5.6
高危
该样本未表现出任何异常!
重新分析
更多

a6901ff7de4b874bff9d2ee4df16f36eef25b91ddd0c65fc226bf41c31c9f662

4368537f3c177e3b387fc673b67e684a.exe

分析耗时

43s

最近分析

文件大小

1.0MB
静态报毒 动态报毒
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
未检测 暂无反病毒引擎检测结果
静态指标
The executable contains unknown PE section names indicative of a packer (could be a false positive) (3 个事件)
section CODE
section DATA
section BSS
The executable uses a known packer (1 个事件)
packer BobSoft Mini Delphi -> BoB / BobSoft
One or more processes crashed (1 个事件)
Time & API Arguments Status Return Repeated
1619411888.690374
__exception__
stacktrace: 
CreateFileMappingW+0xe5 OpenFileMappingW-0x29 kernelbase+0xdc73 @ 0x778edc73
GetFileVersion+0xa7 ND_RI2-0x2eb mscoreei+0xe97b @ 0x7387e97b
GetFileVersion+0x1bb ND_RI2-0x1d7 mscoreei+0xea8f @ 0x7387ea8f
RegisterShimImplCallback+0x48e5 CLRCreateInstance-0x13e6 mscoreei+0xb25a @ 0x7387b25a
RegisterShimImplCallback+0x4b52 CLRCreateInstance-0x1179 mscoreei+0xb4c7 @ 0x7387b4c7
RegisterShimImplCallback+0x4300 CLRCreateInstance-0x19cb mscoreei+0xac75 @ 0x7387ac75
RegisterShimImplCallback+0x4561 CLRCreateInstance-0x176a mscoreei+0xaed6 @ 0x7387aed6
CreateConfigStream+0xc89 _CorExeMain-0x62 mscoreei+0x5511 @ 0x73875511
_CorExeMain+0x2b _CorExeMain2-0x141 mscoreei+0x559e @ 0x7387559e
CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x73f37f16
_CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x73f34de3
4368537f3c177e3b387fc673b67e684a+0x90a4d @ 0x490a4d
4368537f3c177e3b387fc673b67e684a+0x89254 @ 0x489254
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1634372
registers.edi: 2
registers.eax: 1
registers.ebp: 1634412
registers.edx: 228
registers.ebx: 983045
registers.esi: 1634532
registers.ecx: 228
exception.symbol:
exception.exception_code: 0xc0000005
exception.address: 0xfcc014ad
success 0 0
行为判定
动态指标
One or more potentially interesting buffers were extracted, these generally contain injected code, configuration data, etc.
Allocates read-write-execute memory (usually to unpack itself) (30 个事件)
Time & API Arguments Status Return Repeated
1619384540.76575
NtAllocateVirtualMemory
process_identifier: 2064
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x02230000
success 0 0
1619384541.07775
NtProtectVirtualMemory
process_identifier: 2064
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 61440
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x0047f000
success 0 0
1619384541.07775
NtAllocateVirtualMemory
process_identifier: 2064
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x02270000
success 0 0
1619411885.971374
NtProtectVirtualMemory
process_identifier: 1056
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00400000
success 0 0
1619411886.003374
NtAllocateVirtualMemory
process_identifier: 1056
region_size: 917504
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 8192 (MEM_RESERVE)
base_address: 0x01ef0000
success 0 0
1619411886.003374
NtAllocateVirtualMemory
process_identifier: 1056
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x01f90000
success 0 0
1619411886.003374
NtAllocateVirtualMemory
process_identifier: 1056
region_size: 557056
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x01ef0000
success 0 0
1619411886.003374
NtProtectVirtualMemory
process_identifier: 1056
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 520192
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x01ef2000
success 0 0
1619411886.440374
NtAllocateVirtualMemory
process_identifier: 1056
region_size: 2228224
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 8192 (MEM_RESERVE)
base_address: 0x021e0000
success 0 0
1619411886.440374
NtAllocateVirtualMemory
process_identifier: 1056
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x023c0000
success 0 0
1619411888.659374
NtProtectVirtualMemory
process_identifier: 1056
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00942000
success 0 0
1619411888.659374
NtProtectVirtualMemory
process_identifier: 1056
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76351000
success 0 0
1619411888.659374
NtProtectVirtualMemory
process_identifier: 1056
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00942000
success 0 0
1619411888.659374
NtProtectVirtualMemory
process_identifier: 1056
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76353000
success 0 0
1619411888.659374
NtProtectVirtualMemory
process_identifier: 1056
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00942000
success 0 0
1619411888.659374
NtProtectVirtualMemory
process_identifier: 1056
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76354000
success 0 0
1619411888.659374
NtProtectVirtualMemory
process_identifier: 1056
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00942000
success 0 0
1619411888.659374
