4.8
中危
60 个模型检测该样本为恶意!
重新分析
更多

fdfa54ad4c15993944cdde7e9c37f9191c3e8eeff0e93b2c14a5973caa4dbeba

5a24f781a4b877795a33930b2589ecc0.exe

分析耗时

72s

最近分析

文件大小

572.5KB
静态报毒 动态报毒 100% 14O6QH3 AI SCORE=86 AIDETECTVM BANKERX BSCOPE CLASSIC CONFIDENCE CXUYETNN6SS ELDORADO ENCPK FALSESIGN GENERICKD HFMH HGXH HIGH CONFIDENCE HPSTDH INVALIDSIG JG1@AGHHNKE KCLOUD KRYPT KRYPTIK MALICIOUS PE MALWARE1 MALWARE@#2VWWR0GLWF04H QAKBOT QBOT QVM19 R + MAL SCORE STATIC AI SVHK THHOFBO TROJANBANKER UNSAFE ZENPAK ZEXAF 更多
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
McAfee Packed-GCB!5A24F781A4B8 20201119 6.0.6.653
Alibaba TrojanBanker:Win32/Qakbot.ee247876 20190527 0.3.0.5
CrowdStrike win/malicious_confidence_100% (W) 20190702 1.0
Baidu 20190318 1.0.0.2
Avast Win32:BankerX-gen [Trj] 20201119 20.10.5736.0
Kingsoft Win32.Troj.Banker.(kcloud) 20201119 2017.9.26.565
Tencent Win32.Trojan.Falsesign.Svhk 20201119 1.0.0.1
静态指标
Queries for the computername (2 个事件)
Time & API Arguments Status Return Repeated
1619513320.149148
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
1619532549.58225
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
This executable is signed
The executable contains unknown PE section names indicative of a packer (could be a false positive) (4 个事件)
section .rdata4
section .rdata3
section .rdata2
section .rdata5
One or more processes crashed (2 个事件)
Time & API Arguments Status Return Repeated
1619532550.28525
__exception__
stacktrace: 
5a24f781a4b877795a33930b2589ecc0+0x3f07 @ 0x403f07
5a24f781a4b877795a33930b2589ecc0+0x1b25 @ 0x401b25
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1637624
registers.edi: 0
registers.eax: 1447909480
registers.ebp: 1637684
registers.edx: 22104
registers.ebx: 1
registers.esi: 6180240
registers.ecx: 10
exception.instruction_r: ed 89 5d e4 89 4d e0 5a 59 5b 58 83 4d fc ff eb
exception.symbol: 5a24f781a4b877795a33930b2589ecc0+0x3449
exception.instruction: in eax, dx
exception.module: 5a24f781a4b877795a33930b2589ecc0.exe
exception.exception_code: 0xc0000096
exception.offset: 13385
exception.address: 0x403449
success 0 0
1619532550.28525
__exception__
stacktrace: 
5a24f781a4b877795a33930b2589ecc0+0x3f10 @ 0x403f10
5a24f781a4b877795a33930b2589ecc0+0x1b25 @ 0x401b25
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1637628
registers.edi: 0
registers.eax: 1447909480
registers.ebp: 1637684
registers.edx: 22104
registers.ebx: 1
registers.esi: 6180240
registers.ecx: 20
exception.instruction_r: ed 89 45 e4 5a 59 5b 58 83 4d fc ff eb 11 33 c0
exception.symbol: 5a24f781a4b877795a33930b2589ecc0+0x34e2
exception.instruction: in eax, dx
exception.module: 5a24f781a4b877795a33930b2589ecc0.exe
exception.exception_code: 0xc0000096
exception.offset: 13538
exception.address: 0x4034e2
success 0 0
行为判定
动态指标
Allocates read-write-execute memory (usually to unpack itself) (6 个事件)
Time & API Arguments Status Return Repeated
1619513304.602148
NtAllocateVirtualMemory
process_identifier: 784
region_size: 225280
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x01cb0000
success 0 0
1619513320.056148
NtAllocateVirtualMemory
process_identifier: 784
region_size: 221184
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x01cf0000
success 0 0
1619513320.056148
NtProtectVirtualMemory
process_identifier: 784
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 237568
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00400000
success 0 0
1619532532.14525
NtAllocateVirtualMemory
process_identifier: 2244
region_size: 225280
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x004a0000
success 0 0
1619532549.48825
NtAllocateVirtualMemory
process_identifier: 2244
region_size: 221184
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00520000
success 0 0
1619532549.48825
