12.6
0-day
59 个模型检测该样本为恶意!
重新分析
更多

1f23396b9ccda2109174ef02b225bdc4e7c10e035185112a1dc6d48f505fbd57

5c8768212d04ab1fec83fcd849fa7aa5.exe

分析耗时

86s

最近分析

文件大小

716.5KB
静态报毒 动态报毒 100% AGENTTESLA AI SCORE=85 BUHUPS CLASSIC CONFIDENCE DELF DELPHI DELPHILESS EMZL ENAI FAREIT GENERICKDZ GENETIC GUIAT HIGH CONFIDENCE HRMDCV IGENT KCLOUD KRYPTIK LOKIBOT MALREP MALWARE@#2M1ZMQ48ABOZR ORWQ PUTTY SCORE SGW@A8ALSUBI SUSGEN SYIH THIBBBO TSCOPE UNSAFE X2094 ZELPHIF 更多
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
McAfee Fareit-FPQ!5C8768212D04 20210127 6.0.6.653
Alibaba Trojan:Win32/Kryptik.e0074d0c 20190527 0.3.0.5
Baidu 20190318 1.0.0.2
Avast Win32:Trojan-gen 20210127 21.1.5827.0
Tencent Win32.Trojan.Kryptik.Syih 20210127 1.0.0.1
Kingsoft Win32.Troj.Undef.(kcloud) 20210127 2017.9.26.565
CrowdStrike win/malicious_confidence_100% (W) 20210106 1.0
静态指标
Queries for the computername (3 个事件)
Time & API Arguments Status Return Repeated
1620767468.706249
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
1620767492.034249
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
1620767509.269249
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
Collects information to fingerprint the system (MachineGuid, DigitalProductId, SystemBiosDate) (1 个事件)
registry HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\MachineGuid
Tries to locate where the browsers are installed (1 个事件)
registry HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox
Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available (1 个事件)
Time & API Arguments Status Return Repeated
1620767461.081249
GlobalMemoryStatusEx
success 1 0
The executable contains unknown PE section names indicative of a packer (could be a false positive) (3 个事件)
section CODE
section DATA
section BSS
The executable uses a known packer (1 个事件)
packer BobSoft Mini Delphi -> BoB / BobSoft
行为判定
动态指标
One or more potentially interesting buffers were extracted, these generally contain injected code, configuration data, etc.
Allocates read-write-execute memory (usually to unpack itself) (3 个事件)
Time & API Arguments Status Return Repeated
1620767459.236499
NtAllocateVirtualMemory
process_identifier: 708
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x01cc0000
success 0 0
1620767459.486499
NtProtectVirtualMemory
process_identifier: 708
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 77824
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00472000
success 0 0
1620767459.486499
NtAllocateVirtualMemory
process_identifier: 708
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x01ef0000
success 0 0
Steals private information from local Internet browsers (19 个事件)
file C:\Users\Administrator.Oskar-PC\AppData\Local\Google\Chrome\User Data\Default\Login Data
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\Opera\Opera Next\data\User Data\Default\Login Data
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\Opera\Opera Next\data\User Data\Default\Web Data
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\Opera\Opera Next\data\Login Data
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\Opera\Opera Next\data\Default\Login Data
file C:\Users\Administrator.Oskar-PC\AppData\Local\Chromium\User Data\Default\Login Data
file C:\Users\Administrator.Oskar-PC\AppData\Local\Chromium\User Data\Default\Web Data
file C:\Users\Administrator.Oskar-PC\AppData\Local\MapleStudio\ChromePlus\User Data\Default\Web Data
file C:\Users\Administrator.Oskar-PC\AppData\LocalMapleStudio\ChromePlus\Login Data
file C:\Users\Administrator.Oskar-PC\AppData\LocalMapleStudio\ChromePlus\Default\Login Data
file C:\Users\Administrator.Oskar-PC\AppData\Local\MapleStudio\ChromePlus\User Data\Default\Login Data
file C:\Users\Administrator.Oskar-PC\AppData\Local\Nichrome\User Data\Default\Web Data
file C:\Users\Administrator.Oskar-PC\AppData\Local\Nichrome\User Data\Default\Login Data
file C:\Users\Administrator.Oskar-PC\AppData\Local\RockMelt\User Data\Default\Web Data
