SmartHawk

3.4

中危

2 个模型检测该样本为恶意！

重新分析

下载样本

2379874dd66add9c34f1424d3b83e44f7a63f04bc58e31a9ca1979b0df783863

9fcf6a350e48d240069fb5100681db97.exe

分析耗时

95s

最近分析

文件大小

14.5MB

静态报毒动态报毒 BROWSEFOX GKCJ

未检测暂无鹰眼引擎检测结果

查杀引擎	查杀时间	查杀版本
McAfee	20181109	6.0.6.653
Alibaba	20180921	0.1.0.2
Baidu	20181109	1.0.0.2
Avast	20181109	18.4.3895.0
Tencent	20181109	1.0.0.1
Kingsoft	20181109	2013.8.14.323
CrowdStrike	20181022	1.0

Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available (1 个事件)

Time & API	Arguments	Status	Return	Repeated
1620993989.155999 GlobalMemoryStatusEx		success	1	0

The executable contains unknown PE section names indicative of a packer (could be a false positive) (2 个事件)

section	.itext
section	.didata

The executable uses a known packer (1 个事件)

packer

BobSoft Mini Delphi -> BoB / BobSoft

Allocates read-write-execute memory (usually to unpack itself) (2 个事件)

Time & API	Arguments	Status	Return	Repeated
1620993988.202999 NtAllocateVirtualMemory	process_identifier: 2120 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 4096 (MEM_COMMIT) base_address: 0x012a0000	success	0	0
1620993990.656374 NtAllocateVirtualMemory	process_identifier: 2244 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 4096 (MEM_COMMIT) base_address: 0x012e0000	success	0	0

A process attempted to delay the analysis task. (1 个事件)

description

9fcf6a350e48d240069fb5100681db97.exe tried to sleep 123 seconds, actually delayed analysis time by 123 seconds

Creates executable files on the filesystem (29 个事件)

file	C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\DISTRO\cbUninstall.exe
file	C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\DISTRO\CobStringList.dll
file	C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\DISTRO\cbManager.exe
file	C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\DISTRO\AlphaVSS.Win2003.x86.dll
file	C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\DISTRO\cbService.exe
file	C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\DISTRO\cbEngine.dll
file	C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\DISTRO\AlphaVSS.Win2008.x64.dll
file	C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\DISTRO\FMSImg32.dll
file	C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\DISTRO\AlphaVSS.Common.dll
file	C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\DISTRO\7za.dll
file	C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\DISTRO\cbDecrypter.exe
file	C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\DISTRO\cbSrvControlLib.dll
file	C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\DISTRO\cbLogon.dll
file	C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\DISTRO\cbSrvControl.exe
file	C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\DISTRO\cbInterface.exe
file	C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\DISTRO\libeay32.dll
file	C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\DISTRO\AlphaVSS.WinXP.x86.dll
file	C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\DISTRO\cbTranslator.exe
file	C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\DISTRO\zlib1.dll
file	C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\DISTRO\ssleay32.dll
file	C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\DISTRO\cbHelpreader.exe
file	C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\DISTRO\Cobian.exe
file	C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\DISTRO\cbPChecker.exe
file	C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\DISTRO\cbVSCService.exe
file	C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\cbSetupE.exe
file	C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\DISTRO\AlphaVSS.WinXP.x64.dll
file	C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\DISTRO\cbDecompressor.exe
file	C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\DISTRO\AlphaVSS.Win2008.x86.dll
file	C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\DISTRO\AlphaVSS.Win2003.x64.dll

