5.0
中危
44 个模型检测该样本为恶意!
重新分析
更多

bfb5f2feee7ddf7d1fda838262ca8ccbd7d11da8742c5147fcfc54fa7806f261

3936aec3dc3876e2f5627994fa9444e0.exe

分析耗时

78s

最近分析

文件大小

408.1KB
静态报毒 动态报毒 AGEN AI SCORE=80 AIDETECTVM ATTRIBUTE DOWNLOADER32 DROPPERX ELDORADO FSAA GDSDA GENCIRC GINTHM HDS@8PQY61 HIGH CONFIDENCE HIGHCONFIDENCE MALWARE1 MXRESICN OYYF2GGKLD8 QVM09 R325188 SUSPICIOUS PE YMACCO ZAFQVTBKCWJ 更多
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
McAfee Trojan-FSAA!3936AEC3DC38 20200901 6.0.6.653
Alibaba 20190527 0.3.0.5
Avast Win32:DropperX-gen [Drp] 20200901 18.4.3895.0
Tencent Malware.Win32.Gencirc.10b8f4f9 20200901 1.0.0.1
Baidu Win32.Trojan-Downloader.Agent.cw 20190318 1.0.0.2
Kingsoft 20200901 2013.8.14.323
CrowdStrike 20190702 1.0
静态指标
This executable has a PDB path (1 个事件)
pdb_path c:\Users\Administrator\Desktop\123\MFCserver\release\MFCserver.pdb
The file contains an unknown PE resource name possibly indicative of a packer (1 个事件)
resource name None
行为判定
动态指标
Foreign language identified in PE resource (50 out of 89 个事件)
name RT_CURSOR language LANG_CHINESE offset 0x000495d4 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000134
name RT_CURSOR language LANG_CHINESE offset 0x000495d4 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000134
name RT_CURSOR language LANG_CHINESE offset 0x000495d4 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000134
name RT_CURSOR language LANG_CHINESE offset 0x000495d4 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000134
name RT_CURSOR language LANG_CHINESE offset 0x000495d4 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000134
name RT_CURSOR language LANG_CHINESE offset 0x000495d4 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000134
name RT_CURSOR language LANG_CHINESE offset 0x000495d4 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000134
name RT_CURSOR language LANG_CHINESE offset 0x000495d4 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000134
name RT_CURSOR language LANG_CHINESE offset 0x000495d4 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000134
name RT_CURSOR language LANG_CHINESE offset 0x000495d4 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000134
name RT_CURSOR language LANG_CHINESE offset 0x000495d4 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000134
name RT_CURSOR language LANG_CHINESE offset 0x000495d4 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000134
name RT_CURSOR language LANG_CHINESE offset 0x000495d4 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000134
name RT_CURSOR language LANG_CHINESE offset 0x000495d4 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000134
name RT_CURSOR language LANG_CHINESE offset 0x000495d4 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000134
name RT_CURSOR language LANG_CHINESE offset 0x000495d4 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000134
name RT_CURSOR language LANG_CHINESE offset 0x000495d4 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000134
name RT_CURSOR language LANG_CHINESE offset 0x000495d4 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000134
name RT_BITMAP language LANG_CHINESE offset 0x0004b128 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000144
name RT_BITMAP language LANG_CHINESE offset 0x0004b128 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000144
name RT_BITMAP language LANG_CHINESE offset 0x0004b128 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000144
name RT_BITMAP language LANG_CHINESE offset 0x0004b128 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000144
name RT_BITMAP language LANG_CHINESE offset 0x0004b128 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000144
