SmartHawk

4.2

中危

54 个模型检测该样本为恶意！

重新分析

下载样本

c2d2690bfafe0264ede4677b30f80542dcf607ba78e38b78f2d31676840e173b

3fb8fbdb7b9243c8d4299b2ae29bfcde.exe

分析耗时

47s

最近分析

文件大小

4.1MB

静态报毒动态报毒 100% ADWAREX AEXIS AI SCORE=86 ATTRIBUTE BDQDF BEQV BJYO BSCOPE CLASSIC CONFIDENCE DOWNLOADER34 DYNAMER EKSTAK EVOS GENERICRXAA HASW HIGH CONFIDENCE HIGHCONFIDENCE HTLNSO KCLOUD KRYPTIK LOSE MALICIOUS PE PFKD R + TROJ RAZY SCORE STATIC AI SUSGEN UNSAFE V6F0JJ0NEYK WACATAC 更多

未检测暂无鹰眼引擎检测结果

查杀引擎	查杀结果	查杀时间	查杀版本
McAfee	GenericRXAA-FA!3FB8FBDB7B92	20210122	6.0.6.653
Baidu		20190318	1.0.0.2
Avast	Win32:AdwareX-gen [Adw]	20210122	21.1.5827.0
Alibaba	Trojan:Win32/Ekstak.df975070	20190527	0.3.0.5
Kingsoft	Win32.Troj.Undef.(kcloud)	20210122	2017.9.26.565
Tencent	Win32.Trojan.Ekstak.Lose	20210122	1.0.0.1
CrowdStrike	win/malicious_confidence_100% (W)	20190702	1.0

Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available (1 个事件)

Time & API	Arguments	Status	Return	Repeated
1620734520.640125 GlobalMemoryStatusEx		success	1	0

The executable contains unknown PE section names indicative of a packer (could be a false positive) (4 个事件)

section	.text\x00\x00\x05
section	.rdata\x00\x05
section	.icon0
section	.rsrc\x00\x00\x05

The executable uses a known packer (1 个事件)

packer

Armadillo v1.71

The file contains an unknown PE resource name possibly indicative of a packer (2 个事件)

resource name	MAD
resource name	UNICODEDATA

One or more processes crashed (50 out of 65536 个事件)

