5.0
中危
该样本未表现出任何异常!
重新分析
更多

264d7bdc0a0eb2f2fcdb842a8556b06a017d5c88a37514ce8e883ac2f00cbdd4

41789d8716368f43092dfb82e4a5e5a1.exe

分析耗时

55s

最近分析

文件大小

683.0KB
静态报毒 动态报毒
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
未检测 暂无反病毒引擎检测结果
静态指标
The executable contains unknown PE section names indicative of a packer (could be a false positive) (3 个事件)
section CODE
section DATA
section BSS
The executable uses a known packer (1 个事件)
packer BobSoft Mini Delphi -> BoB / BobSoft
One or more processes crashed (1 个事件)
Time & API Arguments Status Return Repeated
1619384518.92125
__exception__
stacktrace: 
CreateFileMappingW+0xe5 OpenFileMappingW-0x29 kernelbase+0xdc73 @ 0x778edc73
GetFileVersion+0xa7 ND_RI2-0x2eb mscoreei+0xe97b @ 0x73aae97b
GetFileVersion+0x1bb ND_RI2-0x1d7 mscoreei+0xea8f @ 0x73aaea8f
RegisterShimImplCallback+0x48e5 CLRCreateInstance-0x13e6 mscoreei+0xb25a @ 0x73aab25a
RegisterShimImplCallback+0x4b52 CLRCreateInstance-0x1179 mscoreei+0xb4c7 @ 0x73aab4c7
RegisterShimImplCallback+0x4300 CLRCreateInstance-0x19cb mscoreei+0xac75 @ 0x73aaac75
RegisterShimImplCallback+0x4561 CLRCreateInstance-0x176a mscoreei+0xaed6 @ 0x73aaaed6
CreateConfigStream+0xc89 _CorExeMain-0x62 mscoreei+0x5511 @ 0x73aa5511
_CorExeMain+0x2b _CorExeMain2-0x141 mscoreei+0x559e @ 0x73aa559e
CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x74167f16
_CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x74164de3
41789d8716368f43092dfb82e4a5e5a1+0x58a4d @ 0x458a4d
41789d8716368f43092dfb82e4a5e5a1+0x51254 @ 0x451254
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1634372
registers.edi: 2
registers.eax: 1
registers.ebp: 1634412
registers.edx: 228
registers.ebx: 983045
registers.esi: 1634532
registers.ecx: 228
exception.symbol:
exception.exception_code: 0xc0000005
exception.address: 0xfe8614ad
success 0 0
行为判定
动态指标
One or more potentially interesting buffers were extracted, these generally contain injected code, configuration data, etc.
Allocates read-write-execute memory (usually to unpack itself) (30 个事件)
Time & API Arguments Status Return Repeated
1619384502.265875
NtAllocateVirtualMemory
process_identifier: 2504
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x003e0000
success 0 0
1619384502.609875
NtProtectVirtualMemory
process_identifier: 2504
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 57344
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00456000
success 0 0
1619384502.609875
NtAllocateVirtualMemory
process_identifier: 2504
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x01f70000
success 0 0
1619384503.35925
NtProtectVirtualMemory
process_identifier: 2732
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00400000
success 0 0
1619384503.42125
NtAllocateVirtualMemory
process_identifier: 2732
region_size: 983040
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 8192 (MEM_RESERVE)
base_address: 0x01e60000
success 0 0
1619384503.42125
NtAllocateVirtualMemory
process_identifier: 2732
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x01f10000
success 0 0
1619384503.42125
NtAllocateVirtualMemory
process_identifier: 2732
region_size: 327680
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00500000
success 0 0
1619384503.42125
NtProtectVirtualMemory
process_identifier: 2732
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 299008
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00502000
success 0 0
1619384503.95325
NtAllocateVirtualMemory
process_identifier: 2732
region_size: 2293760
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 8192 (MEM_RESERVE)
base_address: 0x021a0000
success 0 0
1619384503.95325
NtAllocateVirtualMemory
process_identifier: 2732
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x02390000
success 0 0
1619384518.90625
NtProtectVirtualMemory
process_identifier: 2732
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x02042000
success 0 0
1619384518.90625
NtProtectVirtualMemory
process_identifier: 2732
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76351000
success 0 0
1619384518.90625
NtProtectVirtualMemory
process_identifier: 2732
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x02042000
success 0 0
1619384518.90625
NtProtectVirtualMemory
process_identifier: 2732
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76353000
success 0 0
1619384518.90625
NtProtectVirtualMemory
process_identifier: 2732
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x02042000
success 0 0
1619384518.90625
NtProtectVirtualMemory
process_identifier: 2732
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76354000
success 0 0
1619384518.92125
NtProtectVirtualMemory
process_identifier: 2732
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x02042000
