5.0
中危
该样本未表现出任何异常!
重新分析
更多

0de023c805c4aabdc9dab70f5660298017276e1a14ca05683e09ff51a1acf7fa

6df4fddd3267ebfec3f7bd6f9101afa0.exe

分析耗时

29s

最近分析

文件大小

1.1MB
静态报毒 动态报毒
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
未检测 暂无反病毒引擎检测结果
静态指标
The executable contains unknown PE section names indicative of a packer (could be a false positive) (3 个事件)
section CODE
section DATA
section BSS
The executable uses a known packer (1 个事件)
packer BobSoft Mini Delphi -> BoB / BobSoft
One or more processes crashed (1 个事件)
Time & API Arguments Status Return Repeated
1619602823.34625
__exception__
stacktrace: 
RtlFlsAlloc+0x421 EtwNotificationRegister-0x6ae ntdll+0x3ee84 @ 0x77d6ee84
RtlRunOnceComplete+0x3a4 LdrLoadDll-0xb1 ntdll+0x3c389 @ 0x77d6c389
LdrLoadDll+0x7b _strcmpi-0x304 ntdll+0x3c4b5 @ 0x77d6c4b5
New_ntdll_LdrLoadDll@16+0x7b New_ntdll_LdrUnloadDll@4-0xb7 @ 0x752ad4cf
LoadLibraryExW+0x178 LoadLibraryExA-0x2a kernelbase+0x11d2a @ 0x778f1d2a
6df4fddd3267ebfec3f7bd6f9101afa0+0xcc3f8 @ 0x4cc3f8
_CorValidateImage+0x83f _CorExeMain-0x2cc mscoree+0x4b0f @ 0x75134b0f
_CorExeMain+0xf62 CreateConfigStream-0x209a mscoree+0x5d3d @ 0x75135d3d
6df4fddd3267ebfec3f7bd6f9101afa0+0x17005c @ 0x57005c