NtProtectVirtualMemory
process_identifier: 2244
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 237568
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00400000
success 0 0
A process created a hidden window (1 个事件)
Time & API Arguments Status Return Repeated
1619513320.837148
CreateProcessInternalW
thread_identifier: 2468
thread_handle: 0x00000154
process_identifier: 2244
current_directory:
filepath:
track: 1
command_line: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\5a24f781a4b877795a33930b2589ecc0.exe /C
filepath_r:
stack_pivoted: 0
creation_flags: 134217728 (CREATE_NO_WINDOW)
process_handle: 0x00000158
inherit_handles: 0
success 1 0
The binary likely contains encrypted or compressed data indicative of a packer (2 个事件)
entropy 7.298193637124451 section {'size_of_data': '0x00072000', 'virtual_address': '0x00001000', 'entropy': 7.298193637124451, 'name': '.text', 'virtual_size': '0x00071f55'} description A section with a high entropy has been found
entropy 0.7992988606485539 description Overall entropy of this PE file is high
Expresses interest in specific running processes (1 个事件)
process vboxservice.exe
网络通信
Communicates with host for which no DNS query was performed (1 个事件)
host 172.217.24.14
Detects VMWare through the in instruction feature (1 个事件)
Time & API Arguments Status Return Repeated
1619532550.28525
__exception__
stacktrace: 
5a24f781a4b877795a33930b2589ecc0+0x3f07 @ 0x403f07
5a24f781a4b877795a33930b2589ecc0+0x1b25 @ 0x401b25
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1637624
registers.edi: 0
registers.eax: 1447909480
registers.ebp: 1637684
registers.edx: 22104
registers.ebx: 1
registers.esi: 6180240
registers.ecx: 10
exception.instruction_r: ed 89 5d e4 89 4d e0 5a 59 5b 58 83 4d fc ff eb
exception.symbol: 5a24f781a4b877795a33930b2589ecc0+0x3449
exception.instruction: in eax, dx
exception.module: 5a24f781a4b877795a33930b2589ecc0.exe
exception.exception_code: 0xc0000096
exception.offset: 13385
exception.address: 0x403449
success 0 0
File has been identified by 60 AntiVirus engines on VirusTotal as malicious (50 out of 60 个事件)
Bkav W32.AIDetectVM.malware1
Elastic malicious (high confidence)
MicroWorld-eScan Trojan.GenericKD.43563572
FireEye Generic.mg.5a24f781a4b87779
Qihoo-360 Generic/HEUR/QVM19.1.E528.Malware.Gen
McAfee Packed-GCB!5A24F781A4B8
Cylance Unsafe
Zillya Trojan.Qbot.Win32.8406
K7AntiVirus Trojan ( 0056c5a91 )
Alibaba TrojanBanker:Win32/Qakbot.ee247876
K7GW Trojan ( 0056c5a91 )
CrowdStrike win/malicious_confidence_100% (W)
Arcabit Trojan.Generic.D298BA34
Invincea Mal/Generic-R + Mal/EncPk-APV
Cyren W32/Kryptik.BRZ.gen!Eldorado
Symantec Trojan Horse
APEX Malicious
Avast Win32:BankerX-gen [Trj]
ClamAV Win.Trojan.Zenpak-9785225-0
Kaspersky HEUR:Trojan-Banker.Win32.Qbot.pef
BitDefender Trojan.GenericKD.43563572
NANO-Antivirus Trojan.Win32.Qbot.hpstdh
Paloalto generic.ml
Rising Trojan.Kryptik!1.C9B1 (CLASSIC)
Ad-Aware Trojan.GenericKD.43563572
Sophos Mal/EncPk-APV
Comodo Malware@#2vwwr0glwf04h
DrWeb BackDoor.Qbot.532
VIPRE Trojan.Win32.Generic!BT
TrendMicro Backdoor.Win32.QAKBOT.THHOFBO
McAfee-GW-Edition Packed-GCB!5A24F781A4B8
Emsisoft Adware.Generic (A)
Ikarus Trojan.Win32.Krypt
Jiangmin Trojan.Zenpak.crf
Webroot W32.Trojan.Gen
Avira TR/AD.Qbot.AH
Antiy-AVL Trojan[Banker]/Win32.Qbot
Kingsoft Win32.Troj.Banker.(kcloud)
Gridinsoft Trojan.Win32.Kryptik.oa
Microsoft Trojan:Win32/Qakbot.RQ!MTB
ZoneAlarm HEUR:Trojan-Banker.Win32.Qbot.pef
GData Win32.Trojan.PSE.14O6QH3
Cynet Malicious (score: 100)
AhnLab-V3 Trojan/Win32.Qakbot.C4171878
Acronis suspicious
BitDefenderTheta Gen:NN.ZexaF.34634.JG1@aGhhNke
ALYac Trojan.Agent.QakBot
MAX malware (ai score=86)
VBA32 BScope.Trojan.Encoder
Malwarebytes Trojan.Qbot
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

