9.2
极危
58 个模型检测该样本为恶意!
重新分析
更多

ce974c7e36a7933cdac1489c1b338eeabc04f0f418a67983012258ec914ec4ec

4c63429a499be89fba5497cace16a374.exe

分析耗时

198s

最近分析

文件大小

750.5KB
静态报毒 动态报毒 AI SCORE=80 AIDETECTVM ALI2000015 AUTOG BSCOPE CLASSIC COINS CONFIDENCE DELF DELFINJECT DELPHILESS EMZL FAREIT GEN@0 GENERICIH GENERICKD HIGH CONFIDENCE HSHWMG KRYPTIK LOKI LOKIBOT MALWARE1 MSCI NANOCORE PEPV QQPASS QQROB QVM05 R002C0DHJ20 S + TROJ S15671542 SCORE SUSGEN UGW@ACSOFDEI UNCLASSIFIED UNSAFE X2091 ZELPHIF 更多
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
Alibaba Trojan:Win32/DelfInject.ali2000015 20190527 0.3.0.5
Avast Win32:Trojan-gen 20200913 18.4.3895.0
Baidu 20190318 1.0.0.2
Kingsoft 20200913 2013.8.14.323
McAfee Fareit-FPQ!4C63429A499B 20200913 6.0.6.653
Tencent Win32.Trojan-qqpass.Qqrob.Pepv 20200913 1.0.0.1
CrowdStrike win/malicious_confidence_80% (W) 20190702 1.0
静态指标
Queries for the computername (2 个事件)
Time & API Arguments Status Return Repeated
1619518487.3715
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
1619518487.3715
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
Collects information to fingerprint the system (MachineGuid, DigitalProductId, SystemBiosDate) (1 个事件)
registry HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\MachineGuid
Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available (1 个事件)
Time & API Arguments Status Return Repeated
1619518487.3715
GlobalMemoryStatusEx
success 1 0
The executable contains unknown PE section names indicative of a packer (could be a false positive) (3 个事件)
section CODE
section DATA
section BSS
The executable uses a known packer (1 个事件)
packer BobSoft Mini Delphi -> BoB / BobSoft
行为判定
动态指标
One or more potentially interesting buffers were extracted, these generally contain injected code, configuration data, etc.
Allocates read-write-execute memory (usually to unpack itself) (3 个事件)
Time & API Arguments Status Return Repeated
1619518486.824125
NtAllocateVirtualMemory
process_identifier: 2560
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x003d0000
success 0 0
1619518487.027125
NtProtectVirtualMemory
process_identifier: 2560
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 65536
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x0047a000
success 0 0
1619518487.027125
NtAllocateVirtualMemory
process_identifier: 2560
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00510000
success 0 0
Searches running processes potentially to identify processes for sandbox evasion, code injection or memory dumping (1 个事件)
Checks adapter addresses which can be used to detect virtual network interfaces (1 个事件)
Time & API Arguments Status Return Repeated
1619518488.4645
GetAdaptersAddresses
flags: 0
family: 0
failed 111 0
The binary likely contains encrypted or compressed data indicative of a packer (2 个事件)
entropy 7.440202637216364 section {'size_of_data': '0x00025800', 'virtual_address': '0x0009b000', 'entropy': 7.440202637216364, 'name': '.rsrc', 'virtual_size': '0x00025770'} description A section with a high entropy has been found
entropy 0.200133422281521 description Overall entropy of this PE file is high
网络通信
Communicates with host for which no DNS query was performed (2 个事件)
host 113.108.239.196
host 51.68.90.171
Sets or modifies WPAD proxy autoconfiguration file for traffic interception (8 个事件)
Time & API Arguments Status Return Repeated
1619518491.3865
RegSetValueExA
key_handle: 0x00000358
value: 1
regkey_r: WpadDecisionReason
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionReason
success 0 0
1619518491.3865
RegSetValueExA
key_handle: 0x00000358
value:   Î5;×
regkey_r: WpadDecisionTime
reg_type: 3 (REG_BINARY)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionTime
success 0 0
1619518491.3865
RegSetValueExA
key_handle: 0x00000358
value: 3
regkey_r: WpadDecision
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecision
success 0 0
1619518491.3865
RegSetValueExW
key_handle: 0x00000358
value: 网络 2
regkey_r: WpadNetworkName
reg_type: 1 (REG_SZ)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadNetworkName
success 0 0
1619518491.3865
RegSetValueExA
key_handle: 0x00000370
value: 1
regkey_r: WpadDecisionReason
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionReason
success 0 0
1619518491.3865
RegSetValueExA
key_handle: 0x00000370
value:   Î5;×
regkey_r: WpadDecisionTime
reg_type: 3 (REG_BINARY)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionTime
success 0 0
1619518491.3865
RegSetValueExA
key_handle: 0x00000370
value: 3
regkey_r: WpadDecision
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecision
success 0 0
