5.8
高危
58 个模型检测该样本为恶意!
重新分析
更多

cdb5f843ba4e1e52b20171eb495540f3a0873f0235b8be5e69255212899ffa95

5b0ff6369062436102fba3fe4dcbc376.exe

分析耗时

20s

最近分析

文件大小

756.0KB
静态报毒 动态报毒 100% AI SCORE=85 AIDETECTVM AUTO AVSARHER BTVF44 CEEINJECT CLASSIC CMCE CONFIDENCE CSYOV DELPHILESS ELXR EMJV FAREIT GENERICKD GENETIC HIGH CONFIDENCE HLFMTD KRYPTIK LOKI LOKIBOT MALICIOUS PE MALWARE1 MALWARE@#1902QZH7YRR2R SCORE SIGGEN2 SMTHG STATIC AI TRJGEN UNSAFE VGW@AQ2XN9NI X2066 ZELPHIF 更多
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
McAfee Fareit-FTB!5B0FF6369062 20201211 6.0.6.653
Baidu 20190318 1.0.0.2
Avast Win32:Malware-gen 20201210 21.1.5827.0
Alibaba VirTool:Win32/CeeInject.0512afb2 20190527 0.3.0.5
Kingsoft 20201211 2017.9.26.565
Tencent Win32.Trojan.Inject.Auto 20201211 1.0.0.1
CrowdStrike win/malicious_confidence_100% (W) 20190702 1.0
静态指标
The executable contains unknown PE section names indicative of a packer (could be a false positive) (3 个事件)
section CODE
section DATA
section BSS
The executable uses a known packer (1 个事件)
packer BobSoft Mini Delphi -> BoB / BobSoft
One or more processes crashed (1 个事件)
Time & API Arguments Status Return Repeated
1619527928.437875
__exception__
stacktrace: 
RtlFlsAlloc+0x421 EtwNotificationRegister-0x6ae ntdll+0x3ee84 @ 0x77d6ee84
RtlRunOnceComplete+0x3a4 LdrLoadDll-0xb1 ntdll+0x3c389 @ 0x77d6c389
LdrLoadDll+0x7b _strcmpi-0x304 ntdll+0x3c4b5 @ 0x77d6c4b5
New_ntdll_LdrLoadDll@16+0x7b New_ntdll_LdrUnloadDll@4-0xb7 @ 0x752ad4cf
LoadLibraryExW+0x178 LoadLibraryExA-0x2a kernelbase+0x11d2a @ 0x778f1d2a
5b0ff6369062436102fba3fe4dcbc376+0x563f8 @ 0x4563f8
_CorValidateImage+0x83f _CorExeMain-0x2cc mscoree+0x4b0f @ 0x75174b0f
_CorExeMain+0xf62 CreateConfigStream-0x209a mscoree+0x5d3d @ 0x75175d3d
0x57005c

