6.8
高危
62 个模型检测该样本为恶意!
重新分析
更多

6a5bf81d82a8112290a0eef40ece993c13143ad63feb1b4452528187a98627b0

6862320ab0f3f068504939009f42fa3b.exe

分析耗时

38s

最近分析

文件大小

532.5KB
静态报毒 动态报毒 100% AGENERIC AI SCORE=86 AIDETECTVM AUTO BTIOQQ CONFIDENCE CRIDEX DELPHILESS ELZG FAREIT GENERICKDZ HGW@AUL3AOAI HIGH CONFIDENCE HKCAOJ HPLOKI IGENT KRYPTIK KTSE LCIFG LOKIBOT MALWARE2 MALWARE@#1NL6369U1EHKO MWDV NOON R + MAL SCORE SMBD STATIC AI STRICTOR SUSGEN SUSPICIOUS PE TSPY UNSAFE X2066 ZELPHIF 更多
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
Alibaba TrojanDropper:Win32/Cridex.c38462f2 20190527 0.3.0.5
CrowdStrike win/malicious_confidence_100% (W) 20190702 1.0
Baidu 20190318 1.0.0.2
Avast Other:Malware-gen [Trj] 20201124 20.10.5736.0
Tencent Win32.Trojan.Inject.Auto 20201124 1.0.0.1
Kingsoft 20201124 2017.9.26.565
McAfee Fareit-FTB!6862320AB0F3 20201120 6.0.6.653
静态指标
The executable contains unknown PE section names indicative of a packer (could be a false positive) (3 个事件)
section CODE
section DATA
section BSS
The executable uses a known packer (1 个事件)
packer BobSoft Mini Delphi -> BoB / BobSoft
One or more processes crashed (2 个事件)
Time & API Arguments Status Return Repeated
1619633584.955751
__exception__
stacktrace: 
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 35848004
registers.edi: 0
registers.eax: 0
registers.ebp: 35848072
registers.edx: 0
registers.ebx: 0
registers.esi: 0
registers.ecx: 1950559753
exception.instruction_r: f7 f0 33 c0 5a 59 59 64 89 10 e9 b1 93 00 00 e9
exception.symbol: 6862320ab0f3f068504939009f42fa3b+0x585a4
exception.instruction: div eax
exception.module: 6862320ab0f3f068504939009f42fa3b.exe
exception.exception_code: 0xc0000094
exception.offset: 361892
exception.address: 0x4585a4
success 0 0
1619633585.909249
__exception__
stacktrace: 
RtlFlsAlloc+0x421 EtwNotificationRegister-0x6ae ntdll+0x3ee84 @ 0x77d6ee84
RtlRunOnceComplete+0x3a4 LdrLoadDll-0xb1 ntdll+0x3c389 @ 0x77d6c389
LdrLoadDll+0x7b _strcmpi-0x304 ntdll+0x3c4b5 @ 0x77d6c4b5
New_ntdll_LdrLoadDll@16+0x7b New_ntdll_LdrUnloadDll@4-0xb7 @ 0x7456d4cf
LoadLibraryExW+0x178 LoadLibraryExA-0x2a kernelbase+0x11d2a @ 0x778f1d2a
6862320ab0f3f068504939009f42fa3b+0x2a3f8 @ 0x42a3f8
_CorValidateImage+0x83f _CorExeMain-0x2cc mscoree+0x4b0f @ 0x74164b0f
_CorExeMain+0xf62 CreateConfigStream-0x209a mscoree+0x5d3d @ 0x74165d3d
0x57005c

