6.6
高危
56 个模型检测该样本为恶意!
重新分析
更多

25aad59724929aafa017a12396ede5d20f51e2660f77441ec4e22921c249e364

42f37ec4e71bf31344a607577c392e39.exe

分析耗时

88s

最近分析

文件大小

588.0KB
静态报毒 动态报毒 100% AGEN AI SCORE=82 AIDETECT CLASSIC CONFIDENCE ELDORADO EMOTET GENCIRC GENERICKDZ GENETIC HFMY HIGH CONFIDENCE HRVQKM HYKCEPSA KRYPTIK MALWARE2 MALWARE@#115QZRBGPVOPK P8TD43ODTYK R + TROJ R347788 SCORE SMTHH SUSGEN UNSAFE 更多
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
CrowdStrike win/malicious_confidence_100% (W) 20210203 1.0
Alibaba Trojan:Win32/Emotet.adb980ed 20190527 0.3.0.5
Baidu 20190318 1.0.0.2
Avast Win32:Trojan-gen 20210318 21.1.5827.0
Tencent Malware.Win32.Gencirc.10cde802 20210318 1.0.0.1
Kingsoft 20210318 2017.9.26.565
McAfee Emotet-FRV!42F37EC4E71B 20210318 6.0.6.653
静态指标
Queries for the computername (1 个事件)
Time & API Arguments Status Return Repeated
1620966312.227375
GetComputerNameA
computer_name: OSKAR-PC
success 1 0
Uses Windows APIs to generate a cryptographic key (3 个事件)
Time & API Arguments Status Return Repeated
1620966299.540375
CryptGenKey
crypto_handle: 0x003576a0
algorithm_identifier: 0x0000660e ()
provider_handle: 0x00356938
flags: 1
key: fXûn¾F®6¤óü¦3(Ç
success 1 0
1620966312.243375
CryptExportKey
crypto_handle: 0x003576a0
crypto_export_handle: 0x003568f8
buffer: f¤AMÔ1rUÌ®ƒ£Èë!‹óSûc“ ð^+¡2P±£D_uð"­kÛÖÛORw°vÍ"hc½à ZsÇ% ËËip­ø÷·§–ƒm°üÆl§…]#´
blob_type: 1
flags: 64
success 1 0
1620966347.915375
CryptExportKey
crypto_handle: 0x003576a0
crypto_export_handle: 0x003568f8
buffer: f¤í)k!ò $huGÙC@ð.åoë2'¿¦išõᨚt.¨ä¡ü:Œ6±÷Õ;€©ª¦©ºƒ »@´æEfÇ=š@,(!81¼ÇFBUòÞO!‘¶ÿÝÛõ¸Ÿ¬U“‹
blob_type: 1
flags: 64
success 1 0
This executable has a PDB path (1 个事件)
pdb_path c:\Users\Mr.Anderson\Desktop\2003\12.8.20\ListBoxCH_demo\ListBoxCHDemo\Release\ListBoxCHDemo.pdb
The file contains an unknown PE resource name possibly indicative of a packer (1 个事件)
resource name None
行为判定
动态指标
Allocates read-write-execute memory (usually to unpack itself) (1 个事件)
Time & API Arguments Status Return Repeated
1620966298.883375
NtAllocateVirtualMemory
process_identifier: 200
region_size: 36864
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x01eb0000
success 0 0
Foreign language identified in PE resource (42 个事件)
name RT_ICON language LANG_CHINESE offset 0x00082f50 filetype dBase IV DBT of @.DBF, block length 512, next free block index 40, next free block 0, next used block 0 sublanguage SUBLANG_CHINESE_TRADITIONAL size 0x000002e8
name RT_ICON language LANG_CHINESE offset 0x00082f50 filetype dBase IV DBT of @.DBF, block length 512, next free block index 40, next free block 0, next used block 0 sublanguage SUBLANG_CHINESE_TRADITIONAL size 0x000002e8
name RT_ICON language LANG_CHINESE offset 0x00082f50 filetype dBase IV DBT of @.DBF, block length 512, next free block index 40, next free block 0, next used block 0 sublanguage SUBLANG_CHINESE_TRADITIONAL size 0x000002e8
name RT_ICON language LANG_CHINESE offset 0x00082f50 filetype dBase IV DBT of @.DBF, block length 512, next free block index 40, next free block 0, next used block 0 sublanguage SUBLANG_CHINESE_TRADITIONAL size 0x000002e8
name RT_ICON language LANG_CHINESE offset 0x00082f50 filetype dBase IV DBT of @.DBF, block length 512, next free block index 40, next free block 0, next used block 0 sublanguage SUBLANG_CHINESE_TRADITIONAL size 0x000002e8
name RT_ICON language LANG_CHINESE offset 0x00082f50 filetype dBase IV DBT of @.DBF, block length 512, next free block index 40, next free block 0, next used block 0 sublanguage SUBLANG_CHINESE_TRADITIONAL size 0x000002e8
