SmartHawk

3.4

中危

该样本未表现出任何异常！

6021c7a5cb5c31336bd3ae302f87ba025e644f6a6897c1670bc6718d9b8e146b

633652ba89c1d81b6b4661f45850b714.exe

分析耗时

86s

最近分析

文件大小

2.1MB

静态报毒动态报毒

未检测暂无鹰眼引擎检测结果

未检测暂无反病毒引擎检测结果

This executable is signed

The executable contains unknown PE section names indicative of a packer (could be a false positive) (1 个事件)

section

.itext

The file contains an unknown PE resource name possibly indicative of a packer (1 个事件)

resource name

MAD

Foreign language identified in PE resource (10 个事件)

name

RT_CURSOR

language

LANG_CHINESE

offset

0x00196c64

filetype

Hitachi SH big-endian COFF object file, not stripped, 0 section, symbol offset=0x20000000, 1073741824 symbols, optional header size 256

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x000010ac

name

RT_CURSOR

language

LANG_CHINESE

offset

0x00196c64

filetype

Hitachi SH big-endian COFF object file, not stripped, 0 section, symbol offset=0x20000000, 1073741824 symbols, optional header size 256

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x000010ac

name

RT_ICON

language

LANG_CHINESE

offset

0x001a0518

filetype

GLS_BINARY_LSB_FIRST

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x00000468

name

RT_ICON

language

LANG_CHINESE

offset

0x001a0518

filetype

GLS_BINARY_LSB_FIRST

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x00000468

name

RT_ICON

language

LANG_CHINESE

offset

0x001a0518

filetype

GLS_BINARY_LSB_FIRST

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x00000468

name

RT_GROUP_CURSOR

language

LANG_CHINESE

offset

0x00267688

filetype

Lotus unknown worksheet or configuration, revision 0x1

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x00000014

name

RT_GROUP_CURSOR

language

LANG_CHINESE

offset

0x00267688

filetype

Lotus unknown worksheet or configuration, revision 0x1

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x00000014

name

RT_GROUP_ICON

language

LANG_CHINESE

offset

0x0026769c

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x00000030

name

RT_MANIFEST

language

LANG_CHINESE

offset

0x00268188

filetype

XML 1.0 document, ASCII text, with CRLF line terminators

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x00000352

name

RT_MANIFEST

language

LANG_CHINESE

offset

0x00268188

filetype

XML 1.0 document, ASCII text, with CRLF line terminators

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x00000352

The binary likely contains encrypted or compressed data indicative of a packer (2 个事件)

entropy

7.766317094491493

section

{'size_of_data': '0x000e9600', 'virtual_address': '0x0017f000', 'entropy': 7.766317094491493, 'name': '.rsrc', 'virtual_size': '0x000e94dc'}

description

A section with a high entropy has been found

entropy

0.4283092452397339

description

Overall entropy of this PE file is high

Communicates with host for which no DNS query was performed (1 个事件)

host

172.217.24.14

Connects to IP addresses that are no longer responding to requests (legitimate services will remain up-and-running usually) (2 个事件)

dead_host	172.217.24.14:443
dead_host	172.217.160.78:443

暂无二进制图像该样本未生成二进制可视化图像

暂无运行截图该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手，可以帮您分析和解读恶意软件报告。请随时向我提问！

🔍 主要威胁分析

⚡ 行为特征

🛡️ 防护建议

🔧 技术手段

🎯 检测方法

🤖

Static Analysis
Strings

PE Compile Time

2019-05-13 14:43:12

Imports

Library rtl120.bpl:

• 0x556388 @System@initialization$qqrv

• 0x55638c @System@Finalization$qqrv

• 0x556390 @System@LoadResString$qqrp20System@TResStringRec

• 0x556394 @System@UTF8Encode$qqrx20System@UnicodeString

• 0x556398 @System@FreeMemory$qpv

• 0x55639c @System@GetMemory$qi

• 0x5563a0 @System@@CheckAutoResult$qqrl

• 0x5563a4 @System@TInterfacedObject@_Release$qqsv

• 0x5563a8 @System@TInterfacedObject@_AddRef$qqsv

• 0x5563ac @System@TInterfacedObject@QueryInterface$qqsrx5_GUIDpv

• 0x5563b0 @System@TInterfacedObject@NewInstance$qqrv

• 0x5563b4 @System@TInterfacedObject@BeforeDestruction$qqrv

• 0x5563b8 @System@TInterfacedObject@AfterConstruction$qqrv

• 0x5563cc @System@RegisterModule$qqrp17System@TLibModule

• 0x5563d0 @System@@DynArrayAddRef$qqrv

• 0x5563d4 @System@@DynArrayAsg$qqrv

• 0x5563d8 @System@@DynArrayClear$qqrrpvpv

• 0x5563dc @System@@DynArraySetLength$qqrv

• 0x5563e0 @System@@DynArrayHigh$qqrv

• 0x5563e4 @System@@DynArrayLength$qqrv

• 0x5563e8 @System@@ValInt64$qqrx20System@UnicodeStringri

• 0x5563ec @System@@_llmod$qqrv

• 0x5563f0 @System@@_lldiv$qqrv

• 0x5563f4 @System@@_llmulo$qqrv

• 0x5563f8 @System@WideCharToString$qqrpb

• 0x5563fc @System@@Dispose$qqrpvt1

• 0x556400 @System@@New$qqripv

• 0x556404 @System@@FinalizeArray$qqrpvt1ui

• 0x556408 @System@@FinalizeRecord$qqrpvt1

• 0x55640c @System@@InitializeRecord$qqrpvt1

• 0x556410 @System@Pos$qqrx20System@UnicodeStringt1

• 0x556414 @System@@UniqueStringU$qqrr20System@UnicodeString

• 0x556418 @System@@Write0UString$qqrr15System@TTextRecx20System@UnicodeString

• 0x55641c @System@@UStrInsert$qqrx20System@UnicodeStringr20System@UnicodeStringi

