SmartHawk

3.8

中危

48 个模型检测该样本为恶意！

重新分析

下载样本

9c62d911a4efd2a37364d26439085d493ca2ab7e4b0fa90ba2f5d937e99e5bdf

5c49f2098dc63b81fac25d387f4f73b3.exe

分析耗时

47s

最近分析

文件大小

777.5KB

静态报毒动态报毒 3SKKSR+CI1C AI SCORE=87 BEHAVIOR BLUTEAL CLOUD CONFIDENCE DELF ELDORADO ELRO FAKEXLS@CV GDSDA GENERICKD HKBXSC MALICIOUS MALWARE@#JP4B542N4YCC R337273 REMCOS SIGGEN9 SUSGEN TRJGEN TSCOPE UNSAFE VSNTE820 WACATAC 更多

未检测暂无鹰眼引擎检测结果

查杀引擎	查杀结果	查杀时间	查杀版本
McAfee	RDN/Generic.grp	20200523	6.0.6.653
Alibaba	Backdoor:Win32/Injector.711e0645	20190527	0.3.0.5
Baidu		20190318	1.0.0.2
Avast	Win32:Trojan-gen	20200523	18.4.3895.0
Tencent		20200523	1.0.0.1
Kingsoft		20200523	2013.8.14.323
CrowdStrike	win/malicious_confidence_70% (W)	20190702	1.0

The executable contains unknown PE section names indicative of a packer (could be a false positive) (1 个事件)

section

.itext

The executable uses a known packer (1 个事件)

packer

BobSoft Mini Delphi -> BoB / BobSoft

One or more processes crashed (1 个事件)

Time & API	Arguments	Status	Return	Repeated
1619513327.402334 __exception__	stacktrace: 0x54 registers.esp: 57605144 registers.edi: 0 registers.eax: 0 registers.ebp: 57605172 registers.edx: 0 registers.ebx: 0 registers.esi: 57605188 registers.ecx: 0 exception.instruction_r: 8b 40 3c 99 03 04 24 13 54 24 04 83 c4 08 89 44 exception.instruction: mov eax, dword ptr [eax + 0x3c] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x2238c4c	success	0	0

Allocates read-write-execute memory (usually to unpack itself) (1 个事件)

Time & API	Arguments	Status	Return	Repeated
1619513303.027334 NtAllocateVirtualMemory	process_identifier: 784 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 4096 (MEM_COMMIT) base_address: 0x005e0000	success	0	0

Checks adapter addresses which can be used to detect virtual network interfaces (1 个事件)

Time & API	Arguments	Status	Return	Repeated
1619513324.246334 GetAdaptersAddresses	flags: 0 family: 0	failed	111	0

Communicates with host for which no DNS query was performed (1 个事件)

host

172.217.24.14

Sets or modifies WPAD proxy autoconfiguration file for traffic interception (8 个事件)

Time & API	Arguments	Status
1619513326.824334 RegSetValueExA	key_handle: 0x000003d0 value: 1 regkey_r: WpadDecisionReason reg_type: 4 (REG_DWORD) regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionReason	success
1619513326.824334 RegSetValueExA	key_handle: 0x000003d0 value: Öb;× regkey_r: WpadDecisionTime reg_type: 3 (REG_BINARY) regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionTime	success
1619513326.824334 RegSetValueExA	key_handle: 0x000003d0 value: 3 regkey_r: WpadDecision reg_type: 4 (REG_DWORD) regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecision	success
1619513326.824334 RegSetValueExW	key_handle: 0x000003d0 value: 网络 2 regkey_r: WpadNetworkName reg_type: 1 (REG_SZ) regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadNetworkName	success
1619513326.824334 RegSetValueExA	key_handle: 0x000003e8 value: 1 regkey_r: WpadDecisionReason reg_type: 4 (REG_DWORD) regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionReason	success
1619513326.840334 RegSetValueExA	key_handle: 0x000003e8 value: Öb;× regkey_r: WpadDecisionTime reg_type: 3 (REG_BINARY) regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionTime	success
1619513326.840334 RegSetValueExA	key_handle: 0x000003e8 value: 3 regkey_r: WpadDecision reg_type: 4 (REG_DWORD) regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecision	success
1619513326.855334 RegSetValueExW	key_handle: 0x000003cc value: {40112ABE-63B3-43C3-BE93-1440EE3AF106} regkey_r: WpadLastNetwork reg_type: 1 (REG_SZ) regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\WpadLastNetwork	success

