6.4
高危
58 个模型检测该样本为恶意!
重新分析
更多

c148d7544c90541afc565d03219b8c579ac18a52b1baa3e70eb22bf12cc9a96e

5b5553299f65c7b8fb22dadb2421bf49.exe

分析耗时

78s

最近分析

文件大小

1.5MB
静态报毒 动态报毒 100% AGENSLA AGENTTESLA AI SCORE=87 AIDETECTVM ALI2000008 ARTEMIS AUTOIT BINTOSTR BTKOXH CLASSIC CONFIDENCE ELDORADO GENERICKD GRAYWARE HIGH CONFIDENCE HJREQI IGENT KILLPROC KOFZZ MALWARE1 MALWARE@#3POO9XSMDJ5IF NANOCORE NEGASTEAL PREDATOR QQPASS QQROB SCORE SUSGEN SWUV TROJANAITINJECT TROJANPSW UNSAFE 更多
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
McAfee Artemis!5B5553299F65 20201225 6.0.6.653
Alibaba Trojan:Win32/autoit.ali2000008 20190527 0.3.0.5
CrowdStrike win/malicious_confidence_100% (W) 20190702 1.0
Baidu 20190318 1.0.0.2
Avast SNH:Script [Dropper] 20201225 21.1.5827.0
Kingsoft 20201225 2017.9.26.565
Tencent Msil.Trojan-qqpass.Qqrob.Swuv 20201225 1.0.0.1
静态指标
Queries for the computername (3 个事件)
Time & API Arguments Status Return Repeated
1619526744.668249
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
1619526745.824249
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
1619526747.699249
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
Checks if process is being debugged by a debugger (3 个事件)
Time & API Arguments Status Return Repeated
1619513303.633988
IsDebuggerPresent
failed 0 0
1619526742.371249
IsDebuggerPresent
failed 0 0
1619526742.371249
IsDebuggerPresent
failed 0 0
Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available (1 个事件)
Time & API Arguments Status Return Repeated
1619513303.883988
GlobalMemoryStatusEx
success 1 0
One or more processes crashed (5 个事件)
Time & API Arguments Status Return Repeated
1619513312.289988
__exception__
stacktrace: 
RtlFreeHeap+0x7e RtlAllocateHeap-0x23 ntdll+0x2e003 @ 0x77d5e003
HeapFree+0x14 GetProcessHeap-0xc kernel32+0x114dd @ 0x763514dd
5b5553299f65c7b8fb22dadb2421bf49+0x228e4 @ 0xad28e4
5b5553299f65c7b8fb22dadb2421bf49+0x5cea @ 0xab5cea
5b5553299f65c7b8fb22dadb2421bf49+0x14639 @ 0xac4639
5b5553299f65c7b8fb22dadb2421bf49+0x7c607 @ 0xb2c607
5b5553299f65c7b8fb22dadb2421bf49+0xfb40 @ 0xabfb40
5b5553299f65c7b8fb22dadb2421bf49+0x1412e @ 0xac412e
5b5553299f65c7b8fb22dadb2421bf49+0x14559 @ 0xac4559
5b5553299f65c7b8fb22dadb2421bf49+0x7c607 @ 0xb2c607
5b5553299f65c7b8fb22dadb2421bf49+0xfb40 @ 0xabfb40
5b5553299f65c7b8fb22dadb2421bf49+0xee7f @ 0xabee7f
5b5553299f65c7b8fb22dadb2421bf49+0xe579 @ 0xabe579
5b5553299f65c7b8fb22dadb2421bf49+0x1396b @ 0xac396b
5b5553299f65c7b8fb22dadb2421bf49+0x11169 @ 0xac1169
5b5553299f65c7b8fb22dadb2421bf49+0x1412e @ 0xac412e
5b5553299f65c7b8fb22dadb2421bf49+0x14559 @ 0xac4559
5b5553299f65c7b8fb22dadb2421bf49+0xe5aa @ 0xabe5aa
5b5553299f65c7b8fb22dadb2421bf49+0x1396b @ 0xac396b
5b5553299f65c7b8fb22dadb2421bf49+0xe5e5 @ 0xabe5e5
5b5553299f65c7b8fb22dadb2421bf49+0x1396b @ 0xac396b
5b5553299f65c7b8fb22dadb2421bf49+0xe5e5 @ 0xabe5e5
5b5553299f65c7b8fb22dadb2421bf49+0x1396b @ 0xac396b
5b5553299f65c7b8fb22dadb2421bf49+0xe5e5 @ 0xabe5e5
5b5553299f65c7b8fb22dadb2421bf49+0x3842 @ 0xab3842
5b5553299f65c7b8fb22dadb2421bf49+0x3716 @ 0xab3716
5b5553299f65c7b8fb22dadb2421bf49+0x26b7d @ 0xad6b7d
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 6611440
registers.edi: 65155504
registers.eax: 11
registers.ebp: 6611492
registers.edx: 65155512
registers.ebx: 65155512
registers.esi: 378866738
registers.ecx: 13565952
exception.instruction_r: 8b 46 04 89 45 f4 c6 47 07 80 c6 47 06 00 8b 5e
exception.symbol: RtlInitUnicodeString+0x196 RtlMultiByteToUnicodeN-0x1a7 ntdll+0x2e39e
exception.instruction: mov eax, dword ptr [esi + 4]
exception.module: ntdll.dll
exception.exception_code: 0xc0000005
exception.offset: 189342
exception.address: 0x77d5e39e
success 0 0
1619526745.418249
__exception__
stacktrace: 
LdrResSearchResource+0xb4d LdrResFindResourceDirectory-0x16c ntdll+0x3d8a9 @ 0x77d6d8a9
LdrResSearchResource+0xa10 LdrResFindResourceDirectory-0x2a9 ntdll+0x3d76c @ 0x77d6d76c
LdrLoadDll+0x7b _strcmpi-0x304 ntdll+0x3c4b5 @ 0x77d6c4b5
New_ntdll_LdrLoadDll@16+0x7b New_ntdll_LdrUnloadDll@4-0xb7 @ 0x7485d4cf
LoadLibraryExW+0x178 LoadLibraryExA-0x2a kernelbase+0x11d2a @ 0x778f1d2a
