8.0
高危
46 个模型检测该样本为恶意!
重新分析
更多

3799e2464c960c56149417c5d04a94c34e632f8ec4c7f98d41bfcf15ff7e63c6

701c7def65175d6188788b5ee067419a.exe

分析耗时

99s

最近分析

文件大小

5.7MB
静态报毒 动态报毒 ADWAREELEX AI SCORE=86 ATTRIBUTE CLASSIC CONFIDENCE ELDORADO GAMETOOL GEN8 GENERICKD GENERICRXIT GENETIC HIGH CONFIDENCE HIGHCONFIDENCE MALICIOUS MALICIOUS PE PRIVACYRISK S8079995 SCORE SUSGEN UNSAFE WACATAC YOUXUN YOUXUNRI YXDOWN 更多
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
McAfee GenericRXIT-PJ!701C7DEF6517 20191029 6.0.6.653
Alibaba RiskWare:Win32/YouXun.b266df49 20190527 0.3.0.5
Baidu 20190318 1.0.0.2
Avast Win32:Malware-gen 20191029 18.4.3895.0
Kingsoft 20191029 2013.8.14.323
Tencent 20191029 1.0.0.1
CrowdStrike win/malicious_confidence_60% (D) 20190702 1.0
静态指标
Queries for the computername (1 个事件)
Time & API Arguments Status Return Repeated
1620964860.45525
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
This executable has a PDB path (1 个事件)
pdb_path d:\work\yxbox\trunk\bin\Win32\Release\Patch\downloader2\RAR压缩_24_197.pdb
The file contains an unknown PE resource name possibly indicative of a packer (4 个事件)
resource name DL
resource name PLUGIN
resource name PNG
resource name ZIP
行为判定
动态指标
One or more potentially interesting buffers were extracted, these generally contain injected code, configuration data, etc.
HTTP traffic contains suspicious features which may be indicative of malware related traffic (10 个事件)
suspicious_features GET method with no useragent header suspicious_request GET http://api.pcsoft.jshhdian.com/cgi/PCSoftInfo.ashx/pcsoft/getentity?id=
suspicious_features GET method with no useragent header suspicious_request GET http://api.yb.jshhdian.com/open/rili/ip.json?ip=192.168.137.1
suspicious_features GET method with no useragent header suspicious_request GET http://eoud.dgygpx.com/Install/image/52kzip.ico
suspicious_features GET method with no useragent header suspicious_request GET http://ymte.sgdebao.com/yxh/img/2345.png
suspicious_features GET method with no useragent header suspicious_request GET http://eoud.dgygpx.com/yxh/img/shoujimnds.ico
suspicious_features GET method with no useragent header suspicious_request GET http://eoud.dgygpx.com/Install/image/easynote.ico
suspicious_features GET method with no useragent header suspicious_request GET http://poik.kxyw123.com/yxh/img/qqyx.ico
suspicious_features GET method with no useragent header suspicious_request GET http://eoud.dgygpx.com/Install/image/mofangmt.ico
suspicious_features GET method with no useragent header suspicious_request GET http://eoud.dgygpx.com/yxh/img/jiaotang.ico
suspicious_features GET method with no useragent header suspicious_request GET http://eoud.dgygpx.com/yxh/img/aqi.png
Performs some HTTP requests (36 个事件)
request GET http://api.pcsoft.jshhdian.com/cgi/PCSoftInfo.ashx/pcsoft/getentity?id=
request GET http://ggstats.yb.jshhdian.comhttp://ggstats.yb.jshhdian.com/pinforesults.do?sc=%3DFUQmS3ck6XanBUNgSXZwync4AHaA13cza3ZnRXZwync4AHaA13czanKyFUQ16XewOnK4BUMyNXMnCUM4JUMxBUM5BUQkGXcnFUQlm3d
request GET http://api.yb.jshhdian.com/open/rili/ip.json?ip=192.168.137.1
request GET http://ymte.sgdebao.com/yxh/navico/baidu.png
request GET http://ymte.sgdebao.com/yxh/navico/wangzdh.png
request GET http://ymte.sgdebao.com/yxh/navico/37_1_0707.ico
request GET http://ymte.sgdebao.com/yxh/navico/37_1_0707.png
request GET http://ymte.sgdebao.com/yxh/navico/toutiao.png
request GET http://ymte.sgdebao.com/yxh/navico/jd.ico
request GET http://ymte.sgdebao.com/yxh/navico/jd.png
request GET http://ymte.sgdebao.com/yxh/navico/jdmiaos.ico
request GET http://ymte.sgdebao.com/yxh/navico/jdmiaos.png
request GET http://ymte.sgdebao.com/yxh/navico/aitb.png
request GET http://ymte.sgdebao.com/yxh/navico/tmall.png
request GET http://ymte.sgdebao.com/yxh/navico/temai.png
request GET http://ymte.sgdebao.com/yxh/navico/37_2_0707.ico
request GET http://ymte.sgdebao.com/yxh/navico/37_2_0707.png
request GET http://ymte.sgdebao.com/yxh/navico/cpgm.ico
request GET http://ymte.sgdebao.com/yxh/navico/cpgm.png
request GET http://eoud.dgygpx.com/Install/image/52kzip.ico
request GET http://ymte.sgdebao.com/yxh/img/2345.png
request GET http://eoud.dgygpx.com/yxh/img/shoujimnds.ico
request GET http://eoud.dgygpx.com/Install/image/easynote.ico
request GET http://poik.kxyw123.com/yxh/img/qqyx.ico
request GET http://eoud.dgygpx.com/Install/image/mofangmt.ico
request GET http://eoud.dgygpx.com/yxh/img/jiaotang.ico
request GET http://eoud.dgygpx.com/yxh/img/aqi.png
request GET http://dw.jshhdian.com/xiazaiqi/box_520x240.html
request GET http://dw.jshhdian.com/post/index_az_11.html
request GET http://api.pcsoft.70gj.cn/cgi/PCSoftInfo.ashx/pcsoft/countdo?sc===RO4RkO2lENzZUNAVXcqSoKxF0YlG3ct63ewSXQlmXcwKoanFUQlmnKANHSOSYS7mGeaeVU1OnbOSYRF2FeoSVUA53d
request GET http://sdmv.wxyxch.cn/Install/0105-4.gif
request GET http://ocsp.globalsign.com/rootr1/MEwwSjBIMEYwRDAJBgUrDgMCGgUABBS3V7W2nAf4FiMTjpDJKg6%2BMgGqMQQUYHtmGkUNl8qJUC99BM00qP%2F8%2FUsCCwQAAAAAAURO8EJH
request GET http://ocsp2.globalsign.com/gsorganizationvalsha2g2/ME0wSzBJMEcwRTAJBgUrDgMCGgUABBQMnk2cPe3vhNiR6XLHz4QGvBl7BwQUlt5h8b0cFilTHMDMfTuDAEDmGnwCDDSk20WxFnlwLi3iMg%3D%3D
request GET https://s13.cnzz.com/z_stat.php?id=1275063478&web_id=1275063478
request GET https://z7.cnzz.com/stat.htm?id=1275063478&r=&lg=zh-cn&ntime=none&cnzz_eid=484212506-1620934779-&showp=800x600&p=http%3A%2F%2Fdw.jshhdian.com%2Fpost%2Findex_az_11.html&t=Document&umuuid=179688903a8159-0cd2d6e608436f8-26596759-75300-179688903b855e&h=1&rnd=593138496
request GET https://c.cnzz.com/core.php?web_id=1275063478&t=z
Foreign language identified in PE resource (50 out of 106 个事件)
name DL language LANG_CHINESE offset 0x001e857c filetype PE32 executable (DLL) (GUI) Intel 80386, for MS Windows sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00048a00
name PLUGIN language LANG_CHINESE offset 0x002b0650 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x0001e8ba
name PLUGIN language LANG_CHINESE offset 0x002b0650 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x0001e8ba
name PLUGIN language LANG_CHINESE offset 0x002b0650 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x0001e8ba
name PNG language LANG_CHINESE offset 0x002e82ec filetype PNG image data, 15 x 45, 8-bit colormap, non-interlaced sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000131
name PNG language LANG_CHINESE offset 0x002e82ec filetype PNG image data, 15 x 45, 8-bit colormap, non-interlaced sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000131
name PNG language LANG_CHINESE offset 0x002e82ec filetype PNG image data, 15 x 45, 8-bit colormap, non-interlaced sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000131
