SmartHawk

5.0

中危

57 个模型检测该样本为恶意！

重新分析

下载样本

9227048434aa9c943cce1d581e833a8c514f4e912722df425526673319de7317

736da6e9869923614bceee0aa2041456.exe

分析耗时

78s

最近分析

文件大小

1.2MB

静态报毒动态报毒 100% AGBL AI SCORE=84 AIDETECTVM ANSERIN AVADDONCRYPT CLASSIC COBRA CONFIDENCE DANGEROUSSIG EHLS ELDORADO ENCPK ERLG GDSDA GENERICKD GRAYWARE HDWA HIDC HIGH CONFIDENCE HLFEUS INJECT3 INVALIDSIG KRYPTIK LR1@AONQV5PI MALICIOUS PE MALWARE1 MALWARE@#1GD6ADD2HFYZF NPJVX PINKSBOT QAKBOT QBOT R + MAL R340095 SCORE STATIC AI UNSAFE ZENPAK ZEXAF 更多

未检测暂无鹰眼引擎检测结果

查杀引擎	查杀结果	查杀时间	查杀版本
Alibaba	Ransom:Win32/AvaddonCrypt.854040c7	20190527	0.3.0.5
Avast	Win32:DangerousSig [Trj]	20201210	21.1.5827.0
Tencent	Win32.Trojan.Zenpak.Agbl	20201211	1.0.0.1
Baidu		20190318	1.0.0.2
Kingsoft		20201211	2017.9.26.565
McAfee	W32/PinkSbot-GU!736DA6E98699	20201211	6.0.6.653
CrowdStrike	win/malicious_confidence_100% (W)	20190702	1.0

Queries for the computername (2 个事件)

Time & API	Arguments	Status	Return	Repeated
1619597741.563001 GetComputerNameW	computer_name: OSKAR-PC	success	1	0
1619597752.984374 GetComputerNameW	computer_name: OSKAR-PC	success	1	0

This executable is signed

The executable contains unknown PE section names indicative of a packer (could be a false positive) (1 个事件)

section

The file contains an unknown PE resource name possibly indicative of a packer (2 个事件)

resource name	MUI
resource name	TYPELIB

One or more processes crashed (2 个事件)

Time & API	Arguments	Status	Return	Repeated
1619597753.609374 __exception__	stacktrace: 736da6e9869923614bceee0aa2041456+0x3f07 @ 0x403f07 736da6e9869923614bceee0aa2041456+0x1b25 @ 0x401b25 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5 registers.esp: 1637624 registers.edi: 0 registers.eax: 1447909480 registers.ebp: 1637684 registers.edx: 22104 registers.ebx: 1 registers.esi: 9857408 registers.ecx: 10 exception.instruction_r: ed 89 5d e4 89 4d e0 5a 59 5b 58 83 4d fc ff eb exception.symbol: 736da6e9869923614bceee0aa2041456+0x3449 exception.instruction: in eax, dx exception.module: 736da6e9869923614bceee0aa2041456.exe exception.exception_code: 0xc0000096 exception.offset: 13385 exception.address: 0x403449	success	0	0
1619597753.609374 __exception__	stacktrace: 736da6e9869923614bceee0aa2041456+0x3f10 @ 0x403f10 736da6e9869923614bceee0aa2041456+0x1b25 @ 0x401b25 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5 registers.esp: 1637628 registers.edi: 0 registers.eax: 1447909480 registers.ebp: 1637684 registers.edx: 22104 registers.ebx: 1 registers.esi: 9857408 registers.ecx: 20 exception.instruction_r: ed 89 45 e4 5a 59 5b 58 83 4d fc ff eb 11 33 c0 exception.symbol: 736da6e9869923614bceee0aa2041456+0x34e2 exception.instruction: in eax, dx exception.module: 736da6e9869923614bceee0aa2041456.exe exception.exception_code: 0xc0000096 exception.offset: 13538 exception.address: 0x4034e2	success	0	0

Allocates read-write-execute memory (usually to unpack itself) (6 个事件)

