SmartHawk

5.2

中危

54 个模型检测该样本为恶意！

重新分析

下载样本

99d51c9bc6441774f8725ca8ee7f80c797ed4dc99a8e16eec6a26a2b183bff5e

56ed0cb3d688726cd128a5e34c1935ae.exe

分析耗时

82s

最近分析

文件大小

559.0KB

静态报毒动态报毒 100% AGEN AI SCORE=88 AIDETECTVM BSCOPE CIGISQPMV48 CLASSIC CONFIDENCE DELF EMPE FAKEXLS@CV FAREIT GDSDA GENCIRC HIGH CONFIDENCE HJRNAT MALWARE1 MALWARE@#2O87CNBYTD81J OCCAMY POSSIBLETHREAT QXKZ R066C0PIK20 R336118 REMCOS SIGGEN2 SONBOKLI SUSGEN UNSAFE 更多

未检测暂无鹰眼引擎检测结果

查杀引擎	查杀结果	查杀时间	查杀版本
Alibaba	TrojanDownloader:Win32/Remcos.e0c45f3c	20190527	0.3.0.5
Baidu		20190318	1.0.0.2
Avast	Win32:Trojan-gen	20201206	20.10.5736.0
Tencent	Malware.Win32.Gencirc.10b9ed3a	20201206	1.0.0.1
Kingsoft		20201206	2017.9.26.565
McAfee	Fareit-FSA!56ED0CB3D688	20201206	6.0.6.653
CrowdStrike	win/malicious_confidence_100% (W)	20190702	1.0

The executable contains unknown PE section names indicative of a packer (could be a false positive) (1 个事件)

section

.itext

The executable uses a known packer (1 个事件)

packer

BobSoft Mini Delphi -> BoB / BobSoft

One or more processes crashed (1 个事件)

Time & API	Arguments	Status	Return	Repeated
1619427038.977465 __exception__	stacktrace: registers.esp: 58785280 registers.edi: 52137936 registers.eax: 0 registers.ebp: 0 registers.edx: 0 registers.ebx: 36 registers.esi: 16 registers.ecx: 0 exception.instruction_r: 8b 41 3c 99 03 04 24 13 54 24 04 83 c4 08 89 04 exception.instruction: mov eax, dword ptr [ecx + 0x3c] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x31b8a45	success	0	0

Allocates read-write-execute memory (usually to unpack itself) (1 个事件)

Time & API	Arguments	Status	Return	Repeated
1619426980.883465 NtAllocateVirtualMemory	process_identifier: 472 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 4096 (MEM_COMMIT) base_address: 0x004b0000	success	0	0

Downloads a file or document from Google Drive (1 个事件)

domain

drive.google.com

Checks adapter addresses which can be used to detect virtual network interfaces (1 个事件)

Time & API	Arguments	Status	Return	Repeated
1619427007.055465 GetAdaptersAddresses	flags: 0 family: 0	failed	111	0

Communicates with host for which no DNS query was performed (1 个事件)

host

172.217.24.14

Sets or modifies WPAD proxy autoconfiguration file for traffic interception (8 个事件)

Time & API	Arguments	Status
1619427009.618465 RegSetValueExA	key_handle: 0x000003c4 value: 1 regkey_r: WpadDecisionReason reg_type: 4 (REG_DWORD) regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionReason	success
1619427009.618465 RegSetValueExA	key_handle: 0x000003c4 value: ÉW¿]:× regkey_r: WpadDecisionTime reg_type: 3 (REG_BINARY) regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionTime	success
1619427009.618465 RegSetValueExA	key_handle: 0x000003c4 value: 3 regkey_r: WpadDecision reg_type: 4 (REG_DWORD) regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecision	success
1619427009.618465 RegSetValueExW	key_handle: 0x000003c4 value: 网络 2 regkey_r: WpadNetworkName reg_type: 1 (REG_SZ) regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadNetworkName	success
1619427009.618465 RegSetValueExA	key_handle: 0x000003dc value: 1 regkey_r: WpadDecisionReason reg_type: 4 (REG_DWORD) regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionReason	success
1619427009.618465 RegSetValueExA	key_handle: 0x000003dc value: ÉW¿]:× regkey_r: WpadDecisionTime reg_type: 3 (REG_BINARY) regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionTime	success
1619427009.618465 RegSetValueExA	key_handle: 0x000003dc value: 3 regkey_r: WpadDecision reg_type: 4 (REG_DWORD) regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecision	success
1619427009.649465 RegSetValueExW	key_handle: 0x000003c0 value: {40112ABE-63B3-43C3-BE93-1440EE3AF106} regkey_r: WpadLastNetwork reg_type: 1 (REG_SZ) regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\WpadLastNetwork	success

