1.8
低危
60 个模型检测该样本为恶意!
重新分析
更多

080381b782907251d554e60dc71e9e823474a0ab9848ec664cdacf0589faf81c

080381b782907251d554e60dc71e9e823474a0ab9848ec664cdacf0589faf81c.exe

分析耗时

133s

最近分析

385天前

文件大小

61.8KB
静态报毒 动态报毒 CVE FAMILY METATYPE PLATFORM TYPE UNKNOWN WIN32 TROJAN WORM PICSYS
鹰眼引擎
DACN 0.14
FACILE 1.00
IMCLNet 0.79
MFGraph 0.00
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
Alibaba None 20190527 0.3.0.5
Avast Win32:Picsys-B [Wrm] 20190907 18.4.3895.0
Baidu Win32.Worm.Picsys.a 20190318 1.0.0.2
CrowdStrike win/malicious_confidence_100% (D) 20190702 1.0
Kingsoft None 20190907 2013.8.14.323
McAfee W32/Picsys.worm.b 20190907 6.0.6.653
Tencent Worm.Win32.Picsys.aab 20190907 1.0.0.1
静态指标
行为判定
动态指标
在文件系统上创建可执行文件 (27 个事件)
file C:\Windows\System32\macromd\girls gone wild.mpg.exe
file C:\Windows\System32\winxcfg.exe
file C:\Windows\System32\macromd\Choke on cum (sodomy, rape).mpg.exe
file C:\Windows\System32\macromd\Britney spears nude.exe
file C:\Windows\System32\macromd\DivX pro key generator.exe
file C:\Windows\System32\macromd\AIM Password Stealer.exe
file C:\Windows\System32\macromd\chubby girl bukkake gang banged sucking cock.mpg.pif
file C:\Windows\System32\macromd\Pamela Anderson And Tommy Lee Home Video (Part 1).mpg.exe
file C:\Windows\System32\macromd\Website Hacker.exe
file C:\Windows\System32\macromd\Hotmail Hacker.exe
file C:\Windows\System32\macromd\Bondage Fetish Foot Cum.exe
file C:\Windows\System32\macromd\Kama Sutra Tetris.exe
file C:\Windows\System32\macromd\jenna jameson sex scene huge dick blowjob.scr
file C:\Windows\System32\macromd\nikki nova sex scene huge dick blowjob.mpg.exe
file C:\Windows\System32\macromd\msncracker.exe
file C:\Windows\System32\macromd\fetish bondage preteen porno.mpg.pif
file C:\Windows\System32\macromd\jenna jameson - xxx nurse scene.mpg.pif
file C:\Windows\System32\macromd\crack.exe
file C:\Windows\System32\macromd\16 year old on beach.exe
file C:\Windows\System32\macromd\Digimon.exe
file C:\Windows\System32\macromd\Lolita preteen sex.mpeg.pif
file C:\Windows\System32\macromd\preteen sucking huge cock illegal.mpg.exe
file C:\Windows\System32\macromd\yahoo cracker.exe
file C:\Windows\System32\macromd\play station emulator crack.exe
file C:\Windows\System32\macromd\Another bang bus victim forced rape sex cum.mpg.exe
file C:\Windows\System32\macromd\illegal porno - 15 year old raped by two men on boat.mpg.pif
file C:\Windows\System32\macromd\Warcraft 3 battle.net serial generator.exe
该二进制文件可能包含加密或压缩数据,表明使用了打包工具 (2 个事件)
section {'name': 'UPX1', 'virtual_address': '0x00055000', 'virtual_size': '0x0000e000', 'size_of_data': '0x0000d200', 'entropy': 7.894471213144544} entropy 7.894471213144544 description 发现高熵的节
entropy 0.9813084112149533 description 此PE文件的整体熵值较高
可执行文件使用UPX压缩 (2 个事件)
section UPX0 description 节名称指示UPX
section UPX1 description 节名称指示UPX
网络通信
与未执行 DNS 查询的主机进行通信 (1 个事件)
host 114.114.114.114
在 Windows 启动时自我安装以实现自动运行 (1 个事件)
reg_key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\winxcfg.exe reg_value C:\Windows\system32\winxcfg.exe
文件已被 VirusTotal 上 60 个反病毒引擎识别为恶意 (50 out of 60 个事件)
ALYac Generic.Malware.G!hiddldprng.4A2FD3CB
APEX Malicious
AVG Win32:Picsys-B [Wrm]
Acronis suspicious
Ad-Aware Generic.Malware.G!hiddldprng.4A2FD3CB
AhnLab-V3 Worm/Win32.Picsys.C116429
Antiy-AVL Worm[P2P]/Win32.Picsys
Arcabit Generic.Malware.G!hiddldprng.4A2FD3CB
Avast Win32:Picsys-B [Wrm]
Avira DR/Delphi.Gen
Baidu Win32.Worm.Picsys.a
BitDefender Generic.Malware.G!hiddldprng.4A2FD3CB
CAT-QuickHeal Worm.Picsys
CMC P2P-Worm.Win32.Picsys!O
ClamAV Win.Worm.Picsys-4
Comodo Worm.Win32.Picsys.B@1awl
CrowdStrike win/malicious_confidence_100% (D)
Cybereason malicious.362bbe
Cylance Unsafe
Cyren W32/Picsys.FYLV-4646
DrWeb Win32.HLLW.Morpheus.2
ESET-NOD32 Win32/Picsys.B
Emsisoft Generic.Malware.G!hiddldprng.4A2FD3CB (B)
Endgame malicious (moderate confidence)
F-Prot W32/Picsys.B
F-Secure Dropper.DR/Delphi.Gen
FireEye Generic.mg.c97464e362bbee79
Fortinet W32/Generic.AC.2C8E!tr
GData Generic.Malware.G!hiddldprng.4A2FD3CB
Ikarus P2P-Worm.Win32.Picsys.b
Invincea heuristic
Jiangmin I-Worm/P2P.Picsys
K7AntiVirus Trojan ( 7000000f1 )
K7GW Trojan ( 7000000f1 )
Kaspersky P2P-Worm.Win32.Picsys.b
Lionic Worm.Win32.Picsys.tpnX
MAX malware (ai score=87)
Malwarebytes Worm.Small
MaxSecure Trojan.Malware.300983.susgen
McAfee W32/Picsys.worm.b
McAfee-GW-Edition BehavesLike.Win32.Backdoor.kc
MicroWorld-eScan Generic.Malware.G!hiddldprng.4A2FD3CB
Microsoft Worm:Win32/Yoof.E
NANO-Antivirus Trojan.Win32.Picsys.deaxpd
Qihoo-360 HEUR/QVM11.1.B87F.Malware.Gen
Rising Backdoor.Agent!1.663A (CLASSIC)
SentinelOne DFI - Malicious PE
Sophos W32/PicSys-B
Symantec W32.HLLW.Yoof
TACHYON Worm/W32.Picsys
可视化分析
二进制图像
数据导入图像 288x288
数据导入图像 224x224
数据导入图像 192x192
数据导入图像 160x160
数据导入图像 128x128
数据导入图像 96x96
数据导入图像 64x64
数据导入图像 32x32
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