File has been identified by 48 AntiVirus engines on VirusTotal as malicious (48 个事件)

MicroWorld-eScan	Trojan.GenericKD.33800146
FireEye	Trojan.GenericKD.33800146
McAfee	RDN/Generic.grp
Cylance	Unsafe
Zillya	Trojan.Injector.Win32.734244
K7AntiVirus	Trojan ( 005663f61 )
Alibaba	Backdoor:Win32/Injector.711e0645
K7GW	Trojan ( 005663f61 )
F-Prot	W32/Delf.KQ.gen!Eldorado
APEX	Malicious
Avast	Win32:Trojan-gen
Kaspersky	HEUR:Backdoor.Win32.Remcos.gen
BitDefender	Trojan.GenericKD.33800146
NANO-Antivirus	Trojan.Win32.TrjGen.hkbxsc
Paloalto	generic.ml
AegisLab	Trojan.Multi.Generic.4!c
Sophos	Mal/Generic-S
Comodo	Malware@#jp4b542n4ycc
DrWeb	Trojan.Siggen9.45035
VIPRE	Trojan.Win32.Generic!BT
TrendMicro	TROJ_FRS.VSNTE820
McAfee-GW-Edition	RDN/Generic.grp
MaxSecure	Trojan.Malware.9833444.susgen
Emsisoft	Trojan.GenericKD.33800146 (B)
Cyren	W32/Delf.KQ.gen!Eldorado
Jiangmin	Backdoor.Remcos.blz
Antiy-AVL	Trojan/Win32.Wacatac
Microsoft	Trojan:Win32/Bluteal!rfn
Arcabit	Trojan.Generic.D203BFD2
ZoneAlarm	HEUR:Backdoor.Win32.Remcos.gen
GData	Trojan.GenericKD.33800146
TACHYON	Trojan-Downloader/W32.DP-Injector.796162
AhnLab-V3	Trojan/Win32.Agent.R337273
VBA32	TScope.Trojan.Delf
ALYac	Trojan.GenericKD.33800146
MAX	malware (ai score=87)
Ad-Aware	Trojan.GenericKD.33800146
Malwarebytes	Backdoor.Remcos
ESET-NOD32	a variant of Win32/Injector.ELRO
TrendMicro-HouseCall	TROJ_FRS.VSNTE820
Rising	Malware.FakeXLS@CV!1.9C3D (CLOUD)
Yandex	Trojan.Injector!3SkkSR+Ci1c
Ikarus	Trojan.Inject
Fortinet	Malicious_Behavior.SB
AVG	Win32:Trojan-gen
Panda	Trj/GdSda.A
CrowdStrike	win/malicious_confidence_70% (W)
Qihoo-360	Win32/Backdoor.a07

暂无二进制图像该样本未生成二进制可视化图像

暂无运行截图该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手，可以帮您分析和解读恶意软件报告。请随时向我提问！

🔍 主要威胁分析

⚡ 行为特征

🛡️ 防护建议

🔧 技术手段

🎯 检测方法

🤖

Static Analysis
Strings

PE Compile Time

1992-06-20 06:22:17

Imports

Library oleaut32.dll:

• 0x4b287c SysFreeString

• 0x4b2880 SysReAllocStringLen

• 0x4b2884 SysAllocStringLen

Library advapi32.dll:

• 0x4b288c RegQueryValueExA

• 0x4b2890 RegOpenKeyExA

• 0x4b2894 RegCloseKey

Library user32.dll:

• 0x4b289c GetKeyboardType

• 0x4b28a0 DestroyWindow

• 0x4b28a4 LoadStringA

• 0x4b28a8 MessageBoxA

• 0x4b28ac CharNextA

Library kernel32.dll:

• 0x4b28b4 GetACP

• 0x4b28b8 Sleep

• 0x4b28bc VirtualFree

• 0x4b28c0 VirtualAlloc

• 0x4b28c4 GetTickCount

• 0x4b28c8 QueryPerformanceCounter

• 0x4b28cc GetCurrentThreadId

• 0x4b28d0 InterlockedDecrement

• 0x4b28d4 InterlockedIncrement

• 0x4b28d8 VirtualQuery

• 0x4b28dc WideCharToMultiByte

• 0x4b28e0 MultiByteToWideChar

• 0x4b28e4 lstrlenA

• 0x4b28e8 lstrcpynA

• 0x4b28ec LoadLibraryExA

• 0x4b28f0 GetThreadLocale

• 0x4b28f4 GetStartupInfoA

• 0x4b28f8 GetProcAddress

• 0x4b28fc GetModuleHandleA

• 0x4b2900 GetModuleFileNameA

• 0x4b2904 GetLocaleInfoA

• 0x4b2908 GetCommandLineA

• 0x4b290c FreeLibrary

• 0x4b2910 FindFirstFileA

• 0x4b2914 FindClose

• 0x4b2918 ExitProcess

• 0x4b291c CompareStringA

• 0x4b2920 WriteFile

• 0x4b2924 UnhandledExceptionFilter

• 0x4b2928 RtlUnwind

• 0x4b292c RaiseException

• 0x4b2930 GetStdHandle

Library kernel32.dll:

• 0x4b2938 TlsSetValue

• 0x4b293c TlsGetValue

• 0x4b2940 LocalAlloc

• 0x4b2944 GetModuleHandleA

Library user32.dll:

• 0x4b294c CreateWindowExA

• 0x4b2950 mouse_event

• 0x4b2954 WindowFromPoint

• 0x4b2958 WaitMessage

• 0x4b295c ValidateRect

• 0x4b2960 UpdateWindow

• 0x4b2964 UnregisterClassA

• 0x4b2968 UnionRect

• 0x4b296c UnhookWindowsHookEx

• 0x4b2970 TranslateMessage

• 0x4b2974 TranslateMDISysAccel

• 0x4b2978 TrackPopupMenu

• 0x4b297c SystemParametersInfoA

• 0x4b2980 ShowWindow

• 0x4b2984 ShowScrollBar

• 0x4b2988 ShowOwnedPopups

• 0x4b298c SetWindowsHookExA

• 0x4b2990 SetWindowTextA

• 0x4b2994 SetWindowPos

• 0x4b2998 SetWindowPlacement

• 0x4b299c SetWindowLongW

• 0x4b29a0 SetWindowLongA

• 0x4b29a4 SetTimer

• 0x4b29a8 SetScrollRange

• 0x4b29ac SetScrollPos

• 0x4b29b0 SetScrollInfo

• 0x4b29b4 SetRect

• 0x4b29b8 SetPropA

• 0x4b29bc SetParent

• 0x4b29c0 SetMenuItemInfoA

• 0x4b29c4 SetMenu

• 0x4b29c8 SetKeyboardState

• 0x4b29cc SetForegroundWindow

• 0x4b29d0 SetFocus

• 0x4b29d4 SetCursorPos

• 0x4b29d8 SetCursor

• 0x4b29dc SetClipboardData

• 0x4b29e0 SetClassLongA

• 0x4b29e4 SetCaretPos

• 0x4b29e8 SetCapture

• 0x4b29ec SetActiveWindow

• 0x4b29f0 SendMessageW

• 0x4b29f4 SendMessageA

• 0x4b29f8 ScrollWindowEx

• 0x4b29fc ScrollWindow

• 0x4b2a00 ScreenToClient

• 0x4b2a04 RemovePropA

• 0x4b2a08 RemoveMenu

• 0x4b2a0c ReleaseDC

• 0x4b2a10 ReleaseCapture

• 0x4b2a14 RegisterWindowMessageA

• 0x4b2a18 RegisterClipboardFormatA

• 0x4b2a1c RegisterClassA

• 0x4b2a20 RedrawWindow

• 0x4b2a24 PtInRect

• 0x4b2a28 PostQuitMessage

• 0x4b2a2c PostMessageA

• 0x4b2a30 PeekMessageW

• 0x4b2a34 PeekMessageA

• 0x4b2a38 OpenClipboard

• 0x4b2a3c OffsetRect

• 0x4b2a40 OemToCharA

• 0x4b2a44 MessageBoxA

• 0x4b2a48 MessageBeep

• 0x4b2a4c MapWindowPoints

• 0x4b2a50 MapVirtualKeyA

• 0x4b2a54 LoadStringA

• 0x4b2a58 LoadKeyboardLayoutA

• 0x4b2a5c LoadIconA

• 0x4b2a60 LoadCursorA

• 0x4b2a64 LoadBitmapA

• 0x4b2a68 KillTimer

• 0x4b2a6c IsZoomed

• 0x4b2a70 IsWindowVisible

• 0x4b2a74 IsWindowUnicode

• 0x4b2a78 IsWindowEnabled

• 0x4b2a7c IsWindow

• 0x4b2a80 IsRectEmpty

• 0x4b2a84 IsIconic

• 0x4b2a88 IsDialogMessageW

• 0x4b2a8c IsDialogMessageA

• 0x4b2a90 IsClipboardFormatAvailable

• 0x4b2a94 IsChild

• 0x4b2a98 IsCharAlphaNumericA

• 0x4b2a9c IsCharAlphaA

• 0x4b2aa0 InvalidateRect

• 0x4b2aa4 IntersectRect

• 0x4b2aa8 InsertMenuItemA

• 0x4b2aac InsertMenuA

• 0x4b2ab0 InflateRect

• 0x4b2ab4 GetWindowThreadProcessId

• 0x4b2ab8 GetWindowTextA

• 0x4b2abc GetWindowRect

• 0x4b2ac0 GetWindowPlacement

• 0x4b2ac4 GetWindowLongW

