SmartHawk

8.8

极危

1 个模型检测该样本为恶意！

重新分析

下载样本

af590dd38cdf0ba9a96182a701027b4d1225f922f4884b632120d940300ff5fd

57599166799c40241047b244a09db84a.exe

分析耗时

83s

最近分析

文件大小

1.8MB

静态报毒动态报毒 HW32

未检测暂无鹰眼引擎检测结果

查杀引擎	查杀时间	查杀版本
Alibaba	20160701	1.0
Baidu	20160701	1.0.0.2
Kingsoft	20160701	2013.8.14.323
McAfee	20160701	6.0.6.653
Tencent	20160701	1.0.0.1

Queries for the computername (3 个事件)

Time & API	Arguments	Status	Return
1620969251.003375 GetComputerNameW	computer_name: OSKAR-PC	success	1
1620969252.503375 GetComputerNameW	computer_name: OSKAR-PC	success	1
1620969252.721375 GetComputerNameW	computer_name: OSKAR-PC	success	1

Checks if process is being debugged by a debugger (2 个事件)

Time & API	Arguments	Status	Return	Repeated
1620969241.534375 IsDebuggerPresent		failed	0	0
1620969254.378375 IsDebuggerPresent		failed	0	0

Collects information to fingerprint the system (MachineGuid, DigitalProductId, SystemBiosDate) (1 个事件)

registry

HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate

The executable contains unknown PE section names indicative of a packer (could be a false positive) (3 个事件)

section	.text1
section	.adata
section	.data1

The executable uses a known packer (1 个事件)

packer

Armadillo 3.X-5.X -> Silicon Realms Toolworks

One or more processes crashed (50 out of 442 个事件)

