4.6
中危
该样本未表现出任何异常!
重新分析
更多

b52a0c3633e8b6f99df84102aa766de955aeb1a8c42c6efa6f06b3d7d155ab8b

51708cb6d1ceb9f563edb85030f2ed55.exe

分析耗时

23s

最近分析

文件大小

849.0KB
静态报毒 动态报毒
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
未检测 暂无反病毒引擎检测结果
静态指标
The executable contains unknown PE section names indicative of a packer (could be a false positive) (3 个事件)
section CODE
section DATA
section BSS
The executable uses a known packer (1 个事件)
packer BobSoft Mini Delphi -> BoB / BobSoft
One or more processes crashed (1 个事件)
Time & API Arguments Status Return Repeated
1619448807.686374
__exception__
stacktrace: 
CreateFileMappingW+0xe5 OpenFileMappingW-0x29 kernelbase+0xdc73 @ 0x778edc73
GetFileVersion+0xa7 ND_RI2-0x2eb mscoreei+0xe97b @ 0x7501e97b
GetFileVersion+0x1bb ND_RI2-0x1d7 mscoreei+0xea8f @ 0x7501ea8f
RegisterShimImplCallback+0x48e5 CLRCreateInstance-0x13e6 mscoreei+0xb25a @ 0x7501b25a
RegisterShimImplCallback+0x4b52 CLRCreateInstance-0x1179 mscoreei+0xb4c7 @ 0x7501b4c7
RegisterShimImplCallback+0x4300 CLRCreateInstance-0x19cb mscoreei+0xac75 @ 0x7501ac75
RegisterShimImplCallback+0x4561 CLRCreateInstance-0x176a mscoreei+0xaed6 @ 0x7501aed6
CreateConfigStream+0xc89 _CorExeMain-0x62 mscoreei+0x5511 @ 0x75015511
_CorExeMain+0x2b _CorExeMain2-0x141 mscoreei+0x559e @ 0x7501559e
CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x75177f16
_CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x75174de3
51708cb6d1ceb9f563edb85030f2ed55+0x56a4d @ 0x456a4d
51708cb6d1ceb9f563edb85030f2ed55+0x4f254 @ 0x44f254
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1634372
registers.edi: 2
registers.eax: 1
registers.ebp: 1634412
registers.edx: 228
registers.ebx: 983045
registers.esi: 1634532
registers.ecx: 228
exception.symbol:
exception.exception_code: 0xc0000005
exception.address: 0xfe9c14ad
success 0 0
行为判定
动态指标
One or more potentially interesting buffers were extracted, these generally contain injected code, configuration data, etc.
Allocates read-write-execute memory (usually to unpack itself) (29 个事件)
Time & API Arguments Status Return Repeated
1619426982.572148
NtAllocateVirtualMemory
process_identifier: 2340
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x003f0000
success 0 0
1619426982.744148
NtProtectVirtualMemory
process_identifier: 2340
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 28672
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00458000
success 0 0
1619426982.790148
NtAllocateVirtualMemory
process_identifier: 2340
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x023c0000
success 0 0
1619448806.483374
NtAllocateVirtualMemory
process_identifier: 2536
region_size: 393216
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 8192 (MEM_RESERVE)
base_address: 0x01d60000
success 0 0
1619448806.498374
NtAllocateVirtualMemory
process_identifier: 2536
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x01d80000
success 0 0
1619448806.514374
NtAllocateVirtualMemory
process_identifier: 2536
region_size: 319488
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x01dc0000
success 0 0
1619448806.514374
NtProtectVirtualMemory
process_identifier: 2536
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 294912
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x01dc2000
success 0 0
1619448806.827374
NtAllocateVirtualMemory
process_identifier: 2536
region_size: 458752
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 8192 (MEM_RESERVE)
base_address: 0x01e10000
success 0 0
1619448806.827374
NtAllocateVirtualMemory
process_identifier: 2536
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x01e40000
success 0 0
1619448807.655374
NtProtectVirtualMemory
process_identifier: 2536
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x01eb2000
success 0 0
1619448807.655374
NtProtectVirtualMemory
process_identifier: 2536
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76351000
success 0 0
1619448807.655374
NtProtectVirtualMemory
process_identifier: 2536
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x01eb2000
success 0 0
1619448807.655374
NtProtectVirtualMemory
process_identifier: 2536
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76353000
success 0 0
1619448807.655374
NtProtectVirtualMemory
process_identifier: 2536
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x01eb2000
success 0 0
1619448807.655374
NtProtectVirtualMemory
process_identifier: 2536
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76354000
success 0 0
1619448807.655374
NtProtectVirtualMemory
process_identifier: 2536
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x01eb2000
success 0 0
1619448807.655374
