0.9
低危
DACN
0.12
FACILE
1.00
IMCLNet
0.70
MFGraph
0.00
反病毒引擎
| 查杀引擎 | 查杀结果 | 查杀时间 | 查杀版本 |
|---|---|---|---|
| Alibaba | None | 20190527 | 0.3.0.5 |
| Avast | Win32:VB-ABGK [Trj] | 20200920 | 18.4.3895.0 |
| Baidu | Win32.Worm.Pronny.d | 20190318 | 1.0.0.2 |
| CrowdStrike | win/malicious_confidence_100% (D) | 20190702 | 1.0 |
| Kingsoft | None | 20200920 | 2013.8.14.323 |
| McAfee | VBObfus.cm | 20200920 | 6.0.6.653 |
| Tencent | Worm.Win32.Vobfus.n | 20200920 | 1.0.0.1 |
静态指标
动态指标
网络通信
与未执行 DNS 查询的主机进行通信
(1 个事件)
| host | 114.114.114.114 | |||
文件已被 VirusTotal 上 60 个反病毒引擎识别为恶意
(50 out of 60 个事件)
| ALYac | Gen:Variant.Chinky.7 |
| APEX | Malicious |
| AVG | Win32:VB-ABGK [Trj] |
| Acronis | suspicious |
| Ad-Aware | Gen:Variant.Chinky.7 |
| AhnLab-V3 | Worm/Win32.WBNA.R20724 |
| Antiy-AVL | Worm/Win32.WBNA.gen |
| Arcabit | Trojan.Chinky.7 |
| Avast | Win32:VB-ABGK [Trj] |
| Avira | TR/VB.Krypt.jdwpa |
| Baidu | Win32.Worm.Pronny.d |
| BitDefender | Gen:Variant.Chinky.7 |
| BitDefenderTheta | Gen:NN.ZevbaF.34254.jm0@a0VNVhmi |
| Bkav | W32.UsernameMaeboR.Trojan |
| CAT-QuickHeal | Worm.Vobfus.Gen |
| Comodo | TrojWare.Win32.VB.AVA@4paxk7 |
| CrowdStrike | win/malicious_confidence_100% (D) |
| Cybereason | malicious.716af5 |
| Cylance | Unsafe |
| Cynet | Malicious (score: 100) |
| Cyren | W32/Vobfus.AI.gen!Eldorado |
| DrWeb | Trojan.VbCrypt.81 |
| ESET-NOD32 | a variant of Win32/Pronny.AD |
| Elastic | malicious (high confidence) |
| F-Secure | Trojan.TR/VB.Krypt.jdwpa |
| FireEye | Generic.mg.ea1db60716af542b |
| Fortinet | W32/VBKrypt.C!tr |
| GData | Gen:Variant.Chinky.7 |
| Ikarus | Worm.Win32.Vobfus |
| Invincea | ML/PE-A + Mal/VBCheMan-B |
| K7AntiVirus | EmailWorm ( 0054d10f1 ) |
| K7GW | EmailWorm ( 0054d10f1 ) |
| Kaspersky | Worm.Win32.Vobfus.erzn |
| MAX | malware (ai score=85) |
| Malwarebytes | Worm.Obfuscator |
| MaxSecure | Trojan.Malware.300983.susgen |
| McAfee | VBObfus.cm |
| MicroWorld-eScan | Gen:Variant.Chinky.7 |
| Microsoft | Worm:Win32/Vobfus.DT |
| NANO-Antivirus | Trojan.Win32.WBNA.cqkxma |
| Panda | W32/Vobfus.GEP.worm |
| Qihoo-360 | HEUR/QVM03.0.0D2B.Malware.Gen |
| Rising | Worm.VobfusEx!1.99DB (CLASSIC) |
| SUPERAntiSpyware | Trojan.Agent/Gen-Vobfus |
| Sangfor | Malware |
| SentinelOne | DFI - Malicious PE |
| Sophos | Mal/VBCheMan-B |
| Symantec | W32.Changeup!gen35 |
| TACHYON | Worm/W32.Vobfus.159744.K |
| Tencent | Worm.Win32.Vobfus.n |
二进制图像
288x288
224x224
192x192
160x160
128x128
96x96
64x64
32x32
运行截图
暂无运行截图
该样本运行过程中未生成截图
PE Compile Time
2012-02-15 04:34:17
PE Imphash
a1f4624b793c794666c3e07881addc89
Sections
| Name | Virtual Address | Virtual Size | Size of Raw Data | Entropy |
|---|---|---|---|---|
| .text | 0x00001000 | 0x0001fef0 | 0x00020000 | 5.7860293096577236 |
| .data | 0x00021000 | 0x00000fc4 | 0x00001000 | 0.0 |
| .rsrc | 0x00022000 | 0x0000449c | 0x00005000 | 5.609132647273771 |
Resources
| Name | Offset | Size | Language | Sub-language | File type |
|---|---|---|---|---|---|
| RT_ICON | 0x00026138 | 0x00000128 | LANG_NEUTRAL | SUBLANG_NEUTRAL | None |
| RT_ICON | 0x00026138 | 0x00000128 | LANG_NEUTRAL | SUBLANG_NEUTRAL | None |
| RT_ICON | 0x00026138 | 0x00000128 | LANG_NEUTRAL | SUBLANG_NEUTRAL | None |
