8.0
高危
44 个模型检测该样本为恶意!
重新分析
更多

96f030c08289e36546e8e69ac73346fd42cf561c30922ce64991153a0c165430

c11ef0f32bf856b126768db8c94c44de.exe

分析耗时

97s

最近分析

文件大小

896.0KB
静态报毒 动态报毒 100% 4Y0@ASV@LGFK 5UPB9J0GVUC AI SCORE=83 AIDETECTVM BEHAVIOR CLASSIC CONFIDENCE CSJYB ELDORADO EMOTET EVAU GENCIRC GENETIC GENKRYPTIK HIGH CONFIDENCE HSDZVI KRYPTIK MALWARE2 MALWARE@#2CPO2RW6XSB3Z R + TROJ R348048 UNSAFE ZEXAE 更多
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
Alibaba Trojan:Win32/Emotet.42b8bf71 20190527 0.3.0.5
Kingsoft 20201023 2013.8.14.323
Tencent Malware.Win32.Gencirc.10cde812 20201023 1.0.0.1
CrowdStrike win/malicious_confidence_100% (W) 20190702 1.0
静态指标
Queries for the computername (1 个事件)
Time & API Arguments Status Return Repeated
1619874343.213124
GetComputerNameA
computer_name: OSKAR-PC
success 1 0
Uses Windows APIs to generate a cryptographic key (4 个事件)
Time & API Arguments Status Return Repeated
1619874332.510124
CryptGenKey
crypto_handle: 0x006a6380
algorithm_identifier: 0x0000660e ()
provider_handle: 0x006a5998
flags: 1
key: fKÿFLd¸<úpYÕVÒ}o8
success 1 0
1619874343.229124
CryptExportKey
crypto_handle: 0x006a6380
crypto_export_handle: 0x006a5a60
buffer: f¤Š"diè#†ã6¥9²BõŸr".gƒUº¥’ïÔíóìÖ6û\V‡Ü Îú°-ï8$æ×G tyÙàQC==«†êÁl§ŽšÁ:ò' `ûXlà…ãžúª³JªŒãˆ
blob_type: 1
flags: 64
success 1 0
1619874371.198124
CryptExportKey
crypto_handle: 0x006a6380
crypto_export_handle: 0x006a5a60
buffer: f¤*å& Ã,Ãõku­‡¦ŸuL6Âè*ß}¸¡qg8ar¶UrúÌòÕaFû"—›}ø²!õ‚ȝop"µ3Kr’«ÒH`­ý2™©„g¸ñ—zó:%Ï m?Jozû(F
blob_type: 1
flags: 64
success 1 0
1619874375.838124
CryptExportKey
crypto_handle: 0x006a6380
crypto_export_handle: 0x006a5a60
buffer: f¤_Ü{¨Kß^ÅR¢®Ä»=5Œ½a¢]­/‰xE¼«Î"ÿÞØj1K Ë¨—ÒJJãÞ¡¯RrĖîëÌ2VJ @µIEôN_ãfØ0ÈAü'á‰vÂäS=NŠº
blob_type: 1
flags: 64
success 1 0
This executable has a PDB path (1 个事件)
pdb_path c:\Users\Mr.Anderson\Desktop\2005\14.8.20\ExpandingCheck_demo\ExpCheckTest\Release\ExpCheckTest.pdb
The executable contains unknown PE section names indicative of a packer (could be a false positive) (1 个事件)
section .didat
行为判定
动态指标
HTTP traffic contains suspicious features which may be indicative of malware related traffic (1 个事件)
suspicious_features POST method with no referer header suspicious_request POST https://update.googleapis.com/service/update2?cup2key=10:456632812&cup2hreq=f0e43453122ca11c3362aaefb03a8210d0fd77e037e14c5e676be9f38d2f7100
Performs some HTTP requests (4 个事件)
request HEAD http://redirector.gvt1.com/edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe
request HEAD http://r1---sn-j5o7dn7e.gvt1.com/edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe?cms_redirect=yes&mh=ms&mip=202.100.214.100&mm=28&mn=sn-j5o7dn7e&ms=nvh&mt=1619845216&mv=m&mvi=1&pl=23&shardbypass=yes
