8.6
极危
67 个模型检测该样本为恶意!
重新分析
更多

e78fc612cad822b8532351787c4da091dd4ddbfc499d3563050b21c6ba5c0fef

5bda1ebae689d2504fe87bc4ca6357ad.exe

分析耗时

102s

最近分析

文件大小

824.5KB
静态报毒 动态报毒 100% 5KMVOXZIEFE AI SCORE=84 ALI2000007 ATRAPS AXCM CERBER CLASSIC CONFIDENCE DELF DOWNLOAD4 DTCONTX E@4PFQ97 ELDORADO GENASA GENOME GRENAM HIGH CONFIDENCE INFECTPE LCUC LXYHD MAFOCENMV MALICIOUS PE PINTU R + W32 RENAMER SCORE STATIC AI STEALICON TAINP TAPIN UNRUY UNSAFE X1603 更多
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
Alibaba virus:Win32/InfectPE.ali2000007 20190527 0.3.0.5
Baidu Win32.Worm.AutoRun.bu 20190318 1.0.0.2
Tencent Virus.Win32.Renamer.b 20201229 1.0.0.1
Kingsoft 20201229 2017.9.26.565
McAfee W32/Autorun.worm.hh 20201229 6.0.6.653
CrowdStrike win/malicious_confidence_100% (W) 20190702 1.0
静态指标
Queries for the computername (2 个事件)
Time & API Arguments Status Return Repeated
1619514926.413875
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
1619514926.413875
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
Tries to locate where the browsers are installed (1 个事件)
file C:\Program Files\Google\Chrome\Application\89.0.4389.114\vnotification_helper.exe
Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available (1 个事件)
Time & API Arguments Status Return Repeated
1619514923.194875
GlobalMemoryStatusEx
success 1 0
The executable contains unknown PE section names indicative of a packer (could be a false positive) (2 个事件)
section .itext
section .didata
One or more processes crashed (15 个事件)
Time & API Arguments Status Return Repeated
1619514934.866875
__exception__
stacktrace: 
5bda1ebae689d2504fe87bc4ca6357ad+0x4e1da @ 0x44e1da
5bda1ebae689d2504fe87bc4ca6357ad+0x5335d @ 0x45335d
5bda1ebae689d2504fe87bc4ca6357ad+0xa4126 @ 0x4a4126
5bda1ebae689d2504fe87bc4ca6357ad+0xa4383 @ 0x4a4383
5bda1ebae689d2504fe87bc4ca6357ad+0xa4f2c @ 0x4a4f2c
5bda1ebae689d2504fe87bc4ca6357ad+0xa4bf5 @ 0x4a4bf5
5bda1ebae689d2504fe87bc4ca6357ad+0xa5a3d @ 0x4a5a3d
5bda1ebae689d2504fe87bc4ca6357ad+0xa5e3b @ 0x4a5e3b
5bda1ebae689d2504fe87bc4ca6357ad+0x5761e @ 0x45761e
5bda1ebae689d2504fe87bc4ca6357ad+0x3ddae @ 0x43ddae
gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x775a62fa
GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x775a6d3a
CharPrevW+0x138 TranslateMessage-0x45 user32+0x177c4 @ 0x775a77c4
DispatchMessageW+0xf GetMessageW-0x58 user32+0x1788a @ 0x775a788a
5bda1ebae689d2504fe87bc4ca6357ad+0xa053a @ 0x4a053a

registers.esp: 1637232
registers.edi: 4356740
registers.eax: 1637232
registers.ebp: 1637312
registers.edx: 0
registers.ebx: 4469464
registers.esi: 32395312
registers.ecx: 7
exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b
exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727
exception.instruction: leave
exception.module: KERNELBASE.dll
exception.exception_code: 0xeedfade
exception.offset: 46887
exception.address: 0x778eb727
success 0 0
1619514936.506875
__exception__
stacktrace: 
5bda1ebae689d2504fe87bc4ca6357ad+0x4e1da @ 0x44e1da
5bda1ebae689d2504fe87bc4ca6357ad+0x5335d @ 0x45335d
5bda1ebae689d2504fe87bc4ca6357ad+0xa4126 @ 0x4a4126
5bda1ebae689d2504fe87bc4ca6357ad+0xa4383 @ 0x4a4383
5bda1ebae689d2504fe87bc4ca6357ad+0xa4f2c @ 0x4a4f2c
5bda1ebae689d2504fe87bc4ca6357ad+0xa4bf5 @ 0x4a4bf5
5bda1ebae689d2504fe87bc4ca6357ad+0xa5a3d @ 0x4a5a3d
5bda1ebae689d2504fe87bc4ca6357ad+0xa5e3b @ 0x4a5e3b
5bda1ebae689d2504fe87bc4ca6357ad+0x5761e @ 0x45761e
5bda1ebae689d2504fe87bc4ca6357ad+0x3ddae @ 0x43ddae
gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x775a62fa
GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x775a6d3a
CharPrevW+0x138 TranslateMessage-0x45 user32+0x177c4 @ 0x775a77c4
DispatchMessageW+0xf GetMessageW-0x58 user32+0x1788a @ 0x775a788a
5bda1ebae689d2504fe87bc4ca6357ad+0xa053a @ 0x4a053a

registers.esp: 1637232
registers.edi: 4356740
registers.eax: 1637232
registers.ebp: 1637312
registers.edx: 0
registers.ebx: 4469464
registers.esi: 32395248
registers.ecx: 7
exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b
exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727
exception.instruction: leave
exception.module: KERNELBASE.dll
exception.exception_code: 0xeedfade
exception.offset: 46887
exception.address: 0x778eb727
success 0 0
1619514940.225875
__exception__
stacktrace: 
5bda1ebae689d2504fe87bc4ca6357ad+0x4e1da @ 0x44e1da
5bda1ebae689d2504fe87bc4ca6357ad+0x5335d @ 0x45335d
5bda1ebae689d2504fe87bc4ca6357ad+0xa4126 @ 0x4a4126
5bda1ebae689d2504fe87bc4ca6357ad+0xa4383 @ 0x4a4383
5bda1ebae689d2504fe87bc4ca6357ad+0xa4f2c @ 0x4a4f2c
5bda1ebae689d2504fe87bc4ca6357ad+0xa4bf5 @ 0x4a4bf5
5bda1ebae689d2504fe87bc4ca6357ad+0xa5a3d @ 0x4a5a3d
5bda1ebae689d2504fe87bc4ca6357ad+0xa5e3b @ 0x4a5e3b
5bda1ebae689d2504fe87bc4ca6357ad+0x5761e @ 0x45761e
5bda1ebae689d2504fe87bc4ca6357ad+0x3ddae @ 0x43ddae
gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x775a62fa
GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x775a6d3a
CharPrevW+0x138 TranslateMessage-0x45 user32+0x177c4 @ 0x775a77c4
DispatchMessageW+0xf GetMessageW-0x58 user32+0x1788a @ 0x775a788a
5bda1ebae689d2504fe87bc4ca6357ad+0xa053a @ 0x4a053a