NtProtectVirtualMemory
process_identifier: 2536
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76351000
success 0 0
1619448807.655374
NtProtectVirtualMemory
process_identifier: 2536
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x01eb2000
success 0 0
1619448807.655374
NtProtectVirtualMemory
process_identifier: 2536
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x77d4f000
success 0 0
1619448807.655374
NtProtectVirtualMemory
process_identifier: 2536
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x01eb2000
success 0 0
1619448807.655374
NtProtectVirtualMemory
process_identifier: 2536
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76353000
success 0 0
1619448807.655374
NtProtectVirtualMemory
process_identifier: 2536
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x01eb2000
success 0 0
1619448807.655374
NtProtectVirtualMemory
process_identifier: 2536
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76351000
success 0 0
1619448807.655374
NtProtectVirtualMemory
process_identifier: 2536
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x01eb2000
success 0 0
1619448807.655374
NtProtectVirtualMemory
process_identifier: 2536
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76351000
success 0 0
1619448807.655374
NtProtectVirtualMemory
process_identifier: 2536
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x01eb2000
success 0 0
1619448807.655374
NtProtectVirtualMemory
process_identifier: 2536
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76354000
success 0 0
1619448807.655374
NtProtectVirtualMemory
process_identifier: 2536
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x01eb2000
success 0 0
1619448807.655374
NtProtectVirtualMemory
process_identifier: 2536
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76351000
success 0 0
The binary likely contains encrypted or compressed data indicative of a packer (2 个事件)
entropy 7.196785470740618 section {'size_of_data': '0x0006cc00', 'virtual_address': '0x0006e000', 'entropy': 7.196785470740618, 'name': '.rsrc', 'virtual_size': '0x0006cb50'} description A section with a high entropy has been found
entropy 0.5129716981132075 description Overall entropy of this PE file is high
网络通信
Communicates with host for which no DNS query was performed (1 个事件)
host 172.217.24.14
Used NtSetContextThread to modify a thread in a remote process indicative of process injection (2 个事件)
Process injection Process 2340 called NtSetContextThread to modify thread in remote process 2536
Time & API Arguments Status Return Repeated
1619426983.400148
NtSetContextThread
thread_handle: 0x00000104
registers.eip: 0
registers.esp: 0
registers.edi: 0
registers.eax: 4518591
registers.ebp: 0
registers.edx: 0
registers.ebx: 2130567168
registers.esi: 0
registers.ecx: 0
process_identifier: 2536
success 0 0
Resumed a suspended thread in a remote process potentially indicative of process injection (2 个事件)
Process injection Process 2340 resumed a thread in remote process 2536
Time & API Arguments Status Return Repeated
1619426984.415148
NtResumeThread
thread_handle: 0x00000104
suspend_count: 1
process_identifier: 2536
success 0 0
Executed a process and injected code into it, probably while unpacking (6 个事件)
Time & API Arguments Status Return Repeated
1619426983.259148
CreateProcessInternalW
thread_identifier: 152
thread_handle: 0x00000104
process_identifier: 2536
current_directory:
filepath:
track: 1
command_line: "C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\51708cb6d1ceb9f563edb85030f2ed55.exe"
filepath_r:
stack_pivoted: 0
creation_flags: 4 (CREATE_SUSPENDED)
process_handle: 0x00000108
inherit_handles: 0
success 1 0
1619426983.259148
NtUnmapViewOfSection
process_identifier: 2536
region_size: 4096
process_handle: 0x00000108
base_address: 0x00400000
success 0 0
1619426983.337148
NtMapViewOfSection
section_handle: 0x00000110
process_identifier: 2536
commit_size: 679936
win32_protect: 64 (PAGE_EXECUTE_READWRITE)
buffer:
process_handle: 0x00000108
allocation_type: 0 ()
section_offset: 0
view_size: 679936
base_address: 0x00400000
success 0 0
1619426983.400148
NtGetContextThread
thread_handle: 0x00000104
success 0 0
1619426983.400148
NtSetContextThread
thread_handle: 0x00000104
registers.eip: 0
registers.esp: 0
registers.edi: 0
registers.eax: 4518591
registers.ebp: 0
registers.edx: 0
registers.ebx: 2130567168
registers.esi: 0
registers.ecx: 0
process_identifier: 2536
success 0 0
1619426984.415148
NtResumeThread
thread_handle: 0x00000104
suspend_count: 1
process_identifier: 2536
success 0 0
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

