4.6
中危
该样本未表现出任何异常!
重新分析
更多

1d5d33d83029cd0b64bd4171db3e6535c4f50d31cc585b6e2b10345121c346fc

220e170602aa98087f6037b63bf98b47.exe

分析耗时

25s

最近分析

文件大小

756.5KB
静态报毒 动态报毒
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
未检测 暂无反病毒引擎检测结果
静态指标
The executable contains unknown PE section names indicative of a packer (could be a false positive) (3 个事件)
section CODE
section DATA
section BSS
The executable uses a known packer (1 个事件)
packer BobSoft Mini Delphi -> BoB / BobSoft
One or more processes crashed (2 个事件)
Time & API Arguments Status Return Repeated
1619303930.320625
__exception__
stacktrace: 
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 34012992
registers.edi: 0
registers.eax: 0
registers.ebp: 34013064
registers.edx: 38
registers.ebx: 0
registers.esi: 0
registers.ecx: 305
exception.instruction_r: f7 f0 33 c0 5a 59 59 64 89 10 eb 57 e9 41 51 f9
exception.symbol: 220e170602aa98087f6037b63bf98b47+0x6e616
exception.instruction: div eax
exception.module: 220e170602aa98087f6037b63bf98b47.exe
exception.exception_code: 0xc0000094
exception.offset: 452118
exception.address: 0x46e616
success 0 0
1619303933.383125
__exception__
stacktrace: 
CreateFileMappingW+0xe5 OpenFileMappingW-0x29 kernelbase+0xdc73 @ 0x778edc73
GetFileVersion+0xa7 ND_RI2-0x2eb mscoreei+0xe97b @ 0x751ce97b
GetFileVersion+0x1bb ND_RI2-0x1d7 mscoreei+0xea8f @ 0x751cea8f
RegisterShimImplCallback+0x48e5 CLRCreateInstance-0x13e6 mscoreei+0xb25a @ 0x751cb25a
RegisterShimImplCallback+0x4b52 CLRCreateInstance-0x1179 mscoreei+0xb4c7 @ 0x751cb4c7
RegisterShimImplCallback+0x4300 CLRCreateInstance-0x19cb mscoreei+0xac75 @ 0x751cac75
RegisterShimImplCallback+0x4561 CLRCreateInstance-0x176a mscoreei+0xaed6 @ 0x751caed6
CreateConfigStream+0xc89 _CorExeMain-0x62 mscoreei+0x5511 @ 0x751c5511
_CorExeMain+0x2b _CorExeMain2-0x141 mscoreei+0x559e @ 0x751c559e
CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x752d7f16
_CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x752d4de3
220e170602aa98087f6037b63bf98b47+0x40a4d @ 0x440a4d
220e170602aa98087f6037b63bf98b47+0x39254 @ 0x439254
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1634372
registers.edi: 2
registers.eax: 1
registers.ebp: 1634412
registers.edx: 228
registers.ebx: 983045
registers.esi: 1634532
registers.ecx: 228
exception.symbol:
exception.exception_code: 0xc0000005
exception.address: 0xff6114ad
success 0 0
行为判定
动态指标
One or more potentially interesting buffers were extracted, these generally contain injected code, configuration data, etc.
Allocates read-write-execute memory (usually to unpack itself) (30 个事件)
Time & API Arguments Status Return Repeated
1619303930.164625
NtAllocateVirtualMemory
process_identifier: 2104
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x01ec0000
success 0 0
1619303930.320625
NtAllocateVirtualMemory
process_identifier: 2104
region_size: 40960
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x02df0000
success 0 0
1619303930.367625
NtAllocateVirtualMemory
process_identifier: 2104
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x03120000
success 0 0
1619303931.524125
NtProtectVirtualMemory
process_identifier: 284
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00400000
success 0 0
1619303931.571125
NtAllocateVirtualMemory
process_identifier: 284
region_size: 1310720
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 8192 (MEM_RESERVE)
base_address: 0x01e80000
success 0 0
1619303931.571125
NtAllocateVirtualMemory
process_identifier: 284
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x01f80000
success 0 0
1619303931.571125
NtAllocateVirtualMemory
process_identifier: 284
region_size: 229376
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x004c0000
success 0 0
1619303931.571125
NtProtectVirtualMemory
process_identifier: 284
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 118784
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x004c2000
success 0 0
1619303932.180125
NtAllocateVirtualMemory
process_identifier: 284
region_size: 524288
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 8192 (MEM_RESERVE)
base_address: 0x00650000
success 0 0
1619303932.180125
NtAllocateVirtualMemory
process_identifier: 284
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00690000
success 0 0
1619303933.321125
NtProtectVirtualMemory
process_identifier: 284
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x02022000
success 0 0
1619303933.321125
NtProtectVirtualMemory
process_identifier: 284
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76351000
success 0 0
1619303933.321125
NtProtectVirtualMemory
process_identifier: 284
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x02022000
success 0 0
1619303933.321125
NtProtectVirtualMemory
process_identifier: 284
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76353000
success 0 0
1619303933.321125
NtProtectVirtualMemory
process_identifier: 284
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x02022000
success 0 0
1619303933.321125
NtProtectVirtualMemory
process_identifier: 284
