2.6
中危
1 个模型检测该样本为恶意!
重新分析
更多

9c7589dbfe98104ab34abb1cc934ecd993946120931ebe929e0e41ec7aa676f3

292e67bdd8dbe53b85ef0d1ced217655.exe

分析耗时

77s

最近分析

文件大小

5.7MB
静态报毒 动态报毒 SWEETLABS
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
McAfee 20200918 6.0.6.653
Alibaba 20190527 0.3.0.5
Avast 20200918 18.4.3895.0
Baidu 20190318 1.0.0.2
Kingsoft 20200919 2013.8.14.323
Tencent 20200919 1.0.0.1
CrowdStrike 20190702 1.0
行为判定
动态指标
Foreign language identified in PE resource (49 个事件)
name RT_STRING language LANG_CHINESE offset 0x0059c9c8 filetype data sublanguage *unknown* size 0x00000058
name RT_STRING language LANG_CHINESE offset 0x0059c9c8 filetype data sublanguage *unknown* size 0x00000058
name RT_STRING language LANG_CHINESE offset 0x0059c9c8 filetype data sublanguage *unknown* size 0x00000058
name RT_STRING language LANG_CHINESE offset 0x0059c9c8 filetype data sublanguage *unknown* size 0x00000058
name RT_STRING language LANG_CHINESE offset 0x0059c9c8 filetype data sublanguage *unknown* size 0x00000058
name RT_STRING language LANG_CHINESE offset 0x0059c9c8 filetype data sublanguage *unknown* size 0x00000058
name RT_STRING language LANG_CHINESE offset 0x0059c9c8 filetype data sublanguage *unknown* size 0x00000058
name RT_STRING language LANG_CHINESE offset 0x0059c9c8 filetype data sublanguage *unknown* size 0x00000058
name RT_STRING language LANG_CHINESE offset 0x0059c9c8 filetype data sublanguage *unknown* size 0x00000058
name RT_STRING language LANG_CHINESE offset 0x0059c9c8 filetype data sublanguage *unknown* size 0x00000058
name RT_STRING language LANG_CHINESE offset 0x0059c9c8 filetype data sublanguage *unknown* size 0x00000058
name RT_STRING language LANG_CHINESE offset 0x0059c9c8 filetype data sublanguage *unknown* size 0x00000058
name RT_STRING language LANG_CHINESE offset 0x0059c9c8 filetype data sublanguage *unknown* size 0x00000058
name RT_STRING language LANG_CHINESE offset 0x0059c9c8 filetype data sublanguage *unknown* size 0x00000058
name RT_STRING language LANG_CHINESE offset 0x0059c9c8 filetype data sublanguage *unknown* size 0x00000058
name RT_STRING language LANG_CHINESE offset 0x0059c9c8 filetype data sublanguage *unknown* size 0x00000058
name RT_STRING language LANG_CHINESE offset 0x0059c9c8 filetype data sublanguage *unknown* size 0x00000058
name RT_STRING language LANG_CHINESE offset 0x0059c9c8 filetype data sublanguage *unknown* size 0x00000058
name RT_STRING language LANG_CHINESE offset 0x0059c9c8 filetype data sublanguage *unknown* size 0x00000058
name RT_STRING language LANG_CHINESE offset 0x0059c9c8 filetype data sublanguage *unknown* size 0x00000058
name RT_STRING language LANG_CHINESE offset 0x0059c9c8 filetype data sublanguage *unknown* size 0x00000058
name RT_STRING language LANG_CHINESE offset 0x0059c9c8 filetype data sublanguage *unknown* size 0x00000058
name RT_STRING language LANG_CHINESE offset 0x0059c9c8 filetype data sublanguage *unknown* size 0x00000058
name RT_STRING language LANG_CHINESE offset 0x0059c9c8 filetype data sublanguage *unknown* size 0x00000058
name RT_STRING language LANG_CHINESE offset 0x0059c9c8 filetype data sublanguage *unknown* size 0x00000058
