6.4
高危
6 个模型检测该样本为恶意!
重新分析
更多

de0c97086d98b60cf3514b8a91a40dfdbabcde2b109c003affa63e6e27ffc3cf

1ee943670679d534beb951a1fc3b8b1a.exe

分析耗时

124s

最近分析

文件大小

10.4MB
静态报毒 动态报毒 AIDETECTVM HACKTOOL MALICIOUS MALWARE1 PRESENOKER VKTOOLS
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
Alibaba 20190527 0.3.0.5
Baidu 20190318 1.0.0.2
Avast 20201016 18.4.3895.0
Kingsoft 20201016 2013.8.14.323
McAfee Generic!atr.b 20201016 6.0.6.653
Tencent 20201016 1.0.0.1
CrowdStrike 20190702 1.0
静态指标
Queries for the computername (2 个事件)
Time & API Arguments Status Return Repeated
1619286931.40925
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
1619286503.97452
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
The executable contains unknown PE section names indicative of a packer (could be a false positive) (2 个事件)
section .itext
section .didata
The executable uses a known packer (1 个事件)
packer BobSoft Mini Delphi -> BoB / BobSoft
行为判定
动态指标
Allocates read-write-execute memory (usually to unpack itself) (18 个事件)
Time & API Arguments Status Return Repeated
1619286912.92425
NtAllocateVirtualMemory
process_identifier: 2060
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x006e0000
success 0 0
1619286556.05252
NtAllocateVirtualMemory
process_identifier: 1424
region_size: 65536
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffffffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x0000000004610000
success 0 0
1619286935.72125
NtAllocateVirtualMemory
process_identifier: 1176
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00690000
success 0 0
1619286935.72125
NtProtectVirtualMemory
process_identifier: 1176
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x755d1000
success 0 0
1619286935.72125
NtProtectVirtualMemory
process_identifier: 1176
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x75011000
success 0 0
1619286935.73725
NtProtectVirtualMemory
process_identifier: 1176
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x75051000
success 0 0
1619286936.04925
NtProtectVirtualMemory
process_identifier: 1176
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x74ff1000
success 0 0
1619286936.33025
NtProtectVirtualMemory
process_identifier: 1176
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x77711000
success 0 0
1619286936.33025
NtProtectVirtualMemory
process_identifier: 1176
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76241000
success 0 0
1619286936.33025
NtProtectVirtualMemory
process_identifier: 1176
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76121000
success 0 0
1619286936.47125
NtProtectVirtualMemory
process_identifier: 1176
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x75a11000
success 0 0
1619286936.47125
NtProtectVirtualMemory
process_identifier: 1176
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x766c1000
success 0 0
1619286936.47125
NtProtectVirtualMemory
process_identifier: 1176
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x77691000
success 0 0
1619286937.76825
NtProtectVirtualMemory
process_identifier: 1176
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x75021000
success 0 0
1619286937.76825
NtProtectVirtualMemory
process_identifier: 1176
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76881000
success 0 0
1619286939.97125
NtProtectVirtualMemory
process_identifier: 1176
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x746e1000
success 0 0
1619286940.01825
NtProtectVirtualMemory
process_identifier: 1176
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x74811000
success 0 0
1619286940.14325
NtProtectVirtualMemory
process_identifier: 1176
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x74641000
success 0 0
Queries the disk size which could be used to detect virtual machine with small fixed size or dynamic allocation (1 个事件)
Time & API Arguments Status Return Repeated
1619286505.20852
GetDiskFreeSpaceExW
root_path: C:\Users\Administrator.Oskar-PC\AppData\Local\Microsoft\Windows\Explorer
free_bytes_available: 19449405440
total_number_of_free_bytes: 0
total_number_of_bytes: 0
success 1 0
Creates an autorun.inf file (1 个事件)
file C:\Data\downloaded\Courses\FC\FC9002\autorun.inf
Creates (office) documents on the filesystem (1 个事件)
file C:\Data\downloaded\Courses\FC\FC9002\presentation_content\external_files\AudioText.pdf
Creates executable files on the filesystem (3 个事件)
file C:\Data\downloaded\Courses\FC\FC9002\presentation_content\presentation.js
file C:\Users\Public\Desktop\FC9002 Safety.lnk
file C:\Data\downloaded\Courses\FC\FC9002\Launch_Presentation.exe
Creates a shortcut to an executable file (2 个事件)
file C:\Users\Administrator.Oskar-PC\Desktop\FC9002 Safety.lnk
file C:\Users\Public\Desktop\FC9002 Safety.lnk
Drops a binary and executes it (1 个事件)
file C:\Data\downloaded\Courses\FC\FC9002\Launch_Presentation.exe
File has been identified by 6 AntiVirus engines on VirusTotal as malicious (6 个事件)
Bkav W32.AIDetectVM.malware1
Zillya Trojan.Generic.Win32.1067514
APEX Malicious
Jiangmin HackTool.VKTools.bs
McAfee Generic!atr.b
VBA32 Adware.Presenoker
Queries for potentially installed applications (2 个事件)
Time & API Arguments Status Return Repeated
1619286914.19025
RegOpenKeyExW
access: 0x00020019
base_handle: 0x80000001
key_handle: 0x00000000
regkey: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5954F14F-EE80-0F01-7C82-003DF9E4C4BB}
regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5954F14F-EE80-0F01-7C82-003DF9E4C4BB}
options: 0
failed 2 0
1619286914.19025
RegOpenKeyExW
access: 0x00020019
base_handle: 0x80000001
key_handle: 0x00000000
regkey: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FC9002 Safety
regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FC9002 Safety
options: 0
failed 2 0
网络通信
Communicates with host for which no DNS query was performed (1 个事件)
host 23.3.84.136
Attempts to modify browser security settings (1 个事件)
registry HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BROWSER_EMULATION\Launch_Presentation.exe
Connects to an IP address that is no longer responding to requests (legitimate services will remain up-and-running usually) (1 个事件)
dead_host 172.217.24.14:443
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

