4.6
中危
该样本未表现出任何异常!
重新分析
更多

81145c0fc67c3d2d760704a19c29e0bed032e8521ddbebab54a2111e5cb8f6b0

4d756db1068bd08a45e8639abbdfcced.exe

分析耗时

88s

最近分析

文件大小

3.5MB
静态报毒 动态报毒
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
未检测 暂无反病毒引擎检测结果
静态指标
The executable contains unknown PE section names indicative of a packer (could be a false positive) (2 个事件)
section .itext
section .didata
The executable uses a known packer (1 个事件)
packer BobSoft Mini Delphi -> BoB / BobSoft
The file contains an unknown PE resource name possibly indicative of a packer (1 个事件)
resource name VCLSTYLE
One or more processes crashed (1 个事件)
Time & API Arguments Status Return Repeated
1620758787.091
__exception__
stacktrace: 
TMethodImplementationIntercept+0x25fdc7 dbkFCallWrapperAddr-0x1da21 winsrv+0x2c6c1b @ 0x6c6c1b
TMethodImplementationIntercept+0x101e2a dbkFCallWrapperAddr-0x17b9be winsrv+0x168c7e @ 0x568c7e
TMethodImplementationIntercept+0x61b46 dbkFCallWrapperAddr-0x21bca2 winsrv+0xc899a @ 0x4c899a
gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x775a62fa
GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x775a6d3a
CharPrevW+0x138 TranslateMessage-0x45 user32+0x177c4 @ 0x775a77c4
DispatchMessageW+0xf GetMessageW-0x58 user32+0x1788a @ 0x775a788a
TMethodImplementationIntercept+0x17b1a4 dbkFCallWrapperAddr-0x102644 winsrv+0x1e1ff8 @ 0x5e1ff8

registers.esp: 1637596
registers.edi: 0
registers.eax: 0
registers.ebp: 1637628
registers.edx: 7107176
registers.ebx: 7107176
registers.esi: 5672044
registers.ecx: 0
exception.instruction_r: 8b 08 ff 51 24 85 c0 75 3b 8d 45 fc 50 8d 55 f8
exception.symbol: TMethodImplementationIntercept+0x261e61 dbkFCallWrapperAddr-0x1b987 winsrv+0x2c8cb5
exception.instruction: mov ecx, dword ptr [eax]
exception.module: winsrv.exe
exception.exception_code: 0xc0000005
exception.offset: 2919605
exception.address: 0x6c8cb5
success 0 0
行为判定
动态指标
One or more potentially interesting buffers were extracted, these generally contain injected code, configuration data, etc.
Performs some HTTP requests (1 个事件)
request GET http://www.lawfirm-index.com/bot.php?v=13
Allocates read-write-execute memory (usually to unpack itself) (4 个事件)
Time & API Arguments Status Return Repeated
1620758774.606375
NtAllocateVirtualMemory
process_identifier: 2284
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x020e0000
success 0 0
1620758774.731375
NtAllocateVirtualMemory
process_identifier: 2284
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x02150000
success 0 0
1620758777.513
NtAllocateVirtualMemory
process_identifier: 2216
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x020e0000
success 0 0
1620758777.7
NtAllocateVirtualMemory
process_identifier: 2216
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x02150000
success 0 0
网络通信
Communicates with host for which no DNS query was performed (1 个事件)
host 172.217.24.14
Installs itself for autorun at Windows startup (2 个事件)
reg_key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\winsrv reg_value C:\Users\Administrator.Oskar-PC\AppData\Roaming\winsrv\winsrv.exe
reg_key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\winsrv reg_value C:\Users\Administrator.Oskar-PC\AppData\Roaming\winsrv\winsrv.exe
Attempts to modify browser security settings (1 个事件)
registry HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\winsrv.exe
Generates some ICMP traffic
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