1619518491.4495
RegSetValueExW
key_handle: 0x00000354
value: {40112ABE-63B3-43C3-BE93-1440EE3AF106}
regkey_r: WpadLastNetwork
reg_type: 1 (REG_SZ)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\WpadLastNetwork
success 0 0
Used NtSetContextThread to modify a thread in a remote process indicative of process injection (2 个事件)
Process injection Process 2560 called NtSetContextThread to modify thread in remote process 2144
Time & API Arguments Status Return Repeated
1619518487.058125
NtSetContextThread
thread_handle: 0x000000f8
registers.eip: 0
registers.esp: 0
registers.edi: 0
registers.eax: 4301304
registers.ebp: 0
registers.edx: 0
registers.ebx: 2130567168
registers.esi: 0
registers.ecx: 0
process_identifier: 2144
success 0 0
Resumed a suspended thread in a remote process potentially indicative of process injection (2 个事件)
Process injection Process 2560 resumed a thread in remote process 2144
Time & API Arguments Status Return Repeated
1619518487.105125
NtResumeThread
thread_handle: 0x000000f8
suspend_count: 1
process_identifier: 2144
success 0 0
Executed a process and injected code into it, probably while unpacking (7 个事件)
Time & API Arguments Status Return Repeated
1619518487.042125
CreateProcessInternalW
thread_identifier: 2548
thread_handle: 0x000000f8
process_identifier: 2144
current_directory:
filepath:
track: 1
command_line: "C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\4c63429a499be89fba5497cace16a374.exe"
filepath_r:
stack_pivoted: 0
creation_flags: 4 (CREATE_SUSPENDED)
process_handle: 0x000000fc
inherit_handles: 0
success 1 0
1619518487.042125
NtUnmapViewOfSection
process_identifier: 2144
region_size: 4096
process_handle: 0x000000fc
base_address: 0x00400000
success 0 0
1619518487.042125
NtMapViewOfSection
section_handle: 0x00000104
process_identifier: 2144
commit_size: 131072
win32_protect: 64 (PAGE_EXECUTE_READWRITE)
buffer:
process_handle: 0x000000fc
allocation_type: 0 ()
section_offset: 0
view_size: 131072
base_address: 0x00400000
success 0 0
1619518487.058125
NtGetContextThread
thread_handle: 0x000000f8
success 0 0
1619518487.058125
NtSetContextThread
thread_handle: 0x000000f8
registers.eip: 0
registers.esp: 0
registers.edi: 0
registers.eax: 4301304
registers.ebp: 0
registers.edx: 0
registers.ebx: 2130567168
registers.esi: 0
registers.ecx: 0
process_identifier: 2144
success 0 0
1619518487.105125
NtResumeThread
thread_handle: 0x000000f8
suspend_count: 1
process_identifier: 2144
success 0 0
1619518487.3715
NtResumeThread
thread_handle: 0x000000e8
suspend_count: 1
process_identifier: 2144
success 0 0
File has been identified by 58 AntiVirus engines on VirusTotal as malicious (50 out of 58 个事件)
Bkav W32.AIDetectVM.malware1
Elastic malicious (high confidence)
DrWeb Trojan.PWS.Stealer.23680
MicroWorld-eScan Trojan.GenericKD.43689157
FireEye Generic.mg.4c63429a499be89f
CAT-QuickHeal Trojan.GenericIH.S15671542
ALYac Trojan.GenericKD.43689157
Cylance Unsafe
Zillya Trojan.Injector.Win32.762808
SUPERAntiSpyware Trojan.Agent/Gen-Loki
Sangfor Malware
K7AntiVirus Riskware ( 0040eff71 )
Alibaba Trojan:Win32/DelfInject.ali2000015
K7GW Riskware ( 0040eff71 )
Cybereason malicious.a499be
Arcabit Trojan.Generic.D29AA4C5
Invincea Mal/Generic-S + Troj/AutoG-IW
BitDefenderTheta Gen:NN.ZelphiF.34216.UGW@aCsoFDei
Cyren W32/Injector.MSCI-4446
Symantec Infostealer.Lokibot!43
TrendMicro-HouseCall TROJ_GEN.R002C0DHJ20
Paloalto generic.ml
ClamAV Win.Dropper.LokiBot-9390501-0
Kaspersky HEUR:Trojan-PSW.Win32.Coins.gen
BitDefender Trojan.GenericKD.43689157
NANO-Antivirus Trojan.Win32.Coins.hshwmg
AegisLab Trojan.Win32.Coins.i!c
Avast Win32:Trojan-gen
Rising Trojan.Kryptik!1.CAC0 (CLASSIC)
Ad-Aware Trojan.GenericKD.43689157
Emsisoft Trojan.GenericKD.43689157 (B)
Comodo TrojWare.Win32.Unclassified.gen@0
VIPRE Trojan.Win32.Generic!BT
TrendMicro TROJ_GEN.R002C0DHJ20
Sophos Troj/AutoG-IW
Jiangmin Trojan.PSW.Coins.hzj
Webroot W32.Adware.Gen
Antiy-AVL Trojan[PSW]/Win32.Coins
Microsoft Trojan:Win32/NanoCore.VD!MTB
ViRobot Trojan.Win32.Z.Injector.768512.BF
ZoneAlarm HEUR:Trojan-PSW.Win32.Coins.gen
GData Trojan.GenericKD.43689157
Cynet Malicious (score: 100)
AhnLab-V3 Suspicious/Win.Delphiless.X2091
McAfee Fareit-FPQ!4C63429A499B
MAX malware (ai score=80)
VBA32 BScope.Trojan.Crypt
Malwarebytes Trojan.MalPack.DLF
APEX Malicious
ESET-NOD32 Win32/PSW.Delf.OSF
Connects to IP addresses that are no longer responding to requests (legitimate services will remain up-and-running usually) (3 个事件)
dead_host 172.217.24.14:443
dead_host 172.217.160.78:443
dead_host 51.68.90.171:80
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

