SmartHawk

6.8

高危

61 个模型检测该样本为恶意！

重新分析

下载样本

3f256c15a96f8f556978318a55308e3ef709f29d93a18d0c2d262f305477cfb2

c63bd0a773e8db6b24cac95d9ea6ccfb.exe

分析耗时

40s

最近分析

文件大小

604.5KB

静态报毒动态报毒 100% AGEN AI SCORE=82 AIDETECTVM ALI2000015 BTGZIH CLASSIC CONFIDENCE DELFINJECT DELPHILESS ELUM ELZG FAREIT GENCIRC GENETIC GGPR HIGH CONFIDENCE HLGHGV IGENT KRYPTIK LG1@AQVGC7CI LOKIBOT MALWARE2 MALWARE@#1NS9ITIIQQ4JY NANOCORE PWSX QVM05 R + MAL R066C0DIK20 SCORE SIMDA STATIC AI SUSPICIOUS PE UNSAFE WACATAC X2059 ZELPHIF ZUSY 更多

未检测暂无鹰眼引擎检测结果

查杀引擎	查杀结果	查杀时间	查杀版本
McAfee	Fareit-FSK!C63BD0A773E8	20201117	6.0.6.653
Alibaba	Trojan:Win32/DelfInject.ali2000015	20190527	0.3.0.5
CrowdStrike	win/malicious_confidence_100% (W)	20190702	1.0
Avast	Win32:PWSX-gen [Trj]	20201117	20.10.5736.0
Tencent	Malware.Win32.Gencirc.10cdd691	20201117	1.0.0.1
Baidu		20190318	1.0.0.2
Kingsoft		20201117	2013.8.14.323

The executable contains unknown PE section names indicative of a packer (could be a false positive) (3 个事件)

section	CODE
section	DATA
section	BSS

The executable uses a known packer (1 个事件)

packer

BobSoft Mini Delphi -> BoB / BobSoft

One or more processes crashed (1 个事件)

Time & API	Arguments	Status	Return	Repeated
1619945969.417001 __exception__	stacktrace: BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5 registers.esp: 48168768 registers.edi: 0 registers.eax: 0 registers.ebp: 48168840 registers.edx: 59 registers.ebx: 0 registers.esi: 0 registers.ecx: 417 exception.instruction_r: f7 f0 33 c0 5a 59 59 64 89 10 eb 51 e9 7f 4b fb exception.symbol: c63bd0a773e8db6b24cac95d9ea6ccfb+0x4e9e8 exception.instruction: div eax exception.module: c63bd0a773e8db6b24cac95d9ea6ccfb.exe exception.exception_code: 0xc0000094 exception.offset: 322024 exception.address: 0x44e9e8	success	0	0

One or more potentially interesting buffers were extracted, these generally contain injected code, configuration data, etc.

Allocates read-write-execute memory (usually to unpack itself) (4 个事件)

Time & API	Arguments	Status
1619945968.385001 NtAllocateVirtualMemory	process_identifier: 3040 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 4096 (MEM_COMMIT) base_address: 0x00350000	success
1619945969.417001 NtAllocateVirtualMemory	process_identifier: 3040 region_size: 36864 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) base_address: 0x01f50000	success
1619945969.479001 NtAllocateVirtualMemory	process_identifier: 3040 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) base_address: 0x02e10000	success
1619945970.198751 NtAllocateVirtualMemory	process_identifier: 2620 region_size: 3158016 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) base_address: 0x00910000	success

The binary likely contains encrypted or compressed data indicative of a packer (3 个事件)

entropy

7.7291149922072915

section

{'size_of_data': '0x00009400', 'virtual_address': '0x0004f000', 'entropy': 7.7291149922072915, 'name': 'DATA', 'virtual_size': '0x000092d8'}

description

A section with a high entropy has been found

entropy

7.263095818384854

section

{'size_of_data': '0x00037e00', 'virtual_address': '0x00064000', 'entropy': 7.263095818384854, 'name': '.rsrc', 'virtual_size': '0x00037c6c'}

description

A section with a high entropy has been found

entropy

0.4320066334991708

description

Overall entropy of this PE file is high

Communicates with host for which no DNS query was performed (2 个事件)

host	172.217.24.14
host	72.247.96.152

Used NtSetContextThread to modify a thread in a remote process indicative of process injection (2 个事件)