Time & API	Arguments	Status
1620969241.346375 __exception__	stacktrace: registers.esp: 1638240 registers.edi: 0 registers.eax: 0 registers.ebp: 5713920 registers.edx: 5713920 registers.ebx: 175 registers.esi: 0 registers.ecx: 0 exception.instruction_r: 8f 00 64 67 8f 06 00 00 83 c4 04 58 33 ff 47 60 exception.symbol: 57599166799c40241047b244a09db84a+0x1731b3 exception.instruction: pop dword ptr [eax] exception.module: 57599166799c40241047b244a09db84a.exe exception.exception_code: 0xc0000005 exception.offset: 1520051 exception.address: 0x5731b3	success
1620969241.362375 __exception__	stacktrace: registers.esp: 1638240 registers.edi: 8 registers.eax: 0 registers.ebp: 5713920 registers.edx: 5715407 registers.ebx: 0 registers.esi: 5753319 registers.ecx: 112 exception.instruction_r: 8f 00 64 67 8f 06 00 00 83 c4 04 58 8b f0 81 e6 exception.symbol: 57599166799c40241047b244a09db84a+0x173888 exception.instruction: pop dword ptr [eax] exception.module: 57599166799c40241047b244a09db84a.exe exception.exception_code: 0xc0000005 exception.offset: 1521800 exception.address: 0x573888	success
1620969241.362375 __exception__	stacktrace: registers.esp: 1638240 registers.edi: 4 registers.eax: 0 registers.ebp: 5713920 registers.edx: 5720572 registers.ebx: 5752144 registers.esi: 1983915168 registers.ecx: 0 exception.instruction_r: f0 f0 c7 c8 64 67 8f 06 00 00 83 c4 04 c3 03 c5 exception.symbol: 57599166799c40241047b244a09db84a+0x17c5c3 exception.address: 0x57c5c3 exception.module: 57599166799c40241047b244a09db84a.exe exception.exception_code: 0xc000001d exception.offset: 1557955	success
1620969241.362375 __exception__	stacktrace: registers.esp: 1638240 registers.edi: 4 registers.eax: 0 registers.ebp: 5713920 registers.edx: 5720572 registers.ebx: 5752144 registers.esi: 1983915168 registers.ecx: 0 exception.instruction_r: c7 c8 64 67 8f 06 00 00 83 c4 04 c3 03 c5 c3 b9 exception.symbol: 57599166799c40241047b244a09db84a+0x17c5c5 exception.address: 0x57c5c5 exception.module: 57599166799c40241047b244a09db84a.exe exception.exception_code: 0xc000001d exception.offset: 1557957	success
1620969241.362375 __exception__	stacktrace: registers.esp: 1638240 registers.edi: 4 registers.eax: 0 registers.ebp: 5713920 registers.edx: 5720804 registers.ebx: 5751982 registers.esi: 1983915168 registers.ecx: 0 exception.instruction_r: f0 f0 c7 c8 64 67 8f 06 00 00 83 c4 04 c3 03 c5 exception.symbol: 57599166799c40241047b244a09db84a+0x17c51f exception.address: 0x57c51f exception.module: 57599166799c40241047b244a09db84a.exe exception.exception_code: 0xc000001d exception.offset: 1557791	success
1620969241.362375 __exception__	stacktrace: registers.esp: 1638240 registers.edi: 4 registers.eax: 0 registers.ebp: 5713920 registers.edx: 5720804 registers.ebx: 5751982 registers.esi: 1983915168 registers.ecx: 0 exception.instruction_r: c7 c8 64 67 8f 06 00 00 83 c4 04 c3 03 c5 c3 b9 exception.symbol: 57599166799c40241047b244a09db84a+0x17c521 exception.address: 0x57c521 exception.module: 57599166799c40241047b244a09db84a.exe exception.exception_code: 0xc000001d exception.offset: 1557793	success
1620969241.378375 __exception__	stacktrace: registers.esp: 1638240 registers.edi: 4 registers.eax: 0 registers.ebp: 5713920 registers.edx: 5721079 registers.ebx: 5751820 registers.esi: 1983915168 registers.ecx: 0 exception.instruction_r: f0 f0 c7 c8 64 67 8f 06 00 00 83 c4 04 c3 03 c5 exception.symbol: 57599166799c40241047b244a09db84a+0x17c47d exception.address: 0x57c47d exception.module: 57599166799c40241047b244a09db84a.exe exception.exception_code: 0xc000001d exception.offset: 1557629	success
1620969241.378375 __exception__	stacktrace: registers.esp: 1638240 registers.edi: 4 registers.eax: 0 registers.ebp: 5713920 registers.edx: 5721079 registers.ebx: 5751820 registers.esi: 1983915168 registers.ecx: 0 exception.instruction_r: c7 c8 64 67 8f 06 00 00 83 c4 04 c3 03 c5 c3 b9 exception.symbol: 57599166799c40241047b244a09db84a+0x17c47f exception.address: 0x57c47f exception.module: 57599166799c40241047b244a09db84a.exe exception.exception_code: 0xc000001d exception.offset: 1557631	success
1620969241.378375 __exception__	stacktrace: registers.esp: 1638240 registers.edi: 4 registers.eax: 0 registers.ebp: 5713920 registers.edx: 5721286 registers.ebx: 5751656 registers.esi: 1983915168 registers.ecx: 0 exception.instruction_r: f0 f0 c7 c8 64 67 8f 06 00 00 83 c4 04 c3 03 c5 exception.symbol: 57599166799c40241047b244a09db84a+0x17c3db exception.address: 0x57c3db exception.module: 57599166799c40241047b244a09db84a.exe exception.exception_code: 0xc000001d exception.offset: 1557467	success
1620969241.378375 __exception__	stacktrace: registers.esp: 1638240 registers.edi: 4 registers.eax: 0 registers.ebp: 5713920 registers.edx: 5721286 registers.ebx: 5751656 registers.esi: 1983915168 registers.ecx: 0 exception.instruction_r: c7 c8 64 67 8f 06 00 00 83 c4 04 c3 03 c5 c3 b9 exception.symbol: 57599166799c40241047b244a09db84a+0x17c3dd exception.address: 0x57c3dd exception.module: 57599166799c40241047b244a09db84a.exe exception.exception_code: 0xc000001d exception.offset: 1557469	success
1620969241.378375 __exception__	stacktrace: registers.esp: 1638240 registers.edi: 4 registers.eax: 0 registers.ebp: 5713920 registers.edx: 5721551 registers.ebx: 5751494 registers.esi: 1983915168 registers.ecx: 0 exception.instruction_r: f0 f0 c7 c8 64 67 8f 06 00 00 83 c4 04 c3 03 c5 exception.symbol: 57599166799c40241047b244a09db84a+0x17c337 exception.address: 0x57c337 exception.module: 57599166799c40241047b244a09db84a.exe exception.exception_code: 0xc000001d exception.offset: 1557303	success
1620969241.378375 __exception__	stacktrace: registers.esp: 1638240 registers.edi: 4 registers.eax: 0 registers.ebp: 5713920 registers.edx: 5721551 registers.ebx: 5751494 registers.esi: 1983915168 registers.ecx: 0 exception.instruction_r: c7 c8 64 67 8f 06 00 00 83 c4 04 c3 03 c5 c3 b9 exception.symbol: 57599166799c40241047b244a09db84a+0x17c339 exception.address: 0x57c339 exception.module: 57599166799c40241047b244a09db84a.exe exception.exception_code: 0xc000001d exception.offset: 1557305	success