file C:\Users\Administrator.Oskar-PC\AppData\Local\RockMelt\User Data\Default\Login Data
file C:\Users\Administrator.Oskar-PC\AppData\Local\Yandex\YandexBrowser\User Data\Default\Login Data
file C:\Users\Administrator.Oskar-PC\AppData\Local\Yandex\YandexBrowser\User Data\Default\Web Data
registry HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\SeaMonkey
registry HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox
Searches running processes potentially to identify processes for sandbox evasion, code injection or memory dumping (4 个事件)
Moves the original executable to a new location (1 个事件)
Time & API Arguments Status Return Repeated
1620767509.237249
MoveFileWithProgressW
oldfilepath: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\5c8768212d04ab1fec83fcd849fa7aa5.exe
newfilepath: C:\Users\Administrator.Oskar-PC\AppData\Roaming\6ED2B0\0019EA.exe
newfilepath_r: C:\Users\Administrator.Oskar-PC\AppData\Roaming\6ED2B0\0019EA.exe
flags: 1
oldfilepath_r: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\5c8768212d04ab1fec83fcd849fa7aa5.exe
success 1 0
The binary likely contains encrypted or compressed data indicative of a packer (1 个事件)
entropy 7.49034992008754 section {'size_of_data': '0x00022e00', 'virtual_address': '0x00096000', 'entropy': 7.49034992008754, 'name': '.rsrc', 'virtual_size': '0x00022d3c'} description A section with a high entropy has been found
Checks for the Locally Unique Identifier on the system for a suspicious privilege (1 个事件)
Time & API Arguments Status Return Repeated
1620767491.925249
LookupPrivilegeValueW
system_name:
privilege_name: SeDebugPrivilege
success 1 0
网络通信
Communicates with host for which no DNS query was performed (1 个事件)
host 172.217.24.14
Harvests credentials from local FTP client softwares (22 个事件)
file C:\Program Files (x86)\FTPGetter\Profile\servers.xml
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\FTPGetter\servers.xml
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\Estsoft\ALFTP\ESTdb2.dat
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\wcx_ftp.ini
file C:\Windows\wcx_ftp.ini
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\GHISLER\wcx_ftp.ini
file C:\Users\Administrator.Oskar-PC\wcx_ftp.ini
file C:\Windows\32BitFtp.ini
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\FileZilla\sitemanager.xml
file C:\Program Files (x86)\FileZilla\Filezilla.xml
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\FileZilla\filezilla.xml
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\FileZilla\recentservers.xml
registry HKEY_CURRENT_USER\Software\Far\Plugins\FTP\Hosts
registry HKEY_CURRENT_USER\Software\Far2\Plugins\FTP\Hosts
registry HKEY_CURRENT_USER\Software\Ghisler\Total Commander
registry HKEY_CURRENT_USER\Software\VanDyke\SecureFX
registry HKEY_CURRENT_USER\Software\LinasFTP\Site Manager
registry HKEY_CURRENT_USER\Software\FlashPeak\BlazeFtp\Settings
registry HKEY_CURRENT_USER\Software\SimonTatham\PuTTY\Sessions
registry HKEY_LOCAL_MACHINE\Software\SimonTatham\PuTTY\Sessions
registry HKEY_CURRENT_USER\Software\Martin Prikryl
registry HKEY_LOCAL_MACHINE\Software\Martin Prikryl
Harvests information related to installed instant messenger clients (1 个事件)
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\.purple\accounts.xml
Harvests credentials from local email clients (3 个事件)
registry HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook
registry HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Thunderbird
registry HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook
Used NtSetContextThread to modify a thread in a remote process indicative of process injection (2 个事件)
Process injection Process 708 called NtSetContextThread to modify thread in remote process 1912
Time & API Arguments Status Return Repeated
1620767459.549499
NtSetContextThread
thread_handle: 0x000000f8
registers.eip: 0
registers.esp: 0
registers.edi: 0
registers.eax: 4274654
registers.ebp: 0
