6.2
高危
57 个模型检测该样本为恶意!
重新分析
更多

a863c5d16b5aa24f51529b7482d42401caf457ef0560545725be60bbbc16bd6a

667dff5fe5e685c40701d59e912fab36.exe

分析耗时

36s

最近分析

文件大小

1.0MB
静态报毒 动态报毒 AHW@AIYWMNKI AI SCORE=80 AIDETECTVM CLOUD CONFIDENCE DELF DELPHILESS ELDORADO ELZG EMJE FAREIT HIGH CONFIDENCE HLIESH INJECTORX KRYPTIK MALICIOUS PE MALWARE1 OCCAMY SCORE THFAIBO TSCOPE UNSAFE WACATAC WHOXF X2066 ZELPHIF 更多
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
McAfee Fareit-FTB!667DFF5FE5E6 20200725 6.0.6.653
Alibaba Trojan:Win32/Occamy.2bc0a7a8 20190527 0.3.0.5
Baidu 20190318 1.0.0.2
Avast Win32:InjectorX-gen [Trj] 20200725 18.4.3895.0
Kingsoft 20200725 2013.8.14.323
Tencent 20200725 1.0.0.1
CrowdStrike win/malicious_confidence_90% (W) 20190702 1.0
静态指标
The executable contains unknown PE section names indicative of a packer (could be a false positive) (3 个事件)
section CODE
section DATA
section BSS
The executable uses a known packer (1 个事件)
packer BobSoft Mini Delphi -> BoB / BobSoft
One or more processes crashed (1 个事件)
Time & API Arguments Status Return Repeated
1619624230.25375
__exception__
stacktrace: 
RtlFlsAlloc+0x421 EtwNotificationRegister-0x6ae ntdll+0x3ee84 @ 0x77d6ee84
RtlRunOnceComplete+0x3a4 LdrLoadDll-0xb1 ntdll+0x3c389 @ 0x77d6c389
LdrLoadDll+0x7b _strcmpi-0x304 ntdll+0x3c4b5 @ 0x77d6c4b5
New_ntdll_LdrLoadDll@16+0x7b New_ntdll_LdrUnloadDll@4-0xb7 @ 0x7454d4cf
LoadLibraryExW+0x178 LoadLibraryExA-0x2a kernelbase+0x11d2a @ 0x778f1d2a
667dff5fe5e685c40701d59e912fab36+0x543f8 @ 0x4543f8
_CorValidateImage+0x83f _CorExeMain-0x2cc mscoree+0x4b0f @ 0x74164b0f
_CorExeMain+0xf62 CreateConfigStream-0x209a mscoree+0x5d3d @ 0x74165d3d
0x57005c

