SmartHawk

2.8

中危

1 个模型检测该样本为恶意！

重新分析

下载样本

00fa7a7a9bff3c88b8619a3ae46b4cd9ea6d36656c882dd4155278aac291fc1e

40f9cac275305eff2d86955fcfdeae42.exe

分析耗时

26s

最近分析

文件大小

1.1MB

静态报毒动态报毒 BSCOPE CHINA FUERBOOS

未检测暂无鹰眼引擎检测结果

查杀引擎	查杀时间	查杀版本
McAfee	20200302	6.0.6.653
Alibaba	20190527	0.3.0.5
Baidu	20190318	1.0.0.2
Avast	20200302	18.4.3895.0
Tencent	20200302	1.0.0.1
Kingsoft	20200302	2013.8.14.323
CrowdStrike	20190702	1.0

This executable is signed

This executable has a PDB path (1 个事件)

pdb_path

C:\vmagent_new\bin\joblist\176831\out\Release\ShopStore.pdb

The file contains an unknown PE resource name possibly indicative of a packer (1 个事件)

resource name

PNG

Checks for known Chinese AV sofware registry keys (1 个事件)

regkey

.*360Safe

Foreign language identified in PE resource (20 个事件)

name

PNG

language

LANG_CHINESE

offset

0x00110874

filetype

PNG image data, 380 x 32, 8-bit colormap, non-interlaced

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x0000048f

name

PNG

language

LANG_CHINESE

offset

0x00110874

filetype

PNG image data, 380 x 32, 8-bit colormap, non-interlaced

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x0000048f

name

PNG

language

LANG_CHINESE

offset

0x00110874

filetype

PNG image data, 380 x 32, 8-bit colormap, non-interlaced

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x0000048f

name

PNG

language

LANG_CHINESE

offset

0x00110874

filetype

PNG image data, 380 x 32, 8-bit colormap, non-interlaced

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x0000048f

name

PNG

language

LANG_CHINESE

offset

0x00110874

filetype

PNG image data, 380 x 32, 8-bit colormap, non-interlaced

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x0000048f

name

PNG

language

LANG_CHINESE

offset

0x00110874

filetype

PNG image data, 380 x 32, 8-bit colormap, non-interlaced

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x0000048f

name

PNG

language

LANG_CHINESE

offset

0x00110874

filetype

PNG image data, 380 x 32, 8-bit colormap, non-interlaced

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x0000048f

name

PNG

language

LANG_CHINESE

offset

0x00110874

filetype

PNG image data, 380 x 32, 8-bit colormap, non-interlaced

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x0000048f

name

PNG

language

LANG_CHINESE

offset

0x00110874

filetype

PNG image data, 380 x 32, 8-bit colormap, non-interlaced

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x0000048f

name

PNG

language

LANG_CHINESE

offset

0x00110874

filetype

PNG image data, 380 x 32, 8-bit colormap, non-interlaced

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x0000048f

name

PNG

language

LANG_CHINESE

offset

0x00110874

filetype

PNG image data, 380 x 32, 8-bit colormap, non-interlaced

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x0000048f

name

PNG

language

LANG_CHINESE

offset

0x00110874

filetype

PNG image data, 380 x 32, 8-bit colormap, non-interlaced

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x0000048f

name

RT_ICON

language

LANG_CHINESE

offset

0x0011862c

filetype

GLS_BINARY_LSB_FIRST

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x00000468

name

RT_ICON

language

LANG_CHINESE

offset

0x0011862c

filetype

GLS_BINARY_LSB_FIRST

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x00000468

name

RT_ICON

language

LANG_CHINESE

offset

0x0011862c

filetype

GLS_BINARY_LSB_FIRST

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x00000468

name

RT_ICON

language

LANG_CHINESE

offset

0x0011862c

filetype

GLS_BINARY_LSB_FIRST

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x00000468

name

RT_ICON

language

LANG_CHINESE

offset

0x0011862c

filetype

GLS_BINARY_LSB_FIRST

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x00000468

name

RT_DIALOG

language

LANG_CHINESE

offset

0x00118a94

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x00000040

name

RT_GROUP_ICON

language

LANG_CHINESE

offset

0x001198c0

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x0000004c

name

RT_VERSION

language

LANG_CHINESE

offset

0x0011990c

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x00000274

File has been identified by one AntiVirus engine on VirusTotal as malicious (1 个事件)

