1.3
低危
DACN
0.12
FACILE
1.00
IMCLNet
0.57
MFGraph
0.00
反病毒引擎
| 查杀引擎 | 查杀结果 | 查杀时间 | 查杀版本 |
|---|---|---|---|
| Alibaba | None | 20190527 | 0.3.0.5 |
| Avast | Win32:Malware-gen | 20190924 | 18.4.3895.0 |
| Baidu | None | 20190318 | 1.0.0.2 |
| CrowdStrike | win/malicious_confidence_100% (D) | 20190702 | 1.0 |
| Kingsoft | None | 20190924 | 2013.8.14.323 |
| McAfee | GenericRXBQ-RN!EE7FC6B3A475 | 20190924 | 6.0.6.653 |
| Tencent | None | 20190924 | 1.0.0.1 |
静态指标
动态指标
在 PE 资源中识别到外语
(4 个事件)
| name | RT_ICON | language | LANG_CHINESE | filetype | None | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | offset | 0x0000ad08 | size | 0x000002e8 | ||||||||||||||||||
| name | RT_MENU | language | LANG_CHINESE | filetype | None | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | offset | 0x0000ace8 | size | 0x0000001c | ||||||||||||||||||
| name | RT_GROUP_ICON | language | LANG_CHINESE | filetype | None | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | offset | 0x0000aff0 | size | 0x00000014 | ||||||||||||||||||
| name | RT_VERSION | language | LANG_CHINESE | filetype | None | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | offset | 0x0000a9e8 | size | 0x00000300 | ||||||||||||||||||
该二进制文件可能包含加密或压缩数据,表明使用了打包工具
(2 个事件)
| section | {'name': '.data', 'virtual_address': '0x00005000', 'virtual_size': '0x0000448c', 'size_of_data': '0x00004000', 'entropy': 7.453372315651901} | entropy | 7.453372315651901 | description | 发现高熵的节 | |||||||||
| entropy | 0.4 | description | 此PE文件的整体熵值较高 | |||||||||||
网络通信
与未执行 DNS 查询的主机进行通信
(1 个事件)
| host | 114.114.114.114 | |||
文件已被 VirusTotal 上 46 个反病毒引擎识别为恶意
(46 个事件)
| ALYac | Trojan.GenericKD.5212893 |
| APEX | Malicious |
| AVG | Win32:Malware-gen |
| Acronis | suspicious |
| Ad-Aware | Trojan.GenericKD.5212893 |
| AhnLab-V3 | Trojan/Win32.Magania.C1982352 |
| Antiy-AVL | Trojan[GameThief]/Win32.Magania |
| Arcabit | Trojan.Generic.D4F8ADD |
| Avast | Win32:Malware-gen |
| Avira | TR/Crypt.XPACK.Gen7 |
| CAT-QuickHeal | Trojan.Mauvaise.SL1 |
| CrowdStrike | win/malicious_confidence_100% (D) |
| Cybereason | malicious.3a4756 |
| Cylance | Unsafe |
| DrWeb | Trojan.DownLoader24.62022 |
| ESET-NOD32 | a variant of Win32/ServStart.OS |
| Emsisoft | Trojan.GenericKD.5212893 (B) |
| Endgame | malicious (high confidence) |
| F-Secure | Trojan.TR/Crypt.XPACK.Gen7 |
| FireEye | Trojan.GenericKD.5212893 |
| Fortinet | W32/GenKryptik.AWIY!tr |
| Ikarus | Backdoor.Win32.Inject |
| Invincea | heuristic |
| Jiangmin | Trojan.Generic.azxda |
| K7AntiVirus | Trojan ( 004b13931 ) |
| K7GW | Trojan ( 004b13931 ) |
| Kaspersky | Trojan-GameThief.Win32.Magania.uhaz |
| MAX | malware (ai score=88) |
| McAfee | GenericRXBQ-RN!EE7FC6B3A475 |
| McAfee-GW-Edition | BehavesLike.Win32.Almanahe.pm |
| MicroWorld-eScan | Trojan.GenericKD.5212893 |
| Microsoft | DDoS:Win32/Nitol.A |
| NANO-Antivirus | Trojan.Win32.Magania.epgzes |
| Panda | Trj/Genetic.gen |
| Qihoo-360 | HEUR/QVM07.1.1AB9.Malware.Gen |
| Rising | Downloader.Unruy!8.D8 (TFE:5:BkSG7rir9KI) |
| SentinelOne | DFI - Malicious PE |
| Symantec | ML.Attribute.HighConfidence |
| Trapmine | malicious.high.ml.score |
| TrendMicro | DDOS_NITOL_GF080006.UVPM |
| TrendMicro-HouseCall | DDOS_NITOL_GF080006.UVPM |