NtProtectVirtualMemory
process_identifier: 1056
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76351000
success 0 0
1619411888.659374
NtProtectVirtualMemory
process_identifier: 1056
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00942000
success 0 0
1619411888.659374
NtProtectVirtualMemory
process_identifier: 1056
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x77d4f000
success 0 0
1619411888.659374
NtProtectVirtualMemory
process_identifier: 1056
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00942000
success 0 0
1619411888.659374
NtProtectVirtualMemory
process_identifier: 1056
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76353000
success 0 0
1619411888.659374
NtProtectVirtualMemory
process_identifier: 1056
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00942000
success 0 0
1619411888.659374
NtProtectVirtualMemory
process_identifier: 1056
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76351000
success 0 0
1619411888.659374
NtProtectVirtualMemory
process_identifier: 1056
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00942000
success 0 0
1619411888.659374
NtProtectVirtualMemory
process_identifier: 1056
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76351000
success 0 0
1619411888.659374
NtProtectVirtualMemory
process_identifier: 1056
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00942000
success 0 0
1619411888.659374
NtProtectVirtualMemory
process_identifier: 1056
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76354000
success 0 0
1619411888.659374
NtProtectVirtualMemory
process_identifier: 1056
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00942000
success 0 0
1619411888.659374
NtProtectVirtualMemory
process_identifier: 1056
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76351000
success 0 0
The binary likely contains encrypted or compressed data indicative of a packer (2 个事件)
entropy 7.399047725394905 section {'size_of_data': '0x0006d600', 'virtual_address': '0x000a1000', 'entropy': 7.399047725394905, 'name': '.rsrc', 'virtual_size': '0x0006d5d4'} description A section with a high entropy has been found
entropy 0.41371158392434987 description Overall entropy of this PE file is high
网络通信
Communicates with host for which no DNS query was performed (1 个事件)
host 113.108.239.196
Used NtSetContextThread to modify a thread in a remote process indicative of process injection (2 个事件)
Process injection Process 2064 called NtSetContextThread to modify thread in remote process 1056
Time & API Arguments Status Return Repeated
1619384541.71875
NtSetContextThread
thread_handle: 0x00000120
registers.eip: 0
registers.esp: 0
registers.edi: 0
registers.eax: 5354736
registers.ebp: 0
registers.edx: 0
registers.ebx: 2130567168
registers.esi: 0
registers.ecx: 0
process_identifier: 1056
success 0 0
Resumed a suspended thread in a remote process potentially indicative of process injection (2 个事件)
Process injection Process 2064 resumed a thread in remote process 1056
Time & API Arguments Status Return Repeated
1619384541.79675
NtResumeThread
thread_handle: 0x00000120
suspend_count: 1
process_identifier: 1056
success 0 0
Connects to an IP address that is no longer responding to requests (legitimate services will remain up-and-running usually) (1 个事件)
dead_host 172.217.24.14:443
Executed a process and injected code into it, probably while unpacking (6 个事件)
Time & API Arguments Status Return Repeated
1619384541.68775
CreateProcessInternalW
thread_identifier: 2008
thread_handle: 0x00000120
process_identifier: 1056
current_directory:
filepath:
track: 1
command_line: "C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\4368537f3c177e3b387fc673b67e684a.exe"
filepath_r:
stack_pivoted: 0
creation_flags: 4 (CREATE_SUSPENDED)
process_handle: 0x00000124
inherit_handles: 0
success 1 0
1619384541.68775
NtUnmapViewOfSection
process_identifier: 1056
region_size: 4096
process_handle: 0x00000124
base_address: 0x00400000
success 0 0
1619384541.68775
NtMapViewOfSection
section_handle: 0x0000012c
process_identifier: 1056
commit_size: 1167360
win32_protect: 64 (PAGE_EXECUTE_READWRITE)
buffer:
process_handle: 0x00000124
allocation_type: 0 ()
section_offset: 0
view_size: 1167360
base_address: 0x00400000
success 0 0
1619384541.71875
NtGetContextThread
thread_handle: 0x00000120
success 0 0
1619384541.71875
NtSetContextThread
thread_handle: 0x00000120
registers.eip: 0
registers.esp: 0
registers.edi: 0
registers.eax: 5354736
registers.ebp: 0
registers.edx: 0
registers.ebx: 2130567168
registers.esi: 0
registers.ecx: 0
process_identifier: 1056
success 0 0
1619384541.79675
NtResumeThread
thread_handle: 0x00000120
suspend_count: 1
process_identifier: 1056
success 0 0
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

