4.6
中危
46 个模型检测该样本为恶意!
重新分析
更多

799b7395c9f279d8cd1cd24657788ecb37db7ae03c0dddeb3344a95a551d1325

517882a348924dfa92e0dc6c5d1e525a.exe

分析耗时

93s

最近分析

文件大小

804.0KB
静态报毒 动态报毒 AI SCORE=89 AIDETECTVM ARTEMIS ATTRIBUTE CLIPBOARDLOGGER CONFIDENCE ELDORADO FLYSTUDIO FMCLLE GDSDA GENERIC PUA HF GENERIC@ML HACKTOOL HIGH CONFIDENCE HIGHCONFIDENCE JAIK LPDO MALICIOUS PE MALWARE1 MIKEY O3C98QR3ANOXRCUXVUXZ9W OCCAMY QVM07 RA@1QRAUG RDMK SCORE STATIC AI SUSGEN UNSAFE YQ0@AARRD7IB ZEXAF ZUSY 更多
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
Alibaba 20190527 0.3.0.5
Baidu 20190318 1.0.0.2
Tencent 20201215 1.0.0.1
Kingsoft 20201215 2017.9.26.565
McAfee Artemis!517882A34892 20201215 6.0.6.653
CrowdStrike win/malicious_confidence_80% (W) 20190702 1.0
静态指标
Queries for the computername (2 个事件)
Time & API Arguments Status Return Repeated
1619426984.221924
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
1619426984.221924
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available (1 个事件)
Time & API Arguments Status Return Repeated
1619426982.534924
GlobalMemoryStatusEx
success 1 0
The executable uses a known packer (1 个事件)
packer Armadillo v1.71
The file contains an unknown PE resource name possibly indicative of a packer (1 个事件)
resource name TEXTINCLUDE
行为判定
动态指标
Allocates read-write-execute memory (usually to unpack itself) (1 个事件)
Time & API Arguments Status Return Repeated
1619443508.541501
NtAllocateVirtualMemory
process_identifier: 1424
region_size: 65536
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffffffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00000000040a0000
success 0 0
Checks whether any human activity is being performed by constantly checking whether the foreground window changed
Foreign language identified in PE resource (48 个事件)
name TEXTINCLUDE language LANG_CHINESE offset 0x000e7a54 filetype C source, ASCII text, with CRLF line terminators sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000151
name TEXTINCLUDE language LANG_CHINESE offset 0x000e7a54 filetype C source, ASCII text, with CRLF line terminators sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000151
name TEXTINCLUDE language LANG_CHINESE offset 0x000e7a54 filetype C source, ASCII text, with CRLF line terminators sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000151
name RT_CURSOR language LANG_CHINESE offset 0x000e7f44 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x000000b4
name RT_CURSOR language LANG_CHINESE offset 0x000e7f44 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x000000b4
name RT_CURSOR language LANG_CHINESE offset 0x000e7f44 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x000000b4
name RT_CURSOR language LANG_CHINESE offset 0x000e7f44 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x000000b4
name RT_BITMAP language LANG_CHINESE offset 0x000e964c filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000144
name RT_BITMAP language LANG_CHINESE offset 0x000e964c filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000144
name RT_BITMAP language LANG_CHINESE offset 0x000e964c filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000144
name RT_BITMAP language LANG_CHINESE offset 0x000e964c filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000144
name RT_BITMAP language LANG_CHINESE offset 0x000e964c filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000144
name RT_BITMAP language LANG_CHINESE offset 0x000e964c filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000144
name RT_BITMAP language LANG_CHINESE offset 0x000e964c filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000144
name RT_BITMAP language LANG_CHINESE offset 0x000e964c filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000144
name RT_BITMAP language LANG_CHINESE offset 0x000e964c filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000144
name RT_BITMAP language LANG_CHINESE offset 0x000e964c filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000144
name RT_BITMAP language LANG_CHINESE offset 0x000e964c filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000144
name RT_BITMAP language LANG_CHINESE offset 0x000e964c filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000144
name RT_BITMAP language LANG_CHINESE offset 0x000e964c filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000144
name RT_BITMAP language LANG_CHINESE offset 0x000e964c filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000144
name RT_MENU language LANG_CHINESE offset 0x000e979c filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000284
name RT_MENU language LANG_CHINESE offset 0x000e979c filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000284
name RT_DIALOG language LANG_CHINESE offset 0x000eabbc filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x000001b0
name RT_DIALOG language LANG_CHINESE offset 0x000eabbc filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x000001b0
name RT_DIALOG language LANG_CHINESE offset 0x000eabbc filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x000001b0