registers.esp: 1633872
registers.edi: 0
registers.eax: 0
registers.ebp: 1633912
registers.edx: 582600
registers.ebx: 0
registers.esi: 1634116
registers.ecx: 176
exception.symbol:
exception.exception_code: 0xc0000005
exception.address: 0xff6114ad
success 0 0
行为判定
动态指标
One or more potentially interesting buffers were extracted, these generally contain injected code, configuration data, etc.
Allocates read-write-execute memory (usually to unpack itself) (28 个事件)
Time & API Arguments Status Return Repeated
1619596027.267879
NtAllocateVirtualMemory
process_identifier: 2764
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00360000
success 0 0
1619596027.439879
NtProtectVirtualMemory
process_identifier: 2764
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 36864
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00461000
success 0 0
1619596027.454879
NtAllocateVirtualMemory
process_identifier: 2764
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x02020000
success 0 0
1619602822.15925
NtProtectVirtualMemory
process_identifier: 2620
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00400000
success 0 0
1619602822.31525
NtAllocateVirtualMemory
process_identifier: 2620
region_size: 524288
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 8192 (MEM_RESERVE)
base_address: 0x01fa0000
success 0 0
1619602822.31525
NtAllocateVirtualMemory
process_identifier: 2620
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x01fe0000
success 0 0
1619602822.31525
NtAllocateVirtualMemory
process_identifier: 2620
region_size: 802816
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x020c0000
success 0 0
1619602822.31525
NtProtectVirtualMemory
process_identifier: 2620
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 778240
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x020c2000
success 0 0
1619602823.26825
NtProtectVirtualMemory
process_identifier: 2620
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x020b2000
success 0 0
1619602823.26825
NtProtectVirtualMemory
process_identifier: 2620
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76351000
success 0 0
1619602823.26825
NtProtectVirtualMemory
process_identifier: 2620
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x020b2000
success 0 0
1619602823.26825
NtProtectVirtualMemory
process_identifier: 2620
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76353000
success 0 0
1619602823.26825
NtProtectVirtualMemory
process_identifier: 2620
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x020b2000
success 0 0
1619602823.26825
NtProtectVirtualMemory
process_identifier: 2620
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76354000
success 0 0
1619602823.26825
NtProtectVirtualMemory
process_identifier: 2620
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x020b2000
success 0 0
1619602823.26825
NtProtectVirtualMemory
process_identifier: 2620
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76351000
success 0 0
1619602823.26825
NtProtectVirtualMemory
process_identifier: 2620
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x020b2000
success 0 0
1619602823.26825
NtProtectVirtualMemory
process_identifier: 2620
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x77d4f000
success 0 0
1619602823.26825
NtProtectVirtualMemory
process_identifier: 2620
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x020b2000
success 0 0
1619602823.26825
NtProtectVirtualMemory
process_identifier: 2620
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76353000
success 0 0
1619602823.28425
NtProtectVirtualMemory
process_identifier: 2620
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x020b2000
success 0 0
1619602823.28425
NtProtectVirtualMemory
process_identifier: 2620
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76351000
success 0 0
1619602823.28425
NtProtectVirtualMemory
process_identifier: 2620
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x020b2000
success 0 0
1619602823.28425
NtProtectVirtualMemory
process_identifier: 2620
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76351000
success 0 0
1619602823.28425
NtProtectVirtualMemory
process_identifier: 2620
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x020b2000
success 0 0
1619602823.28425
NtProtectVirtualMemory
process_identifier: 2620
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76354000
success 0 0
1619602823.28425
NtProtectVirtualMemory
process_identifier: 2620
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x020b2000
success 0 0
1619602823.28425
NtProtectVirtualMemory
process_identifier: 2620
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76351000
success 0 0
Searches running processes potentially to identify processes for sandbox evasion, code injection or memory dumping (3 个事件)
The binary likely contains encrypted or compressed data indicative of a packer (2 个事件)
entropy 7.605591123780489 section {'size_of_data': '0x000a7200', 'virtual_address': '0x0007a000', 'entropy': 7.605591123780489, 'name': '.rsrc', 'virtual_size': '0x000a7020'} description A section with a high entropy has been found
entropy 0.5908086610693769 description Overall entropy of this PE file is high
网络通信
Communicates with host for which no DNS query was performed (1 个事件)
host 172.217.24.14
Used NtSetContextThread to modify a thread in a remote process indicative of process injection (2 个事件)
Process injection Process 2764 called NtSetContextThread to modify thread in remote process 2620
Time & API Arguments Status Return Repeated
1619596028.908879
NtSetContextThread
thread_handle: 0x00000100
registers.eip: 0
registers.esp: 0
registers.edi: 0
registers.eax: 5871744
registers.ebp: 0
registers.edx: 0
registers.ebx: 2130567168
registers.esi: 0
registers.ecx: 0
process_identifier: 2620
success 0 0
Resumed a suspended thread in a remote process potentially indicative of process injection (2 个事件)
Process injection Process 2764 resumed a thread in remote process 2620
Time & API Arguments Status Return Repeated
1619596029.720879
NtResumeThread
thread_handle: 0x00000100
suspend_count: 1
process_identifier: 2620
success 0 0
Executed a process and injected code into it, probably while unpacking (6 个事件)
Time & API Arguments Status Return Repeated
1619596028.048879
CreateProcessInternalW
thread_identifier: 2616
thread_handle: 0x00000100
process_identifier: 2620
current_directory:
filepath:
track: 1
command_line: "C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\6df4fddd3267ebfec3f7bd6f9101afa0.exe"
filepath_r:
stack_pivoted: 0
creation_flags: 4 (CREATE_SUSPENDED)
process_handle: 0x00000104
inherit_handles: 0
success 1 0
1619596028.048879
NtUnmapViewOfSection
process_identifier: 2620
region_size: 4096
process_handle: 0x00000104
base_address: 0x00400000
success 0 0
1619596028.048879
NtMapViewOfSection
section_handle: 0x0000010c
process_identifier: 2620
commit_size: 1683456
win32_protect: 64 (PAGE_EXECUTE_READWRITE)
buffer:
process_handle: 0x00000104
allocation_type: 0 ()
section_offset: 0
view_size: 1683456
base_address: 0x00400000
success 0 0
1619596028.908879
NtGetContextThread
thread_handle: 0x00000100
success 0 0
1619596028.908879
NtSetContextThread
thread_handle: 0x00000100
registers.eip: 0
registers.esp: 0
registers.edi: 0
registers.eax: 5871744
registers.ebp: 0
registers.edx: 0
registers.ebx: 2130567168
registers.esi: 0
registers.ecx: 0
process_identifier: 2620
success 0 0
1619596029.720879
NtResumeThread
thread_handle: 0x00000100
suspend_count: 1
process_identifier: 2620
success 0 0
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

