9.4
极危
55 个模型检测该样本为恶意!
重新分析
更多

835a85cca1d8bec9e6b50280096d694491c055c7a1cc5fbe8a3d15ae1358382c

05e096617ed9e9101a93eac1e9ca295a.exe

分析耗时

88s

最近分析

文件大小

624.0KB
静态报毒 动态报毒 AGEN AI SCORE=89 AIDETECTVM ATTRIBUTE BANKERX BSCOPE CLASSIC EMOTET EPAZ FOQT GENCIRC GENERICKD GENETIC GENKRYPTIK HFHN HIGH CONFIDENCE HIGHCONFIDENCE HPWYDZ KRYPTIK MALWARE1 MALWARE@#71OHD60IQKV5 NGZODEK+TOA R + TROJ SCORE THHOEBO UNSAFE 更多
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
CrowdStrike 20190702 1.0
Baidu 20190318 1.0.0.2
Alibaba Trojan:Win32/Emotet.63bf8c7f 20190527 0.3.0.5
Kingsoft 20201211 2017.9.26.565
McAfee Emotet-FRG!05E096617ED9 20201211 6.0.6.653
Tencent Malware.Win32.Gencirc.10cde555 20201211 1.0.0.1
Avast Win32:BankerX-gen [Trj] 20201210 21.1.5827.0
静态指标
Queries for the computername (1 个事件)
Time & API Arguments Status Return Repeated
1619150744.777124
GetComputerNameA
computer_name: OSKAR-PC
success 1 0
Uses Windows APIs to generate a cryptographic key (3 个事件)
Time & API Arguments Status Return Repeated
1619150735.792124
CryptGenKey
crypto_handle: 0x005f0428
algorithm_identifier: 0x0000660e ()
provider_handle: 0x0069abf8
flags: 1
key: fäŒÁ*?¤çKjïU9r‹
success 1 0
1619150744.792124
CryptExportKey
crypto_handle: 0x005f0428
crypto_export_handle: 0x0069abb8
buffer: f¤ÅenM^ qCí¡Ð>ôMµ7zõüPõ©BKNQßS¡š[)u x‹ œì¿ziÀdJL÷¬Vò1¦Dpð2b郦øؾñßå^š óÇm †&397×À
blob_type: 1
flags: 64
success 1 0
1619150779.245124
CryptExportKey
crypto_handle: 0x005f0428
crypto_export_handle: 0x0069abb8
buffer: f¤DϞ‰ÄƒILÌ(Ø.ÖÏëóü® k¼Üœr!!¸ ½¯– îüNš%ão¦ØHÇcIo¹4$1á¸É¯\¨© ЫO¶åžYcOÞHX °äJýÝmFÑöòEºœ¼iî¥1l
blob_type: 1
flags: 64
success 1 0
The file contains an unknown PE resource name possibly indicative of a packer (1 个事件)
resource name None
行为判定
动态指标
Allocates read-write-execute memory (usually to unpack itself) (3 个事件)
Time & API Arguments Status Return Repeated
1619134513.574698
NtAllocateVirtualMemory
process_identifier: 428
region_size: 36864
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12289 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x003f0000
success 0 0
1619150378.952521
NtAllocateVirtualMemory
process_identifier: 1424
region_size: 65536
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffffffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x0000000004000000
success 0 0
1619150735.417124
NtAllocateVirtualMemory
process_identifier: 1060
region_size: 36864
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12289 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x003f0000
success 0 0
Checks whether any human activity is being performed by constantly checking whether the foreground window changed
Moves the original executable to a new location (1 个事件)
Time & API Arguments Status Return Repeated
1619134514.824698
MoveFileWithProgressW
oldfilepath: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\05e096617ed9e9101a93eac1e9ca295a.exe
newfilepath: C:\Windows\SysWOW64\dtsh\KBDLT1.exe
newfilepath_r: C:\Windows\SysWOW64\dtsh\KBDLT1.exe
flags: 3
oldfilepath_r: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\05e096617ed9e9101a93eac1e9ca295a.exe
success 1 0
Checks adapter addresses which can be used to detect virtual network interfaces (1 个事件)
Time & API Arguments Status Return Repeated
1619150745.199124
GetAdaptersAddresses
flags: 0
family: 0
failed 111 0
Expresses interest in specific running processes (1 个事件)
process kbdlt1.exe
Reads the systems User Agent and subsequently performs requests (1 个事件)
Time & API Arguments Status Return Repeated
1619150744.886124
InternetOpenW
proxy_bypass:
access_type: 0
proxy_name:
flags: 0
user_agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
success 13369348 0
网络通信
Communicates with host for which no DNS query was performed (3 个事件)
host 172.217.24.14
host 47.146.117.214
host 62.108.54.22
Installs itself for autorun at Windows startup (1 个事件)
service_name KBDLT1 service_path C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\"C:\Windows\SysWOW64\dtsh\KBDLT1.exe"
Created a service where a service was also not started (1 个事件)
Time & API Arguments Status Return Repeated
1619134515.074698
CreateServiceW