1992-06-20 06:22:17

Imports

Library kernel32.dll:
0x48d178 VirtualFree
0x48d17c VirtualAlloc
0x48d180 LocalFree
0x48d184 LocalAlloc
0x48d188 GetVersion
0x48d18c GetCurrentThreadId
0x48d198 VirtualQuery
0x48d19c WideCharToMultiByte
0x48d1a0 MultiByteToWideChar
0x48d1a4 lstrlenA
0x48d1a8 lstrcpynA
0x48d1ac LoadLibraryExA
0x48d1b0 GetThreadLocale
0x48d1b4 GetStartupInfoA
0x48d1b8 GetProcAddress
0x48d1bc GetModuleHandleA
0x48d1c0 GetModuleFileNameA
0x48d1c4 GetLocaleInfoA
0x48d1c8 GetCommandLineA
0x48d1cc FreeLibrary
0x48d1d0 FindFirstFileA
0x48d1d4 FindClose
0x48d1d8 ExitProcess
0x48d1dc WriteFile
0x48d1e4 RtlUnwind
0x48d1e8 RaiseException
0x48d1ec GetStdHandle
Library user32.dll:
0x48d1f4 GetKeyboardType
0x48d1f8 LoadStringA
0x48d1fc MessageBoxA
0x48d200 CharNextA
Library advapi32.dll:
0x48d208 RegQueryValueExA
0x48d20c RegOpenKeyExA
0x48d210 RegCloseKey
Library oleaut32.dll:
0x48d218 SysFreeString
0x48d21c SysReAllocStringLen
0x48d220 SysAllocStringLen
Library kernel32.dll:
0x48d228 TlsSetValue
0x48d22c TlsGetValue
0x48d230 LocalAlloc
0x48d234 GetModuleHandleA
Library advapi32.dll:
0x48d23c RegQueryValueExA
0x48d240 RegOpenKeyExA
0x48d244 RegCloseKey
Library kernel32.dll:
0x48d24c lstrcpyA
0x48d250 WriteFile
0x48d254 WinExec
0x48d258 WaitForSingleObject
0x48d25c VirtualQuery
0x48d260 VirtualProtect
0x48d264 VirtualAlloc
0x48d268 Sleep
0x48d26c SizeofResource
0x48d270 SetThreadLocale
0x48d274 SetFilePointer
0x48d278 SetEvent
0x48d27c SetErrorMode
0x48d280 SetEndOfFile
0x48d284 ResetEvent
0x48d288 ReadFile
0x48d28c MultiByteToWideChar
0x48d290 MulDiv
0x48d294 LockResource
0x48d298 LoadResource
0x48d29c LoadLibraryA
0x48d2a8 GlobalUnlock
0x48d2ac GlobalReAlloc
0x48d2b0 GlobalHandle
0x48d2b4 GlobalLock
0x48d2b8 GlobalFree
0x48d2bc GlobalFindAtomA
0x48d2c0 GlobalDeleteAtom
0x48d2c4 GlobalAlloc
0x48d2c8 GlobalAddAtomA
0x48d2cc GetVersionExA
0x48d2d0 GetVersion
0x48d2d4 GetTickCount
0x48d2d8 GetThreadLocale
0x48d2e0 GetSystemInfo
0x48d2e4 GetStringTypeExA
0x48d2e8 GetStdHandle
0x48d2ec GetProcAddress
0x48d2f0 GetModuleHandleA
0x48d2f4 GetModuleFileNameA
0x48d2f8 GetLocaleInfoA
0x48d2fc GetLocalTime
0x48d300 GetLastError
0x48d304 GetFullPathNameA
0x48d308 GetFileAttributesA
0x48d30c GetDiskFreeSpaceA
0x48d310 GetDateFormatA
0x48d314 GetCurrentThreadId
0x48d318 GetCurrentProcessId
0x48d31c GetCPInfo
0x48d320 GetACP
0x48d324 FreeResource
0x48d32c InterlockedExchange
0x48d334 FreeLibrary
