4.2
中危
1 个模型检测该样本为恶意!
重新分析
更多

602c58bbb418c2ac0e8b63d51613d0b02c87e49e31e7b03928c0926ca81ea5de

f0e10f4b472259354b365105bf29f9c6.exe

分析耗时

80s

最近分析

文件大小

272.0KB
静态报毒 动态报毒
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
Alibaba 20190527 0.3.0.5
Avast 20210511 21.1.5827.0
Baidu 20190318 1.0.0.2
Kingsoft 20210512 2017.9.26.565
McAfee 20210504 6.0.6.653
Tencent 20210512 1.0.0.1
CrowdStrike 20210203 1.0
静态指标
The executable uses a known packer (1 个事件)
packer Armadillo v1.71
行为判定
动态指标
Performs some HTTP requests (3 个事件)
request GET http://plugin.netpia.com/pcclean_v2/updatefiles.hmf
request GET http://plugin.netpia.com/pcclean_v2/PC-Clean.zip
request GET http://plugin.netpia.com/pcclean_v2/nReport.zip
Allocates read-write-execute memory (usually to unpack itself) (7 个事件)
Time & API Arguments Status Return Repeated
1620836994.269125
NtProtectVirtualMemory
process_identifier: 2824
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x74601000
success 0 0
1620836994.582125
NtProtectVirtualMemory
process_identifier: 2824
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x745e1000
success 0 0
1620836994.691125
NtProtectVirtualMemory
process_identifier: 2824
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x745d1000
success 0 0
1620836994.832125
NtProtectVirtualMemory
process_identifier: 2824
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x745b1000
success 0 0
1620836994.863125
NtProtectVirtualMemory
process_identifier: 2824
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x74571000
success 0 0
1620836994.879125
NtProtectVirtualMemory
process_identifier: 2824
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x74561000
success 0 0
1620836995.316125
NtProtectVirtualMemory
process_identifier: 2824
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x743c1000
success 0 0
Foreign language identified in PE resource (29 个事件)
name RT_CURSOR language LANG_KOREAN offset 0x000460f8 filetype data sublanguage SUBLANG_KOREAN size 0x000000b4
name RT_CURSOR language LANG_KOREAN offset 0x000460f8 filetype data sublanguage SUBLANG_KOREAN size 0x000000b4
name RT_BITMAP language LANG_KOREAN offset 0x00046ad0 filetype data sublanguage SUBLANG_KOREAN size 0x00000144
name RT_BITMAP language LANG_KOREAN offset 0x00046ad0 filetype data sublanguage SUBLANG_KOREAN size 0x00000144
name RT_BITMAP language LANG_KOREAN offset 0x00046ad0 filetype data sublanguage SUBLANG_KOREAN size 0x00000144
name RT_BITMAP language LANG_KOREAN offset 0x00046ad0 filetype data sublanguage SUBLANG_KOREAN size 0x00000144
name RT_ICON language LANG_KOREAN offset 0x000452f8 filetype GLS_BINARY_LSB_FIRST sublanguage SUBLANG_KOREAN size 0x00000568
name RT_ICON language LANG_KOREAN offset 0x000452f8 filetype GLS_BINARY_LSB_FIRST sublanguage SUBLANG_KOREAN size 0x00000568
name RT_ICON language LANG_KOREAN offset 0x000452f8 filetype GLS_BINARY_LSB_FIRST sublanguage SUBLANG_KOREAN size 0x00000568
name RT_ICON language LANG_KOREAN offset 0x000452f8 filetype GLS_BINARY_LSB_FIRST sublanguage SUBLANG_KOREAN size 0x00000568
name RT_DIALOG language LANG_KOREAN offset 0x000467c0 filetype data sublanguage SUBLANG_KOREAN size 0x000000e8
name RT_DIALOG language LANG_KOREAN offset 0x000467c0 filetype data sublanguage SUBLANG_KOREAN size 0x000000e8
name RT_DIALOG language LANG_KOREAN offset 0x000467c0 filetype data sublanguage SUBLANG_KOREAN size 0x000000e8
name RT_STRING language LANG_KOREAN offset 0x00047a28 filetype data sublanguage SUBLANG_KOREAN size 0x00000024
name RT_STRING language LANG_KOREAN offset 0x00047a28 filetype data sublanguage SUBLANG_KOREAN size 0x00000024
name RT_STRING language LANG_KOREAN offset 0x00047a28 filetype data sublanguage SUBLANG_KOREAN size 0x00000024
name RT_STRING language LANG_KOREAN offset 0x00047a28 filetype data sublanguage SUBLANG_KOREAN size 0x00000024
name RT_STRING language LANG_KOREAN offset 0x00047a28 filetype data sublanguage SUBLANG_KOREAN size 0x00000024
name RT_STRING language LANG_KOREAN offset 0x00047a28 filetype data sublanguage SUBLANG_KOREAN size 0x00000024
name RT_STRING language LANG_KOREAN offset 0x00047a28 filetype data sublanguage SUBLANG_KOREAN size 0x00000024
name RT_STRING language LANG_KOREAN offset 0x00047a28 filetype data sublanguage SUBLANG_KOREAN size 0x00000024