name PNG language LANG_CHINESE offset 0x002e82ec filetype PNG image data, 15 x 45, 8-bit colormap, non-interlaced sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000131
name PNG language LANG_CHINESE offset 0x002e82ec filetype PNG image data, 15 x 45, 8-bit colormap, non-interlaced sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000131
name PNG language LANG_CHINESE offset 0x002e82ec filetype PNG image data, 15 x 45, 8-bit colormap, non-interlaced sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000131
name PNG language LANG_CHINESE offset 0x002e82ec filetype PNG image data, 15 x 45, 8-bit colormap, non-interlaced sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000131
name PNG language LANG_CHINESE offset 0x002e82ec filetype PNG image data, 15 x 45, 8-bit colormap, non-interlaced sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000131
name PNG language LANG_CHINESE offset 0x002e82ec filetype PNG image data, 15 x 45, 8-bit colormap, non-interlaced sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000131
name PNG language LANG_CHINESE offset 0x002e82ec filetype PNG image data, 15 x 45, 8-bit colormap, non-interlaced sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000131
name PNG language LANG_CHINESE offset 0x002e82ec filetype PNG image data, 15 x 45, 8-bit colormap, non-interlaced sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000131
name PNG language LANG_CHINESE offset 0x002e82ec filetype PNG image data, 15 x 45, 8-bit colormap, non-interlaced sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000131
name PNG language LANG_CHINESE offset 0x002e82ec filetype PNG image data, 15 x 45, 8-bit colormap, non-interlaced sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000131
name PNG language LANG_CHINESE offset 0x002e82ec filetype PNG image data, 15 x 45, 8-bit colormap, non-interlaced sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000131
name PNG language LANG_CHINESE offset 0x002e82ec filetype PNG image data, 15 x 45, 8-bit colormap, non-interlaced sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000131
name PNG language LANG_CHINESE offset 0x002e82ec filetype PNG image data, 15 x 45, 8-bit colormap, non-interlaced sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000131
name PNG language LANG_CHINESE offset 0x002e82ec filetype PNG image data, 15 x 45, 8-bit colormap, non-interlaced sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000131
name PNG language LANG_CHINESE offset 0x002e82ec filetype PNG image data, 15 x 45, 8-bit colormap, non-interlaced sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000131
name PNG language LANG_CHINESE offset 0x002e82ec filetype PNG image data, 15 x 45, 8-bit colormap, non-interlaced sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000131
name PNG language LANG_CHINESE offset 0x002e82ec filetype PNG image data, 15 x 45, 8-bit colormap, non-interlaced sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000131
name PNG language LANG_CHINESE offset 0x002e82ec filetype PNG image data, 15 x 45, 8-bit colormap, non-interlaced sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000131
name PNG language LANG_CHINESE offset 0x002e82ec filetype PNG image data, 15 x 45, 8-bit colormap, non-interlaced sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000131
name ZIP language LANG_CHINESE offset 0x0059f880 filetype JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 500x281, frames 3 sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x000016d1
name ZIP language LANG_CHINESE offset 0x0059f880 filetype JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 500x281, frames 3 sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x000016d1
name ZIP language LANG_CHINESE offset 0x0059f880 filetype JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 500x281, frames 3 sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x000016d1
name ZIP language LANG_CHINESE offset 0x0059f880 filetype JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 500x281, frames 3 sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x000016d1
name ZIP language LANG_CHINESE offset 0x0059f880 filetype JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 500x281, frames 3 sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x000016d1
name ZIP language LANG_CHINESE offset 0x0059f880 filetype JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 500x281, frames 3 sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x000016d1
name ZIP language LANG_CHINESE offset 0x0059f880 filetype JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 500x281, frames 3 sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x000016d1
name ZIP language LANG_CHINESE offset 0x0059f880 filetype JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 500x281, frames 3 sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x000016d1
name ZIP language LANG_CHINESE offset 0x0059f880 filetype JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 500x281, frames 3 sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x000016d1
name ZIP language LANG_CHINESE offset 0x0059f880 filetype JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 500x281, frames 3 sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x000016d1
name ZIP language LANG_CHINESE offset 0x0059f880 filetype JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 500x281, frames 3 sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x000016d1
name ZIP language LANG_CHINESE offset 0x0059f880 filetype JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 500x281, frames 3 sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x000016d1
name ZIP language LANG_CHINESE offset 0x0059f880 filetype JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 500x281, frames 3 sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x000016d1
name ZIP language LANG_CHINESE offset 0x0059f880 filetype JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 500x281, frames 3 sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x000016d1
name RT_CURSOR language LANG_CHINESE offset 0x005a20e0 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000134
name RT_CURSOR language LANG_CHINESE offset 0x005a20e0 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000134
name RT_CURSOR language LANG_CHINESE offset 0x005a20e0 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000134
name RT_CURSOR language LANG_CHINESE offset 0x005a20e0 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000134
name RT_CURSOR language LANG_CHINESE offset 0x005a20e0 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000134
name RT_CURSOR language LANG_CHINESE offset 0x005a20e0 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000134
