5.6
高危
52 个模型检测该样本为恶意!
重新分析
更多

51c6e8784fe2faa618b8b7df5df29d627c8070c8c793bec66df8449f8cff1e2d

2cb292ca47f6a3a3f3dfab1347a700ae.exe

分析耗时

81s

最近分析

文件大小

644.3KB
静态报毒 动态报毒 4R6OV34DQZ8 A VARIANT OF GENERIK AI SCORE=88 ASDA CONFIDENCE EMOTET GENCIRC GENERIC@ML GENERICKD HCEJ HIGH CONFIDENCE HJAZHVBG39K HRVLQH IGENERIC KRYPTIK KZIP MALWAREX MASSON MBGWYMW OQX@A8SNPEDJ QQBKF@0 R349666 RDML SCORE SUSGEN SUSPICIOUS PE TRICKBOT UNSAFE VSNTHD20 WANNACRY WRKZ8Q ZENPAK ZEXAF 更多
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
Alibaba Backdoor:Win32/KZip.48d3650d 20190527 0.3.0.5
CrowdStrike win/malicious_confidence_60% (W) 20190702 1.0
Baidu 20190318 1.0.0.2
Kingsoft 20200909 2013.8.14.323
McAfee Emotet-FRV!2CB292CA47F6 20200909 6.0.6.653
Tencent Malware.Win32.Gencirc.11acafd4 20200909 1.0.0.1
静态指标
Queries for the computername (1 个事件)
Time & API Arguments Status Return Repeated
1619346370.093499
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
The executable uses a known packer (1 个事件)
packer Armadillo v1.71
行为判定
动态指标
Allocates read-write-execute memory (usually to unpack itself) (9 个事件)
Time & API Arguments Status Return Repeated
1619346336.062374
NtAllocateVirtualMemory
process_identifier: 2064
region_size: 212992
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x01e80000
success 0 0
1619346336.077374
NtProtectVirtualMemory
process_identifier: 2064
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 204800
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x002e7000
success 0 0
1619346336.077374
NtProtectVirtualMemory
process_identifier: 2064
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 200704
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x02081000
success 0 0
1619346360.468374
NtAllocateVirtualMemory
process_identifier: 2064
region_size: 12288
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x005a0000
success 0 0
1619346360.468374
NtAllocateVirtualMemory
process_identifier: 2064
region_size: 12288
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 8192 (MEM_RESERVE)
base_address: 0x10000000
success 0 0
1619346360.468374
NtAllocateVirtualMemory
process_identifier: 2064
region_size: 8192
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x10001000
success 0 0
1619346360.468374
NtAllocateVirtualMemory
process_identifier: 2064
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x005b0000
success 0 0
1619346360.468374
NtAllocateVirtualMemory
process_identifier: 2064
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x01ff0000
success 0 0
1619346360.468374
NtAllocateVirtualMemory
process_identifier: 2064
region_size: 143360
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x02040000
success 0 0
Foreign language identified in PE resource (35 个事件)
name RT_CURSOR language LANG_CHINESE offset 0x000a6790 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x000000b4
name RT_CURSOR language LANG_CHINESE offset 0x000a6790 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x000000b4
name RT_BITMAP language LANG_CHINESE offset 0x000a7168 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000144
name RT_BITMAP language LANG_CHINESE offset 0x000a7168 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000144
name RT_BITMAP language LANG_CHINESE offset 0x000a7168 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000144
name RT_BITMAP language LANG_CHINESE offset 0x000a7168 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000144
name RT_BITMAP language LANG_CHINESE offset 0x000a7168 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000144
name RT_ICON language LANG_CHINESE offset 0x00072290 filetype GLS_BINARY_LSB_FIRST sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000468
name RT_ICON language LANG_CHINESE offset 0x00072290 filetype GLS_BINARY_LSB_FIRST sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000468
name RT_ICON language LANG_CHINESE offset 0x00072290 filetype GLS_BINARY_LSB_FIRST sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000468
name RT_ICON language LANG_CHINESE offset 0x00072290 filetype GLS_BINARY_LSB_FIRST sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000468
name RT_ICON language LANG_CHINESE offset 0x00072290 filetype GLS_BINARY_LSB_FIRST sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000468
name RT_ICON language LANG_CHINESE offset 0x00072290 filetype GLS_BINARY_LSB_FIRST sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000468
name RT_ICON language LANG_CHINESE offset 0x00072290 filetype GLS_BINARY_LSB_FIRST sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000468
name RT_DIALOG language LANG_CHINESE offset 0x000a6e58 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x000000e2
name RT_DIALOG language LANG_CHINESE offset 0x000a6e58 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x000000e2
name RT_DIALOG language LANG_CHINESE offset 0x000a6e58 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x000000e2
name RT_DIALOG language LANG_CHINESE offset 0x000a6e58 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x000000e2