request HEAD http://r3---sn-j5o7dn7e.gvt1.com/edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe?mh=ms&mvi=3&pl=17&shardbypass=yes&redirect_counter=1&rm=sn-j5ok7e&req_id=c4a70ed3a97b4218&cms_redirect=yes&ipbypass=yes&mip=59.50.85.19&mm=28&mn=sn-j5o7dn7e&ms=nvh&mt=1619845216&mv=m
request POST https://update.googleapis.com/service/update2?cup2key=10:456632812&cup2hreq=f0e43453122ca11c3362aaefb03a8210d0fd77e037e14c5e676be9f38d2f7100
Sends data using the HTTP POST Method (1 个事件)
request POST https://update.googleapis.com/service/update2?cup2key=10:456632812&cup2hreq=f0e43453122ca11c3362aaefb03a8210d0fd77e037e14c5e676be9f38d2f7100
Allocates read-write-execute memory (usually to unpack itself) (1 个事件)
Time & API Arguments Status Return Repeated
1619874331.963124
NtAllocateVirtualMemory
process_identifier: 1320
region_size: 36864
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00610000
success 0 0
Searches running processes potentially to identify processes for sandbox evasion, code injection or memory dumping (1 个事件)
Checks adapter addresses which can be used to detect virtual network interfaces (1 个事件)
Time & API Arguments Status Return Repeated
1619874343.729124
GetAdaptersAddresses
flags: 0
family: 0
failed 111 0
Expresses interest in specific running processes (1 个事件)
process c11ef0f32bf856b126768db8c94c44de.exe
Reads the systems User Agent and subsequently performs requests (1 个事件)
Time & API Arguments Status Return Repeated
1619874343.432124
InternetOpenW
proxy_bypass:
access_type: 0
proxy_name:
flags: 0
user_agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
success 13369348 0
网络通信
Communicates with host for which no DNS query was performed (4 个事件)
host 172.217.24.14
host 174.100.27.229
host 209.126.6.222
host 5.153.250.14
Sets or modifies WPAD proxy autoconfiguration file for traffic interception (8 个事件)
Time & API Arguments Status Return Repeated
1619874346.401124
RegSetValueExA
key_handle: 0x000003c0
value: 1
regkey_r: WpadDecisionReason
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionReason
success 0 0
1619874346.401124
RegSetValueExA
key_handle: 0x000003c0
value: R]U>×
regkey_r: WpadDecisionTime
reg_type: 3 (REG_BINARY)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionTime
success 0 0
1619874346.401124
RegSetValueExA
key_handle: 0x000003c0
value: 3
regkey_r: WpadDecision
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecision
success 0 0
1619874346.401124
RegSetValueExW
key_handle: 0x000003c0
value: 网络 2
regkey_r: WpadNetworkName
reg_type: 1 (REG_SZ)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadNetworkName
success 0 0
1619874346.401124
RegSetValueExA
key_handle: 0x000003d8
value: 1
regkey_r: WpadDecisionReason
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionReason
success 0 0
1619874346.401124
RegSetValueExA
key_handle: 0x000003d8
value: R]U>×
regkey_r: WpadDecisionTime
reg_type: 3 (REG_BINARY)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionTime
success 0 0
1619874346.401124
RegSetValueExA
key_handle: 0x000003d8
value: 3
regkey_r: WpadDecision
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecision
success 0 0
1619874346.401124
RegSetValueExW
key_handle: 0x000003bc
value: {40112ABE-63B3-43C3-BE93-1440EE3AF106}
regkey_r: WpadLastNetwork
reg_type: 1 (REG_SZ)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\WpadLastNetwork
success 0 0
File has been identified by 44 AntiVirus engines on VirusTotal as malicious (44 个事件)
Bkav W32.AIDetectVM.malware2
Elastic malicious (high confidence)
MicroWorld-eScan Trojan.Agent.EVAU
FireEye Generic.mg.c11ef0f32bf856b1
ALYac Trojan.Agent.Emotet
Cylance Unsafe
K7AntiVirus Trojan ( 0056e0661 )
Alibaba Trojan:Win32/Emotet.42b8bf71
K7GW Trojan ( 0056e0661 )
BitDefenderTheta Gen:NN.ZexaE.34570.4y0@aSv@Lgfk
Cyren W32/Emotet.APV.gen!Eldorado
Symantec Trojan.Emotet
APEX Malicious
Paloalto generic.ml
ClamAV Win.Trojan.Emotet-9629277-0
Kaspersky HEUR:Trojan-Banker.Win32.Emotet.pef
BitDefender Trojan.Agent.EVAU
NANO-Antivirus Trojan.Win32.Emotet.hsdzvi
AegisLab Trojan.Win32.Emotet.L!c
Rising Trojan.Kryptik!1.CA80 (CLASSIC)
Ad-Aware Trojan.Agent.EVAU
Comodo Malware@#2cpo2rw6xsb3z
DrWeb Trojan.Emotet.999
VIPRE Trojan.Win32.Generic!BT
Invincea Mal/Generic-R + Troj/Emotet-CLB
McAfee-GW-Edition BehavesLike.Win32.Emotet.cm
Sophos Troj/Emotet-CLB
Ikarus Trojan-Banker.Emotet
Jiangmin Backdoor.Emotet.re
Avira TR/Emotet.csjyb
MAX malware (ai score=83)
Arcabit Trojan.Agent.EVAU
ZoneAlarm HEUR:Trojan-Banker.Win32.Emotet.pef
GData Trojan.Agent.EVAU
AhnLab-V3 Trojan/Win32.Emotet.R348048
VBA32 Backdoor.Emotet
TACHYON Trojan/W32.Agent.917504.KO
ESET-NOD32 Win32/Emotet.CD
Tencent Malware.Win32.Gencirc.10cde812
Yandex Trojan.GenKryptik!5uPb9J0GVuc
Fortinet W32/Malicious_Behavior.VEX
Panda Trj/Genetic.gen
CrowdStrike win/malicious_confidence_100% (W)
Qihoo-360 Win32/Backdoor.80a
Connects to IP addresses that are no longer responding to requests (legitimate services will remain up-and-running usually) (6 个事件)
dead_host 172.217.24.14:443
dead_host 209.126.6.222:8080
dead_host 174.100.27.229:80
dead_host 5.153.250.14:8080
dead_host 192.168.56.101:49176
dead_host 172.217.160.78:443
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