LogHelp_TerminateOnAssert+0x41c42 StrongNameErrorInfo-0x46258 clr+0x9e69a @ 0x73f0e69a
LogHelp_TerminateOnAssert+0x41cbd StrongNameErrorInfo-0x461dd clr+0x9e715 @ 0x73f0e715
GetPrivateContextsPerfCounters+0xf665 PreBindAssemblyEx-0x45e2 clr+0x1a2164 @ 0x74012164
GetPrivateContextsPerfCounters+0xf5d8 PreBindAssemblyEx-0x466f clr+0x1a20d7 @ 0x740120d7
GetPrivateContextsPerfCounters+0x29c8 PreBindAssemblyEx-0x1127f clr+0x1954c7 @ 0x740054c7
GetPrivateContextsPerfCounters+0x290b PreBindAssemblyEx-0x1133c clr+0x19540a @ 0x7400540a
GetMetaDataInternalInterface+0x319c LogHelp_TerminateOnAssert-0xae94 clr+0x51bc4 @ 0x73ec1bc4
GetMetaDataInternalInterface+0x30f5 LogHelp_TerminateOnAssert-0xaf3b clr+0x51b1d @ 0x73ec1b1d
GetMetaDataInternalInterface+0x6c5d LogHelp_TerminateOnAssert-0x73d3 clr+0x55685 @ 0x73ec5685
GetMetaDataInternalInterface+0x6ae6 LogHelp_TerminateOnAssert-0x754a clr+0x5550e @ 0x73ec550e
GetMetaDataInternalInterface+0x2762 LogHelp_TerminateOnAssert-0xb8ce clr+0x5118a @ 0x73ec118a
GetMetaDataInternalInterface+0x56a1 LogHelp_TerminateOnAssert-0x898f clr+0x540c9 @ 0x73ec40c9
StrongNameFreeBuffer+0x50d3 GetMetaDataInternalInterface-0xab37 clr+0x43ef1 @ 0x73eb3ef1
LogHelp_TerminateOnAssert+0x3f768 StrongNameErrorInfo-0x48732 clr+0x9c1c0 @ 0x73f0c1c0
LogHelp_TerminateOnAssert+0x3f7dd StrongNameErrorInfo-0x486bd clr+0x9c235 @ 0x73f0c235
LogHelp_TerminateOnAssert+0x1cf80 StrongNameErrorInfo-0x6af1a clr+0x799d8 @ 0x73ee99d8
LogHelp_LogAssert+0x69a51 GetAddrOfContractShutoffFlag-0x455d clr+0x262723 @ 0x740d2723
LogHelp_LogAssert+0x69fea GetAddrOfContractShutoffFlag-0x3fc4 clr+0x262cbc @ 0x740d2cbc
LogHelp_LogAssert+0x6aa87 GetAddrOfContractShutoffFlag-0x3527 clr+0x263759 @ 0x740d3759
LogHelp_LogAssert+0x6ca3b GetAddrOfContractShutoffFlag-0x1573 clr+0x26570d @ 0x740d570d
0x238ed13
0x238eb43
0x238e024
DllUnregisterServerInternal-0x3e21 clr+0x21db @ 0x73e721db
CoUninitializeEE+0x6862 DllRegisterServerInternal-0xc91e clr+0x24a2a @ 0x73e94a2a
CoUninitializeEE+0x6a04 DllRegisterServerInternal-0xc77c clr+0x24bcc @ 0x73e94bcc
CoUninitializeEE+0x6a39 DllRegisterServerInternal-0xc747 clr+0x24c01 @ 0x73e94c01
CoUninitializeEE+0x6a59 DllRegisterServerInternal-0xc727 clr+0x24c21 @ 0x73e94c21
GetCLRFunction+0xc08 GetMetaDataPublicInterfaceFromInternal-0x8a65 clr+0xece82 @ 0x73f5ce82
GetCLRFunction+0xd16 GetMetaDataPublicInterfaceFromInternal-0x8957 clr+0xecf90 @ 0x73f5cf90
GetCLRFunction+0xb2a GetMetaDataPublicInterfaceFromInternal-0x8b43 clr+0xecda4 @ 0x73f5cda4
GetCLRFunction+0xf1f GetMetaDataPublicInterfaceFromInternal-0x874e clr+0xed199 @ 0x73f5d199
GetCLRFunction+0xe20 GetMetaDataPublicInterfaceFromInternal-0x884d clr+0xed09a @ 0x73f5d09a
_CorExeMain+0x1c SetRuntimeInfo-0x181d clr+0x16af00 @ 0x73fdaf00
_CorExeMain+0x38 _CorExeMain2-0x134 mscoreei+0x55ab @ 0x74fc55ab
CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x75037f16
_CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x75034de3
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 2276444
registers.edi: 2276648
registers.eax: 1457749433
registers.ebp: 2276468
registers.edx: 32
registers.ebx: 2010552657
registers.esi: 2276460
registers.ecx: 2276608
exception.instruction_r: 00 3a 9a 8c 64 40 9a f3 f3 3a 12 60 4a a0 2b 04
exception.instruction: add byte ptr [edx], bh
exception.exception_code: 0xc0000005
exception.symbol: custommarshalers+0x49a8
exception.address: 0x73be49a8
success 0 0
1619526747.511249
__exception__
stacktrace: 
0x238eb4e
0x238e024
DllUnregisterServerInternal-0x3e21 clr+0x21db @ 0x73e721db
CoUninitializeEE+0x6862 DllRegisterServerInternal-0xc91e clr+0x24a2a @ 0x73e94a2a
CoUninitializeEE+0x6a04 DllRegisterServerInternal-0xc77c clr+0x24bcc @ 0x73e94bcc
CoUninitializeEE+0x6a39 DllRegisterServerInternal-0xc747 clr+0x24c01 @ 0x73e94c01
CoUninitializeEE+0x6a59 DllRegisterServerInternal-0xc727 clr+0x24c21 @ 0x73e94c21
GetCLRFunction+0xc08 GetMetaDataPublicInterfaceFromInternal-0x8a65 clr+0xece82 @ 0x73f5ce82
GetCLRFunction+0xd16 GetMetaDataPublicInterfaceFromInternal-0x8957 clr+0xecf90 @ 0x73f5cf90
GetCLRFunction+0xb2a GetMetaDataPublicInterfaceFromInternal-0x8b43 clr+0xecda4 @ 0x73f5cda4
GetCLRFunction+0xf1f GetMetaDataPublicInterfaceFromInternal-0x874e clr+0xed199 @ 0x73f5d199
