@E
%cH5i&#
*U6[;f
Ur+fJv
F0lc!n
32$O6tONGv kN
!Z{XF
|gV,wc'
FMF)zt
g(6a!L<
*.*#1q
P{hz)DXk5
^A_]F<)L
_b k0Bf
U4 vI:g1X
SaC6$S
<6$Z'ZO
"HX@*-i"J>6H1YhHY
@HtJU'|h
/\F"N
M~- H[
scAMgH
FCu'k=PIj
d9B9UF
_z[A6 l[
g$C"OEm
P2dwiL
y%j}gE8
Pfv&gdv[
U|g0[
Y0c('D3r
nJfC[0phe
v: 1.31
S type
#3.1 +@
xN.{98
direq&kctRy
B.;UNa9
[ (Siz{
s@B4h[BdC
(9RK{V
;XPm}
/yZK;";f7H6&
L-hC6`
1+xZ$\':s
R8'fFg3Jk<g&
j.<9i|
glf*HS
c#.EfE
tV<<Q[
GET /cgi-b/w.
F HTTP/bV4~O8SHost*~.s-Agen
LynxTx/7.5fwlibw
a}O{nT
j[*2VK
:$N<e9)hd[
I5(eS3UGH
60GSt!P}
-Dh=6r{
=l9'Thf
Ag"H6/
@Df$q7f
<DGV_J]BN][
AJ[{jV
!qKkiI
Y?)!Ia
g3;p`qr?'6'c1
='J#Ks3
Irem9+
-"ht2SL
{Pk<>l
wNK}d#
1?=vFx
$K;47< 2
Z+9aNRw
rmRC:S
H6<</E
PmaVx!
$e5E]0
Sj?Wh<3
Mr]t[e}7<+8Il4
(KP~KERNELo^
DLLRegis*MTicePro#(E
0xFF0B/nL3
7\mZexcw_/krn
("xmovj
N-ROMoJ
\!Y^&lf|
*i8HTbxii4
".JM4M\lxM4
M4M"8J^n~4M4t
RdvM4M66
|KeCriYcalSebE
Ale/Ysi
oOGkTh
lA-S[p~foA
'L!_*OG
_Comm#Lin:
brdymh/
{T6?nhI
E-Of<At2+l@wi
$$[haDeQ
&_dHk[G
yvmTGBp
C[He4hu35Ke
d9MageBoxk7b9r2xt
-AJpi9Q>
uJybE,
o{aut?2"
N(6"ufB
ofsourcqu4M`Mp=6#
L<;@ f
qR2pH{;
nsl.-
`Rcu6ln4Ak
k$WSACn&
AsyncS
-Fcv|4n_
jel+z'
r7vw1oh
dndcJbiIj
$UTz:.1
:MZ<Tm
ool7Rich'
.t;J '
8%|Sn'`T+U?
<Fh7YE
f~3*UN&
4xP39FTU
_~-}$0%
*7C[*Vj
=&R%-I
G8@(II
]w<Vs+
zW^1^,2
ZXSv,WMF
Y?~t;3w,9YFj
^Vn4(~
V jp*u_h
yBUCWMw43.'Un
NM@6$MS
,('q9j ~
6'j/z7s
U=?)`lEmhwi
>>5^T`
<+%2Dwz}
@UyFYlK,l;)
tq_ uYN"
meE/Ao
h(@#TWn&Nl
.`bGwD@'/-3pDGD
pBA%v
l~8P4Y#7#4
u4fW)Ma&
/Zp~[w?
#CtH5.2
Al}y8yxJu$n
Y^(p'N2;O}
A|HsX*
akL(x.1$ G~
Ft0iK+
vE-N4=]}
+NV@HXl
F@G>DbBl
3j>B"J0pa
AmGjW[D
soxr-^t
4[G}1^9
;5lDw!qlu
h@7j'W
_w6#F!G?4]w_
D<4U5M,$
4MAK5Mt!.
|VK|K
EZ[4M]
UqB7*f_d
x*r_ *p
~~3-nr2J_
x8t68t't
-wN:B7
kVngni
j8Kpvf
SU*.~
a$5"s^h
CW::wh(
9M}wBVe
CH;rWE_Y@yS
3T5BKQ9
wSUH(Zn
xf/V[X
^;^}%95L~
X#xwQ!e
sMFG@3
y?Vct, ZH
AKLTG%t
jvxxd;*d%
rXi>\8
WY_6]`f7W
DVM[]$
u+u!9$
?{A_/@B[
n@>;vb
LRIJo,g
g,QC2?=
uY$js{
to[p[`
/<heUV
kV\XMvLQWu
?$s~^;
E0\34*
WGTC|N$T
AqOC7iZv0@
(Bw<GwH
)OI;\+5^q\9@
NY>_Iz,_;S$>!\
YeNKYKY
YK6\3x
l!OGZs
u(!!Nv
%vywqm
.+au{X
l=jKYKK\$
ayAX2N
{aa)"t
2Pntll
(08@rDdP=
wv(nl+
FWW>^FGShH0
8-[gtfa!.YWM
(h d(6Pq
* B^6I
9ffzk'
WtgB>+sQF
[U[Du|
He3G&
xUo!H;
MyHHt
Nf+m f
D<2^)Z
tH|u.g:*u
.]'<+/
g0=lH!
=R[pa
:cA=tV!
