5.6
高危
5 个模型检测该样本为恶意!
重新分析
更多

e553cdeb7da02d6508f713e0cbc3d49cf8bd7270575db8efdfac9cf540620a92

f1854aa783dd6833dfbe2510e1c6adf7.exe

分析耗时

77s

最近分析

文件大小

412.7KB
静态报毒 动态报毒 BACS@6KP8UA CONFIDENCE CONVERTAD GENERIC ML PUA MAILRU SUSPICIOUS PE
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
Alibaba 20190527 0.3.0.5
Baidu 20190318 1.0.0.2
Avast 20200902 18.4.3895.0
Kingsoft 20200902 2013.8.14.323
McAfee 20200902 6.0.6.653
Tencent 20200902 1.0.0.1
CrowdStrike win/malicious_confidence_80% (D) 20190702 1.0
行为判定
动态指标
Performs some HTTP requests (5 个事件)
request GET http://mrds.mail.ru/update/2/version.txt?GUID={0ADAB162-E12D-4DE9-B6F5-46B04A2EFA90}&os=6.1&type=run_loader_run&newrfr=901406
request GET http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAVG%2Fhgj9%2BGUHaOfzhTEYXM%3D
request GET http://status.geotrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBR3enuod9bxDxzpICGW%2B2sabjf17QQUkFj%2FsJx1qFFUd7Ht8qNDFjiebMUCEA8Byg3xePJ2xAXD21b7Wg8%3D
request HEAD https://goappsdl.distribmail.ru/go_installer_pulse.exe
request GET https://goappsdl.distribmail.ru/go_installer_pulse.exe
Resolves a suspicious Top Level Domain (TLD) (1 个事件)
domain goappsdl.distribmail.ru description Russian Federation domain TLD
Allocates read-write-execute memory (usually to unpack itself) (1 个事件)
Time & API Arguments Status Return Repeated
1620006889.781499
NtAllocateVirtualMemory
process_identifier: 648
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x02380000
success 0 0
Drops an executable to the user AppData folder (1 个事件)
file C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\mini_loader_scoped_dir_1619987689\f1854aa783dd6833dfbe2510e1c6adf7.exe.dul!
File has been identified by 5 AntiVirus engines on VirusTotal as malicious (5 个事件)
Invincea Generic ML PUA (PUA)
Comodo Application.Win32.MailRu.BACS@6kp8ua
SentinelOne DFI - Suspicious PE
Jiangmin AdWare.ConvertAd.tpx
CrowdStrike win/malicious_confidence_80% (D)
Checks adapter addresses which can be used to detect virtual network interfaces (1 个事件)
Time & API Arguments Status Return Repeated
1620006886.313499
GetAdaptersAddresses
flags: 0
family: 0
failed 111 0
An executable file was downloaded by the process f1854aa783dd6833dfbe2510e1c6adf7.exe (1 个事件)
Time & API Arguments Status Return Repeated
1620006900.813499
InternetReadFile
