11.8
0-day
53 个模型检测该样本为恶意!
重新分析
更多

c98590da7c3701a0187bb3bfe580143b43428243d106f63f0c653dcbde6aec5f

9fcb650a9078af65b4cdb984adcb45c9.exe

分析耗时

100s

最近分析

文件大小

688.5KB
静态报毒 动态报毒 AI SCORE=89 BANKERX CLASSIC DOWNLOADER34 ELDORADO EMOTET FHGO GDSDA GENCIRC GENERICKD HIGH CONFIDENCE HPFRQU IGENERIC KRYPTIK R002C0DGU20 R346334 RQW@A0MWH@LJ SCORE SGENERIC UNSAFE ZEXAF 更多
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
McAfee Emotet-FRI!9FCB650A9078 20200806 6.0.6.653
Alibaba Trojan:Win32/Emotet.2ce0435f 20190527 0.3.0.5
Baidu 20190318 1.0.0.2
Avast Win32:BankerX-gen [Trj] 20200806 18.4.3895.0
Kingsoft 20200806 2013.8.14.323
Tencent Malware.Win32.Gencirc.10cde55a 20200806 1.0.0.1
CrowdStrike 20190702 1.0
静态指标
Queries for the computername (1 个事件)
Time & API Arguments Status Return Repeated
1619808352.870875
GetComputerNameA
computer_name: OSKAR-PC
success 1 0
Uses Windows APIs to generate a cryptographic key (4 个事件)
Time & API Arguments Status Return Repeated
1619808344.307875
CryptGenKey
crypto_handle: 0x029d0c10
algorithm_identifier: 0x0000660e ()
provider_handle: 0x006903e0
flags: 1
key: f^äS¬b© Â;8Jƒ—
success 1 0
1619808352.963875
CryptExportKey
crypto_handle: 0x029d0c10
crypto_export_handle: 0x00693e38
buffer: f¤æy=Š/ûxa Ju ôf¢H\mYò·#à†ú-QñSk¡ L h„ÖOàsÑhO7«NSæ7ŸfÁÄT¥£âÞn„ªS9ûÐÇo€ßpªD sȕòMͯ<%ÿb4U
blob_type: 1
flags: 64
success 1 0
1619808382.416875
CryptExportKey
crypto_handle: 0x029d0c10
crypto_export_handle: 0x00693e38
buffer: f¤KšhÎéÎ-ÝzÓuµŠ2¼c©¡Y³üšûðü¡²­ñà± AÒ5ʐo)ûc›ö܃AOI;ÌÕѺžTgÜ/U9U ­7*´Ö—‡÷Ü©©ºJ-ún užòV˜
blob_type: 1
flags: 64
success 1 0
1619808407.245875
CryptExportKey
crypto_handle: 0x029d0c10
crypto_export_handle: 0x00693e38
buffer: f¤'´Pb‹Ð€ëÜ°v›ØÝv&7Éÿ³ kp¹f£ |YÇÁë#uøµË*`‚œ=8 æ…ËU×O1„†Šx-ðÒýò…m¯VB µP©lµ¿ θ?,¤
blob_type: 1
flags: 64
success 1 0
This executable has a PDB path (1 个事件)
pdb_path c:\Users\User\Desktop\2008\28.7.20\chexedit_demo\CHexEditDemo\Release\CHexEditDemo.pdb
行为判定
动态指标
HTTP traffic contains suspicious features which may be indicative of malware related traffic (1 个事件)
suspicious_features POST method with no referer header suspicious_request POST https://update.googleapis.com/service/update2?cup2key=10:4086543445&cup2hreq=1ac90b22f2ffb463aa2176a4bb705764401e89a101d8427f1323cec3d4d159c5
Performs some HTTP requests (4 个事件)
request HEAD http://redirector.gvt1.com/edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe
request HEAD http://r1---sn-j5o7dn7e.gvt1.com/edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe?cms_redirect=yes&mh=ms&mip=202.100.214.100&mm=28&mn=sn-j5o7dn7e&ms=nvh&mt=1619779215&mv=m&mvi=1&pl=23&shardbypass=yes
request HEAD http://r3---sn-j5o7dn7e.gvt1.com/edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe?mh=ms&mvi=3&pl=17&shardbypass=yes&redirect_counter=1&rm=sn-j5ok7e&req_id=163cb948cbbcaa48&cms_redirect=yes&ipbypass=yes&mip=59.50.85.19&mm=28&mn=sn-j5o7dn7e&ms=nvh&mt=1619779215&mv=m
request POST https://update.googleapis.com/service/update2?cup2key=10:4086543445&cup2hreq=1ac90b22f2ffb463aa2176a4bb705764401e89a101d8427f1323cec3d4d159c5
Sends data using the HTTP POST Method (1 个事件)
request POST https://update.googleapis.com/service/update2?cup2key=10:4086543445&cup2hreq=1ac90b22f2ffb463aa2176a4bb705764401e89a101d8427f1323cec3d4d159c5
Allocates read-write-execute memory (usually to unpack itself) (3 个事件)
Time & API Arguments Status Return Repeated
1619808340.886374
NtAllocateVirtualMemory
process_identifier: 2864
region_size: 36864
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12289 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00570000
success 0 0
1619807971.124897
