1.2
低危
42 个模型检测该样本为恶意!
重新分析
更多

18e9304779ce077921d31e5dae2f3018bba57e8860f3fc026ae82ce7d403e5e8

18e9304779ce077921d31e5dae2f3018bba57e8860f3fc026ae82ce7d403e5e8.exe

分析耗时

193s

最近分析

368天前

文件大小

400.0KB
静态报毒 动态报毒 CVE FAMILY METATYPE PLATFORM TYPE UNKNOWN WIN32 TROJAN RANSOM GRAFTOR
鹰眼引擎
DACN 0.12
FACILE 1.00
IMCLNet 0.74
MFGraph 0.00
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
Alibaba None 20190527 0.3.0.5
Avast Win32:Dofoil-CW [Trj] 20200524 18.4.3895.0
Baidu Win32.Trojan.Kryptik.eg 20190318 1.0.0.2
CrowdStrike win/malicious_confidence_100% (D) 20190702 1.0
Kingsoft None 20200524 2013.8.14.323
McAfee GenericRXKP-PC!F9D7E4F0DF53 20200524 6.0.6.653
Tencent None 20200524 1.0.0.1
行为判定
动态指标
该二进制文件可能包含加密或压缩数据,表明使用了打包工具 (2 个事件)
section {'name': '', 'virtual_address': '0x00001000', 'virtual_size': '0x00062000', 'size_of_data': '0x0001da00', 'entropy': 6.804411141668853} entropy 6.804411141668853 description 发现高熵的节
entropy 0.9953409016339655 description 此PE文件的整体熵值较高
网络通信
与未执行 DNS 查询的主机进行通信 (1 个事件)
host 114.114.114.114
文件已被 VirusTotal 上 42 个反病毒引擎识别为恶意 (42 个事件)
ALYac Gen:Variant.Graftor.80822
APEX Malicious
AVG Win32:Dofoil-CW [Trj]
Acronis suspicious
Ad-Aware Gen:Variant.Graftor.80822
AhnLab-V3 Trojan/Win32.Agent.R337799
Antiy-AVL Trojan/Win32.Wacatac
Arcabit Trojan.Graftor.D13BB6
Avast Win32:Dofoil-CW [Trj]
Avira TR/Kryptik.rasfe
Baidu Win32.Trojan.Kryptik.eg
BitDefender Gen:Variant.Graftor.80822
BitDefenderTheta Gen:NN.ZexaF.34122.ziZ@ayDRvLd
CAT-QuickHeal Trojan.Wacatac
ClamAV Win.Packed.Shipup-6977416-0
CrowdStrike win/malicious_confidence_100% (D)
Cybereason malicious.0df530
Cylance Unsafe
Cyren W32/Kryptik.BMT.gen!Eldorado
Emsisoft Gen:Variant.Graftor.80822 (B)
Endgame malicious (high confidence)
F-Prot W32/Kryptik.BMT.gen!Eldorado
F-Secure Trojan.TR/Kryptik.rasfe
FireEye Generic.mg.f9d7e4f0df530098
Fortinet W32/Dofoil.CW!tr
GData Gen:Variant.Graftor.80822
Ikarus Trojan.Win32.ShipUp
Invincea heuristic
MAX malware (ai score=86)
McAfee GenericRXKP-PC!F9D7E4F0DF53
McAfee-GW-Edition BehavesLike.Win32.Generic.gz
MicroWorld-eScan Gen:Variant.Graftor.80822
Microsoft Trojan:Win32/Wacatac.C!ml
Qihoo-360 Win32/Trojan.b09
Rising Malware.Undefined!8.C (RDMK:cmRtazqz2XV7NJ81g6sXYQFcAxdA)
Sangfor Malware
SentinelOne DFI - Malicious PE
Symantec ML.Attribute.HighConfidence
Trapmine malicious.high.ml.score
TrendMicro-HouseCall TROJ_GEN.R007H0CEO20
VIPRE Trojan.Win32.Generic!BT
eGambit Unsafe.AI_Score_92%
可视化分析
二进制图像
数据导入图像 288x288
数据导入图像 224x224
数据导入图像 192x192
数据导入图像 160x160
数据导入图像 128x128
数据导入图像 96x96
数据导入图像 64x64
数据导入图像 32x32
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

