Cuckoo Sandbox

Category	Started On	Completed On	Duration	Cuckoo Version
FILE	2022-06-14 16:49:18.467691	2022-06-14 16:53:14.798484	236 seconds	2.0-dev

Machine	Label	Manager	Started On	Shutdown On
win7cuckoo	win7 Clone 1	VirtualBox	2022-06-14 16:52:07	2022-06-14 16:53:14

File Details

File name	929e6009745e468f741b2cb71844ca65604d850b.exe
File size	2634584 bytes
File type	PE32 executable (GUI) Intel 80386, for MS Windows
CRC32	E433953B
MD5	15f4dbcec876fe73985b98ff75b9bd57
SHA1	929e6009745e468f741b2cb71844ca65604d850b
SHA256	146d7adf8f2cf2435f65c851e08737407b99c4945b65a6d589b51fbf91da89c7
SHA512	81eb5d54d49aa245aca72e1469f647452f0151323de8c4ad60994dcf817bedf65733ad53b2729c87bd93d780b442e7ae063b1ab857e52fa462d0c1bb61d562e3
Ssdeep	None
PEiD	None matched
Yara	SEH_Save () SEH_Init () Check_OutputDebugStringA_iat () anti_dbg (Checks if being debugged) win_hook (Affect hook table) contains_base64 (This rule finds for base64 strings) screenshot (Take screenshot) keylogger (Run a keylogger) win_mutex (Create or check mutex) win_registry (Affect system registries) win_private_profile (Affect private profile) win_files_operation (Affect private profile) maldoc_find_kernel32_base_method_1 () maldoc_getEIP_method_1 () IsPE32 () IsWindowsGUI () HasOverlay (Overlay Check) HasDigitalSignature (DigitalSignature Check) HasDebugData (DebugData Check) HasRichSignature (Rich Signature Check) VC8_Microsoft_Corporation () Microsoft_Visual_Cpp_8 ()
VirusTotal	File not found on VirusTotal

MetaFlows Scores

Metaflows Analysis Results (Signatures=50, Anomalies=0, PEiD=0, Yara=0, VT[1655240135]=0): Snort Events=0, AV Events=0
Total Score=50

Signatures

has_pdb details

nolookup_communication details

origin_langid details

Screenshots

No screenshots available.

Static Analysis

Version Infos

Sections

Name	Virtual Address	Virtual Size	Size of Raw Data	Entropy
.text	0x00001000	0x0019e9ea	0x0019ea00	6.51456910166
.rdata	0x001a0000	0x00056946	0x00056a00	5.09164656306
.data	0x001f7000	0x0000b760	0x00007000	4.87467468195
.rsrc	0x00203000	0x0005fc90	0x0005fe00	6.7483123025
.reloc	0x00263000	0x000249fc	0x00024a00	6.57239680787

