6.8
高危
50 个模型检测该样本为恶意!
重新分析
更多

41001a555c7cfc74b19a1c3109fd38171e8801657efb9b77a9cb9e046cf87ae4

9038b87ea98f065c44dbe900c0c43dec.exe

分析耗时

94s

最近分析

文件大小

2.8MB
静态报毒 动态报毒 100% AI SCORE=100 CONFIDENCE DOWNLOADER27 DYNAMER GAMETHIEF GAMETHIEF0C21 GEN7 GENERICRXGW GENETIC HIGH CONFIDENCE HPRK MALICIOUS PE ONLINEGAMES R015C0PGB19 R259819 TDSS TF3MYVVYCMJ TIGGRE TMQDVR6ZRRM ULISE UNSAFE WACATAC WOOOL 更多
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
McAfee GenericRXGW-DA!9038B87EA98F 20190712 6.0.6.653
Alibaba Trojan:Win32/Woool.4765bca1 20190527 0.3.0.5
Baidu 20190318 1.0.0.2
Avast Win32:Trojan-gen 20190712 18.4.3895.0
Tencent Win32.Trojan.Spy.Hprk 20190712 1.0.0.1
Kingsoft 20190712 2013.8.14.323
CrowdStrike win/malicious_confidence_100% (W) 20190212 1.0
静态指标
Checks if process is being debugged by a debugger (1 个事件)
Time & API Arguments Status Return Repeated
1620969962.168001
IsDebuggerPresent
failed 0 0
Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available (1 个事件)
Time & API Arguments Status Return Repeated
1620969956.559001
GlobalMemoryStatusEx
success 1 0
The executable contains unknown PE section names indicative of a packer (could be a false positive) (3 个事件)
section .itext
section .vmp0
section .vmp1
The file contains an unknown PE resource name possibly indicative of a packer (1 个事件)
resource name DLL
One or more processes crashed (1 个事件)
Time & API Arguments Status Return Repeated
1620969958.950001
__exception__
stacktrace: 
9038b87ea98f065c44dbe900c0c43dec+0x13667d @ 0x53667d
9038b87ea98f065c44dbe900c0c43dec+0x136a74 @ 0x536a74
9038b87ea98f065c44dbe900c0c43dec+0x136ec5 @ 0x536ec5
9038b87ea98f065c44dbe900c0c43dec+0x136cc7 @ 0x536cc7
9038b87ea98f065c44dbe900c0c43dec+0x133901 @ 0x533901
9038b87ea98f065c44dbe900c0c43dec+0x142bf7 @ 0x542bf7
9038b87ea98f065c44dbe900c0c43dec+0x143336 @ 0x543336
9038b87ea98f065c44dbe900c0c43dec+0x2662f @ 0x42662f
9038b87ea98f065c44dbe900c0c43dec+0x4f42 @ 0x404f42
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 72088856
registers.edi: 72089136
registers.eax: 72088856
registers.ebp: 72088936
registers.edx: 0
registers.ebx: 4294967295
registers.esi: 0
registers.ecx: 7
exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b
exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727
exception.instruction: leave
exception.module: KERNELBASE.dll
exception.exception_code: 0xeedfade
exception.offset: 46887
exception.address: 0x778eb727
success 0 0
行为判定
动态指标
Performs some HTTP requests (1 个事件)
request GET http://anti.fhdlq.net/Drv/ls.txt
Allocates read-write-execute memory (usually to unpack itself) (4 个事件)
Time & API Arguments Status Return Repeated
1620969954.528001
NtProtectVirtualMemory
process_identifier: 2144
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 1421312
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00401000
success 0 0
1620969954.528001
NtProtectVirtualMemory
process_identifier: 2144
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 8192
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x0055c000
success 0 0
1620969955.481001
NtAllocateVirtualMemory
process_identifier: 2144
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x003f0000
success 0 0
1620969962.184001
NtProtectVirtualMemory
process_identifier: 2144
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x04f50000
success 0 0
Foreign language identified in PE resource (6 个事件)
name DLL language LANG_CHINESE offset 0x0058a37c filetype empty sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00020600
