5.0
中危
57 个模型检测该样本为恶意!
重新分析
更多

2d9632c7203e14d9cc2ed7b899634f4f23c8e3411c2e014d0732b718033871d7

2c8aac4b3c48fe37b36a3f9103dc1211.exe

分析耗时

79s

最近分析

文件大小

1.2MB
静态报毒 动态报毒 AI SCORE=80 AIDETECTVM ANSERIN AVADDONCRYPT BSCOPE CLASSIC COBRA CONFIDENCE DANGEROUSSIG EHLS ELDORADO ELTC ENCPK GDSDA GENERICKDZ GENKRYPTIK GRAYWARE HDWA HIGH CONFIDENCE HLFCUD HLLHW INJECT3 INVALIDSIG KRYPTIK MALICIOUS PE MALWARE1 MALWARE@#3MI0L0E1JVU4M NG6PY4NFBUO PINKSBOT PR1@AKXTFOEI QAKBOT QBOT R + MAL R340095 SCORE STATIC AI UNSAFE ZEXAF 更多
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
Alibaba Ransom:Win32/AvaddonCrypt.c40e68e0 20190527 0.3.0.5
Baidu 20190318 1.0.0.2
Avast Win32:DangerousSig [Trj] 20201210 21.1.5827.0
Kingsoft 20201211 2017.9.26.565
McAfee W32/PinkSbot-GU!2C8AAC4B3C48 20201211 6.0.6.653
CrowdStrike win/malicious_confidence_90% (W) 20190702 1.0
静态指标
Queries for the computername (2 个事件)
Time & API Arguments Status Return Repeated
1619351084.630501
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
1619351095.568751
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
This executable is signed
The executable contains unknown PE section names indicative of a packer (could be a false positive) (1 个事件)
section r2
The file contains an unknown PE resource name possibly indicative of a packer (2 个事件)
resource name MUI
resource name TYPELIB
One or more processes crashed (2 个事件)
Time & API Arguments Status Return Repeated
1619351096.239751
__exception__
stacktrace: 
2c8aac4b3c48fe37b36a3f9103dc1211+0x3f07 @ 0x403f07
2c8aac4b3c48fe37b36a3f9103dc1211+0x1b25 @ 0x401b25
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1637624
registers.edi: 0
registers.eax: 1447909480
registers.ebp: 1637684
registers.edx: 22104
registers.ebx: 1
registers.esi: 2910592
registers.ecx: 10
exception.instruction_r: ed 89 5d e4 89 4d e0 5a 59 5b 58 83 4d fc ff eb
exception.symbol: 2c8aac4b3c48fe37b36a3f9103dc1211+0x3449
exception.instruction: in eax, dx
exception.module: 2c8aac4b3c48fe37b36a3f9103dc1211.exe
exception.exception_code: 0xc0000096
exception.offset: 13385
exception.address: 0x403449
success 0 0
1619351096.239751
__exception__
stacktrace: 
2c8aac4b3c48fe37b36a3f9103dc1211+0x3f10 @ 0x403f10
2c8aac4b3c48fe37b36a3f9103dc1211+0x1b25 @ 0x401b25
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1637628
registers.edi: 0
registers.eax: 1447909480
registers.ebp: 1637684
registers.edx: 22104
registers.ebx: 1
registers.esi: 2910592
registers.ecx: 20
exception.instruction_r: ed 89 45 e4 5a 59 5b 58 83 4d fc ff eb 11 33 c0
exception.symbol: 2c8aac4b3c48fe37b36a3f9103dc1211+0x34e2
exception.instruction: in eax, dx
exception.module: 2c8aac4b3c48fe37b36a3f9103dc1211.exe
exception.exception_code: 0xc0000096
exception.offset: 13538
exception.address: 0x4034e2
success 0 0
行为判定
动态指标
Allocates read-write-execute memory (usually to unpack itself) (6 个事件)
Time & API Arguments Status Return Repeated
1619351084.599501
NtAllocateVirtualMemory
process_identifier: 2544
region_size: 225280
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00540000
success 0 0
1619351084.599501
NtAllocateVirtualMemory
process_identifier: 2544
region_size: 221184
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00580000
success 0 0
1619351084.599501
NtProtectVirtualMemory
process_identifier: 2544
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 237568
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00400000
success 0 0
1619351095.536751
NtAllocateVirtualMemory
process_identifier: 708
region_size: 225280
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00640000
success 0 0
1619351095.552751
