8.2
高危
50 个模型检测该样本为恶意!
重新分析
更多

93fb5df147c1af971f4f601145b7eac3efc2699f9a6a57b0f879271ce9d3c28a

312b10c4d76eb797a7d56225175d5a5f.exe

分析耗时

109s

最近分析

文件大小

963.0KB
静态报毒 动态报毒 100% 8Q0@AW7BYODI AGENSLA AGENTTESLA AI SCORE=82 ANDP ARTEMIS BSCOPE CONFIDENCE FOREIGN GANDCRAB GENERIC@ML GRAFTOR HCJX HIGH CONFIDENCE HPURSNIF HVQUED IPYGN KGVTK7MEAI KRYPTIK LSIW MALWARE@#307E8VXISOQ58 NYTZCQ OUUN RDMK S + TROJ SCORE SIGGEN2 SMZD2 STEAL TROJANPSW TSPY UNSAFE ZEXAF 更多
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
Alibaba TrojanPSW:MSIL/Agensla.4e757cc9 20190527 0.3.0.5
Baidu 20190318 1.0.0.2
Avast Win32:Trojan-gen 20201229 21.1.5827.0
Kingsoft 20201229 2017.9.26.565
McAfee Artemis!312B10C4D76E 20201229 6.0.6.653
CrowdStrike win/malicious_confidence_100% (W) 20190702 1.0
静态指标
Queries for the computername (3 个事件)
Time & API Arguments Status Return Repeated
1619376896.43675
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
1619376902.21775
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
1619376905.21775
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
Checks if process is being debugged by a debugger (2 个事件)
Time & API Arguments Status Return Repeated
1619376892.17175
IsDebuggerPresent
failed 0 0
1619376892.18675
IsDebuggerPresent
failed 0 0
Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available (1 个事件)
Time & API Arguments Status Return Repeated
1619376905.34275
GlobalMemoryStatusEx
success 1 0
The file contains an unknown PE resource name possibly indicative of a packer (3 个事件)
resource name RCDATA
resource name REGISTRY
resource name WAVE
One or more processes crashed (6 个事件)
Time & API Arguments Status Return Repeated
1619376904.93675
__exception__
stacktrace: 
0x799f5d5
0x799ea52
DllUnregisterServerInternal-0x3e21 clr+0x21db @ 0x738a21db
CoUninitializeEE+0x6862 DllRegisterServerInternal-0xc91e clr+0x24a2a @ 0x738c4a2a
CoUninitializeEE+0x6a04 DllRegisterServerInternal-0xc77c clr+0x24bcc @ 0x738c4bcc
CoUninitializeEE+0x6a39 DllRegisterServerInternal-0xc747 clr+0x24c01 @ 0x738c4c01
CoUninitializeEE+0x6a59 DllRegisterServerInternal-0xc727 clr+0x24c21 @ 0x738c4c21
LogHelp_TerminateOnAssert+0x3adfe StrongNameErrorInfo-0x4d09c clr+0x97856 @ 0x73937856
LogHelp_TerminateOnAssert+0x3b14b StrongNameErrorInfo-0x4cd4f clr+0x97ba3 @ 0x73937ba3
LogHelp_TerminateOnAssert+0x3b30d StrongNameErrorInfo-0x4cb8d clr+0x97d65 @ 0x73937d65
mscorlib+0x2bd689 @ 0x71ecd689
mscorlib+0x2bd3d0 @ 0x71ecd3d0
mscorlib+0x2bbfed @ 0x71ecbfed
mscorlib+0x2c3284 @ 0x71ed3284
mscorlib+0x8a5e6c @ 0x724b5e6c
DllUnregisterServerInternal-0x3a3b clr+0x25c1 @ 0x738a25c1
CorDllMainForThunk+0x1a215 ClrCreateManagedInstance-0x9fb4 clr+0x18729b @ 0x73a2729b
CorDllMainForThunk+0x1a2ee ClrCreateManagedInstance-0x9edb clr+0x187374 @ 0x73a27374
CorDllMainForThunk+0x1a354 ClrCreateManagedInstance-0x9e75 clr+0x1873da @ 0x73a273da
CorDllMainForThunk+0x1a4b9 ClrCreateManagedInstance-0x9d10 clr+0x18753f @ 0x73a2753f
0x373a182
0x36e2110
0x36e2d77
0x36e0577
312b10c4d76eb797a7d56225175d5a5f+0x22dbc @ 0x422dbc
0xa

