SmartHawk

4.0

中危

53 个模型检测该样本为恶意！

重新分析

下载样本

f6fc7442449ac48b039f5e29230bd26383b62bee2a050f5e81553755b69e6f25

b31b8740568360abdfcf934916c65bca.exe

分析耗时

77s

最近分析

文件大小

944.2KB

静态报毒动态报毒 100% 7U1@AU9 AGEN AI SCORE=85 AIDETECTVM ATTRIBUTE CLASSIC COBYHROS1CQ CONFIDENCE DROPBACK EBGI GENCIRC GENERICKD GENERICRXAA GENETIC GOZI HCLY HIECCV HIGH CONFIDENCE HIGHCONFIDENCE IEIL KRYPTIK MALWARE1 R06EC0DI220 R332475 SCORE UNSAFE ZEXAF 更多

未检测暂无鹰眼引擎检测结果

查杀引擎	查杀结果	查杀时间	查杀版本
McAfee	GenericRXAA-AA!B31B87405683	20201211	6.0.6.653
Alibaba	TrojanDropper:Win32/Kryptik.22dd2492	20190527	0.3.0.5
Avast	Win32:Trojan-gen	20201210	21.1.5827.0
Baidu		20190318	1.0.0.2
Kingsoft		20201211	2017.9.26.565
Tencent	Malware.Win32.Gencirc.10b9cd1c	20201211	1.0.0.1
CrowdStrike	win/malicious_confidence_100% (W)	20190702	1.0

Queries for the computername (2 个事件)

Time & API	Arguments	Status	Return	Repeated
1619861126.65856 GetComputerNameW	computer_name:	failed	0	0
1619861126.65856 GetComputerNameW	computer_name: OSKAR-PC	success	1	0

The file contains an unknown PE resource name possibly indicative of a packer (2 个事件)

resource name	AFX
resource name	REGISTRY

One or more processes crashed (50 out of 11456 个事件)

