7.6
高危
52 个模型检测该样本为恶意!
重新分析
更多

84dd1269da11147a6310526bca76c2454d7cba5755051371f9cf61d1c96c1f78

493b3835bf4a51d0571e0df0884f9cc8.exe

分析耗时

64s

最近分析

文件大小

789.5KB
静态报毒 动态报毒 AGEN AI SCORE=86 BSCOPE CEEINJECT CONFIDENCE DELF DELPHILESS EHDJ ENCD FAREIT GENETIC HAWKEYE HIGH CONFIDENCE HKJFIB HPLOKI KRYPTIK LOKIBOT MALWARE@#3U36XOZ4VNR4V NANOCORE PTOJ QVM05 R + MAL SCORE SMBD STATIC AI SUSGEN SUSPICIOUS PE TSPY UNSAFE WACATAC X2066 更多
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
McAfee Fareit-FTB!493B3835BF4A 20201211 6.0.6.653
Alibaba Trojan:Win32/Lokibot.7edfda54 20190527 0.3.0.5
Baidu 20190318 1.0.0.2
Avast Win32:Trojan-gen 20201210 21.1.5827.0
Kingsoft 20201211 2017.9.26.565
Tencent 20201211 1.0.0.1
CrowdStrike win/malicious_confidence_90% (W) 20190702 1.0
静态指标
The executable contains unknown PE section names indicative of a packer (could be a false positive) (3 个事件)
section CODE
section DATA
section BSS
The executable uses a known packer (1 个事件)
packer BobSoft Mini Delphi -> BoB / BobSoft
One or more processes crashed (1 个事件)
Time & API Arguments Status Return Repeated
1619479839.236374
__exception__
stacktrace: 
CreateFileMappingW+0xe5 OpenFileMappingW-0x29 kernelbase+0xdc73 @ 0x778edc73
GetFileVersion+0xa7 ND_RI2-0x2eb mscoreei+0xe97b @ 0x73aae97b
GetFileVersion+0x1bb ND_RI2-0x1d7 mscoreei+0xea8f @ 0x73aaea8f
RegisterShimImplCallback+0x48e5 CLRCreateInstance-0x13e6 mscoreei+0xb25a @ 0x73aab25a
RegisterShimImplCallback+0x4b52 CLRCreateInstance-0x1179 mscoreei+0xb4c7 @ 0x73aab4c7
RegisterShimImplCallback+0x4300 CLRCreateInstance-0x19cb mscoreei+0xac75 @ 0x73aaac75
RegisterShimImplCallback+0x4561 CLRCreateInstance-0x176a mscoreei+0xaed6 @ 0x73aaaed6
CreateConfigStream+0xc89 _CorExeMain-0x62 mscoreei+0x5511 @ 0x73aa5511
_CorExeMain+0x2b _CorExeMain2-0x141 mscoreei+0x559e @ 0x73aa559e
CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x74167f16
_CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x74164de3
493b3835bf4a51d0571e0df0884f9cc8+0x90a4d @ 0x490a4d
493b3835bf4a51d0571e0df0884f9cc8+0x89254 @ 0x489254
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1634372
registers.edi: 2
registers.eax: 1
registers.ebp: 1634412
registers.edx: 228
registers.ebx: 983045
registers.esi: 1634532
registers.ecx: 228
exception.symbol:
exception.exception_code: 0xc0000005
exception.address: 0xfcd914ad
success 0 0
行为判定
动态指标
One or more potentially interesting buffers were extracted, these generally contain injected code, configuration data, etc.
Allocates read-write-execute memory (usually to unpack itself) (30 个事件)
Time & API Arguments Status Return Repeated
1619479828.908999
NtAllocateVirtualMemory
process_identifier: 2656
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x003f0000
success 0 0
1619479829.299999
NtProtectVirtualMemory
process_identifier: 2656
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 36864
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00454000
success 0 0
1619479829.299999
NtAllocateVirtualMemory
process_identifier: 2656
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00580000
success 0 0
1619479830.377374
NtProtectVirtualMemory
process_identifier: 2996
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00400000
success 0 0
1619479830.408374
NtAllocateVirtualMemory
process_identifier: 2996
region_size: 1835008
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 8192 (MEM_RESERVE)
base_address: 0x02030000
success 0 0
1619479830.408374
NtAllocateVirtualMemory
process_identifier: 2996
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x021b0000
success 0 0
1619479830.408374
NtAllocateVirtualMemory
process_identifier: 2996
region_size: 557056
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x01ef0000
success 0 0
1619479830.408374
NtProtectVirtualMemory
process_identifier: 2996
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 520192
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x01ef2000
success 0 0
1619479830.799374
