0.9
低危
DACN
0.12
FACILE
1.00
IMCLNet
0.65
MFGraph
0.00
反病毒引擎
| 查杀引擎 | 查杀结果 | 查杀时间 | 查杀版本 |
|---|---|---|---|
| Alibaba | None | 20190527 | 0.3.0.5 |
| Avast | Win32:RansomX-gen [Ransom] | 20190907 | 18.4.3895.0 |
| Baidu | None | 20190318 | 1.0.0.2 |
| CrowdStrike | win/malicious_confidence_100% (D) | 20190702 | 1.0 |
| Kingsoft | None | 20190907 | 2013.8.14.323 |
| McAfee | GenericRXEH-WC!E31E3BACC67B | 20190907 | 6.0.6.653 |
| Tencent | None | 20190907 | 1.0.0.1 |
静态指标
动态指标
网络通信
与未执行 DNS 查询的主机进行通信
(2 个事件)
| host | 114.114.114.114 | |||
| host | 8.8.8.8 | |||
文件已被 VirusTotal 上 57 个反病毒引擎识别为恶意
(50 out of 57 个事件)
| ALYac | Generic.Ransom.GandCrab.C13EE326 |
| APEX | Malicious |
| AVG | Win32:RansomX-gen [Ransom] |
| Acronis | suspicious |
| Ad-Aware | Generic.Ransom.GandCrab.C13EE326 |
| AhnLab-V3 | Trojan/Win32.FileCoder.R221681 |
| Antiy-AVL | Trojan[Ransom]/Win32.GandCrypt.c |
| Arcabit | Generic.Ransom.GandCrab.C13EE326 |
| Avast | Win32:RansomX-gen [Ransom] |
| Avira | TR/Dropper.Gen |
| BitDefender | Generic.Ransom.GandCrab.C13EE326 |
| CAT-QuickHeal | Trojan.Mauvaise.SL1 |
| ClamAV | Win.Ransomware.Gandcrab-6502432-0 |
| Comodo | TrojWare.Win32.Ransom.GandCrab.B@7kn2ff |
| CrowdStrike | win/malicious_confidence_100% (D) |
| Cybereason | malicious.cc67b2 |
| Cylance | Unsafe |
| Cyren | W32/S-700f8b9d!Eldorado |
| DrWeb | Trojan.DownLoader27.28632 |
| ESET-NOD32 | a variant of Win32/Filecoder.GandCrab.B |
| Emsisoft | Generic.Ransom.GandCrab.C13EE326 (B) |
| Endgame | malicious (high confidence) |
| F-Prot | W32/S-700f8b9d!Eldorado |
| F-Secure | Trojan.TR/Dropper.Gen |
| FireEye | Generic.mg.e31e3bacc67b28be |
| Fortinet | W32/GandCrab.B!tr.ransom |
| GData | Generic.Ransom.GandCrab.C13EE326 |
| Ikarus | Trojan.Crypt |
| Invincea | heuristic |
| Jiangmin | Trojan.Generic.bzhzc |
| K7AntiVirus | Trojan ( 0053d33d1 ) |
| K7GW | Trojan ( 00526c7b1 ) |
| Kaspersky | HEUR:Trojan.Win32.Generic |
| MAX | malware (ai score=82) |
| Malwarebytes | Ransom.GandCrab |
| McAfee | GenericRXEH-WC!E31E3BACC67B |
| McAfee-GW-Edition | BehavesLike.Win32.Generic.kt |
| MicroWorld-eScan | Generic.Ransom.GandCrab.C13EE326 |
| Microsoft | Ransom:Win32/GandCrab!rfn |
| NANO-Antivirus | Trojan.Win32.Encoder.eyfpxx |
| Panda | Trj/Genetic.gen |
| Qihoo-360 | HEUR/QVM20.1.B8A4.Malware.Gen |
| Rising | Ransom.GandCrab!1.B8D6 (CLASSIC) |
| SUPERAntiSpyware | Ransom.GandCrab/Variant |
| SentinelOne | DFI - Malicious PE |
| Sophos | Troj/GandCrab-A |
| Symantec | Ransom.GandCrab!g4 |
| Trapmine | malicious.high.ml.score |
| TrendMicro | Ransom_GANDCRAB.SM1 |
| TrendMicro-HouseCall | Ransom_GANDCRAB.SM1 |
二进制图像
288x288
224x224
192x192
160x160
128x128
96x96
64x64
32x32
运行截图
暂无运行截图
该样本运行过程中未生成截图
PE Compile Time
2018-02-21 01:28:57
PE Imphash
6b11af918234585a966ca8fab046dc6c
