4.6
中危
该样本未表现出任何异常!
重新分析
更多

3da7c55aab706ac053ca313cc24d065983e8eaed5172366e93fdf8b2d644f829

59f804406a29fa425b45b1dbdfff4940.exe

分析耗时

20s

最近分析

文件大小

824.0KB
静态报毒 动态报毒
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
未检测 暂无反病毒引擎检测结果
静态指标
The executable contains unknown PE section names indicative of a packer (could be a false positive) (3 个事件)
section CODE
section DATA
section BSS
The executable uses a known packer (1 个事件)
packer BobSoft Mini Delphi -> BoB / BobSoft
One or more processes crashed (1 个事件)
Time & API Arguments Status Return Repeated
1619521744.14925
__exception__
stacktrace: 
RtlFlsAlloc+0x421 EtwNotificationRegister-0x6ae ntdll+0x3ee84 @ 0x77d6ee84
RtlRunOnceComplete+0x3a4 LdrLoadDll-0xb1 ntdll+0x3c389 @ 0x77d6c389
LdrLoadDll+0x7b _strcmpi-0x304 ntdll+0x3c4b5 @ 0x77d6c4b5
New_ntdll_LdrLoadDll@16+0x7b New_ntdll_LdrUnloadDll@4-0xb7 @ 0x752ad4cf
LoadLibraryExW+0x178 LoadLibraryExA-0x2a kernelbase+0x11d2a @ 0x778f1d2a
59f804406a29fa425b45b1dbdfff4940+0x543f8 @ 0x4543f8
_CorValidateImage+0x83f _CorExeMain-0x2cc mscoree+0x4b0f @ 0x75174b0f
_CorExeMain+0xf62 CreateConfigStream-0x209a mscoree+0x5d3d @ 0x75175d3d
0x57005c