NtAllocateVirtualMemory
process_identifier: 708
region_size: 221184
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00680000
success 0 0
1619351095.552751
NtProtectVirtualMemory
process_identifier: 708
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 237568
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00400000
success 0 0
A process created a hidden window (1 个事件)
Time & API Arguments Status Return Repeated
1619351085.333501
CreateProcessInternalW
thread_identifier: 1320
thread_handle: 0x00000158
process_identifier: 708
current_directory:
filepath:
track: 1
command_line: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\2c8aac4b3c48fe37b36a3f9103dc1211.exe /C
filepath_r:
stack_pivoted: 0
creation_flags: 134217728 (CREATE_NO_WINDOW)
process_handle: 0x0000015c
inherit_handles: 0
success 1 0
Expresses interest in specific running processes (1 个事件)
process vboxservice.exe
网络通信
Detects VMWare through the in instruction feature (1 个事件)
Time & API Arguments Status Return Repeated
1619351096.239751
__exception__
stacktrace: 
2c8aac4b3c48fe37b36a3f9103dc1211+0x3f07 @ 0x403f07
2c8aac4b3c48fe37b36a3f9103dc1211+0x1b25 @ 0x401b25
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1637624
registers.edi: 0
registers.eax: 1447909480
registers.ebp: 1637684
registers.edx: 22104
registers.ebx: 1
registers.esi: 2910592
registers.ecx: 10
exception.instruction_r: ed 89 5d e4 89 4d e0 5a 59 5b 58 83 4d fc ff eb
exception.symbol: 2c8aac4b3c48fe37b36a3f9103dc1211+0x3449
exception.instruction: in eax, dx
exception.module: 2c8aac4b3c48fe37b36a3f9103dc1211.exe
exception.exception_code: 0xc0000096
exception.offset: 13385
exception.address: 0x403449
success 0 0
Connects to an IP address that is no longer responding to requests (legitimate services will remain up-and-running usually) (1 个事件)
dead_host 172.217.24.14:443
File has been identified by 57 AntiVirus engines on VirusTotal as malicious (50 out of 57 个事件)
Bkav W32.AIDetectVM.malware1
Elastic malicious (high confidence)
MicroWorld-eScan Trojan.GenericKDZ.67586
FireEye Generic.mg.2c8aac4b3c48fe37
ALYac Trojan.GenericKDZ.67586
Cylance Unsafe
Zillya Trojan.Kryptik.Win32.2039651
Sangfor Malware
K7AntiVirus Trojan ( 005681571 )
Alibaba Ransom:Win32/AvaddonCrypt.c40e68e0
K7GW Trojan ( 005681571 )
Cybereason malicious.943826
Arcabit Trojan.Generic.D10802
Cyren W32/Trojan.FLH.gen!Eldorado
Symantec Trojan.Anserin
TrendMicro-HouseCall Backdoor.Win32.QAKBOT.SME
Avast Win32:DangerousSig [Trj]
Kaspersky HEUR:Trojan-Banker.Win32.Qbot.pef
BitDefender Trojan.GenericKDZ.67586
NANO-Antivirus Trojan.Win32.Inject3.hlfcud
Paloalto generic.ml
Ad-Aware Trojan.GenericKDZ.67586
Emsisoft Trojan.GenericKDZ.67586 (B)
Comodo Malware@#3mi0l0e1jvu4m
F-Secure Trojan.TR/Kryptik.hllhw
DrWeb Trojan.Inject3.41020
VIPRE Trojan.Win32.Generic.pak!cobra
TrendMicro Backdoor.Win32.QAKBOT.SME
McAfee-GW-Edition W32/PinkSbot-GU!2C8AAC4B3C48
Sophos Mal/Generic-R + Mal/EncPk-APV
SentinelOne Static AI - Malicious PE
Jiangmin Trojan.Banker.Qbot.qa
Avira TR/Kryptik.hllhw
Antiy-AVL GrayWare/Win32.Kryptik.ehls
Gridinsoft Trojan.Heur!.00002031
Microsoft Ransom:Win32/AvaddonCrypt.SO!MTB
AegisLab Trojan.Win32.Qbot.7!c
ZoneAlarm HEUR:Trojan-Banker.Win32.Qbot.pef
GData Trojan.GenericKDZ.67586
Cynet Malicious (score: 100)
AhnLab-V3 Trojan/Win32.Kryptik.R340095
McAfee W32/PinkSbot-GU!2C8AAC4B3C48
MAX malware (ai score=80)
VBA32 BScope.Trojan.Inject
Malwarebytes Backdoor.Qbot
APEX Malicious
ESET-NOD32 a variant of Win32/Kryptik.HDWA
Rising Trojan.Kryptik!1.C745 (CLASSIC)
Yandex Trojan.Kryptik!nG6pY4NFbuo
Ikarus Backdoor.QBot
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