registers.esp: 1631784
registers.edi: 87636448
registers.eax: 0
registers.ebp: 1631828
registers.edx: 8
registers.ebx: 0
registers.esi: 338872451
registers.ecx: 0
exception.instruction_r: 8b 01 8b 40 28 ff 10 89 45 dc 69 c6 ee 77 01 8d
exception.instruction: mov eax, dword ptr [ecx]
exception.exception_code: 0xc0000005
exception.symbol:
exception.address: 0x7de31ca
success 0 0
1619376907.99975
__exception__
stacktrace: 
0x86417a0
0x799f36d
DllUnregisterServerInternal-0x3e21 clr+0x21db @ 0x738a21db
CoUninitializeEE+0x6862 DllRegisterServerInternal-0xc91e clr+0x24a2a @ 0x738c4a2a
CoUninitializeEE+0x6a04 DllRegisterServerInternal-0xc77c clr+0x24bcc @ 0x738c4bcc
CoUninitializeEE+0x6a39 DllRegisterServerInternal-0xc747 clr+0x24c01 @ 0x738c4c01
CoUninitializeEE+0x6a59 DllRegisterServerInternal-0xc727 clr+0x24c21 @ 0x738c4c21
LogHelp_TerminateOnAssert+0x3adfe StrongNameErrorInfo-0x4d09c clr+0x97856 @ 0x73937856
LogHelp_TerminateOnAssert+0x3b14b StrongNameErrorInfo-0x4cd4f clr+0x97ba3 @ 0x73937ba3
LogHelp_TerminateOnAssert+0x3b30d StrongNameErrorInfo-0x4cb8d clr+0x97d65 @ 0x73937d65
mscorlib+0x2bd689 @ 0x71ecd689
mscorlib+0x2bd3d0 @ 0x71ecd3d0
mscorlib+0x2bbfed @ 0x71ecbfed
mscorlib+0x2c3284 @ 0x71ed3284
mscorlib+0x8a5e6c @ 0x724b5e6c
DllUnregisterServerInternal-0x3a3b clr+0x25c1 @ 0x738a25c1
CorDllMainForThunk+0x1a215 ClrCreateManagedInstance-0x9fb4 clr+0x18729b @ 0x73a2729b
CorDllMainForThunk+0x1a2ee ClrCreateManagedInstance-0x9edb clr+0x187374 @ 0x73a27374
CorDllMainForThunk+0x1a354 ClrCreateManagedInstance-0x9e75 clr+0x1873da @ 0x73a273da
CorDllMainForThunk+0x1a4b9 ClrCreateManagedInstance-0x9d10 clr+0x18753f @ 0x73a2753f
0x373a182
0x36e2110
0x36e2d77
0x36e0577
312b10c4d76eb797a7d56225175d5a5f+0x22dbc @ 0x422dbc
0xa

registers.esp: 1630432
registers.edi: 89488416
registers.eax: 89490576
registers.ebp: 1630496
registers.edx: 89490576
registers.ebx: 89486596
registers.esi: 0
registers.ecx: 1908490458
exception.instruction_r: 39 06 68 ff ff ff 7f 6a 00 8b ce e8 d5 34 28 69
exception.instruction: cmp dword ptr [esi], eax
exception.exception_code: 0xc0000005
exception.symbol:
exception.address: 0x8c4539b
success 0 0
1619376908.37475
__exception__
stacktrace: 
0x8641b9c
0x799f36d
DllUnregisterServerInternal-0x3e21 clr+0x21db @ 0x738a21db
CoUninitializeEE+0x6862 DllRegisterServerInternal-0xc91e clr+0x24a2a @ 0x738c4a2a
CoUninitializeEE+0x6a04 DllRegisterServerInternal-0xc77c clr+0x24bcc @ 0x738c4bcc
CoUninitializeEE+0x6a39 DllRegisterServerInternal-0xc747 clr+0x24c01 @ 0x738c4c01
CoUninitializeEE+0x6a59 DllRegisterServerInternal-0xc727 clr+0x24c21 @ 0x738c4c21
LogHelp_TerminateOnAssert+0x3adfe StrongNameErrorInfo-0x4d09c clr+0x97856 @ 0x73937856
LogHelp_TerminateOnAssert+0x3b14b StrongNameErrorInfo-0x4cd4f clr+0x97ba3 @ 0x73937ba3
LogHelp_TerminateOnAssert+0x3b30d StrongNameErrorInfo-0x4cb8d clr+0x97d65 @ 0x73937d65
mscorlib+0x2bd689 @ 0x71ecd689
mscorlib+0x2bd3d0 @ 0x71ecd3d0
mscorlib+0x2bbfed @ 0x71ecbfed
mscorlib+0x2c3284 @ 0x71ed3284
mscorlib+0x8a5e6c @ 0x724b5e6c
DllUnregisterServerInternal-0x3a3b clr+0x25c1 @ 0x738a25c1
CorDllMainForThunk+0x1a215 ClrCreateManagedInstance-0x9fb4 clr+0x18729b @ 0x73a2729b
CorDllMainForThunk+0x1a2ee ClrCreateManagedInstance-0x9edb clr+0x187374 @ 0x73a27374
CorDllMainForThunk+0x1a354 ClrCreateManagedInstance-0x9e75 clr+0x1873da @ 0x73a273da
CorDllMainForThunk+0x1a4b9 ClrCreateManagedInstance-0x9d10 clr+0x18753f @ 0x73a2753f
0x373a182
0x36e2110
0x36e2d77
0x36e0577
312b10c4d76eb797a7d56225175d5a5f+0x22dbc @ 0x422dbc
0xa

