SmartHawk

6.4

高危

60 个模型检测该样本为恶意！

重新分析

下载样本

dfc56a704b5e031f3b0d2d0ea1d06f9157758ad950483b44ac4b77d33293cb38

7e179d064b2d20b4ea5e6d492abf8f2b.exe

分析耗时

131s

最近分析

文件大小

844.0KB

静态报毒动态报毒 0Q0@AYDXKHMB 100% 1U8NZ9I 8PSE7BGJDGS AI SCORE=100 AIDETECT AIIH ANTIAV CHINA CLOUD CONFIDENCE DEXCRYPT ELDORADO EXVAZL FILECODER FLYSTUDIO FOREIGN GENASA GENETIC HAXLOCKER HIGH CONFIDENCE KCLOUD KVMH005 MALICIOUS PE MALWARE1 MAUVAISE MBRLOCK NAEW QQMPG R352666 RA@1QRAUG SAVE SCORE STATIC AI SUSGEN THBIBH TPYV TROJANX UNSAFE ZEXAF 更多

未检测暂无鹰眼引擎检测结果

查杀引擎	查杀结果	查杀时间	查杀版本
McAfee	RDN/Ransom.fr	20210422	6.0.6.653
Alibaba	Ransom:Win32/Foreign.5aa6cb96	20190527	0.3.0.5
CrowdStrike	win/malicious_confidence_100% (W)	20210203	1.0
Avast	Win32:TrojanX-gen [Trj]	20210422	21.1.5827.0
Baidu		20190318	1.0.0.2
Kingsoft	Win32.Heur.KVMH005.a.(kcloud)	20210422	2017.9.26.565
Tencent	Win32.Trojan.Foreign.Aiih	20210422	1.0.0.1

The executable uses a known packer (1 个事件)

packer

Armadillo v1.71

The file contains an unknown PE resource name possibly indicative of a packer (1 个事件)

resource name

TEXTINCLUDE

Checks for known Chinese AV sofware registry keys (1 个事件)

regkey

.*360Safe

Foreign language identified in PE resource (50 out of 52 个事件)

