SmartHawk

4.4

中危

59 个模型检测该样本为恶意！

重新分析

下载样本

1bd86c8cb7a882ae71e0a7619369815b4518c1d1101cde74ac00f869a4035541

00f4ede331332a1aa44bde6c179ea3ac.exe

分析耗时

74s

最近分析

文件大小

1.2MB

静态报毒动态报毒 0HEUOA2DVXW AI SCORE=86 AIDETECTVM ANSERIN AVADDONCRYPT BSCOPE CLASSIC DANGEROUSSIG EHLS ELDORADO ENCPK ERUR GEN4 GENETIC GENKRYPTIK GRAYWARE HFIC HIDC HIGH CONFIDENCE HLNLVX INVALIDSIG KCLOUD KRYPTIK KV1@AKOQ15FK KVMH008 KZIP LOCKY MALICIOUS PE MALWARE1 MALWARE@#124E5FQ1JEFZ9 PINKSBOT QAKBOT QBOT R + MAL R339522 RANSOMWARE SCORE STATIC AI UNSAFE ZENPAK ZEXAF ZPACK 更多

未检测暂无鹰眼引擎检测结果

查杀引擎	查杀结果	查杀时间	查杀版本
Alibaba	Backdoor:Win32/KZip.4460e8e3	20190527	0.3.0.5
Avast	Win32:DangerousSig [Trj]	20201210	21.1.5827.0
Baidu		20190318	1.0.0.2
Kingsoft	Win32.Heur.KVMH008.a.(kcloud)	20201211	2017.9.26.565
McAfee	W32/PinkSbot-GU!00F4EDE33133	20201211	6.0.6.653
CrowdStrike		20180202	1.0

Queries for the computername (2 个事件)

Time & API	Arguments	Status	Return	Repeated
1619134528.374372 GetComputerNameW	computer_name: OSKAR-PC	success	1	0
1619167379.663374 GetComputerNameW	computer_name: OSKAR-PC	success	1	0

This executable is signed

The executable contains unknown PE section names indicative of a packer (could be a false positive) (1 个事件)

section

One or more processes crashed (2 个事件)

Time & API	Arguments	Status	Return	Repeated
1619167380.288374 __exception__	stacktrace: 00f4ede331332a1aa44bde6c179ea3ac+0x3f07 @ 0x403f07 00f4ede331332a1aa44bde6c179ea3ac+0x1b25 @ 0x401b25 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5 registers.esp: 1637624 registers.edi: 0 registers.eax: 1447909480 registers.ebp: 1637684 registers.edx: 22104 registers.ebx: 1 registers.esi: 2919696 registers.ecx: 10 exception.instruction_r: ed 89 5d e4 89 4d e0 5a 59 5b 58 83 4d fc ff eb exception.symbol: 00f4ede331332a1aa44bde6c179ea3ac+0x3449 exception.instruction: in eax, dx exception.module: 00f4ede331332a1aa44bde6c179ea3ac.exe exception.exception_code: 0xc0000096 exception.offset: 13385 exception.address: 0x403449	success	0	0
1619167380.288374 __exception__	stacktrace: 00f4ede331332a1aa44bde6c179ea3ac+0x3f10 @ 0x403f10 00f4ede331332a1aa44bde6c179ea3ac+0x1b25 @ 0x401b25 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5 registers.esp: 1637628 registers.edi: 0 registers.eax: 1447909480 registers.ebp: 1637684 registers.edx: 22104 registers.ebx: 1 registers.esi: 2919696 registers.ecx: 20 exception.instruction_r: ed 89 45 e4 5a 59 5b 58 83 4d fc ff eb 11 33 c0 exception.symbol: 00f4ede331332a1aa44bde6c179ea3ac+0x34e2 exception.instruction: in eax, dx exception.module: 00f4ede331332a1aa44bde6c179ea3ac.exe exception.exception_code: 0xc0000096 exception.offset: 13538 exception.address: 0x4034e2	success	0	0

Allocates read-write-execute memory (usually to unpack itself) (6 个事件)

Time & API	Arguments	Status
1619134528.296372 NtAllocateVirtualMemory	process_identifier: 2292 region_size: 225280 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) base_address: 0x00530000	success
1619134528.311372 NtAllocateVirtualMemory	process_identifier: 2292 region_size: 221184 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) base_address: 0x00570000	success
1619134528.311372 NtProtectVirtualMemory	process_identifier: 2292 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 237568 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff base_address: 0x00400000	success
1619167379.616374 NtAllocateVirtualMemory	process_identifier: 912 region_size: 225280 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) base_address: 0x00630000	success
1619167379.616374 NtAllocateVirtualMemory	process_identifier: 912 region_size: 221184 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) base_address: 0x00670000	success
1619167379.616374 NtProtectVirtualMemory	process_identifier: 912 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 237568 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff base_address: 0x00400000	success

A process created a hidden window (1 个事件)