Time & API	Arguments	Status
1620734520.421125 __exception__	stacktrace: registers.esp: 1637832 registers.edi: 39003465 registers.eax: 0 registers.ebp: 38543407 registers.edx: 0 registers.ebx: 28886927 registers.esi: 1638056 registers.ecx: 0 exception.instruction_r: f7 f1 89 56 04 8b ce 89 46 08 9c 0b cd 8f 06 66 exception.symbol: 3fb8fbdb7b9243c8d4299b2ae29bfcde+0x2132556 exception.instruction: div ecx exception.module: 3fb8fbdb7b9243c8d4299b2ae29bfcde.exe exception.exception_code: 0xc0000094 exception.offset: 34809174 exception.address: 0x2532556	success
1620734520.421125 __exception__	stacktrace: registers.esp: 1637816 registers.edi: 38528987 registers.eax: 4294823140 registers.ebp: 38769134 registers.edx: 1983119600 registers.ebx: 4256605665 registers.esi: 1638052 registers.ecx: 1983180800 exception.instruction_r: 8b 11 f5 e9 7c 28 fc ff 8d bf ff ff ff ff 66 ff exception.symbol: 3fb8fbdb7b9243c8d4299b2ae29bfcde+0x20f91f2 exception.instruction: mov edx, dword ptr [ecx] exception.module: 3fb8fbdb7b9243c8d4299b2ae29bfcde.exe exception.exception_code: 0xc0000005 exception.offset: 34574834 exception.address: 0x24f91f2	success
1620734520.421125 __exception__	stacktrace: registers.esp: 1637816 registers.edi: 38528987 registers.eax: 4294823140 registers.ebp: 38769134 registers.edx: 1983119584 registers.ebx: 4256605665 registers.esi: 1638052 registers.ecx: 1983176704 exception.instruction_r: 8b 11 f5 e9 7c 28 fc ff 8d bf ff ff ff ff 66 ff exception.symbol: 3fb8fbdb7b9243c8d4299b2ae29bfcde+0x20f91f2 exception.instruction: mov edx, dword ptr [ecx] exception.module: 3fb8fbdb7b9243c8d4299b2ae29bfcde.exe exception.exception_code: 0xc0000005 exception.offset: 34574834 exception.address: 0x24f91f2	success
1620734520.421125 __exception__	stacktrace: registers.esp: 1637816 registers.edi: 38528987 registers.eax: 4294823140 registers.ebp: 38769134 registers.edx: 1983119568 registers.ebx: 4256605665 registers.esi: 1638052 registers.ecx: 1983172608 exception.instruction_r: 8b 11 f5 e9 7c 28 fc ff 8d bf ff ff ff ff 66 ff exception.symbol: 3fb8fbdb7b9243c8d4299b2ae29bfcde+0x20f91f2 exception.instruction: mov edx, dword ptr [ecx] exception.module: 3fb8fbdb7b9243c8d4299b2ae29bfcde.exe exception.exception_code: 0xc0000005 exception.offset: 34574834 exception.address: 0x24f91f2	success
1620734520.421125 __exception__	stacktrace: registers.esp: 1637816 registers.edi: 38528987 registers.eax: 4294823140 registers.ebp: 38769134 registers.edx: 1983119552 registers.ebx: 4256605665 registers.esi: 1638052 registers.ecx: 1983168512 exception.instruction_r: 8b 11 f5 e9 7c 28 fc ff 8d bf ff ff ff ff 66 ff exception.symbol: 3fb8fbdb7b9243c8d4299b2ae29bfcde+0x20f91f2 exception.instruction: mov edx, dword ptr [ecx] exception.module: 3fb8fbdb7b9243c8d4299b2ae29bfcde.exe exception.exception_code: 0xc0000005 exception.offset: 34574834 exception.address: 0x24f91f2	success
1620734520.421125 __exception__	stacktrace: registers.esp: 1637816 registers.edi: 38528987 registers.eax: 4294823140 registers.ebp: 38769134 registers.edx: 1983119536 registers.ebx: 4256605665 registers.esi: 1638052 registers.ecx: 1983164416 exception.instruction_r: 8b 11 f5 e9 7c 28 fc ff 8d bf ff ff ff ff 66 ff exception.symbol: 3fb8fbdb7b9243c8d4299b2ae29bfcde+0x20f91f2 exception.instruction: mov edx, dword ptr [ecx] exception.module: 3fb8fbdb7b9243c8d4299b2ae29bfcde.exe exception.exception_code: 0xc0000005 exception.offset: 34574834 exception.address: 0x24f91f2	success
1620734520.421125 __exception__	stacktrace: registers.esp: 1637816 registers.edi: 38528987 registers.eax: 4294823140 registers.ebp: 38769134 registers.edx: 1983119520 registers.ebx: 4256605665 registers.esi: 1638052 registers.ecx: 1983160320 exception.instruction_r: 8b 11 f5 e9 7c 28 fc ff 8d bf ff ff ff ff 66 ff exception.symbol: 3fb8fbdb7b9243c8d4299b2ae29bfcde+0x20f91f2 exception.instruction: mov edx, dword ptr [ecx] exception.module: 3fb8fbdb7b9243c8d4299b2ae29bfcde.exe exception.exception_code: 0xc0000005 exception.offset: 34574834 exception.address: 0x24f91f2	success
1620734520.421125 __exception__	stacktrace: registers.esp: 1637816 registers.edi: 38528987 registers.eax: 4294823140 registers.ebp: 38769134 registers.edx: 1983119504 registers.ebx: 4256605665 registers.esi: 1638052 registers.ecx: 1983156224 exception.instruction_r: 8b 11 f5 e9 7c 28 fc ff 8d bf ff ff ff ff 66 ff exception.symbol: 3fb8fbdb7b9243c8d4299b2ae29bfcde+0x20f91f2 exception.instruction: mov edx, dword ptr [ecx] exception.module: 3fb8fbdb7b9243c8d4299b2ae29bfcde.exe exception.exception_code: 0xc0000005 exception.offset: 34574834 exception.address: 0x24f91f2	success
1620734520.421125 __exception__	stacktrace: registers.esp: 1637816 registers.edi: 38528987 registers.eax: 4294823140 registers.ebp: 38769134 registers.edx: 1983119488 registers.ebx: 4256605665 registers.esi: 1638052 registers.ecx: 1983152128 exception.instruction_r: 8b 11 f5 e9 7c 28 fc ff 8d bf ff ff ff ff 66 ff exception.symbol: 3fb8fbdb7b9243c8d4299b2ae29bfcde+0x20f91f2 exception.instruction: mov edx, dword ptr [ecx] exception.module: 3fb8fbdb7b9243c8d4299b2ae29bfcde.exe exception.exception_code: 0xc0000005 exception.offset: 34574834 exception.address: 0x24f91f2	success
1620734520.421125 __exception__	stacktrace: registers.esp: 1637816 registers.edi: 38528987 registers.eax: 4294823140 registers.ebp: 38769134 registers.edx: 1983119472 registers.ebx: 4256605665 registers.esi: 1638052 registers.ecx: 1983148032 exception.instruction_r: 8b 11 f5 e9 7c 28 fc ff 8d bf ff ff ff ff 66 ff exception.symbol: 3fb8fbdb7b9243c8d4299b2ae29bfcde+0x20f91f2 exception.instruction: mov edx, dword ptr [ecx] exception.module: 3fb8fbdb7b9243c8d4299b2ae29bfcde.exe exception.exception_code: 0xc0000005 exception.offset: 34574834 exception.address: 0x24f91f2	success
1620734520.421125 __exception__	stacktrace: registers.esp: 1637816 registers.edi: 38528987 registers.eax: 4294823140 registers.ebp: 38769134 registers.edx: 1983119456 registers.ebx: 4256605665 registers.esi: 1638052 registers.ecx: 1983143936 exception.instruction_r: 8b 11 f5 e9 7c 28 fc ff 8d bf ff ff ff ff 66 ff exception.symbol: 3fb8fbdb7b9243c8d4299b2ae29bfcde+0x20f91f2 exception.instruction: mov edx, dword ptr [ecx] exception.module: 3fb8fbdb7b9243c8d4299b2ae29bfcde.exe exception.exception_code: 0xc0000005 exception.offset: 34574834 exception.address: 0x24f91f2	success
1620734520.421125 __exception__	stacktrace: registers.esp: 1637816 registers.edi: 38528987 registers.eax: 4294823140 registers.ebp: 38769134 registers.edx: 1983119440 registers.ebx: 4256605665 registers.esi: 1638052 registers.ecx: 1983139840 exception.instruction_r: 8b 11 f5 e9 7c 28 fc ff 8d bf ff ff ff ff 66 ff exception.symbol: 3fb8fbdb7b9243c8d4299b2ae29bfcde+0x20f91f2 exception.instruction: mov edx, dword ptr [ecx] exception.module: 3fb8fbdb7b9243c8d4299b2ae29bfcde.exe exception.exception_code: 0xc0000005 exception.offset: 34574834 exception.address: 0x24f91f2	success
