SmartHawk

4.8

中危

56 个模型检测该样本为恶意！

重新分析

下载样本

e837e409e593eb440550d2dc1174b65045242229ee9e3614360b37018d05fa52

7c374afcd59467fc92eefe8d4d8a0e2b.exe

分析耗时

88s

最近分析

文件大小

754.5KB

静态报毒动态报毒 100% 98YOQW ABTB AGENTWDCR AI SCORE=88 AIDETECTVM ATTRIBUTE AVEMARIA CONFIDENCE DELF FAREIT GENCIRC HIGH CONFIDENCE HIGHCONFIDENCE HUIWGJ HVNMZ JWHGENZQ KCLOUD KQFJ KTSE MALWARE2 MALWARE@#3GBPMYO1CMHIO RATX REMCOS S + MAL SCORE THIAOBO TSCOPE UNSAFE 更多

未检测暂无鹰眼引擎检测结果

查杀引擎	查杀结果	查杀时间	查杀版本
McAfee	Fareit-FZO!7C374AFCD594	20210123	6.0.6.653
Alibaba	Backdoor:Win32/Remcos.977741b1	20190527	0.3.0.5
Baidu		20190318	1.0.0.2
Avast	Win32:RATX-gen [Trj]	20210122	21.1.5827.0
Tencent	Malware.Win32.Gencirc.11b0a815	20210123	1.0.0.1
Kingsoft	Win32.Troj.Undef.(kcloud)	20210123	2017.9.26.565
CrowdStrike	win/malicious_confidence_100% (W)	20190702	1.0

The executable contains unknown PE section names indicative of a packer (could be a false positive) (3 个事件)

section	CODE
section	DATA
section	BSS

The executable uses a known packer (1 个事件)

packer

BobSoft Mini Delphi -> BoB / BobSoft

One or more processes crashed (1 个事件)

Time & API	Arguments	Status	Return	Repeated
1620778764.826249 __exception__	stacktrace: 7c374afcd59467fc92eefe8d4d8a0e2b+0x6c8e2 @ 0x46c8e2 7c374afcd59467fc92eefe8d4d8a0e2b+0x6c915 @ 0x46c915 7c374afcd59467fc92eefe8d4d8a0e2b+0x6c832 @ 0x46c832 7c374afcd59467fc92eefe8d4d8a0e2b+0x10828 @ 0x410828 7c374afcd59467fc92eefe8d4d8a0e2b+0xa215f @ 0x4a215f 7c374afcd59467fc92eefe8d4d8a0e2b+0xa28b0 @ 0x4a28b0 7c374afcd59467fc92eefe8d4d8a0e2b+0x25d7a @ 0x425d7a gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x775a62fa GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x775a6d3a CharPrevW+0x138 TranslateMessage-0x45 user32+0x177c4 @ 0x775a77c4 DispatchMessageA+0xf GetMessageA-0x9 user32+0x17bca @ 0x775a7bca 7c374afcd59467fc92eefe8d4d8a0e2b+0x639b0 @ 0x4639b0 7c374afcd59467fc92eefe8d4d8a0e2b+0xa2c33 @ 0x4a2c33 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5 registers.esp: 1635496 registers.edi: 0 registers.eax: 1635496 registers.ebp: 1635576 registers.edx: 0 registers.ebx: 1637252 registers.esi: 5084316 registers.ecx: 7 exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727 exception.instruction: leave exception.module: KERNELBASE.dll exception.exception_code: 0xeedfade exception.offset: 46887 exception.address: 0x778eb727	success	0	0

Time & API

Arguments

Status

Return

Repeated

1620778764.826249
__exception__

stacktrace:

7c374afcd59467fc92eefe8d4d8a0e2b+0x6c8e2 @ 0x46c8e2
7c374afcd59467fc92eefe8d4d8a0e2b+0x6c915 @ 0x46c915
7c374afcd59467fc92eefe8d4d8a0e2b+0x6c832 @ 0x46c832
7c374afcd59467fc92eefe8d4d8a0e2b+0x10828 @ 0x410828
7c374afcd59467fc92eefe8d4d8a0e2b+0xa215f @ 0x4a215f
7c374afcd59467fc92eefe8d4d8a0e2b+0xa28b0 @ 0x4a28b0
7c374afcd59467fc92eefe8d4d8a0e2b+0x25d7a @ 0x425d7a
gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x775a62fa
GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x775a6d3a
CharPrevW+0x138 TranslateMessage-0x45 user32+0x177c4 @ 0x775a77c4
DispatchMessageA+0xf GetMessageA-0x9 user32+0x17bca @ 0x775a7bca
7c374afcd59467fc92eefe8d4d8a0e2b+0x639b0 @ 0x4639b0
7c374afcd59467fc92eefe8d4d8a0e2b+0xa2c33 @ 0x4a2c33
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1635496
registers.edi: 0
registers.eax: 1635496
registers.ebp: 1635576
registers.edx: 0
registers.ebx: 1637252
registers.esi: 5084316
registers.ecx: 7
exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b
exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727
exception.instruction: leave
exception.module: KERNELBASE.dll
exception.exception_code: 0xeedfade
exception.offset: 46887
exception.address: 0x778eb727

success

Allocates read-write-execute memory (usually to unpack itself) (1 个事件)

Time & API	Arguments	Status	Return	Repeated
1620778714.405249 NtAllocateVirtualMemory	process_identifier: 1916 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 4096 (MEM_COMMIT) base_address: 0x003f0000	success	0	0

Communicates with host for which no DNS query was performed (1 个事件)

host

172.217.24.14

Disables proxy possibly for traffic interception (1 个事件)

Time & API	Arguments	Status	Return	Repeated
1620778732.967249 RegSetValueExA	key_handle: 0x00000290 value: 0 regkey_r: ProxyEnable reg_type: 4 (REG_DWORD) regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyEnable	success	0	0

File has been identified by 56 AntiVirus engines on VirusTotal as malicious (50 out of 56 个事件)

Bkav	W32.AIDetectVM.malware2
Elastic	malicious (high confidence)
MicroWorld-eScan	Trojan.AgentWDCR.ABTB
FireEye	Generic.mg.7c374afcd59467fc
CAT-QuickHeal	Trojanspy.Avemaria
McAfee	Fareit-FZO!7C374AFCD594
Cylance	Unsafe
SUPERAntiSpyware	Trojan.Agent/Gen-Injector
Sangfor	Malware
K7AntiVirus	Trojan-Downloader ( 0056db511 )
Alibaba	Backdoor:Win32/Remcos.977741b1
K7GW	Trojan-Downloader ( 0056db511 )
Cybereason	malicious.cd5946
Arcabit	Trojan.AgentWDCR.ABTB
Cyren	W32/Trojan.KQFJ-7295
Symantec	ML.Attribute.HighConfidence
APEX	Malicious
Avast	Win32:RATX-gen [Trj]
Kaspersky	HEUR:Trojan-Spy.Win32.AveMaria.gen
BitDefender	Trojan.AgentWDCR.ABTB
NANO-Antivirus	Trojan.Win32.AveMaria.huiwgj
Paloalto	generic.ml
AegisLab	Trojan.Win32.AveMaria.l!c
Tencent	Malware.Win32.Gencirc.11b0a815
Ad-Aware	Trojan.AgentWDCR.ABTB
Sophos	Mal/Generic-S + Mal/Generic-L
Comodo	Malware@#3gbpmyo1cmhio
VIPRE	Trojan.Win32.Generic!BT
TrendMicro	Backdoor.Win32.REMCOS.THIAOBO
McAfee-GW-Edition	Fareit-FZO!7C374AFCD594
Emsisoft	Trojan-Downloader.Delf (A)
Avira	TR/Dldr.Delf.hvnmz
MAX	malware (ai score=88)
Antiy-AVL	Trojan[Spy]/Win32.AveMaria
Kingsoft	Win32.Troj.Undef.(kcloud)
Gridinsoft	Trojan.Win32.Agent.oa
Microsoft	Backdoor:Win32/Remcos.ARK!MTB
ViRobot	Trojan.Win32.Z.Delf.772608
ZoneAlarm	HEUR:Trojan-Spy.Win32.AveMaria.gen
GData	Win32.Trojan.Agent.98YOQW
Cynet	Malicious (score: 85)
AhnLab-V3	Malware/Win32.Generic.C4194936
BitDefenderTheta	AI:Packer.BA34D27919
VBA32	TScope.Trojan.Delf
Malwarebytes	Backdoor.Remcos
Zoner	Trojan.Win32.92464
ESET-NOD32	Win32/TrojanDownloader.Delf.DAD
TrendMicro-HouseCall	Backdoor.Win32.REMCOS.THIAOBO
Rising	Trojan.Injector!1.CB77 (KTSE)
Yandex	Trojan.DL.Delf!5J/JWHGENzQ

