SmartHawk

6.4

高危

61 个模型检测该样本为恶意！

重新分析

下载样本

8e3dd0c0c4913e5eb7de42a42bea5c3ff396542ee47737ed9eeb3b5439e95c6b

cf68bb0ee6675f8f3e1448af7d33d73a.exe

分析耗时

82s

最近分析

文件大小

914.4KB

静态报毒动态报毒 100% 5G2@AOU32UJM AI SCORE=84 AIDETECTVM ANDROM AYFR BIFROSE BSCOPE CONFIDENCE DAPATO DELF FALCOMP FAREIT GENERICKD HIGH CONFIDENCE HWCLMR INJECTS INVALIDSIG KCLOUD KTSE MALICIOUS PE MALWARE2 MALWARE@#272ENGHK7QUTQ MZQK PUYKWETKHY REMCOS S + MAL SCORE STATIC AI SUSGEN UNSAFE WANNACRY WINDOWBANK YIILR YMACCO ZELPHIF 更多

未检测暂无鹰眼引擎检测结果

查杀引擎	查杀结果	查杀时间	查杀版本
Alibaba	Backdoor:Win32/Ymacco.08cb85b5	20190527	0.3.0.5
Avast	Win32:Trojan-gen	20210108	21.1.5827.0
Baidu		20190318	1.0.0.2
Kingsoft	Win32.Hack.Undef.(kcloud)	20210108	2017.9.26.565
McAfee	Fareit-FZO!CF68BB0EE667	20210108	6.0.6.653
CrowdStrike	win/malicious_confidence_100% (W)	20190702	1.0

This executable is signed

The executable contains unknown PE section names indicative of a packer (could be a false positive) (3 个事件)

section	CODE
section	DATA
section	BSS

The executable uses a known packer (1 个事件)

packer

BobSoft Mini Delphi -> BoB / BobSoft

Allocates read-write-execute memory (usually to unpack itself) (1 个事件)

Time & API	Arguments	Status	Return	Repeated
1620985513.825176 NtAllocateVirtualMemory	process_identifier: 2760 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 4096 (MEM_COMMIT) base_address: 0x003f0000	success	0	0

Changes read-write memory protection to read-execute (probably to avoid detection when setting all RWX flags at the same time) (1 个事件)

Time & API	Arguments	Status	Return	Repeated
1620985531.747176 NtProtectVirtualMemory	process_identifier: 2760 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 131072 protection: 32 (PAGE_EXECUTE_READ) process_handle: 0xffffffff base_address: 0x021a1000	success	0	0

Checks adapter addresses which can be used to detect virtual network interfaces (1 个事件)

Time & API	Arguments	Status	Return	Repeated
1620985542.716176 GetAdaptersAddresses	flags: 0 family: 0	failed	111	0

Communicates with host for which no DNS query was performed (1 个事件)

host

172.217.24.14

Disables proxy possibly for traffic interception (1 个事件)

Time & API	Arguments	Status	Return	Repeated
1620985542.216176 RegSetValueExA	key_handle: 0x000002bc value: 0 regkey_r: ProxyEnable reg_type: 4 (REG_DWORD) regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyEnable	success	0	0

Sets or modifies WPAD proxy autoconfiguration file for traffic interception (8 个事件)

Time & API	Arguments	Status
1620985545.294176 RegSetValueExA	key_handle: 0x000003ac value: 1 regkey_r: WpadDecisionReason reg_type: 4 (REG_DWORD) regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionReason	success
1620985545.294176 RegSetValueExA	key_handle: 0x000003ac value: Àþ0¡§H× regkey_r: WpadDecisionTime reg_type: 3 (REG_BINARY) regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionTime	success
1620985545.294176 RegSetValueExA	key_handle: 0x000003ac value: 3 regkey_r: WpadDecision reg_type: 4 (REG_DWORD) regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecision	success
1620985545.294176 RegSetValueExW	key_handle: 0x000003ac value: 网络 2 regkey_r: WpadNetworkName reg_type: 1 (REG_SZ) regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadNetworkName	success
1620985545.294176 RegSetValueExA	key_handle: 0x000003c8 value: 1 regkey_r: WpadDecisionReason reg_type: 4 (REG_DWORD) regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionReason	success
1620985545.294176 RegSetValueExA	key_handle: 0x000003c8 value: Àþ0¡§H× regkey_r: WpadDecisionTime reg_type: 3 (REG_BINARY) regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionTime	success
1620985545.294176 RegSetValueExA	key_handle: 0x000003c8 value: 3 regkey_r: WpadDecision reg_type: 4 (REG_DWORD) regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecision	success
1620985545.356176 RegSetValueExW	key_handle: 0x000003a8 value: {40112ABE-63B3-43C3-BE93-1440EE3AF106} regkey_r: WpadLastNetwork reg_type: 1 (REG_SZ) regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\WpadLastNetwork	success

