5.6
高危
64 个模型检测该样本为恶意!
重新分析
更多

df4fb288356a3db73065c8da1245dc2548355a9b5168918846ddc4f3bdde1460

08fdfa0db5a044df54a37550ce0d180a.exe

分析耗时

34s

最近分析

文件大小

2.1MB
静态报毒 动态报毒 100% AGEN AI SCORE=83 AIDETECTVM BANKERX BSCOPE CLOUD CONFIDENCE EKW@ASQ4TOO ELDORADO ENCPK GENCIRC GENETIC GENKRYPTIK GOZI HACKTOOL HBR@8QRQPO HCNX HIFIWJ HIGH CONFIDENCE INJECT3 KRAP KRYPTIK LKMC MALICIOUS PE MALWARE1 MINT MODERATE PINKSBOT QAKBOT QBOT QBOTPMF R002C0CDE20 R331573 REGOTET S12740246 SCORE SUSGEN TROJANBANKER UNSAFE WACATAC ZEXAF 更多
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
CrowdStrike win/malicious_confidence_100% (W) 20190702 1.0
Alibaba TrojanBanker:Win32/Qakbot.40d1afa4 20190527 0.3.0.5
Baidu 20190318 1.0.0.2
Avast Win32:BankerX-gen [Trj] 20200805 18.4.3895.0
Tencent Malware.Win32.Gencirc.10b9c13d 20200805 1.0.0.1
Kingsoft 20200805 2013.8.14.323
McAfee W32/PinkSbot-GN!08FDFA0DB5A0 20200805 6.0.6.653
静态指标
Queries for the computername (3 个事件)
Time & API Arguments Status Return Repeated
1619140382.44975
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
1619140390.10575
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
1619140383.730875
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
Command line console output was observed (28 个事件)
Time & API Arguments Status Return Repeated
1619140392.011
WriteConsoleA
buffer: ÕýÔÚ Ping 127.0.0.1
console_handle: 0x00000007
success 1 0
1619140392.027
WriteConsoleA
buffer: ¾ßÓÐ 32 ×Ö½ÚµÄÊý¾Ý:
console_handle: 0x00000007
success 1 0
1619140392.058
WriteConsoleA
buffer: À´×Ô 127.0.0.1 µÄ»Ø¸´:
console_handle: 0x00000007
success 1 0
1619140392.058
WriteConsoleA
buffer: ×Ö½Ú=32
console_handle: 0x00000007
success 1 0
1619140392.058
WriteConsoleA
buffer: ʱ¼ä<1ms
console_handle: 0x00000007
success 1 0
1619140392.074
WriteConsoleA
buffer: TTL=128
console_handle: 0x00000007
success 1 0
1619140393.105
WriteConsoleA
buffer: À´×Ô 127.0.0.1 µÄ»Ø¸´:
console_handle: 0x00000007
success 1 0
1619140393.105
WriteConsoleA
buffer: ×Ö½Ú=32
console_handle: 0x00000007
success 1 0
1619140393.105
WriteConsoleA
buffer: ʱ¼ä<1ms
console_handle: 0x00000007
success 1 0
1619140393.105
WriteConsoleA
buffer: TTL=128
console_handle: 0x00000007
success 1 0
1619140394.136
WriteConsoleA
buffer: À´×Ô 127.0.0.1 µÄ»Ø¸´:
console_handle: 0x00000007
success 1 0
1619140394.136
WriteConsoleA
buffer: ×Ö½Ú=32
console_handle: 0x00000007
success 1 0
1619140394.136
WriteConsoleA
buffer: ʱ¼ä<1ms
console_handle: 0x00000007
success 1 0
1619140394.152
WriteConsoleA
buffer: TTL=128
console_handle: 0x00000007
success 1 0
1619140395.152
WriteConsoleA
buffer: À´×Ô 127.0.0.1 µÄ»Ø¸´:
console_handle: 0x00000007
success 1 0
1619140395.152
WriteConsoleA
buffer: ×Ö½Ú=32
console_handle: 0x00000007
success 1 0
1619140395.167
WriteConsoleA
buffer: ʱ¼ä<1ms
console_handle: 0x00000007
success 1 0
1619140395.167
WriteConsoleA
buffer: TTL=128
console_handle: 0x00000007
success 1 0
1619140396.167
WriteConsoleA
buffer: À´×Ô 127.0.0.1 µÄ»Ø¸´:
console_handle: 0x00000007
success 1 0
1619140396.167
WriteConsoleA
buffer: ×Ö½Ú=32
console_handle: 0x00000007
success 1 0
1619140396.167
