9.2
极危
44 个模型检测该样本为恶意!
重新分析
更多

de0f6048f1e9afd9cd30120de60cccec41ba57a94feea7cf861a90a0bc1f28c4

966a8f15ab171f866e5fbf1c3d2dd861.exe

分析耗时

84s

最近分析

文件大小

1.7MB
静态报毒 动态报毒 AIFU APOST ATTRIBUTE BSCOPE BUNDLER CLASSIC FILEREPMALWARE GENERICRXGV GENETIC HIGH CONFIDENCE HIGHCONFIDENCE KUAIZIP MALWARE@#I64QRY4ZQ6X0 MAUVAISE PUWADERS R007C0OI420 R259795 SCORE SOFTCNAPP SUSGEN SUSPICIOUS PE UNSAFE 更多
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
McAfee GenericRXGV-MF!966A8F15AB17 20201018 6.0.6.653
Alibaba Trojan:Win32/APosT.0447aaeb 20190527 0.3.0.5
CrowdStrike 20190702 1.0
Baidu 20190318 1.0.0.2
Avast 20201018 18.4.3895.0
Kingsoft 20201018 2013.8.14.323
行为判定
动态指标
HTTP traffic contains suspicious features which may be indicative of malware related traffic (3 个事件)
suspicious_features GET method with no useragent header suspicious_request GET http://api.ip138.com/query/
suspicious_features GET method with no useragent header suspicious_request GET http://down.xiald.com/apix.php?id=&qid=&title=NULL
suspicious_features GET method with no useragent header suspicious_request GET http://xzqtj.xiald.com/x.txt?value=NDYyNDk4NDhiODZjNzYxNjUxZjhkNmY1Mjc2YTc2ZjUJSGlnaEJpbmQJMS4zLjEuNAkJV2luZG93czcJMAkwCQkJMQlvcGVuCQ%3D%3D
Performs some HTTP requests (6 个事件)
request GET http://api.ip138.com/query/
request GET http://down.xiald.com/apix.php?id=&qid=&title=NULL
request GET http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ5rEWLwbJFq%2FmAU80sm7E%3D
request GET http://xzqtj.xiald.com/x.txt?value=NDYyNDk4NDhiODZjNzYxNjUxZjhkNmY1Mjc2YTc2ZjUJSGlnaEJpbmQJMS4zLjEuNAkJV2luZG93czcJMAkwCQkJMQlvcGVuCQ%3D%3D
request GET http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSXi0cW5bD2WLrmnasWibg2OuPDpgQUVXRPsnJP9WC6UNHX5lFcmgGHGtcCEAlEyN4FzuqcMexN5hzatx0%3D
request GET https://www.9973.com/xiazaizhan/xiazq.html?rand=6529
Foreign language identified in PE resource (7 个事件)
name ZIPRES language LANG_CHINESE offset 0x0013f490 filetype Zip archive data, at least v2.0 to extract sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00078ed3
name RT_ICON language LANG_CHINESE offset 0x0013eba8 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x000008a8
name RT_ICON language LANG_CHINESE offset 0x0013eba8 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x000008a8
name RT_ICON language LANG_CHINESE offset 0x0013eba8 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x000008a8
name RT_ICON language LANG_CHINESE offset 0x0013eba8 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x000008a8
name RT_GROUP_ICON language LANG_CHINESE offset 0x0013f450 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x0000003e
name RT_VERSION language LANG_CHINESE offset 0x001b8368 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000294
Checks adapter addresses which can be used to detect virtual network interfaces (1 个事件)
Time & API Arguments Status Return Repeated
1619796101.489751
GetAdaptersAddresses
flags: 0
family: 0
failed 111 0
The binary likely contains encrypted or compressed data indicative of a packer (2 个事件)
entropy 7.977614319159565 section {'size_of_data': '0x0007aa00', 'virtual_address': '0x0013e000', 'entropy': 7.977614319159565, 'name': '.rsrc', 'virtual_size': '0x0007a890'} description A section with a high entropy has been found
entropy 0.275561797752809 description Overall entropy of this PE file is high
Repeatedly searches for a not-found process, you may want to run a web browser during analysis (16 个事件)
Time & API Arguments Status Return Repeated
1619796062.817751
Process32NextW
process_name: 966a8f15ab171f866e5fbf1c3d2dd861.exe
snapshot_handle: 0x000001fc
process_identifier: 2740
failed 0 0
1619796062.833751
Process32NextW
process_name: 966a8f15ab171f866e5fbf1c3d2dd861.exe
snapshot_handle: 0x000001fc
process_identifier: 2740
failed 0 0
1619796062.833751
Process32NextW
process_name: 966a8f15ab171f866e5fbf1c3d2dd861.exe
snapshot_handle: 0x000001fc
process_identifier: 2740