registers.esp: 1630416
registers.edi: 1630480
registers.eax: 0
registers.ebp: 1630496
registers.edx: 87617320
registers.ebx: 88957728
registers.esi: 0
registers.ecx: 0
exception.instruction_r: 39 09 e8 c6 3a 1a 69 89 45 b4 b8 48 ca f9 0a 35
exception.instruction: cmp dword ptr [ecx], ecx
exception.exception_code: 0xc0000005
exception.symbol:
exception.address: 0x8c48977
success 0 0
1619376908.37475
__exception__
stacktrace: 
0x864208d
0x799f36d
DllUnregisterServerInternal-0x3e21 clr+0x21db @ 0x738a21db
CoUninitializeEE+0x6862 DllRegisterServerInternal-0xc91e clr+0x24a2a @ 0x738c4a2a
CoUninitializeEE+0x6a04 DllRegisterServerInternal-0xc77c clr+0x24bcc @ 0x738c4bcc
CoUninitializeEE+0x6a39 DllRegisterServerInternal-0xc747 clr+0x24c01 @ 0x738c4c01
CoUninitializeEE+0x6a59 DllRegisterServerInternal-0xc727 clr+0x24c21 @ 0x738c4c21
LogHelp_TerminateOnAssert+0x3adfe StrongNameErrorInfo-0x4d09c clr+0x97856 @ 0x73937856
LogHelp_TerminateOnAssert+0x3b14b StrongNameErrorInfo-0x4cd4f clr+0x97ba3 @ 0x73937ba3
LogHelp_TerminateOnAssert+0x3b30d StrongNameErrorInfo-0x4cb8d clr+0x97d65 @ 0x73937d65
mscorlib+0x2bd689 @ 0x71ecd689
mscorlib+0x2bd3d0 @ 0x71ecd3d0
mscorlib+0x2bbfed @ 0x71ecbfed
mscorlib+0x2c3284 @ 0x71ed3284
mscorlib+0x8a5e6c @ 0x724b5e6c
DllUnregisterServerInternal-0x3a3b clr+0x25c1 @ 0x738a25c1
CorDllMainForThunk+0x1a215 ClrCreateManagedInstance-0x9fb4 clr+0x18729b @ 0x73a2729b
CorDllMainForThunk+0x1a2ee ClrCreateManagedInstance-0x9edb clr+0x187374 @ 0x73a27374
CorDllMainForThunk+0x1a354 ClrCreateManagedInstance-0x9e75 clr+0x1873da @ 0x73a273da
CorDllMainForThunk+0x1a4b9 ClrCreateManagedInstance-0x9d10 clr+0x18753f @ 0x73a2753f
0x373a182
0x36e2110
0x36e2d77
0x36e0577
312b10c4d76eb797a7d56225175d5a5f+0x22dbc @ 0x422dbc
0xa

registers.esp: 1630440
registers.edi: 1630480
registers.eax: 180550716
registers.ebp: 1630496
registers.edx: 6
registers.ebx: 88957728
registers.esi: 1986057882
registers.ecx: 0
exception.instruction_r: 8b 01 8b 40 2c ff 50 14 39 00 89 45 c8 69 c6 93
exception.instruction: mov eax, dword ptr [ecx]
exception.exception_code: 0xc0000005
exception.symbol:
exception.address: 0x8c48f3d
success 0 0
1619376908.48375
__exception__
stacktrace: 
0x799f36d
DllUnregisterServerInternal-0x3e21 clr+0x21db @ 0x738a21db
CoUninitializeEE+0x6862 DllRegisterServerInternal-0xc91e clr+0x24a2a @ 0x738c4a2a
CoUninitializeEE+0x6a04 DllRegisterServerInternal-0xc77c clr+0x24bcc @ 0x738c4bcc
CoUninitializeEE+0x6a39 DllRegisterServerInternal-0xc747 clr+0x24c01 @ 0x738c4c01
CoUninitializeEE+0x6a59 DllRegisterServerInternal-0xc727 clr+0x24c21 @ 0x738c4c21
LogHelp_TerminateOnAssert+0x3adfe StrongNameErrorInfo-0x4d09c clr+0x97856 @ 0x73937856
LogHelp_TerminateOnAssert+0x3b14b StrongNameErrorInfo-0x4cd4f clr+0x97ba3 @ 0x73937ba3
LogHelp_TerminateOnAssert+0x3b30d StrongNameErrorInfo-0x4cb8d clr+0x97d65 @ 0x73937d65
mscorlib+0x2bd689 @ 0x71ecd689
mscorlib+0x2bd3d0 @ 0x71ecd3d0
mscorlib+0x2bbfed @ 0x71ecbfed
mscorlib+0x2c3284 @ 0x71ed3284
mscorlib+0x8a5e6c @ 0x724b5e6c
DllUnregisterServerInternal-0x3a3b clr+0x25c1 @ 0x738a25c1
CorDllMainForThunk+0x1a215 ClrCreateManagedInstance-0x9fb4 clr+0x18729b @ 0x73a2729b
CorDllMainForThunk+0x1a2ee ClrCreateManagedInstance-0x9edb clr+0x187374 @ 0x73a27374
CorDllMainForThunk+0x1a354 ClrCreateManagedInstance-0x9e75 clr+0x1873da @ 0x73a273da
CorDllMainForThunk+0x1a4b9 ClrCreateManagedInstance-0x9d10 clr+0x18753f @ 0x73a2753f
0x373a182
0x36e2110
0x36e2d77
0x36e0577
312b10c4d76eb797a7d56225175d5a5f+0x22dbc @ 0x422dbc
0xa