registers.esp: 1637232
registers.edi: 4356740
registers.eax: 1637232
registers.ebp: 1637312
registers.edx: 0
registers.ebx: 4469464
registers.esi: 32395760
registers.ecx: 7
exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b
exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727
exception.instruction: leave
exception.module: KERNELBASE.dll
exception.exception_code: 0xeedfade
exception.offset: 46887
exception.address: 0x778eb727
success 0 0
1619514941.725875
__exception__
stacktrace: 
5bda1ebae689d2504fe87bc4ca6357ad+0x4e1da @ 0x44e1da
5bda1ebae689d2504fe87bc4ca6357ad+0x5335d @ 0x45335d
5bda1ebae689d2504fe87bc4ca6357ad+0xa4126 @ 0x4a4126
5bda1ebae689d2504fe87bc4ca6357ad+0xa4383 @ 0x4a4383
5bda1ebae689d2504fe87bc4ca6357ad+0xa4f2c @ 0x4a4f2c
5bda1ebae689d2504fe87bc4ca6357ad+0xa4bf5 @ 0x4a4bf5
5bda1ebae689d2504fe87bc4ca6357ad+0xa5a3d @ 0x4a5a3d
5bda1ebae689d2504fe87bc4ca6357ad+0xa5e3b @ 0x4a5e3b
5bda1ebae689d2504fe87bc4ca6357ad+0x5761e @ 0x45761e
5bda1ebae689d2504fe87bc4ca6357ad+0x3ddae @ 0x43ddae
gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x775a62fa
GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x775a6d3a
CharPrevW+0x138 TranslateMessage-0x45 user32+0x177c4 @ 0x775a77c4
DispatchMessageW+0xf GetMessageW-0x58 user32+0x1788a @ 0x775a788a
5bda1ebae689d2504fe87bc4ca6357ad+0xa053a @ 0x4a053a

registers.esp: 1637232
registers.edi: 4356740
registers.eax: 1637232
registers.ebp: 1637312
registers.edx: 0
registers.ebx: 4469464
registers.esi: 32395824
registers.ecx: 7
exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b
exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727
exception.instruction: leave
exception.module: KERNELBASE.dll
exception.exception_code: 0xeedfade
exception.offset: 46887
exception.address: 0x778eb727
success 0 0
1619514949.741875
__exception__
stacktrace: 
5bda1ebae689d2504fe87bc4ca6357ad+0x4e1da @ 0x44e1da
5bda1ebae689d2504fe87bc4ca6357ad+0x5335d @ 0x45335d
5bda1ebae689d2504fe87bc4ca6357ad+0xa4126 @ 0x4a4126
5bda1ebae689d2504fe87bc4ca6357ad+0xa4383 @ 0x4a4383
5bda1ebae689d2504fe87bc4ca6357ad+0xa4f2c @ 0x4a4f2c
5bda1ebae689d2504fe87bc4ca6357ad+0xa4bf5 @ 0x4a4bf5
5bda1ebae689d2504fe87bc4ca6357ad+0xa5a3d @ 0x4a5a3d
5bda1ebae689d2504fe87bc4ca6357ad+0xa5e3b @ 0x4a5e3b
5bda1ebae689d2504fe87bc4ca6357ad+0x5761e @ 0x45761e
5bda1ebae689d2504fe87bc4ca6357ad+0x3ddae @ 0x43ddae
gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x775a62fa
GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x775a6d3a
CharPrevW+0x138 TranslateMessage-0x45 user32+0x177c4 @ 0x775a77c4
DispatchMessageW+0xf GetMessageW-0x58 user32+0x1788a @ 0x775a788a
5bda1ebae689d2504fe87bc4ca6357ad+0xa053a @ 0x4a053a

registers.esp: 1637232
registers.edi: 4356740
registers.eax: 1637232
registers.ebp: 1637312
registers.edx: 0
registers.ebx: 4469464
registers.esi: 32395248
registers.ecx: 7
exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b
exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727
exception.instruction: leave
exception.module: KERNELBASE.dll
exception.exception_code: 0xeedfade
exception.offset: 46887
exception.address: 0x778eb727
success 0 0
1619514953.366875
__exception__
stacktrace: 
5bda1ebae689d2504fe87bc4ca6357ad+0x4e1da @ 0x44e1da
5bda1ebae689d2504fe87bc4ca6357ad+0x5335d @ 0x45335d
5bda1ebae689d2504fe87bc4ca6357ad+0xa4126 @ 0x4a4126
5bda1ebae689d2504fe87bc4ca6357ad+0xa4383 @ 0x4a4383
5bda1ebae689d2504fe87bc4ca6357ad+0xa4f2c @ 0x4a4f2c
5bda1ebae689d2504fe87bc4ca6357ad+0xa4bf5 @ 0x4a4bf5
5bda1ebae689d2504fe87bc4ca6357ad+0xa5a3d @ 0x4a5a3d
5bda1ebae689d2504fe87bc4ca6357ad+0xa5e3b @ 0x4a5e3b
5bda1ebae689d2504fe87bc4ca6357ad+0x5761e @ 0x45761e
5bda1ebae689d2504fe87bc4ca6357ad+0x3ddae @ 0x43ddae
gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x775a62fa
GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x775a6d3a
CharPrevW+0x138 TranslateMessage-0x45 user32+0x177c4 @ 0x775a77c4
DispatchMessageW+0xf GetMessageW-0x58 user32+0x1788a @ 0x775a788a
5bda1ebae689d2504fe87bc4ca6357ad+0xa053a @ 0x4a053a

registers.esp: 1637232
registers.edi: 4356740
registers.eax: 1637232
registers.ebp: 1637312
registers.edx: 0
registers.ebx: 4469464
registers.esi: 32395312
registers.ecx: 7
exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b
exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727
exception.instruction: leave
exception.module: KERNELBASE.dll
exception.exception_code: 0xeedfade
exception.offset: 46887
exception.address: 0x778eb727
success 0 0
1619514958.069875
__exception__
stacktrace: 
5bda1ebae689d2504fe87bc4ca6357ad+0x4e1da @ 0x44e1da
5bda1ebae689d2504fe87bc4ca6357ad+0x5335d @ 0x45335d
5bda1ebae689d2504fe87bc4ca6357ad+0xa4126 @ 0x4a4126
5bda1ebae689d2504fe87bc4ca6357ad+0xa4383 @ 0x4a4383
5bda1ebae689d2504fe87bc4ca6357ad+0xa4f2c @ 0x4a4f2c
5bda1ebae689d2504fe87bc4ca6357ad+0xa4bf5 @ 0x4a4bf5
5bda1ebae689d2504fe87bc4ca6357ad+0xa5a3d @ 0x4a5a3d
5bda1ebae689d2504fe87bc4ca6357ad+0xa5e3b @ 0x4a5e3b
5bda1ebae689d2504fe87bc4ca6357ad+0x5761e @ 0x45761e
5bda1ebae689d2504fe87bc4ca6357ad+0x3ddae @ 0x43ddae
gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x775a62fa
GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x775a6d3a
CharPrevW+0x138 TranslateMessage-0x45 user32+0x177c4 @ 0x775a77c4
DispatchMessageW+0xf GetMessageW-0x58 user32+0x1788a @ 0x775a788a
5bda1ebae689d2504fe87bc4ca6357ad+0xa053a @ 0x4a053a

