7.0
高危
1 个模型检测该样本为恶意!
重新分析
更多

3e9c124143f6d2a30c2e51dd74d66119601e585ea9d20726a2db8711cbd97d9a

38be0ed73da51cbce747a4b746991e2c.exe

分析耗时

82s

最近分析

文件大小

5.4MB
静态报毒 动态报毒 CHINA ZEUS
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
Alibaba 20190527 0.3.0.5
Baidu 20190318 1.0.0.2
Kingsoft 20200816 2013.8.14.323
McAfee 20200816 6.0.6.653
Tencent 20200816 1.0.0.1
CrowdStrike 20190702 1.0
静态指标
This executable is signed
This executable has a PDB path (1 个事件)
pdb_path H:\Work\publish\2345Pinyin\bin\Win32\Release\pdb\2345PinyinConfig.pdb
Tries to locate where the browsers are installed (1 个事件)
registry HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome
Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available (1 个事件)
Time & API Arguments Status Return Repeated
1619347969.206876
GlobalMemoryStatusEx
success 1 0
The executable contains unknown PE section names indicative of a packer (could be a false positive) (1 个事件)
section _RDATA
The file contains an unknown PE resource name possibly indicative of a packer (3 个事件)
resource name BIN
resource name PNG
resource name XML
行为判定
动态指标
HTTP traffic contains suspicious features which may be indicative of malware related traffic (2 个事件)
suspicious_features POST method with no referer header, POST method with no useragent header suspicious_request POST http://update.pinyin.2345.com/cloud_config_new.php
suspicious_features GET method with no useragent header suspicious_request GET http://download.2345.com/pinyin/dict/category/category.xml
Performs some HTTP requests (2 个事件)
request POST http://update.pinyin.2345.com/cloud_config_new.php
request GET http://download.2345.com/pinyin/dict/category/category.xml
Sends data using the HTTP POST Method (1 个事件)
request POST http://update.pinyin.2345.com/cloud_config_new.php
Allocates read-write-execute memory (usually to unpack itself) (1 个事件)
Time & API Arguments Status Return Repeated
1619347969.409876
NtAllocateVirtualMemory
process_identifier: 3044
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x03ae0000
success 0 0
Checks for known Chinese AV sofware registry keys (1 个事件)
regkey .*Kingsoft
Foreign language identified in PE resource (50 out of 125 个事件)
name BIN language LANG_CHINESE offset 0x00546b50 filetype Zip archive data, at least v1.0 to extract sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x0001373f
name PNG language LANG_CHINESE offset 0x0052ea28 filetype PNG image data, 36 x 36, 8-bit colormap, non-interlaced sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000335
name PNG language LANG_CHINESE offset 0x0052ea28 filetype PNG image data, 36 x 36, 8-bit colormap, non-interlaced sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000335
name PNG language LANG_CHINESE offset 0x0052ea28 filetype PNG image data, 36 x 36, 8-bit colormap, non-interlaced sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000335
name PNG language LANG_CHINESE offset 0x0052ea28 filetype PNG image data, 36 x 36, 8-bit colormap, non-interlaced sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000335
name PNG language LANG_CHINESE offset 0x0052ea28 filetype PNG image data, 36 x 36, 8-bit colormap, non-interlaced sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000335
name PNG language LANG_CHINESE offset 0x0052ea28 filetype PNG image data, 36 x 36, 8-bit colormap, non-interlaced sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000335
name PNG language LANG_CHINESE offset 0x0052ea28 filetype PNG image data, 36 x 36, 8-bit colormap, non-interlaced sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000335
name PNG language LANG_CHINESE offset 0x0052ea28 filetype PNG image data, 36 x 36, 8-bit colormap, non-interlaced sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000335
name PNG language LANG_CHINESE offset 0x0052ea28 filetype PNG image data, 36 x 36, 8-bit colormap, non-interlaced sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000335
name PNG language LANG_CHINESE offset 0x0052ea28 filetype PNG image data, 36 x 36, 8-bit colormap, non-interlaced sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000335
name PNG language LANG_CHINESE offset 0x0052ea28 filetype PNG image data, 36 x 36, 8-bit colormap, non-interlaced sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000335
name PNG language LANG_CHINESE offset 0x0052ea28 filetype PNG image data, 36 x 36, 8-bit colormap, non-interlaced sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000335
name PNG language LANG_CHINESE offset 0x0052ea28 filetype PNG image data, 36 x 36, 8-bit colormap, non-interlaced sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000335
name PNG language LANG_CHINESE offset 0x0052ea28 filetype PNG image data, 36 x 36, 8-bit colormap, non-interlaced sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000335
name PNG language LANG_CHINESE offset 0x0052ea28 filetype PNG image data, 36 x 36, 8-bit colormap, non-interlaced sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000335
name PNG language LANG_CHINESE offset 0x0052ea28 filetype PNG image data, 36 x 36, 8-bit colormap, non-interlaced sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000335
name PNG language LANG_CHINESE offset 0x0052ea28 filetype PNG image data, 36 x 36, 8-bit colormap, non-interlaced sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000335
name PNG language LANG_CHINESE offset 0x0052ea28 filetype PNG image data, 36 x 36, 8-bit colormap, non-interlaced sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000335
name PNG language LANG_CHINESE offset 0x0052ea28 filetype PNG image data, 36 x 36, 8-bit colormap, non-interlaced sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000335
name PNG language LANG_CHINESE offset 0x0052ea28 filetype PNG image data, 36 x 36, 8-bit colormap, non-interlaced sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000335
name PNG language LANG_CHINESE offset 0x0052ea28 filetype PNG image data, 36 x 36, 8-bit colormap, non-interlaced sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000335
name PNG language LANG_CHINESE offset 0x0052ea28 filetype PNG image data, 36 x 36, 8-bit colormap, non-interlaced sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000335
name PNG language LANG_CHINESE offset 0x0052ea28 filetype PNG image data, 36 x 36, 8-bit colormap, non-interlaced sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000335
name PNG language LANG_CHINESE offset 0x0052ea28 filetype PNG image data, 36 x 36, 8-bit colormap, non-interlaced sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000335
name PNG language LANG_CHINESE offset 0x0052ea28 filetype PNG image data, 36 x 36, 8-bit colormap, non-interlaced sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000335
