7.8
高危
46 个模型检测该样本为恶意!
重新分析
更多

0e4c2418a4a004f8979eca3b4e3dcf0b583cec1abc3aa3ca9f1838fd1a37803b

41ede1dbf8cb6f36170382d78651f2df.exe

分析耗时

79s

最近分析

文件大小

804.0KB
静态报毒 动态报毒 100% 1Z4M4UEO AI SCORE=86 BANKERX CLASSIC CONFIDENCE EMOTET GENCIRC GENERICKD GENETIC HIGH CONFIDENCE HSANLA KRYPTIK MALWARE@#3HKZDKANVHN8 PNDVQ POSSIBLETHREAT QVM41 R + TROJ R347919 TALM UNSAFE YY0@AGDOWNPK ZEXTET 更多
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
McAfee Emotet-FRV!41EDE1DBF8CB 20201027 6.0.6.653
CrowdStrike win/malicious_confidence_100% (W) 20190702 1.0
Baidu 20190318 1.0.0.2
Alibaba Trojan:Win32/Emotet.2019ee67 20190527 0.3.0.5
Tencent Malware.Win32.Gencirc.10cde862 20201027 1.0.0.1
Kingsoft 20201027 2013.8.14.323
Avast Win32:BankerX-gen [Trj] 20201027 18.4.3895.0
静态指标
Queries for the computername (1 个事件)
Time & API Arguments Status Return Repeated
1620947351.697876
GetComputerNameA
computer_name: OSKAR-PC
success 1 0
Uses Windows APIs to generate a cryptographic key (3 个事件)
Time & API Arguments Status Return Repeated
1620947342.713876
CryptGenKey
crypto_handle: 0x00687210
algorithm_identifier: 0x0000660e ()
provider_handle: 0x00686530
flags: 1
key: fÿg5 _NÄ Î‚²gTl
success 1 0
1620947351.713876
CryptExportKey
crypto_handle: 0x00687210
crypto_export_handle: 0x006864f0
buffer: f¤üâXÔ_‚@y˜æ±ëå ¤Î|Ç5©;¥ÜJÄBz2gùá’wlj& ßÐÙýÇ«V¶níN5)EÌuÓõ IpUú«&¡ö‰6VïþòY#(§Æþl¥Fz/ ¼êR?·¡vb
blob_type: 1
flags: 64
success 1 0
1620947386.197876
CryptExportKey
crypto_handle: 0x00687210
crypto_export_handle: 0x006864f0
buffer: f¤ÂͧÚ4q.h¤_•õ2­ÉÒpYË&ßX_“êe‚—G=lY "[.PdIYäIêjŧžÕa6±:—üvUIo€Ãò;n礿àÌ!©ï#‡Å¬ñÃK{¥:ÔW蛐c]S
blob_type: 1
flags: 64
success 1 0
This executable has a PDB path (1 个事件)
pdb_path c:\Users\Mr.Anderson\Desktop\2003\13.8.20\ExpandingCheck_demo\ExpCheckTest\Release\ExpCheckTest.pdb
The executable contains unknown PE section names indicative of a packer (could be a false positive) (1 个事件)
section .didat
行为判定
动态指标
Allocates read-write-execute memory (usually to unpack itself) (1 个事件)
Time & API Arguments Status Return Repeated
1620947341.807876
NtAllocateVirtualMemory
process_identifier: 912
region_size: 36864
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x005a0000
success 0 0
Searches running processes potentially to identify processes for sandbox evasion, code injection or memory dumping (42 个事件)
Checks adapter addresses which can be used to detect virtual network interfaces (1 个事件)
Time & API Arguments Status Return Repeated
1620947352.166876
GetAdaptersAddresses
flags: 0
family: 0
failed 111 0
The binary likely contains encrypted or compressed data indicative of a packer (1 个事件)