WriteConsoleA
buffer: ʱ¼ä<1ms
console_handle: 0x00000007
success 1 0
1619140396.167
WriteConsoleA
buffer: TTL=128
console_handle: 0x00000007
success 1 0
1619140397.183
WriteConsoleA
buffer: À´×Ô 127.0.0.1 µÄ»Ø¸´:
console_handle: 0x00000007
success 1 0
1619140397.183
WriteConsoleA
buffer: ×Ö½Ú=32
console_handle: 0x00000007
success 1 0
1619140397.183
WriteConsoleA
buffer: ʱ¼ä<1ms
console_handle: 0x00000007
success 1 0
1619140397.183
WriteConsoleA
buffer: TTL=128
console_handle: 0x00000007
success 1 0
1619140397.199
WriteConsoleA
buffer: 127.0.0.1 µÄ Ping ͳ¼ÆÐÅÏ¢: Êý¾Ý°ü: ÒÑ·¢ËÍ = 6£¬ÒѽÓÊÕ = 6£¬¶ªÊ§ = 0 (0% ¶ªÊ§)£¬
console_handle: 0x00000007
success 1 0
1619140397.214
WriteConsoleA
buffer: Íù·µÐг̵ĹÀ¼Æʱ¼ä(ÒÔºÁÃëΪµ¥Î»): ×î¶Ì = 0ms£¬× = 0ms£¬Æ½¾ù = 0ms
console_handle: 0x00000007
success 1 0
Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available (1 个事件)
Time & API Arguments Status Return Repeated
1619140391.949
GlobalMemoryStatusEx
success 1 0
One or more processes crashed (3 个事件)
Time & API Arguments Status Return Repeated
1619140390.10575
__exception__
stacktrace: 
08fdfa0db5a044df54a37550ce0d180a+0x8ec9 @ 0x408ec9
08fdfa0db5a044df54a37550ce0d180a+0x17cc @ 0x4017cc
08fdfa0db5a044df54a37550ce0d180a+0x1c66 @ 0x401c66
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1634776
registers.edi: 0
registers.eax: 6619136
registers.ebp: 1635384
registers.edx: 8
registers.ebx: 1
registers.esi: 4269856
registers.ecx: 100
exception.instruction_r: ff 30 e8 97 03 00 00 83 c4 14 85 c0 75 38 8d 85
exception.symbol: 08fdfa0db5a044df54a37550ce0d180a+0x844a
exception.instruction: push dword ptr [eax]
exception.module: 08fdfa0db5a044df54a37550ce0d180a.exe
exception.exception_code: 0xc0000005
exception.offset: 33866
exception.address: 0x40844a
success 0 0
1619140384.386875
__exception__
stacktrace: 
08fdfa0db5a044df54a37550ce0d180a+0x3daa @ 0x403daa
08fdfa0db5a044df54a37550ce0d180a+0x1b23 @ 0x401b23
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1637624
registers.edi: 0
registers.eax: 1447909480
registers.ebp: 1637684
registers.edx: 22104
registers.ebx: 1
registers.esi: 8210224
registers.ecx: 10
exception.instruction_r: ed 89 5d e4 89 4d e0 5a 59 5b 58 83 4d fc ff eb
exception.symbol: 08fdfa0db5a044df54a37550ce0d180a+0x33cc
exception.instruction: in eax, dx
exception.module: 08fdfa0db5a044df54a37550ce0d180a.exe
exception.exception_code: 0xc0000096
exception.offset: 13260
exception.address: 0x4033cc
success 0 0
1619140384.386875
__exception__
stacktrace: 
08fdfa0db5a044df54a37550ce0d180a+0x3db3 @ 0x403db3
08fdfa0db5a044df54a37550ce0d180a+0x1b23 @ 0x401b23
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1637628
registers.edi: 0
registers.eax: 1447909480
registers.ebp: 1637684
registers.edx: 22104
registers.ebx: 1
registers.esi: 8210224
registers.ecx: 20
exception.instruction_r: ed 89 45 e4 5a 59 5b 58 83 4d fc ff eb 11 33 c0
exception.symbol: 08fdfa0db5a044df54a37550ce0d180a+0x3465
exception.instruction: in eax, dx
exception.module: 08fdfa0db5a044df54a37550ce0d180a.exe
exception.exception_code: 0xc0000096
exception.offset: 13413
exception.address: 0x403465