registers.edx: 0
registers.ebx: 2130567168
registers.esi: 0
registers.ecx: 0
process_identifier: 1912
success 0 0
Putty Files, Registry Keys and/or Mutexes Detected
Resumed a suspended thread in a remote process potentially indicative of process injection (2 个事件)
Process injection Process 708 resumed a thread in remote process 1912
Time & API Arguments Status Return Repeated
1620767459.658499
NtResumeThread
thread_handle: 0x000000f8
suspend_count: 1
process_identifier: 1912
success 0 0
Generates some ICMP traffic
Executed a process and injected code into it, probably while unpacking (7 个事件)
Time & API Arguments Status Return Repeated
1620767459.533499
CreateProcessInternalW
thread_identifier: 1176
thread_handle: 0x000000f8
process_identifier: 1912
current_directory:
filepath:
track: 1
command_line: "C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\5c8768212d04ab1fec83fcd849fa7aa5.exe"
filepath_r:
stack_pivoted: 0
creation_flags: 4 (CREATE_SUSPENDED)
process_handle: 0x000000fc
inherit_handles: 0
success 1 0
1620767459.533499
NtUnmapViewOfSection
process_identifier: 1912
region_size: 4096
process_handle: 0x000000fc
base_address: 0x00400000
success 0 0
1620767459.533499
NtMapViewOfSection
section_handle: 0x00000104
process_identifier: 1912
commit_size: 663552
win32_protect: 64 (PAGE_EXECUTE_READWRITE)
buffer:
process_handle: 0x000000fc
allocation_type: 0 ()
section_offset: 0
view_size: 663552
base_address: 0x00400000
success 0 0
1620767459.549499
NtGetContextThread
thread_handle: 0x000000f8
success 0 0
1620767459.549499
NtSetContextThread
thread_handle: 0x000000f8
registers.eip: 0
registers.esp: 0
registers.edi: 0
registers.eax: 4274654
registers.ebp: 0
registers.edx: 0
registers.ebx: 2130567168
registers.esi: 0
registers.ecx: 0
process_identifier: 1912
success 0 0
1620767459.658499
NtResumeThread
thread_handle: 0x000000f8
suspend_count: 1
process_identifier: 1912
success 0 0
1620767466.128249
NtResumeThread
thread_handle: 0x00000110
suspend_count: 1
process_identifier: 1912
success 0 0
File has been identified by 59 AntiVirus engines on VirusTotal as malicious (50 out of 59 个事件)
Elastic malicious (high confidence)
MicroWorld-eScan Trojan.GenericKDZ.69509
FireEye Generic.mg.5c8768212d04ab1f
McAfee Fareit-FPQ!5C8768212D04
Cylance Unsafe
VIPRE Trojan.Win32.Generic!BT
Sangfor Malware
K7AntiVirus Trojan ( 0056c99c1 )
Alibaba Trojan:Win32/Kryptik.e0074d0c
K7GW Trojan ( 0056c99c1 )
Cybereason malicious.12d04a
Arcabit Trojan.Generic.D10F85
Cyren W32/Injector.ORWQ-3620
Symantec Infostealer.Lokibot!43
APEX Malicious
Avast Win32:Trojan-gen
ClamAV Win.Keylogger.AgentTesla-9372622-1
Kaspersky HEUR:Trojan.Win32.Kryptik.gen
BitDefender Trojan.GenericKDZ.69509
NANO-Antivirus Trojan.Win32.Kryptik.hrmdcv
Paloalto generic.ml
Tencent Win32.Trojan.Kryptik.Syih
Ad-Aware Trojan.GenericKDZ.69509
Sophos Mal/Generic-S
Comodo Malware@#2m1zmq48abozr
F-Secure Dropper.DR/Delphi.guiat
DrWeb Trojan.PWS.Stealer.29093
TrendMicro Trojan.Win32.MALREP.THIBBBO
McAfee-GW-Edition BehavesLike.Win32.Fareit.bh
Emsisoft Trojan.GenericKDZ.69509 (B)
Ikarus Trojan.Inject
Jiangmin Trojan.Kryptik.cbz
MaxSecure Trojan.Malware.300983.susgen
Avira DR/Delphi.guiat
Antiy-AVL Trojan/Win32.Kryptik
Kingsoft Win32.Troj.Undef.(kcloud)
Gridinsoft Trojan.Win32.Kryptik.oa
Microsoft Trojan:Win32/Fareit.VD!MTB
AegisLab Trojan.Win32.Kryptik.4!c
ZoneAlarm HEUR:Trojan.Win32.Kryptik.gen
GData Trojan.GenericKDZ.69509
Cynet Malicious (score: 100)
AhnLab-V3 Suspicious/Win.Delphiless.X2094
Acronis suspicious
BitDefenderTheta Gen:NN.ZelphiF.34780.SGW@a8alsubi
ALYac Trojan.GenericKDZ.69509
MAX malware (ai score=85)
VBA32 TScope.Trojan.Delf
Malwarebytes Trojan.MalPack
ESET-NOD32 a variant of Win32/Injector.ENAI
Connects to IP addresses that are no longer responding to requests (legitimate services will remain up-and-running usually) (2 个事件)
dead_host 172.217.24.14:443
dead_host 172.217.160.78:443
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