buffer: MZÿÿ¸@غ´ Í!¸LÍ!This program cannot be run in DOS mode. $KG6ç&X´&X´&X´ÝB\µ &X´-FYµ&X´&Y´0&X´&X´&X´äB§´&X´&Ï´ &X´äBZµ&X´Rich&X´PELÐ[à"  (Ún@@@oEo@…”Id`ÂnoÈ0oH@G8xG@@ .text&( `.rdata@,@@.data4P<@À.rsrcÂn`Ân>@@.relocH0oo@BU‰åVƒìuôh@VèăÄÿ6ÿ,@@V‹L$‹D$…Ét‹T$ ‰ÆˆIvuø^ÃÌÌÌ1À‰ÇAA@‰A$‰A ‰A‰A‰A‰A‰A‰ÈÆA"fÇA ÃÌU‰åV‰Î‹…Àt Pÿ0@@Ç1ÀÇFA@‰F$‰F ‰F‰F‰F‰F‰FÆF"fÇF ^]ÃU‰åWV‰Î‹}‹…Àt Pÿ0@@Ç1ÀÇFA@‰ñ‰F$‰F ‰F‰F‰F‰F‰FÆF"fÇF Wèÿ4@@‰ñPèo^_]ÂÌU‰åSWVP‹u‰Mðj jVÿ8@@‰Ç…ÿt?WVÿ<@@‰Ã…Ût1WVÿ@@@‰Ç…ÿt#‰øƒàuSÿD@@…Àtƒçþfƒ|8þu‹Mð‰A$ƒÄ^_[]ÂÌU‰åSWVƒì‹E‰Î~‰FWPÿü@@…À‰„5ƒ~‰uìŒé1ۉ}ðCë‹‹=H@@hA@ÿ4˜ÿׅÀtP‹h2A@ÿ4˜ÿׅÀtF‹hFA@ÿ4˜ÿׅÀt?‹1ɋ˜·´ dA@·H‰÷f ×t f9òu&Aƒùrâ‹uìƒÀ ‰F ëoÆF ëiÇFë`ÆF"ëZ1É·¼ rA@·H‰þf Öt f9úuAƒùrâ‹uìƒÀ‰Fë/1É·¼ „A@·H‰þf Ötf9ú‹uì‹UðuAƒùr܋uìƒÀ‰F‹UðC;Œÿÿÿ€~ u1uä1Àf‰Ff‰jVh”A@ÿL@@·ƒø‹uì”Àƒù1”Á ÁˆN °ÆF!ë1ÀƒÄ^_[]ÂÌU‰åSWVƒäøì ¡P@…Àu^t$hjVèýÿÿƒÄ 1ÿ»fÇD$SVÿ4½ÀA@ÿP@@H9ØsjjVÿT@@£P@ë¡P@…Àu GƒÿrÄ¡ P@ë7‹5X@@hŒB@PÿÖ£P@h–B@ÿ5P@ÿÖ£P@h¡B@ÿ5P@ÿÖ£ P@1ۃ=P@„‹ P@…É„…À„ø‹]Sÿ\@@4C…À~·ƒø\tƒÆþ9Þwñ9Þ„΃Æ1ÒJ‰ñèÍ)މljÙÑþ‰|$ ‰ò躋M 1҉ÆJ‰t$è©1ۅö‰D$tv…ÿtr…Àtn1ۍD$‰<$‰X‰‰XPjÿh2@hH@h[@h–@hÑ@h¦@hÀ@ÿP@ƒÄ$‰Ç…ÿt(ÿu ShÚ@SVÿt$Wÿ P@ƒÄ…À•ÃWÿP@ƒÄL$èêL$èáL$ èØë1ۉ؍eô^_[]ÃU‰åSWVƒì‰Ö1ÛSSSSV‰MìQShéýÿ`@@‰Ç…ÿtH1Àƒþÿ‰uð•ÀÇÿd@@WjPÿh@@‰Æ…öt%1ÀPPWV‹]ðSÿuìPhéýÿ`@@ƒûÿtÆD>ÿ‰ó‰ØƒÄ^_[]ÃU‰åÿujÿu ÿuÿl@@]ÃU‰åÿuÿp@@ƒøÀ]ÃU‰åWVP‹E‹M ‹U1ö}ô‰7VWRQPÿt@@…Àt‹Eôë 1ÀÇEôÿÿÿÿHƒÄ^_]ÃU‰åWVP‹E‹M ‹U1ö}ô‰7VWRQPÿx@@…Àt‹Eôë 1ÀÇEôÿÿÿÿHƒÄ^_]ÃU‰åSWVP‹] ¾ÀöÃu‰ÞÁæ÷ցæ@Æ@Áë1ÀƒãƒóPPjÿÿuPhéýÿ|@@‰Ç…ÿt^?‰Eðÿd@@ÿuðjPÿh@@…ÀtNWPjÿÿu1ÿWhéý‰Eðÿ|@@Wh€SW1ÛjV‹uðVÿ€@@‰Çÿd@@VSPÿ„@@ë"1ÀPh€SPë 1ÉQh€SQjVPÿ€@@‰Ç‰øƒÄ^_[]ÃU‰åV‹uÿd@@VjPÿ„@@^]ÃU‰åV‹uÿd@@VjPÿh@@^]ÃU‰åSWVƒì‹Eƒøw,‹} 1ۋwÿ$…¬B@1ÀPh€jPjh@Vÿ€@@‰Ãë`1ÛKë[·G·O]äSQPÿˆ@@…Àt EìPSÿŒ@@…Àt1ÀPPEìPÿwÿ@@ÿwÿp@@1ۅÀ·G•Ãƒà'f‰GPVÿ”@@‰ØƒÄ^_[]ÃÌU‰åV‹1…ötÿd@@VjPÿ„@@^]ÃÌU‰åSWVƒì¶M ‹u‹EUðǁÁ€RjPQèbƒÄ‰Ç»n…ÿ…Mðÿuÿuh E@èA‰Ç…ÿuwÿu‹E‰ÇWèƒÄ…À‰ûtY‹M1ÿ…ÉtL·ƒø"uDQSèvƒÄƒør5·LCþƒù"u+‰EìC‰Ù»lPÿuQèqƒÄ „Àt‹Eì‹MfÇDAü1Ûë1ÿ»oMð‰‰~蛉ðƒÄ^_[]ÃU‰åSWVƒäøƒì‹u |$¶^ ‹F$ÿuÿu‰D$ PÿvSWèìþÿÿƒÄ‹‹O‹}…À‰O‰t&€~!t 1À„Û•Àÿuÿuÿt$ hA@PWèµþÿÿƒÄ‰øeô^_[]ÃU‰åSWVƒäðƒìp‹u‹] ‹}T$WÀ1ÀL$(‰A‰A‰A‰A ‰A‰A‰A ‰A‰A(‰A$‰A0‰A,‰A8‰A4‰A@‰A<ÇD)RQPPhPPPWSÿ˜@@…Àt/ÿt$ÿp@@ÇD$ jÿÿt$ÿœ@@…Àt+¿kÿ @@ëAÿ @@‰ÇSÿ¤@@ƒÿt1ƒÿu>‹Më*D$ Pÿt$ÿ¨@@…ÀtÂÿt$ÿp@@‹|$ 1À‰>ë‹M‰‰F‰ðeô^_[]ËE‰‰~ëìU‰å‹E…Àt0‹M…Ét)‹U ƒúÿtRPhQè3ƒÄëPhQèÈƒÄ ]ÃU‰åWV‹u·ƒø"u5·Ff…ÀtlƒÆ·Àƒø"·t#ƒÆf…ÀuíëT·Èƒù tƒù t ·FƒÆf…Àuçf…Àt6‹} ·Àƒø tƒø thÄB@hWèTƒÄ „ÀtWhû@VèµƒÄ ^_]ÃU‰åSWVì‹}…ÿ„šuì‰ñÿuÿu ÿuè‰ñè=1ö„Àt|Mìè7…Àtp1öàýÿÿf‰³f‰3ÿ7hSèžƒÄ „ÀtJÿuhSèÃƒÄ „Àt5MìSèÿ„Àt(h0D@‹]SèZƒÄ„Àt"…àýÿÿPhÿwë21ö‰ðÄ^_[]Âh>D@Sè&ƒÄ„Àtߍ…àýÿÿPhÿwèƒÄ „ÀtÄ1öFë¿U‰åSWVƒäøì` ‹}‹u\$ 1Àf‰ƒf‰VhSèÛƒÄ „À„ShD@hSèú
request_handle: 0x00cc000c
success 1 0
网络通信
Communicates with host for which no DNS query was performed (2 个事件)
host 172.217.24.14
host 58.63.233.69
Sets or modifies WPAD proxy autoconfiguration file for traffic interception (15 个事件)
Time & API Arguments Status Return Repeated
1620006889.000499
RegSetValueExA
key_handle: 0x00000330
value: 1
regkey_r: WpadDecisionReason
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionReason
success 0 0