1992-06-20 06:22:17

Imports

Library kernel32.dll:
0x4921a0 VirtualFree
0x4921a4 VirtualAlloc
0x4921a8 LocalFree
0x4921ac LocalAlloc
0x4921b0 GetVersion
0x4921b4 GetCurrentThreadId
0x4921c0 VirtualQuery
0x4921c4 WideCharToMultiByte
0x4921cc MultiByteToWideChar
0x4921d0 lstrlenA
0x4921d4 lstrcpynA
0x4921d8 LoadLibraryExA
0x4921dc GetThreadLocale
0x4921e0 GetStartupInfoA
0x4921e4 GetProcAddress
0x4921e8 GetModuleHandleA
0x4921ec GetModuleFileNameA
0x4921f0 GetLocaleInfoA
0x4921f4 GetLastError
0x4921fc GetCommandLineA
0x492200 FreeLibrary
0x492204 FindFirstFileA
0x492208 FindClose
0x49220c ExitProcess
0x492210 WriteFile
0x492218 RtlUnwind
0x49221c RaiseException
0x492220 GetStdHandle
Library user32.dll:
0x492228 GetKeyboardType
0x49222c LoadStringA
0x492230 MessageBoxA
0x492234 CharNextA
Library advapi32.dll:
0x49223c RegQueryValueExA
0x492240 RegOpenKeyExA
0x492244 RegCloseKey
Library oleaut32.dll:
0x49224c SysFreeString
0x492250 SysReAllocStringLen
0x492254 SysAllocStringLen
Library kernel32.dll:
0x49225c TlsSetValue
0x492260 TlsGetValue
0x492264 LocalAlloc
0x492268 GetModuleHandleA
Library advapi32.dll:
0x492270 RegQueryValueExA
0x492274 RegOpenKeyExA
0x492278 RegCloseKey
Library kernel32.dll:
0x492280 lstrcpyA
0x492284 WriteFile
0x492288 WinExec
0x49228c WaitForSingleObject
0x492290 VirtualQuery
0x492294 VirtualProtect
0x492298 VirtualAlloc
0x49229c Sleep
0x4922a0 SizeofResource
0x4922a4 SetThreadLocale
0x4922a8 SetFilePointer
0x4922ac SetEvent
0x4922b0 SetErrorMode
0x4922b4 SetEndOfFile
0x4922b8 ResetEvent
0x4922bc ReadFile
0x4922c0 MultiByteToWideChar
0x4922c4 MulDiv
0x4922c8 LockResource
0x4922cc LoadResource
0x4922d0 LoadLibraryA
0x4922dc GlobalUnlock
0x4922e0 GlobalSize
0x4922e4 GlobalReAlloc
0x4922e8 GlobalHandle
0x4922ec GlobalLock
0x4922f0 GlobalFree
0x4922f4 GlobalFindAtomA
0x4922f8 GlobalDeleteAtom
0x4922fc GlobalAlloc
0x492300 GlobalAddAtomA
0x492308 GetVersionExA
0x49230c GetVersion
0x492310 GetUserDefaultLCID
0x492314 GetTickCount
0x492318 GetThreadLocale
0x492320 GetSystemInfo
0x492324 GetStringTypeExA
0x492328 GetStdHandle
0x49232c GetProcAddress
0x492330 GetModuleHandleA
0x492334 GetModuleFileNameA
0x492338 GetLogicalDrives
0x49233c GetLocaleInfoA
0x492340 GetLocalTime
0x492344 GetLastError
0x492348 GetFullPathNameA
0x49234c GetFileAttributesA
0x492350 GetDriveTypeA
0x492354 GetDiskFreeSpaceA
0x492358 GetDateFormatA
0x49235c GetCurrentThreadId
0x492360 GetCurrentProcessId
0x492364 GetComputerNameA
0x492368 GetCPInfo
0x49236c GetACP
0x492370 FreeResource
0x492374 InterlockedExchange
0x492378 FreeLibrary
0x49237c FormatMessageA
