0.9
低危
58 个模型检测该样本为恶意!
重新分析
更多

1b7caa61520656720438bc595b3248e42616c339c10617f0a438c84b801aa641

1b7caa61520656720438bc595b3248e42616c339c10617f0a438c84b801aa641.exe

分析耗时

194s

最近分析

370天前

文件大小

112.0KB
静态报毒 动态报毒 CVE FAMILY METATYPE PLATFORM TYPE UNKNOWN WIN32 TROJAN ADWARE ADCLICKER
鹰眼引擎
DACN 0.12
FACILE 1.00
IMCLNet 0.74
MFGraph 0.00
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
Alibaba TrojanDownloader:Win32/Obvod.60467262 20190527 0.3.0.5
Baidu None 20190318 1.0.0.2
CrowdStrike win/malicious_confidence_90% (W) 20190702 1.0
Kingsoft None 20200807 2013.8.14.323
McAfee PWS-Zbot.gen.sd 20200807 6.0.6.653
Tencent Malware.Win32.Gencirc.10b0cc01 20200807 1.0.0.1
静态指标
行为判定
动态指标
网络通信
与未执行 DNS 查询的主机进行通信 (1 个事件)
host 114.114.114.114
文件已被 VirusTotal 上 58 个反病毒引擎识别为恶意 (50 out of 58 个事件)
ALYac Trojan.Adclicker.HB
APEX Malicious
AVG Win32:Malware-gen
Ad-Aware Trojan.Adclicker.HB
AhnLab-V3 Dropper/Win32.Dapato.R27056
Alibaba TrojanDownloader:Win32/Obvod.60467262
Antiy-AVL Trojan[Dropper]/Win32.Dapato
Arcabit Trojan.Adclicker.HB
Avira TR/Spy.Gen
BitDefender Trojan.Adclicker.HB
BitDefenderTheta Gen:NN.ZexaF.34152.hmX@aWQs3lb
Bkav W32.AIDetectVM.malware1
CAT-QuickHeal Downld.Sigmal.S2581942
ClamAV Win.Trojan.Dapato-938
Comodo Malware@#2pe7srlyavm7f
CrowdStrike win/malicious_confidence_90% (W)
Cybereason malicious.2d91fa
Cylance Unsafe
Cynet Malicious (score: 100)
Cyren W32/Busky.B.gen!Eldorado
DrWeb Trojan.DownLoader6.77
ESET-NOD32 Win32/TrojanClicker.Agent.NEB
Elastic malicious (high confidence)
Emsisoft Trojan.Adclicker.HB (B)
F-Prot W32/Busky.B.gen!Eldorado
F-Secure Trojan.TR/Spy.Gen
FireEye Generic.mg.6b889f82d91fab23
Fortinet W32/Agent.NEB!tr
GData Trojan.Adclicker.HB
Ikarus Trojan-Clicker.AXPC
Invincea heuristic
Jiangmin TrojanDropper.Dapato.fxa
K7AntiVirus Spyware ( 0055e3f61 )
K7GW Spyware ( 0055e3f61 )
Kaspersky HEUR:Trojan.Win32.Generic
Lionic Trojan.Win32.Generic.4!c
MAX malware (ai score=80)
McAfee PWS-Zbot.gen.sd
MicroWorld-eScan Trojan.Adclicker.HB
Microsoft TrojanDownloader:Win32/Obvod.K
NANO-Antivirus Trojan.Win32.Dapato.ctxtcy
Paloalto generic.ml
Panda Trj/Genetic.gen
Qihoo-360 Generic/Trojan.9f8
Rising Downloader.Obvod!8.AB2 (CLOUD)
Sangfor Malware
SentinelOne DFI - Malicious PE
Sophos Troj/Agent-BFDZ
Symantec ML.Attribute.HighConfidence
TACHYON Trojan-Dropper/W32.Dapato.114688.C
可视化分析
二进制图像
数据导入图像 288x288
数据导入图像 224x224
数据导入图像 192x192
数据导入图像 160x160
数据导入图像 128x128
数据导入图像 96x96
数据导入图像 64x64
数据导入图像 32x32
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