| VBA32 | BScope.Trojan.Downloader |
| Webroot | W32.Malware.gen |
| Yandex | Trojan.PWS.Magania!Yyr1rcEmq7I |
| Zillya | Trojan.Magania.Win32.71116 |
| ZoneAlarm | Trojan-GameThief.Win32.Magania.uhaz |
二进制图像
288x288
224x224
192x192
160x160
128x128
96x96
64x64
32x32
运行截图
暂无运行截图
该样本运行过程中未生成截图
PE Compile Time
2017-05-28 19:31:35
PE Imphash
5f690c4d941183227dddce566546b357
Sections
| Name | Virtual Address | Virtual Size | Size of Raw Data | Entropy |
|---|---|---|---|---|
| .text | 0x00001000 | 0x00002302 | 0x00003000 | 4.970489438837099 |
| .rdata | 0x00004000 | 0x00000f13 | 0x00001000 | 4.620956093716346 |
| .data | 0x00005000 | 0x0000448c | 0x00004000 | 7.453372315651901 |
| .rsrc | 0x0000a000 | 0x000011b8 | 0x00002000 | 2.1803200513136325 |
Resources
| Name | Offset | Size | Language | Sub-language | File type |
|---|---|---|---|---|---|
| RT_ICON | 0x0000ad08 | 0x000002e8 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | None |
| RT_MENU | 0x0000ace8 | 0x0000001c | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | None |
| RT_DIALOG | 0x0000b008 | 0x0000009e | LANG_ENGLISH | SUBLANG_ENGLISH_US | None |
| RT_DIALOG | 0x0000b008 | 0x0000009e | LANG_ENGLISH | SUBLANG_ENGLISH_US | None |
| RT_DIALOG | 0x0000b008 | 0x0000009e | LANG_ENGLISH | SUBLANG_ENGLISH_US | None |
| RT_DIALOG | 0x0000b008 | 0x0000009e | LANG_ENGLISH | SUBLANG_ENGLISH_US | None |
| RT_DIALOG | 0x0000b008 | 0x0000009e | LANG_ENGLISH | SUBLANG_ENGLISH_US | None |
| RT_GROUP_ICON | 0x0000aff0 | 0x00000014 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | None |
| RT_VERSION | 0x0000a9e8 | 0x00000300 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | None |
Imports
Library MFC42.DLL:
• 0x404034 None
• 0x404038 None
• 0x40403c None
• 0x404040 None
• 0x404044 None
• 0x404048 None
• 0x40404c None
• 0x404050 None
• 0x404054 None
• 0x404058 None
• 0x40405c None
• 0x404060 None
• 0x404064 None
• 0x404068 None
• 0x40406c None
• 0x404070 None
• 0x404074 None
• 0x404078 None
• 0x40407c None
• 0x404080 None
• 0x404084 None
• 0x404088 None
• 0x40408c None
• 0x404090 None
• 0x404094 None
• 0x404098 None
• 0x40409c None
• 0x4040a0 None
• 0x4040a4 None
• 0x4040a8 None
• 0x4040ac None
• 0x4040b0 None
• 0x4040b4 None
• 0x4040b8 None
• 0x4040bc None
• 0x4040c0 None
• 0x4040c4 None
• 0x4040c8 None
• 0x4040cc None
• 0x4040d0 None
• 0x4040d4 None
• 0x4040d8 None
• 0x4040dc None
• 0x4040e0 None
• 0x4040e4 None
• 0x4040e8 None
• 0x4040ec None
• 0x4040f0 None
• 0x4040f4 None
• 0x4040f8 None
• 0x4040fc None
• 0x404100 None
• 0x404104 None
• 0x404108 None
• 0x40410c None
• 0x404110 None
• 0x404114 None
• 0x404118 None
• 0x40411c None
• 0x404120 None
• 0x404124 None
• 0x404128 None
• 0x40412c None
• 0x404130 None
• 0x404134 None
• 0x404138 None
• 0x40413c None
• 0x404140 None
• 0x404144 None
• 0x404148 None
• 0x40414c None
• 0x404150 None
• 0x404154 None
• 0x404158 None
• 0x40415c None
• 0x404160 None
• 0x404164 None
• 0x404168 None
• 0x40416c None
• 0x404170 None
• 0x404174 None
• 0x404178 None
• 0x40417c None
• 0x404180 None
• 0x404184 None
• 0x404188 None
• 0x40418c None
• 0x404190 None
• 0x404194 None
• 0x404198 None
• 0x40419c None
• 0x4041a0 None
• 0x4041a4 None
• 0x4041a8 None
• 0x4041ac None
• 0x4041b0 None
• 0x4041b4 None