name RT_DIALOG language LANG_CHINESE offset 0x000eabbc filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x000001b0
name RT_DIALOG language LANG_CHINESE offset 0x000eabbc filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x000001b0
name RT_DIALOG language LANG_CHINESE offset 0x000eabbc filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x000001b0
name RT_DIALOG language LANG_CHINESE offset 0x000eabbc filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x000001b0
name RT_DIALOG language LANG_CHINESE offset 0x000eabbc filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x000001b0
name RT_DIALOG language LANG_CHINESE offset 0x000eabbc filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x000001b0
name RT_DIALOG language LANG_CHINESE offset 0x000eabbc filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x000001b0
name RT_STRING language LANG_CHINESE offset 0x000eb628 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000024
name RT_STRING language LANG_CHINESE offset 0x000eb628 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000024
name RT_STRING language LANG_CHINESE offset 0x000eb628 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000024
name RT_STRING language LANG_CHINESE offset 0x000eb628 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000024
name RT_STRING language LANG_CHINESE offset 0x000eb628 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000024
name RT_STRING language LANG_CHINESE offset 0x000eb628 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000024
name RT_STRING language LANG_CHINESE offset 0x000eb628 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000024
name RT_STRING language LANG_CHINESE offset 0x000eb628 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000024
name RT_STRING language LANG_CHINESE offset 0x000eb628 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000024
name RT_STRING language LANG_CHINESE offset 0x000eb628 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000024
name RT_STRING language LANG_CHINESE offset 0x000eb628 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000024
name RT_GROUP_CURSOR language LANG_CHINESE offset 0x000eb674 filetype Lotus unknown worksheet or configuration, revision 0x2 sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000022
name RT_GROUP_CURSOR language LANG_CHINESE offset 0x000eb674 filetype Lotus unknown worksheet or configuration, revision 0x2 sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000022
name RT_GROUP_CURSOR language LANG_CHINESE offset 0x000eb674 filetype Lotus unknown worksheet or configuration, revision 0x2 sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000022
name RT_VERSION language LANG_CHINESE offset 0x000eb698 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000358
Creates executable files on the filesystem (1 个事件)
file C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\517882a348924dfa92e0dc6c5d1e525a.exe.lnk
Creates a shortcut to an executable file (1 个事件)
file C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\517882a348924dfa92e0dc6c5d1e525a.exe.lnk
网络通信
Installs itself for autorun at Windows startup (1 个事件)
file C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\517882a348924dfa92e0dc6c5d1e525a.exe.lnk
File has been identified by 46 AntiVirus engines on VirusTotal as malicious (46 个事件)
Bkav W32.AIDetectVM.malware1
Elastic malicious (high confidence)
MicroWorld-eScan Gen:Variant.Mikey.95481
FireEye Generic.mg.517882a348924dfa
CAT-QuickHeal Trojan.Occamy
ALYac Backdoor.FlyStudio
Cylance Unsafe
Sangfor Malware
Cybereason malicious.348924
Arcabit Trojan.Mikey.D174F9
Cyren W32/Trojan.CLL.gen!Eldorado
Symantec ML.Attribute.HighConfidence
APEX Malicious
Paloalto generic.ml
ClamAV Win.Malware.Zusy-6840460-0
BitDefender Gen:Variant.Mikey.95481
NANO-Antivirus Trojan.Win32.Jaik.fmclle
Ad-Aware Gen:Variant.Mikey.95481
Sophos Generic PUA HF (PUA)
Comodo Worm.Win32.Dropper.RA@1qraug
VIPRE Trojan.Win32.Generic!BT
TrendMicro HackTool.Win32.ClipboardLogger.A
McAfee-GW-Edition BehavesLike.Win32.Generic.ch
MaxSecure Trojan.Malware.73896040.susgen
Emsisoft Gen:Variant.Mikey.95481 (B)
SentinelOne Static AI - Malicious PE
Antiy-AVL Trojan/Win32.Occamy
Gridinsoft Trojan.Win32.Packed.oa
Microsoft Trojan:Win32/Occamy.C79
AegisLab Trojan.Win32.Generic.lpDo
GData Gen:Variant.Mikey.95481
Cynet Malicious (score: 100)
AhnLab-V3 Malware/Win32.Generic.C2994071
Acronis suspicious
McAfee Artemis!517882A34892
MAX malware (ai score=89)
Malwarebytes Trojan.MalPack.FlyStudio
ESET-NOD32 a variant of Win32/Packed.FlyStudio.AA potentially unwanted
TrendMicro-HouseCall HackTool.Win32.ClipboardLogger.A
Rising Trojan.Generic@ML.98 (RDMK:o3c98qR3AnOXrCUXvUxz9w)
eGambit Unsafe.AI_Score_99%
Fortinet Riskware/Application
BitDefenderTheta Gen:NN.ZexaF.34700.Yq0@aarrd7ib
Panda Trj/GdSda.A
CrowdStrike win/malicious_confidence_80% (W)
Qihoo-360 Generic/HEUR/QVM07.1.04C1.Malware.Gen
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

