SmartHawk

6.0

高危

54 个模型检测该样本为恶意！

重新分析

下载样本

f3411b7e22a86b6fbf4f9a4bc1299ce9c21dec8acdf793c47959979433f2a5dd

b5b240da61de6a477b5322bbe4e772ce.exe

分析耗时

75s

最近分析

文件大小

428.0KB

静态报毒动态报毒 100% AGEN AI SCORE=83 AQ0@AKLM6VAI BSCOPE CLASSIC CONFIDENCE DOWNLOADER34 EMOTET EPAZ GENCIRC GENERICKD GENKRYPTIK HFGU HIGH CONFIDENCE HPMQQV I7Z4PPKNZC0 KCLOUD KRYPTIK MALWARE@#2X0NL2AZT2MFC R + TROJ R346459 SCORE SGENERIC SUSGEN UYUS ZEXAF 更多

未检测暂无鹰眼引擎检测结果

查杀引擎	查杀结果	查杀时间	查杀版本
Alibaba	Trojan:Win32/Emotet.ffc2cd48	20190527	0.3.0.5
Avast	Win32:Malware-gen	20201210	21.1.5827.0
Baidu		20190318	1.0.0.2
Kingsoft	Win32.Hack.Emotet.as.(kcloud)	20201211	2017.9.26.565
McAfee	Emotet-FRI!B5B240DA61DE	20201211	6.0.6.653
Tencent	Malware.Win32.Gencirc.10cde564	20201211	1.0.0.1
CrowdStrike	win/malicious_confidence_100% (W)	20190702	1.0

Queries for the computername (1 个事件)

Time & API	Arguments	Status	Return	Repeated
1619861132.296895 GetComputerNameA	computer_name: OSKAR-PC	success	1	0

Uses Windows APIs to generate a cryptographic key (3 个事件)

Time & API	Arguments	Status	Return
1619861117.093895 CryptGenKey	crypto_handle: 0x00646ec0 algorithm_identifier: 0x0000660e () provider_handle: 0x00623c68 flags: 1 key: fTg@h¢<yßª$âH	success	1
1619861132.312895 CryptExportKey	crypto_handle: 0x00646ec0 crypto_export_handle: 0x00646e40 buffer: f¤OÕÝ~~2Ä#ßA¯Ê¾Êî³uâdF§£ý÷¨è°Bm½ë÷Ø¿W[ð»º'}DÍ¢RfM+¬vAðé ÕèÅ9ó´9k¦}Ñ-Á(pY® blob_type: 1 flags: 64	success	1
1619861167.155895 CryptExportKey	crypto_handle: 0x00646ec0 crypto_export_handle: 0x00646e40 buffer: f¤ú½¬Ýx:Òy¸¯Ødjlä z#ÞÛ°QXÄ1º;-_Aª+##Á³>îðl3ÌxFúÅnvð¤7¯N#¼Ò»Ü^À¸´Î-ÁÇ blob_type: 1 flags: 64	success	1

The file contains an unknown PE resource name possibly indicative of a packer (1 个事件)

resource name

None

Allocates read-write-execute memory (usually to unpack itself) (1 个事件)

Time & API	Arguments	Status	Return	Repeated
1619861116.327895 NtAllocateVirtualMemory	process_identifier: 3068 region_size: 36864 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 12289 (MEM_COMMIT\|MEM_RESERVE) base_address: 0x003f0000	success	0	0

Checks adapter addresses which can be used to detect virtual network interfaces (1 个事件)

Time & API	Arguments	Status	Return	Repeated
1619861132.780895 GetAdaptersAddresses	flags: 0 family: 0	failed	111	0

Expresses interest in specific running processes (1 个事件)

process

b5b240da61de6a477b5322bbe4e772ce.exe

Reads the systems User Agent and subsequently performs requests (1 个事件)

Time & API	Arguments	Status	Return	Repeated
1619861132.437895 InternetOpenW	proxy_bypass: access_type: 0 proxy_name: flags: 0 user_agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)	success	13369348	0