name RT_STRING language LANG_KOREAN offset 0x00047a28 filetype data sublanguage SUBLANG_KOREAN size 0x00000024
name RT_STRING language LANG_KOREAN offset 0x00047a28 filetype data sublanguage SUBLANG_KOREAN size 0x00000024
name RT_STRING language LANG_KOREAN offset 0x00047a28 filetype data sublanguage SUBLANG_KOREAN size 0x00000024
name RT_STRING language LANG_KOREAN offset 0x00047a28 filetype data sublanguage SUBLANG_KOREAN size 0x00000024
name RT_STRING language LANG_KOREAN offset 0x00047a28 filetype data sublanguage SUBLANG_KOREAN size 0x00000024
name RT_GROUP_CURSOR language LANG_KOREAN offset 0x000461b0 filetype Lotus unknown worksheet or configuration, revision 0x2 sublanguage SUBLANG_KOREAN size 0x00000022
name RT_GROUP_ICON language LANG_KOREAN offset 0x00045860 filetype data sublanguage SUBLANG_KOREAN size 0x0000003e
name RT_VERSION language LANG_KOREAN offset 0x00045be0 filetype data sublanguage SUBLANG_KOREAN size 0x000003dc
File has been identified by one AntiVirus engine on VirusTotal as malicious (1 个事件)
VBA32 suspected of Trojan.Downloader.gen
Checks adapter addresses which can be used to detect virtual network interfaces (1 个事件)
Time & API Arguments Status Return Repeated
1620836995.332125
GetAdaptersAddresses
flags: 0
family: 0
failed 111 0
网络通信
Communicates with host for which no DNS query was performed (1 个事件)
host 172.217.24.14
Sets or modifies WPAD proxy autoconfiguration file for traffic interception (15 个事件)
Time & API Arguments Status Return Repeated
1620836997.894125
RegSetValueExA
key_handle: 0x000003b0
value: 1
regkey_r: WpadDecisionReason
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionReason
success 0 0
1620836997.894125
RegSetValueExA
key_handle: 0x000003b0
value: `ç¹'G×
regkey_r: WpadDecisionTime
reg_type: 3 (REG_BINARY)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionTime
success 0 0
1620836997.894125
RegSetValueExA
key_handle: 0x000003b0
value: 3
regkey_r: WpadDecision
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecision
success 0 0
1620836997.894125
RegSetValueExW
key_handle: 0x000003b0
value: 网络 2
regkey_r: WpadNetworkName
reg_type: 1 (REG_SZ)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadNetworkName
success 0 0
1620836997.910125
RegSetValueExA
key_handle: 0x000003c8
value: 1
regkey_r: WpadDecisionReason
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionReason
success 0 0
1620836997.910125
RegSetValueExA
key_handle: 0x000003c8
value: `ç¹'G×
regkey_r: WpadDecisionTime
reg_type: 3 (REG_BINARY)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionTime
success 0 0
1620836997.910125
RegSetValueExA
key_handle: 0x000003c8
value: 3
regkey_r: WpadDecision
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecision
success 0 0
1620836997.957125
RegSetValueExW
key_handle: 0x000003ac
value: {40112ABE-63B3-43C3-BE93-1440EE3AF106}
regkey_r: WpadLastNetwork
reg_type: 1 (REG_SZ)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\WpadLastNetwork
success 0 0
1620836998.816125
RegSetValueExA
key_handle: 0x0000042c
value: 1
regkey_r: WpadDecisionReason
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionReason
success 0 0
1620836998.816125
RegSetValueExA
key_handle: 0x0000042c
value: ²sº'G×
regkey_r: WpadDecisionTime
reg_type: 3 (REG_BINARY)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionTime
success 0 0
1620836998.816125
RegSetValueExA
key_handle: 0x0000042c
value: 0
regkey_r: WpadDecision
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecision
success 0 0
1620836998.816125
RegSetValueExW
key_handle: 0x0000042c
value: 网络 2
regkey_r: WpadNetworkName
reg_type: 1 (REG_SZ)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadNetworkName
success 0 0
1620836998.816125
RegSetValueExA
key_handle: 0x00000430
value: 1
regkey_r: WpadDecisionReason
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionReason
success 0 0
1620836998.816125
RegSetValueExA
key_handle: 0x00000430
value: ²sº'G×
regkey_r: WpadDecisionTime
reg_type: 3 (REG_BINARY)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionTime
success 0 0
1620836998.816125
RegSetValueExA
key_handle: 0x00000430
value: 0
regkey_r: WpadDecision
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecision
success 0 0
Generates some ICMP traffic
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