name RT_ICON language LANG_CHINESE offset 0x00082f50 filetype dBase IV DBT of @.DBF, block length 512, next free block index 40, next free block 0, next used block 0 sublanguage SUBLANG_CHINESE_TRADITIONAL size 0x000002e8
name RT_ICON language LANG_CHINESE offset 0x00082f50 filetype dBase IV DBT of @.DBF, block length 512, next free block index 40, next free block 0, next used block 0 sublanguage SUBLANG_CHINESE_TRADITIONAL size 0x000002e8
name RT_ICON language LANG_CHINESE offset 0x00082f50 filetype dBase IV DBT of @.DBF, block length 512, next free block index 40, next free block 0, next used block 0 sublanguage SUBLANG_CHINESE_TRADITIONAL size 0x000002e8
name RT_ICON language LANG_CHINESE offset 0x00082f50 filetype dBase IV DBT of @.DBF, block length 512, next free block index 40, next free block 0, next used block 0 sublanguage SUBLANG_CHINESE_TRADITIONAL size 0x000002e8
name RT_ICON language LANG_CHINESE offset 0x00082f50 filetype dBase IV DBT of @.DBF, block length 512, next free block index 40, next free block 0, next used block 0 sublanguage SUBLANG_CHINESE_TRADITIONAL size 0x000002e8
name RT_ICON language LANG_CHINESE offset 0x00082f50 filetype dBase IV DBT of @.DBF, block length 512, next free block index 40, next free block 0, next used block 0 sublanguage SUBLANG_CHINESE_TRADITIONAL size 0x000002e8
name RT_ICON language LANG_CHINESE offset 0x00082f50 filetype dBase IV DBT of @.DBF, block length 512, next free block index 40, next free block 0, next used block 0 sublanguage SUBLANG_CHINESE_TRADITIONAL size 0x000002e8
name RT_ICON language LANG_CHINESE offset 0x00082f50 filetype dBase IV DBT of @.DBF, block length 512, next free block index 40, next free block 0, next used block 0 sublanguage SUBLANG_CHINESE_TRADITIONAL size 0x000002e8
name RT_ICON language LANG_CHINESE offset 0x00082f50 filetype dBase IV DBT of @.DBF, block length 512, next free block index 40, next free block 0, next used block 0 sublanguage SUBLANG_CHINESE_TRADITIONAL size 0x000002e8
name RT_ICON language LANG_CHINESE offset 0x00082f50 filetype dBase IV DBT of @.DBF, block length 512, next free block index 40, next free block 0, next used block 0 sublanguage SUBLANG_CHINESE_TRADITIONAL size 0x000002e8
name RT_ICON language LANG_CHINESE offset 0x00082f50 filetype dBase IV DBT of @.DBF, block length 512, next free block index 40, next free block 0, next used block 0 sublanguage SUBLANG_CHINESE_TRADITIONAL size 0x000002e8
name RT_ICON language LANG_CHINESE offset 0x00082f50 filetype dBase IV DBT of @.DBF, block length 512, next free block index 40, next free block 0, next used block 0 sublanguage SUBLANG_CHINESE_TRADITIONAL size 0x000002e8
name RT_ICON language LANG_CHINESE offset 0x00082f50 filetype dBase IV DBT of @.DBF, block length 512, next free block index 40, next free block 0, next used block 0 sublanguage SUBLANG_CHINESE_TRADITIONAL size 0x000002e8
name RT_ICON language LANG_CHINESE offset 0x00082f50 filetype dBase IV DBT of @.DBF, block length 512, next free block index 40, next free block 0, next used block 0 sublanguage SUBLANG_CHINESE_TRADITIONAL size 0x000002e8
name RT_ICON language LANG_CHINESE offset 0x00082f50 filetype dBase IV DBT of @.DBF, block length 512, next free block index 40, next free block 0, next used block 0 sublanguage SUBLANG_CHINESE_TRADITIONAL size 0x000002e8
name RT_ICON language LANG_CHINESE offset 0x00082f50 filetype dBase IV DBT of @.DBF, block length 512, next free block index 40, next free block 0, next used block 0 sublanguage SUBLANG_CHINESE_TRADITIONAL size 0x000002e8
