SmartHawk

3.2

中危

1 个模型检测该样本为恶意！

重新分析

下载样本

1706897f2c3ca209d8342d5fba570f8a6570837c7f70c8b35fb33f871903168f

9a02131946cd8ddf08fa648a36786185.exe

分析耗时

82s

最近分析

文件大小

8.2MB

静态报毒动态报毒 SCORE

未检测暂无鹰眼引擎检测结果

查杀引擎	查杀时间	查杀版本
McAfee	20190503	6.0.6.653
Alibaba	20190426	0.4.0.6
Baidu	20190318	1.0.0.2
Avast	20190509	18.4.3895.0
Kingsoft	20190510	2013.8.14.323
Tencent	20190510	1.0.0.1
CrowdStrike	20190212	1.0

Tries to locate where the browsers are installed (1 个事件)

registry

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome

The file contains an unknown PE resource name possibly indicative of a packer (2 个事件)

resource name	GIF
resource name	PNG

One or more processes crashed (1 个事件)

Time & API	Arguments	Status	Return	Repeated
1619796748.536124 __exception__	stacktrace: LdrResSearchResource+0xb4d LdrResFindResourceDirectory-0x16c ntdll+0x3d8a9 @ 0x77d6d8a9 LdrResSearchResource+0xa10 LdrResFindResourceDirectory-0x2a9 ntdll+0x3d76c @ 0x77d6d76c LdrLoadDll+0x7b _strcmpi-0x304 ntdll+0x3c4b5 @ 0x77d6c4b5 New_ntdll_LdrLoadDll@16+0x7b New_ntdll_LdrUnloadDll@4-0xb7 @ 0x746cd4cf LoadLibraryExW+0x178 LoadLibraryExA-0x2a kernelbase+0x11d2a @ 0x778f1d2a LoadLibraryW+0x11 GetModuleFileNameW-0x14 kernel32+0x1493c @ 0x7635493c 9a02131946cd8ddf08fa648a36786185+0x17ddb @ 0x417ddb 9a02131946cd8ddf08fa648a36786185+0x1c3ab @ 0x41c3ab 9a02131946cd8ddf08fa648a36786185+0x204cb @ 0x4204cb 9a02131946cd8ddf08fa648a36786185+0x412c4 @ 0x4412c4 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5 registers.esp: 1634456 registers.edi: 1634668 registers.eax: 0 registers.ebp: 1634492 registers.edx: 32 registers.ebx: 1 registers.esi: 1634480 registers.ecx: 1634632 exception.instruction_r: 89 08 50 45 43 6f 6d 70 61 63 74 32 00 00 00 00 exception.instruction: mov dword ptr [eax], ecx exception.exception_code: 0xc0000005 exception.symbol: SuiteStartupInstall+0x13f32f issetup+0x1c5174 exception.address: 0x101c5174	success	0	0

Time & API

Arguments

Status

Return

Repeated

1619796748.536124
__exception__

stacktrace:

LdrResSearchResource+0xb4d LdrResFindResourceDirectory-0x16c ntdll+0x3d8a9 @ 0x77d6d8a9
LdrResSearchResource+0xa10 LdrResFindResourceDirectory-0x2a9 ntdll+0x3d76c @ 0x77d6d76c
LdrLoadDll+0x7b _strcmpi-0x304 ntdll+0x3c4b5 @ 0x77d6c4b5
New_ntdll_LdrLoadDll@16+0x7b New_ntdll_LdrUnloadDll@4-0xb7 @ 0x746cd4cf
LoadLibraryExW+0x178 LoadLibraryExA-0x2a kernelbase+0x11d2a @ 0x778f1d2a
LoadLibraryW+0x11 GetModuleFileNameW-0x14 kernel32+0x1493c @ 0x7635493c
9a02131946cd8ddf08fa648a36786185+0x17ddb @ 0x417ddb
9a02131946cd8ddf08fa648a36786185+0x1c3ab @ 0x41c3ab
9a02131946cd8ddf08fa648a36786185+0x204cb @ 0x4204cb
9a02131946cd8ddf08fa648a36786185+0x412c4 @ 0x4412c4
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1634456
registers.edi: 1634668
registers.eax: 0
registers.ebp: 1634492
registers.edx: 32
registers.ebx: 1
registers.esi: 1634480
registers.ecx: 1634632
exception.instruction_r: 89 08 50 45 43 6f 6d 70 61 63 74 32 00 00 00 00
exception.instruction: mov dword ptr [eax], ecx
exception.exception_code: 0xc0000005
exception.symbol: SuiteStartupInstall+0x13f32f issetup+0x1c5174
exception.address: 0x101c5174

