9.2
极危
49 个模型检测该样本为恶意!
重新分析
更多

5a04de380dd8a420c6ad69097fec79e959341dc2dcba04f5ff8fd31de84f1d94

2b35fec2129419acf01382203776e8a0.exe

分析耗时

108s

最近分析

文件大小

336.0KB
静态报毒 动态报毒 ADDK AI SCORE=89 BDHB CLOUD ELDORADO EMOTET EUNO GENCIRC GENETIC HFKD HIGH CONFIDENCE HQSRWN KRYPTIK R347079 SCORE THHOIBO UNSAFE WXQQP 更多
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
McAfee Emotet-FRS!2B35FEC21294 20200825 6.0.6.653
Alibaba Trojan:Win32/Emotet.d7431f3e 20190527 0.3.0.5
Baidu 20190318 1.0.0.2
Kingsoft 20200825 2013.8.14.323
Tencent Malware.Win32.Gencirc.10cde665 20200825 1.0.0.1
CrowdStrike 20190702 1.0
静态指标
Queries for the computername (1 个事件)
Time & API Arguments Status Return Repeated
1619378768.506249
GetComputerNameA
computer_name: OSKAR-PC
success 1 0
Uses Windows APIs to generate a cryptographic key (3 个事件)
Time & API Arguments Status Return Repeated
1619378759.146249
CryptGenKey
crypto_handle: 0x006460c8
algorithm_identifier: 0x0000660e ()
provider_handle: 0x00645410
flags: 1
key: f÷EÜûUêEà;ó>yä¸
success 1 0
1619378768.834249
CryptExportKey
crypto_handle: 0x006460c8
crypto_export_handle: 0x006453d0
buffer: f¤»ÚÔ.¦?É”BL2˜å¦³ïfåŒp¯ÇBÛK¥`èߝO2¨¦ÙŸÐ ùÌ¿·œÎW7…ðSA ݯۚp=Ñ+GtàìõÏìzpù{“¬½ÿ¥É¢Á=§ ”ÏÐ
blob_type: 1
flags: 64
success 1 0
1619378803.990249
CryptExportKey
crypto_handle: 0x006460c8
crypto_export_handle: 0x006453d0
buffer: f¤w8—vVÕ=ˆË•íí^ÜìúÿK´ÓÂxW–&BMm¬scGWª÷ºí^>›ÈÛ®à߅£[ØáO Å~`Bëdò‘4èÖYÙÂè/ÿTø0Y,³KÊcDK½
blob_type: 1
flags: 64
success 1 0
This executable has a PDB path (1 个事件)
pdb_path c:\Users\User\Desktop\2003\5.8.20\MenuXP_src\Dlg\Release\DLG.pdb
行为判定
动态指标
Allocates read-write-execute memory (usually to unpack itself) (3 个事件)
Time & API Arguments Status Return Repeated
1619378755.881249
NtAllocateVirtualMemory
process_identifier: 2456
region_size: 36864
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12289 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x01ec0000
success 0 0
1619378376.681896
NtAllocateVirtualMemory
process_identifier: 1424
region_size: 65536
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffffffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x0000000003e60000
success 0 0
1619378758.678249
NtAllocateVirtualMemory
process_identifier: 2960
region_size: 36864
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12289 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x01e40000
success 0 0
Checks whether any human activity is being performed by constantly checking whether the foreground window changed
Searches running processes potentially to identify processes for sandbox evasion, code injection or memory dumping (1 个事件)
Moves the original executable to a new location (1 个事件)
Time & API Arguments Status Return Repeated