2020-08-15 02:30:27

Imports

Library KERNEL32.dll:
0x49be20 SetFileTime
0x49be24 SetFileAttributesA
0x49be28 GetFileAttributesA
0x49be2c GetFileTime
0x49be30 RtlUnwind
0x49be34 HeapAlloc
0x49be38 HeapFree
0x49be3c HeapReAlloc
0x49be40 VirtualProtect
0x49be44 VirtualAlloc
0x49be48 GetSystemInfo
0x49be4c VirtualQuery
0x49be50 GetCommandLineA
0x49be54 GetProcessHeap
0x49be58 GetStartupInfoA
0x49be5c RaiseException
0x49be60 ExitThread
0x49be64 CreateThread
0x49be68 HeapSize
0x49be6c TerminateProcess
0x49be78 IsDebuggerPresent
0x49be7c Sleep
0x49be80 GetACP
0x49be84 LCMapStringA
0x49be88 LCMapStringW
0x49be8c FatalAppExitA
0x49be90 VirtualFree
0x49be98 HeapCreate
0x49be9c GetStdHandle
0x49beb0 SetHandleCount
0x49beb4 GetFileType
0x49bebc GetTickCount
0x49becc GetStringTypeA
0x49bed0 GetStringTypeW
0x49bed4 GetTimeFormatA
0x49bed8 GetDateFormatA
0x49bedc GetUserDefaultLCID
0x49bee0 EnumSystemLocalesA
0x49bee4 IsValidLocale
0x49bee8 IsValidCodePage
0x49beec GetConsoleCP
0x49bef0 GetConsoleMode
0x49bef4 GetLocaleInfoW
0x49bef8 SetStdHandle
0x49befc WriteConsoleA
0x49bf00 GetConsoleOutputCP
0x49bf04 WriteConsoleW
0x49bf0c SetErrorMode
0x49bf18 CreateFileA
0x49bf1c GetShortPathNameA
0x49bf20 GetFullPathNameA
0x49bf28 FindFirstFileA
0x49bf2c FindClose
0x49bf30 GetCurrentProcess
0x49bf34 DuplicateHandle
0x49bf38 GetThreadLocale
0x49bf3c GetFileSize
0x49bf40 SetEndOfFile
0x49bf44 UnlockFile
0x49bf48 LockFile
0x49bf4c FlushFileBuffers
0x49bf50 SetFilePointer
0x49bf54 WriteFile
0x49bf58 ReadFile
0x49bf5c DeleteFileA
0x49bf60 MoveFileA
0x49bf74 GetAtomNameA
0x49bf78 GetOEMCP
0x49bf7c GetCPInfo
0x49bf84 GlobalFlags
0x49bf88 TlsFree
0x49bf90 LocalReAlloc
0x49bf94 TlsSetValue
0x49bf98 TlsAlloc
0x49bfa0 GlobalHandle
0x49bfa4 GlobalReAlloc
0x49bfac TlsGetValue
0x49bfb4 LocalAlloc
0x49bfb8 CopyFileA
0x49bfbc GlobalSize
0x49bfc0 FormatMessageA
0x49bfc4 LocalFree
0x49bfcc GetModuleFileNameW
0x49bfd0 GlobalFree
0x49bfd4 GetCurrentProcessId
0x49bfd8 CreateEventA
0x49bfdc SuspendThread
0x49bfe0 SetEvent
0x49bfe4 WaitForSingleObject
0x49bfe8 ResumeThread
0x49bfec SetThreadPriority
0x49bff0 CloseHandle
0x49bff4 GetCurrentThread
0x49bffc GetModuleFileNameA
0x49c004 GetLocaleInfoA
0x49c008 GlobalAlloc
0x49c00c GlobalLock
0x49c010 GlobalUnlock
0x49c014 MulDiv
0x49c018 lstrcmpA
0x49c01c FreeResource
0x49c020 GetCurrentThreadId
0x49c024 GlobalGetAtomNameA
0x49c028 GlobalAddAtomA
0x49c02c GlobalFindAtomA
0x49c030 GlobalDeleteAtom
0x49c034 FreeLibrary
0x49c038 LoadLibraryA
0x49c03c lstrcmpW
0x49c040 GetModuleHandleA
0x49c044 GetProcAddress
0x49c048 GetVersionExA
0x49c04c FindResourceA
0x49c050 LoadResource