NtAllocateVirtualMemory
process_identifier: 1424
region_size: 65536
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffffffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x0000000004150000
success 0 0
1619808343.901875
NtAllocateVirtualMemory
process_identifier: 2520
region_size: 36864
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12289 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x005e0000
success 0 0
Checks whether any human activity is being performed by constantly checking whether the foreground window changed
Foreign language identified in PE resource (3 个事件)
name RT_ICON language LANG_CHINESE offset 0x000b02c4 filetype GLS_BINARY_LSB_FIRST sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000128
name RT_ICON language LANG_CHINESE offset 0x000b02c4 filetype GLS_BINARY_LSB_FIRST sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000128
name RT_GROUP_ICON language LANG_CHINESE offset 0x000b1f60 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000022
Searches running processes potentially to identify processes for sandbox evasion, code injection or memory dumping (1 个事件)
Moves the original executable to a new location (1 个事件)
Time & API Arguments Status Return Repeated
1619808341.542374
MoveFileWithProgressW
oldfilepath: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\9fcb650a9078af65b4cdb984adcb45c9.exe
newfilepath: C:\Windows\SysWOW64\wmcodecdspps\KBDURDU.exe
newfilepath_r: C:\Windows\SysWOW64\wmcodecdspps\KBDURDU.exe
flags: 3
oldfilepath_r: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\9fcb650a9078af65b4cdb984adcb45c9.exe
success 1 0
Checks adapter addresses which can be used to detect virtual network interfaces (1 个事件)
Time & API Arguments Status Return Repeated
1619808355.276875
GetAdaptersAddresses
flags: 0
family: 0
failed 111 0
The binary likely contains encrypted or compressed data indicative of a packer (1 个事件)
entropy 7.480589944548396 section {'size_of_data': '0x0000b800', 'virtual_address': '0x0009e000', 'entropy': 7.480589944548396, 'name': '.data', 'virtual_size': '0x0000f404'} description A section with a high entropy has been found
Expresses interest in specific running processes (1 个事件)
process kbdurdu.exe
Reads the systems User Agent and subsequently performs requests (1 个事件)
Time & API Arguments Status Return Repeated
1619808353.791875
InternetOpenW
proxy_bypass:
access_type: 0
proxy_name:
flags: 0
user_agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
success 13369348 0
网络通信
Communicates with host for which no DNS query was performed (4 个事件)
host 172.217.24.14
host 189.212.199.126
host 212.51.142.238
host 76.27.179.47
Installs itself for autorun at Windows startup (1 个事件)
service_name KBDURDU service_path C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\"C:\Windows\SysWOW64\wmcodecdspps\KBDURDU.exe"
Created a service where a service was also not started (1 个事件)
Time & API Arguments Status Return Repeated
1619808343.058374
CreateServiceW
service_start_name:
start_type: 2
service_handle: 0x029cb720
display_name: KBDURDU
error_control: 0
service_name: KBDURDU
filepath: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\"C:\Windows\SysWOW64\wmcodecdspps\KBDURDU.exe"
filepath_r: "C:\Windows\SysWOW64\wmcodecdspps\KBDURDU.exe"
service_manager_handle: 0x029cb7e8
desired_access: 2
service_type: 16
password:
success 43824928 0
Sets or modifies WPAD proxy autoconfiguration file for traffic interception (8 个事件)
Time & API Arguments Status Return Repeated
1619808357.885875
RegSetValueExA
key_handle: 0x000003b8
value: 1
regkey_r: WpadDecisionReason
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionReason
success 0 0
1619808357.885875
RegSetValueExA
key_handle: 0x000003b8
value: àá‰Ò>×
regkey_r: WpadDecisionTime
reg_type: 3 (REG_BINARY)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionTime
success 0 0
1619808357.885875
RegSetValueExA
key_handle: 0x000003b8
value: 3
regkey_r: WpadDecision
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecision
success 0 0
1619808357.885875
RegSetValueExW
key_handle: 0x000003b8
value: 网络 2
regkey_r: WpadNetworkName
reg_type: 1 (REG_SZ)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadNetworkName
success 0 0
1619808357.885875
RegSetValueExA
key_handle: 0x000003d0
value: 1
regkey_r: WpadDecisionReason
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionReason
success 0 0
1619808357.885875
RegSetValueExA
key_handle: 0x000003d0
value: àá‰Ò>×
regkey_r: WpadDecisionTime
reg_type: 3 (REG_BINARY)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionTime
success 0 0
1619808357.885875
RegSetValueExA
key_handle: 0x000003d0
value: 3
regkey_r: WpadDecision
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecision
success 0 0
1619808357.916875
RegSetValueExW
key_handle: 0x000003b4
value: {40112ABE-63B3-43C3-BE93-1440EE3AF106}
regkey_r: WpadLastNetwork
reg_type: 1 (REG_SZ)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\WpadLastNetwork
success 0 0
Attempts to remove evidence of file being downloaded from the Internet (1 个事件)
file C:\Windows\SysWOW64\wmcodecdspps\KBDURDU.exe:Zone.Identifier
Uses Sysinternals tools in order to add additional command line functionality (1 个事件)
cmdline C:\Windows\SysWOW64\wmcodecdspps\KBDURDU.exe
File has been identified by 53 AntiVirus engines on VirusTotal as malicious (50 out of 53 个事件)
MicroWorld-eScan Trojan.GenericKD.43562692
FireEye Generic.mg.9fcb650a9078af65
CAT-QuickHeal Trojan.IGENERIC
McAfee Emotet-FRI!9FCB650A9078
Cylance Unsafe
Zillya Backdoor.Emotet.Win32.650
K7AntiVirus Trojan ( 0056b6cf1 )
Alibaba Trojan:Win32/Emotet.2ce0435f
K7GW Trojan ( 0056b6cf1 )
Cybereason malicious.723d12
Arcabit Trojan.Generic.D298B6C4
Invincea heuristic
F-Prot W32/Emotet.AOD.gen!Eldorado
Symantec Trojan.Emotet
APEX Malicious
Avast Win32:BankerX-gen [Trj]
Kaspersky UDS:DangerousObject.Multi.Generic
BitDefender Trojan.GenericKD.43562692
NANO-Antivirus Trojan.Win32.Emotet.hpfrqu
Paloalto generic.ml
ViRobot Trojan.Win32.Emotet.705024
Rising Trojan.Kryptik!1.C71F (CLASSIC)
Ad-Aware Trojan.GenericKD.43562692
Emsisoft Trojan.Emotet (A)
F-Secure Trojan.TR/AD.Emotet.LJ
DrWeb Trojan.DownLoader34.9669
VIPRE Trojan.Win32.Generic!BT
TrendMicro TROJ_GEN.R002C0DGU20
Sophos Troj/Emotet-CKJ
Cyren W32/Emotet.AOD.gen!Eldorado
Jiangmin Backdoor.Emotet.pc
Avira TR/AD.Emotet.LJ
Antiy-AVL Trojan/Win32.SGeneric
Microsoft Trojan:Win32/Emotet.ARJ!MTB
Endgame malicious (high confidence)
AegisLab Trojan.Multi.Generic.4!c
ZoneAlarm UDS:DangerousObject.Multi.Generic
GData Trojan.GenericKD.43562692
Cynet Malicious (score: 85)
AhnLab-V3 Trojan/Win32.Emotet.R346334
BitDefenderTheta Gen:NN.ZexaF.34152.RqW@a0MWH@lj
ALYac Trojan.GenericKD.43562692
MAX malware (ai score=89)
VBA32 Trojan.Downloader
Malwarebytes Trojan.MalPack.TRE
ESET-NOD32 Win32/Emotet.CD
TrendMicro-HouseCall TROJ_GEN.R002C0DGU20
Tencent Malware.Win32.Gencirc.10cde55a
Ikarus Trojan-Banker.Emotet
Fortinet W32/Emotet.FHGO!tr
Connects to IP addresses that are no longer responding to requests (legitimate services will remain up-and-running usually) (4 个事件)
dead_host 172.217.160.110:443
dead_host 172.217.24.14:443
dead_host 76.27.179.47:80
dead_host 212.51.142.238:8080
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