registers.esp: 1633872
registers.edi: 0
registers.eax: 0
registers.ebp: 1633912
registers.edx: 582600
registers.ebx: 0
registers.esi: 1634116
registers.ecx: 176
exception.symbol:
exception.exception_code: 0xc0000005
exception.address: 0xfe7714ad
success 0 0
行为判定
动态指标
One or more potentially interesting buffers were extracted, these generally contain injected code, configuration data, etc.
Allocates read-write-execute memory (usually to unpack itself) (28 个事件)
Time & API Arguments Status Return Repeated
1619633584.736751
NtAllocateVirtualMemory
process_identifier: 2116
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x003e0000
success 0 0
1619633584.955751
NtProtectVirtualMemory
process_identifier: 2116
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 40960
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00458000
success 0 0
1619633584.970751
NtAllocateVirtualMemory
process_identifier: 2116
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00530000
success 0 0
1619633585.331249
NtProtectVirtualMemory
process_identifier: 784
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00400000
success 0 0
1619633585.362249
NtAllocateVirtualMemory
process_identifier: 784
region_size: 327680
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 8192 (MEM_RESERVE)
base_address: 0x004a0000
success 0 0
1619633585.362249
NtAllocateVirtualMemory
process_identifier: 784
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x004b0000
success 0 0
1619633585.362249
NtAllocateVirtualMemory
process_identifier: 784
region_size: 139264
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00450000
success 0 0
1619633585.362249
NtProtectVirtualMemory
process_identifier: 784
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 110592
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00452000
success 0 0
1619633585.877249
NtProtectVirtualMemory
process_identifier: 784
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x01f52000
success 0 0
1619633585.877249
NtProtectVirtualMemory
process_identifier: 784
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76351000
success 0 0
1619633585.877249
NtProtectVirtualMemory
process_identifier: 784
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x01f52000
success 0 0
1619633585.877249
NtProtectVirtualMemory
process_identifier: 784
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76353000
success 0 0
1619633585.877249
NtProtectVirtualMemory
process_identifier: 784
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x01f52000
success 0 0
1619633585.877249
NtProtectVirtualMemory
process_identifier: 784
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76354000
success 0 0
1619633585.877249
NtProtectVirtualMemory
process_identifier: 784
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x01f52000
success 0 0
1619633585.877249
NtProtectVirtualMemory
process_identifier: 784
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76351000
success 0 0
1619633585.877249
NtProtectVirtualMemory
process_identifier: 784
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x01f52000
success 0 0
1619633585.877249
NtProtectVirtualMemory
process_identifier: 784
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x77d4f000
success 0 0
1619633585.877249
NtProtectVirtualMemory
process_identifier: 784
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x01f52000
success 0 0
1619633585.877249
NtProtectVirtualMemory
process_identifier: 784
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76353000
success 0 0
1619633585.877249
NtProtectVirtualMemory
process_identifier: 784
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x01f52000
success 0 0
1619633585.877249
NtProtectVirtualMemory
process_identifier: 784
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76351000
success 0 0
1619633585.877249
NtProtectVirtualMemory
process_identifier: 784
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x01f52000
success 0 0
1619633585.877249
NtProtectVirtualMemory
process_identifier: 784
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76351000
success 0 0
1619633585.877249
NtProtectVirtualMemory
process_identifier: 784
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x01f52000
success 0 0
1619633585.877249
NtProtectVirtualMemory
process_identifier: 784
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76354000
success 0 0
1619633585.877249
NtProtectVirtualMemory
process_identifier: 784
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x01f52000
success 0 0
1619633585.877249
NtProtectVirtualMemory
process_identifier: 784
