5.2
中危
5 个模型检测该样本为恶意!
重新分析
更多

bd738f67d19100337ed3bc0a3d6c60f30dbb4e4904b5757a30b64d9b866783f2

6bf679461ae0c50bf7ca6d2a0c87990f.exe

分析耗时

78s

最近分析

文件大小

2.3MB
静态报毒 动态报毒 AQDH
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
McAfee 20201223 6.0.6.653
Alibaba 20190527 0.3.0.5
Baidu 20190318 1.0.0.2
Avast 20201223 21.1.5827.0
Tencent 20201223 1.0.0.1
Kingsoft 20201223 2017.9.26.565
CrowdStrike 20190702 1.0
静态指标
This executable is signed
This executable has a PDB path (1 个事件)
pdb_path D:\웹하드\소스\project\smartfile\__Etc\UpdateWindow\DebugUpdateWindow.pdb
The executable contains unknown PE section names indicative of a packer (could be a false positive) (2 个事件)
section .textbss
section .didat
The executable uses a known packer (1 个事件)
packer Microsoft Visual C++ V8.0 (Debug)
行为判定
动态指标
Performs some HTTP requests (1 个事件)
request GET http://app.smartfile.co.kr/Smartfile.exe
Allocates read-write-execute memory (usually to unpack itself) (6 个事件)
Time & API Arguments Status Return Repeated
1620984236.886126
NtProtectVirtualMemory
process_identifier: 472
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x74621000
success 0 0
1620984236.901126
NtProtectVirtualMemory
process_identifier: 472
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x74611000
success 0 0
1620984236.933126
NtProtectVirtualMemory
process_identifier: 472
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x745f1000
success 0 0
1620984236.933126
NtProtectVirtualMemory
process_identifier: 472
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x745b1000
success 0 0
1620984236.948126
NtProtectVirtualMemory
process_identifier: 472
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x745a1000
success 0 0
1620984237.104126
NtProtectVirtualMemory
process_identifier: 472
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x74401000
success 0 0
Foreign language identified in PE resource (50 out of 56 个事件)
name RT_CURSOR language LANG_KOREAN offset 0x002fccd0 filetype data sublanguage SUBLANG_KOREAN size 0x00000134
name RT_CURSOR language LANG_KOREAN offset 0x002fccd0 filetype data sublanguage SUBLANG_KOREAN size 0x00000134
name RT_CURSOR language LANG_KOREAN offset 0x002fccd0 filetype data sublanguage SUBLANG_KOREAN size 0x00000134
name RT_CURSOR language LANG_KOREAN offset 0x002fccd0 filetype data sublanguage SUBLANG_KOREAN size 0x00000134
name RT_CURSOR language LANG_KOREAN offset 0x002fccd0 filetype data sublanguage SUBLANG_KOREAN size 0x00000134
name RT_CURSOR language LANG_KOREAN offset 0x002fccd0 filetype data sublanguage SUBLANG_KOREAN size 0x00000134
name RT_CURSOR language LANG_KOREAN offset 0x002fccd0 filetype data sublanguage SUBLANG_KOREAN size 0x00000134
name RT_CURSOR language LANG_KOREAN offset 0x002fccd0 filetype data sublanguage SUBLANG_KOREAN size 0x00000134
name RT_CURSOR language LANG_KOREAN offset 0x002fccd0 filetype data sublanguage SUBLANG_KOREAN size 0x00000134
name RT_CURSOR language LANG_KOREAN offset 0x002fccd0 filetype data sublanguage SUBLANG_KOREAN size 0x00000134
name RT_CURSOR language LANG_KOREAN offset 0x002fccd0 filetype data sublanguage SUBLANG_KOREAN size 0x00000134
name RT_CURSOR language LANG_KOREAN offset 0x002fccd0 filetype data sublanguage SUBLANG_KOREAN size 0x00000134
name RT_CURSOR language LANG_KOREAN offset 0x002fccd0 filetype data sublanguage SUBLANG_KOREAN size 0x00000134
name RT_CURSOR language LANG_KOREAN offset 0x002fccd0 filetype data sublanguage SUBLANG_KOREAN size 0x00000134
name RT_CURSOR language LANG_KOREAN offset 0x002fccd0 filetype data sublanguage SUBLANG_KOREAN size 0x00000134
name RT_CURSOR language LANG_KOREAN offset 0x002fccd0 filetype data sublanguage SUBLANG_KOREAN size 0x00000134
name RT_BITMAP language LANG_KOREAN offset 0x002fcff8 filetype data sublanguage SUBLANG_KOREAN size 0x00000144
name RT_BITMAP language LANG_KOREAN offset 0x002fcff8 filetype data sublanguage SUBLANG_KOREAN size 0x00000144
name RT_ICON language LANG_KOREAN offset 0x002f73c8 filetype data sublanguage SUBLANG_KOREAN size 0x00004228
name RT_ICON language LANG_KOREAN offset 0x002f73c8 filetype data sublanguage SUBLANG_KOREAN size 0x00004228
name RT_ICON language LANG_KOREAN offset 0x002f73c8 filetype data sublanguage SUBLANG_KOREAN size 0x00004228
name RT_ICON language LANG_KOREAN offset 0x002f73c8 filetype data sublanguage SUBLANG_KOREAN size 0x00004228
name RT_ICON language LANG_KOREAN offset 0x002f73c8 filetype data sublanguage SUBLANG_KOREAN size 0x00004228
name RT_DIALOG language LANG_KOREAN offset 0x002fcf08 filetype data sublanguage SUBLANG_KOREAN size 0x00000034
name RT_DIALOG language LANG_KOREAN offset 0x002fcf08 filetype data sublanguage SUBLANG_KOREAN size 0x00000034
name RT_DIALOG language LANG_KOREAN offset 0x002fcf08 filetype data sublanguage SUBLANG_KOREAN size 0x00000034
name RT_STRING language LANG_KOREAN offset 0x002fe7f8 filetype data sublanguage SUBLANG_KOREAN size 0x00000042
name RT_STRING language LANG_KOREAN offset 0x002fe7f8 filetype data sublanguage SUBLANG_KOREAN size 0x00000042
name RT_STRING language LANG_KOREAN offset 0x002fe7f8 filetype data sublanguage SUBLANG_KOREAN size 0x00000042
name RT_STRING language LANG_KOREAN offset 0x002fe7f8 filetype data sublanguage SUBLANG_KOREAN size 0x00000042
name RT_STRING language LANG_KOREAN offset 0x002fe7f8 filetype data sublanguage SUBLANG_KOREAN size 0x00000042
name RT_STRING language LANG_KOREAN offset 0x002fe7f8 filetype data sublanguage SUBLANG_KOREAN size 0x00000042
name RT_STRING language LANG_KOREAN offset 0x002fe7f8 filetype data sublanguage SUBLANG_KOREAN size 0x00000042
name RT_STRING language LANG_KOREAN offset 0x002fe7f8 filetype data sublanguage SUBLANG_KOREAN size 0x00000042
name RT_STRING language LANG_KOREAN offset 0x002fe7f8 filetype data sublanguage SUBLANG_KOREAN size 0x00000042
name RT_STRING language LANG_KOREAN offset 0x002fe7f8 filetype data sublanguage SUBLANG_KOREAN size 0x00000042
name RT_STRING language LANG_KOREAN offset 0x002fe7f8 filetype data sublanguage SUBLANG_KOREAN size 0x00000042
name RT_STRING language LANG_KOREAN offset 0x002fe7f8 filetype data sublanguage SUBLANG_KOREAN size 0x00000042