NtAllocateVirtualMemory
process_identifier: 2996
region_size: 589824
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 8192 (MEM_RESERVE)
base_address: 0x02030000
success 0 0
1619479830.799374
NtAllocateVirtualMemory
process_identifier: 2996
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x02080000
success 0 0
1619479839.221374
NtProtectVirtualMemory
process_identifier: 2996
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00572000
success 0 0
1619479839.221374
NtProtectVirtualMemory
process_identifier: 2996
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76351000
success 0 0
1619479839.221374
NtProtectVirtualMemory
process_identifier: 2996
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00572000
success 0 0
1619479839.221374
NtProtectVirtualMemory
process_identifier: 2996
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76353000
success 0 0
1619479839.221374
NtProtectVirtualMemory
process_identifier: 2996
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00572000
success 0 0
1619479839.221374
NtProtectVirtualMemory
process_identifier: 2996
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76354000
success 0 0
1619479839.221374
NtProtectVirtualMemory
process_identifier: 2996
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00572000
success 0 0
1619479839.221374
NtProtectVirtualMemory
process_identifier: 2996
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76351000
success 0 0
1619479839.221374
NtProtectVirtualMemory
process_identifier: 2996
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00572000
success 0 0
1619479839.221374
NtProtectVirtualMemory
process_identifier: 2996
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x77d4f000
success 0 0
1619479839.221374
NtProtectVirtualMemory
process_identifier: 2996
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00572000
success 0 0
1619479839.221374
NtProtectVirtualMemory
process_identifier: 2996
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76353000
success 0 0
1619479839.221374
NtProtectVirtualMemory
process_identifier: 2996
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00572000
success 0 0
1619479839.221374
NtProtectVirtualMemory
process_identifier: 2996
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76351000
success 0 0
1619479839.221374
NtProtectVirtualMemory
process_identifier: 2996
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00572000
success 0 0
1619479839.221374
NtProtectVirtualMemory
process_identifier: 2996
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76351000
success 0 0
1619479839.221374
NtProtectVirtualMemory
process_identifier: 2996
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00572000
success 0 0
1619479839.221374
NtProtectVirtualMemory
process_identifier: 2996
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76354000
success 0 0
1619479839.221374
NtProtectVirtualMemory
process_identifier: 2996
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00572000
success 0 0
1619479839.221374
NtProtectVirtualMemory
process_identifier: 2996
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76351000
success 0 0
Searches running processes potentially to identify processes for sandbox evasion, code injection or memory dumping (4 个事件)
The binary likely contains encrypted or compressed data indicative of a packer (2 个事件)
entropy 7.315669140340971 section {'size_of_data': '0x0005fe00', 'virtual_address': '0x0006b000', 'entropy': 7.315669140340971, 'name': '.rsrc', 'virtual_size': '0x0005fcb8'} description A section with a high entropy has been found
entropy 0.48636651870640457 description Overall entropy of this PE file is high
网络通信
Communicates with host for which no DNS query was performed (1 个事件)
host 172.217.24.14
Used NtSetContextThread to modify a thread in a remote process indicative of process injection (2 个事件)
Process injection Process 2656 called NtSetContextThread to modify thread in remote process 2996
Time & API Arguments Status Return Repeated