2000-01-30 09:18:46

Imports

Library KERNEL32.dll:
0x490044 GlobalSize
0x490048 HeapCreate
0x49004c IsBadCodePtr
0x490050 IsBadWritePtr
0x490054 GetTempPathW
0x490058 SetFileTime
0x49005c GetExitCodeProcess
0x490060 GetCurrentThreadId
0x490064 CompareFileTime
0x490068 GetFileTime
0x49006c FindClose
0x490070 GetTickCount
0x490078 HeapFree
0x49007c HeapAlloc
0x490080 GetCommandLineW
0x490084 GetCommandLineA
0x490088 lstrcmpA
0x49008c GetProcessHeap
0x490090 GetVersionExA
0x490094 GetACP
0x490098 GetOEMCP
0x4900a0 GetLocaleInfoA
0x4900a4 GetStartupInfoA
0x4900a8 CreateEventA
0x4900ac GetLastError
0x4900b0 WaitForSingleObject
0x4900b4 FreeLibrary
0x4900b8 MulDiv
0x4900bc SetEvent
0x4900c0 CloseHandle
0x4900c4 GlobalLock
0x4900c8 GlobalUnlock
0x4900cc Sleep
0x4900d0 ExitProcess
0x4900d4 GetTimeFormatA
0x4900d8 GetTimeFormatW
0x4900dc GetDateFormatA
0x4900e0 GetDateFormatW
0x4900e4 CreateProcessA
0x4900e8 CreateProcessW
0x4900f4 SearchPathA
0x4900f8 SearchPathW
0x4900fc GetFullPathNameA
0x490100 GetFullPathNameW
0x490104 GetModuleHandleW
0x490108 LoadLibraryA
0x49010c LoadLibraryW
0x490118 FindFirstFileA
0x49011c FindFirstFileW
0x490120 SetFileAttributesA
0x490124 SetFileAttributesW
0x490128 GetFileAttributesW
0x49012c DeleteFileA
0x490130 DeleteFileW
0x490134 CreateFileA
0x490138 CreateFileW
0x49013c GetModuleFileNameA
0x490140 GetModuleFileNameW
0x49014c FindNextFileA
0x490150 FindNextFileW
0x490154 WideCharToMultiByte
0x49015c GetModuleHandleA
0x490160 GetProcAddress
0x490164 GetFileAttributesA
0x490168 WriteFile
0x49016c ReadFile
0x490170 SetFilePointer
0x490174 GetFileSize
0x490178 lstrlenA
0x49017c lstrlenW
0x490180 MultiByteToWideChar
0x490184 GlobalFree
0x490188 HeapDestroy
0x49018c GlobalAlloc
0x490198 LocalFlags
0x49019c GetProfileSectionA
0x4901a0 SetConsoleOutputCP
0x4901a4 AllocConsole
0x4901a8 CreateRemoteThread
0x4901ac GetLongPathNameW
0x4901b0 IsBadHugeReadPtr
0x4901bc LCMapStringW
0x4901c0 Process32First
0x4901c4 CreateDirectoryExA
0x4901c8 VirtualQuery
0x4901cc ClearCommError
0x4901d0 DisconnectNamedPipe
0x4901d4 GetProfileStringW
0x4901dc GlobalAddAtomA
0x4901ec TlsFree
0x4901f8 CreateDirectoryW
0x4901fc FindNextVolumeA
0x490200 CreateThread
0x490204 RtlFillMemory
0x490208 HeapCompact
0x49020c SetComputerNameW
0x490214 LocalAlloc
0x490218 EnumCalendarInfoW
0x490220 VirtualAllocEx
Library USER32.dll:
0x490228 CreatePopupMenu
0x49022c GetKeyState
0x490230 DefFrameProcW
0x490234 PostQuitMessage
