6.6
高危
58 个模型检测该样本为恶意!
重新分析
更多

c0157e0dccbf0ff1007c733d6fb6c5942dd3182b524e68a068fdff2f4e05eaa3

2cfc51a33dd53cd00b7f82dd2b056e53.exe

分析耗时

53s

最近分析

文件大小

2.1MB
静态报毒 动态报毒 100% AGEN AI SCORE=81 AIDETECTVM BANKERX BSCOPE CLASSIC CONFIDENCE DKW@AKILPIK ELDORADO ENCPK GENCIRC GENETIC GENKRYPTIK GOZI HBR@8QRQPO HCVA HIGH CONFIDENCE HIHELV INJECT3 KRYPTIK MALICIOUS PE MALWARE1 MINT PINKSBOT QAKBOT QBOT QBOTPMF REGOTET S12740246 SCORE TIGGRE TROJANBANKER ULISE UNSAFE ZEXAF 更多
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
Alibaba TrojanBanker:Win32/Qakbot.98e30fb5 20190527 0.3.0.5
Baidu 20190318 1.0.0.2
Avast Win32:BankerX-gen [Trj] 20200813 18.4.3895.0
Kingsoft 20200813 2013.8.14.323
McAfee W32/PinkSbot-GN!2CFC51A33DD5 20200813 6.0.6.653
Tencent Malware.Win32.Gencirc.10b9c1d8 20200813 1.0.0.1
CrowdStrike win/malicious_confidence_100% (W) 20190702 1.0
静态指标
Queries for the computername (3 个事件)
Time & API Arguments Status Return Repeated
1619368398.847501
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
1619368417.518501
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
1619368401.690499
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
Command line console output was observed (28 个事件)
Time & API Arguments Status Return Repeated
1619368419.003751
WriteConsoleA
buffer: ÕýÔÚ Ping 127.0.0.1
console_handle: 0x00000007
success 1 0
1619368419.018751
WriteConsoleA
buffer: ¾ßÓÐ 32 ×Ö½ÚµÄÊý¾Ý:
console_handle: 0x00000007
success 1 0
1619368419.018751
WriteConsoleA
buffer: À´×Ô 127.0.0.1 µÄ»Ø¸´:
console_handle: 0x00000007
success 1 0
1619368419.018751
WriteConsoleA
buffer: ×Ö½Ú=32
console_handle: 0x00000007
success 1 0
1619368419.018751
WriteConsoleA
buffer: ʱ¼ä<1ms
console_handle: 0x00000007
success 1 0
1619368419.018751
WriteConsoleA
buffer: TTL=128
console_handle: 0x00000007
success 1 0
1619368420.018751
WriteConsoleA
buffer: À´×Ô 127.0.0.1 µÄ»Ø¸´:
console_handle: 0x00000007
success 1 0
1619368420.018751
WriteConsoleA
buffer: ×Ö½Ú=32
console_handle: 0x00000007
success 1 0
1619368420.018751
WriteConsoleA
buffer: ʱ¼ä<1ms
console_handle: 0x00000007
success 1 0
1619368420.018751
WriteConsoleA
buffer: TTL=128
console_handle: 0x00000007
success 1 0
1619368421.018751
WriteConsoleA
buffer: À´×Ô 127.0.0.1 µÄ»Ø¸´:
console_handle: 0x00000007
success 1 0
1619368421.018751
WriteConsoleA
buffer: ×Ö½Ú=32
console_handle: 0x00000007
success 1 0
1619368421.018751
WriteConsoleA
buffer: ʱ¼ä<1ms
console_handle: 0x00000007
success 1 0
1619368421.018751
WriteConsoleA
buffer: TTL=128
console_handle: 0x00000007
success 1 0
1619368422.018751
WriteConsoleA
buffer: À´×Ô 127.0.0.1 µÄ»Ø¸´:
console_handle: 0x00000007
success 1 0
1619368422.018751
WriteConsoleA
