5.4
中危
该样本未表现出任何异常!
重新分析
更多

e53a46c787b12faee9547e869e10fe4dbbae8d835ab172f7d7e723ff3ad19b8e

3c84ee1014ffeb7b8cbf2a0684c96d26.exe

分析耗时

100s

最近分析

文件大小

2.0MB
静态报毒 动态报毒
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
未检测 暂无反病毒引擎检测结果
静态指标
Queries for the computername (3 个事件)
Time & API Arguments Status Return Repeated
1619391795.964124
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
1619391813.839124
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
1619391809.761124
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
Command line console output was observed (28 个事件)
Time & API Arguments Status Return Repeated
1619391815.792751
WriteConsoleA
buffer: ÕýÔÚ Ping 127.0.0.1
console_handle: 0x00000007
success 1 0
1619391815.808751
WriteConsoleA
buffer: ¾ßÓÐ 32 ×Ö½ÚµÄÊý¾Ý:
console_handle: 0x00000007
success 1 0
1619391815.808751
WriteConsoleA
buffer: À´×Ô 127.0.0.1 µÄ»Ø¸´:
console_handle: 0x00000007
success 1 0
1619391815.808751
WriteConsoleA
buffer: ×Ö½Ú=32
console_handle: 0x00000007
success 1 0
1619391815.808751
WriteConsoleA
buffer: ʱ¼ä<1ms
console_handle: 0x00000007
success 1 0
1619391815.808751
WriteConsoleA
buffer: TTL=128
console_handle: 0x00000007
success 1 0
1619391816.808751
WriteConsoleA
buffer: À´×Ô 127.0.0.1 µÄ»Ø¸´:
console_handle: 0x00000007
success 1 0
1619391816.808751
WriteConsoleA
buffer: ×Ö½Ú=32
console_handle: 0x00000007
success 1 0
1619391816.808751
WriteConsoleA
buffer: ʱ¼ä<1ms
console_handle: 0x00000007
success 1 0
1619391816.808751
WriteConsoleA
buffer: TTL=128
console_handle: 0x00000007
success 1 0
1619391817.808751
WriteConsoleA
buffer: À´×Ô 127.0.0.1 µÄ»Ø¸´:
console_handle: 0x00000007
success 1 0
1619391817.808751
WriteConsoleA
buffer: ×Ö½Ú=32
console_handle: 0x00000007
success 1 0
1619391817.808751
WriteConsoleA
buffer: ʱ¼ä<1ms
console_handle: 0x00000007
success 1 0
1619391817.808751
WriteConsoleA
buffer: TTL=128
console_handle: 0x00000007
success 1 0
1619391818.808751
WriteConsoleA
buffer: À´×Ô 127.0.0.1 µÄ»Ø¸´:
console_handle: 0x00000007
success 1 0
1619391818.808751
WriteConsoleA
buffer: ×Ö½Ú=32
console_handle: 0x00000007
success 1 0
1619391818.808751
WriteConsoleA
buffer: ʱ¼ä<1ms
console_handle: 0x00000007
success 1 0
1619391818.808751
WriteConsoleA
buffer: TTL=128
console_handle: 0x00000007
success 1 0
1619391819.808751
WriteConsoleA
buffer: À´×Ô 127.0.0.1 µÄ»Ø¸´:
console_handle: 0x00000007
success 1 0
1619391819.808751
WriteConsoleA
buffer: ×Ö½Ú=32
console_handle: 0x00000007
success 1 0
1619391819.808751
WriteConsoleA
buffer: ʱ¼ä<1ms
console_handle: 0x00000007
success 1 0
1619391819.808751
WriteConsoleA
buffer: TTL=128
console_handle: 0x00000007
success 1 0
1619391820.808751
WriteConsoleA
buffer: À´×Ô 127.0.0.1 µÄ»Ø¸´:
console_handle: 0x00000007