1992-06-20 06:22:17

Imports

Library kernel32.dll:
0x46213c VirtualFree
0x462140 VirtualAlloc
0x462144 LocalFree
0x462148 LocalAlloc
0x46214c GetVersion
0x462150 GetCurrentThreadId
0x46215c VirtualQuery
0x462160 WideCharToMultiByte
0x462168 MultiByteToWideChar
0x46216c lstrlenA
0x462170 lstrcpynA
0x462174 LoadLibraryExA
0x462178 GetThreadLocale
0x46217c GetStartupInfoA
0x462180 GetProcAddress
0x462184 GetModuleHandleA
0x462188 GetModuleFileNameA
0x46218c GetLocaleInfoA
0x462190 GetLastError
0x462198 GetCommandLineA
0x46219c FreeLibrary
0x4621a0 FindFirstFileA
0x4621a4 FindClose
0x4621a8 ExitProcess
0x4621ac WriteFile
0x4621b4 RtlUnwind
0x4621b8 RaiseException
0x4621bc GetStdHandle
Library user32.dll:
0x4621c4 GetKeyboardType
0x4621c8 LoadStringA
0x4621cc MessageBoxA
0x4621d0 CharNextA
Library advapi32.dll:
0x4621d8 RegQueryValueExA
0x4621dc RegOpenKeyExA
0x4621e0 RegCloseKey
Library oleaut32.dll:
0x4621e8 SysFreeString
0x4621ec SysReAllocStringLen
0x4621f0 SysAllocStringLen
Library kernel32.dll:
0x4621f8 TlsSetValue
0x4621fc TlsGetValue
0x462200 LocalAlloc
0x462204 GetModuleHandleA
Library advapi32.dll:
0x46220c RegQueryValueExA
0x462210 RegOpenKeyExA
0x462214 RegCloseKey
Library kernel32.dll:
0x46221c lstrcpyA
0x462220 WriteFile
0x462224 WaitForSingleObject
0x462228 VirtualQuery
0x46222c VirtualProtectEx
0x462230 VirtualAlloc
0x462234 Sleep
0x462238 SizeofResource
0x46223c SetThreadLocale
0x462240 SetFilePointer
0x462244 SetEvent
0x462248 SetErrorMode
0x46224c SetEndOfFile
0x462250 ResetEvent
0x462254 ReadFile
0x462258 MulDiv
0x46225c LockResource
0x462260 LoadResource
0x462264 LoadLibraryA
0x462270 GlobalUnlock
0x462274 GlobalReAlloc
0x462278 GlobalHandle
0x46227c GlobalLock
0x462280 GlobalFree
0x462284 GlobalFindAtomA
0x462288 GlobalDeleteAtom
0x46228c GlobalAlloc
0x462290 GlobalAddAtomA
0x462294 GetVersionExA
0x462298 GetVersion
0x46229c GetTickCount
0x4622a0 GetThreadLocale
0x4622a8 GetSystemTime
0x4622ac GetSystemInfo
0x4622b0 GetStringTypeExA
0x4622b4 GetStdHandle
0x4622b8 GetProcAddress
0x4622bc GetModuleHandleA
0x4622c0 GetModuleFileNameA
0x4622c4 GetLocaleInfoA
0x4622c8 GetLocalTime
0x4622cc GetLastError
0x4622d0 GetFullPathNameA
0x4622d4 GetFileAttributesA
0x4622d8 GetDiskFreeSpaceA
0x4622dc GetDateFormatA
0x4622e0 GetCurrentThreadId
0x4622e4 GetCurrentProcessId
0x4622e8 GetCurrentProcess
0x4622ec GetCPInfo
0x4622f0 GetACP
0x4622f4 FreeResource
0x4622f8 InterlockedExchange
0x4622fc FreeLibrary
0x462300 FormatMessageA
0x462304 FindResourceA
0x462308 FindNextFileA
0x46230c FindFirstFileA
0x462310 FindClose
0x462320 ExitThread
0x462324 ExitProcess
0x462328 EnumCalendarInfoA
0x462334 CreateThread
0x462338 CreateFileA
0x46233c CreateEventA
0x462340 CompareStringA
0x462344 CloseHandle
Library version.dll:
0x46234c VerQueryValueA
0x462354 GetFileVersionInfoA
Library gdi32.dll:
0x46235c UnrealizeObject
0x462360 StretchBlt
0x462364 SetWindowOrgEx
