9.2
极危
64 个模型检测该样本为恶意!
重新分析
更多

3ec2471a7a0a060ca5c60549ec70370c708f692baa76d13049e9022252e387e0

4242ae7b111169ba16b56f3cabfb2bfd.exe

分析耗时

84s

最近分析

文件大小

910.0KB
静态报毒 动态报毒 100% AI SCORE=80 ATMN ATTRIBUTE CLOUD CONFIDENCE CONTEBAN DARKKOMET DE@74B38H DELF DELPHI DLLINJECT DOWNLOADER22 ETONJRQZPLK FAMVT FAZBWQ FILEINFECTOR FILETOUR GAIONLTK GENASA GENERICRXJO GENETIC HIGH CONFIDENCE HIGHCONFIDENCE HQXY HYKCS2AA LAMER MALICIOUS PE NAPWHICH NOCIVO OAZM SCORE STATIC AI SYNAPTICS TP6K TSCOPE UNSAFE X1799 ZOREX 更多
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
Alibaba Backdoor:Win32/DarkKomet.131 20190527 0.3.0.5
Baidu 20190318 1.0.0.2
Avast Win32:Malware-gen 20210204 21.1.5827.0
Tencent Virus.Win32.DarkKomet.a 20210204 1.0.0.1
Kingsoft 20210204 2017.9.26.565
McAfee GenericRXJO-YL!4242AE7B1111 20210204 6.0.6.653
CrowdStrike win/malicious_confidence_100% (W) 20190702 1.0
静态指标
Checks if process is being debugged by a debugger (2 个事件)
Time & API Arguments Status Return Repeated
1620981359.102625
IsDebuggerPresent
failed 0 0
1620981359.102625
IsDebuggerPresent
failed 0 0
Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available (1 个事件)
Time & API Arguments Status Return Repeated
1620981359.227625
GlobalMemoryStatusEx
success 1 0
The executable contains unknown PE section names indicative of a packer (could be a false positive) (3 个事件)
section CODE
section DATA
section BSS
The executable uses a known packer (1 个事件)
packer BobSoft Mini Delphi -> BoB / BobSoft
One or more processes crashed (4 个事件)
Time & API Arguments Status Return Repeated
1620981370.727875
__exception__
stacktrace: 
synaptics+0x1dc41 @ 0x41dc41
synaptics+0x1db79 @ 0x41db79
synaptics+0x1cbc2 @ 0x41cbc2
synaptics+0x763b8 @ 0x4763b8
synaptics+0x7648f @ 0x47648f
synaptics+0x9a2a5 @ 0x49a2a5
synaptics+0x9a59a @ 0x49a59a
synaptics+0x9a6b1 @ 0x49a6b1
synaptics+0x52fdf @ 0x452fdf
synaptics+0x5a6c8 @ 0x45a6c8
synaptics+0x9abc5 @ 0x49abc5
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1637400
registers.edi: 32243711
registers.eax: 1637400
registers.ebp: 1637480
registers.edx: 0
registers.ebx: 32190536
registers.esi: 32194568
registers.ecx: 7
exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b
exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727
exception.instruction: leave
exception.module: KERNELBASE.dll
exception.exception_code: 0xeedfade
exception.offset: 46887
exception.address: 0x778eb727
success 0 0
1620981381.852875
__exception__
stacktrace: 
synaptics+0x81a9b @ 0x481a9b
synaptics+0x81c7b @ 0x481c7b
synaptics+0x845fd @ 0x4845fd
synaptics+0x959fc @ 0x4959fc
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 59506180
registers.edi: 125
registers.eax: 59506180
registers.ebp: 59506260
registers.edx: 0
registers.ebx: 32195072
registers.esi: 125
registers.ecx: 7
exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b
exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727
exception.instruction: leave
exception.module: KERNELBASE.dll
exception.exception_code: 0xeedfade
exception.offset: 46887
exception.address: 0x778eb727
success 0 0
1620981387.836875
__exception__
stacktrace: 
synaptics+0x7bda4 @ 0x47bda4
synaptics+0x7bcf2 @ 0x47bcf2
synaptics+0x7bcb3 @ 0x47bcb3
synaptics+0x845fd @ 0x4845fd
synaptics+0x95a83 @ 0x495a83
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 59503992
registers.edi: 59504180
registers.eax: 59503992
registers.ebp: 59504072
registers.edx: 0
registers.ebx: 4703484
registers.esi: 11004
registers.ecx: 7
exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b
exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727
exception.instruction: leave
exception.module: KERNELBASE.dll
exception.exception_code: 0xeedfade
exception.offset: 46887
exception.address: 0x778eb727
success 0 0
1620981397.852875
__exception__
stacktrace: 
synaptics+0x81a9b @ 0x481a9b
synaptics+0x81c7b @ 0x481c7b
synaptics+0x845fd @ 0x4845fd
synaptics+0x95b0a @ 0x495b0a
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 59501844
registers.edi: 125
registers.eax: 59501844
registers.ebp: 59501924
registers.edx: 0
registers.ebx: 32195072
registers.esi: 125
registers.ecx: 7
exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b
exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727
exception.instruction: leave
exception.module: KERNELBASE.dll
exception.exception_code: 0xeedfade
exception.offset: 46887
exception.address: 0x778eb727
success 0 0
行为判定
动态指标
Connects to a Dynamic DNS Domain (1 个事件)
domain xred.mooo.com
Performs some HTTP requests (1 个事件)
request GET http://freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978
Allocates read-write-execute memory (usually to unpack itself) (46 个事件)
Time & API Arguments Status Return Repeated
1620946616.192598
NtAllocateVirtualMemory
process_identifier: 648
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x01e60000
