11.0
0-day
59 个模型检测该样本为恶意!
重新分析
更多

ada69719a8c7620548af5136d2529435cfc4a676163c64e85b9a96644762a453

24cb2b3f467acd65ba4247b9e1a4a132.exe

分析耗时

73s

最近分析

文件大小

729.0KB
静态报毒 动态报毒 AGEN AGENTTESLA AI SCORE=81 AIDETECTVM ALI2000015 ANDROM AXEF CLASSIC CONFIDENCE DELF DELFINJECT DELPHILESS EMWU EMZL FAREIT HIGH CONFIDENCE HQPGMA HRZF KCLOUD KRYPTIK LOKIBOT MALWARE2 MALWARE@#3P7C4WBYHPX4T PUTTY SCORE SIGGEN10 TGW@AGWFGIAI THIBDBO TSCOPE UNSAFE WBKW X2094 ZELPHIF ZUSY 更多
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
CrowdStrike win/malicious_confidence_90% (W) 20190702 1.0
Baidu 20190318 1.0.0.2
Avast Win32:Malware-gen 20201210 21.1.5827.0
Alibaba Trojan:Win32/DelfInject.ali2000015 20190527 0.3.0.5
Tencent Win32.Backdoor.Androm.Hrzf 20201211 1.0.0.1
Kingsoft Win32.Hack.Undef.(kcloud) 20201211 2017.9.26.565
McAfee Fareit-FPQ!24CB2B3F467A 20201211 6.0.6.653
静态指标
Queries for the computername (1 个事件)
Time & API Arguments Status Return Repeated
1619291231.762876
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
Collects information to fingerprint the system (MachineGuid, DigitalProductId, SystemBiosDate) (1 个事件)
registry HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\MachineGuid
Tries to locate where the browsers are installed (1 个事件)
registry HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox
Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available (1 个事件)
Time & API Arguments Status Return Repeated
1619291229.996876
GlobalMemoryStatusEx
success 1 0
The executable contains unknown PE section names indicative of a packer (could be a false positive) (3 个事件)
section CODE
section DATA
section BSS
The executable uses a known packer (1 个事件)
packer BobSoft Mini Delphi -> BoB / BobSoft
行为判定
动态指标
One or more potentially interesting buffers were extracted, these generally contain injected code, configuration data, etc.
Allocates read-write-execute memory (usually to unpack itself) (3 个事件)
Time & API Arguments Status Return Repeated
1619269227.372538
NtAllocateVirtualMemory
process_identifier: 2248
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x003d0000
success 0 0
1619269227.591538
NtProtectVirtualMemory
process_identifier: 2248
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 65536
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00475000
success 0 0
1619269227.591538
NtAllocateVirtualMemory
process_identifier: 2248
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x004d0000
success 0 0
Steals private information from local Internet browsers (19 个事件)
file C:\Users\Administrator.Oskar-PC\AppData\Local\Google\Chrome\User Data\Default\Login Data
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\Opera\Opera Next\data\User Data\Default\Login Data
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\Opera\Opera Next\data\User Data\Default\Web Data
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\Opera\Opera Next\data\Login Data