name PNG language LANG_CHINESE offset 0x0052ea28 filetype PNG image data, 36 x 36, 8-bit colormap, non-interlaced sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000335
name PNG language LANG_CHINESE offset 0x0052ea28 filetype PNG image data, 36 x 36, 8-bit colormap, non-interlaced sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000335
name PNG language LANG_CHINESE offset 0x0052ea28 filetype PNG image data, 36 x 36, 8-bit colormap, non-interlaced sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000335
name PNG language LANG_CHINESE offset 0x0052ea28 filetype PNG image data, 36 x 36, 8-bit colormap, non-interlaced sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000335
name PNG language LANG_CHINESE offset 0x0052ea28 filetype PNG image data, 36 x 36, 8-bit colormap, non-interlaced sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000335
name PNG language LANG_CHINESE offset 0x0052ea28 filetype PNG image data, 36 x 36, 8-bit colormap, non-interlaced sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000335
name PNG language LANG_CHINESE offset 0x0052ea28 filetype PNG image data, 36 x 36, 8-bit colormap, non-interlaced sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000335
name PNG language LANG_CHINESE offset 0x0052ea28 filetype PNG image data, 36 x 36, 8-bit colormap, non-interlaced sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000335
name PNG language LANG_CHINESE offset 0x0052ea28 filetype PNG image data, 36 x 36, 8-bit colormap, non-interlaced sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000335
name PNG language LANG_CHINESE offset 0x0052ea28 filetype PNG image data, 36 x 36, 8-bit colormap, non-interlaced sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000335
name PNG language LANG_CHINESE offset 0x0052ea28 filetype PNG image data, 36 x 36, 8-bit colormap, non-interlaced sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000335
name PNG language LANG_CHINESE offset 0x0052ea28 filetype PNG image data, 36 x 36, 8-bit colormap, non-interlaced sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000335
name PNG language LANG_CHINESE offset 0x0052ea28 filetype PNG image data, 36 x 36, 8-bit colormap, non-interlaced sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000335
name PNG language LANG_CHINESE offset 0x0052ea28 filetype PNG image data, 36 x 36, 8-bit colormap, non-interlaced sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000335
name PNG language LANG_CHINESE offset 0x0052ea28 filetype PNG image data, 36 x 36, 8-bit colormap, non-interlaced sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000335
name PNG language LANG_CHINESE offset 0x0052ea28 filetype PNG image data, 36 x 36, 8-bit colormap, non-interlaced sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000335
name PNG language LANG_CHINESE offset 0x0052ea28 filetype PNG image data, 36 x 36, 8-bit colormap, non-interlaced sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000335
name PNG language LANG_CHINESE offset 0x0052ea28 filetype PNG image data, 36 x 36, 8-bit colormap, non-interlaced sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000335
name PNG language LANG_CHINESE offset 0x0052ea28 filetype PNG image data, 36 x 36, 8-bit colormap, non-interlaced sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000335
name PNG language LANG_CHINESE offset 0x0052ea28 filetype PNG image data, 36 x 36, 8-bit colormap, non-interlaced sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000335
name PNG language LANG_CHINESE offset 0x0052ea28 filetype PNG image data, 36 x 36, 8-bit colormap, non-interlaced sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000335
name PNG language LANG_CHINESE offset 0x0052ea28 filetype PNG image data, 36 x 36, 8-bit colormap, non-interlaced sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000335
name PNG language LANG_CHINESE offset 0x0052ea28 filetype PNG image data, 36 x 36, 8-bit colormap, non-interlaced sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000335
name PNG language LANG_CHINESE offset 0x0052ea28 filetype PNG image data, 36 x 36, 8-bit colormap, non-interlaced sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000335
Searches running processes potentially to identify processes for sandbox evasion, code injection or memory dumping (1 个事件)
File has been identified by one AntiVirus engine on VirusTotal as malicious (1 个事件)
ESET-NOD32 a variant of Win32/2345.H potentially unwanted
Checks adapter addresses which can be used to detect virtual network interfaces (1 个事件)
Time & API Arguments Status Return Repeated
1619347976.925876
GetAdaptersAddresses
flags: 0
family: 0
failed 111 0
Queries for potentially installed applications (43 个事件)
Time & API Arguments Status Return Repeated
1619347970.175876
RegOpenKeyExW
access: 0x00020019
base_handle: 0x80000002
key_handle: 0x00000000
regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\2345Explorer
regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\2345Explorer
options: 0
failed 2 0
1619347970.175876
RegOpenKeyExW
access: 0x00020119
base_handle: 0x80000002
key_handle: 0x00000000
regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\2345Explorer
regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\2345Explorer
options: 0
failed 2 0
1619347970.175876
RegOpenKeyExW
access: 0x00020019
base_handle: 0x80000001
key_handle: 0x00000000
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\2345Explorer
regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\2345Explorer
options: 0
failed 2 0
1619347970.175876
RegOpenKeyExW
access: 0x00020019
base_handle: 0x80000002
key_handle: 0x00000000
regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\2345PCSafe
regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\2345PCSafe
options: 0
failed 2 0
1619347970.175876
RegOpenKeyExW
access: 0x00020119
base_handle: 0x80000002
key_handle: 0x00000000
regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\2345PCSafe
regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\2345PCSafe
options: 0
failed 2 0
1619347970.175876
RegOpenKeyExW
access: 0x00020019
base_handle: 0x80000001
key_handle: 0x00000000
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\2345PCSafe
regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\2345PCSafe
options: 0
failed 2 0
1619347970.175876
RegOpenKeyExW
access: 0x00020019
base_handle: 0x80000002
key_handle: 0x00000000
regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\2345Pic
regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\2345Pic
options: 0
failed 2 0
1619347970.175876
RegOpenKeyExW
access: 0x00020119
base_handle: 0x80000002
key_handle: 0x00000000
regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\2345Pic
regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\2345Pic
options: 0
failed 2 0
1619347970.175876
RegOpenKeyExW
access: 0x00020019
base_handle: 0x80000001
