6.4
高危
61 个模型检测该样本为恶意!
重新分析
更多

87618d6e9217a762e613f80b14273dfff6e376c2cc4011055f7e9f43c9fc29b1

48e06998502393fb99c64442629df2e9.exe

分析耗时

245s

最近分析

文件大小

1.9MB
静态报毒 动态报毒 100% 3R0@A85Y9MGI AD@8R7EF8 AI SCORE=87 AIDETECTVM BANKERX BSCOPE CLASSIC CONFIDENCE ELDORADO ENCPK GENCIRC GENERICKDZ GENETIC GENKRYPTIK HCYD HIGH CONFIDENCE INJECT3 KRYPTIK MALICIOUS PE MALWARE1 PINKSBOT QAKBOT QBOT QVM20 R + MAL R334198 SCORE SHADE STATIC AI SUSGEN TLHL TROJANBANKER UNSAFE VJYXS ZEXAF ZQ8A48 更多
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
McAfee W32/PinkSbot-GN!48E069985023 20201229 6.0.6.653
Alibaba TrojanBanker:Win32/Kryptik.280d357d 20190527 0.3.0.5
Baidu 20190318 1.0.0.2
Avast Win32:BankerX-gen [Trj] 20201229 21.1.5827.0
Kingsoft 20201229 2017.9.26.565
Tencent Malware.Win32.Gencirc.10b9eaa9 20201229 1.0.0.1
CrowdStrike win/malicious_confidence_100% (W) 20190702 1.0
静态指标
Queries for the computername (3 个事件)
Time & API Arguments Status Return Repeated
1619506809.736
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
1619506850.377
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
1619506882.344875
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
Command line console output was observed (29 个事件)
Time & API Arguments Status Return Repeated
1619506920.151615
WriteConsoleW
buffer: 另一个程序正在使用此文件,进程无法访问。
console_handle: 0x0000000b
success 1 0
1619506892.292765
WriteConsoleA
buffer: ÕýÔÚ Ping 127.0.0.1
console_handle: 0x00000007
success 1 0
1619506892.698765
WriteConsoleA
buffer: ¾ßÓÐ 32 ×Ö½ÚµÄÊý¾Ý:
console_handle: 0x00000007
success 1 0
1619506892.792765
WriteConsoleA
buffer: À´×Ô 127.0.0.1 µÄ»Ø¸´:
console_handle: 0x00000007
success 1 0
1619506892.792765
WriteConsoleA
buffer: ×Ö½Ú=32
console_handle: 0x00000007
success 1 0
1619506892.792765
WriteConsoleA
buffer: ʱ¼ä<1ms
console_handle: 0x00000007
success 1 0
1619506892.792765
WriteConsoleA
buffer: TTL=128
console_handle: 0x00000007
success 1 0
1619506893.792765
WriteConsoleA
buffer: À´×Ô 127.0.0.1 µÄ»Ø¸´:
console_handle: 0x00000007
success 1 0
1619506893.792765
WriteConsoleA
buffer: ×Ö½Ú=32
console_handle: 0x00000007
success 1 0
1619506893.792765
WriteConsoleA
buffer: ʱ¼ä<1ms
console_handle: 0x00000007
success 1 0
1619506893.792765
WriteConsoleA
buffer: TTL=128
console_handle: 0x00000007
success 1 0
1619506894.792765
WriteConsoleA
buffer: À´×Ô 127.0.0.1 µÄ»Ø¸´:
console_handle: 0x00000007
success 1 0
1619506894.792765
WriteConsoleA
buffer: ×Ö½Ú=32
console_handle: 0x00000007
success 1 0
1619506894.792765
WriteConsoleA
buffer: ʱ¼ä<1ms
console_handle: 0x00000007
success 1 0
1619506894.792765
WriteConsoleA
buffer: TTL=128
console_handle: 0x00000007
success 1 0
1619506895.792765
WriteConsoleA
buffer: À´×Ô 127.0.0.1 µÄ»Ø¸´:
console_handle: 0x00000007
success 1 0
1619506895.792765
WriteConsoleA
buffer: ×Ö½Ú=32
console_handle: 0x00000007
success 1 0
1619506895.792765
WriteConsoleA
buffer: ʱ¼ä<1ms
console_handle: 0x00000007