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\Opera\Opera Next\data\Default\Login Data
file C:\Users\Administrator.Oskar-PC\AppData\Local\Chromium\User Data\Default\Login Data
file C:\Users\Administrator.Oskar-PC\AppData\Local\Chromium\User Data\Default\Web Data
file C:\Users\Administrator.Oskar-PC\AppData\Local\MapleStudio\ChromePlus\User Data\Default\Web Data
file C:\Users\Administrator.Oskar-PC\AppData\LocalMapleStudio\ChromePlus\Login Data
file C:\Users\Administrator.Oskar-PC\AppData\LocalMapleStudio\ChromePlus\Default\Login Data
file C:\Users\Administrator.Oskar-PC\AppData\Local\MapleStudio\ChromePlus\User Data\Default\Login Data
file C:\Users\Administrator.Oskar-PC\AppData\Local\Nichrome\User Data\Default\Web Data
file C:\Users\Administrator.Oskar-PC\AppData\Local\Nichrome\User Data\Default\Login Data
file C:\Users\Administrator.Oskar-PC\AppData\Local\RockMelt\User Data\Default\Web Data
file C:\Users\Administrator.Oskar-PC\AppData\Local\RockMelt\User Data\Default\Login Data
file C:\Users\Administrator.Oskar-PC\AppData\Local\Yandex\YandexBrowser\User Data\Default\Login Data
file C:\Users\Administrator.Oskar-PC\AppData\Local\Yandex\YandexBrowser\User Data\Default\Web Data
registry HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\SeaMonkey
registry HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox
The binary likely contains encrypted or compressed data indicative of a packer (2 个事件)
entropy 7.3892564387241935 section {'size_of_data': '0x00025200', 'virtual_address': '0x00097000', 'entropy': 7.3892564387241935, 'name': '.rsrc', 'virtual_size': '0x00025128'} description A section with a high entropy has been found
entropy 0.20398351648351648 description Overall entropy of this PE file is high
网络通信
Communicates with host for which no DNS query was performed (2 个事件)
host 172.217.24.14
host 195.69.140.147
Harvests credentials from local FTP client softwares (22 个事件)
file C:\Program Files (x86)\FTPGetter\Profile\servers.xml
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\FTPGetter\servers.xml
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\Estsoft\ALFTP\ESTdb2.dat
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\wcx_ftp.ini
file C:\Windows\wcx_ftp.ini
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\GHISLER\wcx_ftp.ini
file C:\Users\Administrator.Oskar-PC\wcx_ftp.ini
file C:\Windows\32BitFtp.ini
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\FileZilla\sitemanager.xml
file C:\Program Files (x86)\FileZilla\Filezilla.xml
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\FileZilla\filezilla.xml
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\FileZilla\recentservers.xml
registry HKEY_CURRENT_USER\Software\Far\Plugins\FTP\Hosts
registry HKEY_CURRENT_USER\Software\Far2\Plugins\FTP\Hosts
registry HKEY_CURRENT_USER\Software\Ghisler\Total Commander
registry HKEY_CURRENT_USER\Software\VanDyke\SecureFX
registry HKEY_CURRENT_USER\Software\LinasFTP\Site Manager