name

TEXTINCLUDE

language

LANG_CHINESE

offset

0x000f1c18

filetype

C source, ASCII text, with CRLF line terminators

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x00000151

name

TEXTINCLUDE

language

LANG_CHINESE

offset

0x000f1c18

filetype

C source, ASCII text, with CRLF line terminators

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x00000151

name

TEXTINCLUDE

language

LANG_CHINESE

offset

0x000f1c18

filetype

C source, ASCII text, with CRLF line terminators

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x00000151

name

RT_CURSOR

language

LANG_CHINESE

offset

0x000f2108

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x000000b4

name

RT_CURSOR

language

LANG_CHINESE

offset

0x000f2108

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x000000b4

name

RT_CURSOR

language

LANG_CHINESE

offset

0x000f2108

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x000000b4

name

RT_CURSOR

language

LANG_CHINESE

offset

0x000f2108

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x000000b4

name

RT_BITMAP

language

LANG_CHINESE

offset

0x000f397c

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x00000144

name

RT_BITMAP

language

LANG_CHINESE

offset

0x000f397c

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x00000144

name

RT_BITMAP

language

LANG_CHINESE

offset

0x000f397c

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x00000144

name

RT_BITMAP

language

LANG_CHINESE

offset

0x000f397c

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x00000144

name

RT_BITMAP

language

LANG_CHINESE

offset

0x000f397c

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x00000144

name

RT_BITMAP

language

LANG_CHINESE

offset

0x000f397c

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x00000144

name

RT_BITMAP

language

LANG_CHINESE

offset

0x000f397c

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x00000144

name

RT_BITMAP

language

LANG_CHINESE

offset

0x000f397c

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x00000144

name

RT_BITMAP

language

LANG_CHINESE

offset

0x000f397c

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x00000144

name

RT_BITMAP

language

LANG_CHINESE

offset

0x000f397c

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x00000144

name

RT_BITMAP

language

LANG_CHINESE

offset

0x000f397c

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x00000144

name

RT_BITMAP

language

LANG_CHINESE

offset

0x000f397c

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x00000144

name

RT_BITMAP

language

LANG_CHINESE

offset

0x000f397c

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x00000144

name

RT_BITMAP

language

LANG_CHINESE

offset

0x000f397c

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x00000144

name

RT_BITMAP

language

LANG_CHINESE

offset

0x000f397c

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x00000144

name

RT_MENU

language

LANG_CHINESE

offset

0x000f4f84

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x00000284

name

RT_MENU

language

LANG_CHINESE

offset

0x000f4f84

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x00000284

name

RT_DIALOG

language

LANG_CHINESE

offset

0x000f61cc

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x0000018c

name

RT_DIALOG

language

LANG_CHINESE

offset

0x000f61cc

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x0000018c

name

RT_DIALOG

language

LANG_CHINESE

offset

0x000f61cc

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x0000018c

name

RT_DIALOG

language

LANG_CHINESE

offset

0x000f61cc

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x0000018c

name

RT_DIALOG

language

LANG_CHINESE

offset

0x000f61cc

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x0000018c

name

RT_DIALOG

language

LANG_CHINESE

offset

0x000f61cc

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x0000018c

name

RT_DIALOG

language

LANG_CHINESE

offset

0x000f61cc

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x0000018c

name

RT_DIALOG

language

LANG_CHINESE

offset

0x000f61cc

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x0000018c

name

RT_DIALOG

language

LANG_CHINESE

offset

0x000f61cc

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x0000018c

name

RT_DIALOG

language

LANG_CHINESE

offset

0x000f61cc

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x0000018c

name

RT_STRING

language

LANG_CHINESE

offset

0x000f6c14

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x00000024

name

RT_STRING

language

LANG_CHINESE

offset

0x000f6c14

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x00000024

name

RT_STRING

language

LANG_CHINESE

offset

0x000f6c14

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x00000024

name

RT_STRING

language

LANG_CHINESE

offset

0x000f6c14

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x00000024

name

RT_STRING

language

LANG_CHINESE

offset

0x000f6c14

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x00000024

name

RT_STRING

language

LANG_CHINESE

offset

0x000f6c14

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x00000024

name

RT_STRING

language

LANG_CHINESE

offset

0x000f6c14

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x00000024

name

RT_STRING

language

LANG_CHINESE

offset

0x000f6c14

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x00000024

name

RT_STRING

language

LANG_CHINESE

offset

0x000f6c14

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x00000024

name

RT_STRING

language

LANG_CHINESE

offset

0x000f6c14

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x00000024

name

RT_STRING

language

LANG_CHINESE

offset

0x000f6c14

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x00000024

name

RT_GROUP_CURSOR

language

LANG_CHINESE

offset

0x000f6c60

filetype

Lotus unknown worksheet or configuration, revision 0x2

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x00000022

name

RT_GROUP_CURSOR

language

LANG_CHINESE

offset

0x000f6c60

filetype

Lotus unknown worksheet or configuration, revision 0x2

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x00000022

name

RT_GROUP_CURSOR

language

LANG_CHINESE

offset

0x000f6c60

filetype

Lotus unknown worksheet or configuration, revision 0x2

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x00000022

name

RT_GROUP_ICON

language

LANG_CHINESE

offset

0x000f6cac

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x00000014

name

RT_GROUP_ICON

language

LANG_CHINESE

offset

0x000f6cac

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x00000014

Creates executable files on the filesystem (1 个事件)

file	C:\Program Files\360.dll

Checks for the Locally Unique Identifier on the system for a suspicious privilege (1 个事件)

Time & API	Arguments	Status	Return	Repeated
1619649227.966176 LookupPrivilegeValueW	system_name: privilege_name: SeShutdownPrivilege	success	1	0

Communicates with host for which no DNS query was performed (1 个事件)

host

172.217.24.14

Attempts to shutdown or restart the system, generally used for bypassing sandboxing (2 个事件)

Time & API	Arguments	Status	Return	Repeated
1619649227.966176 ExitWindowsEx	flags: 6 reason: 0	failed	0	0
1619649227.997176 ExitWindowsEx	flags: 6 reason: 0	success	1	0

Installs itself for autorun at Windows startup (1 个事件)

reg_key

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\System

reg_value

C:\Program Files\System.dll

Likely installs a bootkit via raw harddisk modifications (4 个事件)

