6.8
高危
57 个模型检测该样本为恶意!
重新分析
更多

ef815a60779a455c972b48db32df542ea756480065844ae3984da559e9faba5a

67a718502209be7331286ff2321916d9.exe

分析耗时

58s

最近分析

文件大小

680.0KB
静态报毒 动态报毒 100% AGENTTESLA AI SCORE=84 ASLZ ATTRIBUTE BANKER1 BTLEQV CLOUD CONFIDENCE DELF DELPHI DELPHILESS EHDJ EMAS FAREIT GDSDA GENERICKD HIGH CONFIDENCE HIGHCONFIDENCE HKJZYC IGENT KRYPTIK LOKI LOKIBOT MALWARE@#2KIPHKJY9OPA0 MODERATE QGW@AMQIAVDI QVM05 SCORE SMAD1 SUSPICIOUS PE TSCOPE UNSAFE X2066 YMHFM ZELPHIF 更多
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
McAfee Fareit-FTB!67A718502209 20200603 6.0.6.653
CrowdStrike win/malicious_confidence_90% (W) 20190702 1.0
Alibaba TrojanSpy:Win32/Injector.5ecd581b 20190527 0.3.0.5
Baidu 20190318 1.0.0.2
Avast Win32:Trojan-gen 20200603 18.4.3895.0
Tencent 20200603 1.0.0.1
Kingsoft 20200603 2013.8.14.323
静态指标
The executable contains unknown PE section names indicative of a packer (could be a false positive) (3 个事件)
section CODE
section DATA
section BSS
The executable uses a known packer (1 个事件)
packer BobSoft Mini Delphi -> BoB / BobSoft
One or more processes crashed (1 个事件)
Time & API Arguments Status Return Repeated
1620762783.125
__exception__
stacktrace: 
CreateFileMappingW+0xe5 OpenFileMappingW-0x29 kernelbase+0xdc73 @ 0x778edc73
GetFileVersion+0xa7 ND_RI2-0x2eb mscoreei+0xe97b @ 0x73aae97b
GetFileVersion+0x1bb ND_RI2-0x1d7 mscoreei+0xea8f @ 0x73aaea8f
RegisterShimImplCallback+0x48e5 CLRCreateInstance-0x13e6 mscoreei+0xb25a @ 0x73aab25a
RegisterShimImplCallback+0x4b52 CLRCreateInstance-0x1179 mscoreei+0xb4c7 @ 0x73aab4c7
RegisterShimImplCallback+0x4300 CLRCreateInstance-0x19cb mscoreei+0xac75 @ 0x73aaac75
RegisterShimImplCallback+0x4561 CLRCreateInstance-0x176a mscoreei+0xaed6 @ 0x73aaaed6
CreateConfigStream+0xc89 _CorExeMain-0x62 mscoreei+0x5511 @ 0x73aa5511
_CorExeMain+0x2b _CorExeMain2-0x141 mscoreei+0x559e @ 0x73aa559e
CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x74167f16
_CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x74164de3
67a718502209be7331286ff2321916d9+0x5aa4d @ 0x45aa4d
67a718502209be7331286ff2321916d9+0x53254 @ 0x453254
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1634372
registers.edi: 2
registers.eax: 1
registers.ebp: 1634412
registers.edx: 228
registers.ebx: 983045
registers.esi: 1634532
registers.ecx: 228
exception.symbol:
exception.exception_code: 0xc0000005
exception.address: 0xfe8e14ad
success 0 0
行为判定
动态指标
One or more potentially interesting buffers were extracted, these generally contain injected code, configuration data, etc.
Allocates read-write-execute memory (usually to unpack itself) (30 个事件)
Time & API Arguments Status Return Repeated
1620762779.48425
NtAllocateVirtualMemory
process_identifier: 1436
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x003e0000
success 0 0
1620762779.70325
NtProtectVirtualMemory
process_identifier: 1436
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 40960
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00452000
success 0 0
1620762779.70325
NtAllocateVirtualMemory
process_identifier: 1436
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x005a0000
success 0 0
1620762780.063
NtProtectVirtualMemory
process_identifier: 1688
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00400000
success 0 0
1620762780.094
NtAllocateVirtualMemory
process_identifier: 1688
region_size: 917504
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 8192 (MEM_RESERVE)
base_address: 0x00680000
success 0 0
1620762780.094
NtAllocateVirtualMemory
process_identifier: 1688
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00720000
success 0 0
1620762780.094
NtAllocateVirtualMemory
process_identifier: 1688
region_size: 335872
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00680000
success 0 0
1620762780.094
NtProtectVirtualMemory
process_identifier: 1688
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 307200