Time & API	Arguments	Status
1619861124.01856 __exception__	stacktrace: 0xffffffff registers.esp: 1635224 registers.edi: 17 registers.eax: 827180024 registers.ebp: 1635316 registers.edx: 0 registers.ebx: 0 registers.esi: 4294967294 registers.ecx: 74 exception.instruction_r: 89 0b 9b eb 1f 8b 45 ec 8b 00 33 c9 81 38 05 00 exception.symbol: b31b8740568360abdfcf934916c65bca+0x2325 exception.instruction: mov dword ptr [ebx], ecx exception.module: b31b8740568360abdfcf934916c65bca.exe exception.exception_code: 0xc0000005 exception.offset: 8997 exception.address: 0x1002325	success
1619861124.01856 __exception__	stacktrace: 0xffffffff registers.esp: 1635224 registers.edi: 0 registers.eax: 827180024 registers.ebp: 1635316 registers.edx: 0 registers.ebx: 0 registers.esi: 4294967294 registers.ecx: 0 exception.instruction_r: 89 01 9b eb 1f 8b 45 ec 8b 00 33 c9 81 38 05 00 exception.symbol: b31b8740568360abdfcf934916c65bca+0x235f exception.instruction: mov dword ptr [ecx], eax exception.module: b31b8740568360abdfcf934916c65bca.exe exception.exception_code: 0xc0000005 exception.offset: 9055 exception.address: 0x100235f	success
1619861124.01856 __exception__	stacktrace: 0xffffffff registers.esp: 1635224 registers.edi: 17 registers.eax: 2607068592 registers.ebp: 1635316 registers.edx: 6 registers.ebx: 0 registers.esi: 4294967294 registers.ecx: 70 exception.instruction_r: 89 0b 9b eb 1f 8b 45 ec 8b 00 33 c9 81 38 05 00 exception.symbol: b31b8740568360abdfcf934916c65bca+0x2325 exception.instruction: mov dword ptr [ebx], ecx exception.module: b31b8740568360abdfcf934916c65bca.exe exception.exception_code: 0xc0000005 exception.offset: 8997 exception.address: 0x1002325	success
1619861124.01856 __exception__	stacktrace: 0xffffffff registers.esp: 1635224 registers.edi: 0 registers.eax: 2607068592 registers.ebp: 1635316 registers.edx: 0 registers.ebx: 0 registers.esi: 4294967294 registers.ecx: 0 exception.instruction_r: 89 01 9b eb 1f 8b 45 ec 8b 00 33 c9 81 38 05 00 exception.symbol: b31b8740568360abdfcf934916c65bca+0x235f exception.instruction: mov dword ptr [ecx], eax exception.module: b31b8740568360abdfcf934916c65bca.exe exception.exception_code: 0xc0000005 exception.offset: 9055 exception.address: 0x100235f	success
1619861124.01856 __exception__	stacktrace: 0xffffffff registers.esp: 1635224 registers.edi: 17 registers.eax: 91989864 registers.ebp: 1635316 registers.edx: 2 registers.ebx: 0 registers.esi: 4294967294 registers.ecx: 70 exception.instruction_r: 89 0b 9b eb 1f 8b 45 ec 8b 00 33 c9 81 38 05 00 exception.symbol: b31b8740568360abdfcf934916c65bca+0x2325 exception.instruction: mov dword ptr [ebx], ecx exception.module: b31b8740568360abdfcf934916c65bca.exe exception.exception_code: 0xc0000005 exception.offset: 8997 exception.address: 0x1002325	success
1619861124.01856 __exception__	stacktrace: 0xffffffff registers.esp: 1635224 registers.edi: 0 registers.eax: 91989864 registers.ebp: 1635316 registers.edx: 0 registers.ebx: 0 registers.esi: 4294967294 registers.ecx: 0 exception.instruction_r: 89 01 9b eb 1f 8b 45 ec 8b 00 33 c9 81 38 05 00 exception.symbol: b31b8740568360abdfcf934916c65bca+0x235f exception.instruction: mov dword ptr [ecx], eax exception.module: b31b8740568360abdfcf934916c65bca.exe exception.exception_code: 0xc0000005 exception.offset: 9055 exception.address: 0x100235f	success
1619861124.01856 __exception__	stacktrace: 0xffffffff registers.esp: 1635224 registers.edi: 17 registers.eax: 1871878432 registers.ebp: 1635316 registers.edx: 2 registers.ebx: 0 registers.esi: 4294967294 registers.ecx: 70 exception.instruction_r: 89 0b 9b eb 1f 8b 45 ec 8b 00 33 c9 81 38 05 00 exception.symbol: b31b8740568360abdfcf934916c65bca+0x2325 exception.instruction: mov dword ptr [ebx], ecx exception.module: b31b8740568360abdfcf934916c65bca.exe exception.exception_code: 0xc0000005 exception.offset: 8997 exception.address: 0x1002325	success
1619861124.01856 __exception__	stacktrace: 0xffffffff registers.esp: 1635224 registers.edi: 0 registers.eax: 1871878432 registers.ebp: 1635316 registers.edx: 0 registers.ebx: 0 registers.esi: 4294967294 registers.ecx: 0 exception.instruction_r: 89 01 9b eb 1f 8b 45 ec 8b 00 33 c9 81 38 05 00 exception.symbol: b31b8740568360abdfcf934916c65bca+0x235f exception.instruction: mov dword ptr [ecx], eax exception.module: b31b8740568360abdfcf934916c65bca.exe exception.exception_code: 0xc0000005 exception.offset: 9055 exception.address: 0x100235f	success
1619861124.01856 __exception__	stacktrace: 0xffffffff registers.esp: 1635224 registers.edi: 17 registers.eax: 3651767000 registers.ebp: 1635316 registers.edx: 2 registers.ebx: 0 registers.esi: 4294967294 registers.ecx: 70 exception.instruction_r: 89 0b 9b eb 1f 8b 45 ec 8b 00 33 c9 81 38 05 00 exception.symbol: b31b8740568360abdfcf934916c65bca+0x2325 exception.instruction: mov dword ptr [ebx], ecx exception.module: b31b8740568360abdfcf934916c65bca.exe exception.exception_code: 0xc0000005 exception.offset: 8997 exception.address: 0x1002325	success
1619861124.01856 __exception__	stacktrace: 0xffffffff registers.esp: 1635224 registers.edi: 0 registers.eax: 3651767000 registers.ebp: 1635316 registers.edx: 0 registers.ebx: 0 registers.esi: 4294967294 registers.ecx: 0 exception.instruction_r: 89 01 9b eb 1f 8b 45 ec 8b 00 33 c9 81 38 05 00 exception.symbol: b31b8740568360abdfcf934916c65bca+0x235f exception.instruction: mov dword ptr [ecx], eax exception.module: b31b8740568360abdfcf934916c65bca.exe exception.exception_code: 0xc0000005 exception.offset: 9055 exception.address: 0x100235f	success
1619861124.01856 __exception__	stacktrace: 0xffffffff registers.esp: 1635224 registers.edi: 17 registers.eax: 1136688272 registers.ebp: 1635316 registers.edx: 2 registers.ebx: 0 registers.esi: 4294967294 registers.ecx: 70 exception.instruction_r: 89 0b 9b eb 1f 8b 45 ec 8b 00 33 c9 81 38 05 00 exception.symbol: b31b8740568360abdfcf934916c65bca+0x2325 exception.instruction: mov dword ptr [ebx], ecx exception.module: b31b8740568360abdfcf934916c65bca.exe exception.exception_code: 0xc0000005 exception.offset: 8997 exception.address: 0x1002325	success
1619861124.01856 __exception__	stacktrace: 0xffffffff registers.esp: 1635224 registers.edi: 0 registers.eax: 1136688272 registers.ebp: 1635316 registers.edx: 0 registers.ebx: 0 registers.esi: 4294967294 registers.ecx: 0 exception.instruction_r: 89 01 9b eb 1f 8b 45 ec 8b 00 33 c9 81 38 05 00 exception.symbol: b31b8740568360abdfcf934916c65bca+0x235f exception.instruction: mov dword ptr [ecx], eax exception.module: b31b8740568360abdfcf934916c65bca.exe exception.exception_code: 0xc0000005 exception.offset: 9055 exception.address: 0x100235f	success