'a[E{[
90n:W$@
CGPCA51
'A^fp4.B
K8u]1&<
u6?Ksm|
;Z21Y+
~PKgd{d9#=
yuFX^=
C~N=>=9.=
vXQXY_
f,92nt
GUtJAy,
pPjh|J5
,.$t(4vBq
hcEmTR'
VC20XC00!
%V3x<%!nd
"}Y]65
I"UU{c
a/'$PV5
j{(kHZ
6p o7I
@"t)%A{
"\3@D,
7I!-p`C&33u
%!<} \
d'\g\3
VSt2:Lt<m_`Ht
8X-``;m
Q|xm9=g}VL
hl,AX&k0'
V@VU!u,
M4MT\dltB
S,AAK
KhVtc<@
iJD.WS
BDZlA0
Q)2)uf
gWQOSM
;NQ=#Qr
s@D:*D
k-[jZm
CA8Lpm
\ur#Q9B/
V+;as)
, @-,t
^UYA%oI
p6,63n
D AQ;vKp,|
V:|{&.`
2QI8Cr*h`E
8PbE[1
g]Sp*O
NL`^2o*nPn
tt0B=LG
(J1Vw!;
p`Y 5u
%JG@VO
\P_k;P
R@y~G>E
+CU|Si
aAV;Pp
|7SWU[Z
BY_[jh{]
VVI&X#
Q7 LJ
'G8t,A<
`m8`xw
w0QYlK
Q<)3HP
97t2Jm
{Cy4l,AS:,l?
<E=DZ#
|)(#|}
G;[|^qBAOO"
.Jv])^,
Z)P,Su7f
.D7$A"
_Y(aPY
4OJ;pF;s|,"9
7EKVl[
\`}p:|#Q9?Bd
$"Dh0
x @LXiili
*8FTb4M4~ie
,BiRb~i
(mi6HTfx{4M
50 (8PX70
)(null
TLOSS
v- K|XP
A~ugh s
std5Z,pur+v3V
b(_4_*kex\/X
_N19opeX1s
+[k8F$ed
+m!ck/
Z!rm{!<
AF*+0.+8
argu(s_02
=fnngf
C++ T38fMO
\E=Pklwn>
, MD45
AD1^emb+Nov
neAilp'
g_W{{SKGC7yC?K;3#
{C;7/'#s
&s.-s9
./wwp@\v{p
WSOCK}@@
MjPabe
D5lqaw!q!
W.e/ToMdBy
qFFP<7Z
@91OEM
sh[Buff:a!
%7d^y A D*3z>"J
J/html
f/ls,>:</
xnn'%s'1{n
.#r.(5_
-?a404 N-sl+x9n
*'kRZh"U
7200@_l
yI /2..02;4
.:t+ps://
AC6`P3R
4M7m p
Kj@$@
^_r+_j291~tY|@v4
04M,($
xpdi\PD@<
uw.`WYw
'X/cp(c
kST[PD,]?
bT 6XsH
'`e=O!@_s.hImpla[Y4
cpxBB|"ase=C;Z rtye
[CLS:C
[dD9cDLG:IDD_CHOEPA
U.S.))1
=VC_TY.D,butt%,134#2373892FILE$
1772%J3`I
PWD1@D )
p?] E#
9dHb: /
WhE;Qa@W_I
WE{d}"
w1]n_[
hZ\8fgsj
fvZwQmZ
_*0M2[{
Blh'?*[f;g
PHV'v^c
H*w*|W
D$^H0j
;o:)V="8
$|hd2A
UJ[( C
Ov+:k=owEp
2 x|2
Ie+rlp
BE?42/tc
(ud$CSwhoisQ3]EicHu
@%',RE53`l@
a@Le![iEi
E@ud;H.mte7
7boo:67]![8,*
'9rje7ne
fe;g$9
k?8YTY*$
ul_port
+C en
Dd:%u2
%j{(sOVcx
)='ID/X*,
E[hk*!l-Z<-a\lf9\
sf[()G6e!a
ov *5lb-
&ye520oN<
%cGr%n>30rpc!nfenLf!1chEe
Mvd-cD"AMIT
3JI&wskQI&2
0Cc&wK&3v--rgy7Fc
>P^niixi]i
4Mt/4T
4M(0:DT
+*Y#++K0t
UA|_sX
emcpy5
1109FPDs
2`9WI142a
Rpsy08
)d5:-#V
ad3/!Ey
(^lR>a
varcDH
ePJZF`
o`Q^Ddsao4
KERNEL32.DLL
advapi32.dll
oleaut32.dll
user32.dll
LoadLibraryA
GetProcAddress
ExitProcess
RegOpenKeyA
SysFreeString
CharNextA
8L>JAQ5qh}Ys
]=qeu(
0n{6C,
6V9oM.7)M
UD~bgK
KpgFi:)-
eMnCB/
>qhKvjX9w
: .GAt71l][q.Ugg8z
dL4Wlfe
3"to(M
C{eumpj
[q$S>/K
[/e'\IT7
r(^7R;
,aej4%OM
1?XkwHV
H6AnI>R-]
*lq=Lb
[/Yy'=
(YQn$(<4@-83
I_8ON$!O]Q
f0O5aX
I>~Qg`OfI|4
933(8VHA
MF`{[T
sx*t2W
jGAAjS1VL
4CBV_|Ib
!:L{7$
oZ5kOHb
&Rh2\e
Bd8FZZ
bcn,iGk\{
Xi~PEvY?