key_handle: 0x00000000
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\2345Pic
regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\2345Pic
options: 0
failed 2 0
1619347970.175876
RegOpenKeyExW
access: 0x00020019
base_handle: 0x80000002
key_handle: 0x00000000
regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\HaoZip
regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\HaoZip
options: 0
failed 2 0
1619347970.175876
RegOpenKeyExW
access: 0x00020119
base_handle: 0x80000002
key_handle: 0x00000000
regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\HaoZip
regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\HaoZip
options: 0
failed 2 0
1619347970.175876
RegOpenKeyExW
access: 0x00020019
base_handle: 0x80000001
key_handle: 0x00000000
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\HaoZip
regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\HaoZip
options: 0
failed 2 0
1619347970.190876
RegOpenKeyExW
access: 0x00020019
base_handle: 0x80000002
key_handle: 0x00000000
regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\360安全卫士
regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\360安全卫士
options: 0
failed 2 0
1619347970.190876
RegOpenKeyExW
access: 0x00020119
base_handle: 0x80000002
key_handle: 0x00000000
regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\360安全卫士
regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\360安全卫士
options: 0
failed 2 0
1619347970.190876
RegOpenKeyExW
access: 0x00020019
base_handle: 0x80000001
key_handle: 0x00000000
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\360安全卫士
regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\360安全卫士
options: 0
failed 2 0
1619347970.190876
RegOpenKeyExW
access: 0x00020019
base_handle: 0x80000002
key_handle: 0x00000000
regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\360se6
regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\360se6
options: 0
failed 2 0
1619347970.190876
RegOpenKeyExW
access: 0x00020119
base_handle: 0x80000002
key_handle: 0x00000000
regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\360se6
regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\360se6
options: 0
failed 2 0
1619347970.190876
RegOpenKeyExW
access: 0x00020019
base_handle: 0x80000001
key_handle: 0x00000000
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\360se6
regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\360se6
options: 0
failed 2 0
1619347970.190876
RegOpenKeyExW
access: 0x00020019
base_handle: 0x80000002
key_handle: 0x00000000
regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\360Chrome
regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\360Chrome
options: 0
failed 2 0
1619347970.190876
RegOpenKeyExW
access: 0x00020119
base_handle: 0x80000002
key_handle: 0x00000000
regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\360Chrome
regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\360Chrome
options: 0
failed 2 0
1619347970.190876
RegOpenKeyExW
access: 0x00020019
base_handle: 0x80000001
key_handle: 0x00000000
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\360Chrome
regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\360Chrome
options: 0
failed 2 0
1619347970.190876
RegOpenKeyExW
access: 0x00020019
base_handle: 0x80000002
key_handle: 0x00000000
regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\QQBrowser
regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\QQBrowser
options: 0
failed 2 0
1619347970.190876
RegOpenKeyExW
access: 0x00020119
base_handle: 0x80000002
key_handle: 0x00000000
regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\QQBrowser
regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\QQBrowser
options: 0
failed 2 0
1619347970.190876
RegOpenKeyExW
access: 0x00020019
base_handle: 0x80000001
key_handle: 0x00000000
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\QQBrowser
regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\QQBrowser
options: 0
failed 2 0
1619347970.190876
RegOpenKeyExW
access: 0x00020019
base_handle: 0x80000002
key_handle: 0x00000000
regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Kingsoft Internet Security
regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\Kingsoft Internet Security
options: 0
failed 2 0
1619347970.190876
RegOpenKeyExW
access: 0x00020119
base_handle: 0x80000002
key_handle: 0x00000000
regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Kingsoft Internet Security
regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\Kingsoft Internet Security
options: 0
failed 2 0
1619347970.190876
RegOpenKeyExW
access: 0x00020019
base_handle: 0x80000001
key_handle: 0x00000000
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Kingsoft Internet Security
regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\Kingsoft Internet Security
options: 0
failed 2 0
1619347970.190876
RegOpenKeyExW
access: 0x00020019
base_handle: 0x80000002
key_handle: 0x00000000
regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\liebao
regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\liebao
options: 0
failed 2 0
1619347970.190876
RegOpenKeyExW
access: 0x00020119
base_handle: 0x80000002
key_handle: 0x00000000
regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\liebao
regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\liebao
options: 0
failed 2 0
1619347970.190876
RegOpenKeyExW
access: 0x00020019
base_handle: 0x80000001
key_handle: 0x00000000
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\liebao
regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\liebao
options: 0
failed 2 0
1619347970.190876
RegOpenKeyExW
access: 0x00020019
base_handle: 0x80000002
key_handle: 0x000002c8
regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome
regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome
options: 0
success 0 0
1619347970.190876
RegOpenKeyExW
access: 0x00020019
base_handle: 0x80000002
key_handle: 0x00000000
regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\SogouExplorer
regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\SogouExplorer
options: 0
failed 2 0
1619347970.190876
RegOpenKeyExW
access: 0x00020119
base_handle: 0x80000002
key_handle: 0x00000000
regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\SogouExplorer
regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\SogouExplorer
options: 0
failed 2 0
1619347970.190876
RegOpenKeyExW
access: 0x00020019
base_handle: 0x80000001
key_handle: 0x00000000
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\SogouExplorer
regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\SogouExplorer
options: 0
failed 2 0
1619347970.190876
RegOpenKeyExW
access: 0x00020019
base_handle: 0x80000002
key_handle: 0x00000000
regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\百度浏览器
regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\百度浏览器
options: 0
failed 2 0
