SmartHawk

5.8

高危

59 个模型检测该样本为恶意！

重新分析

下载样本

0a74786205d4384b963b07c0611921fa0556d2b6e55a94caa109c072b1741b19

7ae90cdedc364b81e1afafa5036e141d.exe

分析耗时

81s

最近分析

文件大小

658.5KB

静态报毒动态报毒 100% AI SCORE=86 ATTRIBUTE AUTOG BSCOPE BTI6S4 CLASSIC CONFIDENCE DELF DOWNLOADER33 DPIE DYNAMER FAKEXLS@CV GDSDA GENCIRC GENERICKDZ GENERICRXKR GENKRYPTIK HIGH CONFIDENCE HIGHCONFIDENCE HKJQLX IGENERIC IGENT KHALESILFT KRYPTIK MALICIOUS PE MALWARE@#1NHZCBE7115N6 PGX@AQU8BINI R06EC0DIA20 R336485 REMCOS RESCOMS S + TROJ SCORE STATIC AI SUSGEN UNSAFE VAWQS XRKN ZELPHICO 更多

未检测暂无鹰眼引擎检测结果

查杀引擎	查杀结果	查杀时间	查杀版本
Alibaba	Backdoor:Win32/Dynamer.cf9d0cf9	20190527	0.3.0.5
Avast	Win32:Trojan-gen	20201218	21.1.5827.0
Baidu		20190318	1.0.0.2
Kingsoft		20201218	2017.9.26.565
McAfee	GenericRXKR-FL!7AE90CDEDC36	20201218	6.0.6.653
Tencent	Malware.Win32.Gencirc.1178601f	20201218	1.0.0.1
CrowdStrike	win/malicious_confidence_100% (W)	20190702	1.0

The executable contains unknown PE section names indicative of a packer (could be a false positive) (3 个事件)

section	CODE
section	DATA
section	BSS

The executable uses a known packer (1 个事件)

packer

BobSoft Mini Delphi -> BoB / BobSoft

One or more processes crashed (1 个事件)

Time & API	Arguments	Status	Return	Repeated
1619669870.846249 __exception__	stacktrace: registers.esp: 56753200 registers.edi: 32937004 registers.eax: 0 registers.ebp: 0 registers.edx: 0 registers.ebx: 36 registers.esi: 16 registers.ecx: 0 exception.instruction_r: 8b 41 3c 99 03 04 24 13 54 24 04 83 c4 08 89 04 exception.instruction: mov eax, dword ptr [ecx + 0x3c] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x1f68d25	success	0	0

Allocates read-write-execute memory (usually to unpack itself) (1 个事件)

Time & API	Arguments	Status	Return	Repeated
1619669813.268249 NtAllocateVirtualMemory	process_identifier: 2824 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 4096 (MEM_COMMIT) base_address: 0x004b0000	success	0	0

Downloads a file or document from Google Drive (1 个事件)

domain

drive.google.com

Checks adapter addresses which can be used to detect virtual network interfaces (1 个事件)

Time & API	Arguments	Status	Return	Repeated
1619669838.862249 GetAdaptersAddresses	flags: 0 family: 0	failed	111	0

Communicates with host for which no DNS query was performed (3 个事件)

host	172.217.24.14
host	203.208.40.98
host	203.208.41.97

Sets or modifies WPAD proxy autoconfiguration file for traffic interception (8 个事件)

Time & API	Arguments	Status
1619669841.424249 RegSetValueExA	key_handle: 0x000003b4 value: 1 regkey_r: WpadDecisionReason reg_type: 4 (REG_DWORD) regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionReason	success
1619669841.424249 RegSetValueExA	key_handle: 0x000003b4 value: aóÐ<× regkey_r: WpadDecisionTime reg_type: 3 (REG_BINARY) regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionTime	success
1619669841.424249 RegSetValueExA	key_handle: 0x000003b4 value: 3 regkey_r: WpadDecision reg_type: 4 (REG_DWORD) regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecision	success
1619669841.424249 RegSetValueExW	key_handle: 0x000003b4 value: 网络 2 regkey_r: WpadNetworkName reg_type: 1 (REG_SZ) regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadNetworkName	success
1619669841.424249 RegSetValueExA	key_handle: 0x000003cc value: 1 regkey_r: WpadDecisionReason reg_type: 4 (REG_DWORD) regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionReason	success
1619669841.440249 RegSetValueExA	key_handle: 0x000003cc value: aóÐ<× regkey_r: WpadDecisionTime reg_type: 3 (REG_BINARY) regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionTime	success
1619669841.440249 RegSetValueExA	key_handle: 0x000003cc value: 3 regkey_r: WpadDecision reg_type: 4 (REG_DWORD) regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecision	success
1619669841.456249 RegSetValueExW	key_handle: 0x000003b0 value: {40112ABE-63B3-43C3-BE93-1440EE3AF106} regkey_r: WpadLastNetwork reg_type: 1 (REG_SZ) regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\WpadLastNetwork	success