name RT_STRING language LANG_KOREAN offset 0x002fe7f8 filetype data sublanguage SUBLANG_KOREAN size 0x00000042
name RT_GROUP_CURSOR language LANG_KOREAN offset 0x002fce08 filetype Lotus unknown worksheet or configuration, revision 0x1 sublanguage SUBLANG_KOREAN size 0x00000014
name RT_GROUP_CURSOR language LANG_KOREAN offset 0x002fce08 filetype Lotus unknown worksheet or configuration, revision 0x1 sublanguage SUBLANG_KOREAN size 0x00000014
name RT_GROUP_CURSOR language LANG_KOREAN offset 0x002fce08 filetype Lotus unknown worksheet or configuration, revision 0x1 sublanguage SUBLANG_KOREAN size 0x00000014
name RT_GROUP_CURSOR language LANG_KOREAN offset 0x002fce08 filetype Lotus unknown worksheet or configuration, revision 0x1 sublanguage SUBLANG_KOREAN size 0x00000014
name RT_GROUP_CURSOR language LANG_KOREAN offset 0x002fce08 filetype Lotus unknown worksheet or configuration, revision 0x1 sublanguage SUBLANG_KOREAN size 0x00000014
name RT_GROUP_CURSOR language LANG_KOREAN offset 0x002fce08 filetype Lotus unknown worksheet or configuration, revision 0x1 sublanguage SUBLANG_KOREAN size 0x00000014
name RT_GROUP_CURSOR language LANG_KOREAN offset 0x002fce08 filetype Lotus unknown worksheet or configuration, revision 0x1 sublanguage SUBLANG_KOREAN size 0x00000014
name RT_GROUP_CURSOR language LANG_KOREAN offset 0x002fce08 filetype Lotus unknown worksheet or configuration, revision 0x1 sublanguage SUBLANG_KOREAN size 0x00000014
name RT_GROUP_CURSOR language LANG_KOREAN offset 0x002fce08 filetype Lotus unknown worksheet or configuration, revision 0x1 sublanguage SUBLANG_KOREAN size 0x00000014
name RT_GROUP_CURSOR language LANG_KOREAN offset 0x002fce08 filetype Lotus unknown worksheet or configuration, revision 0x1 sublanguage SUBLANG_KOREAN size 0x00000014
name RT_GROUP_CURSOR language LANG_KOREAN offset 0x002fce08 filetype Lotus unknown worksheet or configuration, revision 0x1 sublanguage SUBLANG_KOREAN size 0x00000014
Creates executable files on the filesystem (1 个事件)
file C:\Program Files (x86)\Smartfile\Smartfile.exe
Drops a binary and executes it (1 个事件)
file C:\Program Files (x86)\Smartfile\Smartfile.exe
File has been identified by 5 AntiVirus engines on VirusTotal as malicious (5 个事件)
Kaspersky HEUR:Trojan-Downloader.Win32.Generic
Paloalto generic.ml
Jiangmin TrojanDownloader.Generic.aqdh
ZoneAlarm UDS:DangerousObject.Multi.Generic
Webroot W32.Backdoor.Gen
Checks adapter addresses which can be used to detect virtual network interfaces (1 个事件)
Time & API Arguments Status Return Repeated
1620984237.104126
GetAdaptersAddresses
flags: 0
family: 0
failed 111 0
An executable file was downloaded by the process 6bf679461ae0c50bf7ca6d2a0c87990f.exe (1 个事件)
Time & API Arguments Status Return Repeated
1620984240.745126
InternetReadFile
buffer: MZÿÿ¸@Ⱥ´ Í!¸LÍ!This program cannot be run in DOS mode. $1p…:uëiuëiuëi¶´iwëiuêiëëi¶¶idëi!2Ûiëi²íitëiRichuëiPEL·n3Tà ^|â0p@ ñ £@…°t´€pšPn¢ˆp˜.textô]^ `.rdataÚpb@@.data¸Tv@À.ndatað€À.rsrcpš€œz@@
request_handle: 0x00cc000c
success 1 0
网络通信
Communicates with host for which no DNS query was performed (1 个事件)
host 172.217.24.14
Sets or modifies WPAD proxy autoconfiguration file for traffic interception (15 个事件)
Time & API Arguments Status Return Repeated
1620984239.683126
RegSetValueExA
key_handle: 0x000003c0
value: 1
regkey_r: WpadDecisionReason
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionReason
success 0 0
1620984239.683126
RegSetValueExA
key_handle: 0x000003c0
value: 0‰—Á{H×
regkey_r: WpadDecisionTime
reg_type: 3 (REG_BINARY)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionTime
success 0 0
1620984239.683126
RegSetValueExA
key_handle: 0x000003c0
value: 3
regkey_r: WpadDecision
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecision
success 0 0
1620984239.683126
RegSetValueExW
key_handle: 0x000003c0
value: 网络 2
regkey_r: WpadNetworkName
reg_type: 1 (REG_SZ)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadNetworkName
success 0 0
1620984239.683126
RegSetValueExA
key_handle: 0x000003d8
value: 1
regkey_r: WpadDecisionReason
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionReason
success 0 0
1620984239.683126
RegSetValueExA
key_handle: 0x000003d8
value: 0‰—Á{H×
regkey_r: WpadDecisionTime
reg_type: 3 (REG_BINARY)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionTime
success 0 0
1620984239.683126
RegSetValueExA
key_handle: 0x000003d8
value: 3
regkey_r: WpadDecision
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecision
success 0 0
1620984239.714126
RegSetValueExW
key_handle: 0x000003bc
value: {40112ABE-63B3-43C3-BE93-1440EE3AF106}
regkey_r: WpadLastNetwork
reg_type: 1 (REG_SZ)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\WpadLastNetwork
success 0 0
1620984240.386126
RegSetValueExA
key_handle: 0x00000438
value: 1
regkey_r: WpadDecisionReason
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionReason
success 0 0
1620984240.386126
RegSetValueExA
key_handle: 0x00000438
value: ÎÂ{H×
regkey_r: WpadDecisionTime
reg_type: 3 (REG_BINARY)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionTime
success 0 0
1620984240.386126
RegSetValueExA
key_handle: 0x00000438
value: 0
regkey_r: WpadDecision
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecision
success 0 0
1620984240.386126
RegSetValueExW
key_handle: 0x00000438
value: 网络 2
regkey_r: WpadNetworkName
reg_type: 1 (REG_SZ)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadNetworkName
success 0 0
1620984240.386126
RegSetValueExA
key_handle: 0x00000448
value: 1
regkey_r: WpadDecisionReason
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionReason
success 0 0
1620984240.386126
RegSetValueExA
key_handle: 0x00000448
value: ÎÂ{H×
regkey_r: WpadDecisionTime
reg_type: 3 (REG_BINARY)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionTime
success 0 0
1620984240.386126
RegSetValueExA
key_handle: 0x00000448
value: 0
regkey_r: WpadDecision
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecision
success 0 0
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

