SmartHawk

11.0

0-day

6 个模型检测该样本为恶意！

重新分析

下载样本

d1c3eddfbde187ed7d464f287a22f46d84e70eb23850a8c622ef69a77ba08a91

7e13d61edde7ff3212ebf324fe5881f3.exe

分析耗时

37s

最近分析

文件大小

696.0KB

静态报毒动态报毒 AIDETECTVM ELDORADO KRYPTIK MALWARE1

未检测暂无鹰眼引擎检测结果

查杀引擎	查杀时间	查杀版本
McAfee	20200926	6.0.6.653
Alibaba	20190527	0.3.0.5
Baidu	20190318	1.0.0.2
Avast	20200927	18.4.3895.0
Tencent	20200927	1.0.0.1
Kingsoft	20200927	2013.8.14.323
CrowdStrike	20190702	1.0

Queries for the computername (12 个事件)

Time & API	Arguments	Status	Return
1620762786.015625 GetComputerNameA	computer_name: OSKAR-PC	success	1
1620762786.015625 GetComputerNameA	computer_name: OSKAR-PC	success	1
1620762787.155625 GetComputerNameA	computer_name: OSKAR-PC	success	1
1620762787.171625 GetComputerNameA	computer_name: OSKAR-PC	success	1
1620762787.202625 GetComputerNameA	computer_name: OSKAR-PC	success	1
1620762787.218625 GetComputerNameA	computer_name: OSKAR-PC	success	1
1620762787.218625 GetComputerNameA	computer_name: OSKAR-PC	success	1
1620762787.234625 GetComputerNameA	computer_name: OSKAR-PC	success	1
1620762787.234625 GetComputerNameA	computer_name: OSKAR-PC	success	1
1620762787.234625 GetComputerNameA	computer_name: OSKAR-PC	success	1
1620762787.234625 GetComputerNameA	computer_name: OSKAR-PC	success	1
1620762789.140625 GetComputerNameA	computer_name: OSKAR-PC	success	1

Checks if process is being debugged by a debugger (1 个事件)

Time & API	Arguments	Status	Return	Repeated
1620762780.99975 IsDebuggerPresent		failed	0	0

Collects information to fingerprint the system (MachineGuid, DigitalProductId, SystemBiosDate) (1 个事件)

registry

HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate

Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available (1 个事件)

Time & API	Arguments	Status	Return	Repeated
1620762789.359625 GlobalMemoryStatusEx		success	1	0

The executable contains unknown PE section names indicative of a packer (could be a false positive) (3 个事件)

section	.text1
section	.adata
section	.data1

The executable uses a known packer (1 个事件)

packer

Armadillo 3.X-5.X -> Silicon Realms Toolworks

One or more processes crashed (50 out of 441 个事件)