0x49c054 LockResource
0x49c058 SizeofResource
0x49c05c SetLastError
0x49c060 GetStringTypeExW
0x49c064 GetStringTypeExA
0x49c070 lstrlenA
0x49c074 lstrcmpiW
0x49c078 lstrcmpiA
0x49c07c CompareStringW
0x49c080 CompareStringA
0x49c084 lstrlenW
0x49c088 GetVersion
0x49c08c GetLastError
0x49c090 WideCharToMultiByte
0x49c094 MultiByteToWideChar
0x49c098 InterlockedExchange
0x49c09c HeapDestroy
0x49c0a0 ExitProcess
Library USER32.dll:
0x49c2ac SetMenu
0x49c2b0 BringWindowToTop
0x49c2b4 SetRectEmpty
0x49c2b8 CreatePopupMenu
0x49c2bc InsertMenuItemA
0x49c2c0 InvalidateRect
0x49c2c4 LoadAcceleratorsA
0x49c2c8 LoadMenuA
0x49c2cc ReuseDDElParam
0x49c2d0 UnpackDDElParam
0x49c2d4 GetKeyNameTextA
0x49c2d8 MapVirtualKeyA
0x49c2dc IsRectEmpty
0x49c2e0 GetSystemMenu
0x49c2e4 SetParent
0x49c2e8 UnionRect
0x49c2ec SetRect
0x49c2f0 SetTimer
0x49c2f4 KillTimer
0x49c2f8 GetDCEx
0x49c2fc LockWindowUpdate
0x49c300 DestroyMenu
0x49c304 GetMenuItemInfoA
0x49c308 InflateRect
0x49c30c GetMenuStringA
0x49c310 AppendMenuA
0x49c314 InsertMenuA
0x49c318 RemoveMenu
0x49c31c GetDesktopWindow
0x49c324 GetNextDlgTabItem
0x49c328 EndDialog
0x49c330 ShowOwnedPopups
0x49c334 SetCursor
0x49c338 GetMessageA
0x49c33c TranslateMessage
0x49c340 GetActiveWindow
0x49c344 GetCursorPos
0x49c348 ValidateRect
0x49c34c PostQuitMessage
0x49c350 EndPaint
0x49c354 BeginPaint
0x49c358 GetWindowDC
0x49c35c ReleaseDC
0x49c360 GetDC
0x49c364 ClientToScreen
0x49c368 GrayStringA
0x49c36c DrawTextExA
0x49c370 DrawTextA
0x49c374 TabbedTextOutA
0x49c378 FillRect
0x49c37c SetMenuItemBitmaps
0x49c384 LoadBitmapA
0x49c388 ModifyMenuA
0x49c38c GetMenuState
0x49c390 EnableMenuItem
0x49c394 CheckMenuItem
0x49c39c WinHelpA
0x49c3a0 IsChild
0x49c3a4 GetCapture
0x49c3ac CallNextHookEx
0x49c3b0 GetClassLongA
0x49c3b4 GetClassNameA
0x49c3b8 SetPropA
0x49c3bc RemovePropA
0x49c3c0 GetForegroundWindow
0x49c3c4 GetLastActivePopup
0x49c3c8 SetActiveWindow
0x49c3cc DispatchMessageA
0x49c3d0 BeginDeferWindowPos
0x49c3d4 EndDeferWindowPos
0x49c3d8 GetTopWindow
0x49c3dc DestroyWindow
0x49c3e0 UnhookWindowsHookEx
0x49c3e4 GetMessageTime
0x49c3e8 GetMessagePos
0x49c3ec PeekMessageA
0x49c3f0 MapWindowPoints
0x49c3f4 ScrollWindow
0x49c3f8 TrackPopupMenuEx
0x49c3fc TrackPopupMenu
0x49c400 GetKeyState
0x49c404 SetScrollRange
0x49c408 GetScrollRange
0x49c40c SetScrollPos
0x49c410 GetScrollPos
0x49c414 SetForegroundWindow
0x49c418 ShowScrollBar
0x49c41c IsWindowVisible
0x49c420 UpdateWindow
0x49c424 GetMenu
0x49c428 PostMessageA
0x49c42c GetSubMenu
0x49c430 GetMenuItemID
0x49c434 GetMenuItemCount
0x49c438 MessageBoxA
0x49c43c CreateWindowExA