VBA32

BScope.Trojan.Fuerboos

The binary likely contains encrypted or compressed data indicative of a packer (1 个事件)

entropy

6.807522016854373

section

{'size_of_data': '0x0000de00', 'virtual_address': '0x0010c000', 'entropy': 6.807522016854373, 'name': '.rsrc', 'virtual_size': '0x0000ddf0'}

description

A section with a high entropy has been found

Communicates with host for which no DNS query was performed (1 个事件)

host

172.217.24.14

暂无二进制图像该样本未生成二进制可视化图像

暂无运行截图该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手，可以帮您分析和解读恶意软件报告。请随时向我提问！

🔍 主要威胁分析

⚡ 行为特征

🛡️ 防护建议

🔧 技术手段

🎯 检测方法

🤖

Static Analysis
Strings

PE Compile Time

2017-06-29 14:59:54

Imports

Library KERNEL32.dll:

• 0x4dd0cc CreateFileA

• 0x4dd0d0 GetACP

• 0x4dd0d4 RemoveDirectoryW

• 0x4dd0d8 lstrcatW

• 0x4dd0dc DeviceIoControl

• 0x4dd0e0 GetCurrentProcessId

• 0x4dd0e4 CreateProcessW

• 0x4dd0e8 LoadLibraryExW

• 0x4dd0ec lstrcmpiW

• 0x4dd0f0 CreateDirectoryW

• 0x4dd0f4 WriteFile

• 0x4dd0f8 GetModuleHandleExW

• 0x4dd0fc Process32NextW

• 0x4dd100 OpenProcess

• 0x4dd104 Process32FirstW

• 0x4dd108 CreateToolhelp32Snapshot

• 0x4dd10c LocalFree

• 0x4dd110 LocalAlloc

• 0x4dd114 GetSystemInfo

• 0x4dd118 GetModuleHandleA

• 0x4dd11c GetEnvironmentVariableW

• 0x4dd120 GetStartupInfoW

• 0x4dd124 SetCurrentDirectoryW

• 0x4dd128 CreateThread

• 0x4dd12c ExitThread

• 0x4dd130 SuspendThread

• 0x4dd134 WaitForSingleObject

• 0x4dd138 SetEvent

• 0x4dd13c GetFileAttributesExW

• 0x4dd140 VirtualFreeEx

• 0x4dd144 ReadProcessMemory

• 0x4dd148 WriteProcessMemory

• 0x4dd14c VirtualAllocEx

• 0x4dd150 GetLongPathNameW

• 0x4dd154 FindClose

• 0x4dd158 FindNextFileW

• 0x4dd15c FindFirstFileW

• 0x4dd160 SetFilePointer

• 0x4dd164 GetTickCount

• 0x4dd168 WritePrivateProfileStringW

• 0x4dd16c lstrcmpiA

• 0x4dd170 lstrcmpA

• 0x4dd174 SetEnvironmentVariableA

• 0x4dd178 CompareStringW

• 0x4dd17c CompareStringA

• 0x4dd180 WriteConsoleW

• 0x4dd184 GetConsoleOutputCP

• 0x4dd188 WriteConsoleA

• 0x4dd18c GetTimeZoneInformation

• 0x4dd190 GetLocaleInfoW

• 0x4dd194 FlushFileBuffers

• 0x4dd198 GetConsoleMode

• 0x4dd19c GetConsoleCP

• 0x4dd1a0 SetStdHandle

• 0x4dd1a4 IsValidLocale

• 0x4dd1a8 EnumSystemLocalesA

• 0x4dd1ac SetUnhandledExceptionFilter

• 0x4dd1b0 GetUserDefaultLCID

• 0x4dd1b4 GetDateFormatA

• 0x4dd1b8 GetTimeFormatA

• 0x4dd1bc GetStringTypeW

• 0x4dd1c0 GetStringTypeA

• 0x4dd1c4 QueryPerformanceCounter

• 0x4dd1c8 GetCommandLineW

• 0x4dd1cc GetEnvironmentStringsW

• 0x4dd1d0 FreeEnvironmentStringsW

• 0x4dd1d4 InitializeCriticalSectionAndSpinCount

• 0x4dd1d8 InterlockedExchange

