11.2
0-day
49 个模型检测该样本为恶意!
重新分析
更多

fc9073059fb477f1e0246b09c62f110fbdb36b145b2d2a39163c57a5c4a754f8

7e4b0685cf4e16d476bfcc6241293db4.exe

分析耗时

114s

最近分析

文件大小

392.0KB
静态报毒 动态报毒 AI SCORE=99 AIDETECTVM ATTRIBUTE BSCOPE CLOUD DOWNLOADER34 ELDORADO EMOTET EPAZ GDBAV GENERICKDZ GENETIC GENKRYPTIK HFHN HIGH CONFIDENCE HIGHCONFIDENCE HPNOPH KRYPTIK MALICIOUS MALWARE2 R002C0DH220 R346631 SCORE UNSAFE 更多
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
McAfee Emotet-FRO!7E4B0685CF4E 20200804 6.0.6.653
Baidu 20190318 1.0.0.2
Alibaba Trojan:Win32/Kryptik.fefcd29b 20190527 0.3.0.5
Tencent 20200804 1.0.0.1
Kingsoft 20200804 2013.8.14.323
CrowdStrike 20190702 1.0
静态指标
Queries for the computername (1 个事件)
Time & API Arguments Status Return Repeated
1620775996.4475
GetComputerNameA
computer_name: OSKAR-PC
success 1 0
Uses Windows APIs to generate a cryptographic key (5 个事件)
Time & API Arguments Status Return Repeated
1620775985.7285
CryptGenKey
crypto_handle: 0x002d4760
algorithm_identifier: 0x0000660e ()
provider_handle: 0x002d4358
flags: 1
key: f2dž¸© 1k2ÒZê±Ï
success 1 0
1620775996.4475
CryptExportKey
crypto_handle: 0x002d4760
crypto_export_handle: 0x002d4720
buffer: f¤¬‚å€tZß©ëVõôkʎñr\êK ´ü8҆)6,m1ÖmR3’Ú¯ Ž¢žw«ù Üo²t¾î¶/b‚&d/(gëUktúÁ±÷ʗnY*¨¸ð_z³U¡ý ü…
blob_type: 1
flags: 64
success 1 0
1620776023.9325
CryptExportKey
crypto_handle: 0x002d4760
crypto_export_handle: 0x002d4720
buffer: f¤îœùä>¼ß/¾šBŒŠ{-ðY¢Wðƒx|„®çšB¢ŒËß&¸Ö‚…'=JûçÂ#2ñ¢ VÌÈ:ÛzQpxô™ï.÷ucˆ¶Wgd_4•ÀÎwÞDÿR
blob_type: 1
flags: 64
success 1 0
1620776035.3855
CryptExportKey
crypto_handle: 0x002d4760
crypto_export_handle: 0x002d4720
buffer: f¤Éüpº[ ëôtŒótLônùªvÕNMçE…²àðÐ,íy’m©ƒ¬¦Ü•‘È°ï$z]ZÀy}ƒ‘ -àïl’d³¸ÄåÌø|Äõ)ô·C”+ïUUà®ZC}"Â
blob_type: 1
flags: 64
success 1 0
1620776039.4165
CryptExportKey
crypto_handle: 0x002d4760
crypto_export_handle: 0x002d4720
buffer: f¤Ÿ$}û%"“ÑkPYWIߣIÈ9eóó^†–R½çŒóŒÀ†_u%I™DËb‘&Ô;"-ÂÇè 3T¥äd¢Ïƒ4e¹YÑ9nn V],š&Aªò^þ°À„2ç,&Á
blob_type: 1
flags: 64
success 1 0
The file contains an unknown PE resource name possibly indicative of a packer (1 个事件)
resource name None
行为判定
动态指标
HTTP traffic contains suspicious features which may be indicative of malware related traffic (1 个事件)
suspicious_features POST method with no referer header suspicious_request POST https://update.googleapis.com/service/update2?cup2key=10:1352982226&cup2hreq=444ca9e172246a1c01b842220a310dc072e8de04a0d4beca139c8e6c0d536e7f
Performs some HTTP requests (4 个事件)
request HEAD http://redirector.gvt1.com/edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe
request HEAD http://r1---sn-j5o7dn7e.gvt1.com/edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe?cms_redirect=yes&mh=ms&mip=202.100.214.100&mm=28&mn=sn-j5o7dn7e&ms=nvh&mt=1620747140&mv=m&mvi=1&pl=23&shardbypass=yes
request HEAD http://r3---sn-j5o7dn7e.gvt1.com/edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe?mh=ms&pl=17&shardbypass=yes&redirect_counter=1&rm=sn-j5ok7e&req_id=1430a8c05ecaec4a&cms_redirect=yes&ipbypass=yes&mip=59.50.85.19&mm=28&mn=sn-j5o7dn7e&ms=nvh&mt=1620746900&mv=m&mvi=3
request POST https://update.googleapis.com/service/update2?cup2key=10:1352982226&cup2hreq=444ca9e172246a1c01b842220a310dc072e8de04a0d4beca139c8e6c0d536e7f
Sends data using the HTTP POST Method (1 个事件)
request POST https://update.googleapis.com/service/update2?cup2key=10:1352982226&cup2hreq=444ca9e172246a1c01b842220a310dc072e8de04a0d4beca139c8e6c0d536e7f