1619378756.599249
MoveFileWithProgressW
oldfilepath: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\2b35fec2129419acf01382203776e8a0.exe
newfilepath: C:\Windows\SysWOW64\KBDIT142\RPCNDFP.exe
newfilepath_r: C:\Windows\SysWOW64\KBDIT142\RPCNDFP.exe
flags: 3
oldfilepath_r: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\2b35fec2129419acf01382203776e8a0.exe
success 1 0
Checks adapter addresses which can be used to detect virtual network interfaces (1 个事件)
Time & API Arguments Status Return Repeated
1619378775.568249
GetAdaptersAddresses
flags: 0
family: 0
failed 111 0
Expresses interest in specific running processes (1 个事件)
process rpcndfp.exe
Reads the systems User Agent and subsequently performs requests (1 个事件)
Time & API Arguments Status Return Repeated
1619378769.865249
InternetOpenW
proxy_bypass:
access_type: 0
proxy_name:
flags: 0
user_agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
success 13369348 0
网络通信
Communicates with host for which no DNS query was performed (3 个事件)
host 172.217.24.14
host 204.197.146.48
host 212.51.142.238
Installs itself for autorun at Windows startup (1 个事件)
service_name RPCNDFP service_path C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\"C:\Windows\SysWOW64\KBDIT142\RPCNDFP.exe"
Created a service where a service was also not started (1 个事件)
Time & API Arguments Status Return Repeated
1619378757.834249
CreateServiceW
service_start_name:
start_type: 2
service_handle: 0x032a57c0
display_name: RPCNDFP
error_control: 0
service_name: RPCNDFP
filepath: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\"C:\Windows\SysWOW64\KBDIT142\RPCNDFP.exe"
filepath_r: "C:\Windows\SysWOW64\KBDIT142\RPCNDFP.exe"
service_manager_handle: 0x032a55e0
desired_access: 2
service_type: 16
password:
success 53106624 0
Sets or modifies WPAD proxy autoconfiguration file for traffic interception (8 个事件)
Time & API Arguments Status Return Repeated
1619378778.756249
RegSetValueExA
key_handle: 0x000003c8
value: 1
regkey_r: WpadDecisionReason
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionReason
success 0 0
1619378778.756249
RegSetValueExA
key_handle: 0x000003c8
value: @”l¡:×
regkey_r: WpadDecisionTime
reg_type: 3 (REG_BINARY)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionTime
success 0 0
1619378778.756249
RegSetValueExA
key_handle: 0x000003c8
value: 3
regkey_r: WpadDecision
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecision
success 0 0
1619378778.756249
RegSetValueExW
key_handle: 0x000003c8
value: 网络 2
regkey_r: WpadNetworkName
reg_type: 1 (REG_SZ)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadNetworkName
success 0 0
1619378778.756249
RegSetValueExA
key_handle: 0x000003e0
value: 1
