SmartHawk

4.6

中危

46 个模型检测该样本为恶意！

重新分析

下载样本

e30dc8ea73bca937f60be13e3d72def8834fc34b8b8d203719904b710888954f

50764eb8d9f90b86e2a297d8d40f6823.exe

分析耗时

79s

最近分析

文件大小

1.5MB

静态报毒动态报毒 100% AI SCORE=99 ATTRIBUTE BJLOG CLOUD CONFIDENCE ELDORADO FAKEIE FBWBIG FLYSTUDIO GENERICRXER HIGH CONFIDENCE HIGHCONFIDENCE ILLAY LQH9 MALICIOUS MALICIOUS PE ONLINEGAMES POSSIBLETHREAT RA@1QRAUG SCORE SGENERIC SUSGEN UNSAFE ZUSY 更多

未检测暂无鹰眼引擎检测结果

查杀引擎	查杀结果	查杀时间	查杀版本
Alibaba	Trojan:Win32/Fakeie.77d42ecf	20190527	0.3.0.5
Baidu		20190318	1.0.0.2
Avast	Win32:Malware-gen	20190702	18.4.3895.0
Tencent		20190702	1.0.0.1
Kingsoft		20190702	2013.8.14.323
McAfee	GenericRXER-EL!50764EB8D9F9	20190702	6.0.6.653
CrowdStrike	win/malicious_confidence_100% (D)	20190212	1.0

The executable uses a known packer (1 个事件)

packer

Armadillo v1.71

The file contains an unknown PE resource name possibly indicative of a packer (1 个事件)

resource name

TEXTINCLUDE

Allocates read-write-execute memory (usually to unpack itself) (50 out of 63 个事件)

Time & API	Arguments	Status
1620746750.644501 NtProtectVirtualMemory	process_identifier: 2136 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff base_address: 0x10009000	success
1620746750.644501 NtProtectVirtualMemory	process_identifier: 2136 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff base_address: 0x7786d000	success
1620746750.644501 NtProtectVirtualMemory	process_identifier: 2136 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff base_address: 0x10009000	success
1620746750.644501 NtProtectVirtualMemory	process_identifier: 2136 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff base_address: 0x10009000	success
1620746750.644501 NtProtectVirtualMemory	process_identifier: 2136 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff base_address: 0x77868000	success
1620746750.644501 NtProtectVirtualMemory	process_identifier: 2136 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff base_address: 0x10009000	success
1620746750.644501 NtProtectVirtualMemory	process_identifier: 2136 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff base_address: 0x10009000	success
1620746750.644501 NtProtectVirtualMemory	process_identifier: 2136 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff base_address: 0x775ad000	success
1620746750.644501 NtProtectVirtualMemory	process_identifier: 2136 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff base_address: 0x10009000	success
1620746750.644501 NtProtectVirtualMemory	process_identifier: 2136 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff base_address: 0x10009000	success
1620746750.644501 NtProtectVirtualMemory	process_identifier: 2136 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff base_address: 0x775b6000	success
1620746750.644501 NtProtectVirtualMemory	process_identifier: 2136 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff base_address: 0x10009000	success
1620746750.644501 NtProtectVirtualMemory	process_identifier: 2136 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff base_address: 0x10009000	success
1620746750.644501 NtProtectVirtualMemory	process_identifier: 2136 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff base_address: 0x775a8000	success
1620746750.644501 NtProtectVirtualMemory	process_identifier: 2136 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff base_address: 0x10009000	success
1620746750.644501 NtProtectVirtualMemory	process_identifier: 2136 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff base_address: 0x10009000	success
1620746750.644501 NtProtectVirtualMemory	process_identifier: 2136 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 8192 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff base_address: 0x775a6000	success
1620746750.644501 NtProtectVirtualMemory	process_identifier: 2136 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff base_address: 0x10009000	success
1620746750.644501 NtProtectVirtualMemory	process_identifier: 2136 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff base_address: 0x10009000	success
1620746750.644501 NtProtectVirtualMemory	process_identifier: 2136 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff base_address: 0x775b1000	success
1620746750.644501 NtProtectVirtualMemory	process_identifier: 2136 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff base_address: 0x10009000	success