registers.esp: 1633872
registers.edi: 0
registers.eax: 0
registers.ebp: 1633912
registers.edx: 582600
registers.ebx: 0
registers.esi: 1634116
registers.ecx: 176
exception.symbol:
exception.exception_code: 0xc0000005
exception.address: 0xfddf14ad
success 0 0
行为判定
动态指标
One or more potentially interesting buffers were extracted, these generally contain injected code, configuration data, etc.
Allocates read-write-execute memory (usually to unpack itself) (28 个事件)
Time & API Arguments Status Return Repeated
1619513303.680148
NtAllocateVirtualMemory
process_identifier: 2288
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00360000
success 0 0
1619513303.821148
NtAllocateVirtualMemory
process_identifier: 2288
region_size: 36864
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x01ed0000
success 0 0
1619513303.837148
NtAllocateVirtualMemory
process_identifier: 2288
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x01ef0000
success 0 0
1619527928.046875
NtProtectVirtualMemory
process_identifier: 880
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00400000
success 0 0
1619527928.077875
NtAllocateVirtualMemory
process_identifier: 880
region_size: 1507328
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 8192 (MEM_RESERVE)
base_address: 0x01fb0000
success 0 0
1619527928.077875
NtAllocateVirtualMemory
process_identifier: 880
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x020e0000
success 0 0
1619527928.093875
NtAllocateVirtualMemory
process_identifier: 880
region_size: 319488
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00820000
success 0 0
1619527928.093875
NtProtectVirtualMemory
process_identifier: 880
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 290816
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00822000
success 0 0
1619527928.437875
NtProtectVirtualMemory
process_identifier: 880
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00892000
success 0 0
1619527928.437875
NtProtectVirtualMemory
process_identifier: 880
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76351000
success 0 0
1619527928.437875
NtProtectVirtualMemory
process_identifier: 880
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00892000
success 0 0
1619527928.437875
NtProtectVirtualMemory
process_identifier: 880
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76353000
success 0 0
1619527928.437875
NtProtectVirtualMemory
process_identifier: 880
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00892000
success 0 0
1619527928.437875
NtProtectVirtualMemory
process_identifier: 880
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76354000
success 0 0
1619527928.437875
NtProtectVirtualMemory
process_identifier: 880
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00892000
success 0 0
1619527928.437875
NtProtectVirtualMemory
process_identifier: 880
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76351000
success 0 0
1619527928.437875
NtProtectVirtualMemory
process_identifier: 880
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00892000
success 0 0
1619527928.437875
NtProtectVirtualMemory
process_identifier: 880
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x77d4f000
success 0 0
1619527928.437875
NtProtectVirtualMemory
process_identifier: 880
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00892000
success 0 0
1619527928.437875
NtProtectVirtualMemory
process_identifier: 880
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76353000
success 0 0
1619527928.437875
NtProtectVirtualMemory
process_identifier: 880
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00892000
success 0 0
1619527928.437875
NtProtectVirtualMemory
process_identifier: 880
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76351000
success 0 0
1619527928.437875
NtProtectVirtualMemory
process_identifier: 880
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00892000
success 0 0
1619527928.437875
NtProtectVirtualMemory
process_identifier: 880
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76351000
success 0 0
1619527928.437875
NtProtectVirtualMemory
process_identifier: 880
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00892000
success 0 0
1619527928.437875
NtProtectVirtualMemory
process_identifier: 880
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76354000
success 0 0
1619527928.437875
NtProtectVirtualMemory
process_identifier: 880
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00892000
success 0 0
1619527928.437875
NtProtectVirtualMemory
process_identifier: 880
