5.8
高危
59 个模型检测该样本为恶意!
重新分析
更多

57d8c785d274b5dad9441ec2211c49ef5fd5abef5ebb5275f9dd6b8e8ecfff21

038dbc338dad1ed23c4c5dda37e400e6.exe

分析耗时

34s

最近分析

文件大小

1.8MB
静态报毒 动态报毒 AGEN AI SCORE=83 AIDETECTVM BTWWLQ CLOUD CONFIDENCE DELF DELPHILESS ELDORADO ELZG EMJE FAREIT GENERICKD HIGH CONFIDENCE HLIESH IGENT INJECTORX KRYPTIK MALWARE1 PONYSTEALER SCORE SUSPICIOUS PE TESLAAG THFAIBO TSCOPE UNSAFE WACATAC X2066 ZELPHIF ZHW@AYMFBFKI 更多
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
McAfee Fareit-FTB!038DBC338DAD 20200706 6.0.6.653
Alibaba Trojan:Win32/PonyStealer.1f808482 20190527 0.3.0.5
Avast Win32:InjectorX-gen [Trj] 20200706 18.4.3895.0
Tencent Win32.Trojan.Kryptik.Eev 20200706 1.0.0.1
Baidu 20190318 1.0.0.2
Kingsoft 20200706 2013.8.14.323
CrowdStrike win/malicious_confidence_90% (W) 20190702 1.0
静态指标
The executable contains unknown PE section names indicative of a packer (could be a false positive) (3 个事件)
section CODE
section DATA
section BSS
The executable uses a known packer (1 个事件)
packer BobSoft Mini Delphi -> BoB / BobSoft
One or more processes crashed (1 个事件)
Time & API Arguments Status Return Repeated
1619165227.538626
__exception__
stacktrace: 
CreateFileMappingW+0xe5 OpenFileMappingW-0x29 kernelbase+0xdc73 @ 0x778edc73
GetFileVersion+0xa7 ND_RI2-0x2eb mscoreei+0xe97b @ 0x749ee97b
GetFileVersion+0x1bb ND_RI2-0x1d7 mscoreei+0xea8f @ 0x749eea8f
RegisterShimImplCallback+0x48e5 CLRCreateInstance-0x13e6 mscoreei+0xb25a @ 0x749eb25a
RegisterShimImplCallback+0x4b52 CLRCreateInstance-0x1179 mscoreei+0xb4c7 @ 0x749eb4c7
RegisterShimImplCallback+0x4300 CLRCreateInstance-0x19cb mscoreei+0xac75 @ 0x749eac75
RegisterShimImplCallback+0x4561 CLRCreateInstance-0x176a mscoreei+0xaed6 @ 0x749eaed6
CreateConfigStream+0xc89 _CorExeMain-0x62 mscoreei+0x5511 @ 0x749e5511
_CorExeMain+0x2b _CorExeMain2-0x141 mscoreei+0x559e @ 0x749e559e
CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x751a7f16
_CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x751a4de3
038dbc338dad1ed23c4c5dda37e400e6+0x52a4d @ 0x452a4d
038dbc338dad1ed23c4c5dda37e400e6+0x4b254 @ 0x44b254
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1634372
registers.edi: 2
registers.eax: 1
registers.ebp: 1634412
registers.edx: 228
registers.ebx: 983045
registers.esi: 1634532
registers.ecx: 228
exception.symbol:
exception.exception_code: 0xc0000005
exception.address: 0xff3f14ad
success 0 0
行为判定
动态指标
One or more potentially interesting buffers were extracted, these generally contain injected code, configuration data, etc.
