6.2
高危
59 个模型检测该样本为恶意!
重新分析
更多

58ba0b129f2c789fcd487269847e1a955dbedecfd75f9cf9a7fdb6dcaa92f135

6213f596b1b503ade075148a5f6dec78.exe

分析耗时

76s

最近分析

文件大小

640.0KB
静态报毒 动态报毒 0NA103IF20 A + TROJ AI SCORE=89 AIDETECTVM BSCOPE CONFIDENCE CRYPTERX DOWNLOADER34 ELDORADO EMOTET EMOTETRI GENCIRC GENERICKD GENERICRXLZ HIGH CONFIDENCE HVCHTX KTSE MALWARE2 MALWARE@#2R5PMUG0NRCTZ OBFUSE OU0@ACQEMMBI QVM09 R351170 S15817917 SCORE SUSGEN UNSAFE UWTRV ZEXAF 更多
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
McAfee GenericRXLZ-VL!6213F596B1B5 20201022 6.0.6.653
Alibaba Trojan:Win32/Emotet.f718fc46 20190527 0.3.0.5
Baidu 20190318 1.0.0.2
Avast Win32:CrypterX-gen [Trj] 20201022 18.4.3895.0
Tencent Malware.Win32.Gencirc.10ce0269 20201022 1.0.0.1
Kingsoft 20201022 2013.8.14.323
CrowdStrike win/malicious_confidence_60% (W) 20190702 1.0
静态指标
Queries for the computername (1 个事件)
Time & API Arguments Status Return Repeated
1620946631.401503
GetComputerNameA
computer_name: OSKAR-PC
success 1 0
Uses Windows APIs to generate a cryptographic key (3 个事件)
Time & API Arguments Status Return Repeated
1620946616.292503
CryptGenKey
crypto_handle: 0x026132c8
algorithm_identifier: 0x0000660e ()
provider_handle: 0x02610310
flags: 1
key: fÑÕ(¬Òo¨yɦ èH
success 1 0
1620946631.417503
CryptExportKey
crypto_handle: 0x026132c8
crypto_export_handle: 0x02611288
buffer: f¤¸Cÿ'âæ`çß?Å.u«ÑóÈ¿ÃsE¥tÊí$eBê ÇÒÜ÷áxÀm7h^8Ã|~ÆÿW¼š,Wsÿ¬È[1¸ˆ‰g’¬4Ž¿ ?bºj?òÛ­Ôqîäi"×Ù£
blob_type: 1
flags: 64
success 1 0
1620946666.214503
CryptExportKey
crypto_handle: 0x026132c8
crypto_export_handle: 0x02611288
buffer: f¤O~àÞY…Bʤ€áˆ9Æ'Dš/îë܄͟j¬+ÿwE Zíº¾š5–H‘ð¢×\³dhÁ?{ùԗ㷹¸1=Çcë'iÁ‡¨KD3Í­á¨ØÑøpÙ¯þGšaЙ”
blob_type: 1
flags: 64
success 1 0
The executable contains unknown PE section names indicative of a packer (could be a false positive) (1 个事件)
section Shared
The file contains an unknown PE resource name possibly indicative of a packer (1 个事件)
resource name None
行为判定
动态指标
Allocates read-write-execute memory (usually to unpack itself) (1 个事件)
Time & API Arguments Status Return Repeated
1620946615.745503
NtAllocateVirtualMemory
process_identifier: 368
region_size: 61440
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x01cc0000
success 0 0
Changes read-write memory protection to read-execute (probably to avoid detection when setting all RWX flags at the same time) (1 个事件)
Time & API Arguments Status Return Repeated
1620946615.792503
NtProtectVirtualMemory
process_identifier: 368
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 45056
protection: 32 (PAGE_EXECUTE_READ)
process_handle: 0xffffffff
base_address: 0x01ce1000
success 0 0
Checks adapter addresses which can be used to detect virtual network interfaces (1 个事件)
Time & API Arguments Status Return Repeated
1620946631.901503
GetAdaptersAddresses
flags: 0
family: 0
failed 111 0
Expresses interest in specific running processes (1 个事件)
process 6213f596b1b503ade075148a5f6dec78.exe
Reads the systems User Agent and subsequently performs requests (1 个事件)
Time & API Arguments Status Return Repeated
1620946631.573503
InternetOpenW
proxy_bypass:
access_type: 0
proxy_name:
flags: 0
user_agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
success 13369348 0
网络通信
Communicates with host for which no DNS query was performed (3 个事件)
host 120.138.30.150
host 172.217.24.14
host 82.225.49.121
Sets or modifies WPAD proxy autoconfiguration file for traffic interception (8 个事件)
Time & API Arguments Status Return Repeated