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76351000
success 0 0
The binary likely contains encrypted or compressed data indicative of a packer (2 个事件)
entropy 7.152466633166956 section {'size_of_data': '0x00040a00', 'virtual_address': '0x00083000', 'entropy': 7.152466633166956, 'name': '.rsrc', 'virtual_size': '0x00040948'} description A section with a high entropy has been found
entropy 0.3423841059602649 description Overall entropy of this PE file is high
网络通信
Communicates with host for which no DNS query was performed (1 个事件)
host 172.217.24.14
Used NtSetContextThread to modify a thread in a remote process indicative of process injection (2 个事件)
Process injection Process 2288 called NtSetContextThread to modify thread in remote process 880
Time & API Arguments Status Return Repeated
1619513304.071148
NtSetContextThread
thread_handle: 0x000000fc
registers.eip: 0
registers.esp: 0
registers.edi: 0
registers.eax: 4874832
registers.ebp: 0
registers.edx: 0
registers.ebx: 2130567168
registers.esi: 0
registers.ecx: 0
process_identifier: 880
success 0 0
Resumed a suspended thread in a remote process potentially indicative of process injection (2 个事件)
Process injection Process 2288 resumed a thread in remote process 880
Time & API Arguments Status Return Repeated
1619513304.805148
NtResumeThread
thread_handle: 0x000000fc
suspend_count: 1
process_identifier: 880
success 0 0
Executed a process and injected code into it, probably while unpacking (6 个事件)
Time & API Arguments Status Return Repeated
1619513304.008148
CreateProcessInternalW
thread_identifier: 2456
thread_handle: 0x000000fc
process_identifier: 880
current_directory:
filepath:
track: 1
command_line: "C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\5b0ff6369062436102fba3fe4dcbc376.exe"
filepath_r:
stack_pivoted: 0
creation_flags: 4 (CREATE_SUSPENDED)
process_handle: 0x00000100
inherit_handles: 0
success 1 0
1619513304.008148
NtUnmapViewOfSection
process_identifier: 880
region_size: 4096
process_handle: 0x00000100
base_address: 0x00400000
success 0 0
1619513304.024148
NtMapViewOfSection
section_handle: 0x00000108
process_identifier: 880
commit_size: 688128
win32_protect: 64 (PAGE_EXECUTE_READWRITE)
buffer:
process_handle: 0x00000100
allocation_type: 0 ()
section_offset: 0
view_size: 688128
base_address: 0x00400000
success 0 0
1619513304.071148
NtGetContextThread
thread_handle: 0x000000fc
success 0 0
1619513304.071148
NtSetContextThread
thread_handle: 0x000000fc
registers.eip: 0
registers.esp: 0
registers.edi: 0
registers.eax: 4874832
registers.ebp: 0
registers.edx: 0
registers.ebx: 2130567168
registers.esi: 0
registers.ecx: 0
process_identifier: 880
success 0 0
1619513304.805148
NtResumeThread
thread_handle: 0x000000fc
suspend_count: 1
process_identifier: 880
success 0 0
File has been identified by 58 AntiVirus engines on VirusTotal as malicious (50 out of 58 个事件)
Bkav W32.AIDetectVM.malware1
Elastic malicious (high confidence)
MicroWorld-eScan Trojan.GenericKD.43341031
FireEye Generic.mg.5b0ff63690624361
McAfee Fareit-FTB!5B0FF6369062
Cylance Unsafe
VIPRE Trojan.Win32.Generic!BT
AegisLab Trojan.Multi.Generic.4!c
Sangfor Malware
K7AntiVirus Trojan ( 005680341 )
BitDefender Trojan.GenericKD.43341031
K7GW Trojan ( 005680341 )
Cybereason malicious.9b5111
BitDefenderTheta Gen:NN.ZelphiF.34670.VGW@aq2XN9ni
Cyren W32/Trojan.CMCE-7540
Symantec Trojan.Gen.2
APEX Malicious
Avast Win32:Malware-gen
Alibaba VirTool:Win32/CeeInject.0512afb2
NANO-Antivirus Trojan.Win32.TrjGen.hlfmtd
ViRobot Trojan.Win32.Agent.656896.D
Rising Trojan.Injector!1.CB27 (CLASSIC)
Ad-Aware Trojan.GenericKD.43341031
Emsisoft Trojan.GenericKD.43341031 (B)
Comodo Malware@#1902qzh7yrr2r
F-Secure Trojan.TR/Kryptik.csyov
DrWeb Trojan.PWS.Siggen2.50617
Zillya Trojan.Injector.Win32.743673
TrendMicro TrojanSpy.Win32.LOKI.SMTHG
McAfee-GW-Edition BehavesLike.Win32.Fareit.bh
Sophos Mal/Generic-S
SentinelOne Static AI - Malicious PE
Jiangmin Trojan.Kryptik.bgw
Avira TR/Kryptik.csyov
Antiy-AVL Trojan/Win32.Crypt
Microsoft PWS:Win32/Fareit.SM!MTB
Gridinsoft Trojan.Win32.Kryptik.oa
Arcabit Trojan.Generic.D29554E7
ZoneAlarm HEUR:Trojan.Win32.Crypt.gen
GData Trojan.GenericKD.43341031
Cynet Malicious (score: 100)
AhnLab-V3 Suspicious/Win.Delphiless.X2066
Acronis suspicious
ALYac Trojan.GenericKD.43341031
MAX malware (ai score=85)
Malwarebytes Spyware.Agent
Panda Trj/Genetic.gen
Zoner Trojan.Win32.92038
ESET-NOD32 a variant of Win32/Injector.EMJV
TrendMicro-HouseCall TrojanSpy.Win32.LOKI.SMTHG
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