name RT_CURSOR language LANG_CHINESE offset 0x005a20e0 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000134
name RT_CURSOR language LANG_CHINESE offset 0x005a20e0 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000134
name RT_CURSOR language LANG_CHINESE offset 0x005a20e0 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000134
name RT_CURSOR language LANG_CHINESE offset 0x005a20e0 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000134
Executes one or more WMI queries (1 个事件)
wmi select * from Win32_DiskDrive
Checks adapter addresses which can be used to detect virtual network interfaces (1 个事件)
Time & API Arguments Status Return Repeated
1620964862.59625
GetAdaptersAddresses
flags: 0
family: 0
failed 111 0
The binary likely contains encrypted or compressed data indicative of a packer (2 个事件)
entropy 7.872242999418173 section {'size_of_data': '0x003c8c00', 'virtual_address': '0x001e7000', 'entropy': 7.872242999418173, 'name': '.rsrc', 'virtual_size': '0x003c8bc4'} description A section with a high entropy has been found
entropy 0.6595183388647775 description Overall entropy of this PE file is high
Repeatedly searches for a not-found process, you may want to run a web browser during analysis (50 out of 162 个事件)
Time & API Arguments Status Return Repeated
1620964868.90825
Process32NextW
process_name: WmiPrvSE.exe
snapshot_handle: 0x00000480
process_identifier: 2196
failed 0 0
1620964868.92425
Process32NextW
process_name: WmiPrvSE.exe
snapshot_handle: 0x00000480
process_identifier: 2196
failed 0 0
1620964868.94025
Process32NextW
process_name: WmiPrvSE.exe
snapshot_handle: 0x00000480
process_identifier: 2196
failed 0 0
1620964868.95525
Process32NextW
process_name: WmiPrvSE.exe
snapshot_handle: 0x00000480
process_identifier: 2196
failed 0 0
1620964868.95525
Process32NextW
process_name: WmiPrvSE.exe
snapshot_handle: 0x00000480
process_identifier: 2196
failed 0 0
1620964868.97125
Process32NextW
process_name: WmiPrvSE.exe
snapshot_handle: 0x00000480
process_identifier: 2196
failed 0 0
1620964869.89325
Process32NextW
process_name: WmiPrvSE.exe
snapshot_handle: 0x00000480
process_identifier: 2196
failed 0 0
1620964869.90825
Process32NextW
process_name: WmiPrvSE.exe
snapshot_handle: 0x00000480
process_identifier: 2196
failed 0 0
1620964869.92425
Process32NextW
process_name: WmiPrvSE.exe
snapshot_handle: 0x00000480
process_identifier: 2196
failed 0 0
1620964869.92425
Process32NextW
process_name: WmiPrvSE.exe
snapshot_handle: 0x00000480
process_identifier: 2196
failed 0 0
1620964869.92425
Process32NextW
process_name: WmiPrvSE.exe
snapshot_handle: 0x00000480
process_identifier: 2196
failed 0 0
1620964869.94025
Process32NextW
process_name: WmiPrvSE.exe
snapshot_handle: 0x00000480
process_identifier: 2196
failed 0 0
1620964869.95525
Process32NextW
process_name: WmiPrvSE.exe
snapshot_handle: 0x00000480
process_identifier: 2196
failed 0 0
1620964869.97125
Process32NextW
process_name: WmiPrvSE.exe
snapshot_handle: 0x00000480
process_identifier: 2196
failed 0 0
1620964869.98725
Process32NextW
process_name: WmiPrvSE.exe
snapshot_handle: 0x00000480
process_identifier: 2196
failed 0 0
1620964870.00225
Process32NextW
process_name: WmiPrvSE.exe
snapshot_handle: 0x00000480
process_identifier: 2196
failed 0 0
1620964870.01825
Process32NextW
process_name: WmiPrvSE.exe
snapshot_handle: 0x00000480
process_identifier: 2196
failed 0 0
1620964870.03325
Process32NextW
process_name: WmiPrvSE.exe
snapshot_handle: 0x00000480
process_identifier: 2196
failed 0 0
1620964870.04925
Process32NextW
process_name: WmiPrvSE.exe
snapshot_handle: 0x00000480
process_identifier: 2196
failed 0 0
1620964870.06525
Process32NextW
process_name: WmiPrvSE.exe
snapshot_handle: 0x00000480
process_identifier: 2196
failed 0 0
1620964870.08025
Process32NextW
process_name: WmiPrvSE.exe
snapshot_handle: 0x00000480
process_identifier: 2196
failed 0 0
1620964870.09625
Process32NextW
process_name: WmiPrvSE.exe
snapshot_handle: 0x00000480
process_identifier: 2196
failed 0 0
1620964870.11225
Process32NextW
process_name: WmiPrvSE.exe
snapshot_handle: 0x00000480
process_identifier: 2196
failed 0 0
1620964870.12725
Process32NextW
process_name: WmiPrvSE.exe
snapshot_handle: 0x00000480
process_identifier: 2196
failed 0 0
1620964870.14325
Process32NextW
process_name: WmiPrvSE.exe
snapshot_handle: 0x00000480
process_identifier: 2196
failed 0 0
1620964870.15825
Process32NextW
process_name: WmiPrvSE.exe
snapshot_handle: 0x00000480
process_identifier: 2196
failed 0 0
1620964870.17425
Process32NextW
process_name: WmiPrvSE.exe
snapshot_handle: 0x00000480
process_identifier: 2196
failed 0 0
1620964870.20525
Process32NextW
process_name: WmiPrvSE.exe
snapshot_handle: 0x00000480
process_identifier: 2196
failed 0 0
1620964870.20525
Process32NextW
process_name: WmiPrvSE.exe
snapshot_handle: 0x00000480
process_identifier: 2196
failed 0 0
1620964870.23725
Process32NextW
process_name: WmiPrvSE.exe
snapshot_handle: 0x00000480
process_identifier: 2196
failed 0 0
1620964870.25225
Process32NextW
process_name: WmiPrvSE.exe
snapshot_handle: 0x00000480
process_identifier: 2196
failed 0 0
1620964870.26825
Process32NextW
process_name: WmiPrvSE.exe
snapshot_handle: 0x00000480
process_identifier: 2196
failed 0 0
1620964870.34625
Process32NextW
process_name: WmiPrvSE.exe
snapshot_handle: 0x00000480
process_identifier: 2196
failed 0 0
1620964870.36225
Process32NextW
process_name: WmiPrvSE.exe
snapshot_handle: 0x00000480
process_identifier: 2196
failed 0 0
1620964870.37725
Process32NextW
process_name: WmiPrvSE.exe
snapshot_handle: 0x00000480
process_identifier: 2196
failed 0 0
1620964870.39325
Process32NextW
process_name: WmiPrvSE.exe
snapshot_handle: 0x00000480
process_identifier: 2196
failed 0 0
1620964870.40825
Process32NextW
process_name: WmiPrvSE.exe
snapshot_handle: 0x00000480
process_identifier: 2196
failed 0 0
1620964870.42425
Process32NextW
process_name: WmiPrvSE.exe
snapshot_handle: 0x00000480
process_identifier: 2196
failed 0 0
1620964870.44025
Process32NextW
process_name: WmiPrvSE.exe
snapshot_handle: 0x00000480
process_identifier: 2196
failed 0 0
1620964870.47125
Process32NextW
process_name: WmiPrvSE.exe
snapshot_handle: 0x00000480
process_identifier: 2196
failed 0 0
1620964870.48725
Process32NextW
process_name: WmiPrvSE.exe
snapshot_handle: 0x00000480
process_identifier: 2196
failed 0 0
1620964870.50225
Process32NextW
process_name: WmiPrvSE.exe
snapshot_handle: 0x00000480
process_identifier: 2196
failed 0 0
1620964870.51825
Process32NextW
process_name: WmiPrvSE.exe
snapshot_handle: 0x00000480
process_identifier: 2196
failed 0 0
1620964870.53325
Process32NextW
process_name: WmiPrvSE.exe
snapshot_handle: 0x00000480
process_identifier: 2196
failed 0 0
1620964870.54925