name RT_BITMAP language LANG_CHINESE offset 0x0004b128 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000144
name RT_BITMAP language LANG_CHINESE offset 0x0004b128 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000144
name RT_BITMAP language LANG_CHINESE offset 0x0004b128 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000144
name RT_ICON language LANG_CHINESE offset 0x0005884c filetype GLS_BINARY_LSB_FIRST sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000368
name RT_ICON language LANG_CHINESE offset 0x0005884c filetype GLS_BINARY_LSB_FIRST sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000368
name RT_ICON language LANG_CHINESE offset 0x0005884c filetype GLS_BINARY_LSB_FIRST sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000368
name RT_ICON language LANG_CHINESE offset 0x0005884c filetype GLS_BINARY_LSB_FIRST sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000368
name RT_ICON language LANG_CHINESE offset 0x0005884c filetype GLS_BINARY_LSB_FIRST sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000368
name RT_ICON language LANG_CHINESE offset 0x0005884c filetype GLS_BINARY_LSB_FIRST sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000368
name RT_ICON language LANG_CHINESE offset 0x0005884c filetype GLS_BINARY_LSB_FIRST sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000368
name RT_ICON language LANG_CHINESE offset 0x0005884c filetype GLS_BINARY_LSB_FIRST sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000368
name RT_ICON language LANG_CHINESE offset 0x0005884c filetype GLS_BINARY_LSB_FIRST sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000368
name RT_ICON language LANG_CHINESE offset 0x0005884c filetype GLS_BINARY_LSB_FIRST sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000368
name RT_ICON language LANG_CHINESE offset 0x0005884c filetype GLS_BINARY_LSB_FIRST sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000368
name RT_ICON language LANG_CHINESE offset 0x0005884c filetype GLS_BINARY_LSB_FIRST sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000368
name RT_ICON language LANG_CHINESE offset 0x0005884c filetype GLS_BINARY_LSB_FIRST sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000368
name RT_ICON language LANG_CHINESE offset 0x0005884c filetype GLS_BINARY_LSB_FIRST sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000368
name RT_ICON language LANG_CHINESE offset 0x0005884c filetype GLS_BINARY_LSB_FIRST sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000368
name RT_ICON language LANG_CHINESE offset 0x0005884c filetype GLS_BINARY_LSB_FIRST sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000368
name RT_ICON language LANG_CHINESE offset 0x0005884c filetype GLS_BINARY_LSB_FIRST sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000368
name RT_ICON language LANG_CHINESE offset 0x0005884c filetype GLS_BINARY_LSB_FIRST sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000368
name RT_ICON language LANG_CHINESE offset 0x0005884c filetype GLS_BINARY_LSB_FIRST sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000368
name RT_ICON language LANG_CHINESE offset 0x0005884c filetype GLS_BINARY_LSB_FIRST sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000368
name RT_ICON language LANG_CHINESE offset 0x0005884c filetype GLS_BINARY_LSB_FIRST sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000368
name RT_DIALOG language LANG_CHINESE offset 0x00058ea4 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000034
name RT_DIALOG language LANG_CHINESE offset 0x00058ea4 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000034
name RT_DIALOG language LANG_CHINESE offset 0x00058ea4 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000034
Creates executable files on the filesystem (1 个事件)