• 0x4041b8 None
• 0x4041bc None
• 0x4041c0 None
• 0x4041c4 None
Library MSVCRT.dll:
• 0x4041cc __setusermatherr
• 0x4041d0 _adjust_fdiv
• 0x4041d4 __p__commode
• 0x4041d8 __p__fmode
• 0x4041dc __set_app_type
• 0x4041e0 _except_handler3
• 0x4041e4 _controlfp
• 0x4041e8 _initterm
• 0x4041ec __getmainargs
• 0x4041f0 _acmdln
• 0x4041f4 _XcptFilter
• 0x4041f8 _exit
• 0x4041fc ??1type_info@@UAE@XZ
• 0x404200 _onexit
• 0x404204 __dllonexit
• 0x404208 free
• 0x40420c realloc
• 0x404210 _CxxThrowException
• 0x404214 printf
• 0x404218 fopen
• 0x40421c fclose
• 0x404220 exit
• 0x404224 __CxxFrameHandler
• 0x404228 _stricmp
Library KERNEL32.dll:
• 0x404000 Sleep
• 0x404004 GetModuleFileNameA
• 0x404008 GetProcAddress
• 0x40400c LoadLibraryA
• 0x404010 HeapAlloc
• 0x404014 VirtualProtect
• 0x404018 VirtualFree
• 0x40401c IsBadReadPtr
• 0x404020 HeapFree
• 0x404024 FreeLibrary
• 0x404028 GetModuleHandleA
• 0x40402c GetStartupInfoA
Library USER32.dll:
• 0x404230 LoadIconA
• 0x404234 SetTimer
• 0x404238 SendMessageA
• 0x40423c AppendMenuA
• 0x404240 GetSystemMenu
• 0x404244 DrawIcon
• 0x404248 GetClientRect
• 0x40424c GetSystemMetrics
• 0x404250 IsIconic
• 0x404254 wsprintfA
• 0x404258 EnableWindow
Exports
| Ordinal | Address | Name |
|---|---|---|
| 1 | 0x401c70 | Musalut |
L!This program cannot be run in DOS mode.
yvNjvivivivPvvUv%iv
pv%ivRichv
`.rdata
@.data
VPjft$
F =8B@
SWVL$
l$$~`;
SUVL$<Wuw
l$ D$$
T$@P|$<D
D$@Q|$<L
L$@R|$<T
T$@P|$<D
D$@Q|$<L
L$@R|$<T
T$@P|$<D
D$@Q|$<L
L$@R|$<T
T$@P|$<D
L$,_^]d
UIWWL$
33~3S\$
F;|[_^]VW=
Ujh`2@
SVWEehG@
u;|k=P@
EMEaEiEnE
_^]3[Yj
_^]3[Yj
3_^][YC
r8~aCj
CL$ D$
g_^][Y
g_^][Y
vVUVW<
F|xWD$
_^]3[Y
4Vt$HL$$VD$D
L$$RD$D
T$PrVRT$,PQL$4RdD$
L$PD$@.
YH%$B@
hSVWe3
EEP5p@
EPEPEP
0u>"u:Fu
<"u>"u
> vFuj
YY3%A@
dUdt F@
MBM`xF@
MRMMMM`H@
MFC42.DLL
__CxxFrameHandler
fclose
printf
_CxxThrowException
realloc
__dllonexit
_onexit
MSVCRT.dll
??1type_info@@UAE@XZ
_XcptFilter
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
_controlfp
GetModuleFileNameA
GetProcAddress
LoadLibraryA
HeapAlloc
VirtualProtect
VirtualFree
IsBadReadPtr
HeapFree
FreeLibrary
GetModuleHandleA
GetStartupInfoA
KERNEL32.dll
EnableWindow
LoadIconA
SetTimer
SendMessageA
AppendMenuA
GetSystemMenu
DrawIcon
GetClientRect
GetSystemMetrics
IsIconic
wsprintfA
USER32.dll
_stricmp
MDat.dll
Musalut
h13BF2710B31BF2310B
2310BF2310BF2310BF2310BF2310BF2310B231>]<39g2}c
24]TCQ/fQR_^-2
<=Hb2310BF2
"[do!X
"_do!7
"4{k!Z
G"Tdo!X
"Zdo!aXS*-
"0BF2310BF2310BF2ct0B
301lk310BF231BH
806BFr310RF230B
310F230BF23!0RF2330BB2310BF2710BF2310F23!0BF2312BF231 BF"310BV23!0BF231 BF20B
2310F200BF2310BF2310BF2310BF2310BF31<BF2310BF2310BF2310BF2310BF2310BF2310BF2310BF2310BF2310BF2310BF2310BF2310BF2310BF231e
310BF310RF2310BF6310BF2310BF231BFfahsF2310
F230BF
310FF2310BF2310BF2s10
0BF23!0BF310FF23
0BF2310BF2310B
230BF2310BF2310BF2310BF2310BF2310BF2310BF2310BF2310BF2310BF2310BF2310BF2310BF2310BF2310BF2310BF2310BF2310BF2310BF2310BF2310BF2310BF2310BF2310BF2310BF2310BF2310BF2310BF2310BF2310BF2310BF2310BF2310BF2310BF2310BF2310BF2310BF2310BF2310BF2310BF2310BF2310BF2310BF2310BF2310BF2310BF2310BF2310BF2310BF2310BF2310BF2310BF2310BF2310BF2310BF2310BF2310BF2310BF2310BF2310BF2310BF2310BF2310BF2310BF2310BF2310BF23
pv2fahcJ;18Jk
|31mF23A0B`33
AF2`df
3f4t0q}<D1c
E 8)XA)<-?