Time & API	Arguments	Status
1620762780.96875 __exception__	stacktrace: registers.esp: 1638240 registers.edi: 0 registers.eax: 0 registers.ebp: 4579328 registers.edx: 4579328 registers.ebx: 175 registers.esi: 0 registers.ecx: 0 exception.instruction_r: 8f 00 64 67 8f 06 00 00 83 c4 04 58 33 ff 47 60 exception.symbol: 7e13d61edde7ff3212ebf324fe5881f3+0x5e1b3 exception.instruction: pop dword ptr [eax] exception.module: 7e13d61edde7ff3212ebf324fe5881f3.exe exception.exception_code: 0xc0000005 exception.offset: 385459 exception.address: 0x45e1b3	success
1620762780.98475 __exception__	stacktrace: registers.esp: 1638240 registers.edi: 8 registers.eax: 0 registers.ebp: 4579328 registers.edx: 4580815 registers.ebx: 0 registers.esi: 4618727 registers.ecx: 112 exception.instruction_r: 8f 00 64 67 8f 06 00 00 83 c4 04 58 8b f0 81 e6 exception.symbol: 7e13d61edde7ff3212ebf324fe5881f3+0x5e888 exception.instruction: pop dword ptr [eax] exception.module: 7e13d61edde7ff3212ebf324fe5881f3.exe exception.exception_code: 0xc0000005 exception.offset: 387208 exception.address: 0x45e888	success
1620762780.98475 __exception__	stacktrace: registers.esp: 1638240 registers.edi: 4 registers.eax: 0 registers.ebp: 4579328 registers.edx: 4585980 registers.ebx: 4617552 registers.esi: 1983915168 registers.ecx: 0 exception.instruction_r: f0 f0 c7 c8 64 67 8f 06 00 00 83 c4 04 c3 03 c5 exception.symbol: 7e13d61edde7ff3212ebf324fe5881f3+0x675c3 exception.address: 0x4675c3 exception.module: 7e13d61edde7ff3212ebf324fe5881f3.exe exception.exception_code: 0xc000001d exception.offset: 423363	success
1620762780.98475 __exception__	stacktrace: registers.esp: 1638240 registers.edi: 4 registers.eax: 0 registers.ebp: 4579328 registers.edx: 4585980 registers.ebx: 4617552 registers.esi: 1983915168 registers.ecx: 0 exception.instruction_r: c7 c8 64 67 8f 06 00 00 83 c4 04 c3 03 c5 c3 b9 exception.symbol: 7e13d61edde7ff3212ebf324fe5881f3+0x675c5 exception.address: 0x4675c5 exception.module: 7e13d61edde7ff3212ebf324fe5881f3.exe exception.exception_code: 0xc000001d exception.offset: 423365	success
1620762780.98475 __exception__	stacktrace: registers.esp: 1638240 registers.edi: 4 registers.eax: 0 registers.ebp: 4579328 registers.edx: 4586212 registers.ebx: 4617390 registers.esi: 1983915168 registers.ecx: 0 exception.instruction_r: f0 f0 c7 c8 64 67 8f 06 00 00 83 c4 04 c3 03 c5 exception.symbol: 7e13d61edde7ff3212ebf324fe5881f3+0x6751f exception.address: 0x46751f exception.module: 7e13d61edde7ff3212ebf324fe5881f3.exe exception.exception_code: 0xc000001d exception.offset: 423199	success
1620762780.98475 __exception__	stacktrace: registers.esp: 1638240 registers.edi: 4 registers.eax: 0 registers.ebp: 4579328 registers.edx: 4586212 registers.ebx: 4617390 registers.esi: 1983915168 registers.ecx: 0 exception.instruction_r: c7 c8 64 67 8f 06 00 00 83 c4 04 c3 03 c5 c3 b9 exception.symbol: 7e13d61edde7ff3212ebf324fe5881f3+0x67521 exception.address: 0x467521 exception.module: 7e13d61edde7ff3212ebf324fe5881f3.exe exception.exception_code: 0xc000001d exception.offset: 423201	success
1620762780.98475 __exception__	stacktrace: registers.esp: 1638240 registers.edi: 4 registers.eax: 0 registers.ebp: 4579328 registers.edx: 4586487 registers.ebx: 4617228 registers.esi: 1983915168 registers.ecx: 0 exception.instruction_r: f0 f0 c7 c8 64 67 8f 06 00 00 83 c4 04 c3 03 c5 exception.symbol: 7e13d61edde7ff3212ebf324fe5881f3+0x6747d exception.address: 0x46747d exception.module: 7e13d61edde7ff3212ebf324fe5881f3.exe exception.exception_code: 0xc000001d exception.offset: 423037	success
1620762780.98475 __exception__	stacktrace: registers.esp: 1638240 registers.edi: 4 registers.eax: 0 registers.ebp: 4579328 registers.edx: 4586487 registers.ebx: 4617228 registers.esi: 1983915168 registers.ecx: 0 exception.instruction_r: c7 c8 64 67 8f 06 00 00 83 c4 04 c3 03 c5 c3 b9 exception.symbol: 7e13d61edde7ff3212ebf324fe5881f3+0x6747f exception.address: 0x46747f exception.module: 7e13d61edde7ff3212ebf324fe5881f3.exe exception.exception_code: 0xc000001d exception.offset: 423039	success
1620762780.98475 __exception__	stacktrace: registers.esp: 1638240 registers.edi: 4 registers.eax: 0 registers.ebp: 4579328 registers.edx: 4586694 registers.ebx: 4617064 registers.esi: 1983915168 registers.ecx: 0 exception.instruction_r: f0 f0 c7 c8 64 67 8f 06 00 00 83 c4 04 c3 03 c5 exception.symbol: 7e13d61edde7ff3212ebf324fe5881f3+0x673db exception.address: 0x4673db exception.module: 7e13d61edde7ff3212ebf324fe5881f3.exe exception.exception_code: 0xc000001d exception.offset: 422875	success
1620762780.98475 __exception__	stacktrace: registers.esp: 1638240 registers.edi: 4 registers.eax: 0 registers.ebp: 4579328 registers.edx: 4586694 registers.ebx: 4617064 registers.esi: 1983915168 registers.ecx: 0 exception.instruction_r: c7 c8 64 67 8f 06 00 00 83 c4 04 c3 03 c5 c3 b9 exception.symbol: 7e13d61edde7ff3212ebf324fe5881f3+0x673dd exception.address: 0x4673dd exception.module: 7e13d61edde7ff3212ebf324fe5881f3.exe exception.exception_code: 0xc000001d exception.offset: 422877	success
1620762780.98475 __exception__	stacktrace: registers.esp: 1638240 registers.edi: 4 registers.eax: 0 registers.ebp: 4579328 registers.edx: 4586959 registers.ebx: 4616902 registers.esi: 1983915168 registers.ecx: 0 exception.instruction_r: f0 f0 c7 c8 64 67 8f 06 00 00 83 c4 04 c3 03 c5 exception.symbol: 7e13d61edde7ff3212ebf324fe5881f3+0x67337 exception.address: 0x467337 exception.module: 7e13d61edde7ff3212ebf324fe5881f3.exe exception.exception_code: 0xc000001d exception.offset: 422711	success
1620762780.98475 __exception__	stacktrace: registers.esp: 1638240 registers.edi: 4 registers.eax: 0 registers.ebp: 4579328 registers.edx: 4586959 registers.ebx: 4616902 registers.esi: 1983915168 registers.ecx: 0 exception.instruction_r: c7 c8 64 67 8f 06 00 00 83 c4 04 c3 03 c5 c3 b9 exception.symbol: 7e13d61edde7ff3212ebf324fe5881f3+0x67339 exception.address: 0x467339 exception.module: 7e13d61edde7ff3212ebf324fe5881f3.exe exception.exception_code: 0xc000001d exception.offset: 422713	success
1620762780.98475 __exception__	stacktrace: registers.esp: 1638240 registers.edi: 4 registers.eax: 0 registers.ebp: 4579328 registers.edx: 4587181 registers.ebx: 4616738 registers.esi: 1983915168 registers.ecx: 0 exception.instruction_r: f0 f0 c7 c8 64 67 8f 06 00 00 83 c4 04 c3 03 c5 exception.symbol: 7e13d61edde7ff3212ebf324fe5881f3+0x67295 exception.address: 0x467295 exception.module: 7e13d61edde7ff3212ebf324fe5881f3.exe exception.exception_code: 0xc000001d exception.offset: 422549	success
1620762780.98475 __exception__	stacktrace: registers.esp: 1638240 registers.edi: 4 registers.eax: 0 registers.ebp: 4579328 registers.edx: 4587181 registers.ebx: 4616738 registers.esi: 1983915168 registers.ecx: 0 exception.instruction_r: c7 c8 64 67 8f 06 00 00 83 c4 04 c3 03 c5 c3 b9 exception.symbol: 7e13d61edde7ff3212ebf324fe5881f3+0x67297 exception.address: 0x467297 exception.module: 7e13d61edde7ff3212ebf324fe5881f3.exe exception.exception_code: 0xc000001d exception.offset: 422551	success
1620762780.98475 __exception__	stacktrace: registers.esp: 1638240 registers.edi: 4 registers.eax: 0 registers.ebp: 4579328 registers.edx: 4587442 registers.ebx: 4616574 registers.esi: 1983915168 registers.ecx: 0 exception.instruction_r: f0 f0 c7 c8 64 67 8f 06 00 00 83 c4 04 c3 03 c5 exception.symbol: 7e13d61edde7ff3212ebf324fe5881f3+0x671f1 exception.address: 0x4671f1 exception.module: 7e13d61edde7ff3212ebf324fe5881f3.exe exception.exception_code: 0xc000001d exception.offset: 422385	success
1620762780.98475 __exception__	stacktrace: registers.esp: 1638240 registers.edi: 4 registers.eax: 0 registers.ebp: 4579328 registers.edx: 4587442 registers.ebx: 4616574 registers.esi: 1983915168 registers.ecx: 0 exception.instruction_r: c7 c8 64 67 8f 06 00 00 83 c4 04 c3 03 c5 c3 b9 exception.symbol: 7e13d61edde7ff3212ebf324fe5881f3+0x671f3 exception.address: 0x4671f3 exception.module: 7e13d61edde7ff3212ebf324fe5881f3.exe exception.exception_code: 0xc000001d exception.offset: 422387	success
1620762780.98475 __exception__	stacktrace: registers.esp: 1638240 registers.edi: 4 registers.eax: 0 registers.ebp: 4579328 registers.edx: 4587612 registers.ebx: 4616412 registers.esi: 1983915168 registers.ecx: 0 exception.instruction_r: f0 f0 c7 c8 64 67 8f 06 00 00 83 c4 04 c3 03 c5 exception.symbol: 7e13d61edde7ff3212ebf324fe5881f3+0x6714d exception.address: 0x46714d exception.module: 7e13d61edde7ff3212ebf324fe5881f3.exe exception.exception_code: 0xc000001d exception.offset: 422221	success
1620762780.98475 __exception__	stacktrace: registers.esp: 1638240 registers.edi: 4 registers.eax: 0 registers.ebp: 4579328 registers.edx: 4587612 registers.ebx: 4616412 registers.esi: 1983915168 registers.ecx: 0 exception.instruction_r: c7 c8 64 67 8f 06 00 00 83 c4 04 c3 03 c5 c3 b9 exception.symbol: 7e13d61edde7ff3212ebf324fe5881f3+0x6714f exception.address: 0x46714f exception.module: 7e13d61edde7ff3212ebf324fe5881f3.exe exception.exception_code: 0xc000001d exception.offset: 422223	success
1620762780.98475 __exception__	stacktrace: registers.esp: 1638240 registers.edi: 4 registers.eax: 0 registers.ebp: 4579328 registers.edx: 4587825 registers.ebx: 4616249 registers.esi: 1983915168 registers.ecx: 0 exception.instruction_r: f0 f0 c7 c8 64 67 8f 06 00 00 83 c4 04 c3 03 c5 exception.symbol: 7e13d61edde7ff3212ebf324fe5881f3+0x670ab exception.address: 0x4670ab exception.module: 7e13d61edde7ff3212ebf324fe5881f3.exe exception.exception_code: 0xc000001d exception.offset: 422059	success
1620762780.98475 __exception__	stacktrace: registers.esp: 1638240 registers.edi: 4 registers.eax: 0 registers.ebp: 4579328 registers.edx: 4587825 registers.ebx: 4616249 registers.esi: 1983915168 registers.ecx: 0 exception.instruction_r: c7 c8 64 67 8f 06 00 00 83 c4 04 c3 03 c5 c3 b9 exception.symbol: 7e13d61edde7ff3212ebf324fe5881f3+0x670ad exception.address: 0x4670ad exception.module: 7e13d61edde7ff3212ebf324fe5881f3.exe exception.exception_code: 0xc000001d exception.offset: 422061	success
1620762780.98475 __exception__	stacktrace: registers.esp: 1638240 registers.edi: 4 registers.eax: 0 registers.ebp: 4579328 registers.edx: 4588090 registers.ebx: 4616086 registers.esi: 1983915168 registers.ecx: 0 exception.instruction_r: f0 f0 c7 c8 64 67 8f 06 00 00 83 c4 04 c3 03 c5 exception.symbol: 7e13d61edde7ff3212ebf324fe5881f3+0x67008 exception.address: 0x467008 exception.module: 7e13d61edde7ff3212ebf324fe5881f3.exe exception.exception_code: 0xc000001d exception.offset: 421896	success
1620762780.98475 __exception__	stacktrace: registers.esp: 1638240 registers.edi: 4 registers.eax: 0 registers.ebp: 4579328 registers.edx: 4588090 registers.ebx: 4616086 registers.esi: 1983915168 registers.ecx: 0 exception.instruction_r: c7 c8 64 67 8f 06 00 00 83 c4 04 c3 03 c5 c3 b9 exception.symbol: 7e13d61edde7ff3212ebf324fe5881f3+0x6700a exception.address: 0x46700a exception.module: 7e13d61edde7ff3212ebf324fe5881f3.exe exception.exception_code: 0xc000001d exception.offset: 421898	success
1620762780.98475 __exception__	stacktrace: registers.esp: 1638240 registers.edi: 4 registers.eax: 0 registers.ebp: 4579328 registers.edx: 4588312 registers.ebx: 4615923 registers.esi: 1983915168 registers.ecx: 0 exception.instruction_r: f0 f0 c7 c8 64 67 8f 06 00 00 83 c4 04 c3 03 c5 exception.symbol: 7e13d61edde7ff3212ebf324fe5881f3+0x66f65 exception.address: 0x466f65 exception.module: 7e13d61edde7ff3212ebf324fe5881f3.exe exception.exception_code: 0xc000001d exception.offset: 421733	success
1620762780.98475 __exception__	stacktrace: registers.esp: 1638240 registers.edi: 4 registers.eax: 0 registers.ebp: 4579328 registers.edx: 4588312 registers.ebx: 4615923 registers.esi: 1983915168 registers.ecx: 0 exception.instruction_r: c7 c8 64 67 8f 06 00 00 83 c4 04 c3 03 c5 c3 b9 exception.symbol: 7e13d61edde7ff3212ebf324fe5881f3+0x66f67 exception.address: 0x466f67 exception.module: 7e13d61edde7ff3212ebf324fe5881f3.exe exception.exception_code: 0xc000001d exception.offset: 421735	success
1620762780.98475 __exception__	stacktrace: registers.esp: 1638240 registers.edi: 4 registers.eax: 0 registers.ebp: 4579328 registers.edx: 4588534 registers.ebx: 4615761 registers.esi: 1983915168 registers.ecx: 0 exception.instruction_r: f0 f0 c7 c8 64 67 8f 06 00 00 83 c4 04 c3 03 c5 exception.symbol: 7e13d61edde7ff3212ebf324fe5881f3+0x66ec2 exception.address: 0x466ec2 exception.module: 7e13d61edde7ff3212ebf324fe5881f3.exe exception.exception_code: 0xc000001d exception.offset: 421570	success
