7.0
高危
54 个模型检测该样本为恶意!
重新分析
更多

795f4166906cae1e50e749bec62c5c0f9c8a2926f42d33002a3d09e61f467a8c

73216e4a3201b5590882c1aa5fa4a720.exe

分析耗时

75s

最近分析

文件大小

1.6MB
静态报毒 动态报毒 100% A + MAL ADVANCEDSYSTEMCARE AGEN AI SCORE=84 AIDETECTVM ATTRIBUTE BSCOPE CLASSIC CONFIDENCE DANGEROUSSIG DEYMA EHLS ELJF ENCPK GENCIRC GENERICKD GENKRYPTIK GRAYWARE HFIT HIGH CONFIDENCE HIGHCONFIDENCE HQMPJY KCLOUD KRYPTIK MALWARE1 MALWARE@#3JD2AVJQG33WL PZ1@AMGHSZCJ QAKBOT R002C0PH520 SCORE SIGGEN2 T+ZBRFYV5JE UNSAFE VIRUSNAME WLLO ZENPAK ZEXAF 更多
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
McAfee Packed-GCB!73216E4A3201 20201211 6.0.6.653
Avast Win32:DangerousSig [Trj] 20201210 21.1.5827.0
Alibaba TrojanDownloader:Win32/Deyma.fad1aba9 20190527 0.3.0.5
Tencent Malware.Win32.Gencirc.10cde73c 20201211 1.0.0.1
Baidu 20190318 1.0.0.2
Kingsoft win32.unknown.virusname.(kcloud) 20201211 2017.9.26.565
CrowdStrike win/malicious_confidence_100% (W) 20190702 1.0
行为判定
动态指标
Allocates read-write-execute memory (usually to unpack itself) (6 个事件)
Time & API Arguments Status Return Repeated
1619627975.3985
NtAllocateVirtualMemory
process_identifier: 472
region_size: 741376
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x01dc0000
success 0 0
1619627977.2415
NtAllocateVirtualMemory
process_identifier: 472
region_size: 737280
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x01ec0000
success 0 0
1619627977.2415
NtProtectVirtualMemory
process_identifier: 472
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 151552
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00400000
success 0 0
1619627978.398875
NtAllocateVirtualMemory
process_identifier: 196
region_size: 741376
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x01e50000
success 0 0
1619627980.273875
NtAllocateVirtualMemory
process_identifier: 196
region_size: 737280
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x01f10000
success 0 0
1619627980.273875
NtProtectVirtualMemory
process_identifier: 196
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 151552
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00400000
success 0 0
Foreign language identified in PE resource (13 个事件)
name RT_ICON language LANG_CHINESE offset 0x0019efec filetype GLS_BINARY_LSB_FIRST sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000468
name RT_ICON language LANG_CHINESE offset 0x0019efec filetype GLS_BINARY_LSB_FIRST sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000468
name RT_ICON language LANG_CHINESE offset 0x0019efec filetype GLS_BINARY_LSB_FIRST sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000468
name RT_ICON language LANG_CHINESE offset 0x0019efec filetype GLS_BINARY_LSB_FIRST sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000468
name RT_RCDATA language LANG_CHINESE offset 0x001a8354 filetype ASCII text, with CRLF line terminators sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000514
name RT_RCDATA language LANG_CHINESE offset 0x001a8354 filetype ASCII text, with CRLF line terminators sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000514
name RT_RCDATA language LANG_CHINESE offset 0x001a8354 filetype ASCII text, with CRLF line terminators sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000514
name RT_RCDATA language LANG_CHINESE offset 0x001a8354 filetype ASCII text, with CRLF line terminators sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000514
name RT_RCDATA language LANG_CHINESE offset 0x001a8354 filetype ASCII text, with CRLF line terminators sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000514
name RT_RCDATA language LANG_CHINESE offset 0x001a8354 filetype ASCII text, with CRLF line terminators sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000514
name RT_RCDATA language LANG_CHINESE offset 0x001a8354 filetype ASCII text, with CRLF line terminators sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000514
name RT_RCDATA language LANG_CHINESE offset 0x001a8354 filetype ASCII text, with CRLF line terminators sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000514
name RT_GROUP_ICON language LANG_CHINESE offset 0x001a8868 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x0000003e
Creates executable files on the filesystem (2 个事件)
file c:\programdata\1321ba6d1f\bdif.exe
file C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\cred.dll
A process created a hidden window (1 个事件)
Time & API Arguments Status Return Repeated
1619627978.1635
CreateProcessInternalW
thread_identifier: 152
thread_handle: 0x000000b4
process_identifier: 196
current_directory:
filepath:
track: 1
command_line: c:\programdata\1321ba6d1f\bdif.exe
filepath_r:
stack_pivoted: 0
creation_flags: 134217728 (CREATE_NO_WINDOW)
process_handle: 0x000000b0
inherit_handles: 0
success 1 0
Checks adapter addresses which can be used to detect virtual network interfaces (1 个事件)
Time & API Arguments Status Return Repeated
1619627981.116875
GetAdaptersAddresses
flags: 0
family: 0
failed 111 0
The binary likely contains encrypted or compressed data indicative of a packer (1 个事件)
entropy 6.881017635449514 section {'size_of_data': '0x00019e00', 'virtual_address': '0x0018f000', 'entropy': 6.881017635449514, 'name': '.rsrc', 'virtual_size': '0x00019c30'} description A section with a high entropy has been found
网络通信
Communicates with host for which no DNS query was performed (2 个事件)
host 172.217.24.14
host 217.8.117.52
Attempts to identify installed AV products by installation directory (7 个事件)
file C:\ProgramData\AVAST Software
file C:\ProgramData\Avira
file C:\ProgramData\Kaspersky Lab
file C:\ProgramData\Panda Security
file C:\ProgramData\Bitdefender
file C:\ProgramData\AVG
file C:\ProgramData\Doctor Web
Sets or modifies WPAD proxy autoconfiguration file for traffic interception (8 个事件)
Time & API Arguments Status Return Repeated
1619627983.663875
RegSetValueExA
key_handle: 0x000003bc
value: 1
regkey_r: WpadDecisionReason
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionReason
success 0 0
1619627983.663875
RegSetValueExA
key_handle: 0x000003bc
value: «O?<×
regkey_r: WpadDecisionTime
reg_type: 3 (REG_BINARY)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionTime
success 0 0
1619627983.663875
RegSetValueExA
key_handle: 0x000003bc
value: 3
regkey_r: WpadDecision
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecision
success 0 0
1619627983.663875
RegSetValueExW
key_handle: 0x000003bc
value: 网络 2
regkey_r: WpadNetworkName
reg_type: 1 (REG_SZ)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadNetworkName
success 0 0
1619627983.679875
RegSetValueExA
key_handle: 0x000003d0
value: 1
regkey_r: WpadDecisionReason
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionReason
success 0 0
1619627983.679875
RegSetValueExA
key_handle: 0x000003d0
value: «O?<×
regkey_r: WpadDecisionTime
reg_type: 3 (REG_BINARY)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionTime
success 0 0
1619627983.679875
RegSetValueExA
key_handle: 0x000003d0
value: 3
regkey_r: WpadDecision
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecision
success 0 0
1619627983.710875
RegSetValueExW
key_handle: 0x000003b8
value: {40112ABE-63B3-43C3-BE93-1440EE3AF106}
regkey_r: WpadLastNetwork
reg_type: 1 (REG_SZ)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\WpadLastNetwork
success 0 0
Connects to an IP address that is no longer responding to requests (legitimate services will remain up-and-running usually) (1 个事件)
dead_host 217.8.117.52:80
File has been identified by 54 AntiVirus engines on VirusTotal as malicious (50 out of 54 个事件)
Bkav W32.AIDetectVM.malware1
Elastic malicious (high confidence)
DrWeb Trojan.PWS.Siggen2.51569
MicroWorld-eScan Trojan.GenericKD.34285220
FireEye Generic.mg.73216e4a3201b559
McAfee Packed-GCB!73216E4A3201
Cylance Unsafe
VIPRE Trojan.Win32.Generic!BT
Sangfor Malware
K7AntiVirus Trojan ( 005652be1 )
BitDefender Trojan.GenericKD.34285220
K7GW Trojan ( 005652be1 )
BitDefenderTheta Gen:NN.ZexaF.34670.Pz1@amGhsZcj
Cyren W32/Trojan.WLLO-0203
Symantec ML.Attribute.HighConfidence
APEX Malicious
Avast Win32:DangerousSig [Trj]
Kaspersky HEUR:Trojan.Win32.Zenpak.pef
Alibaba TrojanDownloader:Win32/Deyma.fad1aba9
NANO-Antivirus Trojan.Win32.Deyma.hqmpjy
AegisLab Trojan.Win32.Deyma.a!c
Tencent Malware.Win32.Gencirc.10cde73c
Ad-Aware Trojan.GenericKD.34285220
Sophos ML/PE-A + Mal/EncPk-APV
Comodo Malware@#3jd2avjqg33wl
F-Secure Heuristic.HEUR/AGEN.1137603
Zillya Downloader.Deyma.Win32.178
TrendMicro TROJ_GEN.R002C0PH520
McAfee-GW-Edition Packed-GCB!73216E4A3201
Emsisoft Trojan.GenericKD.34285220 (B)
GData Trojan.GenericKD.34285220
Jiangmin TrojanDownloader.Deyma.rd
Avira HEUR/AGEN.1137603
Antiy-AVL GrayWare/Win32.Kryptik.ehls
Kingsoft win32.unknown.virusname.(kcloud)
Gridinsoft Trojan.Win32.Kryptik.oa
Arcabit Trojan.Generic.D20B26A4
ZoneAlarm HEUR:Trojan.Win32.Zenpak.pef
Microsoft TrojanDownloader:Win32/Deyma.DEC!MTB
Cynet Malicious (score: 85)
ALYac Trojan.GenericKD.34285220
MAX malware (ai score=84)
VBA32 BScope.Trojan.Inject
Malwarebytes PUP.Optional.AdvancedSystemCare
Panda Trj/CI.A
ESET-NOD32 a variant of Win32/Kryptik.HFIT
TrendMicro-HouseCall Backdoor.Win32.QAKBOT.SMF
Rising Trojan.Kryptik!1.C974 (CLASSIC)
Yandex Trojan.Kryptik!t+ZbRFyv5JE
Fortinet W32/GenKryptik.ELJF!tr
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

