8.2
高危
47 个模型检测该样本为恶意!
重新分析
更多

64f3903162257e9f9cfe998cc4aad588a37297e4ae54ed4830532e8fc853132f

cad32e14c4c967e706afe185d8fc0f89.exe

分析耗时

86s

最近分析

文件大小

1.1MB
静态报毒 动态报毒 100% AGENSLA AGENSLANET AGENTTESLA AIDETECTVM ARTEMIS ATTRIBUTE AUTOIT BLUTEAL BTWP90 CONFIDENCE FUGRAFA GENERIC@ML HIGH CONFIDENCE HIGHCONFIDENCE I9LZTPPX2L+A IGENT IIZUADWPJ IZ0@ACCXN2AI MALWARE1 NELVZ R06EC0WI220 R335471 RDML SCORE SHIOTOB SUSGEN TCBZ UNSAFE ZEXAF 更多
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
McAfee Artemis!CAD32E14C4C9 20201229 6.0.6.653
Alibaba Trojan:MSIL/Autorun.cbda5882 20190527 0.3.0.5
Avast Win32:Malware-gen 20201229 21.1.5827.0
Tencent Msil.Worm.Autorun.Tcbz 20201229 1.0.0.1
Baidu 20190318 1.0.0.2
Kingsoft 20201229 2017.9.26.565
CrowdStrike win/malicious_confidence_100% (W) 20190702 1.0
静态指标
The executable contains unknown PE section names indicative of a packer (could be a false positive) (2 个事件)
section .gfids
section _RDATA
The file contains an unknown PE resource name possibly indicative of a packer (1 个事件)
resource name FILE
One or more processes crashed (50 out of 5744 个事件)
Time & API Arguments Status Return Repeated
1619947482.707625
__exception__
stacktrace: 
arch_masks+0x6c0 initialBufferSize-0xf600 @ 0x73e40100

registers.esp: 1632780
registers.edi: 388
registers.eax: 1436966
registers.ebp: 1632912
registers.edx: 0
registers.ebx: 8200
registers.esi: 285279978
registers.ecx: 8200
exception.instruction_r: 89 02 9b c7 45 fc fe ff ff ff eb 38 8b 45 ec 8b
exception.symbol: cad32e14c4c967e706afe185d8fc0f89+0x6163
exception.instruction: mov dword ptr [edx], eax
exception.module: cad32e14c4c967e706afe185d8fc0f89.exe
exception.exception_code: 0xc0000005
exception.offset: 24931
exception.address: 0x406163
success 0 0
1619947482.722625
__exception__
stacktrace: 
arch_masks+0x6c0 initialBufferSize-0xf600 @ 0x73e40100

registers.esp: 1632780
registers.edi: 5568598
registers.eax: 1469123168
registers.ebp: 1632912
registers.edx: 0
registers.ebx: 8201
registers.esi: 285279978
registers.ecx: 8200
exception.instruction_r: 89 02 9b c7 45 fc fe ff ff ff eb 38 8b 45 ec 8b
exception.symbol: cad32e14c4c967e706afe185d8fc0f89+0x6163
exception.instruction: mov dword ptr [edx], eax
exception.module: cad32e14c4c967e706afe185d8fc0f89.exe
exception.exception_code: 0xc0000005
exception.offset: 24931
exception.address: 0x406163
success 0 0
1619947482.722625
__exception__
stacktrace: 
arch_masks+0x6c0 initialBufferSize-0xf600 @ 0x73e40100

registers.esp: 1632780
registers.edi: 585047154
registers.eax: 2466946811
registers.ebp: 1632912
registers.edx: 0
registers.ebx: 1498551016
registers.esi: 285279978
registers.ecx: 1950559753
exception.instruction_r: 89 02 9b c7 45 fc fe ff ff ff eb 38 8b 45 ec 8b
exception.symbol: cad32e14c4c967e706afe185d8fc0f89+0x6163
exception.instruction: mov dword ptr [edx], eax
exception.module: cad32e14c4c967e706afe185d8fc0f89.exe
exception.exception_code: 0xc0000005
exception.offset: 24931
exception.address: 0x406163
success 0 0
1619947482.722625
__exception__
stacktrace: 
arch_masks+0x6c0 initialBufferSize-0xf600 @ 0x73e40100

registers.esp: 1632780
registers.edi: 1330812559
registers.eax: 945797158
registers.ebp: 1632912
registers.edx: 0
registers.ebx: 1550951213
registers.esi: 285279978
registers.ecx: 1950559753
exception.instruction_r: 89 02 9b c7 45 fc fe ff ff ff eb 38 8b 45 ec 8b
exception.symbol: cad32e14c4c967e706afe185d8fc0f89+0x6163
exception.instruction: mov dword ptr [edx], eax
exception.module: cad32e14c4c967e706afe185d8fc0f89.exe
exception.exception_code: 0xc0000005
exception.offset: 24931
exception.address: 0x406163
success 0 0
1619947482.722625
__exception__
stacktrace: 
arch_masks+0x6c0 initialBufferSize-0xf600 @ 0x73e40100

registers.esp: 1632780
registers.edi: 4009610139
registers.eax: 1897125412
registers.ebp: 1632912
registers.edx: 0
registers.ebx: 1562721940
registers.esi: 285279978
registers.ecx: 1950559753
exception.instruction_r: 89 02 9b c7 45 fc fe ff ff ff eb 38 8b 45 ec 8b
exception.symbol: cad32e14c4c967e706afe185d8fc0f89+0x6163
exception.instruction: mov dword ptr [edx], eax
exception.module: cad32e14c4c967e706afe185d8fc0f89.exe
exception.exception_code: 0xc0000005
exception.offset: 24931
exception.address: 0x406163
success 0 0
1619947482.722625
__exception__
stacktrace: 
arch_masks+0x6c0 initialBufferSize-0xf600 @ 0x73e40100

registers.esp: 1632780
registers.edi: 2343331759
registers.eax: 3316791266
registers.ebp: 1632912
registers.edx: 0
registers.ebx: 1232840982
registers.esi: 285279978
registers.ecx: 1950559753
exception.instruction_r: 89 02 9b c7 45 fc fe ff ff ff eb 38 8b 45 ec 8b
exception.symbol: cad32e14c4c967e706afe185d8fc0f89+0x6163
exception.instruction: mov dword ptr [edx], eax
exception.module: cad32e14c4c967e706afe185d8fc0f89.exe
exception.exception_code: 0xc0000005
exception.offset: 24931
exception.address: 0x406163
success 0 0
1619947482.722625
__exception__
stacktrace: 
arch_masks+0x6c0 initialBufferSize-0xf600 @ 0x73e40100

registers.esp: 1632780
registers.edi: 2806166899
registers.eax: 2820821468
registers.ebp: 1632912
registers.edx: 0
registers.ebx: 4112139936
registers.esi: 285279978
registers.ecx: 1950559753
exception.instruction_r: 89 02 9b c7 45 fc fe ff ff ff eb 38 8b 45 ec 8b
exception.symbol: cad32e14c4c967e706afe185d8fc0f89+0x6163
exception.instruction: mov dword ptr [edx], eax
exception.module: cad32e14c4c967e706afe185d8fc0f89.exe
exception.exception_code: 0xc0000005
exception.offset: 24931
exception.address: 0x406163
success 0 0
1619947482.722625
__exception__
stacktrace: 
arch_masks+0x6c0 initialBufferSize-0xf600 @ 0x73e40100

