5.8
高危
59 个模型检测该样本为恶意!
重新分析
更多

db23aa997a6d911f35d982d7f65aa388e701edda71ad1d34adcecd680e0039e2

58bd1b8842feeea62cf8d6dbf2be77e5.exe

分析耗时

26s

最近分析

文件大小

684.5KB
静态报毒 动态报毒 AI SCORE=82 ATTRIBUTE AUTO BDQK BTJC4V CLOUD CONFIDENCE DELF DELPHILESS ELYL FAREIT GDSDA GENERICKD HIGH HIGH CONFIDENCE HIGHCONFIDENCE HKEWSQ IGENT KRYPTIK LOKI LOKIBOT MALWARE@#2YVMJRQ1DJ75T QGW@AIBXENKI SCORE SMAD1 SPYBOTNET SUSPICIOUS PE TSCOPE UNSAFE X2066 ZELPHIF 更多
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
McAfee Fareit-FTB!58BD1B8842FE 20200614 6.0.6.653
Alibaba Trojan:Win32/Lokibot.d708da71 20190527 0.3.0.5
Baidu 20190318 1.0.0.2
Avast Win32:Trojan-gen 20200614 18.4.3895.0
Kingsoft 20200614 2013.8.14.323
Tencent Win32.Trojan.Inject.Auto 20200614 1.0.0.1
CrowdStrike win/malicious_confidence_90% (W) 20190702 1.0
静态指标
The executable contains unknown PE section names indicative of a packer (could be a false positive) (3 个事件)
section CODE
section DATA
section BSS
The executable uses a known packer (1 个事件)
packer BobSoft Mini Delphi -> BoB / BobSoft
One or more processes crashed (2 个事件)
Time & API Arguments Status Return Repeated
1619543277.423124
__exception__
stacktrace: 
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 35323448
registers.edi: 0
registers.eax: 0
registers.ebp: 35323784
registers.edx: 7
registers.ebx: 0
registers.esi: 0
registers.ecx: 407
exception.instruction_r: f7 f0 33 c0 5a 59 59 64 89 10 e9 e5 62 00 00 e9
exception.symbol: 58bd1b8842feeea62cf8d6dbf2be77e5+0x57e17
exception.instruction: div eax
exception.module: 58bd1b8842feeea62cf8d6dbf2be77e5.exe
exception.exception_code: 0xc0000094
exception.offset: 359959
exception.address: 0x457e17
success 0 0
1619543280.063751
__exception__
stacktrace: 
CreateFileMappingW+0xe5 OpenFileMappingW-0x29 kernelbase+0xdc73 @ 0x778edc73
GetFileVersion+0xa7 ND_RI2-0x2eb mscoreei+0xe97b @ 0x7501e97b
GetFileVersion+0x1bb ND_RI2-0x1d7 mscoreei+0xea8f @ 0x7501ea8f
RegisterShimImplCallback+0x48e5 CLRCreateInstance-0x13e6 mscoreei+0xb25a @ 0x7501b25a
RegisterShimImplCallback+0x4b52 CLRCreateInstance-0x1179 mscoreei+0xb4c7 @ 0x7501b4c7
RegisterShimImplCallback+0x4300 CLRCreateInstance-0x19cb mscoreei+0xac75 @ 0x7501ac75
RegisterShimImplCallback+0x4561 CLRCreateInstance-0x176a mscoreei+0xaed6 @ 0x7501aed6
CreateConfigStream+0xc89 _CorExeMain-0x62 mscoreei+0x5511 @ 0x75015511
_CorExeMain+0x2b _CorExeMain2-0x141 mscoreei+0x559e @ 0x7501559e
CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x75177f16
_CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x75174de3
58bd1b8842feeea62cf8d6dbf2be77e5+0x5aa4d @ 0x45aa4d
58bd1b8842feeea62cf8d6dbf2be77e5+0x53254 @ 0x453254
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1634372
registers.edi: 2
registers.eax: 1
registers.ebp: 1634412
registers.edx: 228
registers.ebx: 983045
registers.esi: 1634532
registers.ecx: 228
exception.symbol:
exception.exception_code: 0xc0000005
exception.address: 0xfdd914ad
success 0 0
行为判定
动态指标
One or more potentially interesting buffers were extracted, these generally contain injected code, configuration data, etc.
Allocates read-write-execute memory (usually to unpack itself) (30 个事件)
Time & API Arguments Status Return Repeated
1619543277.205124
NtAllocateVirtualMemory
process_identifier: 2056
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x005a0000
success 0 0
1619543277.423124
NtProtectVirtualMemory
process_identifier: 2056
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 32768
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00457000
success 0 0
1619543277.439124
NtAllocateVirtualMemory
process_identifier: 2056
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00660000
success 0 0
1619543278.860751
NtProtectVirtualMemory
process_identifier: 284
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00400000
success 0 0
1619543278.938751
NtAllocateVirtualMemory
process_identifier: 284
region_size: 2097152
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 8192 (MEM_RESERVE)
base_address: 0x01f90000
success 0 0
1619543278.938751
