SmartHawk

4.0

中危

4 个模型检测该样本为恶意！

重新分析

下载样本

960d66c10cd1d2d5c85e1852f7294776a2a79e993a6f8fd0d8c5671adccf75f8

2e4b7b6669f98ccb0582b6ef76530cf8.exe

分析耗时

33s

最近分析

文件大小

1.4MB

静态报毒动态报毒 BSCOPE CHINA DOWNLOADERGUIDECRTD FUERBOOS MALICIOUS YIWANZHUSHOU

未检测暂无鹰眼引擎检测结果

查杀引擎	查杀时间	查杀版本
Alibaba	20190527	0.3.0.5
Baidu	20190318	1.0.0.2
Avast	20201103	20.10.5736.0
Tencent	20201103	1.0.0.1
Kingsoft	20201103	2013.8.14.323
McAfee	20201103	6.0.6.653
CrowdStrike	20190702	1.0

This executable is signed

This executable has a PDB path (1 个事件)

pdb_path

D:\workspace\yiwanplayer\bin\Release\YiwanTips2.pdb

The file contains an unknown PE resource name possibly indicative of a packer (1 个事件)

resource name

PNG

Checks for known Chinese AV sofware registry keys (1 个事件)

regkey

.*360Safe

Foreign language identified in PE resource (16 个事件)

name

PNG

language

LANG_CHINESE

offset

0x00185bf8

filetype

PNG image data, 87 x 24, 8-bit colormap, non-interlaced

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x0000038e

name

PNG

language

LANG_CHINESE

offset

0x00185bf8

filetype

PNG image data, 87 x 24, 8-bit colormap, non-interlaced

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x0000038e

name

PNG

language

LANG_CHINESE

offset

0x00185bf8

filetype

PNG image data, 87 x 24, 8-bit colormap, non-interlaced

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x0000038e

name

RT_ICON

language

LANG_CHINESE

offset

0x0016b470

filetype

dBase III DBT, version number 0, next free block index 40

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x00010828

name

RT_STRING

language

LANG_CHINESE

offset

0x00186d70

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x00000044

name

RT_STRING

language

LANG_CHINESE

offset

0x00186d70

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x00000044

name

RT_STRING

language

LANG_CHINESE

offset

0x00186d70

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x00000044

name

RT_STRING

language

LANG_CHINESE

offset

0x00186d70

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x00000044

name

RT_STRING

language

LANG_CHINESE

offset

0x00186d70

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x00000044

name

RT_STRING

language

LANG_CHINESE

offset

0x00186d70

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x00000044

name

RT_STRING

language

LANG_CHINESE

offset

0x00186d70

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x00000044

name

RT_STRING

language

LANG_CHINESE

offset

0x00186d70

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x00000044

name

RT_STRING

language

LANG_CHINESE

offset

0x00186d70

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x00000044

name

RT_STRING

language

LANG_CHINESE

offset

0x00186d70

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x00000044

name

RT_GROUP_ICON

language

LANG_CHINESE

offset

0x0017bc98

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x00000014

name

RT_VERSION

language

LANG_CHINESE

offset

0x0017bcb0

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x000002b4

File has been identified by 4 AntiVirus engines on VirusTotal as malicious (4 个事件)

Zillya	Downloader.DownloaderGuideCRTD.Win32.6008
APEX	Malicious
Webroot	Pua.Yiwanzhushou.A
VBA32	BScope.Trojan.Fuerboos

Checks for the Locally Unique Identifier on the system for a suspicious privilege (1 个事件)

Time & API	Arguments	Status	Return	Repeated
1620726220.509979 LookupPrivilegeValueW	system_name: privilege_name: SeDebugPrivilege	success	1	0

Communicates with host for which no DNS query was performed (3 个事件)

host	172.217.24.14
host	218.75.176.168
host	52.218.98.76

Checks the version of Bios, possibly for anti-virtualization (1 个事件)

registry

HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion

Checks the CPU name from registry, possibly for anti-virtualization (1 个事件)

registry

HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString

暂无二进制图像该样本未生成二进制可视化图像

暂无运行截图该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手，可以帮您分析和解读恶意软件报告。请随时向我提问！

🔍 主要威胁分析

⚡ 行为特征

🛡️ 防护建议

🔧 技术手段

🎯 检测方法

🤖

Static Analysis
Strings

PE Compile Time

2016-10-14 18:20:36

Imports

Library KERNEL32.dll:

• 0x4ee0b0 FindFirstFileW

• 0x4ee0b4 DeleteFileW

• 0x4ee0b8 FindNextFileW

• 0x4ee0bc FindClose

• 0x4ee0c0 RemoveDirectoryW

• 0x4ee0c4 GetFileAttributesW

• 0x4ee0c8 GetFileSizeEx

• 0x4ee0cc SetFilePointer

• 0x4ee0d0 TerminateProcess

• 0x4ee0d4 DeviceIoControl

• 0x4ee0d8 GetLogicalDriveStringsW

• 0x4ee0dc GetDriveTypeW

• 0x4ee0e0 GetVolumeInformationW

• 0x4ee0e4 GetTickCount

• 0x4ee0e8 ResumeThread

• 0x4ee0ec GetTempFileNameW

• 0x4ee0f0 Sleep

• 0x4ee0f4 GetStartupInfoW

• 0x4ee0f8 CreateProcessW

• 0x4ee0fc SetThreadPriority

• 0x4ee100 CreateThread

• 0x4ee104 OpenEventW

• 0x4ee108 GetSystemInfo

• 0x4ee10c GetExitCodeProcess

• 0x4ee110 lstrcpyW

• 0x4ee114 SetUnhandledExceptionFilter

• 0x4ee118 OpenMutexW

• 0x4ee11c CreatePipe

• 0x4ee120 SetHandleInformation

• 0x4ee124 GetStdHandle

• 0x4ee128 GetModuleFileNameA

• 0x4ee12c CreateFileA

• 0x4ee130 VerSetConditionMask

• 0x4ee134 VerifyVersionInfoW

• 0x4ee138 GlobalMemoryStatusEx

• 0x4ee13c GetLocalTime

• 0x4ee140 IsDebuggerPresent

• 0x4ee144 InitializeSListHead

• 0x4ee148 InterlockedPopEntrySList

• 0x4ee14c InterlockedPushEntrySList

• 0x4ee150 IsProcessorFeaturePresent

• 0x4ee154 GetFileSize

• 0x4ee158 QueryPerformanceFrequency

• 0x4ee15c WriteFile

• 0x4ee160 ReadFile

• 0x4ee164 InitializeCriticalSectionAndSpinCount

• 0x4ee168 lstrlenA

• 0x4ee16c lstrcmpiA

• 0x4ee170 lstrcmpA

• 0x4ee174 WaitForMultipleObjects

• 0x4ee178 UnmapViewOfFile

• 0x4ee17c GetStartupInfoA

• 0x4ee180 GetDiskFreeSpaceExW

• 0x4ee184 MoveFileW

• 0x4ee188 GetCurrentDirectoryW

• 0x4ee18c GetFullPathNameW

• 0x4ee190 WriteConsoleW

• 0x4ee194 SetFileAttributesW

• 0x4ee198 FindFirstFileExW

• 0x4ee19c SetStdHandle

• 0x4ee1a0 FreeEnvironmentStringsW

• 0x4ee1a4 GetEnvironmentStringsW

• 0x4ee1a8 QueryPerformanceCounter

• 0x4ee1ac MoveFileExW

• 0x4ee1b0 GetConsoleCP

• 0x4ee1b4 FlushFileBuffers

• 0x4ee1b8 ReadConsoleW

• 0x4ee1bc GetConsoleMode

• 0x4ee1c0 SetFilePointerEx

• 0x4ee1c4 GetOEMCP

• 0x4ee1c8 GetACP

• 0x4ee1cc IsValidCodePage

• 0x4ee1d0 GetTimeZoneInformation

• 0x4ee1d4 EnumSystemLocalesW

• 0x4ee1d8 GetUserDefaultLCID

• 0x4ee1dc IsValidLocale

• 0x4ee1e0 GetLocaleInfoW

• 0x4ee1e4 LCMapStringW

• 0x4ee1e8 CompareStringW

• 0x4ee1ec GetTimeFormatW

• 0x4ee1f0 GetDateFormatW

• 0x4ee1f4 TlsFree

• 0x4ee1f8 TlsSetValue

• 0x4ee1fc TlsGetValue

• 0x4ee200 TlsAlloc

• 0x4ee204 UnhandledExceptionFilter

• 0x4ee208 GetCPInfo

• 0x4ee20c RtlUnwind

• 0x4ee210 SystemTimeToTzSpecificLocalTime