entropy 7.055206928533556 section {'size_of_data': '0x00001000', 'virtual_address': '0x00089000', 'entropy': 7.055206928533556, 'name': '.didat', 'virtual_size': '0x00000319'} description A section with a high entropy has been found
Expresses interest in specific running processes (1 个事件)
process 41ede1dbf8cb6f36170382d78651f2df.exe
Reads the systems User Agent and subsequently performs requests (1 个事件)
Time & API Arguments Status Return Repeated
1620947351.838876
InternetOpenW
proxy_bypass:
access_type: 0
proxy_name:
flags: 0
user_agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
success 13369348 0
网络通信
Communicates with host for which no DNS query was performed (3 个事件)
host 172.217.24.14
host 69.30.203.214
host 75.139.38.211
Sets or modifies WPAD proxy autoconfiguration file for traffic interception (8 个事件)
Time & API Arguments Status Return Repeated
1620947354.744876
RegSetValueExA
key_handle: 0x000003c8
value: 1
regkey_r: WpadDecisionReason
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionReason
success 0 0
1620947354.744876
RegSetValueExA
key_handle: 0x000003c8
value: €?€:<H×
regkey_r: WpadDecisionTime
reg_type: 3 (REG_BINARY)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionTime
success 0 0
1620947354.744876
RegSetValueExA
key_handle: 0x000003c8
value: 3
regkey_r: WpadDecision
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecision
success 0 0
1620947354.744876
RegSetValueExW
key_handle: 0x000003c8
value: 网络 2
regkey_r: WpadNetworkName
reg_type: 1 (REG_SZ)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadNetworkName
success 0 0
1620947354.744876
RegSetValueExA
key_handle: 0x000003e0
value: 1
regkey_r: WpadDecisionReason
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionReason
success 0 0
1620947354.744876
RegSetValueExA
key_handle: 0x000003e0
value: €?€:<H×
regkey_r: WpadDecisionTime
reg_type: 3 (REG_BINARY)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionTime
success 0 0
1620947354.744876
RegSetValueExA
key_handle: 0x000003e0
value: 3
regkey_r: WpadDecision
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecision
success 0 0
1620947354.775876
RegSetValueExW
key_handle: 0x000003c4
value: {40112ABE-63B3-43C3-BE93-1440EE3AF106}
regkey_r: WpadLastNetwork
reg_type: 1 (REG_SZ)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\WpadLastNetwork
success 0 0
Generates some ICMP traffic
File has been identified by 46 AntiVirus engines on VirusTotal as malicious (46 个事件)
Elastic malicious (high confidence)
MicroWorld-eScan Trojan.GenericKD.43669728
FireEye Generic.mg.41ede1dbf8cb6f36
McAfee Emotet-FRV!41EDE1DBF8CB
Cylance Unsafe
AegisLab Trojan.Win32.Emotet.L!c
Sangfor Malware
