8.8
极危
17 个模型检测该样本为恶意!
重新分析
更多

7e990872552e8ffae449f12304f4785e628dcd68f7b97d4adf96f1d04439ef13

06fc0dd1c4e0262744cd8475a9208fd5.exe

分析耗时

126s

最近分析

文件大小

963.1KB
静态报毒 动态报毒 AATV ARTEMIS BSCOPE GENERIC@ML KK+W07INS1KU7RU1MHVKVW RDMK SCROP SUSGEN UNSAFE 更多
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
McAfee Artemis!06FC0DD1C4E0 20201214 6.0.6.653
Alibaba TrojanDropper:Win32/Scrop.c73b319e 20190527 0.3.0.5
Baidu 20190318 1.0.0.2
Avast 20201214 21.1.5827.0
Tencent Win32.Trojan-dropper.Scrop.Hzg 20201214 1.0.0.1
Kingsoft 20201214 2017.9.26.565
CrowdStrike 20190702 1.0
静态指标
Queries for the computername (2 个事件)
Time & API Arguments Status Return Repeated
1620837612.867
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
1620837612.867
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
Collects information to fingerprint the system (MachineGuid, DigitalProductId, SystemBiosDate) (1 个事件)
registry HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\MachineGuid
This executable is signed
Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available (1 个事件)
Time & API Arguments Status Return Repeated
1620837608.601502
GlobalMemoryStatusEx
success 1 0
The executable contains unknown PE section names indicative of a packer (could be a false positive) (3 个事件)
section CODE
section DATA
section BSS
One or more processes crashed (1 个事件)
Time & API Arguments Status Return Repeated
1620837607.882502
__exception__
stacktrace: 
dasap+0x8a32b @ 0x48a32b
dasap+0xec656 @ 0x4ec656
dasap+0xec367 @ 0x4ec367
dasap+0xf6f23 @ 0x4f6f23
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1637436
registers.edi: 1
registers.eax: 1637436
registers.ebp: 1637516
registers.edx: 0
registers.ebx: 4760363
registers.esi: 1638160
registers.ecx: 7
exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b
exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727
exception.instruction: leave
exception.module: KERNELBASE.dll
exception.exception_code: 0xeedfade
exception.offset: 46887
exception.address: 0x778eb727
success 0 0
行为判定
动态指标
One or more potentially interesting buffers were extracted, these generally contain injected code, configuration data, etc.
HTTP traffic contains suspicious features which may be indicative of malware related traffic (14 个事件)
suspicious_features HTTP version 1.0 used suspicious_request HEAD http://download.centralx.com.br/hidoctor/hi8020a_85c86n2.exe
suspicious_features HTTP version 1.0 used suspicious_request GET http://download.centralx.com.br/hidoctor/hi_channel.jpg
suspicious_features HTTP version 1.0 used suspicious_request GET http://www.downloadasap.com/index.cgi?cmdid=8&vs=1&pin=CABZHDZBFCZBBEXBEEABABAHF&mom=000&channel=CAAZCFBZBDHZCXBABJICFGGH&channel.ver=CABZHDZBFCZBBEXBEEAFEFAIB&spd=0&mvs=DASAP+3.0&mso=WINNT+Service+Pack+1+6.1.7601&mram=4294500352&mcpu=-&ppg=2021%2F5%2F13+2%3A20%3A13&ptm=2021%2F5%2F13+2%3A20%3A13&dtm=0
suspicious_features HTTP version 1.0 used suspicious_request GET http://download.centralx.com.br/hidoctor/hi8020a_85c86n2.exe
suspicious_features HTTP version 1.0 used suspicious_request GET http://www.hidoctor.com.br/imgs/getacro.jpg
suspicious_features HTTP version 1.0 used suspicious_request GET http://download.centralx.com/hidoctor/softwaremedico_epf.jpg
suspicious_features HTTP version 1.0 used suspicious_request GET http://www.hidoctor.com.br/download/imgs/hidoc_office.jpg
suspicious_features HTTP version 1.0 used suspicious_request GET http://download.centralx.com.br/hidoctor/hi8box.jpg
suspicious_features HTTP version 1.0 used suspicious_request GET http://download.centralx.com/hidoctor/softwaremedico_hidoctor.jpg
suspicious_features HTTP version 1.0 used suspicious_request GET http://www.hidoctor.com.br/palm/img/palmpalm.jpg
suspicious_features HTTP version 1.0 used suspicious_request GET http://www.hidoctor.com.br/download/tabelap.jpg
suspicious_features HTTP version 1.0 used suspicious_request GET http://www.hidoctor.com.br/imgs/manual_impressao.jpg
suspicious_features HTTP version 1.0 used suspicious_request GET http://www.hidoctor.com.br/imgs/atua_hi_dasap.jpg
suspicious_features POST method with no referer header suspicious_request POST https://update.googleapis.com/service/update2?cup2key=10:3541988807&cup2hreq=723f99ab0c4115fe22937b72311ad133dcac48e075c48a1dc26b3752d03ef2d5
Performs some HTTP requests (14 个事件)
request HEAD http://download.centralx.com.br/hidoctor/hi8020a_85c86n2.exe
request GET http://download.centralx.com.br/hidoctor/hi_channel.jpg
request GET http://www.downloadasap.com/index.cgi?cmdid=8&vs=1&pin=CABZHDZBFCZBBEXBEEABABAHF&mom=000&channel=CAAZCFBZBDHZCXBABJICFGGH&channel.ver=CABZHDZBFCZBBEXBEEAFEFAIB&spd=0&mvs=DASAP+3.0&mso=WINNT+Service+Pack+1+6.1.7601&mram=4294500352&mcpu=-&ppg=2021%2F5%2F13+2%3A20%3A13&ptm=2021%2F5%2F13+2%3A20%3A13&dtm=0