1620946634.495503
RegSetValueExA
key_handle: 0x000003b0
value: 1
regkey_r: WpadDecisionReason
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionReason
success 0 0
1620946634.495503
RegSetValueExA
key_handle: 0x000003b0
value: ð¼'èžH×
regkey_r: WpadDecisionTime
reg_type: 3 (REG_BINARY)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionTime
success 0 0
1620946634.495503
RegSetValueExA
key_handle: 0x000003b0
value: 3
regkey_r: WpadDecision
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecision
success 0 0
1620946634.495503
RegSetValueExW
key_handle: 0x000003b0
value: 网络 2
regkey_r: WpadNetworkName
reg_type: 1 (REG_SZ)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadNetworkName
success 0 0
1620946634.495503
RegSetValueExA
key_handle: 0x000003c8
value: 1
regkey_r: WpadDecisionReason
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionReason
success 0 0
1620946634.495503
RegSetValueExA
key_handle: 0x000003c8
value: ð¼'èžH×
regkey_r: WpadDecisionTime
reg_type: 3 (REG_BINARY)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionTime
success 0 0
1620946634.495503
RegSetValueExA
key_handle: 0x000003c8
value: 3
regkey_r: WpadDecision
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecision
success 0 0
1620946634.526503
RegSetValueExW
key_handle: 0x000003ac
value: {40112ABE-63B3-43C3-BE93-1440EE3AF106}
regkey_r: WpadLastNetwork
reg_type: 1 (REG_SZ)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\WpadLastNetwork
success 0 0
Connects to an IP address that is no longer responding to requests (legitimate services will remain up-and-running usually) (1 个事件)
dead_host 82.225.49.121:80
File has been identified by 59 AntiVirus engines on VirusTotal as malicious (50 out of 59 个事件)
Bkav W32.AIDetectVM.malware2
Elastic malicious (high confidence)
MicroWorld-eScan Trojan.GenericKD.34642815
FireEye Generic.mg.6213f596b1b503ad
CAT-QuickHeal Trojan.EmotetRI.S15817917
McAfee GenericRXLZ-VL!6213F596B1B5
Cylance Unsafe
Zillya Trojan.Emotet.Win32.29291
Sangfor Malware
K7AntiVirus Trojan ( 005600f21 )
Alibaba Trojan:Win32/Emotet.f718fc46
K7GW Trojan ( 005600f21 )
Arcabit Trojan.Generic.D2109B7F
Invincea ML/PE-A + Troj/Emotet-CNG
Cyren W32/Emotet.ASL.gen!Eldorado
Symantec Trojan Horse
APEX Malicious
Avast Win32:CrypterX-gen [Trj]
Kaspersky HEUR:Trojan-Banker.Win32.Emotet.pef
BitDefender Trojan.GenericKD.34642815
NANO-Antivirus Trojan.Win32.Emotet.hvchtx
Paloalto generic.ml
AegisLab Trojan.Win32.Emotet.L!c
Tencent Malware.Win32.Gencirc.10ce0269
Ad-Aware Trojan.GenericKD.34642815
Emsisoft Trojan.Emotet (A)
Comodo Malware@#2r5pmug0nrctz
F-Secure Trojan.TR/AD.Emotet.uwtrv
DrWeb Trojan.DownLoader34.40331
VIPRE Trojan.Win32.Generic!BT
TrendMicro TROJ_FRS.0NA103IF20
McAfee-GW-Edition BehavesLike.Win32.Generic.jh
Sophos Troj/Emotet-CNG
Jiangmin Trojan.Banker.Emotet.oka
MaxSecure Trojan.Malware.11417434.susgen
Avira TR/AD.Emotet.uwtrv
MAX malware (ai score=89)
Antiy-AVL Trojan[Banker]/Win32.Emotet
Microsoft Trojan:Win32/Emotet.ARJ!MTB
ViRobot Trojan.Win32.Emotet.659456
ZoneAlarm HEUR:Trojan-Banker.Win32.Emotet.pef
GData Trojan.GenericKD.34642815
Cynet Malicious (score: 85)
AhnLab-V3 Trojan/Win32.Emotet.R351170
BitDefenderTheta Gen:NN.ZexaF.34570.Ou0@aCqeMmbi
ALYac Trojan.Agent.Emotet
TACHYON Trojan/W32.Agent.655360.UO
VBA32 BScope.Trojan.Downloader
Malwarebytes Trojan.MalPack.TRE
ESET-NOD32 Win32/Emotet.CD
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