0x48d338 FormatMessageA
0x48d33c FindResourceA
0x48d340 FindFirstFileA
0x48d344 FindClose
0x48d354 EnumCalendarInfoA
0x48d360 CreateThread
0x48d364 CreateFileA
0x48d368 CreateEventA
0x48d36c CompareStringA
0x48d370 CloseHandle
Library version.dll:
0x48d378 VerQueryValueA
0x48d380 GetFileVersionInfoA
Library gdi32.dll:
0x48d388 UnrealizeObject
0x48d38c StretchBlt
0x48d390 SetWindowOrgEx
0x48d394 SetWinMetaFileBits
0x48d398 SetViewportOrgEx
0x48d39c SetTextColor
0x48d3a0 SetStretchBltMode
0x48d3a4 SetROP2
0x48d3a8 SetPixel
0x48d3ac SetEnhMetaFileBits
0x48d3b0 SetDIBColorTable
0x48d3b4 SetBrushOrgEx
0x48d3b8 SetBkMode
0x48d3bc SetBkColor
0x48d3c0 SelectPalette
0x48d3c4 SelectObject
0x48d3c8 SelectClipRgn
0x48d3cc SaveDC
0x48d3d0 RestoreDC
0x48d3d4 Rectangle
0x48d3d8 RectVisible
0x48d3dc RealizePalette
0x48d3e0 Polyline
0x48d3e4 PlayEnhMetaFile
0x48d3e8 PatBlt
0x48d3ec MoveToEx
0x48d3f0 MaskBlt
0x48d3f4 LineTo
0x48d3f8 IntersectClipRect
0x48d3fc GetWindowOrgEx
0x48d400 GetWinMetaFileBits
0x48d404 GetTextMetricsA
0x48d410 GetStockObject
0x48d414 GetPixel
0x48d418 GetPaletteEntries
0x48d41c GetObjectA
0x48d428 GetEnhMetaFileBits
0x48d42c GetDeviceCaps
0x48d430 GetDIBits
0x48d434 GetDIBColorTable
0x48d438 GetDCOrgEx
0x48d440 GetClipBox
0x48d444 GetBrushOrgEx
0x48d448 GetBitmapBits
0x48d44c ExtTextOutA
0x48d450 ExcludeClipRect
0x48d454 DeleteObject
0x48d458 DeleteEnhMetaFile
0x48d45c DeleteDC
0x48d460 CreateSolidBrush
0x48d464 CreatePenIndirect
0x48d468 CreatePalette
0x48d470 CreateFontIndirectA
0x48d474 CreateDIBitmap
0x48d478 CreateDIBSection
0x48d47c CreateCompatibleDC
0x48d484 CreateBrushIndirect
0x48d488 CreateBitmap
0x48d48c CopyEnhMetaFileA
0x48d490 BitBlt
Library user32.dll:
0x48d498 CreateWindowExA
0x48d49c WindowFromPoint
0x48d4a0 WinHelpA
0x48d4a4 WaitMessage
0x48d4a8 UpdateWindow
0x48d4ac UnregisterClassA
0x48d4b0 UnhookWindowsHookEx
0x48d4b4 TranslateMessage
0x48d4bc TrackPopupMenu
0x48d4c4 ShowWindow
0x48d4c8 ShowScrollBar
0x48d4cc ShowOwnedPopups
0x48d4d0 ShowCursor
0x48d4d4 SetWindowsHookExA
0x48d4d8 SetWindowTextA
0x48d4dc SetWindowPos
0x48d4e0 SetWindowPlacement
0x48d4e4 SetWindowLongA
0x48d4e8 SetTimer
0x48d4ec SetScrollRange
0x48d4f0 SetScrollPos
0x48d4f4 SetScrollInfo
0x48d4f8 SetRect
0x48d4fc SetPropA
0x48d500 SetParent
0x48d504 SetMenuItemInfoA
0x48d508 SetMenu
0x48d50c SetForegroundWindow
0x48d510 SetFocus
0x48d514 SetCursor
0x48d518 SetClassLongA
0x48d51c SetCapture
0x48d520 SetActiveWindow