| RT_ICON | 0x00026138 | 0x00000128 | LANG_NEUTRAL | SUBLANG_NEUTRAL | None |
| RT_ICON | 0x00026138 | 0x00000128 | LANG_NEUTRAL | SUBLANG_NEUTRAL | None |
| RT_ICON | 0x00026138 | 0x00000128 | LANG_NEUTRAL | SUBLANG_NEUTRAL | None |
| RT_ICON | 0x00026138 | 0x00000128 | LANG_NEUTRAL | SUBLANG_NEUTRAL | None |
| RT_GROUP_ICON | 0x00026288 | 0x00000030 | LANG_NEUTRAL | SUBLANG_NEUTRAL | None |
| RT_GROUP_ICON | 0x00026288 | 0x00000030 | LANG_NEUTRAL | SUBLANG_NEUTRAL | None |
| RT_GROUP_ICON | 0x00026288 | 0x00000030 | LANG_NEUTRAL | SUBLANG_NEUTRAL | None |
| RT_VERSION | 0x000262b8 | 0x000001e4 | LANG_ENGLISH | SUBLANG_ENGLISH_US | None |
Imports
Library MSVBVM60.DLL:
• 0x401000 __vbaVarTstGt
• 0x401004 __vbaVarSub
• 0x401008 __vbaStrI2
• 0x40100c _CIcos
• 0x401010 _adj_fptan
• 0x401014 __vbaVarMove
• 0x401018 __vbaStrI4
• 0x40101c None
• 0x401020 __vbaVarVargNofree
• 0x401024 __vbaFreeVar
• 0x401028 __vbaAryMove
• 0x40102c __vbaStrVarMove
• 0x401030 __vbaLenBstr
• 0x401034 __vbaFreeVarList
• 0x401038 __vbaPut3
• 0x40103c __vbaEnd
• 0x401040 _adj_fdiv_m64
• 0x401044 __vbaPut4
• 0x401048 __vbaFreeObjList
• 0x40104c None
• 0x401050 __vbaVarFix
• 0x401054 __vbaStrErrVarCopy
• 0x401058 _adj_fprem1
• 0x40105c __vbaRecAnsiToUni
• 0x401060 None
• 0x401064 __vbaStrCat
• 0x401068 __vbaLsetFixstr
• 0x40106c __vbaSetSystemError
• 0x401070 __vbaRecDestruct
• 0x401074 __vbaHresultCheckObj
• 0x401078 __vbaLenBstrB
• 0x40107c None
• 0x401080 _adj_fdiv_m32
• 0x401084 __vbaAryVar
• 0x401088 __vbaAryDestruct
• 0x40108c __vbaVarIndexLoadRefLock
• 0x401090 None
• 0x401094 __vbaExitProc
• 0x401098 None
• 0x40109c __vbaObjSet
• 0x4010a0 __vbaOnError
• 0x4010a4 _adj_fdiv_m16i
• 0x4010a8 __vbaObjSetAddref
• 0x4010ac _adj_fdivr_m16i
• 0x4010b0 None
• 0x4010b4 __vbaVarIndexLoad
• 0x4010b8 __vbaStrFixstr
• 0x4010bc None
• 0x4010c0 None
• 0x4010c4 __vbaBoolVarNull
• 0x4010c8 __vbaFpR8
• 0x4010cc _CIsin
• 0x4010d0 __vbaErase
• 0x4010d4 None
• 0x4010d8 None
• 0x4010dc __vbaVarZero
• 0x4010e0 __vbaChkstk
• 0x4010e4 __vbaFileClose
• 0x4010e8 None
• 0x4010ec EVENT_SINK_AddRef
• 0x4010f0 __vbaGenerateBoundsError
• 0x4010f4 None
• 0x4010f8 __vbaStrCmp
• 0x4010fc __vbaGet3
• 0x401100 __vbaAryConstruct2
• 0x401104 __vbaVarTstEq
• 0x401108 __vbaPutOwner3
• 0x40110c __vbaI2I4
• 0x401110 DllFunctionCall
• 0x401114 __vbaVarOr
• 0x401118 __vbaFpUI1
• 0x40111c __vbaRedimPreserve
• 0x401120 _adj_fpatan
• 0x401124 __vbaFixstrConstruct
• 0x401128 __vbaLateIdCallLd
• 0x40112c __vbaRedim
• 0x401130 __vbaRecUniToAnsi
• 0x401134 __vbaUI1ErrVar
• 0x401138 EVENT_SINK_Release
• 0x40113c __vbaUI1I2
• 0x401140 _CIsqrt
• 0x401144 __vbaObjIs
• 0x401148 EVENT_SINK_QueryInterface
• 0x40114c __vbaFpCmpCy
• 0x401150 __vbaUI1I4
• 0x401154 __vbaVarMul
• 0x401158 __vbaExceptHandler
• 0x40115c None
• 0x401160 None
• 0x401164 _adj_fprem
• 0x401168 _adj_fdivr_m64
• 0x40116c __vbaVarDiv
• 0x401170 None
• 0x401174 None
• 0x401178 __vbaFPException
• 0x40117c None
• 0x401180 __vbaInStrVar
• 0x401184 __vbaUbound
• 0x401188 __vbaStrVarVal
• 0x40118c __vbaVarCat
• 0x401190 __vbaGetOwner4
• 0x401194 None
• 0x401198 __vbaI2Var
• 0x40119c None
• 0x4011a0 None
• 0x4011a4 _CIlog
• 0x4011a8 __vbaErrorOverflow
• 0x4011ac __vbaFileOpen
• 0x4011b0 __vbaInStr
• 0x4011b4 __vbaNew2
