5.6
高危
47 个模型检测该样本为恶意!
重新分析
更多

e65015b740551657a5197b591d8f5a7cfa4f8f36f156a9f1145d694333e1cafa

0ee1f873794f7ffc65471a414c666b8e.exe

分析耗时

88s

最近分析

文件大小

1.3MB
静态报毒 动态报毒 9XKGVEM1SUG ADSEARCH AI SCORE=71 ALLAPLE ATTRIBUTE D@6LHXZA EBSDLK ELDORADO ELEX GEN7 GENASA GENCIRC GI0DGUXR5SE HIGHCONFIDENCE MALICIOUS MUTABAHA PCCLIENT POTENTIALRISK SCORE SUBTAB TAIWANSHUI TECHNOLOGIES UNSAFE WINZIPPER XADUPI XADUPI RELATED 更多
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
Alibaba Trojan:Win32/Xadupi.82f78cb4 20190527 0.3.0.5
CrowdStrike 20190702 1.0
Baidu 20190318 1.0.0.2
Avast 20201030 20.10.5736.0
Kingsoft 20201030 2013.8.14.323
McAfee PUP-FRR 20201030 6.0.6.653
Tencent Malware.Win32.Gencirc.114cf7eb 20201030 1.0.0.1
静态指标
This executable is signed
This executable has a PDB path (1 个事件)
pdb_path E:\svn\oiview\trunk\bin\eupgrade.pdb
行为判定
动态指标
Checks whether any human activity is being performed by constantly checking whether the foreground window changed
Foreign language identified in PE resource (10 个事件)
name RT_ICON language LANG_CHINESE offset 0x0013f7e8 filetype GLS_BINARY_LSB_FIRST sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000468
name RT_ICON language LANG_CHINESE offset 0x0013f7e8 filetype GLS_BINARY_LSB_FIRST sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000468
name RT_ICON language LANG_CHINESE offset 0x0013f7e8 filetype GLS_BINARY_LSB_FIRST sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000468
name RT_ICON language LANG_CHINESE offset 0x0013f7e8 filetype GLS_BINARY_LSB_FIRST sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000468
name RT_ICON language LANG_CHINESE offset 0x0013f7e8 filetype GLS_BINARY_LSB_FIRST sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000468
name RT_ICON language LANG_CHINESE offset 0x0013f7e8 filetype GLS_BINARY_LSB_FIRST sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000468
name RT_ICON language LANG_CHINESE offset 0x0013f7e8 filetype GLS_BINARY_LSB_FIRST sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000468
name RT_ICON language LANG_CHINESE offset 0x0013f7e8 filetype GLS_BINARY_LSB_FIRST sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000468
name RT_GROUP_ICON language LANG_CHINESE offset 0x0013fc50 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000076
name RT_VERSION language LANG_CHINESE offset 0x00118280 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000398
Checks adapter addresses which can be used to detect virtual network interfaces (1 个事件)
Time & API Arguments Status Return Repeated
1620119614.678793
GetAdaptersAddresses
flags: 0
family: 0
failed 111 0
The binary likely contains encrypted or compressed data indicative of a packer (1 个事件)
entropy 7.061748225876257 section {'size_of_data': '0x00028000', 'virtual_address': '0x00118000', 'entropy': 7.061748225876257, 'name': '.rsrc', 'virtual_size': '0x00028000'} description A section with a high entropy has been found
网络通信
Communicates with host for which no DNS query was performed (1 个事件)
host 172.217.24.14
Attempts to modify browser security settings (1 个事件)
registry HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BROWSER_EMULATION\gamelogin.exe
Sets or modifies WPAD proxy autoconfiguration file for traffic interception (8 个事件)
