6.8
高危
60 个模型检测该样本为恶意!
重新分析
更多

a774e0408554f26db4f93452165213b1aa23e766c6c85916aeeea72fe63abcd4

46051e7589af34b13418f8f938fe6215.exe

分析耗时

36s

最近分析

文件大小

764.5KB
静态报毒 动态报毒 100% AGENTTESLA AI SCORE=100 AIDETECTVM ALI2000015 ANTIVM BTDFUY CONFIDENCE DELF DELFINJECT DELPHILESS ELKP FAREIT GENERICKD HIGH CONFIDENCE HJMDZA IGENT K6LQYQ KRYPTIK KTSE LOKIBOT MALWARE1 MALWARE@#24Z0NZEKRZ4B NANOCORE NANOCORERAT NYAM PABT PWSX QVM05 R + MAL SCORE SIGGEN9 STATIC AI SUSPICIOUS PE TRJGEN TSCOPE UHBAZCLLR UNSAFE VG0@A8W3JHBI WACATAC X2059 ZELPHIF ZGYHM 更多
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
McAfee Fareit-FSK!46051E7589AF 20210126 6.0.6.653
Alibaba Trojan:Win32/DelfInject.ali2000015 20190527 0.3.0.5
Baidu 20190318 1.0.0.2
Kingsoft 20210126 2017.9.26.565
Tencent Win32.Trojan.Kryptik.Pabt 20210126 1.0.0.1
Avast Win32:PWSX-gen [Trj] 20210126 21.1.5827.0
CrowdStrike win/malicious_confidence_100% (W) 20210106 1.0
静态指标
The executable contains unknown PE section names indicative of a packer (could be a false positive) (3 个事件)
section CODE
section DATA
section BSS
The executable uses a known packer (1 个事件)
packer BobSoft Mini Delphi -> BoB / BobSoft
One or more processes crashed (2 个事件)
Time & API Arguments Status Return Repeated
1619464040.266125
__exception__
stacktrace: 
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 34012992
registers.edi: 0
registers.eax: 0
registers.ebp: 34013064
registers.edx: 0
registers.ebx: 0
registers.esi: 0
registers.ecx: 0
exception.instruction_r: f7 f0 33 c0 5a 59 59 64 89 10 eb 61 e9 6e d8 f9
exception.symbol: 46051e7589af34b13418f8f938fe6215+0x65e2d
exception.instruction: div eax
exception.module: 46051e7589af34b13418f8f938fe6215.exe
exception.exception_code: 0xc0000094
exception.offset: 417325
exception.address: 0x465e2d
success 0 0
1619464044.047125
__exception__
stacktrace: 
CreateFileMappingW+0xe5 OpenFileMappingW-0x29 kernelbase+0xdc73 @ 0x778edc73
GetFileVersion+0xa7 ND_RI2-0x2eb mscoreei+0xe97b @ 0x73aae97b
GetFileVersion+0x1bb ND_RI2-0x1d7 mscoreei+0xea8f @ 0x73aaea8f
RegisterShimImplCallback+0x48e5 CLRCreateInstance-0x13e6 mscoreei+0xb25a @ 0x73aab25a
RegisterShimImplCallback+0x4b52 CLRCreateInstance-0x1179 mscoreei+0xb4c7 @ 0x73aab4c7
RegisterShimImplCallback+0x4300 CLRCreateInstance-0x19cb mscoreei+0xac75 @ 0x73aaac75
RegisterShimImplCallback+0x4561 CLRCreateInstance-0x176a mscoreei+0xaed6 @ 0x73aaaed6
CreateConfigStream+0xc89 _CorExeMain-0x62 mscoreei+0x5511 @ 0x73aa5511
_CorExeMain+0x2b _CorExeMain2-0x141 mscoreei+0x559e @ 0x73aa559e
CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x74167f16
_CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x74164de3
46051e7589af34b13418f8f938fe6215+0x40a4d @ 0x440a4d
46051e7589af34b13418f8f938fe6215+0x39254 @ 0x439254
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1634372
registers.edi: 2
registers.eax: 1
registers.ebp: 1634412
registers.edx: 228
registers.ebx: 983045
registers.esi: 1634532
registers.ecx: 228
exception.symbol:
exception.exception_code: 0xc0000005
exception.address: 0xfcc014ad
success 0 0
行为判定
动态指标
One or more potentially interesting buffers were extracted, these generally contain injected code, configuration data, etc.