Allocates read-write-execute memory (usually to unpack itself) (3 个事件)
Time & API Arguments Status Return Repeated
1620775978.6035
NtAllocateVirtualMemory
process_identifier: 2632
region_size: 36864
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12289 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x01e70000
success 0 0
1620775614.278896
NtAllocateVirtualMemory
process_identifier: 1424
region_size: 65536
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffffffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x0000000004050000
success 0 0
1620775985.4635
NtAllocateVirtualMemory
process_identifier: 1752
region_size: 36864
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12289 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00540000
success 0 0
Checks whether any human activity is being performed by constantly checking whether the foreground window changed
Searches running processes potentially to identify processes for sandbox evasion, code injection or memory dumping (2 个事件)
Moves the original executable to a new location (1 个事件)
Time & API Arguments Status Return Repeated
1620775979.8385
MoveFileWithProgressW
oldfilepath: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\7e4b0685cf4e16d476bfcc6241293db4.exe
newfilepath: C:\Windows\SysWOW64\TSChannel\sppcomapi.exe
newfilepath_r: C:\Windows\SysWOW64\TSChannel\sppcomapi.exe
flags: 3
oldfilepath_r: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\7e4b0685cf4e16d476bfcc6241293db4.exe
success 1 0
Checks adapter addresses which can be used to detect virtual network interfaces (1 个事件)
Time & API Arguments Status Return Repeated
1620775996.8535
GetAdaptersAddresses
flags: 0
family: 0
failed 111 0
Expresses interest in specific running processes (1 个事件)
process sppcomapi.exe
Reads the systems User Agent and subsequently performs requests (1 个事件)
Time & API Arguments Status Return Repeated
1620775996.5885
InternetOpenW
proxy_bypass:
access_type: 0
proxy_name:
flags: 0
user_agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
success 13369348 0
网络通信
Communicates with host for which no DNS query was performed (5 个事件)
host 149.62.173.247
host 172.217.24.14
host 185.94.252.13
host 73.116.193.136
host 89.32.150.160
Installs itself for autorun at Windows startup (1 个事件)
service_name sppcomapi service_path C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\"C:\Windows\SysWOW64\TSChannel\sppcomapi.exe"
Created a service where a service was also not started (1 个事件)
Time & API Arguments Status Return Repeated
1620775984.5725
CreateServiceW
service_start_name:
start_type: 2
service_handle: 0x02486bd0
display_name: sppcomapi
error_control: 0
service_name: sppcomapi
filepath: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\"C:\Windows\SysWOW64\TSChannel\sppcomapi.exe"
filepath_r: "C:\Windows\SysWOW64\TSChannel\sppcomapi.exe"
service_manager_handle: 0x0249da70
desired_access: 2
service_type: 16
password:
success 38300624 0
Sets or modifies WPAD proxy autoconfiguration file for traffic interception (8 个事件)
Time & API Arguments Status Return Repeated
1620775999.4945
RegSetValueExA
key_handle: 0x000003ac
value: 1
regkey_r: WpadDecisionReason
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionReason
success 0 0
1620775999.4945
RegSetValueExA
key_handle: 0x000003ac
value: `ˆJŸF×
regkey_r: WpadDecisionTime