1992-06-20 06:22:17

Imports

Library kernel32.dll:
0x46d13c VirtualFree
0x46d140 VirtualAlloc
0x46d144 LocalFree
0x46d148 LocalAlloc
0x46d14c GetVersion
0x46d150 GetCurrentThreadId
0x46d15c VirtualQuery
0x46d160 WideCharToMultiByte
0x46d164 MultiByteToWideChar
0x46d168 lstrlenA
0x46d16c lstrcpynA
0x46d170 LoadLibraryExA
0x46d174 GetThreadLocale
0x46d178 GetStartupInfoA
0x46d17c GetProcAddress
0x46d180 GetModuleHandleA
0x46d184 GetModuleFileNameA
0x46d188 GetLocaleInfoA
0x46d18c GetCommandLineA
0x46d190 FreeLibrary
0x46d194 FindFirstFileA
0x46d198 FindClose
0x46d19c ExitProcess
0x46d1a0 WriteFile
0x46d1a8 RtlUnwind
0x46d1ac RaiseException
0x46d1b0 GetStdHandle
Library user32.dll:
0x46d1b8 GetKeyboardType
0x46d1bc LoadStringA
0x46d1c0 MessageBoxA
0x46d1c4 CharNextA
Library advapi32.dll:
0x46d1cc RegQueryValueExA
0x46d1d0 RegOpenKeyExA
0x46d1d4 RegCloseKey
Library oleaut32.dll:
0x46d1dc SysFreeString
0x46d1e0 SysReAllocStringLen
0x46d1e4 SysAllocStringLen
Library kernel32.dll:
0x46d1ec TlsSetValue
0x46d1f0 TlsGetValue
0x46d1f4 LocalAlloc
0x46d1f8 GetModuleHandleA
Library advapi32.dll:
0x46d200 RegQueryValueExA
0x46d204 RegOpenKeyExA
0x46d208 RegCloseKey
Library kernel32.dll:
0x46d210 lstrcpyA
0x46d214 WriteFile
0x46d218 WaitForSingleObject
0x46d21c VirtualQuery
0x46d220 VirtualProtect
0x46d224 VirtualAlloc
0x46d228 Sleep
0x46d22c SizeofResource
0x46d230 SetThreadLocale
0x46d234 SetFilePointer
0x46d238 SetEvent
0x46d23c SetErrorMode
0x46d240 SetEndOfFile
0x46d244 ResetEvent
0x46d248 ReadFile
0x46d24c MulDiv
0x46d250 LockResource
0x46d254 LoadResource
0x46d258 LoadLibraryA
0x46d264 GlobalUnlock
0x46d268 GlobalReAlloc
0x46d26c GlobalHandle
0x46d270 GlobalLock
0x46d274 GlobalFree
0x46d278 GlobalFindAtomA
0x46d27c GlobalDeleteAtom
0x46d280 GlobalAlloc
0x46d284 GlobalAddAtomA
0x46d288 GetVersionExA
0x46d28c GetVersion
0x46d290 GetTickCount
0x46d294 GetThreadLocale
0x46d298 GetSystemInfo
0x46d29c GetStringTypeExA
0x46d2a0 GetStdHandle
0x46d2a4 GetProcAddress
0x46d2a8 GetModuleHandleA
0x46d2ac GetModuleFileNameA
0x46d2b0 GetLocaleInfoA
0x46d2b4 GetLocalTime
0x46d2b8 GetLastError
0x46d2bc GetFullPathNameA
0x46d2c0 GetFileAttributesA
0x46d2c4 GetDiskFreeSpaceA
0x46d2c8 GetDateFormatA
0x46d2cc GetCurrentThreadId
0x46d2d0 GetCurrentProcessId
0x46d2d4 GetCPInfo
0x46d2d8 GetACP
0x46d2dc FreeResource
0x46d2e0 InterlockedExchange
0x46d2e4 FreeLibrary
0x46d2e8 FormatMessageA
0x46d2ec FindResourceA
0x46d2f0 FindFirstFileA
0x46d2f4 FindClose
0x46d300 EnumCalendarInfoA
0x46d30c CreateThread
0x46d310 CreateFileA
0x46d314 CreateEventA
0x46d318 CompareStringA
0x46d31c CloseHandle
Library version.dll:
0x46d324 VerQueryValueA
0x46d32c GetFileVersionInfoA
Library gdi32.dll:
0x46d334 UnrealizeObject
0x46d338 StretchBlt
0x46d33c SetWindowOrgEx
0x46d340 SetWinMetaFileBits
0x46d344 SetViewportOrgEx
0x46d348 SetTextColor
0x46d34c SetStretchBltMode
0x46d350 SetROP2
0x46d354 SetPixel
0x46d358 SetEnhMetaFileBits
0x46d35c SetDIBColorTable
0x46d360 SetBrushOrgEx
0x46d364 SetBkMode