1620762780.98475 __exception__	stacktrace: registers.esp: 1638240 registers.edi: 4 registers.eax: 0 registers.ebp: 4579328 registers.edx: 4588534 registers.ebx: 4615761 registers.esi: 1983915168 registers.ecx: 0 exception.instruction_r: c7 c8 64 67 8f 06 00 00 83 c4 04 c3 03 c5 c3 b9 exception.symbol: 7e13d61edde7ff3212ebf324fe5881f3+0x66ec4 exception.address: 0x466ec4 exception.module: 7e13d61edde7ff3212ebf324fe5881f3.exe exception.exception_code: 0xc000001d exception.offset: 421572	success
1620762780.98475 __exception__	stacktrace: registers.esp: 1638240 registers.edi: 4 registers.eax: 0 registers.ebp: 4579328 registers.edx: 4588795 registers.ebx: 4615599 registers.esi: 1983915168 registers.ecx: 0 exception.instruction_r: f0 f0 c7 c8 64 67 8f 06 00 00 83 c4 04 c3 03 c5 exception.symbol: 7e13d61edde7ff3212ebf324fe5881f3+0x66e20 exception.address: 0x466e20 exception.module: 7e13d61edde7ff3212ebf324fe5881f3.exe exception.exception_code: 0xc000001d exception.offset: 421408	success
1620762780.98475 __exception__	stacktrace: registers.esp: 1638240 registers.edi: 4 registers.eax: 0 registers.ebp: 4579328 registers.edx: 4588795 registers.ebx: 4615599 registers.esi: 1983915168 registers.ecx: 0 exception.instruction_r: c7 c8 64 67 8f 06 00 00 83 c4 04 c3 03 c5 c3 b9 exception.symbol: 7e13d61edde7ff3212ebf324fe5881f3+0x66e22 exception.address: 0x466e22 exception.module: 7e13d61edde7ff3212ebf324fe5881f3.exe exception.exception_code: 0xc000001d exception.offset: 421410	success
1620762780.98475 __exception__	stacktrace: registers.esp: 1638240 registers.edi: 4 registers.eax: 0 registers.ebp: 4579328 registers.edx: 4588965 registers.ebx: 4615437 registers.esi: 1983915168 registers.ecx: 0 exception.instruction_r: f0 f0 c7 c8 64 67 8f 06 00 00 83 c4 04 c3 03 c5 exception.symbol: 7e13d61edde7ff3212ebf324fe5881f3+0x66d7e exception.address: 0x466d7e exception.module: 7e13d61edde7ff3212ebf324fe5881f3.exe exception.exception_code: 0xc000001d exception.offset: 421246	success
1620762780.98475 __exception__	stacktrace: registers.esp: 1638240 registers.edi: 4 registers.eax: 0 registers.ebp: 4579328 registers.edx: 4588965 registers.ebx: 4615437 registers.esi: 1983915168 registers.ecx: 0 exception.instruction_r: c7 c8 64 67 8f 06 00 00 83 c4 04 c3 03 c5 c3 b9 exception.symbol: 7e13d61edde7ff3212ebf324fe5881f3+0x66d80 exception.address: 0x466d80 exception.module: 7e13d61edde7ff3212ebf324fe5881f3.exe exception.exception_code: 0xc000001d exception.offset: 421248	success
1620762780.98475 __exception__	stacktrace: registers.esp: 1638240 registers.edi: 4 registers.eax: 0 registers.ebp: 4579328 registers.edx: 4589178 registers.ebx: 4615275 registers.esi: 1983915168 registers.ecx: 0 exception.instruction_r: f0 f0 c7 c8 64 67 8f 06 00 00 83 c4 04 c3 03 c5 exception.symbol: 7e13d61edde7ff3212ebf324fe5881f3+0x66cdc exception.address: 0x466cdc exception.module: 7e13d61edde7ff3212ebf324fe5881f3.exe exception.exception_code: 0xc000001d exception.offset: 421084	success
1620762780.98475 __exception__	stacktrace: registers.esp: 1638240 registers.edi: 4 registers.eax: 0 registers.ebp: 4579328 registers.edx: 4589178 registers.ebx: 4615275 registers.esi: 1983915168 registers.ecx: 0 exception.instruction_r: c7 c8 64 67 8f 06 00 00 83 c4 04 c3 03 c5 c3 b9 exception.symbol: 7e13d61edde7ff3212ebf324fe5881f3+0x66cde exception.address: 0x466cde exception.module: 7e13d61edde7ff3212ebf324fe5881f3.exe exception.exception_code: 0xc000001d exception.offset: 421086	success
1620762780.98475 __exception__	stacktrace: registers.esp: 1638240 registers.edi: 4 registers.eax: 0 registers.ebp: 4579328 registers.edx: 4589443 registers.ebx: 4615113 registers.esi: 1983915168 registers.ecx: 0 exception.instruction_r: f0 f0 c7 c8 64 67 8f 06 00 00 83 c4 04 c3 03 c5 exception.symbol: 7e13d61edde7ff3212ebf324fe5881f3+0x66c3a exception.address: 0x466c3a exception.module: 7e13d61edde7ff3212ebf324fe5881f3.exe exception.exception_code: 0xc000001d exception.offset: 420922	success
1620762780.98475 __exception__	stacktrace: registers.esp: 1638240 registers.edi: 4 registers.eax: 0 registers.ebp: 4579328 registers.edx: 4589443 registers.ebx: 4615113 registers.esi: 1983915168 registers.ecx: 0 exception.instruction_r: c7 c8 64 67 8f 06 00 00 83 c4 04 c3 03 c5 c3 b9 exception.symbol: 7e13d61edde7ff3212ebf324fe5881f3+0x66c3c exception.address: 0x466c3c exception.module: 7e13d61edde7ff3212ebf324fe5881f3.exe exception.exception_code: 0xc000001d exception.offset: 420924	success
1620762780.98475 __exception__	stacktrace: registers.esp: 1638240 registers.edi: 4 registers.eax: 0 registers.ebp: 4579328 registers.edx: 4589671 registers.ebx: 4614951 registers.esi: 1983915168 registers.ecx: 0 exception.instruction_r: f0 f0 c7 c8 64 67 8f 06 00 00 83 c4 04 c3 03 c5 exception.symbol: 7e13d61edde7ff3212ebf324fe5881f3+0x66b98 exception.address: 0x466b98 exception.module: 7e13d61edde7ff3212ebf324fe5881f3.exe exception.exception_code: 0xc000001d exception.offset: 420760	success
1620762780.98475 __exception__	stacktrace: registers.esp: 1638240 registers.edi: 4 registers.eax: 0 registers.ebp: 4579328 registers.edx: 4589671 registers.ebx: 4614951 registers.esi: 1983915168 registers.ecx: 0 exception.instruction_r: c7 c8 64 67 8f 06 00 00 83 c4 04 c3 03 c5 c3 b9 exception.symbol: 7e13d61edde7ff3212ebf324fe5881f3+0x66b9a exception.address: 0x466b9a exception.module: 7e13d61edde7ff3212ebf324fe5881f3.exe exception.exception_code: 0xc000001d exception.offset: 420762	success
1620762780.98475 __exception__	stacktrace: registers.esp: 1638240 registers.edi: 4 registers.eax: 0 registers.ebp: 4579328 registers.edx: 4589903 registers.ebx: 4614787 registers.esi: 1983915168 registers.ecx: 0 exception.instruction_r: f0 f0 c7 c8 64 67 8f 06 00 00 83 c4 04 c3 03 c5 exception.symbol: 7e13d61edde7ff3212ebf324fe5881f3+0x66af6 exception.address: 0x466af6 exception.module: 7e13d61edde7ff3212ebf324fe5881f3.exe exception.exception_code: 0xc000001d exception.offset: 420598	success
1620762780.98475 __exception__	stacktrace: registers.esp: 1638240 registers.edi: 4 registers.eax: 0 registers.ebp: 4579328 registers.edx: 4589903 registers.ebx: 4614787 registers.esi: 1983915168 registers.ecx: 0 exception.instruction_r: c7 c8 64 67 8f 06 00 00 83 c4 04 c3 03 c5 c3 b9 exception.symbol: 7e13d61edde7ff3212ebf324fe5881f3+0x66af8 exception.address: 0x466af8 exception.module: 7e13d61edde7ff3212ebf324fe5881f3.exe exception.exception_code: 0xc000001d exception.offset: 420600	success
1620762780.98475 __exception__	stacktrace: registers.esp: 1638240 registers.edi: 4 registers.eax: 0 registers.ebp: 4579328 registers.edx: 4590178 registers.ebx: 4614623 registers.esi: 1983915168 registers.ecx: 0 exception.instruction_r: f0 f0 c7 c8 64 67 8f 06 00 00 83 c4 04 c3 03 c5 exception.symbol: 7e13d61edde7ff3212ebf324fe5881f3+0x66a52 exception.address: 0x466a52 exception.module: 7e13d61edde7ff3212ebf324fe5881f3.exe exception.exception_code: 0xc000001d exception.offset: 420434	success
1620762780.98475 __exception__	stacktrace: registers.esp: 1638240 registers.edi: 4 registers.eax: 0 registers.ebp: 4579328 registers.edx: 4590178 registers.ebx: 4614623 registers.esi: 1983915168 registers.ecx: 0 exception.instruction_r: c7 c8 64 67 8f 06 00 00 83 c4 04 c3 03 c5 c3 b9 exception.symbol: 7e13d61edde7ff3212ebf324fe5881f3+0x66a54 exception.address: 0x466a54 exception.module: 7e13d61edde7ff3212ebf324fe5881f3.exe exception.exception_code: 0xc000001d exception.offset: 420436	success
1620762780.98475 __exception__	stacktrace: registers.esp: 1638240 registers.edi: 4 registers.eax: 0 registers.ebp: 4579328 registers.edx: 4590385 registers.ebx: 4614459 registers.esi: 1983915168 registers.ecx: 0 exception.instruction_r: f0 f0 c7 c8 64 67 8f 06 00 00 83 c4 04 c3 03 c5 exception.symbol: 7e13d61edde7ff3212ebf324fe5881f3+0x669ae exception.address: 0x4669ae exception.module: 7e13d61edde7ff3212ebf324fe5881f3.exe exception.exception_code: 0xc000001d exception.offset: 420270	success
1620762780.98475 __exception__	stacktrace: registers.esp: 1638240 registers.edi: 4 registers.eax: 0 registers.ebp: 4579328 registers.edx: 4590385 registers.ebx: 4614459 registers.esi: 1983915168 registers.ecx: 0 exception.instruction_r: c7 c8 64 67 8f 06 00 00 83 c4 04 c3 03 c5 c3 b9 exception.symbol: 7e13d61edde7ff3212ebf324fe5881f3+0x669b0 exception.address: 0x4669b0 exception.module: 7e13d61edde7ff3212ebf324fe5881f3.exe exception.exception_code: 0xc000001d exception.offset: 420272	success
1620762780.98475 __exception__	stacktrace: registers.esp: 1638240 registers.edi: 4 registers.eax: 0 registers.ebp: 4579328 registers.edx: 4590650 registers.ebx: 4614297 registers.esi: 1983915168 registers.ecx: 0 exception.instruction_r: f0 f0 c7 c8 64 67 8f 06 00 00 83 c4 04 c3 03 c5 exception.symbol: 7e13d61edde7ff3212ebf324fe5881f3+0x6690a exception.address: 0x46690a exception.module: 7e13d61edde7ff3212ebf324fe5881f3.exe exception.exception_code: 0xc000001d exception.offset: 420106	success
1620762780.98475 __exception__	stacktrace: registers.esp: 1638240 registers.edi: 4 registers.eax: 0 registers.ebp: 4579328 registers.edx: 4590650 registers.ebx: 4614297 registers.esi: 1983915168 registers.ecx: 0 exception.instruction_r: c7 c8 64 67 8f 06 00 00 83 c4 04 c3 03 c5 c3 b9 exception.symbol: 7e13d61edde7ff3212ebf324fe5881f3+0x6690c exception.address: 0x46690c exception.module: 7e13d61edde7ff3212ebf324fe5881f3.exe exception.exception_code: 0xc000001d exception.offset: 420108	success
1620762780.98475 __exception__	stacktrace: registers.esp: 1638240 registers.edi: 4 registers.eax: 0 registers.ebp: 4579328 registers.edx: 4590872 registers.ebx: 4614133 registers.esi: 1983915168 registers.ecx: 0 exception.instruction_r: f0 f0 c7 c8 64 67 8f 06 00 00 83 c4 04 c3 03 c5 exception.symbol: 7e13d61edde7ff3212ebf324fe5881f3+0x66868 exception.address: 0x466868 exception.module: 7e13d61edde7ff3212ebf324fe5881f3.exe exception.exception_code: 0xc000001d exception.offset: 419944	success
1620762780.98475 __exception__	stacktrace: registers.esp: 1638240 registers.edi: 4 registers.eax: 0 registers.ebp: 4579328 registers.edx: 4590872 registers.ebx: 4614133 registers.esi: 1983915168 registers.ecx: 0 exception.instruction_r: c7 c8 64 67 8f 06 00 00 83 c4 04 c3 03 c5 c3 b9 exception.symbol: 7e13d61edde7ff3212ebf324fe5881f3+0x6686a exception.address: 0x46686a exception.module: 7e13d61edde7ff3212ebf324fe5881f3.exe exception.exception_code: 0xc000001d exception.offset: 419946	success
1620762780.98475 __exception__	stacktrace: registers.esp: 1638240 registers.edi: 4 registers.eax: 0 registers.ebp: 4579328 registers.edx: 4591133 registers.ebx: 4613970 registers.esi: 1983915168 registers.ecx: 0 exception.instruction_r: f0 f0 c7 c8 64 67 8f 06 00 00 83 c4 04 c3 03 c5 exception.symbol: 7e13d61edde7ff3212ebf324fe5881f3+0x667c4 exception.address: 0x4667c4 exception.module: 7e13d61edde7ff3212ebf324fe5881f3.exe exception.exception_code: 0xc000001d exception.offset: 419780	success
1620762780.98475 __exception__	stacktrace: registers.esp: 1638240 registers.edi: 4 registers.eax: 0 registers.ebp: 4579328 registers.edx: 4591133 registers.ebx: 4613970 registers.esi: 1983915168 registers.ecx: 0 exception.instruction_r: c7 c8 64 67 8f 06 00 00 83 c4 04 c3 03 c5 c3 b9 exception.symbol: 7e13d61edde7ff3212ebf324fe5881f3+0x667c6 exception.address: 0x4667c6 exception.module: 7e13d61edde7ff3212ebf324fe5881f3.exe exception.exception_code: 0xc000001d exception.offset: 419782	success
1620762780.98475 __exception__	stacktrace: registers.esp: 1638240 registers.edi: 4 registers.eax: 0 registers.ebp: 4579328 registers.edx: 4591303 registers.ebx: 4613806 registers.esi: 1983915168 registers.ecx: 0 exception.instruction_r: f0 f0 c7 c8 64 67 8f 06 00 00 83 c4 04 c3 03 c5 exception.symbol: 7e13d61edde7ff3212ebf324fe5881f3+0x66721 exception.address: 0x466721 exception.module: 7e13d61edde7ff3212ebf324fe5881f3.exe exception.exception_code: 0xc000001d exception.offset: 419617	success
1620762780.98475 __exception__	stacktrace: registers.esp: 1638240 registers.edi: 4 registers.eax: 0 registers.ebp: 4579328 registers.edx: 4591303 registers.ebx: 4613806 registers.esi: 1983915168 registers.ecx: 0 exception.instruction_r: c7 c8 64 67 8f 06 00 00 83 c4 04 c3 03 c5 c3 b9 exception.symbol: 7e13d61edde7ff3212ebf324fe5881f3+0x66723 exception.address: 0x466723 exception.module: 7e13d61edde7ff3212ebf324fe5881f3.exe exception.exception_code: 0xc000001d exception.offset: 419619	success