registers.esp: 1632780
registers.edi: 1339733273
registers.eax: 1654564374
registers.ebp: 1632912
registers.edx: 0
registers.ebx: 1823971840
registers.esi: 285279978
registers.ecx: 1950559753
exception.instruction_r: 89 02 9b c7 45 fc fe ff ff ff eb 38 8b 45 ec 8b
exception.symbol: cad32e14c4c967e706afe185d8fc0f89+0x6163
exception.instruction: mov dword ptr [edx], eax
exception.module: cad32e14c4c967e706afe185d8fc0f89.exe
exception.exception_code: 0xc0000005
exception.offset: 24931
exception.address: 0x406163
success 0 0
1619947482.722625
__exception__
stacktrace: 
arch_masks+0x6c0 initialBufferSize-0xf600 @ 0x73e40100

registers.esp: 1632780
registers.edi: 2385568881
registers.eax: 3000223504
registers.ebp: 1632912
registers.edx: 0
registers.ebx: 2470128592
registers.esi: 285279978
registers.ecx: 1950559753
exception.instruction_r: 89 02 9b c7 45 fc fe ff ff ff eb 38 8b 45 ec 8b
exception.symbol: cad32e14c4c967e706afe185d8fc0f89+0x6163
exception.instruction: mov dword ptr [edx], eax
exception.module: cad32e14c4c967e706afe185d8fc0f89.exe
exception.exception_code: 0xc0000005
exception.offset: 24931
exception.address: 0x406163
success 0 0
1619947482.722625
__exception__
stacktrace: 
arch_masks+0x6c0 initialBufferSize-0xf600 @ 0x73e40100

registers.esp: 1632780
registers.edi: 36786683
registers.eax: 3551149642
registers.ebp: 1632912
registers.edx: 0
registers.ebx: 1403079584
registers.esi: 285279978
registers.ecx: 1950559753
exception.instruction_r: 89 02 9b c7 45 fc fe ff ff ff eb 38 8b 45 ec 8b
exception.symbol: cad32e14c4c967e706afe185d8fc0f89+0x6163
exception.instruction: mov dword ptr [edx], eax
exception.module: cad32e14c4c967e706afe185d8fc0f89.exe
exception.exception_code: 0xc0000005
exception.offset: 24931
exception.address: 0x406163
success 0 0
1619947482.722625
__exception__
stacktrace: 
arch_masks+0x6c0 initialBufferSize-0xf600 @ 0x73e40100

registers.esp: 1632780
registers.edi: 3992340071
registers.eax: 3948389956
registers.ebp: 1632912
registers.edx: 0
registers.ebx: 915098624
registers.esi: 285279978
registers.ecx: 1950559753
exception.instruction_r: 89 02 9b c7 45 fc fe ff ff ff eb 38 8b 45 ec 8b
exception.symbol: cad32e14c4c967e706afe185d8fc0f89+0x6163
exception.instruction: mov dword ptr [edx], eax
exception.module: cad32e14c4c967e706afe185d8fc0f89.exe
exception.exception_code: 0xc0000005
exception.offset: 24931
exception.address: 0x406163
success 0 0
1619947482.722625
__exception__
stacktrace: 
arch_masks+0x6c0 initialBufferSize-0xf600 @ 0x73e40100

registers.esp: 1632780
registers.edi: 2134972613
registers.eax: 3210230142
registers.ebp: 1632912
registers.edx: 0
registers.ebx: 8211
registers.esi: 285279978
registers.ecx: 8200
exception.instruction_r: 89 02 9b c7 45 fc fe ff ff ff eb 38 8b 45 ec 8b
exception.symbol: cad32e14c4c967e706afe185d8fc0f89+0x6163
exception.instruction: mov dword ptr [edx], eax
exception.module: cad32e14c4c967e706afe185d8fc0f89.exe
exception.exception_code: 0xc0000005
exception.offset: 24931
exception.address: 0x406163
success 0 0
1619947482.722625
__exception__
stacktrace: 
arch_masks+0x6c0 initialBufferSize-0xf600 @ 0x73e40100

registers.esp: 1632780
registers.edi: 3212655539
registers.eax: 2209293281
registers.ebp: 1632912
registers.edx: 0
registers.ebx: 8212
registers.esi: 285279978
registers.ecx: 8200
exception.instruction_r: 89 02 9b c7 45 fc fe ff ff ff eb 38 8b 45 ec 8b
exception.symbol: cad32e14c4c967e706afe185d8fc0f89+0x6163
exception.instruction: mov dword ptr [edx], eax
exception.module: cad32e14c4c967e706afe185d8fc0f89.exe
exception.exception_code: 0xc0000005
exception.offset: 24931
exception.address: 0x406163
success 0 0
1619947482.722625
__exception__
stacktrace: 
arch_masks+0x6c0 initialBufferSize-0xf600 @ 0x73e40100

registers.esp: 1632780
registers.edi: 2880471992
registers.eax: 35386508
registers.ebp: 1632912
registers.edx: 0
registers.ebx: 959070425
registers.esi: 285279978
registers.ecx: 1950559753
exception.instruction_r: 89 02 9b c7 45 fc fe ff ff ff eb 38 8b 45 ec 8b
exception.symbol: cad32e14c4c967e706afe185d8fc0f89+0x6163
exception.instruction: mov dword ptr [edx], eax
exception.module: cad32e14c4c967e706afe185d8fc0f89.exe
exception.exception_code: 0xc0000005
exception.offset: 24931
exception.address: 0x406163
success 0 0
1619947482.722625
__exception__
stacktrace: 
arch_masks+0x6c0 initialBufferSize-0xf600 @ 0x73e40100

registers.esp: 1632780
registers.edi: 3682211052
registers.eax: 3983994246
registers.ebp: 1632912
registers.edx: 0
registers.ebx: 8214
registers.esi: 285279978
registers.ecx: 8200
exception.instruction_r: 89 02 9b c7 45 fc fe ff ff ff eb 38 8b 45 ec 8b
exception.symbol: cad32e14c4c967e706afe185d8fc0f89+0x6163
exception.instruction: mov dword ptr [edx], eax
exception.module: cad32e14c4c967e706afe185d8fc0f89.exe
exception.exception_code: 0xc0000005
exception.offset: 24931
exception.address: 0x406163
success 0 0
1619947482.722625
__exception__
stacktrace: 
arch_masks+0x6c0 initialBufferSize-0xf600 @ 0x73e40100

registers.esp: 1632780
registers.edi: 2656581392
registers.eax: 2068401508
registers.ebp: 1632912
registers.edx: 0
registers.ebx: 418378858
registers.esi: 285279978
registers.ecx: 1950559753
exception.instruction_r: 89 02 9b c7 45 fc fe ff ff ff eb 38 8b 45 ec 8b
exception.symbol: cad32e14c4c967e706afe185d8fc0f89+0x6163
exception.instruction: mov dword ptr [edx], eax
exception.module: cad32e14c4c967e706afe185d8fc0f89.exe
exception.exception_code: 0xc0000005
exception.offset: 24931
exception.address: 0x406163
success 0 0
1619947482.722625
__exception__
stacktrace: 
arch_masks+0x6c0 initialBufferSize-0xf600 @ 0x73e40100