2014-06-09 20:39:35

Imports

Library urlmon.dll:
0x6ed258 URLDownloadToFileA
Library KERNEL32.dll:
0x6ec678 GetConsoleOutputCP
0x6ec67c OpenEventA
0x6ec684 UnmapViewOfFile
0x6ec688 MapViewOfFile
0x6ec68c CreateFileMappingA
0x6ec690 OpenFileMappingA
0x6ec694 WriteConsoleA
0x6ec69c GetLocaleInfoW
0x6ec6a0 GetUserDefaultLCID
0x6ec6a4 EnumSystemLocalesA
0x6ec6a8 IsValidLocale
0x6ec6ac GetDateFormatA
0x6ec6b0 GetTimeFormatA
0x6ec6b4 GetStringTypeW
0x6ec6b8 GetStringTypeA
0x6ec6bc LCMapStringW
0x6ec6c0 LCMapStringA
0x6ec6c4 GetConsoleMode
0x6ec6c8 GetConsoleCP
0x6ec6cc GetDriveTypeA
0x6ec6e4 GetTickCount
0x6ec6ec SetHandleCount
0x6ec6f0 IsValidCodePage
0x6ec6f4 GetACP
0x6ec6f8 VirtualFree
0x6ec6fc HeapCreate
0x6ec700 HeapDestroy
0x6ec704 HeapReAlloc
0x6ec708 LoadLibraryW
0x6ec710 FatalAppExitA
0x6ec71c TerminateProcess
0x6ec720 IsDebuggerPresent
0x6ec724 OutputDebugStringW
0x6ec728 WriteConsoleW
0x6ec72c OutputDebugStringA
0x6ec730 GetStdHandle
0x6ec734 DebugBreak
0x6ec738 GetFileType
0x6ec73c SetStdHandle
0x6ec740 ExitThread
0x6ec744 CreateThread
0x6ec748 ExitProcess
0x6ec74c RaiseException
0x6ec750 GetStartupInfoA
0x6ec754 GetProcessHeap
0x6ec758 HeapAlloc
0x6ec75c HeapFree
0x6ec760 GetCommandLineA
0x6ec764 IsBadReadPtr
0x6ec768 HeapValidate
0x6ec76c VirtualQuery
0x6ec770 GetSystemInfo
0x6ec774 VirtualAlloc
0x6ec778 RtlUnwind
0x6ec780 ReleaseMutex
0x6ec784 CreateMutexA
0x6ec788 ReleaseSemaphore
0x6ec78c CreateSemaphoreA
0x6ec790 FindResourceExA
0x6ec794 GetDiskFreeSpaceA
0x6ec798 GetTempFileNameA
0x6ec79c SetFileAttributesA
0x6ec7a0 SetFileTime
0x6ec7a8 GetFileTime
0x6ec7ac GetFileAttributesA
0x6ec7b0 ResetEvent
0x6ec7b4 PulseEvent
0x6ec7b8 GetOEMCP
0x6ec7bc GetCPInfo
0x6ec7c0 GetSystemDirectoryA
0x6ec7cc GetProfileIntA
0x6ec7d0 VirtualProtect
0x6ec7d4 GlobalFlags
0x6ec7dc TlsGetValue
0x6ec7e0 LocalReAlloc
0x6ec7e4 TlsSetValue
0x6ec7ec GlobalReAlloc
0x6ec7f4 TlsFree
0x6ec7f8 GlobalHandle
0x6ec800 TlsAlloc
0x6ec808 SetErrorMode
0x6ec810 GetAtomNameA
0x6ec814 GetShortPathNameA
0x6ec818 GetThreadLocale
0x6ec81c GetFullPathNameA
0x6ec824 DeleteFileA
0x6ec828 MoveFileA
0x6ec82c GetFileSize
0x6ec830 SetEndOfFile
0x6ec834 UnlockFile
0x6ec838 LockFile
0x6ec83c FlushFileBuffers
0x6ec840 SetFilePointer
0x6ec844 WriteFile
0x6ec848 ReadFile
0x6ec84c CreateFileA
0x6ec850 GetCurrentProcess
0x6ec854 DuplicateHandle
0x6ec85c FindNextFileA
0x6ec860 FindFirstFileA
0x6ec864 FindClose
0x6ec86c GetModuleFileNameW
0x6ec870 LocalAlloc
0x6ec874 lstrcmpW
0x6ec878 GlobalGetAtomNameA
0x6ec87c GlobalFindAtomA
0x6ec880 GetVersionExA
0x6ec884 ResumeThread
0x6ec888 GetThreadPriority
0x6ec88c SetThreadPriority
0x6ec890 LoadLibraryA
0x6ec8a0 FreeResource
0x6ec8a4 GetCurrentProcessId
0x6ec8a8 GlobalAddAtomA
0x6ec8ac CreateEventA
0x6ec8b0 SuspendThread
0x6ec8b4 SetEvent
0x6ec8b8 WaitForSingleObject
0x6ec8bc CloseHandle
0x6ec8c0 FreeLibrary
0x6ec8c4 GlobalDeleteAtom
0x6ec8c8 lstrcmpA
0x6ec8cc GetCurrentThread
0x6ec8d0 GetCurrentThreadId
0x6ec8d4 GetLocaleInfoA
0x6ec8d8 LoadLibraryExA
0x6ec8dc GetModuleHandleA
0x6ec8e0 GetProcAddress
0x6ec8ec SetLastError
0x6ec8f0 MulDiv
0x6ec8f4 GlobalFree
0x6ec8f8 CopyFileA
0x6ec8fc GlobalSize