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00682000
success 0 0
1620762780.453
NtAllocateVirtualMemory
process_identifier: 1688
region_size: 2031616
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 8192 (MEM_RESERVE)
base_address: 0x02230000
success 0 0
1620762780.453
NtAllocateVirtualMemory
process_identifier: 1688
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x023e0000
success 0 0
1620762783.109
NtProtectVirtualMemory
process_identifier: 1688
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x020c2000
success 0 0
1620762783.109
NtProtectVirtualMemory
process_identifier: 1688
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76351000
success 0 0
1620762783.109
NtProtectVirtualMemory
process_identifier: 1688
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x020c2000
success 0 0
1620762783.109
NtProtectVirtualMemory
process_identifier: 1688
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76353000
success 0 0
1620762783.109
NtProtectVirtualMemory
process_identifier: 1688
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x020c2000
success 0 0
1620762783.109
NtProtectVirtualMemory
process_identifier: 1688
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76354000
success 0 0
1620762783.109
NtProtectVirtualMemory
process_identifier: 1688
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x020c2000
success 0 0
1620762783.109
NtProtectVirtualMemory
process_identifier: 1688
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76351000
success 0 0
1620762783.109
NtProtectVirtualMemory
process_identifier: 1688
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x020c2000
success 0 0
1620762783.109
NtProtectVirtualMemory
process_identifier: 1688
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x77d4f000
success 0 0
1620762783.109
NtProtectVirtualMemory
process_identifier: 1688
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x020c2000
success 0 0
1620762783.109
NtProtectVirtualMemory
process_identifier: 1688
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76353000
success 0 0
1620762783.109
NtProtectVirtualMemory
process_identifier: 1688
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x020c2000
success 0 0
1620762783.109
NtProtectVirtualMemory
process_identifier: 1688
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76351000
success 0 0
1620762783.109
NtProtectVirtualMemory
process_identifier: 1688
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x020c2000
success 0 0
1620762783.109
NtProtectVirtualMemory
process_identifier: 1688
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76351000
success 0 0
1620762783.109
NtProtectVirtualMemory
process_identifier: 1688
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x020c2000
success 0 0
1620762783.109
NtProtectVirtualMemory
process_identifier: 1688
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76354000
success 0 0
1620762783.109
NtProtectVirtualMemory
process_identifier: 1688
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x020c2000
success 0 0
1620762783.109
NtProtectVirtualMemory
process_identifier: 1688
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76351000
success 0 0
The binary likely contains encrypted or compressed data indicative of a packer (2 个事件)
entropy 7.259858393623716 section {'size_of_data': '0x00045c00', 'virtual_address': '0x0006a000', 'entropy': 7.259858393623716, 'name': '.rsrc', 'virtual_size': '0x00045a9c'} description A section with a high entropy has been found
entropy 0.4108983799705449 description Overall entropy of this PE file is high
网络通信
Communicates with host for which no DNS query was performed (2 个事件)
host 172.217.24.14
host 203.208.41.65
Used NtSetContextThread to modify a thread in a remote process indicative of process injection (2 个事件)
Process injection Process 1436 called NtSetContextThread to modify thread in remote process 1688
Time & API Arguments Status Return Repeated
