SmartHawk

6.4

高危

47 个模型检测该样本为恶意！

重新分析

下载样本

cb8a4128db4a6ea7a6034b49a8280a1dc1cee51d1bb6302302b65dd2f7bd8dad

377d2a4a49f858a90aecc4863a3b04ed.exe

分析耗时

77s

最近分析

文件大小

464.1KB

静态报毒动态报毒 AI SCORE=84 CKGENERIC ELDORADO EMOTET EPAZ EUNK GENCIRC GENERIC@ML GENETIC GENKRYPTIK HIGH CONFIDENCE HQRSPV Q+EVDLRVOCWJNGCSXQ0EW R347080 RDML RLHES SCORE THHOFBO UNSAFE WACATAC 更多

未检测暂无鹰眼引擎检测结果

查杀引擎	查杀结果	查杀时间	查杀版本
McAfee	Emotet-FRS!377D2A4A49F8	20200821	6.0.6.653
Baidu		20190318	1.0.0.2
Alibaba	Trojan:Win32/Emotet.5ea46e5a	20190527	0.3.0.5
Kingsoft		20200821	2013.8.14.323
Tencent	Malware.Win32.Gencirc.10cde663	20200821	1.0.0.1
Avast		20200824	18.4.3895.0
CrowdStrike		20190702	1.0

Queries for the computername (1 个事件)

Time & API	Arguments	Status	Return	Repeated
1619345047.202531 GetComputerNameA	computer_name: OSKAR-PC	success	1	0

Uses Windows APIs to generate a cryptographic key (3 个事件)

Time & API	Arguments	Status	Return
1619345038.264531 CryptGenKey	crypto_handle: 0x00566110 algorithm_identifier: 0x0000660e () provider_handle: 0x005653a8 flags: 1 key: fÝdúÎ´¬ä¹¨Ãó m-	success	1
1619345047.217531 CryptExportKey	crypto_handle: 0x00566110 crypto_export_handle: 0x00565368 buffer: f¤eÜ¨èòj!k=>ÊÑ×ÊÎçY9ðßF(¾³½Ýf,ôòu6³j:3Ø÷âûqIn'yílYðÛ4RåÈE8ÈmPºM+@iúÀUÎ1å1¸¬, blob_type: 1 flags: 64	success	1
1619345083.327531 CryptExportKey	crypto_handle: 0x00566110 crypto_export_handle: 0x00565368 buffer: f¤¶le\|òFh[F½`/©ã"û9Zé~(Ã§}±ëõÁýO×±@Ô·Å©D5Ó÷ÐªÐ2ü{NÊa³Vt\|Á´náý;hxº blob_type: 1 flags: 64	success	1

The executable uses a known packer (1 个事件)

packer

Armadillo v1.71

Allocates read-write-execute memory (usually to unpack itself) (1 个事件)

Time & API	Arguments	Status	Return	Repeated
1619345037.374531 NtAllocateVirtualMemory	process_identifier: 2080 region_size: 36864 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 12289 (MEM_COMMIT\|MEM_RESERVE) base_address: 0x01fe0000	success	0	0

Checks adapter addresses which can be used to detect virtual network interfaces (1 个事件)

Time & API	Arguments	Status	Return	Repeated
1619345047.686531 GetAdaptersAddresses	flags: 0 family: 0	failed	111	0

The binary likely contains encrypted or compressed data indicative of a packer (1 个事件)

entropy

7.090853604635324

section

{'size_of_data': '0x00011000', 'virtual_address': '0x00067000', 'entropy': 7.090853604635324, 'name': '.rsrc', 'virtual_size': '0x00010e98'}

description

A section with a high entropy has been found

Expresses interest in specific running processes (1 个事件)

process

377d2a4a49f858a90aecc4863a3b04ed.exe

Reads the systems User Agent and subsequently performs requests (1 个事件)

Time & API	Arguments	Status	Return	Repeated
1619345047.358531 InternetOpenW	proxy_bypass: access_type: 0 proxy_name: flags: 0 user_agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)	success	13369348	0

Communicates with host for which no DNS query was performed (3 个事件)

host	172.217.24.14
host	204.197.146.48
host	212.51.142.238

Sets or modifies WPAD proxy autoconfiguration file for traffic interception (8 个事件)