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76351000
success 0 0
The binary likely contains encrypted or compressed data indicative of a packer (1 个事件)
entropy 6.974727530638631 section {'size_of_data': '0x0001a000', 'virtual_address': '0x00071000', 'entropy': 6.974727530638631, 'name': '.rsrc', 'virtual_size': '0x00019fb4'} description A section with a high entropy has been found
网络通信
Communicates with host for which no DNS query was performed (1 个事件)
host 172.217.24.14
Used NtSetContextThread to modify a thread in a remote process indicative of process injection (2 个事件)
Process injection Process 2116 called NtSetContextThread to modify thread in remote process 784
Time & API Arguments Status Return Repeated
1619633585.048751
NtSetContextThread
thread_handle: 0x00000100
registers.eip: 0
registers.esp: 0
registers.edi: 0
registers.eax: 4515152
registers.ebp: 0
registers.edx: 0
registers.ebx: 2130567168
registers.esi: 0
registers.ecx: 0
process_identifier: 784
success 0 0
Resumed a suspended thread in a remote process potentially indicative of process injection (2 个事件)
Process injection Process 2116 resumed a thread in remote process 784
Time & API Arguments Status Return Repeated
1619633585.173751
NtResumeThread
thread_handle: 0x00000100
suspend_count: 1
process_identifier: 784
success 0 0
Connects to an IP address that is no longer responding to requests (legitimate services will remain up-and-running usually) (1 个事件)
dead_host 172.217.24.14:443
Executed a process and injected code into it, probably while unpacking (6 个事件)
Time & API Arguments Status Return Repeated
1619633585.048751
CreateProcessInternalW
thread_identifier: 912
thread_handle: 0x00000100
process_identifier: 784
current_directory:
filepath:
track: 1
command_line: "C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\6862320ab0f3f068504939009f42fa3b.exe"
filepath_r:
stack_pivoted: 0
creation_flags: 4 (CREATE_SUSPENDED)
process_handle: 0x00000104
inherit_handles: 0
success 1 0
1619633585.048751
NtUnmapViewOfSection
process_identifier: 784
region_size: 4096
process_handle: 0x00000104
base_address: 0x00400000
success 0 0
1619633585.048751
NtMapViewOfSection
section_handle: 0x0000010c
process_identifier: 784
commit_size: 327680
win32_protect: 64 (PAGE_EXECUTE_READWRITE)
buffer:
process_handle: 0x00000104
allocation_type: 0 ()
section_offset: 0
view_size: 327680
base_address: 0x00400000
success 0 0
1619633585.048751
NtGetContextThread
thread_handle: 0x00000100
success 0 0
1619633585.048751
NtSetContextThread
thread_handle: 0x00000100
registers.eip: 0
registers.esp: 0
registers.edi: 0
registers.eax: 4515152
registers.ebp: 0
registers.edx: 0
registers.ebx: 2130567168
registers.esi: 0
registers.ecx: 0
process_identifier: 784
success 0 0
1619633585.173751
NtResumeThread
thread_handle: 0x00000100
suspend_count: 1
process_identifier: 784
success 0 0
File has been identified by 62 AntiVirus engines on VirusTotal as malicious (50 out of 62 个事件)
Bkav W32.AIDetectVM.malware2
Elastic malicious (high confidence)
MicroWorld-eScan Trojan.GenericKDZ.67095
FireEye Generic.mg.6862320ab0f3f068
CAT-QuickHeal Trojan.Multi
ALYac Spyware.LokiBot
Cylance Unsafe
Zillya Trojan.Injector.Win32.734706
Sangfor Malware
K7AntiVirus Trojan ( 005668161 )
Alibaba TrojanDropper:Win32/Cridex.c38462f2
K7GW Trojan ( 005668161 )
CrowdStrike win/malicious_confidence_100% (W)
Arcabit Trojan.Generic.D10617
Cyren W32/Injector.MWDV-0392
Symantec Trojan.Gen.MBT
APEX Malicious
Paloalto generic.ml
ClamAV Win.Dropper.LokiBot-7788949-0
Kaspersky HEUR:Trojan-Spy.Win32.Noon.gen
BitDefender Trojan.GenericKDZ.67095
NANO-Antivirus Trojan.Win32.Strictor.hkcaoj
AegisLab Trojan.Multi.Generic.4!c
Avast Other:Malware-gen [Trj]
Tencent Win32.Trojan.Inject.Auto
Ad-Aware Trojan.GenericKDZ.67095
Emsisoft Trojan.GenericKDZ.67095 (B)
Comodo Malware@#1nl6369u1ehko
F-Secure Trojan.TR/Agent.lcifg
DrWeb Trojan.PWS.Stealer.28487
VIPRE Trojan.Win32.Generic!BT
TrendMicro TSPY_HPLOKI.SMBD
McAfee-GW-Edition BehavesLike.Win32.Fareit.hh
Sophos Mal/Generic-R + Mal/Fareit-AA
SentinelOne Static AI - Suspicious PE
Jiangmin TrojanSpy.Noon.phl
Webroot W32.Trojan.Gen
Avira TR/Agent.lcifg
Antiy-AVL Trojan/MSIL.AGeneric
Microsoft Trojan:Win32/Cridex.VD!MTB
ViRobot Trojan.Win32.S.Kryptik.545280
ZoneAlarm HEUR:Trojan-Spy.Win32.Noon.gen
GData Win32.Trojan.Injector.PA
Cynet Malicious (score: 100)
AhnLab-V3 Suspicious/Win.Delphiless.X2066
McAfee Fareit-FTB!6862320AB0F3
MAX malware (ai score=86)
VBA32 TrojanSpy.Noon
Malwarebytes Trojan.MalPack.DLF
Zoner Trojan.Win32.68253
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