Sections
| Name | Virtual Address | Virtual Size | Size of Raw Data | Entropy |
|---|---|---|---|---|
| .text | 0x00001000 | 0x000082e8 | 0x00008400 | 5.8214573063246595 |
| .rdata | 0x0000a000 | 0x000070a6 | 0x00007200 | 3.301387386742077 |
| .data | 0x00012000 | 0x00000a80 | 0x00000c00 | 3.115311570797407 |
| .CRT | 0x00013000 | 0x00000004 | 0x00000200 | 0.0 |
| .rsrc | 0x00014000 | 0x000001e0 | 0x00000200 | 4.7176788329467545 |
| .reloc | 0x00015000 | 0x00000ac4 | 0x00000c00 | 0.0 |
Resources
| Name | Offset | Size | Language | Sub-language | File type |
|---|---|---|---|---|---|
| RT_MANIFEST | 0x00014060 | 0x0000017d | LANG_ENGLISH | SUBLANG_ENGLISH_US | None |
Imports
Library KERNEL32.dll:
• 0x1000a058 SetFilePointer
• 0x1000a05c GetFileAttributesW
• 0x1000a060 ReadFile
• 0x1000a064 GetLastError
• 0x1000a068 MoveFileW
• 0x1000a06c lstrcpyW
• 0x1000a070 SetFileAttributesW
• 0x1000a074 CreateMutexW
• 0x1000a078 GetDriveTypeW
• 0x1000a07c VerSetConditionMask
• 0x1000a080 WaitForSingleObject
• 0x1000a084 GetTickCount
• 0x1000a088 InitializeCriticalSection
• 0x1000a08c OpenProcess
• 0x1000a090 GetSystemDirectoryW
• 0x1000a094 TerminateThread
• 0x1000a098 Sleep
• 0x1000a09c TerminateProcess
• 0x1000a0a0 VerifyVersionInfoW
• 0x1000a0a4 WaitForMultipleObjects
• 0x1000a0a8 DeleteCriticalSection
• 0x1000a0ac ExpandEnvironmentStringsW
• 0x1000a0b0 lstrlenW
• 0x1000a0b4 SetHandleInformation
• 0x1000a0b8 lstrcatA
• 0x1000a0bc MultiByteToWideChar
• 0x1000a0c0 CreatePipe
• 0x1000a0c4 lstrcmpiA
• 0x1000a0c8 Process32NextW
• 0x1000a0cc CreateToolhelp32Snapshot
• 0x1000a0d0 LeaveCriticalSection
• 0x1000a0d4 EnterCriticalSection
• 0x1000a0d8 FindFirstFileW
• 0x1000a0dc lstrcmpW
• 0x1000a0e0 FindClose
• 0x1000a0e4 FindNextFileW
• 0x1000a0e8 GetNativeSystemInfo
• 0x1000a0ec GetComputerNameW
• 0x1000a0f0 GetDiskFreeSpaceW
• 0x1000a0f4 GetWindowsDirectoryW
• 0x1000a0f8 GetVolumeInformationW
• 0x1000a0fc LoadLibraryA
• 0x1000a100 lstrcmpiW
• 0x1000a104 VirtualFree
• 0x1000a108 CreateThread
• 0x1000a10c CloseHandle
• 0x1000a110 lstrcatW
• 0x1000a114 CreateFileMappingW
• 0x1000a118 ExitThread
• 0x1000a11c CreateFileW
• 0x1000a120 GetModuleFileNameW
• 0x1000a124 WriteFile
• 0x1000a128 GetModuleHandleW
• 0x1000a12c UnmapViewOfFile
• 0x1000a130 MapViewOfFile
• 0x1000a134 GetFileSize
• 0x1000a138 GetEnvironmentVariableW
• 0x1000a13c lstrcpyA
• 0x1000a140 GetModuleHandleA
• 0x1000a144 VirtualAlloc
• 0x1000a148 GetProcAddress
• 0x1000a14c Process32FirstW
• 0x1000a150 GetTempPathW
• 0x1000a154 GetProcessHeap
• 0x1000a158 HeapFree
• 0x1000a15c HeapAlloc
• 0x1000a160 lstrlenA
• 0x1000a164 CreateProcessW
• 0x1000a168 ExitProcess
• 0x1000a16c IsProcessorFeaturePresent
Library USER32.dll:
• 0x1000a190 BeginPaint
• 0x1000a194 wsprintfW
