11.2
0-day
59 个模型检测该样本为恶意!
重新分析
更多

badaa42576167c5144d69e80a99203a44642e5bab069e197dbff57a8b05c1474

0942d3b992ed8dbfc5860702d265f5e5.exe

分析耗时

72s

最近分析

文件大小

532.5KB
静态报毒 动态报毒 100% AI SCORE=86 AIDETECTVM ALI2000015 AUTO BT7LUW CLASSIC CONFIDENCE DELF DELFINJECT DELPHILESS DGMD EMOY EMRA FAREIT GDSDA GENERICKD HGW@AG5KIMLI HIGH CONFIDENCE HNZLYR HPLOKI IGENT JWCNT KRYPTIK MALWARE2 MALWARE@#2A1LACH4A0P80 NANOCORE PUTTY PWSX SCORE SMBD STATIC AI SUSPICIOUS PE TROJANPWS TSCOPE TSPY UNSAFE X2094 ZELPHIF 更多
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
McAfee Fareit-FVZ!0942D3B992ED 20201211 6.0.6.653
Alibaba Trojan:Win32/DelfInject.ali2000015 20190527 0.3.0.5
Baidu 20190318 1.0.0.2
Avast Win32:PWSX-gen [Trj] 20201210 21.1.5827.0
Tencent Win32.Backdoor.Fareit.Auto 20201211 1.0.0.1
Kingsoft 20201211 2017.9.26.565
CrowdStrike win/malicious_confidence_100% (W) 20190702 1.0
静态指标
Queries for the computername (3 个事件)
Time & API Arguments Status Return Repeated
1619147331.9245
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
1619147355.1895
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
1619147375.3145
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
Collects information to fingerprint the system (MachineGuid, DigitalProductId, SystemBiosDate) (1 个事件)
registry HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\MachineGuid
Tries to locate where the browsers are installed (1 个事件)
registry HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox
Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available (1 个事件)
Time & API Arguments Status Return Repeated
1619147330.2675
GlobalMemoryStatusEx
success 1 0
The executable contains unknown PE section names indicative of a packer (could be a false positive) (3 个事件)
section CODE
section DATA
section BSS
The executable uses a known packer (1 个事件)
packer BobSoft Mini Delphi -> BoB / BobSoft
行为判定
动态指标
One or more potentially interesting buffers were extracted, these generally contain injected code, configuration data, etc.
Allocates read-write-execute memory (usually to unpack itself) (3 个事件)
Time & API Arguments Status Return Repeated
1619134512.418184
NtAllocateVirtualMemory
process_identifier: 472
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00370000
success 0 0
1619134512.543184
NtProtectVirtualMemory
process_identifier: 472
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 32768
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00451000
success 0 0
1619134512.574184
NtAllocateVirtualMemory
process_identifier: 472
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x008a0000
success 0 0
Steals private information from local Internet browsers (19 个事件)
file C:\Users\Administrator.Oskar-PC\AppData\Local\Google\Chrome\User Data\Default\Login Data
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\Opera\Opera Next\data\User Data\Default\Login Data