2012-04-16 19:04:55

PE Imphash

501ec3784e06a82017c7fabbeefbf757

Sections

Name Virtual Address Virtual Size Size of Raw Data Entropy
.text 0x00001000 0x00011d77 0x00012000 6.531746693127589
.rdata 0x00013000 0x00001bc2 0x00002000 5.226976337259798
.data 0x00015000 0x00006e3c 0x00005000 3.7899390802227804

Imports

Library KERNEL32.dll:
0x413028 lstrcpyA
0x41302c ExitProcess
0x413030 lstrcmpA
0x413034 ExitThread
0x413040 DeleteFileA
0x413044 GetTempPathA
0x413050 CreateThread
0x413054 InterlockedExchange
0x413058 IsBadReadPtr
0x413060 GetSystemTime
0x413064 GetModuleFileNameA
0x413068 GetModuleHandleA
0x41306c GetProcAddress
0x413070 LoadLibraryA
0x413074 TerminateProcess
0x413078 CloseHandle
0x41307c WaitForDebugEvent
0x413080 ContinueDebugEvent
0x413084 DebugActiveProcess
0x413088 OpenProcess
0x41308c HeapReAlloc
0x413090 lstrcmpiA
0x413094 GetLastError
0x4130a0 ReadFile
0x4130a4 GetFileSize
0x4130a8 CreateFileA
0x4130ac WriteFile
0x4130b0 SetFilePointer
0x4130b4 Process32Next
0x4130b8 Process32First
0x4130c0 GetCurrentProcessId
0x4130c4 MultiByteToWideChar
0x4130c8 WideCharToMultiByte
0x4130cc CopyFileA
0x4130d0 MoveFileA
0x4130d4 GetSystemDirectoryA
0x4130dc Sleep
0x4130e0 WaitForSingleObject
0x4130e4 CreateMutexA
0x4130e8 FindClose
0x4130ec FindNextFileA
0x4130f0 FindFirstFileA
0x4130f4 HeapDestroy
0x4130f8 HeapCreate
0x4130fc GetCurrentProcess
0x413104 MapViewOfFile
0x413108 CreateFileMappingA
0x41310c LocalFree
0x413114 CompareStringW
0x413118 CompareStringA
0x41311c GetOEMCP
0x413120 GetACP
0x413124 GetCPInfo
0x413128 GetStringTypeW
0x41312c GetStringTypeA
0x413134 GetSystemInfo
0x413138 GetTickCount
0x41313c lstrlenA
0x413140 lstrcatA
0x413144 GetComputerNameA
0x413148 HeapFree
0x41314c IsBadCodePtr
0x413150 RaiseException
0x413158 FlushFileBuffers
0x41315c SetStdHandle
0x413160 GetFileType
0x413164 GetStdHandle
0x413168 SetHandleCount
0x413180 LCMapStringW
0x413184 LCMapStringA
0x413188 GetProcessHeap
0x41318c HeapAlloc
0x413190 HeapSize
0x413194 IsBadWritePtr
0x413198 VirtualAlloc
0x41319c VirtualFree
0x4131a0 GetVersionExA
0x4131a4 GetVersion
0x4131a8 GetCommandLineA
0x4131ac GetStartupInfoA
0x4131b0 GetLocalTime
0x4131b8 RtlUnwind
Library USER32.dll:
0x413214 GetWindowTextA
0x413218 GetActiveWindow
0x41321c FindWindowExA
0x413220 SetActiveWindow
0x413224 wsprintfA
0x413228 ShowWindow
0x413230 GetParent
0x413234 SendMessageA
0x413238 GetSystemMetrics
0x41323c FindWindowA
Library ADVAPI32.dll:
0x413000 GetUserNameA
0x413004 RegQueryValueExA
0x413008 RegCreateKeyExA
0x41300c RegCloseKey
0x413010 RegSetValueExA
0x413014 RegOpenKeyExA
Library SHELL32.dll:
0x4131f0 ShellExecuteA
Library ole32.dll:
0x4132a8 CoUninitialize
0x4132ac CoCreateInstance
Library OLEAUT32.dll:
0x4131cc SysFreeString
0x4131d4 VariantClear
0x4131d8 SysAllocStringLen
0x4131dc VariantChangeType
0x4131e0 SafeArrayDestroy
0x4131e4 SafeArrayAccessData
0x4131e8 SysAllocString
Library DNSAPI.dll:
0x41301c DnsRecordListFree
0x413020 DnsQuery_A
Library WS2_32.dll:
0x4132a0 inet_addr
Library WININET.dll:
0x41324c FindCloseUrlCache
0x413250 InternetCloseHandle
0x413254 InternetReadFile
0x413258 InternetOpenUrlA
0x41325c InternetOpenA
0x413270 DeleteUrlCacheEntry
Library WINMM.dll:
0x41327c mixerClose
0x41328c mixerGetNumDevs
0x413290 mixerOpen
0x413294 mixerGetDevCapsA
0x413298 mixerGetLineInfoA
Library NETAPI32.dll:
0x4131c0 NetScheduleJobAdd
0x4131c4 NetScheduleJobEnum
Library USERENV.dll:
Library SHLWAPI.dll:
0x4131fc StrStrIA
0x413200 StrChrA
0x413204 StrCmpNIA
0x413208 StrDupA
0x41320c StrStrA
L!This program cannot be run in DOS mode.
4xZ+Z+Z+Q+Z+V+Z+P+Z+ T+Z+-
Z+Q+Z+RichZ+
`.rdata
@.data
VWtPD$
u_][^3^
QT$dhxaA
A |D$<P
RPQT$(haA
RVWP$@
;}PVL$8h`bA
\$(D$,
t4Ph`A
t$$Ph4bA
PE$QM RU
WPQR$`
3CHut;M(U,E
QM$RU QM
RT$ QL$(RU
T$$G|$
3CIuD$
PD$ PE
;tcPU$8
N31haA
3|$0Rh
D$0RhaA
RD$8VP*
SUVWhbA
SUV3W3ShA
D$$;t!
;tZj $
T$,L$+QWRS~(t
D$8WP`A
QL$<RQP$
RPD$PP1
L$DPQRY
F $BT$
3;u-|$
9|$ u<9$
3ANu[^
7|_^]3[
~gSUl$
.F;|T$
`SVt$l3
WSVP$4
PRWA$0
Ou_^][
|$$|$ |$
PD$$hbA
QRPhaA
W3WV|$
|$4|$$|$
|$ |$<
T$,RPJ
|$0t$ $P
QRWPL$PhbA
J3x\$<
L$(t-$T
QRND$$
t$$|$0T
u!\$<h
D$(}xqD$4u%$`
|$0D$
D$,_^][t
SUVW$P
SW\$(\$8\$,\$
\$$\$<
QRPL$HhbA
\$8\$(D$,T$
L$(t*D$
QROD$$
D$(}y{9\$0u)$\
D$,_^][t
WPVQ$,
j2L$$VQ.T$
PD$$VPt$ SL$
RT$ QhbA
T$,R$D
u73~<WU
F;|_^][
L$ hbA
L$$PQN
F(D$(t
F,D$,_F
LL$ T$
SUVWh(A
N<FDV@
j2Wh(A
t1k Ul$
u)VWT$ hcA
Iu*F(j
6u-$2A
PVD$ h|cA
F8~"$4
PL$,hLcA