0x6ec900 GlobalAlloc
0x6ec904 GlobalLock
0x6ec908 GlobalUnlock
0x6ec90c FormatMessageA
0x6ec910 LocalFree
0x6ec914 CreateDirectoryA
0x6ec918 lstrcpyA
0x6ec91c LoadResource
0x6ec920 LockResource
0x6ec924 SizeofResource
0x6ec928 FindResourceA
0x6ec92c GetModuleFileNameA
0x6ec930 GetLocalTime
0x6ec934 GetLastError
0x6ec938 lstrlenA
0x6ec93c lstrcmpiA
0x6ec940 lstrcmpiW
0x6ec944 GetStringTypeExA
0x6ec948 GetStringTypeExW
0x6ec94c WideCharToMultiByte
0x6ec950 lstrlenW
0x6ec954 CompareStringA
0x6ec958 CompareStringW
0x6ec960 MultiByteToWideChar
0x6ec964 InterlockedExchange
0x6ec968 GetVersion
Library USER32.dll:
0x6ecbbc ShowWindow
0x6ecbc0 MoveWindow
0x6ecbc4 SetWindowTextA
0x6ecbc8 IsDialogMessageA
0x6ecbcc ScrollWindowEx
0x6ecbd0 IsDlgButtonChecked
0x6ecbd4 SetDlgItemTextA
0x6ecbd8 SetDlgItemInt
0x6ecbdc GetDlgItemTextA
0x6ecbe0 GetDlgItemInt
0x6ecbe4 CheckRadioButton
0x6ecbe8 CheckDlgButton
0x6ecbf0 CreateWindowExA
0x6ecbf4 GetClassInfoExA
0x6ecbf8 GetClassInfoA
0x6ecbfc RegisterClassA
0x6ecc00 SendDlgItemMessageA
0x6ecc04 GetSysColor
0x6ecc08 SetFocus
0x6ecc0c AdjustWindowRectEx
0x6ecc10 EqualRect
0x6ecc14 DeferWindowPos
0x6ecc18 BeginDeferWindowPos
0x6ecc1c CopyRect
0x6ecc20 EndDeferWindowPos
0x6ecc24 ScrollWindow
0x6ecc28 GetScrollInfo
0x6ecc2c SetScrollInfo
0x6ecc30 WinHelpA
0x6ecc34 TrackPopupMenuEx
0x6ecc38 TrackPopupMenu
0x6ecc3c SetWindowPlacement
0x6ecc44 GetWindowTextA
0x6ecc48 GetDlgCtrlID
0x6ecc4c GetClassLongA
0x6ecc50 GetClassNameA
0x6ecc54 SetPropA
0x6ecc58 UnhookWindowsHookEx
0x6ecc5c GetPropA
0x6ecc60 CallWindowProcA
0x6ecc64 RemovePropA
0x6ecc68 DefWindowProcA
0x6ecc6c GetMessageTime
0x6ecc70 GetMessagePos
0x6ecc74 SetWindowLongA
0x6ecc78 OffsetRect
0x6ecc7c IntersectRect
0x6ecc84 GetWindowPlacement
0x6ecc88 OpenIcon
0x6ecc8c CloseWindow
0x6ecc90 LoadIconA
0x6ecc94 LoadCursorA
0x6ecc98 PostThreadMessageA
0x6ecc9c SetScrollRange
0x6ecca0 GetScrollRange
0x6ecca4 SetScrollPos
0x6ecca8 GetScrollPos
0x6eccb4 SendNotifyMessageA
0x6eccb8 GetForegroundWindow
0x6eccbc SetForegroundWindow
0x6eccc0 ShowCaret
0x6eccc4 HideCaret
0x6eccc8 SetCaretPos
0x6ecccc GetCaretPos
0x6eccd0 CreateCaret
0x6eccd4 GetClipboardViewer
0x6eccd8 GetClipboardOwner
0x6ecce0 OpenClipboard
0x6ecce4 SetClipboardViewer
0x6eccec FlashWindow
0x6eccf0 WindowFromPoint
0x6eccf4 SetParent
0x6eccf8 IsChild
0x6eccfc GetWindow
0x6ecd00 GetTopWindow
0x6ecd04 FindWindowExA
0x6ecd08 FindWindowA
0x6ecd10 LoadAcceleratorsA
0x6ecd14 ShowScrollBar
0x6ecd18 GetNextDlgTabItem
0x6ecd1c GetNextDlgGroupItem
0x6ecd24 DlgDirSelectExA
0x6ecd28 DlgDirListComboBoxA
0x6ecd2c DlgDirListA
0x6ecd30 SetCapture
0x6ecd34 GetCapture
0x6ecd38 KillTimer
0x6ecd3c SetTimer
0x6ecd40 DrawCaption
0x6ecd44 DrawAnimatedRects
0x6ecd48 EnableScrollBar
0x6ecd4c RedrawWindow
0x6ecd50 LockWindowUpdate
0x6ecd54 GetDCEx
0x6ecd58 ShowOwnedPopups
0x6ecd5c IsWindowVisible
0x6ecd60 ValidateRgn
0x6ecd64 InvalidateRgn
0x6ecd68 InvalidateRect
0x6ecd6c GetUpdateRgn
0x6ecd70 GetUpdateRect
0x6ecd74 UpdateWindow
0x6ecd78 ReleaseDC
0x6ecd7c GetWindowDC
0x6ecd80 GetDC
0x6ecd84 EndPaint
0x6ecd88 BeginPaint
0x6ecd8c ScreenToClient
0x6ecd90 ClientToScreen