buffer: ×Ö½Ú=32
console_handle: 0x00000007
success 1 0
1619368422.018751
WriteConsoleA
buffer: ʱ¼ä<1ms
console_handle: 0x00000007
success 1 0
1619368422.018751
WriteConsoleA
buffer: TTL=128
console_handle: 0x00000007
success 1 0
1619368423.018751
WriteConsoleA
buffer: À´×Ô 127.0.0.1 µÄ»Ø¸´:
console_handle: 0x00000007
success 1 0
1619368423.018751
WriteConsoleA
buffer: ×Ö½Ú=32
console_handle: 0x00000007
success 1 0
1619368423.018751
WriteConsoleA
buffer: ʱ¼ä<1ms
console_handle: 0x00000007
success 1 0
1619368423.018751
WriteConsoleA
buffer: TTL=128
console_handle: 0x00000007
success 1 0
1619368424.018751
WriteConsoleA
buffer: À´×Ô 127.0.0.1 µÄ»Ø¸´:
console_handle: 0x00000007
success 1 0
1619368424.018751
WriteConsoleA
buffer: ×Ö½Ú=32
console_handle: 0x00000007
success 1 0
1619368424.018751
WriteConsoleA
buffer: ʱ¼ä<1ms
console_handle: 0x00000007
success 1 0
1619368424.018751
WriteConsoleA
buffer: TTL=128
console_handle: 0x00000007
success 1 0
1619368424.065751
WriteConsoleA
buffer: 127.0.0.1 µÄ Ping ͳ¼ÆÐÅÏ¢: Êý¾Ý°ü: ÒÑ·¢ËÍ = 6£¬ÒѽÓÊÕ = 6£¬¶ªÊ§ = 0 (0% ¶ªÊ§)£¬
console_handle: 0x00000007
success 1 0
1619368424.065751
WriteConsoleA
buffer: Íù·µÐг̵ĹÀ¼Æʱ¼ä(ÒÔºÁÃëΪµ¥Î»): ×î¶Ì = 0ms£¬× = 0ms£¬Æ½¾ù = 0ms
console_handle: 0x00000007
success 1 0
Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available (1 个事件)
Time & API Arguments Status Return Repeated
1619368418.972751
GlobalMemoryStatusEx
success 1 0
One or more processes crashed (3 个事件)
Time & API Arguments Status Return Repeated
1619368417.518501
__exception__
stacktrace: 
2cfc51a33dd53cd00b7f82dd2b056e53+0x8ec9 @ 0x408ec9
2cfc51a33dd53cd00b7f82dd2b056e53+0x17cc @ 0x4017cc
2cfc51a33dd53cd00b7f82dd2b056e53+0x1c66 @ 0x401c66
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1634776
registers.edi: 0
registers.eax: 6619136
registers.ebp: 1635384
registers.edx: 6
registers.ebx: 1
registers.esi: 4269856
registers.ecx: 100
exception.instruction_r: ff 30 e8 97 03 00 00 83 c4 14 85 c0 75 38 8d 85
exception.symbol: 2cfc51a33dd53cd00b7f82dd2b056e53+0x844a
exception.instruction: push dword ptr [eax]
exception.module: 2cfc51a33dd53cd00b7f82dd2b056e53.exe
exception.exception_code: 0xc0000005
exception.offset: 33866
exception.address: 0x40844a
success 0 0
1619368402.440499
__exception__
stacktrace: 
2cfc51a33dd53cd00b7f82dd2b056e53+0x3daa @ 0x403daa
2cfc51a33dd53cd00b7f82dd2b056e53+0x1b23 @ 0x401b23
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1637624
registers.edi: 0
registers.eax: 1447909480
registers.ebp: 1637684
registers.edx: 22104
registers.ebx: 1
registers.esi: 2759608
registers.ecx: 10
exception.instruction_r: ed 89 5d e4 89 4d e0 5a 59 5b 58 83 4d fc ff eb
