SmartHawk

6.4

高危

55 个模型检测该样本为恶意！

重新分析

下载样本

57f4246d683336ab606ba5831ce88a0ff47a42de652f72795fe76169195821e1

5750b4d4ef032a95c526f127b409811f.exe

分析耗时

79s

最近分析

文件大小

649.1KB

静态报毒动态报毒 100% AGENTB AI SCORE=86 ATTRIBUTE BIFROST BSCOPE CLASSIC CONFIDENCE DBATLDR DELF DROPPERX DYPMR EKLE FAREIT GDSDA GENCIRC GENERIC PUA NC GENERICKD GENKRYPTIK HACKTOOL HIGH CONFIDENCE HIGHCONFIDENCE HQFJVB INVALIDSIG JOHZ KRYPTIK MALICIOUS PE OGY@AYXCCFJI R002C0WH420 SCORE UNCLASSIFIEDMALWARE@0 UNSAFE ZELPHIF 更多

未检测暂无鹰眼引擎检测结果

查杀引擎	查杀结果	查杀时间	查杀版本
McAfee	Fareit-FUL!5750B4D4EF03	20200903	6.0.6.653
Alibaba	TrojanDownloader:Win32/Agentb.f9a4639a	20190527	0.3.0.5
Baidu		20190318	1.0.0.2
Avast	Win32:DropperX-gen [Drp]	20200903	18.4.3895.0
Tencent	Malware.Win32.Gencirc.10cde77d	20200903	1.0.0.1
Kingsoft		20200903	2013.8.14.323
CrowdStrike	win/malicious_confidence_100% (W)	20190702	1.0

This executable is signed

The executable contains unknown PE section names indicative of a packer (could be a false positive) (3 个事件)

section	CODE
section	DATA
section	BSS

The executable uses a known packer (1 个事件)

packer

BobSoft Mini Delphi -> BoB / BobSoft

Allocates read-write-execute memory (usually to unpack itself) (1 个事件)

Time & API	Arguments	Status	Return	Repeated
1619426981.181979 NtAllocateVirtualMemory	process_identifier: 2528 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 4096 (MEM_COMMIT) base_address: 0x004c0000	success	0	0

Downloads a file or document from Google Drive (1 个事件)

domain

drive.google.com

Checks adapter addresses which can be used to detect virtual network interfaces (1 个事件)

Time & API	Arguments	Status	Return	Repeated
1619427016.916979 GetAdaptersAddresses	flags: 0 family: 0	failed	111	0

Communicates with host for which no DNS query was performed (1 个事件)

host

172.217.24.14

Disables proxy possibly for traffic interception (1 个事件)

Time & API	Arguments	Status	Return	Repeated
1619427016.619979 RegSetValueExA	key_handle: 0x000002c4 value: 0 regkey_r: ProxyEnable reg_type: 4 (REG_DWORD) regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyEnable	success	0	0

Sets or modifies WPAD proxy autoconfiguration file for traffic interception (8 个事件)

Time & API	Arguments	Status
1619427019.494979 RegSetValueExA	key_handle: 0x000003b8 value: 1 regkey_r: WpadDecisionReason reg_type: 4 (REG_DWORD) regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionReason	success
1619427019.494979 RegSetValueExA	key_handle: 0x000003b8 value: ð±À:× regkey_r: WpadDecisionTime reg_type: 3 (REG_BINARY) regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionTime	success
1619427019.494979 RegSetValueExA	key_handle: 0x000003b8 value: 3 regkey_r: WpadDecision reg_type: 4 (REG_DWORD) regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecision	success
1619427019.494979 RegSetValueExW	key_handle: 0x000003b8 value: 网络 2 regkey_r: WpadNetworkName reg_type: 1 (REG_SZ) regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadNetworkName	success
1619427019.494979 RegSetValueExA	key_handle: 0x000003d4 value: 1 regkey_r: WpadDecisionReason reg_type: 4 (REG_DWORD) regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionReason	success
1619427019.494979 RegSetValueExA	key_handle: 0x000003d4 value: ð±À:× regkey_r: WpadDecisionTime reg_type: 3 (REG_BINARY) regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionTime	success
1619427019.494979 RegSetValueExA	key_handle: 0x000003d4 value: 3 regkey_r: WpadDecision reg_type: 4 (REG_DWORD) regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecision	success
1619427019.509979 RegSetValueExW	key_handle: 0x000003b4 value: {40112ABE-63B3-43C3-BE93-1440EE3AF106} regkey_r: WpadLastNetwork reg_type: 1 (REG_SZ) regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\WpadLastNetwork	success