2020-08-04 05:00:55

Imports

Library KERNEL32.dll:
0x58a670 LoadLibraryA
0x58a674 GetProcAddress
0x58a678 GetModuleHandleA
0x58a67c AddAtomA
0x58a680 CloseHandle
0x58a684 CompareFileTime
0x58a688 CreateDirectoryW
0x58a68c CreateEventA
0x58a690 CreateEventW
0x58a694 CreateFileW
0x58a698 CreateMutexA
0x58a69c CreatePipe
0x58a6a0 CreateProcessA
0x58a6a4 CreateProcessW
0x58a6a8 CreateSemaphoreA
0x58a6ac CreateSemaphoreW
0x58a6b4 DeleteFileW
0x58a6bc DuplicateHandle
0x58a6c4 ExitProcess
0x58a6d0 FindAtomA
0x58a6d4 FindClose
0x58a6e0 FindFirstFileW
0x58a6e4 FindNextFileW
0x58a6e8 FormatMessageA
0x58a6ec FormatMessageW
0x58a6f0 FreeLibrary
0x58a6f4 GetAtomNameA
0x58a6f8 GetCommandLineW
0x58a6fc GetConsoleTitleA
0x58a700 GetConsoleTitleW
0x58a704 GetConsoleWindow
0x58a70c GetCurrentProcess
0x58a710 GetCurrentProcessId
0x58a714 GetCurrentThread
0x58a718 GetCurrentThreadId
0x58a71c GetDriveTypeA
0x58a720 GetExitCodeProcess
0x58a724 GetExitCodeThread
0x58a728 GetFileAttributesW
0x58a730 GetFileSize
0x58a734 GetFullPathNameW
0x58a738 GetLastError
0x58a740 GetLogicalDrives
0x58a744 GetModuleFileNameA
0x58a748 GetModuleFileNameW
0x58a74c GetModuleHandleW
0x58a750 GetProcessHeap
0x58a754 GetProcessTimes
0x58a75c GetShortPathNameW
0x58a760 GetStartupInfoW
0x58a764 GetStdHandle
0x58a768 GetSystemDirectoryW
0x58a76c GetSystemInfo
0x58a770 GetSystemTime
0x58a778 GetTempFileNameW
0x58a77c GetTempPathW
0x58a780 GetThreadPriority
0x58a784 GetThreadTimes
0x58a788 GetTickCount
0x58a78c GetVersionExA
0x58a790 GetVersionExW
0x58a798 GlobalMemoryStatus
0x58a7ac InterlockedExchange
0x58a7b8 LoadLibraryExW
0x58a7bc LoadLibraryW
0x58a7c0 LocalFree
0x58a7c4 MoveFileW
0x58a7c8 MultiByteToWideChar
0x58a7cc OpenThread
0x58a7d0 OutputDebugStringA
0x58a7d4 PulseEvent
0x58a7e0 ReadFile
0x58a7e4 ReleaseMutex
0x58a7e8 ReleaseSemaphore
0x58a7ec RemoveDirectoryW
0x58a7f0 ResetEvent
0x58a7f4 SearchPathW
0x58a7fc SetConsoleTitleA
0x58a800 SetConsoleTitleW
0x58a808 SetEndOfFile
0x58a80c SetEvent
0x58a810 SetFileAttributesW
0x58a814 SetFilePointer
0x58a818 SetFileTime
0x58a81c SetLastError
0x58a820 SetThreadPriority
0x58a828 Sleep
0x58a830 TerminateProcess
0x58a834 TerminateThread
0x58a838 TlsAlloc
0x58a83c TlsFree
0x58a840 TlsGetValue
0x58a844 TlsSetValue
0x58a848 UnmapViewOfFile
0x58a84c VirtualAlloc
0x58a850 VirtualFree
0x58a854 VirtualProtect
0x58a858 VirtualQuery
0x58a85c WaitForSingleObject
0x58a860 WideCharToMultiByte
0x58a864 WriteFile
0x58a868 lstrlenW
0x58a86c RaiseException
0x58a870 GetCommConfig
0x58a874 GetDriveTypeW
0x58a878 GetTempFileNameA
0x58a880 SetThreadContext