Connects to IP addresses that are no longer responding to requests (legitimate services will remain up-and-running usually) (2 个事件)

dead_host	172.217.24.14:443
dead_host	172.217.160.78:443

暂无二进制图像该样本未生成二进制可视化图像

暂无运行截图该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手，可以帮您分析和解读恶意软件报告。请随时向我提问！

🔍 主要威胁分析

⚡ 行为特征

🛡️ 防护建议

🔧 技术手段

🎯 检测方法

🤖

Static Analysis
Strings

PE Compile Time

1992-06-20 06:22:17

Imports

Library kernel32.dll:

• 0x4a617c DeleteCriticalSection

• 0x4a6180 LeaveCriticalSection

• 0x4a6184 EnterCriticalSection

• 0x4a6188 InitializeCriticalSection

• 0x4a618c VirtualFree

• 0x4a6190 VirtualAlloc

• 0x4a6194 LocalFree

• 0x4a6198 LocalAlloc

• 0x4a619c GetTickCount

• 0x4a61a0 QueryPerformanceCounter

• 0x4a61a4 GetVersion

• 0x4a61a8 GetCurrentThreadId

• 0x4a61ac InterlockedDecrement

• 0x4a61b0 InterlockedIncrement

• 0x4a61b4 VirtualQuery

• 0x4a61b8 WideCharToMultiByte

• 0x4a61bc MultiByteToWideChar

• 0x4a61c0 lstrlenA

• 0x4a61c4 lstrcpynA

• 0x4a61c8 LoadLibraryExA

• 0x4a61cc GetThreadLocale

• 0x4a61d0 GetStartupInfoA

• 0x4a61d4 GetProcAddress

• 0x4a61d8 GetModuleHandleA

• 0x4a61dc GetModuleFileNameA

• 0x4a61e0 GetLocaleInfoA

• 0x4a61e4 GetCommandLineA

• 0x4a61e8 FreeLibrary

• 0x4a61ec FindFirstFileA

• 0x4a61f0 FindClose

• 0x4a61f4 ExitProcess

• 0x4a61f8 WriteFile

• 0x4a61fc UnhandledExceptionFilter

• 0x4a6200 RtlUnwind

• 0x4a6204 RaiseException

• 0x4a6208 GetStdHandle

Library user32.dll:

• 0x4a6210 GetKeyboardType

• 0x4a6214 LoadStringA

• 0x4a6218 MessageBoxA

• 0x4a621c CharNextA

Library advapi32.dll:

• 0x4a6224 RegQueryValueExA

• 0x4a6228 RegOpenKeyExA

• 0x4a622c RegCloseKey

Library oleaut32.dll:

• 0x4a6234 SysFreeString

• 0x4a6238 SysReAllocStringLen

• 0x4a623c SysAllocStringLen

Library kernel32.dll:

• 0x4a6244 TlsSetValue

• 0x4a6248 TlsGetValue

• 0x4a624c LocalAlloc

• 0x4a6250 GetModuleHandleA

Library advapi32.dll:

• 0x4a6258 RegQueryValueExA

• 0x4a625c RegOpenKeyExA

• 0x4a6260 RegCloseKey

Library kernel32.dll:

• 0x4a6268 lstrcpyA

• 0x4a626c lstrcmpiA

• 0x4a6270 WriteFile

• 0x4a6274 WaitForSingleObject

• 0x4a6278 VirtualQuery

• 0x4a627c VirtualProtect

• 0x4a6280 VirtualAlloc

• 0x4a6284 Sleep

• 0x4a6288 SizeofResource

• 0x4a628c SetThreadLocale

• 0x4a6290 SetFilePointer

• 0x4a6294 SetEvent

• 0x4a6298 SetErrorMode

• 0x4a629c SetEndOfFile

• 0x4a62a0 ResetEvent

• 0x4a62a4 ReadFile

• 0x4a62a8 MultiByteToWideChar

• 0x4a62ac MulDiv

• 0x4a62b0 LockResource

• 0x4a62b4 LoadResource

• 0x4a62b8 LoadLibraryA

• 0x4a62bc LeaveCriticalSection

• 0x4a62c0 InitializeCriticalSection

• 0x4a62c4 GlobalUnlock

• 0x4a62c8 GlobalReAlloc

• 0x4a62cc GlobalHandle

• 0x4a62d0 GlobalLock

• 0x4a62d4 GlobalFree

• 0x4a62d8 GlobalFindAtomA

• 0x4a62dc GlobalDeleteAtom

• 0x4a62e0 GlobalAlloc

• 0x4a62e4 GlobalAddAtomA

• 0x4a62e8 GetVersionExA

• 0x4a62ec GetVersion

• 0x4a62f0 GetTickCount

• 0x4a62f4 GetThreadLocale

• 0x4a62f8 GetSystemInfo

• 0x4a62fc GetStringTypeExA

• 0x4a6300 GetStdHandle

• 0x4a6304 GetProcAddress

• 0x4a6308 GetModuleHandleA

• 0x4a630c GetModuleFileNameA

• 0x4a6310 GetLocaleInfoA

• 0x4a6314 GetLocalTime

• 0x4a6318 GetLastError

• 0x4a631c GetFullPathNameA

• 0x4a6320 GetDiskFreeSpaceA

• 0x4a6324 GetDateFormatA

• 0x4a6328 GetCurrentThreadId

• 0x4a632c GetCurrentProcessId

• 0x4a6330 GetCPInfo

• 0x4a6334 GetACP

• 0x4a6338 FreeResource

• 0x4a633c InterlockedExchange

• 0x4a6340 FreeLibrary

• 0x4a6344 FormatMessageA

• 0x4a6348 FindResourceA

• 0x4a634c FindFirstFileA

• 0x4a6350 FindClose

• 0x4a6354 FileTimeToLocalFileTime

• 0x4a6358 FileTimeToDosDateTime

• 0x4a635c ExitProcess

• 0x4a6360 EnumCalendarInfoA

• 0x4a6364 EnterCriticalSection

• 0x4a6368 DeleteCriticalSection

• 0x4a636c CreateThread

• 0x4a6370 CreateFileA

• 0x4a6374 CreateEventA

• 0x4a6378 CompareStringA

• 0x4a637c CloseHandle

Library version.dll:

• 0x4a6384 VerQueryValueA

• 0x4a6388 GetFileVersionInfoSizeA

• 0x4a638c GetFileVersionInfoA

Library gdi32.dll:

• 0x4a6394 UnrealizeObject

• 0x4a6398 StretchBlt

• 0x4a639c SetWindowOrgEx

• 0x4a63a0 SetWindowExtEx

• 0x4a63a4 SetWinMetaFileBits

• 0x4a63a8 SetViewportOrgEx

• 0x4a63ac SetViewportExtEx

• 0x4a63b0 SetTextColor

• 0x4a63b4 SetStretchBltMode

• 0x4a63b8 SetROP2

• 0x4a63bc SetPixel

• 0x4a63c0 SetMapMode

• 0x4a63c4 SetEnhMetaFileBits

• 0x4a63c8 SetDIBColorTable

• 0x4a63cc SetBrushOrgEx

• 0x4a63d0 SetBkMode

• 0x4a63d4 SetBkColor

• 0x4a63d8 SelectPalette

• 0x4a63dc SelectObject

• 0x4a63e0 SelectClipRgn

• 0x4a63e4 SaveDC

• 0x4a63e8 RestoreDC

• 0x4a63ec Rectangle

• 0x4a63f0 RectVisible

• 0x4a63f4 RealizePalette

• 0x4a63f8 Polyline

• 0x4a63fc PolyPolyline

• 0x4a6400 PlayEnhMetaFile

• 0x4a6404 PatBlt

• 0x4a6408 MoveToEx

• 0x4a640c MaskBlt

• 0x4a6410 LineTo

• 0x4a6414 IntersectClipRect

• 0x4a6418 GetWindowOrgEx

• 0x4a641c GetWinMetaFileBits

• 0x4a6420 GetTextMetricsA

• 0x4a6424 GetTextExtentPointA

• 0x4a6428 GetTextExtentPoint32A

• 0x4a642c GetSystemPaletteEntries

• 0x4a6430 GetStockObject

• 0x4a6434 GetRgnBox

• 0x4a6438 GetPixel

• 0x4a643c GetPaletteEntries

• 0x4a6440 GetObjectA

• 0x4a6444 GetNearestColor

• 0x4a6448 GetEnhMetaFilePaletteEntries

• 0x4a644c GetEnhMetaFileHeader

• 0x4a6450 GetEnhMetaFileBits

• 0x4a6454 GetDeviceCaps

• 0x4a6458 GetDIBits

• 0x4a645c GetDIBColorTable

• 0x4a6460 GetDCOrgEx

• 0x4a6464 GetCurrentPositionEx

• 0x4a6468 GetClipBox

• 0x4a646c GetBrushOrgEx

• 0x4a6470 GetBitmapBits

• 0x4a6474 ExtTextOutA

• 0x4a6478 ExtCreatePen

• 0x4a647c ExcludeClipRect

• 0x4a6480 DeleteObject

• 0x4a6484 DeleteEnhMetaFile

• 0x4a6488 DeleteDC

• 0x4a648c CreateSolidBrush

• 0x4a6490 CreateRectRgn

• 0x4a6494 CreatePenIndirect

• 0x4a6498 CreatePalette

• 0x4a649c CreateHalftonePalette

• 0x4a64a0 CreateFontIndirectA

• 0x4a64a4 CreateDIBitmap

• 0x4a64a8 CreateDIBSection

• 0x4a64ac CreateCompatibleDC

• 0x4a64b0 CreateCompatibleBitmap

• 0x4a64b4 CreateBrushIndirect

• 0x4a64b8 CreateBitmap

• 0x4a64bc CopyEnhMetaFileA

• 0x4a64c0 CombineRgn

• 0x4a64c4 BitBlt

Library user32.dll:

• 0x4a64cc CreateWindowExA

• 0x4a64d0 WindowFromPoint

• 0x4a64d4 WinHelpA

• 0x4a64d8 WaitMessage

• 0x4a64dc ValidateRect

• 0x4a64e0 UpdateWindow

• 0x4a64e4 UnregisterClassA

• 0x4a64e8 UnionRect

• 0x4a64ec UnhookWindowsHookEx

• 0x4a64f0 TranslateMessage

• 0x4a64f4 TranslateMDISysAccel

• 0x4a64f8 TrackPopupMenu

• 0x4a64fc SystemParametersInfoA

• 0x4a6500 ShowWindow

• 0x4a6504 ShowScrollBar

• 0x4a6508 ShowOwnedPopups

• 0x4a650c ShowCursor

• 0x4a6510 SetWindowsHookExA

• 0x4a6514 SetWindowTextA

• 0x4a6518 SetWindowPos

• 0x4a651c SetWindowPlacement

• 0x4a6520 SetWindowLongA

• 0x4a6524 SetTimer

• 0x4a6528 SetScrollRange

• 0x4a652c SetScrollPos

• 0x4a6530 SetScrollInfo

• 0x4a6534 SetRect

• 0x4a6538 SetPropA

• 0x4a653c SetParent

• 0x4a6540 SetMenuItemInfoA

• 0x4a6544 SetMenu

• 0x4a6548 SetKeyboardState

• 0x4a654c SetForegroundWindow

• 0x4a6550 SetFocus

• 0x4a6554 SetCursor

• 0x4a6558 SetClipboardData

• 0x4a655c SetClassLongA

• 0x4a6560 SetCapture

• 0x4a6564 SetActiveWindow

• 0x4a6568 SendMessageA

• 0x4a656c ScrollWindowEx

• 0x4a6570 ScrollWindow

• 0x4a6574 ScreenToClient

• 0x4a6578 RemovePropA

• 0x4a657c RemoveMenu

• 0x4a6580 ReleaseDC

• 0x4a6584 ReleaseCapture

• 0x4a6588 RegisterWindowMessageA

• 0x4a658c RegisterClipboardFormatA

• 0x4a6590 RegisterClassA

• 0x4a6594 RedrawWindow

• 0x4a6598 PtInRect

• 0x4a659c PostQuitMessage

• 0x4a65a0 PostMessageA

• 0x4a65a4 PeekMessageA

• 0x4a65a8 OpenClipboard

• 0x4a65ac OffsetRect

• 0x4a65b0 OemToCharA

• 0x4a65b4 MessageBoxA

• 0x4a65b8 MessageBeep

• 0x4a65bc MapWindowPoints

• 0x4a65c0 MapVirtualKeyA

• 0x4a65c4 LoadStringA

• 0x4a65c8 LoadKeyboardLayoutA

• 0x4a65cc LoadIconA

• 0x4a65d0 LoadCursorA

• 0x4a65d4 LoadBitmapA

• 0x4a65d8 KillTimer

• 0x4a65dc IsZoomed

• 0x4a65e0 IsWindowVisible

• 0x4a65e4 IsWindowEnabled

• 0x4a65e8 IsWindow

• 0x4a65ec IsRectEmpty

• 0x4a65f0 IsIconic

• 0x4a65f4 IsDialogMessageA

• 0x4a65f8 IsChild

• 0x4a65fc IsCharAlphaNumericA

• 0x4a6600 IsCharAlphaA

• 0x4a6604 InvalidateRect

• 0x4a6608 IntersectRect

• 0x4a660c InsertMenuItemA

• 0x4a6610 InsertMenuA

• 0x4a6614 InflateRect

• 0x4a6618 GetWindowThreadProcessId

• 0x4a661c GetWindowTextA

• 0x4a6620 GetWindowRect

• 0x4a6624 GetWindowPlacement

• 0x4a6628 GetWindowLongA

• 0x4a662c GetWindowDC

• 0x4a6630 GetTopWindow

• 0x4a6634 GetSystemMetrics

• 0x4a6638 GetSystemMenu

• 0x4a663c GetSysColorBrush

• 0x4a6640 GetSysColor

• 0x4a6644 GetSubMenu

