SmartHawk

7.0

高危

40 个模型检测该样本为恶意！

重新分析

下载样本

e9079f52a1b211fb20ef6cdc88b4c4f232d408309f837b68316b6b4435a02869

296310320356c7fe47099a7a0c4eac01.exe

分析耗时

76s

最近分析

文件大小

372.0KB

静态报毒动态报毒 AI SCORE=84 AIDETECTVM BSCOPE CLASSIC DOWNLOADER34 ELDORADO EMOTET EPAZ GENCIRC GENERICKDZ GENETIC GENKRYPTIK HIGH CONFIDENCE HPTAGD HYNAMERPMF KRYPTIK MALWARE2 QVM07 S15302632 更多

未检测暂无鹰眼引擎检测结果

查杀引擎	查杀结果	查杀时间	查杀版本
McAfee	Emotet-FRO!296310320356	20200816	6.0.6.653
Alibaba		20190527	0.3.0.5
Baidu		20190318	1.0.0.2
Avast	Win32:Malware-gen	20200816	18.4.3895.0
Tencent	Malware.Win32.Gencirc.10cde545	20200816	1.0.0.1
Kingsoft		20200816	2013.8.14.323
CrowdStrike		20190702	1.0

Queries for the computername (1 个事件)

Time & API	Arguments	Status	Return	Repeated
1620119637.510662 GetComputerNameA	computer_name: OSKAR-PC	success	1	0

Uses Windows APIs to generate a cryptographic key (3 个事件)

Time & API	Arguments	Status	Return
1620119621.635662 CryptGenKey	crypto_handle: 0x00553f00 algorithm_identifier: 0x0000660e () provider_handle: 0x00553310 flags: 1 key: f]Ò3pñTIBÍ¿l[Îu	success	1
1620119637.526662 CryptExportKey	crypto_handle: 0x00553f00 crypto_export_handle: 0x005533d8 buffer: f¤3rM§ËiLVÄ¿;?ÿØ Êø_×¡VÙ_nòGøÆðí¢í§èTÐ}¹0µÞC©ó©Zó,iS4ê4JtlÄ½²r¡XDÁXI blob_type: 1 flags: 64	success	1
1620119674.057662 CryptExportKey	crypto_handle: 0x00553f00 crypto_export_handle: 0x005533d8 buffer: f¤rª¦G7C,L&1Ï,1n8 íìy£Ð§´äÊ¡ºÁ`Æó½¾nÃ¥çGo ÀÔ:=ã_·ÏÈÿôH:uìS,;cBâÇóÙIóWÕ8+ blob_type: 1 flags: 64	success	1

The executable uses a known packer (1 个事件)

packer

Armadillo v1.71

The file contains an unknown PE resource name possibly indicative of a packer (1 个事件)

resource name

None

Allocates read-write-execute memory (usually to unpack itself) (1 个事件)

Time & API	Arguments	Status	Return	Repeated
1620119620.729662 NtAllocateVirtualMemory	process_identifier: 3048 region_size: 36864 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 12289 (MEM_COMMIT\|MEM_RESERVE) base_address: 0x004f0000	success	0	0

Checks adapter addresses which can be used to detect virtual network interfaces (1 个事件)

Time & API	Arguments	Status	Return	Repeated
1620119638.026662 GetAdaptersAddresses	flags: 0 family: 0	failed	111	0

Expresses interest in specific running processes (1 个事件)

process

296310320356c7fe47099a7a0c4eac01.exe

Reads the systems User Agent and subsequently performs requests (1 个事件)

Time & API	Arguments	Status	Return	Repeated
1620119637.698662 InternetOpenW	proxy_bypass: access_type: 0 proxy_name: flags: 0 user_agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)	success	13369348	0

Communicates with host for which no DNS query was performed (3 个事件)

host	172.217.24.14
host	185.94.252.13
host	73.116.193.136

Sets or modifies WPAD proxy autoconfiguration file for traffic interception (8 个事件)

