6.2
高危
60 个模型检测该样本为恶意!
重新分析
更多

b00945cd0c4c0ec8a60178147f75757ceeb27574d8edad11f435ed7105a92e33

245241858d9622034df70d00363025ee.exe

分析耗时

22s

最近分析

文件大小

758.0KB
静态报毒 动态报毒 AGENTTESLA AI SCORE=88 AIDETECTVM AUTO CLASSIC CONFIDENCE DELF DELPHI DELPHILESS EMHC FAREIT GENERICKD HIGH CONFIDENCE HKYBKV INJECT3 JYLZ KRYPTIK MALWARE2 MALWARE@#6P282Z3PF1U4 MRVCX QVM05 SCORE STATIC AI SUSPICIOUS PE TRJGEN TSCOPE UNSAFE VGW@AUIFW2MI X2066 ZELPHIF 更多
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
McAfee Fareit-FTB!245241858D96 20201120 6.0.6.653
Alibaba Trojan:Win32/Obfuscator.35c5eab6 20190527 0.3.0.5
CrowdStrike win/malicious_confidence_80% (W) 20190702 1.0
Baidu 20190318 1.0.0.2
Avast Win32:Trojan-gen 20201120 20.10.5736.0
Kingsoft 20201121 2017.9.26.565
Tencent Win32.Trojan.Inject.Auto 20201121 1.0.0.1
静态指标
The executable contains unknown PE section names indicative of a packer (could be a false positive) (3 个事件)
section CODE
section DATA
section BSS
The executable uses a known packer (1 个事件)
packer BobSoft Mini Delphi -> BoB / BobSoft
One or more processes crashed (2 个事件)
Time & API Arguments Status Return Repeated
1619269223.164465
__exception__
stacktrace: 
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 40369716
registers.edi: 0
registers.eax: 0
registers.ebp: 40370056
registers.edx: 6
registers.ebx: 0
registers.esi: 0
registers.ecx: 0
exception.instruction_r: f7 f0 33 c0 5a 59 59 64 89 10 e9 a3 8b 00 00 e9
exception.symbol: 245241858d9622034df70d00363025ee+0x62764
exception.instruction: div eax
exception.module: 245241858d9622034df70d00363025ee.exe
exception.exception_code: 0xc0000094
exception.offset: 403300
exception.address: 0x462764
success 0 0
1619272528.264501
__exception__
stacktrace: 
CreateFileMappingW+0xe5 OpenFileMappingW-0x29 kernelbase+0xdc73 @ 0x778edc73
GetFileVersion+0xa7 ND_RI2-0x2eb mscoreei+0xe97b @ 0x7501e97b
GetFileVersion+0x1bb ND_RI2-0x1d7 mscoreei+0xea8f @ 0x7501ea8f
RegisterShimImplCallback+0x48e5 CLRCreateInstance-0x13e6 mscoreei+0xb25a @ 0x7501b25a
RegisterShimImplCallback+0x4b52 CLRCreateInstance-0x1179 mscoreei+0xb4c7 @ 0x7501b4c7
RegisterShimImplCallback+0x4300 CLRCreateInstance-0x19cb mscoreei+0xac75 @ 0x7501ac75
RegisterShimImplCallback+0x4561 CLRCreateInstance-0x176a mscoreei+0xaed6 @ 0x7501aed6
CreateConfigStream+0xc89 _CorExeMain-0x62 mscoreei+0x5511 @ 0x75015511
_CorExeMain+0x2b _CorExeMain2-0x141 mscoreei+0x559e @ 0x7501559e
CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x75177f16
_CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x75174de3
245241858d9622034df70d00363025ee+0x5aa4d @ 0x45aa4d
245241858d9622034df70d00363025ee+0x53254 @ 0x453254
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1634372
registers.edi: 2
registers.eax: 1
registers.ebp: 1634412
registers.edx: 228
registers.ebx: 983045
registers.esi: 1634532
registers.ecx: 228
exception.symbol:
exception.exception_code: 0xc0000005
exception.address: 0xfd0714ad
success 0 0
行为判定
动态指标
One or more potentially interesting buffers were extracted, these generally contain injected code, configuration data, etc.