Resources

Name	Offset	Size	Language	Sub-language	File type
RT_CURSOR	0x0025f260	0x00000134	LANG_KOREAN	SUBLANG_KOREAN	data
RT_CURSOR	0x0025f260	0x00000134	LANG_KOREAN	SUBLANG_KOREAN	data
RT_CURSOR	0x0025f260	0x00000134	LANG_KOREAN	SUBLANG_KOREAN	data
RT_CURSOR	0x0025f260	0x00000134	LANG_KOREAN	SUBLANG_KOREAN	data
RT_CURSOR	0x0025f260	0x00000134	LANG_KOREAN	SUBLANG_KOREAN	data
RT_CURSOR	0x0025f260	0x00000134	LANG_KOREAN	SUBLANG_KOREAN	data
RT_CURSOR	0x0025f260	0x00000134	LANG_KOREAN	SUBLANG_KOREAN	data
RT_CURSOR	0x0025f260	0x00000134	LANG_KOREAN	SUBLANG_KOREAN	data
RT_CURSOR	0x0025f260	0x00000134	LANG_KOREAN	SUBLANG_KOREAN	data
RT_CURSOR	0x0025f260	0x00000134	LANG_KOREAN	SUBLANG_KOREAN	data
RT_CURSOR	0x0025f260	0x00000134	LANG_KOREAN	SUBLANG_KOREAN	data
RT_CURSOR	0x0025f260	0x00000134	LANG_KOREAN	SUBLANG_KOREAN	data
RT_CURSOR	0x0025f260	0x00000134	LANG_KOREAN	SUBLANG_KOREAN	data
RT_CURSOR	0x0025f260	0x00000134	LANG_KOREAN	SUBLANG_KOREAN	data
RT_CURSOR	0x0025f260	0x00000134	LANG_KOREAN	SUBLANG_KOREAN	data
RT_CURSOR	0x0025f260	0x00000134	LANG_KOREAN	SUBLANG_KOREAN	data
RT_BITMAP	0x0025f588	0x00000144	LANG_KOREAN	SUBLANG_KOREAN	data
RT_BITMAP	0x0025f588	0x00000144	LANG_KOREAN	SUBLANG_KOREAN	data
RT_ICON	0x0025c208	0x000010a8	LANG_KOREAN	SUBLANG_KOREAN	data
RT_ICON	0x0025c208	0x000010a8	LANG_KOREAN	SUBLANG_KOREAN	data
RT_ICON	0x0025c208	0x000010a8	LANG_KOREAN	SUBLANG_KOREAN	data
RT_ICON	0x0025c208	0x000010a8	LANG_KOREAN	SUBLANG_KOREAN	data
RT_ICON	0x0025c208	0x000010a8	LANG_KOREAN	SUBLANG_KOREAN	data
RT_ICON	0x0025c208	0x000010a8	LANG_KOREAN	SUBLANG_KOREAN	data
RT_ICON	0x0025c208	0x000010a8	LANG_KOREAN	SUBLANG_KOREAN	data
RT_ICON	0x0025c208	0x000010a8	LANG_KOREAN	SUBLANG_KOREAN	data
RT_ICON	0x0025c208	0x000010a8	LANG_KOREAN	SUBLANG_KOREAN	data
RT_ICON	0x0025c208	0x000010a8	LANG_KOREAN	SUBLANG_KOREAN	data
RT_ICON	0x0025c208	0x000010a8	LANG_KOREAN	SUBLANG_KOREAN	data
RT_ICON	0x0025c208	0x000010a8	LANG_KOREAN	SUBLANG_KOREAN	data
RT_MENU	0x0025def0	0x00000046	LANG_KOREAN	SUBLANG_KOREAN	data
RT_DIALOG	0x0025f498	0x00000034	LANG_KOREAN	SUBLANG_KOREAN	data
RT_DIALOG	0x0025f498	0x00000034	LANG_KOREAN	SUBLANG_KOREAN	data
RT_DIALOG	0x0025f498	0x00000034	LANG_KOREAN	SUBLANG_KOREAN	data
RT_DIALOG	0x0025f498	0x00000034	LANG_KOREAN	SUBLANG_KOREAN	data
RT_DIALOG	0x0025f498	0x00000034	LANG_KOREAN	SUBLANG_KOREAN	data
RT_DIALOG	0x0025f498	0x00000034	LANG_KOREAN	SUBLANG_KOREAN	data
RT_DIALOG	0x0025f498	0x00000034	LANG_KOREAN	SUBLANG_KOREAN	data
RT_STRING	0x00262368	0x0000053e	LANG_KOREAN	SUBLANG_KOREAN	data
RT_STRING	0x00262368	0x0000053e	LANG_KOREAN	SUBLANG_KOREAN	data
RT_STRING	0x00262368	0x0000053e	LANG_KOREAN	SUBLANG_KOREAN	data
RT_STRING	0x00262368	0x0000053e	LANG_KOREAN	SUBLANG_KOREAN	data
RT_STRING	0x00262368	0x0000053e	LANG_KOREAN	SUBLANG_KOREAN	data
RT_STRING	0x00262368	0x0000053e	LANG_KOREAN	SUBLANG_KOREAN	data
RT_STRING	0x00262368	0x0000053e	LANG_KOREAN	SUBLANG_KOREAN	data
RT_STRING	0x00262368	0x0000053e	LANG_KOREAN	SUBLANG_KOREAN	data
RT_STRING	0x00262368	0x0000053e	LANG_KOREAN	SUBLANG_KOREAN	data
RT_STRING	0x00262368	0x0000053e	LANG_KOREAN	SUBLANG_KOREAN	data
RT_STRING	0x00262368	0x0000053e	LANG_KOREAN	SUBLANG_KOREAN	data
RT_STRING	0x00262368	0x0000053e	LANG_KOREAN	SUBLANG_KOREAN	data
RT_STRING	0x00262368	0x0000053e	LANG_KOREAN	SUBLANG_KOREAN	data
RT_STRING	0x00262368	0x0000053e	LANG_KOREAN	SUBLANG_KOREAN	data
RT_STRING	0x00262368	0x0000053e	LANG_KOREAN	SUBLANG_KOREAN	data
RT_STRING	0x00262368	0x0000053e	LANG_KOREAN	SUBLANG_KOREAN	data
RT_STRING	0x00262368	0x0000053e	LANG_KOREAN	SUBLANG_KOREAN	data
RT_STRING	0x00262368	0x0000053e	LANG_KOREAN	SUBLANG_KOREAN	data
RT_STRING	0x00262368	0x0000053e	LANG_KOREAN	SUBLANG_KOREAN	data
RT_STRING	0x00262368	0x0000053e	LANG_KOREAN	SUBLANG_KOREAN	data
RT_STRING	0x00262368	0x0000053e	LANG_KOREAN	SUBLANG_KOREAN	data
RT_GROUP_CURSOR	0x0025f398	0x00000014	LANG_KOREAN	SUBLANG_KOREAN	Lotus 1-2-3
RT_GROUP_CURSOR	0x0025f398	0x00000014	LANG_KOREAN	SUBLANG_KOREAN	Lotus 1-2-3
RT_GROUP_CURSOR	0x0025f398	0x00000014	LANG_KOREAN	SUBLANG_KOREAN	Lotus 1-2-3
RT_GROUP_CURSOR	0x0025f398	0x00000014	LANG_KOREAN	SUBLANG_KOREAN	Lotus 1-2-3
RT_GROUP_CURSOR	0x0025f398	0x00000014	LANG_KOREAN	SUBLANG_KOREAN	Lotus 1-2-3
RT_GROUP_CURSOR	0x0025f398	0x00000014	LANG_KOREAN	SUBLANG_KOREAN	Lotus 1-2-3
RT_GROUP_CURSOR	0x0025f398	0x00000014	LANG_KOREAN	SUBLANG_KOREAN	Lotus 1-2-3
RT_GROUP_CURSOR	0x0025f398	0x00000014	LANG_KOREAN	SUBLANG_KOREAN	Lotus 1-2-3
RT_GROUP_CURSOR	0x0025f398	0x00000014	LANG_KOREAN	SUBLANG_KOREAN	Lotus 1-2-3
RT_GROUP_CURSOR	0x0025f398	0x00000014	LANG_KOREAN	SUBLANG_KOREAN	Lotus 1-2-3
RT_GROUP_CURSOR	0x0025f398	0x00000014	LANG_KOREAN	SUBLANG_KOREAN	Lotus 1-2-3
RT_GROUP_CURSOR	0x0025f398	0x00000014	LANG_KOREAN	SUBLANG_KOREAN	Lotus 1-2-3
RT_GROUP_CURSOR	0x0025f398	0x00000014	LANG_KOREAN	SUBLANG_KOREAN	Lotus 1-2-3
RT_GROUP_CURSOR	0x0025f398	0x00000014	LANG_KOREAN	SUBLANG_KOREAN	Lotus 1-2-3
RT_GROUP_CURSOR	0x0025f398	0x00000014	LANG_KOREAN	SUBLANG_KOREAN	Lotus 1-2-3
RT_GROUP_ICON	0x0025d2b0	0x00000030	LANG_KOREAN	SUBLANG_KOREAN	MS Windows icon resource - 3 icons, 16x16, 256-colors
RT_GROUP_ICON	0x0025d2b0	0x00000030	LANG_KOREAN	SUBLANG_KOREAN	MS Windows icon resource - 3 icons, 16x16, 256-colors
RT_VERSION	0x0025db80	0x0000036c	LANG_KOREAN	SUBLANG_KOREAN	data
RT_MANIFEST	0x00203f60	0x000002b8	LANG_KOREAN	SUBLANG_KOREAN	XML document text
RT_MANIFEST	0x00203f60	0x000002b8	LANG_KOREAN	SUBLANG_KOREAN	XML document text