2018-12-15 17:20:46

Imports

Library KERNEL32.dll:
0x497170 GetACP
0x497174 HeapSize
0x497178 TerminateProcess
0x49717c RaiseException
0x497180 GetLocalTime
0x497184 GetSystemTime
0x49718c RtlUnwind
0x497190 GetStartupInfoA
0x497194 GetOEMCP
0x497198 GetCPInfo
0x49719c GetProcessVersion
0x4971a0 SetErrorMode
0x4971a4 GlobalFlags
0x4971a8 GetCurrentThread
0x4971b0 GetFileTime
0x4971b4 GetFileSize
0x4971b8 TlsGetValue
0x4971bc LocalReAlloc
0x4971c0 TlsSetValue
0x4971c4 TlsFree
0x4971c8 GlobalHandle
0x4971cc TlsAlloc
0x4971d0 LocalAlloc
0x4971d4 lstrcmpA
0x4971d8 GetVersion
0x4971dc GlobalGetAtomNameA
0x4971e0 GlobalAddAtomA
0x4971e4 GlobalFindAtomA
0x4971e8 GlobalDeleteAtom
0x4971ec lstrcmpiA
0x4971f0 SetEndOfFile
0x4971f4 UnlockFile
0x4971f8 LockFile
0x4971fc FlushFileBuffers
0x497200 SetFilePointer
0x497204 GetCurrentProcess
0x497208 DuplicateHandle
0x49720c lstrcpynA
0x497210 SetLastError
0x49721c LocalFree
0x497220 MultiByteToWideChar
0x497224 WideCharToMultiByte
0x497240 SetHandleCount
0x497244 GetStdHandle
0x497248 GetFileType
0x497250 HeapDestroy
0x497254 HeapCreate
0x497258 VirtualFree
0x497260 LCMapStringA
0x497264 LCMapStringW
0x497268 VirtualAlloc
0x49726c IsBadWritePtr
0x497270 GetStringTypeA
0x497274 GetStringTypeW
0x49727c CompareStringA
0x497280 CompareStringW
0x497284 IsBadReadPtr
0x497288 IsBadCodePtr
0x49728c SetStdHandle
0x497290 SuspendThread
0x497294 TerminateThread
0x497298 ReleaseMutex
0x49729c CreateMutexA
0x4972a0 CreateSemaphoreA
0x4972a4 ResumeThread
0x4972a8 ReleaseSemaphore
0x4972b4 GetProfileStringA
0x4972b8 WriteFile
0x4972c0 CreateFileA
0x4972c4 SetEvent
0x4972c8 FindResourceA
0x4972cc LoadResource
0x4972d0 LockResource
0x4972d4 ReadFile
0x4972d8 lstrlenW
0x4972dc GetModuleFileNameA
0x4972e0 GetCurrentThreadId
0x4972e4 ExitProcess
0x4972e8 GlobalSize
0x4972ec GlobalFree
0x4972f8 lstrcatA
0x4972fc lstrlenA
0x497300 WinExec
0x497304 lstrcpyA
0x497308 FindNextFileA
0x49730c CloseHandle
0x497310 GlobalReAlloc
0x497314 HeapFree
0x497318 HeapReAlloc
0x49731c GetProcessHeap
0x497320 HeapAlloc
0x497324 GetUserDefaultLCID
0x497328 GetFullPathNameA
0x49732c FreeLibrary
0x497330 LoadLibraryA
0x497334 GetLastError
0x497338 GetVersionExA
0x497340 CreateThread
0x497344 CreateEventA
0x497348 Sleep
0x49734c GlobalAlloc
0x497350 GlobalLock
0x497354 GlobalUnlock
0x497358 FindFirstFileA
0x49735c FindClose
0x497360 GetFileAttributesA
0x49736c GetModuleHandleA
