10.8
0-day
16 个模型检测该样本为恶意!
重新分析
更多

8891fc25738fe6b686c5d878e8b2723fe46ee25a84ac5f495f5755ec2cb59895

4624d055c725c093c3c8e16cf570f1f0.exe

分析耗时

744s

最近分析

文件大小

8.5MB
静态报毒 动态报毒 CONFIDENCE EJTSFW ELDORADO FUNSHION FUSIONCORE INSTALLCORE SMBD2 UNSAFE 更多
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
Alibaba Downloader:Win32/FusionCore.c3744904 20190527 0.3.0.5
CrowdStrike win/malicious_confidence_60% (D) 20210203 1.0
Baidu 20190318 1.0.0.2
Avast 20210417 21.1.5827.0
Kingsoft 20210417 2017.9.26.565
McAfee 20210417 6.0.6.653
Tencent 20210417 1.0.0.1
静态指标
Queries for the computername (7 个事件)
Time & API Arguments Status Return Repeated
1619464054.046625
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
1619464060.077625
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
1619464060.874625
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
1619464061.312625
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
1619464061.452625
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
1619478099.83152
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
1619478099.84652
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
Checks if process is being debugged by a debugger (14 个事件)
Time & API Arguments Status Return Repeated
1619464027.312875
IsDebuggerPresent
failed 0 0
1619478544.3735
IsDebuggerPresent
failed 0 0
1619478544.3895
IsDebuggerPresent
failed 0 0
1619478564.0455
IsDebuggerPresent
failed 0 0
1619478564.2485
IsDebuggerPresent
failed 0 0
1619478564.2485
IsDebuggerPresent
failed 0 0
1619478564.6235
IsDebuggerPresent
failed 0 0
1619478564.6705
IsDebuggerPresent
failed 0 0
1619478564.7025
IsDebuggerPresent
failed 0 0
1619478564.8115
IsDebuggerPresent
failed 0 0
1619478565.1085
IsDebuggerPresent
failed 0 0
1619478530.48375
IsDebuggerPresent
failed 0 0
1619478530.53075
IsDebuggerPresent
failed 0 0
1619478530.56175
IsDebuggerPresent
failed 0 0
Collects information to fingerprint the system (MachineGuid, DigitalProductId, SystemBiosDate) (1 个事件)
registry HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\MachineGuid
This executable is signed
Tries to locate where the browsers are installed (1 个事件)
file C:\Program Files\Google\Chrome\Application\89.0.4389.114\chrome.dll
The executable contains unknown PE section names indicative of a packer (could be a false positive) (1 个事件)
section .itext
行为判定
动态指标
Performs some HTTP requests (5 个事件)
request GET http://www.pdfshaper.com/update.ini
request GET http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
request GET http://ocsp.comodoca.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRTtU9uFqgVGHhJwXZyWCNXmVR5ngQUoBEKIz6W8Qfs4q8p74Klf9AwpLQCEGfe9D7xe9riT%2FWUBgbSwIQ%3D
request GET http://ocsp.comodoca.com/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBReAhtobFzTvhaRmVeJ38QUchY9AwQUu69%2BAj36pvE8hI6t7jiY7NkyMtQCEQDwHUvue3yjezwFZqwFlyRY
request GET https://www.pdfshaper.com/update.ini
Allocates read-write-execute memory (usually to unpack itself) (6 个事件)
Time & API Arguments Status Return Repeated
1619464027.155875
NtProtectVirtualMemory
process_identifier: 2712
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00400000
success 0 0
1619464027.155875
NtProtectVirtualMemory
process_identifier: 2712
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 69632
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00401000
success 0 0
1619464027.155875
NtProtectVirtualMemory
process_identifier: 2712
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 118784
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x0041b000
success 0 0
1619464027.890625
NtAllocateVirtualMemory
process_identifier: 1380
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x01ef0000
success 0 0
1619478114.61252
NtAllocateVirtualMemory
process_identifier: 1424
region_size: 65536
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffffffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x0000000007710000
success 0 0
1619478526.68675
NtAllocateVirtualMemory
process_identifier: 1476
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x003f0000
success 0 0
Checks whether any human activity is being performed by constantly checking whether the foreground window changed
A process attempted to delay the analysis task. (2 个事件)
description PDFShaper.exe tried to sleep 240 seconds, actually delayed analysis time by 240 seconds
description explorer.exe tried to sleep 240 seconds, actually delayed analysis time by 240 seconds
Queries the disk size which could be used to detect virtual machine with small fixed size or dynamic allocation (4 个事件)
Time & API Arguments Status Return Repeated
1619464044.593625
GetDiskFreeSpaceExW
root_path: C:\Program Files (x86)\PDF Shaper Free\
free_bytes_available: 1873786897696244264
total_number_of_free_bytes: 0
total_number_of_bytes: 7019368163969800
failed 0 0
1619464044.593625
GetDiskFreeSpaceExW
root_path: C:\Program Files (x86)\
free_bytes_available: 19463909376
total_number_of_free_bytes: 0
