7.6
高危
43 个模型检测该样本为恶意!
重新分析
更多

caf83473463dbd839ab168ee3072a7fd4214c5ac838fa31d9711eaa526d7c351

4050d4eb8ad497da4182d787300cb191.exe

分析耗时

86s

最近分析

文件大小

768.0KB
静态报毒 动态报毒 AI SCORE=84 AIDETECTVM BSCOPE CLOUD CRYPTERX DOWNLOADER34 ELDORADO EMOTET EOST EUBJ GDSDA GENERICKDZ GENKRYPTIK HIGH CONFIDENCE KC5R1B KRYPTIK MALICIOUS MALWARE1 R04AC0DGO20 UNSAFE WQ0@AYMG3YOI ZEXAF 更多
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
McAfee Emotet-FRI!4050D4EB8AD4 20200724 6.0.6.653
Alibaba Trojan:Win32/Emotet.e84ca816 20190527 0.3.0.5
Baidu 20190318 1.0.0.2
Avast Win32:CrypterX-gen [Trj] 20200724 18.4.3895.0
Kingsoft 20200724 2013.8.14.323
Tencent 20200724 1.0.0.1
CrowdStrike 20190702 1.0
静态指标
Queries for the computername (1 个事件)
Time & API Arguments Status Return Repeated
1620974111.327374
GetComputerNameA
computer_name: OSKAR-PC
success 1 0
Uses Windows APIs to generate a cryptographic key (3 个事件)
Time & API Arguments Status Return Repeated
1620974099.187374
CryptGenKey
crypto_handle: 0x0096d9d8
algorithm_identifier: 0x0000660e ()
provider_handle: 0x00942a00
flags: 1
key: fÕWô¢ƒ ˆP»7VöP»Ö
success 1 0
1620974111.374374
CryptExportKey
crypto_handle: 0x0096d9d8
crypto_export_handle: 0x0096d918
buffer: f¤|Šæx‘=ܨ½Sg©ðn+#u.ÂY‹ïf°EqÝ“ì®›Xð°¥îÔ¬÷‹²"×uv.vD&ǐ×òøªÛÀN‡ž ã©„‚ÁHõ{ˁ©ësèäHŽÍšÁñp›L¯
blob_type: 1
flags: 64
success 1 0
1620974146.312374
CryptExportKey
crypto_handle: 0x0096d9d8
crypto_export_handle: 0x0096d918
buffer: f¤´ßÈ ð@üŒÅKþ>ä¦yæsþ+Ç>܂Ö} ˆ|?¸¬ô|–Ê;²Ff¢ªÕ{eÞéZŒSratºs&ŸóKøkî0¼²¨nŒ·ÀàH­WT›B4Il\»PQ{Ÿ
blob_type: 1
flags: 64
success 1 0
Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available (1 个事件)
Time & API Arguments Status Return Repeated
1620974096.640374
GlobalMemoryStatusEx
success 1 0
The executable uses a known packer (1 个事件)
packer Armadillo v1.71
The file contains an unknown PE resource name possibly indicative of a packer (1 个事件)
resource name None
行为判定
动态指标
Allocates read-write-execute memory (usually to unpack itself) (1 个事件)
Time & API Arguments Status Return Repeated
1620974098.608374
NtAllocateVirtualMemory
process_identifier: 2144
region_size: 36864
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12289 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00670000
success 0 0
Checks adapter addresses which can be used to detect virtual network interfaces (1 个事件)
Time & API Arguments Status Return Repeated
1620974112.249374
GetAdaptersAddresses
flags: 0
family: 0
failed 111 0
The binary likely contains encrypted or compressed data indicative of a packer (1 个事件)