Allocates read-write-execute memory (usually to unpack itself) (32 个事件)
Time & API Arguments Status Return Repeated
1619134516.671212
NtAllocateVirtualMemory
process_identifier: 392
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x003f0000
success 0 0
1619134516.843212
NtAllocateVirtualMemory
process_identifier: 392
region_size: 32768
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x02080000
success 0 0
1619134516.858212
NtAllocateVirtualMemory
process_identifier: 392
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x020a0000
success 0 0
1619165212.491876
NtAllocateVirtualMemory
process_identifier: 2620
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x01ce0000
success 0 0
1619165224.663876
NtAllocateVirtualMemory
process_identifier: 2620
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x01d20000
success 0 0
1619165225.694626
NtProtectVirtualMemory
process_identifier: 1108
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00400000
success 0 0
1619165225.741626
NtAllocateVirtualMemory
process_identifier: 1108
region_size: 2031616
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 8192 (MEM_RESERVE)
base_address: 0x02050000
success 0 0
1619165225.741626
NtAllocateVirtualMemory
process_identifier: 1108
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x02200000
success 0 0
1619165225.741626
NtAllocateVirtualMemory
process_identifier: 1108
region_size: 303104
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x01d70000
success 0 0
1619165225.741626
NtProtectVirtualMemory
process_identifier: 1108
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 278528
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x01d72000
success 0 0
1619165226.382626
NtAllocateVirtualMemory
process_identifier: 1108
region_size: 917504
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 8192 (MEM_RESERVE)
base_address: 0x01ea0000
success 0 0
1619165226.382626
NtAllocateVirtualMemory
process_identifier: 1108
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x01f40000
success 0 0
1619165227.491626
NtProtectVirtualMemory
process_identifier: 1108
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x01e92000
success 0 0
1619165227.491626
NtProtectVirtualMemory
process_identifier: 1108
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76351000
success 0 0
1619165227.491626
NtProtectVirtualMemory
process_identifier: 1108
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x01e92000
success 0 0
1619165227.491626
NtProtectVirtualMemory
process_identifier: 1108
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76353000
success 0 0
1619165227.491626
NtProtectVirtualMemory
process_identifier: 1108
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x01e92000
success 0 0
1619165227.491626
NtProtectVirtualMemory
process_identifier: 1108
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76354000
success 0 0
1619165227.491626
NtProtectVirtualMemory
process_identifier: 1108
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x01e92000
success 0 0
1619165227.491626