success 0 0
1619384518.92125
NtProtectVirtualMemory
process_identifier: 2732
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76351000
success 0 0
1619384518.92125
NtProtectVirtualMemory
process_identifier: 2732
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x02042000
success 0 0
1619384518.92125
NtProtectVirtualMemory
process_identifier: 2732
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x77d4f000
success 0 0
1619384518.92125
NtProtectVirtualMemory
process_identifier: 2732
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x02042000
success 0 0
1619384518.92125
NtProtectVirtualMemory
process_identifier: 2732
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76353000
success 0 0
1619384518.92125
NtProtectVirtualMemory
process_identifier: 2732
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x02042000
success 0 0
1619384518.92125
NtProtectVirtualMemory
process_identifier: 2732
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76351000
success 0 0
1619384518.92125
NtProtectVirtualMemory
process_identifier: 2732
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x02042000
success 0 0
1619384518.92125
NtProtectVirtualMemory
process_identifier: 2732
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76351000
success 0 0
1619384518.92125
NtProtectVirtualMemory
process_identifier: 2732
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x02042000
success 0 0
1619384518.92125
NtProtectVirtualMemory
process_identifier: 2732
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76354000
success 0 0
1619384518.92125
NtProtectVirtualMemory
process_identifier: 2732
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x02042000
success 0 0
1619384518.92125
NtProtectVirtualMemory
process_identifier: 2732
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76351000
success 0 0
The binary likely contains encrypted or compressed data indicative of a packer (2 个事件)
entropy 7.487402272671295 section {'size_of_data': '0x0003da00', 'virtual_address': '0x00073000', 'entropy': 7.487402272671295, 'name': '.rsrc', 'virtual_size': '0x0003d8fc'} description A section with a high entropy has been found
entropy 0.3614369501466276 description Overall entropy of this PE file is high
网络通信
Used NtSetContextThread to modify a thread in a remote process indicative of process injection (2 个事件)
Process injection Process 2504 called NtSetContextThread to modify thread in remote process 2732
Time & API Arguments Status Return Repeated
1619384503.078875
NtSetContextThread
thread_handle: 0x00000100
registers.eip: 0
registers.esp: 0
registers.edi: 0
registers.eax: 4893616
registers.ebp: 0
registers.edx: 0
registers.ebx: 2130567168
registers.esi: 0
registers.ecx: 0
process_identifier: 2732
success 0 0
Resumed a suspended thread in a remote process potentially indicative of process injection (2 个事件)
Process injection Process 2504 resumed a thread in remote process 2732
Time & API Arguments Status Return Repeated
1619384503.218875
NtResumeThread
thread_handle: 0x00000100
suspend_count: 1
process_identifier: 2732
success 0 0
Connects to an IP address that is no longer responding to requests (legitimate services will remain up-and-running usually) (1 个事件)
dead_host 172.217.24.14:443
Executed a process and injected code into it, probably while unpacking (6 个事件)
Time & API Arguments Status Return Repeated
1619384502.968875
CreateProcessInternalW
thread_identifier: 2420
thread_handle: 0x00000100
process_identifier: 2732
current_directory:
filepath:
track: 1
command_line: "C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\41789d8716368f43092dfb82e4a5e5a1.exe"
filepath_r:
stack_pivoted: 0
creation_flags: 4 (CREATE_SUSPENDED)
process_handle: 0x00000104
inherit_handles: 0
success 1 0
1619384502.968875
NtUnmapViewOfSection
process_identifier: 2732
region_size: 4096
process_handle: 0x00000104
base_address: 0x00400000
success 0 0
1619384502.968875
NtMapViewOfSection
section_handle: 0x0000010c
process_identifier: 2732
commit_size: 704512
win32_protect: 64 (PAGE_EXECUTE_READWRITE)
buffer:
process_handle: 0x00000104
allocation_type: 0 ()
section_offset: 0
view_size: 704512
base_address: 0x00400000
success 0 0
1619384503.078875
NtGetContextThread
thread_handle: 0x00000100
success 0 0
1619384503.078875
NtSetContextThread
thread_handle: 0x00000100
registers.eip: 0
registers.esp: 0
registers.edi: 0
registers.eax: 4893616
registers.ebp: 0
registers.edx: 0
registers.ebx: 2130567168
registers.esi: 0
registers.ecx: 0
process_identifier: 2732
success 0 0
1619384503.218875
NtResumeThread
thread_handle: 0x00000100
suspend_count: 1
process_identifier: 2732
success 0 0
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