Network activity contains more than one unique useragent (2 个事件)

process	5750b4d4ef032a95c526f127b409811f.exe				useragent	Internal
process	5750b4d4ef032a95c526f127b409811f.exe				useragent	m

Connects to an IP address that is no longer responding to requests (legitimate services will remain up-and-running usually) (1 个事件)

dead_host

162.125.32.5:443

File has been identified by 55 AntiVirus engines on VirusTotal as malicious (50 out of 55 个事件)

Elastic	malicious (high confidence)
MicroWorld-eScan	Trojan.GenericKD.34280386
FireEye	Generic.mg.5750b4d4ef032a95
McAfee	Fareit-FUL!5750B4D4EF03
Cylance	Unsafe
Zillya	Downloader.Delf.Win32.59635
Sangfor	Malware
K7AntiVirus	Trojan-Downloader ( 0056bdc51 )
Alibaba	TrojanDownloader:Win32/Agentb.f9a4639a
K7GW	Trojan-Downloader ( 0056bdc51 )
Arcabit	Trojan.Generic.D20B13C2
Invincea	Generic PUA NC (PUA)
Cyren	W32/Trojan.JOHZ-2838
Symantec	ML.Attribute.HighConfidence
APEX	Malicious
Paloalto	generic.ml
Kaspersky	HEUR:Trojan-Downloader.Win32.Agentb.gen
BitDefender	Trojan.GenericKD.34280386
NANO-Antivirus	Trojan.Win32.Bifrost.hqfjvb
ViRobot	Trojan.Win32.Z.Agent.664655
Avast	Win32:DropperX-gen [Drp]
Tencent	Malware.Win32.Gencirc.10cde77d
Ad-Aware	Trojan.GenericKD.34280386
Comodo	.UnclassifiedMalware@0
F-Secure	Trojan.TR/AD.DbatLdr.dypmr
DrWeb	BackDoor.Bifrost.30850
VIPRE	Trojan.Win32.Generic!BT
TrendMicro	TROJ_GEN.R002C0WH420
Sophos	Generic PUA NC (PUA)
SentinelOne	DFI - Malicious PE
Jiangmin	TrojanDownloader.Agentb.bv
Avira	TR/AD.DbatLdr.dypmr
Antiy-AVL	Trojan[Downloader]/Win32.Delf
Microsoft	TrojanDownloader:Win32/Delf.SD!MSR
AegisLab	Trojan.Win32.Agentb.a!c
ZoneAlarm	HEUR:Trojan-Downloader.Win32.Agentb.gen
GData	Trojan.GenericKD.34280386
Cynet	Malicious (score: 100)
AhnLab-V3	Malware/Win32.Generic.C4175446
BitDefenderTheta	Gen:NN.ZelphiF.34216.OGY@ayXccFji
ALYac	Trojan.GenericKD.34280386
MAX	malware (ai score=86)
VBA32	BScope.Trojan.Downloader
Malwarebytes	Trojan.MalPack.SMY
Zoner	Trojan.Win32.91623
ESET-NOD32	Win32/TrojanDownloader.Delf.CYV
TrendMicro-HouseCall	TROJ_GEN.R002C0WH420
Rising	Trojan.Kryptik!1.C56D (CLASSIC)
Ikarus	Trojan.Inject
eGambit	PE.Heur.InvalidSig

暂无二进制图像该样本未生成二进制可视化图像

暂无运行截图该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手，可以帮您分析和解读恶意软件报告。请随时向我提问！

