7.2
高危
67 个模型检测该样本为恶意!
重新分析
更多

04ecc8a39bb1236fb737256d4438f3781141a95d8d55576bd1a7e17a0c8b5aa0

8be33a14d056b3fa353ef25d992b6055.exe

分析耗时

78s

最近分析

文件大小

658.0KB
静态报毒 动态报毒 100% ADYGQ AI SCORE=100 BACKDR CLASSIC COMET CONFIDENCE DARKCOMET DARKKOMET DEAGEZLQ ECAWJB FAMVT FYNLOS FYNLOSKI GENERICKD GRAYBIRD HIGH CONFIDENCE JQOL LBP5 MALICIOUS PE R + TROJ SCORE STATIC AI TORDEV UNSAFE XAB@4OF2BC 更多
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
Alibaba Backdoor:Win32/DarkKomet.ff4479b3 20190527 0.3.0.5
Baidu Win32.Backdoor.Agent.l 20190318 1.0.0.2
Avast MSIL:GenMalicious-CHX [Trj] 20201210 21.1.5827.0
Tencent Backdoor.Win32.Darkkomet.a 20201211 1.0.0.1
McAfee Generic BackDoor.xa 20201211 6.0.6.653
CrowdStrike win/malicious_confidence_100% (W) 20190702 1.0
行为判定
动态指标
Connects to a Dynamic DNS Domain (1 个事件)
domain ediserver.ddns.net
Allocates read-write-execute memory (usually to unpack itself) (1 个事件)
Time & API Arguments Status Return Repeated
1619686132.036119
NtAllocateVirtualMemory
process_identifier: 1436
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x01cf0000
success 0 0
A process created a hidden window (1 个事件)
Time & API Arguments Status Return Repeated
1619686132.692119
CreateProcessInternalW
thread_identifier: 2216
thread_handle: 0x000001a0
process_identifier: 2468
current_directory:
filepath:
track: 1
command_line: notepad
filepath_r:
stack_pivoted: 0
creation_flags: 134217728 (CREATE_NO_WINDOW)
process_handle: 0x000001a4
inherit_handles: 0
success 1 0
Checks for the Locally Unique Identifier on the system for a suspicious privilege (10 个事件)
Time & API Arguments Status Return Repeated
1619686132.255119
LookupPrivilegeValueW
system_name:
privilege_name: SeSecurityPrivilege
success 1 0
1619686132.255119
LookupPrivilegeValueW
system_name:
privilege_name: SeTakeOwnershipPrivilege
success 1 0
1619686132.255119
LookupPrivilegeValueW
system_name:
privilege_name: SeLoadDriverPrivilege
success 1 0
1619686132.286119
LookupPrivilegeValueW
system_name:
privilege_name: SeBackupPrivilege
success 1 0
1619686132.286119
LookupPrivilegeValueW
system_name:
privilege_name: SeRestorePrivilege
success 1 0
1619686132.286119
LookupPrivilegeValueW
system_name:
privilege_name: SeShutdownPrivilege
success 1 0
1619686132.286119
LookupPrivilegeValueW
system_name:
privilege_name: SeDebugPrivilege
success 1 0
1619686132.302119
LookupPrivilegeValueW
system_name:
privilege_name: SeRemoteShutdownPrivilege
success 1 0
1619686132.302119
LookupPrivilegeValueW
system_name:
privilege_name: SeManageVolumePrivilege
success 1 0
1619686132.302119
LookupPrivilegeValueW
system_name:
privilege_name: SeCreateGlobalPrivilege
success 1 0
网络通信
Communicates with host for which no DNS query was performed (1 个事件)
host 172.217.24.14
Allocates execute permission to another process indicative of possible code injection (19 个事件)
Time & API Arguments Status Return Repeated
1619686132.692119
NtAllocateVirtualMemory
process_identifier: 2468
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x000001a4
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x000f0000
success 0 0
1619686132.692119
NtAllocateVirtualMemory
process_identifier: 2468
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x000001a4
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00010000
success 0 0
1619686132.692119
NtAllocateVirtualMemory
process_identifier: 2468
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x000001a4
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00020000
success 0 0
1619686132.692119
NtAllocateVirtualMemory
process_identifier: 2468
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x000001a4
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00100000
success 0 0
1619686132.692119
NtAllocateVirtualMemory
process_identifier: 2468
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x000001a4
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00110000
success 0 0
1619686132.692119
NtAllocateVirtualMemory
process_identifier: 2468
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x000001a4
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00120000
success 0 0
1619686132.692119
NtAllocateVirtualMemory
process_identifier: 2468
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x000001a4
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00130000
success 0 0
1619686132.692119
NtAllocateVirtualMemory
process_identifier: 2468
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x000001a4
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00140000
success 0 0
1619686132.692119
NtAllocateVirtualMemory
process_identifier: 2468
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x000001a4
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00150000
success 0 0
1619686132.692119
NtAllocateVirtualMemory
process_identifier: 2468
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x000001a4
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00160000
success 0 0
1619686132.692119
NtAllocateVirtualMemory
process_identifier: 2468
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x000001a4
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00170000
success 0 0
1619686132.692119
NtAllocateVirtualMemory
process_identifier: 2468
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x000001a4
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00180000
success 0 0
1619686132.692119
NtAllocateVirtualMemory
process_identifier: 2468
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x000001a4
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00190000
success 0 0
1619686132.692119
NtAllocateVirtualMemory
process_identifier: 2468
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x000001a4
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00030000
success 0 0
1619686132.692119
NtAllocateVirtualMemory
process_identifier: 2468
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x000001a4
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x001a0000
success 0 0
1619686132.692119
NtAllocateVirtualMemory
process_identifier: 2468
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x000001a4
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x001b0000
success 0 0
1619686132.692119
NtAllocateVirtualMemory
process_identifier: 2468
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x000001a4
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x001c0000
success 0 0
1619686132.692119
NtAllocateVirtualMemory
process_identifier: 2468
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x000001a4
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00220000
success 0 0
1619686132.692119
NtAllocateVirtualMemory
process_identifier: 2468
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x000001a4
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00230000
success 0 0
Creates known Fynloski/DarkComet files, registry keys and/or mutexes (4 个事件)
mutex DC_MUTEX-P4MPQBE
mutex DCPERSFWBP
regkey HKEY_CURRENT_USER\Software\DC3_FEXEC
regkey HKEY_CURRENT_USER\Software\DC2_USERS
Potential code injection by writing to the memory of another process (19 个事件)
Time & API Arguments Status Return Repeated
1619686132.692119
WriteProcessMemory
process_identifier: 2468
buffer: kernel32.dll
process_handle: 0x000001a4
base_address: 0x000f0000
success 1 0
1619686132.692119
WriteProcessMemory
process_identifier: 2468
buffer: user32.dll
process_handle: 0x000001a4
base_address: 0x00010000
success 1 0
1619686132.692119
WriteProcessMemory
process_identifier: 2468
buffer: Sleep
process_handle: 0x000001a4
base_address: 0x00020000
success 1 0
1619686132.692119
WriteProcessMemory
process_identifier: 2468
buffer: MessageBoxA
process_handle: 0x000001a4
base_address: 0x00100000
success 1 0
1619686132.692119
WriteProcessMemory
process_identifier: 2468
buffer: CreateProcessA
process_handle: 0x000001a4
base_address: 0x00110000
success 1 0
1619686132.692119
WriteProcessMemory
process_identifier: 2468
buffer: GetLastError
process_handle: 0x000001a4
base_address: 0x00120000
success 1 0
1619686132.692119
WriteProcessMemory
process_identifier: 2468
buffer: SetLastError
process_handle: 0x000001a4
base_address: 0x00130000
success 1 0
1619686132.692119
WriteProcessMemory
process_identifier: 2468
buffer: CreateMutexA
process_handle: 0x000001a4
base_address: 0x00140000
success 1 0
1619686132.692119
WriteProcessMemory
process_identifier: 2468
buffer: CloseHandle
process_handle: 0x000001a4
base_address: 0x00150000
success 1 0
1619686132.692119
WriteProcessMemory
process_identifier: 2468
buffer: ExitThread
process_handle: 0x000001a4
base_address: 0x00160000
success 1 0
1619686132.692119
WriteProcessMemory
process_identifier: 2468
buffer: OpenProcess
process_handle: 0x000001a4
base_address: 0x00170000
success 1 0
1619686132.692119
WriteProcessMemory
process_identifier: 2468
buffer: DCPERSFWBP
process_handle: 0x000001a4
base_address: 0x00180000
success 1 0
1619686132.692119
WriteProcessMemory
process_identifier: 2468
buffer: TerminateProcess
process_handle: 0x000001a4
base_address: 0x00190000
success 1 0
1619686132.692119
WriteProcessMemory
process_identifier: 2468
buffer: GetExitCodeProcess
process_handle: 0x000001a4
base_address: 0x00030000
success 1 0
1619686132.692119
WriteProcessMemory
process_identifier: 2468
buffer: DC_MUTEX-P4MPQBE
process_handle: 0x000001a4
base_address: 0x001a0000
success 1 0
1619686132.692119
WriteProcessMemory
process_identifier: 2468
buffer: WaitForSingleObject
process_handle: 0x000001a4
base_address: 0x001b0000
success 1 0
1619686132.692119
WriteProcessMemory
process_identifier: 2468
buffer: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\8be33a14d056b3fa353ef25d992b6055.exe
process_handle: 0x000001a4
base_address: 0x001c0000
success 1 0
1619686132.692119
WriteProcessMemory
process_identifier: 2468
buffer: ×I5v"5vý_wÿ5vÀ5vr5v65v©5v˜ÕØw†5vØ6v5vM6vkL5v¤
process_handle: 0x000001a4
base_address: 0x00220000
success 1 0
1619686132.692119
WriteProcessMemory
process_identifier: 2468
buffer: U‹ìƒÄ¬SVW‹]‹C@P‹C8PÿPÿS‰C ‹CDP‹C<PÿPÿS‰C‹CTP‹C8PÿPÿS‰C‹CXP‹C8PÿPÿS‰C‹CHP‹C8PÿPÿS‰C‹CLP‹C8PÿPÿS‰C‹CPP‹C8PÿPÿS‰C4‹C`P‹C8PÿPÿS‰C,‹ClP‹C8PÿPÿS‰C(‹ChP‹C8PÿPÿS‰C0‹CdP‹C8PÿPÿS‰C ‹CpP‹C8PÿPÿS‰C$jÿS‹CxPjjÿS4ÿS=·u$‹C|PjjÿS$‹ø…ÿtVWÿS0VWÿS(WÿS,jÿS jÿS‹C\PjjÿS4‹øÿS=·tRWÿS,ÇE¼DE¬PE¼Pjjjjjj‹CtPjÿS…Àt3öhȋE¬PÿSƒèsƒÎÿ…ötèë¼hÐÿS ë²WÿS,hôÿS ë„_^[‹å]U‹ìÄ ÿÿÿSVW‰Mô‰Uø‰Eü‹Eüèëùÿ‹Eøèãùÿ‹EôèÛùÿµtÿÿÿ3ÀUh)XGdÿ0d‰ …0ÿÿÿ3ɺDèÝåøÿDž0ÿÿÿDDž\ÿÿÿfDž`ÿÿÿ‹Eüè0Mùÿ„Àu Eüº@XGè{ùÿ‹EøèMùÿ„Àu Uø3Àèќùÿ¿HXG… ÿÿÿP…0ÿÿÿPjjhjjj‹EüèOùÿPjè $ùÿ‹ ÿÿÿºTXG‹Ãè±÷ÿÿ‰F8ºdXG‹Ãè¢÷ÿÿ‰F<ºpXG‹Ãè“÷ÿÿ‰F@ºxXG‹Ãè„÷ÿÿ‰FDº„XG‹Ãèu÷ÿÿ‰FTº”XG‹Ãèf÷ÿÿ‰FHº¤XG‹ÃèW÷ÿÿ‰FLº´XG‹ÃèH÷ÿÿ‰FPºÄXG‹Ãè9÷ÿÿ‰F`ºÐXG‹Ãè*÷ÿÿ‰FdºÜXG‹Ãè÷ÿÿ‰Fp‹×‹Ãè÷ÿÿ‰FxºèXG‹Ãè÷ÿÿ‰FlºüXG‹Ãèñöÿÿ‰Fh‹Eôèjùÿ‹Ð‹ÃèÝöÿÿ‰F\ºYG‹ÃèÎöÿÿ‰FX‹EøèGùÿ‹Ð‹Ãèºöÿÿ‰Ft‹…(ÿÿÿ‰F|h$YGh4YGèO$ùÿPèQ$ùÿ‰h@YGh4YGè8$ùÿPè:$ùÿ‰FhpXGh4YGè $ùÿPè"$ùÿ‰F hxXGhPYGè$ùÿPè $ùÿ‰FhÄXGh4YGèð#ùÿPèò#ùÿ‰F,h„XGh4YGèØ#ùÿPèÚ#ùÿ‰Fh”XGh4YGèÀ#ùÿPèÂ#ùÿ‰Fh¤XGh4YGè¨#ùÿPèª#ùÿ‰Fh´XGh4YGè#ùÿPè’#ùÿ‰F4hüXGh4YGèx#ùÿPèz#ùÿ‰F0hÐXGh4YGè`#ùÿPèb#ùÿ‰F hèXGh4YGèH#ùÿPèJ#ùÿ‰F(hYGh4YGè0#ùÿPè2#ùÿ‰FhÜXGh4YGè#ùÿPè#ùÿ‰F$h€j‹Îº(SG‹Ãèöÿÿ3ÀZYYd‰h0XGEôºè,ýøÿÃ
process_handle: 0x000001a4
base_address: 0x00230000
success 1 0
Creates a windows hook that monitors keyboard input (keylogger) (1 个事件)
Time & API Arguments Status Return Repeated
1619686132.692119
SetWindowsHookExA
thread_identifier: 0
callback_function: 0x004818f8
module_address: 0x00400000
hook_identifier: 13 (WH_KEYBOARD_LL)
success 66005 0
Executed a process and injected code into it, probably while unpacking (41 个事件)
Time & API Arguments Status Return Repeated
1619686132.224119
NtResumeThread
thread_handle: 0x00000174
suspend_count: 1
process_identifier: 1436
success 0 0
1619686132.692119
CreateProcessInternalW
thread_identifier: 2216
thread_handle: 0x000001a0
process_identifier: 2468
current_directory:
filepath:
track: 1
command_line: notepad
filepath_r:
stack_pivoted: 0
creation_flags: 134217728 (CREATE_NO_WINDOW)
process_handle: 0x000001a4
inherit_handles: 0
success 1 0
1619686132.692119
NtAllocateVirtualMemory
process_identifier: 2468
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x000001a4
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x000f0000
success 0 0
1619686132.692119
WriteProcessMemory
process_identifier: 2468
buffer: kernel32.dll
process_handle: 0x000001a4
base_address: 0x000f0000
success 1 0
1619686132.692119
NtAllocateVirtualMemory
process_identifier: 2468
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x000001a4
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00010000
success 0 0
1619686132.692119
WriteProcessMemory
process_identifier: 2468
buffer: user32.dll
process_handle: 0x000001a4
base_address: 0x00010000
success 1 0
1619686132.692119
NtAllocateVirtualMemory
process_identifier: 2468
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x000001a4
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00020000
success 0 0
1619686132.692119
WriteProcessMemory
process_identifier: 2468
buffer: Sleep
process_handle: 0x000001a4
base_address: 0x00020000
success 1 0
1619686132.692119
NtAllocateVirtualMemory
process_identifier: 2468
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x000001a4
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00100000
success 0 0
1619686132.692119
WriteProcessMemory
process_identifier: 2468
buffer: MessageBoxA
process_handle: 0x000001a4
base_address: 0x00100000
success 1 0
1619686132.692119
NtAllocateVirtualMemory
process_identifier: 2468
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x000001a4
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00110000
success 0 0
1619686132.692119
WriteProcessMemory
process_identifier: 2468
buffer: CreateProcessA
process_handle: 0x000001a4
base_address: 0x00110000
success 1 0
1619686132.692119
NtAllocateVirtualMemory
process_identifier: 2468
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x000001a4
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00120000
success 0 0
1619686132.692119
WriteProcessMemory
process_identifier: 2468
buffer: GetLastError
process_handle: 0x000001a4
base_address: 0x00120000
success 1 0
1619686132.692119
NtAllocateVirtualMemory
process_identifier: 2468
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x000001a4
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00130000
success 0 0
1619686132.692119
WriteProcessMemory
process_identifier: 2468
buffer: SetLastError
process_handle: 0x000001a4
base_address: 0x00130000
success 1 0
1619686132.692119
NtAllocateVirtualMemory
process_identifier: 2468
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x000001a4
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00140000
success 0 0
1619686132.692119
WriteProcessMemory
process_identifier: 2468
buffer: CreateMutexA
process_handle: 0x000001a4
base_address: 0x00140000
success 1 0
1619686132.692119
NtAllocateVirtualMemory
process_identifier: 2468
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x000001a4
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00150000
success 0 0
1619686132.692119
WriteProcessMemory
process_identifier: 2468
buffer: CloseHandle
process_handle: 0x000001a4
base_address: 0x00150000
success 1 0
1619686132.692119
NtAllocateVirtualMemory
process_identifier: 2468
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x000001a4
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00160000
success 0 0
1619686132.692119
WriteProcessMemory
process_identifier: 2468
buffer: ExitThread
process_handle: 0x000001a4
base_address: 0x00160000
success 1 0
1619686132.692119
NtAllocateVirtualMemory
process_identifier: 2468
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x000001a4
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00170000
success 0 0
1619686132.692119
WriteProcessMemory
process_identifier: 2468
buffer: OpenProcess
process_handle: 0x000001a4
base_address: 0x00170000
success 1 0
1619686132.692119
NtAllocateVirtualMemory
process_identifier: 2468
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x000001a4
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00180000
success 0 0
1619686132.692119
WriteProcessMemory
process_identifier: 2468
buffer: DCPERSFWBP
process_handle: 0x000001a4
base_address: 0x00180000
success 1 0
1619686132.692119
NtAllocateVirtualMemory
process_identifier: 2468
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x000001a4
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00190000
success 0 0
1619686132.692119
WriteProcessMemory
process_identifier: 2468
buffer: TerminateProcess
process_handle: 0x000001a4
base_address: 0x00190000
success 1 0
1619686132.692119
NtAllocateVirtualMemory
process_identifier: 2468
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x000001a4
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00030000
success 0 0
1619686132.692119
WriteProcessMemory
process_identifier: 2468
buffer: GetExitCodeProcess
process_handle: 0x000001a4
base_address: 0x00030000
success 1 0
1619686132.692119
NtAllocateVirtualMemory
process_identifier: 2468
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x000001a4
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x001a0000
success 0 0
1619686132.692119
WriteProcessMemory
process_identifier: 2468
buffer: DC_MUTEX-P4MPQBE
process_handle: 0x000001a4
base_address: 0x001a0000
success 1 0
1619686132.692119
NtAllocateVirtualMemory
process_identifier: 2468
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x000001a4
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x001b0000
success 0 0
1619686132.692119
WriteProcessMemory
process_identifier: 2468
buffer: WaitForSingleObject
process_handle: 0x000001a4
base_address: 0x001b0000
success 1 0
1619686132.692119
NtAllocateVirtualMemory
process_identifier: 2468
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x000001a4
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x001c0000
success 0 0
1619686132.692119
WriteProcessMemory
process_identifier: 2468
buffer: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\8be33a14d056b3fa353ef25d992b6055.exe
process_handle: 0x000001a4
base_address: 0x001c0000
success 1 0
1619686132.692119
NtAllocateVirtualMemory
process_identifier: 2468
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x000001a4
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00220000
success 0 0
1619686132.692119
WriteProcessMemory
process_identifier: 2468
buffer: ×I5v"5vý_wÿ5vÀ5vr5v65v©5v˜ÕØw†5vØ6v5vM6vkL5v¤
process_handle: 0x000001a4
base_address: 0x00220000
success 1 0
1619686132.692119
NtAllocateVirtualMemory
process_identifier: 2468
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x000001a4
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00230000
success 0 0
1619686132.692119
WriteProcessMemory
process_identifier: 2468
buffer: U‹ìƒÄ¬SVW‹]‹C@P‹C8PÿPÿS‰C ‹CDP‹C<PÿPÿS‰C‹CTP‹C8PÿPÿS‰C‹CXP‹C8PÿPÿS‰C‹CHP‹C8PÿPÿS‰C‹CLP‹C8PÿPÿS‰C‹CPP‹C8PÿPÿS‰C4‹C`P‹C8PÿPÿS‰C,‹ClP‹C8PÿPÿS‰C(‹ChP‹C8PÿPÿS‰C0‹CdP‹C8PÿPÿS‰C ‹CpP‹C8PÿPÿS‰C$jÿS‹CxPjjÿS4ÿS=·u$‹C|PjjÿS$‹ø…ÿtVWÿS0VWÿS(WÿS,jÿS jÿS‹C\PjjÿS4‹øÿS=·tRWÿS,ÇE¼DE¬PE¼Pjjjjjj‹CtPjÿS…Àt3öhȋE¬PÿSƒèsƒÎÿ…ötèë¼hÐÿS ë²WÿS,hôÿS ë„_^[‹å]U‹ìÄ ÿÿÿSVW‰Mô‰Uø‰Eü‹Eüèëùÿ‹Eøèãùÿ‹EôèÛùÿµtÿÿÿ3ÀUh)XGdÿ0d‰ …0ÿÿÿ3ɺDèÝåøÿDž0ÿÿÿDDž\ÿÿÿfDž`ÿÿÿ‹Eüè0Mùÿ„Àu Eüº@XGè{ùÿ‹EøèMùÿ„Àu Uø3Àèќùÿ¿HXG… ÿÿÿP…0ÿÿÿPjjhjjj‹EüèOùÿPjè $ùÿ‹ ÿÿÿºTXG‹Ãè±÷ÿÿ‰F8ºdXG‹Ãè¢÷ÿÿ‰F<ºpXG‹Ãè“÷ÿÿ‰F@ºxXG‹Ãè„÷ÿÿ‰FDº„XG‹Ãèu÷ÿÿ‰FTº”XG‹Ãèf÷ÿÿ‰FHº¤XG‹ÃèW÷ÿÿ‰FLº´XG‹ÃèH÷ÿÿ‰FPºÄXG‹Ãè9÷ÿÿ‰F`ºÐXG‹Ãè*÷ÿÿ‰FdºÜXG‹Ãè÷ÿÿ‰Fp‹×‹Ãè÷ÿÿ‰FxºèXG‹Ãè÷ÿÿ‰FlºüXG‹Ãèñöÿÿ‰Fh‹Eôèjùÿ‹Ð‹ÃèÝöÿÿ‰F\ºYG‹ÃèÎöÿÿ‰FX‹EøèGùÿ‹Ð‹Ãèºöÿÿ‰Ft‹…(ÿÿÿ‰F|h$YGh4YGèO$ùÿPèQ$ùÿ‰h@YGh4YGè8$ùÿPè:$ùÿ‰FhpXGh4YGè $ùÿPè"$ùÿ‰F hxXGhPYGè$ùÿPè $ùÿ‰FhÄXGh4YGèð#ùÿPèò#ùÿ‰F,h„XGh4YGèØ#ùÿPèÚ#ùÿ‰Fh”XGh4YGèÀ#ùÿPèÂ#ùÿ‰Fh¤XGh4YGè¨#ùÿPèª#ùÿ‰Fh´XGh4YGè#ùÿPè’#ùÿ‰F4hüXGh4YGèx#ùÿPèz#ùÿ‰F0hÐXGh4YGè`#ùÿPèb#ùÿ‰F hèXGh4YGèH#ùÿPèJ#ùÿ‰F(hYGh4YGè0#ùÿPè2#ùÿ‰FhÜXGh4YGè#ùÿPè#ùÿ‰F$h€j‹Îº(SG‹Ãèöÿÿ3ÀZYYd‰h0XGEôºè,ýøÿÃ
process_handle: 0x000001a4
base_address: 0x00230000
success 1 0
1619686132.692119
NtResumeThread
thread_handle: 0x000001b4
suspend_count: 1
process_identifier: 1436
success 0 0
File has been identified by 67 AntiVirus engines on VirusTotal as malicious (50 out of 67 个事件)
Bkav W32.FamVT.DeagezLQ.Trojan
Elastic malicious (high confidence)
MicroWorld-eScan Trojan.GenericKD.34279486
FireEye Generic.mg.8be33a14d056b3fa
CAT-QuickHeal Backdoor.Fynloski.A9
ALYac Trojan.GenericKD.34279486
Cylance Unsafe
Zillya Backdoor.DarkKomet.Win32.30208
SUPERAntiSpyware Backdoor.Fynloski/Variant
Sangfor Malware
K7AntiVirus Backdoor ( 003b505d1 )
Alibaba Backdoor:Win32/DarkKomet.ff4479b3
K7GW Backdoor ( 003b505d1 )
Cybereason malicious.4d056b
Arcabit Trojan.Generic.D20B103E
Baidu Win32.Backdoor.Agent.l
Cyren W32/Fynloski.JQOL-9129
Symantec Backdoor.Graybird
TotalDefense Win32/Fynloski.A!generic
APEX Malicious
Avast MSIL:GenMalicious-CHX [Trj]
ClamAV Win.Trojan.DarkKomet-1
Kaspersky Backdoor.Win32.DarkKomet.xyk
BitDefender Trojan.GenericKD.34279486
NANO-Antivirus Trojan.Win32.DarkKomet.ecawjb
Paloalto generic.ml
ViRobot Backdoor.Win32.Agent.674304.A
Tencent Backdoor.Win32.Darkkomet.a
Ad-Aware Trojan.GenericKD.34279486
TACHYON Backdoor/W32.DP-DarkKomet.673792.B
Sophos Mal/Generic-R + Troj/Backdr-ID
Comodo Backdoor.Win32.Agent.XAB@4of2bc
F-Secure Backdoor.BDS/DarkKomet.GS
DrWeb BackDoor.Tordev.976
VIPRE Backdoor.Win32.Fynloski.A (v)
TrendMicro BKDR_FYNLOS.SMM
McAfee-GW-Edition BehavesLike.Win32.Backdoor.jh
Emsisoft Trojan.Fynloski (A)
SentinelOne Static AI - Malicious PE
Jiangmin Trojan/Generic.adygq
Webroot
Avira BDS/DarkKomet.GS
Antiy-AVL Trojan[Backdoor]/Win32.DarkKomet.xyk
Gridinsoft Backdoor.Win32.Fynloski.zv!n
Microsoft Backdoor:Win32/Fynloski.PA!MTB
AegisLab Trojan.Win32.DarkKomet.lBP5
ZoneAlarm Backdoor.Win32.DarkKomet.xyk
GData Win32.Backdoor.DarkComet.H
Cynet Malicious (score: 100)
AhnLab-V3 Win-Trojan/Keylogger.679832
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

2012-06-07 23:59:53

Imports

Library oleaut32.dll:
0x49dca4 SysFreeString
0x49dca8 SysReAllocStringLen
0x49dcac SysAllocStringLen
Library advapi32.dll:
0x49dcb4 RegQueryValueExA
0x49dcb8 RegOpenKeyExA
0x49dcbc RegCloseKey
Library user32.dll:
0x49dcc4 GetKeyboardType
0x49dcc8 DestroyWindow
0x49dccc LoadStringA
0x49dcd0 MessageBoxA
0x49dcd4 CharNextA
Library kernel32.dll:
0x49dcdc GetACP
0x49dce0 Sleep
0x49dce4 VirtualFree
0x49dce8 VirtualAlloc
0x49dcec GetTickCount
0x49dcf4 GetCurrentThreadId
0x49dd00 VirtualQuery
0x49dd04 WideCharToMultiByte
0x49dd08 MultiByteToWideChar
0x49dd0c lstrlenA
0x49dd10 lstrcpynA
0x49dd14 LoadLibraryExA
0x49dd18 GetThreadLocale
0x49dd1c GetStartupInfoA
0x49dd20 GetProcAddress
0x49dd24 GetModuleHandleA
0x49dd28 GetModuleFileNameA
0x49dd2c GetLocaleInfoA
0x49dd30 GetLastError
0x49dd34 GetCommandLineA
0x49dd38 FreeLibrary
0x49dd3c FindFirstFileA
0x49dd40 FindClose
0x49dd44 ExitProcess
0x49dd48 ExitThread
0x49dd4c CreateThread
0x49dd50 CompareStringA
0x49dd54 WriteFile
0x49dd5c SetFilePointer
0x49dd60 SetEndOfFile
0x49dd64 RtlUnwind
0x49dd68 ReadFile
0x49dd6c RaiseException
0x49dd70 GetStdHandle
0x49dd74 GetFileSize
0x49dd78 GetFileType
0x49dd7c CreateFileA
0x49dd80 CloseHandle
Library kernel32.dll:
0x49dd88 TlsSetValue
0x49dd8c TlsGetValue
0x49dd90 LocalAlloc
0x49dd94 GetModuleHandleA
Library user32.dll:
0x49dd9c CreateWindowExA
0x49dda0 mouse_event
0x49dda4 keybd_event
0x49dda8 WindowFromPoint
0x49ddac WaitMessage
0x49ddb0 VkKeyScanA
0x49ddb4 UpdateWindow
0x49ddb8 UnregisterClassA
0x49ddbc UnhookWindowsHookEx
0x49ddc0 TranslateMessage
0x49ddc8 TrackPopupMenu
0x49ddcc ToAscii
0x49ddd4 ShowWindow
0x49ddd8 ShowScrollBar
0x49dddc ShowOwnedPopups
0x49dde0 SetWindowsHookExA
0x49dde4 SetWindowTextA
0x49dde8 SetWindowPos
0x49ddec SetWindowPlacement
0x49ddf0 SetWindowLongW
0x49ddf4 SetWindowLongA
0x49ddf8 SetTimer
0x49ddfc SetScrollRange
0x49de00 SetScrollPos
0x49de04 SetScrollInfo
0x49de08 SetRect
0x49de0c SetPropA
0x49de10 SetParent
0x49de14 SetMenuItemInfoA
0x49de18 SetMenu
0x49de1c SetForegroundWindow
0x49de20 SetFocus
0x49de24 SetCursorPos
0x49de28 SetCursor
0x49de2c SetClipboardData
0x49de30 SetClassLongA
0x49de34 SetCapture
0x49de38 SetActiveWindow
0x49de3c SendMessageW
0x49de40 SendMessageA
0x49de44 ScrollWindow
0x49de48 ScreenToClient
0x49de4c RemovePropA
0x49de50 RemoveMenu
0x49de54 ReleaseDC
0x49de58 ReleaseCapture
0x49de64 RegisterClassA
0x49de68 RedrawWindow
0x49de6c PtInRect
0x49de70 PostQuitMessage
0x49de74 PostMessageA
0x49de78 PeekMessageW
0x49de7c PeekMessageA
0x49de80 OpenClipboard
0x49de84 OffsetRect
0x49de88 OemToCharA
0x49de94 MessageBoxA
0x49de98 MapWindowPoints
0x49de9c MapVirtualKeyA
0x49dea0 LockWorkStation
0x49dea4 LoadStringA
0x49dea8 LoadKeyboardLayoutA
0x49deac LoadIconA
0x49deb0 LoadCursorA
0x49deb4 LoadBitmapA
0x49deb8 KillTimer
0x49debc IsZoomed
0x49dec0 IsWindowVisible
0x49dec4 IsWindowUnicode
0x49dec8 IsWindowEnabled
0x49decc IsWindow
0x49ded0 IsRectEmpty
0x49ded4 IsIconic
0x49ded8 IsDialogMessageW
0x49dedc IsDialogMessageA
0x49dee4 IsChild
0x49dee8 InvalidateRect
0x49deec IntersectRect
0x49def0 InsertMenuItemA
0x49def4 InsertMenuA
0x49def8 InflateRect
0x49df04 GetWindowTextA
0x49df08 GetWindowRect
0x49df0c GetWindowPlacement
0x49df10 GetWindowLongW
0x49df14 GetWindowLongA
0x49df18 GetWindowDC
0x49df1c GetTopWindow
0x49df20 GetSystemMetrics
0x49df24 GetSystemMenu
0x49df28 GetSysColorBrush
0x49df2c GetSysColor
0x49df30 GetSubMenu
0x49df34 GetScrollRange
0x49df38 GetScrollPos
0x49df3c GetScrollInfo
0x49df40 GetPropA
0x49df44 GetParent
0x49df48 GetWindow
0x49df4c GetMessagePos
0x49df50 GetMessageA
0x49df54 GetMenuStringA
0x49df58 GetMenuState
0x49df5c GetMenuItemInfoA
0x49df60 GetMenuItemID
0x49df64 GetMenuItemCount
0x49df68 GetMenu
0x49df6c GetLastInputInfo
0x49df70 GetLastActivePopup
0x49df74 GetKeyboardState
0x49df80 GetKeyboardLayout
0x49df84 GetKeyState
0x49df88 GetKeyNameTextA
0x49df8c GetIconInfo
0x49df90 GetForegroundWindow
0x49df94 GetFocus
0x49df98 GetDesktopWindow
0x49df9c GetDCEx
0x49dfa0 GetDC
0x49dfa4 GetCursorPos
0x49dfa8 GetCursor
0x49dfac GetClipboardData
0x49dfb0 GetClientRect
0x49dfb4 GetClassNameA
0x49dfb8 GetClassLongA
0x49dfbc GetClassInfoA
0x49dfc0 GetCapture
0x49dfc4 GetActiveWindow
0x49dfc8 FrameRect
0x49dfcc FindWindowExA
0x49dfd0 FindWindowA
0x49dfd4 FillRect
0x49dfd8 ExitWindowsEx
0x49dfdc EqualRect
0x49dfe0 EnumWindows
0x49dfe4 EnumThreadWindows
0x49dfe8 EnumDisplayDevicesA
0x49dff0 EnumChildWindows
0x49dff4 EndPaint
0x49dff8 EnableWindow
0x49dffc EnableScrollBar
0x49e000 EnableMenuItem
0x49e004 EmptyClipboard
0x49e008 DrawTextA
0x49e00c DrawMenuBar
0x49e010 DrawIconEx
0x49e014 DrawIcon
0x49e018 DrawFrameControl
0x49e01c DrawEdge
0x49e020 DispatchMessageW
0x49e024 DispatchMessageA
0x49e028 DestroyWindow
0x49e02c DestroyMenu
0x49e030 DestroyIcon
0x49e034 DestroyCursor
0x49e038 DeleteMenu
0x49e03c DefWindowProcA
0x49e040 DefMDIChildProcA
0x49e044 DefFrameProcA
0x49e048 CreatePopupMenu
0x49e04c CreateMenu
0x49e050 CreateIcon
0x49e054 CloseClipboard
0x49e058 ClientToScreen
0x49e05c CheckMenuItem
0x49e060 CallWindowProcA
0x49e064 CallNextHookEx
0x49e068 BeginPaint
0x49e06c CharNextA
0x49e070 CharLowerBuffA
0x49e074 CharLowerA
0x49e078 CharUpperBuffA
0x49e07c CharToOemA
0x49e080 AdjustWindowRectEx
Library gdi32.dll:
0x49e08c UnrealizeObject
0x49e090 StretchBlt
0x49e094 SetWindowOrgEx
0x49e098 SetWinMetaFileBits
0x49e09c SetViewportOrgEx
0x49e0a0 SetTextColor
0x49e0a4 SetStretchBltMode
0x49e0a8 SetROP2
0x49e0ac SetPixel
0x49e0b0 SetEnhMetaFileBits
0x49e0b4 SetDIBColorTable
0x49e0b8 SetBrushOrgEx
0x49e0bc SetBkMode
0x49e0c0 SetBkColor
0x49e0c4 SelectPalette
0x49e0c8 SelectObject
0x49e0cc SaveDC
0x49e0d0 RestoreDC
0x49e0d4 RectVisible
0x49e0d8 RealizePalette
0x49e0dc PlayEnhMetaFile
0x49e0e0 PatBlt
0x49e0e4 MoveToEx
0x49e0e8 MaskBlt
0x49e0ec LineTo
0x49e0f0 IntersectClipRect
0x49e0f4 GetWindowOrgEx
0x49e0f8 GetWinMetaFileBits
0x49e0fc GetTextMetricsA
0x49e108 GetStockObject
0x49e10c GetRgnBox
0x49e110 GetPixel
0x49e114 GetPaletteEntries
0x49e118 GetObjectA
0x49e124 GetEnhMetaFileBits
0x49e128 GetDeviceCaps
0x49e12c GetDIBits
0x49e130 GetDIBColorTable
0x49e134 GetDCOrgEx
0x49e13c GetClipBox
0x49e140 GetBrushOrgEx
0x49e144 GetBitmapBits
0x49e148 GdiFlush
0x49e14c ExtTextOutA
0x49e150 ExcludeClipRect
0x49e154 DeleteObject
0x49e158 DeleteEnhMetaFile
0x49e15c DeleteDC
0x49e160 CreateSolidBrush
0x49e164 CreatePenIndirect
0x49e168 CreatePalette
0x49e170 CreateFontIndirectA
0x49e174 CreateDIBitmap
0x49e178 CreateDIBSection
0x49e17c CreateDCA
0x49e180 CreateCompatibleDC
0x49e188 CreateBrushIndirect
0x49e18c CreateBitmap
0x49e190 CopyEnhMetaFileA
0x49e194 BitBlt
Library version.dll:
0x49e19c VerQueryValueA
0x49e1a4 GetFileVersionInfoA
Library kernel32.dll:
0x49e1ac lstrcpyA
0x49e1b0 WriteProcessMemory
0x49e1b4 WriteFile
0x49e1b8 WinExec
0x49e1bc WaitForSingleObject
0x49e1c4 VirtualQuery
0x49e1c8 VirtualProtectEx
0x49e1cc VirtualProtect
0x49e1d0 VirtualFreeEx
0x49e1d4 VirtualFree
0x49e1d8 VirtualAllocEx
0x49e1dc VirtualAlloc
0x49e1e0 VerLanguageNameA
0x49e1e4 UnmapViewOfFile
0x49e1e8 TerminateProcess
0x49e1ec Sleep
0x49e1f0 SizeofResource
0x49e1f4 SetThreadPriority
0x49e1f8 SetThreadLocale
0x49e1fc SetThreadContext
0x49e200 SetLastError
0x49e204 SetFileTime
0x49e208 SetFilePointer
0x49e20c SetFileAttributesA
0x49e210 SetEvent
0x49e214 SetErrorMode
0x49e218 SetEndOfFile
0x49e21c ResumeThread
0x49e220 ResetEvent
0x49e224 ReadProcessMemory
0x49e228 ReadFile
0x49e22c PeekNamedPipe
0x49e230 OpenProcess
0x49e234 MultiByteToWideChar
0x49e238 MulDiv
0x49e23c MoveFileA
0x49e240 MapViewOfFile
0x49e244 LockResource
0x49e24c LocalAlloc
0x49e250 LoadResource
0x49e254 LoadLibraryA
0x49e25c IsBadReadPtr
0x49e264 HeapFree
0x49e268 HeapAlloc
0x49e26c GlobalUnlock
0x49e270 GlobalMemoryStatus
0x49e274 GlobalLock
0x49e278 GlobalFree
0x49e27c GlobalFindAtomA
0x49e280 GlobalDeleteAtom
0x49e284 GlobalAlloc
0x49e288 GlobalAddAtomA
0x49e294 GetVersionExA
0x49e298 GetVersion
0x49e2a0 GetTickCount
0x49e2a4 GetThreadLocale
0x49e2a8 GetThreadContext
0x49e2ac GetTempPathA
0x49e2b4 GetSystemDirectoryA
0x49e2b8 GetStdHandle
0x49e2bc GetProcessHeap
0x49e2c0 GetProcAddress
0x49e2c4 GetModuleHandleA
0x49e2c8 GetModuleFileNameA
0x49e2cc GetLocaleInfoA
0x49e2d0 GetLocalTime
0x49e2d4 GetLastError
0x49e2d8 GetFullPathNameA
0x49e2dc GetFileTime
0x49e2e0 GetFileSize
0x49e2e4 GetFileAttributesA
0x49e2e8 GetExitCodeThread
0x49e2ec GetExitCodeProcess
0x49e2f4 GetDriveTypeA
0x49e2f8 GetDiskFreeSpaceA
0x49e2fc GetDateFormatA
0x49e300 GetCurrentThreadId
0x49e304 GetCurrentThread
0x49e308 GetCurrentProcessId
0x49e30c GetCurrentProcess
0x49e310 GetComputerNameA
0x49e314 GetCPInfo
0x49e318 FreeResource
0x49e320 InterlockedExchange
0x49e328 FreeLibrary
0x49e32c FormatMessageA
0x49e330 FindResourceA
0x49e334 FindNextFileA
0x49e338 FindFirstFileA
0x49e33c FindClose
0x49e34c ExitThread
0x49e350 ExitProcess
0x49e354 EnumResourceNamesA
0x49e358 EnumCalendarInfoA
0x49e364 DeleteFileA
0x49e36c CreateThread
0x49e370 CreateRemoteThread
0x49e374 CreateProcessA
0x49e378 CreatePipe
0x49e37c CreateMutexA
0x49e380 CreateFileMappingA
0x49e384 CreateFileA
0x49e388 CreateEventA
0x49e38c CreateDirectoryA
0x49e390 CopyFileA
0x49e394 CompareStringA
0x49e398 CloseHandle
0x49e39c Beep
Library advapi32.dll:
0x49e3a4 RegSetValueExA
0x49e3a8 RegQueryValueExA
0x49e3ac RegQueryInfoKeyA
0x49e3b0 RegOpenKeyExA
0x49e3b4 RegOpenKeyA
0x49e3b8 RegFlushKey
0x49e3bc RegEnumValueA
0x49e3c0 RegEnumKeyExA
0x49e3c4 RegDeleteValueA
0x49e3c8 RegDeleteKeyA
0x49e3cc RegCreateKeyExA
0x49e3d0 RegCreateKeyA
0x49e3d4 RegCloseKey
0x49e3d8 OpenThreadToken
0x49e3dc OpenProcessToken
0x49e3ec LookupAccountSidA
0x49e3f0 IsValidSid
0x49e3f4 GetUserNameA
0x49e3f8 GetTokenInformation
0x49e400 GetSidSubAuthority
Library wsock32.dll:
0x49e414 __WSAFDIsSet
0x49e418 WSACleanup
0x49e41c WSAStartup
0x49e420 WSAGetLastError
0x49e424 gethostname
0x49e428 getservbyname
0x49e42c gethostbyname
0x49e430 gethostbyaddr
0x49e434 socket
0x49e438 shutdown
0x49e43c sendto
0x49e440 send
0x49e444 select
0x49e448 recv
0x49e44c ntohs
0x49e450 listen
0x49e454 ioctlsocket
0x49e458 inet_ntoa
0x49e45c inet_addr
0x49e460 htons
0x49e464 getsockname
0x49e468 connect
0x49e46c closesocket
0x49e470 bind
0x49e474 accept
Library kernel32.dll:
0x49e47c Sleep
Library ole32.dll:
0x49e484 CoTaskMemFree
0x49e488 StringFromCLSID
Library shell32.dll:
0x49e490 ShellExecuteExA
0x49e494 ShellExecuteA
0x49e498 SHGetFileInfoA
0x49e49c SHFileOperationA
0x49e4a0 DragQueryFileA
Library oleaut32.dll:
0x49e4a8 GetErrorInfo
0x49e4ac GetActiveObject
0x49e4b0 SysFreeString
Library ole32.dll:
0x49e4b8 CoTaskMemFree
0x49e4bc CLSIDFromProgID
0x49e4c0 ProgIDFromCLSID
0x49e4c4 StringFromCLSID
0x49e4c8 CoCreateInstance
0x49e4cc CoUninitialize
0x49e4d0 CoInitialize
0x49e4d4 IsEqualGUID
Library URLMON.DLL:
0x49e4dc URLDownloadToFileA
Library oleaut32.dll:
0x49e4e4 SafeArrayPtrOfIndex
0x49e4e8 SafeArrayGetUBound
0x49e4ec SafeArrayGetLBound
0x49e4f0 SafeArrayCreate
0x49e4f4 VariantChangeType
0x49e4f8 VariantCopy
0x49e4fc VariantClear
0x49e500 VariantInit
Library comctl32.dll:
0x49e508 _TrackMouseEvent
0x49e514 ImageList_Write
0x49e518 ImageList_Read
0x49e520 ImageList_DragMove
0x49e524 ImageList_DragLeave
0x49e528 ImageList_DragEnter
0x49e52c ImageList_EndDrag
0x49e530 ImageList_BeginDrag
0x49e534 ImageList_Remove
0x49e538 ImageList_DrawEx
0x49e53c ImageList_Draw
0x49e548 ImageList_Add
0x49e550 ImageList_Destroy
0x49e554 ImageList_Create
Library wininet.dll:
0x49e55c InternetReadFile
0x49e560 InternetOpenUrlA
0x49e564 InternetOpenA
0x49e568 InternetConnectA
0x49e56c InternetCloseHandle
0x49e570 HttpQueryInfoA
0x49e574 FtpPutFileA

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 49235 114.114.114.114 53
192.168.56.101 50534 114.114.114.114 53
192.168.56.101 51808 114.114.114.114 53
192.168.56.101 56539 114.114.114.114 53
192.168.56.101 58367 114.114.114.114 53
192.168.56.101 65004 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 123 20.189.79.72 time.windows.com 123
192.168.56.101 55368 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 60123 224.0.0.252 5355
192.168.56.101 62191 224.0.0.252 5355
192.168.56.101 1900 239.255.255.250 1900
192.168.56.101 51809 239.255.255.250 3702
192.168.56.101 56540 239.255.255.250 3702
192.168.56.101 56807 239.255.255.250 1900
192.168.56.101 58707 239.255.255.250 3702

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.