9.0
极危
该样本未表现出任何异常!
重新分析
更多

e59c6ce877c0add444ec2b2e91d5384a5659ea5cb5b74d113256168b8abddc17

4656ddb2c96508e472ffe43dcba01fcb.exe

分析耗时

76s

最近分析

文件大小

711.5KB
静态报毒 动态报毒 PUTTY
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
未检测 暂无反病毒引擎检测结果
静态指标
Queries for the computername (3 个事件)
Time & API Arguments Status Return Repeated
1620981856.341876
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
1620981862.404876
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
1620981867.654876
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
Collects information to fingerprint the system (MachineGuid, DigitalProductId, SystemBiosDate) (1 个事件)
registry HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\MachineGuid
Tries to locate where the browsers are installed (1 个事件)
registry HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox
Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available (1 个事件)
Time & API Arguments Status Return Repeated
1620981854.623876
GlobalMemoryStatusEx
success 1 0
The executable contains unknown PE section names indicative of a packer (could be a false positive) (3 个事件)
section CODE
section DATA
section BSS
The executable uses a known packer (1 个事件)
packer BobSoft Mini Delphi -> BoB / BobSoft
One or more processes crashed (1 个事件)
Time & API Arguments Status Return Repeated
1620946616.329046
__exception__
stacktrace: 
4656ddb2c96508e472ffe43dcba01fcb+0x7f8ca @ 0x47f8ca
4656ddb2c96508e472ffe43dcba01fcb+0x3d7b @ 0x403d7b
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1637900
registers.edi: 4716796
registers.eax: 0
registers.ebp: 1638208
registers.edx: 2964080
registers.ebx: 0
registers.esi: 0
registers.ecx: 2010527866
exception.instruction_r: f7 f0 33 c0 5a 59 59 64 89 10 eb 0f e9 5a 40 f8
exception.symbol: 4656ddb2c96508e472ffe43dcba01fcb+0x7f6d9
exception.instruction: div eax
exception.module: 4656ddb2c96508e472ffe43dcba01fcb.exe
exception.exception_code: 0xc0000094
exception.offset: 521945
exception.address: 0x47f6d9
success 0 0
行为判定
动态指标
One or more potentially interesting buffers were extracted, these generally contain injected code, configuration data, etc.
Allocates read-write-execute memory (usually to unpack itself) (3 个事件)
Time & API Arguments Status Return Repeated
1620946615.938046
NtAllocateVirtualMemory
process_identifier: 2868
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x01f00000
success 0 0
1620946625.485046
NtProtectVirtualMemory
process_identifier: 2868
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 28672
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00479000
success 0 0
1620946625.501046
NtAllocateVirtualMemory
process_identifier: 2868
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x01f40000
success 0 0
Steals private information from local Internet browsers (19 个事件)
file C:\Users\Administrator.Oskar-PC\AppData\Local\Google\Chrome\User Data\Default\Login Data
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\Opera\Opera Next\data\User Data\Default\Login Data
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\Opera\Opera Next\data\User Data\Default\Web Data
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\Opera\Opera Next\data\Login Data
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\Opera\Opera Next\data\Default\Login Data
file C:\Users\Administrator.Oskar-PC\AppData\Local\Chromium\User Data\Default\Login Data
file C:\Users\Administrator.Oskar-PC\AppData\Local\Chromium\User Data\Default\Web Data