service_start_name:
start_type: 2
service_handle: 0x02625aa8
display_name: KBDLT1
error_control: 0
service_name: KBDLT1
filepath: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\"C:\Windows\SysWOW64\dtsh\KBDLT1.exe"
filepath_r: "C:\Windows\SysWOW64\dtsh\KBDLT1.exe"
service_manager_handle: 0x0260c018
desired_access: 2
service_type: 16
password:
success 40000168 0
Sets or modifies WPAD proxy autoconfiguration file for traffic interception (8 个事件)
Time & API Arguments Status Return Repeated
1619150747.777124
RegSetValueExA
key_handle: 0x000003ac
value: 1
regkey_r: WpadDecisionReason
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionReason
success 0 0
1619150747.777124
RegSetValueExA
key_handle: 0x000003ac
value: Û8×
regkey_r: WpadDecisionTime
reg_type: 3 (REG_BINARY)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionTime
success 0 0
1619150747.777124
RegSetValueExA
key_handle: 0x000003ac
value: 3
regkey_r: WpadDecision
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecision
success 0 0
1619150747.777124
RegSetValueExW
key_handle: 0x000003ac
value: 网络 2
regkey_r: WpadNetworkName
reg_type: 1 (REG_SZ)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadNetworkName
success 0 0
1619150747.777124
RegSetValueExA
key_handle: 0x000003c4
value: 1
regkey_r: WpadDecisionReason
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionReason
success 0 0
1619150747.777124
RegSetValueExA
key_handle: 0x000003c4
value: Û8×
regkey_r: WpadDecisionTime
reg_type: 3 (REG_BINARY)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionTime
success 0 0
1619150747.777124
RegSetValueExA
key_handle: 0x000003c4
value: 3
regkey_r: WpadDecision
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecision
success 0 0
1619150747.792124
RegSetValueExW
key_handle: 0x000003a8
value: {40112ABE-63B3-43C3-BE93-1440EE3AF106}
regkey_r: WpadLastNetwork
reg_type: 1 (REG_SZ)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\WpadLastNetwork
success 0 0
Attempts to remove evidence of file being downloaded from the Internet (1 个事件)
file C:\Windows\SysWOW64\dtsh\KBDLT1.exe:Zone.Identifier
Generates some ICMP traffic
File has been identified by 55 AntiVirus engines on VirusTotal as malicious (50 out of 55 个事件)
Bkav W32.AIDetectVM.malware1
Elastic malicious (high confidence)
MicroWorld-eScan Trojan.GenericKD.34267830
FireEye Generic.mg.05e096617ed9e910
ALYac Trojan.Agent.Emotet
Cylance Unsafe
VIPRE Trojan.Win32.Generic!BT
K7AntiVirus Trojan ( 0056bee11 )
BitDefender Trojan.GenericKD.34267830
K7GW Trojan ( 0056bee11 )
Cyren W32/Trojan.FOQT-3870
Symantec ML.Attribute.HighConfidence
APEX Malicious
Paloalto generic.ml
ClamAV Win.Packed.Emotet-9789560-0
Kaspersky HEUR:Trojan-Banker.Win32.Emotet.pef
Alibaba Trojan:Win32/Emotet.63bf8c7f
NANO-Antivirus Trojan.Win32.Emotet.hpwydz
AegisLab Trojan.Multi.Generic.4!c
Rising Trojan.Kryptik!1.C80B (CLASSIC)
Ad-Aware Trojan.GenericKD.34267830
Sophos Mal/Generic-R + Troj/Emotet-CKN
Comodo Malware@#71ohd60iqkv5
F-Secure Heuristic.HEUR/AGEN.1137853
DrWeb Trojan.Emotet.997
Zillya Backdoor.Emotet.Win32.844
TrendMicro TrojanSpy.Win32.EMOTET.THHOEBO
McAfee-GW-Edition BehavesLike.Win32.Emotet.jh
Emsisoft Trojan.Emotet (A)
Jiangmin Backdoor.Emotet.pj
Webroot W32.Trojan.Emotet
Avira HEUR/AGEN.1137853
MAX malware (ai score=89)
Antiy-AVL Trojan[Banker]/Win32.Emotet
Microsoft Trojan:Win32/Emotet.ARJ!MTB
Gridinsoft Trojan.Win32.Emotet.oa
Arcabit Trojan.Generic.D20AE2B6
ZoneAlarm HEUR:Trojan-Banker.Win32.Emotet.pef
GData Trojan.GenericKD.34267830
Cynet Malicious (score: 85)
AhnLab-V3 Malware/Win32.Generic.C4173826
McAfee Emotet-FRG!05E096617ED9
TACHYON Trojan/W32.Agent.638976.QX
VBA32 BScope.Trojan.Emotet
Malwarebytes Trojan.MalPack.TRE
Panda Trj/Genetic.gen
ESET-NOD32 a variant of Win32/Kryptik.HFHN
TrendMicro-HouseCall TrojanSpy.Win32.EMOTET.SMV.hp
Tencent Malware.Win32.Gencirc.10cde555
Yandex Trojan.GenKryptik!nGZOdek+ToA
Connects to IP addresses that are no longer responding to requests (legitimate services will remain up-and-running usually) (2 个事件)
dead_host 62.108.54.22:8080
dead_host 47.146.117.214:80
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

