5.6
高危
61 个模型检测该样本为恶意!
重新分析
更多

d125bee4f4cf2d445a9eca9c8a88e2fa7f3a05dd615e5567ab7a22a6aefbe56e

69ce67f936596fa76b3f26f6b496ab37.exe

分析耗时

86s

最近分析

文件大小

747.0KB
静态报毒 动态报毒 100% AI SCORE=80 AIDETECTVM AVSARHER BTVF44 CLASSIC CMCE CONFIDENCE DELF DELPHILESS ELXR EMJV FAREIT FQIIG GENERICKD GENETIC HIGH CONFIDENCE HLFMTD KRYPTIK LOKI LOKIBOT MALICIOUS PE MALWARE1 MALWARE@#L0VSB3BA6I3M OCCAMY SCORE SIGGEN2 SMTHG STATIC AI TRJGEN TSCOPE UGW@AWZWENJI UNSAFE WRRA X2066 ZELPHIF 更多
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
CrowdStrike win/malicious_confidence_100% (W) 20190702 1.0
Baidu 20190318 1.0.0.2
Avast Win32:Malware-gen 20201210 21.1.5827.0
Alibaba Trojan:Win32/Occamy.98adc089 20190527 0.3.0.5
Tencent Win32.Trojan.Crypt.Wrra 20201211 1.0.0.1
Kingsoft 20201211 2017.9.26.565
McAfee Fareit-FTB!69CE67F93659 20201211 6.0.6.653
静态指标
The executable contains unknown PE section names indicative of a packer (could be a false positive) (3 个事件)
section CODE
section DATA
section BSS
The executable uses a known packer (1 个事件)
packer BobSoft Mini Delphi -> BoB / BobSoft
One or more processes crashed (1 个事件)
Time & API Arguments Status Return Repeated
1619610612.715661
__exception__
stacktrace: 
CreateFileMappingW+0xe5 OpenFileMappingW-0x29 kernelbase+0xdc73 @ 0x778edc73
GetFileVersion+0xa7 ND_RI2-0x2eb mscoreei+0xe97b @ 0x73aae97b
GetFileVersion+0x1bb ND_RI2-0x1d7 mscoreei+0xea8f @ 0x73aaea8f
RegisterShimImplCallback+0x48e5 CLRCreateInstance-0x13e6 mscoreei+0xb25a @ 0x73aab25a
RegisterShimImplCallback+0x4b52 CLRCreateInstance-0x1179 mscoreei+0xb4c7 @ 0x73aab4c7
RegisterShimImplCallback+0x4300 CLRCreateInstance-0x19cb mscoreei+0xac75 @ 0x73aaac75
RegisterShimImplCallback+0x4561 CLRCreateInstance-0x176a mscoreei+0xaed6 @ 0x73aaaed6
CreateConfigStream+0xc89 _CorExeMain-0x62 mscoreei+0x5511 @ 0x73aa5511
_CorExeMain+0x2b _CorExeMain2-0x141 mscoreei+0x559e @ 0x73aa559e
CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x74167f16
_CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x74164de3
69ce67f936596fa76b3f26f6b496ab37+0x54a4d @ 0x454a4d
69ce67f936596fa76b3f26f6b496ab37+0x4d254 @ 0x44d254
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1634372
registers.edi: 2
registers.eax: 1
registers.ebp: 1634412
registers.edx: 228
registers.ebx: 983045
registers.esi: 1634532
registers.ecx: 228
exception.symbol:
exception.exception_code: 0xc0000005
exception.address: 0xfe6c14ad
success 0 0
行为判定
动态指标
One or more potentially interesting buffers were extracted, these generally contain injected code, configuration data, etc.
Allocates read-write-execute memory (usually to unpack itself) (30 个事件)
Time & API Arguments Status Return Repeated
1619610601.587588
NtAllocateVirtualMemory
process_identifier: 884
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00360000
success 0 0
1619610603.743588
NtAllocateVirtualMemory
process_identifier: 884
region_size: 36864
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x01ec0000
success 0 0
1619610603.743588
NtAllocateVirtualMemory
process_identifier: 884
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x01fd0000
success 0 0
1619610608.324661
NtProtectVirtualMemory
process_identifier: 1396
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00400000
success 0 0
1619610608.668661
NtAllocateVirtualMemory
process_identifier: 1396
region_size: 1769472
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 8192 (MEM_RESERVE)
base_address: 0x02000000
success 0 0
1619610608.668661
NtAllocateVirtualMemory
process_identifier: 1396
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x02170000
success 0 0
1619610608.683661
NtAllocateVirtualMemory
process_identifier: 1396
region_size: 311296
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x007d0000
success 0 0
1619610608.683661
NtProtectVirtualMemory
process_identifier: 1396
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 286720