file C:\Users\Administrator.Oskar-PC\AppData\Local\MapleStudio\ChromePlus\User Data\Default\Web Data
file C:\Users\Administrator.Oskar-PC\AppData\LocalMapleStudio\ChromePlus\Login Data
file C:\Users\Administrator.Oskar-PC\AppData\LocalMapleStudio\ChromePlus\Default\Login Data
file C:\Users\Administrator.Oskar-PC\AppData\Local\MapleStudio\ChromePlus\User Data\Default\Login Data
file C:\Users\Administrator.Oskar-PC\AppData\Local\Nichrome\User Data\Default\Web Data
file C:\Users\Administrator.Oskar-PC\AppData\Local\Nichrome\User Data\Default\Login Data
file C:\Users\Administrator.Oskar-PC\AppData\Local\RockMelt\User Data\Default\Web Data
file C:\Users\Administrator.Oskar-PC\AppData\Local\RockMelt\User Data\Default\Login Data
file C:\Users\Administrator.Oskar-PC\AppData\Local\Yandex\YandexBrowser\User Data\Default\Login Data
file C:\Users\Administrator.Oskar-PC\AppData\Local\Yandex\YandexBrowser\User Data\Default\Web Data
registry HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\SeaMonkey
registry HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox
Moves the original executable to a new location (1 个事件)
Time & API Arguments Status Return Repeated
1620981867.623876
MoveFileWithProgressW
oldfilepath: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\4656ddb2c96508e472ffe43dcba01fcb.exe
newfilepath: C:\Users\Administrator.Oskar-PC\AppData\Roaming\6ED2B0\0019EA.exe
newfilepath_r: C:\Users\Administrator.Oskar-PC\AppData\Roaming\6ED2B0\0019EA.exe
flags: 1
oldfilepath_r: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\4656ddb2c96508e472ffe43dcba01fcb.exe
success 1 0
The binary likely contains encrypted or compressed data indicative of a packer (2 个事件)
entropy 6.97220380664593 section {'size_of_data': '0x00025800', 'virtual_address': '0x00091000', 'entropy': 6.97220380664593, 'name': '.rsrc', 'virtual_size': '0x00025638'} description A section with a high entropy has been found
entropy 0.211118930330753 description Overall entropy of this PE file is high
Checks for the Locally Unique Identifier on the system for a suspicious privilege (1 个事件)
Time & API Arguments Status Return Repeated
1620981862.326876
LookupPrivilegeValueW
system_name:
privilege_name: SeDebugPrivilege
success 1 0
网络通信
Communicates with host for which no DNS query was performed (3 个事件)
host 172.217.24.14
host 203.208.40.34
host 203.208.41.33
Harvests credentials from local FTP client softwares (22 个事件)
file C:\Program Files (x86)\FTPGetter\Profile\servers.xml
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\FTPGetter\servers.xml
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\Estsoft\ALFTP\ESTdb2.dat
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\wcx_ftp.ini
file C:\Windows\wcx_ftp.ini
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\GHISLER\wcx_ftp.ini
file C:\Users\Administrator.Oskar-PC\wcx_ftp.ini
file C:\Windows\32BitFtp.ini
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\FileZilla\sitemanager.xml
file C:\Program Files (x86)\FileZilla\Filezilla.xml
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\FileZilla\filezilla.xml
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\FileZilla\recentservers.xml
registry HKEY_CURRENT_USER\Software\Far\Plugins\FTP\Hosts
registry HKEY_CURRENT_USER\Software\Far2\Plugins\FTP\Hosts
registry HKEY_CURRENT_USER\Software\Ghisler\Total Commander
registry HKEY_CURRENT_USER\Software\VanDyke\SecureFX
registry HKEY_CURRENT_USER\Software\LinasFTP\Site Manager
