SmartHawk

3.2

中危

该样本未表现出任何异常！

重新分析

下载样本

0383b9e815edbf0b3e0f96a1f44d38a27b569c3b1d686f4206d3a1ed8351a165

cba14071334d051346105dd433496624.exe

分析耗时

96s

最近分析

文件大小

1.5MB

静态报毒动态报毒

未检测暂无鹰眼引擎检测结果

未检测暂无反病毒引擎检测结果

Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available (1 个事件)

Time & API	Arguments	Status	Return	Repeated
1620985520.284924 GlobalMemoryStatusEx		success	1	0

The executable contains unknown PE section names indicative of a packer (could be a false positive) (3 个事件)

section	CODE
section	DATA
section	BSS

The executable uses a known packer (1 个事件)

packer

BobSoft Mini Delphi -> BoB / BobSoft

One or more processes crashed (1 个事件)

Time & API	Arguments	Status	Return	Repeated
1620985524.956924 __exception__	stacktrace: cba14071334d051346105dd433496624+0x8380b @ 0x48380b cba14071334d051346105dd433496624+0x40fa2 @ 0x440fa2 cba14071334d051346105dd433496624+0x43d54 @ 0x443d54 cba14071334d051346105dd433496624+0x43e8c @ 0x443e8c cba14071334d051346105dd433496624+0x43d54 @ 0x443d54 cba14071334d051346105dd433496624+0x439cf @ 0x4439cf cba14071334d051346105dd433496624+0x220f6 @ 0x4220f6 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x775a62fa GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x775a6d3a GetWindow+0x3f0 SendMessageW-0x1b user32+0x1965e @ 0x775a965e SendMessageW+0x4c GetAncestor-0xc0 user32+0x196c5 @ 0x775a96c5 LoadCursorFromFileA+0x1097 DdeEnableCallback-0x1c4d user32+0x55fbb @ 0x775e5fbb LoadCursorFromFileA+0x11d8 DdeEnableCallback-0x1b0c user32+0x560fc @ 0x775e60fc SetKeyboardState+0x1c7c CliImmSetHotKey-0x11bdf user32+0x4312e @ 0x775d312e IsCharAlphaA+0x1a9f EndDialog-0xf5d user32+0x3aa3f @ 0x775caa3f gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x775a62fa GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x775a6d3a GetClientRect+0xc5 CallWindowProcW-0xb user32+0x20d27 @ 0x775b0d27 CallWindowProcA+0x1b GetClassNameA-0x95 user32+0x2794a @ 0x775b794a cba14071334d051346105dd433496624+0x43e38 @ 0x443e38 cba14071334d051346105dd433496624+0x43d54 @ 0x443d54 cba14071334d051346105dd433496624+0x220f6 @ 0x4220f6 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x775a62fa GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x775a6d3a GetWindow+0x3f0 SendMessageW-0x1b user32+0x1965e @ 0x775a965e SetKeyboardState+0x19f9 CliImmSetHotKey-0x11e62 user32+0x42eab @ 0x775d2eab IsCharAlphaA+0x1a9f EndDialog-0xf5d user32+0x3aa3f @ 0x775caa3f gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x775a62fa GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x775a6d3a GetClientRect+0xc5 CallWindowProcW-0xb user32+0x20d27 @ 0x775b0d27 CallWindowProcA+0x1b GetClassNameA-0x95 user32+0x2794a @ 0x775b794a cba14071334d051346105dd433496624+0x43e38 @ 0x443e38 cba14071334d051346105dd433496624+0x43d54 @ 0x443d54 cba14071334d051346105dd433496624+0x220f6 @ 0x4220f6 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x775a62fa GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x775a6d3a GetThreadDesktop+0x185 GetWindowLongW-0x216 user32+0x16de8 @ 0x775a6de8 GetThreadDesktop+0x1e1 GetWindowLongW-0x1ba user32+0x16e44 @ 0x775a6e44 KiUserCallbackDispatcher+0x2e KiUserExceptionDispatcher-0x1a ntdll+0x1011a @ 0x77d4011a PeekMessageA+0x168 SetWindowLongA-0x34 user32+0x260dc @ 0x775b60dc cba14071334d051346105dd433496624+0x5f588 @ 0x45f588 cba14071334d051346105dd433496624+0x859ec @ 0x4859ec BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5 registers.esp: 1634148 registers.edi: 1634752 registers.eax: 1634148 registers.ebp: 1634228 registers.edx: 0 registers.ebx: 4732939 registers.esi: 4732939 registers.ecx: 7 exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727 exception.instruction: leave exception.module: KERNELBASE.dll exception.exception_code: 0xeedfade exception.offset: 46887 exception.address: 0x778eb727	success	0	0