Network activity contains more than one unique useragent (2 个事件)

process	cf68bb0ee6675f8f3e1448af7d33d73a.exe				useragent	Internal
process	cf68bb0ee6675f8f3e1448af7d33d73a.exe				useragent	cf68bb0ee6675f8f3e1448af7d33d73a.exe

Connects to an IP address that is no longer responding to requests (legitimate services will remain up-and-running usually) (1 个事件)

dead_host

108.160.163.108:443

File has been identified by 61 AntiVirus engines on VirusTotal as malicious (50 out of 61 个事件)

Bkav	W32.AIDetectVM.malware2
Elastic	malicious (high confidence)
MicroWorld-eScan	Trojan.GenericKD.43822281
FireEye	Generic.mg.cf68bb0ee6675f8f
CAT-QuickHeal	Trojan.Multi
ALYac	Trojan.GenericKD.43822281
Cylance	Unsafe
SUPERAntiSpyware	Trojan.Agent/Gen-FalComp
Sangfor	Malware
K7AntiVirus	Trojan-Downloader ( 0056f5a71 )
Alibaba	Backdoor:Win32/Ymacco.08cb85b5
K7GW	Trojan-Downloader ( 0056f5a71 )
Cybereason	malicious.ee6675
Arcabit	Trojan.Generic.D29CACC9
BitDefenderTheta	Gen:NN.ZelphiF.34742.5G2@aOU32Ujm
Cyren	W32/Trojan.MZQK-2853
Symantec	Ransom.Wannacry
APEX	Malicious
Avast	Win32:Trojan-gen
ClamAV	Win.Dropper.Remcos-9756428-0
Kaspersky	HEUR:Backdoor.Win32.Androm.gen
BitDefender	Trojan.GenericKD.43822281
NANO-Antivirus	Trojan.Win32.Androm.hwclmr
Paloalto	generic.ml
AegisLab	Trojan.Win32.Androm.m!c
Ad-Aware	Trojan.GenericKD.43822281
Sophos	Mal/Generic-S + Mal/Generic-L
Comodo	Malware@#272enghk7qutq
F-Secure	Trojan.TR/AD.WindowBank.yiilr
VIPRE	Trojan.Win32.Generic!BT
TrendMicro	Backdoor.Win32.ANDROM.GJF
McAfee-GW-Edition	Fareit-FZO!CF68BB0EE667
Emsisoft	Trojan.GenericKD.43822281 (B)
Ikarus	Backdoor.Win32.Bifrose
Jiangmin	Backdoor.Androm.ayfr
Webroot	W32.Trojan.Gen
Avira	TR/AD.WindowBank.yiilr
Kingsoft	Win32.Hack.Undef.(kcloud)
Gridinsoft	Trojan.Win32.Packed.oa
Microsoft	Trojan:Win32/Ymacco.AA8E
ZoneAlarm	HEUR:Backdoor.Win32.Androm.gen
GData	Win32.Trojan-Downloader.Delf.AC
Cynet	Malicious (score: 100)
AhnLab-V3	Malware/Win32.Generic.C4196640
McAfee	Fareit-FZO!CF68BB0EE667
MAX	malware (ai score=84)
VBA32	BScope.Trojan.Injects
Malwarebytes	Trojan.MalPack.SMY
Zoner	Trojan.Win32.97651
ESET-NOD32	Win32/TrojanDownloader.Delf.DAH

暂无二进制图像该样本未生成二进制可视化图像

暂无运行截图该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手，可以帮您分析和解读恶意软件报告。请随时向我提问！