name DLL language LANG_CHINESE offset 0x0058a37c filetype empty sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00020600
name RT_ICON language LANG_CHINESE offset 0x00493adc filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x000010a8
name RT_GROUP_ICON language LANG_CHINESE offset 0x00494b84 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000014
name RT_VERSION language LANG_CHINESE offset 0x00494b98 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000284
name RT_MANIFEST language LANG_CHINESE offset 0x00494e1c filetype XML 1.0 document, ASCII text, with CRLF line terminators sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x0000015d
Searches running processes potentially to identify processes for sandbox evasion, code injection or memory dumping (1 个事件)
The binary likely contains encrypted or compressed data indicative of a packer (2 个事件)
entropy 7.993229826735768 section {'size_of_data': '0x00270a00', 'virtual_address': '0x00220000', 'entropy': 7.993229826735768, 'name': '.vmp1', 'virtual_size': '0x002709f2'} description A section with a high entropy has been found
entropy 0.9950219036240542 description Overall entropy of this PE file is high
Checks for the Locally Unique Identifier on the system for a suspicious privilege (1 个事件)
Time & API Arguments Status Return Repeated
1620969957.559001
LookupPrivilegeValueW
system_name:
privilege_name: SeDebugPrivilege
success 1 0
The executable is likely packed with VMProtect (2 个事件)
section .vmp0 description Section name indicates VMProtect
section .vmp1 description Section name indicates VMProtect
网络通信
Communicates with host for which no DNS query was performed (1 个事件)
host 172.217.24.14
Detects VirtualBox through the presence of a device (2 个事件)
file \??\VBoxGuest
file \??\VBoxMiniRdrDN
Detects VirtualBox through the presence of a file (1 个事件)
dll C:\Windows\system32\VBoxMRXNP.dll
File has been identified by 50 AntiVirus engines on VirusTotal as malicious (50 个事件)
MicroWorld-eScan Gen:Variant.Ulise.25372
CAT-QuickHeal Trojan.Tiggre
McAfee GenericRXGW-DA!9038B87EA98F
Cylance Unsafe
Zillya Trojan.TDSS.Win32.46844
Alibaba Trojan:Win32/Woool.4765bca1
K7GW Trojan ( 7000000f1 )
K7AntiVirus Trojan ( 7000000f1 )
Arcabit Trojan.Ulise.D631C
TrendMicro TROJ_GEN.R015C0PGB19
Symantec Trojan.Gen.MBT
Avast Win32:Trojan-gen
Kaspersky UDS:DangerousObject.Multi.Generic
BitDefender Gen:Variant.Ulise.25372
Paloalto generic.ml
ViRobot Trojan.Win32.Z.Ulise.2963859
Tencent Win32.Trojan.Spy.Hprk
Endgame malicious (high confidence)
Emsisoft Gen:Variant.Ulise.25372 (B)
F-Secure Trojan.TR/Spy.Banker.Gen7
DrWeb Trojan.DownLoader27.24109
VIPRE Trojan.Win32.Generic!BT
Invincea heuristic
McAfee-GW-Edition BehavesLike.Win32.Generic.vc
FireEye Generic.mg.9038b87ea98f065c
Sophos Mal/Generic-S
SentinelOne DFI - Malicious PE
Avira TR/Spy.Banker.Gen7
Antiy-AVL Trojan[GameThief]/Win32.OnLineGames
Microsoft Trojan:Win32/Wacatac.B!ml
AegisLab Trojan.Multi.Generic.4!c
ZoneAlarm UDS:DangerousObject.Multi.Generic
GData Gen:Variant.Ulise.25372
AhnLab-V3 Malware/Win32.RL_Generic.R259819
Acronis suspicious
VBA32 Trojan.Downloader
ALYac Gen:Variant.Ulise.25372
MAX malware (ai score=100)
Ad-Aware Gen:Variant.Ulise.25372
ESET-NOD32 Win32/Woool.F
TrendMicro-HouseCall TROJ_GEN.R015C0PGB19
Rising Trojan.Dynamer!8.3A0 (TFE:4:tF3mYVVYcMJ)
Yandex Trojan.Agent!tmQdVR6ZrRM
Ikarus Trojan.Spy.Banker
Fortinet Riskware/GameThief0C21
AVG Win32:Trojan-gen
Cybereason malicious.ea98f0
Panda Trj/Genetic.gen
CrowdStrike win/malicious_confidence_100% (W)
Qihoo-360 Win32/Trojan.600
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