registers.esp: 1632780
registers.edi: 3319434400
registers.eax: 3373901294
registers.ebp: 1632912
registers.edx: 0
registers.ebx: 8216
registers.esi: 285279978
registers.ecx: 8200
exception.instruction_r: 89 02 9b c7 45 fc fe ff ff ff eb 38 8b 45 ec 8b
exception.symbol: cad32e14c4c967e706afe185d8fc0f89+0x6163
exception.instruction: mov dword ptr [edx], eax
exception.module: cad32e14c4c967e706afe185d8fc0f89.exe
exception.exception_code: 0xc0000005
exception.offset: 24931
exception.address: 0x406163
success 0 0
1619947482.722625
__exception__
stacktrace: 
arch_masks+0x6c0 initialBufferSize-0xf600 @ 0x73e40100

registers.esp: 1632780
registers.edi: 3179426070
registers.eax: 3594253304
registers.ebp: 1632912
registers.edx: 0
registers.ebx: 1779979828
registers.esi: 285279978
registers.ecx: 1950559753
exception.instruction_r: 89 02 9b c7 45 fc fe ff ff ff eb 38 8b 45 ec 8b
exception.symbol: cad32e14c4c967e706afe185d8fc0f89+0x6163
exception.instruction: mov dword ptr [edx], eax
exception.module: cad32e14c4c967e706afe185d8fc0f89.exe
exception.exception_code: 0xc0000005
exception.offset: 24931
exception.address: 0x406163
success 0 0
1619947482.722625
__exception__
stacktrace: 
arch_masks+0x6c0 initialBufferSize-0xf600 @ 0x73e40100

registers.esp: 1632780
registers.edi: 2059839954
registers.eax: 2129853938
registers.ebp: 1632912
registers.edx: 0
registers.ebx: 8218
registers.esi: 285279978
registers.ecx: 8200
exception.instruction_r: 89 02 9b c7 45 fc fe ff ff ff eb 38 8b 45 ec 8b
exception.symbol: cad32e14c4c967e706afe185d8fc0f89+0x6163
exception.instruction: mov dword ptr [edx], eax
exception.module: cad32e14c4c967e706afe185d8fc0f89.exe
exception.exception_code: 0xc0000005
exception.offset: 24931
exception.address: 0x406163
success 0 0
1619947482.722625
__exception__
stacktrace: 
arch_masks+0x6c0 initialBufferSize-0xf600 @ 0x73e40100

registers.esp: 1632780
registers.edi: 2910833914
registers.eax: 3774191184
registers.ebp: 1632912
registers.edx: 0
registers.ebx: 3887970398
registers.esi: 285279978
registers.ecx: 1950559753
exception.instruction_r: 89 02 9b c7 45 fc fe ff ff ff eb 38 8b 45 ec 8b
exception.symbol: cad32e14c4c967e706afe185d8fc0f89+0x6163
exception.instruction: mov dword ptr [edx], eax
exception.module: cad32e14c4c967e706afe185d8fc0f89.exe
exception.exception_code: 0xc0000005
exception.offset: 24931
exception.address: 0x406163
success 0 0
1619947482.722625
__exception__
stacktrace: 
arch_masks+0x6c0 initialBufferSize-0xf600 @ 0x73e40100

registers.esp: 1632780
registers.edi: 1476388450
registers.eax: 541556570
registers.ebp: 1632912
registers.edx: 0
registers.ebx: 8220
registers.esi: 285279978
registers.ecx: 8200
exception.instruction_r: 89 02 9b c7 45 fc fe ff ff ff eb 38 8b 45 ec 8b
exception.symbol: cad32e14c4c967e706afe185d8fc0f89+0x6163
exception.instruction: mov dword ptr [edx], eax
exception.module: cad32e14c4c967e706afe185d8fc0f89.exe
exception.exception_code: 0xc0000005
exception.offset: 24931
exception.address: 0x406163
success 0 0
1619947482.722625
__exception__
stacktrace: 
arch_masks+0x6c0 initialBufferSize-0xf600 @ 0x73e40100

registers.esp: 1632780
registers.edi: 61425644
registers.eax: 33467796
registers.ebp: 1632912
registers.edx: 0
registers.ebx: 8221
registers.esi: 285279978
registers.ecx: 8200
exception.instruction_r: 89 02 9b c7 45 fc fe ff ff ff eb 38 8b 45 ec 8b
exception.symbol: cad32e14c4c967e706afe185d8fc0f89+0x6163
exception.instruction: mov dword ptr [edx], eax
exception.module: cad32e14c4c967e706afe185d8fc0f89.exe
exception.exception_code: 0xc0000005
exception.offset: 24931
exception.address: 0x406163
success 0 0
1619947482.722625
__exception__
stacktrace: 
arch_masks+0x6c0 initialBufferSize-0xf600 @ 0x73e40100

registers.esp: 1632780
registers.edi: 1969770036
registers.eax: 4046257095
registers.ebp: 1632912
registers.edx: 0
registers.ebx: 8222
registers.esi: 285279978
registers.ecx: 8200
exception.instruction_r: 89 02 9b c7 45 fc fe ff ff ff eb 38 8b 45 ec 8b
exception.symbol: cad32e14c4c967e706afe185d8fc0f89+0x6163
exception.instruction: mov dword ptr [edx], eax
exception.module: cad32e14c4c967e706afe185d8fc0f89.exe
exception.exception_code: 0xc0000005
exception.offset: 24931
exception.address: 0x406163
success 0 0
1619947482.722625
__exception__
stacktrace: 
arch_masks+0x6c0 initialBufferSize-0xf600 @ 0x73e40100

registers.esp: 1632780
registers.edi: 2000930159
registers.eax: 3940951186
registers.ebp: 1632912
registers.edx: 0
registers.ebx: 8223
registers.esi: 402720783
registers.ecx: 8200
exception.instruction_r: 89 02 9b c7 45 fc fe ff ff ff eb 38 8b 45 ec 8b
exception.symbol: cad32e14c4c967e706afe185d8fc0f89+0x6163
exception.instruction: mov dword ptr [edx], eax
exception.module: cad32e14c4c967e706afe185d8fc0f89.exe
exception.exception_code: 0xc0000005
exception.offset: 24931
exception.address: 0x406163
success 0 0
1619947482.722625
__exception__
stacktrace: 
arch_masks+0x6c0 initialBufferSize-0xf600 @ 0x73e40100

registers.esp: 1632780
registers.edi: 140596475
registers.eax: 1710073808
registers.ebp: 1632912
registers.edx: 0
registers.ebx: 603074268
registers.esi: 402720783
registers.ecx: 1950559753
exception.instruction_r: 89 02 9b c7 45 fc fe ff ff ff eb 38 8b 45 ec 8b
exception.symbol: cad32e14c4c967e706afe185d8fc0f89+0x6163
exception.instruction: mov dword ptr [edx], eax
exception.module: cad32e14c4c967e706afe185d8fc0f89.exe
exception.exception_code: 0xc0000005
exception.offset: 24931
exception.address: 0x406163
success 0 0
1619947482.722625
__exception__
stacktrace: 
arch_masks+0x6c0 initialBufferSize-0xf600 @ 0x73e40100

registers.esp: 1632780
registers.edi: 166810007
registers.eax: 3880102510
registers.ebp: 1632912
registers.edx: 0
registers.ebx: 1761586934
registers.esi: 402720783
registers.ecx: 1950559753
exception.instruction_r: 89 02 9b c7 45 fc fe ff ff ff eb 38 8b 45 ec 8b
exception.symbol: cad32e14c4c967e706afe185d8fc0f89+0x6163
exception.instruction: mov dword ptr [edx], eax
exception.module: cad32e14c4c967e706afe185d8fc0f89.exe
exception.exception_code: 0xc0000005
exception.offset: 24931
exception.address: 0x406163
success 0 0
1619947482.722625
__exception__
stacktrace: 
arch_masks+0x6c0 initialBufferSize-0xf600 @ 0x73e40100