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76354000
success 0 0
1619303933.321125
NtProtectVirtualMemory
process_identifier: 284
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x02022000
success 0 0
1619303933.321125
NtProtectVirtualMemory
process_identifier: 284
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76351000
success 0 0
1619303933.321125
NtProtectVirtualMemory
process_identifier: 284
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x02022000
success 0 0
1619303933.321125
NtProtectVirtualMemory
process_identifier: 284
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x77d4f000
success 0 0
1619303933.321125
NtProtectVirtualMemory
process_identifier: 284
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x02022000
success 0 0
1619303933.321125
NtProtectVirtualMemory
process_identifier: 284
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76353000
success 0 0
1619303933.321125
NtProtectVirtualMemory
process_identifier: 284
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x02022000
success 0 0
1619303933.321125
NtProtectVirtualMemory
process_identifier: 284
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76351000
success 0 0
1619303933.321125
NtProtectVirtualMemory
process_identifier: 284
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x02022000
success 0 0
1619303933.321125
NtProtectVirtualMemory
process_identifier: 284
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76351000
success 0 0
1619303933.321125
NtProtectVirtualMemory
process_identifier: 284
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x02022000
success 0 0
1619303933.321125
NtProtectVirtualMemory
process_identifier: 284
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76354000
success 0 0
1619303933.321125
NtProtectVirtualMemory
process_identifier: 284
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x02022000
success 0 0
1619303933.321125
NtProtectVirtualMemory
process_identifier: 284
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76351000
success 0 0
The binary likely contains encrypted or compressed data indicative of a packer (3 个事件)
entropy 7.698765419698968 section {'size_of_data': '0x0000ae00', 'virtual_address': '0x0006f000', 'entropy': 7.698765419698968, 'name': 'DATA', 'virtual_size': '0x0000ac6c'} description A section with a high entropy has been found
entropy 7.444733361929053 section {'size_of_data': '0x0003a400', 'virtual_address': '0x00088000', 'entropy': 7.444733361929053, 'name': '.rsrc', 'virtual_size': '0x0003a384'} description A section with a high entropy has been found
entropy 0.36598279285241564 description Overall entropy of this PE file is high
网络通信
Communicates with host for which no DNS query was performed (1 个事件)
host 172.217.24.14
Used NtSetContextThread to modify a thread in a remote process indicative of process injection (2 个事件)
Process injection Process 2104 called NtSetContextThread to modify thread in remote process 284
Time & API Arguments Status Return Repeated
1619303930.539625
NtSetContextThread
thread_handle: 0x0000010c
registers.eip: 0
registers.esp: 0
registers.edi: 0
registers.eax: 4707504
registers.ebp: 0
registers.edx: 0
registers.ebx: 2130567168
registers.esi: 0
registers.ecx: 0
process_identifier: 284
success 0 0
Resumed a suspended thread in a remote process potentially indicative of process injection (2 个事件)
Process injection Process 2104 resumed a thread in remote process 284
Time & API Arguments Status Return Repeated
1619303931.289625
NtResumeThread
thread_handle: 0x0000010c
suspend_count: 1
process_identifier: 284
success 0 0
Executed a process and injected code into it, probably while unpacking (6 个事件)
Time & API Arguments Status Return Repeated
1619303930.492625
CreateProcessInternalW
thread_identifier: 2264
thread_handle: 0x0000010c
process_identifier: 284
current_directory:
filepath:
track: 1
command_line: "C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\220e170602aa98087f6037b63bf98b47.exe"
filepath_r:
stack_pivoted: 0
creation_flags: 4 (CREATE_SUSPENDED)
process_handle: 0x00000114
inherit_handles: 0
success 1 0
1619303930.492625
NtUnmapViewOfSection
process_identifier: 284
region_size: 4096
process_handle: 0x00000114
base_address: 0x00400000
success 0 0
1619303930.507625
NtMapViewOfSection
section_handle: 0x00000128
process_identifier: 284
commit_size: 520192
win32_protect: 64 (PAGE_EXECUTE_READWRITE)
buffer:
process_handle: 0x00000114
allocation_type: 0 ()
section_offset: 0
view_size: 520192
base_address: 0x00400000
success 0 0
1619303930.539625
NtGetContextThread
thread_handle: 0x0000010c
success 0 0
1619303930.539625
NtSetContextThread
thread_handle: 0x0000010c
registers.eip: 0
registers.esp: 0
registers.edi: 0
registers.eax: 4707504
registers.ebp: 0
registers.edx: 0
registers.ebx: 2130567168
registers.esi: 0
registers.ecx: 0
process_identifier: 284
success 0 0
1619303931.289625
NtResumeThread
thread_handle: 0x0000010c
suspend_count: 1
process_identifier: 284
success 0 0
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