R#@E57
~;D90sC3=
fyS|xN
-!|g')%
Bcaa{PZ
E$N5`<Js\
i6 ;H<\
bjeAQb[
_rXO}fkwlDD2P4<jX4
RXT2SN"]VfV
S0&Gx^
bywC*[N)FN\:QX\gbdq
:]F&g_
9_l-W{
Iy=G4Z^;M$
G8gC|1
3<20&j
GG]GV}
,3cbYfJ--
adONcf
D5Q:^u
]P>%JI
}ehG13
-/v85[8M#c
80!Htuc8nU~
4bs!+356~{&
Fw<IzJ
2! N^{kF
EW&:0dm$
7HBE a]NYF
bZF."C>
3ugJ:H]!o!
<,Kmr.lr
/%= G~
U29{yE
Y\l&y7wRq
VE;c2N|Du$}
aX_xx9ej
<z|+K9
6AefcD{.}7o
7\tVLeb
3GhksZM ]N=c%E JU
i=u%Cw=_SpN*|
S%?"7u
?aU=acRP>
2B#3e
ZH?;Y \
(aMUcL/}
?MgGh '
m:kfXc
Y1(D/+
:\t%1>~
)v=Z,:[w
3{uRo&
Ku2?=Z0
W(75}d_
[qbC?7
\,\F\]
J+;nu.
gmtB,$&]17
gBbh:w
?acB4
(GjsO>)PbReD5]3\G6Y
-CM wm,vq>04
>fG7>])
CR*W66
+.rZiKE.>9
>:6EA@Ell^\-\$D
?'U\tg.
KOb#5o
@Ji%g7XK41!
/V_+7i_';
Z7if\bA@!Bj.e
(z]jtz
317IY{M`
gh*YiW
,C41f0jM
28'Of.,b;J9`|;aWI. #Cs
2O)7w|
ah7fBEv}
pBjFBW(^*D]<
*VB^xi
0!X!@w
QtDd7>{
{EuZEO
6t(Uai*4c3
QcI9(CD
%`bEBQ9\vMNsD
:?k4;J ["
'7~EOn
Rl*IkztY
\rg~Pci
>:(o'k
[&%g\&9sQ,+
B]d* rI*]
m1HP{f
1QfVCE
f\c>#R9m
qc`Tev
G=]pvA[< XIc5
:r}fNh
14WBl;"4P%Tm)aut
FVuofz
w;Sj4e
*H_~@FYgSO$a&W:o>T]
L63^]3)D8(
D?7^_l/[
Ua5xiO/Uz
tV+T~|~
jcr#f]d
GggY)j h
QM#]PP
jWGU+ Qn!Z@X;[_!#h
B9%a'-
}PB}Ot7%
QWq6g!8
1F#<_`OZ8q1
6G*:69
%1>$B
V;H0vK1
Eid-=+B'
oc&exfD`W13FD&PC7E&p"MEi*
Gz2U6(pM
6dbR+r
Vq_"v<ai7Ab>Ky!Fw4
}>P$z<N03%pu@
*M7BYU|LJ=B6A
S{`xvl
F4\7Mb.
M7joNF:uSi:
nRd2gHF653&B;2WC
eu2E4/
-/n}BN2D#
CLVN@\_%]h
8?w9n"
A6{W<N'P"dgZp-V]#G
#=Q)$X
V!'%Po&]Zf+u+YY8_5
-.yvf\
p\YUFj=TyrFk]o$4j
R!v`\$pY
Z_2W=d;{
.NimQ\
6/wXH\'3#b
;a$Wc&
.!X)LIa8
^>3*P0
7(L.l|
TKzM3O1abb
?U"'OM
lVg7lFq
*b3Kn0f'"EMe
%]\w2sP26fD
\0AU)e]X)*.r+d<
-{ .>
s>~R/@a
:tMMN'N7)
s*R*R[
<u,^ybay'
c>y{F$E/)
2@2U?R:;
n<qmSw*;
8MKF5aL?)N,C0
c2s~@j
~3NArP
)<6\*|1]2?6
l/jl;4
TL^5/$
@ 6M5:
~'aR_.tebd2
Y^S36$B
X[( W4@YwG
_;-m5uX71Ym
0CkF%g
;U@V}|&
KMpSVO
x<2i*g}
GppcEy>GN9NS90B3S7
?P4K2O
cOcR =69L7zGJX
SK9~W_W
&E@;n?
mWa(ZJ@G$b\N
R9n#t)W+
.fa)LLJB
upEhb2
R>19Eey;U)aow]c!]~
O/*;`#R.'
