SmartHawk

5.2

中危

57 个模型检测该样本为恶意！

重新分析

下载样本

15e81b44c4d3099f90ec4e045d4904a925f89a44fae891efa4825bc5698ab3b5

df14ca82143df0f97ae94d830e43f785.exe

分析耗时

69s

最近分析

文件大小

487.0KB

静态报毒动态报毒 100% AI SCORE=84 AIDETECTVM ATTRIBUTE AUTOG BTD180 CDIBM CLASSIC CONFIDENCE DELF EGX@AUIEECJI EJGF ELDORADO ELQY EMPE FSGD GDSDA GENKRYPTIK HIGH CONFIDENCE HIGHCONFIDENCE HJNURU IGENT KRYPTIK MALWARE1 MALWARE@#HXK6737S1WLP R + TROJ R06EC0PIK20 R334907 REMCOS REMCOSCRYPT SCORE SIGGEN8 STATIC AI SUSGEN SUSPICIOUS PE TRJGEN TSCOPE UNSAFE WACATAC WSJS ZELPHIF 更多

未检测暂无鹰眼引擎检测结果

查杀引擎	查杀结果	查杀时间	查杀版本
McAfee	Trojan-FSGD!DF14CA82143D	20201228	6.0.6.653
Alibaba	Backdoor:Win32/Injector.9754b751	20190527	0.3.0.5
CrowdStrike	win/malicious_confidence_100% (W)	20190702	1.0
Baidu		20190318	1.0.0.2
Avast	Win32:Trojan-gen	20201228	21.1.5827.0
Tencent	Win32.Backdoor.Remcos.Wsjs	20201228	1.0.0.1
Kingsoft		20201228	2017.9.26.565

The executable contains unknown PE section names indicative of a packer (could be a false positive) (3 个事件)

section	CODE
section	DATA
section	BSS

The executable uses a known packer (1 个事件)

packer

BobSoft Mini Delphi -> BoB / BobSoft

One or more processes crashed (1 个事件)

Time & API	Arguments	Status	Return	Repeated
1619948459.069784 __exception__	stacktrace: registers.esp: 58392064 registers.edi: 32411608 registers.eax: 0 registers.ebp: 0 registers.edx: 0 registers.ebx: 36 registers.esi: 16 registers.ecx: 0 exception.instruction_r: 8b 41 3c 99 03 04 24 13 54 24 04 83 c4 08 89 04 exception.instruction: mov eax, dword ptr [ecx + 0x3c] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x1ee8a45	success	0	0

Allocates read-write-execute memory (usually to unpack itself) (1 个事件)

Time & API	Arguments	Status	Return	Repeated
1619948411.069784 NtAllocateVirtualMemory	process_identifier: 2824 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 4096 (MEM_COMMIT) base_address: 0x00490000	success	0	0

Downloads a file or document from Google Drive (1 个事件)

domain

drive.google.com

Checks adapter addresses which can be used to detect virtual network interfaces (1 个事件)

Time & API	Arguments	Status	Return	Repeated
1619948427.288784 GetAdaptersAddresses	flags: 0 family: 0	failed	111	0

Communicates with host for which no DNS query was performed (1 个事件)

host

172.217.24.14

Sets or modifies WPAD proxy autoconfiguration file for traffic interception (8 个事件)

Time & API	Arguments	Status
1619948429.851784 RegSetValueExA	key_handle: 0x000003c4 value: 1 regkey_r: WpadDecisionReason reg_type: 4 (REG_DWORD) regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionReason	success
1619948429.851784 RegSetValueExA	key_handle: 0x000003c4 value: àëP?× regkey_r: WpadDecisionTime reg_type: 3 (REG_BINARY) regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionTime	success
1619948429.851784 RegSetValueExA	key_handle: 0x000003c4 value: 3 regkey_r: WpadDecision reg_type: 4 (REG_DWORD) regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecision	success
1619948429.851784 RegSetValueExW	key_handle: 0x000003c4 value: 网络 2 regkey_r: WpadNetworkName reg_type: 1 (REG_SZ) regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadNetworkName	success
1619948429.851784 RegSetValueExA	key_handle: 0x000003dc value: 1 regkey_r: WpadDecisionReason reg_type: 4 (REG_DWORD) regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionReason	success
1619948429.851784 RegSetValueExA	key_handle: 0x000003dc value: àëP?× regkey_r: WpadDecisionTime reg_type: 3 (REG_BINARY) regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionTime	success
1619948429.851784 RegSetValueExA	key_handle: 0x000003dc value: 3 regkey_r: WpadDecision reg_type: 4 (REG_DWORD) regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecision	success
1619948429.882784 RegSetValueExW	key_handle: 0x000003c0 value: {40112ABE-63B3-43C3-BE93-1440EE3AF106} regkey_r: WpadLastNetwork reg_type: 1 (REG_SZ) regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\WpadLastNetwork	success