request GET http://download.centralx.com.br/hidoctor/hi8020a_85c86n2.exe
request GET http://www.hidoctor.com.br/imgs/getacro.jpg
request GET http://download.centralx.com/hidoctor/softwaremedico_epf.jpg
request GET http://www.hidoctor.com.br/download/imgs/hidoc_office.jpg
request GET http://download.centralx.com.br/hidoctor/hi8box.jpg
request GET http://download.centralx.com/hidoctor/softwaremedico_hidoctor.jpg
request GET http://www.hidoctor.com.br/palm/img/palmpalm.jpg
request GET http://www.hidoctor.com.br/download/tabelap.jpg
request GET http://www.hidoctor.com.br/imgs/manual_impressao.jpg
request GET http://www.hidoctor.com.br/imgs/atua_hi_dasap.jpg
request POST https://update.googleapis.com/service/update2?cup2key=10:3541988807&cup2hreq=723f99ab0c4115fe22937b72311ad133dcac48e075c48a1dc26b3752d03ef2d5
Sends data using the HTTP POST Method (1 个事件)
request POST https://update.googleapis.com/service/update2?cup2key=10:3541988807&cup2hreq=723f99ab0c4115fe22937b72311ad133dcac48e075c48a1dc26b3752d03ef2d5
Allocates read-write-execute memory (usually to unpack itself) (4 个事件)
Time & API Arguments Status Return Repeated
1620837602.914125
NtAllocateVirtualMemory
process_identifier: 368
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x003d0000
success 0 0
1620837605.492502
NtAllocateVirtualMemory
process_identifier: 2288
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00630000
success 0 0
1620837609.179
NtAllocateVirtualMemory
process_identifier: 324
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00640000
success 0 0
1620837676.570375
NtAllocateVirtualMemory
process_identifier: 1424
region_size: 65536
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffffffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x0000000004210000
success 0 0
Checks whether any human activity is being performed by constantly checking whether the foreground window changed
Queries the disk size which could be used to detect virtual machine with small fixed size or dynamic allocation (2 个事件)
Time & API Arguments Status Return Repeated
1620837604.476125
GetDiskFreeSpaceExW
root_path: C:\
free_bytes_available: 19609661440
total_number_of_free_bytes: 0
total_number_of_bytes: 34252779520
success 1 0
1620837615.085
GetDiskFreeSpaceExW
root_path: C:\
free_bytes_available: 19562704896
total_number_of_free_bytes: 0
total_number_of_bytes: 34252779520
success 1 0
Foreign language identified in PE resource (4 个事件)
name RT_ICON language LANG_PORTUGUESE offset 0x0005a558 filetype data sublanguage SUBLANG_PORTUGUESE_BRAZILIAN size 0x000008a8
name RT_ICON language LANG_PORTUGUESE offset 0x0005a558 filetype data sublanguage SUBLANG_PORTUGUESE_BRAZILIAN size 0x000008a8
name RT_GROUP_ICON language LANG_PORTUGUESE offset 0x0005cd8c filetype data sublanguage SUBLANG_PORTUGUESE_BRAZILIAN size 0x00000022
name RT_VERSION language LANG_PORTUGUESE offset 0x0005cdb0 filetype MS Windows COFF PA-RISC object file sublanguage SUBLANG_PORTUGUESE_BRAZILIAN size 0x00000290
Creates executable files on the filesystem (2 个事件)
file C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\SFX20210513022003054\dasap.exe
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DownloadAsap.lnk
Creates a shortcut to an executable file (1 个事件)
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DownloadAsap.lnk
Drops an executable to the user AppData folder (1 个事件)
file C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\SFX20210513022003054\dasap.exe
网络通信
Communicates with host for which no DNS query was performed (1 个事件)
host 172.217.24.14
Installs itself for autorun at Windows startup (1 个事件)
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DownloadAsap.lnk
File has been identified by 17 AntiVirus engines on VirusTotal as malicious (17 个事件)
McAfee Artemis!06FC0DD1C4E0
Cylance Unsafe
Alibaba TrojanDropper:Win32/Scrop.c73b319e
Symantec Downloader
Kaspersky Trojan-Dropper.Win32.Scrop.aatv
Paloalto generic.ml
AegisLab Trojan.Win32.Scrop.b!c
Tencent Win32.Trojan-dropper.Scrop.Hzg
Sophos Mal/Generic-R
Zillya Dropper.Scrop.Win32.565
McAfee-GW-Edition Artemis
Gridinsoft Trojan.Agent.sd!c
ZoneAlarm Trojan-Dropper.Win32.Scrop.aatv
VBA32 BScope.TrojanDropper.Scrop
Rising Trojan.Generic@ML.85 (RDMK:Kk+w07INS1ku7rU1mhvkVw)
MaxSecure Trojan.Malware.11993738.susgen
Qihoo-360 Win32/Trojan.Dropper.184
Connects to IP addresses that are no longer responding to requests (legitimate services will remain up-and-running usually) (2 个事件)
dead_host 172.217.160.110:443
dead_host 200.251.137.19:80
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

