SmartHawk

1.0

低危

该样本未表现出任何异常！

fcd49aa57fb2409114f89c82beaf17aada71eb70fefcad9ad39029ee759dc8b0

47b0873b8d1f97e3fd768075ef959038.exe

分析耗时

81s

最近分析

文件大小

14.4MB

静态报毒动态报毒

未检测暂无鹰眼引擎检测结果

未检测暂无反病毒引擎检测结果

The executable contains unknown PE section names indicative of a packer (could be a false positive) (1 个事件)

section

.detour

The file contains an unknown PE resource name possibly indicative of a packer (3 个事件)

resource name	AVI
resource name	TEXTINCLUDE
resource name	None

Communicates with host for which no DNS query was performed (1 个事件)

host

172.217.24.14

暂无二进制图像该样本未生成二进制可视化图像

暂无运行截图该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手，可以帮您分析和解读恶意软件报告。请随时向我提问！

🔍 主要威胁分析

⚡ 行为特征

🛡️ 防护建议

🔧 技术手段

🎯 检测方法

🤖

Static Analysis
Strings

PE Compile Time

2011-09-08 20:47:25

Imports

Library samdll.dll:

• 0x21b9b90

Library dac3x.dll:

• 0xd62008 ?Lasterror@CDAC@@QAEHXZ

• 0xd6200c ?Copy@CDAC@@QAEXXZ

• 0xd62010 ?GetCDName@CBaseCD@@QAEPADXZ

• 0xd62014 ?GetCDArtist@CBaseCD@@QAEPADXZ

• 0xd62018 ?GetCategory@CBaseCD@@QAEPADXZ

• 0xd6201c ?OnIdle@CDAC@@UAEXXZ

• 0xd62020 ?WriteBufferUnderrun@CDAC@@UAEXVCCDAdress@@@Z

• 0xd62024 ??0CDAC@@QAE@PAVCBaseCD@@PAVCBaseWave@@VCCDAdress@@JHHKH@Z

• 0xd62028 ??1CDAC@@QAE@XZ

• 0xd6202c ?StopCopy@CDAC@@QAEXXZ

• 0xd62030 ?Lasterror@CBaseWave@@QAEHXZ

• 0xd62034 ?DeleteInfo@CMapDrive@@QAEXH@Z

• 0xd62038 ?AppendInfo@CMapDrive@@QAEXUTDriveInfo@@@Z

• 0xd6203c ?GetMaxHostAdapters@CMapDrive@@QAEHXZ

• 0xd62040 ?LoadASPI@@YAHXZ

• 0xd62044 ?Store@CMapDrive@@QAEHPBD@Z

• 0xd62048 ??0CMapDrive@@QAE@H@Z

• 0xd6204c ??0CMapInfo@@QAE@XZ

• 0xd62050 ?GetTypName@CMapInfo@@QAEPADH@Z

• 0xd62054 ?CloseTray@CSCSICD@@UAEXXZ

• 0xd62058 ?Get_DriveStatus@CSCSICD@@UAE?AUTDriveStatus@@XZ

• 0xd6205c ?Lasterror@CBaseCD@@QAEHXZ

• 0xd62060 ?SetInfo@CMapDrive@@QAEXHUTDriveInfo@@@Z

• 0xd62064 ?PrepareCDDA@CSCSICD@@UAEXXZ

• 0xd62068 ?ReadMaxTracks@CBaseCD@@QAEHXZ

• 0xd6206c ?ReadTrackInfo@CBaseCD@@QAEHAAUTTrackList@@@Z

• 0xd62070 ?WaitCDDA@CSCSICD@@UAEHH@Z

• 0xd62074 ?ReadCDDA@CSCSICD@@UAEXVCCDAdress@@JPAXH@Z

• 0xd62078 ?FinishCDDA@CSCSICD@@UAEXXZ

• 0xd6207c ?GetMaxDrives@CMapDrive@@QAEHXZ

• 0xd62080 ?GetInfo@CMapDrive@@QAEAAUTDriveInfo@@H@Z

• 0xd62084 ?Read@CMapDrive@@QAEHPBD@Z

• 0xd62088 ?Reset@CMapDrive@@QAEXXZ

• 0xd6208c ??0CSCSICD@@QAE@AAUTDriveInfo@@@Z

• 0xd62090 ?LockDoor@CSCSICD@@UAEXH@Z

• 0xd62094 ?EjectDisk@CSCSICD@@UAEXXZ

• 0xd62098 ?FreeASPI@@YAHXZ

• 0xd6209c ??1CSCSICD@@QAE@XZ

• 0xd620a0 ??1CMapDrive@@QAE@XZ

Library WINMM.dll:

• 0xd61f08 waveInGetNumDevs

• 0xd61f0c mmioAscend

• 0xd61f10 mmioRead

• 0xd61f14 mmioDescend

• 0xd61f18 mmioCreateChunk

• 0xd61f1c mciSendCommandA

• 0xd61f20 joySetCapture

• 0xd61f24 joyReleaseCapture

• 0xd61f28 waveInGetErrorTextA

• 0xd61f2c waveInMessage

• 0xd61f30 midiOutGetDevCapsA

• 0xd61f34 midiInGetDevCapsA

• 0xd61f38 waveOutGetErrorTextA

• 0xd61f3c waveInUnprepareHeader

• 0xd61f40 timeBeginPeriod

• 0xd61f44 timeSetEvent

• 0xd61f48 midiInOpen

• 0xd61f4c midiInStart

• 0xd61f50 timeGetDevCaps

• 0xd61f54 waveOutRestart

• 0xd61f58 waveOutReset

• 0xd61f5c waveInStart

• 0xd61f60 midiInStop

• 0xd61f64 midiInReset

• 0xd61f68 midiInClose

• 0xd61f6c midiInUnprepareHeader

• 0xd61f70 mmioOpenA

• 0xd61f74 midiInAddBuffer

• 0xd61f78 timeKillEvent

• 0xd61f7c timeEndPeriod

• 0xd61f80 waveOutOpen

• 0xd61f84 waveOutGetDevCapsA

• 0xd61f88 waveOutSetPitch

• 0xd61f8c waveOutGetPosition

• 0xd61f90 waveOutPause

• 0xd61f94 waveOutUnprepareHeader

• 0xd61f98 waveOutPrepareHeader

• 0xd61f9c waveOutWrite

• 0xd61fa0 waveOutClose

• 0xd61fa4 waveInOpen

• 0xd61fa8 waveInGetDevCapsA

• 0xd61fac waveInGetPosition

• 0xd61fb0 waveInReset

• 0xd61fb4 waveInStop

• 0xd61fb8 waveInClose

• 0xd61fbc waveInPrepareHeader

• 0xd61fc0 waveInAddBuffer

• 0xd61fc4 mmioClose

• 0xd61fc8 waveOutSetVolume

• 0xd61fcc waveOutGetVolume

• 0xd61fd0 waveOutGetNumDevs

• 0xd61fd4 midiInPrepareHeader

• 0xd61fd8 mmioWrite

• 0xd61fdc midiInGetNumDevs

• 0xd61fe0 midiOutGetNumDevs

• 0xd61fe4 timeGetTime

• 0xd61fe8 mmioFlush

• 0xd61fec mmioSeek

Library MSVFW32.dll:

• 0xd619d4 DrawDibClose

• 0xd619d8 DrawDibOpen

• 0xd619dc MCIWndCreateA

• 0xd619e0 GetOpenFileNamePreviewA

• 0xd619e4 DrawDibDraw

Library AVIFIL32.dll:

• 0xd610a4 CreateEditableStream

• 0xd610a8 AVIStreamGetFrame

• 0xd610ac AVISaveOptionsFree

• 0xd610b0 AVIStreamGetFrameOpen

• 0xd610b4 AVIStreamOpenFromFileA

• 0xd610b8 AVIFileExit

• 0xd610bc AVIFileInit

• 0xd610c0 AVIFileOpenA

• 0xd610c4 AVIFileRelease

• 0xd610c8 AVIStreamWrite

• 0xd610cc AVIStreamRead

• 0xd610d0 AVIStreamTimeToSample

• 0xd610d4 AVIFileGetStream

• 0xd610d8 AVIStreamStart

• 0xd610dc AVIStreamSampleToTime

• 0xd610e0 AVIStreamLength

• 0xd610e4 AVIStreamFindSample

• 0xd610e8 AVIStreamSetFormat

• 0xd610ec AVIFileCreateStreamA

• 0xd610f0 AVIStreamInfoA

• 0xd610f4 AVIStreamRelease

• 0xd610f8 AVIStreamReadFormat

• 0xd610fc AVIStreamGetFrameClose

Library ole32.dll:

• 0xd62260 CoInitializeEx

• 0xd62264 CLSIDFromProgID

• 0xd62268 StgOpenStorageOnILockBytes

• 0xd6226c StgCreateDocfileOnILockBytes

• 0xd62270 CreateILockBytesOnHGlobal

• 0xd62274 OleTranslateAccelerator

• 0xd62278 IsAccelerator

• 0xd6227c OleCreateMenuDescriptor

• 0xd62280 OleDestroyMenuDescriptor

• 0xd62284 OleUninitialize

• 0xd62288 OleInitialize

• 0xd6228c CoRevokeClassObject

• 0xd62290 OleIsCurrentClipboard

• 0xd62294 OleFlushClipboard

• 0xd62298 CoRegisterMessageFilter

• 0xd6229c CoGetMalloc

• 0xd622a0 CreateBindCtx

• 0xd622a4 CoFreeUnusedLibraries

• 0xd622a8 CoTaskMemFree

• 0xd622ac CreateStreamOnHGlobal

• 0xd622b0 CoTaskMemAlloc

• 0xd622b4 CoGetClassObject

• 0xd622b8 CoCreateInstance

• 0xd622bc CLSIDFromString

• 0xd622c0 CoInitialize

• 0xd622c4 CoUninitialize

Library MDLL32.dll:

• 0xd61900 _mdllThruSysXBlock@12

• 0xd61904 _mdllControllerSperre@12

• 0xd61908 _initMidiDevice@8

• 0xd6190c _stopMetronom@0

• 0xd61910 _closeMidiDevice@8

• 0xd61914 _setMetronomParam@4

• 0xd61918 _DeactivateMidiEngine@0

• 0xd6191c _InitMidiEngine@4

• 0xd61920 _synchMidiEngine@12

• 0xd61924 _mdllSetControllerTimeout@4

• 0xd61928 _playEvent@8

• 0xd6192c _startMidiJob@16

• 0xd61930 _startMidiJobEx@20

• 0xd61934 _stopMidi@0

• 0xd61938 _startMidiTimer@4

• 0xd6193c _resetMidiSynch@0

• 0xd61940 _flushAllJobs@0

Library MSACM32.dll:

• 0xd61980 acmStreamOpen

• 0xd61984 acmFormatSuggest

• 0xd61988 acmFormatTagDetailsA

• 0xd6198c acmDriverOpen

• 0xd61990 acmDriverClose

• 0xd61994 acmStreamPrepareHeader

• 0xd61998 acmFormatEnumA

• 0xd6199c acmDriverEnum

• 0xd619a0 acmDriverID

• 0xd619a4 acmFormatDetailsA

• 0xd619a8 acmFormatTagEnumA

• 0xd619ac acmStreamSize

• 0xd619b0 acmStreamReset

• 0xd619b4 acmStreamConvert

• 0xd619b8 acmStreamUnprepareHeader

• 0xd619bc acmStreamClose

• 0xd619c0 acmDriverDetailsA

• 0xd619c4 acmMetrics

Library VERSION.dll:

• 0xd61e98 GetFileVersionInfoA

• 0xd61e9c GetFileVersionInfoSizeA

• 0xd61ea0 VerQueryValueA

Library MPR.dll:

• 0xd61964 WNetOpenEnumA

• 0xd61968 WNetGetLastErrorA

• 0xd6196c WNetAddConnection3A

• 0xd61970 WNetEnumResourceA

• 0xd61974 WNetCloseEnum

• 0xd61978 WNetGetUniversalNameA

Library ijl20.dll:

• 0xd6223c

• 0xd62240

• 0xd62244

• 0xd62248

Library DDRAW.dll:

• 0xd61128 DirectDrawCreate

• 0xd6112c DirectDrawEnumerateA

Library AAC.dll:

• 0xd61000 ??0CMP4Info@@QAE@XZ

• 0xd61004 ?Open@CMP4Info@@QAEHPBD@Z

• 0xd61008 ??1CMP4Info@@QAE@XZ

• 0xd6100c _AAC_MPEG4ENC_SRInfo@24

• 0xd61010 _AAC_MPEG4ENC_Configure@8

• 0xd61014 _AAC_MPEG4ENC_Open@8

• 0xd61018 _AAC_MPEG4ENC_GetInfo@8

• 0xd6101c _AAC_MPEG4ENC_Encode@36

• 0xd61020 _AAC_MPEG4ENC_Close@4

• 0xd61024 ?AdvanceMp4ffMux@@YAHQAUM4FI@@PBEH@Z

• 0xd61028 ?DeleteMp4ffMux@@YAHPAPAUM4FI@@@Z

• 0xd6102c ?CreateMp4ffMux@@YAHPAPAUM4FI@@PBDHHHHHHPBEH@Z

• 0xd61030 ?ConvertAACFile@@YAXPAD0@Z

Library DLLAV32.dll:

• 0xd61134 _AvDevGetTrackInfo@20

• 0xd61138 _AvDevGetDevList@20

• 0xd6113c _AvDevControl@20

• 0xd61140 _AvDevErase@20

• 0xd61144 _AvDevUpdateDevList@8

• 0xd61148 _AvDevOpen@12

• 0xd6114c _AvDevBeginReadTracks@16

• 0xd61150 _AvDevGetDiscInfo@16

• 0xd61154 _AvDevGetSpecialInfo@16

• 0xd61158 _AvDevEndReadTracks@12

• 0xd6115c _AvAuthorize@4

• 0xd61160 _AvDevClose@12

Library MPEGI.DLL:

• 0xd6195c GetMpegProps@12

Library KERNEL32.dll:

• 0xd613d4 GlobalAlloc

• 0xd613d8 FreeResource

• 0xd613dc InterlockedDecrement

• 0xd613e0 InterlockedIncrement

• 0xd613e4 Beep

• 0xd613e8 WriteProfileStringA

• 0xd613ec SetFileAttributesA

• 0xd613f0 GetVersionExA

• 0xd613f4 LocalFree

• 0xd613f8 LocalAlloc

• 0xd613fc SetCurrentDirectoryA

• 0xd61400 GetVolumeInformationA

• 0xd61404 GetSystemDirectoryA

• 0xd61408 GetProfileIntA

• 0xd6140c FileTimeToSystemTime

• 0xd61410 FileTimeToLocalFileTime

• 0xd61414 GetTimeFormatA

• 0xd61418 GetUserDefaultLCID

• 0xd6141c MoveFileA

• 0xd61420 GetSystemInfo

• 0xd61424 GetCurrentDirectoryA

• 0xd61428 GetShortPathNameA

• 0xd6142c InitializeCriticalSection

• 0xd61430 DeleteCriticalSection

• 0xd61434 EnterCriticalSection

• 0xd61438 LeaveCriticalSection

• 0xd6143c OutputDebugStringA

• 0xd61440 VirtualAlloc

• 0xd61444 VirtualFree

• 0xd61448 MultiByteToWideChar

• 0xd6144c GetCurrentProcessId

• 0xd61450 GetCurrentProcess

• 0xd61454 GlobalMemoryStatus

• 0xd61458 WaitForSingleObject

• 0xd6145c CreateThread

• 0xd61460 GetDiskFreeSpaceA

• 0xd61464 GetDriveTypeA

• 0xd61468 GetFullPathNameA

• 0xd6146c GetModuleFileNameA

• 0xd61470 MulDiv

• 0xd61474 GetLongPathNameA

• 0xd61478 ExpandEnvironmentStringsA

• 0xd6147c IsBadReadPtr

• 0xd61480 UnmapViewOfFile

• 0xd61484 MapViewOfFile

• 0xd61488 GetWindowsDirectoryA

• 0xd6148c GetCurrentThread

• 0xd61490 SetEnvironmentVariableA

• 0xd61494 CreateFileMappingA

• 0xd61498 SetThreadLocale

• 0xd6149c GetThreadLocale

• 0xd614a0 GetModuleHandleA

• 0xd614a4 SetLastError

• 0xd614a8 ResetEvent

• 0xd614ac SetEvent

• 0xd614b0 SetThreadPriority

• 0xd614b4 CreateEventA

• 0xd614b8 SetFilePointer

• 0xd614bc SetThreadAffinityMask

• 0xd614c0 InterlockedExchange

• 0xd614c4 GlobalGetAtomNameA

• 0xd614c8 LoadLibraryExA

• 0xd614cc InterlockedExchangeAdd

• 0xd614d0 SuspendThread

• 0xd614d4 SetProcessAffinityMask

• 0xd614d8 GetProcessAffinityMask

• 0xd614dc ResumeThread

• 0xd614e0 TerminateThread

• 0xd614e4 OpenFile

• 0xd614e8 DeviceIoControl

• 0xd614ec SetPriorityClass

• 0xd614f0 GlobalReAlloc

• 0xd614f4 lstrlenA

• 0xd614f8 FormatMessageA

• 0xd614fc GetSystemDefaultLangID

• 0xd61500 lstrcatA

• 0xd61504 GetVersion

• 0xd61508 SystemTimeToFileTime

• 0xd6150c GetSystemTime

• 0xd61510 SetErrorMode

• 0xd61514 OpenEventA

• 0xd61518 GetExitCodeProcess

• 0xd6151c WaitForMultipleObjects

• 0xd61520 CreateProcessA

• 0xd61524 TerminateProcess

• 0xd61528 lstrcpyA

• 0xd6152c lstrcmpiA

• 0xd61530 GetPriorityClass

• 0xd61534 LocalHandle

• 0xd61538 lstrcpynA

• 0xd6153c GetTickCount

• 0xd61540 LocalUnlock

• 0xd61544 LocalLock

• 0xd61548 GetLogicalDrives

• 0xd6154c GlobalHandle

• 0xd61550 GlobalMemoryStatusEx

• 0xd61554 GetLocaleInfoA

• 0xd61558 GetEnvironmentVariableA

• 0xd6155c GetPrivateProfileSectionA

• 0xd61560 GetPrivateProfileSectionNamesA

• 0xd61564 HeapFree

• 0xd61568 HeapAlloc

• 0xd6156c GetProcessHeap

• 0xd61570 SetUnhandledExceptionFilter

• 0xd61574 VirtualQuery

• 0xd61578 IsBadWritePtr

• 0xd6157c GetThreadContext

• 0xd61580 LocalFileTimeToFileTime

• 0xd61584 lstrcmpW

• 0xd61588 DuplicateHandle

• 0xd6158c lstrlenW

• 0xd61590 CompareStringA

• 0xd61594 GlobalFindAtomA