• 0x4011b8 None
• 0x4011bc __vbaVar2Vec
• 0x4011c0 __vbaVarInt
• 0x4011c4 _adj_fdiv_m32i
• 0x4011c8 _adj_fdivr_m32i
• 0x4011cc __vbaStrCopy
• 0x4011d0 None
• 0x4011d4 __vbaFreeStrList
• 0x4011d8 __vbaDerefAry1
• 0x4011dc _adj_fdivr_m32
• 0x4011e0 __vbaPowerR8
• 0x4011e4 _adj_fdiv_r
• 0x4011e8 None
• 0x4011ec None
• 0x4011f0 None
• 0x4011f4 __vbaVarTstNe
• 0x4011f8 __vbaI4Var
• 0x4011fc __vbaAryLock
• 0x401200 __vbaVarAdd
• 0x401204 __vbaStrToAnsi
• 0x401208 __vbaVarDup
• 0x40120c None
• 0x401210 __vbaFpI2
• 0x401214 __vbaVarLateMemCallLd
• 0x401218 __vbaVarCopy
• 0x40121c __vbaFpI4
• 0x401220 __vbaLateMemCallLd
• 0x401224 None
• 0x401228 _CIatan
• 0x40122c __vbaStrMove
• 0x401230 __vbaAryCopy
• 0x401234 __vbaStrVarCopy
• 0x401238 None
• 0x40123c _allmul
• 0x401240 _CItan
• 0x401244 __vbaAryUnlock
• 0x401248 _CIexp
• 0x40124c __vbaFreeStr
• 0x401250 __vbaFreeObj
• 0x401254 __vbaI4ErrVar
L!This program cannot be run in DOS mode.
`.data
MSVBVM60.DLL
rrrr1hrD
rjrbrrVrr
rprwwr|
rrurvjrvr:
rrHJr2
rRr!vrTxrqrur
rrr/prnrbr}Ar}rtr
rrr4ur9
r]rMrr
r`vrGr}r
r}irWr]
rSr+rgr
Vr:rwr:
rr}rar5r
rYurrkrpurMrmrr0lr
rnrrDr
rkrr(Nr
OvfuQaM
t_usb\p
UserControl1
VB5!6&*
JaBsmrvp
ZaTEpYEp
OvfuQaM
xK y=F!
K(;99ZU/Dt"<
R"%ngO
BackColor
MSCAL.OCX
MSACAL.Calendar
Calendar
tEwXAySjb1
UserControl1
modWheelMouse
modFonts
OvfuQaM
GetTextColor
USER32
CallWindowProcW
ResizePalette
+3q"=h
VBA6.DLL
__vbaVarVargNofree
__vbaI4ErrVar
__vbaEnd
__vbaLenBstrB
__vbaStrI4
__vbaVarSub
__vbaVarAdd
__vbaVarInt
__vbaI2Var
__vbaUI1I2
MSVBVM60.DLL
__vbaFixstrConstruct
__vbaStrErrVarCopy
__vbaVarMul
__vbaVarFix
__vbaVar2Vec
__vbaUI1ErrVar
__vbaFpI4
__vbaGetOwner4
__vbaRecDestruct
__vbaFpUI1
__vbaUI1I4
__vbaPowerR8
__vbaFpI2
__vbaPutOwner3
__vbaVarIndexLoad
__vbaVarIndexLoadRefLock
__vbaAryVar
__vbaStrI2
__vbaFreeObj
__vbaHresultCheckObj
__vbaNew2
__vbaFpCmpCy
__vbaFpR8
__vbaPut4
__vbaGet3
__vbaVarDup
__vbaInStrVar
__vbaVarOr
__vbaBoolVarNull
__vbaStrFixstr
__vbaVarZero
__vbaVarCat
__vbaLenBstr
__vbaVarTstEq
__vbaAryUnlock
__vbaAryLock
__vbaVarTstNe
__vbaAryMove
__vbaFreeStrList
__vbaPut3
__vbaStrCat
__vbaFileOpen
__vbaI2I4
__vbaFileClose
__vbaStrVarCopy
__vbaInStr
__vbaStrVarMove
__vbaErase
__vbaStrVarVal
__vbaGenerateBoundsError
__vbaVarMove
__vbaVarCopy
__vbaAryConstruct2
__vbaErrorOverflow
__vbaFreeStr
__vbaAryDestruct
__vbaAryCopy
__vbaRedimPreserve
__vbaFreeVarList
__vbaUbound
__vbaI4Var
__vbaFreeVar
__vbaDerefAry1
__vbaStrCmp
__vbaStrMove
__vbaSetSystemError
__vbaRedim
__vbaOnError
__vbaStrCopy
rE^D):wME
UserControl
C:\Program Files\Microsoft Visual Studio\VB98\VB6.OLB
R"Calendar1
Q3v^C:\Windows\system32\MSCAL.oca
MSACAL
FindWindowA
CallWindowProcA
SetWindowLongA
RegisterWindowMessageA
KERNEL32
GetVersionExA
GetSystemMetrics
__vbaExitProc
__vbaObjSet
__vbaRecAnsiToUni
__vbaRecUniToAnsi
__vbaLsetFixstr
__vbaFreeObjList
__vbaObjIs
__vbaVarDiv
__vbaVarLateMemCallLd
__vbaLateIdCallLd
__vbaLateMemCallLd
__vbaObjSetAddref
__vbaStrToAnsi
ReleaseDC
DeleteDC
CreateCompatibleDC
GetDesktopWindow
EnumFontFamiliesExA
__vbaVarTstGt
]teD'V
UserControl1
cxyLAs
u%M4Ur
@<mLFk
e,L Ed
8k{eA_P
_-!@zW{
S}(i7Wj"$3
#adaD0]4
,Yk#X~r
jM|-\@2
?Faeh:
>'#8U9
HK^oRRn|
!z#`G6
7CV/zjP
odUW;M{,2
JF?Lmm
|Jl?={
P@g?d:-7
Qd?q8~)~
\e9t$n
Y5u?T2%!