Time & API	Arguments	Status
1619345050.249531 RegSetValueExA	key_handle: 0x000003c8 value: 1 regkey_r: WpadDecisionReason reg_type: 4 (REG_DWORD) regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionReason	success
1619345050.249531 RegSetValueExA	key_handle: 0x000003c8 value: À$XÚÁ9× regkey_r: WpadDecisionTime reg_type: 3 (REG_BINARY) regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionTime	success
1619345050.249531 RegSetValueExA	key_handle: 0x000003c8 value: 3 regkey_r: WpadDecision reg_type: 4 (REG_DWORD) regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecision	success
1619345050.249531 RegSetValueExW	key_handle: 0x000003c8 value: 网络 2 regkey_r: WpadNetworkName reg_type: 1 (REG_SZ) regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadNetworkName	success
1619345050.249531 RegSetValueExA	key_handle: 0x000003e0 value: 1 regkey_r: WpadDecisionReason reg_type: 4 (REG_DWORD) regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionReason	success
1619345050.249531 RegSetValueExA	key_handle: 0x000003e0 value: À$XÚÁ9× regkey_r: WpadDecisionTime reg_type: 3 (REG_BINARY) regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionTime	success
1619345050.249531 RegSetValueExA	key_handle: 0x000003e0 value: 3 regkey_r: WpadDecision reg_type: 4 (REG_DWORD) regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecision	success
1619345050.280531 RegSetValueExW	key_handle: 0x000003c4 value: {40112ABE-63B3-43C3-BE93-1440EE3AF106} regkey_r: WpadLastNetwork reg_type: 1 (REG_SZ) regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\WpadLastNetwork	success

File has been identified by 47 AntiVirus engines on VirusTotal as malicious (47 个事件)

Elastic	malicious (high confidence)
MicroWorld-eScan	Trojan.Agent.EUNK
FireEye	Generic.mg.377d2a4a49f858a9
CAT-QuickHeal	Trojan.CKGENERIC
McAfee	Emotet-FRS!377D2A4A49F8
Cylance	Unsafe
VIPRE	Trojan.Win32.Generic!BT
K7AntiVirus	Riskware ( 0040eff71 )
BitDefender	Trojan.Agent.EUNK
K7GW	Riskware ( 0040eff71 )
TrendMicro	Trojan.Win32.WACATAC.THHOFBO
F-Prot	W32/Emotet.AOW.gen!Eldorado
Symantec	Trojan.Emotet
APEX	Malicious
Kaspersky	HEUR:Backdoor.Win32.Emotet.vho
Alibaba	Trojan:Win32/Emotet.5ea46e5a
NANO-Antivirus	Trojan.Win32.Emotet.hqrspv
ViRobot	Trojan.Win32.Emotet.475136.C
Rising	Trojan.Generic@ML.83 (RDML:/q+evdLRVoCWjnGCsxQ0ew)
Ad-Aware	Trojan.Agent.EUNK
TACHYON	Trojan/W32.Agent.475219
F-Secure	Trojan.TR/AD.Emotet.rlhes
DrWeb	Trojan.Emotet.994
Zillya	Backdoor.Emotet.Win32.855
Sophos	Troj/Emotet-CKQ
Cyren	W32/Emotet.AOW.gen!Eldorado
Jiangmin	Backdoor.Emotet.ps
Avira	TR/AD.Emotet.rlhes
Antiy-AVL	Trojan/Win32.Generic
Microsoft	Trojan:Win32/Emotet.ARJ!MTB
Arcabit	Trojan.Agent.EUNK
ZoneAlarm	HEUR:Backdoor.Win32.Emotet.vho
GData	Trojan.Agent.EUNK
Cynet	Malicious (score: 85)
AhnLab-V3	Trojan/Win32.Emotet.R347080
ALYac	Trojan.Agent.Emotet
MAX	malware (ai score=84)
VBA32	Trojan.Emotet
Malwarebytes	Trojan.Emotet
Panda	Trj/Genetic.gen
ESET-NOD32	Win32/Emotet.CD
TrendMicro-HouseCall	Trojan.Win32.WACATAC.THHOFBO
Tencent	Malware.Win32.Gencirc.10cde663
Ikarus	Trojan-Banker.Emotet
Fortinet	W32/GenKryptik.EPAZ!tr
AVG	Win32:Malware-gen
Qihoo-360	Generic/Trojan.eaf