entropy 7.1513134638060585 section {'size_of_data': '0x0000e000', 'virtual_address': '0x000a7000', 'entropy': 7.1513134638060585, 'name': '.data', 'virtual_size': '0x00012288'} description A section with a high entropy has been found
Expresses interest in specific running processes (1 个事件)
process 4050d4eb8ad497da4182d787300cb191.exe
Reads the systems User Agent and subsequently performs requests (1 个事件)
Time & API Arguments Status Return Repeated
1620974111.624374
InternetOpenW
proxy_bypass:
access_type: 0
proxy_name:
flags: 0
user_agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
success 13369348 0
网络通信
Communicates with host for which no DNS query was performed (5 个事件)
host 105.209.239.55
host 172.217.24.14
host 74.207.230.187
host 203.208.41.65
host 203.208.41.66
Sets or modifies WPAD proxy autoconfiguration file for traffic interception (8 个事件)
Time & API Arguments Status Return Repeated
1620974114.843374
RegSetValueExA
key_handle: 0x000003d8
value: 1
regkey_r: WpadDecisionReason
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionReason
success 0 0
1620974114.843374
RegSetValueExA
key_handle: 0x000003d8
value: °ÕêŸPH×
regkey_r: WpadDecisionTime
reg_type: 3 (REG_BINARY)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionTime
success 0 0
1620974114.843374
RegSetValueExA
key_handle: 0x000003d8
value: 3
regkey_r: WpadDecision
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecision
success 0 0
1620974114.843374
RegSetValueExW
key_handle: 0x000003d8
value: 网络 2
regkey_r: WpadNetworkName
reg_type: 1 (REG_SZ)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadNetworkName
success 0 0
1620974114.843374
RegSetValueExA
key_handle: 0x000003f0
value: 1
regkey_r: WpadDecisionReason
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionReason
success 0 0
1620974114.843374
RegSetValueExA
key_handle: 0x000003f0
value: °ÕêŸPH×
regkey_r: WpadDecisionTime
reg_type: 3 (REG_BINARY)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionTime
success 0 0
1620974114.858374
RegSetValueExA
key_handle: 0x000003f0
value: 3
regkey_r: WpadDecision
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecision
success 0 0
1620974114.937374
RegSetValueExW
key_handle: 0x000003d4
value: {40112ABE-63B3-43C3-BE93-1440EE3AF106}
regkey_r: WpadLastNetwork
reg_type: 1 (REG_SZ)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\WpadLastNetwork
success 0 0
Generates some ICMP traffic
File has been identified by 43 AntiVirus engines on VirusTotal as malicious (43 个事件)
Bkav W32.AIDetectVM.malware1
MicroWorld-eScan Trojan.Agent.EUBJ
FireEye Trojan.Agent.EUBJ
McAfee Emotet-FRI!4050D4EB8AD4