2020-09-14 19:44:53

Imports

Library MPR.dll:
0x44d38c WNetAddConnection2A
Library KERNEL32.dll:
0x44d120 WaitNamedPipeA
0x44d124 CreateFileA
0x44d128 FreeConsole
0x44d130 MulDiv
0x44d134 GlobalUnlock
0x44d138 GlobalLock
0x44d13c GlobalAlloc
0x44d140 GlobalFree
0x44d144 FreeResource
0x44d148 GetVersionExA
0x44d14c lstrcmpW
0x44d150 FreeLibrary
0x44d154 GlobalDeleteAtom
0x44d158 GlobalFindAtomA
0x44d15c GlobalAddAtomA
0x44d160 GlobalGetAtomNameA
0x44d164 GetCurrentThreadId
0x44d168 GetModuleFileNameW
0x44d170 GetModuleFileNameA
0x44d174 SetThreadPriority
0x44d178 WaitForSingleObject
0x44d17c SetEvent
0x44d184 CreateEventA
0x44d188 lstrcmpA
0x44d18c GetLocaleInfoA
0x44d198 GetCurrentThread
0x44d1a8 GetFileAttributesA
0x44d1ac SetFileTime
0x44d1b0 GetFileTime
0x44d1b4 GetTempFileNameA
0x44d1b8 GetFullPathNameA
0x44d1bc GetDiskFreeSpaceA
0x44d1c0 LocalAlloc
0x44d1c4 TlsGetValue
0x44d1c8 GlobalReAlloc
0x44d1cc GlobalHandle
0x44d1d0 TlsAlloc
0x44d1d4 TlsSetValue
0x44d1d8 LocalReAlloc
0x44d1e0 TlsFree
0x44d1e4 GlobalFlags
0x44d1e8 GetCPInfo
0x44d1ec GetOEMCP
0x44d1f0 GetThreadLocale
0x44d200 MoveFileA
0x44d204 DeleteFileA
0x44d208 SetFilePointer
0x44d20c FlushFileBuffers
0x44d210 LockFile
0x44d214 UnlockFile
0x44d218 SetEndOfFile
0x44d21c GetFileSize
0x44d220 DuplicateHandle
0x44d224 GetCurrentProcess
0x44d228 FindClose
0x44d22c FindFirstFileA
0x44d234 GetShortPathNameA
0x44d240 SetErrorMode
0x44d244 HeapAlloc
0x44d248 HeapFree
0x44d24c RtlUnwind
0x44d250 HeapReAlloc
0x44d254 VirtualAlloc
0x44d258 ExitThread
0x44d25c CreateThread
0x44d260 RaiseException
0x44d264 GetCommandLineA
0x44d268 GetProcessHeap
0x44d26c GetStartupInfoA
0x44d270 ExitProcess
0x44d274 HeapSize
0x44d278 VirtualFree
0x44d27c HeapDestroy
0x44d280 HeapCreate
0x44d284 GetStdHandle
0x44d288 TerminateProcess
0x44d294 IsDebuggerPresent
0x44d298 GetACP
0x44d2ac SetHandleCount
0x44d2b0 GetFileType
0x44d2b8 GetTickCount
0x44d2c4 GetConsoleCP
0x44d2c8 GetConsoleMode
0x44d2cc LCMapStringA
0x44d2d0 LCMapStringW
0x44d2d4 GetStringTypeA
0x44d2d8 GetStringTypeW
0x44d2dc GetUserDefaultLCID
0x44d2e0 EnumSystemLocalesA
0x44d2e4 IsValidLocale
0x44d2e8 IsValidCodePage
0x44d2ec GetLocaleInfoW
0x44d2f0 SetStdHandle
0x44d2f4 WriteConsoleA
0x44d2f8 GetConsoleOutputCP
0x44d2fc WriteConsoleW
0x44d304 Sleep