One or more potentially interesting buffers were extracted, these generally contain injected code, configuration data, etc.

Allocates read-write-execute memory (usually to unpack itself) (3 个事件)

Time & API	Arguments	Status
1620762785.968625 NtProtectVirtualMemory	process_identifier: 340 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 450560 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff base_address: 0x01f61000	success
1620762790.624625 NtAllocateVirtualMemory	process_identifier: 340 region_size: 90112 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 8192 (MEM_RESERVE) base_address: 0x02fc0000	success
1620762790.624625 NtAllocateVirtualMemory	process_identifier: 340 region_size: 90112 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 4096 (MEM_COMMIT) base_address: 0x02fc0000	success

File has been identified by 6 AntiVirus engines on VirusTotal as malicious (6 个事件)

Bkav	W32.AIDetectVM.malware1
Zillya	Trojan.Kryptik.Win32.1076983
Cybereason	malicious.b66b24
Cyren	W32/S-487e659d!Eldorado
APEX	Malicious
Ikarus	Trojan.Win32.Crypt

The binary likely contains encrypted or compressed data indicative of a packer (4 个事件)

entropy

7.974720201210093

section

{'size_of_data': '0x00043000', 'virtual_address': '0x0000e000', 'entropy': 7.974720201210093, 'name': '.text1', 'virtual_size': '0x00050000'}

description

A section with a high entropy has been found

entropy

7.010505200996413

section

{'size_of_data': '0x0000d000', 'virtual_address': '0x0005e000', 'entropy': 7.010505200996413, 'name': '.adata', 'virtual_size': '0x00010000'}

description

A section with a high entropy has been found

entropy

7.990640730339243

section

{'size_of_data': '0x0004e000', 'virtual_address': '0x0008e000', 'entropy': 7.990640730339243, 'name': '.pdata', 'virtual_size': '0x00050000'}

description

A section with a high entropy has been found

entropy

0.9132947976878613

description

Overall entropy of this PE file is high

Communicates with host for which no DNS query was performed (1 个事件)

host

172.217.24.14

Creates an Alternate Data Stream (ADS) (1 个事件)

file	C:\ProgramData\TEMP:D308F81C

Checks for the presence of known devices from debuggers and forensic tools (4 个事件)

file	\??\SICE
file	\??\SIWVID
file	\??\SIWDEBUG
file	\??\NTICE

Checks for the presence of known windows from debuggers and forensic tools (7 个事件)

Time & API	Arguments	Status
1620762789.359625 FindWindowA	class_name: FileMonClass window_name:	failed
1620762789.359625 FindWindowA	class_name: FileMonClass window_name:	failed
1620762789.359625 FindWindowA	class_name: RegMonClass window_name:	failed
1620762789.359625 FindWindowA	class_name: RegMonClass window_name:	failed
1620762789.359625 FindWindowA	class_name: PROCMON_WINDOW_CLASS window_name:	failed
1620762790.452625 FindWindowA	class_name: ThunderRT6FormDC window_name: Shareware Cheater v 3.0	failed
1620762790.452625 FindWindowA	class_name: ThunderRT6FormDC window_name:	failed

Checks the version of Bios, possibly for anti-virtualization (1 个事件)

registry

HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion

Queries information on disks, possibly for anti-virtualization (2 个事件)

Time & API	Arguments	Status	Return	Repeated
1620762786.577625 NtCreateFile	create_disposition: 3 (FILE_OPEN_IF) file_handle: 0x00000164 filepath: \??\PHYSICALDRIVE0 desired_access: 0x00100080 (FILE_READ_ATTRIBUTES\|SYNCHRONIZE) file_attributes: 0 () filepath_r: \??\PHYSICALDRIVE0 create_options: 96 (FILE_NON_DIRECTORY_FILE\|FILE_SYNCHRONOUS_IO_NONALERT) status_info: 0 (FILE_SUPERSEDED) share_access: 3 (FILE_SHARE_READ\|FILE_SHARE_WRITE)	success	0	0
1620762786.577625 DeviceIoControl	input_buffer: device_handle: 0x00000164 control_code: 458752 (IOCTL_DISK_GET_DRIVE_GEOMETRY) output_buffer: Qÿ?	success	1	0

Potential code injection by writing to the memory of another process (2 个事件)

Time & API	Arguments	Status	Return	Repeated
1620762781.01575 WriteProcessMemory	process_identifier: 340 buffer: ëþ process_handle: 0x00000074 base_address: 0x0045e000	success	1	0
1620762785.40575 WriteProcessMemory	process_identifier: 340 buffer: `è process_handle: 0x00000074 base_address: 0x0045e000	success	1	0

Used NtSetContextThread to modify a thread in a remote process indicative of process injection (50 out of 630 个事件)