0x58a888 CreateNamedPipeW
0x58a88c DeleteFileA
0x58a890 GlobalUnlock
0x58a894 SetThreadLocale
0x58a8a4 GetDiskFreeSpaceExW
0x58a8a8 GetDiskFreeSpaceW
0x58a8ac GetLocaleInfoW
0x58a8b0 OpenProcess
0x58a8b4 IsDebuggerPresent
0x58a8c0 GlobalFree
0x58a8c4 GlobalAlloc
0x58a8c8 Process32NextW
0x58a8cc Process32FirstW
0x58a8d4 CreateThread
0x58a8dc GetNativeSystemInfo
0x58a8e4 GetComputerNameW
Library USER32.dll:
0x58a8ec GetDoubleClickTime
0x58a8f0 GetInputState
0x58a8f8 GetFocus
0x58a8fc GetDialogBaseUnits
0x58a904 GetKBCodePage
0x58a908 GetMessageExtraInfo
0x58a90c GetMessagePos
0x58a910 GetMessageTime
0x58a914 GetForegroundWindow
0x58a918 GetActiveWindow
0x58a91c LoadIconW
0x58a920 CharToOemBuffA
0x58a924 CharToOemBuffW
0x58a928 CharToOemW
0x58a92c CharUpperW
0x58a930 ExitWindowsEx
0x58a934 FindWindowA
0x58a938 GetCapture
0x58a93c GetCaretPos
0x58a940 GetClipboardOwner
0x58a944 GetClipboardViewer
0x58a948 GetCursorPos
0x58a94c GetDesktopWindow
0x58a954 GetSystemMetrics
0x58a958 MessageBoxA
0x58a95c OemToCharBuffA
0x58a960 OemToCharBuffW
0x58a964 OemToCharW
0x58a96c DestroyMenu
0x58a974 CascadeChildWindows
0x58a97c ReleaseCapture
0x58a988 UnregisterClassA
0x58a990 DlgDirListComboBoxW
0x58a994 MapVirtualKeyW
0x58a998 PostThreadMessageW
0x58a9a0 DrawMenuBar
0x58a9a8 GetScrollRange
0x58a9ac GetWindowLongW
0x58a9b0 DrawFocusRect
0x58a9b4 DrawEdge
0x58a9b8 DrawStateW
0x58a9bc GetWindowDC
0x58a9c0 UpdateWindow
0x58a9c4 DestroyIcon
0x58a9c8 GetIconInfo
0x58a9cc DrawIcon
0x58a9d0 IsIconic
0x58a9d4 SetScrollPos
0x58a9d8 ShowScrollBar
0x58a9dc KillTimer
0x58a9e0 SetTimer
0x58a9e4 SetMenuItemInfoW
0x58a9e8 GetMenuItemInfoW
0x58a9ec UnionRect
0x58a9f0 GetMenuBarInfo
0x58a9f4 LoadMenuW
0x58a9f8 GetSubMenu
0x58a9fc EnableMenuItem
0x58aa00 ModifyMenuW
0x58aa04 GetMenuState
0x58aa08 GetMenuItemID
0x58aa0c GetMenuItemCount
0x58aa10 IsWindow
0x58aa14 LoadBitmapW
0x58aa18 GetWindowRect
0x58aa1c OffsetRect
0x58aa20 FrameRect
0x58aa28 ClientToScreen
0x58aa2c RedrawWindow
0x58aa30 GetScrollPos
0x58aa34 InflateRect
0x58aa38 IsRectEmpty
0x58aa3c CopyRect
0x58aa40 FillRect
0x58aa44 SetRect
0x58aa48 GetParent
0x58aa4c ReleaseDC
0x58aa50 GetDC
0x58aa54 PtInRect
0x58aa58 GetClientRect
0x58aa5c SendMessageW
0x58aa60 InvalidateRect
0x58aa64 EnableWindow
0x58aa68 GetSysColor
Library GDI32.dll:
0x58aa70 GdiGetBatchLimit
0x58aa74 AddFontResourceW
0x58aa78 GdiFlush
0x58aa7c AbortPath
0x58aa80 AbortDoc
0x58aa84 AddFontResourceA
0x58aa88 GetEnhMetaFileA
0x58aa8c GetStockObject
0x58aa90 DeleteObject
0x58aa94 SetPixelV
0x58aa98 EngPaint
0x58aa9c GdiAddGlsBounds
0x58aaa0 GdiConvertBitmapV5