Allocates read-write-execute memory (usually to unpack itself) (30 个事件)
Time & API Arguments Status Return Repeated
1619464039.922125
NtAllocateVirtualMemory
process_identifier: 2988
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x003e0000
success 0 0
1619464040.266125
NtAllocateVirtualMemory
process_identifier: 2988
region_size: 57344
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x02080000
success 0 0
1619464040.359125
NtAllocateVirtualMemory
process_identifier: 2988
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x020d0000
success 0 0
1619464041.031125
NtProtectVirtualMemory
process_identifier: 2256
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00400000
success 0 0
1619464041.047125
NtAllocateVirtualMemory
process_identifier: 2256
region_size: 327680
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 8192 (MEM_RESERVE)
base_address: 0x004d0000
success 0 0
1619464041.047125
NtAllocateVirtualMemory
process_identifier: 2256
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x004e0000
success 0 0
1619464041.047125
NtAllocateVirtualMemory
process_identifier: 2256
region_size: 229376
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00520000
success 0 0
1619464041.047125
NtProtectVirtualMemory
process_identifier: 2256
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 118784
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00522000
success 0 0
1619464042.375125
NtAllocateVirtualMemory
process_identifier: 2256
region_size: 393216
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 8192 (MEM_RESERVE)
base_address: 0x01dc0000
success 0 0
1619464042.375125
NtAllocateVirtualMemory
process_identifier: 2256
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x01de0000
success 0 0
1619464044.031125
NtProtectVirtualMemory
process_identifier: 2256
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x003e2000
success 0 0
1619464044.031125
NtProtectVirtualMemory
process_identifier: 2256
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76351000
success 0 0
1619464044.031125
NtProtectVirtualMemory
process_identifier: 2256
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x003e2000
success 0 0
1619464044.031125
NtProtectVirtualMemory
process_identifier: 2256
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76353000
success 0 0
1619464044.031125
NtProtectVirtualMemory
process_identifier: 2256
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x003e2000
success 0 0
1619464044.031125
NtProtectVirtualMemory
process_identifier: 2256
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76354000
success 0 0
1619464044.031125
NtProtectVirtualMemory
process_identifier: 2256
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x003e2000
success 0 0
1619464044.031125
NtProtectVirtualMemory
process_identifier: 2256
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76351000
success 0 0
1619464044.031125
NtProtectVirtualMemory
process_identifier: 2256
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x003e2000
success 0 0
1619464044.031125
NtProtectVirtualMemory
process_identifier: 2256