Time & API	Arguments	Status	Return	Repeated
1619134529.061372 CreateProcessInternalW	thread_identifier: 428 thread_handle: 0x00000158 process_identifier: 912 current_directory: filepath: track: 1 command_line: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\00f4ede331332a1aa44bde6c179ea3ac.exe /C filepath_r: stack_pivoted: 0 creation_flags: 134217728 (CREATE_NO_WINDOW) process_handle: 0x0000015c inherit_handles: 0	success	1	0

Expresses interest in specific running processes (1 个事件)

process

vboxservice.exe

Communicates with host for which no DNS query was performed (1 个事件)

host

172.217.24.14

Detects VMWare through the in instruction feature (1 个事件)

Time & API	Arguments	Status	Return	Repeated
1619167380.288374 __exception__	stacktrace: 00f4ede331332a1aa44bde6c179ea3ac+0x3f07 @ 0x403f07 00f4ede331332a1aa44bde6c179ea3ac+0x1b25 @ 0x401b25 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5 registers.esp: 1637624 registers.edi: 0 registers.eax: 1447909480 registers.ebp: 1637684 registers.edx: 22104 registers.ebx: 1 registers.esi: 2919696 registers.ecx: 10 exception.instruction_r: ed 89 5d e4 89 4d e0 5a 59 5b 58 83 4d fc ff eb exception.symbol: 00f4ede331332a1aa44bde6c179ea3ac+0x3449 exception.instruction: in eax, dx exception.module: 00f4ede331332a1aa44bde6c179ea3ac.exe exception.exception_code: 0xc0000096 exception.offset: 13385 exception.address: 0x403449	success	0	0

File has been identified by 59 AntiVirus engines on VirusTotal as malicious (50 out of 59 个事件)

Bkav	W32.AIDetectVM.malware1
Elastic	malicious (high confidence)
DrWeb	Trojan.QakBot.10
MicroWorld-eScan	Trojan.Agent.ERUR
FireEye	Generic.mg.00f4ede331332a1a
ALYac	Trojan.Agent.ERUR
Malwarebytes	Backdoor.Qbot
VIPRE	Trojan.Win32.Generic!BT
Sangfor	Malware
K7AntiVirus	Trojan ( 0056827b1 )
Alibaba	Backdoor:Win32/KZip.4460e8e3
K7GW	Trojan ( 0056827b1 )
Cybereason	malicious.686647
Arcabit	Trojan.Agent.ERUR
BitDefenderTheta	Gen:NN.ZexaF.34670.kv1@aKOQ15fk
Cyren	W32/Trojan.DZW.gen!Eldorado
Symantec	Trojan.Anserin
APEX	Malicious
Paloalto	generic.ml
ClamAV	Win.Ransomware.Locky-9779179-0
Kaspersky	HEUR:Trojan-Banker.Win32.Qbot.pef
BitDefender	Trojan.Agent.ERUR
NANO-Antivirus	Trojan.Win32.QakBot.hlnlvx
AegisLab	Trojan.Win32.Qbot.7!c
Avast	Win32:DangerousSig [Trj]
Ad-Aware	Trojan.Agent.ERUR
Emsisoft	Trojan.Agent.ERUR (B)
Comodo	Malware@#124e5fq1jefz9
F-Secure	Trojan.TR/Crypt.ZPACK.Gen4
Zillya	Trojan.Qbot.Win32.8249
TrendMicro	Backdoor.Win32.QAKBOT.SME
McAfee-GW-Edition	W32/PinkSbot-GU!00F4EDE33133
Sophos	Mal/Generic-R + Mal/EncPk-APV
SentinelOne	Static AI - Malicious PE
Jiangmin	Trojan.Zenpak.bww
Webroot	W32.Trojan.Qakbot
Avira	TR/Crypt.ZPACK.Gen4
MAX	malware (ai score=86)
Antiy-AVL	GrayWare/Win32.Kryptik.ehls
Kingsoft	Win32.Heur.KVMH008.a.(kcloud)
Gridinsoft	Trojan.Win32.Kryptik.ba
Microsoft	Ransom:Win32/AvaddonCrypt.SO!MTB
ZoneAlarm	HEUR:Trojan-Banker.Win32.Qbot.pef
GData	Trojan.Agent.ERUR
Cynet	Malicious (score: 90)
AhnLab-V3	Trojan/Win32.RL_Generic.R339522
Acronis	suspicious
McAfee	W32/PinkSbot-GU!00F4EDE33133
VBA32	BScope.Trojan.Inject
Cylance	Unsafe

暂无二进制图像该样本未生成二进制可视化图像

暂无运行截图该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手，可以帮您分析和解读恶意软件报告。请随时向我提问！

🔍 主要威胁分析

⚡ 行为特征

🛡️ 防护建议

🔧 技术手段

🎯 检测方法

🤖

Static Analysis
Strings

PE Compile Time

2020-06-05 11:21:55

Imports

Library KERNEL32.dll:

• 0x418a88 GetLastError

• 0x418a8c Sleep

• 0x418a90 LoadLibraryA

• 0x418a94 GetProcAddress

• 0x418a98 GetModuleHandleW

• 0x418a9c IsValidLocale

• 0x418aa0 GetOverlappedResult

• 0x418aa4 CommConfigDialogW

• 0x418aa8 lstrcmpiA

• 0x418aac WriteConsoleOutputA

• 0x418ab0 DeleteTimerQueueTimer

• 0x418ab4 SetHandleCount

• 0x418ab8 GetSystemTimeAsFileTime

• 0x418abc GlobalGetAtomNameW

• 0x418ac0 EnumSystemCodePagesA

• 0x418ac4 GetNamedPipeHandleStateA

• 0x418ac8 CompareStringW

• 0x418acc GetProcessAffinityMask

• 0x418ad0 ReadConsoleOutputCharacterW

• 0x418ad4 SetMessageWaitingIndicator

• 0x418ad8 GetProfileIntA

• 0x418adc Process32FirstW

• 0x418ae0 GetPrivateProfileSectionA

• 0x418ae4 FlushConsoleInputBuffer

• 0x418ae8 GetVersion

• 0x418aec GetModuleHandleA

• 0x418af0 MultiByteToWideChar

• 0x418af4 GetVersionExW

• 0x418af8 CreateFileW

• 0x418afc WriteFile

• 0x418b00 GetEnvironmentVariableW

• 0x418b04 GetSystemTime

• 0x418b08 GetCurrentProcessId

• 0x418b0c FindNextFileW

• 0x418b10 FindClose

• 0x418b14 GetSystemTimeAdjustment

• 0x418b18 QueryPerformanceCounter

• 0x418b1c FindFirstFileW

• 0x418b20 GlobalMemoryStatus

• 0x418b24 GetCurrentThreadId

• 0x418b28 GetLogicalDriveStringsW

• 0x418b2c QueryPerformanceFrequency

• 0x418b30 CloseHandle

• 0x418b34 CreateProcessW

• 0x418b38 WaitForSingleObject

• 0x418b3c CreateFileMappingA

• 0x418b40 MapViewOfFile

• 0x418b44 UnmapViewOfFile

• 0x418b48 ExpandEnvironmentStringsA

• 0x418b4c GetStdHandle

• 0x418b50 GetFileType

• 0x418b54 WaitForMultipleObjects

• 0x418b58 PeekNamedPipe

• 0x418b5c ReadFile

• 0x418b60 GetTickCount

• 0x418b64 GetVersionExA

• 0x418b68 SleepEx

• 0x418b6c EnterCriticalSection

• 0x418b70 LeaveCriticalSection

• 0x418b74 InitializeCriticalSection

• 0x418b78 DeleteCriticalSection

• 0x418b7c FormatMessageA

• 0x418b80 SetLastError

• 0x418b84 FormatMessageW

• 0x418b88 LocalFree

• 0x418b8c OutputDebugStringW

• 0x418b90 FreeLibrary

• 0x418b94 LoadLibraryW

• 0x418b98 GetCurrentThread

• 0x418b9c SuspendThread

• 0x418ba0 MulDiv

• 0x418ba4 MoveFileExW

• 0x418ba8 GetModuleFileNameW

• 0x418bac SetErrorMode

• 0x418bb0 WideCharToMultiByte

• 0x418bb4 InterlockedIncrement

• 0x418bb8 InterlockedDecrement

• 0x418bbc CreateMutexW

• 0x418bc0 ReleaseMutex

• 0x418bc4 CreateSemaphoreW

• 0x418bc8 ReleaseSemaphore

• 0x418bcc TlsSetValue

• 0x418bd0 ExitProcess

• 0x418bd4 SetThreadPriority

• 0x418bd8 ResumeThread

• 0x418bdc TlsGetValue

• 0x418be0 TlsFree

• 0x418be4 TlsAlloc

• 0x418be8 FindResourceW

• 0x418bec GetCPInfo

• 0x418bf0 IsValidCodePage

• 0x418bf4 TerminateProcess

• 0x418bf8 SizeofResource

• 0x418bfc LockResource

• 0x418c00 LoadResource

• 0x418c04 GetFileAttributesW

• 0x418c08 GetTempPathW

• 0x418c0c GetFileTime

• 0x418c10 GetFileSize

• 0x418c14 GetTempFileNameW

• 0x418c18 CopyFileW

• 0x418c1c SetCurrentDirectoryW

• 0x418c20 GetACP

• 0x418c24 GetUserDefaultLCID

• 0x418c28 GetLocaleInfoW

• 0x418c2c SetThreadLocale

• 0x418c30 RaiseException

• 0x418c34 SetEvent

• 0x418c38 CreateThread

• 0x418c3c IsBadReadPtr

• 0x418c40 IsBadStringPtrA

• 0x418c44 ExpandEnvironmentStringsW

• 0x418c48 GetCommandLineW

• 0x418c4c FreeConsole

• 0x418c50 ReadConsoleOutputCharacterA

• 0x418c54 GetConsoleScreenBufferInfo

• 0x418c58 WriteConsoleA

• 0x418c5c WriteConsoleW

• 0x418c60 FillConsoleOutputCharacterW

• 0x418c64 SetConsoleCursorPosition

• 0x418c68 GlobalUnlock

• 0x418c6c GlobalAlloc

• 0x418c70 GlobalSize

• 0x418c74 GlobalLock

• 0x418c78 HeapSize

• 0x418c7c GetProcessHeap

• 0x418c80 GlobalFree

• 0x418c84 InterlockedExchange

• 0x418c88 EncodePointer