Time & API	Arguments	Status
1619597741.422001 NtAllocateVirtualMemory	process_identifier: 2764 region_size: 225280 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) base_address: 0x00540000	success
1619597741.438001 NtAllocateVirtualMemory	process_identifier: 2764 region_size: 221184 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) base_address: 0x00580000	success
1619597741.454001 NtProtectVirtualMemory	process_identifier: 2764 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 237568 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff base_address: 0x00400000	success
1619597752.906374 NtAllocateVirtualMemory	process_identifier: 2240 region_size: 225280 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) base_address: 0x00390000	success
1619597752.921374 NtAllocateVirtualMemory	process_identifier: 2240 region_size: 221184 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) base_address: 0x025e0000	success
1619597752.921374 NtProtectVirtualMemory	process_identifier: 2240 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 237568 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff base_address: 0x00400000	success

A process created a hidden window (1 个事件)

Time & API	Arguments	Status	Return	Repeated
1619597742.501001 CreateProcessInternalW	thread_identifier: 2364 thread_handle: 0x00000158 process_identifier: 2240 current_directory: filepath: track: 1 command_line: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\736da6e9869923614bceee0aa2041456.exe /C filepath_r: stack_pivoted: 0 creation_flags: 134217728 (CREATE_NO_WINDOW) process_handle: 0x0000015c inherit_handles: 0	success	1	0

Searches running processes potentially to identify processes for sandbox evasion, code injection or memory dumping (6 个事件)

Time & API	Arguments	Status	Return
1619597742.235001 Process32NextW	process_name: wsqmcons.exe snapshot_handle: 0x00000158 process_identifier: 2420	success	1
1619597742.251001 Process32NextW	process_name: sdclt.exe snapshot_handle: 0x00000158 process_identifier: 2080	success	1
1619597742.282001 Process32NextW	process_name: 736da6e9869923614bceee0aa2041456.exe snapshot_handle: 0x00000158 process_identifier: 2764	success	1
1619597742.313001 Process32NextW	process_name: schtasks.exe snapshot_handle: 0x00000158 process_identifier: 2544	success	1
1619597742.329001 Process32NextW	process_name: conhost.exe snapshot_handle: 0x00000158 process_identifier: 2468	success	1
1619597753.593374 Process32NextW	process_name: 736da6e9869923614bceee0aa2041456.exe snapshot_handle: 0x00000158 process_identifier: 2240	success	1

Expresses interest in specific running processes (1 个事件)

process

vboxservice.exe

Communicates with host for which no DNS query was performed (1 个事件)

host

172.217.24.14

Detects VMWare through the in instruction feature (1 个事件)

Time & API	Arguments	Status	Return	Repeated
1619597753.609374 __exception__	stacktrace: 736da6e9869923614bceee0aa2041456+0x3f07 @ 0x403f07 736da6e9869923614bceee0aa2041456+0x1b25 @ 0x401b25 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5 registers.esp: 1637624 registers.edi: 0 registers.eax: 1447909480 registers.ebp: 1637684 registers.edx: 22104 registers.ebx: 1 registers.esi: 9857408 registers.ecx: 10 exception.instruction_r: ed 89 5d e4 89 4d e0 5a 59 5b 58 83 4d fc ff eb exception.symbol: 736da6e9869923614bceee0aa2041456+0x3449 exception.instruction: in eax, dx exception.module: 736da6e9869923614bceee0aa2041456.exe exception.exception_code: 0xc0000096 exception.offset: 13385 exception.address: 0x403449	success	0	0

File has been identified by 57 AntiVirus engines on VirusTotal as malicious (50 out of 57 个事件)