NtProtectVirtualMemory
process_identifier: 1108
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76351000
success 0 0
1619165227.491626
NtProtectVirtualMemory
process_identifier: 1108
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x01e92000
success 0 0
1619165227.491626
NtProtectVirtualMemory
process_identifier: 1108
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x77d4f000
success 0 0
1619165227.491626
NtProtectVirtualMemory
process_identifier: 1108
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x01e92000
success 0 0
1619165227.491626
NtProtectVirtualMemory
process_identifier: 1108
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76353000
success 0 0
1619165227.491626
NtProtectVirtualMemory
process_identifier: 1108
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x01e92000
success 0 0
1619165227.491626
NtProtectVirtualMemory
process_identifier: 1108
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76351000
success 0 0
1619165227.491626
NtProtectVirtualMemory
process_identifier: 1108
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x01e92000
success 0 0
1619165227.491626
NtProtectVirtualMemory
process_identifier: 1108
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76351000
success 0 0
1619165227.491626
NtProtectVirtualMemory
process_identifier: 1108
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x01e92000
success 0 0
1619165227.491626
NtProtectVirtualMemory
process_identifier: 1108
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76354000
success 0 0
1619165227.491626
NtProtectVirtualMemory
process_identifier: 1108
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x01e92000
success 0 0
1619165227.491626
NtProtectVirtualMemory
process_identifier: 1108
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76351000
success 0 0
The binary likely contains encrypted or compressed data indicative of a packer (2 个事件)
entropy 7.557363112962541 section {'size_of_data': '0x0010e600', 'virtual_address': '0x000c6000', 'entropy': 7.557363112962541, 'name': '.rsrc', 'virtual_size': '0x0010e474'} description A section with a high entropy has been found
entropy 0.5852272727272727 description Overall entropy of this PE file is high
网络通信
Communicates with host for which no DNS query was performed (1 个事件)
host 172.217.24.14
Used NtSetContextThread to modify a thread in a remote process indicative of process injection (4 个事件)
Process injection Process 392 called NtSetContextThread to modify thread in remote process 2620
Process injection Process 2620 called NtSetContextThread to modify thread in remote process 1108
Time & API Arguments Status Return Repeated
1619134517.452212
NtSetContextThread
thread_handle: 0x0000010c
registers.eip: 0
registers.esp: 0
registers.edi: 0
registers.eax: 4758212
registers.ebp: 0
registers.edx: 0
registers.ebx: 2130567168
registers.esi: 0
registers.ecx: 0
process_identifier: 2620
success 0 0
1619165225.241876
NtSetContextThread
thread_handle: 0x00000104
registers.eip: 2010382788
registers.esp: 1638384
