6.8
高危
56 个模型检测该样本为恶意!
重新分析
更多

29c336e8054fb1190132ddd96591c10de47a6f5d36b71cd740931e9ee1aaa4e0

622aa5bc37786d1eac3338cc6ec4b7d3.exe

分析耗时

80s

最近分析

文件大小

980.0KB
静态报毒 动态报毒 100% 9Y0@ACP1UMOO AI SCORE=88 BANKERX CLASSIC CONFIDENCE ELDORADO EMOTET EUQX FCTGP GENCIRC GENETIC GENKRYPTIK HFLL HIGH CONFIDENCE HTEWMP KRYPTIK LOLOPAK MALWARE@#UDFODFE6QIMZ R + TROJ SCORE SJ2B+ERSEDK SUSGEN UNSAFE ZEXAE 更多
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
Alibaba Trojan:Win32/Emotet.7b313354 20190527 0.3.0.5
Avast Win32:BankerX-gen [Trj] 20210205 21.1.5827.0
Tencent Malware.Win32.Gencirc.10cde6f3 20210205 1.0.0.1
Baidu 20190318 1.0.0.2
McAfee Emotet-FQS!622AA5BC3778 20210205 6.0.6.653
CrowdStrike win/malicious_confidence_100% (W) 20190702 1.0
静态指标
Queries for the computername (1 个事件)
Time & API Arguments Status Return Repeated
1620971123.20025
GetComputerNameA
computer_name: OSKAR-PC
success 1 0
Uses Windows APIs to generate a cryptographic key (4 个事件)
Time & API Arguments Status Return Repeated
1620971114.26225
CryptGenKey
crypto_handle: 0x006c3b78
algorithm_identifier: 0x0000660e ()
provider_handle: 0x0062b860
flags: 1
key: f­"´ª9œþ ¾Ë1=ç:_
success 1 0
1620971123.23125
CryptExportKey
crypto_handle: 0x006c3b78
crypto_export_handle: 0x0062c0a0
buffer: f¤±BŠ¿†Ç±Û©E'â¼&n ÿ×¼¢4¢<úmÿ(9ÀO ¤Œì)ژô¿ÝDø%n½ÂÆÅ!2ɉFiAzÕü×áƒ*U+·çîvdÇ͛‘KÍ£‡*l~‡H„í=a
blob_type: 1
flags: 64
success 1 0
1620971159.52825
CryptExportKey
crypto_handle: 0x006c3b78
crypto_export_handle: 0x0062c0a0
buffer: f¤_éԖå¹%š-ñˉhKpìÒhjêÞ8úy)…$É:†pBf²“Yw¹9)»}Ók/“‡Â|ØâÄÚ¥&X îºožÙ¬Îð®0ñù`óv/°p<ÏývÓߧ+
blob_type: 1
flags: 64
success 1 0
1620971164.79325
CryptExportKey
crypto_handle: 0x006c3b78
crypto_export_handle: 0x0062c0a0
buffer: f¤]¡9><%$»Š0c¦«ƒ‹zßՆ'Âo7ûÊŒãGŒXH|bˆ;5‰mã>ÜÌý”Øo[ ½{ý1Ð0uˆ“Y ©–7͞꘶½ôî}@e6±÷<µžE&µ®C
blob_type: 1
flags: 64
success 1 0
The executable contains unknown PE section names indicative of a packer (could be a false positive) (1 个事件)
section .didat
The file contains an unknown PE resource name possibly indicative of a packer (1 个事件)
resource name None
行为判定
动态指标
Allocates read-write-execute memory (usually to unpack itself) (1 个事件)
Time & API Arguments Status Return Repeated
1620971113.52825
NtProtectVirtualMemory
process_identifier: 2984
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 36864
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00615000
success 0 0
Searches running processes potentially to identify processes for sandbox evasion, code injection or memory dumping (1 个事件)
Checks adapter addresses which can be used to detect virtual network interfaces (1 个事件)
Time & API Arguments Status Return Repeated
1620971123.79325
GetAdaptersAddresses
flags: 0
family: 0
failed 111 0