Cylance Unsafe
K7AntiVirus Trojan ( 0056b0ea1 )
Alibaba Trojan:Win32/Emotet.e84ca816
K7GW Trojan ( 0056b0ea1 )
Cyren W32/Emotet.ANR.gen!Eldorado
Symantec Trojan.Emotet
APEX Malicious
Avast Win32:CrypterX-gen [Trj]
Kaspersky Backdoor.Win32.Emotet.wlm
BitDefender Trojan.Agent.EUBJ
Paloalto generic.ml
AegisLab Trojan.Win32.Emotet.L!c
Rising Trojan.Kryptik!8.8 (CLOUD)
Endgame malicious (high confidence)
Emsisoft Trojan.Emotet (A)
DrWeb Trojan.DownLoader34.3145
VIPRE Trojan.Win32.Generic!BT
TrendMicro TROJ_GEN.R04AC0DGO20
Sophos Troj/Emotet-CKE
F-Prot W32/Emotet.ANR.gen!Eldorado
MAX malware (ai score=84)
Microsoft Trojan:Win32/Emotet.ARJ!MTB
Arcabit Trojan.Agent.EUBJ
ViRobot Trojan.Win32.Emotet.786432
ZoneAlarm Backdoor.Win32.Emotet.wlm
GData Win32.Trojan-Spy.Emotet.KC5R1B
AhnLab-V3 Malware/Win32.Generic.C4166677
VBA32 BScope.Trojan.Emotet
ALYac Trojan.Agent.EUBJ
Ad-Aware Trojan.Agent.EUBJ
Malwarebytes Trojan.Emotet
ESET-NOD32 a variant of Win32/GenKryptik.EOST
TrendMicro-HouseCall TROJ_GEN.R04AC0DGO20
Ikarus Trojan-Banker.Emotet
Fortinet W32/GenericKDZ.6891!tr
BitDefenderTheta Gen:NN.ZexaF.34138.Wq0@aymg3Yoi
AVG Win32:CrypterX-gen [Trj]
Panda Trj/GdSda.A
Qihoo-360 Win32/Trojan.653
Connects to IP addresses that are no longer responding to requests (legitimate services will remain up-and-running usually) (2 个事件)
dead_host 74.207.230.187:8080
dead_host 105.209.239.55:80
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

2020-07-22 20:48:42

Imports

Library KERNEL32.dll:
0x48c1e0 GetStdHandle
0x48c1e4 GetFileType
0x48c1e8 IsBadReadPtr
0x48c1ec IsBadCodePtr
0x48c1f0 SetHandleCount
0x48c1f4 SetStdHandle
0x48c1f8 CompareStringW
0x48c210 GetProfileStringA
0x48c214 InterlockedExchange
0x48c220 GetStringTypeW
0x48c224 GetStringTypeA
0x48c228 LCMapStringW
0x48c22c LCMapStringA
0x48c230 Sleep
0x48c234 IsBadWritePtr
0x48c238 GetCurrentProcess
0x48c23c VirtualAlloc
0x48c240 VirtualFree
0x48c244 HeapCreate
0x48c248 HeapDestroy
0x48c24c GetACP
0x48c250 HeapSize
0x48c254 HeapReAlloc
0x48c25c ExitThread
0x48c260 CreateThread
0x48c264 TerminateProcess
0x48c268 HeapAlloc
0x48c26c ExitProcess
0x48c270 GetCommandLineA
0x48c274 GetStartupInfoA
0x48c278 RaiseException
0x48c27c HeapFree
0x48c280 RtlUnwind
0x48c284 SetErrorMode
0x48c288 CopyFileA
0x48c294 GetFileSize
0x48c29c GetShortPathNameA
0x48c2a0 GetThreadLocale
0x48c2a4 GetStringTypeExA
0x48c2ac DeleteFileA
0x48c2b0 MoveFileA
0x48c2b4 SetEndOfFile
0x48c2b8 UnlockFile
0x48c2bc LockFile
0x48c2c0 FlushFileBuffers
0x48c2c4 SetFilePointer
0x48c2c8 WriteFile
0x48c2cc ReadFile
0x48c2d0 CreateFileA