1620746750.644501 NtProtectVirtualMemory	process_identifier: 2136 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff base_address: 0x10009000	success
1620746750.660501 NtProtectVirtualMemory	process_identifier: 2136 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff base_address: 0x775b1000	success
1620746750.660501 NtProtectVirtualMemory	process_identifier: 2136 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff base_address: 0x10009000	success
1620746750.660501 NtProtectVirtualMemory	process_identifier: 2136 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff base_address: 0x10009000	success
1620746750.660501 NtProtectVirtualMemory	process_identifier: 2136 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff base_address: 0x775a7000	success
1620746750.660501 NtProtectVirtualMemory	process_identifier: 2136 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff base_address: 0x10009000	success
1620746750.660501 NtProtectVirtualMemory	process_identifier: 2136 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff base_address: 0x10009000	success
1620746750.660501 NtProtectVirtualMemory	process_identifier: 2136 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff base_address: 0x775a8000	success
1620746750.660501 NtProtectVirtualMemory	process_identifier: 2136 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff base_address: 0x10009000	success
1620746750.660501 NtProtectVirtualMemory	process_identifier: 2136 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff base_address: 0x10009000	success
1620746750.660501 NtProtectVirtualMemory	process_identifier: 2136 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff base_address: 0x775a7000	success
1620746750.660501 NtProtectVirtualMemory	process_identifier: 2136 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff base_address: 0x10009000	success
1620746750.660501 NtProtectVirtualMemory	process_identifier: 2136 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff base_address: 0x10009000	success
1620746750.660501 NtProtectVirtualMemory	process_identifier: 2136 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff base_address: 0x775b1000	success
1620746750.660501 NtProtectVirtualMemory	process_identifier: 2136 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff base_address: 0x10009000	success
1620746750.660501 NtProtectVirtualMemory	process_identifier: 2136 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff base_address: 0x10009000	success
1620746750.660501 NtProtectVirtualMemory	process_identifier: 2136 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff base_address: 0x775b4000	success
1620746750.660501 NtProtectVirtualMemory	process_identifier: 2136 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff base_address: 0x10009000	success
1620746750.660501 NtProtectVirtualMemory	process_identifier: 2136 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff base_address: 0x10009000	success
1620746750.660501 NtProtectVirtualMemory	process_identifier: 2136 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff base_address: 0x775b4000	success
1620746750.660501 NtProtectVirtualMemory	process_identifier: 2136 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff base_address: 0x10009000	success
1620746750.660501 NtProtectVirtualMemory	process_identifier: 2136 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff base_address: 0x10009000	success
1620746750.660501 NtProtectVirtualMemory	process_identifier: 2136 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff base_address: 0x775b9000	success
1620746750.660501 NtProtectVirtualMemory	process_identifier: 2136 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff base_address: 0x10009000	success
1620746750.660501 NtProtectVirtualMemory	process_identifier: 2136 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff base_address: 0x10009000	success
1620746750.660501 NtProtectVirtualMemory	process_identifier: 2136 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff base_address: 0x775b3000	success
1620746750.660501 NtProtectVirtualMemory	process_identifier: 2136 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff base_address: 0x10009000	success
1620746750.660501 NtProtectVirtualMemory	process_identifier: 2136 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff base_address: 0x10009000	success
1620746750.660501 NtProtectVirtualMemory	process_identifier: 2136 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff base_address: 0x775b4000	success