1992-06-20 06:22:17

PE Imphash

359d89624a26d1e756c3e9d6782d6eb0

Sections

Name Virtual Address Virtual Size Size of Raw Data Entropy
UPX0 0x00001000 0x00054000 0x00000000 0.0
UPX1 0x00055000 0x0000e000 0x0000d200 7.894471213144544
.rsrc 0x00063000 0x00001000 0x00000400 2.805690510271861

Resources

Name Offset Size Language Sub-language File type
RT_STRING 0x0004d958 0x000002a0 LANG_NEUTRAL SUBLANG_NEUTRAL None
RT_STRING 0x0004d958 0x000002a0 LANG_NEUTRAL SUBLANG_NEUTRAL None
RT_STRING 0x0004d958 0x000002a0 LANG_NEUTRAL SUBLANG_NEUTRAL None
RT_STRING 0x0004d958 0x000002a0 LANG_NEUTRAL SUBLANG_NEUTRAL None
RT_STRING 0x0004d958 0x000002a0 LANG_NEUTRAL SUBLANG_NEUTRAL None
RT_RCDATA 0x0005f808 0x00000050 LANG_NEUTRAL SUBLANG_NEUTRAL None
RT_RCDATA 0x0005f808 0x00000050 LANG_NEUTRAL SUBLANG_NEUTRAL None
RT_RCDATA 0x0005f808 0x00000050 LANG_NEUTRAL SUBLANG_NEUTRAL None