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\Opera\Opera Next\data\User Data\Default\Web Data
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\Opera\Opera Next\data\Login Data
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\Opera\Opera Next\data\Default\Login Data
file C:\Users\Administrator.Oskar-PC\AppData\Local\Chromium\User Data\Default\Login Data
file C:\Users\Administrator.Oskar-PC\AppData\Local\Chromium\User Data\Default\Web Data
file C:\Users\Administrator.Oskar-PC\AppData\Local\MapleStudio\ChromePlus\User Data\Default\Web Data
file C:\Users\Administrator.Oskar-PC\AppData\LocalMapleStudio\ChromePlus\Login Data
file C:\Users\Administrator.Oskar-PC\AppData\LocalMapleStudio\ChromePlus\Default\Login Data
file C:\Users\Administrator.Oskar-PC\AppData\Local\MapleStudio\ChromePlus\User Data\Default\Login Data
file C:\Users\Administrator.Oskar-PC\AppData\Local\Nichrome\User Data\Default\Web Data
file C:\Users\Administrator.Oskar-PC\AppData\Local\Nichrome\User Data\Default\Login Data
file C:\Users\Administrator.Oskar-PC\AppData\Local\RockMelt\User Data\Default\Web Data
file C:\Users\Administrator.Oskar-PC\AppData\Local\RockMelt\User Data\Default\Login Data
file C:\Users\Administrator.Oskar-PC\AppData\Local\Yandex\YandexBrowser\User Data\Default\Login Data
file C:\Users\Administrator.Oskar-PC\AppData\Local\Yandex\YandexBrowser\User Data\Default\Web Data
registry HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\SeaMonkey
registry HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox
Searches running processes potentially to identify processes for sandbox evasion, code injection or memory dumping (1 个事件)
Moves the original executable to a new location (1 个事件)
Time & API Arguments Status Return Repeated
1619147375.2835
MoveFileWithProgressW
oldfilepath: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\0942d3b992ed8dbfc5860702d265f5e5.exe
newfilepath: C:\Users\Administrator.Oskar-PC\AppData\Roaming\6ED2B0\0019EA.exe
newfilepath_r: C:\Users\Administrator.Oskar-PC\AppData\Roaming\6ED2B0\0019EA.exe
flags: 1
oldfilepath_r: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\0942d3b992ed8dbfc5860702d265f5e5.exe
success 1 0
The binary likely contains encrypted or compressed data indicative of a packer (2 个事件)
entropy 7.23936066861088 section {'size_of_data': '0x00023e00', 'virtual_address': '0x00066000', 'entropy': 7.23936066861088, 'name': '.rsrc', 'virtual_size': '0x00023cf0'} description A section with a high entropy has been found
entropy 0.2699905926622766 description Overall entropy of this PE file is high
Checks for the Locally Unique Identifier on the system for a suspicious privilege (1 个事件)
Time & API Arguments Status Return Repeated
1619147355.1115
LookupPrivilegeValueW
system_name:
privilege_name: SeDebugPrivilege
success 1 0
网络通信
Communicates with host for which no DNS query was performed (1 个事件)
host 172.217.24.14
Harvests credentials from local FTP client softwares (22 个事件)