0x49c440 GetClassInfoExA
0x49c444 GetClassInfoA
0x49c448 RegisterClassA
0x49c44c GetSysColor
0x49c450 AdjustWindowRectEx
0x49c454 ScreenToClient
0x49c458 EqualRect
0x49c45c DeferWindowPos
0x49c460 CopyRect
0x49c464 GetWindowRect
0x49c468 GetParent
0x49c46c EnableWindow
0x49c470 SendMessageA
0x49c474 MoveWindow
0x49c478 ShowWindow
0x49c47c GetScrollInfo
0x49c480 SetScrollInfo
0x49c484 PtInRect
0x49c488 SetWindowPlacement
0x49c48c DefWindowProcA
0x49c490 CallWindowProcA
0x49c494 OffsetRect
0x49c498 IntersectRect
0x49c4a0 GetWindowPlacement
0x49c4a8 GetWindowTextA
0x49c4ac GetFocus
0x49c4b0 UnregisterClassA
0x49c4b4 GetDialogBaseUnits
0x49c4b8 DestroyIcon
0x49c4bc WaitMessage
0x49c4c0 ReleaseCapture
0x49c4c4 WindowFromPoint
0x49c4c8 SetCapture
0x49c4cc DeleteMenu
0x49c4d0 LoadCursorA
0x49c4d4 SetWindowsHookExA
0x49c4d8 GetSysColorBrush
0x49c4dc RedrawWindow
0x49c4e0 GetWindowLongA
0x49c4e4 EnumChildWindows
0x49c4e8 IsWindow
0x49c4ec DrawIcon
0x49c4f0 IsIconic
0x49c4f4 GetClientRect
0x49c4f8 LoadIconA
0x49c4fc GetSystemMetrics
0x49c500 CharLowerA
0x49c504 CharLowerW
0x49c508 CharUpperA
0x49c50c CharUpperW
0x49c510 GetWindow
0x49c514 CheckDlgButton
0x49c518 CheckRadioButton
0x49c51c GetDlgItem
0x49c520 GetDlgItemInt
0x49c524 SetWindowPos
0x49c528 ScrollWindowEx
0x49c52c SetFocus
0x49c530 IsWindowEnabled
0x49c534 SetWindowLongA
0x49c538 GetDlgCtrlID
0x49c53c SetWindowTextA
0x49c540 IsDialogMessageA
0x49c544 IsDlgButtonChecked
0x49c548 SetDlgItemTextA
0x49c54c SetDlgItemInt
0x49c550 SendDlgItemMessageA
0x49c554 GetDlgItemTextA
0x49c558 GetPropA
Library GDI32.dll:
0x49bc50 ArcTo
0x49bc54 PolyDraw
0x49bc58 PolylineTo
0x49bc5c PolyBezierTo
0x49bc60 ExtSelectClipRgn
0x49bc64 DeleteDC
0x49bc6c CreatePatternBrush
0x49bc70 CreateCompatibleDC
0x49bc74 GetStockObject
0x49bc78 SelectPalette
0x49bc7c PlayMetaFileRecord
0x49bc80 GetObjectType
0x49bc84 EnumMetaFile
0x49bc88 PlayMetaFile
0x49bc8c GetDeviceCaps
0x49bc90 CreatePen
0x49bc94 ScaleWindowExtEx
0x49bc98 CreateSolidBrush
0x49bc9c CreateHatchBrush
0x49bca0 CopyMetaFileA
0x49bca4 CreateDCA
0x49bca8 CreateFontIndirectA
0x49bcb4 SetRectRgn
0x49bcb8 CombineRgn
0x49bcbc GetMapMode
0x49bcc0 PatBlt
0x49bcc4 DPtoLP
0x49bcc8 GetTextMetricsA
0x49bcd0 GetCharWidthA
0x49bcd4 CreateFontA
0x49bcd8 StretchDIBits
0x49bcdc GetBkColor
0x49bce0 SetWindowExtEx
0x49bce4 OffsetWindowOrgEx
0x49bce8 SetWindowOrgEx
0x49bcec RectVisible
0x49bcf0 ScaleViewportExtEx
0x49bcf4 SetViewportExtEx
0x49bcf8 OffsetViewportOrgEx
0x49bcfc SetViewportOrgEx
0x49bd00 SelectObject
0x49bd04 Escape
0x49bd08 ExtTextOutA
0x49bd0c ExtCreatePen
0x49bd10 GetDCOrgEx
0x49bd14 PtVisible