exception.symbol: 2cfc51a33dd53cd00b7f82dd2b056e53+0x33cc
exception.instruction: in eax, dx
exception.module: 2cfc51a33dd53cd00b7f82dd2b056e53.exe
exception.exception_code: 0xc0000096
exception.offset: 13260
exception.address: 0x4033cc
success 0 0
1619368402.440499
__exception__
stacktrace: 
2cfc51a33dd53cd00b7f82dd2b056e53+0x3db3 @ 0x403db3
2cfc51a33dd53cd00b7f82dd2b056e53+0x1b23 @ 0x401b23
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1637628
registers.edi: 0
registers.eax: 1447909480
registers.ebp: 1637684
registers.edx: 22104
registers.ebx: 1
registers.esi: 2759608
registers.ecx: 20
exception.instruction_r: ed 89 45 e4 5a 59 5b 58 83 4d fc ff eb 11 33 c0
exception.symbol: 2cfc51a33dd53cd00b7f82dd2b056e53+0x3465
exception.instruction: in eax, dx
exception.module: 2cfc51a33dd53cd00b7f82dd2b056e53.exe
exception.exception_code: 0xc0000096
exception.offset: 13413
exception.address: 0x403465
success 0 0
行为判定
动态指标
Allocates read-write-execute memory (usually to unpack itself) (6 个事件)
Time & API Arguments Status Return Repeated
1619368398.159501
NtAllocateVirtualMemory
process_identifier: 2064
region_size: 233472
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00330000
success 0 0
1619368398.237501
NtAllocateVirtualMemory
process_identifier: 2064
region_size: 229376
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x01e40000
success 0 0
1619368398.237501
NtProtectVirtualMemory
process_identifier: 2064
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 245760
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00400000
success 0 0
1619368401.643499
NtAllocateVirtualMemory
process_identifier: 1688
region_size: 233472
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x006c0000
success 0 0
1619368401.659499
NtAllocateVirtualMemory
process_identifier: 1688
region_size: 229376
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00700000
success 0 0
1619368401.659499
NtProtectVirtualMemory
process_identifier: 1688
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 245760
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00400000
success 0 0
Creates executable files on the filesystem (1 个事件)
file C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\2cfc51a33dd53cd00b7f82dd2b056e53.exe
Creates a suspicious process (2 个事件)
cmdline "C:\Windows\System32\cmd.exe" /c ping.exe -n 6 127.0.0.1 & type "C:\Windows\System32\calc.exe" > "C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\2cfc51a33dd53cd00b7f82dd2b056e53.exe"
cmdline cmd.exe /c ping.exe -n 6 127.0.0.1 & type "C:\Windows\System32\calc.exe" > "C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\2cfc51a33dd53cd00b7f82dd2b056e53.exe"
A process created a hidden window (2 个事件)