Time & API Arguments Status Return Repeated
1620119617.241793
RegSetValueExA
key_handle: 0x00000358
value: 1
regkey_r: WpadDecisionReason
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionReason
success 0 0
1620119617.241793
RegSetValueExA
key_handle: 0x00000358
value: p„ÓT’@×
regkey_r: WpadDecisionTime
reg_type: 3 (REG_BINARY)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionTime
success 0 0
1620119617.241793
RegSetValueExA
key_handle: 0x00000358
value: 3
regkey_r: WpadDecision
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecision
success 0 0
1620119617.241793
RegSetValueExW
key_handle: 0x00000358
value: 网络 2
regkey_r: WpadNetworkName
reg_type: 1 (REG_SZ)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadNetworkName
success 0 0
1620119617.241793
RegSetValueExA
key_handle: 0x00000370
value: 1
regkey_r: WpadDecisionReason
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionReason
success 0 0
1620119617.241793
RegSetValueExA
key_handle: 0x00000370
value: p„ÓT’@×
regkey_r: WpadDecisionTime
reg_type: 3 (REG_BINARY)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionTime
success 0 0
1620119617.241793
RegSetValueExA
key_handle: 0x00000370
value: 3
regkey_r: WpadDecision
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecision
success 0 0
1620119617.272793
RegSetValueExW
key_handle: 0x00000354
value: {40112ABE-63B3-43C3-BE93-1440EE3AF106}
regkey_r: WpadLastNetwork
reg_type: 1 (REG_SZ)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\WpadLastNetwork
success 0 0
Creates known PcClient mutex and/or file changes. (1 个事件)
file C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\language\zh_cn\install_lang.ini
File has been identified by 47 AntiVirus engines on VirusTotal as malicious (47 个事件)
MicroWorld-eScan Gen:Application.Elex.1
CAT-QuickHeal PUA.Taiwanshui.Gen
Cylance Unsafe
Zillya Worm.Allaple.Win32.38661
SUPERAntiSpyware PUP.Elex/Variant
K7AntiVirus Adware ( 004dc2f41 )
Alibaba Trojan:Win32/Xadupi.82f78cb4
K7GW Adware ( 004dc2f41 )
Arcabit PUP.Adware.Elex
Invincea Xadupi Related (PUA)
Cyren W32/S-f23b3c26!Eldorado
Symantec ML.Attribute.HighConfidence
APEX Malicious
Kaspersky not-a-virus:AdWare.Win32.ELEX.gpl
BitDefender Gen:Application.Elex.1
NANO-Antivirus Riskware.Win32.Dwn.ebsdlk
AegisLab Adware.Win32.ELEX.2!c
Rising Trojan.Xadupi!8.300C (TFE:5:GI0DGuxr5SE)
Ad-Aware Gen:Application.Elex.1
Emsisoft Application.AdSearch (A)
Comodo Application.Win32.Elex.D@6lhxza
F-Secure PotentialRisk.PUA/Subtab.Gen7
DrWeb Adware.Mutabaha.229
TrendMicro PUA_ELEX
McAfee-GW-Edition PUP-FRR
FireEye Generic.mg.0ee1f873794f7ffc
Sophos Xadupi Related (PUA)
Webroot Pua.337.Technologies
Avira PUA/Subtab.Gen7
MAX malware (ai score=71)
Antiy-AVL RiskWare[Downloader]/Win32.Elex
Gridinsoft Adware.ELEX.vl!c
Microsoft Trojan:Win32/Xadupi
ViRobot Adware.Elex.1410736
ZoneAlarm not-a-virus:AdWare.Win32.ELEX.gpl
GData Gen:Application.Elex.1
Cynet Malicious (score: 85)
McAfee PUP-FRR
VBA32 Downloader.Elex
Malwarebytes Adware.Elex
ESET-NOD32 a variant of Win32/Adware.ELEX.PBU
TrendMicro-HouseCall PUA_ELEX
Tencent Malware.Win32.Gencirc.114cf7eb
Yandex Trojan.GenAsa!9xKGVem1Sug
Fortinet Riskware/Elex
Cybereason malicious.3794f7
Panda PUP/Winzipper
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