Connects to IP addresses that are no longer responding to requests (legitimate services will remain up-and-running usually) (2 个事件)

dead_host	212.51.142.238:8080
dead_host	204.197.146.48:80

暂无二进制图像该样本未生成二进制可视化图像

暂无运行截图该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手，可以帮您分析和解读恶意软件报告。请随时向我提问！

🔍 主要威胁分析

⚡ 行为特征

🛡️ 防护建议

🔧 技术手段

🎯 检测方法

🤖

Static Analysis
Strings

PE Compile Time

2020-08-06 03:42:04

Imports

Library KERNEL32.dll:

• 0x44d1d4 UnhandledExceptionFilter

• 0x44d1d8 FreeEnvironmentStringsA

• 0x44d1dc FreeEnvironmentStringsW

• 0x44d1e0 GetEnvironmentStrings

• 0x44d1e4 GetEnvironmentStringsW

• 0x44d1e8 SetHandleCount

• 0x44d1ec GetStdHandle

• 0x44d1f0 GetFileType

• 0x44d1f4 HeapDestroy

• 0x44d1f8 HeapCreate

• 0x44d1fc VirtualFree

• 0x44d200 SetUnhandledExceptionFilter

• 0x44d204 VirtualAlloc

• 0x44d208 IsBadWritePtr

• 0x44d20c GetStringTypeA

• 0x44d210 Sleep

• 0x44d214 IsBadReadPtr

• 0x44d218 IsBadCodePtr

• 0x44d21c IsValidLocale

• 0x44d220 IsValidCodePage

• 0x44d224 GetLocaleInfoA

• 0x44d228 EnumSystemLocalesA

• 0x44d22c GetUserDefaultLCID

• 0x44d230 SetConsoleCtrlHandler

• 0x44d234 SetStdHandle

• 0x44d238 GetLocaleInfoW

• 0x44d23c CompareStringA

• 0x44d240 CompareStringW

• 0x44d244 SetEnvironmentVariableA

• 0x44d248 LCMapStringW

• 0x44d24c LCMapStringA

• 0x44d250 FatalAppExitA

• 0x44d254 GetLocalTime

• 0x44d258 GetCurrentThreadId

• 0x44d25c GetSystemTime

• 0x44d260 GetTimeZoneInformation

• 0x44d264 GetACP

• 0x44d268 HeapReAlloc

• 0x44d26c HeapSize

• 0x44d270 TerminateProcess

• 0x44d274 ExitThread

• 0x44d278 CreateThread

• 0x44d27c HeapFree

• 0x44d280 HeapAlloc

• 0x44d284 RaiseException

• 0x44d288 ExitProcess

• 0x44d28c GetCommandLineA

• 0x44d290 GetStartupInfoA

• 0x44d294 RtlUnwind

• 0x44d298 CopyFileA

• 0x44d29c GlobalSize

• 0x44d2a0 SetFileAttributesA

• 0x44d2a4 SetFileTime

• 0x44d2a8 SystemTimeToFileTime

• 0x44d2ac LocalFileTimeToFileTime

• 0x44d2b0 GetFileTime

• 0x44d2b4 GetFileSize

• 0x44d2b8 GetFileAttributesA

• 0x44d2bc GetTickCount

• 0x44d2c0 FileTimeToLocalFileTime

• 0x44d2c4 FileTimeToSystemTime

• 0x44d2c8 lstrlenW

• 0x44d2cc GetShortPathNameA

• 0x44d2d0 GetStringTypeExA

