5.8
高危
57 个模型检测该样本为恶意!
重新分析
更多

f001d69d9c544e8d8407d9f8401b99ce5a2b4303fb72b723e0ce0a5afcfb071b

69765894754be28411c1bcf4e4c8c3cd.exe

分析耗时

67s

最近分析

文件大小

2.0MB
静态报毒 动态报毒 @R0@AW35XWKI A + MAL AD@8R7EF8 AI SCORE=83 AIDETECTVM ANSERIN BANKERX BSCOPE CLASSIC CONFIDENCE D5Q5JFZD75S ENCPK EPUI GENCIRC GENETIC HCYD HIGH CONFIDENCE IAGDQ INJECT3 KRYPTIK MALICIOUS PE MALWARE1 PINKSBOT QAKBOT QBOT QVM20 R338401 SCORE SHADE STATIC AI SUSGEN TROJANBANKER UNSAFE ZEXAF 更多
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
Alibaba TrojanBanker:Win32/Kryptik.f8fdae5b 20190527 0.3.0.5
Baidu 20190318 1.0.0.2
Avast Win32:BankerX-gen [Trj] 20201229 21.1.5827.0
Kingsoft 20201229 2017.9.26.565
McAfee W32/PinkSbot-GN!69765894754B 20201229 6.0.6.653
Tencent Malware.Win32.Gencirc.10b9eaee 20201229 1.0.0.1
CrowdStrike win/malicious_confidence_60% (W) 20190702 1.0
静态指标
Queries for the computername (3 个事件)
Time & API Arguments Status Return Repeated
1619610633.74975
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
1619610654.73375
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
1619630494.104626
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
Command line console output was observed (28 个事件)
Time & API Arguments Status Return Repeated
1619630506.229374
WriteConsoleA
buffer: ÕýÔÚ Ping 127.0.0.1
console_handle: 0x00000007
success 1 0
1619630506.229374
WriteConsoleA
buffer: ¾ßÓÐ 32 ×Ö½ÚµÄÊý¾Ý:
console_handle: 0x00000007
success 1 0
1619630506.229374
WriteConsoleA
buffer: À´×Ô 127.0.0.1 µÄ»Ø¸´:
console_handle: 0x00000007
success 1 0
1619630506.244374
WriteConsoleA
buffer: ×Ö½Ú=32
console_handle: 0x00000007
success 1 0
1619630506.244374
WriteConsoleA
buffer: ʱ¼ä<1ms
console_handle: 0x00000007
success 1 0
1619630506.244374
WriteConsoleA
buffer: TTL=128
console_handle: 0x00000007
success 1 0
1619630507.244374
WriteConsoleA
buffer: À´×Ô 127.0.0.1 µÄ»Ø¸´:
console_handle: 0x00000007
success 1 0
1619630507.244374
WriteConsoleA
buffer: ×Ö½Ú=32
console_handle: 0x00000007
success 1 0
1619630507.244374
WriteConsoleA
buffer: ʱ¼ä<1ms
console_handle: 0x00000007
success 1 0
1619630507.244374
WriteConsoleA
buffer: TTL=128
console_handle: 0x00000007
success 1 0
1619630508.244374
WriteConsoleA
buffer: À´×Ô 127.0.0.1 µÄ»Ø¸´:
console_handle: 0x00000007
success 1 0
1619630508.244374
WriteConsoleA
buffer: ×Ö½Ú=32
console_handle: 0x00000007
success 1 0
1619630508.244374
WriteConsoleA
buffer: ʱ¼ä<1ms
console_handle: 0x00000007
success 1 0
1619630508.244374
WriteConsoleA
buffer: TTL=128
console_handle: 0x00000007
success 1 0
1619630509.244374
WriteConsoleA
buffer: À´×Ô 127.0.0.1 µÄ»Ø¸´:
console_handle: 0x00000007
success 1 0
1619630509.244374
WriteConsoleA
buffer: ×Ö½Ú=32