0x49bd18 StartDocA
0x49bd1c GetPixel
0x49bd20 BitBlt
0x49bd24 GetWindowExtEx
0x49bd28 GetViewportExtEx
0x49bd2c SelectClipPath
0x49bd30 CreateRectRgn
0x49bd34 GetClipRgn
0x49bd38 SelectClipRgn
0x49bd3c DeleteObject
0x49bd40 SetColorAdjustment
0x49bd44 SetArcDirection
0x49bd48 SetMapperFlags
0x49bd54 SetTextAlign
0x49bd58 MoveToEx
0x49bd5c LineTo
0x49bd60 OffsetClipRgn
0x49bd64 IntersectClipRect
0x49bd68 ExcludeClipRect
0x49bd6c SetMapMode
0x49bd74 SetWorldTransform
0x49bd78 SetGraphicsMode
0x49bd7c SetStretchBltMode
0x49bd80 SetROP2
0x49bd84 SetPolyFillMode
0x49bd88 SetBkMode
0x49bd8c RestoreDC
0x49bd90 SaveDC
0x49bd94 CreateBitmap
0x49bd98 GetObjectA
0x49bd9c SetBkColor
0x49bda0 SetTextColor
0x49bda4 GetClipBox
0x49bda8 TextOutA
Library comdlg32.dll:
0x49c648 GetFileTitleA
Library WINSPOOL.DRV:
0x49c610 ClosePrinter
0x49c614 DocumentPropertiesA
0x49c618 OpenPrinterA
Library ADVAPI32.dll:
0x49bbe8 RegDeleteValueA
0x49bbec RegSetValueExA
0x49bbf0 RegCreateKeyExA
0x49bbf4 RegSetValueA
0x49bbf8 RegQueryValueA
0x49bbfc RegOpenKeyA
0x49bc00 RegEnumKeyA
0x49bc04 RegDeleteKeyA
0x49bc08 RegOpenKeyExA
0x49bc0c RegQueryValueExA
0x49bc10 RegCloseKey
0x49bc14 RegCreateKeyA
Library SHELL32.dll:
0x49c22c SHGetFileInfoA
0x49c230 DragFinish
0x49c234 DragQueryFileA
0x49c238 ExtractIconA
Library SHLWAPI.dll:
0x49c26c PathFindFileNameA
0x49c270 PathStripToRootA
0x49c274 PathFindExtensionA
0x49c278 PathIsUNCA
Library ole32.dll:
0x49c678 ReleaseStgMedium
0x49c67c CreateBindCtx
0x49c680 CoTreatAsClass
0x49c684 StringFromCLSID
0x49c688 ReadClassStg
0x49c68c CoTaskMemAlloc
0x49c690 OleRegGetUserType
0x49c694 WriteClassStg
0x49c698 WriteFmtUserTypeStg
0x49c69c SetConvertStg
0x49c6a0 CoTaskMemFree
0x49c6a4 OleDuplicateData
0x49c6a8 CoDisconnectObject
0x49c6ac CoCreateInstance
0x49c6b0 StringFromGUID2
0x49c6b4 CLSIDFromString
0x49c6b8 ReadFmtUserTypeStg
Library OLEAUT32.dll:
0x49c150 VariantClear
0x49c154 VariantChangeType
0x49c158 VariantInit
0x49c15c SysAllocStringLen
0x49c160 SysFreeString
0x49c164 SysStringLen
0x49c16c SysStringByteLen
0x49c174 SafeArrayAccessData
0x49c178 SafeArrayGetUBound
0x49c17c SafeArrayGetLBound
0x49c184 SafeArrayGetDim
0x49c188 SafeArrayCreate
0x49c18c SafeArrayRedim
0x49c190 VariantCopy
0x49c194 SafeArrayAllocData
0x49c19c SafeArrayCopy
0x49c1a0 SafeArrayGetElement
0x49c1a4 SafeArrayPtrOfIndex
0x49c1a8 SafeArrayPutElement
0x49c1ac SafeArrayLock
0x49c1b0 SafeArrayUnlock
0x49c1b4 SafeArrayDestroy
0x49c1c8 SysReAllocStringLen
0x49c1cc VarDateFromStr
0x49c1d0 VarBstrFromCy
0x49c1d4 VarBstrFromDec
0x49c1d8 VarDecFromStr
0x49c1dc VarCyFromStr
0x49c1e0 VarBstrFromDate