1619479830.080999
NtSetContextThread
thread_handle: 0x000000fc
registers.eip: 0
registers.esp: 0
registers.edi: 0
registers.eax: 5354704
registers.ebp: 0
registers.edx: 0
registers.ebx: 2130567168
registers.esi: 0
registers.ecx: 0
process_identifier: 2996
success 0 0
Resumed a suspended thread in a remote process potentially indicative of process injection (2 个事件)
Process injection Process 2656 resumed a thread in remote process 2996
Time & API Arguments Status Return Repeated
1619479830.252999
NtResumeThread
thread_handle: 0x000000fc
suspend_count: 1
process_identifier: 2996
success 0 0
Executed a process and injected code into it, probably while unpacking (6 个事件)
Time & API Arguments Status Return Repeated
1619479829.877999
CreateProcessInternalW
thread_identifier: 1816
thread_handle: 0x000000fc
process_identifier: 2996
current_directory:
filepath:
track: 1
command_line: "C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\493b3835bf4a51d0571e0df0884f9cc8.exe"
filepath_r:
stack_pivoted: 0
creation_flags: 4 (CREATE_SUSPENDED)
process_handle: 0x00000100
inherit_handles: 0
success 1 0
1619479829.877999
NtUnmapViewOfSection
process_identifier: 2996
region_size: 4096
process_handle: 0x00000100
base_address: 0x00400000
success 0 0
1619479830.049999
NtMapViewOfSection
section_handle: 0x00000108
process_identifier: 2996
commit_size: 1167360
win32_protect: 64 (PAGE_EXECUTE_READWRITE)
buffer:
process_handle: 0x00000100
allocation_type: 0 ()
section_offset: 0
view_size: 1167360
base_address: 0x00400000
success 0 0
1619479830.080999
NtGetContextThread
thread_handle: 0x000000fc
success 0 0
1619479830.080999
NtSetContextThread
thread_handle: 0x000000fc
registers.eip: 0
registers.esp: 0
registers.edi: 0
registers.eax: 5354704
registers.ebp: 0
registers.edx: 0
registers.ebx: 2130567168
registers.esi: 0
registers.ecx: 0
process_identifier: 2996
success 0 0
1619479830.252999
NtResumeThread
thread_handle: 0x000000fc
suspend_count: 1
process_identifier: 2996
success 0 0
File has been identified by 52 AntiVirus engines on VirusTotal as malicious (50 out of 52 个事件)
Elastic malicious (high confidence)
MicroWorld-eScan Trojan.Delf.FareIt.Gen.7
FireEye Generic.mg.493b3835bf4a51d0
McAfee Fareit-FTB!493B3835BF4A
Malwarebytes Trojan.MalPack.DLF
Zillya Trojan.Injector.Win32.739569
K7AntiVirus Trojan ( 005670e91 )
Alibaba Trojan:Win32/Lokibot.7edfda54
K7GW Trojan ( 005670e91 )
Cybereason malicious.61404a
Cyren W32/Injector.PTOJ-9369
APEX Malicious
Avast Win32:Trojan-gen
ClamAV Win.Malware.Nanocore-7846726-0
Kaspersky HEUR:Trojan.Win32.Kryptik.gen
BitDefender Trojan.Delf.FareIt.Gen.7
NANO-Antivirus Trojan.Win32.Nanocore.hkjfib
Paloalto generic.ml
Ad-Aware Trojan.Delf.FareIt.Gen.7
TACHYON Trojan/W32.DP-Agent.808448.K
Emsisoft Trojan.Delf.FareIt.Gen.7 (B)
Comodo Malware@#3u36xoz4vnr4v
F-Secure Heuristic.HEUR/AGEN.1136311
DrWeb Trojan.Nanocore.24
TrendMicro TSPY_HPLOKI.SMBD
McAfee-GW-Edition BehavesLike.Win32.Fareit.bc
Sophos Mal/Generic-R + Mal/Fareit-AA
SentinelOne Static AI - Suspicious PE
Jiangmin Trojan.Kryptik.biz
Avira HEUR/AGEN.1136311
Antiy-AVL Trojan/Win32.Wacatac
Gridinsoft Trojan.Win32.CeeInject.ba!s1
Arcabit Trojan.Delf.FareIt.Gen.7
AegisLab Trojan.Win32.Kryptik.4!c
ZoneAlarm HEUR:Trojan.Win32.Kryptik.gen
Microsoft Trojan:Win32/Lokibot.PC!MTB
Cynet Malicious (score: 100)
AhnLab-V3 Suspicious/Win.Delphiless.X2066
Acronis suspicious
VBA32 BScope.Trojan.Nanocore
ALYac Trojan.Agent.HawkEye
MAX malware (ai score=86)
ESET-NOD32 a variant of Win32/Injector.ENCD
TrendMicro-HouseCall TSPY_HPLOKI.SMBD
Ikarus Trojan.Inject
eGambit Unsafe.AI_Score_99%
Fortinet W32/Injector.EHDJ!tr
MaxSecure Trojan.Malware.73736783.susgen
AVG Win32:Trojan-gen
Panda Trj/Genetic.gen
Connects to IP addresses that are no longer responding to requests (legitimate services will remain up-and-running usually) (2 个事件)
dead_host 172.217.24.14:443
dead_host 172.217.160.110:443
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

