SmartHawk

6.0

高危

53 个模型检测该样本为恶意！

重新分析

下载样本

6afac1117b8398317f5eb5f8c66ce52c0fcf2e438a0d40743a584eedd17ac260

97daa53cc8913cb00f49b1a45fb8bc2e.exe

分析耗时

94s

最近分析

文件大小

1.6MB

静态报毒动态报毒 100% AGEN AI SCORE=83 BSCOPE CLOUD CONFIDENCE DMOCV@0 DOWNLOADER34 DPIE EPHO FAREIT FXLV GDSDA GENCIRC GENKRYPTIK HIGH CONFIDENCE HPGMBD KRYPTIK R002C0PGU20 R347077 SCORE SUSPICIOUS PE TIGGRE UMAL UNSAFE WACATAC ZUSY ZZMU 更多

未检测暂无鹰眼引擎检测结果

查杀引擎	查杀结果	查杀时间	查杀版本
McAfee	Fareit-FVP!97DAA53CC891	20200813	6.0.6.653
Baidu		20190318	1.0.0.2
Avast	Win32:Malware-gen	20200813	18.4.3895.0
Alibaba	Trojan:Win32/GenKryptik.540a7ee7	20190527	0.3.0.5
Tencent	Malware.Win32.Gencirc.11ab59b2	20200813	1.0.0.1
Kingsoft		20200813	2013.8.14.323
CrowdStrike	win/malicious_confidence_90% (W)	20190702	1.0

This executable is signed

The executable contains unknown PE section names indicative of a packer (could be a false positive) (1 个事件)

section

.itext

The executable uses a known packer (1 个事件)

packer

BobSoft Mini Delphi -> BoB / BobSoft

Allocates read-write-execute memory (usually to unpack itself) (1 个事件)

Time & API	Arguments	Status	Return	Repeated
1619804021.038 NtAllocateVirtualMemory	process_identifier: 648 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 4096 (MEM_COMMIT) base_address: 0x005a0000	success	0	0

Checks adapter addresses which can be used to detect virtual network interfaces (1 个事件)

Time & API	Arguments	Status	Return	Repeated
1619804062.366 GetAdaptersAddresses	flags: 0 family: 0	failed	111	0

Communicates with host for which no DNS query was performed (1 个事件)

host

172.217.24.14

Disables proxy possibly for traffic interception (1 个事件)

Time & API	Arguments	Status	Return	Repeated
1619804061.804 RegSetValueExA	key_handle: 0x000002cc value: 0 regkey_r: ProxyEnable reg_type: 4 (REG_DWORD) regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyEnable	success	0	0

Sets or modifies WPAD proxy autoconfiguration file for traffic interception (8 个事件)

Time & API	Arguments	Status
1619804064.96 RegSetValueExA	key_handle: 0x000003d0 value: 1 regkey_r: WpadDecisionReason reg_type: 4 (REG_DWORD) regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionReason	success
1619804064.96 RegSetValueExA	key_handle: 0x000003d0 value: ðÂÐ®Þ=× regkey_r: WpadDecisionTime reg_type: 3 (REG_BINARY) regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionTime	success
1619804064.96 RegSetValueExA	key_handle: 0x000003d0 value: 3 regkey_r: WpadDecision reg_type: 4 (REG_DWORD) regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecision	success
1619804064.96 RegSetValueExW	key_handle: 0x000003d0 value: 网络 2 regkey_r: WpadNetworkName reg_type: 1 (REG_SZ) regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadNetworkName	success
1619804064.96 RegSetValueExA	key_handle: 0x000003ec value: 1 regkey_r: WpadDecisionReason reg_type: 4 (REG_DWORD) regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionReason	success
1619804064.96 RegSetValueExA	key_handle: 0x000003ec value: ðÂÐ®Þ=× regkey_r: WpadDecisionTime reg_type: 3 (REG_BINARY) regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionTime	success
1619804064.96 RegSetValueExA	key_handle: 0x000003ec value: 3 regkey_r: WpadDecision reg_type: 4 (REG_DWORD) regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecision	success
1619804064.976 RegSetValueExW	key_handle: 0x000003cc value: {40112ABE-63B3-43C3-BE93-1440EE3AF106} regkey_r: WpadLastNetwork reg_type: 1 (REG_SZ) regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\WpadLastNetwork	success