registers.edi: 0
registers.eax: 4849120
registers.ebp: 0
registers.edx: 0
registers.ebx: 2130567168
registers.esi: 0
registers.ecx: 0
process_identifier: 1108
success 0 0
Resumed a suspended thread in a remote process potentially indicative of process injection (4 个事件)
Process injection Process 392 resumed a thread in remote process 2620
Process injection Process 2620 resumed a thread in remote process 1108
Time & API Arguments Status Return Repeated
1619134517.811212
NtResumeThread
thread_handle: 0x0000010c
suspend_count: 1
process_identifier: 2620
success 0 0
1619165225.491876
NtResumeThread
thread_handle: 0x00000104
suspend_count: 1
process_identifier: 1108
success 0 0
Executed a process and injected code into it, probably while unpacking (13 个事件)
Time & API Arguments Status Return Repeated
1619134517.358212
CreateProcessInternalW
thread_identifier: 200
thread_handle: 0x0000010c
process_identifier: 2620
current_directory:
filepath:
track: 1
command_line: "C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\038dbc338dad1ed23c4c5dda37e400e6.exe"
filepath_r:
stack_pivoted: 0
creation_flags: 4 (CREATE_SUSPENDED)
process_handle: 0x00000110
inherit_handles: 0
success 1 0
1619134517.358212
NtUnmapViewOfSection
process_identifier: 2620
region_size: 4096
process_handle: 0x00000110
base_address: 0x00400000
success 0 0
1619134517.358212
NtMapViewOfSection
section_handle: 0x00000118
process_identifier: 2620
commit_size: 913408
win32_protect: 64 (PAGE_EXECUTE_READWRITE)
buffer:
process_handle: 0x00000110
allocation_type: 0 ()
section_offset: 0
view_size: 913408
base_address: 0x00400000
success 0 0
1619134517.452212
NtGetContextThread
thread_handle: 0x0000010c
success 0 0
1619134517.452212
NtSetContextThread
thread_handle: 0x0000010c
registers.eip: 0
registers.esp: 0
registers.edi: 0
registers.eax: 4758212
registers.ebp: 0
registers.edx: 0
registers.ebx: 2130567168
registers.esi: 0
registers.ecx: 0
process_identifier: 2620
success 0 0
1619134517.811212
NtResumeThread
thread_handle: 0x0000010c
suspend_count: 1
process_identifier: 2620
success 0 0
1619165225.210876
CreateProcessInternalW
thread_identifier: 2452
thread_handle: 0x00000104
process_identifier: 1108
current_directory:
filepath:
track: 1
command_line: "C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\038dbc338dad1ed23c4c5dda37e400e6.exe"
filepath_r:
stack_pivoted: 0
creation_flags: 4 (CREATE_SUSPENDED)
process_handle: 0x00000108
inherit_handles: 0
success 1 0
1619165225.210876
NtGetContextThread
thread_handle: 0x00000104
success 0 0
1619165225.210876
NtUnmapViewOfSection
process_identifier: 1108
region_size: 4096
process_handle: 0x00000108
base_address: 0x00400000
success 0 0
1619165225.210876
NtMapViewOfSection
section_handle: 0x00000110
process_identifier: 1108
commit_size: 659456
win32_protect: 64 (PAGE_EXECUTE_READWRITE)
buffer:
process_handle: 0x00000108
allocation_type: 0 ()
section_offset: 0
view_size: 659456
base_address: 0x00400000
success 0 0
1619165225.241876
NtMapViewOfSection