1992-06-20 06:22:17

Imports

Library kernel32.dll:
0x488164 VirtualFree
0x488168 VirtualAlloc
0x48816c LocalFree
0x488170 LocalAlloc
0x488174 GetVersion
0x488178 GetCurrentThreadId
0x488184 VirtualQuery
0x488188 WideCharToMultiByte
0x488190 MultiByteToWideChar
0x488194 lstrlenA
0x488198 lstrcpynA
0x48819c LoadLibraryExA
0x4881a0 GetThreadLocale
0x4881a4 GetStartupInfoA
0x4881a8 GetProcAddress
0x4881ac GetModuleHandleA
0x4881b0 GetModuleFileNameA
0x4881b4 GetLocaleInfoA
0x4881b8 GetLastError
0x4881c0 GetCommandLineA
0x4881c4 FreeLibrary
0x4881c8 FindFirstFileA
0x4881cc FindClose
0x4881d0 ExitProcess
0x4881d4 WriteFile
0x4881dc RtlUnwind
0x4881e0 RaiseException
0x4881e4 GetStdHandle
Library user32.dll:
0x4881ec GetKeyboardType
0x4881f0 LoadStringA
0x4881f4 MessageBoxA
0x4881f8 CharNextA
Library advapi32.dll:
0x488200 RegQueryValueExA
0x488204 RegOpenKeyExA
0x488208 RegCloseKey
Library oleaut32.dll:
0x488210 SysFreeString
0x488214 SysReAllocStringLen
0x488218 SysAllocStringLen
Library kernel32.dll:
0x488220 TlsSetValue
0x488224 TlsGetValue
0x488228 LocalAlloc
0x48822c GetModuleHandleA
Library advapi32.dll:
0x488234 RegQueryValueExA
0x488238 RegOpenKeyExA
0x48823c RegCloseKey
Library kernel32.dll:
0x488244 lstrcpyA
0x488248 WriteFile
0x48824c WaitForSingleObject
0x488250 VirtualQuery
0x488254 VirtualProtect
0x488258 VirtualAlloc
0x48825c Sleep
0x488260 SizeofResource
0x488264 SetThreadLocale
0x488268 SetFilePointer
0x48826c SetEvent
0x488270 SetErrorMode
0x488274 SetEndOfFile
0x488278 ResetEvent
0x48827c ReadFile
0x488280 MultiByteToWideChar
0x488284 MulDiv
0x488288 LockResource
0x48828c LoadResource
0x488290 LoadLibraryA
0x48829c GlobalUnlock
0x4882a0 GlobalReAlloc
0x4882a4 GlobalHandle
0x4882a8 GlobalLock
0x4882ac GlobalFree
0x4882b0 GlobalFindAtomA
0x4882b4 GlobalDeleteAtom
0x4882b8 GlobalAlloc
0x4882bc GlobalAddAtomA
0x4882c0 GetVersionExA
0x4882c4 GetVersion
0x4882c8 GetTickCount
0x4882cc GetThreadLocale
0x4882d4 GetSystemInfo
0x4882d8 GetStringTypeExA
0x4882dc GetStdHandle
0x4882e0 GetProcAddress
0x4882e4 GetModuleHandleA
0x4882e8 GetModuleFileNameA
0x4882ec GetLocaleInfoA
0x4882f0 GetLocalTime
0x4882f4 GetLastError
0x4882f8 GetFullPathNameA
0x4882fc GetFileAttributesA
0x488300 GetDiskFreeSpaceA
0x488304 GetDateFormatA
0x488308 GetCurrentThreadId
0x48830c GetCurrentProcessId
0x488310 GetCPInfo
0x488314 GetACP
0x488318 FreeResource
0x488320 InterlockedExchange
0x488328 FreeLibrary
0x48832c FormatMessageA
0x488330 FindResourceA
0x488334 FindNextFileA
0x488338 FindFirstFileA
0x48833c FindClose
0x48834c EnumCalendarInfoA
0x488358 CreateThread
0x48835c CreateFileA
0x488360 CreateEventA
0x488364 CompareStringA
0x488368 CloseHandle
Library version.dll:
0x488370 VerQueryValueA
0x488378 GetFileVersionInfoA
Library gdi32.dll:
0x488380 UnrealizeObject
0x488384 StretchBlt
0x488388 SetWindowOrgEx
0x48838c SetViewportOrgEx
0x488390 SetTextColor
0x488394 SetStretchBltMode
0x488398 SetROP2
0x48839c SetPixel
0x4883a0 SetDIBColorTable
0x4883a4 SetBrushOrgEx
0x4883a8 SetBkMode