1992-06-20 06:22:17

Imports

Library kernel32.dll:
0x46813c VirtualFree
0x468140 VirtualAlloc
0x468144 LocalFree
0x468148 LocalAlloc
0x46814c GetVersion
0x468150 GetCurrentThreadId
0x46815c VirtualQuery
0x468160 WideCharToMultiByte
0x468164 MultiByteToWideChar
0x468168 lstrlenA
0x46816c lstrcpynA
0x468170 LoadLibraryExA
0x468174 GetThreadLocale
0x468178 GetStartupInfoA
0x46817c GetProcAddress
0x468180 GetModuleHandleA
0x468184 GetModuleFileNameA
0x468188 GetLocaleInfoA
0x46818c GetCommandLineA
0x468190 FreeLibrary
0x468194 FindFirstFileA
0x468198 FindClose
0x46819c ExitProcess
0x4681a0 WriteFile
0x4681a8 RtlUnwind
0x4681ac RaiseException
0x4681b0 GetStdHandle
Library user32.dll:
0x4681b8 GetKeyboardType
0x4681bc LoadStringA
0x4681c0 MessageBoxA
0x4681c4 CharNextA
Library advapi32.dll:
0x4681cc RegQueryValueExA
0x4681d0 RegOpenKeyExA
0x4681d4 RegCloseKey
Library oleaut32.dll:
0x4681dc SysFreeString
0x4681e0 SysReAllocStringLen
0x4681e4 SysAllocStringLen
Library kernel32.dll:
0x4681ec TlsSetValue
0x4681f0 TlsGetValue
0x4681f4 LocalAlloc
0x4681f8 GetModuleHandleA
Library advapi32.dll:
0x468200 RegQueryValueExA
0x468204 RegOpenKeyExA
0x468208 RegCloseKey
Library kernel32.dll:
0x468210 lstrcpyA
0x468214 WriteFile
0x468218 WaitForSingleObject
0x46821c VirtualQuery
0x468220 VirtualAlloc
0x468224 Sleep
0x468228 SizeofResource
0x46822c SetThreadLocale
0x468230 SetFilePointer
0x468234 SetEvent
0x468238 SetErrorMode
0x46823c SetEndOfFile
0x468240 ResetEvent
0x468244 ReadFile
0x468248 MulDiv
0x46824c LockResource
0x468250 LoadResource
0x468254 LoadLibraryA
0x468260 GlobalUnlock
0x468264 GlobalReAlloc
0x468268 GlobalHandle
0x46826c GlobalLock
0x468270 GlobalFree
0x468274 GlobalFindAtomA
0x468278 GlobalDeleteAtom
0x46827c GlobalAlloc
0x468280 GlobalAddAtomA
0x468284 GetVersionExA
0x468288 GetVersion
0x46828c GetTickCount
0x468290 GetThreadLocale
0x468294 GetSystemInfo
0x468298 GetStringTypeExA
0x46829c GetStdHandle
0x4682a0 GetProcAddress
0x4682a4 GetModuleHandleA
0x4682a8 GetModuleFileNameA
0x4682ac GetLocaleInfoA
0x4682b0 GetLocalTime
0x4682b4 GetLastError
0x4682b8 GetFullPathNameA
0x4682bc GetDiskFreeSpaceA
0x4682c0 GetDateFormatA
0x4682c4 GetCurrentThreadId
0x4682c8 GetCurrentProcessId
0x4682cc GetCPInfo
0x4682d0 GetACP
0x4682d4 FreeResource
0x4682d8 InterlockedExchange
0x4682dc FreeLibrary
0x4682e0 FormatMessageA
0x4682e4 FindResourceA
0x4682e8 EnumCalendarInfoA
0x4682f4 CreateThread
0x4682f8 CreateFileA
0x4682fc CreateEventA
0x468300 CompareStringA
0x468304 CloseHandle
Library version.dll:
0x46830c VerQueryValueA
0x468314 GetFileVersionInfoA
Library gdi32.dll:
0x46831c UnrealizeObject
0x468320 StretchBlt
0x468324 SetWindowOrgEx
0x468328 SetViewportOrgEx
0x46832c SetTextColor
0x468330 SetStretchBltMode
0x468334 SetROP2
0x468338 SetPixel
0x46833c SetDIBColorTable
0x468340 SetBrushOrgEx
0x468344 SetBkMode
0x468348 SetBkColor