Time & API	Arguments	Status	Return	Repeated
Process injection	Process 324 called NtSetContextThread to modify thread in remote process 340
1620762790.79675 NtSetContextThread	thread_handle: 0x00000070 registers.eip: 4202583 registers.esp: 1632364 registers.edi: 0 registers.eax: 0 registers.ebp: 1632648 registers.edx: 0 registers.ebx: 0 registers.esi: 0 registers.ecx: 0 process_identifier: 340	success	0	0
1620762790.79675 NtSetContextThread	thread_handle: 0x00000070 registers.eip: 4202596 registers.esp: 1632364 registers.edi: 0 registers.eax: 0 registers.ebp: 1632648 registers.edx: 0 registers.ebx: 0 registers.esi: 0 registers.ecx: 0 process_identifier: 340	success	0	0
1620762790.79675 NtSetContextThread	thread_handle: 0x00000070 registers.eip: 4202601 registers.esp: 1632364 registers.edi: 0 registers.eax: 0 registers.ebp: 1632648 registers.edx: 0 registers.ebx: 0 registers.esi: 0 registers.ecx: 0 process_identifier: 340	success	0	0
1620762790.79675 NtSetContextThread	thread_handle: 0x00000070 registers.eip: 4202612 registers.esp: 1632364 registers.edi: 0 registers.eax: 0 registers.ebp: 1632648 registers.edx: 0 registers.ebx: 0 registers.esi: 0 registers.ecx: 0 process_identifier: 340	success	0	0
1620762790.79675 NtSetContextThread	thread_handle: 0x00000070 registers.eip: 4202659 registers.esp: 1632356 registers.edi: 0 registers.eax: 0 registers.ebp: 1632648 registers.edx: 0 registers.ebx: 0 registers.esi: 0 registers.ecx: 0 process_identifier: 340	success	0	0
1620762790.79675 NtSetContextThread	thread_handle: 0x00000070 registers.eip: 4202665 registers.esp: 1632356 registers.edi: 0 registers.eax: 0 registers.ebp: 1632648 registers.edx: 0 registers.ebx: 0 registers.esi: 0 registers.ecx: 0 process_identifier: 340	success	0	0
1620762790.79675 NtSetContextThread	thread_handle: 0x00000070 registers.eip: 4202667 registers.esp: 1632356 registers.edi: 0 registers.eax: 0 registers.ebp: 1632648 registers.edx: 0 registers.ebx: 0 registers.esi: 0 registers.ecx: 0 process_identifier: 340	success	0	0
1620762790.79675 NtSetContextThread	thread_handle: 0x00000070 registers.eip: 4201895 registers.esp: 1629188 registers.edi: 0 registers.eax: 0 registers.ebp: 1632348 registers.edx: 0 registers.ebx: 0 registers.esi: 0 registers.ecx: 0 process_identifier: 340	success	0	0
1620762790.79675 NtSetContextThread	thread_handle: 0x00000070 registers.eip: 4201963 registers.esp: 1629188 registers.edi: 0 registers.eax: 0 registers.ebp: 1632348 registers.edx: 0 registers.ebx: 0 registers.esi: 0 registers.ecx: 0 process_identifier: 340	success	0	0
1620762790.79675 NtSetContextThread	thread_handle: 0x00000070 registers.eip: 4201965 registers.esp: 1629188 registers.edi: 0 registers.eax: 0 registers.ebp: 1632348 registers.edx: 0 registers.ebx: 0 registers.esi: 0 registers.ecx: 0 process_identifier: 340	success	0	0
1620762790.79675 NtSetContextThread	thread_handle: 0x00000070 registers.eip: 4202024 registers.esp: 1629188 registers.edi: 0 registers.eax: 0 registers.ebp: 1632348 registers.edx: 0 registers.ebx: 0 registers.esi: 0 registers.ecx: 0 process_identifier: 340	success	0	0
1620762790.79675 NtSetContextThread	thread_handle: 0x00000070 registers.eip: 4202035 registers.esp: 1629188 registers.edi: 0 registers.eax: 0 registers.ebp: 1632348 registers.edx: 0 registers.ebx: 0 registers.esi: 0 registers.ecx: 0 process_identifier: 340	success	0	0
1620762790.79675 NtSetContextThread	thread_handle: 0x00000070 registers.eip: 4202037 registers.esp: 1629188 registers.edi: 0 registers.eax: 0 registers.ebp: 1632348 registers.edx: 0 registers.ebx: 0 registers.esi: 0 registers.ecx: 0 process_identifier: 340	success	0	0
1620762790.79675 NtSetContextThread	thread_handle: 0x00000070 registers.eip: 4202043 registers.esp: 1629188 registers.edi: 0 registers.eax: 0 registers.ebp: 1632348 registers.edx: 0 registers.ebx: 0 registers.esi: 0 registers.ecx: 0 process_identifier: 340	success	0	0
1620762790.79675 NtSetContextThread	thread_handle: 0x00000070 registers.eip: 4202059 registers.esp: 1629184 registers.edi: 0 registers.eax: 0 registers.ebp: 1632348 registers.edx: 0 registers.ebx: 0 registers.esi: 0 registers.ecx: 0 process_identifier: 340	success	0	0
1620762790.79675 NtSetContextThread	thread_handle: 0x00000070 registers.eip: 4202072 registers.esp: 1629184 registers.edi: 0 registers.eax: 0 registers.ebp: 1632348 registers.edx: 0 registers.ebx: 0 registers.esi: 0 registers.ecx: 0 process_identifier: 340	success	0	0
1620762790.81275 NtSetContextThread	thread_handle: 0x00000070 registers.eip: 4202094 registers.esp: 1629184 registers.edi: 0 registers.eax: 0 registers.ebp: 1632348 registers.edx: 0 registers.ebx: 0 registers.esi: 0 registers.ecx: 0 process_identifier: 340	success	0	0
1620762790.81275 NtSetContextThread	thread_handle: 0x00000070 registers.eip: 4202104 registers.esp: 1629184 registers.edi: 0 registers.eax: 0 registers.ebp: 1632348 registers.edx: 0 registers.ebx: 0 registers.esi: 0 registers.ecx: 0 process_identifier: 340	success	0	0
1620762790.81275 NtSetContextThread	thread_handle: 0x00000070 registers.eip: 4202216 registers.esp: 1629188 registers.edi: 0 registers.eax: 0 registers.ebp: 1632348 registers.edx: 0 registers.ebx: 0 registers.esi: 0 registers.ecx: 0 process_identifier: 340	success	0	0
1620762790.81275 NtSetContextThread	thread_handle: 0x00000070 registers.eip: 4202218 registers.esp: 1629188 registers.edi: 0 registers.eax: 0 registers.ebp: 1632348 registers.edx: 0 registers.ebx: 0 registers.esi: 0 registers.ecx: 0 process_identifier: 340	success	0	0
1620762790.81275 NtSetContextThread	thread_handle: 0x00000070 registers.eip: 4202236 registers.esp: 1629188 registers.edi: 0 registers.eax: 0 registers.ebp: 1632348 registers.edx: 0 registers.ebx: 0 registers.esi: 0 registers.ecx: 0 process_identifier: 340	success	0	0
1620762790.81275 NtSetContextThread	thread_handle: 0x00000070 registers.eip: 4202251 registers.esp: 1629184 registers.edi: 0 registers.eax: 0 registers.ebp: 1632348 registers.edx: 0 registers.ebx: 0 registers.esi: 0 registers.ecx: 0 process_identifier: 340	success	0	0
1620762790.81275 NtSetContextThread	thread_handle: 0x00000070 registers.eip: 4202260 registers.esp: 1629184 registers.edi: 0 registers.eax: 0 registers.ebp: 1632348 registers.edx: 0 registers.ebx: 0 registers.esi: 0 registers.ecx: 0 process_identifier: 340	success	0	0
1620762790.81275 NtSetContextThread	thread_handle: 0x00000070 registers.eip: 4201543 registers.esp: 1628640 registers.edi: 0 registers.eax: 0 registers.ebp: 1629172 registers.edx: 0 registers.ebx: 0 registers.esi: 0 registers.ecx: 0 process_identifier: 340	success	0	0
1620762790.81275 NtSetContextThread	thread_handle: 0x00000070 registers.eip: 4201645 registers.esp: 1628640 registers.edi: 0 registers.eax: 0 registers.ebp: 1629172 registers.edx: 0 registers.ebx: 0 registers.esi: 0 registers.ecx: 0 process_identifier: 340	success	0	0
1620762790.81275 NtSetContextThread	thread_handle: 0x00000070 registers.eip: 4201651 registers.esp: 1628640 registers.edi: 0 registers.eax: 0 registers.ebp: 1629172 registers.edx: 0 registers.ebx: 0 registers.esi: 0 registers.ecx: 0 process_identifier: 340	success	0	0
1620762790.81275 NtSetContextThread	thread_handle: 0x00000070 registers.eip: 4201636 registers.esp: 1628640 registers.edi: 0 registers.eax: 0 registers.ebp: 1629172 registers.edx: 0 registers.ebx: 0 registers.esi: 0 registers.ecx: 0 process_identifier: 340	success	0	0
1620762790.81275 NtSetContextThread	thread_handle: 0x00000070 registers.eip: 4201651 registers.esp: 1628640 registers.edi: 0 registers.eax: 0 registers.ebp: 1629172 registers.edx: 0 registers.ebx: 0 registers.esi: 0 registers.ecx: 0 process_identifier: 340	success	0	0
1620762790.81275 NtSetContextThread	thread_handle: 0x00000070 registers.eip: 4201636 registers.esp: 1628640 registers.edi: 0 registers.eax: 0 registers.ebp: 1629172 registers.edx: 0 registers.ebx: 0 registers.esi: 0 registers.ecx: 0 process_identifier: 340	success	0	0
1620762790.81275 NtSetContextThread	thread_handle: 0x00000070 registers.eip: 4201651 registers.esp: 1628640 registers.edi: 0 registers.eax: 0 registers.ebp: 1629172 registers.edx: 0 registers.ebx: 0 registers.esi: 0 registers.ecx: 0 process_identifier: 340	success	0	0
1620762790.81275 NtSetContextThread	thread_handle: 0x00000070 registers.eip: 4201636 registers.esp: 1628640 registers.edi: 0 registers.eax: 0 registers.ebp: 1629172 registers.edx: 0 registers.ebx: 0 registers.esi: 0 registers.ecx: 0 process_identifier: 340	success	0	0
1620762790.81275 NtSetContextThread	thread_handle: 0x00000070 registers.eip: 4201651 registers.esp: 1628640 registers.edi: 0 registers.eax: 0 registers.ebp: 1629172 registers.edx: 0 registers.ebx: 0 registers.esi: 0 registers.ecx: 0 process_identifier: 340	success	0	0
1620762790.81275 NtSetContextThread	thread_handle: 0x00000070 registers.eip: 4201636 registers.esp: 1628640 registers.edi: 0 registers.eax: 0 registers.ebp: 1629172 registers.edx: 0 registers.ebx: 0 registers.esi: 0 registers.ecx: 0 process_identifier: 340	success	0	0
1620762790.81275 NtSetContextThread	thread_handle: 0x00000070 registers.eip: 4201757 registers.esp: 1628640 registers.edi: 0 registers.eax: 0 registers.ebp: 1629172 registers.edx: 0 registers.ebx: 0 registers.esi: 0 registers.ecx: 0 process_identifier: 340	success	0	0
1620762790.81275 NtSetContextThread	thread_handle: 0x00000070 registers.eip: 4201775 registers.esp: 1628640 registers.edi: 0 registers.eax: 0 registers.ebp: 1629172 registers.edx: 0 registers.ebx: 0 registers.esi: 0 registers.ecx: 0 process_identifier: 340	success	0	0
1620762790.81275 NtSetContextThread	thread_handle: 0x00000070 registers.eip: 4201795 registers.esp: 1628640 registers.edi: 0 registers.eax: 0 registers.ebp: 1629172 registers.edx: 0 registers.ebx: 0 registers.esi: 0 registers.ecx: 0 process_identifier: 340	success	0	0
1620762790.81275 NtSetContextThread	thread_handle: 0x00000070 registers.eip: 4201764 registers.esp: 1628640 registers.edi: 0 registers.eax: 0 registers.ebp: 1629172 registers.edx: 0 registers.ebx: 0 registers.esi: 0 registers.ecx: 0 process_identifier: 340	success	0	0
1620762790.81275 NtSetContextThread	thread_handle: 0x00000070 registers.eip: 4201775 registers.esp: 1628640 registers.edi: 0 registers.eax: 0 registers.ebp: 1629172 registers.edx: 0 registers.ebx: 0 registers.esi: 0 registers.ecx: 0 process_identifier: 340	success	0	0
1620762790.81275 NtSetContextThread	thread_handle: 0x00000070 registers.eip: 4201795 registers.esp: 1628640 registers.edi: 0 registers.eax: 0 registers.ebp: 1629172 registers.edx: 0 registers.ebx: 0 registers.esi: 0 registers.ecx: 0 process_identifier: 340	success	0	0
1620762790.81275 NtSetContextThread	thread_handle: 0x00000070 registers.eip: 4201764 registers.esp: 1628640 registers.edi: 0 registers.eax: 0 registers.ebp: 1629172 registers.edx: 0 registers.ebx: 0 registers.esi: 0 registers.ecx: 0 process_identifier: 340	success	0	0
1620762790.81275 NtSetContextThread	thread_handle: 0x00000070 registers.eip: 4201775 registers.esp: 1628640 registers.edi: 0 registers.eax: 0 registers.ebp: 1629172 registers.edx: 0 registers.ebx: 0 registers.esi: 0 registers.ecx: 0 process_identifier: 340	success	0	0
1620762790.81275 NtSetContextThread	thread_handle: 0x00000070 registers.eip: 4201795 registers.esp: 1628640 registers.edi: 0 registers.eax: 0 registers.ebp: 1629172 registers.edx: 0 registers.ebx: 0 registers.esi: 0 registers.ecx: 0 process_identifier: 340	success	0	0
1620762790.81275 NtSetContextThread	thread_handle: 0x00000070 registers.eip: 4201764 registers.esp: 1628640 registers.edi: 0 registers.eax: 0 registers.ebp: 1629172 registers.edx: 0 registers.ebx: 0 registers.esi: 0 registers.ecx: 0 process_identifier: 340	success	0	0
1620762790.81275 NtSetContextThread	thread_handle: 0x00000070 registers.eip: 4201775 registers.esp: 1628640 registers.edi: 0 registers.eax: 0 registers.ebp: 1629172 registers.edx: 0 registers.ebx: 0 registers.esi: 0 registers.ecx: 0 process_identifier: 340	success	0	0
1620762790.81275 NtSetContextThread	thread_handle: 0x00000070 registers.eip: 4201795 registers.esp: 1628640 registers.edi: 0 registers.eax: 0 registers.ebp: 1629172 registers.edx: 0 registers.ebx: 0 registers.esi: 0 registers.ecx: 0 process_identifier: 340	success	0	0
1620762790.81275 NtSetContextThread	thread_handle: 0x00000070 registers.eip: 4201764 registers.esp: 1628640 registers.edi: 0 registers.eax: 0 registers.ebp: 1629172 registers.edx: 0 registers.ebx: 0 registers.esi: 0 registers.ecx: 0 process_identifier: 340	success	0	0
1620762790.81275 NtSetContextThread	thread_handle: 0x00000070 registers.eip: 4201775 registers.esp: 1628640 registers.edi: 0 registers.eax: 0 registers.ebp: 1629172 registers.edx: 0 registers.ebx: 0 registers.esi: 0 registers.ecx: 0 process_identifier: 340	success	0	0
1620762790.81275 NtSetContextThread	thread_handle: 0x00000070 registers.eip: 4201795 registers.esp: 1628640 registers.edi: 0 registers.eax: 0 registers.ebp: 1629172 registers.edx: 0 registers.ebx: 0 registers.esi: 0 registers.ecx: 0 process_identifier: 340	success	0	0
1620762790.81275 NtSetContextThread	thread_handle: 0x00000070 registers.eip: 4201764 registers.esp: 1628640 registers.edi: 0 registers.eax: 0 registers.ebp: 1629172 registers.edx: 0 registers.ebx: 0 registers.esi: 0 registers.ecx: 0 process_identifier: 340	success	0	0