0x6ecd94 MapWindowPoints
0x6ecd98 GetClientRect
0x6ecd9c GetWindowRect
0x6ecda0 BringWindowToTop
0x6ecda4 GetWindowRgn
0x6ecda8 SetWindowRgn
0x6ecdb0 IsZoomed
0x6ecdb4 IsIconic
0x6ecdb8 HiliteMenuItem
0x6ecdbc GetSystemMenu
0x6ecdc0 DrawMenuBar
0x6ecdc4 SetMenu
0x6ecdc8 GetMenu
0x6ecdcc DragDetect
0x6ecdd0 CheckMenuRadioItem
0x6ecddc LoadMenuIndirectA
0x6ecde0 LoadMenuA
0x6ecde4 ModifyMenuA
0x6ecde8 InsertMenuItemA
0x6ecdec SetMenuItemInfoA
0x6ecdf0 GetMenuItemInfoA
0x6ecdf4 GetMenuDefaultItem
0x6ecdf8 SetMenuDefaultItem
0x6ecdfc EnableMenuItem
0x6ece00 CheckMenuItem
0x6ece04 DeleteMenu
0x6ece08 CreatePopupMenu
0x6ece0c CreateMenu
0x6ece10 ScrollDC
0x6ece14 GrayStringA
0x6ece1c DrawTextExA
0x6ece20 DrawTextA
0x6ece24 DrawFocusRect
0x6ece28 DrawFrameControl
0x6ece2c DrawEdge
0x6ece30 DrawStateA
0x6ece34 DrawIcon
0x6ece38 InvertRect
0x6ece3c FrameRect
0x6ece40 FillRect
0x6ece44 ExcludeUpdateRgn
0x6ece48 WindowFromDC
0x6ece4c GetSysColorBrush
0x6ece50 MapVirtualKeyA
0x6ece54 GetKeyNameTextA
0x6ece58 EndDialog
0x6ece5c GetDesktopWindow
0x6ece60 GetActiveWindow
0x6ece64 DestroyMenu
0x6ece68 ReleaseCapture
0x6ece6c WaitMessage
0x6ece70 GetAsyncKeyState
0x6ece74 SetRectEmpty
0x6ece7c UnpackDDElParam
0x6ece80 DestroyIcon
0x6ece84 SetActiveWindow
0x6ece90 ReuseDDElParam
0x6ece94 GetDialogBaseUnits
0x6ece98 UnregisterClassA
0x6ecea4 IsWindowUnicode
0x6ecea8 GetMessageW
0x6eceac DispatchMessageW
0x6eceb0 SubtractRect
0x6eceb4 UnionRect
0x6eceb8 InflateRect
0x6ecebc SetRect
0x6ecec0 PtInRect
0x6ecec4 IsRectEmpty
0x6ecec8 DestroyWindow
0x6ececc GetDlgItem
0x6eced0 MessageBoxA
0x6eced4 GetWindowLongA
0x6eced8 GetParent
0x6ecedc GetLastActivePopup
0x6ecee0 IsWindowEnabled
0x6ecee4 EnableWindow
0x6eceec SetCursor
0x6ecef0 GetKeyState
0x6ecef4 CallNextHookEx
0x6ecef8 PeekMessageA
0x6ecefc GetCursorPos
0x6ecf00 SetWindowsHookExA
0x6ecf04 ValidateRect
0x6ecf08 GetMessageA
0x6ecf0c TranslateMessage
0x6ecf10 DispatchMessageA
0x6ecf18 LoadBitmapA
0x6ecf1c SetMenuItemBitmaps
0x6ecf20 GetFocus
0x6ecf24 TabbedTextOutA
0x6ecf28 PostMessageA
0x6ecf2c SendMessageA
0x6ecf30 IsWindow
0x6ecf34 MapDialogRect
0x6ecf38 PostQuitMessage
0x6ecf3c RemoveMenu
0x6ecf40 IsMenu
0x6ecf44 GetMenuItemCount
0x6ecf48 GetSubMenu
0x6ecf4c GetMenuState
0x6ecf50 GetMenuStringA
0x6ecf54 AppendMenuA
0x6ecf58 InsertMenuA
0x6ecf5c GetMenuItemID
0x6ecf60 GetSystemMetrics
0x6ecf64 CharUpperA
0x6ecf68 CharUpperW
0x6ecf6c CharLowerA
0x6ecf70 CharLowerW
0x6ecf74 SetWindowPos
Library GDI32.dll:
0x6ec27c UpdateColors
0x6ec280 GetBkColor
0x6ec284 GetBkMode
0x6ec288 GetPolyFillMode
0x6ec28c GetROP2
0x6ec290 GetStretchBltMode
0x6ec294 GetTextColor
0x6ec298 GetMapMode
0x6ec29c GetGraphicsMode
0x6ec2a0 GetWorldTransform
0x6ec2a4 GetViewportOrgEx
0x6ec2a8 GetViewportExtEx
0x6ec2ac GetWindowOrgEx
0x6ec2b0 GetWindowExtEx
0x6ec2b4 DPtoLP
0x6ec2b8 LPtoDP
0x6ec2bc FillRgn
0x6ec2c0 FrameRgn
0x6ec2c4 InvertRgn
0x6ec2c8 PaintRgn
0x6ec2cc PtVisible
0x6ec2d0 RectVisible
0x6ec2d8 Arc
0x6ec2dc Polyline
0x6ec2e0 Chord
0x6ec2e4 Ellipse
0x6ec2e8 Pie
0x6ec2ec Polygon
0x6ec2f0 PolyPolygon
0x6ec2f4 Rectangle
0x6ec2f8 RoundRect
0x6ec2fc PatBlt
0x6ec300 BitBlt
0x6ec304 StretchBlt