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x77d4f000
success 0 0
1619464044.031125
NtProtectVirtualMemory
process_identifier: 2256
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x003e2000
success 0 0
1619464044.031125
NtProtectVirtualMemory
process_identifier: 2256
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76353000
success 0 0
1619464044.031125
NtProtectVirtualMemory
process_identifier: 2256
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x003e2000
success 0 0
1619464044.031125
NtProtectVirtualMemory
process_identifier: 2256
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76351000
success 0 0
1619464044.031125
NtProtectVirtualMemory
process_identifier: 2256
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x003e2000
success 0 0
1619464044.031125
NtProtectVirtualMemory
process_identifier: 2256
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76351000
success 0 0
1619464044.031125
NtProtectVirtualMemory
process_identifier: 2256
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x003e2000
success 0 0
1619464044.031125
NtProtectVirtualMemory
process_identifier: 2256
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76354000
success 0 0
1619464044.031125
NtProtectVirtualMemory
process_identifier: 2256
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x003e2000
success 0 0
1619464044.031125
NtProtectVirtualMemory
process_identifier: 2256
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76351000
success 0 0
The binary likely contains encrypted or compressed data indicative of a packer (3 个事件)
entropy 7.657757195113507 section {'size_of_data': '0x0000fa00', 'virtual_address': '0x00067000', 'entropy': 7.657757195113507, 'name': 'DATA', 'virtual_size': '0x0000f8e8'} description A section with a high entropy has been found
entropy 7.329572262589837 section {'size_of_data': '0x00040200', 'virtual_address': '0x00085000', 'entropy': 7.329572262589837, 'name': '.rsrc', 'virtual_size': '0x00040180'} description A section with a high entropy has been found
entropy 0.4178127046496398 description Overall entropy of this PE file is high
网络通信
Communicates with host for which no DNS query was performed (3 个事件)
host 172.217.24.14
host 203.208.41.34
host 203.208.41.97
Used NtSetContextThread to modify a thread in a remote process indicative of process injection (2 个事件)
Process injection Process 2988 called NtSetContextThread to modify thread in remote process 2256
Time & API Arguments Status Return Repeated
1619464040.828125
NtSetContextThread
thread_handle: 0x000000ec
registers.eip: 0
registers.esp: 0
registers.edi: 0
registers.eax: 4707472
registers.ebp: 0
registers.edx: 0
registers.ebx: 2130567168
registers.esi: 0
registers.ecx: 0
process_identifier: 2256
success 0 0
Resumed a suspended thread in a remote process potentially indicative of process injection (2 个事件)
Process injection Process 2988 resumed a thread in remote process 2256
Time & API Arguments Status Return Repeated
1619464040.875125
NtResumeThread
thread_handle: 0x000000ec
suspend_count: 1
process_identifier: 2256
success 0 0