1992-06-20 06:22:17

Imports

Library kernel32.dll:
0x47b150 VirtualFree
0x47b154 VirtualAlloc
0x47b158 LocalFree
0x47b15c LocalAlloc
0x47b160 GetVersion
0x47b164 GetCurrentThreadId
0x47b170 VirtualQuery
0x47b174 WideCharToMultiByte
0x47b17c MultiByteToWideChar
0x47b180 lstrlenA
0x47b184 lstrcpynA
0x47b188 LoadLibraryExA
0x47b18c GetThreadLocale
0x47b190 GetStartupInfoA
0x47b194 GetProcAddress
0x47b198 GetModuleHandleA
0x47b19c GetModuleFileNameA
0x47b1a0 GetLocaleInfoA
0x47b1a4 GetLastError
0x47b1ac GetCommandLineA
0x47b1b0 FreeLibrary
0x47b1b4 FindFirstFileA
0x47b1b8 FindClose
0x47b1bc ExitProcess
0x47b1c0 WriteFile
0x47b1c8 RtlUnwind
0x47b1cc RaiseException
0x47b1d0 GetStdHandle
Library user32.dll:
0x47b1d8 GetKeyboardType
0x47b1dc LoadStringA
0x47b1e0 MessageBoxA
0x47b1e4 CharNextA
Library advapi32.dll:
0x47b1ec RegQueryValueExA
0x47b1f0 RegOpenKeyExA
0x47b1f4 RegCloseKey
Library oleaut32.dll:
0x47b1fc SysFreeString
0x47b200 SysReAllocStringLen
0x47b204 SysAllocStringLen
Library kernel32.dll:
0x47b20c TlsSetValue
0x47b210 TlsGetValue
0x47b214 LocalAlloc
0x47b218 GetModuleHandleA
Library advapi32.dll:
0x47b220 RegQueryValueExA
0x47b224 RegOpenKeyExA
0x47b228 RegCloseKey
Library kernel32.dll:
0x47b230 lstrcpyA
0x47b234 WriteFile
0x47b238 WaitForSingleObject
0x47b23c VirtualQuery
0x47b240 VirtualAlloc
0x47b244 Sleep
0x47b248 SizeofResource
0x47b24c SetThreadLocale
0x47b250 SetFilePointer
0x47b254 SetEvent
0x47b258 SetErrorMode
0x47b25c SetEndOfFile
0x47b260 ResetEvent
0x47b264 ReadFile
0x47b268 MulDiv
0x47b26c LockResource
0x47b270 LoadResource
0x47b274 LoadLibraryA
0x47b280 GlobalUnlock
0x47b284 GlobalReAlloc
0x47b288 GlobalHandle
0x47b28c GlobalLock
0x47b290 GlobalFree
0x47b294 GlobalFindAtomA
0x47b298 GlobalDeleteAtom
0x47b29c GlobalAlloc
0x47b2a0 GlobalAddAtomA
0x47b2a8 GetVersionExA
0x47b2ac GetVersion
0x47b2b0 GetTickCount
0x47b2b4 GetThreadLocale
0x47b2bc GetSystemTime
0x47b2c0 GetSystemInfo
0x47b2c4 GetStringTypeExA
0x47b2c8 GetStdHandle
0x47b2cc GetProcAddress
0x47b2d0 GetModuleHandleA
0x47b2d4 GetModuleFileNameA
0x47b2d8 GetLogicalDrives
0x47b2dc GetLocaleInfoA
0x47b2e0 GetLocalTime
0x47b2e4 GetLastError
0x47b2e8 GetFullPathNameA
0x47b2ec GetFileAttributesA
0x47b2f0 GetDriveTypeA
0x47b2f4 GetDiskFreeSpaceA
0x47b2f8 GetDateFormatA
0x47b2fc GetCurrentThreadId
0x47b300 GetCurrentProcessId
0x47b304 GetCPInfo
0x47b308 GetACP
0x47b30c FreeResource