success 1 0
1619391820.808751
WriteConsoleA
buffer: ×Ö½Ú=32
console_handle: 0x00000007
success 1 0
1619391820.808751
WriteConsoleA
buffer: ʱ¼ä<1ms
console_handle: 0x00000007
success 1 0
1619391820.808751
WriteConsoleA
buffer: TTL=128
console_handle: 0x00000007
success 1 0
1619391820.870751
WriteConsoleA
buffer: 127.0.0.1 µÄ Ping ͳ¼ÆÐÅÏ¢: Êý¾Ý°ü: ÒÑ·¢ËÍ = 6£¬ÒѽÓÊÕ = 6£¬¶ªÊ§ = 0 (0% ¶ªÊ§)£¬
console_handle: 0x00000007
success 1 0
1619391820.980751
WriteConsoleA
buffer: Íù·µÐг̵ĹÀ¼Æʱ¼ä(ÒÔºÁÃëΪµ¥Î»): ×î¶Ì = 0ms£¬× = 0ms£¬Æ½¾ù = 0ms
console_handle: 0x00000007
success 1 0
Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available (1 个事件)
Time & API Arguments Status Return Repeated
1619391815.761751
GlobalMemoryStatusEx
success 1 0
One or more processes crashed (4 个事件)
Time & API Arguments Status Return Repeated
1619391813.839124
__exception__
stacktrace: 
RtlConvertSidToUnicodeString+0x28 RtlFormatCurrentUserKeyPath-0x257 ntdll+0x3aeea @ 0x77d6aeea
ConvertSidToStringSidW+0x24 CopySid-0xe6 advapi32+0x14368 @ 0x76554368
3c84ee1014ffeb7b8cbf2a0684c96d26+0xa5b6 @ 0x40a5b6
3c84ee1014ffeb7b8cbf2a0684c96d26+0x8852 @ 0x408852
3c84ee1014ffeb7b8cbf2a0684c96d26+0x844d @ 0x40844d
3c84ee1014ffeb7b8cbf2a0684c96d26+0x8ec8 @ 0x408ec8
3c84ee1014ffeb7b8cbf2a0684c96d26+0x17cc @ 0x4017cc
3c84ee1014ffeb7b8cbf2a0684c96d26+0x1c66 @ 0x401c66
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1632744
registers.edi: 0
registers.eax: 2860
registers.ebp: 1632784
registers.edx: 8
registers.ebx: 1
registers.esi: 2860
registers.ecx: 2860
exception.instruction_r: 8a 08 80 e1 0f 80 f9 01 75 24 8a 48 01 80 f9 0f
exception.symbol: RtlValidSid+0x17 RtlCopySid-0x3e ntdll+0x392a9
exception.instruction: mov cl, byte ptr [eax]
exception.module: ntdll.dll
exception.exception_code: 0xc0000005
exception.offset: 234153
exception.address: 0x77d692a9
success 0 0
1619391814.105124
__exception__
stacktrace: 
EqualSid+0x19 EqualPrefixSid-0xc kernelbase+0x1bfe3 @ 0x778fbfe3
3c84ee1014ffeb7b8cbf2a0684c96d26+0x84c4 @ 0x4084c4
3c84ee1014ffeb7b8cbf2a0684c96d26+0xa27d @ 0x40a27d
3c84ee1014ffeb7b8cbf2a0684c96d26+0xa2b8 @ 0x40a2b8
3c84ee1014ffeb7b8cbf2a0684c96d26+0x8f65 @ 0x408f65
3c84ee1014ffeb7b8cbf2a0684c96d26+0x17cc @ 0x4017cc
3c84ee1014ffeb7b8cbf2a0684c96d26+0x1c66 @ 0x401c66
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1634132
registers.edi: 2860
registers.eax: 1281
registers.ebp: 1634140
registers.edx: 0
registers.ebx: 38467848
registers.esi: 38467848
registers.ecx: 2130563072
exception.instruction_r: 66 3b 07 0f 85 e1 ef ff ff 0f b6 4e 01 33 c0 8d
exception.symbol: RtlEqualSid+0x10 RtlSetCriticalSectionSpinCount-0x26 ntdll+0x394c1
exception.instruction: cmp ax, word ptr [edi]
exception.module: ntdll.dll
exception.exception_code: 0xc0000005