regkey_r: WpadDecisionReason
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionReason
success 0 0
1619378778.756249
RegSetValueExA
key_handle: 0x000003e0
value: @”l¡:×
regkey_r: WpadDecisionTime
reg_type: 3 (REG_BINARY)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionTime
success 0 0
1619378778.756249
RegSetValueExA
key_handle: 0x000003e0
value: 3
regkey_r: WpadDecision
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecision
success 0 0
1619378778.756249
RegSetValueExW
key_handle: 0x000003c4
value: {40112ABE-63B3-43C3-BE93-1440EE3AF106}
regkey_r: WpadLastNetwork
reg_type: 1 (REG_SZ)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\WpadLastNetwork
success 0 0
Attempts to remove evidence of file being downloaded from the Internet (1 个事件)
file C:\Windows\SysWOW64\KBDIT142\RPCNDFP.exe:Zone.Identifier
File has been identified by 49 AntiVirus engines on VirusTotal as malicious (49 个事件)
Elastic malicious (high confidence)
DrWeb Trojan.Emotet.994
MicroWorld-eScan Trojan.Agent.EUNO
FireEye Trojan.Agent.EUNO
CAT-QuickHeal Backdoor.Emotet
McAfee Emotet-FRS!2B35FEC21294
Cylance Unsafe
Zillya Backdoor.Emotet.Win32.914
Sangfor Malware
K7AntiVirus Riskware ( 0040eff71 )
Alibaba Trojan:Win32/Emotet.d7431f3e
K7GW Riskware ( 0040eff71 )
Arcabit Trojan.Agent.EUNO
Invincea heuristic
Cyren W32/Emotet.AOV.gen!Eldorado
Symantec Trojan.Emotet
ESET-NOD32 a variant of Win32/Kryptik.HFKD
TrendMicro-HouseCall TrojanSpy.Win32.EMOTET.THHOIBO
Kaspersky Backdoor.Win32.Emotet.bdhb
BitDefender Trojan.Agent.EUNO
NANO-Antivirus Trojan.Win32.Emotet.hqsrwn
AegisLab Trojan.Win32.Emotet.L!c
Rising Backdoor.Emotet!8.514D (CLOUD)
Ad-Aware Trojan.Agent.EUNO
TACHYON Backdoor/W32.Emotet.344064.C
Emsisoft Trojan.Emotet (A)
F-Secure Trojan.TR/AD.Emotet.wxqqp
VIPRE Trojan.Win32.Generic!BT
TrendMicro TrojanSpy.Win32.EMOTET.THHOIBO
Sophos Troj/Emotet-CKQ
Jiangmin TrojanSpy.Agent.qem
Webroot W32.Trojan.Emotet
Avira TR/AD.Emotet.wxqqp
Antiy-AVL Trojan/Win32.Generic
Microsoft Trojan:Win32/Emotet.ARJ!MTB
ViRobot Trojan.Win32.Z.Emotet.344064.AA
ZoneAlarm Backdoor.Win32.Emotet.bdhb
GData Trojan.Agent.EUNO
Cynet Malicious (score: 85)
AhnLab-V3 Trojan/Win32.Emotet.R347079
VBA32 Trojan.Emotet
MAX malware (ai score=89)
Malwarebytes Trojan.MalPack.TRE
APEX Malicious
Tencent Malware.Win32.Gencirc.10cde665
Ikarus Trojan-Banker.Emotet
Fortinet W32/Emotet.ADDK!tr
AVG Win32:Malware-gen
Panda Trj/Genetic.gen
Connects to IP addresses that are no longer responding to requests (legitimate services will remain up-and-running usually) (4 个事件)
dead_host 172.217.24.14:443
dead_host 212.51.142.238:8080
dead_host 172.217.160.110:443
dead_host 204.197.146.48:80
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

