2.3
中危
DACN
0.14
FACILE
1.00
IMCLNet
0.52
MFGraph
0.00
反病毒引擎
未检测
暂无反病毒引擎检测结果
静态指标
检查进程是否被调试器调试
(2 个事件)
| Time & API | Arguments | Status | Return | Repeated |
|---|---|---|---|---|
|
1727545279.468375 IsDebuggerPresent |
failed | 0 | 0 | |
|
1727545279.99925 IsDebuggerPresent |
failed | 0 | 0 |
可执行文件包含未知的 PE 段名称,可能指示打包器(可能是误报)
(15 个事件)
| section | .buildi |
| section | .show |
| section | M7/nWLy |
| section | .po4 |
| section | .data2 |
| section | new_imp |
| section | .po5 |
| section | .lzmjSu |
| section | usj |
| section | .opc |
| section | gfelmge |
| section | PAGEKDD |
| section | ordo |
| section | \\\\xb8 |
| section | .bin |
动态指标
提取了一个或多个潜在有趣的缓冲区,这些缓冲区通常包含注入的代码、配置数据等。
分配可读-可写-可执行内存(通常用于自解压)
(6 个事件)
在文件系统上创建可执行文件
(1 个事件)
| file | C:\Users\Administrator\AppData\Local\Temp\hhcbrnaff.exe |
投放一个二进制文件并执行它
(1 个事件)
| file | C:\Users\Administrator\AppData\Local\Temp\hhcbrnaff.exe |
一个进程创建了一个隐藏窗口
(1 个事件)
该二进制文件可能包含加密或压缩数据,表明使用了打包工具
(2 个事件)
| section | {'name': 'new_imp', 'virtual_address': '0x00018000', 'virtual_size': '0x00000200', 'size_of_data': '0x00000200', 'entropy': 7.322666847734032} | entropy | 7.322666847734032 | description | 发现高熵的节 | |||||||||
| section | {'name': 'PAGEKDD', 'virtual_address': '0x0001a000', 'virtual_size': '0x00000200', 'size_of_data': '0x00000154', 'entropy': 7.245564145027691} | entropy | 7.245564145027691 | description | 发现高熵的节 | |||||||||
网络通信
一个或多个缓冲区包含嵌入的PE文件
(1 个事件)
| buffer | Buffer with sha1: 06a9ad9f438bc7042361e5bfecc26d3b0e70d13f |
与未执行 DNS 查询的主机进行通信
(2 个事件)
| host | 114.114.114.114 | |||
| host | 8.8.8.8 | |||
在用户文件夹中创建可执行文件
(1 个事件)
| file | C:\Users\Administrator\AppData\Local\Temp\hhcbrnaff.exe |
二进制图像
288x288
224x224
192x192
160x160
128x128
96x96
64x64
32x32
运行截图
暂无运行截图
该样本运行过程中未生成截图
PE Compile Time
2004-10-13 11:27:30
PE Imphash
7f712f2a919df3038830bf06da63a3d5
Sections
| Name | Virtual Address | Virtual Size | Size of Raw Data | Entropy |
|---|---|---|---|---|
| .buildi | 0x00001000 | 0x00000d81 | 0x00000e00 | 6.435993345637047 |
| .show | 0x00002000 | 0x000014eb | 0x00001600 | 4.921057910088666 |
| M7/nWLy | 0x00004000 | 0x000006be | 0x00000800 | 3.9283002053078357 |
| /42 | 0x00005000 | 0x00001a19 | 0x00001c00 | 5.117923445834665 |
| .po4 | 0x00007000 | 0x00000200 | 0x00000200 | 3.8694310388062267 |
| .data2 | 0x00008000 | 0x00000200 | 0x00000200 | 4.605309178500234 |
| /30 | 0x00009000 | 0x00000200 | 0x00000200 | 3.8694310388062267 |
| /4 | 0x0000a000 | 0x00001000 | 0x00000600 | 3.8797839023544 |
| new_imp | 0x0000b000 | 0x00001000 | 0x00000600 | 3.919738071083163 |
| .po5 | 0x0000c000 | 0x00000200 | 0x00000200 | 3.8694310388062267 |
| .lzmjSu | 0x0000d000 | 0x00001000 | 0x00000600 | 3.960704083715032 |
| usj | 0x0000e000 | 0x00001000 | 0x00000600 | 4.000125471157331 |
| .opc | 0x0000f000 | 0x00000200 | 0x00000200 | 3.8694310388062267 |
| gfelmge | 0x00010000 | 0x00001000 | 0x00000800 | 3.3351728217745538 |
| PAGEKDD | 0x00011000 | 0x00000200 | 0x00000200 | 3.8694310388062267 |
| new_imp | 0x00012000 | 0x00001000 | 0x00000800 | 3.3842075664484055 |
| ordo | 0x00013000 | 0x00000200 | 0x00000200 | 3.8694310388062267 |
| \\\\xb8 | 0x00014000 | 0x00001000 | 0x00000800 | 3.3948980553013484 |
| new_imp | 0x00015000 | 0x00001000 | 0x00000800 | 3.434236094841649 |
| M7/nWLy | 0x00016000 | 0x00001000 | 0x00000800 | 3.4543321541834007 |
| new_imp | 0x00017000 | 0x00001000 | 0x00000800 | 4.728096638571375 |
| new_imp | 0x00018000 | 0x00000200 | 0x00000200 | 7.322666847734032 |
| .bin | 0x00019000 | 0x00000200 | 0x00000200 | 6.726734369240647 |
| PAGEKDD | 0x0001a000 | 0x00000200 | 0x00000154 | 7.245564145027691 |
Resources
| Name | Offset | Size | Language | Sub-language | File type |
|---|---|---|---|---|---|
| RT_ICON | 0x00005178 | 0x00000ea8 | LANG_NEUTRAL | SUBLANG_NEUTRAL | None |
