SmartHawk

4.2

中危

19 个模型检测该样本为恶意！

重新分析

下载样本

6b23a8bcb9c5795e9e7f3a05eeea773f18d9734f22e798d1173f7cdf397334d9

8dbefc01aa118ad6f2dd17269a4722ca.exe

分析耗时

83s

最近分析

文件大小

2.0MB

静态报毒动态报毒 APPLICUNWNT@#1B45JFN2FJPWF ARTEMIS BSCOPE FDJR FRAUDROP GEN1 GENCIRC GENERIC PUA AO HAO123 MALICIOUS SECURITYRISK SIGGEN6 SNOJAN UNSAFE 更多

未检测暂无鹰眼引擎检测结果

查杀引擎	查杀结果	查杀时间	查杀版本
McAfee	Artemis!8DBEFC01AA11	20200804	6.0.6.653
Alibaba	Downloader:Win32/Snojan.807f22ca	20190527	0.3.0.5
Baidu		20190318	1.0.0.2
Kingsoft		20200804	2013.8.14.323
Tencent	Malware.Win32.Gencirc.10bb801e	20200804	1.0.0.1
CrowdStrike		20190702	1.0

This executable is signed

The executable uses a known packer (1 个事件)

packer

Armadillo v1.71

The file contains an unknown PE resource name possibly indicative of a packer (3 个事件)

resource name	BIN
resource name	BINARY
resource name	SKIN

Foreign language identified in PE resource (31 个事件)