?:/elhX~WH_B]i
}O}ElS
|aa@^)%
`P]<(*!
j2|aEf
U <sVrf:oP
"&~vEy!I
C=>6sx|+0# w)y26p
rDvcZ\
`g`- 1FO-hBY2Z&fe
qf\)~~
buRb!6Tf
aN'vI3:Y4v
s"Z&/y
6!o.8nR
_u/:q`"
%.MLcy&8
C>TW0)5uY]+w`)z&
J)Phx<@
-f",R5,
n8S0ggeJ@?%
DS]7a5 7
XeBJTeLl9
:jL5D\^
DRJI#[_P
'6WDZA
5DGG@SF3-qU7
S6eMuF&07VR9kK$
nFgz)e-
~2b)~mA4
Dq!=Hj
ad~4[T>=y O
.:'r
W1A\]J ARW^}4
<-58nH
iIr7oB01ybF:
84?t2x
4Fb1AG9O&`=R,P `EK*2U
{Avc=)*U+2q*)S;[K*
J4bB.|
! 5B@|N
Kx!L`3
ODla7Q
F|S*QDFlM27F
hr$fz
heI.eb
=Sev"bb
p0v1-sLG(3e`69x pde
nqKbpE
9~QwBp94u't8:
@OT?.%!in\,.afW
l{5R0fc wgx
>@c:=&fg
j-j'-@B&Sg
cm0cx2
P6`M]GR!0R:
oCBsAA
:DIeO9HNu03O
5EN )Fn
Jrq40` '1
7=aS"<
zIwxpb
W]EBP\
4]PTC1)@o1e@
kiPR!"WUVX+,Y_\^-6CAaMFGG:?H
d'8@FKs.
1ED R#/VF S-Z]l|A%6
TH'9NI|E1'^FEi-tTD
/QXr_7=T
Z\UR;(S^T/c
[AJ?WPE(;
2_>B!'Fr
;/AI*X\CBc1
e`pc6'@A;nER\
#+,&9m_pC3eyvc~
W]\itm>5
iOsP<h-
&eD]LBo
}-<[mP wxY
\]9kg`7B!3
-Od)mt
,U^HmlX<[r 3
=(^-/4<r
LkQ"\1V38/x
GrZCP *WUU
fT-QG=
f"-IqOk!sov
IR+2B#[D[3V;2J.C]AP6m5Z
FQ44$>-Gl
]])2$ilB1G/
@k~R_W7WIY^U'%
VrV'%)pl
#OmFnS7W&c2sSt$c9sw'#D(&e2as~ab[m
wKXDJQj
IWP9w'RsO"VA)|-'V
XR0',=[fV\@
aQ,"^EcUG'<~D?m&W<
*^K0jb,
#@lX
~R(`#5
@VTmCm
#u,07)\=f
/SQ 'q6V(Di`dY
<;rShrE
,Tf[Tt*h:~
WUP|6+
]*2V@Hv
x^$)<<)._^R#*
qw@GGSvqB0AzV
d!UxB<
MlApo%H
"YH/$Pw)pK
(^PkM{
qxTINd0T
gp!YVb1'B&B{xV
GX&0?7V&
K\i0#TnhNm[L6
@R\Y504R
0Wy*!
sr'{'r
G]<KD 7
1?9DQY CUM&31 z1
Nd>(=!
9.c\9=
1/G[^&7'Qw48:8HN44
44$DO.)?)IK?
G?>J@?
99: IA
.ayv_De:?<6NM2):>ZN"T
/7U~m5
C870We 5M
GNU)\C
^?N;5;5M;7!D0NQ5+=A=, 6
\!8h`":"LC2],@8&
:98GJ7
=;YuIM1K
]H4:u&WF! g
|>=pcwp_|HYqS 9=
V&^Z@4
t%?+!YHE\<??