failed 0 0
1619796062.848751
Process32NextW
process_name: 966a8f15ab171f866e5fbf1c3d2dd861.exe
snapshot_handle: 0x000001fc
process_identifier: 2740
failed 0 0
1619796062.864751
Process32NextW
process_name: 966a8f15ab171f866e5fbf1c3d2dd861.exe
snapshot_handle: 0x000001fc
process_identifier: 2740
failed 0 0
1619796062.879751
Process32NextW
process_name: 966a8f15ab171f866e5fbf1c3d2dd861.exe
snapshot_handle: 0x000001fc
process_identifier: 2740
failed 0 0
1619796062.895751
Process32NextW
process_name: 966a8f15ab171f866e5fbf1c3d2dd861.exe
snapshot_handle: 0x000001fc
process_identifier: 2740
failed 0 0
1619796062.911751
Process32NextW
process_name: 966a8f15ab171f866e5fbf1c3d2dd861.exe
snapshot_handle: 0x000001fc
process_identifier: 2740
failed 0 0
1619796062.911751
Process32NextW
process_name: 966a8f15ab171f866e5fbf1c3d2dd861.exe
snapshot_handle: 0x000001fc
process_identifier: 2740
failed 0 0
1619796062.942751
Process32NextW
process_name: 966a8f15ab171f866e5fbf1c3d2dd861.exe
snapshot_handle: 0x000001fc
process_identifier: 2740
failed 0 0
1619796062.973751
Process32NextW
process_name: 966a8f15ab171f866e5fbf1c3d2dd861.exe
snapshot_handle: 0x000001fc
process_identifier: 2740
failed 0 0
1619796062.973751
Process32NextW
process_name: 966a8f15ab171f866e5fbf1c3d2dd861.exe
snapshot_handle: 0x000001fc
process_identifier: 2740
failed 0 0
1619796062.989751
Process32NextW
process_name: 966a8f15ab171f866e5fbf1c3d2dd861.exe
snapshot_handle: 0x000001fc
process_identifier: 2740
failed 0 0
1619796062.989751
Process32NextW
process_name: 966a8f15ab171f866e5fbf1c3d2dd861.exe
snapshot_handle: 0x000001fc
process_identifier: 2740
failed 0 0
1619796063.004751
Process32NextW
process_name: 966a8f15ab171f866e5fbf1c3d2dd861.exe
snapshot_handle: 0x000001fc
process_identifier: 2740
failed 0 0
1619796063.020751
Process32NextW
process_name: 966a8f15ab171f866e5fbf1c3d2dd861.exe
snapshot_handle: 0x000001fc
process_identifier: 2740
failed 0 0
网络通信
Communicates with host for which no DNS query was performed (2 个事件)
host 172.217.24.14
host 47.98.239.235
Disables proxy possibly for traffic interception (1 个事件)
Time & API Arguments Status Return Repeated
1619796101.098751
RegSetValueExA
key_handle: 0x00000410
value: 0
regkey_r: ProxyEnable
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyEnable
success 0 0
Queries information on disks, possibly for anti-virtualization (2 个事件)
Time & API Arguments Status Return Repeated
1619796061.458751
NtCreateFile
create_disposition: 1 (FILE_OPEN)
file_handle: 0x000000d0
filepath: \??\PhysicalDrive0
desired_access: 0x00100080 (FILE_READ_ATTRIBUTES|SYNCHRONIZE)
file_attributes: 0 ()
filepath_r: \??\PhysicalDrive0
create_options: 96 (FILE_NON_DIRECTORY_FILE|FILE_SYNCHRONOUS_IO_NONALERT)
status_info: 0 (FILE_SUPERSEDED)
share_access: 3 (FILE_SHARE_READ|FILE_SHARE_WRITE)
success 0 0
1619796061.473751
DeviceIoControl
input_buffer:
device_handle: 0x000000d0
control_code: 2954240 ()
output_buffer: (§Lu~ $ VBOX HARDDISK 1.0VBOX HARDDISK 1.0 42566434623363626138662d3764623238312037
success 1 0
Sets or modifies WPAD proxy autoconfiguration file for traffic interception (15 个事件)
Time & API Arguments Status Return Repeated
1619796104.051751
RegSetValueExA
key_handle: 0x00000558
value: 1
regkey_r: WpadDecisionReason
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionReason
success 0 0
1619796104.051751
RegSetValueExA
key_handle: 0x00000558
value: @»mâ=×
regkey_r: WpadDecisionTime
reg_type: 3 (REG_BINARY)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionTime
success 0 0
1619796104.051751
RegSetValueExA
key_handle: 0x00000558
value: 3
regkey_r: WpadDecision
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecision
success 0 0
1619796104.051751
RegSetValueExW
key_handle: 0x00000558
value: 网络 2
regkey_r: WpadNetworkName
reg_type: 1 (REG_SZ)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadNetworkName
success 0 0
1619796104.051751
RegSetValueExA
key_handle: 0x00000570
value: 1