name RT_STRING language LANG_CHINESE offset 0x0059c9c8 filetype data sublanguage *unknown* size 0x00000058
name RT_STRING language LANG_CHINESE offset 0x0059c9c8 filetype data sublanguage *unknown* size 0x00000058
name RT_STRING language LANG_CHINESE offset 0x0059c9c8 filetype data sublanguage *unknown* size 0x00000058
name RT_STRING language LANG_CHINESE offset 0x0059c9c8 filetype data sublanguage *unknown* size 0x00000058
name RT_STRING language LANG_CHINESE offset 0x0059c9c8 filetype data sublanguage *unknown* size 0x00000058
name RT_STRING language LANG_CHINESE offset 0x0059c9c8 filetype data sublanguage *unknown* size 0x00000058
name RT_STRING language LANG_CHINESE offset 0x0059c9c8 filetype data sublanguage *unknown* size 0x00000058
name RT_STRING language LANG_CHINESE offset 0x0059c9c8 filetype data sublanguage *unknown* size 0x00000058
name RT_STRING language LANG_CHINESE offset 0x0059c9c8 filetype data sublanguage *unknown* size 0x00000058
name RT_STRING language LANG_CHINESE offset 0x0059c9c8 filetype data sublanguage *unknown* size 0x00000058
name RT_STRING language LANG_CHINESE offset 0x0059c9c8 filetype data sublanguage *unknown* size 0x00000058
name RT_STRING language LANG_CHINESE offset 0x0059c9c8 filetype data sublanguage *unknown* size 0x00000058
name RT_STRING language LANG_CHINESE offset 0x0059c9c8 filetype data sublanguage *unknown* size 0x00000058
name RT_STRING language LANG_CHINESE offset 0x0059c9c8 filetype data sublanguage *unknown* size 0x00000058
name RT_STRING language LANG_CHINESE offset 0x0059c9c8 filetype data sublanguage *unknown* size 0x00000058
name RT_STRING language LANG_CHINESE offset 0x0059c9c8 filetype data sublanguage *unknown* size 0x00000058
name RT_STRING language LANG_CHINESE offset 0x0059c9c8 filetype data sublanguage *unknown* size 0x00000058
name RT_STRING language LANG_CHINESE offset 0x0059c9c8 filetype data sublanguage *unknown* size 0x00000058
name RT_STRING language LANG_CHINESE offset 0x0059c9c8 filetype data sublanguage *unknown* size 0x00000058
name RT_STRING language LANG_CHINESE offset 0x0059c9c8 filetype data sublanguage *unknown* size 0x00000058
name RT_STRING language LANG_CHINESE offset 0x0059c9c8 filetype data sublanguage *unknown* size 0x00000058
name RT_STRING language LANG_CHINESE offset 0x0059c9c8 filetype data sublanguage *unknown* size 0x00000058
name RT_STRING language LANG_CHINESE offset 0x0059c9c8 filetype data sublanguage *unknown* size 0x00000058
name RT_STRING language LANG_CHINESE offset 0x0059c9c8 filetype data sublanguage *unknown* size 0x00000058
File has been identified by one AntiVirus engine on VirusTotal as malicious (1 个事件)
DrWeb Adware.SweetLabs.3
The binary likely contains encrypted or compressed data indicative of a packer (1 个事件)
entropy 7.5992584134727315 section {'size_of_data': '0x0002e800', 'virtual_address': '0x0057c000', 'entropy': 7.5992584134727315, 'name': '.rsrc', 'virtual_size': '0x0002e7c8'} description A section with a high entropy has been found
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