registers.esp: 1632780
registers.edi: 2440140003
registers.eax: 3980252072
registers.ebp: 1632912
registers.edx: 0
registers.ebx: 1775215360
registers.esi: 402720783
registers.ecx: 1950559753
exception.instruction_r: 89 02 9b c7 45 fc fe ff ff ff eb 38 8b 45 ec 8b
exception.symbol: cad32e14c4c967e706afe185d8fc0f89+0x6163
exception.instruction: mov dword ptr [edx], eax
exception.module: cad32e14c4c967e706afe185d8fc0f89.exe
exception.exception_code: 0xc0000005
exception.offset: 24931
exception.address: 0x406163
success 0 0
1619947482.722625
__exception__
stacktrace: 
arch_masks+0x6c0 initialBufferSize-0xf600 @ 0x73e40100

registers.esp: 1632780
registers.edi: 1275672585
registers.eax: 2070353570
registers.ebp: 1632912
registers.edx: 0
registers.ebx: 8227
registers.esi: 402720783
registers.ecx: 8200
exception.instruction_r: 89 02 9b c7 45 fc fe ff ff ff eb 38 8b 45 ec 8b
exception.symbol: cad32e14c4c967e706afe185d8fc0f89+0x6163
exception.instruction: mov dword ptr [edx], eax
exception.module: cad32e14c4c967e706afe185d8fc0f89.exe
exception.exception_code: 0xc0000005
exception.offset: 24931
exception.address: 0x406163
success 0 0
1619947482.722625
__exception__
stacktrace: 
arch_masks+0x6c0 initialBufferSize-0xf600 @ 0x73e40100

registers.esp: 1632780
registers.edi: 1448783511
registers.eax: 7521333
registers.ebp: 1632912
registers.edx: 0
registers.ebx: 8228
registers.esi: 402720783
registers.ecx: 8200
exception.instruction_r: 89 02 9b c7 45 fc fe ff ff ff eb 38 8b 45 ec 8b
exception.symbol: cad32e14c4c967e706afe185d8fc0f89+0x6163
exception.instruction: mov dword ptr [edx], eax
exception.module: cad32e14c4c967e706afe185d8fc0f89.exe
exception.exception_code: 0xc0000005
exception.offset: 24931
exception.address: 0x406163
success 0 0
1619947482.722625
__exception__
stacktrace: 
arch_masks+0x6c0 initialBufferSize-0xf600 @ 0x73e40100

registers.esp: 1632780
registers.edi: 1721931012
registers.eax: 3209675696
registers.ebp: 1632912
registers.edx: 0
registers.ebx: 8229
registers.esi: 402720783
registers.ecx: 8200
exception.instruction_r: 89 02 9b c7 45 fc fe ff ff ff eb 38 8b 45 ec 8b
exception.symbol: cad32e14c4c967e706afe185d8fc0f89+0x6163
exception.instruction: mov dword ptr [edx], eax
exception.module: cad32e14c4c967e706afe185d8fc0f89.exe
exception.exception_code: 0xc0000005
exception.offset: 24931
exception.address: 0x406163
success 0 0
1619947482.722625
__exception__
stacktrace: 
arch_masks+0x6c0 initialBufferSize-0xf600 @ 0x73e40100

registers.esp: 1632780
registers.edi: 2502431816
registers.eax: 313300666
registers.ebp: 1632912
registers.edx: 0
registers.ebx: 646027888
registers.esi: 402720783
registers.ecx: 1950559753
exception.instruction_r: 89 02 9b c7 45 fc fe ff ff ff eb 38 8b 45 ec 8b
exception.symbol: cad32e14c4c967e706afe185d8fc0f89+0x6163
exception.instruction: mov dword ptr [edx], eax
exception.module: cad32e14c4c967e706afe185d8fc0f89.exe
exception.exception_code: 0xc0000005
exception.offset: 24931
exception.address: 0x406163
success 0 0
1619947482.722625
__exception__
stacktrace: 
arch_masks+0x6c0 initialBufferSize-0xf600 @ 0x73e40100

registers.esp: 1632780
registers.edi: 2870571994
registers.eax: 306340164
registers.ebp: 1632912
registers.edx: 0
registers.ebx: 616065908
registers.esi: 402720783
registers.ecx: 1950559753
exception.instruction_r: 89 02 9b c7 45 fc fe ff ff ff eb 38 8b 45 ec 8b
exception.symbol: cad32e14c4c967e706afe185d8fc0f89+0x6163
exception.instruction: mov dword ptr [edx], eax
exception.module: cad32e14c4c967e706afe185d8fc0f89.exe
exception.exception_code: 0xc0000005
exception.offset: 24931
exception.address: 0x406163
success 0 0
1619947482.722625
__exception__
stacktrace: 
arch_masks+0x6c0 initialBufferSize-0xf600 @ 0x73e40100

registers.esp: 1632780
registers.edi: 3567739810
registers.eax: 2997449086
registers.ebp: 1632912
registers.edx: 0
registers.ebx: 1893406864
registers.esi: 402720783
registers.ecx: 1950559753
exception.instruction_r: 89 02 9b c7 45 fc fe ff ff ff eb 38 8b 45 ec 8b
exception.symbol: cad32e14c4c967e706afe185d8fc0f89+0x6163
exception.instruction: mov dword ptr [edx], eax
exception.module: cad32e14c4c967e706afe185d8fc0f89.exe
exception.exception_code: 0xc0000005
exception.offset: 24931
exception.address: 0x406163
success 0 0
1619947482.722625
__exception__
stacktrace: 
arch_masks+0x6c0 initialBufferSize-0xf600 @ 0x73e40100

registers.esp: 1632780
registers.edi: 2755016292
registers.eax: 960613816
registers.ebp: 1632912
registers.edx: 0
registers.ebx: 8233
registers.esi: 402720783
registers.ecx: 8200
exception.instruction_r: 89 02 9b c7 45 fc fe ff ff ff eb 38 8b 45 ec 8b
exception.symbol: cad32e14c4c967e706afe185d8fc0f89+0x6163
exception.instruction: mov dword ptr [edx], eax
exception.module: cad32e14c4c967e706afe185d8fc0f89.exe
exception.exception_code: 0xc0000005
exception.offset: 24931
exception.address: 0x406163
success 0 0
1619947482.722625
__exception__
stacktrace: 
arch_masks+0x6c0 initialBufferSize-0xf600 @ 0x73e40100

registers.esp: 1632780
registers.edi: 2479172064
registers.eax: 1395362291
registers.ebp: 1632912
registers.edx: 0
registers.ebx: 1216313416
registers.esi: 402720783
registers.ecx: 1950559753
exception.instruction_r: 89 02 9b c7 45 fc fe ff ff ff eb 38 8b 45 ec 8b
exception.symbol: cad32e14c4c967e706afe185d8fc0f89+0x6163
exception.instruction: mov dword ptr [edx], eax
exception.module: cad32e14c4c967e706afe185d8fc0f89.exe
exception.exception_code: 0xc0000005
exception.offset: 24931
exception.address: 0x406163
success 0 0
1619947482.722625
__exception__
stacktrace: 
arch_masks+0x6c0 initialBufferSize-0xf600 @ 0x73e40100