success 1 0
1619506895.792765
WriteConsoleA
buffer: TTL=128
console_handle: 0x00000007
success 1 0
1619506896.792765
WriteConsoleA
buffer: À´×Ô 127.0.0.1 µÄ»Ø¸´:
console_handle: 0x00000007
success 1 0
1619506896.792765
WriteConsoleA
buffer: ×Ö½Ú=32
console_handle: 0x00000007
success 1 0
1619506896.792765
WriteConsoleA
buffer: ʱ¼ä<1ms
console_handle: 0x00000007
success 1 0
1619506896.792765
WriteConsoleA
buffer: TTL=128
console_handle: 0x00000007
success 1 0
1619506897.792765
WriteConsoleA
buffer: À´×Ô 127.0.0.1 µÄ»Ø¸´:
console_handle: 0x00000007
success 1 0
1619506897.792765
WriteConsoleA
buffer: ×Ö½Ú=32
console_handle: 0x00000007
success 1 0
1619506897.792765
WriteConsoleA
buffer: ʱ¼ä<1ms
console_handle: 0x00000007
success 1 0
1619506897.792765
WriteConsoleA
buffer: TTL=128
console_handle: 0x00000007
success 1 0
1619506899.511765
WriteConsoleA
buffer: 127.0.0.1 µÄ Ping ͳ¼ÆÐÅÏ¢: Êý¾Ý°ü: ÒÑ·¢ËÍ = 6£¬ÒѽÓÊÕ = 6£¬¶ªÊ§ = 0 (0% ¶ªÊ§)£¬
console_handle: 0x00000007
success 1 0
1619506901.573765
WriteConsoleA
buffer: Íù·µÐг̵ĹÀ¼Æʱ¼ä(ÒÔºÁÃëΪµ¥Î»): ×î¶Ì = 0ms£¬× = 0ms£¬Æ½¾ù = 0ms
console_handle: 0x00000007
success 1 0
Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available (1 个事件)
Time & API Arguments Status Return Repeated
1619506891.808765
GlobalMemoryStatusEx
success 1 0
The file contains an unknown PE resource name possibly indicative of a packer (2 个事件)
resource name MUI
resource name REGINST
One or more processes crashed (3 个事件)
Time & API Arguments Status Return Repeated
1619506853.298
__exception__
stacktrace: 
48e06998502393fb99c64442629df2e9+0x8ec9 @ 0x408ec9
48e06998502393fb99c64442629df2e9+0x17cc @ 0x4017cc
48e06998502393fb99c64442629df2e9+0x1c66 @ 0x401c66
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1634776
registers.edi: 0
registers.eax: 6619136
registers.ebp: 1635384
registers.edx: 5
registers.ebx: 1
registers.esi: 4269856
registers.ecx: 100
exception.instruction_r: ff 30 e8 97 03 00 00 83 c4 14 85 c0 75 38 8d 85
exception.symbol: 48e06998502393fb99c64442629df2e9+0x844a
exception.instruction: push dword ptr [eax]
exception.module: 48e06998502393fb99c64442629df2e9.exe
exception.exception_code: 0xc0000005
exception.offset: 33866
exception.address: 0x40844a
success 0 0
1619506883.094875
__exception__
stacktrace: 
48e06998502393fb99c64442629df2e9+0x3daa @ 0x403daa
48e06998502393fb99c64442629df2e9+0x1b23 @ 0x401b23
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1637624
registers.edi: 0
registers.eax: 1447909480
registers.ebp: 1637684
registers.edx: 22104
registers.ebx: 1
registers.esi: 7952160
registers.ecx: 10
exception.instruction_r: ed 89 5d e4 89 4d e0 5a 59 5b 58 83 4d fc ff eb
exception.symbol: 48e06998502393fb99c64442629df2e9+0x33cc
exception.instruction: in eax, dx
exception.module: 48e06998502393fb99c64442629df2e9.exe
exception.exception_code: 0xc0000096
exception.offset: 13260
exception.address: 0x4033cc
success 0 0
1619506883.094875
