6.8
高危
55 个模型检测该样本为恶意!
重新分析
更多

dfb7e2d4af560a7f7f1088db5faa8c86cab84658f8c827ea57647dc2666bef00

46e16478c94b897a88350ea461ad8cfe.exe

分析耗时

79s

最近分析

文件大小

908.0KB
静态报毒 动态报毒 4Y0@A8OHMVHK AGEN AI SCORE=88 ANLS ATTRIBUTE CLASSIC ELDORADO EMOTET EPAZ GENCIRC GENERICKDZ GENKRYPTIK HIGH CONFIDENCE HIGHCONFIDENCE HPTPRB KRYPTIK MALWARE@#2P06KBNTA7U4U R + TROJ R002C0DGU20 R346462 S15279459 SCORE SGENERIC SOCELARSTV SUSGEN UNSAFE WACATACPMF ZEXAF 更多
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
McAfee Emotet-FRI!46E16478C94B 20200918 6.0.6.653
Alibaba Trojan:Win32/Emotet.98d605e4 20190527 0.3.0.5
Avast Win32:Malware-gen 20200918 18.4.3895.0
Tencent Malware.Win32.Gencirc.10cde54b 20200918 1.0.0.1
Baidu 20190318 1.0.0.2
Kingsoft 20200918 2013.8.14.323
CrowdStrike 20190702 1.0
静态指标
Queries for the computername (1 个事件)
Time & API Arguments Status Return Repeated
1620953781.319626
GetComputerNameA
computer_name: OSKAR-PC
success 1 0
Uses Windows APIs to generate a cryptographic key (3 个事件)
Time & API Arguments Status Return Repeated
1620953771.710626
CryptGenKey
crypto_handle: 0x00a2de08
algorithm_identifier: 0x0000660e ()
provider_handle: 0x00986478
flags: 1
key: fç˜y²ü—I*n©#J
success 1 0
1620953781.335626
CryptExportKey
crypto_handle: 0x00a2de08
crypto_export_handle: 0x00986438
buffer: f¤ná;™6ÕzøG wÛ+k%ÃÒW eW‰¦(,b~–4ÓtcÓúKºçÊ©܁<âÉu”…~f<ÖÝãÍ.éÝêñ Ø[k¤ŽWÇ/‚.5©LÌ|ÙwŸ
blob_type: 1
flags: 64
success 1 0
1620953817.163626
CryptExportKey
crypto_handle: 0x00a2de08
crypto_export_handle: 0x00986438
buffer: f¤¯MbŽ«[ε?¾I› êLîÐÝ*m‰ùsØ@¡Ê"o•Ñ(1>œô½ %#t8Ë;‡®r(8Úi2‚}í­YzÖ3HÅúÜp,fy?Gg/ŒauX…_˜¬»Oi
blob_type: 1
flags: 64
success 1 0
The executable contains unknown PE section names indicative of a packer (could be a false positive) (1 个事件)
section .didat
行为判定
动态指标
Allocates read-write-execute memory (usually to unpack itself) (1 个事件)
Time & API Arguments Status Return Repeated
1620953770.741626
NtAllocateVirtualMemory
process_identifier: 2292
region_size: 36864
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12289 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00920000
success 0 0
Searches running processes potentially to identify processes for sandbox evasion, code injection or memory dumping (1 个事件)
Checks adapter addresses which can be used to detect virtual network interfaces (1 个事件)
Time & API Arguments Status Return Repeated
1620953781.819626
GetAdaptersAddresses
flags: 0
family: 0
failed 111 0
The binary likely contains encrypted or compressed data indicative of a packer (1 个事件)
entropy 6.852675595039988 section {'size_of_data': '0x0000e000', 'virtual_address': '0x000d9000', 'entropy': 6.852675595039988, 'name': '.rsrc', 'virtual_size': '0x0000dbc2'} description A section with a high entropy has been found
Expresses interest in specific running processes (1 个事件)
process 46e16478c94b897a88350ea461ad8cfe.exe
Reads the systems User Agent and subsequently performs requests (1 个事件)
Time & API Arguments Status Return Repeated
1620953781.460626
InternetOpenW
proxy_bypass:
access_type: 0
proxy_name:
flags: 0
user_agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
success 13369348 0
网络通信
Communicates with host for which no DNS query was performed (3 个事件)
host 172.217.24.14
host 185.94.252.13
host 24.249.135.121
