SmartHawk

6.6

高危

53 个模型检测该样本为恶意！

重新分析

下载样本

45eccd914d207fc94deac5e18380081fa1c17ec71ed41cb2e73ff3a96bb370b3

8f9fe207e86c84889f8678b39c091879.exe

分析耗时

76s

最近分析

文件大小

484.0KB

静态报毒动态报毒 AI SCORE=82 BANKERX CLOUD DOWNLOADER33 ELDORADO EMOTET ERJA FCVYWS GENCIRC HDOV HIGH CONFIDENCE HKMYYN KRYPTIK MCIYW R002C0DEQ20 UNSAFE VU0QGJL8TYK 更多

未检测暂无鹰眼引擎检测结果

查杀引擎	查杀结果	查杀时间	查杀版本
McAfee	Emotet-FQV!8F9FE207E86C	20200608	6.0.6.653
Alibaba	Trojan:Win32/Emotet.3a36147f	20190527	0.3.0.5
Baidu		20190318	1.0.0.2
Avast	Win32:BankerX-gen [Trj]	20200608	18.4.3895.0
Kingsoft		20200608	2013.8.14.323
Tencent	Malware.Win32.Gencirc.10cdcd62	20200608	1.0.0.1
CrowdStrike		20190702	1.0

Queries for the computername (1 个事件)

Time & API	Arguments	Status	Return	Repeated
1619686156.595719 GetComputerNameA	computer_name: OSKAR-PC	success	1	0

Uses Windows APIs to generate a cryptographic key (3 个事件)

Time & API	Arguments	Status	Return
1619686141.782719 CryptGenKey	crypto_handle: 0x00691588 algorithm_identifier: 0x0000660e () provider_handle: 0x0071cdb0 flags: 1 key: fãÀØ>{ìÀú²a'`	success	1
1619686156.735719 CryptExportKey	crypto_handle: 0x00691588 crypto_export_handle: 0x006914c8 buffer: f¤RLºÀpìÈÈÑ\|dVX;à@+éäîé{(¬¡/7ù#ïÃóà,`6ñ~ÑÃÇOEk(O³{ PPý-9Ig¹éh×'µ¤¦Ç]//³d>f5°H- blob_type: 1 flags: 64	success	1
1619686191.392719 CryptExportKey	crypto_handle: 0x00691588 crypto_export_handle: 0x006914c8 buffer: f¤Ýw`Òôß÷¼ËB¬Á9«äéóøgacEeª}fÚ®kî+®¯uÓÈAØ-yÏ¿L4¦\|+«×20ÔÈ1ö5¤5jàèÅR<×\ blob_type: 1 flags: 64	success	1

The executable uses a known packer (1 个事件)

packer

Armadillo v1.71

The file contains an unknown PE resource name possibly indicative of a packer (1 个事件)

resource name

MIDIFILE

Allocates read-write-execute memory (usually to unpack itself) (1 个事件)

Time & API	Arguments	Status	Return	Repeated
1619686137.251719 NtAllocateVirtualMemory	process_identifier: 1632 region_size: 45056 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 12289 (MEM_COMMIT\|MEM_RESERVE) base_address: 0x00610000	success	0	0

Changes read-write memory protection to read-execute (probably to avoid detection when setting all RWX flags at the same time) (1 个事件)

Time & API	Arguments	Status	Return	Repeated
1619686137.267719 NtProtectVirtualMemory	process_identifier: 1632 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 32768 protection: 32 (PAGE_EXECUTE_READ) process_handle: 0xffffffff base_address: 0x01dc1000	success	0	0

Checks adapter addresses which can be used to detect virtual network interfaces (1 个事件)

Time & API	Arguments	Status	Return	Repeated
1619686157.298719 GetAdaptersAddresses	flags: 0 family: 0	failed	111	0