regkey_r: WpadDecisionReason
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionReason
success 0 0
1619796104.051751
RegSetValueExA
key_handle: 0x00000570
value: @»mâ=×
regkey_r: WpadDecisionTime
reg_type: 3 (REG_BINARY)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionTime
success 0 0
1619796104.067751
RegSetValueExA
key_handle: 0x00000570
value: 3
regkey_r: WpadDecision
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecision
success 0 0
1619796104.083751
RegSetValueExW
key_handle: 0x00000554
value: {40112ABE-63B3-43C3-BE93-1440EE3AF106}
regkey_r: WpadLastNetwork
reg_type: 1 (REG_SZ)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\WpadLastNetwork
success 0 0
1619796117.223751
RegSetValueExA
key_handle: 0x00000384
value: 1
regkey_r: WpadDecisionReason
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionReason
success 0 0
1619796117.223751
RegSetValueExA
key_handle: 0x00000384
value: €žG‡â=×
regkey_r: WpadDecisionTime
reg_type: 3 (REG_BINARY)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionTime
success 0 0
1619796117.223751
RegSetValueExA
key_handle: 0x00000384
value: 0
regkey_r: WpadDecision
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecision
success 0 0
1619796117.223751
RegSetValueExW
key_handle: 0x00000384
value: 网络 2
regkey_r: WpadNetworkName
reg_type: 1 (REG_SZ)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadNetworkName
success 0 0
1619796117.223751
RegSetValueExA
key_handle: 0x00000568
value: 1
regkey_r: WpadDecisionReason
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionReason
success 0 0
1619796117.223751
RegSetValueExA
key_handle: 0x00000568
value: €žG‡â=×
regkey_r: WpadDecisionTime
reg_type: 3 (REG_BINARY)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionTime
success 0 0
1619796117.239751
RegSetValueExA
key_handle: 0x00000568
value: 0
regkey_r: WpadDecision
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecision
success 0 0
Network activity contains more than one unique useragent (2 个事件)
process 966a8f15ab171f866e5fbf1c3d2dd861.exe useragent
process 966a8f15ab171f866e5fbf1c3d2dd861.exe useragent Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Generates some ICMP traffic
Connects to an IP address that is no longer responding to requests (legitimate services will remain up-and-running usually) (1 个事件)
dead_host 47.98.239.235:888
File has been identified by 44 AntiVirus engines on VirusTotal as malicious (44 个事件)
Elastic malicious (high confidence)
MicroWorld-eScan Gen:Variant.Adware.Softcnapp.36
CAT-QuickHeal Trojan.Mauvaise.SL1
McAfee GenericRXGV-MF!966A8F15AB17
Cylance Unsafe
Zillya Trojan.Generic.Win32.956459
K7AntiVirus Adware ( 004d97001 )
Alibaba Trojan:Win32/APosT.0447aaeb
K7GW Adware ( 004d97001 )
Arcabit Trojan.Adware.Softcnapp.36
Invincea Softcnapp (PUA)
Symantec ML.Attribute.HighConfidence
APEX Malicious
Kaspersky Trojan.Win32.APosT.fkv
BitDefender Gen:Variant.Adware.Softcnapp.36
Paloalto generic.ml
Ad-Aware Gen:Variant.Adware.Softcnapp.36
Emsisoft Gen:Variant.Adware.Softcnapp.36 (B)
Comodo Malware@#i64qry4zq6x0
DrWeb Adware.Softcnapp.102
VIPRE Trojan.Win32.Generic!BT
TrendMicro TROJ_GEN.R007C0OI420
McAfee-GW-Edition GenericRXGV-MF!966A8F15AB17
FireEye Generic.mg.966a8f15ab171f86
Sophos Softcnapp (PUA)
SentinelOne DFI - Suspicious PE
Jiangmin Adware.Agent.aifu
Antiy-AVL Trojan/Win32.APosT
Microsoft PUA:Win32/KuaiZip
ZoneAlarm Trojan.Win32.APosT.fkv
GData Gen:Variant.Adware.Softcnapp.36
Cynet Malicious (score: 100)
AhnLab-V3 PUP/Win32.Bundler.R259795
VBA32 BScope.Adware.Puwaders
ALYac Gen:Variant.Adware.Softcnapp.36
Malwarebytes PUP.Optional.Softcnapp
ESET-NOD32 a variant of Win32/Softcnapp.BC potentially unwanted
TrendMicro-HouseCall TROJ_GEN.R007C0OI420
Rising Adware.Downloader!1.BBEC (CLASSIC)
Ikarus PUA.Softcnapp
Fortinet Riskware/Softcnapp
MaxSecure Trojan.Malware.7164915.susgen
AVG FileRepMalware [PUP]
Panda Trj/Genetic.gen
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