2020-07-31 17:20:46

Imports

Library KERNEL32.dll:
0x457188 GetDateFormatA
0x45718c GetCommandLineA
0x457190 GetProcessHeap
0x457194 GetStartupInfoA
0x457198 HeapSize
0x45719c TerminateProcess
0x4571a8 IsDebuggerPresent
0x4571ac GetACP
0x4571b0 LCMapStringA
0x4571b4 LCMapStringW
0x4571bc Sleep
0x4571c0 VirtualFree
0x4571c4 HeapDestroy
0x4571c8 HeapCreate
0x4571cc GetStdHandle
0x4571d4 GetTimeFormatA
0x4571e0 SetHandleCount
0x4571e4 GetFileType
0x4571f0 GetStringTypeA
0x4571f4 GetStringTypeW
0x4571f8 GetConsoleCP
0x4571fc GetConsoleMode
0x457200 SetStdHandle
0x457204 WriteConsoleA
0x457208 GetConsoleOutputCP
0x45720c WriteConsoleW
0x457214 RaiseException
0x457218 VirtualQuery
0x45721c GetSystemInfo
0x457220 VirtualAlloc
0x457224 VirtualProtect
0x457228 HeapReAlloc
0x45722c HeapFree
0x457230 HeapAlloc
0x457234 RtlUnwind
0x457238 GetTickCount
0x45723c SetErrorMode
0x457244 CreateFileA
0x457248 GetShortPathNameA
0x457250 DuplicateHandle
0x457254 GetFileSize
0x457258 SetEndOfFile
0x45725c UnlockFile
0x457260 LockFile
0x457264 FlushFileBuffers
0x457268 SetFilePointer
0x45726c WriteFile
0x457270 ReadFile
0x457274 DeleteFileA
0x457278 MoveFileA
0x457284 GetThreadLocale
0x457288 GetOEMCP
0x45728c GetCPInfo
0x457294 TlsFree
0x45729c LocalReAlloc
0x4572a0 TlsSetValue
0x4572a4 TlsAlloc
0x4572ac GlobalHandle
0x4572b0 GlobalReAlloc
0x4572b8 TlsGetValue
0x4572c0 LocalAlloc
0x4572c4 GlobalFlags
0x4572c8 GetDiskFreeSpaceA
0x4572cc GetFullPathNameA
0x4572d0 GetTempFileNameA
0x4572d4 GetFileTime
0x4572d8 SetFileTime
0x4572dc GetFileAttributesA
0x4572f0 GetModuleFileNameW
0x4572f4 GetCurrentThread
0x4572fc GetModuleFileNameA
0x457304 GetLocaleInfoA
0x457308 lstrcmpA
0x45730c GlobalFree
0x457310 GlobalAlloc
0x457314 FormatMessageA
0x457318 LocalFree
0x45731c MulDiv
0x457320 GetCurrentThreadId
0x457324 GlobalFindAtomA
0x457328 GlobalDeleteAtom
0x45732c FreeLibrary
0x457330 lstrcmpW
0x457334 GetVersionExA
0x457338 FreeResource
0x45733c GlobalLock
0x457340 GlobalUnlock
0x457344 GetCurrentProcessId
0x457348 GlobalGetAtomNameA
0x45734c GlobalAddAtomA
0x457350 GetLogicalDrives
0x457354 FindNextFileA
0x457358 FindClose
0x45735c GetDriveTypeA
0x457360 lstrcpyA
0x457364 FindFirstFileA
0x457368 CloseHandle
0x45736c SetLastError
0x457370 GetModuleHandleA
0x457374 LoadLibraryA
0x457380 ExitProcess
0x457384 LoadLibraryExW
0x457388 GetProcAddress
0x45738c LoadLibraryExA
0x457390 GetCurrentProcess
0x457394 FindResourceA
0x457398 LoadResource
0x45739c LockResource
0x4573a0 SizeofResource
