2.0
低危
1 个模型检测该样本为恶意!
重新分析
更多

e5f8c15ea8e7602ff9b537c6abc8748990f2a9de7163090fdd97eb336df150a1

588585fd930e1a864bbe870b5c97a904.exe

分析耗时

33s

最近分析

文件大小

2.9MB
静态报毒 动态报毒 YOUDAO
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
McAfee 20210401 6.0.6.653
Alibaba 20190527 0.3.0.5
CrowdStrike 20210203 1.0
Baidu 20190318 1.0.0.2
Avast 20210401 21.1.5827.0
Kingsoft 20210401 2017.9.26.565
Tencent 20210401 1.0.0.1
静态指标
This executable is signed
This executable has a PDB path (1 个事件)
pdb_path E:\TeamCity\workspace\release\dict-pc2\src\bin\Release\YoudaoDictInstaller.pdb
The executable contains unknown PE section names indicative of a packer (could be a false positive) (2 个事件)
section .gfids
section .giats
行为判定
动态指标
Foreign language identified in PE resource (50 out of 61 个事件)
name RT_CURSOR language LANG_CHINESE offset 0x002cb018 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000134
name RT_CURSOR language LANG_CHINESE offset 0x002cb018 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000134
name RT_CURSOR language LANG_CHINESE offset 0x002cb018 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000134
name RT_CURSOR language LANG_CHINESE offset 0x002cb018 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000134
name RT_CURSOR language LANG_CHINESE offset 0x002cb018 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000134
name RT_CURSOR language LANG_CHINESE offset 0x002cb018 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000134
name RT_CURSOR language LANG_CHINESE offset 0x002cb018 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000134
name RT_CURSOR language LANG_CHINESE offset 0x002cb018 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000134
name RT_CURSOR language LANG_CHINESE offset 0x002cb018 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000134
name RT_CURSOR language LANG_CHINESE offset 0x002cb018 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000134
name RT_CURSOR language LANG_CHINESE offset 0x002cb018 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000134
name RT_CURSOR language LANG_CHINESE offset 0x002cb018 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000134
name RT_CURSOR language LANG_CHINESE offset 0x002cb018 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000134
name RT_CURSOR language LANG_CHINESE offset 0x002cb018 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000134
name RT_CURSOR language LANG_CHINESE offset 0x002cb018 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000134
name RT_CURSOR language LANG_CHINESE offset 0x002cb018 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000134
name RT_BITMAP language LANG_CHINESE offset 0x002cb340 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000144
name RT_BITMAP language LANG_CHINESE offset 0x002cb340 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000144
name RT_ICON language LANG_CHINESE offset 0x002c3e28 filetype PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00005967
name RT_ICON language LANG_CHINESE offset 0x002c3e28 filetype PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00005967
