5.8
高危
13 个模型检测该样本为恶意!
重新分析
更多

4952d3fff8667dde922c601f08095432700567e266ad513b3fe20c00579a5302

c78c41e7c027b0919bf135f14a228455.exe

分析耗时

248s

最近分析

文件大小

18.3MB
静态报毒 动态报毒 ARTEMIS AUTOIT FIYREX HHS2E3AUQVY KILLPROC
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
Alibaba Worm:Win32/Generic.7a8c7c43 20190527 0.3.0.5
CrowdStrike 20210203 1.0
Baidu 20190318 1.0.0.2
Avast Win32:Malware-gen 20210225 21.1.5827.0
Kingsoft 20210225 2017.9.26.565
McAfee Artemis!C78C41E7C027 20210225 6.0.6.653
Tencent 20210225 1.0.0.1
行为判定
动态指标
Performs some HTTP requests (5 个事件)
request GET http://www.drvsky.com/js/winrar.gif
request GET http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAeYNgOt45kIIZygDCe8imw%3D
request GET http://crl3.digicert.com/DigiCertGlobalRootCA.crl
request GET http://crl4.digicert.com/DigiCertGlobalRootCA.crl
request GET http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBR0tOcjGcdlkhVARHvHzj6Qwhh26wQUpI3lvnx55HAjbS4pNK0jWNz1MX8CEAQmd7zG%2FR3SGjz9vdCcqiA%3D
Allocates read-write-execute memory (usually to unpack itself) (27 个事件)
Time & API Arguments Status Return Repeated
1621008092.756501
NtProtectVirtualMemory
process_identifier: 2668
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x745e1000
success 0 0
1621008093.022501
NtProtectVirtualMemory
process_identifier: 2668
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x747a1000
success 0 0
1621008095.334501
NtProtectVirtualMemory
process_identifier: 2668
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x77711000
success 0 0
1621008095.334501
NtProtectVirtualMemory
process_identifier: 2668
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76241000
success 0 0
1621008095.334501
NtProtectVirtualMemory
process_identifier: 2668
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76121000
success 0 0
1621008096.850501
NtProtectVirtualMemory
process_identifier: 2668
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x75331000
success 0 0
1621008096.850501
NtProtectVirtualMemory
process_identifier: 2668
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76881000
success 0 0
1621008102.037501
NtProtectVirtualMemory
process_identifier: 2668
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x73951000
success 0 0
1621008102.068501
NtProtectVirtualMemory
process_identifier: 2668
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x750a1000
success 0 0
1621008102.115501
NtProtectVirtualMemory
process_identifier: 2668
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x73941000
success 0 0
1621008102.162501
NtProtectVirtualMemory
process_identifier: 2668
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x73921000
success 0 0
1621008102.209501
NtProtectVirtualMemory
process_identifier: 2668
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x73911000
success 0 0
1621008105.615501
NtProtectVirtualMemory
process_identifier: 2668
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x75c41000
success 0 0
1621008105.631501
NtProtectVirtualMemory
process_identifier: 2668
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x73851000
success 0 0
1621008105.693501
NtProtectVirtualMemory
process_identifier: 2668
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x75241000
success 0 0
1621008105.850501
NtProtectVirtualMemory
process_identifier: 2668
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x73841000
success 0 0
1621008105.928501
NtProtectVirtualMemory
process_identifier: 2668
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x73801000
success 0 0
1621008105.928501
NtProtectVirtualMemory
process_identifier: 2668
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x737e1000
success 0 0
1621008105.959501
NtProtectVirtualMemory
process_identifier: 2668
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x737a1000
success 0 0
1621008106.475501
NtProtectVirtualMemory
process_identifier: 2668
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x73761000
success 0 0
1621008106.756501
NtProtectVirtualMemory
process_identifier: 2668
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x75251000
success 0 0
1621008106.756501
NtProtectVirtualMemory
process_identifier: 2668
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x75101000
success 0 0
1621008106.865501
NtProtectVirtualMemory
process_identifier: 2668
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x766c1000
success 0 0
1621008125.475501
NtProtectVirtualMemory
process_identifier: 2668
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x75a11000
success 0 0
1621008125.475501
NtProtectVirtualMemory
process_identifier: 2668
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x77691000
success 0 0
1621008125.553501
NtProtectVirtualMemory
process_identifier: 2668
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x73741000
success 0 0
1621008125.568501
NtProtectVirtualMemory
process_identifier: 2668
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x73731000
success 0 0
Foreign language identified in PE resource (11 个事件)
name RT_BITMAP language LANG_CHINESE offset 0x0001f320 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x000024fa