0x490238 ModifyMenuW
0x49023c DestroyIcon
0x490240 DestroyCursor
0x490244 SetTimer
0x490248 GetWindow
0x49024c DefFrameProcA
0x490250 CheckMenuItem
0x490254 GetQueueStatus
0x490258 GetKeyboardState
0x49025c CheckMenuRadioItem
0x490260 GetSystemMetrics
0x490264 DrawMenuBar
0x490268 DeleteMenu
0x49026c GetSubMenu
0x490270 LoadCursorA
0x490274 GetKeyboardLayout
0x490278 IsWindowVisible
0x49027c GetClassNameW
0x490280 GetClassNameA
0x490284 SetWindowPos
0x490288 SetScrollInfo
0x49028c GetScrollInfo
0x490290 ReleaseCapture
0x490294 CallNextHookEx
0x490298 MapVirtualKeyW
0x49029c MapVirtualKeyA
0x4902a0 UnhookWindowsHookEx
0x4902a4 GetDlgItem
0x4902a8 EndDialog
0x4902ac IsChild
0x4902b0 RedrawWindow
0x4902b4 MoveWindow
0x4902b8 SetCapture
0x4902c0 SetForegroundWindow
0x4902c4 GetForegroundWindow
0x4902cc LoadMenuA
0x4902d0 LoadMenuW
0x4902d4 LoadAcceleratorsA
0x4902d8 LoadAcceleratorsW
0x4902dc LoadIconA
0x4902e0 LoadIconW
0x4902e4 LoadImageA
0x4902e8 LoadImageW
0x4902ec CreateDialogParamW
0x4902f0 CreateDialogParamA
0x4902f4 DialogBoxParamW
0x4902f8 DialogBoxParamA
0x4902fc EnumThreadWindows
0x490300 WaitForInputIdle
0x490304 BringWindowToTop
0x490308 EnableWindow
0x49030c CloseClipboard
0x490310 GetClipboardData
0x490314 OpenClipboard
0x490318 MessageBeep
0x49031c SetCursorPos
0x490320 DrawTextW
0x490324 DrawTextA
0x49032c EnumWindows
0x490330 SetActiveWindow
0x490334 GetActiveWindow
0x490338 EndPaint
0x49033c DrawFrameControl
0x490340 BeginPaint
0x490344 GetCapture
0x490348 FrameRect
0x49034c SetDlgItemInt
0x490350 GetDlgItemInt
0x490354 SetWindowsHookExA
0x490358 CharUpperA
0x490360 HideCaret
0x490364 SetMenuDefaultItem
0x49036c SetCaretPos
0x490370 SetClipboardData
0x490374 EmptyClipboard
0x490378 UnregisterClassA
0x49037c UnregisterClassW
0x490380 CreateCaret
0x490384 DestroyCaret
0x490388 ScrollWindow
0x49038c ShowScrollBar
0x490390 GetDoubleClickTime
0x490394 GetMessageTime
0x490398 GetUpdateRect
0x49039c IntersectRect
0x4903a0 InsertMenuA
0x4903a4 InsertMenuW
0x4903a8 AppendMenuA
0x4903ac AppendMenuW
0x4903b0 SetDlgItemTextA
0x4903b4 SetDlgItemTextW
0x4903b8 SetWindowTextA
0x4903bc SetWindowTextW
0x4903c0 FindWindowExA
0x4903c4 FindWindowExW
0x4903c8 CreateMDIWindowA
0x4903cc CreateMDIWindowW
0x4903d0 CreateWindowExA
0x4903d4 CreateWindowExW
0x4903d8 RegisterClassA
0x4903dc RegisterClassW
0x4903e0 ScreenToClient
0x4903e4 TrackPopupMenu
0x4903e8 GetSystemMenu
0x4903ec KillTimer
0x4903f0 SetCursor
0x4903f4 GetMenuStringA