success 0 0
1620981358.430625
NtAllocateVirtualMemory
process_identifier: 1704
region_size: 2031616
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 8192 (MEM_RESERVE)
base_address: 0x00900000
success 0 0
1620981358.430625
NtAllocateVirtualMemory
process_identifier: 1704
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00ab0000
success 0 0
1620981358.680625
NtAllocateVirtualMemory
process_identifier: 1704
region_size: 2031616
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 8192 (MEM_RESERVE)
base_address: 0x00cb0000
success 0 0
1620981358.680625
NtAllocateVirtualMemory
process_identifier: 1704
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00e60000
success 0 0
1620981358.961625
NtProtectVirtualMemory
process_identifier: 1704
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x73cd1000
success 0 0
1620981359.102625
NtAllocateVirtualMemory
process_identifier: 1704
region_size: 1769472
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 8192 (MEM_RESERVE)
base_address: 0x00af0000
success 0 0
1620981359.102625
NtAllocateVirtualMemory
process_identifier: 1704
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00c60000
success 0 0
1620981359.117625
NtAllocateVirtualMemory
process_identifier: 1704
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x0055a000
success 0 0
1620981359.180625
NtProtectVirtualMemory
process_identifier: 1704
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 8192
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x73cd2000
success 0 0
1620981359.180625
NtAllocateVirtualMemory
process_identifier: 1704
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00552000
success 0 0
1620981359.430625
NtAllocateVirtualMemory
process_identifier: 1704
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00562000
success 0 0
1620981359.617625
NtAllocateVirtualMemory
process_identifier: 1704
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00585000
success 0 0
1620981359.617625
NtAllocateVirtualMemory
process_identifier: 1704
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x0058b000
success 0 0
1620981359.617625
NtAllocateVirtualMemory
process_identifier: 1704
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00587000
success 0 0
1620981359.805625
NtAllocateVirtualMemory
process_identifier: 1704
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00563000
success 0 0
1620981359.930625
NtAllocateVirtualMemory
process_identifier: 1704
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00564000
success 0 0
1620981360.008625
NtAllocateVirtualMemory
process_identifier: 1704
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00565000
success 0 0
1620981360.008625
NtAllocateVirtualMemory
process_identifier: 1704
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x0056c000
success 0 0
1620981360.617625
NtAllocateVirtualMemory
process_identifier: 1704
region_size: 8192
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00566000
success 0 0
1620981360.617625
NtAllocateVirtualMemory
process_identifier: 1704
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00568000
success 0 0
1620981360.711625
NtAllocateVirtualMemory
process_identifier: 1704
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00660000
success 0 0
1620981361.414625
NtAllocateVirtualMemory
process_identifier: 1704
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x0057a000
success 0 0
1620981361.414625
NtAllocateVirtualMemory
process_identifier: 1704
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00577000
success 0 0
1620981361.555625
NtAllocateVirtualMemory
process_identifier: 1704
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00569000
success 0 0
1620981361.570625
NtAllocateVirtualMemory
process_identifier: 1704
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00680000
success 0 0
1620981361.742625
NtAllocateVirtualMemory
process_identifier: 1704
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00576000
success 0 0
1620981361.820625
NtAllocateVirtualMemory
process_identifier: 1704
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00661000
success 0 0
1620981361.836625
NtAllocateVirtualMemory
process_identifier: 1704
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00681000
success 0 0
1620981361.852625
NtAllocateVirtualMemory
process_identifier: 1704
region_size: 327680
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 1056768 (MEM_RESERVE|MEM_TOP_DOWN)
base_address: 0xfff40000
success 0 0
1620981361.852625
NtAllocateVirtualMemory
process_identifier: 1704
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0xfff40000
success 0 0
1620981361.852625
NtAllocateVirtualMemory
process_identifier: 1704
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0xfff40000
success 0 0
1620981361.852625
NtAllocateVirtualMemory
process_identifier: 1704