2020-07-29 04:26:40

Imports

Library KERNEL32.dll:
0x4801a8 GetCommandLineA
0x4801ac GetStartupInfoA
0x4801b0 HeapAlloc
0x4801b4 HeapFree
0x4801b8 Sleep
0x4801bc ExitProcess
0x4801c0 ExitThread
0x4801c4 CreateThread
0x4801c8 VirtualProtect
0x4801cc VirtualAlloc
0x4801d0 GetSystemInfo
0x4801d4 VirtualQuery
0x4801d8 HeapReAlloc
0x4801dc HeapSize
0x4801e0 TerminateProcess
0x4801ec IsDebuggerPresent
0x4801f0 GetACP
0x4801f4 IsValidCodePage
0x4801f8 LCMapStringA
0x4801fc LCMapStringW
0x480200 GetStdHandle
0x480214 RaiseException
0x480218 GetFileType
0x48021c HeapCreate
0x480220 HeapDestroy
0x480224 VirtualFree
0x480230 FatalAppExitA
0x48023c GetStringTypeA
0x480240 GetStringTypeW
0x480248 GetTimeFormatA
0x48024c GetDateFormatA
0x480250 GetUserDefaultLCID
0x480254 EnumSystemLocalesA
0x480258 IsValidLocale
0x48025c GetConsoleCP
0x480260 GetConsoleMode
0x480264 GetLocaleInfoW
0x480268 SetStdHandle
0x48026c WriteConsoleA
0x480270 GetConsoleOutputCP
0x480274 WriteConsoleW
0x480278 CompareStringW
0x480280 RtlUnwind
0x480284 GetTickCount
0x480288 GetFileTime
0x48028c GetFileSizeEx
0x480290 GetFileAttributesA
0x480294 SetFileAttributesA
0x480298 SetFileTime
0x4802a4 SetErrorMode
0x4802b0 GetModuleHandleW
0x4802b4 GetAtomNameA
0x4802b8 GetOEMCP
0x4802bc GetCPInfo
0x4802c0 CreateFileA
0x4802c4 GetShortPathNameA
0x4802c8 GetFullPathNameA
0x4802d0 FindFirstFileA
0x4802d4 FindClose
0x4802d8 DuplicateHandle
0x4802dc GetFileSize
0x4802e0 SetEndOfFile
0x4802e4 UnlockFile
0x4802e8 LockFile
0x4802ec FlushFileBuffers
0x4802f0 SetFilePointer
0x4802f4 WriteFile
0x4802f8 ReadFile
0x4802fc lstrcmpiA
0x480300 GetThreadLocale
0x480304 GetStringTypeExA
0x480308 DeleteFileA
0x48030c MoveFileA
0x480314 TlsFree
0x48031c LocalReAlloc
0x480320 TlsSetValue
0x480324 TlsAlloc
0x48032c GlobalHandle
0x480330 GlobalReAlloc
0x480338 TlsGetValue
0x480340 LocalAlloc
0x480344 GlobalFlags
0x48035c GetModuleFileNameW
0x480360 CopyFileA
0x480364 GlobalSize
0x480368 FormatMessageA
0x48036c LocalFree
0x480370 lstrlenW
0x480374 MulDiv
0x480378 lstrlenA
0x48037c GlobalGetAtomNameA
0x480380 GlobalFindAtomA
0x480384 MultiByteToWideChar
0x480388 lstrcmpW
0x48038c GetVersionExA
0x480390 GlobalFree
0x480394 FreeResource
0x480398 GetCurrentProcessId
0x48039c GetLastError
0x4803a0 SetLastError
0x4803a4 GlobalAddAtomA
0x4803a8 CreateEventA
0x4803ac SuspendThread
0x4803b0 SetEvent
0x4803b4 WaitForSingleObject
0x4803b8 ResumeThread
0x4803bc SetThreadPriority
0x4803c0 CloseHandle
0x4803c4 GlobalDeleteAtom
0x4803c8 GetCurrentThread
0x4803cc GetCurrentThreadId
0x4803d8 GetModuleFileNameA
0x4803dc GetLocaleInfoA
0x4803e0 LoadLibraryA
0x4803e4 CompareStringA
0x4803e8 InterlockedExchange
0x4803ec lstrcmpA
0x4803f0 FreeLibrary
0x4803f4 GetModuleHandleA
0x4803f8 GlobalLock