0x44d308 ReadFile
0x44d30c SetLastError
0x44d310 GetProcAddress
0x44d314 GetModuleHandleA
0x44d318 LoadLibraryA
0x44d31c WriteFile
0x44d320 FormatMessageA
0x44d324 LocalFree
0x44d330 FindResourceA
0x44d334 LoadResource
0x44d338 LockResource
0x44d33c SizeofResource
0x44d340 ResumeThread
0x44d344 GetStringTypeExA
0x44d348 lstrlenA
0x44d34c lstrcmpiA
0x44d350 CompareStringW
0x44d354 CompareStringA
0x44d358 GetCurrentProcessId
0x44d360 Module32First
0x44d364 Module32Next
0x44d368 CloseHandle
0x44d36c GetVersion
0x44d370 GetLastError
0x44d374 WideCharToMultiByte
0x44d378 MultiByteToWideChar
0x44d37c InterlockedExchange
0x44d380 SuspendThread
Library USER32.dll:
0x44d3e0 SetDlgItemTextA
0x44d3e4 IsDialogMessageA
0x44d3e8 SetWindowTextA
0x44d3f0 ValidateRect
0x44d3f4 TranslateMessage
0x44d3f8 GetMessageA
0x44d3fc InflateRect
0x44d400 GetMenuItemInfoA
0x44d404 DestroyMenu
0x44d408 InvalidateRect
0x44d410 SetMenu
0x44d414 BringWindowToTop
0x44d418 SetRectEmpty
0x44d41c CreatePopupMenu
0x44d420 InsertMenuItemA
0x44d424 LoadAcceleratorsA
0x44d428 ReleaseCapture
0x44d42c SetCursor
0x44d430 ReuseDDElParam
0x44d434 UnpackDDElParam
0x44d438 SetRect
0x44d43c KillTimer
0x44d440 WindowFromPoint
0x44d444 IsZoomed
0x44d448 RedrawWindow
0x44d44c SetCapture
0x44d450 SetCursorPos
0x44d454 DestroyCursor
0x44d458 IsRectEmpty
0x44d45c UnionRect
0x44d460 PostQuitMessage
0x44d464 ShowOwnedPopups
0x44d468 FillRect
0x44d46c TabbedTextOutA
0x44d470 DrawTextA
0x44d474 DrawTextExA
0x44d478 GrayStringA
0x44d47c GetWindowDC
0x44d480 BeginPaint
0x44d484 EndPaint
0x44d488 GetSysColorBrush
0x44d48c UnregisterClassA
0x44d490 SetParent
0x44d494 GetDCEx
0x44d498 LockWindowUpdate
0x44d49c FindWindowA
0x44d4a0 DestroyIcon
0x44d4a4 SetWindowsHookExA
0x44d4a8 CallNextHookEx
0x44d4ac GetClassLongA
0x44d4b0 GetClassNameA
0x44d4b4 SetPropA
0x44d4b8 GetPropA
0x44d4bc RemovePropA
0x44d4c0 GetFocus
0x44d4c4 SetFocus
0x44d4cc GetWindowTextA
0x44d4d0 GetForegroundWindow
0x44d4d4 GetLastActivePopup
0x44d4d8 DispatchMessageA
0x44d4dc BeginDeferWindowPos
0x44d4e0 EndDeferWindowPos
0x44d4e4 GetTopWindow
0x44d4e8 UnhookWindowsHookEx
0x44d4ec GetMessageTime
0x44d4f0 GetMessagePos
0x44d4f4 PeekMessageA
0x44d4f8 MapWindowPoints
0x44d4fc TrackPopupMenu
0x44d500 GetKeyState
0x44d504 SetScrollPos