GetCLRFunction+0xe20 GetMetaDataPublicInterfaceFromInternal-0x884d clr+0xed09a @ 0x73f5d09a
_CorExeMain+0x1c SetRuntimeInfo-0x181d clr+0x16af00 @ 0x73fdaf00
_CorExeMain+0x38 _CorExeMain2-0x134 mscoreei+0x55ab @ 0x74fc55ab
CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x75037f16
_CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x75034de3
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 2289060
registers.edi: 2289088
registers.eax: 0
registers.ebp: 2289104
registers.edx: 8
registers.ebx: 0
registers.esi: 39465540
registers.ecx: 0
exception.instruction_r: 8b 01 8b 40 28 ff 10 89 45 dc b8 fd 41 78 98 e9
exception.instruction: mov eax, dword ptr [ecx]
exception.exception_code: 0xc0000005
exception.symbol:
exception.address: 0xac08b2
success 0 0
1619526793.105249
__exception__
stacktrace: 
0xacd95f
0xacd832
0xacb6d0
0x238e90c
DllUnregisterServerInternal-0x3e21 clr+0x21db @ 0x73e721db
CoUninitializeEE+0x6862 DllRegisterServerInternal-0xc91e clr+0x24a2a @ 0x73e94a2a
CoUninitializeEE+0x6a04 DllRegisterServerInternal-0xc77c clr+0x24bcc @ 0x73e94bcc
CoUninitializeEE+0x6a39 DllRegisterServerInternal-0xc747 clr+0x24c01 @ 0x73e94c01
CoUninitializeEE+0x6a59 DllRegisterServerInternal-0xc727 clr+0x24c21 @ 0x73e94c21
GetCLRFunction+0xc08 GetMetaDataPublicInterfaceFromInternal-0x8a65 clr+0xece82 @ 0x73f5ce82
GetCLRFunction+0xd16 GetMetaDataPublicInterfaceFromInternal-0x8957 clr+0xecf90 @ 0x73f5cf90
GetCLRFunction+0xb2a GetMetaDataPublicInterfaceFromInternal-0x8b43 clr+0xecda4 @ 0x73f5cda4
GetCLRFunction+0xf1f GetMetaDataPublicInterfaceFromInternal-0x874e clr+0xed199 @ 0x73f5d199
GetCLRFunction+0xe20 GetMetaDataPublicInterfaceFromInternal-0x884d clr+0xed09a @ 0x73f5d09a
_CorExeMain+0x1c SetRuntimeInfo-0x181d clr+0x16af00 @ 0x73fdaf00
_CorExeMain+0x38 _CorExeMain2-0x134 mscoreei+0x55ab @ 0x74fc55ab
CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x75037f16
_CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x75034de3
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 2287880
registers.edi: 0
registers.eax: 0
registers.ebp: 2287988
registers.edx: 18
registers.ebx: 0
registers.esi: 39914484
registers.ecx: 20
exception.instruction_r: 8b 40 04 89 45 e8 33 d2 89 55 ec 69 45 e0 f1 67
exception.instruction: mov eax, dword ptr [eax + 4]
exception.exception_code: 0xc0000005
exception.symbol:
exception.address: 0x5765396
success 0 0
1619526794.418249
__exception__
stacktrace: 
0xaccbcc
0x238e90c
DllUnregisterServerInternal-0x3e21 clr+0x21db @ 0x73e721db
CoUninitializeEE+0x6862 DllRegisterServerInternal-0xc91e clr+0x24a2a @ 0x73e94a2a
CoUninitializeEE+0x6a04 DllRegisterServerInternal-0xc77c clr+0x24bcc @ 0x73e94bcc
CoUninitializeEE+0x6a39 DllRegisterServerInternal-0xc747 clr+0x24c01 @ 0x73e94c01
CoUninitializeEE+0x6a59 DllRegisterServerInternal-0xc727 clr+0x24c21 @ 0x73e94c21
GetCLRFunction+0xc08 GetMetaDataPublicInterfaceFromInternal-0x8a65 clr+0xece82 @ 0x73f5ce82
GetCLRFunction+0xd16 GetMetaDataPublicInterfaceFromInternal-0x8957 clr+0xecf90 @ 0x73f5cf90
GetCLRFunction+0xb2a GetMetaDataPublicInterfaceFromInternal-0x8b43 clr+0xecda4 @ 0x73f5cda4
GetCLRFunction+0xf1f GetMetaDataPublicInterfaceFromInternal-0x874e clr+0xed199 @ 0x73f5d199
GetCLRFunction+0xe20 GetMetaDataPublicInterfaceFromInternal-0x884d clr+0xed09a @ 0x73f5d09a
_CorExeMain+0x1c SetRuntimeInfo-0x181d clr+0x16af00 @ 0x73fdaf00
_CorExeMain+0x38 _CorExeMain2-0x134 mscoreei+0x55ab @ 0x74fc55ab
CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x75037f16
_CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x75034de3
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 2288048
registers.edi: 40984316
registers.eax: 40986476
registers.ebp: 2288116
registers.edx: 40986476
registers.ebx: 40982496
registers.esi: 0
registers.ecx: 1908490458
exception.instruction_r: 39 06 68 ff ff ff 7f 6a 00 8b ce e8 c5 33 73 6c
exception.instruction: cmp dword ptr [esi], eax
exception.exception_code: 0xc0000005
exception.symbol:
exception.address: 0x57954ab
success 0 0
行为判定
动态指标
One or more potentially interesting buffers were extracted, these generally contain injected code, configuration data, etc.