• 0x556420 @System@@UStrDelete$qqrr20System@UnicodeStringii

• 0x556424 @System@@UStrCopy$qqrx20System@UnicodeStringii

• 0x556428 @System@@UStrEqual$qqrv

• 0x55642c @System@@UStrCatN$qqrv

• 0x556430 @System@@UStrCat3$qqrr20System@UnicodeStringx20System@UnicodeStringt2

• 0x556434 @System@@UStrCat$qqrr20System@UnicodeStringx20System@UnicodeString

• 0x556438 @System@@UStrSetLength$qqrr20System@UnicodeStringi

• 0x55643c @System@@UStrLen$qqrx20System@UnicodeString

• 0x556444 @System@@WStrFromUStr$qqrr17System@WideStringx20System@UnicodeString

• 0x556448 @System@@UStrFromWStr$qqrr20System@UnicodeStringx17System@WideString

• 0x556454 @System@@UStrFromWArray$qqrr20System@UnicodeStringpbi

• 0x556458 @System@@UStrFromArray$qqrr20System@UnicodeStringpci

• 0x55645c @System@@UStrFromPWChar$qqrr20System@UnicodeStringpb

• 0x556460 @System@@UStrFromPChar$qqrr20System@UnicodeStringpc

• 0x556464 @System@@UStrFromWChar$qqrr20System@UnicodeStringb

• 0x556468 @System@@UStrFromPWCharLen$qqrr20System@UnicodeStringpbi

• 0x55646c @System@@UStrToPWChar$qqrx20System@UnicodeString

• 0x556470 @System@@UStrLAsg$qqrr20System@UnicodeStringx20System@UnicodeString

• 0x556474 @System@@UStrAsg$qqrr20System@UnicodeStringx20System@UnicodeString

• 0x556478 @System@@UStrArrayClr$qqrpvi

• 0x55647c @System@@UStrClr$qqrpv

• 0x556480 @System@@UStrAddRef$qqrpv

• 0x556484 @System@@WStrAddRef$qqrr17System@WideString

• 0x556488 @System@StringOfChar$qqrbi

• 0x55648c @System@@WStrSetLength$qqrr17System@WideStringi

• 0x556490 @System@@WStrEqual$qqrv

• 0x556494 @System@@WStrCat3$qqrr17System@WideStringx17System@WideStringt2

• 0x556498 @System@@WStrCat$qqrr17System@WideStringx17System@WideString

• 0x55649c @System@@WStrLen$qqrx17System@WideString

• 0x5564a0 @System@@WStrToPWChar$qqrx17System@WideString

• 0x5564a4 @System@@WStrFromWChar$qqrr17System@WideStringb

• 0x5564a8 @System@@WStrAsg$qqrr17System@WideStringx17System@WideString

• 0x5564ac @System@@WStrArrayClr$qqrpvi

• 0x5564b0 @System@@WStrClr$qqrpv

• 0x5564b4 @System@@LStrSetLength$qqrv

• 0x5564b8 @System@@LStrCopy$qqrv

• 0x5564c4 @System@@LStrAddRef$qqrpv

• 0x5564c8 @System@@LStrCatN$qqrv

• 0x5564cc @System@@LStrCat$qqrv

• 0x5564f0 @System@@EnsureUnicodeString$qqrr20System@UnicodeString

• 0x5564f4 @System@@LStrAsg$qqrpvpxv

• 0x5564f8 @System@@LStrArrayClr$qqrpvi

• 0x5564fc @System@@LStrClr$qqrpv

• 0x556500 @System@@Assert$qqrx20System@UnicodeStringt1i

• 0x556504 @System@@RunError$qqruc

• 0x556508 @System@@Halt0$qqrv

• 0x55650c @System@@InitResStringImports$qqrv

• 0x556510 @System@@StartExe$qqrp23System@PackageInfoTablep17System@TLibModule

• 0x556514 @System@@TryFinallyExit$qqrv

• 0x556518 @System@@DoneExcept$qqrv

• 0x55651c @System@@RaiseAgain$qqrv

• 0x556520 @System@@RaiseExcept$qqrv

• 0x556524 @System@@HandleAutoException$qqrv

• 0x556528 @System@@HandleFinally$qqrv

• 0x55652c @System@@HandleOnException$qqrv

• 0x556530 @System@@HandleAnyException$qqrv

• 0x556534 @System@MonitorExit$qqrp14System@TObject

• 0x556538 @System@MonitorEnter$qqrp14System@TObjectui

• 0x55653c @System@TMonitor@Exit$qqrp14System@TObject

• 0x556540 @System@TMonitor@Enter$qqrp14System@TObject

• 0x556544 @System@@BeforeDestruction$qqrp14System@TObjectzc

• 0x556548 @System@@AfterConstruction$qqrp14System@TObject