1620734520.421125 __exception__	stacktrace: registers.esp: 1637816 registers.edi: 38528987 registers.eax: 4294823140 registers.ebp: 38769134 registers.edx: 1983119424 registers.ebx: 4256605665 registers.esi: 1638052 registers.ecx: 1983135744 exception.instruction_r: 8b 11 f5 e9 7c 28 fc ff 8d bf ff ff ff ff 66 ff exception.symbol: 3fb8fbdb7b9243c8d4299b2ae29bfcde+0x20f91f2 exception.instruction: mov edx, dword ptr [ecx] exception.module: 3fb8fbdb7b9243c8d4299b2ae29bfcde.exe exception.exception_code: 0xc0000005 exception.offset: 34574834 exception.address: 0x24f91f2	success
1620734520.421125 __exception__	stacktrace: registers.esp: 1637816 registers.edi: 38528987 registers.eax: 4294823140 registers.ebp: 38769134 registers.edx: 1983119408 registers.ebx: 4256605665 registers.esi: 1638052 registers.ecx: 1983131648 exception.instruction_r: 8b 11 f5 e9 7c 28 fc ff 8d bf ff ff ff ff 66 ff exception.symbol: 3fb8fbdb7b9243c8d4299b2ae29bfcde+0x20f91f2 exception.instruction: mov edx, dword ptr [ecx] exception.module: 3fb8fbdb7b9243c8d4299b2ae29bfcde.exe exception.exception_code: 0xc0000005 exception.offset: 34574834 exception.address: 0x24f91f2	success
1620734520.421125 __exception__	stacktrace: registers.esp: 1637816 registers.edi: 38528987 registers.eax: 4294823140 registers.ebp: 38769134 registers.edx: 1983119392 registers.ebx: 4256605665 registers.esi: 1638052 registers.ecx: 1983127552 exception.instruction_r: 8b 11 f5 e9 7c 28 fc ff 8d bf ff ff ff ff 66 ff exception.symbol: 3fb8fbdb7b9243c8d4299b2ae29bfcde+0x20f91f2 exception.instruction: mov edx, dword ptr [ecx] exception.module: 3fb8fbdb7b9243c8d4299b2ae29bfcde.exe exception.exception_code: 0xc0000005 exception.offset: 34574834 exception.address: 0x24f91f2	success
1620734520.421125 __exception__	stacktrace: registers.esp: 1637816 registers.edi: 38528987 registers.eax: 4294823140 registers.ebp: 38769134 registers.edx: 1983119376 registers.ebx: 4256605665 registers.esi: 1638052 registers.ecx: 1983123456 exception.instruction_r: 8b 11 f5 e9 7c 28 fc ff 8d bf ff ff ff ff 66 ff exception.symbol: 3fb8fbdb7b9243c8d4299b2ae29bfcde+0x20f91f2 exception.instruction: mov edx, dword ptr [ecx] exception.module: 3fb8fbdb7b9243c8d4299b2ae29bfcde.exe exception.exception_code: 0xc0000005 exception.offset: 34574834 exception.address: 0x24f91f2	success
1620734521.031125 __exception__	stacktrace: registers.esp: 1637764 registers.edi: 38528987 registers.eax: 4294823140 registers.ebp: 38769134 registers.edx: 16 registers.ebx: 4256605665 registers.esi: 1638000 registers.ecx: 4096 exception.instruction_r: 8b 11 f5 e9 7c 28 fc ff 8d bf ff ff ff ff 66 ff exception.symbol: 3fb8fbdb7b9243c8d4299b2ae29bfcde+0x20f91f2 exception.instruction: mov edx, dword ptr [ecx] exception.module: 3fb8fbdb7b9243c8d4299b2ae29bfcde.exe exception.exception_code: 0xc0000005 exception.offset: 34574834 exception.address: 0x24f91f2	success
1620734521.031125 __exception__	stacktrace: registers.esp: 1637764 registers.edi: 38528987 registers.eax: 4294823140 registers.ebp: 38769134 registers.edx: 32 registers.ebx: 4256605665 registers.esi: 1638000 registers.ecx: 8192 exception.instruction_r: 8b 11 f5 e9 7c 28 fc ff 8d bf ff ff ff ff 66 ff exception.symbol: 3fb8fbdb7b9243c8d4299b2ae29bfcde+0x20f91f2 exception.instruction: mov edx, dword ptr [ecx] exception.module: 3fb8fbdb7b9243c8d4299b2ae29bfcde.exe exception.exception_code: 0xc0000005 exception.offset: 34574834 exception.address: 0x24f91f2	success
1620734521.031125 __exception__	stacktrace: registers.esp: 1637764 registers.edi: 38528987 registers.eax: 4294823140 registers.ebp: 38769134 registers.edx: 48 registers.ebx: 4256605665 registers.esi: 1638000 registers.ecx: 12288 exception.instruction_r: 8b 11 f5 e9 7c 28 fc ff 8d bf ff ff ff ff 66 ff exception.symbol: 3fb8fbdb7b9243c8d4299b2ae29bfcde+0x20f91f2 exception.instruction: mov edx, dword ptr [ecx] exception.module: 3fb8fbdb7b9243c8d4299b2ae29bfcde.exe exception.exception_code: 0xc0000005 exception.offset: 34574834 exception.address: 0x24f91f2	success
1620734521.031125 __exception__	stacktrace: registers.esp: 1637764 registers.edi: 38528987 registers.eax: 4294823140 registers.ebp: 38769134 registers.edx: 64 registers.ebx: 4256605665 registers.esi: 1638000 registers.ecx: 16384 exception.instruction_r: 8b 11 f5 e9 7c 28 fc ff 8d bf ff ff ff ff 66 ff exception.symbol: 3fb8fbdb7b9243c8d4299b2ae29bfcde+0x20f91f2 exception.instruction: mov edx, dword ptr [ecx] exception.module: 3fb8fbdb7b9243c8d4299b2ae29bfcde.exe exception.exception_code: 0xc0000005 exception.offset: 34574834 exception.address: 0x24f91f2	success
1620734521.031125 __exception__	stacktrace: registers.esp: 1637764 registers.edi: 38528987 registers.eax: 4294823140 registers.ebp: 38769134 registers.edx: 80 registers.ebx: 4256605665 registers.esi: 1638000 registers.ecx: 20480 exception.instruction_r: 8b 11 f5 e9 7c 28 fc ff 8d bf ff ff ff ff 66 ff exception.symbol: 3fb8fbdb7b9243c8d4299b2ae29bfcde+0x20f91f2 exception.instruction: mov edx, dword ptr [ecx] exception.module: 3fb8fbdb7b9243c8d4299b2ae29bfcde.exe exception.exception_code: 0xc0000005 exception.offset: 34574834 exception.address: 0x24f91f2	success
1620734521.031125 __exception__	stacktrace: registers.esp: 1637764 registers.edi: 38528987 registers.eax: 4294823140 registers.ebp: 38769134 registers.edx: 96 registers.ebx: 4256605665 registers.esi: 1638000 registers.ecx: 24576 exception.instruction_r: 8b 11 f5 e9 7c 28 fc ff 8d bf ff ff ff ff 66 ff exception.symbol: 3fb8fbdb7b9243c8d4299b2ae29bfcde+0x20f91f2 exception.instruction: mov edx, dword ptr [ecx] exception.module: 3fb8fbdb7b9243c8d4299b2ae29bfcde.exe exception.exception_code: 0xc0000005 exception.offset: 34574834 exception.address: 0x24f91f2	success
1620734521.031125 __exception__	stacktrace: registers.esp: 1637764 registers.edi: 38528987 registers.eax: 4294823140 registers.ebp: 38769134 registers.edx: 112 registers.ebx: 4256605665 registers.esi: 1638000 registers.ecx: 28672 exception.instruction_r: 8b 11 f5 e9 7c 28 fc ff 8d bf ff ff ff ff 66 ff exception.symbol: 3fb8fbdb7b9243c8d4299b2ae29bfcde+0x20f91f2 exception.instruction: mov edx, dword ptr [ecx] exception.module: 3fb8fbdb7b9243c8d4299b2ae29bfcde.exe exception.exception_code: 0xc0000005 exception.offset: 34574834 exception.address: 0x24f91f2	success
1620734521.031125 __exception__	stacktrace: registers.esp: 1637764 registers.edi: 38528987 registers.eax: 4294823140 registers.ebp: 38769134 registers.edx: 128 registers.ebx: 4256605665 registers.esi: 1638000 registers.ecx: 32768 exception.instruction_r: 8b 11 f5 e9 7c 28 fc ff 8d bf ff ff ff ff 66 ff exception.symbol: 3fb8fbdb7b9243c8d4299b2ae29bfcde+0x20f91f2 exception.instruction: mov edx, dword ptr [ecx] exception.module: 3fb8fbdb7b9243c8d4299b2ae29bfcde.exe exception.exception_code: 0xc0000005 exception.offset: 34574834 exception.address: 0x24f91f2	success
1620734521.031125 __exception__	stacktrace: registers.esp: 1637764 registers.edi: 38528987 registers.eax: 4294823140 registers.ebp: 38769134 registers.edx: 144 registers.ebx: 4256605665 registers.esi: 1638000 registers.ecx: 36864 exception.instruction_r: 8b 11 f5 e9 7c 28 fc ff 8d bf ff ff ff ff 66 ff exception.symbol: 3fb8fbdb7b9243c8d4299b2ae29bfcde+0x20f91f2 exception.instruction: mov edx, dword ptr [ecx] exception.module: 3fb8fbdb7b9243c8d4299b2ae29bfcde.exe exception.exception_code: 0xc0000005 exception.offset: 34574834 exception.address: 0x24f91f2	success