registry HKEY_CURRENT_USER\Software\FlashPeak\BlazeFtp\Settings
registry HKEY_CURRENT_USER\Software\SimonTatham\PuTTY\Sessions
registry HKEY_LOCAL_MACHINE\Software\SimonTatham\PuTTY\Sessions
registry HKEY_CURRENT_USER\Software\Martin Prikryl
registry HKEY_LOCAL_MACHINE\Software\Martin Prikryl
Harvests information related to installed instant messenger clients (1 个事件)
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\.purple\accounts.xml
Harvests credentials from local email clients (3 个事件)
registry HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook
registry HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Thunderbird
registry HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook
Used NtSetContextThread to modify a thread in a remote process indicative of process injection (2 个事件)
Process injection Process 2868 called NtSetContextThread to modify thread in remote process 364
Time & API Arguments Status Return Repeated
1620946626.142046
NtSetContextThread
thread_handle: 0x00000100
registers.eip: 2010382788
registers.esp: 1638384
registers.edi: 0
registers.eax: 4274654
registers.ebp: 0
registers.edx: 0
registers.ebx: 2130567168
registers.esi: 0
registers.ecx: 0
process_identifier: 364
success 0 0
Putty Files, Registry Keys and/or Mutexes Detected
Resumed a suspended thread in a remote process potentially indicative of process injection (2 个事件)
Process injection Process 2868 resumed a thread in remote process 364
Time & API Arguments Status Return Repeated
1620946626.485046
NtResumeThread
thread_handle: 0x00000100
suspend_count: 1
process_identifier: 364
success 0 0
Executed a process and injected code into it, probably while unpacking (8 个事件)
Time & API Arguments Status Return Repeated
1620946626.110046
CreateProcessInternalW
thread_identifier: 2364
thread_handle: 0x00000100
process_identifier: 364
current_directory:
filepath:
track: 1
command_line: "C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\4656ddb2c96508e472ffe43dcba01fcb.exe"
filepath_r:
stack_pivoted: 0
creation_flags: 4 (CREATE_SUSPENDED)
process_handle: 0x00000104
inherit_handles: 0
success 1 0
1620946626.110046
NtGetContextThread
thread_handle: 0x00000100
success 0 0
1620946626.110046
NtUnmapViewOfSection
process_identifier: 364
region_size: 4096
process_handle: 0x00000104
base_address: 0x00400000
success 0 0
1620946626.110046
NtMapViewOfSection
section_handle: 0x0000010c
process_identifier: 364
commit_size: 663552
win32_protect: 64 (PAGE_EXECUTE_READWRITE)
buffer:
process_handle: 0x00000104
allocation_type: 0 ()
section_offset: 0
view_size: 663552
base_address: 0x00400000
success 0 0
1620946626.142046
NtMapViewOfSection
section_handle: 0x00000108
process_identifier: 364
commit_size: 4096
win32_protect: 64 (PAGE_EXECUTE_READWRITE)
buffer:
process_handle: 0x00000104
allocation_type: 0 ()
section_offset: 0
view_size: 4096
base_address: 0x001f0000
success 0 0
1620946626.142046
NtSetContextThread
thread_handle: 0x00000100
registers.eip: 2010382788
registers.esp: 1638384
registers.edi: 0
registers.eax: 4274654
registers.ebp: 0
registers.edx: 0
registers.ebx: 2130567168
registers.esi: 0
registers.ecx: 0
process_identifier: 364
success 0 0
1620946626.485046
NtResumeThread
thread_handle: 0x00000100
suspend_count: 1
process_identifier: 364
success 0 0
1620981855.138876
NtResumeThread
thread_handle: 0x00000110
suspend_count: 1
process_identifier: 364
success 0 0
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