Imports

Library KERNEL32.DLL:
0x463254 LoadLibraryA
0x463258 GetProcAddress
0x46325c ExitProcess
Library advapi32.dll:
0x463264 RegOpenKeyA
Library oleaut32.dll:
0x46326c SysFreeString
Library user32.dll:
0x463274 CharNextA
L!This program must be run under Win32
StringX
TObject%HD
dA0,(dA
4Z]_Zts^2O
;aV{;t#
+WSXc;
t:s+An#4
y]Kni3;
vtPFHFML>5
+[:>GU
<HEx` 8S(@NC&
d2d"h'5
}7&-]S%
c3GJ/xr
%|JW6XJl7
+]rgbU
c;7~7+
M]H`T.
{ ,!tyT2
lDrp
+v6aH;=
pu,zPU`<
ppQp48fR
`?W[aB
Zt0t%&d
T,`.+T
~VT!t1|9
Tg)SjM.S
EP3GEk<f
:=^Nmu
mhLg`Z>{^\H
D(7Gnf
'v6#|@!
ZHQ69sk
`>k[f
ThhX+jdyfd[
e4heC=Br/
5#fF_o
i;{H1`
pz,wkT
G8XMoGK6
} t>-tb
+t_$WhyxtZXtU0'v/}
Dl){-i}p
~ExC[)A vl)#
*tA[ar L0
U"FY12[gl/Y@
k1OH}DDs%0
7.7@v:k
>7bxAz
&Dn2xHW
@aQYR@
b@"E@|oe@p+
-BkU'9p|B0<RB
M~QC/j\
Cv)/&D
dEJzEb
9;5Sc=
];Z T7aZ%]g']
R`%uYnb
4htm\M
>Uhi20d Ee/P3
k@2dYp
TOfpD+
ffG/)?f
OFTWARE\Borland\Delp~\RTL
FPUMaValue
Q.9jK8Q`-+IY
ujVt6Vv<qB~E!
fiYRjX
f}P6m/X^^
a;JBR5|
?GDhxP]Xp7P<O
RZ]vv
v).w k
Pba<tpa
(b]T5RN
{l%`_[=O
9Zd$,_
/'=t&u
nP5wFB
RnL]|th
4K0nx]
Ou^_>b'
&Q}+~C
`_xnpQ\DW
f*+8hu
LN+z.[+x
\`WBp-xX
t)~$Pt
}(Vx#g{
R4EZ7j1!R:
Z).C/-Rf;0
b9:;/_(U
oOEp@P7
JZX[$C
8t2SCn!mX#
-L:H@W[;h0tX-/X
+VO]tc
u%mxN9
1|n[nk
>udZd4Uf
XfA{JI'
TSBx4K"
{Zdu+PJ
m6V]{u
'b)[RR$.Mm
5d0M;{:Pf
u*b+]C
#zd8\+l
+HP)^@_Q\6?@YmVY&
\kernel32.dll?WGetLongPathNameA
";dWQaGwV
e{fdgq{
%yXhG!
Jw=LY/
jV4rajxtd
Qoft~c
wareQcales6V
SaX9.J4?4wAbJ
Rd|}@:
KM#y M@
fAP$#G@HP$
Exceptim
y$qEHeapZ
EOutOfMemJ2yK
EIn]Err[+
t\ApWp$WQ
k d(_ma
PEDivByZero
@RangeWF d(s$lInverflow4Tc,@^4T
yYe<UW<Um
_[d~PoinHV[
[Ca!CYsto[H
EAcssVlaE+`W`W] Prxle
tjlCklW
Fand(Y_,W /(Y
b=+lrr[j
2fPrv8[
@oSafecal
SysU"ls
Z#9A24
I0[ws=<
$OZY3t.ho3Xgf
G8VYch
-%_[KHWV
h})r.UR
x3MRPm
/0_t!F<U
KT?Q(L\
h `DmJDM(*X
R]mh.1
<%6Ju+E
}wQ_BMpZYN
MD<*t"<0r9w9i.
`vQp#M)p
[XOi-j
*"c;g}
mVO_P+wD0E
9v%j#n
9uX^p{0M/^).
]n}n-:s
kZINFN
e%E9vI
*Ya_zHCTIt
Au.!nJys
J~T[YC
---7]su
<D*LmM
5r%{Vv
[]fm8S
|)A->
p4{j*8
d69}*3Q
(o`CDHX`YU!X"X<8C
c,_zKrXp$H
k^Y`#1~#2l
|pgA/p;~X\
V4M.9@0Yt
&+2]&\
R\=T8l_;",
O|rjEa0Q
8<L$H3pc*J
PP$O<=<o5C:a
H@faTAl$
Gsm]a_
|Xx'fr
ht(b-w,
dA1YS!
dU<HtHU3t7G#?#5(
7VZ36>[J.y
`NFnu+"
Aj0eVcdY
@Ut9@q
R"sxZ4urP
9RiPl@Ul=
"%MFW]
WhaJf<`
N(NhN|
@tCh*hTg
GG#2,Nu
pT/GRh+
}gxWe9i
Shl.GW
W}`5j:
oU#A6+Hu.jJL{
GIuS?~
>piX &hDzZt
[$4,@p
26%6 C!!
r l>#@
>'dso[C
m/d//Wm
-\pKh#~s
:~0VTwhD
kFreeSpaceExA
4i,H$8
ie4i`pL
AA\|4s
44lN6D
|d3Hxxht pl
vN6'`\
9PL,ds
iN6,((l
30Y=S>
D@'d84(
o@Nkpr7
0xGWant to
o s a mawiv
cock in
tigh&littl-t*n's pu+y.mpg.pifmOO
C:k"o4
ocu7(sAomy=irape)+exe
5Vear-ld webc~
KSN#lay
t emuZk\PKm[P-Xr}Wm/g("^=K
pU]RH"n'2'jje- x
nu5sc}
noth b=
: vic"fpx
'.nikki]ova"
/`ugdib.{o@Ojob6
[kK1Sutr
-pk/6Vu?KY3BV M1
op*cbbVhZi3uckfL
@F3 gUf
Wbi[HanO
Btn9J8
vtuamad
<%6o(l
a13)#OLkK*MSN
YawfZh
#-_36^
r7&j7lg
=Pdhh4;
UffNwqkh8Rc
-%up>?
([Website2LM:fA
`1wtEUf
I*a*t`gd#x
CD KC_
x#ICQ[$#
kTA 3b5
~Gr"=fau^
_$D1C9
llGm]L
uicqV6
{/Mmt4\
Oi4v_XPee)
[c.s#c
S){]3^7!eoo\"
g(zip7%_
Fg)kBAIM
FZod%%
PS $q4'.erh
$4waoJx
kHs}b6
RBx3*
$,4CaM?$cIsa-%p
+C9aaR
w2ss;7KeaN
,JsiMI
(jkQm!)W)a!,eMi23
Mhv:3G{
hY/,!%
xp8 tH
L6.awbsVF *l
-S&P\Z\.t
<Hl'_7
Hc76T_E
8w~B<\
{h>g(:G]T*d=
H=%lhWH
h<T[ d';
j6,3&;
o%d6}ZHH
KHm0b8
!;E n2!|X
#0as{u}
PJl@CWSetup!j
Kazaa2
I`srPS7 7P2c\md
FK0345:3C1
sbmsM4
rt2s#6G4%CPp&nAsy
6789ABCDEF7
$4M,4<DLM4MT\dlt|4M44M
OOtiOP
<e4M`,
H4MhMt
0M4MHX
@ix3Nc0NM