1619861124.01856 __exception__	stacktrace: 0xffffffff registers.esp: 1635224 registers.edi: 17 registers.eax: 2916576840 registers.ebp: 1635316 registers.edx: 2 registers.ebx: 0 registers.esi: 4294967294 registers.ecx: 70 exception.instruction_r: 89 0b 9b eb 1f 8b 45 ec 8b 00 33 c9 81 38 05 00 exception.symbol: b31b8740568360abdfcf934916c65bca+0x2325 exception.instruction: mov dword ptr [ebx], ecx exception.module: b31b8740568360abdfcf934916c65bca.exe exception.exception_code: 0xc0000005 exception.offset: 8997 exception.address: 0x1002325	success
1619861124.01856 __exception__	stacktrace: 0xffffffff registers.esp: 1635224 registers.edi: 0 registers.eax: 2916576840 registers.ebp: 1635316 registers.edx: 0 registers.ebx: 0 registers.esi: 4294967294 registers.ecx: 0 exception.instruction_r: 89 01 9b eb 1f 8b 45 ec 8b 00 33 c9 81 38 05 00 exception.symbol: b31b8740568360abdfcf934916c65bca+0x235f exception.instruction: mov dword ptr [ecx], eax exception.module: b31b8740568360abdfcf934916c65bca.exe exception.exception_code: 0xc0000005 exception.offset: 9055 exception.address: 0x100235f	success
1619861124.01856 __exception__	stacktrace: 0xffffffff registers.esp: 1635224 registers.edi: 17 registers.eax: 401498112 registers.ebp: 1635316 registers.edx: 2 registers.ebx: 0 registers.esi: 4294967294 registers.ecx: 70 exception.instruction_r: 89 0b 9b eb 1f 8b 45 ec 8b 00 33 c9 81 38 05 00 exception.symbol: b31b8740568360abdfcf934916c65bca+0x2325 exception.instruction: mov dword ptr [ebx], ecx exception.module: b31b8740568360abdfcf934916c65bca.exe exception.exception_code: 0xc0000005 exception.offset: 8997 exception.address: 0x1002325	success
1619861124.01856 __exception__	stacktrace: 0xffffffff registers.esp: 1635224 registers.edi: 0 registers.eax: 401498112 registers.ebp: 1635316 registers.edx: 0 registers.ebx: 0 registers.esi: 4294967294 registers.ecx: 0 exception.instruction_r: 89 01 9b eb 1f 8b 45 ec 8b 00 33 c9 81 38 05 00 exception.symbol: b31b8740568360abdfcf934916c65bca+0x235f exception.instruction: mov dword ptr [ecx], eax exception.module: b31b8740568360abdfcf934916c65bca.exe exception.exception_code: 0xc0000005 exception.offset: 9055 exception.address: 0x100235f	success
1619861124.01856 __exception__	stacktrace: 0xffffffff registers.esp: 1635224 registers.edi: 17 registers.eax: 2181386680 registers.ebp: 1635316 registers.edx: 2 registers.ebx: 0 registers.esi: 4294967294 registers.ecx: 70 exception.instruction_r: 89 0b 9b eb 1f 8b 45 ec 8b 00 33 c9 81 38 05 00 exception.symbol: b31b8740568360abdfcf934916c65bca+0x2325 exception.instruction: mov dword ptr [ebx], ecx exception.module: b31b8740568360abdfcf934916c65bca.exe exception.exception_code: 0xc0000005 exception.offset: 8997 exception.address: 0x1002325	success
1619861124.01856 __exception__	stacktrace: 0xffffffff registers.esp: 1635224 registers.edi: 0 registers.eax: 2181386680 registers.ebp: 1635316 registers.edx: 0 registers.ebx: 0 registers.esi: 4294967294 registers.ecx: 0 exception.instruction_r: 89 01 9b eb 1f 8b 45 ec 8b 00 33 c9 81 38 05 00 exception.symbol: b31b8740568360abdfcf934916c65bca+0x235f exception.instruction: mov dword ptr [ecx], eax exception.module: b31b8740568360abdfcf934916c65bca.exe exception.exception_code: 0xc0000005 exception.offset: 9055 exception.address: 0x100235f	success
1619861124.01856 __exception__	stacktrace: 0xffffffff registers.esp: 1635224 registers.edi: 17 registers.eax: 3961275248 registers.ebp: 1635316 registers.edx: 2 registers.ebx: 0 registers.esi: 4294967294 registers.ecx: 70 exception.instruction_r: 89 0b 9b eb 1f 8b 45 ec 8b 00 33 c9 81 38 05 00 exception.symbol: b31b8740568360abdfcf934916c65bca+0x2325 exception.instruction: mov dword ptr [ebx], ecx exception.module: b31b8740568360abdfcf934916c65bca.exe exception.exception_code: 0xc0000005 exception.offset: 8997 exception.address: 0x1002325	success
1619861124.01856 __exception__	stacktrace: 0xffffffff registers.esp: 1635224 registers.edi: 0 registers.eax: 3961275248 registers.ebp: 1635316 registers.edx: 0 registers.ebx: 0 registers.esi: 4294967294 registers.ecx: 0 exception.instruction_r: 89 01 9b eb 1f 8b 45 ec 8b 00 33 c9 81 38 05 00 exception.symbol: b31b8740568360abdfcf934916c65bca+0x235f exception.instruction: mov dword ptr [ecx], eax exception.module: b31b8740568360abdfcf934916c65bca.exe exception.exception_code: 0xc0000005 exception.offset: 9055 exception.address: 0x100235f	success
1619861124.01856 __exception__	stacktrace: 0xffffffff registers.esp: 1635224 registers.edi: 17 registers.eax: 1446196520 registers.ebp: 1635316 registers.edx: 2 registers.ebx: 0 registers.esi: 4294967294 registers.ecx: 70 exception.instruction_r: 89 0b 9b eb 1f 8b 45 ec 8b 00 33 c9 81 38 05 00 exception.symbol: b31b8740568360abdfcf934916c65bca+0x2325 exception.instruction: mov dword ptr [ebx], ecx exception.module: b31b8740568360abdfcf934916c65bca.exe exception.exception_code: 0xc0000005 exception.offset: 8997 exception.address: 0x1002325	success
1619861124.01856 __exception__	stacktrace: 0xffffffff registers.esp: 1635224 registers.edi: 0 registers.eax: 1446196520 registers.ebp: 1635316 registers.edx: 0 registers.ebx: 0 registers.esi: 4294967294 registers.ecx: 0 exception.instruction_r: 89 01 9b eb 1f 8b 45 ec 8b 00 33 c9 81 38 05 00 exception.symbol: b31b8740568360abdfcf934916c65bca+0x235f exception.instruction: mov dword ptr [ecx], eax exception.module: b31b8740568360abdfcf934916c65bca.exe exception.exception_code: 0xc0000005 exception.offset: 9055 exception.address: 0x100235f	success
1619861124.01856 __exception__	stacktrace: 0xffffffff registers.esp: 1635224 registers.edi: 17 registers.eax: 3226085088 registers.ebp: 1635316 registers.edx: 2 registers.ebx: 0 registers.esi: 4294967294 registers.ecx: 70 exception.instruction_r: 89 0b 9b eb 1f 8b 45 ec 8b 00 33 c9 81 38 05 00 exception.symbol: b31b8740568360abdfcf934916c65bca+0x2325 exception.instruction: mov dword ptr [ebx], ecx exception.module: b31b8740568360abdfcf934916c65bca.exe exception.exception_code: 0xc0000005 exception.offset: 8997 exception.address: 0x1002325	success
1619861124.01856 __exception__	stacktrace: 0xffffffff registers.esp: 1635224 registers.edi: 0 registers.eax: 3226085088 registers.ebp: 1635316 registers.edx: 0 registers.ebx: 0 registers.esi: 4294967294 registers.ecx: 0 exception.instruction_r: 89 01 9b eb 1f 8b 45 ec 8b 00 33 c9 81 38 05 00 exception.symbol: b31b8740568360abdfcf934916c65bca+0x235f exception.instruction: mov dword ptr [ecx], eax exception.module: b31b8740568360abdfcf934916c65bca.exe exception.exception_code: 0xc0000005 exception.offset: 9055 exception.address: 0x100235f	success
1619861124.01856 __exception__	stacktrace: 0xffffffff registers.esp: 1635224 registers.edi: 17 registers.eax: 711006360 registers.ebp: 1635316 registers.edx: 2 registers.ebx: 0 registers.esi: 4294967294 registers.ecx: 70 exception.instruction_r: 89 0b 9b eb 1f 8b 45 ec 8b 00 33 c9 81 38 05 00 exception.symbol: b31b8740568360abdfcf934916c65bca+0x2325 exception.instruction: mov dword ptr [ebx], ecx exception.module: b31b8740568360abdfcf934916c65bca.exe exception.exception_code: 0xc0000005 exception.offset: 8997 exception.address: 0x1002325	success