0x462368 SetViewportOrgEx
0x46236c SetTextColor
0x462370 SetStretchBltMode
0x462374 SetROP2
0x462378 SetPixel
0x46237c SetDIBColorTable
0x462380 SetBrushOrgEx
0x462384 SetBkMode
0x462388 SetBkColor
0x46238c SelectPalette
0x462390 SelectObject
0x462394 SaveDC
0x462398 RestoreDC
0x46239c Rectangle
0x4623a0 RectVisible
0x4623a4 RealizePalette
0x4623a8 PatBlt
0x4623ac MoveToEx
0x4623b0 MaskBlt
0x4623b4 LineTo
0x4623b8 IntersectClipRect
0x4623bc GetWindowOrgEx
0x4623c0 GetTextMetricsA
0x4623cc GetStockObject
0x4623d0 GetPixel
0x4623d4 GetPaletteEntries
0x4623d8 GetObjectA
0x4623dc GetDeviceCaps
0x4623e0 GetDIBits
0x4623e4 GetDIBColorTable
0x4623e8 GetDCOrgEx
0x4623f0 GetClipBox
0x4623f4 GetBrushOrgEx
0x4623f8 GetBitmapBits
0x4623fc ExtTextOutA
0x462400 ExcludeClipRect
0x462404 DeleteObject
0x462408 DeleteDC
0x46240c CreateSolidBrush
0x462410 CreatePenIndirect
0x462414 CreatePen
0x462418 CreatePalette
0x462420 CreateFontIndirectA
0x462424 CreateDIBitmap
0x462428 CreateDIBSection
0x46242c CreateCompatibleDC
0x462434 CreateBrushIndirect
0x462438 CreateBitmap
0x46243c BitBlt
Library opengl32.dll:
0x462444 wglCreateContext
Library user32.dll:
0x46244c CreateWindowExA
0x462450 WindowFromPoint
0x462454 WinHelpA
0x462458 WaitMessage
0x46245c ValidateRect
0x462460 UpdateWindow
0x462464 UnregisterClassA
0x462468 UnhookWindowsHookEx
0x46246c TranslateMessage
0x462474 TrackPopupMenu
0x46247c ShowWindow
0x462480 ShowScrollBar
0x462484 ShowOwnedPopups
0x462488 ShowCursor
0x46248c SetWindowsHookExA
0x462490 SetWindowTextA
0x462494 SetWindowPos
0x462498 SetWindowPlacement
0x46249c SetWindowLongA
0x4624a0 SetTimer
0x4624a4 SetScrollRange
0x4624a8 SetScrollPos
0x4624ac SetScrollInfo
0x4624b0 SetRect
0x4624b4 SetPropA
0x4624b8 SetParent
0x4624bc SetMenuItemInfoA
0x4624c0 SetMenu
0x4624c4 SetForegroundWindow
0x4624c8 SetFocus
0x4624cc SetCursor
0x4624d0 SetClassLongA
0x4624d4 SetCapture
0x4624d8 SetActiveWindow
0x4624dc SendMessageA
0x4624e0 ScrollWindow
0x4624e4 ScreenToClient
0x4624e8 RemovePropA
0x4624ec RemoveMenu
0x4624f0 ReleaseDC
0x4624f4 ReleaseCapture
0x462500 RegisterClassA
0x462504 RedrawWindow
0x462508 PtInRect
0x46250c PostQuitMessage
0x462510 PostMessageA
0x462514 PeekMessageA
0x462518 OffsetRect
0x46251c OemToCharA
0x462520 MessageBoxA
0x462524 MapWindowPoints
0x462528 MapVirtualKeyA
0x46252c LoadStringA
0x462530 LoadKeyboardLayoutA
0x462534 LoadIconA
0x462538 LoadCursorA
0x46253c LoadBitmapA
0x462540 KillTimer
0x462544 IsZoomed
0x462548 IsWindowVisible
0x46254c IsWindowEnabled
0x462550 IsWindow
0x462554 IsRectEmpty
0x462558 IsIconic
0x46255c IsDialogMessageA
0x462560 IsChild
0x462564 InvalidateRect
0x462568 IntersectRect
0x46256c InsertMenuItemA
0x462570 InsertMenuA
0x462574 InflateRect
0x46257c GetWindowTextA
0x462580 GetWindowRect
0x462584 GetWindowPlacement
0x462588 GetWindowLongA
0x46258c GetWindowDC
0x462590 GetTopWindow
0x462594 GetSystemMetrics
0x462598 GetSystemMenu