registers.esp: 1630504
registers.edi: 89579240
registers.eax: 0
registers.ebp: 1631876
registers.edx: 7
registers.ebx: 88957728
registers.esi: 346281624
registers.ecx: 11
exception.instruction_r: 83 78 04 01 0f 9f c0 0f b6 c0 8b 95 c8 fa ff ff
exception.instruction: cmp dword ptr [eax + 4], 1
exception.exception_code: 0xc0000005
exception.symbol:
exception.address: 0x8641f61
success 0 0
1619376908.51475
__exception__
stacktrace: 
0x8642391
0x799f36d
DllUnregisterServerInternal-0x3e21 clr+0x21db @ 0x738a21db
CoUninitializeEE+0x6862 DllRegisterServerInternal-0xc91e clr+0x24a2a @ 0x738c4a2a
CoUninitializeEE+0x6a04 DllRegisterServerInternal-0xc77c clr+0x24bcc @ 0x738c4bcc
CoUninitializeEE+0x6a39 DllRegisterServerInternal-0xc747 clr+0x24c01 @ 0x738c4c01
CoUninitializeEE+0x6a59 DllRegisterServerInternal-0xc727 clr+0x24c21 @ 0x738c4c21
LogHelp_TerminateOnAssert+0x3adfe StrongNameErrorInfo-0x4d09c clr+0x97856 @ 0x73937856
LogHelp_TerminateOnAssert+0x3b14b StrongNameErrorInfo-0x4cd4f clr+0x97ba3 @ 0x73937ba3
LogHelp_TerminateOnAssert+0x3b30d StrongNameErrorInfo-0x4cb8d clr+0x97d65 @ 0x73937d65
mscorlib+0x2bd689 @ 0x71ecd689
mscorlib+0x2bd3d0 @ 0x71ecd3d0
mscorlib+0x2bbfed @ 0x71ecbfed
mscorlib+0x2c3284 @ 0x71ed3284
mscorlib+0x8a5e6c @ 0x724b5e6c
DllUnregisterServerInternal-0x3a3b clr+0x25c1 @ 0x738a25c1
CorDllMainForThunk+0x1a215 ClrCreateManagedInstance-0x9fb4 clr+0x18729b @ 0x73a2729b
CorDllMainForThunk+0x1a2ee ClrCreateManagedInstance-0x9edb clr+0x187374 @ 0x73a27374
CorDllMainForThunk+0x1a354 ClrCreateManagedInstance-0x9e75 clr+0x1873da @ 0x73a273da
CorDllMainForThunk+0x1a4b9 ClrCreateManagedInstance-0x9d10 clr+0x18753f @ 0x73a2753f
0x373a182
0x36e2110
0x36e2d77
0x36e0577
312b10c4d76eb797a7d56225175d5a5f+0x22dbc @ 0x422dbc
0xa