__exception__
stacktrace: 
48e06998502393fb99c64442629df2e9+0x3db3 @ 0x403db3
48e06998502393fb99c64442629df2e9+0x1b23 @ 0x401b23
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1637628
registers.edi: 0
registers.eax: 1447909480
registers.ebp: 1637684
registers.edx: 22104
registers.ebx: 1
registers.esi: 7952160
registers.ecx: 20
exception.instruction_r: ed 89 45 e4 5a 59 5b 58 83 4d fc ff eb 11 33 c0
exception.symbol: 48e06998502393fb99c64442629df2e9+0x3465
exception.instruction: in eax, dx
exception.module: 48e06998502393fb99c64442629df2e9.exe
exception.exception_code: 0xc0000096
exception.offset: 13413
exception.address: 0x403465
success 0 0
行为判定
动态指标
Allocates read-write-execute memory (usually to unpack itself) (6 个事件)
Time & API Arguments Status Return Repeated
1619506795.017
NtAllocateVirtualMemory
process_identifier: 2456
region_size: 233472
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00360000
success 0 0
1619506809.502
NtAllocateVirtualMemory
process_identifier: 2456
region_size: 229376
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x003a0000
success 0 0
1619506809.517
NtProtectVirtualMemory
process_identifier: 2456
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 245760
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00400000
success 0 0
1619506810.501875
NtAllocateVirtualMemory
process_identifier: 2420
region_size: 233472
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x01ee0000
success 0 0
1619506882.313875
NtAllocateVirtualMemory
process_identifier: 2420
region_size: 229376
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x020b0000
success 0 0
1619506882.313875
NtProtectVirtualMemory
process_identifier: 2420
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 245760
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00400000
success 0 0
Creates a suspicious process (2 个事件)
cmdline cmd.exe /c ping.exe -n 6 127.0.0.1 & type "C:\Windows\System32\calc.exe" > "C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\48e06998502393fb99c64442629df2e9.exe"
cmdline "C:\Windows\System32\cmd.exe" /c ping.exe -n 6 127.0.0.1 & type "C:\Windows\System32\calc.exe" > "C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\48e06998502393fb99c64442629df2e9.exe"
A process created a hidden window (2 个事件)
Time & API Arguments Status Return Repeated
1619506810.377
CreateProcessInternalW
thread_identifier: 1208
thread_handle: 0x00000154
process_identifier: 2420
current_directory:
filepath:
track: 1
command_line: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\48e06998502393fb99c64442629df2e9.exe /C
filepath_r:
stack_pivoted: 0
creation_flags: 134217728 (CREATE_NO_WINDOW)
process_handle: 0x00000158
inherit_handles: 0
success 1 0
1619506877.861
ShellExecuteExW
parameters: /c ping.exe -n 6 127.0.0.1 & type "C:\Windows\System32\calc.exe" > "C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\48e06998502393fb99c64442629df2e9.exe"
filepath: cmd.exe