Time & API	Arguments	Status	Return	Repeated
Process injection	Process 3040 called NtSetContextThread to modify thread in remote process 2620
1619945969.948001 NtSetContextThread	thread_handle: 0x000000ec registers.eip: 0 registers.esp: 0 registers.edi: 0 registers.eax: 4306480 registers.ebp: 0 registers.edx: 0 registers.ebx: 2130567168 registers.esi: 0 registers.ecx: 0 process_identifier: 2620	success	0	0

Resumed a suspended thread in a remote process potentially indicative of process injection (2 个事件)

Time & API	Arguments	Status	Return	Repeated
Process injection	Process 3040 resumed a thread in remote process 2620
1619945969.995001 NtResumeThread	thread_handle: 0x000000ec suspend_count: 1 process_identifier: 2620	success	0	0

Connects to an IP address that is no longer responding to requests (legitimate services will remain up-and-running usually) (1 个事件)

dead_host

172.217.160.110:443

Executed a process and injected code into it, probably while unpacking (6 个事件)

Time & API	Arguments	Status	Return
1619945969.932001 CreateProcessInternalW	thread_identifier: 2116 thread_handle: 0x000000ec process_identifier: 2620 current_directory: filepath: track: 1 command_line: "C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\c63bd0a773e8db6b24cac95d9ea6ccfb.exe" filepath_r: stack_pivoted: 0 creation_flags: 4 (CREATE_SUSPENDED) process_handle: 0x000000f0 inherit_handles: 0	success	1
1619945969.932001 NtUnmapViewOfSection	process_identifier: 2620 region_size: 4096 process_handle: 0x000000f0 base_address: 0x00400000	success	0
1619945969.932001 NtMapViewOfSection	section_handle: 0x000000f8 process_identifier: 2620 commit_size: 172032 win32_protect: 64 (PAGE_EXECUTE_READWRITE) buffer: process_handle: 0x000000f0 allocation_type: 0 () section_offset: 0 view_size: 172032 base_address: 0x00400000	success	0
1619945969.948001 NtGetContextThread	thread_handle: 0x000000ec	success	0
1619945969.948001 NtSetContextThread	thread_handle: 0x000000ec registers.eip: 0 registers.esp: 0 registers.edi: 0 registers.eax: 4306480 registers.ebp: 0 registers.edx: 0 registers.ebx: 2130567168 registers.esi: 0 registers.ecx: 0 process_identifier: 2620	success	0
1619945969.995001 NtResumeThread	thread_handle: 0x000000ec suspend_count: 1 process_identifier: 2620	success	0

File has been identified by 61 AntiVirus engines on VirusTotal as malicious (50 out of 61 个事件)