section_handle: 0x0000010c
process_identifier: 1108
commit_size: 4096
win32_protect: 64 (PAGE_EXECUTE_READWRITE)
buffer:
process_handle: 0x00000108
allocation_type: 0 ()
section_offset: 0
view_size: 4096
base_address: 0x001e0000
success 0 0
1619165225.241876
NtSetContextThread
thread_handle: 0x00000104
registers.eip: 2010382788
registers.esp: 1638384
registers.edi: 0
registers.eax: 4849120
registers.ebp: 0
registers.edx: 0
registers.ebx: 2130567168
registers.esi: 0
registers.ecx: 0
process_identifier: 1108
success 0 0
1619165225.491876
NtResumeThread
thread_handle: 0x00000104
suspend_count: 1
process_identifier: 1108
success 0 0
File has been identified by 59 AntiVirus engines on VirusTotal as malicious (50 out of 59 个事件)
Bkav W32.AIDetectVM.malware1
DrWeb Trojan.PWS.Stealer.28677
MicroWorld-eScan Trojan.GenericKD.34046449
FireEye Generic.mg.038dbc338dad1ed2
CAT-QuickHeal Trojan.Wacatac
McAfee Fareit-FTB!038DBC338DAD
Cylance Unsafe
Zillya Trojan.Injector.Win32.745926
AegisLab Trojan.Win32.Kryptik.4!c
Sangfor Malware
K7AntiVirus Trojan ( 00568adb1 )
Alibaba Trojan:Win32/PonyStealer.1f808482
K7GW Trojan ( 00568adb1 )
Cybereason malicious.819e33
Arcabit Trojan.Generic
TrendMicro Trojan.Win32.WACATAC.THFAIBO
BitDefenderTheta Gen:NN.ZelphiF.34130.ZHW@ayMfBFki
F-Prot W32/Injector.ABY.gen!Eldorado
Symantec Trojan Horse
ESET-NOD32 a variant of Win32/Injector.EMJE
APEX Malicious
Paloalto generic.ml
Kaspersky HEUR:Trojan.Win32.Kryptik.gen
BitDefender Trojan.GenericKD.34046449
NANO-Antivirus Trojan.Win32.Stealer.hliesh
Avast Win32:InjectorX-gen [Trj]
Tencent Win32.Trojan.Kryptik.Eev
Endgame malicious (high confidence)
TACHYON Trojan/W32.DP-Agent.1893376.B
Emsisoft Trojan.GenericKD.34046449 (B)
F-Secure Heuristic.HEUR/AGEN.1136311
VIPRE Trojan.Win32.Generic!BT
Invincea heuristic
Sophos Troj/TeslaAg-OS
SentinelOne DFI - Suspicious PE
Cyren W32/Injector.ABY.gen!Eldorado
Jiangmin Trojan.Kryptik.bht
Webroot W32.Adware.Gen
Avira HEUR/AGEN.1136311
Antiy-AVL Trojan/Win32.Kryptik
Microsoft Trojan:Win32/PonyStealer.VD!MTB
ZoneAlarm HEUR:Trojan.Win32.Kryptik.gen
GData Trojan.GenericKD.34046449
Cynet Malicious (score: 100)
AhnLab-V3 Suspicious/Win.Delphiless.X2066
VBA32 TScope.Trojan.Delf
ALYac Trojan.GenericKD.34046449
MAX malware (ai score=83)
Ad-Aware Trojan.GenericKD.34046449
Malwarebytes Trojan.MalPack.DLF
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

1992-06-20 06:22:17

Imports

Library kernel32.dll:
0x4b4178 VirtualFree
0x4b417c VirtualAlloc
0x4b4180 LocalFree
0x4b4184 LocalAlloc
0x4b4188 GetVersion
0x4b418c GetCurrentThreadId
0x4b4198 VirtualQuery
0x4b419c WideCharToMultiByte
0x4b41a4 MultiByteToWideChar
0x4b41a8 lstrlenA
0x4b41ac lstrcpynA
0x4b41b0 LoadLibraryExA
0x4b41b4 GetThreadLocale
0x4b41b8 GetStartupInfoA
0x4b41bc GetProcAddress
0x4b41c0 GetModuleHandleA
0x4b41c4 GetModuleFileNameA
0x4b41c8 GetLocaleInfoA
0x4b41cc GetLastError
0x4b41d4 GetCommandLineA
0x4b41d8 FreeLibrary
0x4b41dc FindFirstFileA
0x4b41e0 FindClose
0x4b41e4 ExitProcess
0x4b41e8 WriteFile
0x4b41f0 RtlUnwind
