8.4
高危
30 个模型检测该样本为恶意!
重新分析
更多

414ff88fe64777074dfc2bf45c3d822cebba3c5af4a8d39cc07bbcbfa54c8d81

c48481caa80d09b630064e9459efe44d.exe

分析耗时

105s

最近分析

文件大小

2.0MB
静态报毒 动态报毒 100% AI SCORE=85 ARTEMIS BSCOPE CONFIDENCE EBWLEFQBTWW FUERBOOS GENERIC PUA CJ GENERICKD H41EBSCBKU6Q7AQSW1VBIW HIGH CONFIDENCE LITE MLITE R239520 RAMNIT SUSPICIOUS PE ULISE XZJE 更多
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
McAfee Artemis!3039B7615ECC 20190420 6.0.6.653
Baidu 20190318 1.0.0.2
Alibaba 20190402 0.3.0.4
Kingsoft 20190420 2013.8.14.323
Tencent 20190420 1.0.0.1
Avast Win32:Malware-gen 20190420 18.4.3895.0
CrowdStrike win/malicious_confidence_70% (D) 20190212 1.0
静态指标
Checks if process is being debugged by a debugger (1 个事件)
Time & API Arguments Status Return Repeated
1620985510.328363
IsDebuggerPresent
failed 0 0
Collects information to fingerprint the system (MachineGuid, DigitalProductId, SystemBiosDate) (3 个事件)
registry HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\DigitalProductId
registry HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate
registry HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\InstallDate
The file contains an unknown PE resource name possibly indicative of a packer (3 个事件)
resource name PNG
resource name RC_DATA
resource name XML
行为判定
动态指标
Performs some HTTP requests (15 个事件)
request GET http://www.virtualhardwares.com/English/hardware/hardware.html
request GET http://ocsp.globalsign.com/rootr1/MEwwSjBIMEYwRDAJBgUrDgMCGgUABBS3V7W2nAf4FiMTjpDJKg6%2BMgGqMQQUYHtmGkUNl8qJUC99BM00qP%2F8%2FUsCCwQAAAAAAURO8EJH
request GET http://ocsp2.globalsign.com/gsorganizationvalsha2g2/ME0wSzBJMEcwRTAJBgUrDgMCGgUABBQMnk2cPe3vhNiR6XLHz4QGvBl7BwQUlt5h8b0cFilTHMDMfTuDAEDmGnwCDDSk20WxFnlwLi3iMg%3D%3D
request GET http://virtualhardwares.com/Download.html
request GET http://virtualhardwares.com/favicon.ico
request GET http://ocsp.globalsign.com/rootr1/MEwwSjBIMEYwRDAJBgUrDgMCGgUABBS3V7W2nAf4FiMTjpDJKg6%2BMgGqMQQUYHtmGkUNl8qJUC99BM00qP%2F8%2FUsCCwQAAAAAAURO8DYx
request GET http://cacerts.digicert.com/DigiCertGlobalRootG2.crt
request GET http://ocsp2.globalsign.com/gsalphasha2g2/ME0wSzBJMEcwRTAJBgUrDgMCGgUABBSE1Wv4CYvTB7dm2OHrrWWWqmtnYQQU9c3VPAhQ%2BWpPOreX2laD5mnSaPcCDFgrHwJWV8VptmIxFg%3D%3D
request GET http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
request GET https://s22.cnzz.com/z_stat.php?id=1272845048&web_id=1272845048
request GET https://c.cnzz.com/core.php?web_id=1272845048&t=z
request GET https://wwa.lanzoui.com/s/hardware
request GET https://wwa.lanzoui.com/includes/js/jquery.js
request GET https://wwa.lanzoui.com/img/qrcode.min.js
request GET https://s95.cnzz.com/stat.php?id=1253610888&web_id=1253610888
Allocates read-write-execute memory (usually to unpack itself) (2 个事件)
Time & API Arguments Status Return Repeated
1620985525.031363
NtAllocateVirtualMemory
process_identifier: 648
region_size: 8192
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x046d0000
success 0 0
1620990901.909999
NtAllocateVirtualMemory
process_identifier: 1424
region_size: 65536
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffffffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x0000000004140000
success 0 0
Foreign language identified in PE resource (28 个事件)
name PNG language LANG_CHINESE offset 0x0010b638 filetype PNG image data, 30 x 5, 8-bit/color RGB, non-interlaced sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x000003af
name PNG language LANG_CHINESE offset 0x0010b638 filetype PNG image data, 30 x 5, 8-bit/color RGB, non-interlaced sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x000003af