`+"Sd@
; Fw<7
34h .1>
(A&83.FK|7
#66@_]E
3- G+6L
v B&<rs=!`P3
da:"Atc
{231BFr11BN
210"21 2
7vAu2EE,S@
1BF22EE,S#01G:."Cw30K9D
D62EE,S#07A-
3D7X!W2C3;/#B00
@776453|m231E
0E5n4$;R
30B5:D
m7rF311
931Au;DJ6?Aucv
d319252BP
Au:D`zD 11V0E
?"U70QA0BF2310BF2310BF2310BF2310BF2310BF2310BF2310BF2310BF2310BF2310BF2310BF2310BF2310BF2310BF2310BF2310BF2310BF2310BF2310BF2310BF2310BF2310BF2310BF2310BF2310BF2310BF2310BF2310BF2310BF2310BF2310BF2310BF2310BF2310BF2310BF2310BF2310BF2310B31F2310BF2310BF260B310BF2310BF231"F20BF2310BF2310BY31F2310BF2310BF2
0B310BF2310BF231
F20BF2310BF2310B
F2310BF2310BF2~0B310BF2310BF2310BF2310B
31VF2310B0310BF20BF231F2310B310BF20BF231F2310BR230BF2xtb
l"^_1Y2.^CP@+hV_]0
dpcdl"^_1c
l"^_1c
erayl"^_1e
&*^3fcp
T.*231|-'V
XR0'@Jp0B
WGaB-%sWUB'5A31b'!}CT^
#Kr10B
'P_T0B2[^T0B
>WPDD'
WJp0B1ACCY,2Tr10BF2
F2210BG2311BF20B31F2A
0B310B
&*^3|Q+(230BJ231}F2310BF2310BF2310BF2310BF2310BF2310BF2310BF2310BF2310BF2310BF2310BF2310BF2310BF2310BF2310BF2310BF2310BF2310BF2310BF2310BF2310BF2310BF2310BF2310BF2310BF2310BF2310BF2310BF2310BF2310BF2310BF2310BF2310BF2310BF2310BF2310BF2310BF2310BF2310BF2310BF2310BF2310BF2310BF2310BF2310BF2310BF2310BF2310BF2310BF2310BF2310BF2310BF2310BF2310BF2310BF2310BF2310BF2310BF2310BF2310BF2310BF2310BF2310BF2310BF2310BF2310BF2310BF2310BF2310BF2310BF2310BF2310BF2310BF2310BF2310BF2310BF2310BF2310BF2310BF2310BF2310BF2310BF2310BF231EgoRHRIVCx0VHRIQFQkLExMTQw==
Seryiec
Microsoft .Net Frameworsk COMa+ Suppoct
Microsoft .NET COM+ Integration with SOAP
E2310BF
GetProcessHeap
VirtualAlloc
KERNEL32.dll
.?AVtype_info@@
HrCg@b
x(k-omm_ii fO
q x^Z{x
H6G1anYdjxH6G1anYdjxH6G1anYdjxH6G1anYdjxH6G1anYdjxoIgiF9Lae
oIgiF9Lae
oIgiF9Lae
oIgiF9Lae
oIgiF9Lae
I0sVDu6oXvI0sVDu6oXvI0sVDu6oXvI0sVDu6oXvI0sVDu6oXvijyMlFPj
l6bxX6N1D5l6bxX6N1D5l6bxX6N1D5vfxH7aTtebF1E4wlGrn6F1E4wlGrn6F1E4wlGrn6F1E4wlGrn6F1E4wlGrn6wZ27dZ0e8jwZ27dZ0e8jwZ27dZ0e8jwZ27dZ0e8jwZ27dZ0e8j02U8SInXc
02U8SInXc
02U8SInXc
02U8SInXc
02U8SInXc
sG82gDUPQHsG82gDUPQHsG82gDUPQHsG82gDUPQHsG82gDUPQHwpWN0Nj7K
wpWN0Nj7K
wpWN0Nj7K
wpWN0Nj7K
wpWN0Nj7K
ytsfSEpsrx2FUGpY1fn
2FUGpY1fn
2FUGpY1fn
56drtEyyd
ut0LxnL0yxut0LxnL0yxut0LxnL0yxut0LxnL0yxut0LxnL0yxTChUi2asU
W2Jc5NmfxJW2Jc5NmfxJW2Jc5NmfxJW2Jc5NmfxJ1OLuJuRxsi1OLuJuRxsi1OLuJuRxsi1OLuJuRxsi1OLuJuRxsiEgMUL9TNFwEgMUL9TNFwEgMUL9TNFwEgMUL9TNFwEgMUL9TNFwgD3n9o6Qd
gD3n9o6Qd
gD3n9o6Qd
gD3n9o6Qd
gD3n9o6Qd
bRqz3HlN0