name RT_ICON language LANG_CHINESE offset 0x002c3e28 filetype PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00005967
name RT_ICON language LANG_CHINESE offset 0x002c3e28 filetype PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00005967
name RT_ICON language LANG_CHINESE offset 0x002c3e28 filetype PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00005967
name RT_ICON language LANG_CHINESE offset 0x002c3e28 filetype PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00005967
name RT_ICON language LANG_CHINESE offset 0x002c3e28 filetype PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00005967
name RT_ICON language LANG_CHINESE offset 0x002c3e28 filetype PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00005967
name RT_DIALOG language LANG_CHINESE offset 0x002cb250 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000034
name RT_DIALOG language LANG_CHINESE offset 0x002cb250 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000034
name RT_DIALOG language LANG_CHINESE offset 0x002cb250 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000034
name RT_DIALOG language LANG_CHINESE offset 0x002cb250 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000034
name RT_STRING language LANG_CHINESE offset 0x002cca68 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x0000053e
name RT_STRING language LANG_CHINESE offset 0x002cca68 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x0000053e
name RT_STRING language LANG_CHINESE offset 0x002cca68 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x0000053e
name RT_STRING language LANG_CHINESE offset 0x002cca68 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x0000053e
name RT_STRING language LANG_CHINESE offset 0x002cca68 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x0000053e
name RT_STRING language LANG_CHINESE offset 0x002cca68 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x0000053e
name RT_STRING language LANG_CHINESE offset 0x002cca68 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x0000053e
name RT_STRING language LANG_CHINESE offset 0x002cca68 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x0000053e
name RT_STRING language LANG_CHINESE offset 0x002cca68 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x0000053e
name RT_STRING language LANG_CHINESE offset 0x002cca68 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x0000053e
name RT_STRING language LANG_CHINESE offset 0x002cca68 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x0000053e
name RT_STRING language LANG_CHINESE offset 0x002cca68 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x0000053e
name RT_STRING language LANG_CHINESE offset 0x002cca68 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x0000053e
name RT_STRING language LANG_CHINESE offset 0x002cca68 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x0000053e
name RT_GROUP_CURSOR language LANG_CHINESE offset 0x002cb150 filetype Lotus unknown worksheet or configuration, revision 0x1 sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000014
name RT_GROUP_CURSOR language LANG_CHINESE offset 0x002cb150 filetype Lotus unknown worksheet or configuration, revision 0x1 sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000014