Connects to an IP address that is no longer responding to requests (legitimate services will remain up-and-running usually) (1 个事件)

dead_host

108.160.162.115:443

File has been identified by 54 AntiVirus engines on VirusTotal as malicious (50 out of 54 个事件)

Bkav	W32.AIDetectVM.malware1
Elastic	malicious (high confidence)
MicroWorld-eScan	Trojan.Empe.1.Gen
ALYac	Trojan.Empe.1.Gen
Cylance	Unsafe
Zillya	Downloader.Delf.Win32.58900
Sangfor	Malware
K7AntiVirus	Trojan ( 7000000f1 )
Alibaba	TrojanDownloader:Win32/Remcos.e0c45f3c
K7GW	Trojan ( 7000000f1 )
Cybereason	malicious.3d6887
Arcabit	Trojan.Empe.1.Gen
Cyren	W32/Trojan.QXKZ-4607
Symantec	Trojan Horse
APEX	Malicious
Avast	Win32:Trojan-gen
Kaspersky	HEUR:Backdoor.Win32.Remcos.gen
BitDefender	Trojan.Empe.1.Gen
NANO-Antivirus	Trojan.Win32.Delf.hjrnat
Paloalto	generic.ml
AegisLab	Trojan.Win32.Generic.4!c
Tencent	Malware.Win32.Gencirc.10b9ed3a
Ad-Aware	Trojan.Empe.1.Gen
Sophos	Mal/Generic-S
Comodo	Malware@#2o87cnbytd81j
F-Secure	Heuristic.HEUR/AGEN.1134793
DrWeb	BackDoor.Siggen2.3163
VIPRE	Trojan.Win32.Generic!BT
TrendMicro	TROJ_GEN.R066C0PIK20
McAfee-GW-Edition	Fareit-FSA!56ED0CB3D688
FireEye	Generic.mg.56ed0cb3d688726c
Emsisoft	Trojan.Empe.1.Gen (B)
Jiangmin	Backdoor.Remcos.bkx
Avira	HEUR/AGEN.1134793
MAX	malware (ai score=88)
Microsoft	Trojan:Win32/Occamy.C99
ZoneAlarm	HEUR:Backdoor.Win32.Remcos.gen
GData	Trojan.Empe.1.Gen
AhnLab-V3	Malware/Win32.RL_Generic.R336118
McAfee	Fareit-FSA!56ED0CB3D688
VBA32	BScope.Trojan.Sonbokli
Malwarebytes	Trojan.MalPack.DLF
ESET-NOD32	Win32/TrojanDownloader.Delf.CXL
TrendMicro-HouseCall	TROJ_GEN.R066C0PIK20
Rising	Malware.FakeXLS@CV!1.9C3D (CLASSIC)
Yandex	Trojan.DL.Delf!CiGISQPmv48
Ikarus	Trojan.Inject
MaxSecure	Trojan.Malware.9833444.susgen
Fortinet	PossibleThreat.MU
BitDefenderTheta	AI:Packer.DC61C21E1D

暂无二进制图像该样本未生成二进制可视化图像

暂无运行截图该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手，可以帮您分析和解读恶意软件报告。请随时向我提问！

