6.6
高危
58 个模型检测该样本为恶意!
重新分析
更多

8b7c72262d30ac1b5f68f30f4b6c7d623968d91da08d32c2628a38074b23ab87

4b0eea4ab9295b29359ba65024a4de59.exe

分析耗时

86s

最近分析

文件大小

476.0KB
静态报毒 动态报毒 100% AI SCORE=100 BSCOPE CLASSIC CONFIDENCE CQYJ DOWNLOADER33 ELDORADO EMOTET EPXK FAMVT FPTLM GEKASITM HDHS HIGH CONFIDENCE HJMKSH KRYPTIK MALWARE@#M3YBR1RUBO32 R06EC0DIK20 R335226 SCORE SUSGEN UNSAFE Y4I9GP38EZY 更多
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
Alibaba Trojan:Win32/Emotet.1ac417c1 20190527 0.3.0.5
Baidu 20190318 1.0.0.2
Avast Win32:Malware-gen 20201229 21.1.5827.0
Kingsoft 20201229 2017.9.26.565
McAfee Emotet-FQC!4B0EEA4AB929 20201229 6.0.6.653
CrowdStrike win/malicious_confidence_100% (W) 20190702 1.0
静态指标
Queries for the computername (1 个事件)
Time & API Arguments Status Return Repeated
1619474762.130124
GetComputerNameA
computer_name: OSKAR-PC
success 1 0
Uses Windows APIs to generate a cryptographic key (4 个事件)
Time & API Arguments Status Return Repeated
1619474752.536124
CryptGenKey
crypto_handle: 0x008b4cc8
algorithm_identifier: 0x0000660e ()
provider_handle: 0x008b3e98
flags: 1
key: fÆï—úõ„þa:o‚s
success 1 0
1619474762.255124
CryptExportKey
crypto_handle: 0x008b4cc8
crypto_export_handle: 0x008b3f60
buffer: f¤aA÷ÁRÆ ¸-Õ³fß%jÁMÆD›ßkÏQçÐ ­E3gT¢‰"CЗ¥sHUjƒï.·tC•Å ­©Vz«šé°‹þÎæ)Æí CÕýn%
blob_type: 1
flags: 64
success 1 0
1619474789.786124
CryptExportKey
crypto_handle: 0x008b4cc8
crypto_export_handle: 0x008b3f60
buffer: f¤âî ´Õz7Ò·|U–°ªËtXÀ©4Ю½Ö«æ£l{°ÔR¶¨’Ó¢EÔ*,jÚ=ÍZ8¨ö_=“ÀqbÅ O‚päװljó~>n_2<‚»‚™ž58¸ŠØÈ
blob_type: 1
flags: 64
success 1 0
1619474794.490124
CryptExportKey
crypto_handle: 0x008b4cc8
crypto_export_handle: 0x008b3f60
buffer: f¤“ìèVՇ’b{XÙ÷BÏâÞCD“Õh6šf­¡wìÂ@‹Ëà‹zÀ%ä†)¾ g÷´rqrJ d{2W€ÇWš\½c„éíÅPYR‘®ÈáGâíG/͚ͅ…“&Ýuº
blob_type: 1
flags: 64
success 1 0
This executable has a PDB path (1 个事件)
pdb_path c:\Users\User\Desktop\2003\27.4.20\CClockCtrl_src\Release\PJClock.pdb
行为判定
动态指标
Allocates read-write-execute memory (usually to unpack itself) (1 个事件)
Time & API Arguments Status Return Repeated
1619474746.099124
NtAllocateVirtualMemory
process_identifier: 1804
region_size: 36864
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12289 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00760000
success 0 0
Searches running processes potentially to identify processes for sandbox evasion, code injection or memory dumping (1 个事件)
Checks adapter addresses which can be used to detect virtual network interfaces (1 个事件)
Time & API Arguments Status Return Repeated
1619474762.615124
GetAdaptersAddresses
flags: 0
family: 0
failed 111 0
Expresses interest in specific running processes (1 个事件)
