9.0
极危

2a919882228a249a5db9fb4a5ae8bf3f339d0e421d2a7d5cf8a2dac2935a6705

73b6e945b151570304bf6c1cac6d3a8c.exe

分析耗时

55s

最近分析

文件大小

600.0KB
静态报毒 动态报毒 100% AGENTB CDUCT CEEINJECT CLASSIC CONFIDENCE DELPHILESS EEXD EEYL ELDORADO FAREIT FOZRIU GENERICKD HIGH HIGH CONFIDENCE LGW@A8QHQ6HI LOKI MALWARE@#15II41AVINH88 MOKSSTEAL NANOCORE SCORE SMAD TROJANPSW TROJANPWS XTJD ZELPHIF 更多
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
McAfee Fareit-FOZ!73B6E945B151 20191113 6.0.6.653
Alibaba TrojanPSW:Win32/CeeInject.f60314b7 20190527 0.3.0.5
CrowdStrike win/malicious_confidence_100% (W) 20190702 1.0
Avast Win32:Malware-gen 20191114 18.4.3895.0
Baidu 20190318 1.0.0.2
Kingsoft 20191114 2013.8.14.323
Tencent 20191114 1.0.0.1
静态指标
Queries for the computername (2 个事件)
Time & API Arguments Status Return Repeated
1620766540.725124
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
1620766540.725124
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
Collects information to fingerprint the system (MachineGuid, DigitalProductId, SystemBiosDate) (1 个事件)
registry HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\MachineGuid
Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available (1 个事件)
Time & API Arguments Status Return Repeated
1620766540.725124
GlobalMemoryStatusEx
success 1 0
The executable contains unknown PE section names indicative of a packer (could be a false positive) (3 个事件)
section CODE
section DATA
section BSS
The executable uses a known packer (1 个事件)
packer BobSoft Mini Delphi -> BoB / BobSoft
行为判定
动态指标
One or more potentially interesting buffers were extracted, these generally contain injected code, configuration data, etc.
Allocates read-write-execute memory (usually to unpack itself) (3 个事件)
Time & API Arguments Status Return Repeated
1620766532.303124
NtAllocateVirtualMemory
process_identifier: 1068
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x003e0000
success 0 0
1620766539.725124
NtProtectVirtualMemory
process_identifier: 1068
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 28672
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00671000
success 0 0
1620766539.943124
NtAllocateVirtualMemory
process_identifier: 1068
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x004c0000
success 0 0
Searches running processes potentially to identify processes for sandbox evasion, code injection or memory dumping (3 个事件)
Checks adapter addresses which can be used to detect virtual network interfaces (1 个事件)
Time & API Arguments Status Return Repeated
1620766543.428124
GetAdaptersAddresses
flags: 0
family: 0
failed 111 0
The binary likely contains encrypted or compressed data indicative of a packer (2 个事件)
entropy 7.132611719342412 section {'size_of_data': '0x00024200', 'virtual_address': '0x00078000', 'entropy': 7.132611719342412, 'name': '.rsrc', 'virtual_size': '0x0002411c'} description A section with a high entropy has been found
entropy 0.24123539232053423 description Overall entropy of this PE file is high
网络通信
Communicates with host for which no DNS query was performed (1 个事件)
host 172.217.24.14