-g9]@$
uXvV4Sl# q
%oQihWR9_nET
S/>m+f*y*%z
CWN35xb_#>
$@6L(. X&
c,VjbMf
`47H@IW(L8
?j5xj9l
TV&&@S@<2
m47A,F&Ie3q@
8GK<4jHaH\7
ak@ZZ%{#
Lr$|aqnx
p/`H`R
!Obs }EWIX#
E9.Bvb=ZaIjK4
8q]liDejg
QI&Wh(9u,>
ie|ECK5
C1 ~@eF5<
gdy6"9#Ecx#mv3
|d}|6+
syVPui
{oLIbUg
,i(x?|r
XH7sZl6$
UWKE<V
7_B\%o
kU?1]5
_-zv{csCk;](
8]Z$f~~EeYbqVq
T*X|e@
I+\5Yw
vk%`L*7m[z/5yQF
xl|"Gs
4Vi1p1sg
\s6Vk8B1E
[#lYcn
ZKZG~ld
T=)"F8eYM
YGS&*X@D
)wp#&l Si1=
.Jpz<p
?!19e:-g9ohCZH|
-7MzDXZ,:8RW
M1[2W:
'W*D/9)!
rX'vKu
:$:-oo
{]]_o}#
rr8<RVnA')
pQ|hEq/b
0n(-LMC1
lOW?Gn
ZhhzqM_
5\"7x[
|]!k.T|
6f~G$O;[K
77{8-aW%VD:mgR
`j<Z9Zd
$*GWbC$8
>A kXUo
GKH)~b
*YoM*wFX
b8r-'O$
(;0wjAr
84|=N/7
>bVBgpK
{~T\(tU
-q<P/f
QXpGl
\1#_{w?
`Y4Ea:w
@[LwYg
7{p|kI3
7>UbCt
[ %-f\kskn
&m?AUj
llb|0e
PKt-{=,p`c/U
:+'!7/G
B<6nA?}
%_?m*Bj]IY
f7it:q#D[EO
D RAjnQ
d(h\z^G1d
,("I`msh8<l7
(\ef_]
)~G16w"W
R&#ZxBm<:| ?+
%-h@l7r] FOZ
H`)fXjLbuQ
J</mDD
hD~h=3
8$u!brV!$jyr
Rqz``>Q{5c
lmp-66
NbHr R6}=TS
@w946N|
]*M!lT/*{UN5y
iB!5.L
@oM1Po
7@4j\(!j:E
A;<[h|
N}%[mWb<h
8F[oO*
6g9:cw
#K*]Y|
R;~i&$U7
'PH:gh,x
u{qG)\
YA@xahldc_
P'y}bYVR)*
K[U`?B
gdg,xk
DD`bs8ZKyW
_X0n-&
8}$PrT_R
!zj|FM
8F$`}(@"
^{dOID@Oo
`/wRU)5pN
BM+np58n`:
{`(eb[&E
`o|k&lP
:tn{;%!IcJ['Z
|nc/|Ify6,}8K
{&zwBIk
@\pQ,W'h
%HrM{j
A>Q{B)ws&L"PYn)|
V(r;'mW8oLw
L$L`|%
J,Ic;-Y#
yT>+<Uveds,T
z!ax~#
tXsW:&>
(oG5-/$jK4
4y]Ad}
>aA#!%oz
6\LF9Y
bat=#C|"44
kwNL1X8
w\0KRql
]otR1$k[
#fNnHN0Zv
E*jZ3[q@"r
E*$R[)m*
7#-61{
Y"/qP]'|s
yUN@DYB
5a&Ui#A
J'"?#a4:<V
Pagkq8:5i7
7.FARJ
yyl8?F
@Re+y
{+ozP3}y
G&VWaQDc
I=4W=bB)K7NaUy5
)@n@!xY
}}|jzBbm}
nxDDC]VU
}<xo6RY
ziOQ8m[ut+i
@4e2`DX
zA2G~yO<]\s
wZY8lgu"{C\-
sP5u@9"
RvtVJ!o
-=r"ZF
nb9?aY4
Y?pvMO%
$*i-Cg{\P=
1?MG8V!%jW
}!H./an8`2
I[.5`gmAzx[4X
kRdR7W$5W:Q^
(Cjm3+qCl;
>nxs]8Y||A]Zg?$R
?~'sMW4=`.1t9}Fv1}E
=evK$t{?=
45b*!89K
M%l|[H$K
TDzpHK)_1t}?d
u%hl"O
i}N[bOUb67&C*:>
I_%lKB
Uih$3^
SE(c$S
66THH(
[Dh^c</
{XYI.X8L/wIRowJ9W^
%A5h`ij
"<h}YK?k^
"Q&hv\m
J5S7F9
8Qf{C!KxS
C*A/#.