1620969241.378375 __exception__	stacktrace: registers.esp: 1638240 registers.edi: 4 registers.eax: 0 registers.ebp: 5713920 registers.edx: 5721773 registers.ebx: 5751330 registers.esi: 1983915168 registers.ecx: 0 exception.instruction_r: f0 f0 c7 c8 64 67 8f 06 00 00 83 c4 04 c3 03 c5 exception.symbol: 57599166799c40241047b244a09db84a+0x17c295 exception.address: 0x57c295 exception.module: 57599166799c40241047b244a09db84a.exe exception.exception_code: 0xc000001d exception.offset: 1557141	success
1620969241.378375 __exception__	stacktrace: registers.esp: 1638240 registers.edi: 4 registers.eax: 0 registers.ebp: 5713920 registers.edx: 5721773 registers.ebx: 5751330 registers.esi: 1983915168 registers.ecx: 0 exception.instruction_r: c7 c8 64 67 8f 06 00 00 83 c4 04 c3 03 c5 c3 b9 exception.symbol: 57599166799c40241047b244a09db84a+0x17c297 exception.address: 0x57c297 exception.module: 57599166799c40241047b244a09db84a.exe exception.exception_code: 0xc000001d exception.offset: 1557143	success
1620969241.378375 __exception__	stacktrace: registers.esp: 1638240 registers.edi: 4 registers.eax: 0 registers.ebp: 5713920 registers.edx: 5722034 registers.ebx: 5751166 registers.esi: 1983915168 registers.ecx: 0 exception.instruction_r: f0 f0 c7 c8 64 67 8f 06 00 00 83 c4 04 c3 03 c5 exception.symbol: 57599166799c40241047b244a09db84a+0x17c1f1 exception.address: 0x57c1f1 exception.module: 57599166799c40241047b244a09db84a.exe exception.exception_code: 0xc000001d exception.offset: 1556977	success
1620969241.378375 __exception__	stacktrace: registers.esp: 1638240 registers.edi: 4 registers.eax: 0 registers.ebp: 5713920 registers.edx: 5722034 registers.ebx: 5751166 registers.esi: 1983915168 registers.ecx: 0 exception.instruction_r: c7 c8 64 67 8f 06 00 00 83 c4 04 c3 03 c5 c3 b9 exception.symbol: 57599166799c40241047b244a09db84a+0x17c1f3 exception.address: 0x57c1f3 exception.module: 57599166799c40241047b244a09db84a.exe exception.exception_code: 0xc000001d exception.offset: 1556979	success
1620969241.378375 __exception__	stacktrace: registers.esp: 1638240 registers.edi: 4 registers.eax: 0 registers.ebp: 5713920 registers.edx: 5722204 registers.ebx: 5751004 registers.esi: 1983915168 registers.ecx: 0 exception.instruction_r: f0 f0 c7 c8 64 67 8f 06 00 00 83 c4 04 c3 03 c5 exception.symbol: 57599166799c40241047b244a09db84a+0x17c14d exception.address: 0x57c14d exception.module: 57599166799c40241047b244a09db84a.exe exception.exception_code: 0xc000001d exception.offset: 1556813	success
1620969241.378375 __exception__	stacktrace: registers.esp: 1638240 registers.edi: 4 registers.eax: 0 registers.ebp: 5713920 registers.edx: 5722204 registers.ebx: 5751004 registers.esi: 1983915168 registers.ecx: 0 exception.instruction_r: c7 c8 64 67 8f 06 00 00 83 c4 04 c3 03 c5 c3 b9 exception.symbol: 57599166799c40241047b244a09db84a+0x17c14f exception.address: 0x57c14f exception.module: 57599166799c40241047b244a09db84a.exe exception.exception_code: 0xc000001d exception.offset: 1556815	success
1620969241.378375 __exception__	stacktrace: registers.esp: 1638240 registers.edi: 4 registers.eax: 0 registers.ebp: 5713920 registers.edx: 5722417 registers.ebx: 5750841 registers.esi: 1983915168 registers.ecx: 0 exception.instruction_r: f0 f0 c7 c8 64 67 8f 06 00 00 83 c4 04 c3 03 c5 exception.symbol: 57599166799c40241047b244a09db84a+0x17c0ab exception.address: 0x57c0ab exception.module: 57599166799c40241047b244a09db84a.exe exception.exception_code: 0xc000001d exception.offset: 1556651	success
1620969241.378375 __exception__	stacktrace: registers.esp: 1638240 registers.edi: 4 registers.eax: 0 registers.ebp: 5713920 registers.edx: 5722417 registers.ebx: 5750841 registers.esi: 1983915168 registers.ecx: 0 exception.instruction_r: c7 c8 64 67 8f 06 00 00 83 c4 04 c3 03 c5 c3 b9 exception.symbol: 57599166799c40241047b244a09db84a+0x17c0ad exception.address: 0x57c0ad exception.module: 57599166799c40241047b244a09db84a.exe exception.exception_code: 0xc000001d exception.offset: 1556653	success
1620969241.378375 __exception__	stacktrace: registers.esp: 1638240 registers.edi: 4 registers.eax: 0 registers.ebp: 5713920 registers.edx: 5722682 registers.ebx: 5750678 registers.esi: 1983915168 registers.ecx: 0 exception.instruction_r: f0 f0 c7 c8 64 67 8f 06 00 00 83 c4 04 c3 03 c5 exception.symbol: 57599166799c40241047b244a09db84a+0x17c008 exception.address: 0x57c008 exception.module: 57599166799c40241047b244a09db84a.exe exception.exception_code: 0xc000001d exception.offset: 1556488	success
1620969241.378375 __exception__	stacktrace: registers.esp: 1638240 registers.edi: 4 registers.eax: 0 registers.ebp: 5713920 registers.edx: 5722682 registers.ebx: 5750678 registers.esi: 1983915168 registers.ecx: 0 exception.instruction_r: c7 c8 64 67 8f 06 00 00 83 c4 04 c3 03 c5 c3 b9 exception.symbol: 57599166799c40241047b244a09db84a+0x17c00a exception.address: 0x57c00a exception.module: 57599166799c40241047b244a09db84a.exe exception.exception_code: 0xc000001d exception.offset: 1556490	success
1620969241.378375 __exception__	stacktrace: registers.esp: 1638240 registers.edi: 4 registers.eax: 0 registers.ebp: 5713920 registers.edx: 5722904 registers.ebx: 5750515 registers.esi: 1983915168 registers.ecx: 0 exception.instruction_r: f0 f0 c7 c8 64 67 8f 06 00 00 83 c4 04 c3 03 c5 exception.symbol: 57599166799c40241047b244a09db84a+0x17bf65 exception.address: 0x57bf65 exception.module: 57599166799c40241047b244a09db84a.exe exception.exception_code: 0xc000001d exception.offset: 1556325	success
1620969241.378375 __exception__	stacktrace: registers.esp: 1638240 registers.edi: 4 registers.eax: 0 registers.ebp: 5713920 registers.edx: 5722904 registers.ebx: 5750515 registers.esi: 1983915168 registers.ecx: 0 exception.instruction_r: c7 c8 64 67 8f 06 00 00 83 c4 04 c3 03 c5 c3 b9 exception.symbol: 57599166799c40241047b244a09db84a+0x17bf67 exception.address: 0x57bf67 exception.module: 57599166799c40241047b244a09db84a.exe exception.exception_code: 0xc000001d exception.offset: 1556327	success
1620969241.378375 __exception__	stacktrace: registers.esp: 1638240 registers.edi: 4 registers.eax: 0 registers.ebp: 5713920 registers.edx: 5723126 registers.ebx: 5750353 registers.esi: 1983915168 registers.ecx: 0 exception.instruction_r: f0 f0 c7 c8 64 67 8f 06 00 00 83 c4 04 c3 03 c5 exception.symbol: 57599166799c40241047b244a09db84a+0x17bec2 exception.address: 0x57bec2 exception.module: 57599166799c40241047b244a09db84a.exe exception.exception_code: 0xc000001d exception.offset: 1556162	success