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0xfff48000
success 0 0
1620981361.852625
NtAllocateVirtualMemory
process_identifier: 1704
region_size: 65536
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 1056768 (MEM_RESERVE|MEM_TOP_DOWN)
base_address: 0xfff30000
success 0 0
1620981361.852625
NtAllocateVirtualMemory
process_identifier: 1704
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0xfff30000
success 0 0
1620981361.961625
NtAllocateVirtualMemory
process_identifier: 1704
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00662000
success 0 0
1620981362.633625
NtAllocateVirtualMemory
process_identifier: 1704
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00682000
success 0 0
1620981362.852625
NtAllocateVirtualMemory
process_identifier: 1704
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00683000
success 0 0
1620981362.852625
NtAllocateVirtualMemory
process_identifier: 1704
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00e61000
success 0 0
1620981362.867625
NtAllocateVirtualMemory
process_identifier: 1704
region_size: 16384
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00663000
success 0 0
1620981363.148625
NtAllocateVirtualMemory
process_identifier: 1704
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00667000
success 0 0
1620981363.305625
NtAllocateVirtualMemory
process_identifier: 1704
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x0056a000
success 0 0
1620981363.305625
NtAllocateVirtualMemory
process_identifier: 1704
region_size: 16384
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00e62000
success 0 0
1620981363.305625
NtAllocateVirtualMemory
process_identifier: 1704
region_size: 69632
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00e66000
success 0 0
1620981364.117625
NtAllocateVirtualMemory
process_identifier: 1704
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00668000
success 0 0
1620981360.820875
NtAllocateVirtualMemory
process_identifier: 2200
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x01e00000
success 0 0
Foreign language identified in PE resource (12 个事件)
name RT_ICON language LANG_TURKISH offset 0x000b3a10 filetype PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced sublanguage SUBLANG_DEFAULT size 0x0000205c
name RT_ICON language LANG_TURKISH offset 0x000b3a10 filetype PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced sublanguage SUBLANG_DEFAULT size 0x0000205c
name RT_RCDATA language LANG_TURKISH offset 0x000e4384 filetype Microsoft Excel 2007+ sublanguage SUBLANG_DEFAULT size 0x000047d3
name RT_RCDATA language LANG_TURKISH offset 0x000e4384 filetype Microsoft Excel 2007+ sublanguage SUBLANG_DEFAULT size 0x000047d3
name RT_RCDATA language LANG_TURKISH offset 0x000e4384 filetype Microsoft Excel 2007+ sublanguage SUBLANG_DEFAULT size 0x000047d3
name RT_RCDATA language LANG_TURKISH offset 0x000e4384 filetype Microsoft Excel 2007+ sublanguage SUBLANG_DEFAULT size 0x000047d3
name RT_RCDATA language LANG_TURKISH offset 0x000e4384 filetype Microsoft Excel 2007+ sublanguage SUBLANG_DEFAULT size 0x000047d3
name RT_RCDATA language LANG_TURKISH offset 0x000e4384 filetype Microsoft Excel 2007+ sublanguage SUBLANG_DEFAULT size 0x000047d3
name RT_RCDATA language LANG_TURKISH offset 0x000e4384 filetype Microsoft Excel 2007+ sublanguage SUBLANG_DEFAULT size 0x000047d3
name RT_RCDATA language LANG_TURKISH offset 0x000e4384 filetype Microsoft Excel 2007+ sublanguage SUBLANG_DEFAULT size 0x000047d3
name RT_GROUP_ICON language LANG_TURKISH offset 0x000e8be4 filetype data sublanguage SUBLANG_DEFAULT size 0x00000014
name RT_VERSION language LANG_TURKISH offset 0x000e8bf8 filetype data sublanguage SUBLANG_DEFAULT size 0x00000304
Creates executable files on the filesystem (1 个事件)
file C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\._cache_4242ae7b111169ba16b56f3cabfb2bfd.exe
Connects to DNS Servers of Dynamic DNS Provider (1 个事件)
ipaddr 50.23.197.95
Drops a binary and executes it (1 个事件)
file C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\._cache_4242ae7b111169ba16b56f3cabfb2bfd.exe
Drops an executable to the user AppData folder (1 个事件)
file C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\._cache_4242ae7b111169ba16b56f3cabfb2bfd.exe
Checks adapter addresses which can be used to detect virtual network interfaces (1 个事件)
Time & API Arguments Status Return Repeated
1620981381.992875
GetAdaptersAddresses
flags: 0
family: 0
failed 111 0
网络通信
Communicates with host for which no DNS query was performed (1 个事件)
host 172.217.24.14
A process attempted to delay the analysis task. (1 个事件)
description ._cache_4242ae7b111169ba16b56f3cabfb2bfd.exe tried to sleep 5456328 seconds, actually delayed analysis time by 5456328 seconds
Installs itself for autorun at Windows startup (1 个事件)