0x4803fc GlobalAlloc
0x480400 GlobalUnlock
0x480404 LoadLibraryExA
0x480408 GetProcAddress
0x48040c GetCurrentProcess
0x480410 WideCharToMultiByte
0x480414 FindResourceA
0x480418 LoadResource
0x48041c LockResource
0x480420 SetHandleCount
0x480424 SizeofResource
Library USER32.dll:
0x480508 GetNextDlgGroupItem
0x48050c MessageBeep
0x480510 UnregisterClassA
0x480514 SetRectEmpty
0x48051c BringWindowToTop
0x480520 InsertMenuItemA
0x480524 LoadAcceleratorsA
0x480528 GetMenuBarInfo
0x48052c LoadMenuA
0x480530 ReuseDDElParam
0x480534 UnpackDDElParam
0x48053c SetTimer
0x480540 KillTimer
0x480544 GetKeyNameTextA
0x480548 MapVirtualKeyA
0x48054c SetParent
0x480550 UnionRect
0x480554 PostThreadMessageA
0x480558 GetDCEx
0x48055c LockWindowUpdate
0x480560 LoadCursorA
0x480564 WindowFromPoint
0x480568 SetCapture
0x48056c DeleteMenu
0x480570 EndPaint
0x480574 BeginPaint
0x480578 GetWindowDC
0x48057c ReleaseDC
0x480580 GetDC
0x480584 ClientToScreen
0x480588 GrayStringA
0x48058c DrawTextExA
0x480590 DrawTextA
0x480594 TabbedTextOutA
0x480598 FillRect
0x48059c DestroyMenu
0x4805a0 GetMenuItemInfoA
0x4805a4 InflateRect
0x4805a8 GetMenuStringA
0x4805ac RemoveMenu
0x4805b0 ScrollWindowEx
0x4805b4 ShowWindow
0x4805b8 MoveWindow
0x4805bc SetWindowTextA
0x4805c0 IsDialogMessageA
0x4805c4 IsDlgButtonChecked
0x4805c8 SetDlgItemTextA
0x4805cc SetDlgItemInt
0x4805d0 GetDlgItemTextA
0x4805d4 GetDlgItemInt
0x4805d8 CheckRadioButton
0x4805dc CheckDlgButton
0x4805e4 SendDlgItemMessageA
0x4805e8 WinHelpA
0x4805ec GetCapture
0x4805f0 GetClassLongA
0x4805f4 GetClassNameA
0x4805f8 SetPropA
0x4805fc GetPropA
0x480600 RemovePropA
0x480604 SetFocus
0x48060c InvalidateRgn
0x480610 GetForegroundWindow
0x480614 BeginDeferWindowPos
0x480618 EndDeferWindowPos
0x48061c GetTopWindow
0x480620 UnhookWindowsHookEx
0x480624 GetMessageTime
0x480628 GetMessagePos
0x48062c MapWindowPoints
0x480630 ScrollWindow
0x480634 TrackPopupMenuEx
0x480638 TrackPopupMenu
0x48063c SetMenu
0x480640 SetScrollRange
0x480644 GetScrollRange
0x480648 SetScrollPos
0x48064c GetScrollPos
0x480650 SetForegroundWindow
0x480654 ShowScrollBar
0x480658 UpdateWindow
0x48065c GetSubMenu
0x480660 GetMenuItemID
0x480664 GetMenuItemCount
0x480668 CreateWindowExA
0x48066c GetClassInfoExA
0x480670 GetClassInfoA
0x480674 RegisterClassA
0x480678 GetSysColor
0x48067c AdjustWindowRectEx
0x480680 ScreenToClient
0x480684 EqualRect
0x480688 DeferWindowPos
0x48068c GetScrollInfo
0x480690 SetScrollInfo
0x480694 CopyRect
0x480698 PtInRect
0x48069c SetWindowPlacement
0x4806a0 GetDlgCtrlID
0x4806a4 DefWindowProcA
0x4806a8 CallWindowProcA
0x4806ac GetMenu
0x4806b0 SetWindowLongA
0x4806b4 OffsetRect
0x4806b8 IntersectRect
0x4806c0 GetWindowPlacement
0x4806c4 GetWindowRect
0x4806c8 GetWindow
0x4806d0 MapDialogRect