2020-08-06 03:54:52

Imports

Library KERNEL32.dll:
0x431110 HeapReAlloc
0x431114 HeapSize
0x43111c GetCurrentProcessId
0x431124 HeapDestroy
0x431128 HeapCreate
0x43112c VirtualFree
0x431130 IsBadWritePtr
0x431134 LCMapStringA
0x431138 LCMapStringW
0x43113c GetStdHandle
0x431150 TerminateProcess
0x431154 SetHandleCount
0x431158 GetFileType
0x431160 GetStringTypeA
0x431164 GetStringTypeW
0x43116c IsBadReadPtr
0x431170 IsBadCodePtr
0x431174 SetStdHandle
0x43117c GetCommandLineA
0x431180 InterlockedExchange
0x431184 GetStartupInfoA
0x431188 VirtualQuery
0x43118c GetSystemInfo
0x431190 VirtualAlloc
0x431194 VirtualProtect
0x431198 HeapFree
0x43119c HeapAlloc
0x4311a0 ExitProcess
0x4311a4 RtlUnwind
0x4311a8 GetTickCount
0x4311ac GetFileTime
0x4311b0 GetFileAttributesA
0x4311b8 SetErrorMode
0x4311c0 GetOEMCP
0x4311c4 GetCPInfo
0x4311c8 CreateFileA
0x4311cc GetFullPathNameA
0x4311d4 FindFirstFileA
0x4311d8 FindClose
0x4311dc GetCurrentProcess
0x4311e0 DuplicateHandle
0x4311e4 GetFileSize
0x4311e8 SetEndOfFile
0x4311ec UnlockFile
0x4311f0 LockFile
0x4311f4 FlushFileBuffers
0x4311f8 SetFilePointer
0x4311fc WriteFile
0x431200 ReadFile
0x431204 TlsFree
0x431208 LocalReAlloc
0x43120c TlsSetValue
0x431210 TlsAlloc
0x431214 TlsGetValue
0x43121c GlobalHandle
0x431220 GlobalReAlloc
0x431228 LocalAlloc
0x43122c GlobalFlags
0x431240 RaiseException
0x431248 SetLastError
0x43124c MulDiv
0x431250 FormatMessageA
0x431254 LocalFree
0x431258 GlobalGetAtomNameA
0x43125c GlobalFindAtomA
0x431260 lstrcatA
0x431264 lstrcmpW
0x431268 lstrcpynA
0x43126c GlobalUnlock
0x431270 GlobalFree
0x431274 FreeResource
0x431278 CloseHandle
0x43127c GlobalAddAtomA
0x431280 GetCurrentThread
0x431284 GlobalLock
0x431288 GlobalAlloc
0x43128c FreeLibrary
0x431290 GlobalDeleteAtom
0x431294 lstrcmpA
0x431298 GetModuleFileNameA
0x43129c GetModuleHandleA
0x4312a0 GetProcAddress
0x4312ac lstrcpyA
0x4312b0 LoadLibraryA
0x4312b4 GetCurrentThreadId
0x4312b8 CompareStringW
0x4312bc CompareStringA
0x4312c0 lstrlenA
0x4312c4 lstrcmpiA
0x4312c8 GetVersion
0x4312cc GetLastError
0x4312d0 MultiByteToWideChar
0x4312d4 LoadLibraryExA
0x4312d8 WideCharToMultiByte
0x4312dc FindResourceA
0x4312e0 LoadResource
0x4312e4 LockResource
0x4312e8 SizeofResource
0x4312ec GetVersionExA
0x4312f0 GetThreadLocale
0x4312f4 GetLocaleInfoA
0x4312f8 GetACP
Library USER32.dll:
0x431358 GetSysColorBrush
0x43135c CharNextA
0x431360 SetRect
0x431368 InvalidateRgn
0x43136c GetNextDlgGroupItem
0x431370 MessageBeep
0x431378 PostThreadMessageA
0x431384 BringWindowToTop
0x431388 DrawMenuBar
0x43138c DefMDIChildProcA
0x431390 DefFrameProcA
0x431394 EndPaint
0x431398 BeginPaint
0x43139c GetWindowDC
0x4313a0 FillRect
0x4313a4 wsprintfA
0x4313a8 DestroyMenu
0x4313ac ShowWindow
0x4313b0 MoveWindow
0x4313b4 SetWindowTextA
0x4313b8 IsDialogMessageA
0x4313c0 WinHelpA
0x4313c4 CreateWindowExA
0x4313c8 GetClassLongA