process 4b0eea4ab9295b29359ba65024a4de59.exe
Reads the systems User Agent and subsequently performs requests (1 个事件)
Time & API Arguments Status Return Repeated
1619474762.458124
InternetOpenW
proxy_bypass:
access_type: 0
proxy_name:
flags: 0
user_agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
success 13369348 0
网络通信
Communicates with host for which no DNS query was performed (4 个事件)
host 101.187.104.105
host 172.217.24.14
host 68.44.137.144
host 82.223.70.24
Sets or modifies WPAD proxy autoconfiguration file for traffic interception (8 个事件)
Time & API Arguments Status Return Repeated
1619474765.240124
RegSetValueExA
key_handle: 0x0000039c
value: 1
regkey_r: WpadDecisionReason
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionReason
success 0 0
1619474765.240124
RegSetValueExA
key_handle: 0x0000039c
value: p[ÅÃâ:×
regkey_r: WpadDecisionTime
reg_type: 3 (REG_BINARY)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionTime
success 0 0
1619474765.240124
RegSetValueExA
key_handle: 0x0000039c
value: 3
regkey_r: WpadDecision
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecision
success 0 0
1619474765.240124
RegSetValueExW
key_handle: 0x0000039c
value: 网络 2
regkey_r: WpadNetworkName
reg_type: 1 (REG_SZ)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadNetworkName
success 0 0
1619474765.240124
RegSetValueExA
key_handle: 0x000003b4
value: 1
regkey_r: WpadDecisionReason
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionReason
success 0 0
1619474765.240124
RegSetValueExA
key_handle: 0x000003b4
value: p[ÅÃâ:×
regkey_r: WpadDecisionTime
reg_type: 3 (REG_BINARY)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionTime
success 0 0
1619474765.240124
RegSetValueExA
key_handle: 0x000003b4
value: 3
regkey_r: WpadDecision
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecision
success 0 0
1619474765.255124
RegSetValueExW
key_handle: 0x00000398
value: {40112ABE-63B3-43C3-BE93-1440EE3AF106}
regkey_r: WpadLastNetwork
reg_type: 1 (REG_SZ)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\WpadLastNetwork
success 0 0
File has been identified by 58 AntiVirus engines on VirusTotal as malicious (50 out of 58 个事件)
Bkav W32.FamVT.GekasiTM.Trojan
Elastic malicious (high confidence)
MicroWorld-eScan Trojan.Agent.EPXK
FireEye Trojan.Agent.EPXK
CAT-QuickHeal Backdoor.Emotet
ALYac Trojan.Agent.EPXK
Cylance Unsafe
SUPERAntiSpyware Trojan.Agent/Gen-Emotet
K7AntiVirus Trojan ( 00565a131 )
Alibaba Trojan:Win32/Emotet.1ac417c1
K7GW Trojan ( 00565a131 )
Cybereason malicious.ab9295
Arcabit Trojan.Agent.EPXK
Cyren W32/Kryptik.BLV.gen!Eldorado
Symantec Trojan.Emotet
APEX Malicious
Avast Win32:Malware-gen