name RT_ICON language LANG_CHINESE offset 0x00082f50 filetype dBase IV DBT of @.DBF, block length 512, next free block index 40, next free block 0, next used block 0 sublanguage SUBLANG_CHINESE_TRADITIONAL size 0x000002e8
name RT_ICON language LANG_CHINESE offset 0x00082f50 filetype dBase IV DBT of @.DBF, block length 512, next free block index 40, next free block 0, next used block 0 sublanguage SUBLANG_CHINESE_TRADITIONAL size 0x000002e8
name RT_RCDATA language LANG_CHINESE offset 0x00083250 filetype data sublanguage SUBLANG_CHINESE_TRADITIONAL size 0x00008344
name RT_RCDATA language LANG_CHINESE offset 0x00083250 filetype data sublanguage SUBLANG_CHINESE_TRADITIONAL size 0x00008344
name RT_GROUP_ICON language LANG_CHINESE offset 0x00083238 filetype data sublanguage SUBLANG_CHINESE_TRADITIONAL size 0x00000014
name RT_GROUP_ICON language LANG_CHINESE offset 0x00083238 filetype data sublanguage SUBLANG_CHINESE_TRADITIONAL size 0x00000014
name RT_GROUP_ICON language LANG_CHINESE offset 0x00083238 filetype data sublanguage SUBLANG_CHINESE_TRADITIONAL size 0x00000014
name RT_GROUP_ICON language LANG_CHINESE offset 0x00083238 filetype data sublanguage SUBLANG_CHINESE_TRADITIONAL size 0x00000014
name RT_GROUP_ICON language LANG_CHINESE offset 0x00083238 filetype data sublanguage SUBLANG_CHINESE_TRADITIONAL size 0x00000014
name RT_GROUP_ICON language LANG_CHINESE offset 0x00083238 filetype data sublanguage SUBLANG_CHINESE_TRADITIONAL size 0x00000014
name RT_GROUP_ICON language LANG_CHINESE offset 0x00083238 filetype data sublanguage SUBLANG_CHINESE_TRADITIONAL size 0x00000014
name RT_GROUP_ICON language LANG_CHINESE offset 0x00083238 filetype data sublanguage SUBLANG_CHINESE_TRADITIONAL size 0x00000014
name RT_GROUP_ICON language LANG_CHINESE offset 0x00083238 filetype data sublanguage SUBLANG_CHINESE_TRADITIONAL size 0x00000014
name RT_GROUP_ICON language LANG_CHINESE offset 0x00083238 filetype data sublanguage SUBLANG_CHINESE_TRADITIONAL size 0x00000014
name RT_GROUP_ICON language LANG_CHINESE offset 0x00083238 filetype data sublanguage SUBLANG_CHINESE_TRADITIONAL size 0x00000014
name RT_GROUP_ICON language LANG_CHINESE offset 0x00083238 filetype data sublanguage SUBLANG_CHINESE_TRADITIONAL size 0x00000014
name RT_GROUP_ICON language LANG_CHINESE offset 0x00083238 filetype data sublanguage SUBLANG_CHINESE_TRADITIONAL size 0x00000014
name RT_GROUP_ICON language LANG_CHINESE offset 0x00083238 filetype data sublanguage SUBLANG_CHINESE_TRADITIONAL size 0x00000014
name RT_GROUP_ICON language LANG_CHINESE offset 0x00083238 filetype data sublanguage SUBLANG_CHINESE_TRADITIONAL size 0x00000014
name RT_GROUP_ICON language LANG_CHINESE offset 0x00083238 filetype data sublanguage SUBLANG_CHINESE_TRADITIONAL size 0x00000014
Checks adapter addresses which can be used to detect virtual network interfaces (1 个事件)
Time & API Arguments Status Return Repeated
1620966313.102375
GetAdaptersAddresses
flags: 0
family: 0
failed 111 0
Expresses interest in specific running processes (1 个事件)
process 42f37ec4e71bf31344a607577c392e39.exe
Reads the systems User Agent and subsequently performs requests (1 个事件)
Time & API Arguments Status Return Repeated
1620966312.524375
InternetOpenW
proxy_bypass:
access_type: 0
proxy_name:
flags: 0
user_agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
success 13369348 0
网络通信
Communicates with host for which no DNS query was performed (2 个事件)
host 174.102.48.180
host 192.210.135.126
Sets or modifies WPAD proxy autoconfiguration file for traffic interception (8 个事件)