• 0x418c8c DecodePointer

• 0x418c90 HeapFree

• 0x418c94 HeapAlloc

• 0x418c98 HeapReAlloc

• 0x418c9c GetCommandLineA

• 0x418ca0 HeapSetInformation

• 0x418ca4 GetStartupInfoW

• 0x418ca8 RtlUnwind

• 0x418cac ExitThread

• 0x418cb0 FileTimeToSystemTime

• 0x418cb4 FileTimeToLocalFileTime

• 0x418cb8 GetFileInformationByHandle

• 0x418cbc SetFilePointer

• 0x418cc0 GetDriveTypeA

• 0x418cc4 FindFirstFileExA

• 0x418cc8 GetTimeZoneInformation

• 0x418ccc CreateFileA

• 0x418cd0 SetConsoleCtrlHandler

• 0x418cd4 ReadConsoleInputA

• 0x418cd8 SetConsoleMode

• 0x418cdc GetConsoleMode

• 0x418ce0 GetTimeFormatW

• 0x418ce4 GetDateFormatW

• 0x418ce8 DeleteFileW

• 0x418cec GetConsoleCP

• 0x418cf0 FlushFileBuffers

• 0x418cf4 SetStdHandle

• 0x418cf8 InitializeCriticalSectionAndSpinCount

• 0x418cfc MoveFileW

• 0x418d00 RemoveDirectoryW

• 0x418d04 CreateDirectoryW

• 0x418d08 GetFullPathNameW

• 0x418d0c LCMapStringW

• 0x418d10 UnhandledExceptionFilter

• 0x418d14 SetUnhandledExceptionFilter

• 0x418d18 IsDebuggerPresent

• 0x418d1c HeapCreate

• 0x418d20 IsProcessorFeaturePresent

• 0x418d24 FreeEnvironmentStringsW

• 0x418d28 GetEnvironmentStringsW

• 0x418d2c GetOEMCP

• 0x418d30 GetFullPathNameA

• 0x418d34 GetExitCodeProcess

• 0x418d38 SetEndOfFile

• 0x418d3c GetStringTypeW

• 0x418d40 SetEnvironmentVariableA

• 0x418d44 SetEnvironmentVariableW

• 0x418d48 GetDriveTypeW

• 0x418d4c GetLocaleInfoA

• 0x418d50 EnumSystemLocalesA

• 0x418d54 GetModuleFileNameA

• 0x418d58 GetCurrentProcess

• 0x418d5c GetCurrentDirectoryW

• 0x418d60 GetSystemDirectoryW

• 0x418d64 lstrlenW

• 0x418d68 SetFileTime

• 0x418d6c LocalFileTimeToFileTime

• 0x418d70 DosDateTimeToFileTime

• 0x418d74 SetFileAttributesW

• 0x418d78 LocalAlloc

• 0x418d7c lstrcmpW

• 0x418d80 WriteProcessMemory

• 0x418d84 WritePrivateProfileStringW

• 0x418d88 VirtualProtect

• 0x418d8c VirtualFree

• 0x418d90 VirtualAlloc

• 0x418d94 TerminateThread

• 0x418d98 SystemTimeToFileTime

• 0x418d9c HeapDestroy

• 0x418da0 GlobalHandle

• 0x418da4 GetSystemInfo

• 0x418da8 GetPrivateProfileStringW

• 0x418dac GetLocalTime

• 0x418db0 GetComputerNameW

• 0x418db4 InterlockedExchangeAdd

• 0x418db8 InterlockedCompareExchange

• 0x418dbc FlushInstructionCache

• 0x418dc0 CreateFileMappingW

• 0x418dc4 GetUserDefaultUILanguage

• 0x418dc8 VirtualQuery

• 0x418dcc lstrcpynW

• 0x418dd0 LoadLibraryExW

• 0x418dd4 GetThreadLocale

• 0x418dd8 GetStartupInfoA

• 0x418ddc lstrcpyW

• 0x418de0 WaitForMultipleObjectsEx

• 0x418de4 VirtualQueryEx

• 0x418de8 SwitchToThread

• 0x418dec SignalObjectAndWait

• 0x418df0 ResetEvent

• 0x418df4 GlobalFindAtomW

• 0x418df8 GlobalDeleteAtom

• 0x418dfc GlobalAddAtomW

• 0x418e00 GetWindowsDirectoryW

• 0x418e04 GetShortPathNameW

• 0x418e08 GetExitCodeThread

• 0x418e0c GetDiskFreeSpaceW

• 0x418e10 FreeResource

• 0x418e14 EnumCalendarInfoA

• 0x418e18 CreateEventW

• 0x418e1c lstrcpynA

• 0x418e20 GetSystemDirectoryA

• 0x418e24 lstrlenA

• 0x418e28 GetShortPathNameA

• 0x418e2c WritePrivateProfileStringA

• 0x418e30 IsDBCSLeadByte

• 0x418e34 CreateDirectoryA

• 0x418e38 DeleteFileA

• 0x418e3c SetFileAttributesA

• 0x418e40 GetFileAttributesA

• 0x418e44 lstrcmpA

• 0x418e48 GetPrivateProfileStringA

• 0x418e4c CopyFileA

• 0x418e50 CreateDirectoryExA

• 0x418e54 CreateProcessA

• 0x418e58 FindNextFileA

• 0x418e5c FindFirstFileA

• 0x418e60 GetWindowsDirectoryA

• 0x418e64 FreeEnvironmentStringsA

• 0x418e68 GetEnvironmentStrings

• 0x418e6c LCMapStringA

• 0x418e70 GetStringTypeA

• 0x418e74 GetEnvironmentVariableA

• 0x418e78 ProcessIdToSessionId

• 0x418e7c OpenProcess

Library USER32.dll:

• 0x418e84 CreatePopupMenu

• 0x418e88 CloseClipboard

• 0x418e8c AnyPopup

• 0x418e90 CreateMenu

• 0x418e94 CountClipboardFormats

• 0x418e98 EndMenu

• 0x418e9c LoadCursorFromFileW

• 0x418ea0 GetWindowDC

• 0x418ea4 GetWindowTextLengthW

• 0x418ea8 IsCharLowerW

• 0x418eac LoadCursorFromFileA

• 0x418eb0 LoadIconW

• 0x418eb4 MessageBoxW

• 0x418eb8 GetScrollInfo

• 0x418ebc SetScrollInfo

• 0x418ec0 EnableScrollBar

• 0x418ec4 ScrollWindow

• 0x418ec8 GetParent

• 0x418ecc WindowFromPoint

• 0x418ed0 SetParent

• 0x418ed4 RedrawWindow

• 0x418ed8 ScreenToClient

• 0x418edc ClientToScreen

• 0x418ee0 IsWindowVisible

• 0x418ee4 IsWindowEnabled

• 0x418ee8 GetMessageTime

• 0x418eec GetActiveWindow

• 0x418ef0 GetWindow

• 0x418ef4 ChildWindowFromPointEx

• 0x418ef8 UnhookWindowsHookEx

• 0x418efc CallNextHookEx

• 0x418f00 TrackPopupMenu

• 0x418f04 CallWindowProcW

• 0x418f08 IsDialogMessageW

• 0x418f0c InvalidateRect

• 0x418f10 FillRect

• 0x418f14 IsWindow

• 0x418f18 SetWindowTextW

• 0x418f1c GetSysColor

• 0x418f20 GetClientRect

• 0x418f24 SetFocus

• 0x418f28 ReleaseCapture

• 0x418f2c SetCursorPos

• 0x418f30 UpdateWindow

• 0x418f34 MoveWindow

• 0x418f38 DeferWindowPos

• 0x418f3c GetWindowRect

• 0x418f40 GetUpdateRgn

• 0x418f44 MapWindowPoints

• 0x418f48 BeginDeferWindowPos

• 0x418f4c EndDeferWindowPos

• 0x418f50 SystemParametersInfoW

• 0x418f54 GetMenuItemInfoW

• 0x418f58 GetMenuItemCount

• 0x418f5c SetWindowsHookExW

• 0x418f60 RegisterHotKey

• 0x418f64 UnregisterHotKey

• 0x418f68 PtInRect

• 0x418f6c InflateRect

• 0x418f70 SetMenu

• 0x418f74 CreateIconIndirect

• 0x418f78 BringWindowToTop

• 0x418f7c IsIconic

• 0x418f80 SetForegroundWindow

• 0x418f84 IsZoomed

• 0x418f88 FlashWindow

• 0x418f8c CreateDialogIndirectParamW

• 0x418f90 GetWindowPlacement

• 0x418f94 DrawMenuBar

• 0x418f98 EnableMenuItem

• 0x418f9c GetSystemMenu

• 0x418fa0 CreateDialogParamW

• 0x418fa4 GetDlgItem

• 0x418fa8 SetWindowRgn

• 0x418fac LoadImageW

• 0x418fb0 MessageBeep

• 0x418fb4 GetClassNameW

• 0x418fb8 GetWindowTextW

• 0x418fbc DestroyCursor

• 0x418fc0 BeginPaint

• 0x418fc4 EndPaint

• 0x418fc8 ChangeDisplaySettingsW

• 0x418fcc EnumDisplaySettingsW

• 0x418fd0 GetDoubleClickTime

• 0x418fd4 DrawFrameControl

• 0x418fd8 OffsetRect

• 0x418fdc DrawIconEx

• 0x418fe0 SetCapture

• 0x418fe4 DrawTextW

• 0x418fe8 CopyRect

• 0x418fec DrawStateW

• 0x418ff0 SetRectEmpty

• 0x418ff4 DrawFocusRect

• 0x418ff8 GetMenuState

