SmartHawk

4.4

中危

51 个模型检测该样本为恶意！

重新分析

下载样本

b255b78c32321356d90e1139c02c8d54e8a3e68ab59189e4dabe34751565df0b

bdbc8bf7cc6e7898a7c900c2ed6d8619.exe

分析耗时

94s

最近分析

文件大小

901.5KB

静态报毒动态报毒 100% A VARIANT OF GENERIK AI SCORE=83 BAZAR CONFIDENCE EMOTET GEGQ GENERICKD HIGH CONFIDENCE HMSRZLD HSDZJZ MALWARE@#3342IGCGHMMBC MANSABO PJNO POSSIBLETHREAT SCORE SHELMA TCLZK TRICKBOT UNSAFE USXVPHH20 WACATAC 更多

未检测暂无鹰眼引擎检测结果

查杀引擎	查杀结果	查杀时间	查杀版本
McAfee	RDN/Generic.dx	20201029	6.0.6.653
Alibaba	Trojan:Win32/Mansabo.3ba8fb09	20190527	0.3.0.5
CrowdStrike	win/malicious_confidence_100% (W)	20190702	1.0
Baidu		20190318	1.0.0.2
Avast	Win64:Malware-gen	20201029	18.4.3895.0
Tencent	Win32.Trojan.Mansabo.Pjno	20201029	1.0.0.1
Kingsoft		20201029	2013.8.14.323

Allocates read-write-execute memory (usually to unpack itself) (2 个事件)

Time & API	Arguments	Status	Return	Repeated
1619891653.413645 NtAllocateVirtualMemory	process_identifier: 2436 region_size: 151552 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffffffffffff allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) base_address: 0x0000000001f90000	success	0	0
1619891653.725645 NtProtectVirtualMemory	process_identifier: 2436 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffffffffffff base_address: 0x0000000077ba1000	success	0	0

Foreign language identified in PE resource (50 out of 64 个事件)