1992-06-20 06:22:17

Imports

Library kernel32.dll:
0x44d118 GetCurrentThreadId
0x44d12c VirtualFree
0x44d130 VirtualAlloc
0x44d134 LocalFree
0x44d138 LocalAlloc
0x44d144 VirtualQuery
0x44d148 WideCharToMultiByte
0x44d14c MultiByteToWideChar
0x44d150 lstrlenA
0x44d154 lstrcpynA
0x44d158 lstrcpyA
0x44d15c LoadLibraryExA
0x44d160 GetThreadLocale
0x44d164 GetStartupInfoA
0x44d168 GetProcAddress
0x44d16c GetModuleHandleA
0x44d170 GetModuleFileNameA
0x44d174 GetLocaleInfoA
0x44d178 GetLastError
0x44d17c GetCommandLineA
0x44d180 FreeLibrary
0x44d184 FindFirstFileA
0x44d188 FindClose
0x44d18c ExitProcess
0x44d190 WriteFile
0x44d198 SetFilePointer
0x44d19c SetEndOfFile
0x44d1a0 RtlUnwind
0x44d1a4 ReadFile
0x44d1a8 RaiseException
0x44d1ac GetStdHandle
0x44d1b0 GetFileSize
0x44d1b4 GetSystemTime
0x44d1b8 GetFileType
0x44d1bc CreateFileA
0x44d1c0 CloseHandle
Library user32.dll:
0x44d1c8 GetKeyboardType
0x44d1cc LoadStringA
0x44d1d0 MessageBoxA
0x44d1d4 CharNextA
Library advapi32.dll:
0x44d1dc RegQueryValueExA
0x44d1e0 RegOpenKeyExA
0x44d1e4 RegCloseKey
Library oleaut32.dll:
0x44d1ec VariantChangeTypeEx
0x44d1f0 VariantCopyInd
0x44d1f4 VariantClear
0x44d1f8 SysStringLen
0x44d1fc SysFreeString
0x44d200 SysReAllocStringLen
0x44d204 SysAllocStringLen
Library kernel32.dll:
0x44d20c TlsSetValue
0x44d210 TlsGetValue
0x44d214 LocalAlloc
0x44d218 GetModuleHandleA
0x44d21c GetModuleFileNameA
Library advapi32.dll:
0x44d224 RegQueryValueExA
0x44d228 RegOpenKeyExA
0x44d22c RegCloseKey
Library kernel32.dll:
0x44d234 lstrcpyA
0x44d238 WriteFile
0x44d23c WaitForSingleObject
0x44d240 VirtualQuery
0x44d244 VirtualAlloc
0x44d248 Sleep
0x44d24c SizeofResource
0x44d250 SetThreadLocale
0x44d254 SetFilePointer
0x44d258 SetEvent
0x44d25c SetErrorMode
0x44d260 SetEndOfFile
0x44d264 RemoveDirectoryA
0x44d268 ReadFile
0x44d26c MultiByteToWideChar
0x44d270 MulDiv
0x44d274 LockResource
0x44d278 LoadResource
0x44d27c LoadLibraryA
0x44d288 GlobalUnlock
0x44d28c GlobalReAlloc
0x44d290 GlobalHandle
0x44d294 GlobalLock
0x44d298 GlobalFree
0x44d29c GlobalDeleteAtom
0x44d2a0 GlobalAlloc
0x44d2a4 GlobalAddAtomA
0x44d2ac GetVersionExA
0x44d2b0 GetVersion
0x44d2b4 GetTickCount
0x44d2b8 GetThreadLocale
0x44d2bc GetTempPathA
0x44d2c0 GetSystemInfo
0x44d2c4 GetSystemDirectoryA
0x44d2c8 GetProcAddress
0x44d2cc GetModuleHandleA
0x44d2d0 GetModuleFileNameA
0x44d2d4 GetLocaleInfoA
0x44d2d8 GetLocalTime
0x44d2dc GetLastError
0x44d2e0 GetFileAttributesA
0x44d2e4 GetDiskFreeSpaceA
0x44d2e8 GetDateFormatA
0x44d2ec GetCurrentThreadId
0x44d2f0 GetCurrentProcessId
0x44d2f4 GetCPInfo
0x44d2f8 FreeResource
0x44d2fc FreeLibrary