• 0x1000a198 TranslateMessage
• 0x1000a19c LoadCursorW
• 0x1000a1a0 LoadIconW
• 0x1000a1a4 MessageBoxA
• 0x1000a1a8 GetMessageW
• 0x1000a1ac EndPaint
• 0x1000a1b0 DestroyWindow
• 0x1000a1b4 RegisterClassExW
• 0x1000a1b8 ShowWindow
• 0x1000a1bc CreateWindowExW
• 0x1000a1c0 SendMessageW
• 0x1000a1c4 DispatchMessageW
• 0x1000a1c8 DefWindowProcW
• 0x1000a1cc UpdateWindow
• 0x1000a1d0 GetForegroundWindow
• 0x1000a1d4 SetWindowLongW
Library GDI32.dll:
• 0x1000a050 TextOutW
Library ADVAPI32.dll:
• 0x1000a000 FreeSid
• 0x1000a004 RegSetValueExW
• 0x1000a008 RegCreateKeyExW
• 0x1000a00c RegCloseKey
• 0x1000a010 CryptExportKey
• 0x1000a014 CryptAcquireContextW
• 0x1000a018 CryptGetKeyParam
• 0x1000a01c CryptReleaseContext
• 0x1000a020 CryptImportKey
• 0x1000a024 CryptEncrypt
• 0x1000a028 CryptGenKey
• 0x1000a02c CryptDestroyKey
• 0x1000a030 GetUserNameW
• 0x1000a034 RegQueryValueExW
• 0x1000a038 RegOpenKeyExW
• 0x1000a03c AllocateAndInitializeSid
Library SHELL32.dll:
• 0x1000a180 ShellExecuteW
• 0x1000a184 SHGetSpecialFolderPathW
• 0x1000a188 ShellExecuteExW
Library WININET.dll:
• 0x1000a1dc InternetCloseHandle
• 0x1000a1e0 HttpAddRequestHeadersW
• 0x1000a1e4 HttpSendRequestW
• 0x1000a1e8 InternetConnectW
• 0x1000a1ec HttpOpenRequestW
• 0x1000a1f0 InternetOpenW
• 0x1000a1f4 InternetReadFile
Exports
| Ordinal | Address | Name |
|---|---|---|
| 1 | 0x10005ec0 | _ReflectiveLoader@0 |
L!This 0
m cannot be run in DOS mode.
Tg:4:4:44:44:44:4:4:44:4;42:44:44:44:44:4Rich:4
`.rdata
@.data
@.rsrc
@.reloc
UQSVWj
3_^[]j
W_^[]U
^[]^3[]U
SVWj@h
fD$$QD$
U\SV3D$
fD$,D$
D$TD$X
t$PD$\D$`
D$dD$8P
_^]SEPuW
[_3^]h
^]U$SV3Ek
]U\SV3Es
fE_^[u(Mu
<}tK<=tBF>
<}t)F<=t
UQSV3WE33p
[]_^[]VWy
GFu33;_
GFu33;_
HthHuo
<}tcG<=t
EPWuu-
MPEPPEP!]
_^[]UE
E F$E(F0E0F<E8FHE@FTEPFtEXF
PPRPRPRPj#
PD$ D$$i
VD$TD$Tp
_^[]jw8
D$8f|$8P
GfZvjj
D$P\$$
W|$,t$ D$03D$
r]K\$(
T$4T$$L$
L$(T$$;s
D$D\$@
BNu^[=`*
\$$D$,m
D$DD$0w
fL$@D$Ds
f|$ D$h/
FK$'rt$
V_^[]3<
EPMQUREPM
u4EPMQURU
U\VjDE
SVUMWj
GFu_^[t
WfEfEMEEl
3_^[]h
_^3[]ULf
EgandEcrabE.bitE
_^[]V5D
33EVVPWj
SVWj@h
EtPpNWu
UWM]$(
SVWj@h
u_^[]U
L$(|$,
D$$D$$PQh
6D$$D$$PWh
Wt$(j@Bh
t$(D$$D$
L$@<GWw
PVjt$ j
D$<L$J
PPT$4$
D$$D$$PWh
t$(3HL$
SVW3Uh
u_^[]U
U3M39]
r_^[]UE
]U SVW3E
Ffu[Jj
u{]h<uy]E
NuEu(u
{U}w(j
u_^[]U
E]UQMEM
E]SVWj@h
_^[SV5
^@[UQ=`*
ftO+ft
E[_^]U
SVWj@h
_^[]UQSVWj@h
_^[]Uh
_^3[]U0SWj@h
D$@D$D
Vs VhT
Vs,VhT
Vs8VhT
VsDVhT
VsPVhT
Vs\VhT
Vs|VhT
3_fLF^[]
SVW39 t
^[_^[UQVEPh
F t=Qh
EF8EPh
FPu*Qh
E3EfDEfE
3fEEPv|t\
EPEPEPEPEP
v|uN|uh$
N|3fTA
ULSV5D
33WPMM
3PPPPfE$
_^[]U@SVWF
KPSVWE
E_^[],
Vft;+ft
fu^_3[^_[SVW
GFu_^3[
_^[UdSVWh
AafDMA
EECrypPEtGenERandfEomE
EAdvaEpi32E.dllE
_^3[]U8SVWh
3MWWEP]
EECrypPEtGenERandfEomE
EAdvaEpi32E.dllE
_^3[]U
MH$E3M
P0p4x8X<
MHDE3M
pTxXX\
MHdE3M
ptxxX|
on0v00f
on0v00f
on0v00f
DDDDDDDDDDDDDD
EMEineIE5ntel5@*
E5Genu
MMtCE%?
