SmartHawk

5.6

高危

60 个模型检测该样本为恶意！

重新分析

下载样本

c8b1244a4aa61a5efc1d6ced3ae0407111574eda81cbe9f01f269e5fae9bf4b5

aa6073912bbf760550b1df1c4153fc8c.exe

分析耗时

23s

最近分析

文件大小

859.0KB

静态报毒动态报毒 1GX@AYX@NEKI AI SCORE=88 AIDETECTVM ALI2000015 AUTOG BUDWDU CLASSIC CONFIDENCE CSXS DELF DELFINJECT DELPHILESS EMWG EMZL FAREIT HIGH CONFIDENCE HQIOFQ IGENT LNNS LOKIBOT MALICIOUS PE MALWARE1 MALWARE@#2LEXQVTD1QH5C OYUDV R + TROJ R002C0PH520 SCORE SIGGEN10 STATIC AI SUSGEN TSCOPE UNSAFE X2094 ZELPHIF ZUSY 更多

未检测暂无鹰眼引擎检测结果

查杀引擎	查杀结果	查杀时间	查杀版本
McAfee	Fareit-FPQ!AA6073912BBF	20201111	6.0.6.653
Alibaba	Trojan:Win32/DelfInject.ali2000015	20190527	0.3.0.5
Tencent	Win32.Trojan.Crypt.Lnns	20201111	1.0.0.1
Baidu		20190318	1.0.0.2
Kingsoft		20201111	2013.8.14.323
Avast	Win32:Malware-gen	20201110	20.10.5736.0
CrowdStrike	win/malicious_confidence_90% (W)	20190702	1.0

The executable contains unknown PE section names indicative of a packer (could be a false positive) (3 个事件)

section	CODE
section	DATA
section	BSS

The executable uses a known packer (1 个事件)

packer

BobSoft Mini Delphi -> BoB / BobSoft

One or more potentially interesting buffers were extracted, these generally contain injected code, configuration data, etc.

Allocates read-write-execute memory (usually to unpack itself) (4 个事件)

Time & API	Arguments	Status
1619848888.980375 NtAllocateVirtualMemory	process_identifier: 2308 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 4096 (MEM_COMMIT) base_address: 0x003e0000	success
1619848889.074375 NtProtectVirtualMemory	process_identifier: 2308 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 77824 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff base_address: 0x0047e000	success
1619848889.074375 NtAllocateVirtualMemory	process_identifier: 2308 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) base_address: 0x00520000	success
1619848889.714625 NtAllocateVirtualMemory	process_identifier: 472 region_size: 3158016 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) base_address: 0x00920000	success

The binary likely contains encrypted or compressed data indicative of a packer (2 个事件)

entropy

7.5420772518312225

section

{'size_of_data': '0x00039800', 'virtual_address': '0x000a3000', 'entropy': 7.5420772518312225, 'name': '.rsrc', 'virtual_size': '0x00039740'}

description

A section with a high entropy has been found

entropy

0.26822157434402333

description

Overall entropy of this PE file is high

Communicates with host for which no DNS query was performed (1 个事件)

host

172.217.24.14

Used NtSetContextThread to modify a thread in a remote process indicative of process injection (2 个事件)

Time & API	Arguments	Status	Return	Repeated
Process injection	Process 2308 called NtSetContextThread to modify thread in remote process 472
1619848889.214375 NtSetContextThread	thread_handle: 0x000000f8 registers.eip: 0 registers.esp: 0 registers.edi: 0 registers.eax: 4317984 registers.ebp: 0 registers.edx: 0 registers.ebx: 2130567168 registers.esi: 0 registers.ecx: 0 process_identifier: 472	success	0	0

Resumed a suspended thread in a remote process potentially indicative of process injection (2 个事件)

Time & API	Arguments	Status	Return	Repeated
Process injection	Process 2308 resumed a thread in remote process 472
1619848889.496375 NtResumeThread	thread_handle: 0x000000f8 suspend_count: 1 process_identifier: 472	success	0	0

Executed a process and injected code into it, probably while unpacking (6 个事件)