0x4573a4 GetStringTypeExA
0x4573a8 lstrlenA
0x4573ac lstrcmpiA
0x4573b0 CompareStringW
0x4573b4 CompareStringA
0x4573b8 GetVersion
0x4573bc GetLastError
0x4573c0 WideCharToMultiByte
0x4573c4 MultiByteToWideChar
0x4573cc InterlockedExchange
Library USER32.dll:
0x457438 CreateMenu
0x45743c PostThreadMessageA
0x457444 GetDCEx
0x457448 LockWindowUpdate
0x457450 DestroyIcon
0x457454 WindowFromPoint
0x457458 KillTimer
0x45745c SetTimer
0x457460 SetParent
0x457464 IsRectEmpty
0x457468 GetSysColorBrush
0x45746c LoadCursorA
0x457470 DestroyCursor
0x457474 GetMenuItemInfoA
0x457478 InflateRect
0x45747c EndPaint
0x457480 BeginPaint
0x457484 GetWindowDC
0x457488 ClientToScreen
0x45748c GrayStringA
0x457490 DrawTextExA
0x457494 DrawTextA
0x457498 TabbedTextOutA
0x45749c FillRect
0x4574a0 SetRect
0x4574a8 MapDialogRect
0x4574b0 GetNextDlgTabItem
0x4574b4 EndDialog
0x4574b8 GetMessageA
0x4574bc TranslateMessage
0x4574c0 GetCursorPos
0x4574c4 ValidateRect
0x4574c8 PostQuitMessage
0x4574cc GetMenuStringA
0x4574d0 InsertMenuA
0x4574d4 RemoveMenu
0x4574d8 MoveWindow
0x4574dc SetWindowTextA
0x4574e0 IsDialogMessageA
0x4574e4 SetDlgItemTextA
0x4574e8 SetMenuItemBitmaps
0x4574f0 LoadBitmapA
0x4574f4 ModifyMenuA
0x4574f8 GetMenuState
0x4574fc EnableMenuItem
0x457500 SendDlgItemMessageA
0x457504 IsChild
0x457508 SetWindowsHookExA
0x45750c CallNextHookEx
0x457510 GetClassLongA
0x457514 SetPropA
0x457518 RemovePropA
0x457520 GetWindowTextA
0x457524 GetForegroundWindow
0x457528 DispatchMessageA
0x45752c BeginDeferWindowPos
0x457530 EndDeferWindowPos
0x457534 GetTopWindow
0x457538 DestroyWindow
0x45753c UnhookWindowsHookEx
0x457540 GetMessageTime
0x457544 GetMessagePos
0x457548 MapWindowPoints
0x45754c ScrollWindow
0x457550 TrackPopupMenu
0x457554 SetScrollRange
0x457558 GetScrollRange
0x45755c SetScrollPos
0x457560 GetScrollPos
0x457564 SetForegroundWindow
0x457568 ShowScrollBar
0x45756c MessageBoxA
0x457570 CreateWindowExA
0x457574 GetClassInfoExA
0x457578 RegisterClassA
0x45757c AdjustWindowRectEx
0x457580 ScreenToClient
0x457584 DeferWindowPos
0x457588 GetScrollInfo
0x45758c SetScrollInfo
0x457590 DefWindowProcA
0x457594 CallWindowProcA
0x45759c GetWindowPlacement
0x4575a0 PtInRect
0x4575a4 GetDC
0x4575a8 ReleaseDC
0x4575ac GetWindowRect
0x4575b0 IsZoomed
0x4575b4 GetSystemMetrics
0x4575bc UnpackDDElParam
0x4575c0 ReuseDDElParam
0x4575c4 LoadMenuA
0x4575c8 DestroyMenu
0x4575cc GetClassNameA
0x4575d0 GetSysColor
0x4575d4 WinHelpA
0x4575d8 EnableWindow