registers.esp: 1637232
registers.edi: 4356740
registers.eax: 1637232
registers.ebp: 1637312
registers.edx: 0
registers.ebx: 4469464
registers.esi: 32395248
registers.ecx: 7
exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b
exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727
exception.instruction: leave
exception.module: KERNELBASE.dll
exception.exception_code: 0xeedfade
exception.offset: 46887
exception.address: 0x778eb727
success 0 0
1619514961.616875
__exception__
stacktrace: 
5bda1ebae689d2504fe87bc4ca6357ad+0x4e1da @ 0x44e1da
5bda1ebae689d2504fe87bc4ca6357ad+0x5335d @ 0x45335d
5bda1ebae689d2504fe87bc4ca6357ad+0xa4126 @ 0x4a4126
5bda1ebae689d2504fe87bc4ca6357ad+0xa4383 @ 0x4a4383
5bda1ebae689d2504fe87bc4ca6357ad+0xa4f2c @ 0x4a4f2c
5bda1ebae689d2504fe87bc4ca6357ad+0xa4bf5 @ 0x4a4bf5
5bda1ebae689d2504fe87bc4ca6357ad+0xa5a3d @ 0x4a5a3d
5bda1ebae689d2504fe87bc4ca6357ad+0xa5e3b @ 0x4a5e3b
5bda1ebae689d2504fe87bc4ca6357ad+0x5761e @ 0x45761e
5bda1ebae689d2504fe87bc4ca6357ad+0x3ddae @ 0x43ddae
gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x775a62fa
GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x775a6d3a
CharPrevW+0x138 TranslateMessage-0x45 user32+0x177c4 @ 0x775a77c4
DispatchMessageW+0xf GetMessageW-0x58 user32+0x1788a @ 0x775a788a
5bda1ebae689d2504fe87bc4ca6357ad+0xa053a @ 0x4a053a

registers.esp: 1637232
registers.edi: 4356740
registers.eax: 1637232
registers.ebp: 1637312
registers.edx: 0
registers.ebx: 4469464
registers.esi: 32395312
registers.ecx: 7
exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b
exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727
exception.instruction: leave
exception.module: KERNELBASE.dll
exception.exception_code: 0xeedfade
exception.offset: 46887
exception.address: 0x778eb727
success 0 0
1619514965.319875
__exception__
stacktrace: 
5bda1ebae689d2504fe87bc4ca6357ad+0x4e1da @ 0x44e1da
5bda1ebae689d2504fe87bc4ca6357ad+0x5335d @ 0x45335d
5bda1ebae689d2504fe87bc4ca6357ad+0xa4126 @ 0x4a4126
5bda1ebae689d2504fe87bc4ca6357ad+0xa4383 @ 0x4a4383
5bda1ebae689d2504fe87bc4ca6357ad+0xa4f2c @ 0x4a4f2c
5bda1ebae689d2504fe87bc4ca6357ad+0xa4bf5 @ 0x4a4bf5
5bda1ebae689d2504fe87bc4ca6357ad+0xa5a3d @ 0x4a5a3d
5bda1ebae689d2504fe87bc4ca6357ad+0xa5e3b @ 0x4a5e3b
5bda1ebae689d2504fe87bc4ca6357ad+0x5761e @ 0x45761e
5bda1ebae689d2504fe87bc4ca6357ad+0x3ddae @ 0x43ddae
gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x775a62fa
GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x775a6d3a
CharPrevW+0x138 TranslateMessage-0x45 user32+0x177c4 @ 0x775a77c4
DispatchMessageW+0xf GetMessageW-0x58 user32+0x1788a @ 0x775a788a
5bda1ebae689d2504fe87bc4ca6357ad+0xa053a @ 0x4a053a

registers.esp: 1637232
registers.edi: 4356740
registers.eax: 1637232
registers.ebp: 1637312
registers.edx: 0
registers.ebx: 4469464
registers.esi: 32395248
registers.ecx: 7
exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b
exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727
exception.instruction: leave
exception.module: KERNELBASE.dll
exception.exception_code: 0xeedfade
exception.offset: 46887
exception.address: 0x778eb727
success 0 0
1619514968.788875
__exception__
stacktrace: 
5bda1ebae689d2504fe87bc4ca6357ad+0x4e1da @ 0x44e1da
5bda1ebae689d2504fe87bc4ca6357ad+0x5335d @ 0x45335d
5bda1ebae689d2504fe87bc4ca6357ad+0xa4126 @ 0x4a4126
5bda1ebae689d2504fe87bc4ca6357ad+0xa4383 @ 0x4a4383
5bda1ebae689d2504fe87bc4ca6357ad+0xa4f2c @ 0x4a4f2c
5bda1ebae689d2504fe87bc4ca6357ad+0xa4bf5 @ 0x4a4bf5
5bda1ebae689d2504fe87bc4ca6357ad+0xa5a3d @ 0x4a5a3d
5bda1ebae689d2504fe87bc4ca6357ad+0xa5e3b @ 0x4a5e3b
5bda1ebae689d2504fe87bc4ca6357ad+0x5761e @ 0x45761e
5bda1ebae689d2504fe87bc4ca6357ad+0x3ddae @ 0x43ddae
gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x775a62fa
GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x775a6d3a
CharPrevW+0x138 TranslateMessage-0x45 user32+0x177c4 @ 0x775a77c4
DispatchMessageW+0xf GetMessageW-0x58 user32+0x1788a @ 0x775a788a
5bda1ebae689d2504fe87bc4ca6357ad+0xa053a @ 0x4a053a