2019-01-02 00:10:10

Imports

Library oleaut32.dll:
0x62b000 SysFreeString
0x62b004 SysReAllocStringLen
0x62b008 SysAllocStringLen
Library advapi32.dll:
0x62b010 RegQueryValueExA
0x62b014 RegOpenKeyExA
0x62b018 RegCloseKey
Library user32.dll:
0x62b020 GetKeyboardType
0x62b024 DestroyWindow
0x62b028 LoadStringA
0x62b02c MessageBoxA
0x62b030 CharNextA
Library kernel32.dll:
0x62b038 GetACP
0x62b03c Sleep
0x62b040 VirtualFree
0x62b044 VirtualAlloc
0x62b048 GetTickCount
0x62b050 GetCurrentThreadId
0x62b05c VirtualQuery
0x62b060 WideCharToMultiByte
0x62b068 MultiByteToWideChar
0x62b06c lstrlenA
0x62b070 lstrcpynA
0x62b074 LoadLibraryExA
0x62b078 GetThreadLocale
0x62b07c GetStartupInfoA
0x62b080 GetProcAddress
0x62b084 GetModuleHandleA
0x62b088 GetModuleFileNameA
0x62b08c GetLocaleInfoA
0x62b090 GetLastError
0x62b098 GetCommandLineA
0x62b09c FreeLibrary
0x62b0a0 FindFirstFileA
0x62b0a4 FindClose
0x62b0a8 CreateDirectoryA
0x62b0ac ExitProcess
0x62b0b0 ExitThread
0x62b0b4 CreateThread
0x62b0b8 CompareStringA
0x62b0bc WriteFile
0x62b0c4 RtlUnwind
0x62b0c8 RaiseException
0x62b0cc GetStdHandle
Library kernel32.dll:
0x62b0d4 TlsSetValue
0x62b0d8 TlsGetValue
0x62b0dc LocalAlloc
0x62b0e0 GetModuleHandleA
Library user32.dll:
0x62b0e8 CreateWindowExA
0x62b0ec WindowFromPoint
0x62b0f0 WaitMessage
0x62b0f4 UpdateLayeredWindow
0x62b0f8 UpdateWindow
0x62b0fc UnregisterClassA
0x62b100 UnhookWindowsHookEx
0x62b104 TranslateMessage
0x62b10c TrackPopupMenu
0x62b114 ShowWindow
0x62b118 ShowScrollBar
0x62b11c ShowOwnedPopups
0x62b120 SetWindowsHookExA
0x62b124 SetWindowTextA
0x62b128 SetWindowPos
0x62b12c SetWindowPlacement
0x62b130 SetWindowLongW
0x62b134 SetWindowLongA
0x62b138 SetTimer
0x62b13c SetScrollRange
0x62b140 SetScrollPos
0x62b144 SetScrollInfo
0x62b148 SetRect
0x62b14c SetPropA
0x62b150 SetParent
0x62b154 SetMenuItemInfoA
0x62b158 SetMenu
0x62b15c SetForegroundWindow
0x62b160 SetFocus
0x62b164 SetCursor
0x62b168 SetClipboardData
0x62b16c SetClassLongA
0x62b170 SetCapture
0x62b174 SetActiveWindow
0x62b178 SendMessageW
0x62b17c SendMessageA
0x62b180 ScrollWindow
0x62b184 ScreenToClient
0x62b188 RemovePropA
0x62b18c RemoveMenu
0x62b190 ReleaseDC
0x62b194 ReleaseCapture
0x62b1a0 RegisterClassA
0x62b1a4 RedrawWindow
0x62b1a8 PtInRect
0x62b1ac PostQuitMessage
0x62b1b0 PostMessageA
0x62b1b4 PeekMessageW
0x62b1b8 PeekMessageA
0x62b1bc OpenClipboard
0x62b1c0 OffsetRect
0x62b1c4 OemToCharA
0x62b1d0 MessageBoxA
0x62b1d4 MessageBeep
0x62b1d8 MapWindowPoints
0x62b1dc MapVirtualKeyA
0x62b1e0 LoadStringA
0x62b1e4 LoadKeyboardLayoutA
0x62b1e8 LoadImageA
0x62b1ec LoadIconA
0x62b1f0 LoadCursorA
0x62b1f4 LoadBitmapA
0x62b1f8 KillTimer
0x62b1fc IsZoomed