Allocates read-write-execute memory (usually to unpack itself) (50 out of 95 个事件)
Time & API Arguments Status Return Repeated
1619513310.211988
NtAllocateVirtualMemory
process_identifier: 2316
region_size: 573440
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x02ae0000
success 0 0
1619513311.711988
NtAllocateVirtualMemory
process_identifier: 2316
region_size: 573440
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x04280000
success 0 0
1619526741.714249
NtAllocateVirtualMemory
process_identifier: 152
region_size: 1703936
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 8192 (MEM_RESERVE)
base_address: 0x00ac0000
success 0 0
1619526741.714249
NtAllocateVirtualMemory
process_identifier: 152
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00c20000
success 0 0
1619526742.058249
NtAllocateVirtualMemory
process_identifier: 152
region_size: 327680
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 8192 (MEM_RESERVE)
base_address: 0x00450000
success 0 0
1619526742.058249
NtAllocateVirtualMemory
process_identifier: 152
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00460000
success 0 0
1619526742.168249
NtProtectVirtualMemory
process_identifier: 152
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x73e71000
success 0 0
1619526742.371249
NtAllocateVirtualMemory
process_identifier: 152
region_size: 1114112
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 8192 (MEM_RESERVE)
base_address: 0x005f0000
success 0 0
1619526742.371249
NtAllocateVirtualMemory
process_identifier: 152
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x006c0000
success 0 0
1619526742.371249
NtAllocateVirtualMemory
process_identifier: 152
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x003ea000
success 0 0
1619526742.371249
NtProtectVirtualMemory
process_identifier: 152
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 8192
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x73e72000
success 0 0
1619526742.371249
NtAllocateVirtualMemory
process_identifier: 152
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x003e2000
success 0 0
1619526742.636249
NtAllocateVirtualMemory
process_identifier: 152
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x003f2000
success 0 0
1619526742.714249
NtAllocateVirtualMemory
process_identifier: 152
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x004a5000
success 0 0
1619526742.730249
NtAllocateVirtualMemory
process_identifier: 152
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x004ab000
success 0 0
1619526742.730249
NtAllocateVirtualMemory
process_identifier: 152
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x004a7000
success 0 0
1619526742.855249
NtAllocateVirtualMemory
process_identifier: 152
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x003f3000
success 0 0
1619526742.933249
NtAllocateVirtualMemory
process_identifier: 152
region_size: 12288
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x003f4000
success 0 0
1619526742.949249
NtAllocateVirtualMemory
process_identifier: 152
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x003fc000
success 0 0
1619526743.027249
NtAllocateVirtualMemory
process_identifier: 152
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x02380000
success 0 0
1619526743.027249
NtAllocateVirtualMemory
process_identifier: 152
region_size: 53248
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x02381000
success 0 0
1619526743.339249
NtAllocateVirtualMemory
process_identifier: 152
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x003f7000
success 0 0
1619526743.652249
NtAllocateVirtualMemory
process_identifier: 152
region_size: 8192
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x003f8000
success 0 0
1619526743.808249
NtAllocateVirtualMemory
process_identifier: 152
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00456000
success 0 0
1619526743.980249
NtAllocateVirtualMemory
process_identifier: 152
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00461000
success 0 0
1619526744.089249
NtAllocateVirtualMemory
process_identifier: 152
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x0045a000
success 0 0
1619526744.089249
NtAllocateVirtualMemory
process_identifier: 152
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00457000
success 0 0
1619526744.293249
NtAllocateVirtualMemory
process_identifier: 152
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00820000
success 0 0
1619526744.308249
NtAllocateVirtualMemory
process_identifier: 152
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00821000