registers.esp: 1633872
registers.edi: 0
registers.eax: 0
registers.ebp: 1633912
registers.edx: 582600
registers.ebx: 0
registers.esi: 1634116
registers.ecx: 176
exception.symbol:
exception.exception_code: 0xc0000005
exception.address: 0xfe6c14ad
success 0 0
行为判定
动态指标
One or more potentially interesting buffers were extracted, these generally contain injected code, configuration data, etc.
Allocates read-write-execute memory (usually to unpack itself) (28 个事件)
Time & API Arguments Status Return Repeated
1619624229.00325
NtAllocateVirtualMemory
process_identifier: 2060
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00370000
success 0 0
1619624229.28425
NtAllocateVirtualMemory
process_identifier: 2060
region_size: 32768
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x006c0000
success 0 0
1619624229.30025
NtAllocateVirtualMemory
process_identifier: 2060
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x008f0000
success 0 0
1619624229.64375
NtProtectVirtualMemory
process_identifier: 1436
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00400000
success 0 0
1619624229.69075
NtAllocateVirtualMemory
process_identifier: 1436
region_size: 1441792
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 8192 (MEM_RESERVE)
base_address: 0x02020000
success 0 0
1619624229.69075
NtAllocateVirtualMemory
process_identifier: 1436
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x02140000
success 0 0
1619624229.69075
NtAllocateVirtualMemory
process_identifier: 1436
region_size: 311296
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00500000
success 0 0
1619624229.69075
NtProtectVirtualMemory
process_identifier: 1436
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 286720
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00502000
success 0 0
1619624230.22275
NtProtectVirtualMemory
process_identifier: 1436
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x01ec2000
success 0 0
1619624230.22275
NtProtectVirtualMemory
process_identifier: 1436
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76351000
success 0 0
1619624230.22275
NtProtectVirtualMemory
process_identifier: 1436
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x01ec2000
success 0 0
1619624230.22275
NtProtectVirtualMemory
process_identifier: 1436
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76353000
success 0 0
1619624230.22275
NtProtectVirtualMemory
process_identifier: 1436
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x01ec2000
success 0 0
1619624230.22275
NtProtectVirtualMemory
process_identifier: 1436
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76354000
success 0 0
1619624230.22275
NtProtectVirtualMemory
process_identifier: 1436
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x01ec2000
success 0 0
1619624230.22275
NtProtectVirtualMemory
process_identifier: 1436
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76351000
success 0 0
1619624230.22275
NtProtectVirtualMemory
process_identifier: 1436
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x01ec2000
success 0 0
1619624230.22275
NtProtectVirtualMemory
process_identifier: 1436
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x77d4f000
success 0 0
1619624230.22275
NtProtectVirtualMemory
process_identifier: 1436
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x01ec2000
success 0 0
1619624230.22275
NtProtectVirtualMemory
process_identifier: 1436
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76353000
success 0 0
1619624230.22275
NtProtectVirtualMemory
process_identifier: 1436
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x01ec2000
success 0 0
1619624230.22275
NtProtectVirtualMemory
process_identifier: 1436
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76351000
success 0 0
1619624230.22275
NtProtectVirtualMemory
process_identifier: 1436
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x01ec2000
success 0 0
1619624230.22275
NtProtectVirtualMemory
process_identifier: 1436
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76351000
success 0 0
1619624230.22275
NtProtectVirtualMemory
process_identifier: 1436
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x01ec2000
success 0 0
1619624230.22275
NtProtectVirtualMemory
process_identifier: 1436
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76354000
success 0 0
1619624230.22275
NtProtectVirtualMemory
process_identifier: 1436
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x01ec2000
success 0 0
1619624230.22275
NtProtectVirtualMemory
process_identifier: 1436
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76351000