File has been identified by 59 AntiVirus engines on VirusTotal as malicious (50 out of 59 个事件)

Bkav	W32.KhalesiLFT.Trojan
Elastic	malicious (high confidence)
DrWeb	Trojan.DownLoader33.36652
MicroWorld-eScan	Trojan.GenericKDZ.67152
FireEye	Generic.mg.7ae90cdedc364b81
CAT-QuickHeal	Trojan.IGENERIC
ALYac	Backdoor.Remcos.A
Cylance	Unsafe
Zillya	Trojan.GenKryptik.Win32.48526
Sangfor	Malware
K7AntiVirus	Trojan ( 00566ae11 )
Alibaba	Backdoor:Win32/Dynamer.cf9d0cf9
K7GW	Trojan ( 00566ae11 )
Cybereason	malicious.2789fd
Arcabit	Trojan.Generic.D10650
BitDefenderTheta	Gen:NN.ZelphiCO.34700.PGX@aqu8bini
Cyren	W32/Trojan.XRKN-2767
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	Win32/TrojanDownloader.Delf.CXL
APEX	Malicious
Avast	Win32:Trojan-gen
Kaspersky	HEUR:Backdoor.Win32.Remcos.gen
BitDefender	Trojan.GenericKDZ.67152
NANO-Antivirus	Trojan.Win32.GenKryptik.hkjqlx
Paloalto	generic.ml
AegisLab	Trojan.Multi.Generic.4!c
Rising	Malware.FakeXLS@CV!1.9C3D (CLASSIC)
Ad-Aware	Trojan.GenericKDZ.67152
Emsisoft	Trojan.GenericKDZ.67152 (B)
Comodo	Malware@#1nhzcbe7115n6
F-Secure	Trojan.TR/Kryptik.vawqs
VIPRE	Trojan.Win32.Generic!BT
TrendMicro	TROJ_GEN.R06EC0DIA20
McAfee-GW-Edition	GenericRXKR-FL!7AE90CDEDC36
Sophos	Mal/Generic-S + Troj/AutoG-HW
Ikarus	Trojan.Inject
Jiangmin	Backdoor.Remcos.bqz
Avira	TR/Kryptik.vawqs
Antiy-AVL	Trojan[Backdoor]/Win32.Remcos
Microsoft	Backdoor:Win32/Rescoms.KD
ZoneAlarm	HEUR:Backdoor.Win32.Remcos.gen
GData	Trojan.GenericKDZ.67152
Cynet	Malicious (score: 85)
AhnLab-V3	Trojan/Win32.Remcos.R336485
McAfee	GenericRXKR-FL!7AE90CDEDC36
MAX	malware (ai score=86)
VBA32	BScope.TrojanDropper.Agent
Malwarebytes	Trojan.MalPack.SMY
Zoner	Trojan.Win32.92203
TrendMicro-HouseCall	TROJ_GEN.R06EC0DIA20

Connects to IP addresses that are no longer responding to requests (legitimate services will remain up-and-running usually) (3 个事件)

dead_host	31.13.82.23:443
dead_host	203.208.40.98:443
dead_host	192.168.56.101:49195

暂无二进制图像该样本未生成二进制可视化图像

暂无运行截图该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手，可以帮您分析和解读恶意软件报告。请随时向我提问！

🔍 主要威胁分析

⚡ 行为特征

🛡️ 防护建议

🔧 技术手段

🎯 检测方法

🤖

Static Analysis
Strings

PE Compile Time

1992-06-20 06:22:17

Imports

Library kernel32.dll:

• 0x47a12c DeleteCriticalSection

• 0x47a130 LeaveCriticalSection

• 0x47a134 EnterCriticalSection

• 0x47a138 InitializeCriticalSection

• 0x47a13c VirtualFree

• 0x47a140 VirtualAlloc

• 0x47a144 LocalFree

• 0x47a148 LocalAlloc

• 0x47a14c GetVersion

• 0x47a150 GetCurrentThreadId

• 0x47a154 InterlockedDecrement

• 0x47a158 InterlockedIncrement

• 0x47a15c VirtualQuery

• 0x47a160 WideCharToMultiByte

• 0x47a164 MultiByteToWideChar

• 0x47a168 lstrlenA

• 0x47a16c lstrcpynA

• 0x47a170 LoadLibraryExA

• 0x47a174 GetThreadLocale

• 0x47a178 GetStartupInfoA

• 0x47a17c GetProcAddress

• 0x47a180 GetModuleHandleA

• 0x47a184 GetModuleFileNameA

• 0x47a188 GetLocaleInfoA

• 0x47a18c GetCommandLineA

• 0x47a190 FreeLibrary

• 0x47a194 FindFirstFileA

• 0x47a198 FindClose

• 0x47a19c ExitProcess

• 0x47a1a0 WriteFile

• 0x47a1a4 UnhandledExceptionFilter

• 0x47a1a8 RtlUnwind

• 0x47a1ac RaiseException

• 0x47a1b0 GetStdHandle

Library user32.dll:

• 0x47a1b8 GetKeyboardType

• 0x47a1bc LoadStringA

• 0x47a1c0 MessageBoxA

• 0x47a1c4 CharNextA

Library advapi32.dll:

• 0x47a1cc RegQueryValueExA

• 0x47a1d0 RegOpenKeyExA

• 0x47a1d4 RegCloseKey

Library oleaut32.dll:

• 0x47a1dc SysFreeString

• 0x47a1e0 SysReAllocStringLen

• 0x47a1e4 SysAllocStringLen

Library kernel32.dll:

• 0x47a1ec TlsSetValue

• 0x47a1f0 TlsGetValue

• 0x47a1f4 LocalAlloc

• 0x47a1f8 GetModuleHandleA

Library advapi32.dll:

• 0x47a200 RegQueryValueExA

• 0x47a204 RegOpenKeyExA

• 0x47a208 RegCloseKey

Library kernel32.dll:

• 0x47a210 lstrcpyA

• 0x47a214 WriteFile

• 0x47a218 WaitForSingleObject

• 0x47a21c VirtualQuery

• 0x47a220 VirtualProtect

• 0x47a224 VirtualAlloc

• 0x47a228 Sleep

• 0x47a22c SizeofResource

• 0x47a230 SetThreadLocale

• 0x47a234 SetFilePointer

• 0x47a238 SetEvent

• 0x47a23c SetErrorMode

• 0x47a240 SetEndOfFile

• 0x47a244 ResetEvent

• 0x47a248 ReadFile

• 0x47a24c MulDiv

• 0x47a250 LockResource

• 0x47a254 LoadResource

• 0x47a258 LoadLibraryA

• 0x47a25c LeaveCriticalSection

• 0x47a260 InitializeCriticalSection

• 0x47a264 GlobalUnlock

• 0x47a268 GlobalReAlloc

• 0x47a26c GlobalHandle

• 0x47a270 GlobalLock

• 0x47a274 GlobalFree

• 0x47a278 GlobalFindAtomA

• 0x47a27c GlobalDeleteAtom

• 0x47a280 GlobalAlloc

• 0x47a284 GlobalAddAtomA

• 0x47a288 GetVersionExA

• 0x47a28c GetVersion

• 0x47a290 GetTickCount

• 0x47a294 GetThreadLocale

• 0x47a298 GetSystemInfo

• 0x47a29c GetStringTypeExA

• 0x47a2a0 GetStdHandle

• 0x47a2a4 GetProcAddress

• 0x47a2a8 GetModuleHandleA

• 0x47a2ac GetModuleFileNameA

• 0x47a2b0 GetLocaleInfoA

• 0x47a2b4 GetLocalTime

• 0x47a2b8 GetLastError

• 0x47a2bc GetFullPathNameA

• 0x47a2c0 GetDiskFreeSpaceA

• 0x47a2c4 GetDateFormatA

• 0x47a2c8 GetCurrentThreadId

• 0x47a2cc GetCurrentProcessId

• 0x47a2d0 GetCPInfo

• 0x47a2d4 GetACP

• 0x47a2d8 FreeResource

• 0x47a2dc InterlockedExchange

• 0x47a2e0 FreeLibrary

• 0x47a2e4 FormatMessageA

• 0x47a2e8 FindResourceA

• 0x47a2ec EnumCalendarInfoA

• 0x47a2f0 EnterCriticalSection

• 0x47a2f4 DeleteCriticalSection

• 0x47a2f8 CreateThread

• 0x47a2fc CreateFileA

• 0x47a300 CreateEventA

• 0x47a304 CompareStringA

• 0x47a308 CloseHandle

Library version.dll:

• 0x47a310 VerQueryValueA

• 0x47a314 GetFileVersionInfoSizeA

• 0x47a318 GetFileVersionInfoA

Library gdi32.dll:

• 0x47a320 UnrealizeObject

• 0x47a324 StretchBlt

• 0x47a328 SetWindowOrgEx

• 0x47a32c SetWinMetaFileBits

• 0x47a330 SetViewportOrgEx

• 0x47a334 SetTextColor

• 0x47a338 SetStretchBltMode

• 0x47a33c SetROP2

• 0x47a340 SetPixel

• 0x47a344 SetEnhMetaFileBits

• 0x47a348 SetDIBColorTable

• 0x47a34c SetBrushOrgEx

• 0x47a350 SetBkMode

• 0x47a354 SetBkColor

• 0x47a358 SelectPalette

• 0x47a35c SelectObject

• 0x47a360 SaveDC

• 0x47a364 RestoreDC

• 0x47a368 Rectangle

• 0x47a36c RectVisible

• 0x47a370 RealizePalette

• 0x47a374 PlayEnhMetaFile

• 0x47a378 PatBlt

• 0x47a37c MoveToEx

• 0x47a380 MaskBlt

• 0x47a384 LineTo

• 0x47a388 IntersectClipRect

• 0x47a38c GetWindowOrgEx

• 0x47a390 GetWinMetaFileBits

• 0x47a394 GetTextMetricsA

• 0x47a398 GetTextExtentPoint32A

• 0x47a39c GetSystemPaletteEntries

• 0x47a3a0 GetStockObject

• 0x47a3a4 GetPixel

• 0x47a3a8 GetPaletteEntries

• 0x47a3ac GetObjectA

• 0x47a3b0 GetEnhMetaFilePaletteEntries

• 0x47a3b4 GetEnhMetaFileHeader

• 0x47a3b8 GetEnhMetaFileBits

• 0x47a3bc GetDeviceCaps

• 0x47a3c0 GetDIBits

• 0x47a3c4 GetDIBColorTable

• 0x47a3c8 GetDCOrgEx

• 0x47a3cc GetCurrentPositionEx

• 0x47a3d0 GetClipBox

• 0x47a3d4 GetBrushOrgEx

• 0x47a3d8 GetBitmapBits

• 0x47a3dc GdiFlush

• 0x47a3e0 ExcludeClipRect

• 0x47a3e4 DeleteObject

• 0x47a3e8 DeleteEnhMetaFile

• 0x47a3ec DeleteDC

• 0x47a3f0 CreateSolidBrush

• 0x47a3f4 CreatePenIndirect

• 0x47a3f8 CreatePalette

• 0x47a3fc CreateHalftonePalette

• 0x47a400 CreateFontIndirectA

• 0x47a404 CreateDIBitmap

• 0x47a408 CreateDIBSection

• 0x47a40c CreateCompatibleDC

• 0x47a410 CreateCompatibleBitmap

• 0x47a414 CreateBrushIndirect

• 0x47a418 CreateBitmap

• 0x47a41c CopyEnhMetaFileA

• 0x47a420 BitBlt

Library user32.dll:

• 0x47a428 CreateWindowExA

• 0x47a42c WindowFromPoint

• 0x47a430 WinHelpA

• 0x47a434 WaitMessage

• 0x47a438 UpdateWindow

• 0x47a43c UnregisterClassA

• 0x47a440 UnhookWindowsHookEx

• 0x47a444 TranslateMessage

• 0x47a448 TranslateMDISysAccel

• 0x47a44c TrackPopupMenu

• 0x47a450 SystemParametersInfoA

• 0x47a454 ShowWindow

• 0x47a458 ShowScrollBar

• 0x47a45c ShowOwnedPopups

• 0x47a460 ShowCursor

• 0x47a464 SetWindowsHookExA

• 0x47a468 SetWindowTextA

• 0x47a46c SetWindowPos

• 0x47a470 SetWindowPlacement

• 0x47a474 SetWindowLongA

• 0x47a478 SetTimer

• 0x47a47c SetScrollRange

• 0x47a480 SetScrollPos

• 0x47a484 SetScrollInfo

• 0x47a488 SetRect

• 0x47a48c SetPropA

• 0x47a490 SetParent

• 0x47a494 SetMenuItemInfoA

• 0x47a498 SetMenu

• 0x47a49c SetForegroundWindow

• 0x47a4a0 SetFocus

• 0x47a4a4 SetCursor

• 0x47a4a8 SetClassLongA

• 0x47a4ac SetCapture

• 0x47a4b0 SetActiveWindow

• 0x47a4b4 SendMessageA

• 0x47a4b8 ScrollWindow

• 0x47a4bc ScreenToClient

• 0x47a4c0 RemovePropA

• 0x47a4c4 RemoveMenu

• 0x47a4c8 ReleaseDC

• 0x47a4cc ReleaseCapture

• 0x47a4d0 RegisterWindowMessageA

• 0x47a4d4 RegisterClipboardFormatA

• 0x47a4d8 RegisterClassA

• 0x47a4dc RedrawWindow

• 0x47a4e0 PtInRect

• 0x47a4e4 PostQuitMessage

• 0x47a4e8 PostMessageA

• 0x47a4ec PeekMessageA

• 0x47a4f0 OffsetRect

• 0x47a4f4 OemToCharA

• 0x47a4f8 MessageBoxA

• 0x47a4fc MapWindowPoints

• 0x47a500 MapVirtualKeyA

• 0x47a504 LoadStringA

• 0x47a508 LoadKeyboardLayoutA

• 0x47a50c LoadIconA

• 0x47a510 LoadCursorA

• 0x47a514 LoadBitmapA

• 0x47a518 KillTimer

• 0x47a51c IsZoomed

• 0x47a520 IsWindowVisible

• 0x47a524 IsWindowEnabled

• 0x47a528 IsWindow

• 0x47a52c IsRectEmpty

• 0x47a530 IsIconic

• 0x47a534 IsDialogMessageA

• 0x47a538 IsChild

• 0x47a53c InvalidateRect

• 0x47a540 IntersectRect

• 0x47a544 InsertMenuItemA

• 0x47a548 InsertMenuA

• 0x47a54c InflateRect

• 0x47a550 GetWindowThreadProcessId

• 0x47a554 GetWindowTextA

• 0x47a558 GetWindowRect

• 0x47a55c GetWindowPlacement

• 0x47a560 GetWindowLongA

• 0x47a564 GetWindowDC

• 0x47a568 GetTopWindow

• 0x47a56c GetSystemMetrics

• 0x47a570 GetSystemMenu

• 0x47a574 GetSysColorBrush

• 0x47a578 GetSysColor

• 0x47a57c GetSubMenu

• 0x47a580 GetScrollRange

• 0x47a584 GetScrollPos

• 0x47a588 GetScrollInfo

• 0x47a58c GetPropA

• 0x47a590 GetParent

• 0x47a594 GetWindow

• 0x47a598 GetMenuStringA

• 0x47a59c GetMenuState

• 0x47a5a0 GetMenuItemInfoA

• 0x47a5a4 GetMenuItemID

• 0x47a5a8 GetMenuItemCount

• 0x47a5ac GetMenu

• 0x47a5b0 GetLastActivePopup

• 0x47a5b4 GetKeyboardState

• 0x47a5b8 GetKeyboardLayoutList

• 0x47a5bc GetKeyboardLayout

• 0x47a5c0 GetKeyState

• 0x47a5c4 GetKeyNameTextA

• 0x47a5c8 GetIconInfo

• 0x47a5cc GetForegroundWindow

• 0x47a5d0 GetFocus

• 0x47a5d4 GetDesktopWindow

• 0x47a5d8 GetDCEx

• 0x47a5dc GetDC

• 0x47a5e0 GetCursorPos

• 0x47a5e4 GetCursor

• 0x47a5e8 GetClipboardData

• 0x47a5ec GetClientRect

• 0x47a5f0 GetClassNameA

• 0x47a5f4 GetClassInfoA

• 0x47a5f8 GetCapture

• 0x47a5fc GetActiveWindow

• 0x47a600 FrameRect

• 0x47a604 FindWindowA

• 0x47a608 FillRect

• 0x47a60c EqualRect

• 0x47a610 EnumWindows

• 0x47a614 EnumThreadWindows

• 0x47a618 EndPaint

• 0x47a61c EnableWindow

• 0x47a620 EnableScrollBar