name PNG language LANG_CHINESE offset 0x0010b638 filetype PNG image data, 30 x 5, 8-bit/color RGB, non-interlaced sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x000003af
name PNG language LANG_CHINESE offset 0x0010b638 filetype PNG image data, 30 x 5, 8-bit/color RGB, non-interlaced sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x000003af
name PNG language LANG_CHINESE offset 0x0010b638 filetype PNG image data, 30 x 5, 8-bit/color RGB, non-interlaced sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x000003af
name PNG language LANG_CHINESE offset 0x0010b638 filetype PNG image data, 30 x 5, 8-bit/color RGB, non-interlaced sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x000003af
name PNG language LANG_CHINESE offset 0x0010b638 filetype PNG image data, 30 x 5, 8-bit/color RGB, non-interlaced sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x000003af
name PNG language LANG_CHINESE offset 0x0010b638 filetype PNG image data, 30 x 5, 8-bit/color RGB, non-interlaced sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x000003af
name PNG language LANG_CHINESE offset 0x0010b638 filetype PNG image data, 30 x 5, 8-bit/color RGB, non-interlaced sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x000003af
name PNG language LANG_CHINESE offset 0x0010b638 filetype PNG image data, 30 x 5, 8-bit/color RGB, non-interlaced sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x000003af
name PNG language LANG_CHINESE offset 0x0010b638 filetype PNG image data, 30 x 5, 8-bit/color RGB, non-interlaced sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x000003af
name PNG language LANG_CHINESE offset 0x0010b638 filetype PNG image data, 30 x 5, 8-bit/color RGB, non-interlaced sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x000003af
name PNG language LANG_CHINESE offset 0x0010b638 filetype PNG image data, 30 x 5, 8-bit/color RGB, non-interlaced sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x000003af
name PNG language LANG_CHINESE offset 0x0010b638 filetype PNG image data, 30 x 5, 8-bit/color RGB, non-interlaced sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x000003af
name PNG language LANG_CHINESE offset 0x0010b638 filetype PNG image data, 30 x 5, 8-bit/color RGB, non-interlaced sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x000003af
name PNG language LANG_CHINESE offset 0x0010b638 filetype PNG image data, 30 x 5, 8-bit/color RGB, non-interlaced sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x000003af
name PNG language LANG_CHINESE offset 0x0010b638 filetype PNG image data, 30 x 5, 8-bit/color RGB, non-interlaced sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x000003af
name PNG language LANG_CHINESE offset 0x0010b638 filetype PNG image data, 30 x 5, 8-bit/color RGB, non-interlaced sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x000003af
name PNG language LANG_CHINESE offset 0x0010b638 filetype PNG image data, 30 x 5, 8-bit/color RGB, non-interlaced sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x000003af
name PNG language LANG_CHINESE offset 0x0010b638 filetype PNG image data, 30 x 5, 8-bit/color RGB, non-interlaced sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x000003af
name PNG language LANG_CHINESE offset 0x0010b638 filetype PNG image data, 30 x 5, 8-bit/color RGB, non-interlaced sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x000003af
name PNG language LANG_CHINESE offset 0x0010b638 filetype PNG image data, 30 x 5, 8-bit/color RGB, non-interlaced sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x000003af