registers.esp: 1630376
registers.edi: 0
registers.eax: 85878105
registers.ebp: 1630496
registers.edx: 14
registers.ebx: 0
registers.esi: 2146952639
registers.ecx: 0
exception.instruction_r: 39 09 e8 75 12 1a 69 83 78 04 00 0f 84 f6 02 00
exception.instruction: cmp dword ptr [ecx], ecx
exception.exception_code: 0xc0000005
exception.symbol:
exception.address: 0x8c4b1c8
success 0 0
行为判定
动态指标
Allocates read-write-execute memory (usually to unpack itself) (50 out of 132 个事件)
Time & API Arguments Status Return Repeated
1619376890.82775
NtAllocateVirtualMemory
process_identifier: 2136
region_size: 131072
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x036e0000
success 0 0
1619376890.84275
NtAllocateVirtualMemory
process_identifier: 2136
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x02080000
success 0 0
1619376891.60875
NtAllocateVirtualMemory
process_identifier: 2136
region_size: 786432
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 8192 (MEM_RESERVE)
base_address: 0x03700000
success 0 0
1619376891.60875
NtAllocateVirtualMemory
process_identifier: 2136
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x03780000
success 0 0
1619376891.63975
NtAllocateVirtualMemory
process_identifier: 2136
region_size: 589824
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 8192 (MEM_RESERVE)
base_address: 0x04f90000
success 0 0
1619376891.63975
NtAllocateVirtualMemory
process_identifier: 2136
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x04fe0000
success 0 0
1619376891.95275
NtAllocateVirtualMemory
process_identifier: 2136
region_size: 1900544
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 8192 (MEM_RESERVE)
base_address: 0x05170000
success 0 0
1619376891.95275
NtAllocateVirtualMemory
process_identifier: 2136
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x05300000
success 0 0
1619376891.98375
NtProtectVirtualMemory
process_identifier: 2136
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x738a1000
success 0 0
1619376892.17175
NtAllocateVirtualMemory
process_identifier: 2136
region_size: 1310720
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 8192 (MEM_RESERVE)
base_address: 0x05170000
success 0 0
1619376892.17175
NtAllocateVirtualMemory
process_identifier: 2136
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x05270000
success 0 0
1619376892.18675
NtAllocateVirtualMemory
process_identifier: 2136
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x0373a000
success 0 0
1619376892.18675
NtProtectVirtualMemory
process_identifier: 2136
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 8192
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x738a2000
success 0 0
1619376892.18675
NtAllocateVirtualMemory
process_identifier: 2136
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x03732000
success 0 0
1619376893.98375
NtAllocateVirtualMemory
process_identifier: 2136
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x03742000
success 0 0
1619376894.12475
NtAllocateVirtualMemory
process_identifier: 2136
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x03765000
success 0 0
1619376894.12475
NtAllocateVirtualMemory
process_identifier: 2136
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x0376b000
success 0 0
1619376894.12475
NtAllocateVirtualMemory
process_identifier: 2136
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x03767000
success 0 0
1619376894.31175
NtAllocateVirtualMemory
process_identifier: 2136
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x05301000
success 0 0
1619376894.32775
NtAllocateVirtualMemory
process_identifier: 2136
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x05302000
success 0 0
1619376894.42175
NtAllocateVirtualMemory
process_identifier: 2136
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x0373c000
success 0 0
1619376894.42175
NtAllocateVirtualMemory
process_identifier: 2136
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x03743000
success 0 0
1619376894.43675
NtAllocateVirtualMemory
process_identifier: 2136
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x05303000
success 0 0
1619376894.46775
NtAllocateVirtualMemory
process_identifier: 2136
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x0374c000
success 0 0
1619376894.46775
NtAllocateVirtualMemory
process_identifier: 2136
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x03744000
success 0 0
1619376894.48375
NtAllocateVirtualMemory
process_identifier: 2136
region_size: 8192
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x03745000
success 0 0
1619376894.48375
NtAllocateVirtualMemory
process_identifier: 2136
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x05304000
success 0 0
1619376894.48375
NtAllocateVirtualMemory
process_identifier: 2136
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x05305000
success 0 0
1619376894.48375
NtAllocateVirtualMemory
process_identifier: 2136
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x05306000
success 0 0
1619376894.57775
NtAllocateVirtualMemory
process_identifier: 2136
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x07990000
success 0 0
1619376894.57775
NtAllocateVirtualMemory
process_identifier: 2136
region_size: 53248
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x07991000
success 0 0
1619376894.93675
NtAllocateVirtualMemory
process_identifier: 2136
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x03747000
success 0 0
1619376895.29675
NtAllocateVirtualMemory
process_identifier: 2136
region_size: 8192
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x03748000
success 0 0
1619376895.35875
NtAllocateVirtualMemory
process_identifier: 2136
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x0799e000
success 0 0
1619376895.42175
NtAllocateVirtualMemory
process_identifier: 2136
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x03756000
success 0 0
1619376895.57775
NtAllocateVirtualMemory
process_identifier: 2136
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x05307000
success 0 0
1619376895.63975
NtAllocateVirtualMemory
process_identifier: 2136
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x0375a000
success 0 0
1619376895.63975
NtAllocateVirtualMemory
process_identifier: 2136
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x03757000
success 0 0
1619376895.68675
NtAllocateVirtualMemory