2020-08-25 01:39:26

Imports

Library KERNEL32.dll:
0x1403cb278 CopyFileW
0x1403cb280 LoadLibraryW
0x1403cb290 OpenEventW
0x1403cb298 FreeEnvironmentStringsW
0x1403cb2a0 GetEnvironmentStringsW
0x1403cb2a8 SetEnvironmentVariableW
0x1403cb2b0 lstrlenW
0x1403cb2b8 LeaveCriticalSection
0x1403cb2c0 EnterCriticalSection
0x1403cb2c8 EnumResourceNamesW
0x1403cb2d0 LoadLibraryExW
0x1403cb2d8 GetFileAttributesW
0x1403cb2e0 GetCurrentThread
0x1403cb2e8 OutputDebugStringW
0x1403cb2f0 FindClose
0x1403cb2f8 FindNextFileW
0x1403cb300 DeleteFileW
0x1403cb308 FindFirstFileW
0x1403cb310 GetDiskFreeSpaceExW
0x1403cb318 GetFileAttributesExW
0x1403cb328 FileTimeToSystemTime
0x1403cb330 SystemTimeToFileTime
0x1403cb338 ReadFile
0x1403cb340 CreateFileW
0x1403cb348 WriteFile
0x1403cb350 SetFilePointer
0x1403cb358 GetTempFileNameW
0x1403cb370 GetTempPathW
0x1403cb378 CreateDirectoryW
0x1403cb388 IsWow64Process
0x1403cb390 FindFirstFileExW
0x1403cb398 GetLongPathNameW
0x1403cb3a0 GetVolumeInformationW
0x1403cb3a8 GetSystemDirectoryW
0x1403cb3b0 GetComputerNameW
0x1403cb3b8 TlsGetValue
0x1403cb3c0 GetThreadLocale
0x1403cb3c8 TlsSetValue
0x1403cb3d0 SetThreadLocale
0x1403cb3d8 TlsAlloc
0x1403cb3e0 WaitForSingleObject
0x1403cb3e8 DisconnectNamedPipe
0x1403cb3f0 FlushFileBuffers
0x1403cb3f8 GetNamedPipeInfo
0x1403cb400 SetNamedPipeHandleState
0x1403cb408 WaitNamedPipeW
0x1403cb410 ConnectNamedPipe
0x1403cb418 CreateNamedPipeW
0x1403cb420 GetThreadPriority
0x1403cb428 SetThreadPriority
0x1403cb430 TerminateThread
0x1403cb438 GetExitCodeThread
0x1403cb440 CreateThread
0x1403cb448 Sleep
0x1403cb450 GetFileSize
0x1403cb460 DeleteCriticalSection
0x1403cb468 MoveFileExW
0x1403cb470 CreateMutexA
0x1403cb478 ReleaseMutex
0x1403cb480 GetFileSizeEx
0x1403cb488 FreeResource
0x1403cb490 LockResource
0x1403cb498 LoadResource
0x1403cb4a0 SizeofResource
0x1403cb4a8 FindResourceW
0x1403cb4b0 FindResourceExW
0x1403cb4c0 CompareStringW
0x1403cb4c8 DosDateTimeToFileTime
0x1403cb4d0 GetUserGeoID
0x1403cb4d8 GetConsoleDisplayMode
0x1403cb4e0 WideCharToMultiByte
0x1403cb4e8 GetStringTypeW
0x1403cb4f0 MultiByteToWideChar
0x1403cb4f8 EncodePointer
0x1403cb500 DecodePointer
0x1403cb508 GetSystemTimeAsFileTime
0x1403cb510 GetSystemInfo
0x1403cb518 ReleaseSemaphore
0x1403cb520 TlsFree
0x1403cb528 SetWaitableTimer
0x1403cb530 OpenEventA
0x1403cb538 ResumeThread
0x1403cb548 WaitForMultipleObjectsEx
0x1403cb550 CreateWaitableTimerA
0x1403cb558 FormatMessageA
0x1403cb560 WriteConsoleW
0x1403cb568 GetFileType
0x1403cb570 GetStdHandle
0x1403cb578 RtlPcToFileHeader
0x1403cb580 RtlLookupFunctionEntry
0x1403cb588 RtlUnwindEx
0x1403cb590 ExitProcess
0x1403cb598 GetCommandLineW
0x1403cb5a0 GetStartupInfoW
0x1403cb5a8 VirtualProtect
0x1403cb5b0 VirtualAlloc
0x1403cb5b8 SetThreadStackGuarantee
0x1403cb5c0 VirtualQuery
0x1403cb5c8 HeapReAlloc
0x1403cb5d0 GetDateFormatW
0x1403cb5d8 GetTimeFormatW
0x1403cb5e0 LCMapStringW
0x1403cb5e8 GetCPInfo
0x1403cb5f0 ExitThread
0x1403cb5f8 UnhandledExceptionFilter
0x1403cb608 IsDebuggerPresent
