SmartHawk

2.4

中危

12 个模型检测该样本为恶意！

重新分析

下载样本

a0010840ebd4b486a5c704584df8bbd210cc037468db0335dc1184c29a348b5e

ae2604c6f7590dff370a90408518e02c.exe

分析耗时

82s

最近分析

文件大小

2.2MB

静态报毒动态报毒 BSCOPE BURDEN GENERIC PUA EA GRAYWARE HFSADWARE OPENSUPDATER SOFTCNAPP 更多

未检测暂无鹰眼引擎检测结果

查杀引擎	查杀时间	查杀版本
McAfee	20190324	6.0.6.653
Alibaba	20190306	0.2.0.3
Baidu	20190318	1.0.0.2
Tencent	20190325	1.0.0.1
Kingsoft	20190325	2013.8.14.323
Avast	20190325	18.4.3895.0
CrowdStrike	20190212	1.0

This executable is signed

This executable has a PDB path (1 个事件)

pdb_path

E:\svn\PCProject\ShuRuFa\ç¨åº\Branch\Develop\Bin\pdbmap\WanNengWB\WanNengWBImeUtil.pdb

Foreign language identified in PE resource (50 out of 67 个事件)

name

RT_CURSOR

language

LANG_CHINESE

offset

0x0020dd58

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x00000134

name

RT_CURSOR

language

LANG_CHINESE

offset

0x0020dd58

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x00000134

name

RT_CURSOR

language

LANG_CHINESE

offset

0x0020dd58

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x00000134

name

RT_CURSOR

language

LANG_CHINESE

offset

0x0020dd58

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x00000134

name

RT_CURSOR

language

LANG_CHINESE

offset

0x0020dd58

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x00000134

name

RT_CURSOR

language

LANG_CHINESE

offset

0x0020dd58

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x00000134

name

RT_CURSOR

language

LANG_CHINESE

offset

0x0020dd58

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x00000134

name

RT_CURSOR

language

LANG_CHINESE

offset

0x0020dd58

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x00000134

name

RT_CURSOR

language

LANG_CHINESE

offset

0x0020dd58

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x00000134

name

RT_CURSOR

language

LANG_CHINESE

offset

0x0020dd58

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x00000134

name

RT_CURSOR

language

LANG_CHINESE

offset

0x0020dd58

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x00000134

name

RT_CURSOR

language

LANG_CHINESE

offset

0x0020dd58

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x00000134

name

RT_CURSOR

language

LANG_CHINESE

offset

0x0020dd58

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x00000134

name

RT_CURSOR

language

LANG_CHINESE

offset

0x0020dd58

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x00000134

name

RT_CURSOR

language

LANG_CHINESE

offset

0x0020dd58

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x00000134

name

RT_CURSOR

language

LANG_CHINESE

offset

0x0020dd58

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x00000134

name

RT_BITMAP

language

LANG_CHINESE

offset

0x0020e080

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x00000144

name

RT_BITMAP

language

LANG_CHINESE

offset

0x0020e080

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x00000144

name

RT_ICON

language

LANG_CHINESE

offset

0x0020b8b8

filetype

dBase IV DBT of @.DBF, block length 512, next free block index 40, next free block 0, next used block 0

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x000002e8

name

RT_ICON

language

LANG_CHINESE

offset

0x0020b8b8

filetype

dBase IV DBT of @.DBF, block length 512, next free block index 40, next free block 0, next used block 0

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x000002e8

name

RT_ICON

language

LANG_CHINESE

offset

0x0020b8b8

filetype

dBase IV DBT of @.DBF, block length 512, next free block index 40, next free block 0, next used block 0

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x000002e8

name

RT_ICON

language

LANG_CHINESE

offset

0x0020b8b8

filetype

dBase IV DBT of @.DBF, block length 512, next free block index 40, next free block 0, next used block 0

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x000002e8

name

RT_ICON

language

LANG_CHINESE

offset

0x0020b8b8

filetype

dBase IV DBT of @.DBF, block length 512, next free block index 40, next free block 0, next used block 0

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x000002e8

name

RT_ICON

language

LANG_CHINESE

offset

0x0020b8b8

filetype

dBase IV DBT of @.DBF, block length 512, next free block index 40, next free block 0, next used block 0

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x000002e8

name

RT_ICON

language

LANG_CHINESE

offset

0x0020b8b8

filetype

dBase IV DBT of @.DBF, block length 512, next free block index 40, next free block 0, next used block 0

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x000002e8

name

RT_ICON

language

LANG_CHINESE

offset

0x0020b8b8

filetype

dBase IV DBT of @.DBF, block length 512, next free block index 40, next free block 0, next used block 0