tFh/q(R
% h[_^
^<Puv]3`]Kk
n[c_GP
kMU=Pxt4p,Zr4`
mHk!hb9
r2cH|b3(T
.q>HO$
wSu-m1
cQ#mM4jl-
3B,9eSH
0y )+H#TS
%Bh<7l2to
=;KG(=cSESN];Z`g\v
Qs} 1m/b3o
nm]92N&8MG^
FJh7oW]kMl#j1
.`>&*^S=4
{!T%(@HH/-
>4i#=.4T7u<O{%
rYS>l/Y&b<P6?g
F#<~K-#}L5
iB;+y
!jQtzaJ<hA<Y'W
VQ\K4A1M9
W%@:y6+M2z|7\
.j8O}}y8$;^F
#>tc<V0
SDoArt
sDXjqbM8
/r]Ofk$j_O"
4J@ @hlF
6U' !UtRFtfB
9(u4:9KqDOW7
x'hW,Oup);TY5
KBci~uE-U
,:_\:a
|uUgE
|JT#vH^Y
~.CLun
QF9)Uw'W
u"xv5[4jdh
,~*2ui
z~fe:|
L){ R05
CCV+6")8U_
);wG=_
7<{{_aoR>-Oqa
e8l.50
n&]OYg?y
Z/PZZD3Z"/wtfI\)
Zm\8~9TcbF
rS~dv3j
>eKcf*K
6#JrL,
zmnvb4wm4l/";R9
nw2`V]%5S,
"P*BGQ/
p:7[P=
-+298f&|7tI^
TrZ^~1->
HYnE)3#
`~5Pr3
cDl{][+
Y?Z$Kc(n
L_n6Cq
(A@\&N?{iAP*D6$%
GrCp+A
T=]~It19n
m4Tw~OtdTB
WIZK&R+#l4
3qQ5r1G(.!
]G}m4n(Fx\/=$Q]vk
MT1*sO
)uPX@y3`
R{8t"R@(58s'ac;
,'.zH~
p w(hq
K%BC\?.
NA~QU=
_58R1bu
TT5!;l
UUL(dQ
1%gAC
rAkK0
^Kk\O}I
7SSYJd
8&qAz@eI&
C!HEV#
{-h{aB[zsv&?tQ
E{a|Bfv4o
Ht-1Y\
V%x~4 z
n\FWP@
:jD/{=[
"Cv#lSB
Q)j*$K
0kSW}m*
9j]w[&
%mHOwhDF6
Dwl1u_v=G
1<2pRTy
&F(V:8
T+:%OK>
-o-5!bu,9
$zq5*
IX7!>=]
]?>n3>S
W:l6*E%;|
d^g-72.Jgu
G&7?DTs
'TH{}K-MTE
1400!uoK
MN&rd}m~}}1+Q
-Q$#`1t_sk4-
5?,B)9aM*
sm34"m+X6%?
{{E*-nih
@9O4+t[r
j2N@|b]w
z]%IJt
CP3Qhot:
RY8}o
-OSdn6jNI ,>Oy
1]j#.(1C
y.o11Cgy_{^c
]+/?*@
nmwG 3yqA
+J,,csG
#ZLZf+
4"`TO5
DnW"zq$
+Ih.XT>
cQWu-a3
r|?oEWU8
_Y8b4u/O
_Ge;:X
%;1(<>Jmq@|
=Jj'shZ
n362tk7x2K8
'}N[.b[
m<G%<z
q5DTH^hs
bY"5xI~L:M#J2/2
ZO1(ZA
=W)2Pp@5^E
U: )Vzc&
SR"A~m&
DUNWk-
9:"+Ui
vHK"}#1!
2}xLn:
'typv4{e
Wf<P0s=U
UZK w)
jS6_Q4
bdWQisc
b.LO}j
} EQ,M
ijW3%~q JgU+01
|fRJW5P
Zoo(e(
~k\0_<Bz
pYmn-Wd4.`
x"`4DB
3h8f y7*cd
4uK,5G$Z7n
ZN1uTfy
772NKk
D&[>?2:'D
\L-z>XAT
}(2d~zRel
_v)cY<}
4c;db)
rKlvj33
<dDpX7IY{HaK
|O=lMxg6I D0\
bAu;'CY
k]T7DD(Ab
;xfuUb
VvA)?72
*N/^Nt-sFY
Wl@H0jmLBU
[\2S|{/Z
p_Hm1Ma
gk8E"F
8EHg8'JW
3D,q]oJ=
AsmdRZ
A)KI55EK
r]X^6M
;amRok3ZnA
E=<&AJE@$}*?k
owkrCE}
=VnI#M4
C{boB7
ClMc5[<
7+`KA!
;Qa%oam
g]Xk/b#
'2ph3d/F:w
r1{Ft>
t%^H<nZ<B)
IEEZ&$J
v6jSv~r/6QC
iE^^W;
Y71|3.
a' m|F
2\YBj
[>fa;B
MJaz`[xy!-"O{*Z#3
Z@_Oq9k
IRVh.<)pcM^C/8j
&3gi-#sh
U*4&~EN+5x@}87[c&n
lu\>Bk,31
{kmY |j:_
YIi"-`W
.< 8d@/M.
g<"2079!
yQf#C,)9?
z:A6U>JV^
A@6mg{ 0_
-TUIdEiR
e5W)xc&5Qo$Q\
JNmp n+BCC
;f!0E+s|x
x60fJqW2G\{
(N/ cr8%\3:
e\\.uc
>.'Q7*<0XB
x}6,2F
:}h?wX
$41nI(
bcn~>F9U
)=YC}hW?R5h0Ya\
--2[yrSK
w}%3z;
B@3<ewf)\
YF>U$8m=w#V
7w#t'Y
w{^1liG
#s.[GeWd
w([0syFOn
_>q{TF$i
!lKkP[
&P`(xh
-TNy\
u-^-%=)
[N]K-#nb]G95
A;,9xyT9g
mQ*-XA
3~qC=lFhm''&>#&n
U!|0U
Hrv<D,@?M
W.7]P]
bFEB1@
( W)J<v*4p
gxHn7v-
hPCtAPn+
R!uoDId3,M=0
*gv3GJN:3p*BxxC7
"S8fG-*R%S
Qo&9O~M
T&IQraJ#x`=Yt
}$=eR&
h(Wg|(%wMTun
vC0-u-OZ4
T]<-8oP(?