2019-03-15 10:34:03

Imports

Library KERNEL32.dll:
0x4fb124 GetDriveTypeW
0x4fb12c PeekNamedPipe
0x4fb130 ExitThread
0x4fb138 GetSystemDirectoryA
0x4fb144 SleepEx
0x4fb148 GetSystemInfo
0x4fb150 FormatMessageW
0x4fb154 GetFullPathNameW
0x4fb160 GetDiskFreeSpaceExW
0x4fb164 MultiByteToWideChar
0x4fb168 FindResourceW
0x4fb16c LoadLibraryExW
0x4fb170 SizeofResource
0x4fb174 LoadResource
0x4fb178 GetLastError
0x4fb17c RaiseException
0x4fb180 DecodePointer
0x4fb184 DeleteFileW
0x4fb188 CreateFileW
0x4fb18c ResetEvent
0x4fb19c GetCurrentProcess
0x4fb1a0 TerminateProcess
0x4fb1a8 IsDebuggerPresent
0x4fb1ac GetStartupInfoW
0x4fb1b0 GetCurrentProcessId
0x4fb1b4 GetCurrentThreadId
0x4fb1bc InitializeSListHead
0x4fb1c0 OutputDebugStringW
0x4fb1c4 VirtualProtect
0x4fb1cc SetLastError
0x4fb1d0 LoadLibraryA
0x4fb1d4 VirtualQuery
0x4fb1d8 GetACP
0x4fb1dc VerSetConditionMask
0x4fb1e4 VerifyVersionInfoW
0x4fb1e8 FreeResource
0x4fb1ec LockResource
0x4fb1f0 MulDiv
0x4fb1f4 OpenProcess
0x4fb1f8 GlobalAlloc
0x4fb1fc GlobalLock
0x4fb200 GlobalUnlock
0x4fb204 ReadFile
0x4fb208 GetFileType
0x4fb20c SetFilePointer
0x4fb210 SetFileTime
0x4fb214 DuplicateHandle
0x4fb220 CreateDirectoryW
0x4fb224 GetLocalTime
0x4fb228 GetTempPathW
0x4fb22c GetLongPathNameW
0x4fb230 GetFileAttributesW
0x4fb234 GetTempFileNameW
0x4fb238 CopyFileW
0x4fb23c CreateProcessW
0x4fb244 Process32FirstW
0x4fb248 Process32NextW
0x4fb24c HeapAlloc
0x4fb250 HeapReAlloc
0x4fb254 HeapFree
0x4fb258 HeapSize
0x4fb25c GetProcessHeap
0x4fb260 MoveFileExW
0x4fb264 GetSystemDirectoryW
0x4fb26c FindFirstFileW
0x4fb270 VirtualAlloc
0x4fb274 VirtualFree
0x4fb278 GetNativeSystemInfo
0x4fb27c IsBadReadPtr
0x4fb280 FindClose
0x4fb284 FindNextFileW
0x4fb288 GetVersion
0x4fb28c VirtualAllocEx
0x4fb290 VirtualFreeEx
0x4fb294 ReadProcessMemory
0x4fb298 WriteProcessMemory
0x4fb29c lstrcpynW
0x4fb2a0 ReleaseMutex
0x4fb2a4 CreateMutexW
0x4fb2ac DeviceIoControl
0x4fb2b0 OutputDebugStringA
0x4fb2b4 SetPriorityClass
0x4fb2bc QueryDosDeviceW
0x4fb2c0 EncodePointer
0x4fb2c4 RtlUnwind
0x4fb2c8 TlsAlloc
0x4fb2cc TlsGetValue
0x4fb2d0 TlsSetValue
0x4fb2d4 TlsFree
0x4fb2d8 GetModuleHandleExW
0x4fb2dc GetStdHandle
0x4fb2e0 GetStringTypeW
0x4fb2e4 CompareStringW
0x4fb2e8 LCMapStringW
0x4fb2ec GetLocaleInfoW
0x4fb2f0 IsValidLocale
0x4fb2f4 GetUserDefaultLCID