success 0 0
行为判定
动态指标
Allocates read-write-execute memory (usually to unpack itself) (6 个事件)
Time & API Arguments Status Return Repeated
1619140382.23075
NtAllocateVirtualMemory
process_identifier: 2240
region_size: 233472
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00330000
success 0 0
1619140382.26175
NtAllocateVirtualMemory
process_identifier: 2240
region_size: 229376
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00370000
success 0 0
1619140382.26175
NtProtectVirtualMemory
process_identifier: 2240
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 245760
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00400000
success 0 0
1619140383.574875
NtAllocateVirtualMemory
process_identifier: 2740
region_size: 233472
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00330000
success 0 0
1619140383.605875
NtAllocateVirtualMemory
process_identifier: 2740
region_size: 229376
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x01e40000
success 0 0
1619140383.605875
NtProtectVirtualMemory
process_identifier: 2740
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 245760
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00400000
success 0 0
Creates executable files on the filesystem (1 个事件)
file C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\08fdfa0db5a044df54a37550ce0d180a.exe
Creates a suspicious process (2 个事件)
cmdline cmd.exe /c ping.exe -n 6 127.0.0.1 & type "C:\Windows\System32\calc.exe" > "C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\08fdfa0db5a044df54a37550ce0d180a.exe"
cmdline "C:\Windows\System32\cmd.exe" /c ping.exe -n 6 127.0.0.1 & type "C:\Windows\System32\calc.exe" > "C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\08fdfa0db5a044df54a37550ce0d180a.exe"
A process created a hidden window (2 个事件)
Time & API Arguments Status Return Repeated
1619140383.32475
CreateProcessInternalW
thread_identifier: 2824
thread_handle: 0x00000154
process_identifier: 2740
current_directory:
filepath:
track: 1
command_line: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\08fdfa0db5a044df54a37550ce0d180a.exe /C
filepath_r:
stack_pivoted: 0
creation_flags: 134217728 (CREATE_NO_WINDOW)
process_handle: 0x00000158
inherit_handles: 0
success 1 0
1619140390.98075
ShellExecuteExW
parameters: /c ping.exe -n 6 127.0.0.1 & type "C:\Windows\System32\calc.exe" > "C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\08fdfa0db5a044df54a37550ce0d180a.exe"
filepath: cmd.exe
filepath_r: cmd.exe
show_type: 0
success 1 0
Searches running processes potentially to identify processes for sandbox evasion, code injection or memory dumping (1 个事件)
Uses Windows utilities for basic Windows functionality (3 个事件)
cmdline cmd.exe /c ping.exe -n 6 127.0.0.1 & type "C:\Windows\System32\calc.exe" > "C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\08fdfa0db5a044df54a37550ce0d180a.exe"
cmdline ping.exe -n 6 127.0.0.1
cmdline "C:\Windows\System32\cmd.exe" /c ping.exe -n 6 127.0.0.1 & type "C:\Windows\System32\calc.exe" > "C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\08fdfa0db5a044df54a37550ce0d180a.exe"
网络通信