0x1403cb610 RtlVirtualUnwind
0x1403cb618 RtlCaptureContext
0x1403cb620 TerminateProcess
0x1403cb628 SetConsoleCtrlHandler
0x1403cb630 HeapSetInformation
0x1403cb638 GetVersion
0x1403cb640 HeapCreate
0x1403cb648 HeapDestroy
0x1403cb650 FlsGetValue
0x1403cb658 FlsSetValue
0x1403cb660 FlsFree
0x1403cb668 FlsAlloc
0x1403cb670 HeapSize
0x1403cb678 SetHandleCount
0x1403cb680 FatalAppExitA
0x1403cb688 QueryPerformanceCounter
0x1403cb690 GetACP
0x1403cb698 GetOEMCP
0x1403cb6a0 IsValidCodePage
0x1403cb6a8 SetEnvironmentVariableA
0x1403cb6b0 GetConsoleCP
0x1403cb6b8 GetConsoleMode
0x1403cb6c0 GetTimeZoneInformation
0x1403cb6c8 GetUserDefaultLCID
0x1403cb6d0 GetLocaleInfoA
0x1403cb6d8 EnumSystemLocalesA
0x1403cb6e0 IsValidLocale
0x1403cb6e8 CreateFileA
0x1403cb6f0 SetStdHandle
0x1403cb6f8 SetEndOfFile
0x1403cb700 lstrlenA
0x1403cb708 GetModuleHandleA
0x1403cb710 UnregisterWaitEx
0x1403cb728 GetLocaleInfoW
0x1403cb730 GetUserDefaultUILanguage
0x1403cb740 GetEnvironmentVariableW
0x1403cb748 GetModuleFileNameW
0x1403cb750 GetCurrentProcess
0x1403cb758 CreateToolhelp32Snapshot
0x1403cb760 Process32FirstW
0x1403cb768 Process32NextW
0x1403cb770 GetModuleHandleW
0x1403cb778 OpenProcess
0x1403cb780 GetVersionExW
0x1403cb788 VerSetConditionMask
0x1403cb790 VerifyVersionInfoW
0x1403cb798 RaiseException
0x1403cb7a0 LoadLibraryA
0x1403cb7a8 FreeLibrary
0x1403cb7b0 GetProcAddress
0x1403cb7b8 LocalAlloc
0x1403cb7c0 PeekNamedPipe
0x1403cb7c8 GetEnvironmentVariableA
0x1403cb7d0 SleepEx
0x1403cb7d8 GetSystemDirectoryA
0x1403cb7e0 VerifyVersionInfoA
0x1403cb7e8 CreateDirectoryA
0x1403cb7f8 GlobalFree
0x1403cb800 DeleteFileA
0x1403cb808 SetDllDirectoryW
0x1403cb810 SetDefaultDllDirectories
0x1403cb818 SetLastError
0x1403cb820 GetCurrentThreadId
0x1403cb828 LocalFree
0x1403cb830 GetCurrentProcessId
0x1403cb838 ProcessIdToSessionId
0x1403cb840 FreeConsole
0x1403cb848 AttachConsole
0x1403cb858 WaitForMultipleObjects
0x1403cb868 GetLastError
0x1403cb870 CreateEventW
0x1403cb878 ResetEvent
0x1403cb880 GetTickCount
0x1403cb888 SetEvent
0x1403cb898 HeapAlloc
0x1403cb8a0 WaitForSingleObjectEx
0x1403cb8a8 GetProcessHeap
0x1403cb8b0 HeapFree
0x1403cb8b8 CloseHandle
0x1403cb8c0 TryEnterCriticalSection
0x1403cb8c8 GetDriveTypeW
0x1403cb8d0 SetCurrentDirectoryW
0x1403cb8d8 GetCurrentDirectoryW
0x1403cb8e0 GetFullPathNameA
0x1403cb8e8 GetFileAttributesA
0x1403cb8f0 SetFileAttributesA
0x1403cb8f8 FindFirstFileExA
0x1403cb900 GetDriveTypeA
0x1403cb908 FileTimeToLocalFileTime
0x1403cb910 GetSystemTime
0x1403cb918 ConvertThreadToFiber
0x1403cb920 ConvertFiberToThread
0x1403cb928 CreateFiber
0x1403cb930 SwitchToFiber
0x1403cb938 DeleteFiber
0x1403cb940 FormatMessageW
0x1403cb948 ReadConsoleW
0x1403cb950 ReadConsoleA
0x1403cb958 SetConsoleMode
0x1403cb960 MoveFileExA
0x1403cb968 CreateEventA
Library gdiplus.dll:
0x1403cbd48 GdiplusStartup
0x1403cbd50 GdiplusShutdown
0x1403cbd58 GdipCloneBrush
0x1403cbd60 GdipSetClipRectI
0x1403cbd68 GdipDrawImageRectRectI
0x1403cbd70 GdipDrawImageRectRect
0x1403cbd78 GdipDrawImage