console_handle: 0x00000007
success 1 0
1619630509.244374
WriteConsoleA
buffer: ʱ¼ä<1ms
console_handle: 0x00000007
success 1 0
1619630509.244374
WriteConsoleA
buffer: TTL=128
console_handle: 0x00000007
success 1 0
1619630510.244374
WriteConsoleA
buffer: À´×Ô 127.0.0.1 µÄ»Ø¸´:
console_handle: 0x00000007
success 1 0
1619630510.244374
WriteConsoleA
buffer: ×Ö½Ú=32
console_handle: 0x00000007
success 1 0
1619630510.244374
WriteConsoleA
buffer: ʱ¼ä<1ms
console_handle: 0x00000007
success 1 0
1619630510.244374
WriteConsoleA
buffer: TTL=128
console_handle: 0x00000007
success 1 0
1619630511.244374
WriteConsoleA
buffer: À´×Ô 127.0.0.1 µÄ»Ø¸´:
console_handle: 0x00000007
success 1 0
1619630511.244374
WriteConsoleA
buffer: ×Ö½Ú=32
console_handle: 0x00000007
success 1 0
1619630511.244374
WriteConsoleA
buffer: ʱ¼ä<1ms
console_handle: 0x00000007
success 1 0
1619630511.244374
WriteConsoleA
buffer: TTL=128
console_handle: 0x00000007
success 1 0
1619630511.244374
WriteConsoleA
buffer: 127.0.0.1 µÄ Ping ͳ¼ÆÐÅÏ¢: Êý¾Ý°ü: ÒÑ·¢ËÍ = 6£¬ÒѽÓÊÕ = 6£¬¶ªÊ§ = 0 (0% ¶ªÊ§)£¬
console_handle: 0x00000007
success 1 0
1619630511.244374
WriteConsoleA
buffer: Íù·µÐг̵ĹÀ¼Æʱ¼ä(ÒÔºÁÃëΪµ¥Î»): ×î¶Ì = 0ms£¬× = 0ms£¬Æ½¾ù = 0ms
console_handle: 0x00000007
success 1 0
Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available (1 个事件)
Time & API Arguments Status Return Repeated
1619630506.197374
GlobalMemoryStatusEx
success 1 0
The file contains an unknown PE resource name possibly indicative of a packer (1 个事件)
resource name MOF
One or more processes crashed (4 个事件)
Time & API Arguments Status Return Repeated
1619610654.73375
__exception__
stacktrace: 
RtlConvertSidToUnicodeString+0x28 RtlFormatCurrentUserKeyPath-0x257 ntdll+0x3aeea @ 0x77d6aeea
ConvertSidToStringSidW+0x24 CopySid-0xe6 advapi32+0x14368 @ 0x76554368
69765894754be28411c1bcf4e4c8c3cd+0xa5b6 @ 0x40a5b6
69765894754be28411c1bcf4e4c8c3cd+0x8853 @ 0x408853
69765894754be28411c1bcf4e4c8c3cd+0x8451 @ 0x408451
69765894754be28411c1bcf4e4c8c3cd+0x8ec9 @ 0x408ec9
69765894754be28411c1bcf4e4c8c3cd+0x17cc @ 0x4017cc
69765894754be28411c1bcf4e4c8c3cd+0x1c66 @ 0x401c66
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1632744
registers.edi: 0
registers.eax: 1129530706
registers.ebp: 1632784
registers.edx: 9
registers.ebx: 1
registers.esi: 1129530706
registers.ecx: 1129530706
exception.instruction_r: 8a 08 80 e1 0f 80 f9 01 75 24 8a 48 01 80 f9 0f
exception.symbol: RtlValidSid+0x17 RtlCopySid-0x3e ntdll+0x392a9
exception.instruction: mov cl, byte ptr [eax]
exception.module: ntdll.dll
exception.exception_code: 0xc0000005
exception.offset: 234153
exception.address: 0x77d692a9
success 0 0
1619610654.74975
__exception__
stacktrace: 
EqualSid+0x19 EqualPrefixSid-0xc kernelbase+0x1bfe3 @ 0x778fbfe3