total_number_of_bytes: 34252779520
success 1 0
1619478101.26852
GetDiskFreeSpaceExW
root_path: C:\Users\Administrator.Oskar-PC\AppData\Local\Microsoft\Windows\Explorer
free_bytes_available: 19409207296
total_number_of_free_bytes: 0
total_number_of_bytes: 0
success 1 0
1619478578.25252
GetDiskFreeSpaceExW
root_path: C:\
free_bytes_available: 19317534720
total_number_of_free_bytes: 19317534720
total_number_of_bytes: 34252779520
success 1 0
Steals private information from local Internet browsers (15 个事件)
file C:\Users\Administrator.Oskar-PC\AppData\Local\Google\Chrome\User Data\CrashpadMetrics-spare.pma
file C:\Users\Administrator.Oskar-PC\AppData\Local\Google\Chrome\User Data\Crashpad\reports
file C:\Users\Administrator.Oskar-PC\AppData\Local\Google\Chrome\User Data\First Run
file C:\Users\Administrator.Oskar-PC\AppData\Local\Google\Chrome\User Data\BrowserMetrics-spare.pma
file C:\Users\Administrator.Oskar-PC\AppData\Local\Google\Chrome\User Data\BrowserMetrics
file C:\Users\Administrator.Oskar-PC\AppData\Local\Google\Chrome\User Data\CrashpadMetrics.pma~RF1de553f.TMP
file C:\Users\Administrator.Oskar-PC\AppData\Local\Google\Chrome\User Data\
file C:\Users\Administrator.Oskar-PC\AppData\Local\Google\Chrome\User Data
file C:\Users\Administrator.Oskar-PC\AppData\Local\Google\Chrome\User Data\Local State
file C:\Users\Administrator.Oskar-PC\AppData\Local\Google\Chrome\User Data\Crashpad\metadata
file C:\Users\Administrator.Oskar-PC\AppData\Local\Google\Chrome\User Data\CrashpadMetrics.pma
file C:\Users\Administrator.Oskar-PC\AppData\Local\Google\Chrome\User Data\Crashpad
file C:\Users\Administrator.Oskar-PC\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat
file C:\Users\Administrator.Oskar-PC\AppData\Local\Google\Chrome\User Data\CrashpadMetrics-active.pma
file C:\Users\Administrator.Oskar-PC\AppData\Local\Google\Chrome\User Data\BrowserMetrics\BrowserMetrics-6087517F-940.pma
Creates executable files on the filesystem (5 个事件)
file C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\is-2KO2J.tmp\Fusion.dll
file C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF Shaper Free\PDF Shaper Free.lnk
file C:\Users\Public\Desktop\PDF Shaper Free.lnk
file C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF Shaper Free\Help.lnk
file C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF Shaper Free\Uninstall PDF Shaper Free.lnk
Creates a shortcut to an executable file (6 个事件)
file C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF Shaper Free\PDF Shaper Free on the Web.lnk
file C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF Shaper Free\Help.lnk
file C:\Users\Public\Desktop\PDF Shaper Free.lnk
file C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF Shaper Free\Uninstall PDF Shaper Free.lnk
file C:\Users\Public\Desktop\Google Chrome.lnk
file C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF Shaper Free\PDF Shaper Free.lnk
Drops an executable to the user AppData folder (2 个事件)
file C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\is-2KO2J.tmp\Fusion.dll
file C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\is-O5MB5.tmp\4624d055c725c093c3c8e16cf570f1f0.tmp
Checks adapter addresses which can be used to detect virtual network interfaces (1 个事件)
Time & API Arguments Status Return Repeated
1619478528.73375
GetAdaptersAddresses
flags: 0
family: 0
failed 111 0
Queries for potentially installed applications (6 个事件)
Time & API Arguments Status Return Repeated
1619464028.812625
RegOpenKeyExW
access: 0x00000001
base_handle: 0x80000001
key_handle: 0x00000000
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\PDF Shaper Free_is1
regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\PDF Shaper Free_is1
options: 0
failed 2 0
1619464028.812625
RegOpenKeyExW
access: 0x00000001
base_handle: 0x80000002
key_handle: 0x00000000
regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\PDF Shaper Free_is1
regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\PDF Shaper Free_is1
options: 0
failed 2 0
1619464037.015625
RegOpenKeyExW
access: 0x00000001
base_handle: 0x80000001
key_handle: 0x00000000
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\PDF Shaper Free_is1
regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\PDF Shaper Free_is1
options: 0
failed 2 0
1619464037.015625
RegOpenKeyExW
access: 0x00000001
base_handle: 0x80000002
key_handle: 0x00000000
regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\PDF Shaper Free_is1
regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\PDF Shaper Free_is1
options: 0
failed 2 0
1619464063.046625
RegOpenKeyExW
access: 0x00000008
base_handle: 0x80000001
key_handle: 0x00000000
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\PDF Shaper Free_is1
regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\PDF Shaper Free_is1
options: 0
failed 2 0
1619464063.046625
RegOpenKeyExW
access: 0x00000008
base_handle: 0x80000002
key_handle: 0x00000000
regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\PDF Shaper Free_is1
regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\PDF Shaper Free_is1
options: 0
failed 2 0
网络通信
Communicates with host for which no DNS query was performed (2 个事件)
host 113.108.239.196
host 172.217.24.14
Creates a windows hook that monitors keyboard input (keylogger) (1 个事件)
Time & API Arguments Status Return Repeated
1619478206.64352
SetWindowsHookExW
thread_identifier: 0
callback_function: 0x00000000ff35ae10
module_address: 0x00000000ff2b0000
hook_identifier: 13 (WH_KEYBOARD_LL)
success 524717 0
File has been identified by 16 AntiVirus engines on VirusTotal as malicious (16 个事件)
Cylance Unsafe
Alibaba Downloader:Win32/FusionCore.c3744904
CrowdStrike win/malicious_confidence_60% (D)
Cyren W32/FusionCore.A.gen!Eldorado
ESET-NOD32 a variant of Win32/FusionCore.I potentially unwanted
TrendMicro-HouseCall PUA.Win32.FusionCore.SMBD2
Kaspersky not-a-virus:HEUR:Downloader.Win32.Funshion.gen
NANO-Antivirus Trojan.Win32.InstallCore.ejtsfw
DrWeb Trojan.InstallCore.2700
TrendMicro PUA.Win32.FusionCore.SMBD2
McAfee-GW-Edition FusionCore
Webroot W32.Malware.Gen
ZoneAlarm not-a-virus:HEUR:Downloader.Win32.Funshion.gen
GData Win32.Application.FusionCore.D
VBA32 Trojan.InstallCore
Fortinet Riskware/FusionCore
Attempts to create or modify system certificates (1 个事件)
registry HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob
Sets or modifies WPAD proxy autoconfiguration file for traffic interception (15 个事件)
Time & API Arguments Status Return Repeated
1619478531.78075
RegSetValueExA
key_handle: 0x00000384
value: 1
regkey_r: WpadDecisionReason
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionReason
success 0 0
1619478531.78075
RegSetValueExA
key_handle: 0x00000384
value: €j¾µö:×
regkey_r: WpadDecisionTime
reg_type: 3 (REG_BINARY)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionTime
success 0 0
1619478531.78075
RegSetValueExA
key_handle: 0x00000384
value: 3
regkey_r: WpadDecision
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecision
success 0 0
1619478531.78075
RegSetValueExW
key_handle: 0x00000384
value: 网络 2
regkey_r: WpadNetworkName
reg_type: 1 (REG_SZ)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadNetworkName
success 0 0
1619478531.78075
RegSetValueExA
key_handle: 0x0000039c
value: 1
regkey_r: WpadDecisionReason
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionReason
success 0 0
1619478531.78075
RegSetValueExA
key_handle: 0x0000039c
value: €j¾µö:×
regkey_r: WpadDecisionTime
reg_type: 3 (REG_BINARY)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionTime
success 0 0
1619478531.78075
RegSetValueExA
key_handle: 0x0000039c
value: 3
regkey_r: WpadDecision
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecision
success 0 0
1619478531.78075
RegSetValueExW
key_handle: 0x00000380
value: {40112ABE-63B3-43C3-BE93-1440EE3AF106}
regkey_r: WpadLastNetwork
reg_type: 1 (REG_SZ)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\WpadLastNetwork
success 0 0
1619478572.51475
RegSetValueExA
key_handle: 0x0000064c
value: 1
regkey_r: WpadDecisionReason
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionReason
success 0 0
1619478572.51475
RegSetValueExA
key_handle: 0x0000064c
value: Ðå±Îö:×
regkey_r: WpadDecisionTime
reg_type: 3 (REG_BINARY)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionTime
success 0 0
1619478572.51475
RegSetValueExA
key_handle: 0x0000064c
value: 0
regkey_r: WpadDecision
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecision
success 0 0
1619478572.51475
RegSetValueExW
key_handle: 0x0000064c
value: 网络 2
regkey_r: WpadNetworkName
reg_type: 1 (REG_SZ)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadNetworkName
success 0 0
1619478572.51475
RegSetValueExA
key_handle: 0x00000620
value: 1
regkey_r: WpadDecisionReason
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionReason
success 0 0
1619478572.51475
RegSetValueExA
key_handle: 0x00000620
value: Ðå±Îö:×
regkey_r: WpadDecisionTime
reg_type: 3 (REG_BINARY)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionTime
success 0 0
1619478572.51475
RegSetValueExA
key_handle: 0x00000620
value: 0
regkey_r: WpadDecision
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecision
success 0 0
One or more non-safelisted processes were created (1 个事件)
parent_process chrome.exe martian_process "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Administrator.Oskar-PC\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Administrator.Oskar-PC\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Administrator.Oskar-PC\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=89.0.4389.114 --initial-client-data=0xb0,0xb4,0xb8,0x84,0xbc,0x7fef2504f50,0x7fef2504f60,0x7fef2504f70
Connects to IP addresses that are no longer responding to requests (legitimate services will remain up-and-running usually) (3 个事件)
dead_host 172.217.163.238:443
dead_host 172.217.24.14:443
dead_host 216.58.197.110:443
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