reg_type: 3 (REG_BINARY)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionTime
success 0 0
1620775999.4945
RegSetValueExA
key_handle: 0x000003ac
value: 3
regkey_r: WpadDecision
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecision
success 0 0
1620775999.4945
RegSetValueExW
key_handle: 0x000003ac
value: 网络 2
regkey_r: WpadNetworkName
reg_type: 1 (REG_SZ)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadNetworkName
success 0 0
1620775999.5105
RegSetValueExA
key_handle: 0x000003c4
value: 1
regkey_r: WpadDecisionReason
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionReason
success 0 0
1620775999.5105
RegSetValueExA
key_handle: 0x000003c4
value: `ˆJŸF×
regkey_r: WpadDecisionTime
reg_type: 3 (REG_BINARY)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionTime
success 0 0
1620775999.5105
RegSetValueExA
key_handle: 0x000003c4
value: 3
regkey_r: WpadDecision
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecision
success 0 0
1620775999.5105
RegSetValueExW
key_handle: 0x000003a8
value: {40112ABE-63B3-43C3-BE93-1440EE3AF106}
regkey_r: WpadLastNetwork
reg_type: 1 (REG_SZ)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\WpadLastNetwork
success 0 0
Attempts to remove evidence of file being downloaded from the Internet (1 个事件)
file C:\Windows\SysWOW64\TSChannel\sppcomapi.exe:Zone.Identifier
Generates some ICMP traffic
File has been identified by 49 AntiVirus engines on VirusTotal as malicious (49 个事件)
Bkav W32.AIDetectVM.malware2
MicroWorld-eScan Trojan.GenericKDZ.69173
FireEye Generic.mg.7e4b0685cf4e16d4
CAT-QuickHeal Trojan.Multi
McAfee Emotet-FRO!7E4B0685CF4E
Cylance Unsafe
VIPRE Trojan.Win32.Generic!BT
K7AntiVirus Riskware ( 0040eff71 )
BitDefender Trojan.GenericKDZ.69173
K7GW Riskware ( 0040eff71 )
TrendMicro TROJ_GEN.R002C0DH220
F-Prot W32/Emotet.AOG.gen!Eldorado
Symantec ML.Attribute.HighConfidence
APEX Malicious
Paloalto generic.ml
Kaspersky UDS:DangerousObject.Multi.Generic
Alibaba Trojan:Win32/Kryptik.fefcd29b
NANO-Antivirus Trojan.Win32.Kryptik.hpnoph
ViRobot Trojan.Win32.Emotet.401408.D
AegisLab Trojan.Win32.Emotet.L!c
Ad-Aware Trojan.GenericKDZ.69173
Sophos Troj/Emotet-CKO
F-Secure Trojan.TR/Crypt.Agent.gdbav
DrWeb Trojan.DownLoader34.14215
Invincea heuristic
Emsisoft Trojan.Emotet (A)
Ikarus Trojan-Banker.Emotet
Cyren W32/Emotet.AOG.gen!Eldorado
Jiangmin Backdoor.Emotet.pm
Avira TR/Crypt.Agent.gdbav
Fortinet W32/GenKryptik.EPAZ!tr
Endgame malicious (high confidence)
Arcabit Trojan.Generic.D10E35
ZoneAlarm UDS:DangerousObject.Multi.Generic
Microsoft Trojan:Win32/Emotet.DGM!MTB
Cynet Malicious (score: 85)
AhnLab-V3 Trojan/Win32.Emotet.R346631
ALYac Trojan.GenericKDZ.69173
MAX malware (ai score=99)
VBA32 BScope.Trojan.Emotet
Malwarebytes Trojan.Emotet
ESET-NOD32 a variant of Win32/Kryptik.HFHN
TrendMicro-HouseCall TROJ_GEN.R002C0DH220
Rising Trojan.Kryptik!1.C82B (CLOUD)
GData Trojan.GenericKDZ.69173
Webroot W32.Trojan.Emotet
AVG Win32:Malware-gen
Panda Trj/Genetic.gen
Qihoo-360 Generic/Trojan.73c
Connects to IP addresses that are no longer responding to requests (legitimate services will remain up-and-running usually) (7 个事件)
dead_host 73.116.193.136:80
dead_host 192.168.56.101:49189
dead_host 149.62.173.247:8080
dead_host 172.217.24.14:443
dead_host 185.94.252.13:443
dead_host 89.32.150.160:8080
dead_host 172.217.160.78:443
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

