SmartHawk

4.4

中危

52 个模型检测该样本为恶意！

重新分析

下载样本

c81ab1ade819ca91b950ecc7dda7cb9796f62e74fd160ad6ea6e5e68c636b16c

8c661db7e1d42a7be5e653794ecf9c2b.exe

分析耗时

76s

最近分析

文件大小

875.1KB

静态报毒动态报毒 2Y1@AUCVKFMI AI SCORE=80 CERT CLASSIC CONFIDENCE DANABOT DANGEROUSSIG DRIDEX ENCPK GDSDA GENCIRC GENERICKD GENERICRXLP HFIC HIGH CONFIDENCE KCLOUD KRYPTIK MALICIOUS PE MALWARE@#27TMP7TM4FZRL PSWTROJ QAKBOT R + MAL R346657 RACCOONSTEALER RACEALER SCORE SIGGEN10 STATIC AI THIBGBO TIRD TROJANPSW UNSAFE YTTJV ZEXAF 更多

未检测暂无鹰眼引擎检测结果

查杀引擎	查杀结果	查杀时间	查杀版本
McAfee	GenericRXLP-DH!8C661DB7E1D4	20201211	6.0.6.653
CrowdStrike	win/malicious_confidence_80% (W)	20190702	1.0
Baidu		20190318	1.0.0.2
Alibaba	TrojanPSW:Win32/Racealer.38e41f79	20190527	0.3.0.5
Kingsoft	Win32.PSWTroj.Racealer.i.(kcloud)	20201211	2017.9.26.565
Tencent	Malware.Win32.Gencirc.11ab0f0e	20201211	1.0.0.1
Avast	Win32:DangerousSig [Trj]	20201210	21.1.5827.0

This executable is signed

The executable contains unknown PE section names indicative of a packer (could be a false positive) (2 个事件)

section	.rdata3
section	.rdata2

Allocates read-write-execute memory (usually to unpack itself) (3 个事件)

Time & API	Arguments	Status
1619686137.385662 NtAllocateVirtualMemory	process_identifier: 200 region_size: 741376 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) base_address: 0x02240000	success
1619686139.104662 NtAllocateVirtualMemory	process_identifier: 200 region_size: 737280 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) base_address: 0x02300000	success
1619686139.104662 NtProtectVirtualMemory	process_identifier: 200 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 602112 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff base_address: 0x00400000	success

The binary likely contains encrypted or compressed data indicative of a packer (2 个事件)

entropy

6.941744451734232

section

{'size_of_data': '0x000be400', 'virtual_address': '0x0000e000', 'entropy': 6.941744451734232, 'name': '.rdata', 'virtual_size': '0x000be241'}

description

A section with a high entropy has been found

entropy

0.8717067583046965

description

Overall entropy of this PE file is high

Communicates with host for which no DNS query was performed (3 个事件)

host	104.16.236.79
host	104.18.87.101
host	172.217.24.14

File has been identified by 52 AntiVirus engines on VirusTotal as malicious (50 out of 52 个事件)

Elastic	malicious (high confidence)
MicroWorld-eScan	Trojan.GenericKD.43582517
FireEye	Generic.mg.8c661db7e1d42a7b
Qihoo-360	Win32/Trojan.PSW.989
McAfee	GenericRXLP-DH!8C661DB7E1D4
Cylance	Unsafe
VIPRE	Trojan.Win32.Generic!BT
Sangfor	Malware
K7AntiVirus	Trojan ( 0056be901 )
BitDefender	Trojan.GenericKD.43582517
K7GW	Trojan ( 0056be901 )
CrowdStrike	win/malicious_confidence_80% (W)
Arcabit	Trojan.Generic.D2990435
Cyren	W32/Trojan.TIRD-8420
Symantec	Packed.Generic.459
APEX	Malicious
Paloalto	generic.ml
Kaspersky	Trojan-PSW.Win32.Racealer.iha
Alibaba	TrojanPSW:Win32/Racealer.38e41f79
Rising	Trojan.Kryptik!1.C9B6 (CLASSIC)
Ad-Aware	Trojan.GenericKD.43582517
Emsisoft	Trojan.GenericKD.43582517 (B)
Comodo	Malware@#27tmp7tm4fzrl
F-Secure	Trojan.TR/Kryptik.yttjv
DrWeb	Trojan.Siggen10.5237
TrendMicro	TrojanSpy.Win32.DANABOT.THIBGBO
McAfee-GW-Edition	GenericRXLP-DH!8C661DB7E1D4
Sophos	Mal/Generic-R + Mal/EncPk-APV
SentinelOne	Static AI - Malicious PE
Avira	TR/Kryptik.yttjv
Antiy-AVL	Trojan[PSW]/Win32.Racealer
Kingsoft	Win32.PSWTroj.Racealer.i.(kcloud)
Gridinsoft	Trojan.Win32.Kryptik.cc
Microsoft	Trojan:Win32/Raccoonstealer!cert
ZoneAlarm	Trojan-PSW.Win32.Racealer.iha
GData	Trojan.GenericKD.43582517
Cynet	Malicious (score: 100)
AhnLab-V3	Trojan/Win32.Kryptik.R346657
Acronis	suspicious
BitDefenderTheta	Gen:NN.ZexaF.34670.2y1@auCvkFmi
ALYac	Trojan.GenericKD.43582517
MAX	malware (ai score=80)
VBA32	TrojanPSW.Racealer
Malwarebytes	Trojan.MalPack
Panda	Trj/GdSda.A
ESET-NOD32	a variant of Win32/Kryptik.HFIC
TrendMicro-HouseCall	Backdoor.Win32.QAKBOT.SMF
Tencent	Malware.Win32.Gencirc.11ab0f0e
Fortinet	W32/Dridex.TWY!tr
AVG	Win32:DangerousSig [Trj]

Connects to IP addresses that are no longer responding to requests (legitimate services will remain up-and-running usually) (2 个事件)

dead_host	104.16.236.79:443
dead_host	64.13.192.76:443

暂无二进制图像该样本未生成二进制可视化图像

暂无运行截图该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手，可以帮您分析和解读恶意软件报告。请随时向我提问！

🔍 主要威胁分析

⚡ 行为特征

🛡️ 防护建议

🔧 技术手段

🎯 检测方法

🤖

Static Analysis
Strings

PE Compile Time

2020-08-02 15:19:17

Imports

Library KERNEL32.dll:

• 0x4d8bcc LoadLibraryA

• 0x4d8bd0 GetProcAddress

• 0x4d8bd4 GetModuleHandleA

• 0x4d8bd8 GetSystemTimeAsFileTime

• 0x4d8bdc GetTickCount

• 0x4d8be0 QueryPerformanceCounter

• 0x4d8be4 IsDebuggerPresent

• 0x4d8be8 SetUnhandledExceptionFilter

• 0x4d8bec UnhandledExceptionFilter

• 0x4d8bf0 GetCurrentProcess

• 0x4d8bf4 TerminateProcess

• 0x4d8bf8 InterlockedCompareExchange

• 0x4d8bfc Sleep

• 0x4d8c00 InterlockedExchange

• 0x4d8c04 GetStartupInfoW

• 0x4d8c08 GetCommandLineW

• 0x4d8c0c GetModuleFileNameW

• 0x4d8c10 CreateProcessW

• 0x4d8c14 WaitForSingleObject

• 0x4d8c18 CloseHandle

• 0x4d8c1c GetLastError

• 0x4d8c20 FormatMessageW

• 0x4d8c24 LocalFree

• 0x4d8c28 GetCurrentProcessId

• 0x4d8c2c GetCurrentThreadId

• 0x4d8c30 WaitNamedPipeA

• 0x4d8c34 HeapReAlloc

• 0x4d8c38 GlobalFree

• 0x4d8c3c _lwrite

• 0x4d8c40 FindNextVolumeMountPointA

• 0x4d8c44 GetCommConfig

• 0x4d8c48 IsBadHugeWritePtr

• 0x4d8c4c GetConsoleAliasA

• 0x4d8c50 ResetEvent

• 0x4d8c54 ReplaceFileA

• 0x4d8c58 GetACP

• 0x4d8c5c VirtualFree

• 0x4d8c60 VirtualAlloc

• 0x4d8c64 GetSystemInfo

• 0x4d8c68 GetVersion

• 0x4d8c6c VirtualQuery

• 0x4d8c70 WideCharToMultiByte

• 0x4d8c74 SetCurrentDirectoryW

• 0x4d8c78 MultiByteToWideChar

• 0x4d8c7c lstrlenW

• 0x4d8c80 lstrcpynW

• 0x4d8c84 LoadLibraryExW

• 0x4d8c88 GetThreadLocale

• 0x4d8c8c GetStartupInfoA

• 0x4d8c90 GetModuleHandleW

• 0x4d8c94 GetLocaleInfoW

• 0x4d8c98 GetCurrentDirectoryW

• 0x4d8c9c FreeLibrary

• 0x4d8ca0 FindFirstFileW

• 0x4d8ca4 FindClose

• 0x4d8ca8 ExitProcess

• 0x4d8cac ExitThread

• 0x4d8cb0 CreateThread

• 0x4d8cb4 CompareStringW

• 0x4d8cb8 WriteFile

• 0x4d8cbc RtlUnwind

• 0x4d8cc0 RaiseException

• 0x4d8cc4 GetStdHandle

• 0x4d8cc8 TlsSetValue

• 0x4d8ccc TlsGetValue

• 0x4d8cd0 LocalAlloc

• 0x4d8cd4 lstrcpyW

• 0x4d8cd8 lstrcmpW

• 0x4d8cdc WriteProfileStringW

• 0x4d8ce0 WritePrivateProfileStringW

• 0x4d8ce4 WaitForMultipleObjectsEx

• 0x4d8ce8 VirtualQueryEx

• 0x4d8cec TransactNamedPipe

• 0x4d8cf0 SwitchToThread

• 0x4d8cf4 SizeofResource

• 0x4d8cf8 SignalObjectAndWait

• 0x4d8cfc SetThreadLocale

• 0x4d8d00 SetNamedPipeHandleState

• 0x4d8d04 SetLastError

• 0x4d8d08 SetFileTime

• 0x4d8d0c SetFilePointer

• 0x4d8d10 SetFileAttributesW

• 0x4d8d14 SetEvent

• 0x4d8d18 SetErrorMode

• 0x4d8d1c SetEndOfFile

• 0x4d8d20 ResumeThread

• 0x4d8d24 RemoveDirectoryW

• 0x4d8d28 ReleaseMutex

• 0x4d8d2c ReadFile

• 0x4d8d30 OpenProcess

• 0x4d8d34 OpenMutexW

• 0x4d8d38 MulDiv

• 0x4d8d3c MoveFileExW

• 0x4d8d40 MoveFileW

• 0x4d8d44 LockResource

• 0x4d8d48 LocalFileTimeToFileTime

• 0x4d8d4c LoadResource

• 0x4d8d50 LoadLibraryW

• 0x4d8d54 LeaveCriticalSection

• 0x4d8d58 IsDBCSLeadByte

• 0x4d8d5c IsBadWritePtr

• 0x4d8d60 InitializeCriticalSection

• 0x4d8d64 GlobalFindAtomW

• 0x4d8d68 GlobalDeleteAtom

• 0x4d8d6c GlobalAddAtomW

• 0x4d8d70 GetWindowsDirectoryW

• 0x4d8d74 GetVersionExW

• 0x4d8d78 GetUserDefaultLangID

• 0x4d8d7c GetSystemDirectoryW

• 0x4d8d80 GetShortPathNameW

• 0x4d8d84 GetProfileStringW

• 0x4d8d88 GetPrivateProfileStringW

• 0x4d8d8c GetOverlappedResult

• 0x4d8d90 GetLogicalDrives

• 0x4d8d94 GetLocalTime

• 0x4d8d98 GetFullPathNameW

• 0x4d8d9c GetFileSize

• 0x4d8da0 GetFileAttributesW

• 0x4d8da4 GetExitCodeThread

• 0x4d8da8 GetExitCodeProcess

• 0x4d8dac GetEnvironmentVariableW

• 0x4d8db0 GetDriveTypeW

• 0x4d8db4 GetDiskFreeSpaceW

• 0x4d8db8 GetDateFormatW

• 0x4d8dbc GetCurrentThread

• 0x4d8dc0 GetComputerNameW

• 0x4d8dc4 GetCPInfo

• 0x4d8dc8 FreeResource

• 0x4d8dcc InterlockedIncrement

• 0x4d8dd0 InterlockedExchangeAdd

• 0x4d8dd4 InterlockedDecrement

• 0x4d8dd8 FlushFileBuffers

• 0x4d8ddc FindResourceW

• 0x4d8de0 FindNextFileW

• 0x4d8de4 FileTimeToSystemTime

• 0x4d8de8 FileTimeToLocalFileTime

• 0x4d8dec EnumCalendarInfoW

• 0x4d8df0 EnterCriticalSection

• 0x4d8df4 DeviceIoControl

• 0x4d8df8 DeleteFileW

• 0x4d8dfc DeleteCriticalSection

• 0x4d8e00 CreateNamedPipeW

• 0x4d8e04 CreateMutexW

• 0x4d8e08 CreateFileW

• 0x4d8e0c CreateEventW

• 0x4d8e10 CreateDirectoryW

• 0x4d8e14 CopyFileW

• 0x4d8e18 CompareFileTime

Library USER32.dll:

• 0x4d8e20 AnyPopup

• 0x4d8e24 CloseClipboard

• 0x4d8e28 LoadIconW

• 0x4d8e2c GetAsyncKeyState

• 0x4d8e30 MessageBoxW

• 0x4d8e34 DialogBoxParamW

• 0x4d8e38 DlgDirListW

• 0x4d8e3c DdeDisconnectList

• 0x4d8e40 EnableMenuItem

• 0x4d8e44 GetUpdateRect

• 0x4d8e48 SetScrollRange

• 0x4d8e4c GetKeyboardType

• 0x4d8e50 LoadStringW

• 0x4d8e54 MessageBoxA

• 0x4d8e58 CharNextW

• 0x4d8e5c CreateWindowExW

• 0x4d8e60 WindowFromPoint

• 0x4d8e64 WaitMessage

• 0x4d8e68 WaitForInputIdle

• 0x4d8e6c UpdateWindow

• 0x4d8e70 UnregisterClassW

• 0x4d8e74 UnhookWindowsHookEx

• 0x4d8e78 TranslateMessage

• 0x4d8e7c TranslateMDISysAccel

• 0x4d8e80 TrackPopupMenu

• 0x4d8e84 SystemParametersInfoW

• 0x4d8e88 ShowWindow

• 0x4d8e8c ShowScrollBar

• 0x4d8e90 ShowOwnedPopups

• 0x4d8e94 SetWindowsHookExW

• 0x4d8e98 SetWindowTextW

• 0x4d8e9c SetWindowPos

• 0x4d8ea0 SetWindowPlacement

• 0x4d8ea4 SetWindowLongW

• 0x4d8ea8 SetTimer

• 0x4d8eac SetScrollPos

• 0x4d8eb0 SetScrollInfo

• 0x4d8eb4 SetRectEmpty

• 0x4d8eb8 SetRect

• 0x4d8ebc SetPropW

• 0x4d8ec0 SetParent

• 0x4d8ec4 SetMenuItemInfoW

• 0x4d8ec8 SetMenu

• 0x4d8ecc SetForegroundWindow

• 0x4d8ed0 SetFocus

• 0x4d8ed4 SetCursor

• 0x4d8ed8 SetClassLongW

• 0x4d8edc SetCapture

• 0x4d8ee0 SetActiveWindow

• 0x4d8ee4 SendNotifyMessageW

• 0x4d8ee8 SendMessageTimeoutW

• 0x4d8eec SendMessageA

• 0x4d8ef0 SendMessageW

• 0x4d8ef4 ScrollWindowEx

• 0x4d8ef8 ScrollWindow

• 0x4d8efc ScreenToClient

• 0x4d8f00 ReplyMessage

• 0x4d8f04 RemovePropW

• 0x4d8f08 RemoveMenu

• 0x4d8f0c ReleaseDC

• 0x4d8f10 ReleaseCapture

• 0x4d8f14 RegisterWindowMessageW

• 0x4d8f18 RegisterClipboardFormatW

• 0x4d8f1c RegisterClassW

• 0x4d8f20 RedrawWindow

• 0x4d8f24 PtInRect

• 0x4d8f28 PostQuitMessage

• 0x4d8f2c PostMessageW

• 0x4d8f30 PeekMessageA

• 0x4d8f34 PeekMessageW

• 0x4d8f38 OffsetRect

• 0x4d8f3c OemToCharBuffA

• 0x4d8f40 MsgWaitForMultipleObjectsEx

• 0x4d8f44 MsgWaitForMultipleObjects

• 0x4d8f48 MessageBeep

• 0x4d8f4c MapWindowPoints

• 0x4d8f50 MapVirtualKeyW

• 0x4d8f54 LoadKeyboardLayoutW

• 0x4d8f58 LoadCursorW

• 0x4d8f5c LoadBitmapW

• 0x4d8f60 KillTimer

• 0x4d8f64 IsZoomed

• 0x4d8f68 IsWindowVisible

• 0x4d8f6c IsWindowUnicode

• 0x4d8f70 IsWindowEnabled

• 0x4d8f74 IsWindow

• 0x4d8f78 IsRectEmpty

• 0x4d8f7c IsIconic

• 0x4d8f80 IsDialogMessageA

• 0x4d8f84 IsDialogMessageW

• 0x4d8f88 IsChild

• 0x4d8f8c InvalidateRect

• 0x4d8f90 IntersectRect

• 0x4d8f94 InsertMenuItemW

• 0x4d8f98 InsertMenuW

• 0x4d8f9c InflateRect

• 0x4d8fa0 GetWindowThreadProcessId

• 0x4d8fa4 GetWindowTextW

• 0x4d8fa8 GetWindowRect

• 0x4d8fac GetWindowPlacement

• 0x4d8fb0 GetWindowLongW

• 0x4d8fb4 GetWindowDC

• 0x4d8fb8 GetTopWindow

• 0x4d8fbc GetSystemMetrics

• 0x4d8fc0 GetSystemMenu

• 0x4d8fc4 GetSysColorBrush

• 0x4d8fc8 GetSysColor

• 0x4d8fcc GetSubMenu

• 0x4d8fd0 GetScrollRange

• 0x4d8fd4 GetScrollPos

• 0x4d8fd8 GetScrollInfo

• 0x4d8fdc GetPropW

• 0x4d8fe0 GetParent

• 0x4d8fe4 GetWindow

• 0x4d8fe8 GetMessagePos

• 0x4d8fec GetMessageW

• 0x4d8ff0 GetMenuStringW

• 0x4d8ff4 GetMenuState

• 0x4d8ff8 GetMenuItemInfoW

• 0x4d8ffc GetMenuItemID

• 0x4d9000 GetMenuItemCount

• 0x4d9004 GetMenu

• 0x4d9008 GetLastActivePopup

• 0x4d900c GetKeyboardState

• 0x4d9010 GetKeyboardLayoutNameW

• 0x4d9014 GetKeyboardLayoutList

• 0x4d9018 GetKeyboardLayout

• 0x4d901c GetKeyState

• 0x4d9020 GetKeyNameTextW

• 0x4d9024 GetIconInfo

• 0x4d9028 GetForegroundWindow

• 0x4d902c GetFocus

• 0x4d9030 GetDesktopWindow

• 0x4d9034 GetDCEx

• 0x4d9038 GetDC

• 0x4d903c GetCursorPos

• 0x4d9040 GetCursor

• 0x4d9044 GetClientRect

• 0x4d9048 GetClassLongW

• 0x4d904c GetClassInfoW

• 0x4d9050 GetCapture

• 0x4d9054 GetActiveWindow

• 0x4d9058 FrameRect

• 0x4d905c FindWindowExW

• 0x4d9060 FindWindowW

• 0x4d9064 FillRect

• 0x4d9068 ExitWindowsEx

• 0x4d906c EnumWindows

• 0x4d9070 EnumThreadWindows

• 0x4d9074 EnumChildWindows

• 0x4d9078 EndPaint

• 0x4d907c EnableWindow

• 0x4d9080 EnableScrollBar

• 0x4d9084 DrawTextExW

• 0x4d9088 DrawTextW

• 0x4d908c DrawMenuBar

• 0x4d9090 DrawIconEx

• 0x4d9094 DrawIcon

• 0x4d9098 DrawFrameControl

• 0x4d909c DrawFocusRect

• 0x4d90a0 DrawEdge

• 0x4d90a4 DispatchMessageA

• 0x4d90a8 DispatchMessageW

• 0x4d90ac DestroyWindow

• 0x4d90b0 DestroyMenu

• 0x4d90b4 DestroyIcon

• 0x4d90b8 DestroyCursor

• 0x4d90bc DeleteMenu

• 0x4d90c0 DefWindowProcW

• 0x4d90c4 DefMDIChildProcW

• 0x4d90c8 DefFrameProcW

• 0x4d90cc CreatePopupMenu

• 0x4d90d0 CreateMenu

• 0x4d90d4 CreateIcon

• 0x4d90d8 ClientToScreen

• 0x4d90dc CheckMenuItem

• 0x4d90e0 CharUpperBuffW

• 0x4d90e4 CharLowerBuffW

• 0x4d90e8 CharLowerW

• 0x4d90ec CallWindowProcW

• 0x4d90f0 CallNextHookEx

• 0x4d90f4 BringWindowToTop

• 0x4d90f8 BeginPaint

• 0x4d90fc AppendMenuW

• 0x4d9100 CharToOemBuffA

• 0x4d9104 AdjustWindowRectEx

• 0x4d9108 ActivateKeyboardLayout

Library GDI32.dll:

• 0x4d9110 GetFontLanguageInfo

• 0x4d9114 UpdateColors

• 0x4d9118 GetTextColor

• 0x4d911c GetObjectType

• 0x4d9120 GetLayout

• 0x4d9124 UnrealizeObject

• 0x4d9128 GetMapMode

• 0x4d912c GetPixelFormat

• 0x4d9130 GetPolyFillMode

• 0x4d9134 RealizePalette

• 0x4d9138 GetSystemPaletteUse

• 0x4d913c SwapBuffers

• 0x4d9140 SetMetaRgn

• 0x4d9144 GetTextCharacterExtra

• 0x4d9148 GetTextAlign

• 0x4d914c GetDCPenColor

• 0x4d9150 GetTextCharset

• 0x4d9154 GetEnhMetaFileA

• 0x4d9158 GetStretchBltMode

• 0x4d915c WidenPath

• 0x4d9160 GetROP2

• 0x4d9164 GetStockObject

• 0x4d9168 StrokePath

• 0x4d916c GetEnhMetaFileW

• 0x4d9170 SaveDC

• 0x4d9174 GetGraphicsMode

• 0x4d9178 PathToRegion

• 0x4d917c CreateDIBPatternBrushPt

• 0x4d9180 GdiEntry5

• 0x4d9184 CreateBrushIndirect

• 0x4d9188 XLATEOBJ_piVector

• 0x4d918c GetGlyphOutlineWow

• 0x4d9190 GdiConsoleTextOut

• 0x4d9194 GdiEntry14

• 0x4d9198 ExtEscape

• 0x4d919c GdiConvertMetaFilePict

• 0x4d91a0 GetPath

• 0x4d91a4 EudcLoadLinkW

• 0x4d91a8 GdiConvertToDevmodeW

• 0x4d91ac UpdateICMRegKeyW

• 0x4d91b0 GdiPlayScript

• 0x4d91b4 SetTextAlign

• 0x4d91b8 GetTextExtentExPointW

• 0x4d91bc LPtoDP

• 0x4d91c0 GetRasterizerCaps

• 0x4d91c4 EngQueryEMFInfo

• 0x4d91c8 GdiAddGlsRecord

• 0x4d91cc EngAlphaBlend

• 0x4d91d0 MoveToEx

• 0x4d91d4 RestoreDC

• 0x4d91d8 GetNearestColor

• 0x4d91dc GdiFlush

• 0x4d91e0 ScaleWindowExtEx

• 0x4d91e4 CLIPOBJ_bEnum

• 0x4d91e8 GdiEntry15

• 0x4d91ec GdiSwapBuffers

• 0x4d91f0 GdiIsMetaPrintDC

• 0x4d91f4 EngCreateBitmap

• 0x4d91f8 GetCharWidthFloatA

• 0x4d91fc BRUSHOBJ_pvGetRbrush

• 0x4d9200 SelectPalette

• 0x4d9204 EngWideCharToMultiByte

• 0x4d9208 EndPage

• 0x4d920c StretchBlt

• 0x4d9210 SetWindowOrgEx

• 0x4d9214 SetViewportOrgEx

• 0x4d9218 SetTextColor

• 0x4d921c SetStretchBltMode

• 0x4d9220 SetROP2

• 0x4d9224 SetPixel

• 0x4d9228 SetDIBColorTable

• 0x4d922c SetBrushOrgEx

• 0x4d9230 SetBkMode

• 0x4d9234 SetBkColor

• 0x4d9238 SelectObject

• 0x4d923c RoundRect

• 0x4d9240 RemoveFontResourceW

• 0x4d9244 Rectangle

• 0x4d9248 RectVisible

• 0x4d924c Polyline

• 0x4d9250 Pie

• 0x4d9254 PatBlt

• 0x4d9258 MaskBlt

• 0x4d925c LineTo

• 0x4d9260 LineDDA

• 0x4d9264 IntersectClipRect

• 0x4d9268 GetWindowOrgEx

• 0x4d926c GetTextMetricsW

• 0x4d9270 GetTextExtentPointW

• 0x4d9274 GetTextExtentPoint32W

• 0x4d9278 GetSystemPaletteEntries

• 0x4d927c GetRgnBox

• 0x4d9280 GetPixel

• 0x4d9284 GetPaletteEntries

• 0x4d9288 GetObjectW

• 0x4d928c GetDeviceCaps

• 0x4d9290 GetDIBits

• 0x4d9294 GetDIBColorTable

• 0x4d9298 GetDCOrgEx

• 0x4d929c GetCurrentPositionEx

• 0x4d92a0 GetClipBox

• 0x4d92a4 GetBrushOrgEx

• 0x4d92a8 GetBitmapBits

• 0x4d92ac FrameRgn

• 0x4d92b0 ExtTextOutW

• 0x4d92b4 ExtFloodFill

• 0x4d92b8 ExcludeClipRect

• 0x4d92bc EnumFontsW

• 0x4d92c0 Ellipse

• 0x4d92c4 DeleteObject

• 0x4d92c8 DeleteDC

• 0x4d92cc CreateSolidBrush

• 0x4d92d0 CreateRectRgn

• 0x4d92d4 CreatePenIndirect

• 0x4d92d8 CreatePalette

• 0x4d92dc CreateHalftonePalette

• 0x4d92e0 CreateFontIndirectW

• 0x4d92e4 CreateDIBitmap

• 0x4d92e8 CreateDIBSection

• 0x4d92ec CreateCompatibleDC

• 0x4d92f0 CreateCompatibleBitmap

• 0x4d92f4 CreateBitmap

• 0x4d92f8 Chord

• 0x4d92fc BitBlt

• 0x4d9300 Arc

• 0x4d9304 AddFontResourceW

Library COMDLG32.dll:

• 0x4d930c GetSaveFileNameW

• 0x4d9310 GetOpenFileNameW

Library ADVAPI32.dll:

• 0x4d9318 RegOpenKeyW

• 0x4d931c RegQueryValueExA

• 0x4d9320 RegQueryValueExW

• 0x4d9324 RegOpenKeyExW

• 0x4d9328 RegCloseKey

• 0x4d932c SetSecurityDescriptorDacl

• 0x4d9330 RegSetValueExW

• 0x4d9334 RegQueryInfoKeyW

• 0x4d9338 RegFlushKey

• 0x4d933c RegEnumValueW

• 0x4d9340 RegEnumKeyExW

• 0x4d9344 RegDeleteValueW

• 0x4d9348 RegDeleteKeyW

• 0x4d934c RegCreateKeyExW

• 0x4d9350 OpenThreadToken

• 0x4d9354 OpenProcessToken

• 0x4d9358 LookupPrivilegeValueW

• 0x4d935c InitializeSecurityDescriptor

• 0x4d9360 GetUserNameW

• 0x4d9364 GetTokenInformation

• 0x4d9368 FreeSid

• 0x4d936c EqualSid

• 0x4d9370 AllocateAndInitializeSid

• 0x4d9374 AdjustTokenPrivileges

Library SHELL32.dll:

• 0x4d937c CommandLineToArgvW

• 0x4d9380 ShellExecuteExW

• 0x4d9384 ShellExecuteW

• 0x4d9388 SHGetFileInfoW

• 0x4d938c ExtractIconW

• 0x4d9390 SHGetPathFromIDListW

• 0x4d9394 SHGetMalloc

• 0x4d9398 SHChangeNotify

• 0x4d939c SHBrowseForFolderW

Library ole32.dll:

• 0x4d93a4 OleUninitialize

• 0x4d93a8 OleInitialize

• 0x4d93ac CoTaskMemFree

• 0x4d93b0 CLSIDFromProgID

• 0x4d93b4 CLSIDFromString

• 0x4d93b8 StringFromCLSID

• 0x4d93bc CoCreateInstance

• 0x4d93c0 CoFreeUnusedLibraries

• 0x4d93c4 CoUninitialize

• 0x4d93c8 CoInitialize

• 0x4d93cc IsEqualGUID

• 0x4d93d0 CoDisconnectObject

Hosts

No hosts contacted.

DNS

Name	Response	Post-Analysis Lookup
telete.in	A 64.13.192.76	66.220.151.20
dns.msftncsi.com	A 131.107.255.255	131.107.255.255
dns.msftncsi.com	AAAA fd3e:4f5a:5b81::1	131.107.255.255
teredo.ipv6.microsoft.com		127.0.0.1

TCP

Source	Source Port	Destination	Destination Port
104.16.236.79	443	192.168.56.101	49226
104.16.236.79	443	192.168.56.101	49230
104.18.87.101	443	192.168.56.101	49231

UDP

Source	Source Port	Destination	Destination Port
192.168.56.101	49235	114.114.114.114	53
192.168.56.101	50534	114.114.114.114	53
192.168.56.101	56539	114.114.114.114	53
192.168.56.101	58367	114.114.114.114	53
192.168.56.101	65004	114.114.114.114	53
192.168.56.101	137	192.168.56.255	137
192.168.56.101	138	192.168.56.255	138
192.168.56.101	55368	224.0.0.252	5355
192.168.56.101	56804	224.0.0.252	5355
192.168.56.101	60123	224.0.0.252	5355
192.168.56.101	62191	224.0.0.252	5355
192.168.56.101	1900	239.255.255.250	1900
192.168.56.101	50535	239.255.255.250	3702
192.168.56.101	50537	239.255.255.250	3702
192.168.56.101	56540	239.255.255.250	3702
192.168.56.101	56807	239.255.255.250	1900
192.168.56.101	58707	239.255.255.250	3702

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.

Sorry! No dropped buffers.