Drops a binary and executes it (1 个事件)

file	C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\cbSetupE.exe

Drops an executable to the user AppData folder (26 个事件)

file	C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\DISTRO\cbPChecker.exe
file	C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\DISTRO\cbUninstall.exe
file	C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\DISTRO\AlphaVSS.Common.dll
file	C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\DISTRO\AlphaVSS.WinXP.x86.dll
file	C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\DISTRO\FMSImg32.dll
file	C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\DISTRO\zlib1.dll
file	C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\DISTRO\cbVSCService.exe
file	C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\DISTRO\Cobian.exe
file	C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\DISTRO\cbManager.exe
file	C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\DISTRO\libeay32.dll
file	C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\DISTRO\CobStringList.dll
file	C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\DISTRO\cbEngine.dll
file	C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\DISTRO\cbSrvControlLib.dll
file	C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\DISTRO\cbHelpreader.exe
file	C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\DISTRO\cbDecompressor.exe
file	C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\DISTRO\AlphaVSS.Win2003.x86.dll
file	C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\DISTRO\cbLogon.dll
file	C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\DISTRO\AlphaVSS.Win2008.x86.dll
file	C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\DISTRO\cbSrvControl.exe
file	C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\DISTRO\cbInterface.exe
file	C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\DISTRO\cbTranslator.exe
file	C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\DISTRO\cbDecrypter.exe
file	C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\cbSetupE.exe
file	C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\DISTRO\cbService.exe
file	C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\DISTRO\7za.dll
file	C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\DISTRO\ssleay32.dll

File has been identified by 2 AntiVirus engines on VirusTotal as malicious (2 个事件)

Zillya	Adware.BrowseFox.Win32.274054
Jiangmin	Trojan.Generic.gkcj

The binary likely contains encrypted or compressed data indicative of a packer (2 个事件)

entropy

7.942405341419206

section

{'size_of_data': '0x00dc5c00', 'virtual_address': '0x000cc000', 'entropy': 7.942405341419206, 'name': '.rsrc', 'virtual_size': '0x00dc5c00'}

description

A section with a high entropy has been found

entropy

0.9485153176177825

description

Overall entropy of this PE file is high

暂无二进制图像该样本未生成二进制可视化图像

暂无运行截图该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手，可以帮您分析和解读恶意软件报告。请随时向我提问！

🔍 主要威胁分析

⚡ 行为特征

🛡️ 防护建议

🔧 技术手段

🎯 检测方法

🤖

Static Analysis
Strings

PE Compile Time

2010-04-20 00:00:08

Imports

Library oleaut32.dll:

• 0x4b5980 SysFreeString

• 0x4b5984 SysReAllocStringLen

• 0x4b5988 SysAllocStringLen

Library advapi32.dll:

• 0x4b5990 RegQueryValueExW

• 0x4b5994 RegOpenKeyExW

• 0x4b5998 RegCloseKey

Library user32.dll:

• 0x4b59a0 LoadStringW

• 0x4b59a4 MessageBoxA

• 0x4b59a8 CharNextW

Library kernel32.dll:

• 0x4b59b0 lstrcmpiA

• 0x4b59b4 LoadLibraryA

• 0x4b59b8 LocalFree

• 0x4b59bc LocalAlloc

• 0x4b59c0 GetACP

• 0x4b59c4 Sleep

• 0x4b59c8 VirtualFree

• 0x4b59cc VirtualAlloc

• 0x4b59d0 GetSystemInfo

• 0x4b59d4 GetTickCount

• 0x4b59d8 QueryPerformanceCounter

• 0x4b59dc GetVersion

• 0x4b59e0 GetCurrentThreadId

• 0x4b59e4 VirtualQuery

• 0x4b59e8 WideCharToMultiByte

• 0x4b59ec MultiByteToWideChar

• 0x4b59f0 lstrlenW

• 0x4b59f4 lstrcpynW

• 0x4b59f8 LoadLibraryExW

• 0x4b59fc IsValidLocale

• 0x4b5a00 GetSystemDefaultUILanguage

• 0x4b5a04 GetStartupInfoA

• 0x4b5a08 GetProcAddress

• 0x4b5a0c GetModuleHandleW

• 0x4b5a10 GetModuleFileNameW

• 0x4b5a14 GetUserDefaultUILanguage

• 0x4b5a18 GetLocaleInfoW

• 0x4b5a1c GetLastError

• 0x4b5a20 GetCommandLineW

• 0x4b5a24 FreeLibrary

• 0x4b5a28 FindFirstFileW

• 0x4b5a2c FindClose

• 0x4b5a30 ExitProcess

• 0x4b5a34 ExitThread

• 0x4b5a38 CreateThread

• 0x4b5a3c CompareStringW

• 0x4b5a40 WriteFile

• 0x4b5a44 UnhandledExceptionFilter

• 0x4b5a48 RtlUnwind

• 0x4b5a4c RaiseException

• 0x4b5a50 GetStdHandle

• 0x4b5a54 DeleteCriticalSection

• 0x4b5a58 LeaveCriticalSection

• 0x4b5a5c EnterCriticalSection

• 0x4b5a60 InitializeCriticalSection

• 0x4b5a64 CloseHandle

Library kernel32.dll:

• 0x4b5a6c TlsSetValue

• 0x4b5a70 TlsGetValue

• 0x4b5a74 LocalAlloc

• 0x4b5a78 GetModuleHandleW

Library user32.dll:

• 0x4b5a80 CreateWindowExW

• 0x4b5a84 WindowFromPoint

• 0x4b5a88 WaitMessage

• 0x4b5a8c UpdateWindow

• 0x4b5a90 UnregisterClassW

• 0x4b5a94 UnhookWindowsHookEx

• 0x4b5a98 TranslateMessage

• 0x4b5a9c TranslateMDISysAccel

• 0x4b5aa0 TrackPopupMenu

• 0x4b5aa4 SystemParametersInfoW

• 0x4b5aa8 ShowWindow

• 0x4b5aac ShowScrollBar

• 0x4b5ab0 ShowOwnedPopups

• 0x4b5ab4 SetWindowsHookExW

• 0x4b5ab8 SetWindowTextW

• 0x4b5abc SetWindowPos

• 0x4b5ac0 SetWindowPlacement

• 0x4b5ac4 SetWindowLongW

• 0x4b5ac8 SetTimer

• 0x4b5acc SetScrollRange

• 0x4b5ad0 SetScrollPos

• 0x4b5ad4 SetScrollInfo

• 0x4b5ad8 SetRect

• 0x4b5adc SetPropW

• 0x4b5ae0 SetParent

• 0x4b5ae4 SetMenuItemInfoW

• 0x4b5ae8 SetMenu

• 0x4b5aec SetForegroundWindow

• 0x4b5af0 SetFocus

• 0x4b5af4 SetCursorPos

• 0x4b5af8 SetCursor

• 0x4b5afc SetClassLongW

• 0x4b5b00 SetCapture

• 0x4b5b04 SetActiveWindow

• 0x4b5b08 SendMessageA

• 0x4b5b0c SendMessageW

• 0x4b5b10 ScrollWindow

• 0x4b5b14 ScreenToClient

• 0x4b5b18 RemovePropW

• 0x4b5b1c RemoveMenu

• 0x4b5b20 ReleaseDC

• 0x4b5b24 ReleaseCapture

• 0x4b5b28 RegisterWindowMessageW

• 0x4b5b2c RegisterClipboardFormatW

• 0x4b5b30 RegisterClassW

• 0x4b5b34 RedrawWindow

• 0x4b5b38 PostQuitMessage

• 0x4b5b3c PostMessageW

• 0x4b5b40 PeekMessageA

• 0x4b5b44 PeekMessageW

• 0x4b5b48 OffsetRect

• 0x4b5b4c MsgWaitForMultipleObjectsEx

• 0x4b5b50 MsgWaitForMultipleObjects

• 0x4b5b54 MessageBoxW

• 0x4b5b58 MapWindowPoints

• 0x4b5b5c MapVirtualKeyW

• 0x4b5b60 LoadStringW

• 0x4b5b64 LoadKeyboardLayoutW

• 0x4b5b68 LoadIconW

• 0x4b5b6c LoadCursorW

• 0x4b5b70 LoadBitmapW

• 0x4b5b74 KillTimer

• 0x4b5b78 IsZoomed

• 0x4b5b7c IsWindowVisible

• 0x4b5b80 IsWindowUnicode

• 0x4b5b84 IsWindowEnabled

• 0x4b5b88 IsWindow

• 0x4b5b8c IsIconic

• 0x4b5b90 IsDialogMessageA

• 0x4b5b94 IsDialogMessageW

• 0x4b5b98 IsChild

• 0x4b5b9c InvalidateRect

• 0x4b5ba0 IntersectRect

• 0x4b5ba4 InsertMenuItemW

• 0x4b5ba8 InsertMenuW

• 0x4b5bac InflateRect

• 0x4b5bb0 GetWindowThreadProcessId

• 0x4b5bb4 GetWindowTextW

• 0x4b5bb8 GetWindowRect

• 0x4b5bbc GetWindowPlacement

• 0x4b5bc0 GetWindowLongW

• 0x4b5bc4 GetWindowDC

• 0x4b5bc8 GetTopWindow

• 0x4b5bcc GetSystemMetrics