2013-04-21 05:36:15

Sections

Name Virtual Address Virtual Size Size of Raw Data Entropy
0x00001000 0x00062000 0x0001da00 6.804411141668853
petite 0x00063000 0x00000238 0x00000238 3.555638941316159
L!This program cannot be run in DOS mode.
`petite
Ucsm9E
*fYH#*fD#*fu
US3VW9E
*fP@#*f
Y=<#*f3Y9]
H#*ft0=D#*f
*f%D#*f
*f3@_^[]
L#*f;t6U
e3uu9u
MPQKYY
e3uu9u
e3uL#*f;t,E
e3uuL#*f;t>95
*ft6E
3EPhA@
B(;r3_^[]j
*fV\Yt=E
+PVYYt+@$
*f1E3PeuEEEEd
Y__^[]Q
*f[VEP
*fE3E3;t
*f^_[;
!*ff- *f
(!*f, *f
Ucsm9E
*fYH#*fD#*fu
US3VW9E
*fP@#*f
_^U`SVWu
NdAE$A@
Y=<#*f3Y9]
H#*ft0=D#*f
+E+EEE
EP1GNdW
Fd_^[Uu
Y]U<SVW]
\_^[U@SVWu
AEEUUeE=B
_^[UDSVWu
*f%D#*f
*f3@_^[]
L#*f;t6U
e3uu9u
MPQKYY
e3uu9u
J!5<T9C
_^[SVW|$
_^[U0SVWu
FdPEPEPEPvh
\18EE?s
p$21l]p
xG3dfk
V\n#h!
EbrrDEGi
WTELsWdlea
rdd.buEaeBV
aLsclV
EERGG)
iVEecoLP
pPd!PEst
EEoPtHr
vlorEortWlraEeeVGxeF
wEePEomEEVWVrF
uAnPpcWdMto
GEGtPEOEEuEaP
ESPcEE eV
ldUfVG
WEEiee
PElpGr
Vaiilee|h-
MV!0|s*d%#x\t
@GGAt4
+WUHSuu9
S([QuEG,Gw
C+UNE]
iE|/t
E@E)99E
]MEUEEMEE
-U8E)U5
f2E8EE
EIGG!1
`swEE3
UE]E]X@E}
jEEE<EEuE@
djuUvWhW4PP
WPjEEEvj
EE(UEf
SSx+(U(
W&KSW(tJt
W1K-Y8
0U/<T9C
&\"H1m+N1X'<T9C
&\"H1p,
;T3P1M*S:i,N 9Cl;J7m!\6Y0z,Q$U&H=V-o X7I'9C{1M
V.L8\7U;W
H5M6OT9Ck5P7z;K
I8M*L8\
^>\ H'9C
E(dE|E()Dk
D(flMh
+(`#(h"
}I<\D2
}xIxLR
LaIcY|ac
ahLDTLa
VhIWb"
1GNb5R
H:h"V:
h0oohc
FGGoxGLabIb
FyGG%G
ycI:9Ic
B_Ni""
i_^^i_
i"O"I"
"iN""_^
[X}IWX
MxXaYYY
"yYcYA
_ycN"__
I_YY-*X"
""1Y"[
MPaM3PIY
YXadyF
ycA[1M9ox9
TYDYWX
aMYTYy
IMILo9
W;T4|_
M'D99oIZ)-|
c9yMcaI
DBooMV
yo^_IoI-
;y"MVDZI
:[D-\^W5|x2
Iy9QY)
MMXyIIZ
AL7XaY
aoEaIY}
M9YIM'}9
--::}_
A@As\:
:IccM[TWx
IWE|[T:x
^|xa:|D-I
xXT}oI
J/L|L:Z
0LVo}5
L0II|oQ
'LLYMo
MM\L-M
Mo\$%MM
IuID|\Z
YaZ|^aZr
ZIYMIP
:44yP
mPi4Y:
m44gXPg
m4WmgW
}|lllo|
})Ul}}
lo}N0:
q29}Rz
X.MIL_ILo
2P_^P|_}
QWR_QM|_0
yTLREY
)0c2M
NY}}oiO
yMa}%c}OR
IMW<YWI