0x46834c SelectPalette
0x468350 SelectObject
0x468354 SelectClipRgn
0x468358 SaveDC
0x46835c RestoreDC
0x468360 Rectangle
0x468364 RectVisible
0x468368 RealizePalette
0x46836c PatBlt
0x468370 MoveToEx
0x468374 MaskBlt
0x468378 LineTo
0x46837c IntersectClipRect
0x468380 GetWindowOrgEx
0x468384 GetTextMetricsA
0x468390 GetStockObject
0x468394 GetPixel
0x468398 GetPaletteEntries
0x46839c GetObjectA
0x4683a0 GetDeviceCaps
0x4683a4 GetDIBits
0x4683a8 GetDIBColorTable
0x4683ac GetDCOrgEx
0x4683b4 GetClipBox
0x4683b8 GetBrushOrgEx
0x4683bc GetBitmapBits
0x4683c0 ExcludeClipRect
0x4683c4 DeleteObject
0x4683c8 DeleteDC
0x4683cc CreateSolidBrush
0x4683d0 CreatePenIndirect
0x4683d4 CreatePen
0x4683d8 CreatePalette
0x4683e0 CreateFontIndirectA
0x4683e4 CreateDIBitmap
0x4683e8 CreateDIBSection
0x4683ec CreateCompatibleDC
0x4683f4 CreateBrushIndirect
0x4683f8 CreateBitmap
0x4683fc BitBlt
Library user32.dll:
0x468404 CreateWindowExA
0x468408 WindowFromPoint
0x46840c WinHelpA
0x468410 WaitMessage
0x468414 ValidateRect
0x468418 UpdateWindow
0x46841c UnregisterClassA
0x468420 UnhookWindowsHookEx
0x468424 TranslateMessage
0x46842c TrackPopupMenu
0x468434 ShowWindow
0x468438 ShowScrollBar
0x46843c ShowOwnedPopups
0x468440 ShowCursor
0x468444 SetWindowsHookExA
0x468448 SetWindowPos
0x46844c SetWindowPlacement
0x468450 SetWindowLongA
0x468454 SetTimer
0x468458 SetScrollRange
0x46845c SetScrollPos
0x468460 SetScrollInfo
0x468464 SetRect
0x468468 SetPropA
0x46846c SetParent
0x468470 SetMenuItemInfoA
0x468474 SetMenu
0x468478 SetForegroundWindow
0x46847c SetFocus
0x468480 SetCursor
0x468484 SetClassLongA
0x468488 SetCapture
0x46848c SetActiveWindow
0x468490 SendMessageA
0x468494 ScrollWindow
0x468498 ScreenToClient
0x46849c RemovePropA
0x4684a0 RemoveMenu
0x4684a4 ReleaseDC
0x4684a8 ReleaseCapture
0x4684b4 RegisterClassA
0x4684b8 RedrawWindow
0x4684bc PtInRect
0x4684c0 PostQuitMessage
0x4684c4 PostMessageA
0x4684c8 PeekMessageA
0x4684cc OffsetRect
0x4684d0 OemToCharA
0x4684d4 MessageBoxA
0x4684d8 MapWindowPoints
0x4684dc MapVirtualKeyA
0x4684e0 LoadStringA
0x4684e4 LoadKeyboardLayoutA
0x4684e8 LoadIconA
0x4684ec LoadCursorA
0x4684f0 LoadBitmapA
0x4684f4 KillTimer
0x4684f8 IsZoomed
0x4684fc IsWindowVisible
0x468500 IsWindowEnabled
0x468504 IsWindow
0x468508 IsRectEmpty
0x46850c IsIconic
0x468510 IsDialogMessageA
0x468514 IsChild
0x468518 InvalidateRect
0x46851c IntersectRect
0x468520 InsertMenuItemA
0x468524 InsertMenuA
0x468528 InflateRect
0x468530 GetWindowTextA
0x468534 GetWindowRect
0x468538 GetWindowPlacement
0x46853c GetWindowLongA
0x468540 GetWindowDC
0x468544 GetTopWindow
0x468548 GetSystemMetrics
0x46854c GetSystemMenu
0x468550 GetSysColorBrush
0x468554 GetSysColor
0x468558 GetSubMenu
0x46855c GetScrollRange
0x468560 GetScrollPos
0x468564 GetScrollInfo
0x468568 GetPropA
0x46856c GetParent
0x468570 GetWindow
0x468574 GetMenuStringA
0x468578 GetMenuState