1620734521.031125 __exception__	stacktrace: registers.esp: 1637764 registers.edi: 38528987 registers.eax: 4294823140 registers.ebp: 38769134 registers.edx: 160 registers.ebx: 4256605665 registers.esi: 1638000 registers.ecx: 40960 exception.instruction_r: 8b 11 f5 e9 7c 28 fc ff 8d bf ff ff ff ff 66 ff exception.symbol: 3fb8fbdb7b9243c8d4299b2ae29bfcde+0x20f91f2 exception.instruction: mov edx, dword ptr [ecx] exception.module: 3fb8fbdb7b9243c8d4299b2ae29bfcde.exe exception.exception_code: 0xc0000005 exception.offset: 34574834 exception.address: 0x24f91f2	success
1620734521.031125 __exception__	stacktrace: registers.esp: 1637764 registers.edi: 38528987 registers.eax: 4294823140 registers.ebp: 38769134 registers.edx: 176 registers.ebx: 4256605665 registers.esi: 1638000 registers.ecx: 45056 exception.instruction_r: 8b 11 f5 e9 7c 28 fc ff 8d bf ff ff ff ff 66 ff exception.symbol: 3fb8fbdb7b9243c8d4299b2ae29bfcde+0x20f91f2 exception.instruction: mov edx, dword ptr [ecx] exception.module: 3fb8fbdb7b9243c8d4299b2ae29bfcde.exe exception.exception_code: 0xc0000005 exception.offset: 34574834 exception.address: 0x24f91f2	success
1620734521.031125 __exception__	stacktrace: registers.esp: 1637764 registers.edi: 38528987 registers.eax: 4294823140 registers.ebp: 38769134 registers.edx: 192 registers.ebx: 4256605665 registers.esi: 1638000 registers.ecx: 49152 exception.instruction_r: 8b 11 f5 e9 7c 28 fc ff 8d bf ff ff ff ff 66 ff exception.symbol: 3fb8fbdb7b9243c8d4299b2ae29bfcde+0x20f91f2 exception.instruction: mov edx, dword ptr [ecx] exception.module: 3fb8fbdb7b9243c8d4299b2ae29bfcde.exe exception.exception_code: 0xc0000005 exception.offset: 34574834 exception.address: 0x24f91f2	success
1620734521.031125 __exception__	stacktrace: registers.esp: 1637764 registers.edi: 38528987 registers.eax: 4294823140 registers.ebp: 38769134 registers.edx: 208 registers.ebx: 4256605665 registers.esi: 1638000 registers.ecx: 53248 exception.instruction_r: 8b 11 f5 e9 7c 28 fc ff 8d bf ff ff ff ff 66 ff exception.symbol: 3fb8fbdb7b9243c8d4299b2ae29bfcde+0x20f91f2 exception.instruction: mov edx, dword ptr [ecx] exception.module: 3fb8fbdb7b9243c8d4299b2ae29bfcde.exe exception.exception_code: 0xc0000005 exception.offset: 34574834 exception.address: 0x24f91f2	success
1620734521.031125 __exception__	stacktrace: registers.esp: 1637764 registers.edi: 38528987 registers.eax: 4294823140 registers.ebp: 38769134 registers.edx: 224 registers.ebx: 4256605665 registers.esi: 1638000 registers.ecx: 57344 exception.instruction_r: 8b 11 f5 e9 7c 28 fc ff 8d bf ff ff ff ff 66 ff exception.symbol: 3fb8fbdb7b9243c8d4299b2ae29bfcde+0x20f91f2 exception.instruction: mov edx, dword ptr [ecx] exception.module: 3fb8fbdb7b9243c8d4299b2ae29bfcde.exe exception.exception_code: 0xc0000005 exception.offset: 34574834 exception.address: 0x24f91f2	success
1620734521.031125 __exception__	stacktrace: registers.esp: 1637764 registers.edi: 38528987 registers.eax: 4294823140 registers.ebp: 38769134 registers.edx: 240 registers.ebx: 4256605665 registers.esi: 1638000 registers.ecx: 61440 exception.instruction_r: 8b 11 f5 e9 7c 28 fc ff 8d bf ff ff ff ff 66 ff exception.symbol: 3fb8fbdb7b9243c8d4299b2ae29bfcde+0x20f91f2 exception.instruction: mov edx, dword ptr [ecx] exception.module: 3fb8fbdb7b9243c8d4299b2ae29bfcde.exe exception.exception_code: 0xc0000005 exception.offset: 34574834 exception.address: 0x24f91f2	success
1620734521.031125 __exception__	stacktrace: registers.esp: 1637764 registers.edi: 38528987 registers.eax: 4294823140 registers.ebp: 38769134 registers.edx: 131088 registers.ebx: 4256605665 registers.esi: 1638000 registers.ecx: 135168 exception.instruction_r: 8b 11 f5 e9 7c 28 fc ff 8d bf ff ff ff ff 66 ff exception.symbol: 3fb8fbdb7b9243c8d4299b2ae29bfcde+0x20f91f2 exception.instruction: mov edx, dword ptr [ecx] exception.module: 3fb8fbdb7b9243c8d4299b2ae29bfcde.exe exception.exception_code: 0xc0000005 exception.offset: 34574834 exception.address: 0x24f91f2	success
1620734521.031125 __exception__	stacktrace: registers.esp: 1637764 registers.edi: 38528987 registers.eax: 4294823140 registers.ebp: 38769134 registers.edx: 131104 registers.ebx: 4256605665 registers.esi: 1638000 registers.ecx: 139264 exception.instruction_r: 8b 11 f5 e9 7c 28 fc ff 8d bf ff ff ff ff 66 ff exception.symbol: 3fb8fbdb7b9243c8d4299b2ae29bfcde+0x20f91f2 exception.instruction: mov edx, dword ptr [ecx] exception.module: 3fb8fbdb7b9243c8d4299b2ae29bfcde.exe exception.exception_code: 0xc0000005 exception.offset: 34574834 exception.address: 0x24f91f2	success
1620734521.031125 __exception__	stacktrace: registers.esp: 1637764 registers.edi: 38528987 registers.eax: 4294823140 registers.ebp: 38769134 registers.edx: 131120 registers.ebx: 4256605665 registers.esi: 1638000 registers.ecx: 143360 exception.instruction_r: 8b 11 f5 e9 7c 28 fc ff 8d bf ff ff ff ff 66 ff exception.symbol: 3fb8fbdb7b9243c8d4299b2ae29bfcde+0x20f91f2 exception.instruction: mov edx, dword ptr [ecx] exception.module: 3fb8fbdb7b9243c8d4299b2ae29bfcde.exe exception.exception_code: 0xc0000005 exception.offset: 34574834 exception.address: 0x24f91f2	success
1620734521.031125 __exception__	stacktrace: registers.esp: 1637764 registers.edi: 38528987 registers.eax: 4294823140 registers.ebp: 38769134 registers.edx: 131136 registers.ebx: 4256605665 registers.esi: 1638000 registers.ecx: 147456 exception.instruction_r: 8b 11 f5 e9 7c 28 fc ff 8d bf ff ff ff ff 66 ff exception.symbol: 3fb8fbdb7b9243c8d4299b2ae29bfcde+0x20f91f2 exception.instruction: mov edx, dword ptr [ecx] exception.module: 3fb8fbdb7b9243c8d4299b2ae29bfcde.exe exception.exception_code: 0xc0000005 exception.offset: 34574834 exception.address: 0x24f91f2	success
1620734521.031125 __exception__	stacktrace: registers.esp: 1637764 registers.edi: 38528987 registers.eax: 4294823140 registers.ebp: 38769134 registers.edx: 131152 registers.ebx: 4256605665 registers.esi: 1638000 registers.ecx: 151552 exception.instruction_r: 8b 11 f5 e9 7c 28 fc ff 8d bf ff ff ff ff 66 ff exception.symbol: 3fb8fbdb7b9243c8d4299b2ae29bfcde+0x20f91f2 exception.instruction: mov edx, dword ptr [ecx] exception.module: 3fb8fbdb7b9243c8d4299b2ae29bfcde.exe exception.exception_code: 0xc0000005 exception.offset: 34574834 exception.address: 0x24f91f2	success
1620734521.031125 __exception__	stacktrace: registers.esp: 1637764 registers.edi: 38528987 registers.eax: 4294823140 registers.ebp: 38769134 registers.edx: 131168 registers.ebx: 4256605665 registers.esi: 1638000 registers.ecx: 155648 exception.instruction_r: 8b 11 f5 e9 7c 28 fc ff 8d bf ff ff ff ff 66 ff exception.symbol: 3fb8fbdb7b9243c8d4299b2ae29bfcde+0x20f91f2 exception.instruction: mov edx, dword ptr [ecx] exception.module: 3fb8fbdb7b9243c8d4299b2ae29bfcde.exe exception.exception_code: 0xc0000005 exception.offset: 34574834 exception.address: 0x24f91f2	success
