6.8
高危
该样本未表现出任何异常!
重新分析
更多

2c1609fd26e34769b5c168483ebf92c39a7a27b287750e733f7358c221b67221

d282f719f24ffc253c00c7789bc489a0.exe

分析耗时

85s

最近分析

文件大小

14.4MB
静态报毒 动态报毒
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
未检测 暂无反病毒引擎检测结果
静态指标
Queries for the computername (2 个事件)
Time & API Arguments Status Return Repeated
1620930641.266876
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
1620930646.736124
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
This executable is signed
Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available (1 个事件)
Time & API Arguments Status Return Repeated
1620930634.235876
GlobalMemoryStatusEx
success 1 0
The executable contains unknown PE section names indicative of a packer (could be a false positive) (1 个事件)
section .ndata
行为判定
动态指标
Performs some HTTP requests (2 个事件)
request GET http://cdnrep.reimage.com/downloader_version.xml
request GET http://cdnrep.reimageplus.com/rqz/ReimageRepair.exe
Allocates read-write-execute memory (usually to unpack itself) (1 个事件)
Time & API Arguments Status Return Repeated
1620930637.782876
NtProtectVirtualMemory
process_identifier: 2288
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x750c4000
success 0 0
Creates executable files on the filesystem (11 个事件)
file C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\nsj6723.tmp\inetc.dll
file C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\nsj6723.tmp\nsExec.dll
file C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\ReimageRepair.exe
file C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\nsj6723.tmp\System.dll
file C:\Program Files\Reimage\Reimage Repair\ReimageReminder.exe
file C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\nsj6723.tmp\LogEx.dll
file C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\nsj6723.tmp\stack.dll
file C:\Program Files\Reimage\Reimage Repair\REI_SupportInfoTool.exe
file C:\Program Files\Reimage\Reimage Repair\LZMA.EXE
file C:\Program Files\Reimage\Reimage Repair\Reimage.exe
file C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\nsj6723.tmp\xml.dll
Drops an executable to the user AppData folder (7 个事件)
file C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\nsj6723.tmp\xml.dll
file C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\nsj6723.tmp\System.dll
file C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\nsj6723.tmp\nsExec.dll
file C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\nsj6723.tmp\stack.dll
file C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\nsj6723.tmp\LogEx.dll
