SmartHawk

3.8

中危

40 个模型检测该样本为恶意！

重新分析

下载样本

7a6bd7dfd27d855499f2811e1779e889f768958ae300709711963ac52aefe024

d789cea9f9034aaaf67a2bae88249d4c.exe

分析耗时

80s

最近分析

文件大小

9.1MB

静态报毒动态报毒 @B0@ASXESNLB AI SCORE=99 ARTEMIS ATTRIBUTE CLOUD CONFIDENCE DLII EGDV GENKRYPTIK HACKTOOL HIGH CONFIDENCE HIGHCONFIDENCE HW32 KRYPT MALICIOUS PE SCORE STRICTOR UNSAFE WOOZLIST ZEXAF 更多

未检测暂无鹰眼引擎检测结果

查杀引擎	查杀结果	查杀时间	查杀版本
McAfee	Artemis!D789CEA9F903	20200630	6.0.6.653
Alibaba	Trojan:Win32/GenKryptik.b701241f	20190527	0.3.0.5
Avast		20200701	18.4.3895.0
Baidu		20190318	1.0.0.2
Kingsoft		20200701	2013.8.14.323
Tencent		20200701	1.0.0.1
CrowdStrike	win/malicious_confidence_90% (W)	20190702	1.0

Checks if process is being debugged by a debugger (1 个事件)

Time & API	Arguments	Status	Return	Repeated
1620814943.630626 IsDebuggerPresent		failed	0	0

The executable contains unknown PE section names indicative of a packer (could be a false positive) (2 个事件)

section	.vmp0
section	.vmp1

The file contains an unknown PE resource name possibly indicative of a packer (1 个事件)

resource name

TEXTINCLUDE

One or more processes crashed (1 个事件)

Time & API	Arguments	Status	Return	Repeated
1620814943.943626 __exception__	stacktrace: registers.esp: 1637112 registers.edi: 4194304 registers.eax: 1932009282 registers.ebp: 1638240 registers.edx: 78 registers.ebx: 0 registers.esi: 0 registers.ecx: 838 exception.instruction_r: 90 68 80 43 28 e5 e8 6d 7a fd ff f5 50 81 eb 01 exception.instruction: nop exception.module: d789cea9f9034aaaf67a2bae88249d4c.exe exception.exception_code: 0x80000004 exception.offset: 20646118 exception.address: 0x17b08e6	success	0	0

Foreign language identified in PE resource (50 out of 52 个事件)

name

TEXTINCLUDE

language

LANG_CHINESE

offset

0x013cbdf4

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x00000151

name

TEXTINCLUDE

language

LANG_CHINESE

offset

0x013cbdf4

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x00000151

name

TEXTINCLUDE

language

LANG_CHINESE

offset

0x013cbdf4

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x00000151

name

RT_CURSOR

language

LANG_CHINESE

offset

0x013cc2e4

filetype

empty

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x000000b4

name

RT_CURSOR

language

LANG_CHINESE

offset

0x013cc2e4

filetype

empty

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x000000b4

name

RT_CURSOR

language

LANG_CHINESE

offset

0x013cc2e4

filetype

empty

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x000000b4

name

RT_CURSOR

language

LANG_CHINESE

offset

0x013cc2e4

filetype

empty

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x000000b4

name

RT_BITMAP

language

LANG_CHINESE

offset

0x013cdb58

filetype

empty

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x00000144

name

RT_BITMAP

language

LANG_CHINESE

offset

0x013cdb58

filetype

empty

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x00000144

name

RT_BITMAP

language

LANG_CHINESE

offset

0x013cdb58

filetype

empty

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x00000144

name

RT_BITMAP

language

LANG_CHINESE

offset

0x013cdb58

filetype

empty

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x00000144

name

RT_BITMAP

language

LANG_CHINESE

offset

0x013cdb58

filetype

empty

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x00000144

name

RT_BITMAP

language

LANG_CHINESE

offset

0x013cdb58

filetype

empty

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x00000144

name

RT_BITMAP

language

LANG_CHINESE

offset

0x013cdb58

filetype

empty

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x00000144

name

RT_BITMAP

language

LANG_CHINESE

offset

0x013cdb58

filetype

empty

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x00000144

name

RT_BITMAP

language

LANG_CHINESE

offset

0x013cdb58

filetype

empty

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x00000144

name

RT_BITMAP

language

LANG_CHINESE

offset

0x013cdb58

filetype

empty

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x00000144

name

RT_BITMAP

language

LANG_CHINESE

offset

0x013cdb58

filetype

empty

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x00000144

name

RT_BITMAP

language

LANG_CHINESE

offset

0x013cdb58

filetype

empty

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x00000144

name

RT_BITMAP

language

LANG_CHINESE

offset

0x013cdb58

filetype

empty

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x00000144

name

RT_BITMAP

language

LANG_CHINESE

offset

0x013cdb58

filetype

empty

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x00000144

name

RT_BITMAP

language

LANG_CHINESE

offset

0x013cdb58

filetype

empty

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x00000144

name

RT_MENU

language

LANG_CHINESE

offset

0x013cdca8

filetype

empty

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x00000284

name

RT_MENU

language

LANG_CHINESE

offset

0x013cdca8

filetype

empty

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x00000284

name

RT_DIALOG

language

LANG_CHINESE

offset

0x013ceef0

filetype

empty

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x0000018c

name

RT_DIALOG

language

LANG_CHINESE

offset

0x013ceef0

filetype

empty

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x0000018c

name

RT_DIALOG

language

LANG_CHINESE

offset

0x013ceef0

filetype

empty

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x0000018c

name

RT_DIALOG

language

LANG_CHINESE

offset

0x013ceef0

filetype

empty

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x0000018c

name

RT_DIALOG

language

LANG_CHINESE

offset

0x013ceef0

filetype

empty

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x0000018c

name

RT_DIALOG

language

LANG_CHINESE

offset

0x013ceef0

filetype

empty

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x0000018c

name

RT_DIALOG

language

LANG_CHINESE

offset

0x013ceef0

filetype

empty

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x0000018c

name

RT_DIALOG

language

LANG_CHINESE

offset

0x013ceef0

filetype

empty

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x0000018c

name

RT_DIALOG

language

LANG_CHINESE

offset

0x013ceef0

filetype

empty

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x0000018c

name

RT_DIALOG

language

LANG_CHINESE

offset

0x013ceef0

filetype

empty

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x0000018c

name

RT_STRING

language

LANG_CHINESE

offset

0x013cf938

filetype

empty

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x00000024

name

RT_STRING

language

LANG_CHINESE

offset

0x013cf938

filetype

empty

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x00000024

name

RT_STRING

language

LANG_CHINESE

offset

0x013cf938

filetype

empty

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x00000024

name

RT_STRING

language

LANG_CHINESE

offset

0x013cf938

filetype

empty

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x00000024

name

RT_STRING

language

LANG_CHINESE

offset

0x013cf938

filetype

empty

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x00000024

name

RT_STRING

language

LANG_CHINESE

offset

0x013cf938

filetype

empty

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x00000024

name

RT_STRING

language

LANG_CHINESE

offset

0x013cf938

filetype

empty

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x00000024

name

RT_STRING

language

LANG_CHINESE

offset

0x013cf938

filetype

empty

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x00000024

name

RT_STRING

language

LANG_CHINESE

offset

0x013cf938

filetype

empty

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x00000024

name

RT_STRING

language

LANG_CHINESE

offset

0x013cf938

filetype

empty

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x00000024

name

RT_STRING

language

LANG_CHINESE

offset

0x013cf938

filetype

empty

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x00000024

name

RT_GROUP_CURSOR

language

LANG_CHINESE

offset

0x013cf984

filetype

empty

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x00000022

name

RT_GROUP_CURSOR

language

LANG_CHINESE

offset

0x013cf984

filetype

empty

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x00000022

name

RT_GROUP_CURSOR

language

LANG_CHINESE

offset

0x013cf984

filetype

empty

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x00000022

name

RT_GROUP_ICON

language

LANG_CHINESE

offset

0x013cb928

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x00000014

name

RT_GROUP_ICON

language

LANG_CHINESE

offset

0x013cb928

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x00000014

The binary likely contains encrypted or compressed data indicative of a packer (2 个事件)

entropy

7.982535711609814

section

{'size_of_data': '0x0090f000', 'virtual_address': '0x00ab1000', 'entropy': 7.982535711609814, 'name': '.vmp1', 'virtual_size': '0x0090e030'}

description

A section with a high entropy has been found

entropy

0.9948519948519948

description

Overall entropy of this PE file is high

The executable is likely packed with VMProtect (2 个事件)

section	.vmp0				description	Section name indicates VMProtect
section	.vmp1				description	Section name indicates VMProtect

Communicates with host for which no DNS query was performed (1 个事件)

host

172.217.24.14

File has been identified by 40 AntiVirus engines on VirusTotal as malicious (40 个事件)

Bkav	HW32.Packed.
MicroWorld-eScan	Gen:Variant.Strictor.245604
FireEye	Generic.mg.d789cea9f9034aaa
CAT-QuickHeal	TrojanDropper.Woozlist
McAfee	Artemis!D789CEA9F903
Cylance	Unsafe
Sangfor	Malware
K7AntiVirus	Trojan ( 0054d5491 )
Alibaba	Trojan:Win32/GenKryptik.b701241f
K7GW	Trojan ( 0054d5491 )
Cybereason	malicious.9f9034
Invincea	heuristic
BitDefenderTheta	Gen:NN.ZexaF.34130.@B0@aSXESnlb
Symantec	ML.Attribute.HighConfidence
Paloalto	generic.ml
BitDefender	Gen:Variant.Strictor.245604
AegisLab	Trojan.Win32.Strictor.4!c
Rising	Dropper.Woozlist!8.15E (CLOUD)
Ad-Aware	Gen:Variant.Strictor.245604
Sophos	Mal/Generic-S
Zillya	Trojan.GenKryptik.Win32.32467
Trapmine	suspicious.low.ml.score
Emsisoft	Gen:Variant.Strictor.245604 (B)
SentinelOne	DFI - Malicious PE
Antiy-AVL	Trojan[Dropper]/Win32.Woozlist
Endgame	malicious (high confidence)
Microsoft	TrojanDropper:Win32/Woozlist.B
Cynet	Malicious (score: 100)
AhnLab-V3	Unwanted/Win32.HackTool.C3387035
Acronis	suspicious
ALYac	Gen:Variant.Strictor.245604
MAX	malware (ai score=99)
APEX	Malicious
ESET-NOD32	a variant of Win32/GenKryptik.EGDV
Yandex	Trojan.GenKryptik!
Ikarus	Trojan.Win32.Krypt
eGambit	Unsafe.AI_Score_99%
Fortinet	W32/GenKryptik.DLII!tr
CrowdStrike	win/malicious_confidence_90% (W)
Qihoo-360	Win32/Trojan.2ff

暂无二进制图像该样本未生成二进制可视化图像

暂无运行截图该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手，可以帮您分析和解读恶意软件报告。请随时向我提问！

🔍 主要威胁分析

⚡ 行为特征

🛡️ 防护建议

🔧 技术手段

🎯 检测方法

🤖

Static Analysis
Strings

PE Compile Time

2019-07-29 01:06:04

Imports

Library WINMM.dll:

• 0x174d000 midiStreamOut

• 0x174d004 midiOutPrepareHeader

• 0x174d008 midiStreamProperty

• 0x174d00c midiStreamOpen

• 0x174d010 midiOutUnprepareHeader

• 0x174d014 waveOutOpen

• 0x174d018 waveOutRestart

• 0x174d01c waveOutUnprepareHeader

• 0x174d020 waveOutPrepareHeader

• 0x174d024 waveOutWrite

• 0x174d028 waveOutPause

• 0x174d02c waveOutReset

• 0x174d030 waveOutClose

• 0x174d034 midiStreamStop

• 0x174d038 midiOutReset

• 0x174d03c midiStreamClose

• 0x174d040 midiStreamRestart

• 0x174d044 waveOutGetNumDevs

Library WS2_32.dll:

• 0x174d04c WSAAsyncSelect

• 0x174d050 closesocket

• 0x174d054 send

• 0x174d058 select

• 0x174d05c WSAStartup

• 0x174d060 inet_ntoa

• 0x174d064 recvfrom

• 0x174d068 ioctlsocket

• 0x174d06c recv

• 0x174d070 getpeername

• 0x174d074 accept

• 0x174d078 WSACleanup

• 0x174d07c ntohl

Library RASAPI32.dll:

• 0x174d084 RasHangUpA

• 0x174d088 RasGetConnectStatusA

Library KERNEL32.dll:

• 0x174d090 SetLastError

• 0x174d094 GetTimeZoneInformation

• 0x174d098 GetVersion

• 0x174d09c FileTimeToSystemTime

• 0x174d0a0 CreateMutexA

• 0x174d0a4 ReleaseMutex

• 0x174d0a8 SuspendThread

• 0x174d0ac InterlockedIncrement

• 0x174d0b0 GetSystemInfo

• 0x174d0b4 IsProcessorFeaturePresent

• 0x174d0b8 lstrcmpiA

• 0x174d0bc GetSystemTime

• 0x174d0c0 RtlUnwind

• 0x174d0c4 GetStartupInfoA

• 0x174d0c8 GetOEMCP

• 0x174d0cc GetCPInfo

• 0x174d0d0 GetProcessVersion

• 0x174d0d4 SetErrorMode

• 0x174d0d8 GlobalFlags

• 0x174d0dc GetCurrentThread

• 0x174d0e0 GetFileTime

• 0x174d0e4 TlsGetValue

• 0x174d0e8 LocalReAlloc

• 0x174d0ec TlsSetValue

• 0x174d0f0 TlsFree

• 0x174d0f4 GlobalHandle

• 0x174d0f8 TlsAlloc

• 0x174d0fc LocalAlloc

• 0x174d100 lstrcmpA

• 0x174d104 GlobalGetAtomNameA

• 0x174d108 GlobalAddAtomA

• 0x174d10c GlobalFindAtomA

• 0x174d110 GlobalDeleteAtom

• 0x174d114 SetEndOfFile

• 0x174d118 UnlockFile

• 0x174d11c LockFile

• 0x174d120 FlushFileBuffers

• 0x174d124 DuplicateHandle

• 0x174d128 lstrcpynA

• 0x174d12c FileTimeToLocalFileTime

• 0x174d130 LocalFree

• 0x174d134 TerminateProcess

• 0x174d138 GetFileSize

• 0x174d13c SetFilePointer

• 0x174d140 CreateToolhelp32Snapshot

• 0x174d144 Process32First

• 0x174d148 Process32Next

• 0x174d14c TerminateThread

• 0x174d150 WideCharToMultiByte

• 0x174d154 MultiByteToWideChar

• 0x174d158 GetCurrentProcess

• 0x174d15c GetWindowsDirectoryA

• 0x174d160 GetSystemDirectoryA

• 0x174d164 CreateSemaphoreA

• 0x174d168 ResumeThread

• 0x174d16c ReleaseSemaphore

• 0x174d170 EnterCriticalSection

• 0x174d174 LeaveCriticalSection

• 0x174d178 GetProfileStringA

• 0x174d17c WriteFile

• 0x174d180 WaitForMultipleObjects

• 0x174d184 CreateFileA

• 0x174d188 SetEvent

• 0x174d18c FindResourceA

• 0x174d190 LoadResource

• 0x174d194 LockResource

• 0x174d198 ReadFile

• 0x174d19c lstrlenW

• 0x174d1a0 RemoveDirectoryA

• 0x174d1a4 GetModuleFileNameA

• 0x174d1a8 GetCurrentThreadId

• 0x174d1ac ExitProcess

• 0x174d1b0 GlobalSize

• 0x174d1b4 GlobalFree

• 0x174d1b8 DeleteCriticalSection

• 0x174d1bc InitializeCriticalSection

• 0x174d1c0 lstrcatA

• 0x174d1c4 lstrlenA

• 0x174d1c8 WinExec

• 0x174d1cc lstrcpyA

• 0x174d1d0 FindNextFileA

• 0x174d1d4 GlobalReAlloc

• 0x174d1d8 HeapFree

• 0x174d1dc HeapReAlloc

• 0x174d1e0 GetProcessHeap

• 0x174d1e4 HeapAlloc

• 0x174d1e8 GetUserDefaultLCID

• 0x174d1ec GetFullPathNameA

• 0x174d1f0 FreeLibrary

• 0x174d1f4 LoadLibraryA

• 0x174d1f8 GetLastError

• 0x174d1fc GetVersionExA

• 0x174d200 WritePrivateProfileStringA

• 0x174d204 GetPrivateProfileStringA

• 0x174d208 CreateThread

• 0x174d20c CreateEventA

• 0x174d210 Sleep

• 0x174d214 GlobalAlloc

• 0x174d218 InterlockedExchange

• 0x174d21c GlobalLock

• 0x174d220 GlobalUnlock

• 0x174d224 GetTempPathA

• 0x174d228 FindFirstFileA

• 0x174d22c FindClose

• 0x174d230 SetFileAttributesA

• 0x174d234 GetFileAttributesA

• 0x174d238 DeleteFileA

• 0x174d23c SetCurrentDirectoryA

• 0x174d240 GetVolumeInformationA

• 0x174d244 GetModuleHandleA

• 0x174d248 GetProcAddress

• 0x174d24c MulDiv

• 0x174d250 GetCommandLineA

• 0x174d254 GetTickCount

• 0x174d258 WaitForSingleObject

• 0x174d25c CloseHandle

• 0x174d260 GetLocalTime

• 0x174d264 RaiseException

• 0x174d268 HeapSize

• 0x174d26c GetACP

• 0x174d270 SetStdHandle

• 0x174d274 GetFileType

• 0x174d278 UnhandledExceptionFilter

• 0x174d27c FreeEnvironmentStringsA

• 0x174d280 FreeEnvironmentStringsW

• 0x174d284 GetEnvironmentStrings

• 0x174d288 GetEnvironmentStringsW

• 0x174d28c SetHandleCount

• 0x174d290 GetStdHandle

• 0x174d294 GetEnvironmentVariableA

• 0x174d298 HeapDestroy

• 0x174d29c HeapCreate

• 0x174d2a0 VirtualFree

• 0x174d2a4 SetEnvironmentVariableA

• 0x174d2a8 LCMapStringA

• 0x174d2ac LCMapStringW

• 0x174d2b0 VirtualAlloc

• 0x174d2b4 IsBadWritePtr

• 0x174d2b8 SetUnhandledExceptionFilter

• 0x174d2bc GetStringTypeA

• 0x174d2c0 GetStringTypeW

• 0x174d2c4 CompareStringA

• 0x174d2c8 CompareStringW

• 0x174d2cc IsBadReadPtr

• 0x174d2d0 IsBadCodePtr

• 0x174d2d4 InterlockedDecrement

Library USER32.dll:

• 0x174d2dc GetWindow

• 0x174d2e0 GetActiveWindow

• 0x174d2e4 SetFocus

• 0x174d2e8 IsIconic

• 0x174d2ec PeekMessageA

• 0x174d2f0 SetMenu

• 0x174d2f4 DestroyAcceleratorTable

• 0x174d2f8 SetWindowRgn

• 0x174d2fc GetMessagePos

• 0x174d300 ScreenToClient

• 0x174d304 ChildWindowFromPointEx

• 0x174d308 CopyRect

• 0x174d30c LoadBitmapA

• 0x174d310 GetSysColorBrush

• 0x174d314 GetMenu

• 0x174d318 DeleteMenu

• 0x174d31c GetSystemMenu

• 0x174d320 DefWindowProcA

• 0x174d324 GetClassInfoA

• 0x174d328 IsZoomed

• 0x174d32c PostQuitMessage

• 0x174d330 CopyAcceleratorTableA

• 0x174d334 GetKeyState

• 0x174d338 TranslateAcceleratorA

• 0x174d33c IsWindowEnabled

• 0x174d340 ShowWindow

• 0x174d344 SystemParametersInfoA

• 0x174d348 LoadImageA

• 0x174d34c EnumDisplaySettingsA

• 0x174d350 ClientToScreen

• 0x174d354 EnableMenuItem

• 0x174d358 GetSubMenu

• 0x174d35c GetDlgCtrlID

• 0x174d360 CreateAcceleratorTableA

• 0x174d364 CreateMenu

• 0x174d368 ModifyMenuA

• 0x174d36c WinHelpA

• 0x174d370 KillTimer

• 0x174d374 SetTimer

• 0x174d378 ReleaseCapture

• 0x174d37c GetCapture

• 0x174d380 SetCapture

• 0x174d384 GetScrollRange

• 0x174d388 SetScrollRange

• 0x174d38c SetScrollPos

• 0x174d390 SetRect

• 0x174d394 InflateRect

• 0x174d398 IntersectRect

• 0x174d39c DestroyIcon

• 0x174d3a0 PtInRect

• 0x174d3a4 OffsetRect

• 0x174d3a8 IsWindowVisible

• 0x174d3ac EnableWindow

• 0x174d3b0 AppendMenuA

• 0x174d3b4 GetWindowLongA

• 0x174d3b8 SetWindowLongA

• 0x174d3bc GetSysColor

• 0x174d3c0 SetActiveWindow

• 0x174d3c4 SetCursorPos

• 0x174d3c8 LoadCursorA

• 0x174d3cc LoadStringA

• 0x174d3d0 GetMenuCheckMarkDimensions

• 0x174d3d4 GetMenuState

• 0x174d3d8 SetMenuItemBitmaps

• 0x174d3dc CheckMenuItem

• 0x174d3e0 MoveWindow

• 0x174d3e4 IsDialogMessageA

• 0x174d3e8 ScrollWindowEx

• 0x174d3ec SendDlgItemMessageA

• 0x174d3f0 MapWindowPoints

• 0x174d3f4 AdjustWindowRectEx

• 0x174d3f8 GetScrollPos

• 0x174d3fc RegisterClassA

• 0x174d400 GetMenuItemCount

• 0x174d404 GetMenuItemID

• 0x174d408 SetWindowsHookExA

• 0x174d40c CallNextHookEx

• 0x174d410 GetClassLongA

• 0x174d414 SetPropA

• 0x174d418 UnhookWindowsHookEx

• 0x174d41c GetPropA

• 0x174d420 RemovePropA

• 0x174d424 GetMessageTime

• 0x174d428 GetLastActivePopup

• 0x174d42c RegisterWindowMessageA

• 0x174d430 SetCursor

• 0x174d434 GetDC

• 0x174d438 FillRect

• 0x174d43c IsRectEmpty

• 0x174d440 ReleaseDC

• 0x174d444 IsChild

• 0x174d448 DestroyMenu

• 0x174d44c SetForegroundWindow

• 0x174d450 GetWindowRect

• 0x174d454 EqualRect

• 0x174d458 UpdateWindow

• 0x174d45c ValidateRect

• 0x174d460 InvalidateRect

• 0x174d464 GetClientRect

• 0x174d468 GetFocus

• 0x174d46c GetParent

• 0x174d470 GetTopWindow

• 0x174d474 PostMessageA

• 0x174d478 IsWindow

• 0x174d47c SetParent

• 0x174d480 DestroyCursor

• 0x174d484 SendMessageA

• 0x174d488 SetWindowPos

• 0x174d48c MessageBoxA

• 0x174d490 GetCursorPos

• 0x174d494 GetSystemMetrics

• 0x174d498 EmptyClipboard

• 0x174d49c SetClipboardData

• 0x174d4a0 OpenClipboard

• 0x174d4a4 GetClipboardData

• 0x174d4a8 CloseClipboard

• 0x174d4ac wsprintfA

• 0x174d4b0 CreatePopupMenu

• 0x174d4b4 DrawIconEx

• 0x174d4b8 CreateIconFromResource

• 0x174d4bc CreateIconFromResourceEx

• 0x174d4c0 RegisterClipboardFormatA

• 0x174d4c4 SetRectEmpty

• 0x174d4c8 DispatchMessageA

• 0x174d4cc GetMessageA

• 0x174d4d0 WindowFromPoint

• 0x174d4d4 DrawFocusRect

• 0x174d4d8 DrawEdge

• 0x174d4dc DrawFrameControl

• 0x174d4e0 TranslateMessage

• 0x174d4e4 LoadIconA

• 0x174d4e8 GetForegroundWindow

• 0x174d4ec GetDesktopWindow

• 0x174d4f0 GetClassNameA

• 0x174d4f4 UnregisterClassA

• 0x174d4f8 GetDlgItem

• 0x174d4fc GetWindowTextA

• 0x174d500 SetWindowTextA

• 0x174d504 CallWindowProcA

• 0x174d508 CreateWindowExA

• 0x174d50c RegisterHotKey

• 0x174d510 UnregisterHotKey

• 0x174d514 RedrawWindow

• 0x174d518 GetWindowTextLengthA

• 0x174d51c CharUpperA

• 0x174d520 GetWindowDC

• 0x174d524 BeginPaint

• 0x174d528 EndPaint

• 0x174d52c TabbedTextOutA

• 0x174d530 DrawTextA

• 0x174d534 GrayStringA

• 0x174d538 DestroyWindow

• 0x174d53c CreateDialogIndirectParamA

• 0x174d540 EndDialog

• 0x174d544 GetNextDlgTabItem

• 0x174d548 GetWindowPlacement

Library GDI32.dll:

• 0x174d550 ExtSelectClipRgn

• 0x174d554 LineTo

• 0x174d558 MoveToEx

• 0x174d55c BitBlt

• 0x174d560 CreateCompatibleDC

• 0x174d564 Ellipse

• 0x174d568 Rectangle

• 0x174d56c LPtoDP

• 0x174d570 DPtoLP

• 0x174d574 GetCurrentObject

• 0x174d578 RoundRect

• 0x174d57c GetTextExtentPoint32A

• 0x174d580 GetDeviceCaps

• 0x174d584 StretchBlt

• 0x174d588 CreatePalette

• 0x174d58c GetSystemPaletteEntries

• 0x174d590 CreateDIBitmap

• 0x174d594 SelectClipRgn

• 0x174d598 CreatePolygonRgn

• 0x174d59c GetClipRgn

• 0x174d5a0 SetStretchBltMode

• 0x174d5a4 CreateRectRgnIndirect

• 0x174d5a8 CreateFontA

• 0x174d5ac TranslateCharsetInfo

• 0x174d5b0 ExcludeClipRect

• 0x174d5b4 GetClipBox

• 0x174d5b8 ScaleWindowExtEx

• 0x174d5bc SetWindowExtEx

• 0x174d5c0 SetWindowOrgEx

• 0x174d5c4 ScaleViewportExtEx

• 0x174d5c8 SetViewportExtEx

• 0x174d5cc OffsetViewportOrgEx

• 0x174d5d0 SetViewportOrgEx

• 0x174d5d4 GetViewportExtEx

• 0x174d5d8 PtVisible

• 0x174d5dc RectVisible

• 0x174d5e0 TextOutA

• 0x174d5e4 ExtTextOutA

• 0x174d5e8 Escape

• 0x174d5ec GetTextMetricsA

• 0x174d5f0 StartPage

• 0x174d5f4 StartDocA

• 0x174d5f8 DeleteDC

• 0x174d5fc EndDoc

• 0x174d600 EndPage

• 0x174d604 GetObjectA

• 0x174d608 GetStockObject

• 0x174d60c CreateFontIndirectA

• 0x174d610 CreateSolidBrush

• 0x174d614 FillRgn

• 0x174d618 CreateRectRgn

• 0x174d61c CombineRgn

• 0x174d620 PatBlt

• 0x174d624 CreatePen

• 0x174d628 SelectObject

• 0x174d62c SetMapMode

• 0x174d630 SetTextColor

• 0x174d634 SetROP2

• 0x174d638 SetPolyFillMode

• 0x174d63c SetBkMode

• 0x174d640 RestoreDC

• 0x174d644 SaveDC

• 0x174d648 CreateBitmap

• 0x174d64c CreateDCA

• 0x174d650 CreateCompatibleBitmap

• 0x174d654 GetPolyFillMode

• 0x174d658 GetStretchBltMode

• 0x174d65c GetROP2

• 0x174d660 GetBkColor

• 0x174d664 GetBkMode

• 0x174d668 GetTextColor

• 0x174d66c CreateRoundRectRgn

• 0x174d670 CreateEllipticRgn

• 0x174d674 PathToRegion

• 0x174d678 EndPath

• 0x174d67c BeginPath

• 0x174d680 GetWindowOrgEx

• 0x174d684 GetViewportOrgEx

• 0x174d688 GetWindowExtEx

• 0x174d68c GetDIBits

• 0x174d690 RealizePalette

• 0x174d694 DeleteObject

• 0x174d698 SetBkColor

• 0x174d69c SelectPalette

Library WINSPOOL.DRV:

• 0x174d6a4 OpenPrinterA

• 0x174d6a8 DocumentPropertiesA

• 0x174d6ac ClosePrinter

Library ADVAPI32.dll:

• 0x174d6b4 RegQueryValueExA

• 0x174d6b8 RegOpenKeyExA

• 0x174d6bc RegSetValueExA

• 0x174d6c0 RegCreateKeyA

• 0x174d6c4 RegQueryValueA

• 0x174d6c8 RegCreateKeyExA

• 0x174d6cc RegOpenKeyA

• 0x174d6d0 RegCloseKey

Library SHELL32.dll:

• 0x174d6d8 SHGetSpecialFolderPathA

• 0x174d6dc DragQueryFileA

• 0x174d6e0 DragFinish

• 0x174d6e4 DragAcceptFiles

• 0x174d6e8 ShellExecuteA

• 0x174d6ec Shell_NotifyIconA

Library ole32.dll:

• 0x174d6f4 CLSIDFromProgID

• 0x174d6f8 OleRun

• 0x174d6fc CoCreateInstance

• 0x174d700 CLSIDFromString

• 0x174d704 OleUninitialize

• 0x174d708 OleInitialize

Library OLEAUT32.dll:

• 0x174d710 VariantChangeType

• 0x174d714 VariantClear

• 0x174d718 VariantCopyInd

• 0x174d71c VariantInit

• 0x174d720 SysAllocString

• 0x174d724 UnRegisterTypeLib

• 0x174d728 LoadTypeLib

• 0x174d72c LHashValOfNameSys

• 0x174d730 RegisterTypeLib

Library COMCTL32.dll:

• 0x174d738 ImageList_Add

• 0x174d73c ImageList_BeginDrag

• 0x174d740 ImageList_Create

• 0x174d744 ImageList_Destroy

• 0x174d748 ImageList_DragEnter

• 0x174d74c ImageList_DragLeave

• 0x174d750 ImageList_DragMove

• 0x174d754 ImageList_DragShowNolock

• 0x174d758 ImageList_EndDrag

• 0x174d75c

Library WININET.dll:

• 0x174d764 InternetCloseHandle

Library comdlg32.dll:

• 0x174d76c ChooseColorA

• 0x174d770 GetOpenFileNameA

• 0x174d774 GetFileTitleA

• 0x174d778 GetSaveFileNameA

Library WTSAPI32.dll:

• 0x174d780 WTSSendMessageW

Library KERNEL32.dll:

• 0x174d788 VirtualQuery

• 0x174d78c GetSystemTimeAsFileTime

• 0x174d790 GetModuleHandleA

• 0x174d794 CreateEventA

• 0x174d798 GetModuleFileNameW

• 0x174d79c LoadLibraryA

• 0x174d7a0 TerminateProcess

• 0x174d7a4 GetCurrentProcess

• 0x174d7a8 CreateToolhelp32Snapshot

• 0x174d7ac Thread32First

• 0x174d7b0 GetCurrentProcessId

• 0x174d7b4 GetCurrentThreadId

• 0x174d7b8 OpenThread

• 0x174d7bc Thread32Next

• 0x174d7c0 CloseHandle

• 0x174d7c4 SuspendThread

• 0x174d7c8 ResumeThread

• 0x174d7cc WriteProcessMemory

• 0x174d7d0 GetSystemInfo

• 0x174d7d4 VirtualAlloc

• 0x174d7d8 VirtualProtect

• 0x174d7dc VirtualFree

• 0x174d7e0 GetProcessAffinityMask

• 0x174d7e4 SetProcessAffinityMask

• 0x174d7e8 GetCurrentThread

• 0x174d7ec SetThreadAffinityMask

• 0x174d7f0 Sleep

• 0x174d7f4 FreeLibrary

• 0x174d7f8 GetTickCount

• 0x174d7fc GlobalFree

• 0x174d800 GetProcAddress

• 0x174d804 LocalAlloc

• 0x174d808 LocalFree

• 0x174d80c ExitProcess

• 0x174d810 EnterCriticalSection

• 0x174d814 LeaveCriticalSection

• 0x174d818 InitializeCriticalSection

• 0x174d81c DeleteCriticalSection

• 0x174d820 GetModuleHandleW

• 0x174d824 LoadResource

• 0x174d828 MultiByteToWideChar

• 0x174d82c FindResourceExW

• 0x174d830 FindResourceExA

• 0x174d834 WideCharToMultiByte

• 0x174d838 GetThreadLocale

• 0x174d83c GetUserDefaultLCID

• 0x174d840 GetSystemDefaultLCID

• 0x174d844 EnumResourceNamesA

• 0x174d848 EnumResourceNamesW

• 0x174d84c EnumResourceLanguagesA

• 0x174d850 EnumResourceLanguagesW

• 0x174d854 EnumResourceTypesA

• 0x174d858 EnumResourceTypesW

• 0x174d85c CreateFileW

• 0x174d860 LoadLibraryW

• 0x174d864 GetLastError

• 0x174d868 FlushFileBuffers

• 0x174d86c CreateFileA

• 0x174d870 WriteConsoleW

• 0x174d874 GetConsoleOutputCP

• 0x174d878 WriteConsoleA

• 0x174d87c GetCommandLineA

• 0x174d880 RaiseException

• 0x174d884 RtlUnwind

• 0x174d888 HeapFree

• 0x174d88c GetCPInfo

• 0x174d890 InterlockedIncrement

• 0x174d894 InterlockedDecrement

• 0x174d898 GetACP

• 0x174d89c GetOEMCP

• 0x174d8a0 IsValidCodePage

• 0x174d8a4 TlsGetValue

• 0x174d8a8 TlsAlloc

• 0x174d8ac TlsSetValue

• 0x174d8b0 TlsFree

• 0x174d8b4 SetLastError

• 0x174d8b8 UnhandledExceptionFilter

• 0x174d8bc SetUnhandledExceptionFilter

• 0x174d8c0 IsDebuggerPresent

• 0x174d8c4 HeapAlloc

• 0x174d8c8 LCMapStringA

• 0x174d8cc LCMapStringW

• 0x174d8d0 SetHandleCount

• 0x174d8d4 GetStdHandle

• 0x174d8d8 GetFileType

• 0x174d8dc GetStartupInfoA

• 0x174d8e0 GetModuleFileNameA

• 0x174d8e4 FreeEnvironmentStringsA

• 0x174d8e8 GetEnvironmentStrings

• 0x174d8ec FreeEnvironmentStringsW

• 0x174d8f0 GetEnvironmentStringsW

• 0x174d8f4 HeapCreate

• 0x174d8f8 HeapDestroy

• 0x174d8fc QueryPerformanceCounter

• 0x174d900 HeapReAlloc

• 0x174d904 GetStringTypeA

• 0x174d908 GetStringTypeW

• 0x174d90c GetLocaleInfoA

• 0x174d910 HeapSize

• 0x174d914 WriteFile

• 0x174d918 SetFilePointer

• 0x174d91c GetConsoleCP

• 0x174d920 GetConsoleMode

• 0x174d924 InitializeCriticalSectionAndSpinCount

• 0x174d928 SetStdHandle

Library USER32.dll:

• 0x174d930 GetUserObjectInformationW

• 0x174d934 CharUpperBuffW

• 0x174d938 MessageBoxW

• 0x174d93c GetProcessWindowStation

Library KERNEL32.dll:

• 0x174d944 LocalAlloc

• 0x174d948 LocalFree

• 0x174d94c GetModuleFileNameW

• 0x174d950 GetProcessAffinityMask

• 0x174d954 SetProcessAffinityMask

• 0x174d958 SetThreadAffinityMask

• 0x174d95c Sleep

• 0x174d960 ExitProcess

• 0x174d964 FreeLibrary

• 0x174d968 LoadLibraryA

• 0x174d96c GetModuleHandleA

• 0x174d970 GetProcAddress

Library USER32.dll:

• 0x174d978 GetProcessWindowStation

• 0x174d97c GetUserObjectInformationW

Hosts

No hosts contacted.

DNS

Name	Response	Post-Analysis Lookup
time.windows.com	A 20.189.79.72 CNAME time.microsoft.akadns.net
dns.msftncsi.com	A 131.107.255.255	131.107.255.255
dns.msftncsi.com	AAAA fd3e:4f5a:5b81::1	131.107.255.255
teredo.ipv6.microsoft.com

TCP

No TCP connections recorded.

UDP

Source	Source Port	Destination	Destination Port
192.168.56.101	50534	114.114.114.114	53
192.168.56.101	51963	114.114.114.114	53
192.168.56.101	56539	114.114.114.114	53
192.168.56.101	58367	114.114.114.114	53
192.168.56.101	65004	114.114.114.114	53
192.168.56.101	137	192.168.56.255	137
192.168.56.101	138	192.168.56.255	138
192.168.56.101	123	20.189.79.72 time.windows.com	123
192.168.56.101	49235	224.0.0.252	5355
192.168.56.101	53657	224.0.0.252	5355
192.168.56.101	56804	224.0.0.252	5355
192.168.56.101	60123	224.0.0.252	5355
192.168.56.101	62191	224.0.0.252	5355
192.168.56.101	1900	239.255.255.250	1900
192.168.56.101	56540	239.255.255.250	3702
192.168.56.101	56807	239.255.255.250	1900
192.168.56.101	58368	239.255.255.250	3702
192.168.56.101	58370	239.255.255.250	3702
192.168.56.101	58707	239.255.255.250	3702

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.

Sorry! No dropped buffers.