5.8
高危
43 个模型检测该样本为恶意!
重新分析
更多

4441b53d65cdff5f84cb103edcbf80dc371325423db283a474478404804e0a81

bdb58f2de2b3b980a3495bc41d361701.exe

分析耗时

47s

最近分析

文件大小

1.6MB
静态报毒 动态报毒 AI SCORE=84 ARTEMIS CALM GDSDA GENCIRC HIGH CONFIDENCE HSNRXL JNH40BQGUPQ NPWL6UGRDXF PIGUJ PROPAGATE TROJANPSW TROJANX UNSAFE WACATAC YMACCO ZUSY 更多
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
CrowdStrike 20190702 1.0
Alibaba TrojanPSW:Win32/Propagate.84f8cc73 20190527 0.3.0.5
Baidu 20190318 1.0.0.2
Avast Win32:TrojanX-gen [Trj] 20201027 18.4.3895.0
Tencent Malware.Win32.Gencirc.11ac497a 20201027 1.0.0.1
Kingsoft 20201027 2013.8.14.323
McAfee Artemis!BDB58F2DE2B3 20201026 6.0.6.653
静态指标
Checks if process is being debugged by a debugger (1 个事件)
Time & API Arguments Status Return Repeated
1620912060.731874
IsDebuggerPresent
failed 0 0
Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available (1 个事件)
Time & API Arguments Status Return Repeated
1620912039.481874
GlobalMemoryStatusEx
success 1 0
行为判定
动态指标
Steals private information from local Internet browsers (1 个事件)
file C:\Users\Administrator.Oskar-PC\AppData\Local\Google\Chrome\User Data\Default\Cookies
Foreign language identified in PE resource (50 out of 64 个事件)
name RT_CURSOR language LANG_CHINESE offset 0x001a2a28 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000134
name RT_CURSOR language LANG_CHINESE offset 0x001a2a28 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000134
name RT_CURSOR language LANG_CHINESE offset 0x001a2a28 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000134
name RT_CURSOR language LANG_CHINESE offset 0x001a2a28 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000134
name RT_CURSOR language LANG_CHINESE offset 0x001a2a28 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000134
name RT_CURSOR language LANG_CHINESE offset 0x001a2a28 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000134
name RT_CURSOR language LANG_CHINESE offset 0x001a2a28 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000134
name RT_CURSOR language LANG_CHINESE offset 0x001a2a28 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000134
name RT_CURSOR language LANG_CHINESE offset 0x001a2a28 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000134
name RT_CURSOR language LANG_CHINESE offset 0x001a2a28 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000134
name RT_CURSOR language LANG_CHINESE offset 0x001a2a28 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000134
name RT_CURSOR language LANG_CHINESE offset 0x001a2a28 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000134
name RT_CURSOR language LANG_CHINESE offset 0x001a2a28 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000134
name RT_CURSOR language LANG_CHINESE offset 0x001a2a28 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000134
name RT_CURSOR language LANG_CHINESE offset 0x001a2a28 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000134
name RT_CURSOR language LANG_CHINESE offset 0x001a2a28 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000134
name RT_BITMAP language LANG_CHINESE offset 0x001a2d50 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000144
name RT_BITMAP language LANG_CHINESE offset 0x001a2d50 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000144
name RT_ICON language LANG_CHINESE offset 0x001a1058 filetype GLS_BINARY_LSB_FIRST sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000468
name RT_ICON language LANG_CHINESE offset 0x001a1058 filetype GLS_BINARY_LSB_FIRST sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000468
name RT_ICON language LANG_CHINESE offset 0x001a1058 filetype GLS_BINARY_LSB_FIRST sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000468
name RT_ICON language LANG_CHINESE offset 0x001a1058 filetype GLS_BINARY_LSB_FIRST sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000468
name RT_ICON language LANG_CHINESE offset 0x001a1058 filetype GLS_BINARY_LSB_FIRST sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000468
name RT_ICON language LANG_CHINESE offset 0x001a1058 filetype GLS_BINARY_LSB_FIRST sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000468
name RT_ICON language LANG_CHINESE offset 0x001a1058 filetype GLS_BINARY_LSB_FIRST sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000468
name RT_ICON language LANG_CHINESE offset 0x001a1058 filetype GLS_BINARY_LSB_FIRST sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000468
name RT_ICON language LANG_CHINESE offset 0x001a1058 filetype GLS_BINARY_LSB_FIRST sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000468
name RT_ICON language LANG_CHINESE offset 0x001a1058 filetype GLS_BINARY_LSB_FIRST sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000468
name RT_ICON language LANG_CHINESE offset 0x001a1058 filetype GLS_BINARY_LSB_FIRST sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000468