Imports

Library libnelo2.dll:

• 0x5a09cc - ?destory@NELO2Log@@QAEXXZ

• 0x5a09d0 - ??1NELO2Log@@QAE@XZ

• 0x5a09d4 - ??0NELO2Log@@QAE@XZ

• 0x5a09d8 - ?initialize@NELO2Log@@QAEHPBD0000H_N@Z

• 0x5a09dc - ?closeCrashCatcher@NELO2Log@@QAEXXZ

• 0x5a09e0 - ?setLogLevel@NELO2Log@@QAEXW4_NELO_LOG_LEVEL@@@Z

• 0x5a09e4 - ?openCrashCatcher@NELO2Log@@QAE_N_NW4NELO_LANG_TYPE@@PBD@Z

• 0x5a09e8 - ?handleWindowsPureVitualCall@NELO2Log@@SAXXZ

• 0x5a09ec - ?sendLog@NELO2Log@@QAE_NW4_NELO_LOG_LEVEL@@PBD@Z

• 0x5a09f0 - ?handleWindowsInvalidParameter@NELO2Log@@SAXPB_W00II@Z

Library NLiveConnector.dll:

• 0x5a04e0 - None

Library KERNEL32.dll:

• 0x5a01d8 - SetThreadAffinityMask

• 0x5a01dc - GetProcessAffinityMask

• 0x5a01e0 - GetNumaHighestNodeNumber

• 0x5a01e4 - DeleteTimerQueueTimer

• 0x5a01e8 - ChangeTimerQueueTimer

• 0x5a01ec - CreateTimerQueueTimer

• 0x5a01f0 - GetLogicalProcessorInformation

• 0x5a01f4 - GetThreadPriority

• 0x5a01f8 - SignalObjectAndWait

• 0x5a01fc - WriteConsoleW

• 0x5a0200 - CreateFileW

• 0x5a0204 - SetEnvironmentVariableW

• 0x5a0208 - FreeEnvironmentStringsW

• 0x5a020c - GetEnvironmentStringsW

• 0x5a0210 - IsValidCodePage

• 0x5a0214 - FindFirstFileExW

• 0x5a0218 - SetFilePointerEx

• 0x5a021c - GetConsoleMode

• 0x5a0220 - GetConsoleCP

• 0x5a0224 - GetTimeZoneInformation

• 0x5a0228 - GetStringTypeW

• 0x5a022c - GetSystemTimeAsFileTime

• 0x5a0230 - IsProcessorFeaturePresent

• 0x5a0234 - CompareStringW

• 0x5a0238 - GetStdHandle

• 0x5a023c - ExitProcess

• 0x5a0240 - GetFileType

• 0x5a0244 - SetStdHandle

• 0x5a0248 - HeapQueryInformation

• 0x5a024c - GetModuleHandleExW

• 0x5a0250 - FreeLibraryAndExitThread

• 0x5a0254 - ExitThread

• 0x5a0258 - CreateThread

• 0x5a025c - GetCommandLineW

• 0x5a0260 - GetCommandLineA

• 0x5a0264 - VirtualQuery

• 0x5a0268 - VirtualAlloc

• 0x5a026c - GetSystemInfo

• 0x5a0270 - InterlockedFlushSList

• 0x5a0274 - InterlockedPushEntrySList

• 0x5a0278 - RtlUnwind

• 0x5a027c - QueryPerformanceFrequency

• 0x5a0280 - SwitchToThread

• 0x5a0284 - TryEnterCriticalSection

• 0x5a0288 - OutputDebugStringW

• 0x5a028c - InitializeSListHead

• 0x5a0290 - QueryPerformanceCounter

• 0x5a0294 - GetStartupInfoW

• 0x5a0298 - SetUnhandledExceptionFilter

• 0x5a029c - UnhandledExceptionFilter

• 0x5a02a0 - CreateEventW

• 0x5a02a4 - WaitForSingleObjectEx

• 0x5a02a8 - ResetEvent

• 0x5a02ac - GetTempFileNameA

• 0x5a02b0 - Sleep

• 0x5a02b4 - SearchPathA

• 0x5a02b8 - GetProfileIntA

• 0x5a02bc - GetTempPathA

• 0x5a02c0 - GetTickCount

• 0x5a02c4 - SystemTimeToTzSpecificLocalTime

• 0x5a02c8 - IsDebuggerPresent

• 0x5a02cc - GetFileTime

• 0x5a02d0 - GetFileSizeEx

• 0x5a02d4 - GetFileAttributesExA

• 0x5a02d8 - FileTimeToLocalFileTime

• 0x5a02dc - SetErrorMode

• 0x5a02e0 - GetFileAttributesA

• 0x5a02e4 - FindResourceExW

• 0x5a02e8 - GetWindowsDirectoryA

• 0x5a02ec - GetVolumeInformationA

• 0x5a02f0 - lstrcmpiA

• 0x5a02f4 - DuplicateHandle

• 0x5a02f8 - WriteFile

• 0x5a02fc - UnlockFile

• 0x5a0300 - SetFilePointer

• 0x5a0304 - SetEndOfFile

• 0x5a0308 - ReadFile

• 0x5a030c - LockFile

• 0x5a0310 - GetFullPathNameA

• 0x5a0314 - GetFileSize

• 0x5a0318 - FlushFileBuffers

