6.0
高危
1 个模型检测该样本为恶意!
重新分析
更多

85599f94fce411f04c4c3a858c2fb84650c0516269212a8c9790ee3850f1c8cf

5cfa8a59f03b9e8b515c297f0ea4946e.exe

分析耗时

89s

最近分析

文件大小

1.7MB
静态报毒 动态报毒
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
McAfee 20190708 6.0.6.653
Baidu 20190318 1.0.0.2
Avast 20190708 18.4.3895.0
Alibaba 20190527 0.3.0.5
Kingsoft 20190708 2013.8.14.323
Tencent 20190708 1.0.0.1
CrowdStrike 20190212 1.0
静态指标
This executable is signed
This executable has a PDB path (1 个事件)
pdb_path c:\daily_build\svn2\oneshotonekill\trunk\src\OneShotOneKill\SysFileFix\ReleaseKS\sysfilefix.pdb
The file contains an unknown PE resource name possibly indicative of a packer (1 个事件)
resource name BIN
行为判定
动态指标
HTTP traffic contains suspicious features which may be indicative of malware related traffic (1 个事件)
suspicious_features GET method with no useragent header suspicious_request GET http://stat.ijinshan.com/killer.htm?name=sysfilefix&ver=1.0
Performs some HTTP requests (1 个事件)
request GET http://stat.ijinshan.com/killer.htm?name=sysfilefix&ver=1.0
Allocates read-write-execute memory (usually to unpack itself) (1 个事件)
Time & API Arguments Status Return Repeated
1620972518.396502
NtAllocateVirtualMemory
process_identifier: 1476
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00630000
success 0 0
Foreign language identified in PE resource (26 个事件)
name BIN language LANG_CHINESE offset 0x001b680c filetype TeX document, Little-endian UTF-16 Unicode text, with CRLF line terminators sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x000005e2
name BIN language LANG_CHINESE offset 0x001b680c filetype TeX document, Little-endian UTF-16 Unicode text, with CRLF line terminators sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x000005e2
name BIN language LANG_CHINESE offset 0x001b680c filetype TeX document, Little-endian UTF-16 Unicode text, with CRLF line terminators sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x000005e2
name BIN language LANG_CHINESE offset 0x001b680c filetype TeX document, Little-endian UTF-16 Unicode text, with CRLF line terminators sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x000005e2
name BIN language LANG_CHINESE offset 0x001b680c filetype TeX document, Little-endian UTF-16 Unicode text, with CRLF line terminators sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x000005e2
name BIN language LANG_CHINESE offset 0x001b680c filetype TeX document, Little-endian UTF-16 Unicode text, with CRLF line terminators sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x000005e2
name BIN language LANG_CHINESE offset 0x001b680c filetype TeX document, Little-endian UTF-16 Unicode text, with CRLF line terminators sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x000005e2
name BIN language LANG_CHINESE offset 0x001b680c filetype TeX document, Little-endian UTF-16 Unicode text, with CRLF line terminators sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x000005e2
name BIN language LANG_CHINESE offset 0x001b680c filetype TeX document, Little-endian UTF-16 Unicode text, with CRLF line terminators sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x000005e2
name BIN language LANG_CHINESE offset 0x001b680c filetype TeX document, Little-endian UTF-16 Unicode text, with CRLF line terminators sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x000005e2
name BIN language LANG_CHINESE offset 0x001b680c filetype TeX document, Little-endian UTF-16 Unicode text, with CRLF line terminators sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x000005e2
name BIN language LANG_CHINESE offset 0x001b680c filetype TeX document, Little-endian UTF-16 Unicode text, with CRLF line terminators sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x000005e2
name BIN language LANG_CHINESE offset 0x001b680c filetype TeX document, Little-endian UTF-16 Unicode text, with CRLF line terminators sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x000005e2
name BIN language LANG_CHINESE offset 0x001b680c filetype TeX document, Little-endian UTF-16 Unicode text, with CRLF line terminators sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x000005e2
name BIN language LANG_CHINESE offset 0x001b680c filetype TeX document, Little-endian UTF-16 Unicode text, with CRLF line terminators sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x000005e2
name BIN language LANG_CHINESE offset 0x001b680c filetype TeX document, Little-endian UTF-16 Unicode text, with CRLF line terminators sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x000005e2
name BIN language LANG_CHINESE offset 0x001b680c filetype TeX document, Little-endian UTF-16 Unicode text, with CRLF line terminators sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x000005e2
name BIN language LANG_CHINESE offset 0x001b680c filetype TeX document, Little-endian UTF-16 Unicode text, with CRLF line terminators sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x000005e2
name BIN language LANG_CHINESE offset 0x001b680c filetype TeX document, Little-endian UTF-16 Unicode text, with CRLF line terminators sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x000005e2