69765894754be28411c1bcf4e4c8c3cd+0x84c8 @ 0x4084c8
69765894754be28411c1bcf4e4c8c3cd+0xa27c @ 0x40a27c
69765894754be28411c1bcf4e4c8c3cd+0xa2b7 @ 0x40a2b7
69765894754be28411c1bcf4e4c8c3cd+0x8f66 @ 0x408f66
69765894754be28411c1bcf4e4c8c3cd+0x17cc @ 0x4017cc
69765894754be28411c1bcf4e4c8c3cd+0x1c66 @ 0x401c66
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1634132
registers.edi: 1129530706
registers.eax: 1281
registers.ebp: 1634140
registers.edx: 0
registers.ebx: 41810184
registers.esi: 41810184
registers.ecx: 2130563072
exception.instruction_r: 66 3b 07 0f 85 e1 ef ff ff 0f b6 4e 01 33 c0 8d
exception.symbol: RtlEqualSid+0x10 RtlSetCriticalSectionSpinCount-0x26 ntdll+0x394c1
exception.instruction: cmp ax, word ptr [edi]
exception.module: ntdll.dll
exception.exception_code: 0xc0000005
exception.offset: 234689
exception.address: 0x77d694c1
success 0 0
1619630494.775626
__exception__
stacktrace: 
69765894754be28411c1bcf4e4c8c3cd+0x3daa @ 0x403daa
69765894754be28411c1bcf4e4c8c3cd+0x1b23 @ 0x401b23
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1637624
registers.edi: 0
registers.eax: 1447909480
registers.ebp: 1637684
registers.edx: 22104
registers.ebx: 1
registers.esi: 7690320
registers.ecx: 10
exception.instruction_r: ed 89 5d e4 89 4d e0 5a 59 5b 58 83 4d fc ff eb
exception.symbol: 69765894754be28411c1bcf4e4c8c3cd+0x33cc
exception.instruction: in eax, dx
exception.module: 69765894754be28411c1bcf4e4c8c3cd.exe
exception.exception_code: 0xc0000096
exception.offset: 13260
exception.address: 0x4033cc
success 0 0
1619630494.775626
__exception__
stacktrace: 
69765894754be28411c1bcf4e4c8c3cd+0x3db3 @ 0x403db3
69765894754be28411c1bcf4e4c8c3cd+0x1b23 @ 0x401b23
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1637628
registers.edi: 0
registers.eax: 1447909480
registers.ebp: 1637684
registers.edx: 22104
registers.ebx: 1
registers.esi: 7690320
registers.ecx: 20
exception.instruction_r: ed 89 45 e4 5a 59 5b 58 83 4d fc ff eb 11 33 c0
exception.symbol: 69765894754be28411c1bcf4e4c8c3cd+0x3465
exception.instruction: in eax, dx
exception.module: 69765894754be28411c1bcf4e4c8c3cd.exe
exception.exception_code: 0xc0000096
exception.offset: 13413
exception.address: 0x403465
success 0 0
行为判定
动态指标
Allocates read-write-execute memory (usually to unpack itself) (6 个事件)
Time & API Arguments Status Return Repeated
1619610621.67175
NtAllocateVirtualMemory
process_identifier: 2200
region_size: 233472
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x003b0000
success 0 0
1619610631.68675
NtAllocateVirtualMemory
process_identifier: 2200
region_size: 229376
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00600000
success 0 0
1619610631.68675