Expresses interest in specific running processes (1 个事件)
process 622aa5bc37786d1eac3338cc6ec4b7d3.exe
Reads the systems User Agent and subsequently performs requests (1 个事件)
Time & API Arguments Status Return Repeated
1620971123.37225
InternetOpenW
proxy_bypass:
access_type: 0
proxy_name:
flags: 0
user_agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
success 13369348 0
网络通信
Communicates with host for which no DNS query was performed (4 个事件)
host 116.125.120.88
host 172.217.24.14
host 217.160.182.191
host 82.76.111.249
Sets or modifies WPAD proxy autoconfiguration file for traffic interception (8 个事件)
Time & API Arguments Status Return Repeated
1620971126.35625
RegSetValueExA
key_handle: 0x000003a4
value: 1
regkey_r: WpadDecisionReason
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionReason
success 0 0
1620971126.35625
RegSetValueExA
key_handle: 0x000003a4
value: @˜2›eH×
regkey_r: WpadDecisionTime
reg_type: 3 (REG_BINARY)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionTime
success 0 0
1620971126.35625
RegSetValueExA
key_handle: 0x000003a4
value: 3
regkey_r: WpadDecision
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecision
success 0 0
1620971126.35625
RegSetValueExW
key_handle: 0x000003a4
value: 网络 2
regkey_r: WpadNetworkName
reg_type: 1 (REG_SZ)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadNetworkName
success 0 0
1620971126.35625
RegSetValueExA
key_handle: 0x000003bc
value: 1
regkey_r: WpadDecisionReason
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionReason
success 0 0
1620971126.35625
RegSetValueExA
key_handle: 0x000003bc
value: @˜2›eH×
regkey_r: WpadDecisionTime
reg_type: 3 (REG_BINARY)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionTime
success 0 0
1620971126.35625
RegSetValueExA
key_handle: 0x000003bc
value: 3
regkey_r: WpadDecision
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecision
success 0 0
1620971126.38725
RegSetValueExW
key_handle: 0x000003a0
value: {40112ABE-63B3-43C3-BE93-1440EE3AF106}
regkey_r: WpadLastNetwork
reg_type: 1 (REG_SZ)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\WpadLastNetwork
success 0 0
File has been identified by 56 AntiVirus engines on VirusTotal as malicious (50 out of 56 个事件)
Elastic malicious (high confidence)
DrWeb Trojan.Emotet.999
MicroWorld-eScan Trojan.Agent.EUQX
FireEye Generic.mg.622aa5bc37786d1e
ALYac Trojan.Agent.EUQX
Cylance Unsafe
Sangfor Trojan.Win32.Emotet.ARJ
K7AntiVirus Trojan ( 0056dede1 )
Alibaba Trojan:Win32/Emotet.7b313354
K7GW Trojan ( 0056dede1 )
Cybereason malicious.c37786
Arcabit Trojan.Agent.EUQX
BitDefenderTheta Gen:NN.ZexaE.34804.9y0@aCP1umoO
Cyren W32/Emotet.APC.gen!Eldorado
Symantec Trojan.Emotet