Process32NextW
process_name: WmiPrvSE.exe
snapshot_handle: 0x00000480
process_identifier: 2196
failed 0 0
1620964870.58025
Process32NextW
process_name: WmiPrvSE.exe
snapshot_handle: 0x00000480
process_identifier: 2196
failed 0 0
1620964870.59625
Process32NextW
process_name: WmiPrvSE.exe
snapshot_handle: 0x00000480
process_identifier: 2196
failed 0 0
1620964870.59625
Process32NextW
process_name: WmiPrvSE.exe
snapshot_handle: 0x00000480
process_identifier: 2196
failed 0 0
1620964870.61225
Process32NextW
process_name: WmiPrvSE.exe
snapshot_handle: 0x00000480
process_identifier: 2196
failed 0 0
1620964870.64325
Process32NextW
process_name: WmiPrvSE.exe
snapshot_handle: 0x00000480
process_identifier: 2196
failed 0 0
Queries for potentially installed applications (30 个事件)
Time & API Arguments Status Return Repeated
1620964868.89325
RegOpenKeyExW
access: 0x00000101
base_handle: 0x80000002
key_handle: 0x00000000
regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\k52zip
regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\k52zip
options: 0
failed 2 0
1620964868.89325
RegOpenKeyExW
access: 0x00000001
base_handle: 0x80000002
key_handle: 0x00000000
regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\k52zip
regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\k52zip
options: 0
failed 2 0
1620964868.89325
RegOpenKeyExW
access: 0x00000101
base_handle: 0x80000001
key_handle: 0x00000000
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\k52zip
regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\k52zip
options: 0
failed 2 0
1620964868.89325
RegOpenKeyExW
access: 0x00000001
base_handle: 0x80000001
key_handle: 0x00000000
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\k52zip
regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\k52zip
options: 0
failed 2 0
1620964868.89325
RegOpenKeyExW
access: 0x00000101
base_handle: 0x80000001
key_handle: 0x00000000
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\k52zip
regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\k52zip
options: 0
failed 2 0
1620964869.87725
RegOpenKeyExW
access: 0x00000101
base_handle: 0x80000002
key_handle: 0x00000000
regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\2345Explorer
regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\2345Explorer
options: 0
failed 2 0
1620964869.87725
RegOpenKeyExW
access: 0x00000001
base_handle: 0x80000002
key_handle: 0x00000000
regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\2345Explorer
regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\2345Explorer
options: 0
failed 2 0
1620964869.87725
RegOpenKeyExW
access: 0x00000101
base_handle: 0x80000001
key_handle: 0x00000000
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\2345Explorer
regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\2345Explorer
options: 0
failed 2 0
1620964869.87725
RegOpenKeyExW
access: 0x00000001
base_handle: 0x80000001
key_handle: 0x00000000
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\2345Explorer
regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\2345Explorer
options: 0
failed 2 0
1620964871.50225
RegOpenKeyExW
access: 0x00000101
base_handle: 0x80000002
key_handle: 0x00000000
regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\LDSGameMaster
regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\LDSGameMaster
options: 0
failed 2 0
1620964871.50225
RegOpenKeyExW
access: 0x00000001
base_handle: 0x80000002
key_handle: 0x00000000
regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\LDSGameMaster
regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\LDSGameMaster
options: 0
failed 2 0
1620964871.50225
RegOpenKeyExW
access: 0x00000101
base_handle: 0x80000001
key_handle: 0x00000000
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\LDSGameMaster
regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\LDSGameMaster
options: 0
failed 2 0
1620964871.50225
RegOpenKeyExW
access: 0x00000001
base_handle: 0x80000001
key_handle: 0x00000000
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\LDSGameMaster
regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\LDSGameMaster
options: 0
failed 2 0
1620964872.01825
RegOpenKeyExW
access: 0x00000101
base_handle: 0x80000002
key_handle: 0x00000000
regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\EasyNotebook
regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\EasyNotebook
options: 0
failed 2 0
1620964872.01825
RegOpenKeyExW
access: 0x00000001
base_handle: 0x80000002
key_handle: 0x00000000
regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\EasyNotebook
regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\EasyNotebook
options: 0
failed 2 0
1620964872.01825
RegOpenKeyExW
access: 0x00000101
base_handle: 0x80000001
key_handle: 0x00000000
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\EasyNotebook
regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\EasyNotebook
options: 0
failed 2 0
1620964872.01825
RegOpenKeyExW
access: 0x00000001
base_handle: 0x80000001
key_handle: 0x00000000
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\EasyNotebook
regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\EasyNotebook
options: 0
failed 2 0
1620964873.44025
RegOpenKeyExW
access: 0x00000101
base_handle: 0x80000002
key_handle: 0x00000000
regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Rubik Picture
regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\Rubik Picture
options: 0
failed 2 0
1620964873.44025
RegOpenKeyExW
access: 0x00000001
base_handle: 0x80000002
key_handle: 0x00000000
regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Rubik Picture
regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\Rubik Picture
options: 0
failed 2 0
1620964873.44025
RegOpenKeyExW
access: 0x00000101
base_handle: 0x80000001
key_handle: 0x00000000
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Rubik Picture
regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\Rubik Picture
options: 0
failed 2 0
1620964873.44025
RegOpenKeyExW
access: 0x00000001
base_handle: 0x80000001
key_handle: 0x00000000
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Rubik Picture
regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\Rubik Picture
options: 0
failed 2 0
1620964873.44025
RegOpenKeyExW
access: 0x00000101
base_handle: 0x80000002
key_handle: 0x00000000
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Rubik Picture
regkey_r: SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Rubik Picture
options: 0
failed 2 0
1620964873.89325
RegOpenKeyExW
access: 0x00000101
base_handle: 0x80000002
key_handle: 0x00000000
regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\焦糖壁纸
regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\焦糖壁纸
options: 0
failed 2 0
1620964873.90825
RegOpenKeyExW