reg_key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Synaptics Pointing Device Driver reg_value C:\ProgramData\Synaptics\Synaptics.exe
Sets or modifies WPAD proxy autoconfiguration file for traffic interception (15 个事件)
Time & API Arguments Status Return Repeated
1620981384.570875
RegSetValueExA
key_handle: 0x000003d4
value: 1
regkey_r: WpadDecisionReason
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionReason
success 0 0
1620981384.570875
RegSetValueExA
key_handle: 0x000003d4
value: °tjf§H×
regkey_r: WpadDecisionTime
reg_type: 3 (REG_BINARY)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionTime
success 0 0
1620981384.570875
RegSetValueExA
key_handle: 0x000003d4
value: 3
regkey_r: WpadDecision
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecision
success 0 0
1620981384.570875
RegSetValueExW
key_handle: 0x000003d4
value: 网络 2
regkey_r: WpadNetworkName
reg_type: 1 (REG_SZ)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadNetworkName
success 0 0
1620981384.570875
RegSetValueExA
key_handle: 0x000003ec
value: 1
regkey_r: WpadDecisionReason
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionReason
success 0 0
1620981384.570875
RegSetValueExA
key_handle: 0x000003ec
value: °tjf§H×
regkey_r: WpadDecisionTime
reg_type: 3 (REG_BINARY)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionTime
success 0 0
1620981384.570875
RegSetValueExA
key_handle: 0x000003ec
value: 3
regkey_r: WpadDecision
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecision
success 0 0
1620981384.617875
RegSetValueExW
key_handle: 0x000003d0
value: {40112ABE-63B3-43C3-BE93-1440EE3AF106}
regkey_r: WpadLastNetwork
reg_type: 1 (REG_SZ)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\WpadLastNetwork
success 0 0
1620981385.289875
RegSetValueExA
key_handle: 0x00000454
value: 1
regkey_r: WpadDecisionReason
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionReason
success 0 0
1620981385.289875
RegSetValueExA
key_handle: 0x00000454
value: Øf§H×
regkey_r: WpadDecisionTime
reg_type: 3 (REG_BINARY)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionTime
success 0 0
1620981385.289875
RegSetValueExA
key_handle: 0x00000454
value: 0
regkey_r: WpadDecision
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecision
success 0 0
1620981385.289875
RegSetValueExW
key_handle: 0x00000454
value: 网络 2
regkey_r: WpadNetworkName
reg_type: 1 (REG_SZ)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadNetworkName
success 0 0
1620981385.289875
RegSetValueExA
key_handle: 0x00000458
value: 1
regkey_r: WpadDecisionReason
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionReason
success 0 0
1620981385.289875
RegSetValueExA
key_handle: 0x00000458
value: Øf§H×
regkey_r: WpadDecisionTime
reg_type: 3 (REG_BINARY)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionTime
success 0 0
1620981385.289875
RegSetValueExA
key_handle: 0x00000458
value: 0
regkey_r: WpadDecision
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecision
success 0 0
Connects to an IP address that is no longer responding to requests (legitimate services will remain up-and-running usually) (1 个事件)
dead_host 189.163.17.5:1199
File has been identified by 64 AntiVirus engines on VirusTotal as malicious (50 out of 64 个事件)
Bkav W32.FamVT.GaionLTK.Trojan
Elastic malicious (high confidence)
MicroWorld-eScan Backdoor.DarkKomet.Q
FireEye Generic.mg.4242ae7b111169ba
CAT-QuickHeal Sus.Nocivo.E0011
ALYac Backdoor.DarkKomet.Q
Cylance Unsafe
Zillya Trojan.Delf.Win32.76144
SUPERAntiSpyware Adware.FileTour/Variant
Sangfor Malware
K7AntiVirus Virus ( 0055903c1 )
Alibaba Backdoor:Win32/DarkKomet.131
K7GW Virus ( 0055903c1 )
Cybereason malicious.b11116
Arcabit HEUR.VBA.Trojan.d
Cyren W32/Backdoor.OAZM-5661
Symantec ML.Attribute.HighConfidence
APEX Malicious
Avast Win32:Malware-gen
ClamAV Win.Malware.Dllinject-6868258-0
Kaspersky Backdoor.Win32.DarkKomet.hqxy
BitDefender Backdoor.DarkKomet.Q
NANO-Antivirus Trojan.Win32.DarkKomet.fazbwq
Paloalto generic.ml
AegisLab Trojan.Win32.DarkKomet.tp6k
Tencent Virus.Win32.DarkKomet.a
Ad-Aware Backdoor.DarkKomet.Q
Sophos Troj/DocDl-JJH
Comodo Virus.Win32.Agent.DE@74b38h
F-Secure Trojan:W97M/MaliciousMacro.GEN
DrWeb Trojan.DownLoader22.9658
VIPRE BehavesLike.Win32.Malware.eah (mx-v)
TrendMicro Virus.Win32.NAPWHICH.B
McAfee-GW-Edition BehavesLike.Win32.Generic.dh
Emsisoft Backdoor.DarkKomet.Q (B)
SentinelOne Static AI - Malicious PE - Spyware
Jiangmin Win32/Synaptics.Gen
Avira DR/Delphi.Gen
Antiy-AVL Trojan/Win32.Conteban
Gridinsoft Malware.Win32.Gen.sm!s1
Microsoft Worm:Win32/AutoRun!atmn
ViRobot Win32.Zorex.A
ZoneAlarm Backdoor.Win32.DarkKomet.hqxy
GData Backdoor.DarkKomet.Q
Cynet Malicious (score: 100)
AhnLab-V3 Win32/Zorex.X1799
Acronis suspicious
McAfee GenericRXJO-YL!4242AE7B1111
MAX malware (ai score=80)
VBA32 TScope.Trojan.Delf
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