1619347970.190876
RegOpenKeyExW
access: 0x00020119
base_handle: 0x80000002
key_handle: 0x00000000
regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\百度浏览器
regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\百度浏览器
options: 0
failed 2 0
1619347970.190876
RegOpenKeyExW
access: 0x00020019
base_handle: 0x80000001
key_handle: 0x00000000
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\百度浏览器
regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\百度浏览器
options: 0
failed 2 0
1619347970.190876
RegOpenKeyExW
access: 0x00020019
base_handle: 0x80000002
key_handle: 0x00000000
regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Maxthon5
regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\Maxthon5
options: 0
failed 2 0
1619347970.190876
RegOpenKeyExW
access: 0x00020119
base_handle: 0x80000002
key_handle: 0x00000000
regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Maxthon5
regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\Maxthon5
options: 0
failed 2 0
1619347970.190876
RegOpenKeyExW
access: 0x00020019
base_handle: 0x80000001
key_handle: 0x00000000
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Maxthon5
regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\Maxthon5
options: 0
failed 2 0
1619347970.190876
RegOpenKeyExW
access: 0x00020019
base_handle: 0x80000002
key_handle: 0x00000000
regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\UCBrowser
regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\UCBrowser
options: 0
failed 2 0
1619347970.206876
RegOpenKeyExW
access: 0x00020119
base_handle: 0x80000002
key_handle: 0x00000000
regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\UCBrowser
regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\UCBrowser
options: 0
failed 2 0
1619347970.206876
RegOpenKeyExW
access: 0x00020019
base_handle: 0x80000001
key_handle: 0x00000000
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\UCBrowser
regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\UCBrowser
options: 0
failed 2 0
网络通信
Communicates with host for which no DNS query was performed (1 个事件)
host 172.217.24.14
Sets or modifies WPAD proxy autoconfiguration file for traffic interception (15 个事件)
Time & API Arguments Status Return Repeated
1619347979.518876
RegSetValueExA
key_handle: 0x000004dc
value: 1
regkey_r: WpadDecisionReason
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionReason
success 0 0
1619347979.518876
RegSetValueExA
key_handle: 0x000004dc
value: ðï8å€9×
regkey_r: WpadDecisionTime
reg_type: 3 (REG_BINARY)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionTime
success 0 0
1619347979.518876
RegSetValueExA
key_handle: 0x000004dc
value: 3
regkey_r: WpadDecision
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecision
success 0 0
1619347979.518876
RegSetValueExW
key_handle: 0x000004dc
value: 网络 2
regkey_r: WpadNetworkName
reg_type: 1 (REG_SZ)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadNetworkName
success 0 0
1619347979.518876
RegSetValueExA
key_handle: 0x000004f4
value: 1
regkey_r: WpadDecisionReason
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionReason
success 0 0
1619347979.518876
RegSetValueExA
key_handle: 0x000004f4
value: ðï8å€9×
regkey_r: WpadDecisionTime
reg_type: 3 (REG_BINARY)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionTime
success 0 0
1619347979.518876
RegSetValueExA
key_handle: 0x000004f4
value: 3
regkey_r: WpadDecision
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecision
success 0 0
1619347979.565876
RegSetValueExW
key_handle: 0x000004d8
value: {40112ABE-63B3-43C3-BE93-1440EE3AF106}
regkey_r: WpadLastNetwork
reg_type: 1 (REG_SZ)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\WpadLastNetwork
success 0 0
1619347979.815876
RegSetValueExA
key_handle: 0x00000544
value: 1
regkey_r: WpadDecisionReason
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionReason
success 0 0
1619347979.831876
RegSetValueExA
key_handle: 0x00000544
value: €²hå€9×
regkey_r: WpadDecisionTime
reg_type: 3 (REG_BINARY)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionTime
success 0 0
1619347979.831876
RegSetValueExA
key_handle: 0x00000544
value: 0
regkey_r: WpadDecision
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecision
success 0 0
1619347979.831876
RegSetValueExW
key_handle: 0x00000544
value: 网络 2
regkey_r: WpadNetworkName
reg_type: 1 (REG_SZ)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadNetworkName
success 0 0
1619347979.831876
RegSetValueExA
key_handle: 0x000002e4
value: 1
regkey_r: WpadDecisionReason
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionReason
success 0 0
1619347979.831876
RegSetValueExA
key_handle: 0x000002e4
value: €²hå€9×
regkey_r: WpadDecisionTime
reg_type: 3 (REG_BINARY)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionTime
success 0 0
1619347979.831876
RegSetValueExA
key_handle: 0x000002e4
value: 0
regkey_r: WpadDecision
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecision
success 0 0
Zeus P2P (Banking Trojan) (17 个事件)
mutex {47FF0D24-E0A5-4163-8546-DE7217D2F141}.config.dat
mutex {47FF0D24-E0A5-4163-8546-DE7217D2F141}.update.dat
mutex {7B535508-6E14-4FD3-B69F-C47A5A353F0B}
mutex {47FF0D24-E0A5-4163-8546-DE7217D2F141}.face.dat
mutex download.manager.{D3F6DF32-4299-4ce9-A7B2-7A13C7EC0676}.mutex.db.check
mutex {F2DBAF63-7109-4E93-9EB1-C587E1452FA9}.downloaddictionarytaskcache.dat
udp {'src': '192.168.56.101', 'dst': '224.0.0.252', 'offset': 27729, 'time': 7.078385829925537, 'dport': 5355, 'sport': 49235}
udp {'src': '192.168.56.101', 'dst': '224.0.0.252', 'offset': 28057, 'time': 17.62074899673462, 'dport': 5355, 'sport': 51808}
udp {'src': '192.168.56.101', 'dst': '224.0.0.252', 'offset': 28377, 'time': 4.20322585105896, 'dport': 5355, 'sport': 56804}
udp {'src': '192.168.56.101', 'dst': '224.0.0.252', 'offset': 28713, 'time': 6.461472988128662, 'dport': 5355, 'sport': 60123}
udp {'src': '192.168.56.101', 'dst': '224.0.0.252', 'offset': 29049, 'time': 4.5730979442596436, 'dport': 5355, 'sport': 62191}
udp {'src': '192.168.56.101', 'dst': '239.255.255.250', 'offset': 29377, 'time': 4.310834884643555, 'dport': 1900, 'sport': 1900}
udp {'src': '192.168.56.101', 'dst': '239.255.255.250', 'offset': 48787, 'time': 9.849740028381348, 'dport': 3702, 'sport': 50535}
udp {'src': '192.168.56.101', 'dst': '239.255.255.250', 'offset': 51643, 'time': 10.429255962371826, 'dport': 3702, 'sport': 50537}
udp {'src': '192.168.56.101', 'dst': '239.255.255.250', 'offset': 54371, 'time': 5.560164928436279, 'dport': 3702, 'sport': 56540}
udp {'src': '192.168.56.101', 'dst': '239.255.255.250', 'offset': 57099, 'time': 6.46600604057312, 'dport': 1900, 'sport': 56807}
udp {'src': '192.168.56.101', 'dst': '239.255.255.250', 'offset': 61229, 'time': 4.26877498626709, 'dport': 3702, 'sport': 58707}
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