2020-06-03 21:12:30

Imports

Library KERNEL32.dll:
0x50a6a8 GetLastError
0x50a6ac Sleep
0x50a6b0 LoadLibraryA
0x50a6b4 GetProcAddress
0x50a6b8 GetModuleHandleW
0x50a6bc ConnectNamedPipe
0x50a6c0 CreateEventA
0x50a6c4 DuplicateHandle
0x50a6c8 CopyFileExW
0x50a6cc VerSetConditionMask
0x50a6d0 CompareFileTime
0x50a6e0 EndUpdateResourceA
0x50a6e4 GetOverlappedResult
0x50a6ec OpenSemaphoreA
0x50a6f0 OpenEventA
0x50a6f4 GetShortPathNameA
0x50a6f8 LoadLibraryW
0x50a6fc OutputDebugStringA
0x50a700 LoadLibraryExW
0x50a704 LocalAlloc
0x50a708 GlobalFree
0x50a70c GetCurrentThreadId
0x50a710 CreateProcessA
0x50a714 GlobalAlloc
0x50a718 GetSystemDirectoryW
0x50a720 GetDiskFreeSpaceExW
0x50a724 GetUserDefaultLCID
0x50a728 IsValidLocale
0x50a72c GetStringTypeExW
0x50a730 IsValidCodePage
0x50a734 CompareStringW
0x50a738 GetShortPathNameW
0x50a73c GetLongPathNameW
0x50a740 CreateFileA
0x50a744 GetCurrentThread
0x50a748 GlobalMemoryStatus
0x50a74c ReleaseSemaphore
0x50a754 EnumUILanguagesW
0x50a758 EnumSystemLocalesW
0x50a75c GetCalendarInfoW
0x50a764 VirtualProtect
0x50a76c GetTempFileNameA
0x50a770 GetTempPathA
0x50a774 InterlockedExchange
0x50a77c GetStartupInfoA
0x50a784 IsDebuggerPresent
0x50a788 lstrcmpiW
0x50a78c GetThreadContext
0x50a790 GetThreadTimes
0x50a794 GetPriorityClass
0x50a798 HeapDestroy
0x50a79c HeapCreate
0x50a7a0 TerminateThread
0x50a7a8 GetLocalTime
0x50a7b4 GetCommandLineW
0x50a7b8 ReleaseMutex
0x50a7bc WaitForSingleObject
0x50a7c8 GetCurrentProcess
0x50a7cc TerminateProcess
0x50a7d0 DeleteFileW
0x50a7d4 CreateThread
0x50a7d8 CloseHandle
0x50a7dc GetCurrentProcessId
0x50a7e4 GetModuleHandleA
0x50a7e8 MapViewOfFile
0x50a7ec GetVersionExW
0x50a7f0 GetVersionExA
0x50a7f4 GetModuleFileNameW
0x50a7f8 FreeLibrary
0x50a800 GetProcessHeap
0x50a808 MultiByteToWideChar
0x50a810 GetTimeFormatW
0x50a814 GetDateFormatW
0x50a818 GetTickCount
0x50a81c SetLastError
0x50a820 LocalFree
0x50a824 WriteFile
0x50a828 FindNextFileW
0x50a82c FindClose
0x50a830 FindFirstFileW
0x50a838 MoveFileW
0x50a83c SetFilePointer
0x50a840 GetComputerNameA
0x50a844 SetPriorityClass
0x50a848 UnmapViewOfFile
0x50a84c GetFileSize
0x50a850 CreateFileMappingA
0x50a854 SuspendThread
0x50a858 ExitThread
0x50a85c MulDiv
0x50a860 GetModuleFileNameA
0x50a870 GetACP
0x50a878 SetEvent
0x50a87c CreateProcessW
0x50a884 WideCharToMultiByte
0x50a888 GetTempPathW
0x50a88c GetFileAttributesW
0x50a890 SetEndOfFile
0x50a894 IsDBCSLeadByte
0x50a898 GetSystemDirectoryA
0x50a89c SetThreadPriority
0x50a8a0 CreateRemoteThread
0x50a8a4 OpenProcess
0x50a8a8 LoadLibraryExA
0x50a8b0 CreateDirectoryW
0x50a8b4 ReadProcessMemory
0x50a8b8 VirtualQueryEx
0x50a8bc GetSystemInfo
