SmartHawk

8.2

高危

42 个模型检测该样本为恶意！

重新分析

下载样本

44979b3e2e49934c1b0a344711408cfe8d19c54c0c177cbc80425955b1d71b3d

a76516f09d5419c54e984b49339b6077.exe

分析耗时

38s

最近分析

文件大小

1.0MB

静态报毒动态报毒 ACCG ATRAPS BADCERT CLASSIC DANGEROUSSIG GENCIRC GENERICRXLV HIGH CONFIDENCE HTFZGN MALCERT MALWARE@#2HYC83FZUQHEM METERPRETER NETTRAVELER R002C0DHO20 SCORE TRAVNET UN6KFKMBJ64 UNSAFE 更多

未检测暂无鹰眼引擎检测结果

查杀引擎	查杀结果	查杀时间	查杀版本
Alibaba	TrojanDownloader:Win32/NetTraveler.1f20aaa6	20190527	0.3.0.5
Baidu		20190318	1.0.0.2
Avast	Win32:DangerousSig [Trj]	20201023	18.4.3895.0
Kingsoft		20201023	2013.8.14.323
McAfee	GenericRXLV-VX!A76516F09D54	20201023	6.0.6.653
Tencent	Malware.Win32.Gencirc.11adc25d	20201023	1.0.0.1
CrowdStrike		20190702	1.0

Command line console output was observed (50 out of 135 个事件)

Time & API	Arguments	Status	Return
1619826887.079046 WriteConsoleA	buffer: F console_handle: 0x00000007	success	1
1619826887.079046 WriteConsoleA	buffer: i console_handle: 0x00000007	success	1
1619826887.079046 WriteConsoleA	buffer: l console_handle: 0x00000007	success	1
1619826887.079046 WriteConsoleA	buffer: e console_handle: 0x00000007	success	1
1619826887.079046 WriteConsoleA	buffer: n console_handle: 0x00000007	success	1
1619826887.095046 WriteConsoleA	buffer: a console_handle: 0x00000007	success	1
1619826887.095046 WriteConsoleA	buffer: m console_handle: 0x00000007	success	1
1619826887.095046 WriteConsoleA	buffer: e console_handle: 0x00000007	success	1
1619826887.095046 WriteConsoleA	buffer: s console_handle: 0x00000007	success	1
1619826887.095046 WriteConsoleA	buffer: u console_handle: 0x00000007	success	1
1619826887.095046 WriteConsoleA	buffer: c console_handle: 0x00000007	success	1
1619826887.110046 WriteConsoleA	buffer: c console_handle: 0x00000007	success	1
1619826887.110046 WriteConsoleA	buffer: e console_handle: 0x00000007	success	1
1619826887.110046 WriteConsoleA	buffer: s console_handle: 0x00000007	success	1
1619826887.110046 WriteConsoleA	buffer: s console_handle: 0x00000007	success	1
1619826887.110046 WriteConsoleA	buffer: C console_handle: 0x00000007	success	1
1619826887.126046 WriteConsoleA	buffer: U console_handle: 0x00000007	success	1
1619826887.126046 WriteConsoleA	buffer: s console_handle: 0x00000007	success	1
1619826887.126046 WriteConsoleA	buffer: e console_handle: 0x00000007	success	1
1619826887.126046 WriteConsoleA	buffer: r console_handle: 0x00000007	success	1
1619826887.126046 WriteConsoleA	buffer: s console_handle: 0x00000007	success	1
1619826887.126046 WriteConsoleA	buffer: A console_handle: 0x00000007	success	1
1619826887.126046 WriteConsoleA	buffer: d console_handle: 0x00000007	success	1
1619826887.126046 WriteConsoleA	buffer: m console_handle: 0x00000007	success	1
1619826887.126046 WriteConsoleA	buffer: i console_handle: 0x00000007	success	1
1619826887.142046 WriteConsoleA	buffer: n console_handle: 0x00000007	success	1
1619826887.142046 WriteConsoleA	buffer: i console_handle: 0x00000007	success	1
1619826887.142046 WriteConsoleA	buffer: s console_handle: 0x00000007	success	1
1619826887.142046 WriteConsoleA	buffer: t console_handle: 0x00000007	success	1
1619826887.142046 WriteConsoleA	buffer: r console_handle: 0x00000007	success	1
1619826887.142046 WriteConsoleA	buffer: a console_handle: 0x00000007	success	1
1619826887.142046 WriteConsoleA	buffer: t console_handle: 0x00000007	success	1
1619826887.157046 WriteConsoleA	buffer: o console_handle: 0x00000007	success	1
1619826887.157046 WriteConsoleA	buffer: r console_handle: 0x00000007	success	1
1619826887.157046 WriteConsoleA	buffer: O console_handle: 0x00000007	success	1
1619826887.157046 WriteConsoleA	buffer: s console_handle: 0x00000007	success	1
1619826887.157046 WriteConsoleA	buffer: k console_handle: 0x00000007	success	1
1619826887.157046 WriteConsoleA	buffer: a console_handle: 0x00000007	success	1
1619826887.157046 WriteConsoleA	buffer: r console_handle: 0x00000007	success	1
1619826887.157046 WriteConsoleA	buffer: P console_handle: 0x00000007	success	1
1619826887.157046 WriteConsoleA	buffer: C console_handle: 0x00000007	success	1
1619826887.157046 WriteConsoleA	buffer: A console_handle: 0x00000007	success	1
1619826887.157046 WriteConsoleA	buffer: p console_handle: 0x00000007	success	1
1619826887.157046 WriteConsoleA	buffer: p console_handle: 0x00000007	success	1
1619826887.157046 WriteConsoleA	buffer: D console_handle: 0x00000007	success	1
1619826887.173046 WriteConsoleA	buffer: a console_handle: 0x00000007	success	1
1619826887.173046 WriteConsoleA	buffer: t console_handle: 0x00000007	success	1
1619826887.173046 WriteConsoleA	buffer: a console_handle: 0x00000007	success	1
1619826887.173046 WriteConsoleA	buffer: L console_handle: 0x00000007	success	1
1619826887.173046 WriteConsoleA	buffer: o console_handle: 0x00000007	success	1