The binary likely contains encrypted or compressed data indicative of a packer (2 个事件)

entropy

7.103539775631918

section

{'size_of_data': '0x00029000', 'virtual_address': '0x00055000', 'entropy': 7.103539775631918, 'name': '.rsrc', 'virtual_size': '0x00028a30'}

description

A section with a high entropy has been found

entropy

0.3416666666666667

description

Overall entropy of this PE file is high

Expresses interest in specific running processes (1 个事件)

process

8f9fe207e86c84889f8678b39c091879.exe

Reads the systems User Agent and subsequently performs requests (1 个事件)

Time & API	Arguments	Status	Return	Repeated
1619686156.970719 InternetOpenW	proxy_bypass: access_type: 0 proxy_name: flags: 0 user_agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)	success	13369348	0

Communicates with host for which no DNS query was performed (3 个事件)

host	162.154.38.103
host	172.217.24.14
host	95.216.118.202

Sets or modifies WPAD proxy autoconfiguration file for traffic interception (8 个事件)

Time & API	Arguments	Status
1619686159.860719 RegSetValueExA	key_handle: 0x00000510 value: 1 regkey_r: WpadDecisionReason reg_type: 4 (REG_DWORD) regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionReason	success
1619686159.860719 RegSetValueExA	key_handle: 0x00000510 value: `ÔñIí<× regkey_r: WpadDecisionTime reg_type: 3 (REG_BINARY) regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionTime	success
1619686159.860719 RegSetValueExA	key_handle: 0x00000510 value: 3 regkey_r: WpadDecision reg_type: 4 (REG_DWORD) regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecision	success
1619686159.860719 RegSetValueExW	key_handle: 0x00000510 value: 网络 2 regkey_r: WpadNetworkName reg_type: 1 (REG_SZ) regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadNetworkName	success
1619686159.860719 RegSetValueExA	key_handle: 0x00000528 value: 1 regkey_r: WpadDecisionReason reg_type: 4 (REG_DWORD) regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionReason	success
1619686159.860719 RegSetValueExA	key_handle: 0x00000528 value: `ÔñIí<× regkey_r: WpadDecisionTime reg_type: 3 (REG_BINARY) regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionTime	success
1619686159.860719 RegSetValueExA	key_handle: 0x00000528 value: 3 regkey_r: WpadDecision reg_type: 4 (REG_DWORD) regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecision	success
1619686159.892719 RegSetValueExW	key_handle: 0x0000050c value: {40112ABE-63B3-43C3-BE93-1440EE3AF106} regkey_r: WpadLastNetwork reg_type: 1 (REG_SZ) regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\WpadLastNetwork	success

Connects to an IP address that is no longer responding to requests (legitimate services will remain up-and-running usually) (1 个事件)

dead_host

162.154.38.103:80

File has been identified by 53 AntiVirus engines on VirusTotal as malicious (50 out of 53 个事件)