| RT_DIALOG | 0x00006020 | 0x000000e8 | LANG_NEUTRAL | SUBLANG_NEUTRAL | None |
| RT_GROUP_ICON | 0x00006108 | 0x00000014 | LANG_NEUTRAL | SUBLANG_NEUTRAL | None |
| RT_VERSION | 0x0000611c | 0x00000318 | LANG_NEUTRAL | SUBLANG_NEUTRAL | None |
| RT_MANIFEST | 0x00006434 | 0x00000193 | LANG_NEUTRAL | SUBLANG_NEUTRAL | None |
Imports
Library user32.dll:
• 0x4041e8 CreateWindowExA
• 0x4041ec GetMessageA
• 0x4041f0 DispatchMessageA
• 0x4041f4 DefWindowProcA
• 0x4041f8 PostQuitMessage
• 0x4041fc GetForegroundWindow
• 0x404200 SetForegroundWindow
• 0x404204 CreateMenu
• 0x404208 GetSystemMenu
• 0x40420c GetDoubleClickTime
• 0x404210 UpdateWindow
• 0x404214 GetQueueStatus
• 0x404218 GetClipboardOwner
• 0x40421c FindWindowA
• 0x404220 LoadIconA
• 0x404224 LoadCursorA
• 0x404228 RegisterClassA
Library GDI32.dll:
• 0x4043b4 CreateBitmap
• 0x4043b8 IntersectClipRect
• 0x4043bc ExcludeClipRect
• 0x4043c0 UpdateColors
• 0x4043c4 DeleteDC
• 0x4043c8 GetTextExtentPoint32A
• 0x4043cc CreateCompatibleDC
• 0x4043d0 DeleteObject
• 0x4043d4 TextOutA
• 0x4043d8 SetBkColor
• 0x4043dc SetTextColor
• 0x4043e0 Rectangle
• 0x4043e4 CreateSolidBrush
• 0x4043e8 GetStockObject
• 0x4043ec SelectObject
• 0x4043f0 CreateFontIndirectA
• 0x4043f4 GetTextExtentExPointA
• 0x4043f8 SetMapMode
• 0x4043fc GetDeviceCaps
• 0x404400 GetTextMetricsA
• 0x404404 CreateFontA
• 0x404408 RealizePalette
Library Winmm.dll:
• 0x404694 mciSendStringA
Library Msacm32.dll:
• 0x404674 acmStreamOpen
Library IMM32.dll:
• 0x4045a0 ImmGetCompositionStringW
• 0x4045a4 ImmSetCompositionFontA
• 0x4045a8 ImmGetContext
• 0x4045ac ImmSetCompositionWindow
Library kernel32.dll:
• 0x404110 GetModuleHandleA
• 0x404114 CreateSemaphoreW
• 0x404118 GetProcAddress
• 0x40411c HeapCreate
• 0x404120 HeapAlloc
• 0x404124 ExitProcess
• 0x404128 FreeLibrary
.buildi
M7/nWLy
.data2
new_imp
.lzmjSu
gfelmge
PAGEKDD
new_imp
\\\\xb8
new_imp
M7/nWLy
new_imp
new_imp
PAGEKDD
E%)E%-
2Q?@HGGQ
g@N[vf
X=g;QFvZVCy
LoadLibraryExA
save recsound aaa
TranslateMessage
user32.dll
user32.dll
GDI32.dll
Winmm.dll
Msacm32.dll
IMM32.dll
kernel32.dll
OLE32.dll
GetModuleHandleA
CreateSemaphoreW
GetProcAddress
HeapCreate
HeapAlloc
ExitProcess
FreeLibrary
CreateWindowExA
GetMessageA
DispatchMessageA
DefWindowProcA
PostQuitMessage
GetForegroundWindow
SetForegroundWindow
CreateMenu
GetSystemMenu
GetDoubleClickTime
UpdateWindow
GetQueueStatus
GetClipboardOwner
FindWindowA
LoadIconA
LoadCursorA
RegisterClassA
CreateBitmap
IntersectClipRect
ExcludeClipRect
UpdateColors
DeleteDC
GetTextExtentPoint32A
CreateCompatibleDC
DeleteObject
TextOutA
SetBkColor
SetTextColor
Rectangle
CreateSolidBrush
GetStockObject
SelectObject
CreateFontIndirectA
GetTextExtentExPointA
SetMapMode
GetDeviceCaps
GetTextMetricsA
CreateFontA
RealizePalette
ImmGetCompositionStringW
ImmSetCompositionFontA
ImmGetContext
ImmSetCompositionWindow
CoUninitialize
CoInitialize
CoCreateInstance
acmStreamOpen
mciSendStringA
#######
###;KK>
26;2+##########
#########
#####+bEXL
+######+
#####3
######3#
PD[>J22Ib|tLx63
#######3#>>
vDDP>2
########3+ug
DW[[FvV####
########3#J~~3#5gJIk#
3333333333+g +zT
##++++######
3333333333#J%Tz+33#3333######
33333333333+
#33############
33333333333@II#333###########
33333333333@+333333#########
33333333@?a
+233333#3#######
33@j+23333333#######
j@33333333#######
+jj23333333333####
+I@3333333333##
2+@2333333333#
al233333333
$$$2333
C&SCCCSCS&&&&
&&&&$$
7:::::::****************ss****@$$$$$
788888881;111n;;;11p;11111111;
))))))
o,,,,,,,L6,6Lr66rq6,,,,,,,E
)f/HHHH/
8(((((,Lx|>>Eq6,(,((,EM&/-999N/
K((((((XmV#R?DlV((((((EMC/N9<<<<<
,444444X|JJVT
DRmXF4444F4VMC-9<UUU
(444444X3?
DPIDP#F04440tM
4000000y2WIWRIuRI
0000050
5y{kkJ0? D~`f9f
0%%%%%%_
3^%%%%%y`f\f#
%%%%%%%%^_a%G_a%%G=%%%%%%^`f\f#
%%%%%%%%%BB%%%BB%GG%BB%GGGGG%G`f
G.......'''''''''''''''''''''.