N63/;MAz
NNN4H4}{u3
NNu' g
<<{3kM{r;
T?b},[N
tq7d`g3
^A-ggp
JOn+a[iF}0
g;utti`
u]>iK
;uc]yx
Ax90gnl3ci
Eb]wsup
}tKk-aCe}
nllcysGv}l)Ye
r)ol-]pmut'
Ldoipb
_tk'\w1vOl
%h{<H]tP
m/mug/$
WQbwh=^A
?JYWFw"&@ sCp
wIfayIg
?w f-a
?{K1wz/
Rgchs%
L! /Thisgram must be run
der Win3[/
$7CPEL
6CODE/$b
}~`DATA
dj.idat>
'@ltls5
MvP'eloc0
dA<84dA
qJ~ppk
NTJ(c&
o,;C^I
/'9=52g'
X?"TB~!cO>A
K%MGNI
c *y
Q`ce(%/8}$`9
AHw_p7
4* 3Q-
B~YSolLiyW1
,9? W]
DNK7J>
+y|$)|J~
;I68@w
fP(0I&cA
;D]usR@B
@(8VAA/
y|B2<@~
2&fK#^OY
/~ /H3FVAAB
Ppv'epn7U
neH91B>a
2*p_|(X
4 y%@
9(_P'<v
$NTP$\
]l ^Vn
@KWr((_
u'|YK~J/Pw$6
G+B{F$9]ahikWD
l,t"+8A
8;v'1#`
8w~';1H
[ t>@1SOW GX
@>%7*(p#T!@
?O!O>H>
eW|TPf[
!ddl@2C~ts@>\APHGIo@8K|C
(8m9 o6V6
{+nAPGo
]A[:o{
?|NB<o
rr`\XT
2 PLH2 D@<
2,($&3
E]$SQRXN
2tplhr"E
J|dYg~
@H]!8E
|{Ep>GHa
TDC.8?
+>;3'4$Aoy
t?f`w&?z
J:n@E
%cH5i&#
*U6[;f
Ur+fJv
F0lc!n
32$O6tONGv kN
!Z{XF
|gV,wc'
FMF)zt
g(6a!L<
*.*#1q
P{hz)DXk5
^A_]F<)L
_b k0Bf
U4 vI:g1X
SaC6$S
<6$Z'ZO
"HX@*-i"J>6H1YhHY
@HtJU'|h
/\F"N
M~- H[
scAMgH
FCu'k=PIj
d9B9UF
_z[A6 l[
g$C"OEm
P2dwiL
y%j}gE8
Pfv&gdv[
U|g0[
Y0c('D3r
nJfC[0phe
v: 1.31
S type
#3.1 +@
xN.{98
direq&kctRy
B.;UNa9
[ (Siz{
s@B4h[BdC
(9RK{V
;XPm}
/yZK;";f7H6&
L-hC6`
1+xZ$\':s
R8'fFg3Jk<g&
j.<9i|
glf*HS
c#.EfE
tV<<Q[
GET /cgi-b/w.
F HTTP/bV4~O8SHost*~.s-Agen
LynxTx/7.5fwlibw
a}O{nT
j[*2VK
:$N<e9)hd[
I5(eS3UGH
60GSt!P}
-Dh=6r{
=l9'Thf
Ag"H6/
@Df$q7f
<DGV_J]BN][
AJ[{jV
!qKkiI
Y?)!Ia
g3;p`qr?'6'c1
='J#Ks3
Irem9+
-"ht2SL
{Pk<>l
wNK}d#
1?=vFx
$K;47< 2
Z+9aNRw
rmRC:S
H6<</E
PmaVx!
$e5E]0
Sj?Wh<3
Mr]t[e}7<+8Il4
(KP~KERNELo^
DLLRegis*MTicePro#(E
0xFF0B/nL3
7\mZexcw_/krn
("xmovj
N-ROMoJ
\!Y^&lf|
*i8HTbxii4
".JM4M\lxM4
M4M"8J^n~4M4t
RdvM4M66
|KeCriYcalSebE
Ale/Ysi
oOGkTh
lA-S[p~foA
'L!_*OG
_Comm#Lin:
brdymh/
{T6?nhI
E-Of<At2+l@wi
$$[haDeQ
&_dHk[G
yvmTGBp
C[He4hu35Ke
d9MageBoxk7b9r2xt
-AJpi9Q>
uJybE,
o{aut?2"
N(6"ufB
ofsourcqu4M`Mp=6#
L<;@ f
qR2pH{;
nsl.-
`Rcu6ln4Ak
k$WSACn&
AsyncS
-Fcv|4n_
jel+z'
r7vw1oh
dndcJbiIj
$UTz:.1
:MZ<Tm
ool7Rich'
.t;J '
8%|Sn'`T+U?
<Fh7YE
f~3*UN&
4xP39FTU
_~-}$0%
*7C[*Vj
=&R%-I
G8@(II
]w<Vs+
zW^1^,2
ZXSv,WMF
Y?~t;3w,9YFj
^Vn4(~
V jp*u_h
yBUCWMw43.'Un
NM@6$MS
,('q9j ~
6'j/z7s
U=?)`lEmhwi
>>5^T`
<+%2Dwz}
@UyFYlK,l;)
tq_ uYN"
meE/Ao
h(@#TWn&Nl
.`bGwD@'/-3pDGD
pBA%v
l~8P4Y#7#4
u4fW)Ma&
/Zp~[w?
#CtH5.2
Al}y8yxJu$n
Y^(p'N2;O}
A|HsX*
akL(x.1$ G~
Ft0iK+
vE-N4=]}
+NV@HXl
F@G>DbBl
3j>B"J0pa
AmGjW[D
soxr-^t
4[G}1^9
;5lDw!qlu
h@7j'W
_w6#F!G?4]w_
D<4U5M,$
4MAK5Mt!.
|VK|K
EZ[4M]
UqB7*f_d
x*r_ *p
~~3-nr2J_
x8t68t't
-wN:B7
kVngni
j8Kpvf
SU*.~
a$5"s^h
CW::wh(
9M}wBVe
CH;rWE_Y@yS
3T5BKQ9
wSUH(Zn
xf/V[X
^;^}%95L~
X#xwQ!e
sMFG@3
y?Vct, ZH
AKLTG%t
jvxxd;*d%
rXi>\8
WY_6]`f7W
DVM[]$
u+u!9$
?{A_/@B[
n@>;vb
LRIJo,g
g,QC2?=
uY$js{
to[p[`
/<heUV
kV\XMvLQWu
?$s~^;
E0\34*
WGTC|N$T
AqOC7iZv0@
(Bw<GwH
)OI;\+5^q\9@
NY>_Iz,_;S$>!\
YeNKYKY
YK6\3x
l!OGZs
u(!!Nv
%vywqm
.+au{X
l=jKYKK\$
ayAX2N
{aa)"t
2Pntll
(08@rDdP=
wv(nl+
FWW>^FGShH0
8-[gtfa!.YWM
(h d(6Pq
* B^6I
9ffzk'
WtgB>+sQF
[U[Du|
He3G&
xUo!H;
MyHHt
Nf+m f
D<2^)Z
tH|u.g:*u
.]'<+/
g0=lH!
=R[pa
:cA=tV!
'a[E{[
90n:W$@
CGPCA51
'A^fp4.B
K8u]1&<
u6?Ksm|
;Z21Y+
~PKgd{d9#=
yuFX^=
C~N=>=9.=
vXQXY_
f,92nt
GUtJAy,
pPjh|J5
,.$t(4vBq
hcEmTR'
VC20XC00!
%V3x<%!nd
"}Y]65
I"UU{c
a/'$PV5
j{(kHZ
6p o7I
@"t)%A{
"\3@D,
7I!-p`C&33u
%!<} \
d'\g\3
VSt2:Lt<m_`Ht
8X-``;m
Q|xm9=g}VL
hl,AX&k0'
V@VU!u,
M4MT\dltB