file C:\Program Files\AppPath\N62.dll
Checks adapter addresses which can be used to detect virtual network interfaces (1 个事件)
Time & API Arguments Status Return Repeated
1620726224.15856
GetAdaptersAddresses
flags: 0
family: 0
failed 111 0
网络通信
Communicates with host for which no DNS query was performed (2 个事件)
host 172.217.24.14
host 193.112.134.169
Sets or modifies WPAD proxy autoconfiguration file for traffic interception (8 个事件)
Time & API Arguments Status Return Repeated
1620726228.45556
RegSetValueExA
key_handle: 0x000003f0
value: 1
regkey_r: WpadDecisionReason
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionReason
success 0 0
1620726228.45556
RegSetValueExA
key_handle: 0x000003f0
value: ^%sF×
regkey_r: WpadDecisionTime
reg_type: 3 (REG_BINARY)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionTime
success 0 0
1620726228.45556
RegSetValueExA
key_handle: 0x000003f0
value: 3
regkey_r: WpadDecision
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecision
success 0 0
1620726228.45556
RegSetValueExW
key_handle: 0x000003f0
value: 网络 2
regkey_r: WpadNetworkName
reg_type: 1 (REG_SZ)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadNetworkName
success 0 0
1620726228.45556
RegSetValueExA
key_handle: 0x000003e8
value: 1
regkey_r: WpadDecisionReason
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionReason
success 0 0
1620726228.45556
RegSetValueExA
key_handle: 0x000003e8
value: ^%sF×
regkey_r: WpadDecisionTime
reg_type: 3 (REG_BINARY)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionTime
success 0 0
1620726228.45556
RegSetValueExA
key_handle: 0x000003e8
value: 3
regkey_r: WpadDecision
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecision
success 0 0
1620726228.48656
RegSetValueExW
key_handle: 0x000003d0
value: {40112ABE-63B3-43C3-BE93-1440EE3AF106}
regkey_r: WpadLastNetwork
reg_type: 1 (REG_SZ)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\WpadLastNetwork
success 0 0
Connects to an IP address that is no longer responding to requests (legitimate services will remain up-and-running usually) (1 个事件)
dead_host 193.112.134.169:1596
File has been identified by 44 AntiVirus engines on VirusTotal as malicious (44 个事件)
Bkav W32.AIDetectVM.malware1
Elastic malicious (high confidence)
DrWeb Trojan.DownLoader32.46379
MicroWorld-eScan Trojan.Cud.Gen.1
FireEye Generic.mg.3936aec3dc3876e2
McAfee Trojan-FSAA!3936AEC3DC38
Zillya Trojan.ServStart.Win32.18859
K7AntiVirus Trojan-Downloader ( 00560bad1 )
K7GW Trojan-Downloader ( 00560bad1 )
Cybereason malicious.3dc387
Arcabit Trojan.Cud.Gen.1
Cyren W32/Agent.BOR.gen!Eldorado
Symantec ML.Attribute.HighConfidence
APEX Malicious
Avast Win32:DropperX-gen [Drp]
Kaspersky HEUR:Trojan.Win32.ServStart.vho
BitDefender Trojan.Cud.Gen.1
NANO-Antivirus Trojan.Win32.ServStart.ginthm
Tencent Malware.Win32.Gencirc.10b8f4f9
Ad-Aware Trojan.Cud.Gen.1
Comodo TrojWare.Win32.TrojanDownloader.Agent.HDS@8pqy61
F-Secure Heuristic.HEUR/AGEN.1133164
Baidu Win32.Trojan-Downloader.Agent.cw
VIPRE Trojan.Win32.Generic!BT
Sophos Mal/Agent-AUY
SentinelOne DFI - Suspicious PE
Jiangmin Trojan.ServStart.acb
Avira HEUR/AGEN.1133164
Microsoft Trojan:Win32/Ymacco
ZoneAlarm HEUR:Trojan.Win32.ServStart.vho
GData Trojan.Cud.Gen.1
AhnLab-V3 Malware/Win32.RL_Generic.R325188
VBA32 Trojan.Downloader
MAX malware (ai score=80)
Malwarebytes Trojan.Downloader
ESET-NOD32 a variant of Win32/TrojanDownloader.Agent.EUJ
Rising Downloader.Agent!8.B23 (TFE:5:ZAfQvTBkCwJ)
Yandex Trojan.DL.Agent!OYyF2ggKld8
Ikarus Trojan-Downloader.Win32.Agent
MaxSecure Win.MxResIcn.Heur.Gen
Fortinet W32/Agent.EUJ!tr.dldr
AVG Win32:DropperX-gen [Drp]
Panda Trj/GdSda.A
Qihoo-360 HEUR/QVM09.0.A1D5.Malware.Gen
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