ClamAV Win.Dropper.Emotet-7715356-0
Kaspersky HEUR:Backdoor.Win32.Emotet.pef
BitDefender Trojan.Agent.EPXK
NANO-Antivirus Trojan.Win32.Emotet.hjmksh
Paloalto generic.ml
AegisLab Trojan.Win32.Emotet.L!c
Ad-Aware Trojan.Agent.EPXK
TACHYON Trojan/W32.Agent.487424.VN
Sophos Mal/Generic-S
Comodo Malware@#m3ybr1rubo32
F-Secure Trojan.TR/Emotet.fptlm
DrWeb Trojan.DownLoader33.37375
VIPRE Trojan.Win32.Generic!BT
TrendMicro TROJ_GEN.R06EC0DIK20
McAfee-GW-Edition BehavesLike.Win32.Emotet.gh
MaxSecure Trojan.Malware.98461832.susgen
Emsisoft Trojan.Emotet (A)
Jiangmin Trojan.Agent.cqyj
Webroot W32.Trojan.Emotet
Avira TR/Emotet.fptlm
Antiy-AVL Trojan/Win32.Emotet
Microsoft Trojan:Win32/Emotet.DEA!MTB
ViRobot Trojan.Win32.Agent.487424.BC
ZoneAlarm HEUR:Trojan-Banker.Win32.Emotet.gen
GData Trojan.Agent.EPXK
Cynet Malicious (score: 100)
AhnLab-V3 Malware/Win32.RL_Generic.R335226
McAfee Emotet-FQC!4B0EEA4AB929
MAX malware (ai score=100)
VBA32 BScope.Backdoor.Emotet
Malwarebytes Trojan.Emotet
ESET-NOD32 Win32/Emotet.CD
TrendMicro-HouseCall TrojanSpy.Win32.EMOTET.SMT.hp
Connects to IP addresses that are no longer responding to requests (legitimate services will remain up-and-running usually) (6 个事件)
dead_host 192.168.56.101:49180
dead_host 82.223.70.24:8080
dead_host 172.217.24.14:443
dead_host 216.58.200.238:443
dead_host 101.187.104.105:80
dead_host 68.44.137.144:443
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

2020-04-28 04:36:47

Imports

Library KERNEL32.dll:
0x44b1e0 VirtualQuery
0x44b1e4 GetStartupInfoA
0x44b1e8 GetCommandLineA
0x44b1ec ExitProcess
0x44b1f0 TerminateProcess
0x44b1f4 ExitThread
0x44b1f8 CreateThread
0x44b1fc HeapReAlloc
0x44b200 HeapSize
0x44b208 FatalAppExitA
0x44b20c HeapDestroy
0x44b210 HeapCreate
0x44b214 VirtualFree
0x44b218 IsBadWritePtr
0x44b21c GetStdHandle
0x44b234 SetHandleCount
0x44b238 GetSystemInfo
0x44b240 GetTickCount
0x44b244 GetCurrentProcessId
0x44b24c LCMapStringA
0x44b250 LCMapStringW
0x44b254 GetStringTypeA
0x44b258 GetStringTypeW
0x44b260 IsBadReadPtr
0x44b264 IsBadCodePtr
0x44b268 GetTimeFormatA
0x44b26c GetDateFormatA
0x44b270 GetUserDefaultLCID
0x44b274 EnumSystemLocalesA
0x44b278 IsValidLocale
0x44b27c IsValidCodePage
0x44b284 SetStdHandle
0x44b288 GetLocaleInfoW
0x44b290 VirtualAlloc
0x44b294 VirtualProtect
0x44b298 HeapFree
0x44b29c HeapAlloc
0x44b2a0 RtlUnwind
0x44b2a4 LocalLock
0x44b2a8 LocalUnlock
0x44b2ac SetErrorMode
0x44b2b0 SetFileAttributesA
0x44b2c4 GetShortPathNameA
0x44b2c8 CreateFileA
0x44b2d0 FindFirstFileA
0x44b2d4 FindClose
0x44b2d8 GetCurrentProcess
0x44b2dc DuplicateHandle
0x44b2e0 GetFileSize
0x44b2e4 SetEndOfFile
0x44b2e8 UnlockFile
