1.1
低危
DACN
0.12
FACILE
1.00
IMCLNet
0.76
MFGraph
0.00
反病毒引擎
| 查杀引擎 | 查杀结果 | 查杀时间 | 查杀版本 |
|---|---|---|---|
| Alibaba | None | 20190527 | 0.3.0.5 |
| Avast | Win32:Unruy-AA [Trj] | 20200123 | 18.4.3895.0 |
| Baidu | Win32.Trojan-Clicker.Cycler.a | 20190318 | 1.0.0.2 |
| CrowdStrike | win/malicious_confidence_100% (W) | 20190702 | 1.0 |
| Kingsoft | None | 20200123 | 2013.8.14.323 |
| McAfee | Downloader-BPA.d | 20200123 | 6.0.6.653 |
| Tencent | Malware.Win32.Gencirc.10b078c7 | 20200123 | 1.0.0.1 |
静态指标
动态指标
该二进制文件可能包含加密或压缩数据,表明使用了打包工具
(2 个事件)
| section | {'name': '.data', 'virtual_address': '0x00008000', 'virtual_size': '0x000162b8', 'size_of_data': '0x00007000', 'entropy': 6.841914722708253} | entropy | 6.841914722708253 | description | 发现高熵的节 | |||||||||
| entropy | 0.5490196078431373 | description | 此PE文件的整体熵值较高 | |||||||||||
网络通信
与未执行 DNS 查询的主机进行通信
(1 个事件)
| host | 114.114.114.114 | |||
文件已被 VirusTotal 上 60 个反病毒引擎识别为恶意
(50 out of 60 个事件)
| ALYac | Trojan.GenericKD.30854925 |
| APEX | Malicious |
| AVG | Win32:Unruy-AA [Trj] |
| Acronis | suspicious |
| Ad-Aware | Trojan.GenericKD.30854925 |
| AhnLab-V3 | Trojan/Win32.Cycler.R633 |
| Arcabit | Trojan.Generic.D1D6CF0D |
| Avast | Win32:Unruy-AA [Trj] |
| Avira | TR/Crypt.XPACK.Gen |
| Baidu | Win32.Trojan-Clicker.Cycler.a |
| BitDefender | Trojan.GenericKD.30854925 |
| BitDefenderTheta | Gen:NN.ZexaF.34084.OnZ@au6qTJf |
| CAT-QuickHeal | Trojan.Zenshirsh.SL7 |
| CMC | Trojan-Clicker.Win32.Cycler!O |
| ClamAV | Win.Trojan.Unruy-5834 |
| Comodo | TrojWare.Win32.TrojanDownloader.Unruy.BK@7ktw2g |
| CrowdStrike | win/malicious_confidence_100% (W) |
| Cybereason | malicious.559ae1 |
| Cylance | Unsafe |
| Cyren | W32/Cosmu.D.gen!Eldorado |
| DrWeb | Trojan.Siggen8.10905 |
| ESET-NOD32 | a variant of Win32/TrojanDownloader.Unruy.AY |
| Emsisoft | Trojan.GenericKD.30854925 (B) |
| Endgame | malicious (high confidence) |
| F-Prot | W32/Cosmu.D.gen!Eldorado |
| F-Secure | Trojan.TR/Crypt.XPACK.Gen |
| FireEye | Generic.mg.efecfce559ae1948 |
| Fortinet | W32/ZAccess.Y!tr |
| GData | Trojan.GenericKD.30854925 |
| Ikarus | Trojan-Downloader.Win32.Unruy |
| Invincea | heuristic |
| Jiangmin | Trojan/Generic.ejyj |
| K7AntiVirus | Trojan ( 0040f7f01 ) |
| K7GW | Trojan ( 0040f7f01 ) |
| Kaspersky | HEUR:Trojan.Win32.Generic |
| MAX | malware (ai score=84) |