0x1403cbd80 GdipMeasureString
0x1403cbd88 GdipDrawString
0x1403cbd90 GdipFillPath
0x1403cbd98 GdipFillEllipse
0x1403cbda0 GdipFillRectangle
0x1403cbda8 GdipGraphicsClear
0x1403cbdb0 GdipDrawRectangle
0x1403cbdb8 GdipDrawLines
0x1403cbdc0 GdipDrawLine
0x1403cbdc8 GdipSetSmoothingMode
0x1403cbdd0 GdipSetInterpolationMode
0x1403cbdd8 GdipSetTextRenderingHint
0x1403cbde8 GdipSetCompositingMode
0x1403cbdf0 GdipCreateFromHWNDICM
0x1403cbdf8 GdipCreateFromHWND
0x1403cbe00 GdipCreateFromHDC
0x1403cbe08 GdipAddPathLine
0x1403cbe10 GdipClosePathFigures
0x1403cbe20 GdipSetStringFormatFlags
0x1403cbe28 GdipCreateSolidFill
0x1403cbe40 GdipDeleteFont
0x1403cbe48 GdipCreateFont
0x1403cbe50 GdipDeleteFontFamily
0x1403cbe68 GdipFlush
0x1403cbe70 GdipDeletePath
0x1403cbe78 GdipBitmapSetPixel
0x1403cbe80 GdipDeleteStringFormat
0x1403cbe88 GdipCreateStringFormat
0x1403cbe90 GdipDeletePen
0x1403cbe98 GdipCreatePen1
0x1403cbea0 GdipDeleteBrush
0x1403cbeb8 GdipGetImageEncoders
0x1403cbec0 GdipGetImageEncodersSize
0x1403cbec8 GdipBitmapGetPixel
0x1403cbee0 GdipSaveImageToFile
0x1403cbee8 GdipCloneImage
0x1403cbef0 GdipDrawImageRectI
0x1403cbef8 GdipDrawImageI
0x1403cbf08 GdipBitmapUnlockBits
0x1403cbf10 GdipBitmapLockBits
0x1403cbf28 GdipCreateBitmapFromFile
0x1403cbf30 GdipGetImagePalette
0x1403cbf38 GdipGetImagePaletteSize
0x1403cbf40 GdipGetImagePixelFormat
0x1403cbf48 GdipGetImageHeight
0x1403cbf50 GdipGetImageWidth
0x1403cbf58 GdipDisposeImage
0x1403cbf60 GdipDeleteGraphics
0x1403cbf68 GdipAlloc
0x1403cbf70 GdipFree
0x1403cbf78 GdipCreatePath
Library COMCTL32.dll:
0x1403cb1b8
0x1403cb1c0
0x1403cb1c8
Library WS2_32.dll:
0x1403cbc10 freeaddrinfo
0x1403cbc18 getaddrinfo
0x1403cbc20 connect
0x1403cbc28 socket
0x1403cbc30 getpeername
0x1403cbc38 getsockopt
0x1403cbc40 htons
0x1403cbc48 bind
0x1403cbc50 accept
0x1403cbc58 listen
0x1403cbc60 sendto
0x1403cbc68 recvfrom
0x1403cbc70 select
0x1403cbc78 __WSAFDIsSet
0x1403cbc80 ioctlsocket
0x1403cbc88 ntohs
0x1403cbc90 getsockname
0x1403cbc98 setsockopt
0x1403cbca0 shutdown
0x1403cbca8 gethostname
0x1403cbcb0 WSAIoctl
0x1403cbcb8 recv
0x1403cbcc0 WSAStartup
0x1403cbcc8 ntohl
0x1403cbcd0 getnameinfo
0x1403cbcd8 WSACleanup
0x1403cbce0 WSAGetLastError
0x1403cbce8 send
0x1403cbcf0 htonl
0x1403cbcf8 closesocket
0x1403cbd00 gethostbyname
0x1403cbd08 WSASetLastError
Library SHELL32.dll:
0x1403cba10 CommandLineToArgvW
0x1403cba18 SHBindToParent
0x1403cba20 SHAppBarMessage
0x1403cba28 SHGetSettings
0x1403cba30 SHGetKnownFolderPath
0x1403cba38 SHCreateDirectoryExW
0x1403cba40 SHGetMalloc
0x1403cba48 SHGetFolderPathW
0x1403cba50 ShellExecuteW
0x1403cba58
0x1403cba60 SHParseDisplayName
0x1403cba68 SHGetFolderLocation
0x1403cba70
0x1403cba78
0x1403cba80
0x1403cba88 SHGetDesktopFolder
0x1403cba98 SHGetFileInfoW
0x1403cbaa0
0x1403cbab0 SHFileOperationW
0x1403cbab8 ShellExecuteExW
Library ole32.dll:
0x1403cbfa0 CoCreateInstance
0x1403cbfa8 StringFromGUID2
0x1403cbfb0 CoSetProxyBlanket
0x1403cbfb8 CoInitializeEx
0x1403cbfc0 CoUninitialize