1620762779.78125
NtSetContextThread
thread_handle: 0x000000fc
registers.eip: 0
registers.esp: 0
registers.edi: 0
registers.eax: 4910800
registers.ebp: 0
registers.edx: 0
registers.ebx: 2130567168
registers.esi: 0
registers.ecx: 0
process_identifier: 1688
success 0 0
Resumed a suspended thread in a remote process potentially indicative of process injection (2 个事件)
Process injection Process 1436 resumed a thread in remote process 1688
Time & API Arguments Status Return Repeated
1620762779.93825
NtResumeThread
thread_handle: 0x000000fc
suspend_count: 1
process_identifier: 1688
success 0 0
Connects to an IP address that is no longer responding to requests (legitimate services will remain up-and-running usually) (1 个事件)
dead_host 172.217.24.14:443
Executed a process and injected code into it, probably while unpacking (6 个事件)
Time & API Arguments Status Return Repeated
1620762779.78125
CreateProcessInternalW
thread_identifier: 196
thread_handle: 0x000000fc
process_identifier: 1688
current_directory:
filepath:
track: 1
command_line: "C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\67a718502209be7331286ff2321916d9.exe"
filepath_r:
stack_pivoted: 0
creation_flags: 4 (CREATE_SUSPENDED)
process_handle: 0x00000100
inherit_handles: 0
success 1 0
1620762779.78125
NtUnmapViewOfSection
process_identifier: 1688
region_size: 4096
process_handle: 0x00000100
base_address: 0x00400000
success 0 0
1620762779.78125
NtMapViewOfSection
section_handle: 0x00000108
process_identifier: 1688
commit_size: 724992
win32_protect: 64 (PAGE_EXECUTE_READWRITE)
buffer:
process_handle: 0x00000100
allocation_type: 0 ()
section_offset: 0
view_size: 724992
base_address: 0x00400000
success 0 0
1620762779.78125
NtGetContextThread
thread_handle: 0x000000fc
success 0 0
1620762779.78125
NtSetContextThread
thread_handle: 0x000000fc
registers.eip: 0
registers.esp: 0
registers.edi: 0
registers.eax: 4910800
registers.ebp: 0
registers.edx: 0
registers.ebx: 2130567168
registers.esi: 0
registers.ecx: 0
process_identifier: 1688
success 0 0
1620762779.93825
NtResumeThread
thread_handle: 0x000000fc
suspend_count: 1
process_identifier: 1688
success 0 0
File has been identified by 57 AntiVirus engines on VirusTotal as malicious (50 out of 57 个事件)
MicroWorld-eScan Trojan.GenericKD.33871533
McAfee Fareit-FTB!67A718502209
Cylance Unsafe
Sangfor Malware
CrowdStrike win/malicious_confidence_90% (W)
Alibaba TrojanSpy:Win32/Injector.5ecd581b
K7GW Trojan ( 005670e91 )
K7AntiVirus Trojan ( 005670e91 )
Arcabit Trojan.Generic.D204D6AD
TrendMicro TrojanSpy.Win32.LOKI.SMAD1.hp
F-Prot W32/Injector.JCW
Symantec ML.Attribute.HighConfidence
APEX Malicious
Avast Win32:Trojan-gen
ClamAV Win.Trojan.LokiBot-7847694-0
Kaspersky HEUR:Trojan.Win32.Kryptik.gen
BitDefender Trojan.GenericKD.33871533
NANO-Antivirus Trojan.Win32.Banker1.hkjzyc
Paloalto generic.ml
Ad-Aware Trojan.GenericKD.33871533
Sophos Mal/Fareit-AA
Comodo Malware@#2kiphkjy9opa0
F-Secure Dropper.DR/Delphi.ymhfm
DrWeb Trojan.PWS.Banker1.29984
VIPRE Trojan.Win32.Generic!BT
Invincea heuristic
McAfee-GW-Edition BehavesLike.Win32.Fareit.jc
Trapmine malicious.moderate.ml.score
FireEye Generic.mg.67a718502209be73
Emsisoft Trojan.GenericKD.33871533 (B)
SentinelOne DFI - Suspicious PE
Cyren W32/Injector.ASLZ-6509
Avira DR/Delphi.ymhfm
MAX malware (ai score=84)
Antiy-AVL Trojan/Win32.Kryptik
Microsoft TrojanSpy:Win32/Injector.A!MTB
Endgame malicious (high confidence)
AegisLab Trojan.Multi.Generic.4!c
ZoneAlarm HEUR:Trojan.Win32.Kryptik.gen
GData Trojan.GenericKD.33871533
AhnLab-V3 Suspicious/Win.Delphiless.X2066
Acronis suspicious
VBA32 TScope.Trojan.Delf
ALYac Trojan.GenericKD.33871533
Malwarebytes Spyware.AgentTesla
ESET-NOD32 a variant of Win32/Injector.EMAS
TrendMicro-HouseCall TrojanSpy.Win32.LOKI.SMAD1.hp
Rising Trojan.Injector!8.C4 (CLOUD)
Yandex Trojan.Igent.bTLEqV.32
Ikarus Trojan.Inject
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

