9.6
极危
该样本未表现出任何异常!
重新分析
更多

cfc77b02da49b09fb2bf91ffadad040d37799cdf89c28e5a1d7d7d1525205cba

3fc7309cfcf7640cd8d38c24af7e749b.exe

分析耗时

123s

最近分析

文件大小

432.1KB
静态报毒 动态报毒
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
未检测 暂无反病毒引擎检测结果
静态指标
Queries for the computername (1 个事件)
Time & API Arguments Status Return Repeated
1619399694.288
GetComputerNameA
computer_name: OSKAR-PC
success 1 0
Uses Windows APIs to generate a cryptographic key (5 个事件)
Time & API Arguments Status Return Repeated
1619399682.397
CryptGenKey
crypto_handle: 0x0037c590
algorithm_identifier: 0x0000660e ()
provider_handle: 0x0037b788
flags: 1
key: f;œ­võs™êjH¤}ìml
success 1 0
1619399694.303
CryptExportKey
crypto_handle: 0x0037c590
crypto_export_handle: 0x0037b850
buffer: f¤º-çÃïPØÍc ¯°.øØDãhŠ×}µºA÷û×Åqüñ`˜…!´¸¹$…¶ºW~6ºoOŠ>{ÌC‰™¼§„FôhyucÁÃ&6ÅÅÖÕ°mdg¬‡Òî´K
blob_type: 1
flags: 64
success 1 0
1619399722.616
CryptExportKey
crypto_handle: 0x0037c590
crypto_export_handle: 0x0037b850
buffer: f¤…£Çª¢O'ÌóÀ€±dÕ0™±R!áÓ¹Ø=ÀóîºÆÐʗױ"îà‹è¾Kö ê"yêJ!ÈT•_¶ÚŸmÆ?6Ëx2þÝ "Ó£ý›;¡økœÔ‹W ¸ˆ")hA0Ø
blob_type: 1
flags: 64
success 1 0
1619399730.538
CryptExportKey
crypto_handle: 0x0037c590
crypto_export_handle: 0x0037b850
buffer: f¤ž7²rH†¿)Øåà̦äKٔŸz‘:gÈù=(lÍÉ]à8577 ^&~ã\:íK6¯#¸7P•Éí:7ƒ‡zßîÃËc:ƒ‡yߺºòÊhj1:hýííd ÷žjh²
blob_type: 1
flags: 64
success 1 0
1619399754.444
CryptExportKey
crypto_handle: 0x0037c590
crypto_export_handle: 0x0037b850
buffer: f¤ v¢ÖÄpãnQ{ùIÕ·^ ˜ªS8ўþmŒÔ[Ê÷¹Ê¥Ñ Ú¶D®Ýl$'TF«v(ÊUæDìø¨\v·¹ÑL•êõAœ'³†)»Dx(@¢œÞ¶í$©F
blob_type: 1
flags: 64
success 1 0
The executable uses a known packer (1 个事件)
packer Armadillo v1.71
行为判定
动态指标
HTTP traffic contains suspicious features which may be indicative of malware related traffic (1 个事件)
suspicious_features POST method with no referer header suspicious_request POST https://update.googleapis.com/service/update2?cup2key=10:227239989&cup2hreq=3ff77fa67cfcac6fae50b5c11f3d156d5737a05720be3d07af17e36f179f8149
Performs some HTTP requests (4 个事件)
request HEAD http://redirector.gvt1.com/edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe
request HEAD http://r1---sn-j5o7dn7e.gvt1.com/edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe?cms_redirect=yes&mh=ms&mip=202.100.214.100&mm=28&mn=sn-j5o7dn7e&ms=nvh&mt=1619370495&mv=m&mvi=1&pl=23&shardbypass=yes
request HEAD http://r3---sn-j5o7dn7e.gvt1.com/edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe?mh=ms&mvi=3&pl=17&shardbypass=yes&redirect_counter=1&rm=sn-j5ok7e&req_id=4369ff64dcc6010a&cms_redirect=yes&ipbypass=yes&mip=59.50.85.19&mm=28&mn=sn-j5o7dn7e&ms=nvh&mt=1619370495&mv=m
request POST https://update.googleapis.com/service/update2?cup2key=10:227239989&cup2hreq=3ff77fa67cfcac6fae50b5c11f3d156d5737a05720be3d07af17e36f179f8149