0x4883ac SetBkColor
0x4883b0 SelectPalette
0x4883b4 SelectObject
0x4883b8 SaveDC
0x4883bc RestoreDC
0x4883c0 RectVisible
0x4883c4 RealizePalette
0x4883c8 PatBlt
0x4883cc MoveToEx
0x4883d0 MaskBlt
0x4883d4 LineTo
0x4883d8 IntersectClipRect
0x4883dc GetWindowOrgEx
0x4883e0 GetTextMetricsA
0x4883ec GetStockObject
0x4883f0 GetPixel
0x4883f4 GetPaletteEntries
0x4883f8 GetObjectA
0x4883fc GetDeviceCaps
0x488400 GetDIBits
0x488404 GetDIBColorTable
0x488408 GetDCOrgEx
0x488410 GetClipBox
0x488414 GetBrushOrgEx
0x488418 GetBitmapBits
0x48841c ExtTextOutA
0x488420 ExcludeClipRect
0x488424 DeleteObject
0x488428 DeleteDC
0x48842c CreateSolidBrush
0x488430 CreatePenIndirect
0x488434 CreatePalette
0x48843c CreateFontIndirectA
0x488440 CreateDIBitmap
0x488444 CreateDIBSection
0x488448 CreateCompatibleDC
0x488450 CreateBrushIndirect
0x488454 CreateBitmap
0x488458 BitBlt
Library user32.dll:
0x488460 CreateWindowExA
0x488464 WindowFromPoint
0x488468 WinHelpA
0x48846c WaitMessage
0x488470 UpdateWindow
0x488474 UnregisterClassA
0x488478 UnhookWindowsHookEx
0x48847c TranslateMessage
0x488484 TrackPopupMenu
0x48848c ShowWindow
0x488490 ShowScrollBar
0x488494 ShowOwnedPopups
0x488498 ShowCursor
0x48849c SetWindowsHookExA
0x4884a0 SetWindowTextA
0x4884a4 SetWindowPos
0x4884a8 SetWindowPlacement
0x4884ac SetWindowLongA
0x4884b0 SetTimer
0x4884b4 SetScrollRange
0x4884b8 SetScrollPos
0x4884bc SetScrollInfo
0x4884c0 SetRect
0x4884c4 SetPropA
0x4884c8 SetParent
0x4884cc SetMenuItemInfoA
0x4884d0 SetMenu
0x4884d4 SetForegroundWindow
0x4884d8 SetFocus
0x4884dc SetCursor
0x4884e0 SetClassLongA
0x4884e4 SetCapture
0x4884e8 SetActiveWindow
0x4884ec SendMessageA
0x4884f0 ScrollWindow
0x4884f4 ScreenToClient
0x4884f8 RemovePropA
0x4884fc RemoveMenu
0x488500 ReleaseDC
0x488504 ReleaseCapture
0x488510 RegisterClassA
0x488514 RedrawWindow
0x488518 PtInRect
0x48851c PostQuitMessage
0x488520 PostMessageA
0x488524 PeekMessageA
0x488528 OffsetRect
0x48852c OemToCharA
0x488530 MessageBoxA
0x488534 MapWindowPoints
0x488538 MapVirtualKeyA
0x48853c LoadStringA
0x488540 LoadKeyboardLayoutA
0x488544 LoadIconA
0x488548 LoadCursorA
0x48854c LoadBitmapA
0x488550 KillTimer
0x488554 IsZoomed
0x488558 IsWindowVisible
0x48855c IsWindowEnabled
0x488560 IsWindow
0x488564 IsRectEmpty
0x488568 IsIconic
0x48856c IsDialogMessageA
0x488570 IsChild
0x488574 InvalidateRect
0x488578 IntersectRect
0x48857c InsertMenuItemA
0x488580 InsertMenuA
0x488584 InflateRect
0x48858c GetWindowTextA
0x488590 GetWindowRect
0x488594 GetWindowPlacement
0x488598 GetWindowLongA
0x48859c GetWindowDC
0x4885a0 GetTopWindow
0x4885a4 GetSystemMetrics
0x4885a8 GetSystemMenu
0x4885ac GetSysColorBrush
0x4885b0 GetSysColor
0x4885b4 GetSubMenu
0x4885b8 GetScrollRange
0x4885bc GetScrollPos
0x4885c0 GetScrollInfo
0x4885c4 GetPropA
0x4885c8 GetParent
0x4885cc GetWindow
0x4885d0 GetMenuStringA
0x4885d4 GetMenuState
0x4885d8 GetMenuItemInfoA
0x4885dc GetMenuItemID
0x4885e0 GetMenuItemCount
0x4885e4 GetMenu
0x4885e8 GetLastActivePopup
0x4885ec GetKeyboardState