2020-02-27 22:04:20

Imports

Library KERNEL32.dll:
0x4330b8 GetFileAttributesA
0x4330bc GetFileTime
0x4330c0 GetTickCount
0x4330c4 RtlUnwind
0x4330c8 HeapReAlloc
0x4330cc RaiseException
0x4330d0 GetSystemInfo
0x4330d4 VirtualQuery
0x4330d8 GetCommandLineA
0x4330dc GetStartupInfoA
0x4330e0 ExitProcess
0x4330e4 HeapSize
0x4330e8 HeapDestroy
0x4330ec HeapCreate
0x4330f0 GetStdHandle
0x4330f4 TerminateProcess
0x433100 IsDebuggerPresent
0x433118 SetHandleCount
0x43311c GetFileType
0x433128 GetStringTypeA
0x43312c GetStringTypeW
0x433134 LCMapStringA
0x433138 LCMapStringW
0x43313c GetConsoleCP
0x433140 GetConsoleMode
0x433144 SetStdHandle
0x433148 WriteConsoleA
0x43314c GetConsoleOutputCP
0x433150 WriteConsoleW
0x433158 GetOEMCP
0x43315c GetCPInfo
0x433160 GetFullPathNameA
0x433168 FindFirstFileA
0x43316c FindClose
0x433170 GetCurrentProcess
0x433174 DuplicateHandle
0x433178 GetThreadLocale
0x43317c SetEndOfFile
0x433180 UnlockFile
0x433184 LockFile
0x433188 FlushFileBuffers
0x43318c WriteFile
0x433190 GlobalFlags
0x433198 TlsFree
0x4331a0 LocalReAlloc
0x4331a4 TlsSetValue
0x4331a8 TlsAlloc
0x4331b0 GlobalHandle
0x4331b4 GlobalReAlloc
0x4331bc TlsGetValue
0x4331c4 LocalAlloc
0x4331c8 GlobalGetAtomNameA
0x4331cc GlobalFindAtomA
0x4331d0 lstrcmpW
0x4331d4 GetVersionExA
0x4331e0 FreeResource
0x4331e4 GetCurrentProcessId
0x4331e8 GlobalAddAtomA
0x4331ec GetCurrentThread
0x4331f0 GetCurrentThreadId
0x4331f8 GetModuleFileNameA
0x433200 GetLocaleInfoA
0x433204 lstrcmpA
0x433208 GlobalDeleteAtom
0x43320c GetModuleHandleA
0x433210 GlobalFree
0x433214 GlobalAlloc
0x433218 GlobalLock
0x43321c GlobalUnlock
0x433220 FormatMessageA
0x433224 LocalFree
0x433228 MulDiv
0x43322c SetLastError
0x433230 Sleep
0x433234 CreateFileA
0x433238 CloseHandle
0x43323c SetFilePointer
0x433240 GetFileSize
0x433244 ReadFile
0x433248 FindResourceA
0x43324c LoadResource
0x433250 LockResource
0x433254 SizeofResource
0x433258 lstrlenA
0x43325c CompareStringW
0x433260 CompareStringA
0x433264 HeapAlloc
0x433268 FreeLibrary
0x43326c GetProcessHeap
0x433270 HeapFree
0x433274 IsBadReadPtr
0x433278 LoadLibraryA
0x43327c GetProcAddress
0x433280 VirtualFree
0x433284 VirtualProtect
0x433288 VirtualAlloc
0x43328c GetVersion
0x433290 GetLastError
0x433294 WideCharToMultiByte
0x433298 MultiByteToWideChar
0x43329c GetACP
0x4332a0 InterlockedExchange
Library USER32.dll:
0x4332f4 MessageBeep
0x4332f8 UnregisterClassA
0x433300 PostThreadMessageA
0x433304 SetCapture
0x433308 LoadCursorA
0x43330c GetSysColorBrush
0x433310 EndPaint
0x433314 BeginPaint
0x433318 GetWindowDC
0x43331c ReleaseDC
0x433320 GetDC
0x433324 ClientToScreen
0x433328 GrayStringA
0x43332c DrawTextExA
0x433330 DrawTextA
0x433334 TabbedTextOutA
0x433338 ShowWindow
0x43333c MoveWindow
0x433340 SetWindowTextA
0x433344 IsDialogMessageA
0x43334c SendDlgItemMessageA
0x433350 WinHelpA
0x433354 IsChild
0x433358 GetCapture
0x43335c GetClassLongA
0x433360 GetClassNameA
0x433364 SetPropA
0x433368 GetPropA
0x43336c RemovePropA
0x433370 SetFocus
0x433374 GetWindowTextA
0x433378 GetForegroundWindow
0x43337c GetNextDlgGroupItem
0x433380 GetMessageTime
0x433384 GetMessagePos
0x433388 MapWindowPoints
0x43338c SetForegroundWindow
0x433390 UpdateWindow
0x433394 GetMenu
0x433398 GetClassInfoExA
0x43339c GetClassInfoA
0x4333a0 RegisterClassA
0x4333a4 AdjustWindowRectEx
0x4333a8 EqualRect
0x4333ac PtInRect
0x4333b0 GetDlgCtrlID
0x4333b4 DefWindowProcA
0x4333b8 CallWindowProcA
0x4333bc SetWindowLongA
0x4333c0 OffsetRect
0x4333c4 IntersectRect
0x4333c8 GetWindowPlacement
0x4333cc GetWindowRect
0x4333d0 GetSysColor
0x4333d8 DestroyMenu
0x4333dc CopyRect
0x4333e0 UnhookWindowsHookEx
0x4333e4 GetWindow
0x4333ec MapDialogRect
0x4333f0 SetWindowPos
0x4333f4 GetDesktopWindow