1992-06-20 06:22:17

Imports

Library kernel32.dll:
0x4a01dc VirtualFree
0x4a01e0 VirtualAlloc
0x4a01e4 LocalFree
0x4a01e8 LocalAlloc
0x4a01ec GetTickCount
0x4a01f4 GetVersion
0x4a01f8 GetCurrentThreadId
0x4a0204 VirtualQuery
0x4a0208 WideCharToMultiByte
0x4a0210 MultiByteToWideChar
0x4a0214 lstrlenA
0x4a0218 lstrcpynA
0x4a021c LoadLibraryExA
0x4a0220 GetThreadLocale
0x4a0224 GetStartupInfoA
0x4a0228 GetProcAddress
0x4a022c GetModuleHandleA
0x4a0230 GetModuleFileNameA
0x4a0234 GetLocaleInfoA
0x4a0238 GetLastError
0x4a0240 GetCommandLineA
0x4a0244 FreeLibrary
0x4a0248 FindFirstFileA
0x4a024c FindClose
0x4a0250 ExitProcess
0x4a0254 ExitThread
0x4a0258 CreateThread
0x4a025c WriteFile
0x4a0264 SetFilePointer
0x4a0268 SetEndOfFile
0x4a026c RtlUnwind
0x4a0270 ReadFile
0x4a0274 RaiseException
0x4a0278 GetStdHandle
0x4a027c GetFileSize
0x4a0280 GetFileType
0x4a0284 CreateFileA
0x4a0288 CloseHandle
Library user32.dll:
0x4a0290 GetKeyboardType
0x4a0294 LoadStringA
0x4a0298 MessageBoxA
0x4a029c CharNextA
Library advapi32.dll:
0x4a02a4 RegQueryValueExA
0x4a02a8 RegOpenKeyExA
0x4a02ac RegCloseKey
Library oleaut32.dll:
0x4a02b4 SysFreeString
0x4a02b8 SysReAllocStringLen
0x4a02bc SysAllocStringLen
Library kernel32.dll:
0x4a02c4 TlsSetValue
0x4a02c8 TlsGetValue
0x4a02cc LocalAlloc
0x4a02d0 GetModuleHandleA
Library advapi32.dll:
0x4a02d8 RegSetValueExA
0x4a02dc RegQueryValueExA
0x4a02e0 RegOpenKeyExA
0x4a02e8 RegFlushKey
0x4a02ec RegDeleteValueA
0x4a02f0 RegCreateKeyExA
0x4a02f4 RegCloseKey
0x4a02f8 OpenProcessToken
0x4a0300 GetUserNameA
Library kernel32.dll:
0x4a030c lstrcpyA
0x4a0314 WriteFile
0x4a0318 WaitForSingleObject
0x4a0320 VirtualQuery
0x4a0324 VirtualAlloc
0x4a0328 UpdateResourceA
0x4a032c UnmapViewOfFile
0x4a0330 TerminateProcess
0x4a0334 Sleep
0x4a0338 SizeofResource
0x4a033c SetThreadLocale
0x4a0340 SetFilePointer
0x4a0344 SetFileAttributesA
0x4a0348 SetEvent
0x4a034c SetErrorMode
0x4a0350 SetEndOfFile
0x4a0354 ResumeThread
0x4a0358 ResetEvent
0x4a035c RemoveDirectoryA
0x4a0360 ReadFile
0x4a0364 OpenProcess
0x4a0368 OpenMutexA
0x4a036c MultiByteToWideChar
0x4a0370 MulDiv
0x4a0374 MoveFileA
0x4a0378 MapViewOfFile
0x4a037c LockResource
0x4a0380 LoadResource
0x4a0384 LoadLibraryA
0x4a0390 GlobalUnlock
0x4a0394 GlobalReAlloc
0x4a0398 GlobalHandle
0x4a039c GlobalLock
0x4a03a0 GlobalFree
0x4a03a4 GlobalFindAtomA
0x4a03a8 GlobalDeleteAtom
0x4a03ac GlobalAlloc
0x4a03b0 GlobalAddAtomA
0x4a03b4 GetVersionExA
0x4a03b8 GetVersion
0x4a03c0 GetTickCount
0x4a03c4 GetThreadLocale
0x4a03c8 GetTempPathA
0x4a03cc GetTempFileNameA
0x4a03d0 GetSystemInfo
0x4a03d4 GetSystemDirectoryA
0x4a03d8 GetStringTypeExA
0x4a03dc GetStdHandle
0x4a03e0 GetProcAddress
0x4a03e8 GetModuleHandleA
0x4a03ec GetModuleFileNameA
