SmartHawk

3.8

中危

1 个模型检测该样本为恶意！

7683af3c5c611eb0443b9c71eebf6dafbd7c9fd097e36dd5035f10ec4fcf89ec

7619d5b91fcc14a6f17a3b8d7d419051.exe

分析耗时

85s

最近分析

文件大小

255.2KB

静态报毒动态报毒 INSTALLCORE

未检测暂无鹰眼引擎检测结果

查杀引擎	查杀结果	查杀时间	查杀版本
McAfee		20190811	6.0.6.653
Alibaba		20190527	0.3.0.5
Baidu		20190318	1.0.0.2
Tencent		20190812	1.0.0.1
Kingsoft		20190812	2013.8.14.323
CrowdStrike		20190212	1.0

This executable is signed

The executable contains unknown PE section names indicative of a packer (could be a false positive) (1 个事件)

section

.gfids

The file contains an unknown PE resource name possibly indicative of a packer (3 个事件)

resource name	AFX_DIALOG_LAYOUT
resource name	PNG
resource name	None

Foreign language identified in PE resource (17 个事件)

name

AFX_DIALOG_LAYOUT

language

LANG_CHINESE

offset

0x000cbc48

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x00000002

name

AFX_DIALOG_LAYOUT

language

LANG_CHINESE

offset

0x000cbc48

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x00000002

name

AFX_DIALOG_LAYOUT

language

LANG_CHINESE

offset

0x000cbc48

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x00000002

name

AFX_DIALOG_LAYOUT

language

LANG_CHINESE

offset

0x000cbc48

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x00000002

name

PNG

language

LANG_CHINESE

offset

0x000cb188

filetype

PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x000003c8

name

PNG

language

LANG_CHINESE

offset

0x000cb188

filetype

PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x000003c8

name

PNG

language

LANG_CHINESE

offset

0x000cb188

filetype

PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x000003c8

name

PNG

language

LANG_CHINESE

offset

0x000cb188

filetype

PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x000003c8

name

PNG

language

LANG_CHINESE

offset

0x000cb188

filetype

PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x000003c8

name

PNG

language

LANG_CHINESE

offset

0x000cb188

filetype

PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x000003c8

name

PNG

language

LANG_CHINESE

offset

0x000cb188

filetype

PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x000003c8

name

PNG

language

LANG_CHINESE

offset

0x000cb188

filetype

PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x000003c8

name

RT_DIALOG

language

LANG_CHINESE

offset

0x000cba10

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x00000104

name

RT_DIALOG

language

LANG_CHINESE

offset

0x000cba10

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x00000104

name

RT_DIALOG

language

LANG_CHINESE

offset

0x000cba10

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x00000104

name

RT_DIALOG

language

LANG_CHINESE

offset

0x000cba10

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x00000104

name

RT_DIALOG

language

LANG_CHINESE

offset

0x000cba10

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x00000104

File has been identified by one AntiVirus engine on VirusTotal as malicious (1 个事件)

Microsoft

PUA:Win32/InstallCore

The binary likely contains encrypted or compressed data indicative of a packer (2 个事件)

entropy

7.217586196813697

section

{'size_of_data': '0x00016800', 'virtual_address': '0x000c0000', 'entropy': 7.217586196813697, 'name': '.rsrc', 'virtual_size': '0x000167f0'}

description

A section with a high entropy has been found

entropy

0.36363636363636365

description

Overall entropy of this PE file is high

Communicates with host for which no DNS query was performed (2 个事件)

host	113.108.239.196
host	172.217.24.14

Connects to IP addresses that are no longer responding to requests (legitimate services will remain up-and-running usually) (2 个事件)

dead_host	172.217.24.14:443
dead_host	172.217.160.78:443

暂无二进制图像该样本未生成二进制可视化图像

暂无运行截图该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手，可以帮您分析和解读恶意软件报告。请随时向我提问！

🔍 主要威胁分析

⚡ 行为特征

🛡️ 防护建议

🔧 技术手段

🎯 检测方法

🤖

Static Analysis
Strings

PE Compile Time

2019-04-26 20:19:34

Imports

Library WINMM.dll:

• 0x140018b18 timeGetTime

Library DSOUND.dll:

• 0x140018470

• 0x140018478

Library FFUILibX64.dll:

• 0x140018558 ?EnableApplyButton@CPFPropertyPage@@UEAAXH@Z

• 0x140018560 ?QueryDefault@CPFPropertyPage@@QEAA_NXZ

• 0x140018568 ?OnInitDialog@CPFPropertyPage@@UEAAHXZ

• 0x140018570 ?GetThisMessageMap@CPFPropertyPage@@KAPEBUAFX_MSGMAP@@XZ

• 0x140018578 ??0CPFPropertyPage@@QEAA@II@Z

• 0x140018580 ?OnOK@CPFPropertyPage@@UEAAXXZ

• 0x140018588 ?GetThisClass@CPFPropertyPage@@SAPEAUCRuntimeClass@@XZ

• 0x140018590 ?OnApply@CPFPropertyPage@@UEAAHXZ

• 0x140018598 ?GetThisClass@CPFDialog@@SAPEAUCRuntimeClass@@XZ

• 0x1400185a0 ??0CPFDialog@@QEAA@IPEAVCWnd@@@Z

• 0x1400185a8 ??1CPFDialog@@UEAA@XZ

• 0x1400185b0 ??0CPFFlatButton@@QEAA@XZ

• 0x1400185b8 ??1CPFFlatButton@@UEAA@XZ

• 0x1400185c0 ?DoDataExchange@CPFDialog@@MEAAXPEAVCDataExchange@@@Z

• 0x1400185c8 ?GetThisMessageMap@CPFDialog@@KAPEBUAFX_MSGMAP@@XZ

• 0x1400185d0 ?SetBmpBTStyle@@YAXAEAVCBCGPButton@@I@Z

• 0x1400185d8 ?SetSkinVar@@YAXPEAI@Z

• 0x1400185e0 ?CloseAllPopupWnd@@YAXXZ

• 0x1400185e8 ?GetThisClass@CPFVisualManager@@SAPEAUCRuntimeClass@@XZ

• 0x1400185f0 ??1CPFPropertyPage@@UEAA@XZ

Library mfc140u.dll:

• 0x140018d88

• 0x140018d90

• 0x140018d98

• 0x140018da0

• 0x140018da8

• 0x140018db0

• 0x140018db8

• 0x140018dc0

• 0x140018dc8

• 0x140018dd0

• 0x140018dd8

• 0x140018de0

• 0x140018de8

• 0x140018df0

• 0x140018df8

• 0x140018e00

• 0x140018e08

• 0x140018e10

• 0x140018e18

• 0x140018e20

• 0x140018e28

• 0x140018e30

• 0x140018e38

• 0x140018e40

• 0x140018e48

• 0x140018e50

• 0x140018e58

• 0x140018e60

• 0x140018e68

• 0x140018e70

• 0x140018e78

• 0x140018e80

• 0x140018e88

• 0x140018e90

• 0x140018e98

• 0x140018ea0

• 0x140018ea8

• 0x140018eb0

• 0x140018eb8

• 0x140018ec0

• 0x140018ec8

• 0x140018ed0

• 0x140018ed8

• 0x140018ee0

• 0x140018ee8

• 0x140018ef0

• 0x140018ef8

• 0x140018f00

• 0x140018f08

• 0x140018f10

• 0x140018f18

• 0x140018f20

• 0x140018f28

• 0x140018f30

• 0x140018f38

• 0x140018f40

• 0x140018f48

• 0x140018f50

• 0x140018f58

• 0x140018f60

• 0x140018f68

• 0x140018f70

• 0x140018f78

• 0x140018f80

• 0x140018f88

• 0x140018f90

• 0x140018f98

• 0x140018fa0

• 0x140018fa8

• 0x140018fb0

• 0x140018fb8

• 0x140018fc0

• 0x140018fc8

• 0x140018fd0

• 0x140018fd8

• 0x140018fe0

• 0x140018fe8

• 0x140018ff0

• 0x140018ff8

• 0x140019000

• 0x140019008

• 0x140019010

• 0x140019018

• 0x140019020

• 0x140019028

• 0x140019030

• 0x140019038

• 0x140019040

• 0x140019048

• 0x140019050

• 0x140019058

• 0x140019060

• 0x140019068

• 0x140019070

• 0x140019078

• 0x140019080

• 0x140019088

• 0x140019090

• 0x140019098

• 0x1400190a0

• 0x1400190a8

• 0x1400190b0

• 0x1400190b8

• 0x1400190c0

• 0x1400190c8

• 0x1400190d0

• 0x1400190d8

• 0x1400190e0

• 0x1400190e8

• 0x1400190f0

• 0x1400190f8

• 0x140019100

• 0x140019108

• 0x140019110

• 0x140019118

• 0x140019120

• 0x140019128

• 0x140019130

• 0x140019138

• 0x140019140

• 0x140019148

• 0x140019150

• 0x140019158

• 0x140019160

• 0x140019168

• 0x140019170

• 0x140019178

• 0x140019180

• 0x140019188

• 0x140019190

• 0x140019198

• 0x1400191a0

• 0x1400191a8

• 0x1400191b0

• 0x1400191b8

• 0x1400191c0

• 0x1400191c8

• 0x1400191d0

• 0x1400191d8

• 0x1400191e0

• 0x1400191e8

• 0x1400191f0

• 0x1400191f8

• 0x140019200

• 0x140019208

• 0x140019210

• 0x140019218

• 0x140019220

• 0x140019228

• 0x140019230

• 0x140019238

• 0x140019240

• 0x140019248

• 0x140019250

• 0x140019258

• 0x140019260

• 0x140019268

• 0x140019270

• 0x140019278

• 0x140019280

• 0x140019288

• 0x140019290

• 0x140019298

• 0x1400192a0

• 0x1400192a8

• 0x1400192b0

• 0x1400192b8

• 0x1400192c0

• 0x1400192c8

• 0x1400192d0

• 0x1400192d8

• 0x1400192e0

• 0x1400192e8

• 0x1400192f0

• 0x1400192f8

• 0x140019300

• 0x140019308

• 0x140019310

• 0x140019318

• 0x140019320

• 0x140019328

• 0x140019330

• 0x140019338

• 0x140019340

• 0x140019348

• 0x140019350

• 0x140019358

• 0x140019360

• 0x140019368

• 0x140019370

• 0x140019378

• 0x140019380

• 0x140019388

• 0x140019390

• 0x140019398

• 0x1400193a0

• 0x1400193a8

• 0x1400193b0

• 0x1400193b8

• 0x1400193c0

• 0x1400193c8

• 0x1400193d0

• 0x1400193d8

• 0x1400193e0

• 0x1400193e8

• 0x1400193f0

• 0x1400193f8

• 0x140019400

• 0x140019408

• 0x140019410

• 0x140019418

• 0x140019420

• 0x140019428

• 0x140019430

• 0x140019438

• 0x140019440

• 0x140019448

• 0x140019450

• 0x140019458

Library KERNEL32.dll:

• 0x140018700 GetDriveTypeW

• 0x140018708 GetDiskFreeSpaceExW

• 0x140018710 VerifyVersionInfoW

• 0x140018718 GetFileSizeEx

• 0x140018720 ReadFile

• 0x140018728 FlushFileBuffers

• 0x140018730 FindClose

• 0x140018738 GetFileTime

• 0x140018740 SetFileTime

• 0x140018748 GetSystemTime

• 0x140018750 SystemTimeToFileTime

• 0x140018758 CreateDirectoryW

• 0x140018760 CreateProcessW

• 0x140018768 GetModuleFileNameW

• 0x140018770 FormatMessageW

• 0x140018778 GetLogicalDrives

• 0x140018780 WaitForSingleObject

• 0x140018788 GetCurrentProcess

• 0x140018790 LocalFree

• 0x140018798 VerSetConditionMask

• 0x1400187a0 GlobalFree

• 0x1400187a8 lstrlenW

• 0x1400187b0 CreateEventW

• 0x1400187b8 SetThreadPriority

• 0x1400187c0 Sleep

• 0x1400187c8 GlobalLock

• 0x1400187d0 GlobalAlloc

• 0x1400187d8 OutputDebugStringW

• 0x1400187e0 GetSystemTimeAsFileTime

• 0x1400187e8 GetLocalTime

• 0x1400187f0 TerminateProcess

• 0x1400187f8 IsProcessorFeaturePresent

• 0x140018800 GetStartupInfoW

• 0x140018808 SetUnhandledExceptionFilter

• 0x140018810 UnhandledExceptionFilter

• 0x140018818 IsDebuggerPresent

• 0x140018820 RtlVirtualUnwind

• 0x140018828 RtlLookupFunctionEntry

• 0x140018830 RtlCaptureContext

• 0x140018838 InitializeSListHead

• 0x140018840 GlobalHandle

• 0x140018848 GetCurrentProcessId

• 0x140018850 QueryPerformanceCounter

• 0x140018858 GetModuleHandleW

• 0x140018860 WaitForSingleObjectEx

• 0x140018868 ResetEvent

• 0x140018870 SetEvent

• 0x140018878 WideCharToMultiByte

• 0x140018880 MultiByteToWideChar

• 0x140018888 MoveFileW

• 0x140018890 CopyFileW

• 0x140018898 FindNextFileW

• 0x1400188a0 FindFirstFileW

• 0x1400188a8 DeleteFileW

• 0x1400188b0 GetFileAttributesW

• 0x1400188b8 SetFileAttributesW

• 0x1400188c0 GetCurrentThreadId

• 0x1400188c8 SetFilePointer

• 0x1400188d0 GetLastError

• 0x1400188d8 SetEndOfFile

• 0x1400188e0 CloseHandle

• 0x1400188e8 MulDiv

• 0x1400188f0 CreateFileW

• 0x1400188f8 GetFileSize

• 0x140018900 WriteFile

• 0x140018908 GetVolumeInformationW

• 0x140018910 LoadLibraryW

• 0x140018918 GetProcAddress

• 0x140018920 FreeLibrary

• 0x140018928 InitializeCriticalSectionAndSpinCount

• 0x140018930 LeaveCriticalSection

• 0x140018938 EnterCriticalSection

• 0x140018940 DeleteCriticalSection

• 0x140018948 GlobalUnlock

• 0x140018950 RemoveDirectoryW

Library USER32.dll:

• 0x140018988 TranslateMessage

• 0x140018990 MsgWaitForMultipleObjects

• 0x140018998 SystemParametersInfoW

• 0x1400189a0 SetCursor

• 0x1400189a8 ReleaseCapture

• 0x1400189b0 SetCapture

• 0x1400189b8 SetWindowRgn

• 0x1400189c0 DispatchMessageW

• 0x1400189c8 OpenClipboard

• 0x1400189d0 CloseClipboard

• 0x1400189d8 SetClipboardData

• 0x1400189e0 EmptyClipboard

• 0x1400189e8 ExitWindowsEx

• 0x1400189f0 SendMessageW

• 0x1400189f8 PeekMessageW

• 0x140018a00 EnableWindow

• 0x140018a08 CopyRect

• 0x140018a10 RegisterHotKey

• 0x140018a18 ShowWindow

• 0x140018a20 UpdateWindow

• 0x140018a28 PostMessageW

• 0x140018a30 UnregisterHotKey

• 0x140018a38 InflateRect

• 0x140018a40 FillRect

• 0x140018a48 IsRectEmpty

• 0x140018a50 ReleaseDC

• 0x140018a58 wsprintfW

• 0x140018a60 GetCursorPos

• 0x140018a68 GetDC

• 0x140018a70 DefWindowProcW

• 0x140018a78 LoadIconW

• 0x140018a80 LoadCursorW

• 0x140018a88 RegisterClassW

• 0x140018a90 CreateWindowExW

• 0x140018a98 GetIconInfo

• 0x140018aa0 DrawIcon

Library GDI32.dll:

• 0x140018630 PatBlt

• 0x140018638 DeleteObject

• 0x140018640 CreateCompatibleBitmap

• 0x140018648 RoundRect

• 0x140018650 BitBlt

• 0x140018658 CreateCompatibleDC

• 0x140018660 GetStockObject

• 0x140018668 GetTextExtentPointW

• 0x140018670 SetTextColor

• 0x140018678 SetBkColor

• 0x140018680 SetBkMode

• 0x140018688 ExtTextOutW

• 0x140018690 DeleteDC

• 0x140018698 GetDeviceCaps

• 0x1400186a0 CreatePen

• 0x1400186a8 CreateSolidBrush

• 0x1400186b0 CreateHatchBrush

• 0x1400186b8 SelectObject

• 0x1400186c0 Rectangle

• 0x1400186c8 Ellipse

• 0x1400186d0 GetObjectW

• 0x1400186d8 GetDIBits

• 0x1400186e0 CreateRectRgn

• 0x1400186e8 CombineRgn

• 0x1400186f0 OffsetRgn

Library ADVAPI32.dll:

• 0x140018000 RegQueryValueExA

• 0x140018008 RegCloseKey

• 0x140018010 RegCreateKeyExA

• 0x140018018 RegCreateKeyExW

• 0x140018020 RegDeleteKeyA

• 0x140018028 RegDeleteKeyW

• 0x140018030 RegDeleteValueA

• 0x140018038 RegDeleteValueW

• 0x140018040 RegOpenKeyExA

• 0x140018048 RegOpenKeyExW

• 0x140018050 RegQueryValueExW

• 0x140018058 RegSetValueExA

• 0x140018060 RegSetValueExW

• 0x140018068 OpenProcessToken

• 0x140018070 AdjustTokenPrivileges

• 0x140018078 AllocateAndInitializeSid

• 0x140018080 FreeSid

• 0x140018088 LookupPrivilegeValueW

• 0x140018090 CheckTokenMembership

Library SHELL32.dll:

• 0x140018960 SHFileOperationW

• 0x140018968 ShellExecuteW

• 0x140018970 SHGetSpecialFolderPathW

• 0x140018978 ShellExecuteExW

Library COMCTL32.dll:

• 0x140018460 InitCommonControlsEx

Library ole32.dll:

• 0x140019468 CoCreateInstance

• 0x140019470 CoInitialize

• 0x140019478 CoUninitialize

• 0x140019480 CoTaskMemFree

Library gdiplus.dll:

• 0x140018cb0 GdipCreateFont

• 0x140018cb8 GdipCreatePath

• 0x140018cc0 GdipDeletePath

• 0x140018cc8 GdipDeleteFontFamily

• 0x140018cd0 GdipGetFamily

• 0x140018cd8 GdipAddPathString

• 0x140018ce0 GdipGetFontSize

• 0x140018ce8 GdipGetFontStyle

• 0x140018cf0 GdipGetPathWorldBounds

• 0x140018cf8 GdipCreateFromHDC

• 0x140018d00 GdipDeleteGraphics

• 0x140018d08 GdipSetSmoothingMode

• 0x140018d10 GdipSetInterpolationMode

• 0x140018d18 GdipCreateFontFamilyFromName

• 0x140018d20 GdipCreateStringFormat

• 0x140018d28 GdipDeleteStringFormat

• 0x140018d30 GdipGetGenericFontFamilySansSerif

• 0x140018d38 GdipDeleteFont

• 0x140018d40 GdipAddPathStringI

• 0x140018d48 GdipCreatePen1

• 0x140018d50 GdipDeletePen

• 0x140018d58 GdipSetPenLineJoin

• 0x140018d60 GdipDrawPath

• 0x140018d68 GdipCreateSolidFill

• 0x140018d70 GdipDeleteBrush

• 0x140018d78 GdipFillPath

Library BCGCBPRO2500u140X64.dll:

• 0x1400180a0 ?GetThisClass@CBCGPPropertySheet@@SAPEAUCRuntimeClass@@XZ

• 0x1400180a8 ??0CBCGPComboBox@@QEAA@XZ

• 0x1400180b0 ??1CBCGPComboBox@@UEAA@XZ

• 0x1400180b8 ?OnCommand@CBCGPPropertyPage@@MEAAH_K_J@Z

• 0x1400180c0 ?PreTranslateMessage@CBCGPPropertyPage@@UEAAHPEAUtagMSG@@@Z

• 0x1400180c8 ?OnSetActive@CBCGPPropertyPage@@UEAAHXZ

• 0x1400180d0 ?IsVisualManagerStyle@CBCGPPropertyPage@@UEBAHXZ

• 0x1400180d8 ?AdjustControlsLayout@CBCGPPropertyPage@@UEAAXXZ

• 0x1400180e0 ??0CBCGPEdit@@QEAA@XZ

• 0x1400180e8 ??1CBCGPEdit@@UEAA@XZ

• 0x1400180f0 ?EnableFolderBrowseButton@CBCGPEdit@@QEAAXPEB_WI@Z

• 0x1400180f8 ??0CBCGPSliderCtrl@@QEAA@XZ

• 0x140018100 ??1CBCGPSliderCtrl@@UEAA@XZ

• 0x140018108 ??0CBCGPSpinButtonCtrl@@QEAA@XZ

• 0x140018110 ??1CBCGPSpinButtonCtrl@@UEAA@XZ

• 0x140018118 ?EnableVisualManagerStyle@CBCGPDialog@@QEAAXHHPEBV?$CList@II@@@Z

• 0x140018120 ?OnInitDialog@CBCGPDialog@@MEAAHXZ

• 0x140018128 ?SetTooltip@CBCGPButton@@QEAAXPEB_W@Z

• 0x140018130 ?PreTranslateMessage@CBCGPDialog@@UEAAHPEAUtagMSG@@@Z

• 0x140018138 ?OnDestroy@CBCGPDialog@@IEAAXXZ

• 0x140018140 ?OnCommand@CBCGPDialog@@MEAAH_K_J@Z

• 0x140018148 ?Create@CBCGPDialog@@UEAAHIPEAVCWnd@@@Z

• 0x140018150 ?Create@CBCGPDialog@@UEAAHPEB_WPEAVCWnd@@@Z

• 0x140018158 ?DoModal@CBCGPDialog@@UEAA_JXZ

• 0x140018160 ?OnOK@CBCGPDialog@@UEAAXXZ

• 0x140018168 ?OnCancel@CBCGPDialog@@UEAAXXZ

• 0x140018170 ?PreInitDialog@CBCGPDialog@@MEAAXXZ

• 0x140018178 ?AdjustControlsLayout@CBCGPDialog@@UEAAXXZ

• 0x140018180 ?OnBeforeExpand@CBCGPDialog@@UEAAXXZ

• 0x140018188 ?OnAfterExpand@CBCGPDialog@@UEAAXXZ

• 0x140018190 ?OnRTLChanged@CBCGPDialog@@UEAAXH@Z

• 0x140018198 ?OnSetPlacement@CBCGPDialog@@UEAAHAEAUtagWINDOWPLACEMENT@@@Z

• 0x1400181a0 ?OnDrawBackstageWatermark@CBCGPDialog@@UEAAXPEAVCDC@@VCRect@@@Z

• 0x1400181a8 ?GetRibbonStartPageLeftPaneWidth@CBCGPDialog@@UEAAHXZ

• 0x1400181b0 ?OnDrawRibbonBackgroundImage@CBCGPDialog@@UEAAXPEAVCDC@@VCRect@@@Z

• 0x1400181b8 ?SetActiveMenu@CBCGPDialog@@MEAAXPEAVCBCGPPopupMenu@@@Z

• 0x1400181c0 ??0CBCGPPropertySheet@@QEAA@PEB_WPEAVCWnd@@I@Z

• 0x1400181c8 ??1CBCGPPropertySheet@@UEAA@XZ

• 0x1400181d0 ??0CBCGPToolBarImages@@QEAA@XZ

• 0x1400181d8 ??1CBCGPToolBarImages@@UEAA@XZ

• 0x1400181e0 ?SetIconsList@CBCGPPropertySheet@@QEAAHIHKH@Z

• 0x1400181e8 ?SetImageSize@CBCGPToolBarImages@@QEAAXUtagSIZE@@H@Z

• 0x1400181f0 ?Load@CBCGPToolBarImages@@QEAAHIPEAUHINSTANCE__@@H@Z

• 0x1400181f8 ?SetLook@CBCGPPropertySheet@@QEAAXW4PropSheetLook@1@HH@Z

• 0x140018200 ?EnablePageHeader@CBCGPPropertySheet@@QEAAXHH@Z

• 0x140018208 ?EnableVisualManagerStyle@CBCGPPropertySheet@@QEAAXHH@Z

• 0x140018210 ?AddPage@CBCGPPropertySheet@@QEAAXPEAVCPropertyPage@@@Z

• 0x140018218 ?GetThisMessageMap@CBCGPPropertySheet@@KAPEBUAFX_MSGMAP@@XZ

• 0x140018220 ??0CBCGPDrawManager@@QEAA@AEAVCDC@@@Z

• 0x140018228 ??1CBCGPDrawManager@@UEAA@XZ