~@F4t9;t5V
PRD$,hLcA
u?F4t8N
PQT$0h8cA
PRD$,hLcA
DS\$LUVW33;
_^]3[DS
_^][D3
D$HG(j
D$0\$8D$0D$0\$<D$ L$8D$ L$<\$Dd$HD$Ll$D
D$$L$(@
l$4D$XIL$(tmF
D$0G,D$0\$8D$0D$0(_^]3[D3
D$,_^][D
S\$$UVW33;
F>ttL$4t
WD$(\$$Au
tNT$$l$ t
3[UVWj
SUV3WVVVj
Vt$$t$(
t>t:D$
PjL$ j2$
PWQ? V
3|$H3t$
L$Hj0QR
L$0T$4T$
QR|$<D$D
RP|$$D$,
t$0D$4
tTD$ 3t;D$
uL$ QPj
VPh<dA
SU3VWl$$l$
D$$L$,PT$$QRD$$jPUl$0
rD$(3;
;t+-00A
_^][ _^][
R&D$$$(
_R_^]3[
VWjhTdA
|$8D$0
fD$ t$
1t$4D$H
L$(_^]d
SVW4eA
T$(URV
RV@P$h
u-T$XRSj
VPT$`VR
t.D$XPSU
PD$$jAPQPQL$|QS
RPVPD$`PSU
D$TRPY
PRjAWSWD$lSPV
UV3;u!
D$,PU5
VVjUVV
t$8D$0hA
QVPD$@
f\$$L$$
D$$VWj
ST$4PR
D$LheA
L$LfD$<
RPUQ,D$<
t$(Wt/$l
PURHD$
WVjheA
D$ =1A
SSjWSS$x
\$DfD$$
D$XheA
L$XfD$4
T$4RhA
RPQ,D$4
QH|^D$
|)D$ T$HR
l$4l$L5$2A
D$PheA
jPt$4j
fl$$T$$
UPD$4P
L$TfD$<
T$<RhA
RPQ,D$<
QH|3D$
L$ 51A
VW7t>F
T$(W3RPl$4l$0l$
l$$l$8l$(l$ QH
T$(Rh<4A
D$(T$ RP
D$ T$<RP
Q$D$<l$
D$ t$HL$
|$HL$h
T$0Rh\4A
|%D$0t
PPWh,fA
VUWh,fA
Q |bD$`L$hPh@fA
~>D$hh$fA
|UD$$$h
D$<E;l$
RPQxuJ
RPQxu>
|$hPPL$@D$ph
T$0W3RPt$<t$8t$ t$$t$@t$0t$
T$0Rh<4A
D$0T$(RP
D$(T$<RP
Q$D$<3
t$hP2t$pr
T$8Rh\4A
|+D$8t#$|
|ND$ $h
PPjh,fA
VUjh,fA
Q |bD$`L$hPh@fA
~:D$hh$fA
tShHfA
tGhDfA
tGhDfA
|$hPPL$
QPRxuG
|$hPPL$
|$hPPD$
|$hPPL$
|$hPPL$
|$hPPD$
|$hPPL$
PPL$4$p
L$,VhfA
SUVW3W|$,|$
WWjhTdA
NVW=1A
3;l$4t
VUjhTdA
fD$TfL$dfL$<T$<
QPD$HP
L$,T$D
L$0D$8PQ
PD$xhfA
L$tfD$
QWPR,D$(
PWUpSX6
}_^3[Y_^
tU=$2A
tJ|$<.tCL$<
3PVVt$
tmU-t2A
}ch`gA
SUVWD$
3D$ Pq
uUV5<1A
WdP_^]
t~Ht9H
PQRhiA
SUVW|$
RPQhiA
_^][_^]3[
SUVWf$
3\$$\$
\$,\$0\$4\$8\$<\$@\$D\$H\$L\$P\$T\$X\$\\$`\$d\$h\$l\$p\$t\$x\$|$
QD$0RL$$PQSjeje
S!G<O8T$
SjejePQRjSVW
PT$0QL$
D$$R$
PF<QN8RT$,PQR$;
+tYHt@HukF(P
FD3;~3D$
D$ 9\$
9\$ ~
D$$_^][
^$_3^$
^SW=80A
30R_[^
uXD$TP
yL$XT$Tj
D$TT$X
_^]3[T
_^]3[T
\$0u/Phx
\$4\$<\$D\$(\$
<D$0|$ u
D$,T$Dt
+l$8D$
L$dPhhjA
D$,ucW
L$@D$LG
\$`D$(T$
L$`\$$D$H\$ D$Lo
L$0D$LD$H
Ul$(\$(
\$$D$$\$ AuT
_^]3[T
RPQT$phaA
L$(SQ3
SUVW3;u=5dA
D$8\$0t$
3|$@3D$$SSL$Hh
L$ QhxjA
6;u;ue$T
D$(L$,@;D$(
W|$ WL$
VRPD$(
PD$$PQ
Ujh 4A
Ujh04A
ShXMVe
fXV][E3}hXMV
^WVS3D$
B8t6t8t't
B^_[SVD$
@@fu+H
8t3^[_G^[_
^[_UW}
_UQSVWE
$UQQSVWd
SVWE3PPPuu
]U4SVWe
E_^[USVWE
X_^[]UQSV}
[USVWUj
t.;t$$t(4v
;^s:RE,
u;fEf;
u.fEf;
u!fEf;
fEm}mEUUQ=(A
;^}%95tA
_^[VC20XC00U
]_^[]UL$
Ujhp4A