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x000002e8

name

RT_DIALOG

language

LANG_CHINESE

offset

0x0020df90

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x00000034

name

RT_DIALOG

language

LANG_CHINESE

offset

0x0020df90

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x00000034

name

RT_DIALOG

language

LANG_CHINESE

offset

0x0020df90

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x00000034

name

RT_DIALOG

language

LANG_CHINESE

offset

0x0020df90

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x00000034

name

RT_DIALOG

language

LANG_CHINESE

offset

0x0020df90

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x00000034

name

RT_DIALOG

language

LANG_CHINESE

offset

0x0020df90

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x00000034

name

RT_DIALOG

language

LANG_CHINESE

offset

0x0020df90

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x00000034

name

RT_STRING

language

LANG_CHINESE

offset

0x0020f7a0

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x0000053c

name

RT_STRING

language

LANG_CHINESE

offset

0x0020f7a0

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x0000053c

name

RT_STRING

language

LANG_CHINESE

offset

0x0020f7a0

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x0000053c

name

RT_STRING

language

LANG_CHINESE

offset

0x0020f7a0

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x0000053c

name

RT_STRING

language

LANG_CHINESE

offset

0x0020f7a0

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x0000053c

name

RT_STRING

language

LANG_CHINESE

offset

0x0020f7a0

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x0000053c

name

RT_STRING

language

LANG_CHINESE

offset

0x0020f7a0

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x0000053c

name

RT_STRING

language

LANG_CHINESE

offset

0x0020f7a0

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x0000053c

name

RT_STRING

language

LANG_CHINESE

offset

0x0020f7a0

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x0000053c

name

RT_STRING

language

LANG_CHINESE

offset

0x0020f7a0

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x0000053c

name

RT_STRING

language

LANG_CHINESE

offset

0x0020f7a0

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x0000053c

name

RT_STRING

language

LANG_CHINESE

offset

0x0020f7a0

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x0000053c

name

RT_STRING

language

LANG_CHINESE

offset

0x0020f7a0

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x0000053c

name

RT_STRING

language

LANG_CHINESE

offset

0x0020f7a0

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x0000053c

name

RT_GROUP_CURSOR

language

LANG_CHINESE

offset

0x0020de90

filetype

Lotus unknown worksheet or configuration, revision 0x1

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x00000014

name

RT_GROUP_CURSOR

language

LANG_CHINESE

offset

0x0020de90

filetype

Lotus unknown worksheet or configuration, revision 0x1

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x00000014

name

RT_GROUP_CURSOR

language

LANG_CHINESE

offset

0x0020de90

filetype

Lotus unknown worksheet or configuration, revision 0x1

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x00000014

Expresses interest in specific running processes (1 个事件)

process

ae2604c6f7590dff370a90408518e02c.exe

Communicates with host for which no DNS query was performed (1 个事件)

host

172.217.24.14

File has been identified by 12 AntiVirus engines on VirusTotal as malicious (12 个事件)

Bkav	W32.HfsAdware.DA20
K7GW	Riskware ( 0040eff71 )
K7AntiVirus	Riskware ( 0040eff71 )
DrWeb	Adware.Softcnapp.80
Sophos	Generic PUA EA (PUA)
Antiy-AVL	GrayWare[AdWare]/Win32.Burden
Microsoft	PUA:Win32/Softcnapp
AhnLab-V3	Malware/Gen.Generic.C3089025
VBA32	BScope.Adware.Softcnapp
Yandex	PUA.Burden!
Ikarus	PUA.OpenSUpdater
Fortinet	Adware/Burden

暂无二进制图像该样本未生成二进制可视化图像

暂无运行截图该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手，可以帮您分析和解读恶意软件报告。请随时向我提问！

🔍 主要威胁分析

⚡ 行为特征

🛡️ 防护建议

🔧 技术手段

🎯 检测方法

🤖

Static Analysis
Strings

PE Compile Time

2018-07-26 16:05:54

Imports

Library KERNEL32.dll:

• 0x55f1f4 GetStringTypeW

• 0x55f1f8 GetTimeZoneInformation

• 0x55f1fc LCMapStringW

• 0x55f200 GetConsoleCP

• 0x55f204 GetConsoleMode

• 0x55f208 UnhandledExceptionFilter

• 0x55f20c GetCPInfo

• 0x55f210 SetFilePointerEx

• 0x55f214 OutputDebugStringW

• 0x55f218 WriteConsoleW

• 0x55f21c SetEnvironmentVariableA

• 0x55f220 FreeEnvironmentStringsW

• 0x55f224 GetEnvironmentStringsW

• 0x55f228 GetStartupInfoW

• 0x55f22c GetProcessHeap

• 0x55f230 GetStdHandle

• 0x55f234 GetFileType

• 0x55f238 GetOEMCP

• 0x55f23c GetACP

• 0x55f240 IsValidCodePage

• 0x55f244 ReadConsoleW

• 0x55f248 TerminateProcess

• 0x55f24c SetStdHandle

• 0x55f250 VirtualQuery

• 0x55f254 VirtualAlloc

• 0x55f258 HeapQueryInformation

• 0x55f25c HeapSize

• 0x55f260 GetProcAddress

• 0x55f264 GetModuleHandleExW

• 0x55f268 ExitProcess

• 0x55f26c ExitThread

• 0x55f270 CreateThread

• 0x55f274 HeapReAlloc

• 0x55f278 GetSystemTimeAsFileTime

• 0x55f27c HeapAlloc

• 0x55f280 HeapFree

• 0x55f284 IsProcessorFeaturePresent

• 0x55f288 IsDebuggerPresent

• 0x55f28c RtlUnwind

• 0x55f290 RaiseException

• 0x55f294 GetCommandLineW

• 0x55f298 FindResourceExW

• 0x55f29c SearchPathW

• 0x55f2a0 GetProfileIntW

• 0x55f2a4 GetTempFileNameW

• 0x55f2a8 GetFileTime

• 0x55f2ac GetFileSizeEx

• 0x55f2b0 GetFileAttributesExW

• 0x55f2b4 FileTimeToLocalFileTime

• 0x55f2b8 DuplicateHandle

• 0x55f2bc UnlockFile

• 0x55f2c0 SetFilePointer

• 0x55f2c4 SetEndOfFile

• 0x55f2c8 LockFile

• 0x55f2cc GetVolumeInformationW

• 0x55f2d0 GetFullPathNameW

• 0x55f2d4 FlushFileBuffers

• 0x55f2d8 GetCurrentDirectoryW

• 0x55f2dc GetThreadLocale

• 0x55f2e0 GetUserDefaultUILanguage

• 0x55f2e4 GetSystemDefaultUILanguage

• 0x55f2e8 InterlockedIncrement

• 0x55f2ec GlobalGetAtomNameW

• 0x55f2f0 LocalReAlloc

• 0x55f2f4 GlobalHandle

• 0x55f2f8 GlobalReAlloc

• 0x55f2fc TlsFree

• 0x55f300 TlsSetValue

• 0x55f304 TlsGetValue

• 0x55f308 TlsAlloc

• 0x55f30c InitializeCriticalSection

• 0x55f310 GlobalFlags

• 0x55f314 lstrcmpA

• 0x55f318 GetCurrentThread

• 0x55f31c InterlockedExchange

• 0x55f320 ResumeThread

• 0x55f324 SetThreadPriority

• 0x55f328 GlobalSize

• 0x55f32c GlobalFindAtomW

• 0x55f330 GlobalAddAtomW

• 0x55f334 LoadLibraryA

• 0x55f338 lstrcmpW

• 0x55f33c GlobalDeleteAtom