0x4b41f4 RaiseException
0x4b41f8 GetStdHandle
Library user32.dll:
0x4b4200 GetKeyboardType
0x4b4204 LoadStringA
0x4b4208 MessageBoxA
0x4b420c CharNextA
Library advapi32.dll:
0x4b4214 RegQueryValueExA
0x4b4218 RegOpenKeyExA
0x4b421c RegCloseKey
Library oleaut32.dll:
0x4b4224 SysFreeString
0x4b4228 SysReAllocStringLen
0x4b422c SysAllocStringLen
Library kernel32.dll:
0x4b4234 TlsSetValue
0x4b4238 TlsGetValue
0x4b423c LocalAlloc
0x4b4240 GetModuleHandleA
Library advapi32.dll:
0x4b4248 RegQueryValueExA
0x4b424c RegOpenKeyExA
0x4b4250 RegCloseKey
Library kernel32.dll:
0x4b4258 lstrcpyA
0x4b425c WriteFile
0x4b4260 WideCharToMultiByte
0x4b4268 WaitForSingleObject
0x4b426c VirtualQuery
0x4b4270 VirtualAlloc
0x4b4274 Sleep
0x4b4278 SizeofResource
0x4b427c SetThreadLocale
0x4b4280 SetFilePointer
0x4b4284 SetEvent
0x4b4288 SetErrorMode
0x4b428c SetEndOfFile
0x4b4290 ResetEvent
0x4b4294 ReadFile
0x4b4298 MultiByteToWideChar
0x4b429c MulDiv
0x4b42a0 LockResource
0x4b42a4 LoadResource
0x4b42a8 LoadLibraryA
0x4b42b4 GlobalUnlock
0x4b42b8 GlobalReAlloc
0x4b42bc GlobalHandle
0x4b42c0 GlobalLock
0x4b42c4 GlobalFree
0x4b42c8 GlobalFindAtomA
0x4b42cc GlobalDeleteAtom
0x4b42d0 GlobalAlloc
0x4b42d4 GlobalAddAtomA
0x4b42dc GetVersionExA
0x4b42e0 GetVersion
0x4b42e4 GetTickCount
0x4b42e8 GetThreadLocale
0x4b42f0 GetSystemTime
0x4b42f4 GetSystemInfo
0x4b42f8 GetStringTypeExA
0x4b42fc GetStdHandle
0x4b4300 GetProcAddress
0x4b4304 GetModuleHandleA
0x4b4308 GetModuleFileNameA
0x4b430c GetLogicalDrives
0x4b4310 GetLocaleInfoA
0x4b4314 GetLocalTime
0x4b4318 GetLastError
0x4b431c GetFullPathNameA
0x4b4320 GetFileAttributesA
0x4b4324 GetDriveTypeA
0x4b4328 GetDiskFreeSpaceA
0x4b432c GetDateFormatA
0x4b4330 GetCurrentThreadId
0x4b4334 GetCurrentProcessId
0x4b4338 GetComputerNameA
0x4b433c GetCPInfo
0x4b4340 GetACP
0x4b4344 FreeResource
0x4b4348 InterlockedExchange
0x4b434c FreeLibrary
0x4b4350 FormatMessageA
0x4b4354 FindResourceA
0x4b4358 FindNextFileA
0x4b435c FindFirstFileA
0x4b4360 FindClose
0x4b436c ExitThread
0x4b4370 EnumCalendarInfoA
0x4b437c CreateThread
0x4b4380 CreateFileA
0x4b4384 CreateEventA
0x4b4388 CompareStringA
0x4b438c CloseHandle
Library mpr.dll:
0x4b4394 WNetGetConnectionA
Library version.dll:
0x4b439c VerQueryValueA
0x4b43a4 GetFileVersionInfoA
Library gdi32.dll:
0x4b43ac UnrealizeObject
0x4b43b0 StretchBlt
0x4b43b4 SetWindowOrgEx
0x4b43b8 SetWinMetaFileBits
0x4b43bc SetViewportOrgEx
0x4b43c0 SetTextColor
0x4b43c4 SetStretchBltMode
0x4b43c8 SetROP2
0x4b43cc SetPixel
0x4b43d0 SetEnhMetaFileBits
0x4b43d4 SetDIBColorTable
0x4b43d8 SetBrushOrgEx
0x4b43dc SetBkMode
0x4b43e0 SetBkColor
0x4b43e4 SelectPalette
0x4b43e8 SelectObject
0x4b43ec SelectClipPath
0x4b43f0 SaveDC
0x4b43f4 RestoreDC
0x4b43f8 Rectangle
0x4b43fc RectVisible
0x4b4400 RealizePalette
0x4b4404 Polyline
0x4b4408 PlayEnhMetaFile
0x4b440c PatBlt
0x4b4410 MoveToEx
0x4b4414 MaskBlt
0x4b4418 LineTo
0x4b441c IntersectClipRect
0x4b4420 GetWindowOrgEx
0x4b4424 GetWinMetaFileBits
0x4b4428 GetTextMetricsA
0x4b4434 GetStockObject