registers.esp: 1632780
registers.edi: 759272749
registers.eax: 1709735198
registers.ebp: 1632912
registers.edx: 0
registers.ebx: 8235
registers.esi: 402720783
registers.ecx: 8200
exception.instruction_r: 89 02 9b c7 45 fc fe ff ff ff eb 38 8b 45 ec 8b
exception.symbol: cad32e14c4c967e706afe185d8fc0f89+0x6163
exception.instruction: mov dword ptr [edx], eax
exception.module: cad32e14c4c967e706afe185d8fc0f89.exe
exception.exception_code: 0xc0000005
exception.offset: 24931
exception.address: 0x406163
success 0 0
1619947482.722625
__exception__
stacktrace: 
arch_masks+0x6c0 initialBufferSize-0xf600 @ 0x73e40100

registers.esp: 1632780
registers.edi: 1107989909
registers.eax: 1937664936
registers.ebp: 1632912
registers.edx: 0
registers.ebx: 1859797880
registers.esi: 402720783
registers.ecx: 1950559753
exception.instruction_r: 89 02 9b c7 45 fc fe ff ff ff eb 38 8b 45 ec 8b
exception.symbol: cad32e14c4c967e706afe185d8fc0f89+0x6163
exception.instruction: mov dword ptr [edx], eax
exception.module: cad32e14c4c967e706afe185d8fc0f89.exe
exception.exception_code: 0xc0000005
exception.offset: 24931
exception.address: 0x406163
success 0 0
1619947482.722625
__exception__
stacktrace: 
arch_masks+0x6c0 initialBufferSize-0xf600 @ 0x73e40100

registers.esp: 1632780
registers.edi: 404966523
registers.eax: 2240374578
registers.ebp: 1632912
registers.edx: 0
registers.ebx: 1318099596
registers.esi: 402720783
registers.ecx: 1950559753
exception.instruction_r: 89 02 9b c7 45 fc fe ff ff ff eb 38 8b 45 ec 8b
exception.symbol: cad32e14c4c967e706afe185d8fc0f89+0x6163
exception.instruction: mov dword ptr [edx], eax
exception.module: cad32e14c4c967e706afe185d8fc0f89.exe
exception.exception_code: 0xc0000005
exception.offset: 24931
exception.address: 0x406163
success 0 0
1619947482.722625
__exception__
stacktrace: 
arch_masks+0x6c0 initialBufferSize-0xf600 @ 0x73e40100

registers.esp: 1632780
registers.edi: 1241138239
registers.eax: 2257270316
registers.ebp: 1632912
registers.edx: 0
registers.ebx: 2147179872
registers.esi: 402720783
registers.ecx: 1950559753
exception.instruction_r: 89 02 9b c7 45 fc fe ff ff ff eb 38 8b 45 ec 8b
exception.symbol: cad32e14c4c967e706afe185d8fc0f89+0x6163
exception.instruction: mov dword ptr [edx], eax
exception.module: cad32e14c4c967e706afe185d8fc0f89.exe
exception.exception_code: 0xc0000005
exception.offset: 24931
exception.address: 0x406163
success 0 0
1619947482.722625
__exception__
stacktrace: 
arch_masks+0x6c0 initialBufferSize-0xf600 @ 0x73e40100

registers.esp: 1632780
registers.edi: 3020472981
registers.eax: 418315622
registers.ebp: 1632912
registers.edx: 0
registers.ebx: 1236376144
registers.esi: 402720783
registers.ecx: 1950559753
exception.instruction_r: 89 02 9b c7 45 fc fe ff ff ff eb 38 8b 45 ec 8b
exception.symbol: cad32e14c4c967e706afe185d8fc0f89+0x6163
exception.instruction: mov dword ptr [edx], eax
exception.module: cad32e14c4c967e706afe185d8fc0f89.exe
exception.exception_code: 0xc0000005
exception.offset: 24931
exception.address: 0x406163
success 0 0
1619947482.722625
__exception__
stacktrace: 
arch_masks+0x6c0 initialBufferSize-0xf600 @ 0x73e40100

registers.esp: 1632780
registers.edi: 3929972141
registers.eax: 653575776
registers.ebp: 1632912
registers.edx: 0
registers.ebx: 8240
registers.esi: 402720783
registers.ecx: 8200
exception.instruction_r: 89 02 9b c7 45 fc fe ff ff ff eb 38 8b 45 ec 8b
exception.symbol: cad32e14c4c967e706afe185d8fc0f89+0x6163
exception.instruction: mov dword ptr [edx], eax
exception.module: cad32e14c4c967e706afe185d8fc0f89.exe
exception.exception_code: 0xc0000005
exception.offset: 24931
exception.address: 0x406163
success 0 0
1619947482.722625
__exception__
stacktrace: 
arch_masks+0x6c0 initialBufferSize-0xf600 @ 0x73e40100

registers.esp: 1632780
registers.edi: 3309759415
registers.eax: 3667397530
registers.ebp: 1632912
registers.edx: 0
registers.ebx: 3652861024
registers.esi: 402720783
registers.ecx: 1950559753
exception.instruction_r: 89 02 9b c7 45 fc fe ff ff ff eb 38 8b 45 ec 8b
exception.symbol: cad32e14c4c967e706afe185d8fc0f89+0x6163
exception.instruction: mov dword ptr [edx], eax
exception.module: cad32e14c4c967e706afe185d8fc0f89.exe
exception.exception_code: 0xc0000005
exception.offset: 24931
exception.address: 0x406163
success 0 0
1619947482.722625
__exception__
stacktrace: 
arch_masks+0x6c0 initialBufferSize-0xf600 @ 0x73e40100

registers.esp: 1632780
registers.edi: 979613795
registers.eax: 3353003668
registers.ebp: 1632912
registers.edx: 0
registers.ebx: 8242
registers.esi: 402720783
registers.ecx: 8200
exception.instruction_r: 89 02 9b c7 45 fc fe ff ff ff eb 38 8b 45 ec 8b
exception.symbol: cad32e14c4c967e706afe185d8fc0f89+0x6163
exception.instruction: mov dword ptr [edx], eax
exception.module: cad32e14c4c967e706afe185d8fc0f89.exe
exception.exception_code: 0xc0000005
exception.offset: 24931
exception.address: 0x406163
success 0 0
1619947482.722625
__exception__
stacktrace: 
arch_masks+0x6c0 initialBufferSize-0xf600 @ 0x73e40100

registers.esp: 1632780
registers.edi: 846658739
registers.eax: 3106901298
registers.ebp: 1632912
registers.edx: 0
registers.ebx: 8243
registers.esi: 402720783
registers.ecx: 8200
exception.instruction_r: 89 02 9b c7 45 fc fe ff ff ff eb 38 8b 45 ec 8b
exception.symbol: cad32e14c4c967e706afe185d8fc0f89+0x6163
exception.instruction: mov dword ptr [edx], eax
exception.module: cad32e14c4c967e706afe185d8fc0f89.exe
exception.exception_code: 0xc0000005
exception.offset: 24931
exception.address: 0x406163
success 0 0
1619947482.722625
__exception__
stacktrace: 
arch_masks+0x6c0 initialBufferSize-0xf600 @ 0x73e40100