S,AAK
KhVtc<@
iJD.WS
BDZlA0
Q)2)uf
gWQOSM
;NQ=#Qr
s@D:*D
k-[jZm
CA8Lpm
\ur#Q9B/
V+;as)
, @-,t
^UYA%oI
p6,63n
D AQ;vKp,|
V:|{&.`
2QI8Cr*h`E
8PbE[1
g]Sp*O
NL`^2o*nPn
tt0B=LG
(J1Vw!;
p`Y 5u
%JG@VO
\P_k;P
R@y~G>E
+CU|Si
aAV;Pp
|7SWU[Z
BY_[jh{]
VVI&X#
Q7 LJ
'G8t,A<
`m8`xw
w0QYlK
Q<)3HP
97t2Jm
{Cy4l,AS:,l?
<E=DZ#
|)(#|}
G;[|^qBAOO"
.Jv])^,
Z)P,Su7f
.D7$A"
_Y(aPY
4OJ;pF;s|,"9
7EKVl[
\`}p:|#Q9?Bd
$"Dh0
x @LXiili
*8FTb4M4~ie
,BiRb~i
(mi6HTfx{4M
50 (8PX70
)(null
TLOSS
v- K|XP
A~ugh s
std5Z,pur+v3V
b(_4_*kex\/X
_N19opeX1s
+[k8F$ed
+m!ck/
Z!rm{!<
AF*+0.+8
argu(s_02
=fnngf
C++ T38fMO
\E=Pklwn>
, MD45
AD1^emb+Nov
neAilp'
g_W{{SKGC7yC?K;3#
{C;7/'#s
&s.-s9
./wwp@\v{p
WSOCK}@@
MjPabe
D5lqaw!q!
W.e/ToMdBy
qFFP<7Z
@91OEM
sh[Buff:a!
%7d^y A D*3z>"J
J/html
f/ls,>:</
xnn'%s'1{n
.#r.(5_
-?a404 N-sl+x9n
*'kRZh"U
7200@_l
yI /2..02;4
.:t+ps://
AC6`P3R
4M7m p
Kj@$@
^_r+_j291~tY|@v4
04M,($
xpdi\PD@<
uw.`WYw
'X/cp(c
kST[PD,]?
bT 6XsH
'`e=O!@_s.hImpla[Y4
cpxBB|"ase=C;Z rtye
[CLS:C
[dD9cDLG:IDD_CHOEPA
U.S.))1
=VC_TY.D,butt%,134#2373892FILE$
1772%J3`I
PWD1@D )
p?] E#
9dHb: /
WhE;Qa@W_I
WE{d}"
w1]n_[
hZ\8fgsj
fvZwQmZ
_*0M2[{
Blh'?*[f;g
PHV'v^c
H*w*|W
D$^H0j
;o:)V="8
$|hd2A
UJ[( C
Ov+:k=owEp
2 x|2
Ie+rlp
BE?42/tc
(ud$CSwhoisQ3]EicHu
@%',RE53`l@
a@Le![iEi
E@ud;H.mte7
7boo:67]![8,*
'9rje7ne
fe;g$9
k?8YTY*$
ul_port
+C en
Dd:%u2
%j{(sOVcx
)='ID/X*,
E[hk*!l-Z<-a\lf9\
sf[()G6e!a
ov *5lb-
&ye520oN<
%cGr%n>30rpc!nfenLf!1chEe
Mvd-cD"AMIT
3JI&wskQI&2
0Cc&wK&3v--rgy7Fc
>P^niixi]i
4Mt/4T
4M(0:DT
+*Y#++K0t
UA|_sX
emcpy5
1109FPDs
2`9WI142a
Rpsy08
)d5:-#V
ad3/!Ey
(^lR>a
varcDH
ePJZF`
o`Q^Ddsao4
KERNEL32.DLL
advapi32.dll
oleaut32.dll
user32.dll
LoadLibraryA
GetProcAddress
ExitProcess
RegOpenKeyA
SysFreeString
CharNextA
eJ_{E_#>L)3y;U;2`Odk
EnzD?>E
7>orzew*><
](I:W`
QG9H}I*
0'R&Ex9&
t6yn]F
LPrFJZ=q}XCs,
HVaQEdz_w\G__X;
$_7{/8
.{+Ee{5
}~jSs,/
inJp~DX kjC
qmq#"t
&p4m1I
2{k*?s.1
j9!t*!
wc|51v
@m4p)e
kuV]Mqt(m
x(f]N|
AKm:enw$0D
YG&iX,Y
!wJ[05RC<`
g-$ny:
#wW%f+
l/<2(<
-U,|N?M
+a3#IC8p}k
zj|y+?M$^6KW
[y"IFI
q-TL.);
|-rNxYi
J-L*FToH(
*H*.LR
h->KkY9
e.HjAvr0(
Ea@_OpF/
N,w/cy%h
{s:_0YE7
Z/BL18
.1%`wghPB&
~3Z*KN
:S[vE)@})b
&"*q.|& $qpM\p'!jBha'Pid
ldS^T
{Jd;WU
*6Vs(f
3Gz6$oQ~
;[9s]3
rvU"[*
mZr4PN5C*
_xcl}&Z
\oYyT
j5T;Ru
CiE8)v:|(
la{gaFrTj0>
y+1vdr
Ml3{'KLoI|r
HT:357z=
*z3v:_
c3~_bZ3W&
'^9D^[
8Lw?=}L'
z4-8q8t1x C
>ZrooU
&O78,;3Gw?s^
D(S?zp
)XaukB
3M?mj5I!
_%4IVY
!1N3s]_-[3
!Pop`ZMX
.'R^o|E,a/R]
w/Cg()_AM
Y*5 P~&(;ag
K*V?^)\ZS5
i{!:=O
(Dr<bvq?^
*+SD3H'
M,{:N7
y-F%n<
+tB'5u7+C"z{j
|+4YRnKkP$
#g;U$<
Y?78jeAo
vsATRXL^
PV_,zkM
*&EB3,>9fs{JG
XySkF A
D*TM13s
;O%r;0$0/L6~
`p(Am+f*
FowhD!P?IpX
%m))$0
Ovd{gp9
D"#V:F~V'd
y}]riu
0[eF/*Gy
fu66O;
*7{3&p
`eio4|
Ke ^7P$][w&6q7
&="K@QJ*
I%)0-o
kb`uwVj#@gmi-fKuL
gYn6<08;qs|+
q47-,w&e'!0
zfD0Z9
+7^F%y^
@C`lyY7yF
K*t_gcV
eE`Gol]
ZSVrbH/
+v>Z7I4b
Sw<(x/yy#
J,&mTPD8
N:CEj2
x9`C=
FWYb!*tx
nRC$Xb9
`8g>~=
5q9?RU
=^LQFL
V=P[H;vB?Gon
.>F' sE7
I]]P`&l:vqr/
5=Jfc|
$CYj'pD
':{(.Zww
mGv65Sfht*Dj.f
LF(tPJ"
@J[,O9
h.?mj3
-tU~M]nw?Bwd/
NX0\@J2Qz
=~lN}Z'K$r
"r+x5Ac4;O#<v
&d+xIU.n
KSNlnSRv{j.
)pv5c?:p`v
WsLf\~!Cd>=4b
foUYzKKSjL3h{mZF_d3[C{)
`"1{}-o,
b4,6|U]
v~jzJH
]`u4ZQlVnI2G
vd/H/!<@(b
5<=Vr[/UfW"
A2<catE}
F9ZE(TFI
/)&il}
}7!`le(
y)'GwZl
*z5f+7P|
e^LX;6X8+
kE[La)
5ZKx[n=,
mT1HEP
k*:(.v.
Hd[/N_
H]@7R1>
Ww:o$#%3|m
]t!GfcHG4WOtrl?@6#X
P=TsK4(\=GN(R
DVCLAL
PACKAGEINFO