1992-06-20 06:22:17

Imports

Library kernel32.dll:
0x46013c VirtualFree
0x460140 VirtualAlloc
0x460144 LocalFree
0x460148 LocalAlloc
0x46014c GetVersion
0x460150 GetCurrentThreadId
0x46015c VirtualQuery
0x460160 WideCharToMultiByte
0x460164 MultiByteToWideChar
0x460168 lstrlenA
0x46016c lstrcpynA
0x460170 LoadLibraryExA
0x460174 GetThreadLocale
0x460178 GetStartupInfoA
0x46017c GetProcAddress
0x460180 GetModuleHandleA
0x460184 GetModuleFileNameA
0x460188 GetLocaleInfoA
0x46018c GetCommandLineA
0x460190 FreeLibrary
0x460194 FindFirstFileA
0x460198 FindClose
0x46019c ExitProcess
0x4601a0 WriteFile
0x4601a8 RtlUnwind
0x4601ac RaiseException
0x4601b0 GetStdHandle
Library user32.dll:
0x4601b8 GetKeyboardType
0x4601bc LoadStringA
0x4601c0 MessageBoxA
0x4601c4 CharNextA
Library advapi32.dll:
0x4601cc RegQueryValueExA
0x4601d0 RegOpenKeyExA
0x4601d4 RegCloseKey
Library oleaut32.dll:
0x4601dc SysFreeString
0x4601e0 SysReAllocStringLen
0x4601e4 SysAllocStringLen
Library kernel32.dll:
0x4601ec TlsSetValue
0x4601f0 TlsGetValue
0x4601f4 LocalAlloc
0x4601f8 GetModuleHandleA
Library advapi32.dll:
0x460200 RegQueryValueExA
0x460204 RegOpenKeyExA
0x460208 RegCloseKey
Library kernel32.dll:
0x460210 lstrcpyA
0x460214 WriteFile
0x460218 WaitForSingleObject
0x46021c VirtualQuery
0x460220 VirtualAlloc
0x460224 Sleep
0x460228 SizeofResource
0x46022c SetThreadLocale
0x460230 SetFilePointer
0x460234 SetEvent
0x460238 SetErrorMode
0x46023c SetEndOfFile
0x460240 ResetEvent
0x460244 ReadFile
0x460248 MulDiv
0x46024c LockResource
0x460250 LoadResource
0x460254 LoadLibraryA
0x460260 GlobalUnlock
0x460264 GlobalReAlloc
0x460268 GlobalHandle
0x46026c GlobalLock
0x460270 GlobalFree
0x460274 GlobalFindAtomA
0x460278 GlobalDeleteAtom
0x46027c GlobalAlloc
0x460280 GlobalAddAtomA
0x460284 GetVersionExA
0x460288 GetVersion
0x46028c GetTickCount
0x460290 GetThreadLocale
0x460298 GetSystemTime
0x46029c GetSystemInfo
0x4602a0 GetStringTypeExA
0x4602a4 GetStdHandle
0x4602a8 GetProcAddress
0x4602ac GetModuleHandleA
0x4602b0 GetModuleFileNameA
0x4602b4 GetLocaleInfoA
0x4602b8 GetLocalTime
0x4602bc GetLastError
0x4602c0 GetFullPathNameA
0x4602c4 GetDiskFreeSpaceA
0x4602c8 GetDateFormatA
0x4602cc GetCurrentThreadId
0x4602d0 GetCurrentProcessId
0x4602d4 GetCPInfo
0x4602d8 GetACP
0x4602dc FreeResource
0x4602e0 InterlockedExchange
0x4602e4 FreeLibrary
0x4602e8 FormatMessageA
0x4602ec FindResourceA
0x4602f4 ExitThread
0x4602f8 EnumCalendarInfoA
0x460304 CreateThread
0x460308 CreateFileA
0x46030c CreateEventA
0x460310 CompareStringA
0x460314 CloseHandle
Library version.dll:
0x46031c VerQueryValueA
0x460324 GetFileVersionInfoA
Library gdi32.dll:
0x46032c UnrealizeObject
0x460330 StretchBlt
0x460334 SetWindowOrgEx
0x460338 SetViewportOrgEx
0x46033c SetTextColor
0x460340 SetStretchBltMode
0x460344 SetROP2
0x460348 SetPixel
0x46034c SetDIBColorTable
0x460350 SetBrushOrgEx