registers.esp: 1632780
registers.edi: 474027693
registers.eax: 2061261645
registers.ebp: 1632912
registers.edx: 0
registers.ebx: 1853796310
registers.esi: 402720783
registers.ecx: 1950559753
exception.instruction_r: 89 02 9b c7 45 fc fe ff ff ff eb 38 8b 45 ec 8b
exception.symbol: cad32e14c4c967e706afe185d8fc0f89+0x6163
exception.instruction: mov dword ptr [edx], eax
exception.module: cad32e14c4c967e706afe185d8fc0f89.exe
exception.exception_code: 0xc0000005
exception.offset: 24931
exception.address: 0x406163
success 0 0
1619947482.738625
__exception__
stacktrace: 
arch_masks+0x6c0 initialBufferSize-0xf600 @ 0x73e40100

registers.esp: 1632780
registers.edi: 4151473182
registers.eax: 1379867760
registers.ebp: 1632912
registers.edx: 0
registers.ebx: 2050089181
registers.esi: 402720783
registers.ecx: 1950559753
exception.instruction_r: 89 02 9b c7 45 fc fe ff ff ff eb 38 8b 45 ec 8b
exception.symbol: cad32e14c4c967e706afe185d8fc0f89+0x6163
exception.instruction: mov dword ptr [edx], eax
exception.module: cad32e14c4c967e706afe185d8fc0f89.exe
exception.exception_code: 0xc0000005
exception.offset: 24931
exception.address: 0x406163
success 0 0
1619947482.738625
__exception__
stacktrace: 
arch_masks+0x6c0 initialBufferSize-0xf600 @ 0x73e40100

registers.esp: 1632780
registers.edi: 3721578706
registers.eax: 3263664490
registers.ebp: 1632912
registers.edx: 0
registers.ebx: 8246
registers.esi: 402720783
registers.ecx: 8200
exception.instruction_r: 89 02 9b c7 45 fc fe ff ff ff eb 38 8b 45 ec 8b
exception.symbol: cad32e14c4c967e706afe185d8fc0f89+0x6163
exception.instruction: mov dword ptr [edx], eax
exception.module: cad32e14c4c967e706afe185d8fc0f89.exe
exception.exception_code: 0xc0000005
exception.offset: 24931
exception.address: 0x406163
success 0 0
1619947482.738625
__exception__
stacktrace: 
arch_masks+0x6c0 initialBufferSize-0xf600 @ 0x73e40100

registers.esp: 1632780
registers.edi: 2286090102
registers.eax: 1432969864
registers.ebp: 1632912
registers.edx: 0
registers.ebx: 1540865834
registers.esi: 402720783
registers.ecx: 1950559753
exception.instruction_r: 89 02 9b c7 45 fc fe ff ff ff eb 38 8b 45 ec 8b
exception.symbol: cad32e14c4c967e706afe185d8fc0f89+0x6163
exception.instruction: mov dword ptr [edx], eax
exception.module: cad32e14c4c967e706afe185d8fc0f89.exe
exception.exception_code: 0xc0000005
exception.offset: 24931
exception.address: 0x406163
success 0 0
1619947482.738625
__exception__
stacktrace: 
arch_masks+0x6c0 initialBufferSize-0xf600 @ 0x73e40100

registers.esp: 1632780
registers.edi: 1604187302
registers.eax: 3107723282
registers.ebp: 1632912
registers.edx: 0
registers.ebx: 8248
registers.esi: 402720783
registers.ecx: 8200
exception.instruction_r: 89 02 9b c7 45 fc fe ff ff ff eb 38 8b 45 ec 8b
exception.symbol: cad32e14c4c967e706afe185d8fc0f89+0x6163
exception.instruction: mov dword ptr [edx], eax
exception.module: cad32e14c4c967e706afe185d8fc0f89.exe
exception.exception_code: 0xc0000005
exception.offset: 24931
exception.address: 0x406163
success 0 0
1619947482.738625
__exception__
stacktrace: 
arch_masks+0x6c0 initialBufferSize-0xf600 @ 0x73e40100

registers.esp: 1632780
registers.edi: 2280798204
registers.eax: 102803868
registers.ebp: 1632912
registers.edx: 0
registers.ebx: 3581081108
registers.esi: 402720783
registers.ecx: 1950559753
exception.instruction_r: 89 02 9b c7 45 fc fe ff ff ff eb 38 8b 45 ec 8b
exception.symbol: cad32e14c4c967e706afe185d8fc0f89+0x6163
exception.instruction: mov dword ptr [edx], eax
exception.module: cad32e14c4c967e706afe185d8fc0f89.exe
exception.exception_code: 0xc0000005
exception.offset: 24931
exception.address: 0x406163
success 0 0
行为判定
动态指标
One or more potentially interesting buffers were extracted, these generally contain injected code, configuration data, etc.
Allocates read-write-execute memory (usually to unpack itself) (3 个事件)
Time & API Arguments Status Return Repeated
1619947482.707625
NtAllocateVirtualMemory
process_identifier: 152
region_size: 86016
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x02ce0000
success 0 0
1619947486.261461
NtAllocateVirtualMemory
process_identifier: 3048
region_size: 2097152
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 8192 (MEM_RESERVE)
base_address: 0x00af0000
success 0 0
1619947486.261461
NtAllocateVirtualMemory
process_identifier: 3048
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00cb0000
success 0 0
Checks adapter addresses which can be used to detect virtual network interfaces (1 个事件)
Time & API Arguments Status Return Repeated
1619947472.222625
GetAdaptersAddresses
flags: 1158
family: 0
success 0 0
The binary likely contains encrypted or compressed data indicative of a packer (2 个事件)
entropy 7.372237223435121 section {'size_of_data': '0x000b3400', 'virtual_address': '0x000db000', 'entropy': 7.372237223435121, 'name': '.rsrc', 'virtual_size': '0x000b33e8'} description A section with a high entropy has been found
entropy 0.6175710594315246 description Overall entropy of this PE file is high
网络通信
One or more of the buffers contains an embedded PE file (1 个事件)
buffer Buffer with sha1: 53a39c4e3ffab639bf87a1b1ef508776fc73e561
Communicates with host for which no DNS query was performed (1 个事件)
host 172.217.24.14
Used NtSetContextThread to modify a thread in a remote process indicative of process injection (2 个事件)
Process injection Process 152 called NtSetContextThread to modify thread in remote process 3048
Time & API Arguments Status Return Repeated
1619947483.816625
NtSetContextThread
thread_handle: 0x00000244
registers.eip: 2010382788
registers.esp: 1638384
registers.edi: 0
registers.eax: 4498494
registers.ebp: 0
registers.edx: 0
registers.ebx: 2130567168
registers.esi: 0
registers.ecx: 0
process_identifier: 3048
success 0 0
Resumed a suspended thread in a remote process potentially indicative of process injection (2 个事件)
Process injection Process 152 resumed a thread in remote process 3048
Time & API Arguments Status Return Repeated
1619947485.113625
NtResumeThread
thread_handle: 0x00000244
suspend_count: 1
process_identifier: 3048
success 0 0
Executed a process and injected code into it, probably while unpacking (5 个事件)
Time & API Arguments Status Return Repeated
1619947483.816625
CreateProcessInternalW
thread_identifier: 2248
thread_handle: 0x00000244
process_identifier: 3048
current_directory:
filepath:
track: 1
command_line: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\cad32e14c4c967e706afe185d8fc0f89.exe
filepath_r:
stack_pivoted: 0
creation_flags: 4 (CREATE_SUSPENDED)
process_handle: 0x00000240
inherit_handles: 0
success 1 0
1619947483.816625
NtGetContextThread
thread_handle: 0x00000244
success 0 0
1619947483.816625
WriteProcessMemory
process_identifier: 3048
buffer:
process_handle: 0x00000240
base_address: 0x00400000
success 1 0
1619947483.816625
NtSetContextThread
thread_handle: 0x00000244
registers.eip: 2010382788
registers.esp: 1638384
registers.edi: 0
registers.eax: 4498494
registers.ebp: 0
registers.edx: 0
registers.ebx: 2130567168
registers.esi: 0
registers.ecx: 0
process_identifier: 3048
success 0 0
1619947485.113625
NtResumeThread
thread_handle: 0x00000244
suspend_count: 1
process_identifier: 3048
success 0 0
File has been identified by 47 AntiVirus engines on VirusTotal as malicious (47 个事件)
Bkav W32.AIDetectVM.malware1
Elastic malicious (high confidence)
DrWeb Trojan.PWS.AgenslaNET.1
MicroWorld-eScan Gen:Variant.Fugrafa.36258
FireEye Generic.mg.cad32e14c4c967e7
McAfee Artemis!CAD32E14C4C9
Cylance Unsafe
K7AntiVirus Trojan ( 005608181 )
Alibaba Trojan:MSIL/Autorun.cbda5882
K7GW Trojan ( 005608181 )
Cybereason malicious.4c4c96
Arcabit Trojan.Fugrafa.D8DA2
BitDefenderTheta Gen:NN.ZexaF.34700.iz0@aCCxN2ai
Symantec ML.Attribute.HighConfidence
ESET-NOD32 MSIL/Autorun.Spy.Agent.DF
TrendMicro-HouseCall TROJ_GEN.R06EC0WI220
Avast Win32:Malware-gen
Kaspersky Trojan-PSW.MSIL.Agensla.sjz
BitDefender Gen:Variant.Fugrafa.36258
Paloalto generic.ml
AegisLab Trojan.MSIL.Agensla.i!c
Tencent Msil.Worm.Autorun.Tcbz
Ad-Aware Gen:Variant.Fugrafa.36258
Emsisoft Gen:Variant.Fugrafa.36258 (B)
F-Secure Worm.WORM/Autorun.nelvz
VIPRE Trojan.Win32.Generic!BT
TrendMicro TROJ_GEN.R06EC0WI220
McAfee-GW-Edition BehavesLike.Win32.Dropper.tc
Sophos Mal/Generic-S
Webroot W32.Trojan.Gen
Avira WORM/Autorun.nelvz
Microsoft Trojan:Win32/Bluteal!rfn
ZoneAlarm Trojan-PSW.MSIL.Agensla.sjz
GData Gen:Variant.Fugrafa.36258
Cynet Malicious (score: 90)
AhnLab-V3 Trojan/Win32.Shiotob.R335471
ALYac Spyware.AgentTesla
Malwarebytes Spyware.AutoRun.AutoIt
APEX Malicious
Rising Trojan.Generic@ML.80 (RDML:IizUadwPJ/I9LZTPpX2L+A)
Yandex Trojan.Igent.bTwp90.42
Ikarus Worm.MSIL.Autorun
Fortinet W32/Spy_Agent.DF!worm
MaxSecure Trojan.Malware.74493803.susgen
AVG Win32:Malware-gen
CrowdStrike win/malicious_confidence_100% (W)
Qihoo-360 Generic/Trojan.PSW.fd4
Connects to IP addresses that are no longer responding to requests (legitimate services will remain up-and-running usually) (2 个事件)
dead_host 172.217.24.14:443
dead_host 172.217.27.142:443
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