0x46d368 SetBkColor
0x46d36c SelectPalette
0x46d370 SelectObject
0x46d374 SaveDC
0x46d378 RestoreDC
0x46d37c Rectangle
0x46d380 RectVisible
0x46d384 RealizePalette
0x46d388 Polyline
0x46d38c PlayEnhMetaFile
0x46d390 PatBlt
0x46d394 MoveToEx
0x46d398 MaskBlt
0x46d39c LineTo
0x46d3a0 IntersectClipRect
0x46d3a4 GetWindowOrgEx
0x46d3a8 GetWinMetaFileBits
0x46d3ac GetTextMetricsA
0x46d3b8 GetStockObject
0x46d3bc GetPixel
0x46d3c0 GetPaletteEntries
0x46d3c4 GetObjectA
0x46d3d0 GetEnhMetaFileBits
0x46d3d4 GetDeviceCaps
0x46d3d8 GetDIBits
0x46d3dc GetDIBColorTable
0x46d3e0 GetDCOrgEx
0x46d3e8 GetClipBox
0x46d3ec GetBrushOrgEx
0x46d3f0 GetBitmapBits
0x46d3f4 ExtTextOutA
0x46d3f8 ExcludeClipRect
0x46d3fc DeleteObject
0x46d400 DeleteEnhMetaFile
0x46d404 DeleteDC
0x46d408 CreateSolidBrush
0x46d40c CreatePenIndirect
0x46d410 CreatePalette
0x46d418 CreateFontIndirectA
0x46d41c CreateDIBitmap
0x46d420 CreateDIBSection
0x46d424 CreateCompatibleDC
0x46d42c CreateBrushIndirect
0x46d430 CreateBitmap
0x46d434 CopyEnhMetaFileA
0x46d438 BitBlt
Library user32.dll:
0x46d440 CreateWindowExA
0x46d444 WindowFromPoint
0x46d448 WinHelpA
0x46d44c WaitMessage
0x46d450 UpdateWindow
0x46d454 UnregisterClassA
0x46d458 UnhookWindowsHookEx
0x46d45c TranslateMessage
0x46d464 TrackPopupMenu
0x46d46c ShowWindow
0x46d470 ShowScrollBar
0x46d474 ShowOwnedPopups
0x46d478 ShowCursor
0x46d47c SetWindowsHookExA
0x46d480 SetWindowTextA
0x46d484 SetWindowPos
0x46d488 SetWindowPlacement
0x46d48c SetWindowLongA
0x46d490 SetTimer
0x46d494 SetScrollRange
0x46d498 SetScrollPos
0x46d49c SetScrollInfo
0x46d4a0 SetRect
0x46d4a4 SetPropA
0x46d4a8 SetParent
0x46d4ac SetMenuItemInfoA
0x46d4b0 SetMenu
0x46d4b4 SetForegroundWindow
0x46d4b8 SetFocus
0x46d4bc SetCursor
0x46d4c0 SetClassLongA
0x46d4c4 SetCapture
0x46d4c8 SetActiveWindow
0x46d4cc SendMessageA
0x46d4d0 ScrollWindow
0x46d4d4 ScreenToClient
0x46d4d8 RemovePropA
0x46d4dc RemoveMenu
0x46d4e0 ReleaseDC
0x46d4e4 ReleaseCapture
0x46d4f0 RegisterClassA
0x46d4f4 RedrawWindow
0x46d4f8 PtInRect
0x46d4fc PostQuitMessage
0x46d500 PostMessageA
0x46d504 PeekMessageA
0x46d508 OffsetRect
0x46d50c OemToCharA
0x46d510 MessageBoxA
0x46d514 MapWindowPoints
0x46d518 MapVirtualKeyA
0x46d51c LoadStringA
0x46d520 LoadKeyboardLayoutA
0x46d524 LoadIconA
0x46d528 LoadCursorA
0x46d52c LoadBitmapA
0x46d530 KillTimer
0x46d534 IsZoomed
0x46d538 IsWindowVisible
0x46d53c IsWindowEnabled
0x46d540 IsWindow
0x46d544 IsRectEmpty
0x46d548 IsIconic
0x46d54c IsDialogMessageA
0x46d550 IsChild
0x46d554 InvalidateRect
0x46d558 IntersectRect
0x46d55c InsertMenuItemA
0x46d560 InsertMenuA
0x46d564 InflateRect
0x46d56c GetWindowTextA
0x46d570 GetWindowRect
0x46d574 GetWindowPlacement
0x46d578 GetWindowLongA
0x46d57c GetWindowDC
0x46d580 GetTopWindow
0x46d584 GetSystemMetrics
0x46d588 GetSystemMenu
0x46d58c GetSysColorBrush
0x46d590 GetSysColor
0x46d594 GetSubMenu
0x46d598 GetScrollRange
0x46d59c GetScrollPos
0x46d5a0 GetScrollInfo
0x46d5a4 GetPropA
0x46d5a8 GetParent
0x46d5ac GetWindow
0x46d5b0 GetMessageTime