file C:\Program Files (x86)\FTPGetter\Profile\servers.xml
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\FTPGetter\servers.xml
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\Estsoft\ALFTP\ESTdb2.dat
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\wcx_ftp.ini
file C:\Windows\wcx_ftp.ini
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\GHISLER\wcx_ftp.ini
file C:\Users\Administrator.Oskar-PC\wcx_ftp.ini
file C:\Windows\32BitFtp.ini
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\FileZilla\sitemanager.xml
file C:\Program Files (x86)\FileZilla\Filezilla.xml
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\FileZilla\filezilla.xml
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\FileZilla\recentservers.xml
registry HKEY_CURRENT_USER\Software\Far\Plugins\FTP\Hosts
registry HKEY_CURRENT_USER\Software\Far2\Plugins\FTP\Hosts
registry HKEY_CURRENT_USER\Software\Ghisler\Total Commander
registry HKEY_CURRENT_USER\Software\VanDyke\SecureFX
registry HKEY_CURRENT_USER\Software\LinasFTP\Site Manager
registry HKEY_CURRENT_USER\Software\FlashPeak\BlazeFtp\Settings
registry HKEY_CURRENT_USER\Software\SimonTatham\PuTTY\Sessions
registry HKEY_LOCAL_MACHINE\Software\SimonTatham\PuTTY\Sessions
registry HKEY_CURRENT_USER\Software\Martin Prikryl
registry HKEY_LOCAL_MACHINE\Software\Martin Prikryl
Harvests information related to installed instant messenger clients (1 个事件)
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\.purple\accounts.xml
Harvests credentials from local email clients (3 个事件)
registry HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook
registry HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Thunderbird
registry HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook
Used NtSetContextThread to modify a thread in a remote process indicative of process injection (2 个事件)
Process injection Process 472 called NtSetContextThread to modify thread in remote process 2244
Time & API Arguments Status Return Repeated
1619134512.871184
NtSetContextThread
thread_handle: 0x000000fc
registers.eip: 0
registers.esp: 0
registers.edi: 0
registers.eax: 4274654
registers.ebp: 0
registers.edx: 0
registers.ebx: 2130567168
registers.esi: 0
registers.ecx: 0
process_identifier: 2244
success 0 0
Putty Files, Registry Keys and/or Mutexes Detected
Resumed a suspended thread in a remote process potentially indicative of process injection (2 个事件)
Process injection Process 472 resumed a thread in remote process 2244
Time & API Arguments Status Return Repeated
1619134513.527184
NtResumeThread
thread_handle: 0x000000fc
suspend_count: 1
process_identifier: 2244
success 0 0
Generates some ICMP traffic
Executed a process and injected code into it, probably while unpacking (7 个事件)
Time & API Arguments Status Return Repeated
1619134512.824184
CreateProcessInternalW
thread_identifier: 3000
thread_handle: 0x000000fc
process_identifier: 2244