0x4a03f0 GetLogicalDrives
0x4a03f4 GetLocaleInfoA
0x4a03f8 GetLocalTime
0x4a03fc GetLastError
0x4a0400 GetFullPathNameA
0x4a0404 GetFileSize
0x4a0408 GetFileAttributesA
0x4a040c GetExitCodeThread
0x4a0410 GetDriveTypeA
0x4a0414 GetDiskFreeSpaceA
0x4a0418 GetDateFormatA
0x4a041c GetCurrentThreadId
0x4a0420 GetCurrentProcessId
0x4a0424 GetCurrentProcess
0x4a0428 GetComputerNameA
0x4a042c GetCPInfo
0x4a0430 GetACP
0x4a0434 FreeResource
0x4a043c InterlockedExchange
0x4a0444 FreeLibrary
0x4a0448 FormatMessageA
0x4a044c FindResourceA
0x4a0450 FindNextFileA
0x4a0454 FindFirstFileA
0x4a0458 FindClose
0x4a0464 EnumCalendarInfoA
0x4a046c EndUpdateResourceA
0x4a0470 DeleteFileA
0x4a0478 CreateThread
0x4a047c CreateProcessA
0x4a0480 CreatePipe
0x4a0484 CreateMutexA
0x4a0488 CreateFileMappingA
0x4a048c CreateFileA
0x4a0490 CreateEventA
0x4a0494 CreateDirectoryA
0x4a0498 CopyFileA
0x4a049c CompareStringA
0x4a04a0 CloseHandle
Library version.dll:
0x4a04ac VerQueryValueA
0x4a04b4 GetFileVersionInfoA
Library gdi32.dll:
0x4a04bc UnrealizeObject
0x4a04c0 StretchBlt
0x4a04c4 SetWindowOrgEx
0x4a04c8 SetWinMetaFileBits
0x4a04cc SetViewportOrgEx
0x4a04d0 SetTextColor
0x4a04d4 SetStretchBltMode
0x4a04d8 SetROP2
0x4a04dc SetPixel
0x4a04e0 SetEnhMetaFileBits
0x4a04e4 SetDIBColorTable
0x4a04e8 SetBrushOrgEx
0x4a04ec SetBkMode
0x4a04f0 SetBkColor
0x4a04f4 SelectPalette
0x4a04f8 SelectObject
0x4a04fc SaveDC
0x4a0500 RestoreDC
0x4a0504 RectVisible
0x4a0508 RealizePalette
0x4a050c PlayEnhMetaFile
0x4a0510 PatBlt
0x4a0514 MoveToEx
0x4a0518 MaskBlt
0x4a051c LineTo
0x4a0520 IntersectClipRect
0x4a0524 GetWindowOrgEx
0x4a0528 GetWinMetaFileBits
0x4a052c GetTextMetricsA
0x4a0538 GetStockObject
0x4a053c GetPixel
0x4a0540 GetPaletteEntries
0x4a0544 GetObjectA
0x4a0550 GetEnhMetaFileBits
0x4a0554 GetDeviceCaps
0x4a0558 GetDIBits
0x4a055c GetDIBColorTable
0x4a0560 GetDCOrgEx
0x4a0568 GetClipBox
0x4a056c GetBrushOrgEx
0x4a0570 GetBitmapBits
0x4a0574 GdiFlush
0x4a0578 ExcludeClipRect
0x4a057c DeleteObject
0x4a0580 DeleteEnhMetaFile
0x4a0584 DeleteDC
0x4a0588 CreateSolidBrush
0x4a058c CreatePenIndirect
0x4a0590 CreatePalette
0x4a0598 CreateFontIndirectA
0x4a059c CreateDIBitmap
0x4a05a0 CreateDIBSection
0x4a05a4 CreateCompatibleDC
0x4a05ac CreateBrushIndirect
0x4a05b0 CreateBitmap
0x4a05b4 CopyEnhMetaFileA
0x4a05b8 BitBlt
Library user32.dll:
0x4a05c0 CreateWindowExA
0x4a05c4 WindowFromPoint
0x4a05c8 WinHelpA
0x4a05cc WaitMessage
0x4a05d0 UpdateWindow
0x4a05d4 UnregisterClassA
0x4a05d8 UnhookWindowsHookEx
0x4a05dc TranslateMessage
0x4a05e4 TrackPopupMenu
0x4a05e8 ToAsciiEx
0x4a05f0 ShowWindow
0x4a05f4 ShowScrollBar
0x4a05f8 ShowOwnedPopups
0x4a05fc ShowCursor
0x4a0600 SetWindowsHookExA
0x4a0604 SetWindowTextA