0x47b310 InterlockedExchange
0x47b314 FreeLibrary
0x47b318 FormatMessageA
0x47b31c FindResourceA
0x47b320 FindNextFileA
0x47b324 FindFirstFileA
0x47b328 FindClose
0x47b338 ExitThread
0x47b33c ExitProcess
0x47b340 EnumCalendarInfoA
0x47b34c CreateThread
0x47b350 CreateFileA
0x47b354 CreateEventA
0x47b358 CompareStringA
0x47b35c CloseHandle
Library mpr.dll:
0x47b364 WNetGetConnectionA
Library version.dll:
0x47b36c VerQueryValueA
0x47b374 GetFileVersionInfoA
Library gdi32.dll:
0x47b37c UnrealizeObject
0x47b380 StretchBlt
0x47b384 SetWindowOrgEx
0x47b388 SetWindowExtEx
0x47b38c SetWinMetaFileBits
0x47b390 SetViewportOrgEx
0x47b394 SetViewportExtEx
0x47b398 SetTextColor
0x47b39c SetStretchBltMode
0x47b3a0 SetROP2
0x47b3a4 SetPixel
0x47b3a8 SetMapMode
0x47b3ac SetEnhMetaFileBits
0x47b3b0 SetDIBColorTable
0x47b3b4 SetBrushOrgEx
0x47b3b8 SetBkMode
0x47b3bc SetBkColor
0x47b3c0 SelectPalette
0x47b3c4 SelectObject
0x47b3c8 SaveDC
0x47b3cc RestoreDC
0x47b3d0 Rectangle
0x47b3d4 RectVisible
0x47b3d8 RealizePalette
0x47b3dc Polyline
0x47b3e0 PolyPolyline
0x47b3e4 PlayEnhMetaFile
0x47b3e8 PatBlt
0x47b3ec MoveToEx
0x47b3f0 MaskBlt
0x47b3f4 LineTo
0x47b3f8 IntersectClipRect
0x47b3fc GetWindowOrgEx
0x47b400 GetWinMetaFileBits
0x47b404 GetTextMetricsA
0x47b410 GetStockObject
0x47b414 GetPixel
0x47b418 GetPaletteEntries
0x47b41c GetObjectA
0x47b428 GetEnhMetaFileBits
0x47b42c GetDeviceCaps
0x47b430 GetDIBits
0x47b434 GetDIBColorTable
0x47b438 GetDCOrgEx
0x47b440 GetClipBox
0x47b444 GetBrushOrgEx
0x47b448 GetBitmapBits
0x47b44c ExtTextOutA
0x47b450 ExtCreatePen
0x47b454 ExcludeClipRect
0x47b458 DeleteObject
0x47b45c DeleteEnhMetaFile
0x47b460 DeleteDC
0x47b464 CreateSolidBrush
0x47b468 CreatePenIndirect
0x47b46c CreatePen
0x47b470 CreatePalette
0x47b478 CreateFontIndirectA
0x47b47c CreateDIBitmap
0x47b480 CreateDIBSection
0x47b484 CreateCompatibleDC
0x47b48c CreateBrushIndirect
0x47b490 CreateBitmap
0x47b494 CopyEnhMetaFileA
0x47b498 BitBlt
Library user32.dll:
0x47b4a0 CreateWindowExA
0x47b4a4 WindowFromPoint
0x47b4a8 WinHelpA
0x47b4ac WaitMessage
0x47b4b0 ValidateRect
0x47b4b4 UpdateWindow
0x47b4b8 UnregisterClassA
0x47b4bc UnionRect
0x47b4c0 UnhookWindowsHookEx
0x47b4c4 TranslateMessage
0x47b4cc TrackPopupMenu
0x47b4d4 ShowWindow
0x47b4d8 ShowScrollBar
0x47b4dc ShowOwnedPopups
0x47b4e0 ShowCursor
0x47b4e4 SetWindowsHookExA
0x47b4e8 SetWindowTextA
0x47b4ec SetWindowPos
0x47b4f0 SetWindowPlacement