Hosts

No hosts contacted.

TCP

Source Source Port Destination Destination Port
192.168.56.101 49183 113.108.239.194 r1---sn-j5o7dn7e.gvt1.com 80
192.168.56.101 49184 113.108.239.196 r3---sn-j5o7dn7e.gvt1.com 80
192.168.56.101 49181 203.208.40.34 update.googleapis.com 443
192.168.56.101 49182 203.208.41.65 redirector.gvt1.com 80

UDP

Source Source Port Destination Destination Port
192.168.56.101 49235 114.114.114.114 53
192.168.56.101 49713 114.114.114.114 53
192.168.56.101 53657 114.114.114.114 53
192.168.56.101 54178 114.114.114.114 53
192.168.56.101 54260 114.114.114.114 53
192.168.56.101 54991 114.114.114.114 53
192.168.56.101 55368 114.114.114.114 53
192.168.56.101 56539 114.114.114.114 53
192.168.56.101 58070 114.114.114.114 53
192.168.56.101 60123 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 123 20.189.79.72 time.windows.com 123
192.168.56.101 50002 224.0.0.252 5355
192.168.56.101 50534 224.0.0.252 5355
192.168.56.101 50568 224.0.0.252 5355
192.168.56.101 51808 224.0.0.252 5355
192.168.56.101 51963 224.0.0.252 5355
192.168.56.101 53210 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355

HTTP & HTTPS Requests

URI Data
http://redirector.gvt1.com/edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe 
HEAD /edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
User-Agent: Microsoft BITS/7.5
X-Old-UID: cnt=0
X-Last-HR: 0x0
X-Last-HTTP-Status-Code: 0
X-Retry-Count: 0
X-HTTP-Attempts: 1
Host: redirector.gvt1.com
http://r1---sn-j5o7dn7e.gvt1.com/edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe?cms_redirect=yes&mh=ms&mip=202.100.214.100&mm=28&mn=sn-j5o7dn7e&ms=nvh&mt=1619845216&mv=m&mvi=1&pl=23&shardbypass=yes 
HEAD /edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe?cms_redirect=yes&mh=ms&mip=202.100.214.100&mm=28&mn=sn-j5o7dn7e&ms=nvh&mt=1619845216&mv=m&mvi=1&pl=23&shardbypass=yes HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
User-Agent: Microsoft BITS/7.5
X-Old-UID: cnt=0
X-Last-HR: 0x0
X-Last-HTTP-Status-Code: 0
X-Retry-Count: 0
X-HTTP-Attempts: 1
Host: r1---sn-j5o7dn7e.gvt1.com
http://r3---sn-j5o7dn7e.gvt1.com/edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe?mh=ms&mvi=3&pl=17&shardbypass=yes&redirect_counter=1&rm=sn-j5ok7e&req_id=c4a70ed3a97b4218&cms_redirect=yes&ipbypass=yes&mip=59.50.85.19&mm=28&mn=sn-j5o7dn7e&ms=nvh&mt=1619845216&mv=m 
HEAD /edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe?mh=ms&mvi=3&pl=17&shardbypass=yes&redirect_counter=1&rm=sn-j5ok7e&req_id=c4a70ed3a97b4218&cms_redirect=yes&ipbypass=yes&mip=59.50.85.19&mm=28&mn=sn-j5o7dn7e&ms=nvh&mt=1619845216&mv=m HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
User-Agent: Microsoft BITS/7.5
X-Old-UID: cnt=0
X-Last-HR: 0x0
X-Last-HTTP-Status-Code: 0
X-Retry-Count: 0
X-HTTP-Attempts: 1
Host: r3---sn-j5o7dn7e.gvt1.com

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.