0x4a0608 SetWindowPos
0x4a060c SetWindowPlacement
0x4a0610 SetWindowLongA
0x4a0614 SetTimer
0x4a0618 SetScrollRange
0x4a061c SetScrollPos
0x4a0620 SetScrollInfo
0x4a0624 SetRect
0x4a0628 SetPropA
0x4a062c SetParent
0x4a0630 SetMenuItemInfoA
0x4a0634 SetMenu
0x4a0638 SetForegroundWindow
0x4a063c SetFocus
0x4a0640 SetCursor
0x4a0644 SetClassLongA
0x4a0648 SetCapture
0x4a064c SetActiveWindow
0x4a0650 SendMessageA
0x4a0654 ScrollWindow
0x4a0658 ScreenToClient
0x4a065c RemovePropA
0x4a0660 RemoveMenu
0x4a0664 ReleaseDC
0x4a0668 ReleaseCapture
0x4a0674 RegisterClassA
0x4a0678 RedrawWindow
0x4a067c PtInRect
0x4a0680 PostQuitMessage
0x4a0684 PostMessageA
0x4a0688 PeekMessageA
0x4a068c OffsetRect
0x4a0690 OemToCharA
0x4a0698 MessageBoxA
0x4a069c MapWindowPoints
0x4a06a0 MapVirtualKeyExA
0x4a06a4 MapVirtualKeyA
0x4a06a8 LoadStringA
0x4a06ac LoadKeyboardLayoutA
0x4a06b0 LoadIconA
0x4a06b4 LoadCursorA
0x4a06b8 LoadBitmapA
0x4a06bc KillTimer
0x4a06c0 IsZoomed
0x4a06c4 IsWindowVisible
0x4a06c8 IsWindowEnabled
0x4a06cc IsWindow
0x4a06d0 IsRectEmpty
0x4a06d4 IsIconic
0x4a06d8 IsDialogMessageA
0x4a06dc IsChild
0x4a06e0 InvalidateRect
0x4a06e4 IntersectRect
0x4a06e8 InsertMenuItemA
0x4a06ec InsertMenuA
0x4a06f0 InflateRect
0x4a06fc GetWindowTextA
0x4a0700 GetWindowRect
0x4a0704 GetWindowPlacement
0x4a0708 GetWindowLongA
0x4a070c GetWindowDC
0x4a0710 GetTopWindow
0x4a0714 GetSystemMetrics
0x4a0718 GetSystemMenu
0x4a071c GetSysColorBrush
0x4a0720 GetSysColor
0x4a0724 GetSubMenu
0x4a0728 GetScrollRange
0x4a072c GetScrollPos
0x4a0730 GetScrollInfo
0x4a0734 GetPropA
0x4a0738 GetParent
0x4a073c GetWindow
0x4a0740 GetMenuStringA
0x4a0744 GetMenuState
0x4a0748 GetMenuItemInfoA
0x4a074c GetMenuItemID
0x4a0750 GetMenuItemCount
0x4a0754 GetMenu
0x4a0758 GetLastActivePopup
0x4a075c GetKeyboardState
0x4a0764 GetKeyboardLayout
0x4a0768 GetKeyState
0x4a076c GetKeyNameTextA
0x4a0770 GetIconInfo
0x4a0774 GetForegroundWindow
0x4a0778 GetFocus
0x4a077c GetDesktopWindow
0x4a0780 GetDCEx
0x4a0784 GetDC
0x4a0788 GetCursorPos
0x4a078c GetCursor
0x4a0790 GetClipboardData
0x4a0794 GetClientRect
0x4a0798 GetClassNameA
0x4a079c GetClassInfoA
0x4a07a0 GetCapture
0x4a07a4 GetActiveWindow
0x4a07a8 FrameRect
0x4a07ac FindWindowA
0x4a07b0 FillRect
0x4a07b4 EqualRect
0x4a07b8 EnumWindows
0x4a07bc EnumThreadWindows
0x4a07c0 EndPaint
0x4a07c4 EnableWindow
0x4a07c8 EnableScrollBar
0x4a07cc EnableMenuItem
0x4a07d0 DrawTextA
0x4a07d4 DrawMenuBar
0x4a07d8 DrawIconEx
0x4a07dc DrawIcon
0x4a07e0 DrawFrameControl
0x4a07e4 DrawEdge
0x4a07e8 DispatchMessageA
0x4a07ec DestroyWindow
0x4a07f0 DestroyMenu
0x4a07f4 DestroyIcon
0x4a07f8 DestroyCursor
0x4a07fc DeleteMenu
0x4a0800 DefWindowProcA
0x4a0804 DefMDIChildProcA
0x4a0808 DefFrameProcA