ESET-NOD32 a variant of Win32/Kryptik.HFLL
APEX Malicious
Avast Win32:BankerX-gen [Trj]
ClamAV Win.Malware.Emotet-9758496-0
Kaspersky UDS:DangerousObject.Multi.Generic
BitDefender Trojan.Agent.EUQX
NANO-Antivirus Trojan.Win32.Emotet.htewmp
Paloalto generic.ml
ViRobot Trojan.Win32.Emotet.1003520
Tencent Malware.Win32.Gencirc.10cde6f3
Ad-Aware Trojan.Agent.EUQX
Sophos Mal/Generic-R + Troj/Emotet-CKS
Comodo Malware@#udfodfe6qimz
F-Secure Trojan.TR/Kryptik.fctgp
VIPRE Trojan.Win32.Generic!BT
McAfee-GW-Edition BehavesLike.Win32.Emotet.dm
Emsisoft Trojan.Emotet (A)
Ikarus Trojan-Banker.Emotet
Jiangmin Backdoor.Emotet.pz
Webroot W32.Trojan.Emotet
Avira TR/Kryptik.fctgp
MAX malware (ai score=88)
Antiy-AVL Trojan[Backdoor]/Win32.Emotet
Gridinsoft Trojan.Win32.Emotet.oa
Microsoft Trojan:Win32/Emotet.ARJ!MTB
ZoneAlarm UDS:DangerousObject.Multi.Generic
GData Trojan.Agent.EUQX
Cynet Malicious (score: 100)
AhnLab-V3 Malware/Win32.Generic.C4177922
McAfee Emotet-FQS!622AA5BC3778
TACHYON Trojan/W32.Emotet.1003520
VBA32 Trojan.Lolopak
Malwarebytes Trojan.MalPack.TRE
Rising Trojan.Kryptik!1.CA40 (CLASSIC)
Yandex Trojan.GenKryptik!SJ2b+ERsEdk
Connects to IP addresses that are no longer responding to requests (legitimate services will remain up-and-running usually) (3 个事件)
dead_host 82.76.111.249:443
dead_host 116.125.120.88:443
dead_host 192.168.56.101:49179
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

2020-08-08 02:04:51

Imports

Library KERNEL32.dll:
0x4d2f58 GetShortPathNameA
0x4d2f5c CreateFileA
0x4d2f64 SetFileAttributesA
0x4d2f68 SetErrorMode
0x4d2f6c GetTickCount
0x4d2f70 RtlUnwind
0x4d2f74 RaiseException
0x4d2f78 TerminateProcess
0x4d2f84 IsDebuggerPresent
0x4d2f88 HeapAlloc
0x4d2f8c HeapFree
0x4d2f90 HeapReAlloc
0x4d2f94 VirtualProtect
0x4d2f98 VirtualAlloc
0x4d2f9c GetSystemInfo
0x4d2fa0 VirtualQuery
0x4d2fa4 GetCommandLineA
0x4d2fa8 GetProcessHeap
0x4d2fac GetStartupInfoA
0x4d2fb0 ExitThread
0x4d2fb4 CreateThread
0x4d2fb8 HeapSize
0x4d2fbc GetACP
0x4d2fc0 GetConsoleCP
0x4d2fc4 GetConsoleMode
0x4d2fc8 Sleep
0x4d2fcc SetHandleCount
0x4d2fd4 GetFileType
0x4d2fd8 LCMapStringA
0x4d2fdc LCMapStringW
0x4d2fe0 FatalAppExitA
0x4d2fe4 VirtualFree
0x4d2fe8 HeapDestroy
0x4d2fec HeapCreate
0x4d300c GetDriveTypeA
0x4d3014 GetStringTypeA
0x4d3018 GetStringTypeW
0x4d301c GetTimeFormatA
0x4d3020 GetDateFormatA
0x4d3024 GetUserDefaultLCID
0x4d3028 EnumSystemLocalesA
0x4d302c IsValidLocale
0x4d3030 IsValidCodePage
0x4d3034 SetStdHandle
0x4d3038 WriteConsoleA
0x4d303c GetConsoleOutputCP
0x4d3040 WriteConsoleW
0x4d3044 GetLocaleInfoW
0x4d304c GetCurrentProcess
0x4d3050 DuplicateHandle
0x4d3054 GetFileSize
0x4d3058 SetEndOfFile
0x4d305c UnlockFile
0x4d3060 LockFile
0x4d3064 FlushFileBuffers