0x44d508 GetScrollPos
0x44d50c IsWindowVisible
0x44d510 GetMenu
0x44d514 PostMessageA
0x44d518 MessageBoxA
0x44d51c CreateWindowExA
0x44d520 GetClassInfoExA
0x44d524 GetClassInfoA
0x44d528 RegisterClassA
0x44d52c GetSysColor
0x44d530 AdjustWindowRectEx
0x44d534 ScreenToClient
0x44d538 EqualRect
0x44d53c DeferWindowPos
0x44d540 GetDlgCtrlID
0x44d544 DefWindowProcA
0x44d548 CallWindowProcA
0x44d54c SetWindowLongA
0x44d550 SetWindowPos
0x44d554 OffsetRect
0x44d558 IntersectRect
0x44d560 IsIconic
0x44d564 GetWindowPlacement
0x44d568 GetWindowRect
0x44d56c GetWindow
0x44d570 GetActiveWindow
0x44d574 SetActiveWindow
0x44d578 GetSystemMetrics
0x44d580 DestroyWindow
0x44d584 GetWindowLongA
0x44d588 GetDlgItem
0x44d58c IsWindowEnabled
0x44d590 GetParent
0x44d594 GetNextDlgTabItem
0x44d598 EndDialog
0x44d59c ReleaseDC
0x44d5a0 GetDC
0x44d5a4 CopyRect
0x44d5a8 IsWindow
0x44d5ac GetMenuState
0x44d5b0 GetMenuStringA
0x44d5b4 GetMenuItemID
0x44d5b8 InsertMenuA
0x44d5bc GetMenuItemCount
0x44d5c0 EnableWindow
0x44d5c4 CharUpperA
0x44d5c8 SendMessageA
0x44d5cc LoadStringA
0x44d5d0 PtInRect
0x44d5d4 GetSubMenu
0x44d5d8 LoadMenuA
0x44d5dc ClientToScreen
0x44d5e0 LoadIconA
0x44d5e4 GetClientRect
0x44d5e8 DeleteMenu
0x44d5ec GetSystemMenu
0x44d5f0 SetTimer
0x44d5f4 UpdateWindow
0x44d5f8 GetDesktopWindow
0x44d5fc ShowWindow
0x44d600 LoadBitmapA
0x44d604 LoadCursorA
0x44d608 SetForegroundWindow
0x44d60c GetCursorPos
0x44d610 SetMenuItemBitmaps
0x44d618 ModifyMenuA
0x44d61c EnableMenuItem
0x44d620 CheckMenuItem
0x44d628 SendDlgItemMessageA
0x44d62c WinHelpA
0x44d630 IsChild
0x44d634 GetCapture
Library GDI32.dll:
0x44d064 CreatePatternBrush
0x44d068 GetStockObject
0x44d06c CreateSolidBrush
0x44d070 SetRectRgn
0x44d074 CreateRectRgn
0x44d078 SelectClipRgn
0x44d07c CombineRgn
0x44d084 PatBlt
0x44d088 GetClipBox
0x44d08c SetTextColor
0x44d090 SetBkColor
0x44d094 CreateBitmap
0x44d098 CreateFontIndirectA
0x44d0a0 DeleteObject
0x44d0a4 GetCharWidthA
0x44d0a8 SelectObject
0x44d0ac CreateFontA
0x44d0b0 DeleteDC
0x44d0b4 StretchDIBits
0x44d0b8 GetBkColor
0x44d0bc GetTextMetricsA
0x44d0c0 SaveDC
0x44d0c4 RestoreDC
0x44d0c8 SetBkMode
0x44d0cc GetObjectA
0x44d0d0 CreateCompatibleDC
0x44d0d4 BitBlt
0x44d0d8 ScaleWindowExtEx
0x44d0dc SetWindowExtEx
0x44d0e0 ScaleViewportExtEx