2016-06-02 16:12:30

Imports

Library oleaut32.dll:
0x676b58 SysFreeString
0x676b5c SysReAllocStringLen
0x676b60 SysAllocStringLen
Library advapi32.dll:
0x676b68 RegQueryValueExW
0x676b6c RegOpenKeyExW
0x676b70 RegCloseKey
Library user32.dll:
0x676b78 MessageBoxA
0x676b7c CharNextW
0x676b80 LoadStringW
Library kernel32.dll:
0x676b88 Sleep
0x676b8c VirtualFree
0x676b90 VirtualAlloc
0x676b94 lstrlenW
0x676b98 VirtualQuery
0x676ba0 GetTickCount
0x676ba4 GetSystemInfo
0x676ba8 GetVersion
0x676bac CompareStringW
0x676bb0 IsValidLocale
0x676bb4 SetThreadLocale
0x676bc0 GetLocaleInfoW
0x676bc4 WideCharToMultiByte
0x676bc8 MultiByteToWideChar
0x676bcc GetACP
0x676bd0 LoadLibraryExW
0x676bd4 GetStartupInfoW
0x676bd8 GetProcAddress
0x676bdc GetModuleHandleW
0x676be0 GetModuleFileNameW
0x676be4 GetCommandLineW
0x676be8 FreeLibrary
0x676bec GetLastError
0x676bf4 RtlUnwind
0x676bf8 RaiseException
0x676bfc ExitProcess
0x676c00 ExitThread
0x676c04 SwitchToThread
0x676c08 GetCurrentThreadId
0x676c0c CreateThread
0x676c20 FindFirstFileW
0x676c24 FindClose
0x676c28 RemoveDirectoryW
0x676c2c CreateDirectoryW
0x676c30 WriteFile
0x676c34 GetStdHandle
0x676c38 CloseHandle
Library kernel32.dll:
0x676c40 GetProcAddress
0x676c44 RaiseException
0x676c48 LoadLibraryA
0x676c4c GetLastError
0x676c50 TlsSetValue
0x676c54 TlsGetValue
0x676c58 LocalFree
0x676c5c LocalAlloc
0x676c60 GetModuleHandleW
0x676c64 FreeLibrary
Library user32.dll:
0x676c6c SetClassLongW
0x676c70 GetClassLongW
0x676c74 SetWindowLongW
0x676c78 GetWindowLongW
0x676c7c CreateWindowExW
0x676c80 WindowFromPoint
0x676c84 WaitMessage
0x676c88 UpdateWindow
0x676c8c UnregisterClassW
0x676c90 UnhookWindowsHookEx
0x676c94 TranslateMessage
0x676c9c TrackPopupMenu
0x676ca4 ShowWindow
0x676ca8 ShowScrollBar
0x676cac ShowOwnedPopups
0x676cb0 ShowCaret
0x676cb4 SetWindowRgn
0x676cb8 SetWindowsHookExW
0x676cbc SetWindowTextW
0x676cc0 SetWindowPos
0x676cc4 SetWindowPlacement
0x676cc8 SetTimer
0x676ccc SetScrollRange
0x676cd0 SetScrollPos
0x676cd4 SetScrollInfo
0x676cd8 SetRect
0x676cdc SetPropW
0x676ce0 SetParent
0x676ce4 SetMenuItemInfoW
0x676ce8 SetMenu
0x676cec SetForegroundWindow
0x676cf0 SetFocus
0x676cf4 SetCursorPos
0x676cf8 SetCursor
0x676cfc SetClipboardData
0x676d00 SetCapture
0x676d04 SetActiveWindow
0x676d08 SendMessageTimeoutW
0x676d0c SendMessageA
0x676d10 SendMessageW
0x676d14 ScrollWindow
0x676d18 ScreenToClient
0x676d1c RemovePropW
0x676d20 RemoveMenu
0x676d24 ReleaseDC
0x676d28 ReleaseCapture
0x676d34 RegisterClassW
0x676d38 RedrawWindow
0x676d3c PostQuitMessage
0x676d40 PostMessageW
0x676d44 PeekMessageA
0x676d48 PeekMessageW
0x676d4c OpenClipboard