Time & API Arguments Status Return Repeated
1620966315.696375
RegSetValueExA
key_handle: 0x000003c4
value: 1
regkey_r: WpadDecisionReason
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionReason
success 0 0
1620966315.696375
RegSetValueExA
key_handle: 0x000003c4
value: :%º~H×
regkey_r: WpadDecisionTime
reg_type: 3 (REG_BINARY)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionTime
success 0 0
1620966315.696375
RegSetValueExA
key_handle: 0x000003c4
value: 3
regkey_r: WpadDecision
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecision
success 0 0
1620966315.696375
RegSetValueExW
key_handle: 0x000003c4
value: 网络 2
regkey_r: WpadNetworkName
reg_type: 1 (REG_SZ)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadNetworkName
success 0 0
1620966315.696375
RegSetValueExA
key_handle: 0x000003dc
value: 1
regkey_r: WpadDecisionReason
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionReason
success 0 0
1620966315.696375
RegSetValueExA
key_handle: 0x000003dc
value: :%º~H×
regkey_r: WpadDecisionTime
reg_type: 3 (REG_BINARY)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionTime
success 0 0
1620966315.696375
RegSetValueExA
key_handle: 0x000003dc
value: 3
regkey_r: WpadDecision
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecision
success 0 0
1620966315.727375
RegSetValueExW
key_handle: 0x000003c0
value: {40112ABE-63B3-43C3-BE93-1440EE3AF106}
regkey_r: WpadLastNetwork
reg_type: 1 (REG_SZ)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\WpadLastNetwork
success 0 0
File has been identified by 56 AntiVirus engines on VirusTotal as malicious (50 out of 56 个事件)
Bkav W32.AIDetect.malware2
Elastic malicious (high confidence)
MicroWorld-eScan Trojan.GenericKDZ.69428
FireEye Generic.mg.42f37ec4e71bf313
ALYac Trojan.Agent.Emotet
Cylance Unsafe
Zillya Backdoor.Emotet.Win32.962
SUPERAntiSpyware Trojan.Agent/Gen-Emotet
Sangfor Trojan.Win32.Emotet.ARJ
CrowdStrike win/malicious_confidence_100% (W)
Alibaba Trojan:Win32/Emotet.adb980ed
K7GW Trojan ( 005600261 )
K7AntiVirus Trojan ( 005600261 )
Arcabit Trojan.Generic.D10F34
Cyren W32/Emotet.APR.gen!Eldorado
Symantec Trojan.Emotet
APEX Malicious
Avast Win32:Trojan-gen
ClamAV Win.Malware.Emotet-9759299-0
Kaspersky HEUR:Trojan-Banker.Win32.Emotet.pef
BitDefender Trojan.GenericKDZ.69428
NANO-Antivirus Trojan.Win32.Emotet.hrvqkm
Paloalto generic.ml
AegisLab Trojan.Win32.Emotet.L!c
Tencent Malware.Win32.Gencirc.10cde802
Ad-Aware ATI:Emotet.E8CD03E1
Sophos Mal/Generic-R + Troj/Emotet-CKZ
Comodo Malware@#115qzrbgpvopk
DrWeb Trojan.Emotet.999
VIPRE Trojan.Win32.Generic!BT
TrendMicro TrojanSpy.Win32.EMOTET.SMTHH.hp
McAfee-GW-Edition BehavesLike.Win32.Emotet.hh
MaxSecure Trojan.Malware.121218.susgen
Emsisoft Trojan.Emotet (A)
Ikarus Trojan-Banker.Emotet
Jiangmin Backdoor.Emotet.qt
Webroot W32.Trojan.Emotet
Avira HEUR/AGEN.1135033
MAX malware (ai score=82)
Gridinsoft Trojan.Win32.Emotet.oa
Microsoft Trojan:Win32/Emotet.ARJ!MTB
ViRobot Trojan.Win32.Emotet.602112
GData Trojan.GenericKDZ.69428
Cynet Malicious (score: 100)
AhnLab-V3 Trojan/Win32.Emotet.R347788
McAfee Emotet-FRV!42F37EC4E71B
TACHYON Banker/W32.Emotet.602112.C
Malwarebytes Trojan.MalPack.TRE
ESET-NOD32 a variant of Win32/Kryptik.HFMY
TrendMicro-HouseCall TrojanSpy.Win32.EMOTET.SMTHH.hp
Connects to IP addresses that are no longer responding to requests (legitimate services will remain up-and-running usually) (2 个事件)
dead_host 174.102.48.180:80
dead_host 192.210.135.126:8080
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