name RT_DIALOG language LANG_CHINESE offset 0x000a6e58 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x000000e2
name RT_DIALOG language LANG_CHINESE offset 0x000a6e58 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x000000e2
name RT_STRING language LANG_CHINESE offset 0x000a7bc0 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000024
name RT_STRING language LANG_CHINESE offset 0x000a7bc0 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000024
name RT_STRING language LANG_CHINESE offset 0x000a7bc0 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000024
name RT_STRING language LANG_CHINESE offset 0x000a7bc0 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000024
name RT_STRING language LANG_CHINESE offset 0x000a7bc0 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000024
name RT_STRING language LANG_CHINESE offset 0x000a7bc0 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000024
name RT_STRING language LANG_CHINESE offset 0x000a7bc0 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000024
name RT_STRING language LANG_CHINESE offset 0x000a7bc0 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000024
name RT_STRING language LANG_CHINESE offset 0x000a7bc0 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000024
name RT_STRING language LANG_CHINESE offset 0x000a7bc0 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000024
name RT_STRING language LANG_CHINESE offset 0x000a7bc0 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000024
name RT_STRING language LANG_CHINESE offset 0x000a7bc0 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000024
name RT_RCDATA language LANG_CHINESE offset 0x00072760 filetype PGP\011Secret Sub-key - sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00033144
name RT_GROUP_CURSOR language LANG_CHINESE offset 0x000a6848 filetype Lotus unknown worksheet or configuration, revision 0x2 sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000022
name RT_GROUP_ICON language LANG_CHINESE offset 0x000726f8 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000068
Searches running processes potentially to identify processes for sandbox evasion, code injection or memory dumping (2 个事件)
The binary likely contains encrypted or compressed data indicative of a packer (2 个事件)
entropy 7.3591873822296625 section {'size_of_data': '0x0004d000', 'virtual_address': '0x0005b000', 'entropy': 7.3591873822296625, 'name': '.rsrc', 'virtual_size': '0x0004cbe8'} description A section with a high entropy has been found
entropy 0.48125 description Overall entropy of this PE file is high
Checks for the Locally Unique Identifier on the system for a suspicious privilege (3 个事件)
Time & API Arguments Status Return Repeated
1619346362.734499
LookupPrivilegeValueW
system_name:
privilege_name: SeDebugPrivilege
success 1 0
1619346364.577499
LookupPrivilegeValueW
system_name:
privilege_name: SeDebugPrivilege
success 1 0
1619346367.484499
LookupPrivilegeValueW
system_name:
privilege_name: SeDebugPrivilege
success 1 0
网络通信
Communicates with host for which no DNS query was performed (1 个事件)
host 172.217.24.14
File has been identified by 52 AntiVirus engines on VirusTotal as malicious (50 out of 52 个事件)
Elastic malicious (high confidence)
MicroWorld-eScan Trojan.GenericKD.43660329
FireEye Generic.mg.2cb292ca47f6a3a3
CAT-QuickHeal Trojan.IGENERIC
ALYac Trojan.GenericKD.43660329
Cylance Unsafe
Zillya Trojan.Zenpak.Win32.2976
K7AntiVirus Trojan ( 0056c7881 )
Alibaba Backdoor:Win32/KZip.48d3650d
K7GW Trojan ( 0056c7881 )
CrowdStrike win/malicious_confidence_60% (W)
Arcabit Trojan.Generic.D29A3429
Invincea Mal/Generic-S
Symantec Ransom.Wannacry
APEX Malicious
Paloalto generic.ml
Kaspersky Trojan.Win32.Zenpak.asda
BitDefender Trojan.GenericKD.43660329
NANO-Antivirus Trojan.Win32.Zenpak.hrvlqh
Rising Trojan.Generic@ML.86 (RDML:UE+/4r6oV34Dqz8/WrkZ8Q)
Ad-Aware Trojan.GenericKD.43660329
Comodo TrojWare.Win32.Agent.qqbkf@0
F-Secure Trojan.TR/AD.TrickBot.BM
DrWeb Trojan.Packed.140
VIPRE Trojan.Win32.Generic!BT
TrendMicro TROJ_FRS.VSNTHD20
Sophos Mal/Generic-S
SentinelOne DFI - Suspicious PE
Jiangmin Trojan.Zenpak.ctm
Webroot W32.Trojan.Gen
Avira TR/AD.TrickBot.BM
Antiy-AVL Trojan/Win32.Zenpak
Microsoft Trojan:Win32/Masson.A!rfn
AegisLab Trojan.Multi.Generic.4!c
ZoneAlarm Trojan.Win32.Zenpak.asda
GData Trojan.GenericKD.43660329
Cynet Malicious (score: 85)
AhnLab-V3 Trojan/Win32.RL_Emotet.R349666
McAfee Emotet-FRV!2CB292CA47F6
MAX malware (ai score=88)
VBA32 Trojan.Zenpak
Malwarebytes Trojan.MalPack.TRE
ESET-NOD32 a variant of Generik.MBGWYMW
TrendMicro-HouseCall TROJ_FRS.VSNTHD20
Tencent Malware.Win32.Gencirc.11acafd4
Yandex Trojan.Agent!HjazHVBg39k
Ikarus Trojan.SuspectCRC
Fortinet W32/Kryptik.HCEJ!tr
BitDefenderTheta Gen:NN.ZexaF.34216.OqX@a8sNpedj
AVG Win32:MalwareX-gen [Trj]
Connects to IP addresses that are no longer responding to requests (legitimate services will remain up-and-running usually) (2 个事件)
dead_host 172.217.24.14:443
dead_host 216.58.200.238:443
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