1620734521.031125 __exception__	stacktrace: registers.esp: 1637764 registers.edi: 38528987 registers.eax: 4294823140 registers.ebp: 38769134 registers.edx: 131184 registers.ebx: 4256605665 registers.esi: 1638000 registers.ecx: 159744 exception.instruction_r: 8b 11 f5 e9 7c 28 fc ff 8d bf ff ff ff ff 66 ff exception.symbol: 3fb8fbdb7b9243c8d4299b2ae29bfcde+0x20f91f2 exception.instruction: mov edx, dword ptr [ecx] exception.module: 3fb8fbdb7b9243c8d4299b2ae29bfcde.exe exception.exception_code: 0xc0000005 exception.offset: 34574834 exception.address: 0x24f91f2	success
1620734521.031125 __exception__	stacktrace: registers.esp: 1637764 registers.edi: 38528987 registers.eax: 4294823140 registers.ebp: 38769134 registers.edx: 131200 registers.ebx: 4256605665 registers.esi: 1638000 registers.ecx: 163840 exception.instruction_r: 8b 11 f5 e9 7c 28 fc ff 8d bf ff ff ff ff 66 ff exception.symbol: 3fb8fbdb7b9243c8d4299b2ae29bfcde+0x20f91f2 exception.instruction: mov edx, dword ptr [ecx] exception.module: 3fb8fbdb7b9243c8d4299b2ae29bfcde.exe exception.exception_code: 0xc0000005 exception.offset: 34574834 exception.address: 0x24f91f2	success
1620734521.031125 __exception__	stacktrace: registers.esp: 1637764 registers.edi: 38528987 registers.eax: 4294823140 registers.ebp: 38769134 registers.edx: 131216 registers.ebx: 4256605665 registers.esi: 1638000 registers.ecx: 167936 exception.instruction_r: 8b 11 f5 e9 7c 28 fc ff 8d bf ff ff ff ff 66 ff exception.symbol: 3fb8fbdb7b9243c8d4299b2ae29bfcde+0x20f91f2 exception.instruction: mov edx, dword ptr [ecx] exception.module: 3fb8fbdb7b9243c8d4299b2ae29bfcde.exe exception.exception_code: 0xc0000005 exception.offset: 34574834 exception.address: 0x24f91f2	success
1620734521.031125 __exception__	stacktrace: registers.esp: 1637764 registers.edi: 38528987 registers.eax: 4294823140 registers.ebp: 38769134 registers.edx: 131232 registers.ebx: 4256605665 registers.esi: 1638000 registers.ecx: 172032 exception.instruction_r: 8b 11 f5 e9 7c 28 fc ff 8d bf ff ff ff ff 66 ff exception.symbol: 3fb8fbdb7b9243c8d4299b2ae29bfcde+0x20f91f2 exception.instruction: mov edx, dword ptr [ecx] exception.module: 3fb8fbdb7b9243c8d4299b2ae29bfcde.exe exception.exception_code: 0xc0000005 exception.offset: 34574834 exception.address: 0x24f91f2	success
1620734521.031125 __exception__	stacktrace: registers.esp: 1637764 registers.edi: 38528987 registers.eax: 4294823140 registers.ebp: 38769134 registers.edx: 131248 registers.ebx: 4256605665 registers.esi: 1638000 registers.ecx: 176128 exception.instruction_r: 8b 11 f5 e9 7c 28 fc ff 8d bf ff ff ff ff 66 ff exception.symbol: 3fb8fbdb7b9243c8d4299b2ae29bfcde+0x20f91f2 exception.instruction: mov edx, dword ptr [ecx] exception.module: 3fb8fbdb7b9243c8d4299b2ae29bfcde.exe exception.exception_code: 0xc0000005 exception.offset: 34574834 exception.address: 0x24f91f2	success
1620734521.031125 __exception__	stacktrace: registers.esp: 1637764 registers.edi: 38528987 registers.eax: 4294823140 registers.ebp: 38769134 registers.edx: 131264 registers.ebx: 4256605665 registers.esi: 1638000 registers.ecx: 180224 exception.instruction_r: 8b 11 f5 e9 7c 28 fc ff 8d bf ff ff ff ff 66 ff exception.symbol: 3fb8fbdb7b9243c8d4299b2ae29bfcde+0x20f91f2 exception.instruction: mov edx, dword ptr [ecx] exception.module: 3fb8fbdb7b9243c8d4299b2ae29bfcde.exe exception.exception_code: 0xc0000005 exception.offset: 34574834 exception.address: 0x24f91f2	success
1620734521.031125 __exception__	stacktrace: registers.esp: 1637764 registers.edi: 38528987 registers.eax: 4294823140 registers.ebp: 38769134 registers.edx: 131280 registers.ebx: 4256605665 registers.esi: 1638000 registers.ecx: 184320 exception.instruction_r: 8b 11 f5 e9 7c 28 fc ff 8d bf ff ff ff ff 66 ff exception.symbol: 3fb8fbdb7b9243c8d4299b2ae29bfcde+0x20f91f2 exception.instruction: mov edx, dword ptr [ecx] exception.module: 3fb8fbdb7b9243c8d4299b2ae29bfcde.exe exception.exception_code: 0xc0000005 exception.offset: 34574834 exception.address: 0x24f91f2	success
1620734521.031125 __exception__	stacktrace: registers.esp: 1637764 registers.edi: 38528987 registers.eax: 4294823140 registers.ebp: 38769134 registers.edx: 131296 registers.ebx: 4256605665 registers.esi: 1638000 registers.ecx: 188416 exception.instruction_r: 8b 11 f5 e9 7c 28 fc ff 8d bf ff ff ff ff 66 ff exception.symbol: 3fb8fbdb7b9243c8d4299b2ae29bfcde+0x20f91f2 exception.instruction: mov edx, dword ptr [ecx] exception.module: 3fb8fbdb7b9243c8d4299b2ae29bfcde.exe exception.exception_code: 0xc0000005 exception.offset: 34574834 exception.address: 0x24f91f2	success
1620734521.031125 __exception__	stacktrace: registers.esp: 1637764 registers.edi: 38528987 registers.eax: 4294823140 registers.ebp: 38769134 registers.edx: 131312 registers.ebx: 4256605665 registers.esi: 1638000 registers.ecx: 192512 exception.instruction_r: 8b 11 f5 e9 7c 28 fc ff 8d bf ff ff ff ff 66 ff exception.symbol: 3fb8fbdb7b9243c8d4299b2ae29bfcde+0x20f91f2 exception.instruction: mov edx, dword ptr [ecx] exception.module: 3fb8fbdb7b9243c8d4299b2ae29bfcde.exe exception.exception_code: 0xc0000005 exception.offset: 34574834 exception.address: 0x24f91f2	success
1620734521.031125 __exception__	stacktrace: registers.esp: 1637764 registers.edi: 38528987 registers.eax: 4294823140 registers.ebp: 38769134 registers.edx: 196624 registers.ebx: 4256605665 registers.esi: 1638000 registers.ecx: 200704 exception.instruction_r: 8b 11 f5 e9 7c 28 fc ff 8d bf ff ff ff ff 66 ff exception.symbol: 3fb8fbdb7b9243c8d4299b2ae29bfcde+0x20f91f2 exception.instruction: mov edx, dword ptr [ecx] exception.module: 3fb8fbdb7b9243c8d4299b2ae29bfcde.exe exception.exception_code: 0xc0000005 exception.offset: 34574834 exception.address: 0x24f91f2	success
1620734521.031125 __exception__	stacktrace: registers.esp: 1637764 registers.edi: 38528987 registers.eax: 4294823140 registers.ebp: 38769134 registers.edx: 196640 registers.ebx: 4256605665 registers.esi: 1638000 registers.ecx: 204800 exception.instruction_r: 8b 11 f5 e9 7c 28 fc ff 8d bf ff ff ff ff 66 ff exception.symbol: 3fb8fbdb7b9243c8d4299b2ae29bfcde+0x20f91f2 exception.instruction: mov edx, dword ptr [ecx] exception.module: 3fb8fbdb7b9243c8d4299b2ae29bfcde.exe exception.exception_code: 0xc0000005 exception.offset: 34574834 exception.address: 0x24f91f2	success
1620734521.031125 __exception__	stacktrace: registers.esp: 1637764 registers.edi: 38528987 registers.eax: 4294823140 registers.ebp: 38769134 registers.edx: 196656 registers.ebx: 4256605665 registers.esi: 1638000 registers.ecx: 208896 exception.instruction_r: 8b 11 f5 e9 7c 28 fc ff 8d bf ff ff ff ff 66 ff exception.symbol: 3fb8fbdb7b9243c8d4299b2ae29bfcde+0x20f91f2 exception.instruction: mov edx, dword ptr [ecx] exception.module: 3fb8fbdb7b9243c8d4299b2ae29bfcde.exe exception.exception_code: 0xc0000005 exception.offset: 34574834 exception.address: 0x24f91f2	success
1620734521.031125 __exception__	stacktrace: registers.esp: 1637764 registers.edi: 38528987 registers.eax: 4294823140 registers.ebp: 38769134 registers.edx: 196672 registers.ebx: 4256605665 registers.esi: 1638000 registers.ecx: 212992 exception.instruction_r: 8b 11 f5 e9 7c 28 fc ff 8d bf ff ff ff ff 66 ff exception.symbol: 3fb8fbdb7b9243c8d4299b2ae29bfcde+0x20f91f2 exception.instruction: mov edx, dword ptr [ecx] exception.module: 3fb8fbdb7b9243c8d4299b2ae29bfcde.exe exception.exception_code: 0xc0000005 exception.offset: 34574834 exception.address: 0x24f91f2	success