0x48c2d4 DuplicateHandle
0x48c2d8 GetOEMCP
0x48c2dc GetCPInfo
0x48c2e0 GetProcessVersion
0x48c2e4 TlsGetValue
0x48c2e8 LocalReAlloc
0x48c2ec TlsSetValue
0x48c2f8 TlsFree
0x48c2fc GlobalHandle
0x48c304 TlsAlloc
0x48c30c LocalAlloc
0x48c310 SizeofResource
0x48c314 GlobalFlags
0x48c318 GetProfileIntA
0x48c324 FindNextFileA
0x48c328 lstrlenW
0x48c32c SetLastError
0x48c330 GlobalReAlloc
0x48c334 GlobalSize
0x48c338 GetDiskFreeSpaceA
0x48c33c GetFileTime
0x48c340 SetFileTime
0x48c344 GetFullPathNameA
0x48c348 GetTempFileNameA
0x48c34c GetFileAttributesA
0x48c350 GetTickCount
0x48c360 CreateEventA
0x48c364 SuspendThread
0x48c368 SetThreadPriority
0x48c36c ResumeThread
0x48c370 CloseHandle
0x48c374 GetCurrentThread
0x48c378 lstrcmpA
0x48c37c lstrcpynA
0x48c380 MulDiv
0x48c388 GlobalGetAtomNameA
0x48c38c GlobalAddAtomA
0x48c390 GlobalFindAtomA
0x48c394 GlobalDeleteAtom
0x48c398 LockResource
0x48c39c GetModuleFileNameA
0x48c3a0 GetCurrentThreadId
0x48c3a8 GetVersion
0x48c3ac GlobalAlloc
0x48c3b0 CompareStringA
0x48c3b4 FindResourceA
0x48c3b8 LoadResource
0x48c3bc GetModuleHandleA
0x48c3c0 GetLastError
0x48c3c4 FormatMessageA
0x48c3c8 LocalFree
0x48c3cc FreeLibrary
0x48c3d0 LoadLibraryA
0x48c3d4 GlobalLock
0x48c3d8 GlobalUnlock
0x48c3dc WideCharToMultiByte
0x48c3e0 MultiByteToWideChar
0x48c3e4 GetLocaleInfoA
0x48c3ec GetDriveTypeA
0x48c3fc FindFirstFileA
0x48c400 FindClose
0x48c408 GetLongPathNameA
0x48c40c lstrcmpiA
0x48c410 lstrcpyA
0x48c414 lstrcatA
0x48c418 lstrlenA
0x48c41c GlobalFree
0x48c420 SetEvent
0x48c424 WaitForSingleObject
0x48c42c LoadLibraryExA
0x48c430 GetProcAddress
Library USER32.dll:
0x48c4c8 BeginPaint
0x48c4cc GetWindowDC
0x48c4d4 MapDialogRect
0x48c4dc LoadStringA
0x48c4e0 GetMessageA
0x48c4e4 ValidateRect
0x48c4e8 ShowOwnedPopups
0x48c4ec PostQuitMessage
0x48c4f0 SetCursorPos
0x48c4f4 IsZoomed
0x48c4f8 BringWindowToTop
0x48c4fc UnpackDDElParam
0x48c500 ReuseDDElParam
0x48c504 DestroyMenu
0x48c50c LoadAcceleratorsA
0x48c510 SetRect
0x48c514 DestroyCursor
0x48c51c GetMenuState
0x48c520 SetMenuItemBitmaps
0x48c524 ShowWindow
0x48c528 MoveWindow
0x48c52c IsDialogMessageA
0x48c530 SetDlgItemTextA
0x48c534 SendDlgItemMessageA
0x48c538 MapWindowPoints
0x48c53c SetFocus
0x48c540 AdjustWindowRectEx
0x48c544 EqualRect
0x48c548 DeferWindowPos
0x48c54c BeginDeferWindowPos
0x48c550 EndDeferWindowPos
0x48c554 IsWindowVisible
0x48c558 ScrollWindow
0x48c55c GetScrollInfo
0x48c560 SetScrollInfo
0x48c564 ShowScrollBar
0x48c568 GetScrollRange
0x48c56c SetScrollRange
0x48c570 GetScrollPos
0x48c574 SetScrollPos
0x48c578 GetTopWindow