name PNG language LANG_CHINESE offset 0x0010b638 filetype PNG image data, 30 x 5, 8-bit/color RGB, non-interlaced sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x000003af
name PNG language LANG_CHINESE offset 0x0010b638 filetype PNG image data, 30 x 5, 8-bit/color RGB, non-interlaced sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x000003af
name PNG language LANG_CHINESE offset 0x0010b638 filetype PNG image data, 30 x 5, 8-bit/color RGB, non-interlaced sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x000003af
name RT_ICON language LANG_CHINESE offset 0x001ff67c filetype dBase IV DBT of \200.DBF, blocks size 0, block length 16384, next free block index 40, next free block 4278190080, next used block 4278190080 sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00004228
name RT_GROUP_ICON language LANG_CHINESE offset 0x002038a4 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000014
name RT_VERSION language LANG_CHINESE offset 0x002038b8 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000308
Creates a shortcut to an executable file (1 个事件)
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
Checks adapter addresses which can be used to detect virtual network interfaces (1 个事件)
Time & API Arguments Status Return Repeated
1620985511.187363
GetAdaptersAddresses
flags: 16
family: 2
failed 111 0
The binary likely contains encrypted or compressed data indicative of a packer (2 个事件)
entropy 7.900892054021212 section {'size_of_data': '0x00172000', 'virtual_address': '0x00092000', 'entropy': 7.900892054021212, 'name': '.rsrc', 'virtual_size': '0x00171e39'} description A section with a high entropy has been found
entropy 0.7170542635658915 description Overall entropy of this PE file is high
Checks for the Locally Unique Identifier on the system for a suspicious privilege (1 个事件)
Time & API Arguments Status Return Repeated
1620985510.141363
LookupPrivilegeValueW
system_name:
privilege_name: SeDebugPrivilege
success 1 0
网络通信
Communicates with host for which no DNS query was performed (1 个事件)
host 172.217.24.14
Checks the version of Bios, possibly for anti-virtualization (1 个事件)
registry HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion
Disables proxy possibly for traffic interception (1 个事件)
Time & API Arguments Status Return Repeated
1620985513.844363
RegSetValueExA
key_handle: 0x00000374
value: 0
regkey_r: ProxyEnable
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyEnable
success 0 0
Queries information on disks, possibly for anti-virtualization (2 个事件)
Time & API Arguments Status Return Repeated
1620985511.187363
NtCreateFile
create_disposition: 1 (FILE_OPEN)
file_handle: 0x00000178
filepath: \??\PhysicalDrive0
desired_access: 0xc0100080 (FILE_READ_ATTRIBUTES|SYNCHRONIZE|GENERIC_WRITE)
file_attributes: 0 ()
filepath_r: \??\PhysicalDrive0
create_options: 96 (FILE_NON_DIRECTORY_FILE|FILE_SYNCHRONOUS_IO_NONALERT)
status_info: 1 (FILE_OPENED)
share_access: 3 (FILE_SHARE_READ|FILE_SHARE_WRITE)
success 0 0
1620985511.203363
DeviceIoControl
input_buffer:
device_handle: 0x00000178
control_code: 458752 (IOCTL_DISK_GET_DRIVE_GEOMETRY)
output_buffer: Q ÿ?
success 1 0
Sets or modifies WPAD proxy autoconfiguration file for traffic interception (15 个事件)
Time & API Arguments Status Return Repeated
1620985516.781363
RegSetValueExA
key_handle: 0x00000484
value: 1
regkey_r: WpadDecisionReason
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionReason
success 0 0
1620985516.781363
RegSetValueExA
key_handle: 0x00000484
value: Ï|Ø©H×
regkey_r: WpadDecisionTime
reg_type: 3 (REG_BINARY)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionTime
success 0 0
1620985516.781363