name RT_ICON language LANG_CHINESE offset 0x0002181c filetype dBase IV DBT of \200.DBF, blocks size 0, block length 16384, next free block index 40, next free block 16777215, next used block 16777215 sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00004228
name RT_DIALOG language LANG_CHINESE offset 0x00025e74 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x000001f8
name RT_DIALOG language LANG_CHINESE offset 0x00025e74 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x000001f8
name RT_DIALOG language LANG_CHINESE offset 0x00025e74 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x000001f8
name RT_DIALOG language LANG_CHINESE offset 0x00025e74 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x000001f8
name RT_STRING language LANG_CHINESE offset 0x000262a0 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x000000d0
name RT_STRING language LANG_CHINESE offset 0x000262a0 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x000000d0
name RT_STRING language LANG_CHINESE offset 0x000262a0 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x000000d0
name RT_GROUP_ICON language LANG_CHINESE offset 0x00026370 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000014
name RT_MANIFEST language LANG_CHINESE offset 0x00026384 filetype XML 1.0 document, ASCII text, with CRLF line terminators sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x000005b5
Checks adapter addresses which can be used to detect virtual network interfaces (1 个事件)
Time & API Arguments Status Return Repeated
1621008100.584501
GetAdaptersAddresses
flags: 0
family: 0
failed 111 0
网络通信
Communicates with host for which no DNS query was performed (2 个事件)
host 113.108.239.196
host 172.217.24.14
File has been identified by 13 AntiVirus engines on VirusTotal as malicious (13 个事件)
Zillya Trojan.Agent.Win32.129026
Sangfor Trojan.Win32.Gen.2
Alibaba Worm:Win32/Generic.7a8c7c43
Symantec Trojan.Gen.2
Avast Win32:Malware-gen
NANO-Antivirus Trojan.Win32.Autoit.fiyrex
Paloalto generic.ml
McAfee-GW-Edition Artemis
McAfee Artemis!C78C41E7C027
VBA32 Worm.AutoIt
Yandex Trojan.KillProc!hhs2e3AuqVY
Webroot W32.Malware.Gen
AVG Win32:Malware-gen
Sets or modifies WPAD proxy autoconfiguration file for traffic interception (15 个事件)
Time & API Arguments Status Return Repeated
1621008105.334501
RegSetValueExA
key_handle: 0x0000049c
value: 1
regkey_r: WpadDecisionReason
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionReason
success 0 0
1621008105.334501
RegSetValueExA
key_handle: 0x0000049c
value: pà¶H×
regkey_r: WpadDecisionTime
reg_type: 3 (REG_BINARY)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionTime
success 0 0
1621008105.334501
RegSetValueExA
key_handle: 0x0000049c
value: 3
regkey_r: WpadDecision
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecision
success 0 0
1621008105.334501
RegSetValueExW
key_handle: 0x0000049c
value: 网络 2
regkey_r: WpadNetworkName
reg_type: 1 (REG_SZ)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadNetworkName
success 0 0
1621008105.334501
RegSetValueExA
key_handle: 0x000004a0
value: 1
regkey_r: WpadDecisionReason
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionReason
success 0 0
1621008105.334501
RegSetValueExA
key_handle: 0x000004a0
value: pà¶H×
regkey_r: WpadDecisionTime
reg_type: 3 (REG_BINARY)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionTime
success 0 0
1621008105.334501
RegSetValueExA
key_handle: 0x000004a0
value: 3
regkey_r: WpadDecision
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecision
success 0 0
1621008105.428501
RegSetValueExW
key_handle: 0x00000494
value: {40112ABE-63B3-43C3-BE93-1440EE3AF106}
regkey_r: WpadLastNetwork
reg_type: 1 (REG_SZ)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\WpadLastNetwork
success 0 0
1621008125.943501
RegSetValueExA
key_handle: 0x0000045c
value: 1
regkey_r: WpadDecisionReason
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionReason
success 0 0
1621008125.943501
RegSetValueExA
key_handle: 0x0000045c
value: €/+*¶H×
regkey_r: WpadDecisionTime
reg_type: 3 (REG_BINARY)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionTime
success 0 0
1621008125.943501
RegSetValueExA
key_handle: 0x0000045c
value: 0
regkey_r: WpadDecision
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecision
success 0 0
1621008125.943501
RegSetValueExW
key_handle: 0x0000045c
value: 网络 2
regkey_r: WpadNetworkName
reg_type: 1 (REG_SZ)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadNetworkName
success 0 0
1621008125.959501
RegSetValueExA
key_handle: 0x000006b8
value: 1
regkey_r: WpadDecisionReason
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionReason
success 0 0
1621008125.959501
RegSetValueExA
key_handle: 0x000006b8
value: €/+*¶H×
regkey_r: WpadDecisionTime
reg_type: 3 (REG_BINARY)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionTime
success 0 0
1621008125.959501
RegSetValueExA
key_handle: 0x000006b8
value: 0
regkey_r: WpadDecision
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecision
success 0 0
Generates some ICMP traffic
Connects to IP addresses that are no longer responding to requests (legitimate services will remain up-and-running usually) (2 个事件)
dead_host 172.217.24.14:443
dead_host 216.58.200.46:443
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