1620006889.000499
RegSetValueExA
key_handle: 0x00000330
value: €z­˜’?×
regkey_r: WpadDecisionTime
reg_type: 3 (REG_BINARY)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionTime
success 0 0
1620006889.000499
RegSetValueExA
key_handle: 0x00000330
value: 3
regkey_r: WpadDecision
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecision
success 0 0
1620006889.000499
RegSetValueExW
key_handle: 0x00000330
value: 网络 2
regkey_r: WpadNetworkName
reg_type: 1 (REG_SZ)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadNetworkName
success 0 0
1620006889.000499
RegSetValueExA
key_handle: 0x00000348
value: 1
regkey_r: WpadDecisionReason
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionReason
success 0 0
1620006889.000499
RegSetValueExA
key_handle: 0x00000348
value: €z­˜’?×
regkey_r: WpadDecisionTime
reg_type: 3 (REG_BINARY)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionTime
success 0 0
1620006889.000499
RegSetValueExA
key_handle: 0x00000348
value: 3
regkey_r: WpadDecision
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecision
success 0 0
1620006889.047499
RegSetValueExW
key_handle: 0x0000032c
value: {40112ABE-63B3-43C3-BE93-1440EE3AF106}
regkey_r: WpadLastNetwork
reg_type: 1 (REG_SZ)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\WpadLastNetwork
success 0 0
1620006889.719499
RegSetValueExA
key_handle: 0x000003c4
value: 1
regkey_r: WpadDecisionReason
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionReason
success 0 0
1620006889.719499
RegSetValueExA
key_handle: 0x000003c4
value: p0™’?×
regkey_r: WpadDecisionTime
reg_type: 3 (REG_BINARY)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionTime
success 0 0
1620006889.719499
RegSetValueExA
key_handle: 0x000003c4
value: 0
regkey_r: WpadDecision
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecision
success 0 0
1620006889.719499
RegSetValueExW
key_handle: 0x000003c4
value: 网络 2
regkey_r: WpadNetworkName
reg_type: 1 (REG_SZ)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadNetworkName
success 0 0
1620006889.719499
RegSetValueExA
key_handle: 0x000003d4
value: 1
regkey_r: WpadDecisionReason
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionReason
success 0 0
1620006889.719499
RegSetValueExA
key_handle: 0x000003d4
value: p0™’?×
regkey_r: WpadDecisionTime
reg_type: 3 (REG_BINARY)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionTime
success 0 0
1620006889.719499
RegSetValueExA
key_handle: 0x000003d4
value: 0
regkey_r: WpadDecision
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecision
success 0 0
Generates some ICMP traffic
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