KuZ^%l
zww5uwkwa
wFwywX
wDwwowxjwzw
||X||0%|||y|U|
|9|T|||
|)|_;|G|
||Y||:|
|)||(|9||I|=
wiwt!w
wfw)ww
wwdwww
cc||ww{{
kkooT`00P
ggV++}
bMvvE @}}
Ag_E#Srr[u
=L&&jl66Z~??A
Oh44\Q4
qqsb11S*
RF##e^0
=&N''i
-nnZZ[RRv;;Ma}R)){>^//q
,@ ` y
[[jjFgr99KJJ
XXJk*O
MMf33U
PPx<<D%KQQ]@@
?!p88H
cwuB!!c
5/__5DD.
9WU~~z==Gdd]]2
D""fT**~;
v;d22Vt::N
H$$l\\]nCbb917yy2Cn77Ymm
dNNIllVV
%eezzG
oxxJ%%o\..r8
Q#|tt> !KKa
pp|>>BqffHH
aaj55_WWi
IUUP((xz
e1BBhhAA)Z--w
:cc||ww{{
kkooTP`00
gg}V++
Ag_E#Srr[u
=jL&&Zl66A~??
O\h44Q4
qqsSb11?*
ReF##^(0
=&iN''
tX,,.4
nnZZ[RRMv;;a}{R))>q^//
,`@ y[[jjFgKr99
LLXXJk*O
MMUf33
PPDx<<%KQQ]@@
?!Hp88
cwucB!!0
WU~~Gz==dd]]+2
fD""~T**;
FF)k<(
v;Vd22Nt::
lH$$\\]nCbb917yy2CYn77mm
NNIllVV
%eezzG
oxxoJ%%r\..$8
tt!>
ppB|>>qff
aa_j55WWi
IUUxP((z
AA)wZ--
{TTm:,
cc||ww{{
kkooT0P`0
gg+}V+
_E#Srr[u
=&jL&6Zl6?A~?
O4\h4Q4
qqs1Sb1
R#eF#^
=&'iN'
nnZZ[RR;Mv;a
}){R)>/q^/
, `@ y[[jjF
g9Kr9J
LXXJk*O
PP<Dx<%KQQ]@@
?!8Hp8
cwu!cB!
U~~=Gz=dd]]
"fD"*~T*;
v;2Vd2:Nt:
$lH$\\]n
Cbb917yy2C7Yn7mm
NIllVV
%eezzG
oxx%oJ%.r\.
WsQ#|tt !> K
pp>B|>qffH
aa5_j5WWi
IUU(xP(z
A)-wZ-
cc||ww{{
kkooT00P`
gg++}V
bMvvE @}}
Ag_E#Srr[u
=&&jL66Zl??A~
O44\hQ4
qqs11Sb
R##eF^
=&''iN
-6nnZZ
[RR;;Mva})){R>//q^
, `@
y[[jjFg99KrJJ
PP<<Dx%K
necntsyxZI
MTAO]Sywek1?-#
ZX>kQ3`J$}C)v4b =o
A.al{vUXOB
*G<zN7tU*f\!hc
+H2"C<9^.0U
0YRODu~ch
.S4'^:<I(5D&B
nf;Do6Jt!X},V
d"Gi)I~4[s?UP
ypkb]TOFA
pub_key
DELETE}
{DELETE}
Fatal error
Fatal error: rsaenh.dll is not initialized as well
advapi32.dll
CheckTokenMembership
Address:
fabian wosar <3
Can't find server
aeriedjD#shasj
*******************
RtlComputeCrc32
GandCrabGandCrabnomoreransom.coinomoreransom.bit
encryption.dll
_ReflectiveLoader@0
ExitProcess
lstrlenA
HeapAlloc
HeapFree
GetProcessHeap
GetProcAddress
VirtualAlloc
GetModuleHandleA
lstrcpyA
GetEnvironmentVariableW
GetFileSize
MapViewOfFile
UnmapViewOfFile
GetModuleHandleW
WriteFile
GetModuleFileNameW
CreateFileW
ExitThread
lstrlenW
GetTempPathW
CreateFileMappingW
lstrcatW
CloseHandle
CreateThread
VirtualFree
lstrcmpiW
lstrcmpiA
SetFilePointer
GetFileAttributesW
ReadFile
GetLastError
MoveFileW
lstrcpyW
SetFileAttributesW
CreateMutexW
GetDriveTypeW
VerSetConditionMask
WaitForSingleObject
GetTickCount