2010-03-15 14:28:07

Imports

Library KERNEL32.DLL:
0x410044 DeleteFileA
0x410048 DeleteFileW
0x41004c CreateDirectoryA
0x410050 CreateDirectoryW
0x410054 FindClose
0x410058 FindNextFileA
0x41005c FindFirstFileA
0x410060 FindNextFileW
0x410064 FindFirstFileW
0x410068 GetTickCount
0x41006c WideCharToMultiByte
0x410070 MultiByteToWideChar
0x410074 GetVersionExA
0x410078 GlobalAlloc
0x41007c lstrlenA
0x410080 GetModuleFileNameA
0x410084 FindResourceA
0x410088 GetModuleHandleA
0x41008c HeapAlloc
0x410090 GetProcessHeap
0x410094 HeapFree
0x410098 HeapReAlloc
0x41009c CompareStringA
0x4100a0 ExitProcess
0x4100a4 GetLocaleInfoA
0x4100a8 GetNumberFormatA
0x4100ac lstrcmpiA
0x4100b0 GetProcAddress
0x4100b4 GetDateFormatA
0x4100b8 GetTimeFormatA
0x4100c8 WaitForSingleObject
0x4100d0 Sleep
0x4100d4 GetTempPathA
0x4100d8 MoveFileExA
0x4100dc UnmapViewOfFile
0x4100e0 GetCommandLineA
0x4100e4 MapViewOfFile
0x4100e8 CreateFileMappingA
0x4100ec GetModuleFileNameW
0x4100f4 OpenFileMappingA
0x410100 GetSystemTime
0x410104 IsDBCSLeadByte
0x410108 GetCPInfo
0x41010c FreeLibrary
0x410110 LoadLibraryA
0x410118 GetFullPathNameA
0x41011c SetFileAttributesW
0x410120 SetFileAttributesA
0x410124 GetFileAttributesW
0x410128 GetFileAttributesA
0x41012c WriteFile
0x410130 SetLastError
0x410134 GetStdHandle
0x410138 ReadFile
0x41013c CreateFileW
0x410140 CreateFileA
0x410144 GetFileType
0x410148 SetEndOfFile
0x41014c SetFilePointer
0x410150 MoveFileA
0x410154 SetFileTime
0x410158 CloseHandle
0x41015c GetLastError
Library ADVAPI32.dll:
0x410000 RegOpenKeyExA
0x410004 RegQueryValueExA
0x410008 RegCreateKeyExA
0x41000c RegSetValueExA
0x410010 RegCloseKey
Library COMCTL32.dll:
0x410018
Library GDI32.dll:
0x410020 GetDeviceCaps
0x410024 GetObjectA
0x41002c SelectObject
0x410030 StretchBlt
0x410034 CreateCompatibleDC
0x410038 DeleteObject
0x41003c DeleteDC
Library ole32.dll:
0x410274 OleInitialize
0x410278 CoCreateInstance
0x41027c OleUninitialize
0x410280 CLSIDFromString
Library OLEAUT32.dll:
0x410168 VariantInit
Library SHELL32.dll:
0x410170 ShellExecuteExA
0x410174 SHFileOperationA
0x410178 SHGetFileInfoA
0x410180 SHGetMalloc
0x410184 SHBrowseForFolderA
0x41018c SHChangeNotify
Library USER32.dll:
0x410194 ReleaseDC
0x410198 GetDC
0x41019c SendMessageA
0x4101a0 wsprintfA
0x4101a4 SetDlgItemTextA
0x4101a8 EndDialog
0x4101ac DestroyIcon
0x4101b0 SendDlgItemMessageA
0x4101b4 GetDlgItemTextA
0x4101b8 DialogBoxParamA
0x4101bc IsWindowVisible
0x4101c0 WaitForInputIdle
0x4101c4 GetSysColor
0x4101c8 PostMessageA
0x4101cc SetMenu
0x4101d0 SetFocus
0x4101d4 LoadBitmapA
0x4101d8 LoadIconA
0x4101dc CharToOemA
0x4101e0 OemToCharA
0x4101e4 GetClassNameA
0x4101e8 CharUpperA
0x4101ec GetWindowRect
0x4101f0 GetParent
0x4101f4 MapWindowPoints
0x4101f8 CreateWindowExA
0x4101fc UpdateWindow
0x410200 SetWindowTextA
0x410204 LoadCursorA
0x410208 RegisterClassExA
0x41020c SetWindowLongA
0x410210 GetWindowLongA
0x410214 DefWindowProcA
0x410218 PeekMessageA
0x41021c GetMessageA
0x410220 TranslateMessage
0x410224 DispatchMessageA
0x410228 GetClientRect
0x41022c CopyRect
0x410230 IsWindow
0x410234 MessageBoxA
0x410238 ShowWindow
0x41023c GetDlgItem
0x410240 EnableWindow
0x410244 FindWindowExA
0x410248 wvsprintfA
0x41024c CharToOemBuffA
0x410250 LoadStringA
0x410254 SetWindowPos
0x410258 GetWindowTextA
0x41025c GetWindow
0x410260 GetSystemMetrics
0x410264 OemToCharBuffA
0x410268 DestroyWindow