| Malwarebytes | Trojan.Dropper |
| McAfee | Downloader-BPA.d |
| McAfee-GW-Edition | BehavesLike.Win32.Downloader.tt |
| MicroWorld-eScan | Trojan.GenericKD.30854925 |
| Microsoft | TrojanDownloader:Win32/Unruy.C |
| NANO-Antivirus | Trojan.Win32.Cosmu.bccoxl |
| Panda | Generic Suspicious |
| Qihoo-360 | HEUR/QVM07.1.C0BD.Malware.Gen |
| Rising | Trojan.Unruy!1.AE5E (RDMK:cmRtazqJdihwz3rVT62Rrrp4o4V3) |
| SUPERAntiSpyware | Trojan.Agent/Gen-Unruy |
| Sangfor | Malware |
| SentinelOne | DFI - Malicious PE |
| Sophos | Troj/Unruy-Gen |
| Tencent | Malware.Win32.Gencirc.10b078c7 |
二进制图像
288x288
224x224
192x192
160x160
128x128
96x96
64x64
32x32
运行截图
暂无运行截图
该样本运行过程中未生成截图
PE Compile Time
2009-12-11 16:15:53
PE Imphash
5a09fa16fe73edaf05dc213d4ecf50d8
Sections
| Name | Virtual Address | Virtual Size | Size of Raw Data | Entropy |
|---|---|---|---|---|
| .text | 0x00001000 | 0x00005186 | 0x00005200 | 6.339361574243736 |
| .rdata | 0x00007000 | 0x0000083a | 0x00000a00 | 4.689911883167336 |
| .data | 0x00008000 | 0x000162b8 | 0x00007000 | 6.841914722708253 |
Imports
Library KERNEL32.dll:
• 0x407000 GetFileAttributesExA
• 0x407004 HeapDestroy
• 0x407008 HeapFree
• 0x40700c HeapCreate
• 0x407010 HeapAlloc
• 0x407014 GetProcessHeap
• 0x407018 CloseHandle
• 0x40701c QueryPerformanceCounter
• 0x407020 Sleep
• 0x407024 ReadFile
• 0x407028 SetFilePointer
• 0x40702c CreateFileA
• 0x407030 ExitProcess
• 0x407034 GetModuleFileNameA
• 0x407038 GetProcAddress
• 0x40703c LoadLibraryA
• 0x407040 VirtualAlloc
• 0x407044 VirtualFree
• 0x407048 IsBadReadPtr
• 0x40704c lstrcmpiA
• 0x407050 FreeLibrary
• 0x407054 HeapReAlloc
• 0x407058 GetModuleHandleA
• 0x40705c GetStartupInfoA
• 0x407060 GetCommandLineA
• 0x407064 GetVersion
• 0x407068 TerminateProcess
• 0x40706c GetCurrentProcess
• 0x407070 UnhandledExceptionFilter
• 0x407074 FreeEnvironmentStringsA
• 0x407078 FreeEnvironmentStringsW
• 0x40707c WideCharToMultiByte
• 0x407080 GetEnvironmentStrings
• 0x407084 GetEnvironmentStringsW
• 0x407088 SetHandleCount
• 0x40708c GetStdHandle
• 0x407090 GetFileType
• 0x407094 RtlUnwind
• 0x407098 WriteFile
• 0x40709c GetCPInfo
• 0x4070a0 GetACP
• 0x4070a4 GetOEMCP
• 0x4070a8 MultiByteToWideChar
• 0x4070ac LCMapStringA
• 0x4070b0 LCMapStringW
• 0x4070b4 GetStringTypeA
• 0x4070b8 GetStringTypeW
L!This program cannot be run in DOS mode.