NtAllocateVirtualMemory
process_identifier: 284
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x02150000
success 0 0
1619543278.938751
NtAllocateVirtualMemory
process_identifier: 284
region_size: 335872
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00510000
success 0 0
1619543278.938751
NtProtectVirtualMemory
process_identifier: 284
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 307200
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00512000
success 0 0
1619543279.500751
NtAllocateVirtualMemory
process_identifier: 284
region_size: 1835008
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 8192 (MEM_RESERVE)
base_address: 0x02190000
success 0 0
1619543279.500751
NtAllocateVirtualMemory
process_identifier: 284
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x02310000
success 0 0
1619543280.032751
NtProtectVirtualMemory
process_identifier: 284
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00832000
success 0 0
1619543280.032751
NtProtectVirtualMemory
process_identifier: 284
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76351000
success 0 0
1619543280.032751
NtProtectVirtualMemory
process_identifier: 284
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00832000
success 0 0
1619543280.032751
NtProtectVirtualMemory
process_identifier: 284
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76353000
success 0 0
1619543280.032751
NtProtectVirtualMemory
process_identifier: 284
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00832000
success 0 0
1619543280.032751
NtProtectVirtualMemory
process_identifier: 284
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76354000
success 0 0
1619543280.032751
NtProtectVirtualMemory
process_identifier: 284
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00832000
success 0 0
1619543280.032751
NtProtectVirtualMemory
process_identifier: 284
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76351000
success 0 0
1619543280.032751
NtProtectVirtualMemory
process_identifier: 284
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00832000
success 0 0
1619543280.032751
NtProtectVirtualMemory
process_identifier: 284
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x77d4f000
success 0 0
1619543280.032751
NtProtectVirtualMemory
process_identifier: 284
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00832000
success 0 0
1619543280.032751
NtProtectVirtualMemory
process_identifier: 284
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76353000
success 0 0
1619543280.032751
NtProtectVirtualMemory
process_identifier: 284
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00832000
success 0 0
1619543280.032751
NtProtectVirtualMemory
process_identifier: 284
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76351000
success 0 0
1619543280.032751
NtProtectVirtualMemory
process_identifier: 284
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00832000
success 0 0
1619543280.032751
NtProtectVirtualMemory
process_identifier: 284
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76351000
success 0 0
1619543280.032751
NtProtectVirtualMemory
process_identifier: 284
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00832000
success 0 0
1619543280.032751
NtProtectVirtualMemory
process_identifier: 284
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76354000
success 0 0
1619543280.032751
NtProtectVirtualMemory
process_identifier: 284
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00832000
success 0 0
1619543280.032751
NtProtectVirtualMemory
process_identifier: 284
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76351000
success 0 0
The binary likely contains encrypted or compressed data indicative of a packer (2 个事件)
entropy 7.4359205000026565 section {'size_of_data': '0x00043a00', 'virtual_address': '0x0006e000', 'entropy': 7.4359205000026565, 'name': '.rsrc', 'virtual_size': '0x00043804'} description A section with a high entropy has been found
entropy 0.39575713240673005 description Overall entropy of this PE file is high
网络通信