• 0x4b5bd0 GetSystemMenu

• 0x4b5bd4 GetSysColorBrush

• 0x4b5bd8 GetSysColor

• 0x4b5bdc GetSubMenu

• 0x4b5be0 GetScrollRange

• 0x4b5be4 GetScrollPos

• 0x4b5be8 GetScrollInfo

• 0x4b5bec GetPropW

• 0x4b5bf0 GetParent

• 0x4b5bf4 GetWindow

• 0x4b5bf8 GetMessagePos

• 0x4b5bfc GetMessageExtraInfo

• 0x4b5c00 GetMenuStringW

• 0x4b5c04 GetMenuState

• 0x4b5c08 GetMenuItemInfoW

• 0x4b5c0c GetMenuItemID

• 0x4b5c10 GetMenuItemCount

• 0x4b5c14 GetMenu

• 0x4b5c18 GetLastActivePopup

• 0x4b5c1c GetKeyboardState

• 0x4b5c20 GetKeyboardLayoutNameW

• 0x4b5c24 GetKeyboardLayoutList

• 0x4b5c28 GetKeyboardLayout

• 0x4b5c2c GetKeyState

• 0x4b5c30 GetKeyNameTextW

• 0x4b5c34 GetIconInfo

• 0x4b5c38 GetForegroundWindow

• 0x4b5c3c GetFocus

• 0x4b5c40 GetDesktopWindow

• 0x4b5c44 GetDCEx

• 0x4b5c48 GetDC

• 0x4b5c4c GetCursorPos

• 0x4b5c50 GetCursor

• 0x4b5c54 GetClientRect

• 0x4b5c58 GetClassLongW

• 0x4b5c5c GetClassInfoW

• 0x4b5c60 GetCapture

• 0x4b5c64 GetActiveWindow

• 0x4b5c68 FrameRect

• 0x4b5c6c FindWindowExW

• 0x4b5c70 FindWindowW

• 0x4b5c74 FillRect

• 0x4b5c78 EnumWindows

• 0x4b5c7c EnumThreadWindows

• 0x4b5c80 EnumChildWindows

• 0x4b5c84 EndPaint

• 0x4b5c88 EnableWindow

• 0x4b5c8c EnableScrollBar

• 0x4b5c90 EnableMenuItem

• 0x4b5c94 DrawTextExW

• 0x4b5c98 DrawTextW

• 0x4b5c9c DrawMenuBar

• 0x4b5ca0 DrawIconEx

• 0x4b5ca4 DrawIcon

• 0x4b5ca8 DrawFrameControl

• 0x4b5cac DrawFocusRect

• 0x4b5cb0 DrawEdge

• 0x4b5cb4 DispatchMessageA

• 0x4b5cb8 DispatchMessageW

• 0x4b5cbc DestroyWindow

• 0x4b5cc0 DestroyMenu

• 0x4b5cc4 DestroyIcon

• 0x4b5cc8 DestroyCursor

• 0x4b5ccc DeleteMenu

• 0x4b5cd0 DefWindowProcW

• 0x4b5cd4 DefMDIChildProcW

• 0x4b5cd8 DefFrameProcW

• 0x4b5cdc CreatePopupMenu

• 0x4b5ce0 CreateMenu

• 0x4b5ce4 CreateIcon

• 0x4b5ce8 CreateAcceleratorTableW

• 0x4b5cec CopyIcon

• 0x4b5cf0 ClientToScreen

• 0x4b5cf4 CheckMenuItem

• 0x4b5cf8 CharUpperBuffW

• 0x4b5cfc CharNextW

• 0x4b5d00 CharLowerBuffW

• 0x4b5d04 CharLowerW

• 0x4b5d08 CallWindowProcW

• 0x4b5d0c CallNextHookEx

• 0x4b5d10 BeginPaint

• 0x4b5d14 AdjustWindowRectEx

• 0x4b5d18 ActivateKeyboardLayout

Library msimg32.dll:

• 0x4b5d20 AlphaBlend

Library gdi32.dll:

• 0x4b5d28 UnrealizeObject

• 0x4b5d2c StretchDIBits

• 0x4b5d30 StretchBlt

• 0x4b5d34 StartPage

• 0x4b5d38 StartDocW

• 0x4b5d3c SetWindowOrgEx

• 0x4b5d40 SetViewportOrgEx

• 0x4b5d44 SetTextColor

• 0x4b5d48 SetStretchBltMode

• 0x4b5d4c SetROP2

• 0x4b5d50 SetPixel

• 0x4b5d54 SetDIBits

• 0x4b5d58 SetDIBColorTable

• 0x4b5d5c SetBrushOrgEx

• 0x4b5d60 SetBkMode

• 0x4b5d64 SetBkColor

• 0x4b5d68 SetAbortProc

• 0x4b5d6c SelectPalette

• 0x4b5d70 SelectObject

• 0x4b5d74 SaveDC

• 0x4b5d78 RoundRect

• 0x4b5d7c RestoreDC

• 0x4b5d80 Rectangle

• 0x4b5d84 RectVisible

• 0x4b5d88 RealizePalette

• 0x4b5d8c Polyline

• 0x4b5d90 Polygon

• 0x4b5d94 PolyBezierTo

• 0x4b5d98 PolyBezier

• 0x4b5d9c Pie

• 0x4b5da0 PatBlt

• 0x4b5da4 MoveToEx

• 0x4b5da8 MaskBlt

• 0x4b5dac LineTo

• 0x4b5db0 IntersectClipRect

• 0x4b5db4 GetWindowOrgEx

• 0x4b5db8 GetTextMetricsW

• 0x4b5dbc GetTextExtentPoint32W

• 0x4b5dc0 GetSystemPaletteEntries

• 0x4b5dc4 GetStockObject

• 0x4b5dc8 GetRgnBox

• 0x4b5dcc GetPixel

• 0x4b5dd0 GetPaletteEntries

• 0x4b5dd4 GetObjectW

• 0x4b5dd8 GetDeviceCaps

• 0x4b5ddc GetDIBits

• 0x4b5de0 GetDIBColorTable

• 0x4b5de4 GetDCOrgEx

• 0x4b5de8 GetCurrentPositionEx

• 0x4b5dec GetClipBox

• 0x4b5df0 GetBrushOrgEx

• 0x4b5df4 GetBitmapBits

• 0x4b5df8 FrameRgn

• 0x4b5dfc ExtTextOutW

• 0x4b5e00 ExtFloodFill

• 0x4b5e04 ExcludeClipRect

• 0x4b5e08 EnumFontsW

• 0x4b5e0c EnumFontFamiliesExW

• 0x4b5e10 EndPage

• 0x4b5e14 EndDoc

• 0x4b5e18 Ellipse

• 0x4b5e1c DeleteObject

• 0x4b5e20 DeleteDC

• 0x4b5e24 CreateSolidBrush

• 0x4b5e28 CreateRectRgn

• 0x4b5e2c CreatePenIndirect

• 0x4b5e30 CreatePalette

• 0x4b5e34 CreateICW

• 0x4b5e38 CreateHalftonePalette

• 0x4b5e3c CreateFontIndirectW

• 0x4b5e40 CreateDIBitmap

• 0x4b5e44 CreateDIBSection

• 0x4b5e48 CreateDCW

• 0x4b5e4c CreateCompatibleDC

• 0x4b5e50 CreateCompatibleBitmap

• 0x4b5e54 CreateBrushIndirect

• 0x4b5e58 CreateBitmap

• 0x4b5e5c Chord

• 0x4b5e60 BitBlt

• 0x4b5e64 Arc

• 0x4b5e68 AbortDoc

Library version.dll:

• 0x4b5e70 VerQueryValueW

• 0x4b5e74 GetFileVersionInfoSizeW

• 0x4b5e78 GetFileVersionInfoW

Library kernel32.dll:

• 0x4b5e80 lstrcpyW

• 0x4b5e84 WriteFile

• 0x4b5e88 WideCharToMultiByte

• 0x4b5e8c WaitNamedPipeW

• 0x4b5e90 WaitForSingleObject

• 0x4b5e94 WaitForMultipleObjectsEx

• 0x4b5e98 VirtualQueryEx

• 0x4b5e9c VirtualQuery

• 0x4b5ea0 VirtualFree

• 0x4b5ea4 VirtualAlloc

• 0x4b5ea8 TryEnterCriticalSection

• 0x4b5eac SwitchToThread

• 0x4b5eb0 SuspendThread

• 0x4b5eb4 Sleep

• 0x4b5eb8 SizeofResource

• 0x4b5ebc SignalObjectAndWait

• 0x4b5ec0 SetThreadPriority

• 0x4b5ec4 SetThreadLocale

• 0x4b5ec8 SetNamedPipeHandleState

• 0x4b5ecc SetLastError

• 0x4b5ed0 SetFilePointer

• 0x4b5ed4 SetEvent

• 0x4b5ed8 SetErrorMode

• 0x4b5edc SetEndOfFile

• 0x4b5ee0 ResumeThread

• 0x4b5ee4 ResetEvent

• 0x4b5ee8 ReleaseMutex

• 0x4b5eec ReadFile

• 0x4b5ef0 RaiseException

• 0x4b5ef4 PeekNamedPipe

• 0x4b5ef8 IsDebuggerPresent

• 0x4b5efc MultiByteToWideChar

• 0x4b5f00 MulDiv

• 0x4b5f04 LockResource

• 0x4b5f08 LoadResource

• 0x4b5f0c LoadLibraryW

• 0x4b5f10 LeaveCriticalSection

• 0x4b5f14 IsValidLocale

• 0x4b5f18 InitializeCriticalSection

• 0x4b5f1c GlobalUnlock

• 0x4b5f20 GlobalLock

• 0x4b5f24 GlobalFree

• 0x4b5f28 GlobalFindAtomW

• 0x4b5f2c GlobalDeleteAtom

• 0x4b5f30 GlobalAlloc

• 0x4b5f34 GlobalAddAtomW

• 0x4b5f38 GetWindowsDirectoryW

• 0x4b5f3c GetVersionExW

• 0x4b5f40 GetVersion

• 0x4b5f44 GetTickCount

• 0x4b5f48 GetThreadPriority

• 0x4b5f4c GetThreadLocale

• 0x4b5f50 GetTempPathW

• 0x4b5f54 GetSystemDirectoryW

• 0x4b5f58 GetStdHandle

• 0x4b5f5c GetLongPathNameW

• 0x4b5f60 GetProcAddress

• 0x4b5f64 GetModuleHandleW

• 0x4b5f68 GetModuleFileNameW

• 0x4b5f6c GetLocaleInfoW

• 0x4b5f70 GetLocalTime

• 0x4b5f74 GetLastError

• 0x4b5f78 GetFullPathNameW

• 0x4b5f7c GetFileAttributesW

• 0x4b5f80 GetExitCodeThread

• 0x4b5f84 GetDiskFreeSpaceW

• 0x4b5f88 GetDateFormatW

• 0x4b5f8c GetCurrentThreadId

• 0x4b5f90 GetCurrentThread

• 0x4b5f94 GetCurrentProcessId

• 0x4b5f98 GetCurrentProcess

• 0x4b5f9c GetCPInfo

• 0x4b5fa0 FreeResource

• 0x4b5fa4 InterlockedExchangeAdd

• 0x4b5fa8 InterlockedExchange

• 0x4b5fac InterlockedCompareExchange

• 0x4b5fb0 FreeLibrary

• 0x4b5fb4 FormatMessageW

• 0x4b5fb8 FlushFileBuffers

• 0x4b5fbc FindResourceW

• 0x4b5fc0 FindFirstFileW

• 0x4b5fc4 FindClose

• 0x4b5fc8 EnumCalendarInfoW

• 0x4b5fcc EnterCriticalSection

• 0x4b5fd0 DisconnectNamedPipe

• 0x4b5fd4 DeleteFileW

• 0x4b5fd8 DeleteCriticalSection

• 0x4b5fdc CreateThread

• 0x4b5fe0 CreateProcessW

• 0x4b5fe4 CreateNamedPipeW

• 0x4b5fe8 CreateMutexW

• 0x4b5fec CreateFileW

• 0x4b5ff0 CreateEventW

• 0x4b5ff4 ConnectNamedPipe

• 0x4b5ff8 CompareStringW

• 0x4b5ffc CloseHandle

Library advapi32.dll:

• 0x4b6004 SetSecurityDescriptorDacl

• 0x4b6008 RegUnLoadKeyW

• 0x4b600c RegSetValueExW

• 0x4b6010 RegSaveKeyW

• 0x4b6014 RegRestoreKeyW

• 0x4b6018 RegReplaceKeyW

• 0x4b601c RegQueryValueExW

• 0x4b6020 RegQueryInfoKeyW

• 0x4b6024 RegOpenKeyExW

• 0x4b6028 RegLoadKeyW

• 0x4b602c RegFlushKey

• 0x4b6030 RegEnumValueW

• 0x4b6034 RegEnumKeyExW

• 0x4b6038 RegDeleteValueW

• 0x4b603c RegDeleteKeyW

• 0x4b6040 RegCreateKeyExW

• 0x4b6044 RegConnectRegistryW

• 0x4b6048 RegCloseKey

• 0x4b604c InitializeSecurityDescriptor

Library ole32.dll:

• 0x4b6054 OleUninitialize

• 0x4b6058 OleInitialize

Library comctl32.dll:

• 0x4b6060 InitializeFlatSB

• 0x4b6064 FlatSB_SetScrollProp

• 0x4b6068 FlatSB_SetScrollPos

• 0x4b606c FlatSB_SetScrollInfo

• 0x4b6070 FlatSB_GetScrollPos

• 0x4b6074 FlatSB_GetScrollInfo

• 0x4b6078 _TrackMouseEvent

• 0x4b607c ImageList_GetImageInfo

• 0x4b6080 ImageList_SetIconSize

• 0x4b6084 ImageList_GetIconSize

• 0x4b6088 ImageList_Write

• 0x4b608c ImageList_Read

• 0x4b6090 ImageList_GetDragImage

• 0x4b6094 ImageList_DragShowNolock

• 0x4b6098 ImageList_DragMove

• 0x4b609c ImageList_DragLeave

• 0x4b60a0 ImageList_DragEnter

• 0x4b60a4 ImageList_EndDrag

• 0x4b60a8 ImageList_BeginDrag

• 0x4b60ac ImageList_Copy

• 0x4b60b0 ImageList_LoadImageW

• 0x4b60b4 ImageList_GetIcon

• 0x4b60b8 ImageList_Remove

• 0x4b60bc ImageList_DrawEx

• 0x4b60c0 ImageList_Replace

• 0x4b60c4 ImageList_Draw

• 0x4b60c8 ImageList_SetOverlayImage

• 0x4b60cc ImageList_GetBkColor

• 0x4b60d0 ImageList_SetBkColor

• 0x4b60d4 ImageList_ReplaceIcon

• 0x4b60d8 ImageList_Add

• 0x4b60dc ImageList_SetImageCount

• 0x4b60e0 ImageList_GetImageCount

• 0x4b60e4 ImageList_Destroy

• 0x4b60e8 ImageList_Create

Library kernel32.dll:

• 0x4b60f0 Sleep

Library ole32.dll:

• 0x4b60f8 CoTaskMemFree

• 0x4b60fc StringFromCLSID

• 0x4b6100 CoCreateGuid

Library oleaut32.dll:

• 0x4b6108 SafeArrayPtrOfIndex

• 0x4b610c SafeArrayGetUBound

• 0x4b6110 SafeArrayGetLBound

• 0x4b6114 SafeArrayCreate

• 0x4b6118 VariantChangeType

• 0x4b611c VariantCopy

• 0x4b6120 VariantClear

• 0x4b6124 VariantInit

Library shell32.dll:

• 0x4b612c ShellExecuteW

Library shell32.dll:

• 0x4b6134 SHGetSpecialFolderLocation

• 0x4b6138 SHGetPathFromIDListW

Library winspool.drv:

• 0x4b6140 OpenPrinterW

• 0x4b6144 EnumPrintersW

• 0x4b6148 DocumentPropertiesW

• 0x4b614c ClosePrinter

Library winspool.drv:

• 0x4b6154 GetDefaultPrinterW

Hosts

No hosts contacted.

DNS

Name	Response	Post-Analysis Lookup
dns.msftncsi.com	AAAA fd3e:4f5a:5b81::1	131.107.255.255
time.windows.com	A 20.189.79.72 CNAME time.microsoft.akadns.net
clients2.google.com	A 172.217.24.14 CNAME clients.l.google.com	172.217.24.14
dns.msftncsi.com	A 131.107.255.255	131.107.255.255
teredo.ipv6.microsoft.com

TCP

No TCP connections recorded.

UDP

Source	Source Port	Destination	Destination Port
192.168.56.101	49235	114.114.114.114	53
192.168.56.101	50534	114.114.114.114	53
192.168.56.101	55368	114.114.114.114	53
192.168.56.101	57756	114.114.114.114	53
192.168.56.101	65004	114.114.114.114	53
192.168.56.101	137	192.168.56.255	137
192.168.56.101	138	192.168.56.255	138
192.168.56.101	123	20.189.79.72 time.windows.com	123
192.168.56.101	51378	224.0.0.252	5355
192.168.56.101	51808	224.0.0.252	5355
192.168.56.101	51963	224.0.0.252	5355
192.168.56.101	53237	224.0.0.252	5355
192.168.56.101	56804	224.0.0.252	5355
192.168.56.101	62191	224.0.0.252	5355
192.168.56.101	63429	224.0.0.252	5355
192.168.56.101	1900	239.255.255.250	1900
192.168.56.101	51809	239.255.255.250	3702
192.168.56.101	51811	239.255.255.250	3702
192.168.56.101	56807	239.255.255.250	1900
192.168.56.101	58707	239.255.255.250	3702

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.

Sorry! No dropped buffers.