0x460354 SetBkMode
0x460358 SetBkColor
0x46035c SelectPalette
0x460360 SelectObject
0x460364 SaveDC
0x460368 RestoreDC
0x46036c RectVisible
0x460370 RealizePalette
0x460374 PatBlt
0x460378 MoveToEx
0x46037c MaskBlt
0x460380 LineTo
0x460384 IntersectClipRect
0x460388 GetWindowOrgEx
0x46038c GetTextMetricsA
0x460398 GetStockObject
0x46039c GetPixel
0x4603a0 GetPaletteEntries
0x4603a4 GetObjectA
0x4603a8 GetDeviceCaps
0x4603ac GetDIBits
0x4603b0 GetDIBColorTable
0x4603b4 GetDCOrgEx
0x4603bc GetClipBox
0x4603c0 GetBrushOrgEx
0x4603c4 GetBitmapBits
0x4603c8 ExtTextOutA
0x4603cc ExcludeClipRect
0x4603d0 DeleteObject
0x4603d4 DeleteDC
0x4603d8 CreateSolidBrush
0x4603dc CreatePenIndirect
0x4603e0 CreatePalette
0x4603e8 CreateFontIndirectA
0x4603ec CreateDIBitmap
0x4603f0 CreateDIBSection
0x4603f4 CreateCompatibleDC
0x4603fc CreateBrushIndirect
0x460400 CreateBitmap
0x460404 BitBlt
Library user32.dll:
0x46040c CreateWindowExA
0x460410 WindowFromPoint
0x460414 WinHelpA
0x460418 WaitMessage
0x46041c UpdateWindow
0x460420 UnregisterClassA
0x460424 UnhookWindowsHookEx
0x460428 TranslateMessage
0x460430 TrackPopupMenu
0x460438 ShowWindow
0x46043c ShowScrollBar
0x460440 ShowOwnedPopups
0x460444 ShowCursor
0x460448 SetWindowsHookExA
0x46044c SetWindowTextA
0x460450 SetWindowPos
0x460454 SetWindowPlacement
0x460458 SetWindowLongA
0x46045c SetTimer
0x460460 SetScrollRange
0x460464 SetScrollPos
0x460468 SetScrollInfo
0x46046c SetRect
0x460470 SetPropA
0x460474 SetParent
0x460478 SetMenuItemInfoA
0x46047c SetMenu
0x460480 SetForegroundWindow
0x460484 SetFocus
0x460488 SetCursor
0x46048c SetClassLongA
0x460490 SetCapture
0x460494 SetActiveWindow
0x460498 SendMessageA
0x46049c ScrollWindow
0x4604a0 ScreenToClient
0x4604a4 RemovePropA
0x4604a8 RemoveMenu
0x4604ac ReleaseDC
0x4604b0 ReleaseCapture
0x4604bc RegisterClassA
0x4604c0 RedrawWindow
0x4604c4 PtInRect
0x4604c8 PostQuitMessage
0x4604cc PostMessageA
0x4604d0 PeekMessageA
0x4604d4 OffsetRect
0x4604d8 OemToCharA
0x4604dc MessageBoxA
0x4604e0 MapWindowPoints
0x4604e4 MapVirtualKeyA
0x4604e8 LoadStringA
0x4604ec LoadKeyboardLayoutA
0x4604f0 LoadIconA
0x4604f4 LoadCursorA
0x4604f8 LoadBitmapA
0x4604fc KillTimer
0x460500 IsZoomed
0x460504 IsWindowVisible
0x460508 IsWindowEnabled
0x46050c IsWindow
0x460510 IsRectEmpty
0x460514 IsIconic
0x460518 IsDialogMessageA
0x46051c IsChild
0x460520 InvalidateRect
0x460524 IntersectRect
0x460528 InsertMenuItemA
0x46052c InsertMenuA
0x460530 InflateRect
0x460538 GetWindowTextA
0x46053c GetWindowRect
0x460540 GetWindowPlacement
0x460544 GetWindowLongA
0x460548 GetWindowDC
0x46054c GetTopWindow
0x460550 GetSystemMetrics
0x460554 GetSystemMenu
0x460558 GetSysColorBrush
0x46055c GetSysColor
0x460560 GetSubMenu
0x460564 GetScrollRange
0x460568 GetScrollPos
0x46056c GetScrollInfo
0x460570 GetPropA
0x460574 GetParent
0x460578 GetWindow
0x46057c GetMenuStringA