1620969241.378375 __exception__	stacktrace: registers.esp: 1638240 registers.edi: 4 registers.eax: 0 registers.ebp: 5713920 registers.edx: 5723126 registers.ebx: 5750353 registers.esi: 1983915168 registers.ecx: 0 exception.instruction_r: c7 c8 64 67 8f 06 00 00 83 c4 04 c3 03 c5 c3 b9 exception.symbol: 57599166799c40241047b244a09db84a+0x17bec4 exception.address: 0x57bec4 exception.module: 57599166799c40241047b244a09db84a.exe exception.exception_code: 0xc000001d exception.offset: 1556164	success
1620969241.378375 __exception__	stacktrace: registers.esp: 1638240 registers.edi: 4 registers.eax: 0 registers.ebp: 5713920 registers.edx: 5723387 registers.ebx: 5750191 registers.esi: 1983915168 registers.ecx: 0 exception.instruction_r: f0 f0 c7 c8 64 67 8f 06 00 00 83 c4 04 c3 03 c5 exception.symbol: 57599166799c40241047b244a09db84a+0x17be20 exception.address: 0x57be20 exception.module: 57599166799c40241047b244a09db84a.exe exception.exception_code: 0xc000001d exception.offset: 1556000	success
1620969241.378375 __exception__	stacktrace: registers.esp: 1638240 registers.edi: 4 registers.eax: 0 registers.ebp: 5713920 registers.edx: 5723387 registers.ebx: 5750191 registers.esi: 1983915168 registers.ecx: 0 exception.instruction_r: c7 c8 64 67 8f 06 00 00 83 c4 04 c3 03 c5 c3 b9 exception.symbol: 57599166799c40241047b244a09db84a+0x17be22 exception.address: 0x57be22 exception.module: 57599166799c40241047b244a09db84a.exe exception.exception_code: 0xc000001d exception.offset: 1556002	success
1620969241.378375 __exception__	stacktrace: registers.esp: 1638240 registers.edi: 4 registers.eax: 0 registers.ebp: 5713920 registers.edx: 5723557 registers.ebx: 5750029 registers.esi: 1983915168 registers.ecx: 0 exception.instruction_r: f0 f0 c7 c8 64 67 8f 06 00 00 83 c4 04 c3 03 c5 exception.symbol: 57599166799c40241047b244a09db84a+0x17bd7e exception.address: 0x57bd7e exception.module: 57599166799c40241047b244a09db84a.exe exception.exception_code: 0xc000001d exception.offset: 1555838	success
1620969241.378375 __exception__	stacktrace: registers.esp: 1638240 registers.edi: 4 registers.eax: 0 registers.ebp: 5713920 registers.edx: 5723557 registers.ebx: 5750029 registers.esi: 1983915168 registers.ecx: 0 exception.instruction_r: c7 c8 64 67 8f 06 00 00 83 c4 04 c3 03 c5 c3 b9 exception.symbol: 57599166799c40241047b244a09db84a+0x17bd80 exception.address: 0x57bd80 exception.module: 57599166799c40241047b244a09db84a.exe exception.exception_code: 0xc000001d exception.offset: 1555840	success
1620969241.378375 __exception__	stacktrace: registers.esp: 1638240 registers.edi: 4 registers.eax: 0 registers.ebp: 5713920 registers.edx: 5723770 registers.ebx: 5749867 registers.esi: 1983915168 registers.ecx: 0 exception.instruction_r: f0 f0 c7 c8 64 67 8f 06 00 00 83 c4 04 c3 03 c5 exception.symbol: 57599166799c40241047b244a09db84a+0x17bcdc exception.address: 0x57bcdc exception.module: 57599166799c40241047b244a09db84a.exe exception.exception_code: 0xc000001d exception.offset: 1555676	success
1620969241.378375 __exception__	stacktrace: registers.esp: 1638240 registers.edi: 4 registers.eax: 0 registers.ebp: 5713920 registers.edx: 5723770 registers.ebx: 5749867 registers.esi: 1983915168 registers.ecx: 0 exception.instruction_r: c7 c8 64 67 8f 06 00 00 83 c4 04 c3 03 c5 c3 b9 exception.symbol: 57599166799c40241047b244a09db84a+0x17bcde exception.address: 0x57bcde exception.module: 57599166799c40241047b244a09db84a.exe exception.exception_code: 0xc000001d exception.offset: 1555678	success
1620969241.378375 __exception__	stacktrace: registers.esp: 1638240 registers.edi: 4 registers.eax: 0 registers.ebp: 5713920 registers.edx: 5724035 registers.ebx: 5749705 registers.esi: 1983915168 registers.ecx: 0 exception.instruction_r: f0 f0 c7 c8 64 67 8f 06 00 00 83 c4 04 c3 03 c5 exception.symbol: 57599166799c40241047b244a09db84a+0x17bc3a exception.address: 0x57bc3a exception.module: 57599166799c40241047b244a09db84a.exe exception.exception_code: 0xc000001d exception.offset: 1555514	success
1620969241.378375 __exception__	stacktrace: registers.esp: 1638240 registers.edi: 4 registers.eax: 0 registers.ebp: 5713920 registers.edx: 5724035 registers.ebx: 5749705 registers.esi: 1983915168 registers.ecx: 0 exception.instruction_r: c7 c8 64 67 8f 06 00 00 83 c4 04 c3 03 c5 c3 b9 exception.symbol: 57599166799c40241047b244a09db84a+0x17bc3c exception.address: 0x57bc3c exception.module: 57599166799c40241047b244a09db84a.exe exception.exception_code: 0xc000001d exception.offset: 1555516	success
1620969241.378375 __exception__	stacktrace: registers.esp: 1638240 registers.edi: 4 registers.eax: 0 registers.ebp: 5713920 registers.edx: 5724263 registers.ebx: 5749543 registers.esi: 1983915168 registers.ecx: 0 exception.instruction_r: f0 f0 c7 c8 64 67 8f 06 00 00 83 c4 04 c3 03 c5 exception.symbol: 57599166799c40241047b244a09db84a+0x17bb98 exception.address: 0x57bb98 exception.module: 57599166799c40241047b244a09db84a.exe exception.exception_code: 0xc000001d exception.offset: 1555352	success
1620969241.378375 __exception__	stacktrace: registers.esp: 1638240 registers.edi: 4 registers.eax: 0 registers.ebp: 5713920 registers.edx: 5724263 registers.ebx: 5749543 registers.esi: 1983915168 registers.ecx: 0 exception.instruction_r: c7 c8 64 67 8f 06 00 00 83 c4 04 c3 03 c5 c3 b9 exception.symbol: 57599166799c40241047b244a09db84a+0x17bb9a exception.address: 0x57bb9a exception.module: 57599166799c40241047b244a09db84a.exe exception.exception_code: 0xc000001d exception.offset: 1555354	success
1620969241.378375 __exception__	stacktrace: registers.esp: 1638240 registers.edi: 4 registers.eax: 0 registers.ebp: 5713920 registers.edx: 5724495 registers.ebx: 5749379 registers.esi: 1983915168 registers.ecx: 0 exception.instruction_r: f0 f0 c7 c8 64 67 8f 06 00 00 83 c4 04 c3 03 c5 exception.symbol: 57599166799c40241047b244a09db84a+0x17baf6 exception.address: 0x57baf6 exception.module: 57599166799c40241047b244a09db84a.exe exception.exception_code: 0xc000001d exception.offset: 1555190	success