Bkav	W32.AIDetectVM.malware2
Elastic	malicious (high confidence)
DrWeb	Trojan.Nanocore.23
MicroWorld-eScan	Gen:Variant.Zusy.302971
FireEye	Generic.mg.c63bd0a773e8db6b
CAT-QuickHeal	Trojan.Kryptik
McAfee	Fareit-FSK!C63BD0A773E8
Cylance	Unsafe
VIPRE	Trojan.Win32.Simda.ba (v)
Sangfor	Malware
K7AntiVirus	Trojan ( 005685ec1 )
Alibaba	Trojan:Win32/DelfInject.ali2000015
K7GW	Trojan ( 005685ec1 )
CrowdStrike	win/malicious_confidence_100% (W)
Arcabit	Trojan.Zusy.D49F7B
TrendMicro	TROJ_GEN.R066C0DIK20
BitDefenderTheta	Gen:NN.ZelphiF.34634.LG1@aqVgc7ci
Cyren	W32/Trojan.GGPR-4124
Symantec	Trojan.Gen.MBT
APEX	Malicious
Paloalto	generic.ml
ClamAV	Win.Dropper.LokiBot-7768036-0
Kaspersky	HEUR:Trojan.Win32.Kryptik.gen
BitDefender	Gen:Variant.Zusy.302971
NANO-Antivirus	Trojan.Win32.Nanocore.hlghgv
Avast	Win32:PWSX-gen [Trj]
Tencent	Malware.Win32.Gencirc.10cdd691
Ad-Aware	Gen:Variant.Zusy.302971
Sophos	Mal/Fareit-AA
Comodo	Malware@#1ns9itiiqq4jy
F-Secure	Heuristic.HEUR/AGEN.1136310
Zillya	Dropper.Agent.Win32.426686
Invincea	Mal/Generic-R + Mal/Fareit-AA
McAfee-GW-Edition	BehavesLike.Win32.Fareit.jc
Emsisoft	Gen:Variant.Zusy.302971 (B)
Ikarus	Trojan.Inject
Jiangmin	Trojan.Kryptik.arf
Webroot	W32.Trojan.Gen
Avira	HEUR/AGEN.1136310
Antiy-AVL	Trojan/Win32.Wacatac
Microsoft	Trojan:Win32/Nanocore.B!MTB
AegisLab	Trojan.Win32.Kryptik.4!c
ZoneAlarm	HEUR:Trojan.Win32.Kryptik.gen
GData	Gen:Variant.Zusy.302971
Cynet	Malicious (score: 100)
AhnLab-V3	Suspicious/Win.Delphiless.X2059
VBA32	Trojan.Kryptik
ALYac	Gen:Variant.Zusy.302971
MAX	malware (ai score=82)
Malwarebytes	Trojan.MalPack

暂无二进制图像该样本未生成二进制可视化图像

暂无运行截图该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手，可以帮您分析和解读恶意软件报告。请随时向我提问！

🔍 主要威胁分析

⚡ 行为特征

🛡️ 防护建议

🔧 技术手段

🎯 检测方法

🤖

Static Analysis
Strings

PE Compile Time

1992-06-20 06:22:17

Imports

Library kernel32.dll:

• 0x45a118 DeleteCriticalSection

• 0x45a11c LeaveCriticalSection

• 0x45a120 EnterCriticalSection

• 0x45a124 InitializeCriticalSection

• 0x45a128 VirtualFree

• 0x45a12c VirtualAlloc

• 0x45a130 LocalFree

• 0x45a134 LocalAlloc

• 0x45a138 GetVersion

• 0x45a13c GetCurrentThreadId

• 0x45a140 InterlockedDecrement

• 0x45a144 InterlockedIncrement

• 0x45a148 VirtualQuery

• 0x45a14c WideCharToMultiByte

• 0x45a150 MultiByteToWideChar

• 0x45a154 lstrlenA

• 0x45a158 lstrcpynA

• 0x45a15c LoadLibraryExA

• 0x45a160 GetThreadLocale

• 0x45a164 GetStartupInfoA

• 0x45a168 GetProcAddress

• 0x45a16c GetModuleHandleA

• 0x45a170 GetModuleFileNameA

• 0x45a174 GetLocaleInfoA

• 0x45a178 GetCommandLineA

• 0x45a17c FreeLibrary

• 0x45a180 FindFirstFileA

• 0x45a184 FindClose

• 0x45a188 ExitProcess

• 0x45a18c WriteFile

• 0x45a190 UnhandledExceptionFilter

• 0x45a194 RtlUnwind

• 0x45a198 RaiseException

• 0x45a19c GetStdHandle

Library user32.dll:

• 0x45a1a4 GetKeyboardType

• 0x45a1a8 LoadStringA

• 0x45a1ac MessageBoxA

• 0x45a1b0 CharNextA

Library advapi32.dll:

• 0x45a1b8 RegQueryValueExA

• 0x45a1bc RegOpenKeyExA

• 0x45a1c0 RegCloseKey

Library oleaut32.dll:

• 0x45a1c8 SysFreeString

• 0x45a1cc SysReAllocStringLen

• 0x45a1d0 SysAllocStringLen

Library kernel32.dll:

• 0x45a1d8 TlsSetValue

• 0x45a1dc TlsGetValue

• 0x45a1e0 LocalAlloc

• 0x45a1e4 GetModuleHandleA

Library advapi32.dll:

• 0x45a1ec RegQueryValueExA

• 0x45a1f0 RegOpenKeyExA

• 0x45a1f4 RegCloseKey

Library kernel32.dll:

• 0x45a1fc lstrcpyA

• 0x45a200 WriteFile

• 0x45a204 WaitForSingleObjectEx

• 0x45a208 WaitForSingleObject

• 0x45a20c VirtualQuery

• 0x45a210 VirtualAlloc

• 0x45a214 Sleep

• 0x45a218 SizeofResource

• 0x45a21c SetThreadLocale

• 0x45a220 SetFilePointer

• 0x45a224 SetEvent

• 0x45a228 SetErrorMode

• 0x45a22c SetEndOfFile

• 0x45a230 ResetEvent

• 0x45a234 ReadFile

• 0x45a238 MulDiv

• 0x45a23c LockResource

• 0x45a240 LoadResource

• 0x45a244 LoadLibraryA

• 0x45a248 LeaveCriticalSection

• 0x45a24c InitializeCriticalSection

• 0x45a250 GlobalUnlock

• 0x45a254 GlobalReAlloc

• 0x45a258 GlobalHandle

• 0x45a25c GlobalLock

• 0x45a260 GlobalFree

• 0x45a264 GlobalFindAtomA

• 0x45a268 GlobalDeleteAtom

• 0x45a26c GlobalAlloc

• 0x45a270 GlobalAddAtomA

• 0x45a274 GetVersionExA

• 0x45a278 GetVersion

• 0x45a27c GetTickCount

• 0x45a280 GetThreadLocale

• 0x45a284 GetSystemTimeAsFileTime

• 0x45a288 GetSystemTime

• 0x45a28c GetSystemInfo

• 0x45a290 GetStringTypeExA

• 0x45a294 GetStdHandle

• 0x45a298 GetProcAddress

• 0x45a29c GetModuleHandleA

• 0x45a2a0 GetModuleFileNameA

• 0x45a2a4 GetLocaleInfoA

• 0x45a2a8 GetLocalTime

• 0x45a2ac GetLastError

• 0x45a2b0 GetFullPathNameA

• 0x45a2b4 GetDiskFreeSpaceA

• 0x45a2b8 GetDateFormatA

• 0x45a2bc GetCurrentThreadId

• 0x45a2c0 GetCurrentProcessId

• 0x45a2c4 GetCPInfo

• 0x45a2c8 GetACP

• 0x45a2cc FreeResource

• 0x45a2d0 InterlockedExchange

• 0x45a2d4 FreeLibrary

• 0x45a2d8 FormatMessageA

• 0x45a2dc FindResourceA

• 0x45a2e0 FileTimeToSystemTime

• 0x45a2e4 ExitThread

• 0x45a2e8 ExitProcess

• 0x45a2ec EnumCalendarInfoA

• 0x45a2f0 EnterCriticalSection

• 0x45a2f4 DeleteCriticalSection

• 0x45a2f8 CreateThread

• 0x45a2fc CreateFileA

• 0x45a300 CreateEventA

• 0x45a304 CompareStringA

• 0x45a308 CloseHandle

Library version.dll:

• 0x45a310 VerQueryValueA

• 0x45a314 GetFileVersionInfoSizeA

• 0x45a318 GetFileVersionInfoA

Library gdi32.dll:

• 0x45a320 UnrealizeObject

• 0x45a324 StretchBlt

• 0x45a328 SetWindowOrgEx

• 0x45a32c SetViewportOrgEx

• 0x45a330 SetTextColor

• 0x45a334 SetStretchBltMode

• 0x45a338 SetROP2

• 0x45a33c SetPixel

• 0x45a340 SetDIBColorTable

• 0x45a344 SetBrushOrgEx

• 0x45a348 SetBkMode

• 0x45a34c SetBkColor

• 0x45a350 SelectPalette

• 0x45a354 SelectObject

• 0x45a358 SaveDC

• 0x45a35c RestoreDC

• 0x45a360 Rectangle

• 0x45a364 RectVisible

• 0x45a368 RealizePalette

• 0x45a36c PatBlt

• 0x45a370 MoveToEx

• 0x45a374 MaskBlt

• 0x45a378 LineTo

• 0x45a37c IntersectClipRect

• 0x45a380 GetWindowOrgEx

• 0x45a384 GetTextMetricsA

• 0x45a388 GetTextExtentPoint32A

• 0x45a38c GetSystemPaletteEntries

• 0x45a390 GetStockObject

• 0x45a394 GetPixel

• 0x45a398 GetPaletteEntries

• 0x45a39c GetObjectA

• 0x45a3a0 GetDeviceCaps

• 0x45a3a4 GetDIBits

• 0x45a3a8 GetDIBColorTable

• 0x45a3ac GetDCOrgEx

• 0x45a3b0 GetCurrentPositionEx

• 0x45a3b4 GetClipBox

• 0x45a3b8 GetBrushOrgEx

• 0x45a3bc GetBitmapBits

• 0x45a3c0 ExcludeClipRect

• 0x45a3c4 DeleteObject

• 0x45a3c8 DeleteDC

• 0x45a3cc CreateSolidBrush

• 0x45a3d0 CreatePenIndirect

• 0x45a3d4 CreatePalette

• 0x45a3d8 CreateHalftonePalette

• 0x45a3dc CreateFontIndirectA

• 0x45a3e0 CreateDIBitmap

• 0x45a3e4 CreateDIBSection

• 0x45a3e8 CreateCompatibleDC

• 0x45a3ec CreateCompatibleBitmap

• 0x45a3f0 CreateBrushIndirect

• 0x45a3f4 CreateBitmap

• 0x45a3f8 BitBlt

Library user32.dll:

• 0x45a400 CreateWindowExA

• 0x45a404 WindowFromPoint

• 0x45a408 WinHelpA

• 0x45a40c WaitMessage

• 0x45a410 UpdateWindow

• 0x45a414 UnregisterClassA

• 0x45a418 UnhookWindowsHookEx

• 0x45a41c TranslateMessage

• 0x45a420 TranslateMDISysAccel

• 0x45a424 TrackPopupMenu

• 0x45a428 SystemParametersInfoA

• 0x45a42c ShowWindow

• 0x45a430 ShowScrollBar

• 0x45a434 ShowOwnedPopups

• 0x45a438 ShowCursor

• 0x45a43c SetWindowsHookExA

• 0x45a440 SetWindowPos

• 0x45a444 SetWindowPlacement

• 0x45a448 SetWindowLongA

• 0x45a44c SetTimer

• 0x45a450 SetScrollRange

• 0x45a454 SetScrollPos

• 0x45a458 SetScrollInfo

• 0x45a45c SetRect

• 0x45a460 SetPropA

• 0x45a464 SetParent

• 0x45a468 SetMenuItemInfoA

• 0x45a46c SetMenu

• 0x45a470 SetForegroundWindow

• 0x45a474 SetFocus

• 0x45a478 SetCursor

• 0x45a47c SetClassLongA

• 0x45a480 SetCapture

• 0x45a484 SetActiveWindow

• 0x45a488 SendMessageA

• 0x45a48c ScrollWindow

• 0x45a490 ScreenToClient

• 0x45a494 RemovePropA

• 0x45a498 RemoveMenu

• 0x45a49c ReleaseDC

• 0x45a4a0 ReleaseCapture

• 0x45a4a4 RegisterWindowMessageA

• 0x45a4a8 RegisterClipboardFormatA

• 0x45a4ac RegisterClassA

• 0x45a4b0 RedrawWindow

• 0x45a4b4 PtInRect

• 0x45a4b8 PostQuitMessage

• 0x45a4bc PostMessageA

• 0x45a4c0 PeekMessageA

• 0x45a4c4 OffsetRect

• 0x45a4c8 OemToCharA

• 0x45a4cc MessageBoxA

• 0x45a4d0 MapWindowPoints

• 0x45a4d4 MapVirtualKeyA

• 0x45a4d8 LoadStringA

• 0x45a4dc LoadKeyboardLayoutA

• 0x45a4e0 LoadIconA

• 0x45a4e4 LoadCursorA

• 0x45a4e8 LoadBitmapA

• 0x45a4ec KillTimer

• 0x45a4f0 IsZoomed

• 0x45a4f4 IsWindowVisible

• 0x45a4f8 IsWindowEnabled

• 0x45a4fc IsWindow

• 0x45a500 IsRectEmpty

• 0x45a504 IsIconic

• 0x45a508 IsDialogMessageA

• 0x45a50c IsChild

• 0x45a510 InvalidateRect

• 0x45a514 IntersectRect

• 0x45a518 InsertMenuItemA

• 0x45a51c InsertMenuA

• 0x45a520 InflateRect

• 0x45a524 GetWindowThreadProcessId

• 0x45a528 GetWindowTextA

• 0x45a52c GetWindowRect

• 0x45a530 GetWindowPlacement

• 0x45a534 GetWindowLongA

• 0x45a538 GetWindowDC

• 0x45a53c GetTopWindow

• 0x45a540 GetSystemMetrics

• 0x45a544 GetSystemMenu

• 0x45a548 GetSysColorBrush

• 0x45a54c GetSysColor

• 0x45a550 GetSubMenu

• 0x45a554 GetScrollRange

• 0x45a558 GetScrollPos

• 0x45a55c GetScrollInfo

• 0x45a560 GetPropA

• 0x45a564 GetParent

• 0x45a568 GetWindow

• 0x45a56c GetMenuStringA

• 0x45a570 GetMenuState

• 0x45a574 GetMenuItemInfoA

• 0x45a578 GetMenuItemID

• 0x45a57c GetMenuItemCount

• 0x45a580 GetMenu

• 0x45a584 GetLastActivePopup

• 0x45a588 GetKeyboardState

• 0x45a58c GetKeyboardLayoutList

• 0x45a590 GetKeyboardLayout

• 0x45a594 GetKeyState

• 0x45a598 GetKeyNameTextA

• 0x45a59c GetIconInfo

• 0x45a5a0 GetForegroundWindow

• 0x45a5a4 GetFocus

• 0x45a5a8 GetDesktopWindow

• 0x45a5ac GetDCEx

• 0x45a5b0 GetDC

• 0x45a5b4 GetCursorPos

• 0x45a5b8 GetCursor

• 0x45a5bc GetClientRect

• 0x45a5c0 GetClassNameA

• 0x45a5c4 GetClassInfoA

• 0x45a5c8 GetCapture

• 0x45a5cc GetActiveWindow

• 0x45a5d0 FrameRect

• 0x45a5d4 FindWindowA

• 0x45a5d8 FillRect

• 0x45a5dc EqualRect

• 0x45a5e0 EnumWindows

• 0x45a5e4 EnumThreadWindows

• 0x45a5e8 EndPaint

• 0x45a5ec EnableWindow

• 0x45a5f0 EnableScrollBar

• 0x45a5f4 EnableMenuItem

• 0x45a5f8 DrawTextA

• 0x45a5fc DrawMenuBar

• 0x45a600 DrawIconEx

• 0x45a604 DrawIcon

• 0x45a608 DrawFrameControl

• 0x45a60c DrawEdge

• 0x45a610 DispatchMessageA

• 0x45a614 DestroyWindow

• 0x45a618 DestroyMenu

• 0x45a61c DestroyIcon

• 0x45a620 DestroyCursor

• 0x45a624 DeleteMenu

• 0x45a628 DefWindowProcA

• 0x45a62c DefMDIChildProcA

• 0x45a630 DefFrameProcA

• 0x45a634 CreatePopupMenu

• 0x45a638 CreateMenu

• 0x45a63c CreateIcon

• 0x45a640 ClientToScreen

• 0x45a644 CheckMenuItem

• 0x45a648 CallWindowProcA

• 0x45a64c CallNextHookEx

• 0x45a650 BeginPaint

• 0x45a654 CharNextA

• 0x45a658 CharLowerA

• 0x45a65c CharToOemA

• 0x45a660 AdjustWindowRectEx

• 0x45a664 ActivateKeyboardLayout

Library kernel32.dll:

• 0x45a66c Sleep

Library oleaut32.dll:

• 0x45a674 SafeArrayPtrOfIndex

• 0x45a678 SafeArrayGetUBound

• 0x45a67c SafeArrayGetLBound

• 0x45a680 SafeArrayCreate

• 0x45a684 VariantChangeType

• 0x45a688 VariantCopy

• 0x45a68c VariantClear

• 0x45a690 VariantInit

Library comctl32.dll:

• 0x45a698 ImageList_SetIconSize

• 0x45a69c ImageList_GetIconSize

• 0x45a6a0 ImageList_Write

• 0x45a6a4 ImageList_Read

• 0x45a6a8 ImageList_GetDragImage

• 0x45a6ac ImageList_DragShowNolock

• 0x45a6b0 ImageList_SetDragCursorImage

• 0x45a6b4 ImageList_DragMove

• 0x45a6b8 ImageList_DragLeave

• 0x45a6bc ImageList_DragEnter

• 0x45a6c0 ImageList_EndDrag

• 0x45a6c4 ImageList_BeginDrag

• 0x45a6c8 ImageList_Remove

• 0x45a6cc ImageList_DrawEx

• 0x45a6d0 ImageList_Draw

• 0x45a6d4 ImageList_GetBkColor

• 0x45a6d8 ImageList_SetBkColor

• 0x45a6dc ImageList_ReplaceIcon

• 0x45a6e0 ImageList_Add

• 0x45a6e4 ImageList_GetImageCount

• 0x45a6e8 ImageList_Destroy

• 0x45a6ec ImageList_Create

• 0x45a6f0 InitCommonControls

Hosts

No hosts contacted.

DNS

Name	Response	Post-Analysis Lookup
time.windows.com	A 20.189.79.72 CNAME time.microsoft.akadns.net
teredo.ipv6.microsoft.com		127.0.0.1
dns.msftncsi.com	A 131.107.255.255	131.107.255.255
dns.msftncsi.com	AAAA fd3e:4f5a:5b81::1	131.107.255.255
clients2.google.com	A 172.217.160.110 CNAME clients.l.google.com	172.217.160.78

TCP

Source	Source Port	Destination	Destination Port
72.247.96.152	443	192.168.56.101	49178

UDP

Source	Source Port	Destination	Destination Port
192.168.56.101	49235	114.114.114.114	53
192.168.56.101	55368	114.114.114.114	53
192.168.56.101	58367	114.114.114.114	53
192.168.56.101	60215	114.114.114.114	53
192.168.56.101	63429	114.114.114.114	53
192.168.56.101	137	192.168.56.255	137
192.168.56.101	138	192.168.56.255	138
192.168.56.101	123	20.189.79.72 time.windows.com	123
192.168.56.101	50002	224.0.0.252	5355
192.168.56.101	50534	224.0.0.252	5355
192.168.56.101	51963	224.0.0.252	5355
192.168.56.101	53657	224.0.0.252	5355
192.168.56.101	56539	224.0.0.252	5355
192.168.56.101	56804	224.0.0.252	5355
192.168.56.101	57756	224.0.0.252	5355
192.168.56.101	57874	224.0.0.252	5355
192.168.56.101	60384	224.0.0.252	5355
192.168.56.101	61680	224.0.0.252	5355
192.168.56.101	1900	239.255.255.250	1900
192.168.56.101	49236	239.255.255.250	3702

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.

Sorry! No dropped buffers.