K7AntiVirus Trojan ( 0056e0651 )
BitDefender Trojan.GenericKD.43669728
K7GW Trojan ( 0056e0651 )
CrowdStrike win/malicious_confidence_100% (W)
Cyren W32/Trojan.TALM-1665
Symantec Trojan.Emotet
APEX Malicious
Paloalto generic.ml
ClamAV Win.Trojan.Emotet-9629277-0
Alibaba Trojan:Win32/Emotet.2019ee67
NANO-Antivirus Trojan.Win32.Emotet.hsanla
Tencent Malware.Win32.Gencirc.10cde862
Ad-Aware Trojan.GenericKD.43669728
Comodo Malware@#3hkzdkanvhn8
DrWeb Trojan.Emotet.999
VIPRE Trojan.Win32.Generic!BT
Invincea Mal/Generic-R + Troj/Emotet-CLB
McAfee-GW-Edition BehavesLike.Win32.Emotet.cm
Sophos Troj/Emotet-CLB
Jiangmin Backdoor.Emotet.qy
Avira TR/AD.Emotet.pndvq
Microsoft Trojan:Win32/Emotet.ARJ!MTB
Arcabit Trojan.Generic.D29A58E0
ZoneAlarm HEUR:Trojan-Banker.Win32.Emotet.pef
GData Trojan.GenericKD.43669728
TACHYON Backdoor/W32.Emotet.823296
AhnLab-V3 Trojan/Win32.Emotet.R347919
BitDefenderTheta Gen:NN.Zextet.34590.Yy0@aGdowNpk
MAX malware (ai score=86)
Panda Trj/Genetic.gen
ESET-NOD32 Win32/Emotet.CD
Rising Trojan.Kryptik!1.CA81 (CLASSIC)
Yandex Trojan.Agent!J//1Z4M4uEo
Ikarus Trojan-Banker.Emotet
Fortinet PossibleThreat.MU
Webroot W32.Trojan.Emotet
AVG Win32:BankerX-gen [Trj]
Avast Win32:BankerX-gen [Trj]
Qihoo-360 Generic/HEUR/QVM41.2.3E9F.Malware.Gen
Connects to IP addresses that are no longer responding to requests (legitimate services will remain up-and-running usually) (2 个事件)
dead_host 69.30.203.214:8080
dead_host 75.139.38.211:80
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

2020-08-14 22:13:09

Imports

Library KERNEL32.dll:
0x485f54 GetSystemInfo
0x485f58 VirtualQuery
0x485f5c GetStartupInfoA
0x485f60 GetCommandLineA
0x485f64 TerminateProcess
0x485f68 ExitThread
0x485f6c CreateThread
0x485f70 HeapReAlloc
0x485f74 HeapSize
0x485f78 LCMapStringA
0x485f7c LCMapStringW
0x485f80 FatalAppExitA
0x485f84 HeapDestroy
0x485f88 HeapCreate
0x485f8c VirtualFree
0x485f90 IsBadWritePtr
0x485f94 GetStdHandle
0x485fac VirtualAlloc
0x485fb0 GetFileType
0x485fb8 GetTickCount
0x485fbc GetCurrentProcessId
0x485fc8 GetStringTypeA
0x485fcc GetStringTypeW
0x485fd4 IsBadReadPtr
0x485fd8 IsBadCodePtr
0x485fdc GetTimeFormatA
0x485fe0 GetDateFormatA
0x485fe4 GetUserDefaultLCID
0x485fe8 EnumSystemLocalesA
0x485fec IsValidLocale
0x485ff0 IsValidCodePage
0x485ff8 SetStdHandle
0x485ffc GetLocaleInfoW
0x486004 VirtualProtect
0x486008 HeapFree
0x48600c HeapAlloc
0x486010 RtlUnwind
0x486014 GetDiskFreeSpaceA
0x486018 GetTempFileNameA
0x48601c LocalLock
0x486020 LocalUnlock
0x486024 GetFileTime
0x486028 GetFileAttributesA
0x48602c SetFileAttributesA
0x486030 SetFileTime
0x48603c SetErrorMode
0x486048 GetShortPathNameA
0x48604c CreateFileA