name BIN language LANG_CHINESE offset 0x001b680c filetype TeX document, Little-endian UTF-16 Unicode text, with CRLF line terminators sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x000005e2
name RT_BITMAP language LANG_CHINESE offset 0x001b8a80 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00001b94
name RT_BITMAP language LANG_CHINESE offset 0x001b8a80 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00001b94
name RT_BITMAP language LANG_CHINESE offset 0x001b8a80 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00001b94
name RT_DIALOG language LANG_CHINESE offset 0x001be214 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000134
name RT_DIALOG language LANG_CHINESE offset 0x001be214 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000134
name RT_VERSION language LANG_CHINESE offset 0x001be378 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000314
File has been identified by one AntiVirus engine on VirusTotal as malicious (1 个事件)
VBA32 suspected of Trojan.Downloader.gen.h
Checks adapter addresses which can be used to detect virtual network interfaces (1 个事件)
Time & API Arguments Status Return Repeated
1620972519.489502
GetAdaptersAddresses
flags: 0
family: 0
failed 111 0
The binary likely contains encrypted or compressed data indicative of a packer (2 个事件)
entropy 7.990697356977133 section {'size_of_data': '0x00148000', 'virtual_address': '0x00077000', 'entropy': 7.990697356977133, 'name': '.rsrc', 'virtual_size': '0x001478bc'} description A section with a high entropy has been found
entropy 0.7437641723356009 description Overall entropy of this PE file is high
Checks for the Locally Unique Identifier on the system for a suspicious privilege (2 个事件)
Time & API Arguments Status Return Repeated
1620972518.614502
LookupPrivilegeValueW
system_name:
privilege_name: SeDebugPrivilege
success 1 0
1620972518.614502
LookupPrivilegeValueW
system_name:
privilege_name: SeShutdownPrivilege
success 1 0
网络通信
Communicates with host for which no DNS query was performed (2 个事件)
host 172.217.24.14
host 23.4.43.27
Sets or modifies WPAD proxy autoconfiguration file for traffic interception (15 个事件)
Time & API Arguments Status Return Repeated
1620972522.068502
RegSetValueExA
key_handle: 0x00000384
value: 1
regkey_r: WpadDecisionReason
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionReason
success 0 0
1620972522.068502
RegSetValueExA
key_handle: 0x00000384
value: @¡MJH×
regkey_r: WpadDecisionTime
reg_type: 3 (REG_BINARY)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionTime
success 0 0
1620972522.068502
RegSetValueExA
key_handle: 0x00000384
value: 3
regkey_r: WpadDecision
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecision
success 0 0
1620972522.068502
RegSetValueExW
key_handle: 0x00000384
value: 网络 2
regkey_r: WpadNetworkName
reg_type: 1 (REG_SZ)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadNetworkName
success 0 0
1620972522.083502
RegSetValueExA
key_handle: 0x0000039c
value: 1
regkey_r: WpadDecisionReason
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionReason
success 0 0
1620972522.083502
RegSetValueExA
key_handle: 0x0000039c
value: @¡MJH×
regkey_r: WpadDecisionTime
reg_type: 3 (REG_BINARY)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionTime
success 0 0
1620972522.083502
RegSetValueExA
key_handle: 0x0000039c
value: 3
regkey_r: WpadDecision
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecision
success 0 0
1620972522.114502
RegSetValueExW
key_handle: 0x00000380
value: {40112ABE-63B3-43C3-BE93-1440EE3AF106}
regkey_r: WpadLastNetwork
reg_type: 1 (REG_SZ)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\WpadLastNetwork
success 0 0
1620972522.411502
RegSetValueExA
key_handle: 0x00000128
value: 1
regkey_r: WpadDecisionReason
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionReason
success 0 0
1620972522.411502
RegSetValueExA
key_handle: 0x00000128
value: À‚JH×
regkey_r: WpadDecisionTime
reg_type: 3 (REG_BINARY)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionTime
success 0 0
1620972522.411502
RegSetValueExA
key_handle: 0x00000128
value: 0
regkey_r: WpadDecision
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecision
success 0 0
1620972522.411502
RegSetValueExW
key_handle: 0x00000128
value: 网络 2
regkey_r: WpadNetworkName
reg_type: 1 (REG_SZ)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadNetworkName
success 0 0
1620972522.411502
RegSetValueExA
key_handle: 0x0000012c
value: 1
regkey_r: WpadDecisionReason
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionReason
success 0 0
1620972522.411502
RegSetValueExA
key_handle: 0x0000012c
value: À‚JH×
regkey_r: WpadDecisionTime
reg_type: 3 (REG_BINARY)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionTime
success 0 0
1620972522.411502
RegSetValueExA
key_handle: 0x0000012c
value: 0
regkey_r: WpadDecision
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecision
success 0 0
Connects to an IP address that is no longer responding to requests (legitimate services will remain up-and-running usually) (1 个事件)
dead_host 23.4.43.27:80
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