0x497370 GetProcAddress
0x497374 MulDiv
0x497378 GetCommandLineA
0x49737c GetTickCount
0x497380 WaitForSingleObject
Library USER32.dll:
0x4973bc LoadIconA
0x4973c0 TranslateMessage
0x4973c4 DrawFrameControl
0x4973c8 DrawEdge
0x4973cc DrawFocusRect
0x4973d0 WindowFromPoint
0x4973d4 GetMessageA
0x4973d8 DispatchMessageA
0x4973dc SetRectEmpty
0x4973ec DrawIconEx
0x4973f0 CreatePopupMenu
0x4973f4 AppendMenuA
0x4973f8 ModifyMenuA
0x4973fc CreateMenu
0x497404 GetDlgCtrlID
0x497408 GetSubMenu
0x49740c EnableMenuItem
0x497410 ClientToScreen
0x497418 LoadImageA
0x497420 ShowWindow
0x497424 IsWindowEnabled
0x49742c GetKeyState
0x497434 PostQuitMessage
0x497438 IsZoomed
0x49743c GetClassInfoA
0x497440 DefWindowProcA
0x497444 GetSystemMenu
0x497448 DeleteMenu
0x49744c GetMenu
0x497450 SetMenu
0x497454 PeekMessageA
0x497458 IsIconic
0x49745c SetFocus
0x497460 GetActiveWindow
0x497464 GetWindow
0x49746c SetWindowRgn
0x497470 GetMessagePos
0x497474 ScreenToClient
0x49747c CopyRect
0x497480 LoadBitmapA
0x497484 WinHelpA
0x497488 KillTimer
0x49748c SetTimer
0x497490 ReleaseCapture
0x497494 GetCapture
0x497498 SetCapture
0x49749c GetScrollRange
0x4974a0 SetScrollRange
0x4974a4 SetScrollPos
0x4974a8 SetRect
0x4974ac InflateRect
0x4974b0 IntersectRect
0x4974b4 DestroyIcon
0x4974b8 PtInRect
0x4974bc OffsetRect
0x4974c0 IsWindowVisible
0x4974c4 EnableWindow
0x4974c8 UnregisterClassA
0x4974cc GetWindowLongA
0x4974d0 SetWindowLongA
0x4974d4 GetSysColor
0x4974d8 SetActiveWindow
0x4974dc SetCursorPos
0x4974e0 LoadCursorA
0x4974e4 SetCursor
0x4974e8 GetDC
0x4974ec FillRect
0x4974f0 IsRectEmpty
0x4974f4 ReleaseDC
0x4974f8 IsChild
0x4974fc DestroyMenu
0x497500 SetForegroundWindow
0x497504 GetWindowRect
0x497508 EqualRect
0x49750c UpdateWindow
0x497510 ValidateRect
0x497514 InvalidateRect
0x497518 GetClientRect
0x49751c GetFocus
0x497520 GetParent
0x497524 GetTopWindow
0x497528 PostMessageA
0x49752c IsWindow
0x497530 SetParent
0x497534 DestroyCursor
0x497538 SendMessageA
0x49753c GetWindowTextA
0x497544 CharUpperA
0x497548 GetWindowDC
0x49754c BeginPaint
0x497550 EndPaint
0x497554 TabbedTextOutA
0x497558 DrawTextA
0x49755c GrayStringA
0x497560 GetDlgItem
0x497564 DestroyWindow
0x49756c EndDialog
0x497570 GetNextDlgTabItem
0x497574 GetWindowPlacement
0x49757c GetForegroundWindow
0x497580 GetLastActivePopup
0x497584 GetMessageTime
0x497588 RemovePropA
0x49758c CallWindowProcA
0x497590 GetPropA