1992-06-20 06:22:17

Imports

Library kernel32.dll:
0x465150 VirtualFree
0x465154 VirtualAlloc
0x465158 LocalFree
0x46515c LocalAlloc
0x465160 GetVersion
0x465164 GetCurrentThreadId
0x465170 VirtualQuery
0x465174 WideCharToMultiByte
0x465178 MultiByteToWideChar
0x46517c lstrlenA
0x465180 lstrcpynA
0x465184 LoadLibraryExA
0x465188 GetThreadLocale
0x46518c GetStartupInfoA
0x465190 GetProcAddress
0x465194 GetModuleHandleA
0x465198 GetModuleFileNameA
0x46519c GetLocaleInfoA
0x4651a0 GetCommandLineA
0x4651a4 FreeLibrary
0x4651a8 FindFirstFileA
0x4651ac FindClose
0x4651b0 ExitProcess
0x4651b4 WriteFile
0x4651bc RtlUnwind
0x4651c0 RaiseException
0x4651c4 GetStdHandle
Library user32.dll:
0x4651cc GetKeyboardType
0x4651d0 LoadStringA
0x4651d4 MessageBoxA
0x4651d8 CharNextA
Library advapi32.dll:
0x4651e0 RegQueryValueExA
0x4651e4 RegOpenKeyExA
0x4651e8 RegCloseKey
Library oleaut32.dll:
0x4651f0 SysFreeString
0x4651f4 SysReAllocStringLen
0x4651f8 SysAllocStringLen
Library kernel32.dll:
0x465200 TlsSetValue
0x465204 TlsGetValue
0x465208 LocalAlloc
0x46520c GetModuleHandleA
Library advapi32.dll:
0x465214 RegQueryValueExA
0x465218 RegOpenKeyExA
0x46521c RegCloseKey
Library kernel32.dll:
0x465224 lstrcpyA
0x465228 lstrcmpA
0x46522c WriteFile
0x465230 WaitForSingleObject
0x465234 VirtualQuery
0x465238 VirtualProtect
0x46523c VirtualAlloc
0x465240 Sleep
0x465244 SizeofResource
0x465248 SetThreadLocale
0x46524c SetFilePointer
0x465250 SetEvent
0x465254 SetErrorMode
0x465258 SetEndOfFile
0x46525c ResetEvent
0x465260 ReadFile
0x465264 MulDiv
0x465268 LockResource
0x46526c LoadResource
0x465270 LoadLibraryA
0x46527c GlobalUnlock
0x465280 GlobalReAlloc
0x465284 GlobalHandle
0x465288 GlobalLock
0x46528c GlobalFree
0x465290 GlobalFindAtomA
0x465294 GlobalDeleteAtom
0x465298 GlobalAlloc
0x46529c GlobalAddAtomA
0x4652a0 GetVersionExA
0x4652a4 GetVersion
0x4652a8 GetTickCount
0x4652ac GetThreadLocale
0x4652b4 GetSystemTime
0x4652b8 GetSystemInfo
0x4652bc GetStringTypeExA
0x4652c0 GetStdHandle
0x4652c4 GetProcAddress
0x4652c8 GetModuleHandleA
0x4652cc GetModuleFileNameA
0x4652d0 GetLocaleInfoA
0x4652d4 GetLocalTime
0x4652d8 GetLastError
0x4652dc GetFullPathNameA
0x4652e0 GetDiskFreeSpaceA
0x4652e4 GetDateFormatA
0x4652e8 GetCurrentThreadId
0x4652ec GetCurrentProcessId
0x4652f0 GetCPInfo
0x4652f4 GetACP
0x4652f8 FreeResource
0x4652fc InterlockedExchange
0x465300 FreeLibrary
0x465304 FormatMessageA
0x465308 FindResourceA
0x465310 ExitThread
0x465314 EnumCalendarInfoA
0x465320 CreateThread
0x465324 CreateFileA
0x465328 CreateEventA
0x46532c CompareStringA
0x465330 CloseHandle
Library version.dll:
0x465338 VerQueryValueA
0x465340 GetFileVersionInfoA
Library gdi32.dll:
0x465348 UnrealizeObject
0x46534c StretchBlt
0x465350 SetWindowOrgEx
0x465354 SetViewportOrgEx
0x465358 SetTextColor
0x46535c SetStretchBltMode
0x465360 SetROP2
0x465364 SetPixel
0x465368 SetDIBColorTable
0x46536c SetBrushOrgEx
0x465370 SetBkMode
0x465374 SetBkColor