name RT_GROUP_CURSOR language LANG_CHINESE offset 0x002cb150 filetype Lotus unknown worksheet or configuration, revision 0x1 sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000014
name RT_GROUP_CURSOR language LANG_CHINESE offset 0x002cb150 filetype Lotus unknown worksheet or configuration, revision 0x1 sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000014
name RT_GROUP_CURSOR language LANG_CHINESE offset 0x002cb150 filetype Lotus unknown worksheet or configuration, revision 0x1 sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000014
name RT_GROUP_CURSOR language LANG_CHINESE offset 0x002cb150 filetype Lotus unknown worksheet or configuration, revision 0x1 sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000014
File has been identified by one AntiVirus engine on VirusTotal as malicious (1 个事件)
ESET-NOD32 a variant of Win32/Youdao.A potentially unwanted
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

2019-05-31 11:07:20

Imports

Library PSAPI.DLL:
0x610574 EnumProcessModules
Library KERNEL32.dll:
0x610228 WriteConsoleW
0x610238 GetCPInfo
0x61023c GetOEMCP
0x610240 IsValidCodePage
0x610244 FindFirstFileExW
0x610248 SetFilePointerEx
0x610250 ReadConsoleW
0x610254 GetConsoleMode
0x61025c LCMapStringW
0x610260 GetTimeFormatW
0x610264 GetStringTypeW
0x610268 GetACP
0x61026c ExitProcess
0x610270 GetStdHandle
0x610274 VirtualAlloc
0x610278 GetSystemInfo
0x610280 SetStdHandle
0x610284 GetFullPathNameA
0x610288 GetModuleHandleExW
0x610290 ExitThread
0x610294 CreateThread
0x610298 GetCommandLineA
0x61029c GetFileType
0x6102a0 GetDriveTypeW
0x6102a4 RtlUnwind
0x6102a8 OutputDebugStringW
0x6102ac lstrcpynW
0x6102b0 GetDateFormatW
0x6102b8 LockFileEx
0x6102bc FormatMessageA
0x6102c0 GetTempPathA
0x6102c4 GetDiskFreeSpaceA
0x6102c8 CreateFileA
0x6102cc GetStartupInfoW
0x6102d0 IsDebuggerPresent
0x6102d4 InitializeSListHead
0x6102ec ResetEvent
0x6102f0 GetDiskFreeSpaceW
0x6102f4 SearchPathW
0x6102f8 GetProfileIntW
0x6102fc GetTempFileNameW
0x610300 VerifyVersionInfoW
0x610304 VerSetConditionMask
0x610308 FindResourceExW
0x61030c lstrcpyW
0x610314 SetErrorMode
0x610318 GetFileTime
0x61031c GetFileSizeEx
0x610324 VirtualProtect
0x610328 GlobalFlags
0x610334 GetLocaleInfoW
0x610338 CompareStringW
0x610340 GlobalGetAtomNameW
0x610344 LocalReAlloc
0x610348 GlobalHandle
0x61034c GlobalReAlloc
0x610350 TlsFree
0x610354 TlsSetValue
0x610358 TlsGetValue
0x61035c TlsAlloc
0x610360 GetThreadLocale
0x610364 lstrcmpiW
0x610368 DuplicateHandle
0x61036c UnlockFile
0x610370 SetFilePointer
0x610374 SetEndOfFile
0x610378 ReadFile
0x61037c LockFile
0x610384 GetFullPathNameW
0x610388 GetFileSize
0x61038c FlushFileBuffers
0x610398 FindNextFileW
0x61039c FindClose
0x6103a4 GlobalFindAtomW
0x6103a8 LoadLibraryA
0x6103ac GetSystemDirectoryW
0x6103b0 EncodePointer
0x6103b4 GetModuleHandleA
0x6103b8 OutputDebugStringA
0x6103bc GlobalAddAtomW
0x6103c0 ResumeThread
0x6103c4 SuspendThread
0x6103c8 SetThreadPriority
0x6103cc CreateEventW
0x6103d0 SetEvent
0x6103d8 FreeResource
0x6103dc lstrcmpW
0x6103e0 lstrcmpA
0x6103e4 GlobalDeleteAtom