Time & API	Arguments	Status
1620119640.604662 RegSetValueExA	key_handle: 0x000003a4 value: 1 regkey_r: WpadDecisionReason reg_type: 4 (REG_DWORD) regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionReason	success
1620119640.604662 RegSetValueExA	key_handle: 0x000003a4 value: p*ü@× regkey_r: WpadDecisionTime reg_type: 3 (REG_BINARY) regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionTime	success
1620119640.604662 RegSetValueExA	key_handle: 0x000003a4 value: 3 regkey_r: WpadDecision reg_type: 4 (REG_DWORD) regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecision	success
1620119640.604662 RegSetValueExW	key_handle: 0x000003a4 value: 网络 2 regkey_r: WpadNetworkName reg_type: 1 (REG_SZ) regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadNetworkName	success
1620119640.604662 RegSetValueExA	key_handle: 0x000003bc value: 1 regkey_r: WpadDecisionReason reg_type: 4 (REG_DWORD) regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionReason	success
1620119640.604662 RegSetValueExA	key_handle: 0x000003bc value: p*ü@× regkey_r: WpadDecisionTime reg_type: 3 (REG_BINARY) regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionTime	success
1620119640.604662 RegSetValueExA	key_handle: 0x000003bc value: 3 regkey_r: WpadDecision reg_type: 4 (REG_DWORD) regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecision	success
1620119640.635662 RegSetValueExW	key_handle: 0x000003a0 value: {40112ABE-63B3-43C3-BE93-1440EE3AF106} regkey_r: WpadLastNetwork reg_type: 1 (REG_SZ) regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\WpadLastNetwork	success

Generates some ICMP traffic

File has been identified by 40 AntiVirus engines on VirusTotal as malicious (40 个事件)

Bkav	W32.AIDetectVM.malware2
Elastic	malicious (high confidence)
MicroWorld-eScan	Trojan.GenericKDZ.69169
FireEye	Generic.mg.296310320356c7fe
CAT-QuickHeal	Trojan.HynamerPMF.S15302632
McAfee	Emotet-FRO!296310320356
Zillya	Backdoor.Emotet.Win32.840
K7AntiVirus	Trojan ( 0056bb381 )
K7GW	Trojan ( 0056bb381 )
Invincea	heuristic
F-Prot	W32/Emotet.AOG.gen!Eldorado
Symantec	Trojan.Emotet
APEX	Malicious
Avast	Win32:Malware-gen
GData	Trojan.GenericKDZ.69169
Kaspersky	HEUR:Trojan.Win32.Agent.vho
BitDefender	Trojan.GenericKDZ.69169
NANO-Antivirus	Trojan.Win32.Emotet.hptagd
Tencent	Malware.Win32.Gencirc.10cde545
Ad-Aware	Trojan.GenericKDZ.69169
DrWeb	Trojan.DownLoader34.14088
Sophos	Troj/Emotet-CKO
Ikarus	Trojan-Banker.Agent
Cyren	W32/Emotet.AOG.gen!Eldorado
Jiangmin	Backdoor.Emotet.pl
MAX	malware (ai score=84)
Antiy-AVL	Trojan[Banker]/Win32.Emotet
Arcabit	Trojan.Generic.D10E31
Microsoft	Trojan:Win32/Emotet.ARJ!MTB
AhnLab-V3	Malware/Win32.Generic.C4173829
ALYac	Trojan.GenericKDZ.69169
TACHYON	Trojan/W32.Agent.380928.AAW
VBA32	BScope.Trojan.Emotet
Malwarebytes	Trojan.Emotet
ESET-NOD32	Win32/Emotet.CD
Rising	Trojan.Kryptik!1.C89F (CLASSIC)
Fortinet	W32/GenKryptik.EPAZ!tr
AVG	Win32:Malware-gen
Panda	Trj/Genetic.gen
Qihoo-360	HEUR/QVM07.1.484B.Malware.Gen