Connects to an IP address that is no longer responding to requests (legitimate services will remain up-and-running usually) (1 个事件)

dead_host

31.13.82.33:443

File has been identified by 57 AntiVirus engines on VirusTotal as malicious (50 out of 57 个事件)

Bkav	W32.AIDetectVM.malware1
Elastic	malicious (high confidence)
MicroWorld-eScan	Trojan.Empe.1.Gen
FireEye	Generic.mg.df14ca82143df0f9
McAfee	Trojan-FSGD!DF14CA82143D
Cylance	Unsafe
VIPRE	Trojan.Win32.Generic!BT
Sangfor	Malware
K7AntiVirus	Trojan ( 00565ab81 )
Alibaba	Backdoor:Win32/Injector.9754b751
K7GW	Trojan ( 00565ab81 )
CrowdStrike	win/malicious_confidence_100% (W)
Arcabit	Trojan.Empe.1.Gen
Cyren	W32/Delf_Troj.N.gen!Eldorado
Symantec	ML.Attribute.HighConfidence
APEX	Malicious
Avast	Win32:Trojan-gen
ClamAV	Win.Dropper.Remcos-7727758-0
Kaspersky	HEUR:Backdoor.Win32.Remcos.gen
BitDefender	Trojan.Empe.1.Gen
NANO-Antivirus	Trojan.Win32.TrjGen.hjnuru
Paloalto	generic.ml
Tencent	Win32.Backdoor.Remcos.Wsjs
Ad-Aware	Trojan.Empe.1.Gen
Sophos	Mal/Generic-R + Troj/AutoG-HT
Comodo	Malware@#hxk6737s1wlp
DrWeb	Trojan.Siggen8.46567
TrendMicro	TROJ_GEN.R06EC0PIK20
McAfee-GW-Edition	Trojan-FSGD!DF14CA82143D
Emsisoft	Trojan.Empe.1.Gen (B)
SentinelOne	Static AI - Suspicious PE
Jiangmin	Backdoor.Remcos.bkf
eGambit	Unsafe.AI_Score_85%
Avira	TR/Injector.cdibm
Antiy-AVL	Trojan/Win32.Wacatac
Microsoft	Trojan:Win32/RemcosCrypt.ACH!MTB
AegisLab	Trojan.Win32.Remcos.m!c
ZoneAlarm	HEUR:Backdoor.Win32.Remcos.gen
GData	Trojan.Empe.1.Gen
Cynet	Malicious (score: 85)
AhnLab-V3	Trojan/Win32.Injector.R334907
BitDefenderTheta	Gen:NN.ZelphiF.34700.EGX@auIeEcji
ALYac	Trojan.Empe.1.Gen
MAX	malware (ai score=84)
VBA32	TScope.Trojan.Delf
Malwarebytes	Trojan.MalPack
ESET-NOD32	a variant of Win32/Injector.ELQY
TrendMicro-HouseCall	TROJ_GEN.R06EC0PIK20
Rising	Trojan.Kryptik!1.C56D (CLASSIC)
Yandex	Trojan.Igent.bTD180.3

暂无二进制图像该样本未生成二进制可视化图像

暂无运行截图该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手，可以帮您分析和解读恶意软件报告。请随时向我提问！

🔍 主要威胁分析

⚡ 行为特征

🛡️ 防护建议

🔧 技术手段

🎯 检测方法

🤖

Static Analysis
Strings

PE Compile Time

1992-06-20 06:22:17

Imports

Library kernel32.dll:

• 0x468140 DeleteCriticalSection

• 0x468144 LeaveCriticalSection

• 0x468148 EnterCriticalSection

• 0x46814c InitializeCriticalSection

• 0x468150 VirtualFree

• 0x468154 VirtualAlloc

• 0x468158 LocalFree

• 0x46815c LocalAlloc

• 0x468160 GetVersion

• 0x468164 GetCurrentThreadId

• 0x468168 InterlockedDecrement

• 0x46816c InterlockedIncrement

• 0x468170 VirtualQuery

• 0x468174 WideCharToMultiByte

• 0x468178 MultiByteToWideChar

• 0x46817c lstrlenA

• 0x468180 lstrcpynA

• 0x468184 LoadLibraryExA

• 0x468188 GetThreadLocale

• 0x46818c GetStartupInfoA

• 0x468190 GetProcAddress

• 0x468194 GetModuleHandleA

• 0x468198 GetModuleFileNameA

• 0x46819c GetLocaleInfoA

• 0x4681a0 GetCommandLineA

• 0x4681a4 FreeLibrary

• 0x4681a8 FindFirstFileA

• 0x4681ac FindClose

• 0x4681b0 ExitProcess

• 0x4681b4 WriteFile

• 0x4681b8 UnhandledExceptionFilter

• 0x4681bc RtlUnwind

• 0x4681c0 RaiseException

• 0x4681c4 GetStdHandle

Library user32.dll:

• 0x4681cc GetKeyboardType

• 0x4681d0 LoadStringA

• 0x4681d4 MessageBoxA

• 0x4681d8 CharNextA

Library advapi32.dll:

• 0x4681e0 RegQueryValueExA

• 0x4681e4 RegOpenKeyExA

• 0x4681e8 RegCloseKey

Library oleaut32.dll:

• 0x4681f0 SysFreeString

• 0x4681f4 SysReAllocStringLen

• 0x4681f8 SysAllocStringLen

Library kernel32.dll:

• 0x468200 TlsSetValue

• 0x468204 TlsGetValue

• 0x468208 LocalAlloc

• 0x46820c GetModuleHandleA

Library advapi32.dll:

• 0x468214 RegQueryValueExA

• 0x468218 RegOpenKeyExA

• 0x46821c RegCloseKey

Library kernel32.dll:

• 0x468224 lstrcpyA

• 0x468228 WriteFile

• 0x46822c WinExec

• 0x468230 WaitForSingleObject

• 0x468234 VirtualQuery

• 0x468238 VirtualProtect

• 0x46823c VirtualAlloc

• 0x468240 Sleep

• 0x468244 SizeofResource

• 0x468248 SetThreadLocale

• 0x46824c SetFilePointer

• 0x468250 SetEvent

• 0x468254 SetErrorMode

• 0x468258 SetEndOfFile

• 0x46825c ResetEvent

• 0x468260 ReadFile

• 0x468264 MulDiv

• 0x468268 LockResource

• 0x46826c LoadResource

• 0x468270 LoadLibraryA

• 0x468274 LeaveCriticalSection

• 0x468278 InitializeCriticalSection

• 0x46827c GlobalUnlock

• 0x468280 GlobalReAlloc

• 0x468284 GlobalHandle

• 0x468288 GlobalLock

• 0x46828c GlobalFree

• 0x468290 GlobalFindAtomA

• 0x468294 GlobalDeleteAtom

• 0x468298 GlobalAlloc

• 0x46829c GlobalAddAtomA

• 0x4682a0 GetVersionExA

• 0x4682a4 GetVersion

• 0x4682a8 GetTickCount

• 0x4682ac GetThreadLocale

• 0x4682b0 GetSystemInfo

• 0x4682b4 GetStringTypeExA

• 0x4682b8 GetStdHandle

• 0x4682bc GetProcAddress

• 0x4682c0 GetModuleHandleA

• 0x4682c4 GetModuleFileNameA

• 0x4682c8 GetLocaleInfoA

• 0x4682cc GetLocalTime

• 0x4682d0 GetLastError

• 0x4682d4 GetFullPathNameA

• 0x4682d8 GetDiskFreeSpaceA

• 0x4682dc GetDateFormatA

• 0x4682e0 GetCurrentThreadId

• 0x4682e4 GetCurrentProcessId

• 0x4682e8 GetCPInfo

• 0x4682ec GetACP

• 0x4682f0 FreeResource

• 0x4682f4 InterlockedExchange

• 0x4682f8 FreeLibrary

• 0x4682fc FormatMessageA

• 0x468300 FindResourceA

• 0x468304 FindFirstFileA

• 0x468308 FindClose

• 0x46830c FileTimeToLocalFileTime

• 0x468310 FileTimeToDosDateTime

• 0x468314 ExitProcess

• 0x468318 EnumCalendarInfoA

• 0x46831c EnterCriticalSection

• 0x468320 DeleteFileA

• 0x468324 DeleteCriticalSection

• 0x468328 CreateThread

• 0x46832c CreateFileA

• 0x468330 CreateEventA

• 0x468334 CompareStringA

• 0x468338 CloseHandle

Library version.dll:

• 0x468340 VerQueryValueA

• 0x468344 GetFileVersionInfoSizeA

• 0x468348 GetFileVersionInfoA

Library gdi32.dll:

• 0x468350 UnrealizeObject

• 0x468354 StretchBlt

• 0x468358 SetWindowOrgEx

• 0x46835c SetViewportOrgEx

• 0x468360 SetTextColor

• 0x468364 SetStretchBltMode

• 0x468368 SetROP2

• 0x46836c SetPixel

• 0x468370 SetDIBColorTable

• 0x468374 SetBrushOrgEx

• 0x468378 SetBkMode

• 0x46837c SetBkColor

• 0x468380 SelectPalette

• 0x468384 SelectObject

• 0x468388 SelectClipRgn

• 0x46838c SaveDC

• 0x468390 RestoreDC

• 0x468394 Rectangle

• 0x468398 RectVisible

• 0x46839c RealizePalette

• 0x4683a0 Polyline

• 0x4683a4 PatBlt

• 0x4683a8 MoveToEx

• 0x4683ac MaskBlt

• 0x4683b0 LineTo

• 0x4683b4 IntersectClipRect

• 0x4683b8 GetWindowOrgEx

• 0x4683bc GetTextMetricsA

• 0x4683c0 GetTextExtentPoint32A

• 0x4683c4 GetSystemPaletteEntries

• 0x4683c8 GetStockObject

• 0x4683cc GetPixel

• 0x4683d0 GetPaletteEntries

• 0x4683d4 GetObjectA

• 0x4683d8 GetDeviceCaps

• 0x4683dc GetDIBits

• 0x4683e0 GetDIBColorTable

• 0x4683e4 GetDCOrgEx

• 0x4683e8 GetCurrentPositionEx

• 0x4683ec GetClipBox

• 0x4683f0 GetBrushOrgEx

• 0x4683f4 GetBitmapBits

• 0x4683f8 ExcludeClipRect

• 0x4683fc DeleteObject

• 0x468400 DeleteDC

• 0x468404 CreateSolidBrush

• 0x468408 CreateRectRgn

• 0x46840c CreatePenIndirect

• 0x468410 CreatePalette

• 0x468414 CreateHalftonePalette

• 0x468418 CreateFontIndirectA

• 0x46841c CreateDIBitmap

• 0x468420 CreateDIBSection

• 0x468424 CreateCompatibleDC

• 0x468428 CreateCompatibleBitmap

• 0x46842c CreateBrushIndirect

• 0x468430 CreateBitmap

• 0x468434 BitBlt

Library user32.dll:

• 0x46843c CreateWindowExA

• 0x468440 WindowFromPoint

• 0x468444 WinHelpA

• 0x468448 WaitMessage

• 0x46844c UpdateWindow

• 0x468450 UnregisterClassA

• 0x468454 UnhookWindowsHookEx

• 0x468458 TranslateMessage

• 0x46845c TranslateMDISysAccel

• 0x468460 TrackPopupMenu

• 0x468464 SystemParametersInfoA

• 0x468468 ShowWindow

• 0x46846c ShowScrollBar

• 0x468470 ShowOwnedPopups

• 0x468474 ShowCursor

• 0x468478 SetWindowsHookExA

• 0x46847c SetWindowTextA

• 0x468480 SetWindowPos

• 0x468484 SetWindowPlacement

• 0x468488 SetWindowLongA

• 0x46848c SetTimer

• 0x468490 SetScrollRange

• 0x468494 SetScrollPos

• 0x468498 SetScrollInfo

• 0x46849c SetRect

• 0x4684a0 SetPropA

• 0x4684a4 SetParent

• 0x4684a8 SetMenuItemInfoA

• 0x4684ac SetMenu

• 0x4684b0 SetForegroundWindow

• 0x4684b4 SetFocus

• 0x4684b8 SetCursor

• 0x4684bc SetClassLongA

• 0x4684c0 SetCapture

• 0x4684c4 SetActiveWindow

• 0x4684c8 SendMessageA

• 0x4684cc ScrollWindow

• 0x4684d0 ScreenToClient

• 0x4684d4 RemovePropA

• 0x4684d8 RemoveMenu

• 0x4684dc ReleaseDC

• 0x4684e0 ReleaseCapture

• 0x4684e4 RegisterWindowMessageA

• 0x4684e8 RegisterClipboardFormatA

• 0x4684ec RegisterClassA

• 0x4684f0 RedrawWindow

• 0x4684f4 PtInRect

• 0x4684f8 PostQuitMessage

• 0x4684fc PostMessageA

• 0x468500 PeekMessageA

• 0x468504 OffsetRect

• 0x468508 OemToCharA

• 0x46850c MessageBoxA

• 0x468510 MapWindowPoints

• 0x468514 MapVirtualKeyA

• 0x468518 LoadStringA

• 0x46851c LoadKeyboardLayoutA

• 0x468520 LoadIconA

• 0x468524 LoadCursorA

• 0x468528 LoadBitmapA

• 0x46852c KillTimer

• 0x468530 IsZoomed

• 0x468534 IsWindowVisible

• 0x468538 IsWindowEnabled

• 0x46853c IsWindow

• 0x468540 IsRectEmpty

• 0x468544 IsIconic

• 0x468548 IsDialogMessageA

• 0x46854c IsChild

• 0x468550 InvalidateRect

• 0x468554 IntersectRect

• 0x468558 InsertMenuItemA

• 0x46855c InsertMenuA

• 0x468560 InflateRect

• 0x468564 GetWindowThreadProcessId

• 0x468568 GetWindowTextA

• 0x46856c GetWindowRect

• 0x468570 GetWindowPlacement

• 0x468574 GetWindowLongA

• 0x468578 GetWindowDC

• 0x46857c GetTopWindow

• 0x468580 GetSystemMetrics

• 0x468584 GetSystemMenu

• 0x468588 GetSysColorBrush

• 0x46858c GetSysColor

• 0x468590 GetSubMenu

• 0x468594 GetScrollRange

• 0x468598 GetScrollPos

• 0x46859c GetScrollInfo

• 0x4685a0 GetPropA

• 0x4685a4 GetParent

• 0x4685a8 GetWindow

• 0x4685ac GetMenuStringA

• 0x4685b0 GetMenuState

• 0x4685b4 GetMenuItemInfoA

• 0x4685b8 GetMenuItemID

• 0x4685bc GetMenuItemCount

• 0x4685c0 GetMenu

• 0x4685c4 GetLastActivePopup

• 0x4685c8 GetKeyboardState

• 0x4685cc GetKeyboardLayoutList

• 0x4685d0 GetKeyboardLayout

• 0x4685d4 GetKeyState

• 0x4685d8 GetKeyNameTextA

• 0x4685dc GetIconInfo

• 0x4685e0 GetForegroundWindow

• 0x4685e4 GetFocus

• 0x4685e8 GetDlgItem

• 0x4685ec GetDesktopWindow

• 0x4685f0 GetDCEx

• 0x4685f4 GetDC

• 0x4685f8 GetCursorPos

• 0x4685fc GetCursor

• 0x468600 GetClientRect

• 0x468604 GetClassNameA

• 0x468608 GetClassInfoA

• 0x46860c GetCapture

• 0x468610 GetActiveWindow

• 0x468614 FrameRect

• 0x468618 FindWindowA

• 0x46861c FillRect

• 0x468620 EqualRect

• 0x468624 EnumWindows

• 0x468628 EnumThreadWindows

• 0x46862c EndPaint

• 0x468630 EnableWindow

• 0x468634 EnableScrollBar

• 0x468638 EnableMenuItem

• 0x46863c DrawTextA

• 0x468640 DrawMenuBar

• 0x468644 DrawIconEx

• 0x468648 DrawIcon

• 0x46864c DrawFrameControl

• 0x468650 DrawFocusRect

• 0x468654 DrawEdge

• 0x468658 DispatchMessageA

• 0x46865c DestroyWindow

• 0x468660 DestroyMenu

• 0x468664 DestroyIcon

• 0x468668 DestroyCursor

• 0x46866c DeleteMenu

• 0x468670 DefWindowProcA

• 0x468674 DefMDIChildProcA

• 0x468678 DefFrameProcA

• 0x46867c CreatePopupMenu

• 0x468680 CreateMenu

• 0x468684 CreateIcon

• 0x468688 ClientToScreen

• 0x46868c CheckMenuItem

• 0x468690 CallWindowProcA

• 0x468694 CallNextHookEx

• 0x468698 BeginPaint

• 0x46869c CharNextA

• 0x4686a0 CharLowerA

• 0x4686a4 CharToOemA

• 0x4686a8 AdjustWindowRectEx

• 0x4686ac ActivateKeyboardLayout

Library kernel32.dll:

• 0x4686b4 Sleep

Library oleaut32.dll:

• 0x4686bc SafeArrayPtrOfIndex

• 0x4686c0 SafeArrayGetUBound

• 0x4686c4 SafeArrayGetLBound

• 0x4686c8 SafeArrayCreate

• 0x4686cc VariantChangeType

• 0x4686d0 VariantCopy

• 0x4686d4 VariantClear

• 0x4686d8 VariantInit

Library comctl32.dll:

• 0x4686e0 ImageList_SetIconSize

• 0x4686e4 ImageList_GetIconSize

• 0x4686e8 ImageList_Write

• 0x4686ec ImageList_Read

• 0x4686f0 ImageList_GetDragImage

• 0x4686f4 ImageList_DragShowNolock

• 0x4686f8 ImageList_SetDragCursorImage

• 0x4686fc ImageList_DragMove

• 0x468700 ImageList_DragLeave

• 0x468704 ImageList_DragEnter

• 0x468708 ImageList_EndDrag

• 0x46870c ImageList_BeginDrag

• 0x468710 ImageList_Remove

• 0x468714 ImageList_DrawEx

• 0x468718 ImageList_Replace

• 0x46871c ImageList_Draw

• 0x468720 ImageList_GetBkColor

• 0x468724 ImageList_SetBkColor

• 0x468728 ImageList_ReplaceIcon

• 0x46872c ImageList_Add

• 0x468730 ImageList_SetImageCount

• 0x468734 ImageList_GetImageCount

• 0x468738 ImageList_Destroy

• 0x46873c ImageList_Create

• 0x468740 InitCommonControls

Library comdlg32.dll:

• 0x468748 GetSaveFileNameA

• 0x46874c GetOpenFileNameA

Library URL.DLL:

• 0x468754 InetIsOffline

Hosts

No hosts contacted.

DNS

Name	Response	Post-Analysis Lookup
dns.msftncsi.com	A 131.107.255.255	131.107.255.255
drive.google.com	A 31.13.82.33	31.13.82.33
dns.msftncsi.com	AAAA fd3e:4f5a:5b81::1	131.107.255.255
teredo.ipv6.microsoft.com		127.0.0.1

TCP

No TCP connections recorded.

UDP

Source	Source Port	Destination	Destination Port
192.168.56.101	49235	114.114.114.114	53
192.168.56.101	50534	114.114.114.114	53
192.168.56.101	53657	114.114.114.114	53
192.168.56.101	56539	114.114.114.114	53
192.168.56.101	65004	114.114.114.114	53
192.168.56.101	137	192.168.56.255	137
192.168.56.101	138	192.168.56.255	138
192.168.56.101	51808	224.0.0.252	5355
192.168.56.101	55368	224.0.0.252	5355
192.168.56.101	56804	224.0.0.252	5355
192.168.56.101	60123	224.0.0.252	5355
192.168.56.101	62191	224.0.0.252	5355
192.168.56.101	1900	239.255.255.250	1900
192.168.56.101	50535	239.255.255.250	3702
192.168.56.101	50537	239.255.255.250	3702
192.168.56.101	56540	239.255.255.250	3702
192.168.56.101	56807	239.255.255.250	1900
192.168.56.101	58707	239.255.255.250	3702

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.

Sorry! No dropped buffers.