1992-06-20 06:22:17

Imports

Library kernel32.dll:
0x45f13c VirtualFree
0x45f140 VirtualAlloc
0x45f144 LocalFree
0x45f148 LocalAlloc
0x45f14c GetVersion
0x45f150 GetCurrentThreadId
0x45f15c VirtualQuery
0x45f160 WideCharToMultiByte
0x45f164 MultiByteToWideChar
0x45f168 lstrlenA
0x45f16c lstrcpynA
0x45f170 LoadLibraryExA
0x45f174 GetThreadLocale
0x45f178 GetStartupInfoA
0x45f17c GetProcAddress
0x45f180 GetModuleHandleA
0x45f184 GetModuleFileNameA
0x45f188 GetLocaleInfoA
0x45f18c GetCommandLineA
0x45f190 FreeLibrary
0x45f194 FindFirstFileA
0x45f198 FindClose
0x45f19c ExitProcess
0x45f1a0 WriteFile
0x45f1a8 RtlUnwind
0x45f1ac RaiseException
0x45f1b0 GetStdHandle
Library user32.dll:
0x45f1b8 GetKeyboardType
0x45f1bc LoadStringA
0x45f1c0 MessageBoxA
0x45f1c4 CharNextA
Library advapi32.dll:
0x45f1cc RegQueryValueExA
0x45f1d0 RegOpenKeyExA
0x45f1d4 RegCloseKey
Library oleaut32.dll:
0x45f1dc SysFreeString
0x45f1e0 SysReAllocStringLen
0x45f1e4 SysAllocStringLen
Library kernel32.dll:
0x45f1ec TlsSetValue
0x45f1f0 TlsGetValue
0x45f1f4 LocalAlloc
0x45f1f8 GetModuleHandleA
Library advapi32.dll:
0x45f200 RegQueryValueExA
0x45f204 RegOpenKeyExA
0x45f208 RegCloseKey
Library kernel32.dll:
0x45f210 lstrcpyA
0x45f214 WriteFile
0x45f218 WaitForSingleObject
0x45f21c VirtualQuery
0x45f220 VirtualAlloc
0x45f224 Sleep
0x45f228 SizeofResource
0x45f22c SetThreadLocale
0x45f230 SetFilePointer
0x45f234 SetEvent
0x45f238 SetErrorMode
0x45f23c SetEndOfFile
0x45f240 ResetEvent
0x45f244 ReadFile
0x45f248 MulDiv
0x45f24c LockResource
0x45f250 LoadResource
0x45f254 LoadLibraryA
0x45f260 GlobalUnlock
0x45f264 GlobalReAlloc
0x45f268 GlobalHandle
0x45f26c GlobalLock
0x45f270 GlobalFree
0x45f274 GlobalFindAtomA
0x45f278 GlobalDeleteAtom
0x45f27c GlobalAlloc
0x45f280 GlobalAddAtomA
0x45f284 GetVersionExA
0x45f288 GetVersion
0x45f28c GetTickCount
0x45f290 GetThreadLocale
0x45f298 GetSystemTime
0x45f29c GetSystemInfo
0x45f2a0 GetStringTypeExA
0x45f2a4 GetStdHandle
0x45f2a8 GetProcAddress
0x45f2ac GetModuleHandleA
0x45f2b0 GetModuleFileNameA
0x45f2b4 GetLocaleInfoA
0x45f2b8 GetLocalTime
0x45f2bc GetLastError
0x45f2c0 GetFullPathNameA
0x45f2c4 GetDiskFreeSpaceA
0x45f2c8 GetDateFormatA
0x45f2cc GetCurrentThreadId
0x45f2d0 GetCurrentProcessId
0x45f2d4 GetCPInfo
0x45f2d8 GetACP
0x45f2dc FreeResource
0x45f2e0 InterlockedExchange
0x45f2e4 FreeLibrary
0x45f2e8 FormatMessageA
0x45f2ec FindResourceA
0x45f2f4 ExitThread
0x45f2f8 EnumCalendarInfoA
0x45f304 CreateThread
0x45f308 CreateFileA
0x45f30c CreateEventA
0x45f310 CompareStringA
0x45f314 CloseHandle
Library version.dll:
0x45f31c VerQueryValueA
0x45f324 GetFileVersionInfoA
Library gdi32.dll:
0x45f32c UnrealizeObject
0x45f330 StretchBlt
0x45f334 SetWindowOrgEx
0x45f338 SetViewportOrgEx
0x45f33c SetTextColor
0x45f340 SetStretchBltMode
0x45f344 SetROP2
0x45f348 SetPixel
0x45f34c SetDIBColorTable
0x45f350 SetBrushOrgEx
0x45f354 SetBkMode
0x45f358 SetBkColor