bRqz3HlN0
bRqz3HlN0
bRqz3HlN0
bRqz3HlN0
EHpLr9eC0
EHpLr9eC0
EHpLr9eC0
EHpLr9eC0
EHpLr9eC0
mbw37hz
mbw37hz
mbw37hz
mbw37hz
mbw37hz
k7YdIva90ok7YdIva90ok7YdIva90ok7YdIva90ok7YdIva90osFmF1zyxV8sFmF1zyxV8sFmF1zyxV8sFmF1zyxV8sFmF1zyxV88ckC3Zd4OS8ckC3Zd4OS8ckC3Zd4OS8ckC3Zd4OS8ckC3Zd4OSWa3FbRcic1Wa3FbRcic1Wa3FbRcic1Wa3FbRcic1Wa3FbRcic1hC3uh1RDoGhC3uh1RDoGhC3uh1RDoGhC3uh1RDoGhC3uh1RDoGNdLiZbsOOCNdLiZbsOOCNdLiZbsOOCNdLiZbsOOCNdLiZbsOOCy9yT
Hu2kJy9yTHu2kJ
y9yTHu2kJ
y9yTHu2kJ
y9yTHu2kJ
hafnIoRSEghafnIoRSEghafnIoRSEghafnIoRSEghafnIoRSEgfzRxaXKW0ufzRxaXKW0ufzRxaXKW0ufzRxaXKW0ufzRxaXKW0uSgFbTx7QtySgFbTx7QtySgFbTx7QtySgFbTx7QtySgFbTx7QtyjMtmfxh0ZQjMtmfxh0ZQjMtmfxh0ZQjMtmfxh0ZQjMtmfxh0ZQqRUb8qcI7PqRUb8qcI7PqRUb8qcI7PqRUb8qcI7PqRUb8qcI7PN9Rcg
Mz7jN9RcgMz7j
N9RcgMz7j
N9RcgMz7j
N9RcgMz7j
Li4MyNVYtGLi4MyNVYtGLi4MyNVYtGLi4MyNVYtGLi4MyNVYtGoYiIR1vl3NoYiIR1vl3NoYiIR1vl3NoYiIR1vl3NoYiIR1vl3NQo4bwySm6
Qo4bwySm6
Qo4bwySm6
Qo4bwySm6
Qo4bwySm6
5y5zaz58rS5y5zaz58rS5y5zaz58rS5y5zaz58rS5y5zaz58rSFfEPkFjvJ
FfEPkFjvJ
FfEPkFjvJ
FfEPkFjvJ
FfEPkFjvJ
M6CLOp9jwbM6CLOp9jwbM6CLOp9jwbM6CLOp9jwbM6CLOp9jwbGayK2ShfVaGayK2ShfVaGayK2ShfVaGayK2ShfVaGayK2ShfVaybH
9RsVrHybH9RsVrH
ybH9RsVrH
ybH9RsVrH
ybH9RsVrH
v0buVE0iOav0buVE0iOav0buVE0iOav0buVE0iOav0buVE0iOaoIa0kIrUY4oIa0kIrUY4oIa0kIrUY4oIa0kIrUY4oIa0kIrUY4v3ppvnhrTov3ppvnhrTov3ppvnhrTov3ppvnhrTov3ppvnhrToRw3fn8afw4Rw3fn8afw4Rw3fn8afw4Rw3fn8afw4Rw3fn8afw4wXF7QrEWmuwXF7QrEWmuwXF7QrEWmuwXF7QrEWmuwXF7QrEWmu81OG6i03Yj81OG6i03Yj81OG6i03Yj81OG6i03Yj81OG6i03Yjj90iLUGw3
j90iLUGw3
j90iLUGw3
j90iLUGw3
j90iLUGw3
t7NkF8JPi1t7NkF8JPi1t7NkF8JPi1t7NkF8JPi1t7NkF8JPi1lZnm5XtMwdlZnm5XtMwdlZnm5XtMwdlZnm5XtMwdlZnm5XtMwdZieD3IkebfZieD3IkebfZieD3IkebfZieD3IkebfZieD3IkebfoN7e4xLycQoN7e4xLycQoN7e4xLycQoN7e4xLycQoN7e4xLycQHMpiDabzcOHMpiDabzcOHMpiDabzcOHMpiDabzcOHMpiDabzcOcswbl4vgCscswbl4vgCscswbl4vgCscswbl4vgCscswbl4vgCsFWSr01Rxh
FWSr01Rxh
FWSr01Rxh
FWSr01Rxh
FWSr01Rxh
Hi3bnr
TbRHi3bnrTbR
Hi3bnrTbR
Hi3bnrTbR
Hi3bnrTbR
oqJfvZaQR6oqJfvZaQR6oqJfvZaQR6oqJfvZaQR6oqJfvZaQR6dqkC3oaod
dqkC3oaod
dqkC3oaod
dqkC3oaod
dqkC3oaod
kzytjRW7o0kzytjRW7o0kzytjRW7o0kzytjRW7o0kzytjRW7o0k4Cdpb2U5Gk4Cdpb2U5Gk4Cdpb2U5Gk4Cdpb2U5Gk4Cdpb2U5GomaePUtLkFomaePUtLkFomaePUtLkFomaePUtLkFomaePUtLkFbhevLjyQqPbhevLjyQqPbhevLjyQqPbhevLjyQqPbhevLjyQqPxzOlt2ZJenxzOlt2ZJenxzOlt2ZJenxzOlt2ZJenxzOlt2ZJenaV7IORwJX4aV7IORwJX4aV7IORwJX4aV7IORwJX4aV7IORwJX4Vnf6StEQbVVnf6StEQbVVnf6StEQbVVnf6StEQbVVnf6StEQbVleJD0bk3NMleJD0bk3NMleJD0bk3NMleJD0bk3NMleJD0bk3NMaDdEPHdgW