Connects to IP addresses that are no longer responding to requests (legitimate services will remain up-and-running usually) (2 个事件)

dead_host	73.116.193.136:80
dead_host	185.94.252.13:443

暂无二进制图像该样本未生成二进制可视化图像

暂无运行截图该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手，可以帮您分析和解读恶意软件报告。请随时向我提问！

🔍 主要威胁分析

⚡ 行为特征

🛡️ 防护建议

🔧 技术手段

🎯 检测方法

🤖

Static Analysis
Strings

PE Compile Time

2020-07-31 22:24:11

Imports

Library KERNEL32.dll:

• 0x43b12c UnhandledExceptionFilter

• 0x43b130 FreeEnvironmentStringsA

• 0x43b134 FreeEnvironmentStringsW

• 0x43b138 GetEnvironmentStrings

• 0x43b13c GetEnvironmentStringsW

• 0x43b140 SetHandleCount

• 0x43b144 GetStdHandle

• 0x43b148 GetFileType

• 0x43b14c HeapDestroy

• 0x43b150 HeapCreate

• 0x43b154 VirtualFree

• 0x43b158 VirtualAlloc

• 0x43b15c IsBadWritePtr

• 0x43b160 SetUnhandledExceptionFilter

• 0x43b164 LCMapStringA

• 0x43b168 LCMapStringW

• 0x43b16c GetTimeZoneInformation

• 0x43b170 GetStringTypeW

• 0x43b174 Sleep

• 0x43b178 IsBadReadPtr

• 0x43b17c IsBadCodePtr

• 0x43b180 SetStdHandle

• 0x43b184 CompareStringA

• 0x43b188 CompareStringW

• 0x43b18c SetEnvironmentVariableA

• 0x43b190 GetACP

• 0x43b194 GetProfileStringA

• 0x43b198 InterlockedExchange

• 0x43b19c HeapReAlloc

• 0x43b1a0 HeapSize

• 0x43b1a4 TerminateProcess

• 0x43b1a8 RaiseException

• 0x43b1ac HeapFree

• 0x43b1b0 HeapAlloc

• 0x43b1b4 ExitProcess

• 0x43b1b8 GetCommandLineA

• 0x43b1bc GetStartupInfoA

• 0x43b1c0 RtlUnwind

• 0x43b1c4 GetTickCount

• 0x43b1c8 FileTimeToLocalFileTime

• 0x43b1cc FileTimeToSystemTime

• 0x43b1d0 SetErrorMode

• 0x43b1d4 SystemTimeToFileTime

• 0x43b1d8 LocalFileTimeToFileTime

• 0x43b1dc GetFileSize

• 0x43b1e0 GetShortPathNameA

• 0x43b1e4 GetStringTypeExA

• 0x43b1e8 GetVolumeInformationA

• 0x43b1ec DeleteFileA

• 0x43b1f0 MoveFileA

• 0x43b1f4 SetEndOfFile

• 0x43b1f8 UnlockFile

• 0x43b1fc LockFile

• 0x43b200 FlushFileBuffers

• 0x43b204 SetFilePointer

• 0x43b208 WriteFile

• 0x43b20c ReadFile