1619861124.01856 __exception__	stacktrace: 0xffffffff registers.esp: 1635224 registers.edi: 0 registers.eax: 711006360 registers.ebp: 1635316 registers.edx: 0 registers.ebx: 0 registers.esi: 4294967294 registers.ecx: 0 exception.instruction_r: 89 01 9b eb 1f 8b 45 ec 8b 00 33 c9 81 38 05 00 exception.symbol: b31b8740568360abdfcf934916c65bca+0x235f exception.instruction: mov dword ptr [ecx], eax exception.module: b31b8740568360abdfcf934916c65bca.exe exception.exception_code: 0xc0000005 exception.offset: 9055 exception.address: 0x100235f	success
1619861124.01856 __exception__	stacktrace: 0xffffffff registers.esp: 1635224 registers.edi: 17 registers.eax: 2490894928 registers.ebp: 1635316 registers.edx: 2 registers.ebx: 0 registers.esi: 4294967294 registers.ecx: 70 exception.instruction_r: 89 0b 9b eb 1f 8b 45 ec 8b 00 33 c9 81 38 05 00 exception.symbol: b31b8740568360abdfcf934916c65bca+0x2325 exception.instruction: mov dword ptr [ebx], ecx exception.module: b31b8740568360abdfcf934916c65bca.exe exception.exception_code: 0xc0000005 exception.offset: 8997 exception.address: 0x1002325	success
1619861124.01856 __exception__	stacktrace: 0xffffffff registers.esp: 1635224 registers.edi: 0 registers.eax: 2490894928 registers.ebp: 1635316 registers.edx: 0 registers.ebx: 0 registers.esi: 4294967294 registers.ecx: 0 exception.instruction_r: 89 01 9b eb 1f 8b 45 ec 8b 00 33 c9 81 38 05 00 exception.symbol: b31b8740568360abdfcf934916c65bca+0x235f exception.instruction: mov dword ptr [ecx], eax exception.module: b31b8740568360abdfcf934916c65bca.exe exception.exception_code: 0xc0000005 exception.offset: 9055 exception.address: 0x100235f	success
1619861124.01856 __exception__	stacktrace: 0xffffffff registers.esp: 1635224 registers.edi: 17 registers.eax: 4270783496 registers.ebp: 1635316 registers.edx: 2 registers.ebx: 0 registers.esi: 4294967294 registers.ecx: 70 exception.instruction_r: 89 0b 9b eb 1f 8b 45 ec 8b 00 33 c9 81 38 05 00 exception.symbol: b31b8740568360abdfcf934916c65bca+0x2325 exception.instruction: mov dword ptr [ebx], ecx exception.module: b31b8740568360abdfcf934916c65bca.exe exception.exception_code: 0xc0000005 exception.offset: 8997 exception.address: 0x1002325	success
1619861124.01856 __exception__	stacktrace: 0xffffffff registers.esp: 1635224 registers.edi: 0 registers.eax: 4270783496 registers.ebp: 1635316 registers.edx: 0 registers.ebx: 0 registers.esi: 4294967294 registers.ecx: 0 exception.instruction_r: 89 01 9b eb 1f 8b 45 ec 8b 00 33 c9 81 38 05 00 exception.symbol: b31b8740568360abdfcf934916c65bca+0x235f exception.instruction: mov dword ptr [ecx], eax exception.module: b31b8740568360abdfcf934916c65bca.exe exception.exception_code: 0xc0000005 exception.offset: 9055 exception.address: 0x100235f	success
1619861124.01856 __exception__	stacktrace: 0xffffffff registers.esp: 1635224 registers.edi: 17 registers.eax: 1755704768 registers.ebp: 1635316 registers.edx: 2 registers.ebx: 0 registers.esi: 4294967294 registers.ecx: 70 exception.instruction_r: 89 0b 9b eb 1f 8b 45 ec 8b 00 33 c9 81 38 05 00 exception.symbol: b31b8740568360abdfcf934916c65bca+0x2325 exception.instruction: mov dword ptr [ebx], ecx exception.module: b31b8740568360abdfcf934916c65bca.exe exception.exception_code: 0xc0000005 exception.offset: 8997 exception.address: 0x1002325	success
1619861124.01856 __exception__	stacktrace: 0xffffffff registers.esp: 1635224 registers.edi: 0 registers.eax: 1755704768 registers.ebp: 1635316 registers.edx: 0 registers.ebx: 0 registers.esi: 4294967294 registers.ecx: 0 exception.instruction_r: 89 01 9b eb 1f 8b 45 ec 8b 00 33 c9 81 38 05 00 exception.symbol: b31b8740568360abdfcf934916c65bca+0x235f exception.instruction: mov dword ptr [ecx], eax exception.module: b31b8740568360abdfcf934916c65bca.exe exception.exception_code: 0xc0000005 exception.offset: 9055 exception.address: 0x100235f	success
1619861124.01856 __exception__	stacktrace: 0xffffffff registers.esp: 1635224 registers.edi: 17 registers.eax: 3535593336 registers.ebp: 1635316 registers.edx: 2 registers.ebx: 0 registers.esi: 4294967294 registers.ecx: 70 exception.instruction_r: 89 0b 9b eb 1f 8b 45 ec 8b 00 33 c9 81 38 05 00 exception.symbol: b31b8740568360abdfcf934916c65bca+0x2325 exception.instruction: mov dword ptr [ebx], ecx exception.module: b31b8740568360abdfcf934916c65bca.exe exception.exception_code: 0xc0000005 exception.offset: 8997 exception.address: 0x1002325	success
1619861124.01856 __exception__	stacktrace: 0xffffffff registers.esp: 1635224 registers.edi: 0 registers.eax: 3535593336 registers.ebp: 1635316 registers.edx: 0 registers.ebx: 0 registers.esi: 4294967294 registers.ecx: 0 exception.instruction_r: 89 01 9b eb 1f 8b 45 ec 8b 00 33 c9 81 38 05 00 exception.symbol: b31b8740568360abdfcf934916c65bca+0x235f exception.instruction: mov dword ptr [ecx], eax exception.module: b31b8740568360abdfcf934916c65bca.exe exception.exception_code: 0xc0000005 exception.offset: 9055 exception.address: 0x100235f	success
1619861124.01856 __exception__	stacktrace: 0xffffffff registers.esp: 1635224 registers.edi: 17 registers.eax: 1020514608 registers.ebp: 1635316 registers.edx: 2 registers.ebx: 0 registers.esi: 4294967294 registers.ecx: 70 exception.instruction_r: 89 0b 9b eb 1f 8b 45 ec 8b 00 33 c9 81 38 05 00 exception.symbol: b31b8740568360abdfcf934916c65bca+0x2325 exception.instruction: mov dword ptr [ebx], ecx exception.module: b31b8740568360abdfcf934916c65bca.exe exception.exception_code: 0xc0000005 exception.offset: 8997 exception.address: 0x1002325	success
1619861124.01856 __exception__	stacktrace: 0xffffffff registers.esp: 1635224 registers.edi: 0 registers.eax: 1020514608 registers.ebp: 1635316 registers.edx: 0 registers.ebx: 0 registers.esi: 4294967294 registers.ecx: 0 exception.instruction_r: 89 01 9b eb 1f 8b 45 ec 8b 00 33 c9 81 38 05 00 exception.symbol: b31b8740568360abdfcf934916c65bca+0x235f exception.instruction: mov dword ptr [ecx], eax exception.module: b31b8740568360abdfcf934916c65bca.exe exception.exception_code: 0xc0000005 exception.offset: 9055 exception.address: 0x100235f	success
1619861124.01856 __exception__	stacktrace: 0xffffffff registers.esp: 1635224 registers.edi: 17 registers.eax: 2800403176 registers.ebp: 1635316 registers.edx: 2 registers.ebx: 0 registers.esi: 4294967294 registers.ecx: 70 exception.instruction_r: 89 0b 9b eb 1f 8b 45 ec 8b 00 33 c9 81 38 05 00 exception.symbol: b31b8740568360abdfcf934916c65bca+0x2325 exception.instruction: mov dword ptr [ebx], ecx exception.module: b31b8740568360abdfcf934916c65bca.exe exception.exception_code: 0xc0000005 exception.offset: 8997 exception.address: 0x1002325	success