0x4d3068 SetFilePointer
0x4d306c WriteFile
0x4d3070 ReadFile
0x4d3074 DeleteFileA
0x4d3078 MoveFileA
0x4d3080 GetThreadLocale
0x4d3084 GetAtomNameA
0x4d3088 GetOEMCP
0x4d308c GetCPInfo
0x4d3094 TlsFree
0x4d309c LocalReAlloc
0x4d30a0 TlsSetValue
0x4d30a4 TlsAlloc
0x4d30ac GlobalHandle
0x4d30b0 GlobalReAlloc
0x4d30b8 TlsGetValue
0x4d30c0 LocalAlloc
0x4d30c4 GlobalFlags
0x4d30c8 GetDiskFreeSpaceA
0x4d30cc GetFullPathNameA
0x4d30d0 GetTempFileNameA
0x4d30d4 GetFileTime
0x4d30d8 SetFileTime
0x4d30dc GetFileAttributesA
0x4d30ec CreateEventA
0x4d30f0 SuspendThread
0x4d30f4 SetEvent
0x4d30f8 WaitForSingleObject
0x4d30fc ResumeThread
0x4d3100 SetThreadPriority
0x4d3104 CloseHandle
0x4d3108 GetCurrentThread
0x4d3114 GetLocaleInfoA
0x4d3118 lstrcmpA
0x4d311c FindFirstFileA
0x4d3128 FindNextFileA
0x4d312c FindClose
0x4d3130 GetModuleFileNameA
0x4d3138 GetModuleFileNameW
0x4d313c GlobalFree
0x4d3140 CopyFileA
0x4d3144 GlobalSize
0x4d3148 FormatMessageA
0x4d314c LocalFree
0x4d3150 MulDiv
0x4d3154 GetCurrentThreadId
0x4d3158 GlobalFindAtomA
0x4d315c GlobalDeleteAtom
0x4d3160 FreeLibrary
0x4d3164 lstrcmpW
0x4d3168 GetVersionExA
0x4d316c FreeResource
0x4d3170 GetCurrentProcessId
0x4d3174 GlobalGetAtomNameA
0x4d3178 GlobalAddAtomA
0x4d317c ExitProcess
0x4d3180 GetStringTypeExW
0x4d3184 GetStringTypeExA
0x4d3190 lstrlenA
0x4d3194 lstrcmpiW
0x4d3198 lstrcmpiA
0x4d319c CompareStringW
0x4d31a0 CompareStringA
0x4d31a4 lstrlenW
0x4d31a8 GetVersion
0x4d31ac MultiByteToWideChar
0x4d31b0 InterlockedExchange
0x4d31bc GlobalAlloc
0x4d31c0 GlobalLock
0x4d31c4 GlobalUnlock
0x4d31c8 GetLastError
0x4d31cc SetLastError
0x4d31d0 GetProcAddress
0x4d31d4 GetModuleHandleA
0x4d31d8 LoadLibraryA
0x4d31dc WideCharToMultiByte
0x4d31e0 FindResourceA
0x4d31e4 LoadResource
0x4d31e8 LockResource
0x4d31ec GetStdHandle
0x4d31f0 SizeofResource
Library USER32.dll:
0x4d3424 ValidateRect
0x4d3428 GetMessageA
0x4d342c ShowOwnedPopups
0x4d3430 EndDialog
0x4d3434 GetNextDlgTabItem
0x4d343c MapDialogRect
0x4d3444 GetSysColorBrush
0x4d3448 UnionRect
0x4d344c SetRect
0x4d3450 WindowFromPoint
0x4d3454 GetDCEx
0x4d3458 LockWindowUpdate
0x4d345c UnregisterClassA
0x4d3460 DestroyIcon
0x4d3464 GetDialogBaseUnits
0x4d3468 CharNextA
0x4d3470 InvalidateRgn
0x4d3474 GetNextDlgGroupItem
0x4d347c PostThreadMessageA
0x4d3480 GetSystemMenu
0x4d3484 DeleteMenu
0x4d3488 IsRectEmpty
0x4d348c GetMenuStringA
0x4d3490 AppendMenuA
0x4d3494 InsertMenuA
0x4d3498 RemoveMenu
0x4d349c ScrollWindowEx
0x4d34a0 MoveWindow
0x4d34a4 SetWindowTextA
0x4d34a8 IsDialogMessageA
0x4d34ac SetDlgItemTextA
0x4d34b0 SetDlgItemInt
0x4d34b4 GetDlgItemTextA
0x4d34b8 GetDlgItemInt
0x4d34bc CheckDlgButton
0x4d34c0 SetMenuItemBitmaps
0x4d34c8 ModifyMenuA