name

RT_CURSOR

language

LANG_CHINESE

offset

0x000c1e8c

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x00000134

name

RT_CURSOR

language

LANG_CHINESE

offset

0x000c1e8c

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x00000134

name

RT_CURSOR

language

LANG_CHINESE

offset

0x000c1e8c

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x00000134

name

RT_CURSOR

language

LANG_CHINESE

offset

0x000c1e8c

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x00000134

name

RT_CURSOR

language

LANG_CHINESE

offset

0x000c1e8c

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x00000134

name

RT_CURSOR

language

LANG_CHINESE

offset

0x000c1e8c

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x00000134

name

RT_CURSOR

language

LANG_CHINESE

offset

0x000c1e8c

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x00000134

name

RT_CURSOR

language

LANG_CHINESE

offset

0x000c1e8c

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x00000134

name

RT_CURSOR

language

LANG_CHINESE

offset

0x000c1e8c

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x00000134

name

RT_CURSOR

language

LANG_CHINESE

offset

0x000c1e8c

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x00000134

name

RT_CURSOR

language

LANG_CHINESE

offset

0x000c1e8c

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x00000134

name

RT_CURSOR

language

LANG_CHINESE

offset

0x000c1e8c

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x00000134

name

RT_CURSOR

language

LANG_CHINESE

offset

0x000c1e8c

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x00000134

name

RT_CURSOR

language

LANG_CHINESE

offset

0x000c1e8c

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x00000134

name

RT_CURSOR

language

LANG_CHINESE

offset

0x000c1e8c

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x00000134

name

RT_CURSOR

language

LANG_CHINESE

offset

0x000c1e8c

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x00000134

name

RT_BITMAP

language

LANG_CHINESE

offset

0x000c25a0

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x00000144

name

RT_BITMAP

language

LANG_CHINESE

offset

0x000c25a0

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x00000144

name

RT_BITMAP

language

LANG_CHINESE

offset

0x000c25a0

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x00000144

name

RT_ICON

language

LANG_CHINESE

offset

0x000e9a3c

filetype

GLS_BINARY_LSB_FIRST

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x00000468

name

RT_ICON

language

LANG_CHINESE

offset

0x000e9a3c

filetype

GLS_BINARY_LSB_FIRST

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x00000468

name

RT_ICON

language

LANG_CHINESE

offset

0x000e9a3c

filetype

GLS_BINARY_LSB_FIRST

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x00000468

name

RT_ICON

language

LANG_CHINESE

offset

0x000e9a3c

filetype

GLS_BINARY_LSB_FIRST

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x00000468

name

RT_ICON

language

LANG_CHINESE

offset

0x000e9a3c

filetype

GLS_BINARY_LSB_FIRST

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x00000468

name

RT_ICON

language

LANG_CHINESE

offset

0x000e9a3c

filetype

GLS_BINARY_LSB_FIRST

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x00000468

name

RT_ICON

language

LANG_CHINESE

offset

0x000e9a3c

filetype

GLS_BINARY_LSB_FIRST

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x00000468

name

RT_ICON

language

LANG_CHINESE

offset

0x000e9a3c

filetype

GLS_BINARY_LSB_FIRST

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x00000468

name

RT_DIALOG

language

LANG_CHINESE

offset

0x000ea804

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x00000034

name

RT_DIALOG

language

LANG_CHINESE

offset

0x000ea804

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x00000034

name

RT_DIALOG

language

LANG_CHINESE

offset

0x000ea804

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x00000034

name

RT_DIALOG

language

LANG_CHINESE

offset

0x000ea804

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x00000034

name

RT_DIALOG

language

LANG_CHINESE

offset

0x000ea804

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x00000034

name

RT_DIALOG

language

LANG_CHINESE

offset

0x000ea804

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x00000034

name

RT_DIALOG

language

LANG_CHINESE

offset

0x000ea804

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x00000034

name

RT_STRING

language

LANG_CHINESE

offset

0x000eb1ec

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x00000030

name

RT_STRING

language

LANG_CHINESE

offset

0x000eb1ec

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x00000030

name

RT_STRING

language

LANG_CHINESE

offset

0x000eb1ec

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x00000030

name

RT_STRING

language

LANG_CHINESE

offset

0x000eb1ec

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x00000030

name

RT_STRING

language

LANG_CHINESE

offset

0x000eb1ec

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x00000030

name

RT_STRING

language

LANG_CHINESE

offset

0x000eb1ec

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x00000030

name

RT_STRING

language

LANG_CHINESE

offset

0x000eb1ec

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x00000030

name

RT_STRING

language

LANG_CHINESE

offset

0x000eb1ec

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x00000030

name

RT_STRING

language

LANG_CHINESE

offset

0x000eb1ec

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x00000030

name

RT_STRING

language

LANG_CHINESE

offset

0x000eb1ec

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x00000030

name

RT_STRING

language

LANG_CHINESE

offset

0x000eb1ec

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x00000030

name

RT_STRING

language

LANG_CHINESE

offset

0x000eb1ec

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x00000030

name

RT_STRING

language

LANG_CHINESE

offset

0x000eb1ec

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x00000030

name

RT_STRING

language

LANG_CHINESE

offset

0x000eb1ec

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x00000030

name

RT_GROUP_CURSOR

language

LANG_CHINESE

offset

0x000eb344

filetype

Lotus unknown worksheet or configuration, revision 0x1

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x00000014

name

RT_GROUP_CURSOR

language

LANG_CHINESE

offset

0x000eb344

filetype

Lotus unknown worksheet or configuration, revision 0x1

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x00000014

The binary likely contains encrypted or compressed data indicative of a packer (1 个事件)

entropy

7.823121467282586

section

{'size_of_data': '0x00028a00', 'virtual_address': '0x00087000', 'entropy': 7.823121467282586, 'name': '.data', 'virtual_size': '0x00030cf8'}

description

A section with a high entropy has been found

Communicates with host for which no DNS query was performed (1 个事件)

host

172.217.24.14

File has been identified by 51 AntiVirus engines on VirusTotal as malicious (50 out of 51 个事件)