0x4903f8 GetMenuStringW
0x4903fc LoadStringA
0x490400 LoadStringW
0x490404 SendMessageW
0x490408 IsDialogMessageA
0x49040c IsDialogMessageW
0x490418 DispatchMessageA
0x49041c DispatchMessageW
0x490420 PeekMessageA
0x490424 PeekMessageW
0x490428 GetMessageA
0x49042c GetMessageW
0x490430 GetDlgItemTextA
0x490434 GetDlgItemTextW
0x490438 GetWindowTextA
0x49043c GetWindowTextW
0x490448 SetWindowLongA
0x49044c SetWindowLongW
0x490450 GetWindowLongA
0x490454 GetWindowLongW
0x490458 SetClassLongA
0x49045c SetClassLongW
0x490460 GetClassLongA
0x490464 GetClassLongW
0x490468 GetKeyNameTextA
0x49046c GetKeyNameTextW
0x490470 DefWindowProcA
0x490474 DefWindowProcW
0x490478 InvalidateRect
0x49047c UpdateWindow
0x490480 ValidateRect
0x490484 GetDC
0x490488 GetClientRect
0x49048c GetSysColorBrush
0x490490 FillRect
0x490494 DrawEdge
0x490498 GetFocus
0x49049c DrawFocusRect
0x4904a0 DestroyMenu
0x4904a4 DefMDIChildProcA
0x4904a8 DefMDIChildProcW
0x4904ac SetFocus
0x4904b0 ClientToScreen
0x4904b4 EnableMenuItem
0x4904b8 ShowWindow
0x4904bc TranslateMessage
0x4904c0 ShowCaret
0x4904c4 ModifyMenuA
0x4904c8 IsWindowEnabled
0x4904cc GetSysColor
0x4904d0 DrawStateA
0x4904d4 ReleaseDC
0x4904d8 IsWindowUnicode
0x4904dc CallWindowProcA
0x4904e0 CallWindowProcW
0x4904e4 GetDlgCtrlID
0x4904e8 GetParent
0x4904ec PostMessageA
0x4904f0 GetCursorPos
0x4904f4 PtInRect
0x4904f8 GetWindowRect
0x4904fc DestroyWindow
0x490500 SendMessageA
0x490504 MessageBoxW
0x49050c SetPropW
0x490514 EditWndProc
0x490518 ChangeMenuA
0x49051c GetClipCursor
0x490524 RemovePropW
0x490528 DlgDirSelectExA
0x49052c PaintDesktop
0x490530 GetWindowInfo
0x490534 CloseWindow
0x490538 SetScrollPos
0x49053c EnumDesktopWindows
0x490540 CascadeWindows
0x490544 CharToOemBuffA
0x49054c RealGetWindowClassA
0x490550 VkKeyScanA
0x490554 SetPropA
0x490558 GetMessageExtraInfo
0x49055c IMPGetIMEA
0x490564 GetWindowWord
0x490568 IsWindow
0x490578 GrayStringW
0x49057c DdeInitializeW
0x490580 SetRect
0x490584 IsHungAppWindow
0x490588 LoadCursorFromFileA
Library GDI32.dll:
0x490590 GdiEntry9
0x490594 PolyTextOutW
0x490598 EngQueryLocalTime
0x49059c GdiAlphaBlend
0x4905a0 GdiQueryTable
0x4905a8 GdiGetSpoolMessage
0x4905b0 SetBrushOrgEx
0x4905b4 EngCopyBits
0x4905b8 CreateICA
0x4905bc EnumEnhMetaFile
0x4905c8 UnrealizeObject
0x4905cc EngGradientFill
0x4905d0 GetTextMetricsA
0x4905d4 EngAlphaBlend
0x4905e4 GdiDllInitialize
0x4905e8 CreateSolidBrush
0x4905ec CLIPOBJ_ppoGetPath