0x4d34cc GetMenuState
0x4d34d0 EnableMenuItem
0x4d34d4 CheckMenuItem
0x4d34d8 IsChild
0x4d34dc SetWindowsHookExA
0x4d34e0 CallNextHookEx
0x4d34e4 GetClassLongA
0x4d34e8 SetPropA
0x4d34ec GetPropA
0x4d34f0 RemovePropA
0x4d34f8 GetWindowTextA
0x4d34fc GetForegroundWindow
0x4d3500 BeginDeferWindowPos
0x4d3504 EndDeferWindowPos
0x4d3508 DestroyWindow
0x4d350c UnhookWindowsHookEx
0x4d3510 GetMessageTime
0x4d3514 GetMessagePos
0x4d3518 MapWindowPoints
0x4d351c ScrollWindow
0x4d3520 TrackPopupMenuEx
0x4d3524 TrackPopupMenu
0x4d3528 SetScrollRange
0x4d352c GetScrollRange
0x4d3530 PostQuitMessage
0x4d3534 GetScrollPos
0x4d3538 SetForegroundWindow
0x4d353c ShowScrollBar
0x4d3540 MessageBoxA
0x4d3544 GetClassInfoExA
0x4d3548 RegisterClassA
0x4d354c AdjustWindowRectEx
0x4d3550 DeferWindowPos
0x4d3554 GetScrollInfo
0x4d3558 SetScrollInfo
0x4d355c SetWindowPlacement
0x4d3560 DefWindowProcA
0x4d3564 CallWindowProcA
0x4d356c GetWindowPlacement
0x4d3570 PtInRect
0x4d3574 GetDC
0x4d3578 ReleaseDC
0x4d357c GetWindowRect
0x4d3580 IsZoomed
0x4d3584 GetSystemMetrics
0x4d358c UnpackDDElParam
0x4d3590 ReuseDDElParam
0x4d3594 DestroyMenu
0x4d3598 GetClassNameA
0x4d359c GetSysColor
0x4d35a0 WinHelpA
0x4d35a4 SetWindowPos
0x4d35a8 SetFocus
0x4d35b0 GetActiveWindow
0x4d35b4 IsWindowEnabled
0x4d35b8 GetFocus
0x4d35bc EqualRect
0x4d35c0 SetWindowLongA
0x4d35c4 GetDlgCtrlID
0x4d35c8 GetMenu
0x4d35cc LoadIconA
0x4d35d0 PeekMessageA
0x4d35d4 GetCapture
0x4d35d8 LoadAcceleratorsA
0x4d35dc GetParent
0x4d35e0 SetActiveWindow
0x4d35e4 IsWindowVisible
0x4d35e8 InvalidateRect
0x4d35ec SendMessageA
0x4d35f0 LoadBitmapA
0x4d35f4 GetSubMenu
0x4d35f8 LoadMenuA
0x4d35fc ScreenToClient
0x4d3600 SetTimer
0x4d3604 KillTimer
0x4d3608 SetCapture
0x4d360c IsIconic
0x4d3610 InsertMenuItemA
0x4d3614 GetMenuItemID
0x4d3618 GetMenuItemCount
0x4d361c CreatePopupMenu
0x4d3620 GetClassInfoA
0x4d3624 IntersectRect
0x4d3628 OffsetRect
0x4d362c SetRectEmpty
0x4d3630 CopyRect
0x4d3634 GetLastActivePopup
0x4d3638 BringWindowToTop
0x4d363c PostMessageA
0x4d3640 SetMenu
0x4d3644 GetDesktopWindow
0x4d3648 MapVirtualKeyA
0x4d364c GetKeyNameTextA
0x4d3650 GetMenuItemInfoA
0x4d3654 InflateRect
0x4d3658 EndPaint
0x4d365c BeginPaint
0x4d3660 GetWindowDC
0x4d3664 ClientToScreen
0x4d3668 GrayStringA
0x4d366c DrawTextExA
0x4d3670 DrawTextA
0x4d3674 TabbedTextOutA
0x4d3678 FillRect
0x4d367c SetScrollPos
0x4d3680 SetParent
0x4d3684 OpenClipboard
0x4d3688 LoadCursorA
0x4d368c EnableWindow
0x4d3690 CloseClipboard
0x4d3694 SetClipboardData
0x4d3698 EmptyClipboard
0x4d369c SetCursor
0x4d36a0 GetKeyState
0x4d36a4 GetCursorPos
0x4d36a8 ReleaseCapture
0x4d36ac MessageBeep
0x4d36b0 GetClipboardData
0x4d36b4 SetCursorPos