success 0 0
1619526744.324249
NtAllocateVirtualMemory
process_identifier: 152
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00822000
success 0 0
1619526744.355249
NtAllocateVirtualMemory
process_identifier: 152
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x0238e000
success 0 0
1619526744.402249
NtAllocateVirtualMemory
process_identifier: 152
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00823000
success 0 0
1619526744.402249
NtAllocateVirtualMemory
process_identifier: 152
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x0238f000
success 0 0
1619526745.027249
NtAllocateVirtualMemory
process_identifier: 152
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00824000
success 0 0
1619526745.074249
NtAllocateVirtualMemory
process_identifier: 152
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00ac0000
success 0 0
1619526745.402249
NtAllocateVirtualMemory
process_identifier: 152
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00825000
success 0 0
1619526745.496249
NtAllocateVirtualMemory
process_identifier: 152
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x003fd000
success 0 0
1619526745.496249
NtAllocateVirtualMemory
process_identifier: 152
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00826000
success 0 0
1619526745.558249
NtAllocateVirtualMemory
process_identifier: 152
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00827000
success 0 0
1619526745.558249
NtAllocateVirtualMemory
process_identifier: 152
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00828000
success 0 0
1619526745.574249
NtAllocateVirtualMemory
process_identifier: 152
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00829000
success 0 0
1619526745.605249
NtAllocateVirtualMemory
process_identifier: 152
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x0082a000
success 0 0
1619526745.605249
NtAllocateVirtualMemory
process_identifier: 152
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00ac1000
success 0 0
1619526745.605249
NtAllocateVirtualMemory
process_identifier: 152
region_size: 327680
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 1056768 (MEM_RESERVE|MEM_TOP_DOWN)
base_address: 0x7ef40000
success 0 0
1619526745.605249
NtAllocateVirtualMemory
process_identifier: 152
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x7ef40000
success 0 0
1619526745.605249
NtAllocateVirtualMemory
process_identifier: 152
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x7ef40000
success 0 0
1619526745.605249
NtAllocateVirtualMemory
process_identifier: 152
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x7ef48000
success 0 0
1619526745.605249
NtAllocateVirtualMemory
process_identifier: 152
region_size: 65536
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 1056768 (MEM_RESERVE|MEM_TOP_DOWN)
base_address: 0x7ef30000
success 0 0
1619526745.605249
NtAllocateVirtualMemory
process_identifier: 152
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x7ef30000
success 0 0
1619526745.652249
NtAllocateVirtualMemory
process_identifier: 152
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x0082b000
success 0 0
Steals private information from local Internet browsers (5 个事件)
file C:\Users\Administrator.Oskar-PC\AppData\Local\Google\Chrome\User Data\Default\Login Data
file C:\Users\Administrator.Oskar-PC\AppData\Local\Google\Chrome\User Data\
file C:\Users\Administrator.Oskar-PC\AppData\Local\Chromium\User Data
file C:\Users\Administrator.Oskar-PC\AppData\Local\MapleStudio\ChromePlus\User Data
file C:\Users\Administrator.Oskar-PC\AppData\Local\Yandex\YandexBrowser\User Data
The binary likely contains encrypted or compressed data indicative of a packer (2 个事件)
entropy 7.853762397814608 section {'size_of_data': '0x000b3200', 'virtual_address': '0x000c4000', 'entropy': 7.853762397814608, 'name': '.rsrc', 'virtual_size': '0x000b312c'} description A section with a high entropy has been found
entropy 0.4712265702071687 description Overall entropy of this PE file is high
Checks for the Locally Unique Identifier on the system for a suspicious privilege (1 个事件)
Time & API Arguments Status Return Repeated
1619526792.777249
LookupPrivilegeValueW
system_name:
privilege_name: SeDebugPrivilege
success 1 0
网络通信
Communicates with host for which no DNS query was performed (1 个事件)
host 172.217.24.14
Looks for the Windows Idle Time to determine the uptime (1 个事件)
Time & API Arguments Status Return Repeated
1619526795.402249
NtQuerySystemInformation