Communicates with host for which no DNS query was performed (1 个事件)
host 172.217.24.14
Used NtSetContextThread to modify a thread in a remote process indicative of process injection (2 个事件)
Process injection Process 2056 called NtSetContextThread to modify thread in remote process 284
Time & API Arguments Status Return Repeated
1619543278.158124
NtSetContextThread
thread_handle: 0x000000f0
registers.eip: 0
registers.esp: 0
registers.edi: 0
registers.eax: 4907488
registers.ebp: 0
registers.edx: 0
registers.ebx: 2130567168
registers.esi: 0
registers.ecx: 0
process_identifier: 284
success 0 0
Resumed a suspended thread in a remote process potentially indicative of process injection (2 个事件)
Process injection Process 2056 resumed a thread in remote process 284
Time & API Arguments Status Return Repeated
1619543278.611124
NtResumeThread
thread_handle: 0x000000f0
suspend_count: 1
process_identifier: 284
success 0 0
Executed a process and injected code into it, probably while unpacking (6 个事件)
Time & API Arguments Status Return Repeated
1619543278.001124
CreateProcessInternalW
thread_identifier: 2264
thread_handle: 0x000000f0
process_identifier: 284
current_directory:
filepath:
track: 1
command_line: "C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\58bd1b8842feeea62cf8d6dbf2be77e5.exe"
filepath_r:
stack_pivoted: 0
creation_flags: 4 (CREATE_SUSPENDED)
process_handle: 0x000000f4
inherit_handles: 0
success 1 0
1619543278.001124
NtUnmapViewOfSection
process_identifier: 284
region_size: 4096
process_handle: 0x000000f4
base_address: 0x00400000
success 0 0
1619543278.080124
NtMapViewOfSection
section_handle: 0x000000fc
process_identifier: 284
commit_size: 720896
win32_protect: 64 (PAGE_EXECUTE_READWRITE)
buffer:
process_handle: 0x000000f4
allocation_type: 0 ()
section_offset: 0
view_size: 720896
base_address: 0x00400000
success 0 0
1619543278.158124
NtGetContextThread
thread_handle: 0x000000f0
success 0 0
1619543278.158124
NtSetContextThread
thread_handle: 0x000000f0
registers.eip: 0
registers.esp: 0
registers.edi: 0
registers.eax: 4907488
registers.ebp: 0
registers.edx: 0
registers.ebx: 2130567168
registers.esi: 0
registers.ecx: 0
process_identifier: 284
success 0 0
1619543278.611124
NtResumeThread
thread_handle: 0x000000f0
suspend_count: 1
process_identifier: 284
success 0 0
File has been identified by 59 AntiVirus engines on VirusTotal as malicious (50 out of 59 个事件)
MicroWorld-eScan Trojan.GenericKD.43165892
FireEye Generic.mg.58bd1b8842feeea6
CAT-QuickHeal Trojan.Multi
McAfee Fareit-FTB!58BD1B8842FE
Cylance Unsafe
VIPRE Trojan.Win32.Generic!BT
Sangfor Malware
K7AntiVirus Trojan ( 00566bd51 )
Alibaba Trojan:Win32/Lokibot.d708da71
K7GW Trojan ( 00566bd51 )
Cybereason malicious.a17066
Arcabit Trojan.Generic.D292A8C4
Invincea heuristic
F-Prot W32/Injector.JED
Symantec ML.Attribute.HighConfidence
APEX Malicious
Avast Win32:Trojan-gen
ClamAV Win.Dropper.LokiBot-7860578-0
Kaspersky HEUR:Trojan.Win32.Kryptik.gen
BitDefender Trojan.GenericKD.43165892
NANO-Antivirus Trojan.Win32.SpyBotNET.hkewsq
Paloalto generic.ml
AegisLab Trojan.Multi.Generic.4!c
Rising Trojan.Injector!8.C4 (CLOUD)
Endgame malicious (high confidence)
Sophos Mal/Fareit-AA
Comodo Malware@#2yvmjrq1dj75t
DrWeb BackDoor.SpyBotNET.17
Zillya Trojan.Injector.Win32.737678
TrendMicro TrojanSpy.Win32.LOKI.SMAD1.hp
McAfee-GW-Edition BehavesLike.Win32.Fareit.jc
Trapmine malicious.high.ml.score
Emsisoft Trojan.GenericKD.43165892 (B)
SentinelOne DFI - Suspicious PE
Cyren W32/Injector.BDQK-0964
Webroot W32.Adware.Gen
Antiy-AVL Trojan/Win32.Kryptik
Microsoft Trojan:Win32/Lokibot.V!MTB
ZoneAlarm HEUR:Trojan.Win32.Kryptik.gen
GData Win32.Trojan.Injector.PA
Cynet Malicious (score: 100)
AhnLab-V3 Suspicious/Win.Delphiless.X2066
VBA32 TScope.Trojan.Delf
ALYac Trojan.GenericKD.43165892
MAX malware (ai score=82)
Ad-Aware Trojan.GenericKD.43165892
Malwarebytes Trojan.MalPack.DLF
ESET-NOD32 a variant of Win32/Injector.ELYL
TrendMicro-HouseCall TrojanSpy.Win32.LOKI.SMAD1.hp
Tencent Win32.Trojan.Inject.Auto
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