T U1%
'UvYrI6`7IH&JQMh/
=9vSX+nW7`Wa@fQs
'<EPP^v&a
woUoDOYY
]ZRwLS9c
b'FKVX@D
!c&6nTs
V\#-'jyNIOI
Cl'0oS%s2h'f
2}>P'+
dQQGAR0p`
J@E|js]o
+Z17*P&
/=,-@h
0qT|@Zwu
'EweTF
QN0O}Ip
+d`\An
b<Q"fa
@D[uB!k
1yoI^qJ1K
7K=B3<T>[Fx
z}35D0a3#hbt~
~5Dt4.
XFhhH~
O!2DP"s{nF
/fQ>yu
\|<5=>
U<`32`1_m
S)!'y5pUt7K/lS=
Hhb*71N|/
f;d>cQ8
C#.rkh
RtMiEFT
gg!39f#L=P;/]
989F+h
J+x?S{\!m
A5O>b[\^
%GdM571UA
%p=c#H
tY@PMV^
W/@)~FMx
$aY"<p0%Wk&$:o
_cDE"T%
9rI$oit)F$
X<bZO3ly rL*|8G$
7r5&aiZw7q&L
+;|T7Y*
ooxYT-lGv
?kdz$5oet
+!R,r=
/luDVEA
6w=:L.d8OSQzu
f_#(usY
0f|v^a
11hEd8dq}6{f,dFR;
Dn|BAlh
FY\[SP7rsErA
Q5d;?L
vnhiK3
K!o=N]R*T,W=*
c(Cdh,4#
%]SzKYc
2hxrop/#I
o+K~%N
u|&M7.4rPmM
3:j7E}kCz
J&},5Q)
pQ]ac7
I[f]u5nPX 3!z@#t}
9*/tBV^
xb,Fxa:yTl
\^b/;qf$=GaB!
)/enAEV
2Y[%wCxJ
v*Y*"L,
>Sq!!j_\
jL^uIh~
R}~ACC
PyD1cN
DVCLAL
PACKAGEINFO

Process Tree

06af3e74d3e15f82336588b1a8ca1ff23753a617ffce6c57986151a1c5dc1f14.exe, PID: 1784, Parent PID: 2264

default registry file network process services synchronisation iexplore office pdf

DNS

Name Response Post-Analysis Lookup
dns.msftncsi.com A 131.107.255.255 131.107.255.255
dns.msftncsi.com AAAA fd3e:4f5a:5b81::1 131.107.255.255

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 53179 224.0.0.252 5355
192.168.56.101 49642 224.0.0.252 5355
192.168.56.101 137 192.168.56.255 137
192.168.56.101 61714 114.114.114.114 53
192.168.56.101 56933 114.114.114.114 53
192.168.56.101 138 192.168.56.255 138

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Name 6d040378f45f53e6_want to see a massive horse cock in a tight little teen's pussy.mpg.pif
Filepath C:\Windows\SysWOW64\macromd\Want to see a massive horse cock in a tight little teen's pussy.mpg.pif
Size 73.7KB
Processes 1784 (06af3e74d3e15f82336588b1a8ca1ff23753a617ffce6c57986151a1c5dc1f14.exe)
Type PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5 8983d57b9d6500a6cf9143b5dd15b592
SHA1 2d71b8e1d10056efa188790a16e8cfd38d4d24e1
SHA256 6d040378f45f53e63280dc250b701bfb7d6f9b8ca96a0b58deef161ce2b9f25a
CRC32 4D592AB0
ssdeep None
Yara None matched
VirusTotal Search for analysis
Name 392442fc552a7d54_cky3 - bam margera world industries alien workshop.exe
Filepath C:\Windows\SysWOW64\macromd\CKY3 - Bam Margera World Industries Alien Workshop.exe
Size 70.4KB
Processes 1784 (06af3e74d3e15f82336588b1a8ca1ff23753a617ffce6c57986151a1c5dc1f14.exe)
Type PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5 21707d6f366bf974e9452c3fe1f5bfb2
SHA1 e60d0305524b5549c471b12c18acd4ea703916dd
SHA256 392442fc552a7d54926663982cfcfbcb645a4a14df15593d3ae97d46e01158eb
CRC32 E15BFEC4
ssdeep None
Yara None matched
VirusTotal Search for analysis
Name 18f00232a9c725eb_winzip.exe
Filepath C:\Windows\SysWOW64\macromd\Winzip.exe
Size 84.2KB
Processes 1784 (06af3e74d3e15f82336588b1a8ca1ff23753a617ffce6c57986151a1c5dc1f14.exe)
Type PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5 11f60903380e1af1b6e552bd64307f0c
SHA1 82d70d4742c3eedc2f1813419024ae32dd3b789a
SHA256 18f00232a9c725eb9afbc26a83ccfd2e0521b1d72029f2f7e1a1e1ee3dd9ff5c
CRC32 C656FF7A
ssdeep None
Yara None matched
VirusTotal Search for analysis
Name 85e530090525fb3d_invisible ip.exe
Filepath C:\Windows\SysWOW64\macromd\invisible IP.exe
Size 64.5KB
Processes 1784 (06af3e74d3e15f82336588b1a8ca1ff23753a617ffce6c57986151a1c5dc1f14.exe)
Type PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5 f70a381e2af34506efac8c336df161d3
SHA1 d5eee007a4eca294491eeebd56f2ea9ab7163072
SHA256 85e530090525fb3d2ea4b243221f1960bfb6705f9fbd2e0fef583eca7f3400c3
CRC32 717A6ADF
ssdeep None
Yara None matched
VirusTotal Search for analysis
Name 346ffb4c9b4a2cd3_kama sutra tetris.exe
Filepath C:\Windows\SysWOW64\macromd\Kama Sutra Tetris.exe
Size 83.5KB
Processes 1784 (06af3e74d3e15f82336588b1a8ca1ff23753a617ffce6c57986151a1c5dc1f14.exe)