• 0x55f340 LoadLibraryExW

• 0x55f344 DeleteCriticalSection

• 0x55f348 LeaveCriticalSection

• 0x55f34c EnterCriticalSection

• 0x55f350 DecodePointer

• 0x55f354 EncodePointer

• 0x55f358 GetModuleHandleA

• 0x55f35c FreeResource

• 0x55f360 GetVersion

• 0x55f364 SetLastError

• 0x55f368 OutputDebugStringA

• 0x55f36c InitializeCriticalSectionAndSpinCount

• 0x55f370 lstrcatW

• 0x55f374 GetSystemDirectoryW

• 0x55f378 EnumSystemLocalesW

• 0x55f37c GetLocaleInfoW

• 0x55f380 CompareStringW

• 0x55f384 ExpandEnvironmentStringsW

• 0x55f388 lstrcpyW

• 0x55f38c FindResourceW

• 0x55f390 SizeofResource

• 0x55f394 LoadResource

• 0x55f398 LockResource

• 0x55f39c SetUnhandledExceptionFilter

• 0x55f3a0 VirtualProtect

• 0x55f3a4 MulDiv

• 0x55f3a8 Sleep

• 0x55f3ac CreateMutexW

• 0x55f3b0 ReleaseMutex

• 0x55f3b4 DeviceIoControl

• 0x55f3b8 WideCharToMultiByte

• 0x55f3bc MultiByteToWideChar

• 0x55f3c0 VerifyVersionInfoW

• 0x55f3c4 CopyFileW

• 0x55f3c8 FindFirstFileW

• 0x55f3cc DeleteFileW

• 0x55f3d0 GetFileAttributesW

• 0x55f3d4 GetWindowsDirectoryW

• 0x55f3d8 GetTempPathW

• 0x55f3dc CreateProcessW

• 0x55f3e0 GetModuleHandleW

• 0x55f3e4 lstrcmpiW

• 0x55f3e8 FormatMessageW

• 0x55f3ec GetTickCount

• 0x55f3f0 FileTimeToSystemTime

• 0x55f3f4 GetSystemInfo

• 0x55f3f8 FindClose

• 0x55f3fc WriteFile

• 0x55f400 WaitForSingleObject

• 0x55f404 SetErrorMode

• 0x55f408 GetLastError

• 0x55f40c GetCurrentThreadId

• 0x55f410 GetCurrentProcess

• 0x55f414 LocalFree

• 0x55f418 LocalAlloc

• 0x55f41c GlobalFree

• 0x55f420 GlobalUnlock

• 0x55f424 GlobalLock

• 0x55f428 GlobalAlloc

• 0x55f42c InterlockedDecrement

• 0x55f430 VerSetConditionMask

• 0x55f434 CreateFileW

• 0x55f438 GetPrivateProfileIntW

• 0x55f43c lstrlenW

• 0x55f440 ReadFile

• 0x55f444 GetFileSize

• 0x55f448 FreeLibrary

• 0x55f44c Process32NextW

• 0x55f450 Process32FirstW

• 0x55f454 CreateToolhelp32Snapshot

• 0x55f458 GetVersionExW

• 0x55f45c QueryPerformanceFrequency

• 0x55f460 QueryPerformanceCounter

• 0x55f464 CreateDirectoryW

• 0x55f468 WritePrivateProfileStringW

• 0x55f46c GetPrivateProfileStringW

• 0x55f470 GetEnvironmentVariableW

• 0x55f474 GetModuleFileNameW

• 0x55f478 LoadLibraryW

• 0x55f47c CloseHandle

• 0x55f480 GetCurrentProcessId

Library USER32.dll:

• 0x55f53c PostThreadMessageW

• 0x55f540 GetSystemMenu

• 0x55f544 IsZoomed

• 0x55f548 GetComboBoxInfo

• 0x55f54c TrackMouseEvent

• 0x55f550 UpdateLayeredWindow

• 0x55f554 IsMenu

• 0x55f558 UnionRect

• 0x55f55c SetWindowRgn

• 0x55f560 DrawFrameControl

• 0x55f564 DrawEdge

• 0x55f568 DrawStateW

• 0x55f56c SetLayeredWindowAttributes

• 0x55f570 RegisterClipboardFormatW

• 0x55f574 ReuseDDElParam

• 0x55f578 UnpackDDElParam

• 0x55f57c InsertMenuItemW

• 0x55f580 TranslateAcceleratorW

• 0x55f584 LoadAcceleratorsW

• 0x55f588 NotifyWinEvent

• 0x55f58c InvertRect

• 0x55f590 HideCaret

• 0x55f594 EnableScrollBar

• 0x55f598 GetAsyncKeyState

• 0x55f59c GetIconInfo

• 0x55f5a0 DrawIconEx

• 0x55f5a4 LoadImageW

• 0x55f5a8 SetRectEmpty

• 0x55f5ac DrawFocusRect

• 0x55f5b0 GetMenuDefaultItem

• 0x55f5b4 CreatePopupMenu

• 0x55f5b8 MessageBeep

• 0x55f5bc GetNextDlgGroupItem

• 0x55f5c0 IsRectEmpty

• 0x55f5c4 IntersectRect

• 0x55f5c8 SetRect

• 0x55f5cc InvalidateRgn

• 0x55f5d0 CopyAcceleratorTableW

• 0x55f5d4 OffsetRect

• 0x55f5d8 CharNextW

• 0x55f5dc WindowFromPoint

• 0x55f5e0 ReleaseCapture

• 0x55f5e4 SetCapture

• 0x55f5e8 WaitMessage

• 0x55f5ec CharUpperW

• 0x55f5f0 DestroyIcon

• 0x55f5f4 InvalidateRect

• 0x55f5f8 KillTimer

• 0x55f5fc SetTimer

• 0x55f600 DeleteMenu

• 0x55f604 CopyImage

• 0x55f608 InflateRect

• 0x55f60c GetMenuItemInfoW

• 0x55f610 DestroyMenu

• 0x55f614 LoadCursorW

• 0x55f618 GetSysColorBrush

• 0x55f61c UnregisterClassW

• 0x55f620 RealChildWindowFromPoint

• 0x55f624 MapVirtualKeyW

• 0x55f628 GetKeyNameTextW

• 0x55f62c FillRect

• 0x55f630 ClientToScreen

• 0x55f634 EndPaint

• 0x55f638 BeginPaint

• 0x55f63c GetWindowDC

• 0x55f640 TabbedTextOutW

• 0x55f644 GrayStringW

• 0x55f648 DrawTextExW

• 0x55f64c DrawTextW

• 0x55f650 MapDialogRect

• 0x55f654 SetWindowContextHelpId

• 0x55f658 SetCursor

• 0x55f65c ShowOwnedPopups

• 0x55f660 PostQuitMessage

• 0x55f664 GetCursorPos

• 0x55f668 TranslateMessage

• 0x55f66c GetMessageW

• 0x55f670 RemoveMenu

• 0x55f674 AppendMenuW

• 0x55f678 InsertMenuW

• 0x55f67c GetMenuState

• 0x55f680 GetMenuStringW

• 0x55f684 LoadMenuW

• 0x55f688 IsDialogMessageW

• 0x55f68c ModifyMenuW

• 0x55f690 GetKeyboardLayout

• 0x55f694 CheckDlgButton

• 0x55f698 SetDlgItemTextW

• 0x55f69c MoveWindow

• 0x55f6a0 ShowWindow

• 0x55f6a4 MonitorFromWindow

• 0x55f6a8 WinHelpW

• 0x55f6ac GetScrollInfo

• 0x55f6b0 SetScrollInfo

• 0x55f6b4 CallNextHookEx

• 0x55f6b8 SetWindowsHookExW

• 0x55f6bc GetWindow

• 0x55f6c0 GetLastActivePopup

• 0x55f6c4 GetTopWindow

• 0x55f6c8 GetClassLongW

• 0x55f6cc EqualRect

• 0x55f6d0 CopyRect

• 0x55f6d4 GetSysColor

• 0x55f6d8 MapWindowPoints

• 0x55f6dc ScreenToClient

• 0x55f6e0 MessageBoxW

• 0x55f6e4 AdjustWindowRectEx

• 0x55f6e8 GetWindowTextLengthW

• 0x55f6ec RemovePropW

• 0x55f6f0 GetPropW

• 0x55f6f4 SetPropW

• 0x55f6f8 ShowScrollBar

• 0x55f6fc GetScrollRange

• 0x55f700 SetScrollRange

• 0x55f704 GetScrollPos

• 0x55f708 SetScrollPos