2018-12-09 09:51:14

Imports

Library wininet.dll:
0x6e8a80 InternetCloseHandle
0x6e8a8c InternetConnectW
0x6e8a90 InternetSetOptionW
0x6e8aa8 FindCloseUrlCache
0x6e8aac InternetOpenW
Library winspool.drv:
0x6e8ab4 DocumentPropertiesW
0x6e8ab8 ClosePrinter
0x6e8abc OpenPrinterW
0x6e8ac0 GetDefaultPrinterW
0x6e8ac4 EnumPrintersW
Library comdlg32.dll:
0x6e8acc GetSaveFileNameW
0x6e8ad0 GetOpenFileNameW
Library comctl32.dll:
0x6e8ae0 ImageList_DragMove
0x6e8ae4 ImageList_Destroy
0x6e8ae8 _TrackMouseEvent
0x6e8af0 ImageList_Add
0x6e8afc ImageList_Create
0x6e8b00 ImageList_EndDrag
0x6e8b04 ImageList_DrawEx
0x6e8b0c FlatSB_GetScrollPos
0x6e8b10 FlatSB_SetScrollPos
0x6e8b14 InitializeFlatSB
0x6e8b18 ImageList_Copy
0x6e8b20 ImageList_Write
0x6e8b2c ImageList_BeginDrag
0x6e8b30 ImageList_GetIcon
0x6e8b34 ImageList_Replace
0x6e8b3c ImageList_DragEnter
0x6e8b48 ImageList_Read
0x6e8b4c ImageList_DragLeave
0x6e8b54 ImageList_Draw
0x6e8b58 ImageList_Remove
Library shell32.dll:
0x6e8b6c Shell_NotifyIconW
0x6e8b74 ShellExecuteW
Library URLMON.DLL:
0x6e8b84 URLDownloadToFileW
Library user32.dll:
0x6e8b8c MoveWindow
0x6e8b90 CopyImage
0x6e8b94 SetMenuItemInfoW
0x6e8b98 GetMenuItemInfoW
0x6e8b9c DefFrameProcW
0x6e8ba0 GetDlgCtrlID
0x6e8ba4 FrameRect
0x6e8bac GetMenuStringW
0x6e8bb0 FillRect
0x6e8bb4 SendMessageA
0x6e8bb8 EnumWindows
0x6e8bbc ShowOwnedPopups
0x6e8bc0 GetClassInfoExW
0x6e8bc4 GetClassInfoW
0x6e8bc8 GetScrollRange
0x6e8bcc SetActiveWindow
0x6e8bd0 GetActiveWindow
0x6e8bd4 DrawEdge
0x6e8bdc LoadBitmapW
0x6e8be0 EnumChildWindows
0x6e8be4 UnhookWindowsHookEx
0x6e8be8 SetCapture
0x6e8bec GetCapture
0x6e8bf0 LoadMenuW
0x6e8bf4 ShowCaret
0x6e8bf8 CreatePopupMenu
0x6e8bfc GetMenuItemID
0x6e8c00 CharLowerBuffW
0x6e8c04 PostMessageW
0x6e8c08 SetWindowLongW
0x6e8c0c IsZoomed
0x6e8c10 SetParent
0x6e8c14 DrawMenuBar
0x6e8c18 GetClientRect
0x6e8c1c IsChild
0x6e8c20 SendDlgItemMessageW
0x6e8c24 IsIconic
0x6e8c28 CallNextHookEx
0x6e8c2c ShowWindow
0x6e8c30 GetWindowTextW
0x6e8c34 SetForegroundWindow
0x6e8c3c IsDialogMessageW
0x6e8c40 DestroyWindow
0x6e8c44 RegisterClassW
0x6e8c48 EndMenu
0x6e8c4c CharNextW
0x6e8c50 GetFocus
0x6e8c54 GetDC
0x6e8c58 SetFocus
0x6e8c5c ReleaseDC
0x6e8c60 GetClassLongW
0x6e8c64 SetScrollRange
0x6e8c68 DrawTextW
0x6e8c6c PeekMessageA
0x6e8c70 MessageBeep
0x6e8c74 SetClassLongW
0x6e8c78 RemovePropW
0x6e8c7c GetSubMenu
0x6e8c80 DestroyIcon
0x6e8c84 IsWindowVisible
0x6e8c88 DispatchMessageA
0x6e8c8c UnregisterClassW
0x6e8c90 GetTopWindow
0x6e8c94 SendMessageW
0x6e8c98 GetMessageTime
0x6e8c9c LoadStringW
0x6e8ca0 CreateMenu
0x6e8ca4 CharLowerW
0x6e8ca8 SetWindowRgn
0x6e8cac SetWindowPos
0x6e8cb0 GetMenuItemCount
0x6e8cb4 GetSysColorBrush
0x6e8cb8 GetWindowDC
0x6e8cbc DrawTextExW
0x6e8cc0 GetScrollInfo
0x6e8cc4 SetWindowTextW
0x6e8cc8 GetMessageExtraInfo
0x6e8ccc GetSysColor
0x6e8cd0 EnableScrollBar
0x6e8cd4 TrackPopupMenu