Type PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5 b58a52850e0f20f3ba6c5c2afec52553
SHA1 3f892908c4071466ad17226419d020aee7c8f7c4
SHA256 346ffb4c9b4a2cd350bf6c063991c5ffbb615a398cbb893d6afe6671880cefc8
CRC32 AE5F2F2A
ssdeep None
Yara None matched
VirusTotal Search for analysis
Name 7ba4410b66d37297_icqcracker.exe
Filepath C:\Windows\SysWOW64\macromd\icqcracker.exe
Size 73.4KB
Processes 1784 (06af3e74d3e15f82336588b1a8ca1ff23753a617ffce6c57986151a1c5dc1f14.exe)
Type PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5 a0b52693d61ff2a76378aa7e17094ce2
SHA1 2149f55dee1f5c3a0e275939fa48f83f897ac6c3
SHA256 7ba4410b66d372972476dd9c9d267451d5bd7fbca28e99d11ea177c903ed4bec
CRC32 5A67CB2A
ssdeep None
Yara None matched
VirusTotal Search for analysis
Name 982f9671c3471c1c_msncracker.exe
Filepath C:\Windows\SysWOW64\macromd\msncracker.exe
Size 87.8KB
Processes 1784 (06af3e74d3e15f82336588b1a8ca1ff23753a617ffce6c57986151a1c5dc1f14.exe)
Type PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5 0b1d4be24253b8d549c11d39a2407d58
SHA1 ff41287a4bb29e65e1fea5eda4978420dc25f8f3
SHA256 982f9671c3471c1c63e3e9491abe77e7ed9e8104975e26c10fbd8febbf99e4ca
CRC32 A7E30EB8
ssdeep None
Yara None matched
VirusTotal Search for analysis
Name cf8166b8be83159a_aol, msn, yahoo mail password stealer.exe
Filepath C:\Windows\SysWOW64\macromd\AOL, MSN, Yahoo mail password stealer.exe
Size 65.6KB
Processes 1784 (06af3e74d3e15f82336588b1a8ca1ff23753a617ffce6c57986151a1c5dc1f14.exe)
Type PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5 54cb71e0e5bdcee773834212039bdd77
SHA1 61fc14825d9cfdd685d2a675adcea0661d9c8997
SHA256 cf8166b8be83159a2ce37b785a26aea62628207f42fb17ea0a3ed724e3fa1e2a
CRC32 199F6693
ssdeep None
Yara None matched
VirusTotal Search for analysis
Name 68efb23efb20aec3_jenna jameson - xxx nurse scene.mpg.pif
Filepath C:\Windows\SysWOW64\macromd\jenna jameson - xxx nurse scene.mpg.pif
Size 72.2KB
Processes 1784 (06af3e74d3e15f82336588b1a8ca1ff23753a617ffce6c57986151a1c5dc1f14.exe)
Type PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5 c5aad8900f89db8b090a43b7ce31deb1
SHA1 7b511205a0d548810421e5304c530a213f7df4fa
SHA256 68efb23efb20aec372c5dd3131fe18c9530d291606408189bbe8219570a9dfa3
CRC32 1C39FB2F
ssdeep None
Yara None matched
VirusTotal Search for analysis
Name a7f1a6ede71dbbbd_illegal porno - 15 year old raped by two men on boat.mpg.pif
Filepath C:\Windows\SysWOW64\macromd\illegal porno - 15 year old raped by two men on boat.mpg.pif
Size 68.4KB
Processes 1784 (06af3e74d3e15f82336588b1a8ca1ff23753a617ffce6c57986151a1c5dc1f14.exe)
Type PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5 5a13ca7ad45382eca7798f3fb93d4446
SHA1 111761a9ceaa9db25a59d5e8f55816dc28497d1f
SHA256 a7f1a6ede71dbbbdd88d2b6406ce13607a216fa47acaf2c32b30482e4b15ef4a
CRC32 1A211CD1
ssdeep None
Yara None matched
VirusTotal Search for analysis
Name 267a5d08591459b2_icq hackingtools.exe
Filepath C:\Windows\SysWOW64\macromd\ICQ Hackingtools.exe
Size 79.0KB
Processes 1784 (06af3e74d3e15f82336588b1a8ca1ff23753a617ffce6c57986151a1c5dc1f14.exe)
Type PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5 9208f62180abc484380d976cdc6286e8
SHA1 ae53b1d81113d9c80532ebefed5ead7162e8b4cf
SHA256 267a5d08591459b256d2d1cf8413d5eae5c5997771abcc386b957c9fb3fb614d
CRC32 CE2A152B
ssdeep None
Yara None matched
VirusTotal Search for analysis
Name ae28032412a8ee42_jenna jameson - shower scene.exe
Filepath C:\Windows\SysWOW64\macromd\jenna jameson - shower scene.exe
Size 88.9KB
Processes 1784 (06af3e74d3e15f82336588b1a8ca1ff23753a617ffce6c57986151a1c5dc1f14.exe)
Type PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5 47a747ee05c1d979db7fa5f76f668906
SHA1 34d85ceef5d6be7aac0071068cf135fcc4284722
SHA256 ae28032412a8ee42c49531749540bd88ad81d2f3ff8665ed00fc0a70628d8de8