Process Tree

080381b782907251d554e60dc71e9e823474a0ab9848ec664cdacf0589faf81c.exe, PID: 1856, Parent PID: 1784

default registry file network process services synchronisation iexplore office pdf

DNS

Name Response Post-Analysis Lookup
dns.msftncsi.com A 131.107.255.255 131.107.255.255
dns.msftncsi.com AAAA fd3e:4f5a:5b81::1 131.107.255.255

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 53179 224.0.0.252 5355
192.168.56.101 49642 224.0.0.252 5355
192.168.56.101 137 192.168.56.255 137
192.168.56.101 61714 114.114.114.114 53
192.168.56.101 56933 114.114.114.114 53
192.168.56.101 138 192.168.56.255 138

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Name 22661f1ac0b2c6fc_girls gone wild.mpg.exe
Filepath C:\Windows\SysWOW64\macromd\girls gone wild.mpg.exe
Size 67.7KB
Processes 1856 (080381b782907251d554e60dc71e9e823474a0ab9848ec664cdacf0589faf81c.exe)
Type PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5 9384fd38c0191d0eebba19a8c105ba7a
SHA1 fbe6295c077a5a911e7513a27044f8a534045c77
SHA256 22661f1ac0b2c6fcc0517dd2712dd954374783f33f687757d7b40902bc8c2af5
CRC32 F9706E86
ssdeep None
Yara None matched
VirusTotal Search for analysis
Name 41e88eddde43a957_pamela anderson and tommy lee home video (part 1).mpg.exe
Filepath C:\Windows\SysWOW64\macromd\Pamela Anderson And Tommy Lee Home Video (Part 1).mpg.exe
Size 72.0KB
Processes 1856 (080381b782907251d554e60dc71e9e823474a0ab9848ec664cdacf0589faf81c.exe)
Type PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5 30ca1dcf867a5ee8d69e7c6e9c4bdc8d
SHA1 e50e689774819c062bd281ec7278a2cad381f9f8
SHA256 41e88eddde43a957e4a20ee0ad9cbf9cf3a3cb2f8c9eaddcec3416c48bfd1114
CRC32 60B1BEC7
ssdeep None
Yara None matched
VirusTotal Search for analysis
Name 1714739d2ec9fbfd_another bang bus victim forced rape sex cum.mpg.exe
Filepath C:\Windows\SysWOW64\macromd\Another bang bus victim forced rape sex cum.mpg.exe
Size 67.1KB
Processes 1856 (080381b782907251d554e60dc71e9e823474a0ab9848ec664cdacf0589faf81c.exe)
Type PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5 f85e8f22af9b1783428a26bcb929cf5a
SHA1 86b0c06ccb75d9de9b5765bb78b960e94a3bf482
SHA256 1714739d2ec9fbfd6a8fa13e659c3c40789fa88babc56a82d22ed46c703f48a4
CRC32 DF7B989E
ssdeep None
Yara None matched
VirusTotal Search for analysis
Name e6c91b1598fa789d_lolita preteen sex.mpeg.pif
Filepath C:\Windows\SysWOW64\macromd\Lolita preteen sex.mpeg.pif
Size 62.7KB
Processes 1856 (080381b782907251d554e60dc71e9e823474a0ab9848ec664cdacf0589faf81c.exe)
Type PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5 19d36780c00c2de765e8a834bef8a07b
SHA1 e553f1fa51d61ec03655dbcf10a48cb8cab48939
SHA256 e6c91b1598fa789dfa8a2e981fa95519838ab37136e1323fa0c90be62d02391d
CRC32 0E3CBF9D
ssdeep None
Yara None matched
VirusTotal Search for analysis
Name fdb015c203bdf8c3_divx pro key generator.exe
Filepath C:\Windows\SysWOW64\macromd\DivX pro key generator.exe
Size 71.6KB
Processes 1856 (080381b782907251d554e60dc71e9e823474a0ab9848ec664cdacf0589faf81c.exe)
Type PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5 96a6cd6c8675f97ad45026f56b27ade1
SHA1 b202698db53a8fa982e3cdde998060677b4d41af
SHA256 fdb015c203bdf8c3dc76018643b65220fedfc3a9bad8ff803452e9f109cfe5a5
CRC32 86C36F34
ssdeep None
Yara None matched
VirusTotal Search for analysis
Name 14ad4fde835d4e8b_digimon.exe
Filepath C:\Windows\SysWOW64\macromd\Digimon.exe
Size 73.0KB
Processes 1856 (080381b782907251d554e60dc71e9e823474a0ab9848ec664cdacf0589faf81c.exe)
Type PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5 481dc2086655a686e57ddaa46ff78af6
SHA1 75eb4bc1a3249c1db181f2cee966622d4b8cb9a4
SHA256 14ad4fde835d4e8b617c66c771ef7f206b570faef89b8ce0e03e5aacb7a57156
CRC32 A7AD5B1E
ssdeep None
Yara None matched
VirusTotal Search for analysis
Name 1f5b97cfbdf02b6a_play station emulator crack.exe
Filepath C:\Windows\SysWOW64\macromd\play station emulator crack.exe
Size 84.2KB
Processes 1856 (080381b782907251d554e60dc71e9e823474a0ab9848ec664cdacf0589faf81c.exe)
Type PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5 482f53483b69e80aaff1021ce14c77aa
SHA1 806bee9ab8eedfa74a6fa84304a2a48666a07075
SHA256 1f5b97cfbdf02b6af2784223539a7eefe78df8f6f1c0eb8a677ec8eea1f47179
CRC32 AB7FC3B3
ssdeep None
Yara None matched
VirusTotal Search for analysis
Name e2028842769c0d31_warcraft 3 battle.net serial generator.exe
Filepath C:\Windows\SysWOW64\macromd\Warcraft 3 battle.net serial generator.exe
Size 86.1KB
Processes 1856 (080381b782907251d554e60dc71e9e823474a0ab9848ec664cdacf0589faf81c.exe)
Type PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5 c3e0e0212f71aa52fe0ca034449c4c42
SHA1 119f86f369da42fdb7c962ba93a246403e36888a
SHA256 e2028842769c0d31794d8e0c2a9988ad1c1bee3544ca032e50ba2b3e46e3a3cd
CRC32 C9E3CBB5
ssdeep None
Yara None matched
VirusTotal Search for analysis