0x4806d4 DrawIcon
0x4806d8 AppendMenuA
0x4806dc SendMessageA
0x4806e0 GetSystemMenu
0x4806e4 SetWindowPos
0x4806e8 GetDesktopWindow
0x4806ec SetActiveWindow
0x4806f4 DestroyWindow
0x4806f8 IsWindow
0x4806fc GetDlgItem
0x480700 GetNextDlgTabItem
0x480704 EndDialog
0x48070c GetWindowLongA
0x480710 GetLastActivePopup
0x480714 IsWindowEnabled
0x480718 InvalidateRect
0x48071c SetRect
0x480720 IsRectEmpty
0x480728 CharNextA
0x48072c GetDialogBaseUnits
0x480730 CharUpperA
0x480734 DestroyIcon
0x480738 GetSysColorBrush
0x48073c WaitMessage
0x480740 GetWindowTextA
0x480744 ReleaseCapture
0x480748 IsIconic
0x48074c GetClientRect
0x480750 EnableWindow
0x480754 LoadIconA
0x480758 GetSystemMetrics
0x48075c CreatePopupMenu
0x480760 InsertMenuA
0x480764 RedrawWindow
0x480768 OpenClipboard
0x48076c SetClipboardData
0x480770 CloseClipboard
0x480774 GetClipboardData
0x48077c GetKeyState
0x480780 PostQuitMessage
0x480784 PostMessageA
0x480788 CheckMenuItem
0x48078c EnableMenuItem
0x480790 GetMenuState
0x480794 ModifyMenuA
0x480798 GetParent
0x48079c GetFocus
0x4807a0 LoadBitmapA
0x4807a8 SetMenuItemBitmaps
0x4807ac ValidateRect
0x4807b0 GetCursorPos
0x4807b4 PeekMessageA
0x4807b8 IsWindowVisible
0x4807bc GetActiveWindow
0x4807c0 DispatchMessageA
0x4807c4 TranslateMessage
0x4807c8 GetMessageA
0x4807cc CallNextHookEx
0x4807d0 SetWindowsHookExA
0x4807d4 SetCursor
0x4807d8 ShowOwnedPopups
0x4807dc MessageBoxA
0x4807e0 IsChild
Library GDI32.dll:
0x480040 ArcTo
0x480044 PolyDraw
0x480048 PolylineTo
0x48004c PolyBezierTo
0x480050 ExtSelectClipRgn
0x480054 DeleteDC
0x48005c CreatePatternBrush
0x480060 GetStockObject
0x480064 SelectPalette
0x480068 PlayMetaFileRecord
0x48006c GetObjectType
0x480070 EnumMetaFile
0x480074 PlayMetaFile
0x480078 CreatePen
0x48007c ScaleWindowExtEx
0x480080 CreateHatchBrush
0x480084 GetTextMetricsA
0x480088 GetBkColor
0x48008c GetTextColor
0x480094 GetRgnBox
0x480098 GetCharWidthA
0x48009c CreateFontA
0x4800a0 StretchDIBits
0x4800a8 SetRectRgn
0x4800ac CombineRgn
0x4800b0 GetMapMode
0x4800b4 PatBlt
0x4800b8 DPtoLP
0x4800bc OffsetWindowOrgEx
0x4800c0 SetWindowExtEx
0x4800c4 SetWindowOrgEx
0x4800c8 ScaleViewportExtEx
0x4800cc SetViewportExtEx
0x4800d0 OffsetViewportOrgEx
0x4800d4 SetViewportOrgEx
0x4800d8 SelectObject
0x4800dc Escape
0x4800e0 TextOutA
0x4800e4 RectVisible
0x4800e8 PtVisible
0x4800ec StartDocA
0x4800f0 ExtCreatePen
0x4800f4 CreateSolidBrush
0x4800f8 GetWindowExtEx
0x4800fc GetViewportExtEx
0x480100 SelectClipPath
0x480104 CreateRectRgn
0x480108 GetClipRgn
0x48010c SelectClipRgn
0x480110 DeleteObject
0x480114 SetColorAdjustment
0x480118 SetArcDirection
0x48011c SetMapperFlags
0x480128 SetTextAlign
0x48012c MoveToEx
0x480130 LineTo
0x480134 OffsetClipRgn
0x480138 IntersectClipRect
0x48013c ExcludeClipRect