2018-04-03 20:15:13

Imports

Library KERNEL32.dll:
0x431050 UnmapViewOfFile
0x431054 CreateFileMappingW
0x431058 MapViewOfFile
0x43105c VirtualQuery
0x431060 GetModuleFileNameW
0x431064 GetACP
0x431068 GetModuleHandleW
0x43106c GetProcAddress
0x431074 CreateDirectoryW
0x431078 RemoveDirectoryW
0x43107c GetFileAttributesW
0x431080 DeleteFileW
0x431084 GetCurrentProcessId
0x431088 GlobalAlloc
0x43108c GlobalLock
0x431090 GlobalUnlock
0x431094 GetStartupInfoW
0x431098 CreateProcessW
0x43109c GetExitCodeProcess
0x4310a0 GetTempPathW
0x4310a4 SizeofResource
0x4310a8 FreeResource
0x4310ac LockResource
0x4310b0 LoadLibraryW
0x4310b4 LoadResource
0x4310b8 FindResourceW
0x4310bc FreeLibrary
0x4310c0 MultiByteToWideChar
0x4310c4 MoveFileExW
0x4310c8 WideCharToMultiByte
0x4310cc MoveFileW
0x4310d0 GetCurrentProcess
0x4310d4 GetVersionExW
0x4310d8 GetNativeSystemInfo
0x4310dc SetFileAttributesW
0x4310e0 lstrcmpiW
0x4310e4 CreateFileW
0x4310f4 GetCommandLineA
0x4310f8 GetOEMCP
0x4310fc IsValidCodePage
0x431104 FindFirstFileExW
0x431108 FindClose
0x43110c WriteConsoleW
0x431110 GetFullPathNameW
0x43111c SetStdHandle
0x431120 EnumSystemLocalesW
0x431124 GetUserDefaultLCID
0x431128 IsValidLocale
0x43112c GetStdHandle
0x431130 ExitProcess
0x431134 SetEndOfFile
0x431138 SetFilePointerEx
0x43113c GetConsoleCP
0x431140 WriteFile
0x43114c PeekNamedPipe
0x431150 GetFileType
0x431154 GetDriveTypeW
0x431158 ReadConsoleW
0x43115c GetConsoleMode
0x431160 ReadFile
0x431164 CopyFileW
0x431168 GetProcessHeap
0x43116c LocalFree
0x431170 HeapAlloc
0x431174 HeapReAlloc
0x431178 HeapSize
0x43117c GetCommandLineW
0x431180 HeapFree
0x431184 CloseHandle
0x431188 GetCurrentThreadId
0x431190 SetLastError
0x431198 DecodePointer
0x43119c RaiseException
0x4311a0 GetLastError
0x4311ac SetFileTime
0x4311b0 GetModuleHandleExW
0x4311b8 ExitThread
0x4311bc CreateThread
0x4311c0 LoadLibraryExW
0x4311c4 RtlUnwind
0x4311c8 FlushFileBuffers
0x4311d0 TerminateProcess
0x4311d4 FindNextFileW
0x4311e8 ResetEvent
0x4311ec SetEvent
0x4311f0 LoadLibraryExA
0x4311f4 VirtualFree
0x4311f8 VirtualAlloc
0x43120c InitializeSListHead
0x431210 OutputDebugStringW
0x431214 IsDebuggerPresent
0x431218 GetCPInfo
0x43121c GetLocaleInfoW
0x431220 LCMapStringW
0x431224 CompareStringW
0x43122c TlsFree