• 0xd61598 GetModuleFileNameW

• 0xd6159c CreateMutexA

• 0xd615a0 ReleaseMutex

• 0xd615a4 GetStringTypeExA

• 0xd615a8 FlushFileBuffers

• 0xd615ac LockFile

• 0xd615b0 UnlockFile

• 0xd615b4 lstrcmpA

• 0xd615b8 EnumResourceLanguagesA

• 0xd615bc ConvertDefaultLocale

• 0xd615c0 VirtualProtect

• 0xd615c4 GetFileAttributesExA

• 0xd615c8 GetFileSizeEx

• 0xd615cc GetModuleHandleW

• 0xd615d0 TlsGetValue

• 0xd615d4 TlsAlloc

• 0xd615d8 TlsSetValue

• 0xd615dc LocalReAlloc

• 0xd615e0 TlsFree

• 0xd615e4 GlobalFlags

• 0xd615e8 GetCPInfo

• 0xd615ec GetOEMCP

• 0xd615f0 RaiseException

• 0xd615f4 RtlUnwind

• 0xd615f8 UnhandledExceptionFilter

• 0xd615fc IsDebuggerPresent

• 0xd61600 GetSystemTimeAsFileTime

• 0xd61604 ExitProcess

• 0xd61608 HeapSize

• 0xd6160c GetFileInformationByHandle

• 0xd61610 PeekNamedPipe

• 0xd61614 GetFileType

• 0xd61618 HeapReAlloc

• 0xd6161c GetTimeZoneInformation

• 0xd61620 GetCommandLineA

• 0xd61624 GetStartupInfoA

• 0xd61628 SetStdHandle

• 0xd6162c GetACP

• 0xd61630 IsValidCodePage

• 0xd61634 LCMapStringA

• 0xd61638 LCMapStringW

• 0xd6163c HeapCreate

• 0xd61640 SetHandleCount

• 0xd61644 GetStdHandle

• 0xd61648 InitializeCriticalSectionAndSpinCount

• 0xd6164c GetStringTypeA

• 0xd61650 GetStringTypeW

• 0xd61654 EnumSystemLocalesA

• 0xd61658 IsValidLocale

• 0xd6165c CompareStringW

• 0xd61660 GetConsoleCP

• 0xd61664 GetConsoleMode

• 0xd61668 CreateFileW

• 0xd6166c FreeEnvironmentStringsA

• 0xd61670 GetEnvironmentStrings

• 0xd61674 FreeEnvironmentStringsW

• 0xd61678 GetEnvironmentStringsW

• 0xd6167c GetLocaleInfoW

• 0xd61680 WriteConsoleA

• 0xd61684 GetConsoleOutputCP

• 0xd61688 WriteConsoleW

• 0xd6168c GlobalLock

• 0xd61690 GlobalUnlock

• 0xd61694 GlobalFree

• 0xd61698 FindNextFileA

• 0xd6169c GetComputerNameA

• 0xd616a0 CopyFileExA

• 0xd616a4 GetFileTime

• 0xd616a8 GlobalDeleteAtom

• 0xd616ac GlobalAddAtomA

• 0xd616b0 WinExec

• 0xd616b4 CopyFileA

• 0xd616b8 CreateDirectoryA

• 0xd616bc GetLastError

• 0xd616c0 RemoveDirectoryA

• 0xd616c4 WriteFile

• 0xd616c8 SetEndOfFile

• 0xd616cc GetFileAttributesA

• 0xd616d0 GetProcAddress

• 0xd616d4 FreeLibrary

• 0xd616d8 GetTempFileNameA

• 0xd616dc GetTempPathA

• 0xd616e0 GetFileSize

• 0xd616e4 FindFirstFileA

• 0xd616e8 FindClose

• 0xd616ec CompareFileTime

• 0xd616f0 DeleteFileA

• 0xd616f4 CreateFileA

• 0xd616f8 InterlockedCompareExchange

• 0xd616fc FindCloseChangeNotification

• 0xd61700 FindNextChangeNotification

• 0xd61704 FindFirstChangeNotificationA

• 0xd61708 GetLogicalDriveStringsA

• 0xd6170c SystemTimeToTzSpecificLocalTime

• 0xd61710 GetUserDefaultLangID

• 0xd61714 GetSystemDefaultLCID

• 0xd61718 ReadFile

• 0xd6171c CloseHandle

• 0xd61720 GetCurrentThreadId

• 0xd61724 Sleep

• 0xd61728 GetLocalTime

• 0xd6172c GetDateFormatA

• 0xd61730 LoadLibraryA

• 0xd61734 GetPrivateProfileIntA

• 0xd61738 GetPrivateProfileStringA

• 0xd6173c WritePrivateProfileStringA

• 0xd61740 WideCharToMultiByte

• 0xd61744 QueryPerformanceFrequency

• 0xd61748 QueryPerformanceCounter

• 0xd6174c FindResourceA

• 0xd61750 LoadResource

• 0xd61754 LockResource

• 0xd61758 SizeofResource

• 0xd6175c SetFileTime

Library USER32.dll:

• 0xd61ae4 CloseClipboard

• 0xd61ae8 SetScrollInfo

• 0xd61aec ScrollWindow

• 0xd61af0 GetScrollInfo

• 0xd61af4 DialogBoxParamA

• 0xd61af8 InvalidateRgn

• 0xd61afc EndDialog

• 0xd61b00 CheckDlgButton

• 0xd61b04 ExitWindowsEx

• 0xd61b08 OemKeyScan

• 0xd61b0c MapVirtualKeyA

• 0xd61b10 SendDlgItemMessageA

• 0xd61b14 CheckMenuRadioItem

• 0xd61b18 ShowCursor

• 0xd61b1c EnumWindows

• 0xd61b20 GetDialogBaseUnits

• 0xd61b24 EnableScrollBar

• 0xd61b28 CreateDialogParamA

• 0xd61b2c IsWindowEnabled

• 0xd61b30 GetUpdateRect

• 0xd61b34 IsDialogMessageA

• 0xd61b38 OemToCharA

• 0xd61b3c CharLowerA

• 0xd61b40 FindWindowExA

• 0xd61b44 MonitorFromRect

• 0xd61b48 MonitorFromWindow

• 0xd61b4c GetMonitorInfoA

• 0xd61b50 GetWindowTextLengthA

• 0xd61b54 EnableMenuItem

• 0xd61b58 GetMenuDefaultItem

• 0xd61b5c SetMenuDefaultItem

• 0xd61b60 GrayStringA

• 0xd61b64 DrawTextExA

• 0xd61b68 TabbedTextOutA

• 0xd61b6c FrameRect

• 0xd61b70 UnionRect

• 0xd61b74 GetScrollPos

• 0xd61b78 AdjustWindowRectEx

• 0xd61b7c DrawIcon

• 0xd61b80 GetSysColorBrush

• 0xd61b84 GetDCEx

• 0xd61b88 IsChild

• 0xd61b8c DeferWindowPos

• 0xd61b90 GetMessageA

• 0xd61b94 BeginDeferWindowPos

• 0xd61b98 EndDeferWindowPos

• 0xd61b9c IsRectEmpty

• 0xd61ba0 TranslateAcceleratorA

• 0xd61ba4 SetLayeredWindowAttributes

• 0xd61ba8 ValidateRect

• 0xd61bac DrawEdge

• 0xd61bb0 GetWindow

• 0xd61bb4 DrawFocusRect

• 0xd61bb8 InflateRect

• 0xd61bbc DrawStateA

• 0xd61bc0 SetWindowRgn

• 0xd61bc4 GetCursor

• 0xd61bc8 GetClassLongA

• 0xd61bcc SetClassLongA

• 0xd61bd0 GetCapture

• 0xd61bd4 SetRectEmpty

• 0xd61bd8 IntersectRect

• 0xd61bdc GetActiveWindow

• 0xd61be0 SetClipboardData

• 0xd61be4 EmptyClipboard

• 0xd61be8 OpenClipboard

• 0xd61bec UnregisterDeviceNotification

• 0xd61bf0 InvertRect

• 0xd61bf4 RegisterClassExA

• 0xd61bf8 BeginPaint

• 0xd61bfc EndPaint

• 0xd61c00 SetWindowPlacement

• 0xd61c04 GetDoubleClickTime

• 0xd61c08 FillRect

• 0xd61c0c DefWindowProcA

• 0xd61c10 GetClassInfoA

• 0xd61c14 RegisterClassA

• 0xd61c18 CallWindowProcA

• 0xd61c1c wvsprintfA

• 0xd61c20 DestroyWindow

• 0xd61c24 MoveWindow

• 0xd61c28 DrawTextA

• 0xd61c2c SetRect

• 0xd61c30 CharLowerBuffA

• 0xd61c34 RegisterWindowMessageA

• 0xd61c38 SetCursorPos

• 0xd61c3c SetScrollRange

• 0xd61c40 SetScrollPos

• 0xd61c44 SendNotifyMessageA

• 0xd61c48 SetParent

• 0xd61c4c LoadStringA

• 0xd61c50 InsertMenuA

• 0xd61c54 LoadBitmapA

• 0xd61c58 SetCapture

• 0xd61c5c DrawIconEx

• 0xd61c60 SetSysColors

• 0xd61c64 WindowFromDC

• 0xd61c68 PostThreadMessageA

• 0xd61c6c CreateDialogIndirectParamA

• 0xd61c70 GetMenu

• 0xd61c74 GetClassInfoExA

• 0xd61c78 ShowScrollBar

• 0xd61c7c GetScrollRange

• 0xd61c80 SetMenu

• 0xd61c84 TrackPopupMenuEx

• 0xd61c88 MapWindowPoints

• 0xd61c8c GetMessageTime

• 0xd61c90 GetLastActivePopup

• 0xd61c94 RemovePropA

• 0xd61c98 GetPropA

• 0xd61c9c SetPropA

• 0xd61ca0 GetMenuCheckMarkDimensions

• 0xd61ca4 SetMenuItemBitmaps

• 0xd61ca8 GetDlgCtrlID

• 0xd61cac GetTopWindow

• 0xd61cb0 UpdateWindow

• 0xd61cb4 CheckRadioButton

• 0xd61cb8 GetDlgItemInt