0x480140 SetMapMode
0x480148 SetWorldTransform
0x48014c SetGraphicsMode
0x480150 SetStretchBltMode
0x480154 SetROP2
0x480158 SetPolyFillMode
0x48015c SetBkMode
0x480160 RestoreDC
0x480164 SaveDC
0x48016c ExtTextOutA
0x480170 BitBlt
0x480174 CreateCompatibleDC
0x480178 CreateFontIndirectA
0x48017c CreateDCA
0x480180 CopyMetaFileA
0x480184 GetDeviceCaps
0x480188 GetObjectA
0x48018c SetBkColor
0x480190 SetTextColor
0x480194 GetClipBox
0x480198 GetDCOrgEx
0x48019c CreateBitmap
0x4801a0 GetPixel
Library COMDLG32.dll:
0x480034 GetFileTitleA
Library WINSPOOL.DRV:
0x4807e8 DocumentPropertiesA
0x4807ec ClosePrinter
0x4807f0 OpenPrinterA
Library ADVAPI32.dll:
0x480000 RegDeleteValueA
0x480004 RegSetValueExA
0x480008 RegCreateKeyExA
0x48000c RegSetValueA
0x480010 RegQueryValueA
0x480014 RegOpenKeyA
0x480018 RegEnumKeyA
0x48001c RegDeleteKeyA
0x480020 RegOpenKeyExA
0x480024 RegQueryValueExA
0x480028 RegCloseKey
0x48002c RegCreateKeyA
Library SHELL32.dll:
0x4804d8 ExtractIconA
0x4804dc DragFinish
0x4804e0 DragQueryFileA
0x4804e4 SHGetFileInfoA
Library SHLWAPI.dll:
0x4804ec PathFindFileNameA
0x4804f0 PathStripToRootA
0x4804f4 PathIsUNCA
0x4804f8 PathFindExtensionA
0x480500 PathRemoveFileSpecW
Library oledlg.dll:
0x480888
Library ole32.dll:
0x4807f8 OleSetClipboard
0x4807fc CoRevokeClassObject
0x480804 OleInitialize
0x48080c OleUninitialize
0x480810 OleRun
0x480814 CoInitializeEx
0x480818 CoUninitialize
0x48081c CoCreateInstance
0x480820 StringFromGUID2
0x480824 CoDisconnectObject
0x480838 OleDuplicateData
0x48083c CoTaskMemAlloc
0x480840 ReleaseStgMedium
0x480844 CreateBindCtx
0x480848 CoTreatAsClass
0x48084c StringFromCLSID
0x480850 ReadClassStg
0x480854 ReadFmtUserTypeStg
0x480858 OleRegGetUserType
0x48085c WriteClassStg
0x480860 WriteFmtUserTypeStg
0x480864 SetConvertStg
0x480868 CoTaskMemFree
0x48086c CLSIDFromString
0x480870 CLSIDFromProgID
0x480874 OleFlushClipboard
0x480880 CoGetClassObject
Library OLEAUT32.dll:
0x48042c SysAllocStringLen
0x480430 VariantClear
0x480434 VariantChangeType
0x480438 VariantInit
0x48043c SysStringLen
0x480444 SysStringByteLen
0x480454 SafeArrayDestroy
0x480458 SysAllocString
0x48045c RegisterTypeLib
0x480460 LoadTypeLib
0x480464 LoadRegTypeLib
0x48046c SafeArrayAccessData
0x480470 SafeArrayGetUBound
0x480474 SafeArrayGetLBound
0x48047c SafeArrayGetDim
0x480480 SafeArrayCreate
0x480484 SafeArrayRedim
0x480488 VariantCopy
0x48048c SafeArrayAllocData
0x480494 SafeArrayCopy
0x480498 SafeArrayGetElement
0x48049c SafeArrayPtrOfIndex
0x4804a0 SafeArrayPutElement
0x4804a4 SafeArrayLock
0x4804a8 SafeArrayUnlock
0x4804b4 SysReAllocStringLen
0x4804b8 VarDateFromStr
0x4804bc VarBstrFromCy
0x4804c0 VarBstrFromDec
0x4804c4 VarDecFromStr
0x4804c8 VarCyFromStr
0x4804cc VarBstrFromDate
0x4804d0 SysFreeString