0x497594 UnhookWindowsHookEx
0x497598 SetPropA
0x49759c GetClassLongA
0x4975a0 CallNextHookEx
0x4975a4 SetWindowsHookExA
0x4975a8 CreateWindowExA
0x4975ac GetMenuItemID
0x4975b0 GetMenuItemCount
0x4975b4 RegisterClassA
0x4975b8 GetScrollPos
0x4975bc AdjustWindowRectEx
0x4975c0 MapWindowPoints
0x4975c4 SendDlgItemMessageA
0x4975c8 ScrollWindowEx
0x4975cc IsDialogMessageA
0x4975d0 SetWindowTextA
0x4975d4 MoveWindow
0x4975d8 CheckMenuItem
0x4975dc SetMenuItemBitmaps
0x4975e0 GetMenuState
0x4975e8 GetClassNameA
0x4975ec GetDesktopWindow
0x4975f0 LoadStringA
0x4975f4 GetSysColorBrush
0x4975f8 SetWindowPos
0x4975fc MessageBoxA
0x497600 GetCursorPos
0x497604 GetSystemMetrics
0x49760c EmptyClipboard
0x497610 SetClipboardData
0x497614 OpenClipboard
0x497618 GetClipboardData
0x49761c CloseClipboard
0x497620 wsprintfA
0x497624 RedrawWindow
Library GDI32.dll:
0x497024 ExtTextOutA
0x497028 TextOutA
0x49702c GetTextMetricsA
0x497030 RectVisible
0x497034 PtVisible
0x497038 Escape
0x49703c GetViewportExtEx
0x497040 ExtSelectClipRgn
0x497044 LineTo
0x497048 SetBkColor
0x497050 SetStretchBltMode
0x497054 GetClipRgn
0x497058 CreatePolygonRgn
0x49705c SelectClipRgn
0x497060 DeleteObject
0x497064 CreateDIBitmap
0x49706c CreatePalette
0x497070 StretchBlt
0x497074 SelectPalette
0x497078 RealizePalette
0x49707c GetDIBits
0x497080 GetWindowExtEx
0x497084 GetViewportOrgEx
0x497088 GetWindowOrgEx
0x49708c BeginPath
0x497090 EndPath
0x497094 PathToRegion
0x497098 CreateEllipticRgn
0x49709c CreateRoundRectRgn
0x4970a0 GetTextColor
0x4970a4 GetBkMode
0x4970a8 GetBkColor
0x4970ac GetROP2
0x4970b0 GetStretchBltMode
0x4970b4 GetPolyFillMode
0x4970bc CreateDCA
0x4970c0 CreateBitmap
0x4970c4 SelectObject
0x4970c8 CreatePen
0x4970cc PatBlt
0x4970d0 CombineRgn
0x4970d4 SetWindowOrgEx
0x4970d8 ScaleViewportExtEx
0x4970dc SetViewportExtEx
0x4970e0 OffsetViewportOrgEx
0x4970e4 SetViewportOrgEx
0x4970e8 SetMapMode
0x4970ec SetTextColor
0x4970f0 SetROP2
0x4970f4 SetPolyFillMode
0x4970f8 SetBkMode
0x4970fc RestoreDC
0x497100 SaveDC
0x497104 CreateRectRgn
0x497108 FillRgn
0x49710c CreateSolidBrush
0x497110 CreateFontIndirectA
0x497114 GetStockObject
0x497118 GetObjectA
0x49711c EndPage
0x497120 EndDoc
0x497124 DeleteDC
0x497128 StartDocA
0x49712c StartPage
0x497130 BitBlt
0x497134 CreateCompatibleDC
0x497138 Ellipse
0x49713c Rectangle
0x497140 LPtoDP
0x497144 DPtoLP
0x497148 GetCurrentObject
0x49714c RoundRect