`l!dE6v
4bpZnV4u~/
4qH-vl#Z
!Dv#Z\Q
h&?~e!
8WT07d5.
K/yFvU
^=x*yo_^<h
s:_wQXT
d@v!#?4
Qub^Ix,Df
)_L^qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqdfgfd5
Calendar1
MSACAL.Calendar
9SVWeE`
EPEPEPEP}EPzE
EPEPEPEPj
EPEPE,
EPEPEPj
SVWeE8
EPEPPW
MMMEPj
MEppPj
MEPEPA
EPEPEPEPj
0 PEP^E&
EPPuuEE
EPEP4EP <
PEPEP#
EPEPEPEPj
EPuukEE
EPEPEPEPEPvU
PEPEP
EPEPEPj
M1P}EE
M, PEPEP5
EPEPEPj
PEPEP
EPEPEPj
EPEPEPEPj
+EPEPEPEPj
Mp PEP
lEPEPEPEPj
Mb PEP
^EPEPEPEPj
M= PEP
M*PvEE
HEPEPj
EPEPEPEPj
SVWeE
hPEPEP
tPEPEPvP
MVEPEPEPj
MpEPEPEPj
SVWeE`
lPEPEP
xPEPEPP3
EPEPEPj
MEPEPEPj
QSVWeE
TPEPEP
M_EPEPEPEPj
TPEPEP
EPEPEPEPj
MNEPEPEPEPj
SVWeE
PlPylP
f<P\PLPlPj
,P<PLP\PlPj
M>M6M.M&
j\XaSVWeE
SVWeE(
0MKPjh
$HiHPx8PV8P
Mf8PHPj
j@$PHP
j@$PHPHHP
j@HP8P
j@$PHP~HP
j@HP8P|8P_}
M}8PHPj
j@$PHPo|HP|
M[}H8}E;
j@HP8P%{8P{
|8PHPj
j@$PHPzHP
dt{HQ{EH
j@HP8P8y8Py
`!z8PHPj
j@$PHPxHP
|}yHZyEU
0McwPjh
M wPEPj
MvPvEk
0MhvPjh
M^ufEEz
2Xr8PHPj
MSrMKrMCrM;rM3rM+rM#rM
rMqMqMqMqMqMqMqMqMqMqMq|qtqhqd
jXXnSVWeE
lSVWeE`
VmEP5h
EPolEE
PlEP5D
4kEPjEE
EwBiE.
MhMhMh
eSVWeEX
} jPh4T@
@f$MfMe
fEfEf;
} jPh4T@
MePhHT@
Ye0dEE
f$EPEPEPj
} jPh4T@
McPhHT@
MIcPbt
bEPEPEPEPj
} jPh4T@
} jPh4T@
f$MI_M-^Mi_
njk\E(
FjC\E*
HiE[E2
}hzZE;
6EPEPEPEPj
MzWMXEPj
MrXMjXMbX
_^[GXU
USVWeE @
0EPxVEPh
pVPEPWMWE
uGW0EPUj
EPEPEPU PEPUEP?V
j PEPEPhVPtPYUj
MVM;VdPtPEPEPEPEPj
uU0EPTj
EPEPEPPT PEPITEPT
j PEPEP
UPtPSj
M+UMTdPtPEPEPEPEPj
j\EPRE
EPEPEPUSPPPEPDSPS
M$TPMSPjh
rSMSEPEPEPEPj
M4SPEPh\T@
j\EPHQE
EPEPEPQPPPEPQPEP#RPQ(
;QM]QEPEPEPEPj
]"Ph4@
HEP:OMOdPtPEPEPEPEPj
rOMdOEPj
jPXLSVWeE@ @
fEfEf;E
EE]EQQ
MM$MMLME
ISVWeE @
HPsKEE
JEPEPEPJP5
MJPhP@
MJM1JMYJE
eXbJh@
JELLPj
FSVWeE @
HP3HEE
j@EPEP{FuEPEPFEPF
MZGEPM
GEPEPj
&MSFEPEPj
j|XOCSVWeE!@
9QCh2@
MaBEPj
AMSCfEMd
@SVWeE!@
M[=EPj
;SVWeEH"@
0kXXPEP
EP^<uu
EPEP(<EP+<UH<E
HP|Pa;
HPlP2;
0uu_;0:
M`;P:EE
M:P9EE
%EP$9M9M9EPj
jXX6SVWeE"@
M8PM=8Pjh
*8Mv8E
UMN7EPuEPD7EP7
MW8EPEPj
M7PEPj
M57P57E
M6PM=6Pjh
*6Mv6E
KDH6E!