0x62b200 IsWindowVisible
0x62b204 IsWindowUnicode
0x62b208 IsWindowEnabled
0x62b20c IsWindow
0x62b210 IsRectEmpty
0x62b214 IsIconic
0x62b218 IsDialogMessageW
0x62b21c IsDialogMessageA
0x62b220 IsChild
0x62b224 InvalidateRect
0x62b228 IntersectRect
0x62b22c InsertMenuItemA
0x62b230 InsertMenuA
0x62b234 InflateRect
0x62b23c GetWindowTextA
0x62b240 GetWindowRect
0x62b244 GetWindowPlacement
0x62b248 GetWindowLongW
0x62b24c GetWindowLongA
0x62b250 GetWindowDC
0x62b254 GetTopWindow
0x62b258 GetSystemMetrics
0x62b25c GetSystemMenu
0x62b260 GetSysColorBrush
0x62b264 GetSysColor
0x62b268 GetSubMenu
0x62b26c GetScrollRange
0x62b270 GetScrollPos
0x62b274 GetScrollInfo
0x62b278 GetPropA
0x62b27c GetParent
0x62b280 GetWindow
0x62b284 GetMessageTime
0x62b288 GetMessagePos
0x62b28c GetMenuStringA
0x62b290 GetMenuState
0x62b294 GetMenuItemInfoA
0x62b298 GetMenuItemID
0x62b29c GetMenuItemCount
0x62b2a0 GetMenuDefaultItem
0x62b2a4 GetMenu
0x62b2a8 GetLastActivePopup
0x62b2ac GetKeyboardState
0x62b2b8 GetKeyboardLayout
0x62b2bc GetKeyState
0x62b2c0 GetKeyNameTextA
0x62b2c4 GetIconInfo
0x62b2c8 GetForegroundWindow
0x62b2cc GetFocus
0x62b2d0 GetDlgItem
0x62b2d4 GetDesktopWindow
0x62b2d8 GetDCEx
0x62b2dc GetDC
0x62b2e0 GetCursorPos
0x62b2e4 GetCursor
0x62b2e8 GetClipboardData
0x62b2ec GetClientRect
0x62b2f0 GetClassNameA
0x62b2f4 GetClassLongA
0x62b2f8 GetClassInfoA
0x62b2fc GetCapture
0x62b300 GetActiveWindow
0x62b304 FrameRect
0x62b308 FindWindowExA
0x62b30c FindWindowA
0x62b310 FillRect
0x62b314 EqualRect
0x62b318 EnumWindows
0x62b31c EnumThreadWindows
0x62b320 EnumChildWindows
0x62b324 EndPaint
0x62b328 EnableWindow
0x62b32c EnableScrollBar
0x62b330 EnableMenuItem
0x62b334 EmptyClipboard
0x62b338 DrawTextA
0x62b33c DrawMenuBar
0x62b340 DrawIconEx
0x62b344 DrawIcon
0x62b348 DrawFrameControl
0x62b34c DrawFocusRect
0x62b350 DrawEdge
0x62b354 DispatchMessageW
0x62b358 DispatchMessageA
0x62b35c DestroyWindow
0x62b360 DestroyMenu
0x62b364 DestroyIcon
0x62b368 DestroyCursor
0x62b36c DeleteMenu
0x62b370 DefWindowProcA
0x62b374 DefMDIChildProcA
0x62b378 DefFrameProcA
0x62b37c CreatePopupMenu
0x62b380 CreateMenu
0x62b384 CreateIcon
0x62b388 CloseClipboard
0x62b38c ClientToScreen
0x62b394 CheckMenuItem
0x62b398 CallWindowProcA
0x62b39c CallNextHookEx
0x62b3a0 BeginPaint
0x62b3a4 AppendMenuA
0x62b3a8 CharNextA
0x62b3ac CharLowerBuffA
0x62b3b0 CharLowerA
0x62b3b4 CharUpperBuffA
0x62b3b8 CharToOemA
0x62b3bc AdjustWindowRectEx
Library gdi32.dll:
0x62b3c8 UnrealizeObject
0x62b3cc StretchBlt
0x62b3d0 SetWindowOrgEx
0x62b3d4 SetWinMetaFileBits
0x62b3d8 SetViewportOrgEx
0x62b3dc SetTextColor
0x62b3e0 SetTextAlign
0x62b3e4 SetStretchBltMode