1620969241.378375 __exception__	stacktrace: registers.esp: 1638240 registers.edi: 4 registers.eax: 0 registers.ebp: 5713920 registers.edx: 5724495 registers.ebx: 5749379 registers.esi: 1983915168 registers.ecx: 0 exception.instruction_r: c7 c8 64 67 8f 06 00 00 83 c4 04 c3 03 c5 c3 b9 exception.symbol: 57599166799c40241047b244a09db84a+0x17baf8 exception.address: 0x57baf8 exception.module: 57599166799c40241047b244a09db84a.exe exception.exception_code: 0xc000001d exception.offset: 1555192	success
1620969241.393375 __exception__	stacktrace: registers.esp: 1638240 registers.edi: 4 registers.eax: 0 registers.ebp: 5713920 registers.edx: 5724770 registers.ebx: 5749215 registers.esi: 1983915168 registers.ecx: 0 exception.instruction_r: f0 f0 c7 c8 64 67 8f 06 00 00 83 c4 04 c3 03 c5 exception.symbol: 57599166799c40241047b244a09db84a+0x17ba52 exception.address: 0x57ba52 exception.module: 57599166799c40241047b244a09db84a.exe exception.exception_code: 0xc000001d exception.offset: 1555026	success
1620969241.393375 __exception__	stacktrace: registers.esp: 1638240 registers.edi: 4 registers.eax: 0 registers.ebp: 5713920 registers.edx: 5724770 registers.ebx: 5749215 registers.esi: 1983915168 registers.ecx: 0 exception.instruction_r: c7 c8 64 67 8f 06 00 00 83 c4 04 c3 03 c5 c3 b9 exception.symbol: 57599166799c40241047b244a09db84a+0x17ba54 exception.address: 0x57ba54 exception.module: 57599166799c40241047b244a09db84a.exe exception.exception_code: 0xc000001d exception.offset: 1555028	success
1620969241.393375 __exception__	stacktrace: registers.esp: 1638240 registers.edi: 4 registers.eax: 0 registers.ebp: 5713920 registers.edx: 5724977 registers.ebx: 5749051 registers.esi: 1983915168 registers.ecx: 0 exception.instruction_r: f0 f0 c7 c8 64 67 8f 06 00 00 83 c4 04 c3 03 c5 exception.symbol: 57599166799c40241047b244a09db84a+0x17b9ae exception.address: 0x57b9ae exception.module: 57599166799c40241047b244a09db84a.exe exception.exception_code: 0xc000001d exception.offset: 1554862	success
1620969241.393375 __exception__	stacktrace: registers.esp: 1638240 registers.edi: 4 registers.eax: 0 registers.ebp: 5713920 registers.edx: 5724977 registers.ebx: 5749051 registers.esi: 1983915168 registers.ecx: 0 exception.instruction_r: c7 c8 64 67 8f 06 00 00 83 c4 04 c3 03 c5 c3 b9 exception.symbol: 57599166799c40241047b244a09db84a+0x17b9b0 exception.address: 0x57b9b0 exception.module: 57599166799c40241047b244a09db84a.exe exception.exception_code: 0xc000001d exception.offset: 1554864	success
1620969241.393375 __exception__	stacktrace: registers.esp: 1638240 registers.edi: 4 registers.eax: 0 registers.ebp: 5713920 registers.edx: 5725242 registers.ebx: 5748889 registers.esi: 1983915168 registers.ecx: 0 exception.instruction_r: f0 f0 c7 c8 64 67 8f 06 00 00 83 c4 04 c3 03 c5 exception.symbol: 57599166799c40241047b244a09db84a+0x17b90a exception.address: 0x57b90a exception.module: 57599166799c40241047b244a09db84a.exe exception.exception_code: 0xc000001d exception.offset: 1554698	success
1620969241.393375 __exception__	stacktrace: registers.esp: 1638240 registers.edi: 4 registers.eax: 0 registers.ebp: 5713920 registers.edx: 5725242 registers.ebx: 5748889 registers.esi: 1983915168 registers.ecx: 0 exception.instruction_r: c7 c8 64 67 8f 06 00 00 83 c4 04 c3 03 c5 c3 b9 exception.symbol: 57599166799c40241047b244a09db84a+0x17b90c exception.address: 0x57b90c exception.module: 57599166799c40241047b244a09db84a.exe exception.exception_code: 0xc000001d exception.offset: 1554700	success
1620969241.393375 __exception__	stacktrace: registers.esp: 1638240 registers.edi: 4 registers.eax: 0 registers.ebp: 5713920 registers.edx: 5725464 registers.ebx: 5748725 registers.esi: 1983915168 registers.ecx: 0 exception.instruction_r: f0 f0 c7 c8 64 67 8f 06 00 00 83 c4 04 c3 03 c5 exception.symbol: 57599166799c40241047b244a09db84a+0x17b868 exception.address: 0x57b868 exception.module: 57599166799c40241047b244a09db84a.exe exception.exception_code: 0xc000001d exception.offset: 1554536	success
1620969241.393375 __exception__	stacktrace: registers.esp: 1638240 registers.edi: 4 registers.eax: 0 registers.ebp: 5713920 registers.edx: 5725464 registers.ebx: 5748725 registers.esi: 1983915168 registers.ecx: 0 exception.instruction_r: c7 c8 64 67 8f 06 00 00 83 c4 04 c3 03 c5 c3 b9 exception.symbol: 57599166799c40241047b244a09db84a+0x17b86a exception.address: 0x57b86a exception.module: 57599166799c40241047b244a09db84a.exe exception.exception_code: 0xc000001d exception.offset: 1554538	success
1620969241.393375 __exception__	stacktrace: registers.esp: 1638240 registers.edi: 4 registers.eax: 0 registers.ebp: 5713920 registers.edx: 5725725 registers.ebx: 5748562 registers.esi: 1983915168 registers.ecx: 0 exception.instruction_r: f0 f0 c7 c8 64 67 8f 06 00 00 83 c4 04 c3 03 c5 exception.symbol: 57599166799c40241047b244a09db84a+0x17b7c4 exception.address: 0x57b7c4 exception.module: 57599166799c40241047b244a09db84a.exe exception.exception_code: 0xc000001d exception.offset: 1554372	success
1620969241.393375 __exception__	stacktrace: registers.esp: 1638240 registers.edi: 4 registers.eax: 0 registers.ebp: 5713920 registers.edx: 5725725 registers.ebx: 5748562 registers.esi: 1983915168 registers.ecx: 0 exception.instruction_r: c7 c8 64 67 8f 06 00 00 83 c4 04 c3 03 c5 c3 b9 exception.symbol: 57599166799c40241047b244a09db84a+0x17b7c6 exception.address: 0x57b7c6 exception.module: 57599166799c40241047b244a09db84a.exe exception.exception_code: 0xc000001d exception.offset: 1554374	success
1620969241.393375 __exception__	stacktrace: registers.esp: 1638240 registers.edi: 4 registers.eax: 0 registers.ebp: 5713920 registers.edx: 5725895 registers.ebx: 5748398 registers.esi: 1983915168 registers.ecx: 0 exception.instruction_r: f0 f0 c7 c8 64 67 8f 06 00 00 83 c4 04 c3 03 c5 exception.symbol: 57599166799c40241047b244a09db84a+0x17b721 exception.address: 0x57b721 exception.module: 57599166799c40241047b244a09db84a.exe exception.exception_code: 0xc000001d exception.offset: 1554209	success
1620969241.393375 __exception__	stacktrace: registers.esp: 1638240 registers.edi: 4 registers.eax: 0 registers.ebp: 5713920 registers.edx: 5725895 registers.ebx: 5748398 registers.esi: 1983915168 registers.ecx: 0 exception.instruction_r: c7 c8 64 67 8f 06 00 00 83 c4 04 c3 03 c5 c3 b9 exception.symbol: 57599166799c40241047b244a09db84a+0x17b723 exception.address: 0x57b723 exception.module: 57599166799c40241047b244a09db84a.exe exception.exception_code: 0xc000001d exception.offset: 1554211	success