InitializeCriticalSection
OpenProcess
GetSystemDirectoryW
TerminateThread
TerminateProcess
VerifyVersionInfoW
WaitForMultipleObjects
DeleteCriticalSection
ExpandEnvironmentStringsW
CreateProcessW
SetHandleInformation
lstrcatA
MultiByteToWideChar
CreatePipe
Process32FirstW
Process32NextW
CreateToolhelp32Snapshot
LeaveCriticalSection
EnterCriticalSection
FindFirstFileW
lstrcmpW
FindClose
FindNextFileW
GetNativeSystemInfo
GetComputerNameW
GetDiskFreeSpaceW
GetWindowsDirectoryW
GetVolumeInformationW
LoadLibraryA
KERNEL32.dll
DispatchMessageW
DefWindowProcW
UpdateWindow
SendMessageW
CreateWindowExW
ShowWindow
SetWindowLongW
LoadIconW
RegisterClassExW
TranslateMessage
wsprintfW
BeginPaint
LoadCursorW
GetMessageW
DestroyWindow
EndPaint
MessageBoxA
GetForegroundWindow
USER32.dll
TextOutW
GDI32.dll
RegCloseKey
RegCreateKeyExW
RegSetValueExW
AllocateAndInitializeSid
FreeSid
CryptExportKey
CryptAcquireContextW
CryptGetKeyParam
CryptReleaseContext
CryptImportKey
CryptEncrypt
CryptGenKey
CryptDestroyKey
GetUserNameW
RegQueryValueExW
RegOpenKeyExW
ADVAPI32.dll
ShellExecuteExW
ShellExecuteW
SHGetSpecialFolderPathW
SHELL32.dll
CryptStringToBinaryA
CryptBinaryToStringA
CRYPT32.dll
InternetOpenW
InternetReadFile
InternetConnectW
HttpSendRequestW
HttpAddRequestHeadersW
HttpOpenRequestW
InternetCloseHandle
WININET.dll
GetDeviceDriverBaseNameW
EnumDeviceDrivers
PSAPI.DLL
IsProcessorFeaturePresent
<?xml version='1.0' encoding='UTF-8' standalone='yes'?>
<assembly xmlns='urn:schemas-microsoft-com:asm.v1' manifestVersion='1.0'>
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
<security>
<requestedPrivileges>
<requestedExecutionLevel level='asInvoker' uiAccess='false' />
</requestedPrivileges>
</security>
</trustInfo>
</assembly>
j�j�j�j�j�j�
A�p�p�D�a�t�a�
\�M�i�c�r�o�s�o�f�t�\�
G�a�n�d�C�r�a�b�!�
w�i�n�3�2�a�p�p�
f�i�r�e�f�o�x�
r�a�n�s�o�m�_�i�d�
o�s�_�b�i�t�
o�s�_�m�a�j�o�r�
p�c�_�k�e�y�b�
p�c�_�l�a�n�g�
p�c�_�g�r�o�u�p�
p�c�_�n�a�m�e�
p�c�_�u�s�e�r�
r�a�n�s�o�m�_�i�d�=�
{�U�S�E�R�I�D�}�
G�l�o�b�a�l�\�
m�s�f�t�e�s�q�l�.�e�x�e�
s�q�l�a�g�e�n�t�.�e�x�e�
s�q�l�b�r�o�w�s�e�r�.�e�x�e�
s�q�l�s�e�r�v�r�.�e�x�e�
s�q�l�w�r�i�t�e�r�.�e�x�e�
o�r�a�c�l�e�.�e�x�e�
o�c�s�s�d�.�e�x�e�
d�b�s�n�m�p�.�e�x�e�
s�y�n�c�t�i�m�e�.�e�x�e�
m�y�d�e�s�k�t�o�p�q�o�s�.�e�x�e�
a�g�n�t�s�v�c�.�e�x�e�i�s�q�l�p�l�u�s�s�v�c�.�e�x�e�
x�f�s�s�v�c�c�o�n�.�e�x�e�
m�y�d�e�s�k�t�o�p�s�e�r�v�i�c�e�.�e�x�e�
o�c�a�u�t�o�u�p�d�s�.�e�x�e�
a�g�n�t�s�v�c�.�e�x�e�a�g�n�t�s�v�c�.�e�x�e�
a�g�n�t�s�v�c�.�e�x�e�e�n�c�s�v�c�.�e�x�e�
f�i�r�e�f�o�x�c�o�n�f�i�g�.�e�x�e�
t�b�i�r�d�c�o�n�f�i�g�.�e�x�e�
o�c�o�m�m�.�e�x�e�
m�y�s�q�l�d�.�e�x�e�
m�y�s�q�l�d�-�n�t�.�e�x�e�
m�y�s�q�l�d�-�o�p�t�.�e�x�e�
d�b�e�n�g�5�0�.�e�x�e�
s�q�b�c�o�r�e�s�e�r�v�i�c�e�.�e�x�e�
e�x�c�e�l�.�e�x�e�
i�n�f�o�p�a�t�h�.�e�x�e�
m�s�a�c�c�e�s�s�.�e�x�e�
m�s�p�u�b�.�e�x�e�
o�n�e�n�o�t�e�.�e�x�e�
o�u�t�l�o�o�k�.�e�x�e�
p�o�w�e�r�p�n�t�.�e�x�e�
s�t�e�a�m�.�e�x�e�
t�h�e�b�a�t�.�e�x�e�
t�h�e�b�a�t�6�4�.�e�x�e�
t�h�u�n�d�e�r�b�i�r�d�.�e�x�e�
v�i�s�i�o�.�e�x�e�
w�i�n�w�o�r�d�.�e�x�e�
w�o�r�d�p�a�d�.�e�x�e�
/�c� �t�i�m�e�o�u�t� �-�c� �5� �&� �d�e�l� �"�%�s�"� �/�f� �/�q�
c�m�d�.�e�x�e�
C�o�n�t�e�n�t�-�T�y�p�e�:� �a�p�p�l�i�c�a�t�i�o�n�/�x�-�w�w�w�-�f�o�r�m�-�u�r�l�e�n�c�o�d�e�d�
c�u�r�l�.�p�h�p�?�t�o�k�e�n�=�
a�c�t�i�o�n�=�r�e�s�u�l�t�&�e�_�f�i�l�e�s�=�%�d�&�e�_�s�i�z�e�=�%�I�6�4�u�&�e�_�t�i�m�e�=�%�d�&�
a�c�t�i�o�n�=�c�a�l�l�&�
&�p�u�b�_�k�e�y�=�
&�p�r�i�v�_�k�e�y�=�
&�v�e�r�s�i�o�n�=�2�.�3�r�
M�i�c�r�o�s�o�f�t� �E�n�h�a�n�c�e�d� �C�r�y�p�t�o�g�r�a�p�h�i�c� �P�r�o�v�i�d�e�r� �v�1�.�0�
\�P�r�o�g�r�a�m�D�a�t�a�\�
\�P�r�o�g�r�a�m� �F�i�l�e�s�\�
\�T�o�r� �B�r�o�w�s�e�r�\�
R�a�n�s�o�m�w�a�r�e�
\�A�l�l� �U�s�e�r�s�\�
\�L�o�c�a�l� �S�e�t�t�i�n�g�s�\�
:�\�W�i�n�d�o�w�s�\�
d�e�s�k�t�o�p�.�i�n�i�
a�u�t�o�r�u�n�.�i�n�f�
n�t�u�s�e�r�.�d�a�t�
i�c�o�n�c�a�c�h�e�.�d�b�
b�o�o�t�s�e�c�t�.�b�a�k�
b�o�o�t�.�i�n�i�
n�t�u�s�e�r�.�d�a�t�.�l�o�g�
t�h�u�m�b�s�.�d�b�
G�D�C�B�-�D�E�C�R�Y�P�T�.�t�x�t�
%�s�\�G�D�C�B�-�D�E�C�R�Y�P�T�.�t�x�t�
i�p�v�4�b�o�t�.�w�h�a�t�i�s�m�y�i�p�a�d�d�r�e�s�s�.�c�o�m�
u�n�d�e�f�i�n�e�d�
D�o�m�a�i�n�
S�Y�S�T�E�M�\�C�u�r�r�e�n�t�C�o�n�t�r�o�l�S�e�t�\�s�e�r�v�i�c�e�s�\�T�c�p�i�p�\�P�a�r�a�m�e�t�e�r�s�
W�O�R�K�G�R�O�U�P�
L�o�c�a�l�e�N�a�m�e�
C�o�n�t�r�o�l� �P�a�n�e�l�\�I�n�t�e�r�n�a�t�i�o�n�a�l�
K�e�y�b�o�a�r�d� �L�a�y�o�u�t�\�P�r�e�l�o�a�d�
0�0�0�0�0�4�1�9�
p�r�o�d�u�c�t�N�a�m�e�
S�O�F�T�W�A�R�E�\�M�i�c�r�o�s�o�f�t�\�W�i�n�d�o�w�s� �N�T�\�C�u�r�r�e�n�t�V�e�r�s�i�o�n�
S�O�F�T�W�A�R�E�\�W�o�w�6�4�3�2�N�o�d�e�\�M�i�c�r�o�s�o�f�t�\�W�i�n�d�o�w�s� �N�T�\�C�u�r�r�e�n�t�V�e�r�s�i�o�n�
I�t�a�n�i�u�m�
U�n�k�n�o�w�n�
P�r�o�c�e�s�s�o�r�N�a�m�e�S�t�r�i�n�g�
H�A�R�D�W�A�R�E�\�D�E�S�C�R�I�P�T�I�O�N�\�S�y�s�t�e�m�\�C�e�n�t�r�a�l�P�r�o�c�e�s�s�o�r�\�0�
I�d�e�n�t�i�f�i�e�r�
2�n�t�d�l�l�.�d�l�l�
U�N�K�N�O�W�N�
N�O�_�R�O�O�T�_�D�I�R�
R�E�M�O�V�A�B�L�E�
R�E�M�O�T�E�
R�A�M�D�I�S�K�
%�I�6�4�u�/�
A�V�P�.�E�X�E�
e�k�r�n�.�e�x�e�
a�v�g�n�t�.�e�x�e�
a�s�h�D�i�s�p�.�e�x�e�
N�o�r�t�o�n�A�n�t�i�B�o�t�.�e�x�e�
M�c�s�h�i�e�l�d�.�e�x�e�
a�v�e�n�g�i�n�e�.�e�x�e�
c�m�d�a�g�e�n�t�.�e�x�e�
s�m�c�.�e�x�e�
p�e�r�s�f�w�.�e�x�e�
p�c�c�p�f�w�.�e�x�e�
f�s�g�u�i�e�x�e�.�e�x�e�
c�f�p�.�e�x�e�
m�s�m�p�e�n�g�.�e�x�e�
H�T�T�P�/�1�.�1�
-�-�-�=� �G�A�N�D�C�R�A�B� �=�-�-�-� �
A�t�t�e�n�t�i�o�n�!� �
A�l�l� �y�o�u�r� �f�i�l�e�s� �d�o�c�u�m�e�n�t�s�,� �p�h�o�t�o�s�,� �d�a�t�a�b�a�s�e�s� �a�n�d� �o�t�h�e�r� �i�m�p�o�r�t�a�n�t� �f�i�l�e�s� �a�r�e� �e�n�c�r�y�p�t�e�d� �a�n�d� �h�a�v�e� �t�h�e� �e�x�t�e�n�s�i�o�n�:� �.�G�D�C�B� �
T�h�e� �o�n�l�y� �m�e�t�h�o�d� �o�f� �r�e�c�o�v�e�r�i�n�g� �f�i�l�e�s� �i�s� �t�o� �p�u�r�c�h�a�s�e� �a� �p�r�i�v�a�t�e� �k�e�y�.� �I�t� �i�s� �o�n� �o�u�r� �s�e�r�v�e�r� �a�n�d� �o�n�l�y� �w�e� �c�a�n� �r�e�c�o�v�e�r� �y�o�u�r� �f�i�l�e�s�.� �
T�h�e� �s�e�r�v�e�r� �w�i�t�h� �y�o�u�r� �k�e�y� �i�s� �i�n� �a� �c�l�o�s�e�d� �n�e�t�w�o�r�k� �T�O�R�.� �Y�o�u� �c�a�n� �g�e�t� �t�h�e�r�e� �b�y� �t�h�e� �f�o�l�l�o�w�i�n�g� �w�a�y�s�:� �
1�.� �D�o�w�n�l�o�a�d� �T�o�r� �b�r�o�w�s�e�r� �-� �h�t�t�p�s�:�/�/�w�w�w�.�t�o�r�p�r�o�j�e�c�t�.�o�r�g�/� �
2�.� �I�n�s�t�a�l�l� �T�o�r� �b�r�o�w�s�e�r� �
3�.� �O�p�e�n� �T�o�r� �B�r�o�w�s�e�r� �
4�.� �O�p�e�n� �l�i�n�k� �i�n� �t�o�r� �b�r�o�w�s�e�r�:� �h�t�t�p�:�/�/�g�d�c�b�g�h�v�j�y�q�y�7�j�c�l�k�.�o�n�i�o�n�/�3�a�2�3�d�b�8�4�4�8�d�3�b�2�b� � � � � � � � � � � � � � � � � � � � � � � � � �
5�.� �F�o�l�l�o�w� �t�h�e� �i�n�s�t�r�u�c�t�i�o�n�s� �o�n� �t�h�i�s� �p�a�g�e� �
� � � � � � � � � � � � � � � � � � � � � � � � �
O�n� �o�u�r� �p�a�g�e� �y�o�u� �w�i�l�l� �s�e�e� �i�n�s�t�r�u�c�t�i�o�n�s� �o�n� �p�a�y�m�e�n�t� �a�n�d� �g�e�t� �t�h�e� �o�p�p�o�r�t�u�n�i�t�y� �t�o� �d�e�c�r�y�p�t� �1� �f�i�l�e� �f�o�r� �f�r�e�e�.� �
I�f� �y�o�u� �c�a�n�'�t� �d�o�w�n�l�o�a�d� �T�O�R� �a�n�d� �u�s�e� �i�t�,� �o�r� �i�n� �y�o�u�r� �c�o�u�n�t�r�y� �T�O�R� �b�l�o�c�k�e�d�,� �r�e�a�d� �i�t�:�
1�.� �V�i�s�i�t� �h�t�t�p�s�:�/�/�t�o�x�.�c�h�a�t�/�d�o�w�n�l�o�a�d�.�h�t�m�l�
2�.� �D�o�w�n�l�o�a�d� �a�n�d� �i�n�s�t�a�l�l� �q�T�O�X� �o�n� �y�o�u�r� �P�C�.�
3�.� �O�p�e�n� �i�t�,� �c�l�i�c�k� �"�N�e�w� �P�r�o�f�i�l�e�"� �a�n�d� �c�r�e�a�t�e� �p�r�o�f�i�l�e�.�
4�.� �S�e�a�r�c�h� �o�u�r� �c�o�n�t�a�c�t� �-� �6�C�5�A�D�4�0�5�7�E�5�9�4�E�0�9�0�E�0�C�9�8�7�B�3�0�8�9�F�7�4�3�3�5�D�A�7�5�F�0�4�B�7�4�0�3�E�0�5�7�5�6�6�3�C�2�6�1�3�4�9�5�6�9�F�6�4�D�2�8�C�D�C�F�4�5�
5�.� �I�n� �m�e�s�s�a�g�e� �p�l�e�a�s�e� �w�r�i�t�e� �y�o�u�r� �I�D� �a�n�d� �w�a�i�t� �o�u�r� �a�n�s�w�e�r�:� �3�a�2�3�d�b�8�4�4�8�d�3�b�2�b� � � � � � � � � � � � � � � � � � � � � � � � � � � � �
D�A�N�G�E�R�O�U�S�!� �
D�o� �n�o�t� �t�r�y� �t�o� �m�o�d�i�f�y� �f�i�l�e�s� �o�r� �u�s�e� �y�o�u�r� �o�w�n� �p�r�i�v�a�t�e� �k�e�y� �-� �t�h�i�s� �w�i�l�l� �r�e�s�u�l�t� �i�n� �t�h�e� �l�o�s�s� �o�f� �y�o�u�r� �d�a�t�a� �f�o�r�e�v�e�r�!� �
Hosts
| IP |
|---|
| 114.114.114.114 |
| 8.8.8.8 |
DNS
| Name | Response | Post-Analysis Lookup |
|---|---|---|
| dns.msftncsi.com |
A 131.107.255.255
A 131.107.255.255 |
131.107.255.255 |
| dns.msftncsi.com | AAAA fd3e:4f5a:5b81::1 | 131.107.255.255 |
TCP
No TCP connections recorded.
UDP
| Source | Source Port | Destination | Destination Port |
|---|---|---|---|
| 192.168.56.101 | 53179 | 224.0.0.252 | 5355 |
| 192.168.56.101 | 49642 | 224.0.0.252 | 5355 |
| 192.168.56.101 | 137 | 192.168.56.255 | 137 |
| 192.168.56.101 | 61714 | 114.114.114.114 | 53 |
| 192.168.56.101 | 61714 | 8.8.8.8 | 53 |
| 192.168.56.101 | 56933 | 8.8.8.8 | 53 |
| 192.168.56.101 | 138 | 192.168.56.255 | 138 |
| 192.168.56.101 | 58485 | 114.114.114.114 | 53 |
| 192.168.56.101 | 57665 | 114.114.114.114 | 53 |
HTTP & HTTPS Requests
No HTTP requests performed.
ICMP traffic
No ICMP traffic performed.
IRC traffic
No IRC requests performed.
Suricata Alerts
No Suricata Alerts
Suricata TLS
No Suricata TLS
Snort Alerts
No Snort Alerts
Sorry! No dropped files.
Sorry! No dropped buffers.