Allocates read-write-execute memory (usually to unpack itself) (30 个事件)
Time & API Arguments Status Return Repeated
1619269223.086465
NtAllocateVirtualMemory
process_identifier: 284
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x003f0000
success 0 0
1619269223.164465
NtProtectVirtualMemory
process_identifier: 284
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 40960
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00462000
success 0 0
1619269223.164465
NtAllocateVirtualMemory
process_identifier: 284
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00860000
success 0 0
1619272527.280501
NtProtectVirtualMemory
process_identifier: 2116
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00400000
success 0 0
1619272527.343501
NtAllocateVirtualMemory
process_identifier: 2116
region_size: 1900544
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 8192 (MEM_RESERVE)
base_address: 0x01f00000
success 0 0
1619272527.343501
NtAllocateVirtualMemory
process_identifier: 2116
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x02090000
success 0 0
1619272527.343501
NtAllocateVirtualMemory
process_identifier: 2116
region_size: 335872
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00830000
success 0 0
1619272527.343501
NtProtectVirtualMemory
process_identifier: 2116
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 307200
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00832000
success 0 0
1619272527.780501
NtAllocateVirtualMemory
process_identifier: 2116
region_size: 655360
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 8192 (MEM_RESERVE)
base_address: 0x01f00000
success 0 0
1619272527.780501
NtAllocateVirtualMemory
process_identifier: 2116
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x01f60000
success 0 0
1619272528.186501
NtProtectVirtualMemory
process_identifier: 2116
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00562000
success 0 0
1619272528.186501
NtProtectVirtualMemory
process_identifier: 2116
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76351000
success 0 0
1619272528.202501
NtProtectVirtualMemory
process_identifier: 2116
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00562000
success 0 0
1619272528.202501
NtProtectVirtualMemory
process_identifier: 2116
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76353000
success 0 0
1619272528.202501
NtProtectVirtualMemory
process_identifier: 2116
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00562000
success 0 0
1619272528.202501
NtProtectVirtualMemory
process_identifier: 2116
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76354000
success 0 0
1619272528.202501
NtProtectVirtualMemory
process_identifier: 2116
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00562000
success 0 0
1619272528.202501
NtProtectVirtualMemory
process_identifier: 2116
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76351000
success 0 0
1619272528.202501
NtProtectVirtualMemory
process_identifier: 2116
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00562000