Time & API	Arguments	Status	Return
1619848889.199375 CreateProcessInternalW	thread_identifier: 2760 thread_handle: 0x000000f8 process_identifier: 472 current_directory: filepath: track: 1 command_line: "C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\aa6073912bbf760550b1df1c4153fc8c.exe" filepath_r: stack_pivoted: 0 creation_flags: 4 (CREATE_SUSPENDED) process_handle: 0x000000fc inherit_handles: 0	success	1
1619848889.199375 NtUnmapViewOfSection	process_identifier: 472 region_size: 4096 process_handle: 0x000000fc base_address: 0x00400000	success	0
1619848889.199375 NtMapViewOfSection	section_handle: 0x00000104 process_identifier: 472 commit_size: 184320 win32_protect: 64 (PAGE_EXECUTE_READWRITE) buffer: process_handle: 0x000000fc allocation_type: 0 () section_offset: 0 view_size: 184320 base_address: 0x00400000	success	0
1619848889.199375 NtGetContextThread	thread_handle: 0x000000f8	success	0
1619848889.214375 NtSetContextThread	thread_handle: 0x000000f8 registers.eip: 0 registers.esp: 0 registers.edi: 0 registers.eax: 4317984 registers.ebp: 0 registers.edx: 0 registers.ebx: 2130567168 registers.esi: 0 registers.ecx: 0 process_identifier: 472	success	0
1619848889.496375 NtResumeThread	thread_handle: 0x000000f8 suspend_count: 1 process_identifier: 472	success	0

File has been identified by 60 AntiVirus engines on VirusTotal as malicious (50 out of 60 个事件)

Bkav	W32.AIDetectVM.malware1
Elastic	malicious (high confidence)
DrWeb	Trojan.Siggen10.1974
MicroWorld-eScan	Gen:Variant.Zusy.310507
McAfee	Fareit-FPQ!AA6073912BBF
Cylance	Unsafe
Zillya	Trojan.Crypt.Win32.64668
K7AntiVirus	Trojan ( 0056be561 )
Alibaba	Trojan:Win32/DelfInject.ali2000015
K7GW	Trojan ( 0056be561 )
Cybereason	malicious.0d0725
TrendMicro	TROJ_GEN.R002C0PH520
BitDefenderTheta	Gen:NN.ZelphiF.34590.1GX@ayX@NEki
Cyren	W32/Injector.CSXS-0293
Symantec	Infostealer.Lokibot!43
APEX	Malicious
Paloalto	generic.ml
Kaspersky	HEUR:Trojan.Win32.Crypt.gen
BitDefender	Gen:Variant.Zusy.310507
NANO-Antivirus	Trojan.Win32.Crypt.hqiofq
AegisLab	Trojan.Win32.Crypt.4!c
Tencent	Win32.Trojan.Crypt.Lnns
Ad-Aware	Gen:Variant.Zusy.310507
Sophos	Troj/AutoG-IT
Comodo	Malware@#2lexqvtd1qh5c
F-Secure	Trojan.TR/Injector.oyudv
VIPRE	Trojan.Win32.Generic!BT
Invincea	Mal/Generic-R + Troj/AutoG-IT
McAfee-GW-Edition	BehavesLike.Win32.Fareit.ch
FireEye	Generic.mg.aa6073912bbf7605
Emsisoft	Gen:Variant.Zusy.310507 (B)
SentinelOne	Static AI - Malicious PE
GData	Gen:Variant.Zusy.310507
Jiangmin	Trojan.Crypt.dvf
eGambit	Unsafe.AI_Score_99%
Avira	TR/Injector.oyudv
Antiy-AVL	Trojan/Win32.Injector
Gridinsoft	Trojan.Win32.Packed.oa
Arcabit	Trojan.Zusy.D4BCEB
ZoneAlarm	HEUR:Trojan.Win32.Crypt.gen
Microsoft	Trojan:Win32/Fareit.VD!MTB
Cynet	Malicious (score: 100)
AhnLab-V3	Suspicious/Win.Delphiless.X2094
ALYac	Gen:Variant.Zusy.310507
MAX	malware (ai score=88)
VBA32	TScope.Trojan.Delf
Malwarebytes	Trojan.MalPack.DLF
Panda	Trj/CI.A
Zoner	Trojan.Win32.97433
ESET-NOD32	a variant of Win32/Injector.EMWG