0x465378 SelectPalette
0x46537c SelectObject
0x465380 SaveDC
0x465384 RoundRect
0x465388 RestoreDC
0x46538c Rectangle
0x465390 RectVisible
0x465394 RealizePalette
0x465398 PatBlt
0x46539c MoveToEx
0x4653a0 MaskBlt
0x4653a4 LineTo
0x4653a8 IntersectClipRect
0x4653ac GetWindowOrgEx
0x4653b0 GetTextMetricsA
0x4653bc GetStockObject
0x4653c0 GetPixel
0x4653c4 GetPaletteEntries
0x4653c8 GetObjectA
0x4653cc GetDeviceCaps
0x4653d0 GetDIBits
0x4653d4 GetDIBColorTable
0x4653d8 GetDCOrgEx
0x4653e0 GetClipBox
0x4653e4 GetBrushOrgEx
0x4653e8 GetBitmapBits
0x4653ec ExtTextOutA
0x4653f0 ExcludeClipRect
0x4653f4 Ellipse
0x4653f8 DeleteObject
0x4653fc DeleteDC
0x465400 CreateSolidBrush
0x465404 CreatePenIndirect
0x465408 CreatePalette
0x465410 CreateFontIndirectA
0x465414 CreateDIBitmap
0x465418 CreateDIBSection
0x46541c CreateCompatibleDC
0x465424 CreateBrushIndirect
0x465428 CreateBitmap
0x46542c BitBlt
Library user32.dll:
0x465434 CreateWindowExA
0x465438 WindowFromPoint
0x46543c WinHelpA
0x465440 WaitMessage
0x465444 UpdateWindow
0x465448 UnregisterClassA
0x46544c UnhookWindowsHookEx
0x465450 TranslateMessage
0x465458 TrackPopupMenu
0x465460 ShowWindow
0x465464 ShowScrollBar
0x465468 ShowOwnedPopups
0x46546c ShowCursor
0x465470 SetWindowsHookExA
0x465474 SetWindowTextA
0x465478 SetWindowPos
0x46547c SetWindowPlacement
0x465480 SetWindowLongA
0x465484 SetTimer
0x465488 SetScrollRange
0x46548c SetScrollPos
0x465490 SetScrollInfo
0x465494 SetRect
0x465498 SetPropA
0x46549c SetParent
0x4654a0 SetMenuItemInfoA
0x4654a4 SetMenu
0x4654a8 SetForegroundWindow
0x4654ac SetFocus
0x4654b0 SetCursor
0x4654b4 SetClassLongA
0x4654b8 SetCapture
0x4654bc SetActiveWindow
0x4654c0 SendMessageA
0x4654c4 ScrollWindow
0x4654c8 ScreenToClient
0x4654cc RemovePropA
0x4654d0 RemoveMenu
0x4654d4 ReleaseDC
0x4654d8 ReleaseCapture
0x4654e4 RegisterClassA
0x4654e8 RedrawWindow
0x4654ec PtInRect
0x4654f0 PostQuitMessage
0x4654f4 PostMessageA
0x4654f8 PeekMessageA
0x4654fc OffsetRect
0x465500 OemToCharA
0x465504 MessageBoxA
0x465508 MapWindowPoints
0x46550c MapVirtualKeyA
0x465510 LoadStringA
0x465514 LoadKeyboardLayoutA
0x465518 LoadIconA
0x46551c LoadCursorA
0x465520 LoadBitmapA
0x465524 KillTimer
0x465528 IsZoomed
0x46552c IsWindowVisible
0x465530 IsWindowEnabled
0x465534 IsWindow
0x465538 IsRectEmpty
0x46553c IsIconic
0x465540 IsDialogMessageA
0x465544 IsChild
0x465548 InvalidateRect
0x46554c IntersectRect
0x465550 InsertMenuItemA
0x465554 InsertMenuA
0x465558 InflateRect
0x465560 GetWindowTextA
0x465564 GetWindowRect
0x465568 GetWindowPlacement
0x46556c GetWindowLongA
0x465570 GetWindowDC
0x465574 GetTopWindow
0x465578 GetSystemMetrics
0x46557c GetSystemMenu
0x465580 GetSysColorBrush
0x465584 GetSysColor
0x465588 GetSubMenu
0x46558c GetScrollRange
0x465590 GetScrollPos
0x465594 GetScrollInfo
0x465598 GetPropA
0x46559c GetParent
0x4655a0 GetWindow
0x4655a4 GetMessageTime
0x4655a8 GetMenuStringA
0x4655ac GetMenuState
0x4655b0 GetMenuItemInfoA