2020-04-08 02:50:18

Imports

Library KERNEL32.dll:
0x43b0c4 IsValidCodePage
0x43b0c8 FindNextFileA
0x43b0cc FindFirstFileExA
0x43b0d0 FindClose
0x43b0d4 GetStringTypeW
0x43b0d8 LCMapStringW
0x43b0dc CompareStringW
0x43b0e0 DecodePointer
0x43b0e4 GetACP
0x43b0e8 WideCharToMultiByte
0x43b0ec MultiByteToWideChar
0x43b0f0 WriteConsoleW
0x43b0f4 GetModuleFileNameA
0x43b0f8 GetFileType
0x43b0fc GetModuleHandleExW
0x43b100 GetOEMCP
0x43b104 LoadLibraryExW
0x43b108 FreeLibrary
0x43b10c TlsFree
0x43b110 TlsSetValue
0x43b114 TlsGetValue
0x43b118 TlsAlloc
0x43b12c EncodePointer
0x43b130 SetLastError
0x43b134 RaiseException
0x43b138 RtlUnwind
0x43b13c InitializeSListHead
0x43b144 GetCurrentThreadId
0x43b148 GetCurrentProcessId
0x43b150 GetModuleHandleW
0x43b154 GetStartupInfoW
0x43b158 IsDebuggerPresent
0x43b160 TerminateProcess
0x43b164 GetCurrentProcess
0x43b170 GetCPInfo
0x43b174 GetCommandLineA
0x43b17c GetCommandLineW
0x43b188 SetStdHandle
0x43b18c GetConsoleCP
0x43b190 GetConsoleMode
0x43b194 HeapSize
0x43b198 HeapReAlloc
0x43b19c SetFilePointerEx
0x43b1a0 BuildCommDCBA
0x43b1a4 CreateFileA
0x43b1a8 SetCommTimeouts
0x43b1ac SetCommState
0x43b1b0 GetCommTimeouts
0x43b1b4 GetCommState
0x43b1b8 GetConsoleWindow
0x43b1c0 CreateNamedPipeA
0x43b1c4 CopyFileW
0x43b1cc OutputDebugStringA
0x43b1d0 LoadLibraryA
0x43b1d4 OpenFileMappingA
0x43b1d8 CreateEventA
0x43b1dc MapViewOfFile
0x43b1e0 DisconnectNamedPipe
0x43b1e4 ConnectNamedPipe
0x43b1e8 CloseHandle
0x43b1ec FlushFileBuffers
0x43b1f0 ReadFile
0x43b1f4 WriteFile
0x43b1f8 GetStdHandle
0x43b1fc WaitForSingleObject
0x43b200 GetLastError
0x43b204 GetProcessHeap
0x43b208 HeapFree
0x43b20c HeapAlloc
0x43b210 GlobalFree
0x43b214 GlobalAlloc
0x43b218 GetProcAddress
0x43b21c GetModuleHandleA
0x43b220 Sleep
0x43b224 ExitProcess
0x43b228 GetTickCount
0x43b22c CreateFileW
Library USER32.dll:
0x43b328 SendMessageA
0x43b32c DefWindowProcA
0x43b330 CallWindowProcA
0x43b334 MoveWindow
0x43b338 GetDlgItem
0x43b33c IsDlgButtonChecked
0x43b340 SetFocus
0x43b344 OemKeyScan
0x43b348 GetSystemMetrics
0x43b34c GetMenu
0x43b350 SetMenu
0x43b354 DrawMenuBar
0x43b358 GetSystemMenu
0x43b35c CreateMenu
0x43b360 CreatePopupMenu
0x43b364 CheckMenuItem
0x43b368 wsprintfW
0x43b36c AppendMenuA
0x43b370 LoadImageA
0x43b374 SetCursor
0x43b378 ClientToScreen
0x43b37c ScreenToClient
0x43b380 SetClassLongA
0x43b384 InsertMenuItemA
0x43b388 AdjustWindowRectEx
0x43b38c DestroyWindow
0x43b390 GetMenuItemInfoA
0x43b394 SetActiveWindow
0x43b398 GetDC
0x43b39c ReleaseDC
0x43b3a0 BeginPaint
0x43b3a4 SetWindowTextA
0x43b3a8 GetClientRect
0x43b3ac MessageBoxA
0x43b3b0 EnableMenuItem
0x43b3b4 UpdateWindow
0x43b3c0 CreateWindowExA
0x43b3c4 UnregisterClassA
0x43b3c8 CopyRect
0x43b3cc SetRect
0x43b3d0 GetCursorPos
0x43b3d4 GetSysColor
0x43b3d8 GetSysColorBrush
0x43b3dc GetWindow
0x43b3e0 LoadCursorA
0x43b3e4 LoadIconA
0x43b3e8 GetMonitorInfoA
0x43b3ec MonitorFromWindow
0x43b3f0 SetWindowLongA
0x43b3f4 GetWindowLongA
0x43b3f8 OffsetRect
0x43b400 GetWindowRect
0x43b404 InvalidateRect
0x43b408 GetUpdateRect
0x43b40c EndPaint
0x43b410 RegisterClassA
0x43b418 ReleaseCapture
0x43b41c SetCapture
0x43b420 ToAscii
0x43b424 GetKeyboardState
0x43b428 GetKeyState
0x43b42c IsZoomed
0x43b430 IsIconic
0x43b434 SetWindowPos
0x43b438 ShowWindow
0x43b43c PostQuitMessage
0x43b440 GetMessagePos
0x43b444 PeekMessageA
0x43b448 DispatchMessageA
0x43b44c TranslateMessage
0x43b450 GetMessageA
0x43b454 TrackMouseEvent
0x43b458 GetDesktopWindow
0x43b45c GetClassInfoA
0x43b460 DestroyIcon
Library GDI32.dll:
0x43b030 ChoosePixelFormat
0x43b034 GetPixelFormat
0x43b038 GetDeviceCaps
0x43b03c DeleteDC
0x43b040 CreateDCA
0x43b044 DescribePixelFormat
0x43b048 SetPixelFormat
0x43b04c ExtTextOutA