Connects to an IP address that is no longer responding to requests (legitimate services will remain up-and-running usually) (1 个事件)
dead_host 172.217.24.14:443
Executed a process and injected code into it, probably while unpacking (6 个事件)
Time & API Arguments Status Return Repeated
1619464040.719125
CreateProcessInternalW
thread_identifier: 2216
thread_handle: 0x000000ec
process_identifier: 2256
current_directory:
filepath:
track: 1
command_line: "C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\46051e7589af34b13418f8f938fe6215.exe"
filepath_r:
stack_pivoted: 0
creation_flags: 4 (CREATE_SUSPENDED)
process_handle: 0x000000f0
inherit_handles: 0
success 1 0
1619464040.719125
NtUnmapViewOfSection
process_identifier: 2256
region_size: 4096
process_handle: 0x000000f0
base_address: 0x00400000
success 0 0
1619464040.813125
NtMapViewOfSection
section_handle: 0x000000f8
process_identifier: 2256
commit_size: 520192
win32_protect: 64 (PAGE_EXECUTE_READWRITE)
buffer:
process_handle: 0x000000f0
allocation_type: 0 ()
section_offset: 0
view_size: 520192
base_address: 0x00400000
success 0 0
1619464040.828125
NtGetContextThread
thread_handle: 0x000000ec
success 0 0
1619464040.828125
NtSetContextThread
thread_handle: 0x000000ec
registers.eip: 0
registers.esp: 0
registers.edi: 0
registers.eax: 4707472
registers.ebp: 0
registers.edx: 0
registers.ebx: 2130567168
registers.esi: 0
registers.ecx: 0
process_identifier: 2256
success 0 0
1619464040.875125
NtResumeThread
thread_handle: 0x000000ec
suspend_count: 1
process_identifier: 2256
success 0 0
File has been identified by 60 AntiVirus engines on VirusTotal as malicious (50 out of 60 个事件)
Bkav W32.AIDetectVM.malware1
Elastic malicious (high confidence)
DrWeb Trojan.Siggen9.42946
MicroWorld-eScan Trojan.GenericKD.43057911
FireEye Generic.mg.46051e7589af34b1
CAT-QuickHeal Trojan.Multi
McAfee Fareit-FSK!46051E7589AF
Cylance Unsafe
VIPRE Trojan.Win32.Generic!BT
K7AntiVirus Trojan ( 0056591c1 )
BitDefender Trojan.GenericKD.43057911
K7GW Trojan ( 0056591c1 )
Cybereason malicious.589af3
BitDefenderTheta Gen:NN.ZelphiF.34780.VG0@a8w3jHbi
Cyren W32/Trojan.NYAM-2727
Symantec Trojan.Gen.MBT
ESET-NOD32 MSIL/NanoCore.E
Zoner Trojan.Win32.90526
TrendMicro-HouseCall TrojanSpy.Win32.FAREIT.UHBAZCLLR
Paloalto generic.ml
ClamAV Win.Dropper.AgentTesla-7708826-1
Kaspersky HEUR:Trojan.Win32.Kryptik.gen
Alibaba Trojan:Win32/DelfInject.ali2000015
NANO-Antivirus Trojan.Win32.TrjGen.hjmdza
ViRobot Backdoor.Win32.S.Nanocore.782848
Rising Trojan.Kryptik!1.C5DC (KTSE)
Ad-Aware Trojan.GenericKD.43057911
TACHYON Backdoor/W32.DP-NanocoreRAT.782848
Sophos Mal/Generic-R + Mal/Fareit-AA
Comodo Malware@#24z0nzekrz4b
TrendMicro TrojanSpy.Win32.FAREIT.UHBAZCLLR
McAfee-GW-Edition BehavesLike.Win32.Fareit.bc
Emsisoft Trojan.GenericKD.43057911 (B)
SentinelOne Static AI - Suspicious PE
Jiangmin Trojan.Kryptik.apl
Webroot W32.Trojan.Gen
Avira TR/Dropper.zgyhm
Antiy-AVL Trojan/Win32.Wacatac
Microsoft Trojan:Win32/LokiBot.AG!MTB
Gridinsoft Trojan.Win32.Kryptik.ba!s1
Arcabit Trojan.Generic.D29102F7
ZoneAlarm HEUR:Trojan.Win32.Kryptik.gen
GData Win32.Malware.AntiVM.K6LQYQ
Cynet Malicious (score: 100)