<V}]y}2I
cI]IyP
PV_P__W
IGIcI}
y|aaP3
IaaP6B^a}|
uu_}Iu
:Y}MI-^
a}yI<yI
:zG_VD
P\O<lDP
-}D0LNa}
AFZ}^l
:a:2|DI1
IrxyaII
l|2lI:I
IYryrM
:ITVII
BY}%LyL\:}v
!L=T:Vc
%|0cJ"
|YItM9
}DL0FI
7bb|bL}
};cIUu
NtILZZ
RPoL_yY
IcocIIoI
IyHY:}P<
*PPM2&
PcWA|VIcL
WaP:xIc
cDmYY5^I
}a}!IMa6MZ
ZIZtMM+MQ
]NIQYLIUxt
|XX|:Y
}2}D%
D<^X|L}
!LcX|}}\
|XD}W2}c|)
}LW\:o:
|oT}0\
+|W\QP
oT\^.TcoFD
oLMYCo
co"\o<"
|wMM_|
!|P+I|P\
|:MTiL
.McIIiII_TP.
@{GG*M
MMOIM*
OIUIW8}I
IYFIIOOI*
-9F{I@
OVWMWMMVMW
IVNMMM
WNMWOIYM
}.P}O0+}}Pc7a:^VV
eL_Pw}
}1PRP|}W
|WVD|H
cz}}0}
|}eIP}}9_}2\
cIF})W9^
-Z:Y(
~Ic_Ee
I}{I}}
~I}|)Nl~
I<_}~cay
X)|)y~
P}AO\a
OyI|OIO
ZThyTLM
mImWT:
9O4tD{
}7I2Cw|c9
JooIb|
cPyyEa
4-Z4XI4
PM\_-9]X
}Z#lyZEP[X,I
:XIM^I
T22Wy|E
::IcI}
PPT9MP
c|Q|T:T
OP:|L:I
P<vPy}
fooNTCovv
nfoNyvv
}ooo|@
IoWoo
}V@YoV
h3I=CP
P_9P=_2O
WIOP_}}}
Y}I22P
:I]|W}-
T2IZYT
L2~2Z4^
MQ20{-|
|y}62|
y|-R|:||L^
\ZP|WYP
}^L:tLL|
L||Y))+I}VZ|a
}TT|~5I
2|w4~}L
Y|EyL|
-|\|LH
\|lZ:|
RHiPPC
Hzglg))
`Z`)g)}
eg`a}Dg)l
)e|d)p
)Mz$){
aff`l)g[
`}`hg]}
)h)$J}
)}[|))k
f))|h)
y9)yla}|
d[za}}
"7glhI
H}nyllMllg
E'j|d~HB}e^lz{}g`
ejqjN'`}^l
`j;yl@
Lh_{Ol
[Dzef}zN'}e{
zgye}Gy
_Hzh}O
}Zoc:K|h}hl
}mmYFffg
lfNO^hy'ljg
}`fyOf
l'LEY`l
aC|nnDpyp}
%Dlkpld
j|d%Az
ADZHylhCmflg%Gh
G%}Zkljlm
lhll){
{^|plg
Zl|lD{O
gnD]lh
]nCFO|
c*<` l%
,65m#(
uRoa}zfg{{U~
{zndws
Ve|skWi~Tql
<"v\Xt
HLPVYJM
6iPrAU
X[OZGF
wBEB@_uDTQGZP^
Lla7Sw
<! htN
I\>P^UzGg$
9@b?H&DEe_u
R\)Z&K
G}EGUz[
}f}EEEg
``E]{`G
gpfl\)FLH
qZmloO|z
ZgJlle
del_eGNml
aN}NOfllZfAAl
Y`helll
ZlhOlN
g{eZ[sfl
`ly`OHl{zz}l}
AeY`yl|l
lZM``elD
}ehyff^jem^JCA}
fN[ell]dl^l}]f
fN]ah]EJ{lOlla'g{lfzaY}l
Elag{lN^^lgfgajE
Bag`}hmJ
mzp]fg`lgYG{:
H}aL^`J
hhZhlN
ll@@Lzj
}z|f{ae
llldM{}{dNh
}dglg;e{
fah}}l{hnHeh`glpd
Zl}}^zjl{`lgd}l}lJh
ma[`d{mpgl{jf{l}ghHqmle
nmm`ml~D`z`flhl
mlzhzz]E
fJz\mgh{fl^
h{eM}^h}e`{
lfTzgDEzqf