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x007d2000
success 0 0
1619610610.496661
NtAllocateVirtualMemory
process_identifier: 1396
region_size: 1769472
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 8192 (MEM_RESERVE)
base_address: 0x021b0000
success 0 0
1619610610.496661
NtAllocateVirtualMemory
process_identifier: 1396
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x02320000
success 0 0
1619610612.668661
NtProtectVirtualMemory
process_identifier: 1396
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x01ea2000
success 0 0
1619610612.668661
NtProtectVirtualMemory
process_identifier: 1396
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76351000
success 0 0
1619610612.668661
NtProtectVirtualMemory
process_identifier: 1396
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x01ea2000
success 0 0
1619610612.668661
NtProtectVirtualMemory
process_identifier: 1396
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76353000
success 0 0
1619610612.668661
NtProtectVirtualMemory
process_identifier: 1396
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x01ea2000
success 0 0
1619610612.668661
NtProtectVirtualMemory
process_identifier: 1396
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76354000
success 0 0
1619610612.668661
NtProtectVirtualMemory
process_identifier: 1396
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x01ea2000
success 0 0
1619610612.683661
NtProtectVirtualMemory
process_identifier: 1396
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76351000
success 0 0
1619610612.683661
NtProtectVirtualMemory
process_identifier: 1396
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x01ea2000
success 0 0
1619610612.683661
NtProtectVirtualMemory
process_identifier: 1396
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x77d4f000
success 0 0
1619610612.683661
NtProtectVirtualMemory
process_identifier: 1396
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x01ea2000
success 0 0
1619610612.683661
NtProtectVirtualMemory
process_identifier: 1396
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76353000
success 0 0
1619610612.683661
NtProtectVirtualMemory
process_identifier: 1396
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x01ea2000
success 0 0
1619610612.683661
NtProtectVirtualMemory
process_identifier: 1396
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76351000
success 0 0
1619610612.683661
NtProtectVirtualMemory
process_identifier: 1396
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x01ea2000
success 0 0
1619610612.683661
NtProtectVirtualMemory
process_identifier: 1396
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76351000
success 0 0
1619610612.683661
NtProtectVirtualMemory
process_identifier: 1396
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x01ea2000
success 0 0
1619610612.683661
NtProtectVirtualMemory
process_identifier: 1396
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76354000
success 0 0
1619610612.683661
NtProtectVirtualMemory
process_identifier: 1396
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x01ea2000
success 0 0
1619610612.683661
NtProtectVirtualMemory
process_identifier: 1396
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76351000
success 0 0
Searches running processes potentially to identify processes for sandbox evasion, code injection or memory dumping (45 个事件)
The binary likely contains encrypted or compressed data indicative of a packer (2 个事件)
entropy 7.357503851476884 section {'size_of_data': '0x0003e600', 'virtual_address': '0x00083000', 'entropy': 7.357503851476884, 'name': '.rsrc', 'virtual_size': '0x0003e590'} description A section with a high entropy has been found
entropy 0.3344504021447721 description Overall entropy of this PE file is high
网络通信
Used NtSetContextThread to modify a thread in a remote process indicative of process injection (2 个事件)