1992-06-20 06:22:17

Imports

Library kernel32.dll:
0x476164 VirtualFree
0x476168 VirtualAlloc
0x47616c LocalFree
0x476170 LocalAlloc
0x476174 GetVersion
0x476178 GetCurrentThreadId
0x476184 VirtualQuery
0x476188 WideCharToMultiByte
0x47618c MultiByteToWideChar
0x476190 lstrlenA
0x476194 lstrcpynA
0x476198 LoadLibraryExA
0x47619c GetThreadLocale
0x4761a0 GetStartupInfoA
0x4761a4 GetProcAddress
0x4761a8 GetModuleHandleA
0x4761ac GetModuleFileNameA
0x4761b0 GetLocaleInfoA
0x4761b4 GetCommandLineA
0x4761b8 FreeLibrary
0x4761bc FindFirstFileA
0x4761c0 FindClose
0x4761c4 ExitProcess
0x4761c8 WriteFile
0x4761d0 RtlUnwind
0x4761d4 RaiseException
0x4761d8 GetStdHandle
Library user32.dll:
0x4761e0 GetKeyboardType
0x4761e4 LoadStringA
0x4761e8 MessageBoxA
0x4761ec CharNextA
Library advapi32.dll:
0x4761f4 RegQueryValueExA
0x4761f8 RegOpenKeyExA
0x4761fc RegCloseKey
Library oleaut32.dll:
0x476204 SysFreeString
0x476208 SysReAllocStringLen
0x47620c SysAllocStringLen
Library kernel32.dll:
0x476214 TlsSetValue
0x476218 TlsGetValue
0x47621c LocalAlloc
0x476220 GetModuleHandleA
Library advapi32.dll:
0x476228 RegQueryValueExA
0x47622c RegOpenKeyExA
0x476230 RegCloseKey
Library kernel32.dll:
0x476238 lstrcpyA
0x47623c WriteFile
0x476244 WaitForSingleObject
0x476248 VirtualQuery
0x47624c VirtualAlloc
0x476250 Sleep
0x476254 SizeofResource
0x476258 SetThreadLocale
0x47625c SetFilePointer
0x476260 SetEvent
0x476264 SetErrorMode
0x476268 SetEndOfFile
0x47626c ResetEvent
0x476270 ReadFile
0x476274 MultiByteToWideChar
0x476278 MulDiv
0x47627c LockResource
0x476280 LoadResource
0x476284 LoadLibraryA
0x476290 GlobalUnlock
0x476294 GlobalReAlloc
0x476298 GlobalHandle
0x47629c GlobalLock
0x4762a0 GlobalFree
0x4762a4 GlobalFindAtomA
0x4762a8 GlobalDeleteAtom
0x4762ac GlobalAlloc
0x4762b0 GlobalAddAtomA
0x4762b4 GetVersionExA
0x4762b8 GetVersion
0x4762bc GetTickCount
0x4762c0 GetThreadLocale
0x4762c8 GetSystemTime
0x4762cc GetSystemInfo
0x4762d0 GetStringTypeExA
0x4762d4 GetStdHandle
0x4762d8 GetProcAddress
0x4762dc GetModuleHandleA
0x4762e0 GetModuleFileNameA
0x4762e4 GetLocaleInfoA
0x4762e8 GetLocalTime
0x4762ec GetLastError
0x4762f0 GetFullPathNameA
0x4762f4 GetFileAttributesA
0x4762f8 GetDiskFreeSpaceA
0x4762fc GetDateFormatA
0x476300 GetCurrentThreadId
0x476304 GetCurrentProcessId
0x476308 GetCPInfo
0x47630c GetACP
0x476310 FreeResource
0x476314 InterlockedExchange
0x476318 FreeLibrary
0x47631c FormatMessageA
0x476320 FindResourceA
0x476324 FindFirstFileA
0x476328 FindClose
0x476334 ExitThread
0x476338 EnumCalendarInfoA
0x476344 CreateThread
0x476348 CreateFileA
0x47634c CreateEventA
0x476350 CompareStringA
0x476354 CloseHandle
Library version.dll:
0x47635c VerQueryValueA
0x476364 GetFileVersionInfoA
Library gdi32.dll:
0x47636c UnrealizeObject
0x476370 StretchBlt
0x476374 SetWindowOrgEx
0x476378 SetWinMetaFileBits
0x47637c SetViewportOrgEx
0x476380 SetTextColor
0x476384 SetStretchBltMode
0x476388 SetROP2
0x47638c SetPixel
0x476390 SetEnhMetaFileBits
0x476394 SetDIBColorTable
0x476398 SetBrushOrgEx
0x47639c SetBkMode