Communicates with host for which no DNS query was performed (1 个事件)
host 172.217.24.14
Detects VMWare through the in instruction feature (1 个事件)
Time & API Arguments Status Return Repeated
1619140384.386875
__exception__
stacktrace: 
08fdfa0db5a044df54a37550ce0d180a+0x3daa @ 0x403daa
08fdfa0db5a044df54a37550ce0d180a+0x1b23 @ 0x401b23
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1637624
registers.edi: 0
registers.eax: 1447909480
registers.ebp: 1637684
registers.edx: 22104
registers.ebx: 1
registers.esi: 8210224
registers.ecx: 10
exception.instruction_r: ed 89 5d e4 89 4d e0 5a 59 5b 58 83 4d fc ff eb
exception.symbol: 08fdfa0db5a044df54a37550ce0d180a+0x33cc
exception.instruction: in eax, dx
exception.module: 08fdfa0db5a044df54a37550ce0d180a.exe
exception.exception_code: 0xc0000096
exception.offset: 13260
exception.address: 0x4033cc
success 0 0
File has been identified by 64 AntiVirus engines on VirusTotal as malicious (50 out of 64 个事件)
Bkav W32.AIDetectVM.malware1
MicroWorld-eScan Gen:Heur.Mint.Regotet.1
CAT-QuickHeal Trojan.QbotPMF.S12740246
Qihoo-360 Win32/Trojan.BO.75a
ALYac Gen:Heur.Mint.Regotet.1
Malwarebytes Trojan.MalPack.RND
Zillya Trojan.Qbot.Win32.8044
Sangfor Malware
CrowdStrike win/malicious_confidence_100% (W)
Alibaba TrojanBanker:Win32/Qakbot.40d1afa4
K7GW Trojan ( 0056422d1 )
K7AntiVirus Trojan ( 0056422d1 )
Invincea heuristic
F-Prot W32/S-cf416176!Eldorado
Symantec Packed.Generic.459
ESET-NOD32 a variant of Win32/Kryptik.HCNX
APEX Malicious
Paloalto generic.ml
ClamAV Win.Dropper.Qakbot-7684636-0
GData Gen:Heur.Mint.Regotet.1
Kaspersky HEUR:Trojan-Banker.Win32.Qbot.vho
BitDefender Gen:Heur.Mint.Regotet.1
NANO-Antivirus Trojan.Win32.Qbot.hifiwj
Avast Win32:BankerX-gen [Trj]
Tencent Malware.Win32.Gencirc.10b9c13d
Ad-Aware Gen:Heur.Mint.Regotet.1
Sophos Mal/EncPk-APV
Comodo TrojWare.Win32.Kryptik.HBR@8qrqpo
F-Secure Heuristic.HEUR/AGEN.1133868
DrWeb Trojan.Inject3.37922
VIPRE Trojan.Win32.Generic!BT
TrendMicro TROJ_GEN.R002C0CDE20
Trapmine malicious.moderate.ml.score
FireEye Generic.mg.08fdfa0db5a044df
Emsisoft Gen:Heur.Mint.Regotet.1 (B)
SentinelOne DFI - Malicious PE
Cyren W32/S-cf416176!Eldorado
Jiangmin Trojan.Banker.Qbot.mq
Webroot W32.Malware.Gen
Avira HEUR/AGEN.1133868
Antiy-AVL Trojan/Win32.Wacatac
Endgame malicious (high confidence)
Arcabit Trojan.Mint.Regotet.1
AegisLab Hacktool.Win32.Krap.lKMc
ZoneAlarm HEUR:Trojan-Banker.Win32.Qbot.vho
Microsoft Trojan:Win32/Gozi.GA!MTB
Cynet Malicious (score: 100)
AhnLab-V3 Trojan/Win32.Kryptik.R331573
Acronis suspicious
McAfee W32/PinkSbot-GN!08FDFA0DB5A0
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

2020-04-06 21:48:06

Imports

Library KERNEL32.dll:
0x6102c8 VirtualAlloc
0x6102cc GetModuleHandleW
0x6102d0 OpenProcess
0x6102d4 GetModuleFileNameW
0x6102d8 GetModuleHandleA
0x6102dc LoadLibraryA
0x6102e0 LocalAlloc
0x6102e4 LocalFree
0x6102e8 GetModuleFileNameA
0x6102ec ExitProcess
0x6102f0 WriteConsoleInputW
0x6102f4 FreeConsole
0x6102f8 lstrcpynA
0x610304 SetCommBreak
0x610308 FlushViewOfFile
0x610314 DeviceIoControl
0x610318 Heap32ListNext
0x61031c VirtualProtect
0x610320 GetMailslotInfo