Process injection Process 884 called NtSetContextThread to modify thread in remote process 1396
Time & API Arguments Status Return Repeated
1619610603.931588
NtSetContextThread
thread_handle: 0x000000fc
registers.eip: 0
registers.esp: 0
registers.edi: 0
registers.eax: 4859472
registers.ebp: 0
registers.edx: 0
registers.ebx: 2130567168
registers.esi: 0
registers.ecx: 0
process_identifier: 1396
success 0 0
Resumed a suspended thread in a remote process potentially indicative of process injection (2 个事件)
Process injection Process 884 resumed a thread in remote process 1396
Time & API Arguments Status Return Repeated
1619610606.774588
NtResumeThread
thread_handle: 0x000000fc
suspend_count: 1
process_identifier: 1396
success 0 0
Executed a process and injected code into it, probably while unpacking (6 个事件)
Time & API Arguments Status Return Repeated
1619610603.915588
CreateProcessInternalW
thread_identifier: 1564
thread_handle: 0x000000fc
process_identifier: 1396
current_directory:
filepath:
track: 1
command_line: "C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\69ce67f936596fa76b3f26f6b496ab37.exe"
filepath_r:
stack_pivoted: 0
creation_flags: 4 (CREATE_SUSPENDED)
process_handle: 0x00000100
inherit_handles: 0
success 1 0
1619610603.915588
NtUnmapViewOfSection
process_identifier: 1396
region_size: 4096
process_handle: 0x00000100
base_address: 0x00400000
success 0 0
1619610603.915588
NtMapViewOfSection
section_handle: 0x00000108
process_identifier: 1396
commit_size: 671744
win32_protect: 64 (PAGE_EXECUTE_READWRITE)
buffer:
process_handle: 0x00000100
allocation_type: 0 ()
section_offset: 0
view_size: 671744
base_address: 0x00400000
success 0 0
1619610603.931588
NtGetContextThread
thread_handle: 0x000000fc
success 0 0
1619610603.931588
NtSetContextThread
thread_handle: 0x000000fc
registers.eip: 0
registers.esp: 0
registers.edi: 0
registers.eax: 4859472
registers.ebp: 0
registers.edx: 0
registers.ebx: 2130567168
registers.esi: 0
registers.ecx: 0
process_identifier: 1396
success 0 0
1619610606.774588
NtResumeThread
thread_handle: 0x000000fc
suspend_count: 1
process_identifier: 1396
success 0 0
File has been identified by 61 AntiVirus engines on VirusTotal as malicious (50 out of 61 个事件)
Bkav W32.AIDetectVM.malware1
Elastic malicious (high confidence)
MicroWorld-eScan Trojan.GenericKD.43343449
FireEye Generic.mg.69ce67f936596fa7
ALYac Trojan.GenericKD.43343449
Cylance Unsafe
VIPRE Trojan.Win32.Generic!BT
Sangfor Malware
CrowdStrike win/malicious_confidence_100% (W)
BitDefender Trojan.GenericKD.43343449
K7GW Trojan ( 005680341 )
K7AntiVirus Trojan ( 005680341 )
BitDefenderTheta Gen:NN.ZelphiF.34670.UGW@aWZWENji
Cyren W32/Trojan.CMCE-7540
Symantec Trojan.Gen.2
ESET-NOD32 a variant of Win32/Injector.EMJV
APEX Malicious
Avast Win32:Malware-gen
ClamAV Win.Malware.Generic-8041624-0
Kaspersky HEUR:Trojan.Win32.Crypt.gen
Alibaba Trojan:Win32/Occamy.98adc089
NANO-Antivirus Trojan.Win32.TrjGen.hlfmtd
ViRobot Trojan.Win32.Agent.656896.D
AegisLab Trojan.Multi.Generic.4!c
Tencent Win32.Trojan.Crypt.Wrra
Ad-Aware Trojan.GenericKD.43343449
Emsisoft Trojan.GenericKD.43343449 (B)
Comodo Malware@#l0vsb3ba6i3m
F-Secure Trojan.TR/Kryptik.fqiig
DrWeb Trojan.PWS.Siggen2.50617
Zillya Trojan.Injector.Win32.743673
TrendMicro TrojanSpy.Win32.LOKI.SMTHG
McAfee-GW-Edition BehavesLike.Win32.Fareit.bc
Sophos Mal/Generic-S
Ikarus Trojan-Spy.LokiBot
Jiangmin Trojan.Kryptik.bgw
Avira TR/Kryptik.fqiig
MAX malware (ai score=80)
Antiy-AVL Trojan/Win32.Crypt
Microsoft PWS:Win32/Fareit.SM!MTB
Gridinsoft Trojan.Win32.Kryptik.oa
Arcabit Trojan.Generic.D2955E59
AhnLab-V3 Suspicious/Win.Delphiless.X2066
ZoneAlarm HEUR:Trojan.Win32.Crypt.gen
GData Trojan.GenericKD.43343449
Cynet Malicious (score: 100)
Acronis suspicious
McAfee Fareit-FTB!69CE67F93659
VBA32 TScope.Trojan.Delf
Malwarebytes Spyware.Agent
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