Time & API Arguments Status Return Repeated
1619368401.487501
CreateProcessInternalW
thread_identifier: 1752
thread_handle: 0x0000013c
process_identifier: 1688
current_directory:
filepath:
track: 1
command_line: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\2cfc51a33dd53cd00b7f82dd2b056e53.exe /C
filepath_r:
stack_pivoted: 0
creation_flags: 134217728 (CREATE_NO_WINDOW)
process_handle: 0x00000140
inherit_handles: 0
success 1 0
1619368418.222501
ShellExecuteExW
parameters: /c ping.exe -n 6 127.0.0.1 & type "C:\Windows\System32\calc.exe" > "C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\2cfc51a33dd53cd00b7f82dd2b056e53.exe"
filepath: cmd.exe
filepath_r: cmd.exe
show_type: 0
success 1 0
Uses Windows utilities for basic Windows functionality (3 个事件)
cmdline "C:\Windows\System32\cmd.exe" /c ping.exe -n 6 127.0.0.1 & type "C:\Windows\System32\calc.exe" > "C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\2cfc51a33dd53cd00b7f82dd2b056e53.exe"
cmdline ping.exe -n 6 127.0.0.1
cmdline cmd.exe /c ping.exe -n 6 127.0.0.1 & type "C:\Windows\System32\calc.exe" > "C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\2cfc51a33dd53cd00b7f82dd2b056e53.exe"
网络通信
Communicates with host for which no DNS query was performed (1 个事件)
host 172.217.24.14
Detects VMWare through the in instruction feature (1 个事件)
Time & API Arguments Status Return Repeated
1619368402.440499
__exception__
stacktrace: 
2cfc51a33dd53cd00b7f82dd2b056e53+0x3daa @ 0x403daa
2cfc51a33dd53cd00b7f82dd2b056e53+0x1b23 @ 0x401b23
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1637624
registers.edi: 0
registers.eax: 1447909480
registers.ebp: 1637684
registers.edx: 22104
registers.ebx: 1
registers.esi: 2759608
registers.ecx: 10
exception.instruction_r: ed 89 5d e4 89 4d e0 5a 59 5b 58 83 4d fc ff eb
exception.symbol: 2cfc51a33dd53cd00b7f82dd2b056e53+0x33cc
exception.instruction: in eax, dx
exception.module: 2cfc51a33dd53cd00b7f82dd2b056e53.exe
exception.exception_code: 0xc0000096
exception.offset: 13260
exception.address: 0x4033cc
success 0 0
File has been identified by 58 AntiVirus engines on VirusTotal as malicious (50 out of 58 个事件)
Bkav W32.AIDetectVM.malware1
Elastic malicious (high confidence)
MicroWorld-eScan Gen:Heur.Mint.Regotet.1
CAT-QuickHeal Trojan.QbotPMF.S12740246
ALYac Gen:Heur.Mint.Regotet.1
Cylance Unsafe
Zillya Trojan.Kryptik.Win32.1974120
Sangfor Malware
K7AntiVirus Trojan ( 005652be1 )
Alibaba TrojanBanker:Win32/Qakbot.98e30fb5
K7GW Trojan ( 005652be1 )
Cybereason malicious.2fe16f
Arcabit Trojan.Mint.Regotet.1
TrendMicro Backdoor.Win32.QAKBOT.SME
Cyren W32/Ulise.BF.gen!Eldorado
Symantec Packed.Generic.459
ESET-NOD32 a variant of Win32/Kryptik.HCVA
APEX Malicious