Communicates with host for which no DNS query was performed (3 个事件)

host	172.217.24.14
host	47.146.117.214
host	62.108.54.22

Sets or modifies WPAD proxy autoconfiguration file for traffic interception (8 个事件)

Time & API	Arguments	Status
1619861135.374895 RegSetValueExA	key_handle: 0x000003a4 value: 1 regkey_r: WpadDecisionReason reg_type: 4 (REG_DWORD) regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionReason	success
1619861135.374895 RegSetValueExA	key_handle: 0x000003a4 value: SÚ"H>× regkey_r: WpadDecisionTime reg_type: 3 (REG_BINARY) regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionTime	success
1619861135.374895 RegSetValueExA	key_handle: 0x000003a4 value: 3 regkey_r: WpadDecision reg_type: 4 (REG_DWORD) regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecision	success
1619861135.374895 RegSetValueExW	key_handle: 0x000003a4 value: 网络 2 regkey_r: WpadNetworkName reg_type: 1 (REG_SZ) regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadNetworkName	success
1619861135.374895 RegSetValueExA	key_handle: 0x000003bc value: 1 regkey_r: WpadDecisionReason reg_type: 4 (REG_DWORD) regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionReason	success
1619861135.374895 RegSetValueExA	key_handle: 0x000003bc value: SÚ"H>× regkey_r: WpadDecisionTime reg_type: 3 (REG_BINARY) regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionTime	success
1619861135.374895 RegSetValueExA	key_handle: 0x000003bc value: 3 regkey_r: WpadDecision reg_type: 4 (REG_DWORD) regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecision	success
1619861135.405895 RegSetValueExW	key_handle: 0x000003a0 value: {40112ABE-63B3-43C3-BE93-1440EE3AF106} regkey_r: WpadLastNetwork reg_type: 1 (REG_SZ) regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\WpadLastNetwork	success

File has been identified by 54 AntiVirus engines on VirusTotal as malicious (50 out of 54 个事件)

Elastic	malicious (high confidence)
DrWeb	Trojan.DownLoader34.12533
MicroWorld-eScan	Trojan.GenericKD.34266910
FireEye	Generic.mg.b5b240da61de6a47
ALYac	Trojan.GenericKD.34266910
VIPRE	Trojan.Win32.Generic!BT
K7AntiVirus	Trojan ( 0056ba541 )
Alibaba	Trojan:Win32/Emotet.ffc2cd48
K7GW	Trojan ( 0056ba541 )
Arcabit	Trojan.Generic.D20ADF1E
BitDefenderTheta	Gen:NN.ZexaF.34670.Aq0@aKLm6Vai
Cyren	W32/Emotet.UYUS-7213
Symantec	Packed.Generic.554
ESET-NOD32	a variant of Win32/Kryptik.HFGU
Paloalto	generic.ml
ClamAV	Win.Packed.Emotet-9527875-0
Kaspersky	HEUR:Trojan.Win32.Agent.vho
BitDefender	Trojan.GenericKD.34266910
NANO-Antivirus	Trojan.Win32.Emotet.hpmqqv
Avast	Win32:Malware-gen
Rising	Trojan.Kryptik!1.C80B (CLASSIC)
Ad-Aware	Trojan.GenericKD.34266910
Sophos	Mal/Generic-R + Troj/Emotet-CKL
Comodo	Malware@#2x0nl2azt2mfc
F-Secure	Heuristic.HEUR/AGEN.1137853
Zillya	Backdoor.Emotet.Win32.845
McAfee-GW-Edition	BehavesLike.Win32.Emotet.gh
Emsisoft	Trojan.Emotet (A)
Jiangmin	Backdoor.Emotet.pf
Avira	HEUR/AGEN.1137853
MAX	malware (ai score=83)
Antiy-AVL	Trojan/Win32.SGeneric
Kingsoft	Win32.Hack.Emotet.as.(kcloud)
Gridinsoft	Trojan.Win32.Kryptik.oa
Microsoft	Trojan:Win32/Emotet.ARJ!MTB
AegisLab	Trojan.Win32.Generic.4!c
ZoneAlarm	HEUR:Trojan.Win32.Agent.vho
GData	Trojan.GenericKD.34266910
Cynet	Malicious (score: 100)
AhnLab-V3	Trojan/Win32.Emotet.R346459
McAfee	Emotet-FRI!B5B240DA61DE
TACHYON	Trojan/W32.Emotet.438272
VBA32	BScope.Trojan.Emotet
Malwarebytes	Trojan.MalPack.TRE
APEX	Malicious
Tencent	Malware.Win32.Gencirc.10cde564
Yandex	Trojan.Kryptik!i7Z4PpkNZc0
Ikarus	Trojan-Banker.Emotet
MaxSecure	Trojan.Malware.104387361.susgen
Fortinet	W32/GenKryptik.EPAZ!tr