Hosts

No hosts contacted.

TCP

Source Source Port Destination Destination Port
192.168.56.101 49182 117.18.237.29 ocsp.digicert.com 80
192.168.56.101 49185 117.18.237.29 ocsp.digicert.com 80
192.168.56.101 49189 117.18.237.29 ocsp.digicert.com 80
192.168.56.101 49179 124.225.167.230 www.drvsky.com 80
192.168.56.101 49180 124.225.167.230 www.drvsky.com 443

UDP

Source Source Port Destination Destination Port
192.168.56.101 50534 114.114.114.114 53
192.168.56.101 51963 114.114.114.114 53
192.168.56.101 53210 114.114.114.114 53
192.168.56.101 53500 114.114.114.114 53
192.168.56.101 54178 114.114.114.114 53
192.168.56.101 55368 114.114.114.114 53
192.168.56.101 60123 114.114.114.114 53
192.168.56.101 61680 114.114.114.114 53
192.168.56.101 62144 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 123 20.189.79.72 time.windows.com 123
192.168.56.101 49713 224.0.0.252 5355
192.168.56.101 50568 224.0.0.252 5355
192.168.56.101 51378 224.0.0.252 5355
192.168.56.101 51808 224.0.0.252 5355
192.168.56.101 53237 224.0.0.252 5355
192.168.56.101 53380 224.0.0.252 5355
192.168.56.101 54991 224.0.0.252 5355
192.168.56.101 56743 224.0.0.252 5355

HTTP & HTTPS Requests

URI Data
http://crl4.digicert.com/DigiCertGlobalRootCA.crl 
GET /DigiCertGlobalRootCA.crl HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: crl4.digicert.com
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAeYNgOt45kIIZygDCe8imw%3D 
GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAeYNgOt45kIIZygDCe8imw%3D HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.digicert.com
http://www.drvsky.com/js/winrar.gif 
GET /js/winrar.gif HTTP/1.1
Accept: */*
Accept-Language: zh-CN
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Host: www.drvsky.com
Connection: Keep-Alive
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBR0tOcjGcdlkhVARHvHzj6Qwhh26wQUpI3lvnx55HAjbS4pNK0jWNz1MX8CEAQmd7zG%2FR3SGjz9vdCcqiA%3D 
GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBR0tOcjGcdlkhVARHvHzj6Qwhh26wQUpI3lvnx55HAjbS4pNK0jWNz1MX8CEAQmd7zG%2FR3SGjz9vdCcqiA%3D HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.digicert.com
http://crl3.digicert.com/DigiCertGlobalRootCA.crl 
GET /DigiCertGlobalRootCA.crl HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: crl3.digicert.com

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.