0x45f35c SelectPalette
0x45f360 SelectObject
0x45f364 SaveDC
0x45f368 RestoreDC
0x45f36c Rectangle
0x45f370 RectVisible
0x45f374 RealizePalette
0x45f378 PatBlt
0x45f37c MoveToEx
0x45f380 MaskBlt
0x45f384 LineTo
0x45f388 IntersectClipRect
0x45f38c GetWindowOrgEx
0x45f390 GetTextMetricsA
0x45f39c GetStockObject
0x45f3a0 GetPixel
0x45f3a4 GetPaletteEntries
0x45f3a8 GetObjectA
0x45f3ac GetDeviceCaps
0x45f3b0 GetDIBits
0x45f3b4 GetDIBColorTable
0x45f3b8 GetDCOrgEx
0x45f3c0 GetClipBox
0x45f3c4 GetBrushOrgEx
0x45f3c8 GetBitmapBits
0x45f3cc ExcludeClipRect
0x45f3d0 DeleteObject
0x45f3d4 DeleteDC
0x45f3d8 CreateSolidBrush
0x45f3dc CreatePenIndirect
0x45f3e0 CreatePen
0x45f3e4 CreatePalette
0x45f3ec CreateFontIndirectA
0x45f3f0 CreateDIBitmap
0x45f3f4 CreateDIBSection
0x45f3f8 CreateCompatibleDC
0x45f400 CreateBrushIndirect
0x45f404 CreateBitmap
0x45f408 BitBlt
Library user32.dll:
0x45f410 CreateWindowExA
0x45f414 WindowFromPoint
0x45f418 WinHelpA
0x45f41c WaitMessage
0x45f420 ValidateRect
0x45f424 UpdateWindow
0x45f428 UnregisterClassA
0x45f42c UnhookWindowsHookEx
0x45f430 TranslateMessage
0x45f438 TrackPopupMenu
0x45f440 ShowWindow
0x45f444 ShowScrollBar
0x45f448 ShowOwnedPopups
0x45f44c ShowCursor
0x45f450 SetWindowsHookExA
0x45f454 SetWindowPos
0x45f458 SetWindowPlacement
0x45f45c SetWindowLongA
0x45f460 SetTimer
0x45f464 SetScrollRange
0x45f468 SetScrollPos
0x45f46c SetScrollInfo
0x45f470 SetRect
0x45f474 SetPropA
0x45f478 SetParent
0x45f47c SetMenuItemInfoA
0x45f480 SetMenu
0x45f484 SetForegroundWindow
0x45f488 SetFocus
0x45f48c SetCursor
0x45f490 SetClassLongA
0x45f494 SetCapture
0x45f498 SetActiveWindow
0x45f49c SendMessageA
0x45f4a0 ScrollWindow
0x45f4a4 ScreenToClient
0x45f4a8 RemovePropA
0x45f4ac RemoveMenu
0x45f4b0 ReleaseDC
0x45f4b4 ReleaseCapture
0x45f4c0 RegisterClassA
0x45f4c4 RedrawWindow
0x45f4c8 PtInRect
0x45f4cc PostQuitMessage
0x45f4d0 PostMessageA
0x45f4d4 PeekMessageA
0x45f4d8 OffsetRect
0x45f4dc OemToCharA
0x45f4e0 MessageBoxA
0x45f4e4 MapWindowPoints
0x45f4e8 MapVirtualKeyA
0x45f4ec LoadStringA
0x45f4f0 LoadKeyboardLayoutA
0x45f4f4 LoadIconA
0x45f4f8 LoadCursorA
0x45f4fc LoadBitmapA
0x45f500 KillTimer
0x45f504 IsZoomed
0x45f508 IsWindowVisible
0x45f50c IsWindowEnabled
0x45f510 IsWindow
0x45f514 IsRectEmpty
0x45f518 IsIconic
0x45f51c IsDialogMessageA
0x45f520 IsChild
0x45f524 InvalidateRect
0x45f528 IntersectRect
0x45f52c InsertMenuItemA
0x45f530 InsertMenuA
0x45f534 InflateRect
0x45f53c GetWindowTextA
0x45f540 GetWindowRect
0x45f544 GetWindowPlacement
0x45f548 GetWindowLongA
0x45f54c GetWindowDC
0x45f550 GetTopWindow
0x45f554 GetSystemMetrics
0x45f558 GetSystemMenu
0x45f55c GetSysColorBrush
0x45f560 GetSysColor
0x45f564 GetSubMenu
0x45f568 GetScrollRange
0x45f56c GetScrollPos
0x45f570 GetScrollInfo
0x45f574 GetPropA
0x45f578 GetParent
0x45f57c GetWindow
0x45f580 GetMenuStringA
0x45f584 GetMenuState
0x45f588 GetMenuItemInfoA
0x45f58c GetMenuItemID
0x45f590 GetMenuItemCount