0x6e8cd8 DrawIconEx
0x6e8cdc GetClassNameW
0x6e8ce0 GetMessagePos
0x6e8ce4 GetIconInfo
0x6e8ce8 SetScrollInfo
0x6e8cec GetKeyNameTextW
0x6e8cf0 GetDesktopWindow
0x6e8cf4 SetCursorPos
0x6e8cf8 GetCursorPos
0x6e8cfc SetMenu
0x6e8d00 GetMenuState
0x6e8d04 GetMenu
0x6e8d08 SetRect
0x6e8d0c GetKeyState
0x6e8d10 GetCursor
0x6e8d14 KillTimer
0x6e8d18 WaitMessage
0x6e8d20 GetWindowPlacement
0x6e8d24 CreateWindowExW
0x6e8d28 GetDCEx
0x6e8d2c PeekMessageW
0x6e8d30 MonitorFromWindow
0x6e8d34 SetTimer
0x6e8d38 WindowFromPoint
0x6e8d3c BeginPaint
0x6e8d44 MapVirtualKeyW
0x6e8d48 IsWindowUnicode
0x6e8d4c DispatchMessageW
0x6e8d50 TrackPopupMenuEx
0x6e8d58 DefMDIChildProcW
0x6e8d5c GetSystemMenu
0x6e8d60 SetScrollPos
0x6e8d64 GetScrollPos
0x6e8d68 DrawFocusRect
0x6e8d6c ReleaseCapture
0x6e8d70 LoadCursorW
0x6e8d74 ScrollWindow
0x6e8d78 GetLastActivePopup
0x6e8d7c SetDlgItemTextW
0x6e8d80 GetSystemMetrics
0x6e8d84 CharUpperBuffW
0x6e8d88 SetClipboardData
0x6e8d8c GetClipboardData
0x6e8d90 ClientToScreen
0x6e8d94 SetWindowPlacement
0x6e8d98 GetMonitorInfoW
0x6e8d9c CheckMenuItem
0x6e8da0 CharUpperW
0x6e8da4 DefWindowProcW
0x6e8da8 GetForegroundWindow
0x6e8dac EnableWindow
0x6e8db4 RedrawWindow
0x6e8db8 EndPaint
0x6e8dc0 LoadKeyboardLayoutW
0x6e8dc8 GetParent
0x6e8dcc InsertMenuItemW
0x6e8dd0 MonitorFromRect
0x6e8dd4 GetPropW
0x6e8dd8 MessageBoxW
0x6e8ddc SetPropW
0x6e8de0 UpdateWindow
0x6e8de8 DestroyMenu
0x6e8dec SetWindowsHookExW
0x6e8df0 EmptyClipboard
0x6e8df4 GetDlgItem
0x6e8df8 AdjustWindowRectEx
0x6e8dfc IsWindow
0x6e8e00 DrawIcon
0x6e8e04 EnumThreadWindows
0x6e8e08 InvalidateRect
0x6e8e0c GetKeyboardState
0x6e8e10 ScreenToClient
0x6e8e14 DrawFrameControl
0x6e8e18 SetCursor
0x6e8e1c CreateIcon
0x6e8e20 RemoveMenu
0x6e8e28 OpenClipboard
0x6e8e2c TranslateMessage
0x6e8e30 MapWindowPoints
0x6e8e34 EnumDisplayMonitors
0x6e8e38 CallWindowProcW
0x6e8e3c CloseClipboard
0x6e8e40 DestroyCursor
0x6e8e44 CopyIcon
0x6e8e48 PostQuitMessage
0x6e8e4c ShowScrollBar
0x6e8e50 LoadImageW
0x6e8e54 EnableMenuItem
0x6e8e58 HideCaret
0x6e8e5c FindWindowExW
0x6e8e60 LoadIconW
0x6e8e68 MonitorFromPoint
0x6e8e6c GetWindow
0x6e8e70 GetWindowRect
0x6e8e74 GetWindowLongW
0x6e8e78 InsertMenuW
0x6e8e7c IsWindowEnabled
0x6e8e80 IsDialogMessageA
0x6e8e84 FindWindowW
0x6e8e88 GetKeyboardLayout
0x6e8e8c DeleteMenu
Library version.dll:
0x6e8e98 VerQueryValueW
0x6e8e9c GetFileVersionInfoW
Library oleaut32.dll:
0x6e8ea4 SafeArrayPutElement
0x6e8ea8 GetErrorInfo
0x6e8eac VariantInit
0x6e8eb0 VariantClear
0x6e8eb4 SysFreeString
0x6e8eb8 SafeArrayAccessData
0x6e8ebc SysReAllocStringLen
0x6e8ec0 SysAllocString
0x6e8ec4 SafeArrayCreate
0x6e8ec8 GetActiveObject
0x6e8ecc SysAllocStringLen
0x6e8ed4 SafeArrayPtrOfIndex
0x6e8edc SafeArrayGetUBound
0x6e8ee0 SafeArrayGetLBound
0x6e8ee4 VariantCopy
0x6e8ee8 VariantChangeType
0x6e8eec VariantCopyInd
Library advapi32.dll:
0x6e8ef4 RegSetValueExW