Sets or modifies WPAD proxy autoconfiguration file for traffic interception (8 个事件)
Time & API Arguments Status Return Repeated
1620953784.397626
RegSetValueExA
key_handle: 0x000003c4
value: 1
regkey_r: WpadDecisionReason
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionReason
success 0 0
1620953784.397626
RegSetValueExA
key_handle: 0x000003c4
value: И:=H×
regkey_r: WpadDecisionTime
reg_type: 3 (REG_BINARY)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionTime
success 0 0
1620953784.397626
RegSetValueExA
key_handle: 0x000003c4
value: 3
regkey_r: WpadDecision
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecision
success 0 0
1620953784.397626
RegSetValueExW
key_handle: 0x000003c4
value: 网络 2
regkey_r: WpadNetworkName
reg_type: 1 (REG_SZ)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadNetworkName
success 0 0
1620953784.397626
RegSetValueExA
key_handle: 0x000003dc
value: 1
regkey_r: WpadDecisionReason
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionReason
success 0 0
1620953784.397626
RegSetValueExA
key_handle: 0x000003dc
value: И:=H×
regkey_r: WpadDecisionTime
reg_type: 3 (REG_BINARY)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionTime
success 0 0
1620953784.397626
RegSetValueExA
key_handle: 0x000003dc
value: 3
regkey_r: WpadDecision
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecision
success 0 0
1620953784.428626
RegSetValueExW
key_handle: 0x000003c0
value: {40112ABE-63B3-43C3-BE93-1440EE3AF106}
regkey_r: WpadLastNetwork
reg_type: 1 (REG_SZ)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\WpadLastNetwork
success 0 0
File has been identified by 55 AntiVirus engines on VirusTotal as malicious (50 out of 55 个事件)
Bkav W32.SocelarsTV.Trojan
Elastic malicious (high confidence)
DrWeb Trojan.Emotet.994
MicroWorld-eScan Trojan.GenericKDZ.69126
FireEye Generic.mg.46e16478c94b897a
CAT-QuickHeal Trojan.WacatacPMF.S15279459
McAfee Emotet-FRI!46E16478C94B
Cylance Unsafe
VIPRE Trojan.Win32.Generic!BT
K7AntiVirus Trojan ( 0056c5421 )
Alibaba Trojan:Win32/Emotet.98d605e4
K7GW Trojan ( 0056c5421 )
Arcabit Trojan.Generic.D10E06
TrendMicro TROJ_GEN.R002C0DGU20
BitDefenderTheta Gen:NN.ZexaF.34254.4y0@a8ohMVhk
Cyren W32/Emotet.AOI.gen!Eldorado
Symantec ML.Attribute.HighConfidence
APEX Malicious
Paloalto generic.ml
Cynet Malicious (score: 85)
Kaspersky Backdoor.Win32.Emotet.anls
BitDefender Trojan.GenericKDZ.69126
NANO-Antivirus Trojan.Win32.Emotet.hptprb
ViRobot Trojan.Win32.Emotet.929792
Avast Win32:Malware-gen
Tencent Malware.Win32.Gencirc.10cde54b
Ad-Aware Trojan.GenericKDZ.69126
Comodo Malware@#2p06kbnta7u4u
F-Secure Heuristic.HEUR/AGEN.1137819
Zillya Backdoor.Emotet.Win32.839
Invincea Mal/Generic-R + Troj/Emotet-CKK
Sophos Troj/Emotet-CKK
Ikarus Trojan-Banker.Emotet
Jiangmin Backdoor.Emotet.os
Avira HEUR/AGEN.1137819
Antiy-AVL Trojan/Win32.SGeneric
Microsoft Trojan:Win32/Emotet.ARJ!MTB
AegisLab Trojan.Win32.Emotet.L!c
ZoneAlarm Backdoor.Win32.Emotet.anls
GData Trojan.GenericKDZ.69126
TACHYON Trojan/W32.Agent.929792.GE
AhnLab-V3 Trojan/Win32.Emotet.R346462
VBA32 Trojan.Downloader
ALYac Trojan.GenericKDZ.69126
MAX malware (ai score=88)
Malwarebytes Trojan.Emotet
ESET-NOD32 Win32/Emotet.CD
TrendMicro-HouseCall TROJ_GEN.R002C0DGU20
Rising Trojan.Kryptik!1.C80B (CLASSIC)
Yandex Trojan.Emotet!