0x4b4438 GetRgnBox
0x4b443c GetPixel
0x4b4440 GetPaletteEntries
0x4b4444 GetObjectA
0x4b4450 GetEnhMetaFileBits
0x4b4454 GetDeviceCaps
0x4b4458 GetDIBits
0x4b445c GetDIBColorTable
0x4b4460 GetDCOrgEx
0x4b4468 GetClipBox
0x4b446c GetBrushOrgEx
0x4b4470 GetBitmapBits
0x4b4474 ExtTextOutA
0x4b4478 ExcludeClipRect
0x4b447c DeleteObject
0x4b4480 DeleteEnhMetaFile
0x4b4484 DeleteDC
0x4b4488 CreateSolidBrush
0x4b448c CreateRectRgn
0x4b4490 CreatePenIndirect
0x4b4494 CreatePen
0x4b4498 CreatePalette
0x4b44a0 CreateFontIndirectA
0x4b44a4 CreateDIBitmap
0x4b44a8 CreateDIBSection
0x4b44ac CreateCompatibleDC
0x4b44b4 CreateBrushIndirect
0x4b44b8 CreateBitmap
0x4b44bc CopyEnhMetaFileA
0x4b44c0 CombineRgn
0x4b44c4 BitBlt
Library user32.dll:
0x4b44cc CreateWindowExA
0x4b44d0 WindowFromPoint
0x4b44d4 WinHelpA
0x4b44d8 WaitMessage
0x4b44dc ValidateRect
0x4b44e0 UpdateWindow
0x4b44e4 UnregisterClassA
0x4b44e8 UnhookWindowsHookEx
0x4b44ec TranslateMessage
0x4b44f4 TrackPopupMenu
0x4b44fc ShowWindow
0x4b4500 ShowScrollBar
0x4b4504 ShowOwnedPopups
0x4b4508 ShowCursor
0x4b450c SetWindowsHookExA
0x4b4510 SetWindowTextA
0x4b4514 SetWindowPos
0x4b4518 SetWindowPlacement
0x4b451c SetWindowLongA
0x4b4520 SetTimer
0x4b4524 SetScrollRange
0x4b4528 SetScrollPos
0x4b452c SetScrollInfo
0x4b4530 SetRect
0x4b4534 SetPropA
0x4b4538 SetParent
0x4b453c SetMenuItemInfoA
0x4b4540 SetMenu
0x4b4544 SetForegroundWindow
0x4b4548 SetFocus
0x4b454c SetCursor
0x4b4550 SetClassLongA
0x4b4554 SetCapture
0x4b4558 SetActiveWindow
0x4b455c SendMessageA
0x4b4560 ScrollWindow
0x4b4564 ScreenToClient
0x4b4568 RemovePropA
0x4b456c RemoveMenu
0x4b4570 ReleaseDC
0x4b4574 ReleaseCapture
0x4b4580 RegisterClassA
0x4b4584 RedrawWindow
0x4b4588 PtInRect
0x4b458c PostQuitMessage
0x4b4590 PostMessageA
0x4b4594 PeekMessageA
0x4b4598 OffsetRect
0x4b459c OemToCharA
0x4b45a0 MessageBoxA
0x4b45a4 MapWindowPoints
0x4b45a8 MapVirtualKeyA
0x4b45ac LoadStringA
0x4b45b0 LoadKeyboardLayoutA
0x4b45b4 LoadIconA
0x4b45b8 LoadCursorA
0x4b45bc LoadBitmapA
0x4b45c0 KillTimer
0x4b45c4 IsZoomed
0x4b45c8 IsWindowVisible
0x4b45cc IsWindowEnabled
0x4b45d0 IsWindow
0x4b45d4 IsRectEmpty
0x4b45d8 IsIconic
0x4b45dc IsDialogMessageA
0x4b45e0 IsChild
0x4b45e4 InvalidateRect
0x4b45e8 IntersectRect
0x4b45ec InsertMenuItemA
0x4b45f0 InsertMenuA
0x4b45f4 InflateRect
0x4b45fc GetWindowTextA
0x4b4600 GetWindowRect
0x4b4604 GetWindowPlacement
0x4b4608 GetWindowLongA
0x4b460c GetWindowDC
0x4b4610 GetTopWindow
0x4b4614 GetSystemMetrics
0x4b4618 GetSystemMenu
0x4b461c GetSysColorBrush
0x4b4620 GetSysColor
0x4b4624 GetSubMenu
0x4b4628 GetScrollRange
0x4b462c GetScrollPos
0x4b4630 GetScrollInfo
0x4b4634 GetPropA
0x4b4638 GetParent
0x4b463c GetWindow
0x4b4640 GetMenuStringA
0x4b4644 GetMenuState
0x4b4648 GetMenuItemInfoA
0x4b464c GetMenuItemID
0x4b4650 GetMenuItemCount
0x4b4654 GetMenu
0x4b4658 GetLastActivePopup
0x4b465c GetKeyboardState
0x4b4664 GetKeyboardLayout
0x4b4668 GetKeyState
0x4b466c GetKeyNameTextA
0x4b4670 GetIconInfo
0x4b4674 GetForegroundWindow
0x4b4678 GetFocus