MicroWorld-eScan	Trojan.Agent.ERJA
FireEye	Trojan.Agent.ERJA
CAT-QuickHeal	Trojan.Multi
McAfee	Emotet-FQV!8F9FE207E86C
Cylance	Unsafe
Zillya	Trojan.Emotet.Win32.20831
Sangfor	Malware
K7AntiVirus	Trojan ( 005675f41 )
Alibaba	Trojan:Win32/Emotet.3a36147f
K7GW	Trojan ( 005675f41 )
Arcabit	Trojan.Agent.ERJA
F-Prot	W32/Emotet.ALI.gen!Eldorado
Symantec	Packed.Generic.534
TrendMicro-HouseCall	TROJ_GEN.R002C0DEQ20
Avast	Win32:BankerX-gen [Trj]
ClamAV	Win.Malware.Emotet-7997926-0
Kaspersky	Backdoor.Win32.Emotet.jdk
BitDefender	Trojan.Agent.ERJA
NANO-Antivirus	Trojan.Win32.Kryptik.hkmyyn
Paloalto	generic.ml
ViRobot	Trojan.Win32.Emotet.495616.A
Rising	Trojan.Kryptik!1.C627 (CLOUD)
Endgame	malicious (high confidence)
Sophos	Mal/Generic-S
F-Secure	Trojan.TR/Crypt.Agent.mciyw
DrWeb	Trojan.DownLoader33.45302
VIPRE	Trojan.Win32.Generic!BT
TrendMicro	TROJ_GEN.R002C0DEQ20
McAfee-GW-Edition	Emotet-FQQ!8F9FE207E86C
Emsisoft	Trojan.Emotet (A)
APEX	Malicious
Cyren	W32/Emotet.ALI.gen!Eldorado
Jiangmin	Backdoor.Emotet.gr
Avira	TR/Crypt.Agent.mciyw
MAX	malware (ai score=82)
Antiy-AVL	Trojan[Banker]/Win32.Emotet
Microsoft	Trojan:Win32/Emotet.MX!MTB
AegisLab	Trojan.Multi.Generic.4!c
ZoneAlarm	Backdoor.Win32.Emotet.jdk
GData	Win32.Trojan-Spy.Emotet.FCVYWS
VBA32	Backdoor.Emotet
ALYac	Trojan.Agent.ERJA
TACHYON	Trojan/W32.Agent.495616.RJ
Ad-Aware	Trojan.Agent.ERJA
Malwarebytes	Trojan.Emotet
ESET-NOD32	a variant of Win32/Kryptik.HDOV
Tencent	Malware.Win32.Gencirc.10cdcd62
Yandex	Trojan.Kryptik!vu0Qgjl8TYk
Ikarus	Trojan-Banker.Emotet
Fortinet	W32/Emotet.CD!tr

暂无二进制图像该样本未生成二进制可视化图像

暂无运行截图该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手，可以帮您分析和解读恶意软件报告。请随时向我提问！

🔍 主要威胁分析

⚡ 行为特征

🛡️ 防护建议

🔧 技术手段

🎯 检测方法

🤖

Static Analysis
Strings

PE Compile Time

2020-05-23 01:30:51

Imports

Library RASAPI32.dll:

• 0x43e328 RasDialA

• 0x43e32c RasGetProjectionInfoA

• 0x43e330 RasEnumConnectionsA

• 0x43e334 RasGetConnectStatusA

• 0x43e338 RasHangUpA

• 0x43e33c RasEnumEntriesA

• 0x43e340 RasGetErrorStringA

• 0x43e344 RasEditPhonebookEntryA

• 0x43e348 RasCreatePhonebookEntryA

Library WINMM.dll:

• 0x43e5a0 sndPlaySoundA

• 0x43e5a4 mciSendStringA

Library VERSION.dll:

• 0x43e590 GetFileVersionInfoSizeA

• 0x43e594 GetFileVersionInfoA

• 0x43e598 VerQueryValueA

Library KERNEL32.dll:

• 0x43e0e4 GetFileSize

• 0x43e0e8 GetFileTime

• 0x43e0ec SetErrorMode

• 0x43e0f0 GetTickCount

• 0x43e0f4 RtlUnwind

• 0x43e0f8 GetStartupInfoA

• 0x43e0fc GetCommandLineA

• 0x43e100 ExitProcess

• 0x43e104 TerminateProcess

• 0x43e108 CreateThread

• 0x43e10c ExitThread

• 0x43e110 RaiseException

• 0x43e114 GetTimeZoneInformation

• 0x43e118 GetSystemTime

• 0x43e11c GetLocalTime

• 0x43e120 GetACP

• 0x43e124 HeapSize

• 0x43e128 HeapDestroy

• 0x43e12c HeapCreate

• 0x43e130 VirtualFree

• 0x43e134 VirtualAlloc

• 0x43e138 IsBadWritePtr

• 0x43e13c UnhandledExceptionFilter

• 0x43e140 FreeEnvironmentStringsA

• 0x43e144 FreeEnvironmentStringsW

• 0x43e148 GetEnvironmentStrings

• 0x43e14c GetEnvironmentStringsW

• 0x43e150 SetHandleCount

• 0x43e154 GetStdHandle

• 0x43e158 GetFileType

• 0x43e15c LCMapStringA

• 0x43e160 LCMapStringW

• 0x43e164 GetStringTypeA

• 0x43e168 GetStringTypeW

• 0x43e16c SetUnhandledExceptionFilter

• 0x43e170 IsBadReadPtr

• 0x43e174 GetFileAttributesA

• 0x43e178 SetStdHandle

• 0x43e17c CompareStringA

• 0x43e180 CompareStringW

• 0x43e184 SetEnvironmentVariableA

• 0x43e188 GetProfileStringA

• 0x43e18c GetModuleFileNameA

• 0x43e190 GetPrivateProfileStringA

• 0x43e194 WritePrivateProfileStringA

• 0x43e198 GetCurrentProcess

• 0x43e19c SizeofResource

• 0x43e1a0 LoadResource

• 0x43e1a4 FindResourceA

• 0x43e1a8 LoadLibraryExA

• 0x43e1ac LoadLibraryExW

• 0x43e1b0 HeapFree

• 0x43e1b4 HeapReAlloc

• 0x43e1b8 HeapAlloc

• 0x43e1bc GetProcessHeap

• 0x43e1c0 GetVersionExA

• 0x43e1c4 FreeLibrary

• 0x43e1c8 LoadLibraryA

• 0x43e1cc GetWindowsDirectoryA

• 0x43e1d0 lstrcpyA

• 0x43e1d4 WinExec

• 0x43e1d8 lstrlenA

• 0x43e1dc lstrcatA

• 0x43e1e0 GetProcAddress

• 0x43e1e4 GetModuleHandleA

• 0x43e1e8 Sleep

• 0x43e1ec InitializeCriticalSection

• 0x43e1f0 DeleteCriticalSection

• 0x43e1f4 LeaveCriticalSection

• 0x43e1f8 EnterCriticalSection

• 0x43e1fc SetThreadPriority

• 0x43e200 GetCurrentThread

• 0x43e204 GetOEMCP

• 0x43e208 GetCPInfo

• 0x43e20c GetProcessVersion

• 0x43e210 GlobalFlags

• 0x43e214 TlsGetValue

• 0x43e218 LocalReAlloc

• 0x43e21c TlsSetValue

• 0x43e220 GlobalReAlloc

• 0x43e224 TlsFree

• 0x43e228 GlobalHandle

• 0x43e22c TlsAlloc

• 0x43e230 LocalAlloc

• 0x43e234 MulDiv

• 0x43e238 VirtualProtect

• 0x43e23c GlobalUnlock

• 0x43e240 FileTimeToLocalFileTime

• 0x43e244 FileTimeToSystemTime

• 0x43e248 SetLastError

• 0x43e24c GetThreadLocale

• 0x43e250 GetFullPathNameA

• 0x43e254 lstrcpynA

• 0x43e258 GetVolumeInformationA

• 0x43e25c FindFirstFileA

• 0x43e260 FindClose

• 0x43e264 SetEndOfFile

• 0x43e268 UnlockFile

• 0x43e26c LockFile

• 0x43e270 FlushFileBuffers

• 0x43e274 SetFilePointer

• 0x43e278 WriteFile

• 0x43e27c ReadFile

• 0x43e280 CreateFileA

• 0x43e284 DuplicateHandle

• 0x43e288 GlobalFree

• 0x43e28c GlobalGetAtomNameA

• 0x43e290 GlobalAddAtomA

• 0x43e294 GlobalFindAtomA

• 0x43e298 MultiByteToWideChar

• 0x43e29c WideCharToMultiByte

• 0x43e2a0 InterlockedDecrement

• 0x43e2a4 InterlockedIncrement

• 0x43e2a8 CreateEventA

• 0x43e2ac SuspendThread

• 0x43e2b0 ResumeThread

• 0x43e2b4 SetEvent

• 0x43e2b8 WaitForSingleObject

• 0x43e2bc CloseHandle

• 0x43e2c0 GlobalLock

• 0x43e2c4 GlobalAlloc

• 0x43e2c8 GlobalDeleteAtom

• 0x43e2cc lstrcmpA

• 0x43e2d0 GetCurrentThreadId

• 0x43e2d4 GetVersion

• 0x43e2d8 GetLastError

• 0x43e2dc FormatMessageA

• 0x43e2e0 LocalFree

• 0x43e2e4 GetTempPathA

• 0x43e2e8 LockResource

• 0x43e2ec lstrcmpiA

• 0x43e2f0 IsBadCodePtr

Library USER32.dll:

• 0x43e35c GetSysColorBrush

• 0x43e360 CharNextA

• 0x43e364 CopyAcceleratorTableA

• 0x43e368 SetRect

• 0x43e36c GetNextDlgGroupItem

• 0x43e370 RegisterClipboardFormatA

• 0x43e374 PostThreadMessageA

• 0x43e378 GrayStringA

• 0x43e37c DrawTextA

• 0x43e380 TabbedTextOutA

• 0x43e384 EndPaint

• 0x43e388 BeginPaint

• 0x43e38c GetWindowDC

• 0x43e390 ClientToScreen

• 0x43e394 GetAsyncKeyState

• 0x43e398 EndDialog

• 0x43e39c CreateDialogIndirectParamA

• 0x43e3a0 CharUpperA

• 0x43e3a4 LoadStringA

• 0x43e3a8 MapDialogRect

• 0x43e3ac SetWindowContextHelpId

• 0x43e3b0 UpdateWindow

• 0x43e3b4 MapWindowPoints

• 0x43e3b8 AdjustWindowRectEx

• 0x43e3bc ScreenToClient

• 0x43e3c0 CopyRect

• 0x43e3c4 GetTopWindow

• 0x43e3c8 IsChild

• 0x43e3cc GetCapture

• 0x43e3d0 WinHelpA

• 0x43e3d4 GetClassInfoA

• 0x43e3d8 RegisterClassA

• 0x43e3dc GetMenu

• 0x43e3e0 GetMenuItemCount

• 0x43e3e4 DefWindowProcA

• 0x43e3e8 DestroyWindow

• 0x43e3ec CreateWindowExA

• 0x43e3f0 GetClassLongA

• 0x43e3f4 UnhookWindowsHookEx

• 0x43e3f8 GetPropA

• 0x43e3fc CallWindowProcA

• 0x43e400 RemovePropA

• 0x43e404 GetMessageTime

• 0x43e408 GetMessagePos

• 0x43e40c GetForegroundWindow

• 0x43e410 GetWindow

• 0x43e414 RegisterWindowMessageA

• 0x43e418 IntersectRect

• 0x43e41c SystemParametersInfoA

• 0x43e420 GetWindowPlacement

• 0x43e424 ShowWindow

• 0x43e428 SetWindowPos

• 0x43e42c MoveWindow

• 0x43e430 GetDlgCtrlID

• 0x43e434 GetWindowTextLengthA

• 0x43e438 GetWindowTextA

• 0x43e43c SetWindowTextA

• 0x43e440 IsDialogMessageA

• 0x43e444 SendDlgItemMessageA

• 0x43e448 GetDlgItem

• 0x43e44c GetMenuCheckMarkDimensions

• 0x43e450 GetMenuState

• 0x43e454 ModifyMenuA

• 0x43e458 SetMenuItemBitmaps

• 0x43e45c CheckMenuItem

• 0x43e460 EnableMenuItem

• 0x43e464 GetFocus

• 0x43e468 GetNextDlgTabItem

• 0x43e46c GetMessageA

• 0x43e470 UnregisterClassA

• 0x43e474 HideCaret

• 0x43e478 ShowCaret

• 0x43e47c ExcludeUpdateRgn

• 0x43e480 DrawFocusRect

• 0x43e484 DefDlgProcA

• 0x43e488 IsWindowUnicode

• 0x43e48c GetActiveWindow

• 0x43e490 GetKeyState

• 0x43e494 CallNextHookEx

• 0x43e498 ValidateRect

• 0x43e49c IsWindowVisible

• 0x43e4a0 SetWindowsHookExA

• 0x43e4a4 IsWindowEnabled

• 0x43e4a8 GetWindowLongA

• 0x43e4ac PostQuitMessage

• 0x43e4b0 LoadMenuA

• 0x43e4b4 GetSubMenu

• 0x43e4b8 SetMenuDefaultItem