• 0x5a031c - FindFirstFileA

• 0x5a0320 - CreateFileA

• 0x5a0324 - DeleteFileA

• 0x5a0328 - GetCurrentDirectoryA

• 0x5a032c - lstrcpyA

• 0x5a0330 - GetCPInfo

• 0x5a0334 - GetOEMCP

• 0x5a0338 - VirtualProtect

• 0x5a033c - GetUserDefaultUILanguage

• 0x5a0340 - GetSystemDefaultUILanguage

• 0x5a0344 - GetLocaleInfoW

• 0x5a0348 - GlobalFlags

• 0x5a034c - GetACP

• 0x5a0350 - GetThreadLocale

• 0x5a0354 - LocalReAlloc

• 0x5a0358 - LocalAlloc

• 0x5a035c - GlobalHandle

• 0x5a0360 - GlobalReAlloc

• 0x5a0364 - TlsFree

• 0x5a0368 - TlsSetValue

• 0x5a036c - TlsGetValue

• 0x5a0370 - TlsAlloc

• 0x5a0374 - InitializeCriticalSection

• 0x5a0378 - LeaveCriticalSection

• 0x5a037c - EnterCriticalSection

• 0x5a0380 - ResumeThread

• 0x5a0384 - SetThreadPriority

• 0x5a0388 - WaitForSingleObject

• 0x5a038c - SetEvent

• 0x5a0390 - WritePrivateProfileStringA

• 0x5a0394 - GetPrivateProfileStringA

• 0x5a0398 - GetPrivateProfileIntA

• 0x5a039c - GetVersionExA

• 0x5a03a0 - GetCurrentThread

• 0x5a03a4 - GetCurrentProcessId

• 0x5a03a8 - lstrcmpA

• 0x5a03ac - CompareStringA

• 0x5a03b0 - GlobalGetAtomNameA

• 0x5a03b4 - GlobalFindAtomA

• 0x5a03b8 - GlobalAddAtomA

• 0x5a03bc - lstrcmpW

• 0x5a03c0 - GlobalDeleteAtom

• 0x5a03c4 - LoadLibraryExW

• 0x5a03c8 - FreeLibrary

• 0x5a03cc - GetSystemDirectoryW

• 0x5a03d0 - GetCurrentThreadId

• 0x5a03d4 - EncodePointer

• 0x5a03d8 - LoadLibraryA

• 0x5a03dc - FindResourceA

• 0x5a03e0 - LoadLibraryW

• 0x5a03e4 - GetProcAddress

• 0x5a03e8 - GetModuleHandleW

• 0x5a03ec - GetModuleHandleA

• 0x5a03f0 - SetLastError

• 0x5a03f4 - CopyFileA

• 0x5a03f8 - FormatMessageA

• 0x5a03fc - MulDiv

• 0x5a0400 - GlobalFree

• 0x5a0404 - GlobalUnlock

• 0x5a0408 - GlobalLock

• 0x5a040c - GlobalSize

• 0x5a0410 - GlobalAlloc

• 0x5a0414 - MultiByteToWideChar

• 0x5a0418 - LocalFree

• 0x5a041c - GetVersion

• 0x5a0420 - VerifyVersionInfoA

• 0x5a0424 - VerSetConditionMask

• 0x5a0428 - GetProcessHeap

• 0x5a042c - DeleteCriticalSection

• 0x5a0430 - DecodePointer

• 0x5a0434 - HeapAlloc

• 0x5a0438 - RaiseException

• 0x5a043c - HeapReAlloc

• 0x5a0440 - HeapSize

• 0x5a0444 - InitializeCriticalSectionAndSpinCount

• 0x5a0448 - HeapFree

• 0x5a044c - FindClose

• 0x5a0450 - FindNextFileW

• 0x5a0454 - DeleteFileW

• 0x5a0458 - FindFirstFileW

• 0x5a045c - FileTimeToSystemTime

• 0x5a0460 - SystemTimeToFileTime

• 0x5a0464 - GetLocalTime

• 0x5a0468 - GetCurrentProcess

• 0x5a046c - TerminateProcess

• 0x5a0470 - FreeConsole

• 0x5a0474 - AllocConsole

• 0x5a0478 - GetModuleFileNameW

• 0x5a047c - GetModuleFileNameA

• 0x5a0480 - CloseHandle

• 0x5a0484 - GetLastError

• 0x5a0488 - CreateMutexA

• 0x5a048c - OutputDebugStringA

• 0x5a0490 - FindResourceW

• 0x5a0494 - LoadResource

• 0x5a0498 - LockResource

• 0x5a049c - SizeofResource

• 0x5a04a0 - WideCharToMultiByte

• 0x5a04a4 - RegisterWaitForSingleObject

• 0x5a04a8 - UnregisterWait

• 0x5a04ac - GetThreadTimes

• 0x5a04b0 - GetVersionExW

• 0x5a04b4 - VirtualFree

• 0x5a04b8 - ReleaseSemaphore

• 0x5a04bc - InterlockedPopEntrySList

• 0x5a04c0 - QueryDepthSList

• 0x5a04c4 - UnregisterWaitEx

• 0x5a04c8 - CreateTimerQueue

• 0x5a04cc - LCMapStringW

Library USER32.dll:

• 0x5a0584 - LoadCursorW

• 0x5a0588 - WindowFromPoint

• 0x5a058c - ReleaseCapture

• 0x5a0590 - SetCapture

• 0x5a0594 - WaitMessage

• 0x5a0598 - LoadImageW

• 0x5a059c - DestroyIcon

• 0x5a05a0 - InvalidateRect

• 0x5a05a4 - TrackMouseEvent

• 0x5a05a8 - GetAsyncKeyState

• 0x5a05ac - CopyImage

• 0x5a05b0 - RealChildWindowFromPoint

• 0x5a05b4 - LoadCursorA

• 0x5a05b8 - GetSysColorBrush

• 0x5a05bc - SystemParametersInfoA

• 0x5a05c0 - GetMenuItemInfoA

• 0x5a05c4 - DestroyMenu

• 0x5a05c8 - SetCursor

• 0x5a05cc - ShowOwnedPopups

• 0x5a05d0 - TranslateMessage

• 0x5a05d4 - GetMessageA

• 0x5a05d8 - MapDialogRect

• 0x5a05dc - SetWindowContextHelpId

• 0x5a05e0 - IntersectRect

• 0x5a05e4 - InflateRect

• 0x5a05e8 - GetWindowThreadProcessId

• 0x5a05ec - FillRect

• 0x5a05f0 - ClientToScreen

• 0x5a05f4 - GetWindowDC

• 0x5a05f8 - TabbedTextOutA

• 0x5a05fc - GrayStringA

• 0x5a0600 - DrawTextExA

• 0x5a0604 - OffsetRect

• 0x5a0608 - SetRectEmpty

• 0x5a060c - LoadBitmapW

• 0x5a0610 - SetMenuItemInfoA

• 0x5a0614 - GetMenuCheckMarkDimensions

• 0x5a0618 - SetMenuItemBitmaps

• 0x5a061c - EnableMenuItem

• 0x5a0620 - CheckMenuItem

• 0x5a0624 - IsDialogMessageA

• 0x5a0628 - SetWindowTextA

• 0x5a062c - SendDlgItemMessageA

• 0x5a0630 - CheckDlgButton

• 0x5a0634 - MoveWindow

• 0x5a0638 - ShowWindow

• 0x5a063c - GetMonitorInfoA

• 0x5a0640 - MonitorFromWindow

• 0x5a0644 - WinHelpA

• 0x5a0648 - GetScrollInfo

• 0x5a064c - SetScrollInfo

• 0x5a0650 - CallNextHookEx

• 0x5a0654 - DeleteMenu

• 0x5a0658 - SetWindowsHookExA

• 0x5a065c - GetWindow

• 0x5a0660 - GetLastActivePopup

• 0x5a0664 - GetTopWindow

• 0x5a0668 - GetClassNameA

• 0x5a066c - GetClassLongA

• 0x5a0670 - SetWindowLongA

• 0x5a0674 - EqualRect

• 0x5a0678 - GetSysColor

• 0x5a067c - MapWindowPoints

• 0x5a0680 - ScreenToClient

• 0x5a0684 - AdjustWindowRectEx

• 0x5a0688 - GetWindowTextLengthA

• 0x5a068c - GetWindowTextA

• 0x5a0690 - RemovePropA

• 0x5a0694 - GetPropA

• 0x5a0698 - SetPropA

• 0x5a069c - ShowScrollBar

• 0x5a06a0 - GetScrollRange

• 0x5a06a4 - SetScrollRange

• 0x5a06a8 - GetScrollPos

• 0x5a06ac - DrawStateA

• 0x5a06b0 - ScrollWindow

• 0x5a06b4 - RedrawWindow

• 0x5a06b8 - ValidateRect

• 0x5a06bc - EndPaint

• 0x5a06c0 - BeginPaint

• 0x5a06c4 - GetForegroundWindow

• 0x5a06c8 - UpdateWindow

• 0x5a06cc - SetMenu

• 0x5a06d0 - GetMenu

• 0x5a06d4 - GetCapture

• 0x5a06d8 - GetKeyState

• 0x5a06dc - GetFocus

• 0x5a06e0 - SetClassLongA

• 0x5a06e4 - SetWindowRgn

• 0x5a06e8 - SetParent

• 0x5a06ec - DrawEdge

• 0x5a06f0 - DrawFrameControl

• 0x5a06f4 - IsZoomed

• 0x5a06f8 - BringWindowToTop

• 0x5a06fc - SetCursorPos

• 0x5a0700 - SetFocus

• 0x5a0704 - GetDlgCtrlID

• 0x5a0708 - IsWindowVisible

• 0x5a070c - EndDeferWindowPos

• 0x5a0710 - DeferWindowPos

• 0x5a0714 - BeginDeferWindowPos

• 0x5a0718 - SetWindowPlacement

• 0x5a071c - GetWindowPlacement

• 0x5a0720 - SetWindowPos

• 0x5a0724 - IsChild

• 0x5a0728 - IsMenu

• 0x5a072c - CreateWindowExA

• 0x5a0730 - GetClassInfoExA

• 0x5a0734 - RegisterClassA

• 0x5a0738 - CallWindowProcA

• 0x5a073c - DefWindowProcA

• 0x5a0740 - CharNextA

• 0x5a0744 - CopyAcceleratorTableA

• 0x5a0748 - InvalidateRgn

• 0x5a074c - IsRectEmpty