NtProtectVirtualMemory
process_identifier: 2200
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 245760
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00400000
success 0 0
1619630485.104626
NtAllocateVirtualMemory
process_identifier: 192
region_size: 233472
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x003b0000
success 0 0
1619630494.104626
NtAllocateVirtualMemory
process_identifier: 192
region_size: 229376
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x02050000
success 0 0
1619630494.104626
NtProtectVirtualMemory
process_identifier: 192
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 245760
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00400000
success 0 0
Creates executable files on the filesystem (1 个事件)
file C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\69765894754be28411c1bcf4e4c8c3cd.exe
Creates a suspicious process (2 个事件)
cmdline cmd.exe /c ping.exe -n 6 127.0.0.1 & type "C:\Windows\System32\calc.exe" > "C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\69765894754be28411c1bcf4e4c8c3cd.exe"
cmdline "C:\Windows\System32\cmd.exe" /c ping.exe -n 6 127.0.0.1 & type "C:\Windows\System32\calc.exe" > "C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\69765894754be28411c1bcf4e4c8c3cd.exe"
A process created a hidden window (2 个事件)
Time & API Arguments Status Return Repeated
1619610634.42175
CreateProcessInternalW
thread_identifier: 1760
thread_handle: 0x00000164
process_identifier: 192
current_directory:
filepath:
track: 1
command_line: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\69765894754be28411c1bcf4e4c8c3cd.exe /C
filepath_r:
stack_pivoted: 0
creation_flags: 134217728 (CREATE_NO_WINDOW)
process_handle: 0x00000168
inherit_handles: 0
success 1 0
1619610655.21875
ShellExecuteExW
parameters: /c ping.exe -n 6 127.0.0.1 & type "C:\Windows\System32\calc.exe" > "C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\69765894754be28411c1bcf4e4c8c3cd.exe"
filepath: cmd.exe
filepath_r: cmd.exe
show_type: 0
success 1 0
Uses Windows utilities for basic Windows functionality (3 个事件)
cmdline cmd.exe /c ping.exe -n 6 127.0.0.1 & type "C:\Windows\System32\calc.exe" > "C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\69765894754be28411c1bcf4e4c8c3cd.exe"
cmdline ping.exe -n 6 127.0.0.1
cmdline "C:\Windows\System32\cmd.exe" /c ping.exe -n 6 127.0.0.1 & type "C:\Windows\System32\calc.exe" > "C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\69765894754be28411c1bcf4e4c8c3cd.exe"
网络通信
Detects VMWare through the in instruction feature (1 个事件)
Time & API Arguments Status Return Repeated
1619630494.775626
__exception__
stacktrace: 
69765894754be28411c1bcf4e4c8c3cd+0x3daa @ 0x403daa
