SmartHawk

5.8

高危

55 个模型检测该样本为恶意！

重新分析

下载样本

f58206c0e3f90670105f3d92f49e4f3e4dd36970697f24de762862f24ea130cf

29050c69c6fcc2cfa605ed01e0eae97b.exe

分析耗时

93s

最近分析

文件大小

621.5KB

静态报毒动态报毒 100% AI SCORE=82 ASHIFY ATTRIBUTE BTJTXN CLOUD CONFIDENCE DELF DOWNLOADER33 EKLE FAKEALERT FAKEXLS@CV GDSDA GENCIRC GENERICKD GENKRYPTIK GULOADER HIGH CONFIDENCE HIGHCONFIDENCE HKCNPR IGENT MALWARE@#JAN2CFARRMM0 MKX@AQNEQ1JI R011C0WED20 SONBOKLI SUSGEN SUSPICIOUS PE TSCOPE UNSAFE ZAXAM ZELPHICO 更多

未检测暂无鹰眼引擎检测结果

查杀引擎	查杀结果	查杀时间	查杀版本
McAfee	RDN/Generic Downloader.x	20200528	6.0.6.653
CrowdStrike	win/malicious_confidence_100% (W)	20190702	1.0
Alibaba	TrojanDownloader:Win32/zaxam.cfbf8051	20190527	0.3.0.5
Avast	Win32:Trojan-gen	20200528	18.4.3895.0
Tencent	Malware.Win32.Gencirc.10cdcab0	20200528	1.0.0.1
Baidu		20190318	1.0.0.2
Kingsoft		20200528	2013.8.14.323

The executable contains unknown PE section names indicative of a packer (could be a false positive) (1 个事件)

section

.itext

The executable uses a known packer (1 个事件)

packer

BobSoft Mini Delphi -> BoB / BobSoft

One or more processes crashed (1 个事件)

Time & API	Arguments	Status	Return	Repeated
1619378705.759627 __exception__	stacktrace: registers.esp: 58260528 registers.edi: 6329504 registers.eax: 0 registers.ebp: 0 registers.edx: 0 registers.ebx: 36 registers.esi: 16 registers.ecx: 0 exception.instruction_r: 8b 41 3c 99 03 04 24 13 54 24 04 83 c4 08 89 04 exception.instruction: mov eax, dword ptr [ecx + 0x3c] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x608ed5	success	0	0

Allocates read-write-execute memory (usually to unpack itself) (1 个事件)

Time & API	Arguments	Status	Return	Repeated
1619378653.446627 NtAllocateVirtualMemory	process_identifier: 1948 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 4096 (MEM_COMMIT) base_address: 0x004d0000	success	0	0

Downloads a file or document from Google Drive (1 个事件)

domain

drive.google.com

Checks adapter addresses which can be used to detect virtual network interfaces (1 个事件)

Time & API	Arguments	Status	Return	Repeated
1619378682.025627 GetAdaptersAddresses	flags: 0 family: 0	failed	111	0

Communicates with host for which no DNS query was performed (1 个事件)

host

172.217.24.14

Sets or modifies WPAD proxy autoconfiguration file for traffic interception (8 个事件)

Time & API	Arguments	Status
1619378684.587627 RegSetValueExA	key_handle: 0x000003b4 value: 1 regkey_r: WpadDecisionReason reg_type: 4 (REG_DWORD) regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionReason	success
1619378684.587627 RegSetValueExA	key_handle: 0x000003b4 value: ÀöæÓ9× regkey_r: WpadDecisionTime reg_type: 3 (REG_BINARY) regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionTime	success
1619378684.587627 RegSetValueExA	key_handle: 0x000003b4 value: 3 regkey_r: WpadDecision reg_type: 4 (REG_DWORD) regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecision	success
1619378684.587627 RegSetValueExW	key_handle: 0x000003b4 value: 网络 2 regkey_r: WpadNetworkName reg_type: 1 (REG_SZ) regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadNetworkName	success
1619378684.603627 RegSetValueExA	key_handle: 0x000003cc value: 1 regkey_r: WpadDecisionReason reg_type: 4 (REG_DWORD) regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionReason	success
1619378684.603627 RegSetValueExA	key_handle: 0x000003cc value: ÀöæÓ9× regkey_r: WpadDecisionTime reg_type: 3 (REG_BINARY) regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionTime	success
1619378684.603627 RegSetValueExA	key_handle: 0x000003cc value: 3 regkey_r: WpadDecision reg_type: 4 (REG_DWORD) regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecision	success
1619378684.634627 RegSetValueExW	key_handle: 0x000003b0 value: {40112ABE-63B3-43C3-BE93-1440EE3AF106} regkey_r: WpadLastNetwork reg_type: 1 (REG_SZ) regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\WpadLastNetwork	success