2016-04-06 22:39:04

Imports

Library oleaut32.dll:
0x419304 SysFreeString
0x419308 SysReAllocStringLen
0x41930c SysAllocStringLen
Library advapi32.dll:
0x419314 RegQueryValueExW
0x419318 RegOpenKeyExW
0x41931c RegCloseKey
Library user32.dll:
0x419324 GetKeyboardType
0x419328 LoadStringW
0x41932c MessageBoxA
0x419330 CharNextW
Library kernel32.dll:
0x419338 GetACP
0x41933c Sleep
0x419340 VirtualFree
0x419344 VirtualAlloc
0x419348 GetSystemInfo
0x41934c GetTickCount
0x419354 GetVersion
0x419358 GetCurrentThreadId
0x41935c VirtualQuery
0x419360 WideCharToMultiByte
0x419364 MultiByteToWideChar
0x419368 lstrlenW
0x41936c lstrcpynW
0x419370 LoadLibraryExW
0x419374 GetThreadLocale
0x419378 GetStartupInfoA
0x41937c GetProcAddress
0x419380 GetModuleHandleW
0x419384 GetModuleFileNameW
0x419388 GetLocaleInfoW
0x41938c GetCommandLineW
0x419390 FreeLibrary
0x419394 FindFirstFileW
0x419398 FindClose
0x41939c ExitProcess
0x4193a0 WriteFile
0x4193a8 RtlUnwind
0x4193ac RaiseException
0x4193b0 GetStdHandle
0x4193b4 CloseHandle
Library kernel32.dll:
0x4193bc TlsSetValue
0x4193c0 TlsGetValue
0x4193c4 LocalAlloc
0x4193c8 GetModuleHandleW
Library user32.dll:
0x4193d0 CreateWindowExW
0x4193d4 TranslateMessage
0x4193d8 SetWindowLongW
0x4193dc PeekMessageW
0x4193e4 MessageBoxW
0x4193e8 LoadStringW
0x4193ec GetSystemMetrics
0x4193f0 ExitWindowsEx
0x4193f4 DispatchMessageW
0x4193f8 DestroyWindow
0x4193fc CharUpperBuffW
0x419400 CallWindowProcW
Library kernel32.dll:
0x419408 WriteFile
0x41940c WideCharToMultiByte
0x419410 WaitForSingleObject
0x419414 VirtualQuery
0x419418 VirtualProtect
0x41941c VirtualFree
0x419420 VirtualAlloc
0x419424 SizeofResource
0x419428 SignalObjectAndWait
0x41942c SetLastError
0x419430 SetFilePointer
0x419434 SetEvent
0x419438 SetErrorMode
0x41943c SetEndOfFile
0x419440 ResetEvent
0x419444 RemoveDirectoryW
0x419448 ReadFile
0x41944c MultiByteToWideChar
0x419450 LockResource
0x419454 LoadResource
0x419458 LoadLibraryW
0x419460 GetVersionExW
0x419464 GetVersion
0x41946c GetThreadLocale
0x419470 GetSystemInfo
0x419474 GetSystemDirectoryW
0x419478 GetStdHandle
0x41947c GetProcAddress
0x419480 GetModuleHandleW
0x419484 GetModuleFileNameW
0x419488 GetLocaleInfoW
0x41948c GetLastError
0x419490 GetFullPathNameW
0x419494 GetFileSize
0x419498 GetFileAttributesW
0x41949c GetExitCodeProcess
0x4194a4 GetDiskFreeSpaceW
0x4194a8 GetCurrentProcess
0x4194ac GetCommandLineW
0x4194b0 GetCPInfo
0x4194b4 InterlockedExchange
0x4194bc FreeLibrary
0x4194c0 FormatMessageW
0x4194c4 FindResourceW
0x4194c8 EnumCalendarInfoW
0x4194cc DeleteFileW
0x4194d0 CreateProcessW
0x4194d4 CreateFileW
0x4194d8 CreateEventW
0x4194dc CreateDirectoryW
0x4194e0 CloseHandle
Library advapi32.dll:
0x4194e8 RegQueryValueExW
0x4194ec RegOpenKeyExW
0x4194f0 RegCloseKey
0x4194f4 OpenProcessToken
Library comctl32.dll:
0x419500 InitCommonControls
Library kernel32.dll:
0x419508 Sleep
Library advapi32.dll:

Hosts

No hosts contacted.

TCP

Source Source Port Destination Destination Port
192.168.56.101 49219 121.12.53.35 www.download.windowsupdate.com 80
192.168.56.101 49220 151.139.128.14 ocsp.comodoca.com 80
192.168.56.101 49210 208.100.40.4 www.pdfshaper.com 80
192.168.56.101 49211 208.100.40.4 www.pdfshaper.com 443

UDP

Source Source Port Destination Destination Port
192.168.56.101 50534 114.114.114.114 53
192.168.56.101 51963 114.114.114.114 53
192.168.56.101 55368 114.114.114.114 53
192.168.56.101 57367 114.114.114.114 53
192.168.56.101 58970 114.114.114.114 53
192.168.56.101 60123 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 123 20.189.79.72 time.windows.com 123
192.168.56.101 51378 224.0.0.252 5355
192.168.56.101 51808 224.0.0.252 5355
192.168.56.101 53237 224.0.0.252 5355
192.168.56.101 53500 224.0.0.252 5355
192.168.56.101 54178 224.0.0.252 5355
192.168.56.101 54260 224.0.0.252 5355
192.168.56.101 55169 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 57236 224.0.0.252 5355
192.168.56.101 58070 224.0.0.252 5355
192.168.56.101 60384 224.0.0.252 5355

HTTP & HTTPS Requests

URI Data
http://ocsp.comodoca.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRTtU9uFqgVGHhJwXZyWCNXmVR5ngQUoBEKIz6W8Qfs4q8p74Klf9AwpLQCEGfe9D7xe9riT%2FWUBgbSwIQ%3D 
GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBRTtU9uFqgVGHhJwXZyWCNXmVR5ngQUoBEKIz6W8Qfs4q8p74Klf9AwpLQCEGfe9D7xe9riT%2FWUBgbSwIQ%3D HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.comodoca.com
http://ocsp.comodoca.com/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBReAhtobFzTvhaRmVeJ38QUchY9AwQUu69%2BAj36pvE8hI6t7jiY7NkyMtQCEQDwHUvue3yjezwFZqwFlyRY 
GET /MFIwUDBOMEwwSjAJBgUrDgMCGgUABBReAhtobFzTvhaRmVeJ38QUchY9AwQUu69%2BAj36pvE8hI6t7jiY7NkyMtQCEQDwHUvue3yjezwFZqwFlyRY HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.comodoca.com
http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab 
GET /msdownload/update/v3/static/trustedr/en/authrootstl.cab HTTP/1.1
Cache-Control: max-age = 3600
Connection: Keep-Alive
Accept: */*
If-Modified-Since: Wed, 03 Mar 2021 06:32:16 GMT
If-None-Match: "0d8f4f3f6fd71:0"
User-Agent: Microsoft-CryptoAPI/6.1
Host: www.download.windowsupdate.com
http://www.pdfshaper.com/update.ini 
GET /update.ini HTTP/1.1
User-Agent: WebData
Host: www.pdfshaper.com
Cache-Control: no-cache

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.