registers.esp: 1637232
registers.edi: 4356740
registers.eax: 1637232
registers.ebp: 1637312
registers.edx: 0
registers.ebx: 4469464
registers.esi: 32395312
registers.ecx: 7
exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b
exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727
exception.instruction: leave
exception.module: KERNELBASE.dll
exception.exception_code: 0xeedfade
exception.offset: 46887
exception.address: 0x778eb727
success 0 0
1619514972.428875
__exception__
stacktrace: 
5bda1ebae689d2504fe87bc4ca6357ad+0x4e1da @ 0x44e1da
5bda1ebae689d2504fe87bc4ca6357ad+0x5335d @ 0x45335d
5bda1ebae689d2504fe87bc4ca6357ad+0xa4126 @ 0x4a4126
5bda1ebae689d2504fe87bc4ca6357ad+0xa4383 @ 0x4a4383
5bda1ebae689d2504fe87bc4ca6357ad+0xa4f2c @ 0x4a4f2c
5bda1ebae689d2504fe87bc4ca6357ad+0xa4bf5 @ 0x4a4bf5
5bda1ebae689d2504fe87bc4ca6357ad+0xa5a3d @ 0x4a5a3d
5bda1ebae689d2504fe87bc4ca6357ad+0xa5e3b @ 0x4a5e3b
5bda1ebae689d2504fe87bc4ca6357ad+0x5761e @ 0x45761e
5bda1ebae689d2504fe87bc4ca6357ad+0x3ddae @ 0x43ddae
gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x775a62fa
GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x775a6d3a
CharPrevW+0x138 TranslateMessage-0x45 user32+0x177c4 @ 0x775a77c4
DispatchMessageW+0xf GetMessageW-0x58 user32+0x1788a @ 0x775a788a
5bda1ebae689d2504fe87bc4ca6357ad+0xa053a @ 0x4a053a

registers.esp: 1637232
registers.edi: 4356740
registers.eax: 1637232
registers.ebp: 1637312
registers.edx: 0
registers.ebx: 4469464
registers.esi: 32395248
registers.ecx: 7
exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b
exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727
exception.instruction: leave
exception.module: KERNELBASE.dll
exception.exception_code: 0xeedfade
exception.offset: 46887
exception.address: 0x778eb727
success 0 0
1619514975.928875
__exception__
stacktrace: 
5bda1ebae689d2504fe87bc4ca6357ad+0x4e1da @ 0x44e1da
5bda1ebae689d2504fe87bc4ca6357ad+0x5335d @ 0x45335d
5bda1ebae689d2504fe87bc4ca6357ad+0xa4126 @ 0x4a4126
5bda1ebae689d2504fe87bc4ca6357ad+0xa4383 @ 0x4a4383
5bda1ebae689d2504fe87bc4ca6357ad+0xa4f2c @ 0x4a4f2c
5bda1ebae689d2504fe87bc4ca6357ad+0xa4bf5 @ 0x4a4bf5
5bda1ebae689d2504fe87bc4ca6357ad+0xa5a3d @ 0x4a5a3d
5bda1ebae689d2504fe87bc4ca6357ad+0xa5e3b @ 0x4a5e3b
5bda1ebae689d2504fe87bc4ca6357ad+0x5761e @ 0x45761e
5bda1ebae689d2504fe87bc4ca6357ad+0x3ddae @ 0x43ddae
gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x775a62fa
GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x775a6d3a
CharPrevW+0x138 TranslateMessage-0x45 user32+0x177c4 @ 0x775a77c4
DispatchMessageW+0xf GetMessageW-0x58 user32+0x1788a @ 0x775a788a
5bda1ebae689d2504fe87bc4ca6357ad+0xa053a @ 0x4a053a

registers.esp: 1637232
registers.edi: 4356740
registers.eax: 1637232
registers.ebp: 1637312
registers.edx: 0
registers.ebx: 4469464
registers.esi: 32395312
registers.ecx: 7
exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b
exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727
exception.instruction: leave
exception.module: KERNELBASE.dll
exception.exception_code: 0xeedfade
exception.offset: 46887
exception.address: 0x778eb727
success 0 0
1619514979.413875
__exception__
stacktrace: 
5bda1ebae689d2504fe87bc4ca6357ad+0x4e1da @ 0x44e1da
5bda1ebae689d2504fe87bc4ca6357ad+0x5335d @ 0x45335d
5bda1ebae689d2504fe87bc4ca6357ad+0xa4126 @ 0x4a4126
5bda1ebae689d2504fe87bc4ca6357ad+0xa4383 @ 0x4a4383
5bda1ebae689d2504fe87bc4ca6357ad+0xa4f2c @ 0x4a4f2c
5bda1ebae689d2504fe87bc4ca6357ad+0xa4bf5 @ 0x4a4bf5
5bda1ebae689d2504fe87bc4ca6357ad+0xa5a3d @ 0x4a5a3d
5bda1ebae689d2504fe87bc4ca6357ad+0xa5e3b @ 0x4a5e3b
5bda1ebae689d2504fe87bc4ca6357ad+0x5761e @ 0x45761e
5bda1ebae689d2504fe87bc4ca6357ad+0x3ddae @ 0x43ddae
gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x775a62fa
GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x775a6d3a
CharPrevW+0x138 TranslateMessage-0x45 user32+0x177c4 @ 0x775a77c4
DispatchMessageW+0xf GetMessageW-0x58 user32+0x1788a @ 0x775a788a
5bda1ebae689d2504fe87bc4ca6357ad+0xa053a @ 0x4a053a

registers.esp: 1637232
registers.edi: 4356740
registers.eax: 1637232
registers.ebp: 1637312
registers.edx: 0
registers.ebx: 4469464
registers.esi: 32395248
registers.ecx: 7
exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b
exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727
exception.instruction: leave
exception.module: KERNELBASE.dll
exception.exception_code: 0xeedfade
exception.offset: 46887
exception.address: 0x778eb727
success 0 0
1619514984.881875
__exception__
stacktrace: 
5bda1ebae689d2504fe87bc4ca6357ad+0x4e1da @ 0x44e1da
5bda1ebae689d2504fe87bc4ca6357ad+0x5335d @ 0x45335d
5bda1ebae689d2504fe87bc4ca6357ad+0xa4126 @ 0x4a4126
5bda1ebae689d2504fe87bc4ca6357ad+0xa4383 @ 0x4a4383
5bda1ebae689d2504fe87bc4ca6357ad+0xa4f2c @ 0x4a4f2c
5bda1ebae689d2504fe87bc4ca6357ad+0xa4bf5 @ 0x4a4bf5
5bda1ebae689d2504fe87bc4ca6357ad+0xa5a3d @ 0x4a5a3d
5bda1ebae689d2504fe87bc4ca6357ad+0xa5e3b @ 0x4a5e3b
5bda1ebae689d2504fe87bc4ca6357ad+0x5761e @ 0x45761e
5bda1ebae689d2504fe87bc4ca6357ad+0x3ddae @ 0x43ddae
gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x775a62fa
GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x775a6d3a
CharPrevW+0x138 TranslateMessage-0x45 user32+0x177c4 @ 0x775a77c4
DispatchMessageW+0xf GetMessageW-0x58 user32+0x1788a @ 0x775a788a
5bda1ebae689d2504fe87bc4ca6357ad+0xa053a @ 0x4a053a