success 0 0
The binary likely contains encrypted or compressed data indicative of a packer (2 个事件)
entropy 7.276334088117884 section {'size_of_data': '0x00043600', 'virtual_address': '0x000c6000', 'entropy': 7.276334088117884, 'name': '.rsrc', 'virtual_size': '0x000434f0'} description A section with a high entropy has been found
entropy 0.26013513513513514 description Overall entropy of this PE file is high
网络通信
Used NtSetContextThread to modify a thread in a remote process indicative of process injection (2 个事件)
Process injection Process 2060 called NtSetContextThread to modify thread in remote process 1436
Time & API Arguments Status Return Repeated
1619624229.39325
NtSetContextThread
thread_handle: 0x0000010c
registers.eip: 0
registers.esp: 0
registers.edi: 0
registers.eax: 4864272
registers.ebp: 0
registers.edx: 0
registers.ebx: 2130567168
registers.esi: 0
registers.ecx: 0
process_identifier: 1436
success 0 0
Resumed a suspended thread in a remote process potentially indicative of process injection (2 个事件)
Process injection Process 2060 resumed a thread in remote process 1436
Time & API Arguments Status Return Repeated
1619624229.48725
NtResumeThread
thread_handle: 0x0000010c
suspend_count: 1
process_identifier: 1436
success 0 0
Connects to an IP address that is no longer responding to requests (legitimate services will remain up-and-running usually) (1 个事件)
dead_host 172.217.24.14:443
Executed a process and injected code into it, probably while unpacking (6 个事件)
Time & API Arguments Status Return Repeated
1619624229.39325
CreateProcessInternalW
thread_identifier: 2636
thread_handle: 0x0000010c
process_identifier: 1436
current_directory:
filepath:
track: 1
command_line: "C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\667dff5fe5e685c40701d59e912fab36.exe"
filepath_r:
stack_pivoted: 0
creation_flags: 4 (CREATE_SUSPENDED)
process_handle: 0x00000110
inherit_handles: 0
success 1 0
1619624229.39325
NtUnmapViewOfSection
process_identifier: 1436
region_size: 4096
process_handle: 0x00000110
base_address: 0x00400000
success 0 0
1619624229.39325
NtMapViewOfSection
section_handle: 0x00000118
process_identifier: 1436
commit_size: 675840
win32_protect: 64 (PAGE_EXECUTE_READWRITE)
buffer:
process_handle: 0x00000110
allocation_type: 0 ()
section_offset: 0
view_size: 675840
base_address: 0x00400000
success 0 0
1619624229.39325
NtGetContextThread
thread_handle: 0x0000010c
success 0 0
1619624229.39325
NtSetContextThread
thread_handle: 0x0000010c
registers.eip: 0
registers.esp: 0
registers.edi: 0
registers.eax: 4864272
registers.ebp: 0
registers.edx: 0
registers.ebx: 2130567168
registers.esi: 0
registers.ecx: 0
process_identifier: 1436
success 0 0
1619624229.48725
NtResumeThread
thread_handle: 0x0000010c
suspend_count: 1
process_identifier: 1436
success 0 0
File has been identified by 57 AntiVirus engines on VirusTotal as malicious (50 out of 57 个事件)
Bkav W32.AIDetectVM.malware1
MicroWorld-eScan Trojan.Delf.FareIt.Gen.11
FireEye Generic.mg.667dff5fe5e685c4
CAT-QuickHeal Trojan.Wacatac
McAfee Fareit-FTB!667DFF5FE5E6
Cylance Unsafe
Zillya Trojan.Injector.Win32.745926
Sangfor Malware
K7AntiVirus Trojan ( 00568adb1 )
Alibaba Trojan:Win32/Occamy.2bc0a7a8
K7GW Trojan ( 00568adb1 )
Cybereason malicious.f535f7
TrendMicro Trojan.Win32.WACATAC.THFAIBO
F-Prot W32/Injector.ABY.gen!Eldorado
Symantec Trojan.Gen.2
APEX Malicious
Avast Win32:InjectorX-gen [Trj]
Kaspersky HEUR:Trojan.Win32.Kryptik.gen
BitDefender Trojan.Delf.FareIt.Gen.11
NANO-Antivirus Trojan.Win32.Stealer.hliesh
Paloalto generic.ml
AegisLab Trojan.Win32.Kryptik.4!c
Rising Trojan.Injector!1.AFE3 (CLOUD)
Endgame malicious (high confidence)
Emsisoft Trojan.Delf.FareIt.Gen.11 (B)
F-Secure Trojan.TR/Injector.whoxf
DrWeb Trojan.PWS.Stealer.28677
VIPRE Trojan.Win32.Generic!BT
Invincea heuristic
Trapmine suspicious.low.ml.score
Sophos Mal/Generic-S
SentinelOne DFI - Malicious PE
Cyren W32/Injector.ABY.gen!Eldorado
Jiangmin Trojan.Kryptik.bhv
Webroot W32.Adware.Gen
Avira TR/Injector.whoxf
Antiy-AVL Trojan/Win32.Kryptik
Microsoft Trojan:Win32/Occamy.CA8
Arcabit Trojan.Delf.FareIt.Gen.11
ZoneAlarm HEUR:Trojan.Win32.Kryptik.gen
GData Trojan.Delf.FareIt.Gen.11
Cynet Malicious (score: 100)
AhnLab-V3 Suspicious/Win.Delphiless.X2066
VBA32 TScope.Trojan.Delf
ALYac Trojan.Delf.FareIt.Gen.11
MAX malware (ai score=80)
Ad-Aware Trojan.Delf.FareIt.Gen.11
Malwarebytes Trojan.MalPack.DLF
ESET-NOD32 a variant of Win32/Injector.EMJE
TrendMicro-HouseCall Trojan.Win32.WACATAC.THFAIBO
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