• 0x55f70c PostMessageW

• 0x55f710 IsWindow

• 0x55f714 BringWindowToTop

• 0x55f718 OpenClipboard

• 0x55f71c ScrollWindow

• 0x55f720 RedrawWindow

• 0x55f724 ValidateRect

• 0x55f728 UpdateWindow

• 0x55f72c TrackPopupMenu

• 0x55f730 GetMenuItemCount

• 0x55f734 GetMenuItemID

• 0x55f738 GetSubMenu

• 0x55f73c SetMenu

• 0x55f740 GetMenu

• 0x55f744 GetCapture

• 0x55f748 SetFocus

• 0x55f74c GetDlgCtrlID

• 0x55f750 IsWindowVisible

• 0x55f754 EndDeferWindowPos

• 0x55f758 DeferWindowPos

• 0x55f75c BeginDeferWindowPos

• 0x55f760 SetWindowPlacement

• 0x55f764 GetWindowPlacement

• 0x55f768 SetWindowPos

• 0x55f76c IsChild

• 0x55f770 CreateWindowExW

• 0x55f774 GetClassInfoExW

• 0x55f778 GetClassInfoW

• 0x55f77c RegisterClassW

• 0x55f780 CallWindowProcW

• 0x55f784 DefWindowProcW

• 0x55f788 GetMessageTime

• 0x55f78c GetMessagePos

• 0x55f790 PeekMessageW

• 0x55f794 DispatchMessageW

• 0x55f798 CharUpperBuffW

• 0x55f79c FrameRect

• 0x55f7a0 DrawMenuBar

• 0x55f7a4 DefFrameProcW

• 0x55f7a8 GetWindowRgn

• 0x55f7ac DestroyCursor

• 0x55f7b0 CreateMenu

• 0x55f7b4 SubtractRect

• 0x55f7b8 DefMDIChildProcW

• 0x55f7bc RegisterWindowMessageW

• 0x55f7c0 LoadBitmapW

• 0x55f7c4 SetMenuItemInfoW

• 0x55f7c8 GetMenuCheckMarkDimensions

• 0x55f7cc SetMenuItemBitmaps

• 0x55f7d0 IsCharLowerW

• 0x55f7d4 MapVirtualKeyExW

• 0x55f7d8 SetParent

• 0x55f7dc ToUnicodeEx

• 0x55f7e0 GetKeyboardState

• 0x55f7e4 CreateAcceleratorTableW

• 0x55f7e8 DestroyAcceleratorTable

• 0x55f7ec SetCursorPos

• 0x55f7f0 LockWindowUpdate

• 0x55f7f4 GetDoubleClickTime

• 0x55f7f8 CopyIcon

• 0x55f7fc SetMenuDefaultItem

• 0x55f800 CloseClipboard

• 0x55f804 SetClipboardData

• 0x55f808 EmptyClipboard

• 0x55f80c IsClipboardFormatAvailable

• 0x55f810 GetFocus

• 0x55f814 GetUpdateRect

• 0x55f818 TranslateMDISysAccel

• 0x55f81c SetWindowTextW

• 0x55f820 GetSystemMetrics

• 0x55f824 GetForegroundWindow

• 0x55f828 SetForegroundWindow

• 0x55f82c GetWindowTextW

• 0x55f830 GetWindowRect

• 0x55f834 GetWindowLongW

• 0x55f838 SetWindowLongW

• 0x55f83c GetDesktopWindow

• 0x55f840 GetParent

• 0x55f844 FindWindowW

• 0x55f848 GetClassNameW

• 0x55f84c GetWindowThreadProcessId

• 0x55f850 GetDC

• 0x55f854 ReleaseDC

• 0x55f858 PtInRect

• 0x55f85c SystemParametersInfoW

• 0x55f860 MonitorFromPoint

• 0x55f864 GetMonitorInfoW

• 0x55f868 EnumDisplayMonitors

• 0x55f86c SendMessageW

• 0x55f870 EnableWindow

• 0x55f874 LoadIconW

• 0x55f878 GetKeyboardLayoutList

• 0x55f87c GetKeyState

• 0x55f880 IsIconic

• 0x55f884 DrawIcon

• 0x55f888 GetClientRect

• 0x55f88c LoadKeyboardLayoutW

• 0x55f890 UnloadKeyboardLayout

• 0x55f894 DestroyWindow

• 0x55f898 CreateDialogIndirectParamW

• 0x55f89c EndDialog

• 0x55f8a0 GetDlgItem

• 0x55f8a4 GetNextDlgTabItem

• 0x55f8a8 GetActiveWindow

• 0x55f8ac IsWindowEnabled

• 0x55f8b0 SetActiveWindow

• 0x55f8b4 UnhookWindowsHookEx

• 0x55f8b8 SendDlgItemMessageA

• 0x55f8bc CheckMenuItem

• 0x55f8c0 EnableMenuItem

• 0x55f8c4 SetClassLongW

Library GDI32.dll:

• 0x55f050 GetPaletteEntries

• 0x55f054 GetSystemPaletteEntries

• 0x55f058 RealizePalette

• 0x55f05c CreateCompatibleBitmap

• 0x55f060 CreateDIBitmap

• 0x55f064 EnumFontFamiliesW

• 0x55f068 GetTextCharsetInfo

• 0x55f06c SetPixel

• 0x55f070 StretchBlt

• 0x55f074 CreateDIBSection

• 0x55f078 SetDIBColorTable

• 0x55f07c CreateEllipticRgn

• 0x55f080 Ellipse

• 0x55f084 CreatePolygonRgn

• 0x55f088 Polygon

• 0x55f08c Polyline

• 0x55f090 Rectangle

• 0x55f094 EnumFontFamiliesExW

• 0x55f098 OffsetRgn

• 0x55f09c CreateRoundRectRgn

• 0x55f0a0 RoundRect

• 0x55f0a4 FrameRgn

• 0x55f0a8 GetNearestPaletteIndex

• 0x55f0ac SetPixelV

• 0x55f0b0 ExtFloodFill

• 0x55f0b4 SetPaletteEntries

• 0x55f0b8 FillRgn

• 0x55f0bc GetBoundsRect

• 0x55f0c0 GetWindowOrgEx

• 0x55f0c4 LPtoDP

• 0x55f0c8 GetViewportOrgEx

• 0x55f0cc GetTextFaceW

• 0x55f0d0 SetTextAlign

• 0x55f0d4 CreatePalette

• 0x55f0d8 DPtoLP

• 0x55f0dc SetRectRgn

• 0x55f0e0 GetMapMode

• 0x55f0e4 CombineRgn

• 0x55f0e8 GetRgnBox

• 0x55f0ec GetTextColor

• 0x55f0f0 GetBkColor

• 0x55f0f4 GetTextMetricsW

• 0x55f0f8 GetTextExtentPoint32W

• 0x55f0fc CreateFontIndirectW

• 0x55f100 PatBlt

• 0x55f104 CreateRectRgnIndirect

• 0x55f108 ScaleWindowExtEx

• 0x55f10c ScaleViewportExtEx

• 0x55f110 OffsetWindowOrgEx

• 0x55f114 OffsetViewportOrgEx

• 0x55f118 SetWindowOrgEx

• 0x55f11c SetWindowExtEx

• 0x55f120 SetViewportOrgEx

• 0x55f124 SetViewportExtEx

• 0x55f128 ExtTextOutW

• 0x55f12c TextOutW

• 0x55f130 MoveToEx

• 0x55f134 PtInRegion

• 0x55f138 GetDeviceCaps

• 0x55f13c SetROP2

• 0x55f140 SetPolyFillMode

• 0x55f144 GetLayout

• 0x55f148 SetLayout

• 0x55f14c SetMapMode

• 0x55f150 SetBkMode

• 0x55f154 SelectPalette

• 0x55f158 SelectObject

• 0x55f15c ExtSelectClipRgn

• 0x55f160 SelectClipRgn

• 0x55f164 SaveDC

• 0x55f168 RestoreDC

• 0x55f16c RectVisible

• 0x55f170 PtVisible

• 0x55f174 LineTo

• 0x55f178 IntersectClipRect

• 0x55f17c GetWindowExtEx

• 0x55f180 GetViewportExtEx

• 0x55f184 GetStockObject

• 0x55f188 GetPixel

• 0x55f18c GetObjectType

• 0x55f190 GetClipBox

• 0x55f194 ExcludeClipRect

• 0x55f198 Escape

• 0x55f19c DeleteObject

• 0x55f1a0 DeleteDC

• 0x55f1a4 CreateSolidBrush

• 0x55f1a8 CreateRectRgn

• 0x55f1ac CreatePatternBrush

• 0x55f1b0 CreatePen

• 0x55f1b4 CreateHatchBrush

• 0x55f1b8 CreateCompatibleDC

• 0x55f1bc BitBlt

• 0x55f1c0 CreateDCW

• 0x55f1c4 CopyMetaFileW

• 0x55f1c8 GetObjectW

• 0x55f1cc SetTextColor

• 0x55f1d0 SetBkColor

• 0x55f1d4 CreateBitmap

Library MSIMG32.dll:

• 0x55f488 TransparentBlt

• 0x55f48c AlphaBlend

Library WINSPOOL.DRV:

• 0x55f908 DocumentPropertiesW

• 0x55f90c ClosePrinter

• 0x55f910 OpenPrinterW

Library ADVAPI32.dll:

• 0x55f000 RegEnumKeyW

• 0x55f004 RegOpenKeyExW

• 0x55f008 RegQueryValueExW

• 0x55f00c RegSetValueExW

• 0x55f010 RegQueryValueW

• 0x55f014 RegCreateKeyW

• 0x55f018 RegDeleteValueW

• 0x55f01c RegQueryInfoKeyW

• 0x55f020 RegEnumKeyExW

• 0x55f024 RegDeleteKeyW

• 0x55f028 RegEnumValueW

• 0x55f02c RegOpenKeyW

• 0x55f030 RegCloseKey

• 0x55f034 RegCreateKeyExW

Library SHELL32.dll:

• 0x55f4dc SHAppBarMessage

• 0x55f4e0 SHBrowseForFolderW

• 0x55f4e4 DragFinish

• 0x55f4e8 DragQueryFileW

• 0x55f4ec SHGetDesktopFolder

• 0x55f4f0 SHGetSpecialFolderLocation

• 0x55f4f4 SHGetPathFromIDListW

• 0x55f4f8 SHGetFileInfoW

• 0x55f4fc ExtractIconW

• 0x55f500 ShellExecuteExW

• 0x55f504 ShellExecuteW

• 0x55f508 SHGetSpecialFolderPathW

Library COMCTL32.dll:

• 0x55f03c ImageList_GetImageCount

• 0x55f040 ImageList_ReplaceIcon

• 0x55f044

• 0x55f048 ImageList_Remove

Library SHLWAPI.dll:

• 0x55f510 StrFormatKBSizeW

• 0x55f514 PathStripToRootW

• 0x55f518 PathIsUNCW

• 0x55f51c PathFindFileNameW

• 0x55f520 PathFindExtensionW

• 0x55f524 StrStrIW

• 0x55f528 SHDeleteKeyW

• 0x55f52c

• 0x55f530 PathFileExistsW

• 0x55f534 PathRemoveFileSpecW

Library UxTheme.dll:

• 0x55f8cc IsAppThemed

• 0x55f8d0 IsThemeBackgroundPartiallyTransparent

• 0x55f8d4 GetCurrentThemeName

• 0x55f8d8 GetThemePartSize

• 0x55f8dc DrawThemeBackground

• 0x55f8e0 CloseThemeData

• 0x55f8e4 OpenThemeData

• 0x55f8e8 DrawThemeParentBackground

• 0x55f8ec GetThemeSysColor

• 0x55f8f0 GetWindowTheme

• 0x55f8f4 GetThemeColor

• 0x55f8f8 DrawThemeText

Library ole32.dll:

• 0x55f974 StgOpenStorageOnILockBytes

• 0x55f978 StgCreateDocfileOnILockBytes

• 0x55f97c CoGetClassObject

• 0x55f980 CLSIDFromProgID

• 0x55f984 CoCreateGuid

• 0x55f988 ReleaseStgMedium

• 0x55f98c OleDuplicateData

• 0x55f990 CreateILockBytesOnHGlobal

• 0x55f994 CoTaskMemAlloc

• 0x55f998 CoTaskMemFree

• 0x55f99c StringFromCLSID

• 0x55f9a0 CoCreateInstance

• 0x55f9a4 CoUninitialize

• 0x55f9a8 CoInitialize

• 0x55f9ac CLSIDFromString

• 0x55f9b0 CoInitializeEx

• 0x55f9b4 CoFreeUnusedLibraries

• 0x55f9b8 OleInitialize

• 0x55f9bc OleUninitialize

• 0x55f9c0 CreateStreamOnHGlobal

• 0x55f9c4 CoRevokeClassObject

• 0x55f9c8 OleFlushClipboard

• 0x55f9cc OleIsCurrentClipboard

• 0x55f9d0 CoRegisterMessageFilter

• 0x55f9d4 DoDragDrop

• 0x55f9d8 OleLockRunning

• 0x55f9dc RevokeDragDrop

• 0x55f9e0 RegisterDragDrop

• 0x55f9e4 CoLockObjectExternal

• 0x55f9e8 OleGetClipboard

• 0x55f9ec IsAccelerator

• 0x55f9f0 OleTranslateAccelerator

• 0x55f9f4 OleDestroyMenuDescriptor

• 0x55f9f8 OleCreateMenuDescriptor

Library OLEAUT32.dll:

• 0x55f4a4 VariantClear

• 0x55f4a8 VariantChangeType

• 0x55f4ac SysStringLen

• 0x55f4b0 SystemTimeToVariantTime

• 0x55f4b4 VariantTimeToSystemTime

• 0x55f4b8 SafeArrayDestroy

• 0x55f4bc VariantInit

• 0x55f4c0 VariantCopy

• 0x55f4c4 VarBstrFromDate

• 0x55f4c8 OleCreateFontIndirect

• 0x55f4cc SysAllocStringLen

• 0x55f4d0 SysFreeString

• 0x55f4d4 SysAllocString

Library oledlg.dll:

• 0x55fa00 OleUIBusyW

Library IMM32.dll:

• 0x55f1dc ImmGetIMEFileNameW

• 0x55f1e0 ImmGetContext

• 0x55f1e4 ImmReleaseContext

• 0x55f1e8 ImmGetOpenStatus

• 0x55f1ec ImmSetHotKey

Library OLEACC.dll:

• 0x55f494 CreateStdAccessibleObject

• 0x55f498 AccessibleObjectFromWindow

• 0x55f49c LresultFromObject

Library gdiplus.dll:

• 0x55f918 GdipGetImagePixelFormat

• 0x55f91c GdipGetImagePalette

• 0x55f920 GdipGetImagePaletteSize

• 0x55f924 GdipCreateBitmapFromStream

• 0x55f928 GdipAlloc

• 0x55f92c GdipCreateBitmapFromScan0

• 0x55f930 GdipBitmapLockBits

• 0x55f934 GdipBitmapUnlockBits

• 0x55f938 GdipDeleteGraphics

• 0x55f93c GdipDrawImageI

• 0x55f940 GdipCreateBitmapFromHBITMAP

• 0x55f944 GdipCreateFromHDC

• 0x55f948 GdipFree

• 0x55f94c GdiplusStartup

• 0x55f950 GdiplusShutdown

• 0x55f954 GdipCloneImage

• 0x55f958 GdipDisposeImage

• 0x55f95c GdipGetImageGraphicsContext

• 0x55f960 GdipGetImageWidth

• 0x55f964 GdipSetInterpolationMode

• 0x55f968 GdipDrawImageRectI

• 0x55f96c GdipGetImageHeight

Library WINMM.dll:

• 0x55f900 PlaySoundW

Hosts

No hosts contacted.

DNS

Name	Response	Post-Analysis Lookup
dns.msftncsi.com	A 131.107.255.255	131.107.255.255
dns.msftncsi.com	AAAA fd3e:4f5a:5b81::1	131.107.255.255
teredo.ipv6.microsoft.com

TCP

No TCP connections recorded.

UDP

Source	Source Port	Destination	Destination Port
192.168.56.101	50534	114.114.114.114	53
192.168.56.101	51963	114.114.114.114	53
192.168.56.101	55368	114.114.114.114	53
192.168.56.101	56539	114.114.114.114	53
192.168.56.101	137	192.168.56.255	137
192.168.56.101	138	192.168.56.255	138
192.168.56.101	56804	224.0.0.252	5355
192.168.56.101	60123	224.0.0.252	5355
192.168.56.101	62191	224.0.0.252	5355
192.168.56.101	65004	224.0.0.252	5355
192.168.56.101	1900	239.255.255.250	1900
192.168.56.101	50535	239.255.255.250	3702
192.168.56.101	50537	239.255.255.250	3702
192.168.56.101	56540	239.255.255.250	3702
192.168.56.101	56807	239.255.255.250	1900
192.168.56.101	58707	239.255.255.250	3702

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.

Sorry! No dropped buffers.