0x48c57c MessageBoxA
0x48c580 IsChild
0x48c584 GetCapture
0x48c588 WinHelpA
0x48c58c wsprintfA
0x48c590 GetClassInfoA
0x48c594 RegisterClassA
0x48c598 TrackPopupMenu
0x48c59c SetWindowPlacement
0x48c5a4 GetWindowTextA
0x48c5a8 GetDlgCtrlID
0x48c5ac CreateWindowExA
0x48c5b0 GetClassLongA
0x48c5b4 SetPropA
0x48c5b8 GetPropA
0x48c5bc RemovePropA
0x48c5c0 GetMessageTime
0x48c5c4 GetForegroundWindow
0x48c5c8 SetWindowPos
0x48c5cc GetWindowPlacement
0x48c5d0 GetNextDlgTabItem
0x48c5d4 EndDialog
0x48c5d8 GetActiveWindow
0x48c5e0 DestroyWindow
0x48c5e4 IsWindowEnabled
0x48c5e8 GetAsyncKeyState
0x48c5ec CallWindowProcA
0x48c5f0 MessageBeep
0x48c5f4 SetWindowsHookExA
0x48c5f8 TrackPopupMenuEx
0x48c5fc UnhookWindowsHookEx
0x48c600 CallNextHookEx
0x48c604 SetMenu
0x48c608 EndPaint
0x48c60c SendMessageA
0x48c610 GetSystemMenu
0x48c614 UpdateWindow
0x48c618 HideCaret
0x48c61c ShowCaret
0x48c620 ExcludeUpdateRgn
0x48c624 DefDlgProcA
0x48c628 IsWindowUnicode
0x48c62c DispatchMessageA
0x48c630 TranslateMessage
0x48c634 GetMenu
0x48c638 SetActiveWindow
0x48c63c SetCursor
0x48c640 WindowFromPoint
0x48c648 GetClassNameA
0x48c64c IntersectRect
0x48c650 SetWindowLongA
0x48c654 ReleaseCapture
0x48c658 SetMenuDefaultItem
0x48c65c KillTimer
0x48c660 SetTimer
0x48c664 GetCursorPos
0x48c668 GetDesktopWindow
0x48c66c SetCapture
0x48c670 GetDlgItem
0x48c674 DrawTextA
0x48c678 CharNextA
0x48c67c TabbedTextOutA
0x48c680 GrayStringA
0x48c684 IsRectEmpty
0x48c688 SetParent
0x48c68c GetSysColorBrush
0x48c694 CharUpperA
0x48c698 GetDCEx
0x48c69c LockWindowUpdate
0x48c6a0 PostThreadMessageA
0x48c6a4 EnableMenuItem
0x48c6a8 CheckMenuRadioItem
0x48c6ac CheckMenuItem
0x48c6b0 GetDC
0x48c6b4 ReleaseDC
0x48c6b8 GetWindowLongA
0x48c6bc LoadMenuA
0x48c6c0 GetMessagePos
0x48c6c4 ScreenToClient
0x48c6c8 PtInRect
0x48c6cc GetFocus
0x48c6d0 FillRect
0x48c6d4 FrameRect
0x48c6d8 DrawFocusRect
0x48c6dc MapVirtualKeyA
0x48c6e0 GetKeyNameTextA
0x48c6e8 SetMenuItemInfoA
0x48c6ec LoadBitmapA
0x48c6f0 CopyRect
0x48c6f4 DrawEdge
0x48c6f8 OffsetRect
0x48c6fc DrawStateA
0x48c704 GetWindow
0x48c708 InvalidateRect
0x48c70c PeekMessageA
0x48c710 GetSysColor
0x48c714 IsWindow
0x48c718 PostMessageA
0x48c720 GetWindowRect
0x48c724 DestroyIcon
0x48c728 GetSystemMetrics
0x48c72c GetParent
0x48c730 ClientToScreen
0x48c734 GetKeyState
0x48c738 GetClientRect
0x48c73c GetMenuItemID
0x48c740 GetMenuItemCount
0x48c744 ModifyMenuA
0x48c748 CreatePopupMenu
0x48c74c GetMenuStringA
0x48c750 GetSubMenu
0x48c754 GetMenuItemInfoA
0x48c758 DeleteMenu
0x48c75c AppendMenuA
0x48c760 InsertMenuA