1992-06-20 06:22:17

Imports

Library kernel32.dll:
0x4b4178 VirtualFree
0x4b417c VirtualAlloc
0x4b4180 LocalFree
0x4b4184 LocalAlloc
0x4b4188 GetVersion
0x4b418c GetCurrentThreadId
0x4b4198 VirtualQuery
0x4b419c WideCharToMultiByte
0x4b41a4 MultiByteToWideChar
0x4b41a8 lstrlenA
0x4b41ac lstrcpynA
0x4b41b0 LoadLibraryExA
0x4b41b4 GetThreadLocale
0x4b41b8 GetStartupInfoA
0x4b41bc GetProcAddress
0x4b41c0 GetModuleHandleA
0x4b41c4 GetModuleFileNameA
0x4b41c8 GetLocaleInfoA
0x4b41cc GetLastError
0x4b41d4 GetCommandLineA
0x4b41d8 FreeLibrary
0x4b41dc FindFirstFileA
0x4b41e0 FindClose
0x4b41e4 ExitProcess
0x4b41e8 WriteFile
0x4b41f0 RtlUnwind
0x4b41f4 RaiseException
0x4b41f8 GetStdHandle
Library user32.dll:
0x4b4200 GetKeyboardType
0x4b4204 LoadStringA
0x4b4208 MessageBoxA
0x4b420c CharNextA
Library advapi32.dll:
0x4b4214 RegQueryValueExA
0x4b4218 RegOpenKeyExA
0x4b421c RegCloseKey
Library oleaut32.dll:
0x4b4224 SysFreeString
0x4b4228 SysReAllocStringLen
0x4b422c SysAllocStringLen
Library kernel32.dll:
0x4b4234 TlsSetValue
0x4b4238 TlsGetValue
0x4b423c LocalAlloc
0x4b4240 GetModuleHandleA
Library advapi32.dll:
0x4b4248 RegQueryValueExA
0x4b424c RegOpenKeyExA
0x4b4250 RegCloseKey
Library kernel32.dll:
0x4b4258 lstrcpyA
0x4b425c WriteFile
0x4b4260 WideCharToMultiByte
0x4b4268 WaitForSingleObject
0x4b426c VirtualQuery
0x4b4270 VirtualAlloc
0x4b4274 Sleep
0x4b4278 SizeofResource
0x4b427c SetThreadLocale
0x4b4280 SetFilePointer
0x4b4284 SetEvent
0x4b4288 SetErrorMode
0x4b428c SetEndOfFile
0x4b4290 ResetEvent
0x4b4294 ReadFile
0x4b4298 MultiByteToWideChar
0x4b429c MulDiv
0x4b42a0 LockResource
0x4b42a4 LoadResource
0x4b42a8 LoadLibraryA
0x4b42b4 GlobalUnlock
0x4b42b8 GlobalReAlloc
0x4b42bc GlobalHandle
0x4b42c0 GlobalLock
0x4b42c4 GlobalFree
0x4b42c8 GlobalFindAtomA
0x4b42cc GlobalDeleteAtom
0x4b42d0 GlobalAlloc
0x4b42d4 GlobalAddAtomA
0x4b42dc GetVersionExA
0x4b42e0 GetVersion
0x4b42e4 GetTickCount
0x4b42e8 GetThreadLocale
0x4b42f0 GetSystemTime
0x4b42f4 GetSystemInfo
0x4b42f8 GetStringTypeExA
0x4b42fc GetStdHandle
0x4b4300 GetProcAddress
0x4b4304 GetModuleHandleA
0x4b4308 GetModuleFileNameA
0x4b430c GetLogicalDrives
0x4b4310 GetLocaleInfoA
0x4b4314 GetLocalTime
0x4b4318 GetLastError
0x4b431c GetFullPathNameA
0x4b4320 GetFileAttributesA
0x4b4324 GetDriveTypeA
0x4b4328 GetDiskFreeSpaceA
0x4b432c GetDateFormatA
0x4b4330 GetCurrentThreadId
0x4b4334 GetCurrentProcessId
0x4b4338 GetComputerNameA
0x4b433c GetCPInfo
0x4b4340 GetACP