0x676d58 MessageBoxW
0x676d5c MessageBeep
0x676d60 MapWindowPoints
0x676d64 MapVirtualKeyW
0x676d68 LoadStringW
0x676d6c LoadKeyboardLayoutW
0x676d70 LoadIconW
0x676d74 LoadCursorW
0x676d78 LoadBitmapW
0x676d7c KillTimer
0x676d80 IsZoomed
0x676d84 IsWindowVisible
0x676d88 IsWindowUnicode
0x676d8c IsWindowEnabled
0x676d90 IsWindow
0x676d94 IsIconic
0x676d98 IsDialogMessageA
0x676d9c IsDialogMessageW
0x676da0 IsChild
0x676da4 InvalidateRect
0x676da8 InsertMenuItemW
0x676dac InsertMenuW
0x676db0 HideCaret
0x676db8 GetWindowTextW
0x676dbc GetWindowRect
0x676dc0 GetWindowPlacement
0x676dc4 GetWindowDC
0x676dc8 GetUpdateRect
0x676dcc GetTopWindow
0x676dd0 GetSystemMetrics
0x676dd4 GetSystemMenu
0x676dd8 GetSysColorBrush
0x676ddc GetSysColor
0x676de0 GetSubMenu
0x676de4 GetScrollRange
0x676de8 GetScrollPos
0x676dec GetScrollInfo
0x676df0 GetScrollBarInfo
0x676df4 GetPropW
0x676df8 GetParent
0x676dfc GetWindow
0x676e00 GetMessagePos
0x676e04 GetMessageExtraInfo
0x676e08 GetMenuStringW
0x676e0c GetMenuState
0x676e10 GetMenuItemInfoW
0x676e14 GetMenuItemID
0x676e18 GetMenuItemCount
0x676e1c GetMenu
0x676e20 GetLastActivePopup
0x676e24 GetKeyboardState
0x676e30 GetKeyboardLayout
0x676e34 GetKeyState
0x676e38 GetKeyNameTextW
0x676e3c GetIconInfo
0x676e40 GetForegroundWindow
0x676e44 GetFocus
0x676e48 GetDlgItem
0x676e4c GetDlgCtrlID
0x676e50 GetDesktopWindow
0x676e54 GetDCEx
0x676e58 GetDC
0x676e5c GetCursorPos
0x676e60 GetCursor
0x676e64 GetClipboardData
0x676e68 GetClientRect
0x676e6c GetClassNameW
0x676e70 GetClassInfoExW
0x676e74 GetClassInfoW
0x676e78 GetCapture
0x676e7c GetActiveWindow
0x676e80 FrameRect
0x676e84 FindWindowExW
0x676e88 FindWindowW
0x676e8c FillRect
0x676e90 ExitWindowsEx
0x676e94 EnumWindows
0x676e98 EnumThreadWindows
0x676e9c EnumChildWindows
0x676ea0 EndPaint
0x676ea4 EndMenu
0x676ea8 EndDeferWindowPos
0x676eac EnableWindow
0x676eb0 EnableScrollBar
0x676eb4 EnableMenuItem
0x676eb8 EmptyClipboard
0x676ebc DrawTextExW
0x676ec0 DrawTextW
0x676ec4 DrawMenuBar
0x676ec8 DrawIconEx
0x676ecc DrawIcon
0x676ed0 DrawFrameControl
0x676ed4 DrawFocusRect
0x676ed8 DrawEdge
0x676edc DispatchMessageA
0x676ee0 DispatchMessageW
0x676ee4 DestroyWindow
0x676ee8 DestroyMenu
0x676eec DestroyIcon
0x676ef0 DestroyCursor
0x676ef4 DeleteMenu
0x676ef8 DeferWindowPos
0x676efc DefWindowProcW
0x676f00 DefMDIChildProcW
0x676f04 DefFrameProcW
0x676f08 CreatePopupMenu
0x676f0c CreateMenu
0x676f10 CreateIcon
0x676f18 CopyImage
0x676f1c CopyIcon
0x676f20 CloseClipboard
0x676f24 ClientToScreen
0x676f28 CheckMenuItem
0x676f2c CharUpperBuffW
0x676f30 CharUpperW
0x676f34 CharNextW
0x676f38 CharLowerBuffW