Resumed a suspended thread in a remote process potentially indicative of process injection (5 个事件)

Time & API	Arguments	Status	Return	Repeated
Process injection	Process 324 resumed a thread in remote process 340
1620762781.18775 NtResumeThread	thread_handle: 0x00000070 suspend_count: 1 process_identifier: 340	success	0	0
1620762785.24975 NtResumeThread	thread_handle: 0x00000070 suspend_count: 1 process_identifier: 340	success	0	0
1620762785.40575 NtResumeThread	thread_handle: 0x00000070 suspend_count: 1 process_identifier: 340	success	0	0
1620762785.46875 NtResumeThread	thread_handle: 0x00000070 suspend_count: 2 process_identifier: 340	success	0	0

Detects VMWare through the in instruction feature (1 个事件)

Time & API	Arguments	Status	Return	Repeated
1620762789.359625 __exception__	stacktrace: SetFunctionAddresses+0x203f @ 0x1f83f5f 7e13d61edde7ff3212ebf324fe5881f3+0x39ec1 @ 0x439ec1 SetFunctionAddresses+0x2020 @ 0x1f83f40 SetFunctionAddresses-0x8853 @ 0x1f796cd SetFunctionAddresses+0x2319a @ 0x1fa50ba 7e13d61edde7ff3212ebf324fe5881f3+0x39ec1 @ 0x439ec1 SetFunctionAddresses+0x21d26 @ 0x1fa3c46 7e13d61edde7ff3212ebf324fe5881f3+0x31fce @ 0x431fce 7e13d61edde7ff3212ebf324fe5881f3+0x334df @ 0x4334df 7e13d61edde7ff3212ebf324fe5881f3+0x335c8 @ 0x4335c8 7e13d61edde7ff3212ebf324fe5881f3+0x33ea9 @ 0x433ea9 7e13d61edde7ff3212ebf324fe5881f3+0x46dd9 @ 0x446dd9 7e13d61edde7ff3212ebf324fe5881f3+0x5e000 @ 0x45e000 registers.esp: 1631684 registers.edi: 3276587286 registers.eax: 1447909480 registers.ebp: 1631692 registers.edx: 22104 registers.ebx: 0 registers.esi: 745242066 registers.ecx: 10 exception.instruction_r: ed 81 fb 68 58 4d 56 75 04 c6 45 ff 01 8a 45 ff exception.instruction: in eax, dx exception.exception_code: 0xc0000096 exception.symbol: SetFunctionAddresses+0x206d exception.address: 0x1f83f8d	success	0	0

Time & API

Arguments

Status

Return

Repeated

1620762789.359625
__exception__

stacktrace:

SetFunctionAddresses+0x203f @ 0x1f83f5f
7e13d61edde7ff3212ebf324fe5881f3+0x39ec1 @ 0x439ec1
SetFunctionAddresses+0x2020 @ 0x1f83f40
SetFunctionAddresses-0x8853 @ 0x1f796cd
SetFunctionAddresses+0x2319a @ 0x1fa50ba
7e13d61edde7ff3212ebf324fe5881f3+0x39ec1 @ 0x439ec1
SetFunctionAddresses+0x21d26 @ 0x1fa3c46
7e13d61edde7ff3212ebf324fe5881f3+0x31fce @ 0x431fce
7e13d61edde7ff3212ebf324fe5881f3+0x334df @ 0x4334df
7e13d61edde7ff3212ebf324fe5881f3+0x335c8 @ 0x4335c8
7e13d61edde7ff3212ebf324fe5881f3+0x33ea9 @ 0x433ea9
7e13d61edde7ff3212ebf324fe5881f3+0x46dd9 @ 0x446dd9
7e13d61edde7ff3212ebf324fe5881f3+0x5e000 @ 0x45e000

registers.esp: 1631684
registers.edi: 3276587286
registers.eax: 1447909480
registers.ebp: 1631692
registers.edx: 22104
registers.ebx: 0
registers.esi: 745242066
registers.ecx: 10
exception.instruction_r: ed 81 fb 68 58 4d 56 75 04 c6 45 ff 01 8a 45 ff
exception.instruction: in eax, dx
exception.exception_code: 0xc0000096
exception.symbol: SetFunctionAddresses+0x206d
exception.address: 0x1f83f8d

success

Connects to an IP address that is no longer responding to requests (legitimate services will remain up-and-running usually) (1 个事件)

dead_host

172.217.160.78:443

Executed a process and injected code into it, probably while unpacking (50 out of 1273 个事件)