1992-02-29 21:51:19

Imports

Library kernel32.dll:
0x483164 VirtualFree
0x483168 VirtualAlloc
0x48316c LocalFree
0x483170 LocalAlloc
0x483174 GetVersion
0x483178 GetCurrentThreadId
0x483184 VirtualQuery
0x483188 WideCharToMultiByte
0x483190 MultiByteToWideChar
0x483194 lstrlenA
0x483198 lstrcpynA
0x48319c LoadLibraryExA
0x4831a0 GetThreadLocale
0x4831a4 GetStartupInfoA
0x4831a8 GetProcAddress
0x4831ac GetModuleHandleA
0x4831b0 GetModuleFileNameA
0x4831b4 GetLocaleInfoA
0x4831b8 GetLastError
0x4831c0 GetCommandLineA
0x4831c4 FreeLibrary
0x4831c8 FindFirstFileA
0x4831cc FindClose
0x4831d0 ExitProcess
0x4831d4 ExitThread
0x4831d8 CreateThread
0x4831dc WriteFile
0x4831e4 RtlUnwind
0x4831e8 RaiseException
0x4831ec GetStdHandle
Library user32.dll:
0x4831f4 GetKeyboardType
0x4831f8 LoadStringA
0x4831fc MessageBoxA
0x483200 CharNextA
Library advapi32.dll:
0x483208 RegQueryValueExA
0x48320c RegOpenKeyExA
0x483210 RegCloseKey
Library oleaut32.dll:
0x483218 SysFreeString
0x48321c SysReAllocStringLen
0x483220 SysAllocStringLen
Library kernel32.dll:
0x483228 TlsSetValue
0x48322c TlsGetValue
0x483230 LocalAlloc
0x483234 GetModuleHandleA
Library advapi32.dll:
0x48323c RegQueryValueExA
0x483240 RegOpenKeyExA
0x483244 RegCloseKey
Library kernel32.dll:
0x48324c lstrcpyA
0x483250 lstrcmpA
0x483254 WriteFile
0x483258 WaitForSingleObject
0x48325c VirtualQuery
0x483260 VirtualProtectEx
0x483264 VirtualFree
0x483268 VirtualAlloc
0x48326c SuspendThread
0x483270 SleepEx
0x483274 Sleep
0x483278 SizeofResource
0x48327c SetThreadPriority
0x483280 SetThreadLocale
0x483284 SetFilePointer
0x483288 SetEvent
0x48328c SetErrorMode
0x483290 SetEndOfFile
0x483294 ResumeThread
0x483298 ResetEvent
0x48329c ReadFile
0x4832a0 MulDiv
0x4832a4 LockResource
0x4832a8 LoadResource
0x4832ac LoadLibraryA
0x4832b8 GlobalUnlock
0x4832bc GlobalReAlloc
0x4832c0 GlobalHandle
0x4832c4 GlobalLock
0x4832c8 GlobalFree
0x4832cc GlobalFindAtomA
0x4832d0 GlobalDeleteAtom
0x4832d4 GlobalAlloc
0x4832d8 GlobalAddAtomA
0x4832e0 GetVersionExA
0x4832e4 GetVersion
0x4832e8 GetTickCount
0x4832ec GetThreadPriority
0x4832f0 GetThreadLocale
0x4832f4 GetTempPathA
0x4832f8 GetSystemInfo
0x4832fc GetStringTypeExA
0x483300 GetStdHandle
0x483304 GetProcAddress
0x483308 GetModuleHandleA
0x48330c GetModuleFileNameA
0x483310 GetLogicalDrives
0x483314 GetLocaleInfoA
0x483318 GetLocalTime
0x48331c GetLastError
0x483320 GetFullPathNameA
0x483324 GetFileSize
0x483328 GetFileAttributesA
0x48332c GetExitCodeThread
0x483330 GetDriveTypeA
0x483334 GetDiskFreeSpaceA
0x483338 GetDateFormatA
0x48333c GetCurrentThreadId
0x483340 GetCurrentProcessId
0x483344 GetCPInfo
0x483348 GetACP
0x48334c FreeResource
0x483354 InterlockedExchange
0x48335c FreeLibrary
0x483360 FormatMessageA
0x483364 FindResourceA
0x483368 FindNextFileA
0x48336c FindFirstFileA
0x483370 FindClose
0x48337c EnumCalendarInfoA
0x483388 CreateThread
0x48338c CreateFileA
0x483390 CreateEventA
0x483394 CompareStringA
0x483398 CloseHandle
Library mpr.dll:
0x4833a0 WNetGetConnectionA
Library version.dll:
0x4833a8 VerQueryValueA
0x4833b0 GetFileVersionInfoA
Library gdi32.dll:
0x4833b8 UnrealizeObject
0x4833bc StretchBlt
0x4833c0 SetWindowOrgEx
0x4833c4 SetWindowExtEx
0x4833c8 SetWinMetaFileBits
0x4833cc SetViewportOrgEx
0x4833d0 SetViewportExtEx
0x4833d4 SetTextColor
0x4833d8 SetStretchBltMode