success 0 0
1619272528.202501
NtProtectVirtualMemory
process_identifier: 2116
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x77d4f000
success 0 0
1619272528.202501
NtProtectVirtualMemory
process_identifier: 2116
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00562000
success 0 0
1619272528.202501
NtProtectVirtualMemory
process_identifier: 2116
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76353000
success 0 0
1619272528.202501
NtProtectVirtualMemory
process_identifier: 2116
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00562000
success 0 0
1619272528.202501
NtProtectVirtualMemory
process_identifier: 2116
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76351000
success 0 0
1619272528.202501
NtProtectVirtualMemory
process_identifier: 2116
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00562000
success 0 0
1619272528.202501
NtProtectVirtualMemory
process_identifier: 2116
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76351000
success 0 0
1619272528.202501
NtProtectVirtualMemory
process_identifier: 2116
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00562000
success 0 0
1619272528.202501
NtProtectVirtualMemory
process_identifier: 2116
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76354000
success 0 0
1619272528.202501
NtProtectVirtualMemory
process_identifier: 2116
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00562000
success 0 0
1619272528.202501
NtProtectVirtualMemory
process_identifier: 2116
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76351000
success 0 0
Searches running processes potentially to identify processes for sandbox evasion, code injection or memory dumping (3 个事件)
The binary likely contains encrypted or compressed data indicative of a packer (2 个事件)
entropy 7.203993318644641 section {'size_of_data': '0x00047e00', 'virtual_address': '0x0007c000', 'entropy': 7.203993318644641, 'name': '.rsrc', 'virtual_size': '0x00047d9c'} description A section with a high entropy has been found
entropy 0.3797886393659181 description Overall entropy of this PE file is high
网络通信
Communicates with host for which no DNS query was performed (1 个事件)
host 172.217.24.14
Used NtSetContextThread to modify a thread in a remote process indicative of process injection (2 个事件)
Process injection Process 284 called NtSetContextThread to modify thread in remote process 2116
Time & API Arguments Status Return Repeated
1619269223.383465
NtSetContextThread
thread_handle: 0x00000114
registers.eip: 0
registers.esp: 0
registers.edi: 0
registers.eax: 4908208
registers.ebp: 0
registers.edx: 0
registers.ebx: 2130567168
registers.esi: 0
registers.ecx: 0
process_identifier: 2116
success 0 0
Resumed a suspended thread in a remote process potentially indicative of process injection (2 个事件)
Process injection Process 284 resumed a thread in remote process 2116
Time & API Arguments Status Return Repeated
1619269223.602465
NtResumeThread
thread_handle: 0x00000114
suspend_count: 1
process_identifier: 2116
success 0 0