Connects to IP addresses that are no longer responding to requests (legitimate services will remain up-and-running usually) (2 个事件)
dead_host 185.94.252.13:443
dead_host 24.249.135.121:80
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

2020-07-30 04:01:47

Imports

Library SHLWAPI.dll:
0x4d53a4 PathFindExtensionA
0x4d53ac PathFindFileNameA
0x4d53b0 PathStripToRootA
0x4d53b4 StrRetToStrA
0x4d53b8 PathIsUNCA
Library KERNEL32.dll:
0x4d4f20 GetFullPathNameA
0x4d4f24 GetShortPathNameA
0x4d4f28 CreateFileA
0x4d4f2c SetErrorMode
0x4d4f34 SetFileTime
0x4d4f38 SetFileAttributesA
0x4d4f3c GetFileTime
0x4d4f40 RtlUnwind
0x4d4f44 RaiseException
0x4d4f48 HeapAlloc
0x4d4f4c HeapFree
0x4d4f50 HeapReAlloc
0x4d4f54 VirtualProtect
0x4d4f58 VirtualAlloc
0x4d4f5c GetSystemInfo
0x4d4f60 VirtualQuery
0x4d4f64 GetCommandLineA
0x4d4f68 GetProcessHeap
0x4d4f6c GetStartupInfoA
0x4d4f70 ExitProcess
0x4d4f74 ExitThread
0x4d4f78 CreateThread
0x4d4f7c HeapSize
0x4d4f80 TerminateProcess
0x4d4f8c IsDebuggerPresent
0x4d4f90 GetACP
0x4d4f94 Sleep
0x4d4f98 FatalAppExitA
0x4d4f9c VirtualFree
0x4d4fa4 HeapCreate
0x4d4fa8 GetStdHandle
0x4d4fbc SetHandleCount
0x4d4fc0 GetFileType
0x4d4fd0 GetDriveTypeA
0x4d4fd8 GetStringTypeA
0x4d4fdc GetStringTypeW
0x4d4fe0 LCMapStringA
0x4d4fe4 LCMapStringW
0x4d4fe8 GetTimeFormatA
0x4d4fec GetDateFormatA
0x4d4ff0 GetUserDefaultLCID
0x4d4ff4 EnumSystemLocalesA
0x4d4ff8 IsValidLocale
0x4d4ffc IsValidCodePage
0x4d5000 GetConsoleCP
0x4d5004 GetConsoleMode
0x4d5008 GetLocaleInfoW
0x4d5010 SetStdHandle
0x4d5014 WriteConsoleA
0x4d5018 GetConsoleOutputCP
0x4d501c WriteConsoleW
0x4d5024 DuplicateHandle
0x4d5028 GetFileSize
0x4d502c SetEndOfFile
0x4d5030 UnlockFile
0x4d5034 LockFile
0x4d5038 FlushFileBuffers
0x4d503c SetFilePointer
0x4d5040 WriteFile
0x4d5044 ReadFile
0x4d5048 DeleteFileA
0x4d504c MoveFileA
0x4d5064 GetThreadLocale
0x4d5068 GetAtomNameA
0x4d506c GetOEMCP
0x4d5070 GetCPInfo
0x4d5074 GlobalFlags
0x4d507c TlsFree
0x4d5084 LocalReAlloc
0x4d5088 TlsSetValue
0x4d508c TlsAlloc
0x4d5094 GlobalHandle
0x4d5098 GlobalReAlloc
0x4d50a0 TlsGetValue
0x4d50a8 LocalAlloc
0x4d50b0 GetModuleFileNameW
0x4d50b4 GetCurrentProcessId
0x4d50b8 CreateEventA
0x4d50bc SuspendThread
0x4d50c0 SetEvent
0x4d50c4 WaitForSingleObject
0x4d50c8 ResumeThread
0x4d50cc SetThreadPriority
0x4d50d0 CloseHandle
0x4d50d4 GetCurrentThread
0x4d50dc GetModuleFileNameA
0x4d50e4 GetLocaleInfoA
0x4d50e8 FindFirstFileA