Network activity contains more than one unique useragent (2 个事件)

process	97daa53cc8913cb00f49b1a45fb8bc2e.exe				useragent	Internal
process	97daa53cc8913cb00f49b1a45fb8bc2e.exe				useragent	m

Connects to an IP address that is no longer responding to requests (legitimate services will remain up-and-running usually) (1 个事件)

dead_host

31.13.67.19:443

File has been identified by 53 AntiVirus engines on VirusTotal as malicious (50 out of 53 个事件)

Elastic	malicious (high confidence)
MicroWorld-eScan	Gen:Variant.Zusy.310236
FireEye	Generic.mg.97daa53cc8913cb0
CAT-QuickHeal	Trojan.Wacatac
Qihoo-360	Generic/Trojan.072
McAfee	Fareit-FVP!97DAA53CC891
Cylance	Unsafe
VIPRE	Trojan.Win32.Generic!BT
AegisLab	Trojan.Win32.Agent.a!c
K7AntiVirus	Trojan ( 0056ba211 )
BitDefender	Gen:Variant.Zusy.310236
K7GW	Trojan ( 0056ba211 )
Cybereason	malicious.cc8913
F-Prot	W32/Kryptik.AVK
Symantec	Trojan.Gen.MBT
APEX	Malicious
Avast	Win32:Malware-gen
Kaspersky	HEUR:Trojan-Downloader.Win32.Agent.gen
Alibaba	Trojan:Win32/GenKryptik.540a7ee7
NANO-Antivirus	Trojan.Win32.GenKryptik.hpgmbd
Tencent	Malware.Win32.Gencirc.11ab59b2
Ad-Aware	Gen:Variant.Zusy.310236
Comodo	TrojWare.Win32.UMal.dmocv@0
F-Secure	Heuristic.HEUR/AGEN.1104233
DrWeb	Trojan.DownLoader34.11621
Zillya	Downloader.Agent.Win32.413450
TrendMicro	TROJ_GEN.R002C0PGU20
Sophos	Mal/Generic-S
Ikarus	Trojan.Inject
Cyren	W32/Trojan.ZZMU-7518
Jiangmin	TrojanDownloader.Agent.fxlv
Avira	HEUR/AGEN.1104233
MAX	malware (ai score=83)
Antiy-AVL	Trojan[Downloader]/Win32.Agent
Microsoft	Trojan:Win32/Tiggre!rfn
Arcabit	Trojan.Zusy.D4BBDC
ZoneAlarm	HEUR:Trojan-Downloader.Win32.Agent.gen
GData	Gen:Variant.Zusy.310236
Cynet	Malicious (score: 100)
AhnLab-V3	Malware/Win32.RL_Generic.R347077
BitDefenderTheta	AI:Packer.966C3FBA21
ALYac	Gen:Variant.Zusy.310236
VBA32	BScope.Trojan.Wacatac
Malwarebytes	Trojan.MalPack.SMY.Generic
Panda	Trj/GdSda.A
ESET-NOD32	a variant of Win32/GenKryptik.EPHO
TrendMicro-HouseCall	TROJ_GEN.R002C0PGU20
Rising	Trojan.Kryptik!1.C9BE (CLOUD)
SentinelOne	DFI - Suspicious PE
eGambit	Unsafe.AI_Score_100%

暂无二进制图像该样本未生成二进制可视化图像

暂无运行截图该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手，可以帮您分析和解读恶意软件报告。请随时向我提问！

🔍 主要威胁分析

⚡ 行为特征

🛡️ 防护建议

🔧 技术手段

🎯 检测方法

🤖

Static Analysis
Strings

PE Compile Time

1992-06-20 06:22:17

Imports

Library oleaut32.dll:

• 0x48c708 SysFreeString

• 0x48c70c SysReAllocStringLen

• 0x48c710 SysAllocStringLen

Library advapi32.dll:

• 0x48c718 RegQueryValueExA

• 0x48c71c RegOpenKeyExA

• 0x48c720 RegCloseKey

Library user32.dll:

• 0x48c728 GetKeyboardType

• 0x48c72c DestroyWindow

• 0x48c730 LoadStringA

• 0x48c734 MessageBoxA

• 0x48c738 CharNextA

Library kernel32.dll:

• 0x48c740 GetACP

• 0x48c744 Sleep

• 0x48c748 VirtualFree

• 0x48c74c VirtualAlloc

• 0x48c750 GetTickCount

• 0x48c754 QueryPerformanceCounter

• 0x48c758 GetCurrentThreadId

• 0x48c75c InterlockedDecrement

• 0x48c760 InterlockedIncrement

• 0x48c764 VirtualQuery

• 0x48c768 WideCharToMultiByte

• 0x48c76c MultiByteToWideChar

• 0x48c770 lstrlenA

• 0x48c774 lstrcpynA

• 0x48c778 LoadLibraryExA

• 0x48c77c GetThreadLocale

• 0x48c780 GetStartupInfoA

• 0x48c784 GetProcAddress

• 0x48c788 GetModuleHandleA

• 0x48c78c GetModuleFileNameA

• 0x48c790 GetLocaleInfoA

• 0x48c794 GetCommandLineA

• 0x48c798 FreeLibrary

• 0x48c79c FindFirstFileA

• 0x48c7a0 FindClose

• 0x48c7a4 ExitProcess

• 0x48c7a8 CompareStringA

• 0x48c7ac WriteFile

• 0x48c7b0 UnhandledExceptionFilter

• 0x48c7b4 RtlUnwind

• 0x48c7b8 RaiseException

• 0x48c7bc GetStdHandle

Library kernel32.dll:

• 0x48c7c4 TlsSetValue

• 0x48c7c8 TlsGetValue

• 0x48c7cc LocalAlloc

• 0x48c7d0 GetModuleHandleA

Library user32.dll:

• 0x48c7d8 CreateWindowExA

• 0x48c7dc WindowFromPoint

• 0x48c7e0 WaitMessage

• 0x48c7e4 UpdateWindow

• 0x48c7e8 UnregisterClassA

• 0x48c7ec UnhookWindowsHookEx

• 0x48c7f0 TranslateMessage

• 0x48c7f4 TranslateMDISysAccel

• 0x48c7f8 TrackPopupMenu

• 0x48c7fc SystemParametersInfoA

• 0x48c800 ShowWindow

• 0x48c804 ShowScrollBar

• 0x48c808 ShowOwnedPopups

• 0x48c80c SetWindowsHookExA

• 0x48c810 SetWindowTextA

• 0x48c814 SetWindowPos

• 0x48c818 SetWindowPlacement

• 0x48c81c SetWindowLongW

• 0x48c820 SetWindowLongA

• 0x48c824 SetTimer

• 0x48c828 SetScrollRange

• 0x48c82c SetScrollPos

• 0x48c830 SetScrollInfo

• 0x48c834 SetRect

• 0x48c838 SetPropA

• 0x48c83c SetParent

• 0x48c840 SetMenuItemInfoA

• 0x48c844 SetMenu

• 0x48c848 SetForegroundWindow

• 0x48c84c SetFocus

• 0x48c850 SetCursor

• 0x48c854 SetClassLongA

• 0x48c858 SetCapture

• 0x48c85c SetActiveWindow

• 0x48c860 SendMessageW

• 0x48c864 SendMessageA

• 0x48c868 ScrollWindow

• 0x48c86c ScreenToClient

• 0x48c870 RemovePropA

• 0x48c874 RemoveMenu

• 0x48c878 ReleaseDC

• 0x48c87c ReleaseCapture

• 0x48c880 RegisterWindowMessageA

• 0x48c884 RegisterClipboardFormatA

• 0x48c888 RegisterClassA

• 0x48c88c RedrawWindow

• 0x48c890 PtInRect

• 0x48c894 PostQuitMessage

• 0x48c898 PostMessageA

• 0x48c89c PeekMessageW

• 0x48c8a0 PeekMessageA

• 0x48c8a4 OffsetRect

• 0x48c8a8 OemToCharA

• 0x48c8ac MsgWaitForMultipleObjects

• 0x48c8b0 MessageBoxA

• 0x48c8b4 MapWindowPoints

• 0x48c8b8 MapVirtualKeyA

• 0x48c8bc LoadStringA

• 0x48c8c0 LoadKeyboardLayoutA

• 0x48c8c4 LoadIconA

• 0x48c8c8 LoadCursorA

• 0x48c8cc LoadBitmapA

• 0x48c8d0 KillTimer

• 0x48c8d4 IsZoomed

• 0x48c8d8 IsWindowVisible

• 0x48c8dc IsWindowUnicode

• 0x48c8e0 IsWindowEnabled

• 0x48c8e4 IsWindow

• 0x48c8e8 IsRectEmpty

• 0x48c8ec IsIconic

• 0x48c8f0 IsDialogMessageW

• 0x48c8f4 IsDialogMessageA

• 0x48c8f8 IsChild

• 0x48c8fc InvalidateRect

• 0x48c900 IntersectRect

• 0x48c904 InsertMenuItemA

• 0x48c908 InsertMenuA

• 0x48c90c InflateRect

• 0x48c910 GetWindowThreadProcessId

• 0x48c914 GetWindowTextA

• 0x48c918 GetWindowRect

• 0x48c91c GetWindowPlacement

• 0x48c920 GetWindowLongW

• 0x48c924 GetWindowLongA

• 0x48c928 GetWindowDC

• 0x48c92c GetTopWindow

• 0x48c930 GetSystemMetrics

• 0x48c934 GetSystemMenu

• 0x48c938 GetSysColorBrush

• 0x48c93c GetSysColor

• 0x48c940 GetSubMenu

• 0x48c944 GetScrollRange

• 0x48c948 GetScrollPos

• 0x48c94c GetScrollInfo

• 0x48c950 GetPropA

• 0x48c954 GetParent

• 0x48c958 GetWindow

• 0x48c95c GetMessagePos

• 0x48c960 GetMenuStringA

• 0x48c964 GetMenuState

• 0x48c968 GetMenuItemInfoA

• 0x48c96c GetMenuItemID

• 0x48c970 GetMenuItemCount

• 0x48c974 GetMenu

• 0x48c978 GetLastActivePopup

• 0x48c97c GetKeyboardState

• 0x48c980 GetKeyboardLayoutNameA

• 0x48c984 GetKeyboardLayoutList

• 0x48c988 GetKeyboardLayout

• 0x48c98c GetKeyState

• 0x48c990 GetKeyNameTextA

• 0x48c994 GetIconInfo

• 0x48c998 GetForegroundWindow

• 0x48c99c GetFocus

• 0x48c9a0 GetDesktopWindow

• 0x48c9a4 GetDCEx

• 0x48c9a8 GetDC

• 0x48c9ac GetCursorPos

• 0x48c9b0 GetCursor

• 0x48c9b4 GetClientRect

• 0x48c9b8 GetClassLongA

• 0x48c9bc GetClassInfoA

• 0x48c9c0 GetCapture

• 0x48c9c4 GetActiveWindow

• 0x48c9c8 FrameRect

• 0x48c9cc FindWindowA

• 0x48c9d0 FillRect

• 0x48c9d4 EqualRect

• 0x48c9d8 EnumWindows

• 0x48c9dc EnumThreadWindows

• 0x48c9e0 EnumChildWindows

• 0x48c9e4 EndPaint

• 0x48c9e8 EnableWindow

• 0x48c9ec EnableScrollBar

• 0x48c9f0 EnableMenuItem

• 0x48c9f4 DrawTextA

• 0x48c9f8 DrawMenuBar

• 0x48c9fc DrawIconEx

• 0x48ca00 DrawIcon

• 0x48ca04 DrawFrameControl

• 0x48ca08 DrawFocusRect

• 0x48ca0c DrawEdge

• 0x48ca10 DispatchMessageW

• 0x48ca14 DispatchMessageA

• 0x48ca18 DestroyWindow

• 0x48ca1c DestroyMenu

• 0x48ca20 DestroyIcon

• 0x48ca24 DestroyCursor

• 0x48ca28 DeleteMenu

• 0x48ca2c DefWindowProcA

• 0x48ca30 DefMDIChildProcA

• 0x48ca34 DefFrameProcA

• 0x48ca38 CreatePopupMenu

• 0x48ca3c CreateMenu

• 0x48ca40 CreateIcon

• 0x48ca44 ClientToScreen

• 0x48ca48 CheckMenuItem

• 0x48ca4c CallWindowProcA

• 0x48ca50 CallNextHookEx

• 0x48ca54 BeginPaint

• 0x48ca58 CharNextA

• 0x48ca5c CharLowerA

• 0x48ca60 CharUpperBuffA

• 0x48ca64 CharToOemA

• 0x48ca68 AdjustWindowRectEx

• 0x48ca6c ActivateKeyboardLayout

Library gdi32.dll:

• 0x48ca74 UnrealizeObject

• 0x48ca78 StretchBlt

• 0x48ca7c SetWindowOrgEx

• 0x48ca80 SetViewportOrgEx

• 0x48ca84 SetTextColor

• 0x48ca88 SetStretchBltMode

• 0x48ca8c SetROP2

• 0x48ca90 SetPixel

• 0x48ca94 SetDIBColorTable

• 0x48ca98 SetBrushOrgEx

• 0x48ca9c SetBkMode

• 0x48caa0 SetBkColor

• 0x48caa4 SelectPalette

• 0x48caa8 SelectObject

• 0x48caac SaveDC

• 0x48cab0 RestoreDC

• 0x48cab4 RectVisible

• 0x48cab8 RealizePalette

• 0x48cabc Polyline

• 0x48cac0 PatBlt

• 0x48cac4 MoveToEx

• 0x48cac8 MaskBlt

• 0x48cacc LineTo

• 0x48cad0 IntersectClipRect

• 0x48cad4 GetWindowOrgEx

• 0x48cad8 GetTextMetricsA

• 0x48cadc GetTextExtentPoint32A

• 0x48cae0 GetSystemPaletteEntries

• 0x48cae4 GetStockObject

• 0x48cae8 GetRgnBox

• 0x48caec GetPixel

• 0x48caf0 GetPaletteEntries

• 0x48caf4 GetObjectA

• 0x48caf8 GetDeviceCaps

• 0x48cafc GetDIBits

• 0x48cb00 GetDIBColorTable

• 0x48cb04 GetDCOrgEx

• 0x48cb08 GetCurrentPositionEx

• 0x48cb0c GetClipBox

• 0x48cb10 GetBrushOrgEx

• 0x48cb14 GetBkColor

• 0x48cb18 GetBitmapBits

• 0x48cb1c ExcludeClipRect

• 0x48cb20 DeleteObject

• 0x48cb24 DeleteDC

• 0x48cb28 CreateSolidBrush

• 0x48cb2c CreatePenIndirect

• 0x48cb30 CreatePalette

• 0x48cb34 CreateHalftonePalette

• 0x48cb38 CreateFontIndirectA

• 0x48cb3c CreateDIBitmap

• 0x48cb40 CreateDIBSection

• 0x48cb44 CreateCompatibleDC

• 0x48cb48 CreateCompatibleBitmap

• 0x48cb4c CreateBrushIndirect

• 0x48cb50 CreateBitmap

• 0x48cb54 BitBlt

Library version.dll:

• 0x48cb5c VerQueryValueA

• 0x48cb60 GetFileVersionInfoSizeA

• 0x48cb64 GetFileVersionInfoA

Library kernel32.dll:

• 0x48cb6c lstrcpyA

• 0x48cb70 WriteFile

• 0x48cb74 WaitForSingleObject

• 0x48cb78 VirtualQuery

• 0x48cb7c VirtualProtect

• 0x48cb80 VirtualAlloc

• 0x48cb84 SizeofResource

• 0x48cb88 SetThreadLocale

• 0x48cb8c SetFilePointer

• 0x48cb90 SetEvent

• 0x48cb94 SetErrorMode

• 0x48cb98 SetEndOfFile

• 0x48cb9c ResetEvent

• 0x48cba0 ReadFile

• 0x48cba4 MulDiv

• 0x48cba8 LockResource

• 0x48cbac LoadResource

• 0x48cbb0 LoadLibraryA

• 0x48cbb4 LeaveCriticalSection

• 0x48cbb8 InitializeCriticalSection

• 0x48cbbc GlobalFindAtomA

• 0x48cbc0 GlobalDeleteAtom

• 0x48cbc4 GlobalAddAtomA

• 0x48cbc8 GetVersionExA

• 0x48cbcc GetVersion

• 0x48cbd0 GetTickCount

• 0x48cbd4 GetThreadLocale

• 0x48cbd8 GetStdHandle

• 0x48cbdc GetProcAddress

• 0x48cbe0 GetModuleHandleA

• 0x48cbe4 GetModuleFileNameA

• 0x48cbe8 GetLocaleInfoA

• 0x48cbec GetLocalTime

• 0x48cbf0 GetLastError

• 0x48cbf4 GetFullPathNameA

• 0x48cbf8 GetDiskFreeSpaceA

• 0x48cbfc GetDateFormatA

• 0x48cc00 GetCurrentThreadId

• 0x48cc04 GetCurrentProcessId

• 0x48cc08 GetCPInfo

• 0x48cc0c FreeResource

• 0x48cc10 InterlockedExchange

• 0x48cc14 FreeLibrary

• 0x48cc18 FormatMessageA

• 0x48cc1c FindResourceA

• 0x48cc20 EnumCalendarInfoA

• 0x48cc24 EnterCriticalSection

• 0x48cc28 DeleteCriticalSection

• 0x48cc2c CreateThread

• 0x48cc30 CreateFileA

• 0x48cc34 CreateEventA

• 0x48cc38 CompareStringA

• 0x48cc3c CloseHandle

Library advapi32.dll:

• 0x48cc44 RegQueryValueExA

• 0x48cc48 RegOpenKeyExA

• 0x48cc4c RegFlushKey

• 0x48cc50 RegCloseKey

Library kernel32.dll:

• 0x48cc58 Sleep

Library oleaut32.dll:

• 0x48cc60 SafeArrayPtrOfIndex

• 0x48cc64 SafeArrayGetUBound

• 0x48cc68 SafeArrayGetLBound

• 0x48cc6c SafeArrayCreate

• 0x48cc70 VariantChangeType

• 0x48cc74 VariantCopyInd

• 0x48cc78 VariantCopy

• 0x48cc7c VariantClear

• 0x48cc80 VariantInit

Library comctl32.dll:

• 0x48cc88 _TrackMouseEvent

• 0x48cc8c ImageList_SetIconSize

• 0x48cc90 ImageList_GetIconSize

• 0x48cc94 ImageList_Write

• 0x48cc98 ImageList_Read

• 0x48cc9c ImageList_DragShowNolock

• 0x48cca0 ImageList_DragMove

• 0x48cca4 ImageList_DragLeave

• 0x48cca8 ImageList_DragEnter

• 0x48ccac ImageList_EndDrag

• 0x48ccb0 ImageList_BeginDrag

• 0x48ccb4 ImageList_Remove

• 0x48ccb8 ImageList_DrawEx

• 0x48ccbc ImageList_Draw

• 0x48ccc0 ImageList_GetBkColor

• 0x48ccc4 ImageList_SetBkColor

• 0x48ccc8 ImageList_Add

• 0x48cccc ImageList_GetImageCount

• 0x48ccd0 ImageList_Destroy

• 0x48ccd4 ImageList_Create

Library url.dll:

• 0x48ccdc InetIsOffline

Hosts

No hosts contacted.

DNS

Name	Response	Post-Analysis Lookup
time.windows.com	A 20.189.79.72 CNAME time.microsoft.akadns.net
www.microsoft.com	CNAME www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net CNAME e13678.ca2.s.tl88.net CNAME www.microsoft.com-c-3.edgekey.net A 27.148.139.88	27.148.139.88
dns.msftncsi.com	A 131.107.255.255	131.107.255.255
dns.msftncsi.com	AAAA fd3e:4f5a:5b81::1	131.107.255.255
cdn.discordapp.com	A 31.13.67.19	31.13.67.19
teredo.ipv6.microsoft.com		127.0.0.1

TCP

No TCP connections recorded.

UDP

Source	Source Port	Destination	Destination Port
192.168.56.101	49713	114.114.114.114	53
192.168.56.101	51808	114.114.114.114	53
192.168.56.101	53237	114.114.114.114	53
192.168.56.101	55368	114.114.114.114	53
192.168.56.101	57756	114.114.114.114	53
192.168.56.101	57874	114.114.114.114	53
192.168.56.101	61680	114.114.114.114	53
192.168.56.101	137	192.168.56.255	137
192.168.56.101	138	192.168.56.255	138
192.168.56.101	123	20.189.79.72 time.windows.com	123
192.168.56.101	50002	224.0.0.252	5355
192.168.56.101	50568	224.0.0.252	5355
192.168.56.101	51378	224.0.0.252	5355
192.168.56.101	51963	224.0.0.252	5355
192.168.56.101	56804	224.0.0.252	5355
192.168.56.101	58367	224.0.0.252	5355
192.168.56.101	62191	224.0.0.252	5355
192.168.56.101	63429	224.0.0.252	5355
192.168.56.101	65004	224.0.0.252	5355
192.168.56.101	1900	239.255.255.250	1900

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.

Sorry! No dropped buffers.