CRC32 D9E8BDAA
ssdeep None
Yara None matched
VirusTotal Search for analysis
Name 03a563ca2090d93b_lolita preteen sex.mpeg.pif
Filepath C:\Windows\SysWOW64\macromd\Lolita preteen sex.mpeg.pif
Size 69.1KB
Processes 1784 (06af3e74d3e15f82336588b1a8ca1ff23753a617ffce6c57986151a1c5dc1f14.exe)
Type PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5 1a724566429072ae56bcac21b72825d7
SHA1 fb6d60474b19ba2c9a3cb4653095a60c55ca06bd
SHA256 03a563ca2090d93b2f020b8e0bc7e2e1a7ea77adca0375732177e9f1ac5976ab
CRC32 5351AE42
ssdeep None
Yara None matched
VirusTotal Search for analysis
Name ecfe4a112cc5e990_hotmailhacker.exe
Filepath C:\Windows\SysWOW64\macromd\hotmailhacker.exe
Size 78.9KB
Processes 1784 (06af3e74d3e15f82336588b1a8ca1ff23753a617ffce6c57986151a1c5dc1f14.exe)
Type PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5 63deef657f4d66f55785ec7e6014ad4b
SHA1 3f07ad30c98ca41c1f1cc15553e9069125f0bcf8
SHA256 ecfe4a112cc5e990e4e18c20f9e0e41bf84fb9f4c5fe96d5ad460a32ebdfb09e
CRC32 15056F49
ssdeep None
Yara None matched
VirusTotal Search for analysis
Name 9a4281dfa0fb25d6_winxcfg.exe
Filepath C:\Windows\SysWOW64\winxcfg.exe
Size 71.0KB
Processes 1784 (06af3e74d3e15f82336588b1a8ca1ff23753a617ffce6c57986151a1c5dc1f14.exe)
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 7766cdb9f1243ffbbfece2e7d7aa440a
SHA1 32f526f78c0b69ad61c94345815338b1f221b588
SHA256 9a4281dfa0fb25d65b2acc0c7a792768bd99533a8cc82493cdc688fb8e5e30ab
CRC32 BEC10D34
ssdeep None
Yara None matched
VirusTotal Search for analysis
Name 35e88495c61ea0d3_cute girl giving head.exe
Filepath C:\Windows\SysWOW64\macromd\cute girl giving head.exe
Size 67.3KB
Processes 1784 (06af3e74d3e15f82336588b1a8ca1ff23753a617ffce6c57986151a1c5dc1f14.exe)
Type PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5 6863dcf9dc1e9f48f84d17a31b429ebf
SHA1 28d3199849006e0a6fb66e0c6732059d967ce794
SHA256 35e88495c61ea0d31c482ad2b06f126f1a467610c3766689736b2b2fd3b9ab00
CRC32 5C8048F5
ssdeep None
Yara None matched
VirusTotal Search for analysis
Name e4a53eebef5ee278_aim flooder.exe
Filepath C:\Windows\SysWOW64\macromd\AIM Flooder.exe
Size 68.2KB
Processes 1784 (06af3e74d3e15f82336588b1a8ca1ff23753a617ffce6c57986151a1c5dc1f14.exe)
Type PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5 6f5f34b2ff77f2a631eca1258f418575
SHA1 7c820317eec554996c4274f8f177023d1c94b62f
SHA256 e4a53eebef5ee278c24f36e04b5068ab965774bdeb29fdc7bb5dd7023b3624d8
CRC32 52CFF3F0
ssdeep None
Yara None matched
VirusTotal Search for analysis
Name 3e8e63ee1f91b922_aim account hacker.exe
Filepath C:\Windows\SysWOW64\macromd\AIM Account Hacker.exe
Size 80.5KB
Processes 1784 (06af3e74d3e15f82336588b1a8ca1ff23753a617ffce6c57986151a1c5dc1f14.exe)
Type PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5 d0c80e64f6ed1039137741294c24da53
SHA1 15e4981e1daad3fea67aba508fab9d856797a58a
SHA256 3e8e63ee1f91b922ecb3cd509fddd34e6996b0ce6a2268429377f6390469f559
CRC32 BF6388A4
ssdeep None
Yara None matched
VirusTotal Search for analysis
Name e9934a379ac2c59e_illgal incest preteen porn cum.mpg.exe
Filepath C:\Windows\SysWOW64\macromd\illgal incest preteen porn cum.mpg.exe
Size 79.5KB
Processes 1784 (06af3e74d3e15f82336588b1a8ca1ff23753a617ffce6c57986151a1c5dc1f14.exe)
Type PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5 d30cc8c0bad632d403af9ec16a084ba1
SHA1 040384e76deaad4eb6b537a59cd1bf177a3440ab
SHA256 e9934a379ac2c59ebdfea33ffbb526c26181811cb8088b98d5fb20b9d818ff8e
CRC32 17791D70
ssdeep None
Yara None matched
VirusTotal Search for analysis
Name 40f2637eeeb36316_officexp keygen.exe
Filepath C:\Windows\SysWOW64\macromd\OfficeXP Keygen.exe
Size 71.0KB
Processes 1784 (06af3e74d3e15f82336588b1a8ca1ff23753a617ffce6c57986151a1c5dc1f14.exe)
Type PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5 650dac04695acbceae5bd07f68de8ac9