2015-11-05 11:17:59

Imports

Library SHLWAPI.dll:
0x4cb3e4 PathIsRelativeW
0x4cb3e8 PathFindExtensionW
0x4cb3ec SHGetValueW
0x4cb3f0 PathIsURLW
0x4cb3f4 StrStrIW
0x4cb3f8 SHRegCloseUSKey
0x4cb3fc StrCmpNIW
0x4cb400 SHRegEnumUSKeyW
0x4cb404 SHRegOpenUSKeyW
0x4cb408 SHRegGetUSValueW
0x4cb40c PathRemoveFileSpecW
0x4cb414 PathAppendW
0x4cb41c PathCombineW
0x4cb420 PathFileExistsW
0x4cb424 PathFindFileNameW
0x4cb428 StrCmpIW
Library KERNEL32.dll:
0x4cb130 TlsAlloc
0x4cb134 TlsFree
0x4cb138 SetEndOfFile
0x4cb13c GetTickCount
0x4cb144 HeapAlloc
0x4cb148 GetProcessHeap
0x4cb14c HeapFree
0x4cb150 GlobalLock
0x4cb15c DebugBreak
0x4cb160 MulDiv
0x4cb168 RaiseException
0x4cb16c HeapSize
0x4cb170 HeapReAlloc
0x4cb174 GlobalSize
0x4cb178 GetProfileIntW
0x4cb180 LoadLibraryExW
0x4cb184 EncodePointer
0x4cb188 DecodePointer
0x4cb18c SetFilePointer
0x4cb190 SetFileAttributesW
0x4cb194 lstrlenA
0x4cb198 GetFileSize
0x4cb19c InterlockedExchange
0x4cb1a0 ResumeThread
0x4cb1a4 TerminateThread
0x4cb1ac ResetEvent
0x4cb1c0 WideCharToMultiByte
0x4cb1c4 GetSystemInfo
0x4cb1c8 GetVersionExW
0x4cb1cc Process32NextW
0x4cb1d0 Process32FirstW
0x4cb1d4 CreateProcessW
0x4cb1d8 TerminateProcess
0x4cb1e0 GetStringTypeW
0x4cb1e4 IsDebuggerPresent
0x4cb1ec GetCommandLineW
0x4cb1f0 ExitProcess
0x4cb1f4 GetModuleHandleExW
0x4cb1f8 VirtualAlloc
0x4cb1fc VirtualProtect
0x4cb200 VirtualQuery
0x4cb204 RtlUnwind
0x4cb208 GetCPInfo
0x4cb20c CreateThread
0x4cb210 ReadFile
0x4cb214 OpenProcess
0x4cb21c lstrlenW
0x4cb224 SetLastError
0x4cb228 TlsGetValue
0x4cb22c TlsSetValue
0x4cb234 WaitForSingleObject
0x4cb238 CreateEventW
0x4cb23c Sleep
0x4cb240 FindResourceExW
0x4cb244 FindResourceW
0x4cb248 LoadResource
0x4cb24c LockResource
0x4cb250 SizeofResource
0x4cb254 GetTempFileNameW
0x4cb258 GetTempPathW
0x4cb25c MoveFileExW
0x4cb260 DeleteFileW
0x4cb264 CopyFileW
0x4cb268 OutputDebugStringW
0x4cb270 GetSystemDirectoryW
0x4cb274 SetEvent
0x4cb278 CreateEventA
0x4cb27c FreeLibrary
0x4cb280 LoadLibraryW
0x4cb28c CreateDirectoryW
0x4cb290 GetModuleFileNameW
0x4cb294 GetCurrentProcessId
0x4cb298 GetCurrentThreadId
0x4cb29c GetSystemTime
0x4cb2a0 GetLocalTime
0x4cb2a8 LocalFree
0x4cb2ac CloseHandle
0x4cb2b0 GlobalFree
0x4cb2b4 DeviceIoControl
0x4cb2b8 GlobalAlloc
0x4cb2bc CreateFileW
0x4cb2c4 MultiByteToWideChar
0x4cb2c8 GetCurrentProcess
0x4cb2cc GetModuleHandleW
0x4cb2d0 GetStartupInfoW
0x4cb2d4 GetProcAddress
0x4cb2d8 WriteFile
0x4cb2dc GetLastError