This executable is signed

One or more potentially interesting buffers were extracted, these generally contain injected code, configuration data, etc.

Checks adapter addresses which can be used to detect virtual network interfaces (1 个事件)

Time & API	Arguments	Status	Return	Repeated
1619826886.720046 GetAdaptersAddresses	flags: 0 family: 0	failed	111	0

One or more of the buffers contains an embedded PE file (1 个事件)

buffer

Buffer with sha1: c8fd75e96f7655576129ebc6ca24cbc7a98830de

Communicates with host for which no DNS query was performed (1 个事件)

host

172.217.24.14

Allocates execute permission to another process indicative of possible code injection (2 个事件)

Time & API	Arguments	Status	Return	Repeated
1619826894.438046 NtAllocateVirtualMemory	process_identifier: 2504 region_size: 20480 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0x000003e0 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) base_address: 0x00400000	success	0	0
1619826900.517046 NtAllocateVirtualMemory	process_identifier: 0 region_size: 16385 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0x00000000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) base_address: 0x00400000	failed	3221225480	0

Manipulates memory of a non-child process indicative of process injection (6 个事件)

Time & API	Arguments	Status	Return	Repeated
Process injection	Process 2136 manipulating memory of non-child process 2504
Process injection	Process 2136 manipulating memory of non-child process 0
1619826894.438046 NtUnmapViewOfSection	process_identifier: 2504 region_size: 4096 process_handle: 0x000003e0 base_address: 0x00400000	success	0	0
1619826894.438046 NtAllocateVirtualMemory	process_identifier: 2504 region_size: 20480 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0x000003e0 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) base_address: 0x00400000	success	0	0
1619826900.517046 NtUnmapViewOfSection	process_identifier: 0 region_size: 0 process_handle: 0x00000000 base_address: 0x00400000	failed	3221225480	0
1619826900.517046 NtAllocateVirtualMemory	process_identifier: 0 region_size: 16385 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0x00000000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) base_address: 0x00400000	failed	3221225480	0