exception.offset: 234689
exception.address: 0x77d694c1
success 0 0
1619391810.511124
__exception__
stacktrace: 
3c84ee1014ffeb7b8cbf2a0684c96d26+0x3daa @ 0x403daa
3c84ee1014ffeb7b8cbf2a0684c96d26+0x1b23 @ 0x401b23
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1637624
registers.edi: 0
registers.eax: 1447909480
registers.ebp: 1637684
registers.edx: 22104
registers.ebx: 1
registers.esi: 6899992
registers.ecx: 10
exception.instruction_r: ed 89 5d e4 89 4d e0 5a 59 5b 58 83 4d fc ff eb
exception.symbol: 3c84ee1014ffeb7b8cbf2a0684c96d26+0x33cc
exception.instruction: in eax, dx
exception.module: 3c84ee1014ffeb7b8cbf2a0684c96d26.exe
exception.exception_code: 0xc0000096
exception.offset: 13260
exception.address: 0x4033cc
success 0 0
1619391810.511124
__exception__
stacktrace: 
3c84ee1014ffeb7b8cbf2a0684c96d26+0x3db3 @ 0x403db3
3c84ee1014ffeb7b8cbf2a0684c96d26+0x1b23 @ 0x401b23
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1637628
registers.edi: 0
registers.eax: 1447909480
registers.ebp: 1637684
registers.edx: 22104
registers.ebx: 1
registers.esi: 6899992
registers.ecx: 20
exception.instruction_r: ed 89 45 e4 5a 59 5b 58 83 4d fc ff eb 11 33 c0
exception.symbol: 3c84ee1014ffeb7b8cbf2a0684c96d26+0x3465
exception.instruction: in eax, dx
exception.module: 3c84ee1014ffeb7b8cbf2a0684c96d26.exe
exception.exception_code: 0xc0000096
exception.offset: 13413
exception.address: 0x403465
success 0 0
行为判定
动态指标
Allocates read-write-execute memory (usually to unpack itself) (6 个事件)
Time & API Arguments Status Return Repeated
1619391781.245124
NtAllocateVirtualMemory
process_identifier: 1752
region_size: 225280
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x006a0000
success 0 0
1619391795.808124
NtAllocateVirtualMemory
process_identifier: 1752
region_size: 221184
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x01e30000
success 0 0
1619391795.808124
NtProtectVirtualMemory
process_identifier: 1752
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 237568
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00400000
success 0 0
1619391796.730124
NtAllocateVirtualMemory
process_identifier: 1416
region_size: 225280
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x003a0000
success 0 0
1619391809.761124
NtAllocateVirtualMemory
process_identifier: 1416
region_size: 221184
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00600000
success 0 0
1619391809.761124
NtProtectVirtualMemory
process_identifier: 1416
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 237568
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00400000
success 0 0
Creates executable files on the filesystem (1 个事件)
file C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\3c84ee1014ffeb7b8cbf2a0684c96d26.exe