AhnLab-V3 Suspicious/Win.Delphiless.X2059
Acronis suspicious
VBA32 TScope.Trojan.Delf
MAX malware (ai score=100)
Malwarebytes Trojan.MalPack.DLF
Panda Trj/WLT.F
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

1992-06-20 06:22:17

Imports

Library kernel32.dll:
0x478150 VirtualFree
0x478154 VirtualAlloc
0x478158 LocalFree
0x47815c LocalAlloc
0x478160 GetVersion
0x478164 GetCurrentThreadId
0x478170 VirtualQuery
0x478174 WideCharToMultiByte
0x478178 MultiByteToWideChar
0x47817c lstrlenA
0x478180 lstrcpynA
0x478184 LoadLibraryExA
0x478188 GetThreadLocale
0x47818c GetStartupInfoA
0x478190 GetProcAddress
0x478194 GetModuleHandleA
0x478198 GetModuleFileNameA
0x47819c GetLocaleInfoA
0x4781a0 GetCommandLineA
0x4781a4 FreeLibrary
0x4781a8 FindFirstFileA
0x4781ac FindClose
0x4781b0 ExitProcess
0x4781b4 ExitThread
0x4781b8 CreateThread
0x4781bc WriteFile
0x4781c4 RtlUnwind
0x4781c8 RaiseException
0x4781cc GetStdHandle
Library user32.dll:
0x4781d4 GetKeyboardType
0x4781d8 LoadStringA
0x4781dc MessageBoxA
0x4781e0 CharNextA
Library advapi32.dll:
0x4781e8 RegQueryValueExA
0x4781ec RegOpenKeyExA
0x4781f0 RegCloseKey
Library oleaut32.dll:
0x4781f8 SysFreeString
0x4781fc SysReAllocStringLen
0x478200 SysAllocStringLen
Library kernel32.dll:
0x478208 TlsSetValue
0x47820c TlsGetValue
0x478210 LocalAlloc
0x478214 GetModuleHandleA
Library advapi32.dll:
0x47821c RegQueryValueExA
0x478220 RegOpenKeyExA
0x478224 RegCloseKey
Library kernel32.dll:
0x47822c lstrcpyA
0x478230 WriteFile
0x478238 WaitForSingleObject
0x47823c VirtualQuery
0x478240 VirtualAlloc
0x478244 SuspendThread
0x478248 Sleep
0x47824c SizeofResource
0x478250 SetThreadPriority
0x478254 SetThreadLocale
0x478258 SetFilePointer
0x47825c SetEvent
0x478260 SetErrorMode
0x478264 SetEndOfFile
0x478268 ResumeThread
0x47826c ResetEvent
0x478270 ReadFile
0x478274 MultiByteToWideChar
0x478278 MulDiv
0x47827c LockResource
0x478280 LoadResource
0x478284 LoadLibraryA
0x478290 GlobalUnlock
0x478294 GlobalReAlloc
0x478298 GlobalHandle
0x47829c GlobalLock
0x4782a0 GlobalFree
0x4782a4 GlobalFindAtomA
0x4782a8 GlobalDeleteAtom
0x4782ac GlobalAlloc
0x4782b0 GlobalAddAtomA
0x4782b4 GetVersionExA
0x4782b8 GetVersion
0x4782bc GetTickCount
0x4782c0 GetThreadPriority
0x4782c4 GetThreadLocale
0x4782c8 GetTempPathA
0x4782d0 GetSystemTime
0x4782d4 GetSystemInfo
0x4782d8 GetStringTypeExA
0x4782dc GetStdHandle
0x4782e0 GetProcAddress
0x4782e4 GetModuleHandleA
0x4782e8 GetModuleFileNameA
0x4782ec GetLocaleInfoA
0x4782f0 GetLocalTime
0x4782f4 GetLastError
0x4782f8 GetFullPathNameA
0x4782fc GetFileSize
0x478300 GetExitCodeThread
0x478304 GetDiskFreeSpaceA
0x478308 GetDateFormatA
0x47830c GetCurrentThreadId
0x478310 GetCurrentProcessId
0x478314 GetCPInfo
0x478318 GetACP
0x47831c FreeResource
0x478324 InterlockedExchange
0x47832c FreeLibrary
0x478330 FormatMessageA
0x478334 FindResourceA
0x47833c ExitThread
0x478340 EnumCalendarInfoA
0x47834c CreateThread
0x478350 CreateFileA
0x478354 CreateEventA
0x478358 CompareStringA
0x47835c CloseHandle
Library version.dll:
0x478364 VerQueryValueA
0x47836c GetFileVersionInfoA
Library gdi32.dll:
0x478374 UnrealizeObject
0x478378 StretchBlt
0x47837c SetWindowOrgEx
0x478380 SetViewportOrgEx
0x478384 SetTextColor
0x478388 SetStretchBltMode
0x47838c SetROP2
0x478390 SetPixel
0x478394 SetDIBColorTable
0x478398 SetBrushOrgEx
0x47839c SetBkMode
0x4783a0 SetBkColor
0x4783a4 SelectPalette
0x4783a8 SelectObject
0x4783ac SaveDC
0x4783b0 RestoreDC
0x4783b4 RectVisible
0x4783b8 RealizePalette
0x4783bc PatBlt
0x4783c0 MoveToEx
0x4783c4 MaskBlt
0x4783c8 LineTo
0x4783cc IntersectClipRect
0x4783d0 GetWindowOrgEx
0x4783d4 GetTextMetricsA
0x4783e0 GetStockObject
0x4783e4 GetPixel
0x4783e8 GetPaletteEntries
0x4783ec GetObjectA
0x4783f0 GetDeviceCaps
0x4783f4 GetDIBits
0x4783f8 GetDIBColorTable
0x4783fc GetDCOrgEx
0x478404 GetClipBox
0x478408 GetBrushOrgEx
0x47840c GetBitmapBits
0x478410 ExcludeClipRect
0x478414 DeleteObject
0x478418 DeleteDC
0x47841c CreateSolidBrush
0x478420 CreatePenIndirect
0x478424 CreatePalette
0x47842c CreateFontIndirectA
0x478430 CreateDIBitmap
0x478434 CreateDIBSection
0x478438 CreateCompatibleDC
0x478440 CreateBrushIndirect
0x478444 CreateBitmap
0x478448 BitBlt
Library user32.dll:
0x478450 CreateWindowExA
0x478454 WindowFromPoint
0x478458 WinHelpA
0x47845c WaitMessage
0x478460 UpdateWindow
0x478464 UnregisterClassA
0x478468 UnhookWindowsHookEx
0x47846c TranslateMessage
0x478474 TrackPopupMenu
0x47847c ShowWindow
0x478480 ShowScrollBar
0x478484 ShowOwnedPopups
0x478488 ShowCursor
0x47848c SetWindowsHookExA
0x478490 SetWindowPos
0x478494 SetWindowPlacement
0x478498 SetWindowLongA
0x47849c SetTimer
0x4784a0 SetScrollRange
0x4784a4 SetScrollPos
0x4784a8 SetScrollInfo
0x4784ac SetRect
0x4784b0 SetPropA
0x4784b4 SetParent
0x4784b8 SetMenuItemInfoA
0x4784bc SetMenu
0x4784c0 SetForegroundWindow
0x4784c4 SetFocus
0x4784c8 SetCursor
0x4784cc SetClassLongA
0x4784d0 SetCapture
0x4784d4 SetActiveWindow
0x4784d8 SendMessageA
0x4784dc ScrollWindow
0x4784e0 ScreenToClient
0x4784e4 RemovePropA
0x4784e8 RemoveMenu
0x4784ec ReleaseDC
0x4784f0 ReleaseCapture
0x4784fc RegisterClassA
0x478500 RedrawWindow
0x478504 PtInRect
0x478508 PostQuitMessage
0x47850c PostMessageA
0x478510 PeekMessageA
0x478514 OffsetRect
0x478518 OemToCharA
0x478520 MessageBoxA
0x478524 MapWindowPoints
0x478528 MapVirtualKeyA
0x47852c LoadStringA
0x478530 LoadKeyboardLayoutA
0x478534 LoadIconA
0x478538 LoadCursorA
0x47853c LoadBitmapA
0x478540 KillTimer
0x478544 IsZoomed
0x478548 IsWindowVisible
0x47854c IsWindowEnabled
0x478550 IsWindow
0x478554 IsRectEmpty
0x478558 IsIconic
0x47855c IsDialogMessageA
0x478560 IsChild
0x478564 InvalidateRect
0x478568 IntersectRect
0x47856c InsertMenuItemA
0x478570 InsertMenuA
0x478574 InflateRect
0x47857c GetWindowTextA
0x478580 GetWindowRect
0x478584 GetWindowPlacement
0x478588 GetWindowLongA
0x47858c GetWindowDC
0x478590 GetTopWindow
0x478594 GetSystemMetrics
0x478598 GetSystemMenu
0x47859c GetSysColorBrush
0x4785a0 GetSysColor
0x4785a4 GetSubMenu
0x4785a8 GetScrollRange
0x4785ac GetScrollPos
0x4785b0 GetScrollInfo
0x4785b4 GetPropA
0x4785b8 GetParent
0x4785bc GetWindow
0x4785c0 GetMenuStringA
0x4785c4 GetMenuState
0x4785c8 GetMenuItemInfoA