0x4cb2e0 GlobalUnlock
0x4cb2e4 HeapDestroy
0x4cb2e8 FormatMessageA
0x4cb2f4 SetWaitableTimer
0x4cb2f8 GetModuleHandleA
0x4cb300 OpenEventA
0x4cb308 WriteConsoleW
0x4cb30c FlushFileBuffers
0x4cb310 SetStdHandle
0x4cb314 GetConsoleCP
0x4cb31c SetFilePointerEx
0x4cb320 ReadConsoleW
0x4cb324 GetConsoleMode
0x4cb334 GetFileType
0x4cb338 GetStdHandle
0x4cb33c GetOEMCP
0x4cb340 GetACP
0x4cb344 IsValidCodePage
0x4cb348 LCMapStringW
0x4cb34c CompareStringW
Library USER32.dll:
0x4cb430 ReleaseCapture
0x4cb434 wsprintfW
0x4cb438 GetCaretPos
0x4cb43c PeekMessageW
0x4cb440 GetCapture
0x4cb444 SetTimer
0x4cb448 SetWindowTextW
0x4cb44c FindWindowW
0x4cb454 SendMessageW
0x4cb458 RegisterClassW
0x4cb45c DestroyWindow
0x4cb460 PostMessageW
0x4cb464 CreateWindowExW
0x4cb468 TrackMouseEvent
0x4cb46c KillTimer
0x4cb470 MapWindowPoints
0x4cb474 DefWindowProcW
0x4cb478 EnumWindows
0x4cb47c IsWindowVisible
0x4cb480 GetParent
0x4cb488 GetForegroundWindow
0x4cb48c SetWindowPos
0x4cb490 BringWindowToTop
0x4cb494 SetForegroundWindow
0x4cb498 SetFocus
0x4cb49c AttachThreadInput
0x4cb4a4 GetWindowRect
0x4cb4a8 ScreenToClient
0x4cb4ac MoveWindow
0x4cb4b0 GetSystemMetrics
0x4cb4b4 MonitorFromWindow
0x4cb4b8 GetMonitorInfoW
0x4cb4bc UpdateLayeredWindow
0x4cb4c0 SetWindowRgn
0x4cb4c4 GetUpdateRect
0x4cb4c8 CallWindowProcW
0x4cb4cc SetCapture
0x4cb4d0 InvalidateRect
0x4cb4d4 GetPropW
0x4cb4d8 SetPropW
0x4cb4dc GetLastActivePopup
0x4cb4e0 PostQuitMessage
0x4cb4e4 DispatchMessageW
0x4cb4e8 TranslateMessage
0x4cb4ec GetMessageW
0x4cb4f0 EnableWindow
0x4cb4f4 GetWindowRgn
0x4cb4fc HideCaret
0x4cb500 ShowCaret
0x4cb504 CreateCaret
0x4cb50c GetSysColor
0x4cb510 IsWindow
0x4cb514 GetDesktopWindow
0x4cb518 GetWindow
0x4cb51c GetKeyState
0x4cb520 ClientToScreen
0x4cb524 GetWindowTextW
0x4cb528 WindowFromPoint
0x4cb52c GetWindowLongW
0x4cb530 SetWindowLongW
0x4cb534 IntersectRect
0x4cb538 GetDoubleClickTime
0x4cb53c GetCursorPos
0x4cb540 SetCursor
0x4cb544 LoadCursorW
0x4cb548 ShowWindow
0x4cb54c IsIconic
0x4cb550 GetFocus
0x4cb554 IsChild
0x4cb558 CopyImage
0x4cb55c DrawTextW
0x4cb560 wvsprintfW
0x4cb564 CopyRect
0x4cb568 IsRectEmpty
0x4cb56c PtInRect
0x4cb570 SetRect
0x4cb574 SetRectEmpty
0x4cb578 EqualRect
0x4cb57c InflateRect
0x4cb580 OffsetRect
0x4cb584 UnionRect
0x4cb588 CharLowerW
0x4cb58c CharNextW
0x4cb590 InvalidateRgn
0x4cb594 GetDC
0x4cb598 GetClientRect
0x4cb59c ReleaseDC
0x4cb5a0 BeginPaint
0x4cb5a4 EndPaint