0x4655b4 GetMenuItemID
0x4655b8 GetMenuItemCount
0x4655bc GetMenu
0x4655c0 GetLastActivePopup
0x4655c4 GetKeyboardState
0x4655cc GetKeyboardLayout
0x4655d0 GetKeyState
0x4655d4 GetKeyNameTextA
0x4655d8 GetIconInfo
0x4655dc GetForegroundWindow
0x4655e0 GetFocus
0x4655e4 GetDesktopWindow
0x4655e8 GetDCEx
0x4655ec GetDC
0x4655f0 GetCursorPos
0x4655f4 GetCursor
0x4655f8 GetClientRect
0x4655fc GetClassNameA
0x465600 GetClassInfoA
0x465604 GetCapture
0x465608 GetActiveWindow
0x46560c FrameRect
0x465610 FindWindowA
0x465614 FillRect
0x465618 EqualRect
0x46561c EnumWindows
0x465620 EnumThreadWindows
0x465624 EndPaint
0x465628 EnableWindow
0x46562c EnableScrollBar
0x465630 EnableMenuItem
0x465634 DrawTextA
0x465638 DrawMenuBar
0x46563c DrawIconEx
0x465640 DrawIcon
0x465644 DrawFrameControl
0x465648 DrawFocusRect
0x46564c DrawEdge
0x465650 DispatchMessageA
0x465654 DestroyWindow
0x465658 DestroyMenu
0x46565c DestroyIcon
0x465660 DestroyCursor
0x465664 DeleteMenu
0x465668 DefWindowProcA
0x46566c DefMDIChildProcA
0x465670 DefFrameProcA
0x465674 CreatePopupMenu
0x465678 CreateMenu
0x46567c CreateIcon
0x465680 ClientToScreen
0x465684 CheckMenuItem
0x465688 CallWindowProcA
0x46568c CallNextHookEx
0x465690 BeginPaint
0x465694 CharNextA
0x465698 CharLowerA
0x46569c CharToOemA
0x4656a0 AdjustWindowRectEx
Library kernel32.dll:
0x4656ac Sleep
Library oleaut32.dll:
0x4656b4 SafeArrayPtrOfIndex
0x4656b8 SafeArrayGetUBound
0x4656bc SafeArrayGetLBound
0x4656c0 SafeArrayCreate
0x4656c4 VariantChangeType
0x4656c8 VariantCopy
0x4656cc VariantClear
0x4656d0 VariantInit
Library ole32.dll:
0x4656d8 CoTaskMemAlloc
0x4656dc CoCreateInstance
0x4656e0 CoUninitialize
0x4656e4 CoInitialize
Library comctl32.dll:
0x4656f4 ImageList_Write
0x4656f8 ImageList_Read
0x465708 ImageList_DragMove
0x46570c ImageList_DragLeave
0x465710 ImageList_DragEnter
0x465714 ImageList_EndDrag
0x465718 ImageList_BeginDrag
0x46571c ImageList_Remove
0x465720 ImageList_DrawEx
0x465724 ImageList_Draw
0x465734 ImageList_Add
0x46573c ImageList_Destroy
0x465740 ImageList_Create
0x465744 InitCommonControls
Library comdlg32.dll:
0x46574c ChooseColorA

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 51808 114.114.114.114 53
192.168.56.101 56539 114.114.114.114 53
192.168.56.101 60123 114.114.114.114 53
192.168.56.101 63429 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 123 20.189.79.72 time.windows.com 123
192.168.56.101 49713 224.0.0.252 5355
192.168.56.101 51378 224.0.0.252 5355
192.168.56.101 53237 224.0.0.252 5355
192.168.56.101 55368 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 58367 224.0.0.252 5355
192.168.56.101 62191 224.0.0.252 5355
192.168.56.101 62318 224.0.0.252 5355
192.168.56.101 65004 224.0.0.252 5355
192.168.56.101 1900 239.255.255.250 1900
192.168.56.101 51379 239.255.255.250 3702
192.168.56.101 56807 239.255.255.250 1900
192.168.56.101 58707 239.255.255.250 3702

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.