success

Allocates read-write-execute memory (usually to unpack itself) (2 个事件)

Time & API	Arguments	Status	Return	Repeated
1619796748.536124 NtAllocateVirtualMemory	process_identifier: 2364 region_size: 8192 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 4096 (MEM_COMMIT) base_address: 0x00530000	success	0	0
1619796748.536124 NtAllocateVirtualMemory	process_identifier: 2364 region_size: 1286144 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 4096 (MEM_COMMIT) base_address: 0x023b0000	success	0	0

Creates executable files on the filesystem (2 个事件)

file	C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\{1E413878-DE08-4C3B-8458-5005ACD83480}\Disk1\ISSetup.dll
file	C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\{1E413878-DE08-4C3B-8458-5005ACD83480}\Disk1\setup.exe

Drops an executable to the user AppData folder (2 个事件)

file	C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\{1E413878-DE08-4C3B-8458-5005ACD83480}\Disk1\ISSetup.dll
file	C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\{1E413878-DE08-4C3B-8458-5005ACD83480}\Disk1\setup.exe

File has been identified by one AntiVirus engine on VirusTotal as malicious (1 个事件)

Trapmine

suspicious.low.ml.score

Queries for potentially installed applications (14 个事件)

Time & API	Arguments	Status	Return
1619796748.364124 RegOpenKeyExW	access: 0x00020019 base_handle: 0x80000002 key_handle: 0x00000148 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ options: 0	success	0
1619796748.379124 RegOpenKeyExW	access: 0x00020019 base_handle: 0x80000002 key_handle: 0x00000148 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AddressBook regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AddressBook options: 0	success	0
1619796748.379124 RegOpenKeyExW	access: 0x00020019 base_handle: 0x80000002 key_handle: 0x00000148 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Connection Manager regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Connection Manager options: 0	success	0
1619796748.379124 RegOpenKeyExW	access: 0x00020019 base_handle: 0x80000002 key_handle: 0x00000148 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DirectDrawEx regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DirectDrawEx options: 0	success	0
1619796748.379124 RegOpenKeyExW	access: 0x00020019 base_handle: 0x80000002 key_handle: 0x00000148 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Fontcore regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Fontcore options: 0	success	0
1619796748.379124 RegOpenKeyExW	access: 0x00020019 base_handle: 0x80000002 key_handle: 0x00000148 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome options: 0	success	0
1619796748.379124 RegOpenKeyExW	access: 0x00020019 base_handle: 0x80000002 key_handle: 0x00000148 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE40 regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE40 options: 0	success	0
1619796748.379124 RegOpenKeyExW	access: 0x00020019 base_handle: 0x80000002 key_handle: 0x00000148 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE4Data regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE4Data options: 0	success	0
1619796748.379124 RegOpenKeyExW	access: 0x00020019 base_handle: 0x80000002 key_handle: 0x00000148 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE5BAKEX regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE5BAKEX options: 0	success	0
1619796748.379124 RegOpenKeyExW	access: 0x00020019 base_handle: 0x80000002 key_handle: 0x00000148 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IEData regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IEData options: 0	success	0
1619796748.379124 RegOpenKeyExW	access: 0x00020019 base_handle: 0x80000002 key_handle: 0x00000148 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MobileOptionPack regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MobileOptionPack options: 0	success	0
1619796748.379124 RegOpenKeyExW	access: 0x00020019 base_handle: 0x80000002 key_handle: 0x00000148 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SchedulingAgent regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SchedulingAgent options: 0	success	0
1619796748.379124 RegOpenKeyExW	access: 0x00020019 base_handle: 0x80000002 key_handle: 0x00000148 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WIC regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WIC options: 0	success	0
1619796748.379124 RegOpenKeyExW	access: 0x00020019 base_handle: 0x80000002 key_handle: 0x00000000 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C8984088-6EC6-48C0-AE6B-1DDAA2A1E55D} regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C8984088-6EC6-48C0-AE6B-1DDAA2A1E55D} options: 0	failed	2