Sets or modifies WPAD proxy autoconfiguration file for traffic interception (8 个事件)

Time & API	Arguments	Status
1619826889.313046 RegSetValueExA	key_handle: 0x000003bc value: 1 regkey_r: WpadDecisionReason reg_type: 4 (REG_DWORD) regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionReason	success
1619826889.313046 RegSetValueExA	key_handle: 0x000003bc value: °§8¿a>× regkey_r: WpadDecisionTime reg_type: 3 (REG_BINARY) regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionTime	success
1619826889.313046 RegSetValueExA	key_handle: 0x000003bc value: 3 regkey_r: WpadDecision reg_type: 4 (REG_DWORD) regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecision	success
1619826889.313046 RegSetValueExW	key_handle: 0x000003bc value: 网络 2 regkey_r: WpadNetworkName reg_type: 1 (REG_SZ) regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadNetworkName	success
1619826889.313046 RegSetValueExA	key_handle: 0x000003e0 value: 1 regkey_r: WpadDecisionReason reg_type: 4 (REG_DWORD) regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionReason	success
1619826889.313046 RegSetValueExA	key_handle: 0x000003e0 value: °§8¿a>× regkey_r: WpadDecisionTime reg_type: 3 (REG_BINARY) regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionTime	success
1619826889.313046 RegSetValueExA	key_handle: 0x000003e0 value: 3 regkey_r: WpadDecision reg_type: 4 (REG_DWORD) regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecision	success
1619826889.329046 RegSetValueExW	key_handle: 0x000003b8 value: {40112ABE-63B3-43C3-BE93-1440EE3AF106} regkey_r: WpadLastNetwork reg_type: 1 (REG_SZ) regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\WpadLastNetwork	success

Network activity contains more than one unique useragent (2 个事件)

process	a76516f09d5419c54e984b49339b6077.exe				useragent
process	a76516f09d5419c54e984b49339b6077.exe				useragent	Internal

Used NtSetContextThread to modify a thread in a remote process indicative of process injection (4 个事件)

Time & API	Arguments	Status	Return	Repeated
Process injection	Process 2136 called NtSetContextThread to modify thread in remote process 0
Process injection	Process 2136 called NtSetContextThread to modify thread in remote process 2504
1619826898.501046 NtSetContextThread	thread_handle: 0x00000000 registers.eip: 2010382788 registers.esp: 2686960 registers.edi: 0 registers.eax: 4201444 registers.ebp: 0 registers.edx: 0 registers.ebx: 2130567168 registers.esi: 0 registers.ecx: 0 process_identifier: 0	failed	3221225480	0
1619826900.517046 NtSetContextThread	thread_handle: 0x000003bc registers.eip: 2010382788 registers.esp: 2686960 registers.edi: 0 registers.eax: 4201444 registers.ebp: 0 registers.edx: 0 registers.ebx: 2130567168 registers.esi: 0 registers.ecx: 0 process_identifier: 2504	success	0	0

Resumed a suspended thread in a remote process potentially indicative of process injection (2 个事件)

Time & API	Arguments	Status	Return	Repeated
Process injection	Process 2136 resumed a thread in remote process 2504
1619826904.767046 NtResumeThread	thread_handle: 0x000003bc suspend_count: 1 process_identifier: 2504	success	0	0

Executed a process and injected code into it, probably while unpacking (14 个事件)