dPPYY;t>j,PY;Yt0@8
r;]uy;
;uY;]s
pD#U#ue
j #M_|
]#\D\D
VW3;u0DP
3_^][Vt$
^UQSV5
YUQQSV5 A
3_^[UQM
CF;sN;Eu
3_^[UQU
;w+;v'
E_^[SUVW|$
_^][Vt$
3^SVt$
>+~&WPv
YSVW33395A
tAt2t$
]EuMm]E
P%eYt,F=tA
@H80t8
X3UQQ}
A80t<^
GY}(=A
_^][USVW}
Fu FSu
_^[]t$
tP8csmu,9x
U$Ru u
}EPEPWu u
$uu$u S7u
u u$u uu
VWt!u$u u
EPEPWu u
E;EsO;>|C;~
u$u Vj
_^VW|$
X_^Ujh
u,iu$6u
WP_^[]Ujh
jEPQYY33
?csmu'
X3Ujh(5A
Ujh85A
QQSVWeE
_^[38E
mVW_^]M
UjhH5A
QQSVWee
Ujh`5A
QQSVWee
u6VYt-]
2WfYt-
VWYu3_^[
s^h,PA
YYh8PA
^UQQ4A
uEPEPu
t } u =
[Ujh5A
SVWe39=
[Shx5A
"WWSh`A
M]9}tfSuu
tMWWSuu
Mu;tVSuuu
ARV5hA
YtF>"u
< v^S39
8t9UW
YE?=t"U;Y
8u]5A
[UQQS39
EPEPSSWM
YEPEPE
@"t)t%
F8"uF@C
@C8"u,
SU-l1A
VW333;u3
SS@SSPVSSD$4
;t2U~;YD$
t#SSUPt$$VSS
;t<8t
3_^][YY
DSUVWh
YY\WP\@Y<v)\P\;j
u,9Ev'E
83_^[UWVSM
[^_UWVu
DDDDDDDDDDDDDD
t78t2=jA
333UQV}u:
Vj YjD$
SVWj \$
<WjYj
}_^[UQQE
SVWxj Ye
<3E_^[
Ju^W|$
SVWj }
Eu&E3P
EPEPvEVPw
@PEP 3|;|(EPVw
IYY3jY+O
1_^[hA
3PPPPu
3PPPPu
EP$W|$
YuYhXA
DDDDDDDDDDDDDD
QSUVW3h8A
PUj?5PA
F>:uNFVU
F>:u#FV*
_^][YSVW39=
Qf9=0A
_^[;|;
^[]Ujh8A
SVWeLA
3;u>EPj
^Vhx5A
EPVh`A
E;tc]<
$heuWSV
e33M;t)uVu
90tr0B=
@j@3YA
@;vAA9
Wj@Y3A
t7SWU
BBBu_[j
VPVPV5
@AA;rI3
;tg5l0A
GIt%t)
Gt/KuD$
GKu[^D$
[^_UQ=(A
_^[UVu
w.PYuL
PgYu?Vj
_^]V3VWj
3;VEN@
}SpSjEPS
YfE^fC
[U\SVW}
+t1-t,0tRC
VP^YYj
+ttHHtd
XO0uD}
MEEPEuPjE3
33333333E
#fWEEEEEEEEEEEE?E
u.h(9A
NfUkM}
EPnNYuO
PEPEPEM
E_^[;r
HHtYHHtF
3SUVW|$
t/P3;Yv
3_^[U$S]
EEPKYu}
u5}u,e
rYY39M
u_^[U}
]QSUV5
WWWWjPWj
t/WWUPj6Wj
Y;Yu3_^][Y
Ujh89A
0SVWe39
_u@Wx5A
r"E8]t
rE8]tP
uzSSVu
Wu 50A
e33Mu;t-VWu
_^[UQQSVW39}
Y;Yut@9u
t>_^[;
t>t24<
PutYYt<5E
V#Y3V5A
^][_U=A
Vv@P!YYt
YY^3^%
$8VWju
F'G8t,A<
FG8tPS
EEPuuu
W4<,p:A
bzbobdb++P
%+*++
eaZa*Da*.a#a
+"u:#u[#uW
;wba#uza#up{(u
#u3=wP4=w
H#uLa#uv8#uY#u
P#uBM#udM#uM#u"uY#u.
"u[#uF#uOH#u&T#u?w
b>w/P#ut}(u|(uL{(u(~(u}(u
#ug#u&#u5#uS#u[#u"u#"uiO#u3a#uY#u
"u8z(u{(u
|(u{(uQ#uQ#u5#uL#uS#u7"uu&uOX#uF#uF#uM#u;K#u~K#u7O#u~
#uO#ul(ug\#u"uiD"uQ#u9#uT#uY#u
|(uX#u|(u
O#uXN&ufL#u[L#uJ#uJ#uyZ#u
S#uON#u4=w\t>w
9#uZ#u
[#u5Q#u*Q#uFK#uS/#u1M#uP#ue#u
9`ux7au8`uA`uH`uT/au0au
tttttt
tttLtFtDtt4t4tj
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@>@@@?456789:;<=@@@@@@@
@@@@@@
 !"#$%&'()*+,-./0123@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/