name

BIN

language

LANG_CHINESE

offset

0x0003b6a8

filetype

7-zip archive data, version 0.2

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x001b26e6

name

BINARY

language

LANG_CHINESE

offset

0x00038f18

filetype

ASCII text, with CRLF line terminators

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x0000249c

name

SKIN

language

LANG_CHINESE

offset

0x00034aa0

filetype

PNG image data, 210 x 210, 8-bit colormap, non-interlaced

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x0000079d

name

SKIN

language

LANG_CHINESE

offset

0x00034aa0

filetype

PNG image data, 210 x 210, 8-bit colormap, non-interlaced

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x0000079d

name

SKIN

language

LANG_CHINESE

offset

0x00034aa0

filetype

PNG image data, 210 x 210, 8-bit colormap, non-interlaced

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x0000079d

name

SKIN

language

LANG_CHINESE

offset

0x00034aa0

filetype

PNG image data, 210 x 210, 8-bit colormap, non-interlaced

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x0000079d

name

SKIN

language

LANG_CHINESE

offset

0x00034aa0

filetype

PNG image data, 210 x 210, 8-bit colormap, non-interlaced

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x0000079d

name

SKIN

language

LANG_CHINESE

offset

0x00034aa0

filetype

PNG image data, 210 x 210, 8-bit colormap, non-interlaced

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x0000079d

name

SKIN

language

LANG_CHINESE

offset

0x00034aa0

filetype

PNG image data, 210 x 210, 8-bit colormap, non-interlaced

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x0000079d

name

SKIN

language

LANG_CHINESE

offset

0x00034aa0

filetype

PNG image data, 210 x 210, 8-bit colormap, non-interlaced

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x0000079d

name

SKIN

language

LANG_CHINESE

offset

0x00034aa0

filetype

PNG image data, 210 x 210, 8-bit colormap, non-interlaced

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x0000079d

name

SKIN

language

LANG_CHINESE

offset

0x00034aa0

filetype

PNG image data, 210 x 210, 8-bit colormap, non-interlaced

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x0000079d

name

SKIN

language

LANG_CHINESE

offset

0x00034aa0

filetype

PNG image data, 210 x 210, 8-bit colormap, non-interlaced

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x0000079d

name

SKIN

language

LANG_CHINESE

offset

0x00034aa0

filetype

PNG image data, 210 x 210, 8-bit colormap, non-interlaced

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x0000079d

name

SKIN

language

LANG_CHINESE

offset

0x00034aa0

filetype

PNG image data, 210 x 210, 8-bit colormap, non-interlaced

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x0000079d

name

SKIN

language

LANG_CHINESE

offset

0x00034aa0

filetype

PNG image data, 210 x 210, 8-bit colormap, non-interlaced

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x0000079d

name

SKIN

language

LANG_CHINESE

offset

0x00034aa0

filetype

PNG image data, 210 x 210, 8-bit colormap, non-interlaced

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x0000079d

name

SKIN

language

LANG_CHINESE

offset

0x00034aa0

filetype

PNG image data, 210 x 210, 8-bit colormap, non-interlaced

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x0000079d

name

RT_ICON

language

LANG_CHINESE

offset

0x00033710

filetype

GLS_BINARY_LSB_FIRST

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x00000468

name

RT_ICON

language

LANG_CHINESE

offset

0x00033710

filetype

GLS_BINARY_LSB_FIRST

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x00000468

name

RT_ICON

language

LANG_CHINESE

offset

0x00033710

filetype

GLS_BINARY_LSB_FIRST

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x00000468

name

RT_ICON

language

LANG_CHINESE

offset

0x00033710

filetype

GLS_BINARY_LSB_FIRST

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x00000468

name

RT_ICON

language

LANG_CHINESE

offset

0x00033710

filetype

GLS_BINARY_LSB_FIRST

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x00000468

name

RT_ICON

language

LANG_CHINESE

offset

0x00033710

filetype

GLS_BINARY_LSB_FIRST

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x00000468

name

RT_ICON

language

LANG_CHINESE

offset

0x00033710

filetype

GLS_BINARY_LSB_FIRST

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x00000468

name

RT_DIALOG

language

LANG_CHINESE

offset

0x00038b90

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x00000040

name

RT_STRING

language

LANG_CHINESE

offset

0x001f30a0

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x00000034

name

RT_GROUP_ICON

language

LANG_CHINESE

offset

0x00033b78

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x00000030

name

RT_GROUP_ICON

language

LANG_CHINESE

offset

0x00033b78

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x00000030

name

RT_VERSION

language

LANG_CHINESE

offset

0x0003b3b8

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x000002ec

name

RT_MANIFEST

language

LANG_CHINESE

offset

0x00038bd0

filetype

XML 1.0 document, UTF-8 Unicode (with BOM) text, with CRLF line terminators

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x00000348

Creates executable files on the filesystem (2 个事件)

file	C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\{93FDEEF8-2687-4D74-944D-B14DECBA1646}\Installer\npJuziPlugin.dll
file	C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\{93FDEEF8-2687-4D74-944D-B14DECBA1646}\hao123Juzi.exe

Drops an executable to the user AppData folder (2 个事件)

file	C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\{93FDEEF8-2687-4D74-944D-B14DECBA1646}\hao123Juzi.exe
file	C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\{93FDEEF8-2687-4D74-944D-B14DECBA1646}\Installer\npJuziPlugin.dll

The binary likely contains encrypted or compressed data indicative of a packer (2 个事件)

entropy

7.989869786737223

section

{'size_of_data': '0x001cc000', 'virtual_address': '0x00028000', 'entropy': 7.989869786737223, 'name': '.rsrc', 'virtual_size': '0x001cb0d8'}

description

A section with a high entropy has been found

entropy

0.9255533199195171

description

Overall entropy of this PE file is high

Communicates with host for which no DNS query was performed (1 个事件)

host

172.217.24.14

File has been identified by 19 AntiVirus engines on VirusTotal as malicious (19 个事件)