0x6103e8 LoadLibraryExW
0x6103ec GetCurrentThread
0x6103f0 SetLastError
0x6103f4 FormatMessageW
0x6103f8 VirtualQuery
0x6103fc GlobalAlloc
0x610400 GlobalUnlock
0x610404 GlobalSize
0x610408 GlobalLock
0x61040c GlobalFree
0x610410 GetTickCount
0x610414 IsWow64Process
0x610418 GetSystemTime
0x61041c FindFirstFileW
0x610420 DeviceIoControl
0x610424 MulDiv
0x610428 GetCurrentProcess
0x61042c CreateDirectoryW
0x610444 TerminateProcess
0x610448 MultiByteToWideChar
0x61044c GetVersionExW
0x610450 WriteFile
0x610454 CreateFileW
0x610458 GetTempPathW
0x610460 AreFileApisANSI
0x610468 GetFileAttributesW
0x61046c WideCharToMultiByte
0x610470 GetProcessHeap
0x610478 DecodePointer
0x61047c HeapAlloc
0x610480 RaiseException
0x610484 HeapReAlloc
0x610488 HeapSize
0x610490 HeapFree
0x610494 OpenFileMappingW
0x610498 ReleaseMutex
0x61049c UnmapViewOfFile
0x6104a0 MapViewOfFile
0x6104a4 CreateFileMappingW
0x6104a8 GetCurrentProcessId
0x6104ac FreeLibrary
0x6104b0 LoadLibraryW
0x6104b4 CopyFileW
0x6104b8 MoveFileW
0x6104bc GetCurrentThreadId
0x6104c0 RemoveDirectoryW
0x6104c4 Sleep
0x6104c8 GetExitCodeProcess
0x6104cc WaitForSingleObject
0x6104d0 GetLastError
0x6104d4 CreateMutexW
0x6104d8 GetCommandLineW
0x6104dc LocalFree
0x6104e0 LocalAlloc
0x6104e4 DeleteFileW
0x6104e8 GetModuleHandleW
0x6104ec GetProcAddress
0x6104f0 CloseHandle
0x6104f4 OpenProcess
0x6104f8 FindResourceW
0x6104fc LoadResource
0x610500 LockResource
0x610504 SizeofResource
0x610508 GetModuleFileNameW
0x61050c GetFileAttributesA
0x610510 DeleteFileA
0x610514 GetConsoleCP
Library USER32.dll:
0x6105f0 SetWindowTextW
0x6105f4 CheckDlgButton
0x6105f8 MoveWindow
0x6105fc FillRect
0x610600 GetWindowDC
0x610604 TabbedTextOutW
0x610608 GrayStringW
0x61060c DrawTextExW
0x610610 WinHelpW
0x610614 GetScrollInfo
0x610618 SetScrollInfo
0x61061c LoadIconW
0x610620 GetTopWindow
0x610624 GetClassLongW
0x610628 SetWindowLongW
0x61062c PtInRect
0x610630 EqualRect
0x610634 MapWindowPoints
0x610638 AdjustWindowRectEx
0x610640 RemovePropW
0x610644 GetPropW
0x610648 SetPropW
0x61064c ShowScrollBar
0x610650 GetScrollRange
0x610654 SetScrollRange
0x610658 GetScrollPos
0x61065c SetScrollPos
0x610660 ScrollWindow
0x610664 RedrawWindow
0x610668 EndPaint
0x61066c BeginPaint
0x610670 UpdateWindow
0x610674 TrackPopupMenu
0x610678 SetMenu
0x61067c GetMenu
0x610680 GetCapture
0x610684 SetFocus
0x610688 GetDlgCtrlID
0x61068c EndDeferWindowPos
0x610690 DeferWindowPos
0x610694 BeginDeferWindowPos
0x610698 SetWindowPlacement
0x61069c GetWindowPlacement
0x6106a0 IsChild
0x6106a4 IsMenu
0x6106a8 CreateWindowExW
0x6106ac GetClassInfoExW
0x6106b0 UnpackDDElParam
0x6106b4 ReuseDDElParam
0x6106bc GetMenuDefaultItem
0x6106c0 TrackMouseEvent
0x6106c4 FindWindowW
0x6106c8 SendMessageW
0x6106d0 GetClassInfoW
0x6106d4 RegisterClassW
0x6106d8 CallWindowProcW
0x6106dc DefWindowProcW
0x6106e0 GetMessageTime
0x6106e4 GetMessagePos
0x6106ec InflateRect
0x6106f0 CopyRect
0x6106f4 GetSysColor
0x6106f8 GetMenuItemInfoW
0x6106fc DestroyMenu
0x610700 UnhookWindowsHookEx
0x610704 SetActiveWindow
0x610708 GetNextDlgTabItem
0x61070c GetDlgItem
0x610710 EndDialog
0x610718 IsDialogMessageW