2007-04-10 09:18:26

Imports

Library VERSION.dll:
0x42f530 GetFileVersionInfoA
0x42f538 VerQueryValueA
Library KERNEL32.dll:
0x42f0c8 LocalReAlloc
0x42f0cc TlsGetValue
0x42f0d0 GlobalFlags
0x42f0d8 GetProcessVersion
0x42f0dc SizeofResource
0x42f0e0 GetCPInfo
0x42f0e4 GetOEMCP
0x42f0e8 GetTickCount
0x42f0ec RtlUnwind
0x42f0f0 HeapFree
0x42f0f8 GetSystemTime
0x42f0fc GetLocalTime
0x42f100 GetStartupInfoA
0x42f104 GetCommandLineA
0x42f108 ExitProcess
0x42f10c HeapAlloc
0x42f110 GetACP
0x42f114 CreateThread
0x42f118 ExitThread
0x42f11c RaiseException
0x42f120 HeapReAlloc
0x42f124 HeapSize
0x42f128 SetStdHandle
0x42f12c GetFileType
0x42f134 HeapDestroy
0x42f138 HeapCreate
0x42f13c VirtualFree
0x42f140 VirtualAlloc
0x42f144 IsBadWritePtr
0x42f15c TlsSetValue
0x42f160 GetStdHandle
0x42f164 LCMapStringA
0x42f168 LCMapStringW
0x42f16c GetStringTypeA
0x42f170 GetStringTypeW
0x42f178 IsBadReadPtr
0x42f17c IsBadCodePtr
0x42f180 CompareStringA
0x42f184 CompareStringW
0x42f18c GetProfileStringA
0x42f190 GetProcAddress
0x42f194 LoadLibraryA
0x42f198 CloseHandle
0x42f19c FreeLibrary
0x42f1a0 OpenProcess
0x42f1a4 GetVersionExA
0x42f1a8 GlobalAlloc
0x42f1ac GetLastError
0x42f1b0 GetCurrentProcess
0x42f1b4 Process32Next
0x42f1b8 TerminateProcess
0x42f1bc Process32First
0x42f1c4 GetFullPathNameA
0x42f1c8 GlobalReAlloc
0x42f1cc TlsFree
0x42f1d0 GlobalHandle
0x42f1d4 TlsAlloc
0x42f1d8 SetErrorMode
0x42f1dc GetFileSize
0x42f1e0 MulDiv
0x42f1e4 GetVersion
0x42f1e8 lstrcatA
0x42f1ec GlobalGetAtomNameA
0x42f1f0 GlobalAddAtomA
0x42f1f4 GlobalFindAtomA
0x42f1f8 GetModuleHandleA
0x42f208 LocalAlloc
0x42f210 SetLastError
0x42f214 GlobalUnlock
0x42f218 GlobalFree
0x42f21c LockResource
0x42f220 FindResourceA
0x42f224 LoadResource
0x42f228 CreateEventA
0x42f22c SuspendThread
0x42f230 lstrlenA
0x42f234 lstrcpyA
0x42f238 GetFileAttributesA
0x42f23c lstrcmpiA
0x42f240 WriteFile
0x42f244 CreateFileA
0x42f248 CreateDirectoryA
0x42f24c SetFileTime
0x42f250 SetThreadPriority
0x42f254 ResumeThread
0x42f258 SetEvent
0x42f25c WaitForSingleObject
0x42f260 GlobalLock
0x42f264 GlobalDeleteAtom
0x42f268 lstrcmpA
0x42f26c GetCurrentThread
0x42f270 GetCurrentThreadId
0x42f27c GetThreadLocale
0x42f280 lstrcpynA
0x42f28c FindFirstFileA
0x42f290 FindClose
0x42f294 SetEndOfFile
0x42f298 UnlockFile
0x42f29c LockFile
0x42f2a0 FlushFileBuffers
0x42f2a4 SetFilePointer
0x42f2a8 ReadFile
0x42f2ac DuplicateHandle
0x42f2b0 FormatMessageA
0x42f2b4 LocalFree