🔍 主要威胁分析

⚡ 行为特征

🛡️ 防护建议

🔧 技术手段

🎯 检测方法

🤖

Static Analysis
Strings

PE Compile Time

1992-06-20 06:22:17

Imports

Library oleaut32.dll:

• 0x47e7e8 SysFreeString

• 0x47e7ec SysReAllocStringLen

• 0x47e7f0 SysAllocStringLen

Library advapi32.dll:

• 0x47e7f8 RegQueryValueExA

• 0x47e7fc RegOpenKeyExA

• 0x47e800 RegCloseKey

Library user32.dll:

• 0x47e808 GetKeyboardType

• 0x47e80c DestroyWindow

• 0x47e810 LoadStringA

• 0x47e814 MessageBoxA

• 0x47e818 CharNextA

Library kernel32.dll:

• 0x47e820 GetACP

• 0x47e824 Sleep

• 0x47e828 VirtualFree

• 0x47e82c VirtualAlloc

• 0x47e830 GetCurrentThreadId

• 0x47e834 InterlockedDecrement

• 0x47e838 InterlockedIncrement

• 0x47e83c VirtualQuery

• 0x47e840 WideCharToMultiByte

• 0x47e844 MultiByteToWideChar

• 0x47e848 lstrlenA

• 0x47e84c lstrcpynA

• 0x47e850 LoadLibraryExA

• 0x47e854 GetThreadLocale

• 0x47e858 GetStartupInfoA

• 0x47e85c GetProcAddress

• 0x47e860 GetModuleHandleA

• 0x47e864 GetModuleFileNameA

• 0x47e868 GetLocaleInfoA

• 0x47e86c GetCommandLineA

• 0x47e870 FreeLibrary

• 0x47e874 FindFirstFileA

• 0x47e878 FindClose

• 0x47e87c ExitProcess

• 0x47e880 CompareStringA

• 0x47e884 WriteFile

• 0x47e888 UnhandledExceptionFilter

• 0x47e88c RtlUnwind

• 0x47e890 RaiseException

• 0x47e894 GetStdHandle

Library kernel32.dll:

• 0x47e89c TlsSetValue

• 0x47e8a0 TlsGetValue

• 0x47e8a4 LocalAlloc

• 0x47e8a8 GetModuleHandleA

Library user32.dll:

• 0x47e8b0 CreateWindowExA

• 0x47e8b4 WindowFromPoint

• 0x47e8b8 WaitMessage

• 0x47e8bc UpdateWindow

• 0x47e8c0 UnregisterClassA

• 0x47e8c4 UnhookWindowsHookEx

• 0x47e8c8 TranslateMessage

• 0x47e8cc TranslateMDISysAccel

• 0x47e8d0 TrackPopupMenu

• 0x47e8d4 SystemParametersInfoA

• 0x47e8d8 ShowWindow

• 0x47e8dc ShowScrollBar

• 0x47e8e0 ShowOwnedPopups

• 0x47e8e4 SetWindowsHookExA

• 0x47e8e8 SetWindowTextA

• 0x47e8ec SetWindowPos

• 0x47e8f0 SetWindowPlacement

• 0x47e8f4 SetWindowLongW

• 0x47e8f8 SetWindowLongA

• 0x47e8fc SetTimer

• 0x47e900 SetScrollRange

• 0x47e904 SetScrollPos

• 0x47e908 SetScrollInfo

• 0x47e90c SetRect

• 0x47e910 SetPropA

• 0x47e914 SetParent

• 0x47e918 SetMenuItemInfoA

• 0x47e91c SetMenu

• 0x47e920 SetForegroundWindow

• 0x47e924 SetFocus

• 0x47e928 SetCursor

• 0x47e92c SetClassLongA

• 0x47e930 SetCapture

• 0x47e934 SetActiveWindow

• 0x47e938 SendMessageW

• 0x47e93c SendMessageA

• 0x47e940 ScrollWindow

• 0x47e944 ScreenToClient

• 0x47e948 RemovePropA

• 0x47e94c RemoveMenu

• 0x47e950 ReleaseDC

• 0x47e954 ReleaseCapture

• 0x47e958 RegisterWindowMessageA

• 0x47e95c RegisterClipboardFormatA

• 0x47e960 RegisterClassA

• 0x47e964 RedrawWindow

• 0x47e968 PtInRect

• 0x47e96c PostQuitMessage

• 0x47e970 PostMessageA

• 0x47e974 PeekMessageW

• 0x47e978 PeekMessageA

• 0x47e97c OffsetRect

• 0x47e980 OemToCharA

• 0x47e984 MessageBoxA

• 0x47e988 MapWindowPoints

• 0x47e98c MapVirtualKeyA

• 0x47e990 LoadStringA

• 0x47e994 LoadKeyboardLayoutA

• 0x47e998 LoadIconA

• 0x47e99c LoadCursorA

• 0x47e9a0 LoadBitmapA

• 0x47e9a4 KillTimer

• 0x47e9a8 IsZoomed

• 0x47e9ac IsWindowVisible

• 0x47e9b0 IsWindowUnicode

• 0x47e9b4 IsWindowEnabled

• 0x47e9b8 IsWindow

• 0x47e9bc IsRectEmpty

• 0x47e9c0 IsIconic

• 0x47e9c4 IsDialogMessageW

• 0x47e9c8 IsDialogMessageA

• 0x47e9cc IsChild

• 0x47e9d0 InvalidateRect

• 0x47e9d4 IntersectRect

• 0x47e9d8 InsertMenuItemA

• 0x47e9dc InsertMenuA

• 0x47e9e0 InflateRect

• 0x47e9e4 GetWindowThreadProcessId

• 0x47e9e8 GetWindowTextA

• 0x47e9ec GetWindowRect

• 0x47e9f0 GetWindowPlacement

• 0x47e9f4 GetWindowLongW

• 0x47e9f8 GetWindowLongA

• 0x47e9fc GetWindowDC