Foreign language identified in PE resource (10 个事件)

name

RT_ICON

language

LANG_UKRAINIAN

offset

0x02185bfc

filetype

GLS_BINARY_LSB_FIRST

sublanguage

SUBLANG_DEFAULT

size

0x00000468

name

RT_ICON

language

LANG_UKRAINIAN

offset

0x02185bfc

filetype

GLS_BINARY_LSB_FIRST

sublanguage

SUBLANG_DEFAULT

size

0x00000468

name

RT_ICON

language

LANG_UKRAINIAN

offset

0x02185bfc

filetype

GLS_BINARY_LSB_FIRST

sublanguage

SUBLANG_DEFAULT

size

0x00000468

name

RT_ICON

language

LANG_UKRAINIAN

offset

0x02185bfc

filetype

GLS_BINARY_LSB_FIRST

sublanguage

SUBLANG_DEFAULT

size

0x00000468

name

RT_ICON

language

LANG_UKRAINIAN

offset

0x02185bfc

filetype

GLS_BINARY_LSB_FIRST

sublanguage

SUBLANG_DEFAULT

size

0x00000468

name

RT_ICON

language

LANG_UKRAINIAN

offset

0x02185bfc

filetype

GLS_BINARY_LSB_FIRST

sublanguage

SUBLANG_DEFAULT

size

0x00000468

name

RT_ICON

language

LANG_UKRAINIAN

offset

0x02185bfc

filetype

GLS_BINARY_LSB_FIRST

sublanguage

SUBLANG_DEFAULT

size

0x00000468

name

RT_ICON

language

LANG_UKRAINIAN

offset

0x02185bfc

filetype

GLS_BINARY_LSB_FIRST

sublanguage

SUBLANG_DEFAULT

size

0x00000468

name

RT_ICON

language

LANG_UKRAINIAN

offset

0x02185bfc

filetype

GLS_BINARY_LSB_FIRST

sublanguage

SUBLANG_DEFAULT

size

0x00000468

name

RT_GROUP_ICON

language

LANG_UKRAINIAN

offset

0x021f6678

filetype

data

sublanguage

SUBLANG_DEFAULT

size

0x00000084

The binary likely contains encrypted or compressed data indicative of a packer (3 个事件)

entropy

7.962868640572037

section

{'size_of_data': '0x002b6e00', 'virtual_address': '0x00001000', 'entropy': 7.962868640572037, 'name': '.text\\x00\\x00\\x05', 'virtual_size': '0x002b6db2'}

description

A section with a high entropy has been found

entropy

7.0093505641914176

section

{'size_of_data': '0x000a1600', 'virtual_address': '0x0209d000', 'entropy': 7.0093505641914176, 'name': '.icon0', 'virtual_size': '0x000a15c0'}

description

A section with a high entropy has been found

entropy

0.820752456266475

description

Overall entropy of this PE file is high

Communicates with host for which no DNS query was performed (1 个事件)

host

172.217.24.14

Tries to unhook Windows functions monitored by Cuckoo (1 个事件)

Time & API	Arguments	Status	Return	Repeated
1620734546.421125 __anomaly__	subcategory: exception tid: 2988 message: Encountered 65537 exceptions, quitting. function_name:	success	0	0

File has been identified by 54 AntiVirus engines on VirusTotal as malicious (50 out of 54 个事件)