name RT_ICON language LANG_CHINESE offset 0x001a1058 filetype GLS_BINARY_LSB_FIRST sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000468
name RT_ICON language LANG_CHINESE offset 0x001a1058 filetype GLS_BINARY_LSB_FIRST sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000468
name RT_DIALOG language LANG_CHINESE offset 0x001a2c60 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000034
name RT_DIALOG language LANG_CHINESE offset 0x001a2c60 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000034
name RT_DIALOG language LANG_CHINESE offset 0x001a2c60 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000034
name RT_STRING language LANG_CHINESE offset 0x001a37a0 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x000001a6
name RT_STRING language LANG_CHINESE offset 0x001a37a0 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x000001a6
name RT_STRING language LANG_CHINESE offset 0x001a37a0 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x000001a6
name RT_STRING language LANG_CHINESE offset 0x001a37a0 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x000001a6
name RT_STRING language LANG_CHINESE offset 0x001a37a0 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x000001a6
name RT_STRING language LANG_CHINESE offset 0x001a37a0 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x000001a6
name RT_STRING language LANG_CHINESE offset 0x001a37a0 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x000001a6
name RT_STRING language LANG_CHINESE offset 0x001a37a0 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x000001a6
name RT_STRING language LANG_CHINESE offset 0x001a37a0 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x000001a6
name RT_STRING language LANG_CHINESE offset 0x001a37a0 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x000001a6
name RT_STRING language LANG_CHINESE offset 0x001a37a0 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x000001a6
name RT_STRING language LANG_CHINESE offset 0x001a37a0 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x000001a6
name RT_STRING language LANG_CHINESE offset 0x001a37a0 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x000001a6
name RT_GROUP_CURSOR language LANG_CHINESE offset 0x001a2b60 filetype Lotus unknown worksheet or configuration, revision 0x1 sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000014
name RT_GROUP_CURSOR language LANG_CHINESE offset 0x001a2b60 filetype Lotus unknown worksheet or configuration, revision 0x1 sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000014
name RT_GROUP_CURSOR language LANG_CHINESE offset 0x001a2b60 filetype Lotus unknown worksheet or configuration, revision 0x1 sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000014
The binary likely contains encrypted or compressed data indicative of a packer (1 个事件)
entropy 6.813291477730317 section {'size_of_data': '0x00013a00', 'virtual_address': '0x00190000', 'entropy': 6.813291477730317, 'name': '.rsrc', 'virtual_size': '0x00013948'} description A section with a high entropy has been found
网络通信
Communicates with host for which no DNS query was performed (2 个事件)
host 103.91.210.187
host 172.217.24.14
Generates some ICMP traffic
File has been identified by 43 AntiVirus engines on VirusTotal as malicious (43 个事件)
Elastic malicious (high confidence)
MicroWorld-eScan Gen:Variant.Zusy.302013
FireEye Gen:Variant.Zusy.302013
CAT-QuickHeal Trojan.Wacatac
ALYac Gen:Variant.Zusy.302013
Cylance Unsafe
Sangfor Malware
Alibaba TrojanPSW:Win32/Propagate.84f8cc73
K7GW Trojan ( 00567a251 )
K7AntiVirus Trojan ( 00567a251 )
Arcabit Trojan.Zusy.D49BBD
Cyren W32/Trojan.CALM-4080
Symantec Trojan.Gen.2
APEX Malicious
Paloalto generic.ml
Kaspersky Trojan.Win32.Propagate.omo
BitDefender Gen:Variant.Zusy.302013
NANO-Antivirus Trojan.Win32.Propagate.hsnrxl
AegisLab Trojan.Win32.Propagate.4!c
Avast Win32:TrojanX-gen [Trj]
Tencent Malware.Win32.Gencirc.11ac497a
Ad-Aware Gen:Variant.Zusy.302013
VIPRE Trojan.Win32.Generic!BT
Invincea Mal/Generic-S
McAfee-GW-Edition Artemis!Trojan
Sophos Mal/Generic-S
Ikarus Trojan-PSW.Agent
Jiangmin Trojan.Propagate.bzk
Webroot W32.Trojan.Gen
Avira TR/PSW.Agent.piguj
Microsoft Trojan:Win32/Ymacco.AA44
ZoneAlarm Trojan.Win32.Propagate.omo
GData Gen:Variant.Zusy.302013
McAfee Artemis!BDB58F2DE2B3
MAX malware (ai score=84)
VBA32 Trojan.Propagate
ESET-NOD32 a variant of Win32/PSW.Agent.OJK
Rising Stealer.Agent!8.C2 (TFE:5:nPwl6uGRdXF)
Yandex Trojan.PWS.Agent!jnh40bQGUpQ
Fortinet W32/Agent.OJK!tr
AVG Win32:TrojanX-gen [Trj]
Panda Trj/GdSda.A
Qihoo-360 Win32/Trojan.fc8
Connects to IP addresses that are no longer responding to requests (legitimate services will remain up-and-running usually) (6 个事件)
dead_host 192.168.56.101:49181
dead_host 192.168.56.101:49179
dead_host 192.168.56.101:49178
dead_host 192.168.56.101:49177
dead_host 103.91.210.187:886
dead_host 192.168.56.101:49176
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