filepath_r: cmd.exe
show_type: 0
success 1 0
Searches running processes potentially to identify processes for sandbox evasion, code injection or memory dumping (1 个事件)
Uses Windows utilities for basic Windows functionality (3 个事件)
cmdline cmd.exe /c ping.exe -n 6 127.0.0.1 & type "C:\Windows\System32\calc.exe" > "C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\48e06998502393fb99c64442629df2e9.exe"
cmdline ping.exe -n 6 127.0.0.1
cmdline "C:\Windows\System32\cmd.exe" /c ping.exe -n 6 127.0.0.1 & type "C:\Windows\System32\calc.exe" > "C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\48e06998502393fb99c64442629df2e9.exe"
网络通信
Communicates with host for which no DNS query was performed (2 个事件)
host 203.208.40.66
host 203.208.41.33
Detects VMWare through the in instruction feature (1 个事件)
Time & API Arguments Status Return Repeated
1619506883.094875
__exception__
stacktrace: 
48e06998502393fb99c64442629df2e9+0x3daa @ 0x403daa
48e06998502393fb99c64442629df2e9+0x1b23 @ 0x401b23
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1637624
registers.edi: 0
registers.eax: 1447909480
registers.ebp: 1637684
registers.edx: 22104
registers.ebx: 1
registers.esi: 7952160
registers.ecx: 10
exception.instruction_r: ed 89 5d e4 89 4d e0 5a 59 5b 58 83 4d fc ff eb
exception.symbol: 48e06998502393fb99c64442629df2e9+0x33cc
exception.instruction: in eax, dx
exception.module: 48e06998502393fb99c64442629df2e9.exe
exception.exception_code: 0xc0000096
exception.offset: 13260
exception.address: 0x4033cc
success 0 0
Connects to an IP address that is no longer responding to requests (legitimate services will remain up-and-running usually) (1 个事件)
dead_host 172.217.24.14:443
File has been identified by 61 AntiVirus engines on VirusTotal as malicious (50 out of 61 个事件)
Bkav W32.AIDetectVM.malware1
Elastic malicious (high confidence)
MicroWorld-eScan Trojan.GenericKDZ.66726
CAT-QuickHeal Trojan.Qbot
McAfee W32/PinkSbot-GN!48E069985023
Cylance Unsafe
SUPERAntiSpyware Trojan.Agent/Gen-QBot
Sangfor Malware
K7AntiVirus Trojan ( 0056589c1 )
Alibaba TrojanBanker:Win32/Kryptik.280d357d
K7GW Trojan ( 005655711 )
Cybereason malicious.850239
BitDefenderTheta Gen:NN.ZexaF.34700.3r0@a85Y9mgi
Cyren W32/Trojan.FLH.gen!Eldorado
Symantec Packed.Generic.459
TrendMicro-HouseCall Backdoor.Win32.QAKBOT.SME
Paloalto generic.ml
ClamAV Win.Dropper.Qakbot-7686012-0
Kaspersky HEUR:Trojan-Banker.Win32.Qbot.vho
BitDefender Trojan.GenericKDZ.66726
Avast Win32:BankerX-gen [Trj]
Rising Trojan.Kryptik!1.C427 (CLASSIC)
Ad-Aware Trojan.GenericKDZ.66726
Emsisoft Trojan.GenericKDZ.66726 (B)
Comodo TrojWare.Win32.Qbot.AD@8r7ef8
F-Secure Trojan.TR/Kryptik.vjyxs
DrWeb Trojan.Inject3.39113
VIPRE Trojan.Win32.Generic!BT
TrendMicro Backdoor.Win32.QAKBOT.SME
McAfee-GW-Edition BehavesLike.Win32.Dropper.tz
FireEye Generic.mg.48e06998502393fb
Sophos Mal/Generic-R + Mal/EncPk-APV
SentinelOne Static AI - Malicious PE