registers.esp: 1633872
registers.edi: 0
registers.eax: 0
registers.ebp: 1633912
registers.edx: 582600
registers.ebx: 0
registers.esi: 1634116
registers.ecx: 176
exception.symbol:
exception.exception_code: 0xc0000005
exception.address: 0xfdad14ad
success 0 0
行为判定
动态指标
One or more potentially interesting buffers were extracted, these generally contain injected code, configuration data, etc.
Allocates read-write-execute memory (usually to unpack itself) (28 个事件)
Time & API Arguments Status Return Repeated
1619513302.542343
NtAllocateVirtualMemory
process_identifier: 200
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x005b0000
success 0 0
1619513302.729343
NtProtectVirtualMemory
process_identifier: 200
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 77824
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00474000
success 0 0
1619513302.760343
NtAllocateVirtualMemory
process_identifier: 200
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x005f0000
success 0 0
1619521743.71225
NtProtectVirtualMemory
process_identifier: 2260
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00400000
success 0 0
1619521743.75825
NtAllocateVirtualMemory
process_identifier: 2260
region_size: 524288
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 8192 (MEM_RESERVE)
base_address: 0x01de0000
success 0 0
1619521743.75825
NtAllocateVirtualMemory
process_identifier: 2260
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x01e20000
success 0 0
1619521743.75825
NtAllocateVirtualMemory
process_identifier: 2260
region_size: 311296
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00510000
success 0 0
1619521743.75825
NtProtectVirtualMemory
process_identifier: 2260
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 282624
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00512000
success 0 0
1619521744.13325
NtProtectVirtualMemory
process_identifier: 2260
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00572000
success 0 0
1619521744.13325
NtProtectVirtualMemory
process_identifier: 2260
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76351000
success 0 0
1619521744.13325
NtProtectVirtualMemory
process_identifier: 2260
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00572000
success 0 0
1619521744.13325
NtProtectVirtualMemory
process_identifier: 2260
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76353000
success 0 0
1619521744.13325
NtProtectVirtualMemory
process_identifier: 2260
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00572000
success 0 0
1619521744.13325
NtProtectVirtualMemory
process_identifier: 2260
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76354000
success 0 0
1619521744.13325
NtProtectVirtualMemory
process_identifier: 2260
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00572000
success 0 0
1619521744.13325
NtProtectVirtualMemory
process_identifier: 2260
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76351000
success 0 0
1619521744.13325
NtProtectVirtualMemory
process_identifier: 2260
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00572000
success 0 0
1619521744.13325
NtProtectVirtualMemory
process_identifier: 2260
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x77d4f000
success 0 0
1619521744.13325
NtProtectVirtualMemory
process_identifier: 2260
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00572000
success 0 0
1619521744.13325
NtProtectVirtualMemory
process_identifier: 2260
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76353000
success 0 0
1619521744.13325
NtProtectVirtualMemory
process_identifier: 2260
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00572000
success 0 0
1619521744.13325
NtProtectVirtualMemory
process_identifier: 2260
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76351000
success 0 0
1619521744.13325
NtProtectVirtualMemory
process_identifier: 2260
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00572000
success 0 0
1619521744.13325
NtProtectVirtualMemory
process_identifier: 2260
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76351000
success 0 0
1619521744.13325
NtProtectVirtualMemory
process_identifier: 2260
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00572000
success 0 0
1619521744.13325
NtProtectVirtualMemory
process_identifier: 2260
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76354000
success 0 0
1619521744.13325
NtProtectVirtualMemory
process_identifier: 2260
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00572000
success 0 0
1619521744.13325
NtProtectVirtualMemory
process_identifier: 2260
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76351000
success 0 0
The binary likely contains encrypted or compressed data indicative of a packer (2 个事件)
entropy 7.6178340256359425 section {'size_of_data': '0x0003b800', 'virtual_address': '0x00098000', 'entropy': 7.6178340256359425, 'name': '.rsrc', 'virtual_size': '0x0003b62c'} description A section with a high entropy has been found
entropy 0.2891859052247874 description Overall entropy of this PE file is high
网络通信
Communicates with host for which no DNS query was performed (1 个事件)
host 172.217.24.14
Used NtSetContextThread to modify a thread in a remote process indicative of process injection (2 个事件)
Process injection Process 200 called NtSetContextThread to modify thread in remote process 2260
Time & API Arguments Status Return Repeated
1619513303.307343
NtSetContextThread
thread_handle: 0x000000e8
registers.eip: 0
registers.esp: 0
registers.edi: 0
registers.eax: 4859088
registers.ebp: 0
registers.edx: 0
registers.ebx: 2130567168
registers.esi: 0
registers.ecx: 0
process_identifier: 2260
success 0 0
Resumed a suspended thread in a remote process potentially indicative of process injection (2 个事件)
Process injection Process 200 resumed a thread in remote process 2260
Time & API Arguments Status Return Repeated
1619513303.667343
NtResumeThread
thread_handle: 0x000000e8
suspend_count: 1
process_identifier: 2260
success 0 0
Executed a process and injected code into it, probably while unpacking (6 个事件)
Time & API Arguments Status Return Repeated
1619513303.135343
CreateProcessInternalW
thread_identifier: 2504
thread_handle: 0x000000e8
process_identifier: 2260
current_directory:
filepath:
track: 1
command_line: "C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\59f804406a29fa425b45b1dbdfff4940.exe"
filepath_r:
stack_pivoted: 0
creation_flags: 4 (CREATE_SUSPENDED)
process_handle: 0x000000ec
inherit_handles: 0
success 1 0
1619513303.135343
NtUnmapViewOfSection
process_identifier: 2260
region_size: 4096
process_handle: 0x000000ec
base_address: 0x00400000
success 0 0
1619513303.151343
NtMapViewOfSection
section_handle: 0x000000f4
process_identifier: 2260
commit_size: 671744
win32_protect: 64 (PAGE_EXECUTE_READWRITE)
buffer:
process_handle: 0x000000ec
allocation_type: 0 ()
section_offset: 0
view_size: 671744
base_address: 0x00400000
success 0 0
1619513303.307343
NtGetContextThread
thread_handle: 0x000000e8
success 0 0
1619513303.307343
NtSetContextThread
thread_handle: 0x000000e8
registers.eip: 0
registers.esp: 0
registers.edi: 0
registers.eax: 4859088
registers.ebp: 0
registers.edx: 0
registers.ebx: 2130567168
registers.esi: 0
registers.ecx: 0
process_identifier: 2260
success 0 0
1619513303.667343
NtResumeThread
thread_handle: 0x000000e8
suspend_count: 1
process_identifier: 2260
success 0 0
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