0x44b2ec LockFile
0x44b2f0 FlushFileBuffers
0x44b2f4 SetFilePointer
0x44b2f8 WriteFile
0x44b2fc ReadFile
0x44b300 DeleteFileA
0x44b304 MoveFileA
0x44b318 RaiseException
0x44b31c GetOEMCP
0x44b320 GetCPInfo
0x44b328 GlobalFlags
0x44b330 TlsFree
0x44b338 LocalReAlloc
0x44b33c TlsSetValue
0x44b340 TlsAlloc
0x44b348 TlsGetValue
0x44b350 GlobalHandle
0x44b354 GlobalReAlloc
0x44b35c LocalAlloc
0x44b360 GlobalFree
0x44b364 CopyFileA
0x44b368 GlobalSize
0x44b36c FormatMessageA
0x44b370 LocalFree
0x44b374 GetDiskFreeSpaceA
0x44b378 GetFullPathNameA
0x44b37c GetTempFileNameA
0x44b380 GetFileTime
0x44b384 SetFileTime
0x44b388 GetFileAttributesA
0x44b38c CreateEventA
0x44b390 SuspendThread
0x44b394 SetEvent
0x44b398 WaitForSingleObject
0x44b39c ResumeThread
0x44b3a0 SetThreadPriority
0x44b3a4 CloseHandle
0x44b3a8 GetCurrentThread
0x44b3ac GlobalAlloc
0x44b3b0 lstrcmpA
0x44b3b4 GetModuleFileNameA
0x44b3c0 lstrcpyA
0x44b3c4 SizeofResource
0x44b3c8 GlobalLock
0x44b3cc GlobalUnlock
0x44b3d0 MulDiv
0x44b3d4 SetLastError
0x44b3d8 FindResourceA
0x44b3dc LoadResource
0x44b3e0 LockResource
0x44b3e4 FreeResource
0x44b3e8 GetCurrentThreadId
0x44b3ec GlobalGetAtomNameA
0x44b3f0 GlobalAddAtomA
0x44b3f4 GlobalFindAtomA
0x44b3f8 GlobalDeleteAtom
0x44b3fc LoadLibraryA
0x44b400 FreeLibrary
0x44b404 lstrcatA
0x44b408 lstrcmpW
0x44b40c lstrcpynA
0x44b410 GetModuleHandleA
0x44b414 GetProcAddress
0x44b418 GetStringTypeExW
0x44b41c GetStringTypeExA
0x44b428 CompareStringW
0x44b42c CompareStringA
0x44b430 lstrlenA
0x44b434 Sleep
0x44b438 lstrcmpiW
0x44b43c lstrlenW
0x44b440 lstrcmpiA
0x44b444 GetVersion
0x44b448 GetLastError
0x44b44c WideCharToMultiByte
0x44b450 MultiByteToWideChar
0x44b454 GetVersionExA
0x44b458 GetThreadLocale
0x44b45c GetLocaleInfoA
0x44b460 GetACP
0x44b464 InterlockedExchange
0x44b468 LoadLibraryExW
0x44b46c GetFileType
0x44b470 GetLocalTime
Library USER32.dll:
0x44b540 SetParent
0x44b544 GetMenuState
0x44b548 EnableMenuItem
0x44b54c CheckMenuItem
0x44b554 LoadBitmapA
0x44b558 ScrollWindowEx
0x44b55c IsWindowEnabled
0x44b560 ShowWindow
0x44b564 MoveWindow
0x44b568 SetWindowTextA
0x44b56c IsDialogMessageA
0x44b570 IsDlgButtonChecked
0x44b574 SetDlgItemTextA
0x44b578 SetDlgItemInt
0x44b57c GetDlgItemTextA
0x44b580 CheckRadioButton
0x44b584 CheckDlgButton
0x44b588 EndPaint
0x44b58c BeginPaint
0x44b590 GetWindowDC
0x44b594 ReleaseDC
0x44b598 GetDC
0x44b59c ClientToScreen
0x44b5a0 GrayStringA
0x44b5a4 DrawTextExA
0x44b5a8 DrawTextA
0x44b5ac TabbedTextOutA
0x44b5b0 FillRect
0x44b5b8 WinHelpA
0x44b5bc GetCapture
0x44b5c0 CreateWindowExA
0x44b5c4 SetWindowsHookExA
0x44b5c8 CallNextHookEx
0x44b5cc GetClassLongA