2020-07-29 14:07:27

Imports

Library dbghelp.dll:
0x7f9744 MiniDumpWriteDump
Library SHLWAPI.dll:
0x7f94ec StrDupW
0x7f94f0 PathAppendW
0x7f94f4
0x7f94f8 StrToIntA
0x7f94fc PathFindFileNameW
Library MSIMG32.dll:
0x7f9494 AlphaBlend
Library COMCTL32.dll:
0x7f9058 _TrackMouseEvent
0x7f9068 ImageList_GetIcon
0x7f906c ImageList_Destroy
0x7f9070 ImageList_Create
Library IMM32.dll:
0x7f9108 ImmDisableIME
0x7f910c ImmNotifyIME
0x7f911c ImmReleaseContext
0x7f9120 ImmGetContext
Library VERSION.dll:
0x7f972c VerQueryValueW
0x7f9730 GetFileVersionInfoW
Library KERNEL32.dll:
0x7f9130 CreateMutexW
0x7f9138 FindClose
0x7f913c WaitForSingleObject
0x7f9140 GetFileAttributesW
0x7f9144 GetVersionExW
0x7f9148 UnmapViewOfFile
0x7f914c HeapValidate
0x7f9150 HeapSize
0x7f9154 GetTempPathA
0x7f9158 FormatMessageW
0x7f915c GetDiskFreeSpaceA
0x7f9160 GetFileAttributesA
0x7f9168 OutputDebugStringW
0x7f916c FlushViewOfFile
0x7f9170 CreateFileA
0x7f9174 LoadLibraryA
0x7f917c GetVersionExA
0x7f9180 DeleteFileA
0x7f9184 HeapReAlloc
0x7f9188 GetSystemInfo
0x7f918c LoadLibraryW
0x7f9190 HeapAlloc
0x7f9194 HeapCompact
0x7f9198 HeapDestroy
0x7f919c UnlockFile
0x7f91a0 CreateFileMappingA
0x7f91a4 LockFileEx
0x7f91a8 GetFileSize
0x7f91ac GetProcessHeap
0x7f91b4 WideCharToMultiByte
0x7f91bc GetSystemTime
0x7f91c0 FormatMessageA
0x7f91c4 CreateFileMappingW
0x7f91c8 MapViewOfFile
0x7f91d0 FlushFileBuffers
0x7f91dc lstrlenW
0x7f91e0 CreateProcessW
0x7f91e4 SetFileAttributesW
0x7f91e8 MoveFileExW
0x7f91ec LockResource
0x7f91f0 GlobalFree
0x7f91f4 lstrcpyW
0x7f91f8 GetLocalTime
0x7f91fc LCMapStringW
0x7f9200 GetStartupInfoW
0x7f9204 OpenProcess
0x7f9208 OpenFileMappingW
0x7f920c OpenMutexW
0x7f9210 VirtualQuery
0x7f9214 CreateEventW
0x7f9218 SetEvent
0x7f921c ResetEvent
0x7f9224 OpenEventW
0x7f9234 GetCurrentProcess
0x7f9238 LocalAlloc
0x7f923c DeviceIoControl
0x7f9240 GetTempFileNameW
0x7f9244 RemoveDirectoryW
0x7f9248 FindNextFileW
0x7f924c DuplicateHandle
0x7f9250 GetFileType
0x7f9254 CreateDirectoryW
0x7f9260 ExitProcess
0x7f9264 ReleaseMutex
0x7f9268 GetACP
0x7f926c lstrcatW
0x7f9270 GetDriveTypeW
0x7f9274 ResumeThread
0x7f9278 GetLongPathNameW
0x7f927c GetTempPathW
0x7f9280 GetFileTime
0x7f9288 SetEndOfFile
0x7f9298 MoveFileW
0x7f929c SwitchToThread
0x7f92a0 GetFileSizeEx
0x7f92a8 LoadResource
0x7f92ac WriteConsoleW
0x7f92bc GetCommandLineW
0x7f92c0 GetCommandLineA
0x7f92c4 GetOEMCP
0x7f92c8 IsValidCodePage
0x7f92cc GetConsoleCP
0x7f92d0 SetStdHandle
0x7f92d4 SetFilePointerEx
0x7f92d8 ReadConsoleW
0x7f92dc GetConsoleMode
0x7f92e0 EnumSystemLocalesW
0x7f92e4 GetUserDefaultLCID
0x7f92e8 IsValidLocale
0x7f92f0 GetStdHandle
0x7f92f4 PeekNamedPipe
0x7f92f8 FindFirstFileExW
0x7f9300 ExitThread
0x7f9304 RtlUnwind
0x7f9308 OpenThread
0x7f930c SetThreadContext
0x7f9310 GetThreadContext
0x7f9318 SuspendThread
0x7f931c Thread32First
0x7f9320 Thread32Next
0x7f9324 TerminateProcess
0x7f9330 LoadLibraryExA
0x7f9334 VirtualFree
0x7f9338 VirtualAlloc
0x7f9348 InitializeSListHead
0x7f934c IsDebuggerPresent
0x7f9350 MapViewOfFileEx
0x7f9358 GetModuleHandleExW
0x7f935c VirtualProtect
0x7f9360 CreateThread
0x7f9368 GetModuleHandleA
0x7f936c FreeResource
0x7f9374 SetWaitableTimer
0x7f9378 GetLocaleInfoW
0x7f937c CompareStringW
0x7f9380 TlsFree
0x7f9384 TlsSetValue
0x7f9388 TlsGetValue
0x7f938c TlsAlloc
0x7f9390 GetCPInfo
0x7f9394 EncodePointer
0x7f9398 GetStringTypeW
0x7f939c GetFullPathNameA
0x7f93a0 SetFilePointer
0x7f93a8 LockFile
0x7f93ac SetFileTime
0x7f93b0 OutputDebugStringA
0x7f93b4 QueryDosDeviceW
0x7f93b8 UnlockFileEx
0x7f93bc FindResourceW
0x7f93c0 DecodePointer
0x7f93c4 GetDiskFreeSpaceW
0x7f93cc GetProcAddress
0x7f93d4 GetModuleHandleW