Time & API	Arguments	Status	Return
1620762781.01575 CreateProcessInternalW	thread_identifier: 2536 thread_handle: 0x00000070 process_identifier: 340 current_directory: filepath: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\7e13d61edde7ff3212ebf324fe5881f3.exe track: 1 command_line: "C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\7e13d61edde7ff3212ebf324fe5881f3.exe" filepath_r: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\7e13d61edde7ff3212ebf324fe5881f3.exe stack_pivoted: 0 creation_flags: 4 (CREATE_SUSPENDED) process_handle: 0x00000074 inherit_handles: 1	success	1
1620762781.01575 WriteProcessMemory	process_identifier: 340 buffer: ëþ process_handle: 0x00000074 base_address: 0x0045e000	success	1
1620762781.18775 NtResumeThread	thread_handle: 0x00000070 suspend_count: 1 process_identifier: 340	success	0
1620762781.29675 NtGetContextThread	thread_handle: 0x00000070	success	0
1620762785.24975 NtResumeThread	thread_handle: 0x00000070 suspend_count: 1 process_identifier: 340	success	0
1620762785.35975 NtGetContextThread	thread_handle: 0x00000070	success	0
1620762785.40575 NtResumeThread	thread_handle: 0x00000070 suspend_count: 1 process_identifier: 340	success	0
1620762785.40575 WriteProcessMemory	process_identifier: 340 buffer: `è process_handle: 0x00000074 base_address: 0x0045e000	success	1
1620762785.46875 NtResumeThread	thread_handle: 0x00000070 suspend_count: 2 process_identifier: 340	success	0
1620762790.78075 NtGetContextThread	thread_handle: 0x00000070	success	0
1620762790.78075 WriteProcessMemory	process_identifier: 340 buffer: process_handle: 0x00000074 base_address: 0x00408000	success	1
1620762790.78075 WriteProcessMemory	process_identifier: 340 buffer: process_handle: 0x00000074 base_address: 0x00409000	success	1
1620762790.78075 WriteProcessMemory	process_identifier: 340 buffer: process_handle: 0x00000074 base_address: 0x00401000	success	1
1620762790.79675 WriteProcessMemory	process_identifier: 340 buffer: process_handle: 0x00000074 base_address: 0x00402000	success	1
1620762790.79675 NtGetContextThread	thread_handle: 0x00000070	success	0
1620762790.79675 NtSetContextThread	thread_handle: 0x00000070 registers.eip: 4202583 registers.esp: 1632364 registers.edi: 0 registers.eax: 0 registers.ebp: 1632648 registers.edx: 0 registers.ebx: 0 registers.esi: 0 registers.ecx: 0 process_identifier: 340	success	0
1620762790.79675 NtGetContextThread	thread_handle: 0x00000070	success	0
1620762790.79675 NtSetContextThread	thread_handle: 0x00000070 registers.eip: 4202596 registers.esp: 1632364 registers.edi: 0 registers.eax: 0 registers.ebp: 1632648 registers.edx: 0 registers.ebx: 0 registers.esi: 0 registers.ecx: 0 process_identifier: 340	success	0
1620762790.79675 NtGetContextThread	thread_handle: 0x00000070	success	0
1620762790.79675 NtSetContextThread	thread_handle: 0x00000070 registers.eip: 4202601 registers.esp: 1632364 registers.edi: 0 registers.eax: 0 registers.ebp: 1632648 registers.edx: 0 registers.ebx: 0 registers.esi: 0 registers.ecx: 0 process_identifier: 340	success	0
1620762790.79675 NtGetContextThread	thread_handle: 0x00000070	success	0
1620762790.79675 NtSetContextThread	thread_handle: 0x00000070 registers.eip: 4202612 registers.esp: 1632364 registers.edi: 0 registers.eax: 0 registers.ebp: 1632648 registers.edx: 0 registers.ebx: 0 registers.esi: 0 registers.ecx: 0 process_identifier: 340	success	0
1620762790.79675 NtGetContextThread	thread_handle: 0x00000070	success	0
1620762790.79675 NtSetContextThread	thread_handle: 0x00000070 registers.eip: 4202659 registers.esp: 1632356 registers.edi: 0 registers.eax: 0 registers.ebp: 1632648 registers.edx: 0 registers.ebx: 0 registers.esi: 0 registers.ecx: 0 process_identifier: 340	success	0
1620762790.79675 NtGetContextThread	thread_handle: 0x00000070	success	0
1620762790.79675 NtSetContextThread	thread_handle: 0x00000070 registers.eip: 4202665 registers.esp: 1632356 registers.edi: 0 registers.eax: 0 registers.ebp: 1632648 registers.edx: 0 registers.ebx: 0 registers.esi: 0 registers.ecx: 0 process_identifier: 340	success	0
1620762790.79675 NtGetContextThread	thread_handle: 0x00000070	success	0
1620762790.79675 NtSetContextThread	thread_handle: 0x00000070 registers.eip: 4202667 registers.esp: 1632356 registers.edi: 0 registers.eax: 0 registers.ebp: 1632648 registers.edx: 0 registers.ebx: 0 registers.esi: 0 registers.ecx: 0 process_identifier: 340	success	0
1620762790.79675 NtGetContextThread	thread_handle: 0x00000070	success	0
1620762790.79675 NtSetContextThread	thread_handle: 0x00000070 registers.eip: 4201895 registers.esp: 1629188 registers.edi: 0 registers.eax: 0 registers.ebp: 1632348 registers.edx: 0 registers.ebx: 0 registers.esi: 0 registers.ecx: 0 process_identifier: 340	success	0
1620762790.79675 NtGetContextThread	thread_handle: 0x00000070	success	0
1620762790.79675 NtSetContextThread	thread_handle: 0x00000070 registers.eip: 4201963 registers.esp: 1629188 registers.edi: 0 registers.eax: 0 registers.ebp: 1632348 registers.edx: 0 registers.ebx: 0 registers.esi: 0 registers.ecx: 0 process_identifier: 340	success	0
1620762790.79675 NtGetContextThread	thread_handle: 0x00000070	success	0
1620762790.79675 NtSetContextThread	thread_handle: 0x00000070 registers.eip: 4201965 registers.esp: 1629188 registers.edi: 0 registers.eax: 0 registers.ebp: 1632348 registers.edx: 0 registers.ebx: 0 registers.esi: 0 registers.ecx: 0 process_identifier: 340	success	0
1620762790.79675 NtGetContextThread	thread_handle: 0x00000070	success	0
1620762790.79675 NtSetContextThread	thread_handle: 0x00000070 registers.eip: 4202024 registers.esp: 1629188 registers.edi: 0 registers.eax: 0 registers.ebp: 1632348 registers.edx: 0 registers.ebx: 0 registers.esi: 0 registers.ecx: 0 process_identifier: 340	success	0
1620762790.79675 NtGetContextThread	thread_handle: 0x00000070	success	0
1620762790.79675 NtSetContextThread	thread_handle: 0x00000070 registers.eip: 4202035 registers.esp: 1629188 registers.edi: 0 registers.eax: 0 registers.ebp: 1632348 registers.edx: 0 registers.ebx: 0 registers.esi: 0 registers.ecx: 0 process_identifier: 340	success	0
1620762790.79675 NtGetContextThread	thread_handle: 0x00000070	success	0
1620762790.79675 NtSetContextThread	thread_handle: 0x00000070 registers.eip: 4202037 registers.esp: 1629188 registers.edi: 0 registers.eax: 0 registers.ebp: 1632348 registers.edx: 0 registers.ebx: 0 registers.esi: 0 registers.ecx: 0 process_identifier: 340	success	0
1620762790.79675 NtGetContextThread	thread_handle: 0x00000070	success	0
1620762790.79675 NtSetContextThread	thread_handle: 0x00000070 registers.eip: 4202043 registers.esp: 1629188 registers.edi: 0 registers.eax: 0 registers.ebp: 1632348 registers.edx: 0 registers.ebx: 0 registers.esi: 0 registers.ecx: 0 process_identifier: 340	success	0
1620762790.79675 NtGetContextThread	thread_handle: 0x00000070	success	0
1620762790.79675 NtSetContextThread	thread_handle: 0x00000070 registers.eip: 4202059 registers.esp: 1629184 registers.edi: 0 registers.eax: 0 registers.ebp: 1632348 registers.edx: 0 registers.ebx: 0 registers.esi: 0 registers.ecx: 0 process_identifier: 340	success	0
1620762790.79675 NtGetContextThread	thread_handle: 0x00000070	success	0
1620762790.79675 NtSetContextThread	thread_handle: 0x00000070 registers.eip: 4202072 registers.esp: 1629184 registers.edi: 0 registers.eax: 0 registers.ebp: 1632348 registers.edx: 0 registers.ebx: 0 registers.esi: 0 registers.ecx: 0 process_identifier: 340	success	0
1620762790.81275 NtGetContextThread	thread_handle: 0x00000070	success	0
1620762790.81275 NtSetContextThread	thread_handle: 0x00000070 registers.eip: 4202094 registers.esp: 1629184 registers.edi: 0 registers.eax: 0 registers.ebp: 1632348 registers.edx: 0 registers.ebx: 0 registers.esi: 0 registers.ecx: 0 process_identifier: 340	success	0
1620762790.81275 NtGetContextThread	thread_handle: 0x00000070	success	0
1620762790.81275 NtSetContextThread	thread_handle: 0x00000070 registers.eip: 4202104 registers.esp: 1629184 registers.edi: 0 registers.eax: 0 registers.ebp: 1632348 registers.edx: 0 registers.ebx: 0 registers.esi: 0 registers.ecx: 0 process_identifier: 340	success	0