Creates a suspicious process (2 个事件)
cmdline cmd.exe /c ping.exe -n 6 127.0.0.1 & type "C:\Windows\System32\calc.exe" > "C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\3c84ee1014ffeb7b8cbf2a0684c96d26.exe"
cmdline "C:\Windows\System32\cmd.exe" /c ping.exe -n 6 127.0.0.1 & type "C:\Windows\System32\calc.exe" > "C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\3c84ee1014ffeb7b8cbf2a0684c96d26.exe"
A process created a hidden window (2 个事件)
Time & API Arguments Status Return Repeated
1619391796.589124
CreateProcessInternalW
thread_identifier: 684
thread_handle: 0x00000154
process_identifier: 1416
current_directory:
filepath:
track: 1
command_line: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\3c84ee1014ffeb7b8cbf2a0684c96d26.exe /C
filepath_r:
stack_pivoted: 0
creation_flags: 134217728 (CREATE_NO_WINDOW)
process_handle: 0x00000158
inherit_handles: 0
success 1 0
1619391815.324124
ShellExecuteExW
parameters: /c ping.exe -n 6 127.0.0.1 & type "C:\Windows\System32\calc.exe" > "C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\3c84ee1014ffeb7b8cbf2a0684c96d26.exe"
filepath: cmd.exe
filepath_r: cmd.exe
show_type: 0
success 1 0
Uses Windows utilities for basic Windows functionality (3 个事件)
cmdline cmd.exe /c ping.exe -n 6 127.0.0.1 & type "C:\Windows\System32\calc.exe" > "C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\3c84ee1014ffeb7b8cbf2a0684c96d26.exe"
cmdline ping.exe -n 6 127.0.0.1
cmdline "C:\Windows\System32\cmd.exe" /c ping.exe -n 6 127.0.0.1 & type "C:\Windows\System32\calc.exe" > "C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\3c84ee1014ffeb7b8cbf2a0684c96d26.exe"
网络通信
Communicates with host for which no DNS query was performed (2 个事件)
host 172.217.24.14
host 203.208.40.66
Detects VMWare through the in instruction feature (1 个事件)
Time & API Arguments Status Return Repeated
1619391810.511124
__exception__
stacktrace: 
3c84ee1014ffeb7b8cbf2a0684c96d26+0x3daa @ 0x403daa
3c84ee1014ffeb7b8cbf2a0684c96d26+0x1b23 @ 0x401b23
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1637624
registers.edi: 0
registers.eax: 1447909480
registers.ebp: 1637684
registers.edx: 22104
registers.ebx: 1
registers.esi: 6899992
registers.ecx: 10
exception.instruction_r: ed 89 5d e4 89 4d e0 5a 59 5b 58 83 4d fc ff eb
exception.symbol: 3c84ee1014ffeb7b8cbf2a0684c96d26+0x33cc
exception.instruction: in eax, dx
exception.module: 3c84ee1014ffeb7b8cbf2a0684c96d26.exe
exception.exception_code: 0xc0000096
exception.offset: 13260
exception.address: 0x4033cc
success 0 0
Connects to IP addresses that are no longer responding to requests (legitimate services will remain up-and-running usually) (2 个事件)
dead_host 172.217.24.14:443
dead_host 216.58.200.238:443
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