information_class: 8 (SystemProcessorPerformanceInformation)
success 0 0
A process attempted to delay the analysis task. (1 个事件)
description MSBuild.exe tried to sleep 2728216 seconds, actually delayed analysis time by 2728216 seconds
Harvests credentials from local email clients (5 个事件)
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\Thunderbird\profiles.ini
registry HKEY_CURRENT_USER\Software\Microsoft\Windows Messaging Subsystem\Profiles\9375CFF0413111d3B88A00104B2A6676
registry HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676
registry HKEY_CURRENT_USER\Software\RimArts\B2\Settings
registry HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676
File has been identified by 58 AntiVirus engines on VirusTotal as malicious (50 out of 58 个事件)
Bkav W32.AIDetectVM.malware1
Elastic malicious (high confidence)
MicroWorld-eScan Trojan.GenericKD.33745652
McAfee Artemis!5B5553299F65
Cylance Unsafe
Sangfor Malware
K7AntiVirus Trojan ( 00565b431 )
Alibaba Trojan:Win32/autoit.ali2000008
K7GW Trojan ( 00565b431 )
CrowdStrike win/malicious_confidence_100% (W)
Cyren W32/AutoIt.QA.gen!Eldorado
Symantec Packed.Generic.548
APEX Malicious
Avast SNH:Script [Dropper]
ClamAV Win.Dropper.Nanocore-9094186-0
Kaspersky Trojan-PSW.MSIL.Agensla.qfg
BitDefender Trojan.GenericKD.33745652
NANO-Antivirus Trojan.Win32.KillProc.hjreqi
Paloalto generic.ml
ViRobot Trojan.Win32.Keylogger.1558016
Rising Trojan.Obfus/Autoit!1.C045 (CLASSIC)
Ad-Aware Trojan.GenericKD.33745652
TACHYON Trojan-PWS/W32.AgentTesla.1558016
Sophos Mal/Generic-S
Comodo Malware@#3poo9xsmdj5if
F-Secure Trojan.TR/AutoIt.kofzz
DrWeb Trojan.KillProc.46755
VIPRE Trojan.Win32.Generic!BT
TrendMicro TrojanSpy.AutoIt.NEGASTEAL.SMB.hp
McAfee-GW-Edition BehavesLike.Win32.TrojanAitInject.tc
FireEye Generic.mg.5b5553299f65c7b8
Emsisoft Trojan.GenericKD.33745652 (B)
Ikarus Trojan.Autoit
GData Trojan.GenericKD.33745652
Webroot W32.Trojan.Gen
Avira TR/AutoIt.kofzz
eGambit Unsafe.AI_Score_97%
Antiy-AVL GrayWare/Autoit.BinToStr.a
Arcabit Trojan.Generic.D202EAF4
AegisLab Trojan.MSIL.Agensla.i!c
ZoneAlarm Trojan-PSW.MSIL.Agensla.qfg
Microsoft Trojan:Win32/Predator.AR!MTB
Cynet Malicious (score: 90)
ALYac Trojan.GenericKD.33745652
MAX malware (ai score=87)
VBA32 TrojanPSW.MSIL.Agensla
Malwarebytes Trojan.MalPack.AutoIt.Generic
ESET-NOD32 a variant of Win32/Injector.Autoit.FGN
TrendMicro-HouseCall TrojanSpy.AutoIt.NEGASTEAL.SMB.hp
Tencent Msil.Trojan-qqpass.Qqrob.Swuv
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

2020-04-29 22:12:56

Imports

Library WSOCK32.dll:
0x48d7a8 __WSAFDIsSet
0x48d7ac recv
0x48d7b0 send
0x48d7b4 setsockopt
0x48d7b8 ntohs
0x48d7bc recvfrom
0x48d7c0 select
0x48d7c4 WSAStartup
0x48d7c8 htons
0x48d7cc accept
0x48d7d0 listen
0x48d7d4 bind
0x48d7d8 closesocket
0x48d7dc connect
0x48d7e0 WSACleanup
0x48d7e4 ioctlsocket
0x48d7e8 sendto
0x48d7ec WSAGetLastError
0x48d7f0 inet_addr
0x48d7f4 gethostbyname
0x48d7f8 gethostname
0x48d7fc socket
Library VERSION.dll:
0x48d74c GetFileVersionInfoW
0x48d750 VerQueryValueW
Library WINMM.dll:
0x48d798 timeGetTime
0x48d79c waveOutSetVolume
0x48d7a0 mciSendStringW
Library COMCTL32.dll:
0x48d088 ImageList_Destroy
0x48d08c ImageList_Remove
0x48d094 ImageList_BeginDrag
0x48d098 ImageList_DragEnter
0x48d09c ImageList_DragLeave
0x48d0a0 ImageList_EndDrag
0x48d0a4 ImageList_DragMove
0x48d0a8 ImageList_Create
Library MPR.dll:
0x48d3e4 WNetUseConnectionW
0x48d3ec WNetGetConnectionW
0x48d3f0 WNetAddConnection2W
Library WININET.dll:
0x48d75c InternetReadFile
0x48d760 InternetCloseHandle
0x48d764 InternetOpenW
0x48d768 InternetSetOptionW
0x48d76c InternetCrackUrlW
0x48d770 HttpQueryInfoW
0x48d778 HttpOpenRequestW
0x48d77c HttpSendRequestW
0x48d780 FtpOpenFileW
0x48d784 FtpGetFileSize
0x48d788 InternetOpenUrlW
0x48d78c InternetConnectW
Library PSAPI.DLL:
Library IPHLPAPI.DLL:
0x48d154 IcmpCreateFile
0x48d158 IcmpCloseHandle
0x48d15c IcmpSendEcho
Library USERENV.dll:
0x48d730 UnloadUserProfile
0x48d73c LoadUserProfileW
Library UxTheme.dll:
0x48d744 IsThemeActive
Library KERNEL32.dll:
0x48d164 WaitForSingleObject
0x48d168 HeapAlloc
0x48d16c GetProcessHeap
0x48d170 HeapFree
0x48d174 Sleep
0x48d178 GetCurrentThreadId
0x48d17c MultiByteToWideChar
0x48d180 MulDiv
0x48d184 GetVersionExW
0x48d188 GetSystemInfo
0x48d18c FreeLibrary
0x48d190 LoadLibraryA
0x48d194 GetProcAddress
0x48d198 SetErrorMode
0x48d19c WideCharToMultiByte
0x48d1a0 lstrcpyW
0x48d1a4 lstrlenW
0x48d1a8 GetModuleHandleW
0x48d1b0 VirtualFreeEx
0x48d1b4 OpenProcess
0x48d1b8 VirtualAllocEx