• 0x43b210 CreateFileA

• 0x43b214 DuplicateHandle

• 0x43b218 GetThreadLocale

• 0x43b21c GetCurrentDirectoryA

• 0x43b220 GetOEMCP

• 0x43b224 GetCPInfo

• 0x43b228 GlobalFlags

• 0x43b22c TlsGetValue

• 0x43b230 LocalReAlloc

• 0x43b234 TlsSetValue

• 0x43b238 EnterCriticalSection

• 0x43b23c GlobalReAlloc

• 0x43b240 LeaveCriticalSection

• 0x43b244 TlsFree

• 0x43b248 GlobalHandle

• 0x43b24c DeleteCriticalSection

• 0x43b250 TlsAlloc

• 0x43b254 InitializeCriticalSection

• 0x43b258 LocalAlloc

• 0x43b25c MulDiv

• 0x43b260 GetProcessVersion

• 0x43b264 SetLastError

• 0x43b268 GetLastError

• 0x43b26c GetDiskFreeSpaceA

• 0x43b270 GetFileTime

• 0x43b274 SetFileTime

• 0x43b278 GetFullPathNameA

• 0x43b27c GetTempFileNameA

• 0x43b280 lstrcpynA

• 0x43b284 GetFileAttributesA

• 0x43b288 WritePrivateProfileStringA

• 0x43b28c GetPrivateProfileStringA

• 0x43b290 GetPrivateProfileIntA

• 0x43b294 CloseHandle

• 0x43b298 GetModuleFileNameA

• 0x43b29c GlobalAlloc

• 0x43b2a0 GetCurrentThread

• 0x43b2a4 lstrcmpA

• 0x43b2a8 GlobalLock

• 0x43b2ac GlobalUnlock

• 0x43b2b0 GlobalFree

• 0x43b2b4 FormatMessageA

• 0x43b2b8 LocalFree

• 0x43b2bc MultiByteToWideChar

• 0x43b2c0 WideCharToMultiByte

• 0x43b2c4 lstrlenA

• 0x43b2c8 InterlockedDecrement

• 0x43b2cc InterlockedIncrement

• 0x43b2d0 LoadLibraryA

• 0x43b2d4 FreeLibrary

• 0x43b2d8 FindResourceA

• 0x43b2dc LoadResource

• 0x43b2e0 LockResource

• 0x43b2e4 GetVersion

• 0x43b2e8 lstrcatA

• 0x43b2ec GetCurrentThreadId

• 0x43b2f0 GlobalGetAtomNameA

• 0x43b2f4 lstrcmpiA

• 0x43b2f8 GlobalAddAtomA

• 0x43b2fc GlobalFindAtomA

• 0x43b300 GlobalDeleteAtom

• 0x43b304 lstrcpyA

• 0x43b308 GetModuleHandleA

• 0x43b30c GetProcAddress

• 0x43b310 LoadLibraryExA

• 0x43b314 SizeofResource

• 0x43b318 GetCurrentProcess

• 0x43b31c FindNextFileA

• 0x43b320 FindFirstFileA

• 0x43b324 FindClose

• 0x43b328 GetDriveTypeA

• 0x43b32c GetStringTypeA

• 0x43b330 GetLogicalDrives

Library USER32.dll:

• 0x43b380 FillRect

• 0x43b384 GetDCEx

• 0x43b388 LockWindowUpdate

• 0x43b38c RegisterClipboardFormatA

• 0x43b390 PostThreadMessageA

• 0x43b394 GetMessageA

• 0x43b398 TranslateMessage

• 0x43b39c ValidateRect

• 0x43b3a0 GetCursorPos

• 0x43b3a4 SetCursor

• 0x43b3a8 ShowOwnedPopups

• 0x43b3ac PostQuitMessage

• 0x43b3b0 EndDialog

• 0x43b3b4 GetActiveWindow

• 0x43b3b8 CreateDialogIndirectParamA

• 0x43b3bc GetDC

• 0x43b3c0 ReleaseDC

• 0x43b3c4 GetMenuCheckMarkDimensions

• 0x43b3c8 LoadBitmapA

• 0x43b3cc GetMenuState

• 0x43b3d0 ModifyMenuA

• 0x43b3d4 SetMenuItemBitmaps

• 0x43b3d8 CheckMenuItem

• 0x43b3dc EnableMenuItem

• 0x43b3e0 GetNextDlgTabItem

• 0x43b3e4 IsWindowEnabled

• 0x43b3e8 ShowWindow

• 0x43b3ec MoveWindow

• 0x43b3f0 SetWindowTextA

• 0x43b3f4 IsDialogMessageA

• 0x43b3f8 PostMessageA

• 0x43b3fc SendDlgItemMessageA

• 0x43b400 MapWindowPoints

• 0x43b404 GetSysColor

• 0x43b408 PeekMessageA

• 0x43b40c DispatchMessageA

• 0x43b410 SetActiveWindow

• 0x43b414 IsWindow

• 0x43b418 SetFocus

• 0x43b41c ScreenToClient

• 0x43b420 EqualRect

• 0x43b424 DeferWindowPos

• 0x43b428 GetClientRect

• 0x43b42c BeginDeferWindowPos

• 0x43b430 CopyRect

• 0x43b434 EndDeferWindowPos

• 0x43b438 IsWindowVisible

• 0x43b43c InvertRect

• 0x43b440 GetNextDlgGroupItem

• 0x43b444 GetTopWindow

• 0x43b448 MessageBoxA

• 0x43b44c GetCapture

• 0x43b450 WinHelpA

• 0x43b454 wsprintfA

• 0x43b458 GetClassInfoA

• 0x43b45c RegisterClassA

• 0x43b460 GetMenu

• 0x43b464 GetMenuItemCount

• 0x43b468 GetSubMenu

• 0x43b46c GetMenuItemID

• 0x43b470 GetDlgItem

• 0x43b474 GetWindowTextLengthA

• 0x43b478 GetWindowTextA

• 0x43b47c GetKeyState

• 0x43b480 DefWindowProcA

• 0x43b484 DestroyWindow

• 0x43b488 CreateWindowExA

• 0x43b48c SetWindowsHookExA

• 0x43b490 CallNextHookEx

• 0x43b494 GetClassLongA

• 0x43b498 SetPropA

• 0x43b49c UnhookWindowsHookEx

• 0x43b4a0 GetPropA

• 0x43b4a4 CallWindowProcA

• 0x43b4a8 SendMessageA

• 0x43b4ac UnregisterClassA

• 0x43b4b0 HideCaret

• 0x43b4b4 ShowCaret

• 0x43b4b8 ExcludeUpdateRgn

• 0x43b4bc DrawFocusRect

• 0x43b4c0 DefDlgProcA

• 0x43b4c4 IsWindowUnicode

• 0x43b4c8 LoadIconA

• 0x43b4cc EnableWindow

• 0x43b4d0 SetRect

• 0x43b4d4 RemovePropA

• 0x43b4d8 GetMessageTime

• 0x43b4dc GetMessagePos

• 0x43b4e0 GetLastActivePopup

• 0x43b4e4 GetForegroundWindow

• 0x43b4e8 SetForegroundWindow

• 0x43b4ec GetWindow

• 0x43b4f0 GetWindowLongA

• 0x43b4f4 SetWindowLongA

• 0x43b4f8 SetWindowPos

• 0x43b4fc RegisterWindowMessageA

• 0x43b500 OffsetRect

• 0x43b504 IntersectRect

• 0x43b508 SystemParametersInfoA

• 0x43b50c GetWindowPlacement

• 0x43b510 SetCapture

• 0x43b514 WindowFromPoint

• 0x43b518 KillTimer

• 0x43b51c SetTimer

• 0x43b520 CharUpperA

• 0x43b524 MessageBeep

• 0x43b528 GetWindowRect

• 0x43b52c GetSystemMetrics