0x4d50f4 FindNextFileA
0x4d50f8 FindClose
0x4d50fc lstrcmpA
0x4d5100 FreeResource
0x4d5104 GetCurrentThreadId
0x4d5108 GlobalGetAtomNameA
0x4d510c GlobalAddAtomA
0x4d5110 GlobalFindAtomA
0x4d5114 GlobalDeleteAtom
0x4d5118 FreeLibrary
0x4d511c LoadLibraryA
0x4d5120 lstrcmpW
0x4d5124 GetModuleHandleA
0x4d5128 GetVersionExA
0x4d512c GlobalFree
0x4d5130 CopyFileA
0x4d5134 GlobalSize
0x4d5138 GlobalAlloc
0x4d513c GlobalLock
0x4d5140 GlobalUnlock
0x4d5144 FormatMessageA
0x4d5148 LocalFree
0x4d514c MulDiv
0x4d5150 SetLastError
0x4d5154 GetStringTypeExW
0x4d5158 GetStringTypeExA
0x4d5164 lstrlenA
0x4d5168 lstrcmpiW
0x4d516c lstrcmpiA
0x4d5170 CompareStringW
0x4d5174 CompareStringA
0x4d5178 lstrlenW
0x4d517c GetVersion
0x4d5180 GetLastError
0x4d5184 InterlockedExchange
0x4d5188 LoadLibraryExW
0x4d518c LoadLibraryExA
0x4d5190 GetProcAddress
0x4d5194 GetCurrentProcess
0x4d5198 GetTickCount
0x4d519c GetFileAttributesA
0x4d51a0 MultiByteToWideChar
0x4d51a4 WideCharToMultiByte
0x4d51a8 FindResourceA
0x4d51ac LoadResource
0x4d51b0 LockResource
0x4d51b4 SizeofResource
0x4d51b8 HeapDestroy
Library USER32.dll:
0x4d53ec GetNextDlgGroupItem
0x4d53f0 MessageBeep
0x4d53f4 UnregisterClassA
0x4d53fc SetMenu
0x4d5400 BringWindowToTop
0x4d5404 SetRectEmpty
0x4d5408 CreatePopupMenu
0x4d540c InsertMenuItemA
0x4d5410 LoadAcceleratorsA
0x4d5414 LoadMenuA
0x4d5418 ReuseDDElParam
0x4d541c UnpackDDElParam
0x4d5424 SetParent
0x4d5428 UnionRect
0x4d542c PostThreadMessageA
0x4d5430 SetTimer
0x4d5434 KillTimer
0x4d5438 GetDCEx
0x4d543c LockWindowUpdate
0x4d5440 InvalidateRgn
0x4d5444 InvalidateRect
0x4d5448 SetRect
0x4d544c IsRectEmpty
0x4d5454 CharNextA
0x4d5458 GetDialogBaseUnits
0x4d545c DestroyIcon
0x4d5460 WaitMessage
0x4d5464 ReleaseCapture
0x4d5468 WindowFromPoint
0x4d546c SetCapture
0x4d5470 DeleteMenu
0x4d5474 LoadCursorA
0x4d5478 GetSysColorBrush
0x4d547c EndPaint
0x4d5480 BeginPaint
0x4d5484 GetWindowDC
0x4d5488 ClientToScreen
0x4d548c GrayStringA
0x4d5490 DrawTextExA
0x4d5494 DrawTextA
0x4d5498 TabbedTextOutA
0x4d549c FillRect
0x4d54a0 DestroyMenu
0x4d54a4 GetMenuItemInfoA
0x4d54a8 InflateRect
0x4d54b0 MapDialogRect
0x4d54b4 GetDesktopWindow
0x4d54bc GetNextDlgTabItem
0x4d54c0 EndDialog
0x4d54c8 ShowOwnedPopups
0x4d54cc SetCursor
0x4d54d0 GetMessageA
0x4d54d4 TranslateMessage
0x4d54d8 GetActiveWindow
0x4d54dc GetCursorPos
0x4d54e0 ValidateRect
0x4d54e4 PostQuitMessage
0x4d54e8 ScrollWindowEx