Time & API	Arguments	Status
1619649227.934176 NtCreateFile	create_disposition: 1 (FILE_OPEN) file_handle: 0x000000fc filepath: \??\physicaldrive0 desired_access: 0x40100080 (FILE_READ_ATTRIBUTES\|SYNCHRONIZE\|GENERIC_WRITE) file_attributes: 128 (FILE_ATTRIBUTE_NORMAL) filepath_r: \??\physicaldrive0 create_options: 96 (FILE_NON_DIRECTORY_FILE\|FILE_SYNCHRONOUS_IO_NONALERT) status_info: 1 (FILE_OPENED) share_access: 1 (FILE_SHARE_READ)	success
1619649227.934176 NtWriteFile	file_handle: 0x000000fc filepath: \Device\Harddisk0\DR0 buffer: 3ÀÐ¼\|ÀØ¾\|¿¹üó¤PhËû¹½¾~\|ÅâñÍVUÆFÆF´A»ªUÍ]rûUªu ÷ÁtþFf`~t&fhfÿvhh\|hh´BVôÍÄë¸»\|VvNnÍfasþNu~²ëU2äVÍ]ë>þ}Uªunÿvèuú°Ñædè°ßæ`è\|°ÿædèuû¸»Íf#Àu;fûTCPAu2ùr,fh»fhfhfSfSfUfhfh\|fahÍZ2öê\|Í ·ë ¶ë µ2äð¬<t »´Íëòôëý+Éädë$àø$ÃInvalid partition tableError loading operating systemMissing operating systemc{¤ !ß ßþÿÿ(ÐüUª offset: 0	success
1619649227.934176 NtCreateFile	create_disposition: 1 (FILE_OPEN) file_handle: 0x000000fc filepath: \??\physicaldrive0 desired_access: 0x40100080 (FILE_READ_ATTRIBUTES\|SYNCHRONIZE\|GENERIC_WRITE) file_attributes: 128 (FILE_ATTRIBUTE_NORMAL) filepath_r: \??\physicaldrive0 create_options: 96 (FILE_NON_DIRECTORY_FILE\|FILE_SYNCHRONOUS_IO_NONALERT) status_info: 1 (FILE_OPENED) share_access: 1 (FILE_SHARE_READ)	success
1619649227.934176 NtWriteFile	file_handle: 0x000000fc filepath: \Device\Harddisk0\DR0 buffer: éÈØÐÀ¼½í\|»í\|è°Á¸»²Í¸¸ Ø1É1Û1ÀÍ<t< t´gÃAéåÿëI1ÀéÙÿÈÀ1Û¾Ú\|.Ù\|µ>&$8àu1ÃFâï1À¸~À1Û´²°¶µ±Í1Û²´°¶µ±Íé»¸Ã8°X.Ù\|1ÀÃâøéEÿ¸ÿÿP¸PËQS>ùtC@éóÿY[Ãssssss .-' '-. / \ \| \| \|, .-. .-. ,\| \| )(__/ \__)( \| \|/ /\ \\| (_ ^^ _) \__\|IIIIII\|__/ \| \IIIIII/ \| \ / `yao mi ma gei 30 yuan jia qq 2055965068` Uª offset: 0	success

Generates some ICMP traffic

File has been identified by 60 AntiVirus engines on VirusTotal as malicious (50 out of 60 个事件)