0x6e8ef8 RegConnectRegistryW
0x6e8efc RegEnumKeyExW
0x6e8f00 RegLoadKeyW
0x6e8f04 RegDeleteKeyW
0x6e8f08 RegOpenKeyExW
0x6e8f0c RegQueryInfoKeyW
0x6e8f10 RegUnLoadKeyW
0x6e8f14 RegSaveKeyW
0x6e8f18 RegDeleteValueW
0x6e8f1c RegReplaceKeyW
0x6e8f20 RegFlushKey
0x6e8f24 RegQueryValueExW
0x6e8f28 RegEnumValueW
0x6e8f2c RegCloseKey
0x6e8f30 RegCreateKeyExW
0x6e8f34 RegRestoreKeyW
Library netapi32.dll:
0x6e8f3c NetWkstaGetInfo
0x6e8f40 NetApiBufferFree
Library msvcrt.dll:
0x6e8f48 memcpy
0x6e8f4c memset
Library kernel32.dll:
0x6e8f54 GetFileType
0x6e8f58 GetACP
0x6e8f5c CloseHandle
0x6e8f60 LocalFree
0x6e8f64 GetCurrentProcessId
0x6e8f68 SizeofResource
0x6e8f6c VirtualProtect
0x6e8f74 IsDebuggerPresent
0x6e8f78 GetFullPathNameW
0x6e8f7c VirtualFree
0x6e8f80 ExitProcess
0x6e8f84 HeapAlloc
0x6e8f88 GetCPInfoExW
0x6e8f8c GlobalSize
0x6e8f90 RtlUnwind
0x6e8f94 GetCPInfo
0x6e8f98 EnumSystemLocalesW
0x6e8f9c GetStdHandle
0x6e8fa4 GetModuleHandleW
0x6e8fa8 FreeLibrary
0x6e8fb0 HeapDestroy
0x6e8fb4 ReadFile
0x6e8fb8 GetUserDefaultLCID
0x6e8fbc HeapSize
0x6e8fc0 GetLastError
0x6e8fc4 GetModuleFileNameW
0x6e8fc8 SetLastError
0x6e8fcc GlobalAlloc
0x6e8fd0 GlobalUnlock
0x6e8fd4 FindResourceW
0x6e8fd8 CreateThread
0x6e8fdc CompareStringW
0x6e8fe0 CopyFileW
0x6e8fe4 LoadLibraryA
0x6e8fe8 ResetEvent
0x6e8fec MulDiv
0x6e8ff0 FreeResource
0x6e8ff4 GetVersion
0x6e8ff8 RaiseException
0x6e8ffc GlobalAddAtomW
0x6e9000 FormatMessageW
0x6e9004 SwitchToThread
0x6e9008 GetExitCodeThread
0x6e900c GetCurrentThread
0x6e9010 LoadLibraryExW
0x6e9014 LockResource
0x6e9018 GetCurrentThreadId
0x6e9020 VirtualQuery
0x6e9024 GlobalFindAtomW
0x6e9028 VirtualQueryEx
0x6e902c GlobalFree
0x6e9030 Sleep
0x6e9038 SetFilePointer
0x6e903c LoadResource
0x6e9040 SuspendThread
0x6e9044 GetTickCount
0x6e904c GetFileSize
0x6e9050 GetStartupInfoW
0x6e9054 GlobalDeleteAtom
0x6e9058 GetFileAttributesW
0x6e9060 GetThreadPriority
0x6e9064 GetCurrentProcess
0x6e9068 SetThreadPriority
0x6e906c GlobalLock
0x6e9070 VirtualAlloc
0x6e9074 GetTempPathW
0x6e9078 GetCommandLineW
0x6e907c GetSystemInfo
0x6e9084 GetProcAddress
0x6e9088 ResumeThread
0x6e908c GetVersionExW
0x6e9090 VerifyVersionInfoW
0x6e9094 HeapCreate
0x6e9098 GetDiskFreeSpaceW
0x6e909c VerSetConditionMask
0x6e90a0 FindFirstFileW
0x6e90a8 GetConsoleOutputCP
0x6e90ac GetConsoleCP
0x6e90b0 lstrlenW
0x6e90b4 SetEndOfFile
0x6e90bc lstrcmpW
0x6e90c0 HeapFree
0x6e90c4 WideCharToMultiByte
0x6e90c8 FindClose
0x6e90cc MultiByteToWideChar
0x6e90d0 LoadLibraryW
0x6e90d4 SetEvent
0x6e90d8 GetLocaleInfoW
0x6e90dc CreateFileW
0x6e90e0 EnumResourceNamesW
0x6e90e4 GetSystemDirectoryW
0x6e90e8 DeleteFileW
0x6e90f0 GetLocalTime
0x6e90f4 WaitForSingleObject
0x6e90f8 WriteFile
0x6e90fc ExitThread
0x6e9104 GetDateFormatW
0x6e9108 GetProfileIntW
0x6e910c TlsGetValue
0x6e9110 SetErrorMode
0x6e9114 GetComputerNameW
0x6e9118 IsValidLocale
0x6e911c TlsSetValue