1992-06-20 06:22:17

Imports

Library kernel32.dll:
0x462128 VirtualFree
0x46212c VirtualAlloc
0x462130 LocalFree
0x462134 LocalAlloc
0x462138 GetVersion
0x46213c GetCurrentThreadId
0x462148 VirtualQuery
0x46214c WideCharToMultiByte
0x462154 MultiByteToWideChar
0x462158 lstrlenA
0x46215c lstrcpynA
0x462160 LoadLibraryExA
0x462164 GetThreadLocale
0x462168 GetStartupInfoA
0x46216c GetProcAddress
0x462170 GetModuleHandleA
0x462174 GetModuleFileNameA
0x462178 GetLocaleInfoA
0x46217c GetLastError
0x462184 GetCommandLineA
0x462188 FreeLibrary
0x46218c FindFirstFileA
0x462190 FindClose
0x462194 ExitProcess
0x462198 WriteFile
0x4621a0 RtlUnwind
0x4621a4 RaiseException
0x4621a8 GetStdHandle
Library user32.dll:
0x4621b0 GetKeyboardType
0x4621b4 LoadStringA
0x4621b8 MessageBoxA
0x4621bc CharNextA
Library advapi32.dll:
0x4621c4 RegQueryValueExA
0x4621c8 RegOpenKeyExA
0x4621cc RegCloseKey
Library oleaut32.dll:
0x4621d4 SysFreeString
0x4621d8 SysReAllocStringLen
0x4621dc SysAllocStringLen
Library kernel32.dll:
0x4621e4 TlsSetValue
0x4621e8 TlsGetValue
0x4621ec LocalAlloc
0x4621f0 GetModuleHandleA
Library advapi32.dll:
0x4621f8 RegQueryValueExA
0x4621fc RegOpenKeyExA
0x462200 RegCloseKey
Library kernel32.dll:
0x462208 lstrcpyA
0x46220c WriteFile
0x462210 WaitForSingleObject
0x462214 VirtualQuery
0x462218 VirtualProtect
0x46221c VirtualAlloc
0x462220 Sleep
0x462224 SizeofResource
0x462228 SetThreadLocale
0x46222c SetFilePointer
0x462230 SetEvent
0x462234 SetErrorMode
0x462238 SetEndOfFile
0x46223c ResetEvent
0x462240 ReadFile
0x462244 MulDiv
0x462248 LockResource
0x46224c LoadResource
0x462250 LoadLibraryA
0x46225c GlobalUnlock
0x462260 GlobalReAlloc
0x462264 GlobalHandle
0x462268 GlobalLock
0x46226c GlobalFree
0x462270 GlobalFindAtomA
0x462274 GlobalDeleteAtom
0x462278 GlobalAlloc
0x46227c GlobalAddAtomA
0x462280 GetVersionExA
0x462284 GetVersion
0x462288 GetTickCount
0x46228c GetThreadLocale
0x462294 GetSystemTime
0x462298 GetSystemInfo
0x46229c GetStringTypeExA
0x4622a0 GetStdHandle
0x4622a4 GetProcAddress
0x4622a8 GetModuleHandleA
0x4622ac GetModuleFileNameA
0x4622b0 GetLocaleInfoA
0x4622b4 GetLocalTime
0x4622b8 GetLastError
0x4622bc GetFullPathNameA
0x4622c0 GetFileAttributesA
0x4622c4 GetDiskFreeSpaceA
0x4622c8 GetDateFormatA
0x4622cc GetCurrentThreadId
0x4622d0 GetCurrentProcessId
0x4622d4 GetCPInfo
0x4622d8 GetACP
0x4622dc FreeResource
0x4622e0 InterlockedExchange
0x4622e4 FreeLibrary
0x4622e8 FormatMessageA
0x4622ec FindResourceA
0x4622f0 FindNextFileA
0x4622f4 FindFirstFileA
0x4622f8 FindClose
0x462308 ExitThread
0x46230c EnumCalendarInfoA
0x462318 CreateThread
0x46231c CreateFileA
0x462320 CreateEventA
0x462324 CompareStringA
0x462328 CloseHandle
Library version.dll:
0x462330 VerQueryValueA
0x462338 GetFileVersionInfoA
Library gdi32.dll:
0x462340 UnrealizeObject
0x462344 StretchBlt
0x462348 SetWindowOrgEx
0x46234c SetViewportOrgEx
0x462350 SetTextColor