0x4833dc SetROP2
0x4833e0 SetPixel
0x4833e4 SetMapMode
0x4833e8 SetEnhMetaFileBits
0x4833ec SetDIBColorTable
0x4833f0 SetBrushOrgEx
0x4833f4 SetBkMode
0x4833f8 SetBkColor
0x4833fc SelectPalette
0x483400 SelectObject
0x483404 SelectClipRgn
0x483408 SaveDC
0x48340c RestoreDC
0x483410 Rectangle
0x483414 RectVisible
0x483418 RealizePalette
0x48341c PtVisible
0x483420 Polyline
0x483424 PolyPolyline
0x483428 PlayEnhMetaFile
0x48342c PatBlt
0x483430 MoveToEx
0x483434 MaskBlt
0x483438 LineTo
0x48343c IntersectClipRect
0x483440 GetWindowOrgEx
0x483444 GetWinMetaFileBits
0x483448 GetTextMetricsA
0x483454 GetStockObject
0x483458 GetPixel
0x48345c GetPaletteEntries
0x483460 GetObjectA
0x48346c GetEnhMetaFileBits
0x483470 GetDeviceCaps
0x483474 GetDIBits
0x483478 GetDIBColorTable
0x48347c GetDCOrgEx
0x483484 GetClipBox
0x483488 GetBrushOrgEx
0x48348c GetBitmapBits
0x483490 ExtTextOutA
0x483494 ExtCreatePen
0x483498 ExcludeClipRect
0x48349c DeleteObject
0x4834a0 DeleteEnhMetaFile
0x4834a4 DeleteDC
0x4834a8 CreateSolidBrush
0x4834ac CreatePenIndirect
0x4834b0 CreatePen
0x4834b4 CreatePalette
0x4834bc CreateFontIndirectA
0x4834c0 CreateDIBitmap
0x4834c4 CreateDIBSection
0x4834c8 CreateCompatibleDC
0x4834d0 CreateBrushIndirect
0x4834d4 CreateBitmap
0x4834d8 CopyEnhMetaFileA
0x4834dc BitBlt
Library user32.dll:
0x4834e4 CreateWindowExA
0x4834e8 WindowFromPoint
0x4834ec WinHelpA
0x4834f0 WaitMessage
0x4834f4 ValidateRect
0x4834f8 UpdateWindow
0x4834fc UnregisterClassA
0x483500 UnionRect
0x483504 UnhookWindowsHookEx
0x483508 TranslateMessage
0x483510 TrackPopupMenu
0x483518 ShowWindow
0x48351c ShowScrollBar
0x483520 ShowOwnedPopups
0x483524 ShowCursor
0x483528 SetWindowsHookExA
0x48352c SetWindowTextA
0x483530 SetWindowPos
0x483534 SetWindowPlacement
0x483538 SetWindowLongA
0x48353c SetTimer
0x483540 SetScrollRange
0x483544 SetScrollPos
0x483548 SetScrollInfo
0x48354c SetRect
0x483550 SetPropA
0x483554 SetParent
0x483558 SetMenuItemInfoA
0x48355c SetMenu
0x483560 SetKeyboardState
0x483564 SetForegroundWindow
0x483568 SetFocus
0x48356c SetCursor
0x483570 SetClipboardData
0x483574 SetClassLongA
0x483578 SetCapture
0x48357c SetActiveWindow
0x483580 SendMessageA
0x483584 ScrollWindowEx
0x483588 ScrollWindow
0x48358c ScreenToClient
0x483590 RemovePropA
0x483594 RemoveMenu
0x483598 ReleaseDC
0x48359c ReleaseCapture
0x4835a8 RegisterClassA
0x4835ac RedrawWindow
0x4835b0 PtInRect
0x4835b4 PostQuitMessage
0x4835b8 PostMessageA
0x4835bc PeekMessageA
0x4835c0 OpenClipboard
0x4835c4 OffsetRect
0x4835c8 OemToCharA
0x4835d0 MessageBoxA
0x4835d4 MessageBeep
0x4835d8 MapWindowPoints
0x4835dc MapVirtualKeyA
0x4835e0 LoadStringA
0x4835e4 LoadKeyboardLayoutA
0x4835e8 LoadIconA
0x4835ec LoadCursorA
0x4835f0 LoadBitmapA
0x4835f4 KillTimer
0x4835f8 IsZoomed
0x4835fc IsWindowVisible
0x483600 IsWindowEnabled
0x483604 IsWindow
0x483608 IsRectEmpty
0x48360c IsIconic
0x483610 IsDialogMessageA
0x483614 IsChild
0x483618 IsCharAlphaNumericA
0x48361c IsCharAlphaA
0x483620 InvalidateRect
0x483624 IntersectRect
0x483628 InsertMenuItemA
0x48362c InsertMenuA
0x483630 InflateRect
0x483638 GetWindowTextA
0x48363c GetWindowRect
0x483640 GetWindowPlacement
0x483644 GetWindowLongA
0x483648 GetWindowDC
0x48364c GetTopWindow
0x483650 GetSystemMetrics
0x483654 GetSystemMenu
0x483658 GetSysColorBrush
0x48365c GetSysColor