Sets or modifies WPAD proxy autoconfiguration file for traffic interception (8 个事件)
Time & API Arguments Status Return Repeated
1620766546.287124
RegSetValueExA
key_handle: 0x00000368
value: 1
regkey_r: WpadDecisionReason
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionReason
success 0 0
1620766546.287124
RegSetValueExA
key_handle: 0x00000368
value: Ñõt”F×
regkey_r: WpadDecisionTime
reg_type: 3 (REG_BINARY)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionTime
success 0 0
1620766546.287124
RegSetValueExA
key_handle: 0x00000368
value: 3
regkey_r: WpadDecision
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecision
success 0 0
1620766546.287124
RegSetValueExW
key_handle: 0x00000368
value: 网络 2
regkey_r: WpadNetworkName
reg_type: 1 (REG_SZ)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadNetworkName
success 0 0
1620766546.303124
RegSetValueExA
key_handle: 0x00000380
value: 1
regkey_r: WpadDecisionReason
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionReason
success 0 0
1620766546.303124
RegSetValueExA
key_handle: 0x00000380
value: Ñõt”F×
regkey_r: WpadDecisionTime
reg_type: 3 (REG_BINARY)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionTime
success 0 0
1620766546.303124
RegSetValueExA
key_handle: 0x00000380
value: 3
regkey_r: WpadDecision
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecision
success 0 0
1620766546.568124
RegSetValueExW
key_handle: 0x00000364
value: {40112ABE-63B3-43C3-BE93-1440EE3AF106}
regkey_r: WpadLastNetwork
reg_type: 1 (REG_SZ)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\WpadLastNetwork
success 0 0
Used NtSetContextThread to modify a thread in a remote process indicative of process injection (2 个事件)
Process injection Process 1068 called NtSetContextThread to modify thread in remote process 3056
Time & API Arguments Status Return Repeated
1620766540.287124
NtSetContextThread
thread_handle: 0x000000ec
registers.eip: 2010382788
registers.esp: 1638384
registers.edi: 0
registers.eax: 4302468
registers.ebp: 0
registers.edx: 0
registers.ebx: 2130567168
registers.esi: 0
registers.ecx: 0
process_identifier: 3056
success 0 0
Resumed a suspended thread in a remote process potentially indicative of process injection (2 个事件)
Process injection Process 1068 resumed a thread in remote process 3056
Time & API Arguments Status Return Repeated
1620766540.412124
NtResumeThread
thread_handle: 0x000000ec
suspend_count: 1
process_identifier: 3056
success 0 0
Executed a process and injected code into it, probably while unpacking (8 个事件)
Time & API Arguments Status Return Repeated
1620766540.287124
CreateProcessInternalW
thread_identifier: 2344
thread_handle: 0x000000ec
process_identifier: 3056
current_directory:
filepath:
track: 1
command_line: "C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\73b6e945b151570304bf6c1cac6d3a8c.exe"
filepath_r:
stack_pivoted: 0
creation_flags: 4 (CREATE_SUSPENDED)
process_handle: 0x000000f0
inherit_handles: 0
success 1 0
1620766540.287124
NtGetContextThread
thread_handle: 0x000000ec
success 0 0
1620766540.287124
NtUnmapViewOfSection
process_identifier: 3056
region_size: 4096
process_handle: 0x000000f0