0x47b4f4 SetWindowLongA
0x47b4f8 SetTimer
0x47b4fc SetScrollRange
0x47b500 SetScrollPos
0x47b504 SetScrollInfo
0x47b508 SetRect
0x47b50c SetPropA
0x47b510 SetParent
0x47b514 SetMenuItemInfoA
0x47b518 SetMenu
0x47b51c SetKeyboardState
0x47b520 SetForegroundWindow
0x47b524 SetFocus
0x47b528 SetCursor
0x47b52c SetClipboardData
0x47b530 SetClassLongA
0x47b534 SetCapture
0x47b538 SetActiveWindow
0x47b53c SendMessageA
0x47b540 ScrollWindowEx
0x47b544 ScrollWindow
0x47b548 ScreenToClient
0x47b54c RemovePropA
0x47b550 RemoveMenu
0x47b554 ReleaseDC
0x47b558 ReleaseCapture
0x47b564 RegisterClassA
0x47b568 RedrawWindow
0x47b56c PtInRect
0x47b570 PostQuitMessage
0x47b574 PostMessageA
0x47b578 PeekMessageA
0x47b57c OpenClipboard
0x47b580 OffsetRect
0x47b584 OemToCharA
0x47b588 MessageBoxA
0x47b58c MessageBeep
0x47b590 MapWindowPoints
0x47b594 MapVirtualKeyA
0x47b598 LoadStringA
0x47b59c LoadKeyboardLayoutA
0x47b5a0 LoadIconA
0x47b5a4 LoadCursorA
0x47b5a8 LoadBitmapA
0x47b5ac KillTimer
0x47b5b0 IsZoomed
0x47b5b4 IsWindowVisible
0x47b5b8 IsWindowEnabled
0x47b5bc IsWindow
0x47b5c0 IsRectEmpty
0x47b5c4 IsIconic
0x47b5c8 IsDialogMessageA
0x47b5cc IsChild
0x47b5d0 IsCharAlphaNumericA
0x47b5d4 IsCharAlphaA
0x47b5d8 InvalidateRect
0x47b5dc IntersectRect
0x47b5e0 InsertMenuItemA
0x47b5e4 InsertMenuA
0x47b5e8 InflateRect
0x47b5f0 GetWindowTextA
0x47b5f4 GetWindowRect
0x47b5f8 GetWindowPlacement
0x47b5fc GetWindowLongA
0x47b600 GetWindowDC
0x47b604 GetTopWindow
0x47b608 GetSystemMetrics
0x47b60c GetSystemMenu
0x47b610 GetSysColorBrush
0x47b614 GetSysColor
0x47b618 GetSubMenu
0x47b61c GetScrollRange
0x47b620 GetScrollPos
0x47b624 GetScrollInfo
0x47b628 GetPropA
0x47b62c GetParent
0x47b630 GetWindow
0x47b634 GetMessageTime
0x47b638 GetMenuStringA
0x47b63c GetMenuState
0x47b640 GetMenuItemInfoA
0x47b644 GetMenuItemID
0x47b648 GetMenuItemCount
0x47b64c GetMenu
0x47b650 GetLastActivePopup
0x47b654 GetKeyboardState
0x47b65c GetKeyboardLayout
0x47b660 GetKeyState
0x47b664 GetKeyNameTextA
0x47b668 GetIconInfo
0x47b66c GetForegroundWindow
0x47b670 GetFocus
0x47b674 GetDoubleClickTime
0x47b678 GetDesktopWindow
0x47b67c GetDCEx
0x47b680 GetDC
0x47b684 GetCursorPos
0x47b688 GetCursor
0x47b68c GetClipboardData
0x47b690 GetClientRect
0x47b694 GetClassNameA
0x47b698 GetClassInfoA
0x47b69c GetCaretPos
0x47b6a0 GetCapture
0x47b6a4 GetActiveWindow
0x47b6a8 FrameRect
0x47b6ac FindWindowA