0x483660 GetSubMenu
0x483664 GetScrollRange
0x483668 GetScrollPos
0x48366c GetScrollInfo
0x483670 GetPropA
0x483674 GetParent
0x483678 GetWindow
0x48367c GetMessageTime
0x483680 GetMenuStringA
0x483684 GetMenuState
0x483688 GetMenuItemInfoA
0x48368c GetMenuItemID
0x483690 GetMenuItemCount
0x483694 GetMenu
0x483698 GetLastActivePopup
0x48369c GetKeyboardState
0x4836a4 GetKeyboardLayout
0x4836a8 GetKeyState
0x4836ac GetKeyNameTextA
0x4836b0 GetIconInfo
0x4836b4 GetForegroundWindow
0x4836b8 GetFocus
0x4836bc GetDoubleClickTime
0x4836c0 GetDesktopWindow
0x4836c4 GetDCEx
0x4836c8 GetDC
0x4836cc GetCursorPos
0x4836d0 GetCursor
0x4836d4 GetClipboardData
0x4836d8 GetClientRect
0x4836dc GetClassNameA
0x4836e0 GetClassInfoA
0x4836e4 GetCaretPos
0x4836e8 GetCapture
0x4836ec GetActiveWindow
0x4836f0 FrameRect
0x4836f4 FindWindowA
0x4836f8 FillRect
0x4836fc EqualRect
0x483700 EnumWindows
0x483704 EnumThreadWindows
0x48370c EndPaint
0x483710 EnableWindow
0x483714 EnableScrollBar
0x483718 EnableMenuItem
0x48371c EmptyClipboard
0x483720 DrawTextA
0x483724 DrawMenuBar
0x483728 DrawIconEx
0x48372c DrawIcon
0x483730 DrawFrameControl
0x483734 DrawFocusRect
0x483738 DrawEdge
0x48373c DispatchMessageA
0x483740 DestroyWindow
0x483744 DestroyMenu
0x483748 DestroyIcon
0x48374c DestroyCursor
0x483750 DeleteMenu
0x483754 DefWindowProcA
0x483758 DefMDIChildProcA
0x48375c DefFrameProcA
0x483760 CreatePopupMenu
0x483764 CreateMenu
0x483768 CreateIcon
0x48376c CloseClipboard
0x483770 ClientToScreen
0x483774 CheckMenuItem
0x483778 CallWindowProcA
0x48377c CallNextHookEx
0x483780 BeginPaint
0x483784 CharNextA
0x483788 CharLowerBuffA
0x48378c CharLowerA
0x483790 CharUpperBuffA
0x483794 CharToOemA
0x483798 AdjustWindowRectEx
Library kernel32.dll:
0x4837a4 Sleep
Library oleaut32.dll:
0x4837ac SafeArrayPtrOfIndex
0x4837b0 SafeArrayGetUBound
0x4837b4 SafeArrayGetLBound
0x4837b8 SafeArrayCreate
0x4837bc VariantChangeType
0x4837c0 VariantCopy
0x4837c4 VariantClear
0x4837c8 VariantInit
Library ole32.dll:
0x4837d0 CoTaskMemAlloc
0x4837d4 CoCreateInstance
0x4837d8 CoUninitialize
0x4837dc CoInitialize
Library comctl32.dll:
0x4837ec ImageList_Write
0x4837f0 ImageList_Read
0x483800 ImageList_DragMove
0x483804 ImageList_DragLeave
0x483808 ImageList_DragEnter
0x48380c ImageList_EndDrag
0x483810 ImageList_BeginDrag
0x483814 ImageList_Remove
0x483818 ImageList_DrawEx
0x48381c ImageList_Draw
0x48382c ImageList_Add
0x483834 ImageList_Destroy
0x483838 ImageList_Create
0x48383c InitCommonControls
Library kernel32.dll:
0x483844 MulDiv

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 50534 114.114.114.114 53
192.168.56.101 51963 114.114.114.114 53
192.168.56.101 56539 114.114.114.114 53
192.168.56.101 58367 114.114.114.114 53
192.168.56.101 65004 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 49235 224.0.0.252 5355
192.168.56.101 50002 224.0.0.252 5355
192.168.56.101 53657 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 57756 224.0.0.252 5355
192.168.56.101 57874 224.0.0.252 5355
192.168.56.101 60123 224.0.0.252 5355
192.168.56.101 60384 224.0.0.252 5355
192.168.56.101 61680 224.0.0.252 5355
192.168.56.101 62191 224.0.0.252 5355
192.168.56.101 1900 239.255.255.250 1900
192.168.56.101 50535 239.255.255.250 3702
192.168.56.101 50537 239.255.255.250 3702

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.