base_address: 0x00400000
success 0 0
1620766540.287124
NtMapViewOfSection
section_handle: 0x000000f8
process_identifier: 3056
commit_size: 131072
win32_protect: 64 (PAGE_EXECUTE_READWRITE)
buffer:
process_handle: 0x000000f0
allocation_type: 0 ()
section_offset: 0
view_size: 131072
base_address: 0x00400000
success 0 0
1620766540.287124
NtMapViewOfSection
section_handle: 0x000000f4
process_identifier: 3056
commit_size: 4096
win32_protect: 64 (PAGE_EXECUTE_READWRITE)
buffer:
process_handle: 0x000000f0
allocation_type: 0 ()
section_offset: 0
view_size: 4096
base_address: 0x001e0000
success 0 0
1620766540.287124
NtSetContextThread
thread_handle: 0x000000ec
registers.eip: 2010382788
registers.esp: 1638384
registers.edi: 0
registers.eax: 4302468
registers.ebp: 0
registers.edx: 0
registers.ebx: 2130567168
registers.esi: 0
registers.ecx: 0
process_identifier: 3056
success 0 0
1620766540.412124
NtResumeThread
thread_handle: 0x000000ec
suspend_count: 1
process_identifier: 3056
success 0 0
1620766540.725124
NtResumeThread
thread_handle: 0x000000e8
suspend_count: 1
process_identifier: 3056
success 0 0
File has been identified by 52 AntiVirus engines on VirusTotal as malicious (50 out of 52 个事件)
DrWeb Trojan.Nanocore.23
MicroWorld-eScan Trojan.GenericKD.41200615
FireEye Generic.mg.73b6e945b1515703
CAT-QuickHeal TrojanPWS.Fareit
McAfee Fareit-FOZ!73B6E945B151
Malwarebytes Backdoor.NanoCore
Zillya Trojan.Injector.Win32.661126
K7AntiVirus Riskware ( 0040eff71 )
Alibaba TrojanPSW:Win32/CeeInject.f60314b7
K7GW Riskware ( 0040eff71 )
CrowdStrike win/malicious_confidence_100% (W)
Arcabit Trojan.Generic.D274ABE7
TrendMicro TrojanSpy.Win32.LOKI.SMAD.hp
BitDefenderTheta Gen:NN.ZelphiF.32250.LGW@a8Qhq6hi
F-Prot W32/Trojan.CMD.gen!Eldorado
Symantec Trojan.Gen.MBT
ESET-NOD32 a variant of Win32/Injector.EEXD
APEX Malicious
Paloalto generic.ml
Kaspersky HEUR:Backdoor.Win32.Agentb.gen
BitDefender Trojan.GenericKD.41200615
NANO-Antivirus Trojan.Win32.Nanocore.fozriu
AegisLab Trojan.Win32.Agentb.m!c
Avast Win32:Malware-gen
Rising Trojan.Injector!1.AFE3 (CLASSIC)
Ad-Aware Trojan.GenericKD.41200615
Emsisoft Trojan.GenericKD.41200615 (B)
Comodo Malware@#15ii41avinh88
F-Secure Trojan.TR/AD.MoksSteal.cduct
Invincea heuristic
McAfee-GW-Edition BehavesLike.Win32.Fareit.jh
Trapmine malicious.high.ml.score
Sophos Mal/Fareit-Q
Cyren W32/Trojan.XTJD-2980
Jiangmin Trojan.PSW.Fareit.ync
Avira TR/AD.MoksSteal.cduct
Microsoft VirTool:Win32/CeeInject.BDK!bit
Endgame malicious (high confidence)
ViRobot Trojan.Win32.Z.Nanocore.614400
ZoneAlarm HEUR:Backdoor.Win32.Agentb.gen
GData Trojan.GenericKD.41200615
AhnLab-V3 Win-Trojan/Delphiless.Exp
Acronis suspicious
VBA32 Trojan.Nanocore
ALYac Trojan.GenericKD.41200615
TrendMicro-HouseCall TrojanSpy.Win32.LOKI.SMAD.hp
Ikarus Trojan.Inject
Fortinet W32/Injector.EEYL!tr
AVG Win32:Malware-gen
Cybereason malicious.5b1515
Connects to IP addresses that are no longer responding to requests (legitimate services will remain up-and-running usually) (2 个事件)
dead_host 172.217.24.14:443
dead_host 172.217.160.78:443
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