0x4d36b8 DispatchMessageA
0x4d36bc TranslateMessage
0x4d36c0 CharLowerA
0x4d36c4 CharLowerW
0x4d36c8 CharUpperA
0x4d36cc CharUpperW
0x4d36d0 CreateWindowExA
0x4d36d4 InSendMessage
0x4d36d8 UpdateWindow
0x4d36dc IsDlgButtonChecked
0x4d36e0 CheckRadioButton
0x4d36e4 GetDlgItem
0x4d36e8 SendDlgItemMessageA
0x4d36ec GetClientRect
0x4d36f4 IsWindow
0x4d36f8 GetWindowLongA
0x4d36fc ShowWindow
0x4d3700 GetWindow
0x4d3704 GetTopWindow
Library GDI32.dll:
0x4d2d7c SetViewportExtEx
0x4d2d80 ScaleViewportExtEx
0x4d2d84 SetWindowOrgEx
0x4d2d88 OffsetWindowOrgEx
0x4d2d8c SetWindowExtEx
0x4d2d90 ScaleWindowExtEx
0x4d2d98 ArcTo
0x4d2d9c PolyDraw
0x4d2da0 PolylineTo
0x4d2da4 PolyBezierTo
0x4d2da8 ExtSelectClipRgn
0x4d2db0 CreatePatternBrush
0x4d2db4 GetStockObject
0x4d2db8 SelectPalette
0x4d2dbc PlayMetaFileRecord
0x4d2dc0 OffsetViewportOrgEx
0x4d2dc4 EnumMetaFile
0x4d2dc8 PlayMetaFile
0x4d2dcc CreatePen
0x4d2dd0 ExtCreatePen
0x4d2dd4 CreateSolidBrush
0x4d2dd8 CreateHatchBrush
0x4d2ddc CreateFontIndirectA
0x4d2de4 PatBlt
0x4d2de8 SetRectRgn
0x4d2dec CombineRgn
0x4d2df0 GetMapMode
0x4d2df4 DPtoLP
0x4d2df8 GetBkColor
0x4d2dfc GetTextColor
0x4d2e00 GetRgnBox
0x4d2e04 SetViewportOrgEx
0x4d2e08 Escape
0x4d2e0c ExtTextOutA
0x4d2e10 TextOutA
0x4d2e14 RectVisible
0x4d2e18 PtVisible
0x4d2e1c StartDocA
0x4d2e20 GetPixel
0x4d2e24 BitBlt
0x4d2e28 GetWindowExtEx
0x4d2e2c GetViewportExtEx
0x4d2e30 SelectClipPath
0x4d2e34 CreateRectRgn
0x4d2e38 GetObjectType
0x4d2e3c GetObjectA
0x4d2e40 SelectClipRgn
0x4d2e44 SetColorAdjustment
0x4d2e48 SetArcDirection
0x4d2e4c SetMapperFlags
0x4d2e58 SetTextAlign
0x4d2e5c MoveToEx
0x4d2e60 LineTo
0x4d2e64 OffsetClipRgn
0x4d2e68 IntersectClipRect
0x4d2e6c ExcludeClipRect
0x4d2e70 SetMapMode
0x4d2e78 SetWorldTransform
0x4d2e7c SetGraphicsMode
0x4d2e80 SetStretchBltMode
0x4d2e84 SetROP2
0x4d2e88 SetPolyFillMode
0x4d2e8c SetBkMode
0x4d2e90 RestoreDC
0x4d2e94 SaveDC
0x4d2e98 CreateDCA
0x4d2e9c CopyMetaFileA
0x4d2ea0 GetDeviceCaps
0x4d2ea4 CreateBitmap
0x4d2ea8 SetBkColor
0x4d2eac SetTextColor
0x4d2eb0 GetClipBox
0x4d2eb4 GetDCOrgEx
0x4d2eb8 StretchDIBits
0x4d2ebc DeleteDC
0x4d2ec0 CreateFontA
0x4d2ec4 GetCharWidthA
0x4d2ec8 DeleteObject
0x4d2ed0 GetTextMetricsA
0x4d2ed4 SelectObject
0x4d2ed8 CreateCompatibleDC
0x4d2ee0 GetClipRgn
Library comdlg32.dll:
0x4d3800 GetOpenFileNameA
0x4d3804 GetSaveFileNameA
0x4d3808 GetFileTitleA
Library WINSPOOL.DRV:
0x4d37c8 ClosePrinter
0x4d37cc DocumentPropertiesA
0x4d37d0 OpenPrinterA
Library ADVAPI32.dll:
0x4d2d10 GetFileSecurityA
0x4d2d14 SetFileSecurityA
0x4d2d18 RegDeleteValueA
0x4d2d1c RegSetValueExA
0x4d2d20 RegCreateKeyExA
0x4d2d24 RegQueryValueA
0x4d2d28 RegEnumKeyA
0x4d2d2c RegDeleteKeyA
0x4d2d30 RegOpenKeyExA