1992-06-20 06:22:17

Imports

Library kernel32.dll:
0x48a150 VirtualFree
0x48a154 VirtualAlloc
0x48a158 LocalFree
0x48a15c LocalAlloc
0x48a160 GetVersion
0x48a164 GetCurrentThreadId
0x48a170 VirtualQuery
0x48a174 WideCharToMultiByte
0x48a17c MultiByteToWideChar
0x48a180 lstrlenA
0x48a184 lstrcpynA
0x48a188 LoadLibraryExA
0x48a18c GetThreadLocale
0x48a190 GetStartupInfoA
0x48a194 GetProcAddress
0x48a198 GetModuleHandleA
0x48a19c GetModuleFileNameA
0x48a1a0 GetLocaleInfoA
0x48a1a4 GetLastError
0x48a1ac GetCommandLineA
0x48a1b0 FreeLibrary
0x48a1b4 FindFirstFileA
0x48a1b8 FindClose
0x48a1bc ExitProcess
0x48a1c0 WriteFile
0x48a1c8 RtlUnwind
0x48a1cc RaiseException
0x48a1d0 GetStdHandle
Library user32.dll:
0x48a1d8 GetKeyboardType
0x48a1dc LoadStringA
0x48a1e0 MessageBoxA
0x48a1e4 CharNextA
Library advapi32.dll:
0x48a1ec RegQueryValueExA
0x48a1f0 RegOpenKeyExA
0x48a1f4 RegCloseKey
Library oleaut32.dll:
0x48a1fc SysFreeString
0x48a200 SysReAllocStringLen
0x48a204 SysAllocStringLen
Library kernel32.dll:
0x48a20c TlsSetValue
0x48a210 TlsGetValue
0x48a214 LocalAlloc
0x48a218 GetModuleHandleA
Library advapi32.dll:
0x48a220 RegQueryValueExA
0x48a224 RegOpenKeyExA
0x48a228 RegCloseKey
Library kernel32.dll:
0x48a230 lstrcpyA
0x48a234 WriteFile
0x48a238 WaitForSingleObject
0x48a23c VirtualQuery
0x48a240 VirtualProtect
0x48a244 VirtualAlloc
0x48a248 Sleep
0x48a24c SizeofResource
0x48a250 SetThreadLocale
0x48a254 SetFilePointer
0x48a258 SetEvent
0x48a25c SetErrorMode
0x48a260 SetEndOfFile
0x48a264 ResetEvent
0x48a268 ReadFile
0x48a26c MultiByteToWideChar
0x48a270 MulDiv
0x48a274 LockResource
0x48a278 LoadResource
0x48a27c LoadLibraryA
0x48a288 GlobalUnlock
0x48a28c GlobalReAlloc
0x48a290 GlobalHandle
0x48a294 GlobalLock
0x48a298 GlobalFree
0x48a29c GlobalFindAtomA
0x48a2a0 GlobalDeleteAtom
0x48a2a4 GlobalAlloc
0x48a2a8 GlobalAddAtomA
0x48a2ac GetVersionExA
0x48a2b0 GetVersion
0x48a2b4 GetTickCount
0x48a2b8 GetThreadLocale
0x48a2c0 GetSystemInfo
0x48a2c4 GetStringTypeExA
0x48a2c8 GetStdHandle
0x48a2cc GetProcAddress
0x48a2d0 GetModuleHandleA
0x48a2d4 GetModuleFileNameA
0x48a2d8 GetLocaleInfoA
0x48a2dc GetLocalTime
0x48a2e0 GetLastError
0x48a2e4 GetFullPathNameA
0x48a2e8 GetFileAttributesA
0x48a2ec GetDiskFreeSpaceA
0x48a2f0 GetDateFormatA
0x48a2f4 GetCurrentThreadId
0x48a2f8 GetCurrentProcessId
0x48a2fc GetCPInfo
0x48a300 GetACP
0x48a304 FreeResource
0x48a30c InterlockedExchange
0x48a314 FreeLibrary
0x48a318 FormatMessageA
0x48a31c FindResourceA
0x48a320 FindNextFileA
0x48a324 FindFirstFileA
0x48a328 FindClose
0x48a338 EnumCalendarInfoA
0x48a344 CreateThread
0x48a348 CreateFileA
0x48a34c CreateEventA
0x48a350 CompareStringA
0x48a354 CloseHandle
Library version.dll:
0x48a35c VerQueryValueA
0x48a364 GetFileVersionInfoA
Library gdi32.dll:
0x48a36c UnrealizeObject
0x48a370 StretchBlt
0x48a374 SetWindowOrgEx
0x48a378 SetViewportOrgEx
0x48a37c SetTextColor
0x48a380 SetStretchBltMode
0x48a384 SetROP2
0x48a388 SetPixel