2020-08-19 09:59:34

Imports

Library KERNEL32.dll:
0x5440c4 FindFirstFileW
0x5440c8 FlushFileBuffers
0x5440cc GetFullPathNameW
0x5440d0 LockFile
0x5440d4 ReadFile
0x5440d8 SetFilePointer
0x5440dc UnlockFile
0x5440e0 DuplicateHandle
0x5440e4 GetFileAttributesW
0x5440ec GetFileSizeEx
0x5440f0 GetFileTime
0x5440f4 SetErrorMode
0x5440f8 GetCommandLineW
0x5440fc IsDebuggerPresent
0x544104 GetCPInfo
0x544110 RtlUnwind
0x544114 GetModuleHandleExW
0x544118 AreFileApisANSI
0x54411c ExitThread
0x544124 SetStdHandle
0x544128 GetFileType
0x54412c VirtualAlloc
0x544130 VirtualProtect
0x544134 GetStdHandle
0x544138 GetStartupInfoW
0x544150 TerminateProcess
0x544154 CreateSemaphoreW
0x544158 IsValidCodePage
0x54415c GetOEMCP
0x544160 SetFilePointerEx
0x544164 GetConsoleMode
0x544168 ReadConsoleW
0x54416c GetStringTypeW
0x544170 GetConsoleCP
0x544174 OutputDebugStringW
0x544178 IsValidLocale
0x54417c GetUserDefaultLCID
0x544180 EnumSystemLocalesW
0x544184 GlobalFlags
0x544188 DeleteFileW
0x54418c LCMapStringW
0x544194 WriteConsoleW
0x544198 GetFullPathNameA
0x5441a0 UnregisterWaitEx
0x5441a4 QueryDepthSList
0x5441b4 InitializeSListHead
0x5441b8 ReleaseSemaphore
0x5441bc VirtualFree
0x5441c4 UnregisterWait
0x5441e8 GetThreadPriority
0x5441ec SwitchToThread
0x5441f0 SignalObjectAndWait
0x5441f4 CreateTimerQueue
0x544200 GetLocaleInfoW
0x544204 LoadLibraryExA
0x544208 GetThreadTimes
0x54420c DeleteFileA
0x544210 GetTempPathA
0x544214 GetVersionExA
0x544218 GetDiskFreeSpaceA
0x54421c CreateFileMappingW
0x544220 CreateFileMappingA
0x544224 GetDiskFreeSpaceW
0x544228 LockFileEx
0x54422c HeapValidate
0x544230 HeapCreate
0x544234 GetFileAttributesA
0x544238 FormatMessageA
0x54423c UnlockFileEx
0x544244 FlushViewOfFile
0x54424c UnmapViewOfFile
0x544250 MapViewOfFile
0x544258 HeapCompact
0x54425c CreateFileA
0x544260 lstrlenA
0x544268 CompareStringW
0x54426c LocalReAlloc
0x544270 GlobalHandle
0x544274 GlobalReAlloc
0x544278 TlsFree
0x54427c TlsSetValue
0x544280 TlsGetValue
0x544284 TlsAlloc
0x544294 GetCurrentProcessId
0x544298 SetThreadPriority
0x54429c CreateEventW
0x5442a0 SetEvent
0x5442ac lstrcmpA
0x5442b0 GetCurrentThread
0x5442b4 FormatMessageW
0x5442b8 MulDiv
0x5442bc GlobalFree
0x5442c0 GlobalUnlock
0x5442c4 GlobalLock
0x5442c8 GlobalAlloc
0x5442cc GlobalFindAtomW
0x5442d0 GlobalAddAtomW
0x5442d4 GlobalDeleteAtom
0x5442d8 LoadLibraryExW
0x5442dc FreeResource
0x5442e0 FreeLibrary