0x492380 FindResourceA
0x492384 FindNextFileA
0x492388 FindFirstFileA
0x49238c FindClose
0x49239c EnumCalendarInfoA
0x4923a8 CreateThread
0x4923ac CreateFileA
0x4923b0 CreateEventA
0x4923b4 CompareStringA
0x4923b8 CloseHandle
Library mpr.dll:
0x4923c0 WNetGetConnectionA
Library version.dll:
0x4923c8 VerQueryValueA
0x4923d0 GetFileVersionInfoA
Library gdi32.dll:
0x4923d8 UnrealizeObject
0x4923dc StretchBlt
0x4923e0 SetWindowOrgEx
0x4923e4 SetWinMetaFileBits
0x4923e8 SetViewportOrgEx
0x4923ec SetTextColor
0x4923f0 SetStretchBltMode
0x4923f4 SetROP2
0x4923f8 SetPixel
0x4923fc SetMapMode
0x492400 SetEnhMetaFileBits
0x492404 SetDIBColorTable
0x492408 SetBrushOrgEx
0x49240c SetBkMode
0x492410 SetBkColor
0x492414 SelectPalette
0x492418 SelectObject
0x49241c SelectClipRgn
0x492420 SaveDC
0x492424 RestoreDC
0x492428 Rectangle
0x49242c RectVisible
0x492430 RealizePalette
0x492434 Polyline
0x492438 PlayEnhMetaFile
0x49243c PatBlt
0x492440 MoveToEx
0x492444 MaskBlt
0x492448 LineTo
0x49244c LPtoDP
0x492450 IntersectClipRect
0x492454 GetWindowOrgEx
0x492458 GetWinMetaFileBits
0x49245c GetTextMetricsA
0x492468 GetStockObject
0x49246c GetPixel
0x492470 GetPaletteEntries
0x492474 GetObjectA
0x492484 GetEnhMetaFileBits
0x492488 GetDeviceCaps
0x49248c GetDIBits
0x492490 GetDIBColorTable
0x492494 GetDCOrgEx
0x49249c GetClipBox
0x4924a0 GetBrushOrgEx
0x4924a4 GetBitmapBits
0x4924a8 ExtTextOutA
0x4924ac ExcludeClipRect
0x4924b0 DeleteObject
0x4924b4 DeleteEnhMetaFile
0x4924b8 DeleteDC
0x4924bc CreateSolidBrush
0x4924c0 CreatePenIndirect
0x4924c4 CreatePen
0x4924c8 CreatePalette
0x4924d0 CreateFontIndirectA
0x4924d4 CreateEnhMetaFileA
0x4924d8 CreateDIBitmap
0x4924dc CreateDIBSection
0x4924e0 CreateCompatibleDC
0x4924e8 CreateBrushIndirect
0x4924ec CreateBitmap
0x4924f0 CopyEnhMetaFileA
0x4924f4 CloseEnhMetaFile
0x4924f8 BitBlt
Library opengl32.dll:
0x492500 wglCreateContext
Library user32.dll:
0x492508 CreateWindowExA
0x49250c WindowFromPoint
0x492510 WinHelpA
0x492514 WaitMessage
0x492518 ValidateRect
0x49251c UpdateWindow
0x492520 UnregisterClassA
0x492524 UnhookWindowsHookEx
0x492528 TranslateMessage
0x492530 TrackPopupMenu
0x492538 ShowWindow
0x49253c ShowScrollBar
0x492540 ShowOwnedPopups
0x492544 ShowCursor
0x492548 SetWindowsHookExA
0x49254c SetWindowTextA
0x492550 SetWindowPos
0x492554 SetWindowPlacement
0x492558 SetWindowLongA
0x49255c SetTimer
0x492560 SetScrollRange
0x492564 SetScrollPos
0x492568 SetScrollInfo
0x49256c SetRect
0x492570 SetPropA
0x492574 SetParent
0x492578 SetMenuItemInfoA
0x49257c SetMenu
0x492580 SetForegroundWindow
0x492584 SetFocus
0x492588 SetCursor