current_directory:
filepath:
track: 1
command_line: "C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\0942d3b992ed8dbfc5860702d265f5e5.exe"
filepath_r:
stack_pivoted: 0
creation_flags: 4 (CREATE_SUSPENDED)
process_handle: 0x00000100
inherit_handles: 0
success 1 0
1619134512.824184
NtUnmapViewOfSection
process_identifier: 2244
region_size: 4096
process_handle: 0x00000100
base_address: 0x00400000
success 0 0
1619134512.824184
NtMapViewOfSection
section_handle: 0x00000108
process_identifier: 2244
commit_size: 663552
win32_protect: 64 (PAGE_EXECUTE_READWRITE)
buffer:
process_handle: 0x00000100
allocation_type: 0 ()
section_offset: 0
view_size: 663552
base_address: 0x00400000
success 0 0
1619134512.871184
NtGetContextThread
thread_handle: 0x000000fc
success 0 0
1619134512.871184
NtSetContextThread
thread_handle: 0x000000fc
registers.eip: 0
registers.esp: 0
registers.edi: 0
registers.eax: 4274654
registers.ebp: 0
registers.edx: 0
registers.ebx: 2130567168
registers.esi: 0
registers.ecx: 0
process_identifier: 2244
success 0 0
1619134513.527184
NtResumeThread
thread_handle: 0x000000fc
suspend_count: 1
process_identifier: 2244
success 0 0
1619147330.7835
NtResumeThread
thread_handle: 0x00000110
suspend_count: 1
process_identifier: 2244
success 0 0
File has been identified by 59 AntiVirus engines on VirusTotal as malicious (50 out of 59 个事件)
Bkav W32.AIDetectVM.malware2
Elastic malicious (high confidence)
MicroWorld-eScan Trojan.GenericKD.43520825
FireEye Generic.mg.0942d3b992ed8dbf
CAT-QuickHeal TrojanPWS.Fareit
McAfee Fareit-FVZ!0942D3B992ED
Cylance Unsafe
VIPRE Trojan.Win32.Generic!BT
Sangfor Malware
K7AntiVirus Riskware ( 0040eff71 )
Alibaba Trojan:Win32/DelfInject.ali2000015
K7GW Riskware ( 0040eff71 )
Cybereason malicious.bdbe96
Arcabit Trojan.Generic.D2981339
Cyren W32/Trojan.DGMD-5247
Symantec Trojan.Gen.MBT
APEX Malicious
Avast Win32:PWSX-gen [Trj]
ClamAV Win.Dropper.Nanocore-9003840-0
Kaspersky HEUR:Trojan.Win32.Kryptik.gen
BitDefender Trojan.GenericKD.43520825
NANO-Antivirus Trojan.Win32.Kryptik.hnzlyr
Paloalto generic.ml
Tencent Win32.Backdoor.Fareit.Auto
Ad-Aware Trojan.GenericKD.43520825
Sophos Mal/Generic-S
Comodo Malware@#2a1lach4a0p80
F-Secure Trojan.TR/Spy.Fareit.jwcnt
DrWeb Trojan.PWS.Stealer.26517
Zillya Trojan.Kryptik.Win32.2264496
TrendMicro TSPY_HPLOKI.SMBD
McAfee-GW-Edition BehavesLike.Win32.Fareit.hh
Emsisoft Trojan.GenericKD.43520825 (B)
SentinelOne Static AI - Suspicious PE
Webroot W32.Trojan.Delf.Fareit.Gen
Avira TR/Spy.Fareit.jwcnt
MAX malware (ai score=86)
Antiy-AVL Trojan/Win32.Kryptik
Microsoft PWS:Win32/Fareit.AQ!MTB
AegisLab Trojan.Win32.Kryptik.4!c
ZoneAlarm HEUR:Trojan.Win32.Kryptik.gen
GData Trojan.GenericKD.43520825
Cynet Malicious (score: 100)
AhnLab-V3 Suspicious/Win.Delphiless.X2094
Acronis suspicious
BitDefenderTheta Gen:NN.ZelphiF.34670.HGW@aG5kImli
VBA32 TScope.Trojan.Delf
Malwarebytes Trojan.MalPack.DLF
Zoner Trojan.Win32.97333