0x43b050 GetTextMetricsA
0x43b054 SetTextColor
0x43b058 SetStretchBltMode
0x43b05c StretchBlt
0x43b060 SetBkMode
0x43b064 SetBkColor
0x43b068 SelectObject
0x43b06c Rectangle
0x43b070 GetStockObject
0x43b074 DeleteObject
0x43b078 CreateSolidBrush
0x43b07c CreateRectRgn
0x43b080 CreatePen
0x43b084 CreateFontIndirectA
0x43b088 CreateEllipticRgn
0x43b08c CreateCompatibleDC
0x43b090 CreateBrushIndirect
0x43b094 CombineRgn
0x43b098 SwapBuffers
Library COMDLG32.dll:
0x43b028 GetOpenFileNameA
Library ADVAPI32.dll:
0x43b000 RegCloseKey
0x43b004 RegQueryValueExA
0x43b008 RegOpenKeyA
0x43b014 LogonUserA
Library SHELL32.dll:
0x43b30c SHGetFileInfoA
0x43b310 SHGetFolderLocation
0x43b314 SHGetMalloc
0x43b318 SHGetFolderPathA
Library ole32.dll:
0x43b4e0 OleUninitialize
0x43b4e4 OleInitialize
0x43b4ec StgCreateDocfile
0x43b4f0 StgOpenStorage
0x43b4f4 StgIsStorageFile
0x43b4f8 MkParseDisplayName
Library OPENGL32.dll:
0x43b234 glClearColor
0x43b238 glGetError
0x43b23c wglDeleteContext
0x43b240 glGetBooleanv
0x43b244 wglMakeCurrent
0x43b248 wglCreateContext
0x43b24c glBegin
0x43b250 glColor4ubv
0x43b254 glEnd
0x43b258 glNormal3fv
0x43b25c glVertex3fv
0x43b260 glVertex4f
0x43b264 glLightfv
0x43b268 glMaterialf
0x43b26c glMaterialfv
0x43b270 glClear
0x43b274 glColor3f
0x43b278 glColorMask
0x43b27c glCullFace
0x43b280 glDepthFunc
0x43b284 glDepthMask
0x43b288 glDisable
0x43b28c glEnable
0x43b290 glGetDoublev
0x43b294 glLoadIdentity
0x43b298 glLoadMatrixd
0x43b29c glMatrixMode
0x43b2a0 glPolygonMode
0x43b2a4 glPopMatrix
0x43b2a8 glPushMatrix
0x43b2ac glRotatef
0x43b2b0 glStencilFunc
0x43b2b4 glStencilOp
0x43b2b8 glTranslatef
0x43b2bc glViewport
0x43b2c0 glLightf
0x43b2c8 wglGetCurrentDC
0x43b2d0 glFinish
0x43b2d4 glGetIntegerv
0x43b2d8 glGetString
0x43b2dc wglGetProcAddress
0x43b2e0 glFlush
0x43b2e4 glColor4f
0x43b2ec glDrawArrays
0x43b2f0 glDrawElements
0x43b2f4 glEnableClientState
0x43b2f8 glGetFloatv
0x43b2fc glNormalPointer
0x43b300 glTexCoordPointer
0x43b304 glVertexPointer
Library GLU32.dll:
0x43b0a0 gluPerspective
Library COMCTL32.dll:
Library gdiplus.dll:
0x43b4ac GdiplusStartup
0x43b4b0 GdipFree
0x43b4b8 GdipCloneImage
0x43b4bc GdipAlloc
0x43b4c4 GdipDisposeImage
0x43b4c8 GdipDrawImageRectI
0x43b4cc GdipDeleteGraphics
0x43b4d0 GdipCreateFromHDC
Library WINMM.dll:
0x43b470 joyGetPosEx
0x43b474 timeEndPeriod
0x43b478 timeBeginPeriod
0x43b47c timeGetTime
0x43b480 SendDriverMessage
Library IMM32.dll:
0x43b0a8 ImmGetDefaultIMEWnd
Library WS2_32.dll:
0x43b488 WSASocketA
0x43b48c htons
0x43b490 socket
0x43b494 gethostbyname
0x43b498 gethostname
0x43b49c WSAStartup
0x43b4a0 bind
Library SHLWAPI.dll:
0x43b320 PathAppendW
Library UxTheme.dll:
0x43b468 DrawThemeBackground
Library IPHLPAPI.DLL:
0x43b0b4 GetIfEntry
0x43b0b8 GetNetworkParams
0x43b0bc GetIfTable
Library pdh.dll:
0x43b508 PdhCollectQueryData
Library msi.dll:
0x43b4d8
Library oledlg.dll:
0x43b500 OleUIInsertObjectW

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 49235 114.114.114.114 53
192.168.56.101 51808 114.114.114.114 53
192.168.56.101 55368 114.114.114.114 53
192.168.56.101 56539 114.114.114.114 53
192.168.56.101 57236 114.114.114.114 53
192.168.56.101 63429 114.114.114.114 53
192.168.56.101 65004 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 123 20.189.79.72 time.windows.com 123
192.168.56.101 49713 224.0.0.252 5355
192.168.56.101 50568 224.0.0.252 5355
192.168.56.101 51378 224.0.0.252 5355
192.168.56.101 51963 224.0.0.252 5355
192.168.56.101 53210 224.0.0.252 5355
192.168.56.101 53237 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 58367 224.0.0.252 5355
192.168.56.101 62191 224.0.0.252 5355
192.168.56.101 62318 224.0.0.252 5355

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.