0x497154 GetDeviceCaps
0x497158 MoveToEx
0x49715c ExcludeClipRect
0x497160 GetClipBox
0x497164 ScaleWindowExtEx
0x497168 SetWindowExtEx
Library WINMM.dll:
0x49762c waveOutRestart
0x497638 waveOutWrite
0x49763c waveOutPause
0x497640 waveOutReset
0x497644 waveOutClose
0x497648 waveOutGetNumDevs
0x49764c waveOutOpen
0x497654 midiStreamOpen
0x497658 midiStreamProperty
0x497660 midiStreamOut
0x497664 midiStreamStop
0x497668 midiOutReset
0x49766c midiStreamClose
0x497670 midiStreamRestart
Library WINSPOOL.DRV:
0x497678 OpenPrinterA
0x49767c DocumentPropertiesA
0x497680 ClosePrinter
Library ADVAPI32.dll:
0x497000 RegQueryValueA
0x497004 RegOpenKeyExA
0x497008 RegCloseKey
0x49700c RegCreateKeyExA
0x497010 RegSetValueExA
Library SHELL32.dll:
0x4973b0 ShellExecuteA
0x4973b4 Shell_NotifyIconA
Library ole32.dll:
0x4976c8 CLSIDFromProgID
0x4976cc OleRun
0x4976d0 CoCreateInstance
0x4976d4 CLSIDFromString
0x4976d8 OleUninitialize
0x4976dc OleInitialize
Library OLEAUT32.dll:
0x497388 VariantCopyInd
0x49738c VariantInit
0x497390 SysAllocString
0x497394 RegisterTypeLib
0x497398 LHashValOfNameSys
0x49739c LoadTypeLib
0x4973a0 UnRegisterTypeLib
0x4973a4 VariantChangeType
0x4973a8 VariantClear
Library COMCTL32.dll:
0x497018
0x49701c ImageList_Destroy
Library WS2_32.dll:
0x497688 inet_ntoa
0x49768c WSACleanup
0x497690 ntohl
0x497694 accept
0x497698 getpeername
0x49769c recv
0x4976a0 ioctlsocket
0x4976a4 recvfrom
0x4976a8 closesocket
0x4976ac WSAAsyncSelect
Library comdlg32.dll:
0x4976b4 ChooseColorA
0x4976b8 GetOpenFileNameA
0x4976bc GetSaveFileNameA
0x4976c0 GetFileTitleA

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 49235 114.114.114.114 53
192.168.56.101 50534 114.114.114.114 53
192.168.56.101 51808 114.114.114.114 53
192.168.56.101 56539 114.114.114.114 53
192.168.56.101 57874 114.114.114.114 53
192.168.56.101 58367 114.114.114.114 53
192.168.56.101 63429 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 123 20.189.79.72 time.windows.com 123
192.168.56.101 51378 224.0.0.252 5355
192.168.56.101 51963 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 62191 224.0.0.252 5355
192.168.56.101 65004 224.0.0.252 5355
192.168.56.101 1900 239.255.255.250 1900
192.168.56.101 51809 239.255.255.250 3702
192.168.56.101 56540 239.255.255.250 3702
192.168.56.101 56807 239.255.255.250 1900
192.168.56.101 58707 239.255.255.250 3702

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.