0x44d0e4 SetViewportExtEx
0x44d0e8 OffsetViewportOrgEx
0x44d0ec SetViewportOrgEx
0x44d0f0 ExtTextOutA
0x44d0f4 SetMapMode
0x44d0f8 ExcludeClipRect
0x44d0fc IntersectClipRect
0x44d100 Escape
0x44d104 TextOutA
0x44d108 RectVisible
0x44d10c PtVisible
0x44d110 GetPixel
0x44d118 GetDeviceCaps
Library ADVAPI32.dll:
0x44d000 RegCloseKey
0x44d004 RegOpenKeyA
0x44d008 RegQueryValueExA
0x44d00c RegOpenKeyExA
0x44d010 RegDeleteKeyA
0x44d014 RegEnumKeyA
0x44d018 RegQueryValueA
0x44d01c RegCreateKeyExA
0x44d020 RegSetValueExA
0x44d024 RegDeleteValueA
0x44d028 SetFileSecurityA
0x44d02c GetFileSecurityA
0x44d030 RegCreateKeyA
0x44d034 OpenSCManagerA
0x44d038 OpenServiceA
0x44d03c CreateServiceA
0x44d040 CloseServiceHandle
0x44d044 StartServiceA
0x44d054 RegSetValueA
Library SHELL32.dll:
0x44d3b4 SHGetFileInfoA
0x44d3b8 DragFinish
0x44d3bc DragQueryFileA
0x44d3c0 ExtractIconA
0x44d3c4 Shell_NotifyIconA
Library COMCTL32.dll:
0x44d05c ImageList_Destroy
Library SHLWAPI.dll:
0x44d3cc PathFindFileNameA
0x44d3d0 PathStripToRootA
0x44d3d4 PathFindExtensionA
0x44d3d8 PathIsUNCA
Library WS2_32.dll:
0x44d64c WSACleanup
0x44d650 WSAStartup
Library OLEACC.dll:
0x44d398 LresultFromObject
Library WINSPOOL.DRV:
0x44d63c OpenPrinterA
0x44d640 DocumentPropertiesA
0x44d644 ClosePrinter
Library comdlg32.dll:
0x44d658 GetFileTitleA
Library OLEAUT32.dll:
0x44d3a0 VariantInit
0x44d3a4 SysAllocStringLen
0x44d3a8 VariantChangeType
0x44d3ac VariantClear

Exports

Ordinal Address Name
1 0x406b50 KCCDWafdUUJKIIOFFCVDDS

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 50534 114.114.114.114 53
192.168.56.101 51808 114.114.114.114 53
192.168.56.101 56539 114.114.114.114 53
192.168.56.101 58367 114.114.114.114 53
192.168.56.101 63429 114.114.114.114 53
192.168.56.101 65004 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 123 20.189.79.72 time.windows.com 123
192.168.56.101 49235 224.0.0.252 5355
192.168.56.101 51378 224.0.0.252 5355
192.168.56.101 51963 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 62191 224.0.0.252 5355
192.168.56.101 1900 239.255.255.250 1900
192.168.56.101 51809 239.255.255.250 3702
192.168.56.101 56807 239.255.255.250 1900
192.168.56.101 58707 239.255.255.250 3702
192.168.56.101 63430 239.255.255.250 3702

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.