0x6ec308 GetPixel
0x6ec30c SetPixel
0x6ec310 FloodFill
0x6ec314 ExtFloodFill
0x6ec31c TextOutA
0x6ec324 GetTextAlign
0x6ec328 GetTextFaceA
0x6ec32c GetTextMetricsA
0x6ec334 GetCharWidthA
0x6ec338 GetFontLanguageInfo
0x6ec344 Escape
0x6ec348 SetBoundsRect
0x6ec34c GetBoundsRect
0x6ec350 ResetDCA
0x6ec358 GetCharABCWidthsA
0x6ec35c GetFontData
0x6ec360 GetKerningPairsA
0x6ec364 GetGlyphOutlineA
0x6ec368 StartDocA
0x6ec36c StartPage
0x6ec370 EndPage
0x6ec374 SetAbortProc
0x6ec378 AbortDoc
0x6ec37c EndDoc
0x6ec380 MaskBlt
0x6ec384 PlgBlt
0x6ec388 SetPixelV
0x6ec38c AngleArc
0x6ec390 GetArcDirection
0x6ec394 PolyPolyline
0x6ec398 GetColorAdjustment
0x6ec39c RealizePalette
0x6ec3a0 PolyBezier
0x6ec3a4 DrawEscape
0x6ec3a8 ExtEscape
0x6ec3b0 GetCharWidthFloatA
0x6ec3b4 AbortPath
0x6ec3b8 BeginPath
0x6ec3bc CloseFigure
0x6ec3c0 EndPath
0x6ec3c4 FillPath
0x6ec3c8 FlattenPath
0x6ec3cc GetMiterLimit
0x6ec3d0 GetPath
0x6ec3d4 SetMiterLimit
0x6ec3d8 StrokeAndFillPath
0x6ec3dc StrokePath
0x6ec3e0 WidenPath
0x6ec3e4 GdiComment
0x6ec3e8 PlayEnhMetaFile
0x6ec3ec GetDCOrgEx
0x6ec3f0 GetClipBox
0x6ec3f4 SetTextColor
0x6ec3f8 SetBkColor
0x6ec3fc DeleteDC
0x6ec400 SaveDC
0x6ec404 RestoreDC
0x6ec408 SelectPalette
0x6ec40c SetBkMode
0x6ec410 SetPolyFillMode
0x6ec414 SetROP2
0x6ec418 SetStretchBltMode
0x6ec41c SetGraphicsMode
0x6ec420 SetWorldTransform
0x6ec428 SetMapMode
0x6ec42c SetViewportOrgEx
0x6ec430 OffsetViewportOrgEx
0x6ec434 SetViewportExtEx
0x6ec438 ScaleViewportExtEx
0x6ec43c SetWindowOrgEx
0x6ec440 OffsetWindowOrgEx
0x6ec444 SetWindowExtEx
0x6ec448 ScaleWindowExtEx
0x6ec44c SelectClipRgn
0x6ec450 ExcludeClipRect
0x6ec454 IntersectClipRect
0x6ec458 OffsetClipRgn
0x6ec45c MoveToEx
0x6ec460 LineTo
0x6ec464 SetTextAlign
0x6ec470 SetMapperFlags
0x6ec474 ArcTo
0x6ec478 SetArcDirection
0x6ec47c PolyDraw
0x6ec480 PolylineTo
0x6ec484 SetColorAdjustment
0x6ec488 PolyBezierTo
0x6ec48c DeleteObject
0x6ec490 GetClipRgn
0x6ec494 SelectClipPath
0x6ec498 ExtSelectClipRgn
0x6ec49c PlayMetaFileRecord
0x6ec4a0 EnumMetaFile
0x6ec4a4 PlayMetaFile
0x6ec4a8 StretchDIBits
0x6ec4ac EnumFontFamiliesExA
0x6ec4b0 CreatePolygonRgn
0x6ec4b8 CreateEllipticRgn
0x6ec4bc GetNearestColor
0x6ec4c0 SelectObject
0x6ec4c4 EnumObjects
0x6ec4c8 SetBrushOrgEx
0x6ec4cc GetBrushOrgEx
0x6ec4d0 CreateCompatibleDC
0x6ec4d4 CreateICA
0x6ec4d8 RectInRegion
0x6ec4dc PtInRegion
0x6ec4e0 GetRgnBox
0x6ec4e4 OffsetRgn
0x6ec4e8 EqualRgn
0x6ec4ec CombineRgn
0x6ec4f0 SetRectRgn
0x6ec4f4 GetRegionData
0x6ec4f8 ExtCreateRegion
0x6ec4fc PathToRegion
0x6ec500 CreateRectRgn
0x6ec504 GetCurrentObject
0x6ec50c CopyMetaFileA
0x6ec510 CreateDCA
0x6ec514 GetDeviceCaps
0x6ec518 CreateMetaFileA
0x6ec51c ResizePalette
0x6ec524 AnimatePalette
0x6ec528 SetPaletteEntries
0x6ec52c GetPaletteEntries
0x6ec534 CreatePalette
0x6ec548 GetBitmapBits
0x6ec54c SetBitmapBits
0x6ec554 CreateFontA
0x6ec558 CreateFontIndirectA
0x6ec560 CreatePatternBrush
0x6ec564 CreateBrushIndirect
0x6ec568 CreateHatchBrush
0x6ec56c CreateSolidBrush
0x6ec570 ExtCreatePen
0x6ec574 CreatePenIndirect
0x6ec578 CreatePen
0x6ec57c GetObjectType
0x6ec580 UnrealizeObject
0x6ec584 GetStockObject