Jiangmin Trojan.Banker.Qbot.nv
Avira TR/Kryptik.vjyxs
MAX malware (ai score=87)
Antiy-AVL Trojan[Banker]/Win32.Qbot
Microsoft Trojan:Win32/Qbot.MX!MTB
Gridinsoft Trojan.Win32.Kryptik.ba!s3
Arcabit Trojan.Generic.D104A6
AegisLab Trojan.Win32.Malicious.4!c
ZoneAlarm HEUR:Trojan-Banker.Win32.Qbot.vho
GData Trojan.GenericKDZ.66726
Cynet Malicious (score: 100)
AhnLab-V3 Trojan/Win32.QBot.R334198
Acronis suspicious
VBA32 BScope.TrojanRansom.Shade
ALYac Trojan.Agent.QakBot
TACHYON Backdoor/W32.QBot.1950208
Malwarebytes Trojan.Qbot
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

2020-04-23 20:47:57

Imports

Library KERNEL32.dll:
0x5dbb00 VirtualAlloc
0x5dbb04 GetModuleHandleW
0x5dbb08 lstrlenW
0x5dbb0c lstrcmpA
0x5dbb10 WriteProcessMemory
0x5dbb14 WriteFile
0x5dbb18 WideCharToMultiByte
0x5dbb1c WaitForSingleObject
0x5dbb24 VirtualQueryEx
0x5dbb28 VirtualQuery
0x5dbb2c VirtualProtectEx
0x5dbb30 VirtualProtect
0x5dbb34 VirtualFree
0x5dbb38 UnmapViewOfFile
0x5dbb3c TerminateThread
0x5dbb40 TerminateProcess
0x5dbb48 SuspendThread
0x5dbb4c Sleep
0x5dbb50 SizeofResource
0x5dbb54 SetThreadPriority
0x5dbb58 SetThreadContext
0x5dbb60 SetPriorityClass
0x5dbb64 SetLastError
0x5dbb68 SetFilePointer
0x5dbb6c SetEvent
0x5dbb70 ResumeThread
0x5dbb74 ResetEvent
0x5dbb78 ReleaseSemaphore
0x5dbb7c ReleaseMutex
0x5dbb80 ReadProcessMemory
0x5dbb84 ReadFile
0x5dbb90 PulseEvent
0x5dbb94 OutputDebugStringW
0x5dbb98 OpenProcess
0x5dbb9c OpenMutexW
0x5dbba0 OpenFileMappingA
0x5dbba4 OpenFileMappingW
0x5dbba8 OpenEventA
0x5dbbac MultiByteToWideChar
0x5dbbb0 MulDiv
0x5dbbb4 MapViewOfFile
0x5dbbb8 LockResource
0x5dbbbc LocalFree
0x5dbbc0 LocalAlloc
0x5dbbc4 LoadResource
0x5dbbc8 LoadLibraryExA
0x5dbbcc LoadLibraryExW
0x5dbbd0 LoadLibraryA
0x5dbbd4 LoadLibraryW
0x5dbbe0 GlobalUnlock
0x5dbbe4 GlobalSize
0x5dbbe8 GlobalReAlloc
0x5dbbec GlobalHandle
0x5dbbf0 GlobalLock
0x5dbbf4 GlobalFree
0x5dbbf8 GlobalFindAtomW
0x5dbbfc GlobalDeleteAtom
0x5dbc00 GlobalAlloc
0x5dbc04 GlobalAddAtomW
0x5dbc14 GetVersionExA
0x5dbc18 GetVersionExW
0x5dbc1c GetVersion
0x5dbc20 GetTickCount
0x5dbc24 GetThreadPriority
0x5dbc28 GetThreadLocale
0x5dbc2c GetThreadContext
0x5dbc30 GetTempPathW
0x5dbc34 GetSystemTime
0x5dbc38 GetSystemDirectoryA
0x5dbc3c GetSystemDirectoryW
0x5dbc40 GetStartupInfoW
0x5dbc44 GetProcessVersion
0x5dbc4c GetProcAddress
0x5dbc50 GetPriorityClass
0x5dbc54 GetModuleHandleA
0x5dbc58 GetModuleFileNameA
0x5dbc5c GetModuleFileNameW
0x5dbc60 GetLogicalDrives
0x5dbc64 GetLastError
0x5dbc68 GetFileSize
0x5dbc6c GetFileAttributesA
0x5dbc70 GetFileAttributesW
0x5dbc74 GetExitCodeThread
0x5dbc78 GetExitCodeProcess
0x5dbc80 GetDriveTypeW
0x5dbc84 GetCurrentThreadId
0x5dbc88 GetCurrentThread
0x5dbc8c GetCurrentProcessId
0x5dbc90 GetCurrentProcess
0x5dbc94 GetComputerNameW
0x5dbc98 GetCommandLineA
0x5dbc9c FreeResource
0x5dbca8 FreeLibrary
0x5dbcac FormatMessageA
0x5dbcb0 FormatMessageW
0x5dbcb4 FindResourceA
0x5dbcb8 FindResourceW