0x4d54ec IsWindowEnabled
0x4d54f0 ShowWindow
0x4d54f4 MoveWindow
0x4d54f8 SetWindowTextA
0x4d54fc IsDialogMessageA
0x4d5500 IsDlgButtonChecked
0x4d5504 SetDlgItemTextA
0x4d5508 SetDlgItemInt
0x4d550c GetDlgItemTextA
0x4d5510 CheckRadioButton
0x4d5514 CheckDlgButton
0x4d5518 SetMenuItemBitmaps
0x4d5520 LoadBitmapA
0x4d5524 ModifyMenuA
0x4d5528 EnableMenuItem
0x4d552c CheckMenuItem
0x4d5530 MapVirtualKeyA
0x4d5534 GetKeyNameTextA
0x4d5538 ReleaseDC
0x4d553c GetDC
0x4d5544 SendDlgItemMessageA
0x4d5548 WinHelpA
0x4d554c IsChild
0x4d5550 GetCapture
0x4d5554 SetWindowsHookExA
0x4d5558 CallNextHookEx
0x4d555c GetClassLongA
0x4d5560 GetClassNameA
0x4d5564 SetPropA
0x4d5568 GetPropA
0x4d556c RemovePropA
0x4d5570 GetFocus
0x4d5574 IsWindow
0x4d5578 SetFocus
0x4d5580 GetWindowTextA
0x4d5584 GetForegroundWindow
0x4d5588 GetLastActivePopup
0x4d558c SetActiveWindow
0x4d5590 DispatchMessageA
0x4d5594 BeginDeferWindowPos
0x4d5598 EndDeferWindowPos
0x4d559c GetDlgItem
0x4d55a0 GetTopWindow
0x4d55a4 DestroyWindow
0x4d55a8 UnhookWindowsHookEx
0x4d55ac SendMessageA
0x4d55b0 GetParent
0x4d55b4 EnableWindow
0x4d55b8 DrawIcon
0x4d55bc AppendMenuA
0x4d55c0 GetSystemMenu
0x4d55c4 GetMessageTime
0x4d55c8 GetMessagePos
0x4d55cc PeekMessageA
0x4d55d0 MapWindowPoints
0x4d55d4 ScrollWindow
0x4d55d8 TrackPopupMenuEx
0x4d55dc TrackPopupMenu
0x4d55e0 GetKeyState
0x4d55e4 SetScrollRange
0x4d55e8 GetScrollRange
0x4d55ec SetScrollPos
0x4d55f0 GetScrollPos
0x4d55f4 SetForegroundWindow
0x4d55f8 ShowScrollBar
0x4d55fc IsWindowVisible
0x4d5600 UpdateWindow
0x4d5604 GetMenu
0x4d5608 PostMessageA
0x4d560c MessageBoxA
0x4d5610 CreateWindowExA
0x4d5614 GetClassInfoExA
0x4d5618 IsIconic
0x4d561c GetClientRect
0x4d5620 LoadIconA
0x4d5624 GetSystemMetrics
0x4d5628 CharLowerA
0x4d562c CharLowerW
0x4d5630 CharUpperA
0x4d5634 CharUpperW
0x4d5638 RemoveMenu
0x4d563c GetSubMenu
0x4d5640 GetMenuItemCount
0x4d5644 InsertMenuA
0x4d5648 GetMenuItemID
0x4d564c GetMenuStringA
0x4d5650 GetMenuState
0x4d5654 GetWindow
0x4d5658 GetWindowRect
0x4d565c GetWindowPlacement
0x4d5664 IntersectRect
0x4d5668 OffsetRect
0x4d566c SetWindowPos
0x4d5670 SetWindowLongA
0x4d5674 GetWindowLongA
0x4d5678 CallWindowProcA
0x4d567c DefWindowProcA
0x4d5680 GetDlgCtrlID
0x4d5684 SetWindowPlacement
0x4d5688 PtInRect
0x4d568c SetScrollInfo
0x4d5690 GetScrollInfo
0x4d5694 CopyRect
0x4d5698 DeferWindowPos
0x4d569c EqualRect
0x4d56a0 ScreenToClient