lpm{zlnemlM^~]z}
{zhh{h
lN~{m}e^fyZge^lJl}jhgz`J{}mzh
e{hjgelD
}e}[fay`m^}Ld
hllzllgYe`hpgnz
mXlh|ngnMl`
:ej^\_d
G[{emg
lg;Ldom{X
^h[|ZfhhYl
llm}X[`lXlD`z`nK9X
q{mmXglLl
KlfhZXqy>l\e'zzYme
n}Y^`X^fX
}FMB|e}nlL
eqee;{@F:eE`
o|@`emZge`hslqqmgHe}hsM`gf}`^gllE
g_}IhJ
;@lLhgYlf\f`L:s
j'fgmgL:gj}L}ZA}eZ`ss
Eel(;}eglLs{j;h:z}
ql`JH_Jd`6e
hhHJA{}
hmlglf
JZ\llMy
Oa{LNN{
fgAfme`g}h|l\|h{zYlYd}Hgn|ml{mj
gg{}lnm
zqe`\z^Y{Lqhfy{
}lOhlhll
Y@llml}{
|z}hjgYgl}`{
jkZzlfD{lgely}Llh\\{{}
^lhjLez{\l`\Nl\Neme
hlgz}f
f\jlgMg
ejh`}g{|hhgg`n
eJgeMy
Zs}dlll}fA`
zA}}j}jglzl}`lm
O`Z}Zl
}l^}fgglygf}ghZ}l`lmn}m}ZLN}l
{{g|NZlm}zNe^
fJl`hll
}l]g{}}
lelfdg{
gfeh`m
}l`}Jl`Llg`flj{Jezg}|LL
{bele{
llemNpY
d{mE}lLlf
_fh}}bglf}
gL{d{hjMlj
zgz}{j|e
ge]]ye
Nl`gflfh]}
dlhelL{gX@Ozz
}llhfl
{`e{@{lL
|{e{}}h
hZ}fgz
{}lj{lAl{jz{
{ZlE{HJYlg{{lfLo
{lfLDlkmEe`{
l{pel}0Z}lLn_lf
JJlhYL^}hN`{
K``Y>jg
}`}}eEg
E}h}fl@sjz[
L`h6ml`h
am{}{Lh[@gl@gA
LYl`h{J
LflgeJ\
IIIvv=
qIIIvI
IIIIY!II
IItIII
wwwwIww
IwIIt!
7C7C9=x
)A}IOQ[
(4DIIg24#DLP,?
V=$Tz`]&I
U3$ $ldNH
RDY7uuZk;$.l
st=VsRm
U#6=UfF%
?mZ0$q
t,lzH8M
'UU%VL$U
W@*g/_FU32m
{"d'}
|>\G1b
^hU+"`'?ii
q+~"JcO
U<6Erv'Kf 4~
K2^J]z
m&tX?mJ
jXG|-T
JnXfB]E
p92S64m,
YLu%15p
0ce(04Z
9%/0F`;'&n0}A;{!
*yojH?3H
eSk0cj[U
E1jyQnQ8
lSL]@u
E\0J?e
]P8X<^
?$sFsfw7(NC
|i]y_S
3!1WCt!,
m*(8F+<{ 9
7VP7>I+
E=+P)^*
T/GuIc
Jh|D?eyDqU{
D4X[BTOm:&cbi
Ih%3/m
<cJj^>,!I
nbOahGJ
6wS2+l
`}]=i=g
w==eQa
PwQtrwcE
Y=bft>ht=T
eT~e.?+5h
`NeeW2
mvufbe
p2Y10l
G!fc$1
2Rf}s1
zy1%V_1l\
+7U<Jd<@6
w)wR1x2
<Pa<oCR49
2\2F"RM
L.uqDNj(ul
q,`>CT6loYqUA/
1u!o*|uZ2 uDu^lxAV
x|CY4)?
$B!XhmV
[wn5n)gK*
VbFP=zp
6PY~ab^
+O]+uiw;=
*L&vtLj37
^!wb? OI
IK["JD! WZ]
e$Ab@;~3E
HDs&C=#~DF.
A7`Z0X
2fMX5l
cu$!6ej(TWF
r?8/nq-w
&l.HRI
;H&@+KB08/8],Jdj
HZH7NV
8bo0"'pJH8k
-:8Ca"F+
t+/izN%
-rCFX?T
=?(:[f;f.S#dK
98YYH
@ 7A,$a
Y:73hNG+A