1992-06-20 06:22:17

Imports

Library kernel32.dll:
0x476164 VirtualFree
0x476168 VirtualAlloc
0x47616c LocalFree
0x476170 LocalAlloc
0x476174 GetVersion
0x476178 GetCurrentThreadId
0x476184 VirtualQuery
0x476188 WideCharToMultiByte
0x47618c MultiByteToWideChar
0x476190 lstrlenA
0x476194 lstrcpynA
0x476198 LoadLibraryExA
0x47619c GetThreadLocale
0x4761a0 GetStartupInfoA
0x4761a4 GetProcAddress
0x4761a8 GetModuleHandleA
0x4761ac GetModuleFileNameA
0x4761b0 GetLocaleInfoA
0x4761b4 GetCommandLineA
0x4761b8 FreeLibrary
0x4761bc FindFirstFileA
0x4761c0 FindClose
0x4761c4 ExitProcess
0x4761c8 WriteFile
0x4761d0 RtlUnwind
0x4761d4 RaiseException
0x4761d8 GetStdHandle
Library user32.dll:
0x4761e0 GetKeyboardType
0x4761e4 LoadStringA
0x4761e8 MessageBoxA
0x4761ec CharNextA
Library advapi32.dll:
0x4761f4 RegQueryValueExA
0x4761f8 RegOpenKeyExA
0x4761fc RegCloseKey
Library oleaut32.dll:
0x476204 SysFreeString
0x476208 SysReAllocStringLen
0x47620c SysAllocStringLen
Library kernel32.dll:
0x476214 TlsSetValue
0x476218 TlsGetValue
0x47621c LocalAlloc
0x476220 GetModuleHandleA
Library advapi32.dll:
0x476228 RegQueryValueExA
0x47622c RegOpenKeyExA
0x476230 RegCloseKey
Library kernel32.dll:
0x476238 lstrcpyA
0x47623c WriteFile
0x476244 WaitForSingleObject
0x476248 VirtualQuery
0x47624c VirtualAlloc
0x476250 Sleep
0x476254 SizeofResource
0x476258 SetThreadLocale
0x47625c SetFilePointer
0x476260 SetEvent
0x476264 SetErrorMode
0x476268 SetEndOfFile
0x47626c ResetEvent
0x476270 ReadFile
0x476274 MultiByteToWideChar
0x476278 MulDiv
0x47627c LockResource
0x476280 LoadResource
0x476284 LoadLibraryA
0x476290 GlobalUnlock
0x476294 GlobalReAlloc
0x476298 GlobalHandle
0x47629c GlobalLock
0x4762a0 GlobalFree
0x4762a4 GlobalFindAtomA
0x4762a8 GlobalDeleteAtom
0x4762ac GlobalAlloc
0x4762b0 GlobalAddAtomA
0x4762b4 GetVersionExA
0x4762b8 GetVersion
0x4762bc GetTickCount
0x4762c0 GetThreadLocale
0x4762c8 GetSystemTime
0x4762cc GetSystemInfo
0x4762d0 GetStringTypeExA
0x4762d4 GetStdHandle
0x4762d8 GetProcAddress
0x4762dc GetModuleHandleA
0x4762e0 GetModuleFileNameA
0x4762e4 GetLocaleInfoA
0x4762e8 GetLocalTime
0x4762ec GetLastError
0x4762f0 GetFullPathNameA
0x4762f4 GetFileAttributesA
0x4762f8 GetDiskFreeSpaceA
0x4762fc GetDateFormatA
0x476300 GetCurrentThreadId
0x476304 GetCurrentProcessId
0x476308 GetCPInfo
0x47630c GetACP
0x476310 FreeResource
0x476314 InterlockedExchange
0x476318 FreeLibrary
0x47631c FormatMessageA
0x476320 FindResourceA
0x476324 FindFirstFileA
0x476328 FindClose
0x476334 ExitThread
0x476338 EnumCalendarInfoA
0x476344 CreateThread
0x476348 CreateFileA
0x47634c CreateEventA
0x476350 CompareStringA
0x476354 CloseHandle
Library version.dll:
0x47635c VerQueryValueA
0x476364 GetFileVersionInfoA
Library gdi32.dll:
0x47636c UnrealizeObject
0x476370 StretchBlt
0x476374 SetWindowOrgEx
0x476378 SetWinMetaFileBits
0x47637c SetViewportOrgEx
0x476380 SetTextColor