Foreign language identified in PE resource (50 out of 52 个事件)

name

TEXTINCLUDE

language

LANG_CHINESE

offset

0x001a2bd0

filetype

C source, ASCII text, with CRLF line terminators

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x00000151

name

TEXTINCLUDE

language

LANG_CHINESE

offset

0x001a2bd0

filetype

C source, ASCII text, with CRLF line terminators

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x00000151

name

TEXTINCLUDE

language

LANG_CHINESE

offset

0x001a2bd0

filetype

C source, ASCII text, with CRLF line terminators

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x00000151

name

RT_CURSOR

language

LANG_CHINESE

offset

0x001a30c0

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x000000b4

name

RT_CURSOR

language

LANG_CHINESE

offset

0x001a30c0

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x000000b4

name

RT_CURSOR

language

LANG_CHINESE

offset

0x001a30c0

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x000000b4

name

RT_CURSOR

language

LANG_CHINESE

offset

0x001a30c0

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x000000b4

name

RT_BITMAP

language

LANG_CHINESE

offset

0x001a4934

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x00000144

name

RT_BITMAP

language

LANG_CHINESE

offset

0x001a4934

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x00000144

name

RT_BITMAP

language

LANG_CHINESE

offset

0x001a4934

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x00000144

name

RT_BITMAP

language

LANG_CHINESE

offset

0x001a4934

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x00000144

name

RT_BITMAP

language

LANG_CHINESE

offset

0x001a4934

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x00000144

name

RT_BITMAP

language

LANG_CHINESE

offset

0x001a4934

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x00000144

name

RT_BITMAP

language

LANG_CHINESE

offset

0x001a4934

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x00000144

name

RT_BITMAP

language

LANG_CHINESE

offset

0x001a4934

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x00000144

name

RT_BITMAP

language

LANG_CHINESE

offset

0x001a4934

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x00000144

name

RT_BITMAP

language

LANG_CHINESE

offset

0x001a4934

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x00000144

name

RT_BITMAP

language

LANG_CHINESE

offset

0x001a4934

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x00000144

name

RT_BITMAP

language

LANG_CHINESE

offset

0x001a4934

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x00000144

name

RT_BITMAP

language

LANG_CHINESE

offset

0x001a4934

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x00000144

name

RT_BITMAP

language

LANG_CHINESE

offset

0x001a4934

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x00000144

name

RT_BITMAP

language

LANG_CHINESE

offset

0x001a4934

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x00000144

name

RT_MENU

language

LANG_CHINESE

offset

0x001a5f3c

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x00000284

name

RT_MENU

language

LANG_CHINESE

offset

0x001a5f3c

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x00000284

name

RT_DIALOG

language

LANG_CHINESE

offset

0x001a7184

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x0000018c

name

RT_DIALOG

language

LANG_CHINESE

offset

0x001a7184

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x0000018c

name

RT_DIALOG

language

LANG_CHINESE

offset

0x001a7184

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x0000018c

name

RT_DIALOG

language

LANG_CHINESE

offset

0x001a7184

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x0000018c

name

RT_DIALOG

language

LANG_CHINESE

offset

0x001a7184

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x0000018c

name

RT_DIALOG

language

LANG_CHINESE

offset

0x001a7184

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x0000018c

name

RT_DIALOG

language

LANG_CHINESE

offset

0x001a7184

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x0000018c

name

RT_DIALOG

language

LANG_CHINESE

offset

0x001a7184

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x0000018c

name

RT_DIALOG

language

LANG_CHINESE

offset

0x001a7184

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x0000018c

name

RT_DIALOG

language

LANG_CHINESE

offset

0x001a7184

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x0000018c

name

RT_STRING

language

LANG_CHINESE

offset

0x001a7bcc

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x00000024

name

RT_STRING

language

LANG_CHINESE

offset

0x001a7bcc

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x00000024

name

RT_STRING

language

LANG_CHINESE

offset

0x001a7bcc

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x00000024

name

RT_STRING

language

LANG_CHINESE

offset

0x001a7bcc

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x00000024

name

RT_STRING

language

LANG_CHINESE

offset

0x001a7bcc

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x00000024

name

RT_STRING

language

LANG_CHINESE

offset

0x001a7bcc

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x00000024

name

RT_STRING

language

LANG_CHINESE

offset

0x001a7bcc

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x00000024

name

RT_STRING

language

LANG_CHINESE

offset

0x001a7bcc

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x00000024

name

RT_STRING

language

LANG_CHINESE

offset

0x001a7bcc

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x00000024

name

RT_STRING

language

LANG_CHINESE

offset

0x001a7bcc

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x00000024

name

RT_STRING

language

LANG_CHINESE

offset

0x001a7bcc

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x00000024

name

RT_GROUP_CURSOR

language

LANG_CHINESE

offset

0x001a7c18

filetype

Lotus unknown worksheet or configuration, revision 0x2

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x00000022

name

RT_GROUP_CURSOR

language

LANG_CHINESE

offset

0x001a7c18

filetype

Lotus unknown worksheet or configuration, revision 0x2

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x00000022

name

RT_GROUP_CURSOR

language

LANG_CHINESE

offset

0x001a7c18

filetype

Lotus unknown worksheet or configuration, revision 0x2

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x00000022

name

RT_GROUP_ICON

language

LANG_CHINESE

offset

0x001a7c64

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x00000014

name

RT_GROUP_ICON

language

LANG_CHINESE

offset

0x001a7c64

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x00000014

Creates executable files on the filesystem (1 个事件)

file	C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\SkinH_EL.dll

Creates hidden or system file (1 个事件)

Time & API	Arguments	Status	Return	Repeated
1620746750.566501 SetFileAttributesW	file_attributes: 2 (FILE_ATTRIBUTE_HIDDEN) filepath_r: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\SkinH_EL.dll filepath: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\SkinH_EL.dll	success	1	0

Drops an executable to the user AppData folder (1 个事件)

file	C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\SkinH_EL.dll

The binary likely contains encrypted or compressed data indicative of a packer (2 个事件)

entropy

7.789798502336011

section

{'size_of_data': '0x000eb000', 'virtual_address': '0x0007c000', 'entropy': 7.789798502336011, 'name': '.rdata', 'virtual_size': '0x000eade4'}

description

A section with a high entropy has been found

entropy

0.618421052631579

description

Overall entropy of this PE file is high

Communicates with host for which no DNS query was performed (1 个事件)

host

172.217.24.14

File has been identified by 46 AntiVirus engines on VirusTotal as malicious (46 个事件)