Allocates read-write-execute memory (usually to unpack itself) (1 个事件)

Time & API	Arguments	Status	Return	Repeated
1620969250.800375 NtProtectVirtualMemory	process_identifier: 2316 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 798720 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff base_address: 0x021b1000	success	0	0

File has been identified by one AntiVirus engine on VirusTotal as malicious (1 个事件)

Bkav	HW32.Packed.1AC0

The binary likely contains encrypted or compressed data indicative of a packer (4 个事件)

entropy

7.973213652181257

section

{'size_of_data': '0x00063000', 'virtual_address': '0x00103000', 'entropy': 7.973213652181257, 'name': '.text1', 'virtual_size': '0x00070000'}

description

A section with a high entropy has been found

entropy

7.0105043906194915

section

{'size_of_data': '0x0000d000', 'virtual_address': '0x00173000', 'entropy': 7.0105043906194915, 'name': '.adata', 'virtual_size': '0x00010000'}

description

A section with a high entropy has been found

entropy

7.999245870134751

section

{'size_of_data': '0x000f9000', 'virtual_address': '0x001b3000', 'entropy': 7.999245870134751, 'name': '.pdata', 'virtual_size': '0x00100000'}

description

A section with a high entropy has been found

entropy

0.7648305084745762

description

Overall entropy of this PE file is high

Communicates with host for which no DNS query was performed (1 个事件)

host

172.217.24.14

Creates an Alternate Data Stream (ADS) (1 个事件)

file	C:\ProgramData\TEMP:C1EDC200

Checks for the presence of known devices from debuggers and forensic tools (4 个事件)

file	\??\SICE
file	\??\SIWVID
file	\??\SIWDEBUG
file	\??\NTICE

Checks for the presence of known windows from debuggers and forensic tools (20 个事件)

Time & API	Arguments	Status
1620969252.846375 FindWindowA	class_name: FileMonClass window_name:	failed
1620969252.846375 FindWindowA	class_name: FileMonClass window_name:	failed
1620969252.846375 FindWindowA	class_name: RegMonClass window_name:	failed
1620969252.846375 FindWindowA	class_name: RegMonClass window_name:	failed
1620969252.846375 FindWindowA	class_name: PROCMON_WINDOW_CLASS window_name:	failed
1620969268.831375 FindWindowA	class_name: FileMonClass window_name:	failed
1620969268.831375 FindWindowA	class_name: FileMonClass window_name:	failed
1620969268.831375 FindWindowA	class_name: RegMonClass window_name:	failed
1620969268.831375 FindWindowA	class_name: RegMonClass window_name:	failed
1620969268.831375 FindWindowA	class_name: PROCMON_WINDOW_CLASS window_name:	failed
1620969283.846375 FindWindowA	class_name: FileMonClass window_name:	failed
1620969283.846375 FindWindowA	class_name: FileMonClass window_name:	failed
1620969283.846375 FindWindowA	class_name: RegMonClass window_name:	failed
1620969283.846375 FindWindowA	class_name: RegMonClass window_name:	failed
1620969283.846375 FindWindowA	class_name: PROCMON_WINDOW_CLASS window_name:	failed
1620969299.846375 FindWindowA	class_name: FileMonClass window_name:	failed
1620969299.846375 FindWindowA	class_name: FileMonClass window_name:	failed
1620969299.846375 FindWindowA	class_name: RegMonClass window_name:	failed
1620969299.846375 FindWindowA	class_name: RegMonClass window_name:	failed
1620969299.846375 FindWindowA	class_name: PROCMON_WINDOW_CLASS window_name:	failed

Checks the version of Bios, possibly for anti-virtualization (1 个事件)

registry

HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion

Queries information on disks, possibly for anti-virtualization (2 个事件)

Time & API	Arguments	Status	Return	Repeated
1620969251.831375 NtCreateFile	create_disposition: 3 (FILE_OPEN_IF) file_handle: 0x000001e0 filepath: \??\PHYSICALDRIVE0 desired_access: 0x00100080 (FILE_READ_ATTRIBUTES\|SYNCHRONIZE) file_attributes: 0 () filepath_r: \??\PHYSICALDRIVE0 create_options: 96 (FILE_NON_DIRECTORY_FILE\|FILE_SYNCHRONOUS_IO_NONALERT) status_info: 0 (FILE_SUPERSEDED) share_access: 3 (FILE_SHARE_READ\|FILE_SHARE_WRITE)	success	0	0
1620969251.831375 DeviceIoControl	input_buffer: device_handle: 0x000001e0 control_code: 458752 (IOCTL_DISK_GET_DRIVE_GEOMETRY) output_buffer: Qÿ?	success	1	0

Potential code injection by writing to the memory of another process (2 个事件)

Time & API	Arguments	Status	Return	Repeated
1620969241.581375 WriteProcessMemory	process_identifier: 2316 buffer: ëþ process_handle: 0x00000070 base_address: 0x00573000	success	1	0
1620969248.690375 WriteProcessMemory	process_identifier: 2316 buffer: `è process_handle: 0x00000070 base_address: 0x00573000	success	1	0

Resumed a suspended thread in a remote process potentially indicative of process injection (6 个事件)

Time & API	Arguments	Status	Return	Repeated
Process injection	Process 2976 resumed a thread in remote process 2316
1620969242.909375 NtResumeThread	thread_handle: 0x0000006c suspend_count: 1 process_identifier: 2316	success	0	0
1620969246.159375 NtResumeThread	thread_handle: 0x0000006c suspend_count: 1 process_identifier: 2316	success	0	0
1620969247.550375 NtResumeThread	thread_handle: 0x0000006c suspend_count: 1 process_identifier: 2316	success	0	0
1620969248.675375 NtResumeThread	thread_handle: 0x0000006c suspend_count: 1 process_identifier: 2316	success	0	0
1620969250.378375 NtResumeThread	thread_handle: 0x0000006c suspend_count: 2 process_identifier: 2316	success	0	0

Detects VMWare through the in instruction feature (1 个事件)

Time & API	Arguments	Status	Return	Repeated
1620969252.831375 __exception__	stacktrace: SetFunctionAddresses+0x2ebf @ 0x21e46af SetFunctionAddresses+0x64fa1 @ 0x2246791 SetFunctionAddresses+0x2ea0 @ 0x21e4690 SetFunctionAddresses-0x1393d @ 0x21cdeb3 SetFunctionAddresses+0x51bfd @ 0x22333ed SetFunctionAddresses+0x64fa1 @ 0x2246791 SetFunctionAddresses+0x505ae @ 0x2231d9e 57599166799c40241047b244a09db84a+0x12c16e @ 0x52c16e 57599166799c40241047b244a09db84a+0x12d7e5 @ 0x52d7e5 57599166799c40241047b244a09db84a+0x12d8c8 @ 0x52d8c8 57599166799c40241047b244a09db84a+0x12edcf @ 0x52edcf 57599166799c40241047b244a09db84a+0x14fd92 @ 0x54fd92 57599166799c40241047b244a09db84a+0x173000 @ 0x573000 registers.esp: 1631200 registers.edi: 3935905675 registers.eax: 1447909480 registers.ebp: 1631208 registers.edx: 22104 registers.ebx: 0 registers.esi: 4021834905 registers.ecx: 10 exception.instruction_r: ed 81 fb 68 58 4d 56 75 04 c6 45 ff 01 8a 45 ff exception.instruction: in eax, dx exception.exception_code: 0xc0000096 exception.symbol: SetFunctionAddresses+0x2eed exception.address: 0x21e46dd	success	0	0