0x61071c GetLastActivePopup
0x610720 IsWindowEnabled
0x610724 SetCursor
0x610728 ShowOwnedPopups
0x61072c LoadBitmapW
0x610730 SetMenuItemInfoW
0x610738 GetKeyNameTextW
0x61073c CharUpperW
0x610740 GetSysColorBrush
0x610744 LoadCursorW
0x610748 WaitMessage
0x61074c SetCapture
0x610750 ReleaseCapture
0x610754 WindowFromPoint
0x610758 CopyImage
0x61075c DeleteMenu
0x610764 InvalidateRect
0x610768 CharNextW
0x61076c OffsetRect
0x610774 InvalidateRgn
0x610778 SetRect
0x61077c IntersectRect
0x610780 SetMenuItemBitmaps
0x610784 EnableMenuItem
0x610788 IsRectEmpty
0x61078c GetNextDlgGroupItem
0x610790 MessageBeep
0x610794 DestroyIcon
0x610798 SendDlgItemMessageA
0x61079c SetRectEmpty
0x6107a0 GetAsyncKeyState
0x6107a4 LoadMenuW
0x6107a8 BringWindowToTop
0x6107ac LoadAcceleratorsW
0x6107b0 MessageBoxW
0x6107b4 PostThreadMessageW
0x6107b8 MonitorFromWindow
0x6107bc LoadImageW
0x6107c0 GetSystemMenu
0x6107c4 AppendMenuW
0x6107c8 IsIconic
0x6107cc GetSystemMetrics
0x6107d0 GetClientRect
0x6107d4 DrawIcon
0x6107d8 EnableWindow
0x6107dc GetParent
0x6107e0 SetParent
0x6107e8 UnregisterClassW
0x6107ec IsWindow
0x6107f0 IsWindowVisible
0x6107f4 GetDC
0x6107f8 ReleaseDC
0x6107fc DrawTextW
0x610800 GetWindow
0x610804 GetForegroundWindow
0x610808 ShowWindow
0x61080c GetWindowLongW
0x610810 SetWindowPos
0x610814 SetForegroundWindow
0x610818 MonitorFromPoint
0x61081c GetMonitorInfoW
0x610820 PostMessageW
0x610824 GetWindowRect
0x610828 ClientToScreen
0x61082c ScreenToClient
0x610830 GetCursorPos
0x610834 GetDesktopWindow
0x610838 MapVirtualKeyW
0x61083c KillTimer
0x610840 SetTimer
0x610848 OpenClipboard
0x61084c CloseClipboard
0x610854 SetClipboardData
0x610858 EmptyClipboard
0x61085c GetClassNameW
0x610860 GetWindowTextW
0x610864 GetMenuStringW
0x610868 GetMenuState
0x61086c GetSubMenu
0x610870 GetMenuItemID
0x610874 GetMenuItemCount
0x610878 InsertMenuW
0x61087c RemoveMenu
0x610880 PostQuitMessage
0x610888 MapDialogRect
0x61088c GetMessageW
0x610890 TranslateMessage
0x610894 DispatchMessageW
0x610898 PeekMessageW
0x61089c GetActiveWindow
0x6108a0 CreatePopupMenu
0x6108a4 InsertMenuItemW
0x6108a8 UnionRect
0x6108ac DrawFocusRect
0x6108b0 GetKeyState
0x6108b4 ValidateRect
0x6108b8 SetWindowsHookExW
0x6108bc CallNextHookEx
0x6108c0 DrawIconEx
0x6108c4 GetIconInfo
0x6108c8 EnableScrollBar
0x6108cc HideCaret
0x6108d0 GetFocus
0x6108d4 CheckMenuItem
0x6108d8 InvertRect
0x6108dc NotifyWinEvent
0x6108e4 EnumDisplayMonitors
0x6108e8 SetClassLongW
0x6108ec SetWindowRgn
0x6108f0 DrawStateW
0x6108f4 DrawEdge
0x6108f8 DrawFrameControl
0x6108fc IsZoomed
0x610900 SetCursorPos
0x610904 CopyIcon
0x610908 FrameRect
0x61090c LockWindowUpdate
0x610910 UpdateLayeredWindow
0x610914 GetComboBoxInfo
0x610918 GetKeyboardLayout
0x61091c IsCharLowerW
0x610920 MapVirtualKeyExW
0x610924 ToUnicodeEx
0x610928 GetKeyboardState
0x610934 SetMenuDefaultItem
0x610938 GetDoubleClickTime
0x61093c ModifyMenuW
0x610940 CharUpperBuffW
0x610944 GetUpdateRect
0x610948 DrawMenuBar
0x61094c DefFrameProcW
0x610950 DefMDIChildProcW
0x610958 SubtractRect
0x61095c CreateMenu
0x610960 GetWindowRgn
0x610964 DestroyCursor
0x610968 DestroyWindow
Library GDI32.dll:
0x610084 SelectClipRgn
0x610088 ExtSelectClipRgn
0x61008c SelectPalette
0x610090 SetBkMode
0x610094 SetMapMode
0x610098 SetLayout
0x61009c GetLayout
0x6100a0 SetPolyFillMode
0x6100a4 SetROP2
0x6100a8 SetTextAlign
0x6100ac MoveToEx
0x6100b0 TextOutW
0x6100b4 SetViewportExtEx
0x6100b8 SetViewportOrgEx
0x6100bc SetWindowExtEx
0x6100c0 SetWindowOrgEx
0x6100c4 OffsetViewportOrgEx
0x6100c8 OffsetWindowOrgEx
0x6100cc ScaleViewportExtEx
0x6100d0 ScaleWindowExtEx
0x6100d8 PatBlt
0x6100dc GetBkColor
0x6100e0 GetTextColor
0x6100e4 GetRgnBox
0x6100e8 CombineRgn
0x6100ec GetMapMode
0x6100f0 SetRectRgn
0x6100f4 DPtoLP
0x6100f8 EnumFontFamiliesExW
0x6100fc CreatePalette
0x610104 GetPaletteEntries
0x61010c RealizePalette
0x610110 CreateDIBitmap
0x610114 EnumFontFamiliesW
0x610118 GetTextCharsetInfo
0x61011c SetPixel
0x610120 StretchBlt
0x610124 CreateDIBSection
0x610128 RestoreDC
0x61012c CreateEllipticRgn
0x610130 Ellipse
0x610134 CreatePolygonRgn
0x610138 Polygon
0x61013c Polyline
0x610140 CreateRoundRectRgn
0x610144 LPtoDP
0x610148 Rectangle
0x61014c OffsetRgn
0x610150 RoundRect
0x610154 FillRgn
0x610158 FrameRgn
0x61015c GetBoundsRect
0x610160 PtInRegion
0x610164 ExtFloodFill
0x610168 SetPaletteEntries
0x61016c SetPixelV
0x610170 GetWindowOrgEx
0x610174 GetViewportOrgEx
0x610178 GetTextFaceW
0x61017c GetClipBox
0x610180 ExcludeClipRect
0x610184 Escape
0x610188 CreateSolidBrush
0x61018c CreateRectRgn
0x610190 CreatePatternBrush
0x610194 CreatePen
0x610198 CreateHatchBrush
0x61019c SetTextColor
0x6101a0 SetBkColor
0x6101a4 ExtTextOutW
0x6101a8 CreateBitmap
0x6101ac GetDeviceCaps
0x6101b0 CopyMetaFileW
0x6101b4 DeleteDC
0x6101b8 BitBlt
0x6101c0 CreateCompatibleDC
0x6101c4 CreateDCW
0x6101c8 RectVisible
0x6101cc PtVisible
0x6101d0 SelectObject
0x6101d4 LineTo
0x6101d8 IntersectClipRect
0x6101dc GetStockObject
0x6101e0 GetPixel
0x6101e4 GetObjectType
0x6101e8 SetDIBColorTable
0x6101ec GetViewportExtEx
0x6101f0 GetWindowExtEx
0x6101f8 GetObjectW
0x6101fc DeleteObject
0x610200 CreateFontIndirectW
0x610204 GetTextMetricsW
0x610208 SaveDC
Library MSIMG32.dll:
0x61051c AlphaBlend
0x610520 TransparentBlt
Library WINSPOOL.DRV:
0x6109fc OpenPrinterW
0x610a00 DocumentPropertiesW
0x610a04 ClosePrinter
Library ADVAPI32.dll:
0x610004 CryptDecrypt
0x610008 CryptDestroyKey
0x61000c CryptReleaseContext
0x610010 CryptGetUserKey
0x610014 CryptGenKey
0x610018 CryptExportKey
0x61001c CryptEncrypt
0x610020 RegEnumKeyExW
0x610024 RegEnumValueW
0x610028 RegQueryValueW
0x61002c RegEnumKeyW
0x610030 RegDeleteKeyW
0x610034 RegOpenKeyW
0x610038 RegOpenKeyExW
0x61003c RegQueryValueExW
0x610040 RegDeleteValueW
0x610044 RegSetValueExW
0x610048 RegCreateKeyExW
0x61004c RegCloseKey
0x610050 CryptImportKey
Library SHELL32.dll:
0x610590 SHGetFolderPathW
0x610594 CommandLineToArgvW
0x610598 ShellExecuteExW
0x6105a0 SHAppBarMessage
0x6105a4 SHGetFileInfoW
0x6105a8 DragQueryFileW
0x6105ac DragFinish
0x6105b0 SHBrowseForFolderW
0x6105b4 SHGetDesktopFolder
0x6105c0 ShellExecuteW
Library COMCTL32.dll:
Library SHLWAPI.dll:
0x6105c8 PathIsDirectoryW
0x6105cc PathFindExtensionW
0x6105d0 PathFindFileNameW
0x6105d4 UrlUnescapeW