• 0x55654c @System@@ClassDestroy$qqrp14System@TObject

• 0x556550 @System@@ClassCreate$qqrp17System@TMetaClasso

• 0x556554 @System@TObject@Dispatch$qqrpv

• 0x556558 @System@TObject@BeforeDestruction$qqrv

• 0x55655c @System@TObject@AfterConstruction$qqrv

• 0x556560 @System@TObject@DefaultHandler$qqrpv

• 0x556564 @System@TObject@ToString$qqrv

• 0x556568 @System@TObject@SafeCallException$qqrp14System@TObjectpv

• 0x55656c @System@TObject@ClassInfo$qqrv

• 0x556570 @System@TObject@InheritsFrom$qqrp17System@TMetaClass

• 0x556574 @System@@FindDynaInst$qqrv

• 0x556578 @System@@CallDynaInst$qqrv

• 0x55657c @System@@AsClass$qqrp14System@TObjectp17System@TMetaClass

• 0x556580 @System@@IsClass$qqrp14System@TObjectp17System@TMetaClass

• 0x556584 @System@TObject@UnitName$qqrv

• 0x556588 @System@TObject@GetHashCode$qqrv

• 0x55658c @System@TObject@Equals$qqrp14System@TObject

• 0x556590 @System@TObject@CleanupInstance$qqrv

• 0x556594 @System@TObject@InitInstance$qqrpv

• 0x556598 @System@TObject@Free$qqrv

• 0x55659c @System@TObject@$bdtr$qqrv

• 0x5565a0 @System@TObject@$bctr$qqrv

• 0x5565a4 @System@TObject@InstanceSize$qqrv

• 0x5565a8 @System@TObject@FreeInstance$qqrv

• 0x5565ac @System@TObject@NewInstance$qqrv

• 0x5565b0 @System@TObject@ClassName$qqrv

• 0x5565b4 @System@TObject@ClassType$qqrv

• 0x5565b8 @System@@IntOver$qqrv

• 0x5565bc @System@@BoundErr$qqrv

• 0x5565c0 @System@@SetEq$qqrv

• 0x5565c4 @System@@SetElem$qqrv

• 0x5565c8 @System@@WriteLn$qqrr15System@TTextRec

• 0x5565cc @System@@ValLong$qqrx20System@UnicodeStringri

• 0x5565d0 @System@@FillChar$qqrpvib

• 0x5565d4 @System@@AStrCmp$qqrv

• 0x5565dc @System@@Close$qqrr15System@TTextRec

• 0x5565e0 @System@@Assign$qqrr15System@TTextRecpxb

• 0x5565e4 @System@@Append$qqrr15System@TTextRec

• 0x5565e8 @System@@RewritText$qqrr15System@TTextRec

• 0x5565ec @System@@AbstractError$qqrv

• 0x5565f0 @System@@TRUNC$qqrv

• 0x5565f4 @System@@ROUND$qqrv

• 0x5565f8 @System@Ln$qqrxg

• 0x5565fc @System@Exp$qqrxg

• 0x556600 @System@UpCase$qqrb

• 0x556604 @System@Random$qqrxi

• 0x556608 @System@Randomize$qqrv

• 0x55660c @System@ParamStr$qqri

• 0x556610 @System@ParamCount$qqrv

• 0x556614 @System@Move$qqrpxvpvi

• 0x556618 @System@@_IOTest$qqrv

• 0x55661c @System@@ReallocMem$qqrrpvi

• 0x556620 @System@@FreeMem$qqrpv

• 0x556624 @System@@GetMem$qqri

• 0x556628 @System@AllocMem$qqrui

• 0x55662c @System@SysRegisterExpectedMemoryLeak$qqrpv

• 0x556630 @System@DebugHook

• 0x556634 @System@MainThreadID

• 0x556638 @$xp$16System@TDateTime

• 0x55663c @$xp$17System@UTF8String

• 0x556640 @System@TInterfacedObject@

• 0x556644 @$xp$9IDispatch

• 0x556648 @$xp$17System@IInterface

• 0x55664c @$xp$14System@TObject

• 0x556650 @System@TObject@

• 0x556654 @$xp$17System@OleVariant

• 0x556658 @$xp$14System@Variant

• 0x55665c @$xp$17System@AnsiString

• 0x556660 @$xp$17System@WideString

• 0x556664 @$xp$13System@string

• 0x556668 @$xp$6Single

• 0x55666c @$xp$5Int64

• 0x556670 @$xp$8Cardinal

• 0x556674 @$xp$11System@Word

• 0x556678 @$xp$11System@Byte

• 0x55667c @$xp$7Integer

• 0x556680 @$xp$8AnsiChar

• 0x556684 @$xp$7Boolean

Library kernel32.dll:

• 0x55668c TlsSetValue

• 0x556690 TlsGetValue

• 0x556694 LocalAlloc

• 0x556698 GetModuleHandleW

Library madExcept_.bpl:

• 0x5566a0 @Madexcept@initialization$qqrv

• 0x5566a4 @Madexcept@Finalization$qqrv

• 0x5566a8 @Madexcept@HookThreads$qqrv

Library user32.dll:

• 0x5566b4 UpdateLayeredWindow

• 0x5566b8 UpdateWindow

• 0x5566bc UnhookWindowsHookEx

• 0x5566c0 SystemParametersInfoW

• 0x5566c4 SetWindowRgn

• 0x5566c8 SetWindowsHookExW

• 0x5566cc SetWindowPos

• 0x5566d0 SetWindowLongW

• 0x5566d4 SetTimer

• 0x5566d8 SetScrollInfo

• 0x5566dc SetRect

• 0x5566e0 SetPropW

• 0x5566e4 SetForegroundWindow

• 0x5566e8 SetClassLongW

• 0x5566ec SendMessageW

• 0x5566f0 RemovePropW

• 0x5566f4 ReleaseDC

• 0x5566f8 ReleaseCapture

• 0x5566fc RegisterClipboardFormatW

• 0x556700 RedrawWindow

• 0x556704 PostMessageW

• 0x556708 OemToCharA

• 0x55670c MessageBoxW

• 0x556710 MapWindowPoints

• 0x556714 LockWindowUpdate

• 0x556718 LoadCursorW

• 0x55671c KillTimer

• 0x556720 IsWindowVisible

• 0x556724 IsIconic

• 0x556728 InvalidateRect

• 0x55672c InflateRect

• 0x556730 GetWindowRect

• 0x556734 GetWindowPlacement

• 0x556738 GetWindowLongW

• 0x55673c GetWindowDC

• 0x556740 GetSystemMetrics

• 0x556744 GetSysColor

• 0x556748 GetScrollRange

• 0x55674c GetScrollPos

• 0x556750 GetScrollInfo

• 0x556754 GetKeyState

• 0x556758 GetIconInfo

• 0x55675c GetDC

• 0x556760 GetCursorPos

• 0x556764 GetCursor

• 0x556768 GetClientRect

• 0x55676c GetClassNameW

• 0x556770 GetClassLongW

• 0x556774 GetCapture

• 0x556778 FrameRect

• 0x55677c FindWindowW

• 0x556780 FillRect

• 0x556784 EndPaint

• 0x556788 DrawTextExW

• 0x55678c DrawTextW

• 0x556790 DrawFrameControl

• 0x556794 DestroyWindow

• 0x556798 CallWindowProcW

• 0x55679c CallNextHookEx

• 0x5567a0 BeginPaint

Library msimg32.dll:

• 0x5567a8 TransparentBlt

• 0x5567ac AlphaBlend

Library gdi32.dll:

• 0x5567b4 StretchDIBits

• 0x5567b8 StretchBlt

• 0x5567bc SetViewportOrgEx

• 0x5567c0 SetTextColor

• 0x5567c4 SetStretchBltMode

• 0x5567c8 SetBkMode

• 0x5567cc SetBkColor

• 0x5567d0 SetBitmapBits

• 0x5567d4 SelectPalette

• 0x5567d8 SelectObject

• 0x5567dc SelectClipRgn

• 0x5567e0 SaveDC

• 0x5567e4 RestoreDC

• 0x5567e8 ResizePalette

• 0x5567ec RealizePalette

• 0x5567f0 IntersectClipRect

• 0x5567f4 GetViewportOrgEx

• 0x5567f8 GetTextMetricsW

• 0x5567fc GetTextExtentExPointW

• 0x556800 GetStockObject

• 0x556804 GetPaletteEntries

• 0x556808 GetObjectType

• 0x55680c GetObjectA

• 0x556810 GetObjectW

• 0x556814 GetNearestPaletteIndex

• 0x556818 GetDeviceCaps

• 0x55681c GetDIBits

• 0x556820 GetCurrentObject

• 0x556824 GetClipBox

• 0x556828 GetBitmapBits

• 0x55682c ExcludeClipRect

• 0x556830 DeleteObject

• 0x556834 DeleteDC

• 0x556838 CreateSolidBrush

• 0x55683c CreateRoundRectRgn

• 0x556840 CreateRectRgn

• 0x556844 CreatePalette

• 0x556848 CreateHalftonePalette

• 0x55684c CreateFontIndirectW

• 0x556850 CreateDIBSection

• 0x556854 CreateCompatibleDC

• 0x556858 CreateCompatibleBitmap

• 0x55685c BitBlt

Library version.dll:

• 0x556864 VerQueryValueW

• 0x556868 GetFileVersionInfoSizeW

• 0x55686c GetFileVersionInfoW

Library kernel32.dll:

• 0x556874 lstrcmpW

• 0x556878 WriteProcessMemory

• 0x55687c WritePrivateProfileStringW

• 0x556880 WinExec

• 0x556884 VirtualProtect

• 0x556888 TerminateProcess

• 0x55688c Sleep

• 0x556890 SetLastError

• 0x556894 ReadProcessMemory

• 0x556898 ReadFile

• 0x55689c RaiseException

• 0x5568a0 QueryPerformanceFrequency

• 0x5568a4 QueryPerformanceCounter

• 0x5568a8 OutputDebugStringW

• 0x5568ac MulDiv

• 0x5568b0 MoveFileExW

• 0x5568b4 LoadLibraryW

• 0x5568b8 LeaveCriticalSection

• 0x5568bc IsBadWritePtr

• 0x5568c0 IsBadReadPtr

• 0x5568c4 IsBadCodePtr

• 0x5568c8 InitializeCriticalSection

• 0x5568cc HeapFree

• 0x5568d0 HeapDestroy

• 0x5568d4 HeapCreate

• 0x5568d8 HeapAlloc

• 0x5568dc GlobalUnlock

• 0x5568e0 GlobalLock

• 0x5568e4 GlobalFree

• 0x5568e8 GlobalFindAtomW

• 0x5568ec GlobalAlloc

• 0x5568f0 GetWindowsDirectoryW

• 0x5568f4 GetVersionExW

• 0x5568f8 GetTimeZoneInformation

• 0x5568fc GetTickCount

• 0x556900 GetTempPathW

• 0x556904 GetTempFileNameW

• 0x556908 GetSystemInfo

• 0x55690c GetSystemDirectoryW

• 0x556910 GetSystemDefaultLangID

• 0x556914 GetSystemDefaultLCID

• 0x556918 GetShortPathNameW

• 0x55691c GetProcAddress

• 0x556920 GetPrivateProfileStringW

• 0x556924 GetModuleHandleW

• 0x556928 GetLocaleInfoA

• 0x55692c GetLocaleInfoW

• 0x556930 GetLastError

• 0x556934 GetFileSize

• 0x556938 GetFileAttributesExW

• 0x55693c GetCurrentThreadId

• 0x556940 GetCurrentProcess

• 0x556944 GetComputerNameW

• 0x556948 InterlockedIncrement

• 0x55694c InterlockedExchangeAdd

• 0x556950 InterlockedExchange

• 0x556954 InterlockedDecrement

• 0x556958 InterlockedCompareExchange

• 0x55695c FreeLibrary

• 0x556960 FlushInstructionCache

• 0x556964 FindFirstFileW

• 0x556968 FindClose

• 0x55696c FileTimeToSystemTime

• 0x556970 FileTimeToLocalFileTime

• 0x556974 EnterCriticalSection

• 0x556978 DeleteCriticalSection

• 0x55697c CreateProcessW

• 0x556980 CreatePipe

• 0x556984 CreateMutexW

• 0x556988 CreateFileW

• 0x55698c CompareStringW

• 0x556990 CloseHandle

Library advapi32.dll:

• 0x556998 GetUserNameW

Library rtl120.bpl:

• 0x5569a0 @Types@Bounds$qqriiii

• 0x5569a4 @Types@OffsetRect$qqrr11Types@TRectii

• 0x5569a8 @Types@IsRectEmpty$qqrrx11Types@TRect

• 0x5569ac @Types@IntersectRect$qqrr11Types@TRectrx11Types@TRectt2

• 0x5569b0 @Types@PtInRect$qqrrx11Types@TRectrx12Types@TPoint

• 0x5569b4 @Types@Point$qqrii

• 0x5569b8 @Types@RectHeight$qqrrx11Types@TRect

• 0x5569bc @Types@RectWidth$qqrrx11Types@TRect

• 0x5569c0 @Types@Rect$qqriiii

• 0x5569c4 @Types@EqualRect$qqrrx11Types@TRectt1

Library madBasic_.bpl:

• 0x5569cc @Madstrings@initialization$qqrv

• 0x5569d0 @Madstrings@Finalization$qqrv

Library madBasic_.bpl:

• 0x5569d8 @Madtools@initialization$qqrv

• 0x5569dc @Madtools@Finalization$qqrv

Library madExcept_.bpl:

• 0x5569e4 @Madmapfile@initialization$qqrv

• 0x5569e8 @Madmapfile@Finalization$qqrv

Library madDisAsm_.bpl:

• 0x5569f0 @Maddisasm@initialization$qqrv

• 0x5569f4 @Maddisasm@Finalization$qqrv

Library madExcept_.bpl:

• 0x5569fc @Madstacktrace@initialization$qqrv

• 0x556a00 @Madstacktrace@Finalization$qqrv

Library shell32.dll:

• 0x556a08 ShellExecuteExW

• 0x556a0c ShellExecuteW

• 0x556a10 SHGetFileInfoW

Library shell32.dll:

• 0x556a18 SHGetSpecialFolderPathW

Library rtl120.bpl:

• 0x556a20 @$xp$12IEnumVARIANT

Library ole32.dll:

• 0x556a28 CreateStreamOnHGlobal

• 0x556a2c CoCreateInstance

• 0x556a30 CoInitialize

Library wininet.dll:

• 0x556a38 InternetQueryOptionW

Hosts

No hosts contacted.

DNS

Name	Response	Post-Analysis Lookup
time.windows.com	A 20.189.79.72 CNAME time.microsoft.akadns.net
dns.msftncsi.com	AAAA fd3e:4f5a:5b81::1	131.107.255.255
dns.msftncsi.com	A 131.107.255.255	131.107.255.255
clients2.google.com	A 172.217.160.78 CNAME clients.l.google.com A 172.217.160.110	172.217.161.174
teredo.ipv6.microsoft.com

TCP

No TCP connections recorded.

UDP

Source	Source Port	Destination	Destination Port
192.168.56.101	49235	114.114.114.114	53
192.168.56.101	51963	114.114.114.114	53
192.168.56.101	55368	114.114.114.114	53
192.168.56.101	58367	114.114.114.114	53
192.168.56.101	60123	114.114.114.114	53
192.168.56.101	62912	114.114.114.114	53
192.168.56.101	137	192.168.56.255	137
192.168.56.101	138	192.168.56.255	138
192.168.56.101	123	20.189.79.72 time.windows.com	123
192.168.56.101	50002	224.0.0.252	5355
192.168.56.101	50534	224.0.0.252	5355
192.168.56.101	53657	224.0.0.252	5355
192.168.56.101	56804	224.0.0.252	5355
192.168.56.101	57756	224.0.0.252	5355
192.168.56.101	57874	224.0.0.252	5355
192.168.56.101	60384	224.0.0.252	5355
192.168.56.101	61680	224.0.0.252	5355
192.168.56.101	62191	224.0.0.252	5355
192.168.56.101	63429	224.0.0.252	5355
192.168.56.101	1900	239.255.255.250	1900

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.

Sorry! No dropped buffers.