registers.esp: 1637232
registers.edi: 4356740
registers.eax: 1637232
registers.ebp: 1637312
registers.edx: 0
registers.ebx: 4469464
registers.esi: 32395312
registers.ecx: 7
exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b
exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727
exception.instruction: leave
exception.module: KERNELBASE.dll
exception.exception_code: 0xeedfade
exception.offset: 46887
exception.address: 0x778eb727
success 0 0
1619514995.928875
__exception__
stacktrace: 
5bda1ebae689d2504fe87bc4ca6357ad+0x4e1da @ 0x44e1da
5bda1ebae689d2504fe87bc4ca6357ad+0x5335d @ 0x45335d
5bda1ebae689d2504fe87bc4ca6357ad+0xa4126 @ 0x4a4126
5bda1ebae689d2504fe87bc4ca6357ad+0xa4383 @ 0x4a4383
5bda1ebae689d2504fe87bc4ca6357ad+0xa4f2c @ 0x4a4f2c
5bda1ebae689d2504fe87bc4ca6357ad+0xa4bf5 @ 0x4a4bf5
5bda1ebae689d2504fe87bc4ca6357ad+0xa5a3d @ 0x4a5a3d
5bda1ebae689d2504fe87bc4ca6357ad+0xa5e3b @ 0x4a5e3b
5bda1ebae689d2504fe87bc4ca6357ad+0x5761e @ 0x45761e
5bda1ebae689d2504fe87bc4ca6357ad+0x3ddae @ 0x43ddae
gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x775a62fa
GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x775a6d3a
CharPrevW+0x138 TranslateMessage-0x45 user32+0x177c4 @ 0x775a77c4
DispatchMessageW+0xf GetMessageW-0x58 user32+0x1788a @ 0x775a788a
5bda1ebae689d2504fe87bc4ca6357ad+0xa053a @ 0x4a053a

registers.esp: 1637232
registers.edi: 4356740
registers.eax: 1637232
registers.ebp: 1637312
registers.edx: 0
registers.ebx: 4469464
registers.esi: 32395760
registers.ecx: 7
exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b
exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727
exception.instruction: leave
exception.module: KERNELBASE.dll
exception.exception_code: 0xeedfade
exception.offset: 46887
exception.address: 0x778eb727
success 0 0
行为判定
动态指标
HTTP traffic contains suspicious features which may be indicative of malware related traffic (1 个事件)
suspicious_features POST method with no referer header suspicious_request POST https://update.googleapis.com/service/update2?cup2key=10:644936448&cup2hreq=6f23cc78427d459d65959b91bc3e4092fc314d08944fdbc569ec66eb18da2bee
Performs some HTTP requests (1 个事件)
request POST https://update.googleapis.com/service/update2?cup2key=10:644936448&cup2hreq=6f23cc78427d459d65959b91bc3e4092fc314d08944fdbc569ec66eb18da2bee
Sends data using the HTTP POST Method (1 个事件)
request POST https://update.googleapis.com/service/update2?cup2key=10:644936448&cup2hreq=6f23cc78427d459d65959b91bc3e4092fc314d08944fdbc569ec66eb18da2bee
Allocates read-write-execute memory (usually to unpack itself) (2 个事件)
Time & API Arguments Status Return Repeated
1619514921.944875
NtAllocateVirtualMemory
process_identifier: 3060
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x005c0000
success 0 0
1619514564.931271
NtAllocateVirtualMemory
process_identifier: 1424
region_size: 65536
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffffffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x0000000004080000
success 0 0
Checks whether any human activity is being performed by constantly checking whether the foreground window changed
Creates executable files on the filesystem (23 个事件)
file C:\Program Files\Microsoft Games\Multiplayer\Checkers\chkrzm.exe
file C:\Program Files\Microsoft Games\Mahjong\Mahjong.exe
file C:\Program Files\Google\Chrome\Application\89.0.4389.114\notification_helper.exe
file C:\Program Files\Oracle\VirtualBox Guest Additions\uninst.exe
file C:\Program Files\Google\Chrome\Application\89.0.4389.114\Installer\chrmstp.exe
file C:\Program Files\Google\Chrome\Application\89.0.4389.114\Installer\setup.exe
file C:\Program Files\Microsoft Games\FreeCell\FreeCell.exe
file C:\Python27\python.exe
file C:\Program Files\Microsoft Games\Chess\Chess.exe
file C:\Program Files\Microsoft Games\Hearts\Hearts.exe
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\Paint.exe
file C:\Program Files\Microsoft Games\SpiderSolitaire\SpiderSolitaire.exe
file C:\Python27\Lib\distutils\command\wininst-6.0.exe
file C:\Program Files\Microsoft Games\Purble Place\PurblePlace.exe
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Paint.lnk
file C:\Program Files\Microsoft Games\Multiplayer\Spades\shvlzm.exe
file C:\Program Files\Microsoft Games\Multiplayer\Backgammon\bckgzm.exe
file C:\Program Files\Microsoft Games\Minesweeper\MineSweeper.exe
file C:\Program Files\Google\Chrome\Application\89.0.4389.114\elevation_service.exe
file C:\Program Files\Google\Chrome\Application\89.0.4389.114\chrome_pwa_launcher.exe
file C:\Program Files\Google\Chrome\Application\chrome_proxy.exe
file C:\Program Files\Microsoft Games\Solitaire\Solitaire.exe
file C:\Program Files\Google\Chrome\Application\chrome.exe
Creates a shortcut to an executable file (1 个事件)
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Paint.lnk
网络通信
Communicates with host for which no DNS query was performed (1 个事件)
host 172.217.24.14
Installs itself for autorun at Windows startup (1 个事件)
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Paint.lnk
Detects VirtualBox through the presence of a file (5 个事件)
file C:\Program Files\Oracle\VirtualBox Guest Additions\vVBoxControl.exe
file C:\Program Files\Oracle\VirtualBox Guest Additions\VBoxTray.exe
file C:\Program Files\Oracle\VirtualBox Guest Additions\VBoxDrvInst.exe
file C:\Program Files\Oracle\VirtualBox Guest Additions\VBoxWHQLFake.exe
file C:\Program Files\Oracle\VirtualBox Guest Additions\uninst.exe
Generates some ICMP traffic
Connects to an IP address that is no longer responding to requests (legitimate services will remain up-and-running usually) (1 个事件)
dead_host 172.217.160.110:443
File has been identified by 67 AntiVirus engines on VirusTotal as malicious (50 out of 67 个事件)
Bkav W32.MafocenMV.RSF
Elastic malicious (high confidence)
MicroWorld-eScan Win32.Grenam.V
FireEye Generic.mg.5bda1ebae689d250
CAT-QuickHeal W32.Grenam.A13
ALYac Win32.Grenam.V
Cylance Unsafe
Zillya Trojan.Cerber.Win32.69
Sangfor Malware
K7AntiVirus Virus ( 0040f9341 )
Alibaba virus:Win32/InfectPE.ali2000007
K7GW Virus ( 0040f9341 )
Cybereason malicious.ae689d
Arcabit Win32.Grenam.V
BitDefenderTheta AI:Packer.AA0AA6D218
Cyren W32/Agent.ASA.gen!Eldorado
Symantec W32.Tapin
TotalDefense Win32/Pintu.A
Baidu Win32.Worm.AutoRun.bu
APEX Malicious
Paloalto generic.ml
ClamAV Win.Virus.Tainp-1
Kaspersky Virus.Win32.Renamer.j
BitDefender Win32.Grenam.V
NANO-Antivirus Virus.Win32.Renamer.lxyhd
ViRobot Win32.Renamer.B
Tencent Virus.Win32.Renamer.b
Ad-Aware Win32.Grenam.V
TACHYON Worm/W32.DP-Renamer.844288
Emsisoft Win32.Grenam.V (B)
Comodo TrojWare.Win32.Spy.E@4pfq97
F-Secure Trojan.TR/ATRAPS.Gen
DrWeb Trojan.DownLoad4.10434
VIPRE Virus.Win32.Pintu.a (v)
TrendMicro WORM_RENAMER.AD
McAfee-GW-Edition BehavesLike.Win32.Tainp.ch
Sophos Mal/Generic-R + W32/Renamer-M
SentinelOne Static AI - Malicious PE
Jiangmin Trojan/Genome.axcm
eGambit Unsafe.AI_Score_91%
Avira TR/ATRAPS.Gen
Antiy-AVL Virus/Win32.Renamer.j
Gridinsoft Trojan.Win32.Delf.ko!s1
Microsoft Virus:Win32/Grenam.B
AegisLab Virus.Win32.Renamer.lCUC
ZoneAlarm Virus.Win32.Renamer.j
GData Win32.Grenam.V
Cynet Malicious (score: 100)
AhnLab-V3 Win32/Unruy.H.X1603
Acronis suspicious
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