0x4313cc GetClassInfoExA
0x4313d0 SendDlgItemMessageA
0x4313d4 SetFocus
0x4313d8 IsChild
0x4313e0 BeginDeferWindowPos
0x4313e4 EndDeferWindowPos
0x4313e8 GetTopWindow
0x4313ec GetMessageTime
0x4313f0 GetMessagePos
0x4313f4 MapWindowPoints
0x4313f8 TrackPopupMenu
0x4313fc SetForegroundWindow
0x431400 UpdateWindow
0x431404 GetMenuItemID
0x431408 AdjustWindowRectEx
0x43140c DeferWindowPos
0x431410 GetClassInfoA
0x431414 RegisterClassA
0x431418 UnregisterClassA
0x43141c DefWindowProcA
0x431420 IntersectRect
0x431424 GetWindowPlacement
0x43142c MapDialogRect
0x431430 GetDesktopWindow
0x431434 SetActiveWindow
0x43143c DestroyWindow
0x431440 IsWindow
0x431444 GetDlgItem
0x431448 GetNextDlgTabItem
0x43144c EndDialog
0x431450 SetMenuItemBitmaps
0x431454 ModifyMenuA
0x431458 GetMenuState
0x43145c EnableMenuItem
0x431460 CheckMenuItem
0x431468 TranslateMessage
0x43146c GetActiveWindow
0x431470 PeekMessageA
0x431474 MessageBoxA
0x431478 GetLastActivePopup
0x43147c IsWindowEnabled
0x431480 ShowOwnedPopups
0x431484 SetCursor
0x431488 PostQuitMessage
0x43148c SetWindowPos
0x431490 TrackMouseEvent
0x431494 IsMenu
0x431498 SetMenuItemInfoA
0x43149c SetWindowsHookExA
0x4314a0 GetMenuItemCount
0x4314a4 DrawIcon
0x4314a8 AppendMenuA
0x4314ac GetWindowTextA
0x4314b0 GetSubMenu
0x4314b4 SendMessageA
0x4314b8 GetMenu
0x4314bc GetSystemMenu
0x4314c0 IsIconic
0x4314c4 GetClientRect
0x4314c8 EnableWindow
0x4314cc LoadIconA
0x4314d0 GetSystemMetrics
0x4314d4 GetMenuItemRect
0x4314dc DestroyIcon
0x4314e0 LoadBitmapA
0x4314e4 GetClassNameA
0x4314e8 GetWindowLongA
0x4314ec CallNextHookEx
0x4314f0 CallWindowProcA
0x4314f4 UnhookWindowsHookEx
0x4314f8 SetWindowLongA
0x4314fc IsWindowVisible
0x431500 GetPropA
0x431504 SetPropA
0x431508 RemovePropA
0x43150c GetForegroundWindow
0x431510 LoadCursorA
0x431514 LoadMenuA
0x431518 UnpackDDElParam
0x43151c ReuseDDElParam
0x431520 EqualRect
0x431524 OffsetRect
0x431528 SetRectEmpty
0x43152c GetMenuItemInfoA
0x431530 DrawStateA
0x431534 GetCursorPos
0x431538 ScreenToClient
0x43153c PostMessageA
0x431540 GetMessageA
0x431544 DispatchMessageA
0x431548 ReleaseCapture
0x43154c GrayStringA
0x431550 LoadAcceleratorsA
0x431554 InsertMenuItemA
0x431558 CreatePopupMenu
0x43155c SetMenu
0x431560 RedrawWindow
0x431564 CharUpperA
0x431568 CopyRect
0x43156c InflateRect
0x431570 DrawFocusRect
0x431574 GetParent
0x431578 GetSysColor
0x43157c InvalidateRect
0x431580 ValidateRect
0x431584 GetWindowRect
0x431588 GetWindow
0x43158c GetKeyState
0x431590 GetFocus
0x431594 ReleaseDC
0x431598 GetDC
0x43159c GetDlgCtrlID
0x4315a0 IsRectEmpty
0x4315a4 PtInRect
0x4315a8 DrawFrameControl
0x4315ac ClientToScreen
0x4315b0 GetCapture
0x4315b4 SetCapture
0x4315b8 TabbedTextOutA
0x4315bc DrawTextA
0x4315c0 DrawTextExA
Library GDI32.dll:
0x431044 ExtSelectClipRgn
0x431048 CreatePatternBrush
0x43104c GetMapMode
0x431050 GetBkColor
0x431054 GetRgnBox
0x431058 ScaleWindowExtEx