🔍 主要威胁分析

⚡ 行为特征

🛡️ 防护建议

🔧 技术手段

🎯 检测方法

🤖

Static Analysis
Strings

PE Compile Time

1992-06-20 06:22:17

Imports

Library kernel32.dll:

• 0x48f168 DeleteCriticalSection

• 0x48f16c LeaveCriticalSection

• 0x48f170 EnterCriticalSection

• 0x48f174 InitializeCriticalSection

• 0x48f178 VirtualFree

• 0x48f17c VirtualAlloc

• 0x48f180 LocalFree

• 0x48f184 LocalAlloc

• 0x48f188 GetTickCount

• 0x48f18c QueryPerformanceCounter

• 0x48f190 GetVersion

• 0x48f194 GetCurrentThreadId

• 0x48f198 InterlockedDecrement

• 0x48f19c InterlockedIncrement

• 0x48f1a0 VirtualQuery

• 0x48f1a4 WideCharToMultiByte

• 0x48f1a8 MultiByteToWideChar

• 0x48f1ac lstrlenA

• 0x48f1b0 lstrcpynA

• 0x48f1b4 LoadLibraryExA

• 0x48f1b8 GetThreadLocale

• 0x48f1bc GetStartupInfoA

• 0x48f1c0 GetProcAddress

• 0x48f1c4 GetModuleHandleA

• 0x48f1c8 GetModuleFileNameA

• 0x48f1cc GetLocaleInfoA

• 0x48f1d0 GetCommandLineA

• 0x48f1d4 FreeLibrary

• 0x48f1d8 FindFirstFileA

• 0x48f1dc FindClose

• 0x48f1e0 ExitProcess

• 0x48f1e4 WriteFile

• 0x48f1e8 UnhandledExceptionFilter

• 0x48f1ec RtlUnwind

• 0x48f1f0 RaiseException

• 0x48f1f4 GetStdHandle

Library user32.dll:

• 0x48f1fc GetKeyboardType

• 0x48f200 LoadStringA

• 0x48f204 MessageBoxA

• 0x48f208 CharNextA

Library advapi32.dll:

• 0x48f210 RegQueryValueExA

• 0x48f214 RegOpenKeyExA

• 0x48f218 RegCloseKey

Library oleaut32.dll:

• 0x48f220 SysFreeString

• 0x48f224 SysReAllocStringLen

• 0x48f228 SysAllocStringLen

Library kernel32.dll:

• 0x48f230 TlsSetValue

• 0x48f234 TlsGetValue

• 0x48f238 LocalAlloc

• 0x48f23c GetModuleHandleA

Library advapi32.dll:

• 0x48f244 RegQueryValueExA

• 0x48f248 RegOpenKeyExA

• 0x48f24c RegCloseKey

Library kernel32.dll:

• 0x48f254 lstrcpyA

• 0x48f258 WriteFile

• 0x48f25c WaitForSingleObject

• 0x48f260 VirtualQuery

• 0x48f264 VirtualProtect

• 0x48f268 VirtualAlloc

• 0x48f26c Sleep

• 0x48f270 SizeofResource

• 0x48f274 SetThreadLocale

• 0x48f278 SetFilePointer

• 0x48f27c SetEvent

• 0x48f280 SetErrorMode

• 0x48f284 SetEndOfFile

• 0x48f288 ResetEvent

• 0x48f28c ReadFile

• 0x48f290 MultiByteToWideChar

• 0x48f294 MulDiv

• 0x48f298 LockResource

• 0x48f29c LoadResource

• 0x48f2a0 LoadLibraryA

• 0x48f2a4 LeaveCriticalSection

• 0x48f2a8 InitializeCriticalSection

• 0x48f2ac GlobalUnlock

• 0x48f2b0 GlobalReAlloc

• 0x48f2b4 GlobalHandle

• 0x48f2b8 GlobalLock

• 0x48f2bc GlobalFree

• 0x48f2c0 GlobalFindAtomA

• 0x48f2c4 GlobalDeleteAtom

• 0x48f2c8 GlobalAlloc

• 0x48f2cc GlobalAddAtomA

• 0x48f2d0 GetVersionExA

• 0x48f2d4 GetVersion

• 0x48f2d8 GetTickCount

• 0x48f2dc GetThreadLocale

• 0x48f2e0 GetSystemInfo

• 0x48f2e4 GetStringTypeExA

• 0x48f2e8 GetStdHandle

• 0x48f2ec GetProcAddress

• 0x48f2f0 GetModuleHandleA

• 0x48f2f4 GetModuleFileNameA

• 0x48f2f8 GetLocaleInfoA

• 0x48f2fc GetLocalTime

• 0x48f300 GetLastError

• 0x48f304 GetFullPathNameA

• 0x48f308 GetDiskFreeSpaceA

• 0x48f30c GetDateFormatA

• 0x48f310 GetCurrentThreadId

• 0x48f314 GetCurrentProcessId

• 0x48f318 GetComputerNameA

• 0x48f31c GetCPInfo

• 0x48f320 GetACP

• 0x48f324 FreeResource

• 0x48f328 InterlockedExchange

• 0x48f32c FreeLibrary

• 0x48f330 FormatMessageA

• 0x48f334 FindResourceA

• 0x48f338 FindFirstFileA

• 0x48f33c FindClose

• 0x48f340 FileTimeToLocalFileTime

• 0x48f344 FileTimeToDosDateTime

• 0x48f348 EnumCalendarInfoA

• 0x48f34c EnterCriticalSection

• 0x48f350 DeleteFileA

• 0x48f354 DeleteCriticalSection

• 0x48f358 CreateThread

• 0x48f35c CreateFileA

• 0x48f360 CreateEventA

• 0x48f364 CompareStringA

• 0x48f368 CloseHandle

Library version.dll:

• 0x48f370 VerQueryValueA

• 0x48f374 GetFileVersionInfoSizeA

• 0x48f378 GetFileVersionInfoA

Library gdi32.dll:

• 0x48f380 UnrealizeObject

• 0x48f384 StretchBlt

• 0x48f388 SetWindowOrgEx

• 0x48f38c SetWinMetaFileBits

• 0x48f390 SetViewportOrgEx

• 0x48f394 SetTextColor

• 0x48f398 SetStretchBltMode

• 0x48f39c SetROP2

• 0x48f3a0 SetPixel

• 0x48f3a4 SetEnhMetaFileBits

• 0x48f3a8 SetDIBColorTable

• 0x48f3ac SetBrushOrgEx

• 0x48f3b0 SetBkMode

• 0x48f3b4 SetBkColor

• 0x48f3b8 SelectPalette

• 0x48f3bc SelectObject

• 0x48f3c0 SaveDC

• 0x48f3c4 RestoreDC

• 0x48f3c8 Rectangle

• 0x48f3cc RectVisible

• 0x48f3d0 RealizePalette

• 0x48f3d4 Polyline

• 0x48f3d8 Polygon

• 0x48f3dc PlayEnhMetaFile

• 0x48f3e0 PatBlt

• 0x48f3e4 MoveToEx

• 0x48f3e8 MaskBlt

• 0x48f3ec LineTo

• 0x48f3f0 IntersectClipRect

• 0x48f3f4 GetWindowOrgEx

• 0x48f3f8 GetWinMetaFileBits

• 0x48f3fc GetTextMetricsA

• 0x48f400 GetTextExtentPointA

• 0x48f404 GetTextExtentPoint32A

• 0x48f408 GetSystemPaletteEntries

• 0x48f40c GetStockObject

• 0x48f410 GetPixel

• 0x48f414 GetPaletteEntries

• 0x48f418 GetObjectA

• 0x48f41c GetEnhMetaFilePaletteEntries

• 0x48f420 GetEnhMetaFileHeader

• 0x48f424 GetEnhMetaFileBits

• 0x48f428 GetDeviceCaps

• 0x48f42c GetDIBits

• 0x48f430 GetDIBColorTable

• 0x48f434 GetDCOrgEx

• 0x48f438 GetCurrentPositionEx

• 0x48f43c GetClipBox

• 0x48f440 GetBrushOrgEx

• 0x48f444 GetBitmapBits

• 0x48f448 GdiFlush

• 0x48f44c ExcludeClipRect

• 0x48f450 DeleteObject

• 0x48f454 DeleteEnhMetaFile

• 0x48f458 DeleteDC

• 0x48f45c CreateSolidBrush

• 0x48f460 CreatePenIndirect

• 0x48f464 CreatePalette

• 0x48f468 CreateHalftonePalette

• 0x48f46c CreateFontIndirectA

• 0x48f470 CreateDIBitmap

• 0x48f474 CreateDIBSection

• 0x48f478 CreateCompatibleDC

• 0x48f47c CreateCompatibleBitmap

• 0x48f480 CreateBrushIndirect

• 0x48f484 CreateBitmap

• 0x48f488 CopyEnhMetaFileA

• 0x48f48c BitBlt

Library user32.dll:

• 0x48f494 CreateWindowExA

• 0x48f498 WindowFromPoint

• 0x48f49c WinHelpA

• 0x48f4a0 WaitMessage

• 0x48f4a4 UpdateWindow

• 0x48f4a8 UnregisterClassA

• 0x48f4ac UnhookWindowsHookEx

• 0x48f4b0 TranslateMessage

• 0x48f4b4 TranslateMDISysAccel

• 0x48f4b8 TrackPopupMenu

• 0x48f4bc SystemParametersInfoA

• 0x48f4c0 ShowWindow

• 0x48f4c4 ShowScrollBar

• 0x48f4c8 ShowOwnedPopups

• 0x48f4cc ShowCursor

• 0x48f4d0 ShowCaret

• 0x48f4d4 SetWindowsHookExA

• 0x48f4d8 SetWindowPos

• 0x48f4dc SetWindowPlacement

• 0x48f4e0 SetWindowLongA

• 0x48f4e4 SetTimer

• 0x48f4e8 SetScrollRange

• 0x48f4ec SetScrollPos

• 0x48f4f0 SetScrollInfo

• 0x48f4f4 SetRect

• 0x48f4f8 SetPropA

• 0x48f4fc SetParent

• 0x48f500 SetMenuItemInfoA

• 0x48f504 SetMenu

• 0x48f508 SetForegroundWindow

• 0x48f50c SetFocus

• 0x48f510 SetCursor

• 0x48f514 SetClipboardData

• 0x48f518 SetClassLongA

• 0x48f51c SetCapture

• 0x48f520 SetActiveWindow

• 0x48f524 SendMessageA

• 0x48f528 ScrollWindow

• 0x48f52c ScreenToClient

• 0x48f530 RemovePropA

• 0x48f534 RemoveMenu

• 0x48f538 ReleaseDC

• 0x48f53c ReleaseCapture

• 0x48f540 RegisterWindowMessageA

• 0x48f544 RegisterClipboardFormatA

• 0x48f548 RegisterClassA

• 0x48f54c RedrawWindow

• 0x48f550 PtInRect

• 0x48f554 PostQuitMessage

• 0x48f558 PostMessageA

• 0x48f55c PeekMessageA

• 0x48f560 OpenClipboard

• 0x48f564 OffsetRect

• 0x48f568 OemToCharA

• 0x48f56c MessageBoxA

• 0x48f570 MessageBeep

• 0x48f574 MapWindowPoints

• 0x48f578 MapVirtualKeyA

• 0x48f57c LoadStringA

• 0x48f580 LoadKeyboardLayoutA

• 0x48f584 LoadIconA

• 0x48f588 LoadCursorA

• 0x48f58c LoadBitmapA

• 0x48f590 KillTimer

• 0x48f594 IsZoomed

• 0x48f598 IsWindowVisible

• 0x48f59c IsWindowEnabled

• 0x48f5a0 IsWindow

• 0x48f5a4 IsRectEmpty

• 0x48f5a8 IsIconic

• 0x48f5ac IsDialogMessageA

• 0x48f5b0 IsChild

• 0x48f5b4 InvalidateRect

• 0x48f5b8 IntersectRect

• 0x48f5bc InsertMenuItemA

• 0x48f5c0 InsertMenuA

• 0x48f5c4 InflateRect

• 0x48f5c8 HideCaret

• 0x48f5cc GetWindowThreadProcessId

• 0x48f5d0 GetWindowTextA

• 0x48f5d4 GetWindowRect

• 0x48f5d8 GetWindowPlacement

• 0x48f5dc GetWindowLongA

• 0x48f5e0 GetWindowDC

• 0x48f5e4 GetTopWindow

• 0x48f5e8 GetSystemMetrics

• 0x48f5ec GetSystemMenu

• 0x48f5f0 GetSysColorBrush

• 0x48f5f4 GetSysColor

• 0x48f5f8 GetSubMenu

• 0x48f5fc GetScrollRange

• 0x48f600 GetScrollPos

• 0x48f604 GetScrollInfo

• 0x48f608 GetPropA

• 0x48f60c GetParent

• 0x48f610 GetWindow

• 0x48f614 GetMenuStringA

• 0x48f618 GetMenuState

• 0x48f61c GetMenuItemInfoA

• 0x48f620 GetMenuItemID

• 0x48f624 GetMenuItemCount

• 0x48f628 GetMenu

• 0x48f62c GetLastActivePopup

• 0x48f630 GetKeyboardState

• 0x48f634 GetKeyboardLayoutList

• 0x48f638 GetKeyboardLayout

• 0x48f63c GetKeyState

• 0x48f640 GetKeyNameTextA

• 0x48f644 GetIconInfo

• 0x48f648 GetForegroundWindow

• 0x48f64c GetFocus

• 0x48f650 GetDesktopWindow

• 0x48f654 GetDCEx

• 0x48f658 GetDC

• 0x48f65c GetCursorPos

• 0x48f660 GetCursor

• 0x48f664 GetClipboardData

• 0x48f668 GetClientRect

• 0x48f66c GetClassNameA

• 0x48f670 GetClassInfoA

• 0x48f674 GetCapture

• 0x48f678 GetActiveWindow

• 0x48f67c FrameRect

• 0x48f680 FindWindowA

• 0x48f684 FillRect

• 0x48f688 EqualRect

• 0x48f68c EnumWindows

• 0x48f690 EnumThreadWindows

• 0x48f694 EndPaint

• 0x48f698 EnableWindow

• 0x48f69c EnableScrollBar

• 0x48f6a0 EnableMenuItem

• 0x48f6a4 EmptyClipboard

• 0x48f6a8 DrawTextA

• 0x48f6ac DrawStateA

• 0x48f6b0 DrawMenuBar

• 0x48f6b4 DrawIconEx

• 0x48f6b8 DrawIcon

• 0x48f6bc DrawFrameControl

• 0x48f6c0 DrawFocusRect

• 0x48f6c4 DrawEdge

• 0x48f6c8 DispatchMessageA

• 0x48f6cc DestroyWindow

• 0x48f6d0 DestroyMenu

• 0x48f6d4 DestroyIcon

• 0x48f6d8 DestroyCursor

• 0x48f6dc DeleteMenu

• 0x48f6e0 DefWindowProcA

• 0x48f6e4 DefMDIChildProcA

• 0x48f6e8 DefFrameProcA

• 0x48f6ec CreatePopupMenu

• 0x48f6f0 CreateMenu

• 0x48f6f4 CreateIcon

• 0x48f6f8 CloseClipboard

• 0x48f6fc ClientToScreen

• 0x48f700 CheckMenuItem

• 0x48f704 CallWindowProcA

• 0x48f708 CallNextHookEx

• 0x48f70c BeginPaint

• 0x48f710 CharNextA

• 0x48f714 CharLowerBuffA

• 0x48f718 CharLowerA

• 0x48f71c CharUpperBuffA

• 0x48f720 CharToOemA

• 0x48f724 AdjustWindowRectEx

• 0x48f728 ActivateKeyboardLayout

Library kernel32.dll:

• 0x48f730 Sleep

Library oleaut32.dll:

• 0x48f738 SafeArrayPtrOfIndex

• 0x48f73c SafeArrayPutElement

• 0x48f740 SafeArrayGetElement

• 0x48f744 SafeArrayUnaccessData

• 0x48f748 SafeArrayAccessData

• 0x48f74c SafeArrayGetUBound

• 0x48f750 SafeArrayGetLBound

• 0x48f754 SafeArrayCreate

• 0x48f758 VariantChangeType

• 0x48f75c VariantCopyInd

• 0x48f760 VariantCopy

• 0x48f764 VariantClear

• 0x48f768 VariantInit

Library ole32.dll:

• 0x48f770 CoTaskMemFree

• 0x48f774 ProgIDFromCLSID

• 0x48f778 StringFromCLSID

• 0x48f77c CoCreateInstance

• 0x48f780 CoUninitialize

• 0x48f784 CoInitialize

• 0x48f788 IsEqualGUID

Library oleaut32.dll:

• 0x48f790 GetErrorInfo

• 0x48f794 GetActiveObject

• 0x48f798 SysFreeString

Library comctl32.dll:

• 0x48f7a0 ImageList_SetIconSize

• 0x48f7a4 ImageList_GetIconSize

• 0x48f7a8 ImageList_Write

• 0x48f7ac ImageList_Read

• 0x48f7b0 ImageList_GetDragImage

• 0x48f7b4 ImageList_DragShowNolock

• 0x48f7b8 ImageList_SetDragCursorImage

• 0x48f7bc ImageList_DragMove

• 0x48f7c0 ImageList_DragLeave

• 0x48f7c4 ImageList_DragEnter

• 0x48f7c8 ImageList_EndDrag

• 0x48f7cc ImageList_BeginDrag

• 0x48f7d0 ImageList_Remove

• 0x48f7d4 ImageList_DrawEx

• 0x48f7d8 ImageList_Replace

• 0x48f7dc ImageList_Draw

• 0x48f7e0 ImageList_GetBkColor

• 0x48f7e4 ImageList_SetBkColor

• 0x48f7e8 ImageList_ReplaceIcon

• 0x48f7ec ImageList_Add

• 0x48f7f0 ImageList_SetImageCount

• 0x48f7f4 ImageList_GetImageCount

• 0x48f7f8 ImageList_Destroy

• 0x48f7fc ImageList_Create

Library winmm.dll:

• 0x48f804 sndPlaySoundA

Library UrL:

• 0x48f80c InetIsOffline

Hosts

No hosts contacted.

DNS

Name	Response	Post-Analysis Lookup
dns.msftncsi.com	A 131.107.255.255	131.107.255.255
www.microsoft.com	CNAME www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net CNAME e13678.ca2.s.tl88.net CNAME www.microsoft.com-c-3.edgekey.net A 27.148.139.88	27.148.139.88
drive.google.com	A 162.125.32.5	172.217.160.110
dns.msftncsi.com	AAAA fd3e:4f5a:5b81::1	131.107.255.255
teredo.ipv6.microsoft.com		127.0.0.1

TCP

No TCP connections recorded.

UDP

Source	Source Port	Destination	Destination Port
192.168.56.101	49235	114.114.114.114	53
192.168.56.101	50534	114.114.114.114	53
192.168.56.101	51378	114.114.114.114	53
192.168.56.101	56539	114.114.114.114	53
192.168.56.101	58367	114.114.114.114	53
192.168.56.101	65004	114.114.114.114	53
192.168.56.101	137	192.168.56.255	137
192.168.56.101	138	192.168.56.255	138
192.168.56.101	53657	224.0.0.252	5355
192.168.56.101	55368	224.0.0.252	5355
192.168.56.101	56804	224.0.0.252	5355
192.168.56.101	60123	224.0.0.252	5355
192.168.56.101	62191	224.0.0.252	5355
192.168.56.101	1900	239.255.255.250	1900
192.168.56.101	50535	239.255.255.250	3702
192.168.56.101	56540	239.255.255.250	3702
192.168.56.101	56807	239.255.255.250	1900
192.168.56.101	58707	239.255.255.250	3702

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.

Sorry! No dropped buffers.