0x4d56a4 AdjustWindowRectEx
0x4d56a8 GetClassInfoA
0x4d56ac RegisterClassA
0x4d56b0 GetSysColor
0x4d56b4 GetDlgItemInt
Library GDI32.dll:
0x4d4d44 CreatePatternBrush
0x4d4d48 GetStockObject
0x4d4d4c SelectPalette
0x4d4d50 PlayMetaFileRecord
0x4d4d54 GetObjectType
0x4d4d58 EnumMetaFile
0x4d4d5c PlayMetaFile
0x4d4d60 CreatePen
0x4d4d64 ExtCreatePen
0x4d4d68 CreateSolidBrush
0x4d4d6c CreateHatchBrush
0x4d4d74 CombineRgn
0x4d4d78 GetMapMode
0x4d4d7c DPtoLP
0x4d4d80 GetTextMetricsA
0x4d4d84 GetBkColor
0x4d4d88 GetTextColor
0x4d4d8c GetRgnBox
0x4d4d94 GetCharWidthA
0x4d4d98 CreateFontA
0x4d4d9c StretchDIBits
0x4d4da0 DeleteDC
0x4d4da4 ExtSelectClipRgn
0x4d4da8 PolyBezierTo
0x4d4dac PolylineTo
0x4d4db0 PolyDraw
0x4d4db4 ArcTo
0x4d4dbc ScaleWindowExtEx
0x4d4dc0 SetWindowExtEx
0x4d4dc4 OffsetWindowOrgEx
0x4d4dc8 CopyMetaFileA
0x4d4dcc SetRectRgn
0x4d4dd0 GetDeviceCaps
0x4d4dd4 ScaleViewportExtEx
0x4d4dd8 SetViewportExtEx
0x4d4ddc OffsetViewportOrgEx
0x4d4de0 SetViewportOrgEx
0x4d4de4 SelectObject
0x4d4de8 Escape
0x4d4dec TextOutA
0x4d4df0 RectVisible
0x4d4df4 PtVisible
0x4d4df8 StartDocA
0x4d4dfc GetPixel
0x4d4e00 GetWindowExtEx
0x4d4e04 GetViewportExtEx
0x4d4e08 SelectClipPath
0x4d4e0c CreateRectRgn
0x4d4e10 GetClipRgn
0x4d4e14 SelectClipRgn
0x4d4e18 DeleteObject
0x4d4e1c SetColorAdjustment
0x4d4e20 SetArcDirection
0x4d4e24 SetMapperFlags
0x4d4e30 SetTextAlign
0x4d4e34 MoveToEx
0x4d4e38 LineTo
0x4d4e3c OffsetClipRgn
0x4d4e40 IntersectClipRect
0x4d4e44 ExcludeClipRect
0x4d4e48 SetMapMode
0x4d4e50 SetWorldTransform
0x4d4e54 SetGraphicsMode
0x4d4e58 SetStretchBltMode
0x4d4e5c SetROP2
0x4d4e60 SetPolyFillMode
0x4d4e64 SetBkMode
0x4d4e68 RestoreDC
0x4d4e6c SaveDC
0x4d4e74 ExtTextOutA
0x4d4e78 BitBlt
0x4d4e7c CreateCompatibleDC
0x4d4e80 CreateFontIndirectA
0x4d4e84 CreateBitmap
0x4d4e88 PatBlt
0x4d4e90 GetObjectA
0x4d4e94 SetBkColor
0x4d4e98 SetTextColor
0x4d4e9c GetClipBox
0x4d4ea0 GetDCOrgEx
0x4d4ea4 CreateDCA
0x4d4ea8 SetWindowOrgEx
Library comdlg32.dll:
0x4d57a8 GetFileTitleA
Library WINSPOOL.DRV:
0x4d5770 DocumentPropertiesA
0x4d5774 OpenPrinterA
0x4d5778 ClosePrinter
Library ADVAPI32.dll:
0x4d4ce0 RegDeleteValueA
0x4d4ce4 RegSetValueExA
0x4d4ce8 RegCreateKeyExA
0x4d4cec RegQueryValueA
0x4d4cf0 RegEnumKeyA
0x4d4cf4 RegDeleteKeyA
0x4d4cf8 RegOpenKeyExA
0x4d4cfc RegQueryValueExA
0x4d4d00 RegOpenKeyA
0x4d4d04 RegSetValueA
0x4d4d08 RegCloseKey
0x4d4d0c RegCreateKeyA
Library SHELL32.dll:
0x4d5358 DragQueryFileA
0x4d535c DragFinish
0x4d5360 ExtractIconA
0x4d5368 SHGetDesktopFolder
0x4d536c SHGetMalloc
0x4d5370 SHGetFileInfoA
Library oledlg.dll:
0x4d58a0
Library ole32.dll:
0x4d57dc OleInitialize
0x4d57e4 OleUninitialize
0x4d57e8 OleRun
0x4d57f8 CoGetClassObject
0x4d57fc StringFromGUID2
0x4d5800 CoCreateInstance
0x4d5804 CoDisconnectObject
0x4d5808 CLSIDFromString
0x4d580c CoRevokeClassObject
0x4d5810 OleDuplicateData
0x4d5814 CoTaskMemAlloc
0x4d5818 ReleaseStgMedium
0x4d581c CreateBindCtx
0x4d5820 CoTreatAsClass
0x4d5824 StringFromCLSID
0x4d5828 ReadClassStg
0x4d582c ReadFmtUserTypeStg
0x4d5830 OleRegGetUserType
0x4d5834 WriteClassStg
0x4d5838 WriteFmtUserTypeStg
0x4d583c SetConvertStg
0x4d5840 CoTaskMemFree
0x4d5848 OleSetClipboard
0x4d584c OleFlushClipboard
0x4d5858 CLSIDFromProgID
Library OLEAUT32.dll:
0x4d526c SafeArrayCopy
0x4d5270 SysAllocString
0x4d5278 VarBstrFromDate
0x4d527c VarCyFromStr
0x4d5280 VarDecFromStr
0x4d5284 VarBstrFromDec
0x4d5288 VarBstrFromCy
0x4d528c SysAllocStringLen
0x4d5290 VariantClear
0x4d5294 VariantChangeType
0x4d5298 VariantInit
0x4d529c SysStringLen
0x4d52a0 SysFreeString
0x4d52a8 SysStringByteLen
0x4d52b0 SafeArrayAccessData
0x4d52b4 SafeArrayGetUBound
0x4d52b8 SafeArrayGetLBound
0x4d52c0 SafeArrayGetDim
0x4d52c4 SafeArrayCreate
0x4d52c8 SafeArrayRedim
0x4d52cc VariantCopy
0x4d52d0 SafeArrayAllocData
0x4d52d8 VarDateFromStr
0x4d52dc SafeArrayGetElement
0x4d52e0 SafeArrayPtrOfIndex
0x4d52e4 SafeArrayPutElement
0x4d52e8 SafeArrayLock
0x4d52ec SafeArrayUnlock
0x4d52f0 SafeArrayDestroy
0x4d5304 SysReAllocStringLen
0x4d5308 LoadTypeLib

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 49713 114.114.114.114 53
192.168.56.101 50002 114.114.114.114 53
192.168.56.101 53657 114.114.114.114 53
192.168.56.101 60384 114.114.114.114 53
192.168.56.101 62318 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 123 20.189.79.72 time.windows.com 123
192.168.56.101 49235 224.0.0.252 5355
192.168.56.101 50534 224.0.0.252 5355
192.168.56.101 51808 224.0.0.252 5355
192.168.56.101 51963 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 57756 224.0.0.252 5355
192.168.56.101 57874 224.0.0.252 5355
192.168.56.101 61680 224.0.0.252 5355
192.168.56.101 62191 224.0.0.252 5355
192.168.56.101 63429 224.0.0.252 5355
192.168.56.101 1900 239.255.255.250 1900
192.168.56.101 51966 239.255.255.250 1900

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.