1619861124.01856 __exception__	stacktrace: 0xffffffff registers.esp: 1635224 registers.edi: 0 registers.eax: 2800403176 registers.ebp: 1635316 registers.edx: 0 registers.ebx: 0 registers.esi: 4294967294 registers.ecx: 0 exception.instruction_r: 89 01 9b eb 1f 8b 45 ec 8b 00 33 c9 81 38 05 00 exception.symbol: b31b8740568360abdfcf934916c65bca+0x235f exception.instruction: mov dword ptr [ecx], eax exception.module: b31b8740568360abdfcf934916c65bca.exe exception.exception_code: 0xc0000005 exception.offset: 9055 exception.address: 0x100235f	success
1619861124.01856 __exception__	stacktrace: 0xffffffff registers.esp: 1635224 registers.edi: 17 registers.eax: 285324448 registers.ebp: 1635316 registers.edx: 2 registers.ebx: 0 registers.esi: 4294967294 registers.ecx: 70 exception.instruction_r: 89 0b 9b eb 1f 8b 45 ec 8b 00 33 c9 81 38 05 00 exception.symbol: b31b8740568360abdfcf934916c65bca+0x2325 exception.instruction: mov dword ptr [ebx], ecx exception.module: b31b8740568360abdfcf934916c65bca.exe exception.exception_code: 0xc0000005 exception.offset: 8997 exception.address: 0x1002325	success
1619861124.01856 __exception__	stacktrace: 0xffffffff registers.esp: 1635224 registers.edi: 0 registers.eax: 285324448 registers.ebp: 1635316 registers.edx: 0 registers.ebx: 0 registers.esi: 4294967294 registers.ecx: 0 exception.instruction_r: 89 01 9b eb 1f 8b 45 ec 8b 00 33 c9 81 38 05 00 exception.symbol: b31b8740568360abdfcf934916c65bca+0x235f exception.instruction: mov dword ptr [ecx], eax exception.module: b31b8740568360abdfcf934916c65bca.exe exception.exception_code: 0xc0000005 exception.offset: 9055 exception.address: 0x100235f	success
1619861124.01856 __exception__	stacktrace: 0xffffffff registers.esp: 1635224 registers.edi: 17 registers.eax: 2065213016 registers.ebp: 1635316 registers.edx: 2 registers.ebx: 0 registers.esi: 4294967294 registers.ecx: 70 exception.instruction_r: 89 0b 9b eb 1f 8b 45 ec 8b 00 33 c9 81 38 05 00 exception.symbol: b31b8740568360abdfcf934916c65bca+0x2325 exception.instruction: mov dword ptr [ebx], ecx exception.module: b31b8740568360abdfcf934916c65bca.exe exception.exception_code: 0xc0000005 exception.offset: 8997 exception.address: 0x1002325	success
1619861124.01856 __exception__	stacktrace: 0xffffffff registers.esp: 1635224 registers.edi: 0 registers.eax: 2065213016 registers.ebp: 1635316 registers.edx: 0 registers.ebx: 0 registers.esi: 4294967294 registers.ecx: 0 exception.instruction_r: 89 01 9b eb 1f 8b 45 ec 8b 00 33 c9 81 38 05 00 exception.symbol: b31b8740568360abdfcf934916c65bca+0x235f exception.instruction: mov dword ptr [ecx], eax exception.module: b31b8740568360abdfcf934916c65bca.exe exception.exception_code: 0xc0000005 exception.offset: 9055 exception.address: 0x100235f	success
1619861124.01856 __exception__	stacktrace: 0xffffffff registers.esp: 1635224 registers.edi: 17 registers.eax: 3845101584 registers.ebp: 1635316 registers.edx: 2 registers.ebx: 0 registers.esi: 4294967294 registers.ecx: 70 exception.instruction_r: 89 0b 9b eb 1f 8b 45 ec 8b 00 33 c9 81 38 05 00 exception.symbol: b31b8740568360abdfcf934916c65bca+0x2325 exception.instruction: mov dword ptr [ebx], ecx exception.module: b31b8740568360abdfcf934916c65bca.exe exception.exception_code: 0xc0000005 exception.offset: 8997 exception.address: 0x1002325	success
1619861124.01856 __exception__	stacktrace: 0xffffffff registers.esp: 1635224 registers.edi: 0 registers.eax: 3845101584 registers.ebp: 1635316 registers.edx: 0 registers.ebx: 0 registers.esi: 4294967294 registers.ecx: 0 exception.instruction_r: 89 01 9b eb 1f 8b 45 ec 8b 00 33 c9 81 38 05 00 exception.symbol: b31b8740568360abdfcf934916c65bca+0x235f exception.instruction: mov dword ptr [ecx], eax exception.module: b31b8740568360abdfcf934916c65bca.exe exception.exception_code: 0xc0000005 exception.offset: 9055 exception.address: 0x100235f	success
1619861124.01856 __exception__	stacktrace: 0xffffffff registers.esp: 1635224 registers.edi: 17 registers.eax: 1330022856 registers.ebp: 1635316 registers.edx: 2 registers.ebx: 0 registers.esi: 4294967294 registers.ecx: 70 exception.instruction_r: 89 0b 9b eb 1f 8b 45 ec 8b 00 33 c9 81 38 05 00 exception.symbol: b31b8740568360abdfcf934916c65bca+0x2325 exception.instruction: mov dword ptr [ebx], ecx exception.module: b31b8740568360abdfcf934916c65bca.exe exception.exception_code: 0xc0000005 exception.offset: 8997 exception.address: 0x1002325	success
1619861124.01856 __exception__	stacktrace: 0xffffffff registers.esp: 1635224 registers.edi: 0 registers.eax: 1330022856 registers.ebp: 1635316 registers.edx: 0 registers.ebx: 0 registers.esi: 4294967294 registers.ecx: 0 exception.instruction_r: 89 01 9b eb 1f 8b 45 ec 8b 00 33 c9 81 38 05 00 exception.symbol: b31b8740568360abdfcf934916c65bca+0x235f exception.instruction: mov dword ptr [ecx], eax exception.module: b31b8740568360abdfcf934916c65bca.exe exception.exception_code: 0xc0000005 exception.offset: 9055 exception.address: 0x100235f	success
1619861124.01856 __exception__	stacktrace: 0xffffffff registers.esp: 1635224 registers.edi: 17 registers.eax: 3109911424 registers.ebp: 1635316 registers.edx: 2 registers.ebx: 0 registers.esi: 4294967294 registers.ecx: 70 exception.instruction_r: 89 0b 9b eb 1f 8b 45 ec 8b 00 33 c9 81 38 05 00 exception.symbol: b31b8740568360abdfcf934916c65bca+0x2325 exception.instruction: mov dword ptr [ebx], ecx exception.module: b31b8740568360abdfcf934916c65bca.exe exception.exception_code: 0xc0000005 exception.offset: 8997 exception.address: 0x1002325	success
1619861124.01856 __exception__	stacktrace: 0xffffffff registers.esp: 1635224 registers.edi: 0 registers.eax: 3109911424 registers.ebp: 1635316 registers.edx: 0 registers.ebx: 0 registers.esi: 4294967294 registers.ecx: 0 exception.instruction_r: 89 01 9b eb 1f 8b 45 ec 8b 00 33 c9 81 38 05 00 exception.symbol: b31b8740568360abdfcf934916c65bca+0x235f exception.instruction: mov dword ptr [ecx], eax exception.module: b31b8740568360abdfcf934916c65bca.exe exception.exception_code: 0xc0000005 exception.offset: 9055 exception.address: 0x100235f	success
1619861124.01856 __exception__	stacktrace: 0xffffffff registers.esp: 1635224 registers.edi: 17 registers.eax: 594832696 registers.ebp: 1635316 registers.edx: 2 registers.ebx: 0 registers.esi: 4294967294 registers.ecx: 70 exception.instruction_r: 89 0b 9b eb 1f 8b 45 ec 8b 00 33 c9 81 38 05 00 exception.symbol: b31b8740568360abdfcf934916c65bca+0x2325 exception.instruction: mov dword ptr [ebx], ecx exception.module: b31b8740568360abdfcf934916c65bca.exe exception.exception_code: 0xc0000005 exception.offset: 8997 exception.address: 0x1002325	success
1619861124.01856 __exception__	stacktrace: 0xffffffff registers.esp: 1635224 registers.edi: 0 registers.eax: 594832696 registers.ebp: 1635316 registers.edx: 0 registers.ebx: 0 registers.esi: 4294967294 registers.ecx: 0 exception.instruction_r: 89 01 9b eb 1f 8b 45 ec 8b 00 33 c9 81 38 05 00 exception.symbol: b31b8740568360abdfcf934916c65bca+0x235f exception.instruction: mov dword ptr [ecx], eax exception.module: b31b8740568360abdfcf934916c65bca.exe exception.exception_code: 0xc0000005 exception.offset: 9055 exception.address: 0x100235f	success