aDdEPHdgW
aDdEPHdgW
aDdEPHdgW
aDdEPHdgW
LFjzUVdXukLFjzUVdXukLFjzUVdXukLFjzUVdXukLFjzUVdXukkOJxpbpt6KkOJxpbpt6KkOJxpbpt6KkOJxpbpt6KkOJxpbpt6KxPaqZoXrMHxPaqZoXrMHxPaqZoXrMHxPaqZoXrMHxPaqZoXrMHkiiyHUixobkiiyHUixobkiiyHUixobkiiyHUixobkiiyHUixobdFbM7jKoj4dFbM7jKoj4dFbM7jKoj4dFbM7jKoj4dFbM7jKoj4q4hVZRVi8Mq4hVZRVi8Mq4hVZRVi8Mq4hVZRVi8Mq4hVZRVi8MNK2mVyT5cMNK2mVyT5cMNK2mVyT5cMNK2mVyT5cMNK2mVyT5cMPYveg1zaDVPYveg1zaDVPYveg1zaDVPYveg1zaDVPYveg1zaDV
G�u�l�i�m�C�h�e�
w�4�e�s�d�r�r�7�t�f�y�i�g�u�h�
5�d�4�f�6�g�7�9�h�8�0�j�9�k�
d�r�t�f�y�g�u�i�
V�S�_�V�E�R�S�I�O�N�_�I�N�F�O�
S�t�r�i�n�g�F�i�l�e�I�n�f�o�
0�8�0�4�0�4�b�0�
C�o�m�m�e�n�t�s�
C�o�m�p�a�n�y�N�a�m�e�
F�i�l�e�D�e�s�c�r�i�p�t�i�o�n�
F�i�l�e�V�e�r�s�i�o�n�
1�,� �0�,� �0�,� �1�
I�n�t�e�r�n�a�l�N�a�m�e�
L�e�g�a�l�C�o�p�y�r�i�g�h�t�
(�C�)� �2�0�1�7�
L�e�g�a�l�T�r�a�d�e�m�a�r�k�s�
O�r�i�g�i�n�a�l�F�i�l�e�n�a�m�e�
P�r�i�v�a�t�e�B�u�i�l�d�
P�r�o�d�u�c�t�N�a�m�e�
0�0�0� �M�D�a�t�
P�r�o�d�u�c�t�V�e�r�s�i�o�n�
1�,� �0�,� �0�,� �1�
S�p�e�c�i�a�l�B�u�i�l�d�
V�a�r�F�i�l�e�I�n�f�o�
T�r�a�n�s�l�a�t�i�o�n�
w�r�t�e�f�f�w�e�f�
P�r�o�p�e�r�t�y� �P�a�g�e�
M�S� �S�a�n�s� �S�e�r�i�f�
T�O�D�O�:� �l�a�y�o�u�t� �p�r�o�p�e�r�t�y� �p�a�g�e�
M�S� �S�a�n�s� �S�e�r�i�f�
T�O�D�O�:� �l�a�y�o�u�t� �d�i�a�l�o�g� �b�a�r�
M�S� �S�a�n�s� �S�e�r�i�f�
T�O�D�O�:� �l�a�y�o�u�t� �O�L�E� �p�r�o�p�e�r�t�y� �p�a�g�e�
Hosts
| IP |
|---|
| 114.114.114.114 |
DNS
| Name | Response | Post-Analysis Lookup |
|---|---|---|
| dns.msftncsi.com | A 131.107.255.255 | 131.107.255.255 |
| dns.msftncsi.com | AAAA fd3e:4f5a:5b81::1 | 131.107.255.255 |
TCP
No TCP connections recorded.
UDP
| Source | Source Port | Destination | Destination Port |
|---|---|---|---|
| 192.168.56.101 | 53179 | 224.0.0.252 | 5355 |
| 192.168.56.101 | 49642 | 224.0.0.252 | 5355 |
| 192.168.56.101 | 137 | 192.168.56.255 | 137 |
| 192.168.56.101 | 61714 | 114.114.114.114 | 53 |
| 192.168.56.101 | 56933 | 114.114.114.114 | 53 |
| 192.168.56.101 | 138 | 192.168.56.255 | 138 |
HTTP & HTTPS Requests
No HTTP requests performed.
ICMP traffic
No ICMP traffic performed.
IRC traffic
No IRC requests performed.
Suricata Alerts
No Suricata Alerts
Suricata TLS
No Suricata TLS
Snort Alerts
No Snort Alerts
Sorry! No dropped files.
Sorry! No dropped buffers.