`.rdata
@.data
;u^;Ms
EEMM?}
;ujM+M;Us
EpPEp4
EM+H4M<@
E@EE(EE
@8Eh @
E@EE(EE
E@EE@@EE@
EE@@EEM;H
E@EEM;H
E@EE;E}
E@EEUQ}
E@EE;E
E@EE;E
E@EE;E}
uYYE5A
Yu3Vt$
Yt$CH;r
tACH;r
PSWSUz
_^][Vt$
^Ujhp@
j?UIZ;
r;]uy;
;uY;]s
pD#U#ue
j #M_|
]#\D\D
VW3;u0DP
YtF>"u
< v^S39
PKY;5A
8 t9UW3
YE?=t"U
8 u]5A
[UQQS39
EPEPSSWM
YEPEPE
@"t)t%
F8"uF@C
@C8"u,
VW333;u3
SS@SSPVSSD$4
;t2U;YD$
t#SSUPt$$VSS
;t<8 t
u+@U|Y;u
3_^][YY
DSUVWh
_^][DUSVWUj
t.;t$$t(4v
VC20XC00U
]_^[]UL$
YY\WP\
@Y<v)\P
DDDDDDDDDDDDDD
90tr0B=@
j@3Y`A
@j@3Y`A
@;vAA9
Wj@Y3`A
EVP5@A
t7SWU
BBBu_[j
VPVPV5dA
@AA;rI3
tAt2t$
VWuBhs@
;tg58p@
GIt%t)
Gt/KuD$
GKu[^D$
[^_Ujh
SVWe39=8A
"WWShs@
M]9}tfSuu
tMWWSuu
Mu;tVSuuu
SVWe<A
3;u>EPj
EPVhs@
E;tc]<
e33M;t)uVu
runtime error
TLOSS error
SING error
DOMAIN error
- unable to initialize heap
- not enough space for lowio initialization
- not enough space for stdio initialization
- pure virtual function call
- not enough space for _onexit/atexit table
- unable to open console device
- unexpected heap error
- unexpected multithread lock error
- not enough space for thread data
abnormal program termination
- not enough space for environment
- not enough space for arguments
- floating point not loaded
Microsoft Visual C++ Runtime Library
Runtime Error!
Program:
<program name unknown>
GetLastActivePopup
GetActiveWindow
MessageBoxA
user32.dll
GetFileAttributesExA
HeapDestroy
HeapFree
HeapCreate
HeapAlloc
GetProcessHeap
CloseHandle
QueryPerformanceCounter
ReadFile
SetFilePointer
CreateFileA
ExitProcess
GetModuleFileNameA
GetProcAddress
LoadLibraryA
VirtualAlloc
VirtualFree
IsBadReadPtr
lstrcmpiA
FreeLibrary
KERNEL32.dll
HeapReAlloc
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
GetVersion
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
RtlUnwind
WriteFile
GetCPInfo
GetACP
GetOEMCP
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
$7777e7777757777777:
:::l777|?7R5
~SSB~~]S~S~D\~B#p:D-Z
:ee:ee
b7+77777:b777777$:
77:777.:::
77777(77
:$77l:k|#
777>:Au:
:+~77#77,:A:pe:
77#:X7f
#NB77^p:A:
:CC:rr::AA
%:ek~d}$777:
d8777dUdlJHf7:ey8}