0x476384 SetStretchBltMode
0x476388 SetROP2
0x47638c SetPixel
0x476390 SetEnhMetaFileBits
0x476394 SetDIBColorTable
0x476398 SetBrushOrgEx
0x47639c SetBkMode
0x4763a0 SetBkColor
0x4763a4 SelectPalette
0x4763a8 SelectObject
0x4763ac SelectClipPath
0x4763b0 SaveDC
0x4763b4 RestoreDC
0x4763b8 Rectangle
0x4763bc RectVisible
0x4763c0 RealizePalette
0x4763c4 Polyline
0x4763c8 PlayEnhMetaFile
0x4763cc PatBlt
0x4763d0 MoveToEx
0x4763d4 MaskBlt
0x4763d8 LineTo
0x4763dc IntersectClipRect
0x4763e0 GetWindowOrgEx
0x4763e4 GetWinMetaFileBits
0x4763e8 GetTextMetricsA
0x4763f4 GetStockObject
0x4763f8 GetPixel
0x4763fc GetPaletteEntries
0x476400 GetObjectA
0x47640c GetEnhMetaFileBits
0x476410 GetDeviceCaps
0x476414 GetDIBits
0x476418 GetDIBColorTable
0x47641c GetDCOrgEx
0x476424 GetClipBox
0x476428 GetBrushOrgEx
0x47642c GetBitmapBits
0x476430 ExcludeClipRect
0x476434 DeleteObject
0x476438 DeleteEnhMetaFile
0x47643c DeleteDC
0x476440 CreateSolidBrush
0x476444 CreatePenIndirect
0x476448 CreatePalette
0x476450 CreateFontIndirectA
0x476454 CreateDIBitmap
0x476458 CreateDIBSection
0x47645c CreateCompatibleDC
0x476464 CreateBrushIndirect
0x476468 CreateBitmap
0x47646c CopyEnhMetaFileA
0x476470 BitBlt
Library user32.dll:
0x476478 CreateWindowExA
0x47647c WindowFromPoint
0x476480 WinHelpA
0x476484 WaitMessage
0x476488 UpdateWindow
0x47648c UnregisterClassA
0x476490 UnhookWindowsHookEx
0x476494 TranslateMessage
0x47649c TrackPopupMenu
0x4764a4 ShowWindow
0x4764a8 ShowScrollBar
0x4764ac ShowOwnedPopups
0x4764b0 ShowCursor
0x4764b4 SetWindowsHookExA
0x4764b8 SetWindowPos
0x4764bc SetWindowPlacement
0x4764c0 SetWindowLongA
0x4764c4 SetTimer
0x4764c8 SetScrollRange
0x4764cc SetScrollPos
0x4764d0 SetScrollInfo
0x4764d4 SetRect
0x4764d8 SetPropA
0x4764dc SetParent
0x4764e0 SetMenuItemInfoA
0x4764e4 SetMenu
0x4764e8 SetForegroundWindow
0x4764ec SetFocus
0x4764f0 SetCursor
0x4764f4 SetClassLongA
0x4764f8 SetCapture
0x4764fc SetActiveWindow
0x476500 SendMessageA
0x476504 ScrollWindow
0x476508 ScreenToClient
0x47650c RemovePropA
0x476510 RemoveMenu
0x476514 ReleaseDC
0x476518 ReleaseCapture
0x476524 RegisterClassA
0x476528 RedrawWindow
0x47652c PtInRect
0x476530 PostQuitMessage
0x476534 PostMessageA
0x476538 PeekMessageA
0x47653c OffsetRect
0x476540 OemToCharA
0x476544 MessageBoxA
0x476548 MapWindowPoints
0x47654c MapVirtualKeyA
0x476550 LoadStringA
0x476554 LoadKeyboardLayoutA
0x476558 LoadIconA
0x47655c LoadCursorA
0x476560 LoadBitmapA
0x476564 KillTimer
0x476568 IsZoomed
0x47656c IsWindowVisible
0x476570 IsWindowEnabled
0x476574 IsWindow
0x476578 IsRectEmpty
0x47657c IsIconic
0x476580 IsDialogMessageA
0x476584 IsChild
0x476588 InvalidateRect
0x47658c IntersectRect
0x476590 InsertMenuItemA
0x476594 InsertMenuA
0x476598 InflateRect
0x4765a0 GetWindowTextA
0x4765a4 GetWindowRect
0x4765a8 GetWindowPlacement
0x4765ac GetWindowLongA
0x4765b0 GetWindowDC
0x4765b4 GetTopWindow
0x4765b8 GetSystemMetrics