0x431230 TlsSetValue
0x431234 TlsGetValue
0x431238 TlsAlloc
0x43123c CreateEventW
0x431240 EncodePointer
0x431244 GetStringTypeW
Library USER32.dll:
0x431264 ReleaseCapture
0x431268 PtInRect
0x43126c DialogBoxParamW
0x431270 GetParent
0x431274 UpdateLayeredWindow
0x431278 GetDlgItem
0x43127c GetClientRect
0x431280 SetWindowLongW
0x431284 wsprintfW
0x431288 MoveWindow
0x43128c MapWindowPoints
0x431290 ClientToScreen
0x431294 CopyRect
0x431298 GetMonitorInfoW
0x43129c GetCapture
0x4312a0 IsWindow
0x4312a4 ShowWindow
0x4312a8 WindowFromPoint
0x4312ac SetWindowTextW
0x4312b0 GetSystemMetrics
0x4312b4 EndDialog
0x4312b8 SendMessageW
0x4312bc ScreenToClient
0x4312c0 FillRect
0x4312c4 MonitorFromWindow
0x4312c8 SetWindowPos
0x4312cc IsWindowVisible
0x4312d0 GetWindowRect
0x4312d4 GetWindow
0x4312d8 CallWindowProcW
0x4312dc DefWindowProcW
0x4312e0 GetWindowLongW
0x4312e4 UnregisterClassW
0x4312e8 EndPaint
0x4312ec BeginPaint
0x4312f0 GetCursorPos
0x4312f4 InvalidateRect
0x4312f8 KillTimer
0x4312fc LoadImageW
0x431300 SetTimer
0x431304 GetActiveWindow
Library GDI32.dll:
0x43101c SetTextColor
0x431020 SetBkMode
0x431024 BitBlt
0x43102c SelectObject
0x431030 CreateDIBSection
0x431034 CreateCompatibleDC
0x431038 DeleteDC
0x43103c SetViewportOrgEx
0x431040 DeleteObject
0x431044 CreateSolidBrush
0x431048 GetStockObject
Library ADVAPI32.dll:
0x431000 RegCreateKeyExW
0x431004 RegSetValueExW
0x431008 RegQueryValueExW
0x43100c RegCloseKey
Library SHELL32.dll:
0x43124c CommandLineToArgvW
0x431250 ShellExecuteW
Library ole32.dll:
0x431398 CoTaskMemFree
0x4313a0 CoCreateGuid
0x4313a4 StringFromCLSID
Library SHLWAPI.dll:
0x431258 PathFileExistsW
0x43125c PathFindFileNameW
Library COMCTL32.dll:
0x431014 _TrackMouseEvent
Library gdiplus.dll:
0x431314 GdipGetImageWidth
0x431318 GdipGetImageHeight
0x431320 GdiplusShutdown
0x431328 GdipDrawImageI
0x43132c GdipDeleteFont
0x431334 GdipDeleteGraphics
0x43133c GdipMeasureString
0x431344 GdipCreateFromHDC
0x431348 GdipDrawString
0x43134c GdipFree
0x431354 GdipCreateSolidFill
0x431358 GdipCreateFont
0x43135c GdipCreatePath
0x431364 GdipDisposeImage
0x431368 GdipDeletePath
0x431370 GdipDrawImageRectI
0x431374 GdipAlloc
0x431378 GdipDeleteBrush
0x43137c GdipCloneImage
0x43138c GdipFillRectangle
0x431390 GdiplusStartup