0x50a8c0 HeapFree
0x50a8c4 HeapSize
0x50a8c8 HeapValidate
0x50a8cc HeapAlloc
0x50a8d0 HeapReAlloc
0x50a8d4 VirtualAlloc
0x50a8d8 RaiseException
0x50a8dc TlsSetValue
0x50a8e0 SetFileAttributesW
0x50a8e4 CreateSemaphoreA
0x50a8e8 FlushFileBuffers
0x50a8ec ResumeThread
0x50a8f4 TlsAlloc
0x50a8f8 VirtualFree
0x50a8fc TlsGetValue
0x50a900 TlsFree
0x50a904 GetVersion
0x50a908 GetFileType
0x50a90c CreateFileW
0x50a910 GetLocaleInfoW
0x50a914 GetProcessTimes
0x50a918 CreateMutexA
0x50a91c OpenMutexA
0x50a920 GetThreadPriority
Library USER32.dll:
0x50a928 CreatePopupMenu
0x50a92c CloseClipboard
0x50a930 AnyPopup
0x50a934 CreateMenu
0x50a93c EndMenu
0x50a940 LoadCursorFromFileW
0x50a944 GetWindowDC
0x50a94c IsCharLowerW
0x50a950 LoadCursorFromFileA
0x50a954 LoadIconW
0x50a958 wvsprintfW
0x50a95c ReleaseDC
0x50a960 GetDC
0x50a964 SendMessageW
0x50a968 SetDlgItemTextW
0x50a96c SetFocus
0x50a970 EndDialog
0x50a974 DestroyIcon
0x50a978 SendDlgItemMessageW
0x50a97c GetDlgItemTextW
0x50a980 GetClassNameW
0x50a984 DialogBoxParamW
0x50a988 IsWindowVisible
0x50a98c WaitForInputIdle
0x50a990 SetForegroundWindow
0x50a994 GetSysColor
0x50a998 PostMessageW
0x50a99c LoadBitmapW
0x50a9a0 CharToOemA
0x50a9a4 OemToCharA
0x50a9a8 FindWindowExW
0x50a9ac wvsprintfA
0x50a9b0 GetParent
0x50a9b4 MapWindowPoints
0x50a9b8 CreateWindowExW
0x50a9bc UpdateWindow
0x50a9c0 SetWindowTextW
0x50a9c4 LoadCursorW
0x50a9c8 RegisterClassExW
0x50a9cc SetWindowLongW
0x50a9d0 GetWindowLongW
0x50a9d4 DefWindowProcW
0x50a9d8 PeekMessageW
0x50a9dc GetMessageW
0x50a9e0 TranslateMessage
0x50a9e4 DispatchMessageW
0x50a9e8 DestroyWindow
0x50a9ec GetClientRect
0x50a9f0 IsWindow
0x50a9f4 CharToOemBuffW
0x50a9f8 MessageBoxW
0x50a9fc ShowWindow
0x50aa00 GetDlgItem
0x50aa04 EnableWindow
0x50aa08 OemToCharBuffA
0x50aa0c CharUpperA
0x50aa10 CharToOemBuffA
0x50aa14 LoadStringW
0x50aa18 SetWindowPos
0x50aa1c GetWindowTextW
0x50aa20 GetSystemMetrics
0x50aa24 GetWindow
0x50aa28 CharUpperW
0x50aa2c GetWindowRect
0x50aa30 CopyRect
0x50aa38 LoadMenuIndirectW
0x50aa3c GetWindowTextA
0x50aa40 DrawIconEx
0x50aa44 WINNLSGetIMEHotkey
0x50aa48 GetMessageA
0x50aa4c AdjustWindowRectEx
0x50aa50 GetActiveWindow
0x50aa58 wsprintfW
0x50aa5c SendNotifyMessageW
0x50aa60 GetClassInfoExW
0x50aa68 GetClassLongA
0x50aa6c GetMonitorInfoA
0x50aa78 GetClipboardViewer
0x50aa80 DdeCmpStringHandles
0x50aa88 CheckMenuRadioItem
0x50aa8c SendIMEMessageExW
0x50aa90 GetDlgCtrlID
0x50aa94 DrawTextA
0x50aa98 DrawTextW
0x50aa9c MapDialogRect
0x50aaa0 CallWindowProcA
0x50aaa4 MoveWindow
0x50aaa8 GetKeyboardLayout
0x50aaac LoadBitmapA
0x50aab0 CallWindowProcW
0x50aab4 SetRectEmpty
0x50aab8 PostMessageA
0x50aabc SendMessageA