RegSetValueExA
key_handle: 0x00000484
value: 3
regkey_r: WpadDecision
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecision
success 0 0
1620985516.781363
RegSetValueExW
key_handle: 0x00000484
value: 网络 2
regkey_r: WpadNetworkName
reg_type: 1 (REG_SZ)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadNetworkName
success 0 0
1620985516.781363
RegSetValueExA
key_handle: 0x00000494
value: 1
regkey_r: WpadDecisionReason
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionReason
success 0 0
1620985516.781363
RegSetValueExA
key_handle: 0x00000494
value: Ï|Ø©H×
regkey_r: WpadDecisionTime
reg_type: 3 (REG_BINARY)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionTime
success 0 0
1620985516.781363
RegSetValueExA
key_handle: 0x00000494
value: 3
regkey_r: WpadDecision
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecision
success 0 0
1620985516.812363
RegSetValueExW
key_handle: 0x00000480
value: {40112ABE-63B3-43C3-BE93-1440EE3AF106}
regkey_r: WpadLastNetwork
reg_type: 1 (REG_SZ)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\WpadLastNetwork
success 0 0
1620985517.094363
RegSetValueExA
key_handle: 0x000004a4
value: 1
regkey_r: WpadDecisionReason
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionReason
success 0 0
1620985517.094363
RegSetValueExA
key_handle: 0x000004a4
value: j¬Ø©H×
regkey_r: WpadDecisionTime
reg_type: 3 (REG_BINARY)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionTime
success 0 0
1620985517.094363
RegSetValueExA
key_handle: 0x000004a4
value: 0
regkey_r: WpadDecision
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecision
success 0 0
1620985517.094363
RegSetValueExW
key_handle: 0x000004a4
value: 网络 2
regkey_r: WpadNetworkName
reg_type: 1 (REG_SZ)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadNetworkName
success 0 0
1620985517.094363
RegSetValueExA
key_handle: 0x000004a8
value: 1
regkey_r: WpadDecisionReason
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionReason
success 0 0
1620985517.094363
RegSetValueExA
key_handle: 0x000004a8
value: j¬Ø©H×
regkey_r: WpadDecisionTime
reg_type: 3 (REG_BINARY)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionTime
success 0 0
1620985517.094363
RegSetValueExA
key_handle: 0x000004a8
value: 0
regkey_r: WpadDecision
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecision
success 0 0
Connects to an IP address that is no longer responding to requests (legitimate services will remain up-and-running usually) (1 个事件)
dead_host 142.250.66.110:443
File has been identified by 30 AntiVirus engines on VirusTotal as malicious (30 个事件)
MicroWorld-eScan Gen:Variant.Ulise.29524
McAfee Artemis!3039B7615ECC
Malwarebytes Trojan.Crypt
BitDefender Gen:Variant.Ulise.29524
K7GW Riskware ( 0040eff71 )
K7AntiVirus Riskware ( 0040eff71 )
Cyren W32/Trojan.XZJE-4901
Rising Malware.Heuristic.MLite(100%) (AI-LITE:h41EbsCbkU6q7aQsW1vBiw)
Ad-Aware Gen:Variant.Ulise.29524
Emsisoft Gen:Variant.Ulise.29524 (B)
Zillya Trojan.GenericKD.Win32.204329
McAfee-GW-Edition BehavesLike.Win32.Ramnit.vc
FireEye Generic.mg.c48481caa80d09b6
Sophos Generic PUA CJ (PUA)
SentinelOne DFI - Suspicious PE
GData Gen:Variant.Ulise.29524
Antiy-AVL Trojan/Win32.Fuerboos
Endgame malicious (high confidence)
Arcabit Trojan.Ulise.D7354
AhnLab-V3 Unwanted/Win32.Agent.R239520
Acronis suspicious
VBA32 BScope.Trojan.Rootkit
ALYac Gen:Variant.Ulise.29524
MAX malware (ai score=85)
Yandex Trojan.Rootkit!eBwlefqBTww
Ikarus Trojan.Rootkit
AVG Win32:Malware-gen
Cybereason malicious.aa80d0
Avast Win32:Malware-gen
CrowdStrike win/malicious_confidence_70% (D)
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