2020-08-13 05:07:58

Imports

Library KERNEL32.dll:
0x45a1e4 GetCommandLineA
0x45a1e8 RtlUnwind
0x45a1ec TerminateProcess
0x45a1f0 ExitThread
0x45a1f4 CreateThread
0x45a1f8 HeapReAlloc
0x45a1fc HeapSize
0x45a200 LCMapStringA
0x45a204 LCMapStringW
0x45a208 HeapDestroy
0x45a20c HeapCreate
0x45a210 VirtualFree
0x45a214 FatalAppExitA
0x45a218 IsBadWritePtr
0x45a21c GetStdHandle
0x45a234 GetStartupInfoA
0x45a238 GetFileType
0x45a240 GetCurrentProcessId
0x45a24c GetStringTypeA
0x45a250 GetStringTypeW
0x45a258 GetTimeFormatA
0x45a25c GetDateFormatA
0x45a260 GetUserDefaultLCID
0x45a264 EnumSystemLocalesA
0x45a268 IsValidLocale
0x45a26c IsValidCodePage
0x45a270 IsBadReadPtr
0x45a274 IsBadCodePtr
0x45a278 SetStdHandle
0x45a280 GetLocaleInfoW
0x45a288 VirtualQuery
0x45a28c GetSystemInfo
0x45a290 VirtualAlloc
0x45a294 VirtualProtect
0x45a298 HeapAlloc
0x45a29c HeapFree
0x45a2a0 GetDiskFreeSpaceA
0x45a2a4 GetTempFileNameA
0x45a2a8 LocalLock
0x45a2ac LocalUnlock
0x45a2b0 GetFileTime
0x45a2b4 GetFileAttributesA
0x45a2b8 SetFileAttributesA
0x45a2bc SetFileTime
0x45a2c8 GetTickCount
0x45a2cc SetErrorMode
0x45a2d8 GetShortPathNameA
0x45a2dc CreateFileA
0x45a2e0 GetFullPathNameA
0x45a2e8 FindFirstFileA
0x45a2ec FindClose
0x45a2f0 GetCurrentProcess
0x45a2f4 DuplicateHandle
0x45a2f8 GetFileSize
0x45a2fc SetEndOfFile
0x45a300 UnlockFile
0x45a304 LockFile
0x45a308 FlushFileBuffers
0x45a30c SetFilePointer
0x45a310 WriteFile
0x45a314 ReadFile
0x45a318 DeleteFileA
0x45a31c MoveFileA
0x45a330 GetOEMCP
0x45a334 GetCPInfo
0x45a33c GlobalFlags
0x45a340 TlsFree
0x45a344 LocalReAlloc
0x45a348 TlsSetValue
0x45a34c TlsAlloc
0x45a350 TlsGetValue
0x45a358 GlobalHandle
0x45a35c GlobalReAlloc
0x45a364 LocalAlloc
0x45a370 RaiseException
0x45a374 CopyFileA
0x45a378 GlobalSize
0x45a37c FormatMessageA
0x45a380 LocalFree
0x45a388 CreateEventA
0x45a38c SuspendThread
0x45a390 SetEvent
0x45a394 WaitForSingleObject
0x45a398 ResumeThread
0x45a39c SetThreadPriority
0x45a3a0 CloseHandle
0x45a3a4 GlobalFree
0x45a3a8 GetCurrentThread
0x45a3ac GlobalAlloc
0x45a3b0 lstrcmpA
0x45a3b4 GetModuleFileNameA
0x45a3c0 GlobalLock
0x45a3c4 GlobalUnlock
0x45a3c8 MulDiv
0x45a3cc SetLastError
0x45a3d0 FreeResource
0x45a3d4 GetCurrentThreadId
0x45a3d8 GlobalGetAtomNameA
0x45a3dc GlobalAddAtomA
0x45a3e0 GlobalFindAtomA
0x45a3e4 GlobalDeleteAtom
0x45a3e8 LoadLibraryA
0x45a3ec FreeLibrary
0x45a3f0 lstrcatA
0x45a3f4 lstrcmpW
0x45a3f8 lstrcpynA
0x45a3fc GetModuleHandleA
0x45a400 GetProcAddress
0x45a404 GetVersion
0x45a408 CompareStringA
0x45a40c lstrcmpiW
0x45a410 lstrcmpiA
0x45a414 GetLastError
0x45a418 GetStringTypeExA
0x45a41c lstrlenW
0x45a420 MultiByteToWideChar
0x45a424 CompareStringW
0x45a42c GetStringTypeExW
0x45a434 ExitProcess
0x45a438 FindResourceA
0x45a43c LoadResource
0x45a440 LockResource
0x45a444 SizeofResource
0x45a448 WideCharToMultiByte
0x45a44c GetVersionExA
0x45a450 GetThreadLocale
0x45a454 GetLocaleInfoA
0x45a458 GetACP
0x45a45c InterlockedExchange
0x45a460 lstrlenA
0x45a464 SetHandleCount
0x45a468 lstrcpyA
0x45a46c Sleep
Library USER32.dll:
0x45a544 UnionRect