file C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\ReimageRepair.exe
file C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\nsj6723.tmp\inetc.dll
Executes one or more WMI queries (2 个事件)
wmi SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process WHERE Caption = 'AVUPDATE.EXE'
wmi SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process WHERE Caption = 'REIMAGE.EXE'
Checks adapter addresses which can be used to detect virtual network interfaces (1 个事件)
Time & API Arguments Status Return Repeated
1620930661.063876
GetAdaptersAddresses
flags: 0
family: 0
failed 111 0
An executable file was downloaded by the process d282f719f24ffc253c00c7789bc489a0.exe (1 个事件)
Time & API Arguments Status Return Repeated
1620930673.985876
InternetReadFile
buffer: MZÿÿ¸@к´ Í!¸LÍ!This program cannot be run in DOS mode. $A{Ñk¿8¿8¿8 b<8¿8 b,8¿8¾8©¿8‡8 ¿8‡%8¿8‡"8¿8Rich¿8PELßâGOà  pÒBã9€@À:?K @…d›´@:-hX¹˜8 ¸ €Ð.textop `.rdata’*€,t@@.data¼~° @À.ndata30€À.rsrc-h@:j¢@@.relocŠ°:¸@BU‹ìƒì\ƒ} t+ƒ} F‹Eu ƒH‹ Ô-G‰HPÿuÿu ÿuÿŒ‚@éKSV‹5Ü-GWE¤Pÿuÿ‚@ƒeô‰E EäPÿuÿ”‚@‹}ðƒeð‹D€@鉶FR¶VV¯Uè‹Ï+Mè¯Á™÷ÿ‰M¶ÀÁà‰E¶FQ¯Á¶NU¯MèÁ™÷ÿ‹M¶VT¯Uè¶À ȶFP¯E™÷ÿÁá¶À ȍEôP‰MøÿH€@ƒEðP‰EEäPÿu ÿ˜‚@ÿuÿӃEè9}èŒnÿÿÿƒ~Xÿteÿv4ÿL€@‰E…ÀtU‹} jWÇEäÇEèÿP€@ÿvXWÿT€@ÿu‹5X€@WÿÖh ‰E EäPjÿhÀ­FWÿœ‚@ÿu WÿÖÿuÿӍE¤Pÿuÿ ‚@_^3À[É‹L$¡è-G‹ÑiÒ @‹TöÂtUVWq3ÿ;5ì-GsD‹ÎiÉ @DS‹öÁtGëöÁt ‹ÏO…Ét ëöÁu ‹Ù3ڃã3ىF @;5ì-GrÊ[_^ÂU‹ìQQ‹US‹è-GV‹òiö @ó‹F3ÉW‰Mü‰Mø¨t 9M tƒà¾‰FB;ì-GsD‹ÂiÀ @|‹BöÁt jRè¤ÿÿÿ‹öÁu(öÁ@tÿEüöÁtÿEüëÿEø‹Ð;ì-Gr¼3À_^[Ƀ}ütóƒ}øtƒN@ëç‹NáÿÿÿƒÉ‰Në֋L$¡è-GV3öƒù s695ì-Gv.PW‹¨u3ÿGÓç…zütƒÈëƒàþ‰FÂ @;5ì-Gr×_^ÂU‹ìƒì ¡Ü-GƒeüSV”W‹=ì-G‰Eø‹Eø3Û9tM;ßsG‹5è-GƒÆ‹öÂu*‹E…Àtƒ<˜t‹Mü3À@Óà‹Nüƒâ#ȉMô‹MüÓâ9Uôu CÆ @;ßrÄ;ßt ÿEüƒEøƒ}ü r‹Eü_^[É‹D$…Ày@iÀ@¹0G+ÈQè1MÂV‹t$ëh‹ÆkÀð-Gƒ8t\Pèæ=ÿÿÿtUPè·ÿÿÿ…Àu@FëH‹Î‹ð+Áƒ|$ t/¬­Fjÿ5¤­Fh0uÿ5¬­FÿP@Phÿt$ÿˆ‚@…öy”3À^¸ÿÿÿëõ‹D$‹ Ü-GjÿtlèkÿÿÿÂhÐð@ÿt$è<¡İ@ÿ4ˆjèUPèpLËD$™3Â+‹Ä°@‹ÈÁøiÀ@Vƒáÿ4ŠÈ°@PèÞTƒ|$‹ð}VèM‹Æ^ÂU‹ììSVWEüP¡°.GƒÈP3ÛSÿu ÿuÿ€@;Ãui‹5€@¿ë9]uKS…ðýÿÿPÿuüè²ÿÿÿ…ÀuW…ðýÿÿPSÿuüÿօÀtÕÿuüÿ€@jèLO;Ãt$Sÿ5°.Gÿu ÿuÿÐë ÿuüÿ€@3À@_^[É 9°.Guîÿu ÿuÿ €@…ÀuÞëßU‹ì¡Ä°@‹@V…Àt‹ðë ‹5„.GÆ€EP¡°.G EPjj"èÓþÿÿPVÿ€@÷ØÀ÷Ð#E^]ÂÌU‹ìì¬¡Ô-GSV‹uWjY}Ðó¥‹UԋM؋ò‹ùiö@iÿ@‰Eô¸0GðøEԣİ@‹EÐ3ۃÀþ‰]üƒøG‡éÿ$…ø0@Rh´@èøM‹EÔYYéØSè@þÿÿPh”@èÝMYYSÿuÔè :¸ÿÿÿé²ÿ”­F9]ôtëSÿ<‚@ëâRè(ýÿÿpÿVh€@è MYYSVè0ýÿÿé|SèäýÿÿPh`@èMYYSÿuÔèD:éP3Éè¬ýÿÿ‹ðVhL@è]MYYƒþ3öFVÿŒ€@é&h0@è=MYÿuôÿ@‚@é ‹Â9]Üu%‹ …€.G‰ …@.G3ÉAèSýÿÿ‹Mԉ€.Géá‹ …@.G‰ …€.Gé΋u܍4µ€.G‹3À;Ë”À#Mà‰‹D…Ôé¸ÿ4€.G雡 ­F‹5D‚@;ÃtQPÿ֋UÔ¡Œ­F;Ä~RPÿÖéujðèçüÿÿÿu؋ðVhôŽ@èLƒÄ ÿuØVÿˆ€@…À…IÇEühÀŽ@èYLYé2jðè¤üÿÿÿu؉EPhˆŽ@è;LƒÄ ÿuèåF‹ð;ó„†j\Vè€F‹ð·>Sÿu3Àf‰ÿ„€@…ÀuHÿ€€@=·tÿ€€@Pÿuh0Ž@èåKƒÄ ÿEüë.ÿuÿ|€@¨u!