?333333?
__GLOBAL_HEAP_SELECTED
__MSVCRT_HEAP_SELECT
GAIsProcessorFeaturePresent
KERNEL32
runtime error
TLOSS error
SING error
DOMAIN error
- unable to initialize heap
- not enough space for lowio initialization
- not enough space for stdio initialization
- pure virtual function call
- not enough space for _onexit/atexit table
- unable to open console device
- unexpected heap error
- unexpected multithread lock error
- not enough space for thread data
abnormal program termination
- not enough space for environment
- not enough space for arguments
- floating point not loaded
Microsoft Visual C++ Runtime Library
Runtime Error!
Program:
<program name unknown>
SunMonTueWedThuFriSat
JanFebMarAprMayJunJulAugSepOctNovDec
GetLastActivePopup
GetActiveWindow
MessageBoxA
user32.dll
1#QNAN
1#SNAN
HeapAlloc
GetProcessHeap
HeapFree
GetComputerNameA
lstrcatA
lstrlenA
GetTickCount
GetSystemInfo
GetVolumeInformationA
lstrcpyA
ExitProcess
lstrcmpA
ExitThread
InterlockedExchangeAdd
InterlockedIncrement
DeleteFileA
GetTempPathA
LeaveCriticalSection
EnterCriticalSection
CreateThread
InterlockedExchange
IsBadReadPtr
SystemTimeToFileTime
GetSystemTime
GetModuleFileNameA
GetModuleHandleA
GetProcAddress
LoadLibraryA
TerminateProcess
CloseHandle
WaitForDebugEvent
ContinueDebugEvent
DebugActiveProcess
OpenProcess
HeapReAlloc
lstrcmpiA
GetLastError
InitializeCriticalSection
GetSystemTimeAsFileTime
ReadFile
GetFileSize
CreateFileA
WriteFile
SetFilePointer
Process32Next
Process32First
CreateToolhelp32Snapshot
GetCurrentProcessId
MultiByteToWideChar
WideCharToMultiByte
CopyFileA
MoveFileA
GetSystemDirectoryA
InterlockedDecrement
WaitForSingleObject
CreateMutexA
FindClose
FindNextFileA
FindFirstFileA
HeapDestroy
HeapCreate
GetCurrentProcess
GetEnvironmentVariableA
MapViewOfFile
CreateFileMappingA
KERNEL32.dll
wsprintfA
ShowWindow
GetWindowThreadProcessId
GetSystemMetrics
GetWindowTextA
GetParent
SendMessageA
SetActiveWindow
FindWindowExA
GetActiveWindow
FindWindowA
USER32.dll
RegCloseKey
RegQueryValueExA
RegOpenKeyExA
RegSetValueExA
GetUserNameA
RegCreateKeyExA
ADVAPI32.dll
ShellExecuteA
SHGetSpecialFolderPathA
SHELL32.dll
CoCreateInstance
CoUninitialize
ole32.dll
OLEAUT32.dll
DnsRecordListFree