0x4b4344 FreeResource
0x4b4348 InterlockedExchange
0x4b434c FreeLibrary
0x4b4350 FormatMessageA
0x4b4354 FindResourceA
0x4b4358 FindNextFileA
0x4b435c FindFirstFileA
0x4b4360 FindClose
0x4b436c ExitThread
0x4b4370 EnumCalendarInfoA
0x4b437c CreateThread
0x4b4380 CreateFileA
0x4b4384 CreateEventA
0x4b4388 CompareStringA
0x4b438c CloseHandle
Library mpr.dll:
0x4b4394 WNetGetConnectionA
Library version.dll:
0x4b439c VerQueryValueA
0x4b43a4 GetFileVersionInfoA
Library gdi32.dll:
0x4b43ac UnrealizeObject
0x4b43b0 StretchBlt
0x4b43b4 SetWindowOrgEx
0x4b43b8 SetWinMetaFileBits
0x4b43bc SetViewportOrgEx
0x4b43c0 SetTextColor
0x4b43c4 SetStretchBltMode
0x4b43c8 SetROP2
0x4b43cc SetPixel
0x4b43d0 SetEnhMetaFileBits
0x4b43d4 SetDIBColorTable
0x4b43d8 SetBrushOrgEx
0x4b43dc SetBkMode
0x4b43e0 SetBkColor
0x4b43e4 SelectPalette
0x4b43e8 SelectObject
0x4b43ec SelectClipPath
0x4b43f0 SaveDC
0x4b43f4 RestoreDC
0x4b43f8 Rectangle
0x4b43fc RectVisible
0x4b4400 RealizePalette
0x4b4404 Polyline
0x4b4408 PlayEnhMetaFile
0x4b440c PatBlt
0x4b4410 MoveToEx
0x4b4414 MaskBlt
0x4b4418 LineTo
0x4b441c IntersectClipRect
0x4b4420 GetWindowOrgEx
0x4b4424 GetWinMetaFileBits
0x4b4428 GetTextMetricsA
0x4b4434 GetStockObject
0x4b4438 GetRgnBox
0x4b443c GetPixel
0x4b4440 GetPaletteEntries
0x4b4444 GetObjectA
0x4b4450 GetEnhMetaFileBits
0x4b4454 GetDeviceCaps
0x4b4458 GetDIBits
0x4b445c GetDIBColorTable
0x4b4460 GetDCOrgEx
0x4b4468 GetClipBox
0x4b446c GetBrushOrgEx
0x4b4470 GetBitmapBits
0x4b4474 ExtTextOutA
0x4b4478 ExcludeClipRect
0x4b447c DeleteObject
0x4b4480 DeleteEnhMetaFile
0x4b4484 DeleteDC
0x4b4488 CreateSolidBrush
0x4b448c CreateRectRgn
0x4b4490 CreatePenIndirect
0x4b4494 CreatePen
0x4b4498 CreatePalette
0x4b44a0 CreateFontIndirectA
0x4b44a4 CreateDIBitmap
0x4b44a8 CreateDIBSection
0x4b44ac CreateCompatibleDC
0x4b44b4 CreateBrushIndirect
0x4b44b8 CreateBitmap
0x4b44bc CopyEnhMetaFileA
0x4b44c0 CombineRgn
0x4b44c4 BitBlt
Library user32.dll:
0x4b44cc CreateWindowExA
0x4b44d0 WindowFromPoint
0x4b44d4 WinHelpA
0x4b44d8 WaitMessage
0x4b44dc ValidateRect
0x4b44e0 UpdateWindow
0x4b44e4 UnregisterClassA
0x4b44e8 UnhookWindowsHookEx
0x4b44ec TranslateMessage
0x4b44f4 TrackPopupMenu
0x4b44fc ShowWindow
0x4b4500 ShowScrollBar
0x4b4504 ShowOwnedPopups
0x4b4508 ShowCursor
0x4b450c SetWindowsHookExA
0x4b4510 SetWindowTextA
0x4b4514 SetWindowPos
0x4b4518 SetWindowPlacement
0x4b451c SetWindowLongA
0x4b4520 SetTimer
0x4b4524 SetScrollRange
0x4b4528 SetScrollPos
0x4b452c SetScrollInfo