0x50aac0 DefWindowProcA
0x50aac4 SetTimer
0x50aac8 KillTimer
0x50aacc PostQuitMessage
0x50aad0 DispatchMessageA
0x50aad4 IsDialogMessageA
0x50aad8 CreateWindowExA
0x50aadc RegisterClassExA
0x50aae0 DialogBoxParamA
0x50aae8 GetWindowLongA
0x50aaec LoadIconA
0x50aaf0 SetWindowLongA
0x50aaf4 FillRect
0x50aaf8 GetSysColorBrush
0x50aafc SetWindowTextA
0x50ab00 CreateDialogParamW
0x50ab04 EnumDisplayMonitors
0x50ab08 LoadCursorA
0x50ab0c SetCursor
0x50ab10 DrawFocusRect
0x50ab14 InvalidateRect
0x50ab18 SendDlgItemMessageA
0x50ab1c CheckDlgButton
0x50ab20 LoadStringA
0x50ab24 IsDlgButtonChecked
0x50ab28 SetDlgItemTextA
0x50ab2c GetScrollInfo
0x50ab30 SetScrollInfo
0x50ab34 GetFocus
0x50ab38 FlashWindowEx
0x50ab3c GetForegroundWindow
0x50ab40 GetWindowPlacement
0x50ab44 IsIconic
0x50ab4c EnumWindows
0x50ab50 SendMessageTimeoutA
0x50ab54 IsWindowUnicode
0x50ab58 GetClassNameA
Library GDI32.dll:
0x50ab60 GetBkColor
0x50ab64 DeleteObject
0x50ab68 GetTextColor
0x50ab6c AbortPath
0x50ab70 CreateMetaFileA
0x50ab74 GetFontLanguageInfo
0x50ab78 GetBkMode
0x50ab7c CreateMetaFileW
0x50ab80 CancelDC
0x50ab84 GetEnhMetaFileA
0x50ab88 GetGraphicsMode
0x50ab8c GetLayout
0x50ab90 RealizePalette
0x50ab94 CreateCompatibleDC
0x50ab98 GetObjectType
0x50aba0 CreatePatternBrush
0x50aba4 GetStockObject
0x50aba8 SaveDC
0x50abac DeleteDC
0x50abb0 GetSystemPaletteUse
0x50abb4 GetDCPenColor
0x50abb8 GetEnhMetaFileW
0x50abbc BeginPath
0x50abc0 WidenPath
0x50abc4 GetStretchBltMode
0x50abc8 CloseMetaFile
0x50abcc EndPath
0x50abd0 FillPath
0x50abd4 GdiGetBatchLimit
0x50abd8 PathToRegion
0x50abdc SwapBuffers
0x50abe0 AddFontResourceW
0x50abe4 FlattenPath
0x50abe8 AddFontResourceA
0x50abec GetPixelFormat
0x50abf0 GetTextCharset
0x50abf4 GdiFlush
0x50abf8 AbortDoc
0x50abfc GetTextAlign
0x50ac00 GetMapMode
0x50ac04 EndPage
0x50ac08 DeleteColorSpace
0x50ac0c EndDoc
0x50ac10 DeleteMetaFile
0x50ac14 CreateSolidBrush
0x50ac18 UpdateColors
0x50ac1c UnrealizeObject
0x50ac20 GetPolyFillMode
0x50ac24 DeleteEnhMetaFile
0x50ac2c CloseEnhMetaFile
0x50ac30 CloseFigure
0x50ac34 GetDCBrushColor
0x50ac38 GetColorSpace
0x50ac3c GetROP2
0x50ac40 SetMetaRgn
0x50ac44 StrokePath
0x50ac48 GetDeviceCaps
0x50ac4c GetObjectW
0x50ac54 SelectObject
0x50ac58 StretchBlt
0x50ac60 GdiGetSpoolMessage
0x50ac64 PATHOBJ_bEnum
0x50ac68 CreateFontIndirectW
0x50ac70 RemoveFontResourceW
0x50ac74 NamedEscape
0x50ac7c SelectClipPath
0x50ac80 CreateRectRgn
0x50ac84 Ellipse
0x50ac88 StretchDIBits
0x50ac8c CreateBitmap
0x50ac90 GetCharABCWidthsW
0x50ac94 CreateFontA
0x50ac98 EnumObjects
0x50ac9c CreateICA
0x50aca0 GdiEntry6
0x50aca4 StartDocW
0x50acac GetTransform
0x50acb0 RestoreDC
0x50acb4 GetTextFaceA