2018-08-22 19:57:25

Imports

Library KERNEL32.dll:
0x46f11c VirtualAlloc
0x46f120 QueueUserAPC
0x46f124 OpenThread
0x46f128 VirtualFreeEx
0x46f12c GetExitCodeThread
0x46f130 WaitForSingleObject
0x46f134 CreateRemoteThread
0x46f138 WriteProcessMemory
0x46f13c VirtualAllocEx
0x46f140 SuspendThread
0x46f144 TerminateProcess
0x46f148 ResumeThread
0x46f14c CreateProcessW
0x46f150 LoadLibraryW
0x46f154 DeleteFileW
0x46f160 GetCurrentProcessId
0x46f164 GetTickCount
0x46f168 LoadLibraryA
0x46f16c ReadFile
0x46f170 SizeofResource
0x46f174 LockResource
0x46f178 LoadResource
0x46f17c FindResourceW
0x46f180 lstrcatW
0x46f184 lstrcpyW
0x46f188 lstrlenW
0x46f18c QueryDosDeviceW
0x46f190 IsBadWritePtr
0x46f194 GetNativeSystemInfo
0x46f198 GetCurrentProcess
0x46f19c MultiByteToWideChar
0x46f1a0 WideCharToMultiByte
0x46f1a4 IsBadReadPtr
0x46f1b0 GetModuleHandleW
0x46f1b4 VirtualFree
0x46f1b8 OpenProcess
0x46f1bc GetFileSize
0x46f1c0 GetProcAddress
0x46f1c4 GetDriveTypeW
0x46f1d4 WriteFile
0x46f1d8 GetModuleFileNameW
0x46f1dc GetACP
0x46f1e0 ExitProcess
0x46f1e4 FreeResource
0x46f1e8 MulDiv
0x46f1f4 SetFilePointer
0x46f1f8 GetFileType
0x46f1fc DuplicateHandle
0x46f208 CreateDirectoryW
0x46f20c SetFileTime
0x46f210 GlobalUnlock
0x46f214 GlobalLock
0x46f218 GlobalAlloc
0x46f224 IsDebuggerPresent
0x46f228 HeapAlloc
0x46f22c HeapFree
0x46f230 GetStartupInfoW
0x46f234 RaiseException
0x46f238 RtlUnwind
0x46f23c HeapReAlloc
0x46f240 GetStdHandle
0x46f244 GetModuleFileNameA
0x46f248 TlsGetValue
0x46f24c TlsAlloc
0x46f250 TlsSetValue
0x46f254 TlsFree
0x46f258 SetLastError
0x46f25c GetCurrentThreadId
0x46f26c HeapCreate
0x46f270 GetCPInfo
0x46f274 GetOEMCP
0x46f278 IsValidCodePage
0x46f27c LCMapStringA
0x46f280 LCMapStringW
0x46f290 GetCommandLineW
0x46f294 SetHandleCount
0x46f298 GetStartupInfoA
0x46f2a4 HeapSize
0x46f2a8 GetModuleHandleA
0x46f2ac GetLocaleInfoA
0x46f2b0 GetConsoleCP
0x46f2b4 GetConsoleMode
0x46f2bc GetStringTypeA
0x46f2c0 GetStringTypeW
0x46f2c4 SetStdHandle
0x46f2c8 WriteConsoleA
0x46f2cc GetConsoleOutputCP
0x46f2d0 WriteConsoleW
0x46f2d4 CreateFileA
0x46f2d8 FlushFileBuffers
0x46f2dc CompareStringA
0x46f2e0 CompareStringW
0x46f2ec GetLocalTime
0x46f2f0 CloseHandle
0x46f2f4 Sleep
0x46f2f8 GetLastError
0x46f2fc CreateFileW
0x46f300 DeviceIoControl
Library USER32.dll:
0x46f324 GetPropW
0x46f328 SetPropW
0x46f32c PostMessageW
0x46f330 RegisterClassW
0x46f334 LoadCursorW
0x46f338 RegisterClassExW
0x46f33c GetClassInfoExW
0x46f340 CreateWindowExW
0x46f344 GetKeyState
0x46f348 UnionRect
0x46f34c InvalidateRect
0x46f350 SetTimer
0x46f354 KillTimer
0x46f358 SetCapture
0x46f35c ReleaseCapture
0x46f360 ScreenToClient
0x46f364 PtInRect
0x46f368 GetDC
0x46f36c CharNextW
0x46f370 ReleaseDC
0x46f374 DestroyWindow
0x46f378 GetFocus
0x46f37c MapWindowPoints
0x46f380 IntersectRect
0x46f384 GetUpdateRect
0x46f388 IsRectEmpty
0x46f38c EndPaint
0x46f390 BeginPaint
0x46f394 GetWindowLongW
0x46f398 OffsetRect
0x46f39c SetCursor
0x46f3a0 wvsprintfW
0x46f3a4 GetWindowRgn
0x46f3a8 MoveWindow
0x46f3ac IsZoomed
0x46f3b0 SetWindowRgn
0x46f3b4 FillRect
0x46f3b8 InvalidateRgn
0x46f3bc GetGUIThreadInfo
0x46f3c4 GetWindowTextW
0x46f3cc GetCaretPos
0x46f3d0 GetCaretBlinkTime
0x46f3d4 DrawTextW
0x46f3d8 CharPrevW