0x58aaa4 PtInRegion
0x58aaa8 EngDeleteClip
0x58aab0 UnrealizeObject
0x58aab4 GdiIsMetaFileDC
0x58aab8 SetBoundsRect
0x58aabc ExcludeClipRect
0x58aac0 FONTOBJ_pxoGetXform
0x58aac4 PlayMetaFileRecord
0x58aac8 GdiPlayPageEMF
0x58aad4 CheckColorsInGamut
0x58aadc StrokePath
0x58aae0 CancelDC
0x58aae4 AddFontResourceExW
0x58aae8 GetBkColor
0x58aaec CreateRoundRectRgn
0x58aaf0 CreatePen
0x58aaf4 GetBkMode
0x58aaf8 GetDIBColorTable
0x58aafc StretchBlt
0x58ab00 CreateDIBSection
0x58ab04 CreateFontW
0x58ab08 CreatePatternBrush
0x58ab0c GetCurrentObject
0x58ab10 DeleteDC
0x58ab14 SelectObject
0x58ab18 CreateFontIndirectW
0x58ab1c GetObjectW
0x58ab20 CreateSolidBrush
0x58ab28 BitBlt
0x58ab30 FrameRgn
0x58ab34 SetBrushOrgEx
0x58ab38 SetDIBColorTable
0x58ab3c GetTextColor
0x58ab40 FillRgn
0x58ab44 CreateCompatibleDC
Library ADVAPI32.dll:
0x58ab4c RegOpenKeyW
0x58ab50 RegQueryValueExA
0x58ab54 FreeSid
0x58ab58 LookupAccountSidW
0x58ab5c EqualSid
0x58ab60 GetTokenInformation
0x58ab64 LookupAccountNameW
0x58ab68 RegEnumValueW
0x58ab6c RegQueryInfoKeyW
0x58ab70 RegEnumKeyW
0x58ab74 GetUserNameW
0x58ab80 OpenProcessToken
0x58ab84 RegCloseKey
0x58ab88 RegQueryValueExW
0x58ab8c RegOpenKeyExW
Library SHELL32.dll:
0x58ab94 CommandLineToArgvW
0x58ab98 SHGetFolderPathW
0x58ab9c ShellExecuteExW
0x58aba4 DragQueryFileW
0x58aba8 FindExecutableA
0x58abb0 SHGetFileInfoW
0x58abb4 ShellExecuteW
Library ole32.dll:
0x58abc4 CoCreateInstance
0x58abc8 CoInitialize
0x58abcc CoInitializeEx
0x58abd0 CoUninitialize
0x58abd8 CoTaskMemFree
Library OLEAUT32.dll:
0x58abe0 SysAllocString
0x58abe8 SysStringByteLen
0x58abec VariantClear
0x58abf0 VariantCopy
Library SHLWAPI.dll:
0x58abf8 StrRStrIA
0x58abfc StrCmpNIA
Library COMCTL32.dll:
0x58ac04 _TrackMouseEvent
Library WS2_32.dll:
0x58ac10 closesocket
0x58ac14 recv
0x58ac18 send

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 51378 114.114.114.114 53
192.168.56.101 51808 114.114.114.114 53
192.168.56.101 53657 114.114.114.114 53
192.168.56.101 55368 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 51963 224.0.0.252 5355
192.168.56.101 53237 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 58367 224.0.0.252 5355
192.168.56.101 62191 224.0.0.252 5355
192.168.56.101 63429 224.0.0.252 5355
192.168.56.101 65004 224.0.0.252 5355
192.168.56.101 1900 239.255.255.250 1900
192.168.56.101 51379 239.255.255.250 3702
192.168.56.101 51381 239.255.255.250 3702
192.168.56.101 55369 239.255.255.250 3702
192.168.56.101 58707 239.255.255.250 3702
192.168.56.101 63432 239.255.255.250 1900

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.