Mh5Ph5E$
M5EPEPj
j X2SVWeE#@
M0SVWeE
EPEP|1P
_1X01fEMr1E
EPEPa0Pv
Q/EP/E
EPEPn/P
W/My/E
X*SVWeE$@
)SVWeE
fEfEf;E
*r*f|fE
fEfEf;|
PEP(EPEP|)fEM<*
PEP@'EPE(
(M?(Mg(E%
`6](E'
PEP&ET@
EPEPEP&'P'
(EPEPj
_5\'E3
M&M&EPEPj
_^[|&U
j X#SVWeE
u3&&Md
#SVWeE8&@
$EP EPj
SVWeEx&@
SVWeE'@
EEEHE}
EPEPEPEPEPEPj
EPEPEPEPEPEPEPEPj
EPEPEPEPEPEPj
EPEPEPEPEPEPEPEPj
EPEPEPEPEPEPEPEPj
EPEPEPEPEPEPEPEPj
EPEPEPEPEPEPEPEPj
EPEPEPEPj
EPEPEPEPEPEPj
EPEPEPEPEPEPEPEPj
EPEPEPEPEPEPEPEPj
SVWeE(@
|PEPEP<
j@|PEP
EPEPEPj
SVWeE)@
GEPuuG
MxMpMhM`MXfE
SVWeE*@
<PPj(~
P f\PPlP|Pj
\PlP|PPj
SVWeE+@
EPEPEPx
EPuEPEPPv
MM%EPj
SVWeEP,@
uP2EEP
u`PEEPEEE
*EEDPEE
jhXSVWeE,@
EPEPEPEP8P
M,EPEPj
MEPEPj
SVWeE8-@
EPEPEP'P|PEPPEPPfE
EPEPEPEPj
SVWeE-@
SVWeE-@
pPtPflE
lPEPEPxPEPEPP
MqEPEPEPj
MEPEPEPj
SVWeE8.@
EPEPEPPEP
MrEPEPj
j4XISVWeE/@
SVWeE/@
SVWeEH0@
EPEP4EPEPUEPEPbME
j@EPEPEP
mSVWeEp1@
MEPEPj
f8u:E1
VEPEP<EP
M>M6M.
XbSVWeE2@
SVWeE2@
SVWeEX3@
MmPhT@
MXPhT@
MCPhT@
MPh,U@
EPEPEPEPEPEPEPEPEPj
P`PEPmEPj
M(EPEPEPEPEPEPEPEPEPj
(M"EPj
SVWeE3@
PPTPfLLPEE
DPHPnfp
EPEPEPJPhPEP9PXPEP(P
EPEPEPEPj
PPTPfLu
DPHPVfp
EPEPEP2PhPEP!PXPEP
EPEPEPEPj
PPTP`fLLPnEE
EPEPEPPhPEPPXPEP
EPEPEPEPj
PPTP]fLu
EPEPEPPhPEP
MREPEPEPEPj
PPTP=fLu
M PwEE
DPHPfp
EPEPEP
M2EPEPEPEPj
DPHPf@@PEE
EPEPEP
PhPxPsP
MSxPEPEPEPEPj
PPTPfLu
DPHPaf@@PoEE
EPEPEP1PEPEP#PhPxP
xPEPEPEPEPj
PPTPpfLu
f@@P)EE
EPEPEPPEPEP
MYxPEPEPEPEPj
PPTP=fLu
M PwEE
DPHPf@@PEE
EPEPEP
MvM&xPEPEPEPEPj
PPTPfLLPEE
DPHP^f@@PlEE
EPEPEP.PEPEP PhPxP
MxPEPEPEPEPj
PPTPfLu
DPHP5f@@PCEE
EPEPEP
PEPEPPhPxPPU
MsxPEPEPEPEPj
PPTP1fLu
DPHPf@@PEE
EPEPEP
xPEPEPEPEPj
PPTPfLu
DPHPf@@PEE
EPEPEPfPEPEPXPhPxPDP
xPEPEPEPEPj
PPTPfLu
DPHPcf@@PqEE
EPEPEP3PEPEP%PhPxP
xPEPEPEPEPj
MTMLxPEPEPEPEPj
jtXXSVWeE4@
EPEP~EPEPj
XPEPEP
MghPxPEPEPEPEPj
MhPhPT@
XPEPEP
P(PxPqP
M=hPxPEPEPEPEPj
EPEPEPyPXPEPhP
MHMEPEPEPEPj
XPEPEP PHPEP
P8PEPPp
EPEPEPEPj
XPEPEPPHPEPPW
EPEPEPj
MuPhPT@
M`EPEPEPEPj
MEPEPEPEPj
hPxPEPEPEPEPj
SVWeE5@
>SVWeE@6@
V0P@P0j
(PEPEPEPEPEPEPEPj
@PPPj
tkPhpV@
pSPhxV@
l;Ph$U@
h#PhV@
MsPhU@
M^PhU@
MIPhU@
M4PhU@
M PhU@
MwPh(V@
MbPh4V@
MMPhT@
M8Ph@V@
M#PhHV@
P(P\hPlPpPtPxP|PEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEP`PdPj
`PdPhPlPpPtPxP|PEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPj
>SVWeE6@
} jhh4T@
} j`h4T@
} jdh4T@
} jXh4T@
hPEPPEPEPUP
EPHPEP;P8PEP*PEP
EPEPEPEPj
j(M3EE
} jPh4T@