MicroWorld-eScan	Trojan.Generic.22945233
FireEye	Generic.mg.50764eb8d9f90b86
ALYac	Trojan.Generic.22945233
Malwarebytes	Spyware.OnlineGames
SUPERAntiSpyware	Trojan.Agent/Gen-OnlineGames
Alibaba	Trojan:Win32/Fakeie.77d42ecf
K7GW	Password-Stealer ( 0049ad991 )
K7AntiVirus	Trojan ( 005246d51 )
Arcabit	Trojan.Generic.D15E1DD1
NANO-Antivirus	Trojan.Win32.FakeIE.fbwbig
F-Prot	W32/S-9a0e6078!Eldorado
Symantec	ML.Attribute.HighConfidence
APEX	Malicious
Paloalto	generic.ml
ClamAV	Win.Malware.Zusy-6840460-0
BitDefender	Trojan.Generic.22945233
AegisLab	Trojan.Win32.Generic.lqH9
Avast	Win32:Malware-gen
Ad-Aware	Trojan.Generic.22945233
Emsisoft	Trojan.Generic.22945233 (B)
Comodo	Worm.Win32.Dropper.RA@1qraug
MaxSecure	Trojan.Malware.7164915.susgen
VIPRE	Trojan.Win32.Generic!BT
Invincea	heuristic
McAfee-GW-Edition	BehavesLike.Win32.Generic.tc
Sophos	Mal/Generic-S
Cyren	W32/S-9a0e6078!Eldorado
Jiangmin	Trojan/PSW.Bjlog.bcn
Webroot	W32.Malware.Gen
Avira	TR/Dldr.Fakeie.illay
MAX	malware (ai score=99)
Antiy-AVL	Trojan/Win32.SGeneric
Microsoft	TrojanDownloader:Win32/FakeIE.B
Endgame	malicious (high confidence)
GData	Win32.Application.FlyStudio.F
Acronis	suspicious
McAfee	GenericRXER-EL!50764EB8D9F9
Cylance	Unsafe
ESET-NOD32	a variant of Win32/Packed.FlyStudio.AA potentially unwanted
Rising	Downloader.FakeIE!8.198 (CLOUD)
SentinelOne	DFI - Malicious PE
eGambit	Unsafe.AI_Score_95%
Fortinet	PossibleThreat
AVG	Win32:Malware-gen
Cybereason	malicious.8d9f90
CrowdStrike	win/malicious_confidence_100% (D)

暂无二进制图像该样本未生成二进制可视化图像

暂无运行截图该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手，可以帮您分析和解读恶意软件报告。请随时向我提问！

🔍 主要威胁分析

⚡ 行为特征

🛡️ 防护建议

🔧 技术手段

🎯 检测方法

🤖

Static Analysis
Strings

PE Compile Time

2017-12-06 17:14:46

Imports

Library WINMM.dll:

• 0x47c678 midiStreamOut

• 0x47c67c midiOutPrepareHeader

• 0x47c680 midiStreamProperty

• 0x47c684 waveOutGetNumDevs

• 0x47c688 waveOutOpen

• 0x47c68c midiOutUnprepareHeader

• 0x47c690 waveOutReset

• 0x47c694 waveOutPause

• 0x47c698 waveOutWrite

• 0x47c69c waveOutPrepareHeader

• 0x47c6a0 waveOutUnprepareHeader

• 0x47c6a4 waveOutClose

• 0x47c6a8 midiStreamStop

• 0x47c6ac midiOutReset

• 0x47c6b0 midiStreamClose

• 0x47c6b4 midiStreamRestart

• 0x47c6b8 midiStreamOpen

Library WS2_32.dll:

• 0x47c6d0 WSAAsyncSelect

• 0x47c6d4 closesocket

• 0x47c6d8 WSACleanup

• 0x47c6dc recvfrom

• 0x47c6e0 ioctlsocket

• 0x47c6e4 recv

• 0x47c6e8 inet_ntoa

• 0x47c6ec getpeername

• 0x47c6f0 accept

Library KERNEL32.dll:

• 0x47c180 GetTimeZoneInformation

• 0x47c184 GetVersion

• 0x47c188 RaiseException

• 0x47c18c GetLocalTime

• 0x47c190 GetSystemTime

• 0x47c194 RtlUnwind

• 0x47c198 GetStartupInfoA

• 0x47c19c GetOEMCP

• 0x47c1a0 GetCPInfo

• 0x47c1a4 SetErrorMode

• 0x47c1a8 GlobalFlags

• 0x47c1ac GetCurrentThread

• 0x47c1b0 GetFileTime

• 0x47c1b4 TlsGetValue

• 0x47c1b8 LocalReAlloc

• 0x47c1bc TlsSetValue

• 0x47c1c0 TlsFree

• 0x47c1c4 GlobalHandle

• 0x47c1c8 TlsAlloc

• 0x47c1cc LocalAlloc

• 0x47c1d0 lstrcmpA

• 0x47c1d4 GlobalGetAtomNameA

• 0x47c1d8 GlobalAddAtomA

• 0x47c1dc GlobalFindAtomA

• 0x47c1e0 GlobalDeleteAtom

• 0x47c1e4 lstrcmpiA

• 0x47c1e8 GetThreadLocale

• 0x47c1ec SetEndOfFile

• 0x47c1f0 UnlockFile

• 0x47c1f4 LockFile

• 0x47c1f8 FlushFileBuffers

• 0x47c1fc DuplicateHandle

• 0x47c200 lstrcpynA

• 0x47c204 FileTimeToLocalFileTime

• 0x47c208 FileTimeToSystemTime

• 0x47c20c FormatMessageA

• 0x47c210 LocalFree

• 0x47c214 WideCharToMultiByte

• 0x47c218 InterlockedDecrement

• 0x47c21c InterlockedIncrement

• 0x47c220 SetLastError

• 0x47c224 MultiByteToWideChar

• 0x47c228 TerminateProcess

• 0x47c22c GetCurrentProcess

• 0x47c230 GetFileSize

• 0x47c234 SetFilePointer

• 0x47c238 CreateSemaphoreA

• 0x47c23c ResumeThread

• 0x47c240 ReleaseSemaphore

• 0x47c244 EnterCriticalSection

• 0x47c248 LeaveCriticalSection

• 0x47c24c GetProfileStringA

• 0x47c250 WriteFile

• 0x47c254 ReadFile

• 0x47c258 GetLastError

• 0x47c25c WaitForMultipleObjects

• 0x47c260 CreateFileA

• 0x47c264 SetEvent

• 0x47c268 FindResourceA

• 0x47c26c LoadResource

• 0x47c270 LockResource

• 0x47c274 GetModuleFileNameA

• 0x47c278 GetCurrentThreadId

• 0x47c27c ExitProcess

• 0x47c280 GlobalSize

• 0x47c284 GlobalFree

• 0x47c288 DeleteCriticalSection

• 0x47c28c InitializeCriticalSection

• 0x47c290 lstrcatA

• 0x47c294 WinExec

• 0x47c298 lstrcpyA

• 0x47c29c FindNextFileA

• 0x47c2a0 InterlockedExchange

• 0x47c2a4 GlobalReAlloc

• 0x47c2a8 HeapFree

• 0x47c2ac HeapReAlloc

• 0x47c2b0 GetProcessHeap

• 0x47c2b4 HeapAlloc

• 0x47c2b8 GetFullPathNameA

• 0x47c2bc FreeLibrary

• 0x47c2c0 LoadLibraryA

• 0x47c2c4 lstrlenA

• 0x47c2c8 GetVersionExA

• 0x47c2cc WritePrivateProfileStringA

• 0x47c2d0 CreateThread

• 0x47c2d4 CreateEventA

• 0x47c2d8 Sleep

• 0x47c2dc GlobalAlloc

• 0x47c2e0 GlobalLock

• 0x47c2e4 GlobalUnlock

• 0x47c2e8 FindFirstFileA

• 0x47c2ec FindClose

• 0x47c2f0 SetFileAttributesA

• 0x47c2f4 GetFileAttributesA

• 0x47c2f8 SetCurrentDirectoryA

• 0x47c2fc GetVolumeInformationA

• 0x47c300 GetModuleHandleA

• 0x47c304 GetProcAddress

• 0x47c308 MulDiv

• 0x47c30c GetCommandLineA

• 0x47c310 GetTickCount

• 0x47c314 WaitForSingleObject

• 0x47c318 CloseHandle

• 0x47c31c HeapSize

• 0x47c320 GetACP

• 0x47c324 UnhandledExceptionFilter

• 0x47c328 FreeEnvironmentStringsA

• 0x47c32c FreeEnvironmentStringsW

• 0x47c330 GetEnvironmentStrings

• 0x47c334 GetEnvironmentStringsW

• 0x47c338 SetHandleCount

• 0x47c33c GetStdHandle

• 0x47c340 GetFileType

• 0x47c344 GetEnvironmentVariableA

• 0x47c348 HeapDestroy

• 0x47c34c HeapCreate

• 0x47c350 VirtualFree

• 0x47c354 SetEnvironmentVariableA

• 0x47c358 LCMapStringA

• 0x47c35c LCMapStringW

• 0x47c360 VirtualAlloc

• 0x47c364 IsBadWritePtr

• 0x47c368 SetUnhandledExceptionFilter

• 0x47c36c GetStringTypeA

• 0x47c370 GetStringTypeW

• 0x47c374 CompareStringA

• 0x47c378 CompareStringW

• 0x47c37c IsBadReadPtr

• 0x47c380 IsBadCodePtr

• 0x47c384 SetStdHandle

• 0x47c388 GetProcessVersion

Library USER32.dll:

• 0x47c3f0 PeekMessageA

• 0x47c3f4 SetMenu

• 0x47c3f8 GetMenu

• 0x47c3fc DefWindowProcA

• 0x47c400 GetClassInfoA

• 0x47c404 DeleteMenu

• 0x47c408 GetSystemMenu

• 0x47c40c IsZoomed

• 0x47c410 PostQuitMessage

• 0x47c414 CopyAcceleratorTableA

• 0x47c418 GetKeyState

• 0x47c41c TranslateAcceleratorA

• 0x47c420 IsWindowEnabled

• 0x47c424 ShowWindow

• 0x47c428 LoadImageA

• 0x47c42c EnumDisplaySettingsA

• 0x47c430 ClientToScreen

• 0x47c434 EnableMenuItem

• 0x47c438 GetSubMenu

• 0x47c43c GetDlgCtrlID

• 0x47c440 CreateAcceleratorTableA

• 0x47c444 IsIconic

• 0x47c448 SetFocus

• 0x47c44c GetActiveWindow

• 0x47c450 GetWindow

• 0x47c454 DestroyAcceleratorTable

• 0x47c458 SetWindowRgn

• 0x47c45c GetMessagePos

• 0x47c460 ScreenToClient

• 0x47c464 ChildWindowFromPointEx

• 0x47c468 CopyRect

• 0x47c46c LoadBitmapA

• 0x47c470 CreateMenu

• 0x47c474 KillTimer

• 0x47c478 SetTimer

• 0x47c47c ReleaseCapture

• 0x47c480 GetCapture

• 0x47c484 SetCapture

• 0x47c488 GetScrollRange

• 0x47c48c SetScrollRange

• 0x47c490 SetScrollPos

• 0x47c494 InflateRect

• 0x47c498 SetRect

• 0x47c49c IntersectRect

• 0x47c4a0 DestroyIcon

• 0x47c4a4 PostThreadMessageA

• 0x47c4a8 GetNextDlgGroupItem

• 0x47c4ac GetSysColorBrush

• 0x47c4b0 PtInRect

• 0x47c4b4 OffsetRect

• 0x47c4b8 IsWindowVisible

• 0x47c4bc EnableWindow

• 0x47c4c0 RedrawWindow

• 0x47c4c4 GetWindowLongA

• 0x47c4c8 SetWindowLongA

• 0x47c4cc GetSysColor

• 0x47c4d0 SetActiveWindow

• 0x47c4d4 SetCursorPos

• 0x47c4d8 LoadCursorA

• 0x47c4dc SetCursor

• 0x47c4e0 GetDC

• 0x47c4e4 FillRect

• 0x47c4e8 IsRectEmpty

• 0x47c4ec ReleaseDC

• 0x47c4f0 IsChild

• 0x47c4f4 DestroyMenu

• 0x47c4f8 SetForegroundWindow

• 0x47c4fc GetWindowRect

• 0x47c500 EqualRect

• 0x47c504 UpdateWindow

• 0x47c508 ValidateRect

• 0x47c50c InvalidateRect

• 0x47c510 GetClientRect

• 0x47c514 GetFocus

• 0x47c518 GetParent

• 0x47c51c GetTopWindow

• 0x47c520 PostMessageA

• 0x47c524 IsWindow

• 0x47c528 SetParent

• 0x47c52c DestroyCursor

• 0x47c530 SendMessageA

• 0x47c534 SetWindowPos

• 0x47c538 MessageBeep

• 0x47c53c MessageBoxA

• 0x47c540 GetCursorPos

• 0x47c544 GetSystemMetrics

• 0x47c548 EmptyClipboard

• 0x47c54c SetClipboardData

• 0x47c550 OpenClipboard

• 0x47c554 GetClipboardData

• 0x47c558 CloseClipboard

• 0x47c55c wsprintfA

• 0x47c560 ModifyMenuA

• 0x47c564 AppendMenuA

• 0x47c568 CreatePopupMenu

• 0x47c56c DrawIconEx

• 0x47c570 CreateIconFromResource

• 0x47c574 CreateIconFromResourceEx

• 0x47c578 RegisterClipboardFormatA

• 0x47c57c SetRectEmpty

• 0x47c580 DispatchMessageA

• 0x47c584 GetMessageA

• 0x47c588 WindowFromPoint

• 0x47c58c DrawFocusRect

• 0x47c590 DrawFrameControl

• 0x47c594 LoadIconA

• 0x47c598 TranslateMessage

• 0x47c59c SystemParametersInfoA

• 0x47c5a0 GetDesktopWindow

• 0x47c5a4 GetClassNameA

• 0x47c5a8 GetDlgItem

• 0x47c5ac FindWindowExA

• 0x47c5b0 UnregisterClassA

• 0x47c5b4 GetWindowTextA

• 0x47c5b8 WinHelpA

• 0x47c5bc DrawEdge

• 0x47c5c0 GetWindowTextLengthA

• 0x47c5c4 CharUpperA

• 0x47c5c8 GetWindowDC

• 0x47c5cc BeginPaint

• 0x47c5d0 EndPaint

• 0x47c5d4 TabbedTextOutA

• 0x47c5d8 DrawTextA

• 0x47c5dc GrayStringA

• 0x47c5e0 DestroyWindow

• 0x47c5e4 CreateDialogIndirectParamA

• 0x47c5e8 EndDialog

• 0x47c5ec GetNextDlgTabItem

• 0x47c5f0 GetWindowPlacement

• 0x47c5f4 RegisterWindowMessageA

• 0x47c5f8 GetForegroundWindow

• 0x47c5fc GetLastActivePopup

• 0x47c600 GetMessageTime

• 0x47c604 RemovePropA

• 0x47c608 CallWindowProcA

• 0x47c60c GetPropA

• 0x47c610 UnhookWindowsHookEx

• 0x47c614 SetPropA

• 0x47c618 GetClassLongA

• 0x47c61c CallNextHookEx

• 0x47c620 SetWindowsHookExA

• 0x47c624 CreateWindowExA

• 0x47c628 GetMenuItemID

• 0x47c62c GetMenuItemCount

• 0x47c630 RegisterClassA

• 0x47c634 GetScrollPos

• 0x47c638 AdjustWindowRectEx

• 0x47c63c MapWindowPoints

• 0x47c640 SendDlgItemMessageA

• 0x47c644 ScrollWindowEx

• 0x47c648 IsDialogMessageA

• 0x47c64c SetWindowTextA

• 0x47c650 MoveWindow

• 0x47c654 CheckMenuItem

• 0x47c658 SetMenuItemBitmaps

• 0x47c65c GetMenuState

• 0x47c660 GetMenuCheckMarkDimensions

• 0x47c664 CharNextA

• 0x47c668 SetWindowContextHelpId

• 0x47c66c MapDialogRect

• 0x47c670 LoadStringA

Library GDI32.dll:

• 0x47c024 Escape

• 0x47c028 ExtTextOutA

• 0x47c02c TextOutA

• 0x47c030 RectVisible

• 0x47c034 PtVisible

• 0x47c038 GetViewportExtEx

• 0x47c03c ExtSelectClipRgn

• 0x47c040 PatBlt

• 0x47c044 FillRgn

• 0x47c048 CreateRectRgn

• 0x47c04c CombineRgn

• 0x47c050 CreateSolidBrush

• 0x47c054 GetStockObject

• 0x47c058 CreateFontIndirectA

• 0x47c05c EndPage

• 0x47c060 EndDoc

• 0x47c064 DeleteDC

• 0x47c068 StartDocA

• 0x47c06c StartPage

• 0x47c070 BitBlt

• 0x47c074 CreateCompatibleDC

• 0x47c078 Rectangle

• 0x47c07c LPtoDP

• 0x47c080 DPtoLP

• 0x47c084 GetCurrentObject

• 0x47c088 RoundRect

• 0x47c08c GetTextExtentPoint32A

• 0x47c090 GetDeviceCaps

• 0x47c094 LineTo

• 0x47c098 MoveToEx

• 0x47c09c ExcludeClipRect

• 0x47c0a0 GetClipBox

• 0x47c0a4 GetTextMetricsA

• 0x47c0a8 GetMapMode

• 0x47c0ac CreatePen

• 0x47c0b0 GetObjectA

• 0x47c0b4 SelectObject

• 0x47c0b8 CreatePatternBrush

• 0x47c0bc CreateBitmap

• 0x47c0c0 CreateHatchBrush

• 0x47c0c4 CreateBrushIndirect

• 0x47c0c8 CreateDCA

• 0x47c0cc CreateCompatibleBitmap

• 0x47c0d0 GetPolyFillMode

• 0x47c0d4 GetStretchBltMode

• 0x47c0d8 GetROP2

• 0x47c0dc GetBkColor

• 0x47c0e0 GetBkMode

• 0x47c0e4 GetTextColor

• 0x47c0e8 CreateRoundRectRgn

• 0x47c0ec CreateEllipticRgn

• 0x47c0f0 PathToRegion

• 0x47c0f4 EndPath

• 0x47c0f8 BeginPath

• 0x47c0fc GetWindowOrgEx

• 0x47c100 GetViewportOrgEx

• 0x47c104 GetWindowExtEx

• 0x47c108 GetDIBits

• 0x47c10c RealizePalette

• 0x47c110 ScaleWindowExtEx

• 0x47c114 SetWindowExtEx

• 0x47c118 SetWindowOrgEx

• 0x47c11c ScaleViewportExtEx

• 0x47c120 SetViewportExtEx

• 0x47c124 OffsetViewportOrgEx

• 0x47c128 SetViewportOrgEx

• 0x47c12c SelectPalette

• 0x47c130 StretchBlt

• 0x47c134 CreatePalette

• 0x47c138 GetSystemPaletteEntries

• 0x47c13c CreateDIBitmap

• 0x47c140 DeleteObject

• 0x47c144 SelectClipRgn

• 0x47c148 CreatePolygonRgn

• 0x47c14c GetClipRgn

• 0x47c150 SetStretchBltMode

• 0x47c154 CreateRectRgnIndirect

• 0x47c158 SetBkColor

• 0x47c15c Ellipse

• 0x47c160 SetMapMode

• 0x47c164 SetTextColor

• 0x47c168 SetROP2

• 0x47c16c SetPolyFillMode

• 0x47c170 SetBkMode

• 0x47c174 RestoreDC

• 0x47c178 SaveDC

Library WINSPOOL.DRV:

• 0x47c6c0 ClosePrinter

• 0x47c6c4 OpenPrinterA

• 0x47c6c8 DocumentPropertiesA

Library ADVAPI32.dll:

• 0x47c000 RegOpenKeyExA

• 0x47c004 RegSetValueExA

• 0x47c008 RegQueryValueA

• 0x47c00c RegCreateKeyExA

• 0x47c010 RegCloseKey