• 0x44d2d4 GetFullPathNameA

• 0x44d2d8 GetVolumeInformationA

• 0x44d2dc FindFirstFileA

• 0x44d2e0 FindClose

• 0x44d2e4 DeleteFileA

• 0x44d2e8 MoveFileA

• 0x44d2ec SetEndOfFile

• 0x44d2f0 UnlockFile

• 0x44d2f4 LockFile

• 0x44d2f8 FlushFileBuffers

• 0x44d2fc SetFilePointer

• 0x44d300 WriteFile

• 0x44d304 ReadFile

• 0x44d308 CreateFileA

• 0x44d30c GetCurrentProcess

• 0x44d310 DuplicateHandle

• 0x44d314 SetErrorMode

• 0x44d318 GetThreadLocale

• 0x44d31c GetCurrentDirectoryA

• 0x44d320 WritePrivateProfileStringA

• 0x44d324 GetPrivateProfileStringA

• 0x44d328 GetPrivateProfileIntA

• 0x44d32c SizeofResource

• 0x44d330 GetOEMCP

• 0x44d334 GetCPInfo

• 0x44d338 GetProcessVersion

• 0x44d33c GlobalFlags

• 0x44d340 TlsGetValue

• 0x44d344 LocalReAlloc

• 0x44d348 TlsSetValue

• 0x44d34c EnterCriticalSection

• 0x44d350 GlobalReAlloc

• 0x44d354 LeaveCriticalSection

• 0x44d358 TlsFree

• 0x44d35c GlobalHandle

• 0x44d360 DeleteCriticalSection

• 0x44d364 TlsAlloc

• 0x44d368 InitializeCriticalSection

• 0x44d36c LocalAlloc

• 0x44d370 GetLastError

• 0x44d374 GetModuleFileNameA

• 0x44d378 GlobalAlloc

• 0x44d37c GetCurrentThread

• 0x44d380 CreateEventA

• 0x44d384 SuspendThread

• 0x44d388 SetThreadPriority

• 0x44d38c ResumeThread

• 0x44d390 SetEvent

• 0x44d394 WaitForSingleObject

• 0x44d398 CloseHandle

• 0x44d39c lstrcmpA

• 0x44d3a0 GlobalFree

• 0x44d3a4 lstrcpynA

• 0x44d3a8 FormatMessageA

• 0x44d3ac LocalFree

• 0x44d3b0 GlobalLock

• 0x44d3b4 GlobalUnlock

• 0x44d3b8 MulDiv

• 0x44d3bc SetLastError

• 0x44d3c0 MultiByteToWideChar

• 0x44d3c4 WideCharToMultiByte

• 0x44d3c8 lstrlenA

• 0x44d3cc InterlockedDecrement

• 0x44d3d0 InterlockedIncrement

• 0x44d3d4 LoadLibraryA

• 0x44d3d8 FreeLibrary

• 0x44d3dc FindResourceA

• 0x44d3e0 LoadResource

• 0x44d3e4 LockResource

• 0x44d3e8 GetVersion

• 0x44d3ec lstrcatA

• 0x44d3f0 GlobalGetAtomNameA

• 0x44d3f4 lstrcmpiA

• 0x44d3f8 GlobalAddAtomA

• 0x44d3fc GlobalFindAtomA

• 0x44d400 GlobalDeleteAtom

• 0x44d404 lstrcpyA

• 0x44d408 GetModuleHandleA

• 0x44d40c GetProcAddress

• 0x44d410 LoadLibraryExA

• 0x44d414 GetVersionExA

• 0x44d418 GetStringTypeW

Library USER32.dll:

• 0x44d4d0 SetWindowContextHelpId

• 0x44d4d4 MapDialogRect

• 0x44d4d8 wvsprintfA

• 0x44d4dc LoadStringA

• 0x44d4e0 LoadCursorA

• 0x44d4e4 GetSysColorBrush

• 0x44d4e8 GetDialogBaseUnits

• 0x44d4ec GetDCEx

• 0x44d4f0 LockWindowUpdate

• 0x44d4f4 WaitMessage

• 0x44d4f8 GetWindowThreadProcessId

• 0x44d4fc InsertMenuA

• 0x44d500 DeleteMenu

• 0x44d504 GetMenuStringA

• 0x44d508 CharNextA

• 0x44d50c CopyAcceleratorTableA

• 0x44d510 GetNextDlgGroupItem

• 0x44d514 MessageBeep

• 0x44d518 SetParent

• 0x44d51c InvertRect

• 0x44d520 FillRect

• 0x44d524 CharUpperA

• 0x44d528 RegisterClipboardFormatA

• 0x44d52c RemoveMenu

• 0x44d530 PostThreadMessageA

• 0x44d534 CreateDialogIndirectParamA

• 0x44d538 UnpackDDElParam

• 0x44d53c ReuseDDElParam

• 0x44d540 SetMenu

• 0x44d544 LoadMenuA

• 0x44d548 GetDesktopWindow

• 0x44d54c SetCursor

• 0x44d550 LoadAcceleratorsA

• 0x44d554 GetActiveWindow

• 0x44d558 RedrawWindow

• 0x44d55c DefMDIChildProcA

• 0x44d560 DrawMenuBar

• 0x44d564 TranslateAcceleratorA

• 0x44d568 TranslateMDISysAccel

• 0x44d56c DefFrameProcA

• 0x44d570 BringWindowToTop

• 0x44d574 DestroyMenu

• 0x44d578 EndPaint

• 0x44d57c BeginPaint

• 0x44d580 GetWindowDC

• 0x44d584 OemToCharA

• 0x44d588 CharToOemA

• 0x44d58c GetMenuCheckMarkDimensions

• 0x44d590 GetMenuState

• 0x44d594 ModifyMenuA

• 0x44d598 SetMenuItemBitmaps

• 0x44d59c CheckMenuItem

• 0x44d5a0 EnableMenuItem

• 0x44d5a4 GetNextDlgTabItem

• 0x44d5a8 IsWindowEnabled

• 0x44d5ac ShowWindow

• 0x44d5b0 MoveWindow

• 0x44d5b4 SetWindowTextA

• 0x44d5b8 IsDialogMessageA

• 0x44d5bc ScrollWindowEx

• 0x44d5c0 IsDlgButtonChecked

• 0x44d5c4 SetDlgItemTextA

• 0x44d5c8 SetDlgItemInt

• 0x44d5cc GetDlgItemTextA

• 0x44d5d0 GetDlgItemInt

• 0x44d5d4 CheckRadioButton

• 0x44d5d8 CheckDlgButton

• 0x44d5dc SendDlgItemMessageA

• 0x44d5e0 ShowOwnedPopups

• 0x44d5e4 PeekMessageA

• 0x44d5e8 SetActiveWindow

• 0x44d5ec IsWindow

• 0x44d5f0 SetFocus

• 0x44d5f4 AdjustWindowRectEx

• 0x44d5f8 DeferWindowPos

• 0x44d5fc BeginDeferWindowPos

• 0x44d600 EndDeferWindowPos

• 0x44d604 ScrollWindow

• 0x44d608 GetScrollInfo

• 0x44d60c ShowScrollBar

• 0x44d610 GetScrollRange

• 0x44d614 SetScrollRange

• 0x44d618 GetScrollPos

• 0x44d61c SetScrollPos

• 0x44d620 GetTopWindow

• 0x44d624 MessageBoxA

• 0x44d628 IsChild

• 0x44d62c WinHelpA

• 0x44d630 wsprintfA

• 0x44d634 GetClassInfoA

• 0x44d638 RegisterClassA

• 0x44d63c GetMenuItemID