0x4fb2f8 EnumSystemLocalesW
0x4fb2fc GetConsoleMode
0x4fb300 ReadConsoleW
0x4fb304 SetFilePointerEx
0x4fb308 GetConsoleCP
0x4fb30c FindFirstFileExW
0x4fb310 IsValidCodePage
0x4fb314 GetOEMCP
0x4fb318 GetCPInfo
0x4fb328 SetStdHandle
0x4fb32c FlushFileBuffers
0x4fb334 WriteConsoleW
0x4fb338 SetEndOfFile
0x4fb33c WriteFile
0x4fb340 GetFileSize
0x4fb348 GetCommandLineW
0x4fb34c GetCommandLineA
0x4fb350 GetModuleHandleW
0x4fb354 GetModuleHandleA
0x4fb358 GetModuleFileNameA
0x4fb35c lstrcpyW
0x4fb360 lstrcpyA
0x4fb364 lstrcmpiW
0x4fb368 lstrcmpiA
0x4fb36c ExitProcess
0x4fb370 GetTickCount
0x4fb37c WideCharToMultiByte
0x4fb380 GetVersionExW
0x4fb384 AreFileApisANSI
0x4fb388 CreateEventW
0x4fb38c Sleep
0x4fb390 WaitForSingleObject
0x4fb394 SetEvent
0x4fb3a8 GetExitCodeThread
0x4fb3ac TerminateThread
0x4fb3b0 CreateThread
0x4fb3bc GetModuleFileNameW
0x4fb3c0 LoadLibraryW
0x4fb3c4 lstrlenW
0x4fb3c8 CloseHandle
0x4fb3cc GetProcAddress
0x4fb3d0 GlobalFree
0x4fb3d4 FreeLibrary
Library USER32.dll:
0x4fb43c CloseClipboard
0x4fb440 SetClipboardData
0x4fb444 EmptyClipboard
0x4fb448 CreateCaret
0x4fb44c HideCaret
0x4fb450 ShowCaret
0x4fb454 SetCaretPos
0x4fb458 GetCaretPos
0x4fb45c ClientToScreen
0x4fb460 GetSysColor
0x4fb464 SetWindowTextW
0x4fb468 GetWindowTextW
0x4fb474 InvalidateRgn
0x4fb478 FindWindowW
0x4fb480 EnumDisplayMonitors
0x4fb484 FindWindowExW
0x4fb488 GetShellWindow
0x4fb490 IsWindowVisible
0x4fb494 GetClassInfoExW
0x4fb498 RegisterClassExW
0x4fb49c CallWindowProcW
0x4fb4a0 DefWindowProcW
0x4fb4a4 PeekMessageW
0x4fb4a8 wsprintfW
0x4fb4ac GetWindow
0x4fb4b0 GetParent
0x4fb4b4 PtInRect
0x4fb4b8 IsRectEmpty
0x4fb4bc MapWindowPoints
0x4fb4c0 ScreenToClient
0x4fb4c4 CharPrevW
0x4fb4c8 GetClientRect
0x4fb4cc GetUpdateRect
0x4fb4d0 EndPaint
0x4fb4d4 BeginPaint
0x4fb4d8 ReleaseDC
0x4fb4dc GetDC
0x4fb4e0 KillTimer
0x4fb4e4 ReleaseCapture
0x4fb4e8 OpenClipboard
0x4fb4ec GetKeyState
0x4fb4f0 GetFocus
0x4fb4f4 SetFocus
0x4fb4f8 IsZoomed
0x4fb4fc UpdateLayeredWindow
0x4fb500 DestroyWindow
0x4fb504 IsWindow
0x4fb508 CreateWindowExW
0x4fb50c SendMessageW
0x4fb510 DispatchMessageW
0x4fb514 TranslateMessage
0x4fb518 GetMessageW
0x4fb51c LoadCursorW
0x4fb520 OffsetRect
0x4fb524 UnionRect
0x4fb528 InflateRect
0x4fb52c SetCursor
0x4fb530 GetDesktopWindow
0x4fb534 SetRect
