SmartHawk

2.2

中危

58 个模型检测该样本为恶意！

重新分析

下载样本

dbd1cc366bf316e5e198f3f76db406e5f56b554af5869f0f90a77acad22ff801

39c511cc1465c0ac1d55406497cbc325.exe

分析耗时

84s

最近分析

文件大小

2.0MB

静态报毒动态报毒 7H+5GKSFVYQ @N0@AOLUAVEI AI SCORE=82 AS@8RFF2F BANKERX CLASSIC CONFIDENCE DRIDEX ELDORADO ENCPK FTMKK GENCIRC GENETIC HDMT HIGH CONFIDENCE HJZNVB INJECT3 KRYPTIK MALICIOUS PE MINT PINKSBOT QAKBOT QBOT QVM20 R + MAL R335416 REGOTET SCORE STATIC AI TROJANBANKER UNSAFE ZEXAF ZUSY 更多

未检测暂无鹰眼引擎检测结果

查杀引擎	查杀结果	查杀时间	查杀版本
Alibaba	TrojanBanker:Win32/BankerX.5cd5f380	20190527	0.3.0.5
Baidu		20190318	1.0.0.2
Avast	Win32:BankerX-gen [Trj]	20201210	21.1.5827.0
Kingsoft		20201211	2017.9.26.565
McAfee	W32/PinkSbot-GN!39C511CC1465	20201211	6.0.6.653
Tencent	Malware.Win32.Gencirc.10ba2479	20201211	1.0.0.1
CrowdStrike	win/malicious_confidence_90% (W)	20190702	1.0

Queries for the computername (1 个事件)

Time & API	Arguments	Status	Return	Repeated
1619345075.230343 GetComputerNameW	computer_name: OSKAR-PC	success	1	0

Allocates read-write-execute memory (usually to unpack itself) (4 个事件)

Time & API	Arguments	Status
1619345031.542343 NtAllocateVirtualMemory	process_identifier: 2996 region_size: 225280 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) base_address: 0x00920000	success
1619345075.136343 NtAllocateVirtualMemory	process_identifier: 2996 region_size: 221184 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) base_address: 0x009b0000	success
1619345075.136343 NtProtectVirtualMemory	process_identifier: 2996 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 237568 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff base_address: 0x00400000	success
1619356056.446751 NtAllocateVirtualMemory	process_identifier: 1812 region_size: 225280 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) base_address: 0x00610000	success

A process created a hidden window (1 个事件)

Time & API	Arguments	Status	Return	Repeated
1619345075.917343 CreateProcessInternalW	thread_identifier: 1060 thread_handle: 0x00000154 process_identifier: 1812 current_directory: filepath: track: 1 command_line: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\39c511cc1465c0ac1d55406497cbc325.exe /C filepath_r: stack_pivoted: 0 creation_flags: 134217728 (CREATE_NO_WINDOW) process_handle: 0x00000158 inherit_handles: 0	success	1	0

File has been identified by 58 AntiVirus engines on VirusTotal as malicious (50 out of 58 个事件)