0x5442e4 GetCurrentThreadId
0x5442e8 EncodePointer
0x5442ec GetThreadLocale
0x5442f0 LoadLibraryW
0x5442f4 GetModuleHandleA
0x5442f8 SetLastError
0x5442fc OutputDebugStringA
0x544300 GetACP
0x544308 LocalFree
0x54430c LocalAlloc
0x544314 GetSystemDirectoryW
0x544318 FindClose
0x54431c lstrcmpW
0x544320 Sleep
0x544324 GetModuleFileNameW
0x54432c MultiByteToWideChar
0x544330 WideCharToMultiByte
0x544338 DecodePointer
0x544340 HeapSize
0x544344 RaiseException
0x54434c HeapDestroy
0x544354 GetProcessHeap
0x544358 HeapFree
0x54435c HeapAlloc
0x544360 HeapReAlloc
0x544364 ExitProcess
0x544368 CreateMutexW
0x54436c GetSystemTime
0x544370 lstrcatW
0x544374 WriteFile
0x544378 GetLastError
0x54437c CreateFileW
0x544380 SetEndOfFile
0x544384 CloseHandle
0x544388 GetTempPathW
0x54438c GetVersionExW
0x544390 GetSystemInfo
0x544394 GetModuleFileNameA
0x544398 GetTickCount
0x54439c FindResourceW
0x5443a0 LoadResource
0x5443a4 LockResource
0x5443a8 SizeofResource
0x5443b0 CopyFileW
0x5443b4 GetFileSize
0x5443b8 GetCurrentProcess
0x5443bc TerminateThread
0x5443c0 WaitForSingleObject
0x5443c4 CreateThread
0x5443c8 LoadLibraryA
0x5443cc VirtualQuery
0x5443d0 GetProcAddress
0x5443d4 GetModuleHandleW
Library USER32.dll:
0x54445c IsDialogMessageW
0x544460 SetWindowTextW
0x544464 IsWindowEnabled
0x544468 MoveWindow
0x54446c ShowWindow
0x544470 LoadBitmapW
0x544474 SetMenuItemInfoW
0x54447c SetMenuItemBitmaps
0x544480 EnableMenuItem
0x544484 CheckMenuItem
0x544488 GetMonitorInfoW
0x54448c MonitorFromWindow
0x544490 WinHelpW
0x544494 CallNextHookEx
0x544498 UnhookWindowsHookEx
0x54449c SetWindowsHookExW
0x5444a0 GetLastActivePopup
0x5444a4 GetClassNameW
0x5444a8 GetClassLongW
0x5444ac SetWindowLongW
0x5444b0 EqualRect
0x5444b4 GetSysColor
0x5444b8 MapWindowPoints
0x5444bc ScreenToClient
0x5444c0 MessageBoxW
0x5444c4 AdjustWindowRectEx
0x5444c8 GetWindowRect
0x5444cc EnableWindow
0x5444d0 MessageBoxA
0x5444d4 LoadIconW
0x5444d8 GetWindowTextW
0x5444dc RemovePropW
0x5444e0 GetPropW
0x5444e4 SetPropW
0x5444e8 GrayStringW
0x5444ec ValidateRect
0x5444f0 SetForegroundWindow
0x5444f4 GetForegroundWindow
0x5444f8 PostQuitMessage
0x544500 MapDialogRect
0x544504 GetMessageW
0x544508 TranslateMessage
0x54450c SetActiveWindow
0x544510 UpdateWindow
0x544514 GetActiveWindow
0x544518 GetCursorPos
0x54451c SetCursor
0x544528 EndDialog
0x54452c GetNextDlgTabItem
0x544530 GetDesktopWindow
0x544534 DrawTextW
0x544538 GetTopWindow