• 0x418ffc GetSysColorBrush

• 0x419000 CheckMenuItem

• 0x419004 CheckMenuRadioItem

• 0x419008 ShowWindow

• 0x41900c SetRect

• 0x419010 DrawEdge

• 0x419014 GetClipboardFormatNameW

• 0x419018 RegisterClipboardFormatW

• 0x41901c DestroyMenu

• 0x419020 GetSubMenu

• 0x419024 InsertMenuW

• 0x419028 InsertMenuItemW

• 0x41902c RemoveMenu

• 0x419030 ModifyMenuW

• 0x419034 AppendMenuW

• 0x419038 HideCaret

• 0x41903c keybd_event

• 0x419040 FindWindowExW

• 0x419044 DestroyAcceleratorTable

• 0x419048 CreateAcceleratorTableW

• 0x41904c TranslateAcceleratorW

• 0x419050 UnionRect

• 0x419054 IsRectEmpty

• 0x419058 ValidateRgn

• 0x41905c ChildWindowFromPoint

• 0x419060 IsClipboardFormatAvailable

• 0x419064 GetDialogBaseUnits

• 0x419068 wsprintfW

• 0x41906c ShowCursor

• 0x419070 AdjustWindowRectEx

• 0x419074 DdeCreateStringHandleW

• 0x419078 DdeClientTransaction

• 0x41907c DdeDisconnect

• 0x419080 DdeInitializeW

• 0x419084 DdeGetLastError

• 0x419088 DdeCreateDataHandle

• 0x41908c DdeGetData

• 0x419090 DdeFreeDataHandle

• 0x419094 DdeQueryStringW

• 0x419098 DdeUninitialize

• 0x41909c DdeFreeStringHandle

• 0x4190a0 LoadCursorW

• 0x4190a4 SetCursor

• 0x4190a8 MsgWaitForMultipleObjects

• 0x4190ac GetMessageW

• 0x4190b0 DispatchMessageW

• 0x4190b4 SetTimer

• 0x4190b8 KillTimer

• 0x4190bc PeekMessageW

• 0x4190c0 DestroyWindow

• 0x4190c4 DefWindowProcW

• 0x4190c8 UnregisterClassW

• 0x4190cc RegisterClassW

• 0x4190d0 PostMessageW

• 0x4190d4 CreateWindowExW

• 0x4190d8 PostThreadMessageW

• 0x4190dc ValidateRect

• 0x4190e0 SetWindowPos

• 0x4190e4 GetFocus

• 0x4190e8 EnableWindow

• 0x4190ec SetWindowLongW

• 0x4190f0 GetWindowLongW

• 0x4190f4 GetAsyncKeyState

• 0x4190f8 SetActiveWindow

• 0x4190fc VkKeyScanW

• 0x419100 MapVirtualKeyW

• 0x419104 TranslateMessage

• 0x419108 PostQuitMessage

• 0x41910c GetMessagePos

• 0x419110 GetIconInfo

• 0x419114 LoadBitmapW

• 0x419118 GetKeyState

• 0x41911c DestroyIcon

• 0x419120 DdePostAdvise

• 0x419124 MessageBoxA

• 0x419128 GetDesktopWindow

• 0x41912c GetProcessWindowStation

• 0x419130 GetUserObjectInformationW

• 0x419134 GetCapture

• 0x419138 GetCursorPos

• 0x41913c SendMessageA

• 0x419140 FindWindowA

• 0x419144 GetSystemMetrics

• 0x419148 ReleaseDC

• 0x41914c GetDC

• 0x419150 RegisterWindowMessageW

• 0x419154 SendMessageTimeoutW

• 0x419158 SendMessageW

• 0x41915c FindWindowW

• 0x419160 DdeConnect

• 0x419164 SetMenuItemInfoW

• 0x419168 DdeNameService

Library GDI32.dll:

• 0x419170 GetBkColor

• 0x419174 DeleteObject

• 0x419178 GetTextColor

• 0x41917c AbortPath

• 0x419180 CreateMetaFileA

• 0x419184 GetFontLanguageInfo

• 0x419188 GetBkMode

• 0x41918c CreateMetaFileW

• 0x419190 CancelDC

• 0x419194 GetEnhMetaFileA

• 0x419198 GetGraphicsMode

• 0x41919c GetLayout

• 0x4191a0 RealizePalette

• 0x4191a4 CreateCompatibleDC

• 0x4191a8 GetObjectType

• 0x4191ac CreateHalftonePalette

• 0x4191b0 CreatePatternBrush

• 0x4191b4 GetStockObject

• 0x4191b8 SaveDC

• 0x4191bc DeleteDC

• 0x4191c0 GetSystemPaletteUse

• 0x4191c4 GetDCPenColor

• 0x4191c8 GetEnhMetaFileW

• 0x4191cc BeginPath

• 0x4191d0 WidenPath

• 0x4191d4 GetStretchBltMode

• 0x4191d8 CloseMetaFile

• 0x4191dc EndPath

• 0x4191e0 FillPath

• 0x4191e4 GdiGetBatchLimit

• 0x4191e8 PathToRegion

• 0x4191ec SwapBuffers

• 0x4191f0 AddFontResourceW

• 0x4191f4 FlattenPath

• 0x4191f8 AddFontResourceA

• 0x4191fc GetPixelFormat

• 0x419200 GetTextCharset

• 0x419204 GdiFlush

• 0x419208 AbortDoc

• 0x41920c GetTextAlign

• 0x419210 GetMapMode

• 0x419214 EndPage

• 0x419218 DeleteColorSpace

• 0x41921c EndDoc

• 0x419220 DeleteMetaFile

• 0x419224 CreateSolidBrush

• 0x419228 UpdateColors

• 0x41922c UnrealizeObject

• 0x419230 GetPolyFillMode

• 0x419234 DeleteEnhMetaFile

• 0x419238 GetTextCharacterExtra

• 0x41923c CloseEnhMetaFile

• 0x419240 CloseFigure

• 0x419244 GetDCBrushColor

• 0x419248 GetColorSpace

• 0x41924c GetROP2

• 0x419250 SetMetaRgn

• 0x419254 StrokePath

• 0x419258 QueryFontAssocStatus

• 0x41925c SetDIBColorTable

• 0x419260 GdiEntry8

• 0x419264 FontIsLinked

• 0x419268 EngCreateSemaphore

• 0x41926c OffsetViewportOrgEx

• 0x419270 SetTextColor

• 0x419274 GdiGetSpoolFileHandle

• 0x419278 GetEnhMetaFilePixelFormat

• 0x41927c EngStretchBltROP

• 0x419280 GdiEndPageEMF

• 0x419284 OffsetRgn

• 0x419288 EngLockSurface

• 0x41928c SetLayoutWidth

• 0x419290 GdiPlayScript

• 0x419294 Rectangle

• 0x419298 XLATEOBJ_hGetColorTransform

• 0x41929c FONTOBJ_pvTrueTypeFontFile

• 0x4192a0 GetCharWidthA

• 0x4192a4 GdiSwapBuffers

• 0x4192a8 SetWorldTransform

• 0x4192ac GetPixel

• 0x4192b0 GdiCleanCacheDC

• 0x4192b4 ExtCreatePen

• 0x4192b8 GetWorldTransform

• 0x4192bc ResetDCW

• 0x4192c0 STROBJ_bEnumPositionsOnly

• 0x4192c4 GetTextExtentPointI

• 0x4192c8 GdiEntry14

• 0x4192cc CreateEllipticRgn

• 0x4192d0 EngCheckAbort

• 0x4192d4 CreateBitmapIndirect

• 0x4192d8 CreateICA

• 0x4192dc SetBitmapBits

• 0x4192e0 GdiQueryFonts

• 0x4192e4 GetSystemPaletteEntries

• 0x4192e8 CreateICW

• 0x4192ec SetTextAlign

• 0x4192f0 CreateRectRgnIndirect

• 0x4192f4 GetTextExtentExPointW

• 0x4192f8 GetPaletteEntries

• 0x4192fc GetNearestPaletteIndex

• 0x419300 CreatePalette

• 0x419304 CreatePen

• 0x419308 CreateHatchBrush

• 0x41930c EnumFontFamiliesExW

• 0x419310 Polyline

• 0x419314 SetROP2

• 0x419318 SetViewportOrgEx

• 0x41931c SetPixel

• 0x419320 PolyBezier

• 0x419324 SetWindowOrgEx

• 0x419328 PlayEnhMetaFile

• 0x41932c SetAbortProc

• 0x419330 StartDocW

• 0x419334 StartPage

• 0x419338 CreateDCW

• 0x41933c GetEnhMetaFileHeader

• 0x419340 CreateEnhMetaFileW

• 0x419344 GetClipBox

• 0x419348 CreateFontIndirectW

• 0x41934c SetBkMode

• 0x419350 StretchBlt

• 0x419354 MoveToEx

• 0x419358 SetWindowExtEx

• 0x41935c SetViewportExtEx

• 0x419360 SetMapMode

• 0x419364 SelectClipRgn

• 0x419368 SetStretchBltMode

• 0x41936c ExtSelectClipRgn

• 0x419370 ExtFloodFill

• 0x419374 Arc

• 0x419378 Pie

• 0x41937c Polygon

• 0x419380 LineTo

• 0x419384 GetRegionData

• 0x419388 ExtCreateRegion

• 0x41938c SetBkColor

• 0x419390 CreateBitmap

• 0x419394 GetObjectW

• 0x419398 ExcludeClipRect

• 0x41939c SetBrushOrgEx

• 0x4193a0 CreateRectRgn

• 0x4193a4 SelectPalette

• 0x4193a8 GetTextMetricsW

• 0x4193ac GetOutlineTextMetricsW

• 0x4193b0 GetCharABCWidthsW

• 0x4193b4 CombineRgn

• 0x4193b8 RectInRegion

• 0x4193bc PtInRegion

• 0x4193c0 EqualRgn

• 0x4193c4 GetRgnBox

• 0x4193c8 GetDIBColorTable

• 0x4193cc CreateDIBitmap

• 0x4193d0 GetDIBits

• 0x4193d4 CreateDIBSection

• 0x4193d8 GetTextExtentPoint32W

• 0x4193dc StretchDIBits

• 0x4193e0 ExtTextOutW

• 0x4193e4 MaskBlt

• 0x4193e8 Ellipse

• 0x4193ec RoundRect

• 0x4193f0 PolyPolygon

• 0x4193f4 SetPolyFillMode

• 0x4193f8 GetDeviceCaps

• 0x4193fc BitBlt

• 0x419400 SelectObject

• 0x419404 CreateCompatibleBitmap

Library COMDLG32.dll:

• 0x41940c PageSetupDlgW

• 0x419410 PrintDlgW

• 0x419414 ChooseFontW

• 0x419418 GetSaveFileNameW

• 0x41941c GetOpenFileNameW

• 0x419420 CommDlgExtendedError

Library ADVAPI32.dll:

• 0x419428 GetUserNameA

• 0x41942c RegOpenKeyA

• 0x419430 RegQueryValueExA

• 0x419434 FreeSid

• 0x419438 RegOpenKeyExW

• 0x41943c RegCloseKey

• 0x419440 RegEnumValueW

• 0x419444 RegSetValueExW

• 0x419448 RegCreateKeyExW

• 0x41944c RegQueryValueExW

• 0x419450 RegDeleteValueW

• 0x419454 RegEnumKeyW

• 0x419458 RegDeleteKeyW

• 0x41945c GetUserNameW

• 0x419460 DeregisterEventSource

• 0x419464 ReportEventA

• 0x419468 RegisterEventSourceA

Library SHELL32.dll:

• 0x419470 SHFileOperation

• 0x419474 SHGetDesktopFolder

• 0x419478 SHFileOperationW

• 0x41947c SHPathPrepareForWriteW

• 0x419480 SHBrowseForFolderA

• 0x419484 WOWShellExecute

• 0x419488 FindExecutableW

• 0x41948c SHFormatDrive

• 0x419490 ShellAboutW

• 0x419494 SHLoadNonloadedIconOverlayIdentifiers

• 0x419498 ExtractIconW

• 0x41949c SHGetFileInfoW

• 0x4194a0 DragFinish

• 0x4194a4 SHGetMalloc

• 0x4194a8 DragQueryFileW

• 0x4194ac ExtractIconExW

• 0x4194b0 ShellExecuteExW

• 0x4194b4 SHGetPathFromIDListW

• 0x4194b8 DragAcceptFiles

• 0x4194bc DragQueryPoint

• 0x4194c0 SHGetSpecialFolderLocation

Library ole32.dll:

• 0x4194c8 OleGetClipboard

• 0x4194cc OleFlushClipboard

• 0x4194d0 OleIsCurrentClipboard

• 0x4194d4 OleSetClipboard

• 0x4194d8 CoLockObjectExternal

• 0x4194dc RegisterDragDrop

• 0x4194e0 RevokeDragDrop

• 0x4194e4 CoTaskMemAlloc

• 0x4194e8 ReleaseStgMedium

• 0x4194ec OleInitialize

• 0x4194f0 OleUninitialize

• 0x4194f4 CoCreateInstance

• 0x4194f8 CoCreateGuid

• 0x4194fc OleLockRunning

• 0x419500 OleRun

• 0x419504 OleSetContainedObject

Library SHLWAPI.dll:

• 0x41950c StrChrIA

Library COMCTL32.dll:

• 0x419514 ImageList_GetImageCount

• 0x419518 ImageList_GetIconSize

• 0x41951c ImageList_Create

• 0x419520 ImageList_Add

• 0x419524 ImageList_ReplaceIcon

• 0x419528 ImageList_Replace

• 0x41952c ImageList_Remove

• 0x419530 ImageList_Draw

• 0x419534 ImageList_SetBkColor

• 0x419538 ImageList_SetDragCursorImage

• 0x41953c ImageList_BeginDrag

• 0x419540 ImageList_DragMove

• 0x419544 ImageList_DragEnter

• 0x419548 ImageList_DragLeave

• 0x41954c ImageList_EndDrag

• 0x419550 ImageList_Destroy

Hosts

No hosts contacted.

DNS

Name	Response	Post-Analysis Lookup
dns.msftncsi.com	A 131.107.255.255	131.107.255.255
dns.msftncsi.com	AAAA fd3e:4f5a:5b81::1	131.107.255.255
teredo.ipv6.microsoft.com		127.0.0.1

TCP

No TCP connections recorded.

UDP

Source	Source Port	Destination	Destination Port
192.168.56.101	50534	114.114.114.114	53
192.168.56.101	55368	114.114.114.114	53
192.168.56.101	56539	114.114.114.114	53
192.168.56.101	65004	114.114.114.114	53
192.168.56.101	137	192.168.56.255	137
192.168.56.101	138	192.168.56.255	138
192.168.56.101	49235	224.0.0.252	5355
192.168.56.101	56804	224.0.0.252	5355
192.168.56.101	60123	224.0.0.252	5355
192.168.56.101	62191	224.0.0.252	5355
192.168.56.101	1900	239.255.255.250	1900
192.168.56.101	50535	239.255.255.250	3702
192.168.56.101	50537	239.255.255.250	3702
192.168.56.101	56540	239.255.255.250	3702
192.168.56.101	56807	239.255.255.250	1900
192.168.56.101	58707	239.255.255.250	3702

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.

Sorry! No dropped buffers.