Paloalto generic.ml
ClamAV Win.Dropper.Qakbot-7662779-0
Kaspersky HEUR:Trojan-Banker.Win32.Qbot.vho
BitDefender Gen:Heur.Mint.Regotet.1
NANO-Antivirus Trojan.Win32.Inject3.hihelv
Avast Win32:BankerX-gen [Trj]
Rising Trojan.Kryptik!1.C427 (CLASSIC)
Ad-Aware Gen:Heur.Mint.Regotet.1
Comodo TrojWare.Win32.Kryptik.HBR@8qrqpo
F-Secure Heuristic.HEUR/AGEN.1133367
DrWeb Trojan.Inject3.38050
VIPRE Trojan.Win32.Generic!BT
Invincea heuristic
FireEye Generic.mg.2cfc51a33dd53cd0
Sophos Mal/EncPk-APV
F-Prot W32/Ulise.BF.gen!Eldorado
Jiangmin Trojan.Banker.Qbot.mk
Webroot W32.Trojan.Gen
Avira HEUR/AGEN.1133367
MAX malware (ai score=81)
Antiy-AVL Trojan/Win32.GenKryptik
Microsoft Trojan:Win32/Gozi.GA!MTB
ZoneAlarm HEUR:Trojan-Banker.Win32.Qbot.vho
GData Gen:Heur.Mint.Regotet.1
Cynet Malicious (score: 100)
AhnLab-V3 Malware/Win32.Generic.C4051130
Acronis suspicious
McAfee W32/PinkSbot-GN!2CFC51A33DD5
VBA32 BScope.Trojan.Tiggre
Malwarebytes Trojan.Qbot
TrendMicro-HouseCall Backdoor.Win32.QAKBOT.SME
Tencent Malware.Win32.Gencirc.10b9c1d8
Connects to IP addresses that are no longer responding to requests (legitimate services will remain up-and-running usually) (2 个事件)
dead_host 172.217.24.14:443
dead_host 172.217.160.78:443
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

2020-04-08 00:39:31

Imports

Library KERNEL32.dll:
0x60e6bc VirtualAlloc
0x60e6c0 GetModuleHandleW
0x60e6c4 LocalFree
0x60e6c8 WideCharToMultiByte
0x60e6cc FormatMessageW
0x60e6d0 GetModuleHandleA
0x60e6d4 LocalAlloc
0x60e6d8 SetEndOfFile
0x60e6e0 GetCurrentThread
0x60e6e4 Heap32Next
0x60e6e8 GlobalGetAtomNameW
0x60e6ec Thread32Next
0x60e6f8 GetCPInfo
0x60e6fc GetOEMCP
0x60e700 RtlUnwind
0x60e704 ExitProcess
0x60e708 TerminateProcess
0x60e70c HeapFree
0x60e710 RaiseException
0x60e714 HeapReAlloc
0x60e718 HeapSize
0x60e71c HeapAlloc
0x60e720 GetACP
0x60e724 LCMapStringA
0x60e728 LCMapStringW
0x60e73c SetHandleCount
0x60e740 GetFileType
0x60e744 GetStartupInfoA
0x60e74c GetVersionExA
0x60e750 HeapDestroy
0x60e754 HeapCreate
0x60e758 VirtualFree
0x60e75c IsBadWritePtr
0x60e760 GetStringTypeA
0x60e764 GetStringTypeW
0x60e76c Sleep
0x60e770 IsBadReadPtr
0x60e774 IsBadCodePtr
0x60e778 SetStdHandle
0x60e77c FlushFileBuffers
0x60e780 GetCurrentProcess
0x60e784 GetProcessVersion
0x60e788 LoadLibraryA
0x60e78c FreeLibrary
0x60e790 GetVersion
0x60e794 GlobalGetAtomNameA
0x60e798 GlobalAddAtomA
0x60e79c GlobalFindAtomA
0x60e7a0 GetLastError
0x60e7a4 GetProcAddress
0x60e7a8 SetLastError
0x60e7b0 GlobalFlags
0x60e7b4 TlsGetValue
0x60e7b8 LocalReAlloc
0x60e7bc TlsSetValue
0x60e7c4 GlobalReAlloc
0x60e7cc GlobalHandle
0x60e7d0 InterlockedExchange
0x60e7d4 GlobalUnlock
0x60e7d8 GlobalFree