0x486050 GetFullPathNameA
0x486058 FindFirstFileA
0x48605c FindClose
0x486060 GetCurrentProcess
0x486064 DuplicateHandle
0x486068 GetFileSize
0x48606c SetEndOfFile
0x486070 UnlockFile
0x486074 LockFile
0x486078 FlushFileBuffers
0x48607c SetFilePointer
0x486080 WriteFile
0x486084 ReadFile
0x486088 DeleteFileA
0x48608c MoveFileA
0x4860a0 GetOEMCP
0x4860a4 GetCPInfo
0x4860ac GlobalFlags
0x4860b0 TlsFree
0x4860b4 LocalReAlloc
0x4860b8 TlsSetValue
0x4860bc TlsAlloc
0x4860c0 TlsGetValue
0x4860c8 GlobalHandle
0x4860cc GlobalReAlloc
0x4860d4 LocalAlloc
0x4860d8 CopyFileA
0x4860dc GlobalSize
0x4860e0 FormatMessageA
0x4860e4 LocalFree
0x4860ec GlobalFree
0x4860f0 CreateEventA
0x4860f4 SuspendThread
0x4860f8 SetEvent
0x4860fc WaitForSingleObject
0x486100 ResumeThread
0x486104 SetThreadPriority
0x486108 CloseHandle
0x48610c SizeofResource
0x486110 GetCurrentThread
0x486114 GlobalAlloc
0x486118 GetModuleFileNameA
0x486124 lstrcpyA
0x486128 lstrcmpA
0x48612c GlobalLock
0x486130 GlobalUnlock
0x486134 MulDiv
0x486140 RaiseException
0x486144 SetLastError
0x486148 FindResourceA
0x48614c LoadResource
0x486150 LockResource
0x486154 FreeResource
0x486158 GetCurrentThreadId
0x48615c GlobalGetAtomNameA
0x486160 GlobalAddAtomA
0x486164 GlobalFindAtomA
0x486168 GlobalDeleteAtom
0x48616c LoadLibraryA
0x486170 FreeLibrary
0x486174 lstrcatA
0x486178 lstrcmpW
0x48617c lstrcpynA
0x486180 GetModuleHandleA
0x486184 GetProcAddress
0x486188 GetStringTypeExW
0x48618c GetStringTypeExA
0x486198 CompareStringW
0x48619c CompareStringA
0x4861a0 lstrlenA
0x4861a4 lstrcmpiW
0x4861a8 lstrlenW
0x4861ac lstrcmpiA
0x4861b0 GetVersion
0x4861b4 GetLastError
0x4861b8 WideCharToMultiByte
0x4861bc MultiByteToWideChar
0x4861c0 GetVersionExA
0x4861c4 GetThreadLocale
0x4861c8 GetLocaleInfoA
0x4861cc GetACP
0x4861d0 InterlockedExchange
0x4861d4 SetHandleCount
0x4861d8 ExitProcess
Library USER32.dll:
0x4863e8 KillTimer
0x4863f0 MessageBeep
0x4863f8 GetDCEx
0x4863fc LockWindowUpdate
0x486400 GetSystemMenu
0x486404 SetParent
0x486408 InsertMenuItemA
0x48640c CreatePopupMenu
0x486410 SetRectEmpty
0x486414 BringWindowToTop
0x486418 SetMenu
0x486420 GetDialogBaseUnits
0x486424 DestroyIcon
0x486428 DeleteMenu
0x48642c WaitMessage
0x486434 ReleaseCapture
0x486438 WindowFromPoint
0x48643c SetCapture
0x486440 LoadCursorA
0x486444 GetSysColorBrush
0x486448 DestroyMenu
0x48644c GetMenuItemInfoA
0x486450 InflateRect
0x486454 GetMenuStringA
0x486458 AppendMenuA
0x48645c InsertMenuA
0x486460 RemoveMenu
0x486464 wsprintfA
0x486468 GetDesktopWindow
0x486470 GetNextDlgTabItem
0x486474 EndDialog
0x486478 GetMessageA
0x48647c TranslateMessage
0x486480 GetActiveWindow