0x47b6b0 FillRect
0x47b6b4 EqualRect
0x47b6b8 EnumWindows
0x47b6bc EnumThreadWindows
0x47b6c4 EndPaint
0x47b6c8 EnableWindow
0x47b6cc EnableScrollBar
0x47b6d0 EnableMenuItem
0x47b6d4 EmptyClipboard
0x47b6d8 DrawTextA
0x47b6dc DrawMenuBar
0x47b6e0 DrawIconEx
0x47b6e4 DrawIcon
0x47b6e8 DrawFrameControl
0x47b6ec DrawFocusRect
0x47b6f0 DrawEdge
0x47b6f4 DispatchMessageA
0x47b6f8 DestroyWindow
0x47b6fc DestroyMenu
0x47b700 DestroyIcon
0x47b704 DestroyCursor
0x47b708 DeleteMenu
0x47b70c DefWindowProcA
0x47b710 DefMDIChildProcA
0x47b714 DefFrameProcA
0x47b718 CreatePopupMenu
0x47b71c CreateMenu
0x47b720 CreateIcon
0x47b724 CloseClipboard
0x47b728 ClientToScreen
0x47b72c CheckMenuItem
0x47b730 CallWindowProcA
0x47b734 CallNextHookEx
0x47b738 BeginPaint
0x47b73c CharNextA
0x47b740 CharLowerBuffA
0x47b744 CharLowerA
0x47b748 CharUpperBuffA
0x47b74c CharToOemA
0x47b750 AdjustWindowRectEx
Library kernel32.dll:
0x47b75c Sleep
Library oleaut32.dll:
0x47b764 SafeArrayPtrOfIndex
0x47b768 SafeArrayGetUBound
0x47b76c SafeArrayGetLBound
0x47b770 SafeArrayCreate
0x47b774 VariantChangeType
0x47b778 VariantCopy
0x47b77c VariantClear
0x47b780 VariantInit
Library comctl32.dll:
0x47b790 ImageList_Write
0x47b794 ImageList_Read
0x47b7a4 ImageList_DragMove
0x47b7a8 ImageList_DragLeave
0x47b7ac ImageList_DragEnter
0x47b7b0 ImageList_EndDrag
0x47b7b4 ImageList_BeginDrag
0x47b7b8 ImageList_Remove
0x47b7bc ImageList_DrawEx
0x47b7c0 ImageList_Draw
0x47b7d0 ImageList_Add
0x47b7d8 ImageList_Destroy
0x47b7dc ImageList_Create
0x47b7e0 InitCommonControls
Library kernel32.dll:
0x47b7e8 MulDiv

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 50002 114.114.114.114 53
192.168.56.101 53237 114.114.114.114 53
192.168.56.101 57756 114.114.114.114 53
192.168.56.101 58367 114.114.114.114 53
192.168.56.101 62318 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 123 20.189.79.72 time.windows.com 123
192.168.56.101 49235 224.0.0.252 5355
192.168.56.101 50534 224.0.0.252 5355
192.168.56.101 51963 224.0.0.252 5355
192.168.56.101 53657 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 57874 224.0.0.252 5355
192.168.56.101 62191 224.0.0.252 5355
192.168.56.101 63429 224.0.0.252 5355
192.168.56.101 1900 239.255.255.250 1900
192.168.56.101 50003 239.255.255.250 3702
192.168.56.101 51966 239.255.255.250 1900
192.168.56.101 58368 239.255.255.250 3702

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.