0x45a548 PostThreadMessageA
0x45a54c SetTimer
0x45a550 KillTimer
0x45a55c GetDCEx
0x45a560 LockWindowUpdate
0x45a564 SetParent
0x45a568 MoveWindow
0x45a56c SetWindowTextA
0x45a570 IsDialogMessageA
0x45a574 IsDlgButtonChecked
0x45a578 SetDlgItemTextA
0x45a57c SetDlgItemInt
0x45a580 GetDlgItemTextA
0x45a584 GetDlgItemInt
0x45a588 CheckRadioButton
0x45a58c CheckDlgButton
0x45a590 SetMenuItemBitmaps
0x45a594 ModifyMenuA
0x45a598 GetMenuState
0x45a59c EnableMenuItem
0x45a5a0 CheckMenuItem
0x45a5a8 LoadBitmapA
0x45a5ac EndPaint
0x45a5b0 BeginPaint
0x45a5b4 GetWindowDC
0x45a5b8 ReleaseDC
0x45a5bc GetDC
0x45a5c0 ClientToScreen
0x45a5c4 GrayStringA
0x45a5c8 DrawTextExA
0x45a5cc DrawTextA
0x45a5d0 TabbedTextOutA
0x45a5d8 WinHelpA
0x45a5dc GetCapture
0x45a5e0 CreateWindowExA
0x45a5e4 SetWindowsHookExA
0x45a5e8 CallNextHookEx
0x45a5ec GetClassLongA
0x45a5f0 GetClassInfoExA
0x45a5f4 GetClassNameA
0x45a5f8 SetPropA
0x45a5fc GetPropA
0x45a600 RemovePropA
0x45a604 SendDlgItemMessageA
0x45a608 GetFocus
0x45a60c IsWindow
0x45a610 SetFocus
0x45a614 IsChild
0x45a61c GetWindowTextA
0x45a620 GetForegroundWindow
0x45a624 GetLastActivePopup
0x45a628 SetActiveWindow
0x45a62c DispatchMessageA
0x45a630 BeginDeferWindowPos
0x45a634 EndDeferWindowPos
0x45a638 GetDlgItem
0x45a63c GetTopWindow
0x45a640 DestroyWindow
0x45a644 SetMenu
0x45a648 GetMessageTime
0x45a64c GetMessagePos
0x45a650 PeekMessageA
0x45a654 MapWindowPoints
0x45a658 ScrollWindow
0x45a65c MessageBoxA
0x45a660 MapVirtualKeyA
0x45a664 TrackPopupMenu
0x45a668 GetKeyState
0x45a66c SetScrollRange
0x45a670 GetScrollRange
0x45a674 SetScrollPos
0x45a678 GetScrollPos
0x45a67c SetForegroundWindow
0x45a680 ShowScrollBar
0x45a684 IsWindowVisible
0x45a688 UpdateWindow
0x45a68c GetMenu
0x45a690 PostMessageA
0x45a694 GetSubMenu
0x45a698 GetMenuItemID
0x45a69c GetMenuItemCount
0x45a6a0 GetSysColor
0x45a6a4 AdjustWindowRectEx
0x45a6a8 GetParent
0x45a6ac ScreenToClient
0x45a6b0 EqualRect
0x45a6b4 DeferWindowPos
0x45a6b8 GetScrollInfo
0x45a6bc SetScrollInfo
0x45a6c0 GetClassInfoA
0x45a6c4 RegisterClassA
0x45a6c8 UnregisterClassA
0x45a6cc SetWindowPlacement
0x45a6d0 GetDlgCtrlID
0x45a6d4 DefWindowProcA
0x45a6d8 CallWindowProcA
0x45a6dc GetWindowLongA
0x45a6e4 DestroyIcon
0x45a6e8 GetDialogBaseUnits
0x45a6ec MessageBeep
0x45a6f0 GetNextDlgGroupItem
0x45a6f4 InvalidateRgn
0x45a6fc SetRect
0x45a700 IsRectEmpty
0x45a704 CharNextA
0x45a708 WaitMessage
0x45a710 ReleaseCapture
0x45a714 WindowFromPoint
0x45a718 SetWindowLongA
0x45a71c SetWindowPos
0x45a720 IntersectRect
0x45a728 GetWindowPlacement
0x45a72c GetWindowRect
0x45a730 PtInRect
0x45a734 GetWindow
0x45a738 CharUpperA
0x45a73c CharLowerW
0x45a740 CharLowerA
0x45a744 CharUpperW
0x45a748 GetClientRect
0x45a74c GetSystemMetrics
0x45a750 IsIconic
0x45a754 GetKeyNameTextA
0x45a75c LoadMenuA
0x45a760 UnpackDDElParam
0x45a764 ReuseDDElParam
0x45a768 AppendMenuA
0x45a76c GetSystemMenu
0x45a770 LoadIconA
0x45a774 EnableWindow
0x45a778 SendMessageA
0x45a77c InvalidateRect
0x45a780 FillRect
0x45a784 OffsetRect
0x45a788 InflateRect
0x45a78c CopyRect
0x45a790 DrawIcon
0x45a794 DrawEdge