2020-08-13 21:17:45

Imports

Library KERNEL32.dll:
0x4410ec HeapDestroy
0x4410f0 HeapCreate
0x4410f4 VirtualFree
0x4410f8 VirtualAlloc
0x4410fc IsBadWritePtr
0x441100 LCMapStringA
0x441104 LCMapStringW
0x441108 Sleep
0x441120 SetHandleCount
0x441124 GetStdHandle
0x441128 GetFileType
0x44112c GetStringTypeW
0x441130 IsBadReadPtr
0x441134 IsBadCodePtr
0x441138 SetStdHandle
0x44113c IsValidLocale
0x441140 IsValidCodePage
0x441144 GetLocaleInfoA
0x441148 EnumSystemLocalesA
0x44114c GetUserDefaultLCID
0x441150 GetVersionExA
0x441154 GetLocaleInfoW
0x441158 CompareStringA
0x44115c CompareStringW
0x441168 GetProfileStringA
0x44116c InterlockedExchange
0x441170 GetACP
0x441174 HeapSize
0x441178 HeapReAlloc
0x44117c TerminateProcess
0x441180 HeapAlloc
0x441184 GetCommandLineA
0x441188 GetStartupInfoA
0x44118c HeapFree
0x441190 RaiseException
0x441194 RtlUnwind
0x441198 GetFileTime
0x44119c GetFileSize
0x4411a0 GetFileAttributesA
0x4411a4 GetTickCount
0x4411b0 GetFullPathNameA
0x4411b8 FindFirstFileA
0x4411bc FindClose
0x4411c0 SetEndOfFile
0x4411c4 UnlockFile
0x4411c8 LockFile
0x4411cc FlushFileBuffers
0x4411d0 SetFilePointer
0x4411d4 WriteFile
0x4411d8 ReadFile
0x4411dc CreateFileA
0x4411e0 GetCurrentProcess
0x4411e4 DuplicateHandle
0x4411e8 SetErrorMode
0x4411ec GetThreadLocale
0x4411f4 GetOEMCP
0x4411f8 GetCPInfo
0x4411fc GetProcessVersion
0x441200 TlsGetValue
0x441204 LocalReAlloc
0x441208 TlsSetValue
0x441210 GlobalReAlloc
0x441218 TlsFree
0x44121c GlobalHandle
0x441224 TlsAlloc
0x44122c LocalAlloc
0x441230 SizeofResource
0x441234 GetLastError
0x441238 GlobalFlags
0x44123c CloseHandle
0x441240 GetModuleFileNameA
0x441244 GlobalAlloc
0x441248 lstrcmpA
0x44124c GetCurrentThread
0x441250 FormatMessageA
0x441254 LocalFree
0x441258 MultiByteToWideChar
0x44125c WideCharToMultiByte
0x441268 SetLastError
0x44126c FreeLibrary
0x441270 GetVersion
0x441274 lstrcatA
0x441278 GetCurrentThreadId
0x44127c GlobalGetAtomNameA
0x441280 lstrcmpiA
0x441284 GlobalAddAtomA
0x441288 GlobalFindAtomA
0x44128c GlobalDeleteAtom
0x441290 GetModuleHandleA
0x441294 GetProcAddress
0x441298 GlobalLock
0x44129c GlobalUnlock
0x4412a0 GlobalFree
0x4412a4 LockResource
0x4412a8 FindResourceA
0x4412ac LoadResource
0x4412b0 ExitProcess
0x4412b4 lstrcpyA
0x4412b8 lstrcpynA
0x4412c0 LoadLibraryA
0x4412c4 MulDiv
0x4412c8 GetStringTypeA
0x4412cc lstrlenA
Library USER32.dll:
0x44130c CharNextA
0x441314 SetRect
0x441318 MessageBeep
0x44131c CharUpperA
0x441324 PostThreadMessageA
0x441328 IsWindowVisible
0x44132c MessageBoxA
0x441330 IsChild
0x441334 WinHelpA
0x441338 wsprintfA
0x44133c GetClassInfoA
0x441340 RegisterClassA
0x441344 GetMenu
0x441348 TrackPopupMenu