$7M:e:
}$7_777]J:eH7J7|7}^:@].:
AX:e:YAX&:AX:e:
:AXJ:uAX:+@:
AX:A:AXAe77W7&:e
,J777J(7777,N
,jU,WJf:eS&c7tU,:e:
7:p,:e
f7,JW:
c7O7J777.7.J777:"Y$7U,:
,:&}:e]
$7J877}:
:A7J777:A4:A
:e]:A:A:$7:
|=:ep77Jf7
}c7,,!777
b:dl]l
77tUd8
d8Ud887dld87l]:
LL7A:eJ]lJ f7
dZf:eE7
77d5}(c::
Udldl:
"]dlUdlJE:
Al:F:A
dL~7J:4:4]l
G:2|:d8lDUdl.:e):):7#::
p:be7dl:
77U,E=
77t77U,O:eb:
a77tU,=
::e7@:
|:eB:e
:ek:6:2:
=7J|7}&:
A~:e7b7:e+}:
4Z:e::rG:
:e:eo::
}:A"J7e77,:e
:e6:eL,:eU,^j:
.@:U,L:
:Ap778:
AL=77,lJ
f7J77}C:
!:e\:}:
k:)C7J.:b):)J7
LtJ&:e+;:
+J:e+:
+:e+v:e+:A
U:e:e:r
S77t:,
77,]b:
Bo:e]L:
S77tt,:q:
Jlc7J~7
:e5777+,w(d^
3}77t%
:e2{d^[U:e
:yd^:e15JV:
p777?V77AW:eo:
J$7Ud:4l7:
="77-:ea
.77:4:
#:e]F:q:e
F:e]2:
rkO=:A
=:c"b:
c77dL:c,~-:e:e7:
`dl]L:e
,s:pd:
|].:eW777}c7h X77jU:
e,:eu:
:~-:~:+yJf:pA:
:V:CF:p`e77d
\$7:`l:
lJ777J:u
(:X^:eX:
d8:pdL7JH:(
:.:Aq:A
BMv:ebM :
77}:c2J:ph:
X_b774:
:ebI.:.:
C:r:e:Ae
777dlUd:
d8.777e87:
U:psb:~b
u:z"JC:CA(77:f=:p
}Yc7t,
e:A@:[77]~.}
I:oFJ&7
=O:ca:e:r7_
3:Ljtl.I
77JJ:e
7e,:aJX:
:+c:,Q777
U,(=J:
:e:G:+_
,),:Au:2:AuN:Au:eU,=J:Au:e4:Au&:
Au:e:Au
:e:Me:#:p
:e2:M+
:p6+:+r
77,:7JV
:pk|:kL7J0|7
$F2:$:
Ap:e}:b$sb
L]}:Jdle:
\:e$7A:
77t:ro>:eJ :
:,:e7]
e:~:~7d
:z#U,*:C:e
::e7}:
#]..:7:yo:
:e17J5:eS:
p77t,]
:*:+4:
(B:}:Ae:e]
7:AB:AamL:
:] :+A'
,:eb:s-:s:e:ed
-:pa-:"::e:
~.77VJe:
[:h87dl
77Ud[d
:ud:UdL,^:eNd[7
77U,:e7]:
:zC}c7t]
cAb.77[:e]
r\l::|7dL,::
`777J:
::$oJ:A
777:e:
:eyOE:*
;:*E:C*
W:y*7M:C*:)_L7p
::7:eS:e
}':FkJ:eI$M:
:*x:pI:
:(:e:L:
::f:5:C:
77tU::e:k7J*:p
:+#J:~#`:#:~#:e#
Y:c6s77:
C:e:pck-:ck-:ck:
77j!KU:
UVU:pC:e]
}:pG:pb:0::
v:ettJ:A}
cL:e:e,
eUdLdL*777dL5777eLUA:
tM:eJ:e
:eH}:eCUD{L:
A:?y:CDALf7e77:
A1_:e47]
V77t_777I
777:5:eI
`7777r:ppG
dL:kdG::e:AV
{LUA:e]
V77tt:rC:A
!77tleG
{7d8:e
dd8J7: b:J[:e}d8
b=A:eX77G+:
:eJ8:2.77J
:|T777:
:eJ:eV:
:eJ:b77J
*&:t:|:
:eJ:b]:e
.}dl{7:
dm:e#:ed:d_:
:+:brg:{7:{=:
hl:RG:A:u
:ek:e:
{]y::9L:~7.L7].J7J:2&:
:A7OWt:{1:
A:ela:
+`5:+k:pk
`:+k:pk`:+k:
+_]2dlL{
L=dl:M:U.7:
7GC::A:q_:e7:
CH:eo:
:pu:u]HdL*
BL7(AL.77I-7,:
k:k:ek:aC::
eUdL:d::
8dLd8:,:rp:e:e:rp:
]:r@:,].