0x44d300 FormatMessageA
0x44d304 FindResourceA
0x44d308 FindNextFileA
0x44d30c FindFirstFileA
0x44d310 FindClose
0x44d31c EnumCalendarInfoA
0x44d324 DeleteFileA
0x44d32c CreateThread
0x44d330 CreateProcessA
0x44d334 CreateFileA
0x44d338 CreateEventA
0x44d33c CreateDirectoryA
0x44d340 CompareStringA
0x44d344 CloseHandle
Library gdi32.dll:
0x44d34c UnrealizeObject
0x44d350 StretchBlt
0x44d354 SetWindowOrgEx
0x44d358 SetViewportOrgEx
0x44d35c SetTextColor
0x44d360 SetStretchBltMode
0x44d364 SetROP2
0x44d368 SetPixel
0x44d36c SetDIBColorTable
0x44d370 SetBrushOrgEx
0x44d374 SetBkMode
0x44d378 SetBkColor
0x44d37c SelectPalette
0x44d380 SelectObject
0x44d384 SaveDC
0x44d388 RestoreDC
0x44d38c RectVisible
0x44d390 RealizePalette
0x44d394 PatBlt
0x44d398 MoveToEx
0x44d39c MaskBlt
0x44d3a0 LineTo
0x44d3a4 IntersectClipRect
0x44d3a8 GetWindowOrgEx
0x44d3ac GetTextMetricsA
0x44d3b8 GetStockObject
0x44d3bc GetPixel
0x44d3c0 GetPaletteEntries
0x44d3c4 GetObjectA
0x44d3c8 GetDeviceCaps
0x44d3cc GetDIBits
0x44d3d0 GetDIBColorTable
0x44d3d4 GetDCOrgEx
0x44d3dc GetClipBox
0x44d3e0 GetBrushOrgEx
0x44d3e4 GetBitmapBits
0x44d3e8 ExcludeClipRect
0x44d3ec DeleteObject
0x44d3f0 DeleteDC
0x44d3f4 CreateSolidBrush
0x44d3f8 CreatePenIndirect
0x44d3fc CreatePalette
0x44d404 CreateFontIndirectA
0x44d408 CreateDIBitmap
0x44d40c CreateDIBSection
0x44d410 CreateCompatibleDC
0x44d418 CreateBrushIndirect
0x44d41c CreateBitmap
0x44d420 BitBlt
Library user32.dll:
0x44d428 WindowFromPoint
0x44d42c WinHelpA
0x44d430 WaitMessage
0x44d434 UpdateWindow
0x44d438 UnregisterClassA
0x44d43c UnhookWindowsHookEx
0x44d440 TranslateMessage
0x44d448 TrackPopupMenu
0x44d450 ShowWindow
0x44d454 ShowScrollBar
0x44d458 ShowOwnedPopups
0x44d45c ShowCursor
0x44d460 SetWindowsHookExA
0x44d464 SetWindowPos
0x44d468 SetWindowPlacement
0x44d46c SetWindowLongA
0x44d470 SetTimer
0x44d474 SetScrollRange
0x44d478 SetScrollPos
0x44d47c SetScrollInfo
0x44d480 SetRect
0x44d484 SetPropA
0x44d488 SetMenuItemInfoA
0x44d48c SetMenu
0x44d490 SetForegroundWindow
0x44d494 SetFocus
0x44d498 SetCursor
0x44d49c SetClassLongA
0x44d4a0 SetCapture
0x44d4a4 SetActiveWindow
0x44d4a8 SendMessageA
0x44d4ac ScrollWindow
0x44d4b0 ScreenToClient
0x44d4b4 RemovePropA
0x44d4b8 RemoveMenu
0x44d4bc ReleaseDC
0x44d4c0 ReleaseCapture
0x44d4cc RegisterClassA
0x44d4d0 PtInRect
0x44d4d4 PostQuitMessage
0x44d4d8 PostMessageA
0x44d4dc PeekMessageA
0x44d4e0 OffsetRect
0x44d4e4 OemToCharA
0x44d4e8 MessageBoxA
0x44d4ec MapWindowPoints
0x44d4f0 MapVirtualKeyA
0x44d4f4 LoadStringA
0x44d4f8 LoadKeyboardLayoutA
0x44d4fc LoadIconA
0x44d500 LoadCursorA
0x44d504 LoadBitmapA
0x44d508 KillTimer