• 0x47a624 EnableMenuItem

• 0x47a628 DrawTextA

• 0x47a62c DrawMenuBar

• 0x47a630 DrawIconEx

• 0x47a634 DrawIcon

• 0x47a638 DrawFrameControl

• 0x47a63c DrawFocusRect

• 0x47a640 DrawEdge

• 0x47a644 DispatchMessageA

• 0x47a648 DestroyWindow

• 0x47a64c DestroyMenu

• 0x47a650 DestroyIcon

• 0x47a654 DestroyCursor

• 0x47a658 DeleteMenu

• 0x47a65c DefWindowProcA

• 0x47a660 DefMDIChildProcA

• 0x47a664 DefFrameProcA

• 0x47a668 CreatePopupMenu

• 0x47a66c CreateMenu

• 0x47a670 CreateIcon

• 0x47a674 ClientToScreen

• 0x47a678 CheckMenuItem

• 0x47a67c CallWindowProcA

• 0x47a680 CallNextHookEx

• 0x47a684 BeginPaint

• 0x47a688 CharNextA

• 0x47a68c CharLowerBuffA

• 0x47a690 CharLowerA

• 0x47a694 CharToOemA

• 0x47a698 AdjustWindowRectEx

• 0x47a69c ActivateKeyboardLayout

Library kernel32.dll:

• 0x47a6a4 Sleep

Library oleaut32.dll:

• 0x47a6ac SafeArrayPtrOfIndex

• 0x47a6b0 SafeArrayGetUBound

• 0x47a6b4 SafeArrayGetLBound

• 0x47a6b8 SafeArrayCreate

• 0x47a6bc VariantChangeType

• 0x47a6c0 VariantCopy

• 0x47a6c4 VariantClear

• 0x47a6c8 VariantInit

Library comctl32.dll:

• 0x47a6d0 ImageList_SetIconSize

• 0x47a6d4 ImageList_GetIconSize

• 0x47a6d8 ImageList_Write

• 0x47a6dc ImageList_Read

• 0x47a6e0 ImageList_GetDragImage

• 0x47a6e4 ImageList_DragShowNolock

• 0x47a6e8 ImageList_SetDragCursorImage

• 0x47a6ec ImageList_DragMove

• 0x47a6f0 ImageList_DragLeave

• 0x47a6f4 ImageList_DragEnter

• 0x47a6f8 ImageList_EndDrag

• 0x47a6fc ImageList_BeginDrag

• 0x47a700 ImageList_Remove

• 0x47a704 ImageList_DrawEx

• 0x47a708 ImageList_Replace

• 0x47a70c ImageList_Draw

• 0x47a710 ImageList_GetBkColor

• 0x47a714 ImageList_SetBkColor

• 0x47a718 ImageList_ReplaceIcon

• 0x47a71c ImageList_Add

• 0x47a720 ImageList_SetImageCount

• 0x47a724 ImageList_GetImageCount

• 0x47a728 ImageList_Destroy

• 0x47a72c ImageList_Create

• 0x47a730 InitCommonControls

Library URL.DLL:

• 0x47a738 InetIsOffline

Hosts

No hosts contacted.

DNS

Name	Response	Post-Analysis Lookup
dns.msftncsi.com	A 131.107.255.255	131.107.255.255
time.windows.com	A 20.189.79.72 CNAME time.microsoft.akadns.net
drive.google.com	A 31.13.82.23	103.97.3.19
dns.msftncsi.com	AAAA fd3e:4f5a:5b81::1	131.107.255.255
teredo.ipv6.microsoft.com		127.0.0.1

TCP

No TCP connections recorded.

UDP

Source	Source Port	Destination	Destination Port
192.168.56.101	50534	114.114.114.114	53
192.168.56.101	51378	114.114.114.114	53
192.168.56.101	51963	114.114.114.114	53
192.168.56.101	56539	114.114.114.114	53
192.168.56.101	58367	114.114.114.114	53
192.168.56.101	65004	114.114.114.114	53
192.168.56.101	137	192.168.56.255	137
192.168.56.101	138	192.168.56.255	138
192.168.56.101	123	20.189.79.72 time.windows.com	123
192.168.56.101	49235	224.0.0.252	5355
192.168.56.101	53657	224.0.0.252	5355
192.168.56.101	56804	224.0.0.252	5355
192.168.56.101	60123	224.0.0.252	5355
192.168.56.101	62191	224.0.0.252	5355
192.168.56.101	1900	239.255.255.250	1900
192.168.56.101	56540	239.255.255.250	3702
192.168.56.101	56807	239.255.255.250	1900
192.168.56.101	58368	239.255.255.250	3702
192.168.56.101	58370	239.255.255.250	3702
192.168.56.101	58707	239.255.255.250	3702

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.

Sorry! No dropped buffers.