access: 0x00000001
base_handle: 0x80000002
key_handle: 0x00000000
regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\焦糖壁纸
regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\焦糖壁纸
options: 0
failed 2 0
1620964873.90825
RegOpenKeyExW
access: 0x00000101
base_handle: 0x80000001
key_handle: 0x00000000
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\焦糖壁纸
regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\焦糖壁纸
options: 0
failed 2 0
1620964873.90825
RegOpenKeyExW
access: 0x00000001
base_handle: 0x80000001
key_handle: 0x00000000
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\焦糖壁纸
regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\焦糖壁纸
options: 0
failed 2 0
1620964874.26825
RegOpenKeyExW
access: 0x00000101
base_handle: 0x80000002
key_handle: 0x00000000
regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\PPStream
regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\PPStream
options: 0
failed 2 0
1620964874.26825
RegOpenKeyExW
access: 0x00000001
base_handle: 0x80000002
key_handle: 0x00000000
regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\PPStream
regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\PPStream
options: 0
failed 2 0
1620964874.26825
RegOpenKeyExW
access: 0x00000101
base_handle: 0x80000001
key_handle: 0x00000000
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\PPStream
regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\PPStream
options: 0
failed 2 0
1620964874.26825
RegOpenKeyExW
access: 0x00000001
base_handle: 0x80000001
key_handle: 0x00000000
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\PPStream
regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\PPStream
options: 0
failed 2 0
网络通信
Communicates with host for which no DNS query was performed (1 个事件)
host 172.217.24.14
Sets or modifies WPAD proxy autoconfiguration file for traffic interception (15 个事件)
Time & API Arguments Status Return Repeated
1620964865.15825
RegSetValueExA
key_handle: 0x00000440
value: 1
regkey_r: WpadDecisionReason
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionReason
success 0 0
1620964865.15825
RegSetValueExA
key_handle: 0x00000440
value: `êC4bH×
regkey_r: WpadDecisionTime
reg_type: 3 (REG_BINARY)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionTime
success 0 0
1620964865.15825
RegSetValueExA
key_handle: 0x00000440
value: 3
regkey_r: WpadDecision
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecision
success 0 0
1620964865.15825
RegSetValueExW
key_handle: 0x00000440
value: 网络 2
regkey_r: WpadNetworkName
reg_type: 1 (REG_SZ)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadNetworkName
success 0 0
1620964865.15825
RegSetValueExA
key_handle: 0x00000458
value: 1
regkey_r: WpadDecisionReason
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionReason
success 0 0
1620964865.15825
RegSetValueExA
key_handle: 0x00000458
value: `êC4bH×
regkey_r: WpadDecisionTime
reg_type: 3 (REG_BINARY)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionTime
success 0 0
1620964865.15825
RegSetValueExA
key_handle: 0x00000458
value: 3
regkey_r: WpadDecision
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecision
success 0 0
1620964865.20525
RegSetValueExW
key_handle: 0x0000043c
value: {40112ABE-63B3-43C3-BE93-1440EE3AF106}
regkey_r: WpadLastNetwork
reg_type: 1 (REG_SZ)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\WpadLastNetwork
success 0 0
1620964866.09625
RegSetValueExA
key_handle: 0x000004a4
value: 1
regkey_r: WpadDecisionReason
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionReason
success 0 0
1620964866.09625
RegSetValueExA
key_handle: 0x000004a4
value: šÐ4bH×
regkey_r: WpadDecisionTime
reg_type: 3 (REG_BINARY)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionTime
success 0 0
1620964866.09625
RegSetValueExA
key_handle: 0x000004a4
value: 0
regkey_r: WpadDecision
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecision
success 0 0
1620964866.09625
RegSetValueExW
key_handle: 0x000004a4
value: 网络 2
regkey_r: WpadNetworkName
reg_type: 1 (REG_SZ)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadNetworkName
success 0 0
1620964866.09625
RegSetValueExA
key_handle: 0x000004a8
value: 1
regkey_r: WpadDecisionReason
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionReason
success 0 0
1620964866.09625
RegSetValueExA
key_handle: 0x000004a8
value: šÐ4bH×
regkey_r: WpadDecisionTime
reg_type: 3 (REG_BINARY)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionTime
success 0 0
1620964866.09625
RegSetValueExA
key_handle: 0x000004a8
value: 0
regkey_r: WpadDecision
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecision
success 0 0
Network activity contains more than one unique useragent (4 个事件)
process 701c7def65175d6188788b5ee067419a.exe useragent
process 701c7def65175d6188788b5ee067419a.exe useragent 701c7def65175d6188788b5ee067419a
process 701c7def65175d6188788b5ee067419a.exe useragent Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
process 701c7def65175d6188788b5ee067419a.exe useragent Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
Generates some ICMP traffic
File has been identified by 46 AntiVirus engines on VirusTotal as malicious (46 个事件)
MicroWorld-eScan Trojan.GenericKD.41850269
FireEye Generic.mg.701c7def65175d61
CAT-QuickHeal PUA.YouxunRI.S8079995
McAfee GenericRXIT-PJ!701C7DEF6517
Malwarebytes Trojan.Downloader
K7AntiVirus Riskware ( 0050b7ec1 )
Alibaba RiskWare:Win32/YouXun.b266df49
K7GW Riskware ( 0050b7ec1 )
Arcabit Trojan.Generic.D27E959D
Invincea heuristic
Cyren W32/S-a2655cb3!Eldorado
Symantec ML.Attribute.HighConfidence
APEX Malicious
Kaspersky not-a-virus:HEUR:Downloader.Win32.YXdown.pef
BitDefender Trojan.GenericKD.41850269
Avast Win32:Malware-gen
Rising Adware.Downloader!1.B962 (CLASSIC)
Ad-Aware Trojan.GenericKD.41850269
Emsisoft Trojan.GenericKD.41850269 (B)
F-Secure PrivacyRisk.SPR/GameTool.Gen8
DrWeb Program.DownLoader.9
VIPRE Trojan.Win32.Generic!BT
McAfee-GW-Edition BehavesLike.Win32.AdwareElex.tc
Sophos YouXun (PUA)
SentinelOne DFI - Malicious PE
F-Prot W32/S-a2655cb3!Eldorado
Jiangmin Downloader.YXdown.aw
Avira SPR/GameTool.Gen8
MAX malware (ai score=86)
Microsoft Trojan:Win32/Wacatac.B!ml
Endgame malicious (high confidence)
ZoneAlarm not-a-virus:HEUR:Downloader.Win32.YXdown.pef
GData Trojan.GenericKD.41850269
AhnLab-V3 Malware/Win32.Generic.C3276543
Acronis suspicious
ALYac Trojan.GenericKD.41850269
VBA32 Downloader.YXdown
ESET-NOD32 a variant of Win32/RiskWare.YouXun.H
Ikarus PUA.YouXun
eGambit Unsafe.AI_Score_84%
Fortinet W32/GenericKD.41850269!tr
MaxSecure Trojan.Malware.1728101.susgen
AVG Win32:Malware-gen
Panda Trj/Genetic.gen
CrowdStrike win/malicious_confidence_60% (D)
Qihoo-360 Win32/Virus.Downloader.b00
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