0x44d50c IsZoomed
0x44d510 IsWindowVisible
0x44d514 IsWindowEnabled
0x44d518 IsWindow
0x44d51c IsRectEmpty
0x44d520 IsIconic
0x44d524 IsDialogMessageA
0x44d528 IsChild
0x44d52c InvalidateRect
0x44d530 IntersectRect
0x44d534 InsertMenuItemA
0x44d538 InsertMenuA
0x44d53c InflateRect
0x44d544 GetWindowTextA
0x44d548 GetWindowRect
0x44d54c GetWindowPlacement
0x44d550 GetWindowLongA
0x44d554 GetWindowDC
0x44d558 GetTopWindow
0x44d55c GetSystemMetrics
0x44d560 GetSystemMenu
0x44d564 GetSysColor
0x44d568 GetSubMenu
0x44d56c GetScrollRange
0x44d570 GetScrollPos
0x44d574 GetScrollInfo
0x44d578 GetPropA
0x44d57c GetParent
0x44d580 GetWindow
0x44d584 GetMenuStringA
0x44d588 GetMenuState
0x44d58c GetMenuItemInfoA
0x44d590 GetMenuItemID
0x44d594 GetMenuItemCount
0x44d598 GetMenu
0x44d59c GetLastActivePopup
0x44d5a0 GetKeyboardState
0x44d5a8 GetKeyboardLayout
0x44d5ac GetKeyState
0x44d5b0 GetKeyNameTextA
0x44d5b4 GetIconInfo
0x44d5b8 GetForegroundWindow
0x44d5bc GetFocus
0x44d5c0 GetDesktopWindow
0x44d5c4 GetDCEx
0x44d5c8 GetDC
0x44d5cc GetCursorPos
0x44d5d0 GetCursor
0x44d5d4 GetClientRect
0x44d5d8 GetClassInfoA
0x44d5dc GetCapture
0x44d5e0 GetActiveWindow
0x44d5e4 FrameRect
0x44d5e8 FindWindowA
0x44d5ec FillRect
0x44d5f0 EqualRect
0x44d5f4 EnumWindows
0x44d5f8 EnumThreadWindows
0x44d5fc EndPaint
0x44d600 EnableWindow
0x44d604 EnableScrollBar
0x44d608 EnableMenuItem
0x44d60c DrawTextA
0x44d610 DrawMenuBar
0x44d614 DrawIconEx
0x44d618 DrawIcon
0x44d61c DrawFrameControl
0x44d620 DrawEdge
0x44d624 DispatchMessageA
0x44d628 DestroyWindow
0x44d62c DestroyMenu
0x44d630 DestroyIcon
0x44d634 DestroyCursor
0x44d638 DeleteMenu
0x44d63c DefWindowProcA
0x44d640 DefMDIChildProcA
0x44d644 DefFrameProcA
0x44d648 CreateWindowExA
0x44d64c CreatePopupMenu
0x44d650 CreateMenu
0x44d654 CreateIcon
0x44d658 ClientToScreen
0x44d65c CheckMenuItem
0x44d660 CallWindowProcA
0x44d664 CallNextHookEx
0x44d668 BeginPaint
0x44d66c CharLowerA
0x44d670 CharUpperBuffA
0x44d674 AdjustWindowRectEx
Library ole32.dll:
0x44d680 CoTaskMemFree
0x44d684 CoCreateGuid
0x44d688 CLSIDFromString
0x44d68c StringFromCLSID
0x44d690 CoUninitialize
0x44d694 CoInitialize
0x44d698 IsEqualGUID
Library oleaut32.dll:
0x44d6a0 GetErrorInfo
0x44d6a4 SysFreeString
Library comctl32.dll:
0x44d6b4 ImageList_Write
0x44d6b8 ImageList_Read
0x44d6c8 ImageList_DragMove
0x44d6cc ImageList_DragLeave
0x44d6d0 ImageList_DragEnter
0x44d6d4 ImageList_EndDrag
0x44d6d8 ImageList_BeginDrag
0x44d6dc ImageList_Remove
0x44d6e0 ImageList_DrawEx
0x44d6e4 ImageList_Draw
0x44d6f4 ImageList_Add
0x44d6fc ImageList_Destroy
0x44d700 ImageList_Create
Library shell32.dll:

Hosts

No hosts contacted.

TCP

Source Source Port Destination Destination Port
192.168.56.101 49181 104.236.242.108 download.centralx.com 80
192.168.56.101 49182 104.236.242.108 download.centralx.com 80
192.168.56.101 49186 104.236.242.108 download.centralx.com 80
192.168.56.101 49187 104.236.242.108 download.centralx.com 80
192.168.56.101 49188 104.236.242.108 download.centralx.com 80
192.168.56.101 49201 104.236.242.108 download.centralx.com 80
192.168.56.101 49210 104.236.242.108 download.centralx.com 80
192.168.56.101 49211 104.236.242.108 download.centralx.com 80
192.168.56.101 49212 104.236.242.108 download.centralx.com 80
192.168.56.101 49213 104.236.242.108 download.centralx.com 80
192.168.56.101 49217 104.236.242.108 download.centralx.com 80
192.168.56.101 49185 187.16.179.245 www.downloadasap.com 80
192.168.56.101 49190 187.16.179.252 www.hidoctor.com.br 80
192.168.56.101 49207 187.16.179.252 www.hidoctor.com.br 80
192.168.56.101 49220 187.16.179.252 www.hidoctor.com.br 80
192.168.56.101 49223 187.16.179.252 www.hidoctor.com.br 80
192.168.56.101 49224 187.16.179.252 www.hidoctor.com.br 80
192.168.56.101 49225 187.16.179.252 www.hidoctor.com.br 80
192.168.56.101 49235 203.208.41.98 update.googleapis.com 443