0x48a38c SetDIBColorTable
0x48a390 SetBrushOrgEx
0x48a394 SetBkMode
0x48a398 SetBkColor
0x48a39c SelectPalette
0x48a3a0 SelectObject
0x48a3a4 SelectClipRgn
0x48a3a8 SaveDC
0x48a3ac RestoreDC
0x48a3b0 Rectangle
0x48a3b4 RectVisible
0x48a3b8 RealizePalette
0x48a3bc PatBlt
0x48a3c0 MoveToEx
0x48a3c4 MaskBlt
0x48a3c8 LineTo
0x48a3cc IntersectClipRect
0x48a3d0 GetWindowOrgEx
0x48a3d4 GetTextMetricsA
0x48a3e0 GetStockObject
0x48a3e4 GetPixel
0x48a3e8 GetPaletteEntries
0x48a3ec GetObjectA
0x48a3f0 GetDeviceCaps
0x48a3f4 GetDIBits
0x48a3f8 GetDIBColorTable
0x48a3fc GetDCOrgEx
0x48a404 GetClipRgn
0x48a408 GetClipBox
0x48a40c GetBrushOrgEx
0x48a410 GetBitmapBits
0x48a414 GetArcDirection
0x48a418 ExtTextOutA
0x48a41c ExcludeClipRect
0x48a420 DeleteObject
0x48a424 DeleteDC
0x48a428 CreateSolidBrush
0x48a42c CreateRectRgn
0x48a430 CreatePenIndirect
0x48a434 CreatePalette
0x48a43c CreateFontIndirectA
0x48a440 CreateDIBitmap
0x48a444 CreateDIBSection
0x48a448 CreateCompatibleDC
0x48a450 CreateBrushIndirect
0x48a454 CreateBitmap
0x48a458 BitBlt
Library user32.dll:
0x48a460 CreateWindowExA
0x48a464 WindowFromPoint
0x48a468 WinHelpA
0x48a46c WaitMessage
0x48a470 UpdateWindow
0x48a474 UnregisterClassA
0x48a478 UnhookWindowsHookEx
0x48a47c TranslateMessage
0x48a484 TrackPopupMenu
0x48a48c ShowWindow
0x48a490 ShowScrollBar
0x48a494 ShowOwnedPopups
0x48a498 ShowCursor
0x48a49c SetWindowsHookExA
0x48a4a0 SetWindowTextA
0x48a4a4 SetWindowPos
0x48a4a8 SetWindowPlacement
0x48a4ac SetWindowLongA
0x48a4b0 SetTimer
0x48a4b4 SetScrollRange
0x48a4b8 SetScrollPos
0x48a4bc SetScrollInfo
0x48a4c0 SetRect
0x48a4c4 SetPropA
0x48a4c8 SetParent
0x48a4cc SetMenuItemInfoA
0x48a4d0 SetMenu
0x48a4d4 SetForegroundWindow
0x48a4d8 SetFocus
0x48a4dc SetCursor
0x48a4e0 SetClassLongA
0x48a4e4 SetCapture
0x48a4e8 SetActiveWindow
0x48a4ec SendMessageA
0x48a4f0 ScrollWindow
0x48a4f4 ScreenToClient
0x48a4f8 RemovePropA
0x48a4fc RemoveMenu
0x48a500 ReleaseDC
0x48a504 ReleaseCapture
0x48a510 RegisterClassA
0x48a514 RedrawWindow
0x48a518 PtInRect
0x48a51c PostQuitMessage
0x48a520 PostMessageA
0x48a524 PeekMessageA
0x48a528 OffsetRect
0x48a52c OemToCharA
0x48a530 MessageBoxA
0x48a534 MapWindowPoints
0x48a538 MapVirtualKeyA
0x48a53c LoadStringA
0x48a540 LoadKeyboardLayoutA
0x48a544 LoadIconA
0x48a548 LoadCursorA
0x48a54c LoadBitmapA
0x48a550 KillTimer
0x48a554 IsZoomed
0x48a558 IsWindowVisible
0x48a55c IsWindowEnabled
0x48a560 IsWindow
0x48a564 IsRectEmpty
0x48a568 IsIconic
0x48a56c IsDialogMessageA
0x48a570 IsChild
0x48a574 InvalidateRect
0x48a578 IntersectRect
0x48a57c InsertMenuItemA
0x48a580 InsertMenuA
0x48a584 InflateRect
0x48a58c GetWindowTextA
0x48a590 GetWindowRect
0x48a594 GetWindowPlacement
0x48a598 GetWindowLongA
0x48a59c GetWindowDC
0x48a5a0 GetTopWindow
0x48a5a4 GetSystemMetrics
0x48a5a8 GetSystemMenu
0x48a5ac GetSysColorBrush
0x48a5b0 GetSysColor
0x48a5b4 GetSubMenu
0x48a5b8 GetScrollRange
0x48a5bc GetScrollPos
0x48a5c0 GetScrollInfo