0x6105d8 PathIsUNCW
0x6105dc PathStripToRootW
0x6105e0 PathRemoveFileSpecW
0x6105e4 StrFormatKBSizeW
0x6105e8 PathFileExistsW
Library UxTheme.dll:
0x610970 GetThemePartSize
0x610974 GetThemeSysColor
0x610978 GetWindowTheme
0x61097c CloseThemeData
0x610980 GetCurrentThemeName
0x610984 GetThemeColor
0x610988 OpenThemeData
0x61098c IsAppThemed
0x610990 DrawThemeText
0x610994 DrawThemeBackground
Library ole32.dll:
0x610a68 IsAccelerator
0x610a78 OleLockRunning
0x610a7c RevokeDragDrop
0x610a84 OleGetClipboard
0x610a88 DoDragDrop
0x610a98 OleFlushClipboard
0x610a9c CoRevokeClassObject
0x610aa0 CoInitializeEx
0x610aa4 OleUninitialize
0x610aa8 OleInitialize
0x610abc CoGetClassObject
0x610ac0 CoDisconnectObject
0x610ac4 CLSIDFromString
0x610ac8 ReleaseStgMedium
0x610acc OleDuplicateData
0x610ad0 CoTaskMemFree
0x610ad4 CoTaskMemAlloc
0x610ad8 CoUninitialize
0x610adc CoInitialize
0x610ae0 CoCreateInstance
0x610ae4 CLSIDFromProgID
0x610ae8 StringFromGUID2
0x610aec CoCreateGuid
0x610af0 RegisterDragDrop
Library OLEAUT32.dll:
0x610538 SafeArrayDestroy
0x61053c VariantCopy
0x610548 SysStringLen
0x61054c LoadTypeLib
0x610550 VariantChangeType
0x610554 VariantInit
0x610558 SysAllocStringLen
0x61055c SysFreeString
0x610560 SysAllocString
0x610564 VariantClear
0x61056c VarBstrFromDate
Library oledlg.dll:
0x610af8 OleUIBusyW
Library VERSION.dll:
0x6109a8 GetFileVersionInfoW
0x6109ac VerQueryValueW
Library IPHLPAPI.DLL:
0x610220 GetAdaptersInfo
Library OLEACC.dll:
0x61052c LresultFromObject
Library WININET.dll:
0x6109b4 HttpSendRequestExW
0x6109b8 InternetWriteFile
0x6109bc HttpEndRequestW
0x6109c0 HttpSendRequestW
0x6109c4 HttpQueryInfoW
0x6109c8 InternetSetOptionW
0x6109cc InternetReadFile
0x6109d0 InternetOpenW
0x6109d4 InternetConnectW
0x6109d8 HttpOpenRequestW
0x6109dc InternetCrackUrlW
0x6109e4 InternetCloseHandle
0x6109e8 InternetGetCookieW
Library gdiplus.dll:
0x610a0c GdipGetImagePalette
0x610a1c GdipBitmapLockBits
0x610a24 GdipDeleteGraphics
0x610a28 GdipDrawImageI
0x610a30 GdipCreateFromHDC
0x610a38 GdipDrawImageRectI
0x610a3c GdipAlloc
0x610a40 GdipFree
0x610a44 GdiplusStartup
0x610a4c GdipCloneImage
0x610a50 GdipGetImageHeight
0x610a54 GdipDisposeImage
0x610a5c GdipGetImageWidth
0x610a60 GdiplusShutdown
Library IMM32.dll:
0x610210 ImmGetContext
0x610214 ImmReleaseContext
0x610218 ImmGetOpenStatus

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 49713 114.114.114.114 53
192.168.56.101 50002 114.114.114.114 53
192.168.56.101 53657 114.114.114.114 53
192.168.56.101 60384 114.114.114.114 53
192.168.56.101 62318 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 123 20.189.79.72 time.windows.com 123
192.168.56.101 49235 224.0.0.252 5355
192.168.56.101 50534 224.0.0.252 5355
192.168.56.101 51808 224.0.0.252 5355
192.168.56.101 51963 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 57756 224.0.0.252 5355
192.168.56.101 57874 224.0.0.252 5355
192.168.56.101 62191 224.0.0.252 5355
192.168.56.101 63429 224.0.0.252 5355
192.168.56.101 1900 239.255.255.250 1900
192.168.56.101 51966 239.255.255.250 1900
192.168.56.101 53658 239.255.255.250 3702

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.