0x48c764 CreateMenu
0x48c768 InvertRect
0x48c76c InflateRect
0x48c770 UnregisterClassA
0x48c774 RegisterClassExA
0x48c778 GetClassInfoExA
0x48c77c LoadCursorA
0x48c780 LoadImageA
0x48c784 LoadIconA
0x48c788 DefWindowProcA
0x48c78c SetForegroundWindow
0x48c790 IsIconic
0x48c794 GetLastActivePopup
0x48c798 FindWindowA
0x48c79c RedrawWindow
0x48c7a0 SetRectEmpty
0x48c7a4 GetNextDlgGroupItem
0x48c7a8 EnableWindow
0x48c7ac SetWindowTextA
Library GDI32.dll:
0x48c098 PtVisible
0x48c09c RectVisible
0x48c0a0 TextOutA
0x48c0a4 ExtTextOutA
0x48c0a8 Escape
0x48c0ac LPtoDP
0x48c0b0 GetMapMode
0x48c0b4 SetRectRgn
0x48c0b8 CreatePatternBrush
0x48c0bc GetNearestColor
0x48c0c0 GetStretchBltMode
0x48c0c4 GetPolyFillMode
0x48c0c8 GetTextAlign
0x48c0cc GetBkMode
0x48c0d0 GetROP2
0x48c0d4 GetTextFaceA
0x48c0d8 GetWindowOrgEx
0x48c0dc CopyMetaFileA
0x48c0e0 GetWindowExtEx
0x48c0e4 GetViewportExtEx
0x48c0e8 CreateRectRgn
0x48c0f0 SetTextAlign
0x48c0f4 LineTo
0x48c0f8 MoveToEx
0x48c0fc IntersectClipRect
0x48c100 ExcludeClipRect
0x48c104 SelectClipRgn
0x48c108 ScaleWindowExtEx
0x48c10c SetWindowExtEx
0x48c110 SetWindowOrgEx
0x48c114 ScaleViewportExtEx
0x48c118 SetViewportExtEx
0x48c11c OffsetViewportOrgEx
0x48c120 SetViewportOrgEx
0x48c124 SetMapMode
0x48c128 SetStretchBltMode
0x48c12c SetROP2
0x48c130 SetPolyFillMode
0x48c134 CombineRgn
0x48c13c RestoreDC
0x48c140 SaveDC
0x48c144 CreateFontA
0x48c148 GetCharWidthA
0x48c14c StretchDIBits
0x48c150 GetTextMetricsA
0x48c154 DeleteDC
0x48c158 CreateDCA
0x48c15c SetAbortProc
0x48c160 StartDocA
0x48c164 StartPage
0x48c168 EndPage
0x48c16c EndDoc
0x48c170 AbortDoc
0x48c174 GetViewportOrgEx
0x48c178 CreatePen
0x48c17c GetStockObject
0x48c180 GetDeviceCaps
0x48c184 SetBkColor
0x48c188 SetTextColor
0x48c18c GetClipBox
0x48c190 DPtoLP
0x48c198 GetTextColor
0x48c19c GetBkColor
0x48c1a0 CreateSolidBrush
0x48c1a8 CreateBitmap
0x48c1ac PatBlt
0x48c1b0 Ellipse
0x48c1b4 GetObjectA
0x48c1b8 CreateCompatibleDC
0x48c1bc SelectObject
0x48c1c0 BitBlt
0x48c1c4 CreateFontIndirectA
0x48c1c8 GetTextExtentPointA
0x48c1cc CreateDIBitmap
0x48c1d0 DeleteObject
0x48c1d4 Rectangle
0x48c1d8 SetBkMode
Library comdlg32.dll:
0x48c7d4 GetSaveFileNameA
0x48c7d8 GetFileTitleA
0x48c7dc GetOpenFileNameA
0x48c7e4 PrintDlgA
Library WINSPOOL.DRV:
0x48c7c4 DocumentPropertiesA
0x48c7c8 OpenPrinterA
0x48c7cc ClosePrinter
Library ADVAPI32.dll:
0x48c000 RegCloseKey
0x48c004 RegOpenKeyExA
0x48c008 RegQueryValueExA
0x48c00c RegEnumKeyExA
0x48c010 RegQueryValueA
0x48c014 RegEnumKeyA
0x48c018 RegOpenKeyA
0x48c01c RegDeleteKeyA
0x48c020 RegCreateKeyExA