0x1403cbfc8 CoTaskMemFree
0x1403cbfd0 PropVariantClear
0x1403cbfd8 CoCreateGuid
0x1403cbfe0 CoInitializeSecurity
Library OLEAUT32.dll:
0x1403cb990 VariantCopy
0x1403cb998 VariantClear
0x1403cb9a0 SysFreeString
0x1403cb9a8 SysAllocString
0x1403cb9b0 SysAllocStringLen
0x1403cb9b8 SysStringLen
0x1403cb9c0 VariantInit
0x1403cb9c8 CreateErrorInfo
0x1403cb9d0 SetErrorInfo
0x1403cb9d8 VariantChangeType
0x1403cb9e0 GetErrorInfo
Library RPCRT4.dll:
0x1403cb9f0 UuidToStringW
0x1403cb9f8 RpcStringFreeW
0x1403cba00 UuidCreateSequential
Library WTSAPI32.dll:
0x1403cbd18 WTSFreeMemory
0x1403cbd20 WTSQueryUserToken
0x1403cbd28 WTSEnumerateSessionsW
Library msi.dll:
0x1403cbf88
0x1403cbf90
Library USERENV.dll:
0x1403cbb18 GetUserProfileDirectoryW
Library SHLWAPI.dll:
0x1403cbac8 SHRegDuplicateHKey
0x1403cbad0 StrChrIW
0x1403cbad8 SHStrDupW
0x1403cbae0 StrRetToBufW
0x1403cbae8
0x1403cbaf0 PathFileExistsW
0x1403cbaf8
Library Secur32.dll:
0x1403cbb08 GetUserNameExW
Library GDI32.dll:
0x1403cb228 GetObjectW
0x1403cb230 SetDIBColorTable
0x1403cb238 SelectObject
0x1403cb240 DeleteDC
0x1403cb248 CreateCompatibleDC
0x1403cb250 CreateBitmap
0x1403cb258 GetDIBits
0x1403cb260 CreateDIBSection
0x1403cb268 DeleteObject
Library COMDLG32.dll:
0x1403cb1d8 GetSaveFileNameW
Library ADVAPI32.dll:
0x1403cb000 CryptSetHashParam
0x1403cb008 RegEnumValueW
0x1403cb010 RegFlushKey
0x1403cb018 RegCopyTreeW
0x1403cb020 RegDeleteTreeW
0x1403cb028 AllocateAndInitializeSid
0x1403cb030 SetEntriesInAclW
0x1403cb038 FreeSid
0x1403cb048 RegDeleteKeyW
0x1403cb050 LookupAccountNameW
0x1403cb058 RegOpenKeyW
0x1403cb060 RegOpenKeyExW
0x1403cb068 RegCloseKey
0x1403cb070 RegEnumKeyExW
0x1403cb078 GetSidSubAuthority
0x1403cb080 GetTokenInformation
0x1403cb088 OpenProcessToken
0x1403cb090 RegCreateKeyExW
0x1403cb098 GetAce
0x1403cb0a0 GetSecurityInfo
0x1403cb0a8 SetSecurityInfo
0x1403cb0c0 DuplicateTokenEx
0x1403cb0c8 RegQueryValueExW
0x1403cb0d0 CryptSignHashW
0x1403cb0d8 CryptDestroyHash
0x1403cb0e0 OpenThreadToken
0x1403cb0e8 RegSetValueExW
0x1403cb0f0 RegDeleteValueW
0x1403cb0f8 GetUserNameW
0x1403cb100 CryptExportKey
0x1403cb108 CryptGetUserKey
0x1403cb110 CryptAcquireContextW
0x1403cb118 CryptGetProvParam
0x1403cb120 CryptDestroyKey
0x1403cb128 CryptReleaseContext
0x1403cb130 CryptEnumProvidersW
0x1403cb138 RegisterEventSourceW
0x1403cb140 ReportEventW
0x1403cb148 DeregisterEventSource
0x1403cb150 AddAccessAllowedAceEx
0x1403cb158 AddAce
0x1403cb160 InitializeAcl
0x1403cb168 CryptCreateHash
0x1403cb170 CryptDecrypt
0x1403cb178 GetLengthSid
0x1403cb180 ConvertStringSidToSidW
0x1403cb188 ConvertSidToStringSidW
0x1403cb190 GetAclInformation
0x1403cb198 SetNamedSecurityInfoW
0x1403cb1a0 GetNamedSecurityInfoW
0x1403cb1a8 RegQueryInfoKeyW
Library WININET.dll:
0x1403cbb60 DeleteUrlCacheEntryW
0x1403cbb68 InternetQueryOptionW
Library WINHTTP.dll:
0x1403cbb40 WinHttpGetProxyForUrl
0x1403cbb48 WinHttpCloseHandle
0x1403cbb50 WinHttpOpen
Library VERSION.dll:
0x1403cbb30 VerQueryValueW
Library bcrypt.dll:
0x1403cbd38 BCryptGenRandom