0x676f3c CharLowerW
0x676f40 CallWindowProcW
0x676f44 CallNextHookEx
0x676f48 BeginPaint
0x676f4c BeginDeferWindowPos
0x676f50 AdjustWindowRectEx
Library gdi32.dll:
0x676f5c UnrealizeObject
0x676f60 StretchDIBits
0x676f64 StretchBlt
0x676f68 StartPage
0x676f6c StartDocW
0x676f70 SetWindowOrgEx
0x676f74 SetWinMetaFileBits
0x676f78 SetViewportOrgEx
0x676f7c SetTextColor
0x676f80 SetStretchBltMode
0x676f84 SetROP2
0x676f88 SetPixel
0x676f8c SetMapMode
0x676f90 SetEnhMetaFileBits
0x676f94 SetDIBits
0x676f98 SetDIBColorTable
0x676f9c SetBrushOrgEx
0x676fa0 SetBkMode
0x676fa4 SetBkColor
0x676fa8 SetAbortProc
0x676fac SelectPalette
0x676fb0 SelectObject
0x676fb4 SelectClipRgn
0x676fb8 SaveDC
0x676fbc RoundRect
0x676fc0 RestoreDC
0x676fc4 RemoveFontResourceW
0x676fc8 Rectangle
0x676fcc RectVisible
0x676fd0 RealizePalette
0x676fd4 Polyline
0x676fd8 Polygon
0x676fdc PolyBezierTo
0x676fe0 PolyBezier
0x676fe4 PlayEnhMetaFile
0x676fe8 Pie
0x676fec PatBlt
0x676ff0 MoveToEx
0x676ff4 MaskBlt
0x676ff8 LineTo
0x676ffc IntersectClipRect
0x677000 GetWindowOrgEx
0x677004 GetWinMetaFileBits
0x677008 GetTextMetricsW
0x67700c GetTextExtentPointW
0x677018 GetStockObject
0x67701c GetRgnBox
0x677020 GetPixel
0x677024 GetPaletteEntries
0x677028 GetObjectW
0x677038 GetEnhMetaFileBits
0x67703c GetDeviceCaps
0x677040 GetDIBits
0x677044 GetDIBColorTable
0x67704c GetClipBox
0x677050 GetBrushOrgEx
0x677054 GetBitmapBits
0x677058 GdiFlush
0x67705c FrameRgn
0x677060 ExtTextOutW
0x677064 ExtFloodFill
0x677068 ExcludeClipRect
0x67706c EnumFontsW
0x677070 EnumFontFamiliesExW
0x677074 EndPage
0x677078 EndDoc
0x67707c Ellipse
0x677080 DeleteObject
0x677084 DeleteEnhMetaFile
0x677088 DeleteDC
0x67708c CreateSolidBrush
0x677090 CreateRectRgn
0x677094 CreatePenIndirect
0x677098 CreatePalette
0x67709c CreateICW
0x6770a4 CreateFontIndirectW
0x6770a8 CreateDIBitmap
0x6770ac CreateDIBSection
0x6770b0 CreateDCW
0x6770b4 CreateCompatibleDC
0x6770bc CreateBrushIndirect
0x6770c0 CreateBitmap
0x6770c4 CopyEnhMetaFileW
0x6770c8 Chord
0x6770cc BitBlt
0x6770d0 ArcTo
0x6770d4 Arc
0x6770d8 AngleArc
0x6770dc AddFontResourceW
0x6770e0 AbortDoc
Library version.dll:
0x6770e8 VerQueryValueW
0x6770f0 GetFileVersionInfoW
Library kernel32.dll:
0x6770f8 lstrlenA
0x6770fc WriteFile
0x677100 WideCharToMultiByte
0x677104 WaitForSingleObject
0x67710c VirtualQueryEx
0x677110 VirtualQuery
0x677114 VirtualProtect
0x677118 VirtualFree
0x67711c VirtualAlloc
0x677120 VerSetConditionMask
0x677124 VerifyVersionInfoW
0x677128 UnmapViewOfFile
0x677130 SwitchToThread
0x677134 SuspendThread
0x677138 Sleep
0x67713c SizeofResource
0x677140 SetThreadPriority
0x677144 SetThreadLocale