0x48d524 SendMessageA
0x48d528 ScrollWindow
0x48d52c ScreenToClient
0x48d530 RemovePropA
0x48d534 RemoveMenu
0x48d538 ReleaseDC
0x48d53c ReleaseCapture
0x48d548 RegisterClassA
0x48d54c RedrawWindow
0x48d550 PtInRect
0x48d554 PostQuitMessage
0x48d558 PostMessageA
0x48d55c PeekMessageA
0x48d560 OffsetRect
0x48d564 OemToCharA
0x48d568 MessageBoxA
0x48d56c MapWindowPoints
0x48d570 MapVirtualKeyA
0x48d574 LoadStringA
0x48d578 LoadKeyboardLayoutA
0x48d57c LoadIconA
0x48d580 LoadCursorA
0x48d584 LoadBitmapA
0x48d588 KillTimer
0x48d58c IsZoomed
0x48d590 IsWindowVisible
0x48d594 IsWindowEnabled
0x48d598 IsWindow
0x48d59c IsRectEmpty
0x48d5a0 IsIconic
0x48d5a4 IsDialogMessageA
0x48d5a8 IsChild
0x48d5ac InvalidateRect
0x48d5b0 IntersectRect
0x48d5b4 InsertMenuItemA
0x48d5b8 InsertMenuA
0x48d5bc InflateRect
0x48d5c4 GetWindowTextA
0x48d5c8 GetWindowRect
0x48d5cc GetWindowPlacement
0x48d5d0 GetWindowLongA
0x48d5d4 GetWindowDC
0x48d5d8 GetTopWindow
0x48d5dc GetSystemMetrics
0x48d5e0 GetSystemMenu
0x48d5e4 GetSysColorBrush
0x48d5e8 GetSysColor
0x48d5ec GetSubMenu
0x48d5f0 GetScrollRange
0x48d5f4 GetScrollPos
0x48d5f8 GetScrollInfo
0x48d5fc GetPropA
0x48d600 GetParent
0x48d604 GetWindow
0x48d608 GetMenuStringA
0x48d60c GetMenuState
0x48d610 GetMenuItemInfoA
0x48d614 GetMenuItemID
0x48d618 GetMenuItemCount
0x48d61c GetMenu
0x48d620 GetLastActivePopup
0x48d624 GetKeyboardState
0x48d62c GetKeyboardLayout
0x48d630 GetKeyState
0x48d634 GetKeyNameTextA
0x48d638 GetIconInfo
0x48d63c GetForegroundWindow
0x48d640 GetFocus
0x48d644 GetDlgItem
0x48d648 GetDesktopWindow
0x48d64c GetDCEx
0x48d650 GetDC
0x48d654 GetCursorPos
0x48d658 GetCursor
0x48d65c GetClipboardData
0x48d660 GetClientRect
0x48d664 GetClassNameA
0x48d668 GetClassInfoA
0x48d66c GetCapture
0x48d670 GetActiveWindow
0x48d674 FrameRect
0x48d678 FindWindowA
0x48d67c FillRect
0x48d680 EqualRect
0x48d684 EnumWindows
0x48d688 EnumThreadWindows
0x48d68c EndPaint
0x48d690 EndDeferWindowPos
0x48d694 EnableWindow
0x48d698 EnableScrollBar
0x48d69c EnableMenuItem
0x48d6a0 DrawTextA
0x48d6a4 DrawStateA
0x48d6a8 DrawMenuBar
0x48d6ac DrawIconEx
0x48d6b0 DrawIcon
0x48d6b4 DrawFrameControl
0x48d6b8 DrawEdge
0x48d6bc DispatchMessageA
0x48d6c0 DestroyWindow
0x48d6c4 DestroyMenu
0x48d6c8 DestroyIcon
0x48d6cc DestroyCursor
0x48d6d0 DeleteMenu
0x48d6d4 DeferWindowPos
0x48d6d8 DefWindowProcA
0x48d6dc DefMDIChildProcA
0x48d6e0 DefFrameProcA
0x48d6e4 CreatePopupMenu