registry HKEY_CURRENT_USER\Software\FlashPeak\BlazeFtp\Settings
registry HKEY_CURRENT_USER\Software\SimonTatham\PuTTY\Sessions
registry HKEY_LOCAL_MACHINE\Software\SimonTatham\PuTTY\Sessions
registry HKEY_CURRENT_USER\Software\Martin Prikryl
registry HKEY_LOCAL_MACHINE\Software\Martin Prikryl
Harvests information related to installed instant messenger clients (1 个事件)
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\.purple\accounts.xml
Harvests credentials from local email clients (3 个事件)
registry HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook
registry HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Thunderbird
registry HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook
Used NtSetContextThread to modify a thread in a remote process indicative of process injection (2 个事件)
Process injection Process 2248 called NtSetContextThread to modify thread in remote process 2244
Time & API Arguments Status Return Repeated
1619269228.200538
NtSetContextThread
thread_handle: 0x000000f8
registers.eip: 0
registers.esp: 0
registers.edi: 0
registers.eax: 4274654
registers.ebp: 0
registers.edx: 0
registers.ebx: 2130567168
registers.esi: 0
registers.ecx: 0
process_identifier: 2244
success 0 0
Putty Files, Registry Keys and/or Mutexes Detected
Resumed a suspended thread in a remote process potentially indicative of process injection (2 个事件)
Process injection Process 2248 resumed a thread in remote process 2244
Time & API Arguments Status Return Repeated
1619269228.622538
NtResumeThread
thread_handle: 0x000000f8
suspend_count: 1
process_identifier: 2244
success 0 0
Generates some ICMP traffic
Connects to an IP address that is no longer responding to requests (legitimate services will remain up-and-running usually) (1 个事件)
dead_host 195.69.140.147:80
Executed a process and injected code into it, probably while unpacking (7 个事件)
Time & API Arguments Status Return Repeated
1619269227.966538
CreateProcessInternalW
thread_identifier: 392
thread_handle: 0x000000f8
process_identifier: 2244
current_directory:
filepath:
track: 1
command_line: "C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\24cb2b3f467acd65ba4247b9e1a4a132.exe"
filepath_r:
stack_pivoted: 0
creation_flags: 4 (CREATE_SUSPENDED)
process_handle: 0x000000fc
inherit_handles: 0
success 1 0
1619269227.966538
NtUnmapViewOfSection
process_identifier: 2244
region_size: 4096
process_handle: 0x000000fc
base_address: 0x00400000
success 0 0
1619269228.106538
NtMapViewOfSection
section_handle: 0x00000104
process_identifier: 2244
commit_size: 663552
win32_protect: 64 (PAGE_EXECUTE_READWRITE)
buffer:
process_handle: 0x000000fc
allocation_type: 0 ()
section_offset: 0
view_size: 663552
base_address: 0x00400000
success 0 0
1619269228.200538
NtGetContextThread
thread_handle: 0x000000f8
success 0 0
1619269228.200538
NtSetContextThread
thread_handle: 0x000000f8
registers.eip: 0
registers.esp: 0
registers.edi: 0
registers.eax: 4274654
registers.ebp: 0