0x4333f8 SetActiveWindow
0x433400 DestroyWindow
0x433404 IsWindow
0x433408 GetDlgItem
0x43340c GetNextDlgTabItem
0x433410 EndDialog
0x433418 GetWindowLongA
0x43341c GetLastActivePopup
0x433420 IsWindowEnabled
0x433424 MessageBoxA
0x433428 SetCursor
0x43342c SetWindowsHookExA
0x433430 CallNextHookEx
0x433434 GetMessageA
0x433438 TranslateMessage
0x43343c DispatchMessageA
0x433440 GetActiveWindow
0x433444 InvalidateRgn
0x433448 InvalidateRect
0x43344c SetRect
0x433450 IsRectEmpty
0x433458 IsWindowVisible
0x43345c GetKeyState
0x433460 CharNextA
0x433464 GetTopWindow
0x433468 ReleaseCapture
0x43346c PeekMessageA
0x433470 GetCursorPos
0x433474 ValidateRect
0x433478 SetMenuItemBitmaps
0x433480 LoadBitmapA
0x433484 GetFocus
0x433488 GetParent
0x43348c ModifyMenuA
0x433490 EnableMenuItem
0x433494 CheckMenuItem
0x433498 PostMessageA
0x43349c PostQuitMessage
0x4334a0 GetMenuState
0x4334a4 GetMenuItemID
0x4334a8 GetMenuItemCount
0x4334ac GetSubMenu
0x4334b4 GetSystemMetrics
0x4334b8 EnableWindow
0x4334bc LoadIconA
0x4334c0 GetClientRect
0x4334c4 IsIconic
0x4334c8 GetSystemMenu
0x4334cc SendMessageA
0x4334d0 AppendMenuA
0x4334d4 DrawIcon
0x4334d8 CharUpperA
0x4334dc CreateWindowExA
Library GDI32.dll:
0x433030 GetWindowExtEx
0x433034 ExtSelectClipRgn
0x433038 DeleteDC
0x43303c GetStockObject
0x433040 ScaleWindowExtEx
0x433044 GetBkColor
0x433048 GetTextColor
0x433050 GetRgnBox
0x433054 GetMapMode
0x433058 GetViewportExtEx
0x43305c DeleteObject
0x433060 SetWindowExtEx
0x433064 ScaleViewportExtEx
0x433068 SetViewportExtEx
0x43306c OffsetViewportOrgEx
0x433070 SetViewportOrgEx
0x433074 SelectObject
0x433078 Escape
0x43307c TextOutA
0x433080 RectVisible
0x433084 PtVisible
0x433088 GetDeviceCaps
0x43308c SetMapMode
0x433090 RestoreDC
0x433094 SaveDC
0x433098 SetBkColor
0x43309c SetTextColor
0x4330a0 GetClipBox
0x4330a4 ExtTextOutA
0x4330a8 GetObjectA
0x4330ac CreateBitmap
Library comdlg32.dll:
0x4334f4 GetFileTitleA
Library WINSPOOL.DRV:
0x4334e4 ClosePrinter
0x4334e8 DocumentPropertiesA
0x4334ec OpenPrinterA
Library ADVAPI32.dll:
0x433000 RegEnumKeyA
0x433004 RegSetValueExA
0x433008 RegCreateKeyExA
0x43300c RegQueryValueA
0x433010 RegCloseKey
0x433014 RegDeleteKeyA
0x433018 RegOpenKeyExA
0x43301c RegQueryValueExA
0x433020 RegOpenKeyA
Library COMCTL32.dll:
Library SHLWAPI.dll:
0x4332e0 PathFindFileNameA
0x4332e4 PathStripToRootA
0x4332e8 PathFindExtensionA
0x4332ec PathIsUNCA
Library oledlg.dll:
0x433544
Library ole32.dll:
0x433504 OleInitialize
0x43350c OleUninitialize
0x43351c CoGetClassObject
0x433520 CLSIDFromString
0x433524 CoTaskMemAlloc
0x433528 CoTaskMemFree
0x43352c CoRevokeClassObject
0x433534 OleFlushClipboard
0x43353c CLSIDFromProgID
Library OLEAUT32.dll:
0x4332a8 VariantCopy
0x4332ac SysAllocString
0x4332b0 SafeArrayDestroy
0x4332c4 SysStringLen
0x4332c8 VariantInit
0x4332cc VariantChangeType
0x4332d0 VariantClear
0x4332d4 SysAllocStringLen
0x4332d8 SysFreeString
Library imagehlp.dll:

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 49235 114.114.114.114 53
192.168.56.101 50534 114.114.114.114 53
192.168.56.101 56539 114.114.114.114 53
192.168.56.101 58367 114.114.114.114 53
192.168.56.101 65004 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 123 20.189.79.72 time.windows.com 123
192.168.56.101 53657 224.0.0.252 5355
192.168.56.101 55368 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 60123 224.0.0.252 5355
192.168.56.101 62191 224.0.0.252 5355
192.168.56.101 1900 239.255.255.250 1900
192.168.56.101 53658 239.255.255.250 3702
192.168.56.101 53660 239.255.255.250 3702
192.168.56.101 56540 239.255.255.250 3702
192.168.56.101 56807 239.255.255.250 1900
192.168.56.101 58707 239.255.255.250 3702

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.