Connects to IP addresses that are no longer responding to requests (legitimate services will remain up-and-running usually) (2 个事件)

dead_host	62.108.54.22:8080
dead_host	47.146.117.214:80

暂无二进制图像该样本未生成二进制可视化图像

暂无运行截图该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手，可以帮您分析和解读恶意软件报告。请随时向我提问！

🔍 主要威胁分析

⚡ 行为特征

🛡️ 防护建议

🔧 技术手段

🎯 检测方法

🤖

Static Analysis
Strings

PE Compile Time

2020-07-30 19:58:34

Imports

Library KERNEL32.dll:

• 0x447180 TerminateProcess

• 0x447184 UnhandledExceptionFilter

• 0x447188 SetUnhandledExceptionFilter

• 0x44718c IsDebuggerPresent

• 0x447190 Sleep

• 0x447194 GetACP

• 0x447198 GetStringTypeA

• 0x44719c GetStringTypeW

• 0x4471a0 VirtualFree

• 0x4471a4 HeapDestroy

• 0x4471a8 HeapCreate

• 0x4471ac GetStdHandle

• 0x4471b0 FreeEnvironmentStringsA

• 0x4471b4 GetEnvironmentStrings

• 0x4471b8 FreeEnvironmentStringsW

• 0x4471bc GetEnvironmentStringsW

• 0x4471c0 SetHandleCount

• 0x4471c4 GetFileType

• 0x4471c8 QueryPerformanceCounter

• 0x4471cc HeapSize

• 0x4471d0 GetTimeZoneInformation

• 0x4471d4 LCMapStringA

• 0x4471d8 LCMapStringW

• 0x4471dc GetConsoleCP

• 0x4471e0 GetConsoleMode

• 0x4471e4 SetStdHandle

• 0x4471e8 WriteConsoleA

• 0x4471ec GetConsoleOutputCP

• 0x4471f0 WriteConsoleW

• 0x4471f4 SetEnvironmentVariableA

• 0x4471f8 SizeofResource

• 0x4471fc GetStartupInfoA

• 0x447200 GetProcessHeap

• 0x447204 GetCommandLineA

• 0x447208 VirtualAlloc

• 0x44720c HeapReAlloc

• 0x447210 HeapFree

• 0x447214 HeapAlloc

• 0x447218 RaiseException

• 0x44721c RtlUnwind

• 0x447220 SetErrorMode

• 0x447224 GetTickCount

• 0x447228 LocalFileTimeToFileTime

• 0x44722c FileTimeToLocalFileTime

• 0x447230 CreateFileA

• 0x447234 GetShortPathNameA

• 0x447238 GetVolumeInformationA

• 0x44723c FindFirstFileA

• 0x447240 FindClose

• 0x447244 DuplicateHandle

• 0x447248 GetFileSize

• 0x44724c SetEndOfFile

• 0x447250 UnlockFile

• 0x447254 LockFile

• 0x447258 FlushFileBuffers

• 0x44725c SetFilePointer

• 0x447260 WriteFile

• 0x447264 ReadFile

• 0x447268 DeleteFileA

• 0x44726c MoveFileA

• 0x447270 GetCurrentDirectoryA