Time & API	Arguments	Status	Return
1619826892.423046 CreateProcessInternalW	thread_identifier: 1380 thread_handle: 0x000003bc process_identifier: 2504 current_directory: filepath: track: 1 command_line: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\a76516f09d5419c54e984b49339b6077.exe filepath_r: stack_pivoted: 0 creation_flags: 4 (CREATE_SUSPENDED) process_handle: 0x000003e0 inherit_handles: 0	success	1
1619826894.438046 NtUnmapViewOfSection	process_identifier: 2504 region_size: 4096 process_handle: 0x000003e0 base_address: 0x00400000	success	0
1619826894.438046 NtAllocateVirtualMemory	process_identifier: 2504 region_size: 20480 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0x000003e0 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) base_address: 0x00400000	success	0
1619826894.438046 WriteProcessMemory	process_identifier: 2504 buffer: process_handle: 0x000003e0 base_address: 0x00400000	success	1
1619826896.438046 WriteProcessMemory	process_identifier: 2504 buffer: process_handle: 0x000003e0 base_address: 0x00401000	success	1
1619826896.438046 WriteProcessMemory	process_identifier: 2504 buffer: process_handle: 0x000003e0 base_address: 0x00402000	success	1
1619826896.438046 WriteProcessMemory	process_identifier: 2504 buffer: process_handle: 0x000003e0 base_address: 0x00403000	success	1
1619826898.438046 NtGetContextThread	thread_handle: 0x000003bc	success	0
1619826898.501046 NtSetContextThread	thread_handle: 0x00000000 registers.eip: 2010382788 registers.esp: 2686960 registers.edi: 0 registers.eax: 4201444 registers.ebp: 0 registers.edx: 0 registers.ebx: 2130567168 registers.esi: 0 registers.ecx: 0 process_identifier: 0	failed	3221225480
1619826900.517046 WriteProcessMemory	process_identifier: 0 buffer: process_handle: 0x00000000 base_address: 0x00400000	failed	0
1619826900.517046 NtUnmapViewOfSection	process_identifier: 0 region_size: 0 process_handle: 0x00000000 base_address: 0x00400000	failed	3221225480
1619826900.517046 NtAllocateVirtualMemory	process_identifier: 0 region_size: 16385 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0x00000000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) base_address: 0x00400000	failed	3221225480
1619826900.517046 NtSetContextThread	thread_handle: 0x000003bc registers.eip: 2010382788 registers.esp: 2686960 registers.edi: 0 registers.eax: 4201444 registers.ebp: 0 registers.edx: 0 registers.ebx: 2130567168 registers.esi: 0 registers.ecx: 0 process_identifier: 2504	success	0
1619826904.767046 NtResumeThread	thread_handle: 0x000003bc suspend_count: 1 process_identifier: 2504	success	0

File has been identified by 42 AntiVirus engines on VirusTotal as malicious (42 个事件)

Elastic	malicious (high confidence)
FireEye	Generic.mg.a76516f09d5419c5
Zillya	Dropper.NetTraveler.Win32.2
Sangfor	Malware
K7AntiVirus	Trojan ( 0009162c1 )
Alibaba	TrojanDownloader:Win32/NetTraveler.1f20aaa6
K7GW	Trojan ( 0009162c1 )
Cybereason	malicious.5adcc8
TrendMicro	TROJ_GEN.R002C0DHO20
Symantec	Trojan.Travnet
APEX	Malicious
Avast	Win32:DangerousSig [Trj]
Kaspersky	Trojan-Dropper.Win32.NetTraveler.r
NANO-Antivirus	Trojan.Win32.NetTraveler.htfzgn
Paloalto	generic.ml
AegisLab	Trojan.Win32.NetTraveler.b!c
Rising	Trojan.MalCert!1.C7FD (CLASSIC)
Emsisoft	MalCert.A (A)
Comodo	Malware@#2hyc83fzuqhem
F-Secure	Trojan.TR/ATRAPS.Gen
DrWeb	BackDoor.Spy.3756
VIPRE	Trojan.Win32.Generic!BT
Invincea	Mal/BadCert-Gen
McAfee-GW-Edition	GenericRXLV-VX!A76516F09D54
Sophos	Mal/BadCert-Gen
Ikarus	Trojan.Win32.Meterpreter
Avira	TR/ATRAPS.Gen
Antiy-AVL	Trojan[Dropper]/Win32.NetTraveler
Microsoft	TrojanDownloader:Win32/Travnet.B
ZoneAlarm	Trojan-Dropper.Win32.NetTraveler.r
Cynet	Malicious (score: 85)
McAfee	GenericRXLV-VX!A76516F09D54
VBA32	Backdoor.Spy
Cylance	Unsafe
ESET-NOD32	a variant of Win32/Agent.ACCG.gen
TrendMicro-HouseCall	TROJ_GEN.R002C0DHO20
Tencent	Malware.Win32.Gencirc.11adc25d
Yandex	Trojan.Agent!uN6KfkMBj64
Fortinet	W32/Agent.ACCG!tr
AVG	Win32:DangerousSig [Trj]
Panda	Trj/CI.A
Qihoo-360	Win32/Trojan.Dropper.42b