Time & API

Arguments

Status

Return

Repeated

1620969252.831375
__exception__

stacktrace:

SetFunctionAddresses+0x2ebf @ 0x21e46af
SetFunctionAddresses+0x64fa1 @ 0x2246791
SetFunctionAddresses+0x2ea0 @ 0x21e4690
SetFunctionAddresses-0x1393d @ 0x21cdeb3
SetFunctionAddresses+0x51bfd @ 0x22333ed
SetFunctionAddresses+0x64fa1 @ 0x2246791
SetFunctionAddresses+0x505ae @ 0x2231d9e
57599166799c40241047b244a09db84a+0x12c16e @ 0x52c16e
57599166799c40241047b244a09db84a+0x12d7e5 @ 0x52d7e5
57599166799c40241047b244a09db84a+0x12d8c8 @ 0x52d8c8
57599166799c40241047b244a09db84a+0x12edcf @ 0x52edcf
57599166799c40241047b244a09db84a+0x14fd92 @ 0x54fd92
57599166799c40241047b244a09db84a+0x173000 @ 0x573000

registers.esp: 1631200
registers.edi: 3935905675
registers.eax: 1447909480
registers.ebp: 1631208
registers.edx: 22104
registers.ebx: 0
registers.esi: 4021834905
registers.ecx: 10
exception.instruction_r: ed 81 fb 68 58 4d 56 75 04 c6 45 ff 01 8a 45 ff
exception.instruction: in eax, dx
exception.exception_code: 0xc0000096
exception.symbol: SetFunctionAddresses+0x2eed
exception.address: 0x21e46dd

success

Executed a process and injected code into it, probably while unpacking (11 个事件)

Time & API	Arguments	Status	Return
1620969241.581375 CreateProcessInternalW	thread_identifier: 284 thread_handle: 0x0000006c process_identifier: 2316 current_directory: filepath: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\57599166799c40241047b244a09db84a.exe track: 1 command_line: "C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\57599166799c40241047b244a09db84a.exe" filepath_r: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\57599166799c40241047b244a09db84a.exe stack_pivoted: 0 creation_flags: 1028 (CREATE_SUSPENDED\|CREATE_UNICODE_ENVIRONMENT) process_handle: 0x00000070 inherit_handles: 1	success	1
1620969241.581375 WriteProcessMemory	process_identifier: 2316 buffer: ëþ process_handle: 0x00000070 base_address: 0x00573000	success	1
1620969242.909375 NtResumeThread	thread_handle: 0x0000006c suspend_count: 1 process_identifier: 2316	success	0
1620969243.018375 NtGetContextThread	thread_handle: 0x0000006c	success	0
1620969246.159375 NtResumeThread	thread_handle: 0x0000006c suspend_count: 1 process_identifier: 2316	success	0
1620969246.268375 NtGetContextThread	thread_handle: 0x0000006c	success	0
1620969247.550375 NtResumeThread	thread_handle: 0x0000006c suspend_count: 1 process_identifier: 2316	success	0
1620969247.659375 NtGetContextThread	thread_handle: 0x0000006c	success	0
1620969248.675375 NtResumeThread	thread_handle: 0x0000006c suspend_count: 1 process_identifier: 2316	success	0
1620969248.690375 WriteProcessMemory	process_identifier: 2316 buffer: `è process_handle: 0x00000070 base_address: 0x00573000	success	1
1620969250.378375 NtResumeThread	thread_handle: 0x0000006c suspend_count: 2 process_identifier: 2316	success	0

暂无二进制图像该样本未生成二进制可视化图像

暂无运行截图该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手，可以帮您分析和解读恶意软件报告。请随时向我提问！

🔍 主要威胁分析

⚡ 行为特征

🛡️ 防护建议

🔧 技术手段

🎯 检测方法

🤖

Static Analysis
Strings

PE Compile Time

2009-10-21 00:09:57

Imports

Library KERNEL32.dll:

• 0x58302c CreateThread

• 0x583030 GlobalUnlock

• 0x583034 GlobalLock

• 0x583038 GlobalAlloc

• 0x58303c GetTickCount

• 0x583040 WideCharToMultiByte

• 0x583044 IsBadReadPtr

• 0x583048 GlobalAddAtomA

• 0x58304c GlobalAddAtomW

• 0x583050 GetModuleHandleA

• 0x583054 GlobalFree

• 0x583058 GlobalGetAtomNameA

• 0x58305c GlobalDeleteAtom

• 0x583060 GlobalGetAtomNameW

• 0x583064 FreeConsole

• 0x583068 GetEnvironmentVariableA

• 0x58306c VirtualProtect

• 0x583070 VirtualAlloc

• 0x583074 GetProcAddress

• 0x583078 GetLastError

• 0x58307c LoadLibraryA

• 0x583080 SetLastError

• 0x583084 SetThreadPriority

• 0x583088 GetCurrentThread

• 0x58308c SetEnvironmentVariableA

• 0x583090 ReleaseMutex

• 0x583094 WaitForSingleObject

• 0x583098 CreateMutexA

• 0x58309c OpenMutexA

• 0x5830a0 SetErrorMode

• 0x5830a4 GetCurrentThreadId

• 0x5830a8 FindClose

• 0x5830ac FindFirstFileW

• 0x5830b0 VirtualQueryEx

• 0x5830b4 GetExitCodeProcess

• 0x5830b8 ReadProcessMemory

• 0x5830bc VirtualProtectEx

• 0x5830c0 ContinueDebugEvent

• 0x5830c4 ResumeThread

• 0x5830c8 OutputDebugStringA

• 0x5830cc OutputDebugStringW

• 0x5830d0 SetThreadContext

• 0x5830d4 GetThreadContext

• 0x5830d8 WaitForDebugEvent

• 0x5830dc WriteProcessMemory

• 0x5830e0 UnmapViewOfFile

• 0x5830e4 SuspendThread

• 0x5830e8 DebugActiveProcess

• 0x5830ec MapViewOfFile

• 0x5830f0 DuplicateHandle

• 0x5830f4 GetCurrentProcess

• 0x5830f8 CreateFileMappingA

• 0x5830fc SetEvent

• 0x583100 CreateEventA

• 0x583104 MultiByteToWideChar

• 0x583108 CloseHandle

• 0x58310c CreateProcessA

• 0x583110 GetStartupInfoA

• 0x583114 GetCommandLineA

• 0x583118 GetSystemTimeAsFileTime

• 0x58311c ExitProcess

• 0x583120 LocalFree

• 0x583124 FlushFileBuffers

• 0x583128 WriteConsoleW

• 0x58312c GetConsoleOutputCP

• 0x583130 WriteConsoleA

• 0x583134 SetStdHandle

• 0x583138 FormatMessageA

• 0x58313c GetConsoleMode

• 0x583140 GetConsoleCP

• 0x583144 SetFilePointer

• 0x583148 GetLocaleInfoW

• 0x58314c GetStringTypeW

• 0x583150 GetStringTypeA

• 0x583154 IsValidLocale

• 0x583158 EnumSystemLocalesA

• 0x58315c GetLocaleInfoA

• 0x583160 GetUserDefaultLCID

• 0x583164 QueryPerformanceCounter

• 0x583168 GetFileType

• 0x58316c SetHandleCount

• 0x583170 GetEnvironmentStringsW

• 0x583174 Sleep

• 0x583178 EnterCriticalSection

• 0x58317c LeaveCriticalSection

• 0x583180 GetVersionExA

• 0x583184 InitializeCriticalSection

• 0x583188 GetCurrentProcessId

• 0x58318c GetModuleFileNameW

• 0x583190 GetShortPathNameW

• 0x583194 GetModuleFileNameA

• 0x583198 CreateFileA

• 0x58319c GetShortPathNameA

• 0x5831a0 FreeEnvironmentStringsW

• 0x5831a4 GetEnvironmentStrings

• 0x5831a8 FreeEnvironmentStringsA

• 0x5831ac InterlockedIncrement

• 0x5831b0 InterlockedDecrement

• 0x5831b4 InterlockedExchange

• 0x5831b8 DeleteCriticalSection

• 0x5831bc RtlUnwind

• 0x5831c0 RaiseException

• 0x5831c4 TerminateProcess

• 0x5831c8 UnhandledExceptionFilter

• 0x5831cc SetUnhandledExceptionFilter

• 0x5831d0 IsDebuggerPresent

• 0x5831d4 HeapFree

• 0x5831d8 HeapAlloc

• 0x5831dc GetProcessHeap

• 0x5831e0 GetCPInfo

• 0x5831e4 LCMapStringA

• 0x5831e8 LCMapStringW

• 0x5831ec TlsGetValue

• 0x5831f0 TlsAlloc

• 0x5831f4 TlsSetValue

• 0x5831f8 TlsFree

• 0x5831fc WriteFile

• 0x583200 GetStdHandle

• 0x583204 HeapSize

• 0x583208 GetACP

• 0x58320c GetOEMCP

• 0x583210 IsValidCodePage

• 0x583214 HeapDestroy

• 0x583218 HeapCreate

• 0x58321c VirtualFree

• 0x583220 HeapReAlloc

Library USER32.dll:

• 0x583228 LoadStringW

• 0x58322c IsWindow

• 0x583230 PostMessageA

• 0x583234 GetDesktopWindow

• 0x583238 MoveWindow

• 0x58323c SetPropA

• 0x583240 EnumThreadWindows

• 0x583244 GetPropA

• 0x583248 GetMessageA

• 0x58324c BeginPaint

• 0x583250 KillTimer

• 0x583254 GetAsyncKeyState

• 0x583258 GetSystemMetrics

• 0x58325c SetTimer

• 0x583260 SetWindowTextA

• 0x583264 GetDlgItem

• 0x583268 CreateDialogIndirectParamA

• 0x58326c ShowWindow

• 0x583270 UpdateWindow

• 0x583274 LoadStringA

• 0x583278 EndPaint

• 0x58327c FindWindowA

• 0x583280 WaitForInputIdle

• 0x583284 DestroyWindow

• 0x583288 MessageBoxA

• 0x58328c InSendMessage

• 0x583290 UnpackDDElParam

• 0x583294 FreeDDElParam

• 0x583298 DefWindowProcW

• 0x58329c DefWindowProcA

• 0x5832a0 LoadCursorA

• 0x5832a4 RegisterClassW

• 0x5832a8 CreateWindowExW

• 0x5832ac RegisterClassA

• 0x5832b0 CreateWindowExA

• 0x5832b4 GetWindowThreadProcessId

• 0x5832b8 SendMessageW

• 0x5832bc SendMessageA

• 0x5832c0 PeekMessageA

• 0x5832c4 TranslateMessage

• 0x5832c8 DispatchMessageA

• 0x5832cc EnumWindows

• 0x5832d0 IsWindowUnicode

• 0x5832d4 PackDDElParam

• 0x5832d8 PostMessageW

Library GDI32.dll:

• 0x583000 SelectObject

• 0x583004 BitBlt

• 0x583008 DeleteObject

• 0x58300c CreatePalette

• 0x583010 CreateDCA

• 0x583014 SelectPalette

• 0x583018 RealizePalette

• 0x58301c CreateDIBitmap

• 0x583020 DeleteDC

• 0x583024 CreateCompatibleDC

Hosts

No hosts contacted.

DNS

Name	Response	Post-Analysis Lookup
time.windows.com	A 20.189.79.72 CNAME time.microsoft.akadns.net
dns.msftncsi.com	AAAA fd3e:4f5a:5b81::1	131.107.255.255
dns.msftncsi.com	A 131.107.255.255	131.107.255.255
teredo.ipv6.microsoft.com

TCP

No TCP connections recorded.

UDP

Source	Source Port	Destination	Destination Port
192.168.56.101	50002	114.114.114.114	53
192.168.56.101	53237	114.114.114.114	53
192.168.56.101	57756	114.114.114.114	53
192.168.56.101	58367	114.114.114.114	53
192.168.56.101	62318	114.114.114.114	53
192.168.56.101	137	192.168.56.255	137
192.168.56.101	138	192.168.56.255	138
192.168.56.101	123	20.189.79.72 time.windows.com	123
192.168.56.101	49235	224.0.0.252	5355
192.168.56.101	50534	224.0.0.252	5355
192.168.56.101	51963	224.0.0.252	5355
192.168.56.101	53657	224.0.0.252	5355
192.168.56.101	56804	224.0.0.252	5355
192.168.56.101	57874	224.0.0.252	5355
192.168.56.101	62191	224.0.0.252	5355
192.168.56.101	63429	224.0.0.252	5355
192.168.56.101	1900	239.255.255.250	1900
192.168.56.101	49238	239.255.255.250	1900
192.168.56.101	50003	239.255.255.250	3702
192.168.56.101	50005	239.255.255.250	3702

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.

Sorry! No dropped buffers.