• 0x447274 GetOEMCP

• 0x447278 GetCPInfo

• 0x44727c GlobalFlags

• 0x447280 InterlockedDecrement

• 0x447284 GetModuleFileNameW

• 0x447288 TlsFree

• 0x44728c DeleteCriticalSection

• 0x447290 LocalReAlloc

• 0x447294 TlsSetValue

• 0x447298 TlsAlloc

• 0x44729c InitializeCriticalSection

• 0x4472a0 GlobalHandle

• 0x4472a4 GlobalReAlloc

• 0x4472a8 EnterCriticalSection

• 0x4472ac TlsGetValue

• 0x4472b0 LeaveCriticalSection

• 0x4472b4 LocalAlloc

• 0x4472b8 SystemTimeToFileTime

• 0x4472bc FileTimeToSystemTime

• 0x4472c0 GetDiskFreeSpaceA

• 0x4472c4 GetFullPathNameA

• 0x4472c8 GetTempFileNameA

• 0x4472cc GetFileTime

• 0x4472d0 SetFileTime

• 0x4472d4 GetFileAttributesA

• 0x4472d8 GetPrivateProfileStringA

• 0x4472dc WritePrivateProfileStringA

• 0x4472e0 GetPrivateProfileIntA

• 0x4472e4 CloseHandle

• 0x4472e8 GetCurrentThread

• 0x4472ec ConvertDefaultLocale

• 0x4472f0 GetModuleFileNameA

• 0x4472f4 EnumResourceLanguagesA

• 0x4472f8 GetLocaleInfoA

• 0x4472fc lstrcmpA

• 0x447300 GetCurrentProcessId

• 0x447304 GlobalFree

• 0x447308 GlobalAlloc

• 0x44730c GlobalLock

• 0x447310 GlobalUnlock

• 0x447314 FormatMessageA

• 0x447318 LocalFree

• 0x44731c MulDiv

• 0x447320 GetThreadLocale

• 0x447324 InterlockedIncrement

• 0x447328 FreeResource

• 0x44732c GetCurrentThreadId

• 0x447330 GlobalGetAtomNameA

• 0x447334 GlobalAddAtomA

• 0x447338 GlobalFindAtomA

• 0x44733c GlobalDeleteAtom

• 0x447340 FreeLibrary

• 0x447344 LoadLibraryA

• 0x447348 SetLastError

• 0x44734c lstrcmpW

• 0x447350 GetModuleHandleA

• 0x447354 GetVersionExA

• 0x447358 GetStringTypeExA

• 0x44735c lstrlenA

• 0x447360 CompareStringW

• 0x447364 CompareStringA

• 0x447368 GetVersion

• 0x44736c GetLastError

• 0x447370 MultiByteToWideChar

• 0x447374 InterlockedExchange

• 0x447378 lstrcmpiA

• 0x44737c LoadLibraryExW

• 0x447380 ExitProcess

• 0x447384 LoadLibraryExA

• 0x447388 GetProcAddress

• 0x44738c GetCurrentProcess

• 0x447390 WideCharToMultiByte

• 0x447394 FindResourceA

• 0x447398 LoadResource

• 0x44739c LockResource

• 0x4473a0 GetSystemTimeAsFileTime

Library USER32.dll:

• 0x4473f0 UnregisterClassA

• 0x4473f4 RegisterClipboardFormatA

• 0x4473f8 CopyAcceleratorTableA

• 0x4473fc GetSysColorBrush

• 0x447400 EndPaint

• 0x447404 BeginPaint

• 0x447408 GetWindowDC

• 0x44740c GrayStringA

• 0x447410 DrawTextExA

• 0x447414 DrawTextA

• 0x447418 TabbedTextOutA

• 0x44741c GetMenuItemInfoA

• 0x447420 InflateRect

• 0x447424 DestroyCursor

• 0x447428 SetCapture

• 0x44742c SetWindowRgn

• 0x447430 DrawIcon

• 0x447434 FillRect

• 0x447438 FindWindowA

• 0x44743c CreateDialogIndirectParamA

• 0x447440 GetNextDlgTabItem

• 0x447444 EndDialog

• 0x447448 ShowOwnedPopups

• 0x44744c GetMessageA

• 0x447450 TranslateMessage

• 0x447454 ValidateRect

• 0x447458 PostQuitMessage

• 0x44745c UnionRect

• 0x447460 GetDC

• 0x447464 ReleaseDC

• 0x447468 IsZoomed

• 0x44746c GetCursorPos

• 0x447470 WindowFromPoint

• 0x447474 KillTimer

• 0x447478 SetTimer

• 0x44747c ClientToScreen

• 0x447480 SetRect

• 0x447484 UnpackDDElParam

• 0x447488 ReuseDDElParam

• 0x44748c LoadMenuA

• 0x447490 DestroyMenu

• 0x447494 GetWindowThreadProcessId

• 0x447498 GetActiveWindow

• 0x44749c ReleaseCapture

• 0x4474a0 LoadAcceleratorsA

• 0x4474a4 InvalidateRect

• 0x4474a8 InsertMenuItemA

• 0x4474ac CreatePopupMenu

• 0x4474b0 SetRectEmpty

• 0x4474b4 BringWindowToTop

• 0x4474b8 SetMenu

• 0x4474bc GetDesktopWindow

• 0x4474c0 TranslateAcceleratorA

• 0x4474c4 GetMenuStringA

• 0x4474c8 AppendMenuA

• 0x4474cc InsertMenuA

• 0x4474d0 RemoveMenu

• 0x4474d4 IsWindowEnabled

• 0x4474d8 ShowWindow

• 0x4474dc SetWindowTextA

• 0x4474e0 GetTabbedTextExtentA

• 0x4474e4 SetDlgItemTextA

• 0x4474e8 SetMenuItemBitmaps

• 0x4474ec GetMenuCheckMarkDimensions

• 0x4474f0 LoadBitmapA

• 0x4474f4 ModifyMenuA

• 0x4474f8 GetMenuState

• 0x4474fc EnableMenuItem

• 0x447500 CheckMenuItem

• 0x447504 RegisterWindowMessageA

• 0x447508 LoadIconA

• 0x44750c SendDlgItemMessageA

• 0x447510 WinHelpA

• 0x447514 IsChild

• 0x447518 GetCapture

• 0x44751c SetWindowsHookExA

• 0x447520 CallNextHookEx

• 0x447524 GetClassLongA

• 0x447528 GetClassNameA

• 0x44752c SetPropA

• 0x447530 GetPropA

• 0x447534 RemovePropA

• 0x447538 GetFocus

• 0x44753c SetFocus

• 0x447540 GetWindowTextLengthA

• 0x447544 GetLastActivePopup

• 0x447548 SetActiveWindow

• 0x44754c DispatchMessageA

• 0x447550 BeginDeferWindowPos

• 0x447554 EndDeferWindowPos

• 0x447558 GetDlgItem

• 0x44755c GetTopWindow

• 0x447560 DestroyWindow

• 0x447564 UnhookWindowsHookEx

• 0x447568 GetMessageTime

• 0x44756c GetMessagePos

• 0x447570 PeekMessageA

• 0x447574 MapWindowPoints

• 0x447578 ScrollWindow

• 0x44757c TrackPopupMenu

• 0x447580 GetKeyState

• 0x447584 EnableWindow

• 0x447588 GetSystemMenu

• 0x44758c UpdateWindow

• 0x447590 SendMessageA

• 0x447594 IsIconic

• 0x447598 GetParent

• 0x44759c IsWindow

• 0x4475a0 SetScrollRange

• 0x4475a4 GetScrollRange

• 0x4475a8 SetScrollPos

• 0x4475ac GetScrollPos

• 0x4475b0 SetForegroundWindow

• 0x4475b4 ShowScrollBar

• 0x4475b8 IsWindowVisible

• 0x4475bc GetClientRect

• 0x4475c0 GetMenu

• 0x4475c4 PostMessageA

• 0x4475c8 GetSubMenu

• 0x4475cc GetMenuItemID