Time & API

Arguments

Status

Return

Repeated

1620985524.956924
__exception__

stacktrace:

cba14071334d051346105dd433496624+0x8380b @ 0x48380b
cba14071334d051346105dd433496624+0x40fa2 @ 0x440fa2
cba14071334d051346105dd433496624+0x43d54 @ 0x443d54
cba14071334d051346105dd433496624+0x43e8c @ 0x443e8c
cba14071334d051346105dd433496624+0x43d54 @ 0x443d54
cba14071334d051346105dd433496624+0x439cf @ 0x4439cf
cba14071334d051346105dd433496624+0x220f6 @ 0x4220f6
gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x775a62fa
GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x775a6d3a
GetWindow+0x3f0 SendMessageW-0x1b user32+0x1965e @ 0x775a965e
SendMessageW+0x4c GetAncestor-0xc0 user32+0x196c5 @ 0x775a96c5
LoadCursorFromFileA+0x1097 DdeEnableCallback-0x1c4d user32+0x55fbb @ 0x775e5fbb
LoadCursorFromFileA+0x11d8 DdeEnableCallback-0x1b0c user32+0x560fc @ 0x775e60fc
SetKeyboardState+0x1c7c CliImmSetHotKey-0x11bdf user32+0x4312e @ 0x775d312e
IsCharAlphaA+0x1a9f EndDialog-0xf5d user32+0x3aa3f @ 0x775caa3f
gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x775a62fa
GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x775a6d3a
GetClientRect+0xc5 CallWindowProcW-0xb user32+0x20d27 @ 0x775b0d27
CallWindowProcA+0x1b GetClassNameA-0x95 user32+0x2794a @ 0x775b794a
cba14071334d051346105dd433496624+0x43e38 @ 0x443e38
cba14071334d051346105dd433496624+0x43d54 @ 0x443d54
cba14071334d051346105dd433496624+0x220f6 @ 0x4220f6
gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x775a62fa
GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x775a6d3a
GetWindow+0x3f0 SendMessageW-0x1b user32+0x1965e @ 0x775a965e
SetKeyboardState+0x19f9 CliImmSetHotKey-0x11e62 user32+0x42eab @ 0x775d2eab
IsCharAlphaA+0x1a9f EndDialog-0xf5d user32+0x3aa3f @ 0x775caa3f
gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x775a62fa
GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x775a6d3a
GetClientRect+0xc5 CallWindowProcW-0xb user32+0x20d27 @ 0x775b0d27
CallWindowProcA+0x1b GetClassNameA-0x95 user32+0x2794a @ 0x775b794a
cba14071334d051346105dd433496624+0x43e38 @ 0x443e38
cba14071334d051346105dd433496624+0x43d54 @ 0x443d54
cba14071334d051346105dd433496624+0x220f6 @ 0x4220f6
gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x775a62fa
GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x775a6d3a
GetThreadDesktop+0x185 GetWindowLongW-0x216 user32+0x16de8 @ 0x775a6de8
GetThreadDesktop+0x1e1 GetWindowLongW-0x1ba user32+0x16e44 @ 0x775a6e44
KiUserCallbackDispatcher+0x2e KiUserExceptionDispatcher-0x1a ntdll+0x1011a @ 0x77d4011a
PeekMessageA+0x168 SetWindowLongA-0x34 user32+0x260dc @ 0x775b60dc
cba14071334d051346105dd433496624+0x5f588 @ 0x45f588
cba14071334d051346105dd433496624+0x859ec @ 0x4859ec
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1634148
registers.edi: 1634752
registers.eax: 1634148
registers.ebp: 1634228
registers.edx: 0
registers.ebx: 4732939
registers.esi: 4732939
registers.ecx: 7
exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b
exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727
exception.instruction: leave
exception.module: KERNELBASE.dll
exception.exception_code: 0xeedfade
exception.offset: 46887
exception.address: 0x778eb727