ESET-NOD32 a variant of Win32/Injector.EMRA
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

1992-06-20 06:22:17

Imports

Library kernel32.dll:
0x45c13c VirtualFree
0x45c140 VirtualAlloc
0x45c144 LocalFree
0x45c148 LocalAlloc
0x45c14c GetVersion
0x45c150 GetCurrentThreadId
0x45c15c VirtualQuery
0x45c160 WideCharToMultiByte
0x45c164 MultiByteToWideChar
0x45c168 lstrlenA
0x45c16c lstrcpynA
0x45c170 LoadLibraryExA
0x45c174 GetThreadLocale
0x45c178 GetStartupInfoA
0x45c17c GetProcAddress
0x45c180 GetModuleHandleA
0x45c184 GetModuleFileNameA
0x45c188 GetLocaleInfoA
0x45c18c GetCommandLineA
0x45c190 FreeLibrary
0x45c194 FindFirstFileA
0x45c198 FindClose
0x45c19c ExitProcess
0x45c1a0 WriteFile
0x45c1a8 RtlUnwind
0x45c1ac RaiseException
0x45c1b0 GetStdHandle
Library user32.dll:
0x45c1b8 GetKeyboardType
0x45c1bc LoadStringA
0x45c1c0 MessageBoxA
0x45c1c4 CharNextA
Library advapi32.dll:
0x45c1cc RegQueryValueExA
0x45c1d0 RegOpenKeyExA
0x45c1d4 RegCloseKey
Library oleaut32.dll:
0x45c1dc SysFreeString
0x45c1e0 SysReAllocStringLen
0x45c1e4 SysAllocStringLen
Library kernel32.dll:
0x45c1ec TlsSetValue
0x45c1f0 TlsGetValue
0x45c1f4 LocalAlloc
0x45c1f8 GetModuleHandleA
Library advapi32.dll:
0x45c200 RegQueryValueExA
0x45c204 RegOpenKeyExA
0x45c208 RegCloseKey
Library kernel32.dll:
0x45c210 lstrcpyA
0x45c214 WriteFile
0x45c218 WaitForSingleObject
0x45c21c VirtualQuery
0x45c220 VirtualProtect
0x45c224 VirtualAlloc
0x45c228 Sleep
0x45c22c SizeofResource
0x45c230 SetThreadLocale
0x45c234 SetFilePointer
0x45c238 SetEvent
0x45c23c SetErrorMode
0x45c240 SetEndOfFile
0x45c244 ResetEvent
0x45c248 ReadFile
0x45c24c MulDiv
0x45c250 LockResource
0x45c254 LoadResource
0x45c258 LoadLibraryA
0x45c264 GlobalUnlock
0x45c268 GlobalReAlloc
0x45c26c GlobalHandle
0x45c270 GlobalLock
0x45c274 GlobalFree
0x45c278 GlobalFindAtomA
0x45c27c GlobalDeleteAtom
0x45c280 GlobalAlloc
0x45c284 GlobalAddAtomA
0x45c288 GetVersionExA
0x45c28c GetVersion
0x45c290 GetTickCount
0x45c294 GetThreadLocale
0x45c298 GetSystemInfo
0x45c29c GetStringTypeExA
0x45c2a0 GetStdHandle
0x45c2a4 GetProcAddress
0x45c2a8 GetModuleHandleA
0x45c2ac GetModuleFileNameA
0x45c2b0 GetLocaleInfoA
0x45c2b4 GetLocalTime
0x45c2b8 GetLastError
0x45c2bc GetFullPathNameA
0x45c2c0 GetFileType
0x45c2c4 GetDiskFreeSpaceA
0x45c2c8 GetDateFormatA
0x45c2cc GetCurrentThreadId
0x45c2d0 GetCurrentProcessId
0x45c2d4 GetCPInfo
0x45c2d8 GetACP
0x45c2dc FreeResource
0x45c2e0 InterlockedExchange
0x45c2e4 FreeLibrary
0x45c2e8 FormatMessageA
0x45c2ec FindResourceA
0x45c2f0 EnumCalendarInfoA
0x45c2fc CreateThread
0x45c300 CreateFileA
0x45c304 CreateEventA
0x45c308 CompareStringA
0x45c30c CloseHandle
Library version.dll:
0x45c314 VerQueryValueA
0x45c31c GetFileVersionInfoA
Library gdi32.dll:
0x45c324 UnrealizeObject
0x45c328 StretchBlt
0x45c32c SetWindowOrgEx
0x45c330 SetViewportOrgEx
0x45c334 SetTextColor
0x45c338 SetStretchBltMode
0x45c33c SetROP2