UDP

Source Source Port Destination Destination Port
192.168.56.101 49713 114.114.114.114 53
192.168.56.101 50002 114.114.114.114 53
192.168.56.101 50568 114.114.114.114 53
192.168.56.101 53237 114.114.114.114 53
192.168.56.101 54260 114.114.114.114 53
192.168.56.101 56743 114.114.114.114 53
192.168.56.101 57236 114.114.114.114 53
192.168.56.101 57756 114.114.114.114 53
192.168.56.101 58367 114.114.114.114 53
192.168.56.101 60384 114.114.114.114 53
192.168.56.101 61680 114.114.114.114 53
192.168.56.101 62318 114.114.114.114 53
192.168.56.101 62912 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 123 20.189.79.72 time.windows.com 123
192.168.56.101 49235 224.0.0.252 5355
192.168.56.101 50534 224.0.0.252 5355
192.168.56.101 51963 224.0.0.252 5355
192.168.56.101 53210 224.0.0.252 5355

HTTP & HTTPS Requests

URI Data
http://www.hidoctor.com.br/download/tabelap.jpg 
GET /download/tabelap.jpg HTTP/1.0
User-Agent: DownloadASAP (http://www.downloadasap.com)
Host: www.hidoctor.com.br
http://www.hidoctor.com.br/palm/img/palmpalm.jpg 
GET /palm/img/palmpalm.jpg HTTP/1.0
User-Agent: DownloadASAP (http://www.downloadasap.com)
Host: www.hidoctor.com.br
http://www.downloadasap.com/index.cgi?cmdid=8&vs=1&pin=CABZHDZBFCZBBEXBEEABABAHF&mom=000&channel=CAAZCFBZBDHZCXBABJICFGGH&channel.ver=CABZHDZBFCZBBEXBEEAFEFAIB&spd=0&mvs=DASAP+3.0&mso=WINNT+Service+Pack+1+6.1.7601&mram=4294500352&mcpu=-&ppg=2021%2F5%2F13+2%3A20%3A13&ptm=2021%2F5%2F13+2%3A20%3A13&dtm=0 
GET /index.cgi?cmdid=8&vs=1&pin=CABZHDZBFCZBBEXBEEABABAHF&mom=000&channel=CAAZCFBZBDHZCXBABJICFGGH&channel.ver=CABZHDZBFCZBBEXBEEAFEFAIB&spd=0&mvs=DASAP+3.0&mso=WINNT+Service+Pack+1+6.1.7601&mram=4294500352&mcpu=-&ppg=2021%2F5%2F13+2%3A20%3A13&ptm=2021%2F5%2F13+2%3A20%3A13&dtm=0 HTTP/1.0
User-Agent: DownloadASAP (http://www.downloadasap.com)
Host: www.downloadasap.com
http://download.centralx.com.br/hidoctor/hi8020a_85c86n2.exe 
GET /hidoctor/hi8020a_85c86n2.exe HTTP/1.0
User-Agent: DownloadASAP (http://www.downloadasap.com)
Host: download.centralx.com.br
Range: bytes=1024000-1228800
http://www.hidoctor.com.br/imgs/atua_hi_dasap.jpg 
GET /imgs/atua_hi_dasap.jpg HTTP/1.0
User-Agent: DownloadASAP (http://www.downloadasap.com)
Host: www.hidoctor.com.br
http://download.centralx.com.br/hidoctor/hi8box.jpg 
GET /hidoctor/hi8box.jpg HTTP/1.0
User-Agent: DownloadASAP (http://www.downloadasap.com)
Host: download.centralx.com.br
http://www.hidoctor.com.br/imgs/getacro.jpg 
GET /imgs/getacro.jpg HTTP/1.0
User-Agent: DownloadASAP (http://www.downloadasap.com)
Host: www.hidoctor.com.br
http://www.hidoctor.com.br/imgs/manual_impressao.jpg 
GET /imgs/manual_impressao.jpg HTTP/1.0
User-Agent: DownloadASAP (http://www.downloadasap.com)
Host: www.hidoctor.com.br
http://download.centralx.com.br/hidoctor/hi8020a_85c86n2.exe 
GET /hidoctor/hi8020a_85c86n2.exe HTTP/1.0
User-Agent: DownloadASAP (http://www.downloadasap.com)
Host: download.centralx.com.br
Range: bytes=614400-819200
http://download.centralx.com.br/hidoctor/hi8020a_85c86n2.exe 
GET /hidoctor/hi8020a_85c86n2.exe HTTP/1.0
User-Agent: DownloadASAP (http://www.downloadasap.com)
Host: download.centralx.com.br
Range: bytes=204800-409600

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.