0x4fb538 GetWindowRgn
0x4fb53c IntersectRect
0x4fb540 MessageBoxW
0x4fb544 PostMessageW
0x4fb548 PostQuitMessage
0x4fb54c ShowWindow
0x4fb550 SetWindowPos
0x4fb554 SetTimer
0x4fb558 SetWindowRgn
0x4fb55c IsIconic
0x4fb560 GetMonitorInfoW
0x4fb564 MonitorFromWindow
0x4fb568 LoadImageW
0x4fb56c GetPropW
0x4fb570 InvalidateRect
0x4fb574 GetWindowLongW
0x4fb578 SetWindowLongW
0x4fb57c MoveWindow
0x4fb580 GetWindowRect
0x4fb584 LoadStringW
0x4fb588 SetPropW
0x4fb58c CharNextW
0x4fb590 SetForegroundWindow
0x4fb594 GetSystemMetrics
0x4fb598 EnableWindow
0x4fb5a0 FillRect
0x4fb5a4 SetCapture
0x4fb5a8 DrawTextW
0x4fb5ac GetCursorPos
0x4fb5b0 RegisterClassW
0x4fb5b4 BringWindowToTop
Library ADVAPI32.dll:
0x4fb000 RevertToSelf
0x4fb004 RegCloseKey
0x4fb008 RegCreateKeyExW
0x4fb00c RegOpenKeyExW
0x4fb010 RegQueryValueExW
0x4fb014 RegSetValueExW
0x4fb018 RegDeleteKeyW
0x4fb01c RegDeleteValueW
0x4fb020 RegEnumKeyExW
0x4fb024 RegQueryInfoKeyW
0x4fb028 RegEnumValueA
0x4fb02c RegOpenKeyW
0x4fb030 RegEnumKeyW
0x4fb034 DuplicateTokenEx
0x4fb03c LookupAccountSidW
0x4fb048 SetTokenInformation
0x4fb04c GetTokenInformation
0x4fb050 OpenProcessToken
Library SHELL32.dll:
0x4fb400
0x4fb404 SHGetDesktopFolder
0x4fb408 SHBindToParent
0x4fb410 SHGetFileInfoW
0x4fb414 SHGetFolderPathW
0x4fb41c SHGetFolderLocation
0x4fb420 ShellExecuteW
Library ole32.dll:
0x4fb774 CoInitialize
0x4fb778 CoCreateInstance
0x4fb77c OleLockRunning
0x4fb780 CLSIDFromProgID
0x4fb784 CLSIDFromString
0x4fb78c RevokeDragDrop
0x4fb790 RegisterDragDrop
0x4fb794 CoUninitialize
0x4fb798 CoTaskMemAlloc
0x4fb79c CoTaskMemRealloc
0x4fb7a0 CoTaskMemFree
Library OLEAUT32.dll:
0x4fb3dc VariantClear
0x4fb3e0 SysFreeString
0x4fb3e4 SysAllocString
0x4fb3e8 VarUI4FromStr
0x4fb3ec VariantInit
Library SHLWAPI.dll:
0x4fb428
0x4fb42c PathAppendW
0x4fb430 PathFileExistsW
0x4fb434 StrRetToBufW
Library COMCTL32.dll:
0x4fb05c
0x4fb060 _TrackMouseEvent
Library GDI32.dll:
0x4fb068 GetClipBox
0x4fb070 LineTo
0x4fb074 SelectClipRgn
0x4fb078 ExtSelectClipRgn
0x4fb07c SetBkColor
0x4fb080 GetCharABCWidthsW
0x4fb084 CreatePenIndirect
0x4fb088 SetStretchBltMode
0x4fb08c SetTextColor
0x4fb090 GetObjectA
0x4fb094 MoveToEx
0x4fb098 TextOutW
0x4fb0a0 CreateSolidBrush
0x4fb0a4 SetBkMode
0x4fb0ac CombineRgn
0x4fb0b0 PtInRegion
0x4fb0b4 CreateRectRgn
0x4fb0b8 GetDeviceCaps