0x677148 SetLastError
0x67714c SetFileTime
0x677150 SetFilePointer
0x677154 SetFileAttributesW
0x677158 SetEvent
0x67715c SetErrorMode
0x677160 SetEndOfFile
0x677164 ResumeThread
0x677168 ResetEvent
0x67716c RemoveDirectoryW
0x677170 ReadFile
0x677174 RaiseException
0x677178 QueryDosDeviceW
0x67717c IsDebuggerPresent
0x677180 MulDiv
0x677184 MapViewOfFile
0x677188 LockResource
0x67718c LocalFree
0x677194 LoadResource
0x677198 LoadLibraryW
0x6771a0 IsValidLocale
0x6771a8 HeapSize
0x6771ac HeapFree
0x6771b0 HeapDestroy
0x6771b4 HeapCreate
0x6771b8 HeapAlloc
0x6771bc GlobalUnlock
0x6771c0 GlobalHandle
0x6771c4 GlobalLock
0x6771c8 GlobalFree
0x6771cc GlobalFindAtomW
0x6771d0 GlobalDeleteAtom
0x6771d4 GlobalAlloc
0x6771d8 GlobalAddAtomW
0x6771e4 GetVersionExW
0x6771e8 GetVersion
0x6771f0 GetTickCount
0x6771f4 GetThreadPriority
0x6771f8 GetThreadLocale
0x6771fc GetTempPathW
0x677200 GetSystemTimes
0x677204 GetSystemDirectoryW
0x67720c GetStdHandle
0x677210 GetProcAddress
0x677214 GetModuleHandleW
0x677218 GetModuleFileNameW
0x67721c GetLogicalDrives
0x677224 GetLocaleInfoW
0x677228 GetLocalTime
0x67722c GetLastError
0x677230 GetFullPathNameW
0x677234 GetFileSize
0x67723c GetFileAttributesW
0x677240 GetExitCodeThread
0x677244 GetExitCodeProcess
0x67724c GetDriveTypeW
0x677250 GetDiskFreeSpaceW
0x677254 GetDateFormatW
0x677258 GetCurrentThreadId
0x67725c GetCurrentThread
0x677260 GetCurrentProcessId
0x677264 GetCurrentProcess
0x677268 GetCPInfoExW
0x67726c GetCPInfo
0x677270 GetACP
0x677274 FreeResource
0x677278 InterlockedExchange
0x677280 FreeLibrary
0x677284 FormatMessageW
0x677288 FindResourceW
0x67728c FindNextFileW
0x677290 FindFirstFileW
0x677294 FindClose
0x6772a4 EnumSystemLocalesW
0x6772a8 EnumResourceNamesW
0x6772ac EnumCalendarInfoW
0x6772b8 DeleteFileW
0x6772c0 CreateThread
0x6772c4 CreateFileMappingW
0x6772c8 CreateFileW
0x6772cc CreateEventW
0x6772d0 CreateDirectoryW
0x6772d4 CopyFileW
0x6772d8 CompareStringW
0x6772dc CloseHandle
Library advapi32.dll:
0x6772e4 RegUnLoadKeyW
0x6772e8 RegSetValueExW
0x6772ec RegSaveKeyW
0x6772f0 RegRestoreKeyW
0x6772f4 RegReplaceKeyW
0x6772f8 RegQueryValueExW
0x6772fc RegQueryInfoKeyW
0x677300 RegOpenKeyExW
0x677304 RegLoadKeyW
0x677308 RegFlushKey
0x67730c RegEnumValueW
0x677310 RegEnumKeyExW
0x677314 RegDeleteValueW
0x677318 RegDeleteKeyW
0x67731c RegCreateKeyExW
0x677320 RegConnectRegistryW
0x677324 RegCloseKey
0x677328 OpenThreadToken
0x67732c OpenProcessToken
0x677334 GetTokenInformation
0x677338 FreeSid
0x67733c EqualSid
Library kernel32.dll:
0x67734c Sleep
Library oleaut32.dll:
0x677354 SafeArrayPtrOfIndex
0x677358 SafeArrayGetUBound