0x4b4530 SetRect
0x4b4534 SetPropA
0x4b4538 SetParent
0x4b453c SetMenuItemInfoA
0x4b4540 SetMenu
0x4b4544 SetForegroundWindow
0x4b4548 SetFocus
0x4b454c SetCursor
0x4b4550 SetClassLongA
0x4b4554 SetCapture
0x4b4558 SetActiveWindow
0x4b455c SendMessageA
0x4b4560 ScrollWindow
0x4b4564 ScreenToClient
0x4b4568 RemovePropA
0x4b456c RemoveMenu
0x4b4570 ReleaseDC
0x4b4574 ReleaseCapture
0x4b4580 RegisterClassA
0x4b4584 RedrawWindow
0x4b4588 PtInRect
0x4b458c PostQuitMessage
0x4b4590 PostMessageA
0x4b4594 PeekMessageA
0x4b4598 OffsetRect
0x4b459c OemToCharA
0x4b45a0 MessageBoxA
0x4b45a4 MapWindowPoints
0x4b45a8 MapVirtualKeyA
0x4b45ac LoadStringA
0x4b45b0 LoadKeyboardLayoutA
0x4b45b4 LoadIconA
0x4b45b8 LoadCursorA
0x4b45bc LoadBitmapA
0x4b45c0 KillTimer
0x4b45c4 IsZoomed
0x4b45c8 IsWindowVisible
0x4b45cc IsWindowEnabled
0x4b45d0 IsWindow
0x4b45d4 IsRectEmpty
0x4b45d8 IsIconic
0x4b45dc IsDialogMessageA
0x4b45e0 IsChild
0x4b45e4 InvalidateRect
0x4b45e8 IntersectRect
0x4b45ec InsertMenuItemA
0x4b45f0 InsertMenuA
0x4b45f4 InflateRect
0x4b45fc GetWindowTextA
0x4b4600 GetWindowRect
0x4b4604 GetWindowPlacement
0x4b4608 GetWindowLongA
0x4b460c GetWindowDC
0x4b4610 GetTopWindow
0x4b4614 GetSystemMetrics
0x4b4618 GetSystemMenu
0x4b461c GetSysColorBrush
0x4b4620 GetSysColor
0x4b4624 GetSubMenu
0x4b4628 GetScrollRange
0x4b462c GetScrollPos
0x4b4630 GetScrollInfo
0x4b4634 GetPropA
0x4b4638 GetParent
0x4b463c GetWindow
0x4b4640 GetMenuStringA
0x4b4644 GetMenuState
0x4b4648 GetMenuItemInfoA
0x4b464c GetMenuItemID
0x4b4650 GetMenuItemCount
0x4b4654 GetMenu
0x4b4658 GetLastActivePopup
0x4b465c GetKeyboardState
0x4b4664 GetKeyboardLayout
0x4b4668 GetKeyState
0x4b466c GetKeyNameTextA
0x4b4670 GetIconInfo
0x4b4674 GetForegroundWindow
0x4b4678 GetFocus
0x4b467c GetDlgItem
0x4b4680 GetDesktopWindow
0x4b4684 GetDCEx
0x4b4688 GetDC
0x4b468c GetCursorPos
0x4b4690 GetCursor
0x4b4694 GetClipboardData
0x4b4698 GetClientRect
0x4b469c GetClassNameA
0x4b46a0 GetClassInfoA
0x4b46a4 GetCapture
0x4b46a8 GetActiveWindow
0x4b46ac FrameRect
0x4b46b0 FindWindowA
0x4b46b4 FillRect
0x4b46b8 EqualRect
0x4b46bc EnumWindows
0x4b46c0 EnumThreadWindows
0x4b46c4 EndPaint
0x4b46c8 EnableWindow
0x4b46cc EnableScrollBar
0x4b46d0 EnableMenuItem
0x4b46d4 DrawTextA
0x4b46d8 DrawMenuBar
0x4b46dc DrawIconEx
0x4b46e0 DrawIcon
0x4b46e4 DrawFrameControl
0x4b46e8 DrawFocusRect
0x4b46ec DrawEdge
0x4b46f0 DispatchMessageA
0x4b46f4 DestroyWindow
0x4b46f8 DestroyMenu
0x4b46fc DestroyIcon