0x4763a0 SetBkColor
0x4763a4 SelectPalette
0x4763a8 SelectObject
0x4763ac SelectClipPath
0x4763b0 SaveDC
0x4763b4 RestoreDC
0x4763b8 Rectangle
0x4763bc RectVisible
0x4763c0 RealizePalette
0x4763c4 Polyline
0x4763c8 PlayEnhMetaFile
0x4763cc PatBlt
0x4763d0 MoveToEx
0x4763d4 MaskBlt
0x4763d8 LineTo
0x4763dc IntersectClipRect
0x4763e0 GetWindowOrgEx
0x4763e4 GetWinMetaFileBits
0x4763e8 GetTextMetricsA
0x4763f4 GetStockObject
0x4763f8 GetPixel
0x4763fc GetPaletteEntries
0x476400 GetObjectA
0x47640c GetEnhMetaFileBits
0x476410 GetDeviceCaps
0x476414 GetDIBits
0x476418 GetDIBColorTable
0x47641c GetDCOrgEx
0x476424 GetClipBox
0x476428 GetBrushOrgEx
0x47642c GetBitmapBits
0x476430 ExcludeClipRect
0x476434 DeleteObject
0x476438 DeleteEnhMetaFile
0x47643c DeleteDC
0x476440 CreateSolidBrush
0x476444 CreatePenIndirect
0x476448 CreatePalette
0x476450 CreateFontIndirectA
0x476454 CreateDIBitmap
0x476458 CreateDIBSection
0x47645c CreateCompatibleDC
0x476464 CreateBrushIndirect
0x476468 CreateBitmap
0x47646c CopyEnhMetaFileA
0x476470 BitBlt
Library user32.dll:
0x476478 CreateWindowExA
0x47647c WindowFromPoint
0x476480 WinHelpA
0x476484 WaitMessage
0x476488 UpdateWindow
0x47648c UnregisterClassA
0x476490 UnhookWindowsHookEx
0x476494 TranslateMessage
0x47649c TrackPopupMenu
0x4764a4 ShowWindow
0x4764a8 ShowScrollBar
0x4764ac ShowOwnedPopups
0x4764b0 ShowCursor
0x4764b4 SetWindowsHookExA
0x4764b8 SetWindowPos
0x4764bc SetWindowPlacement
0x4764c0 SetWindowLongA
0x4764c4 SetTimer
0x4764c8 SetScrollRange
0x4764cc SetScrollPos
0x4764d0 SetScrollInfo
0x4764d4 SetRect
0x4764d8 SetPropA
0x4764dc SetParent
0x4764e0 SetMenuItemInfoA
0x4764e4 SetMenu
0x4764e8 SetForegroundWindow
0x4764ec SetFocus
0x4764f0 SetCursor
0x4764f4 SetClassLongA
0x4764f8 SetCapture
0x4764fc SetActiveWindow
0x476500 SendMessageA
0x476504 ScrollWindow
0x476508 ScreenToClient
0x47650c RemovePropA
0x476510 RemoveMenu
0x476514 ReleaseDC
0x476518 ReleaseCapture
0x476524 RegisterClassA
0x476528 RedrawWindow
0x47652c PtInRect
0x476530 PostQuitMessage
0x476534 PostMessageA
0x476538 PeekMessageA
0x47653c OffsetRect
0x476540 OemToCharA
0x476544 MessageBoxA
0x476548 MapWindowPoints
0x47654c MapVirtualKeyA
0x476550 LoadStringA
0x476554 LoadKeyboardLayoutA
0x476558 LoadIconA
0x47655c LoadCursorA
0x476560 LoadBitmapA
0x476564 KillTimer
0x476568 IsZoomed
0x47656c IsWindowVisible
0x476570 IsWindowEnabled
0x476574 IsWindow
0x476578 IsRectEmpty
0x47657c IsIconic
0x476580 IsDialogMessageA
0x476584 IsChild
0x476588 InvalidateRect
0x47658c IntersectRect
0x476590 InsertMenuItemA
0x476594 InsertMenuA
0x476598 InflateRect
0x4765a0 GetWindowTextA
0x4765a4 GetWindowRect
0x4765a8 GetWindowPlacement
0x4765ac GetWindowLongA
0x4765b0 GetWindowDC
0x4765b4 GetTopWindow
0x4765b8 GetSystemMetrics
0x4765bc GetSystemMenu
0x4765c0 GetSysColorBrush
0x4765c4 GetSysColor
0x4765c8 GetSubMenu
0x4765cc GetScrollRange
0x4765d0 GetScrollPos
0x4765d4 GetScrollInfo
0x4765d8 GetPropA
0x4765dc GetParent
0x4765e0 GetWindow
0x4765e4 GetMenuStringA
0x4765e8 GetMenuState
0x4765ec GetMenuItemInfoA