0x48d6e8 CreateMenu
0x48d6ec CreateIcon
0x48d6f0 ClientToScreen
0x48d6f4 CheckMenuItem
0x48d6f8 CallWindowProcA
0x48d6fc CallNextHookEx
0x48d700 BeginPaint
0x48d704 BeginDeferWindowPos
0x48d708 CharNextA
0x48d70c CharLowerBuffA
0x48d710 CharLowerA
0x48d714 CharToOemA
0x48d718 AdjustWindowRectEx
Library kernel32.dll:
0x48d724 Sleep
Library oleaut32.dll:
0x48d72c SafeArrayPtrOfIndex
0x48d730 SafeArrayGetUBound
0x48d734 SafeArrayGetLBound
0x48d738 SafeArrayCreate
0x48d73c VariantChangeType
0x48d740 VariantCopy
0x48d744 VariantClear
0x48d748 VariantInit
Library ole32.dll:
0x48d750 CoCreateInstance
0x48d754 CoUninitialize
0x48d758 CoInitialize
Library oleaut32.dll:
0x48d760 CreateErrorInfo
0x48d764 GetErrorInfo
0x48d768 SetErrorInfo
0x48d76c SysFreeString
Library comctl32.dll:
0x48d77c ImageList_Write
0x48d780 ImageList_Read
0x48d790 ImageList_DragMove
0x48d794 ImageList_DragLeave
0x48d798 ImageList_DragEnter
0x48d79c ImageList_EndDrag
0x48d7a0 ImageList_BeginDrag
0x48d7a4 ImageList_Remove
0x48d7a8 ImageList_DrawEx
0x48d7ac ImageList_Replace
0x48d7b0 ImageList_Draw
0x48d7c0 ImageList_Add
0x48d7c8 ImageList_Destroy
0x48d7cc ImageList_Create
Library comdlg32.dll:
0x48d7d4 GetOpenFileNameA
Library user32.dll:
0x48d7dc DdeCmpStringHandles
0x48d7e0 DdeFreeStringHandle
0x48d7e4 DdeQueryStringA
0x48d7ec DdeGetLastError
0x48d7f0 DdeFreeDataHandle
0x48d7f4 DdeUnaccessData
0x48d7f8 DdeAccessData
0x48d7fc DdeCreateDataHandle
0x48d804 DdeNameService
0x48d808 DdePostAdvise
0x48d80c DdeSetUserHandle
0x48d810 DdeQueryConvInfo
0x48d814 DdeDisconnect
0x48d818 DdeConnect
0x48d81c DdeUninitialize
0x48d820 DdeInitializeA

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 49235 114.114.114.114 53
192.168.56.101 51963 114.114.114.114 53
192.168.56.101 55368 114.114.114.114 53
192.168.56.101 58367 114.114.114.114 53
192.168.56.101 60215 114.114.114.114 53
192.168.56.101 60221 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 123 20.189.79.72 time.windows.com 123
192.168.56.101 50002 224.0.0.252 5355
192.168.56.101 50534 224.0.0.252 5355
192.168.56.101 53380 224.0.0.252 5355
192.168.56.101 53657 224.0.0.252 5355
192.168.56.101 56539 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 57236 224.0.0.252 5355
192.168.56.101 57756 224.0.0.252 5355
192.168.56.101 57874 224.0.0.252 5355
192.168.56.101 60123 224.0.0.252 5355
192.168.56.101 60384 224.0.0.252 5355

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.