EPEP^~EPEPW~fM}EPEPEPEPj
fPvyEE3
EPhP'{fM{EPEPj
MWyPxp
JEPEPj
M)w|PEPEPEPEPj
>uSVWeE@8@
TM~wh$
EPEPEPj
evEP5<
j\XTqSVWeE8@
u1sPrEEP_rEEE
EXYYYEP)rEj
fEYPEPqEj
MnPnEEPXpEj
uu,JE
<~9pE(
EEP oEj
a}^oE1
L}IoE2
uuSHE3
unP#nEEPmj
uq|EnEEhZA
InM;nM3nM+n
ZkSVWeE9@
dlEP5D
ua8EPj
"iEPhd
kvhhE"
EPhguu
hPug8EPBg8EE
jfEP5D
"u gE&
EPEPeE.
0seheA
eeEPdEPj
EeE88Pj
jDXQbSVWeE:@
MwbPEPGdPcEE
-dEP5T
GrDdhA
aSVWeE:@
MScPhT@
M>cPhV@
M)cPhV@
bEPEPEPEPj
j@(PEP`EPPa
|P_|Ph
PEP`|PEPj
1m._E(
VlS^E1
}kz]E:
8k5]E=
LjI\EG
.i+[ES
_f\XEr
Pj4uT0J
P$PHr
Pj6uS0I
|P4J|Ph
>K|PEPj
(PEPFEPF
WGM7GE
(PEPEEPE
_FM?FE&
(PEP&EEPE
(PEPDEP$E
EMpEE+
|SyEE,
(PEPhDEPD
(PEPCEP@D
pRmDE4
M4DPhHT@
M DPhV@
DPh$U@
MCPhV@
MCPhU@
MCPhV@
MCPhO@
MbCPh(W@
KCEPEPEPEPEPEPEPEPEPEPEPj
MBPhV@
MBPhDW@
MBPhXW@
MBPh`W@
M{BPhlW@
dBEPEPEPEPEPj
:P7BE:
MAPhW@
MAPh$U@
MAPhW@
MAPhXW@
MAPhW@
MAPhW@
~AEPEPEPEPEPEPj
POMAE=
APhpV@
M@PhW@
M@PhW@
M@PhW@
M@PhW@
M@PhlW@
@EPEPEPEPEPEPj
j\EP#>)d
|PEPlPx>P\PLPd>P(P<PP>P>
.?<PLP\PlPEP|Pj
vEPEPEPEPEPEPEPEPEPEPEPj
>0<PLP\PlP|PEPj
M0>EPj
MSVBVM60.DLL
__vbaVarTstGt
__vbaVarSub
__vbaStrI2
_CIcos
_adj_fptan
__vbaVarMove
__vbaStrI4
__vbaVarVargNofree
__vbaFreeVar
__vbaAryMove
__vbaStrVarMove
__vbaLenBstr
__vbaFreeVarList
__vbaPut3
__vbaEnd
_adj_fdiv_m64
__vbaPut4
__vbaFreeObjList
__vbaVarFix
__vbaStrErrVarCopy
_adj_fprem1
__vbaRecAnsiToUni
__vbaStrCat
__vbaLsetFixstr
__vbaSetSystemError
__vbaRecDestruct
__vbaHresultCheckObj
__vbaLenBstrB
_adj_fdiv_m32
__vbaAryVar
__vbaAryDestruct
__vbaVarIndexLoadRefLock
__vbaExitProc
__vbaObjSet
__vbaOnError
_adj_fdiv_m16i
__vbaObjSetAddref
_adj_fdivr_m16i
__vbaVarIndexLoad
__vbaStrFixstr
__vbaBoolVarNull
__vbaFpR8
_CIsin
__vbaErase
__vbaVarZero
__vbaChkstk
__vbaFileClose
EVENT_SINK_AddRef
__vbaGenerateBoundsError
__vbaStrCmp
__vbaGet3
__vbaAryConstruct2
__vbaVarTstEq
__vbaPutOwner3
__vbaI2I4
DllFunctionCall
__vbaVarOr
__vbaFpUI1
__vbaRedimPreserve
_adj_fpatan
__vbaFixstrConstruct
__vbaLateIdCallLd
__vbaRedim
__vbaRecUniToAnsi
__vbaUI1ErrVar
EVENT_SINK_Release
__vbaUI1I2
_CIsqrt
__vbaObjIs
EVENT_SINK_QueryInterface
__vbaFpCmpCy
__vbaUI1I4
__vbaVarMul
__vbaExceptHandler
_adj_fprem
_adj_fdivr_m64
__vbaVarDiv
__vbaFPException
__vbaInStrVar
__vbaUbound
__vbaStrVarVal
__vbaVarCat
__vbaGetOwner4
__vbaI2Var
_CIlog
