| entropy | 7.98210667939138 | section | {'size_of_data': '0x0010fe00', 'virtual_address': '0x00001000', 'entropy': 7.98210667939138, 'name': '.text', 'virtual_size': '0x00306c64'} | description | A section with a high entropy has been found | |||||||||
| entropy | 7.804269981969655 | section | {'size_of_data': '0x00001200', 'virtual_address': '0x00308000', 'entropy': 7.804269981969655, 'name': '.text', 'virtual_size': '0x000022e4'} | description | A section with a high entropy has been found | |||||||||
| entropy | 7.9409647287707665 | section | {'size_of_data': '0x00008400', 'virtual_address': '0x0030b000', 'entropy': 7.9409647287707665, 'name': '.data', 'virtual_size': '0x0000cbcc'} | description | A section with a high entropy has been found | |||||||||
| entropy | 6.808580048794839 | section | {'size_of_data': '0x00000600', 'virtual_address': '0x033e5000', 'entropy': 6.808580048794839, 'name': '.data', 'virtual_size': '0x00000bd6'} | description | A section with a high entropy has been found | |||||||||
| entropy | 7.977450929111993 | section | {'size_of_data': '0x00026400', 'virtual_address': '0x033e9000', 'entropy': 7.977450929111993, 'name': '.data', 'virtual_size': '0x00042c24'} | description | A section with a high entropy has been found | |||||||||
| entropy | 7.93342590420978 | section | {'size_of_data': '0x004a6a00', 'virtual_address': '0x0342c000', 'entropy': 7.93342590420978, 'name': '.data', 'virtual_size': '0x005cbe00'} | description | A section with a high entropy has been found | |||||||||
| entropy | 7.395723950756055 | section | {'size_of_data': '0x0002a000', 'virtual_address': '0x039fb000', 'entropy': 7.395723950756055, 'name': '.rsrc', 'virtual_size': '0x0002a000'} | description | A section with a high entropy has been found | |||||||||
| entropy | 7.940803983715923 | section | {'size_of_data': '0x00363e00', 'virtual_address': '0x03fcf000', 'entropy': 7.940803983715923, 'name': '.text', 'virtual_size': '0x00363e00'} | description | A section with a high entropy has been found | |||||||||
| entropy | 7.9305739698950095 | section | {'size_of_data': '0x00004800', 'virtual_address': '0x04337000', 'entropy': 7.9305739698950095, 'name': '.data', 'virtual_size': '0x00004800'} | description | A section with a high entropy has been found | |||||||||
| entropy | 0.9977923028764357 | description | Overall entropy of this PE file is high | |||||||||||
| host | 172.217.24.14 | |||
| host | 203.208.41.65 | |||
| registry | HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion |
| registry | HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion |
| registry | HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__ |
| Time & API | Arguments | Status | Return | Repeated |
|---|---|---|---|---|
|
1620842161.238875 NtQuerySystemInformation |
information_class:
76
(SystemFirmwareTableInformation)
|
failed | 3221225507 | 0 |
| dead_host | 192.168.56.101:49189 |
| dead_host | 203.208.41.65:80 |
| Ordinal | Address | Name |
|---|---|---|
| 3 | 0x4da218 | TMethodImplementationIntercept |
| 2 | 0x411a0c | __dbk_fcall_wrapper |
| 1 | 0x71b63c | dbkFCallWrapperAddr |
No hosts contacted.
| Name | Response | Post-Analysis Lookup |
|---|---|---|
| time.windows.com |
A 20.189.79.72
CNAME time.microsoft.akadns.net |
|
| clients2.google.com |
A 172.217.160.78
CNAME clients.l.google.com |
172.217.160.78 |
| dns.msftncsi.com | AAAA fd3e:4f5a:5b81::1 | 131.107.255.255 |
| dns.msftncsi.com | A 131.107.255.255 | 131.107.255.255 |
| teredo.ipv6.microsoft.com |
No TCP connections recorded.
| Source | Source Port | Destination | Destination Port |
|---|---|---|---|
| 192.168.56.101 | 53237 | 114.114.114.114 | 53 |
| 192.168.56.101 | 57756 | 114.114.114.114 | 53 |
| 192.168.56.101 | 57874 | 114.114.114.114 | 53 |
| 192.168.56.101 | 60384 | 114.114.114.114 | 53 |
| 192.168.56.101 | 62318 | 114.114.114.114 | 53 |
| 192.168.56.101 | 137 | 192.168.56.255 | 137 |
| 192.168.56.101 | 138 | 192.168.56.255 | 138 |
| 192.168.56.101 | 123 | 20.189.79.72 time.windows.com | 123 |
| 192.168.56.101 | 49235 | 224.0.0.252 | 5355 |
| 192.168.56.101 | 49713 | 224.0.0.252 | 5355 |
| 192.168.56.101 | 50534 | 224.0.0.252 | 5355 |
| 192.168.56.101 | 51378 | 224.0.0.252 | 5355 |
| 192.168.56.101 | 51963 | 224.0.0.252 | 5355 |
| 192.168.56.101 | 53657 | 224.0.0.252 | 5355 |
| 192.168.56.101 | 56804 | 224.0.0.252 | 5355 |
| 192.168.56.101 | 62191 | 224.0.0.252 | 5355 |
| 192.168.56.101 | 63429 | 224.0.0.252 | 5355 |
| 192.168.56.101 | 1900 | 239.255.255.250 | 1900 |
| 192.168.56.101 | 50537 | 239.255.255.250 | 1900 |
| 192.168.56.101 | 50539 | 239.255.255.250 | 3702 |
No HTTP requests performed.
No ICMP traffic performed.
No IRC requests performed.
No Suricata Alerts
No Suricata TLS
No Snort Alerts