69765894754be28411c1bcf4e4c8c3cd+0x1b23 @ 0x401b23
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1637624
registers.edi: 0
registers.eax: 1447909480
registers.ebp: 1637684
registers.edx: 22104
registers.ebx: 1
registers.esi: 7690320
registers.ecx: 10
exception.instruction_r: ed 89 5d e4 89 4d e0 5a 59 5b 58 83 4d fc ff eb
exception.symbol: 69765894754be28411c1bcf4e4c8c3cd+0x33cc
exception.instruction: in eax, dx
exception.module: 69765894754be28411c1bcf4e4c8c3cd.exe
exception.exception_code: 0xc0000096
exception.offset: 13260
exception.address: 0x4033cc
success 0 0
Connects to an IP address that is no longer responding to requests (legitimate services will remain up-and-running usually) (1 个事件)
dead_host 172.217.24.14:443
File has been identified by 57 AntiVirus engines on VirusTotal as malicious (50 out of 57 个事件)
Bkav W32.AIDetectVM.malware1
Elastic malicious (high confidence)
MicroWorld-eScan Trojan.Agent.EPUI
FireEye Generic.mg.69765894754be284
CAT-QuickHeal Trojan.Qbot
ALYac Trojan.Agent.EPUI
Cylance Unsafe
Sangfor Malware
K7AntiVirus Trojan ( 00514fc51 )
Alibaba TrojanBanker:Win32/Kryptik.f8fdae5b
K7GW Trojan ( 00514fc51 )
Cybereason malicious.4754be
Arcabit Trojan.Agent.EPUI
BitDefenderTheta Gen:NN.ZexaF.34700.@r0@aW35xWki
Symantec Trojan.Anserin
TrendMicro-HouseCall Backdoor.Win32.QAKBOT.SME
Avast Win32:BankerX-gen [Trj]
ClamAV Win.Dropper.Qakbot-7689175-0
Kaspersky HEUR:Trojan-Banker.Win32.Qbot.vho
BitDefender Trojan.Agent.EPUI
Paloalto generic.ml
AegisLab Trojan.Win32.Malicious.4!c
Rising Trojan.Kryptik!1.C427 (CLASSIC)
Ad-Aware Trojan.Agent.EPUI
Emsisoft Trojan.Agent.EPUI (B)
Comodo TrojWare.Win32.Qbot.AD@8r7ef8
F-Secure Trojan.TR/AD.Qbot.iagdq
DrWeb Trojan.Inject3.39171
VIPRE Trojan.Win32.Generic!BT
TrendMicro Backdoor.Win32.QAKBOT.SME
McAfee-GW-Edition BehavesLike.Win32.Dropper.tz
SentinelOne Static AI - Malicious PE
Sophos ML/PE-A + Mal/EncPk-APV
APEX Malicious
Jiangmin Trojan.Banker.Qbot.nw
MaxSecure Trojan.Malware.91331598.susgen
Avira TR/AD.Qbot.iagdq
MAX malware (ai score=83)
Antiy-AVL Trojan[Banker]/Win32.Qbot
Gridinsoft Trojan.Win32.Kryptik.ba!s3
Microsoft Trojan:Win32/Qbot.MX!MTB
ZoneAlarm HEUR:Trojan-Banker.Win32.Qbot.vho
GData Trojan.Agent.EPUI
Cynet Malicious (score: 100)
AhnLab-V3 Trojan/Win32.QBot.R338401
McAfee W32/PinkSbot-GN!69765894754B
VBA32 BScope.TrojanRansom.Shade
Malwarebytes Trojan.Qbot
ESET-NOD32 a variant of Win32/Kryptik.HCYD
Tencent Malware.Win32.Gencirc.10b9eaee
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

2020-04-24 19:57:17

Imports

Library KERNEL32.dll:
0x5dbb40 VirtualAlloc
0x5dbb44 GetModuleHandleW
0x5dbb48 ExitProcess
0x5dbb4c SetFilePointer
0x5dbb58 SetErrorMode
0x5dbb60 GetModuleFileNameA
0x5dbb64 CloseHandle