2020-05-05 19:47:32

Imports

Library KERNEL32.dll:
0x5c76f4 SetEndOfFile
0x5c76f8 HeapSize
0x5c7700 CreateFileW
0x5c7704 GetProcessHeap
0x5c7708 SetStdHandle
0x5c7714 GetTickCount
0x5c7718 GetProcAddress
0x5c771c GetStdHandle
0x5c7720 ReadFile
0x5c7724 WriteFile
0x5c7728 GetConsoleMode
0x5c772c SetConsoleMode
0x5c7730 FreeLibrary
0x5c7734 LoadLibraryA
0x5c7738 CloseHandle
0x5c773c GetLastError
0x5c7740 GetOverlappedResult
0x5c7744 SetEvent
0x5c7748 WaitForSingleObject
0x5c774c CreateEventA
0x5c7750 CreateThread
0x5c7754 GetSystemDirectoryA
0x5c7758 FormatMessageA
0x5c775c DecodePointer
0x5c7760 FindFirstFileA
0x5c7764 FindNextFileA
0x5c776c GetProcessTimes
0x5c7770 GetCurrentProcess
0x5c7774 GetCurrentProcessId
0x5c7778 GetCurrentThread
0x5c777c GetThreadTimes
0x5c7780 GetSystemTime
0x5c778c GlobalMemoryStatus
0x5c7790 CreateFileA
0x5c7794 LocalFree
0x5c7798 WaitNamedPipeA
0x5c779c ConnectNamedPipe
0x5c77a0 CreateNamedPipeA
0x5c77a4 GetCurrentThreadId
0x5c77a8 MapViewOfFile
0x5c77ac UnmapViewOfFile
0x5c77b0 LocalAlloc
0x5c77b4 CreateFileMappingA
0x5c77b8 GetFileType
0x5c77c0 CreatePipe
0x5c77c4 CreateProcessA
0x5c77c8 OpenProcess
0x5c77cc ClearCommBreak
0x5c77d0 GetCommState
0x5c77d4 SetCommBreak
0x5c77d8 SetCommState
0x5c77dc SetCommTimeouts
0x5c77e0 ReleaseMutex
0x5c77e4 CreateMutexA
0x5c77ec DeleteFileA
0x5c77f0 GetLocalTime
0x5c77fc TerminateProcess
0x5c7808 InitializeSListHead
0x5c780c IsDebuggerPresent
0x5c7810 GetStartupInfoW
0x5c7814 GetModuleHandleW
0x5c7818 FindClose
0x5c781c GetModuleFileNameW
0x5c7824 TlsAlloc
0x5c7828 TlsGetValue
0x5c782c TlsSetValue
0x5c7830 TlsFree
0x5c7834 LoadLibraryExW
0x5c7838 RtlUnwind
0x5c783c SetLastError
0x5c784c GetModuleFileNameA
0x5c7850 GetModuleHandleExW
0x5c7854 WriteConsoleW
0x5c7858 MultiByteToWideChar
0x5c785c WideCharToMultiByte
0x5c7860 ExitProcess
0x5c7864 GetCommandLineA
0x5c7868 GetCommandLineW
0x5c786c GetACP
0x5c7870 HeapFree
0x5c7874 HeapAlloc
0x5c7878 OutputDebugStringW
0x5c7880 GetStringTypeW
0x5c7884 GetDateFormatW
0x5c7888 GetTimeFormatW
0x5c788c CompareStringW
0x5c7890 LCMapStringW
0x5c7894 FlushFileBuffers
0x5c7898 GetConsoleCP
0x5c789c HeapReAlloc
0x5c78a0 ReadConsoleW
0x5c78a4 SetFilePointerEx
0x5c78a8 FindFirstFileExA
0x5c78ac IsValidCodePage
0x5c78b0 GetOEMCP
0x5c78b4 GetCPInfo
0x5c78bc RaiseException
0x5c78c0 Process32FirstW
0x5c78c4 PurgeComm
0x5c78c8 DuplicateHandle
0x5c78d0 VirtualFree
0x5c78d4 HeapValidate
0x5c78d8 GetConsoleWindow
0x5c78ec SetConsoleTitleA
0x5c78f0 CreateDirectoryExA
0x5c78f8 TransmitCommChar
0x5c78fc OpenEventA
0x5c7904 OpenSemaphoreA
0x5c7908 EnumResourceNamesW
0x5c7910 Module32FirstW
0x5c7918 lstrcat
0x5c791c MoveFileA
0x5c7920 GetDiskFreeSpaceExA
0x5c7924 CreateTimerQueue
0x5c7928 _lread
0x5c7930 LoadLibraryExA
0x5c793c GetUserDefaultLCID
0x5c7940 IsBadReadPtr
0x5c7948 GetModuleHandleA
0x5c794c VirtualAlloc
0x5c7950 LoadLibraryW
Library USER32.dll:
0x5c795c PeekMessageA
0x5c7960 FindWindowA
0x5c7964 SendMessageA