0x4575dc SendMessageA
0x4575e0 CharUpperA
0x4575e4 UpdateWindow
0x4575e8 SetWindowPos
0x4575ec SetFocus
0x4575f4 GetActiveWindow
0x4575f8 IsWindowEnabled
0x4575fc GetFocus
0x457600 EqualRect
0x457604 GetDlgItem
0x457608 SetWindowLongA
0x45760c GetKeyState
0x457610 GetDlgCtrlID
0x457614 SetCursor
0x457618 PeekMessageA
0x45761c GetCapture
0x457620 ReleaseCapture
0x457624 SetWindowRgn
0x457628 DrawIcon
0x45762c FindWindowA
0x457630 MessageBeep
0x457634 GetNextDlgGroupItem
0x457638 SetCapture
0x45763c InvalidateRgn
0x457644 CharNextA
0x457648 GetPropA
0x45764c UnregisterClassA
0x457650 LoadIconA
0x457654 GetSystemMenu
0x457658 DeleteMenu
0x45765c AppendMenuA
0x457660 CheckMenuItem
0x457664 GetMenuItemCount
0x457668 GetMenuItemID
0x45766c GetSubMenu
0x457670 GetMenu
0x457674 GetClientRect
0x45767c IsWindow
0x457680 GetWindowLongA
0x457684 ShowWindow
0x457688 GetWindow
0x45768c GetDesktopWindow
0x457690 SetMenu
0x457694 PostMessageA
0x457698 BringWindowToTop
0x45769c GetLastActivePopup
0x4576a0 CopyRect
0x4576a4 SetRectEmpty
0x4576a8 OffsetRect
0x4576ac IntersectRect
0x4576b0 GetClassInfoA
0x4576b4 CreatePopupMenu
0x4576b8 InsertMenuItemA
0x4576bc IsIconic
0x4576c0 InvalidateRect
0x4576c4 IsWindowVisible
0x4576c8 SetActiveWindow
0x4576cc GetParent
0x4576d0 LoadAcceleratorsA
0x4576d4 ShowOwnedPopups
Library GDI32.dll:
0x45703c BitBlt
0x457040 GetPixel
0x457044 PtVisible
0x457048 RectVisible
0x45704c TextOutA
0x457050 ExtTextOutA
0x457054 Escape
0x457058 SetViewportOrgEx
0x45705c OffsetViewportOrgEx
0x457060 SetViewportExtEx
0x457064 ScaleViewportExtEx
0x457068 SetWindowOrgEx
0x45706c SetWindowExtEx
0x457070 ScaleWindowExtEx
0x457078 ExtSelectClipRgn
0x45707c CreatePatternBrush
0x457080 GetStockObject
0x457084 GetWindowExtEx
0x457088 CreatePen
0x45708c CreateSolidBrush
0x457090 GetViewportOrgEx
0x457094 Rectangle
0x457098 SetRectRgn
0x45709c CombineRgn
0x4570a0 GetMapMode
0x4570a4 GetBkColor
0x4570a8 GetTextColor
0x4570ac GetRgnBox
0x4570b0 CreateEllipticRgn
0x4570b4 LPtoDP
0x4570b8 Ellipse
0x4570bc GetNearestColor
0x4570c0 GetBkMode
0x4570c4 GetPolyFillMode
0x4570c8 GetROP2
0x4570cc GetStretchBltMode
0x4570d0 GetTextAlign
0x4570d4 GetTextFaceA
0x4570d8 GetWindowOrgEx
0x4570dc GetViewportExtEx
0x4570e0 CreateRectRgn
0x4570e4 SelectClipRgn
0x4570e8 SetTextAlign
0x4570ec MoveToEx
0x4570f0 LineTo
0x4570f4 CreateFontIndirectA
0x4570f8 IntersectClipRect
0x4570fc ExcludeClipRect
0x457100 SetMapMode
0x457104 SetStretchBltMode
0x457108 SetROP2
0x45710c SetPolyFillMode