0x460580 GetMenuState
0x460584 GetMenuItemInfoA
0x460588 GetMenuItemID
0x46058c GetMenuItemCount
0x460590 GetMenu
0x460594 GetLastActivePopup
0x460598 GetKeyboardState
0x4605a0 GetKeyboardLayout
0x4605a4 GetKeyState
0x4605a8 GetKeyNameTextA
0x4605ac GetIconInfo
0x4605b0 GetForegroundWindow
0x4605b4 GetFocus
0x4605b8 GetDlgItem
0x4605bc GetDesktopWindow
0x4605c0 GetDCEx
0x4605c4 GetDC
0x4605c8 GetCursorPos
0x4605cc GetCursor
0x4605d0 GetClientRect
0x4605d4 GetClassNameA
0x4605d8 GetClassInfoA
0x4605dc GetCapture
0x4605e0 GetActiveWindow
0x4605e4 FrameRect
0x4605e8 FindWindowA
0x4605ec FillRect
0x4605f0 EqualRect
0x4605f4 EnumWindows
0x4605f8 EnumThreadWindows
0x4605fc EndPaint
0x460600 EnableWindow
0x460604 EnableScrollBar
0x460608 EnableMenuItem
0x46060c DrawTextA
0x460610 DrawMenuBar
0x460614 DrawIconEx
0x460618 DrawIcon
0x46061c DrawFrameControl
0x460620 DrawFocusRect
0x460624 DrawEdge
0x460628 DispatchMessageA
0x46062c DestroyWindow
0x460630 DestroyMenu
0x460634 DestroyIcon
0x460638 DestroyCursor
0x46063c DeleteMenu
0x460640 DefWindowProcA
0x460644 DefMDIChildProcA
0x460648 DefFrameProcA
0x46064c CreatePopupMenu
0x460650 CreateMenu
0x460654 CreateIcon
0x460658 ClientToScreen
0x46065c CheckMenuItem
0x460660 CallWindowProcA
0x460664 CallNextHookEx
0x460668 BeginPaint
0x46066c CharNextA
0x460670 CharLowerA
0x460674 CharToOemA
0x460678 AdjustWindowRectEx
Library kernel32.dll:
0x460684 Sleep
Library oleaut32.dll:
0x46068c SafeArrayPtrOfIndex
0x460690 SafeArrayGetUBound
0x460694 SafeArrayGetLBound
0x460698 SafeArrayCreate
0x46069c VariantChangeType
0x4606a0 VariantCopy
0x4606a4 VariantClear
0x4606a8 VariantInit
Library comctl32.dll:
0x4606b8 ImageList_Write
0x4606bc ImageList_Read
0x4606cc ImageList_DragMove
0x4606d0 ImageList_DragLeave
0x4606d4 ImageList_DragEnter
0x4606d8 ImageList_EndDrag
0x4606dc ImageList_BeginDrag
0x4606e0 ImageList_Remove
0x4606e4 ImageList_DrawEx
0x4606e8 ImageList_Draw
0x4606f8 ImageList_Add
0x460700 ImageList_Destroy
0x460704 ImageList_Create
Library comdlg32.dll:
0x46070c GetOpenFileNameA

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 49235 114.114.114.114 53
192.168.56.101 60123 114.114.114.114 53
192.168.56.101 60215 114.114.114.114 53
192.168.56.101 60384 114.114.114.114 53
192.168.56.101 63429 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 123 20.189.79.72 time.windows.com 123
192.168.56.101 49713 224.0.0.252 5355
192.168.56.101 50534 224.0.0.252 5355
192.168.56.101 51378 224.0.0.252 5355
192.168.56.101 51808 224.0.0.252 5355
192.168.56.101 53237 224.0.0.252 5355
192.168.56.101 55368 224.0.0.252 5355
192.168.56.101 56539 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 62318 224.0.0.252 5355
192.168.56.101 1900 239.255.255.250 1900
192.168.56.101 51809 239.255.255.250 3702
192.168.56.101 56807 239.255.255.250 1900

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.