ÿuh¸@èÃKÿEüë ÿuhx@è±KYYf‰>ƒÆf;û…zÿÿÿhÐð@9]Øt"jæè]8ÿuh°°LèèHÿuÿx€@éSjõéòýÿÿSè¿ûÿÿ‹ðVè‘K…ÀtÿuØVh @èMKƒÄ ‹EØé,ÿuÜVh¸Œ@è4KƒÄ ‹EÜéjÐèzûÿÿjߋðèqûÿÿj‰Eègûÿÿ‹øWhœŒ@èKYYÿuVÿt€@…Àt hÐð@jãékýÿÿ9]Üt'Vè K…ÀtÿuVè“ThÐð@jäè7WhpŒ@ë WhLŒ@ÇEüè¨JYéIþÿÿSèôúÿÿ‹ðEPWh Vÿp€@…Àt$‹E;Æv)f9t$Vè¥J;ÃtƒÀ,PÿuèÉGë 3Àf‰ÇEü9]Ü…+h WWÿl€@éjÿè‹úÿÿMQVh SPSÿh€@…À…÷3ÀÇEüf‰éæjïèXúÿÿPVèÕE…À…ÐÇEüéÄj1è6úÿÿ‹ð‹EԋÈÁøVƒàƒáPQh؋@‰ủMè»IƒÄVè3DV¾È°@…ÀtVèGëh°°LVèûFPèNPè GVèG¿Ø0Aƒ}|1Vè¤I3É;ÃtMàQƒÀPÿd€@‹È‹EƒÀý €#Á÷ØÀ@‰E9]uVèÈD3Àƒ}•À@Ph@VèÒD‰Eøƒøÿ…¿9]uwVh ‹@è IYYh0GWècFVh0GèXFÿuèhÐð@èGNWh0Gè@F‹EÔÁøPhÐð@èÅBƒèuhp‹@èºHYé6ÿÿÿHt@h@‹@è§HYVjúéÇúÿÿÿuÌjâèb5ƒ}uÇEüÿuVhðŠ@èyHƒÄ éPh¼Š@ègHÿˆ.GYéCÿuÌjêè5ÿ´.GSSÿuøÿuÜèŠÿ ´.G‹øVWhŒŠ@è*HƒÄ ƒ}àÿuƒ}äÿtEàPSPÿuøÿ`€@ÿuøÿ¼€@
request_handle: 0x00cc000c
success 1 0
Checks for the Locally Unique Identifier on the system for a suspicious privilege (2 个事件)
Time & API Arguments Status Return Repeated
1620930641.251876
LookupPrivilegeValueW
system_name:
privilege_name: SeDebugPrivilege
success 1 0
1620930646.720124
LookupPrivilegeValueW
system_name:
privilege_name: SeDebugPrivilege
success 1 0
Queries for potentially installed applications (2 个事件)
Time & API Arguments Status Return Repeated
1620930638.219876
RegOpenKeyExW
access: 0x00020019
base_handle: 0x80000002
key_handle: 0x00000000
regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Reimage Express
regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\Reimage Express
options: 0
failed 2 0
1620930638.829876
RegOpenKeyExW
access: 0x00020119
base_handle: 0x80000002
key_handle: 0x00000000
regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Reimage Repair
regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\Reimage Repair
options: 0
failed 2 0
Uses Windows utilities for basic Windows functionality (4 个事件)
cmdline tasklist /FI "IMAGENAME eq Reimage.exe"
cmdline cmd /C tasklist /FI "IMAGENAME eq avupdate.exe" > C:\Users\ADMINI~1.OSK\AppData\Local\Temp\IsProcessActive.txt
cmdline tasklist /FI "IMAGENAME eq avupdate.exe"
cmdline cmd /C tasklist /FI "IMAGENAME eq Reimage.exe" > C:\Users\ADMINI~1.OSK\AppData\Local\Temp\IsProcessActive.txt
网络通信
Communicates with host for which no DNS query was performed (1 个事件)
host 172.217.24.14
Sets or modifies WPAD proxy autoconfiguration file for traffic interception (15 个事件)
Time & API Arguments Status Return Repeated
1620930663.626876
RegSetValueExA
key_handle: 0x00000418
value: 1
regkey_r: WpadDecisionReason
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionReason
success 0 0
1620930663.626876
RegSetValueExA
key_handle: 0x00000418
value:  zÏH×