2020-07-31 22:42:02

Imports

Library KERNEL32.dll:
0x43e12c HeapFree
0x43e130 VirtualProtect
0x43e134 VirtualAlloc
0x43e138 GetSystemInfo
0x43e13c VirtualQuery
0x43e140 GetStartupInfoA
0x43e144 GetCommandLineA
0x43e148 HeapReAlloc
0x43e14c TerminateProcess
0x43e150 HeapSize
0x43e158 HeapDestroy
0x43e15c HeapCreate
0x43e160 VirtualFree
0x43e164 IsBadWritePtr
0x43e168 GetStdHandle
0x43e17c HeapAlloc
0x43e180 SetHandleCount
0x43e184 GetFileType
0x43e18c GetCurrentProcessId
0x43e194 LCMapStringA
0x43e198 LCMapStringW
0x43e19c GetStringTypeA
0x43e1a0 GetStringTypeW
0x43e1a8 IsBadReadPtr
0x43e1ac IsBadCodePtr
0x43e1b0 SetStdHandle
0x43e1b8 RtlUnwind
0x43e1bc GetTickCount
0x43e1c0 SetErrorMode
0x43e1cc GetShortPathNameA
0x43e1d0 CreateFileA
0x43e1d8 DuplicateHandle
0x43e1dc GetFileSize
0x43e1e0 SetEndOfFile
0x43e1e4 UnlockFile
0x43e1e8 LockFile
0x43e1ec FlushFileBuffers
0x43e1f0 SetFilePointer
0x43e1f4 WriteFile
0x43e1f8 ReadFile
0x43e1fc DeleteFileA
0x43e200 MoveFileA
0x43e210 GetOEMCP
0x43e214 GetCPInfo
0x43e21c GlobalFlags
0x43e220 TlsFree
0x43e224 LocalReAlloc
0x43e228 TlsSetValue
0x43e22c TlsAlloc
0x43e230 TlsGetValue
0x43e238 GlobalHandle
0x43e23c GlobalReAlloc
0x43e244 LocalAlloc
0x43e250 RaiseException
0x43e254 GetDiskFreeSpaceA
0x43e258 GetFullPathNameA
0x43e25c GetTempFileNameA
0x43e260 GetFileTime
0x43e264 SetFileTime
0x43e268 GetFileAttributesA
0x43e278 CloseHandle
0x43e27c GetCurrentThread
0x43e280 GetModuleFileNameA
0x43e28c lstrcpyA
0x43e290 lstrcmpA
0x43e298 SetLastError
0x43e29c GlobalFree
0x43e2a0 MulDiv
0x43e2a4 GlobalAlloc
0x43e2a8 GlobalLock
0x43e2ac GlobalUnlock
0x43e2b0 FormatMessageA
0x43e2b4 LocalFree
0x43e2b8 FreeResource
0x43e2bc GetCurrentThreadId
0x43e2c0 GlobalGetAtomNameA
0x43e2c4 GlobalAddAtomA
0x43e2c8 GlobalFindAtomA
0x43e2cc GlobalDeleteAtom
0x43e2d0 LoadLibraryA
0x43e2d4 FreeLibrary
0x43e2d8 lstrcatA
0x43e2dc lstrcmpW
0x43e2e0 lstrcpynA
0x43e2e4 GetModuleHandleA
0x43e2e8 GetStringTypeExA
0x43e2ec CompareStringW
0x43e2f0 CompareStringA
0x43e2f4 lstrlenA
0x43e2f8 lstrcmpiA
0x43e2fc GetVersion
0x43e300 GetLastError
0x43e304 MultiByteToWideChar
0x43e308 ExitProcess
0x43e30c LoadLibraryExW
0x43e310 GetProcAddress
0x43e314 LoadLibraryExA
0x43e318 GetCurrentProcess
0x43e31c FindNextFileA
0x43e320 GetLogicalDrives
0x43e324 GetDriveTypeA
0x43e328 FindFirstFileA
0x43e32c FindClose
0x43e330 WideCharToMultiByte
0x43e334 FindResourceA
0x43e338 LoadResource
0x43e33c LockResource
0x43e340 SizeofResource
0x43e344 GetVersionExA
0x43e348 GetThreadLocale
0x43e34c GetLocaleInfoA
0x43e350 GetACP
0x43e358 InterlockedExchange
Library USER32.dll:
0x43e3c0 GetDCEx
0x43e3c4 LockWindowUpdate
0x43e3cc PostThreadMessageA
0x43e3d0 GetMenuItemInfoA
0x43e3d4 InflateRect
0x43e3d8 EndPaint
0x43e3dc BeginPaint
0x43e3e0 GetWindowDC