Executed a process and injected code into it, probably while unpacking (6 个事件)
Time & API Arguments Status Return Repeated
1619269223.368465
CreateProcessInternalW
thread_identifier: 2520
thread_handle: 0x00000114
process_identifier: 2116
current_directory:
filepath:
track: 1
command_line: "C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\245241858d9622034df70d00363025ee.exe"
filepath_r:
stack_pivoted: 0
creation_flags: 4 (CREATE_SUSPENDED)
process_handle: 0x00000118
inherit_handles: 0
success 1 0
1619269223.368465
NtUnmapViewOfSection
process_identifier: 2116
region_size: 4096
process_handle: 0x00000118
base_address: 0x00400000
success 0 0
1619269223.368465
NtMapViewOfSection
section_handle: 0x00000120
process_identifier: 2116
commit_size: 720896
win32_protect: 64 (PAGE_EXECUTE_READWRITE)
buffer:
process_handle: 0x00000118
allocation_type: 0 ()
section_offset: 0
view_size: 720896
base_address: 0x00400000
success 0 0
1619269223.383465
NtGetContextThread
thread_handle: 0x00000114
success 0 0
1619269223.383465
NtSetContextThread
thread_handle: 0x00000114
registers.eip: 0
registers.esp: 0
registers.edi: 0
registers.eax: 4908208
registers.ebp: 0
registers.edx: 0
registers.ebx: 2130567168
registers.esi: 0
registers.ecx: 0
process_identifier: 2116
success 0 0
1619269223.602465
NtResumeThread
thread_handle: 0x00000114
suspend_count: 1
process_identifier: 2116
success 0 0
File has been identified by 60 AntiVirus engines on VirusTotal as malicious (50 out of 60 个事件)
Bkav W32.AIDetectVM.malware2
Elastic malicious (high confidence)
MicroWorld-eScan Trojan.GenericKD.33957949
McAfee Fareit-FTB!245241858D96
Cylance Unsafe
Zillya Trojan.Fareit.Win32.35968
SUPERAntiSpyware Trojan.Agent/Gen-Injector
Sangfor Malware
K7AntiVirus Trojan ( 005680341 )
Alibaba Trojan:Win32/Obfuscator.35c5eab6
K7GW Trojan ( 005680341 )
CrowdStrike win/malicious_confidence_80% (W)
Arcabit Trojan.Generic.D206283D
Invincea Mal/Generic-S
BitDefenderTheta Gen:NN.ZelphiF.34634.VGW@auIFw2mi
Cyren W32/Injector.JYLZ-3016
Symantec Trojan.Gen.2
APEX Malicious
Paloalto generic.ml
ClamAV Win.Trojan.Fareit-7997137-0
Kaspersky HEUR:Trojan.Win32.Kryptik.gen
BitDefender Trojan.GenericKD.33957949
NANO-Antivirus Trojan.Win32.TrjGen.hkybkv
Avast Win32:Trojan-gen
Rising Trojan.Injector!1.C77F (CLASSIC)
Ad-Aware Trojan.GenericKD.33957949
Sophos Mal/Generic-S
Comodo Malware@#6p282z3pf1u4
F-Secure Dropper.DR/Delphi.mrvcx
DrWeb Trojan.Inject3.41033
VIPRE Trojan.Win32.Generic!BT
McAfee-GW-Edition BehavesLike.Win32.Fareit.bc
FireEye Generic.mg.245241858d962203
Emsisoft Trojan.GenericKD.33957949 (B)
SentinelOne Static AI - Suspicious PE
Jiangmin Trojan-PSW.Fareit.g
Webroot W32.Trojan.Gen
Avira DR/Delphi.mrvcx
MAX malware (ai score=88)
Antiy-AVL Trojan/Win32.Kryptik
Gridinsoft Trojan.Win32.Agent.vb
Microsoft Trojan:Win32/Obfuscator.KI!MTB
AegisLab Trojan.Multi.Generic.4!c
ZoneAlarm HEUR:Trojan.Win32.Kryptik.gen
GData Trojan.GenericKD.33957949
Cynet Malicious (score: 100)
AhnLab-V3 Suspicious/Win.Delphiless.X2066
Acronis suspicious
ALYac Trojan.GenericKD.33957949