0x610324 GetProfileIntW
0x610328 VerLanguageNameA
0x61032c DebugActiveProcess
0x610330 SwitchToFiber
0x610334 GetLocaleInfoW
0x61033c CreateMailslotW
0x610340 ReadConsoleA
0x610344 HeapFree
0x610348 LocalCompact
0x61034c SetTapeParameters
0x610350 SetMailslotInfo
0x610354 CallNamedPipeW
0x610358 CreateJobObjectW
0x61035c SetFileAttributesA
0x610360 Process32FirstW
0x610368 CancelWaitableTimer
0x61036c FoldStringA
0x610374 CreateThread
0x610378 SetComputerNameExA
0x61037c EnumCalendarInfoA
0x610380 IsDebuggerPresent
0x610388 HeapAlloc
0x61038c RtlUnwind
0x610390 HeapReAlloc
0x610394 RaiseException
0x610398 HeapSize
0x61039c VirtualQuery
0x6103a0 GetStdHandle
0x6103ac SetHandleCount
0x6103b0 GetFileType
0x6103b4 GetStartupInfoA
0x6103b8 HeapCreate
0x6103bc VirtualFree
0x6103c4 GetCPInfo
0x6103c8 GetACP
0x6103d0 IsValidCodePage
0x6103d8 GetTimeFormatA
0x6103dc GetDateFormatA
0x6103e0 GetConsoleCP
0x6103e4 GetConsoleMode
0x6103ec LCMapStringA
0x6103f0 LCMapStringW
0x6103f4 GetStringTypeA
0x6103f8 GetStringTypeW
0x6103fc GetLocaleInfoA
0x610400 WriteConsoleA
0x610404 GetConsoleOutputCP
0x610408 WriteConsoleW
0x61040c SetStdHandle
0x610410 CreateFileA
0x61041c TerminateProcess
0x610420 GetStartupInfoW
0x610424 GetTickCount
0x610428 GetFileTime
0x61042c GetFileSizeEx
0x610430 GetFileAttributesW
0x610438 SetErrorMode
0x610440 lstrlenA
0x610448 TlsFree
0x610450 LocalReAlloc
0x610454 TlsSetValue
0x610458 TlsAlloc
0x610460 GlobalHandle
0x610464 GlobalReAlloc
0x61046c TlsGetValue
0x610474 GlobalFlags
0x610478 CreateFileW
0x61047c GetFullPathNameW
0x610484 FindFirstFileW
0x610488 FindClose
0x61048c GetCurrentProcess
0x610490 DuplicateHandle
0x610494 GetFileSize
0x610498 SetEndOfFile
0x61049c UnlockFile
0x6104a0 LockFile
0x6104a4 FlushFileBuffers
0x6104a8 SetFilePointer
0x6104ac WriteFile
0x6104b0 ReadFile
0x6104b4 GetThreadLocale
0x6104bc GlobalFindAtomW
0x6104c0 GetVersionExW
0x6104c4 CompareStringW
0x6104c8 GetVersionExA
0x6104cc MulDiv
0x6104d0 GetCurrentProcessId
0x6104d4 GlobalAddAtomW
0x6104d8 SetLastError
0x6104dc GlobalUnlock
0x6104e0 lstrlenW
0x6104e8 FreeResource
0x6104ec GlobalFree
0x6104f0 GlobalDeleteAtom
0x6104f4 GetCurrentThread
0x6104f8 GetCurrentThreadId
0x610504 lstrcmpA
0x610508 LoadLibraryW
0x61050c CompareStringA
0x610510 InterlockedExchange
0x610514 GlobalLock
0x610518 lstrcmpW
0x61051c GlobalAlloc
0x610520 FreeLibrary
0x610528 GetSystemInfo
0x61052c GetProcAddress
0x610530 FormatMessageW
0x610534 Sleep
0x610538 MultiByteToWideChar
0x61053c WideCharToMultiByte
0x610540 CloseHandle
0x610544 GetLastError
0x610548 DeleteFileW
0x61054c GetCommandLineW
0x610550 FindResourceW
0x610554 LoadResource
0x610558 LockResource
0x61055c GetOEMCP
0x610560 SizeofResource
Library USER32.dll:
0x610568 LoadIconA
0x61056c CharNextW
0x610570 GetForegroundWindow
0x610574 SetWindowsHookW
0x610578 IMPSetIMEW
0x61057c KillTimer
0x610580 DrawFocusRect
0x610584 InvertRect
0x610588 GetMenuStringW
0x610590 CheckDlgButton
0x610594 EndMenu
0x610598 CreateDialogParamA
0x61059c SetWindowLongA
0x6105a0 GetDesktopWindow
0x6105a4 CreateMDIWindowW
0x6105a8 MonitorFromRect
0x6105ac GetKBCodePage