• 0x44d640 TrackPopupMenu

• 0x44d644 SetWindowPlacement

• 0x44d648 GetDlgItem

• 0x44d64c GetWindowTextLengthA

• 0x44d650 GetWindowTextA

• 0x44d654 DefWindowProcA

• 0x44d658 DestroyWindow

• 0x44d65c CreateWindowExA

• 0x44d660 GetClassLongA

• 0x44d664 GetMessageTime

• 0x44d668 GetMessagePos

• 0x44d66c GetLastActivePopup

• 0x44d670 SetForegroundWindow

• 0x44d674 RegisterWindowMessageA

• 0x44d678 GetWindowPlacement

• 0x44d67c GetSubMenu

• 0x44d680 IsIconic

• 0x44d684 DrawIcon

• 0x44d688 AppendMenuA

• 0x44d68c LoadIconA

• 0x44d690 SetWindowPos

• 0x44d694 TrackMouseEvent

• 0x44d698 IntersectRect

• 0x44d69c UpdateWindow

• 0x44d6a0 TrackPopupMenuEx

• 0x44d6a4 CallWindowProcA

• 0x44d6a8 GetForegroundWindow

• 0x44d6ac GetWindowLongA

• 0x44d6b0 CallNextHookEx

• 0x44d6b4 EqualRect

• 0x44d6b8 IsWindowVisible

• 0x44d6bc SetWindowLongA

• 0x44d6c0 UnhookWindowsHookEx

• 0x44d6c4 SetWindowsHookExA

• 0x44d6c8 GetMenuItemRect

• 0x44d6cc OffsetRect

• 0x44d6d0 IsMenu

• 0x44d6d4 GetMenuItemCount

• 0x44d6d8 GetSystemMenu

• 0x44d6dc SetRectEmpty

• 0x44d6e0 SetMenuItemInfoA

• 0x44d6e4 GetClassNameA

• 0x44d6e8 GetMenu

• 0x44d6ec GetPropA

• 0x44d6f0 SetPropA

• 0x44d6f4 RemovePropA

• 0x44d6f8 PostQuitMessage

• 0x44d6fc SetRect

• 0x44d700 IsZoomed

• 0x44d704 TranslateMessage

• 0x44d708 MapWindowPoints

• 0x44d70c EndDialog

• 0x44d710 SystemParametersInfoA

• 0x44d714 DrawStateA

• 0x44d718 DestroyIcon

• 0x44d71c LoadBitmapA

• 0x44d720 GetMenuItemInfoA

• 0x44d724 GrayStringA

• 0x44d728 DrawTextA

• 0x44d72c TabbedTextOutA

• 0x44d730 GetCursorPos

• 0x44d734 WindowFromPoint

• 0x44d738 ScreenToClient

• 0x44d73c PostMessageA

• 0x44d740 GetCapture

• 0x44d744 SetCapture

• 0x44d748 SetTimer

• 0x44d74c PtInRect

• 0x44d750 GetMessageA

• 0x44d754 ClientToScreen

• 0x44d758 DispatchMessageA

• 0x44d75c ReleaseCapture

• 0x44d760 KillTimer

• 0x44d764 GetDlgCtrlID

• 0x44d768 DrawFrameControl

• 0x44d76c IsRectEmpty

• 0x44d770 GetDC

• 0x44d774 ReleaseDC

• 0x44d778 InvalidateRect

• 0x44d77c GetClientRect

• 0x44d780 ValidateRect

• 0x44d784 GetFocus

• 0x44d788 GetKeyState

• 0x44d78c GetSystemMetrics

• 0x44d790 GetWindowRect

• 0x44d794 GetWindow

• 0x44d798 EnableWindow

• 0x44d79c CopyRect

• 0x44d7a0 GetSysColor

• 0x44d7a4 GetParent

• 0x44d7a8 SendMessageA

• 0x44d7ac InflateRect

• 0x44d7b0 DrawFocusRect

• 0x44d7b4 SetScrollInfo

• 0x44d7b8 UnregisterClassA

Library GDI32.dll:

• 0x44d064 PolyBezierTo

• 0x44d068 GetClipRgn

• 0x44d06c CreateRectRgn

• 0x44d070 SelectClipPath

• 0x44d074 ExtSelectClipRgn

• 0x44d078 PlayMetaFileRecord

• 0x44d07c GetObjectType

• 0x44d080 EnumMetaFile

• 0x44d084 PlayMetaFile

• 0x44d088 GetDeviceCaps

• 0x44d08c GetViewportExtEx

• 0x44d090 GetWindowExtEx

• 0x44d094 ExtCreatePen

• 0x44d098 CreateHatchBrush

• 0x44d09c CreatePatternBrush

• 0x44d0a0 CreateDIBPatternBrushPt

• 0x44d0a4 GetMapMode

• 0x44d0a8 PatBlt

• 0x44d0ac SetColorAdjustment

• 0x44d0b0 CombineRgn

• 0x44d0b4 CreateRectRgnIndirect

• 0x44d0b8 DPtoLP

• 0x44d0bc StretchDIBits

• 0x44d0c0 GetCharWidthA

• 0x44d0c4 CreateFontA

• 0x44d0c8 GetBkColor

• 0x44d0cc LPtoDP

• 0x44d0d0 CopyMetaFileA

• 0x44d0d4 CreateDCA

• 0x44d0d8 SetStretchBltMode

• 0x44d0dc SetROP2

• 0x44d0e0 SetPolyFillMode

• 0x44d0e4 SetBkMode

• 0x44d0e8 SelectPalette

• 0x44d0ec RestoreDC

• 0x44d0f0 SaveDC

• 0x44d0f4 StartDocA

• 0x44d0f8 PolylineTo

• 0x44d0fc PolyDraw

• 0x44d100 SetArcDirection

• 0x44d104 ArcTo

• 0x44d108 GetCurrentPositionEx

• 0x44d10c SetMapperFlags

• 0x44d110 SetTextCharacterExtra

• 0x44d114 SetMapMode

• 0x44d118 SetTextJustification

• 0x44d11c SetTextAlign

• 0x44d120 LineTo

• 0x44d124 MoveToEx

• 0x44d128 OffsetClipRgn

• 0x44d12c IntersectClipRect

• 0x44d130 ExcludeClipRect

• 0x44d134 SelectClipRgn

• 0x44d138 ScaleWindowExtEx

• 0x44d13c SetWindowExtEx

• 0x44d140 OffsetWindowOrgEx

• 0x44d144 SetWindowOrgEx

• 0x44d148 ScaleViewportExtEx

• 0x44d14c SetViewportExtEx

• 0x44d150 OffsetViewportOrgEx

• 0x44d154 SetRectRgn

• 0x44d158 Rectangle

• 0x44d15c CreateBitmap

• 0x44d160 SetBkColor

• 0x44d164 GetDCOrgEx

• 0x44d168 Ellipse

• 0x44d16c GetTextMetricsA

• 0x44d170 GetTextExtentPoint32A

• 0x44d174 Escape

• 0x44d178 ExtTextOutA

• 0x44d17c TextOutA

• 0x44d180 RectVisible

• 0x44d184 PtVisible

• 0x44d188 SetPixel

• 0x44d18c GetPixel

• 0x44d190 GetTextColor

• 0x44d194 GetCurrentObject

• 0x44d198 CreateFontIndirectA

• 0x44d19c DeleteObject

• 0x44d1a0 SetTextColor

• 0x44d1a4 CreateSolidBrush

• 0x44d1a8 GetObjectA

• 0x44d1ac CreatePen

• 0x44d1b0 GetClipBox

• 0x44d1b4 CreateCompatibleDC

• 0x44d1b8 CreateCompatibleBitmap

• 0x44d1bc BitBlt

• 0x44d1c0 DeleteDC

• 0x44d1c4 SelectObject

• 0x44d1c8 GetStockObject

• 0x44d1cc SetViewportOrgEx

Library comdlg32.dll:

• 0x44d7d0 GetSaveFileNameA

• 0x44d7d4 GetFileTitleA

• 0x44d7d8 GetOpenFileNameA

Library WINSPOOL.DRV:

• 0x44d7c0 ClosePrinter

• 0x44d7c4 DocumentPropertiesA

• 0x44d7c8 OpenPrinterA

Library ADVAPI32.dll:

• 0x44d000 RegCreateKeyA

• 0x44d004 RegCreateKeyExA

• 0x44d008 RegOpenKeyExA

• 0x44d00c RegQueryValueExA

• 0x44d010 RegSetValueExA

• 0x44d014 RegDeleteValueA

• 0x44d018 RegDeleteKeyA

• 0x44d01c RegOpenKeyA

• 0x44d020 RegSetValueA

• 0x44d024 RegQueryValueA

• 0x44d028 RegEnumKeyA

• 0x44d02c RegCloseKey

Library SHELL32.dll:

• 0x44d4b8 SHGetFileInfoA

• 0x44d4bc DragQueryFileA

• 0x44d4c0 DragFinish

• 0x44d4c4 DragAcceptFiles

• 0x44d4c8 ExtractIconA

Library COMCTL32.dll:

• 0x44d034 ImageList_Draw

• 0x44d038 ImageList_GetIcon

• 0x44d03c

• 0x44d040

• 0x44d044

• 0x44d048 ImageList_Destroy

• 0x44d04c ImageList_Create

• 0x44d050 ImageList_LoadImageA

• 0x44d054 ImageList_Merge

• 0x44d058 ImageList_Read

• 0x44d05c ImageList_Write

Library oledlg.dll:

• 0x44d864

Library ole32.dll:

• 0x44d7e0 CoTreatAsClass

• 0x44d7e4 StringFromCLSID

• 0x44d7e8 ReadClassStg

• 0x44d7ec ReadFmtUserTypeStg

• 0x44d7f0 OleRegGetUserType

• 0x44d7f4 WriteClassStg

• 0x44d7f8 WriteFmtUserTypeStg

• 0x44d7fc SetConvertStg

• 0x44d800 CreateBindCtx

• 0x44d804 OleDuplicateData

• 0x44d808 CoFreeUnusedLibraries

• 0x44d80c ReleaseStgMedium

• 0x44d810 OleInitialize

• 0x44d814 CoDisconnectObject

• 0x44d818 OleRun

• 0x44d81c CoCreateInstance

• 0x44d820 CoTaskMemAlloc

• 0x44d824 CoTaskMemFree

• 0x44d828 CreateILockBytesOnHGlobal

• 0x44d82c StgCreateDocfileOnILockBytes

• 0x44d830 StgOpenStorageOnILockBytes

• 0x44d834 CoGetClassObject

• 0x44d838 CLSIDFromString

• 0x44d83c CLSIDFromProgID

• 0x44d840 CoRegisterMessageFilter

• 0x44d844 CoRegisterClassObject

• 0x44d848 CoRevokeClassObject

• 0x44d84c CreateStreamOnHGlobal

• 0x44d850 OleIsCurrentClipboard

• 0x44d854 OleFlushClipboard

• 0x44d858 OleUninitialize

• 0x44d85c OleSetClipboard

Library OLEPRO32.DLL:

• 0x44d4b0

Library OLEAUT32.dll:

• 0x44d420 SysStringByteLen

• 0x44d424 LoadTypeLib

• 0x44d428 SysStringLen

• 0x44d42c SafeArrayDestroyDescriptor

• 0x44d430 SafeArrayDestroyData

• 0x44d434 SafeArrayDestroy

• 0x44d438 SafeArrayUnlock

• 0x44d43c SafeArrayLock

• 0x44d440 SafeArrayPutElement

• 0x44d444 SafeArrayPtrOfIndex

• 0x44d448 SafeArrayGetElement

• 0x44d44c SafeArrayAllocDescriptor

• 0x44d450 SafeArrayAllocData

• 0x44d454 SafeArrayCopy

• 0x44d458 VarBstrFromDate

• 0x44d45c VarDateFromStr

• 0x44d460 VarBstrFromCy

• 0x44d464 VarCyFromStr

• 0x44d468 VariantTimeToSystemTime

• 0x44d46c SysAllocStringByteLen

• 0x44d470 SafeArrayRedim

• 0x44d474 SafeArrayCreate

• 0x44d478 SafeArrayGetDim

• 0x44d47c SafeArrayGetElemsize

• 0x44d480 SafeArrayGetLBound

• 0x44d484 SafeArrayGetUBound

• 0x44d488 SafeArrayAccessData

• 0x44d48c SafeArrayUnaccessData

• 0x44d490 SysAllocString

• 0x44d494 SysReAllocStringLen

• 0x44d498 VariantChangeType

• 0x44d49c VariantCopy

• 0x44d4a0 VariantClear

• 0x44d4a4 SysAllocStringLen

• 0x44d4a8 SysFreeString

Hosts

No hosts contacted.

DNS

Name	Response	Post-Analysis Lookup
time.windows.com	A 20.189.79.72 CNAME time.microsoft.akadns.net
dns.msftncsi.com	A 131.107.255.255	131.107.255.255
dns.msftncsi.com	AAAA fd3e:4f5a:5b81::1	131.107.255.255
teredo.ipv6.microsoft.com		127.0.0.1

TCP

No TCP connections recorded.

UDP

Source	Source Port	Destination	Destination Port
192.168.56.101	49235	114.114.114.114	53
192.168.56.101	50534	114.114.114.114	53
192.168.56.101	56539	114.114.114.114	53
192.168.56.101	58367	114.114.114.114	53
192.168.56.101	65004	114.114.114.114	53
192.168.56.101	137	192.168.56.255	137
192.168.56.101	138	192.168.56.255	138
192.168.56.101	123	20.189.79.72 time.windows.com	123
192.168.56.101	53657	224.0.0.252	5355
192.168.56.101	55368	224.0.0.252	5355
192.168.56.101	56804	224.0.0.252	5355
192.168.56.101	60123	224.0.0.252	5355
192.168.56.101	62191	224.0.0.252	5355
192.168.56.101	1900	239.255.255.250	1900
192.168.56.101	56540	239.255.255.250	3702
192.168.56.101	56807	239.255.255.250	1900
192.168.56.101	58368	239.255.255.250	3702
192.168.56.101	58370	239.255.255.250	3702
192.168.56.101	58707	239.255.255.250	3702

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.

Sorry! No dropped buffers.