-----------------d-)/
&&&&$$$&
$$$$$$$
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
<security>
<requestedPrivileges>
<requestedExecutionLevel level="asInvoker" uiAccess="false"></requestedExecutionLevel>
</requestedPrivileges>
</security>
</trustInfo>
</assembly>
Thank you for choosing Microsoft Office 2013. This is a license agreement between you and Microsoft Corporation (or, based on where you live, one of its affiliates) that describes your rights to use the Office 2013 software. For your convenience, we
ve organized this agreement into two parts. The first part includes introductory terms;
jAtIk :
Microsoft Updates1
Microsoft Updates0
191006134601Z
201006140601Z0E1
Microsof
Thank you for choosing Microsoft Office 2013. This is a license agreement between you and Microsoft Corporation (or, based on where you live, one of its affiliates) that describes your rights to use the Office 2013 software. For your convenience, we
ve organized this agreement into two parts. The first part includes introductory terms;
user32.dll
CreateWindowExA
GetMessageA
DispatchMessageA
DefWindowProcA
PostQuitMessage
GetForegroundWindow
SetForegroundWindow
CreateMenu
GetSystemMenu
GetDoubleClickTime
UpdateWindow
GetQueueStatus
GetClipboardOwner
FindWindowA
LoadIconA
LoadCursorA
RegisterClassA
GDI32.dll
CreateBitmap
IntersectClipRect
ExcludeClipRect
UpdateColors
DeleteDC
GetTextExtentPoint32A
CreateCompatibleDC
DeleteObject
TextOutA
SetBkColor
SetTextColor
Rectangle
CreateSolidBrush
GetStockObject
SelectObject
CreateFontIndirectA
GetTextExtentExPointA
SetMapMode
GetDeviceCaps
GetTextMetricsA
CreateFontA
RealizePalette
Winmm.dll
mciSendStringA
Msacm32.dll
acmStreamOpen
IMM32.dll
ImmGetCompositionStringW
ImmSetCompositionFontA
ImmGetContext
ImmSetCompositionWindow
kernel32.dll
GetModuleHandleA
CreateSemaphoreW
GetProcAddress
HeapCreate
HeapAlloc
ExitProcess
FreeLibrary
OLE32.dll
CoUninitialize
CoInitialize
CoCreateInstance
user32.dll
CreateWindowExA
GetMessageA
DispatchMessageA
DefWindowProcA
PostQuitMessage
GetForegroundWindow
SetForegroundWindow
CreateMenu
GetSystemMenu
GetDoubleClickTime
UpdateWindow
GetQueueStatus
GetClipboardOwner
FindWindowA
LoadIconA
LoadCursorA
RegisterClassA
GDI32.dll
CreateBitmap
IntersectClipRect
ExcludeClipRect
UpdateColors
DeleteDC
GetTextExtentPoint32A
CreateCompatibleDC
DeleteObject
TextOutA
SetBkColor
SetTextColor
Rectangle
CreateSolidBrush
GetStockObject
SelectObject
CreateFontIndirectA
GetTextExtentExPointA
SetMapMode
GetDeviceCaps
GetTextMetricsA
CreateFontA
RealizePalette
Winmm.dll
mciSendStringA
Msacm32.dll
acmStreamOpen
IMM32.dll
ImmGetCompositionStringW
ImmSetCompositionFontA
ImmGetContext
ImmSetCompositionWindow
kernel32.dll
GetModuleHandleA
CreateSemaphoreW
GetProcAddress
HeapCreate
HeapAlloc
ExitProcess
FreeLibrary
OLE32.dll
CoUninitialize
CoInitialize
CoCreateInstance
Thank you for choosing Microsoft Office 2013. This is a license agreement between you and Microsoft Corporation (or, based on where you live, one of its affiliates) that describes your rights to use the Office 2013 software. For your convenience, we
ve organized this agreement into two parts. The first part includes introductory terms;
user32.dll
CreateWindowExA
GetMessageA
DispatchMessageA
DefWindowProcA
PostQuitMessage
GetForegroundWindow
SetForegroundWindow
CreateMenu
GetSystemMenu
GetDoubleClickTime
UpdateWindow
GetQueueStatus
GetClipboardOwner
FindWindowA
LoadIconA
LoadCursorA
RegisterClassA
GDI32.dll
CreateBitmap
IntersectClipRect
ExcludeClipRect
UpdateColors
DeleteDC
GetTextExtentPoint32A
CreateCompatibleDC
DeleteObject
TextOutA
SetBkColor
SetTextColor
Rectangle
CreateSolidBrush
GetStockObject
SelectObject
CreateFontIndirectA
GetTextExtentExPointA
SetMapMode
GetDeviceCaps
GetTextMetricsA
CreateFontA
RealizePalette
Winmm.dll
mciSendStringA
Msacm32.dll
acmStreamOpen
IMM32.dll
ImmGetCompositionStringW
ImmSetCompositionFontA
ImmGetContext
ImmSetCompositionWindow
kernel32.dll
GetModuleHandleA
CreateSemaphoreW
GetProcAddress
HeapCreate
HeapAlloc
ExitProcess
FreeLibrary
OLE32.dll
CoUninitialize
CoInitialize
CoCreateInstance
user32.dll
CreateWindowExA
GetMessageA
DispatchMessageA
DefWindowProcA
PostQuitMessage
GetForegroundWindow
SetForegroundWindow
CreateMenu
GetSystemMenu
GetDoubleClickTime
UpdateWindow
GetQueueStatus
GetClipboardOwner
FindWindowA
LoadIconA
LoadCursorA
RegisterClassA
GDI32.dll
CreateBitmap
IntersectClipRect
ExcludeClipRect
UpdateColors
DeleteDC
GetTextExtentPoint32A
CreateCompatibleDC
DeleteObject
TextOutA
SetBkColor
SetTextColor
Rectangle
CreateSolidBrush
GetStockObject
SelectObject
CreateFontIndirectA
GetTextExtentExPointA
SetMapMode
GetDeviceCaps
GetTextMetricsA
CreateFontA
RealizePalette
Winmm.dll
mciSendStringA
Msacm32.dll
acmStreamOpen
IMM32.dll
ImmGetCompositionStringW
ImmSetCompositionFontA
ImmGetContext
ImmSetCompositionWindow
kernel32.dll
GetModuleHandleA
CreateSemaphoreW
GetProcAddress
HeapCreate
HeapAlloc
ExitProcess
FreeLibrary
OLE32.dll
CoUninitialize
CoInitialize
CoCreateInstance
Thank you for choosing Microsoft Office 2013. This is a license agreement between you and Microsoft Corporation (or, based on where you live, one of its affiliates) that describes your rights to use the Office 2013 software. For your convenience, we
ve organized this agreement into two parts. The first part includes introductory terms;
user32.dll
CreateWindowExA
GetMessageA
DispatchMessageA
DefWindowProcA
PostQuitMessage
GetForegroundWindow
SetForegroundWindow
CreateMenu
GetSystemMenu
GetDoubleClickTime
UpdateWindow
GetQueueStatus
GetClipboardOwner
FindWindowA
LoadIconA
LoadCursorA
RegisterClassA
GDI32.dll
CreateBitmap
IntersectClipRect
ExcludeClipRect
UpdateColors
DeleteDC
GetTextExtentPoint32A
CreateCompatibleDC
DeleteObject
TextOutA
SetBkColor
SetTextColor
Rectangle
CreateSolidBrush
GetStockObject
SelectObject
CreateFontIndirectA
GetTextExtentExPointA
SetMapMode
GetDeviceCaps