Sends data using the HTTP POST Method (1 个事件)
request POST https://update.googleapis.com/service/update2?cup2key=10:227239989&cup2hreq=3ff77fa67cfcac6fae50b5c11f3d156d5737a05720be3d07af17e36f179f8149
Allocates read-write-execute memory (usually to unpack itself) (3 个事件)
Time & API Arguments Status Return Repeated
1619399675.6165
NtAllocateVirtualMemory
process_identifier: 2236
region_size: 36864
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00510000
success 0 0
1619399727.163125
NtAllocateVirtualMemory
process_identifier: 1424
region_size: 65536
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffffffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x0000000004020000
success 0 0
1619399682.116
NtAllocateVirtualMemory
process_identifier: 2260
region_size: 36864
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00580000
success 0 0
Checks whether any human activity is being performed by constantly checking whether the foreground window changed
Moves the original executable to a new location (1 个事件)
Time & API Arguments Status Return Repeated
1619399676.5065
MoveFileWithProgressW
oldfilepath: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\3fc7309cfcf7640cd8d38c24af7e749b.exe
newfilepath: C:\Windows\SysWOW64\filemgmt\comcat.exe
newfilepath_r: C:\Windows\SysWOW64\filemgmt\comcat.exe
flags: 3
oldfilepath_r: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\3fc7309cfcf7640cd8d38c24af7e749b.exe
success 1 0
Checks adapter addresses which can be used to detect virtual network interfaces (1 个事件)
Time & API Arguments Status Return Repeated
1619399695.022
GetAdaptersAddresses
flags: 0
family: 0
failed 111 0
The binary likely contains encrypted or compressed data indicative of a packer (2 个事件)
entropy 7.427959110276362 section {'size_of_data': '0x00033000', 'virtual_address': '0x0003d000', 'entropy': 7.427959110276362, 'name': '.rsrc', 'virtual_size': '0x00032230'} description A section with a high entropy has been found
entropy 0.4766355140186916 description Overall entropy of this PE file is high
Expresses interest in specific running processes (1 个事件)
process comcat.exe
Reads the systems User Agent and subsequently performs requests (1 个事件)
Time & API Arguments Status Return Repeated
1619399694.788
InternetOpenW
proxy_bypass:
access_type: 0
proxy_name:
flags: 0
user_agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
success 13369348 0
Uses Windows utilities for basic Windows functionality (1 个事件)
cmdline C:\Windows\SysWOW64\filemgmt\comcat.exe
网络通信
Communicates with host for which no DNS query was performed (6 个事件)
host 172.217.24.14
host 181.30.61.163
host 188.135.15.49
host 209.126.6.222
host 5.153.250.14
host 203.208.41.65
Installs itself for autorun at Windows startup (1 个事件)
service_name comcat service_path C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\"C:\Windows\SysWOW64\filemgmt\comcat.exe"
Created a service where a service was also not started (1 个事件)
Time & API Arguments Status Return Repeated
1619399680.4445
CreateServiceW
service_start_name:
start_type: 2
service_handle: 0x034ff498
display_name: comcat
error_control: 0
service_name: comcat
filepath: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\"C:\Windows\SysWOW64\filemgmt\comcat.exe"
filepath_r: "C:\Windows\SysWOW64\filemgmt\comcat.exe"
service_manager_handle: 0x034f5620
desired_access: 2
service_type: 16
password:
success 55571608 0
Sets or modifies WPAD proxy autoconfiguration file for traffic interception (8 个事件)
Time & API Arguments Status Return Repeated
1619399697.6
RegSetValueExA
key_handle: 0x000003c4
value: 1
regkey_r: WpadDecisionReason
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionReason
success 0 0
1619399697.6
RegSetValueExA
key_handle: 0x000003c4
value: ä­Ö:×
regkey_r: WpadDecisionTime
reg_type: 3 (REG_BINARY)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionTime
success 0 0
1619399697.6
RegSetValueExA
key_handle: 0x000003c4
value: 3
regkey_r: WpadDecision
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecision
success 0 0
1619399697.616
RegSetValueExW
key_handle: 0x000003c4
value: 网络 2
regkey_r: WpadNetworkName
reg_type: 1 (REG_SZ)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadNetworkName
success 0 0
1619399697.616
RegSetValueExA
key_handle: 0x000003dc
value: 1
regkey_r: WpadDecisionReason
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionReason
success 0 0
1619399697.616
RegSetValueExA
key_handle: 0x000003dc
value: ä­Ö:×
regkey_r: WpadDecisionTime
reg_type: 3 (REG_BINARY)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionTime
success 0 0
1619399697.616
RegSetValueExA
key_handle: 0x000003dc
value: 3
regkey_r: WpadDecision
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecision
success 0 0
1619399697.616
RegSetValueExW
key_handle: 0x000003c0
value: {40112ABE-63B3-43C3-BE93-1440EE3AF106}
regkey_r: WpadLastNetwork
reg_type: 1 (REG_SZ)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\WpadLastNetwork
success 0 0
Attempts to remove evidence of file being downloaded from the Internet (1 个事件)
file C:\Windows\SysWOW64\filemgmt\comcat.exe:Zone.Identifier
Connects to IP addresses that are no longer responding to requests (legitimate services will remain up-and-running usually) (5 个事件)
dead_host 172.217.160.110:443
dead_host 172.217.24.14:443
dead_host 5.153.250.14:8080
dead_host 181.30.61.163:443
dead_host 209.126.6.222:8080
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

2020-08-21 19:29:20

Imports

Library KERNEL32.dll:
0x42c178 GetStartupInfoA
0x42c17c GetCommandLineA
0x42c180 TerminateProcess
0x42c184 HeapFree
0x42c188 CreateThread
0x42c18c ExitThread
0x42c190 RaiseException
0x42c194 HeapReAlloc
0x42c198 HeapSize
0x42c19c GetACP
0x42c1a4 GetSystemTime
0x42c1a8 GetLocalTime
0x42c1ac LCMapStringA
0x42c1b0 LCMapStringW
0x42c1b4 FatalAppExitA
0x42c1b8 Sleep
0x42c1bc HeapDestroy
0x42c1c0 HeapCreate
0x42c1c4 VirtualFree
0x42c1c8 VirtualAlloc
0x42c1cc IsBadWritePtr
0x42c1dc HeapAlloc
0x42c1e4 SetHandleCount
0x42c1e8 GetStdHandle
0x42c1ec GetFileType
0x42c1f4 GetStringTypeA
0x42c1f8 GetStringTypeW
0x42c1fc IsBadReadPtr
0x42c200 IsBadCodePtr
0x42c204 IsValidLocale
0x42c208 IsValidCodePage
0x42c20c GetLocaleInfoA
0x42c210 EnumSystemLocalesA
0x42c214 GetUserDefaultLCID
0x42c218 GetVersionExA
0x42c220 SetStdHandle
0x42c224 GetLocaleInfoW
0x42c228 CompareStringA
0x42c22c CompareStringW
0x42c234 RtlUnwind
0x42c238 GetProfileStringA
0x42c23c InterlockedExchange
0x42c248 SetFileAttributesA
0x42c24c SetFileTime
0x42c258 GetFileTime
0x42c25c GetFileSize
0x42c260 GetFileAttributesA
0x42c264 GetShortPathNameA
0x42c268 GetThreadLocale
0x42c26c GetStringTypeExA
0x42c270 GetFullPathNameA
0x42c278 FindFirstFileA
0x42c27c FindClose
0x42c280 DeleteFileA
0x42c284 MoveFileA
0x42c288 SetEndOfFile
0x42c28c UnlockFile
0x42c290 LockFile
0x42c294 FlushFileBuffers
0x42c298 SetFilePointer
0x42c29c WriteFile
0x42c2a0 ReadFile
0x42c2a4 CreateFileA
0x42c2a8 GetCurrentProcess
0x42c2ac DuplicateHandle
0x42c2b0 SetErrorMode
0x42c2b4 FormatMessageA
0x42c2b8 GetOEMCP
0x42c2bc GetCPInfo
0x42c2c0 SizeofResource
0x42c2c4 GetProcessVersion
0x42c2c8 GetLastError
0x42c2dc GlobalFlags
0x42c2e0 TlsGetValue
0x42c2e4 LocalReAlloc
0x42c2e8 TlsSetValue
0x42c2f0 GlobalReAlloc
0x42c2f8 TlsFree
0x42c2fc GlobalHandle
0x42c304 TlsAlloc
0x42c30c LocalFree
0x42c310 LocalAlloc
0x42c314 lstrcpynA
0x42c318 MulDiv
0x42c31c ExitProcess
0x42c320 SetLastError
0x42c324 MultiByteToWideChar
0x42c328 WideCharToMultiByte
0x42c32c lstrlenA
0x42c338 LoadLibraryA
0x42c33c FreeLibrary
0x42c340 GetVersion
0x42c344 lstrcatA
0x42c348 GlobalGetAtomNameA
0x42c34c GlobalAddAtomA
0x42c350 GlobalFindAtomA
0x42c354 lstrcpyA
0x42c358 GetModuleHandleA
0x42c35c GetProcAddress
0x42c360 GlobalUnlock
0x42c364 GlobalFree
0x42c368 LockResource
0x42c36c FindResourceA
0x42c370 LoadResource
0x42c374 CreateEventA
0x42c378 SuspendThread
0x42c37c SetThreadPriority
0x42c380 ResumeThread
0x42c384 SetEvent
0x42c388 WaitForSingleObject
0x42c38c CloseHandle
0x42c390 GetModuleFileNameA
0x42c394 GlobalLock
0x42c398 GlobalAlloc
0x42c39c GlobalDeleteAtom
0x42c3a0 lstrcmpA
0x42c3a4 lstrcmpiA
0x42c3a8 GetCurrentThread
0x42c3ac GetCurrentThreadId
Library USER32.dll:
0x42c3c4 ScrollWindow
0x42c3c8 EndDeferWindowPos
0x42c3cc CopyRect
0x42c3d0 BeginDeferWindowPos
0x42c3d4 DeferWindowPos
0x42c3d8 ScreenToClient
0x42c3dc AdjustWindowRectEx
0x42c3e0 SetFocus
0x42c3e4 MapWindowPoints
0x42c3e8 SendDlgItemMessageA
0x42c3ec CheckDlgButton
0x42c3f0 CheckRadioButton
0x42c3f4 GetDlgItemInt
0x42c3f8 GetDlgItemTextA
0x42c3fc SetDlgItemInt
0x42c400 SetDlgItemTextA
0x42c404 IsDlgButtonChecked
0x42c408 ScrollWindowEx
0x42c40c IsDialogMessageA
0x42c410 SetWindowTextA
0x42c414 MoveWindow
0x42c418 wvsprintfA
0x42c41c CharToOemA
0x42c420 OemToCharA
0x42c424 LoadStringA
0x42c428 DestroyMenu
0x42c42c ClientToScreen
0x42c430 GetWindowDC
0x42c434 BeginPaint
0x42c438 EndPaint
0x42c43c TabbedTextOutA
0x42c440 DrawTextA
0x42c444 GrayStringA
0x42c448 InflateRect
0x42c44c GetClassNameA
0x42c450 GetDesktopWindow
0x42c454 InsertMenuA
0x42c458 DeleteMenu
0x42c45c GetMenuStringA
0x42c460 LoadCursorA
0x42c464 GetSysColorBrush
0x42c468 GetDialogBaseUnits
0x42c46c CharUpperA
0x42c470 GetScrollRange
0x42c474 SetScrollRange
0x42c478 GetScrollPos
0x42c47c SetScrollPos
0x42c480 GetTopWindow
0x42c484 IsChild
0x42c488 GetCapture
0x42c48c WinHelpA
0x42c490 wsprintfA
0x42c494 GetClassInfoA
0x42c498 RegisterClassA
0x42c49c GetMenu
0x42c4a0 GetMenuItemCount
0x42c4a4 GetMenuItemID
0x42c4a8 TrackPopupMenu
0x42c4ac SetWindowPlacement
0x42c4b4 GetWindowTextA
0x42c4b8 GetDlgCtrlID
0x42c4bc DefWindowProcA
0x42c4c0 CreateWindowExA
0x42c4c4 GetClassLongA
0x42c4c8 SetPropA
0x42c4cc UnhookWindowsHookEx
0x42c4d0 GetPropA
0x42c4d4 CallWindowProcA
0x42c4d8 GetScrollInfo
0x42c4dc GetMessageTime
0x42c4e0 GetMessagePos
0x42c4e4 GetForegroundWindow
0x42c4e8 SetForegroundWindow
0x42c4ec GetWindow
0x42c4f0 SetWindowLongA
0x42c4f4 SetWindowPos
0x42c4fc OffsetRect
0x42c500 IntersectRect
0x42c504 GetWindowPlacement
0x42c508 GetWindowRect
0x42c50c EndDialog
0x42c510 SetActiveWindow
0x42c514 IsWindow
0x42c51c DestroyWindow
0x42c520 GetDlgItem
0x42c528 GetMenuState
0x42c52c ModifyMenuA
0x42c530 SetMenuItemBitmaps
0x42c534 CheckMenuItem
0x42c538 EnableMenuItem
0x42c53c GetFocus
0x42c540 GetNextDlgTabItem
0x42c544 GetMessageA
0x42c548 TranslateMessage
0x42c54c DispatchMessageA
0x42c550 GetActiveWindow
0x42c554 GetKeyState
0x42c558 CallNextHookEx
0x42c55c ValidateRect
0x42c560 IsWindowVisible
0x42c564 PeekMessageA
0x42c568 GetCursorPos
0x42c56c SetWindowsHookExA
0x42c570 GetParent
0x42c574 GetLastActivePopup
0x42c578 IsWindowEnabled
0x42c57c GetWindowLongA
0x42c580 MessageBoxA
0x42c584 SetCursor
0x42c588 ShowOwnedPopups
0x42c58c PostMessageA
0x42c590 PostQuitMessage
0x42c594 LoadBitmapA
0x42c598 InvalidateRect
0x42c59c UpdateWindow
0x42c5a0 GetSysColor
0x42c5a4 EqualRect
0x42c5a8 IsRectEmpty
0x42c5ac GetDC
0x42c5b0 ReleaseDC
0x42c5b4 LoadIconA
0x42c5b8 UnregisterClassA
0x42c5bc HideCaret
0x42c5c0 ShowCaret
0x42c5c4 ExcludeUpdateRgn
0x42c5c8 DrawFocusRect
0x42c5cc DefDlgProcA
0x42c5d0 CharNextA
0x42c5d4 LoadImageA
0x42c5d8 EnableWindow
0x42c5dc LoadMenuA
0x42c5e0 PtInRect
0x42c5e4 GetSubMenu
0x42c5e8 IsIconic
0x42c5ec GetSystemMetrics
0x42c5f0 GetClientRect
0x42c5f4 DrawIcon
0x42c5f8 SetScrollInfo
0x42c5fc RemovePropA
0x42c600 ShowScrollBar
0x42c604 GetSystemMenu
0x42c608 AppendMenuA
0x42c60c SendMessageA
0x42c610 ShowWindow
0x42c614 IsWindowUnicode
Library GDI32.dll:
0x42c02c DeleteDC
0x42c030 StartDocA
0x42c034 SaveDC
0x42c038 RestoreDC
0x42c03c SelectObject
0x42c040 GetStockObject
0x42c044 SelectPalette
0x42c048 SetBkMode
0x42c04c SetPolyFillMode
0x42c050 SetROP2
0x42c054 SetStretchBltMode
0x42c058 SetMapMode
0x42c05c SetViewportOrgEx
0x42c060 OffsetViewportOrgEx
0x42c064 SetViewportExtEx
0x42c068 ScaleViewportExtEx
0x42c06c SetWindowOrgEx
0x42c070 OffsetWindowOrgEx
0x42c074 SetWindowExtEx
0x42c078 ScaleWindowExtEx
0x42c07c SelectClipRgn
0x42c080 ExcludeClipRect
0x42c084 IntersectClipRect
0x42c088 OffsetClipRgn
0x42c08c MoveToEx
0x42c090 LineTo
0x42c094 SetTextAlign
0x42c0a0 SetMapperFlags
0x42c0a8 ArcTo
0x42c0ac SetArcDirection
0x42c0b0 PolyDraw
0x42c0b4 SetBkColor
0x42c0b8 SetColorAdjustment
0x42c0bc PolyBezierTo
0x42c0c0 DeleteObject
0x42c0c4 GetClipRgn
0x42c0c8 CreateRectRgn
0x42c0cc SelectClipPath
0x42c0d0 ExtSelectClipRgn
0x42c0d4 PlayMetaFileRecord
0x42c0d8 GetObjectType
0x42c0dc EnumMetaFile
0x42c0e0 PlayMetaFile
0x42c0e4 GetDeviceCaps
0x42c0e8 GetViewportExtEx
0x42c0ec GetWindowExtEx
0x42c0f0 CreatePen
0x42c0f4 ExtCreatePen
0x42c0f8 CreateSolidBrush
0x42c0fc CreateHatchBrush
0x42c100 CreatePatternBrush
0x42c108 PtVisible
0x42c10c RectVisible
0x42c110 TextOutA
0x42c114 ExtTextOutA
0x42c118 Escape
0x42c11c GetMapMode
0x42c120 PatBlt
0x42c124 SetRectRgn
0x42c128 CombineRgn
0x42c130 CreateFontIndirectA
0x42c134 DPtoLP
0x42c13c GetTextMetricsA
0x42c140 SetTextColor
0x42c144 GetClipBox
0x42c148 GetDCOrgEx
0x42c14c CreateBitmap
0x42c150 StretchBlt
0x42c154 CreateCompatibleDC
0x42c158 BitBlt
0x42c15c GetObjectA
0x42c164 PolylineTo
0x42c168 CreateDIBitmap
0x42c16c GetTextExtentPointA
0x42c170 SetBitmapBits
Library comdlg32.dll:
0x42c630 GetOpenFileNameA
0x42c634 GetSaveFileNameA
0x42c638 GetFileTitleA
Library WINSPOOL.DRV:
0x42c620 OpenPrinterA
0x42c624 DocumentPropertiesA
0x42c628 ClosePrinter
Library ADVAPI32.dll:
0x42c000 RegSetValueExA
0x42c004 RegOpenKeyA
0x42c008 RegDeleteKeyA
0x42c00c RegDeleteValueA
0x42c010 RegCloseKey
0x42c014 RegQueryValueExA
0x42c018 RegOpenKeyExA
0x42c01c RegCreateKeyExA
Library SHELL32.dll:
0x42c3b8 DragAcceptFiles
0x42c3bc SHGetFileInfoA
Library COMCTL32.dll:
0x42c024

Hosts

No hosts contacted.

TCP

Source Source Port Destination Destination Port
192.168.56.101 49195 113.108.239.194 r1---sn-j5o7dn7e.gvt1.com 80
192.168.56.101 49196 113.108.239.196 r3---sn-j5o7dn7e.gvt1.com 80
192.168.56.101 49194 203.208.41.33 redirector.gvt1.com 80
192.168.56.101 49191 203.208.41.34 update.googleapis.com 443

UDP

Source Source Port Destination Destination Port
192.168.56.101 51378 114.114.114.114 53
192.168.56.101 54991 114.114.114.114 53
192.168.56.101 56743 114.114.114.114 53
192.168.56.101 58070 114.114.114.114 53
192.168.56.101 58970 114.114.114.114 53
192.168.56.101 60123 114.114.114.114 53
192.168.56.101 60384 114.114.114.114 53
192.168.56.101 62191 114.114.114.114 53
192.168.56.101 63429 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 123 20.189.79.72 time.windows.com 123
192.168.56.101 49713 224.0.0.252 5355
192.168.56.101 53237 224.0.0.252 5355
192.168.56.101 53380 224.0.0.252 5355
192.168.56.101 53657 224.0.0.252 5355
192.168.56.101 54178 224.0.0.252 5355
192.168.56.101 54260 224.0.0.252 5355
192.168.56.101 55368 224.0.0.252 5355
192.168.56.101 56539 224.0.0.252 5355

HTTP & HTTPS Requests

URI Data
http://redirector.gvt1.com/edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe 
HEAD /edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
User-Agent: Microsoft BITS/7.5
X-Old-UID: cnt=0
X-Last-HR: 0x0
X-Last-HTTP-Status-Code: 0
X-Retry-Count: 0
X-HTTP-Attempts: 1
Host: redirector.gvt1.com
http://r3---sn-j5o7dn7e.gvt1.com/edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe?mh=ms&mvi=3&pl=17&shardbypass=yes&redirect_counter=1&rm=sn-j5ok7e&req_id=4369ff64dcc6010a&cms_redirect=yes&ipbypass=yes&mip=59.50.85.19&mm=28&mn=sn-j5o7dn7e&ms=nvh&mt=1619370495&mv=m 
HEAD /edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe?mh=ms&mvi=3&pl=17&shardbypass=yes&redirect_counter=1&rm=sn-j5ok7e&req_id=4369ff64dcc6010a&cms_redirect=yes&ipbypass=yes&mip=59.50.85.19&mm=28&mn=sn-j5o7dn7e&ms=nvh&mt=1619370495&mv=m HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
User-Agent: Microsoft BITS/7.5
X-Old-UID: cnt=0
X-Last-HR: 0x0
X-Last-HTTP-Status-Code: 0
X-Retry-Count: 0
X-HTTP-Attempts: 1
Host: r3---sn-j5o7dn7e.gvt1.com
http://r1---sn-j5o7dn7e.gvt1.com/edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe?cms_redirect=yes&mh=ms&mip=202.100.214.100&mm=28&mn=sn-j5o7dn7e&ms=nvh&mt=1619370495&mv=m&mvi=1&pl=23&shardbypass=yes 
HEAD /edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe?cms_redirect=yes&mh=ms&mip=202.100.214.100&mm=28&mn=sn-j5o7dn7e&ms=nvh&mt=1619370495&mv=m&mvi=1&pl=23&shardbypass=yes HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
User-Agent: Microsoft BITS/7.5
X-Old-UID: cnt=0
X-Last-HR: 0x0
X-Last-HTTP-Status-Code: 0
X-Retry-Count: 0
X-HTTP-Attempts: 1
Host: r1---sn-j5o7dn7e.gvt1.com

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.