0x4fb0bc GetDIBits
0x4fb0c0 CreateDCW
0x4fb0c4 CreateRoundRectRgn
0x4fb0c8 SetWindowOrgEx
0x4fb0cc GetObjectW
0x4fb0d0 CreateDIBSection
0x4fb0d4 GetTextMetricsW
0x4fb0d8 SelectObject
0x4fb0dc SaveDC
0x4fb0e0 RestoreDC
0x4fb0e4 Rectangle
0x4fb0e8 GetStockObject
0x4fb0ec DeleteObject
0x4fb0f0 DeleteDC
0x4fb0f4 CreatePen
0x4fb0f8 CreateFontIndirectW
0x4fb0fc CreateCompatibleDC
0x4fb100 StretchBlt
0x4fb104 BitBlt
Library gdiplus.dll:
0x4fb674 GdipAlloc
0x4fb678 GdipFree
0x4fb67c GdipAddPathArcI
0x4fb680 GdipDeletePath
0x4fb684 GdipCreatePath
0x4fb688 GdipDrawImageRectI
0x4fb68c GdipDrawArcI
0x4fb690 GdipGetPropertyItem
0x4fb69c GdipCreateFromHDC
0x4fb6a4 GdipBitmapLockBits
0x4fb6ac GdipCloneBrush
0x4fb6c8 GdiplusShutdown
0x4fb6cc GdiplusStartup
0x4fb6e0 GdipCloneImage
0x4fb6ec GdipDisposeImage
0x4fb6f8 GdipMeasureString
0x4fb6fc GdipDrawString
0x4fb700 GdipDeleteFont
0x4fb704 GdipCreateFont
0x4fb720 GdipFillRectangleI
0x4fb724 GdipDrawPath
0x4fb728 GdipDrawRectangleI
0x4fb748 GdipGetImageHeight
0x4fb74c GdipGetImageWidth
0x4fb754 GdipSetPenMode
0x4fb758 GdipDeletePen
0x4fb75c GdipCreatePen1
0x4fb760 GdipCreateSolidFill
0x4fb764 GdipDeleteBrush
0x4fb768 GdipDeleteGraphics
0x4fb76c GdipAddPathLineI
Library IMM32.dll:
0x4fb10c ImmGetContext
0x4fb114 ImmReleaseContext
Library USERENV.dll:
Library PSAPI.DLL:
0x4fb3f4 EnumProcesses
Library VERSION.dll:
0x4fb5cc VerQueryValueW
0x4fb5d0 GetFileVersionInfoW
Library WININET.dll:
0x4fb5d8 InternetOpenW
0x4fb5dc InternetSetOptionW
0x4fb5e0 InternetReadFile
0x4fb5e4 InternetOpenUrlW
0x4fb5e8 InternetCloseHandle
0x4fb5ec HttpQueryInfoW
Library urlmon.dll:
0x4fb7a8 URLDownloadToFileW
Library IPHLPAPI.DLL:
0x4fb11c GetAdaptersInfo
Library WS2_32.dll:
0x4fb5f4 ntohs
0x4fb5f8 htons
0x4fb5fc getsockopt
0x4fb600 getsockname
0x4fb604 getpeername
0x4fb608 connect
0x4fb60c bind
0x4fb610 setsockopt
0x4fb614 closesocket
0x4fb618 WSAGetLastError
0x4fb61c send
0x4fb620 recv
0x4fb624 WSACleanup
0x4fb628 WSAStartup
0x4fb62c WSASetLastError
0x4fb630 htonl
0x4fb634 inet_addr
0x4fb638 inet_ntoa
0x4fb63c gethostbyaddr
0x4fb640 gethostbyname
0x4fb644 getservbyport
0x4fb648 getservbyname
0x4fb64c select
0x4fb650 __WSAFDIsSet
0x4fb654 recvfrom
0x4fb658 sendto
0x4fb65c accept
0x4fb660 listen
0x4fb664 ioctlsocket
0x4fb668 socket
0x4fb66c gethostname