dl7~:56p:p,G:,2:K}:
8d8:p :
:Ald82:
e77J:+Q
(}N:+2:
:M_:A:3:
$777:2
d[:eq[:
Cd8:eC8^:
,^Ud^d^d
d7d^UdEd
:e.:eLJ
l:el:e6]L
L7d:YY,k]J:
pO::`NbJ:
ttJ:bR:
,W777J$:ek W
o77,R:
.:bo77:+~,5:
::A::
J :2odJ5:2o:uf:
U,f:Aa}77:
u77:o}77dO:pA$
AJO:}*::@777JZ:bkP:ek:kU:
R:e7R:e
:+Rp$7:
d^|:d^:
\~]:u~7K:l
::p:.:}
1:,G:e7L87+:pr
S+:,l:
,:e77:ep
:eU,:e::eU
]CJ:bC:+2c7:
A#:e:A#7:bAu:k
77:e}Oc:
~Z:AsDJ[:AG8:6AG3:+AG:
77N:AP:
:|A:A:uA
,=:MH&
:e:e77UdRdR7]R:
d :e $ :eu:
77d^:e%:
vu:eGd7]$77,
<u:AK:
:H:':$:::
{@ll7:
v:[777Jev7EW
:e77:e+
:e:c+:
^:p:AO:
O:p::.eJv7,^:$^
77:77,:e4,:pAY::*W7^
:e1J:p1
A:pU,fW:e
K0e:t~:
8:]Jv:^&:
]}:::M:
:^Ue:a8Js:
?77VL7H:peA:
}:2{gj:e)
:e4l]~:2*:
c77hjgbA0E*7:
JHv7J:
Pa:|U":
,+77:e+
5:U":e:
:2U"}5:
cZW:d[:+A
::e:puJd[
{7:{7]
:e4,~:ew:U.E:
3,g]]L
Wt:*777:_E:_:eBN:pB:pB77::
H:f}Ec:
{~:tJ:
..:#:+
J:kup:pu:
7Z:?"Rn:
7_:e7]":
uJ'):ZJ
H:e+:b
,n.:>a,
eMb7_D77]:
:8:A_:
:e+]:A:
:e7eM:
_:eXIb:e7
7I_7bI:
!tt:::
e77:":p
f:e77:*
A}77t1=:
bJ:+X:2:):):)#:):)
:):)8Y:u):2:):
C:)?:)v:
2:1:Am:
:_X77<::
7r:{:e:
77:es7,:
:,Y:edu:eH
\.77:&:
):e}5$7W::Y::
u,:e7:e
:bM:U:
":L7J7:oc:
:$a:}:$:}:$
:}[777}:u:H:
UdldL:$:
a:+:uY8d8dl_.77
e}L+L:
e*K%ZZZZ:ee:
:p6:+~7:e
d87:f:e:
:AF:pA
A_:p}c7
777:+@:A7:
a:e~:4:
Ql1}:::I: ::~:r
j:CY7:
L1: :p:
:,:A7:
u:qOe:
H$7:e:b
d:Udl:eDl1U8:
t[Uu:@ULl:{@:
/:b8e.7:
e:Ae:+A:
:@UdL1:
VC:A:bleu:LUe:
Ua::]:A
xe:A4A
77:AdLUeL:
AJ{:S:D.:
A:e:eqUx:prM
:lU,8W
G:getj!:
*ptRv7
6]L:~]
:pd~7Z7:
Z:5Oe:$
=h 777jd(
W>:e7):
WUdL:x6dgtj!d
eu:+d::
B::d:@J8:
5:iCdlULd,
:b:o::$7::+:b:|:
:A:,}:
:yA~:pA:A:3dbC:ekC:k:CG:+J~:
I7::e:2:C]:
$777VH:e
vq],:}~
1:u],:GA77
~U,m:e:2FT
,t:A:,ts:d:|dN:2d:J':
|8,~8:
:eypI:@:
}:@7}E:
-:AU~:M7:
Cl}:eUe{
:UJ5:e:2:p2
]8:CeAUd[][:AY
L:W2::pA,C:u2:
hv7:j::
A"Jm:pAbe77::
J777:AC,]
2:A7Led[:
C:d8:Cl:CAl
]d8:A[Mv7u:e
Y$:}|:
,::8:U
dllp]:
oA[7e77
:e4:+}
Qu::8:
r77t:+
>~77:A
:Az:e<:
":uAM:e
~77,:}