2019-09-26 18:39:48

Imports

Library WININET.dll:
0x58f700 InternetWriteFile
0x58f710 InternetOpenUrlW
0x58f724 InternetConnectW
0x58f728 InternetReadFile
0x58f72c InternetCrackUrlW
0x58f730 InternetOpenW
0x58f73c HttpSendRequestW
0x58f744 InternetCloseHandle
0x58f748 HttpOpenRequestW
0x58f74c HttpQueryInfoW
Library VERSION.dll:
0x58f6f0 VerQueryValueW
0x58f6f8 GetFileVersionInfoW
Library PSAPI.DLL:
0x58f46c GetModuleBaseNameW
0x58f470 EnumProcessModules
0x58f478 EnumProcesses
Library KERNEL32.dll:
0x58f0fc GetTempPathA
0x58f100 LocalFree
0x58f104 GetSystemTime
0x58f108 AreFileApisANSI
0x58f10c DeleteFileA
0x58f118 IsBadWritePtr
0x58f11c SetFileTime
0x58f12c GetLocalTime
0x58f130 MoveFileW
0x58f134 GetCurrentProcess
0x58f138 VirtualFree
0x58f13c IsBadReadPtr
0x58f140 VirtualAlloc
0x58f144 VirtualProtect
0x58f148 ResumeThread
0x58f14c SetEvent
0x58f150 CreateEventW
0x58f154 ExitThread
0x58f158 GetStdHandle
0x58f15c ReleaseSemaphore
0x58f160 CreateSemaphoreW
0x58f164 SetLastError
0x58f16c LocalAlloc
0x58f170 GetThreadLocale
0x58f174 DuplicateHandle
0x58f17c MulDiv
0x58f180 GetSystemInfo
0x58f184 InterlockedExchange
0x58f188 CompareStringA
0x58f18c GetLocaleInfoW
0x58f198 GetCurrentThread
0x58f19c GlobalDeleteAtom
0x58f1a0 GlobalAddAtomW
0x58f1a4 GetModuleHandleA
0x58f1a8 CompareStringW
0x58f1ac GlobalFindAtomW
0x58f1b0 TlsGetValue
0x58f1b4 GlobalReAlloc
0x58f1b8 GlobalHandle
0x58f1bc TlsAlloc
0x58f1c0 TlsSetValue
0x58f1c4 LocalReAlloc
0x58f1c8 TlsFree
0x58f1cc GetFileSizeEx
0x58f1d0 GetFileTime
0x58f1d4 GlobalFlags
0x58f1e0 IsDebuggerPresent
0x58f1e4 GetConsoleCP
0x58f1e8 GetConsoleMode
0x58f1ec GetFileType
0x58f1f0 SetStdHandle
0x58f1f4 RtlUnwind
0x58f1f8 RaiseException
0x58f1fc ExitProcess
0x58f200 VirtualQuery
0x58f204 GetModuleFileNameA
0x58f210 GetCommandLineW
0x58f214 SetHandleCount
0x58f218 GetStartupInfoA
0x58f21c GetCPInfo
0x58f220 GetACP
0x58f224 GetOEMCP
0x58f228 IsValidCodePage
0x58f22c LCMapStringW
0x58f234 LCMapStringA
0x58f238 WriteConsoleA
0x58f23c GetConsoleOutputCP
0x58f240 WriteConsoleW
0x58f248 GetStringTypeA
0x58f24c GetCurrentProcessId
0x58f250 GetTimeFormatA
0x58f254 GetDateFormatA
0x58f258 GetUserDefaultLCID
0x58f25c GetLocaleInfoA
0x58f260 EnumSystemLocalesA
0x58f264 IsValidLocale
0x58f26c GetDriveTypeA
0x58f274 GetDiskFreeSpaceA
0x58f278 CreateFileMappingW
0x58f27c CreateFileMappingA
0x58f280 GetDiskFreeSpaceW
0x58f288 LockFileEx
0x58f28c HeapSize
0x58f290 FlushFileBuffers
0x58f294 ReadFile
0x58f298 HeapValidate
0x58f29c HeapCreate
0x58f2a0 GetFileAttributesA
0x58f2a8 HeapDestroy
0x58f2ac FormatMessageW
0x58f2b4 FormatMessageA
0x58f2b8 GetProcessHeap
0x58f2bc UnlockFileEx
0x58f2c4 LockFile
0x58f2c8 FlushViewOfFile
0x58f2cc UnlockFile
0x58f2d4 HeapFree
0x58f2e0 HeapAlloc
0x58f2e4 SetEndOfFile
0x58f2e8 UnmapViewOfFile
0x58f2ec MapViewOfFile
0x58f2f4 SetFilePointer
0x58f2f8 HeapCompact
0x58f2fc CreateFileA
0x58f300 HeapReAlloc
0x58f304 GetFullPathNameA
0x58f308 GetFullPathNameW
0x58f30c FindNextFileW
0x58f310 CreatePipe
0x58f314 GetStartupInfoW
0x58f318 GetExitCodeProcess
0x58f31c CreateProcessW
0x58f320 SetErrorMode
0x58f324 TerminateProcess
0x58f328 OpenProcess
0x58f32c GetTickCount
0x58f330 GetFileSize
0x58f334 GetShortPathNameW
0x58f338 FindClose
0x58f33c GetVersionExW
0x58f340 FindFirstFileW
0x58f344 RemoveDirectoryW
0x58f348 LoadLibraryW
0x58f34c FreeResource
0x58f350 CreateThread
0x58f358 LoadLibraryA
0x58f35c GetTempPathW
0x58f360 OutputDebugStringW
0x58f364 FreeLibrary
0x58f368 lstrcmpW
0x58f36c CreateMutexW
0x58f370 GlobalFree
0x58f374 GlobalUnlock
0x58f378 GlobalAlloc
0x58f37c GlobalLock
0x58f384 Process32NextW
0x58f388 Process32FirstW
0x58f38c GetModuleFileNameW
0x58f390 WaitForSingleObject
0x58f398 WriteFile
0x58f39c DeleteFileW
0x58f3a0 CloseHandle
0x58f3a4 CreateFileW
0x58f3a8 LockResource
0x58f3ac GetProcAddress
0x58f3b0 GetLastError
0x58f3b4 CreateDirectoryA
0x58f3bc lstrlenW
0x58f3c0 MultiByteToWideChar
0x58f3c4 SizeofResource
0x58f3c8 CopyFileW
0x58f3cc Sleep
0x58f3d0 WideCharToMultiByte
0x58f3d4 GetSystemDirectoryW
0x58f3dc GetModuleHandleW
0x58f3e0 CreateDirectoryW
0x58f3e4 LoadResource
0x58f3e8 FindResourceW
0x58f3ec lstrlenA
0x58f3f0 SetFileAttributesW
0x58f3f4 GetFileAttributesW
0x58f3fc GetVersionExA
0x58f400 OutputDebugStringA
0x58f404 GetCurrentThreadId
0x58f40c GetStringTypeW
0x58f414 lstrcmpA
Library USER32.dll:
0x58f4d0 SetWindowTextW
0x58f4d4 IsDialogMessageW
0x58f4dc SendDlgItemMessageW
0x58f4e0 SendDlgItemMessageA
0x58f4e4 WinHelpW
0x58f4e8 IsChild
0x58f4ec GetCapture
0x58f4f0 GetClassLongW
0x58f4f4 GetClassNameW
0x58f4f8 SetPropW
0x58f4fc GetPropW
0x58f500 RemovePropW
0x58f504 GetWindowTextW
0x58f508 GetForegroundWindow
0x58f50c GetTopWindow
0x58f510 GetMessageTime
0x58f514 GetMessagePos
0x58f518 MapWindowPoints
0x58f51c SetMenu
0x58f520 SetForegroundWindow
0x58f524 UpdateWindow
0x58f528 CreateWindowExW
0x58f52c GetClassInfoExW
0x58f530 GetClassInfoW
0x58f534 RegisterClassW
0x58f538 AdjustWindowRectEx
0x58f53c EqualRect
0x58f540 GetDlgCtrlID
0x58f544 GetMenu
0x58f548 OffsetRect
0x58f54c IntersectRect
0x58f554 IsIconic
0x58f558 GetWindowPlacement
0x58f55c DestroyMenu
0x58f560 UnhookWindowsHookEx
0x58f564 GetSysColor
0x58f568 EndPaint
0x58f56c GetWindowDC
0x58f570 ClientToScreen