0x4765f0 GetMenuItemID
0x4765f4 GetMenuItemCount
0x4765f8 GetMenu
0x4765fc GetLastActivePopup
0x476600 GetKeyboardState
0x476608 GetKeyboardLayout
0x47660c GetKeyState
0x476610 GetKeyNameTextA
0x476614 GetIconInfo
0x476618 GetForegroundWindow
0x47661c GetFocus
0x476620 GetDlgItem
0x476624 GetDesktopWindow
0x476628 GetDCEx
0x47662c GetDC
0x476630 GetCursorPos
0x476634 GetCursor
0x476638 GetClipboardData
0x47663c GetClientRect
0x476640 GetClassNameA
0x476644 GetClassInfoA
0x476648 GetCapture
0x47664c GetActiveWindow
0x476650 FrameRect
0x476654 FindWindowA
0x476658 FillRect
0x47665c EqualRect
0x476660 EnumWindows
0x476664 EnumThreadWindows
0x476668 EndPaint
0x47666c EnableWindow
0x476670 EnableScrollBar
0x476674 EnableMenuItem
0x476678 DrawTextA
0x47667c DrawMenuBar
0x476680 DrawIconEx
0x476684 DrawIcon
0x476688 DrawFrameControl
0x47668c DrawEdge
0x476690 DispatchMessageA
0x476694 DestroyWindow
0x476698 DestroyMenu
0x47669c DestroyIcon
0x4766a0 DestroyCursor
0x4766a4 DeleteMenu
0x4766a8 DefWindowProcA
0x4766ac DefMDIChildProcA
0x4766b0 DefFrameProcA
0x4766b4 CreatePopupMenu
0x4766b8 CreateMenu
0x4766bc CreateIcon
0x4766c0 ClientToScreen
0x4766c4 CheckMenuItem
0x4766c8 CallWindowProcA
0x4766cc CallNextHookEx
0x4766d0 BeginPaint
0x4766d4 CharNextA
0x4766d8 CharLowerBuffA
0x4766dc CharLowerA
0x4766e0 CharUpperBuffA
0x4766e4 CharToOemA
0x4766e8 AdjustWindowRectEx
Library kernel32.dll:
0x4766f4 Sleep
Library oleaut32.dll:
0x4766fc SafeArrayPtrOfIndex
0x476700 SafeArrayPutElement
0x476704 SafeArrayGetElement
0x47670c SafeArrayAccessData
0x476710 SafeArrayGetUBound
0x476714 SafeArrayGetLBound
0x476718 SafeArrayCreate
0x47671c VariantChangeType
0x476720 VariantCopyInd
0x476724 VariantCopy
0x476728 VariantClear
0x47672c VariantInit
Library ole32.dll:
0x476734 CoUninitialize
0x476738 CoInitialize
0x47673c IsEqualGUID
Library oleaut32.dll:
0x476744 CreateErrorInfo
0x476748 GetErrorInfo
0x47674c SetErrorInfo
0x476750 SysFreeString
Library comctl32.dll:
0x476760 ImageList_Write
0x476764 ImageList_Read
0x476774 ImageList_DragMove
0x476778 ImageList_DragLeave
0x47677c ImageList_DragEnter
0x476780 ImageList_EndDrag
0x476784 ImageList_BeginDrag
0x476788 ImageList_Remove
0x47678c ImageList_DrawEx
0x476790 ImageList_Replace
0x476794 ImageList_Draw
0x4767a4 ImageList_Add
0x4767ac ImageList_Destroy
0x4767b0 ImageList_Create
Library comdlg32.dll:
0x4767b8 GetSaveFileNameA
0x4767bc GetOpenFileNameA

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 49235 114.114.114.114 53
192.168.56.101 50534 114.114.114.114 53
192.168.56.101 56539 114.114.114.114 53
192.168.56.101 65004 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 55368 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 60123 224.0.0.252 5355
192.168.56.101 62191 224.0.0.252 5355
192.168.56.101 1900 239.255.255.250 1900
192.168.56.101 50535 239.255.255.250 3702
192.168.56.101 56540 239.255.255.250 3702
192.168.56.101 56807 239.255.255.250 1900
192.168.56.101 58707 239.255.255.250 3702

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.