0x4a080c CreatePopupMenu
0x4a0810 CreateMenu
0x4a0814 CreateIcon
0x4a0818 ClientToScreen
0x4a081c CheckMenuItem
0x4a0820 CallWindowProcA
0x4a0824 CallNextHookEx
0x4a0828 BeginPaint
0x4a082c CharNextA
0x4a0830 CharLowerBuffA
0x4a0834 CharLowerA
0x4a0838 CharUpperBuffA
0x4a083c CharToOemA
0x4a0840 AdjustWindowRectEx
Library ole32.dll:
0x4a084c CLSIDFromString
Library kernel32.dll:
0x4a0854 Sleep
Library oleaut32.dll:
0x4a085c SafeArrayPtrOfIndex
0x4a0860 SafeArrayGetUBound
0x4a0864 SafeArrayGetLBound
0x4a0868 SafeArrayCreate
0x4a086c VariantChangeType
0x4a0870 VariantCopyInd
0x4a0874 VariantCopy
0x4a0878 VariantClear
0x4a087c VariantInit
Library ole32.dll:
0x4a0884 CLSIDFromProgID
0x4a0888 CoCreateInstance
0x4a088c CoUninitialize
0x4a0890 CoInitialize
Library oleaut32.dll:
0x4a0898 GetErrorInfo
0x4a089c SysFreeString
Library comctl32.dll:
0x4a08ac ImageList_Write
0x4a08b0 ImageList_Read
0x4a08c0 ImageList_DragMove
0x4a08c4 ImageList_DragLeave
0x4a08c8 ImageList_DragEnter
0x4a08cc ImageList_EndDrag
0x4a08d0 ImageList_BeginDrag
0x4a08d4 ImageList_Remove
0x4a08d8 ImageList_DrawEx
0x4a08dc ImageList_Draw
0x4a08ec ImageList_Add
0x4a08f4 ImageList_Destroy
0x4a08f8 ImageList_Create
Library shell32.dll:
0x4a0900 ShellExecuteExA
0x4a0904 ExtractIconExW
Library wininet.dll:
0x4a0910 InternetReadFile
0x4a0914 InternetOpenUrlA
0x4a0918 InternetOpenA
0x4a091c InternetCloseHandle
Library shell32.dll:
0x4a092c SHGetMalloc
0x4a0930 SHGetDesktopFolder
Library advapi32.dll:
0x4a0938 OpenSCManagerA
0x4a093c CloseServiceHandle

Hosts

No hosts contacted.

TCP

Source Source Port Destination Destination Port
192.168.56.101 49184 50.23.197.95 freedns.afraid.org 80

UDP

Source Source Port Destination Destination Port
192.168.56.101 50534 114.114.114.114 53
192.168.56.101 51378 114.114.114.114 53
192.168.56.101 51963 114.114.114.114 53
192.168.56.101 56539 114.114.114.114 53
192.168.56.101 58367 114.114.114.114 53
192.168.56.101 65004 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 49235 224.0.0.252 5355
192.168.56.101 53237 224.0.0.252 5355
192.168.56.101 53657 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 60123 224.0.0.252 5355
192.168.56.101 62191 224.0.0.252 5355
192.168.56.101 62318 224.0.0.252 5355
192.168.56.101 1900 239.255.255.250 1900
192.168.56.101 50535 239.255.255.250 3702
192.168.56.101 56540 239.255.255.250 3702
192.168.56.101 56807 239.255.255.250 1900
192.168.56.101 58707 239.255.255.250 3702

HTTP & HTTPS Requests

URI Data
http://freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978 
GET /api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978 HTTP/1.1
User-Agent: MyApp
Host: freedns.afraid.org
Cache-Control: no-cache

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.