Library SHELL32.dll:

• 0x47c3e4 Shell_NotifyIconA

• 0x47c3e8 ShellExecuteA

Library ole32.dll:

• 0x47c70c StgCreateDocfileOnILockBytes

• 0x47c710 CreateILockBytesOnHGlobal

• 0x47c714 CoFreeUnusedLibraries

• 0x47c718 CoRegisterMessageFilter

• 0x47c71c CoRevokeClassObject

• 0x47c720 OleFlushClipboard

• 0x47c724 OleIsCurrentClipboard

• 0x47c728 StgOpenStorageOnILockBytes

• 0x47c72c CoTaskMemFree

• 0x47c730 CoTaskMemAlloc

• 0x47c734 CLSIDFromProgID

• 0x47c738 CLSIDFromString

• 0x47c73c OleUninitialize

• 0x47c740 OleInitialize

• 0x47c744 CoGetClassObject

Library OLEAUT32.dll:

• 0x47c390 VariantChangeType

• 0x47c394 VariantCopy

• 0x47c398 VariantClear

• 0x47c39c SafeArrayGetUBound

• 0x47c3a0 VariantTimeToSystemTime

• 0x47c3a4 SysStringLen

• 0x47c3a8 SysAllocStringLen

• 0x47c3ac SysAllocStringByteLen

• 0x47c3b0 SafeArrayGetElemsize

• 0x47c3b4 SafeArrayGetDim

• 0x47c3b8 SafeArrayUnaccessData

• 0x47c3bc SafeArrayAccessData

• 0x47c3c0 SafeArrayGetLBound

• 0x47c3c4 SysFreeString

• 0x47c3c8 OleCreateFontIndirect

• 0x47c3cc LoadTypeLib

• 0x47c3d0 RegisterTypeLib

• 0x47c3d4 UnRegisterTypeLib

• 0x47c3d8 SafeArrayCreate

• 0x47c3dc SysAllocString

Library COMCTL32.dll:

• 0x47c018

• 0x47c01c ImageList_Destroy

Library oledlg.dll:

• 0x47c74c

Library comdlg32.dll:

• 0x47c6f8 ChooseColorA

• 0x47c6fc GetOpenFileNameA

• 0x47c700 GetSaveFileNameA

• 0x47c704 GetFileTitleA

Hosts

No hosts contacted.

DNS

Name	Response	Post-Analysis Lookup
dns.msftncsi.com	A 131.107.255.255	131.107.255.255
dns.msftncsi.com	AAAA fd3e:4f5a:5b81::1	131.107.255.255
teredo.ipv6.microsoft.com

TCP

No TCP connections recorded.

UDP

Source	Source Port	Destination	Destination Port
192.168.56.101	49235	114.114.114.114	53
192.168.56.101	51808	114.114.114.114	53
192.168.56.101	58367	114.114.114.114	53
192.168.56.101	60123	114.114.114.114	53
192.168.56.101	137	192.168.56.255	137
192.168.56.101	138	192.168.56.255	138
192.168.56.101	50534	224.0.0.252	5355
192.168.56.101	55368	224.0.0.252	5355
192.168.56.101	56804	224.0.0.252	5355
192.168.56.101	62191	224.0.0.252	5355
192.168.56.101	63429	224.0.0.252	5355
192.168.56.101	1900	239.255.255.250	1900
192.168.56.101	51809	239.255.255.250	3702
192.168.56.101	58707	239.255.255.250	3702
192.168.56.101	60124	239.255.255.250	3702
192.168.56.101	62194	239.255.255.250	1900

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.

Sorry! No dropped buffers.