c)_;kc
cq=^[B4u}Ewd
,7pJq4n8
mq@=F"
wUOa-Jmaq~
1<qmWW?J
4J?_=@
pg)^t#py
&$3kM>U
X?ipM$g7v
Y.M:%&R
mFKTAQz
X"ezX3
awIdu0}V
6^Fii]s.8O"
ab-.OsZq#*
R;E*cOrE
iIuuKu
qWn^8a7
5!~1 4{2N8>S*
! |7`0
oS<w(c
/!3E}+8
4opnpNaII6?dp;
pre%pFP=
kpdA@9|
Y\pp+Jr[
c#xap&p4
(Hp&Sh#
SSe8?y$
#Ih*i_A
|IYOGR9
&wzu`J3h
jH)y#>T`!(3/
q:;b$^&.
<_`8x@
0V7i<@pz/~-&L<#Ub
ZMk<t{t7D:wxh4+Vv
h4DcVXC4
O`F]a3j
W<\=VV
WV4F4L!
Vd.3z*kqN4t4B
G<l'7W$z@3
2%=tKo!T
G2IcK1
1)EVkl
X.%HT#
Rx81u >$
\4R;[=;&[~?Bdz
d##o=!E}~ph_
/jf'=H
^i<G.Y
c>>#6Ca"0hKK5s.P
b/KKQP5jJ.
+K}OS]
KayT/<}o
j?_a`'>
,v"OS[
*e,sshdpe5
TRF=t}h
P3OG@f4`V3Q0]
^mmrrF
Z36bU
+:CUBd
KBblw\t>
<*<5\m
\D`S!d
>Y\=09
n(dR\MCm!"T
nkJdtzj
OznWTQq?yO^gqE"c
b(E}}}>
t;GwV)
Yd?~Hi
b#X1E6)
?JV$`7
+j>Ul
m(%i$*
]5=HU%
VJ*Q}(Q
>c0oN>P}[
'u3Ln7$v
@<vf:Qr
Q'3sLlpt}`r
K^W`{z/Ap ;8\b`v
=.5Vp_ppf$gH8kd8pTVp
`H^[r
*QD2DcD][3q]]&s-e
KAQe`y*LCFS:
De8$ey$rvD
&7Dc@D`eR
2rld3)H
}<4TzzBq
4|`UpLU*77l@0Zn
XlUg@o1BRK3;
cSliR"#
mQDf"T)NQ\?
"rbQ7rX
]K&($v0
:&[T+"~
e9^UqZU6UM
{[pU/&
vnH$+,
xx}>nn
#v}}}4j:ahSr
W=aMA
dxmRmxnl9Wk*/cXULa.`K%n_w
a&S/"0
SU;b9e
oJ;i3jR
`wOS/6
E@OQ+b`dRbyrr
$(;bYYI
~p=2#-w?)Jq
ca5lbb&Z$;&
*hlbSb\
/7eJySm
upbp#Omy*;Gpppp.
a?ie8ax.1
[5CW22
BRFv#2jz_\
a[e2e.+-
A%IAjAKU
d=_N3SA
~ "PDqYS/YBDfq$
ebH9%'jk
kX=5>,X
d9/F.<v>(dLL4
>/l/MZ
"(*IU8T5
rOd?tc=
0v71S,\kn
h"U'snO$
fO4eDk}>Py<yZD3[icI
y4WO<E
(.F.v/+d
?ZK2xO.
s+<vKV
F*bF>C
{JL6K6by
J!0+Y#
xB;Xe}VonL
$Wsu3^
xeLFc,p$h
L.}qy*I<-*I
;%%fXI
Mt9/ET~C
I[1o@I1hD
]ZS@G(04M
B\|{{EP
Ofxt]Vbl
~Gy38G5H7Y e
82~ll~T5~4
5~HP0z
"z5~(kc
dW0S'dM
6vdX;.K~
-adu d
,#,{r~<v {
9p6*KBb
~b{!l.{b
4M^v!)s
t[aoAb
Y46Q b{7
CbA $aUC$
tZERo&i%st
qARZ5JO
VSVS4$
b:@z1+
Lf4ehC
>V]L|d!:ow F E`*
dph$R 4
Oq*a>"?
AV\Y+q
A?RTK-)
%Hh,}O%g#
M(6,%%I
sz);tcF6
5Eih`u_
Jn1|sQKt
6nfMm!ceDR6
dC\1C_i
:*V8)ECqjNn}H
3*Lj7UJbCjo
(t*'re\Q6:
$p?d@p
XM^yi_
@wpT1j