0x4cb5a8 FillRect
0x4cb5ac DrawFocusRect
0x4cb5b0 FrameRect
0x4cb5b4 GetClassInfoExW
0x4cb5b8 RegisterClassExW
0x4cb5bc SetCaretPos
Library GDI32.dll:
0x4cb05c SetBkMode
0x4cb060 SelectClipRgn
0x4cb064 OffsetClipRgn
0x4cb068 LineTo
0x4cb06c ArcTo
0x4cb070 GetStockObject
0x4cb074 Rectangle
0x4cb078 Ellipse
0x4cb07c Polygon
0x4cb080 Polyline
0x4cb084 SetTextColor
0x4cb088 OffsetRgn
0x4cb08c FillRgn
0x4cb090 FrameRgn
0x4cb094 CreatePen
0x4cb098 SetWindowOrgEx
0x4cb09c CopyMetaFileW
0x4cb0a0 GetDeviceCaps
0x4cb0a4 CreatePatternBrush
0x4cb0a8 SetDIBits
0x4cb0ac GetDIBits
0x4cb0b0 SetPixel
0x4cb0b4 GetPixel
0x4cb0b8 BitBlt
0x4cb0bc SetWorldTransform
0x4cb0c0 CreateRectRgn
0x4cb0c8 CreateSolidBrush
0x4cb0cc CreateDIBSection
0x4cb0d0 GetObjectA
0x4cb0d4 GetObjectW
0x4cb0d8 DeleteDC
0x4cb0dc StretchBlt
0x4cb0e0 SetStretchBltMode
0x4cb0e4 CreateCompatibleDC
0x4cb0e8 RestoreDC
0x4cb0ec SaveDC
0x4cb0f0 GetClipBox
0x4cb0f4 CreateRoundRectRgn
0x4cb0f8 MoveToEx
0x4cb0fc GetCharABCWidthsW
0x4cb104 SelectObject
0x4cb108 CombineRgn
0x4cb10c AddFontResourceW
0x4cb110 PtInRegion
0x4cb114 CreateFontW
0x4cb118 SetGraphicsMode
0x4cb11c EnumFontFamiliesW
0x4cb120 GetRgnBox
0x4cb124 DeleteObject
Library ADVAPI32.dll:
0x4cb000 QueryServiceStatus
0x4cb004 RegOpenKeyExW
0x4cb008 RegQueryValueExW
0x4cb00c RegCloseKey
0x4cb010 RegCreateKeyW
0x4cb014 RegSetValueExW
0x4cb018 RegDeleteValueW
0x4cb01c RegCreateKeyExW
0x4cb020 OpenSCManagerW
0x4cb024 OpenServiceW
0x4cb028 StartServiceW
0x4cb02c CloseServiceHandle
0x4cb030 QueryServiceConfigW
0x4cb038 ControlService
0x4cb03c OpenProcessToken
0x4cb040 GetTokenInformation
0x4cb044 RegOpenKeyW
Library SHELL32.dll:
0x4cb3c0 CommandLineToArgvW
0x4cb3c4 SHGetFolderPathW
0x4cb3c8
0x4cb3d0 ShellExecuteW
0x4cb3d4 SHFileOperationW
0x4cb3d8
0x4cb3dc ShellExecuteExW
Library ole32.dll:
0x4cb724 RegisterDragDrop
0x4cb728 RevokeDragDrop
0x4cb72c ReleaseStgMedium
0x4cb730 DoDragDrop
0x4cb734 OleLockRunning
0x4cb738 CoTaskMemAlloc
0x4cb73c IIDFromString
0x4cb740 CoTaskMemFree
0x4cb748 CLSIDFromString
0x4cb74c OleInitialize
0x4cb750 OleUninitialize
0x4cb754 CoInitialize
0x4cb758 CoUninitialize
0x4cb75c CoCreateInstance
0x4cb764 OleRun
0x4cb768 OleDuplicateData
Library OLEAUT32.dll:
0x4cb360 VariantClear
0x4cb364 SysFreeString
0x4cb368 VariantChangeType
0x4cb36c SysAllocString
0x4cb370 VariantInit
0x4cb374 LoadTypeLib
0x4cb378 SysAllocStringLen
0x4cb380 SysStringByteLen
0x4cb384 DispCallFunc