0x62b3e8 SetROP2
0x62b3ec SetPixel
0x62b3f0 SetMapMode
0x62b3f4 SetEnhMetaFileBits
0x62b3f8 SetDIBColorTable
0x62b3fc SetBrushOrgEx
0x62b400 SetBkMode
0x62b404 SetBkColor
0x62b408 SelectPalette
0x62b40c SelectObject
0x62b410 SelectClipRgn
0x62b414 SaveDC
0x62b418 RestoreDC
0x62b41c Rectangle
0x62b420 RectVisible
0x62b424 RealizePalette
0x62b428 Polyline
0x62b42c Polygon
0x62b430 PlayEnhMetaFile
0x62b434 PatBlt
0x62b438 MoveToEx
0x62b43c MaskBlt
0x62b440 LineTo
0x62b444 LPtoDP
0x62b448 IntersectClipRect
0x62b44c GetWindowOrgEx
0x62b450 GetWinMetaFileBits
0x62b454 GetViewportOrgEx
0x62b458 GetTextMetricsA
0x62b45c GetTextExtentPointA
0x62b468 GetStockObject
0x62b46c GetRgnBox
0x62b470 GetPixel
0x62b474 GetPaletteEntries
0x62b478 GetObjectA
0x62b488 GetEnhMetaFileBits
0x62b48c GetDeviceCaps
0x62b490 GetDIBits
0x62b494 GetDIBColorTable
0x62b498 GetDCOrgEx
0x62b4a0 GetClipBox
0x62b4a4 GetBrushOrgEx
0x62b4a8 GetBitmapBits
0x62b4ac GdiFlush
0x62b4b0 ExtTextOutA
0x62b4b4 ExcludeClipRect
0x62b4b8 DeleteObject
0x62b4bc DeleteEnhMetaFile
0x62b4c0 DeleteDC
0x62b4c4 CreateSolidBrush
0x62b4c8 CreatePenIndirect
0x62b4cc CreatePalette
0x62b4d4 CreateFontIndirectA
0x62b4d8 CreateEnhMetaFileA
0x62b4dc CreateDIBitmap
0x62b4e0 CreateDIBSection
0x62b4e4 CreateCompatibleDC
0x62b4ec CreateBrushIndirect
0x62b4f0 CreateBitmap
0x62b4f4 CopyEnhMetaFileA
0x62b4f8 CloseEnhMetaFile
0x62b4fc BitBlt
Library version.dll:
0x62b504 VerQueryValueA
0x62b50c GetFileVersionInfoA
Library mpr.dll:
0x62b514 WNetGetConnectionA
Library kernel32.dll:
0x62b51c lstrcpyA
0x62b520 lstrcmpA
0x62b528 WriteFile
0x62b52c WinExec
0x62b530 WideCharToMultiByte
0x62b534 WaitForSingleObject
0x62b540 VirtualQuery
0x62b544 VirtualAlloc
0x62b548 UnmapViewOfFile
0x62b54c TerminateProcess
0x62b550 Sleep
0x62b554 SizeofResource
0x62b558 SetThreadPriority
0x62b55c SetThreadLocale
0x62b560 SetFileTime
0x62b564 SetFilePointer
0x62b568 SetFileAttributesA
0x62b56c SetEvent
0x62b570 SetErrorMode
0x62b574 SetEndOfFile
0x62b578 ResumeThread
0x62b57c ResetEvent
0x62b580 RemoveDirectoryA
0x62b584 ReadFile
0x62b588 OutputDebugStringA
0x62b58c OpenProcess
0x62b590 OpenFileMappingA
0x62b594 MultiByteToWideChar
0x62b598 MulDiv
0x62b59c MoveFileA
0x62b5a0 MapViewOfFile
0x62b5a4 LockResource
0x62b5ac LoadResource
0x62b5b0 LoadLibraryA
0x62b5b8 IsDBCSLeadByte
0x62b5c0 GlobalUnlock
0x62b5c4 GlobalSize
0x62b5c8 GlobalLock
0x62b5cc GlobalFree
0x62b5d0 GlobalFindAtomA
0x62b5d4 GlobalDeleteAtom
0x62b5d8 GlobalAlloc
0x62b5dc GlobalAddAtomA
0x62b5e8 GetVersionExA
0x62b5ec GetVersion
0x62b5f0 GetUserDefaultLCID
0x62b5f8 GetTickCount
0x62b5fc GetThreadLocale
0x62b600 GetTempPathA
0x62b604 GetSystemDirectoryA