0x48d1bc WriteProcessMemory
0x48d1c0 ReadProcessMemory
0x48d1c4 CreateFileW
0x48d1c8 SetFilePointerEx
0x48d1cc ReadFile
0x48d1d0 WriteFile
0x48d1d4 FlushFileBuffers
0x48d1d8 TerminateProcess
0x48d1e0 Process32FirstW
0x48d1e4 Process32NextW
0x48d1e8 SetFileTime
0x48d1ec GetFileAttributesW
0x48d1f0 FindFirstFileW
0x48d1f4 FindClose
0x48d1f8 DeleteFileW
0x48d1fc CloseHandle
0x48d200 MoveFileW
0x48d204 CopyFileW
0x48d208 CreateDirectoryW
0x48d20c RemoveDirectoryW
0x48d210 SetSystemPowerState
0x48d218 FindResourceW
0x48d21c LoadResource
0x48d220 LockResource
0x48d224 SizeofResource
0x48d228 EnumResourceNamesW
0x48d22c OutputDebugStringW
0x48d230 GetTempPathW
0x48d234 GetTempFileNameW
0x48d238 DeviceIoControl
0x48d23c GetLocalTime
0x48d240 CompareStringW
0x48d248 CreateThread
0x48d250 GetStdHandle
0x48d254 CreatePipe
0x48d258 InterlockedExchange
0x48d25c TerminateThread
0x48d260 LoadLibraryExW
0x48d264 FindResourceExW
0x48d268 VirtualFree
0x48d26c FormatMessageW
0x48d270 GetExitCodeProcess
0x48d298 GetDriveTypeW
0x48d29c GetDiskFreeSpaceExW
0x48d2a0 GetDiskFreeSpaceW
0x48d2a8 SetVolumeLabelW
0x48d2ac CreateHardLinkW
0x48d2b0 SetFileAttributesW
0x48d2b4 GetShortPathNameW
0x48d2b8 CreateEventW
0x48d2bc SetEvent
0x48d2c8 GlobalLock
0x48d2cc GlobalUnlock
0x48d2d0 GlobalAlloc
0x48d2d4 GetFileSize
0x48d2d8 GlobalFree
0x48d2e0 Beep
0x48d2e4 GetSystemDirectoryW
0x48d2e8 GetComputerNameW
0x48d2f0 GetCurrentProcessId
0x48d2f8 CreateProcessW
0x48d2fc SetPriorityClass
0x48d300 LoadLibraryW
0x48d304 VirtualAlloc
0x48d308 GetLastError
0x48d30c GetModuleFileNameW
0x48d310 GetFullPathNameW
0x48d318 IsDebuggerPresent
0x48d320 lstrcmpiW
0x48d324 RaiseException
0x48d334 DuplicateHandle
0x48d338 GetCurrentProcess
0x48d340 GetCurrentThread
0x48d344 ExitProcess
0x48d348 GetModuleHandleExW
0x48d34c ExitThread
0x48d354 ResumeThread
0x48d358 GetCommandLineW
0x48d360 HeapSize
0x48d364 IsValidCodePage
0x48d368 GetACP
0x48d36c GetOEMCP
0x48d370 GetCPInfo
0x48d374 SetLastError
0x48d380 TlsAlloc
0x48d384 TlsGetValue
0x48d388 TlsSetValue
0x48d38c TlsFree
0x48d390 GetStartupInfoW
0x48d394 GetStringTypeW
0x48d398 SetStdHandle
0x48d39c GetFileType
0x48d3a0 GetConsoleCP
0x48d3a4 GetConsoleMode
0x48d3a8 RtlUnwind
0x48d3ac ReadConsoleW
0x48d3b0 SetFilePointer
0x48d3b8 GetDateFormatW
0x48d3bc GetTimeFormatW
0x48d3c0 LCMapStringW
0x48d3cc HeapReAlloc
0x48d3d0 WriteConsoleW
0x48d3d4 SetEndOfFile
0x48d3d8 FindNextFileW
Library USER32.dll:
0x48d4ac CopyImage
0x48d4b0 SetWindowPos
0x48d4b4 GetCursorInfo
0x48d4b8 RegisterHotKey
0x48d4bc ClientToScreen
0x48d4c4 IsCharAlphaW
0x48d4c8 IsCharAlphaNumericW
0x48d4cc IsCharLowerW
0x48d4d0 IsCharUpperW
0x48d4d4 GetMenuStringW
0x48d4d8 GetSubMenu
0x48d4dc GetCaretPos
0x48d4e0 IsZoomed
0x48d4e4 MonitorFromPoint
0x48d4e8 GetMonitorInfoW
0x48d4ec SetWindowLongW
0x48d4f4 FlashWindow
0x48d4f8 GetClassLongW
0x48d500 IsDialogMessageW
0x48d504 GetSysColor
0x48d508 InflateRect
0x48d50c DrawFocusRect
0x48d510 DrawTextW
0x48d514 FrameRect
0x48d518 DrawFrameControl
0x48d51c FillRect
0x48d520 PtInRect
0x48d52c SetCursor
0x48d530 GetWindowDC
0x48d534 GetSystemMetrics
0x48d538 DrawMenuBar
0x48d53c GetActiveWindow
0x48d540 CharNextW
0x48d544 wsprintfW
0x48d548 RedrawWindow
0x48d54c DestroyMenu
0x48d550 SetMenu
0x48d558 CreateMenu
0x48d55c IsDlgButtonChecked
0x48d560 DefDlgProcW
0x48d564 CallWindowProcW
0x48d568 ReleaseCapture
0x48d56c SetCapture
0x48d570 MonitorFromRect
0x48d574 LoadImageW
0x48d57c mouse_event
0x48d580 ExitWindowsEx
0x48d584 SetActiveWindow
0x48d588 FindWindowExW
0x48d58c EnumThreadWindows
0x48d590 SetMenuDefaultItem
0x48d594 InsertMenuItemW
0x48d598 IsMenu
0x48d59c TrackPopupMenuEx
0x48d5a0 AdjustWindowRectEx
0x48d5a4 DeleteMenu
0x48d5a8 CheckMenuRadioItem
0x48d5ac GetMenuItemID
0x48d5b0 GetMenuItemCount
0x48d5b4 SetMenuItemInfoW
0x48d5b8 GetMenuItemInfoW
0x48d5bc SetForegroundWindow
0x48d5c0 IsIconic
0x48d5c4 UnregisterHotKey
0x48d5cc keybd_event
0x48d5d0 SendInput
0x48d5d4 GetAsyncKeyState
0x48d5d8 SetKeyboardState
0x48d5dc GetKeyboardState
0x48d5e0 GetKeyState
0x48d5e4 VkKeyScanW
0x48d5e8 LoadStringW
0x48d5ec DialogBoxParamW
0x48d5f0 MessageBeep
0x48d5f4 EndDialog
0x48d5f8 SendDlgItemMessageW
0x48d5fc GetDlgItem
0x48d600 SetWindowTextW
0x48d604 CopyRect
0x48d608 ReleaseDC
0x48d60c GetDC
0x48d610 EndPaint
0x48d614 BeginPaint
0x48d618 GetClientRect
0x48d61c GetMenu
0x48d620 DestroyWindow
0x48d624 EnumWindows
0x48d628 GetDesktopWindow
0x48d62c IsWindow
0x48d630 IsWindowEnabled
0x48d634 IsWindowVisible
0x48d638 EnableWindow