\:e:AM:
:At:~J
e77J^:
77tb:4:
:Y0:}Y:Y]
7:A:{~:+\
:ea:\G:}\^:
uM:eJY:+&(:&|:}&$:&:A
(J.J:e:
:e:eJ:e
:e:J5:e6:~J:eC:
JE:eL:e:
{BJ:eu:+u:eu>:+u
:euK:u777J[:eu5:+uL:euv:+ue7
Q:u.77J:eu,:+ub:eu:+u:eu:ue77J:eu:+uH:eua:+u:eu:+u
:eu|:+uD:eu:+u
:u&:eu:+u:euw:+u:eu:+uN:eu :+u:eu:+u:eu:+u:eur:+u:eu]:+u(:eu:u
:eu:+u:eu:+u :euF:+u5:eu~:+u:eu:+uZ:eu=:
4:u:eu:+u^:eu
:+u:eu
:+ul:eu?:u77Je7
:+u:eu':+ub:eu
:+u:euI:u77J:eu:+uH:eu&:+u:eus:+uY:eu:u7e7J:eu:+u:eu:+u:eu-:pu:eu:
7J:eui:
u7JN:euZ:+u:eu
:+u:eu:+u:euh:
u~7J(:eu:+uf:eu
:+u:eu
:+u :eu:
u7J5:euD:+uO:eu:
u7JZ:eu":+u:euu:+u:eu7:+u
:eu:u7J8:eu;:+uL:eu:u.Je7:AA:u:eu:ueJC:euz:+u:euU:+uH:eu
:+u:eu
:euV:u
JD:eud:+u:eu:+u:eu:+uJ:eu:+u
:eu:+u:eu[l:pu:eu
:+u$:eu:+u
:eu:uJ:eu:+u :eu
:+u:eu{:+u:eu:+u:euJ:+uE:eu:
:eu:+u^:eu
:+u:eu:+u[:eu2:u~Jl:eu.:+u77
:eu:+ub:eu:+u:eu:+u:eu:+u:eu
:a6:+Cdlp
:u=ly::&
:AL7:,~:{7
?t:A:p!
&:"o:A:edL~:?J]
:B:}mo:
A[[g{u{7
U[87`:
g{c:eB
2le+ELuL:
::pae:2.:pa.:2a].x::
8eU8#L:
5~LdlU
dl:a.h :
Xb,777:2:
U88@:5d8K{
.L{A7.:p.:
r8g{u:
8{[777
0.:e:D:e@e:#:+t
.:A1.A:e-+0L{$:
5X:q:}A
:k:+A6#:A6
Udl:A:
le:Ud8:+:A8
dL:dhtj:
U[7[[.):+6tj0:t:+
:k:ua:
Tq:AR&:
Gy77e:
77ttUd
d8:eai
dL7:A:eZ:
Z+:{l7]
e77]:,
dLdUdLN:A.U,:A
L:7Ud^:
+:2Ab:%s
-t2:+E:p36::AQJ:e
+J:e:e][:
=:=~:_S/:eD:Sl:S:+SY:S:
zH:S{:YS):
k:t-l:ot:A:r7
d:yr\(:
r\ 8:r\:rX:6
@:2AB:A
D:eX:X:B.
:N:"N:e
5:oqI-:A
j!::EG
l:(dl:
A:A3K{
d[~5:Al777
:@L<[UL
L<ULE:A
Af::Y:h:$:Q
l8{d8.
:A0:G:
sd8Ud[:2t:{.d8hj
[[A777U[:p:
b:e:eG:
777:AY8A:
[<U[d[:
h:eq:A|u:
<:A1dL:
{[:E{d8
:e:Nx:;
:Ad:u1:DA1:
dxJ:A::
t#:UNJ:
Z:e+Xe7::
.77^7E:eH:
d[777J:
#:+tt:CE:C
=.:&,:
:Ac^7]^:p:e:edL:
jj:p#L:e#X77:
:7.:j:
A`[7:".77lr
:,D:A:
s:pZ:Z:e:e:
A:AQ.l:
be:X:2x:A:
l:}&:A
d8.g:A':
:2:+A':
c7ZZ1_777
bA:e@:e
:,tM':e}e
f7J7f7M(7
Vtt_,]:
V],n]_:e76=
:eZ(=Ud],]
!=,n:e
07c7_'7
]e}ec7t%J(7J:
777pJe7. 7
'777%JlU7
777:eo]
p7:e4]uD
777:7[:A;:
Uk[J(7
77:eeV!