DnsQuery_A
DNSAPI.dll
WS2_32.dll
InternetCloseHandle
InternetReadFile
InternetOpenUrlA
InternetOpenA
CommitUrlCacheEntryA
CreateUrlCacheEntryA
UnlockUrlCacheEntryFile
DeleteUrlCacheEntry
FindCloseUrlCache
FindNextUrlCacheEntryA
FindFirstUrlCacheEntryA
WININET.dll
mixerClose
mixerSetControlDetails
mixerGetControlDetailsA
mixerGetLineControlsA
mixerGetLineInfoA
mixerGetDevCapsA
mixerOpen
mixerGetNumDevs
WINMM.dll
NetScheduleJobAdd
NetScheduleJobEnum
NETAPI32.dll
GetProfilesDirectoryA
USERENV.dll
PSAPI.DLL
StrStrA
StrDupA
StrStrIA
StrChrA
StrCmpNIA
SHLWAPI.dll
RtlUnwind
GetTimeZoneInformation
GetLocalTime
GetStartupInfoA
GetCommandLineA
GetVersion
GetVersionExA
VirtualFree
VirtualAlloc
IsBadWritePtr
HeapSize
LCMapStringA
LCMapStringW
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
SetStdHandle
FlushFileBuffers
SetUnhandledExceptionFilter
IsBadCodePtr
GetStringTypeA
GetStringTypeW
GetCPInfo
GetACP
GetOEMCP
CompareStringA
CompareStringW
SetEnvironmentVariableA
LocalFree
RaiseException
lN!(Ew
iciNWqX~=t
T{YZ90
'K1/x`\`U%U
\$lS2zw(H;Kk
a!`|H2]]]u
Ji^Bh!la
Qjh/T(
}^;uos D
ohSl>9
oR;Qm,0DE
yr,@%g
=2`#H{1S
>W\o.V
B~(2gsUO'[iX
!lJ[-ySeEI
/[<ud+
!e wBT5
h"W6d$
AJsN-GJ
4dV]-SG
npzKD).
T?eB[k?
08-M]% L&pc^
t<Xz%!
G":74v
,y|$ryVw
>%fRxL.j
nfE{7
}*/n[(!
i#PZe2Zh@*<1!
T_~}=b7w-_
XxWcr"
(1mX4a(s<|
MjGKPb=bF&[$
ap?#r3A~_;"lY7|`t
y_g@Cge48>q(= m!>
J=+hZ=@
&L4)i
FE$tO!
1'A9UG%
xB*k@5
mK1f&tn:2C[Ah xN
V@E'H::SU kK
c)3VJ*%1?
A4x{%`*`
}doITH}'
t.no:7`
U{7,gm;e'
$[Qy{;v.97yY
&-1.Bh;+jLu
dW{x`M`
Ew63kBq
BFUa.XXN8t
fStUuFa&z
j_YnFpW U
r9$||_r
`@79:7w
-Zg\B7O@'
E!nn6j/HWynvIe
^Q-jc"
[d&(::KbU/Rio
>(-}|%rZLZq)
GW;()f(.
_xU`uD
&(3uU4V
M08bX7
z{>d!Q2Ow~
F=)iSH
$m-if!
FEdlX
k~jEY:D
@@NjF4
;?o 5K
a?+y:%E49KyQ2/
g6|1O+Y:C
Ldx22
4K q2v
ybo~>f
"W##v215
`8G% 8vF
w``u N
cc.hfuidhfd.jp
92.241.163.23
pfif4.hfuidhfd.jp
ProductId
Software\Microsoft\Windows\CurrentVersion
%d.%d.%d.%d
1http://
%d %d %d %d
i %d %d n
C %d G %d C %d Feed %d: Width: %d Height: %d Type: %d Weight; %d String Len:%d - "%s" - init size: %d "%s"
ConfigInterpret: Config contains %d feeds
ConfigInterpret - sanity error 2: %d %d
%p %p %d %d
c:\debug
feedme
http://%s/0xabad1dea.php?a=%s&b=%d&c=%d
%d error code
%s.%d.%d.%s