• 0x140018230 ?FillGradient@CBCGPDrawManager@@QEAAXVCRect@@KKHHH@Z

• 0x140018238 ?globalData@@3UBCGPGLOBAL_DATA@@A

• 0x140018240 ??0CBCGPPenSelector@@QEAA@AEAVCDC@@KIK@Z

• 0x140018248 ??1CBCGPPenSelector@@QEAA@XZ

• 0x140018250 ?DrawShadow@CBCGPDrawManager@@QEAAHVCRect@@HHHPEAVCBitmap@@1KH@Z

• 0x140018258 ?DrawEx@CBCGPToolBarImages@@QEAAHPEAVCDC@@VCRect@@HW4ImageAlignHorz@1@W4ImageAlignVert@1@1EH@Z

• 0x140018260 ?GetButtonText@CBCGPToolBar@@QEBAXHAEAV?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@@Z

• 0x140018268 ?OnInitDialog@CBCGPPropertySheet@@UEAAHXZ

• 0x140018270 ?SetButtonText@CBCGPToolBar@@QEAAHHPEB_W@Z

• 0x140018278 ?OnDestroy@CBCGPPropertySheet@@IEAAXXZ

• 0x140018280 ?OnCommand@CBCGPPropertySheet@@MEAAH_K_J@Z

• 0x140018288 ?PreTranslateMessage@CBCGPPropertySheet@@UEAAHPEAUtagMSG@@@Z

• 0x140018290 ?AdjustControlsLayout@CBCGPPropertySheet@@UEAAXXZ

• 0x140018298 ?OnActivatePage@CBCGPPropertySheet@@UEAAXPEAVCPropertyPage@@@Z

• 0x1400182a0 ?InitNavigationControl@CBCGPPropertySheet@@UEAAPEAVCWnd@@XZ

• 0x1400182a8 ?OnRemoveTreePage@CBCGPPropertySheet@@UEAAHPEAVCPropertyPage@@@Z

• 0x1400182b0 ?OnWizardChangePageWidthTransitionEffect@CBCGPPropertySheet@@UEAAHPEAVCBCGPPropertyPage@@H@Z

• 0x1400182b8 ?OnDrawPageIcon@CBCGPPropertySheet@@UEAAHPEAVCDC@@HPEAVCBCGPToolBarImages@@HVCRect@@@Z

• 0x1400182c0 ?OnRTLChanged@CBCGPPropertySheet@@MEAAXH@Z

• 0x1400182c8 ?ReposButtons@CBCGPPropertySheet@@MEAAHH@Z

• 0x1400182d0 ??1CBCGPWinApp@@UEAA@XZ

• 0x1400182d8 ??1CBCGPDialog@@UEAA@XZ

• 0x1400182e0 ?GetRuntimeClass@CBCGPDialog@@UEBAPEAUCRuntimeClass@@XZ

• 0x1400182e8 ?ReloadWindowPlacement@CBCGPWorkspace@@MEAAHPEAVCFrameWnd@@@Z

• 0x1400182f0 ?StoreWindowPlacement@CBCGPWorkspace@@MEAAHAEBVCRect@@HH@Z

• 0x1400182f8 ?LoadWindowPlacement@CBCGPWorkspace@@MEAAHAEAVCRect@@AEAH1@Z

• 0x140018300 ?SaveCustomState@CBCGPWorkspace@@MEAAXXZ

• 0x140018308 ?PreSaveState@CBCGPWinApp@@MEAAXXZ

• 0x140018310 ?LoadCustomState@CBCGPWorkspace@@MEAAXXZ

• 0x140018318 ?OnClosingMainFrame@CBCGPWorkspace@@MEAAXPEAVCBCGPFrameImpl@@@Z

• 0x140018320 ?OnSelectSkin@CBCGPWorkspace@@UEAAXXZ

• 0x140018328 ?OnBCGPIdle@CBCGPWorkspace@@UEAAHPEAVCWnd@@@Z

• 0x140018330 ?OnAppContextHelp@CBCGPWorkspace@@UEAAXPEAVCWnd@@QEBK@Z

• 0x140018338 ?GetRegSectionPath@CBCGPWorkspace@@UEAA?AV?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@PEB_W@Z

• 0x140018340 ?ShowPopupMenu@CBCGPWorkspace@@UEAAHIAEBVCPoint@@PEAVCWnd@@@Z

• 0x140018348 ?OnViewDoubleClick@CBCGPWorkspace@@UEAAHPEAVCWnd@@H@Z

• 0x140018350 ?SaveState@CBCGPWorkspace@@UEAAHPEB_WPEAVCBCGPFrameImpl@@@Z

• 0x140018358 ?CleanState@CBCGPWorkspace@@UEAAHPEB_W@Z

• 0x140018360 ?LoadState@CBCGPWinApp@@UEAAHPEB_WPEAVCBCGPFrameImpl@@@Z

• 0x140018368 ?OnAfterDownloadSkins@CBCGPWorkspace@@UEAAXAEBV?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@@Z