0x486484 GetCursorPos
0x486488 ValidateRect
0x48648c ShowOwnedPopups
0x486490 SetCursor
0x486494 PostQuitMessage
0x486498 EndPaint
0x48649c BeginPaint
0x4864a0 GetWindowDC
0x4864a4 ReleaseDC
0x4864a8 GetDC
0x4864ac ClientToScreen
0x4864b0 GrayStringA
0x4864b4 DrawTextExA
0x4864b8 DrawTextA
0x4864bc TabbedTextOutA
0x4864c0 FillRect
0x4864c4 SetMenuItemBitmaps
0x4864c8 ModifyMenuA
0x4864cc EnableMenuItem
0x4864d0 CheckMenuItem
0x4864d8 LoadBitmapA
0x4864dc ScrollWindowEx
0x4864e0 IsWindowEnabled
0x4864e4 SetWindowTextA
0x4864e8 IsDialogMessageA
0x4864ec IsDlgButtonChecked
0x4864f0 SetDlgItemTextA
0x4864f4 SetDlgItemInt
0x4864f8 GetDlgItemTextA
0x4864fc SetTimer
0x486500 CheckRadioButton
0x486504 CheckDlgButton
0x48650c WinHelpA
0x486510 GetCapture
0x486514 CreateWindowExA
0x486518 SetWindowsHookExA
0x48651c CallNextHookEx
0x486520 GetClassLongA
0x486524 GetClassInfoExA
0x486528 GetClassNameA
0x48652c SetPropA
0x486530 GetPropA
0x486534 RemovePropA
0x486538 SendDlgItemMessageA
0x48653c GetFocus
0x486540 SetFocus
0x486544 IsChild
0x48654c GetWindowTextA
0x486550 GetForegroundWindow
0x486554 GetLastActivePopup
0x486558 SetActiveWindow
0x48655c DispatchMessageA
0x486560 BeginDeferWindowPos
0x486564 EndDeferWindowPos
0x486568 GetDlgItem
0x48656c GetTopWindow
0x486570 DestroyWindow
0x486574 GetWindowRect
0x486578 GetParent
0x48657c EnableWindow
0x486580 SendMessageA
0x486584 MoveWindow
0x486588 ShowWindow
0x48658c RedrawWindow
0x486590 GetWindowLongA
0x486594 EnumChildWindows
0x486598 IsWindow
0x48659c DrawIcon
0x4865a0 IsIconic
0x4865a4 GetClientRect
0x4865a8 LoadIconA
0x4865ac UnhookWindowsHookEx
0x4865b0 GetMessageTime
0x4865b4 GetMessagePos
0x4865b8 PeekMessageA
0x4865bc MapWindowPoints
0x4865c0 ScrollWindow
0x4865c4 MessageBoxA
0x4865c8 TrackPopupMenuEx
0x4865cc TrackPopupMenu
0x4865d0 GetKeyState
0x4865d4 SetScrollRange
0x4865d8 GetScrollRange
0x4865dc SetScrollPos
0x4865e0 GetScrollPos
0x4865e4 SetForegroundWindow
0x4865e8 SetRect
0x4865ec UnionRect
0x4865f0 IsRectEmpty
0x4865f4 MapVirtualKeyA
0x4865f8 GetKeyNameTextA
0x4865fc ShowScrollBar
0x486600 IsWindowVisible
0x486604 UpdateWindow
0x486608 GetMenu
0x48660c PostMessageA
0x486610 GetSubMenu
0x486614 GetMenuItemID
0x486618 GetMenuItemCount
0x48661c GetSysColor
0x486620 AdjustWindowRectEx
0x486624 ScreenToClient
0x486628 EqualRect
0x48662c LoadMenuA
0x486630 UnpackDDElParam
0x486634 ReuseDDElParam
0x486638 LoadAcceleratorsA
0x48663c GetDlgItemInt
0x486640 InvalidateRect
0x486644 GetSystemMetrics
0x486648 CharLowerA
0x48664c CharLowerW
0x486650 CharUpperA
0x486654 CharUpperW
0x486658 GetWindow
0x48665c PtInRect
0x486660 CopyRect
0x486664 GetWindowPlacement