0x44b5d0 GetClassInfoExA
0x44b5d4 GetClassNameA
0x44b5d8 SetPropA
0x44b5dc GetPropA
0x44b5e0 RemovePropA
0x44b5e4 SendDlgItemMessageA
0x44b5e8 GetFocus
0x44b5ec IsWindow
0x44b5f0 SetFocus
0x44b5f4 IsChild
0x44b5fc GetWindowTextA
0x44b600 GetForegroundWindow
0x44b604 GetLastActivePopup
0x44b608 SetActiveWindow
0x44b60c DispatchMessageA
0x44b610 BeginDeferWindowPos
0x44b614 EndDeferWindowPos
0x44b618 GetDlgItem
0x44b61c GetTopWindow
0x44b620 DestroyWindow
0x44b624 UnhookWindowsHookEx
0x44b628 GetMessageTime
0x44b62c WindowFromPoint
0x44b630 LoadIconA
0x44b634 PeekMessageA
0x44b638 MapWindowPoints
0x44b63c ScrollWindow
0x44b640 MessageBoxA
0x44b644 TrackPopupMenuEx
0x44b648 GetSystemMenu
0x44b64c GetKeyState
0x44b650 SetScrollRange
0x44b654 GetScrollRange
0x44b658 SetScrollPos
0x44b65c GetScrollPos
0x44b660 SetForegroundWindow
0x44b664 ShowScrollBar
0x44b668 IsWindowVisible
0x44b66c GetMenu
0x44b670 PostMessageA
0x44b674 GetSubMenu
0x44b678 GetMenuItemID
0x44b67c GetMenuItemCount
0x44b680 AdjustWindowRectEx
0x44b684 GetParent
0x44b688 ScreenToClient
0x44b68c EqualRect
0x44b690 DeferWindowPos
0x44b694 GetScrollInfo
0x44b698 SetScrollInfo
0x44b69c GetClassInfoA
0x44b6a0 RegisterClassA
0x44b6a4 UnregisterClassA
0x44b6a8 SetWindowPlacement
0x44b6ac GetDlgCtrlID
0x44b6b0 SendMessageA
0x44b6b4 DefWindowProcA
0x44b6b8 SetRect
0x44b6bc DestroyIcon
0x44b6c0 DeleteMenu
0x44b6c4 UnionRect
0x44b6c8 IsRectEmpty
0x44b6cc MapVirtualKeyA
0x44b6d0 GetKeyNameTextA
0x44b6d4 LoadCursorA
0x44b6d8 GetSysColorBrush
0x44b6dc GetMenuItemInfoA
0x44b6e0 GetMenuStringA
0x44b6e4 AppendMenuA
0x44b6e8 InsertMenuA
0x44b6ec RemoveMenu
0x44b6f0 CallWindowProcA
0x44b6f4 GetWindowLongA
0x44b6f8 SetWindowLongA
0x44b6fc SetWindowPos
0x44b700 OffsetRect
0x44b704 IntersectRect
0x44b70c IsIconic
0x44b710 GetWindowPlacement
0x44b714 GetWindowRect
0x44b718 GetSystemMetrics
0x44b71c CopyRect
0x44b720 PtInRect
0x44b724 GetWindow
0x44b728 CharUpperW
0x44b72c GetDialogBaseUnits
0x44b730 SetCapture
0x44b734 LockWindowUpdate
0x44b738 GetDCEx
0x44b740 CharUpperA
0x44b744 CharLowerW
0x44b748 CharLowerA
0x44b74c UpdateWindow
0x44b750 GetSysColor
0x44b754 EnableWindow
0x44b758 KillTimer
0x44b75c SetTimer
0x44b760 RedrawWindow
0x44b764 InvalidateRect
0x44b768 GetClientRect
0x44b76c InflateRect
0x44b770 MessageBeep
0x44b77c GetNextDlgTabItem
0x44b780 TrackPopupMenu
0x44b784 EndDialog
0x44b788 GetMessageA
0x44b78c TranslateMessage
0x44b790 GetCursorPos
0x44b794 ValidateRect
0x44b798 ShowOwnedPopups
0x44b79c PostQuitMessage
0x44b7a0 wsprintfA
0x44b7a4 LoadMenuA
0x44b7a8 DestroyMenu
0x44b7ac GetActiveWindow
0x44b7b0 UnpackDDElParam
0x44b7b4 ReuseDDElParam