Hosts

No hosts contacted.

TCP

Source Source Port Destination Destination Port
192.168.56.101 49180 117.18.237.29 status.geotrust.com 80
192.168.56.101 49177 217.69.139.245 mrds.mail.ru 80
192.168.56.101 49178 5.181.61.0 goappsdl.distribmail.ru 443
192.168.56.101 49181 5.181.61.0 goappsdl.distribmail.ru 443
192.168.56.101 49179 93.184.220.29 ocsp.digicert.com 80
58.63.233.69 80 192.168.56.101 49183

UDP

Source Source Port Destination Destination Port
192.168.56.101 49235 114.114.114.114 53
192.168.56.101 50534 114.114.114.114 53
192.168.56.101 51378 114.114.114.114 53
192.168.56.101 53657 114.114.114.114 53
192.168.56.101 56539 114.114.114.114 53
192.168.56.101 65004 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 51808 224.0.0.252 5355
192.168.56.101 55368 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 60123 224.0.0.252 5355
192.168.56.101 62191 224.0.0.252 5355
192.168.56.101 62318 224.0.0.252 5355
192.168.56.101 1900 239.255.255.250 1900
192.168.56.101 50535 239.255.255.250 3702
192.168.56.101 56540 239.255.255.250 3702
192.168.56.101 56807 239.255.255.250 1900
192.168.56.101 58707 239.255.255.250 3702
192.168.56.101 51378 8.8.8.8 53

HTTP & HTTPS Requests

URI Data
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAVG%2Fhgj9%2BGUHaOfzhTEYXM%3D 
GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAVG%2Fhgj9%2BGUHaOfzhTEYXM%3D HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.digicert.com
http://mrds.mail.ru/update/2/version.txt?GUID={0ADAB162-E12D-4DE9-B6F5-46B04A2EFA90}&os=6.1&type=run_loader_run&newrfr=901406 
GET /update/2/version.txt?GUID={0ADAB162-E12D-4DE9-B6F5-46B04A2EFA90}&os=6.1&type=run_loader_run&newrfr=901406 HTTP/1.1
User-Agent: GoLoader
Host: mrds.mail.ru
Cache-Control: no-cache
http://status.geotrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBR3enuod9bxDxzpICGW%2B2sabjf17QQUkFj%2FsJx1qFFUd7Ht8qNDFjiebMUCEA8Byg3xePJ2xAXD21b7Wg8%3D 
GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBR3enuod9bxDxzpICGW%2B2sabjf17QQUkFj%2FsJx1qFFUd7Ht8qNDFjiebMUCEA8Byg3xePJ2xAXD21b7Wg8%3D HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: status.geotrust.com

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.