0x7f93d8 FreeLibrary
0x7f93e0 lstrcmpiW
0x7f93e4 LoadLibraryExW
0x7f93e8 LocalFree
0x7f93ec GetCurrentProcessId
0x7f93f4 Sleep
0x7f93f8 SetErrorMode
0x7f93fc SizeofResource
0x7f9404 SetLastError
0x7f9408 GetFullPathNameW
0x7f940c GetCurrentThreadId
0x7f9414 GetModuleFileNameW
0x7f9420 MultiByteToWideChar
0x7f9424 GetLastError
0x7f9428 HeapFree
0x7f942c HeapCreate
0x7f9430 FindFirstFileW
0x7f9438 AreFileApisANSI
0x7f943c ConnectNamedPipe
0x7f9440 CreateNamedPipeW
0x7f9444 CancelIo
0x7f9448 ReadFile
0x7f9458 InterlockedExchange
0x7f9460 CloseHandle
0x7f9464 CreateFileW
0x7f9468 WriteFile
0x7f946c CopyFileW
0x7f9470 DeleteFileW
0x7f9474 GetTickCount
0x7f9478 MulDiv
0x7f947c lstrcmpW
0x7f9480 GlobalUnlock
0x7f9484 GlobalLock
0x7f9488 GlobalAlloc
0x7f948c RaiseException
Library USER32.dll:
0x7f9508 GetLastActivePopup
0x7f950c RemovePropW
0x7f9510 SetPropW
0x7f9514 GetIconInfo
0x7f9518 EmptyClipboard
0x7f951c SetClipboardData
0x7f9520 EnumThreadWindows
0x7f9524 WindowFromPoint
0x7f9528 AttachThreadInput
0x7f952c GetForegroundWindow
0x7f9530 IsIconic
0x7f9534 DrawIconEx
0x7f9538 DrawTextW
0x7f953c LoadImageW
0x7f9540 CopyRect
0x7f9544 SetRect
0x7f9548 GetAsyncKeyState
0x7f954c DialogBoxParamW
0x7f9550 TrackMouseEvent
0x7f9554 LoadStringW
0x7f9558 UpdateLayeredWindow
0x7f955c UnregisterHotKey
0x7f9560 RegisterHotKey
0x7f9564 GetAncestor
0x7f9568 GetKeyboardState
0x7f956c GetCaretBlinkTime
0x7f9570 ToAscii
0x7f9574 LoadBitmapW
0x7f9578 SetCaretPos
0x7f957c GetClassLongW
0x7f9580 SetRectEmpty
0x7f9588 AdjustWindowRectEx
0x7f958c ShowWindowAsync
0x7f9590 ValidateRect
0x7f9598 SetParent
0x7f959c GetMessageW
0x7f95a0 DispatchMessageW
0x7f95a4 PeekMessageW
0x7f95a8 TranslateMessage
0x7f95ac PostQuitMessage
0x7f95b0 UnionRect
0x7f95b4 EqualRect
0x7f95b8 EnumChildWindows
0x7f95bc IntersectRect
0x7f95c0 GetWindowDC
0x7f95c4 IsZoomed
0x7f95c8 GetDCEx
0x7f95cc IsRectEmpty
0x7f95d0 CharNextW
0x7f95d4 UnregisterClassW
0x7f95d8 MessageBoxW
0x7f95dc SetForegroundWindow
0x7f95e0 GetParent
0x7f95e4 SetWindowLongW
0x7f95e8 LoadIconW
0x7f95ec SendMessageW
0x7f95f0 GetFocus
0x7f95f4 PostMessageW
0x7f95f8 CallWindowProcW
0x7f95fc DefWindowProcW
0x7f9600 GetWindowLongW
0x7f9604 ShowWindow
0x7f9608 GetSystemMetrics
0x7f960c SetWindowPos
0x7f9610 IsWindowVisible
0x7f9614 GetWindowRect
0x7f9618 FindWindowExW
0x7f961c FindWindowW
0x7f9620 GetDesktopWindow
0x7f9624 GetWindowTextW
0x7f9628 EndPaint
0x7f962c BeginPaint
0x7f9630 ReleaseDC
0x7f9634 InvalidateRect
0x7f9638 ReleaseCapture
0x7f9640 GetClassInfoExW
0x7f9644 GetDlgItem
0x7f9648 GetClientRect
0x7f964c SetCapture
0x7f9650 GetClassNameW
0x7f9654 LoadCursorW
0x7f9658 SetFocus
0x7f9660 MoveWindow
0x7f9664 GetSysColor
0x7f9668 IsChild
0x7f9670 ClientToScreen
0x7f9674 RedrawWindow
0x7f9678 InvalidateRgn
0x7f967c IsWindow
0x7f9680 RegisterClassExW
0x7f9684 SetWindowTextW
0x7f9688 ScreenToClient
0x7f968c GetKeyState
0x7f9690 OpenClipboard
0x7f9694 CloseClipboard
0x7f9698 DestroyWindow
0x7f969c GetPropW
0x7f96a4 CreateWindowExW
0x7f96a8 FillRect
0x7f96ac LoadKeyboardLayoutW
0x7f96b0 VkKeyScanW
0x7f96b4 EnableWindow
0x7f96b8 MonitorFromPoint
0x7f96bc GetClipboardData
0x7f96c4 GetActiveWindow
0x7f96c8 MonitorFromWindow
0x7f96cc SetWindowRgn
0x7f96d0 EndDialog
0x7f96d4 OffsetRect
0x7f96d8 GetMonitorInfoW
0x7f96dc MapWindowPoints
0x7f96e0 PtInRect
0x7f96e4 MapVirtualKeyW
0x7f96e8 DestroyIcon
0x7f96ec SetCursorPos
0x7f96f0 SetScrollInfo
0x7f96f4 ShowScrollBar
0x7f96f8 GetScrollInfo
0x7f96fc GetScrollPos
0x7f9700 SetTimer
0x7f9704 SetCursor
0x7f9708 KillTimer
0x7f970c SetScrollPos
0x7f9710 UpdateWindow
0x7f9714 GetCursorPos
0x7f9720 GetWindow
0x7f9724 GetDC
Library GDI32.dll:
0x7f9084 PtInRegion