regkey_r: WpadDecisionTime
reg_type: 3 (REG_BINARY)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionTime
success 0 0
1620930663.626876
RegSetValueExA
key_handle: 0x00000418
value: 3
regkey_r: WpadDecision
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecision
success 0 0
1620930663.626876
RegSetValueExW
key_handle: 0x00000418
value: 网络 2
regkey_r: WpadNetworkName
reg_type: 1 (REG_SZ)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadNetworkName
success 0 0
1620930663.626876
RegSetValueExA
key_handle: 0x00000438
value: 1
regkey_r: WpadDecisionReason
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionReason
success 0 0
1620930663.626876
RegSetValueExA
key_handle: 0x00000438
value:  zÏH×
regkey_r: WpadDecisionTime
reg_type: 3 (REG_BINARY)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionTime
success 0 0
1620930663.626876
RegSetValueExA
key_handle: 0x00000438
value: 3
regkey_r: WpadDecision
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecision
success 0 0
1620930663.688876
RegSetValueExW
key_handle: 0x00000414
value: {40112ABE-63B3-43C3-BE93-1440EE3AF106}
regkey_r: WpadLastNetwork
reg_type: 1 (REG_SZ)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\WpadLastNetwork
success 0 0
1620930666.032876
RegSetValueExA
key_handle: 0x000002c8
value: 1
regkey_r: WpadDecisionReason
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionReason
success 0 0
1620930666.032876
RegSetValueExA
key_handle: 0x000002c8
value: ›vÐH×
regkey_r: WpadDecisionTime
reg_type: 3 (REG_BINARY)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionTime
success 0 0
1620930666.032876
RegSetValueExA
key_handle: 0x000002c8
value: 0
regkey_r: WpadDecision
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecision
success 0 0
1620930666.032876
RegSetValueExW
key_handle: 0x000002c8
value: 网络 2
regkey_r: WpadNetworkName
reg_type: 1 (REG_SZ)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadNetworkName
success 0 0
1620930666.032876
RegSetValueExA
key_handle: 0x00000248
value: 1
regkey_r: WpadDecisionReason
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionReason
success 0 0
1620930666.032876
RegSetValueExA
key_handle: 0x00000248
value: ›vÐH×
regkey_r: WpadDecisionTime
reg_type: 3 (REG_BINARY)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionTime
success 0 0
1620930666.032876
RegSetValueExA
key_handle: 0x00000248
value: 0
regkey_r: WpadDecision
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecision
success 0 0
Generates some ICMP traffic
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

2012-02-25 03:19:59

Imports

Library KERNEL32.dll:
0x408060 SetFileTime
0x408064 CompareFileTime
0x408068 SearchPathW
0x40806c GetShortPathNameW
0x408070 GetFullPathNameW
0x408074 MoveFileW
0x40807c GetFileAttributesW
0x408080 GetLastError
0x408084 CreateDirectoryW
0x408088 SetFileAttributesW
0x40808c Sleep
0x408090 GetTickCount
0x408094 CreateFileW
0x408098 GetFileSize
0x40809c GetModuleFileNameW
0x4080a0 GetCurrentProcess
0x4080a4 CopyFileW
0x4080a8 ExitProcess
0x4080b0 GetTempPathW
0x4080b4 GetCommandLineW
0x4080b8 SetErrorMode
0x4080bc CloseHandle
0x4080c0 lstrlenW
0x4080c4 lstrcpynW
0x4080c8 GetDiskFreeSpaceW
0x4080cc GlobalUnlock
0x4080d0 GlobalLock
0x4080d4 CreateThread
0x4080d8 LoadLibraryW
0x4080dc CreateProcessW
0x4080e0 lstrcmpiA
0x4080e4 GetTempFileNameW
0x4080e8 lstrcatW
0x4080ec GetProcAddress
0x4080f0 LoadLibraryA
0x4080f4 GetModuleHandleA
0x4080f8 OpenProcess
0x4080fc lstrcpyW
0x408100 GetVersionExW
0x408104 GetSystemDirectoryW
0x408108 GetVersion
0x40810c lstrcpyA
0x408110 RemoveDirectoryW
0x408114 lstrcmpA
0x408118 lstrcmpiW
0x40811c lstrcmpW
0x408124 GlobalAlloc
0x408128 WaitForSingleObject
0x40812c GetExitCodeProcess
0x408130 GlobalFree
0x408134 GetModuleHandleW
0x408138 LoadLibraryExW
0x40813c FreeLibrary
0x408148 WideCharToMultiByte
0x40814c lstrlenA
0x408150 MulDiv
0x408154 WriteFile
0x408158 ReadFile
0x40815c MultiByteToWideChar
0x408160 SetFilePointer
0x408164 FindClose
0x408168 FindNextFileW
0x40816c FindFirstFileW
0x408170 DeleteFileW
0x408174 lstrcpynA
Library USER32.dll:
0x408198 GetAsyncKeyState
0x40819c IsDlgButtonChecked
0x4081a0 ScreenToClient
0x4081a4 GetMessagePos
0x4081a8 CallWindowProcW
0x4081ac IsWindowVisible
0x4081b0 LoadBitmapW
0x4081b4 CloseClipboard
0x4081b8 SetClipboardData
0x4081bc EmptyClipboard
0x4081c0 OpenClipboard
0x4081c4 TrackPopupMenu
0x4081c8 GetWindowRect
0x4081cc AppendMenuW
0x4081d0 CreatePopupMenu
0x4081d4 GetSystemMetrics
0x4081d8 EndDialog
0x4081dc EnableMenuItem
0x4081e0 GetSystemMenu
0x4081e4 SetClassLongW
0x4081e8 IsWindowEnabled
0x4081ec SetWindowPos
0x4081f0 DialogBoxParamW
0x4081f4 CheckDlgButton
0x4081f8 CreateWindowExW
0x408200 RegisterClassW
0x408204 SetDlgItemTextW
0x408208 GetDlgItemTextW
0x40820c MessageBoxIndirectW
0x408210 CharNextA
0x408214 CharUpperW
0x408218 CharPrevW
0x40821c wvsprintfW
0x408220 DispatchMessageW
0x408224 PeekMessageW
0x408228 wsprintfA
0x40822c DestroyWindow
0x408230 CreateDialogParamW
0x408234 SetTimer
0x408238 SetWindowTextW
0x40823c PostQuitMessage
0x408240 SetForegroundWindow
0x408244 ShowWindow
0x408248 wsprintfW
0x40824c SendMessageTimeoutW
0x408250 LoadCursorW
0x408254 SetCursor
0x408258 GetWindowLongW
0x40825c GetSysColor
0x408260 CharNextW
0x408264 GetClassInfoW
0x408268 ExitWindowsEx
0x40826c IsWindow
0x408270 GetDlgItem
0x408274 SetWindowLongW
0x408278 LoadImageW
0x40827c GetDC
0x408280 EnableWindow
0x408284 InvalidateRect
0x408288 SendMessageW
0x40828c DefWindowProcW
0x408290 BeginPaint
0x408294 GetClientRect
0x408298 FillRect
0x40829c DrawTextW
0x4082a0 EndPaint
0x4082a4 FindWindowExW
Library GDI32.dll:
0x40803c SetBkColor
0x408040 GetDeviceCaps
0x408044 DeleteObject
0x408048 CreateBrushIndirect
0x40804c CreateFontIndirectW
0x408050 SetBkMode
0x408054 SetTextColor
0x408058 SelectObject
Library SHELL32.dll:
0x40817c SHBrowseForFolderW
0x408184 SHGetFileInfoW
0x408188 ShellExecuteW
0x40818c SHFileOperationW
Library ADVAPI32.dll:
0x408000 RegEnumKeyW
0x408004 RegOpenKeyExW
0x408008 RegCloseKey
0x40800c RegDeleteKeyW
0x408010 RegDeleteValueW
0x408014 RegCreateKeyExW
0x408018 RegSetValueExW
0x40801c RegQueryValueExW
0x408020 RegEnumValueW
Library COMCTL32.dll:
0x408028 ImageList_AddMasked
0x40802c ImageList_Destroy
0x408030
0x408034 ImageList_Create
Library ole32.dll:
0x4082bc CoTaskMemFree
0x4082c0 OleInitialize
0x4082c4 OleUninitialize
0x4082c8 CoCreateInstance
Library VERSION.dll:
0x4082b0 GetFileVersionInfoW
0x4082b4 VerQueryValueW