0x4d2d34 RegQueryValueExA
0x4d2d38 RegOpenKeyA
0x4d2d3c RegSetValueA
0x4d2d40 RegCloseKey
0x4d2d44 RegCreateKeyA
Library SHELL32.dll:
0x4d3390 ExtractIconA
0x4d3394 DragAcceptFiles
0x4d3398 SHGetMalloc
0x4d33a0 SHBrowseForFolderA
0x4d33a4 SHGetFileInfoA
0x4d33a8 DragQueryFileA
0x4d33ac DragFinish
Library SHLWAPI.dll:
0x4d33e4 PathFindFileNameA
0x4d33e8 PathStripToRootA
0x4d33ec PathFindExtensionA
0x4d33f0 PathIsUNCA
Library oledlg.dll:
0x4d3900
Library ole32.dll:
0x4d383c OleUninitialize
0x4d3840 OleRun
0x4d3850 CoGetClassObject
0x4d3854 StringFromGUID2
0x4d3858 CoCreateInstance
0x4d385c CoDisconnectObject
0x4d3860 CLSIDFromString
0x4d3864 CLSIDFromProgID
0x4d3868 OleInitialize
0x4d386c CoTaskMemAlloc
0x4d3870 ReleaseStgMedium
0x4d3874 CreateBindCtx
0x4d3878 CoTreatAsClass
0x4d387c StringFromCLSID
0x4d3880 ReadClassStg
0x4d3884 ReadFmtUserTypeStg
0x4d3888 OleRegGetUserType
0x4d388c WriteClassStg
0x4d3890 WriteFmtUserTypeStg
0x4d3894 SetConvertStg
0x4d3898 CoTaskMemFree
0x4d38a0 CoRevokeClassObject
0x4d38a4 OleSetClipboard
0x4d38b4 OleDuplicateData
0x4d38b8 OleFlushClipboard
Library OLEAUT32.dll:
0x4d32a4 VariantClear
0x4d32a8 VariantChangeType
0x4d32ac VariantInit
0x4d32b0 SysStringLen
0x4d32b4 SysFreeString
0x4d32bc SysStringByteLen
0x4d32c4 SafeArrayAccessData
0x4d32c8 SafeArrayGetUBound
0x4d32cc SafeArrayGetLBound
0x4d32d4 SafeArrayGetDim
0x4d32d8 SafeArrayCreate
0x4d32dc SafeArrayRedim
0x4d32e0 VariantCopy
0x4d32e4 SafeArrayAllocData
0x4d32ec SafeArrayCopy
0x4d32f0 SafeArrayGetElement
0x4d32f4 SafeArrayPtrOfIndex
0x4d32f8 SafeArrayPutElement
0x4d32fc SafeArrayLock
0x4d3300 SafeArrayUnlock
0x4d3304 SafeArrayDestroy
0x4d3318 SysReAllocStringLen
0x4d331c VarDateFromStr
0x4d3320 VarBstrFromCy
0x4d3324 VarBstrFromDec
0x4d3328 VarDecFromStr
0x4d332c VarCyFromStr
0x4d3330 VarBstrFromDate
0x4d3338 SysAllocString
0x4d333c LoadTypeLib
0x4d3340 SysAllocStringLen

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 49713 114.114.114.114 53
192.168.56.101 50002 114.114.114.114 53
192.168.56.101 53657 114.114.114.114 53
192.168.56.101 60384 114.114.114.114 53
192.168.56.101 62318 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 123 20.189.79.72 time.windows.com 123
192.168.56.101 49235 224.0.0.252 5355
192.168.56.101 50534 224.0.0.252 5355
192.168.56.101 51808 224.0.0.252 5355
192.168.56.101 51963 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 57756 224.0.0.252 5355
192.168.56.101 57874 224.0.0.252 5355
192.168.56.101 61680 224.0.0.252 5355
192.168.56.101 62191 224.0.0.252 5355
192.168.56.101 63429 224.0.0.252 5355
192.168.56.101 1900 239.255.255.250 1900
192.168.56.101 49238 239.255.255.250 1900

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.