ev]ZCT
>\seA`%
Re}`ow{w3;~`\\;Tu76
vGG-c%,"\da
)-Hsr.69\%k
3`B1zz
Z5{Gc_C
EE"XTw'
I`lra5<
"q:|4t{T4ZRNkq4
1Mvk>[k
5ksu(\@o
k9fX.^ZyG
"a@6*]!
co Ek$
H_'T@]'_uL
'_OW'7_}M
wqYmme>
H's!h+VP
9/F_'I
MI^~o;>0y
Z/&O>(OI
Q fJ(x5z2mkT|nP'r+
O6E0@OO
((F`s*
/#((g?
BXx1|w
B$(n"(j
/'[.2Ux]
7,>t&]f
0I&b>H!-
4Y}d=`N+>
}=lLG\
Pgo[kiE#6I
fiqA?QbRiZH:fu=8Z3"
Cn?Uq$n
I oI]s
Qzr"O}
xttPs`\N>
Z<5B%7])'y
t=sapX
eB%Pp]p
++pUGV
fW:QWA
W>yW0YWTu9]G
(43\GL
0l*W*C`
"=)x~]
i"8"(4tHo>;)O
fMAZ4W6a
*`=*L5'
\o_uY;)B e@
txP>}6
tq}hd!d
d66|{H!9
aycZ}^roDk^!]P`
24z6-~}d
*"E,9^9$
7WJqA X
bHp"}P
3h?IJj?'
FhW2w,
$.2e$/
YoRj,I
V"u}0}8AWf
PO3CZO
n-l|r}
T?#o0M94_*,7J
{dTBv.L
G':9h=kz
`5 ED5
fM_WQX
=|51Ve4hSi3k
Z7^WxqrJ
TTM4>$Tr
HB%q5R
x*Z/%-DYfl@50
3Tx=7
7Gx6ezw~@
7o?Bg[!
BgF$f7b
A?$PEZ3~M`d
{]fclt
9Q9rf-1K
n?\sno
a*qhta(
CrbTOLoa"
&[g$|+Y<az
1^;j4Ykl7T
)TqgbJIl f}+t5~
/)j3PqP
6|C&E
;M2v*\),
R_9J79
+!}fm=t6]3kS
Kr+G%3$
<'#vtrV
re&{b9
F=ohN+[
X.#mK9
oU}_4w$
o@,.1"l
]g8uK
a;K ESF%rl
VEZPl{SPy
+_+]!lC6
g#D^GY
u'K=?8\
pOt/Q^
#PPWPzP
giE~54=C@..
0gp*EVeQ*_Ltt
g*z*gG-\H1_
_xk0 *$n
g d6a!
N00IO?W
?D<sV7/
Cs0t\|*0w
T$x-S
{JDzLr
uJ'TDui]-K
R4(J2
Wo]#Us:|8?
m6V$h9TIA
wd+z&}B3T6WilJGy
Idw-MI6QH-d
";_qN V,kqC
_r>~G%ciI_
*cS<R36_$
_&}2c~Zn2U|E
.hsGCSy
\eyP6Ha
\O-r.c&?(
4a9~9I(]JMfX|9dW%9L
9Aw:x%]XMVP"3
I09tu@
N?P4?5
s{Q4r"I
dW.gk#
c1i+g0jkw
]X{2mx@
!W>?JKD
wZc,AzlAL
kMt\B~5*
Pts~tt+f/
dtw~PtL
MLlS?:DXt
Iu*:w%
&GN.PW<=^
q0:tB|s]1:GY#
O\'O!#::|Uz
l1&I!B''6,~
&pIYNJ
q+I(e>W
_"'{zxMQ^
qMXi)DWv;
%_HF+wE
IYCj+k]zp
td'IdddD
'C7KC'J&1=6Dd["
aFj+=d]-j
#< $'s
NwcQ!rhd
s*!J@wH
G"lI!k?P
)l'A-
&cnI\/&5
PB9nM-
LAhbq/a$
c "YO8.*LW
q)m7gb]&
f}TUOR
Q(!Wq0%q'&iI
#vT-V\w<Qa!H^o
;3PH!B
z_tC3t
yG?G|f
!!T!hm.
)huh$68e
b#=wKydh
$$Ax|d?o
t%3p<y
)uwkGb
<<K PX
<mx0f"}Ix)<L
&u~mAF
azdsn(_6P
t=yl>Ucl
gs[C3E.JQ4$l3zl
[udN;lxD
'rM.ll
:AC?3H6lOB