0x4785cc GetMenuItemID
0x4785d0 GetMenuItemCount
0x4785d4 GetMenuDefaultItem
0x4785d8 GetMenu
0x4785dc GetLastActivePopup
0x4785e0 GetKeyboardState
0x4785e8 GetKeyboardLayout
0x4785ec GetKeyState
0x4785f0 GetKeyNameTextA
0x4785f4 GetIconInfo
0x4785f8 GetForegroundWindow
0x4785fc GetFocus
0x478600 GetDesktopWindow
0x478604 GetDCEx
0x478608 GetDC
0x47860c GetCursorPos
0x478610 GetCursor
0x478614 GetClientRect
0x478618 GetClassNameA
0x47861c GetClassInfoA
0x478620 GetCapture
0x478624 GetActiveWindow
0x478628 FrameRect
0x47862c FindWindowA
0x478630 FillRect
0x478634 EqualRect
0x478638 EnumWindows
0x47863c EnumThreadWindows
0x478640 EndPaint
0x478644 EnableWindow
0x478648 EnableScrollBar
0x47864c EnableMenuItem
0x478650 DrawTextA
0x478654 DrawMenuBar
0x478658 DrawIconEx
0x47865c DrawIcon
0x478660 DrawFrameControl
0x478664 DrawEdge
0x478668 DispatchMessageA
0x47866c DestroyWindow
0x478670 DestroyMenu
0x478674 DestroyIcon
0x478678 DestroyCursor
0x47867c DeleteMenu
0x478680 DefWindowProcA
0x478684 DefMDIChildProcA
0x478688 DefFrameProcA
0x47868c CreatePopupMenu
0x478690 CreateMenu
0x478694 CreateIcon
0x478698 ClientToScreen
0x47869c CheckMenuItem
0x4786a0 CallWindowProcA
0x4786a4 CallNextHookEx
0x4786a8 BeginPaint
0x4786ac CharNextA
0x4786b0 CharLowerA
0x4786b4 CharUpperBuffA
0x4786b8 CharToOemA
0x4786bc AdjustWindowRectEx
Library kernel32.dll:
0x4786c8 Sleep
Library oleaut32.dll:
0x4786d0 SafeArrayPtrOfIndex
0x4786d4 SafeArrayPutElement
0x4786d8 SafeArrayGetElement
0x4786e0 SafeArrayAccessData
0x4786e4 SafeArrayGetUBound
0x4786e8 SafeArrayGetLBound
0x4786ec SafeArrayCreate
0x4786f0 VariantChangeType
0x4786f4 VariantCopyInd
0x4786f8 VariantCopy
0x4786fc VariantClear
0x478700 VariantInit
Library ole32.dll:
0x478708 CoCreateInstance
0x47870c CoUninitialize
0x478710 CoInitialize
Library oleaut32.dll:
0x478718 CreateErrorInfo
0x47871c GetErrorInfo
0x478720 SetErrorInfo
0x478724 SysFreeString
Library comctl32.dll:
0x478734 ImageList_Write
0x478738 ImageList_Read
0x478748 ImageList_DragMove
0x47874c ImageList_DragLeave
0x478750 ImageList_DragEnter
0x478754 ImageList_EndDrag
0x478758 ImageList_BeginDrag
0x47875c ImageList_Remove
0x478760 ImageList_DrawEx
0x478764 ImageList_Draw
0x478774 ImageList_Add
0x47877c ImageList_Destroy
0x478780 ImageList_Create

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 51963 114.114.114.114 53
192.168.56.101 56539 114.114.114.114 53
192.168.56.101 58367 114.114.114.114 53
192.168.56.101 60123 114.114.114.114 53
192.168.56.101 60215 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 123 20.189.79.72 time.windows.com 123
192.168.56.101 49235 224.0.0.252 5355
192.168.56.101 50534 224.0.0.252 5355
192.168.56.101 53657 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 57756 224.0.0.252 5355
192.168.56.101 57874 224.0.0.252 5355
192.168.56.101 63429 224.0.0.252 5355
192.168.56.101 1900 239.255.255.250 1900
192.168.56.101 53658 239.255.255.250 3702
192.168.56.101 56807 239.255.255.250 1900
192.168.56.101 58707 239.255.255.250 3702
192.168.56.101 60216 239.255.255.250 3702

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.