0x42f2b8 WideCharToMultiByte
0x42f2c4 MultiByteToWideChar
0x42f2c8 GetTempPathA
0x42f2cc DeleteFileA
0x42f2d0 CopyFileA
0x42f2d4 WinExec
0x42f2d8 OpenMutexA
0x42f2dc CreateMutexA
0x42f2e0 ReleaseMutex
0x42f2e4 GetModuleFileNameA
0x42f2e8 GetFileTime
0x42f2f0 SetHandleCount
Library USER32.dll:
0x42f334 GetSysColorBrush
0x42f338 InflateRect
0x42f33c CharNextA
0x42f344 SetRect
0x42f348 GetNextDlgGroupItem
0x42f34c MessageBeep
0x42f350 InvalidateRect
0x42f358 PostThreadMessageA
0x42f35c LoadCursorA
0x42f360 GrayStringA
0x42f364 DrawTextA
0x42f368 TabbedTextOutA
0x42f36c EndPaint
0x42f370 BeginPaint
0x42f374 GetWindowDC
0x42f378 ClientToScreen
0x42f37c DestroyMenu
0x42f380 LoadStringA
0x42f384 ShowWindow
0x42f388 MoveWindow
0x42f38c SetWindowTextA
0x42f390 IsDialogMessageA
0x42f394 UpdateWindow
0x42f398 SendDlgItemMessageA
0x42f39c MapWindowPoints
0x42f3a0 GetSysColor
0x42f3a4 SetFocus
0x42f3a8 AdjustWindowRectEx
0x42f3ac ScreenToClient
0x42f3b0 GetTopWindow
0x42f3b4 IsChild
0x42f3b8 GetCapture
0x42f3bc WinHelpA
0x42f3c0 GetClassInfoA
0x42f3c4 RegisterClassA
0x42f3c8 GetMenu
0x42f3cc GetMenuItemCount
0x42f3d0 GetSubMenu
0x42f3d4 GetMenuItemID
0x42f3dc GetWindowTextA
0x42f3e0 GetDlgCtrlID
0x42f3e4 DefWindowProcA
0x42f3e8 CreateWindowExA
0x42f3ec GetClassLongA
0x42f3f0 SetPropA
0x42f3f4 GetPropA
0x42f3f8 CallWindowProcA
0x42f3fc RemovePropA
0x42f400 GetMessageTime
0x42f404 GetForegroundWindow
0x42f408 SetForegroundWindow
0x42f40c SetWindowLongA
0x42f414 OffsetRect
0x42f418 IntersectRect
0x42f420 GetWindowPlacement
0x42f424 GetWindowRect
0x42f428 GetDesktopWindow
0x42f42c MapDialogRect
0x42f430 SetWindowPos
0x42f434 GetWindow
0x42f43c CopyRect
0x42f440 GetDC
0x42f444 ReleaseDC
0x42f448 UnhookWindowsHookEx
0x42f44c EndDialog
0x42f450 SetActiveWindow
0x42f454 IsWindow
0x42f45c DestroyWindow
0x42f460 GetDlgItem
0x42f468 LoadBitmapA
0x42f46c GetMenuState
0x42f470 ModifyMenuA
0x42f474 SetMenuItemBitmaps
0x42f478 CheckMenuItem
0x42f47c EnableMenuItem
0x42f480 GetFocus
0x42f484 GetNextDlgTabItem
0x42f488 GetMessageA
0x42f48c TranslateMessage
0x42f490 DispatchMessageA
0x42f494 GetActiveWindow
0x42f498 GetKeyState
0x42f49c CallNextHookEx
0x42f4a0 ValidateRect
0x42f4a4 IsWindowVisible
0x42f4a8 PtInRect
0x42f4ac PeekMessageA
0x42f4b0 GetCursorPos
0x42f4b4 SetWindowsHookExA
0x42f4b8 GetParent
0x42f4bc GetLastActivePopup
0x42f4c0 IsWindowEnabled
0x42f4c4 GetWindowLongA
0x42f4c8 SetCursor
0x42f4cc PostQuitMessage
0x42f4d0 CharUpperA
0x42f4d4 wsprintfA