process_identifier: 2136
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x07780000
success 0 0
1619376895.88975
NtAllocateVirtualMemory
process_identifier: 2136
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x07781000
success 0 0
1619376895.90575
NtAllocateVirtualMemory
process_identifier: 2136
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x07782000
success 0 0
1619376895.90575
NtAllocateVirtualMemory
process_identifier: 2136
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x07783000
success 0 0
1619376895.95275
NtAllocateVirtualMemory
process_identifier: 2136
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x0799f000
success 0 0
1619376896.74975
NtAllocateVirtualMemory
process_identifier: 2136
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x07784000
success 0 0
1619376896.79675
NtAllocateVirtualMemory
process_identifier: 2136
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x07de0000
success 0 0
1619376896.84275
NtAllocateVirtualMemory
process_identifier: 2136
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x07de1000
success 0 0
1619376897.06175
NtAllocateVirtualMemory
process_identifier: 2136
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x07785000
success 0 0
1619376897.06175
NtAllocateVirtualMemory
process_identifier: 2136
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x07786000
success 0 0
1619376897.23375
NtAllocateVirtualMemory
process_identifier: 2136
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x0374d000
success 0 0
1619376897.23375
NtAllocateVirtualMemory
process_identifier: 2136
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x07787000
success 0 0
Steals private information from local Internet browsers (7 个事件)
file C:\Users\Administrator.Oskar-PC\AppData\Local\Google\Chrome\User Data\Local State
file C:\Users\Administrator.Oskar-PC\AppData\Local\Google\Chrome\User Data\Default\Login Data
file C:\Users\Administrator.Oskar-PC\AppData\Local\Google\Chrome\User Data\Login Data
file C:\Users\Administrator.Oskar-PC\AppData\Local\Google\Chrome\User Data\
file C:\Users\Administrator.Oskar-PC\AppData\Local\Chromium\User Data
file C:\Users\Administrator.Oskar-PC\AppData\Local\MapleStudio\ChromePlus\User Data
file C:\Users\Administrator.Oskar-PC\AppData\Local\Yandex\YandexBrowser\User Data
The binary likely contains encrypted or compressed data indicative of a packer (2 个事件)
entropy 7.941527675259323 section {'size_of_data': '0x000a6e00', 'virtual_address': '0x0006a000', 'entropy': 7.941527675259323, 'name': '.rsrc', 'virtual_size': '0x000a6c48'} description A section with a high entropy has been found
entropy 0.6938669438669439 description Overall entropy of this PE file is high
Checks for the Locally Unique Identifier on the system for a suspicious privilege (1 个事件)
Time & API Arguments Status Return Repeated
1619376905.28075
LookupPrivilegeValueW
system_name:
privilege_name: SeDebugPrivilege
success 1 0
网络通信
Communicates with host for which no DNS query was performed (1 个事件)
host 172.217.24.14
Looks for the Windows Idle Time to determine the uptime (1 个事件)
Time & API Arguments Status Return Repeated
1619376907.84275
NtQuerySystemInformation
information_class: 8 (SystemProcessorPerformanceInformation)
success 0 0
A process attempted to delay the analysis task. (1 个事件)
description 312b10c4d76eb797a7d56225175d5a5f.exe tried to sleep 2728332 seconds, actually delayed analysis time by 2728332 seconds
Harvests credentials from local FTP client softwares (5 个事件)
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\FTPGetter\servers.xml
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\Ipswitch\WS_FTP\Sites\ws_ftp.ini
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\FileZilla\recentservers.xml
registry HKEY_CURRENT_USER\SOFTWARE\Martin Prikryl\WinSCP 2\Sessions
registry HKEY_CURRENT_USER\Software\FTPWare\COREFTP\Sites
Harvests credentials from local email clients (5 个事件)
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\Thunderbird\profiles.ini
registry HKEY_CURRENT_USER\Software\Microsoft\Windows Messaging Subsystem\Profiles\9375CFF0413111d3B88A00104B2A6676
registry HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676
registry HKEY_CURRENT_USER\Software\RimArts\B2\Settings
registry HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676
File has been identified by 50 AntiVirus engines on VirusTotal as malicious (50 个事件)
Elastic malicious (high confidence)
MicroWorld-eScan Gen:Variant.Graftor.725672
FireEye Generic.mg.312b10c4d76eb797
ALYac Spyware.AgentTesla
Cylance Unsafe
VIPRE Trojan.Win32.Generic!BT
K7AntiVirus Trojan ( 00563afb1 )
Alibaba TrojanPSW:MSIL/Agensla.4e757cc9
K7GW Trojan ( 00563afb1 )
Cybereason malicious.4d76eb
Arcabit Trojan.Graftor.DB12A8
Cyren W32/Trojan.LSIW-5525
Symantec Trojan Horse
APEX Malicious
Avast Win32:Trojan-gen
Kaspersky Trojan-PSW.MSIL.Agensla.omp
BitDefender Gen:Variant.Graftor.725672
NANO-Antivirus Trojan.Win32.Agensla.hvqued
Paloalto generic.ml
Ad-Aware Gen:Variant.Graftor.725672
Sophos Mal/Generic-S + Troj/Steal-LG
Comodo Malware@#307e8vxisoq58
F-Secure Trojan.TR/AD.AgentTesla.ipygn
DrWeb Trojan.PWS.Siggen2.46029
TrendMicro TSPY_HPURSNIF.SMZD2
McAfee-GW-Edition BehavesLike.Win32.Dropper.dc
Emsisoft Gen:Variant.Graftor.725672 (B)
Jiangmin Trojan.PSW.MSIL.andp
Webroot W32.Trojan.Gen
Avira TR/AD.AgentTesla.ipygn
Microsoft Trojan:MSIL/AgentTesla!MSR
AegisLab Trojan.Multi.Generic.4!c
ZoneAlarm Trojan-PSW.MSIL.Agensla.omp
GData Gen:Variant.Graftor.725672
Cynet Malicious (score: 85)
AhnLab-V3 Spyware/Win32.Hpursnif.C4069332
McAfee Artemis!312B10C4D76E
MAX malware (ai score=82)
VBA32 BScope.Trojan-Ransom.Foreign
ESET-NOD32 a variant of Win32/Kryptik.HCJX
TrendMicro-HouseCall TSPY_HPURSNIF.SMZD2
Rising Trojan.Generic@ML.85 (RDMK:kGvtk7mEai/oUuN/nYtzCQ)
Ikarus Trojan-Ransom.GandCrab
eGambit Unsafe.AI_Score_99%
Fortinet W32/Kryptik.HCJX!tr
BitDefenderTheta Gen:NN.ZexaF.34700.8q0@aW7bYodi
AVG Win32:Trojan-gen
Panda Trj/Agent.OOW
CrowdStrike win/malicious_confidence_100% (W)
Qihoo-360 Generic/Trojan.PSW.cbf
Connects to IP addresses that are no longer responding to requests (legitimate services will remain up-and-running usually) (2 个事件)
dead_host 172.217.24.14:443
dead_host 216.58.200.238:443
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