VBA32 TScope.Trojan.Delf
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

1992-06-20 06:22:17

Imports

Library kernel32.dll:
0x46f150 VirtualFree
0x46f154 VirtualAlloc
0x46f158 LocalFree
0x46f15c LocalAlloc
0x46f160 GetVersion
0x46f164 GetCurrentThreadId
0x46f170 VirtualQuery
0x46f174 WideCharToMultiByte
0x46f17c MultiByteToWideChar
0x46f180 lstrlenA
0x46f184 lstrcpynA
0x46f188 LoadLibraryExA
0x46f18c GetThreadLocale
0x46f190 GetStartupInfoA
0x46f194 GetProcAddress
0x46f198 GetModuleHandleA
0x46f19c GetModuleFileNameA
0x46f1a0 GetLocaleInfoA
0x46f1a4 GetLastError
0x46f1ac GetCommandLineA
0x46f1b0 FreeLibrary
0x46f1b4 FindFirstFileA
0x46f1b8 FindClose
0x46f1bc ExitProcess
0x46f1c0 WriteFile
0x46f1c8 RtlUnwind
0x46f1cc RaiseException
0x46f1d0 GetStdHandle
Library user32.dll:
0x46f1d8 GetKeyboardType
0x46f1dc LoadStringA
0x46f1e0 MessageBoxA
0x46f1e4 CharNextA
Library advapi32.dll:
0x46f1ec RegQueryValueExA
0x46f1f0 RegOpenKeyExA
0x46f1f4 RegCloseKey
Library oleaut32.dll:
0x46f1fc SysFreeString
0x46f200 SysReAllocStringLen
0x46f204 SysAllocStringLen
Library kernel32.dll:
0x46f20c TlsSetValue
0x46f210 TlsGetValue
0x46f214 LocalAlloc
0x46f218 GetModuleHandleA
Library advapi32.dll:
0x46f220 RegQueryValueExA
0x46f224 RegOpenKeyExA
0x46f228 RegCloseKey
Library kernel32.dll:
0x46f230 lstrcpyA
0x46f234 WriteFile
0x46f23c WaitForSingleObject
0x46f240 VirtualQuery
0x46f244 VirtualAlloc
0x46f248 Sleep
0x46f24c SizeofResource
0x46f250 SetThreadLocale
0x46f254 SetFilePointer
0x46f258 SetEvent
0x46f25c SetErrorMode
0x46f260 SetEndOfFile
0x46f264 ResetEvent
0x46f268 ReadFile
0x46f26c MulDiv
0x46f270 LockResource
0x46f274 LoadResource
0x46f278 LoadLibraryA
0x46f284 GlobalUnlock
0x46f288 GlobalReAlloc
0x46f28c GlobalHandle
0x46f290 GlobalLock
0x46f294 GlobalFree
0x46f298 GlobalFindAtomA
0x46f29c GlobalDeleteAtom
0x46f2a0 GlobalAlloc
0x46f2a4 GlobalAddAtomA
0x46f2ac GetVersionExA
0x46f2b0 GetVersion
0x46f2b4 GetTickCount
0x46f2b8 GetThreadLocale
0x46f2c0 GetSystemTime
0x46f2c4 GetSystemInfo
0x46f2c8 GetStringTypeExA
0x46f2cc GetStdHandle
0x46f2d0 GetProcAddress
0x46f2d4 GetModuleHandleA
0x46f2d8 GetModuleFileNameA
0x46f2dc GetLocaleInfoA
0x46f2e0 GetLocalTime
0x46f2e4 GetLastError
0x46f2e8 GetFullPathNameA
0x46f2ec GetFileAttributesA
0x46f2f0 GetDiskFreeSpaceA
0x46f2f4 GetDateFormatA
0x46f2f8 GetCurrentThreadId
0x46f2fc GetCurrentProcessId
0x46f300 GetCPInfo
0x46f304 GetACP
0x46f308 FreeResource
0x46f30c InterlockedExchange
0x46f310 FreeLibrary
0x46f314 FormatMessageA
0x46f318 FindResourceA
0x46f31c FindNextFileA
0x46f320 FindFirstFileA
0x46f324 FindClose
0x46f330 ExitThread
0x46f334 EnumCalendarInfoA
0x46f340 CreateThread
0x46f344 CreateFileA
0x46f348 CreateEventA
0x46f34c CompareStringA
0x46f350 CloseHandle
Library version.dll:
0x46f358 VerQueryValueA
0x46f360 GetFileVersionInfoA
Library gdi32.dll:
0x46f368 UnrealizeObject
0x46f36c StretchBlt
0x46f370 SetWindowOrgEx
0x46f374 SetWinMetaFileBits
0x46f378 SetViewportOrgEx
0x46f37c SetTextColor
0x46f380 SetStretchBltMode
0x46f384 SetROP2
0x46f388 SetPixel