Bkav	W32.AIDetect.malware1
Elastic	malicious (high confidence)
DrWeb	Trojan.MBRlock.280
MicroWorld-eScan	Gen:Variant.Ransom.MBRLock.3
FireEye	Generic.mg.7e179d064b2d20b4
CAT-QuickHeal	Trojan.Mauvaise.SL1
McAfee	RDN/Ransom.fr
Cylance	Unsafe
Zillya	Trojan.Foreign.Win32.57683
AegisLab	Trojan.Win32.Foreign.tpyv
Sangfor	Suspicious.Win32.Save.a
K7AntiVirus	Trojan ( 005246d51 )
Alibaba	Ransom:Win32/Foreign.5aa6cb96
K7GW	Trojan ( 005246d51 )
CrowdStrike	win/malicious_confidence_100% (W)
Arcabit	Trojan.Ransom.MBRLock.3
BitDefenderTheta	Gen:NN.ZexaF.34678.0q0@ayDxKhmb
Cyren	W32/Agent.EW.gen!Eldorado
Symantec	Trojan Horse
ESET-NOD32	Win32/MBRlock.AZ
APEX	Malicious
Paloalto	generic.ml
Kaspersky	Trojan-Ransom.Win32.Foreign.naew
BitDefender	Gen:Variant.Ransom.MBRLock.3
NANO-Antivirus	Trojan.Win32.Ransom.exvazl
Avast	Win32:TrojanX-gen [Trj]
Rising	Ransom.Dexcrypt!1.B151 (CLOUD)
Ad-Aware	Gen:Variant.Ransom.MBRLock.3
Emsisoft	Gen:Variant.Ransom.MBRLock.3 (B)
Comodo	Worm.Win32.Dropper.RA@1qraug
VIPRE	Trojan.Win32.Generic!BT
TrendMicro	Ransom_HAXLOCKER.THBIBH
McAfee-GW-Edition	BehavesLike.Win32.Generic.ch
Sophos	Mal/Generic-S
SentinelOne	Static AI - Malicious PE
Jiangmin	Heur:Trojan/AntiAV
Webroot	W32.Malware.Gen
Avira	TR/Ransom.MBRlock.qqmpg
MAX	malware (ai score=100)
Kingsoft	Win32.Heur.KVMH005.a.(kcloud)
Gridinsoft	Trojan.Win32.Filecoder.bot!s1
Microsoft	Ransom:Win32/Dexcrypt
ViRobot	Trojan.Win32.Z.Mbrlock.864256
GData	Win32.Trojan.PSE.1U8NZ9I
Cynet	Malicious (score: 100)
AhnLab-V3	Malware/Win32.RL_Ransom.R352666
Acronis	suspicious
VBA32	TrojanRansom.Foreign
ALYac	Trojan.Ransom.MBRLock
Malwarebytes	Trojan.MalPack.FlyStudio

暂无二进制图像该样本未生成二进制可视化图像

暂无运行截图该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手，可以帮您分析和解读恶意软件报告。请随时向我提问！

🔍 主要威胁分析

⚡ 行为特征

🛡️ 防护建议

🔧 技术手段

🎯 检测方法

🤖

Static Analysis
Strings

PE Compile Time

2018-02-04 08:56:37

Imports

Library KERNEL32.DLL:

• 0x48518c TerminateProcess

• 0x485190 GetLocalTime

• 0x485194 GetSystemTime

• 0x485198 GetTimeZoneInformation

• 0x48519c RaiseException

• 0x4851a0 RtlUnwind

• 0x4851a4 GetStartupInfoA

• 0x4851a8 GetOEMCP

• 0x4851ac GetCPInfo

• 0x4851b0 GetProcessVersion

• 0x4851b4 SetErrorMode

• 0x4851b8 GlobalFlags

• 0x4851bc GetCurrentThread

• 0x4851c0 HeapSize

• 0x4851c4 GetFileTime

• 0x4851c8 GetFileSize

• 0x4851cc TlsGetValue

• 0x4851d0 LocalReAlloc

• 0x4851d4 TlsSetValue

• 0x4851d8 TlsFree

• 0x4851dc GlobalHandle

• 0x4851e0 TlsAlloc

• 0x4851e4 LocalAlloc

• 0x4851e8 lstrcmpA

• 0x4851ec GetVersion

• 0x4851f0 GlobalGetAtomNameA

• 0x4851f4 GlobalAddAtomA

• 0x4851f8 GlobalFindAtomA

• 0x4851fc GlobalDeleteAtom

• 0x485200 lstrcmpiA

• 0x485204 SetEndOfFile

• 0x485208 UnlockFile

• 0x48520c LockFile

• 0x485210 FlushFileBuffers

• 0x485214 SetFilePointer

• 0x485218 DuplicateHandle

• 0x48521c lstrcpynA

• 0x485220 SetLastError

• 0x485224 FileTimeToLocalFileTime

• 0x485228 FileTimeToSystemTime

• 0x48522c LocalFree

• 0x485230 InterlockedDecrement

• 0x485234 InterlockedIncrement

• 0x485238 GetACP

• 0x48523c UnhandledExceptionFilter

• 0x485240 FreeEnvironmentStringsA

• 0x485244 FreeEnvironmentStringsW

• 0x485248 GetEnvironmentStrings

• 0x48524c GetEnvironmentStringsW

• 0x485250 SetHandleCount

• 0x485254 GetStdHandle

• 0x485258 GetFileType

• 0x48525c GetEnvironmentVariableA

• 0x485260 HeapDestroy

• 0x485264 HeapCreate

• 0x485268 VirtualFree

• 0x48526c SetEnvironmentVariableA

• 0x485270 LCMapStringA

• 0x485274 LCMapStringW

• 0x485278 VirtualAlloc

• 0x48527c IsBadWritePtr

• 0x485280 GetStringTypeA

• 0x485284 GetStringTypeW

• 0x485288 SetUnhandledExceptionFilter

• 0x48528c CompareStringA

• 0x485290 CompareStringW

• 0x485294 IsBadReadPtr

• 0x485298 IsBadCodePtr

• 0x48529c SetStdHandle

• 0x4852a0 WideCharToMultiByte

• 0x4852a4 MultiByteToWideChar

• 0x4852a8 GetCurrentProcess

• 0x4852ac SetSystemPowerState

• 0x4852b0 CreateSemaphoreA

• 0x4852b4 ResumeThread

• 0x4852b8 ReleaseSemaphore

• 0x4852bc EnterCriticalSection

• 0x4852c0 LeaveCriticalSection

• 0x4852c4 GetProfileStringA

• 0x4852c8 WriteFile

• 0x4852cc WaitForMultipleObjects

• 0x4852d0 CreateFileA

• 0x4852d4 SetEvent

• 0x4852d8 FindResourceA

• 0x4852dc LoadResource

• 0x4852e0 LockResource

• 0x4852e4 ReadFile

• 0x4852e8 GetModuleFileNameA

• 0x4852ec GetCurrentThreadId

• 0x4852f0 ExitProcess

• 0x4852f4 GlobalSize

• 0x4852f8 GlobalFree

• 0x4852fc DeleteCriticalSection

• 0x485300 InitializeCriticalSection

• 0x485304 lstrcatA

• 0x485308 lstrlenA

• 0x48530c CloseHandle

• 0x485310 WinExec

• 0x485314 lstrcpyA

• 0x485318 FindNextFileA

• 0x48531c GlobalReAlloc

• 0x485320 HeapFree

• 0x485324 HeapReAlloc

• 0x485328 GetProcessHeap

• 0x48532c HeapAlloc

• 0x485330 GetFullPathNameA

• 0x485334 FreeLibrary

• 0x485338 LoadLibraryA

• 0x48533c GetLastError

• 0x485340 GetVersionExA

• 0x485344 WritePrivateProfileStringA

• 0x485348 CreateThread

• 0x48534c CreateEventA

• 0x485350 Sleep

• 0x485354 GlobalAlloc

• 0x485358 GlobalLock

• 0x48535c GlobalUnlock

• 0x485360 FindFirstFileA

• 0x485364 FindClose

• 0x485368 GetFileAttributesA

• 0x48536c CopyFileA

• 0x485370 SetCurrentDirectoryA

• 0x485374 GetVolumeInformationA

• 0x485378 GetModuleHandleA

• 0x48537c GetProcAddress

• 0x485380 MulDiv

• 0x485384 GetCommandLineA

• 0x485388 GetTickCount

• 0x48538c CreateProcessA

• 0x485390 WaitForSingleObject

Library ADVAPI32.dll:

• 0x485000 RegQueryValueExA

• 0x485004 RegOpenKeyExA

• 0x485008 RegSetValueExA

• 0x48500c RegCreateKeyA

• 0x485010 RegDeleteValueA

• 0x485014 RegCreateKeyExA

• 0x485018 RegDeleteKeyA

• 0x48501c RegQueryValueA

• 0x485020 AdjustTokenPrivileges

• 0x485024 LookupPrivilegeValueA

• 0x485028 OpenProcessToken

• 0x48502c RegCloseKey

Library COMCTL32.dll:

• 0x485034 ImageList_Destroy

• 0x485038

Library comdlg32.dll:

• 0x4856a8 GetSaveFileNameA

• 0x4856ac GetOpenFileNameA

• 0x4856b0 ChooseColorA

• 0x4856b4 GetFileTitleA

Library GDI32.dll:

• 0x485040 GetTextMetricsA

• 0x485044 Escape

• 0x485048 ExtTextOutA

• 0x48504c TextOutA

• 0x485050 RectVisible

• 0x485054 PtVisible

• 0x485058 GetViewportExtEx

• 0x48505c ExtSelectClipRgn

• 0x485060 SetBkColor

• 0x485064 CreateRectRgnIndirect

• 0x485068 SetStretchBltMode

• 0x48506c GetClipRgn

• 0x485070 CreatePolygonRgn

• 0x485074 SelectClipRgn

• 0x485078 DeleteObject

• 0x48507c CreateDIBitmap

• 0x485080 GetSystemPaletteEntries

• 0x485084 CreatePalette

• 0x485088 StretchBlt

• 0x48508c SelectPalette

• 0x485090 RealizePalette

• 0x485094 GetDIBits

• 0x485098 GetWindowExtEx

• 0x48509c GetViewportOrgEx

• 0x4850a0 GetWindowOrgEx

• 0x4850a4 BeginPath

• 0x4850a8 EndPath

• 0x4850ac PathToRegion

• 0x4850b0 CreateEllipticRgn

• 0x4850b4 CreateRoundRectRgn

• 0x4850b8 GetTextColor

• 0x4850bc GetBkMode

• 0x4850c0 GetBkColor

• 0x4850c4 GetROP2

• 0x4850c8 GetStretchBltMode

• 0x4850cc GetPolyFillMode

• 0x4850d0 CreateCompatibleBitmap

• 0x4850d4 CreateDCA

• 0x4850d8 CreateBitmap

• 0x4850dc SelectObject

• 0x4850e0 GetObjectA

• 0x4850e4 CreatePen

• 0x4850e8 PatBlt

• 0x4850ec CombineRgn

• 0x4850f0 CreateRectRgn

• 0x4850f4 ExcludeClipRect

• 0x4850f8 GetClipBox

• 0x4850fc ScaleWindowExtEx

• 0x485100 SetWindowExtEx

• 0x485104 SetWindowOrgEx

• 0x485108 ScaleViewportExtEx

• 0x48510c SetViewportExtEx

• 0x485110 OffsetViewportOrgEx

• 0x485114 SetViewportOrgEx

• 0x485118 SetMapMode

• 0x48511c SetTextColor

• 0x485120 SetROP2

• 0x485124 SetPolyFillMode

• 0x485128 SetBkMode

• 0x48512c RestoreDC

• 0x485130 SaveDC

• 0x485134 FillRgn

• 0x485138 CreateSolidBrush

• 0x48513c GetStockObject

• 0x485140 CreateFontIndirectA

• 0x485144 EndPage

• 0x485148 EndDoc

• 0x48514c DeleteDC

• 0x485150 StartDocA

• 0x485154 StartPage

• 0x485158 BitBlt

• 0x48515c CreateCompatibleDC

• 0x485160 Ellipse

• 0x485164 Rectangle

• 0x485168 LPtoDP

• 0x48516c DPtoLP

• 0x485170 GetCurrentObject

• 0x485174 RoundRect

• 0x485178 GetTextExtentPoint32A

• 0x48517c GetDeviceCaps

• 0x485180 LineTo

• 0x485184 MoveToEx

Library ole32.dll:

• 0x4856bc OleUninitialize

• 0x4856c0 OleInitialize

• 0x4856c4 CLSIDFromString

Library OLEAUT32.dll:

• 0x485398 UnRegisterTypeLib

• 0x48539c RegisterTypeLib

• 0x4853a0 LoadTypeLib

Library SHELL32.dll:

• 0x4853a8 ShellExecuteA

• 0x4853ac Shell_NotifyIconA

Library USER32.dll:

• 0x4853b4 ExitWindowsEx

• 0x4853b8 GetForegroundWindow

• 0x4853bc LoadIconA

• 0x4853c0 TranslateMessage

• 0x4853c4 DrawFrameControl

• 0x4853c8 DrawEdge

• 0x4853cc DrawFocusRect

• 0x4853d0 WindowFromPoint

• 0x4853d4 GetMessageA

• 0x4853d8 DispatchMessageA

• 0x4853dc SetRectEmpty

• 0x4853e0 RegisterClipboardFormatA

• 0x4853e4 CreateIconFromResourceEx

• 0x4853e8 CreateIconFromResource

• 0x4853ec DrawIconEx

• 0x4853f0 CreatePopupMenu

• 0x4853f4 AppendMenuA

• 0x4853f8 ModifyMenuA

• 0x4853fc CreateMenu

• 0x485400 CreateAcceleratorTableA

• 0x485404 GetDlgCtrlID

• 0x485408 GetSubMenu

• 0x48540c EnableMenuItem

• 0x485410 ClientToScreen

• 0x485414 EnumDisplaySettingsA

• 0x485418 LoadImageA

• 0x48541c SystemParametersInfoA

• 0x485420 ShowWindow

• 0x485424 IsWindowEnabled

• 0x485428 TranslateAcceleratorA

• 0x48542c GetKeyState

• 0x485430 CopyAcceleratorTableA

• 0x485434 PostQuitMessage

• 0x485438 IsZoomed

• 0x48543c GetClassInfoA

• 0x485440 DefWindowProcA

• 0x485444 GetSystemMenu

• 0x485448 DeleteMenu

• 0x48544c GetMenu

• 0x485450 SetMenu

• 0x485454 PeekMessageA

• 0x485458 IsIconic

• 0x48545c SetFocus

• 0x485460 GetActiveWindow

• 0x485464 GetWindow

• 0x485468 DestroyAcceleratorTable

• 0x48546c SetWindowRgn

• 0x485470 GetMessagePos

• 0x485474 ScreenToClient

• 0x485478 ChildWindowFromPointEx

• 0x48547c CopyRect

• 0x485480 LoadBitmapA

• 0x485484 WinHelpA

• 0x485488 KillTimer

• 0x48548c SetTimer

• 0x485490 ReleaseCapture

• 0x485494 GetCapture

• 0x485498 SetCapture

• 0x48549c GetScrollRange

• 0x4854a0 SetScrollRange

• 0x4854a4 SetScrollPos

• 0x4854a8 SetRect

• 0x4854ac InflateRect

• 0x4854b0 IntersectRect

• 0x4854b4 DestroyIcon

• 0x4854b8 UnregisterClassA

• 0x4854bc OffsetRect

• 0x4854c0 IsWindowVisible

• 0x4854c4 EnableWindow

• 0x4854c8 RedrawWindow

• 0x4854cc GetWindowLongA

• 0x4854d0 SetWindowLongA

• 0x4854d4 GetSysColor

• 0x4854d8 SetActiveWindow

• 0x4854dc SetCursorPos

• 0x4854e0 LoadCursorA

• 0x4854e4 SetCursor

• 0x4854e8 GetDC

• 0x4854ec FillRect

• 0x4854f0 IsRectEmpty

• 0x4854f4 ReleaseDC

• 0x4854f8 IsChild

• 0x4854fc DestroyMenu

• 0x485500 SetForegroundWindow

• 0x485504 GetWindowRect

• 0x485508 EqualRect

• 0x48550c UpdateWindow

• 0x485510 ValidateRect

• 0x485514 InvalidateRect

• 0x485518 GetClientRect

• 0x48551c GetFocus

• 0x485520 GetParent

• 0x485524 GetTopWindow

• 0x485528 GetWindowTextA

• 0x48552c GetWindowTextLengthA

• 0x485530 CharUpperA

• 0x485534 GetWindowDC

• 0x485538 BeginPaint

• 0x48553c EndPaint

• 0x485540 TabbedTextOutA

• 0x485544 DrawTextA

• 0x485548 GrayStringA

• 0x48554c GetDlgItem

• 0x485550 DestroyWindow

• 0x485554 CreateDialogIndirectParamA

• 0x485558 EndDialog

• 0x48555c GetNextDlgTabItem

• 0x485560 GetWindowPlacement

• 0x485564 RegisterWindowMessageA

• 0x485568 GetLastActivePopup

• 0x48556c GetMessageTime

• 0x485570 RemovePropA

• 0x485574 CallWindowProcA

• 0x485578 GetPropA

• 0x48557c UnhookWindowsHookEx

• 0x485580 SetPropA

• 0x485584 GetClassLongA

• 0x485588 CallNextHookEx