暂无二进制图像该样本未生成二进制可视化图像

暂无运行截图该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手，可以帮您分析和解读恶意软件报告。请随时向我提问！

🔍 主要威胁分析

⚡ 行为特征

🛡️ 防护建议

🔧 技术手段

🎯 检测方法

🤖

Static Analysis
Strings

PE Compile Time

2020-08-24 20:44:00

Imports

Library ADVAPI32.DLL:

• 0x4fd2b8 RegCreateKeyExA

• 0x4fd2bc RegSetValueExA

Library KERNEL32.dll:

• 0x4fd2c4 CloseHandle

• 0x4fd2c8 CreateDirectoryA

• 0x4fd2cc CreateSemaphoreW

• 0x4fd2d0 DeleteCriticalSection

• 0x4fd2d4 EnterCriticalSection

• 0x4fd2d8 ExitProcess

• 0x4fd2dc FindClose

• 0x4fd2e0 FindFirstFileA

• 0x4fd2e4 FindNextFileA

• 0x4fd2e8 FindResourceA

• 0x4fd2ec FormatMessageA

• 0x4fd2f0 FreeLibrary

• 0x4fd2f4 GetCPInfo

• 0x4fd2f8 GetCommandLineA

• 0x4fd2fc GetCurrentProcess

• 0x4fd300 GetCurrentThreadId

• 0x4fd304 GetFileSize

• 0x4fd308 GetLastError

• 0x4fd30c GetModuleFileNameA

• 0x4fd310 GetModuleHandleA

• 0x4fd314 GetProcAddress

• 0x4fd318 GetSystemDirectoryA

• 0x4fd31c InitializeCriticalSection

• 0x4fd320 InterlockedDecrement

• 0x4fd324 InterlockedExchange

• 0x4fd328 InterlockedIncrement

• 0x4fd32c LeaveCriticalSection

• 0x4fd330 LoadLibraryA

• 0x4fd334 LoadLibraryW

• 0x4fd338 LoadResource

• 0x4fd33c LocalFree

• 0x4fd340 LockResource

• 0x4fd344 MultiByteToWideChar

• 0x4fd348 OpenProcess

• 0x4fd34c Process32First

• 0x4fd350 Process32Next

• 0x4fd354 ReleaseSemaphore

• 0x4fd358 SetLastError

• 0x4fd35c SetUnhandledExceptionFilter

• 0x4fd360 SizeofResource

• 0x4fd364 Sleep

• 0x4fd368 TlsAlloc

• 0x4fd36c TlsFree

• 0x4fd370 TlsGetValue

• 0x4fd374 TlsSetValue

• 0x4fd378 VirtualProtect

• 0x4fd37c VirtualQuery

• 0x4fd380 WaitForSingleObject

• 0x4fd384 WideCharToMultiByte

• 0x4fd388 lstrcatA

• 0x4fd38c lstrcmpA

• 0x4fd390 lstrcpyA

• 0x4fd394 lstrlenA

Library msvcrt.dll:

• 0x4fd39c _fdopen

• 0x4fd3a0 _fstat

• 0x4fd3a4 _lseek

• 0x4fd3a8 _read

• 0x4fd3ac _strdup

• 0x4fd3b0 _stricoll

• 0x4fd3b4 _write

Library msvcrt.dll:

• 0x4fd3bc __getmainargs

• 0x4fd3c0 __mb_cur_max

• 0x4fd3c4 __p__environ

• 0x4fd3c8 __p__fmode

• 0x4fd3cc __set_app_type

• 0x4fd3d0 _cexit

• 0x4fd3d4 _errno

• 0x4fd3d8 _filbuf

• 0x4fd3dc _flsbuf

• 0x4fd3e0 _fpreset

• 0x4fd3e4 _fullpath

• 0x4fd3e8 _iob

• 0x4fd3ec _isctype

• 0x4fd3f0 _onexit

• 0x4fd3f4 _pctype

• 0x4fd3f8 _setmode

• 0x4fd3fc _wfopen

• 0x4fd400 abort

• 0x4fd404 atexit

• 0x4fd408 atoi

• 0x4fd40c btowc

• 0x4fd410 calloc

• 0x4fd414 fclose

• 0x4fd418 fflush

• 0x4fd41c fopen

• 0x4fd420 fputc

• 0x4fd424 fputs

• 0x4fd428 fread

• 0x4fd42c free

• 0x4fd430 fseek

• 0x4fd434 ftell

• 0x4fd438 fwrite

• 0x4fd43c getenv

• 0x4fd440 getwc

• 0x4fd444 iswctype

• 0x4fd448 localeconv

• 0x4fd44c malloc

• 0x4fd450 mbrtowc

• 0x4fd454 mbstowcs

• 0x4fd458 memchr

• 0x4fd45c memcmp

• 0x4fd460 memcpy

• 0x4fd464 memmove

• 0x4fd468 memset

• 0x4fd46c putwc

• 0x4fd470 realloc

• 0x4fd474 setlocale

• 0x4fd478 setvbuf

• 0x4fd47c signal

• 0x4fd480 sprintf

• 0x4fd484 strchr

• 0x4fd488 strcmp

• 0x4fd48c strcoll

• 0x4fd490 strerror

• 0x4fd494 strftime

• 0x4fd498 strlen

• 0x4fd49c strncmp

• 0x4fd4a0 strstr

• 0x4fd4a4 strtod

• 0x4fd4a8 strtoul

• 0x4fd4ac strxfrm

• 0x4fd4b0 tolower

• 0x4fd4b4 towlower

• 0x4fd4b8 towupper

• 0x4fd4bc ungetc

• 0x4fd4c0 ungetwc

• 0x4fd4c4 vfprintf

• 0x4fd4c8 wcscoll

• 0x4fd4cc wcsftime

• 0x4fd4d0 wcslen

• 0x4fd4d4 wcstombs

• 0x4fd4d8 wcsxfrm

• 0x4fd4dc wctob

Library WININET.DLL:

• 0x4fd4e4 InternetCheckConnectionA

• 0x4fd4e8 InternetCloseHandle

• 0x4fd4ec InternetOpenA

• 0x4fd4f0 InternetOpenUrlA

Hosts

No hosts contacted.

DNS

Name	Response	Post-Analysis Lookup
dns.msftncsi.com	A 131.107.255.255	131.107.255.255
www.malsitenotreachablehahahahahahahah.com
www.notdetectedmaliciouscode.com
dns.msftncsi.com	AAAA fd3e:4f5a:5b81::1	131.107.255.255
teredo.ipv6.microsoft.com		127.0.0.1

TCP

No TCP connections recorded.

UDP

Source	Source Port	Destination	Destination Port
192.168.56.101	49235	114.114.114.114	53
192.168.56.101	50534	114.114.114.114	53
192.168.56.101	51378	114.114.114.114	53
192.168.56.101	56539	114.114.114.114	53
192.168.56.101	58367	114.114.114.114	53
192.168.56.101	65004	114.114.114.114	53
192.168.56.101	137	192.168.56.255	137
192.168.56.101	138	192.168.56.255	138
192.168.56.101	53657	224.0.0.252	5355
192.168.56.101	55368	224.0.0.252	5355
192.168.56.101	56804	224.0.0.252	5355
192.168.56.101	60123	224.0.0.252	5355
192.168.56.101	62191	224.0.0.252	5355
192.168.56.101	1900	239.255.255.250	1900
192.168.56.101	51379	239.255.255.250	3702
192.168.56.101	56540	239.255.255.250	3702
192.168.56.101	56807	239.255.255.250	1900
192.168.56.101	58707	239.255.255.250	3702

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.

Sorry! No dropped buffers.