0x49258c SetClassLongA
0x492590 SetCapture
0x492594 SetActiveWindow
0x492598 SendMessageA
0x49259c ScrollWindow
0x4925a0 ScreenToClient
0x4925a4 RemovePropA
0x4925a8 RemoveMenu
0x4925ac ReleaseDC
0x4925b0 ReleaseCapture
0x4925bc RegisterClassA
0x4925c0 RedrawWindow
0x4925c4 PtInRect
0x4925c8 PostQuitMessage
0x4925cc PostMessageA
0x4925d0 PeekMessageA
0x4925d4 OffsetRect
0x4925d8 OemToCharA
0x4925dc MessageBoxA
0x4925e0 MessageBeep
0x4925e4 MapWindowPoints
0x4925e8 MapVirtualKeyA
0x4925ec LoadStringA
0x4925f0 LoadKeyboardLayoutA
0x4925f4 LoadIconA
0x4925f8 LoadCursorA
0x4925fc LoadBitmapA
0x492600 KillTimer
0x492604 IsZoomed
0x492608 IsWindowVisible
0x49260c IsWindowEnabled
0x492610 IsWindow
0x492614 IsRectEmpty
0x492618 IsIconic
0x49261c IsDialogMessageA
0x492620 IsChild
0x492624 InvalidateRect
0x492628 IntersectRect
0x49262c InsertMenuItemA
0x492630 InsertMenuA
0x492634 InflateRect
0x49263c GetWindowTextA
0x492640 GetWindowRect
0x492644 GetWindowPlacement
0x492648 GetWindowLongA
0x49264c GetWindowDC
0x492650 GetTopWindow
0x492654 GetSystemMetrics
0x492658 GetSystemMenu
0x49265c GetSysColorBrush
0x492660 GetSysColor
0x492664 GetSubMenu
0x492668 GetScrollRange
0x49266c GetScrollPos
0x492670 GetScrollInfo
0x492674 GetPropA
0x492678 GetParent
0x49267c GetWindow
0x492680 GetMessageTime
0x492684 GetMenuStringA
0x492688 GetMenuState
0x49268c GetMenuItemInfoA
0x492690 GetMenuItemID
0x492694 GetMenuItemCount
0x492698 GetMenu
0x49269c GetLastActivePopup
0x4926a0 GetKeyboardState
0x4926a8 GetKeyboardLayout
0x4926ac GetKeyState
0x4926b0 GetKeyNameTextA
0x4926b4 GetIconInfo
0x4926b8 GetForegroundWindow
0x4926bc GetFocus
0x4926c0 GetDlgItem
0x4926c4 GetDesktopWindow
0x4926c8 GetDCEx
0x4926cc GetDC
0x4926d0 GetCursorPos
0x4926d4 GetCursor
0x4926d8 GetClipboardData
0x4926dc GetClientRect
0x4926e0 GetClassNameA
0x4926e4 GetClassInfoA
0x4926e8 GetCapture
0x4926ec GetActiveWindow
0x4926f0 FrameRect
0x4926f4 FindWindowA
0x4926f8 FillRect
0x4926fc EqualRect
0x492700 EnumWindows
0x492704 EnumThreadWindows
0x492708 EndPaint
0x49270c EnableWindow
0x492710 EnableScrollBar
0x492714 EnableMenuItem
0x492718 DrawTextA
0x49271c DrawMenuBar
0x492720 DrawIconEx
0x492724 DrawIcon
0x492728 DrawFrameControl
0x49272c DrawFocusRect
0x492730 DrawEdge
0x492734 DispatchMessageA
0x492738 DestroyWindow
0x49273c DestroyMenu
0x492740 DestroyIcon
0x492744 DestroyCursor
0x492748 DeleteMenu
0x49274c DefWindowProcA
0x492750 DefMDIChildProcA
0x492754 DefFrameProcA
0x492758 CreatePopupMenu
0x49275c CreateMenu
0x492760 CreateIcon
0x492764 ClientToScreen
0x492768 CheckMenuItem
0x49276c CallWindowProcA