1992-02-25 17:05:08

Imports

Library kernel32.dll:
0x46c128 VirtualFree
0x46c12c VirtualAlloc
0x46c130 LocalFree
0x46c134 LocalAlloc
0x46c138 GetCurrentThreadId
0x46c144 VirtualQuery
0x46c148 WideCharToMultiByte
0x46c14c MultiByteToWideChar
0x46c150 lstrlenA
0x46c154 lstrcpynA
0x46c158 LoadLibraryExA
0x46c15c GetThreadLocale
0x46c160 GetStartupInfoA
0x46c164 GetProcAddress
0x46c168 GetModuleHandleA
0x46c16c GetModuleFileNameA
0x46c170 GetLocaleInfoA
0x46c174 GetLastError
0x46c178 GetCommandLineA
0x46c17c FreeLibrary
0x46c180 FindFirstFileA
0x46c184 FindClose
0x46c188 ExitProcess
0x46c18c WriteFile
0x46c194 SetFilePointer
0x46c198 SetEndOfFile
0x46c19c RtlUnwind
0x46c1a0 ReadFile
0x46c1a4 RaiseException
0x46c1a8 GetStdHandle
0x46c1ac GetFileSize
0x46c1b0 GetFileType
0x46c1b4 CreateFileA
0x46c1b8 CloseHandle
Library user32.dll:
0x46c1c0 GetKeyboardType
0x46c1c4 LoadStringA
0x46c1c8 MessageBoxA
0x46c1cc CharNextA
Library advapi32.dll:
0x46c1d4 RegQueryValueExA
0x46c1d8 RegOpenKeyExA
0x46c1dc RegCloseKey
Library oleaut32.dll:
0x46c1e4 SysFreeString
0x46c1e8 SysReAllocStringLen
0x46c1ec SysAllocStringLen
Library kernel32.dll:
0x46c1f4 TlsSetValue
0x46c1f8 TlsGetValue
0x46c1fc LocalAlloc
0x46c200 GetModuleHandleA
Library advapi32.dll:
0x46c208 RegQueryValueExA
0x46c20c RegOpenKeyExA
0x46c210 RegCloseKey
Library kernel32.dll:
0x46c218 lstrcpyA
0x46c21c lstrcmpA
0x46c220 WriteFile
0x46c224 WaitForSingleObject
0x46c228 VirtualQuery
0x46c22c VirtualProtect
0x46c230 VirtualAlloc
0x46c234 Sleep
0x46c238 SizeofResource
0x46c23c SetThreadLocale
0x46c240 SetFilePointer
0x46c244 SetEvent
0x46c248 SetErrorMode
0x46c24c SetEndOfFile
0x46c250 ResetEvent
0x46c254 ReadFile
0x46c258 MulDiv
0x46c25c LockResource
0x46c260 LoadResource
0x46c264 LoadLibraryA
0x46c270 GlobalUnlock
0x46c274 GlobalReAlloc
0x46c278 GlobalHandle
0x46c27c GlobalLock
0x46c280 GlobalFree
0x46c284 GlobalFindAtomA
0x46c288 GlobalDeleteAtom
0x46c28c GlobalAlloc
0x46c290 GlobalAddAtomA
0x46c294 GetVersionExA
0x46c298 GetVersion
0x46c29c GetTickCount
0x46c2a0 GetThreadLocale
0x46c2a4 GetSystemInfo
0x46c2a8 GetStringTypeExA
0x46c2ac GetStdHandle
0x46c2b0 GetProcAddress
0x46c2b4 GetModuleHandleA
0x46c2b8 GetModuleFileNameA
0x46c2bc GetLocaleInfoA
0x46c2c0 GetLocalTime
0x46c2c4 GetLastError
0x46c2c8 GetDiskFreeSpaceA
0x46c2cc GetDateFormatA
0x46c2d0 GetCurrentThreadId
0x46c2d4 GetCurrentProcessId
0x46c2d8 GetCPInfo
0x46c2dc GetACP
0x46c2e0 FreeResource
0x46c2e4 FreeLibrary
0x46c2e8 FormatMessageA
0x46c2ec FindResourceA
0x46c2f0 EnumCalendarInfoA
0x46c2fc CreateThread
0x46c300 CreateFileA
0x46c304 CreateEventA
0x46c308 CompareStringA
0x46c30c CloseHandle
Library version.dll:
0x46c314 VerQueryValueA
0x46c31c GetFileVersionInfoA
Library gdi32.dll:
0x46c324 UnrealizeObject
0x46c328 StretchBlt
0x46c32c SetWindowOrgEx
0x46c330 SetViewportOrgEx
0x46c334 SetTextColor
0x46c338 SetStretchBltMode