0x5dbb68 CreateThread
0x5dbb6c LocalFree
0x5dbb70 FormatMessageA
0x5dbb74 LocalAlloc
0x5dbb78 GetCurrentProcess
0x5dbb7c GetProcAddress
0x5dbb80 GetModuleHandleA
0x5dbb84 GetLastError
0x5dbb88 CreateMutexA
0x5dbb8c GetVersionExA
0x5dbb90 GetVersion
0x5dbb94 LoadLibraryA
0x5dbb9c WaitForSingleObject
0x5dbba0 lstrlenA
0x5dbba4 lstrcmpiA
0x5dbbac GetFileAttributesA
0x5dbbb0 CreateFileA
0x5dbbbc lstrcpyA
0x5dbbc0 HeapFree
0x5dbbc4 HeapAlloc
0x5dbbc8 SetLastError
0x5dbbcc GetDiskFreeSpaceA
0x5dbbd0 CopyFileA
0x5dbbd4 CreateDirectoryA
0x5dbbd8 GetSystemDirectoryA
0x5dbbe4 lstrcpynA
0x5dbbe8 DeleteFileA
0x5dbbec SetFileAttributesA
0x5dbbf0 lstrcatA
0x5dbbf4 WideCharToMultiByte
0x5dbbf8 lstrlenW
0x5dbbfc MultiByteToWideChar
0x5dbc00 GetDriveTypeA
0x5dbc08 FreeLibrary
0x5dbc0c LoadLibraryExA
0x5dbc10 DeviceIoControl
0x5dbc14 TerminateProcess
0x5dbc18 OpenProcess
0x5dbc1c FindClose
0x5dbc20 FindNextFileA
0x5dbc24 FindFirstFileA
0x5dbc28 CreateProcessA
0x5dbc2c lstrcmpA
0x5dbc30 SetEvent
0x5dbc34 CreateEventA
0x5dbc38 ResetEvent
0x5dbc3c WriteFile
0x5dbc40 SetCommState
0x5dbc44 GetCommState
0x5dbc48 SetCommTimeouts
0x5dbc4c ReadFile
0x5dbc50 ExitThread
0x5dbc5c GetTickCount
0x5dbc60 GetCurrentThreadId
0x5dbc64 GetCurrentProcessId
0x5dbc74 GetStartupInfoA
0x5dbc78 GetProcessHeap
0x5dbc7c DebugBreak
0x5dbc80 IsDBCSLeadByte
0x5dbc84 UnmapViewOfFile
0x5dbc88 OpenFileMappingA
0x5dbc8c CreateFileMappingA
0x5dbc90 MapViewOfFile
0x5dbc94 GetTempFileNameA
0x5dbc98 GetTempPathA
0x5dbca4 UnregisterWaitEx
0x5dbcac VerSetConditionMask
0x5dbcb8 ReadProcessMemory
0x5dbcc4 CompareStringA
0x5dbccc SizeofResource
0x5dbcd0 LoadResource
0x5dbcd4 FindResourceA
0x5dbcd8 WriteConsoleW
0x5dbcdc GetConsoleOutputCP
0x5dbce0 WriteConsoleA
0x5dbce4 SetStdHandle
0x5dbce8 FlushFileBuffers
0x5dbcec GetConsoleMode
0x5dbcf0 GetConsoleCP
0x5dbcf4 LCMapStringW
0x5dbcf8 LCMapStringA
0x5dbcfc OutputDebugStringA
0x5dbd00 GetFileType
0x5dbd04 SetHandleCount
0x5dbd18 Sleep
0x5dbd1c HeapSize
0x5dbd20 HeapCreate
0x5dbd24 HeapDestroy
0x5dbd28 GetStdHandle
0x5dbd2c GetStringTypeW
0x5dbd30 GetStringTypeA
0x5dbd34 TlsFree
0x5dbd38 TlsSetValue
0x5dbd3c TlsAlloc
0x5dbd40 TlsGetValue
0x5dbd44 IsValidCodePage
0x5dbd48 GetOEMCP
0x5dbd4c GetCPInfo
0x5dbd50 IsDebuggerPresent
0x5dbd54 GetCommandLineA
0x5dbd58 VirtualQuery
0x5dbd5c GetSystemInfo
0x5dbd60 VirtualProtect
0x5dbd64 HeapReAlloc
0x5dbd68 RtlUnwind
0x5dbd6c GetThreadLocale
0x5dbd70 GetLocaleInfoA
0x5dbd74 GetACP
0x5dbd78 InterlockedExchange
0x5dbd7c VirtualFree
0x5dbd88 GetFileSize
0x5dbd90 RaiseException
0x5dbd94 CreateRemoteThread
0x5dbd9c Process32First
0x5dbda0 Process32Next
Library USER32.dll:
0x5dbdac LoadIconW
0x5dbdb0 LoadCursorFromFileW