Exports

Ordinal Address Name
1 0x1401c3ec0 cJSON_AddArrayToObject
2 0x1401c3a50 cJSON_AddBoolToObject
3 0x1401c3950 cJSON_AddFalseToObject
4 0x1401c1920 cJSON_AddItemReferenceToArray
5 0x1401c1a00 cJSON_AddItemReferenceToObject
6 0x1401c16f0 cJSON_AddItemToArray
7 0x1401c17f0 cJSON_AddItemToObject
8 0x1401c18a0 cJSON_AddItemToObjectCS
9 0x1401c3750 cJSON_AddNullToObject
10 0x1401c3b50 cJSON_AddNumberToObject

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 50002 114.114.114.114 53
192.168.56.101 53237 114.114.114.114 53
192.168.56.101 57756 114.114.114.114 53
192.168.56.101 58367 114.114.114.114 53
192.168.56.101 62318 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 123 20.189.79.72 time.windows.com 123
192.168.56.101 49235 224.0.0.252 5355
192.168.56.101 50534 224.0.0.252 5355
192.168.56.101 51963 224.0.0.252 5355
192.168.56.101 53657 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 57874 224.0.0.252 5355
192.168.56.101 62191 224.0.0.252 5355
192.168.56.101 63429 224.0.0.252 5355
192.168.56.101 1900 239.255.255.250 1900
192.168.56.101 50003 239.255.255.250 3702
192.168.56.101 50005 239.255.255.250 3702
192.168.56.101 50535 239.255.255.250 3702

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.