0x46857c GetMenuItemInfoA
0x468580 GetMenuItemID
0x468584 GetMenuItemCount
0x468588 GetMenu
0x46858c GetLastActivePopup
0x468590 GetKeyboardState
0x468598 GetKeyboardLayout
0x46859c GetKeyState
0x4685a0 GetKeyNameTextA
0x4685a4 GetIconInfo
0x4685a8 GetForegroundWindow
0x4685ac GetFocus
0x4685b0 GetDlgItem
0x4685b4 GetDesktopWindow
0x4685b8 GetDCEx
0x4685bc GetDC
0x4685c0 GetCursorPos
0x4685c4 GetCursor
0x4685c8 GetClientRect
0x4685cc GetClassNameA
0x4685d0 GetClassInfoA
0x4685d4 GetCapture
0x4685d8 GetActiveWindow
0x4685dc FrameRect
0x4685e0 FindWindowA
0x4685e4 FillRect
0x4685e8 EqualRect
0x4685ec EnumWindows
0x4685f0 EnumThreadWindows
0x4685f4 EndPaint
0x4685f8 EnableWindow
0x4685fc EnableScrollBar
0x468600 EnableMenuItem
0x468604 DrawTextA
0x468608 DrawMenuBar
0x46860c DrawIconEx
0x468610 DrawIcon
0x468614 DrawFrameControl
0x468618 DrawFocusRect
0x46861c DrawEdge
0x468620 DispatchMessageA
0x468624 DestroyWindow
0x468628 DestroyMenu
0x46862c DestroyIcon
0x468630 DestroyCursor
0x468634 DeleteMenu
0x468638 DefWindowProcA
0x46863c DefMDIChildProcA
0x468640 DefFrameProcA
0x468644 CreatePopupMenu
0x468648 CreateMenu
0x46864c CreateIcon
0x468650 ClientToScreen
0x468654 CheckMenuItem
0x468658 CallWindowProcA
0x46865c CallNextHookEx
0x468660 BeginPaint
0x468664 CharNextA
0x468668 CharLowerA
0x46866c CharToOemA
0x468670 AdjustWindowRectEx
Library kernel32.dll:
0x46867c Sleep
Library oleaut32.dll:
0x468684 SafeArrayPtrOfIndex
0x468688 SafeArrayGetUBound
0x46868c SafeArrayGetLBound
0x468690 SafeArrayCreate
0x468694 VariantChangeType
0x468698 VariantCopy
0x46869c VariantClear
0x4686a0 VariantInit
Library comctl32.dll:
0x4686b0 ImageList_Write
0x4686b4 ImageList_Read
0x4686c4 ImageList_DragMove
0x4686c8 ImageList_DragLeave
0x4686cc ImageList_DragEnter
0x4686d0 ImageList_EndDrag
0x4686d4 ImageList_BeginDrag
0x4686d8 ImageList_Remove
0x4686dc ImageList_DrawEx
0x4686e0 ImageList_Draw
0x4686f0 ImageList_Add
0x4686f8 ImageList_Destroy
0x4686fc ImageList_Create
0x468700 InitCommonControls
Library comdlg32.dll:
0x468708 GetOpenFileNameA

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 49235 114.114.114.114 53
192.168.56.101 53657 114.114.114.114 53
192.168.56.101 55368 114.114.114.114 53
192.168.56.101 60215 114.114.114.114 53
192.168.56.101 63429 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 123 20.189.79.72 time.windows.com 123
192.168.56.101 50002 224.0.0.252 5355
192.168.56.101 50534 224.0.0.252 5355
192.168.56.101 51808 224.0.0.252 5355
192.168.56.101 51963 224.0.0.252 5355
192.168.56.101 56539 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 57756 224.0.0.252 5355
192.168.56.101 57874 224.0.0.252 5355
192.168.56.101 60384 224.0.0.252 5355
192.168.56.101 61680 224.0.0.252 5355
192.168.56.101 1900 239.255.255.250 1900
192.168.56.101 49236 239.255.255.250 3702

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.