• 0x4a6648 GetScrollRange

• 0x4a664c GetScrollPos

• 0x4a6650 GetScrollInfo

• 0x4a6654 GetPropA

• 0x4a6658 GetParent

• 0x4a665c GetWindow

• 0x4a6660 GetMessageTime

• 0x4a6664 GetMenuStringA

• 0x4a6668 GetMenuState

• 0x4a666c GetMenuItemInfoA

• 0x4a6670 GetMenuItemID

• 0x4a6674 GetMenuItemCount

• 0x4a6678 GetMenu

• 0x4a667c GetLastActivePopup

• 0x4a6680 GetKeyboardState

• 0x4a6684 GetKeyboardLayoutList

• 0x4a6688 GetKeyboardLayout

• 0x4a668c GetKeyState

• 0x4a6690 GetKeyNameTextA

• 0x4a6694 GetIconInfo

• 0x4a6698 GetForegroundWindow

• 0x4a669c GetFocus

• 0x4a66a0 GetDoubleClickTime

• 0x4a66a4 GetDesktopWindow

• 0x4a66a8 GetDCEx

• 0x4a66ac GetDC

• 0x4a66b0 GetCursorPos

• 0x4a66b4 GetCursor

• 0x4a66b8 GetClipboardData

• 0x4a66bc GetClientRect

• 0x4a66c0 GetClassNameA

• 0x4a66c4 GetClassInfoA

• 0x4a66c8 GetCaretPos

• 0x4a66cc GetCapture

• 0x4a66d0 GetActiveWindow

• 0x4a66d4 FrameRect

• 0x4a66d8 FindWindowA

• 0x4a66dc FillRect

• 0x4a66e0 EqualRect

• 0x4a66e4 EnumWindows

• 0x4a66e8 EnumThreadWindows

• 0x4a66ec EnumClipboardFormats

• 0x4a66f0 EndPaint

• 0x4a66f4 EnableWindow

• 0x4a66f8 EnableScrollBar

• 0x4a66fc EnableMenuItem

• 0x4a6700 EmptyClipboard

• 0x4a6704 DrawTextA

• 0x4a6708 DrawMenuBar

• 0x4a670c DrawIconEx

• 0x4a6710 DrawIcon

• 0x4a6714 DrawFrameControl

• 0x4a6718 DrawFocusRect

• 0x4a671c DrawEdge

• 0x4a6720 DispatchMessageA

• 0x4a6724 DestroyWindow

• 0x4a6728 DestroyMenu

• 0x4a672c DestroyIcon

• 0x4a6730 DestroyCursor

• 0x4a6734 DeleteMenu

• 0x4a6738 DefWindowProcA

• 0x4a673c DefMDIChildProcA

• 0x4a6740 DefFrameProcA

• 0x4a6744 CreatePopupMenu

• 0x4a6748 CreateMenu

• 0x4a674c CreateIcon

• 0x4a6750 CloseClipboard

• 0x4a6754 ClientToScreen

• 0x4a6758 CheckMenuItem

• 0x4a675c CallWindowProcA

• 0x4a6760 CallNextHookEx

• 0x4a6764 BeginPaint

• 0x4a6768 CharNextA

• 0x4a676c CharLowerBuffA

• 0x4a6770 CharLowerA

• 0x4a6774 CharUpperBuffA

• 0x4a6778 CharToOemA

• 0x4a677c AdjustWindowRectEx

• 0x4a6780 ActivateKeyboardLayout

Library kernel32.dll:

• 0x4a6788 Sleep

Library oleaut32.dll:

• 0x4a6790 SafeArrayPtrOfIndex

• 0x4a6794 SafeArrayPutElement

• 0x4a6798 SafeArrayGetElement

• 0x4a679c SafeArrayUnaccessData

• 0x4a67a0 SafeArrayAccessData

• 0x4a67a4 SafeArrayGetUBound

• 0x4a67a8 SafeArrayGetLBound

• 0x4a67ac SafeArrayCreate

• 0x4a67b0 VariantChangeType

• 0x4a67b4 VariantCopyInd

• 0x4a67b8 VariantCopy

• 0x4a67bc VariantClear

• 0x4a67c0 VariantInit

Library ole32.dll:

• 0x4a67c8 CLSIDFromProgID

• 0x4a67cc CoCreateInstance

• 0x4a67d0 CoUninitialize

• 0x4a67d4 CoInitialize

Library oleaut32.dll:

• 0x4a67dc GetErrorInfo

• 0x4a67e0 SysFreeString

Library comctl32.dll:

• 0x4a67e8 ImageList_SetIconSize

• 0x4a67ec ImageList_GetIconSize

• 0x4a67f0 ImageList_Write

• 0x4a67f4 ImageList_Read

• 0x4a67f8 ImageList_GetDragImage

• 0x4a67fc ImageList_DragShowNolock

• 0x4a6800 ImageList_SetDragCursorImage

• 0x4a6804 ImageList_DragMove

• 0x4a6808 ImageList_DragLeave

• 0x4a680c ImageList_DragEnter

• 0x4a6810 ImageList_EndDrag

• 0x4a6814 ImageList_BeginDrag

• 0x4a6818 ImageList_Remove

• 0x4a681c ImageList_DrawEx

• 0x4a6820 ImageList_Replace

• 0x4a6824 ImageList_Draw

• 0x4a6828 ImageList_GetBkColor

• 0x4a682c ImageList_SetBkColor

• 0x4a6830 ImageList_ReplaceIcon

• 0x4a6834 ImageList_Add

• 0x4a6838 ImageList_SetImageCount

• 0x4a683c ImageList_GetImageCount

• 0x4a6840 ImageList_Destroy

• 0x4a6844 ImageList_Create

• 0x4a6848 InitCommonControls

Library wininet.dll:

• 0x4a6850 InternetCheckConnectionA

Library kernel32.dll:

• 0x4a6858 MulDiv

Library advapi32.dll:

• 0x4a6860 QueryServiceStatus

• 0x4a6864 OpenServiceA

• 0x4a6868 OpenSCManagerA

• 0x4a686c CloseServiceHandle

Hosts

No hosts contacted.

DNS

Name	Response	Post-Analysis Lookup
time.windows.com	A 20.189.79.72 CNAME time.microsoft.akadns.net
dns.msftncsi.com	AAAA fd3e:4f5a:5b81::1
dns.msftncsi.com	A 131.107.255.255
clients2.google.com	A 172.217.160.78 CNAME clients.l.google.com	216.58.200.46
www.microsoft.com	CNAME www.microsoft.com-c-3.edgekey.net CNAME www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net CNAME e13678.ca2.s.tl88.net A 183.61.93.182	104.99.234.13
cdn.discordapp.com	A 31.13.83.8	104.244.46.208
teredo.ipv6.microsoft.com

TCP

Source	Source Port	Destination	Destination Port
192.168.56.101	49181	31.13.83.8 cdn.discordapp.com	443

UDP

Source	Source Port	Destination	Destination Port
192.168.56.101	49235	114.114.114.114	53
192.168.56.101	53380	114.114.114.114	53
192.168.56.101	53657	114.114.114.114	53
192.168.56.101	55368	114.114.114.114	53
192.168.56.101	60215	114.114.114.114	53
192.168.56.101	60221	114.114.114.114	53
192.168.56.101	62912	114.114.114.114	53
192.168.56.101	63429	114.114.114.114	53
192.168.56.101	137	192.168.56.255	137
192.168.56.101	138	192.168.56.255	138
192.168.56.101	123	20.189.79.72 time.windows.com	123
192.168.56.101	50002	224.0.0.252	5355
192.168.56.101	50534	224.0.0.252	5355
192.168.56.101	51808	224.0.0.252	5355
192.168.56.101	51963	224.0.0.252	5355
192.168.56.101	56539	224.0.0.252	5355
192.168.56.101	56804	224.0.0.252	5355
192.168.56.101	57236	224.0.0.252	5355
192.168.56.101	57756	224.0.0.252	5355
192.168.56.101	57874	224.0.0.252	5355

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.

Sorry! No dropped buffers.