0x457110 SetBkMode
0x457114 RestoreDC
0x457118 SaveDC
0x45711c EndDoc
0x457120 AbortDoc
0x457124 SetAbortProc
0x457128 EndPage
0x45712c StartPage
0x457130 StartDocA
0x457134 DPtoLP
0x457138 CreateDCA
0x45713c GetDeviceCaps
0x457140 PatBlt
0x457148 CreateBitmap
0x45714c SetBkColor
0x457150 SetTextColor
0x457154 GetClipBox
0x457158 StretchDIBits
0x45715c DeleteDC
0x457160 GetObjectA
0x457164 CreateFontA
0x457168 GetCharWidthA
0x45716c DeleteObject
0x457174 GetTextMetricsA
0x457178 SelectObject
0x45717c CreateCompatibleDC
Library comdlg32.dll:
0x4576f0 GetFileTitleA
Library WINSPOOL.DRV:
0x4576dc DocumentPropertiesA
0x4576e0 OpenPrinterA
0x4576e4 GetJobA
0x4576e8 ClosePrinter
Library ADVAPI32.dll:
0x457000 GetFileSecurityA
0x457004 SetFileSecurityA
0x457008 RegDeleteValueA
0x45700c RegSetValueExA
0x457010 RegCreateKeyExA
0x457014 RegQueryValueA
0x457018 RegEnumKeyA
0x45701c RegDeleteKeyA
0x457020 RegOpenKeyExA
0x457024 RegQueryValueExA
0x457028 RegOpenKeyA
0x45702c RegSetValueA
0x457030 RegCloseKey
0x457034 RegCreateKeyA
Library SHELL32.dll:
0x45740c SHGetFileInfoA
0x457410 DragFinish
0x457414 DragQueryFileA
0x457418 ExtractIconA
0x45741c ShellAboutA
Library SHLWAPI.dll:
0x457424 PathFindFileNameA
0x457428 PathStripToRootA
0x45742c PathFindExtensionA
0x457430 PathIsUNCA
Library oledlg.dll:
0x457748
Library ole32.dll:
0x4576f8 CoRevokeClassObject
0x457700 OleFlushClipboard
0x45770c OleUninitialize
0x457718 IsAccelerator
0x45772c CoGetClassObject
0x457730 CLSIDFromString
0x457734 CLSIDFromProgID
0x457738 CoTaskMemAlloc
0x45773c CoTaskMemFree
0x457740 OleInitialize
Library OLEAUT32.dll:
0x4573d4 VariantClear
0x4573d8 VariantChangeType
0x4573dc VariantInit
0x4573e0 SysStringLen
0x4573e4 SysFreeString
0x4573ec VariantCopy
0x4573f0 SafeArrayDestroy
0x457400 SysAllocString
0x457404 SysAllocStringLen

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 49235 114.114.114.114 53
192.168.56.101 50534 114.114.114.114 53
192.168.56.101 56539 114.114.114.114 53
192.168.56.101 65004 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 51808 224.0.0.252 5355
192.168.56.101 55368 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 60123 224.0.0.252 5355
192.168.56.101 62191 224.0.0.252 5355
192.168.56.101 1900 239.255.255.250 1900
192.168.56.101 50535 239.255.255.250 3702
192.168.56.101 56540 239.255.255.250 3702
192.168.56.101 56807 239.255.255.250 1900
192.168.56.101 58707 239.255.255.250 3702

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.