0x46f38c SetEnhMetaFileBits
0x46f390 SetDIBColorTable
0x46f394 SetBrushOrgEx
0x46f398 SetBkMode
0x46f39c SetBkColor
0x46f3a0 SelectPalette
0x46f3a4 SelectObject
0x46f3a8 SaveDC
0x46f3ac RestoreDC
0x46f3b0 Rectangle
0x46f3b4 RectVisible
0x46f3b8 RealizePalette
0x46f3bc Polyline
0x46f3c0 PlayEnhMetaFile
0x46f3c4 PatBlt
0x46f3c8 MoveToEx
0x46f3cc MaskBlt
0x46f3d0 LineTo
0x46f3d4 IntersectClipRect
0x46f3d8 GetWindowOrgEx
0x46f3dc GetWinMetaFileBits
0x46f3e0 GetTextMetricsA
0x46f3ec GetStockObject
0x46f3f0 GetPixel
0x46f3f4 GetPaletteEntries
0x46f3f8 GetObjectA
0x46f404 GetEnhMetaFileBits
0x46f408 GetDeviceCaps
0x46f40c GetDIBits
0x46f410 GetDIBColorTable
0x46f414 GetDCOrgEx
0x46f41c GetClipBox
0x46f420 GetBrushOrgEx
0x46f424 GetBitmapBits
0x46f428 ExtTextOutA
0x46f42c ExcludeClipRect
0x46f430 DeleteObject
0x46f434 DeleteEnhMetaFile
0x46f438 DeleteDC
0x46f43c CreateSolidBrush
0x46f440 CreatePenIndirect
0x46f444 CreatePalette
0x46f44c CreateFontIndirectA
0x46f450 CreateDIBitmap
0x46f454 CreateDIBSection
0x46f458 CreateCompatibleDC
0x46f460 CreateBrushIndirect
0x46f464 CreateBitmap
0x46f468 CopyEnhMetaFileA
0x46f46c BitBlt
Library opengl32.dll:
0x46f474 wglDeleteContext
Library user32.dll:
0x46f47c CreateWindowExA
0x46f480 WindowFromPoint
0x46f484 WinHelpA
0x46f488 WaitMessage
0x46f48c UpdateWindow
0x46f490 UnregisterClassA
0x46f494 UnhookWindowsHookEx
0x46f498 TranslateMessage
0x46f4a0 TrackPopupMenu
0x46f4a8 ShowWindow
0x46f4ac ShowScrollBar
0x46f4b0 ShowOwnedPopups
0x46f4b4 ShowCursor
0x46f4b8 SetWindowsHookExA
0x46f4bc SetWindowTextA
0x46f4c0 SetWindowPos
0x46f4c4 SetWindowPlacement
0x46f4c8 SetWindowLongA
0x46f4cc SetTimer
0x46f4d0 SetScrollRange
0x46f4d4 SetScrollPos
0x46f4d8 SetScrollInfo
0x46f4dc SetRect
0x46f4e0 SetPropA
0x46f4e4 SetParent
0x46f4e8 SetMenuItemInfoA
0x46f4ec SetMenu
0x46f4f0 SetForegroundWindow
0x46f4f4 SetFocus
0x46f4f8 SetCursor
0x46f4fc SetClassLongA
0x46f500 SetCapture
0x46f504 SetActiveWindow
0x46f508 SendMessageA
0x46f50c ScrollWindow
0x46f510 ScreenToClient
0x46f514 RemovePropA
0x46f518 RemoveMenu
0x46f51c ReleaseDC
0x46f520 ReleaseCapture
0x46f52c RegisterClassA
0x46f530 RedrawWindow
0x46f534 PtInRect
0x46f538 PostQuitMessage
0x46f53c PostMessageA
0x46f540 PeekMessageA
0x46f544 OffsetRect
0x46f548 OemToCharA
0x46f54c MessageBoxA
0x46f550 MapWindowPoints
0x46f554 MapVirtualKeyA
0x46f558 LoadStringA
0x46f55c LoadKeyboardLayoutA
0x46f560 LoadIconA
0x46f564 LoadCursorA
0x46f568 LoadBitmapA
0x46f56c KillTimer
0x46f570 IsZoomed
0x46f574 IsWindowVisible
0x46f578 IsWindowEnabled
0x46f57c IsWindow
0x46f580 IsRectEmpty
0x46f584 IsIconic
0x46f588 IsDialogMessageA
0x46f58c IsChild
0x46f590 InvalidateRect
0x46f594 IntersectRect
0x46f598 InsertMenuItemA
0x46f59c InsertMenuA
0x46f5a0 InflateRect
0x46f5a8 GetWindowTextA
0x46f5ac GetWindowRect
0x46f5b0 GetWindowPlacement
0x46f5b4 GetWindowLongA
0x46f5b8 GetWindowDC
0x46f5bc GetTopWindow
0x46f5c0 GetSystemMetrics
0x46f5c4 GetSystemMenu
0x46f5c8 GetSysColorBrush
0x46f5cc GetSysColor
0x46f5d0 GetSubMenu