0x43e3e4 ClientToScreen
0x43e3e8 GrayStringA
0x43e3ec DrawTextExA
0x43e3f0 DrawTextA
0x43e3f4 TabbedTextOutA
0x43e3f8 FillRect
0x43e3fc LoadCursorA
0x43e400 GetSysColorBrush
0x43e404 SetParent
0x43e408 DeleteMenu
0x43e40c IsRectEmpty
0x43e410 IsZoomed
0x43e414 LoadMenuA
0x43e418 DestroyMenu
0x43e41c UnpackDDElParam
0x43e420 ReuseDDElParam
0x43e424 ReleaseCapture
0x43e428 LoadAcceleratorsA
0x43e42c InsertMenuItemA
0x43e430 CreatePopupMenu
0x43e434 SetRectEmpty
0x43e438 BringWindowToTop
0x43e43c SetMenu
0x43e448 MapDialogRect
0x43e44c wsprintfA
0x43e450 GetMessageA
0x43e454 TranslateMessage
0x43e458 GetCursorPos
0x43e45c ValidateRect
0x43e460 ShowOwnedPopups
0x43e464 SetCursor
0x43e468 PostQuitMessage
0x43e46c GetDesktopWindow
0x43e470 GetActiveWindow
0x43e478 EndDialog
0x43e47c ReleaseDC
0x43e480 GetDC
0x43e484 GetMenuStringA
0x43e488 AppendMenuA
0x43e48c InsertMenuA
0x43e490 SetMenuItemBitmaps
0x43e494 ModifyMenuA
0x43e498 GetMenuState
0x43e49c EnableMenuItem
0x43e4a0 CheckMenuItem
0x43e4a8 LoadBitmapA
0x43e4ac IsWindowEnabled
0x43e4b0 ShowWindow
0x43e4b4 MoveWindow
0x43e4b8 WindowFromPoint
0x43e4bc IsDialogMessageA
0x43e4c4 WinHelpA
0x43e4c8 GetCapture
0x43e4cc CreateWindowExA
0x43e4d0 SetWindowsHookExA
0x43e4d4 CallNextHookEx
0x43e4d8 GetClassLongA
0x43e4dc GetClassInfoExA
0x43e4e0 GetClassNameA
0x43e4e4 SetPropA
0x43e4e8 GetPropA
0x43e4ec RemovePropA
0x43e4f0 SendDlgItemMessageA
0x43e4f4 IsWindow
0x43e4f8 SetFocus
0x43e500 GetWindowTextA
0x43e504 GetForegroundWindow
0x43e508 GetLastActivePopup
0x43e50c SetActiveWindow
0x43e510 DispatchMessageA
0x43e514 EnableWindow
0x43e518 LoadIconA
0x43e51c SendMessageA
0x43e520 UpdateWindow
0x43e524 GetSystemMenu
0x43e528 CharUpperA
0x43e52c GetNextDlgTabItem
0x43e530 AdjustWindowRectEx
0x43e534 IsIconic
0x43e538 InvalidateRect
0x43e53c GetParent
0x43e540 BeginDeferWindowPos
0x43e544 EndDeferWindowPos
0x43e548 GetDlgItem
0x43e54c GetTopWindow
0x43e550 DestroyWindow
0x43e554 UnhookWindowsHookEx
0x43e558 GetMessageTime
0x43e55c GetMessagePos
0x43e560 PeekMessageA
0x43e564 MapWindowPoints
0x43e568 MessageBoxA
0x43e56c TrackPopupMenu
0x43e570 GetKeyState
0x43e574 KillTimer
0x43e578 SetTimer
0x43e57c MessageBeep
0x43e580 GetNextDlgGroupItem
0x43e584 SetCapture
0x43e588 SetForegroundWindow
0x43e58c IsWindowVisible
0x43e590 GetClientRect
0x43e594 GetMenu
0x43e598 PostMessageA
0x43e59c GetSubMenu
0x43e5a0 GetMenuItemID
0x43e5a4 GetMenuItemCount
0x43e5a8 InvalidateRgn
0x43e5b0 SetRect
0x43e5b4 CharNextA
0x43e5b8 SetWindowTextA
0x43e5bc DestroyIcon
0x43e5c0 IsChild
0x43e5c4 GetFocus
0x43e5c8 GetDlgCtrlID
0x43e5cc GetWindow
0x43e5d0 PtInRect
0x43e5d4 CopyRect
0x43e5d8 GetSystemMetrics
0x43e5dc GetWindowRect
0x43e5e0 GetWindowPlacement
0x43e5e8 IntersectRect
0x43e5ec OffsetRect
0x43e5f0 SetWindowPos
0x43e5f4 SetWindowLongA