0x4b4700 DestroyCursor
0x4b4704 DeleteMenu
0x4b4708 DefWindowProcA
0x4b470c DefMDIChildProcA
0x4b4710 DefFrameProcA
0x4b4714 CreatePopupMenu
0x4b4718 CreateMenu
0x4b471c CreateIcon
0x4b4720 ClientToScreen
0x4b4724 CheckMenuItem
0x4b4728 CallWindowProcA
0x4b472c CallNextHookEx
0x4b4730 BeginPaint
0x4b4734 CharNextA
0x4b4738 CharLowerBuffA
0x4b473c CharLowerA
0x4b4740 CharUpperBuffA
0x4b4744 CharToOemA
0x4b4748 AdjustWindowRectEx
Library kernel32.dll:
0x4b4754 Sleep
Library oleaut32.dll:
0x4b475c SafeArrayPtrOfIndex
0x4b4760 SafeArrayPutElement
0x4b4764 SafeArrayGetElement
0x4b476c SafeArrayAccessData
0x4b4770 SafeArrayGetUBound
0x4b4774 SafeArrayGetLBound
0x4b4778 SafeArrayRedim
0x4b477c SafeArrayCreate
0x4b4780 VariantChangeType
0x4b4784 VariantCopyInd
0x4b4788 VariantCopy
0x4b478c VariantClear
0x4b4790 VariantInit
Library ole32.dll:
0x4b4798 CoTaskMemFree
0x4b479c ProgIDFromCLSID
0x4b47a0 StringFromCLSID
0x4b47a4 CoCreateInstance
0x4b47a8 CoGetMalloc
0x4b47ac CoUninitialize
0x4b47b0 CoInitialize
0x4b47b4 IsEqualGUID
Library oleaut32.dll:
0x4b47bc GetErrorInfo
0x4b47c0 GetActiveObject
0x4b47c4 SysStringLen
0x4b47c8 SysFreeString
Library comctl32.dll:
0x4b47d8 ImageList_Write
0x4b47dc ImageList_Read
0x4b47ec ImageList_DragMove
0x4b47f0 ImageList_DragLeave
0x4b47f4 ImageList_DragEnter
0x4b47f8 ImageList_EndDrag
0x4b47fc ImageList_BeginDrag
0x4b4800 ImageList_Remove
0x4b4804 ImageList_DrawEx
0x4b4808 ImageList_Replace
0x4b480c ImageList_Draw
0x4b481c ImageList_Add
0x4b4824 ImageList_Destroy
0x4b4828 ImageList_Create
0x4b482c InitCommonControls
Library comdlg32.dll:
0x4b4834 GetSaveFileNameA
0x4b4838 GetOpenFileNameA

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 51808 114.114.114.114 53
192.168.56.101 51963 114.114.114.114 53
192.168.56.101 55368 114.114.114.114 53
192.168.56.101 56539 114.114.114.114 53
192.168.56.101 60384 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 123 20.189.79.72 time.windows.com 123
192.168.56.101 49713 224.0.0.252 5355
192.168.56.101 51378 224.0.0.252 5355
192.168.56.101 53237 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 58367 224.0.0.252 5355
192.168.56.101 60123 224.0.0.252 5355
192.168.56.101 62191 224.0.0.252 5355
192.168.56.101 62318 224.0.0.252 5355
192.168.56.101 65004 224.0.0.252 5355
192.168.56.101 1900 239.255.255.250 1900
192.168.56.101 51379 239.255.255.250 3702
192.168.56.101 55369 239.255.255.250 3702

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.