0x44b7b8 SetCursor
0x44b7bc ReleaseCapture
0x44b7c0 LoadAcceleratorsA
0x44b7c4 InsertMenuItemA
0x44b7c8 CreatePopupMenu
0x44b7cc SetRectEmpty
0x44b7d0 BringWindowToTop
0x44b7d4 SetMenu
0x44b7d8 GetDesktopWindow
0x44b7e0 SetMenuItemBitmaps
0x44b7e4 GetMessagePos
0x44b7e8 ModifyMenuA
0x44b7ec GetDlgItemInt
Library GDI32.dll:
0x44b06c CreateRectRgn
0x44b070 SelectClipPath
0x44b074 GetViewportExtEx
0x44b078 GetWindowExtEx
0x44b07c BitBlt
0x44b080 GetPixel
0x44b084 StartDocA
0x44b088 PtVisible
0x44b08c RectVisible
0x44b090 TextOutA
0x44b094 ExtTextOutA
0x44b098 Escape
0x44b09c SelectObject
0x44b0a0 SetViewportOrgEx
0x44b0a4 OffsetViewportOrgEx
0x44b0a8 SetViewportExtEx
0x44b0ac ScaleViewportExtEx
0x44b0b0 SetWindowOrgEx
0x44b0b4 OffsetWindowOrgEx
0x44b0b8 SetWindowExtEx
0x44b0bc ScaleWindowExtEx
0x44b0c4 ArcTo
0x44b0c8 PolyDraw
0x44b0cc PolylineTo
0x44b0d0 PolyBezierTo
0x44b0d4 ExtSelectClipRgn
0x44b0d8 DeleteDC
0x44b0e0 CreatePatternBrush
0x44b0e4 CreateBitmap
0x44b0e8 CreateCompatibleDC
0x44b0ec GetClipRgn
0x44b0f0 SelectPalette
0x44b0f4 PlayMetaFileRecord
0x44b0f8 GetObjectType
0x44b0fc EnumMetaFile
0x44b100 PlayMetaFile
0x44b104 GetDeviceCaps
0x44b108 CreatePen
0x44b10c ExtCreatePen
0x44b110 CreateSolidBrush
0x44b114 CreateHatchBrush
0x44b118 CreateFontIndirectA
0x44b120 SetRectRgn
0x44b124 CombineRgn
0x44b128 GetMapMode
0x44b12c PatBlt
0x44b130 DPtoLP
0x44b138 CopyMetaFileA
0x44b13c CreateDCA
0x44b144 StretchDIBits
0x44b148 GetCharWidthA
0x44b14c CreateFontA
0x44b150 GetBkColor
0x44b154 GetTextMetricsA
0x44b158 StartPage
0x44b15c EndPage
0x44b160 SetAbortProc
0x44b164 AbortDoc
0x44b168 EndDoc
0x44b16c SelectClipRgn
0x44b170 DeleteObject
0x44b174 SetColorAdjustment
0x44b178 SetArcDirection
0x44b17c SetMapperFlags
0x44b188 SetTextAlign
0x44b18c MoveToEx
0x44b190 LineTo
0x44b194 OffsetClipRgn
0x44b198 IntersectClipRect
0x44b19c ExcludeClipRect
0x44b1a0 SetMapMode
0x44b1a4 SetStretchBltMode
0x44b1a8 SetROP2
0x44b1ac SetPolyFillMode
0x44b1b0 SetBkMode
0x44b1b4 RestoreDC
0x44b1b8 SaveDC
0x44b1bc GetObjectA
0x44b1c0 SetBkColor
0x44b1c4 SetTextColor
0x44b1c8 GetClipBox
0x44b1cc GetDCOrgEx
0x44b1d0 GetStockObject
0x44b1d4 Polygon
0x44b1d8 Rectangle
Library comdlg32.dll:
0x44b808 PageSetupDlgA
0x44b80c FindTextA
0x44b810 ReplaceTextA
0x44b814 GetOpenFileNameA
0x44b818 GetSaveFileNameA
0x44b820 PrintDlgA
0x44b824 GetFileTitleA
Library WINSPOOL.DRV:
0x44b7f4 GetJobA
0x44b7f8 OpenPrinterA
0x44b7fc DocumentPropertiesA
0x44b800 ClosePrinter
Library ADVAPI32.dll:
0x44b000 RegDeleteValueA
0x44b004 RegQueryValueExA
0x44b008 RegOpenKeyExA
0x44b00c RegDeleteKeyA
0x44b010 RegEnumKeyA
0x44b014 RegOpenKeyA
0x44b018 RegQueryValueA