0x58f574 GrayStringW
0x58f578 DrawTextExW
0x58f57c DrawTextW
0x58f580 TabbedTextOutW
0x58f584 SetActiveWindow
0x58f58c DestroyWindow
0x58f590 GetDlgItem
0x58f594 GetNextDlgTabItem
0x58f598 EndDialog
0x58f59c CallNextHookEx
0x58f5a0 GetMessageW
0x58f5a4 GetActiveWindow
0x58f5a8 IsWindowVisible
0x58f5ac GetKeyState
0x58f5b0 ValidateRect
0x58f5b4 GetWindow
0x58f5bc MapDialogRect
0x58f5c0 GetLastActivePopup
0x58f5c4 IsWindowEnabled
0x58f5c8 PostQuitMessage
0x58f5cc SetMenuItemBitmaps
0x58f5d4 LoadBitmapW
0x58f5d8 GetFocus
0x58f5dc GetParent
0x58f5e0 CheckMenuItem
0x58f5e4 GetMenuState
0x58f5e8 GetMenuItemID
0x58f5ec GetMenuItemCount
0x58f5f0 CharUpperW
0x58f5f4 SetRectEmpty
0x58f5f8 CopyRect
0x58f5fc IsRectEmpty
0x58f600 SetCapture
0x58f604 SetFocus
0x58f608 ReleaseCapture
0x58f60c CallWindowProcW
0x58f610 DefWindowProcW
0x58f618 GetDesktopWindow
0x58f61c TrackPopupMenu
0x58f620 GetSubMenu
0x58f624 DeleteMenu
0x58f628 LoadMenuW
0x58f62c SetMenuItemInfoW
0x58f630 GetWindowRect
0x58f634 GetDC
0x58f638 GetWindowLongW
0x58f63c PostThreadMessageW
0x58f644 ReleaseDC
0x58f648 SetWindowLongW
0x58f64c SetWindowPos
0x58f650 UnregisterClassW
0x58f654 MessageBeep
0x58f658 GetNextDlgGroupItem
0x58f65c InvalidateRgn
0x58f664 SetRect
0x58f668 BeginPaint
0x58f66c TranslateMessage
0x58f670 PeekMessageW
0x58f674 DispatchMessageW
0x58f678 wsprintfW
0x58f67c SetCursor
0x58f680 GetSystemMenu
0x58f684 SetTimer
0x58f688 ScreenToClient
0x58f68c PostMessageW
0x58f690 KillTimer
0x58f694 LoadCursorW
0x58f698 GetClientRect
0x58f69c PtInRect
0x58f6a0 LoadIconW
0x58f6a4 InvalidateRect
0x58f6a8 AppendMenuW
0x58f6b0 EnableMenuItem
0x58f6b4 GetCursorPos
0x58f6b8 ShowWindow
0x58f6bc IsWindow
0x58f6c0 GetSystemMetrics
0x58f6c4 CloseWindow
0x58f6c8 SendMessageW
0x58f6cc EnableWindow
0x58f6d0 SendMessageTimeoutW
0x58f6d4 MessageBoxW
0x58f6d8 GetSysColorBrush
0x58f6dc CharNextW
0x58f6e0 SetWindowsHookExW
0x58f6e4 MoveWindow
0x58f6e8 ModifyMenuW
Library GDI32.dll:
0x58f054 GetStockObject
0x58f058 GetTextColor
0x58f05c ExtSelectClipRgn
0x58f060 GetMapMode
0x58f064 GetRgnBox
0x58f068 GetBkColor
0x58f06c Escape
0x58f070 ExtTextOutW
0x58f074 TextOutW
0x58f078 RectVisible
0x58f07c PtVisible
0x58f080 ScaleWindowExtEx
0x58f084 SetBkColor
0x58f088 RestoreDC
0x58f08c SaveDC
0x58f090 CreateBitmap
0x58f094 SetWindowExtEx
0x58f098 ScaleViewportExtEx
0x58f09c GetDeviceCaps
0x58f0a0 DeleteDC
0x58f0a4 SetViewportExtEx
0x58f0a8 OffsetViewportOrgEx
0x58f0ac DeleteObject
0x58f0b0 SelectObject
0x58f0b4 BitBlt
0x58f0b8 CreateCompatibleDC
0x58f0c4 GetWindowExtEx
0x58f0c8 GetViewportExtEx
0x58f0cc GetObjectW
0x58f0d0 GetClipBox
0x58f0d4 SetMapMode
0x58f0d8 SetTextColor
0x58f0dc SetViewportOrgEx
Library COMDLG32.dll:
0x58f04c GetFileTitleW
Library WINSPOOL.DRV:
0x58f758 ClosePrinter
0x58f75c OpenPrinterW
0x58f760 DocumentPropertiesW
Library ADVAPI32.dll:
0x58f000 RegQueryValueExW
0x58f004 RegQueryValueW
0x58f008 RegEnumKeyW
0x58f010 GetTokenInformation
0x58f014 RegCreateKeyExW
0x58f018 OpenProcessToken
0x58f01c RegDeleteKeyW
0x58f020 RegEnumValueW
0x58f024 RegDeleteValueW
0x58f028 RegSetValueExW
0x58f02c RegCloseKey
0x58f030 RegOpenKeyExW
0x58f038 RegOpenKeyW
Library SHELL32.dll:
0x58f480 ExtractIconW
0x58f484 ShellExecuteW
0x58f494 SHFileOperationW
0x58f498 ShellExecuteExW
Library COMCTL32.dll:
0x58f044 _TrackMouseEvent
Library SHLWAPI.dll:
0x58f4a0 PathFileExistsW
0x58f4a4 PathIsDirectoryW
0x58f4a8 PathStripPathW
0x58f4ac StrCpyW
0x58f4b4 UrlUnescapeW
0x58f4b8 PathStripToRootW
0x58f4bc PathIsUNCW
0x58f4c0 PathFindExtensionW
0x58f4c4 PathRemoveFileSpecW
0x58f4c8 PathFindFileNameW
Library ole32.dll:
0x58f850 OleFlushClipboard
0x58f858 CoRevokeClassObject
0x58f85c OleInitialize
0x58f860 CoCreateInstance
0x58f864 CoUninitialize
0x58f86c CoInitialize
0x58f870 CoTaskMemFree
0x58f878 CoTaskMemAlloc
0x58f880 CLSIDFromProgID
0x58f884 CLSIDFromString
0x58f888 CoGetClassObject
0x58f898 OleUninitialize
Library OLEAUT32.dll:
0x58f42c SafeArrayDestroy
0x58f438 VariantChangeType
0x58f43c SysStringLen
0x58f440 VariantCopy
0x58f444 SafeArrayGetUBound
0x58f44c SafeArrayAccessData
0x58f450 VariantClear
0x58f454 SafeArrayGetLBound
0x58f458 SysAllocString
0x58f45c SysFreeString
0x58f460 SysAllocStringLen
0x58f464 VariantInit
Library oledlg.dll:
0x58f8a4 OleUIBusyW
Library urlmon.dll:
0x58f8bc URLDownloadToFileW
Library gdiplus.dll:
0x58f7a8 GdipGetImageWidth
0x58f7ac GdipDeleteBrush
0x58f7b0 GdipCloneBrush
0x58f7b4 GdipCreateSolidFill
0x58f7b8 GdipFillRectangleI
0x58f7c0 GdipDeletePen
0x58f7e0 GdipDrawString
0x58f7ec GdipCreatePen1
0x58f7f4 GdipDrawRectangleI
0x58f7fc GdipGetFontStyle
0x58f800 GdipGetFamily
0x58f804 GdipAddPathString
0x58f808 GdipGetFontSize
0x58f80c GdipDeletePath
0x58f810 GdipCreatePath
0x58f814 GdipCreateFont
0x58f81c GdipDeleteFont
0x58f820 GdipGetImageHeight
0x58f824 GdipCloneImage
0x58f828 GdipDisposeImage
0x58f82c GdipAlloc
0x58f834 GdipFree
0x58f838 GdipCreateFromHDC
0x58f83c GdipDeleteGraphics
0x58f840 GdiplusStartup
0x58f844 GdiplusShutdown
Library IPHLPAPI.DLL:
0x58f0e4 IcmpCloseHandle
0x58f0e8 IcmpCreateFile
0x58f0f0 GetAdaptersInfo
0x58f0f4 IcmpSendEcho
Library NETAPI32.dll:
0x58f41c Netbios
Library snmpapi.dll:
0x58f8ac SnmpUtilOidNCmp
0x58f8b0 SnmpUtilOidCpy
0x58f8b4 SnmpUtilVarBindFree