0x4905f0 SetEnhMetaFileBits
0x4905f4 SetAbortProc
0x4905f8 GetPixel
0x490600 SaveDC
0x490604 GetKerningPairsW
0x49060c EnumFontFamiliesA
0x490610 ExtSelectClipRgn
0x490614 SetDeviceGammaRamp
0x490618 MoveToEx
0x490620 SelectPalette
0x490624 CreateDCA
0x490628 GdiEntry5
0x49062c GdiGetCodePage
0x490638 ColorCorrectPalette
0x49063c GdiEntry2
0x490640 GetStockObject
0x490644 GetEnhMetaFileA
Library COMDLG32.dll:
0x49064c PageSetupDlgW
0x490650 PageSetupDlgA
0x490654 GetSaveFileNameW
0x490658 ChooseColorW
0x49065c PrintDlgW
0x490660 PrintDlgA
0x490664 ChooseFontA
0x490668 ChooseFontW
0x49066c GetOpenFileNameA
0x490670 GetSaveFileNameA
0x490674 GetOpenFileNameW
0x490678 ChooseColorA
Library ADVAPI32.dll:
0x490680 RegSetValueExA
0x490684 RegDeleteValueA
0x490688 RegEnumValueA
0x49068c RegOpenKeyExA
0x490690 RegEnumValueW
0x490694 RegCreateKeyExW
0x490698 RegCreateKeyExA
0x49069c RegEnumKeyExW
0x4906a0 RegDeleteKeyA
0x4906a4 RegDeleteKeyW
0x4906a8 RegDeleteValueW
0x4906ac RegCloseKey
0x4906b0 RegSetValueExW
0x4906b4 RegQueryValueExA
0x4906b8 RegQueryValueExW
0x4906bc RegOpenKeyExW
0x4906c0 RegOpenKeyW
Library SHELL32.dll:
0x4906c8 ShellExecuteExW
0x4906cc SHChangeNotify
0x4906d0 SHGetMalloc
0x4906d4 DragAcceptFiles
0x4906d8 ShellExecuteA
0x4906dc ShellExecuteW
0x4906e0 DragQueryFileA
0x4906e4 DragQueryFileW
0x4906e8 DragFinish
0x4906ec SHBindToParent
0x4906f8 DragQueryPoint
0x4906fc CheckEscapesW
0x490700 ExtractIconW
0x490704 DoEnvironmentSubstW
0x49070c SHGetFileInfo
0x490710 SHGetFolderPathA
0x490714 DragQueryFileAorW
Library ole32.dll:
0x490724 ReleaseStgMedium
0x490728 RevokeDragDrop
0x49072c RegisterDragDrop
0x490730 OleInitialize
0x490734 OleUninitialize
0x490738 DoDragDrop
Library IMM32.dll:
0x49074c ImmEscapeW
0x490754 ImmGetContext
0x49075c ImmReleaseContext

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 50534 114.114.114.114 53
192.168.56.101 51963 114.114.114.114 53
192.168.56.101 56539 114.114.114.114 53
192.168.56.101 65004 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 49235 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 60123 224.0.0.252 5355
192.168.56.101 62191 224.0.0.252 5355
192.168.56.101 1900 239.255.255.250 1900
192.168.56.101 50535 239.255.255.250 3702
192.168.56.101 50537 239.255.255.250 3702
192.168.56.101 56807 239.255.255.250 1900
192.168.56.101 58707 239.255.255.250 3702
192.168.56.101 62192 239.255.255.250 3702

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.