• 0x4b2ac8 GetWindowLongA

• 0x4b2acc GetWindowDC

• 0x4b2ad0 GetUpdateRect

• 0x4b2ad4 GetTopWindow

• 0x4b2ad8 GetSystemMetrics

• 0x4b2adc GetSystemMenu

• 0x4b2ae0 GetSysColorBrush

• 0x4b2ae4 GetSysColor

• 0x4b2ae8 GetSubMenu

• 0x4b2aec GetScrollRange

• 0x4b2af0 GetScrollPos

• 0x4b2af4 GetScrollInfo

• 0x4b2af8 GetPropA

• 0x4b2afc GetParent

• 0x4b2b00 GetWindow

• 0x4b2b04 GetMessageTime

• 0x4b2b08 GetMessagePos

• 0x4b2b0c GetMenuStringA

• 0x4b2b10 GetMenuState

• 0x4b2b14 GetMenuItemInfoA

• 0x4b2b18 GetMenuItemID

• 0x4b2b1c GetMenuItemCount

• 0x4b2b20 GetMenu

• 0x4b2b24 GetLastActivePopup

• 0x4b2b28 GetKeyboardState

• 0x4b2b2c GetKeyboardLayoutNameA

• 0x4b2b30 GetKeyboardLayoutList

• 0x4b2b34 GetKeyboardLayout

• 0x4b2b38 GetKeyState

• 0x4b2b3c GetKeyNameTextA

• 0x4b2b40 GetIconInfo

• 0x4b2b44 GetForegroundWindow

• 0x4b2b48 GetFocus

• 0x4b2b4c GetDoubleClickTime

• 0x4b2b50 GetDlgItem

• 0x4b2b54 GetDesktopWindow

• 0x4b2b58 GetDCEx

• 0x4b2b5c GetDC

• 0x4b2b60 GetCursorPos

• 0x4b2b64 GetCursor

• 0x4b2b68 GetClipboardData

• 0x4b2b6c GetClientRect

• 0x4b2b70 GetClassLongA

• 0x4b2b74 GetClassInfoA

• 0x4b2b78 GetCaretPos

• 0x4b2b7c GetCapture

• 0x4b2b80 GetAsyncKeyState

• 0x4b2b84 GetActiveWindow

• 0x4b2b88 FrameRect

• 0x4b2b8c FindWindowA

• 0x4b2b90 FillRect

• 0x4b2b94 EqualRect

• 0x4b2b98 EnumWindows

• 0x4b2b9c EnumThreadWindows

• 0x4b2ba0 EnumClipboardFormats

• 0x4b2ba4 EnumChildWindows

• 0x4b2ba8 EndPaint

• 0x4b2bac EnableWindow

• 0x4b2bb0 EnableScrollBar

• 0x4b2bb4 EnableMenuItem

• 0x4b2bb8 EmptyClipboard

• 0x4b2bbc DrawTextA

• 0x4b2bc0 DrawMenuBar

• 0x4b2bc4 DrawIconEx

• 0x4b2bc8 DrawIcon

• 0x4b2bcc DrawFrameControl

• 0x4b2bd0 DrawFocusRect

• 0x4b2bd4 DrawEdge

• 0x4b2bd8 DispatchMessageW

• 0x4b2bdc DispatchMessageA

• 0x4b2be0 DestroyWindow

• 0x4b2be4 DestroyMenu

• 0x4b2be8 DestroyIcon

• 0x4b2bec DestroyCursor

• 0x4b2bf0 DestroyCaret

• 0x4b2bf4 DeleteMenu

• 0x4b2bf8 DefWindowProcA

• 0x4b2bfc DefMDIChildProcA

• 0x4b2c00 DefFrameProcA

• 0x4b2c04 CreatePopupMenu

• 0x4b2c08 CreateMenu

• 0x4b2c0c CreateIcon

• 0x4b2c10 CreateCaret

• 0x4b2c14 CloseClipboard

• 0x4b2c18 ClientToScreen

• 0x4b2c1c CheckMenuItem

• 0x4b2c20 CallWindowProcA

• 0x4b2c24 CallNextHookEx

• 0x4b2c28 BeginPaint

• 0x4b2c2c CharNextA

• 0x4b2c30 CharLowerBuffA

• 0x4b2c34 CharLowerA

• 0x4b2c38 CharUpperBuffA

• 0x4b2c3c CharToOemA

• 0x4b2c40 AdjustWindowRectEx

• 0x4b2c44 ActivateKeyboardLayout

Library gdi32.dll:

• 0x4b2c4c UnrealizeObject

• 0x4b2c50 StretchBlt

• 0x4b2c54 StartPage

• 0x4b2c58 StartDocA

• 0x4b2c5c SetWindowOrgEx

• 0x4b2c60 SetWindowExtEx

• 0x4b2c64 SetWinMetaFileBits

• 0x4b2c68 SetViewportOrgEx

• 0x4b2c6c SetViewportExtEx

• 0x4b2c70 SetTextColor

• 0x4b2c74 SetStretchBltMode

• 0x4b2c78 SetROP2

• 0x4b2c7c SetPixel

• 0x4b2c80 SetMapMode

• 0x4b2c84 SetEnhMetaFileBits

• 0x4b2c88 SetDIBColorTable

• 0x4b2c8c SetBrushOrgEx

• 0x4b2c90 SetBkMode

• 0x4b2c94 SetBkColor

• 0x4b2c98 SetAbortProc

• 0x4b2c9c SelectPalette

• 0x4b2ca0 SelectObject

• 0x4b2ca4 SelectClipRgn

• 0x4b2ca8 SaveDC

• 0x4b2cac RestoreDC

• 0x4b2cb0 Rectangle

• 0x4b2cb4 RectVisible

• 0x4b2cb8 RealizePalette

• 0x4b2cbc Polyline

• 0x4b2cc0 PolyPolyline

• 0x4b2cc4 PlayEnhMetaFile

• 0x4b2cc8 PatBlt

• 0x4b2ccc MoveToEx

• 0x4b2cd0 MaskBlt

• 0x4b2cd4 LineTo

• 0x4b2cd8 IntersectClipRect

• 0x4b2cdc GetWindowOrgEx

• 0x4b2ce0 GetWinMetaFileBits

• 0x4b2ce4 GetTextMetricsA

• 0x4b2ce8 GetTextExtentPointA

• 0x4b2cec GetTextExtentPoint32A

• 0x4b2cf0 GetSystemPaletteEntries

• 0x4b2cf4 GetStockObject

• 0x4b2cf8 GetRgnBox

• 0x4b2cfc GetPixel

• 0x4b2d00 GetPaletteEntries

• 0x4b2d04 GetObjectA

• 0x4b2d08 GetEnhMetaFilePaletteEntries

• 0x4b2d0c GetEnhMetaFileHeader

• 0x4b2d10 GetEnhMetaFileBits

• 0x4b2d14 GetDeviceCaps

• 0x4b2d18 GetDIBits

• 0x4b2d1c GetDIBColorTable

• 0x4b2d20 GetDCOrgEx

• 0x4b2d24 GetCurrentPositionEx

• 0x4b2d28 GetClipBox

• 0x4b2d2c GetBrushOrgEx

• 0x4b2d30 GetBitmapBits

• 0x4b2d34 ExtTextOutA

• 0x4b2d38 ExtCreatePen

• 0x4b2d3c ExcludeClipRect

• 0x4b2d40 EndPage

• 0x4b2d44 EndDoc

• 0x4b2d48 DeleteObject

• 0x4b2d4c DeleteEnhMetaFile

• 0x4b2d50 DeleteDC

• 0x4b2d54 CreateSolidBrush

• 0x4b2d58 CreatePenIndirect

• 0x4b2d5c CreatePalette

• 0x4b2d60 CreateICA

• 0x4b2d64 CreateHalftonePalette

• 0x4b2d68 CreateFontIndirectA

• 0x4b2d6c CreateDIBitmap

• 0x4b2d70 CreateDIBSection

• 0x4b2d74 CreateDCA

• 0x4b2d78 CreateCompatibleDC

• 0x4b2d7c CreateCompatibleBitmap

• 0x4b2d80 CreateBrushIndirect

• 0x4b2d84 CreateBitmap

• 0x4b2d88 CopyEnhMetaFileA

• 0x4b2d8c BitBlt

Library version.dll:

• 0x4b2d94 VerQueryValueA

• 0x4b2d98 GetFileVersionInfoSizeA

• 0x4b2d9c GetFileVersionInfoA

Library kernel32.dll:

• 0x4b2da4 lstrcpyA

• 0x4b2da8 WriteFile

• 0x4b2dac WaitForSingleObject

• 0x4b2db0 VirtualQuery

• 0x4b2db4 VirtualProtect

• 0x4b2db8 VirtualAlloc

• 0x4b2dbc SizeofResource

• 0x4b2dc0 SetThreadLocale

• 0x4b2dc4 SetFilePointer

• 0x4b2dc8 SetEvent

• 0x4b2dcc SetErrorMode

• 0x4b2dd0 SetEndOfFile

• 0x4b2dd4 ResetEvent

• 0x4b2dd8 ReadFile

• 0x4b2ddc QueryPerformanceFrequency

• 0x4b2de0 QueryPerformanceCounter

• 0x4b2de4 MulDiv

• 0x4b2de8 LockResource

• 0x4b2dec LoadResource

• 0x4b2df0 LoadLibraryA

• 0x4b2df4 LeaveCriticalSection

• 0x4b2df8 InitializeCriticalSection

• 0x4b2dfc GlobalUnlock

• 0x4b2e00 GlobalSize

• 0x4b2e04 GlobalLock

• 0x4b2e08 GlobalFree

• 0x4b2e0c GlobalFindAtomA

• 0x4b2e10 GlobalDeleteAtom

• 0x4b2e14 GlobalAlloc

• 0x4b2e18 GlobalAddAtomA

• 0x4b2e1c GetVersionExA

• 0x4b2e20 GetVersion

• 0x4b2e24 GetTickCount

• 0x4b2e28 GetThreadLocale

• 0x4b2e2c GetStdHandle

• 0x4b2e30 GetProfileStringA

• 0x4b2e34 GetProcAddress

• 0x4b2e38 GetModuleHandleA

• 0x4b2e3c GetModuleFileNameA

• 0x4b2e40 GetLocaleInfoA

• 0x4b2e44 GetLocalTime

• 0x4b2e48 GetLastError

• 0x4b2e4c GetFullPathNameA

• 0x4b2e50 GetFileAttributesA

• 0x4b2e54 GetDiskFreeSpaceA

• 0x4b2e58 GetDateFormatA

• 0x4b2e5c GetCurrentThreadId

• 0x4b2e60 GetCurrentProcessId

• 0x4b2e64 GetCPInfo

• 0x4b2e68 FreeResource

• 0x4b2e6c InterlockedExchange

• 0x4b2e70 FreeLibrary

• 0x4b2e74 FormatMessageA

• 0x4b2e78 FindResourceA

• 0x4b2e7c EnumCalendarInfoA

• 0x4b2e80 EnterCriticalSection

• 0x4b2e84 DeleteCriticalSection

• 0x4b2e88 CreateThread

• 0x4b2e8c CreateFileA

• 0x4b2e90 CreateEventA

• 0x4b2e94 CompareStringA

• 0x4b2e98 CloseHandle

Library advapi32.dll:

• 0x4b2ea0 RegQueryValueExA

• 0x4b2ea4 RegOpenKeyExA

• 0x4b2ea8 RegFlushKey

• 0x4b2eac RegCloseKey

Library kernel32.dll:

• 0x4b2eb4 Sleep

Library oleaut32.dll:

• 0x4b2ebc SafeArrayPtrOfIndex

• 0x4b2ec0 SafeArrayGetUBound

• 0x4b2ec4 SafeArrayGetLBound

• 0x4b2ec8 SafeArrayCreate

• 0x4b2ecc VariantChangeType

• 0x4b2ed0 VariantCopy

• 0x4b2ed4 VariantClear

• 0x4b2ed8 VariantInit

Library comctl32.dll:

• 0x4b2ee0 _TrackMouseEvent

• 0x4b2ee4 ImageList_SetIconSize

• 0x4b2ee8 ImageList_GetIconSize

• 0x4b2eec ImageList_Write

• 0x4b2ef0 ImageList_Read

• 0x4b2ef4 ImageList_GetDragImage

• 0x4b2ef8 ImageList_DragShowNolock

• 0x4b2efc ImageList_DragMove

• 0x4b2f00 ImageList_DragLeave

• 0x4b2f04 ImageList_DragEnter

• 0x4b2f08 ImageList_EndDrag

• 0x4b2f0c ImageList_BeginDrag

• 0x4b2f10 ImageList_Remove

• 0x4b2f14 ImageList_DrawEx

• 0x4b2f18 ImageList_Replace

• 0x4b2f1c ImageList_Draw

• 0x4b2f20 ImageList_GetBkColor

• 0x4b2f24 ImageList_SetBkColor

• 0x4b2f28 ImageList_Add

• 0x4b2f2c ImageList_GetImageCount

• 0x4b2f30 ImageList_Destroy

• 0x4b2f34 ImageList_Create

• 0x4b2f38 InitCommonControls

Library shell32.dll:

• 0x4b2f40 ShellExecuteA

Library winspool.drv:

• 0x4b2f48 OpenPrinterA

• 0x4b2f4c EnumPrintersA

• 0x4b2f50 DocumentPropertiesA

• 0x4b2f54 ClosePrinter

Library comdlg32.dll:

• 0x4b2f5c PrintDlgA

• 0x4b2f60 GetSaveFileNameA

• 0x4b2f64 GetOpenFileNameA

Library kernel32.dll:

• 0x4b2f6c MulDiv

Library URL.DLL:

• 0x4b2f74 InetIsOffline

Hosts

No hosts contacted.

DNS

Name	Response	Post-Analysis Lookup
acdesignhub.com	A 184.168.131.241	184.168.131.241
dns.msftncsi.com	A 131.107.255.255	131.107.255.255
dns.msftncsi.com	AAAA fd3e:4f5a:5b81::1	131.107.255.255
teredo.ipv6.microsoft.com		127.0.0.1

TCP

Source	Source Port	Destination	Destination Port
192.168.56.101	49177	184.168.131.241 acdesignhub.com	80

UDP

Source	Source Port	Destination	Destination Port
192.168.56.101	49235	114.114.114.114	53
192.168.56.101	50534	114.114.114.114	53
192.168.56.101	53657	114.114.114.114	53
192.168.56.101	56539	114.114.114.114	53
192.168.56.101	65004	114.114.114.114	53
192.168.56.101	137	192.168.56.255	137
192.168.56.101	138	192.168.56.255	138
192.168.56.101	51808	224.0.0.252	5355
192.168.56.101	55368	224.0.0.252	5355
192.168.56.101	56804	224.0.0.252	5355
192.168.56.101	60123	224.0.0.252	5355
192.168.56.101	62191	224.0.0.252	5355
192.168.56.101	1900	239.255.255.250	1900
192.168.56.101	50535	239.255.255.250	3702
192.168.56.101	50537	239.255.255.250	3702
192.168.56.101	56540	239.255.255.250	3702
192.168.56.101	56807	239.255.255.250	1900
192.168.56.101	58707	239.255.255.250	3702

HTTP & HTTPS Requests

URI	Data
http://acdesignhub.com/AAddropboxusercontent52t2jofjdp8lir2361P9A8E8B0G4YF1LIhiM1555	GET /AAddropboxusercontent52t2jofjdp8lir2361P9A8E8B0G4YF1LIhiM1555 HTTP/1.1 User-Agent: Mex Host: acdesignhub.com Cache-Control: no-cache

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.

Sorry! No dropped buffers.