0x441350 GetWindowTextA
0x441354 GetDlgCtrlID
0x441358 GetKeyState
0x44135c DefWindowProcA
0x441360 CreateWindowExA
0x441364 SetWindowsHookExA
0x441368 CallNextHookEx
0x44136c GetClassLongA
0x441370 SetPropA
0x441374 UnhookWindowsHookEx
0x441378 GetPropA
0x44137c CallWindowProcA
0x441380 RemovePropA
0x441384 GetMessageTime
0x441388 GetMessagePos
0x44138c GetLastActivePopup
0x441390 GetForegroundWindow
0x441394 SetForegroundWindow
0x441398 GetWindow
0x44139c SetWindowLongA
0x4413a0 SetWindowPos
0x4413ac GetWindowPlacement
0x4413b0 GetNextDlgTabItem
0x4413b4 EndDialog
0x4413b8 SetActiveWindow
0x4413bc IsWindow
0x4413c4 TranslateMessage
0x4413c8 GetDlgItem
0x4413cc IsWindowEnabled
0x4413d0 SetParent
0x4413d4 GetTopWindow
0x4413d8 GetFocus
0x4413dc SetFocus
0x4413e0 GetWindowLongA
0x4413e4 IsIconic
0x4413e8 GetSystemMetrics
0x4413ec DrawIcon
0x4413f0 GetSystemMenu
0x4413f4 AppendMenuA
0x4413f8 LoadIconA
0x4413fc UpdateWindow
0x441400 PtInRect
0x441408 CopyIcon
0x44140c GetClientRect
0x441410 SetMenuItemBitmaps
0x441414 ModifyMenuA
0x441418 GetMenuState
0x44141c GetMenuItemID
0x441420 GetMenuItemCount
0x441424 EnableMenuItem
0x441428 CheckMenuItem
0x44142c EnableWindow
0x441430 SendMessageA
0x441434 InvalidateRect
0x441438 UnregisterClassA
0x44143c HideCaret
0x441440 ShowCaret
0x441444 ExcludeUpdateRgn
0x441448 DefDlgProcA
0x44144c GetDC
0x441450 ReleaseDC
0x441454 LoadBitmapA
0x441458 PostMessageA
0x44145c CopyRect
0x441460 InflateRect
0x441464 FrameRect
0x441468 GetSysColorBrush
0x44146c DrawFocusRect
0x441470 DrawStateA
0x441474 OffsetRect
0x441478 GetDesktopWindow
0x44147c GetClassNameA
0x441480 IntersectRect
0x441484 MapDialogRect
0x441488 DrawEdge
0x44148c DrawFrameControl
0x441490 GetSysColor
0x441494 FillRect
0x441498 SetCursor
0x44149c GetWindowRect
0x4414a0 GetSubMenu
0x4414a4 GetActiveWindow
0x4414a8 GetCapture
0x4414ac SetCapture
0x4414b0 ClientToScreen
0x4414b4 WindowFromPoint
0x4414b8 ReleaseCapture
0x4414bc IsWindowUnicode
0x4414c0 GetNextDlgGroupItem
0x4414c4 GetParent
0x4414c8 ValidateRect
0x4414cc PostQuitMessage
0x4414d0 LoadStringA
0x4414d4 GetCursorPos
0x4414d8 GrayStringA
0x4414dc DrawTextA
0x4414e0 TabbedTextOutA
0x4414e4 EndPaint
0x4414e8 BeginPaint
0x4414ec GetWindowDC
0x4414f0 DestroyMenu
0x4414f8 ShowWindow
0x4414fc MoveWindow
0x441500 SetWindowTextA
0x441504 IsDialogMessageA
0x441508 SendDlgItemMessageA
0x44150c MapWindowPoints
0x441510 DispatchMessageA
0x441514 LoadCursorA
0x441518 GetMessageA
0x44151c AdjustWindowRectEx
0x441520 ScreenToClient
0x441524 DestroyWindow
0x441528 PeekMessageA
Library GDI32.dll:
0x44102c OffsetViewportOrgEx
0x441030 SetViewportExtEx
0x441034 ScaleViewportExtEx
0x441038 SetWindowExtEx