SHA1 28d4246260e851aa67880a5f21c5e2a6d86f357d
SHA256 40f2637eeeb36316c9e3ed3c99e4589f39604f05f5b88074272e0eee41db761a
CRC32 C0785FED
ssdeep None
Yara None matched
VirusTotal Search for analysis
Name dc9208b41dbee4de_xxx porn passwords.exe
Filepath C:\Windows\SysWOW64\macromd\XXX Porn Passwords.exe
Size 85.6KB
Processes 1784 (06af3e74d3e15f82336588b1a8ca1ff23753a617ffce6c57986151a1c5dc1f14.exe)
Type PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5 50f7a93b8403469c2865a12337798d8c
SHA1 81ff4297e7bc5b4e21b7f22f56ff35d6e4b53e76
SHA256 dc9208b41dbee4deb67c22dd469f933867000b5c69c9ad08d2851e122556fbdf
CRC32 3A696439
ssdeep None
Yara None matched
VirusTotal Search for analysis
Name 3b77141232bf8f00_virtua girl - adriana.pif
Filepath C:\Windows\SysWOW64\macromd\virtua girl - adriana.pif
Size 67.9KB
Processes 1784 (06af3e74d3e15f82336588b1a8ca1ff23753a617ffce6c57986151a1c5dc1f14.exe)
Type PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5 a62a307095a89af0e9b4a4922ac6ef37
SHA1 af38b528bc69489df34f9f9372ac6d9678b286b0
SHA256 3b77141232bf8f00ef9194766f330d8ecdddb6692f6c9ba822806bcff636a798
CRC32 6253B84F
ssdeep None
Yara None matched
VirusTotal Search for analysis
Name aefeb40cc741c948_nikki nova sex scene huge dick blowjob.mpg.exe
Filepath C:\Windows\SysWOW64\macromd\nikki nova sex scene huge dick blowjob.mpg.exe
Size 89.8KB
Processes 1784 (06af3e74d3e15f82336588b1a8ca1ff23753a617ffce6c57986151a1c5dc1f14.exe)
Type PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5 b0525eee88da3904c6debe51e62740a0
SHA1 cb1f8b3ea50a798cc2173e6dc0df1f67bca71466
SHA256 aefeb40cc741c948974f41aa0c34758cd3935ca675a6a063b70157b22d45ebeb
CRC32 62535D27
ssdeep None
Yara None matched
VirusTotal Search for analysis
Name 183acb0469d5eedb_crack.exe
Filepath C:\Windows\SysWOW64\macromd\crack.exe
Size 67.3KB
Processes 1784 (06af3e74d3e15f82336588b1a8ca1ff23753a617ffce6c57986151a1c5dc1f14.exe)
Type PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5 b51ce507a4e7782df8212fade7eb6690
SHA1 1c4f242e493e85a7875a5948c3eeb0355fa81178
SHA256 183acb0469d5eedba4ab851a593a516a0394dc018f8670d9a5ef612d1b9dae38
CRC32 6B773EF8
ssdeep None
Yara None matched
VirusTotal Search for analysis
Name d5113ed9e24c2626_choke on cum (sodomy, rape).mpg.exe
Filepath C:\Windows\SysWOW64\macromd\Choke on cum (sodomy, rape).mpg.exe
Size 83.4KB
Processes 1784 (06af3e74d3e15f82336588b1a8ca1ff23753a617ffce6c57986151a1c5dc1f14.exe)
Type PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5 ebd6fa2f2c1ad568527c1c921ae83897
SHA1 905b231311f14dc6ee732df9464e7552242e20d7
SHA256 d5113ed9e24c26264d3435004ed09a8bd3521b6e1c5bfa8f85f735455e1f3ee7
CRC32 AA30275C
ssdeep None
Yara None matched
VirusTotal Search for analysis
Name 2a898eae924a1378_chubby girl bukkake gang banged sucking cock.mpg.pif
Filepath C:\Windows\SysWOW64\macromd\chubby girl bukkake gang banged sucking cock.mpg.pif
Size 88.2KB
Processes 1784 (06af3e74d3e15f82336588b1a8ca1ff23753a617ffce6c57986151a1c5dc1f14.exe)
Type PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5 a0c402f119732891f044cb6304e458a1
SHA1 1942ea509c0efdb519bbdba79b063713e312a95c
SHA256 2a898eae924a13786895d3e577b76e1b0156b7cd992580fe2a6fa7d512dfb462
CRC32 5D3897B0
ssdeep None
Yara None matched
VirusTotal Search for analysis
Name e5e8ef644191b593_website hacker.exe
Filepath C:\Windows\SysWOW64\macromd\Website Hacker.exe
Size 83.4KB
Processes 1784 (06af3e74d3e15f82336588b1a8ca1ff23753a617ffce6c57986151a1c5dc1f14.exe)
Type PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5 7bde712d0702d6802782eb72d780c81c
SHA1 bc3d78251f3f0e3647974647b15214d48be83102
SHA256 e5e8ef644191b593277d01683c774d3a7b7806acf8fbfc53d370cd5d84fe1b0e
CRC32 BC42B09F
ssdeep None
Yara None matched
VirusTotal Search for analysis
Sorry! No dropped buffers.