Allocates read-write-execute memory (usually to unpack itself) (16 个事件)

Time & API	Arguments	Status
1619861117.97156 NtAllocateVirtualMemory	process_identifier: 2760 region_size: 208896 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) base_address: 0x02ff0000	success
1619861126.40856 NtProtectVirtualMemory	process_identifier: 2760 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff base_address: 0x01000000	success
1619861126.40856 NtProtectVirtualMemory	process_identifier: 2760 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff base_address: 0x01001000	success
1619861126.40856 NtProtectVirtualMemory	process_identifier: 2760 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff base_address: 0x01002000	success
1619861126.40856 NtProtectVirtualMemory	process_identifier: 2760 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff base_address: 0x01003000	success
1619861126.40856 NtProtectVirtualMemory	process_identifier: 2760 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff base_address: 0x01004000	success
1619861126.40856 NtProtectVirtualMemory	process_identifier: 2760 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff base_address: 0x01005000	success
1619861126.40856 NtProtectVirtualMemory	process_identifier: 2760 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff base_address: 0x01006000	success
1619861126.40856 NtProtectVirtualMemory	process_identifier: 2760 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff base_address: 0x01007000	success
1619861126.40856 NtProtectVirtualMemory	process_identifier: 2760 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff base_address: 0x01008000	success
1619861126.40856 NtProtectVirtualMemory	process_identifier: 2760 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff base_address: 0x01009000	success
1619861126.40856 NtProtectVirtualMemory	process_identifier: 2760 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff base_address: 0x0100a000	success
1619861126.40856 NtProtectVirtualMemory	process_identifier: 2760 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff base_address: 0x0100b000	success
1619861126.40856 NtProtectVirtualMemory	process_identifier: 2760 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff base_address: 0x0100c000	success
1619861126.40856 NtProtectVirtualMemory	process_identifier: 2760 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff base_address: 0x0100d000	success
1619861126.40856 NtProtectVirtualMemory	process_identifier: 2760 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff base_address: 0x0100e000	success