0x46259c GetSysColorBrush
0x4625a0 GetSysColor
0x4625a4 GetSubMenu
0x4625a8 GetScrollRange
0x4625ac GetScrollPos
0x4625b0 GetScrollInfo
0x4625b4 GetPropA
0x4625b8 GetParent
0x4625bc GetWindow
0x4625c0 GetMenuStringA
0x4625c4 GetMenuState
0x4625c8 GetMenuItemInfoA
0x4625cc GetMenuItemID
0x4625d0 GetMenuItemCount
0x4625d4 GetMenu
0x4625d8 GetLastActivePopup
0x4625dc GetKeyboardState
0x4625e4 GetKeyboardLayout
0x4625e8 GetKeyState
0x4625ec GetKeyNameTextA
0x4625f0 GetIconInfo
0x4625f4 GetForegroundWindow
0x4625f8 GetFocus
0x4625fc GetDesktopWindow
0x462600 GetDCEx
0x462604 GetDC
0x462608 GetCursorPos
0x46260c GetCursor
0x462610 GetClientRect
0x462614 GetClassNameA
0x462618 GetClassInfoA
0x46261c GetCapture
0x462620 GetActiveWindow
0x462624 FrameRect
0x462628 FindWindowA
0x46262c FillRect
0x462630 EqualRect
0x462634 EnumWindows
0x462638 EnumThreadWindows
0x46263c EndPaint
0x462640 EnableWindow
0x462644 EnableScrollBar
0x462648 EnableMenuItem
0x46264c DrawTextA
0x462650 DrawMenuBar
0x462654 DrawIconEx
0x462658 DrawIcon
0x46265c DrawFrameControl
0x462660 DrawFocusRect
0x462664 DrawEdge
0x462668 DispatchMessageA
0x46266c DestroyWindow
0x462670 DestroyMenu
0x462674 DestroyIcon
0x462678 DestroyCursor
0x46267c DeleteMenu
0x462680 DefWindowProcA
0x462684 DefMDIChildProcA
0x462688 DefFrameProcA
0x46268c CreatePopupMenu
0x462690 CreateMenu
0x462694 CreateIcon
0x462698 ClientToScreen
0x46269c CheckMenuItem
0x4626a0 CallWindowProcA
0x4626a4 CallNextHookEx
0x4626a8 BeginPaint
0x4626ac CharNextA
0x4626b0 CharLowerBuffA
0x4626b4 CharLowerA
0x4626b8 CharToOemA
0x4626bc AdjustWindowRectEx
Library kernel32.dll:
0x4626c8 Sleep
Library oleaut32.dll:
0x4626d0 SafeArrayPtrOfIndex
0x4626d4 SafeArrayGetUBound
0x4626d8 SafeArrayGetLBound
0x4626dc SafeArrayCreate
0x4626e0 VariantChangeType
0x4626e4 VariantCopy
0x4626e8 VariantClear
0x4626ec VariantInit
Library comctl32.dll:
0x4626fc ImageList_Write
0x462700 ImageList_Read
0x462710 ImageList_DragMove
0x462714 ImageList_DragLeave
0x462718 ImageList_DragEnter
0x46271c ImageList_EndDrag
0x462720 ImageList_BeginDrag
0x462724 ImageList_Remove
0x462728 ImageList_DrawEx
0x46272c ImageList_Draw
0x46273c ImageList_Add
0x462744 ImageList_Destroy
0x462748 ImageList_Create
0x46274c InitCommonControls

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 50534 114.114.114.114 53
192.168.56.101 51963 114.114.114.114 53
192.168.56.101 56539 114.114.114.114 53
192.168.56.101 65004 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 49235 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 60123 224.0.0.252 5355
192.168.56.101 62191 224.0.0.252 5355
192.168.56.101 1900 239.255.255.250 1900
192.168.56.101 50535 239.255.255.250 3702
192.168.56.101 50537 239.255.255.250 3702
192.168.56.101 56540 239.255.255.250 3702
192.168.56.101 56807 239.255.255.250 1900
192.168.56.101 58707 239.255.255.250 3702

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.