3.2
中危
1 个模型检测该样本为恶意!
重新分析
更多

8e6e095f6ec18af0b947ad2642599c4fad4ff039de201f5768dd65cbf23f1945

0e8efc1c5533376a5928564261e73e41.exe

分析耗时

24s

最近分析

文件大小

3.4MB
静态报毒 动态报毒 MODERATE SCORE
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
McAfee 20190927 6.0.6.653
Alibaba 20190527 0.3.0.5
CrowdStrike 20190702 1.0
Baidu 20190318 1.0.0.2
Avast 20190927 18.4.3895.0
Kingsoft 20190927 2013.8.14.323
Tencent 20190927 1.0.0.1
静态指标
This executable has a PDB path (1 个事件)
pdb_path c:\Jenkins\workspace\GIF_Release_Windows\Ghost\GSSTrunk\Ghost\explorer\vs2008\Win32\Release\enterprise\GhostExp.pdb
Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available (1 个事件)
Time & API Arguments Status Return Repeated
1620129525.745625
GlobalMemoryStatusEx
success 1 0
The executable contains unknown PE section names indicative of a packer (could be a false positive) (1 个事件)
section .mixcrt
The file contains an unknown PE resource name possibly indicative of a packer (1 个事件)
resource name None
One or more processes crashed (1 个事件)
Time & API Arguments Status Return Repeated
1620129525.932625
__exception__
stacktrace: 
0e8efc1c5533376a5928564261e73e41+0x1af4 @ 0x401af4
0e8efc1c5533376a5928564261e73e41+0xc1de @ 0x40c1de
0e8efc1c5533376a5928564261e73e41+0x2468c2 @ 0x6468c2
0e8efc1c5533376a5928564261e73e41+0x246e9f @ 0x646e9f
0e8efc1c5533376a5928564261e73e41+0x1c08e0 @ 0x5c08e0
0e8efc1c5533376a5928564261e73e41+0x1a585a @ 0x5a585a
0e8efc1c5533376a5928564261e73e41+0x1b82c8 @ 0x5b82c8
0e8efc1c5533376a5928564261e73e41+0x1a4ec1 @ 0x5a4ec1
0e8efc1c5533376a5928564261e73e41+0x1a6fc9 @ 0x5a6fc9
0x2133400
0e8efc1c5533376a5928564261e73e41+0x2baaf0 @ 0x6baaf0

registers.esp: 1633780
registers.edi: 34813392
registers.eax: 1352987644
registers.ebp: 1633784
registers.edx: 34813392
registers.ebx: 34813952
registers.esi: 34813912
registers.ecx: 1536
exception.instruction_r: 39 50 04 75 0f 8b 52 04 89 50 04 85 d2 74 4a 89
exception.symbol: 0e8efc1c5533376a5928564261e73e41+0x17df
exception.instruction: cmp dword ptr [eax + 4], edx
exception.module: 0e8efc1c5533376a5928564261e73e41.exe
exception.exception_code: 0xc0000005
exception.offset: 6111
exception.address: 0x4017df
success 0 0
行为判定
网络通信
Communicates with host for which no DNS query was performed (1 个事件)
host 172.217.24.14
Detects virtualization software with SCSI Disk Identifier trick(s) (1 个事件)
registry HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Disk\Enum\0
Queries information on disks, possibly for anti-virtualization (2 个事件)
Time & API Arguments Status Return Repeated
1620129525.917625
NtCreateFile
create_disposition: 1 (FILE_OPEN)
file_handle: 0x00000160
filepath: \??\PhysicalDrive0
desired_access: 0xc0100080 (FILE_READ_ATTRIBUTES|SYNCHRONIZE|GENERIC_WRITE)
file_attributes: 0 ()
filepath_r: \??\PhysicalDrive0
create_options: 72 (FILE_NON_DIRECTORY_FILE|FILE_NO_INTERMEDIATE_BUFFERING)
status_info: 1 (FILE_OPENED)
share_access: 3 (FILE_SHARE_READ|FILE_SHARE_WRITE)
success 0 0
1620129525.917625
DeviceIoControl
input_buffer:
device_handle: 0x00000160
control_code: 2954240 ()
output_buffer:
success 1 0
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

2018-05-30 23:21:47

Imports

Library VERSION.dll:
0x695aa0 VerQueryValueW
0x695aa4 GetFileVersionInfoW
0x695ab0 GetFileVersionInfoA
0x695ab4 VerQueryValueA
Library KERNEL32.dll:
0x6952a8 SetHandleCount
0x6952ac GetFileType
0x6952b0 FatalAppExitA
0x6952b8 CompareStringW
0x6952bc EnumSystemLocalesA
0x6952c0 IsValidLocale
0x6952c4 GetStringTypeW
0x6952c8 GetConsoleMode
0x6952cc GetLocaleInfoW
0x6952d0 WriteConsoleA
0x6952d4 WriteConsoleW
0x6952d8 SetStdHandle
0x6952e0 GetFullPathNameA
0x6952e4 GetModuleFileNameA
0x6952e8 GetModuleHandleA
0x6952ec FormatMessageW
0x6952f0 ReadProcessMemory
0x6952f4 GetOverlappedResult
0x6952f8 VirtualUnlock
0x695300 VirtualLock
0x695304 GetBinaryTypeA
0x69530c GetCurrentProcess
0x695310 LoadLibraryA
0x695314 GetLocaleInfoA
0x695318 GetUserDefaultLCID
0x69531c CloseHandle
0x695320 GetLastError
0x695324 GetCurrentThread
0x69532c GetDiskFreeSpaceA
0x695330 GetProcAddress
0x695334 GetLongPathNameA
0x695338 WideCharToMultiByte
0x69533c FindResourceA
0x695340 SizeofResource
0x695344 LockResource
0x695348 LoadResource
0x69534c MultiByteToWideChar
0x695350 GetFileAttributesA
0x695354 lstrcpyA
0x695358 lstrlenA
0x69535c FreeLibrary
0x695360 GlobalAlloc
0x695364 lstrcmpA
0x695368 GlobalLock
0x69536c InterlockedExchange
0x695370 CompareStringA
0x695378 GetLocalTime
0x69537c GetThreadTimes
0x695384 GetProcessTimes
0x69538c VirtualProtectEx
0x695390 FindResourceW
0x695394 GetThreadContext
0x69539c FindNextFileW
0x6953a0 BackupRead
0x6953a4 BackupSeek
0x6953a8 SetFileAttributesW
0x6953ac FindFirstFileW
0x6953b0 GetFullPathNameW
0x6953b8 GetDiskFreeSpaceExW
0x6953bc GetDiskFreeSpaceW
0x6953c0 MoveFileW
0x6953c4 RemoveDirectoryW
0x6953c8 DeleteFileW
0x6953cc CreateDirectoryW
0x6953d4 GetDriveTypeW
0x6953e8 DefineDosDeviceW
0x6953ec ResetEvent
0x6953f0 GetLogicalDrives
0x6953f4 GetSystemTime
0x6953f8 GlobalMemoryStatus
0x6953fc GetProcessHeap
0x695400 HeapAlloc
0x695404 HeapFree
0x695408 DeviceIoControl
0x695410 GetSystemDirectoryA
0x695418 ReleaseMutex
0x69541c CreateMutexA
0x695420 ReleaseSemaphore
0x695424 CreateSemaphoreA
0x695428 GetProfileIntA
0x695438 GetCurrentThreadId
0x69543c GlobalDeleteAtom
0x695440 SetLastError
0x695444 GlobalUnlock
0x695448 SetThreadPriority
0x69544c ResumeThread
0x695450 WaitForSingleObject
0x695454 SetEvent
0x695458 SuspendThread
0x69545c CreateEventA
0x695460 GlobalAddAtomA
0x695464 GetCurrentProcessId
0x695468 GetVersionExA
0x69546c lstrcmpW
0x695470 GlobalFindAtomA
0x695474 GlobalGetAtomNameA
0x695478 FreeResource
0x695488 GetTickCount
0x69548c GetModuleFileNameW
0x695494 MulDiv
0x695498 lstrlenW
0x69549c LocalFree
0x6954a0 FormatMessageA
0x6954a4 GlobalSize
0x6954a8 CopyFileA
0x6954ac GlobalFree
0x6954b0 MoveFileA
0x6954b4 DeleteFileA
0x6954b8 GetStringTypeExA
0x6954bc GetThreadLocale
0x6954c0 lstrcmpiA
0x6954c4 ReadFile
0x6954c8 WriteFile
0x6954cc SetFilePointer
0x6954d0 FlushFileBuffers
0x6954d4 LockFile
0x6954d8 UnlockFile
0x6954dc SetEndOfFile
0x6954e0 GetFileSize
0x6954e4 DuplicateHandle
0x6954e8 FindClose
0x6954ec FindFirstFileA
0x6954f4 GetShortPathNameA
0x6954f8 CreateFileA
0x695500 GlobalFlags
0x695504 LocalAlloc
0x69550c TlsGetValue
0x695514 GlobalReAlloc
0x695518 GlobalHandle
0x695520 TlsAlloc
0x695524 TlsSetValue
0x695528 LocalReAlloc
0x695530 TlsFree
0x695538 GetCPInfo
0x69553c GetOEMCP
0x695540 GetAtomNameA
0x69554c GetModuleHandleW
0x695550 SetErrorMode
0x695560 SetFileTime
0x695564 SetFileAttributesA
0x695568 GetFileSizeEx
0x69556c GetFileTime
0x695570 CreateFileW
0x695574 GetExitCodeThread
0x695578 CreateThread
0x69557c RaiseException
0x695580 IsDebuggerPresent
0x695584 Sleep
0x695588 ExitProcess
0x69558c LoadLibraryW
0x695590 DebugBreak
0x695594 GetExitCodeProcess
0x695598 CreateProcessW
0x69559c GetFileAttributesW
0x6955a8 TerminateThread
0x6955b0 GetDriveTypeA
0x6955bc TerminateProcess
0x6955c0 LCMapStringW
0x6955c4 LCMapStringA
0x6955cc GetDateFormatA
0x6955d0 GetTimeFormatA
0x6955d4 VirtualProtect
0x6955d8 ExitThread
0x6955dc GetStartupInfoA
0x6955e0 GetCommandLineA
0x6955e4 RtlUnwind
0x6955ec GetACP
0x6955f0 GetConsoleOutputCP
0x6955f4 GetConsoleCP
0x6955f8 IsDBCSLeadByteEx
0x6955fc IsValidCodePage
0x695600 GetStdHandle
0x695604 OpenProcess
0x695608 GetStringTypeA
0x69560c GetSystemInfo
0x695610 VirtualAlloc
0x695614 VirtualFree
0x695618 VirtualQuery
0x69561c GetVersionExW
0x695620 OutputDebugStringA
0x695628 CreateEventW
0x69562c GetBinaryTypeW
0x695630 FindResourceExA
0x695638 CreateDirectoryA
0x69563c GetTempFileNameA
0x695640 GetTempPathA
Library USER32.dll:
0x69577c IsChild
0x695780 GetCapture
0x695784 GetClassLongA
0x695788 GetClassNameA
0x69578c SetPropA
0x695790 GetPropA
0x695794 RemovePropA
0x695798 IsWindow
0x69579c SetFocus
0x6957a4 GetForegroundWindow
0x6957a8 SetActiveWindow
0x6957ac BeginDeferWindowPos
0x6957b0 WinHelpA
0x6957b4 GetTopWindow
0x6957b8 DestroyWindow
0x6957bc UnhookWindowsHookEx
0x6957c0 GetMessageTime
0x6957c4 GetMessagePos
0x6957c8 MapWindowPoints
0x6957cc IsDialogMessageA
0x6957d0 TrackPopupMenuEx
0x6957dc RemoveMenu
0x6957e0 InsertMenuA
0x6957e4 AppendMenuA
0x6957e8 GetMenuStringA
0x6957ec FillRect
0x6957f0 TabbedTextOutA
0x6957f4 DrawTextA
0x6957f8 DrawTextExA
0x6957fc GrayStringA
0x695800 TrackPopupMenu
0x695804 SetMenu
0x695808 ClientToScreen
0x69580c GetWindowDC
0x695810 BeginPaint
0x695814 EndPaint
0x695818 GetNextDlgTabItem
0x695820 IsDlgButtonChecked
0x695824 SetDlgItemInt
0x695828 IsWindowVisible
0x69582c GetActiveWindow
0x695830 DispatchMessageA
0x695834 GetKeyState
0x695838 PeekMessageA
0x69583c GetDesktopWindow
0x695840 CharUpperA
0x695844 DeleteMenu
0x695848 SetWindowTextA
0x69584c CheckDlgButton
0x695850 GetDlgItemInt
0x695854 CheckRadioButton
0x695858 EndDeferWindowPos
0x69585c GetDlgItemTextA
0x695860 MoveWindow
0x695864 ShowWindow
0x695868 ScrollWindowEx
0x69586c TranslateMessage
0x695870 SendMessageA
0x695874 GetWindowTextA
0x695878 UpdateWindow
0x69587c MessageBoxA
0x695880 EnumWindows
0x695884 ReleaseDC
0x695888 GetClientRect
0x69588c GetDC
0x695890 DialogBoxParamA
0x695894 LoadStringA
0x695898 GetDlgItem
0x69589c SetDlgItemTextA
0x6958a0 SendDlgItemMessageA
0x6958a4 LoadIconA
0x6958a8 EndDialog
0x6958ac SetCapture
0x6958b0 WindowFromPoint
0x6958b4 LoadCursorA
0x6958b8 ReleaseCapture
0x6958bc WaitMessage
0x6958c0 GetSysColorBrush
0x6958c4 DestroyIcon
0x6958cc BringWindowToTop
0x6958d0 CreatePopupMenu
0x6958d4 InsertMenuItemA
0x6958d8 InvalidateRect
0x6958dc LoadAcceleratorsA
0x6958e0 GetMenuBarInfo
0x6958e4 DestroyMenu
0x6958e8 LoadMenuA
0x6958ec ReuseDDElParam
0x6958f0 UnpackDDElParam
0x6958f4 SetRect
0x6958f8 SetTimer
0x6958fc KillTimer
0x695900 InflateRect
0x695904 GetMenuItemInfoA
0x695908 PostThreadMessageA
0x69590c UnregisterClassA
0x695910 GetDialogBaseUnits
0x695914 GetKeyNameTextA
0x695918 MapVirtualKeyA
0x69591c IsRectEmpty
0x695920 GetSystemMenu
0x695924 SetParent
0x695928 UnionRect
0x69592c GetDCEx
0x695930 LockWindowUpdate
0x695934 CloseClipboard
0x695938 SetClipboardData
0x69593c EmptyClipboard
0x695940 OpenClipboard
0x695944 MessageBeep
0x69594c ScrollWindow
0x695950 wsprintfA
0x695954 PostQuitMessage
0x695958 PostMessageA
0x69595c EnableWindow
0x695960 CheckMenuItem
0x695964 EnableMenuItem
0x695968 GetMenuState
0x69596c ModifyMenuA
0x695970 GetParent
0x695974 GetFocus
0x695978 LoadBitmapA
0x695980 SetMenuItemBitmaps
0x695984 GetMessageA
0x695988 ValidateRect
0x69598c SetScrollRange
0x695990 GetScrollRange
0x695994 SetScrollPos
0x695998 GetScrollPos
0x69599c SetForegroundWindow
0x6959a0 ShowScrollBar
0x6959a4 GetSubMenu
0x6959a8 GetMenuItemID
0x6959ac GetMenuItemCount
0x6959b0 CreateWindowExA
0x6959b4 GetClassInfoExA
0x6959b8 GetClassInfoA
0x6959bc RegisterClassA
0x6959c0 GetSysColor
0x6959c4 AdjustWindowRectEx
0x6959c8 ScreenToClient
0x6959cc EqualRect
0x6959d0 DeferWindowPos
0x6959d4 GetScrollInfo
0x6959d8 SetScrollInfo
0x6959dc SetWindowPlacement
0x6959e0 CopyRect
0x6959e4 GetDlgCtrlID
0x6959e8 DefWindowProcA
0x6959ec CallWindowProcA
0x6959f0 PtInRect
0x6959f4 GetMenu
0x6959f8 SetWindowLongA
0x6959fc SetWindowPos
0x695a00 IntersectRect
0x695a08 IsIconic
0x695a0c GetWindowPlacement
0x695a10 GetWindow
0x695a14 GetWindowRect
0x695a18 OffsetRect
0x695a1c SetRectEmpty
0x695a20 IsZoomed
0x695a24 GetSystemMetrics
0x695a2c GetWindowLongA
0x695a30 GetLastActivePopup
0x695a34 IsWindowEnabled
0x695a38 ShowOwnedPopups
0x695a3c SetCursor
0x695a40 SetWindowsHookExA
0x695a44 CallNextHookEx
0x695a48 RedrawWindow
0x695a4c SetCursorPos
0x695a50 DestroyCursor
0x695a5c DrawIcon
0x695a60 SetWindowRgn
0x695a64 InSendMessage
0x695a68 WindowFromDC
0x695a70 CreateMenu
0x695a78 SendNotifyMessageA
0x695a80 GetClipboardOwner
0x695a84 GetClipboardViewer
0x695a88 GetCaretPos
0x695a8c GetInputState
0x695a90 GetQueueStatus
0x695a98 GetCursorPos
Library GDI32.dll:
0x6950dc SetAbortProc
0x6950e0 AbortDoc
0x6950e4 EndDoc
0x6950e8 GetViewportOrgEx
0x6950ec Rectangle
0x6950f0 CreateEllipticRgn
0x6950f4 LPtoDP
0x6950f8 Ellipse
0x6950fc GetNearestColor
0x695100 EndPage
0x695104 GetPolyFillMode
0x695108 GetROP2
0x69510c GetStretchBltMode
0x695110 GetTextColor
0x695114 GetTextAlign
0x695118 GetTextFaceA
0x69511c GetTextExtentPointA
0x695120 GetWindowOrgEx
0x695124 CreateMetaFileA
0x695128 CloseMetaFile
0x69512c DeleteMetaFile
0x695130 StartPage
0x695134 GetBkMode
0x695138 StretchDIBits
0x69513c CreateFontA
0x695140 GetCharWidthA
0x695144 DPtoLP
0x695148 PatBlt
0x69514c GetMapMode
0x695150 CombineRgn
0x695154 SetRectRgn
0x69515c GetBkColor
0x695164 CreateHatchBrush
0x695168 CreateSolidBrush
0x69516c ExtCreatePen
0x695170 CreatePen
0x695174 PlayMetaFile
0x695178 EnumMetaFile
0x69517c GetObjectType
0x695180 PlayMetaFileRecord
0x695184 SelectPalette
0x695188 CreateCompatibleDC
0x69518c CreatePatternBrush
0x695194 DeleteDC
0x695198 ExtSelectClipRgn
0x69519c PolyBezierTo
0x6951a0 PolylineTo
0x6951a4 PolyDraw
0x6951a8 ArcTo
0x6951b0 ScaleWindowExtEx
0x6951b4 SetWindowExtEx
0x6951b8 OffsetWindowOrgEx
0x6951bc SetWindowOrgEx
0x6951c0 ScaleViewportExtEx
0x6951c4 SetViewportExtEx
0x6951c8 OffsetViewportOrgEx
0x6951cc SetViewportOrgEx
0x6951d0 Escape
0x6951d4 ExtTextOutA
0x6951d8 TextOutA
0x6951dc RectVisible
0x6951e0 PtVisible
0x6951e4 StartDocA
0x6951e8 GetPixel
0x6951ec BitBlt
0x6951f0 GetWindowExtEx
0x6951f4 GetViewportExtEx
0x6951f8 SelectClipPath
0x6951fc CreateRectRgn
0x695200 GetClipRgn
0x695204 SelectClipRgn
0x695208 SetColorAdjustment
0x69520c SetArcDirection
0x695210 SetMapperFlags
0x69521c SetTextAlign
0x695220 MoveToEx
0x695224 LineTo
0x695228 OffsetClipRgn
0x69522c IntersectClipRect
0x695230 ExcludeClipRect
0x695234 SetMapMode
0x69523c SetWorldTransform
0x695240 SetGraphicsMode
0x695244 SetStretchBltMode
0x695248 SetROP2
0x69524c SetPolyFillMode
0x695250 SetBkMode
0x695254 RestoreDC
0x695258 SaveDC
0x69525c CreateDCA
0x695260 CopyMetaFileA
0x695264 GetDeviceCaps
0x695268 SetBkColor
0x69526c SetTextColor
0x695270 GetClipBox
0x695274 GetDCOrgEx
0x695278 GetTextMetricsA
0x69527c CreateBitmap
0x695280 DeleteObject
0x695284 GetStockObject
0x695288 GetObjectA
0x69528c CreateFontIndirectA
0x695290 SelectObject
Library COMDLG32.dll:
0x6950d4 GetFileTitleA
Library WINSPOOL.DRV:
0x695abc DocumentPropertiesA
0x695ac0 GetJobA
0x695ac4 ClosePrinter
0x695ac8 OpenPrinterA
Library ADVAPI32.dll:
0x69500c CreateServiceA
0x695010 StartServiceA
0x695014 OpenSCManagerA
0x695018 OpenServiceA
0x69501c SetFileSecurityW
0x695020 GetFileSecurityW
0x695024 GetFileSecurityA
0x695028 SetFileSecurityA
0x69502c RegCloseKey
0x695030 RegQueryValueExA
0x695034 RegOpenKeyExA
0x695038 FreeSid
0x69503c EqualSid
0x695044 GetTokenInformation
0x695048 OpenProcessToken
0x69504c OpenThreadToken
0x695050 RegDeleteKeyA
0x695054 RegEnumKeyA
0x695058 RegOpenKeyA
0x69505c RegQueryValueA
0x695060 RegCreateKeyExA
0x695064 RegSetValueExA
0x695068 RegDeleteValueA
0x69506c RegSetValueA
0x695070 RegCreateKeyA
0x695074 RegOpenKeyExW
0x695078 RegSetValueExW
0x69507c RegCreateKeyExW
0x695080 RegQueryValueExW
0x695084 RegQueryInfoKeyW
0x695088 RegDeleteKeyW
0x69508c RegDeleteValueW
0x695098 QueryServiceConfigW
0x69509c ControlService
0x6950a4 SetServiceStatus
0x6950a8 QueryServiceStatus
0x6950ac StartServiceW
0x6950b4 OpenServiceW
0x6950b8 OpenSCManagerW
0x6950bc DeleteService
0x6950c0 CloseServiceHandle
0x6950c4 CreateServiceW
Library SHELL32.dll:
0x695710 SHBrowseForFolderW
0x695714 SHGetFolderLocation
0x695718 ShellExecuteA
0x69571c FindExecutableA
0x695720 SHGetFileInfoA
0x695724 ExtractIconA
0x695728 DragFinish
0x69572c ShellExecuteExA
0x695730 DragQueryFileA
Library COMCTL32.dll:
Library SHLWAPI.dll:
0x695738 PathRemoveFileSpecW
0x69573c PathFindFileNameA
0x695744 PathFindExtensionA
0x695748 PathIsUNCA
0x69574c PathAddBackslashA
0x695750 PathStripToRootA
Library ole32.dll:
0x695b94 StgCreateDocfile
0x695b98 StgOpenStorage
0x695b9c StgIsStorageFile
0x695ba4 CoGetMalloc
0x695bb4 CoInitialize
0x695bb8 CreateFileMoniker
0x695bc0 OleIsRunning
0x695bc4 StringFromGUID2
0x695bcc OleFlushClipboard
0x695bd4 OleSetClipboard
0x695bd8 CoRevokeClassObject
0x695be0 CoGetClassObject
0x695be4 CoDisconnectObject
0x695be8 CoInitializeEx
0x695bec CoCreateInstance
0x695bf0 CoSetProxyBlanket
0x695bf4 CoUninitialize
0x695bf8 OleDuplicateData
0x695bfc CoTaskMemAlloc
0x695c00 ReleaseStgMedium
0x695c04 CreateBindCtx
0x695c08 CoTreatAsClass
0x695c0c StringFromCLSID
0x695c10 ReadClassStg
0x695c14 ReadFmtUserTypeStg
0x695c18 OleRegGetUserType
0x695c1c WriteClassStg
0x695c20 WriteFmtUserTypeStg
0x695c24 SetConvertStg
0x695c28 OleInitialize
0x695c30 OleUninitialize
0x695c34 CoTaskMemFree
0x695c3c CreateItemMoniker
0x695c40 OleGetIconOfClass
0x695c44 OleCreateLinkToFile
0x695c48 OleCreateFromFile
0x695c58 OleLoad
0x695c5c OleCreate
0x695c68 OleCreateFromData
0x695c6c OleLockRunning
0x695c70 OleSaveToStream
0x695c74 WriteClassStm
0x695c78 OleSave
0x695c8c IsAccelerator
0x695c94 OleRegGetMiscStatus
0x695c98 OleRegEnumVerbs
0x695c9c OleGetClipboard
0x695ca0 DoDragDrop
0x695ca4 RevokeDragDrop
0x695cac RegisterDragDrop
0x695cb0 CLSIDFromString
0x695cb4 OleRun
0x695cb8 CLSIDFromProgID
Library OLEAUT32.dll:
0x695650 LoadTypeLib
0x695654 RegisterTypeLib
0x695658 VarBstrFromDate
0x69565c VarCyFromStr
0x695660 VarDecFromStr
0x695664 VarBstrFromDec
0x695668 VarBstrFromCy
0x69566c VarDateFromStr
0x695670 SysReAllocStringLen
0x695684 SafeArrayDestroy
0x695688 SafeArrayUnlock
0x69568c SafeArrayLock
0x695690 SafeArrayPutElement
0x695694 SafeArrayPtrOfIndex
0x695698 SafeArrayGetElement
0x69569c SafeArrayCopy
0x6956a4 LoadRegTypeLib
0x6956a8 VariantCopy
0x6956ac SafeArrayRedim
0x6956b0 SafeArrayCreate
0x6956b4 SafeArrayGetDim
0x6956bc SafeArrayGetLBound
0x6956c0 SafeArrayGetUBound
0x6956c4 SafeArrayAccessData
0x6956cc SysStringByteLen
0x6956d4 SysFreeString
0x6956d8 SysStringLen
0x6956dc SysAllocStringLen
0x6956e0 VariantInit
0x6956e4 VariantChangeType
0x6956e8 VariantClear
0x6956ec GetErrorInfo
0x6956f0 SetErrorInfo
0x6956f4 CreateErrorInfo
0x6956f8 SysAllocString
0x6956fc SafeArrayAllocData
Library dbghelp.dll:
0x695b4c MiniDumpWriteDump
0x695b50 SymGetTypeInfo
0x695b54 StackWalk
0x695b58 SymEnumSymbols
0x695b5c SymSetContext
0x695b64 SymGetModuleBase
0x695b68 SymSetOptions
0x695b6c SymLoadModule
0x695b70 SymGetLineFromAddr
0x695b74 SymCleanup
0x695b78 SymInitialize
0x695b7c SymFromAddr
0x695b80 SymGetModuleInfo
Library imagehlp.dll:
Library RPCRT4.dll:
0x695704 UuidCreate
Library Secur32.dll:
0x69576c CompleteAuthToken
0x695770 DecryptMessage
0x695774 EncryptMessage
Library WS2_32.dll:
0x695ad0 recv
0x695ad4 ioctlsocket
0x695ad8 closesocket
0x695adc ntohl
0x695ae0 send
0x695ae4 htons
0x695ae8 connect
0x695aec bind
0x695af0 setsockopt
0x695af4 shutdown
0x695af8 WSAStartup
0x695afc WSACleanup
0x695b00 htonl
0x695b04 getprotobyname
0x695b08 WSAIoctl
0x695b10 ntohs
0x695b14 getservbyport
0x695b18 getservbyname
0x695b1c gethostname
0x695b20 inet_addr
0x695b24 gethostbyname
0x695b28 recvfrom
0x695b2c sendto
0x695b30 WSAGetLastError
0x695b34 WSASocketA
0x695b38 accept
0x695b3c WSAEventSelect
0x695b40 listen
0x695b44 socket
Library NETAPI32.dll:
0x695648 Netbios

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 50002 114.114.114.114 53
192.168.56.101 53237 114.114.114.114 53
192.168.56.101 57756 114.114.114.114 53
192.168.56.101 58367 114.114.114.114 53
192.168.56.101 62318 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 123 20.189.79.72 time.windows.com 123
192.168.56.101 49235 224.0.0.252 5355
192.168.56.101 50534 224.0.0.252 5355
192.168.56.101 51378 224.0.0.252 5355
192.168.56.101 51963 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 57874 224.0.0.252 5355
192.168.56.101 62191 224.0.0.252 5355
192.168.56.101 63429 224.0.0.252 5355
192.168.56.101 1900 239.255.255.250 1900
192.168.56.101 50003 239.255.255.250 3702
192.168.56.101 58368 239.255.255.250 3702
192.168.56.101 58707 239.255.255.250 3702

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.