SmartHawk

5.8

高危

49 个模型检测该样本为恶意！

重新分析

下载样本

072764248fe764bf9a93d12d0e211573594a4636748db2f1ce89330ce5dd8d4b

841f8c084b1992b8f714dd861665cb82.exe

分析耗时

79s

最近分析

文件大小

546.5KB

静态报毒动态报毒 100% AI SCORE=84 AIDETECTVM BSCOPE CONFIDENCE DELF DOWNLOADER33 DXMT ELYI EMPE FUERBOOS GDSDA GENERIC@ML GENKRYPTIK HIGH CONFIDENCE HKEDED IKX@ACCXKQMK INFECTED JLIJT KRYPTIK MALWARE1 MALWARE@#3P3S09BJ8FV21 NWZDSF PW0PXFDKGVA R06EC0DIA20 RDMK REMCOS RESCOMS WACATAC WBRT5DKOFOGXSXA ZELPHICO 更多

未检测暂无鹰眼引擎检测结果

查杀引擎	查杀结果	查杀时间	查杀版本
Alibaba	Backdoor:Win32/Injector.0b521916	20190527	0.3.0.5
Avast	Win32:Trojan-gen	20201210	21.1.5827.0
Baidu		20190318	1.0.0.2
Kingsoft		20201211	2017.9.26.565
Tencent	Win32.Backdoor.Remcos.Dxmt	20201211	1.0.0.1
CrowdStrike	win/malicious_confidence_100% (W)	20190702	1.0

The executable contains unknown PE section names indicative of a packer (could be a false positive) (1 个事件)

section

.itext

The executable uses a known packer (1 个事件)

packer

BobSoft Mini Delphi -> BoB / BobSoft

One or more processes crashed (1 个事件)

Time & API	Arguments	Status	Return	Repeated
1619686009.6555 __exception__	stacktrace: registers.esp: 57539632 registers.edi: 53187628 registers.eax: 0 registers.ebp: 0 registers.edx: 0 registers.ebx: 36 registers.esi: 16 registers.ecx: 0 exception.instruction_r: 8b 41 3c 99 03 04 24 13 54 24 04 83 c4 08 89 04 exception.instruction: mov eax, dword ptr [ecx + 0x3c] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x32b8d25	success	0	0

Allocates read-write-execute memory (usually to unpack itself) (1 个事件)

Time & API	Arguments	Status	Return	Repeated
1619685959.5625 NtAllocateVirtualMemory	process_identifier: 2536 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 4096 (MEM_COMMIT) base_address: 0x003a0000	success	0	0

Downloads a file or document from Google Drive (1 个事件)

domain

drive.google.com

Checks adapter addresses which can be used to detect virtual network interfaces (1 个事件)

Time & API	Arguments	Status	Return	Repeated
1619685985.9375 GetAdaptersAddresses	flags: 0 family: 0	failed	111	0

Communicates with host for which no DNS query was performed (1 个事件)

host

172.217.24.14

Sets or modifies WPAD proxy autoconfiguration file for traffic interception (8 个事件)

Time & API	Arguments	Status
1619685988.4995 RegSetValueExA	key_handle: 0x000003b4 value: 1 regkey_r: WpadDecisionReason reg_type: 4 (REG_DWORD) regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionReason	success
1619685988.4995 RegSetValueExA	key_handle: 0x000003b4 value: `´N=× regkey_r: WpadDecisionTime reg_type: 3 (REG_BINARY) regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionTime	success
1619685988.4995 RegSetValueExA	key_handle: 0x000003b4 value: 3 regkey_r: WpadDecision reg_type: 4 (REG_DWORD) regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecision	success
1619685988.4995 RegSetValueExW	key_handle: 0x000003b4 value: 网络 2 regkey_r: WpadNetworkName reg_type: 1 (REG_SZ) regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadNetworkName	success
1619685988.4995 RegSetValueExA	key_handle: 0x000003cc value: 1 regkey_r: WpadDecisionReason reg_type: 4 (REG_DWORD) regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionReason	success
1619685988.4995 RegSetValueExA	key_handle: 0x000003cc value: `´N=× regkey_r: WpadDecisionTime reg_type: 3 (REG_BINARY) regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionTime	success
1619685988.4995 RegSetValueExA	key_handle: 0x000003cc value: 3 regkey_r: WpadDecision reg_type: 4 (REG_DWORD) regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecision	success
1619685988.5305 RegSetValueExW	key_handle: 0x000003b0 value: {40112ABE-63B3-43C3-BE93-1440EE3AF106} regkey_r: WpadLastNetwork reg_type: 1 (REG_SZ) regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\WpadLastNetwork	success