0x62b608 GetStdHandle
0x62b60c GetStartupInfoA
0x62b610 GetProcAddress
0x62b618 GetModuleHandleA
0x62b61c GetModuleFileNameA
0x62b620 GetLogicalDrives
0x62b624 GetLocaleInfoA
0x62b628 GetLocalTime
0x62b62c GetLastError
0x62b630 GetFullPathNameA
0x62b634 GetFileTime
0x62b638 GetFileSize
0x62b640 GetFileAttributesA
0x62b644 GetExitCodeThread
0x62b648 GetDriveTypeA
0x62b64c GetDiskFreeSpaceA
0x62b650 GetDateFormatA
0x62b654 GetCurrentThreadId
0x62b658 GetCurrentProcessId
0x62b65c GetCurrentProcess
0x62b660 GetComputerNameA
0x62b664 GetCPInfo
0x62b668 FreeResource
0x62b670 InterlockedExchange
0x62b67c FreeLibrary
0x62b680 FormatMessageA
0x62b684 FlushFileBuffers
0x62b688 FindResourceA
0x62b68c FindNextFileA
0x62b694 FindFirstFileA
0x62b69c FindClose
0x62b6ac ExitProcess
0x62b6b0 EnumCalendarInfoA
0x62b6bc DeleteFileA
0x62b6c4 CreateThread
0x62b6c8 CreateProcessA
0x62b6cc CreateFileMappingA
0x62b6d0 CreateFileA
0x62b6d4 CreateEventA
0x62b6d8 CreateDirectoryA
0x62b6dc CopyFileA
0x62b6e0 CompareStringA
0x62b6e4 CloseHandle
Library advapi32.dll:
0x62b6ec RegSetValueExA
0x62b6f0 RegQueryValueExA
0x62b6f4 RegQueryInfoKeyA
0x62b6f8 RegOpenKeyExA
0x62b6fc RegFlushKey
0x62b700 RegEnumValueA
0x62b704 RegDeleteValueA
0x62b708 RegCreateKeyExA
0x62b70c RegCloseKey
0x62b710 OpenProcessToken
Library oleaut32.dll:
0x62b720 CreateErrorInfo
0x62b724 GetErrorInfo
0x62b728 SetErrorInfo
0x62b72c GetActiveObject
0x62b730 SysFreeString
Library ole32.dll:
0x62b73c IsAccelerator
0x62b740 ReleaseStgMedium
0x62b744 OleDraw
0x62b74c RevokeDragDrop
0x62b750 OleUninitialize
0x62b754 OleInitialize
0x62b758 CoTaskMemFree
0x62b75c CoTaskMemAlloc
0x62b760 ProgIDFromCLSID
0x62b764 StringFromCLSID
0x62b768 CoCreateInstance
0x62b76c CoGetClassObject
0x62b770 CoUninitialize
0x62b774 CoInitialize
0x62b778 IsEqualGUID
Library kernel32.dll:
0x62b780 Sleep
Library ole32.dll:
0x62b788 CLSIDFromString
Library oleaut32.dll:
0x62b790 SafeArrayPtrOfIndex
0x62b794 SafeArrayGetUBound
0x62b798 SafeArrayGetLBound
0x62b79c SafeArrayCreate
0x62b7a0 VariantChangeType
0x62b7a4 VariantCopy
0x62b7a8 VariantClear
0x62b7ac VariantInit
Library comctl32.dll:
0x62b7b4 _TrackMouseEvent
0x62b7c0 ImageList_Write
0x62b7c4 ImageList_Read
0x62b7d0 ImageList_DragMove
0x62b7d4 ImageList_DragLeave
0x62b7d8 ImageList_DragEnter
0x62b7dc ImageList_EndDrag
0x62b7e0 ImageList_BeginDrag
0x62b7e4 ImageList_Remove
0x62b7e8 ImageList_DrawEx
0x62b7ec ImageList_Draw
0x62b800 ImageList_Add
0x62b80c ImageList_Destroy
0x62b810 ImageList_Create
0x62b814 InitCommonControls
Library shell32.dll:
0x62b81c ShellExecuteA
0x62b820 SHGetFileInfoA
Library shell32.dll:
Library comdlg32.dll:
0x62b838 GetOpenFileNameA