0x43e5f8 GetWindowLongA
0x43e5fc CallWindowProcA
0x43e600 DefWindowProcA
0x43e604 UnregisterClassA
0x43e608 RegisterClassA
0x43e60c GetClassInfoA
0x43e610 DeferWindowPos
0x43e614 EqualRect
0x43e618 ScreenToClient
0x43e61c GetSysColor
Library GDI32.dll:
0x43e058 GetStockObject
0x43e05c CreateSolidBrush
0x43e060 CreateFontIndirectA
0x43e064 CreatePatternBrush
0x43e068 CombineRgn
0x43e06c GetMapMode
0x43e070 GetBkColor
0x43e074 GetTextColor
0x43e078 GetRgnBox
0x43e07c ExtSelectClipRgn
0x43e080 ScaleWindowExtEx
0x43e084 SetWindowExtEx
0x43e088 ScaleViewportExtEx
0x43e08c SetViewportExtEx
0x43e090 OffsetViewportOrgEx
0x43e094 SetViewportOrgEx
0x43e098 Escape
0x43e09c ExtTextOutA
0x43e0a0 TextOutA
0x43e0a4 RectVisible
0x43e0a8 PtVisible
0x43e0ac GetPixel
0x43e0b0 BitBlt
0x43e0b4 GetWindowExtEx
0x43e0b8 GetViewportExtEx
0x43e0bc CreateRectRgn
0x43e0c0 SetRectRgn
0x43e0c4 SelectClipRgn
0x43e0c8 IntersectClipRect
0x43e0cc ExcludeClipRect
0x43e0d0 SetMapMode
0x43e0d4 SetBkMode
0x43e0d8 RestoreDC
0x43e0dc SaveDC
0x43e0e0 CreateFontA
0x43e0e4 GetCharWidthA
0x43e0e8 DeleteObject
0x43e0ec StretchDIBits
0x43e0f0 DeleteDC
0x43e0f8 GetTextMetricsA
0x43e0fc SelectObject
0x43e100 CreateCompatibleDC
0x43e108 PatBlt
0x43e110 GetDeviceCaps
0x43e114 CreateBitmap
0x43e118 GetObjectA
0x43e11c SetBkColor
0x43e120 SetTextColor
0x43e124 GetClipBox
Library comdlg32.dll:
0x43e634 GetOpenFileNameA
0x43e638 GetSaveFileNameA
0x43e63c GetFileTitleA
0x43e644 PrintDlgA
Library WINSPOOL.DRV:
0x43e624 ClosePrinter
0x43e628 OpenPrinterA
0x43e62c DocumentPropertiesA
Library ADVAPI32.dll:
0x43e000 RegCreateKeyA
0x43e004 RegSetValueA
0x43e008 RegOpenKeyA
0x43e00c RegQueryValueExA
0x43e010 RegOpenKeyExA
0x43e014 RegDeleteKeyA
0x43e018 RegEnumKeyA
0x43e01c RegQueryValueA
0x43e020 RegCreateKeyExA
0x43e024 RegSetValueExA
0x43e028 RegDeleteValueA
0x43e02c SetFileSecurityA
0x43e030 RegCloseKey
0x43e034 GetFileSecurityA
Library SHELL32.dll:
0x43e394 DragFinish
0x43e398 DragQueryFileA
0x43e39c ExtractIconA
0x43e3a0 SHGetFileInfoA
0x43e3a4 ShellAboutA
Library COMCTL32.dll:
0x43e040
0x43e044 ImageList_Destroy
0x43e048 ImageList_Create
0x43e04c ImageList_Draw
Library SHLWAPI.dll:
0x43e3ac PathFindFileNameA
0x43e3b0 PathStripToRootA
0x43e3b4 PathFindExtensionA
0x43e3b8 PathIsUNCA
Library oledlg.dll:
0x43e68c
Library ole32.dll:
0x43e650 CoGetClassObject
0x43e654 CLSIDFromString
0x43e658 CLSIDFromProgID
0x43e660 CoTaskMemFree
0x43e668 OleUninitialize
0x43e674 OleFlushClipboard
0x43e67c CoRevokeClassObject
0x43e680 CoTaskMemAlloc
0x43e684 OleInitialize
Library OLEAUT32.dll:
0x43e360 VariantClear
0x43e364 VariantChangeType
0x43e368 VariantInit
0x43e36c SysAllocStringLen
0x43e370 SysFreeString
0x43e374 SysStringLen
0x43e37c VariantCopy
0x43e380 SafeArrayDestroy
0x43e388 SysAllocString