The binary likely contains encrypted or compressed data indicative of a packer (1 个事件)

entropy

7.502637851959116

section

{'size_of_data': '0x00025400', 'virtual_address': '0x000d8000', 'entropy': 7.502637851959116, 'name': '.rsrc', 'virtual_size': '0x000253ac'}

description

A section with a high entropy has been found

Communicates with host for which no DNS query was performed (1 个事件)

host

172.217.24.14

Generates some ICMP traffic

File has been identified by 53 AntiVirus engines on VirusTotal as malicious (50 out of 53 个事件)

Bkav	W32.AIDetectVM.malware1
Elastic	malicious (high confidence)
DrWeb	Trojan.Gozi.661
MicroWorld-eScan	Trojan.GenericKD.33605694
FireEye	Generic.mg.b31b8740568360ab
McAfee	GenericRXAA-AA!B31B87405683
Cylance	Unsafe
VIPRE	Trojan.Win32.Generic!BT
Sangfor	Malware
K7AntiVirus	Trojan ( 00563db11 )
Alibaba	TrojanDropper:Win32/Kryptik.22dd2492
K7GW	Trojan ( 00563db11 )
BitDefenderTheta	Gen:NN.ZexaF.34670.7u1@au9!eBgi
Cyren	W32/Risk.IEIL-1614
Symantec	ML.Attribute.HighConfidence
APEX	Malicious
Avast	Win32:Trojan-gen
ClamAV	Win.Packed.Generic-7648509-0
Kaspersky	HEUR:Trojan-Dropper.Win32.Dropback.pef
BitDefender	Trojan.GenericKD.33605694
NANO-Antivirus	Trojan.Win32.Dropback.hieccv
Paloalto	generic.ml
Rising	Trojan.Kryptik!1.C4A6 (CLASSIC)
Ad-Aware	Trojan.GenericKD.33605694
Emsisoft	Trojan.GenericKD.33605694 (B)
F-Secure	Heuristic.HEUR/AGEN.1133919
Zillya	Dropper.Dropback.Win32.59
TrendMicro	TROJ_GEN.R06EC0DI220
McAfee-GW-Edition	BehavesLike.Win32.Dropper.dh
Sophos	Mal/Generic-S
Jiangmin	TrojanDropper.Dropback.cr
Avira	HEUR/AGEN.1133919
Antiy-AVL	Trojan/Win32.Gozi
Gridinsoft	Trojan.Win32.Kryptik.ba
Microsoft	Trojan:Win32/Gozi.PVD!MTB
ZoneAlarm	HEUR:Trojan-Dropper.Win32.Dropback.pef
GData	Trojan.GenericKD.33605694
Cynet	Malicious (score: 85)
AhnLab-V3	Malware/Win32.RL_Generic.R332475
VBA32	Trojan.Gozi
ALYac	Trojan.GenericKD.33605694
MAX	malware (ai score=85)
ESET-NOD32	a variant of Win32/Kryptik.HCLY
TrendMicro-HouseCall	TROJ_GEN.R06EC0DI220
Tencent	Malware.Win32.Gencirc.10b9cd1c
Yandex	Trojan.Kryptik!coByHROS1CQ
Ikarus	Trojan.Crypt.Agent
eGambit	Unsafe.AI_Score_95%
Fortinet	W32/Kryptik.HCLY!tr
AVG	Win32:Trojan-gen