FireEye	Generic.mg.8dbefc01aa118ad6
McAfee	Artemis!8DBEFC01AA11
Cylance	Unsafe
Zillya	Dropper.FrauDrop.Win32.35455
Alibaba	Downloader:Win32/Snojan.807f22ca
Symantec	SecurityRisk.gen1
APEX	Malicious
Kaspersky	not-a-virus:Downloader.Win32.Snojan.fdjr
TACHYON	Trojan/W32.Inject.2048920
Comodo	ApplicUnwnt@#1b45jfn2fjpwf
DrWeb	Trojan.Siggen6.28139
Sophos	Generic PUA AO (PUA)
Jiangmin	Downloader.Snojan.bjl
ZoneAlarm	not-a-virus:Downloader.Win32.Snojan.fdjr
VBA32	BScope.Downloader.Snojan
Malwarebytes	PUP.Optional.Hao123
ESET-NOD32	a variant of Win32/Hao123.H potentially unwanted
Tencent	Malware.Win32.Gencirc.10bb801e
AVG	Win32:Malware-gen

Generates some ICMP traffic

暂无二进制图像该样本未生成二进制可视化图像

暂无运行截图该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手，可以帮您分析和解读恶意软件报告。请随时向我提问！

🔍 主要威胁分析

⚡ 行为特征

🛡️ 防护建议

🔧 技术手段

🎯 检测方法

🤖

Static Analysis
Strings

PE Compile Time

2014-09-22 17:11:22

Imports

Library KERNEL32.dll:

• 0x41e098 ReadFile

• 0x41e09c SetFilePointer

• 0x41e0a0 SetFileTime

• 0x41e0a4 InterlockedDecrement

• 0x41e0a8 SetErrorMode

• 0x41e0ac GetCurrentThreadId

• 0x41e0b0 InitializeCriticalSection

• 0x41e0b4 HeapDestroy

• 0x41e0b8 DeleteCriticalSection

• 0x41e0bc LeaveCriticalSection

• 0x41e0c0 EnterCriticalSection

• 0x41e0c4 CreateMutexW

• 0x41e0c8 GetLongPathNameW

• 0x41e0cc FlushInstructionCache

• 0x41e0d0 GetComputerNameExW

• 0x41e0d4 GetSystemInfo

• 0x41e0d8 ResumeThread

• 0x41e0dc OpenThread

• 0x41e0e0 GetDiskFreeSpaceExW

• 0x41e0e4 InterlockedIncrement

• 0x41e0e8 GetWindowsDirectoryW

• 0x41e0ec FreeLibrary

• 0x41e0f0 GetModuleHandleA

• 0x41e0f4 GetModuleHandleW

• 0x41e0f8 GetCurrentProcessId

• 0x41e0fc CreateEventW

• 0x41e100 CreateThread

• 0x41e104 SetEvent

• 0x41e108 LoadLibraryW

• 0x41e10c GetProcAddress

• 0x41e110 MultiByteToWideChar

• 0x41e114 GetVersionExW

• 0x41e118 WideCharToMultiByte

• 0x41e11c GetModuleFileNameW

• 0x41e120 GetCurrentProcess

• 0x41e124 FindResourceW

• 0x41e128 LoadResource

• 0x41e12c LockResource

• 0x41e130 SizeofResource

• 0x41e134 WriteFile

• 0x41e138 FreeResource

• 0x41e13c LocalFree

• 0x41e140 TerminateProcess

• 0x41e144 WaitForMultipleObjects

• 0x41e148 OpenProcess

• 0x41e14c CreateProcessW

• 0x41e150 WaitForSingleObject

• 0x41e154 GetTempPathW

• 0x41e158 GetTempFileNameW

• 0x41e15c MoveFileExW

• 0x41e160 CopyFileW

• 0x41e164 MoveFileW

• 0x41e168 FindFirstFileW

• 0x41e16c FindNextFileW

• 0x41e170 FindClose

• 0x41e174 SetFileAttributesW

• 0x41e178 RemoveDirectoryW

• 0x41e17c GetTickCount

• 0x41e180 CreateFileW

• 0x41e184 CloseHandle

• 0x41e188 DeleteFileW

• 0x41e18c CreateDirectoryW

• 0x41e190 GetLastError

• 0x41e194 lstrcpynW

• 0x41e198 lstrlenW

• 0x41e19c GetCommandLineW

• 0x41e1a0 GetStartupInfoA

Library USER32.dll:

• 0x41e378 GetPropW

• 0x41e37c GetCapture

• 0x41e380 SetCursor

• 0x41e384 ScreenToClient

• 0x41e388 GetCursorPos

• 0x41e38c DestroyIcon

• 0x41e390 SetPropW

• 0x41e394 DrawIconEx

• 0x41e398 GetWindowTextW

• 0x41e39c GetFocus

• 0x41e3a0 IsWindowVisible

• 0x41e3a4 GetKeyState

• 0x41e3a8 GetAncestor

• 0x41e3ac SetRectEmpty

• 0x41e3b0 CopyRect

• 0x41e3b4 PtInRect

• 0x41e3b8 SetCapture

• 0x41e3bc IsRectEmpty

• 0x41e3c0 ReleaseCapture

• 0x41e3c4 GetActiveWindow

• 0x41e3c8 EndPaint

• 0x41e3cc BeginPaint

• 0x41e3d0 SetFocus

• 0x41e3d4 SetWindowPos

• 0x41e3d8 GetMonitorInfoW

• 0x41e3dc MonitorFromRect

• 0x41e3e0 GetWindowRect

• 0x41e3e4 SetForegroundWindow

• 0x41e3e8 IsWindow

• 0x41e3ec GetWindow

• 0x41e3f0 ReleaseDC

• 0x41e3f4 GetDC

• 0x41e3f8 SetWindowRgn

• 0x41e3fc OffsetRect

• 0x41e400 GetClientRect

• 0x41e404 SendMessageW

• 0x41e408 LoadIconW

• 0x41e40c SetWindowTextW

• 0x41e410 EndDialog

• 0x41e414 SetRect

• 0x41e418 SetWindowLongW

• 0x41e41c MapWindowPoints

• 0x41e420 SystemParametersInfoW

• 0x41e424 GetParent

• 0x41e428 GetWindowLongW

• 0x41e42c ShowWindow

• 0x41e430 DestroyWindow

• 0x41e434 MessageBoxW

• 0x41e438 GetDesktopWindow

• 0x41e43c DialogBoxParamW

• 0x41e440 GetSystemMetrics

• 0x41e444 LoadStringW

• 0x41e448 DispatchMessageW

• 0x41e44c TranslateMessage

• 0x41e450 GetMessageW

• 0x41e454 PeekMessageW

• 0x41e458 PostMessageW

• 0x41e45c PostThreadMessageW

• 0x41e460 SendMessageTimeoutW

• 0x41e464 DefWindowProcW

• 0x41e468 CallWindowProcW

• 0x41e46c CreateWindowExW

• 0x41e470 RegisterClassExW

• 0x41e474 wsprintfW

• 0x41e478 LoadCursorW

• 0x41e47c GetClassInfoExW

• 0x41e480 DrawTextW

• 0x41e484 UpdateLayeredWindow

• 0x41e488 SetTimer

• 0x41e48c KillTimer

• 0x41e490 GetForegroundWindow

• 0x41e494 IsZoomed

• 0x41e498 IsIconic

• 0x41e49c CharLowerW

• 0x41e4a0 GetDoubleClickTime

Library GDI32.dll:

• 0x41e038 CreateDIBSection

• 0x41e03c LineTo

• 0x41e040 CreateFontIndirectW

• 0x41e044 CreatePen

• 0x41e048 GetTextMetricsW

• 0x41e04c CreatePatternBrush

• 0x41e050 SetTextColor

• 0x41e054 GetObjectW

• 0x41e058 GetClipRgn

• 0x41e05c SetBkMode

• 0x41e060 GetRgnBox

• 0x41e064 SelectClipRgn

• 0x41e068 OffsetRgn

• 0x41e06c CreateCompatibleDC

• 0x41e070 CreateCompatibleBitmap

• 0x41e074 SelectObject

• 0x41e078 BitBlt

• 0x41e07c DeleteDC

• 0x41e080 CreateRoundRectRgn

• 0x41e084 CreateRectRgn

• 0x41e088 CombineRgn

• 0x41e08c MoveToEx

• 0x41e090 DeleteObject

Library ADVAPI32.dll:

• 0x41e000 CryptGetHashParam

• 0x41e004 OpenProcessToken

• 0x41e008 RegOpenKeyExW

• 0x41e00c RegQueryValueExW

• 0x41e010 RegCloseKey

• 0x41e014 CryptDestroyHash

• 0x41e018 CryptHashData

• 0x41e01c CryptAcquireContextW

• 0x41e020 CryptCreateHash

• 0x41e024 CryptReleaseContext

• 0x41e028 GetTokenInformation

Library SHELL32.dll:

• 0x41e318 SHGetSpecialFolderPathW

• 0x41e31c

• 0x41e320 ShellExecuteW

• 0x41e324 SHGetPathFromIDListW

• 0x41e328 SHBrowseForFolderW

• 0x41e32c CommandLineToArgvW

Library ole32.dll:

• 0x41e544 CoCreateGuid

• 0x41e548 StringFromIID

• 0x41e54c CoInitializeEx

• 0x41e550 CoInitializeSecurity

• 0x41e554 CoSetProxyBlanket

• 0x41e558 CoTaskMemFree

• 0x41e55c CoCreateInstance

• 0x41e560 CoInitialize

• 0x41e564 StringFromGUID2

Library OLEAUT32.dll:

• 0x41e2f4 SysFreeString

• 0x41e2f8 SysAllocString

• 0x41e2fc SysAllocStringLen

• 0x41e300 VariantClear

Library SHLWAPI.dll:

• 0x41e334 PathAppendW

• 0x41e338 PathCombineW

• 0x41e33c PathIsDirectoryW

• 0x41e340 PathRemoveFileSpecW

• 0x41e344 PathFindFileNameW

• 0x41e348 PathMatchSpecW

• 0x41e34c SHSetValueW

• 0x41e350 SHGetValueW

• 0x41e354 SHDeleteKeyW

• 0x41e358 SHDeleteValueW

• 0x41e35c StrStrIW

• 0x41e360 SHGetValueA

• 0x41e364 PathAddBackslashW

• 0x41e368 PathRemoveBackslashW

• 0x41e36c PathIsDirectoryEmptyW

• 0x41e370 PathFileExistsW

Library VERSION.dll:

• 0x41e4a8 VerQueryValueW

• 0x41e4ac GetFileVersionInfoSizeW

• 0x41e4b0 GetFileVersionInfoW

Library urlmon.dll:

• 0x41e56c ObtainUserAgentString

Library PSAPI.DLL:

• 0x41e308 EnumProcessModules

• 0x41e30c EnumProcesses

• 0x41e310 GetModuleFileNameExW

Library WININET.dll:

• 0x41e4b8 InternetOpenA

• 0x41e4bc InternetConnectW

• 0x41e4c0 HttpOpenRequestW

• 0x41e4c4 InternetSetOptionW

• 0x41e4c8 HttpQueryInfoW

• 0x41e4cc InternetReadFile

• 0x41e4d0 InternetCloseHandle

• 0x41e4d4 InternetQueryOptionW

• 0x41e4d8 InternetCrackUrlW

• 0x41e4dc HttpSendRequestW

Library MSVCP60.dll:

• 0x41e1a8 ?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z

• 0x41e1ac ?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB

• 0x41e1b0 ?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z

• 0x41e1b4 ?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z

• 0x41e1b8 ?assign@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@ABV12@II@Z