• 0x140018370 ?OnBeforeCreateCustomizationDlg@CBCGPWinApp@@MEAAXPEAVCBCGPToolbarCustomize@@@Z

• 0x140018378 ?OnCustomizeToolBars@CBCGPWinApp@@MEAAHXZ

• 0x140018380 ?OnAfterChangeVisualTheme@CBCGPWinApp@@MEAAXPEAVCWnd@@@Z

• 0x140018388 ?OnBeforeChangeVisualTheme@CBCGPWinApp@@MEAAXAEAUCBCGPAppOptions@@PEAVCWnd@@@Z

• 0x140018390 ?GetRecentFileDisplayName@CBCGPWinApp@@UEBAHAEAV?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@HPEB_WHH@Z

• 0x140018398 ?GetRecentFilePath@CBCGPWinApp@@UEBA?AV?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@H@Z

• 0x1400183a0 ?GetRecentFilesCount@CBCGPWinApp@@UEBAHXZ

• 0x1400183a8 ?OnCmdMsg@CBCGPWinApp@@UEAAHIHPEAXPEAUAFX_CMDHANDLERINFO@@@Z

• 0x1400183b0 ?GetRuntimeClass@CBCGPWinApp@@UEBAPEAUCRuntimeClass@@XZ

• 0x1400183b8 ?ColorMakeDarker@CBCGPDrawManager@@SAKKNH@Z

• 0x1400183c0 ?SetAccentColorRGB@CBCGPVisualManagerVS2012@@SAXK@Z

• 0x1400183c8 ?SetAccentColor@CBCGPVisualManagerVS2012@@SAXW4AccentColor@1@@Z

• 0x1400183d0 ?SetVisualTheme@CBCGPWinApp@@QEAAXW4BCGP_VISUAL_THEME@1@PEAUCRuntimeClass@@@Z

• 0x1400183d8 ?GetContextMenuManager@CBCGPWorkspace@@QEAAPEAVCBCGPContextMenuManager@@XZ

• 0x1400183e0 ?AddMenu@CBCGPContextMenuManager@@QEAAHPEB_WI@Z

• 0x1400183e8 ?GetThisMessageMap@CBCGPDialog@@KAPEBUAFX_MSGMAP@@XZ

• 0x1400183f0 ??1CBCGPURLLinkButton@@UEAA@XZ

• 0x1400183f8 ??0CBCGPURLLinkButton@@QEAA@XZ

• 0x140018400 ??0CBCGPDialog@@QEAA@IPEAVCWnd@@@Z

• 0x140018408 ?ExitInstance@CBCGPWinApp@@UEAAHXZ

• 0x140018410 ?SetRegistryBase@CBCGPWorkspace@@QEAAPEB_WPEB_W@Z

• 0x140018418 ?InitInstance@CBCGPWinApp@@UEAAHXZ

• 0x140018420 ??0CBCGPWinApp@@QEAA@H@Z

• 0x140018428 ?OnPageTransitionFinished@CBCGPPropertySheet@@MEAAXXZ

• 0x140018430 ?OnAnimationIdle@CBCGPAnimationManager@@MEAAXXZ

• 0x140018438 ?OnAnimationFinished@CBCGPPageTransitionManager@@MEAAXXZ

• 0x140018440 ?OnAnimationValueChanged@CBCGPPageTransitionManager@@MEAAXNN@Z

• 0x140018448 ?UpdateListBoxFont@CBCGPPropertySheet@@MEAAXXZ

• 0x140018450 ?OnSetPlacement@CBCGPPropertySheet@@MEAAHAEAUtagWINDOWPLACEMENT@@@Z

Library FTCoreX64.dll:

• 0x140018600 ?Init@CFTCore@@UEAAXPEB_W@Z

• 0x140018608 ?gFTCore@@3VCFTCore@@A

• 0x140018610 ?gMultiLanguage@@3VCMultiLanguage@@A

• 0x140018618 ?gpCfg@@3PEAVCCfg@@EA

• 0x140018620 ?TranslateString@CMultiLanguage@@QEAAPEB_WPEB_W@Z

Library FFImageX64.dll:

• 0x140018488 ??0CxIOFile@@QEAA@PEAU_iobuf@@@Z

• 0x140018490 ??1CxIOFile@@UEAA@XZ

• 0x140018498 ?Close@CxIOFile@@UEAA_NXZ

• 0x1400184a0 ?Open@CxIOFile@@QEAA_NPEB_W0@Z

• 0x1400184a8 ??0CQuantizer@@QEAA@II@Z

• 0x1400184b0 ??1CQuantizer@@UEAA@XZ

• 0x1400184b8 ??0CxImage@@QEAA@IIII@Z

• 0x1400184c0 ?GetBits@CxImage@@QEAAPEAEI@Z

• 0x1400184c8 ?ProcessImage@CQuantizer@@QEAAHPEAX@Z

• 0x1400184d0 ?GetDIB@CxImage@@QEBAPEAXXZ

• 0x1400184d8 ?DrawAutoFit@CxImage@@UEAAXPEAUHDC__@@AEBUtagRECT@@PEAU3@@Z

• 0x1400184e0 ??1CxImage@@UEAA@XZ

• 0x1400184e8 ?Encode@CxImageGIF@@QEAA_NPEAVCxFile@@PEAPEAVCxImage@@H_N2@Z

• 0x1400184f0 ?SetDisposalMethod@CxImage@@QEAAXE@Z

• 0x1400184f8 ?SetLoops@CxImageGIF@@QEAAXH@Z

• 0x140018500 ?SetComment@CxImageGIF@@QEAAXPEBD@Z

• 0x140018508 ??1CxImageGIF@@UEAA@XZ

• 0x140018510 ??0CxImageGIF@@QEAA@XZ

• 0x140018518 ?DecreaseBpp@CxImage@@QEAA_NI_NPEAUtagRGBQUAD@@I@Z

• 0x140018520 ?SetColorTable@CQuantizer@@QEAAXPEAUtagRGBQUAD@@@Z

• 0x140018528 ?DrawCenter@CxImage@@UEAAXPEAUHDC__@@AEBUtagRECT@@@Z

• 0x140018530 ?DrawBanner@CxImage@@UEAAXPEAUHDC__@@AEBUtagRECT@@@Z

• 0x140018538 ?DrawFullSupport@CxImage@@UEAAXPEAUHDC__@@AEBUtagRECT@@@Z

• 0x140018540 ?LoadFile@CxImage@@UEAA_NPEB_W@Z

• 0x140018548 ?SaveFile@CxImage@@UEAA_NPEB_WI@Z

Library VCRUNTIME140.dll:

• 0x140018ab0 __std_terminate

• 0x140018ab8 _purecall

• 0x140018ac0 strchr

• 0x140018ac8 strrchr

• 0x140018ad0 wcschr

• 0x140018ad8 wcsrchr

• 0x140018ae0 __CxxFrameHandler3

• 0x140018ae8 memset

• 0x140018af0 memcmp

• 0x140018af8 memcpy

• 0x140018b00 __C_specific_handler

• 0x140018b08 __vcrt_InitializeCriticalSectionEx

Library api-ms-win-crt-stdio-l1-1-0.dll:

• 0x140018c28 __stdio_common_vsscanf

• 0x140018c30 __stdio_common_vswscanf

• 0x140018c38 __stdio_common_vsprintf

• 0x140018c40 __stdio_common_vsprintf_s

• 0x140018c48 __stdio_common_vswprintf_s

• 0x140018c50 _set_fmode

• 0x140018c58 __p__commode

• 0x140018c60 __stdio_common_vswprintf

Library api-ms-win-crt-math-l1-1-0.dll:

• 0x140018b70 __setusermatherr

• 0x140018b78 round

• 0x140018b80 sqrt

Library api-ms-win-crt-string-l1-1-0.dll:

• 0x140018c70 _wcsnicmp

• 0x140018c78 isalpha

• 0x140018c80 strcat_s

• 0x140018c88 strcpy_s

• 0x140018c90 wcscpy_s

Library api-ms-win-crt-heap-l1-1-0.dll:

• 0x140018b38 free

• 0x140018b40 malloc

• 0x140018b48 _set_new_mode

• 0x140018b50 calloc

Hosts

No hosts contacted.

DNS

Name	Response	Post-Analysis Lookup
time.windows.com	A 20.189.79.72 CNAME time.microsoft.akadns.net
teredo.ipv6.microsoft.com
dns.msftncsi.com	A 131.107.255.255	131.107.255.255
dns.msftncsi.com	AAAA fd3e:4f5a:5b81::1	131.107.255.255
clients2.google.com	A 172.217.160.78 CNAME clients.l.google.com	216.58.200.78

TCP

No TCP connections recorded.

UDP

Source	Source Port	Destination	Destination Port
192.168.56.101	51963	114.114.114.114	53
192.168.56.101	58367	114.114.114.114	53
192.168.56.101	60123	114.114.114.114	53
192.168.56.101	62912	114.114.114.114	53
192.168.56.101	63429	114.114.114.114	53
192.168.56.101	63497	114.114.114.114	53
192.168.56.101	137	192.168.56.255	137
192.168.56.101	138	192.168.56.255	138
192.168.56.101	123	20.189.79.72 time.windows.com	123
192.168.56.101	49235	224.0.0.252	5355
192.168.56.101	50002	224.0.0.252	5355
192.168.56.101	50534	224.0.0.252	5355
192.168.56.101	53657	224.0.0.252	5355
192.168.56.101	56539	224.0.0.252	5355
192.168.56.101	57756	224.0.0.252	5355
192.168.56.101	57874	224.0.0.252	5355
192.168.56.101	60215	224.0.0.252	5355
192.168.56.101	60384	224.0.0.252	5355
192.168.56.101	61680	224.0.0.252	5355
192.168.56.101	1900	239.255.255.250	1900

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.

Sorry! No dropped buffers.