0x4765bc GetSystemMenu
0x4765c0 GetSysColorBrush
0x4765c4 GetSysColor
0x4765c8 GetSubMenu
0x4765cc GetScrollRange
0x4765d0 GetScrollPos
0x4765d4 GetScrollInfo
0x4765d8 GetPropA
0x4765dc GetParent
0x4765e0 GetWindow
0x4765e4 GetMenuStringA
0x4765e8 GetMenuState
0x4765ec GetMenuItemInfoA
0x4765f0 GetMenuItemID
0x4765f4 GetMenuItemCount
0x4765f8 GetMenu
0x4765fc GetLastActivePopup
0x476600 GetKeyboardState
0x476608 GetKeyboardLayout
0x47660c GetKeyState
0x476610 GetKeyNameTextA
0x476614 GetIconInfo
0x476618 GetForegroundWindow
0x47661c GetFocus
0x476620 GetDlgItem
0x476624 GetDesktopWindow
0x476628 GetDCEx
0x47662c GetDC
0x476630 GetCursorPos
0x476634 GetCursor
0x476638 GetClipboardData
0x47663c GetClientRect
0x476640 GetClassNameA
0x476644 GetClassInfoA
0x476648 GetCapture
0x47664c GetActiveWindow
0x476650 FrameRect
0x476654 FindWindowA
0x476658 FillRect
0x47665c EqualRect
0x476660 EnumWindows
0x476664 EnumThreadWindows
0x476668 EndPaint
0x47666c EnableWindow
0x476670 EnableScrollBar
0x476674 EnableMenuItem
0x476678 DrawTextA
0x47667c DrawMenuBar
0x476680 DrawIconEx
0x476684 DrawIcon
0x476688 DrawFrameControl
0x47668c DrawEdge
0x476690 DispatchMessageA
0x476694 DestroyWindow
0x476698 DestroyMenu
0x47669c DestroyIcon
0x4766a0 DestroyCursor
0x4766a4 DeleteMenu
0x4766a8 DefWindowProcA
0x4766ac DefMDIChildProcA
0x4766b0 DefFrameProcA
0x4766b4 CreatePopupMenu
0x4766b8 CreateMenu
0x4766bc CreateIcon
0x4766c0 ClientToScreen
0x4766c4 CheckMenuItem
0x4766c8 CallWindowProcA
0x4766cc CallNextHookEx
0x4766d0 BeginPaint
0x4766d4 CharNextA
0x4766d8 CharLowerBuffA
0x4766dc CharLowerA
0x4766e0 CharUpperBuffA
0x4766e4 CharToOemA
0x4766e8 AdjustWindowRectEx
Library kernel32.dll:
0x4766f4 Sleep
Library oleaut32.dll:
0x4766fc SafeArrayPtrOfIndex
0x476700 SafeArrayPutElement
0x476704 SafeArrayGetElement
0x47670c SafeArrayAccessData
0x476710 SafeArrayGetUBound
0x476714 SafeArrayGetLBound
0x476718 SafeArrayCreate
0x47671c VariantChangeType
0x476720 VariantCopyInd
0x476724 VariantCopy
0x476728 VariantClear
0x47672c VariantInit
Library ole32.dll:
0x476734 CoUninitialize
0x476738 CoInitialize
0x47673c IsEqualGUID
Library oleaut32.dll:
0x476744 CreateErrorInfo
0x476748 GetErrorInfo
0x47674c SetErrorInfo
0x476750 SysFreeString
Library comctl32.dll:
0x476760 ImageList_Write
0x476764 ImageList_Read
0x476774 ImageList_DragMove
0x476778 ImageList_DragLeave
0x47677c ImageList_DragEnter
0x476780 ImageList_EndDrag
0x476784 ImageList_BeginDrag
0x476788 ImageList_Remove
0x47678c ImageList_DrawEx
0x476790 ImageList_Replace
0x476794 ImageList_Draw
0x4767a4 ImageList_Add
0x4767ac ImageList_Destroy
0x4767b0 ImageList_Create
Library comdlg32.dll:
0x4767b8 GetSaveFileNameA
0x4767bc GetOpenFileNameA

Hosts

No hosts contacted.

DNS

No domains contacted.

TCP

No TCP connections recorded.

UDP

No UDP connections recorded.

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.