File has been identified by 49 AntiVirus engines on VirusTotal as malicious (49 个事件)

Bkav	W32.AIDetectVM.malware1
Elastic	malicious (high confidence)
DrWeb	Trojan.DownLoader33.36652
MicroWorld-eScan	Trojan.Empe.1.Gen
FireEye	Trojan.Empe.1.Gen
ALYac	Trojan.Empe.1.Gen
Malwarebytes	Trojan.MalPack.SMY.Generic
VIPRE	Trojan.Win32.Generic!BT
K7AntiVirus	Trojan ( 7000000f1 )
Alibaba	Backdoor:Win32/Injector.0b521916
K7GW	Trojan ( 7000000f1 )
Cybereason	malicious.0003de
Arcabit	Trojan.Empe.1.Gen
BitDefenderTheta	Gen:NN.ZelphiCO.34670.IKX@aCcXkqmk
Symantec	Trojan.Gen.MBT
ESET-NOD32	a variant of Win32/Injector.ELYI
APEX	Malicious
Avast	Win32:Trojan-gen
Kaspersky	HEUR:Backdoor.Win32.Remcos.gen
BitDefender	Trojan.Empe.1.Gen
NANO-Antivirus	Trojan.Win32.GenKryptik.hkeded
Paloalto	generic.ml
Rising	Trojan.Generic@ML.85 (RDMK:NwZDsf/WBRt5dKOFogXSXA)
Ad-Aware	Trojan.Empe.1.Gen
Emsisoft	Trojan.Empe.1.Gen (B)
Comodo	Malware@#3p3s09bj8fv21
F-Secure	Trojan.TR/Kryptik.jlijt
Zillya	Trojan.Injector.Win32.736861
TrendMicro	TROJ_GEN.R06EC0DIA20
McAfee-GW-Edition	BehavesLike.Win32.Infected.hh
Sophos	Mal/Generic-S
Jiangmin	Backdoor.Remcos.bmn
Avira	TR/Kryptik.jlijt
Antiy-AVL	Trojan/Win32.Wacatac
Microsoft	Backdoor:Win32/Rescoms.KD
AegisLab	Trojan.Multi.Generic.4!c
ZoneAlarm	HEUR:Backdoor.Win32.Remcos.gen
GData	Trojan.Empe.1.Gen
AhnLab-V3	Trojan/Win32.Agent.C4096954
VBA32	BScope.Trojan.Fuerboos
TrendMicro-HouseCall	TROJ_GEN.R06EC0DIA20
Tencent	Win32.Backdoor.Remcos.Dxmt
Yandex	Trojan.Injector!pW0pXFdKGvA
MAX	malware (ai score=84)
Fortinet	W32/Delf.BZL!tr
AVG	Win32:Trojan-gen
Panda	Trj/GdSda.A
CrowdStrike	win/malicious_confidence_100% (W)
Qihoo-360	Win32/Backdoor.a07

Connects to IP addresses that are no longer responding to requests (legitimate services will remain up-and-running usually) (3 个事件)

dead_host	172.217.24.14:443
dead_host	31.13.83.1:443
dead_host	172.217.27.142:443

暂无二进制图像该样本未生成二进制可视化图像

暂无运行截图该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手，可以帮您分析和解读恶意软件报告。请随时向我提问！

🔍 主要威胁分析

⚡ 行为特征

🛡️ 防护建议

🔧 技术手段

🎯 检测方法

🤖

Static Analysis
Strings

PE Compile Time

1992-06-20 06:22:17

Imports

Library oleaut32.dll:

• 0x48774c SysFreeString

• 0x487750 SysReAllocStringLen

• 0x487754 SysAllocStringLen

Library advapi32.dll:

• 0x48775c RegQueryValueExA

• 0x487760 RegOpenKeyExA

• 0x487764 RegCloseKey

Library user32.dll:

• 0x48776c GetKeyboardType

• 0x487770 DestroyWindow

• 0x487774 LoadStringA

• 0x487778 MessageBoxA

• 0x48777c CharNextA

Library kernel32.dll:

• 0x487784 GetACP

• 0x487788 Sleep

• 0x48778c VirtualFree

• 0x487790 VirtualAlloc

• 0x487794 GetCurrentThreadId

• 0x487798 InterlockedDecrement

• 0x48779c InterlockedIncrement

• 0x4877a0 VirtualQuery

• 0x4877a4 WideCharToMultiByte

• 0x4877a8 MultiByteToWideChar

• 0x4877ac lstrlenA

• 0x4877b0 lstrcpynA

• 0x4877b4 LoadLibraryExA

• 0x4877b8 GetThreadLocale

• 0x4877bc GetStartupInfoA

• 0x4877c0 GetProcAddress

• 0x4877c4 GetModuleHandleA

• 0x4877c8 GetModuleFileNameA

• 0x4877cc GetLocaleInfoA

• 0x4877d0 GetCommandLineA

• 0x4877d4 FreeLibrary

• 0x4877d8 FindFirstFileA

• 0x4877dc FindClose

• 0x4877e0 ExitProcess

• 0x4877e4 CompareStringA

• 0x4877e8 WriteFile

• 0x4877ec UnhandledExceptionFilter

• 0x4877f0 RtlUnwind

• 0x4877f4 RaiseException

• 0x4877f8 GetStdHandle

Library kernel32.dll:

• 0x487800 TlsSetValue

• 0x487804 TlsGetValue

• 0x487808 LocalAlloc

• 0x48780c GetModuleHandleA

Library user32.dll:

• 0x487814 CreateWindowExA

• 0x487818 WindowFromPoint

• 0x48781c WaitMessage

• 0x487820 UpdateWindow

• 0x487824 UnregisterClassA

• 0x487828 UnhookWindowsHookEx

• 0x48782c TranslateMessage

• 0x487830 TranslateMDISysAccel

• 0x487834 TrackPopupMenu

• 0x487838 SystemParametersInfoA

• 0x48783c ShowWindow

• 0x487840 ShowScrollBar

• 0x487844 ShowOwnedPopups

• 0x487848 SetWindowsHookExA

• 0x48784c SetWindowTextA

• 0x487850 SetWindowPos

• 0x487854 SetWindowPlacement

• 0x487858 SetWindowLongW

• 0x48785c SetWindowLongA

• 0x487860 SetTimer

• 0x487864 SetScrollRange

• 0x487868 SetScrollPos

• 0x48786c SetScrollInfo

• 0x487870 SetRect

• 0x487874 SetPropA

• 0x487878 SetParent

• 0x48787c SetMenuItemInfoA

• 0x487880 SetMenu

• 0x487884 SetForegroundWindow

• 0x487888 SetFocus

• 0x48788c SetCursor

• 0x487890 SetClipboardData

• 0x487894 SetClassLongA

• 0x487898 SetCapture

• 0x48789c SetActiveWindow

• 0x4878a0 SendMessageW

• 0x4878a4 SendMessageA

• 0x4878a8 ScrollWindow

• 0x4878ac ScreenToClient

• 0x4878b0 RemovePropA

• 0x4878b4 RemoveMenu

• 0x4878b8 ReleaseDC

• 0x4878bc ReleaseCapture

• 0x4878c0 RegisterWindowMessageA

• 0x4878c4 RegisterClipboardFormatA

• 0x4878c8 RegisterClassA

• 0x4878cc RedrawWindow

• 0x4878d0 PtInRect

• 0x4878d4 PostQuitMessage

• 0x4878d8 PostMessageA

• 0x4878dc PeekMessageW

• 0x4878e0 PeekMessageA

• 0x4878e4 OpenClipboard

• 0x4878e8 OffsetRect

• 0x4878ec OemToCharA

• 0x4878f0 MessageBoxA

• 0x4878f4 MessageBeep

• 0x4878f8 MapWindowPoints

• 0x4878fc MapVirtualKeyA

• 0x487900 LoadStringA

• 0x487904 LoadKeyboardLayoutA

• 0x487908 LoadIconA

• 0x48790c LoadCursorA

• 0x487910 LoadBitmapA

• 0x487914 KillTimer

• 0x487918 IsZoomed

• 0x48791c IsWindowVisible

• 0x487920 IsWindowUnicode

• 0x487924 IsWindowEnabled

• 0x487928 IsWindow

• 0x48792c IsRectEmpty

• 0x487930 IsIconic

• 0x487934 IsDialogMessageW

• 0x487938 IsDialogMessageA

• 0x48793c IsChild

• 0x487940 InvalidateRect

• 0x487944 IntersectRect

• 0x487948 InsertMenuItemA

• 0x48794c InsertMenuA

• 0x487950 InflateRect

• 0x487954 GetWindowThreadProcessId

• 0x487958 GetWindowTextA

• 0x48795c GetWindowRect

• 0x487960 GetWindowPlacement

• 0x487964 GetWindowLongW

• 0x487968 GetWindowLongA

• 0x48796c GetWindowDC

• 0x487970 GetTopWindow

• 0x487974 GetSystemMetrics

• 0x487978 GetSystemMenu

• 0x48797c GetSysColorBrush

• 0x487980 GetSysColor

• 0x487984 GetSubMenu

• 0x487988 GetScrollRange

• 0x48798c GetScrollPos

• 0x487990 GetScrollInfo

• 0x487994 GetPropA

• 0x487998 GetParent

• 0x48799c GetWindow

• 0x4879a0 GetMessagePos

• 0x4879a4 GetMenuStringA

• 0x4879a8 GetMenuState

• 0x4879ac GetMenuItemInfoA

• 0x4879b0 GetMenuItemID

• 0x4879b4 GetMenuItemCount

• 0x4879b8 GetMenu

• 0x4879bc GetLastActivePopup

• 0x4879c0 GetKeyboardState

• 0x4879c4 GetKeyboardLayoutNameA

• 0x4879c8 GetKeyboardLayoutList

• 0x4879cc GetKeyboardLayout

• 0x4879d0 GetKeyState

• 0x4879d4 GetKeyNameTextA

• 0x4879d8 GetIconInfo

• 0x4879dc GetForegroundWindow

• 0x4879e0 GetFocus

• 0x4879e4 GetDesktopWindow

• 0x4879e8 GetDCEx

• 0x4879ec GetDC

• 0x4879f0 GetCursorPos

• 0x4879f4 GetCursor

• 0x4879f8 GetClipboardData

• 0x4879fc GetClientRect

• 0x487a00 GetClassLongA

• 0x487a04 GetClassInfoA

• 0x487a08 GetCapture

• 0x487a0c GetActiveWindow

• 0x487a10 FrameRect

• 0x487a14 FindWindowA

• 0x487a18 FillRect

• 0x487a1c EqualRect

• 0x487a20 EnumWindows

• 0x487a24 EnumThreadWindows

• 0x487a28 EnumChildWindows

• 0x487a2c EndPaint

• 0x487a30 EnableWindow

• 0x487a34 EnableScrollBar

• 0x487a38 EnableMenuItem

• 0x487a3c EmptyClipboard

• 0x487a40 DrawTextA

• 0x487a44 DrawMenuBar

• 0x487a48 DrawIconEx

• 0x487a4c DrawIcon

• 0x487a50 DrawFrameControl

• 0x487a54 DrawEdge

• 0x487a58 DispatchMessageW

• 0x487a5c DispatchMessageA

• 0x487a60 DestroyWindow

• 0x487a64 DestroyMenu

• 0x487a68 DestroyIcon

• 0x487a6c DestroyCursor

• 0x487a70 DeleteMenu

• 0x487a74 DefWindowProcA

• 0x487a78 DefMDIChildProcA

• 0x487a7c DefFrameProcA

• 0x487a80 CreatePopupMenu

• 0x487a84 CreateMenu

• 0x487a88 CreateIcon

• 0x487a8c CloseClipboard

• 0x487a90 ClientToScreen

• 0x487a94 CheckMenuItem

• 0x487a98 CallWindowProcA

• 0x487a9c CallNextHookEx

• 0x487aa0 BeginPaint

• 0x487aa4 CharNextA

• 0x487aa8 CharLowerBuffA

• 0x487aac CharLowerA

• 0x487ab0 CharUpperBuffA

• 0x487ab4 CharToOemA

• 0x487ab8 AdjustWindowRectEx

• 0x487abc ActivateKeyboardLayout

Library gdi32.dll:

• 0x487ac4 UnrealizeObject

• 0x487ac8 StretchBlt

• 0x487acc SetWindowOrgEx

• 0x487ad0 SetWinMetaFileBits

• 0x487ad4 SetViewportOrgEx

• 0x487ad8 SetTextColor

• 0x487adc SetStretchBltMode

• 0x487ae0 SetROP2

• 0x487ae4 SetPixel

• 0x487ae8 SetEnhMetaFileBits

• 0x487aec SetDIBColorTable

• 0x487af0 SetBrushOrgEx

• 0x487af4 SetBkMode

• 0x487af8 SetBkColor

• 0x487afc SelectPalette

• 0x487b00 SelectObject

• 0x487b04 SaveDC

• 0x487b08 RestoreDC

• 0x487b0c Rectangle

• 0x487b10 RectVisible

• 0x487b14 RealizePalette

• 0x487b18 PlayEnhMetaFile

• 0x487b1c PatBlt

• 0x487b20 MoveToEx

• 0x487b24 MaskBlt

• 0x487b28 LineTo

• 0x487b2c IntersectClipRect

• 0x487b30 GetWindowOrgEx

• 0x487b34 GetWinMetaFileBits

• 0x487b38 GetTextMetricsA

• 0x487b3c GetTextExtentPointA

• 0x487b40 GetTextExtentPoint32A

• 0x487b44 GetSystemPaletteEntries

• 0x487b48 GetStockObject

• 0x487b4c GetRgnBox

• 0x487b50 GetPixel

• 0x487b54 GetPaletteEntries

• 0x487b58 GetObjectA

• 0x487b5c GetEnhMetaFilePaletteEntries

• 0x487b60 GetEnhMetaFileHeader

• 0x487b64 GetEnhMetaFileBits

• 0x487b68 GetDeviceCaps

• 0x487b6c GetDIBits

• 0x487b70 GetDIBColorTable

• 0x487b74 GetDCOrgEx

• 0x487b78 GetCurrentPositionEx

• 0x487b7c GetClipBox

• 0x487b80 GetBrushOrgEx

• 0x487b84 GetBitmapBits

• 0x487b88 ExcludeClipRect

• 0x487b8c DeleteObject

• 0x487b90 DeleteEnhMetaFile

• 0x487b94 DeleteDC

• 0x487b98 CreateSolidBrush

• 0x487b9c CreatePenIndirect

• 0x487ba0 CreatePalette

• 0x487ba4 CreateHalftonePalette

• 0x487ba8 CreateFontIndirectA

• 0x487bac CreateDIBitmap

• 0x487bb0 CreateDIBSection

• 0x487bb4 CreateCompatibleDC

• 0x487bb8 CreateCompatibleBitmap

• 0x487bbc CreateBrushIndirect

• 0x487bc0 CreateBitmap

• 0x487bc4 CopyEnhMetaFileA

• 0x487bc8 BitBlt

Library version.dll:

• 0x487bd0 VerQueryValueA

• 0x487bd4 GetFileVersionInfoSizeA

• 0x487bd8 GetFileVersionInfoA

Library kernel32.dll:

• 0x487be0 lstrcpyA

• 0x487be4 WriteFile

• 0x487be8 WaitForSingleObject

• 0x487bec VirtualQuery

• 0x487bf0 VirtualProtect

• 0x487bf4 VirtualAlloc

• 0x487bf8 SizeofResource

• 0x487bfc SetThreadLocale

• 0x487c00 SetFilePointer

• 0x487c04 SetEvent

• 0x487c08 SetErrorMode

• 0x487c0c SetEndOfFile

• 0x487c10 ResetEvent

• 0x487c14 ReadFile

• 0x487c18 MulDiv

• 0x487c1c LockResource

• 0x487c20 LoadResource

• 0x487c24 LoadLibraryA

• 0x487c28 LeaveCriticalSection

• 0x487c2c InitializeCriticalSection

• 0x487c30 GlobalUnlock

• 0x487c34 GlobalLock

• 0x487c38 GlobalFree

• 0x487c3c GlobalFindAtomA

• 0x487c40 GlobalDeleteAtom

• 0x487c44 GlobalAlloc

• 0x487c48 GlobalAddAtomA

• 0x487c4c GetVersionExA

• 0x487c50 GetVersion

• 0x487c54 GetTickCount

• 0x487c58 GetThreadLocale

• 0x487c5c GetStdHandle

• 0x487c60 GetProcAddress

• 0x487c64 GetModuleHandleA

• 0x487c68 GetModuleFileNameA

• 0x487c6c GetLocaleInfoA

• 0x487c70 GetLocalTime

• 0x487c74 GetLastError

• 0x487c78 GetFullPathNameA

• 0x487c7c GetFileAttributesA

• 0x487c80 GetDiskFreeSpaceA

• 0x487c84 GetDateFormatA

• 0x487c88 GetCurrentThreadId

• 0x487c8c GetCurrentProcessId

• 0x487c90 GetCPInfo

• 0x487c94 FreeResource

• 0x487c98 InterlockedExchange

• 0x487c9c FreeLibrary

• 0x487ca0 FormatMessageA

• 0x487ca4 FindResourceA

• 0x487ca8 EnumCalendarInfoA

• 0x487cac EnterCriticalSection

• 0x487cb0 DeleteCriticalSection

• 0x487cb4 CreateThread

• 0x487cb8 CreateFileA

• 0x487cbc CreateEventA

• 0x487cc0 CompareStringA

• 0x487cc4 CloseHandle

Library advapi32.dll:

• 0x487ccc RegQueryValueExA

• 0x487cd0 RegOpenKeyExA

• 0x487cd4 RegFlushKey

• 0x487cd8 RegCloseKey

Library kernel32.dll:

• 0x487ce0 Sleep

Library oleaut32.dll:

• 0x487ce8 SafeArrayPtrOfIndex

• 0x487cec SafeArrayGetUBound

• 0x487cf0 SafeArrayGetLBound

• 0x487cf4 SafeArrayCreate

• 0x487cf8 VariantChangeType

• 0x487cfc VariantCopy

• 0x487d00 VariantClear

• 0x487d04 VariantInit

Library comctl32.dll:

• 0x487d0c _TrackMouseEvent

• 0x487d10 ImageList_SetIconSize

• 0x487d14 ImageList_GetIconSize

• 0x487d18 ImageList_Write

• 0x487d1c ImageList_Read

• 0x487d20 ImageList_DragShowNolock

• 0x487d24 ImageList_DragMove

• 0x487d28 ImageList_DragLeave

• 0x487d2c ImageList_DragEnter

• 0x487d30 ImageList_EndDrag

• 0x487d34 ImageList_BeginDrag

• 0x487d38 ImageList_Remove

• 0x487d3c ImageList_DrawEx

• 0x487d40 ImageList_Draw

• 0x487d44 ImageList_GetBkColor

• 0x487d48 ImageList_SetBkColor

• 0x487d4c ImageList_Add

• 0x487d50 ImageList_GetImageCount

• 0x487d54 ImageList_Destroy

• 0x487d58 ImageList_Create

• 0x487d5c InitCommonControls

Library URL.DLL:

• 0x487d64 InetIsOffline

Hosts

No hosts contacted.

DNS

Name	Response	Post-Analysis Lookup
time.windows.com	A 20.189.79.72 CNAME time.microsoft.akadns.net
dns.msftncsi.com	A 131.107.255.255	131.107.255.255
clients2.google.com	CNAME clients.l.google.com A 172.217.27.142	172.217.160.78
drive.google.com	A 31.13.83.1	31.13.91.33
dns.msftncsi.com	AAAA fd3e:4f5a:5b81::1	131.107.255.255
teredo.ipv6.microsoft.com		127.0.0.1

TCP

No TCP connections recorded.

UDP

Source	Source Port	Destination	Destination Port
192.168.56.101	49235	114.114.114.114	53
192.168.56.101	50568	114.114.114.114	53
192.168.56.101	53380	114.114.114.114	53
192.168.56.101	55368	114.114.114.114	53
192.168.56.101	56539	114.114.114.114	53
192.168.56.101	58367	114.114.114.114	53
192.168.56.101	63429	114.114.114.114	53
192.168.56.101	137	192.168.56.255	137
192.168.56.101	138	192.168.56.255	138
192.168.56.101	123	20.189.79.72 time.windows.com	123
192.168.56.101	50002	224.0.0.252	5355
192.168.56.101	50534	224.0.0.252	5355
192.168.56.101	51963	224.0.0.252	5355
192.168.56.101	53657	224.0.0.252	5355
192.168.56.101	56804	224.0.0.252	5355
192.168.56.101	57756	224.0.0.252	5355
192.168.56.101	57874	224.0.0.252	5355
192.168.56.101	60384	224.0.0.252	5355
192.168.56.101	62191	224.0.0.252	5355
192.168.56.101	62912	224.0.0.252	5355

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.

Sorry! No dropped buffers.