Bkav	W32.AIDetectVM.malware1
Elastic	malicious (high confidence)
DrWeb	Trojan.Inject3.41028
MicroWorld-eScan	Trojan.GenericKD.43278965
FireEye	Generic.mg.736da6e986992361
ALYac	Trojan.GenericKD.43278965
Cylance	Unsafe
Zillya	Trojan.Kryptik.Win32.2040541
Sangfor	Malware
K7AntiVirus	Trojan ( 005681571 )
Alibaba	Ransom:Win32/AvaddonCrypt.854040c7
K7GW	Trojan ( 005681571 )
Cybereason	malicious.ecc87b
Arcabit	Trojan.Generic.D2946275
BitDefenderTheta	Gen:NN.ZexaF.34670.lr1@aONQV5pi
Cyren	W32/Trojan.FLH.gen!Eldorado
Symantec	Trojan.Anserin
ESET-NOD32	a variant of Win32/Kryptik.HDWA
APEX	Malicious
Avast	Win32:DangerousSig [Trj]
ClamAV	Win.Malware.Erlg-9769223-0
Kaspersky	HEUR:Trojan-Banker.Win32.Qbot.vho
BitDefender	Trojan.GenericKD.43278965
NANO-Antivirus	Trojan.Win32.Inject3.hlfeus
Paloalto	generic.ml
Tencent	Win32.Trojan.Zenpak.Agbl
Ad-Aware	Trojan.GenericKD.43278965
Emsisoft	Trojan.GenericKD.43278965 (B)
Comodo	Malware@#1gd6add2hfyzf
F-Secure	Trojan.TR/Kryptik.npjvx
VIPRE	Trojan.Win32.Generic.pak!cobra
TrendMicro	Backdoor.Win32.QAKBOT.SME
McAfee-GW-Edition	W32/PinkSbot-GU!736DA6E98699
Sophos	Mal/Generic-R + Mal/EncPk-APV
Ikarus	Trojan-Banker.QakBot
Avira	TR/Kryptik.npjvx
Antiy-AVL	GrayWare/Win32.Kryptik.ehls
Gridinsoft	Trojan.Win32.Kryptik.ba
Microsoft	Ransom:Win32/AvaddonCrypt.SO!MTB
ZoneAlarm	HEUR:Trojan-Banker.Win32.Qbot.vho
GData	Trojan.GenericKD.43278965
Cynet	Malicious (score: 100)
AhnLab-V3	Trojan/Win32.Kryptik.R340095
McAfee	W32/PinkSbot-GU!736DA6E98699
MAX	malware (ai score=84)
VBA32	Trojan.Inject
Malwarebytes	Backdoor.Qbot
TrendMicro-HouseCall	Backdoor.Win32.QAKBOT.SME
Rising	Trojan.Kryptik!1.C745 (CLASSIC)
SentinelOne	Static AI - Malicious PE

暂无二进制图像该样本未生成二进制可视化图像

暂无运行截图该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手，可以帮您分析和解读恶意软件报告。请随时向我提问！

🔍 主要威胁分析

⚡ 行为特征

🛡️ 防护建议

🔧 技术手段

🎯 检测方法

🤖

Static Analysis
Strings

PE Compile Time

2020-06-03 20:54:55

Imports

Library KERNEL32.dll:

• 0x5086a8 GetLastError

• 0x5086ac Sleep

• 0x5086b0 LoadLibraryA

• 0x5086b4 GetProcAddress

• 0x5086b8 GetModuleHandleW

• 0x5086bc ConnectNamedPipe

• 0x5086c0 CreateEventA

• 0x5086c4 DuplicateHandle

• 0x5086c8 CopyFileExW

• 0x5086cc VerSetConditionMask

• 0x5086d0 CompareFileTime

• 0x5086d4 IsValidLanguageGroup

• 0x5086d8 GetSystemTimeAdjustment

• 0x5086dc GetNamedPipeHandleStateW

• 0x5086e0 EndUpdateResourceA

• 0x5086e4 GetOverlappedResult

• 0x5086e8 GetPrivateProfileSectionA

• 0x5086ec OpenSemaphoreA

• 0x5086f0 OpenEventA

• 0x5086f4 GetShortPathNameA

• 0x5086f8 LoadLibraryW

• 0x5086fc OutputDebugStringA

• 0x508700 LoadLibraryExW

• 0x508704 LocalAlloc

• 0x508708 GlobalFree

• 0x50870c GetCurrentThreadId

• 0x508710 CreateProcessA

• 0x508714 GlobalAlloc

• 0x508718 GetSystemDirectoryW

• 0x50871c GetTimeZoneInformation

• 0x508720 GetDiskFreeSpaceExW

• 0x508724 GetUserDefaultLCID

• 0x508728 IsValidLocale

• 0x50872c GetStringTypeExW

• 0x508730 IsValidCodePage

• 0x508734 CompareStringW

• 0x508738 GetShortPathNameW

• 0x50873c GetLongPathNameW

• 0x508740 CreateFileA

• 0x508744 GetCurrentThread

• 0x508748 GlobalMemoryStatus

• 0x50874c ReleaseSemaphore

• 0x508750 IsProcessorFeaturePresent

• 0x508754 EnumUILanguagesW

• 0x508758 EnumSystemLocalesW

• 0x50875c GetCalendarInfoW

• 0x508760 GetUserDefaultUILanguage

• 0x508764 VirtualProtect

• 0x508768 QueryPerformanceCounter

• 0x50876c GetTempFileNameA

• 0x508770 GetTempPathA

• 0x508774 InterlockedExchange

• 0x508778 InterlockedCompareExchange

• 0x50877c GetStartupInfoA

• 0x508780 UnhandledExceptionFilter

• 0x508784 IsDebuggerPresent

• 0x508788 lstrcmpiW

• 0x50878c GetThreadContext

• 0x508790 GetThreadTimes

• 0x508794 GetPriorityClass

• 0x508798 HeapDestroy

• 0x50879c HeapCreate

• 0x5087a0 TerminateThread

• 0x5087a4 GetThreadSelectorEntry

• 0x5087a8 GetLocalTime

• 0x5087ac LeaveCriticalSection

• 0x5087b0 EnterCriticalSection

• 0x5087b4 GetCommandLineW

• 0x5087b8 ReleaseMutex

• 0x5087bc WaitForSingleObject

• 0x5087c0 WaitForMultipleObjects

• 0x5087c4 SetProcessWorkingSetSize

• 0x5087c8 GetCurrentProcess

• 0x5087cc TerminateProcess

• 0x5087d0 DeleteFileW

• 0x5087d4 CreateThread

• 0x5087d8 CloseHandle

• 0x5087dc GetCurrentProcessId