• 0x43b530 GetDlgCtrlID

• 0x43b534 GetParent

• 0x43b538 IsIconic

• 0x43b53c GetFocus

• 0x43b540 IsChild

• 0x43b544 InvalidateRect

• 0x43b548 AdjustWindowRectEx

• 0x43b54c UpdateWindow

• 0x43b550 GetSystemMenu

• 0x43b554 CopyAcceleratorTableA

• 0x43b558 CharNextA

• 0x43b55c DestroyIcon

• 0x43b560 GetMenuStringA

• 0x43b564 InsertMenuA

• 0x43b568 InflateRect

• 0x43b56c GetClassNameA

• 0x43b570 GrayStringA

• 0x43b574 DrawTextA

• 0x43b578 TabbedTextOutA

• 0x43b57c EndPaint

• 0x43b580 BeginPaint

• 0x43b584 GetWindowDC

• 0x43b588 ClientToScreen

• 0x43b58c GetSysColorBrush

• 0x43b590 LoadCursorA

• 0x43b594 DeleteMenu

• 0x43b598 AppendMenuA

• 0x43b59c IsRectEmpty

• 0x43b5a0 SetParent

• 0x43b5a4 PtInRect

• 0x43b5a8 IsZoomed

• 0x43b5ac BringWindowToTop

• 0x43b5b0 UnpackDDElParam

• 0x43b5b4 ReuseDDElParam

• 0x43b5b8 SetMenu

• 0x43b5bc LoadMenuA

• 0x43b5c0 DestroyMenu

• 0x43b5c4 GetDesktopWindow

• 0x43b5c8 ReleaseCapture

• 0x43b5cc TranslateAcceleratorA

• 0x43b5d0 LoadAcceleratorsA

• 0x43b5d4 SetRectEmpty

• 0x43b5d8 MapDialogRect

• 0x43b5dc SetWindowContextHelpId

• 0x43b5e0 LoadStringA

Library GDI32.dll:

• 0x43b050 SetMapMode

• 0x43b054 SetViewportOrgEx

• 0x43b058 OffsetViewportOrgEx

• 0x43b05c SetViewportExtEx

• 0x43b060 ScaleViewportExtEx

• 0x43b064 SetWindowExtEx

• 0x43b068 ScaleWindowExtEx

• 0x43b06c SelectClipRgn

• 0x43b070 ExcludeClipRect

• 0x43b074 IntersectClipRect

• 0x43b078 SetTextAlign

• 0x43b07c CreateRectRgn

• 0x43b080 GetViewportExtEx

• 0x43b084 GetWindowExtEx

• 0x43b088 CreateSolidBrush

• 0x43b08c CreatePatternBrush

• 0x43b090 PtVisible

• 0x43b094 RectVisible

• 0x43b098 TextOutA

• 0x43b09c ExtTextOutA

• 0x43b0a0 Escape

• 0x43b0a4 GetMapMode

• 0x43b0a8 SetRectRgn

• 0x43b0ac CombineRgn

• 0x43b0b0 CreateFontIndirectA

• 0x43b0b4 DPtoLP

• 0x43b0b8 GetTextColor

• 0x43b0bc GetBkColor

• 0x43b0c0 LPtoDP

• 0x43b0c4 BitBlt

• 0x43b0c8 SetBkMode

• 0x43b0cc GetStockObject

• 0x43b0d0 RestoreDC

• 0x43b0d4 SaveDC

• 0x43b0d8 GetDeviceCaps

• 0x43b0dc CreateFontA

• 0x43b0e0 GetCharWidthA

• 0x43b0e4 DeleteObject

• 0x43b0e8 CreateCompatibleBitmap

• 0x43b0ec CreateCompatibleDC

• 0x43b0f0 StretchDIBits

• 0x43b0f4 DeleteDC

• 0x43b0f8 GetTextMetricsA

• 0x43b0fc SelectObject

• 0x43b100 GetTextExtentPoint32A

• 0x43b104 CreateRectRgnIndirect

• 0x43b108 PatBlt

• 0x43b10c CreateBitmap

• 0x43b110 GetObjectA

• 0x43b114 SetBkColor

• 0x43b118 SetTextColor

• 0x43b11c GetClipBox

• 0x43b120 CreateDIBitmap

• 0x43b124 GetTextExtentPointA

Library comdlg32.dll:

• 0x43b5f8 GetSaveFileNameA

• 0x43b5fc GetFileTitleA

• 0x43b600 GetOpenFileNameA

• 0x43b604 CommDlgExtendedError

• 0x43b608 PrintDlgA

Library WINSPOOL.DRV:

• 0x43b5e8 OpenPrinterA

• 0x43b5ec DocumentPropertiesA

• 0x43b5f0 ClosePrinter

Library ADVAPI32.dll:

• 0x43b000 RegCreateKeyA

• 0x43b004 RegCloseKey

• 0x43b008 RegEnumKeyA

• 0x43b00c RegOpenKeyA

• 0x43b010 RegDeleteKeyA

• 0x43b014 RegCreateKeyExA

• 0x43b018 RegOpenKeyExA

• 0x43b01c RegQueryValueExA

• 0x43b020 RegSetValueExA

• 0x43b024 RegDeleteValueA

• 0x43b028 RegSetValueA

• 0x43b02c RegQueryValueA

• 0x43b030 GetFileSecurityA

• 0x43b034 SetFileSecurityA

Library SHELL32.dll:

• 0x43b368 ExtractIconA

• 0x43b36c DragQueryFileA

• 0x43b370 DragFinish

• 0x43b374 ShellAboutA

• 0x43b378 SHGetFileInfoA

Library COMCTL32.dll:

• 0x43b03c ImageList_ReplaceIcon

• 0x43b040

• 0x43b044 ImageList_Destroy

• 0x43b048 ImageList_Create

Library oledlg.dll:

• 0x43b650

Library ole32.dll:

• 0x43b610 CoFreeUnusedLibraries

• 0x43b614 OleUninitialize

• 0x43b618 OleInitialize

• 0x43b61c CoTaskMemAlloc

• 0x43b620 CoTaskMemFree

• 0x43b624 CreateILockBytesOnHGlobal

• 0x43b628 StgCreateDocfileOnILockBytes

• 0x43b62c StgOpenStorageOnILockBytes

• 0x43b630 CoGetClassObject

• 0x43b634 CLSIDFromString

• 0x43b638 CLSIDFromProgID

• 0x43b63c CoRegisterMessageFilter

• 0x43b640 CoRevokeClassObject

• 0x43b644 OleFlushClipboard

• 0x43b648 OleIsCurrentClipboard

Library OLEPRO32.DLL:

• 0x43b360

Library OLEAUT32.dll:

• 0x43b338 SysFreeString

• 0x43b33c SysAllocStringLen

• 0x43b340 VariantClear

• 0x43b344 VariantTimeToSystemTime

• 0x43b348 VariantCopy

• 0x43b34c VariantChangeType

• 0x43b350 SysAllocString

• 0x43b354 SysAllocStringByteLen

• 0x43b358 SysStringLen

Hosts

No hosts contacted.

DNS

Name	Response	Post-Analysis Lookup
time.windows.com	A 20.189.79.72 CNAME time.microsoft.akadns.net
dns.msftncsi.com	AAAA fd3e:4f5a:5b81::1	131.107.255.255
dns.msftncsi.com	A 131.107.255.255	131.107.255.255
teredo.ipv6.microsoft.com		127.0.0.1

TCP

No TCP connections recorded.

UDP

Source	Source Port	Destination	Destination Port
192.168.56.101	49235	114.114.114.114	53
192.168.56.101	50534	114.114.114.114	53
192.168.56.101	56539	114.114.114.114	53
192.168.56.101	58367	114.114.114.114	53
192.168.56.101	65004	114.114.114.114	53
192.168.56.101	137	192.168.56.255	137
192.168.56.101	138	192.168.56.255	138
192.168.56.101	123	20.189.79.72 time.windows.com	123
192.168.56.101	53657	224.0.0.252	5355
192.168.56.101	55368	224.0.0.252	5355
192.168.56.101	56804	224.0.0.252	5355
192.168.56.101	60123	224.0.0.252	5355
192.168.56.101	62191	224.0.0.252	5355
192.168.56.101	1900	239.255.255.250	1900
192.168.56.101	56540	239.255.255.250	3702
192.168.56.101	56807	239.255.255.250	1900
192.168.56.101	58368	239.255.255.250	3702
192.168.56.101	58707	239.255.255.250	3702

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.

Sorry! No dropped buffers.