success

Allocates read-write-execute memory (usually to unpack itself) (2 个事件)

Time & API	Arguments	Status	Return	Repeated
1620985519.643924 NtAllocateVirtualMemory	process_identifier: 1704 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 4096 (MEM_COMMIT) base_address: 0x003f0000	success	0	0
1621017072.464875 NtAllocateVirtualMemory	process_identifier: 1424 region_size: 65536 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffffffffffff allocation_type: 4096 (MEM_COMMIT) base_address: 0x0000000004080000	success	0	0

Foreign language identified in PE resource (3 个事件)

name

RT_ICON

language

LANG_CHINESE

offset

0x0009d308

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x000010a8

name

RT_GROUP_ICON

language

LANG_CHINESE

offset

0x000e7390

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x00000014

name

RT_VERSION

language

LANG_CHINESE

offset

0x000e73a4

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x0000032c

Communicates with host for which no DNS query was performed (1 个事件)

host

185.199.108.133

Connects to an IP address that is no longer responding to requests (legitimate services will remain up-and-running usually) (1 个事件)

dead_host

172.217.24.14:443

暂无二进制图像该样本未生成二进制可视化图像

暂无运行截图该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手，可以帮您分析和解读恶意软件报告。请随时向我提问！

🔍 主要威胁分析

⚡ 行为特征

🛡️ 防护建议

🔧 技术手段

🎯 检测方法

🤖

Static Analysis
Strings

PE Compile Time

1992-06-20 06:22:17

Imports

Library kernel32.dll:

• 0x48c17c DeleteCriticalSection

• 0x48c180 LeaveCriticalSection

• 0x48c184 EnterCriticalSection

• 0x48c188 InitializeCriticalSection

• 0x48c18c VirtualFree

• 0x48c190 VirtualAlloc

• 0x48c194 LocalFree

• 0x48c198 LocalAlloc

• 0x48c19c GetVersion

• 0x48c1a0 GetCurrentThreadId

• 0x48c1a4 InterlockedDecrement

• 0x48c1a8 InterlockedIncrement

• 0x48c1ac VirtualQuery

• 0x48c1b0 WideCharToMultiByte

• 0x48c1b4 MultiByteToWideChar

• 0x48c1b8 lstrlenA

• 0x48c1bc lstrcpynA

• 0x48c1c0 LoadLibraryExA

• 0x48c1c4 GetThreadLocale

• 0x48c1c8 GetStartupInfoA

• 0x48c1cc GetProcAddress

• 0x48c1d0 GetModuleHandleA

• 0x48c1d4 GetModuleFileNameA

• 0x48c1d8 GetLocaleInfoA

• 0x48c1dc GetLastError

• 0x48c1e0 GetCommandLineA

• 0x48c1e4 FreeLibrary

• 0x48c1e8 FindFirstFileA

• 0x48c1ec FindClose

• 0x48c1f0 CreateDirectoryA

• 0x48c1f4 ExitProcess

• 0x48c1f8 WriteFile

• 0x48c1fc UnhandledExceptionFilter

• 0x48c200 SetFilePointer

• 0x48c204 SetEndOfFile

• 0x48c208 RtlUnwind

• 0x48c20c ReadFile

• 0x48c210 RaiseException

• 0x48c214 GetStdHandle

• 0x48c218 GetFileSize

• 0x48c21c GetFileType

• 0x48c220 CreateFileA

• 0x48c224 CloseHandle

Library user32.dll:

• 0x48c22c GetKeyboardType

• 0x48c230 LoadStringA

• 0x48c234 MessageBoxA

• 0x48c238 CharNextA

Library advapi32.dll:

• 0x48c240 RegQueryValueExA

• 0x48c244 RegOpenKeyExA

• 0x48c248 RegCloseKey

Library oleaut32.dll:

• 0x48c250 SysFreeString

• 0x48c254 SysReAllocStringLen

• 0x48c258 SysAllocStringLen

Library kernel32.dll:

• 0x48c260 TlsSetValue

• 0x48c264 TlsGetValue

• 0x48c268 LocalAlloc

• 0x48c26c GetModuleHandleA

Library advapi32.dll:

• 0x48c274 RegQueryValueExA

• 0x48c278 RegOpenKeyExA

• 0x48c27c RegFlushKey

• 0x48c280 RegCreateKeyExA

• 0x48c284 RegCloseKey

Library kernel32.dll:

• 0x48c28c lstrcpyA

• 0x48c290 WritePrivateProfileStringA

• 0x48c294 WriteFile

• 0x48c298 WaitForSingleObject

• 0x48c29c VirtualQuery

• 0x48c2a0 VirtualProtect

• 0x48c2a4 VirtualFree

• 0x48c2a8 VirtualAlloc

• 0x48c2ac Sleep

• 0x48c2b0 SizeofResource

• 0x48c2b4 SetThreadLocale

• 0x48c2b8 SetFileTime

• 0x48c2bc SetFilePointer

• 0x48c2c0 SetFileAttributesW

• 0x48c2c4 SetFileAttributesA

• 0x48c2c8 SetEvent

• 0x48c2cc SetErrorMode

• 0x48c2d0 SetEndOfFile

• 0x48c2d4 ResetEvent

• 0x48c2d8 RemoveDirectoryA

• 0x48c2dc ReadFile

• 0x48c2e0 MultiByteToWideChar

• 0x48c2e4 MulDiv

• 0x48c2e8 LockResource

• 0x48c2ec LocalFileTimeToFileTime

• 0x48c2f0 LoadResource

• 0x48c2f4 LoadLibraryA

• 0x48c2f8 LeaveCriticalSection

• 0x48c2fc IsBadReadPtr

• 0x48c300 InitializeCriticalSection

• 0x48c304 HeapFree

• 0x48c308 HeapAlloc

• 0x48c30c GlobalUnlock

• 0x48c310 GlobalSize

• 0x48c314 GlobalReAlloc

• 0x48c318 GlobalHandle

• 0x48c31c GlobalLock

• 0x48c320 GlobalFree

• 0x48c324 GlobalFindAtomA

• 0x48c328 GlobalDeleteAtom

• 0x48c32c GlobalAlloc

• 0x48c330 GlobalAddAtomA

• 0x48c334 GetVersionExA

• 0x48c338 GetVersion

• 0x48c33c GetUserDefaultLCID

• 0x48c340 GetTickCount

• 0x48c344 GetThreadLocale

• 0x48c348 GetSystemInfo

• 0x48c34c GetStringTypeExA

• 0x48c350 GetStdHandle

• 0x48c354 GetProcessHeap

• 0x48c358 GetProcAddress

• 0x48c35c GetPrivateProfileStringA

• 0x48c360 GetModuleHandleA

• 0x48c364 GetModuleFileNameA

• 0x48c368 GetLocaleInfoA

• 0x48c36c GetLocalTime

• 0x48c370 GetLastError

• 0x48c374 GetFullPathNameA

• 0x48c378 GetFileAttributesW

• 0x48c37c GetFileAttributesA

• 0x48c380 GetDriveTypeW

• 0x48c384 GetDiskFreeSpaceA

• 0x48c388 GetDateFormatA

• 0x48c38c GetCurrentThreadId

• 0x48c390 GetCurrentProcessId

• 0x48c394 GetComputerNameA

• 0x48c398 GetCPInfo

• 0x48c39c GetACP

• 0x48c3a0 FreeResource

• 0x48c3a4 InterlockedIncrement

• 0x48c3a8 InterlockedExchange

• 0x48c3ac InterlockedDecrement

• 0x48c3b0 FreeLibrary

• 0x48c3b4 FormatMessageA

• 0x48c3b8 FindResourceA

• 0x48c3bc FindNextFileA

• 0x48c3c0 FindFirstFileW

• 0x48c3c4 FindFirstFileA

• 0x48c3c8 FindClose

• 0x48c3cc FileTimeToLocalFileTime

• 0x48c3d0 FileTimeToDosDateTime

• 0x48c3d4 EnumCalendarInfoA

• 0x48c3d8 EnterCriticalSection

• 0x48c3dc DosDateTimeToFileTime

• 0x48c3e0 DeleteFileA

• 0x48c3e4 DeleteCriticalSection

• 0x48c3e8 CreateThread

• 0x48c3ec CreateFileW

• 0x48c3f0 CreateFileA

• 0x48c3f4 CreateEventA

• 0x48c3f8 CreateDirectoryW

• 0x48c3fc CreateDirectoryA

• 0x48c400 CompareStringA

• 0x48c404 CloseHandle

Library version.dll:

• 0x48c40c VerQueryValueA

• 0x48c410 GetFileVersionInfoSizeA

• 0x48c414 GetFileVersionInfoA

Library gdi32.dll:

• 0x48c41c UnrealizeObject

• 0x48c420 StretchBlt

• 0x48c424 SetWindowOrgEx

• 0x48c428 SetWinMetaFileBits

• 0x48c42c SetViewportOrgEx

• 0x48c430 SetTextColor

• 0x48c434 SetStretchBltMode

• 0x48c438 SetROP2

• 0x48c43c SetPixel

• 0x48c440 SetEnhMetaFileBits

• 0x48c444 SetDIBColorTable

• 0x48c448 SetBrushOrgEx

• 0x48c44c SetBkMode

• 0x48c450 SetBkColor

• 0x48c454 SelectPalette

• 0x48c458 SelectObject

• 0x48c45c SaveDC

• 0x48c460 RestoreDC

• 0x48c464 Rectangle

• 0x48c468 RectVisible

• 0x48c46c RealizePalette

• 0x48c470 Polyline

• 0x48c474 PlayEnhMetaFile

• 0x48c478 Pie

• 0x48c47c PatBlt

• 0x48c480 MoveToEx

• 0x48c484 MaskBlt

• 0x48c488 LineTo

• 0x48c48c IntersectClipRect

• 0x48c490 GetWindowOrgEx

• 0x48c494 GetWinMetaFileBits

• 0x48c498 GetTextMetricsA

• 0x48c49c GetTextExtentPoint32A

• 0x48c4a0 GetSystemPaletteEntries

• 0x48c4a4 GetStockObject

• 0x48c4a8 GetPixel

• 0x48c4ac GetPaletteEntries

• 0x48c4b0 GetObjectA

• 0x48c4b4 GetEnhMetaFilePaletteEntries

• 0x48c4b8 GetEnhMetaFileHeader

• 0x48c4bc GetEnhMetaFileDescriptionA

• 0x48c4c0 GetEnhMetaFileBits

• 0x48c4c4 GetDeviceCaps

• 0x48c4c8 GetDIBits

• 0x48c4cc GetDIBColorTable

• 0x48c4d0 GetDCOrgEx

• 0x48c4d4 GetCurrentPositionEx

• 0x48c4d8 GetClipBox

• 0x48c4dc GetBrushOrgEx

• 0x48c4e0 GetBitmapBits

• 0x48c4e4 GdiFlush

• 0x48c4e8 ExtTextOutA

• 0x48c4ec ExcludeClipRect

• 0x48c4f0 Ellipse

• 0x48c4f4 DeleteObject

• 0x48c4f8 DeleteEnhMetaFile

• 0x48c4fc DeleteDC

• 0x48c500 CreateSolidBrush

• 0x48c504 CreatePenIndirect

• 0x48c508 CreatePalette

• 0x48c50c CreateHalftonePalette

• 0x48c510 CreateFontIndirectA

• 0x48c514 CreateEnhMetaFileA

• 0x48c518 CreateDIBitmap

• 0x48c51c CreateDIBSection

• 0x48c520 CreateCompatibleDC

• 0x48c524 CreateCompatibleBitmap

• 0x48c528 CreateBrushIndirect

• 0x48c52c CreateBitmap

• 0x48c530 CopyEnhMetaFileA

• 0x48c534 CloseEnhMetaFile

• 0x48c538 BitBlt

Library user32.dll:

• 0x48c540 CreateWindowExA

• 0x48c544 WindowFromPoint

• 0x48c548 WinHelpA

• 0x48c54c WaitMessage

• 0x48c550 UpdateWindow

• 0x48c554 UnregisterClassA

• 0x48c558 UnhookWindowsHookEx

• 0x48c55c TranslateMessage

• 0x48c560 TranslateMDISysAccel

• 0x48c564 TrackPopupMenu

• 0x48c568 SystemParametersInfoA

• 0x48c56c ShowWindow

• 0x48c570 ShowScrollBar

• 0x48c574 ShowOwnedPopups

• 0x48c578 ShowCursor

• 0x48c57c SetWindowsHookExA

• 0x48c580 SetWindowTextA

• 0x48c584 SetWindowPos

• 0x48c588 SetWindowPlacement

• 0x48c58c SetWindowLongA

• 0x48c590 SetTimer

• 0x48c594 SetScrollRange

• 0x48c598 SetScrollPos

• 0x48c59c SetScrollInfo

• 0x48c5a0 SetRect

• 0x48c5a4 SetPropA

• 0x48c5a8 SetParent

• 0x48c5ac SetMenuItemInfoA

• 0x48c5b0 SetMenu

• 0x48c5b4 SetForegroundWindow

• 0x48c5b8 SetFocus

• 0x48c5bc SetCursor

• 0x48c5c0 SetClassLongA

• 0x48c5c4 SetCapture

• 0x48c5c8 SetActiveWindow

• 0x48c5cc SendMessageA

• 0x48c5d0 ScrollWindow

• 0x48c5d4 ScreenToClient

• 0x48c5d8 RemovePropA

• 0x48c5dc RemoveMenu

• 0x48c5e0 ReleaseDC

• 0x48c5e4 ReleaseCapture

• 0x48c5e8 RegisterWindowMessageA

• 0x48c5ec RegisterClipboardFormatA

• 0x48c5f0 RegisterClassA

• 0x48c5f4 RedrawWindow

• 0x48c5f8 PtInRect

• 0x48c5fc PostQuitMessage

• 0x48c600 PostMessageA

• 0x48c604 PeekMessageA

• 0x48c608 OffsetRect

• 0x48c60c OemToCharA

• 0x48c610 MessageBoxA

• 0x48c614 MapWindowPoints

• 0x48c618 MapVirtualKeyA

• 0x48c61c LoadStringA

• 0x48c620 LoadKeyboardLayoutA

• 0x48c624 LoadIconA

• 0x48c628 LoadCursorA

• 0x48c62c LoadBitmapA

• 0x48c630 KillTimer

• 0x48c634 IsZoomed

• 0x48c638 IsWindowVisible

• 0x48c63c IsWindowEnabled

• 0x48c640 IsWindow

• 0x48c644 IsRectEmpty

• 0x48c648 IsIconic

• 0x48c64c IsDialogMessageA

• 0x48c650 IsChild

• 0x48c654 InvalidateRect

• 0x48c658 IntersectRect

• 0x48c65c InsertMenuItemA

• 0x48c660 InsertMenuA

• 0x48c664 InflateRect

• 0x48c668 GetWindowThreadProcessId

• 0x48c66c GetWindowTextA

• 0x48c670 GetWindowRect

• 0x48c674 GetWindowPlacement

• 0x48c678 GetWindowLongA

• 0x48c67c GetWindowDC

• 0x48c680 GetTopWindow