暂无二进制图像该样本未生成二进制可视化图像

暂无运行截图该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手，可以帮您分析和解读恶意软件报告。请随时向我提问！

🔍 主要威胁分析

⚡ 行为特征

🛡️ 防护建议

🔧 技术手段

🎯 检测方法

🤖

Static Analysis
Strings

PE Compile Time

2020-08-24 18:31:33

Imports

Library KERNEL32.dll:

• 0x46e02c CreateThread

• 0x46e030 GlobalUnlock

• 0x46e034 GlobalLock

• 0x46e038 GlobalAlloc

• 0x46e03c GetTickCount

• 0x46e040 WideCharToMultiByte

• 0x46e044 IsBadReadPtr

• 0x46e048 GlobalAddAtomA

• 0x46e04c GlobalAddAtomW

• 0x46e050 GetModuleHandleA

• 0x46e054 GlobalFree

• 0x46e058 GlobalGetAtomNameA

• 0x46e05c GlobalDeleteAtom

• 0x46e060 GlobalGetAtomNameW

• 0x46e064 FreeConsole

• 0x46e068 GetEnvironmentVariableA

• 0x46e06c VirtualProtect

• 0x46e070 VirtualAlloc

• 0x46e074 GetProcAddress

• 0x46e078 GetLastError

• 0x46e07c LoadLibraryA

• 0x46e080 SetLastError

• 0x46e084 SetThreadPriority

• 0x46e088 GetCurrentThread

• 0x46e08c CreateProcessA

• 0x46e090 GetCommandLineA

• 0x46e094 GetStartupInfoA

• 0x46e098 SetEnvironmentVariableA

• 0x46e09c ReleaseMutex

• 0x46e0a0 WaitForSingleObject

• 0x46e0a4 CreateMutexA

• 0x46e0a8 OpenMutexA

• 0x46e0ac GetCurrentThreadId

• 0x46e0b0 CreateFileA

• 0x46e0b4 FindClose

• 0x46e0b8 FindFirstFileA

• 0x46e0bc FindFirstFileW

• 0x46e0c0 VirtualQueryEx

• 0x46e0c4 GetExitCodeProcess

• 0x46e0c8 ReadProcessMemory

• 0x46e0cc UnmapViewOfFile

• 0x46e0d0 ContinueDebugEvent

• 0x46e0d4 SetThreadContext

• 0x46e0d8 GetThreadContext

• 0x46e0dc WaitForDebugEvent

• 0x46e0e0 SuspendThread

• 0x46e0e4 DebugActiveProcess

• 0x46e0e8 ResumeThread

• 0x46e0ec CreateProcessW

• 0x46e0f0 GetCommandLineW

• 0x46e0f4 GetStartupInfoW

• 0x46e0f8 CloseHandle

• 0x46e0fc DuplicateHandle

• 0x46e100 GetCurrentProcess

• 0x46e104 CreateFileMappingA

• 0x46e108 VirtualProtectEx

• 0x46e10c WriteProcessMemory

• 0x46e110 ExitProcess

• 0x46e114 FlushFileBuffers

• 0x46e118 WriteConsoleW

• 0x46e11c GetConsoleOutputCP

• 0x46e120 WriteConsoleA

• 0x46e124 SetStdHandle

• 0x46e128 GetConsoleMode

• 0x46e12c GetConsoleCP

• 0x46e130 SetFilePointer

• 0x46e134 GetLocaleInfoA

• 0x46e138 GetStringTypeW

• 0x46e13c GetStringTypeA

• 0x46e140 LCMapStringW

• 0x46e144 MultiByteToWideChar

• 0x46e148 LCMapStringA

• 0x46e14c HeapSize

• 0x46e150 HeapReAlloc

• 0x46e154 QueryPerformanceCounter

• 0x46e158 VirtualFree

• 0x46e15c HeapCreate

• 0x46e160 HeapDestroy

• 0x46e164 GetFileType

• 0x46e168 SetHandleCount

• 0x46e16c GetEnvironmentStringsW

• 0x46e170 FreeEnvironmentStringsW

• 0x46e174 GetEnvironmentStrings

• 0x46e178 FreeEnvironmentStringsA

• 0x46e17c RtlUnwind

• 0x46e180 DeleteCriticalSection

• 0x46e184 GetStdHandle

• 0x46e188 WriteFile

• 0x46e18c TlsFree

• 0x46e190 TlsSetValue

• 0x46e194 TlsAlloc

• 0x46e198 TlsGetValue

• 0x46e19c Sleep

• 0x46e1a0 EnterCriticalSection

• 0x46e1a4 LeaveCriticalSection

• 0x46e1a8 GetVersionExA

• 0x46e1ac InitializeCriticalSection

• 0x46e1b0 GetCurrentProcessId

• 0x46e1b4 GetModuleFileNameW

• 0x46e1b8 GetShortPathNameW

• 0x46e1bc GetModuleFileNameA

• 0x46e1c0 MapViewOfFile

• 0x46e1c4 GetShortPathNameA

• 0x46e1c8 GetSystemTimeAsFileTime

• 0x46e1cc HeapFree

• 0x46e1d0 HeapAlloc

• 0x46e1d4 GetProcessHeap

• 0x46e1d8 RaiseException

• 0x46e1dc TerminateProcess

• 0x46e1e0 UnhandledExceptionFilter

• 0x46e1e4 SetUnhandledExceptionFilter

• 0x46e1e8 IsDebuggerPresent

• 0x46e1ec GetCPInfo

• 0x46e1f0 InterlockedIncrement

• 0x46e1f4 InterlockedDecrement

• 0x46e1f8 GetACP

• 0x46e1fc GetOEMCP

• 0x46e200 IsValidCodePage

Library USER32.dll:

• 0x46e208 GetDesktopWindow

• 0x46e20c MoveWindow

• 0x46e210 SetPropA

• 0x46e214 EnumThreadWindows

• 0x46e218 GetPropA

• 0x46e21c GetMessageA

• 0x46e220 GetSystemMetrics

• 0x46e224 SetTimer

• 0x46e228 GetAsyncKeyState

• 0x46e22c KillTimer

• 0x46e230 BeginPaint

• 0x46e234 EndPaint

• 0x46e238 SetWindowTextA

• 0x46e23c GetDlgItem

• 0x46e240 CreateDialogIndirectParamA

• 0x46e244 ShowWindow

• 0x46e248 UpdateWindow

• 0x46e24c LoadStringA

• 0x46e250 LoadStringW

• 0x46e254 FindWindowA

• 0x46e258 WaitForInputIdle

• 0x46e25c MessageBoxA

• 0x46e260 InSendMessage

• 0x46e264 UnpackDDElParam

• 0x46e268 FreeDDElParam

• 0x46e26c DefWindowProcA

• 0x46e270 LoadCursorA

• 0x46e274 RegisterClassW

• 0x46e278 CreateWindowExW

• 0x46e27c RegisterClassA

• 0x46e280 CreateWindowExA

• 0x46e284 GetWindowThreadProcessId

• 0x46e288 SendMessageW

• 0x46e28c SendMessageA

• 0x46e290 PeekMessageA

• 0x46e294 TranslateMessage

• 0x46e298 DispatchMessageA

• 0x46e29c EnumWindows

• 0x46e2a0 IsWindowUnicode

• 0x46e2a4 PackDDElParam

• 0x46e2a8 PostMessageW

• 0x46e2ac PostMessageA

• 0x46e2b0 IsWindow

• 0x46e2b4 DestroyWindow

Library GDI32.dll:

• 0x46e000 CreateDCA

• 0x46e004 CreateDIBitmap

• 0x46e008 CreateCompatibleDC

• 0x46e00c SelectObject

• 0x46e010 SelectPalette

• 0x46e014 RealizePalette

• 0x46e018 BitBlt

• 0x46e01c DeleteDC

• 0x46e020 DeleteObject

• 0x46e024 CreatePalette

Hosts

No hosts contacted.

DNS

Name	Response	Post-Analysis Lookup
time.windows.com	A 20.189.79.72 CNAME time.microsoft.akadns.net
clients2.google.com	A 172.217.160.78 CNAME clients.l.google.com	216.58.200.78
dns.msftncsi.com	A 131.107.255.255	131.107.255.255
dns.msftncsi.com	AAAA fd3e:4f5a:5b81::1	131.107.255.255
teredo.ipv6.microsoft.com

TCP

No TCP connections recorded.

UDP

Source	Source Port	Destination	Destination Port
192.168.56.101	49235	114.114.114.114	53
192.168.56.101	51963	114.114.114.114	53
192.168.56.101	53657	114.114.114.114	53
192.168.56.101	55368	114.114.114.114	53
192.168.56.101	56539	114.114.114.114	53
192.168.56.101	137	192.168.56.255	137
192.168.56.101	138	192.168.56.255	138
192.168.56.101	123	20.189.79.72 time.windows.com	123
192.168.56.101	50002	224.0.0.252	5355
192.168.56.101	50534	224.0.0.252	5355
192.168.56.101	51808	224.0.0.252	5355
192.168.56.101	56804	224.0.0.252	5355
192.168.56.101	57756	224.0.0.252	5355
192.168.56.101	57874	224.0.0.252	5355
192.168.56.101	60123	224.0.0.252	5355
192.168.56.101	60384	224.0.0.252	5355
192.168.56.101	61680	224.0.0.252	5355
192.168.56.101	62191	224.0.0.252	5355
192.168.56.101	1900	239.255.255.250	1900
192.168.56.101	53658	239.255.255.250	3702

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.

Sorry! No dropped buffers.