0x50acb8 SetMapMode
0x50acc0 SetTextAlign
0x50acc4 GetTextMetricsA
0x50acc8 GetObjectA
0x50accc ExtTextOutW
0x50acd0 SetBkMode
0x50acd4 SetTextColor
0x50acd8 GetTextFaceW
0x50acdc CreateDCA
0x50ace4 CreateFontIndirectA
0x50ace8 SetBkColor
0x50acec CreateBrushIndirect
Library COMDLG32.dll:
0x50acf4 GetOpenFileNameW
0x50acfc GetSaveFileNameW
Library ADVAPI32.dll:
0x50ad04 GetUserNameA
0x50ad08 RegOpenKeyA
0x50ad0c RegQueryValueExA
0x50ad10 RegOpenKeyExW
0x50ad18 OpenProcessToken
0x50ad1c RegQueryValueExW
0x50ad20 RegCreateKeyExW
0x50ad24 RegSetValueExW
0x50ad28 RegCloseKey
0x50ad2c SetFileSecurityW
0x50ad30 SetFileSecurityA
0x50ad3c RegQueryInfoKeyW
0x50ad40 ReportEventW
0x50ad48 ReportEventA
0x50ad50 RegQueryInfoKeyA
0x50ad54 RegEnumValueA
0x50ad58 RegEnumKeyExA
0x50ad5c RegDeleteValueA
0x50ad6c RegCreateKeyExA
0x50ad70 RegDeleteValueW
0x50ad74 RegOpenKeyExA
0x50ad78 RegSetValueExA
0x50ad7c RegEnumKeyW
0x50ad80 RegEnumValueW
0x50ad84 GetLengthSid
0x50ad88 AddAccessAllowedAce
0x50ad8c AddAccessDeniedAce
0x50ad90 InitializeAcl
0x50ad98 CopySid
0x50ad9c OpenThreadToken
0x50ada0 IsValidSid
0x50adb4 FreeSid
0x50adb8 GetTokenInformation
Library SHELL32.dll:
0x50adc0 SHChangeNotify
0x50adc4 ShellExecuteExW
0x50adc8 SHFileOperationW
0x50adcc SHGetFileInfoW
0x50add4 SHGetMalloc
0x50add8 SHBrowseForFolderW
0x50ade0 ExtractIconEx
0x50ade8 DoEnvironmentSubstW
0x50adec ExtractIconExA
0x50adf4 ShellExecuteExA
Library ole32.dll:
0x50ae00 OleInitialize
0x50ae04 CoCreateInstance
0x50ae08 OleUninitialize
0x50ae0c CLSIDFromString
0x50ae10 StringFromIID
0x50ae14 CoTaskMemFree
0x50ae18 CoUninitialize
0x50ae1c CoInitializeEx
Library SHLWAPI.dll:
0x50ae24 SHAutoComplete
0x50ae28 StrCmpNIA
0x50ae2c AssocQueryStringW
0x50ae30 UrlGetPartA
0x50ae34 wnsprintfA
Library COMCTL32.dll:
0x50ae44 ImageList_Create
0x50ae48 ImageList_Destroy

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 51808 114.114.114.114 53
192.168.56.101 51963 114.114.114.114 53
192.168.56.101 55368 114.114.114.114 53
192.168.56.101 60215 114.114.114.114 53
192.168.56.101 60384 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 123 20.189.79.72 time.windows.com 123
192.168.56.101 49713 224.0.0.252 5355
192.168.56.101 51378 224.0.0.252 5355
192.168.56.101 53237 224.0.0.252 5355
192.168.56.101 56539 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 58367 224.0.0.252 5355
192.168.56.101 60123 224.0.0.252 5355
192.168.56.101 61680 224.0.0.252 5355
192.168.56.101 62318 224.0.0.252 5355
192.168.56.101 65004 224.0.0.252 5355
192.168.56.101 1900 239.255.255.250 1900
192.168.56.101 51379 239.255.255.250 3702

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.