0x6ec588 GetObjectA
0x6ec58c CreateBitmap
0x6ec590 ExtTextOutA
0x6ec594 CloseEnhMetaFile
0x6ec598 CreateEnhMetaFileA
0x6ec59c CloseMetaFile
0x6ec5a0 CreateRoundRectRgn
Library comdlg32.dll:
0x6ed184 GetFileTitleA
Library WINSPOOL.DRV:
0x6ed14c ClosePrinter
0x6ed150 DocumentPropertiesA
0x6ed154 OpenPrinterA
Library ADVAPI32.dll:
0x6ec1d0 RegEnumKeyA
0x6ec1d4 GetFileSecurityA
0x6ec1d8 SetFileSecurityA
0x6ec1dc RegCreateKeyA
0x6ec1e0 RegDeleteValueA
0x6ec1e4 RegSetValueExA
0x6ec1e8 RegCreateKeyExA
0x6ec1ec RegDeleteKeyA
0x6ec1f0 OpenThreadToken
0x6ec1f4 RegQueryValueA
0x6ec1f8 RegOpenKeyExA
0x6ec1fc RegQueryValueExA
0x6ec200 RegOpenKeyA
0x6ec204 RegSetValueA
0x6ec208 RegCloseKey
0x6ec20c SetThreadToken
0x6ec210 RevertToSelf
Library SHELL32.dll:
0x6ecb28 DragQueryFileA
0x6ecb30 DragAcceptFiles
0x6ecb34 SHGetFileInfoA
0x6ecb38 ExtractIconA
0x6ecb3c DragFinish
0x6ecb40 ShellExecuteA
Library COMCTL32.dll:
Library SHLWAPI.dll:
0x6ecb74 PathFindExtensionA
0x6ecb7c UrlUnescapeA
0x6ecb80 PathIsUNCA
0x6ecb84 PathFindFileNameA
0x6ecb88 PathStripToRootA
Library ole32.dll:
0x6ed1b4 CoRevokeClassObject
0x6ed1b8 CoCreateInstance
0x6ed1bc CoDisconnectObject
0x6ed1c0 ReleaseStgMedium
0x6ed1c4 CoTaskMemAlloc
0x6ed1c8 CoTreatAsClass
0x6ed1cc StringFromCLSID
0x6ed1d0 ReadClassStg
0x6ed1d4 ReadFmtUserTypeStg
0x6ed1dc WriteClassStg
0x6ed1e0 WriteFmtUserTypeStg
0x6ed1e4 SetConvertStg
0x6ed1e8 CreateBindCtx
0x6ed1ec CoTaskMemFree
0x6ed1f0 OleDuplicateData
0x6ed1f4 OleRun
0x6ed1f8 CLSIDFromProgID
0x6ed1fc CLSIDFromString
0x6ed204 CoMarshalInterface
0x6ed210 StringFromGUID2
0x6ed214 OleRegGetUserType
Library OLEAUT32.dll:
0x6eca38 VarUdateFromDate
0x6eca44 LoadTypeLib
0x6eca48 SysAllocString
0x6eca4c VarBstrFromDate
0x6eca50 VarDateFromStr
0x6eca54 VarDecFromStr
0x6eca58 VarBstrFromDec
0x6eca5c SysStringLen
0x6eca64 SysStringByteLen
0x6eca68 SysFreeString
0x6eca6c VariantClear
0x6eca70 VariantChangeType
0x6eca74 VariantInit
0x6eca78 SysAllocStringLen
0x6eca7c SafeArrayGetDim
0x6eca88 SafeArrayAccessData
0x6eca8c SafeArrayGetUBound
0x6eca90 SafeArrayGetLBound
0x6eca94 SafeArrayRedim
0x6eca98 SafeArrayCreate
0x6eca9c VariantCopy
0x6ecaa0 SysReAllocStringLen
0x6ecaa4 VarCyFromStr
0x6ecaa8 VarBstrFromCy
0x6ecaac SafeArrayCopy
0x6ecab0 SafeArrayAllocData
0x6ecab8 SafeArrayGetElement
0x6ecabc SafeArrayPtrOfIndex
0x6ecac0 SafeArrayPutElement
0x6ecac4 SafeArrayLock
0x6ecac8 SafeArrayUnlock
0x6ecacc SafeArrayDestroy
0x6ecad4 VarDateFromUdate
Library WININET.dll:
0x6ed074 FtpFindFirstFileA
0x6ed078 InternetCrackUrlA
0x6ed084 InternetOpenA
0x6ed088 InternetCloseHandle
0x6ed08c InternetOpenUrlA
0x6ed098 InternetSetCookieA
0x6ed09c InternetGetCookieA
0x6ed0a4 InternetWriteFile
0x6ed0a8 InternetReadFile
0x6ed0b0 InternetConnectA
0x6ed0b4 FtpDeleteFileA
0x6ed0b8 FtpRenameFileA
0x6ed0bc FtpCreateDirectoryA
0x6ed0c0 FtpRemoveDirectoryA
0x6ed0cc FtpOpenFileA
0x6ed0d0 FtpCommandA
0x6ed0d4 FtpPutFileA
0x6ed0d8 FtpGetFileA
0x6ed0e0 GopherGetAttributeA
0x6ed0e4 GopherOpenFileA
0x6ed0e8 HttpOpenRequestA
0x6ed0ec InternetErrorDlg
0x6ed0f0 HttpQueryInfoA
0x6ed0f4 HttpSendRequestA
0x6ed0f8 HttpEndRequestA
0x6ed0fc HttpSendRequestExA