Hosts

No hosts contacted.

TCP

Source Source Port Destination Destination Port
192.168.56.101 49200 113.108.239.194 r1---sn-j5o7dn7e.gvt1.com 80
192.168.56.101 49201 113.108.239.196 r3---sn-j5o7dn7e.gvt1.com 80
192.168.56.101 49191 203.208.40.34 update.googleapis.com 443
192.168.56.101 49194 203.208.41.65 redirector.gvt1.com 80

UDP

Source Source Port Destination Destination Port
192.168.56.101 51808 114.114.114.114 53
192.168.56.101 51963 114.114.114.114 53
192.168.56.101 54991 114.114.114.114 53
192.168.56.101 55368 114.114.114.114 53
192.168.56.101 56539 114.114.114.114 53
192.168.56.101 56743 114.114.114.114 53
192.168.56.101 58070 114.114.114.114 53
192.168.56.101 60221 114.114.114.114 53
192.168.56.101 60384 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 123 20.189.79.72 time.windows.com 123
192.168.56.101 49713 224.0.0.252 5355
192.168.56.101 51378 224.0.0.252 5355
192.168.56.101 53237 224.0.0.252 5355
192.168.56.101 53380 224.0.0.252 5355
192.168.56.101 54260 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 57236 224.0.0.252 5355
192.168.56.101 58367 224.0.0.252 5355

HTTP & HTTPS Requests

URI Data
http://redirector.gvt1.com/edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe 
HEAD /edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
User-Agent: Microsoft BITS/7.5
X-Old-UID: cnt=0
X-Last-HR: 0x0
X-Last-HTTP-Status-Code: 0
X-Retry-Count: 0
X-HTTP-Attempts: 1
Host: redirector.gvt1.com
http://r3---sn-j5o7dn7e.gvt1.com/edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe?mh=ms&pl=17&shardbypass=yes&redirect_counter=1&rm=sn-j5ok7e&req_id=1430a8c05ecaec4a&cms_redirect=yes&ipbypass=yes&mip=59.50.85.19&mm=28&mn=sn-j5o7dn7e&ms=nvh&mt=1620746900&mv=m&mvi=3 
HEAD /edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe?mh=ms&pl=17&shardbypass=yes&redirect_counter=1&rm=sn-j5ok7e&req_id=1430a8c05ecaec4a&cms_redirect=yes&ipbypass=yes&mip=59.50.85.19&mm=28&mn=sn-j5o7dn7e&ms=nvh&mt=1620746900&mv=m&mvi=3 HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
User-Agent: Microsoft BITS/7.5
X-Old-UID: cnt=0
X-Last-HR: 0x0
X-Last-HTTP-Status-Code: 0
X-Retry-Count: 0
X-HTTP-Attempts: 1
Host: r3---sn-j5o7dn7e.gvt1.com
http://r1---sn-j5o7dn7e.gvt1.com/edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe?cms_redirect=yes&mh=ms&mip=202.100.214.100&mm=28&mn=sn-j5o7dn7e&ms=nvh&mt=1620747140&mv=m&mvi=1&pl=23&shardbypass=yes 
HEAD /edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe?cms_redirect=yes&mh=ms&mip=202.100.214.100&mm=28&mn=sn-j5o7dn7e&ms=nvh&mt=1620747140&mv=m&mvi=1&pl=23&shardbypass=yes HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
User-Agent: Microsoft BITS/7.5
X-Old-UID: cnt=0
X-Last-HR: 0x0
X-Last-HTTP-Status-Code: 0
X-Retry-Count: 0
X-HTTP-Attempts: 1
Host: r1---sn-j5o7dn7e.gvt1.com

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.