registers.edx: 0
registers.ebx: 2130567168
registers.esi: 0
registers.ecx: 0
process_identifier: 2244
success 0 0
1619269228.622538
NtResumeThread
thread_handle: 0x000000f8
suspend_count: 1
process_identifier: 2244
success 0 0
1619291230.527876
NtResumeThread
thread_handle: 0x00000110
suspend_count: 1
process_identifier: 2244
success 0 0
File has been identified by 59 AntiVirus engines on VirusTotal as malicious (50 out of 59 个事件)
Bkav W32.AIDetectVM.malware2
Elastic malicious (high confidence)
MicroWorld-eScan Gen:Variant.Zusy.310681
FireEye Generic.mg.24cb2b3f467acd65
ALYac Gen:Variant.Zusy.310681
Cylance Unsafe
VIPRE Trojan.Win32.Generic!BT
AegisLab Trojan.Multi.Generic.4!c
Sangfor Malware
CrowdStrike win/malicious_confidence_90% (W)
BitDefender Gen:Variant.Zusy.310681
K7GW Riskware ( 0040eff71 )
K7AntiVirus Riskware ( 0040eff71 )
Cyren W32/Injector.WBKW-0758
Symantec Trojan.Gen.2
APEX Malicious
Avast Win32:Malware-gen
ClamAV Win.Dropper.LokiBot-9229592-0
Kaspersky HEUR:Backdoor.Win32.Androm.gen
Alibaba Trojan:Win32/DelfInject.ali2000015
NANO-Antivirus Trojan.Win32.Kryptik.hqpgma
Tencent Win32.Backdoor.Androm.Hrzf
Ad-Aware Gen:Variant.Zusy.310681
Sophos Mal/Generic-S
Comodo Malware@#3p7c4wbyhpx4t
F-Secure Heuristic.HEUR/AGEN.1136861
DrWeb Trojan.Siggen10.875
Zillya Backdoor.Androm.Win32.73954
TrendMicro TrojanSpy.Win32.FAREIT.THIBDBO
McAfee-GW-Edition BehavesLike.Win32.Fareit.bh
Emsisoft Gen:Variant.Zusy.310681 (B)
GData Gen:Variant.Zusy.310681
Jiangmin Backdoor.Androm.axef
Webroot W32.Trojan.Gen
Avira HEUR/AGEN.1136861
MAX malware (ai score=81)
Antiy-AVL Trojan/Win32.Generic
Kingsoft Win32.Hack.Undef.(kcloud)
Gridinsoft Trojan.Win32.Fareit.oa
Arcabit Trojan.Zusy.D4BD99
ZoneAlarm HEUR:Backdoor.Win32.Androm.gen
Microsoft Trojan:Win32/Fareit.VD!MTB
Cynet Malicious (score: 100)
AhnLab-V3 Suspicious/Win.Delphiless.X2094
Acronis suspicious
McAfee Fareit-FPQ!24CB2B3F467A
VBA32 TScope.Trojan.Delf
Malwarebytes Spyware.AgentTesla
Panda Trj/CI.A
Zoner Trojan.Win32.97718
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

1992-06-20 06:22:17

Imports

Library kernel32.dll:
0x489164 VirtualFree
0x489168 VirtualAlloc
0x48916c LocalFree
0x489170 LocalAlloc
0x489174 GetVersion
0x489178 GetCurrentThreadId
0x489184 VirtualQuery
0x489188 WideCharToMultiByte
0x489190 MultiByteToWideChar
0x489194 lstrlenA
0x489198 lstrcpynA
0x48919c LoadLibraryExA
0x4891a0 GetThreadLocale
0x4891a4 GetStartupInfoA
0x4891a8 GetProcAddress
0x4891ac GetModuleHandleA
0x4891b0 GetModuleFileNameA
0x4891b4 GetLocaleInfoA
0x4891b8 GetLastError
0x4891c0 GetCommandLineA
0x4891c4 FreeLibrary
0x4891c8 FindFirstFileA
0x4891cc FindClose
0x4891d0 ExitProcess
0x4891d4 WriteFile
0x4891dc RtlUnwind
0x4891e0 RaiseException
0x4891e4 GetStdHandle
Library user32.dll:
0x4891ec GetKeyboardType
0x4891f0 LoadStringA
0x4891f4 MessageBoxA
0x4891f8 CharNextA
Library advapi32.dll:
0x489200 RegQueryValueExA
0x489204 RegOpenKeyExA
0x489208 RegCloseKey