Lt:ee:
,::e:e
I,nV:|%:eBk:B
77nz77>z:n77=77p'77C'77'77Y'77'77'77'77I'77'77Q'77'77'77>'77m'77
h77h77h77h77h7777h77h77zh77 h77Oh77;:eh77-h77z77"z77z77z77
z77z77Sz77
z77Qz77z773z77z77
77Z7777377'77{77
77777777z77{77
77J7777777777H77"77o7777e7777577*77z77$77r777777:N7777y77p:b.777777e7777:
:77J7777&:bk
rk7$k:q:e.7:pD7
_:o7.e
p+u2b}oC
:~k4y|~"6X
qH@#F:::asDd
7777oTEu{
7\KS!'u
6EuR7\P
777E:b:e
:bE:7(:C:b:e
:e:b:e:H:bJ(7LQ:p
77fc77:pbZz77$77:+b
77(c77:r:eeq
77Rc77~:+b=
77Oc77:+
77c77&:+b77l$77:+
77c77:+
c:{7a7f:epsJa7
:ba77:eD]a7
a#NN77sNBG
SN7.BS
N\7\S]
GdB777s:
~7DNNa7C.:e77Q.N
:#:e&sB]S77]:eV
BGG7iBI:)=:o
L:pG77
:A&BBNJNSGJB777d
SdSIBSSS
NGNSa77
a77:eCB]N:
7DGN&J
sNNG7x:
b.:SBS
77.NGa77.:
:Aa77^]N
&BsJ7g.:
+&B:~7@:
:+VNa7$7S:
:u7:a77.NG:
Ja77:AJ
VBN]:e
7:e::eo77h:
yaNNB7
r\7]DG
dS]VN]a7
a7:e1]
7a]G&BSIN
BB]:2:i7
7r:eJ:p
A7JNNd
a7:pCG77L:,
GBBG77d:
NsJdS:
:H7:p,7:d
Na77B:ba7
]NxBa7:eba]
:,ez:DN7
:bdS]77
d&:+y.
SI77c.:
,s7.:Ua775:ep
77.S77X7GG
SGNBtaaa
|77R.G:
GS:A6:
p77v.:AF_.B777:e
a:e&7taa:e
S:e_Vs:G7
I777NNBS
:p@7sB:p
777sB:{bSGS77BN:
BS777F
7777J774|77Gy77
G:A7feEU:k#:ee77sDd
SGFY77:bb:pbB:bb:b:
e:u~:G
77]S:e_:
~:o77#B:
]S:777
:+I:ee7
AJ::\&ad:+:
U~d:A]d
S:eGsYFDa@YY@@aD
dssd:}A
BFY:bb::
~:"G":
:e~G:H:C:
y:u:uC::b:
:aA:A7:pA7:Ca:
G#N]77q:+q:D:
a:777r77B]S#
ad~s_:
&_:D&_~s\
\Dd_~:
U7BS~G~:
k7s77@@s
UC77s\\
D:a&d:
77G7777F:
:77SB@S7a777J
77NB77I:
77#J77B]:\xds&77
7B)7#7#7:
)~Gp777J)::e
:ep:2p777dddd:ee:d~d~
\:u:eD
777.:ee:Ue:
777s)7]77
)~qqpp:
~GGJ#J
#::eG#F#:
:p]:y#
:A:$eGDDxD
:e~SS:
G::y:q:CC:~@
777GG7I:eI:
G77JGB:e
BB:AIG:
NN777:
GJ:C:e7]:
GG777BGN777N]GJ:U:
~SIGI:
S:e7G:~GN:
SGGSB7
GS77I:ee
777GS77
':eG]7GJG
:bI:*D:e:
S777N:(N
G]SB7:e:
S7sBSGBN777
~BS77NIGI7IG:
AB7SIBG:
:bS:ee:
~SIG7S
,J:e~G
7N:,N:
GISG::
:{:+{7:{7:
h#:'_&:
:Y#aVB
B:w:~:+:k7777
FuF4FqFF
FFF'F FF
F<FF!F=F~
=+q_N]UT
YY`Y9YY!Y
p__S_`___?__^_[_L_
V](zM3?K7~77
;L.F}F@FYFdF