0x6105b0 FindWindowW
0x6105b4 wvsprintfW
0x6105bc GetListBoxInfo
0x6105c0 IsCharLowerA
0x6105c4 ModifyMenuW
0x6105c8 CopyIcon
0x6105cc TrackPopupMenu
0x6105d0 CreateCursor
0x6105d4 DrawStateW
0x6105d8 CloseDesktop
0x6105dc DestroyWindow
0x6105e4 GetClipCursor
0x6105e8 IsDialogMessage
0x6105ec GetMenuItemRect
0x6105f0 ChangeMenuW
0x6105f4 GetLastInputInfo
0x6105f8 GetAltTabInfoA
0x610600 FindWindowExA
0x610604 GetNextDlgGroupItem
0x61060c SetMenuItemInfoA
0x610610 PostThreadMessageW
0x610614 MessageBeep
0x610618 InvalidateRgn
0x61061c InvalidateRect
0x610620 SetRect
0x610624 IsRectEmpty
0x610628 ReleaseCapture
0x61062c LoadCursorW
0x610630 SetCapture
0x610634 CharUpperW
0x610638 EndPaint
0x61063c BeginPaint
0x610640 GetWindowDC
0x610644 ClientToScreen
0x610648 GrayStringW
0x61064c DrawTextExW
0x610650 DrawTextW
0x610654 TabbedTextOutW
0x610658 DestroyMenu
0x61065c ShowWindow
0x610660 MoveWindow
0x610664 SetWindowTextW
0x610668 IsDialogMessageW
0x610670 SendDlgItemMessageW
0x610674 SendDlgItemMessageA
0x610678 WinHelpW
0x61067c IsChild
0x610680 GetCapture
0x610684 GetClassLongW
0x610688 GetClassNameW
0x61068c SetPropW
0x610690 GetPropW
0x610694 RemovePropW
0x610698 SetFocus
0x6106a0 GetWindowTextW
0x6106a4 GetTopWindow
0x6106a8 UnhookWindowsHookEx
0x6106ac GetMessageTime
0x6106b0 GetMessagePos
0x6106b4 SetMenu
0x6106b8 SetForegroundWindow
0x6106bc UpdateWindow
0x6106c0 CreateWindowExW
0x6106c4 GetClassInfoExW
0x6106c8 GetClassInfoW
0x6106cc RegisterClassW
0x6106d0 GetSysColor
0x6106d4 AdjustWindowRectEx
0x6106d8 EqualRect
0x6106dc PtInRect
0x6106e0 GetDlgCtrlID
0x6106e4 DefWindowProcW
0x6106e8 CallWindowProcW
0x6106ec GetMenu
0x6106f0 SetWindowLongW
0x6106f4 OffsetRect
0x6106f8 IntersectRect
0x610700 GetWindowPlacement
0x610704 GetWindowRect
0x610708 GetMenuItemID
0x61070c GetMenuItemCount
0x610710 GetSubMenu
0x610718 GetLastActivePopup
0x61071c SetCursor
0x610720 SetWindowsHookExW
0x610724 CallNextHookEx
0x610728 GetMessageW
0x61072c TranslateMessage
0x610730 IsWindowVisible
0x610734 GetKeyState
0x610738 GetCursorPos
0x61073c ValidateRect
0x610740 SetMenuItemBitmaps
0x610748 LoadBitmapW
0x610750 GetFocus
0x610754 UnregisterClassW
0x610758 GetSysColorBrush
0x61075c GetMenuState
0x610760 EnableMenuItem
0x610764 CheckMenuItem
0x610768 ReleaseDC
0x61076c GetDC
0x610770 CopyRect
0x610774 GetActiveWindow
0x610778 SetActiveWindow
0x610780 IsWindow
0x610784 GetWindowLongW
0x610788 GetDlgItem
0x61078c IsWindowEnabled
0x610790 GetNextDlgTabItem
0x610794 EndDialog
0x610798 GetWindow
0x6107a0 GetParent
0x6107a4 MapDialogRect
0x6107a8 SetWindowPos
0x6107ac PostQuitMessage
0x6107b0 PostMessageW
0x6107b4 MessageBoxW
0x6107b8 DispatchMessageW
0x6107bc PeekMessageW
0x6107c4 DrawIcon
0x6107c8 GetClientRect
0x6107cc GetSystemMetrics
0x6107d0 IsIconic
0x6107d4 SendMessageW
0x6107d8 AppendMenuW
0x6107dc GetSystemMenu
0x6107e0 LoadIconW
0x6107e4 EnableWindow
0x6107e8 MapWindowPoints
Library GDI32.dll:
0x6107f0 GetStockObject
0x6107f4 RealizePalette
0x6107fc EngAcquireSemaphore
0x610804 SetColorSpace
0x610808 ResetDCW
0x61080c bMakePathNameW
0x610810 CreateDCW