0x42f4d8 EnableWindow
0x42f4dc SetTimer
0x42f4e0 IsIconic
0x42f4e4 GetSystemMetrics
0x42f4e8 GetClientRect
0x42f4ec DrawIcon
0x42f4f0 GetSystemMenu
0x42f4f4 AppendMenuA
0x42f4f8 SendMessageA
0x42f4fc LoadIconA
0x42f500 GetClassNameA
0x42f504 PostMessageA
0x42f508 MessageBoxA
0x42f50c IsWindowUnicode
0x42f510 DefDlgProcA
0x42f514 DrawFocusRect
0x42f518 ExcludeUpdateRgn
0x42f51c ShowCaret
0x42f520 HideCaret
0x42f524 UnregisterClassA
0x42f528 GetMessagePos
Library GDI32.dll:
0x42f028 SetWindowExtEx
0x42f02c ScaleWindowExtEx
0x42f030 IntersectClipRect
0x42f034 DeleteObject
0x42f038 GetDeviceCaps
0x42f03c GetViewportExtEx
0x42f040 GetWindowExtEx
0x42f044 CreateSolidBrush
0x42f048 PtVisible
0x42f04c RectVisible
0x42f050 TextOutA
0x42f054 ExtTextOutA
0x42f058 Escape
0x42f05c GetMapMode
0x42f060 DPtoLP
0x42f064 GetTextColor
0x42f068 GetBkColor
0x42f06c LPtoDP
0x42f070 ScaleViewportExtEx
0x42f074 SetViewportExtEx
0x42f078 OffsetViewportOrgEx
0x42f07c SetViewportOrgEx
0x42f080 SetMapMode
0x42f084 SetBkMode
0x42f088 GetStockObject
0x42f08c SelectObject
0x42f090 RestoreDC
0x42f094 SaveDC
0x42f098 DeleteDC
0x42f09c GetObjectA
0x42f0a0 SetBkColor
0x42f0a4 SetTextColor
0x42f0a8 GetClipBox
0x42f0ac PatBlt
0x42f0b0 GetTextExtentPointA
0x42f0b4 BitBlt
0x42f0b8 CreateCompatibleDC
0x42f0bc CreateDIBitmap
0x42f0c0 CreateBitmap
Library comdlg32.dll:
0x42f584 GetFileTitleA
Library WINSPOOL.DRV:
0x42f574 ClosePrinter
0x42f578 OpenPrinterA
0x42f57c DocumentPropertiesA
Library ADVAPI32.dll:
0x42f000 RegSetValueExA
0x42f004 RegQueryValueExA
0x42f008 RegOpenKeyA
0x42f00c RegCloseKey
0x42f010 RegOpenKeyExA
0x42f014 RegCreateKeyExA
0x42f018 RegCreateKeyA
Library SHELL32.dll:
0x42f32c ShellExecuteA
Library COMCTL32.dll:
0x42f020
Library oledlg.dll:
0x42f5d4
Library ole32.dll:
0x42f594 CoTaskMemFree
0x42f598 CoTaskMemAlloc
0x42f59c CLSIDFromProgID
0x42f5a0 OleUninitialize
0x42f5b0 OleFlushClipboard
0x42f5b4 CoRevokeClassObject
0x42f5b8 CoInitialize
0x42f5bc CoCreateInstance
0x42f5c4 CoGetClassObject
0x42f5c8 CLSIDFromString
0x42f5cc OleInitialize
Library OLEPRO32.DLL:
0x42f320
Library OLEAUT32.dll:
0x42f2fc SysAllocString
0x42f300 SysStringLen
0x42f304 VariantChangeType
0x42f308 VariantCopy
0x42f310 VariantClear
0x42f314 SysAllocStringLen
0x42f318 SysFreeString
Library WININET.dll:
0x42f548 InternetReadFile
0x42f54c InternetWriteFile
0x42f558 InternetOpenUrlA
0x42f55c InternetCloseHandle
0x42f560 InternetOpenA
0x42f56c InternetCrackUrlA