GetTextMetricsA
CreateFontA
RealizePalette
Winmm.dll
mciSendStringA
Msacm32.dll
acmStreamOpen
IMM32.dll
ImmGetCompositionStringW
ImmSetCompositionFontA
ImmGetContext
ImmSetCompositionWindow
kernel32.dll
GetModuleHandleA
CreateSemaphoreW
GetProcAddress
HeapCreate
HeapAlloc
ExitProcess
FreeLibrary
OLE32.dll
CoUninitialize
CoInitialize
CoCreateInstance
Thank you for choosing Microsoft Office 2013. This is a license agreement between you and Microsoft Corporation (or, based on where you live, one of its affiliates) that describes your rights to use the Office 2013 software. For your convenience, we
ve organized this agreement into two parts. The first part includes introductory terms;
user32.dll
CreateWindowExA
GetMessageA
DispatchMessageA
DefWindowProcA
PostQuitMessage
GetForegroundWindow
SetForegroundWindow
CreateMenu
GetSystemMenu
GetDoubleClickTime
UpdateWindow
GetQueueStatus
GetClipboardOwner
FindWindowA
LoadIconA
LoadCursorA
RegisterClassA
GDI32.dll
CreateBitmap
IntersectClipRect
ExcludeClipRect
UpdateColors
DeleteDC
GetTextExtentPoint32A
CreateCompatibleDC
DeleteObject
TextOutA
SetBkColor
SetTextColor
Rectangle
CreateSolidBrush
GetStockObject
SelectObject
CreateFontIndirectA
GetTextExtentExPointA
SetMapMode
GetDeviceCaps
GetTextMetricsA
CreateFontA
RealizePalette
Winmm.dll
mciSendStringA
Msacm32.dll
acmStreamOpen
IMM32.dll
ImmGetCompositionStringW
ImmSetCompositionFontA
ImmGetContext
ImmSetCompositionWindow
kernel32.dll
GetModuleHandleA
CreateSemaphoreW
GetProcAddress
HeapCreate
HeapAlloc
ExitProcess
FreeLibrary
OLE32.dll
CoUninitialize
CoInitialize
CoCreateInstance
Thank you for choosing Microsoft Office 2013. This is a license agreement between you and Microsoft Corporation (or, based on where you live, one of its affiliates) that describes your rights to use the Office 2013 software. For your convenience, we
ve organized this agreement into two parts. The first part includes introductory terms;
user32.dll
CreateWindowExA
GetMessageA
DispatchMessageA
DefWindowProcA
PostQuitMessage
GetForegroundWindow
SetForegroundWindow
CreateMenu
GetSystemMenu
GetDoubleClickTime
UpdateWindow
GetQueueStatus
GetClipboardOwner
FindWindowA
LoadIconA
LoadCursorA
RegisterClassA
GDI32.dll
CreateBitmap
IntersectClipRect
ExcludeClipRect
UpdateColors
DeleteDC
GetTextExtentPoint32A
CreateCompatibleDC
DeleteObject
TextOutA
SetBkColor
SetTextColor
Rectangle
CreateSolidBrush
GetStockObject
SelectObject
CreateFontIndirectA
GetTextExtentExPointA
SetMapMode
GetDeviceCaps
GetTextMetricsA
CreateFontA
RealizePalette
Winmm.dll
mciSendStringA
Msacm32.dll
acmStreamOpen
IMM32.dll
ImmGetCompositionStringW
ImmSetCompositionFontA
ImmGetContext
ImmSetCompositionWindow
kernel32.dll
GetModuleHandleA
CreateSemaphoreW
GetProcAddress
HeapCreate
HeapAlloc
ExitProcess
FreeLibrary
OLE32.dll
CoUninitialize
CoInitialize
CoCreateInstance
user32.dll
CreateWindowExA
GetMessageA
DispatchMessageA
DefWindowProcA
PostQuitMessage
GetForegroundWindow
SetForegroundWindow
CreateMenu
GetSystemMenu
GetDoubleClickTime
UpdateWindow
GetQueueStatus
GetClipboardOwner
FindWindowA
LoadIconA
LoadCursorA
RegisterClassA
GDI32.dll
CreateBitmap
IntersectClipRect
ExcludeClipRect
UpdateColors
DeleteDC
GetTextExtentPoint32A
CreateCompatibleDC
DeleteObject
TextOutA
SetBkColor
SetTextColor
Rectangle
CreateSolidBrush
GetStockObject
SelectObject
CreateFontIndirectA
GetTextExtentExPointA
SetMapMode
GetDeviceCaps
GetTextMetricsA
CreateFontA
RealizePalette
Winmm.dll
mciSendStringA
Msacm32.dll
acmStreamOpen
IMM32.dll
ImmGetCompositionStringW
ImmSetCompositionFontA
ImmGetContext
ImmSetCompositionWindow
kernel32.dll
GetModuleHandleA
CreateSemaphoreW
GetProcAddress
HeapCreate
HeapAlloc
ExitProcess
FreeLibrary
OLE32.dll
CoUninitialize
CoInitialize
CoCreateInstance
user32.dll
CreateWindowExA
GetMessageA
DispatchMessageA
DefWindowProcA
PostQuitMessage
GetForegroundWindow
SetForegroundWindow
CreateMenu
GetSystemMenu
GetDoubleClickTime
UpdateWindow
GetQueueStatus
GetClipboardOwner
FindWindowA
LoadIconA
LoadCursorA
RegisterClassA
GDI32.dll
CreateBitmap
IntersectClipRect
ExcludeClipRect
UpdateColors
DeleteDC
GetTextExtentPoint32A
CreateCompatibleDC
DeleteObject
TextOutA
SetBkColor
SetTextColor
Rectangle
CreateSolidBrush
GetStockObject
SelectObject
CreateFontIndirectA
GetTextExtentExPointA
SetMapMode
GetDeviceCaps
GetTextMetricsA
CreateFontA
RealizePalette
Winmm.dll
mciSendStringA
Msacm32.dll
acmStreamOpen
IMM32.dll
ImmGetCompositionStringW
ImmSetCompositionFontA
ImmGetContext
ImmSetCompositionWindow
kernel32.dll
GetModuleHandleA
CreateSemaphoreW
GetProcAddress
HeapCreate
HeapAlloc
ExitProcess
FreeLibrary
OLE32.dll
CoUninitialize
CoInitialize
CoCreateInstance
user32.dll
CreateWindowExA
GetMessageA
DispatchMessageA
DefWindowProcA
PostQuitMessage
GetForegroundWindow
SetForegroundWindow
CreateMenu
GetSystemMenu
GetDoubleClickTime
UpdateWindow
GetQueueStatus
GetClipboardOwner
FindWindowA
LoadIconA
LoadCursorA
RegisterClassA
GDI32.dll
CreateBitmap
IntersectClipRect
ExcludeClipRect
UpdateColors
DeleteDC
GetTextExtentPoint32A
CreateCompatibleDC
DeleteObject
TextOutA
SetBkColor
SetTextColor
Rectangle
CreateSolidBrush
GetStockObject
SelectObject
CreateFontIndirectA
GetTextExtentExPointA
SetMapMode
GetDeviceCaps
GetTextMetricsA
CreateFontA
RealizePalette
Winmm.dll
mciSendStringA
Msacm32.dll
acmStreamOpen
IMM32.dll
ImmGetCompositionStringW
ImmSetCompositionFontA
ImmGetContext
ImmSetCompositionWindow
kernel32.dll
GetModuleHandleA
CreateSemaphoreW
GetProcAddress
HeapCreate
HeapAlloc
ExitProcess
FreeLibrary
OLE32.dll
CoUninitialize
CoInitialize
CoCreateInstance
[gT'&gOc
jAtIk :
Microsoft Updates1
Microsoft Updates0
191006134601Z
201006140601Z0E1
Microsoft Updates1
Microsoft Updates0
iqi9O\
mP]>90dm{lx
'5{Rvu@;
Trw32u
JeJ[bcU
yT`o>,
W+Nt./
UJ"Tem4E
ME>bwbR
~|NYKw
Western Cape1
Durbanville1
Thawte1
Thawte Certification1 0
Thawte Timestamping CA0
121221000000Z
201230235959Z0^1
Symantec Corporation100.