2010-07-01 19:46:56

Imports

Library KERNEL32.dll:
0x45b10c LoadLibraryW
0x45b110 GetProcAddress
0x45b11c SetFilePointer
0x45b120 FlushFileBuffers
0x45b124 GetFileSize
0x45b128 ReadFile
0x45b12c CreateDirectoryW
0x45b138 SetEndOfFile
0x45b13c FreeResource
0x45b140 GetDriveTypeW
0x45b148 SearchPathW
0x45b14c VirtualAlloc
0x45b150 VirtualFree
0x45b158 GetSystemTime
0x45b164 CompareStringW
0x45b168 CompareStringA
0x45b16c CreateFileA
0x45b170 WriteConsoleW
0x45b174 GetConsoleOutputCP
0x45b178 WriteConsoleA
0x45b17c SetStdHandle
0x45b180 IsValidLocale
0x45b184 EnumSystemLocalesA
0x45b188 GetUserDefaultLCID
0x45b18c GetDateFormatA
0x45b190 GetTimeFormatA
0x45b194 GetStringTypeW
0x45b198 GetStringTypeA
0x45b19c GetLocaleInfoW
0x45b1a0 GetConsoleMode
0x45b1a4 GetConsoleCP
0x45b1b0 GetCurrentProcessId
0x45b1b4 GetTickCount
0x45b1b8 CloseHandle
0x45b1bc GetStartupInfoA
0x45b1c0 GetFileType
0x45b1c4 SetHandleCount
0x45b1c8 GetCommandLineA
0x45b1dc LCMapStringW
0x45b1e0 LCMapStringA
0x45b1e8 IsValidCodePage
0x45b1ec GetOEMCP
0x45b1f0 GetCPInfo
0x45b1f4 GetCurrentThread
0x45b1f8 TlsFree
0x45b1fc TlsSetValue
0x45b200 TlsAlloc
0x45b204 TlsGetValue
0x45b208 GetModuleFileNameA
0x45b20c GetTempPathW
0x45b210 GetModuleHandleA
0x45b214 HeapCreate
0x45b218 CopyFileW
0x45b21c MoveFileW
0x45b220 GetFileTime
0x45b224 GetLongPathNameW
0x45b22c GetVersionExW
0x45b238 lstrcpyW
0x45b240 RemoveDirectoryW
0x45b244 lstrcatW
0x45b248 LocalFree
0x45b24c GetVersion
0x45b250 FindClose
0x45b254 FindNextFileW
0x45b258 GetLocalTime
0x45b25c WideCharToMultiByte
0x45b260 FindFirstFileW
0x45b264 TerminateThread
0x45b268 ExitProcess
0x45b26c WaitForSingleObject
0x45b270 OpenProcess
0x45b274 FindResourceExW
0x45b278 GetCommandLineW
0x45b27c Module32NextW
0x45b280 DeleteFileW
0x45b284 GetCurrentThreadId
0x45b288 lstrcmpW
0x45b28c CreateThread
0x45b290 Module32FirstW
0x45b294 SetFileAttributesW
0x45b298 Process32FirstW
0x45b29c LockResource
0x45b2a4 TerminateProcess
0x45b2a8 GetSystemDirectoryW
0x45b2ac Sleep
0x45b2b0 MoveFileExW
0x45b2b4 WriteFile
0x45b2b8 CreateFileW
0x45b2bc GetFileAttributesW
0x45b2c8 SetLastError
0x45b2cc SetErrorMode
0x45b2d8 GetCurrentProcess
0x45b2dc lstrcmpiW
0x45b2e0 FreeLibrary
0x45b2e4 GetModuleFileNameW
0x45b2e8 LoadLibraryExW
0x45b2f0 FindResourceW
0x45b2f4 LoadResource
0x45b2f8 SizeofResource
0x45b2fc GetModuleHandleW
0x45b300 RaiseException
0x45b304 GetLastError
0x45b308 lstrlenW
0x45b310 FatalAppExitA
0x45b314 RtlUnwind
0x45b318 GetStartupInfoW
0x45b31c IsDebuggerPresent
0x45b328 ExitThread
0x45b32c HeapSize
0x45b330 HeapReAlloc
0x45b334 HeapDestroy
0x45b33c LoadLibraryA
0x45b340 HeapAlloc
0x45b344 GetProcessHeap
0x45b348 HeapFree
0x45b350 GetThreadLocale
0x45b354 GetLocaleInfoA
0x45b358 GetACP
0x45b35c InterlockedExchange
0x45b360 GetVersionExA
0x45b364 GetStdHandle
0x45b368 Process32NextW
0x45b36c MultiByteToWideChar
Library USER32.dll:
0x45b3e4 EndDialog
0x45b3e8 GetActiveWindow
0x45b3ec SetWindowLongW
0x45b3f0 DestroyWindow
0x45b3f4 CharNextW
0x45b3f8 DefWindowProcW
0x45b3fc DialogBoxParamW
0x45b400 GetSysColor
0x45b404 LoadCursorW
0x45b408 GetDlgItem
0x45b40c GetWindowLongW