Hosts

No hosts contacted.

TCP

Source Source Port Destination Destination Port
192.168.56.101 49177 165.3.87.138 anti.fhdlq.net 80

UDP

Source Source Port Destination Destination Port
192.168.56.101 49713 114.114.114.114 53
192.168.56.101 50002 114.114.114.114 53
192.168.56.101 57756 114.114.114.114 53
192.168.56.101 57874 114.114.114.114 53
192.168.56.101 58367 114.114.114.114 53
192.168.56.101 62318 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 123 20.189.79.72 time.windows.com 123
192.168.56.101 49235 224.0.0.252 5355
192.168.56.101 50534 224.0.0.252 5355
192.168.56.101 51963 224.0.0.252 5355
192.168.56.101 53237 224.0.0.252 5355
192.168.56.101 53657 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 62191 224.0.0.252 5355
192.168.56.101 63429 224.0.0.252 5355
192.168.56.101 1900 239.255.255.250 1900
192.168.56.101 50003 239.255.255.250 3702
192.168.56.101 50005 239.255.255.250 3702

HTTP & HTTPS Requests

URI Data
http://anti.fhdlq.net/Drv/ls.txt 
GET /Drv/ls.txt HTTP/1.1
Host: anti.fhdlq.net
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: identity
User-Agent: Mozilla/3.0 (compatible; Indy Library)

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.