0x44b01c SetFileSecurityA
0x44b020 GetFileSecurityA
0x44b024 RegSetValueA
0x44b028 RegCreateKeyExA
0x44b02c RegCreateKeyA
0x44b030 RegCloseKey
0x44b034 RegSetValueExA
Library SHELL32.dll:
0x44b514 DragQueryFileA
0x44b518 ExtractIconA
0x44b51c SHGetFileInfoA
0x44b520 DragFinish
Library COMCTL32.dll:
0x44b03c
0x44b040 ImageList_Draw
0x44b048
0x44b04c ImageList_Read
0x44b050 ImageList_Write
0x44b054
0x44b058 ImageList_Destroy
0x44b05c ImageList_Create
0x44b064 ImageList_Merge
Library SHLWAPI.dll:
0x44b52c PathFindFileNameA
0x44b530 PathStripToRootA
0x44b534 PathFindExtensionA
0x44b538 PathIsUNCA
Library ole32.dll:
0x44b82c WriteFmtUserTypeStg
0x44b830 WriteClassStg
0x44b834 CoTaskMemFree
0x44b838 OleRegGetUserType
0x44b83c ReadFmtUserTypeStg
0x44b840 ReadClassStg
0x44b844 StringFromCLSID
0x44b848 CoTreatAsClass
0x44b84c CreateBindCtx
0x44b850 CoTaskMemAlloc
0x44b854 ReleaseStgMedium
0x44b858 OleDuplicateData
0x44b85c CoDisconnectObject
0x44b860 CoCreateInstance
0x44b864 StringFromGUID2
0x44b868 CLSIDFromString
0x44b86c SetConvertStg
Library OLEAUT32.dll:
0x44b47c SysFreeString
0x44b480 SysAllocStringLen
0x44b484 VariantInit
0x44b488 VariantChangeType
0x44b48c VariantClear
0x44b490 SysStringByteLen
0x44b498 SafeArrayAccessData
0x44b49c SafeArrayGetUBound
0x44b4a0 SafeArrayGetLBound
0x44b4a8 SafeArrayGetDim
0x44b4ac SafeArrayCreate
0x44b4b0 SafeArrayRedim
0x44b4b4 VariantCopy
0x44b4b8 SafeArrayAllocData
0x44b4c0 SafeArrayCopy
0x44b4c4 SafeArrayGetElement
0x44b4c8 SafeArrayPtrOfIndex
0x44b4cc SafeArrayPutElement
0x44b4d0 SafeArrayLock
0x44b4d4 SafeArrayUnlock
0x44b4d8 SafeArrayDestroy
0x44b4ec SysAllocString
0x44b4f0 SysReAllocStringLen
0x44b4f4 VarDateFromStr
0x44b4f8 VarBstrFromDec
0x44b4fc VarDecFromStr
0x44b500 VarCyFromStr
0x44b504 VarBstrFromCy
0x44b508 VarBstrFromDate
0x44b50c SysStringLen

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 49235 114.114.114.114 53
192.168.56.101 51808 114.114.114.114 53
192.168.56.101 54178 114.114.114.114 53
192.168.56.101 56539 114.114.114.114 53
192.168.56.101 60123 114.114.114.114 53
192.168.56.101 63429 114.114.114.114 53
192.168.56.101 65004 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 123 20.189.79.72 time.windows.com 123
192.168.56.101 49713 224.0.0.252 5355
192.168.56.101 50568 224.0.0.252 5355
192.168.56.101 51378 224.0.0.252 5355
192.168.56.101 53210 224.0.0.252 5355
192.168.56.101 53237 224.0.0.252 5355
192.168.56.101 55368 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 58367 224.0.0.252 5355
192.168.56.101 60221 224.0.0.252 5355
192.168.56.101 62191 224.0.0.252 5355

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.