Library oleaut32.dll:
0x489210 SysFreeString
0x489214 SysReAllocStringLen
0x489218 SysAllocStringLen
Library kernel32.dll:
0x489220 TlsSetValue
0x489224 TlsGetValue
0x489228 LocalAlloc
0x48922c GetModuleHandleA
Library advapi32.dll:
0x489234 RegQueryValueExA
0x489238 RegOpenKeyExA
0x48923c RegCloseKey
Library kernel32.dll:
0x489244 lstrcpyA
0x489248 WriteFile
0x48924c WaitForSingleObject
0x489250 VirtualQuery
0x489254 VirtualProtect
0x489258 VirtualAlloc
0x48925c Sleep
0x489260 SizeofResource
0x489264 SetThreadLocale
0x489268 SetFilePointer
0x48926c SetEvent
0x489270 SetErrorMode
0x489274 SetEndOfFile
0x489278 ResetEvent
0x48927c ReadFile
0x489280 MultiByteToWideChar
0x489284 MulDiv
0x489288 LockResource
0x48928c LoadResource
0x489290 LoadLibraryA
0x48929c GlobalUnlock
0x4892a0 GlobalSize
0x4892a4 GlobalReAlloc
0x4892a8 GlobalHandle
0x4892ac GlobalLock
0x4892b0 GlobalFree
0x4892b4 GlobalFindAtomA
0x4892b8 GlobalDeleteAtom
0x4892bc GlobalAlloc
0x4892c0 GlobalAddAtomA
0x4892c8 GetVersionExA
0x4892cc GetVersion
0x4892d0 GetUserDefaultLCID
0x4892d4 GetTickCount
0x4892d8 GetThreadLocale
0x4892e0 GetSystemInfo
0x4892e4 GetStringTypeExA
0x4892e8 GetStdHandle
0x4892ec GetProcAddress
0x4892f0 GetModuleHandleA
0x4892f4 GetModuleFileNameA
0x4892f8 GetLocaleInfoA
0x4892fc GetLocalTime
0x489300 GetLastError
0x489304 GetFullPathNameA
0x489308 GetFileAttributesA
0x48930c GetDiskFreeSpaceA
0x489310 GetDateFormatA
0x489314 GetCurrentThreadId
0x489318 GetCurrentProcessId
0x48931c GetComputerNameA
0x489320 GetCPInfo
0x489324 GetACP
0x489328 FreeResource
0x48932c InterlockedExchange
0x489330 FreeLibrary
0x489334 FormatMessageA
0x489338 FindResourceA
0x48933c FindNextFileA
0x489340 FindFirstFileA
0x489344 FindClose
0x489354 EnumCalendarInfoA
0x489360 CreateThread
0x489364 CreateFileA
0x489368 CreateEventA
0x48936c CompareStringA
0x489370 CloseHandle
Library version.dll:
0x489378 VerQueryValueA
0x489380 GetFileVersionInfoA
Library gdi32.dll:
0x489388 UnrealizeObject
0x48938c StretchBlt
0x489390 SetWindowOrgEx
0x489394 SetWinMetaFileBits
0x489398 SetViewportOrgEx
0x48939c SetTextColor
0x4893a0 SetStretchBltMode
0x4893a4 SetROP2
0x4893a8 SetPixel
0x4893ac SetMapMode
0x4893b0 SetEnhMetaFileBits
0x4893b4 SetDIBColorTable
0x4893b8 SetBrushOrgEx
0x4893bc SetBkMode
0x4893c0 SetBkColor
0x4893c4 SelectPalette
0x4893c8 SelectObject
0x4893cc SelectClipRgn
0x4893d0 SaveDC
0x4893d4 RestoreDC
0x4893d8 Rectangle
0x4893dc RectVisible
0x4893e0 RealizePalette
0x4893e4 Polyline
0x4893e8 PlayEnhMetaFile
0x4893ec PatBlt
0x4893f0 MoveToEx
0x4893f4 MaskBlt
0x4893f8 LineTo
0x4893fc LPtoDP
0x489400 IntersectClipRect
0x489404 GetWindowOrgEx
0x489408 GetWinMetaFileBits
0x48940c GetTextMetricsA
0x489418 GetStockObject
0x48941c GetPixel
0x489420 GetPaletteEntries
0x489424 GetObjectA
0x489434 GetEnhMetaFileBits
0x489438 GetDeviceCaps
0x48943c GetDIBits
0x489440 GetDIBColorTable
0x489444 GetDCOrgEx
0x48944c GetClipBox
0x489450 GetBrushOrgEx