Hosts

No hosts contacted.

TCP

Source Source Port Destination Destination Port
192.168.56.101 49175 211.56.156.131 app.smartfile.co.kr 80
192.168.56.101 49176 211.56.156.131 app.smartfile.co.kr 80

UDP

Source Source Port Destination Destination Port
192.168.56.101 50534 114.114.114.114 53
192.168.56.101 51963 114.114.114.114 53
192.168.56.101 53657 114.114.114.114 53
192.168.56.101 56539 114.114.114.114 53
192.168.56.101 65004 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 49235 224.0.0.252 5355
192.168.56.101 51808 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 60123 224.0.0.252 5355
192.168.56.101 62191 224.0.0.252 5355
192.168.56.101 1900 239.255.255.250 1900
192.168.56.101 50535 239.255.255.250 3702
192.168.56.101 51809 239.255.255.250 3702
192.168.56.101 56540 239.255.255.250 3702
192.168.56.101 56807 239.255.255.250 1900
192.168.56.101 58707 239.255.255.250 3702

HTTP & HTTPS Requests

URI Data
http://app.smartfile.co.kr/Smartfile.exe 
GET /Smartfile.exe HTTP/1.1
User-Agent: 6bf679461ae0c50bf7ca6d2a0c87990f
Host: app.smartfile.co.kr
Cache-Control: no-cache
http://app.smartfile.co.kr/Smartfile.exe 
GET /Smartfile.exe HTTP/1.1
Accept: text/ini, text/dat, exe/exe
User-Agent: GetWebFile/1.0
Host: app.smartfile.co.kr

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.