0x462354 SetStretchBltMode
0x462358 SetROP2
0x46235c SetPixel
0x462360 SetDIBColorTable
0x462364 SetBrushOrgEx
0x462368 SetBkMode
0x46236c SetBkColor
0x462370 SelectPalette
0x462374 SelectObject
0x462378 SaveDC
0x46237c RestoreDC
0x462380 Rectangle
0x462384 RectVisible
0x462388 RealizePalette
0x46238c PatBlt
0x462390 MoveToEx
0x462394 MaskBlt
0x462398 LineTo
0x46239c IntersectClipRect
0x4623a0 GetWindowOrgEx
0x4623a4 GetTextMetricsA
0x4623b0 GetStockObject
0x4623b4 GetPixel
0x4623b8 GetPaletteEntries
0x4623bc GetObjectA
0x4623c0 GetDeviceCaps
0x4623c4 GetDIBits
0x4623c8 GetDIBColorTable
0x4623cc GetDCOrgEx
0x4623d4 GetClipBox
0x4623d8 GetBrushOrgEx
0x4623dc GetBitmapBits
0x4623e0 ExtTextOutA
0x4623e4 ExcludeClipRect
0x4623e8 DeleteObject
0x4623ec DeleteDC
0x4623f0 CreateSolidBrush
0x4623f4 CreatePenIndirect
0x4623f8 CreatePen
0x4623fc CreatePalette
0x462404 CreateFontIndirectA
0x462408 CreateDIBitmap
0x46240c CreateDIBSection
0x462410 CreateCompatibleDC
0x462418 CreateBrushIndirect
0x46241c CreateBitmap
0x462420 BitBlt
Library user32.dll:
0x462428 CreateWindowExA
0x46242c WindowFromPoint
0x462430 WinHelpA
0x462434 WaitMessage
0x462438 ValidateRect
0x46243c UpdateWindow
0x462440 UnregisterClassA
0x462444 UnhookWindowsHookEx
0x462448 TranslateMessage
0x462450 TrackPopupMenu
0x462458 ShowWindow
0x46245c ShowScrollBar
0x462460 ShowOwnedPopups
0x462464 ShowCursor
0x462468 SetWindowsHookExA
0x46246c SetWindowTextA
0x462470 SetWindowPos
0x462474 SetWindowPlacement
0x462478 SetWindowLongA
0x46247c SetTimer
0x462480 SetScrollRange
0x462484 SetScrollPos
0x462488 SetScrollInfo
0x46248c SetRect
0x462490 SetPropA
0x462494 SetParent
0x462498 SetMenuItemInfoA
0x46249c SetMenu
0x4624a0 SetForegroundWindow
0x4624a4 SetFocus
0x4624a8 SetCursor
0x4624ac SetClassLongA
0x4624b0 SetCapture
0x4624b4 SetActiveWindow
0x4624b8 SendMessageA
0x4624bc ScrollWindow
0x4624c0 ScreenToClient
0x4624c4 RemovePropA
0x4624c8 RemoveMenu
0x4624cc ReleaseDC
0x4624d0 ReleaseCapture
0x4624dc RegisterClassA
0x4624e0 RedrawWindow
0x4624e4 PtInRect
0x4624e8 PostQuitMessage
0x4624ec PostMessageA
0x4624f0 PeekMessageA
0x4624f4 OffsetRect
0x4624f8 OemToCharA
0x4624fc MessageBoxA
0x462500 MapWindowPoints
0x462504 MapVirtualKeyA
0x462508 LoadStringA
0x46250c LoadKeyboardLayoutA
0x462510 LoadIconA
0x462514 LoadCursorA
0x462518 LoadBitmapA
0x46251c KillTimer
0x462520 IsZoomed
0x462524 IsWindowVisible
0x462528 IsWindowEnabled
0x46252c IsWindow
0x462530 IsRectEmpty
0x462534 IsIconic
0x462538 IsDialogMessageA
0x46253c IsChild
0x462540 InvalidateRect
0x462544 IntersectRect
0x462548 InsertMenuItemA
0x46254c InsertMenuA
0x462550 InflateRect
0x462558 GetWindowTextA
0x46255c GetWindowRect
0x462560 GetWindowPlacement
0x462564 GetWindowLongA
0x462568 GetWindowDC
0x46256c GetTopWindow
0x462570 GetSystemMetrics
0x462574 GetSystemMenu
0x462578 GetSysColorBrush
0x46257c GetSysColor
0x462580 GetSubMenu
0x462584 GetScrollRange