🔍 主要威胁分析

⚡ 行为特征

🛡️ 防护建议

🔧 技术手段

🎯 检测方法

🤖

Static Analysis
Strings

PE Compile Time

1992-06-20 06:22:17

Imports

Library kernel32.dll:

• 0x4c1154 DeleteCriticalSection

• 0x4c1158 LeaveCriticalSection

• 0x4c115c EnterCriticalSection

• 0x4c1160 InitializeCriticalSection

• 0x4c1164 VirtualFree

• 0x4c1168 VirtualAlloc

• 0x4c116c LocalFree

• 0x4c1170 LocalAlloc

• 0x4c1174 GetTickCount

• 0x4c1178 QueryPerformanceCounter

• 0x4c117c GetVersion

• 0x4c1180 GetCurrentThreadId

• 0x4c1184 InterlockedDecrement

• 0x4c1188 InterlockedIncrement

• 0x4c118c VirtualQuery

• 0x4c1190 WideCharToMultiByte

• 0x4c1194 MultiByteToWideChar

• 0x4c1198 lstrlenA

• 0x4c119c lstrcpynA

• 0x4c11a0 LoadLibraryExA

• 0x4c11a4 GetThreadLocale

• 0x4c11a8 GetStartupInfoA

• 0x4c11ac GetProcAddress

• 0x4c11b0 GetModuleHandleA

• 0x4c11b4 GetModuleFileNameA

• 0x4c11b8 GetLocaleInfoA

• 0x4c11bc GetCommandLineA

• 0x4c11c0 FreeLibrary

• 0x4c11c4 FindFirstFileA

• 0x4c11c8 FindClose

• 0x4c11cc ExitProcess

• 0x4c11d0 WriteFile

• 0x4c11d4 UnhandledExceptionFilter

• 0x4c11d8 RtlUnwind

• 0x4c11dc RaiseException

• 0x4c11e0 GetStdHandle

Library user32.dll:

• 0x4c11e8 GetKeyboardType

• 0x4c11ec LoadStringA

• 0x4c11f0 MessageBoxA

• 0x4c11f4 CharNextA

Library advapi32.dll:

• 0x4c11fc RegQueryValueExA

• 0x4c1200 RegOpenKeyExA

• 0x4c1204 RegCloseKey

Library oleaut32.dll:

• 0x4c120c SysFreeString

• 0x4c1210 SysReAllocStringLen

• 0x4c1214 SysAllocStringLen

Library kernel32.dll:

• 0x4c121c TlsSetValue

• 0x4c1220 TlsGetValue

• 0x4c1224 LocalAlloc

• 0x4c1228 GetModuleHandleA

Library advapi32.dll:

• 0x4c1230 RegQueryValueExA

• 0x4c1234 RegOpenKeyExA

• 0x4c1238 RegCloseKey

Library kernel32.dll:

• 0x4c1240 lstrcpyA

• 0x4c1244 lstrcmpiA

• 0x4c1248 WriteFile

• 0x4c124c WaitForSingleObject

• 0x4c1250 VirtualQuery

• 0x4c1254 VirtualProtect

• 0x4c1258 VirtualAlloc

• 0x4c125c Sleep

• 0x4c1260 SizeofResource

• 0x4c1264 SetThreadLocale

• 0x4c1268 SetFilePointer

• 0x4c126c SetEvent

• 0x4c1270 SetErrorMode

• 0x4c1274 SetEndOfFile

• 0x4c1278 ResetEvent

• 0x4c127c ReadFile

• 0x4c1280 MultiByteToWideChar

• 0x4c1284 MulDiv

• 0x4c1288 LockResource

• 0x4c128c LoadResource

• 0x4c1290 LoadLibraryA

• 0x4c1294 LeaveCriticalSection

• 0x4c1298 InitializeCriticalSection

• 0x4c129c GlobalUnlock

• 0x4c12a0 GlobalReAlloc

• 0x4c12a4 GlobalHandle

• 0x4c12a8 GlobalLock

• 0x4c12ac GlobalFree

• 0x4c12b0 GlobalFindAtomA

• 0x4c12b4 GlobalDeleteAtom

• 0x4c12b8 GlobalAlloc

• 0x4c12bc GlobalAddAtomA

• 0x4c12c0 GetVersionExA

• 0x4c12c4 GetVersion

• 0x4c12c8 GetTickCount

• 0x4c12cc GetThreadLocale

• 0x4c12d0 GetSystemInfo

• 0x4c12d4 GetStringTypeExA

• 0x4c12d8 GetStdHandle

• 0x4c12dc GetProcAddress

• 0x4c12e0 GetModuleHandleA

• 0x4c12e4 GetModuleFileNameA

• 0x4c12e8 GetLocaleInfoA

• 0x4c12ec GetLocalTime

• 0x4c12f0 GetLastError

• 0x4c12f4 GetFullPathNameA

• 0x4c12f8 GetDiskFreeSpaceA

• 0x4c12fc GetDateFormatA

• 0x4c1300 GetCurrentThreadId

• 0x4c1304 GetCurrentProcessId

• 0x4c1308 GetComputerNameA

• 0x4c130c GetCPInfo

• 0x4c1310 GetACP

• 0x4c1314 FreeResource

• 0x4c1318 InterlockedExchange

• 0x4c131c FreeLibrary

• 0x4c1320 FormatMessageA

• 0x4c1324 FindResourceA

• 0x4c1328 EnumCalendarInfoA

• 0x4c132c EnterCriticalSection

• 0x4c1330 DeleteCriticalSection

• 0x4c1334 CreateThread

• 0x4c1338 CreateFileA

• 0x4c133c CreateEventA

• 0x4c1340 CompareStringA

• 0x4c1344 CloseHandle

Library version.dll:

• 0x4c134c VerQueryValueA

• 0x4c1350 GetFileVersionInfoSizeA

• 0x4c1354 GetFileVersionInfoA

Library gdi32.dll:

• 0x4c135c UnrealizeObject

• 0x4c1360 StretchBlt

• 0x4c1364 SetWindowOrgEx

• 0x4c1368 SetWinMetaFileBits

• 0x4c136c SetViewportOrgEx

• 0x4c1370 SetTextColor

• 0x4c1374 SetStretchBltMode

• 0x4c1378 SetROP2

• 0x4c137c SetPixel

• 0x4c1380 SetEnhMetaFileBits

• 0x4c1384 SetDIBColorTable

• 0x4c1388 SetBrushOrgEx

• 0x4c138c SetBkMode

• 0x4c1390 SetBkColor

• 0x4c1394 SelectPalette

• 0x4c1398 SelectObject

• 0x4c139c SelectClipRgn

• 0x4c13a0 SaveDC

• 0x4c13a4 RestoreDC

• 0x4c13a8 Rectangle

• 0x4c13ac RectVisible

• 0x4c13b0 RealizePalette

• 0x4c13b4 Polyline

• 0x4c13b8 PlayEnhMetaFile

• 0x4c13bc PatBlt

• 0x4c13c0 MoveToEx

• 0x4c13c4 MaskBlt

• 0x4c13c8 LineTo

• 0x4c13cc IntersectClipRect

• 0x4c13d0 GetWindowOrgEx

• 0x4c13d4 GetWinMetaFileBits

• 0x4c13d8 GetTextMetricsA

• 0x4c13dc GetTextExtentPoint32A

• 0x4c13e0 GetSystemPaletteEntries

• 0x4c13e4 GetStockObject

• 0x4c13e8 GetPixel

• 0x4c13ec GetPaletteEntries

• 0x4c13f0 GetObjectA

• 0x4c13f4 GetEnhMetaFilePaletteEntries

• 0x4c13f8 GetEnhMetaFileHeader

• 0x4c13fc GetEnhMetaFileBits

• 0x4c1400 GetDeviceCaps

• 0x4c1404 GetDIBits

• 0x4c1408 GetDIBColorTable

• 0x4c140c GetDCOrgEx

• 0x4c1410 GetCurrentPositionEx

• 0x4c1414 GetClipBox

• 0x4c1418 GetBrushOrgEx

• 0x4c141c GetBitmapBits

• 0x4c1420 GdiFlush

• 0x4c1424 ExtTextOutA

• 0x4c1428 ExcludeClipRect

• 0x4c142c DeleteObject

• 0x4c1430 DeleteEnhMetaFile

• 0x4c1434 DeleteDC

• 0x4c1438 CreateSolidBrush

• 0x4c143c CreatePenIndirect

• 0x4c1440 CreatePalette

• 0x4c1444 CreateHalftonePalette

• 0x4c1448 CreateFontIndirectA

• 0x4c144c CreateDIBitmap

• 0x4c1450 CreateDIBSection

• 0x4c1454 CreateCompatibleDC

• 0x4c1458 CreateCompatibleBitmap

• 0x4c145c CreateBrushIndirect

• 0x4c1460 CreateBitmap

• 0x4c1464 CopyEnhMetaFileA

• 0x4c1468 BitBlt

Library user32.dll:

• 0x4c1470 CreateWindowExA

• 0x4c1474 WindowFromPoint

• 0x4c1478 WinHelpA

• 0x4c147c WaitMessage

• 0x4c1480 UpdateWindow

• 0x4c1484 UnregisterClassA

• 0x4c1488 UnhookWindowsHookEx

• 0x4c148c TranslateMessage

• 0x4c1490 TranslateMDISysAccel

• 0x4c1494 TrackPopupMenu

• 0x4c1498 SystemParametersInfoA

• 0x4c149c ShowWindow

• 0x4c14a0 ShowScrollBar

• 0x4c14a4 ShowOwnedPopups

• 0x4c14a8 ShowCursor

• 0x4c14ac SetWindowsHookExA

• 0x4c14b0 SetWindowTextA

• 0x4c14b4 SetWindowPos

• 0x4c14b8 SetWindowPlacement

• 0x4c14bc SetWindowLongA

• 0x4c14c0 SetTimer

• 0x4c14c4 SetScrollRange

• 0x4c14c8 SetScrollPos

• 0x4c14cc SetScrollInfo

• 0x4c14d0 SetRect

• 0x4c14d4 SetPropA

• 0x4c14d8 SetParent

• 0x4c14dc SetMenuItemInfoA

• 0x4c14e0 SetMenu

• 0x4c14e4 SetKeyboardState

• 0x4c14e8 SetForegroundWindow

• 0x4c14ec SetFocus

• 0x4c14f0 SetCursor

• 0x4c14f4 SetClipboardData

• 0x4c14f8 SetClassLongA

• 0x4c14fc SetCapture

• 0x4c1500 SetActiveWindow

• 0x4c1504 SendMessageA

• 0x4c1508 ScrollWindow

• 0x4c150c ScreenToClient

• 0x4c1510 RemovePropA

• 0x4c1514 RemoveMenu

• 0x4c1518 ReleaseDC

• 0x4c151c ReleaseCapture

• 0x4c1520 RegisterWindowMessageA

• 0x4c1524 RegisterClipboardFormatA

• 0x4c1528 RegisterClassA

• 0x4c152c RedrawWindow

• 0x4c1530 PtInRect

• 0x4c1534 PostQuitMessage

• 0x4c1538 PostMessageA

• 0x4c153c PeekMessageA

• 0x4c1540 OpenClipboard

• 0x4c1544 OffsetRect

• 0x4c1548 OemToCharA

• 0x4c154c MessageBoxA

• 0x4c1550 MessageBeep

• 0x4c1554 MapWindowPoints

• 0x4c1558 MapVirtualKeyA

• 0x4c155c LoadStringA

• 0x4c1560 LoadKeyboardLayoutA

• 0x4c1564 LoadIconA

• 0x4c1568 LoadCursorA

• 0x4c156c LoadBitmapA

• 0x4c1570 KillTimer

• 0x4c1574 IsZoomed

• 0x4c1578 IsWindowVisible

• 0x4c157c IsWindowEnabled

• 0x4c1580 IsWindow

• 0x4c1584 IsRectEmpty

• 0x4c1588 IsIconic

• 0x4c158c IsDialogMessageA

• 0x4c1590 IsChild

• 0x4c1594 IsCharAlphaNumericA

• 0x4c1598 IsCharAlphaA

• 0x4c159c InvalidateRect

• 0x4c15a0 IntersectRect

• 0x4c15a4 InsertMenuItemA

• 0x4c15a8 InsertMenuA

• 0x4c15ac InflateRect

• 0x4c15b0 GetWindowThreadProcessId

• 0x4c15b4 GetWindowTextA

• 0x4c15b8 GetWindowRect

• 0x4c15bc GetWindowPlacement

• 0x4c15c0 GetWindowLongA

• 0x4c15c4 GetWindowDC

• 0x4c15c8 GetTopWindow

• 0x4c15cc GetSystemMetrics

• 0x4c15d0 GetSystemMenu

• 0x4c15d4 GetSysColorBrush

• 0x4c15d8 GetSysColor

• 0x4c15dc GetSubMenu

• 0x4c15e0 GetScrollRange

• 0x4c15e4 GetScrollPos

• 0x4c15e8 GetScrollInfo

• 0x4c15ec GetPropA

• 0x4c15f0 GetParent

• 0x4c15f4 GetWindow

• 0x4c15f8 GetMenuStringA

• 0x4c15fc GetMenuState

• 0x4c1600 GetMenuItemInfoA

• 0x4c1604 GetMenuItemID

• 0x4c1608 GetMenuItemCount

• 0x4c160c GetMenu

• 0x4c1610 GetLastActivePopup

• 0x4c1614 GetKeyboardState

• 0x4c1618 GetKeyboardLayoutList

• 0x4c161c GetKeyboardLayout

• 0x4c1620 GetKeyState

• 0x4c1624 GetKeyNameTextA

• 0x4c1628 GetIconInfo

• 0x4c162c GetForegroundWindow

• 0x4c1630 GetFocus

• 0x4c1634 GetDesktopWindow

• 0x4c1638 GetDCEx

• 0x4c163c GetDC

• 0x4c1640 GetCursorPos

• 0x4c1644 GetCursor

• 0x4c1648 GetClipboardData

• 0x4c164c GetClientRect

• 0x4c1650 GetClassNameA

• 0x4c1654 GetClassInfoA

• 0x4c1658 GetCapture

• 0x4c165c GetActiveWindow

• 0x4c1660 FrameRect

• 0x4c1664 FindWindowA

• 0x4c1668 FillRect

• 0x4c166c EqualRect

• 0x4c1670 EnumWindows

• 0x4c1674 EnumThreadWindows

• 0x4c1678 EnumClipboardFormats

• 0x4c167c EndPaint

• 0x4c1680 EnableWindow

• 0x4c1684 EnableScrollBar

• 0x4c1688 EnableMenuItem

• 0x4c168c EmptyClipboard

• 0x4c1690 DrawTextA

• 0x4c1694 DrawMenuBar

• 0x4c1698 DrawIconEx

• 0x4c169c DrawIcon

• 0x4c16a0 DrawFrameControl

• 0x4c16a4 DrawFocusRect

• 0x4c16a8 DrawEdge

• 0x4c16ac DispatchMessageA

• 0x4c16b0 DestroyWindow

• 0x4c16b4 DestroyMenu

• 0x4c16b8 DestroyIcon

• 0x4c16bc DestroyCursor

• 0x4c16c0 DeleteMenu

• 0x4c16c4 DefWindowProcA

• 0x4c16c8 DefMDIChildProcA

• 0x4c16cc DefFrameProcA

• 0x4c16d0 CreatePopupMenu

• 0x4c16d4 CreateMenu

• 0x4c16d8 CreateIcon

• 0x4c16dc CloseClipboard

• 0x4c16e0 ClientToScreen

• 0x4c16e4 CheckMenuItem

• 0x4c16e8 CallWindowProcA

• 0x4c16ec CallNextHookEx

• 0x4c16f0 BeginPaint

• 0x4c16f4 CharNextA

• 0x4c16f8 CharLowerBuffA

• 0x4c16fc CharLowerA

• 0x4c1700 CharUpperBuffA

• 0x4c1704 CharToOemA

• 0x4c1708 AdjustWindowRectEx

• 0x4c170c ActivateKeyboardLayout

Library kernel32.dll:

• 0x4c1714 Sleep

Library oleaut32.dll:

• 0x4c171c SafeArrayPtrOfIndex

• 0x4c1720 SafeArrayPutElement

• 0x4c1724 SafeArrayGetElement

• 0x4c1728 SafeArrayUnaccessData

• 0x4c172c SafeArrayAccessData

• 0x4c1730 SafeArrayGetUBound

• 0x4c1734 SafeArrayGetLBound

• 0x4c1738 SafeArrayCreate

• 0x4c173c VariantChangeType

• 0x4c1740 VariantCopyInd

• 0x4c1744 VariantCopy

• 0x4c1748 VariantClear

• 0x4c174c VariantInit

Library ole32.dll:

• 0x4c1754 CoTaskMemFree

• 0x4c1758 ProgIDFromCLSID

• 0x4c175c StringFromCLSID

• 0x4c1760 CoCreateInstance

• 0x4c1764 CoUninitialize

• 0x4c1768 CoInitialize

• 0x4c176c IsEqualGUID

Library oleaut32.dll:

• 0x4c1774 GetErrorInfo

• 0x4c1778 GetActiveObject

• 0x4c177c SysFreeString

Library comctl32.dll:

• 0x4c1784 ImageList_SetIconSize

• 0x4c1788 ImageList_GetIconSize

• 0x4c178c ImageList_Write

• 0x4c1790 ImageList_Read

• 0x4c1794 ImageList_GetDragImage

• 0x4c1798 ImageList_DragShowNolock

• 0x4c179c ImageList_SetDragCursorImage

• 0x4c17a0 ImageList_DragMove

• 0x4c17a4 ImageList_DragLeave

• 0x4c17a8 ImageList_DragEnter

• 0x4c17ac ImageList_EndDrag

• 0x4c17b0 ImageList_BeginDrag

• 0x4c17b4 ImageList_Remove

• 0x4c17b8 ImageList_DrawEx

• 0x4c17bc ImageList_Draw

• 0x4c17c0 ImageList_GetBkColor

• 0x4c17c4 ImageList_SetBkColor

• 0x4c17c8 ImageList_ReplaceIcon

• 0x4c17cc ImageList_Add

• 0x4c17d0 ImageList_SetImageCount

• 0x4c17d4 ImageList_GetImageCount

• 0x4c17d8 ImageList_Destroy

• 0x4c17dc ImageList_Create

• 0x4c17e0 InitCommonControls

Library advapi32.dll:

• 0x4c17e8 QueryServiceStatus

• 0x4c17ec OpenServiceA

• 0x4c17f0 OpenSCManagerA

• 0x4c17f4 CloseServiceHandle

Hosts

No hosts contacted.

DNS

Name	Response	Post-Analysis Lookup
time.windows.com	A 20.189.79.72 CNAME time.microsoft.akadns.net
www.microsoft.com	CNAME www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net CNAME e13678.ca2.s.tl88.net CNAME www.microsoft.com-c-3.edgekey.net A 27.148.139.88	27.148.139.88
dns.msftncsi.com	A 131.107.255.255	131.107.255.255
dns.msftncsi.com	AAAA fd3e:4f5a:5b81::1	131.107.255.255
cdn.discordapp.com	A 108.160.163.108	162.125.32.13
teredo.ipv6.microsoft.com

TCP

No TCP connections recorded.

UDP

Source	Source Port	Destination	Destination Port
192.168.56.101	49713	114.114.114.114	53
192.168.56.101	50002	114.114.114.114	53
192.168.56.101	53237	114.114.114.114	53
192.168.56.101	57756	114.114.114.114	53
192.168.56.101	58367	114.114.114.114	53
192.168.56.101	61680	114.114.114.114	53
192.168.56.101	62318	114.114.114.114	53
192.168.56.101	137	192.168.56.255	137
192.168.56.101	138	192.168.56.255	138
192.168.56.101	123	20.189.79.72 time.windows.com	123
192.168.56.101	49235	224.0.0.252	5355
192.168.56.101	50534	224.0.0.252	5355
192.168.56.101	50568	224.0.0.252	5355
192.168.56.101	51963	224.0.0.252	5355
192.168.56.101	53657	224.0.0.252	5355
192.168.56.101	56804	224.0.0.252	5355
192.168.56.101	57874	224.0.0.252	5355
192.168.56.101	62191	224.0.0.252	5355
192.168.56.101	63429	224.0.0.252	5355
192.168.56.101	1900	239.255.255.250	1900

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.

Sorry! No dropped buffers.