File has been identified by 55 AntiVirus engines on VirusTotal as malicious (50 out of 55 个事件)

DrWeb	Trojan.DownLoader33.40735
MicroWorld-eScan	Trojan.GenericKD.33833900
FireEye	Trojan.GenericKD.33833900
McAfee	RDN/Generic Downloader.x
Malwarebytes	Trojan.GuLoader
Zillya	Downloader.Delf.Win32.59111
Sangfor	Malware
CrowdStrike	win/malicious_confidence_100% (W)
Alibaba	TrojanDownloader:Win32/zaxam.cfbf8051
K7GW	Trojan ( 7000000f1 )
K7AntiVirus	Trojan ( 7000000f1 )
Arcabit	Trojan.Generic.D20443AC
BitDefenderTheta	Gen:NN.ZelphiCO.34122.MKX@aqneq1ji
Symantec	ML.Attribute.HighConfidence
TrendMicro-HouseCall	TROJ_GEN.R011C0WED20
Paloalto	generic.ml
Kaspersky	HEUR:Backdoor.Win32.Agent.gen
BitDefender	Trojan.GenericKD.33833900
NANO-Antivirus	Trojan.Win32.FakeAlert.hkcnpr
ViRobot	Trojan.Win32.Z.Agent.636418.C
Avast	Win32:Trojan-gen
Tencent	Malware.Win32.Gencirc.10cdcab0
Ad-Aware	Trojan.GenericKD.33833900
Emsisoft	Trojan.GenericKD.33833900 (B)
Comodo	Malware@#jan2cfarrmm0
F-Secure	Trojan.TR/Dldr.Delf.zaxam
VIPRE	Trojan.Win32.Generic!BT
TrendMicro	TROJ_GEN.R011C0WED20
McAfee-GW-Edition	RDN/Generic Downloader.x
Sophos	Mal/Generic-S
Ikarus	Trojan.Inject
Jiangmin	Backdoor.Agent.hnu
Webroot	W32.Trojan.Gen
Avira	TR/Dldr.Delf.zaxam
Fortinet	MSIL/GenKryptik.EKLE!tr
Antiy-AVL	Trojan/Win32.Sonbokli
Endgame	malicious (high confidence)
Microsoft	Trojan:Win32/Ashify.J!ibt
AegisLab	Trojan.Win32.Agent.m!c
ZoneAlarm	HEUR:Backdoor.Win32.Agent.gen
VBA32	TScope.Trojan.Delf
ALYac	Trojan.GenericKD.33833900
MAX	malware (ai score=82)
Cylance	Unsafe
APEX	Malicious
ESET-NOD32	Win32/TrojanDownloader.Delf.CXL
Rising	Malware.FakeXLS@CV!1.9C3D (CLOUD)
Yandex	Trojan.Igent.bTJtxN.61
SentinelOne	DFI - Suspicious PE
GData	Trojan.GenericKD.33833900

Connects to IP addresses that are no longer responding to requests (legitimate services will remain up-and-running usually) (3 个事件)

dead_host	172.217.24.14:443
dead_host	108.160.162.104:443
dead_host	172.217.160.110:443

暂无二进制图像该样本未生成二进制可视化图像

暂无运行截图该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手，可以帮您分析和解读恶意软件报告。请随时向我提问！

🔍 主要威胁分析

⚡ 行为特征

🛡️ 防护建议

🔧 技术手段

🎯 检测方法

🤖

Static Analysis
Strings

PE Compile Time

1992-06-20 06:22:17

Imports

Library oleaut32.dll:

• 0x47178c SysFreeString

• 0x471790 SysReAllocStringLen

• 0x471794 SysAllocStringLen

Library advapi32.dll:

• 0x47179c RegQueryValueExA

• 0x4717a0 RegOpenKeyExA

• 0x4717a4 RegCloseKey

Library user32.dll:

• 0x4717ac GetKeyboardType

• 0x4717b0 DestroyWindow

• 0x4717b4 LoadStringA

• 0x4717b8 MessageBoxA

• 0x4717bc CharNextA

Library kernel32.dll:

• 0x4717c4 GetACP

• 0x4717c8 Sleep

• 0x4717cc VirtualFree

• 0x4717d0 VirtualAlloc

• 0x4717d4 GetCurrentThreadId

• 0x4717d8 InterlockedDecrement

• 0x4717dc InterlockedIncrement

• 0x4717e0 VirtualQuery

• 0x4717e4 WideCharToMultiByte

• 0x4717e8 MultiByteToWideChar

• 0x4717ec lstrlenA

• 0x4717f0 lstrcpynA

• 0x4717f4 LoadLibraryExA

• 0x4717f8 GetThreadLocale

• 0x4717fc GetStartupInfoA

• 0x471800 GetProcAddress

• 0x471804 GetModuleHandleA

• 0x471808 GetModuleFileNameA

• 0x47180c GetLocaleInfoA

• 0x471810 GetCommandLineA

• 0x471814 FreeLibrary

• 0x471818 FindFirstFileA

• 0x47181c FindClose

• 0x471820 ExitProcess

• 0x471824 CompareStringA

• 0x471828 WriteFile

• 0x47182c UnhandledExceptionFilter

• 0x471830 RtlUnwind

• 0x471834 RaiseException

• 0x471838 GetStdHandle

Library kernel32.dll:

• 0x471840 TlsSetValue

• 0x471844 TlsGetValue

• 0x471848 LocalAlloc

• 0x47184c GetModuleHandleA

Library user32.dll:

• 0x471854 CreateWindowExA

• 0x471858 WindowFromPoint

• 0x47185c WaitMessage

• 0x471860 UpdateWindow

• 0x471864 UnregisterClassA

• 0x471868 UnhookWindowsHookEx

• 0x47186c TranslateMessage

• 0x471870 TranslateMDISysAccel

• 0x471874 TrackPopupMenu

• 0x471878 SystemParametersInfoA

• 0x47187c ShowWindow

• 0x471880 ShowScrollBar

• 0x471884 ShowOwnedPopups

• 0x471888 SetWindowsHookExA

• 0x47188c SetWindowPos

• 0x471890 SetWindowPlacement

• 0x471894 SetWindowLongW

• 0x471898 SetWindowLongA

• 0x47189c SetTimer

• 0x4718a0 SetScrollRange

• 0x4718a4 SetScrollPos

• 0x4718a8 SetScrollInfo

• 0x4718ac SetRect

• 0x4718b0 SetPropA

• 0x4718b4 SetParent

• 0x4718b8 SetMenuItemInfoA

• 0x4718bc SetMenu

• 0x4718c0 SetForegroundWindow

• 0x4718c4 SetFocus

• 0x4718c8 SetCursor

• 0x4718cc SetClassLongA

• 0x4718d0 SetCapture

• 0x4718d4 SetActiveWindow

• 0x4718d8 SendMessageW

• 0x4718dc SendMessageA

• 0x4718e0 ScrollWindow

• 0x4718e4 ScreenToClient

• 0x4718e8 RemovePropA

• 0x4718ec RemoveMenu

• 0x4718f0 ReleaseDC

• 0x4718f4 ReleaseCapture

• 0x4718f8 RegisterWindowMessageA

• 0x4718fc RegisterClipboardFormatA

• 0x471900 RegisterClassA

• 0x471904 RedrawWindow

• 0x471908 PtInRect

• 0x47190c PostQuitMessage

• 0x471910 PostMessageA

• 0x471914 PeekMessageW

• 0x471918 PeekMessageA

• 0x47191c OffsetRect

• 0x471920 OemToCharA

• 0x471924 MessageBoxA

• 0x471928 MapWindowPoints

• 0x47192c MapVirtualKeyA

• 0x471930 LoadStringA

• 0x471934 LoadKeyboardLayoutA

• 0x471938 LoadIconA

• 0x47193c LoadCursorA

• 0x471940 LoadBitmapA

• 0x471944 KillTimer

• 0x471948 IsZoomed

• 0x47194c IsWindowVisible

• 0x471950 IsWindowUnicode

• 0x471954 IsWindowEnabled

• 0x471958 IsWindow

• 0x47195c IsRectEmpty

• 0x471960 IsIconic

• 0x471964 IsDialogMessageW

• 0x471968 IsDialogMessageA

• 0x47196c IsChild

• 0x471970 InvalidateRect

• 0x471974 IntersectRect

• 0x471978 InsertMenuItemA

• 0x47197c InsertMenuA

• 0x471980 InflateRect

• 0x471984 GetWindowThreadProcessId

• 0x471988 GetWindowTextA

• 0x47198c GetWindowRect

• 0x471990 GetWindowPlacement

• 0x471994 GetWindowLongW

• 0x471998 GetWindowLongA

• 0x47199c GetWindowDC

• 0x4719a0 GetTopWindow

• 0x4719a4 GetSystemMetrics

• 0x4719a8 GetSystemMenu

• 0x4719ac GetSysColorBrush

• 0x4719b0 GetSysColor

• 0x4719b4 GetSubMenu

• 0x4719b8 GetScrollRange

• 0x4719bc GetScrollPos

• 0x4719c0 GetScrollInfo

• 0x4719c4 GetPropA

• 0x4719c8 GetParent

• 0x4719cc GetWindow

• 0x4719d0 GetMessagePos

• 0x4719d4 GetMenuStringA

• 0x4719d8 GetMenuState

• 0x4719dc GetMenuItemInfoA

• 0x4719e0 GetMenuItemID

• 0x4719e4 GetMenuItemCount

• 0x4719e8 GetMenu

• 0x4719ec GetLastActivePopup

• 0x4719f0 GetKeyboardState

• 0x4719f4 GetKeyboardLayoutNameA

• 0x4719f8 GetKeyboardLayoutList

• 0x4719fc GetKeyboardLayout

• 0x471a00 GetKeyState

• 0x471a04 GetKeyNameTextA

• 0x471a08 GetIconInfo

• 0x471a0c GetForegroundWindow

• 0x471a10 GetFocus

• 0x471a14 GetDesktopWindow

• 0x471a18 GetDCEx

• 0x471a1c GetDC

• 0x471a20 GetCursorPos

• 0x471a24 GetCursor

• 0x471a28 GetClipboardData

• 0x471a2c GetClientRect

• 0x471a30 GetClassLongA

• 0x471a34 GetClassInfoA

• 0x471a38 GetCapture

• 0x471a3c GetActiveWindow

• 0x471a40 FrameRect

• 0x471a44 FindWindowA

• 0x471a48 FillRect

• 0x471a4c EqualRect

• 0x471a50 EnumWindows

• 0x471a54 EnumThreadWindows

• 0x471a58 EnumDisplayDevicesA

• 0x471a5c EnumChildWindows

• 0x471a60 EndPaint

• 0x471a64 EnableWindow

• 0x471a68 EnableScrollBar

• 0x471a6c EnableMenuItem

• 0x471a70 DrawTextA

• 0x471a74 DrawMenuBar

• 0x471a78 DrawIconEx

• 0x471a7c DrawIcon

• 0x471a80 DrawFrameControl

• 0x471a84 DrawEdge

• 0x471a88 DispatchMessageW

• 0x471a8c DispatchMessageA

• 0x471a90 DestroyWindow

• 0x471a94 DestroyMenu

• 0x471a98 DestroyIcon

• 0x471a9c DestroyCursor

• 0x471aa0 DeleteMenu

• 0x471aa4 DefWindowProcA

• 0x471aa8 DefMDIChildProcA

• 0x471aac DefFrameProcA

• 0x471ab0 CreatePopupMenu

• 0x471ab4 CreateMenu

• 0x471ab8 CreateIcon

• 0x471abc ClientToScreen

• 0x471ac0 CheckMenuItem

• 0x471ac4 CallWindowProcA

• 0x471ac8 CallNextHookEx

• 0x471acc BeginPaint

• 0x471ad0 CharNextA

• 0x471ad4 CharLowerBuffA

• 0x471ad8 CharLowerA

• 0x471adc CharToOemA

• 0x471ae0 AdjustWindowRectEx

• 0x471ae4 ActivateKeyboardLayout

Library gdi32.dll:

• 0x471aec UnrealizeObject

• 0x471af0 StretchBlt

• 0x471af4 SetWindowOrgEx

• 0x471af8 SetWinMetaFileBits

• 0x471afc SetViewportOrgEx

• 0x471b00 SetTextColor

• 0x471b04 SetStretchBltMode

• 0x471b08 SetROP2

• 0x471b0c SetPixel

• 0x471b10 SetEnhMetaFileBits

• 0x471b14 SetDIBColorTable

• 0x471b18 SetBrushOrgEx

• 0x471b1c SetBkMode

• 0x471b20 SetBkColor

• 0x471b24 SelectPalette

• 0x471b28 SelectObject

• 0x471b2c SaveDC

• 0x471b30 RestoreDC

• 0x471b34 Rectangle

• 0x471b38 RectVisible

• 0x471b3c RealizePalette

• 0x471b40 Polyline

• 0x471b44 PlayEnhMetaFile

• 0x471b48 PatBlt

• 0x471b4c MoveToEx

• 0x471b50 MaskBlt

• 0x471b54 LineTo

• 0x471b58 IntersectClipRect

• 0x471b5c GetWindowOrgEx

• 0x471b60 GetWinMetaFileBits

• 0x471b64 GetTextMetricsA

• 0x471b68 GetTextExtentPoint32A

• 0x471b6c GetSystemPaletteEntries

• 0x471b70 GetStockObject

• 0x471b74 GetRgnBox

• 0x471b78 GetPixel

• 0x471b7c GetPaletteEntries

• 0x471b80 GetObjectA

• 0x471b84 GetEnhMetaFilePaletteEntries

• 0x471b88 GetEnhMetaFileHeader

• 0x471b8c GetEnhMetaFileBits

• 0x471b90 GetDeviceCaps

• 0x471b94 GetDIBits

• 0x471b98 GetDIBColorTable

• 0x471b9c GetDCOrgEx

• 0x471ba0 GetCurrentPositionEx

• 0x471ba4 GetClipBox

• 0x471ba8 GetBrushOrgEx

• 0x471bac GetBitmapBits

• 0x471bb0 ExtTextOutA

• 0x471bb4 ExcludeClipRect

• 0x471bb8 DeleteObject

• 0x471bbc DeleteEnhMetaFile

• 0x471bc0 DeleteDC

• 0x471bc4 CreateSolidBrush

• 0x471bc8 CreatePenIndirect

• 0x471bcc CreatePalette

• 0x471bd0 CreateHalftonePalette

• 0x471bd4 CreateFontIndirectA

• 0x471bd8 CreateDIBitmap

• 0x471bdc CreateDIBSection

• 0x471be0 CreateCompatibleDC

• 0x471be4 CreateCompatibleBitmap

• 0x471be8 CreateBrushIndirect

• 0x471bec CreateBitmap

• 0x471bf0 CopyEnhMetaFileA

• 0x471bf4 BitBlt

Library version.dll:

• 0x471bfc VerQueryValueA

• 0x471c00 GetFileVersionInfoSizeA

• 0x471c04 GetFileVersionInfoA

Library kernel32.dll:

• 0x471c0c lstrcpyA

• 0x471c10 WriteFile

• 0x471c14 WaitForSingleObject

• 0x471c18 VirtualQuery

• 0x471c1c VirtualProtect

• 0x471c20 VirtualAlloc

• 0x471c24 SizeofResource

• 0x471c28 SetThreadLocale

• 0x471c2c SetFilePointer

• 0x471c30 SetEvent

• 0x471c34 SetErrorMode

• 0x471c38 SetEndOfFile

• 0x471c3c ResetEvent

• 0x471c40 ReadFile

• 0x471c44 MulDiv

• 0x471c48 LockResource

• 0x471c4c LoadResource

• 0x471c50 LoadLibraryA

• 0x471c54 LeaveCriticalSection

• 0x471c58 InitializeCriticalSection

• 0x471c5c GlobalMemoryStatus

• 0x471c60 GlobalFindAtomA

• 0x471c64 GlobalDeleteAtom

• 0x471c68 GlobalAddAtomA

• 0x471c6c GetWindowsDirectoryA

• 0x471c70 GetVersionExA

• 0x471c74 GetVersion

• 0x471c78 GetTickCount

• 0x471c7c GetThreadLocale

• 0x471c80 GetStdHandle

• 0x471c84 GetProcAddress

• 0x471c88 GetModuleHandleA

• 0x471c8c GetModuleFileNameA

• 0x471c90 GetLogicalDrives

• 0x471c94 GetLocaleInfoA

• 0x471c98 GetLocalTime

• 0x471c9c GetLastError

• 0x471ca0 GetFullPathNameA

• 0x471ca4 GetDriveTypeA

• 0x471ca8 GetDiskFreeSpaceA

• 0x471cac GetDateFormatA

• 0x471cb0 GetCurrentThreadId

• 0x471cb4 GetCurrentProcessId

• 0x471cb8 GetCPInfo

• 0x471cbc FreeResource

• 0x471cc0 InterlockedExchange

• 0x471cc4 FreeLibrary

• 0x471cc8 FormatMessageA

• 0x471ccc FindResourceA

• 0x471cd0 EnumCalendarInfoA

• 0x471cd4 EnterCriticalSection

• 0x471cd8 DeleteCriticalSection

• 0x471cdc CreateThread

• 0x471ce0 CreateFileA

• 0x471ce4 CreateEventA

• 0x471ce8 CompareStringA

• 0x471cec CloseHandle

Library advapi32.dll:

• 0x471cf4 RegSetValueExA

• 0x471cf8 RegQueryValueExA

• 0x471cfc RegOpenKeyExA

• 0x471d00 RegFlushKey

• 0x471d04 RegCreateKeyExA

• 0x471d08 RegCloseKey

Library kernel32.dll:

• 0x471d10 Sleep

Library oleaut32.dll:

• 0x471d18 SafeArrayPtrOfIndex

• 0x471d1c SafeArrayGetUBound

• 0x471d20 SafeArrayGetLBound

• 0x471d24 SafeArrayCreate

• 0x471d28 VariantChangeType

• 0x471d2c VariantCopy

• 0x471d30 VariantClear

• 0x471d34 VariantInit

Library comctl32.dll:

• 0x471d3c _TrackMouseEvent

• 0x471d40 ImageList_SetIconSize

• 0x471d44 ImageList_GetIconSize

• 0x471d48 ImageList_Write

• 0x471d4c ImageList_Read

• 0x471d50 ImageList_GetDragImage

• 0x471d54 ImageList_DragShowNolock

• 0x471d58 ImageList_DragMove

• 0x471d5c ImageList_DragLeave

• 0x471d60 ImageList_DragEnter

• 0x471d64 ImageList_EndDrag

• 0x471d68 ImageList_BeginDrag

• 0x471d6c ImageList_Remove

• 0x471d70 ImageList_DrawEx

• 0x471d74 ImageList_Replace

• 0x471d78 ImageList_Draw

• 0x471d7c ImageList_GetBkColor

• 0x471d80 ImageList_SetBkColor

• 0x471d84 ImageList_Add

• 0x471d88 ImageList_GetImageCount

• 0x471d8c ImageList_Destroy

• 0x471d90 ImageList_Create

• 0x471d94 InitCommonControls

Library shell32.dll:

• 0x471d9c ShellExecuteA

Library wsock32.dll:

• 0x471da4 WSACleanup

• 0x471da8 WSAStartup

• 0x471dac gethostname

• 0x471db0 gethostbyname

• 0x471db4 inet_ntoa

Library URL.DLL:

• 0x471dbc InetIsOffline

Hosts

No hosts contacted.

DNS

Name	Response	Post-Analysis Lookup
time.windows.com	A 20.189.79.72 CNAME time.microsoft.akadns.net
dns.msftncsi.com	A 131.107.255.255	131.107.255.255
clients2.google.com	A 172.217.160.110 CNAME clients.l.google.com	172.217.160.78
drive.google.com	A 108.160.162.104	64.13.192.76
dns.msftncsi.com	AAAA fd3e:4f5a:5b81::1	131.107.255.255
teredo.ipv6.microsoft.com		127.0.0.1

TCP

No TCP connections recorded.

UDP

Source	Source Port	Destination	Destination Port
192.168.56.101	49235	114.114.114.114	53
192.168.56.101	51963	114.114.114.114	53
192.168.56.101	53210	114.114.114.114	53
192.168.56.101	53657	114.114.114.114	53
192.168.56.101	54178	114.114.114.114	53
192.168.56.101	55368	114.114.114.114	53
192.168.56.101	56539	114.114.114.114	53
192.168.56.101	137	192.168.56.255	137
192.168.56.101	138	192.168.56.255	138
192.168.56.101	123	20.189.79.72 time.windows.com	123
192.168.56.101	50002	224.0.0.252	5355
192.168.56.101	50534	224.0.0.252	5355
192.168.56.101	51808	224.0.0.252	5355
192.168.56.101	53380	224.0.0.252	5355
192.168.56.101	56804	224.0.0.252	5355
192.168.56.101	57756	224.0.0.252	5355
192.168.56.101	57874	224.0.0.252	5355
192.168.56.101	60123	224.0.0.252	5355
192.168.56.101	60221	224.0.0.252	5355
192.168.56.101	60384	224.0.0.252	5355

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.

Sorry! No dropped buffers.