0x45b410 LoadBitmapW
0x45b414 BeginPaint
0x45b418 LoadImageW
0x45b41c EndPaint
0x45b420 GetDC
0x45b424 InflateRect
0x45b428 GetWindowTextW
0x45b430 ReleaseDC
0x45b434 SetWindowPos
0x45b438 PostMessageW
0x45b43c MapWindowPoints
0x45b440 GetClientRect
0x45b444 GetParent
0x45b448 GetWindowRect
0x45b44c InvalidateRect
0x45b454 GetWindow
0x45b458 DestroyIcon
0x45b45c GetIconInfo
0x45b460 IsCharAlphaNumericW
0x45b464 wsprintfA
0x45b468 CharLowerW
0x45b46c wsprintfW
0x45b470 SetWindowTextW
0x45b474 SetCursor
0x45b478 UnregisterClassA
0x45b47c GetDlgCtrlID
0x45b480 DrawIcon
0x45b484 SendMessageW
0x45b488 CallWindowProcW
0x45b48c DrawTextW
0x45b490 GetSystemMetrics
0x45b494 ReleaseCapture
0x45b498 SetCapture
Library GDI32.dll:
0x45b0b4 StretchBlt
0x45b0b8 GetDIBits
0x45b0bc CreateFontIndirectW
0x45b0c0 GetStockObject
0x45b0c4 GetObjectW
0x45b0c8 SetBkMode
0x45b0cc SetTextColor
0x45b0d0 CreateBitmap
0x45b0d4 CreateDIBSection
0x45b0d8 DeleteObject
0x45b0dc BitBlt
0x45b0e0 DeleteDC
0x45b0e4 ExtTextOutW
0x45b0e8 SetBkColor
0x45b0ec SelectObject
0x45b0f0 CreateCompatibleDC
0x45b0f8 LineTo
0x45b0fc MoveToEx
Library ADVAPI32.dll:
0x45b000 RegEnumKeyExW
0x45b004 RegDeleteValueW
0x45b008 RegSetValueExW
0x45b00c RegGetKeySecurity
0x45b010 RegSetKeySecurity
0x45b01c AddAccessAllowedAce
0x45b024 RegSetValueW
0x45b028 RegQueryValueW
0x45b02c RegEnumKeyW
0x45b030 RegOpenKeyW
0x45b034 StartServiceW
0x45b038 CloseServiceHandle
0x45b03c OpenServiceW
0x45b040 CreateServiceW
0x45b044 OpenSCManagerW
0x45b048 RegCreateKeyW
0x45b054 GetAce
0x45b058 CopySid
0x45b05c GetSidSubAuthority
0x45b060 GetAclInformation
0x45b064 InitializeSid
0x45b068 AddAce
0x45b070 RegQueryValueExW
0x45b074 InitializeAcl
0x45b07c RegEnumValueW
0x45b080 OpenProcessToken
0x45b084 IsValidSid
0x45b08c GetLengthSid
0x45b090 RegQueryInfoKeyW
0x45b094 RegCloseKey
0x45b098 RegDeleteKeyW
0x45b09c RegCreateKeyExW
0x45b0a0 RegOpenKeyExW
Library SHELL32.dll:
0x45b390 ExtractIconW
0x45b394 SHChangeNotify
0x45b398 SHGetFileInfoW
0x45b3a0 SHFileOperationW
0x45b3a4
0x45b3a8 ShellExecuteW
0x45b3ac SHGetFolderPathW
0x45b3b0 CommandLineToArgvW
Library ole32.dll:
0x45b4e4 CoGetMalloc
0x45b4e8 CoUninitialize
0x45b4ec StringFromCLSID
0x45b4f0 CoCreateGuid
0x45b4f4 CoTaskMemAlloc
0x45b4f8 CoCreateInstance
0x45b4fc CoTaskMemRealloc
0x45b500 CoTaskMemFree
0x45b504 CoInitialize
Library OLEAUT32.dll:
0x45b37c SysFreeString
0x45b380 VarUI4FromStr
Library SHLWAPI.dll:
0x45b3b8 PathFileExistsW
0x45b3bc StrStrIW
0x45b3c0 StrRChrW
0x45b3c8 PathIsDirectoryW
0x45b3cc SHSetValueW
0x45b3d0 PathRemoveFileSpecW
0x45b3d4 SHGetValueW
0x45b3d8 StrChrW
0x45b3dc StrStrW
Library COMCTL32.dll:
0x45b0a8 _TrackMouseEvent
Library WININET.dll:
0x45b4b0 HttpOpenRequestW
0x45b4b8 InternetConnectW
0x45b4bc HttpQueryInfoW
0x45b4c0 InternetCloseHandle
0x45b4c8 InternetSetOptionW
0x45b4cc InternetOpenW
0x45b4d0 HttpSendRequestW
0x45b4d4 InternetCrackUrlW
Library urlmon.dll:
0x45b50c URLDownloadToFileW
Library PSAPI.DLL:
Library VERSION.dll:
0x45b4a4 VerQueryValueW
0x45b4a8 GetFileVersionInfoW
Library IPHLPAPI.DLL:
0x45b104 GetAdaptersInfo
Library WS2_32.dll:

Hosts

No hosts contacted.

TCP

Source Source Port Destination Destination Port
192.168.56.101 49178 120.92.32.11 stat.ijinshan.com 80

UDP

Source Source Port Destination Destination Port
192.168.56.101 50534 114.114.114.114 53
192.168.56.101 51808 114.114.114.114 53
192.168.56.101 53237 114.114.114.114 53
192.168.56.101 53657 114.114.114.114 53
192.168.56.101 58367 114.114.114.114 53
192.168.56.101 60123 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 123 20.189.79.72 time.windows.com 123
192.168.56.101 55368 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 57874 224.0.0.252 5355
192.168.56.101 62191 224.0.0.252 5355
192.168.56.101 63429 224.0.0.252 5355
192.168.56.101 65004 224.0.0.252 5355
192.168.56.101 1900 239.255.255.250 1900
192.168.56.101 53658 239.255.255.250 3702
192.168.56.101 57875 239.255.255.250 3702
192.168.56.101 58707 239.255.255.250 3702
192.168.56.101 60124 239.255.255.250 3702

HTTP & HTTPS Requests

URI Data
http://stat.ijinshan.com/killer.htm?name=sysfilefix&ver=1.0 
GET /killer.htm?name=sysfilefix&ver=1.0 HTTP/1.1
Connection: Close
Host: stat.ijinshan.com
Cache-Control: no-cache

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.