Communicates with host for which no DNS query was performed (1 个事件)

host

172.217.24.14

暂无二进制图像该样本未生成二进制可视化图像

暂无运行截图该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手，可以帮您分析和解读恶意软件报告。请随时向我提问！

🔍 主要威胁分析

⚡ 行为特征

🛡️ 防护建议

🔧 技术手段

🎯 检测方法

🤖

Static Analysis
Strings

PE Compile Time

2014-05-13 22:13:12

Imports

Library COMCTL32.dll:

• 0x46a064

Library VERSION.dll:

• 0x46a55c GetFileVersionInfoW

• 0x46a560 GetFileVersionInfoSizeW

• 0x46a564 VerQueryValueW

Library LZ32.dll:

• 0x46a3b0 LZOpenFileW

• 0x46a3b4 LZCopy

• 0x46a3b8 LZClose

Library msi.dll:

• 0x46a5a8

• 0x46a5ac

• 0x46a5b0

• 0x46a5b4

• 0x46a5b8

Library KERNEL32.dll:

• 0x46a120 CreateDirectoryW

• 0x46a124 FindClose

• 0x46a128 FindFirstFileW

• 0x46a12c GetDiskFreeSpaceW

• 0x46a130 GetDriveTypeW

• 0x46a134 GetFileAttributesW

• 0x46a138 GetFileSize

• 0x46a13c SetFilePointer

• 0x46a140 WriteFile

• 0x46a144 RaiseException

• 0x46a148 SetErrorMode

• 0x46a14c QueryPerformanceFrequency

• 0x46a150 InitializeCriticalSectionAndSpinCount

• 0x46a154 DeleteCriticalSection

• 0x46a158 ReleaseMutex

• 0x46a15c CreateMutexW

• 0x46a160 CreateEventW

• 0x46a164 GetSystemTimeAsFileTime

• 0x46a168 GetSystemInfo

• 0x46a16c VirtualQuery

• 0x46a170 CreateFileMappingW

• 0x46a174 MapViewOfFile

• 0x46a178 UnmapViewOfFile

• 0x46a17c FindResourceExW

• 0x46a180 FreeLibrary

• 0x46a184 LoadLibraryExW

• 0x46a188 lstrcmpiW

• 0x46a18c lstrcpynW

• 0x46a190 lstrcatW

• 0x46a194 LoadLibraryW

• 0x46a198 GetPrivateProfileIntW

• 0x46a19c IsBadReadPtr

• 0x46a1a0 CompareStringW

• 0x46a1a4 CompareStringA

• 0x46a1a8 GetSystemDefaultLangID

• 0x46a1ac GetUserDefaultLangID

• 0x46a1b0 ExpandEnvironmentStringsW

• 0x46a1b4 GetCurrentDirectoryW

• 0x46a1b8 FileTimeToLocalFileTime

• 0x46a1bc GetFileTime

• 0x46a1c0 SetFileAttributesW

• 0x46a1c4 HeapAlloc

• 0x46a1c8 VerLanguageNameW

• 0x46a1cc GetProcessHeap

• 0x46a1d0 CopyFileW

• 0x46a1d4 IsValidLocale

• 0x46a1d8 GetLocaleInfoW

• 0x46a1dc WideCharToMultiByte

• 0x46a1e0 lstrcpyA

• 0x46a1e4 GetTickCount

• 0x46a1e8 ExitThread

• 0x46a1ec CreateThread

• 0x46a1f0 GetExitCodeProcess

• 0x46a1f4 ReadFile

• 0x46a1f8 GetCommandLineW

• 0x46a1fc FormatMessageW

• 0x46a200 LocalFree

• 0x46a204 GetVersionExW

• 0x46a208 GetWindowsDirectoryW

• 0x46a20c InterlockedDecrement

• 0x46a210 InterlockedIncrement

• 0x46a214 GetTempPathW

• 0x46a218 CreateFileW

• 0x46a21c FindResourceW

• 0x46a220 GlobalFree

• 0x46a224 GlobalUnlock

• 0x46a228 FreeResource

• 0x46a22c GetPrivateProfileSectionNamesA