暂无二进制图像该样本未生成二进制可视化图像

暂无运行截图该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手，可以帮您分析和解读恶意软件报告。请随时向我提问！

🔍 主要威胁分析

⚡ 行为特征

🛡️ 防护建议

🔧 技术手段

🎯 检测方法

🤖

Static Analysis
Strings

PE Compile Time

1992-06-20 06:22:17

Imports

Library kernel32.dll:

• 0x494168 DeleteCriticalSection

• 0x49416c LeaveCriticalSection

• 0x494170 EnterCriticalSection

• 0x494174 InitializeCriticalSection

• 0x494178 VirtualFree

• 0x49417c VirtualAlloc

• 0x494180 LocalFree

• 0x494184 LocalAlloc

• 0x494188 GetVersion

• 0x49418c GetCurrentThreadId

• 0x494190 InterlockedDecrement

• 0x494194 InterlockedIncrement

• 0x494198 VirtualQuery

• 0x49419c WideCharToMultiByte

• 0x4941a0 MultiByteToWideChar

• 0x4941a4 lstrlenA

• 0x4941a8 lstrcpynA

• 0x4941ac LoadLibraryExA

• 0x4941b0 GetThreadLocale

• 0x4941b4 GetStartupInfoA

• 0x4941b8 GetProcAddress

• 0x4941bc GetModuleHandleA

• 0x4941c0 GetModuleFileNameA

• 0x4941c4 GetLocaleInfoA

• 0x4941c8 GetCommandLineA

• 0x4941cc FreeLibrary

• 0x4941d0 FindFirstFileA

• 0x4941d4 FindClose

• 0x4941d8 ExitProcess

• 0x4941dc WriteFile

• 0x4941e0 UnhandledExceptionFilter

• 0x4941e4 RtlUnwind

• 0x4941e8 RaiseException

• 0x4941ec GetStdHandle

Library user32.dll:

• 0x4941f4 GetKeyboardType

• 0x4941f8 LoadStringA

• 0x4941fc MessageBoxA

• 0x494200 CharNextA

Library advapi32.dll:

• 0x494208 RegQueryValueExA

• 0x49420c RegOpenKeyExA

• 0x494210 RegCloseKey

Library oleaut32.dll:

• 0x494218 SysFreeString

• 0x49421c SysReAllocStringLen

• 0x494220 SysAllocStringLen

Library kernel32.dll:

• 0x494228 TlsSetValue

• 0x49422c TlsGetValue

• 0x494230 LocalAlloc

• 0x494234 GetModuleHandleA

Library advapi32.dll:

• 0x49423c RegQueryValueExA

• 0x494240 RegOpenKeyExA

• 0x494244 RegCloseKey

Library kernel32.dll:

• 0x49424c lstrcpyA

• 0x494250 lstrcmpA

• 0x494254 WriteFile

• 0x494258 WinExec

• 0x49425c WaitForSingleObject

• 0x494260 VirtualQuery

• 0x494264 VirtualProtect

• 0x494268 VirtualAlloc

• 0x49426c Sleep

• 0x494270 SizeofResource

• 0x494274 SetThreadLocale

• 0x494278 SetFilePointer

• 0x49427c SetEvent

• 0x494280 SetErrorMode

• 0x494284 SetEndOfFile

• 0x494288 ResetEvent

• 0x49428c ReadFile

• 0x494290 MultiByteToWideChar

• 0x494294 MulDiv

• 0x494298 LockResource

• 0x49429c LoadResource

• 0x4942a0 LoadLibraryA

• 0x4942a4 LeaveCriticalSection

• 0x4942a8 InitializeCriticalSection

• 0x4942ac GlobalUnlock

• 0x4942b0 GlobalSize

• 0x4942b4 GlobalReAlloc

• 0x4942b8 GlobalHandle

• 0x4942bc GlobalLock

• 0x4942c0 GlobalFree

• 0x4942c4 GlobalFindAtomA

• 0x4942c8 GlobalDeleteAtom

• 0x4942cc GlobalAlloc

• 0x4942d0 GlobalAddAtomA

• 0x4942d4 GetVersionExA

• 0x4942d8 GetVersion

• 0x4942dc GetUserDefaultLCID

• 0x4942e0 GetTickCount

• 0x4942e4 GetThreadLocale

• 0x4942e8 GetSystemTimeAsFileTime

• 0x4942ec GetSystemInfo

• 0x4942f0 GetStringTypeExA

• 0x4942f4 GetStdHandle

• 0x4942f8 GetProcAddress

• 0x4942fc GetModuleHandleA

• 0x494300 GetModuleFileNameA

• 0x494304 GetLocaleInfoA

• 0x494308 GetLocalTime

• 0x49430c GetLastError

• 0x494310 GetFullPathNameA

• 0x494314 GetDiskFreeSpaceA

• 0x494318 GetDateFormatA

• 0x49431c GetCurrentThreadId

• 0x494320 GetCurrentProcessId

• 0x494324 GetComputerNameA

• 0x494328 GetCPInfo

• 0x49432c GetACP

• 0x494330 FreeResource

• 0x494334 InterlockedExchange

• 0x494338 FreeLibrary

• 0x49433c FormatMessageA

• 0x494340 FindResourceA

• 0x494344 FileTimeToSystemTime

• 0x494348 EnumCalendarInfoA

• 0x49434c EnterCriticalSection

• 0x494350 DeleteCriticalSection

• 0x494354 CreateThread

• 0x494358 CreateFileA

• 0x49435c CreateEventA

• 0x494360 CompareStringA

• 0x494364 CloseHandle

Library version.dll:

• 0x49436c VerQueryValueA

• 0x494370 GetFileVersionInfoSizeA

• 0x494374 GetFileVersionInfoA

Library gdi32.dll:

• 0x49437c UnrealizeObject

• 0x494380 StretchBlt

• 0x494384 SetWindowOrgEx

• 0x494388 SetWinMetaFileBits

• 0x49438c SetViewportOrgEx

• 0x494390 SetTextColor

• 0x494394 SetStretchBltMode

• 0x494398 SetROP2

• 0x49439c SetPixel

• 0x4943a0 SetMapMode

• 0x4943a4 SetEnhMetaFileBits

• 0x4943a8 SetDIBColorTable

• 0x4943ac SetBrushOrgEx

• 0x4943b0 SetBkMode

• 0x4943b4 SetBkColor

• 0x4943b8 SelectPalette

• 0x4943bc SelectObject

• 0x4943c0 SelectClipRgn

• 0x4943c4 SaveDC

• 0x4943c8 RestoreDC

• 0x4943cc Rectangle

• 0x4943d0 RectVisible

• 0x4943d4 RealizePalette

• 0x4943d8 Polyline

• 0x4943dc PlayEnhMetaFile

• 0x4943e0 PatBlt

• 0x4943e4 MoveToEx

• 0x4943e8 MaskBlt

• 0x4943ec LineTo

• 0x4943f0 LPtoDP

• 0x4943f4 IntersectClipRect

• 0x4943f8 GetWindowOrgEx

• 0x4943fc GetWinMetaFileBits

• 0x494400 GetTextMetricsA

• 0x494404 GetTextExtentPoint32A

• 0x494408 GetSystemPaletteEntries

• 0x49440c GetStockObject

• 0x494410 GetPixel

• 0x494414 GetPaletteEntries

• 0x494418 GetObjectA

• 0x49441c GetEnhMetaFilePaletteEntries

• 0x494420 GetEnhMetaFileHeader

• 0x494424 GetEnhMetaFileDescriptionA

• 0x494428 GetEnhMetaFileBits

• 0x49442c GetDeviceCaps

• 0x494430 GetDIBits

• 0x494434 GetDIBColorTable

• 0x494438 GetDCOrgEx

• 0x49443c GetCurrentPositionEx

• 0x494440 GetClipRgn

• 0x494444 GetClipBox

• 0x494448 GetBrushOrgEx

• 0x49444c GetBitmapBits

• 0x494450 GetArcDirection

• 0x494454 ExcludeClipRect

• 0x494458 DeleteObject

• 0x49445c DeleteEnhMetaFile

• 0x494460 DeleteDC

• 0x494464 CreateSolidBrush

• 0x494468 CreateRectRgn

• 0x49446c CreatePenIndirect

• 0x494470 CreatePen

• 0x494474 CreatePalette

• 0x494478 CreateHalftonePalette

• 0x49447c CreateFontIndirectA

• 0x494480 CreateEnhMetaFileA

• 0x494484 CreateDIBitmap

• 0x494488 CreateDIBSection

• 0x49448c CreateCompatibleDC

• 0x494490 CreateCompatibleBitmap

• 0x494494 CreateBrushIndirect

• 0x494498 CreateBitmap

• 0x49449c CopyEnhMetaFileA

• 0x4944a0 CloseEnhMetaFile

• 0x4944a4 BitBlt

Library user32.dll:

• 0x4944ac CreateWindowExA

• 0x4944b0 WindowFromPoint

• 0x4944b4 WinHelpA

• 0x4944b8 WaitMessage

• 0x4944bc ValidateRect

• 0x4944c0 UpdateWindow

• 0x4944c4 UnregisterClassA

• 0x4944c8 UnhookWindowsHookEx

• 0x4944cc TranslateMessage

• 0x4944d0 TranslateMDISysAccel

• 0x4944d4 TrackPopupMenu

• 0x4944d8 SystemParametersInfoA

• 0x4944dc ShowWindow

• 0x4944e0 ShowScrollBar

• 0x4944e4 ShowOwnedPopups

• 0x4944e8 ShowCursor

• 0x4944ec SetWindowsHookExA

• 0x4944f0 SetWindowTextA

• 0x4944f4 SetWindowPos

• 0x4944f8 SetWindowPlacement

• 0x4944fc SetWindowLongA

• 0x494500 SetTimer

• 0x494504 SetScrollRange

• 0x494508 SetScrollPos

• 0x49450c SetScrollInfo

• 0x494510 SetRect

• 0x494514 SetPropA

• 0x494518 SetParent

• 0x49451c SetMenuItemInfoA

• 0x494520 SetMenu

• 0x494524 SetForegroundWindow

• 0x494528 SetFocus

• 0x49452c SetCursor

• 0x494530 SetClassLongA

• 0x494534 SetCapture

• 0x494538 SetActiveWindow

• 0x49453c SendMessageA

• 0x494540 ScrollWindow

• 0x494544 ScreenToClient

• 0x494548 RemovePropA

• 0x49454c RemoveMenu

• 0x494550 ReleaseDC

• 0x494554 ReleaseCapture

• 0x494558 RegisterWindowMessageA

• 0x49455c RegisterClipboardFormatA

• 0x494560 RegisterClassA

• 0x494564 RedrawWindow

• 0x494568 PtInRect

• 0x49456c PostQuitMessage

• 0x494570 PostMessageA

• 0x494574 PeekMessageA

• 0x494578 OffsetRect

• 0x49457c OemToCharA

• 0x494580 MessageBoxA

• 0x494584 MapWindowPoints

• 0x494588 MapVirtualKeyA

• 0x49458c LoadStringA

• 0x494590 LoadKeyboardLayoutA

• 0x494594 LoadIconA

• 0x494598 LoadCursorA

• 0x49459c LoadBitmapA

• 0x4945a0 KillTimer

• 0x4945a4 IsZoomed

• 0x4945a8 IsWindowVisible

• 0x4945ac IsWindowEnabled

• 0x4945b0 IsWindow

• 0x4945b4 IsRectEmpty

• 0x4945b8 IsIconic

• 0x4945bc IsDialogMessageA

• 0x4945c0 IsChild

• 0x4945c4 InvalidateRect

• 0x4945c8 IntersectRect

• 0x4945cc InsertMenuItemA

• 0x4945d0 InsertMenuA

• 0x4945d4 InflateRect

• 0x4945d8 GetWindowThreadProcessId

• 0x4945dc GetWindowTextA

• 0x4945e0 GetWindowRect

• 0x4945e4 GetWindowPlacement

• 0x4945e8 GetWindowLongA

• 0x4945ec GetWindowDC

• 0x4945f0 GetTopWindow

• 0x4945f4 GetSystemMetrics

• 0x4945f8 GetSystemMenu

• 0x4945fc GetSysColorBrush

• 0x494600 GetSysColor

• 0x494604 GetSubMenu

• 0x494608 GetScrollRange

• 0x49460c GetScrollPos

• 0x494610 GetScrollInfo

• 0x494614 GetPropA

• 0x494618 GetParent

• 0x49461c GetWindow

• 0x494620 GetMessageTime

• 0x494624 GetMenuStringA

• 0x494628 GetMenuState

• 0x49462c GetMenuItemInfoA

• 0x494630 GetMenuItemID

• 0x494634 GetMenuItemCount

• 0x494638 GetMenu

• 0x49463c GetLastActivePopup

• 0x494640 GetKeyboardState

• 0x494644 GetKeyboardLayoutList

• 0x494648 GetKeyboardLayout

• 0x49464c GetKeyState

• 0x494650 GetKeyNameTextA

• 0x494654 GetIconInfo

• 0x494658 GetForegroundWindow

• 0x49465c GetFocus

• 0x494660 GetDlgItem

• 0x494664 GetDesktopWindow

• 0x494668 GetDCEx

• 0x49466c GetDC

• 0x494670 GetCursorPos

• 0x494674 GetCursor

• 0x494678 GetClipboardData

• 0x49467c GetClientRect

• 0x494680 GetClassNameA

• 0x494684 GetClassInfoA

• 0x494688 GetCapture

• 0x49468c GetActiveWindow

• 0x494690 FrameRect

• 0x494694 FindWindowA

• 0x494698 FillRect

• 0x49469c EqualRect

• 0x4946a0 EnumWindows

• 0x4946a4 EnumThreadWindows

• 0x4946a8 EndPaint

• 0x4946ac EnableWindow

• 0x4946b0 EnableScrollBar

• 0x4946b4 EnableMenuItem

• 0x4946b8 DrawTextA

• 0x4946bc DrawMenuBar

• 0x4946c0 DrawIconEx

• 0x4946c4 DrawIcon

• 0x4946c8 DrawFrameControl

• 0x4946cc DrawFocusRect

• 0x4946d0 DrawEdge

• 0x4946d4 DispatchMessageA

• 0x4946d8 DestroyWindow

• 0x4946dc DestroyMenu

• 0x4946e0 DestroyIcon

• 0x4946e4 DestroyCursor

• 0x4946e8 DeleteMenu

• 0x4946ec DefWindowProcA

• 0x4946f0 DefMDIChildProcA

• 0x4946f4 DefFrameProcA

• 0x4946f8 CreatePopupMenu

• 0x4946fc CreateMenu

• 0x494700 CreateIcon

• 0x494704 ClientToScreen

• 0x494708 CheckMenuItem

• 0x49470c CallWindowProcA

• 0x494710 CallNextHookEx

• 0x494714 BeginPaint

• 0x494718 CharNextA

• 0x49471c CharLowerBuffA

• 0x494720 CharLowerA

• 0x494724 CharUpperBuffA

• 0x494728 CharToOemA

• 0x49472c AdjustWindowRectEx

• 0x494730 ActivateKeyboardLayout

Library kernel32.dll:

• 0x494738 Sleep

Library oleaut32.dll:

• 0x494740 SafeArrayPtrOfIndex

• 0x494744 SafeArrayPutElement

• 0x494748 SafeArrayGetElement

• 0x49474c SafeArrayUnaccessData

• 0x494750 SafeArrayAccessData

• 0x494754 SafeArrayGetUBound

• 0x494758 SafeArrayGetLBound

• 0x49475c SafeArrayCreate

• 0x494760 VariantChangeType

• 0x494764 VariantCopyInd

• 0x494768 VariantCopy

• 0x49476c VariantClear

• 0x494770 VariantInit

Library ole32.dll:

• 0x494778 CreateStreamOnHGlobal

• 0x49477c IsAccelerator

• 0x494780 OleDraw

• 0x494784 OleSetMenuDescriptor

• 0x494788 CoTaskMemFree

• 0x49478c ProgIDFromCLSID

• 0x494790 StringFromCLSID

• 0x494794 CoCreateInstance

• 0x494798 CoGetClassObject

• 0x49479c CoUninitialize

• 0x4947a0 CoInitialize

• 0x4947a4 IsEqualGUID

Library oleaut32.dll:

• 0x4947ac GetErrorInfo

• 0x4947b0 GetActiveObject

• 0x4947b4 SysFreeString

Library comctl32.dll:

• 0x4947bc ImageList_SetIconSize

• 0x4947c0 ImageList_GetIconSize

• 0x4947c4 ImageList_Write

• 0x4947c8 ImageList_Read

• 0x4947cc ImageList_GetDragImage

• 0x4947d0 ImageList_DragShowNolock

• 0x4947d4 ImageList_SetDragCursorImage

• 0x4947d8 ImageList_DragMove

• 0x4947dc ImageList_DragLeave

• 0x4947e0 ImageList_DragEnter

• 0x4947e4 ImageList_EndDrag

• 0x4947e8 ImageList_BeginDrag

• 0x4947ec ImageList_Remove

• 0x4947f0 ImageList_DrawEx

• 0x4947f4 ImageList_Draw

• 0x4947f8 ImageList_GetBkColor

• 0x4947fc ImageList_SetBkColor

• 0x494800 ImageList_ReplaceIcon

• 0x494804 ImageList_Add

• 0x494808 ImageList_GetImageCount

• 0x49480c ImageList_Destroy

• 0x494810 ImageList_Create

• 0x494814 InitCommonControls

Library comdlg32.dll:

• 0x49481c GetOpenFileNameA

Library user32.dll:

• 0x494824 DdeCmpStringHandles

• 0x494828 DdeFreeStringHandle

• 0x49482c DdeQueryStringA

• 0x494830 DdeCreateStringHandleA

• 0x494834 DdeGetLastError

• 0x494838 DdeFreeDataHandle

• 0x49483c DdeUnaccessData

• 0x494840 DdeAccessData

• 0x494844 DdeCreateDataHandle

• 0x494848 DdeClientTransaction

• 0x49484c DdeNameService

• 0x494850 DdePostAdvise

• 0x494854 DdeSetUserHandle

• 0x494858 DdeQueryConvInfo

• 0x49485c DdeDisconnect

• 0x494860 DdeConnect

• 0x494864 DdeUninitialize

• 0x494868 DdeInitializeA

Hosts

No hosts contacted.

DNS

Name	Response	Post-Analysis Lookup
dns.msftncsi.com	A 131.107.255.255	131.107.255.255
dns.msftncsi.com	AAAA fd3e:4f5a:5b81::1	131.107.255.255
teredo.ipv6.microsoft.com		127.0.0.1

TCP

No TCP connections recorded.

UDP

Source	Source Port	Destination	Destination Port
192.168.56.101	50534	114.114.114.114	53
192.168.56.101	51963	114.114.114.114	53
192.168.56.101	56539	114.114.114.114	53
192.168.56.101	65004	114.114.114.114	53
192.168.56.101	137	192.168.56.255	137
192.168.56.101	138	192.168.56.255	138
192.168.56.101	49235	224.0.0.252	5355
192.168.56.101	56804	224.0.0.252	5355
192.168.56.101	60123	224.0.0.252	5355
192.168.56.101	62191	224.0.0.252	5355
192.168.56.101	1900	239.255.255.250	1900
192.168.56.101	50535	239.255.255.250	3702
192.168.56.101	50537	239.255.255.250	3702
192.168.56.101	56807	239.255.255.250	1900
192.168.56.101	58707	239.255.255.250	3702
192.168.56.101	62192	239.255.255.250	3702

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.

Sorry! No dropped buffers.