0x48c024 RegSetValueExA
0x48c028 RegDeleteValueA
0x48c02c SetFileSecurityA
0x48c030 GetFileSecurityA
0x48c034 RegCreateKeyA
0x48c038 RegSetValueA
0x48c03c RegEnumValueA
Library SHELL32.dll:
0x48c490 ExtractIconA
0x48c494 DragFinish
0x48c498 DragAcceptFiles
0x48c49c DragQueryPoint
0x48c4a0 SHFileOperationA
0x48c4a4 ShellExecuteExA
0x48c4a8 ExtractIconExA
0x48c4b0 SHGetDesktopFolder
0x48c4b8 SHGetFileInfoA
0x48c4bc SHGetMalloc
0x48c4c0 DragQueryFileA
Library COMCTL32.dll:
0x48c048 ImageList_Draw
0x48c04c ImageList_GetIcon
0x48c050 ImageList_DrawEx
0x48c05c ImageList_AddMasked
0x48c068 ImageList_DragEnter
0x48c06c ImageList_BeginDrag
0x48c070 ImageList_DragLeave
0x48c074 ImageList_DragMove
0x48c07c ImageList_EndDrag
0x48c080
0x48c084 ImageList_Destroy
0x48c088 ImageList_Create
0x48c090 ImageList_Remove
Library oledlg.dll:
0x48c850
Library ole32.dll:
0x48c7f4 CoRevokeClassObject
0x48c7f8 CoGetClassObject
0x48c800 DoDragDrop
0x48c804 RevokeDragDrop
0x48c80c RegisterDragDrop
0x48c814 OleFlushClipboard
0x48c818 OleGetClipboard
0x48c81c CoTaskMemFree
0x48c820 CLSIDFromString
0x48c824 CLSIDFromProgID
0x48c82c OleUninitialize
0x48c830 OleInitialize
0x48c834 CoCreateInstance
0x48c838 ReleaseStgMedium
0x48c83c CoTaskMemAlloc
0x48c844 OleDuplicateData
Library OLEPRO32.DLL:
0x48c488
Library OLEAUT32.dll:
0x48c438 VariantClear
0x48c43c VariantCopy
0x48c440 VariantInit
0x48c444 SysFreeString
0x48c448 SysAllocString
0x48c44c SysAllocStringLen
0x48c454 SafeArrayAccessData
0x48c458 SafeArrayGetUBound
0x48c45c SafeArrayGetLBound
0x48c464 SafeArrayGetDim
0x48c468 SafeArrayCreate
0x48c470 VariantChangeType
0x48c474 VarDateFromStr
0x48c478 VarBstrFromDate
0x48c480 SysStringLen
Library VERSION.dll:
0x48c7b4 GetFileVersionInfoA
0x48c7bc VerQueryValueA

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 53237 114.114.114.114 53
192.168.56.101 53657 114.114.114.114 53
192.168.56.101 57756 114.114.114.114 53
192.168.56.101 62318 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 123 20.189.79.72 time.windows.com 123
192.168.56.101 49235 224.0.0.252 5355
192.168.56.101 49713 224.0.0.252 5355
192.168.56.101 50534 224.0.0.252 5355
192.168.56.101 51808 224.0.0.252 5355
192.168.56.101 51963 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 57874 224.0.0.252 5355
192.168.56.101 62191 224.0.0.252 5355
192.168.56.101 63429 224.0.0.252 5355
192.168.56.101 1900 239.255.255.250 1900
192.168.56.101 50539 239.255.255.250 1900
192.168.56.101 50541 239.255.255.250 3702
192.168.56.101 58707 239.255.255.250 3702

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.