0x46f3dc SetRect
0x46f3e0 CreateCaret
0x46f3e4 HideCaret
0x46f3e8 ShowCaret
0x46f3ec SetCaretPos
0x46f3f0 GetSysColor
0x46f3f4 SetFocus
0x46f3f8 TranslateMessage
0x46f3fc DispatchMessageW
0x46f400 ShowWindow
0x46f404 IsWindow
0x46f408 SetWindowLongW
0x46f40c DefWindowProcW
0x46f410 GetSystemMetrics
0x46f414 CallWindowProcW
0x46f418 LoadImageW
0x46f41c SendMessageW
0x46f420 EnableWindow
0x46f424 GetActiveWindow
0x46f428 wsprintfW
0x46f42c GetWindowRect
0x46f430 GetParent
0x46f434 GetWindow
0x46f438 ClientToScreen
0x46f43c PostQuitMessage
0x46f440 DestroyMenu
0x46f444 TrackPopupMenu
0x46f448 SetForegroundWindow
0x46f44c GetCursorPos
0x46f450 GetSubMenu
0x46f454 AppendMenuW
0x46f458 InsertMenuW
0x46f45c CreatePopupMenu
0x46f460 CreateMenu
0x46f464 SetWindowTextW
0x46f468 GetClientRect
0x46f46c IsWindowVisible
0x46f470 MessageBoxW
0x46f474 SetWindowPos
0x46f478 IsIconic
0x46f47c MonitorFromWindow
0x46f480 GetMonitorInfoW
0x46f484 GetMessageW
Library COMDLG32.dll:
0x46f044 GetOpenFileNameW
0x46f048 GetSaveFileNameW
Library ADVAPI32.dll:
0x46f000 RegQueryValueExW
0x46f004 OpenProcessToken
0x46f010 OpenSCManagerW
0x46f014 OpenServiceW
0x46f018 DeleteService
0x46f01c RegCloseKey
0x46f020 RegEnumKeyExW
0x46f024 CloseServiceHandle
0x46f028 CreateServiceW
0x46f02c StartServiceW
0x46f030 RegOpenKeyExW
Library ole32.dll:
0x46f538 OleLockRunning
0x46f53c CLSIDFromProgID
0x46f540 CLSIDFromString
0x46f544 CoCreateInstance
0x46f548 CoUninitialize
0x46f54c StringFromCLSID
0x46f550 CoTaskMemFree
0x46f554 IIDFromString
0x46f558 CoInitialize
Library COMCTL32.dll:
0x46f038
0x46f03c _TrackMouseEvent
Library IPHLPAPI.DLL:
0x46f114 GetAdaptersInfo
Library PSAPI.DLL:
Library IMM32.dll:
0x46f104 ImmReleaseContext
0x46f108 ImmGetContext
Library GDI32.dll:
0x46f050 CreateRectRgn
0x46f054 PtInRegion
0x46f058 CreateCompatibleDC
0x46f05c GetTextMetricsW
0x46f060 SaveDC
0x46f064 BitBlt
0x46f068 RestoreDC
0x46f06c Rectangle
0x46f070 SetWindowOrgEx
0x46f074 DeleteDC
0x46f078 CreatePen
0x46f07c GetStockObject
0x46f080 GetObjectW
0x46f084 CreateFontIndirectW
0x46f088 DeleteObject
0x46f08c SelectObject
0x46f094 CreateDIBSection
0x46f098 CreateRoundRectRgn
0x46f09c GetDeviceCaps
0x46f0a0 CreateSolidBrush
0x46f0a4 CreatePatternBrush
0x46f0a8 SetTextColor
0x46f0ac SetBkMode
0x46f0b0 SelectClipRgn
0x46f0b4 ExtSelectClipRgn
0x46f0bc GetClipBox
0x46f0c0 CombineRgn
0x46f0c4 StretchBlt
0x46f0c8 SetStretchBltMode
0x46f0cc ExtTextOutW
0x46f0d0 SetBkColor
0x46f0d4 GetObjectA
0x46f0d8 GdiFlush
0x46f0dc TextOutW
0x46f0e0 GetCharABCWidthsW
0x46f0e8 RoundRect
0x46f0ec CreatePenIndirect
0x46f0f0 MoveToEx
0x46f0f4 LineTo
Library OLEAUT32.dll:
0x46f308 VariantInit
0x46f30c VariantClear
0x46f310 SysFreeString
0x46f314 SysAllocString
Library gdiplus.dll:
0x46f494 GdipGetImageWidth
0x46f4ac GdipGetPropertyItem
0x46f4b0 GdipGetImageHeight
0x46f4b4 GdiplusShutdown
0x46f4b8 GdipFree
0x46f4bc GdipAlloc
0x46f4c0 GdipDeleteBrush
0x46f4cc GdipDeleteGraphics
0x46f4d4 GdipDeleteFont
0x46f4d8 GdipDisposeImage
0x46f4e0 GdiplusStartup
0x46f4f0 GdipCreateFromHDC
0x46f50c GdipGraphicsClear
0x46f510 GdipDrawString
0x46f514 GdipDrawImage
0x46f518 GdipDrawImageRectI
0x46f524 GdipGetFamily
0x46f528 GdipCloneBrush
0x46f52c GdipCloneImage