0x48d63c InvalidateRect
0x48d640 GetWindowLongW
0x48d648 AttachThreadInput
0x48d64c GetFocus
0x48d650 ScreenToClient
0x48d654 SendMessageTimeoutW
0x48d658 EnumChildWindows
0x48d65c CharUpperBuffW
0x48d660 GetClassNameW
0x48d664 GetParent
0x48d668 GetDlgCtrlID
0x48d66c SendMessageW
0x48d670 MapVirtualKeyW
0x48d674 PostMessageW
0x48d678 GetWindowRect
0x48d680 CloseDesktop
0x48d684 CloseWindowStation
0x48d688 OpenDesktopW
0x48d694 OpenWindowStationW
0x48d69c SetRect
0x48d6a0 SetClipboardData
0x48d6a4 EmptyClipboard
0x48d6ac CloseClipboard
0x48d6b0 GetClipboardData
0x48d6b8 OpenClipboard
0x48d6bc BlockInput
0x48d6c0 GetMessageW
0x48d6c4 LockWindowUpdate
0x48d6c8 DispatchMessageW
0x48d6cc TranslateMessage
0x48d6d0 GetCursorPos
0x48d6d4 PeekMessageW
0x48d6d8 MessageBoxW
0x48d6dc DefWindowProcW
0x48d6e0 MoveWindow
0x48d6e4 SetFocus
0x48d6e8 PostQuitMessage
0x48d6ec KillTimer
0x48d6f0 CreatePopupMenu
0x48d6f8 SetTimer
0x48d6fc ShowWindow
0x48d700 CreateWindowExW
0x48d704 RegisterClassExW
0x48d708 LoadIconW
0x48d70c LoadCursorW
0x48d710 GetSysColorBrush
0x48d714 GetForegroundWindow
0x48d718 MessageBoxA
0x48d71c DestroyIcon
0x48d720 FindWindowW
0x48d724 CharLowerBuffW
0x48d728 GetWindowTextW
Library GDI32.dll:
0x48d0c4 SetPixel
0x48d0c8 DeleteObject
0x48d0d0 ExtCreatePen
0x48d0d4 StrokeAndFillPath
0x48d0d8 StrokePath
0x48d0dc GetDeviceCaps
0x48d0e0 CloseFigure
0x48d0e4 LineTo
0x48d0e8 AngleArc
0x48d0f0 CreateCompatibleDC
0x48d0f4 MoveToEx
0x48d0f8 Ellipse
0x48d0fc PolyDraw
0x48d100 BeginPath
0x48d104 SelectObject
0x48d108 StretchBlt
0x48d10c GetDIBits
0x48d110 DeleteDC
0x48d114 GetPixel
0x48d118 CreateDCW
0x48d11c GetStockObject
0x48d120 Rectangle
0x48d124 SetViewportOrgEx
0x48d128 GetObjectW
0x48d12c SetBkMode
0x48d130 RoundRect
0x48d134 SetBkColor
0x48d138 CreatePen
0x48d13c CreateSolidBrush
0x48d140 SetTextColor
0x48d144 CreateFontW
0x48d148 GetTextFaceW
0x48d14c EndPath
Library COMDLG32.dll:
0x48d0b8 GetSaveFileNameW
0x48d0bc GetOpenFileNameW
Library ADVAPI32.dll:
0x48d000 GetAclInformation
0x48d004 RegEnumValueW
0x48d008 RegDeleteValueW
0x48d00c RegDeleteKeyW
0x48d010 RegEnumKeyExW
0x48d014 RegSetValueExW
0x48d018 RegCreateKeyExW
0x48d01c GetUserNameW
0x48d020 RegOpenKeyExW
0x48d024 RegCloseKey
0x48d028 RegQueryValueExW
0x48d02c RegConnectRegistryW
0x48d034 InitializeAcl
0x48d03c OpenThreadToken
0x48d040 OpenProcessToken
0x48d048 DuplicateTokenEx
0x48d054 GetLengthSid
0x48d058 CopySid
0x48d060 LogonUserW
0x48d06c FreeSid
0x48d070 GetTokenInformation
0x48d07c AddAce
0x48d080 GetAce
Library SHELL32.dll:
0x48d470 DragQueryPoint
0x48d474 ShellExecuteExW
0x48d478 DragQueryFileW
0x48d47c SHEmptyRecycleBinW
0x48d480 SHBrowseForFolderW
0x48d484 SHGetFolderPathW
0x48d488 SHFileOperationW
0x48d490 SHGetDesktopFolder
0x48d494 SHGetMalloc
0x48d498 ExtractIconExW
0x48d49c Shell_NotifyIconW
0x48d4a0 ShellExecuteW
0x48d4a4 DragFinish
Library ole32.dll:
0x48d804 CoTaskMemAlloc
0x48d808 CoTaskMemFree
0x48d80c CLSIDFromString
0x48d810 ProgIDFromCLSID
0x48d814 CLSIDFromProgID
0x48d81c MkParseDisplayName
0x48d824 CoCreateInstance
0x48d828 IIDFromString
0x48d82c StringFromGUID2
0x48d834 CoInitialize
0x48d838 CoUninitialize
0x48d844 CoGetObject
0x48d84c CoCreateInstanceEx
0x48d850 CoSetProxyBlanket
Library OLEAUT32.dll:
0x48d3f8 RegisterTypeLib
0x48d3fc LoadTypeLibEx
0x48d400 VariantCopyInd
0x48d404 SysReAllocString
0x48d408 SysFreeString
0x48d418 SafeArrayAccessData
0x48d41c SafeArrayAllocData
0x48d420 UnRegisterTypeLib
0x48d428 SysAllocString
0x48d42c SysStringLen
0x48d434 VarR8FromDec
0x48d438 SafeArrayGetVartype
0x48d43c OleLoadPicture
0x48d444 VariantCopy
0x48d448 VariantClear
0x48d44c CreateDispTypeInfo
0x48d450 CreateStdDispatch
0x48d454 DispCallFunc
0x48d458 VariantChangeType
0x48d460 VariantInit

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 49235 114.114.114.114 53
192.168.56.101 50534 114.114.114.114 53
192.168.56.101 56539 114.114.114.114 53
192.168.56.101 65004 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 123 20.189.79.72 time.windows.com 123
192.168.56.101 55368 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 60123 224.0.0.252 5355
192.168.56.101 62191 224.0.0.252 5355
192.168.56.101 1900 239.255.255.250 1900
192.168.56.101 50535 239.255.255.250 3702
192.168.56.101 50537 239.255.255.250 3702
192.168.56.101 56540 239.255.255.250 3702
192.168.56.101 56807 239.255.255.250 1900
192.168.56.101 58707 239.255.255.250 3702
192.168.56.101 56539 8.8.8.8 53

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.