Elastic	malicious (high confidence)
MicroWorld-eScan	Gen:Heur.Mint.Regotet.1
FireEye	Generic.mg.39c511cc1465c0ac
ALYac	Gen:Heur.Mint.Regotet.1
Cylance	Unsafe
Zillya	Trojan.Qbot.Win32.8144
AegisLab	Trojan.Win32.Malicious.4!c
Sangfor	Malware
K7AntiVirus	Backdoor ( 00546c1a1 )
Alibaba	TrojanBanker:Win32/BankerX.5cd5f380
K7GW	Backdoor ( 00546c1a1 )
Cybereason	malicious.e90ce9
Arcabit	Trojan.Mint.Regotet.1
BitDefenderTheta	Gen:NN.ZexaF.34670.@n0@aOluAvei
Cyren	W32/Trojan.FAB.gen!Eldorado
Symantec	Packed.Generic.459
TrendMicro-HouseCall	Backdoor.Win32.QAKBOT.SME
Paloalto	generic.ml
ClamAV	Win.Dropper.Qakbot-7784337-0
Kaspersky	HEUR:Trojan-Banker.Win32.Qbot.pef
BitDefender	Gen:Heur.Mint.Regotet.1
NANO-Antivirus	Trojan.Win32.Inject3.hjznvb
SUPERAntiSpyware	Trojan.Agent/Gen-Zusy
Avast	Win32:BankerX-gen [Trj]
Rising	Trojan.Kryptik!1.C427 (CLASSIC)
Ad-Aware	Gen:Heur.Mint.Regotet.1
Emsisoft	Gen:Heur.Mint.Regotet.1 (B)
Comodo	TrojWare.Win32.Qbot.AS@8rff2f
F-Secure	Trojan.TR/AD.Qbot.ftmkk
DrWeb	Trojan.Inject3.39637
VIPRE	Trojan.Win32.Generic!BT
TrendMicro	Backdoor.Win32.QAKBOT.SME
McAfee-GW-Edition	BehavesLike.Win32.Generic.tz
Sophos	Mal/Generic-R + Mal/EncPk-APV
APEX	Malicious
Jiangmin	Trojan.Banker.Qbot.ol
Webroot	W32.Trojan.Gen
Avira	TR/AD.Qbot.ftmkk
MAX	malware (ai score=82)
Antiy-AVL	Trojan[Banker]/Win32.Qbot
Gridinsoft	Trojan.Win32.Kryptik.ba!s2
Microsoft	Trojan:Win32/Dridex.RAC!MTB
ZoneAlarm	HEUR:Trojan-Banker.Win32.Qbot.pef
GData	Gen:Heur.Mint.Regotet.1
Cynet	Malicious (score: 85)
AhnLab-V3	Malware/Win32.RL_Generic.R335416
McAfee	W32/PinkSbot-GN!39C511CC1465
VBA32	TrojanBanker.Qbot
Malwarebytes	Backdoor.Qbot
ESET-NOD32	Win32/Qbot.CC

暂无二进制图像该样本未生成二进制可视化图像

暂无运行截图该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手，可以帮您分析和解读恶意软件报告。请随时向我提问！

🔍 主要威胁分析

⚡ 行为特征

🛡️ 防护建议

🔧 技术手段

🎯 检测方法

🤖

Static Analysis
Strings

PE Compile Time

2020-05-06 19:59:25

Imports

Library KERNEL32.dll:

• 0x5c79b4 TlsSetValue

• 0x5c79b8 TlsGetValue

• 0x5c79bc LocalAlloc

• 0x5c79c0 GetModuleHandleW

• 0x5c79c4 lstrlenW

• 0x5c79c8 lstrcmpA

• 0x5c79cc WriteProcessMemory

• 0x5c79d0 WriteFile

• 0x5c79d4 WideCharToMultiByte

• 0x5c79d8 WaitForSingleObject

• 0x5c79dc WaitForMultipleObjectsEx

• 0x5c79e0 VirtualQueryEx

• 0x5c79e4 VirtualQuery

• 0x5c79e8 VirtualProtectEx

• 0x5c79ec VirtualProtect

• 0x5c79f0 VirtualFree

• 0x5c79f4 VirtualAlloc

• 0x5c79f8 UnmapViewOfFile

• 0x5c79fc TerminateThread

• 0x5c7a00 TerminateProcess

• 0x5c7a04 SystemTimeToFileTime

• 0x5c7a08 SuspendThread

• 0x5c7a0c Sleep

• 0x5c7a10 SizeofResource

• 0x5c7a14 SetVolumeLabelW

• 0x5c7a18 SetThreadPriority

• 0x5c7a1c SetThreadContext

• 0x5c7a20 SetThreadAffinityMask

• 0x5c7a24 SetPriorityClass

• 0x5c7a28 SetLastError

• 0x5c7a2c SetFilePointer

• 0x5c7a30 SetEvent

• 0x5c7a34 SetErrorMode

• 0x5c7a38 SetEndOfFile

• 0x5c7a3c ResumeThread

• 0x5c7a40 ResetEvent

• 0x5c7a44 ReleaseSemaphore

• 0x5c7a48 ReleaseMutex

• 0x5c7a4c ReadProcessMemory

• 0x5c7a50 ReadFile

• 0x5c7a54 QueryPerformanceFrequency

• 0x5c7a58 QueryPerformanceCounter

• 0x5c7a5c PulseEvent

• 0x5c7a60 OutputDebugStringW

• 0x5c7a64 OpenProcess

• 0x5c7a68 OpenMutexW

• 0x5c7a6c OpenFileMappingA

• 0x5c7a70 OpenEventA

• 0x5c7a74 MultiByteToWideChar

• 0x5c7a78 MulDiv

• 0x5c7a7c MapViewOfFile

• 0x5c7a80 LockResource

• 0x5c7a84 LocalFree

• 0x5c7a88 LocalFileTimeToFileTime

• 0x5c7a8c LoadResource

• 0x5c7a90 LoadLibraryExA

• 0x5c7a94 LoadLibraryExW

• 0x5c7a98 LoadLibraryA

• 0x5c7a9c LoadLibraryW

• 0x5c7aa0 LeaveCriticalSection

• 0x5c7aa4 InitializeCriticalSection

• 0x5c7aa8 GlobalUnlock

• 0x5c7aac GlobalSize

• 0x5c7ab0 GlobalReAlloc

• 0x5c7ab4 GlobalHandle

• 0x5c7ab8 GlobalLock

• 0x5c7abc GlobalFree

• 0x5c7ac0 GlobalFindAtomW

• 0x5c7ac4 GlobalDeleteAtom

• 0x5c7ac8 GlobalAlloc

• 0x5c7acc GlobalAddAtomW

• 0x5c7ad0 GetWindowsDirectoryA

• 0x5c7ad4 GetWindowsDirectoryW

• 0x5c7ad8 GetVolumeInformationA

• 0x5c7adc GetVolumeInformationW

• 0x5c7ae0 GetVersionExA

• 0x5c7ae4 GetVersionExW

• 0x5c7ae8 GetVersion

• 0x5c7aec GetUserDefaultLCID

• 0x5c7af0 GetTickCount

• 0x5c7af4 GetThreadPriority

• 0x5c7af8 GetThreadLocale

• 0x5c7afc GetThreadContext

• 0x5c7b00 GetTempPathW

• 0x5c7b04 GetTempFileNameW

• 0x5c7b08 GetSystemTime

• 0x5c7b0c GetSystemDirectoryA

• 0x5c7b10 GetSystemDirectoryW

• 0x5c7b14 GetStartupInfoW

• 0x5c7b18 GetProcessVersion

• 0x5c7b1c GetProcessAffinityMask

• 0x5c7b20 GetProcAddress

• 0x5c7b24 GetPriorityClass