0x45c340 SetPixel
0x45c344 SetDIBColorTable
0x45c348 SetBrushOrgEx
0x45c34c SetBkMode
0x45c350 SetBkColor
0x45c354 SelectPalette
0x45c358 SelectObject
0x45c35c SaveDC
0x45c360 RestoreDC
0x45c364 Rectangle
0x45c368 RectVisible
0x45c36c RealizePalette
0x45c370 PatBlt
0x45c374 MoveToEx
0x45c378 MaskBlt
0x45c37c LineTo
0x45c380 IntersectClipRect
0x45c384 GetWindowOrgEx
0x45c388 GetTextMetricsA
0x45c394 GetStockObject
0x45c398 GetPixel
0x45c39c GetPaletteEntries
0x45c3a0 GetObjectA
0x45c3a4 GetDeviceCaps
0x45c3a8 GetDIBits
0x45c3ac GetDIBColorTable
0x45c3b0 GetDCOrgEx
0x45c3b8 GetClipBox
0x45c3bc GetBrushOrgEx
0x45c3c0 GetBitmapBits
0x45c3c4 ExcludeClipRect
0x45c3c8 DeleteObject
0x45c3cc DeleteDC
0x45c3d0 CreateSolidBrush
0x45c3d4 CreatePenIndirect
0x45c3d8 CreatePen
0x45c3dc CreatePalette
0x45c3e4 CreateFontIndirectA
0x45c3e8 CreateDIBitmap
0x45c3ec CreateDIBSection
0x45c3f0 CreateCompatibleDC
0x45c3f8 CreateBrushIndirect
0x45c3fc CreateBitmap
0x45c400 BitBlt
Library user32.dll:
0x45c408 CreateWindowExA
0x45c40c WindowFromPoint
0x45c410 WinHelpA
0x45c414 WaitMessage
0x45c418 ValidateRect
0x45c41c UpdateWindow
0x45c420 UnregisterClassA
0x45c424 UnhookWindowsHookEx
0x45c428 TranslateMessage
0x45c430 TrackPopupMenu
0x45c438 ShowWindow
0x45c43c ShowScrollBar
0x45c440 ShowOwnedPopups
0x45c444 ShowCursor
0x45c448 SetWindowsHookExA
0x45c44c SetWindowPos
0x45c450 SetWindowPlacement
0x45c454 SetWindowLongA
0x45c458 SetTimer
0x45c45c SetScrollRange
0x45c460 SetScrollPos
0x45c464 SetScrollInfo
0x45c468 SetRect
0x45c46c SetPropA
0x45c470 SetParent
0x45c474 SetMenuItemInfoA
0x45c478 SetMenu
0x45c47c SetForegroundWindow
0x45c480 SetFocus
0x45c484 SetCursor
0x45c488 SetClassLongA
0x45c48c SetCapture
0x45c490 SetActiveWindow
0x45c494 SendMessageA
0x45c498 ScrollWindow
0x45c49c ScreenToClient
0x45c4a0 RemovePropA
0x45c4a4 RemoveMenu
0x45c4a8 ReleaseDC
0x45c4ac ReleaseCapture
0x45c4b8 RegisterClassA
0x45c4bc RedrawWindow
0x45c4c0 PtInRect
0x45c4c4 PostQuitMessage
0x45c4c8 PostMessageA
0x45c4cc PeekMessageA
0x45c4d0 OffsetRect
0x45c4d4 OemToCharA
0x45c4d8 MessageBoxA
0x45c4dc MapWindowPoints
0x45c4e0 MapVirtualKeyA
0x45c4e4 LoadStringA
0x45c4e8 LoadKeyboardLayoutA
0x45c4ec LoadIconA
0x45c4f0 LoadCursorA
0x45c4f4 LoadBitmapA
0x45c4f8 KillTimer
0x45c4fc IsZoomed
0x45c500 IsWindowVisible
0x45c504 IsWindowEnabled
0x45c508 IsWindow
0x45c50c IsRectEmpty
0x45c510 IsIconic
0x45c514 IsDialogMessageA
0x45c518 IsChild
0x45c51c InvalidateRect
0x45c520 IntersectRect
0x45c524 InsertMenuItemA
0x45c528 InsertMenuA
0x45c52c InflateRect
0x45c534 GetWindowTextA
0x45c538 GetWindowRect
0x45c53c GetWindowPlacement
0x45c540 GetWindowLongA
0x45c544 GetWindowDC
0x45c548 GetTopWindow
0x45c54c GetSystemMetrics
0x45c550 GetSystemMenu
0x45c554 GetSysColorBrush
0x45c558 GetSysColor
0x45c55c GetSubMenu
0x45c560 GetScrollRange
0x45c564 GetScrollPos
0x45c568 GetScrollInfo
0x45c56c GetPropA
0x45c570 GetParent