2020-03-31 06:00:44

Imports

Library KERNEL32.dll:
0x4390e8 ReleaseMutex
0x4390ec CreateFileA
0x4390f0 WriteFile
0x4390f4 ReadFile
0x4390f8 DeviceIoControl
0x4390fc GetThreadContext
0x439100 SetThreadContext
0x439108 GetCurrentThread
0x43910c Sleep
0x439110 GetSystemDirectoryA
0x439114 ReleaseSemaphore
0x43911c GetThreadPriority
0x439128 DuplicateHandle
0x43912c ResumeThread
0x439134 FindResourceExA
0x439138 LoadLibraryW
0x43913c GetFileAttributesA
0x439140 VirtualAlloc
0x439144 CreateMutexA
0x439148 IsWow64Process
0x43914c CancelIoEx
0x439150 GetOverlappedResult
0x439154 LocalFree
0x439158 SetEndOfFile
0x43915c ReadConsoleW
0x439160 CreateFileW
0x439168 WriteConsoleW
0x43916c SetStdHandle
0x439170 VerifyVersionInfoA
0x439174 CompareStringW
0x439178 FlushFileBuffers
0x43917c OutputDebugStringW
0x439180 SetFilePointerEx
0x43918c GetConsoleMode
0x439190 GetConsoleCP
0x439194 GetStringTypeW
0x439198 RtlUnwind
0x43919c HeapSize
0x4391a0 GetCPInfo
0x4391a4 GetOEMCP
0x4391a8 GetACP
0x4391ac IsValidCodePage
0x4391b0 GetModuleHandleW
0x4391b4 TerminateProcess
0x4391c0 GetStartupInfoW
0x4391c4 GetFileType
0x4391c8 GetModuleFileNameW
0x4391cc GetStdHandle
0x4391d0 GetCommandLineA
0x4391d4 LoadLibraryExW
0x4391d8 ExitThread
0x4391dc HeapReAlloc
0x4391e0 AreFileApisANSI
0x4391e4 GetModuleHandleExW
0x4391e8 ExitProcess
0x4391ec IsDebuggerPresent
0x4391f0 EncodePointer
0x4391f4 VirtualQuery
0x4391f8 VirtualProtect
0x4391fc GetSystemInfo
0x439200 DecodePointer
0x439204 VirtualFree
0x439214 InitializeSListHead
0x439218 GetProcessHeap
0x43921c HeapFree
0x439220 HeapAlloc
0x439224 FormatMessageA
0x439230 VerSetConditionMask
0x439238 ResetEvent
0x43923c CreateEventA
0x439240 SetEvent
0x439244 WaitForSingleObject
0x439248 TlsFree
0x43924c TlsAlloc
0x439258 TlsSetValue
0x439264 InterlockedExchange
0x43926c SleepEx
0x439270 TlsGetValue
0x439274 CreateThread
0x439278 DebugBreak
0x43927c GetCurrentProcessId
0x439280 CloseHandle
0x439284 GetVersionExA
0x439288 OutputDebugStringA
0x43928c GetCurrentThreadId
0x439294 LoadLibraryExA
0x439298 GetModuleHandleA
0x43929c GetModuleFileNameA
0x4392a0 LockResource
0x4392a4 LoadLibraryA
0x4392ac GetProcAddress
0x4392b0 lstrcmpiA
0x4392b4 SetLastError
0x4392b8 GetLastError
0x4392bc RaiseException
0x4392c4 MultiByteToWideChar
0x4392c8 IsDBCSLeadByte
0x4392d0 SizeofResource
0x4392d8 WideCharToMultiByte
0x4392dc GetCurrentProcess
0x4392e8 LoadResource
0x4392ec FreeLibrary
0x4392f0 lstrlenA
0x4392f4 lstrcmpA
0x4392f8 LCMapStringW
0x4392fc FindResourceA
Library USER32.dll:
0x43932c GetShellWindow
0x439330 EndPaint
0x439334 DestroyWindow
0x439338 GetMessageA
0x43933c GetClassNameA
0x439340 ScreenToClient
0x439344 GetWindowRect
0x439348 IsMenu
0x43934c GetCursorPos
0x439350 GetDlgItem
0x439354 UnregisterClassA
0x439358 MessageBoxA
0x43935c GetWindowTextA
0x439364 GetMessagePos
0x439368 ModifyMenuA
0x43936c DrawFrameControl
0x439370 DialogBoxParamA
0x439374 LoadIconA
0x439378 SetMenuItemInfoA
0x43937c DestroyMenu
0x439380 CallWindowProcA
0x439384 UpdateWindow
0x439388 MapWindowPoints
0x43938c LoadImageA
0x439390 IsWindowVisible
0x439394 GetSystemMetrics
0x439398 RegisterClassExA
0x43939c MonitorFromPoint
0x4393a0 PostQuitMessage
0x4393a4 GetWindowDC
0x4393a8 GetWindow
0x4393ac GetForegroundWindow
0x4393b0 FillRect
0x4393b4 GetMenuItemID
0x4393b8 GetClassInfoExA
0x4393bc DrawTextA
0x4393c0 GetKeyState
0x4393c4 GetSubMenu
0x4393c8 LoadStringA
0x4393cc GetFocus
0x4393d0 LoadBitmapA
0x4393d4 GetParent
0x4393d8 LoadMenuA
0x4393dc CallNextHookEx
0x4393e0 LoadCursorA
0x4393e8 UnhookWindowsHookEx
0x4393ec SetMenuDefaultItem
0x4393f0 DispatchMessageA
0x4393f4 RemoveMenu
0x4393f8 PostMessageA
0x4393fc IsWindow
0x439400 GetMenuItemCount
0x439404 AppendMenuA