0x67735c SafeArrayGetLBound
0x677360 SafeArrayCreate
0x677364 VariantChangeType
0x677368 VariantCopy
0x67736c VariantClear
0x677370 VariantInit
Library oleaut32.dll:
0x677378 GetErrorInfo
0x67737c RegisterTypeLib
0x677380 LoadTypeLib
0x677384 SysFreeString
Library ole32.dll:
0x67738c OleUninitialize
0x677390 OleInitialize
0x677394 CoTaskMemFree
0x677398 CoTaskMemAlloc
0x67739c StringFromCLSID
0x6773a0 CoCreateInstance
0x6773a4 CoUninitialize
0x6773a8 CoInitialize
0x6773ac IsEqualGUID
Library comctl32.dll:
0x6773b4 InitializeFlatSB
0x6773bc FlatSB_SetScrollPos
0x6773c4 FlatSB_GetScrollPos
0x6773cc _TrackMouseEvent
0x6773dc ImageList_Write
0x6773e0 ImageList_Read
0x6773ec ImageList_DragMove
0x6773f0 ImageList_DragLeave
0x6773f4 ImageList_DragEnter
0x6773f8 ImageList_EndDrag
0x6773fc ImageList_BeginDrag
0x677400 ImageList_Copy
0x677408 ImageList_GetIcon
0x67740c ImageList_Remove
0x677410 ImageList_DrawEx
0x677414 ImageList_Replace
0x677418 ImageList_Draw
0x67742c ImageList_Add
0x677438 ImageList_Destroy
0x67743c ImageList_Create
0x677440 InitCommonControls
Library user32.dll:
0x677448 EnumDisplayMonitors
0x67744c GetMonitorInfoW
0x677450 MonitorFromPoint
0x677454 MonitorFromRect
0x677458 MonitorFromWindow
Library msvcrt.dll:
0x677460 memset
0x677464 memcpy
Library shell32.dll:
0x67746c SHGetFileInfoW
0x677470 ShellExecuteExW
0x677474 ShellExecuteW
0x677478 Shell_NotifyIconW
Library wininet.dll:
0x677484 InternetOpenUrlW
0x677488 InternetOpenW
0x67748c InternetCloseHandle
Library shell32.dll:
0x67749c SHGetMalloc
0x6774a0 SHGetDesktopFolder
0x6774a4 SHBrowseForFolderW

Exports

Ordinal Address Name
1 0x46062c TMethodImplementationIntercept

Hosts

No hosts contacted.

TCP

Source Source Port Destination Destination Port
23.3.84.136 443 192.168.56.101 49177

UDP

Source Source Port Destination Destination Port
192.168.56.101 49235 114.114.114.114 53
192.168.56.101 50534 114.114.114.114 53
192.168.56.101 51378 114.114.114.114 53
192.168.56.101 56539 114.114.114.114 53
192.168.56.101 58367 114.114.114.114 53
192.168.56.101 65004 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 123 20.189.79.72 time.windows.com 123
192.168.56.101 53657 224.0.0.252 5355
192.168.56.101 55368 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 60123 224.0.0.252 5355
192.168.56.101 62191 224.0.0.252 5355
192.168.56.101 1900 239.255.255.250 1900
192.168.56.101 56807 239.255.255.250 1900
192.168.56.101 58368 239.255.255.250 3702
192.168.56.101 58370 239.255.255.250 3702
192.168.56.101 58707 239.255.255.250 3702
192.168.56.101 62192 239.255.255.250 3702

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.