• 0x47ea00 GetTopWindow

• 0x47ea04 GetSystemMetrics

• 0x47ea08 GetSystemMenu

• 0x47ea0c GetSysColorBrush

• 0x47ea10 GetSysColor

• 0x47ea14 GetSubMenu

• 0x47ea18 GetScrollRange

• 0x47ea1c GetScrollPos

• 0x47ea20 GetScrollInfo

• 0x47ea24 GetPropA

• 0x47ea28 GetParent

• 0x47ea2c GetWindow

• 0x47ea30 GetMessageTime

• 0x47ea34 GetMessagePos

• 0x47ea38 GetMenuStringA

• 0x47ea3c GetMenuState

• 0x47ea40 GetMenuItemInfoA

• 0x47ea44 GetMenuItemID

• 0x47ea48 GetMenuItemCount

• 0x47ea4c GetMenu

• 0x47ea50 GetLastActivePopup

• 0x47ea54 GetKeyboardState

• 0x47ea58 GetKeyboardLayoutNameA

• 0x47ea5c GetKeyboardLayoutList

• 0x47ea60 GetKeyboardLayout

• 0x47ea64 GetKeyState

• 0x47ea68 GetKeyNameTextA

• 0x47ea6c GetIconInfo

• 0x47ea70 GetForegroundWindow

• 0x47ea74 GetFocus

• 0x47ea78 GetDlgItem

• 0x47ea7c GetDesktopWindow

• 0x47ea80 GetDCEx

• 0x47ea84 GetDC

• 0x47ea88 GetCursorPos

• 0x47ea8c GetCursor

• 0x47ea90 GetClipboardData

• 0x47ea94 GetClientRect

• 0x47ea98 GetClassLongA

• 0x47ea9c GetClassInfoA

• 0x47eaa0 GetCapture

• 0x47eaa4 GetActiveWindow

• 0x47eaa8 FrameRect

• 0x47eaac FindWindowA

• 0x47eab0 FillRect

• 0x47eab4 EqualRect

• 0x47eab8 EnumWindows

• 0x47eabc EnumThreadWindows

• 0x47eac0 EnumChildWindows

• 0x47eac4 EndPaint

• 0x47eac8 EnableWindow

• 0x47eacc EnableScrollBar

• 0x47ead0 EnableMenuItem

• 0x47ead4 DrawTextA

• 0x47ead8 DrawMenuBar

• 0x47eadc DrawIconEx

• 0x47eae0 DrawIcon

• 0x47eae4 DrawFrameControl

• 0x47eae8 DrawFocusRect

• 0x47eaec DrawEdge

• 0x47eaf0 DispatchMessageW

• 0x47eaf4 DispatchMessageA

• 0x47eaf8 DestroyWindow

• 0x47eafc DestroyMenu

• 0x47eb00 DestroyIcon

• 0x47eb04 DestroyCursor

• 0x47eb08 DeleteMenu

• 0x47eb0c DefWindowProcA

• 0x47eb10 DefMDIChildProcA

• 0x47eb14 DefFrameProcA

• 0x47eb18 CreatePopupMenu

• 0x47eb1c CreateMenu

• 0x47eb20 CreateIcon

• 0x47eb24 ClientToScreen

• 0x47eb28 CheckMenuItem

• 0x47eb2c CallWindowProcA

• 0x47eb30 CallNextHookEx

• 0x47eb34 BeginPaint

• 0x47eb38 CharNextA

• 0x47eb3c CharLowerBuffA

• 0x47eb40 CharLowerA

• 0x47eb44 CharToOemA

• 0x47eb48 AdjustWindowRectEx

• 0x47eb4c ActivateKeyboardLayout

Library gdi32.dll:

• 0x47eb54 UnrealizeObject

• 0x47eb58 StretchBlt

• 0x47eb5c SetWindowOrgEx

• 0x47eb60 SetWinMetaFileBits

• 0x47eb64 SetViewportOrgEx

• 0x47eb68 SetTextColor

• 0x47eb6c SetStretchBltMode

• 0x47eb70 SetROP2

• 0x47eb74 SetPixel

• 0x47eb78 SetMapMode

• 0x47eb7c SetEnhMetaFileBits

• 0x47eb80 SetDIBColorTable

• 0x47eb84 SetBrushOrgEx

• 0x47eb88 SetBkMode

• 0x47eb8c SetBkColor

• 0x47eb90 SelectPalette

• 0x47eb94 SelectObject

• 0x47eb98 SelectClipRgn

• 0x47eb9c SaveDC

• 0x47eba0 RestoreDC

• 0x47eba4 Rectangle

• 0x47eba8 RectVisible

• 0x47ebac RealizePalette

• 0x47ebb0 Polyline

• 0x47ebb4 PlayEnhMetaFile

• 0x47ebb8 PatBlt

• 0x47ebbc MoveToEx

• 0x47ebc0 MaskBlt

• 0x47ebc4 LineTo

• 0x47ebc8 LPtoDP

• 0x47ebcc IntersectClipRect

• 0x47ebd0 GetWindowOrgEx

• 0x47ebd4 GetWinMetaFileBits

• 0x47ebd8 GetTextMetricsA

• 0x47ebdc GetTextExtentPoint32A

• 0x47ebe0 GetSystemPaletteEntries

• 0x47ebe4 GetStockObject

• 0x47ebe8 GetRgnBox

• 0x47ebec GetPixel

• 0x47ebf0 GetPaletteEntries

• 0x47ebf4 GetObjectA

• 0x47ebf8 GetEnhMetaFilePaletteEntries

• 0x47ebfc GetEnhMetaFileHeader

• 0x47ec00 GetEnhMetaFileDescriptionA

• 0x47ec04 GetEnhMetaFileBits

• 0x47ec08 GetDeviceCaps

• 0x47ec0c GetDIBits

• 0x47ec10 GetDIBColorTable

• 0x47ec14 GetDCOrgEx

• 0x47ec18 GetCurrentPositionEx

• 0x47ec1c GetClipBox

• 0x47ec20 GetBrushOrgEx

• 0x47ec24 GetBitmapBits

• 0x47ec28 ExcludeClipRect

• 0x47ec2c DeleteObject

• 0x47ec30 DeleteEnhMetaFile

• 0x47ec34 DeleteDC

• 0x47ec38 CreateSolidBrush

• 0x47ec3c CreateRectRgn

• 0x47ec40 CreatePenIndirect

• 0x47ec44 CreatePalette

• 0x47ec48 CreateHalftonePalette

• 0x47ec4c CreateFontIndirectA

• 0x47ec50 CreateEnhMetaFileA

• 0x47ec54 CreateDIBitmap

• 0x47ec58 CreateDIBSection

• 0x47ec5c CreateCompatibleDC

• 0x47ec60 CreateCompatibleBitmap

• 0x47ec64 CreateBrushIndirect

• 0x47ec68 CreateBitmap

• 0x47ec6c CopyEnhMetaFileA

• 0x47ec70 CloseEnhMetaFile

• 0x47ec74 BitBlt

Library version.dll:

• 0x47ec7c VerQueryValueA

• 0x47ec80 GetFileVersionInfoSizeA

• 0x47ec84 GetFileVersionInfoA

Library kernel32.dll:

• 0x47ec8c lstrcpyA

• 0x47ec90 WriteFile

• 0x47ec94 WaitForSingleObject

• 0x47ec98 VirtualQuery

• 0x47ec9c VirtualProtect

• 0x47eca0 VirtualAlloc

• 0x47eca4 SizeofResource

• 0x47eca8 SetThreadLocale

• 0x47ecac SetFilePointer

• 0x47ecb0 SetEvent

• 0x47ecb4 SetErrorMode

• 0x47ecb8 SetEndOfFile

• 0x47ecbc ResetEvent

• 0x47ecc0 ReadFile

• 0x47ecc4 MultiByteToWideChar

• 0x47ecc8 MulDiv

• 0x47eccc LockResource

• 0x47ecd0 LoadResource

• 0x47ecd4 LoadLibraryA

• 0x47ecd8 LeaveCriticalSection

• 0x47ecdc InitializeCriticalSection

• 0x47ece0 GlobalUnlock

• 0x47ece4 GlobalSize

• 0x47ece8 GlobalLock

• 0x47ecec GlobalFree

• 0x47ecf0 GlobalFindAtomA

• 0x47ecf4 GlobalDeleteAtom

• 0x47ecf8 GlobalAlloc

• 0x47ecfc GlobalAddAtomA

• 0x47ed00 GetVersionExA

• 0x47ed04 GetVersion

• 0x47ed08 GetUserDefaultLCID

• 0x47ed0c GetTickCount

• 0x47ed10 GetThreadLocale

• 0x47ed14 GetStdHandle

• 0x47ed18 GetProcAddress

• 0x47ed1c GetModuleHandleA

• 0x47ed20 GetModuleFileNameA

• 0x47ed24 GetLocaleInfoA

• 0x47ed28 GetLocalTime

• 0x47ed2c GetLastError

• 0x47ed30 GetFullPathNameA

• 0x47ed34 GetDiskFreeSpaceA

• 0x47ed38 GetDateFormatA

• 0x47ed3c GetCurrentThreadId

• 0x47ed40 GetCurrentProcessId

• 0x47ed44 GetCPInfo

• 0x47ed48 FreeResource

• 0x47ed4c InterlockedExchange

• 0x47ed50 FreeLibrary

• 0x47ed54 FormatMessageA

• 0x47ed58 FindResourceA

• 0x47ed5c EnumCalendarInfoA

• 0x47ed60 EnterCriticalSection

• 0x47ed64 DeleteCriticalSection

• 0x47ed68 CreateThread

• 0x47ed6c CreateFileA

• 0x47ed70 CreateEventA

• 0x47ed74 CompareStringA

• 0x47ed78 CloseHandle

Library advapi32.dll:

• 0x47ed80 RegQueryValueExA

• 0x47ed84 RegOpenKeyExA

• 0x47ed88 RegFlushKey

• 0x47ed8c RegCloseKey

Library oleaut32.dll:

• 0x47ed94 GetErrorInfo

• 0x47ed98 SysFreeString

Library ole32.dll:

• 0x47eda0 CreateStreamOnHGlobal

• 0x47eda4 IsAccelerator

• 0x47eda8 OleDraw

• 0x47edac OleSetMenuDescriptor

• 0x47edb0 CoCreateInstance

• 0x47edb4 CoGetClassObject

• 0x47edb8 CoUninitialize

• 0x47edbc CoInitialize

• 0x47edc0 IsEqualGUID

Library kernel32.dll:

• 0x47edc8 Sleep

Library oleaut32.dll:

• 0x47edd0 SafeArrayPtrOfIndex

• 0x47edd4 SafeArrayGetUBound

• 0x47edd8 SafeArrayGetLBound

• 0x47eddc SafeArrayCreate

• 0x47ede0 VariantChangeType

• 0x47ede4 VariantCopy

• 0x47ede8 VariantClear

• 0x47edec VariantInit

Library comctl32.dll:

• 0x47edf4 _TrackMouseEvent

• 0x47edf8 ImageList_SetIconSize

• 0x47edfc ImageList_GetIconSize

• 0x47ee00 ImageList_Write

• 0x47ee04 ImageList_Read

• 0x47ee08 ImageList_GetDragImage

• 0x47ee0c ImageList_DragShowNolock

• 0x47ee10 ImageList_DragMove

• 0x47ee14 ImageList_DragLeave

• 0x47ee18 ImageList_DragEnter

• 0x47ee1c ImageList_EndDrag

• 0x47ee20 ImageList_BeginDrag

• 0x47ee24 ImageList_Remove

• 0x47ee28 ImageList_DrawEx

• 0x47ee2c ImageList_Replace

• 0x47ee30 ImageList_Draw

• 0x47ee34 ImageList_GetBkColor

• 0x47ee38 ImageList_SetBkColor

• 0x47ee3c ImageList_Add

• 0x47ee40 ImageList_GetImageCount

• 0x47ee44 ImageList_Destroy

• 0x47ee48 ImageList_Create

• 0x47ee4c InitCommonControls

Library comdlg32.dll:

• 0x47ee54 GetSaveFileNameA

• 0x47ee58 GetOpenFileNameA

Library URL.DLL:

• 0x47ee60 InetIsOffline

Hosts

No hosts contacted.

DNS

Name	Response	Post-Analysis Lookup
dns.msftncsi.com	A 131.107.255.255	131.107.255.255
drive.google.com	A 108.160.162.115	108.160.162.115
dns.msftncsi.com	AAAA fd3e:4f5a:5b81::1	131.107.255.255
teredo.ipv6.microsoft.com		127.0.0.1

TCP

No TCP connections recorded.

UDP

Source	Source Port	Destination	Destination Port
192.168.56.101	49235	114.114.114.114	53
192.168.56.101	50534	114.114.114.114	53
192.168.56.101	53657	114.114.114.114	53
192.168.56.101	56539	114.114.114.114	53
192.168.56.101	65004	114.114.114.114	53
192.168.56.101	137	192.168.56.255	137
192.168.56.101	138	192.168.56.255	138
192.168.56.101	51808	224.0.0.252	5355
192.168.56.101	55368	224.0.0.252	5355
192.168.56.101	56804	224.0.0.252	5355
192.168.56.101	60123	224.0.0.252	5355
192.168.56.101	62191	224.0.0.252	5355
192.168.56.101	1900	239.255.255.250	1900
192.168.56.101	50535	239.255.255.250	3702
192.168.56.101	56540	239.255.255.250	3702
192.168.56.101	56807	239.255.255.250	1900
192.168.56.101	58707	239.255.255.250	3702

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.

Sorry! No dropped buffers.