0x43105c SetWindowExtEx
0x431060 ScaleViewportExtEx
0x431064 SetViewportExtEx
0x431068 OffsetViewportOrgEx
0x43106c SetViewportOrgEx
0x431070 GetWindowExtEx
0x431074 GetViewportExtEx
0x431078 MoveToEx
0x43107c LineTo
0x431080 ExcludeClipRect
0x431084 Rectangle
0x431088 SetBkMode
0x43108c RestoreDC
0x431090 SaveDC
0x431094 GetDeviceCaps
0x431098 SetBkColor
0x4310a0 CreateBitmap
0x4310a8 GetTextMetricsA
0x4310ac Ellipse
0x4310b0 Escape
0x4310b4 ExtTextOutA
0x4310b8 TextOutA
0x4310bc RectVisible
0x4310c0 PtVisible
0x4310c4 GetClipBox
0x4310c8 SetPixel
0x4310cc GetPixel
0x4310d0 CreateSolidBrush
0x4310d4 CreatePen
0x4310d8 GetTextColor
0x4310dc GetCurrentObject
0x4310e0 GetObjectA
0x4310e4 CreateFontIndirectA
0x4310e8 DeleteObject
0x4310ec SetTextColor
0x4310f0 CreateCompatibleDC
0x4310f8 BitBlt
0x4310fc DeleteDC
0x431100 GetStockObject
0x431104 SelectObject
0x431108 SetMapMode
Library comdlg32.dll:
0x4315d8 GetFileTitleA
Library WINSPOOL.DRV:
0x4315c8 OpenPrinterA
0x4315cc DocumentPropertiesA
0x4315d0 ClosePrinter
Library ADVAPI32.dll:
0x431000 RegQueryValueExA
0x431004 RegOpenKeyExA
0x431008 RegDeleteKeyA
0x43100c RegEnumKeyA
0x431010 RegOpenKeyA
0x431014 RegQueryValueA
0x431018 RegCreateKeyExA
0x43101c RegSetValueExA
0x431020 RegCloseKey
Library SHELL32.dll:
0x431338 DragQueryFileA
0x43133c DragFinish
Library COMCTL32.dll:
0x431028
0x43102c ImageList_Draw
0x431030 ImageList_GetIcon
0x431034 ImageList_Destroy
Library SHLWAPI.dll:
0x431344 PathFindFileNameA
0x431348 PathStripToRootA
0x43134c PathFindExtensionA
0x431350 PathIsUNCA
Library oledlg.dll:
0x431620
Library ole32.dll:
0x4315ec CoGetClassObject
0x4315f0 CoTaskMemAlloc
0x4315f4 CoTaskMemFree
0x4315f8 CLSIDFromString
0x4315fc CLSIDFromProgID
0x431600 OleUninitialize
0x43160c OleFlushClipboard
0x431614 CoRevokeClassObject
0x431618 OleInitialize
Library OLEAUT32.dll:
0x431304 SysFreeString
0x431308 SysAllocStringLen
0x43130c VariantClear
0x431310 VariantChangeType
0x431314 VariantInit
0x431318 SysStringLen
0x431328 SafeArrayDestroy
0x43132c SysAllocString
0x431330 VariantCopy

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 49235 114.114.114.114 53
192.168.56.101 60123 114.114.114.114 53
192.168.56.101 60215 114.114.114.114 53
192.168.56.101 61680 114.114.114.114 53
192.168.56.101 63429 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 123 20.189.79.72 time.windows.com 123
192.168.56.101 49713 224.0.0.252 5355
192.168.56.101 50534 224.0.0.252 5355
192.168.56.101 50568 224.0.0.252 5355
192.168.56.101 51378 224.0.0.252 5355
192.168.56.101 51808 224.0.0.252 5355
192.168.56.101 53237 224.0.0.252 5355
192.168.56.101 53380 224.0.0.252 5355
192.168.56.101 54178 224.0.0.252 5355
192.168.56.101 55368 224.0.0.252 5355
192.168.56.101 56539 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 57236 224.0.0.252 5355

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.