1999-03-31 09:43:10

Imports

Library oleaut32.dll:
0x4b5990 SysFreeString
0x4b5994 SysReAllocStringLen
0x4b5998 SysAllocStringLen
Library advapi32.dll:
0x4b59a0 RegQueryValueExW
0x4b59a4 RegOpenKeyExW
0x4b59a8 RegCloseKey
Library user32.dll:
0x4b59b0 LoadStringW
0x4b59b4 MessageBoxA
0x4b59b8 CharNextW
Library kernel32.dll:
0x4b59c0 lstrcmpiA
0x4b59c4 LoadLibraryA
0x4b59c8 LocalFree
0x4b59cc LocalAlloc
0x4b59d0 GetACP
0x4b59d4 Sleep
0x4b59d8 VirtualFree
0x4b59dc VirtualAlloc
0x4b59e0 GetSystemInfo
0x4b59e4 GetTickCount
0x4b59ec GetVersion
0x4b59f0 GetCurrentThreadId
0x4b59f4 VirtualQuery
0x4b59f8 WideCharToMultiByte
0x4b59fc MultiByteToWideChar
0x4b5a00 lstrlenW
0x4b5a04 lstrcpynW
0x4b5a08 LoadLibraryExW
0x4b5a0c IsValidLocale
0x4b5a14 GetStartupInfoA
0x4b5a18 GetProcAddress
0x4b5a1c GetModuleHandleW
0x4b5a20 GetModuleFileNameW
0x4b5a28 GetLocaleInfoW
0x4b5a2c GetLastError
0x4b5a30 GetCommandLineW
0x4b5a34 FreeLibrary
0x4b5a38 FindFirstFileW
0x4b5a3c FindClose
0x4b5a40 ExitProcess
0x4b5a44 ExitThread
0x4b5a48 CreateThread
0x4b5a4c CompareStringW
0x4b5a50 WriteFile
0x4b5a58 SetFilePointer
0x4b5a5c SetEndOfFile
0x4b5a60 RtlUnwind
0x4b5a64 ReadFile
0x4b5a68 RaiseException
0x4b5a6c GetStdHandle
0x4b5a70 GetFileSize
0x4b5a74 GetFileType
0x4b5a88 CreateFileW
0x4b5a8c CloseHandle
Library kernel32.dll:
0x4b5a94 TlsSetValue
0x4b5a98 TlsGetValue
0x4b5a9c LocalAlloc
0x4b5aa0 GetModuleHandleW
Library user32.dll:
0x4b5aa8 CreateWindowExW
0x4b5aac WindowFromPoint
0x4b5ab0 WaitMessage
0x4b5ab4 UpdateWindow
0x4b5ab8 UnregisterClassW
0x4b5abc UnhookWindowsHookEx
0x4b5ac0 TranslateMessage
0x4b5ac8 TrackPopupMenu
0x4b5ad0 ShowWindow
0x4b5ad4 ShowScrollBar
0x4b5ad8 ShowOwnedPopups
0x4b5adc SetWindowsHookExW
0x4b5ae0 SetWindowTextW
0x4b5ae4 SetWindowPos
0x4b5ae8 SetWindowPlacement
0x4b5aec SetWindowLongW
0x4b5af0 SetTimer
0x4b5af4 SetScrollRange
0x4b5af8 SetScrollPos
0x4b5afc SetScrollInfo
0x4b5b00 SetRect
0x4b5b04 SetPropW
0x4b5b08 SetParent
0x4b5b0c SetMenuItemInfoW
0x4b5b10 SetMenu
0x4b5b14 SetForegroundWindow
0x4b5b18 SetFocus
0x4b5b1c SetCursorPos
0x4b5b20 SetCursor
0x4b5b24 SetClassLongW
0x4b5b28 SetCapture
0x4b5b2c SetActiveWindow
0x4b5b30 SendMessageA
0x4b5b34 SendMessageW
0x4b5b38 ScrollWindow
0x4b5b3c ScreenToClient
0x4b5b40 RemovePropW
0x4b5b44 RemoveMenu
0x4b5b48 ReleaseDC
0x4b5b4c ReleaseCapture
0x4b5b58 RegisterClassW
0x4b5b5c RedrawWindow
0x4b5b60 PostQuitMessage
0x4b5b64 PostMessageW
0x4b5b68 PeekMessageA
0x4b5b6c PeekMessageW
0x4b5b70 OffsetRect
0x4b5b7c MessageBoxW
0x4b5b80 MapWindowPoints
0x4b5b84 MapVirtualKeyW
0x4b5b88 LoadStringW
0x4b5b8c LoadKeyboardLayoutW
0x4b5b90 LoadIconW
0x4b5b94 LoadCursorW
0x4b5b98 LoadBitmapW
0x4b5b9c KillTimer
0x4b5ba0 IsZoomed
0x4b5ba4 IsWindowVisible
0x4b5ba8 IsWindowUnicode
0x4b5bac IsWindowEnabled
0x4b5bb0 IsWindow
0x4b5bb4 IsIconic
0x4b5bb8 IsDialogMessageA
0x4b5bbc IsDialogMessageW
0x4b5bc0 IsChild
0x4b5bc4 InvalidateRect
0x4b5bc8 IntersectRect
0x4b5bcc InsertMenuItemW
0x4b5bd0 InsertMenuW
0x4b5bd4 InflateRect
0x4b5bdc GetWindowTextW
0x4b5be0 GetWindowRect
0x4b5be4 GetWindowPlacement
0x4b5be8 GetWindowLongW
0x4b5bec GetWindowDC
0x4b5bf0 GetTopWindow
0x4b5bf4 GetSystemMetrics
0x4b5bf8 GetSystemMenu
0x4b5bfc GetSysColorBrush
0x4b5c00 GetSysColor
0x4b5c04 GetSubMenu
0x4b5c08 GetScrollRange
0x4b5c0c GetScrollPos
0x4b5c10 GetScrollInfo
0x4b5c14 GetPropW
0x4b5c18 GetParent
0x4b5c1c GetWindow
0x4b5c20 GetMessagePos
0x4b5c24 GetMessageExtraInfo
0x4b5c28 GetMenuStringW
0x4b5c2c GetMenuState
0x4b5c30 GetMenuItemInfoW
0x4b5c34 GetMenuItemID
0x4b5c38 GetMenuItemCount
0x4b5c3c GetMenu
0x4b5c40 GetLastActivePopup
0x4b5c44 GetKeyboardState
0x4b5c50 GetKeyboardLayout
0x4b5c54 GetKeyState
0x4b5c58 GetKeyNameTextW
0x4b5c5c GetIconInfo
0x4b5c60 GetForegroundWindow
0x4b5c64 GetFocus