0x462588 GetScrollPos
0x46258c GetScrollInfo
0x462590 GetPropA
0x462594 GetParent
0x462598 GetWindow
0x46259c GetMenuStringA
0x4625a0 GetMenuState
0x4625a4 GetMenuItemInfoA
0x4625a8 GetMenuItemID
0x4625ac GetMenuItemCount
0x4625b0 GetMenu
0x4625b4 GetLastActivePopup
0x4625b8 GetKeyboardState
0x4625c0 GetKeyboardLayout
0x4625c4 GetKeyState
0x4625c8 GetKeyNameTextA
0x4625cc GetIconInfo
0x4625d0 GetForegroundWindow
0x4625d4 GetFocus
0x4625d8 GetDesktopWindow
0x4625dc GetDCEx
0x4625e0 GetDC
0x4625e4 GetCursorPos
0x4625e8 GetCursor
0x4625ec GetClientRect
0x4625f0 GetClassNameA
0x4625f4 GetClassInfoA
0x4625f8 GetCapture
0x4625fc GetActiveWindow
0x462600 FrameRect
0x462604 FindWindowA
0x462608 FillRect
0x46260c EqualRect
0x462610 EnumWindows
0x462614 EnumThreadWindows
0x462618 EndPaint
0x46261c EnableWindow
0x462620 EnableScrollBar
0x462624 EnableMenuItem
0x462628 DrawTextA
0x46262c DrawMenuBar
0x462630 DrawIconEx
0x462634 DrawIcon
0x462638 DrawFrameControl
0x46263c DrawFocusRect
0x462640 DrawEdge
0x462644 DispatchMessageA
0x462648 DestroyWindow
0x46264c DestroyMenu
0x462650 DestroyIcon
0x462654 DestroyCursor
0x462658 DeleteMenu
0x46265c DefWindowProcA
0x462660 DefMDIChildProcA
0x462664 DefFrameProcA
0x462668 CreatePopupMenu
0x46266c CreateMenu
0x462670 CreateIcon
0x462674 ClientToScreen
0x462678 CheckMenuItem
0x46267c CallWindowProcA
0x462680 CallNextHookEx
0x462684 BeginPaint
0x462688 CharNextA
0x46268c CharLowerBuffA
0x462690 CharLowerA
0x462694 CharToOemA
0x462698 AdjustWindowRectEx
Library kernel32.dll:
0x4626a4 Sleep
Library oleaut32.dll:
0x4626ac SafeArrayPtrOfIndex
0x4626b0 SafeArrayGetUBound
0x4626b4 SafeArrayGetLBound
0x4626b8 SafeArrayCreate
0x4626bc VariantChangeType
0x4626c0 VariantCopy
0x4626c4 VariantClear
0x4626c8 VariantInit
Library comctl32.dll:
0x4626d8 ImageList_Write
0x4626dc ImageList_Read
0x4626ec ImageList_DragMove
0x4626f0 ImageList_DragLeave
0x4626f4 ImageList_DragEnter
0x4626f8 ImageList_EndDrag
0x4626fc ImageList_BeginDrag
0x462700 ImageList_Remove
0x462704 ImageList_DrawEx
0x462708 ImageList_Draw
0x462718 ImageList_Add
0x462720 ImageList_Destroy
0x462724 ImageList_Create
0x462728 InitCommonControls

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 49235 114.114.114.114 53
192.168.56.101 50534 114.114.114.114 53
192.168.56.101 56539 114.114.114.114 53
192.168.56.101 58367 114.114.114.114 53
192.168.56.101 65004 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 123 20.189.79.72 time.windows.com 123
192.168.56.101 55368 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 60123 224.0.0.252 5355
192.168.56.101 62191 224.0.0.252 5355
192.168.56.101 1900 239.255.255.250 1900
192.168.56.101 56540 239.255.255.250 3702
192.168.56.101 56807 239.255.255.250 1900
192.168.56.101 58368 239.255.255.250 3702
192.168.56.101 58370 239.255.255.250 3702
192.168.56.101 58707 239.255.255.250 3702

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.