0x7f9088 CreateDCW
0x7f9090 CreatePolygonRgn
0x7f9094 GetRgnBox
0x7f9098 CreateRoundRectRgn
0x7f909c GetClipBox
0x7f90a0 GetDIBits
0x7f90a4 EnumFontsW
0x7f90a8 EnumFontFamiliesW
0x7f90ac GetTextMetricsW
0x7f90b0 CreateFontIndirectW
0x7f90b4 SetGraphicsMode
0x7f90b8 GetBitmapBits
0x7f90bc SetTextColor
0x7f90c0 SetBkMode
0x7f90c4 SetWorldTransform
0x7f90c8 CreateDIBSection
0x7f90cc SetBkColor
0x7f90d0 ExtTextOutW
0x7f90d4 EnumFontFamiliesExW
0x7f90d8 SetViewportOrgEx
0x7f90dc BitBlt
0x7f90e4 SelectObject
0x7f90e8 CreateCompatibleDC
0x7f90ec GetStockObject
0x7f90f0 GetDeviceCaps
0x7f90f4 GetObjectW
0x7f90f8 DeleteObject
0x7f90fc CreateSolidBrush
0x7f9100 DeleteDC
Library COMDLG32.dll:
0x7f9078 GetOpenFileNameW
0x7f907c GetSaveFileNameW
Library ADVAPI32.dll:
0x7f9000 RegDeleteValueW
0x7f9004 RegOpenKeyExW
0x7f9008 RegSetValueExW
0x7f900c RegEnumKeyExW
0x7f9010 RegCreateKeyExW
0x7f9014 RegDeleteKeyW
0x7f9018 RegQueryInfoKeyW
0x7f901c RegCloseKey
0x7f9024 SystemFunction036
0x7f9028 RegQueryValueExW
0x7f902c RegEnumValueW
0x7f9030 LookupAccountNameW
0x7f9034 GetFileSecurityW
0x7f9040 SetEntriesInAclW
0x7f9044 EqualSid
0x7f9048 GetAce
0x7f904c GetAclInformation
Library SHELL32.dll:
0x7f94d4 DragFinish
0x7f94d8 ExtractIconExW
0x7f94e0 SHGetFolderPathW
0x7f94e4 DragQueryFileW
Library ole32.dll:
0x7f9944 CoTaskMemAlloc
0x7f9948 CoTaskMemFree
0x7f994c CoTaskMemRealloc
0x7f9950 CoGetClassObject
0x7f9954 OleLockRunning
0x7f9958 CLSIDFromString
0x7f995c OleInitialize
0x7f9964 CLSIDFromProgID
0x7f9968 StringFromGUID2
0x7f996c OleUninitialize
0x7f9970 CoCreateInstance
Library OLEAUT32.dll:
0x7f949c SysFreeString
0x7f94a0 VariantClear
0x7f94a4 SysAllocStringLen
0x7f94a8 SysStringLen
0x7f94ac DispCallFunc
0x7f94b0 VarUI4FromStr
0x7f94b8 LoadTypeLib
0x7f94bc VariantInit
0x7f94c0 LoadRegTypeLib
0x7f94c4 SysAllocString
Library urlmon.dll:
Library gdiplus.dll:
0x7f974c GdipAddPathBezierI
0x7f9750 GdipAddPathLineI
0x7f9768 GdipGetFamily
0x7f9770 GdipAddPathString
0x7f9778 GdipGetEmHeight
0x7f977c GdipSaveGraphics
0x7f9788 GdipSetLineWrapMode
0x7f978c GdipGetLineSpacing
0x7f9790 GdipCreateMatrix2
0x7f9798 GdipDeletePath
0x7f97a0 GdipCreateMatrix
0x7f97a8 GdipEndContainer
0x7f97ac GdipCreatePath
0x7f97b8 GdipGetCellDescent
0x7f97bc GdipCloneBitmapArea
0x7f97c0 GdipGetFontStyle
0x7f97c4 GdipTransformRegion
0x7f97c8 GdipFillPath
0x7f97d4 GdipSetPenDashStyle
0x7f97d8 GdipDrawLine
0x7f97dc GdipDrawRectangle
0x7f97e8 GdipSetClipRectI
0x7f97ec GdipClosePathFigure
0x7f97f4 GdipDrawArcI
0x7f97fc GdipSetClipRegion
0x7f9800 GdipDrawPath
0x7f9808 GdipGetClipBoundsI
0x7f980c GdipFillEllipse
0x7f9810 GdipBeginContainer2
0x7f9814 GdipCreateTexture
0x7f9828 GdipGetCellAscent
0x7f9834 GdipRestoreGraphics
0x7f9838 GdipAddPathEllipseI
0x7f983c
0x7f9840 GdipGetFontSize
0x7f984c GdipDeleteMatrix
0x7f9850 GdipGetFamilyName
0x7f9854 GdipCloneRegion
0x7f9864 GdipGetPropertyItem
0x7f9880 GdipBitmapLockBits
0x7f98a0 GdipCloneImage
0x7f98a4 GdipDisposeImage
0x7f98b0 GdipGraphicsClear
0x7f98bc GdipDrawImageI
0x7f98c4 GdipGetImageHeight
0x7f98c8 GdipDrawRectangleI
0x7f98d0 GdipDeleteBrush
0x7f98d4 GdipAlloc
0x7f98d8 GdipCreateFont
0x7f98dc GdipCreateSolidFill
0x7f98e4 GdipFree
0x7f98e8 GdipDrawString
0x7f98ec GdipCreateFromHDC
0x7f98f0 GdipCloneBrush
0x7f98f4 GdipMeasureString
0x7f98f8 GdipFillRectangleI
0x7f98fc GdipDeleteGraphics
0x7f9900 GdipDeleteFont
0x7f9904 GdipGetImageWidth
0x7f9908 GdipDeletePen
0x7f990c GdipCreatePen1
0x7f9914 GdiplusStartup
0x7f9918 GdiplusShutdown
0x7f991c GdipAddPathArcI
0x7f9928 GdipGetBrushType
0x7f993c GdipDeleteRegion
Library IPHLPAPI.DLL:
Library WINMM.dll:
0x7f973c timeGetTime
Library PSAPI.DLL:
0x7f94cc GetMappedFileNameW