• 0x4475d0 GetMenuItemCount

• 0x4475d4 MessageBoxA

• 0x4475d8 CreateWindowExA

• 0x4475dc GetClassInfoExA

• 0x4475e0 PostThreadMessageA

• 0x4475e4 CreateMenu

• 0x4475e8 DestroyIcon

• 0x4475ec LockWindowUpdate

• 0x4475f0 GetDCEx

• 0x4475f4 SetParent

• 0x4475f8 IsDialogMessageA

• 0x4475fc DeleteMenu

• 0x447600 GetWindowTextA

• 0x447604 GetForegroundWindow

• 0x447608 GetSystemMetrics

• 0x44760c SetCursor

• 0x447610 LoadCursorA

• 0x447614 CharUpperA

• 0x447618 GetWindow

• 0x44761c GetWindowRect

• 0x447620 GetWindowPlacement

• 0x447624 SystemParametersInfoA

• 0x447628 IntersectRect

• 0x44762c OffsetRect

• 0x447630 SetWindowPos

• 0x447634 SetWindowLongA

• 0x447638 GetWindowLongA

• 0x44763c CallWindowProcA

• 0x447640 DefWindowProcA

• 0x447644 GetDlgCtrlID

• 0x447648 PtInRect

• 0x44764c SetScrollInfo

• 0x447650 GetScrollInfo

• 0x447654 CopyRect

• 0x447658 DeferWindowPos

• 0x44765c EqualRect

• 0x447660 ScreenToClient

• 0x447664 AdjustWindowRectEx

• 0x447668 GetSysColor

• 0x44766c RegisterClassA

• 0x447670 GetClassInfoA

• 0x447674 IsRectEmpty

Library GDI32.dll:

• 0x447040 SelectClipRgn

• 0x447044 CreateRectRgn

• 0x447048 GetViewportExtEx

• 0x44704c GetWindowExtEx

• 0x447050 GetPixel

• 0x447054 PtVisible

• 0x447058 RectVisible

• 0x44705c TextOutA

• 0x447060 Escape

• 0x447064 SetViewportOrgEx

• 0x447068 OffsetViewportOrgEx

• 0x44706c SetViewportExtEx

• 0x447070 ScaleViewportExtEx

• 0x447074 SetWindowOrgEx

• 0x447078 SetWindowExtEx

• 0x44707c ScaleWindowExtEx

• 0x447080 GetCurrentPositionEx

• 0x447084 CreatePatternBrush

• 0x447088 CreateSolidBrush

• 0x44708c CreateRectRgnIndirect

• 0x447090 SetRectRgn

• 0x447094 CombineRgn

• 0x447098 GetNearestColor

• 0x44709c GetBkMode

• 0x4470a0 GetPolyFillMode

• 0x4470a4 GetROP2

• 0x4470a8 GetStretchBltMode

• 0x4470ac GetTextAlign

• 0x4470b0 GetTextFaceA

• 0x4470b4 GetWindowOrgEx

• 0x4470b8 SetTextAlign

• 0x4470bc MoveToEx

• 0x4470c0 LineTo

• 0x4470c4 IntersectClipRect

• 0x4470c8 ExcludeClipRect

• 0x4470cc SetMapMode

• 0x4470d0 SetStretchBltMode

• 0x4470d4 SetROP2

• 0x4470d8 SetPolyFillMode

• 0x4470dc SetBkMode

• 0x4470e0 SaveDC

• 0x4470e4 ExtTextOutA

• 0x4470e8 BitBlt

• 0x4470ec CreateFontIndirectA

• 0x4470f0 PatBlt

• 0x4470f4 Rectangle

• 0x4470f8 GetViewportOrgEx

• 0x4470fc CreatePen

• 0x447100 Ellipse

• 0x447104 LPtoDP

• 0x447108 CreateEllipticRgn

• 0x44710c EndDoc

• 0x447110 AbortDoc

• 0x447114 SetAbortProc

• 0x447118 EndPage

• 0x44711c StartPage

• 0x447120 StartDocA

• 0x447124 DPtoLP

• 0x447128 StretchDIBits

• 0x44712c DeleteDC

• 0x447130 CreateFontA

• 0x447134 GetCharWidthA

• 0x447138 DeleteObject

• 0x44713c GetTextExtentPoint32A

• 0x447140 GetTextMetricsA

• 0x447144 SelectObject

• 0x447148 CreateCompatibleDC

• 0x44714c CreateCompatibleBitmap

• 0x447150 CreateDCA

• 0x447154 GetTextColor

• 0x447158 GetBkColor

• 0x44715c GetDeviceCaps

• 0x447160 GetStockObject

• 0x447164 CreateBitmap

• 0x447168 GetObjectA

• 0x44716c SetBkColor

• 0x447170 SetTextColor

• 0x447174 GetClipBox

• 0x447178 RestoreDC

Library comdlg32.dll:

• 0x447690 GetFileTitleA

Library WINSPOOL.DRV:

• 0x44767c DocumentPropertiesA

• 0x447680 OpenPrinterA

• 0x447684 GetJobA

• 0x447688 ClosePrinter

Library ADVAPI32.dll:

• 0x447000 GetFileSecurityA

• 0x447004 SetFileSecurityA

• 0x447008 RegDeleteValueA

• 0x44700c RegSetValueExA

• 0x447010 RegCreateKeyExA

• 0x447014 RegQueryValueA

• 0x447018 RegEnumKeyA

• 0x44701c RegDeleteKeyA

• 0x447020 RegOpenKeyExA

• 0x447024 RegQueryValueExA

• 0x447028 RegOpenKeyA

• 0x44702c RegSetValueA

• 0x447030 RegCloseKey

• 0x447034 CryptAcquireContextA

• 0x447038 RegCreateKeyA

Library SHELL32.dll:

• 0x4473c8 DragQueryFileA

• 0x4473cc ExtractIconA

• 0x4473d0 SHGetFileInfoA

• 0x4473d4 DragFinish

Library SHLWAPI.dll:

• 0x4473dc PathFindFileNameA

• 0x4473e0 PathStripToRootA

• 0x4473e4 PathFindExtensionA

• 0x4473e8 PathIsUNCA

Library ole32.dll:

• 0x447698 OleDestroyMenuDescriptor

• 0x44769c OleCreateMenuDescriptor

• 0x4476a0 IsAccelerator

• 0x4476a4 OleTranslateAccelerator

Library OLEAUT32.dll:

• 0x4473a8 VariantClear

• 0x4473ac VariantChangeType

• 0x4473b0 VariantInit

• 0x4473b4 SysAllocStringLen

• 0x4473b8 SysFreeString

• 0x4473bc SysStringLen

• 0x4473c0 SysAllocString

Hosts

No hosts contacted.

DNS

Name	Response	Post-Analysis Lookup
time.windows.com	A 20.189.79.72 CNAME time.microsoft.akadns.net
dns.msftncsi.com	AAAA fd3e:4f5a:5b81::1	131.107.255.255
dns.msftncsi.com	A 131.107.255.255	131.107.255.255
teredo.ipv6.microsoft.com		127.0.0.1

TCP

No TCP connections recorded.

UDP

Source	Source Port	Destination	Destination Port
192.168.56.101	50534	114.114.114.114	53
192.168.56.101	51808	114.114.114.114	53
192.168.56.101	56539	114.114.114.114	53
192.168.56.101	58367	114.114.114.114	53
192.168.56.101	63429	114.114.114.114	53
192.168.56.101	65004	114.114.114.114	53
192.168.56.101	137	192.168.56.255	137
192.168.56.101	138	192.168.56.255	138
192.168.56.101	123	20.189.79.72 time.windows.com	123
192.168.56.101	49235	224.0.0.252	5355
192.168.56.101	51378	224.0.0.252	5355
192.168.56.101	51963	224.0.0.252	5355
192.168.56.101	56804	224.0.0.252	5355
192.168.56.101	62191	224.0.0.252	5355
192.168.56.101	1900	239.255.255.250	1900
192.168.56.101	51809	239.255.255.250	3702
192.168.56.101	51811	239.255.255.250	3702
192.168.56.101	56540	239.255.255.250	3702
192.168.56.101	56807	239.255.255.250	1900
192.168.56.101	58707	239.255.255.250	3702

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.

Sorry! No dropped buffers.