Hosts

No hosts contacted.

TCP

Source Source Port Destination Destination Port
192.168.56.101 49174 61.78.35.222 plugin.netpia.com 80
192.168.56.101 49175 61.78.35.222 plugin.netpia.com 80
192.168.56.101 49189 61.78.35.222 plugin.netpia.com 80

UDP

Source Source Port Destination Destination Port
192.168.56.101 50002 114.114.114.114 53
192.168.56.101 50568 114.114.114.114 53
192.168.56.101 53237 114.114.114.114 53
192.168.56.101 55368 114.114.114.114 53
192.168.56.101 57756 114.114.114.114 53
192.168.56.101 62318 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 123 20.189.79.72 time.windows.com 123
192.168.56.101 51963 224.0.0.252 5355
192.168.56.101 53657 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 57874 224.0.0.252 5355
192.168.56.101 58367 224.0.0.252 5355
192.168.56.101 60384 224.0.0.252 5355
192.168.56.101 62191 224.0.0.252 5355
192.168.56.101 63429 224.0.0.252 5355
192.168.56.101 65004 224.0.0.252 5355
192.168.56.101 1900 239.255.255.250 1900
192.168.56.101 50003 239.255.255.250 3702

HTTP & HTTPS Requests

URI Data
http://plugin.netpia.com/pcclean_v2/updatefiles.hmf 
GET /pcclean_v2/updatefiles.hmf HTTP/1.1
User-Agent: f0e10f4b472259354b365105bf29f9c6
Host: plugin.netpia.com
Cache-Control: no-cache
http://plugin.netpia.com/pcclean_v2/PC-Clean.zip 
GET /pcclean_v2/PC-Clean.zip HTTP/1.1
User-Agent: f0e10f4b472259354b365105bf29f9c6
Host: plugin.netpia.com
Cache-Control: no-cache
http://plugin.netpia.com/pcclean_v2/nReport.zip 
GET /pcclean_v2/nReport.zip HTTP/1.1
User-Agent: f0e10f4b472259354b365105bf29f9c6
Host: plugin.netpia.com
Cache-Control: no-cache

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.