Elastic	malicious (high confidence)
MicroWorld-eScan	Trojan.GenericKD.34371733
FireEye	Trojan.GenericKD.34371733
McAfee	RDN/Generic.dx
Cylance	Unsafe
Zillya	Trojan.Mansabo.Win32.1879
K7AntiVirus	Trojan ( 0056c9e11 )
Alibaba	Trojan:Win32/Mansabo.3ba8fb09
K7GW	Trojan ( 0056c9e11 )
CrowdStrike	win/malicious_confidence_100% (W)
Arcabit	Trojan.Generic.D20C7895
TrendMicro	Trojan.Win32.WACATAC.USXVPHH20
Cyren	W64/Trojan.GEGQ-4194
Symantec	Trojan.Gen.MBT
APEX	Malicious
Avast	Win64:Malware-gen
Kaspersky	Trojan.Win32.Mansabo.fnv
BitDefender	Trojan.GenericKD.34371733
NANO-Antivirus	Trojan.Win64.Mansabo.hsdzjz
Paloalto	generic.ml
AegisLab	Trojan.Win32.Mansabo.4!c
Tencent	Win32.Trojan.Mansabo.Pjno
Ad-Aware	Trojan.GenericKD.34371733
Sophos	Mal/Generic-S
Comodo	Malware@#3342igcghmmbc
F-Secure	Trojan.TR/AD.Bazar.tclzk
VIPRE	Trojan.Win32.Generic!BT
Invincea	Mal/Generic-S
McAfee-GW-Edition	RDN/Generic.dx
Emsisoft	Trojan.Agent (A)
Ikarus	Trojan.SuspectCRC
Jiangmin	Trojan.Shelma.gfq
Avira	TR/AD.Bazar.tclzk
MAX	malware (ai score=83)
Antiy-AVL	Trojan/Win32.Mansabo
Gridinsoft	Trojan.Win64.TrickBot.oa
Microsoft	Trojan:Win32/Emotet.GD!MTB
ZoneAlarm	Trojan.Win32.Mansabo.fnv
GData	Trojan.GenericKD.34371733
Cynet	Malicious (score: 85)
AhnLab-V3	Trojan/Win32.Emotet.C4183365
ALYac	Trojan.GenericKD.34371733
VBA32	Trojan.Mansabo
Malwarebytes	Trojan.TrickBot
ESET-NOD32	a variant of Generik.HMSRZLD
TrendMicro-HouseCall	Trojan.Win32.WACATAC.USXVPHH20
Fortinet	PossibleThreat.MU
AVG	Win64:Malware-gen
Cybereason	malicious.4a5aac
Panda	Trj/CI.A

Connects to IP addresses that are no longer responding to requests (legitimate services will remain up-and-running usually) (2 个事件)

dead_host	172.217.24.14:443
dead_host	172.217.160.78:443

暂无二进制图像该样本未生成二进制可视化图像

暂无运行截图该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手，可以帮您分析和解读恶意软件报告。请随时向我提问！

🔍 主要威胁分析

⚡ 行为特征

🛡️ 防护建议

🔧 技术手段

🎯 检测方法

🤖

Static Analysis
Strings

PE Compile Time

2020-08-14 18:59:44

Imports

Library KERNEL32.dll:

• 0x4621a0 GetFileTime

• 0x4621a8 GetTickCount

• 0x4621b0 RtlLookupFunctionEntry

• 0x4621b8 RtlUnwindEx

• 0x4621c0 HeapFree

• 0x4621c8 TerminateProcess

• 0x4621d0 UnhandledExceptionFilter

• 0x4621d8 SetUnhandledExceptionFilter

• 0x4621e0 IsDebuggerPresent

• 0x4621e8 RtlCaptureContext

• 0x4621f0 RaiseException

• 0x4621f8 RtlPcToFileHeader

• 0x462200 HeapAlloc

• 0x462208 HeapReAlloc

• 0x462210 VirtualProtect

• 0x462218 VirtualAlloc

• 0x462220 GetSystemInfo

• 0x462228 VirtualQuery

• 0x462230 GetCommandLineA

• 0x462238 GetProcessHeap

• 0x462240 GetStartupInfoA

• 0x462248 HeapSize

• 0x462250 FlsGetValue

• 0x462258 FlsSetValue

• 0x462260 FlsFree

• 0x462268 FlsAlloc

• 0x462270 RtlVirtualUnwind

• 0x462278 HeapSetInformation

• 0x462280 HeapCreate

• 0x462288 GetFileAttributesA

• 0x462290 GetStdHandle

• 0x462298 GetFileType

• 0x4622a0 GetConsoleCP

• 0x4622a8 GetConsoleMode

• 0x4622b0 Sleep

• 0x4622b8 GetACP

• 0x4622c0 LCMapStringA

• 0x4622c8 LCMapStringW

• 0x4622d0 FreeEnvironmentStringsA

• 0x4622d8 GetEnvironmentStrings

• 0x4622e0 FreeEnvironmentStringsW

• 0x4622e8 GetEnvironmentStringsW

• 0x4622f0 QueryPerformanceCounter

• 0x4622f8 GetSystemTimeAsFileTime

• 0x462300 GetStringTypeA

• 0x462308 GetStringTypeW

• 0x462310 GetTimeZoneInformation

• 0x462318 WriteConsoleA

• 0x462320 GetConsoleOutputCP

• 0x462328 WriteConsoleW

• 0x462330 SetStdHandle

• 0x462338 GetUserDefaultLCID

• 0x462340 EnumSystemLocalesA

• 0x462348 IsValidLocale

• 0x462350 IsValidCodePage

• 0x462358 GetLocaleInfoW

• 0x462360 SetEnvironmentVariableA

• 0x462368 FileTimeToLocalFileTime

• 0x462370 SetErrorMode

• 0x462378 CreateFileA

• 0x462380 GetFullPathNameA

• 0x462388 GetVolumeInformationA

• 0x462390 FindFirstFileA

• 0x462398 FindClose

• 0x4623a0 GetCurrentProcess

• 0x4623a8 DuplicateHandle

• 0x4623b0 GetFileSize

• 0x4623b8 SetEndOfFile

• 0x4623c0 UnlockFile

• 0x4623c8 LockFile

• 0x4623d0 FlushFileBuffers

• 0x4623d8 SetFilePointer

• 0x4623e0 WriteFile

• 0x4623e8 ReadFile

• 0x4623f0 WritePrivateProfileStringA

• 0x4623f8 FileTimeToSystemTime

• 0x462400 GetThreadLocale

• 0x462408 GetOEMCP

• 0x462410 GetCPInfo

• 0x462418 TlsFree

• 0x462420 DeleteCriticalSection

• 0x462428 LocalReAlloc

• 0x462430 TlsSetValue

• 0x462438 GlobalHandle

• 0x462440 GlobalReAlloc

• 0x462448 TlsAlloc

• 0x462450 InitializeCriticalSection

• 0x462458 EnterCriticalSection

• 0x462460 TlsGetValue

• 0x462468 LeaveCriticalSection

• 0x462470 LocalAlloc

• 0x462478 GlobalFlags

• 0x462480 GetCurrentProcessId

• 0x462488 CloseHandle

• 0x462490 GetCurrentThread

• 0x462498 ConvertDefaultLocale

• 0x4624a0 EnumResourceLanguagesA

• 0x4624a8 GetModuleFileNameA

• 0x4624b0 GetLocaleInfoA

• 0x4624b8 lstrcmpA

• 0x4624c0 GetModuleFileNameW

• 0x4624c8 GlobalAlloc

• 0x4624d0 FormatMessageA

• 0x4624d8 LocalFree

• 0x4624e0 GetCurrentThreadId

• 0x4624e8 GlobalGetAtomNameA

• 0x4624f0 GlobalAddAtomA

• 0x4624f8 GlobalFindAtomA

• 0x462500 GlobalDeleteAtom

• 0x462508 FreeLibrary

• 0x462510 lstrcmpW

• 0x462518 GetVersionExA

• 0x462520 GlobalLock

• 0x462528 GlobalUnlock

• 0x462530 GlobalFree

• 0x462538 FreeResource

• 0x462540 CompareStringW

• 0x462548 CompareStringA

• 0x462550 GetVersion

• 0x462558 MultiByteToWideChar

• 0x462560 ExitProcess

• 0x462568 lstrcpyA

• 0x462570 lstrcpynA

• 0x462578 GetWindowsDirectoryA

• 0x462580 GetLastError

• 0x462588 SetLastError

• 0x462590 GetProcAddress

• 0x462598 GetModuleHandleA

• 0x4625a0 LoadLibraryA

• 0x4625a8 MulDiv

• 0x4625b0 lstrlenA

• 0x4625b8 WideCharToMultiByte

• 0x4625c0 FindResourceA

• 0x4625c8 LoadResource

• 0x4625d0 LockResource

• 0x4625d8 SetHandleCount

• 0x4625e0 SizeofResource

• 0x4625e8 CreateFileW

Library USER32.dll:

• 0x4626a0 GetMessageA

• 0x4626a8 GetWindowThreadProcessId

• 0x4626b0 MapDialogRect

• 0x4626b8 SetWindowContextHelpId

• 0x4626c0 UnregisterClassA

• 0x4626c8 CharNextA

• 0x4626d0 CopyAcceleratorTableA

• 0x4626d8 IsRectEmpty

• 0x4626e0 SetRect

• 0x4626e8 InvalidateRgn

• 0x4626f0 MessageBeep

• 0x4626f8 RegisterClipboardFormatA

• 0x462700 PostThreadMessageA

• 0x462708 TrackPopupMenu

• 0x462710 GetKeyState

• 0x462718 SetForegroundWindow

• 0x462720 IsWindowVisible

• 0x462728 GetMenu

• 0x462730 MessageBoxA

• 0x462738 CreateWindowExA

• 0x462740 GetClassInfoExA

• 0x462748 GetClassInfoA

• 0x462750 RegisterClassA

• 0x462758 AdjustWindowRectEx

• 0x462760 ScreenToClient

• 0x462768 EqualRect

• 0x462770 GetDlgCtrlID

• 0x462778 DefWindowProcA

• 0x462780 CallWindowProcA

• 0x462788 SetWindowLongA

• 0x462790 SetWindowPos

• 0x462798 IntersectRect

• 0x4627a0 SystemParametersInfoA

• 0x4627a8 GetWindowPlacement

• 0x4627b0 GetWindow

• 0x4627b8 GetDesktopWindow

• 0x4627c0 SetActiveWindow

• 0x4627c8 CreateDialogIndirectParamA

• 0x4627d0 IsWindow

• 0x4627d8 GetDlgItem

• 0x4627e0 TranslateMessage

• 0x4627e8 GetNextDlgTabItem

• 0x4627f0 EndDialog

• 0x4627f8 SetFocus

• 0x462800 GetFocus

• 0x462808 SetParent

• 0x462810 GetTopWindow

• 0x462818 CharUpperA

• 0x462820 GetWindowLongA

• 0x462828 GetSystemMetrics

• 0x462830 LoadIconA

• 0x462838 IsIconic

• 0x462840 GetSystemMenu

• 0x462848 AppendMenuA

• 0x462850 DrawIcon

• 0x462858 UpdateWindow

• 0x462860 LoadCursorA

• 0x462868 CopyIcon

• 0x462870 GetSysColorBrush

• 0x462878 GetSysColor

• 0x462880 SetCursor

• 0x462888 ReleaseCapture

• 0x462890 GetNextDlgGroupItem

• 0x462898 WindowFromPoint

• 0x4628a0 GetParent

• 0x4628a8 SetCapture

• 0x4628b0 GetCapture

• 0x4628b8 GetActiveWindow

• 0x4628c0 InvalidateRect

• 0x4628c8 ReleaseDC

• 0x4628d0 GetDC

• 0x4628d8 ClientToScreen

• 0x4628e0 GetClientRect

• 0x4628e8 GetWindowRect

• 0x4628f0 PostMessageA

• 0x4628f8 SendMessageA

• 0x462900 SetMenuItemBitmaps

• 0x462908 ModifyMenuA

• 0x462910 GetSubMenu

• 0x462918 GetMenuState

• 0x462920 GetMenuItemID

• 0x462928 GetMenuItemCount

• 0x462930 EnableMenuItem

• 0x462938 GetCursorPos

• 0x462940 DestroyMenu

• 0x462948 ShowWindow

• 0x462950 MoveWindow

• 0x462958 SetWindowTextA

• 0x462960 CheckMenuItem

• 0x462968 DrawFocusRect