Name 79c6d6c2bb527a8d_yahoo cracker.exe
Filepath C:\Windows\SysWOW64\macromd\yahoo cracker.exe
Size 69.0KB
Processes 1856 (080381b782907251d554e60dc71e9e823474a0ab9848ec664cdacf0589faf81c.exe)
Type PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5 8c7ea7bd3598cdfed82f4f090da64600
SHA1 0aa6051d0d8009cb83b52a6edad6b1ed897950a0
SHA256 79c6d6c2bb527a8da735b381ea3b041047688aadd3925a7ec99b32442d608cb0
CRC32 698D6066
ssdeep None
Yara None matched
VirusTotal Search for analysis
Name 148332f5f1d9d540_website hacker.exe
Filepath C:\Windows\SysWOW64\macromd\Website Hacker.exe
Size 68.2KB
Processes 1856 (080381b782907251d554e60dc71e9e823474a0ab9848ec664cdacf0589faf81c.exe)
Type PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5 994066b0ff7330506ac1763128ef1c8a
SHA1 2cec8da0528ed5802817f337f5fbb6939c9200fd
SHA256 148332f5f1d9d540c0ccd706405f4143c7aeabb2cd310b87d66f271125bc6c96
CRC32 AB6F8F8A
ssdeep None
Yara None matched
VirusTotal Search for analysis
Name 6223da64e565a0e5_britney spears nude.exe
Filepath C:\Windows\SysWOW64\macromd\Britney spears nude.exe
Size 67.7KB
Processes 1856 (080381b782907251d554e60dc71e9e823474a0ab9848ec664cdacf0589faf81c.exe)
Type PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5 c2378e94629678c044bed4c15fc1f70c
SHA1 82fdd544be69a14a2becc9ead4f2a956b5c8b9f1
SHA256 6223da64e565a0e52b6cd2b2d8fde3d9fe37ec5e962582bf977ecb98383ad2e3
CRC32 1260F39C
ssdeep None
Yara None matched
VirusTotal Search for analysis
Name 6e071343b3b3d9ce_jenna jameson - xxx nurse scene.mpg.pif
Filepath C:\Windows\SysWOW64\macromd\jenna jameson - xxx nurse scene.mpg.pif
Size 90.2KB
Processes 1856 (080381b782907251d554e60dc71e9e823474a0ab9848ec664cdacf0589faf81c.exe)
Type PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5 3a7ddab540d848c90b875f772a495ba8
SHA1 21888e5e3daa18b245732db4d4f05a91f9e9dbb2
SHA256 6e071343b3b3d9ced4fd043d8696ca246e7e17c5ffc0c2d36116ce395bb54fc5
CRC32 B307A7F0
ssdeep None
Yara None matched
VirusTotal Search for analysis
Name 61eb8a48705755cc_crack.exe
Filepath C:\Windows\SysWOW64\macromd\crack.exe
Size 76.0KB
Processes 1856 (080381b782907251d554e60dc71e9e823474a0ab9848ec664cdacf0589faf81c.exe)
Type PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5 6a24e9e0a0ec5c521237e7f5571aab21
SHA1 70735f4bd41cc6e909e95a9e77c9537a867eebd3
SHA256 61eb8a48705755cc26691b91bea6dfa2672720bd6dd0f89e40911ff6c7319e71
CRC32 34BF9A51
ssdeep None
Yara None matched
VirusTotal Search for analysis
Name 75fe41f18256ddae_jenna jameson sex scene huge dick blowjob.scr
Filepath C:\Windows\SysWOW64\macromd\jenna jameson sex scene huge dick blowjob.scr
Size 71.0KB
Processes 1856 (080381b782907251d554e60dc71e9e823474a0ab9848ec664cdacf0589faf81c.exe)
Type PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5 f627ae7b85f359f03962b3df83f8f908
SHA1 c9f297525c2072aaf2bbc1e2d04886c9378742f0
SHA256 75fe41f18256ddaec77e0bc829d7158f35ba7b6b60bb4c996e6ef8ff193006c8
CRC32 745D6821
ssdeep None
Yara None matched
VirusTotal Search for analysis
Name a862d41c11bc742f_choke on cum (sodomy, rape).mpg.exe
Filepath C:\Windows\SysWOW64\macromd\Choke on cum (sodomy, rape).mpg.exe
Size 66.1KB
Processes 1856 (080381b782907251d554e60dc71e9e823474a0ab9848ec664cdacf0589faf81c.exe)
Type PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5 057fa406cafa804d094335ba7b639b41
SHA1 ae6630a21ca4a9cbfc57290b8d504ffde922df12
SHA256 a862d41c11bc742f8e0354e865b6afb18825e005996f809aa625e2ee644372b1
CRC32 C8E0B3B7
ssdeep None
Yara None matched
VirusTotal Search for analysis
Name 9a4281dfa0fb25d6_winxcfg.exe
Filepath C:\Windows\SysWOW64\winxcfg.exe
Size 71.0KB
Processes 1856 (080381b782907251d554e60dc71e9e823474a0ab9848ec664cdacf0589faf81c.exe)
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 7766cdb9f1243ffbbfece2e7d7aa440a
SHA1 32f526f78c0b69ad61c94345815338b1f221b588
SHA256 9a4281dfa0fb25d65b2acc0c7a792768bd99533a8cc82493cdc688fb8e5e30ab
CRC32 BEC10D34
ssdeep None
Yara None matched
VirusTotal Search for analysis
Name c3be0176af08d52f_illegal porno - 15 year old raped by two men on boat.mpg.pif
Filepath C:\Windows\SysWOW64\macromd\illegal porno - 15 year old raped by two men on boat.mpg.pif
Size 90.5KB
Processes 1856 (080381b782907251d554e60dc71e9e823474a0ab9848ec664cdacf0589faf81c.exe)
Type PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5 2dd2307fcb6e07ecd80e79986cd11798
SHA1 c5af513eb6ef536cab4dcee6f9005184ac84293c
SHA256 c3be0176af08d52f8347a5be1025c043a0d646af1eb787705cc3d932c90eacf4
CRC32 7A43E947
ssdeep None
Yara None matched
VirusTotal Search for analysis
Name e307b8261ac2c5b5_16 year old on beach.exe
Filepath C:\Windows\SysWOW64\macromd\16 year old on beach.exe
Size 68.7KB
Processes 1856 (080381b782907251d554e60dc71e9e823474a0ab9848ec664cdacf0589faf81c.exe)
Type PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5 72fc851bcce77b353fba6c44c8ed1961