0x48a5c4 GetPropA
0x48a5c8 GetParent
0x48a5cc GetWindow
0x48a5d0 GetMenuStringA
0x48a5d4 GetMenuState
0x48a5d8 GetMenuItemInfoA
0x48a5dc GetMenuItemID
0x48a5e0 GetMenuItemCount
0x48a5e4 GetMenu
0x48a5e8 GetLastActivePopup
0x48a5ec GetKeyboardState
0x48a5f4 GetKeyboardLayout
0x48a5f8 GetKeyState
0x48a5fc GetKeyNameTextA
0x48a600 GetIconInfo
0x48a604 GetForegroundWindow
0x48a608 GetFocus
0x48a60c GetDesktopWindow
0x48a610 GetDCEx
0x48a614 GetDC
0x48a618 GetCursorPos
0x48a61c GetCursor
0x48a620 GetClientRect
0x48a624 GetClassNameA
0x48a628 GetClassInfoA
0x48a62c GetCapture
0x48a630 GetActiveWindow
0x48a634 FrameRect
0x48a638 FindWindowA
0x48a63c FillRect
0x48a640 EqualRect
0x48a644 EnumWindows
0x48a648 EnumThreadWindows
0x48a64c EndPaint
0x48a650 EnableWindow
0x48a654 EnableScrollBar
0x48a658 EnableMenuItem
0x48a65c DrawTextA
0x48a660 DrawMenuBar
0x48a664 DrawIconEx
0x48a668 DrawIcon
0x48a66c DrawFrameControl
0x48a670 DrawFocusRect
0x48a674 DrawEdge
0x48a678 DispatchMessageA
0x48a67c DestroyWindow
0x48a680 DestroyMenu
0x48a684 DestroyIcon
0x48a688 DestroyCursor
0x48a68c DeleteMenu
0x48a690 DefWindowProcA
0x48a694 DefMDIChildProcA
0x48a698 DefFrameProcA
0x48a69c CreatePopupMenu
0x48a6a0 CreateMenu
0x48a6a4 CreateIcon
0x48a6a8 ClientToScreen
0x48a6ac CheckMenuItem
0x48a6b0 CallWindowProcA
0x48a6b4 CallNextHookEx
0x48a6b8 BeginPaint
0x48a6bc CharNextA
0x48a6c0 CharLowerBuffA
0x48a6c4 CharLowerA
0x48a6c8 CharToOemA
0x48a6cc AdjustWindowRectEx
Library kernel32.dll:
0x48a6d8 Sleep
Library oleaut32.dll:
0x48a6e0 SafeArrayPtrOfIndex
0x48a6e4 SafeArrayGetUBound
0x48a6e8 SafeArrayGetLBound
0x48a6ec SafeArrayCreate
0x48a6f0 VariantChangeType
0x48a6f4 VariantCopy
0x48a6f8 VariantClear
0x48a6fc VariantInit
Library ole32.dll:
0x48a704 CoCreateInstance
0x48a708 CoUninitialize
0x48a70c CoInitialize
Library oleaut32.dll:
0x48a714 CreateErrorInfo
0x48a718 GetErrorInfo
0x48a71c SetErrorInfo
0x48a720 SysFreeString
Library comctl32.dll:
0x48a730 ImageList_Write
0x48a734 ImageList_Read
0x48a744 ImageList_DragMove
0x48a748 ImageList_DragLeave
0x48a74c ImageList_DragEnter
0x48a750 ImageList_EndDrag
0x48a754 ImageList_BeginDrag
0x48a758 ImageList_Remove
0x48a75c ImageList_DrawEx
0x48a760 ImageList_Replace
0x48a764 ImageList_Draw
0x48a774 ImageList_Add
0x48a77c ImageList_Destroy
0x48a780 ImageList_Create

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 49235 114.114.114.114 53
192.168.56.101 50534 114.114.114.114 53
192.168.56.101 56539 114.114.114.114 53
192.168.56.101 65004 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 55368 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 60123 224.0.0.252 5355
192.168.56.101 62191 224.0.0.252 5355
192.168.56.101 1900 239.255.255.250 1900
192.168.56.101 50535 239.255.255.250 3702
192.168.56.101 56540 239.255.255.250 3702
192.168.56.101 56807 239.255.255.250 1900
192.168.56.101 58707 239.255.255.250 3702

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.