0x4cb388 SafeArrayGetLBound
0x4cb38c SafeArrayGetUBound
0x4cb390 SafeArrayAccessData
0x4cb398 SysStringLen
0x4cb39c GetErrorInfo
0x4cb3a0 VariantCopy
Library WININET.dll:
0x4cb5c4 InternetCloseHandle
0x4cb5c8 InternetReadFile
0x4cb5cc HttpSendRequestW
0x4cb5d0 HttpOpenRequestW
0x4cb5d4 InternetConnectW
0x4cb5d8 InternetOpenW
0x4cb5dc InternetCrackUrlW
0x4cb5e0 HttpQueryInfoW
Library gdiplus.dll:
0x4cb608 GdipCreateSolidFill
0x4cb60c GdipCloneBrush
0x4cb610 GdipDeleteBrush
0x4cb618 GdipBitmapLockBits
0x4cb634 GdipCreateFromHDC
0x4cb64c GdipDrawLines
0x4cb650 GdipDrawLineI
0x4cb654 GdipDrawRectangleI
0x4cb660 GdipGetImageHeight
0x4cb664 GdipGetImageWidth
0x4cb66c GdipDrawImageRectI
0x4cb674 GdipDeleteGraphics
0x4cb67c GdipDisposeImage
0x4cb680 GdipAlloc
0x4cb684 GdipFree
0x4cb688 GdipDrawEllipseI
0x4cb68c GdipGraphicsClear
0x4cb690 GdipFillRectangleI
0x4cb694 GdipFillEllipseI
0x4cb698 GdipDrawString
0x4cb69c GdipMeasureString
0x4cb6a0 GdipDrawImageI
0x4cb6a8 GdipCreatePen1
0x4cb6ac GdipDeletePen
0x4cb6b0 GdipSetPenDashStyle
0x4cb6d4 GdipDeleteFont
0x4cb6d8 GdipGetFamily
0x4cb6e4 GdipGetImageFlags
0x4cb6fc GdipGetPropertyItem
0x4cb700 GdipCloneImage
0x4cb704 GdiplusShutdown
0x4cb708 GdiplusStartup
Library MSIMG32.dll:
0x4cb354 AlphaBlend
0x4cb358 TransparentBlt
Library dbghelp.dll:
0x4cb600 MiniDumpWriteDump
Library RPCRT4.dll:
0x4cb3b0 UuidCreate
0x4cb3b4 RpcStringFreeW
0x4cb3b8 UuidToStringW
Library WINMM.dll:
0x4cb5e8 timeSetEvent
0x4cb5ec timeKillEvent
Library PSAPI.DLL:
Library WS2_32.dll:
0x4cb5f4 WSAStartup
0x4cb5f8 WSACleanup
Library urlmon.dll:
Library COMCTL32.dll:
0x4cb054

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 50534 114.114.114.114 53
192.168.56.101 51808 114.114.114.114 53
192.168.56.101 56539 114.114.114.114 53
192.168.56.101 57874 114.114.114.114 53
192.168.56.101 58367 114.114.114.114 53
192.168.56.101 63429 114.114.114.114 53
192.168.56.101 65004 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 123 20.189.79.72 time.windows.com 123
192.168.56.101 49235 224.0.0.252 5355
192.168.56.101 51378 224.0.0.252 5355
192.168.56.101 51963 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 62191 224.0.0.252 5355
192.168.56.101 1900 239.255.255.250 1900
192.168.56.101 51379 239.255.255.250 3702
192.168.56.101 51381 239.255.255.250 3702
192.168.56.101 56540 239.255.255.250 3702
192.168.56.101 56807 239.255.255.250 1900

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.