• 0xd61cbc IsDlgButtonChecked

• 0xd61cc0 GetWindowDC

• 0xd61cc4 DefFrameProcA

• 0xd61cc8 DefMDIChildProcA

• 0xd61ccc GetMessagePos

• 0xd61cd0 SetCursor

• 0xd61cd4 LoadCursorA

• 0xd61cd8 ScrollDC

• 0xd61cdc ReleaseCapture

• 0xd61ce0 GetForegroundWindow

• 0xd61ce4 GetWindowThreadProcessId

• 0xd61ce8 GetDlgItemTextA

• 0xd61cec SetDlgItemTextA

• 0xd61cf0 MessageBoxA

• 0xd61cf4 MessageBeep

• 0xd61cf8 UnhookWindowsHookEx

• 0xd61cfc EnumChildWindows

• 0xd61d00 GetWindowLongA

• 0xd61d04 SetWindowLongA

• 0xd61d08 CreateWindowExA

• 0xd61d0c SetWindowsHookExA

• 0xd61d10 CallNextHookEx

• 0xd61d14 TrackPopupMenu

• 0xd61d18 GetNextDlgTabItem

• 0xd61d1c GetClassNameA

• 0xd61d20 SetActiveWindow

• 0xd61d24 PtInRect

• 0xd61d28 GetSystemMenu

• 0xd61d2c wsprintfA

• 0xd61d30 MonitorFromPoint

• 0xd61d34 GetSysColor

• 0xd61d38 SetWindowPos

• 0xd61d3c WinHelpA

• 0xd61d40 GetKeyState

• 0xd61d44 keybd_event

• 0xd61d48 GetDesktopWindow

• 0xd61d4c LoadIconA

• 0xd61d50 WindowFromPoint

• 0xd61d54 GetFocus

• 0xd61d58 LockWindowUpdate

• 0xd61d5c ScreenToClient

• 0xd61d60 ClientToScreen

• 0xd61d64 CheckMenuItem

• 0xd61d68 EqualRect

• 0xd61d6c OffsetRect

• 0xd61d70 IsWindow

• 0xd61d74 GetWindowPlacement

• 0xd61d78 TranslateMDISysAccel

• 0xd61d7c GetWindowRect

• 0xd61d80 IsZoomed

• 0xd61d84 PeekMessageA

• 0xd61d88 TranslateMessage

• 0xd61d8c DispatchMessageA

• 0xd61d90 SetForegroundWindow

• 0xd61d94 GetSystemMetrics

• 0xd61d98 GetParent

• 0xd61d9c GetClientRect

• 0xd61da0 PostMessageA

• 0xd61da4 CopyRect

• 0xd61da8 BringWindowToTop

• 0xd61dac CreateAcceleratorTableA

• 0xd61db0 DestroyAcceleratorTable

• 0xd61db4 HiliteMenuItem

• 0xd61db8 GetWindowRgn

• 0xd61dbc CreateMenu

• 0xd61dc0 GetMenuItemInfoA

• 0xd61dc4 SetMenuItemInfoA

• 0xd61dc8 GetCursorPos

• 0xd61dcc LoadImageA

• 0xd61dd0 SetFocus

• 0xd61dd4 GetWindowTextA

• 0xd61dd8 SetWindowTextA

• 0xd61ddc VkKeyScanA

• 0xd61de0 DeleteMenu

• 0xd61de4 CreatePopupMenu

• 0xd61de8 AppendMenuA

• 0xd61dec RemoveMenu

• 0xd61df0 GetMenuState

• 0xd61df4 GetDlgItem

• 0xd61df8 InsertMenuItemA

• 0xd61dfc ReuseDDElParam

• 0xd61e00 UnpackDDElParam

• 0xd61e04 WaitMessage

• 0xd61e08 CharUpperA

• 0xd61e0c PostQuitMessage

• 0xd61e10 GetMenuItemCount

• 0xd61e14 GetMenuItemID

• 0xd61e18 GetMenuStringA

• 0xd61e1c GetSubMenu

• 0xd61e20 ModifyMenuA

• 0xd61e24 LoadMenuA

• 0xd61e28 SendMessageA

• 0xd61e2c DrawMenuBar

• 0xd61e30 IsIconic

• 0xd61e34 GetDC

• 0xd61e38 ReleaseDC

• 0xd61e3c InvalidateRect

• 0xd61e40 IsWindowVisible

• 0xd61e44 RedrawWindow

• 0xd61e48 SetTimer

• 0xd61e4c KillTimer

• 0xd61e50 EnableWindow

• 0xd61e54 MapDialogRect

• 0xd61e58 LoadAcceleratorsA

• 0xd61e5c CopyAcceleratorTableA

• 0xd61e60 GetAsyncKeyState

• 0xd61e64 DestroyIcon

• 0xd61e68 DestroyMenu

• 0xd61e6c ShowWindow

• 0xd61e70 ShowOwnedPopups

• 0xd61e74 SetWindowContextHelpId

• 0xd61e78 CharNextA

• 0xd61e7c UnregisterClassA

• 0xd61e80 GetTabbedTextExtentA

• 0xd61e84 GetNextDlgGroupItem

• 0xd61e88 RegisterClipboardFormatA

• 0xd61e8c SystemParametersInfoA

• 0xd61e90 DestroyCursor

Library GDI32.dll:

• 0xd611e4 SetViewportExtEx

• 0xd611e8 ScaleViewportExtEx

• 0xd611ec SetWindowExtEx

• 0xd611f0 ScaleWindowExtEx

• 0xd611f4 GetCurrentPositionEx

• 0xd611f8 SetTextAlign

• 0xd611fc IntersectClipRect

• 0xd61200 SetMapMode

• 0xd61204 PolyBezierTo

• 0xd61208 ExtSelectClipRgn

• 0xd6120c CreatePatternBrush

• 0xd61210 CreateRectRgnIndirect

• 0xd61214 GetCharWidthA

• 0xd61218 GetMapMode

• 0xd6121c DPtoLP

• 0xd61220 SetAbortProc

• 0xd61224 AbortDoc

• 0xd61228 LPtoDP

• 0xd6122c GetNearestColor

• 0xd61230 GetBkMode

• 0xd61234 GetPolyFillMode

• 0xd61238 GetROP2

• 0xd6123c GetTextFaceA

• 0xd61240 GetTextExtentPointA

• 0xd61244 GetWindowOrgEx

• 0xd61248 EnumFontFamiliesExA

• 0xd6124c SetGraphicsMode

• 0xd61250 SetPolyFillMode

• 0xd61254 RestoreDC

• 0xd61258 SaveDC

• 0xd6125c CreateBitmap

• 0xd61260 GetClipBox

• 0xd61264 CreateDCA

• 0xd61268 PolyPolyline

• 0xd6126c EndDoc

• 0xd61270 EndPage

• 0xd61274 StartPage

• 0xd61278 GetViewportOrgEx

• 0xd6127c ExtCreatePen

• 0xd61280 AddFontResourceA

• 0xd61284 StrokeAndFillPath

• 0xd61288 EndPath

• 0xd6128c BeginPath

• 0xd61290 PolyBezier

• 0xd61294 SetRectRgn

• 0xd61298 GetStretchBltMode

• 0xd6129c SetDIBits

• 0xd612a0 CreateDIBSection

• 0xd612a4 GetBitmapBits

• 0xd612a8 GetPixel

• 0xd612ac Polygon

• 0xd612b0 Escape

• 0xd612b4 PtVisible

• 0xd612b8 GetCurrentObject

• 0xd612bc GetBkColor

• 0xd612c0 CreateHatchBrush

• 0xd612c4 GetRgnBox

• 0xd612c8 SetROP2

• 0xd612cc MoveToEx

• 0xd612d0 LineTo

• 0xd612d4 Pie

• 0xd612d8 Ellipse

• 0xd612dc CreateBrushIndirect

• 0xd612e0 GetTextColor

• 0xd612e4 PtInRegion

• 0xd612e8 CreateEllipticRgn

• 0xd612ec GetTextAlign

• 0xd612f0 GdiFlush

• 0xd612f4 CreatePolygonRgn

• 0xd612f8 GetTextMetricsA

• 0xd612fc PatBlt

• 0xd61300 GetDIBits

• 0xd61304 SetStretchBltMode

• 0xd61308 RectVisible

• 0xd6130c ExcludeClipRect

• 0xd61310 TextOutA

• 0xd61314 SetTextColor

• 0xd61318 Polyline

• 0xd6131c SetWindowOrgEx

• 0xd61320 SetPixel

• 0xd61324 SetDIBitsToDevice

• 0xd61328 SetBkMode

• 0xd6132c DeleteDC

• 0xd61330 StretchDIBits

• 0xd61334 GetTextExtentPoint32A

• 0xd61338 CreatePen

• 0xd6133c Rectangle

• 0xd61340 ExtTextOutA

• 0xd61344 SetBitmapBits

• 0xd61348 SetBrushOrgEx

• 0xd6134c StretchBlt

• 0xd61350 SetPixelV

• 0xd61354 FrameRgn

• 0xd61358 GetTextCharsetInfo

• 0xd6135c TranslateCharsetInfo

• 0xd61360 CreateICA

• 0xd61364 CreateRoundRectRgn

• 0xd61368 SetBkColor

• 0xd6136c GetObjectA

• 0xd61370 CreateSolidBrush

• 0xd61374 SetViewportOrgEx

• 0xd61378 OffsetViewportOrgEx

• 0xd6137c SelectClipRgn

• 0xd61380 StartDocA

• 0xd61384 GetViewportExtEx

• 0xd61388 RemoveFontResourceA

• 0xd6138c CreateFontIndirectA

• 0xd61390 CreateCompatibleBitmap

• 0xd61394 CreateFontA

• 0xd61398 CreatePalette

• 0xd6139c CreateCompatibleDC

• 0xd613a0 GetDeviceCaps

• 0xd613a4 SelectObject

• 0xd613a8 RealizePalette

• 0xd613ac BitBlt

• 0xd613b0 CreateDIBitmap

• 0xd613b4 SelectPalette

• 0xd613b8 DeleteObject

• 0xd613bc GetStockObject

• 0xd613c0 CreateRectRgn

• 0xd613c4 CombineRgn

• 0xd613c8 FillRgn

• 0xd613cc GetWindowExtEx

Library COMDLG32.dll:

• 0xd61118 GetFileTitleA

• 0xd6111c GetSaveFileNameA

• 0xd61120 GetOpenFileNameA

Library WINSPOOL.DRV:

• 0xd61ff4 ClosePrinter

• 0xd61ff8 DocumentPropertiesA

• 0xd61ffc OpenPrinterA

• 0xd62000 GetJobA

Exports

Ordinal	Address	Name
1	0x9379d0	?MsgCBFunc@CResult@@CGHPAUMsgStruct@@@Z

Hosts

No hosts contacted.

DNS

Name	Response	Post-Analysis Lookup
time.windows.com	A 20.189.79.72 CNAME time.microsoft.akadns.net
dns.msftncsi.com	A 131.107.255.255	131.107.255.255
dns.msftncsi.com	AAAA fd3e:4f5a:5b81::1	131.107.255.255
teredo.ipv6.microsoft.com

TCP

No TCP connections recorded.

UDP

Source	Source Port	Destination	Destination Port
192.168.56.101	51808	114.114.114.114	53
192.168.56.101	53237	114.114.114.114	53
192.168.56.101	57756	114.114.114.114	53
192.168.56.101	57874	114.114.114.114	53
192.168.56.101	65004	114.114.114.114	53
192.168.56.101	137	192.168.56.255	137
192.168.56.101	138	192.168.56.255	138
192.168.56.101	123	20.189.79.72 time.windows.com	123
192.168.56.101	49235	224.0.0.252	5355
192.168.56.101	50002	224.0.0.252	5355
192.168.56.101	51378	224.0.0.252	5355
192.168.56.101	51963	224.0.0.252	5355
192.168.56.101	56804	224.0.0.252	5355
192.168.56.101	58367	224.0.0.252	5355
192.168.56.101	62191	224.0.0.252	5355
192.168.56.101	63429	224.0.0.252	5355
192.168.56.101	1900	239.255.255.250	1900
192.168.56.101	51966	239.255.255.250	1900
192.168.56.101	57757	239.255.255.250	3702
192.168.56.101	57759	239.255.255.250	3702

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.

Sorry! No dropped buffers.