0x46f5d4 GetScrollRange
0x46f5d8 GetScrollPos
0x46f5dc GetScrollInfo
0x46f5e0 GetPropA
0x46f5e4 GetParent
0x46f5e8 GetWindow
0x46f5ec GetMenuStringA
0x46f5f0 GetMenuState
0x46f5f4 GetMenuItemInfoA
0x46f5f8 GetMenuItemID
0x46f5fc GetMenuItemCount
0x46f600 GetMenu
0x46f604 GetLastActivePopup
0x46f608 GetKeyboardState
0x46f610 GetKeyboardLayout
0x46f614 GetKeyState
0x46f618 GetKeyNameTextA
0x46f61c GetIconInfo
0x46f620 GetForegroundWindow
0x46f624 GetFocus
0x46f628 GetDlgItem
0x46f62c GetDesktopWindow
0x46f630 GetDCEx
0x46f634 GetDC
0x46f638 GetCursorPos
0x46f63c GetCursor
0x46f640 GetClipboardData
0x46f644 GetClientRect
0x46f648 GetClassNameA
0x46f64c GetClassInfoA
0x46f650 GetCapture
0x46f654 GetActiveWindow
0x46f658 FrameRect
0x46f65c FindWindowA
0x46f660 FillRect
0x46f664 EqualRect
0x46f668 EnumWindows
0x46f66c EnumThreadWindows
0x46f670 EndPaint
0x46f674 EnableWindow
0x46f678 EnableScrollBar
0x46f67c EnableMenuItem
0x46f680 DrawTextA
0x46f684 DrawMenuBar
0x46f688 DrawIconEx
0x46f68c DrawIcon
0x46f690 DrawFrameControl
0x46f694 DrawFocusRect
0x46f698 DrawEdge
0x46f69c DispatchMessageA
0x46f6a0 DestroyWindow
0x46f6a4 DestroyMenu
0x46f6a8 DestroyIcon
0x46f6ac DestroyCursor
0x46f6b0 DeleteMenu
0x46f6b4 DefWindowProcA
0x46f6b8 DefMDIChildProcA
0x46f6bc DefFrameProcA
0x46f6c0 CreatePopupMenu
0x46f6c4 CreateMenu
0x46f6c8 CreateIcon
0x46f6cc ClientToScreen
0x46f6d0 CheckMenuItem
0x46f6d4 CallWindowProcA
0x46f6d8 CallNextHookEx
0x46f6dc BeginPaint
0x46f6e0 CharNextA
0x46f6e4 CharLowerBuffA
0x46f6e8 CharLowerA
0x46f6ec CharToOemA
0x46f6f0 AdjustWindowRectEx
Library kernel32.dll:
0x46f6fc Sleep
Library oleaut32.dll:
0x46f704 SafeArrayPtrOfIndex
0x46f708 SafeArrayGetUBound
0x46f70c SafeArrayGetLBound
0x46f710 SafeArrayCreate
0x46f714 VariantChangeType
0x46f718 VariantCopy
0x46f71c VariantClear
0x46f720 VariantInit
Library comctl32.dll:
0x46f730 ImageList_Write
0x46f734 ImageList_Read
0x46f744 ImageList_DragMove
0x46f748 ImageList_DragLeave
0x46f74c ImageList_DragEnter
0x46f750 ImageList_EndDrag
0x46f754 ImageList_BeginDrag
0x46f758 ImageList_Remove
0x46f75c ImageList_DrawEx
0x46f760 ImageList_Replace
0x46f764 ImageList_Draw
0x46f774 ImageList_Add
0x46f77c ImageList_Destroy
0x46f780 ImageList_Create
0x46f784 InitCommonControls
Library comdlg32.dll:
0x46f78c GetOpenFileNameA

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 49235 114.114.114.114 53
192.168.56.101 50534 114.114.114.114 53
192.168.56.101 56539 114.114.114.114 53
192.168.56.101 65004 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 51378 224.0.0.252 5355
192.168.56.101 51808 224.0.0.252 5355
192.168.56.101 55368 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 60123 224.0.0.252 5355
192.168.56.101 62191 224.0.0.252 5355
192.168.56.101 1900 239.255.255.250 1900
192.168.56.101 50535 239.255.255.250 3702
192.168.56.101 51379 239.255.255.250 3702
192.168.56.101 56540 239.255.255.250 3702
192.168.56.101 56807 239.255.255.250 1900
192.168.56.101 58707 239.255.255.250 3702

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.