0x439408 GetActiveWindow
0x43940c FrameRect
0x439410 GetSysColorBrush
0x439414 CreatePopupMenu
0x439418 GetDlgItemTextA
0x43941c SetMenu
0x439420 ShowWindow
0x439424 MessageBeep
0x439428 IsWindowEnabled
0x43942c WindowFromPoint
0x439430 CharNextA
0x439434 GetClientRect
0x439438 SetFocus
0x43943c SendMessageA
0x439440 DrawEdge
0x439444 SetRectEmpty
0x43944c BeginPaint
0x439450 PtInRect
0x439454 GetMonitorInfoA
0x439458 GetDC
0x43945c TranslateMessage
0x439460 InflateRect
0x439464 GetMenu
0x439468 OffsetRect
0x43946c TrackPopupMenuEx
0x439470 CheckMenuRadioItem
0x439474 SetWindowLongA
0x439478 InvalidateRect
0x43947c CharLowerA
0x439480 GetWindowLongA
0x439484 CreateWindowExA
0x439488 PeekMessageA
0x43948c ReleaseDC
0x439494 MonitorFromWindow
0x439498 EndDialog
0x43949c DefWindowProcA
0x4394a0 SetWindowsHookExA
0x4394a4 GetSysColor
0x4394a8 SetWindowPos
0x4394ac GetMenuItemInfoA
0x4394b0 LoadStringW
0x4394b4 LoadAcceleratorsA
Library GDI32.dll:
0x439060 MoveToEx
0x439064 GetGlyphOutlineA
0x439068 ExtTextOutA
0x43906c TextOutA
0x439070 GetStockObject
0x439074 GetObjectA
0x439078 CreatePatternBrush
0x439080 CreateCompatibleDC
0x439084 SelectObject
0x439088 DeleteObject
0x43908c GetPixel
0x439090 CreatePen
0x439098 PlayEnhMetaFile
0x43909c SetBkMode
0x4390a0 CreateBitmap
0x4390a4 SetBkColor
0x4390a8 GetCurrentObject
0x4390ac SetBrushOrgEx
0x4390b0 CreateFontIndirectA
0x4390b4 CreateDIBSection
0x4390b8 DeleteDC
0x4390bc SetTextColor
0x4390c0 PatBlt
0x4390c4 BitBlt
0x4390c8 LineTo
0x4390cc CloseEnhMetaFile
0x4390d4 CreateEnhMetaFileA
0x4390d8 GetEnhMetaFileA
0x4390dc DeleteEnhMetaFile
Library COMDLG32.dll:
0x439054 FindTextA
0x439058 GetOpenFileNameA
Library ADVAPI32.dll:
0x439000 RegSetValueExA
0x439004 RegDeleteKeyA
0x439008 RegEnumKeyExA
0x43900c RegCreateKeyExA
0x439010 RegOpenKeyExA
0x439014 RegDeleteValueA
0x439018 RegCloseKey
0x43901c OpenProcessToken
0x439020 RegQueryInfoKeyW
Library SHELL32.dll:
0x439310 SHGetDesktopFolder
0x439314 SHBindToParent
0x439318 SHGetFolderLocation
0x43931c DragQueryFileA
Library ole32.dll:
0x439500 ReleaseStgMedium
0x439504 OleUninitialize
0x439508 OleInitialize
0x43950c StringFromGUID2
0x439510 CLSIDFromString
0x439514 StringFromCLSID
0x439518 CoGetMalloc
0x43951c CoTaskMemAlloc
0x439520 CoTaskMemFree
0x439524 CoInitialize
0x439528 CoTaskMemRealloc
0x43952c CoUninitialize
0x439530 CoCreateInstance
Library OLEAUT32.dll:
0x439304 VarUI4FromStr
0x439308 VariantClear
Library SHLWAPI.dll:
Library COMCTL32.dll:
0x439028 ImageList_Destroy
0x43902c
0x439034 ImageList_AddMasked
0x439040 ImageList_Create
0x439048
0x43904c ImageList_Draw
Library msi.dll:
0x4394f4
Library WINMM.dll:
0x4394d4 midiOutGetNumDevs
0x4394d8 mmioStringToFOURCCA
0x4394dc joyGetNumDevs
0x4394e0 auxGetNumDevs
0x4394e4 waveInGetNumDevs
0x4394e8 midiInGetNumDevs
0x4394ec waveOutGetNumDevs
Library USP10.dll:
0x4394c4 ScriptFreeCache
0x4394cc ScriptGetCMap

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 51378 114.114.114.114 53
192.168.56.101 53210 114.114.114.114 53
192.168.56.101 60123 114.114.114.114 53
192.168.56.101 60384 114.114.114.114 53
192.168.56.101 62191 114.114.114.114 53
192.168.56.101 63429 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 123 20.189.79.72 time.windows.com 123
192.168.56.101 49713 224.0.0.252 5355
192.168.56.101 53237 224.0.0.252 5355
192.168.56.101 53380 224.0.0.252 5355
192.168.56.101 53657 224.0.0.252 5355
192.168.56.101 55368 224.0.0.252 5355
192.168.56.101 56539 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 58367 224.0.0.252 5355
192.168.56.101 61680 224.0.0.252 5355
192.168.56.101 62318 224.0.0.252 5355
192.168.56.101 65004 224.0.0.252 5355

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.