Hosts

No hosts contacted.

TCP

Source Source Port Destination Destination Port
192.168.56.101 49177 101.32.206.74 ggstats.yb.jshhdian.com 80
192.168.56.101 49178 101.32.206.74 ggstats.yb.jshhdian.com 80
192.168.56.101 49179 101.32.206.74 ggstats.yb.jshhdian.com 80
192.168.56.101 49183 101.32.206.74 ggstats.yb.jshhdian.com 80
192.168.56.101 49184 101.32.206.74 ggstats.yb.jshhdian.com 80
192.168.56.101 49185 101.32.206.74 ggstats.yb.jshhdian.com 80
192.168.56.101 49188 111.123.48.219 s13.cnzz.com 443
192.168.56.101 49195 111.123.48.219 s13.cnzz.com 443
192.168.56.101 49180 111.177.11.115 poik.kxyw123.com 80
192.168.56.101 49182 111.177.11.118 poik.kxyw123.com 80
192.168.56.101 49189 111.177.11.118 poik.kxyw123.com 80
192.168.56.101 49190 124.225.167.209 ocsp.globalsign.com 80
192.168.56.101 49191 124.225.167.209 ocsp.globalsign.com 80
192.168.56.101 49194 203.119.128.195 z7.cnzz.com 443
192.168.56.101 49181 5.135.158.234 eoud.dgygpx.com 80

UDP

Source Source Port Destination Destination Port
192.168.56.101 50002 114.114.114.114 53
192.168.56.101 50568 114.114.114.114 53
192.168.56.101 51378 114.114.114.114 53
192.168.56.101 53210 114.114.114.114 53
192.168.56.101 53380 114.114.114.114 53
192.168.56.101 53500 114.114.114.114 53
192.168.56.101 54178 114.114.114.114 53
192.168.56.101 54260 114.114.114.114 53
192.168.56.101 54991 114.114.114.114 53
192.168.56.101 56743 114.114.114.114 53
192.168.56.101 57236 114.114.114.114 53
192.168.56.101 57756 114.114.114.114 53
192.168.56.101 58070 114.114.114.114 53
192.168.56.101 58367 114.114.114.114 53
192.168.56.101 58970 114.114.114.114 53
192.168.56.101 60088 114.114.114.114 53
192.168.56.101 60221 114.114.114.114 53
192.168.56.101 61680 114.114.114.114 53
192.168.56.101 62318 114.114.114.114 53
192.168.56.101 62912 114.114.114.114 53

HTTP & HTTPS Requests

URI Data
http://ymte.sgdebao.com/yxh/navico/jdmiaos.ico 
GET /yxh/navico/jdmiaos.ico HTTP/1.1
User-Agent: 701c7def65175d6188788b5ee067419a
Host: ymte.sgdebao.com
Connection: Keep-Alive
http://api.pcsoft.70gj.cn/cgi/PCSoftInfo.ashx/pcsoft/countdo?sc===RO4RkO2lENzZUNAVXcqSoKxF0YlG3ct63ewSXQlmXcwKoanFUQlmnKANHSOSYS7mGeaeVU1OnbOSYRF2FeoSVUA53d 
GET /cgi/PCSoftInfo.ashx/pcsoft/countdo?sc===RO4RkO2lENzZUNAVXcqSoKxF0YlG3ct63ewSXQlmXcwKoanFUQlmnKANHSOSYS7mGeaeVU1OnbOSYRF2FeoSVUA53d HTTP/1.1
Accept: *,*/*
Accept-Language: zh-cn
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
Host: api.pcsoft.70gj.cn
Cache-Control: no-cache
http://ymte.sgdebao.com/yxh/navico/jd.ico 
GET /yxh/navico/jd.ico HTTP/1.1
User-Agent: 701c7def65175d6188788b5ee067419a
Host: ymte.sgdebao.com
Connection: Keep-Alive
http://ocsp.globalsign.com/rootr1/MEwwSjBIMEYwRDAJBgUrDgMCGgUABBS3V7W2nAf4FiMTjpDJKg6%2BMgGqMQQUYHtmGkUNl8qJUC99BM00qP%2F8%2FUsCCwQAAAAAAURO8EJH 
GET /rootr1/MEwwSjBIMEYwRDAJBgUrDgMCGgUABBS3V7W2nAf4FiMTjpDJKg6%2BMgGqMQQUYHtmGkUNl8qJUC99BM00qP%2F8%2FUsCCwQAAAAAAURO8EJH HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.globalsign.com
http://eoud.dgygpx.com/yxh/img/aqi.png 
GET /yxh/img/aqi.png HTTP/1.1
Content-Type: application/x-www-form-urlencoded
Host: eoud.dgygpx.com
Connection: Keep-Alive
Cache-Control: no-cache
http://ggstats.yb.jshhdian.com/http://ggstats.yb.jshhdian.com/pinforesults.do?sc=%3DFUQmS3ck6XanBUNgSXZwync4AHaA13cza3ZnRXZwync4AHaA13czanKyFUQ16XewOnK4BUMyNXMnCUM4JUMxBUM5BUQkGXcnFUQlm3d 
GET http://ggstats.yb.jshhdian.com/pinforesults.do?sc=%3DFUQmS3ck6XanBUNgSXZwync4AHaA13cza3ZnRXZwync4AHaA13czanKyFUQ16XewOnK4BUMyNXMnCUM4JUMxBUM5BUQkGXcnFUQlm3d HTTP/1.1
Host: ggstats.yb.jshhdian.com
Accept: */*
User-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.31 (KHTML, like Gecko) Chrome/26.0.1410.64 Safari/537.31
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
http://ymte.sgdebao.com/yxh/navico/toutiao.png 
GET /yxh/navico/toutiao.png HTTP/1.1
User-Agent: 701c7def65175d6188788b5ee067419a
Host: ymte.sgdebao.com
Connection: Keep-Alive
http://ymte.sgdebao.com/yxh/navico/temai.png 
GET /yxh/navico/temai.png HTTP/1.1
User-Agent: 701c7def65175d6188788b5ee067419a
Host: ymte.sgdebao.com
Connection: Keep-Alive
http://eoud.dgygpx.com/Install/image/52kzip.ico 
GET /Install/image/52kzip.ico HTTP/1.1
Content-Type: application/x-www-form-urlencoded
Host: eoud.dgygpx.com
Connection: Keep-Alive
Cache-Control: no-cache
http://api.pcsoft.jshhdian.com/cgi/PCSoftInfo.ashx/pcsoft/getentity?id= 
GET /cgi/PCSoftInfo.ashx/pcsoft/getentity?id= HTTP/1.1
Content-Type: application/x-www-form-urlencoded
Host: api.pcsoft.jshhdian.com
Connection: Keep-Alive
Cache-Control: no-cache

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.