0x4b5c68 GetDesktopWindow
0x4b5c6c GetDCEx
0x4b5c70 GetDC
0x4b5c74 GetCursorPos
0x4b5c78 GetCursor
0x4b5c7c GetClientRect
0x4b5c80 GetClassLongW
0x4b5c84 GetClassInfoW
0x4b5c88 GetCapture
0x4b5c8c GetActiveWindow
0x4b5c90 FrameRect
0x4b5c94 FindWindowExW
0x4b5c98 FindWindowW
0x4b5c9c FillRect
0x4b5ca0 EnumWindows
0x4b5ca4 EnumThreadWindows
0x4b5ca8 EnumChildWindows
0x4b5cac EndPaint
0x4b5cb0 EnableWindow
0x4b5cb4 EnableScrollBar
0x4b5cb8 EnableMenuItem
0x4b5cbc DrawTextExW
0x4b5cc0 DrawTextW
0x4b5cc4 DrawMenuBar
0x4b5cc8 DrawIconEx
0x4b5ccc DrawIcon
0x4b5cd0 DrawFrameControl
0x4b5cd4 DrawFocusRect
0x4b5cd8 DrawEdge
0x4b5cdc DispatchMessageA
0x4b5ce0 DispatchMessageW
0x4b5ce4 DestroyWindow
0x4b5ce8 DestroyMenu
0x4b5cec DestroyIcon
0x4b5cf0 DestroyCursor
0x4b5cf4 DeleteMenu
0x4b5cf8 DefWindowProcW
0x4b5cfc DefMDIChildProcW
0x4b5d00 DefFrameProcW
0x4b5d04 CreatePopupMenu
0x4b5d08 CreateMenu
0x4b5d0c CreateIcon
0x4b5d14 CopyIcon
0x4b5d18 ClientToScreen
0x4b5d1c CheckMenuItem
0x4b5d20 CharUpperBuffW
0x4b5d24 CharNextW
0x4b5d28 CharLowerW
0x4b5d2c CallWindowProcW
0x4b5d30 CallNextHookEx
0x4b5d34 BeginPaint
0x4b5d38 AdjustWindowRectEx
Library msimg32.dll:
0x4b5d44 AlphaBlend
Library gdi32.dll:
0x4b5d4c UnrealizeObject
0x4b5d50 StretchDIBits
0x4b5d54 StretchBlt
0x4b5d58 StartPage
0x4b5d5c StartDocW
0x4b5d60 SetWindowOrgEx
0x4b5d64 SetViewportOrgEx
0x4b5d68 SetTextColor
0x4b5d6c SetStretchBltMode
0x4b5d70 SetROP2
0x4b5d74 SetPixel
0x4b5d78 SetDIBits
0x4b5d7c SetDIBColorTable
0x4b5d80 SetBrushOrgEx
0x4b5d84 SetBkMode
0x4b5d88 SetBkColor
0x4b5d8c SetAbortProc
0x4b5d90 SelectPalette
0x4b5d94 SelectObject
0x4b5d98 SaveDC
0x4b5d9c RoundRect
0x4b5da0 RestoreDC
0x4b5da4 Rectangle
0x4b5da8 RectVisible
0x4b5dac RealizePalette
0x4b5db0 Polyline
0x4b5db4 Polygon
0x4b5db8 PolyBezierTo
0x4b5dbc PolyBezier
0x4b5dc0 Pie
0x4b5dc4 PatBlt
0x4b5dc8 MoveToEx
0x4b5dcc MaskBlt
0x4b5dd0 LineTo
0x4b5dd4 IntersectClipRect
0x4b5dd8 GetWindowOrgEx
0x4b5ddc GetTextMetricsW
0x4b5de8 GetStockObject
0x4b5dec GetRgnBox
0x4b5df0 GetPixel
0x4b5df4 GetPaletteEntries
0x4b5df8 GetObjectW
0x4b5dfc GetDeviceCaps
0x4b5e00 GetDIBits
0x4b5e04 GetDIBColorTable
0x4b5e08 GetDCOrgEx
0x4b5e10 GetClipBox
0x4b5e14 GetBrushOrgEx
0x4b5e18 GetBitmapBits
0x4b5e1c FrameRgn
0x4b5e20 ExtTextOutW
0x4b5e24 ExtFloodFill
0x4b5e28 ExcludeClipRect
0x4b5e2c EnumFontsW
0x4b5e30 EnumFontFamiliesExW
0x4b5e34 EndPage
0x4b5e38 EndDoc
0x4b5e3c Ellipse
0x4b5e40 DeleteObject
0x4b5e44 DeleteDC
0x4b5e48 CreateSolidBrush
0x4b5e4c CreateRectRgn
0x4b5e50 CreatePenIndirect
0x4b5e54 CreatePalette
0x4b5e58 CreateICW
0x4b5e60 CreateFontIndirectW
0x4b5e64 CreateDIBitmap
0x4b5e68 CreateDIBSection
0x4b5e6c CreateDCW
0x4b5e70 CreateCompatibleDC
0x4b5e78 CreateBrushIndirect
0x4b5e7c CreateBitmap
0x4b5e80 Chord
0x4b5e84 BitBlt
0x4b5e88 Arc
0x4b5e8c AbortDoc
Library version.dll:
0x4b5e94 VerQueryValueW
0x4b5e9c GetFileVersionInfoW
Library kernel32.dll:
0x4b5ea4 lstrcpyW
0x4b5ea8 WriteFile
0x4b5eac WideCharToMultiByte
0x4b5eb0 WaitForSingleObject
0x4b5eb8 VirtualQueryEx
0x4b5ebc VirtualQuery
0x4b5ec0 VirtualFree
0x4b5ec4 VirtualAlloc
0x4b5ec8 UpdateResourceW
0x4b5ed0 SwitchToThread
0x4b5ed4 SuspendThread
0x4b5ed8 SizeofResource
0x4b5edc SignalObjectAndWait
0x4b5ee0 SetThreadPriority
0x4b5ee4 SetThreadLocale
0x4b5ee8 SetLastError
0x4b5eec SetFilePointer
0x4b5ef0 SetFileAttributesW
0x4b5ef4 SetEvent
0x4b5ef8 SetErrorMode
0x4b5efc SetEndOfFile
0x4b5f00 ResumeThread
0x4b5f04 ResetEvent
0x4b5f08 ReadFile
0x4b5f0c RaiseException
0x4b5f10 IsDebuggerPresent
0x4b5f14 OpenMutexW
0x4b5f18 MultiByteToWideChar
0x4b5f1c MulDiv
0x4b5f20 MoveFileW
0x4b5f24 LockResource
0x4b5f28 LoadResource
0x4b5f2c LoadLibraryW
0x4b5f38 GlobalUnlock
0x4b5f3c GlobalLock
0x4b5f40 GlobalFree
0x4b5f44 GlobalFindAtomW