Hosts

No hosts contacted.

DNS

Name Response Post-Analysis Lookup
z1.cnzz.com CNAME z.cnzz.com
A 203.119.129.115
CNAME z.gds.cnzz.com 		106.11.86.67
c.cnzz.com A 111.123.48.219
CNAME all.cnzz.com.danuoyi.tbcache.com 		111.123.48.219
dns.msftncsi.com A 131.107.255.255 131.107.255.255
go.microsoft.com CNAME go.microsoft.com.edgekey.net
A 104.77.62.187
CNAME e11290.dspg.akamaiedge.net 		104.117.117.78
s95.cnzz.com A 111.123.48.219
CNAME all.cnzz.com.danuoyi.tbcache.com
CNAME c.cnzz.com 		111.123.48.219
www.virtualhardwares.com A 8.210.51.125
A 43.129.214.10
A 47.242.247.229 		8.210.51.125
s22.cnzz.com A 111.123.48.219
CNAME all.cnzz.com.danuoyi.tbcache.com
CNAME c.cnzz.com 		111.123.48.219
cacerts.digicert.com A 104.18.10.39
A 104.18.11.39
CNAME cdn.digicertcdn.com 		104.18.10.39
ocsp.globalsign.com A 104.18.21.226
CNAME global.prd.cdn.globalsign.com
CNAME cdn.globalsigncdn.com.cdn.cloudflare.net
A 104.18.20.226 		104.18.21.226
urs.microsoft.com CNAME wd-prod-ss.trafficmanager.net
A 52.230.124.159
CNAME wd-prod-ss-as-southeast-3-fe.southeastasia.cloudapp.azure.com 		13.76.98.223
www.download.windowsupdate.com A 106.7.64.1
A 116.11.67.6
CNAME k256.gslb.ksyuncdn.com
A 124.229.60.6
A 222.216.123.6
CNAME 2-01-3cf7-0009.cdx.cedexis.net
A 36.25.252.1
A 115.231.33.1
A 119.96.211.1
CNAME www.download.windowsupdate.com.download.ks-cdn.com
A 124.229.53.1
CNAME wu-fg-shim.trafficmanager.net 		124.225.105.97
virtualhardwares.com A 8.210.51.125
A 43.129.214.10
A 47.242.247.229 		43.129.214.10
clients2.google.com CNAME clients.l.google.com
A 142.250.66.110 		172.217.27.142
dns.msftncsi.com AAAA fd3e:4f5a:5b81::1 131.107.255.255
wwa.lanzoui.com CNAME all.lanzoui.com.w.kunlungr.com
A 124.225.167.219 		140.249.61.193
ocsp2.globalsign.com A 104.18.21.226
CNAME global.prd.cdn.globalsign.com
CNAME cdn.globalsigncdn.com.cdn.cloudflare.net
A 104.18.20.226 		104.18.20.226
teredo.ipv6.microsoft.com

TCP

Source Source Port Destination Destination Port
192.168.56.101 49195 104.18.11.39 cacerts.digicert.com 80
192.168.56.101 49180 104.18.20.226 ocsp2.globalsign.com 80
192.168.56.101 49181 104.18.20.226 ocsp2.globalsign.com 80
192.168.56.101 49194 104.18.20.226 ocsp2.globalsign.com 80
192.168.56.101 49196 104.18.20.226 ocsp2.globalsign.com 80
192.168.56.101 49178 111.123.48.219 s22.cnzz.com 443
192.168.56.101 49184 111.123.48.219 s22.cnzz.com 443
192.168.56.101 49200 111.123.48.219 s22.cnzz.com 443
192.168.56.101 49197 115.231.33.1 www.download.windowsupdate.com 80
192.168.56.101 49193 124.225.167.219 wwa.lanzoui.com 443
192.168.56.101 49198 124.225.167.219 wwa.lanzoui.com 443
192.168.56.101 49185 203.119.129.115 z1.cnzz.com 443
192.168.56.101 49177 47.242.247.229 virtualhardwares.com 80
192.168.56.101 49189 47.242.247.229 virtualhardwares.com 80
192.168.56.101 49191 52.230.124.159 urs.microsoft.com 443
192.168.56.101 49199 52.230.124.159 urs.microsoft.com 443

UDP

Source Source Port Destination Destination Port
192.168.56.101 49235 114.114.114.114 53
192.168.56.101 51808 114.114.114.114 53
192.168.56.101 53237 114.114.114.114 53
192.168.56.101 57756 114.114.114.114 53
192.168.56.101 57874 114.114.114.114 53
192.168.56.101 60123 114.114.114.114 53
192.168.56.101 65004 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 51378 224.0.0.252 5355
192.168.56.101 54178 224.0.0.252 5355
192.168.56.101 55368 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 58367 224.0.0.252 5355
192.168.56.101 62191 224.0.0.252 5355
192.168.56.101 63429 224.0.0.252 5355
192.168.56.101 1900 239.255.255.250 1900
192.168.56.101 51809 239.255.255.250 3702
192.168.56.101 58707 239.255.255.250 3702
192.168.56.101 60124 239.255.255.250 3702