0x6e9120 CreateDirectoryW
0x6e9128 EnumCalendarInfoW
0x6e912c LocalAlloc
0x6e9130 RemoveDirectoryW
0x6e9134 CreateEventW
0x6e9140 GetThreadLocale
0x6e9144 SetThreadLocale
Library SHFolder.dll:
0x6e914c SHGetFolderPathW
Library crypt32.dll:
0x6e9160 CertCloseStore
Library wsock32.dll:
0x6e916c WSAGetLastError
0x6e9170 WSAStartup
0x6e9174 WSACleanup
0x6e9178 gethostbyname
0x6e917c gethostname
0x6e9180 inet_ntoa
Library ole32.dll:
0x6e9188 RevokeDragDrop
0x6e918c OleRegEnumVerbs
0x6e9190 IsAccelerator
0x6e9194 CoCreateInstance
0x6e9198 CoUninitialize
0x6e919c RegisterDragDrop
0x6e91a0 IsEqualGUID
0x6e91a8 OleInitialize
0x6e91ac ProgIDFromCLSID
0x6e91b0 OleUninitialize
0x6e91b4 CoGetClassObject
0x6e91b8 CoInitialize
0x6e91bc CoTaskMemFree
0x6e91c0 OleDraw
0x6e91c4 CoTaskMemAlloc
0x6e91c8 StringFromCLSID
Library shdocvw.dll:
0x6e91d4 DoOrganizeFavDlg
Library gdi32.dll:
0x6e91dc Pie
0x6e91e0 SetBkMode
0x6e91ec CloseEnhMetaFile
0x6e91f0 RectVisible
0x6e91f4 AngleArc
0x6e91f8 SetAbortProc
0x6e91fc SetTextColor
0x6e9200 StretchBlt
0x6e9204 RoundRect
0x6e9208 RestoreDC
0x6e920c SetRectRgn
0x6e9210 GetTextMetricsW
0x6e9214 GetWindowOrgEx
0x6e9218 CreatePalette
0x6e921c PolyBezierTo
0x6e9220 CreateICW
0x6e9224 CreateDCW
0x6e9228 GetStockObject
0x6e922c CreateSolidBrush
0x6e9230 Polygon
0x6e9234 MoveToEx
0x6e9238 PlayEnhMetaFile
0x6e923c Ellipse
0x6e9240 StartPage
0x6e9244 GetBitmapBits
0x6e9248 StartDocW
0x6e924c AbortDoc
0x6e9254 GetEnhMetaFileBits
0x6e925c CreatePenIndirect
0x6e9260 SetMapMode
0x6e9264 CreateFontIndirectW
0x6e9268 PolyBezier
0x6e926c LPtoDP
0x6e9270 EndDoc
0x6e9274 GetObjectW
0x6e9278 GetWinMetaFileBits
0x6e927c SetROP2
0x6e9284 ArcTo
0x6e9288 CreateEnhMetaFileW
0x6e928c Arc
0x6e9290 SelectPalette
0x6e9294 ExcludeClipRect
0x6e9298 MaskBlt
0x6e929c SetWindowOrgEx
0x6e92a0 EndPage
0x6e92a4 DeleteEnhMetaFile
0x6e92a8 Chord
0x6e92ac SetDIBits
0x6e92b0 SetViewportOrgEx
0x6e92b4 CreateRectRgn
0x6e92b8 RealizePalette
0x6e92bc SetDIBColorTable
0x6e92c0 GetDIBColorTable
0x6e92c4 CreateBrushIndirect
0x6e92c8 PatBlt
0x6e92cc SetEnhMetaFileBits
0x6e92d0 Rectangle
0x6e92d4 SaveDC
0x6e92d8 DeleteDC
0x6e92dc FrameRgn
0x6e92e0 BitBlt
0x6e92e4 GetDeviceCaps
0x6e92ec GetClipBox
0x6e92f0 IntersectClipRect
0x6e92f4 Polyline
0x6e92f8 CreateBitmap
0x6e92fc SetWinMetaFileBits
0x6e9300 GetStretchBltMode
0x6e9304 CreateDIBitmap
0x6e9308 SetStretchBltMode
0x6e930c GetDIBits
0x6e9310 CreateDIBSection
0x6e9314 LineTo
0x6e9318 GetRgnBox
0x6e931c EnumFontsW
0x6e9324 SelectObject
0x6e9328 DeleteObject
0x6e932c ExtFloodFill
0x6e9330 UnrealizeObject
0x6e9334 CopyEnhMetaFileW
0x6e9338 SetBkColor
0x6e933c CreateCompatibleDC
0x6e9340 GetBrushOrgEx
0x6e9348 GetTextExtentPointW
0x6e934c ExtTextOutW
0x6e9350 SetBrushOrgEx
0x6e9354 GetPixel
0x6e9358 GdiFlush
0x6e935c SetPixel
0x6e9360 EnumFontFamiliesExW
0x6e9364 StretchDIBits
0x6e9368 GetPaletteEntries