• 0x4dd1dc SetConsoleCtrlHandler

• 0x4dd1e0 LCMapStringA

• 0x4dd1e4 GetStartupInfoA

• 0x4dd1e8 GetFileType

• 0x4dd1ec SetHandleCount

• 0x4dd1f0 LCMapStringW

• 0x4dd1f4 GetCurrentThread

• 0x4dd1f8 IsValidCodePage

• 0x4dd1fc GetOEMCP

• 0x4dd200 GetCPInfo

• 0x4dd204 GetModuleFileNameA

• 0x4dd208 GetStdHandle

• 0x4dd20c HeapCreate

• 0x4dd210 FatalAppExitA

• 0x4dd214 ExitProcess

• 0x4dd218 IsDebuggerPresent

• 0x4dd21c UnhandledExceptionFilter

• 0x4dd220 RtlUnwind

• 0x4dd224 TlsFree

• 0x4dd228 DeleteAtom

• 0x4dd22c FindAtomW

• 0x4dd230 TlsAlloc

• 0x4dd234 ReleaseMutex

• 0x4dd238 AddAtomW

• 0x4dd23c OpenThread

• 0x4dd240 GetAtomNameW

• 0x4dd244 TlsSetValue

• 0x4dd248 TlsGetValue

• 0x4dd24c GetSystemTime

• 0x4dd250 GetLocalTime

• 0x4dd254 FormatMessageW

• 0x4dd258 OutputDebugStringW

• 0x4dd25c GetFileSizeEx

• 0x4dd260 SetFilePointerEx

• 0x4dd264 SetEndOfFile

• 0x4dd268 LocalFileTimeToFileTime

• 0x4dd26c GetSystemTimeAsFileTime

• 0x4dd270 SystemTimeToFileTime

• 0x4dd274 VirtualAlloc

• 0x4dd278 VirtualFree

• 0x4dd27c IsProcessorFeaturePresent

• 0x4dd280 LoadLibraryA

• 0x4dd284 InterlockedCompareExchange

• 0x4dd288 GetProcessHeap

• 0x4dd28c HeapSize

• 0x4dd290 HeapReAlloc

• 0x4dd294 HeapFree

• 0x4dd298 HeapAlloc

• 0x4dd29c HeapDestroy

• 0x4dd2a0 CreateMutexW

• 0x4dd2a4 GetModuleHandleW

• 0x4dd2a8 GetVersionExW

• 0x4dd2ac CreateFileW

• 0x4dd2b0 GetFileSize

• 0x4dd2b4 ReadFile

• 0x4dd2b8 lstrlenA

• 0x4dd2bc MultiByteToWideChar

• 0x4dd2c0 WideCharToMultiByte

• 0x4dd2c4 DeleteFileW

• 0x4dd2c8 GetPrivateProfileStringW

• 0x4dd2cc GetFileAttributesW

• 0x4dd2d0 SetFileAttributesW

• 0x4dd2d4 Sleep

• 0x4dd2d8 TerminateProcess

• 0x4dd2dc InitializeCriticalSection

• 0x4dd2e0 InterlockedDecrement

• 0x4dd2e4 InterlockedIncrement

• 0x4dd2e8 DeleteCriticalSection

• 0x4dd2ec MulDiv

• 0x4dd2f0 lstrcmpW

• 0x4dd2f4 CreateEventW

• 0x4dd2f8 GetLastError

• 0x4dd2fc CloseHandle

• 0x4dd300 lstrlenW

• 0x4dd304 GetCurrentProcess

• 0x4dd308 FlushInstructionCache

• 0x4dd30c SetLastError

• 0x4dd310 GetCurrentThreadId

• 0x4dd314 LoadLibraryW

• 0x4dd318 GetProcAddress

• 0x4dd31c FreeLibrary

• 0x4dd320 GetVersion

• 0x4dd324 GlobalAlloc

• 0x4dd328 GlobalLock

• 0x4dd32c GlobalUnlock

• 0x4dd330 GlobalFree

• 0x4dd334 FreeResource

• 0x4dd338 RaiseException

• 0x4dd33c LeaveCriticalSection

• 0x4dd340 EnterCriticalSection

• 0x4dd344 FindResourceExW

• 0x4dd348 LoadResource

• 0x4dd34c LockResource

• 0x4dd350 SizeofResource

• 0x4dd354 FindResourceW

• 0x4dd358 GetModuleFileNameW

• 0x4dd35c GetLocaleInfoA

Library USER32.dll:

• 0x4dd44c IsZoomed

• 0x4dd450 EqualRect

• 0x4dd454 EnumWindows

• 0x4dd458 CopyRect

• 0x4dd45c WaitForInputIdle

• 0x4dd460 GetActiveWindow

• 0x4dd464 GetWindowLongW

• 0x4dd468 SendMessageW

• 0x4dd46c PostMessageW

• 0x4dd470 UnregisterClassA

• 0x4dd474 SetTimer

• 0x4dd478 KillTimer

• 0x4dd47c GetParent

• 0x4dd480 ReleaseDC

• 0x4dd484 GetDC

• 0x4dd488 LoadImageW

• 0x4dd48c RegisterClassW

• 0x4dd490 GetClassInfoW

• 0x4dd494 PostQuitMessage

• 0x4dd498 DestroyWindow

• 0x4dd49c DefWindowProcW

• 0x4dd4a0 CallWindowProcW

• 0x4dd4a4 CreateWindowExW

• 0x4dd4a8 SetWindowLongW

• 0x4dd4ac MoveWindow

• 0x4dd4b0 GetClientRect

• 0x4dd4b4 ShowWindow

• 0x4dd4b8 IsDialogMessageW

• 0x4dd4bc IsWindow

• 0x4dd4c0 PeekMessageW

• 0x4dd4c4 GetMessageW

• 0x4dd4c8 RegisterClassExW

• 0x4dd4cc LoadCursorW

• 0x4dd4d0 GetClassInfoExW

• 0x4dd4d4 RegisterWindowMessageW

• 0x4dd4d8 SetWindowTextW

• 0x4dd4dc GetWindowTextW

• 0x4dd4e0 GetWindowTextLengthW

• 0x4dd4e4 BeginPaint

• 0x4dd4e8 EndPaint

• 0x4dd4ec DestroyAcceleratorTable

• 0x4dd4f0 wsprintfW

• 0x4dd4f4 GetSystemMetrics

• 0x4dd4f8 GetSysColor

• 0x4dd4fc GetWindow

• 0x4dd500 GetFocus

• 0x4dd504 TranslateMessage

• 0x4dd508 DispatchMessageW

• 0x4dd50c SetRectEmpty

• 0x4dd510 MessageBoxW

• 0x4dd514 GetForegroundWindow

• 0x4dd518 GetWindowThreadProcessId

• 0x4dd51c AttachThreadInput

• 0x4dd520 SetForegroundWindow

• 0x4dd524 FindWindowExW

• 0x4dd528 SendMessageTimeoutW

• 0x4dd52c IsIconic

• 0x4dd530 DrawTextW

• 0x4dd534 SetCursor

• 0x4dd538 OffsetRect

• 0x4dd53c UpdateWindow

• 0x4dd540 GetCapture

• 0x4dd544 WindowFromPoint

• 0x4dd548 IntersectRect

• 0x4dd54c GetClassLongW

• 0x4dd550 GetCursorPos

• 0x4dd554 PtInRect

• 0x4dd558 MonitorFromWindow

• 0x4dd55c GetMonitorInfoW

• 0x4dd560 MapWindowPoints

• 0x4dd564 IsWindowEnabled

• 0x4dd568 EnableWindow

• 0x4dd56c IsWindowVisible

• 0x4dd570 LoadIconW

• 0x4dd574 FindWindowW

• 0x4dd578 GetWindowDC

• 0x4dd57c GetWindowRect

• 0x4dd580 UpdateLayeredWindow

• 0x4dd584 GetDlgItem

• 0x4dd588 InvalidateRgn

• 0x4dd58c InvalidateRect

• 0x4dd590 SetCapture

• 0x4dd594 ReleaseCapture

• 0x4dd598 ScreenToClient

• 0x4dd59c ClientToScreen

• 0x4dd5a0 CreateAcceleratorTableW

• 0x4dd5a4 GetDesktopWindow

• 0x4dd5a8 CharNextW

• 0x4dd5ac GetClassNameW

• 0x4dd5b0 SetWindowPos

• 0x4dd5b4 RedrawWindow

• 0x4dd5b8 FillRect

• 0x4dd5bc IsChild

• 0x4dd5c0 SetFocus

Library GDI32.dll:

• 0x4dd058 GetDeviceCaps

• 0x4dd05c DeleteDC

• 0x4dd060 GetStockObject

• 0x4dd064 CreateSolidBrush

• 0x4dd068 CreateDIBSection

• 0x4dd06c GetObjectW

• 0x4dd070 SetStretchBltMode

• 0x4dd074 StretchBlt

• 0x4dd078 CreateCompatibleBitmap

• 0x4dd07c SelectObject

• 0x4dd080 CreateFontIndirectW

• 0x4dd084 GetObjectA

• 0x4dd088 GetClipBox

• 0x4dd08c ExcludeClipRect

• 0x4dd090 OffsetViewportOrgEx

• 0x4dd094 SetViewportOrgEx

• 0x4dd098 IntersectClipRect

• 0x4dd09c SetTextColor

• 0x4dd0a0 GetTextColor

• 0x4dd0a4 TextOutW

• 0x4dd0a8 GetTextExtentPoint32W

• 0x4dd0ac ExtTextOutW

• 0x4dd0b0 SetBkColor

• 0x4dd0b4 CreateCompatibleDC

• 0x4dd0b8 BitBlt

• 0x4dd0bc SetBkMode

• 0x4dd0c0 GetTextMetricsW

• 0x4dd0c4 DeleteObject

Library ADVAPI32.dll:

• 0x4dd000 RegCreateKeyExW

• 0x4dd004 RegSetValueExW

• 0x4dd008 RegOpenKeyExW

• 0x4dd00c RegQueryValueExW

• 0x4dd010 RegCloseKey

• 0x4dd014 RegEnumKeyExA

• 0x4dd018 RegQueryValueExA

• 0x4dd01c RegEnumValueW

• 0x4dd020 OpenThreadToken

• 0x4dd024 OpenProcessToken

• 0x4dd028 LookupPrivilegeValueW

• 0x4dd02c AdjustTokenPrivileges

• 0x4dd030 RegQueryInfoKeyW

• 0x4dd034 RegEnumKeyExW

• 0x4dd038 RegDeleteValueW

• 0x4dd03c RegDeleteKeyW

• 0x4dd040 RegOpenKeyExA

Library SHELL32.dll:

• 0x4dd3e4 SHFileOperationW

• 0x4dd3e8 SHGetSpecialFolderPathW

• 0x4dd3ec ShellExecuteW

• 0x4dd3f0 SHGetFileInfoW

• 0x4dd3f4 ShellExecuteExW

• 0x4dd3f8

• 0x4dd3fc SHChangeNotify

• 0x4dd400 SHCreateDirectoryExW

Library ole32.dll:

• 0x4dd634 CoTaskMemRealloc

• 0x4dd638 CoTaskMemFree

• 0x4dd63c CoInitialize

• 0x4dd640 CoUninitialize

• 0x4dd644 OleLockRunning

• 0x4dd648 CoTaskMemAlloc

• 0x4dd64c StringFromGUID2

• 0x4dd650 CoCreateInstance

• 0x4dd654 CLSIDFromString

• 0x4dd658 CoSetProxyBlanket

• 0x4dd65c CoInitializeSecurity

• 0x4dd660 CoInitializeEx

• 0x4dd664 CLSIDFromProgID

• 0x4dd668 CoGetClassObject

• 0x4dd66c OleInitialize

• 0x4dd670 OleUninitialize

• 0x4dd674 CreateStreamOnHGlobal

Library OLEAUT32.dll:

• 0x4dd374 GetErrorInfo

• 0x4dd378 SetErrorInfo

• 0x4dd37c CreateErrorInfo

• 0x4dd380 SysAllocStringByteLen

• 0x4dd384 VariantClear

• 0x4dd388 VarUI4FromStr

• 0x4dd38c OleCreateFontIndirect

• 0x4dd390 SysStringByteLen

• 0x4dd394 VariantChangeType

• 0x4dd398 SafeArrayCreate

• 0x4dd39c SysStringLen

• 0x4dd3a0 LoadTypeLib

• 0x4dd3a4 LoadRegTypeLib

• 0x4dd3a8 SysFreeString

• 0x4dd3ac SysAllocString

• 0x4dd3b0 DispCallFunc

• 0x4dd3b4 SafeArrayUnaccessData

• 0x4dd3b8 SafeArrayAccessData

• 0x4dd3bc SysAllocStringLen

• 0x4dd3c0 SafeArrayGetLBound

• 0x4dd3c4 SafeArrayGetUBound

• 0x4dd3c8 VariantInit

Library gdiplus.dll:

• 0x4dd5e8 GdipLoadImageFromStreamICM

• 0x4dd5ec GdipFree

• 0x4dd5f0 GdipDisposeImage

• 0x4dd5f4 GdipCloneImage

• 0x4dd5f8 GdiplusStartup

• 0x4dd5fc GdiplusShutdown

• 0x4dd600 GdipCreateFontFromDC

• 0x4dd604 GdipCreateFontFromLogfontA

• 0x4dd608 GdipDeleteFont

• 0x4dd60c GdipCreatePen1

• 0x4dd610 GdipDeletePen

• 0x4dd614 GdipReleaseDC

• 0x4dd618 GdipDrawLineI

• 0x4dd61c GdipLoadImageFromStream

• 0x4dd620 GdipCreateFromHDC

• 0x4dd624 GdipDeleteGraphics

• 0x4dd628 GdipDrawImageRectRect

• 0x4dd62c GdipAlloc

Library SHLWAPI.dll:

• 0x4dd408 PathRemoveExtensionW

• 0x4dd40c StrStrIW

• 0x4dd410 PathIsDirectoryW

• 0x4dd414 SHDeleteValueW

• 0x4dd418 PathCombineW

• 0x4dd41c SHSetValueW

• 0x4dd420 PathAppendW

• 0x4dd424 UrlGetPartW

• 0x4dd428 SHSetValueA

• 0x4dd42c StrToIntExW

• 0x4dd430 SHGetValueA

• 0x4dd434 PathIsRootW

• 0x4dd438 PathFileExistsW

• 0x4dd43c PathFindFileNameW

• 0x4dd440 PathRemoveFileSpecW

• 0x4dd444 SHGetValueW

Library COMCTL32.dll:

• 0x4dd048 InitCommonControlsEx

Library MSIMG32.dll:

• 0x4dd364 AlphaBlend

Library PSAPI.DLL:

• 0x4dd3d0 EnumProcessModules

• 0x4dd3d4 GetModuleFileNameExW

Library VERSION.dll:

• 0x4dd5c8 GetFileVersionInfoW

• 0x4dd5cc GetFileVersionInfoSizeW

• 0x4dd5d0 VerQueryValueA

• 0x4dd5d4 VerQueryValueW

Library SETUPAPI.dll:

• 0x4dd3dc SetupIterateCabinetW

Library WINTRUST.dll:

• 0x4dd5dc WTHelperProvDataFromStateData

• 0x4dd5e0 WinVerifyTrust

Library CRYPT32.dll:

• 0x4dd050 CertGetNameStringW

Library NETAPI32.dll:

• 0x4dd36c Netbios

Hosts

No hosts contacted.

DNS

Name	Response	Post-Analysis Lookup
time.windows.com	A 20.189.79.72 CNAME time.microsoft.akadns.net
dns.msftncsi.com	AAAA fd3e:4f5a:5b81::1	131.107.255.255
dns.msftncsi.com	A 131.107.255.255	131.107.255.255
teredo.ipv6.microsoft.com

TCP

No TCP connections recorded.

UDP

Source	Source Port	Destination	Destination Port
192.168.56.101	50002	114.114.114.114	53
192.168.56.101	51808	114.114.114.114	53
192.168.56.101	57756	114.114.114.114	53
192.168.56.101	58367	114.114.114.114	53
192.168.56.101	62318	114.114.114.114	53
192.168.56.101	137	192.168.56.255	137
192.168.56.101	138	192.168.56.255	138
192.168.56.101	123	20.189.79.72 time.windows.com	123
192.168.56.101	49235	224.0.0.252	5355
192.168.56.101	50534	224.0.0.252	5355
192.168.56.101	51378	224.0.0.252	5355
192.168.56.101	51963	224.0.0.252	5355
192.168.56.101	53237	224.0.0.252	5355
192.168.56.101	56804	224.0.0.252	5355
192.168.56.101	62191	224.0.0.252	5355
192.168.56.101	63429	224.0.0.252	5355
192.168.56.101	1900	239.255.255.250	1900
192.168.56.101	50003	239.255.255.250	3702
192.168.56.101	50005	239.255.255.250	3702
192.168.56.101	58368	239.255.255.250	3702

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.

Sorry! No dropped buffers.