Hosts

No hosts contacted.

TCP

Source Source Port Destination Destination Port
192.168.56.101 49192 113.108.239.194 r1---sn-j5o7dn7e.gvt1.com 80
192.168.56.101 49193 113.108.239.196 r3---sn-j5o7dn7e.gvt1.com 80
192.168.56.101 49190 203.208.40.66 update.googleapis.com 443
192.168.56.101 49191 203.208.41.65 redirector.gvt1.com 80

UDP

Source Source Port Destination Destination Port
192.168.56.101 51808 114.114.114.114 53
192.168.56.101 51963 114.114.114.114 53
192.168.56.101 54260 114.114.114.114 53
192.168.56.101 54991 114.114.114.114 53
192.168.56.101 55368 114.114.114.114 53
192.168.56.101 56539 114.114.114.114 53
192.168.56.101 60088 114.114.114.114 53
192.168.56.101 60221 114.114.114.114 53
192.168.56.101 60384 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 123 20.189.79.72 time.windows.com 123
192.168.56.101 49713 224.0.0.252 5355
192.168.56.101 51378 224.0.0.252 5355
192.168.56.101 53237 224.0.0.252 5355
192.168.56.101 53380 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 57236 224.0.0.252 5355
192.168.56.101 58367 224.0.0.252 5355
192.168.56.101 58970 224.0.0.252 5355

HTTP & HTTPS Requests

URI Data
http://redirector.gvt1.com/edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe 
HEAD /edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
User-Agent: Microsoft BITS/7.5
X-Old-UID: cnt=0
X-Last-HR: 0x0
X-Last-HTTP-Status-Code: 0
X-Retry-Count: 0
X-HTTP-Attempts: 1
Host: redirector.gvt1.com
http://r3---sn-j5o7dn7e.gvt1.com/edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe?mh=ms&mvi=3&pl=17&shardbypass=yes&redirect_counter=1&rm=sn-j5ok7e&req_id=163cb948cbbcaa48&cms_redirect=yes&ipbypass=yes&mip=59.50.85.19&mm=28&mn=sn-j5o7dn7e&ms=nvh&mt=1619779215&mv=m 
HEAD /edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe?mh=ms&mvi=3&pl=17&shardbypass=yes&redirect_counter=1&rm=sn-j5ok7e&req_id=163cb948cbbcaa48&cms_redirect=yes&ipbypass=yes&mip=59.50.85.19&mm=28&mn=sn-j5o7dn7e&ms=nvh&mt=1619779215&mv=m HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
User-Agent: Microsoft BITS/7.5
X-Old-UID: cnt=0
X-Last-HR: 0x0
X-Last-HTTP-Status-Code: 0
X-Retry-Count: 0
X-HTTP-Attempts: 1
Host: r3---sn-j5o7dn7e.gvt1.com
http://r1---sn-j5o7dn7e.gvt1.com/edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe?cms_redirect=yes&mh=ms&mip=202.100.214.100&mm=28&mn=sn-j5o7dn7e&ms=nvh&mt=1619779215&mv=m&mvi=1&pl=23&shardbypass=yes 
HEAD /edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe?cms_redirect=yes&mh=ms&mip=202.100.214.100&mm=28&mn=sn-j5o7dn7e&ms=nvh&mt=1619779215&mv=m&mvi=1&pl=23&shardbypass=yes HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
User-Agent: Microsoft BITS/7.5
X-Old-UID: cnt=0
X-Last-HR: 0x0
X-Last-HTTP-Status-Code: 0
X-Retry-Count: 0
X-HTTP-Attempts: 1
Host: r1---sn-j5o7dn7e.gvt1.com

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.