0x45a798 LoadAcceleratorsA
0x45a79c InsertMenuItemA
0x45a7a0 CreatePopupMenu
0x45a7a4 SetRectEmpty
0x45a7a8 TrackPopupMenuEx
0x45a7ac BringWindowToTop
0x45a7b0 SetCapture
0x45a7b4 DeleteMenu
0x45a7b8 wsprintfA
0x45a7bc LoadCursorA
0x45a7c0 GetSysColorBrush
0x45a7c4 InsertMenuA
0x45a7c8 RemoveMenu
0x45a7cc GetMenuStringA
0x45a7d0 DestroyMenu
0x45a7d4 GetMenuItemInfoA
0x45a7d8 ShowOwnedPopups
0x45a7dc SetCursor
0x45a7e0 GetMessageA
0x45a7e4 TranslateMessage
0x45a7e8 GetCursorPos
0x45a7ec ValidateRect
0x45a7f0 GetDesktopWindow
0x45a7f4 GetActiveWindow
0x45a7fc GetNextDlgTabItem
0x45a800 EndDialog
0x45a808 MapDialogRect
0x45a80c PostQuitMessage
0x45a810 ScrollWindowEx
0x45a814 UnhookWindowsHookEx
0x45a818 ShowWindow
0x45a81c IsWindowEnabled
Library GDI32.dll:
0x45a06c SelectClipPath
0x45a070 GetViewportExtEx
0x45a074 GetWindowExtEx
0x45a078 BitBlt
0x45a07c GetPixel
0x45a080 StartDocA
0x45a084 PtVisible
0x45a088 RectVisible
0x45a08c TextOutA
0x45a090 ExtTextOutA
0x45a094 Escape
0x45a098 SelectObject
0x45a09c SetViewportOrgEx
0x45a0a0 OffsetViewportOrgEx
0x45a0a4 SetViewportExtEx
0x45a0a8 ScaleViewportExtEx
0x45a0ac SetWindowOrgEx
0x45a0b0 OffsetWindowOrgEx
0x45a0b4 SetWindowExtEx
0x45a0b8 ScaleWindowExtEx
0x45a0c0 ArcTo
0x45a0c4 PolyDraw
0x45a0c8 PolylineTo
0x45a0cc PolyBezierTo
0x45a0d0 ExtSelectClipRgn
0x45a0d4 DeleteDC
0x45a0dc CreatePatternBrush
0x45a0e0 CreateBitmap
0x45a0e4 CreateCompatibleDC
0x45a0e8 GetStockObject
0x45a0ec CreateRectRgn
0x45a0f0 PlayMetaFileRecord
0x45a0f4 GetObjectType
0x45a0f8 EnumMetaFile
0x45a0fc PlayMetaFile
0x45a100 GetDeviceCaps
0x45a104 CreatePen
0x45a108 ExtCreatePen
0x45a10c CreateSolidBrush
0x45a110 CreateHatchBrush
0x45a114 CreateFontIndirectA
0x45a11c SetRectRgn
0x45a120 CombineRgn
0x45a124 GetMapMode
0x45a128 PatBlt
0x45a12c DPtoLP
0x45a134 CopyMetaFileA
0x45a138 CreateDCA
0x45a13c GetBkColor
0x45a140 GetTextColor
0x45a144 GetRgnBox
0x45a148 GetTextMetricsA
0x45a150 StretchDIBits
0x45a154 GetCharWidthA
0x45a158 CreateFontA
0x45a15c StartPage
0x45a160 EndPage
0x45a164 SetAbortProc
0x45a168 AbortDoc
0x45a16c EndDoc
0x45a170 GetClipRgn
0x45a174 SelectClipRgn
0x45a178 DeleteObject
0x45a17c SetColorAdjustment
0x45a180 SetArcDirection
0x45a184 SetMapperFlags
0x45a190 SetTextAlign
0x45a194 MoveToEx
0x45a198 LineTo
0x45a19c OffsetClipRgn
0x45a1a0 IntersectClipRect
0x45a1a4 ExcludeClipRect
0x45a1a8 SetMapMode
0x45a1ac SetStretchBltMode
0x45a1b0 SetROP2
0x45a1b4 SetPolyFillMode
0x45a1b8 SetBkMode
0x45a1bc RestoreDC
0x45a1c0 SaveDC
0x45a1c4 GetObjectA
0x45a1c8 SetBkColor
0x45a1cc SetTextColor
0x45a1d0 GetClipBox
0x45a1d4 SelectPalette
0x45a1d8 Rectangle
0x45a1dc GetDCOrgEx
Library comdlg32.dll:
0x45a838 PrintDlgA
0x45a83c PageSetupDlgA
0x45a840 FindTextA
0x45a844 ReplaceTextA
0x45a84c GetSaveFileNameA
0x45a850 GetFileTitleA
0x45a854 GetOpenFileNameA
Library WINSPOOL.DRV:
0x45a824 GetJobA
0x45a828 OpenPrinterA
0x45a82c DocumentPropertiesA
0x45a830 ClosePrinter
Library ADVAPI32.dll:
0x45a000 SetFileSecurityA
0x45a004 RegQueryValueExA
0x45a008 RegOpenKeyExA
0x45a00c RegDeleteKeyA
0x45a010 RegEnumKeyA