• 0x5a0750 - GetNextDlgGroupItem

• 0x5a0754 - MessageBeep

• 0x5a0758 - CharUpperA

• 0x5a075c - CreatePopupMenu

• 0x5a0760 - GetMenuDefaultItem

• 0x5a0764 - DrawFocusRect

• 0x5a0768 - LoadImageA

• 0x5a076c - DrawIconEx

• 0x5a0770 - GetIconInfo

• 0x5a0774 - EnableScrollBar

• 0x5a0778 - HideCaret

• 0x5a077c - GetMessageTime

• 0x5a0780 - GetMessagePos

• 0x5a0784 - InvertRect

• 0x5a0788 - NotifyWinEvent

• 0x5a078c - SetLayeredWindowAttributes

• 0x5a0790 - EnumDisplayMonitors

• 0x5a0794 - OpenClipboard

• 0x5a0798 - CloseClipboard

• 0x5a079c - SetClipboardData

• 0x5a07a0 - UnhookWindowsHookEx

• 0x5a07a4 - CopyIcon

• 0x5a07a8 - FrameRect

• 0x5a07ac - LoadAcceleratorsA

• 0x5a07b0 - TranslateAcceleratorA

• 0x5a07b4 - LoadMenuA

• 0x5a07b8 - InsertMenuItemA

• 0x5a07bc - UnpackDDElParam

• 0x5a07c0 - ReuseDDElParam

• 0x5a07c4 - RegisterClipboardFormatA

• 0x5a07c8 - UnionRect

• 0x5a07cc - UpdateLayeredWindow

• 0x5a07d0 - MonitorFromPoint

• 0x5a07d4 - EnableWindow

• 0x5a07d8 - GetWindowRect

• 0x5a07dc - SendMessageA

• 0x5a07e0 - GetParent

• 0x5a07e4 - SetRect

• 0x5a07e8 - IsWindow

• 0x5a07ec - PostMessageA

• 0x5a07f0 - MessageBoxA

• 0x5a07f4 - GetClassInfoA

• 0x5a07f8 - LoadIconW

• 0x5a07fc - GetSystemMenu

• 0x5a0800 - AppendMenuA

• 0x5a0804 - SetTimer

• 0x5a0808 - PostQuitMessage

• 0x5a080c - IsIconic

• 0x5a0810 - GetSystemMetrics

• 0x5a0814 - GetClientRect

• 0x5a0818 - DrawIcon

• 0x5a081c - KillTimer

• 0x5a0820 - LoadMenuW

• 0x5a0824 - GetSubMenu

• 0x5a0828 - SetMenuDefaultItem

• 0x5a082c - InsertMenuA

• 0x5a0830 - GetCursorPos

• 0x5a0834 - SetForegroundWindow

• 0x5a0838 - TrackPopupMenu

• 0x5a083c - GetMenuItemID

• 0x5a0840 - PtInRect

• 0x5a0844 - DrawTextA

• 0x5a0848 - UnregisterClassA

• 0x5a084c - LoadIconA

• 0x5a0850 - GetMenuStringA

• 0x5a0854 - GetMenuState

• 0x5a0858 - GetMenuItemCount

• 0x5a085c - RemoveMenu

• 0x5a0860 - DestroyWindow

• 0x5a0864 - CreateDialogIndirectParamA

• 0x5a0868 - EndDialog

• 0x5a086c - GetDlgItem

• 0x5a0870 - GetNextDlgTabItem

• 0x5a0874 - GetActiveWindow

• 0x5a0878 - IsWindowEnabled

• 0x5a087c - SetActiveWindow

• 0x5a0880 - GetWindowLongA

• 0x5a0884 - GetDesktopWindow

• 0x5a0888 - GetKeyNameTextA

• 0x5a088c - MapVirtualKeyA

• 0x5a0890 - GetDC

• 0x5a0894 - ReleaseDC

• 0x5a0898 - CopyRect

• 0x5a089c - RegisterWindowMessageA

• 0x5a08a0 - DispatchMessageA

• 0x5a08a4 - PeekMessageA

• 0x5a08a8 - GetComboBoxInfo

• 0x5a08ac - EmptyClipboard

• 0x5a08b0 - DestroyCursor

• 0x5a08b4 - GetWindowRgn

• 0x5a08b8 - CreateMenu

• 0x5a08bc - SubtractRect

• 0x5a08c0 - TranslateMDISysAccel

• 0x5a08c4 - DefMDIChildProcA

• 0x5a08c8 - DefFrameProcA

• 0x5a08cc - DrawMenuBar

• 0x5a08d0 - GetUpdateRect

• 0x5a08d4 - IsClipboardFormatAvailable

• 0x5a08d8 - CharUpperBuffA

• 0x5a08dc - ModifyMenuA

• 0x5a08e0 - GetDoubleClickTime

• 0x5a08e4 - LockWindowUpdate

• 0x5a08e8 - DestroyAcceleratorTable

• 0x5a08ec - CreateAcceleratorTableA

• 0x5a08f0 - LoadAcceleratorsW

• 0x5a08f4 - ToAsciiEx

• 0x5a08f8 - GetKeyboardState

• 0x5a08fc - MapVirtualKeyExA

• 0x5a0900 - IsCharLowerA

• 0x5a0904 - GetKeyboardLayout

• 0x5a0908 - SetScrollPos

• 0x5a090c - PostThreadMessageA

Library GDI32.dll:

• 0x5a0038 - CreatePatternBrush

• 0x5a003c - CreateRectRgn

• 0x5a0040 - CreateSolidBrush

• 0x5a0044 - DeleteDC

• 0x5a0048 - DeleteObject

• 0x5a004c - Escape

• 0x5a0050 - ExcludeClipRect

• 0x5a0054 - GetClipBox

• 0x5a0058 - GetObjectType

• 0x5a005c - GetPixel

• 0x5a0060 - GetStockObject

• 0x5a0064 - GetViewportExtEx

• 0x5a0068 - GetWindowExtEx

• 0x5a006c - IntersectClipRect

• 0x5a0070 - LineTo

• 0x5a0074 - PtVisible

• 0x5a0078 - RectVisible

• 0x5a007c - RestoreDC

• 0x5a0080 - SaveDC

• 0x5a0084 - SelectClipRgn

• 0x5a0088 - ExtSelectClipRgn

• 0x5a008c - SelectPalette

• 0x5a0090 - SetBkMode

• 0x5a0094 - SetMapMode

• 0x5a0098 - SetLayout

• 0x5a009c - GetLayout

• 0x5a00a0 - SetPolyFillMode

• 0x5a00a4 - SetROP2

• 0x5a00a8 - SetTextAlign

• 0x5a00ac - MoveToEx

• 0x5a00b0 - TextOutA

• 0x5a00b4 - ExtTextOutA

• 0x5a00b8 - SetViewportExtEx

• 0x5a00bc - SetViewportOrgEx

• 0x5a00c0 - SetWindowExtEx

• 0x5a00c4 - SetWindowOrgEx

• 0x5a00c8 - OffsetViewportOrgEx

• 0x5a00cc - OffsetWindowOrgEx

• 0x5a00d0 - ScaleViewportExtEx

• 0x5a00d4 - CreateHatchBrush

• 0x5a00d8 - CombineRgn

• 0x5a00dc - CreateFontIndirectA

• 0x5a00e0 - GetMapMode

• 0x5a00e4 - SetRectRgn

• 0x5a00e8 - DPtoLP

• 0x5a00ec - GetTextExtentPoint32A

• 0x5a00f0 - GetTextMetricsA

• 0x5a00f4 - GetBkColor

• 0x5a00f8 - GetTextColor

• 0x5a00fc - GetRgnBox

• 0x5a0100 - EnumFontFamiliesExA

• 0x5a0104 - CreatePalette

• 0x5a0108 - GetNearestPaletteIndex

• 0x5a010c - GetPaletteEntries

• 0x5a0110 - GetSystemPaletteEntries

• 0x5a0114 - RealizePalette

• 0x5a0118 - CreateDIBitmap

• 0x5a011c - EnumFontFamiliesA

• 0x5a0120 - GetTextCharsetInfo

• 0x5a0124 - SetPixel

• 0x5a0128 - CreateDIBSection

• 0x5a012c - SetDIBColorTable

• 0x5a0130 - CreateEllipticRgn

• 0x5a0134 - Ellipse

• 0x5a0138 - CreatePolygonRgn

• 0x5a013c - Polygon

• 0x5a0140 - Polyline

• 0x5a0144 - CreateRoundRectRgn

• 0x5a0148 - LPtoDP

• 0x5a014c - OffsetRgn

• 0x5a0150 - RoundRect

• 0x5a0154 - FillRgn

• 0x5a0158 - FrameRgn

• 0x5a015c - GetBoundsRect

• 0x5a0160 - PtInRegion

• 0x5a0164 - ExtFloodFill

• 0x5a0168 - SetPaletteEntries

• 0x5a016c - SetPixelV

• 0x5a0170 - GetWindowOrgEx

• 0x5a0174 - GetViewportOrgEx

• 0x5a0178 - GetTextFaceA

• 0x5a017c - BitBlt

• 0x5a0180 - CreateBitmap

• 0x5a0184 - GetObjectA

• 0x5a0188 - SetTextColor

• 0x5a018c - SetBkColor

• 0x5a0190 - CreateRectRgnIndirect

• 0x5a0194 - GetDeviceCaps

• 0x5a0198 - CreateDCA

• 0x5a019c - CopyMetaFileA

• 0x5a01a0 - SelectObject

• 0x5a01a4 - Rectangle

• 0x5a01a8 - CreatePen

• 0x5a01ac - CreateFontA

• 0x5a01b0 - CreateCompatibleBitmap

• 0x5a01b4 - CreateCompatibleDC

• 0x5a01b8 - ScaleWindowExtEx

• 0x5a01bc - PatBlt

• 0x5a01c0 - StretchBlt

Library MSIMG32.dll:

• 0x5a04d4 - AlphaBlend

• 0x5a04d8 - TransparentBlt

Library WINSPOOL.DRV:

• 0x5a0960 - OpenPrinterA

• 0x5a0964 - DocumentPropertiesA

• 0x5a0968 - ClosePrinter

Library ADVAPI32.dll:

• 0x5a0000 - RegEnumKeyA

• 0x5a0004 - RegEnumKeyExA

• 0x5a0008 - RegEnumValueA

• 0x5a000c - RegQueryValueA

• 0x5a0010 - RegCloseKey

• 0x5a0014 - RegSetValueExA

• 0x5a0018 - RegDeleteValueA

• 0x5a001c - RegDeleteKeyA

• 0x5a0020 - RegCreateKeyExA

• 0x5a0024 - RegQueryValueExA

• 0x5a0028 - RegOpenKeyExA

Library SHELL32.dll:

• 0x5a053c - SHGetFileInfoA

• 0x5a0540 - SHGetPathFromIDListA

• 0x5a0544 - SHGetSpecialFolderLocation

• 0x5a0548 - SHGetDesktopFolder

• 0x5a054c - ShellExecuteA

• 0x5a0550 - DragQueryFileA

• 0x5a0554 - SHAppBarMessage

• 0x5a0558 - SHBrowseForFolderA

• 0x5a055c - DragFinish

• 0x5a0560 - Shell_NotifyIconA

Library COMCTL32.dll:

• 0x5a0030 - InitCommonControlsEx

Library SHLWAPI.dll:

• 0x5a0568 - PathFindExtensionA

• 0x5a056c - PathStripToRootA

• 0x5a0570 - StrFormatKBSizeA

• 0x5a0574 - PathRemoveFileSpecW

• 0x5a0578 - PathIsUNCA

• 0x5a057c - PathFindFileNameA

Library UxTheme.dll:

• 0x5a0914 - IsAppThemed

• 0x5a0918 - GetWindowTheme

• 0x5a091c - IsThemeBackgroundPartiallyTransparent

• 0x5a0920 - GetCurrentThemeName

• 0x5a0924 - GetThemeSysColor

• 0x5a0928 - DrawThemeBackground

• 0x5a092c - CloseThemeData

• 0x5a0930 - OpenThemeData

• 0x5a0934 - DrawThemeParentBackground

• 0x5a0938 - DrawThemeText

• 0x5a093c - GetThemeColor

• 0x5a0940 - GetThemePartSize

Library ole32.dll:

• 0x5a09f8 - IsAccelerator

• 0x5a09fc - OleTranslateAccelerator

• 0x5a0a00 - OleDestroyMenuDescriptor

• 0x5a0a04 - OleCreateMenuDescriptor

• 0x5a0a08 - OleLockRunning

• 0x5a0a0c - CoRegisterMessageFilter

• 0x5a0a10 - CoRevokeClassObject

• 0x5a0a14 - RevokeDragDrop

• 0x5a0a18 - RegisterDragDrop

• 0x5a0a1c - CoLockObjectExternal

• 0x5a0a20 - OleGetClipboard

• 0x5a0a24 - DoDragDrop

• 0x5a0a28 - OleIsCurrentClipboard

• 0x5a0a2c - OleFlushClipboard

• 0x5a0a30 - CoInitializeEx

• 0x5a0a34 - OleUninitialize

• 0x5a0a38 - OleInitialize

• 0x5a0a3c - CoFreeUnusedLibraries

• 0x5a0a40 - CreateStreamOnHGlobal

• 0x5a0a44 - CreateILockBytesOnHGlobal

• 0x5a0a48 - StgOpenStorageOnILockBytes

• 0x5a0a4c - StgCreateDocfileOnILockBytes

• 0x5a0a50 - CoGetClassObject

• 0x5a0a54 - CoDisconnectObject

• 0x5a0a58 - CLSIDFromProgID

• 0x5a0a5c - CLSIDFromString

• 0x5a0a60 - CoCreateGuid

• 0x5a0a64 - ReleaseStgMedium

• 0x5a0a68 - OleDuplicateData

• 0x5a0a6c - CoTaskMemFree

• 0x5a0a70 - CoTaskMemAlloc

• 0x5a0a74 - OleRun

• 0x5a0a78 - CoCreateInstance

• 0x5a0a7c - CoUninitialize

• 0x5a0a80 - CoInitialize

Library OLEAUT32.dll:

• 0x5a04f8 - VariantCopy

• 0x5a04fc - VarBstrFromDate

• 0x5a0500 - VariantInit

• 0x5a0504 - SysAllocStringLen

• 0x5a0508 - SysAllocString

• 0x5a050c - SysFreeString

• 0x5a0510 - SafeArrayDestroy

• 0x5a0514 - VariantClear

• 0x5a0518 - LoadTypeLib

• 0x5a051c - SysStringLen

• 0x5a0520 - SystemTimeToVariantTime

• 0x5a0524 - VariantTimeToSystemTime

• 0x5a0528 - SysAllocStringByteLen

• 0x5a052c - GetErrorInfo

• 0x5a0530 - OleCreateFontIndirect

• 0x5a0534 - VariantChangeType

Library oledlg.dll:

• 0x5a0a88 - None

Library VERSION.dll:

• 0x5a0948 - GetFileVersionInfoA

• 0x5a094c - VerQueryValueA

• 0x5a0950 - GetFileVersionInfoSizeA

Library gdiplus.dll:

• 0x5a0970 - GdipDeleteGraphics

• 0x5a0974 - GdipBitmapUnlockBits

• 0x5a0978 - GdipBitmapLockBits

• 0x5a097c - GdipCreateBitmapFromScan0

• 0x5a0980 - GdipDrawImageRectI

• 0x5a0984 - GdipSetInterpolationMode

• 0x5a0988 - GdipCreateFromHDC

• 0x5a098c - GdipCreateBitmapFromHBITMAP

• 0x5a0990 - GdipCreateBitmapFromStream

• 0x5a0994 - GdipGetImagePaletteSize

• 0x5a0998 - GdipGetImagePalette

• 0x5a099c - GdipGetImagePixelFormat

• 0x5a09a0 - GdiplusShutdown

• 0x5a09a4 - GdipAlloc

• 0x5a09a8 - GdipFree

• 0x5a09ac - GdiplusStartup

• 0x5a09b0 - GdipCloneImage

• 0x5a09b4 - GdipDisposeImage

• 0x5a09b8 - GdipGetImageGraphicsContext

• 0x5a09bc - GdipGetImageWidth

• 0x5a09c0 - GdipGetImageHeight

• 0x5a09c4 - GdipDrawImageI

Library OLEACC.dll:

• 0x5a04e8 - CreateStdAccessibleObject

• 0x5a04ec - AccessibleObjectFromWindow

• 0x5a04f0 - LresultFromObject

Library IMM32.dll:

• 0x5a01c8 - ImmReleaseContext

• 0x5a01cc - ImmGetOpenStatus

• 0x5a01d0 - ImmGetContext

Library WINMM.dll:

• 0x5a0958 - PlaySoundA

Strings

Dropped Files

Nothing to display.

Network Analysis

Hosts Involved

IP Address
23.101.14.229
23.99.109.44
70.186.27.9
8.8.8.8

DNS Requests

Domain	IP Address
ipv6.msftncsi.com
armmf.adobe.com	23.3.84.164
teredo.ipv6.microsoft.com	54.241.176.34
ctldl.windowsupdate.com	23.12.40.184
watson.microsoft.com	20.189.173.22
dns.msftncsi.com	131.107.255.255
nexusrules.officeapps.live.com	52.109.12.18
nexus.officeapps.live.com	52.109.76.36

HTTP Requests

URL	Data
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/3679CA35668772304D30A5FB873B0FA77BB70D54.crt?911320f9b04be75f	GET /msdownload/update/v3/static/trustedr/en/3679CA35668772304D30A5FB873B0FA77BB70D54.crt?911320f9b04be75f HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Microsoft-CryptoAPI/6.1 Host: ctldl.windowsupdate.com

Behavior Summary

Processes

registry filesystem process services network synchronization

C:\Windows\system32\lsass.exe PID: 480, Parent PID: 384

Volatility

Nothing to display.

LegalCopyright:	Copyright (C) 2010-2020 NAVER Corp. All rights Reserved.
InternalName:	NLiveConnector.exe
FileVersion:	1.0.0.22
CompanyName:	NAVER Corp.
ProductName:	NAVER Live Streaming App.
ProductVersion:	1.0.0.22
FileDescription:	NAVER Live Streaming Connector.
OriginalFilename:	NLiveConnector.exe
Translation:	0x0409 0x04b0