0x489454 GetBitmapBits
0x489458 ExtTextOutA
0x48945c ExcludeClipRect
0x489460 DeleteObject
0x489464 DeleteEnhMetaFile
0x489468 DeleteDC
0x48946c CreateSolidBrush
0x489470 CreatePenIndirect
0x489474 CreatePen
0x489478 CreatePalette
0x489480 CreateFontIndirectA
0x489484 CreateEnhMetaFileA
0x489488 CreateDIBitmap
0x48948c CreateDIBSection
0x489490 CreateCompatibleDC
0x489498 CreateBrushIndirect
0x48949c CreateBitmap
0x4894a0 CopyEnhMetaFileA
0x4894a4 CloseEnhMetaFile
0x4894a8 BitBlt
Library user32.dll:
0x4894b0 CreateWindowExA
0x4894b4 WindowFromPoint
0x4894b8 WinHelpA
0x4894bc WaitMessage
0x4894c0 ValidateRect
0x4894c4 UpdateWindow
0x4894c8 UnregisterClassA
0x4894cc UnhookWindowsHookEx
0x4894d0 TranslateMessage
0x4894d8 TrackPopupMenu
0x4894e0 ShowWindow
0x4894e4 ShowScrollBar
0x4894e8 ShowOwnedPopups
0x4894ec ShowCursor
0x4894f0 SetWindowsHookExA
0x4894f4 SetWindowTextA
0x4894f8 SetWindowPos
0x4894fc SetWindowPlacement
0x489500 SetWindowLongA
0x489504 SetTimer
0x489508 SetScrollRange
0x48950c SetScrollPos
0x489510 SetScrollInfo
0x489514 SetRect
0x489518 SetPropA
0x48951c SetParent
0x489520 SetMenuItemInfoA
0x489524 SetMenu
0x489528 SetForegroundWindow
0x48952c SetFocus
0x489530 SetCursor
0x489534 SetClassLongA
0x489538 SetCapture
0x48953c SetActiveWindow
0x489540 SendMessageA
0x489544 ScrollWindow
0x489548 ScreenToClient
0x48954c RemovePropA
0x489550 RemoveMenu
0x489554 ReleaseDC
0x489558 ReleaseCapture
0x489564 RegisterClassA
0x489568 RedrawWindow
0x48956c PtInRect
0x489570 PostQuitMessage
0x489574 PostMessageA
0x489578 PeekMessageA
0x48957c OffsetRect
0x489580 OemToCharA
0x489584 MessageBoxA
0x489588 MapWindowPoints
0x48958c MapVirtualKeyA
0x489590 LoadStringA
0x489594 LoadKeyboardLayoutA
0x489598 LoadIconA
0x48959c LoadCursorA
0x4895a0 LoadBitmapA
0x4895a4 KillTimer
0x4895a8 IsZoomed
0x4895ac IsWindowVisible
0x4895b0 IsWindowEnabled
0x4895b4 IsWindow
0x4895b8 IsRectEmpty
0x4895bc IsIconic
0x4895c0 IsDialogMessageA
0x4895c4 IsChild
0x4895c8 InvalidateRect
0x4895cc IntersectRect
0x4895d0 InsertMenuItemA
0x4895d4 InsertMenuA
0x4895d8 InflateRect
0x4895e0 GetWindowTextA
0x4895e4 GetWindowRect
0x4895e8 GetWindowPlacement
0x4895ec GetWindowLongA
0x4895f0 GetWindowDC
0x4895f4 GetTopWindow
0x4895f8 GetSystemMetrics
0x4895fc GetSystemMenu
0x489600 GetSysColorBrush
0x489604 GetSysColor
0x489608 GetSubMenu
0x48960c GetScrollRange
0x489610 GetScrollPos
0x489614 GetScrollInfo
0x489618 GetPropA
0x48961c GetParent
0x489620 GetWindow
0x489624 GetMessageTime
0x489628 GetMenuStringA
0x48962c GetMenuState
0x489630 GetMenuItemInfoA
0x489634 GetMenuItemID
0x489638 GetMenuItemCount
0x48963c GetMenuDefaultItem
0x489640 GetMenu
0x489644 GetLastActivePopup
0x489648 GetKeyboardState
0x489650 GetKeyboardLayout
0x489654 GetKeyState
0x489658 GetKeyNameTextA
0x48965c GetIconInfo
0x489660 GetForegroundWindow
0x489664 GetFocus
0x489668 GetDlgItem
0x48966c GetDesktopWindow
0x489670 GetDCEx
0x489674 GetDC
0x489678 GetCursorPos