0x492770 CallNextHookEx
0x492774 BeginPaint
0x492778 CharNextA
0x49277c CharLowerBuffA
0x492780 CharLowerA
0x492784 CharUpperBuffA
0x492788 CharToOemA
0x49278c AdjustWindowRectEx
Library kernel32.dll:
0x492798 Sleep
Library oleaut32.dll:
0x4927a0 SafeArrayPtrOfIndex
0x4927a4 SafeArrayPutElement
0x4927a8 SafeArrayGetElement
0x4927b0 SafeArrayAccessData
0x4927b4 SafeArrayGetUBound
0x4927b8 SafeArrayGetLBound
0x4927bc SafeArrayCreate
0x4927c0 VariantChangeType
0x4927c4 VariantCopyInd
0x4927c8 VariantCopy
0x4927cc VariantClear
0x4927d0 VariantInit
Library ole32.dll:
0x4927dc IsAccelerator
0x4927e0 OleDraw
0x4927e8 CoTaskMemFree
0x4927ec ProgIDFromCLSID
0x4927f0 StringFromCLSID
0x4927f4 CoCreateInstance
0x4927f8 CoGetClassObject
0x4927fc CoUninitialize
0x492800 CoInitialize
0x492804 IsEqualGUID
Library oleaut32.dll:
0x49280c GetErrorInfo
0x492810 GetActiveObject
0x492814 SysFreeString
Library comctl32.dll:
0x492824 ImageList_Write
0x492828 ImageList_Read
0x492838 ImageList_DragMove
0x49283c ImageList_DragLeave
0x492840 ImageList_DragEnter
0x492844 ImageList_EndDrag
0x492848 ImageList_BeginDrag
0x49284c ImageList_Remove
0x492850 ImageList_DrawEx
0x492854 ImageList_Replace
0x492858 ImageList_Draw
0x492868 ImageList_Add
0x492870 ImageList_Destroy
0x492874 ImageList_Create
0x492878 InitCommonControls
Library comdlg32.dll:
0x492880 GetOpenFileNameA
Library user32.dll:
0x492888 DdeCmpStringHandles
0x49288c DdeFreeStringHandle
0x492890 DdeQueryStringA
0x492898 DdeGetLastError
0x49289c DdeFreeDataHandle
0x4928a0 DdeUnaccessData
0x4928a4 DdeAccessData
0x4928a8 DdeCreateDataHandle
0x4928b0 DdeNameService
0x4928b4 DdePostAdvise
0x4928b8 DdeSetUserHandle
0x4928bc DdeQueryConvInfo
0x4928c0 DdeDisconnect
0x4928c4 DdeConnect
0x4928c8 DdeUninitialize
0x4928cc DdeInitializeA

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 49235 114.114.114.114 53
192.168.56.101 50568 114.114.114.114 53
192.168.56.101 51963 114.114.114.114 53
192.168.56.101 53657 114.114.114.114 53
192.168.56.101 55368 114.114.114.114 53
192.168.56.101 56539 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 123 20.189.79.72 time.windows.com 123
192.168.56.101 50002 224.0.0.252 5355
192.168.56.101 50534 224.0.0.252 5355
192.168.56.101 51808 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 57756 224.0.0.252 5355
192.168.56.101 57874 224.0.0.252 5355
192.168.56.101 60123 224.0.0.252 5355
192.168.56.101 60384 224.0.0.252 5355
192.168.56.101 62191 224.0.0.252 5355
192.168.56.101 1900 239.255.255.250 1900
192.168.56.101 56540 239.255.255.250 3702

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.