'Symantec Time Stamping Services CA - G20
%y"W*o
%CE{t"
MD$k_E;DC
&Mq 1Qa
xE/W?=
Qlie)`
h]jxdE`F~T
_n\t}?L.02
http://ocsp.thawte.com0
8060420.http://crl.thawte.com/ThawteTimestampingCA.crl0
TimeStamp-2048-10
DnmX|0i#s
y@b%n7j!
Symantec Corporation100.
'Symantec Time Stamping Services CA - G20
121018000000Z
201229235959Z0b1
Symantec Corporation1402
+Symantec Time Stamping Services Signer - G40
[LvCK"+Ch@O8
2[^Z(P
Gf=Gpr_
L-wD h
[2V3cI:3
http://ts-ocsp.ws.symantec.com07
+http://ts-aia.ws.symantec.com/tss-ca-g2.cer0<
50301/-+http://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
TimeStamp-2048-20
_n\t}?L.0
Lb07x'
2m,&c3Idm
7 Cxx(
]=Qy3+.{
[0W,I?
>"hcSit
Microsoft Updates1
Microsoft Updates
jAtIk :
http://www.ms.com/0
W0mwAG
fa*HZ#D
. !]~\n
ZafEtY5+
Symantec Corporation100.
'Symantec Time Stamping Services CA - G2
191011140749Z0#
cyrQvS@q#V
u`j#\HHD!
�A�b�o�u�t�
M�S� �S�a�n�s� �S�e�r�i�f�
V�S�_�V�E�R�S�I�O�N�_�I�N�F�O�
S�t�r�i�n�g�F�i�l�e�I�n�f�o�
0�8�0�0�0�0�2�5�
C�o�m�m�e�n�t�s�
C�o�m�p�a�n�y�N�a�m�e�
M�S�F�T� �C�o�r�p�
F�i�l�e�D�e�s�c�r�s�i�p�t�i�o�n�
c�a�l�c�.�e�x�e�
F�i�l�e�V�e�r�s�i�o�n�
2�.�1�.�1�.�2�
I�n�t�e�r�n�a�l�N�a�m�e�
c�a�l�c�.�e�x�e�
L�e�g�a�l�C�o�p�y�r�i�g�h�t�
C�o�p�y�r�i�g�h�t� �(�C�)� �2�0�1�1�
L�e�g�a�l�T�r�a�d�e�m�a�r�k�s�
O�r�i�g�i�n�a�l�F�i�l�e�n�a�m�e�
c�a�l�c�.�e�x�e�
P�r�i�v�a�t�e�B�u�i�l�d�
P�r�o�d�u�c�t�N�a�m�e�
P�r�o�d�u�c�t�V�e�r�s�i�o�n�
3�.�1�.�1�.�3�
S�p�e�c�i�a�l�B�u�i�l�d�
V�a�r�F�i�l�e�I�n�f�o�
T�r�a�n�s�l�a�t�i�o�n�
<�<�<�O�b�s�o�l�e�t�e�>�>�
<�<�<�O�b�s�o�l�e�t�e�>�>�
p�u�t�t�y�.�e�x�
C�:�\�e�8�c�e�a�f�b�b�c�6�e�9�c�0�4�6�e�4�b�4�d�e�e�f�d�2�6�3�6�8�2�7�1�9�f�f�9�1�5�b�f�2�6�9�8�c�b�d�f�3�c�f�b�f�c�0�8�e�8�9�d�3�d�2�
C�:�\�U�s�e�r�s�\�a�d�m�i�n�\�D�o�w�n�l�o�a�d�s�\�h�h�c�b�r�n�a�f�f�.�e�x�e�
C�:�\�U�s�e�r�s�\�P�e�t�r�a�\�A�p�p�D�a�t�a�\�L�o�c�a�l�\�T�e�m�p�\�h�h�c�b�r�n�a�f�f�.�p�e�3�2�
C�:�\�U�s�e�r�s�\�a�d�m�i�n�\�D�o�w�n�l�o�a�d�s�\�3�0�5�2�3�8�7�a�8�b�0�3�9�6�8�e�_�h�h�c�b�r�n�a�f�f�.�e�x�e�
C�:�\�U�s�e�r�s�\�P�e�t�r�a�\�A�p�p�D�a�t�a�\�L�o�c�a�l�\�T�e�m�p�\�h�h�c�b�r�n�a�f�f�.�p�e�3�2�
C�:�\�2�3�e�9�d�2�9�d�a�2�c�b�4�4�4�7�3�b�1�3�2�e�0�0�a�6�4�b�a�6�6�4�9�5�c�d�5�f�2�2�9�d�9�3�3�3�f�0�e�1�b�f�c�0�0�5�2�5�7�d�e�c�4�a�
C�:�\�8�f�2�9�7�7�b�f�7�a�4�9�d�8�3�b�3�0�f�0�4�1�a�d�4�2�f�8�1�2�c�0�a�9�9�8�9�f�b�c�5�c�5�d�6�3�2�7�5�f�2�1�a�c�a�f�c�5�a�1�0�b�1�d�
C�:�\�U�s�e�r�s�\�L�i�s�a�\�D�e�s�k�t�o�p�\�m�T�d�A�6�z�L�P�.�e�x�e�
C�:�\�3�9�4�b�2�3�4�f�7�9�8�6�f�0�6�8�9�7�9�f�b�2�a�f�5�3�2�0�5�5�b�9�2�6�e�1�c�9�b�c�2�2�f�0�e�6�6�0�9�b�7�0�5�9�f�6�c�7�4�9�e�f�a�1�
C�:�\�7�9�3�8�f�3�6�4�5�f�c�c�f�2�5�8�1�c�c�d�e�f�0�d�5�4�9�1�0�1�2�3�0�2�a�a�5�c�4�4�0�6�f�3�3�5�7�f�1�e�e�1�3�7�a�f�b�a�b�f�f�e�4�e�
C�:�\�D�o�c�u�m�e�n�t�s� �a�n�d� �S�e�t�t�i�n�g�s�\�A�d�m�i�n�i�s�t�r�a�t�o�r�\�D�e�s�k�t�o�p�\�K�d�r�G�r�Q�G�g�.�e�x�e�
C�:�\�7�5�9�b�3�b�1�a�9�3�c�a�9�9�a�2�a�4�1�c�c�a�7�0�e�3�c�2�5�3�7�c�6�2�d�4�d�1�0�c�c�0�8�3�a�0�a�2�8�1�d�d�6�6�f�d�5�2�3�e�e�a�7�6�
C�:�\�D�o�c�u�m�e�n�t�s� �a�n�d� �S�e�t�t�i�n�g�s�\�A�d�m�i�n�i�s�t�r�a�t�o�r�\�D�e�s�k�t�o�p�\�D�B�H�R�a�k�X�f�.�e�x�e�
C�:�\�U�s�e�r�s�\�P�e�t�r�a�\�A�p�p�D�a�t�a�\�L�o�c�a�l�\�T�e�m�p�\�.�p�e�3�2�.�e�x�e�
C�:�\�3�2�b�0�0�2�c�d�5�8�4�0�a�b�3�f�5�0�4�3�4�8�d�c�9�e�d�7�b�3�0�9�c�3�e�b�d�8�e�4�6�b�1�7�a�c�7�8�c�5�1�5�b�c�5�b�b�d�6�e�8�b�0�b�
C�:�\�c�8�6�6�9�9�9�1�1�0�8�b�9�6�9�9�b�f�2�5�7�a�6�1�c�4�2�3�1�c�7�8�3�7�6�0�6�0�6�5�6�9�e�0�b�6�1�8�f�a�d�2�9�d�3�5�b�8�c�f�3�0�b�b�
C�:�\�D�o�c�u�m�e�n�t�s� �a�n�d� �S�e�t�t�i�n�g�s�\�A�d�m�i�n�i�s�t�r�a�t�o�r�\�D�e�s�k�t�o�p�\�l�U�r�0�z�x�M�H�.�e�x�e�
C�:�\�U�s�e�r�s�\�a�d�m�i�n�\�D�o�w�n�l�o�a�d�s�\�d�f�e�5�4�4�3�c�8�7�d�b�3�a�e�6�2�5�8�b�b�a�4�2�0�f�9�e�f�2�8�9�a�a�d�7�2�0�b�8�4�0�9�d�4�9�3�c�3�e�e�a�2�5�4�a�f�a�6�4�8�7�a�4�.�e�x�e�
C�:�\�U�s�e�r�s�\�V�i�r�t�u�a�l�\�A�p�p�D�a�t�a�\�L�o�c�a�l�\�T�e�m�p�\�0�a�0�1�0�d�8�1�c�7�2�9�6�c�d�d�0�7�d�5�7�b�c�4�d�1�6�7�9�2�8�b�2�6�7�3�c�0�f�1�9�1�f�6�a�1�d�b�8�c�5�f�6�7�4�6�8�0�8�5�0�f�d�2�.�e�x�e�
C�:�\�1�4�0�a�e�8�5�3�f�c�1�8�7�0�b�5�5�e�c�7�d�4�b�6�5�5�c�7�0�4�a�d�5�3�9�1�1�b�e�4�8�f�0�8�8�5�c�a�7�f�e�b�c�1�3�8�d�6�4�a�7�3�2�1�
C�:�\�U�s�e�r�s�\�a�d�m�i�n�\�D�o�w�n�l�o�a�d�s�\�h�h�c�b�r�n�a�f�f�.�e�x�e�
C�:�\�b�2�d�e�f�7�b�5�b�2�1�7�f�b�e�3�d�9�6�8�1�2�3�2�f�1�8�a�6�8�a�3�5�9�8�7�2�6�8�a�6�b�c�e�a�f�1�5�f�4�4�1�c�f�0�2�7�d�2�8�c�e�a�1�
C�:�\�d�6�7�e�2�7�3�2�b�6�6�b�5�0�9�c�5�8�1�3�a�a�8�a�b�6�3�1�e�8�8�9�3�6�e�1�6�c�7�2�7�7�3�8�2�3�5�0�4�6�8�3�b�2�1�0�5�e�2�f�8�e�0�7�
C�:�\�D�o�c�u�m�e�n�t�s� �a�n�d� �S�e�t�t�i�n�g�s�\�A�d�m�i�n�i�s�t�r�a�t�o�r�\�D�e�s�k�t�o�p�\�U�G�L�X�u�y�X�v�.�e�x�e�
C�:�\�U�s�e�r�s�\�P�e�t�r�a�\�A�p�p�D�a�t�a�\�L�o�c�a�l�\�T�e�m�p�\�.�p�e�3�2�.�e�x�e�
C�:�\�U�s�e�r�s�\�a�d�m�i�n�\�D�o�w�n�l�o�a�d�s�\�7�c�9�a�c�7�5�f�e�d�e�1�a�e�d�a�_�h�h�c�b�r�n�a�f�f�.�e�x�e�
C�:�\�d�7�e�a�9�0�e�e�4�0�a�d�8�b�6�5�6�3�5�8�d�d�b�b�b�f�5�4�8�3�5�5�2�1�6�a�a�f�8�9�5�3�f�4�2�c�2�8�5�8�9�a�9�3�6�6�2�1�5�0�b�5�f�0�
C�:�\�b�a�2�0�0�4�8�f�4�3�0�7�3�d�8�c�c�4�8�3�9�6�a�1�e�d�d�d�e�7�4�e�7�d�3�b�5�b�0�8�4�3�c�a�c�e�0�1�6�d�a�f�1�a�6�e�1�7�7�9�5�f�6�f�
C�:�\�e�a�5�8�0�7�6�5�f�6�5�4�d�d�e�5�e�c�1�5�e�e�5�5�9�d�6�1�a�7�6�4�f�2�a�9�5�4�7�9�a�5�2�0�c�f�0�c�1�e�3�4�2�b�7�3�f�9�5�3�3�9�5�d�
C�:�\�U�s�e�r�s�\�L�i�s�a�\�D�e�s�k�t�o�p�\�p�e�Z�q�J�E�y�x�.�e�x�e�
C�:�\�U�s�e�r�s�\�a�d�m�i�n�\�D�o�w�n�l�o�a�d�s�\�0�2�d�9�d�4�2�b�1�d�6�4�4�3�7�9�2�9�0�d�0�c�2�c�b�f�2�a�7�5�1�6�7�2�c�0�9�1�d�5�4�f�5�7�a�5�6�8�5�3�c�a�b�3�9�b�8�9�e�f�0�a�4�5�.�e�x�e�
C�:�\�1�6�1�f�5�0�5�7�6�5�2�a�6�0�4�0�4�5�5�b�4�f�d�9�5�9�b�0�3�7�b�5�7�b�a�e�3�d�7�1�7�d�0�2�b�4�e�e�2�f�0�6�c�1�a�2�c�9�a�a�6�a�1�7�
C�:�\�2�e�0�3�b�c�b�7�3�3�2�8�7�6�e�a�8�6�5�6�2�f�1�3�f�9�0�7�d�1�b�5�a�d�9�b�e�5�c�2�1�1�a�5�2�7�e�a�b�1�e�d�6�e�4�3�e�5�9�d�3�1�6�1�
C�:�\�U�s�e�r�s�\�L�i�s�a�\�D�e�s�k�t�o�p�\�2�x�3�C�2�T�p�M�.�e�x�e�
C�:�\�7�a�1�6�0�1�f�2�6�c�d�b�f�7�0�b�3�f�4�3�a�5�3�4�7�b�6�5�2�b�6�e�b�e�d�2�a�7�7�6�a�3�7�5�5�8�5�2�5�8�b�0�7�f�9�b�7�0�e�4�8�4�4�0�
C�:�\�U�s�e�r�s�\�L�i�s�a�\�D�e�s�k�t�o�p�\�t�p�2�V�I�3�e�s�.�e�x�e�
C�:�\�8�1�0�a�2�7�d�6�7�e�3�5�7�8�f�f�9�8�a�3�0�f�c�c�4�5�6�7�3�a�1�0�4�2�9�5�3�c�1�c�b�4�3�a�3�8�5�7�a�f�c�7�0�6�4�4�4�c�0�c�4�7�4�7�
C�:�\�D�o�c�u�m�e�n�t�s� �a�n�d� �S�e�t�t�i�n�g�s�\�A�d�m�i�n�i�s�t�r�a�t�o�r�\�D�e�s�k�t�o�p�\�4�m�W�3�d�E�z�g�.�e�x�e�
C�:�\�0�4�a�6�9�c�c�b�9�8�5�c�6�0�0�1�6�1�5�3�3�7�4�d�8�9�1�a�0�a�4�5�7�7�a�0�d�7�a�7�3�f�c�c�1�8�4�5�c�f�7�5�e�e�d�7�4�1�4�3�9�7�f�5�
C�:�\�U�s�e�r�s�\�L�i�s�a�\�D�e�s�k�t�o�p�\�z�U�g�b�Q�f�h�3�.�e�x�e�
C�:�\�U�s�e�r�s�\�a�d�m�i�n�\�D�o�w�n�l�o�a�d�s�\�6�9�4�d�1�c�8�c�4�d�7�1�c�9�a�5�9�4�e�3�4�b�1�f�f�1�5�5�b�0�7�9�8�b�0�8�6�3�5�9�3�a�4�1�d�4�a�6�a�a�6�6�f�b�c�2�0�8�4�e�0�1�6�e�.�e�x�e�
C�:�\�9�2�f�b�a�0�7�3�4�5�0�a�7�0�9�b�0�7�b�4�f�e�8�d�e�0�4�1�3�5�0�0�3�0�f�c�3�b�1�a�c�2�9�5�d�d�1�d�2�a�6�9�1�3�2�b�3�a�a�9�f�b�7�2�
C�:�\�U�s�e�r�s�\�a�d�m�i�n�\�D�o�w�n�l�o�a�d�s�\�h�h�c�b�r�n�a�f�f�.�e�x�e�
C�:�\�9�5�7�6�8�7�c�c�7�2�0�c�8�9�1�d�7�e�d�b�4�0�e�8�1�4�a�6�b�4�3�1�4�f�e�a�4�8�7�c�3�e�1�f�f�1�1�d�c�d�a�b�4�0�0�c�e�4�e�c�e�8�1�6�
C�:�\�7�7�6�7�7�e�d�2�a�4�6�6�9�2�6�3�9�5�1�8�e�d�9�b�8�d�1�3�1�9�6�f�1�f�0�b�7�2�e�5�a�2�0�c�d�1�1�5�9�2�d�3�b�d�9�3�7�a�2�c�f�2�3�d�
C�:�\�5�c�8�d�7�5�5�a�c�8�f�0�c�f�3�0�a�2�8�6�e�0�4�1�8�7�5�b�f�0�a�3�b�4�0�0�e�9�b�1�3�a�7�c�d�3�e�0�a�2�9�a�4�9�b�3�0�4�7�6�c�1�2�6�
C�:�\�0�e�d�8�5�d�0�9�1�e�b�b�c�6�9�c�8�a�4�b�c�7�8�0�5�0�1�6�3�3�1�4�7�f�4�6�b�a�9�a�f�8�1�c�b�4�2�6�6�5�a�d�e�e�c�1�f�1�c�3�8�b�9�5�
C�:�\�8�c�7�f�8�4�a�0�d�3�4�6�d�5�3�4�6�d�3�c�0�2�0�6�0�c�c�4�2�7�3�1�e�7�2�f�0�2�d�e�0�9�8�4�b�9�a�1�5�6�a�1�2�7�b�7�3�d�7�7�f�9�1�0�
C�:�\�D�o�c�u�m�e�n�t�s� �a�n�d� �S�e�t�t�i�n�g�s�\�A�d�m�i�n�i�s�t�r�a�t�o�r�\�D�e�s�k�t�o�p�\�A�x�P�e�B�Q�5�e�.�e�x�e�
C�:�\�U�s�e�r�s�\�P�e�t�r�a�\�A�p�p�D�a�t�a�\�L�o�c�a�l�\�T�e�m�p�\�.�p�e�3�2�.�e�x�e�
C�:�\�U�s�e�r�s�\�L�i�s�a�\�D�e�s�k�t�o�p�\�D�A�c�L�i�U�N�h�.�e�x�e�
C�:�\�U�s�e�r�s�\�P�e�t�r�a�\�A�p�p�D�a�t�a�\�L�o�c�a�l�\�T�e�m�p�\�.�p�e�3�2�.�e�x�e�
C�:�\�U�s�e�r�s�\�a�d�m�i�n�\�D�o�w�n�l�o�a�d�s�\�e�1�0�c�7�b�2�1�a�0�1�8�f�4�0�1�_�h�h�c�b�r�n�a�f�f�.�e�x�e�
C�:�\�U�s�e�r�s�\�L�i�s�a�\�D�e�s�k�t�o�p�\�N�T�n�Q�c�4�K�G�.�e�x�e�
C�:�\�U�s�e�r�s�\�P�e�t�r�a�\�A�p�p�D�a�t�a�\�L�o�c�a�l�\�T�e�m�p�\�.�p�e�3�2�.�e�x�e�
C�:�\�U�s�e�r�s�\�P�e�t�r�a�\�A�p�p�D�a�t�a�\�L�o�c�a�l�\�T�e�m�p�\�h�h�c�b�r�n�a�f�f�.�p�e�3�2�
C�:�\�U�s�e�r�s�\�a�d�m�i�n�\�D�o�w�n�l�o�a�d�s�\�4�c�e�a�d�a�7�9�d�0�6�6�3�e�d�8�_�h�h�c�b�r�n�a�f�f�.�e�x�e�
C�:�\�c�7�f�4�b�1�5�1�9�3�0�1�f�f�3�b�f�b�0�5�d�a�2�c�e�9�a�d�4�0�4�b�5�6�0�3�2�2�3�e�3�a�7�4�3�d�8�1�2�8�9�6�0�b�5�f�8�c�4�3�4�f�3�b�
C�:�\�U�s�e�r�s�\�L�i�s�a�\�D�e�s�k�t�o�p�\�6�y�x�2�X�1�K�j�.�e�x�e�
C�:�\�U�s�e�r�s�\�R�A�4�9�1�~�1�.�V�U�L�\�A�p�p�D�a�t�a�\�L�o�c�a�l�\�T�e�m�p�\�e�a�5�c�e�d�9�e�e�c�4�2�6�2�1�9�d�0�a�7�0�5�8�0�a�0�b�9�b�f�0�2�.�b�i�n�
C�:�\�U�s�e�r�s�\�a�d�m�i�n�\�D�o�w�n�l�o�a�d�s�\�h�h�c�b�r�n�a�f�f�.�e�x�e�
C�:�\�b�0�d�b�5�3�f�5�b�4�b�4�a�d�7�e�5�5�f�9�0�f�0�4�6�a�7�5�b�3�3�9�6�e�a�9�5�2�e�2�0�2�1�6�3�d�d�c�8�3�8�9�3�d�4�c�f�8�3�2�9�0�e�1�
C�:�\�U�s�e�r�s�\�L�i�s�a�\�D�e�s�k�t�o�p�\�f�Q�n�q�v�r�1�o�.�e�x�e�
C�:�\�d�4�2�2�1�6�f�6�b�2�4�b�1�6�b�3�6�d�6�4�3�b�7�b�c�8�c�b�6�e�1�4�4�8�d�e�a�2�e�d�c�6�7�0�e�0�4�2�e�5�7�5�7�c�b�d�9�4�6�d�0�9�7�b�
C�:�\�U�s�e�r�s�\�L�i�s�a�\�D�e�s�k�t�o�p�\�J�3�O�S�j�u�w�p�.�e�x�e�
C�:�\�U�s�e�r�s�\�a�d�m�i�n�\�D�o�w�n�l�o�a�d�s�\�d�8�1�d�6�f�f�a�c�b�9�0�c�7�f�9�1�7�4�a�2�d�8�5�d�e�d�9�9�5�9�f�e�e�b�d�d�0�8�9�4�6�e�a�2�3�1�9�f�3�e�9�0�4�f�8�7�2�5�e�f�c�c�8�.�e�x�e�
Process Tree
-
01f206ce6de06e57e8e3eb383a08f637a4f4197414c56d27f9fe203812800945.exe (3028)
"C:\Users\Administrator\AppData\Local\Temp\01f206ce6de06e57e8e3eb383a08f637a4f4197414c56d27f9fe203812800945.exe"
- hhcbrnaff.exe (2736) "C:\Users\ADMINI~1\AppData\Local\Temp\hhcbrnaff.exe"
Hosts
| IP |
|---|
| 114.114.114.114 |
| 8.8.8.8 |
DNS
| Name | Response | Post-Analysis Lookup |
|---|---|---|
| dns.msftncsi.com |
A 131.107.255.255
A 131.107.255.255 |
131.107.255.255 |
| dns.msftncsi.com | AAAA fd3e:4f5a:5b81::1 | 131.107.255.255 |
TCP
No TCP connections recorded.
UDP
| Source | Source Port | Destination | Destination Port |
|---|---|---|---|
| 192.168.56.101 | 53179 | 224.0.0.252 | 5355 |
| 192.168.56.101 | 49642 | 224.0.0.252 | 5355 |
| 192.168.56.101 | 137 | 192.168.56.255 | 137 |
| 192.168.56.101 | 61714 | 114.114.114.114 | 53 |
| 192.168.56.101 | 61714 | 8.8.8.8 | 53 |
| 192.168.56.101 | 56933 | 8.8.8.8 | 53 |
| 192.168.56.101 | 138 | 192.168.56.255 | 138 |
| 192.168.56.101 | 58485 | 114.114.114.114 | 53 |
| 192.168.56.101 | 58485 | 8.8.8.8 | 53 |
| 192.168.56.101 | 57665 | 114.114.114.114 | 53 |
HTTP & HTTPS Requests
No HTTP requests performed.
ICMP traffic
No ICMP traffic performed.
IRC traffic
No IRC requests performed.
Suricata Alerts
No Suricata Alerts
Suricata TLS
No Suricata TLS
Snort Alerts
No Snort Alerts
| Name | 177ddc4d1d5b9e99_hhcbrnaff.exe |
|---|---|
| Filepath | C:\Users\Administrator\AppData\Local\Temp\hhcbrnaff.exe |
| Size | 52.8KB |
| Processes | 3028 (01f206ce6de06e57e8e3eb383a08f637a4f4197414c56d27f9fe203812800945.exe) |
| Type | MS-DOS executable PE32 executable (GUI) Intel 80386, for MS Windows, MZ for MS-DOS |
| MD5 | 5bfb1eebbadd6a3284b0170d34a6a5d9 |
| SHA1 | 0375f54c86dcf41fdd59c8ec5014a3b512d346a6 |
| SHA256 | 177ddc4d1d5b9e99d15e9db0c0e39d93ba64d0946f5206759e052abd59063e41 |
| CRC32 | 0B5D6E06 |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 06a9ad9f438bc7042361e5bfecc26d3b0e70d13f |
|---|---|
| Size | 4.5KB |
| Type | PE32 executable (GUI) Intel 80386, for MS Windows |
| MD5 | 373ff9f9ae3aa84057dc941235b736b3 |
| SHA1 | 06a9ad9f438bc7042361e5bfecc26d3b0e70d13f |
| SHA256 | 88a084e2b02bd1c1e862284a1ebebdc1e6bcce2dacd72ec48d301b4ab8dc5b2d |
| CRC32 | 103485D7 |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |