5.8
高危
该样本未表现出任何异常!
重新分析
更多

0fb54e943b252bfdf680811af99c5d8d63acd76a24efe4ffec7aea26d3ebad9b

ea7f130b1c99ec39da78c1a770e7db68.exe

分析耗时

94s

最近分析

文件大小

10.0MB
静态报毒 动态报毒
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
未检测 暂无反病毒引擎检测结果
静态指标
Collects information to fingerprint the system (MachineGuid, DigitalProductId, SystemBiosDate) (2 个事件)
registry HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\MachineGuid
registry HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\MachineGuid
This executable is signed
The executable contains unknown PE section names indicative of a packer (could be a false positive) (2 个事件)
section .itext
section .didata
行为判定
动态指标
HTTP traffic contains suspicious features which may be indicative of malware related traffic (1 个事件)
suspicious_features POST method with no referer header suspicious_request POST https://stat.gc.my.com/statroot?build_id=1586&revision_id=54568&user_id=11564984835663713378&user_id2=14604044751900874992&line=0&channel_id=35&stand=1&chksum=7c40364c&ord=1
Performs some HTTP requests (3 个事件)
request GET http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAVG%2Fhgj9%2BGUHaOfzhTEYXM%3D
request GET http://status.geotrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBR3enuod9bxDxzpICGW%2B2sabjf17QQUkFj%2FsJx1qFFUd7Ht8qNDFjiebMUCEAYiAEl%2BUnTZA%2FpuirrKGNE%3D
request POST https://stat.gc.my.com/statroot?build_id=1586&revision_id=54568&user_id=11564984835663713378&user_id2=14604044751900874992&line=0&channel_id=35&stand=1&chksum=7c40364c&ord=1
Sends data using the HTTP POST Method (1 个事件)
request POST https://stat.gc.my.com/statroot?build_id=1586&revision_id=54568&user_id=11564984835663713378&user_id2=14604044751900874992&line=0&channel_id=35&stand=1&chksum=7c40364c&ord=1
Allocates read-write-execute memory (usually to unpack itself) (4 个事件)
Time & API Arguments Status Return Repeated
1620842498.96775
NtAllocateVirtualMemory
process_identifier: 2296
region_size: 65536
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x6fd50000
success 0 0
1620842498.96775
NtProtectVirtualMemory
process_identifier: 2296
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x77d6c000
success 0 0
1620842499.09275
NtProtectVirtualMemory
process_identifier: 2296
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 65536
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x6fd50000
success 0 0
1620842499.09275
NtProtectVirtualMemory
process_identifier: 2296
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00406000
success 0 0
Queries the disk size which could be used to detect virtual machine with small fixed size or dynamic allocation (1 个事件)
Time & API Arguments Status Return Repeated
1620842499.37375
GetDiskFreeSpaceExW
root_path: C:\
free_bytes_available: 19600814080
total_number_of_free_bytes: 0
total_number_of_bytes: 34252779520
success 1 0
Checks adapter addresses which can be used to detect virtual network interfaces (1 个事件)
Time & API Arguments Status Return Repeated
1620842501.40475
GetAdaptersAddresses
flags: 0
family: 0
failed 111 0
The binary likely contains encrypted or compressed data indicative of a packer (2 个事件)
entropy 6.833048255841707 section {'size_of_data': '0x0032b800', 'virtual_address': '0x006e6000', 'entropy': 6.833048255841707, 'name': '.rsrc', 'virtual_size': '0x0032b748'} description A section with a high entropy has been found
entropy 0.31875092060686405 description Overall entropy of this PE file is high
网络通信
Communicates with host for which no DNS query was performed (1 个事件)
host 172.217.24.14
Creates an Alternate Data Stream (ADS) (1 个事件)
file C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\GameCenter.ini:Tamper
Sets or modifies WPAD proxy autoconfiguration file for traffic interception (15 个事件)
Time & API Arguments Status Return Repeated
1620842503.99875
RegSetValueExA
key_handle: 0x0000040c
value: 1
regkey_r: WpadDecisionReason
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionReason
success 0 0
1620842503.99875
RegSetValueExA
key_handle: 0x0000040c
value: Àçí<G×
regkey_r: WpadDecisionTime
reg_type: 3 (REG_BINARY)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionTime
success 0 0
1620842503.99875
RegSetValueExA
key_handle: 0x0000040c
value: 3
regkey_r: WpadDecision
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecision
success 0 0
1620842503.99875
RegSetValueExW
key_handle: 0x0000040c
value: 网络 2
regkey_r: WpadNetworkName
reg_type: 1 (REG_SZ)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadNetworkName
success 0 0
1620842503.99875
RegSetValueExA
key_handle: 0x00000424
value: 1
regkey_r: WpadDecisionReason
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionReason
success 0 0
1620842503.99875
RegSetValueExA
key_handle: 0x00000424
value: Àçí<G×
regkey_r: WpadDecisionTime
reg_type: 3 (REG_BINARY)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionTime
success 0 0
1620842503.99875
RegSetValueExA
key_handle: 0x00000424
value: 3
regkey_r: WpadDecision
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecision
success 0 0
1620842504.02975
RegSetValueExW
key_handle: 0x00000408
value: {40112ABE-63B3-43C3-BE93-1440EE3AF106}
regkey_r: WpadLastNetwork
reg_type: 1 (REG_SZ)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\WpadLastNetwork
success 0 0
1620842520.88875
RegSetValueExA
key_handle: 0x0000064c
value: 1
regkey_r: WpadDecisionReason
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionReason
success 0 0
1620842520.88875
RegSetValueExA
key_handle: 0x0000064c
value: pD¡÷<G×
regkey_r: WpadDecisionTime
reg_type: 3 (REG_BINARY)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionTime
success 0 0
1620842520.88875
RegSetValueExA
key_handle: 0x0000064c
value: 0
regkey_r: WpadDecision
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecision
success 0 0
1620842520.88875
RegSetValueExW
key_handle: 0x0000064c
value: 网络 2
regkey_r: WpadNetworkName
reg_type: 1 (REG_SZ)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadNetworkName
success 0 0
1620842520.88875
RegSetValueExA
key_handle: 0x00000418
value: 1
regkey_r: WpadDecisionReason
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionReason
success 0 0
1620842520.88875
RegSetValueExA
key_handle: 0x00000418
value: pD¡÷<G×
regkey_r: WpadDecisionTime
reg_type: 3 (REG_BINARY)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionTime
success 0 0
1620842520.88875
RegSetValueExA
key_handle: 0x00000418
value: 0
regkey_r: WpadDecision
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecision
success 0 0
Detects Virtual Machines through their custom firmware (1 个事件)
Time & API Arguments Status Return Repeated
1620842499.12375
NtQuerySystemInformation
information_class: 76 (SystemFirmwareTableInformation)
failed 3221225507 0
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

2020-09-01 20:03:11

Imports

Library icmp.dll:
0xa7b99c IcmpCloseHandle
0xa7b9a0 IcmpSendEcho
0xa7b9a4 IcmpCreateFile
Library shlwapi.dll:
0xa7b9ac PathCreateFromUrlW
0xa7b9b0 StrRetToStrW
0xa7b9b4 PathCombineW
Library wininet.dll:
0xa7b9bc InternetCloseHandle
0xa7b9c0 InternetCrackUrlW
0xa7b9c4 HttpOpenRequestW
0xa7b9c8 HttpSendRequestW
0xa7b9cc InternetConnectW
0xa7b9d0 InternetOpenA
0xa7b9d4 InternetSetOptionW
0xa7b9d8 HttpQueryInfoW
Library comdlg32.dll:
0xa7b9e0 GetSaveFileNameW
0xa7b9e4 GetOpenFileNameW
Library authz.dll:
0xa7b9ec AuthzAccessCheck
0xa7b9f8 AuthzFreeContext
Library msimg32.dll:
0xa7ba04 AlphaBlend
Library ws2_32.dll:
0xa7ba0c htons
0xa7ba10 htonl
0xa7ba14 freeaddrinfo
0xa7ba18 setsockopt
0xa7ba1c WSAAddressToStringW
0xa7ba20 WSCGetProviderPath
0xa7ba24 getsockname
0xa7ba28 gethostbyname
0xa7ba2c listen
0xa7ba30 getaddrinfo
0xa7ba34 bind
0xa7ba38 closesocket
0xa7ba3c socket
0xa7ba40 inet_ntoa
0xa7ba44 ioctlsocket
0xa7ba48 WSAGetLastError
0xa7ba4c connect
0xa7ba50 inet_addr
0xa7ba54 getnameinfo
0xa7ba58 WSCEnumProtocols
Library shell32.dll:
0xa7ba60 SHBindToParent
0xa7ba68 DragQueryFileW
0xa7ba6c DragAcceptFiles
0xa7ba70 Shell_NotifyIconW
0xa7ba78 ShellExecuteExW
0xa7ba7c DragFinish
0xa7ba80 SHGetFolderPathW
0xa7ba84 SHGetFileInfoW
0xa7ba88 SHChangeNotify
0xa7ba8c SHAppBarMessage
0xa7ba90 ShellExecuteW
Library user32.dll:
0xa7ba98 MoveWindow
0xa7ba9c CreateWindowExW
0xa7baa0 PeekMessageW
0xa7baa4 MonitorFromWindow
0xa7baa8 MessageBoxA
0xa7baac SetTimer
0xa7bab4 WindowFromPoint
0xa7bab8 BeginPaint
0xa7babc FrameRect
0xa7bac4 FillRect
0xa7bac8 DispatchMessageW
0xa7bacc EnumWindows
0xa7bad0 GetClassInfoW
0xa7bad4 SetActiveWindow
0xa7bad8 GetActiveWindow
0xa7bae0 EnumChildWindows
0xa7bae4 ReleaseCapture
0xa7bae8 LoadCursorW
0xa7baec SetCapture
0xa7baf0 GetCapture
0xa7baf4 GetCursorInfo
0xa7baf8 CharLowerBuffW
0xa7bafc GetSystemMetrics
0xa7bb00 PostMessageW
0xa7bb04 SetWindowLongW
0xa7bb08 CharUpperBuffW
0xa7bb0c GetClientRect
0xa7bb10 LoadImageA
0xa7bb14 ShowCursor
0xa7bb18 SetClipboardData
0xa7bb1c GetClipboardData
0xa7bb20 ClientToScreen
0xa7bb24 IsIconic
0xa7bb28 GetMonitorInfoW
0xa7bb2c ShowWindow
0xa7bb30 CharUpperW
0xa7bb34 DefWindowProcW
0xa7bb38 SetForegroundWindow
0xa7bb3c GetForegroundWindow
0xa7bb40 GetAsyncKeyState
0xa7bb44 MapVirtualKeyExW
0xa7bb48 EnableWindow
0xa7bb4c GetShellWindow
0xa7bb50 DestroyWindow
0xa7bb54 RegisterClassW
0xa7bb58 CharNextW
0xa7bb60 RedrawWindow
0xa7bb64 GetDC
0xa7bb68 SetFocus
0xa7bb6c ReleaseDC
0xa7bb70 EndPaint
0xa7bb74 TrackMouseEvent
0xa7bb78 GetParent
0xa7bb7c MessageBeep
0xa7bb80 MessageBoxW
0xa7bb84 SetClassLongW
0xa7bb88 RegisterHotKey
0xa7bb8c AttachThreadInput
0xa7bb94 DestroyIcon
0xa7bb98 IsWindowVisible
0xa7bb9c EmptyClipboard
0xa7bba0 FlashWindowEx
0xa7bba4 PtInRect
0xa7bba8 UnregisterClassW
0xa7bbac SendMessageW
0xa7bbb0 GetLastInputInfo
0xa7bbb4 IsWindow
0xa7bbb8 EnumThreadWindows
0xa7bbbc InvalidateRect
0xa7bbc0 ScreenToClient
0xa7bbc4 GetWindowInfo
0xa7bbc8 SendMessageTimeoutW
0xa7bbcc BringWindowToTop
0xa7bbd0 SetCursor
0xa7bbd4 LoadStringW
0xa7bbd8 SetWindowPos
0xa7bbdc OpenClipboard
0xa7bbe0 TranslateMessage
0xa7bbe4 EnumDisplayMonitors
0xa7bbe8 CallWindowProcW
0xa7bbec CloseClipboard
0xa7bbf0 UpdateLayeredWindow
0xa7bbf4 DrawIconEx
0xa7bbf8 GetClassNameW
0xa7bbfc GetIconInfo
0xa7bc00 GetKeyNameTextW
0xa7bc04 GetDesktopWindow
0xa7bc08 GetCursorPos
0xa7bc0c DeferWindowPos
0xa7bc10 EndDeferWindowPos
0xa7bc14 UnregisterHotKey
0xa7bc18 GetKeyState
0xa7bc1c MonitorFromPoint
0xa7bc28 GetWindow
0xa7bc2c GetWindowLongW
0xa7bc30 GetWindowRect
0xa7bc34 KillTimer
0xa7bc38 BeginDeferWindowPos
0xa7bc3c PostThreadMessageW
0xa7bc40 IsWindowEnabled
0xa7bc44 GetWindowPlacement
0xa7bc48 CreateIconIndirect
0xa7bc4c FindWindowW
0xa7bc50 GetKeyboardLayout
Library version.dll:
0xa7bc5c VerQueryValueW
0xa7bc60 GetFileVersionInfoW
Library oleaut32.dll:
0xa7bc68 SafeArrayPutElement
0xa7bc6c SysFreeString
0xa7bc70 VariantClear
0xa7bc74 VariantInit
0xa7bc78 SysReAllocStringLen
0xa7bc7c SysAllocString
0xa7bc80 SafeArrayCreate
0xa7bc84 SysAllocStringLen
0xa7bc88 SafeArrayPtrOfIndex
0xa7bc90 SafeArrayGetUBound
0xa7bc94 SafeArrayGetLBound
0xa7bc98 VariantCopy
0xa7bc9c VariantChangeType
Library advapi32.dll:
0xa7bca8 CloseServiceHandle
0xa7bcac RegSetValueExW
0xa7bcb8 AddAuditAccessAceEx
0xa7bcbc AddAce
0xa7bcc0 OpenThreadToken
0xa7bcc4 CloseEventLog
0xa7bcc8 RegQueryInfoKeyW
0xa7bccc IsValidSid
0xa7bcd0 CreateWellKnownSid
0xa7bcd4 GetLengthSid
0xa7bcdc OpenEventLogW
0xa7bce0 GetTokenInformation
0xa7bce4 ReadEventLogW
0xa7bce8 RegCreateKeyExW
0xa7bcf0 OpenServiceW
0xa7bcf4 InitializeAcl
0xa7bcf8 RegEnumKeyExW
0xa7bd00 QueryServiceConfigW
0xa7bd04 CopySid
0xa7bd08 SetSecurityInfo
0xa7bd10 RegDeleteKeyW
0xa7bd18 OpenSCManagerW
0xa7bd1c RegOpenKeyExW
0xa7bd20 OpenProcessToken
0xa7bd24 RegDeleteValueW
0xa7bd38 RegFlushKey
0xa7bd3c RegEnumValueW
0xa7bd40 RegQueryValueExW
0xa7bd48 RegCloseKey
0xa7bd50 EnumServicesStatusW
Library netapi32.dll:
0xa7bd58 NetWkstaGetInfo
0xa7bd5c NetApiBufferFree
Library kernel32.dll:
0xa7bd64 ReadFileEx
0xa7bd68 SetFileTime
0xa7bd6c GetFileTime
0xa7bd70 GetACP
0xa7bd74 Process32FirstW
0xa7bd78 GetExitCodeProcess
0xa7bd7c CloseHandle
0xa7bd80 LocalFree
0xa7bd84 SizeofResource
0xa7bd88 GetCurrentProcessId
0xa7bd8c TerminateThread
0xa7bd98 GetFullPathNameW
0xa7bd9c FindNextFileW
0xa7bda0 WriteProcessMemory
0xa7bdb0 FreeLibrary
0xa7bdb4 SetDllDirectoryW
0xa7bdb8 GetUserDefaultLCID
0xa7bdbc SetLastError
0xa7bdc0 WaitNamedPipeW
0xa7bdc4 GetModuleFileNameW
0xa7bdc8 GetLastError
0xa7bdcc GlobalAlloc
0xa7bdd0 GlobalUnlock
0xa7bdd4 OpenMutexW
0xa7bdd8 CreateThread
0xa7bddc CompareStringW
0xa7bde0 GetGeoInfoW
0xa7bde4 LoadLibraryA
0xa7bde8 CreateMutexW
0xa7bdec ResetEvent
0xa7bdf4 RaiseException
0xa7bdf8 FormatMessageW
0xa7bdfc OpenJobObjectW
0xa7be00 GetCurrentThread
0xa7be04 GetLogicalDrives
0xa7be08 IsBadReadPtr
0xa7be10 LoadLibraryExW
0xa7be1c GetShortPathNameW
0xa7be20 VirtualQuery
0xa7be24 VirtualQueryEx
0xa7be28 Sleep
0xa7be2c SetFilePointer
0xa7be30 FlushFileBuffers
0xa7be34 LoadResource
0xa7be38 SuspendThread
0xa7be3c GetTickCount
0xa7be44 GetFileSize
0xa7be48 GetStartupInfoW
0xa7be4c GetFileAttributesW
0xa7be50 SetThreadPriority
0xa7be54 VirtualAlloc
0xa7be58 GetSystemInfo
0xa7be5c GetTempPathW
0xa7be64 VerSetConditionMask
0xa7be68 GetDiskFreeSpaceW
0xa7be70 WriteFileEx
0xa7be74 GetModuleFileNameA
0xa7be78 CompareStringA
0xa7be84 WideCharToMultiByte
0xa7be88 MultiByteToWideChar
0xa7be8c FindClose
0xa7be90 LoadLibraryW
0xa7be94 SetEvent
0xa7be9c GetLocaleInfoW
0xa7bea0 ConnectNamedPipe
0xa7bea4 GetLocalTime
0xa7bea8 WaitForSingleObject
0xa7beb4 OpenThread
0xa7beb8 SetErrorMode
0xa7bec0 SleepEx
0xa7bec4 IsValidLocale
0xa7bec8 LocalAlloc
0xa7bed0 GetVolumePathNameW
0xa7bed4 SetFileAttributesW
0xa7bed8 VirtualProtect
0xa7bee0 ReadProcessMemory
0xa7bee8 SetThreadContext
0xa7beec VirtualFree
0xa7bef0 GetThreadContext
0xa7bef8 ExitProcess
0xa7befc GetLongPathNameW
0xa7bf00 RtlUnwind
0xa7bf04 GetCPInfo
0xa7bf08 GetStdHandle
0xa7bf0c DisconnectNamedPipe
0xa7bf10 GetModuleHandleW
0xa7bf18 ReadFile
0xa7bf1c CreateProcessW
0xa7bf20 CreateRemoteThread
0xa7bf24 FindResourceW
0xa7bf28 GetUserGeoID
0xa7bf2c CopyFileW
0xa7bf34 MapViewOfFile
0xa7bf38 MulDiv
0xa7bf3c CreateFileA
0xa7bf40 GetVersion
0xa7bf44 GetDriveTypeW
0xa7bf48 FreeResource
0xa7bf4c Module32NextW
0xa7bf50 MoveFileW
0xa7bf58 GlobalAddAtomW
0xa7bf60 OpenProcess
0xa7bf64 SwitchToThread
0xa7bf68 GetExitCodeThread
0xa7bf70 OutputDebugStringW
0xa7bf80 LockResource
0xa7bf84 TerminateProcess
0xa7bf8c GetCurrentThreadId
0xa7bf90 MoveFileExW
0xa7bf98 PeekNamedPipe
0xa7bf9c GlobalFree
0xa7bfa4 GetDiskFreeSpaceExW
0xa7bfa8 ReleaseMutex
0xa7bfb0 GlobalDeleteAtom
0xa7bfc0 GlobalLock
0xa7bfc4 GetCurrentProcess
0xa7bfc8 GetCommandLineW
0xa7bfcc ResumeThread
0xa7bfd0 GetProcAddress
0xa7bfd4 VirtualAllocEx
0xa7bfd8 FindResourceExW
0xa7bfdc GetVersionExW
0xa7bfe0 VerifyVersionInfoW
0xa7bfe8 DeviceIoControl
0xa7bfec FindFirstFileW
0xa7bff0 UnmapViewOfFile
0xa7bff4 Process32NextW
0xa7bff8 lstrlenW
0xa7bffc SetEndOfFile
0xa7c010 CreateFileW
0xa7c014 GetSystemDirectoryW
0xa7c018 EnumResourceNamesW
0xa7c01c DeleteFileW
0xa7c024 WriteFile
0xa7c02c Module32FirstW
0xa7c030 FindFirstFileExW
0xa7c034 ExitThread
0xa7c038 CreateNamedPipeW
0xa7c03c CreateFileMappingW
0xa7c040 CreatePipe
0xa7c044 TlsGetValue
0xa7c048 GetDateFormatW
0xa7c04c TlsSetValue
0xa7c054 GetOverlappedResult
0xa7c058 CreateDirectoryW
0xa7c05c EnumCalendarInfoW
0xa7c060 RemoveDirectoryW
0xa7c064 CreateEventW
0xa7c068 SetThreadLocale
0xa7c06c GetThreadLocale
Library wintrust.dll:
0xa7c074 WinVerifyTrust
Library SHFolder.dll:
0xa7c07c SHGetFolderPathA
Library wsock32.dll:
0xa7c084 accept
0xa7c088 htonl
0xa7c08c htons
0xa7c090 setsockopt
0xa7c094 select
0xa7c098 WSAStartup
0xa7c09c __WSAFDIsSet
0xa7c0a0 WSACleanup
0xa7c0a4 getsockname
0xa7c0a8 listen
0xa7c0ac bind
0xa7c0b0 closesocket
0xa7c0b4 socket
0xa7c0b8 recv
0xa7c0bc ioctlsocket
0xa7c0c0 WSAGetLastError
0xa7c0c4 shutdown
0xa7c0c8 send
Library crypt32.dll:
0xa7c0d0 CertGetNameStringW
0xa7c0d4 CryptQueryObject
0xa7c0e0 CertCloseStore
0xa7c0e4 CryptMsgGetParam
0xa7c0e8 CryptMsgClose
Library dnsapi.dll:
0xa7c0f0 DnsQuery_W
0xa7c0f4 DnsRecordListFree
Library ole32.dll:
0xa7c0fc CoCreateGuid
0xa7c100 CoCreateInstance
0xa7c104 CoUninitialize
0xa7c108 OleInitialize
0xa7c10c CoSetProxyBlanket
0xa7c110 PropVariantClear
0xa7c114 OleUninitialize
0xa7c118 CoInitialize
0xa7c120 CoTaskMemFree
0xa7c124 CoTaskMemAlloc
0xa7c128 DoDragDrop

Exports

Ordinal Address Name
3 0x9a8fa0 NoGCLayPipe
2 0x40ca90 __dbk_fcall_wrapper
1 0xa6562c dbkFCallWrapperAddr

Hosts

No hosts contacted.

TCP

Source Source Port Destination Destination Port
192.168.56.101 49180 117.18.237.29 ocsp.digicert.com 80
192.168.56.101 49181 117.18.237.29 ocsp.digicert.com 80
192.168.56.101 49177 178.22.88.34 stat.gc.my.com 443

UDP

Source Source Port Destination Destination Port
192.168.56.101 50534 114.114.114.114 53
192.168.56.101 51808 114.114.114.114 53
192.168.56.101 53210 114.114.114.114 53
192.168.56.101 53237 114.114.114.114 53
192.168.56.101 53657 114.114.114.114 53
192.168.56.101 58367 114.114.114.114 53
192.168.56.101 60123 114.114.114.114 53
192.168.56.101 60384 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 123 20.189.79.72 time.windows.com 123
192.168.56.101 49713 224.0.0.252 5355
192.168.56.101 53380 224.0.0.252 5355
192.168.56.101 55368 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 57874 224.0.0.252 5355
192.168.56.101 61680 224.0.0.252 5355
192.168.56.101 62191 224.0.0.252 5355
192.168.56.101 62318 224.0.0.252 5355
192.168.56.101 63429 224.0.0.252 5355

HTTP & HTTPS Requests

URI Data
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAVG%2Fhgj9%2BGUHaOfzhTEYXM%3D 
GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAVG%2Fhgj9%2BGUHaOfzhTEYXM%3D HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.digicert.com
http://status.geotrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBR3enuod9bxDxzpICGW%2B2sabjf17QQUkFj%2FsJx1qFFUd7Ht8qNDFjiebMUCEAYiAEl%2BUnTZA%2FpuirrKGNE%3D 
GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBR3enuod9bxDxzpICGW%2B2sabjf17QQUkFj%2FsJx1qFFUd7Ht8qNDFjiebMUCEAYiAEl%2BUnTZA%2FpuirrKGNE%3D HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: status.geotrust.com

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.