0x5dbdb4 GetAsyncKeyState
0x5dbdb8 GetForegroundWindow
0x5dbdbc GetKeyboardLayout
0x5dbdc0 GetDC
0x5dbdc4 GetSystemMetrics
0x5dbdc8 GetDlgCtrlID
0x5dbdcc GetListBoxInfo
0x5dbdd0 GetThreadDesktop
0x5dbdd4 ShowCaret
0x5dbdd8 DestroyWindow
0x5dbddc GetClipboardViewer
0x5dbde0 GetTopWindow
0x5dbde4 CharLowerA
0x5dbde8 LoadIconA
0x5dbdec GetClientRect
0x5dbdf0 CopyRect
0x5dbdf4 IsWindow
0x5dbdf8 InvalidateRect
0x5dbdfc GetSysColor
0x5dbe00 SendDlgItemMessageA
0x5dbe04 SetFocus
0x5dbe08 SetWindowLongA
0x5dbe0c RedrawWindow
0x5dbe10 LoadImageA
0x5dbe14 EnumChildWindows
0x5dbe18 GetWindowLongA
0x5dbe1c GetWindowRect
0x5dbe20 ScreenToClient
0x5dbe24 SetWindowPos
0x5dbe28 ShowWindow
0x5dbe30 ReleaseDC
0x5dbe34 wsprintfA
0x5dbe38 GetParent
0x5dbe3c PostMessageA
0x5dbe40 DialogBoxParamA
0x5dbe44 EnableWindow
0x5dbe48 EndDialog
0x5dbe4c GetDlgItem
0x5dbe50 SetTimer
0x5dbe54 FindWindowA
0x5dbe58 RegisterClassExA
0x5dbe5c LoadStringA
0x5dbe60 MessageBoxA
0x5dbe64 CreateWindowExA
0x5dbe68 GetMessageA
0x5dbe6c TranslateMessage
0x5dbe70 DispatchMessageA
0x5dbe74 SendMessageA
0x5dbe78 SetForegroundWindow
0x5dbe7c EnumThreadWindows
0x5dbe80 PostQuitMessage
0x5dbe84 DefWindowProcA
0x5dbe88 ExitWindowsEx
0x5dbe94 GetCursor
0x5dbe98 DdeFreeStringHandle
0x5dbe9c RemovePropA
0x5dbea4 DrawMenuBar
0x5dbea8 PaintDesktop
0x5dbeac RegisterClassExW
0x5dbeb0 CascadeChildWindows
0x5dbeb4 SendMessageTimeoutA
0x5dbeb8 UnhookWindowsHookEx
0x5dbebc SetClassLongA
0x5dbec0 GetLastInputInfo
0x5dbec8 CloseWindowStation
0x5dbed0 ToAsciiEx
0x5dbed8 DdeAddData
0x5dbedc GetClipboardData
0x5dbee4 VkKeyScanW
0x5dbee8 SetSystemCursor
0x5dbeec SetWindowTextA
0x5dbef0 UpdateLayeredWindow
0x5dbef4 CheckMenuRadioItem
0x5dbef8 AppendMenuW
0x5dbefc UnpackDDElParam
0x5dbf00 LoadAcceleratorsA
0x5dbf04 SetWindowsHookExW
0x5dbf08 DlgDirListComboBoxA
0x5dbf0c CreateDesktopA
0x5dbf10 DeleteMenu
0x5dbf14 WaitForInputIdle
0x5dbf18 CharNextA
0x5dbf1c GetWindowTextA
0x5dbf24 GetDlgItemTextA
0x5dbf28 CallWindowProcA
0x5dbf2c CreateDialogParamA
0x5dbf30 PeekMessageA
0x5dbf34 GetFocus
0x5dbf38 GetCapture
0x5dbf3c ReleaseCapture
0x5dbf40 EndPaint
0x5dbf44 BeginPaint
0x5dbf48 GetCursorPos
0x5dbf4c SetCursor
0x5dbf50 DrawFocusRect
0x5dbf54 FillRect
0x5dbf58 PtInRect
0x5dbf5c UnregisterClassA
0x5dbf60 SetCapture
0x5dbf64 IsWindowEnabled
0x5dbf68 UpdateWindow
0x5dbf6c GetClassNameA
0x5dbf70 LoadCursorA
0x5dbf74 SetRectEmpty
0x5dbf78 IsDialogMessageA
0x5dbf7c OffsetRect
0x5dbf80 DrawTextA
0x5dbf84 GetWindow
0x5dbf88 MapWindowPoints
0x5dbf8c SetDlgItemTextA
Library GDI32.dll:
0x5dbf94 GetStockObject
0x5dbf98 UnrealizeObject
0x5dbf9c CreateMetaFileA
0x5dbfa0 CreatePatternBrush
0x5dbfa4 GetPolyFillMode
0x5dbfa8 DeleteDC
0x5dbfac FillPath