0x60e7e0 TlsAlloc
0x60e7e8 lstrcpynA
0x60e7ec GetModuleFileNameA
0x60e7f0 lstrcpyA
0x60e7f4 lstrcatA
0x60e7f8 SetErrorMode
0x60e7fc MultiByteToWideChar
0x60e800 lstrlenA
0x60e80c GlobalLock
0x60e810 GlobalAlloc
0x60e814 GlobalDeleteAtom
0x60e818 lstrcmpA
0x60e81c lstrcmpiA
0x60e820 GetCurrentThreadId
0x60e824 GetCommandLineA
0x60e828 GetStdHandle
0x60e82c CreateFileA
0x60e830 ReadFile
0x60e834 SetFilePointer
0x60e838 WriteFile
0x60e840 CloseHandle
Library USER32.dll:
0x60e848 LoadIconA
0x60e84c EnableScrollBar
0x60e854 GetMenuBarInfo
0x60e858 ReleaseDC
0x60e860 HideCaret
0x60e864 EnumPropsExA
0x60e868 ReleaseCapture
0x60e86c DrawIconEx
0x60e870 GrayStringA
0x60e874 SetClassLongA
0x60e878 SendNotifyMessageA
0x60e87c IntersectRect
0x60e880 DrawFrameControl
0x60e884 SetMenu
0x60e888 GetMenuItemID
0x60e88c GetSubMenu
0x60e890 GetMenu
0x60e894 RegisterClassA
0x60e898 GetClassInfoA
0x60e89c WinHelpA
0x60e8a0 GetCapture
0x60e8a4 GetTopWindow
0x60e8a8 CopyRect
0x60e8ac GetClientRect
0x60e8b0 AdjustWindowRectEx
0x60e8b4 SetFocus
0x60e8b8 GetSysColor
0x60e8bc MapWindowPoints
0x60e8c0 ShowWindow
0x60e8c4 LoadCursorA
0x60e8c8 GetSysColorBrush
0x60e8cc DestroyMenu
0x60e8d0 DestroyWindow
0x60e8d4 CreateWindowExA
0x60e8d8 GetClassLongA
0x60e8dc SetPropA
0x60e8e0 GetPropA
0x60e8e4 CallWindowProcA
0x60e8e8 RemovePropA
0x60e8ec DefWindowProcA
0x60e8f0 GetMessageTime
0x60e8f4 GetForegroundWindow
0x60e8f8 SetForegroundWindow
0x60e8fc SetWindowLongA
0x60e900 SetWindowPos
0x60e90c IsIconic
0x60e910 GetWindowPlacement
0x60e914 GetSystemMetrics
0x60e918 LoadStringA
0x60e91c DrawTextA
0x60e920 TabbedTextOutA
0x60e924 GetDC
0x60e928 GetMenuItemCount
0x60e92c wsprintfA
0x60e930 UnhookWindowsHookEx
0x60e934 GetLastActivePopup
0x60e938 IsWindowEnabled
0x60e93c MessageBoxA
0x60e940 GetWindowTextA
0x60e944 SetWindowTextA
0x60e948 ClientToScreen
0x60e94c GetWindow
0x60e950 GetDlgCtrlID
0x60e954 GetWindowRect
0x60e958 PtInRect
0x60e95c GetWindowLongA
0x60e960 GetClassNameA
0x60e968 LoadBitmapA
0x60e96c GetMenuState
0x60e970 ModifyMenuA
0x60e974 SetMenuItemBitmaps
0x60e978 CheckMenuItem
0x60e97c EnableMenuItem
0x60e980 GetFocus
0x60e984 GetParent
0x60e988 GetNextDlgTabItem
0x60e98c SetCursor
0x60e990 GetMessageA
0x60e994 TranslateMessage
0x60e998 DispatchMessageA
0x60e99c GetActiveWindow
0x60e9a0 SendMessageA
0x60e9a4 PostQuitMessage
0x60e9a8 PostMessageA
0x60e9ac GetDlgItem
0x60e9b0 GetMessagePos
0x60e9b4 GetKeyState
0x60e9b8 CallNextHookEx
0x60e9bc ValidateRect
0x60e9c0 IsWindowVisible
0x60e9c4 PeekMessageA
0x60e9c8 GetCursorPos
0x60e9cc SetWindowsHookExA
0x60e9d0 EnableWindow
Library GDI32.dll:
0x60e9d8 GetStockObject
0x60e9dc AnimatePalette
0x60e9e0 PolyDraw
0x60e9e4 GetETM