• 0x46a230 GetPrivateProfileStringA

• 0x46a234 GetPrivateProfileIntA

• 0x46a238 lstrcatA

• 0x46a23c lstrcmpiA

• 0x46a240 MulDiv

• 0x46a244 FlushFileBuffers

• 0x46a248 WriteConsoleW

• 0x46a24c SetStdHandle

• 0x46a250 SetFilePointerEx

• 0x46a254 GetConsoleMode

• 0x46a258 GetConsoleCP

• 0x46a25c OutputDebugStringW

• 0x46a260 FreeEnvironmentStringsW

• 0x46a264 GetEnvironmentStringsW

• 0x46a268 GetFileType

• 0x46a26c HeapReAlloc

• 0x46a270 GetStringTypeW

• 0x46a274 GetCurrentThreadId

• 0x46a278 GetCPInfo

• 0x46a27c GetOEMCP

• 0x46a280 IsValidCodePage

• 0x46a284 HeapSize

• 0x46a288 GetModuleHandleExW

• 0x46a28c GetStdHandle

• 0x46a290 GetStartupInfoW

• 0x46a294 TlsFree

• 0x46a298 TlsSetValue

• 0x46a29c TlsGetValue

• 0x46a2a0 TlsAlloc

• 0x46a2a4 SetUnhandledExceptionFilter

• 0x46a2a8 UnhandledExceptionFilter

• 0x46a2ac GlobalLock

• 0x46a2b0 GlobalAlloc

• 0x46a2b4 SizeofResource

• 0x46a2b8 LockResource

• 0x46a2bc LoadResource

• 0x46a2c0 MultiByteToWideChar

• 0x46a2c4 MoveFileExW

• 0x46a2c8 WriteProcessMemory

• 0x46a2cc VirtualProtectEx

• 0x46a2d0 GetSystemDirectoryW

• 0x46a2d4 FlushInstructionCache

• 0x46a2d8 SetThreadContext

• 0x46a2dc GetThreadContext

• 0x46a2e0 ResumeThread

• 0x46a2e4 TerminateProcess

• 0x46a2e8 ExitProcess

• 0x46a2ec GetCurrentProcess

• 0x46a2f0 WaitForSingleObject

• 0x46a2f4 SetLastError

• 0x46a2f8 GetLastError

• 0x46a2fc DuplicateHandle

• 0x46a300 RemoveDirectoryW

• 0x46a304 HeapFree

• 0x46a308 DeleteFileW

• 0x46a30c SetCurrentDirectoryW

• 0x46a310 lstrlenW

• 0x46a314 lstrcpyW

• 0x46a318 GetProcAddress

• 0x46a31c GetModuleHandleW

• 0x46a320 GetModuleFileNameW

• 0x46a324 CreateProcessW

• 0x46a328 Sleep

• 0x46a32c CloseHandle

• 0x46a330 GetACP

• 0x46a334 IsProcessorFeaturePresent

• 0x46a338 IsDebuggerPresent

• 0x46a33c RtlUnwind

• 0x46a340 ReadConsoleW

• 0x46a344 FindNextFileW

• 0x46a348 lstrcmpW

• 0x46a34c GetCurrentThread

• 0x46a350 QueryPerformanceCounter

• 0x46a354 SearchPathW

• 0x46a358 lstrcmpA

• 0x46a35c SystemTimeToFileTime

• 0x46a360 ResetEvent

• 0x46a364 SetEvent

• 0x46a368 VirtualProtect

• 0x46a36c GetDateFormatW

• 0x46a370 GetTimeFormatW

• 0x46a374 GetTempFileNameW

• 0x46a378 CompareFileTime

• 0x46a37c SetFileTime

• 0x46a380 OpenProcess

• 0x46a384 GetProcessTimes

• 0x46a388 lstrlenA

• 0x46a38c GetLocalTime

• 0x46a390 GetCurrentProcessId

• 0x46a394 GetVersion

• 0x46a398 LCMapStringW

• 0x46a39c DecodePointer

• 0x46a3a0 EncodePointer

• 0x46a3a4 LeaveCriticalSection

• 0x46a3a8 EnterCriticalSection

Library USER32.dll:

• 0x46a420 wsprintfW

• 0x46a424 SendMessageW

• 0x46a428 MoveWindow

• 0x46a42c DialogBoxIndirectParamW

• 0x46a430 EndDialog

• 0x46a434 GetDlgItem

• 0x46a438 SetDlgItemTextW

• 0x46a43c SetActiveWindow

• 0x46a440 SetForegroundWindow

• 0x46a444 SetWindowTextW

• 0x46a448 GetWindowRect

• 0x46a44c MessageBoxW

• 0x46a450 GetWindowLongW

• 0x46a454 WaitForInputIdle

• 0x46a458 SetWindowLongW

• 0x46a45c LoadIconW

• 0x46a460 TranslateMessage

• 0x46a464 DispatchMessageW

• 0x46a468 PeekMessageW

• 0x46a46c PostMessageW

• 0x46a470 SystemParametersInfoW

• 0x46a474 GetWindow

• 0x46a478 FillRect

• 0x46a47c GetSysColor

• 0x46a480 MapWindowPoints

• 0x46a484 RemovePropW

• 0x46a488 GetPropW

• 0x46a48c SetPropW

• 0x46a490 EndPaint

• 0x46a494 BeginPaint

• 0x46a498 EnableMenuItem

• 0x46a49c GetSystemMetrics

• 0x46a4a0 SetFocus

• 0x46a4a4 DefWindowProcW

• 0x46a4a8 GetMessageW

• 0x46a4ac LoadStringW

• 0x46a4b0 LoadImageW

• 0x46a4b4 ReleaseDC

• 0x46a4b8 GetDC

• 0x46a4bc CreateDialogParamW

• 0x46a4c0 GetParent

• 0x46a4c4 GetWindowTextW

• 0x46a4c8 CharNextW

• 0x46a4cc GetDesktopWindow

• 0x46a4d0 GetClientRect

• 0x46a4d4 IsWindowEnabled

• 0x46a4d8 CreateDialogIndirectParamW

• 0x46a4dc IsWindowVisible

• 0x46a4e0 IsDialogMessageW

• 0x46a4e4 FindWindowExW

• 0x46a4e8 ScreenToClient

• 0x46a4ec EnableWindow

• 0x46a4f0 MsgWaitForMultipleObjects

• 0x46a4f4 SendDlgItemMessageW

• 0x46a4f8 SetWindowPos

• 0x46a4fc ShowWindow

• 0x46a500 DestroyWindow

• 0x46a504 IsWindow

• 0x46a508 ExitWindowsEx

• 0x46a50c CharUpperW

• 0x46a510 wsprintfA

• 0x46a514 CallWindowProcW

• 0x46a518 CreateWindowExW

• 0x46a51c DrawIcon

• 0x46a520 DrawTextW

• 0x46a524 UpdateWindow

• 0x46a528 GetWindowDC

• 0x46a52c InvalidateRect

• 0x46a530 DrawFocusRect

• 0x46a534 CopyRect

• 0x46a538 InflateRect

• 0x46a53c EnumChildWindows

• 0x46a540 GetClassNameW

• 0x46a544 MapDialogRect

• 0x46a548 RegisterClassExW

• 0x46a54c GetDlgItemTextW

• 0x46a550 IntersectRect