__vbaErrorOverflow
__vbaFileOpen
__vbaInStr
__vbaNew2
__vbaVar2Vec
__vbaVarInt
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaStrCopy
__vbaFreeStrList
__vbaDerefAry1
_adj_fdivr_m32
__vbaPowerR8
_adj_fdiv_r
__vbaVarTstNe
__vbaI4Var
__vbaAryLock
__vbaVarAdd
__vbaStrToAnsi
__vbaVarDup
__vbaFpI2
__vbaVarLateMemCallLd
__vbaVarCopy
__vbaFpI4
__vbaLateMemCallLd
_CIatan
__vbaStrMove
__vbaAryCopy
__vbaStrVarCopy
_allmul
_CItan
__vbaAryUnlock
_CIexp
__vbaFreeStr
__vbaFreeObj
__vbaI4ErrVar
*yYP20/&&%
9meXVD1'
8odWFB<)1?@#
-kjjdcWI>"
kaJA;(
Sulg^4
t~it~6q
______
_ _______(
Gc\eeeiizi]
@Cbddghy
Ffggqxyzigde-
6`aqlqt}
5Ejpppkt}
9Xkopoopwwupkkq
>OU^^mmmpv{vomooop
5:KMMHSSSUU_WWTTLLJ
8<IHHHJJLRRSTTTLLLH
6:KMLLLJLRSTTRTTVLLL
YRR76;NUUUTTPU^mooo_TTTLJ
nVV=;?Q_mmmmmovw
+nVTP?NUmoouuvwwwwvu
nWUTNPU_mouvvww
|YVTTTVWmouuvvwwwwvvu
YWVVVW_noouuvwwwwwwwwvuo
WVrrsrs|||~vvvwww}~~~~
.)$#$&
##"""""""""FFFFF"""FJH"FFFFFF""""""
IG>I>H>>>>>NNNNN;;GONN>NNNNNN>>>;;;"
jLLgjyN"
0nP8R:
Er{RRQ'("AyNF
-7:::u
722Sxw
"*22Bxw.3CM
".2.EC),.+=Ew|
)*./Bw
)*0B}|
C,.,,*))
1|||TgXUU
EC55411./.uxxeVUU
uutPPESw}xeUUU
}xgWWU
%xh_^^V
fjsaacb9D"
KNsddc6"
ilo$ K%%tKWM4P:u;Dw
knd7Jv!]j;"''$23
$$.2(%%6<?
@N>@<HQyB
B _?___(
PADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADD
@�@�@�@�@�@�
@�@�@�@�@�@�
@�@�@�@�@�@�
@�@�@�@�@�@�
@�@�@�@�@�@�
@�@�@�@�@�@�@�
@�@�@�@�@�@�@�
@�@�@�@�@�@�
@�@�@�@�@�@�@�@�@�@�@�@�@�@�@�@�@�
@�@�@�@�@�@�@�
@�@�@�@�@�@�@�@�@�
@�@�@�@�@�@�@�@�@�@�
@�@�@�@�@�@�
@�@�@�@�@�@�@�@�@�@�
@�@�@�@�@�@�@�@�
@�@�@�@�@�@�
@�@�@�@�@�@�@�@�
@�@�@�@�@�@�@�@�
@�@�@�@�@�@�@�@�@�@�
A�A�A�A�A�A�
A�A�A�A�A�A�
A�A�A�A�A�A�
A�A�A�A�A�A�
A�A�A�A�A�A�
A�A�A�A�A�A�
A�A�A�A�A�A�
A�A�A�A�A�A�A�
A�A�A�A�A�A�A�A�A�
A�A�A�A�A�A�
A�A�A�A�A�A�
A�A�A�A�A�A�
A�A�A�A�A�A�
A�A�A�A�A�A�
A�A�A�A�A�A�
A�A�A�A�A�A�
A�A�A�A�A�A�
A�A�A�A�A�A�
A�A�A�A�A�A�
A�A�A�A�A�A�
A�A�A�A�A�A�
A�A�A�A�A�A�
A�A�A�A�A�A�A�
A�A�A�A�A�A�A�
A�A�A�A�A�A�
A�A�A�A�A�A�
A�A�A�A�A�A�A�
A�A�A�A�A�A�A�
A�A�A�A�A�A�A�
A�A�A�A�A�A�
A�A�A�A�A�A�
A�A�A�A�A�A�A�
A�A�A�A�A�A�A�
A�A�A�A�A�A�
t�E�w�X�A�y�S�j�b�
O�v�f�u�Q�a�M�
J�a�B�s�m�r�v�p�
c�x�y�L�A�s�
p�K�U�G�P�Z�p�v�u�1�0�1�
n�s�1�.�s�p�
s�e�a�r�c�h�e�
1�3�5�2�.�n�
,� �l�P�a�r�a�m�=�
,� �m�s�g�=�
,� �w�P�a�r�a�m�=�
S�c�a�l�e�M�o�d�e�
d�S�c�a�l�e�H�e�i�g�h�t�
P�a�r�e�n�t�
M�S�W�H�E�E�L�_�R�O�L�L�M�S�G�
M�o�u�s�e�Z�
M�a�g�e�l�l�a�n� �M�S�W�H�E�E�L�
H�e�i�g�h�t�
� �*�*�*�*�*�*�*�*�*�*� �F�I�R�E� �E�V�E�N�T� �!� � �*�*�*�*�*�*�*�*�*�*�
W�i�n� �3�2�
W�i�n�d�o�w�s� �9�5�
W�i�n�d�o�w�s� �9�8�
W�i�n�d�o�w�s� �N�T� �3�.�5�1�
W�i�n�d�o�w�s� �N�T� �4�.�0�
W�i�n�d�o�w�s� �2�0�0�0�
U�n�k�n�o�w�n�
C�a�n� �n�o�t� �p�u�t� �f�o�n�t�s� �i�n�t�o� �a� �T�e�x�t�B�o�x� �c�o�n�t�r�o�l� �t�h�a�t� �h�a�s� �t�h�e� �M�u�l�t�i�L�i�n�e� �p�r�o�p�e�r�t�y� �s�e�t� �t�o� �F�A�L�S�E�.�
� �C�a�n�'�t� �P�u�t� �F�o�n�t�s� �I�n�t�o� �N�o�n�-�M�u�l�t�i�l�i�n�e� �T�e�x�t�B�o�x�
I�C�O�N�4�(�
!�!�)�$�(�-�+�5�1�;�9�<�
-�<�;�?�4�5�9�7�=�!�)� �!�*�4�9�>�>�!�)�1�9�1�:�>�?�@�@�B�E�A�D�H�E�B�D�I�J�@�I�M�P�Q�R�U�Z�c�D�A�C�F�C�J�J�N�L�I�Y�J�B�J�B�O�R�V�Z�Q�V�P�_�U�R�Y�Z�]�Y�V�Q�]�d�j�k�c�b�b�g�j�k�m�y�r�~�d�l�c�r�{�a�c�b�g�i�b�b�e�c�h�h�j�l�g�e�g�i�j�m�m�p�u�r�z�{�{�r�q�p�u�r�u�z�y�~�s�x�w�{�y�|�{�}�~�
y�m�x�}�o�z�
z�r�~�k�|�?�;�P�Y�f�t�k�u�d�f�m�v�L�J�W�A�T�I�R�b�c�g�[�M�R�Y�h�m�w�d�x�c�t�|�d�u�n�x�z�
:�6�2�V�l�d�h�v�s�y�k�
p�x�>�.�8�:�G�I�A�J�
(�9�;� �*�\�F�<�
9�*�*�2�9�6�f�O�X�Q�l�
p�x�N�A�M�e�j�j�h�}�^�a�e�v�y�
V�S�_�V�E�R�S�I�O�N�_�I�N�F�O�
V�a�r�F�i�l�e�I�n�f�o�
T�r�a�n�s�l�a�t�i�o�n�
S�t�r�i�n�g�F�i�l�e�I�n�f�o�
0�4�0�9�0�4�B�0�
P�r�o�d�u�c�t�N�a�m�e�
Z�a�T�E�p�Y�E�p�
F�i�l�e�V�e�r�s�i�o�n�
P�r�o�d�u�c�t�V�e�r�s�i�o�n�
I�n�t�e�r�n�a�l�N�a�m�e�
J�a�B�s�m�r�v�p�
O�r�i�g�i�n�a�l�F�i�l�e�n�a�m�e�
J�a�B�s�m�r�v�p�.�e�x�e�
Hosts
| IP |
|---|
| 114.114.114.114 |
DNS
| Name | Response | Post-Analysis Lookup |
|---|---|---|
| dns.msftncsi.com | A 131.107.255.255 | 131.107.255.255 |
| dns.msftncsi.com | AAAA fd3e:4f5a:5b81::1 | 131.107.255.255 |
TCP
No TCP connections recorded.
UDP
| Source | Source Port | Destination | Destination Port |
|---|---|---|---|
| 192.168.56.101 | 53179 | 224.0.0.252 | 5355 |
| 192.168.56.101 | 49642 | 224.0.0.252 | 5355 |
| 192.168.56.101 | 137 | 192.168.56.255 | 137 |
| 192.168.56.101 | 61714 | 114.114.114.114 | 53 |
| 192.168.56.101 | 56933 | 114.114.114.114 | 53 |
| 192.168.56.101 | 138 | 192.168.56.255 | 138 |
HTTP & HTTPS Requests
No HTTP requests performed.
ICMP traffic
No ICMP traffic performed.
IRC traffic
No IRC requests performed.
Suricata Alerts
No Suricata Alerts
Suricata TLS
No Suricata TLS
Snort Alerts
No Snort Alerts
Sorry! No dropped files.
Sorry! No dropped buffers.