• 0x5c7b28 GetModuleHandleA

• 0x5c7b2c GetModuleFileNameA

• 0x5c7b30 GetModuleFileNameW

• 0x5c7b34 GetLogicalDrives

• 0x5c7b38 GetLocaleInfoW

• 0x5c7b3c GetLocalTime

• 0x5c7b40 GetLastError

• 0x5c7b44 GetFileSize

• 0x5c7b48 GetFileInformationByHandle

• 0x5c7b4c GetFileAttributesA

• 0x5c7b50 GetFileAttributesW

• 0x5c7b54 GetExitCodeThread

• 0x5c7b58 GetExitCodeProcess

• 0x5c7b5c GetDriveTypeW

• 0x5c7b60 GetDiskFreeSpaceW

• 0x5c7b64 GetCurrentThreadId

• 0x5c7b68 GetCurrentThread

• 0x5c7b6c GetCurrentProcessId

• 0x5c7b70 GetCurrentProcess

• 0x5c7b74 GetCommandLineA

• 0x5c7b78 GetCPInfo

• 0x5c7b7c FreeResource

• 0x5c7b80 InterlockedIncrement

• 0x5c7b84 InterlockedExchange

• 0x5c7b88 InterlockedDecrement

• 0x5c7b8c FreeLibrary

• 0x5c7b90 FormatMessageA

• 0x5c7b94 FormatMessageW

• 0x5c7b98 FlushFileBuffers

• 0x5c7b9c FindResourceA

• 0x5c7ba0 FindResourceW

• 0x5c7ba4 FindNextFileW

• 0x5c7ba8 FindFirstFileA

• 0x5c7bac FindFirstFileW

• 0x5c7bb0 FindClose

• 0x5c7bb4 FileTimeToSystemTime

• 0x5c7bb8 FileTimeToLocalFileTime

• 0x5c7bbc FileTimeToDosDateTime

• 0x5c7bc0 ExitProcess

• 0x5c7bc4 EnumResourceNamesW

• 0x5c7bc8 EnterCriticalSection

• 0x5c7bcc DuplicateHandle

• 0x5c7bd0 DosDateTimeToFileTime

• 0x5c7bd4 DisconnectNamedPipe

• 0x5c7bd8 DeleteFileW

• 0x5c7bdc DeleteCriticalSection

• 0x5c7be0 CreateThread

• 0x5c7be4 CreateSemaphoreW

• 0x5c7be8 CreateNamedPipeW

• 0x5c7bec CreateMutexA

• 0x5c7bf0 CreateMutexW

• 0x5c7bf4 CreateFileMappingA

• 0x5c7bf8 CreateFileMappingW

• 0x5c7bfc CreateFileA

• 0x5c7c00 CreateFileW

• 0x5c7c04 CreateEventA

• 0x5c7c08 CreateEventW

• 0x5c7c0c CreateDirectoryW

• 0x5c7c10 ConnectNamedPipe

• 0x5c7c14 CompareStringW

• 0x5c7c18 CompareFileTime

• 0x5c7c1c CloseHandle

• 0x5c7c20 CancelIo

• 0x5c7c24 GetProcessHeaps

• 0x5c7c28 GetFullPathNameW

• 0x5c7c2c LocalSize

• 0x5c7c30 SetSystemPowerState

• 0x5c7c34 SetTapePosition

• 0x5c7c38 CommConfigDialogW

• 0x5c7c3c GetVolumeNameForVolumeMountPointA

• 0x5c7c40 CreateRemoteThread

• 0x5c7c44 EnumSystemLocalesA

• 0x5c7c48 GetConsoleDisplayMode

• 0x5c7c4c SetComputerNameExA

• 0x5c7c50 GetFileAttributesExW

• 0x5c7c54 HeapCreate

• 0x5c7c58 DeviceIoControl

• 0x5c7c5c GetLocaleInfoA

• 0x5c7c60 GetCompressedFileSizeA

• 0x5c7c64 WaitForDebugEvent

• 0x5c7c68 SetHandleInformation

• 0x5c7c6c QueryInformationJobObject

• 0x5c7c70 SetInformationJobObject

• 0x5c7c74 HeapWalk

• 0x5c7c78 GetDateFormatA

• 0x5c7c7c lstrlen

• 0x5c7c80 SleepEx

• 0x5c7c84 _lopen

Library USER32.dll:

• 0x5c7c8c WaitForInputIdle

• 0x5c7c90 TranslateMessage

• 0x5c7c94 SystemParametersInfoW

• 0x5c7c98 AnimateWindow

• 0x5c7c9c ShowWindow

• 0x5c7ca0 ShowOwnedPopups

• 0x5c7ca4 SetWindowRgn

• 0x5c7ca8 SetWindowPos

• 0x5c7cac SetWindowPlacement

• 0x5c7cb0 SetWindowLongW

• 0x5c7cb4 SetTimer

• 0x5c7cb8 SetRect

• 0x5c7cbc SetPropA

• 0x5c7cc0 SetParent

• 0x5c7cc4 SetForegroundWindow

• 0x5c7cc8 SetCursorPos

• 0x5c7ccc SetClassLongW

• 0x5c7cd0 SendNotifyMessageW

• 0x5c7cd4 SendMessageTimeoutA

• 0x5c7cd8 SendMessageTimeoutW

• 0x5c7cdc SendMessageCallbackA

• 0x5c7ce0 SendMessageA

• 0x5c7ce4 SendMessageW

• 0x5c7ce8 RemovePropA

• 0x5c7cec ReleaseDC

• 0x5c7cf0 RegisterWindowMessageW

• 0x5c7cf4 PostThreadMessageA

• 0x5c7cf8 PostThreadMessageW

• 0x5c7cfc PostMessageA

• 0x5c7d00 PostMessageW

• 0x5c7d04 OffsetRect

• 0x5c7d08 MsgWaitForMultipleObjects

• 0x5c7d0c MessageBoxW

• 0x5c7d10 MessageBeep

• 0x5c7d14 LoadImageW

• 0x5c7d18 LoadIconW

• 0x5c7d1c LoadCursorW

• 0x5c7d20 LoadBitmapW

• 0x5c7d24 KillTimer

• 0x5c7d28 IsZoomed

• 0x5c7d2c IsWindowVisible

• 0x5c7d30 IsWindowUnicode

• 0x5c7d34 IsWindowEnabled

• 0x5c7d38 IsWindow

• 0x5c7d3c IsIconic

• 0x5c7d40 InvalidateRect

• 0x5c7d44 InsertMenuW

• 0x5c7d48 InflateRect

• 0x5c7d4c GetWindowThreadProcessId

• 0x5c7d50 GetWindowRect

• 0x5c7d54 GetWindowPlacement

• 0x5c7d58 GetWindowLongW

• 0x5c7d5c GetUserObjectInformationW

• 0x5c7d60 GetTopWindow

• 0x5c7d64 GetThreadDesktop

• 0x5c7d68 GetSystemMetrics

• 0x5c7d6c GetSystemMenu

• 0x5c7d70 GetPropA

• 0x5c7d74 GetParent

• 0x5c7d78 GetWindow

• 0x5c7d7c GetMessageW

• 0x5c7d80 GetMenu

• 0x5c7d84 GetIconInfo

• 0x5c7d88 GetForegroundWindow

• 0x5c7d8c GetDC

• 0x5c7d90 GetClientRect

• 0x5c7d94 GetClassNameA

• 0x5c7d98 GetClassLongW

• 0x5c7d9c GetAsyncKeyState

• 0x5c7da0 GetActiveWindow

• 0x5c7da4 FrameRect

• 0x5c7da8 FindWindowExA

• 0x5c7dac FindWindowExW

• 0x5c7db0 FindWindowW

• 0x5c7db4 EnumWindows

• 0x5c7db8 EnumThreadWindows

• 0x5c7dbc EnableWindow

• 0x5c7dc0 EnableMenuItem

• 0x5c7dc4 DrawTextW

• 0x5c7dc8 DrawMenuBar

• 0x5c7dcc DrawFrameControl

• 0x5c7dd0 DrawFocusRect

• 0x5c7dd4 DispatchMessageW

• 0x5c7dd8 DestroyWindow

• 0x5c7ddc DestroyIcon

• 0x5c7de0 DefWindowProcW

• 0x5c7de4 CreateIconFromResource

• 0x5c7de8 ChildWindowFromPointEx

• 0x5c7dec CharUpperW

• 0x5c7df0 CharNextExA

• 0x5c7df4 CharLowerW

• 0x5c7df8 BringWindowToTop

• 0x5c7dfc AttachThreadInput

• 0x5c7e00 AdjustWindowRectEx

• 0x5c7e04 CallNextHookEx

• 0x5c7e08 MapDialogRect

• 0x5c7e0c DrawTextExA

• 0x5c7e10 FlashWindow

• 0x5c7e14 WindowFromDC

• 0x5c7e18 SetClassWord

• 0x5c7e1c EndDialog

• 0x5c7e20 UserHandleGrantAccess

• 0x5c7e24 IsCharLowerA

• 0x5c7e28 SetMenu

• 0x5c7e2c CreateMDIWindowW

• 0x5c7e30 BroadcastSystemMessageW

• 0x5c7e34 GetMessageExtraInfo

• 0x5c7e38 SetMenuItemBitmaps

• 0x5c7e3c CheckMenuRadioItem

• 0x5c7e40 GetDlgCtrlID

• 0x5c7e44 DragObject

• 0x5c7e48 DdeSetQualityOfService

• 0x5c7e4c SendIMEMessageExW

• 0x5c7e50 GetClassLongA

• 0x5c7e54 GetMessageA

• 0x5c7e58 GetCursorPos

• 0x5c7e5c GetDoubleClickTime

• 0x5c7e60 GetKeyboardLayout

• 0x5c7e64 GetShellWindow

• 0x5c7e68 GetListBoxInfo

• 0x5c7e6c CloseDesktop

• 0x5c7e70 GetWindowContextHelpId

• 0x5c7e74 IsCharAlphaNumericA

• 0x5c7e78 IsCharUpperA

• 0x5c7e7c GetDesktopWindow

• 0x5c7e80 IsMenu

• 0x5c7e84 ReleaseCapture

• 0x5c7e88 GetClipboardOwner

• 0x5c7e8c LoadCursorFromFileA

• 0x5c7e90 GetProcessWindowStation

Library GDI32.dll:

• 0x5c7e98 TranslateCharsetInfo

• 0x5c7e9c StretchDIBits

• 0x5c7ea0 StretchBlt

• 0x5c7ea4 SetStretchBltMode

• 0x5c7ea8 SetBkMode

• 0x5c7eac SetBkColor

• 0x5c7eb0 SelectObject

• 0x5c7eb4 SelectClipRgn

• 0x5c7eb8 GetTextExtentPointW

• 0x5c7ebc GetTextExtentPoint32W

• 0x5c7ec0 GetPaletteEntries

• 0x5c7ec4 GetObjectW

• 0x5c7ec8 GetNearestPaletteIndex

• 0x5c7ecc GetDeviceCaps

• 0x5c7ed0 GetDIBits

• 0x5c7ed4 DeleteObject

• 0x5c7ed8 DeleteDC

• 0x5c7edc CreateRoundRectRgn

• 0x5c7ee0 CreateRectRgn

• 0x5c7ee4 CreatePalette

• 0x5c7ee8 CreateFontIndirectW

• 0x5c7eec CreateDIBitmap

• 0x5c7ef0 CreateDIBSection

• 0x5c7ef4 CreateCompatibleDC

• 0x5c7ef8 CreateCompatibleBitmap

• 0x5c7efc CreateBitmap

• 0x5c7f00 BitBlt

• 0x5c7f04 EngDeletePath

• 0x5c7f08 GetDCBrushColor

• 0x5c7f0c STROBJ_bEnumPositionsOnly

• 0x5c7f10 CreateDCW

• 0x5c7f14 GdiEntry2

• 0x5c7f18 GdiGetPageCount

• 0x5c7f1c GdiEntry15

• 0x5c7f20 EqualRgn

• 0x5c7f24 CreateScalableFontResourceA

• 0x5c7f28 SetPixelFormat

• 0x5c7f2c EndPath

• 0x5c7f30 EngMarkBandingSurface

• 0x5c7f34 GdiConsoleTextOut

• 0x5c7f38 FloodFill

• 0x5c7f3c GdiFlush

• 0x5c7f40 GetCharacterPlacementA

• 0x5c7f44 CreatePolygonRgn

• 0x5c7f48 GetTextFaceA

• 0x5c7f4c EngDeleteClip

• 0x5c7f50 DescribePixelFormat

• 0x5c7f54 GdiSwapBuffers

• 0x5c7f58 Pie

• 0x5c7f5c CLIPOBJ_cEnumStart

• 0x5c7f60 FillRgn

• 0x5c7f64 GetObjectType

• 0x5c7f68 EndDoc

• 0x5c7f6c FillPath

• 0x5c7f70 EndPage

• 0x5c7f74 GetBkMode

• 0x5c7f78 SetMetaRgn

• 0x5c7f7c CreatePatternBrush

• 0x5c7f80 GetTextColor

• 0x5c7f84 GetPixelFormat

• 0x5c7f88 AbortDoc

• 0x5c7f8c BeginPath

• 0x5c7f90 GetStretchBltMode

• 0x5c7f94 GetEnhMetaFileW

Library COMDLG32.dll:

• 0x5c7f9c GetSaveFileNameW

• 0x5c7fa0 GetOpenFileNameW

Library ADVAPI32.dll:

• 0x5c7fa8 SetSecurityDescriptorDacl

• 0x5c7fac ReportEventW

• 0x5c7fb0 RegisterEventSourceW

• 0x5c7fb4 RegUnLoadKeyW

• 0x5c7fb8 RegOpenKeyExA

• 0x5c7fbc RegLoadKeyW

• 0x5c7fc0 RegCloseKey

• 0x5c7fc4 OpenProcessToken

• 0x5c7fc8 LookupAccountSidA

• 0x5c7fcc LookupAccountSidW

• 0x5c7fd0 InitializeSecurityDescriptor

• 0x5c7fd4 GetTokenInformation

• 0x5c7fd8 GetLengthSid

• 0x5c7fdc GetUserNameW

• 0x5c7fe0 GetKernelObjectSecurity

• 0x5c7fe4 CryptSetProvParam

• 0x5c7fe8 CryptGetProvParam

• 0x5c7fec CryptDestroyHash

• 0x5c7ff0 CryptSignHashA

• 0x5c7ff4 CryptSetHashParam

• 0x5c7ff8 CryptCreateHash

• 0x5c7ffc CryptImportKey

• 0x5c8000 CryptExportKey

• 0x5c8004 CryptReleaseContext

• 0x5c8008 CryptDestroyKey

• 0x5c800c CryptGetUserKey

• 0x5c8010 CryptAcquireContextA

• 0x5c8014 CryptDecrypt

• 0x5c8018 RegSetValueW

• 0x5c801c RegQueryValueExW

• 0x5c8020 RegOpenKeyW

• 0x5c8024 RegDeleteKeyW

Library SHELL32.dll:

• 0x5c802c SHGetFileInfoA

• 0x5c8030 SHFileOperationW

• 0x5c8034 ShellExecuteW

• 0x5c8038 Shell_NotifyIconW

• 0x5c803c DragQueryFileW

• 0x5c8040 DragFinish

• 0x5c8044 SHGetFolderPathA

• 0x5c8048 SHGetFolderPathW

• 0x5c804c SHGetSpecialFolderLocation

• 0x5c8050 SHGetPathFromIDListA

• 0x5c8054 SHGetPathFromIDListW

• 0x5c8058 SHBrowseForFolderW

Library ole32.dll:

• 0x5c8060 CreateStreamOnHGlobal

• 0x5c8064 OleUninitialize

• 0x5c8068 CoTaskMemFree

• 0x5c806c CoCreateGuid

• 0x5c8070 CoCreateInstance

• 0x5c8074 CoUninitialize

• 0x5c8078 CoInitializeEx

• 0x5c807c CoInitialize

• 0x5c8080 GetHGlobalFromStream

• 0x5c8084 OleInitialize

• 0x5c8088 StringFromCLSID

Library COMCTL32.dll:

• 0x5c8090 ImageList_GetIconSize

• 0x5c8094 ImageList_Write

• 0x5c8098 ImageList_Read

• 0x5c809c ImageList_GetIcon

• 0x5c80a0 ImageList_ReplaceIcon

• 0x5c80a4 ImageList_GetImageCount

• 0x5c80a8 ImageList_Destroy

• 0x5c80ac ImageList_Create

Hosts

No hosts contacted.

DNS

Name	Response	Post-Analysis Lookup
dns.msftncsi.com	AAAA fd3e:4f5a:5b81::1	131.107.255.255
time.windows.com	A 20.189.79.72 CNAME time.microsoft.akadns.net
clients2.google.com	A 172.217.24.14 CNAME clients.l.google.com	172.217.24.14
dns.msftncsi.com	A 131.107.255.255	131.107.255.255
teredo.ipv6.microsoft.com		127.0.0.1

TCP

No TCP connections recorded.

UDP

Source	Source Port	Destination	Destination Port
192.168.56.101	50534	114.114.114.114	53
192.168.56.101	51808	114.114.114.114	53
192.168.56.101	56539	114.114.114.114	53
192.168.56.101	57874	114.114.114.114	53
192.168.56.101	58367	114.114.114.114	53
192.168.56.101	63429	114.114.114.114	53
192.168.56.101	65004	114.114.114.114	53
192.168.56.101	137	192.168.56.255	137
192.168.56.101	138	192.168.56.255	138
192.168.56.101	123	20.189.79.72 time.windows.com	123
192.168.56.101	49235	224.0.0.252	5355
192.168.56.101	51378	224.0.0.252	5355
192.168.56.101	51963	224.0.0.252	5355
192.168.56.101	56804	224.0.0.252	5355
192.168.56.101	62191	224.0.0.252	5355
192.168.56.101	1900	239.255.255.250	1900
192.168.56.101	51809	239.255.255.250	3702
192.168.56.101	56807	239.255.255.250	1900
192.168.56.101	58707	239.255.255.250	3702
192.168.56.101	63430	239.255.255.250	3702

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.

Sorry! No dropped buffers.