0x45a014 RegOpenKeyA
0x45a018 RegQueryValueA
0x45a01c RegSetValueA
0x45a020 RegCreateKeyExA
0x45a024 RegSetValueExA
0x45a028 RegDeleteValueA
0x45a02c GetFileSecurityA
0x45a030 RegCloseKey
0x45a034 RegCreateKeyA
Library SHELL32.dll:
0x45a518 SHGetFileInfoA
0x45a51c DragFinish
0x45a520 DragQueryFileA
0x45a524 ExtractIconA
Library COMCTL32.dll:
0x45a03c
0x45a040 ImageList_Draw
0x45a048
0x45a04c ImageList_Read
0x45a050 ImageList_Write
0x45a054
0x45a058 ImageList_Destroy
0x45a05c ImageList_Create
0x45a064 ImageList_Merge
Library SHLWAPI.dll:
0x45a530 PathFindFileNameA
0x45a534 PathStripToRootA
0x45a538 PathFindExtensionA
0x45a53c PathIsUNCA
Library oledlg.dll:
0x45a8e4
Library ole32.dll:
0x45a864 CoGetClassObject
0x45a868 CoDisconnectObject
0x45a86c OleDuplicateData
0x45a870 ReleaseStgMedium
0x45a874 CoTaskMemAlloc
0x45a878 CreateBindCtx
0x45a87c CoTreatAsClass
0x45a884 ReadClassStg
0x45a888 ReadFmtUserTypeStg
0x45a88c OleRegGetUserType
0x45a890 WriteClassStg
0x45a894 WriteFmtUserTypeStg
0x45a898 SetConvertStg
0x45a89c CoTaskMemFree
0x45a8a0 CLSIDFromString
0x45a8a4 CLSIDFromProgID
0x45a8a8 CoCreateInstance
0x45a8ac StringFromGUID2
0x45a8b0 OleRun
0x45a8b4 OleUninitialize
0x45a8c4 OleFlushClipboard
0x45a8cc OleSetClipboard
0x45a8d0 CoRevokeClassObject
0x45a8d8 StringFromCLSID
0x45a8dc OleInitialize
Library OLEAUT32.dll:
0x45a474 VariantClear
0x45a478 VariantInit
0x45a47c SysAllocStringLen
0x45a480 SysFreeString
0x45a484 SysStringLen
0x45a48c SysStringByteLen
0x45a498 SafeArrayDestroy
0x45a49c SysAllocString
0x45a4a4 SafeArrayAccessData
0x45a4a8 SafeArrayGetUBound
0x45a4ac SafeArrayGetLBound
0x45a4b4 SafeArrayGetDim
0x45a4b8 SafeArrayCreate
0x45a4bc SafeArrayRedim
0x45a4c0 VariantCopy
0x45a4c4 SafeArrayAllocData
0x45a4cc SafeArrayCopy
0x45a4d0 SafeArrayGetElement
0x45a4d4 SafeArrayPtrOfIndex
0x45a4d8 SafeArrayPutElement
0x45a4dc SafeArrayLock
0x45a4e0 SafeArrayUnlock
0x45a4f0 SysReAllocStringLen
0x45a4f4 VarDateFromStr
0x45a4f8 VarBstrFromDec
0x45a4fc VarDecFromStr
0x45a500 VarCyFromStr
0x45a504 VarBstrFromCy
0x45a508 VarBstrFromDate
0x45a50c LoadTypeLib
0x45a510 VariantChangeType

Hosts

No hosts contacted.

TCP

Source Source Port Destination Destination Port
192.168.56.101 49189 203.208.40.34 update.googleapis.com 443

UDP

Source Source Port Destination Destination Port
192.168.56.101 51378 114.114.114.114 53
192.168.56.101 53210 114.114.114.114 53
192.168.56.101 53237 114.114.114.114 53
192.168.56.101 53657 114.114.114.114 53
192.168.56.101 57874 114.114.114.114 53
192.168.56.101 61680 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 123 20.189.79.72 time.windows.com 123
192.168.56.101 49235 224.0.0.252 5355
192.168.56.101 49713 224.0.0.252 5355
192.168.56.101 50534 224.0.0.252 5355
192.168.56.101 50568 224.0.0.252 5355
192.168.56.101 51808 224.0.0.252 5355
192.168.56.101 51963 224.0.0.252 5355
192.168.56.101 53380 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 62191 224.0.0.252 5355
192.168.56.101 62318 224.0.0.252 5355
192.168.56.101 63429 224.0.0.252 5355

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.