0x60e9e8 EnumICMProfilesW
0x60e9ec GetTextMetricsW
0x60e9f0 SetTextAlign
0x60e9f4 GdiGetPageHandle
0x60e9f8 Polygon
0x60e9fc GetBoundsRect
0x60ea00 FONTOBJ_pifi
0x60ea04 GetHFONT
0x60ea0c GetViewportExtEx
0x60ea10 EudcUnloadLinkW
0x60ea14 GetRgnBox
0x60ea18 StretchDIBits
0x60ea1c CreatePenIndirect
0x60ea20 StretchBlt
0x60ea24 ExtCreateRegion
0x60ea28 ResetDCW
0x60ea2c EngFillPath
0x60ea30 SaveDC
0x60ea34 SetColorAdjustment
0x60ea38 GetMetaFileA
0x60ea40 GdiEntry5
0x60ea44 GetBkMode
0x60ea4c GetWindowExtEx
0x60ea50 CreateColorSpaceW
0x60ea58 ExtSelectClipRgn
0x60ea5c DescribePixelFormat
0x60ea60 TextOutA
0x60ea68 GetTextCharset
0x60ea6c ResizePalette
0x60ea70 SetTextColor
0x60ea74 SetMapMode
0x60ea78 SetViewportOrgEx
0x60ea7c OffsetViewportOrgEx
0x60ea80 SetViewportExtEx
0x60ea84 ScaleViewportExtEx
0x60ea88 SetWindowExtEx
0x60ea8c ScaleWindowExtEx
0x60ea90 GetClipBox
0x60ea94 GetDeviceCaps
0x60ea98 PtVisible
0x60ea9c RectVisible
0x60eaa0 ExtTextOutA
0x60eaa4 Escape
0x60eaa8 GetObjectA
0x60eaac SetBkColor
0x60eab0 SelectObject
0x60eab4 RestoreDC
0x60eab8 DeleteDC
0x60eabc CreateBitmap
0x60eac0 DeleteObject
Library ADVAPI32.dll:
0x60eac8 RegOpenKeyA
0x60eacc RegQueryValueExA
0x60ead0 RegSetValueExA
0x60ead4 RegCloseKey
0x60ead8 RegOpenKeyExA
0x60eadc RegCreateKeyExA
Library SHELL32.dll:
0x60eae4 SHGetDiskFreeSpaceA
0x60eae8 SHLoadInProc
0x60eaf8 DragQueryFileW
0x60eb04 SHAddToRecentDocs
0x60eb08 SHGetFileInfo
0x60eb10 SHAppBarMessage
0x60eb14 SHGetFolderPathA
0x60eb18 SHGetPathFromIDList
0x60eb1c SHGetSettings
0x60eb24 ExtractIconEx
0x60eb2c SHGetMalloc
0x60eb38 SHGetFileInfoW
0x60eb3c CommandLineToArgvW
0x60eb40 WOWShellExecute
0x60eb44 DragFinish
0x60eb48 CheckEscapesW
0x60eb4c ShellAboutW
0x60eb54 FindExecutableW
Library SHLWAPI.dll:
0x60eb5c StrRChrIW
0x60eb60 StrCmpNIW
0x60eb64 StrRChrIA
0x60eb68 StrChrIW
0x60eb6c StrRStrIW

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 50568 114.114.114.114 53
192.168.56.101 51963 114.114.114.114 53
192.168.56.101 58367 114.114.114.114 53
192.168.56.101 60123 114.114.114.114 53
192.168.56.101 60215 114.114.114.114 53
192.168.56.101 62191 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 123 20.189.79.72 time.windows.com 123
192.168.56.101 49235 224.0.0.252 5355
192.168.56.101 50002 224.0.0.252 5355
192.168.56.101 50534 224.0.0.252 5355
192.168.56.101 53657 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 57756 224.0.0.252 5355
192.168.56.101 57874 224.0.0.252 5355
192.168.56.101 60384 224.0.0.252 5355
192.168.56.101 63429 224.0.0.252 5355
192.168.56.101 1900 239.255.255.250 1900
192.168.56.101 53658 239.255.255.250 3702

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.