0x5dbfb0 GetDeviceCaps
0x5dbfb4 CreateFontIndirectA
0x5dbfb8 AddFontResourceA
0x5dbfc0 GetRgnBox
0x5dbfc4 DeleteEnhMetaFile
0x5dbfc8 EnumFontFamiliesExW
0x5dbfcc UpdateICMRegKeyA
0x5dbfd0 GetTextExtentPointW
0x5dbfd4 GdiIsMetaPrintDC
0x5dbfd8 GetObjectW
0x5dbfdc Polygon
0x5dbfe0 SetTextColor
0x5dbfe4 SetBkMode
0x5dbfe8 SelectObject
0x5dbfec GetObjectA
0x5dbff0 DeleteObject
Library COMDLG32.dll:
0x5dbff8 GetOpenFileNameA
Library ADVAPI32.dll:
0x5dc000 RegOpenKeyA
0x5dc004 RegQueryValueExA
0x5dc00c OpenProcessToken
0x5dc010 LookupAccountSidA
0x5dc014 GetTokenInformation
0x5dc018 FreeSid
0x5dc01c EqualSid
0x5dc024 RegCloseKey
0x5dc028 RegEnumKeyA
0x5dc02c RegQueryValueA
0x5dc030 RegEnumKeyExA
0x5dc034 RegSetValueExA
0x5dc03c RegOpenKeyExA
0x5dc040 RegDeleteKeyA
0x5dc044 RegQueryInfoKeyA
0x5dc048 RegCreateKeyExA
0x5dc04c RegDeleteValueA
Library SHELL32.dll:
0x5dc058 SHGetMalloc
0x5dc05c SHGetDesktopFolder
0x5dc060 SHGetFileInfoA
0x5dc064 SHBrowseForFolderA
0x5dc06c DragQueryFileAorW
0x5dc074 DragFinish
0x5dc078 WOWShellExecute
0x5dc07c SHGetFileInfo
0x5dc080 SHEmptyRecycleBinW
0x5dc084 SHFormatDrive
0x5dc088 SHFileOperationW
0x5dc090 SHGetSettings
0x5dc094 ShellExecuteW
0x5dc098 ExtractIconExA
0x5dc0a0 ShellExecuteEx
0x5dc0a4 SHGetPathFromIDList
0x5dc0a8 ShellExecuteA
Library ole32.dll:
0x5dc0b0 OleUninitialize
0x5dc0b4 OleInitialize
0x5dc0b8 CoInitialize
0x5dc0bc CoTaskMemAlloc
0x5dc0c0 CoTaskMemFree
0x5dc0c4 CoCreateInstance
0x5dc0c8 CLSIDFromString
0x5dc0cc CoUninitialize
0x5dc0d0 CoTaskMemRealloc
Library SHLWAPI.dll:
0x5dc0d8 StrChrIA
0x5dc0dc SHGetValueA
0x5dc0e0 PathIsDirectoryA
0x5dc0e4 StrDupA
0x5dc0e8 PathCombineA
0x5dc0ec StrCmpNIA
0x5dc0f0 PathIsRootA
0x5dc0f4 PathAppendA
0x5dc0f8 StrCmpNW
0x5dc0fc StrStrW
0x5dc100 StrChrIW
0x5dc104 StrStrA
0x5dc108 StrRChrW
0x5dc10c StrRChrA
0x5dc110 PathFileExistsA
Library COMCTL32.dll:
0x5dc11c _TrackMouseEvent

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 49235 114.114.114.114 53
192.168.56.101 53657 114.114.114.114 53
192.168.56.101 55368 114.114.114.114 53
192.168.56.101 60215 114.114.114.114 53
192.168.56.101 63429 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 123 20.189.79.72 time.windows.com 123
192.168.56.101 50002 224.0.0.252 5355
192.168.56.101 50534 224.0.0.252 5355
192.168.56.101 51808 224.0.0.252 5355
192.168.56.101 51963 224.0.0.252 5355
192.168.56.101 56539 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 57756 224.0.0.252 5355
192.168.56.101 57874 224.0.0.252 5355
192.168.56.101 60384 224.0.0.252 5355
192.168.56.101 61680 224.0.0.252 5355
192.168.56.101 1900 239.255.255.250 1900
192.168.56.101 49236 239.255.255.250 3702

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.