• 0x48558c SetWindowsHookExA

• 0x485590 CreateWindowExA

• 0x485594 GetMenuItemID

• 0x485598 GetMenuItemCount

• 0x48559c RegisterClassA

• 0x4855a0 GetScrollPos

• 0x4855a4 AdjustWindowRectEx

• 0x4855a8 MapWindowPoints

• 0x4855ac SendDlgItemMessageA

• 0x4855b0 ScrollWindowEx

• 0x4855b4 IsDialogMessageA

• 0x4855b8 SetWindowTextA

• 0x4855bc MoveWindow

• 0x4855c0 CheckMenuItem

• 0x4855c4 SetMenuItemBitmaps

• 0x4855c8 GetMenuState

• 0x4855cc GetMenuCheckMarkDimensions

• 0x4855d0 GetClassNameA

• 0x4855d4 GetDesktopWindow

• 0x4855d8 LoadStringA

• 0x4855dc GetSysColorBrush

• 0x4855e0 PostMessageA

• 0x4855e4 IsWindow

• 0x4855e8 SetParent

• 0x4855ec DestroyCursor

• 0x4855f0 SendMessageA

• 0x4855f4 SetWindowPos

• 0x4855f8 MessageBoxA

• 0x4855fc GetCursorPos

• 0x485600 GetSystemMetrics

• 0x485604 EmptyClipboard

• 0x485608 SetClipboardData

• 0x48560c OpenClipboard

• 0x485610 GetClipboardData

• 0x485614 CloseClipboard

• 0x485618 wsprintfA

• 0x48561c WaitForInputIdle

• 0x485620 PtInRect

Library WINMM.dll:

• 0x485628 midiStreamStop

• 0x48562c midiOutReset

• 0x485630 midiStreamClose

• 0x485634 midiStreamRestart

• 0x485638 waveOutUnprepareHeader

• 0x48563c waveOutPrepareHeader

• 0x485640 waveOutWrite

• 0x485644 waveOutPause

• 0x485648 midiStreamOut

• 0x48564c midiOutPrepareHeader

• 0x485650 waveOutReset

• 0x485654 waveOutClose

• 0x485658 waveOutGetNumDevs

• 0x48565c waveOutOpen

• 0x485660 midiOutUnprepareHeader

• 0x485664 midiStreamOpen

• 0x485668 midiStreamProperty

Library WINSPOOL.DRV:

• 0x485670 ClosePrinter

• 0x485674 DocumentPropertiesA

• 0x485678 OpenPrinterA

Library WS2_32.dll:

• 0x485680 inet_ntoa

• 0x485684 WSACleanup

• 0x485688 closesocket

• 0x48568c WSAAsyncSelect

• 0x485690 recvfrom

• 0x485694 ioctlsocket

• 0x485698 recv

• 0x48569c getpeername

• 0x4856a0 accept

Hosts

No hosts contacted.

DNS

Name	Response	Post-Analysis Lookup
time.windows.com	A 20.189.79.72 CNAME time.microsoft.akadns.net
dns.msftncsi.com	A 131.107.255.255	131.107.255.255
dns.msftncsi.com	AAAA fd3e:4f5a:5b81::1	131.107.255.255
teredo.ipv6.microsoft.com		127.0.0.1

TCP

No TCP connections recorded.

UDP

Source	Source Port	Destination	Destination Port
192.168.56.101	49235	114.114.114.114	53
192.168.56.101	50534	114.114.114.114	53
192.168.56.101	56539	114.114.114.114	53
192.168.56.101	58367	114.114.114.114	53
192.168.56.101	65004	114.114.114.114	53
192.168.56.101	137	192.168.56.255	137
192.168.56.101	138	192.168.56.255	138
192.168.56.101	123	20.189.79.72 time.windows.com	123
192.168.56.101	53657	224.0.0.252	5355
192.168.56.101	55368	224.0.0.252	5355
192.168.56.101	56804	224.0.0.252	5355
192.168.56.101	60123	224.0.0.252	5355
192.168.56.101	62191	224.0.0.252	5355
192.168.56.101	1900	239.255.255.250	1900
192.168.56.101	56540	239.255.255.250	3702
192.168.56.101	56807	239.255.255.250	1900
192.168.56.101	58368	239.255.255.250	3702
192.168.56.101	58370	239.255.255.250	3702
192.168.56.101	58707	239.255.255.250	3702

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.

Sorry! No dropped buffers.