Elastic	malicious (high confidence)
ClamAV	Win.Packed.Razy-9783889-0
FireEye	Generic.mg.3fb8fbdb7b9243c8
CAT-QuickHeal	Trojan.Multi
Qihoo-360	Win32/Trojan.546
McAfee	GenericRXAA-FA!3FB8FBDB7B92
Cylance	Unsafe
Sangfor	Malware
K7AntiVirus	Trojan ( 0056252b1 )
BitDefender	Trojan.Agent.EVOS
K7GW	Trojan ( 0056252b1 )
Cybereason	malicious.b7b924
Cyren	W32/Trojan.PFKD-1790
Symantec	ML.Attribute.HighConfidence
APEX	Malicious
Avast	Win32:AdwareX-gen [Adw]
Cynet	Malicious (score: 100)
Kaspersky	Trojan.Win32.Ekstak.aexis
Alibaba	Trojan:Win32/Ekstak.df975070
NANO-Antivirus	Trojan.Win32.Ekstak.htlnso
AegisLab	Trojan.Win32.Ekstak.4!c
MicroWorld-eScan	Trojan.Agent.EVOS
Rising	Trojan.Kryptik!1.AA23 (CLASSIC)
Ad-Aware	Trojan.Agent.EVOS
Sophos	Mal/Generic-R + Troj/Agent-BEQV
F-Secure	Trojan.TR/Crypt.Agent.bdqdf
DrWeb	Trojan.DownLoader34.28658
VIPRE	Trojan.Win32.Generic!BT
McAfee-GW-Edition	BehavesLike.Win32.Generic.rc
Emsisoft	Trojan.Agent.EVOS (B)
SentinelOne	Static AI - Malicious PE
GData	Trojan.Agent.EVOS
Jiangmin	Trojan.Ekstak.bjyo
Webroot	W32.Malware.Gen
Avira	TR/Crypt.Agent.bdqdf
Kingsoft	Win32.Troj.Undef.(kcloud)
Gridinsoft	Trojan.Win32.Kryptik.vb
Arcabit	Trojan.Agent.EVOS
ZoneAlarm	Trojan.Win32.Ekstak.aexis
Microsoft	Trojan:Win32/Dynamer!rfn
ALYac	Trojan.Agent.EVOS
MAX	malware (ai score=86)
VBA32	BScope.Trojan.Wacatac
Malwarebytes	Trojan.MalPack
Panda	Trj/CI.A
ESET-NOD32	a variant of Win32/Kryptik.HASW
Tencent	Win32.Trojan.Ekstak.Lose
Yandex	Trojan.Kryptik!v6f0JJ0neYk
TACHYON	Trojan/W32.Ekstak.4274176
Fortinet	W32/Kryptik.HASW!tr

暂无二进制图像该样本未生成二进制可视化图像

暂无运行截图该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手，可以帮您分析和解读恶意软件报告。请随时向我提问！

🔍 主要威胁分析

⚡ 行为特征

🛡️ 防护建议

🔧 技术手段

🎯 检测方法

🤖

Static Analysis
Strings

PE Compile Time

2020-08-26 11:31:23

Imports

Library MSVCRT.dll:

• 0x6b82cc _exit

• 0x6b82d0 _XcptFilter

• 0x6b82d4 exit

• 0x6b82d8 _acmdln

• 0x6b82dc __getmainargs

• 0x6b82e0 _initterm

• 0x6b82e4 __setusermatherr

• 0x6b82e8 _adjust_fdiv

• 0x6b82ec __p__commode

• 0x6b82f0 __p__fmode

• 0x6b82f4 __set_app_type

• 0x6b82f8 _controlfp

• 0x6b82fc _except_handler3

Library KERNEL32.dll:

• 0x6b804c LoadLibraryA

• 0x6b8050 GetVersion

• 0x6b8054 QueryPerformanceCounter

• 0x6b8058 GetTickCount

• 0x6b805c GetCurrentThreadId

• 0x6b8060 GetCurrentProcessId

• 0x6b8064 GetSystemTimeAsFileTime

• 0x6b8068 ExitProcess

• 0x6b806c VirtualProtectEx

• 0x6b8070 GetLastError

• 0x6b8074 CreateMutexA

• 0x6b8078 ContinueDebugEvent

• 0x6b807c ResumeThread

• 0x6b8080 OutputDebugStringA

• 0x6b8084 OutputDebugStringW

• 0x6b8088 SetThreadContext

• 0x6b808c GetThreadContext

• 0x6b8090 WaitForDebugEvent

• 0x6b8094 WriteProcessMemory

• 0x6b8098 UnmapViewOfFile

• 0x6b809c InitializeCriticalSection

• 0x6b80a0 FreeConsole

• 0x6b80a4 CreateThread

• 0x6b80a8 SuspendThread

• 0x6b80ac DebugActiveProcess

• 0x6b80b0 SetEnvironmentVariableA

• 0x6b80b4 MapViewOfFile

• 0x6b80b8 DuplicateHandle

• 0x6b80bc CreateFileMappingA

• 0x6b80c0 GetVersionExA

• 0x6b80c4 GetProcAddress

• 0x6b80c8 GetEnvironmentVariableA

• 0x6b80cc VirtualAlloc

• 0x6b80d0 SetLastError

• 0x6b80d4 ReleaseMutex

• 0x6b80d8 WaitForSingleObject

• 0x6b80dc OpenMutexA

• 0x6b80e0 SetErrorMode

• 0x6b80e4 GetShortPathNameA

• 0x6b80e8 GetModuleFileNameA

• 0x6b80ec GetShortPathNameW

• 0x6b80f0 GetModuleFileNameW

• 0x6b80f4 GlobalUnlock

• 0x6b80f8 GlobalLock

• 0x6b80fc GlobalAlloc

• 0x6b8100 WideCharToMultiByte

• 0x6b8104 IsBadReadPtr

• 0x6b8108 GlobalAddAtomA

• 0x6b810c GlobalAddAtomW

• 0x6b8110 GlobalFree

• 0x6b8114 GlobalGetAtomNameA

• 0x6b8118 GlobalDeleteAtom

• 0x6b811c GlobalGetAtomNameW

• 0x6b8120 GetLocalTime

• 0x6b8124 MultiByteToWideChar

• 0x6b8128 SearchPathA

• 0x6b812c GetTempPathA

• 0x6b8130 GetTempPathW

• 0x6b8134 GetTempFileNameA

• 0x6b8138 GetTempFileNameW

• 0x6b813c GetWindowsDirectoryA

• 0x6b8140 CreateFileA

• 0x6b8144 GetPrivateProfileStringA

• 0x6b8148 WritePrivateProfileStringA

• 0x6b814c EnterCriticalSection

• 0x6b8150 MoveFileA

• 0x6b8154 CreateProcessA

• 0x6b8158 GetStartupInfoA

• 0x6b815c GetCommandLineA

• 0x6b8160 ReadFile

• 0x6b8164 GetFileSize

• 0x6b8168 GetProcessHeap

• 0x6b816c FlushFileBuffers

• 0x6b8170 WriteConsoleW

• 0x6b8174 SetStdHandle

• 0x6b8178 GetConsoleMode

• 0x6b817c GetConsoleCP

• 0x6b8180 SetFilePointer

• 0x6b8184 HeapReAlloc

• 0x6b8188 GetStringTypeW

• 0x6b818c IsValidLocale

• 0x6b8190 EnumSystemLocalesA

• 0x6b8194 GetLocaleInfoA

• 0x6b8198 GetUserDefaultLCID

• 0x6b819c GetTimeZoneInformation

• 0x6b81a0 LoadLibraryW

• 0x6b81a4 SetConsoleCtrlHandler

• 0x6b81a8 FatalAppExitA

• 0x6b81ac IsValidCodePage

• 0x6b81b0 GetOEMCP

• 0x6b81b4 GetACP

• 0x6b81b8 HeapDestroy

• 0x6b81bc HeapCreate

• 0x6b81c0 GetFileType

• 0x6b81c4 SetHandleCount

• 0x6b81c8 GetEnvironmentStringsW

• 0x6b81cc FreeEnvironmentStringsW

• 0x6b81d0 HeapSize

• 0x6b81d4 GetLocaleInfoW

• 0x6b81d8 GetStdHandle

• 0x6b81dc WriteFile

• 0x6b81e0 IsProcessorFeaturePresent

• 0x6b81e4 SetUnhandledExceptionFilter

• 0x6b81e8 CompareStringW

• 0x6b81ec TerminateProcess

• 0x6b81f0 TlsFree

• 0x6b81f4 TlsSetValue

• 0x6b81f8 TlsGetValue

• 0x6b81fc TlsAlloc

• 0x6b8200 GetCPInfo

• 0x6b8204 LCMapStringW

• 0x6b8208 HeapAlloc

• 0x6b820c GetDateFormatA

• 0x6b8210 GetTimeFormatA

• 0x6b8214 GetModuleHandleW

• 0x6b8218 HeapFree

• 0x6b821c GetStartupInfoW

• 0x6b8220 ReadProcessMemory

• 0x6b8224 LeaveCriticalSection

• 0x6b8228 GetExitCodeProcess

• 0x6b822c SetThreadPriority

• 0x6b8230 Sleep

• 0x6b8234 VirtualQueryEx

• 0x6b8238 CreateEventA

• 0x6b823c SetEvent

• 0x6b8240 CloseHandle

• 0x6b8244 GetModuleHandleA

• 0x6b8248 DeleteFileA

• 0x6b824c GetCommandLineW

• 0x6b8250 RaiseException

• 0x6b8254 InterlockedIncrement

• 0x6b8258 InterlockedDecrement

• 0x6b825c InterlockedCompareExchange

• 0x6b8260 InterlockedExchange

• 0x6b8264 DeleteCriticalSection

• 0x6b8268 SetEndOfFile

• 0x6b826c CreateFileW

• 0x6b8270 FindClose

• 0x6b8274 RemoveDirectoryW

• 0x6b8278 DeleteFileW

• 0x6b827c DeviceIoControl

• 0x6b8280 GetFullPathNameW

• 0x6b8284 FindFirstFileW

• 0x6b8288 FindNextFileW

• 0x6b828c GetFileAttributesW

• 0x6b8290 CreateDirectoryExW

• 0x6b8294 CopyFileW

• 0x6b8298 GetCurrentDirectoryW

• 0x6b829c SetCurrentDirectoryW

• 0x6b82a0 GetFileInformationByHandle

• 0x6b82a4 GetFileAttributesExW

• 0x6b82a8 GetFileTime

• 0x6b82ac SetFileTime

• 0x6b82b0 MoveFileExW

• 0x6b82b4 GetDiskFreeSpaceExW

• 0x6b82b8 CreateDirectoryW

• 0x6b82bc AreFileApisANSI

• 0x6b82c0 LocalFree

• 0x6b82c4 FormatMessageA

Library USER32.dll:

• 0x6b8304 ShowWindow

• 0x6b8308 InSendMessage

• 0x6b830c DefWindowProcW

• 0x6b8310 DefWindowProcA

• 0x6b8314 LoadCursorA

• 0x6b8318 RegisterClassW

• 0x6b831c CreateWindowExW

• 0x6b8320 RegisterClassA

• 0x6b8324 CreateWindowExA

• 0x6b8328 GetWindowThreadProcessId

• 0x6b832c SendMessageW

• 0x6b8330 PeekMessageA

• 0x6b8334 EnumWindows

• 0x6b8338 IsWindowUnicode

• 0x6b833c PostMessageW

• 0x6b8340 PostMessageA

• 0x6b8344 LoadStringA

• 0x6b8348 CreateDialogIndirectParamA

• 0x6b834c FindWindowA

• 0x6b8350 DestroyWindow

• 0x6b8354 GetDesktopWindow

• 0x6b8358 GetSystemMetrics

• 0x6b835c MoveWindow

• 0x6b8360 SendMessageA

• 0x6b8364 SetPropA

• 0x6b8368 EnumThreadWindows

• 0x6b836c GetPropA

• 0x6b8370 WaitForInputIdle

• 0x6b8374 SetTimer

• 0x6b8378 GetMessageA

• 0x6b837c TranslateMessage

• 0x6b8380 DispatchMessageA

• 0x6b8384 MessageBoxA

• 0x6b8388 UpdateWindow

• 0x6b838c GetDlgItem

• 0x6b8390 SetWindowTextA

• 0x6b8394 GetWindowTextA

• 0x6b8398 GetWindowTextLengthA

• 0x6b839c DialogBoxParamA

• 0x6b83a0 RegisterClassExA

• 0x6b83a4 CreateDialogParamA

• 0x6b83a8 DrawTextA

• 0x6b83ac DefDlgProcA

• 0x6b83b0 GetAsyncKeyState

• 0x6b83b4 KillTimer

• 0x6b83b8 EndPaint

• 0x6b83bc BeginPaint

• 0x6b83c0 GetClientRect

• 0x6b83c4 LoadStringW

• 0x6b83c8 IsZoomed

Library GDI32.dll:

• 0x6b8014 Rectangle

• 0x6b8018 CreateCompatibleDC

• 0x6b801c DeleteDC

• 0x6b8020 CreateDIBitmap

• 0x6b8024 RealizePalette

• 0x6b8028 SelectPalette

• 0x6b802c CreateDCA

• 0x6b8030 CreatePalette

• 0x6b8034 DeleteObject

• 0x6b8038 BitBlt

• 0x6b803c SelectObject

• 0x6b8040 LineTo

• 0x6b8044 Ellipse

Library comdlg32.dll:

• 0x6b83dc GetOpenFileNameA

• 0x6b83e0 GetSaveFileNameA

Library ADVAPI32.dll:

• 0x6b8000 RegOpenKeyExW

• 0x6b8004 RegOpenKeyExA

• 0x6b8008 RegQueryValueExA

• 0x6b800c RegCloseKey

Hosts

No hosts contacted.

DNS

Name	Response	Post-Analysis Lookup
time.windows.com	A 20.189.79.72 CNAME time.microsoft.akadns.net
dns.msftncsi.com	AAAA fd3e:4f5a:5b81::1	131.107.255.255
dns.msftncsi.com	A 131.107.255.255	131.107.255.255
teredo.ipv6.microsoft.com

TCP

No TCP connections recorded.

UDP

Source	Source Port	Destination	Destination Port
192.168.56.101	53237	114.114.114.114	53
192.168.56.101	57756	114.114.114.114	53
192.168.56.101	58367	114.114.114.114	53
192.168.56.101	62318	114.114.114.114	53
192.168.56.101	137	192.168.56.255	137
192.168.56.101	138	192.168.56.255	138
192.168.56.101	123	20.189.79.72 time.windows.com	123
192.168.56.101	49235	224.0.0.252	5355
192.168.56.101	50534	224.0.0.252	5355
192.168.56.101	51963	224.0.0.252	5355
192.168.56.101	53657	224.0.0.252	5355
192.168.56.101	56804	224.0.0.252	5355
192.168.56.101	57874	224.0.0.252	5355
192.168.56.101	62191	224.0.0.252	5355
192.168.56.101	63429	224.0.0.252	5355
192.168.56.101	1900	239.255.255.250	1900
192.168.56.101	50535	239.255.255.250	3702
192.168.56.101	58707	239.255.255.250	3702
192.168.56.101	62319	239.255.255.250	3702
192.168.56.101	62321	239.255.255.250	3702

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.

Sorry! No dropped buffers.