Exports

Ordinal Address Name
3 0x466e54 TMethodImplementationIntercept
2 0x41146c __dbk_fcall_wrapper
1 0x6e463c dbkFCallWrapperAddr

Hosts

No hosts contacted.

TCP

Source Source Port Destination Destination Port
192.168.56.101 49176 23.110.28.222 www.lawfirm-index.com 80

UDP

Source Source Port Destination Destination Port
192.168.56.101 50534 114.114.114.114 53
192.168.56.101 51808 114.114.114.114 53
192.168.56.101 51963 114.114.114.114 53
192.168.56.101 56539 114.114.114.114 53
192.168.56.101 58367 114.114.114.114 53
192.168.56.101 65004 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 123 20.189.79.72 time.windows.com 123
192.168.56.101 49235 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 60123 224.0.0.252 5355
192.168.56.101 62191 224.0.0.252 5355
192.168.56.101 1900 239.255.255.250 1900
192.168.56.101 56540 239.255.255.250 3702
192.168.56.101 56807 239.255.255.250 1900
192.168.56.101 58368 239.255.255.250 3702
192.168.56.101 58370 239.255.255.250 3702
192.168.56.101 58707 239.255.255.250 3702

HTTP & HTTPS Requests

URI Data
http://www.lawfirm-index.com/bot.php?v=13 
GET /bot.php?v=13 HTTP/1.1
Host: www.lawfirm-index.com
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: LAWBOT

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.