• 0x4ee214 GetCurrentDirectoryA

• 0x4ee218 SetCurrentDirectoryA

• 0x4ee21c SetEnvironmentVariableA

• 0x4ee220 SystemTimeToFileTime

• 0x4ee224 LocalFileTimeToFileTime

• 0x4ee228 FileTimeToSystemTime

• 0x4ee22c PeekNamedPipe

• 0x4ee230 GetFileType

• 0x4ee234 GetFileInformationByHandle

• 0x4ee238 FileTimeToLocalFileTime

• 0x4ee23c SetConsoleCtrlHandler

• 0x4ee240 ExitThread

• 0x4ee244 AreFileApisANSI

• 0x4ee248 GetCurrentProcess

• 0x4ee24c WideCharToMultiByte

• 0x4ee250 Process32NextW

• 0x4ee254 Process32FirstW

• 0x4ee258 CreateToolhelp32Snapshot

• 0x4ee25c GetCommandLineW

• 0x4ee260 GlobalFree

• 0x4ee264 WaitForSingleObject

• 0x4ee268 GetModuleFileNameW

• 0x4ee26c CreateFileW

• 0x4ee270 LeaveCriticalSection

• 0x4ee274 EnterCriticalSection

• 0x4ee278 DeleteCriticalSection

• 0x4ee27c InitializeCriticalSection

• 0x4ee280 CloseHandle

• 0x4ee284 WritePrivateProfileStringW

• 0x4ee288 WritePrivateProfileStringA

• 0x4ee28c GetPrivateProfileStringW

• 0x4ee290 GetPrivateProfileStringA

• 0x4ee294 GetLastError

• 0x4ee298 MultiByteToWideChar

• 0x4ee29c GetProcessHeap

• 0x4ee2a0 HeapAlloc

• 0x4ee2a4 HeapFree

• 0x4ee2a8 HeapReAlloc

• 0x4ee2ac HeapSize

• 0x4ee2b0 HeapDestroy

• 0x4ee2b4 GetModuleHandleExW

• 0x4ee2b8 ExitProcess

• 0x4ee2bc VirtualQuery

• 0x4ee2c0 VirtualProtect

• 0x4ee2c4 GetSystemTimeAsFileTime

• 0x4ee2c8 EncodePointer

• 0x4ee2cc GetStringTypeW

• 0x4ee2d0 GetFileTime

• 0x4ee2d4 SetFileTime

• 0x4ee2d8 CreateDirectoryW

• 0x4ee2dc GetTempPathW

• 0x4ee2e0 LocalAlloc

• 0x4ee2e4 GetVersion

• 0x4ee2e8 GetWindowsDirectoryW

• 0x4ee2ec lstrcatW

• 0x4ee2f0 LoadLibraryW

• 0x4ee2f4 GetVersionExW

• 0x4ee2f8 OutputDebugStringW

• 0x4ee2fc LocalFree

• 0x4ee300 GlobalAlloc

• 0x4ee304 SetEvent

• 0x4ee308 ResetEvent

• 0x4ee30c CreateEventW

• 0x4ee310 DecodePointer

• 0x4ee314 InterlockedDecrement

• 0x4ee318 InterlockedIncrement

• 0x4ee31c lstrcmpiW

• 0x4ee320 lstrcmpW

• 0x4ee324 GetModuleHandleW

• 0x4ee328 GetProcAddress

• 0x4ee32c FreeLibrary

• 0x4ee330 LoadLibraryExW

• 0x4ee334 CreateMutexA

• 0x4ee338 GetCurrentProcessId

• 0x4ee33c CreateProcessA

• 0x4ee340 GetCurrentThreadId

• 0x4ee344 FlushInstructionCache

• 0x4ee348 VirtualFree

• 0x4ee34c VirtualAlloc

• 0x4ee350 SetEndOfFile

• 0x4ee354 SetLastError

• 0x4ee358 FindResourceExW

• 0x4ee35c RaiseException

• 0x4ee360 FindResourceW

• 0x4ee364 LoadResource

• 0x4ee368 LockResource

• 0x4ee36c SizeofResource

Library USER32.dll:

• 0x4ee460 CopyRect

• 0x4ee464 SystemParametersInfoW

• 0x4ee468 PostQuitMessage

• 0x4ee46c EnableWindow

• 0x4ee470 GetDlgItem

• 0x4ee474 SendMessageW

• 0x4ee478 SetWindowTextW

• 0x4ee47c IsDialogMessageW

• 0x4ee480 CreateWindowExW

• 0x4ee484 GetSystemMetrics

• 0x4ee488 SetWindowLongW

• 0x4ee48c SetTimer

• 0x4ee490 KillTimer

• 0x4ee494 GetClientRect

• 0x4ee498 ClientToScreen

• 0x4ee49c EqualRect

• 0x4ee4a0 BeginPaint

• 0x4ee4a4 EndPaint

• 0x4ee4a8 DestroyWindow

• 0x4ee4ac DefWindowProcW

• 0x4ee4b0 IsWindow

• 0x4ee4b4 InvalidateRect

• 0x4ee4b8 DrawTextW

• 0x4ee4bc SetCapture

• 0x4ee4c0 ReleaseCapture

• 0x4ee4c4 GetCursorPos

• 0x4ee4c8 WindowFromPoint

• 0x4ee4cc IsWindowEnabled

• 0x4ee4d0 GetParent

• 0x4ee4d4 GetWindowRect

• 0x4ee4d8 ScreenToClient

• 0x4ee4dc CallWindowProcW

• 0x4ee4e0 RegisterWindowMessageW

• 0x4ee4e4 UpdateLayeredWindow

• 0x4ee4e8 RemovePropA

• 0x4ee4ec GetDesktopWindow

• 0x4ee4f0 CharNextW

• 0x4ee4f4 LoadCursorW

• 0x4ee4f8 GetClassInfoExW

• 0x4ee4fc RegisterClassExW

• 0x4ee500 UnregisterClassW

• 0x4ee504 FindWindowExW

• 0x4ee508 EnumWindows

• 0x4ee50c PostMessageW

• 0x4ee510 SetWindowPos

• 0x4ee514 GetWindowLongW

• 0x4ee518 ShowWindow

• 0x4ee51c PtInRect

• 0x4ee520 GetClassNameW

• 0x4ee524 LoadImageW

• 0x4ee528 IsRectEmpty

• 0x4ee52c DispatchMessageW

• 0x4ee530 TranslateMessage

• 0x4ee534 GetMessageW

• 0x4ee538 PeekMessageW

• 0x4ee53c CreateDialogParamW

• 0x4ee540 GetDC

• 0x4ee544 RegisterClassW

• 0x4ee548 LoadIconW

• 0x4ee54c EnumDisplayDevicesW

• 0x4ee550 IsIconic

• 0x4ee554 IsWindowVisible

• 0x4ee558 GetPropA

• 0x4ee55c GetWindow

• 0x4ee560 FindWindowW

• 0x4ee564 MsgWaitForMultipleObjects

• 0x4ee568 wsprintfW

• 0x4ee56c ReleaseDC

Library ADVAPI32.dll:

• 0x4ee000 RegEnumKeyExA

• 0x4ee004 InitializeSecurityDescriptor

• 0x4ee008 LookupPrivilegeValueW

• 0x4ee00c AdjustTokenPrivileges

• 0x4ee010 OpenProcessToken

• 0x4ee014 RegQueryValueExA

• 0x4ee018 RegOpenKeyExA

• 0x4ee01c RegQueryValueExW

• 0x4ee020 RegDeleteValueW

• 0x4ee024 RegCreateKeyExW

• 0x4ee028 RegEnumKeyExW

• 0x4ee02c RegQueryInfoKeyW

• 0x4ee030 RegDeleteKeyW

• 0x4ee034 RegSetValueExW

• 0x4ee038 RegOpenKeyExW

• 0x4ee03c RegCloseKey

Library ole32.dll:

• 0x4ee670 CoCreateGuid

• 0x4ee674 CoSetProxyBlanket

• 0x4ee678 CoInitialize

• 0x4ee67c CoUninitialize

• 0x4ee680 CoTaskMemFree

• 0x4ee684 CoInitializeSecurity

• 0x4ee688 CreateBindCtx

• 0x4ee68c CreateStreamOnHGlobal

• 0x4ee690 CoTaskMemAlloc

• 0x4ee694 CoTaskMemRealloc

• 0x4ee698 CoCreateInstance

Library SHELL32.dll:

• 0x4ee3f4 CommandLineToArgvW

• 0x4ee3f8 SHGetFolderPathW

• 0x4ee3fc SHGetSpecialFolderPathW

• 0x4ee400 SHGetPathFromIDListW

• 0x4ee404 SHGetSpecialFolderLocation

• 0x4ee408 SHFileOperationW

• 0x4ee40c ShellExecuteA

Library OLEAUT32.dll:

• 0x4ee390 VariantClear

• 0x4ee394 SysFreeString

• 0x4ee398 SysAllocStringLen

• 0x4ee39c VariantInit

• 0x4ee3a0 VariantCopy

• 0x4ee3a4 VariantTimeToSystemTime

• 0x4ee3a8 VariantChangeType

• 0x4ee3ac SysStringByteLen

• 0x4ee3b0 SysAllocStringByteLen

• 0x4ee3b4 VarBstrCmp

• 0x4ee3b8 SysStringLen

• 0x4ee3bc SysAllocString

• 0x4ee3c0 VarUI4FromStr

• 0x4ee3c4 VarDateFromStr

Library SHLWAPI.dll:

• 0x4ee414 PathRemoveFileSpecW

• 0x4ee418 PathAppendW

• 0x4ee41c PathFileExistsW

• 0x4ee420 PathAddBackslashA

• 0x4ee424 PathFindFileNameW

• 0x4ee428 PathIsDirectoryW

• 0x4ee42c StrStrIA

• 0x4ee430 PathIsUNCW

• 0x4ee434 PathIsNetworkPathW

• 0x4ee438 SHSetValueA

• 0x4ee43c SHGetValueA

• 0x4ee440 StrStrA

• 0x4ee444 PathRemoveFileSpecA

• 0x4ee448 PathCombineW

• 0x4ee44c PathIsRootW

• 0x4ee450 PathFileExistsA

• 0x4ee454 PathIsRelativeW

• 0x4ee458 PathIsNetworkPathA

Library COMCTL32.dll:

• 0x4ee044 InitCommonControlsEx

• 0x4ee048 _TrackMouseEvent

Library GDI32.dll:

• 0x4ee050 DeleteDC

• 0x4ee054 SetBkMode

• 0x4ee058 SelectObject

• 0x4ee05c SetTextColor

• 0x4ee060 SetBkColor

• 0x4ee064 ExtTextOutW

• 0x4ee068 CreateCompatibleDC

• 0x4ee06c PatBlt

• 0x4ee070 GetObjectW

• 0x4ee074 GetStockObject

• 0x4ee078 CreateFontIndirectW

• 0x4ee07c CreateDCW

• 0x4ee080 BitBlt

• 0x4ee084 SetStretchBltMode

• 0x4ee088 StretchBlt

• 0x4ee08c EnumFontFamiliesW

• 0x4ee090 CreateFontW

• 0x4ee094 ChoosePixelFormat

• 0x4ee098 SetPixelFormat

• 0x4ee09c SwapBuffers

• 0x4ee0a0 DeleteObject

Library MSIMG32.dll:

• 0x4ee374 AlphaBlend

Library OPENGL32.dll:

• 0x4ee3cc wglMakeCurrent

• 0x4ee3d0 wglDeleteContext

• 0x4ee3d4 wglCreateContext

Library gdiplus.dll:

• 0x4ee648 GdipCreateBitmapFromFile

• 0x4ee64c GdipCreateBitmapFromStream

• 0x4ee650 GdipCreateHBITMAPFromBitmap

• 0x4ee654 GdipDisposeImage

• 0x4ee658 GdipCloneImage

• 0x4ee65c GdipCreateBitmapFromScan0

• 0x4ee660 GdipFree

• 0x4ee664 GdipAlloc

• 0x4ee668 GdiplusStartup

Library OLEACC.dll:

• 0x4ee384 WindowFromAccessibleObject

• 0x4ee388 AccessibleObjectFromWindow

Library VERSION.dll:

• 0x4ee574 GetFileVersionInfoSizeW

• 0x4ee578 VerQueryValueW

• 0x4ee57c GetFileVersionInfoW

Library WS2_32.dll:

• 0x4ee5d0 WSACreateEvent

• 0x4ee5d4 WSARecv

• 0x4ee5d8 WSAGetOverlappedResult

• 0x4ee5dc WSASend

• 0x4ee5e0 WSAResetEvent

• 0x4ee5e4 WSAEnumNetworkEvents

• 0x4ee5e8 WSASetEvent

• 0x4ee5ec WSAGetLastError

• 0x4ee5f0 WSASocketW

• 0x4ee5f4 WSACloseEvent

• 0x4ee5f8 closesocket

• 0x4ee5fc WSACleanup

• 0x4ee600 WSAStartup

• 0x4ee604 getaddrinfo

• 0x4ee608 freeaddrinfo

• 0x4ee60c WSASetLastError

• 0x4ee610 WSAEventSelect

• 0x4ee614 shutdown

• 0x4ee618 WSAConnect

• 0x4ee61c ioctlsocket

• 0x4ee620 connect

• 0x4ee624 send

• 0x4ee628 socket

• 0x4ee62c recv

• 0x4ee630 setsockopt

• 0x4ee634 ntohs

• 0x4ee638 htons

• 0x4ee63c htonl

• 0x4ee640 ntohl

Library WINMM.dll:

• 0x4ee5c4 timeBeginPeriod

• 0x4ee5c8 timeEndPeriod

Library WININET.dll:

• 0x4ee584 HttpEndRequestW

• 0x4ee588 InternetWriteFile

• 0x4ee58c HttpSendRequestExA

• 0x4ee590 HttpSendRequestA

• 0x4ee594 InternetSetCookieA

• 0x4ee598 HttpAddRequestHeadersA

• 0x4ee59c HttpOpenRequestA

• 0x4ee5a0 InternetAttemptConnect

• 0x4ee5a4 InternetConnectA

• 0x4ee5a8 InternetOpenA

• 0x4ee5ac InternetReadFile

• 0x4ee5b0 HttpQueryInfoW

• 0x4ee5b4 InternetCloseHandle

• 0x4ee5b8 InternetOpenUrlW

• 0x4ee5bc InternetOpenW

Library urlmon.dll:

• 0x4ee6a0 CreateURLMoniker

• 0x4ee6a4 RegisterBindStatusCallback

Library IPHLPAPI.DLL:

• 0x4ee0a8 GetAdaptersInfo

Library SETUPAPI.dll:

• 0x4ee3dc SetupDiGetClassDevsW

• 0x4ee3e0 SetupDiDestroyDeviceInfoList

• 0x4ee3e4 CM_Get_Device_IDW

• 0x4ee3e8 SetupDiGetDeviceRegistryPropertyW

• 0x4ee3ec SetupDiEnumDeviceInfo

Hosts

No hosts contacted.

DNS

Name	Response	Post-Analysis Lookup
dns.msftncsi.com	A 131.107.255.255	131.107.255.255
www.yiwanzhushou.com	A 111.206.250.153	111.206.250.153
stat.yiwanzhushou.com	A 36.110.213.203	36.110.213.203
dns.msftncsi.com	AAAA fd3e:4f5a:5b81::1	131.107.255.255
teredo.ipv6.microsoft.com

TCP

Source	Source Port	Destination	Destination Port
52.218.98.76	80	192.168.56.101	49193

UDP

Source	Source Port	Destination	Destination Port
192.168.56.101	49235	114.114.114.114	53
192.168.56.101	50534	114.114.114.114	53
192.168.56.101	51808	114.114.114.114	53
192.168.56.101	56539	114.114.114.114	53
192.168.56.101	58367	114.114.114.114	53
192.168.56.101	65004	114.114.114.114	53
192.168.56.101	137	192.168.56.255	137
192.168.56.101	138	192.168.56.255	138
192.168.56.101	55368	224.0.0.252	5355
192.168.56.101	56804	224.0.0.252	5355
192.168.56.101	60123	224.0.0.252	5355
192.168.56.101	62191	224.0.0.252	5355
192.168.56.101	1900	239.255.255.250	1900
192.168.56.101	51809	239.255.255.250	3702
192.168.56.101	56540	239.255.255.250	3702
192.168.56.101	56807	239.255.255.250	1900
192.168.56.101	58707	239.255.255.250	3702

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.

Sorry! No dropped buffers.