暂无二进制图像该样本未生成二进制可视化图像

暂无运行截图该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手，可以帮您分析和解读恶意软件报告。请随时向我提问！

🔍 主要威胁分析

⚡ 行为特征

🛡️ 防护建议

🔧 技术手段

🎯 检测方法

🤖

Static Analysis
Strings

PE Compile Time

2020-04-03 06:56:28

Imports

Library KERNEL32.dll:

• 0x1091090 GetStdHandle

• 0x1091094 FindClose

• 0x1091098 GetSystemTime

• 0x109109c SystemTimeToFileTime

• 0x10910a0 GetEnvironmentVariableA

• 0x10910a4 CreateFileW

• 0x10910a8 FindFirstFileW

• 0x10910ac DeleteFileA

• 0x10910b0 AreFileApisANSI

• 0x10910b4 LocalFree

• 0x10910b8 GetTempPathA

• 0x10910bc DeleteFileW

• 0x10910c0 GetVersionExA

• 0x10910c4 OutputDebugStringA

• 0x10910c8 GetFileAttributesExW

• 0x10910cc GetSystemInfo

• 0x10910d0 GetDiskFreeSpaceA

• 0x10910d4 CreateFileMappingW

• 0x10910d8 CreateFileMappingA

• 0x10910dc GetDiskFreeSpaceW

• 0x10910e0 LockFileEx

• 0x10910e4 HeapSize

• 0x10910e8 GetTempPathW

• 0x10910ec FlushFileBuffers

• 0x10910f0 MultiByteToWideChar

• 0x10910f4 ReadFile

• 0x10910f8 GetFileAttributesW

• 0x10910fc HeapValidate

• 0x1091100 HeapCreate

• 0x1091104 GetFileAttributesA

• 0x1091108 HeapDestroy

• 0x109110c GetVersionExW

• 0x1091110 FormatMessageW

• 0x1091114 LoadLibraryW

• 0x1091118 WideCharToMultiByte

• 0x109111c WriteFile

• 0x1091120 FormatMessageA

• 0x1091124 GetSystemTimeAsFileTime

• 0x1091128 UnlockFileEx

• 0x109112c GetTickCount

• 0x1091130 OutputDebugStringW

• 0x1091134 WaitForSingleObjectEx

• 0x1091138 LockFile

• 0x109113c FlushViewOfFile

• 0x1091140 UnlockFile

• 0x1091144 InterlockedCompareExchange

• 0x1091148 QueryPerformanceCounter

• 0x109114c SetEndOfFile

• 0x1091150 UnmapViewOfFile

• 0x1091154 SetFilePointer

• 0x1091158 HeapCompact

• 0x109115c CreateMutexW

• 0x1091160 GetFileSize

• 0x1091164 CreateFileA

• 0x1091168 HeapReAlloc

• 0x109116c GetFullPathNameA

• 0x1091170 GetFullPathNameW

• 0x1091174 GetCurrentThreadId

• 0x1091178 InitializeCriticalSection

• 0x109117c EnterCriticalSection

• 0x1091180 LeaveCriticalSection

• 0x1091184 WaitForMultipleObjects

• 0x1091188 DeleteCriticalSection

• 0x109118c PeekNamedPipe

• 0x1091190 GetFileInformationByHandle

• 0x1091194 SetEnvironmentVariableA

• 0x1091198 GetStringTypeW

• 0x109119c LCMapStringW

• 0x10911a0 CompareStringW

• 0x10911a4 FreeEnvironmentStringsW

• 0x10911a8 GetEnvironmentStringsW

• 0x10911ac GetTimeZoneInformation

• 0x10911b0 SetStdHandle

• 0x10911b4 GetDriveTypeW

• 0x10911b8 FindFirstFileExW

• 0x10911bc FileTimeToLocalFileTime

• 0x10911c0 SetFilePointerEx

• 0x10911c4 ReadConsoleW

• 0x10911c8 GetConsoleMode

• 0x10911cc GetConsoleCP

• 0x10911d0 GetCPInfo

• 0x10911d4 GetOEMCP

• 0x10911d8 GetACP

• 0x10911dc IsValidCodePage

• 0x10911e0 GetCurrentDirectoryW

• 0x10911e4 GetModuleHandleW

• 0x10911e8 GetStartupInfoW

• 0x10911ec TlsFree

• 0x10911f0 TlsSetValue

• 0x10911f4 TlsGetValue

• 0x10911f8 TlsAlloc

• 0x10911fc TerminateProcess

• 0x1091200 GetCurrentProcessId

• 0x1091204 GetCurrentProcess

• 0x1091208 FreeLibrary

• 0x109120c GetUserDefaultLCID

• 0x1091210 GetUserDefaultLangID

• 0x1091214 EnumTimeFormatsA

• 0x1091218 GetDateFormatA

• 0x109121c FindResourceExW

• 0x1091220 FindResourceA

• 0x1091224 GetModuleHandleA

• 0x1091228 LoadLibraryA

• 0x109122c CreateEventA

• 0x1091230 LoadResource

• 0x1091234 WaitForSingleObject

• 0x1091238 SetEvent

• 0x109123c GetLastError

• 0x1091240 ExitProcess

• 0x1091244 GlobalAlloc

• 0x1091248 GetProcAddress

• 0x109124c CloseHandle

• 0x1091250 MapViewOfFile

• 0x1091254 Sleep

• 0x1091258 GetProcessHeap

• 0x109125c HeapFree

• 0x1091260 HeapAlloc

• 0x1091264 InterlockedExchange

• 0x1091268 SleepConditionVariableSRW

• 0x109126c WakeAllConditionVariable

• 0x1091270 WakeConditionVariable

• 0x1091274 InitializeCriticalSectionAndSpinCount

• 0x1091278 SetUnhandledExceptionFilter

• 0x109127c UnhandledExceptionFilter

• 0x1091280 InterlockedIncrement

• 0x1091284 SetLastError

• 0x1091288 GetCommandLineW

• 0x109128c IsProcessorFeaturePresent

• 0x1091290 IsDebuggerPresent

• 0x1091294 FileTimeToSystemTime

• 0x1091298 SystemTimeToTzSpecificLocalTime

• 0x109129c FindNextFileA

• 0x10912a0 FindFirstFileExA

• 0x10912a4 RtlUnwind

• 0x10912a8 RaiseException

• 0x10912ac WriteConsoleW

• 0x10912b0 GetModuleFileNameW

• 0x10912b4 GetFileType

• 0x10912b8 InitializeConditionVariable

• 0x10912bc AcquireSRWLockShared

• 0x10912c0 AcquireSRWLockExclusive

• 0x10912c4 ReleaseSRWLockShared

• 0x10912c8 ReleaseSRWLockExclusive

• 0x10912cc GetModuleHandleExW

• 0x10912d0 InterlockedDecrement

• 0x10912d4 LoadLibraryExW

• 0x10912d8 ExitThread

• 0x10912dc CreateThread

• 0x10912e0 DecodePointer

• 0x10912e4 TryEnterCriticalSection

• 0x10912e8 InitializeSRWLock

• 0x10912ec EncodePointer

Library USER32.dll:

• 0x1091330 EnableWindow

• 0x1091334 GetDlgItem

• 0x1091338 EndDialog

• 0x109133c SetWindowLongW

• 0x1091340 GetShellWindow

• 0x1091344 CreateWindowStationA

• 0x1091348 GetMessageA

• 0x109134c DispatchMessageA

• 0x1091350 DialogBoxParamW

• 0x1091354 SendMessageW

• 0x1091358 GetCursorPos

• 0x109135c SystemParametersInfoA

• 0x1091360 LoadImageA

• 0x1091364 LoadBitmapA

• 0x1091368 GetSysColor

• 0x109136c SetCaretPos

• 0x1091370 ShowCaret

• 0x1091374 MessageBoxA

• 0x1091378 SetWindowContextHelpId

• 0x109137c GetClientRect

• 0x1091380 SetWindowTextA

• 0x1091384 ValidateRect

• 0x1091388 InvalidateRect

• 0x109138c EndPaint

• 0x1091390 BeginPaint

• 0x1091394 UpdateWindow

• 0x1091398 TrackPopupMenu

• 0x109139c EnableMenuItem

• 0x10913a0 GetSystemMetrics

• 0x10913a4 GetDialogBaseUnits

• 0x10913a8 SendDlgItemMessageA

• 0x10913ac DialogBoxParamA

• 0x10913b0 ShowWindow

• 0x10913b4 DestroyWindow

• 0x10913b8 CreateWindowExA

• 0x10913bc RegisterClassA

• 0x10913c0 PostQuitMessage

• 0x10913c4 DefWindowProcA

• 0x10913c8 SendMessageA

Library GDI32.dll:

• 0x1091038 TextOutA

• 0x109103c MoveToEx

• 0x1091040 GetObjectA

• 0x1091044 SetTextColor

• 0x1091048 SetStretchBltMode

• 0x109104c SetBkMode

• 0x1091050 SelectObject

• 0x1091054 Rectangle

• 0x1091058 GetTextExtentPoint32A

• 0x109105c GetStockObject

• 0x1091060 GetPixel

• 0x1091064 ExcludeClipRect

• 0x1091068 Ellipse

• 0x109106c DeleteObject

• 0x1091070 DeleteDC

• 0x1091074 CreateFontIndirectA

• 0x1091078 CreateCompatibleDC

• 0x109107c CreateBitmap

• 0x1091080 CombineRgn

• 0x1091084 BitBlt

• 0x1091088 SwapBuffers

Library COMDLG32.dll:

• 0x1091028 GetOpenFileNameA

Library ADVAPI32.dll:

• 0x1091000 RegOpenKeyExW

• 0x1091004 RegQueryValueExW

• 0x1091008 RegSetValueExW

• 0x109100c RegCloseKey

Library SHELL32.dll:

• 0x1091324 Shell_NotifyIconA

• 0x1091328 SHBrowseForFolderA

Library ole32.dll:

• 0x10913e0 CoInitialize

• 0x10913e4 CoInitializeEx

• 0x10913e8 CoUninitialize

• 0x10913ec CreateStreamOnHGlobal

Library OLEAUT32.dll:

• 0x10912f4 SafeArrayPutElement

• 0x10912f8 SafeArrayCreateVector

• 0x10912fc SafeArrayCreate

• 0x1091300 SafeArrayDestroy

• 0x1091304 SafeArrayAccessData

• 0x1091308 SafeArrayUnaccessData

Library OPENGL32.dll:

• 0x1091310 glGetString

• 0x1091314 glGetIntegerv

• 0x1091318 wglGetCurrentDC

• 0x109131c wglGetProcAddress

Library COMCTL32.dll:

• 0x1091014 InitCommonControlsEx

• 0x1091018

• 0x109101c

• 0x1091020

Library pdh.dll:

• 0x10913f4 PdhCollectQueryData

Library WINHTTP.dll:

• 0x10913d0 WinHttpOpen

Library d2d1.dll:

• 0x10913d8

Library DWrite.dll:

• 0x1091030 DWriteCreateFactory

Hosts

No hosts contacted.

DNS

Name	Response	Post-Analysis Lookup
dns.msftncsi.com	A 131.107.255.255	131.107.255.255
dns.msftncsi.com	AAAA fd3e:4f5a:5b81::1	131.107.255.255
teredo.ipv6.microsoft.com		127.0.0.1

TCP

No TCP connections recorded.

UDP

Source	Source Port	Destination	Destination Port
192.168.56.101	49235	114.114.114.114	53
192.168.56.101	50534	114.114.114.114	53
192.168.56.101	56539	114.114.114.114	53
192.168.56.101	65004	114.114.114.114	53
192.168.56.101	137	192.168.56.255	137
192.168.56.101	138	192.168.56.255	138
192.168.56.101	55368	224.0.0.252	5355
192.168.56.101	56804	224.0.0.252	5355
192.168.56.101	60123	224.0.0.252	5355
192.168.56.101	62191	224.0.0.252	5355
192.168.56.101	1900	239.255.255.250	1900
192.168.56.101	50535	239.255.255.250	3702
192.168.56.101	56540	239.255.255.250	3702
192.168.56.101	56807	239.255.255.250	1900
192.168.56.101	58707	239.255.255.250	3702

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.

Sorry! No dropped buffers.