F1FFNFFrFcFFFFFFeuysV
;+#\Q3%Zn
)V)),)$)))g)i).N
__d__G_,__w_
-77777H77po6IA`(
FqFFNFFFUF
o)dv9ZLu
)u)4)@)))
))J))))))))))
.__~_@__s_
_t__B___
_^_!_=_+
w777D77e)
j7FF"F@FFF FF<FX
YrYYY YY
)6)))) )w)
e_p__}_4_6_@__V__I_
___v_T_K__
77777777
!WFSFF
FFF?FZFFFFnF=F+26#s
})|)))))ax
JS' g777
FSFFFFKFF
YYZY<Y
n)C))))
))f))0))^)):
e_}_6_
__t_____3_9_E__m_
g>))I)O)E)8)"q^
___h_*___g_
G777O777F
FNFAFUFQFFFFZ:
Y"YY#YY)YYYVYYSYIYYUY`YYYYYYY
")))I)
7$:!JLF7
~H R5E^8l7CH
J777e _E:
K7qN5[Gw
D1s,vhl
nV'8Ou=A
P9yZW0
rd2@^$F
Mc(e%{
Sk!i\;
kernel32.dll
VirtualProtect
}CMu>/T
1D\pmH
pXwVQO
t$)*^o.\ K,e
<}Sc i
grPY^{
wEp/F9]
q{X''F-
&:/]7A@{}$uib
!\+8<<
R8(71=nF7
2)6F+n
{M>C3c
"piJJci:ae
S,l=&|.
nO(/@#[=
9nJ;.qe\
uZ*% Pz,A
6HAT3i95u'0
T,#5s|Uqb
C`^B@E
f[}ijw/^U
8<G(3O?
?G2 lD-*e;*@y9C
y:Jv1IJJ[
OSZU z
6i%lfE77\l/
nhwY#zouHI
AiY <o)vE=oye{oBM*f>
=hiDva<AcP
7!vdAc
x0y7?kHp$VWH
x5 V
'r$EzYU)-
t8C_; +2
� � � � � � � � �(�(�(�(�(� � � � � � � � � � � � � � � � � � �H�
Hosts
| IP |
|---|
| 114.114.114.114 |
DNS
| Name | Response | Post-Analysis Lookup |
|---|---|---|
| dns.msftncsi.com | A 131.107.255.255 | 131.107.255.255 |
| dns.msftncsi.com | AAAA fd3e:4f5a:5b81::1 | 131.107.255.255 |
TCP
No TCP connections recorded.
UDP
| Source | Source Port | Destination | Destination Port |
|---|---|---|---|
| 192.168.56.101 | 53179 | 224.0.0.252 | 5355 |
| 192.168.56.101 | 49642 | 224.0.0.252 | 5355 |
| 192.168.56.101 | 137 | 192.168.56.255 | 137 |
| 192.168.56.101 | 61714 | 114.114.114.114 | 53 |
| 192.168.56.101 | 56933 | 114.114.114.114 | 53 |
| 192.168.56.101 | 138 | 192.168.56.255 | 138 |
HTTP & HTTPS Requests
No HTTP requests performed.
ICMP traffic
No ICMP traffic performed.
IRC traffic
No IRC requests performed.
Suricata Alerts
No Suricata Alerts
Suricata TLS
No Suricata TLS
Snort Alerts
No Snort Alerts
Sorry! No dropped files.
Sorry! No dropped buffers.