SHA1 caf23a4a4d2055da63736636dad98934796ea646
SHA256 e307b8261ac2c5b5315a4cc232d5c6d4d8c80512efb6789fd4db0036ae364ad3
CRC32 031C5096
ssdeep None
Yara None matched
VirusTotal Search for analysis
Name 8c1e14235cde7539_preteen sucking huge cock illegal.mpg.exe
Filepath C:\Windows\SysWOW64\macromd\preteen sucking huge cock illegal.mpg.exe
Size 86.2KB
Processes 1856 (080381b782907251d554e60dc71e9e823474a0ab9848ec664cdacf0589faf81c.exe)
Type PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5 e996bd392fab82ae1191bf4a828e2c60
SHA1 7a236066ecb28c307a0e05973e4aa6e2fa78c50c
SHA256 8c1e14235cde75398fd5f4490f8693f278d4fd08ceb396e8b7e86d9a475dc7c4
CRC32 5D603CAB
ssdeep None
Yara None matched
VirusTotal Search for analysis
Name 50bb8df4334b837e_chubby girl bukkake gang banged sucking cock.mpg.pif
Filepath C:\Windows\SysWOW64\macromd\chubby girl bukkake gang banged sucking cock.mpg.pif
Size 80.9KB
Processes 1856 (080381b782907251d554e60dc71e9e823474a0ab9848ec664cdacf0589faf81c.exe)
Type PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5 bdb7a09ad4cf865ab9166630317d7137
SHA1 bdc099e3aa9ab40a5322f1a5c78ef03cec25eacc
SHA256 50bb8df4334b837e0d2088e39f25074285e75e6dd9ad87262bed42dfa2cd0204
CRC32 5DAC3B78
ssdeep None
Yara None matched
VirusTotal Search for analysis
Name a3ca3f74a3462837_msncracker.exe
Filepath C:\Windows\SysWOW64\macromd\msncracker.exe
Size 83.9KB
Processes 1856 (080381b782907251d554e60dc71e9e823474a0ab9848ec664cdacf0589faf81c.exe)
Type PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5 771fcf6e573677873748c77f30d867dd
SHA1 ea530a21881d6eeb7893f84c9e2510afb351b43b
SHA256 a3ca3f74a3462837edc99ae4269426f13ea74849a2e5d0f08906439e5ed1bd15
CRC32 B59BFEFF
ssdeep None
Yara None matched
VirusTotal Search for analysis
Name 59b2ffcf9ac5e28d_bondage fetish foot cum.exe
Filepath C:\Windows\SysWOW64\macromd\Bondage Fetish Foot Cum.exe
Size 63.2KB
Processes 1856 (080381b782907251d554e60dc71e9e823474a0ab9848ec664cdacf0589faf81c.exe)
Type PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5 27a12590b59cffc278238c959e90c047
SHA1 0a83023af7444ab3e612d141e05ea9c66340a76c
SHA256 59b2ffcf9ac5e28d3f0c6b18ebc2343d5fb987587899ad11a682981848c3c0cf
CRC32 F2FA20D3
ssdeep None
Yara None matched
VirusTotal Search for analysis
Name 4ae609dea237826c_hotmail hacker.exe
Filepath C:\Windows\SysWOW64\macromd\Hotmail Hacker.exe
Size 67.5KB
Processes 1856 (080381b782907251d554e60dc71e9e823474a0ab9848ec664cdacf0589faf81c.exe)
Type PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5 247e2fd0df01b84fdf9797dd55e6e412
SHA1 2a690bd9f9b57b33b260c367b7d33c319af38cff
SHA256 4ae609dea237826ca2af5231cc4dc43ac2052af1c45a6edb7201e1298b0cef70
CRC32 28BCF521
ssdeep None
Yara None matched
VirusTotal Search for analysis
Name cfd6acfaaf121aa8_nikki nova sex scene huge dick blowjob.mpg.exe
Filepath C:\Windows\SysWOW64\macromd\nikki nova sex scene huge dick blowjob.mpg.exe
Size 65.8KB
Processes 1856 (080381b782907251d554e60dc71e9e823474a0ab9848ec664cdacf0589faf81c.exe)
Type PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5 00e102d017a367cf6b67c97211c73e30
SHA1 3bc9015dda21f6e35bb5654e8e97949fa94584f7
SHA256 cfd6acfaaf121aa8d9391f5b525fa496d284b99e2a2bd300acede4ebc36eec5b
CRC32 5D62666E
ssdeep None
Yara None matched
VirusTotal Search for analysis
Name 70daf6b791d97b2c_aim password stealer.exe
Filepath C:\Windows\SysWOW64\macromd\AIM Password Stealer.exe
Size 64.8KB
Processes 1856 (080381b782907251d554e60dc71e9e823474a0ab9848ec664cdacf0589faf81c.exe)
Type PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5 9f1abb29529a474446f652cef97ffca5
SHA1 204287c492de58f538a5456685a2604ce13e276f
SHA256 70daf6b791d97b2c017195bb15910019913f31e8b57d6a5999287f4900f92a4b
CRC32 0A448C08
ssdeep None
Yara None matched
VirusTotal Search for analysis
Name b94c82648607fa77_fetish bondage preteen porno.mpg.pif
Filepath C:\Windows\SysWOW64\macromd\fetish bondage preteen porno.mpg.pif
Size 76.1KB
Processes 1856 (080381b782907251d554e60dc71e9e823474a0ab9848ec664cdacf0589faf81c.exe)
Type PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5 8a3d0f08b7c04e729f1c5ec2802138f4
SHA1 261ed726174ce138813c254c2297b31dea595daa
SHA256 b94c82648607fa7759c7e3655f903d1382dad919a65dc08d546b9388964baaaf
CRC32 50CCE0BC
ssdeep None
Yara None matched
VirusTotal Search for analysis
Name 049a63ac2d1d738d_kama sutra tetris.exe
Filepath C:\Windows\SysWOW64\macromd\Kama Sutra Tetris.exe
Size 63.4KB
Processes 1856 (080381b782907251d554e60dc71e9e823474a0ab9848ec664cdacf0589faf81c.exe)
Type PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5 73e343b4ca18339a3b59773e1984394d
SHA1 5eed0bb62fff7dcc082329f9024980ab44ec1b30
SHA256 049a63ac2d1d738da91c726fdbc0dfc082c86bc5a9b0a7931bde71a54a176b6d
CRC32 9A28EEA6
ssdeep None
Yara None matched
VirusTotal Search for analysis
Sorry! No dropped buffers.