0x610814 GdiResetDCEMF
0x610818 GdiFlush
0x61081c GetKerningPairsW
0x610820 GetBkColor
0x610828 GetDeviceGammaRamp
0x61082c RoundRect
0x610830 FONTOBJ_cGetGlyphs
0x610834 DeleteObject
0x610838 PtVisible
0x61083c GetRegionData
0x610840 CreatePolygonRgn
0x610844 SelectPalette
0x610848 STROBJ_bEnum
0x61084c EngDeleteClip
0x610854 EngTextOut
0x610858 FillRgn
0x610860 SetMetaFileBitsEx
0x610868 DescribePixelFormat
0x61086c CreateEnhMetaFileA
0x610874 GetDCOrgEx
0x610878 LineTo
0x61087c GdiStartPageEMF
0x610880 SetTextAlign
0x610884 CreateRectRgn
0x610888 GdiPrinterThunk
0x61088c ExtSelectClipRgn
0x610890 GetMapMode
0x610894 DeleteDC
0x610898 GetTextColor
0x61089c GetWindowExtEx
0x6108a0 GetViewportExtEx
0x6108a4 ScaleWindowExtEx
0x6108a8 SetWindowExtEx
0x6108ac ScaleViewportExtEx
0x6108b0 SetViewportExtEx
0x6108b4 OffsetViewportOrgEx
0x6108b8 SetViewportOrgEx
0x6108bc SelectObject
0x6108c0 Escape
0x6108c4 TextOutW
0x6108c8 RectVisible
0x6108cc GetRgnBox
0x6108d4 SetMapMode
0x6108d8 RestoreDC
0x6108dc SaveDC
0x6108e0 ExtTextOutW
0x6108e4 GetObjectW
0x6108e8 SetBkColor
0x6108ec SetTextColor
0x6108f0 GetClipBox
0x6108f4 GetDeviceCaps
0x6108f8 CreateBitmap
Library COMDLG32.dll:
0x610900 GetFileTitleW
Library ADVAPI32.dll:
0x610908 RegOpenKeyA
0x61090c RegQueryValueExA
0x610910 GetTokenInformation
0x610914 RegCreateKeyExW
0x610918 RegQueryValueW
0x61091c RegOpenKeyW
0x610920 RegEnumKeyW
0x610924 RegDeleteKeyW
0x610928 RegSetValueExW
0x610930 RegOpenKeyExW
0x610934 RegQueryValueExW
0x610938 RegCloseKey
0x61093c CryptReleaseContext
0x610940 CryptDestroyHash
0x610944 CryptGetHashParam
0x610948 CryptHashData
0x61094c CryptCreateHash
Library SHELL32.dll:
0x610954 CommandLineToArgvW
0x61095c SHGetSettings
0x610960 ExtractIconEx
0x610964 DragQueryFile
0x610968 DragQueryFileA
0x610978 SHBrowseForFolder
0x61097c ExtractIconExA
0x610988 SHBindToParent
0x610990 ExtractIconW
0x610994 SHChangeNotify
0x610998 SHFileOperationW
0x6109a4 SHBrowseForFolderW
0x6109ac ShellExecuteW
Library ole32.dll:
0x6109b4 OleInitialize
0x6109bc OleUninitialize
0x6109cc CoGetClassObject
0x6109d0 OleFlushClipboard
0x6109d4 CoTaskMemAlloc
0x6109d8 CoTaskMemFree
0x6109dc CLSIDFromString
0x6109e0 CLSIDFromProgID
0x6109e8 CoRevokeClassObject
Library SHLWAPI.dll:
0x6109f4 StrRChrW
0x6109f8 StrChrW
0x6109fc StrChrA
0x610a00 PathFileExistsW
0x610a04 PathFindExtensionW
0x610a08 PathStripToRootW
0x610a0c PathIsUNCW
0x610a10 PathFindFileNameW
Library COMCTL32.dll:

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 49235 114.114.114.114 53
192.168.56.101 50534 114.114.114.114 53
192.168.56.101 56539 114.114.114.114 53
192.168.56.101 65004 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 55368 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 60123 224.0.0.252 5355
192.168.56.101 62191 224.0.0.252 5355
192.168.56.101 1900 239.255.255.250 1900
192.168.56.101 50535 239.255.255.250 3702
192.168.56.101 50537 239.255.255.250 3702
192.168.56.101 56540 239.255.255.250 3702
192.168.56.101 56807 239.255.255.250 1900
192.168.56.101 58707 239.255.255.250 3702

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.