0x48666c IntersectRect
0x486670 OffsetRect
0x486674 SetWindowPos
0x486678 SetWindowLongA
0x48667c CallWindowProcA
0x486680 DefWindowProcA
0x486684 GetDlgCtrlID
0x486688 SetWindowPlacement
0x48668c DeferWindowPos
0x486690 GetScrollInfo
0x486694 SetScrollInfo
0x486698 GetClassInfoA
0x48669c RegisterClassA
0x4866a0 UnregisterClassA
0x4866a4 GetMenuState
Library GDI32.dll:
0x485d78 ExtCreatePen
0x485d7c CreateSolidBrush
0x485d80 CreateHatchBrush
0x485d84 CopyMetaFileA
0x485d88 CreateDCA
0x485d8c CreateFontIndirectA
0x485d98 SetRectRgn
0x485d9c CombineRgn
0x485da0 GetMapMode
0x485da4 PatBlt
0x485da8 CreatePen
0x485dac GetTextMetricsA
0x485db4 StretchDIBits
0x485db8 GetCharWidthA
0x485dbc CreateFontA
0x485dc0 GetBkColor
0x485dc4 StartPage
0x485dc8 EndPage
0x485dcc SetAbortProc
0x485dd0 AbortDoc
0x485dd4 EndDoc
0x485dd8 GetDeviceCaps
0x485ddc PlayMetaFile
0x485de0 EnumMetaFile
0x485de4 GetObjectType
0x485de8 PlayMetaFileRecord
0x485dec SelectPalette
0x485df0 GetStockObject
0x485df4 CreateCompatibleDC
0x485df8 CreatePatternBrush
0x485e00 DeleteDC
0x485e04 ExtSelectClipRgn
0x485e08 PolyBezierTo
0x485e0c PolylineTo
0x485e10 PolyDraw
0x485e14 ArcTo
0x485e18 SelectObject
0x485e20 ScaleWindowExtEx
0x485e24 SetWindowExtEx
0x485e28 OffsetWindowOrgEx
0x485e2c SetWindowOrgEx
0x485e30 ScaleViewportExtEx
0x485e34 SetViewportExtEx
0x485e38 OffsetViewportOrgEx
0x485e3c DPtoLP
0x485e40 GetDCOrgEx
0x485e44 Escape
0x485e48 ExtTextOutA
0x485e4c TextOutA
0x485e50 RectVisible
0x485e54 PtVisible
0x485e58 StartDocA
0x485e5c GetPixel
0x485e60 BitBlt
0x485e64 GetWindowExtEx
0x485e68 GetViewportExtEx
0x485e6c SelectClipPath
0x485e70 CreateRectRgn
0x485e74 GetClipRgn
0x485e78 SelectClipRgn
0x485e7c DeleteObject
0x485e80 SetColorAdjustment
0x485e84 SetArcDirection
0x485e88 SetMapperFlags
0x485e94 SetTextAlign
0x485e98 MoveToEx
0x485e9c LineTo
0x485ea0 OffsetClipRgn
0x485ea4 IntersectClipRect
0x485ea8 ExcludeClipRect
0x485eac SetMapMode
0x485eb0 SetStretchBltMode
0x485eb4 SetROP2
0x485eb8 SetPolyFillMode
0x485ebc SetBkMode
0x485ec0 RestoreDC
0x485ec4 SaveDC
0x485ec8 CreateBitmap
0x485ecc GetObjectA
0x485ed0 SetBkColor
0x485ed4 SetTextColor
0x485ed8 GetClipBox
0x485edc SetViewportOrgEx
Library comdlg32.dll:
0x48679c PageSetupDlgA
0x4867a0 FindTextA
0x4867a4 ReplaceTextA
0x4867a8 GetOpenFileNameA
0x4867ac GetSaveFileNameA
0x4867b4 PrintDlgA
0x4867b8 GetFileTitleA
Library WINSPOOL.DRV:
0x486760 GetJobA
0x486764 OpenPrinterA
0x486768 DocumentPropertiesA
0x48676c ClosePrinter
Library ADVAPI32.dll:
0x485cac SetFileSecurityA
0x485cb0 RegQueryValueExA
0x485cb4 RegOpenKeyExA
0x485cb8 RegDeleteKeyA
0x485cbc RegEnumKeyA
0x485cc0 RegOpenKeyA