0x46d5b4 GetMenuStringA
0x46d5b8 GetMenuState
0x46d5bc GetMenuItemInfoA
0x46d5c0 GetMenuItemID
0x46d5c4 GetMenuItemCount
0x46d5c8 GetMenu
0x46d5cc GetLastActivePopup
0x46d5d0 GetKeyboardState
0x46d5d8 GetKeyboardLayout
0x46d5dc GetKeyState
0x46d5e0 GetKeyNameTextA
0x46d5e4 GetIconInfo
0x46d5e8 GetForegroundWindow
0x46d5ec GetFocus
0x46d5f0 GetDlgItem
0x46d5f4 GetDesktopWindow
0x46d5f8 GetDCEx
0x46d5fc GetDC
0x46d600 GetCursorPos
0x46d604 GetCursor
0x46d608 GetClipboardData
0x46d60c GetClientRect
0x46d610 GetClassNameA
0x46d614 GetClassInfoA
0x46d618 GetCapture
0x46d61c GetActiveWindow
0x46d620 FrameRect
0x46d624 FindWindowA
0x46d628 FillRect
0x46d62c EqualRect
0x46d630 EnumWindows
0x46d634 EnumThreadWindows
0x46d638 EndPaint
0x46d63c EnableWindow
0x46d640 EnableScrollBar
0x46d644 EnableMenuItem
0x46d648 DrawTextA
0x46d64c DrawMenuBar
0x46d650 DrawIconEx
0x46d654 DrawIcon
0x46d658 DrawFrameControl
0x46d65c DrawFocusRect
0x46d660 DrawEdge
0x46d664 DispatchMessageA
0x46d668 DestroyWindow
0x46d66c DestroyMenu
0x46d670 DestroyIcon
0x46d674 DestroyCursor
0x46d678 DeleteMenu
0x46d67c DefWindowProcA
0x46d680 DefMDIChildProcA
0x46d684 DefFrameProcA
0x46d688 CreatePopupMenu
0x46d68c CreateMenu
0x46d690 CreateIcon
0x46d694 ClientToScreen
0x46d698 CheckMenuItem
0x46d69c CallWindowProcA
0x46d6a0 CallNextHookEx
0x46d6a4 BeginPaint
0x46d6a8 CharNextA
0x46d6ac CharLowerBuffA
0x46d6b0 CharLowerA
0x46d6b4 CharToOemA
0x46d6b8 AdjustWindowRectEx
Library kernel32.dll:
0x46d6c4 Sleep
Library oleaut32.dll:
0x46d6cc SafeArrayPtrOfIndex
0x46d6d0 SafeArrayGetUBound
0x46d6d4 SafeArrayGetLBound
0x46d6d8 SafeArrayCreate
0x46d6dc VariantChangeType
0x46d6e0 VariantCopy
0x46d6e4 VariantClear
0x46d6e8 VariantInit
Library comctl32.dll:
0x46d6f8 ImageList_Write
0x46d6fc ImageList_Read
0x46d70c ImageList_DragMove
0x46d710 ImageList_DragLeave
0x46d714 ImageList_DragEnter
0x46d718 ImageList_EndDrag
0x46d71c ImageList_BeginDrag
0x46d720 ImageList_Remove
0x46d724 ImageList_DrawEx
0x46d728 ImageList_Replace
0x46d72c ImageList_Draw
0x46d73c ImageList_Add
0x46d744 ImageList_Destroy
0x46d748 ImageList_Create
0x46d74c InitCommonControls
Library comdlg32.dll:
0x46d754 GetOpenFileNameA

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 49713 114.114.114.114 53
192.168.56.101 50002 114.114.114.114 53
192.168.56.101 51378 114.114.114.114 53
192.168.56.101 53657 114.114.114.114 53
192.168.56.101 60384 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 123 20.189.79.72 time.windows.com 123
192.168.56.101 49235 224.0.0.252 5355
192.168.56.101 50534 224.0.0.252 5355
192.168.56.101 51808 224.0.0.252 5355
192.168.56.101 51963 224.0.0.252 5355
192.168.56.101 53237 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 62191 224.0.0.252 5355
192.168.56.101 62318 224.0.0.252 5355
192.168.56.101 63429 224.0.0.252 5355
192.168.56.101 1900 239.255.255.250 1900
192.168.56.101 49238 239.255.255.250 1900
192.168.56.101 49714 239.255.255.250 3702

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.