• 0x46a554 MonitorFromPoint

Library GDI32.dll:

• 0x46a06c SetTextColor

• 0x46a070 SetBkMode

• 0x46a074 SetBkColor

• 0x46a078 SaveDC

• 0x46a07c RestoreDC

• 0x46a080 CreateSolidBrush

• 0x46a084 UnrealizeObject

• 0x46a088 CreateHalftonePalette

• 0x46a08c GetDIBColorTable

• 0x46a090 SelectPalette

• 0x46a094 SelectObject

• 0x46a098 RealizePalette

• 0x46a09c GetSystemPaletteEntries

• 0x46a0a0 GetDeviceCaps

• 0x46a0a4 DeleteDC

• 0x46a0a8 CreatePalette

• 0x46a0ac CreateCompatibleDC

• 0x46a0b0 BitBlt

• 0x46a0b4 GetObjectW

• 0x46a0b8 TranslateCharsetInfo

• 0x46a0bc DeleteObject

• 0x46a0c0 CreateFontIndirectW

• 0x46a0c4 CreateCompatibleBitmap

• 0x46a0c8 CreateDCW

• 0x46a0cc CreatePatternBrush

• 0x46a0d0 GetStockObject

• 0x46a0d4 GetTextExtentPoint32W

• 0x46a0d8 DeleteMetaFile

• 0x46a0dc CreateDIBitmap

• 0x46a0e0 CreateBitmap

• 0x46a0e4 CreateRectRgn

• 0x46a0e8 PatBlt

• 0x46a0ec PlayMetaFile

• 0x46a0f0 SelectClipRgn

• 0x46a0f4 SetMapMode

• 0x46a0f8 SetMetaFileBitsEx

• 0x46a0fc SetPixel

• 0x46a100 StretchBlt

• 0x46a104 SetStretchBltMode

• 0x46a108 SetViewportExtEx

• 0x46a10c SetViewportOrgEx

• 0x46a110 SetWindowExtEx

• 0x46a114 SetWindowOrgEx

• 0x46a118 TextOutW

Library ADVAPI32.dll:

• 0x46a000 RegCreateKeyExW

• 0x46a004 RegOpenKeyExW

• 0x46a008 FreeSid

• 0x46a00c AllocateAndInitializeSid

• 0x46a010 EqualSid

• 0x46a014 GetTokenInformation

• 0x46a018 OpenThreadToken

• 0x46a01c RegEnumKeyW

• 0x46a020 LookupPrivilegeValueW

• 0x46a024 AdjustTokenPrivileges

• 0x46a028 OpenProcessToken

• 0x46a02c RegOpenKeyW

• 0x46a030 RegEnumValueW

• 0x46a034 RegQueryValueExW

• 0x46a038 RegQueryInfoKeyW

• 0x46a03c RegEnumKeyExW

• 0x46a040 RegDeleteValueW

• 0x46a044 RegDeleteKeyW

• 0x46a048 SetSecurityDescriptorOwner

• 0x46a04c SetSecurityDescriptorGroup

• 0x46a050 SetSecurityDescriptorDacl

• 0x46a054 InitializeSecurityDescriptor

• 0x46a058 RegSetValueExW

• 0x46a05c RegCloseKey

Library SHELL32.dll:

• 0x46a40c SHGetPathFromIDListW

• 0x46a410 SHGetSpecialFolderLocation

• 0x46a414 SHGetMalloc

• 0x46a418 ShellExecuteExW

Library ole32.dll:

• 0x46a5c0 CoTaskMemFree

• 0x46a5c4 CoTaskMemRealloc

• 0x46a5c8 CoTaskMemAlloc

• 0x46a5cc CoCreateInstance

• 0x46a5d0 CoInitializeSecurity

• 0x46a5d4 CoInitializeEx

• 0x46a5d8 CoUninitialize

• 0x46a5dc CreateStreamOnHGlobal

Library OLEAUT32.dll:

• 0x46a3c0 SysReAllocStringLen

• 0x46a3c4 GetErrorInfo

• 0x46a3c8 VarBstrCmp

• 0x46a3cc SysAllocStringLen

• 0x46a3d0 VariantClear

• 0x46a3d4 SysAllocString

• 0x46a3d8 SysFreeString

• 0x46a3dc SysStringByteLen

• 0x46a3e0 SysStringLen

• 0x46a3e4 SysAllocStringByteLen

• 0x46a3e8 VariantInit

• 0x46a3ec VariantChangeType

• 0x46a3f0 VarBstrCat

• 0x46a3f4 VarUI4FromStr

Library RPCRT4.dll:

• 0x46a3fc RpcStringFreeW

• 0x46a400 UuidCreate

• 0x46a404 UuidToStringW

Library gdiplus.dll:

• 0x46a56c GdipGetImageWidth

• 0x46a570 GdipCreateFromHDC

• 0x46a574 GdipAlloc

• 0x46a578 GdipFree

• 0x46a57c GdipCloneImage

• 0x46a580 GdipDisposeImage

• 0x46a584 GdipCreateBitmapFromStream

• 0x46a588 GdipCreateBitmapFromStreamICM

• 0x46a58c GdipCreateBitmapFromResource

• 0x46a590 GdipDrawImageRectI

• 0x46a594 GdipSetInterpolationMode

• 0x46a598 GdiplusStartup

• 0x46a59c GdipGetImageHeight

• 0x46a5a0 GdipDeleteGraphics

Hosts

No hosts contacted.

DNS

Name	Response	Post-Analysis Lookup
dns.msftncsi.com	AAAA fd3e:4f5a:5b81::1	131.107.255.255
time.windows.com	A 20.189.79.72 CNAME time.microsoft.akadns.net
clients2.google.com	A 172.217.160.110 CNAME clients.l.google.com	172.217.27.142
dns.msftncsi.com	A 131.107.255.255	131.107.255.255
teredo.ipv6.microsoft.com		127.0.0.1

TCP

No TCP connections recorded.

UDP

Source	Source Port	Destination	Destination Port
192.168.56.101	49235	114.114.114.114	53
192.168.56.101	50534	114.114.114.114	53
192.168.56.101	53657	114.114.114.114	53
192.168.56.101	56539	114.114.114.114	53
192.168.56.101	65004	114.114.114.114	53
192.168.56.101	137	192.168.56.255	137
192.168.56.101	138	192.168.56.255	138
192.168.56.101	123	20.189.79.72 time.windows.com	123
192.168.56.101	51808	224.0.0.252	5355
192.168.56.101	55368	224.0.0.252	5355
192.168.56.101	56804	224.0.0.252	5355
192.168.56.101	60123	224.0.0.252	5355
192.168.56.101	62191	224.0.0.252	5355
192.168.56.101	1900	239.255.255.250	1900
192.168.56.101	50535	239.255.255.250	3702
192.168.56.101	50537	239.255.255.250	3702
192.168.56.101	56540	239.255.255.250	3702
192.168.56.101	56807	239.255.255.250	1900
192.168.56.101	58707	239.255.255.250	3702
192.168.56.101	56539	8.8.8.8	53

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.

Sorry! No dropped buffers.