HTTP & HTTPS Requests

URI Data
http://ocsp2.globalsign.com/gsalphasha2g2/ME0wSzBJMEcwRTAJBgUrDgMCGgUABBSE1Wv4CYvTB7dm2OHrrWWWqmtnYQQU9c3VPAhQ%2BWpPOreX2laD5mnSaPcCDFgrHwJWV8VptmIxFg%3D%3D 
GET /gsalphasha2g2/ME0wSzBJMEcwRTAJBgUrDgMCGgUABBSE1Wv4CYvTB7dm2OHrrWWWqmtnYQQU9c3VPAhQ%2BWpPOreX2laD5mnSaPcCDFgrHwJWV8VptmIxFg%3D%3D HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp2.globalsign.com
http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab 
GET /msdownload/update/v3/static/trustedr/en/authrootstl.cab HTTP/1.1
Cache-Control: max-age = 3600
Connection: Keep-Alive
Accept: */*
If-Modified-Since: Wed, 03 Mar 2021 06:32:16 GMT
If-None-Match: "0d8f4f3f6fd71:0"
User-Agent: Microsoft-CryptoAPI/6.1
Host: www.download.windowsupdate.com
http://ocsp.globalsign.com/rootr1/MEwwSjBIMEYwRDAJBgUrDgMCGgUABBS3V7W2nAf4FiMTjpDJKg6%2BMgGqMQQUYHtmGkUNl8qJUC99BM00qP%2F8%2FUsCCwQAAAAAAURO8EJH 
GET /rootr1/MEwwSjBIMEYwRDAJBgUrDgMCGgUABBS3V7W2nAf4FiMTjpDJKg6%2BMgGqMQQUYHtmGkUNl8qJUC99BM00qP%2F8%2FUsCCwQAAAAAAURO8EJH HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.globalsign.com
http://www.virtualhardwares.com/English/hardware/hardware.html 
GET /English/hardware/hardware.html HTTP/1.1
Accept: application/x-ms-application, image/jpeg, application/xaml+xml, image/gif, image/pjpeg, application/x-ms-xbap, */*
Accept-Language: zh-CN
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Host: www.virtualhardwares.com
Connection: Keep-Alive
http://cacerts.digicert.com/DigiCertGlobalRootG2.crt 
GET /DigiCertGlobalRootG2.crt HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: cacerts.digicert.com
http://virtualhardwares.com/Download.html 
GET /Download.html HTTP/1.1
Accept: */*
Accept-Language: zh-CN
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Accept-Encoding: gzip, deflate
Host: virtualhardwares.com
Connection: Keep-Alive
Cookie: UM_distinctid=1796a5e5ca144b-00a612c87e12f08-26596759-75300-1796a5e5cb12ae
http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab 
GET /msdownload/update/v3/static/trustedr/en/authrootstl.cab HTTP/1.1
Cache-Control: max-age = 900
Connection: Keep-Alive
Accept: */*
If-Modified-Since: Mon, 19 Apr 2021 20:17:25 GMT
If-None-Match: "80f8835935d71:0"
User-Agent: Microsoft-CryptoAPI/6.1
Host: www.download.windowsupdate.com
http://virtualhardwares.com/favicon.ico 
GET /favicon.ico HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Host: virtualhardwares.com
Connection: Keep-Alive
Cookie: UM_distinctid=1796a5e5ca144b-00a612c87e12f08-26596759-75300-1796a5e5cb12ae
http://ocsp2.globalsign.com/gsorganizationvalsha2g2/ME0wSzBJMEcwRTAJBgUrDgMCGgUABBQMnk2cPe3vhNiR6XLHz4QGvBl7BwQUlt5h8b0cFilTHMDMfTuDAEDmGnwCDDSk20WxFnlwLi3iMg%3D%3D 
GET /gsorganizationvalsha2g2/ME0wSzBJMEcwRTAJBgUrDgMCGgUABBQMnk2cPe3vhNiR6XLHz4QGvBl7BwQUlt5h8b0cFilTHMDMfTuDAEDmGnwCDDSk20WxFnlwLi3iMg%3D%3D HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp2.globalsign.com
http://ocsp.globalsign.com/rootr1/MEwwSjBIMEYwRDAJBgUrDgMCGgUABBS3V7W2nAf4FiMTjpDJKg6%2BMgGqMQQUYHtmGkUNl8qJUC99BM00qP%2F8%2FUsCCwQAAAAAAURO8DYx 
GET /rootr1/MEwwSjBIMEYwRDAJBgUrDgMCGgUABBS3V7W2nAf4FiMTjpDJKg6%2BMgGqMQQUYHtmGkUNl8qJUC99BM00qP%2F8%2FUsCCwQAAAAAAURO8DYx HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.globalsign.com

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.