Hosts

No hosts contacted.

TCP

Source Source Port Destination Destination Port
192.168.56.101 49194 205.185.208.80 cdnrep.reimage.com 80
192.168.56.101 49198 205.185.208.80 cdnrep.reimage.com 80

UDP

Source Source Port Destination Destination Port
192.168.56.101 49713 114.114.114.114 53
192.168.56.101 50002 114.114.114.114 53
192.168.56.101 53380 114.114.114.114 53
192.168.56.101 53657 114.114.114.114 53
192.168.56.101 57756 114.114.114.114 53
192.168.56.101 60384 114.114.114.114 53
192.168.56.101 62912 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 123 20.189.79.72 time.windows.com 123
192.168.56.101 49235 224.0.0.252 5355
192.168.56.101 50534 224.0.0.252 5355
192.168.56.101 51808 224.0.0.252 5355
192.168.56.101 51963 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 57236 224.0.0.252 5355
192.168.56.101 57874 224.0.0.252 5355
192.168.56.101 61680 224.0.0.252 5355
192.168.56.101 62191 224.0.0.252 5355
192.168.56.101 62318 224.0.0.252 5355

HTTP & HTTPS Requests

URI Data
http://cdnrep.reimage.com/downloader_version.xml 
GET /downloader_version.xml HTTP/1.1
User-Agent: NSIS_Inetc (Mozilla)
Host: cdnrep.reimage.com
Connection: Keep-Alive
Cache-Control: no-cache
http://cdnrep.reimageplus.com/rqz/ReimageRepair.exe 
GET /rqz/ReimageRepair.exe HTTP/1.1
User-Agent: NSIS_Inetc (Mozilla)
Host: cdnrep.reimageplus.com
Connection: Keep-Alive
Cache-Control: no-cache

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.