%d.%d.%s
%d %d %d
%s.f%s
%d.%s.%s
Added feed at ptr %p
%d %d %d %d %d-%s
%d %d %d %d %s
Feed_Next fptr after sort %p
Feed_Next fptr %p after coutn check count %d
aptr->feeds is null, returning null %dx%d
PopupMgr
Software\Microsoft\Internet Explorer\New Windows
GetLastInputInfo
user32
On%d error %d %s %s ndatasize %d thedatasize %d
%d error %d %s %s
HTTP/1.1 200 OK
Content-Type: text/html
X-Powered-By: PHP/5.3.10
Content-Length: %d
</body></html
<html><head><title></title></head><body>
<html><head><title></title></head><body></body></html>
beforeEnd
Referer: http://www.google.com
about:blank
JavaScript
<script src="%s"></script>
http://
<A href="
javascript
mailto
no-name
OBJECT
EASClick=
SCRIPT
Global\%s
j5hfURWHIrwh
FJiofjs
FHifsoSDks
HfhfioSjs
JfsiJSS
jIOFjejioAD
HFudfjifejifb
FJIfjoi3r4
gjigojfd3HJ
Referer: %s
\*ad*txt
%s\%s\Application Data\Macromedia\Flash Player\
Button
Internet Explorer
#32770
Adobe Flash Player 9
NoProtectedModeBanner
Software\Microsoft\Internet Explorer\Main
Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3
UrlUnescapeA
shlwapi
CoInitialize
SOFTWARE\Microsoft\Direct3D
Error Dlg Displayed On Every Error
DisableScriptDebuggerIE
SOFTWARE\Microsoft\Internet Explorer\Main
<IFRAME FRAMEBORDER=0 MARGINWIDTH=0 MARGINHEIGHT=0 SCROLLING=NO WIDTH="%d" HEIGHT="%d" SRC="%s" tagged=YES></IFRAME>
<script language="javascript" src="%s"></script>
%d loop
Ix@oGAkU'9p|B
~QCv)/&D(
uuvHMXB
9;5SM]=];Z] T7aZ%]g']
?Zd;On
7?3=Bz
;1az?aUY~S|
D?$?9'
*?}d|FU>c{
zc%C1<!8G
u7.:3q
#2IZ9W
,%I-64OSk%Y
.?AV_com_error@@
.?AVtype_info@@
C:\Users\infocyte\Downloads\zeus.exe
C:\Users\infocyte\Downloads\zeus.exe
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
@jjjjj
@jjjjj
@I@@@@@@@@
((((( H

DNS

Name Response Post-Analysis Lookup
dns.msftncsi.com A 131.107.255.255 131.107.255.255
dns.msftncsi.com AAAA fd3e:4f5a:5b81::1 131.107.255.255

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 53179 224.0.0.252 5355
192.168.56.101 49642 224.0.0.252 5355
192.168.56.101 137 192.168.56.255 137
192.168.56.101 61714 114.114.114.114 53
192.168.56.101 56933 114.114.114.114 53
192.168.56.101 138 192.168.56.255 138

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.