0x5dbcbc FindNextFileW
0x5dbcc0 FindFirstFileA
0x5dbcc4 FindFirstFileW
0x5dbcc8 FindClose
0x5dbcd0 ExitProcess
0x5dbcd4 EnumResourceNamesW
0x5dbcdc DuplicateHandle
0x5dbce4 CreateThread
0x5dbce8 CreateSemaphoreW
0x5dbcec CreateMutexA
0x5dbcf0 CreateMutexW
0x5dbcf4 CreateFileMappingA
0x5dbcf8 CreateFileMappingW
0x5dbcfc CreateFileA
0x5dbd00 CreateFileW
0x5dbd04 CreateEventA
0x5dbd08 CreateEventW
0x5dbd0c CompareStringW
0x5dbd10 CloseHandle
0x5dbd14 GetProfileSectionA
0x5dbd18 FatalExit
0x5dbd1c ExitThread
0x5dbd20 GetShortPathNameA
0x5dbd24 GetDiskFreeSpaceExA
0x5dbd28 GetLongPathNameA
0x5dbd2c GetConsoleTitleA
0x5dbd30 Heap32ListNext
0x5dbd3c RtlZeroMemory
0x5dbd40 _lclose
0x5dbd44 OpenJobObjectA
0x5dbd48 GetMailslotInfo
0x5dbd4c GetDriveTypeA
0x5dbd50 SwitchToThread
0x5dbd58 _lwrite
0x5dbd5c CommConfigDialogA
0x5dbd60 InterlockedExchange
0x5dbd68 GetStartupInfoA
Library USER32.dll:
0x5dbd70 LoadIconW
0x5dbd74 LoadCursorFromFileW
0x5dbd78 GetAsyncKeyState
0x5dbd7c GetForegroundWindow
0x5dbd80 GetKeyboardLayout
0x5dbd84 GetDC
0x5dbd88 GetSystemMetrics
0x5dbd8c GetDlgCtrlID
0x5dbd90 GetListBoxInfo
0x5dbd94 GetThreadDesktop
0x5dbd98 ShowCaret
0x5dbd9c DestroyWindow
0x5dbda0 GetClipboardViewer
0x5dbda4 GetTopWindow
0x5dbda8 CharLowerA
0x5dbdac LoadIconA
0x5dbdb0 WaitForInputIdle
0x5dbdb4 TranslateMessage
0x5dbdbc AnimateWindow
0x5dbdc0 ShowWindow
0x5dbdc4 ShowOwnedPopups
0x5dbdc8 SetWindowRgn
0x5dbdcc SetWindowPos
0x5dbdd0 SetWindowPlacement
0x5dbdd4 SetWindowLongW
0x5dbdd8 SetTimer
0x5dbddc SetPropA
0x5dbde0 SetParent
0x5dbde4 SetForegroundWindow
0x5dbde8 SetCursorPos
0x5dbdec SetClassLongW
0x5dbdf0 SendMessageTimeoutA
0x5dbdf4 SendMessageTimeoutW
0x5dbdfc SendMessageA
0x5dbe00 SendMessageW
0x5dbe04 RemovePropA
0x5dbe08 ReleaseDC
0x5dbe10 PostThreadMessageA
0x5dbe14 PostMessageA
0x5dbe18 PostMessageW
0x5dbe1c OffsetRect
0x5dbe24 LoadImageW
0x5dbe28 LoadCursorW
0x5dbe2c LoadBitmapW
0x5dbe30 KillTimer
0x5dbe34 IsZoomed
0x5dbe38 IsWindowVisible
0x5dbe3c IsWindowUnicode
0x5dbe40 IsWindowEnabled
0x5dbe44 IsWindow
0x5dbe48 IsIconic
0x5dbe4c InvalidateRect
0x5dbe50 InflateRect
0x5dbe58 GetWindowRect
0x5dbe5c GetWindowPlacement
0x5dbe60 GetWindowLongW
0x5dbe64 GetSystemMenu
0x5dbe68 GetPropA
0x5dbe6c GetParent
0x5dbe70 GetWindow
0x5dbe74 GetMessageW
0x5dbe78 GetMenu
0x5dbe7c GetClientRect
0x5dbe80 GetClassNameA
0x5dbe84 GetClassLongW
0x5dbe88 FrameRect
0x5dbe8c FindWindowExA
0x5dbe90 FindWindowExW
0x5dbe94 FindWindowW
0x5dbe98 EnumWindows
0x5dbe9c EnumThreadWindows
0x5dbea0 EnableWindow
0x5dbea4 EnableMenuItem
0x5dbea8 DrawTextW
0x5dbeac DrawFrameControl
0x5dbeb0 DrawFocusRect
0x5dbeb4 DispatchMessageW
0x5dbeb8 DestroyIcon
0x5dbec0 CharUpperW
0x5dbec4 CharLowerW
0x5dbec8 AttachThreadInput
0x5dbecc AdjustWindowRectEx
Library GDI32.dll:
0x5dbed4 GetStockObject
0x5dbed8 UnrealizeObject
0x5dbedc CreateMetaFileA
0x5dbee0 CreatePatternBrush
0x5dbee4 GetPolyFillMode
0x5dbee8 DeleteDC