0x485cc4 RegQueryValueA
0x485cc8 RegSetValueA
0x485ccc RegCreateKeyExA
0x485cd0 RegSetValueExA
0x485cd4 RegDeleteValueA
0x485cd8 GetFileSecurityA
0x485cdc RegCloseKey
0x485ce0 RegCreateKeyA
Library SHELL32.dll:
0x486368 SHGetFileInfoA
0x48636c DragFinish
0x486370 DragQueryFileA
0x486374 ExtractIconA
Library COMCTL32.dll:
0x485d18
0x485d1c ImageList_Draw
0x485d24
0x485d28 ImageList_Read
0x485d2c ImageList_Write
0x485d30
0x485d34 ImageList_Destroy
0x485d38 ImageList_Create
0x485d40 ImageList_Merge
Library SHLWAPI.dll:
0x4863a8 PathFindFileNameA
0x4863ac PathStripToRootA
0x4863b0 PathFindExtensionA
0x4863b4 PathIsUNCA
Library ole32.dll:
0x4867ec WriteFmtUserTypeStg
0x4867f0 WriteClassStg
0x4867f4 CoTaskMemFree
0x4867f8 OleRegGetUserType
0x4867fc ReadFmtUserTypeStg
0x486800 ReadClassStg
0x486804 StringFromCLSID
0x486808 CoTreatAsClass
0x48680c CreateBindCtx
0x486810 CoTaskMemAlloc
0x486814 ReleaseStgMedium
0x486818 OleDuplicateData
0x48681c CoDisconnectObject
0x486820 CoCreateInstance
0x486824 StringFromGUID2
0x486828 CLSIDFromString
0x48682c SetConvertStg
Library OLEAUT32.dll:
0x486288 VariantClear
0x48628c VariantChangeType
0x486290 VariantInit
0x486294 SysAllocStringLen
0x486298 SysFreeString
0x48629c SysStringLen
0x4862a4 SysStringByteLen
0x4862ac SafeArrayAccessData
0x4862b0 SafeArrayGetUBound
0x4862b4 SafeArrayGetLBound
0x4862bc SafeArrayGetDim
0x4862c0 SafeArrayCreate
0x4862c4 SafeArrayRedim
0x4862c8 VariantCopy
0x4862cc SafeArrayAllocData
0x4862d4 SafeArrayCopy
0x4862d8 SafeArrayGetElement
0x4862dc SafeArrayPtrOfIndex
0x4862e0 SafeArrayPutElement
0x4862e4 SafeArrayLock
0x4862e8 SafeArrayUnlock
0x4862ec SafeArrayDestroy
0x486300 SysAllocString
0x486304 SysReAllocStringLen
0x486308 VarDateFromStr
0x48630c VarBstrFromDec
0x486310 VarDecFromStr
0x486314 VarCyFromStr
0x486318 VarBstrFromCy
0x48631c VarBstrFromDate

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 49713 114.114.114.114 53
192.168.56.101 50002 114.114.114.114 53
192.168.56.101 53657 114.114.114.114 53
192.168.56.101 60384 114.114.114.114 53
192.168.56.101 62318 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 123 20.189.79.72 time.windows.com 123
192.168.56.101 49235 224.0.0.252 5355
192.168.56.101 50534 224.0.0.252 5355
192.168.56.101 51808 224.0.0.252 5355
192.168.56.101 51963 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 57756 224.0.0.252 5355
192.168.56.101 57874 224.0.0.252 5355
192.168.56.101 61680 224.0.0.252 5355
192.168.56.101 62191 224.0.0.252 5355
192.168.56.101 63429 224.0.0.252 5355
192.168.56.101 1900 239.255.255.250 1900
192.168.56.101 49238 239.255.255.250 1900

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.