Gz_UBtdzXs
Nln+4`%P
Jlagl*[W$Uk
c9P::2:
Y6F,Y+
u3rZfX9zT
&B{-BV
HrLe^Lh~P&h#8h
ur#*y
##A#!ZkAl#AQ
LJ8q#[zA)
6@A[)[@aDYA
15?Ar8#'HA
a}7i,|
`(0YCO8SQ
~00'TF?Y
n\fU(vy
%W=biGu
G.x<y[T
@DRJ-l
MYia\KE
u;vjFG|z
f~|;L*!
fXB<@K
q$Rmxpebk
nIeqrvIJQB
v1||#wj
1iiEKi>iu
PASKhj
Y>kZ\jq
iHiDdD]z
]6/L~c/
2hxh%R/m
AF$OM"?
&I,?A;
chU{+aimx|swtlVku
m{TkkkzkT
fWRrWk
qTtzjm
vpkTaoT
~~~~~~
~~~~~~
~~~~~~~
~~~~~~~~y~
k;,Y;zzz
kCY_@g
2L22[F
2x72O3
@=II=HAK@5
LOwH2N
^)Z^x^
qxxIvvx
vJFBVv
>8tK:A
Y,2IU,,y@
>KI2ht
@bG5MM
mM`!`G
L>(VID}
nH4-L\
2\uO2O
e225Ol
H_u_OeO
`{D.ai
xr_O{{
xhxxiii
FxxEN*
bWgtklM
k4qsKpkiU7
aW~zEi
cj^NuA
LIX2Awe29LNH24
5xH555
O2t22g
IVJFJ@
pKpCC)
r5@V55M
!`c!!T
!GmG`c!`G`
>sI>$(
v"[I>>
~{xdSO
b2VCVH
O228dOO52
7PlO7'h
a`Dn.f
inOixx
gCAL2~L~
YC(~LAKi
2(K7yA
~ANLPeLK~LL
9llh)z
jfahqkdl
e)z$h}
)7f+hdaqzpz}o9hoezgdag{
dhfzj@8}
{+{}hl|h9ga4
Hj5jl}h`{L)l){)
el`d75)
z)|j))l}e3
z&{)mlx`)l|}}ell7l4x77|zz|z}lh}g
fzL7ll+{|lY
z|h)le)z)zlq)l+eY5&)4)xn
+)llj7z)7
j7l)`+lml)+n5
`l'|lg7``
g5)f)`E@lll{)mfm77l{fd}Eoqxe{ezlll
)llplj7)
MG&HHNNYMGQQQNH
Y@HNQMMM@M
zo)@}MYY5}7lMNN7MMM9HQ9G
YQNN@@{QHQ
{NQ|&NMMM
N}GQ)QHVMM}pMY9QGNQSYN`9MHMMQYYGHHGMYH@pG7M@zQY&gd}GQl)NeNNMH
@MY}GM@QN9
kzGjQNNhHMH}YY5Y
Q@M}MH
|NQ)@5f})Q}GG@
H)@MY@
=5<q71177=6=76b[
9d7691=Z490?==955=v766n7708
==m69=9=8=97)>U1T6?1??)
=978V<6M6
=:><=:q=1h2=q=3=b>
2?s6<=
=6`79776^=<;6
=L6C0:::
4=?<;:N?;N:[
9?;:?;?8;
P;:8;=<::9e9-<>9J9I=
1:*1:9<;
;1k`:;=<:WDa8?|99:>;<
?;>:?;89<78=8:9
=:?1?q<
>;9:?:!<
<9&13q5]926515x=6331201
0374531
x11633474"36
33F526253560
3333c7-340316>c3p15
J17555}v45142j
3}0+74S\r50
3s405@
6W2l5V5F
66U3312444272363221P"0<=13O3v=>300?x;0330v=
?==j>>1><kN=
1;8303?<1>0>0`03
9;;=I33E%;1~6X1z;;1/>0`?
160QOF;R)
?{611>?W>=011~>E>
8'41s
262m965285!8Ii772796828<26W6S7
26KII222$6
228928222'98
2I42]6I9
292226S52
258246[5x7CQ*f5aGI6I