0x54453c DrawTextExW
0x544540 SendMessageW
0x544544 IsIconic
0x544548 GetSystemMetrics
0x54454c GetClientRect
0x544550 DrawIcon
0x544554 UnregisterClassW
0x544558 SendDlgItemMessageA
0x54455c GetParent
0x544560 IsWindow
0x544564 GetDlgItem
0x544568 GetDlgCtrlID
0x54456c CharNextW
0x544570 CopyRect
0x544574 OffsetRect
0x544578 PtInRect
0x54457c GetWindowLongW
0x544580 GetWindow
0x544588 DispatchMessageW
0x54458c TabbedTextOutW
0x544590 GetDC
0x544594 GetWindowDC
0x544598 PeekMessageW
0x54459c GetMessagePos
0x5445a0 GetMessageTime
0x5445a4 PostMessageW
0x5445a8 DefWindowProcW
0x5445ac CallWindowProcW
0x5445b0 RegisterClassW
0x5445b4 GetClassInfoW
0x5445b8 GetClassInfoExW
0x5445bc CreateWindowExW
0x5445c0 IsChild
0x5445c4 DestroyWindow
0x5445c8 SetWindowPos
0x5445cc IsWindowVisible
0x5445d0 SetFocus
0x5445d4 GetFocus
0x5445d8 GetKeyState
0x5445dc GetCapture
0x5445e0 GetMenu
0x5445e4 SetMenu
0x5445e8 ReleaseDC
0x5445ec BeginPaint
0x5445f0 EndPaint
0x5445f4 ClientToScreen
0x5445f8 SetCapture
0x5445fc ReleaseCapture
0x544604 InvalidateRect
0x544608 InvalidateRgn
0x54460c SetRect
0x544610 IntersectRect
0x544614 IsRectEmpty
0x544618 DestroyMenu
0x54461c GetSysColorBrush
0x544620 LoadCursorW
0x544628 SetTimer
0x54462c KillTimer
0x544630 GetNextDlgGroupItem
0x544634 PostThreadMessageW
0x544638 MessageBeep
0x54463c GetSubMenu
0x544640 GetMenuItemID
0x544644 GetMenuItemCount
0x54464c CharUpperW
0x544650 RedrawWindow
Library GDI32.dll:
0x544038 GetClipBox
0x54403c GetViewportExtEx
0x544040 GetWindowExtEx
0x544044 PtVisible
0x544048 RectVisible
0x54404c RestoreDC
0x544050 SaveDC
0x544054 ExtSelectClipRgn
0x544058 SelectObject
0x54405c SetMapMode
0x544060 Escape
0x544064 TextOutW
0x544068 ExtTextOutW
0x54406c SetViewportExtEx
0x544070 SetViewportOrgEx
0x544074 SetWindowExtEx
0x544078 OffsetViewportOrgEx
0x54407c ScaleViewportExtEx
0x544080 ScaleWindowExtEx
0x544088 GetRgnBox
0x54408c GetMapMode
0x544090 CreateBitmap
0x544094 SetTextColor
0x544098 SetBkColor
0x54409c GetObjectW
0x5440a0 GetTextColor
0x5440a4 GetStockObject
0x5440a8 DeleteObject
0x5440ac GetDeviceCaps
0x5440b0 DeleteDC
0x5440b4 GetBkColor
Library WINSPOOL.DRV:
0x544668 ClosePrinter
0x54466c OpenPrinterW
0x544670 DocumentPropertiesW
Library ADVAPI32.dll:
0x544000 RegEnumValueW
0x544004 RegQueryValueW
0x544008 RegEnumKeyW
0x54400c RegDeleteKeyW
0x544010 RegCreateKeyW
0x544014 RegDeleteValueW
0x544018 RegQueryValueExW