• 0x5087e0 SetUnhandledExceptionFilter

• 0x5087e4 GetModuleHandleA

• 0x5087e8 MapViewOfFile

• 0x5087ec GetVersionExW

• 0x5087f0 GetVersionExA

• 0x5087f4 GetModuleFileNameW

• 0x5087f8 FreeLibrary

• 0x5087fc InitializeCriticalSection

• 0x508800 GetProcessHeap

• 0x508804 DeleteCriticalSection

• 0x508808 MultiByteToWideChar

• 0x50880c GetSystemTimeAsFileTime

• 0x508810 GetTimeFormatW

• 0x508814 GetDateFormatW

• 0x508818 GetTickCount

• 0x50881c SetLastError

• 0x508820 LocalFree

• 0x508824 WriteFile

• 0x508828 FindNextFileW

• 0x50882c FindClose

• 0x508830 FindFirstFileW

• 0x508834 GetSystemWindowsDirectoryW

• 0x508838 MoveFileW

• 0x50883c SetFilePointer

• 0x508840 GetComputerNameA

• 0x508844 SetPriorityClass

• 0x508848 UnmapViewOfFile

• 0x50884c GetFileSize

• 0x508850 CreateFileMappingA

• 0x508854 SuspendThread

• 0x508858 ExitThread

• 0x50885c MulDiv

• 0x508860 GetModuleFileNameA

• 0x508864 GetSystemDefaultLangID

• 0x508868 GetSystemDefaultUILanguage

• 0x50886c GetUserDefaultLangID

• 0x508870 GetACP

• 0x508874 GetSystemDefaultLCID

• 0x508878 SetEvent

• 0x50887c CreateProcessW

• 0x508880 ExpandEnvironmentStringsW

• 0x508884 WideCharToMultiByte

• 0x508888 GetTempPathW

• 0x50888c GetFileAttributesW

• 0x508890 SetEndOfFile

• 0x508894 IsDBCSLeadByte

• 0x508898 GetSystemDirectoryA

• 0x50889c SetThreadPriority

• 0x5088a0 CreateRemoteThread

• 0x5088a4 OpenProcess

• 0x5088a8 LoadLibraryExA

• 0x5088ac SetEnvironmentVariableA

• 0x5088b0 CreateDirectoryW

• 0x5088b4 ReadProcessMemory

• 0x5088b8 VirtualQueryEx

• 0x5088bc GetSystemInfo

• 0x5088c0 HeapFree

• 0x5088c4 HeapSize

• 0x5088c8 HeapValidate

• 0x5088cc HeapAlloc

• 0x5088d0 HeapReAlloc

• 0x5088d4 VirtualAlloc

• 0x5088d8 RaiseException

• 0x5088dc TlsSetValue

• 0x5088e0 SetFileAttributesW

• 0x5088e4 CreateSemaphoreA

• 0x5088e8 FlushFileBuffers

• 0x5088ec ResumeThread

• 0x5088f0 InitializeCriticalSectionAndSpinCount

• 0x5088f4 TlsAlloc

• 0x5088f8 VirtualFree

• 0x5088fc TlsGetValue

• 0x508900 TlsFree

• 0x508904 GetVersion

• 0x508908 GetFileType

• 0x50890c CreateFileW

• 0x508910 GetLocaleInfoW

• 0x508914 GetProcessTimes

• 0x508918 CreateMutexA

• 0x50891c OpenMutexA

• 0x508920 GetThreadPriority

Library USER32.dll:

• 0x508928 CreatePopupMenu

• 0x50892c CloseClipboard

• 0x508930 AnyPopup

• 0x508934 CreateMenu

• 0x508938 CountClipboardFormats

• 0x50893c EndMenu

• 0x508940 LoadCursorFromFileW

• 0x508944 GetWindowDC

• 0x508948 GetWindowTextLengthW

• 0x50894c IsCharLowerW

• 0x508950 LoadCursorFromFileA

• 0x508954 LoadIconW

• 0x508958 wvsprintfW

• 0x50895c ReleaseDC

• 0x508960 GetDC

• 0x508964 SendMessageW

• 0x508968 SetDlgItemTextW

• 0x50896c SetFocus

• 0x508970 EndDialog

• 0x508974 DestroyIcon

• 0x508978 SendDlgItemMessageW

• 0x50897c GetDlgItemTextW

• 0x508980 GetClassNameW

• 0x508984 DialogBoxParamW

• 0x508988 IsWindowVisible

• 0x50898c WaitForInputIdle

• 0x508990 SetForegroundWindow

• 0x508994 GetSysColor

• 0x508998 PostMessageW

• 0x50899c LoadBitmapW

• 0x5089a0 CharToOemA

• 0x5089a4 OemToCharA

• 0x5089a8 FindWindowExW

• 0x5089ac wvsprintfA

• 0x5089b0 GetParent

• 0x5089b4 MapWindowPoints

• 0x5089b8 CreateWindowExW

• 0x5089bc UpdateWindow

• 0x5089c0 SetWindowTextW

• 0x5089c4 LoadCursorW

• 0x5089c8 RegisterClassExW

• 0x5089cc SetWindowLongW

• 0x5089d0 GetWindowLongW

• 0x5089d4 DefWindowProcW

• 0x5089d8 PeekMessageW

• 0x5089dc GetMessageW

• 0x5089e0 TranslateMessage

• 0x5089e4 DispatchMessageW

• 0x5089e8 DestroyWindow

• 0x5089ec GetClientRect

• 0x5089f0 IsWindow

• 0x5089f4 CharToOemBuffW

• 0x5089f8 MessageBoxW

• 0x5089fc ShowWindow

• 0x508a00 GetDlgItem

• 0x508a04 EnableWindow

• 0x508a08 OemToCharBuffA

• 0x508a0c CharUpperA

• 0x508a10 CharToOemBuffA

• 0x508a14 LoadStringW

• 0x508a18 SetWindowPos

• 0x508a1c GetWindowTextW

• 0x508a20 GetSystemMetrics

• 0x508a24 GetWindow

• 0x508a28 CharUpperW

• 0x508a2c GetWindowRect

• 0x508a30 CopyRect

• 0x508a34 DdeCreateStringHandleA

• 0x508a38 LoadMenuIndirectW

• 0x508a3c GetWindowTextA

• 0x508a40 DrawIconEx

• 0x508a44 WINNLSGetIMEHotkey

• 0x508a48 GetMessageA

• 0x508a4c AdjustWindowRectEx

• 0x508a50 GetActiveWindow

• 0x508a54 GetMenuCheckMarkDimensions

• 0x508a58 wsprintfW

• 0x508a5c SendNotifyMessageW

• 0x508a60 GetClassInfoExW

• 0x508a64 CopyAcceleratorTableA

• 0x508a68 GetClassLongA

• 0x508a6c GetMonitorInfoA

• 0x508a70 DdeSetQualityOfService

• 0x508a74 EnumDisplaySettingsExW

• 0x508a78 GetClipboardViewer

• 0x508a7c InternalGetWindowText

• 0x508a80 DdeCmpStringHandles

• 0x508a84 CreateDialogIndirectParamA

• 0x508a88 CheckMenuRadioItem

• 0x508a8c SendIMEMessageExW

• 0x508a90 GetDlgCtrlID

• 0x508a94 DrawTextA

• 0x508a98 DrawTextW

• 0x508a9c MapDialogRect

• 0x508aa0 CallWindowProcA

• 0x508aa4 MoveWindow

• 0x508aa8 GetKeyboardLayout

• 0x508aac LoadBitmapA

• 0x508ab0 CallWindowProcW

• 0x508ab4 SetRectEmpty

• 0x508ab8 PostMessageA

• 0x508abc SendMessageA

• 0x508ac0 DefWindowProcA

• 0x508ac4 SetTimer

• 0x508ac8 KillTimer

• 0x508acc PostQuitMessage

• 0x508ad0 DispatchMessageA

• 0x508ad4 IsDialogMessageA

• 0x508ad8 CreateWindowExA

• 0x508adc RegisterClassExA

• 0x508ae0 DialogBoxParamA

• 0x508ae4 SystemParametersInfoA

• 0x508ae8 GetWindowLongA

• 0x508aec LoadIconA

• 0x508af0 SetWindowLongA

• 0x508af4 FillRect

• 0x508af8 GetSysColorBrush

• 0x508afc SetWindowTextA

• 0x508b00 CreateDialogParamW

• 0x508b04 EnumDisplayMonitors

• 0x508b08 LoadCursorA

• 0x508b0c SetCursor

• 0x508b10 DrawFocusRect

• 0x508b14 InvalidateRect

• 0x508b18 SendDlgItemMessageA

• 0x508b1c CheckDlgButton

• 0x508b20 LoadStringA

• 0x508b24 IsDlgButtonChecked

• 0x508b28 SetDlgItemTextA

• 0x508b2c GetScrollInfo

• 0x508b30 SetScrollInfo

• 0x508b34 GetFocus

• 0x508b38 FlashWindowEx

• 0x508b3c GetForegroundWindow

• 0x508b40 GetWindowPlacement

• 0x508b44 IsIconic

• 0x508b48 GetWindowThreadProcessId

• 0x508b4c EnumWindows

• 0x508b50 SendMessageTimeoutA

• 0x508b54 IsWindowUnicode

• 0x508b58 GetClassNameA

Library GDI32.dll:

• 0x508b60 GetBkColor

• 0x508b64 DeleteObject

• 0x508b68 GetTextColor

• 0x508b6c AbortPath

• 0x508b70 CreateMetaFileA

• 0x508b74 GetFontLanguageInfo

• 0x508b78 GetBkMode

• 0x508b7c CreateMetaFileW

• 0x508b80 CancelDC

• 0x508b84 GetEnhMetaFileA

• 0x508b88 GetGraphicsMode

• 0x508b8c GetLayout

• 0x508b90 RealizePalette

• 0x508b94 CreateCompatibleDC

• 0x508b98 GetObjectType

• 0x508b9c CreateHalftonePalette

• 0x508ba0 CreatePatternBrush

• 0x508ba4 GetStockObject

• 0x508ba8 SaveDC

• 0x508bac DeleteDC

• 0x508bb0 GetSystemPaletteUse

• 0x508bb4 GetDCPenColor

• 0x508bb8 GetEnhMetaFileW

• 0x508bbc BeginPath

• 0x508bc0 WidenPath

• 0x508bc4 GetStretchBltMode

• 0x508bc8 CloseMetaFile

• 0x508bcc EndPath

• 0x508bd0 FillPath

• 0x508bd4 GdiGetBatchLimit

• 0x508bd8 PathToRegion

• 0x508bdc SwapBuffers

• 0x508be0 AddFontResourceW

• 0x508be4 FlattenPath

• 0x508be8 AddFontResourceA

• 0x508bec GetPixelFormat

• 0x508bf0 GetTextCharset

• 0x508bf4 GdiFlush

• 0x508bf8 AbortDoc

• 0x508bfc GetTextAlign

• 0x508c00 GetMapMode

• 0x508c04 EndPage

• 0x508c08 DeleteColorSpace

• 0x508c0c EndDoc

• 0x508c10 DeleteMetaFile

• 0x508c14 CreateSolidBrush

• 0x508c18 UpdateColors

• 0x508c1c UnrealizeObject

• 0x508c20 GetPolyFillMode

• 0x508c24 DeleteEnhMetaFile

• 0x508c28 GetTextCharacterExtra

• 0x508c2c CloseEnhMetaFile

• 0x508c30 CloseFigure

• 0x508c34 GetDCBrushColor

• 0x508c38 GetColorSpace

• 0x508c3c GetROP2

• 0x508c40 SetMetaRgn

• 0x508c44 StrokePath

• 0x508c48 GetDeviceCaps

• 0x508c4c GetObjectW

• 0x508c50 CreateCompatibleBitmap

• 0x508c54 SelectObject

• 0x508c58 StretchBlt

• 0x508c5c GetOutlineTextMetricsA

• 0x508c60 GdiGetSpoolMessage

• 0x508c64 PATHOBJ_bEnum

• 0x508c68 CreateFontIndirectW

• 0x508c6c FONTOBJ_cGetAllGlyphHandles

• 0x508c70 RemoveFontResourceW

• 0x508c74 NamedEscape

• 0x508c78 RemoveFontResourceTracking

• 0x508c7c SelectClipPath

• 0x508c80 CreateRectRgn

• 0x508c84 Ellipse

• 0x508c88 StretchDIBits

• 0x508c8c CreateBitmap

• 0x508c90 GetCharABCWidthsW

• 0x508c94 CreateFontA

• 0x508c98 EnumObjects

• 0x508c9c CreateICA

• 0x508ca0 GdiEntry6

• 0x508ca4 StartDocW

• 0x508ca8 EngMarkBandingSurface

• 0x508cac GetTransform

• 0x508cb0 RestoreDC

• 0x508cb4 GetTextFaceA

• 0x508cb8 SetMapMode

• 0x508cbc GetTextExtentPoint32W

• 0x508cc0 SetTextAlign

• 0x508cc4 GetTextMetricsA

• 0x508cc8 GetObjectA

• 0x508ccc ExtTextOutW

• 0x508cd0 SetBkMode

• 0x508cd4 SetTextColor

• 0x508cd8 GetTextFaceW

• 0x508cdc CreateDCA

• 0x508ce0 TranslateCharsetInfo

• 0x508ce4 CreateFontIndirectA

• 0x508ce8 SetBkColor

• 0x508cec CreateBrushIndirect

Library COMDLG32.dll:

• 0x508cf4 GetOpenFileNameW

• 0x508cf8 CommDlgExtendedError

• 0x508cfc GetSaveFileNameW

Library ADVAPI32.dll:

• 0x508d04 GetUserNameA

• 0x508d08 RegOpenKeyA

• 0x508d0c RegQueryValueExA

• 0x508d10 RegOpenKeyExW

• 0x508d14 LookupPrivilegeValueW

• 0x508d18 OpenProcessToken

• 0x508d1c RegQueryValueExW

• 0x508d20 RegCreateKeyExW

• 0x508d24 RegSetValueExW

• 0x508d28 RegCloseKey

• 0x508d2c SetFileSecurityW

• 0x508d30 SetFileSecurityA

• 0x508d34 AdjustTokenPrivileges

• 0x508d38 GetSecurityDescriptorDacl

• 0x508d3c RegQueryInfoKeyW

• 0x508d40 ReportEventW

• 0x508d44 RegisterEventSourceW

• 0x508d48 ReportEventA

• 0x508d4c DeregisterEventSource

• 0x508d50 RegQueryInfoKeyA

• 0x508d54 RegEnumValueA

• 0x508d58 RegEnumKeyExA

• 0x508d5c RegDeleteValueA

• 0x508d60 SetNamedSecurityInfoW

• 0x508d64 ConvertSidToStringSidA

• 0x508d68 ConvertStringSecurityDescriptorToSecurityDescriptorA

• 0x508d6c RegCreateKeyExA

• 0x508d70 RegDeleteValueW

• 0x508d74 RegOpenKeyExA

• 0x508d78 RegSetValueExA

• 0x508d7c RegEnumKeyW

• 0x508d80 RegEnumValueW

• 0x508d84 GetLengthSid

• 0x508d88 AddAccessAllowedAce

• 0x508d8c AddAccessDeniedAce

• 0x508d90 InitializeAcl

• 0x508d94 AllocateAndInitializeSid

• 0x508d98 CopySid

• 0x508d9c OpenThreadToken

• 0x508da0 IsValidSid

• 0x508da4 CheckTokenMembership

• 0x508da8 ConvertStringSecurityDescriptorToSecurityDescriptorW

• 0x508dac InitializeSecurityDescriptor

• 0x508db0 SetSecurityDescriptorDacl

• 0x508db4 FreeSid

• 0x508db8 GetTokenInformation

Library SHELL32.dll:

• 0x508dc0 SHChangeNotify

• 0x508dc4 ShellExecuteExW

• 0x508dc8 SHFileOperationW

• 0x508dcc SHGetFileInfoW

• 0x508dd0 SHGetSpecialFolderLocation

• 0x508dd4 SHGetMalloc

• 0x508dd8 SHBrowseForFolderW

• 0x508ddc SHGetPathFromIDListW

• 0x508de0 ExtractIconEx

• 0x508de4 SHLoadNonloadedIconOverlayIdentifiers

• 0x508de8 DoEnvironmentSubstW

• 0x508dec ExtractIconExA

• 0x508df0 SHGetSpecialFolderPathW

• 0x508df4 ShellExecuteExA

Library ole32.dll:

• 0x508dfc CreateStreamOnHGlobal

• 0x508e00 OleInitialize

• 0x508e04 CoCreateInstance

• 0x508e08 OleUninitialize

• 0x508e0c CLSIDFromString

• 0x508e10 StringFromIID

• 0x508e14 CoTaskMemFree

• 0x508e18 CoUninitialize

• 0x508e1c CoInitializeEx

Library SHLWAPI.dll:

• 0x508e24 SHAutoComplete

• 0x508e28 StrCmpNIA

• 0x508e2c AssocQueryStringW

• 0x508e30 UrlGetPartA

• 0x508e34 wnsprintfA

Library COMCTL32.dll:

• 0x508e3c InitCommonControlsEx

• 0x508e40 ImageList_ReplaceIcon

• 0x508e44 ImageList_Create

• 0x508e48 ImageList_Destroy

Hosts

No hosts contacted.

DNS

Name	Response	Post-Analysis Lookup
time.windows.com	A 20.189.79.72 CNAME time.microsoft.akadns.net
dns.msftncsi.com	A 131.107.255.255	131.107.255.255
dns.msftncsi.com	AAAA fd3e:4f5a:5b81::1	131.107.255.255
teredo.ipv6.microsoft.com		127.0.0.1

TCP

No TCP connections recorded.

UDP

Source	Source Port	Destination	Destination Port
192.168.56.101	49713	114.114.114.114	53
192.168.56.101	50002	114.114.114.114	53
192.168.56.101	53657	114.114.114.114	53
192.168.56.101	60384	114.114.114.114	53
192.168.56.101	62318	114.114.114.114	53
192.168.56.101	137	192.168.56.255	137
192.168.56.101	138	192.168.56.255	138
192.168.56.101	123	20.189.79.72 time.windows.com	123
192.168.56.101	49235	224.0.0.252	5355
192.168.56.101	50534	224.0.0.252	5355
192.168.56.101	51808	224.0.0.252	5355
192.168.56.101	51963	224.0.0.252	5355
192.168.56.101	56804	224.0.0.252	5355
192.168.56.101	57756	224.0.0.252	5355
192.168.56.101	57874	224.0.0.252	5355
192.168.56.101	62191	224.0.0.252	5355
192.168.56.101	63429	224.0.0.252	5355
192.168.56.101	1900	239.255.255.250	1900
192.168.56.101	51811	239.255.255.250	1900
192.168.56.101	51813	239.255.255.250	3702

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.

Sorry! No dropped buffers.