• 0x41e1bc ?npos@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@2IB

• 0x41e1c0 ?_C@?1??_Nullstr@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@CAPBGXZ@4GB

• 0x41e1c4 ?assign@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@PBG0@Z

• 0x41e1c8 ?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB

• 0x41e1cc ?append@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@PBGI@Z

• 0x41e1d0 ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ

• 0x41e1d4 ?append@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@ABV12@II@Z

• 0x41e1d8 ?_Freeze@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@AAEXXZ

• 0x41e1dc ??0logic_error@std@@QAE@ABV01@@Z

• 0x41e1e0 ??0out_of_range@std@@QAE@ABV01@@Z

• 0x41e1e4 ??1out_of_range@std@@UAE@XZ

• 0x41e1e8 ??_7out_of_range@std@@6B@

• 0x41e1ec ??0logic_error@std@@QAE@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@1@@Z

• 0x41e1f0 ??1_Lockit@std@@QAE@XZ

• 0x41e1f4 ??0_Lockit@std@@QAE@XZ

• 0x41e1f8 ?_Tidy@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@AAEX_N@Z

• 0x41e1fc ?assign@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@PBGI@Z

• 0x41e200 ?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z

• 0x41e204 ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ

Library COMCTL32.dll:

• 0x41e030 _TrackMouseEvent

Library MSVCRT.dll:

• 0x41e20c _strnicmp

• 0x41e210 _snprintf

• 0x41e214 _except_handler3

• 0x41e218 abs

• 0x41e21c memcpy

• 0x41e220 free

• 0x41e224 malloc

• 0x41e228 isalnum

• 0x41e22c sprintf

• 0x41e230 strcpy

• 0x41e234 towlower

• 0x41e238 wcspbrk

• 0x41e23c strlen

• 0x41e240 wcsstr

• 0x41e244 _wtol

• 0x41e248 __CxxFrameHandler

• 0x41e24c wcslen

• 0x41e250 _wcsicmp

• 0x41e254 _wfopen

• 0x41e258 fseek

• 0x41e25c ftell

• 0x41e260 ??2@YAPAXI@Z

• 0x41e264 memset

• 0x41e268 fread

• 0x41e26c fwrite

• 0x41e270 fclose

• 0x41e274 wcscmp

• 0x41e278 wcschr

• 0x41e27c _wtoi

• 0x41e280 _snwprintf

• 0x41e284 _wcsnicmp

• 0x41e288 wcsrchr

• 0x41e28c time

• 0x41e290 memmove

• 0x41e294 _ftol

• 0x41e298 _purecall

• 0x41e29c _CxxThrowException

• 0x41e2a0 ??0exception@@QAE@ABV0@@Z

• 0x41e2a4 wcscpy

• 0x41e2a8 memcmp

• 0x41e2ac __dllonexit

• 0x41e2b0 _onexit

• 0x41e2b4 ?terminate@@YAXXZ

• 0x41e2b8 _exit

• 0x41e2bc _XcptFilter

• 0x41e2c0 exit

• 0x41e2c4 _acmdln

• 0x41e2c8 __getmainargs

• 0x41e2cc _initterm

• 0x41e2d0 __setusermatherr

• 0x41e2d4 _adjust_fdiv

• 0x41e2d8 __p__commode

• 0x41e2dc __p__fmode

• 0x41e2e0 __set_app_type

• 0x41e2e4 ??1type_info@@UAE@XZ

• 0x41e2e8 _controlfp

• 0x41e2ec wcsncpy

Library WS2_32.dll:

• 0x41e4e4 freeaddrinfo

• 0x41e4e8 getaddrinfo

• 0x41e4ec WSAStartup

• 0x41e4f0 WSACleanup

Library iphlpapi.dll:

• 0x41e53c GetAdaptersInfo

Library gdiplus.dll:

• 0x41e4f8 GdipDrawImageRectRectI

• 0x41e4fc GdipSetInterpolationMode

• 0x41e500 GdipDeleteGraphics

• 0x41e504 GdipLoadImageFromStream

• 0x41e508 GdipGetImageWidth

• 0x41e50c GdipDisposeImageAttributes

• 0x41e510 GdipCreateFromHDC

• 0x41e514 GdipDisposeImage

• 0x41e518 GdipCloneImage

• 0x41e51c GdipGetImageHeight

• 0x41e520 GdipFree

• 0x41e524 GdipAlloc

• 0x41e528 GdiplusShutdown

• 0x41e52c GdiplusStartup

• 0x41e530 GdipSetImageAttributesColorMatrix

• 0x41e534 GdipCreateImageAttributes

Hosts

No hosts contacted.

DNS

Name	Response	Post-Analysis Lookup
time.windows.com	A 20.189.79.72 CNAME time.microsoft.akadns.net
dns.msftncsi.com	AAAA fd3e:4f5a:5b81::1	131.107.255.255
dns.msftncsi.com	A 131.107.255.255	131.107.255.255
s0.hao123img.com	A 125.64.104.49 A 121.12.53.49 A 171.107.85.49 A 218.93.204.49 A 203.56.69.49 CNAME hao123.jomodns.com A 125.74.42.49 A 219.153.113.49 A 125.74.1.49 A 125.74.40.49 A 180.101.38.49	182.201.240.49
s1.hao123img.com	A 125.64.104.49 A 121.12.53.49 A 171.107.85.49 A 218.93.204.49 A 203.56.69.49 CNAME hao123.jomodns.com A 125.74.42.49 A 219.153.113.49 A 125.74.1.49 A 125.74.40.49 A 180.101.38.49	219.153.113.49
hao123.com	A 124.237.176.248 A 39.156.68.154 A 110.242.69.86	110.242.69.86
s2.hao123img.com	A 125.64.104.49 A 121.12.53.49 A 171.107.85.49 A 218.93.204.49 A 203.56.69.49 CNAME hao123.jomodns.com A 125.74.42.49 A 219.153.113.49 A 125.74.1.49 A 125.74.40.49 A 180.101.38.49	125.64.104.49
www.hao123.com	CNAME hao123.n.shifen.com A 220.181.107.181	220.181.107.181
teredo.ipv6.microsoft.com
s3.hao123img.com	A 140.249.32.49 A 124.239.243.49 A 124.236.104.49 A 124.238.241.49 A 171.107.86.49 A 124.225.184.49 CNAME hao123.jomodns.com A 124.236.41.49 A 180.163.198.49 A 123.52.189.49 A 182.140.225.49	171.107.86.49

TCP

No TCP connections recorded.

UDP

Source	Source Port	Destination	Destination Port
192.168.56.101	49713	114.114.114.114	53
192.168.56.101	50002	114.114.114.114	53
192.168.56.101	50568	114.114.114.114	53
192.168.56.101	53237	114.114.114.114	53
192.168.56.101	53380	114.114.114.114	53
192.168.56.101	57756	114.114.114.114	53
192.168.56.101	58367	114.114.114.114	53
192.168.56.101	60384	114.114.114.114	53
192.168.56.101	61680	114.114.114.114	53
192.168.56.101	62318	114.114.114.114	53
192.168.56.101	62912	114.114.114.114	53
192.168.56.101	137	192.168.56.255	137
192.168.56.101	138	192.168.56.255	138
192.168.56.101	123	20.189.79.72 time.windows.com	123
192.168.56.101	49235	224.0.0.252	5355
192.168.56.101	50534	224.0.0.252	5355
192.168.56.101	51963	224.0.0.252	5355
192.168.56.101	53657	224.0.0.252	5355
192.168.56.101	56804	224.0.0.252	5355
192.168.56.101	57874	224.0.0.252	5355

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.

Sorry! No dropped buffers.