0x5c7968 GetCursorPos
0x5c796c GetForegroundWindow
0x5c7970 GetCapture
0x5c7974 GetQueueStatus
0x5c7978 GetClipboardOwner
0x5c797c PostMessageA
0x5c7980 EnumDisplayMonitors
0x5c7984 ShowWindow
0x5c7988 UnhookWinEvent
0x5c798c DdeQueryStringA
0x5c799c PostThreadMessageA
0x5c79a0 OffsetRect
0x5c79a4 SetScrollRange
0x5c79ac UnpackDDElParam
0x5c79b0 CreateIconIndirect
0x5c79b4 LoadCursorFromFileW
0x5c79b8 SetCapture
0x5c79c0 RegisterHotKey
0x5c79c4 ShowOwnedPopups
0x5c79c8 FlashWindowEx
0x5c79cc GetMessagePos
0x5c79d4 CloseWindowStation
0x5c79d8 FreeDDElParam
0x5c79dc GetPropA
0x5c79e0 OemKeyScan
0x5c79e4 SwitchDesktop
0x5c79e8 SetWindowTextA
0x5c79ec LoadIconW
0x5c79f0 LoadCursorFromFileA
Library GDI32.dll:
0x5c79f8 FONTOBJ_vGetInfo
0x5c79fc XLATEOBJ_iXlate
0x5c7a00 GetLayout
0x5c7a04 CheckColorsInGamut
0x5c7a08 GetRasterizerCaps
0x5c7a0c EngDeletePalette
0x5c7a10 GetStringBitmapA
0x5c7a14 MoveToEx
0x5c7a18 EnumFontFamiliesW
0x5c7a1c GetBoundsRect
0x5c7a2c EngFindResource
0x5c7a30 EngDeleteSemaphore
0x5c7a38 SetMagicColors
0x5c7a3c STROBJ_vEnumStart
0x5c7a44 GdiSetLastError
0x5c7a48 CreateColorSpaceA
0x5c7a4c SetWorldTransform
0x5c7a50 SetPixel
0x5c7a54 AnimatePalette
0x5c7a58 SetViewportExtEx
0x5c7a5c EqualRgn
0x5c7a60 Chord
0x5c7a64 GetCharWidthInfo
0x5c7a68 GetTextFaceAliasW
0x5c7a6c AbortDoc
0x5c7a74 GetFontData
0x5c7a7c GdiStartPageEMF
0x5c7a80 AddFontResourceA
Library COMDLG32.dll:
0x5c7a8c GetFileTitleA
Library ADVAPI32.dll:
0x5c7a94 RegCloseKey
0x5c7a98 RegOpenKeyA
0x5c7a9c RegQueryValueExA
0x5c7aa0 GetUserNameA
0x5c7aa4 EqualSid
0x5c7aac CopySid
0x5c7ab0 GetLengthSid
0x5c7ac0 RegCreateKeyA
0x5c7ac4 RegSetValueExA
0x5c7ac8 SystemFunction036
0x5c7acc RegSetValueA
Library SHELL32.dll:
0x5c7ad8 SHGetSettings
0x5c7ae8 ShellExecuteExA
0x5c7aec CheckEscapesW
0x5c7af0 SHGetFolderPathA
0x5c7af4 SHGetDesktopFolder
0x5c7af8 DuplicateIcon
0x5c7afc SHGetFolderLocation
0x5c7b04 DoEnvironmentSubstW
0x5c7b0c DragQueryFile
Library ole32.dll:
0x5c7b18 CoTaskMemFree
Library SHLWAPI.dll:
0x5c7b20 StrRStrIW
0x5c7b24 StrRChrIA
0x5c7b28 StrChrW
0x5c7b2c StrRStrIA
0x5c7b30 PathIsUNCA
Library COMCTL32.dll:
0x5c7b38 _TrackMouseEvent

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 51378 114.114.114.114 53
192.168.56.101 51963 114.114.114.114 53
192.168.56.101 60123 114.114.114.114 53
192.168.56.101 60215 114.114.114.114 53
192.168.56.101 63429 114.114.114.114 53
192.168.56.101 65004 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 123 20.189.79.72 time.windows.com 123
192.168.56.101 49235 224.0.0.252 5355
192.168.56.101 49713 224.0.0.252 5355
192.168.56.101 50568 224.0.0.252 5355
192.168.56.101 53210 224.0.0.252 5355
192.168.56.101 53237 224.0.0.252 5355
192.168.56.101 53657 224.0.0.252 5355
192.168.56.101 56539 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 58367 224.0.0.252 5355
192.168.56.101 62318 224.0.0.252 5355
192.168.56.101 62912 224.0.0.252 5355

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.