Hosts

No hosts contacted.

TCP

Source Source Port Destination Destination Port
192.168.56.101 49187 120.39.212.79 www.9973.com 443
192.168.56.101 49176 120.39.212.97 api.ip138.com 80
192.168.56.101 49189 121.40.152.197 xzqtj.xiald.com 80
192.168.56.101 49183 121.42.224.176 down.xiald.com 80
192.168.56.101 49188 93.184.220.29 ocsp.digicert.com 80

UDP

Source Source Port Destination Destination Port
192.168.56.101 49713 114.114.114.114 53
192.168.56.101 50002 114.114.114.114 53
192.168.56.101 50568 114.114.114.114 53
192.168.56.101 53657 114.114.114.114 53
192.168.56.101 57756 114.114.114.114 53
192.168.56.101 60384 114.114.114.114 53
192.168.56.101 61680 114.114.114.114 53
192.168.56.101 62912 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 49235 224.0.0.252 5355
192.168.56.101 50534 224.0.0.252 5355
192.168.56.101 51808 224.0.0.252 5355
192.168.56.101 51963 224.0.0.252 5355
192.168.56.101 53210 224.0.0.252 5355
192.168.56.101 54178 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 57874 224.0.0.252 5355
192.168.56.101 58070 224.0.0.252 5355
192.168.56.101 60088 224.0.0.252 5355

HTTP & HTTPS Requests

URI Data
http://xzqtj.xiald.com/x.txt?value=NDYyNDk4NDhiODZjNzYxNjUxZjhkNmY1Mjc2YTc2ZjUJSGlnaEJpbmQJMS4zLjEuNAkJV2luZG93czcJMAkwCQkJMQlvcGVuCQ%3D%3D 
GET /x.txt?value=NDYyNDk4NDhiODZjNzYxNjUxZjhkNmY1Mjc2YTc2ZjUJSGlnaEJpbmQJMS4zLjEuNAkJV2luZG93czcJMAkwCQkJMQlvcGVuCQ%3D%3D HTTP/1.1
Host: xzqtj.xiald.com
Accept: */*
http://api.ip138.com/query/ 
GET /query/ HTTP/1.1
Host: api.ip138.com
Accept: */*
token:cb961b5989a0b2e508fe10b104ca5277
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ5rEWLwbJFq%2FmAU80sm7E%3D 
GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ5rEWLwbJFq%2FmAU80sm7E%3D HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.digicert.com
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSXi0cW5bD2WLrmnasWibg2OuPDpgQUVXRPsnJP9WC6UNHX5lFcmgGHGtcCEAlEyN4FzuqcMexN5hzatx0%3D 
GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBSXi0cW5bD2WLrmnasWibg2OuPDpgQUVXRPsnJP9WC6UNHX5lFcmgGHGtcCEAlEyN4FzuqcMexN5hzatx0%3D HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.digicert.com
http://down.xiald.com/apix.php?id=&qid=&title=NULL 
GET /apix.php?id=&qid=&title=NULL HTTP/1.1
Host: down.xiald.com
Accept: */*

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.