0x5dbeec FillPath
0x5dbef4 SelectObject
0x5dbef8 GetTextExtentPointW
0x5dbf00 DeleteObject
0x5dbf04 CreateRoundRectRgn
0x5dbf08 CreateFontIndirectW
0x5dbf0c BitBlt
0x5dbf14 CreateDIBitmap
0x5dbf1c GetPath
0x5dbf20 CLIPOBJ_cEnumStart
0x5dbf2c GetCurrentObject
Library ADVAPI32.dll:
0x5dbf34 RegOpenKeyA
0x5dbf38 RegQueryValueExA
0x5dbf40 RegUnLoadKeyW
0x5dbf44 RegOpenKeyExA
0x5dbf48 RegLoadKeyW
0x5dbf4c RegCloseKey
0x5dbf50 OpenProcessToken
0x5dbf54 LookupAccountSidA
0x5dbf58 LookupAccountSidW
0x5dbf60 GetUserNameW
0x5dbf64 GetTokenInformation
0x5dbf68 GetLengthSid
0x5dbf6c QueryServiceStatus
0x5dbf70 OpenServiceW
0x5dbf74 OpenSCManagerW
0x5dbf78 CloseServiceHandle
0x5dbf80 CryptSetProvParam
0x5dbf84 CryptGetProvParam
0x5dbf88 CryptDestroyHash
0x5dbf8c CryptSignHashA
0x5dbf90 CryptSetHashParam
0x5dbf94 CryptCreateHash
0x5dbf98 CryptImportKey
0x5dbf9c CryptExportKey
0x5dbfa0 CryptReleaseContext
0x5dbfa4 CryptDestroyKey
0x5dbfa8 CryptGetUserKey
0x5dbfb0 CryptDecrypt
Library SHELL32.dll:
0x5dbfb8 SHGetFileInfoA
0x5dbfbc ShellExecuteW
0x5dbfc0 Shell_NotifyIconW
0x5dbfc4 SHGetFolderPathA
0x5dbfc8 SHGetFolderPathW
0x5dbfcc
0x5dbfd4 SHGetFolderLocation
0x5dbfe0 SHBrowseForFolderW
0x5dbfe4 Shell_NotifyIcon
0x5dbfe8 ExtractIconA
0x5dbfec SHBrowseForFolderA
0x5dbff4 ShellAboutW
0x5dbff8 FindExecutableW
0x5dbffc ShellExecuteA
0x5dc000 SHLoadInProc
0x5dc004 SHFileOperationA
0x5dc008 Shell_NotifyIconA
0x5dc00c DoEnvironmentSubstW
0x5dc010 SHBindToParent
0x5dc014 SHGetDesktopFolder
0x5dc01c ExtractIconExA
0x5dc020 SHGetMalloc
0x5dc024 CheckEscapesW
0x5dc030 DoEnvironmentSubstA
0x5dc034 SHChangeNotify
0x5dc03c DragQueryFileAorW
0x5dc048 FindExecutableA
0x5dc04c DragFinish
Library ole32.dll:
0x5dc05c OleUninitialize
0x5dc060 CoTaskMemFree
0x5dc064 CoCreateInstance
0x5dc068 CoUninitialize
0x5dc06c CoInitialize
0x5dc074 CoCreateGuid
Library SHLWAPI.dll:
0x5dc07c StrStrIW
0x5dc080 StrStrA
0x5dc084 StrChrIA
0x5dc088 StrRStrIA
0x5dc08c StrChrA
Library COMCTL32.dll:
0x5dc098 ImageList_Write
0x5dc09c ImageList_Read
0x5dc0a0 ImageList_GetIcon
0x5dc0ac ImageList_Destroy
0x5dc0b0 ImageList_Create

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 49235 114.114.114.114 53
192.168.56.101 51378 114.114.114.114 53
192.168.56.101 53380 114.114.114.114 53
192.168.56.101 55368 114.114.114.114 53
192.168.56.101 60215 114.114.114.114 53
192.168.56.101 63429 114.114.114.114 53
192.168.56.101 65004 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 123 20.189.79.72 time.windows.com 123
192.168.56.101 49713 224.0.0.252 5355
192.168.56.101 50568 224.0.0.252 5355
192.168.56.101 51963 224.0.0.252 5355
192.168.56.101 53237 224.0.0.252 5355
192.168.56.101 53657 224.0.0.252 5355
192.168.56.101 56539 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 58367 224.0.0.252 5355
192.168.56.101 62318 224.0.0.252 5355
192.168.56.101 62912 224.0.0.252 5355

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.