0x44103c ScaleWindowExtEx
0x441040 IntersectClipRect
0x441044 MoveToEx
0x441048 LineTo
0x44104c SetViewportOrgEx
0x441050 GetViewportExtEx
0x441054 GetWindowExtEx
0x441058 CreateSolidBrush
0x44105c PtVisible
0x441060 RectVisible
0x441064 TextOutA
0x441068 ExtTextOutA
0x44106c Escape
0x441070 PatBlt
0x441074 GetMapMode
0x441078 DPtoLP
0x44107c GetTextColor
0x441080 GetBkColor
0x441084 LPtoDP
0x441088 SetMapMode
0x44108c SetBkMode
0x441090 SelectObject
0x441094 RestoreDC
0x441098 SaveDC
0x44109c DeleteDC
0x4410a0 CreateBitmap
0x4410a4 SetBkColor
0x4410a8 SetTextColor
0x4410ac GetClipBox
0x4410b0 Rectangle
0x4410b4 CreatePen
0x4410bc SetPixel
0x4410c0 GetDeviceCaps
0x4410c4 DeleteObject
0x4410c8 GetStockObject
0x4410cc GetObjectA
0x4410d0 CreateDIBitmap
0x4410d4 GetTextExtentPointA
0x4410d8 BitBlt
0x4410dc CreateCompatibleDC
0x4410e0 CreateFontIndirectA
Library comdlg32.dll:
0x441540 GetOpenFileNameA
0x441544 GetSaveFileNameA
0x441548 GetFileTitleA
Library WINSPOOL.DRV:
0x441530 ClosePrinter
0x441534 DocumentPropertiesA
0x441538 OpenPrinterA
Library ADVAPI32.dll:
0x441000 RegCreateKeyExA
0x441004 RegOpenKeyExA
0x441008 RegSetValueExA
0x44100c RegCloseKey
Library SHELL32.dll:
0x441304 ShellExecuteA
Library COMCTL32.dll:
0x441014 ImageList_GetIcon
0x441018 ImageList_AddMasked
0x44101c
0x441020 ImageList_Destroy
0x441024 ImageList_Create
Library oledlg.dll:
0x441590
Library ole32.dll:
0x441554 OleInitialize
0x441558 CoTaskMemAlloc
0x44155c CoTaskMemFree
0x44156c CoGetClassObject
0x441570 CLSIDFromString
0x441574 CLSIDFromProgID
0x44157c CoRevokeClassObject
0x441580 OleFlushClipboard
0x441588 OleUninitialize
Library OLEPRO32.DLL:
0x4412fc
Library OLEAUT32.dll:
0x4412d8 SysAllocStringLen
0x4412dc SysFreeString
0x4412e0 VariantCopy
0x4412e4 VariantChangeType
0x4412e8 SysAllocString
0x4412f0 SysStringLen
0x4412f4 VariantClear

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 50002 114.114.114.114 53
192.168.56.101 50534 114.114.114.114 53
192.168.56.101 50568 114.114.114.114 53
192.168.56.101 51808 114.114.114.114 53
192.168.56.101 56539 114.114.114.114 53
192.168.56.101 58367 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 123 20.189.79.72 time.windows.com 123
192.168.56.101 51378 224.0.0.252 5355
192.168.56.101 53237 224.0.0.252 5355
192.168.56.101 55368 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 60123 224.0.0.252 5355
192.168.56.101 60384 224.0.0.252 5355
192.168.56.101 62191 224.0.0.252 5355
192.168.56.101 62318 224.0.0.252 5355
192.168.56.101 62912 224.0.0.252 5355
192.168.56.101 65004 224.0.0.252 5355
192.168.56.101 1900 239.255.255.250 1900

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.