• 0x462970 DrawFrameControl

• 0x462978 DrawEdge

• 0x462980 FrameRect

• 0x462988 FillRect

• 0x462990 LoadBitmapA

• 0x462998 OffsetRect

• 0x4629a0 InflateRect

• 0x4629a8 PtInRect

• 0x4629b0 CopyRect

• 0x4629b8 DrawStateA

• 0x4629c0 EnableWindow

• 0x4629c8 ValidateRect

• 0x4629d0 PostQuitMessage

• 0x4629d8 EndPaint

• 0x4629e0 BeginPaint

• 0x4629e8 GetWindowDC

• 0x4629f0 GrayStringA

• 0x4629f8 DrawTextExA

• 0x462a00 DrawTextA

• 0x462a08 IsWindowEnabled

• 0x462a10 TabbedTextOutA

• 0x462a18 IsDialogMessageA

• 0x462a20 GetMenuCheckMarkDimensions

• 0x462a28 RegisterWindowMessageA

• 0x462a30 SendDlgItemMessageA

• 0x462a38 WinHelpA

• 0x462a40 IsChild

• 0x462a48 SetWindowsHookExA

• 0x462a50 CallNextHookEx

• 0x462a58 GetClassLongA

• 0x462a60 GetClassNameA

• 0x462a68 GetClassLongPtrA

• 0x462a70 SetPropA

• 0x462a78 GetPropA

• 0x462a80 RemovePropA

• 0x462a88 GetWindowTextLengthA

• 0x462a90 GetWindowTextA

• 0x462a98 GetForegroundWindow

• 0x462aa0 GetLastActivePopup

• 0x462aa8 DispatchMessageA

• 0x462ab0 MapWindowPoints

• 0x462ab8 SetWindowLongPtrA

• 0x462ac0 UnhookWindowsHookEx

• 0x462ac8 GetMessageTime

• 0x462ad0 GetMessagePos

• 0x462ad8 DestroyWindow

• 0x462ae0 PeekMessageA

• 0x462ae8 GetWindowLongPtrA

Library GDI32.dll:

• 0x462050 ExtTextOutA

• 0x462058 SaveDC

• 0x462060 RestoreDC

• 0x462068 SetBkMode

• 0x462070 SetMapMode

• 0x462078 LineTo

• 0x462080 MoveToEx

• 0x462088 GetViewportExtEx

• 0x462090 GetWindowExtEx

• 0x462098 PtVisible

• 0x4620a0 RectVisible

• 0x4620a8 TextOutA

• 0x4620b0 Escape

• 0x4620b8 SelectObject

• 0x4620c0 CreateBitmap

• 0x4620c8 OffsetViewportOrgEx

• 0x4620d0 SetViewportExtEx

• 0x4620d8 ScaleViewportExtEx

• 0x4620e0 SetWindowExtEx

• 0x4620e8 ScaleWindowExtEx

• 0x4620f0 ExtSelectClipRgn

• 0x4620f8 DeleteDC

• 0x462100 CreateSolidBrush

• 0x462108 CreateRectRgnIndirect

• 0x462110 GetMapMode

• 0x462118 GetBkColor

• 0x462120 GetTextColor

• 0x462128 GetRgnBox

• 0x462130 SetBkColor

• 0x462138 SetTextColor

• 0x462140 GetClipBox

• 0x462148 Rectangle

• 0x462150 CreatePen

• 0x462158 GetTextExtentPoint32A

• 0x462160 DeleteObject

• 0x462168 GetDeviceCaps

• 0x462170 SetPixel

• 0x462178 CreateFontIndirectA

• 0x462180 SetViewportOrgEx

• 0x462188 GetStockObject

• 0x462190 GetObjectA

Library comdlg32.dll:

• 0x462b18 GetFileTitleA

Library WINSPOOL.DRV:

• 0x462af8 DocumentPropertiesA

• 0x462b00 OpenPrinterA

• 0x462b08 ClosePrinter

Library ADVAPI32.dll:

• 0x462000 RegSetValueExA

• 0x462008 RegCreateKeyExA

• 0x462010 RegQueryValueA

• 0x462018 RegEnumKeyA

• 0x462020 RegDeleteKeyA

• 0x462028 RegOpenKeyExA

• 0x462030 RegQueryValueExA

• 0x462038 RegOpenKeyA

• 0x462040 RegCloseKey

Library SHELL32.dll:

• 0x462668 ShellExecuteA

Library SHLWAPI.dll:

• 0x462678 PathFindFileNameA

• 0x462680 PathStripToRootA

• 0x462688 PathFindExtensionA

• 0x462690 PathIsUNCA

Library oledlg.dll:

• 0x462ba8

Library ole32.dll:

• 0x462b28 OleInitialize

• 0x462b30 CoFreeUnusedLibraries

• 0x462b38 OleUninitialize

• 0x462b40 CreateILockBytesOnHGlobal

• 0x462b48 StgCreateDocfileOnILockBytes

• 0x462b50 StgOpenStorageOnILockBytes

• 0x462b58 CoGetClassObject

• 0x462b60 CLSIDFromString

• 0x462b68 CoRevokeClassObject

• 0x462b70 CoTaskMemAlloc

• 0x462b78 CoTaskMemFree

• 0x462b80 OleIsCurrentClipboard

• 0x462b88 OleFlushClipboard

• 0x462b90 CoRegisterMessageFilter

• 0x462b98 CLSIDFromProgID

Library OLEAUT32.dll:

• 0x4625f8 VariantClear

• 0x462600 VariantInit

• 0x462608 SysAllocStringLen

• 0x462610 SysStringLen

• 0x462618 SysFreeString

• 0x462620 SysAllocStringByteLen

• 0x462628 VariantCopy

• 0x462630 SafeArrayDestroy

• 0x462638 VariantTimeToSystemTime

• 0x462640 SystemTimeToVariantTime

• 0x462648 OleCreateFontIndirect

• 0x462650 SysAllocString

• 0x462658 VariantChangeType

Hosts

No hosts contacted.

DNS

Name	Response	Post-Analysis Lookup
dns.msftncsi.com	A 131.107.255.255	131.107.255.255
time.windows.com	A 20.189.79.72 CNAME time.microsoft.akadns.net
clients2.google.com	A 172.217.160.78 CNAME clients.l.google.com	172.217.160.78
dns.msftncsi.com	AAAA fd3e:4f5a:5b81::1	131.107.255.255
teredo.ipv6.microsoft.com		127.0.0.1

TCP

No TCP connections recorded.

UDP

Source	Source Port	Destination	Destination Port
192.168.56.101	51808	114.114.114.114	53
192.168.56.101	60123	114.114.114.114	53
192.168.56.101	60215	114.114.114.114	53
192.168.56.101	60384	114.114.114.114	53
192.168.56.101	63429	114.114.114.114	53
192.168.56.101	137	192.168.56.255	137
192.168.56.101	138	192.168.56.255	138
192.168.56.101	123	20.189.79.72 time.windows.com	123
192.168.56.101	49713	224.0.0.252	5355
192.168.56.101	51378	224.0.0.252	5355
192.168.56.101	53237	224.0.0.252	5355
192.168.56.101	55368	224.0.0.252	5355
192.168.56.101	56539	224.0.0.252	5355
192.168.56.101	56804	224.0.0.252	5355
192.168.56.101	58367	224.0.0.252	5355
192.168.56.101	61680	224.0.0.252	5355
192.168.56.101	62318	224.0.0.252	5355
192.168.56.101	65004	224.0.0.252	5355
192.168.56.101	1900	239.255.255.250	1900
192.168.56.101	51379	239.255.255.250	3702

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.

Sorry! No dropped buffers.