622I2}!867[
265(27:g10441[
1|<?1=835
??440\AC?>51=
55?0&<D0G/=V=:85{493<T0<;0
2'*8=e4;4
)4>5<25=0
tZ0?20=;1;1;
415>5<105.r641
2>4:1!Y!76s
1618@D0
668<0:7i-??9?>!6:9%>e->979!763!978s!L~7
>:9>76%} 76;9i7=
I*H!77<4
;7676;)80
Z964=[3=
=4888,?31
Y=f=5x3==%
33)380:8=2732=7>3t7
P565343473=8
E283=68?=03i`37"=<9
E83\=0<
m:2EI:::e
5:;:4::5;5
:;Qy5q:M}:::3
2:3:2:
::4:1:5
::3iA5!9::
:55:1::
-:5:442:
QaA4-:
=;:!:]%m:3:::54::22:::u::
5:a=<!
==<33:
=3)=<=3:3
m=92<=
=y3===Q=2===e=<=
GetFileAttributesExA
GetLastError
GetModuleHandleA
GetProcAddress
CloseHandle
GetTempPathA
GetTickCount
RtlUnwind
GetSystemTimeAsFileTime
LoadLibraryW
FreeLibrary
LocalFree
LocalAlloc
SetLastError
GetModuleHandleW
lstrcpyW
lstrcmpW
lstrcatW
lstrcmpiW
QueryPerformanceCounter
GetCurrentThreadId
GetCurrentProcessId
TerminateProcess
__GetMainArgs
signal
DsGetDcNameW
NetApiBufferFree
RegOpenKeyExW
RegCloseKey
wsprintfW
??0CHString@@QAE@XZ
kqcALmo>zl
z@&dW<?
F]S#CX
z3S#~wa
24[R\.%61GYsaX
F(@kKg8rd(y;_
ZE{ZFw7o
PZ>;:>
MessageBoxA
wsprintfA
ExitProcess
GetModuleHandleA
GetProcAddress
VirtualProtect
VirtualAlloc
VirtualFree
LoadLibraryA
DsGetDcNameW
RegCloseKey
??0CHString@@QAE@XZ
!|!|d!|N|
user32.dll
kernel32.dll
CRTDLL.DLL
NETAPI32.dll
ADVAPI32.dll
framedyn.dll
\SmG;cEt
~L2dT4zV
HRwe^T4
6#|vWiPD
tN1O7@Q3W
A42TAO
#,A0h]
Tk],5m8@L
y(Tos$

DNS

Name Response Post-Analysis Lookup
dns.msftncsi.com A 131.107.255.255 131.107.255.255
dns.msftncsi.com AAAA fd3e:4f5a:5b81::1 131.107.255.255

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 53179 224.0.0.252 5355
192.168.56.101 49642 224.0.0.252 5355
192.168.56.101 137 192.168.56.255 137
192.168.56.101 61714 114.114.114.114 53
192.168.56.101 56933 114.114.114.114 53
192.168.56.101 138 192.168.56.255 138

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.