0x48967c GetCursor
0x489680 GetClipboardData
0x489684 GetClientRect
0x489688 GetClassNameA
0x48968c GetClassInfoA
0x489690 GetCapture
0x489694 GetActiveWindow
0x489698 FrameRect
0x48969c FindWindowA
0x4896a0 FillRect
0x4896a4 EqualRect
0x4896a8 EnumWindows
0x4896ac EnumThreadWindows
0x4896b0 EndPaint
0x4896b4 EnableWindow
0x4896b8 EnableScrollBar
0x4896bc EnableMenuItem
0x4896c0 DrawTextA
0x4896c4 DrawMenuBar
0x4896c8 DrawIconEx
0x4896cc DrawIcon
0x4896d0 DrawFrameControl
0x4896d4 DrawFocusRect
0x4896d8 DrawEdge
0x4896dc DispatchMessageA
0x4896e0 DestroyWindow
0x4896e4 DestroyMenu
0x4896e8 DestroyIcon
0x4896ec DestroyCursor
0x4896f0 DeleteMenu
0x4896f4 DefWindowProcA
0x4896f8 DefMDIChildProcA
0x4896fc DefFrameProcA
0x489700 CreatePopupMenu
0x489704 CreateMenu
0x489708 CreateIcon
0x48970c ClientToScreen
0x489710 CheckMenuItem
0x489714 CallWindowProcA
0x489718 CallNextHookEx
0x48971c BeginPaint
0x489720 CharNextA
0x489724 CharLowerBuffA
0x489728 CharLowerA
0x48972c CharUpperBuffA
0x489730 CharToOemA
0x489734 AdjustWindowRectEx
Library kernel32.dll:
0x489740 Sleep
Library oleaut32.dll:
0x489748 SafeArrayPtrOfIndex
0x48974c SafeArrayPutElement
0x489750 SafeArrayGetElement
0x489758 SafeArrayAccessData
0x48975c SafeArrayGetUBound
0x489760 SafeArrayGetLBound
0x489764 SafeArrayCreate
0x489768 VariantChangeType
0x48976c VariantCopyInd
0x489770 VariantCopy
0x489774 VariantClear
0x489778 VariantInit
Library ole32.dll:
0x489784 IsAccelerator
0x489788 OleDraw
0x489790 CoTaskMemFree
0x489794 ProgIDFromCLSID
0x489798 StringFromCLSID
0x48979c CoCreateInstance
0x4897a0 CoGetClassObject
0x4897a4 CoUninitialize
0x4897a8 CoInitialize
0x4897ac IsEqualGUID
Library oleaut32.dll:
0x4897b4 GetErrorInfo
0x4897b8 GetActiveObject
0x4897bc SysFreeString
Library comctl32.dll:
0x4897cc ImageList_Write
0x4897d0 ImageList_Read
0x4897e0 ImageList_DragMove
0x4897e4 ImageList_DragLeave
0x4897e8 ImageList_DragEnter
0x4897ec ImageList_EndDrag
0x4897f0 ImageList_BeginDrag
0x4897f4 ImageList_Remove
0x4897f8 ImageList_DrawEx
0x4897fc ImageList_Draw
0x48980c ImageList_Add
0x489814 ImageList_Destroy
0x489818 ImageList_Create
0x48981c InitCommonControls
Library comdlg32.dll:
0x489824 GetOpenFileNameA

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 49235 114.114.114.114 53
192.168.56.101 50534 114.114.114.114 53
192.168.56.101 56539 114.114.114.114 53
192.168.56.101 58367 114.114.114.114 53
192.168.56.101 65004 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 123 20.189.79.72 time.windows.com 123
192.168.56.101 55368 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 60123 224.0.0.252 5355
192.168.56.101 62191 224.0.0.252 5355
192.168.56.101 1900 239.255.255.250 1900
192.168.56.101 56540 239.255.255.250 3702
192.168.56.101 56807 239.255.255.250 1900
192.168.56.101 58368 239.255.255.250 3702
192.168.56.101 58707 239.255.255.250 3702
192.168.56.101 49235 8.8.8.8 53

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.