Exports

Ordinal Address Name
1 0x5daa90 sqlite3_carray_init
2 0x5d7aa0 sqlite3_csv_init
3 0x5dc250 sqlite3_fileio_init
4 0x5dc870 sqlite3_series_init
5 0x5da460 sqlite3_shathree_init
6 0x5dcba0 sqlite3_uuid_init

Hosts

No hosts contacted.

TCP

Source Source Port Destination Destination Port
192.168.56.101 49182 124.225.167.229 download.2345.com 80
192.168.56.101 49181 180.163.196.56 update.pinyin.2345.com 80

UDP

Source Source Port Destination Destination Port
192.168.56.101 50534 114.114.114.114 53
192.168.56.101 51378 114.114.114.114 53
192.168.56.101 51963 114.114.114.114 53
192.168.56.101 53657 114.114.114.114 53
192.168.56.101 56539 114.114.114.114 53
192.168.56.101 65004 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 49235 224.0.0.252 5355
192.168.56.101 51808 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 60123 224.0.0.252 5355
192.168.56.101 62191 224.0.0.252 5355
192.168.56.101 1900 239.255.255.250 1900
192.168.56.101 50535 239.255.255.250 3702
192.168.56.101 50537 239.255.255.250 3702
192.168.56.101 56540 239.255.255.250 3702
192.168.56.101 56807 239.255.255.250 1900
192.168.56.101 58707 239.255.255.250 3702

HTTP & HTTPS Requests

URI Data
http://download.2345.com/pinyin/dict/category/category.xml 
GET /pinyin/dict/category/category.xml HTTP/1.1
Accept: */*
Host: download.2345.com
Connection: Keep-Alive
Cache-Control: no-cache
http://update.pinyin.2345.com/cloud_config_new.php 
POST /cloud_config_new.php HTTP/1.1
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Host: update.pinyin.2345.com
Content-Length: 1833
Cache-Control: no-cache

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.