0x45f594 GetMenu
0x45f598 GetLastActivePopup
0x45f59c GetKeyboardState
0x45f5a4 GetKeyboardLayout
0x45f5a8 GetKeyState
0x45f5ac GetKeyNameTextA
0x45f5b0 GetIconInfo
0x45f5b4 GetForegroundWindow
0x45f5b8 GetFocus
0x45f5bc GetDlgItem
0x45f5c0 GetDesktopWindow
0x45f5c4 GetDCEx
0x45f5c8 GetDC
0x45f5cc GetCursorPos
0x45f5d0 GetCursor
0x45f5d4 GetClientRect
0x45f5d8 GetClassNameA
0x45f5dc GetClassInfoA
0x45f5e0 GetCapture
0x45f5e4 GetActiveWindow
0x45f5e8 FrameRect
0x45f5ec FindWindowA
0x45f5f0 FillRect
0x45f5f4 EqualRect
0x45f5f8 EnumWindows
0x45f5fc EnumThreadWindows
0x45f600 EndPaint
0x45f604 EnableWindow
0x45f608 EnableScrollBar
0x45f60c EnableMenuItem
0x45f610 DrawTextA
0x45f614 DrawMenuBar
0x45f618 DrawIconEx
0x45f61c DrawIcon
0x45f620 DrawFrameControl
0x45f624 DrawEdge
0x45f628 DispatchMessageA
0x45f62c DestroyWindow
0x45f630 DestroyMenu
0x45f634 DestroyIcon
0x45f638 DestroyCursor
0x45f63c DeleteMenu
0x45f640 DefWindowProcA
0x45f644 DefMDIChildProcA
0x45f648 DefFrameProcA
0x45f64c CreatePopupMenu
0x45f650 CreateMenu
0x45f654 CreateIcon
0x45f658 ClientToScreen
0x45f65c CheckMenuItem
0x45f660 CallWindowProcA
0x45f664 CallNextHookEx
0x45f668 BeginPaint
0x45f66c CharNextA
0x45f670 CharLowerA
0x45f674 CharToOemA
0x45f678 AdjustWindowRectEx
Library kernel32.dll:
0x45f684 Sleep
Library oleaut32.dll:
0x45f68c SafeArrayPtrOfIndex
0x45f690 SafeArrayGetUBound
0x45f694 SafeArrayGetLBound
0x45f698 SafeArrayCreate
0x45f69c VariantChangeType
0x45f6a0 VariantCopy
0x45f6a4 VariantClear
0x45f6a8 VariantInit
Library comctl32.dll:
0x45f6b8 ImageList_Write
0x45f6bc ImageList_Read
0x45f6cc ImageList_DragMove
0x45f6d0 ImageList_DragLeave
0x45f6d4 ImageList_DragEnter
0x45f6d8 ImageList_EndDrag
0x45f6dc ImageList_BeginDrag
0x45f6e0 ImageList_Remove
0x45f6e4 ImageList_DrawEx
0x45f6e8 ImageList_Draw
0x45f6f8 ImageList_Add
0x45f700 ImageList_Destroy
0x45f704 ImageList_Create
0x45f708 InitCommonControls
Library comdlg32.dll:
0x45f710 GetOpenFileNameA

Hosts

No hosts contacted.

TCP

Source Source Port Destination Destination Port
203.208.41.65 80 192.168.56.101 49191

UDP

Source Source Port Destination Destination Port
192.168.56.101 50568 114.114.114.114 53
192.168.56.101 51963 114.114.114.114 53
192.168.56.101 58367 114.114.114.114 53
192.168.56.101 60123 114.114.114.114 53
192.168.56.101 60215 114.114.114.114 53
192.168.56.101 62191 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 123 20.189.79.72 time.windows.com 123
192.168.56.101 49235 224.0.0.252 5355
192.168.56.101 50002 224.0.0.252 5355
192.168.56.101 50534 224.0.0.252 5355
192.168.56.101 53657 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 57756 224.0.0.252 5355
192.168.56.101 57874 224.0.0.252 5355
192.168.56.101 60384 224.0.0.252 5355
192.168.56.101 63429 224.0.0.252 5355
192.168.56.101 1900 239.255.255.250 1900
192.168.56.101 53658 239.255.255.250 3702

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.