0x4b467c GetDlgItem
0x4b4680 GetDesktopWindow
0x4b4684 GetDCEx
0x4b4688 GetDC
0x4b468c GetCursorPos
0x4b4690 GetCursor
0x4b4694 GetClipboardData
0x4b4698 GetClientRect
0x4b469c GetClassNameA
0x4b46a0 GetClassInfoA
0x4b46a4 GetCapture
0x4b46a8 GetActiveWindow
0x4b46ac FrameRect
0x4b46b0 FindWindowA
0x4b46b4 FillRect
0x4b46b8 EqualRect
0x4b46bc EnumWindows
0x4b46c0 EnumThreadWindows
0x4b46c4 EndPaint
0x4b46c8 EnableWindow
0x4b46cc EnableScrollBar
0x4b46d0 EnableMenuItem
0x4b46d4 DrawTextA
0x4b46d8 DrawMenuBar
0x4b46dc DrawIconEx
0x4b46e0 DrawIcon
0x4b46e4 DrawFrameControl
0x4b46e8 DrawFocusRect
0x4b46ec DrawEdge
0x4b46f0 DispatchMessageA
0x4b46f4 DestroyWindow
0x4b46f8 DestroyMenu
0x4b46fc DestroyIcon
0x4b4700 DestroyCursor
0x4b4704 DeleteMenu
0x4b4708 DefWindowProcA
0x4b470c DefMDIChildProcA
0x4b4710 DefFrameProcA
0x4b4714 CreatePopupMenu
0x4b4718 CreateMenu
0x4b471c CreateIcon
0x4b4720 ClientToScreen
0x4b4724 CheckMenuItem
0x4b4728 CallWindowProcA
0x4b472c CallNextHookEx
0x4b4730 BeginPaint
0x4b4734 CharNextA
0x4b4738 CharLowerBuffA
0x4b473c CharLowerA
0x4b4740 CharUpperBuffA
0x4b4744 CharToOemA
0x4b4748 AdjustWindowRectEx
Library kernel32.dll:
0x4b4754 Sleep
Library oleaut32.dll:
0x4b475c SafeArrayPtrOfIndex
0x4b4760 SafeArrayPutElement
0x4b4764 SafeArrayGetElement
0x4b476c SafeArrayAccessData
0x4b4770 SafeArrayGetUBound
0x4b4774 SafeArrayGetLBound
0x4b4778 SafeArrayRedim
0x4b477c SafeArrayCreate
0x4b4780 VariantChangeType
0x4b4784 VariantCopyInd
0x4b4788 VariantCopy
0x4b478c VariantClear
0x4b4790 VariantInit
Library ole32.dll:
0x4b4798 CoTaskMemFree
0x4b479c ProgIDFromCLSID
0x4b47a0 StringFromCLSID
0x4b47a4 CoCreateInstance
0x4b47a8 CoGetMalloc
0x4b47ac CoUninitialize
0x4b47b0 CoInitialize
0x4b47b4 IsEqualGUID
Library oleaut32.dll:
0x4b47bc GetErrorInfo
0x4b47c0 GetActiveObject
0x4b47c4 SysStringLen
0x4b47c8 SysFreeString
Library comctl32.dll:
0x4b47d8 ImageList_Write
0x4b47dc ImageList_Read
0x4b47ec ImageList_DragMove
0x4b47f0 ImageList_DragLeave
0x4b47f4 ImageList_DragEnter
0x4b47f8 ImageList_EndDrag
0x4b47fc ImageList_BeginDrag
0x4b4800 ImageList_Remove
0x4b4804 ImageList_DrawEx
0x4b4808 ImageList_Replace
0x4b480c ImageList_Draw
0x4b481c ImageList_Add
0x4b4824 ImageList_Destroy
0x4b4828 ImageList_Create
0x4b482c InitCommonControls
Library comdlg32.dll:
0x4b4834 GetSaveFileNameA
0x4b4838 GetOpenFileNameA

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 50534 114.114.114.114 53
192.168.56.101 56539 114.114.114.114 53
192.168.56.101 60123 114.114.114.114 53
192.168.56.101 65004 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 49235 224.0.0.252 5355
192.168.56.101 51963 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 62191 224.0.0.252 5355
192.168.56.101 1900 239.255.255.250 1900
192.168.56.101 50535 239.255.255.250 3702
192.168.56.101 50537 239.255.255.250 3702
192.168.56.101 56540 239.255.255.250 3702
192.168.56.101 56807 239.255.255.250 1900
192.168.56.101 58707 239.255.255.250 3702

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.