0x45c574 GetWindow
0x45c578 GetMenuStringA
0x45c57c GetMenuState
0x45c580 GetMenuItemInfoA
0x45c584 GetMenuItemID
0x45c588 GetMenuItemCount
0x45c58c GetMenu
0x45c590 GetLastActivePopup
0x45c594 GetKeyboardState
0x45c59c GetKeyboardLayout
0x45c5a0 GetKeyState
0x45c5a4 GetKeyNameTextA
0x45c5a8 GetIconInfo
0x45c5ac GetForegroundWindow
0x45c5b0 GetFocus
0x45c5b4 GetDlgItem
0x45c5b8 GetDesktopWindow
0x45c5bc GetDCEx
0x45c5c0 GetDC
0x45c5c4 GetCursorPos
0x45c5c8 GetCursor
0x45c5cc GetClientRect
0x45c5d0 GetClassNameA
0x45c5d4 GetClassInfoA
0x45c5d8 GetCapture
0x45c5dc GetActiveWindow
0x45c5e0 FrameRect
0x45c5e4 FindWindowA
0x45c5e8 FillRect
0x45c5ec EqualRect
0x45c5f0 EnumWindows
0x45c5f4 EnumThreadWindows
0x45c5f8 EndPaint
0x45c5fc EnableWindow
0x45c600 EnableScrollBar
0x45c604 EnableMenuItem
0x45c608 DrawTextA
0x45c60c DrawMenuBar
0x45c610 DrawIconEx
0x45c614 DrawIcon
0x45c618 DrawFrameControl
0x45c61c DrawEdge
0x45c620 DispatchMessageA
0x45c624 DestroyWindow
0x45c628 DestroyMenu
0x45c62c DestroyIcon
0x45c630 DestroyCursor
0x45c634 DeleteMenu
0x45c638 DefWindowProcA
0x45c63c DefMDIChildProcA
0x45c640 DefFrameProcA
0x45c644 CreatePopupMenu
0x45c648 CreateMenu
0x45c64c CreateIcon
0x45c650 ClientToScreen
0x45c654 CheckMenuItem
0x45c658 CallWindowProcA
0x45c65c CallNextHookEx
0x45c660 BeginPaint
0x45c664 CharNextA
0x45c668 CharLowerA
0x45c66c CharToOemA
0x45c670 AdjustWindowRectEx
Library kernel32.dll:
0x45c67c Sleep
Library oleaut32.dll:
0x45c684 SafeArrayPtrOfIndex
0x45c688 SafeArrayGetUBound
0x45c68c SafeArrayGetLBound
0x45c690 SafeArrayCreate
0x45c694 VariantChangeType
0x45c698 VariantCopy
0x45c69c VariantClear
0x45c6a0 VariantInit
Library comctl32.dll:
0x45c6b0 ImageList_Write
0x45c6b4 ImageList_Read
0x45c6c4 ImageList_DragMove
0x45c6c8 ImageList_DragLeave
0x45c6cc ImageList_DragEnter
0x45c6d0 ImageList_EndDrag
0x45c6d4 ImageList_BeginDrag
0x45c6d8 ImageList_Remove
0x45c6dc ImageList_DrawEx
0x45c6e0 ImageList_Draw
0x45c6f0 ImageList_Add
0x45c6f8 ImageList_Destroy
0x45c6fc ImageList_Create
0x45c700 InitCommonControls
Library comdlg32.dll:
0x45c708 GetOpenFileNameA

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 49235 114.114.114.114 53
192.168.56.101 50002 114.114.114.114 53
192.168.56.101 50534 114.114.114.114 53
192.168.56.101 51378 114.114.114.114 53
192.168.56.101 51808 114.114.114.114 53
192.168.56.101 53237 114.114.114.114 53
192.168.56.101 53657 114.114.114.114 53
192.168.56.101 56539 114.114.114.114 53
192.168.56.101 57756 114.114.114.114 53
192.168.56.101 57874 114.114.114.114 53
192.168.56.101 58367 114.114.114.114 53
192.168.56.101 62318 114.114.114.114 53
192.168.56.101 65004 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 123 20.189.79.72 time.windows.com 123
192.168.56.101 55368 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 60123 224.0.0.252 5355
192.168.56.101 62191 224.0.0.252 5355

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.