0x54401c RegOpenKeyExW
0x544020 RegCloseKey
0x544024 RegSetValueExW
0x544028 RegCreateKeyExW
Library SHELL32.dll:
0x54443c ShellExecuteW
Library COMCTL32.dll:
Library SHLWAPI.dll:
0x544444 StrStrIA
0x544448 PathFindExtensionW
0x54444c PathIsUNCW
0x544450 PathStripToRootW
0x544454 PathFindFileNameW
Library ole32.dll:
0x54468c CoGetClassObject
0x544690 CLSIDFromProgID
0x544694 CLSIDFromString
0x544698 CoCreateGuid
0x5446a0 CoTaskMemFree
0x5446a4 CoTaskMemAlloc
0x5446a8 OleRun
0x5446ac CoInitializeEx
0x5446b0 CoUninitialize
0x5446b4 CoCreateInstance
0x5446b8 CoInitialize
0x5446bc OleUninitialize
0x5446c0 OleInitialize
0x5446c4 CoRevokeClassObject
0x5446c8 OleFlushClipboard
Library OLEAUT32.dll:
0x5443f4 SafeArrayDestroy
0x544400 SysStringLen
0x544404 VariantChangeType
0x54440c SysAllocStringLen
0x544410 SafeArrayPutElement
0x544414 SafeArrayCreate
0x544418 SysAllocString
0x54441c VariantClear
0x544420 VariantCopy
0x544424 VariantInit
0x544428 SysFreeString
0x54442c GetErrorInfo
Library oledlg.dll:
0x5446d8 OleUIBusyW
Library IPHLPAPI.DLL:
0x5440bc GetAdaptersInfo
Library NETAPI32.dll:
0x5443dc NetApiBufferFree
0x5443e0 NetWkstaGetInfo
Library d3d9.dll:
0x544678 Direct3DCreate9
Library VERSION.dll:
0x544658 VerQueryValueW
0x54465c GetFileVersionInfoW
Library QUARTZ.dll:
0x544434 AMGetErrorTextW
Library OLEACC.dll:
0x5443ec LresultFromObject

Hosts

No hosts contacted.

TCP

Source Source Port Destination Destination Port
192.168.56.101 49180 88.99.66.31 iplogger.org 443
192.168.56.101 49182 88.99.66.31 iplogger.org 443
192.168.56.101 49183 88.99.66.31 iplogger.org 443

UDP

Source Source Port Destination Destination Port
192.168.56.101 49713 114.114.114.114 53
192.168.56.101 50002 114.114.114.114 53
192.168.56.101 50568 114.114.114.114 53
192.168.56.101 53657 114.114.114.114 53
192.168.56.101 60384 114.114.114.114 53
192.168.56.101 61680 114.114.114.114 53
192.168.56.101 62318 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 123 20.189.79.72 time.windows.com 123
192.168.56.101 49235 224.0.0.252 5355
192.168.56.101 50534 224.0.0.252 5355
192.168.56.101 51808 224.0.0.252 5355
192.168.56.101 51963 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 57756 224.0.0.252 5355
192.168.56.101 57874 224.0.0.252 5355
192.168.56.101 62191 224.0.0.252 5355
192.168.56.101 63429 224.0.0.252 5355
192.168.56.101 1900 239.255.255.250 1900

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.