0x4b5f48 GlobalDeleteAtom
0x4b5f4c GlobalAlloc
0x4b5f50 GlobalAddAtomW
0x4b5f54 GetVersionExW
0x4b5f58 GetVersion
0x4b5f5c GetTickCount
0x4b5f60 GetThreadPriority
0x4b5f64 GetThreadLocale
0x4b5f68 GetStdHandle
0x4b5f6c GetProcAddress
0x4b5f70 GetModuleHandleW
0x4b5f74 GetModuleFileNameW
0x4b5f7c GetLocaleInfoW
0x4b5f80 GetLocalTime
0x4b5f84 GetLastError
0x4b5f88 GetFullPathNameW
0x4b5f8c GetFileAttributesW
0x4b5f90 GetExitCodeThread
0x4b5f94 GetDriveTypeW
0x4b5f98 GetDiskFreeSpaceW
0x4b5f9c GetDateFormatW
0x4b5fa0 GetCurrentThreadId
0x4b5fa4 GetCurrentThread
0x4b5fa8 GetCurrentProcessId
0x4b5fac GetCurrentProcess
0x4b5fb0 GetCPInfo
0x4b5fb4 FreeResource
0x4b5fbc InterlockedExchange
0x4b5fc4 FreeLibrary
0x4b5fc8 FormatMessageW
0x4b5fcc FindResourceW
0x4b5fd0 FindNextFileW
0x4b5fd4 FindFirstFileW
0x4b5fd8 FindClose
0x4b5fe4 EnumCalendarInfoW
0x4b5fec EndUpdateResourceW
0x4b5ff0 DeleteFileW
0x4b5ff8 CreateThread
0x4b5ffc CreateMutexW
0x4b6000 CreateFileW
0x4b6004 CreateEventW
0x4b6008 CompareStringW
0x4b600c CloseHandle
Library advapi32.dll:
0x4b6018 RegUnLoadKeyW
0x4b601c RegSetValueExW
0x4b6020 RegSaveKeyW
0x4b6024 RegRestoreKeyW
0x4b6028 RegReplaceKeyW
0x4b602c RegQueryValueExW
0x4b6030 RegQueryInfoKeyW
0x4b6034 RegOpenKeyExW
0x4b6038 RegLoadKeyW
0x4b603c RegFlushKey
0x4b6040 RegEnumValueW
0x4b6044 RegEnumKeyExW
0x4b6048 RegDeleteValueW
0x4b604c RegDeleteKeyW
0x4b6050 RegCreateKeyExW
0x4b6054 RegConnectRegistryW
0x4b6058 RegCloseKey
Library oleaut32.dll:
0x4b6060 GetErrorInfo
0x4b6064 SysFreeString
Library ole32.dll:
0x4b606c OleUninitialize
0x4b6070 OleInitialize
0x4b6074 CoTaskMemFree
0x4b6078 StringFromCLSID
0x4b607c CoCreateInstance
0x4b6080 CoUninitialize
0x4b6084 CoInitialize
Library comctl32.dll:
0x4b608c InitializeFlatSB
0x4b6094 FlatSB_SetScrollPos
0x4b609c FlatSB_GetScrollPos
0x4b60a4 _TrackMouseEvent
0x4b60b4 ImageList_Write
0x4b60b8 ImageList_Read
0x4b60c4 ImageList_DragMove
0x4b60c8 ImageList_DragLeave
0x4b60cc ImageList_DragEnter
0x4b60d0 ImageList_EndDrag
0x4b60d4 ImageList_BeginDrag
0x4b60d8 ImageList_Copy
0x4b60e0 ImageList_GetIcon
0x4b60e4 ImageList_Remove
0x4b60e8 ImageList_DrawEx
0x4b60ec ImageList_Replace
0x4b60f0 ImageList_Draw
0x4b6104 ImageList_Add
0x4b6110 ImageList_Destroy
0x4b6114 ImageList_Create
Library kernel32.dll:
0x4b611c Sleep
Library oleaut32.dll:
0x4b6124 SafeArrayPtrOfIndex
0x4b6128 SafeArrayGetUBound
0x4b612c SafeArrayGetLBound
0x4b6130 SafeArrayCreate
0x4b6134 VariantChangeType
0x4b6138 VariantCopy
0x4b613c VariantClear
0x4b6140 VariantInit
Library shell32.dll:
0x4b6148 ShellExecuteW
0x4b614c ExtractIconW
Library shell32.dll:
Library winspool.drv:
0x4b6160 OpenPrinterW
0x4b6164 EnumPrintersW
0x4b6168 DocumentPropertiesW
0x4b616c ClosePrinter
Library winspool.drv:
0x4b6174 GetDefaultPrinterW

Hosts

No hosts contacted.

TCP

Source Source Port Destination Destination Port
192.168.56.101 49198 203.208.41.98 update.googleapis.com 443

UDP

Source Source Port Destination Destination Port
192.168.56.101 49235 114.114.114.114 53
192.168.56.101 50534 114.114.114.114 53
192.168.56.101 51378 114.114.114.114 53
192.168.56.101 56539 114.114.114.114 53
192.168.56.101 57756 114.114.114.114 53
192.168.56.101 58367 114.114.114.114 53
192.168.56.101 65004 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 123 20.189.79.72 time.windows.com 123
192.168.56.101 50002 224.0.0.252 5355
192.168.56.101 53237 224.0.0.252 5355
192.168.56.101 53657 224.0.0.252 5355
192.168.56.101 55368 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 60123 224.0.0.252 5355
192.168.56.101 62191 224.0.0.252 5355
192.168.56.101 1900 239.255.255.250 1900
192.168.56.101 56540 239.255.255.250 3702
192.168.56.101 56807 239.255.255.250 1900

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.