• 0x43e4bc GetCursorPos

• 0x43e4c0 GetClassNameA

• 0x43e4c4 GetDesktopWindow

• 0x43e4c8 WindowFromPoint

• 0x43e4cc SetPropA

• 0x43e4d0 DestroyMenu

• 0x43e4d4 TrackPopupMenu

• 0x43e4d8 GetMenuItemID

• 0x43e4dc MessageBoxA

• 0x43e4e0 PeekMessageA

• 0x43e4e4 TranslateMessage

• 0x43e4e8 DispatchMessageA

• 0x43e4ec wsprintfA

• 0x43e4f0 SetFocus

• 0x43e4f4 SetActiveWindow

• 0x43e4f8 LoadCursorA

• 0x43e4fc CopyIcon

• 0x43e500 GetParent

• 0x43e504 GetDC

• 0x43e508 ReleaseDC

• 0x43e50c SetForegroundWindow

• 0x43e510 IsIconic

• 0x43e514 SendMessageA

• 0x43e518 GetLastActivePopup

• 0x43e51c FindWindowA

• 0x43e520 PostMessageA

• 0x43e524 LoadIconA

• 0x43e528 GetWindowRect

• 0x43e52c GetClientRect

• 0x43e530 GetSystemMenu

• 0x43e534 AppendMenuA

• 0x43e538 DrawIcon

• 0x43e53c GetSystemMetrics

• 0x43e540 LoadImageA

• 0x43e544 EnableWindow

• 0x43e548 OffsetRect

• 0x43e54c FillRect

• 0x43e550 GetSysColor

• 0x43e554 RedrawWindow

• 0x43e558 SetTimer

• 0x43e55c KillTimer

• 0x43e560 LoadBitmapA

• 0x43e564 DestroyCursor

• 0x43e568 MessageBeep

• 0x43e56c SetCapture

• 0x43e570 ReleaseCapture

• 0x43e574 PtInRect

• 0x43e578 SetCursor

• 0x43e57c SetWindowLongA

• 0x43e580 IsWindow

• 0x43e584 InvalidateRect

• 0x43e588 InflateRect

Library GDI32.dll:

• 0x43e03c OffsetViewportOrgEx

• 0x43e040 SetViewportExtEx

• 0x43e044 ScaleViewportExtEx

• 0x43e048 SetWindowExtEx

• 0x43e04c ScaleWindowExtEx

• 0x43e050 IntersectClipRect

• 0x43e054 DeleteObject

• 0x43e058 SetViewportOrgEx

• 0x43e05c GetDeviceCaps

• 0x43e060 GetViewportExtEx

• 0x43e064 GetWindowExtEx

• 0x43e068 CreateSolidBrush

• 0x43e06c PtVisible

• 0x43e070 RectVisible

• 0x43e074 TextOutA

• 0x43e078 ExtTextOutA

• 0x43e07c Escape

• 0x43e080 PatBlt

• 0x43e084 GetTextColor

• 0x43e088 GetBkColor

• 0x43e08c DPtoLP

• 0x43e090 LPtoDP

• 0x43e094 GetMapMode

• 0x43e098 SetMapMode

• 0x43e09c SetBkMode

• 0x43e0a0 SelectObject

• 0x43e0a4 RestoreDC

• 0x43e0a8 SaveDC

• 0x43e0ac DeleteDC

• 0x43e0b0 SetBkColor

• 0x43e0b4 SetTextColor

• 0x43e0b8 GetClipBox

• 0x43e0bc CreateBitmap

• 0x43e0c0 GetTextExtentPointA

• 0x43e0c4 GetTextExtentPoint32A

• 0x43e0c8 CreateFontIndirectA

• 0x43e0cc GetStockObject

• 0x43e0d0 CreateCompatibleDC

• 0x43e0d4 BitBlt

• 0x43e0d8 GetObjectA

• 0x43e0dc CreateDIBitmap

Library comdlg32.dll:

• 0x43e5bc GetFileTitleA

• 0x43e5c0 GetOpenFileNameA

• 0x43e5c4 GetSaveFileNameA

Library WINSPOOL.DRV:

• 0x43e5ac DocumentPropertiesA

• 0x43e5b0 ClosePrinter

• 0x43e5b4 OpenPrinterA

Library ADVAPI32.dll:

• 0x43e000 RegCloseKey

• 0x43e004 RegOpenKeyExA

• 0x43e008 RegConnectRegistryA

• 0x43e00c RegQueryValueA

• 0x43e010 RegCreateKeyExA

• 0x43e014 RegSetValueExA

• 0x43e018 RegQueryValueExA

Library SHELL32.dll:

• 0x43e350 Shell_NotifyIconA

• 0x43e354 ShellExecuteA

Library COMCTL32.dll:

• 0x43e020

• 0x43e024

• 0x43e028 PropertySheetA

• 0x43e02c DestroyPropertySheetPage

• 0x43e030 CreatePropertySheetPageA

• 0x43e034 ImageList_Destroy

Library oledlg.dll:

• 0x43e60c

Library ole32.dll:

• 0x43e5cc CoFreeUnusedLibraries

• 0x43e5d0 OleUninitialize

• 0x43e5d4 OleInitialize

• 0x43e5d8 CoTaskMemAlloc

• 0x43e5dc CoTaskMemFree

• 0x43e5e0 CreateILockBytesOnHGlobal

• 0x43e5e4 StgCreateDocfileOnILockBytes

• 0x43e5e8 StgOpenStorageOnILockBytes

• 0x43e5ec CoGetClassObject

• 0x43e5f0 CLSIDFromString

• 0x43e5f4 CLSIDFromProgID

• 0x43e5f8 CoRegisterMessageFilter

• 0x43e5fc CoRevokeClassObject

• 0x43e600 OleFlushClipboard

• 0x43e604 OleIsCurrentClipboard

Library OLEPRO32.DLL:

• 0x43e320

Library OLEAUT32.dll:

• 0x43e2f8 SysFreeString

• 0x43e2fc SysAllocStringLen

• 0x43e300 VariantClear

• 0x43e304 VariantTimeToSystemTime

• 0x43e308 VariantCopy

• 0x43e30c VariantChangeType

• 0x43e310 SysAllocString

• 0x43e314 SysAllocStringByteLen

• 0x43e318 SysStringLen

Hosts

No hosts contacted.

DNS

Name	Response	Post-Analysis Lookup
time.windows.com	A 20.189.79.72 CNAME time.microsoft.akadns.net
dns.msftncsi.com	AAAA fd3e:4f5a:5b81::1	131.107.255.255
dns.msftncsi.com	A 131.107.255.255	131.107.255.255
teredo.ipv6.microsoft.com		127.0.0.1

TCP

No TCP connections recorded.

UDP

Source	Source Port	Destination	Destination Port
192.168.56.101	50534	114.114.114.114	53
192.168.56.101	51808	114.114.114.114	53
192.168.56.101	56539	114.114.114.114	53
192.168.56.101	58367	114.114.114.114	53
192.168.56.101	63429	114.114.114.114	53
192.168.56.101	65004	114.114.114.114	53
192.168.56.101	137	192.168.56.255	137
192.168.56.101	138	192.168.56.255	138
192.168.56.101	123	20.189.79.72 time.windows.com	123
192.168.56.101	49235	224.0.0.252	5355
192.168.56.101	51378	224.0.0.252	5355
192.168.56.101	51963	224.0.0.252	5355
192.168.56.101	56804	224.0.0.252	5355
192.168.56.101	62191	224.0.0.252	5355
192.168.56.101	1900	239.255.255.250	1900
192.168.56.101	51809	239.255.255.250	3702
192.168.56.101	51811	239.255.255.250	3702
192.168.56.101	56540	239.255.255.250	3702
192.168.56.101	56807	239.255.255.250	1900
192.168.56.101	58707	239.255.255.250	3702

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.

Sorry! No dropped buffers.