0x4885f4 GetKeyboardLayout
0x4885f8 GetKeyState
0x4885fc GetKeyNameTextA
0x488600 GetInputState
0x488604 GetIconInfo
0x488608 GetForegroundWindow
0x48860c GetFocus
0x488610 GetDlgItem
0x488614 GetDesktopWindow
0x488618 GetDCEx
0x48861c GetDC
0x488620 GetCursorPos
0x488624 GetCursor
0x488628 GetClientRect
0x48862c GetClassNameA
0x488630 GetClassInfoA
0x488634 GetCapture
0x488638 GetActiveWindow
0x48863c FrameRect
0x488640 FindWindowA
0x488644 FillRect
0x488648 EqualRect
0x48864c EnumWindows
0x488650 EnumThreadWindows
0x488654 EndPaint
0x488658 EnableWindow
0x48865c EnableScrollBar
0x488660 EnableMenuItem
0x488664 DrawTextA
0x488668 DrawMenuBar
0x48866c DrawIconEx
0x488670 DrawIcon
0x488674 DrawFrameControl
0x488678 DrawFocusRect
0x48867c DrawEdge
0x488680 DispatchMessageA
0x488684 DestroyWindow
0x488688 DestroyMenu
0x48868c DestroyIcon
0x488690 DestroyCursor
0x488694 DeleteMenu
0x488698 DefWindowProcA
0x48869c DefMDIChildProcA
0x4886a0 DefFrameProcA
0x4886a4 CreatePopupMenu
0x4886a8 CreateMenu
0x4886ac CreateIcon
0x4886b0 ClientToScreen
0x4886b4 CheckMenuItem
0x4886b8 CallWindowProcA
0x4886bc CallNextHookEx
0x4886c0 BeginPaint
0x4886c4 CharNextA
0x4886c8 CharLowerBuffA
0x4886cc CharLowerA
0x4886d0 CharToOemA
0x4886d4 AdjustWindowRectEx
Library kernel32.dll:
0x4886e0 Sleep
Library oleaut32.dll:
0x4886e8 SafeArrayPtrOfIndex
0x4886ec SafeArrayGetUBound
0x4886f0 SafeArrayGetLBound
0x4886f4 SafeArrayCreate
0x4886f8 VariantChangeType
0x4886fc VariantCopy
0x488700 VariantClear
0x488704 VariantInit
Library ole32.dll:
0x48870c CoCreateInstance
0x488710 CoUninitialize
0x488714 CoInitialize
Library oleaut32.dll:
0x48871c CreateErrorInfo
0x488720 GetErrorInfo
0x488724 SetErrorInfo
0x488728 SysFreeString
Library comctl32.dll:
0x488738 ImageList_Write
0x48873c ImageList_Read
0x48874c ImageList_DragMove
0x488750 ImageList_DragLeave
0x488754 ImageList_DragEnter
0x488758 ImageList_EndDrag
0x48875c ImageList_BeginDrag
0x488760 ImageList_Remove
0x488764 ImageList_DrawEx
0x488768 ImageList_Replace
0x48876c ImageList_Draw
0x48877c ImageList_Add
0x488784 ImageList_Destroy
0x488788 ImageList_Create
Library comdlg32.dll:
0x488790 GetOpenFileNameA

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 49235 114.114.114.114 53
192.168.56.101 50568 114.114.114.114 53
192.168.56.101 51963 114.114.114.114 53
192.168.56.101 53210 114.114.114.114 53
192.168.56.101 53380 114.114.114.114 53
192.168.56.101 53657 114.114.114.114 53
192.168.56.101 55368 114.114.114.114 53
192.168.56.101 57236 114.114.114.114 53
192.168.56.101 60088 114.114.114.114 53
192.168.56.101 60215 114.114.114.114 53
192.168.56.101 60221 114.114.114.114 53
192.168.56.101 61680 114.114.114.114 53
192.168.56.101 62912 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 123 20.189.79.72 time.windows.com 123
192.168.56.101 50002 224.0.0.252 5355
192.168.56.101 50534 224.0.0.252 5355
192.168.56.101 51808 224.0.0.252 5355
192.168.56.101 56539 224.0.0.252 5355

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.