• 0x48c684 GetSystemMetrics

• 0x48c688 GetSystemMenu

• 0x48c68c GetSysColorBrush

• 0x48c690 GetSysColor

• 0x48c694 GetSubMenu

• 0x48c698 GetScrollRange

• 0x48c69c GetScrollPos

• 0x48c6a0 GetScrollInfo

• 0x48c6a4 GetPropA

• 0x48c6a8 GetParent

• 0x48c6ac GetWindow

• 0x48c6b0 GetMessageTime

• 0x48c6b4 GetMenuStringA

• 0x48c6b8 GetMenuState

• 0x48c6bc GetMenuItemInfoA

• 0x48c6c0 GetMenuItemID

• 0x48c6c4 GetMenuItemCount

• 0x48c6c8 GetMenu

• 0x48c6cc GetLastActivePopup

• 0x48c6d0 GetKeyboardState

• 0x48c6d4 GetKeyboardLayoutList

• 0x48c6d8 GetKeyboardLayout

• 0x48c6dc GetKeyState

• 0x48c6e0 GetKeyNameTextA

• 0x48c6e4 GetIconInfo

• 0x48c6e8 GetForegroundWindow

• 0x48c6ec GetFocus

• 0x48c6f0 GetDesktopWindow

• 0x48c6f4 GetDCEx

• 0x48c6f8 GetDC

• 0x48c6fc GetCursorPos

• 0x48c700 GetCursor

• 0x48c704 GetClipboardData

• 0x48c708 GetClientRect

• 0x48c70c GetClassNameA

• 0x48c710 GetClassInfoA

• 0x48c714 GetCapture

• 0x48c718 GetActiveWindow

• 0x48c71c FrameRect

• 0x48c720 FindWindowA

• 0x48c724 FillRect

• 0x48c728 EqualRect

• 0x48c72c EnumWindows

• 0x48c730 EnumThreadWindows

• 0x48c734 EndPaint

• 0x48c738 EnableWindow

• 0x48c73c EnableScrollBar

• 0x48c740 EnableMenuItem

• 0x48c744 DrawTextA

• 0x48c748 DrawMenuBar

• 0x48c74c DrawIconEx

• 0x48c750 DrawIcon

• 0x48c754 DrawFrameControl

• 0x48c758 DrawEdge

• 0x48c75c DispatchMessageA

• 0x48c760 DestroyWindow

• 0x48c764 DestroyMenu

• 0x48c768 DestroyIcon

• 0x48c76c DestroyCursor

• 0x48c770 DeleteMenu

• 0x48c774 DefWindowProcA

• 0x48c778 DefMDIChildProcA

• 0x48c77c DefFrameProcA

• 0x48c780 CreatePopupMenu

• 0x48c784 CreateMenu

• 0x48c788 CreateIcon

• 0x48c78c ClientToScreen

• 0x48c790 CheckMenuItem

• 0x48c794 CharUpperBuffW

• 0x48c798 CallWindowProcA

• 0x48c79c CallNextHookEx

• 0x48c7a0 BeginPaint

• 0x48c7a4 CharNextA

• 0x48c7a8 CharLowerBuffA

• 0x48c7ac CharLowerA

• 0x48c7b0 CharUpperBuffA

• 0x48c7b4 CharToOemA

• 0x48c7b8 AdjustWindowRectEx

• 0x48c7bc ActivateKeyboardLayout

Library kernel32.dll:

• 0x48c7c4 Sleep

Library oleaut32.dll:

• 0x48c7cc SafeArrayPtrOfIndex

• 0x48c7d0 SafeArrayGetUBound

• 0x48c7d4 SafeArrayGetLBound

• 0x48c7d8 SafeArrayCreate

• 0x48c7dc VariantChangeType

• 0x48c7e0 VariantCopy

• 0x48c7e4 VariantClear

• 0x48c7e8 VariantInit

Library ole32.dll:

• 0x48c7f0 CreateStreamOnHGlobal

• 0x48c7f4 IsAccelerator

• 0x48c7f8 OleDraw

• 0x48c7fc OleSetMenuDescriptor

• 0x48c800 CoTaskMemFree

• 0x48c804 ProgIDFromCLSID

• 0x48c808 StringFromCLSID

• 0x48c80c CoCreateInstance

• 0x48c810 CoGetClassObject

• 0x48c814 CoUninitialize

• 0x48c818 CoInitialize

• 0x48c81c IsEqualGUID

Library oleaut32.dll:

• 0x48c824 GetErrorInfo

• 0x48c828 GetActiveObject

• 0x48c82c SysFreeString

• 0x48c830 SysAllocString

Library comctl32.dll:

• 0x48c838 ImageList_SetIconSize

• 0x48c83c ImageList_GetIconSize

• 0x48c840 ImageList_Write

• 0x48c844 ImageList_Read

• 0x48c848 ImageList_GetDragImage

• 0x48c84c ImageList_DragShowNolock

• 0x48c850 ImageList_SetDragCursorImage

• 0x48c854 ImageList_DragMove

• 0x48c858 ImageList_DragLeave

• 0x48c85c ImageList_DragEnter

• 0x48c860 ImageList_EndDrag

• 0x48c864 ImageList_BeginDrag

• 0x48c868 ImageList_Remove

• 0x48c86c ImageList_DrawEx

• 0x48c870 ImageList_Replace

• 0x48c874 ImageList_Draw

• 0x48c878 ImageList_GetBkColor

• 0x48c87c ImageList_SetBkColor

• 0x48c880 ImageList_ReplaceIcon

• 0x48c884 ImageList_Add

• 0x48c888 ImageList_GetImageCount

• 0x48c88c ImageList_Destroy

• 0x48c890 ImageList_Create

Library shell32.dll:

• 0x48c898 ShellExecuteA

Library shell32.dll:

• 0x48c8a0 SHGetPathFromIDListA

• 0x48c8a4 SHBrowseForFolderA

Library comdlg32.dll:

• 0x48c8ac GetOpenFileNameW

Hosts

No hosts contacted.

DNS

Name	Response	Post-Analysis Lookup
dns.msftncsi.com	A 131.107.255.255	131.107.255.255
clients2.google.com	A 172.217.24.14 CNAME clients.l.google.com	172.217.27.142
dns.msftncsi.com	AAAA fd3e:4f5a:5b81::1	131.107.255.255
teredo.ipv6.microsoft.com

TCP

Source	Source Port	Destination	Destination Port
185.199.108.133	443	192.168.56.101	49203

UDP

Source	Source Port	Destination	Destination Port
192.168.56.101	50534	114.114.114.114	53
192.168.56.101	51963	114.114.114.114	53
192.168.56.101	53657	114.114.114.114	53
192.168.56.101	56539	114.114.114.114	53
192.168.56.101	65004	114.114.114.114	53
192.168.56.101	137	192.168.56.255	137
192.168.56.101	138	192.168.56.255	138
192.168.56.101	49235	224.0.0.252	5355
192.168.56.101	51808	224.0.0.252	5355
192.168.56.101	56804	224.0.0.252	5355
192.168.56.101	60123	224.0.0.252	5355
192.168.56.101	62191	224.0.0.252	5355
192.168.56.101	1900	239.255.255.250	1900
192.168.56.101	50535	239.255.255.250	3702
192.168.56.101	50537	239.255.255.250	3702
192.168.56.101	56540	239.255.255.250	3702
192.168.56.101	56807	239.255.255.250	1900
192.168.56.101	58707	239.255.255.250	3702

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.

Sorry! No dropped buffers.