0x46c33c SetROP2
0x46c340 SetPixel
0x46c344 SetDIBColorTable
0x46c348 SetBrushOrgEx
0x46c34c SetBkMode
0x46c350 SetBkColor
0x46c354 SelectPalette
0x46c358 SelectObject
0x46c35c ScaleWindowExtEx
0x46c360 SaveDC
0x46c364 RoundRect
0x46c368 RestoreDC
0x46c36c Rectangle
0x46c370 RectVisible
0x46c374 RealizePalette
0x46c378 Polyline
0x46c37c PatBlt
0x46c380 MoveToEx
0x46c384 MaskBlt
0x46c388 LineTo
0x46c38c IntersectClipRect
0x46c390 GetWindowOrgEx
0x46c394 GetTextMetricsA
0x46c3a0 GetStockObject
0x46c3a4 GetPixel
0x46c3a8 GetPaletteEntries
0x46c3ac GetObjectA
0x46c3b0 GetDeviceCaps
0x46c3b4 GetDIBits
0x46c3b8 GetDIBColorTable
0x46c3bc GetDCOrgEx
0x46c3c4 GetClipBox
0x46c3c8 GetBrushOrgEx
0x46c3cc GetBkMode
0x46c3d0 GetBitmapBits
0x46c3d4 ExcludeClipRect
0x46c3d8 Ellipse
0x46c3dc DeleteObject
0x46c3e0 DeleteDC
0x46c3e4 CreateSolidBrush
0x46c3e8 CreatePenIndirect
0x46c3ec CreatePalette
0x46c3f4 CreateFontIndirectA
0x46c3f8 CreateDIBitmap
0x46c3fc CreateDIBSection
0x46c400 CreateCompatibleDC
0x46c408 CreateBrushIndirect
0x46c40c CreateBitmap
0x46c410 BitBlt
Library user32.dll:
0x46c418 WindowFromPoint
0x46c41c WinHelpA
0x46c420 WaitMessage
0x46c424 UpdateWindow
0x46c428 UnregisterClassA
0x46c42c UnhookWindowsHookEx
0x46c430 TranslateMessage
0x46c438 TrackPopupMenu
0x46c440 ShowWindow
0x46c444 ShowScrollBar
0x46c448 ShowOwnedPopups
0x46c44c ShowCursor
0x46c450 SetWindowsHookExA
0x46c454 SetWindowPos
0x46c458 SetWindowPlacement
0x46c45c SetWindowLongA
0x46c460 SetTimer
0x46c464 SetScrollRange
0x46c468 SetScrollPos
0x46c46c SetScrollInfo
0x46c470 SetRect
0x46c474 SetPropA
0x46c478 SetMenuItemInfoA
0x46c47c SetMenu
0x46c480 SetForegroundWindow
0x46c484 SetFocus
0x46c488 SetCursor
0x46c48c SetClassLongA
0x46c490 SetCapture
0x46c494 SetActiveWindow
0x46c498 SendMessageA
0x46c49c ScrollWindow
0x46c4a0 ScreenToClient
0x46c4a4 RemovePropA
0x46c4a8 RemoveMenu
0x46c4ac ReleaseDC
0x46c4b0 ReleaseCapture
0x46c4bc RegisterClassA
0x46c4c0 RedrawWindow
0x46c4c4 PtInRect
0x46c4c8 PostQuitMessage
0x46c4cc PostMessageA
0x46c4d0 PeekMessageA
0x46c4d4 OffsetRect
0x46c4d8 OemToCharA
0x46c4dc MessageBoxA
0x46c4e0 MapWindowPoints
0x46c4e4 MapVirtualKeyA
0x46c4e8 LoadStringA
0x46c4ec LoadKeyboardLayoutA
0x46c4f0 LoadIconA
0x46c4f4 LoadCursorA
0x46c4f8 LoadBitmapA
0x46c4fc KillTimer
0x46c500 IsZoomed
0x46c504 IsWindowVisible
0x46c508 IsWindowEnabled
0x46c50c IsWindow
0x46c510 IsRectEmpty
0x46c514 IsIconic
0x46c518 IsDialogMessageA
0x46c51c IsChild
0x46c520 InvalidateRect
0x46c524 IntersectRect
0x46c528 InsertMenuItemA
0x46c52c InsertMenuA
0x46c530 InflateRect
0x46c538 GetWindowTextA
0x46c53c GetWindowRect
0x46c540 GetWindowPlacement
0x46c544 GetWindowLongA
0x46c548 GetWindowDC
0x46c54c GetTopWindow
0x46c550 GetSystemMetrics
0x46c554 GetSystemMenu
0x46c558 GetSysColor
0x46c55c GetSubMenu
0x46c560 GetScrollRange
0x46c564 GetScrollPos
0x46c568 GetScrollInfo
0x46c56c GetPropA
0x46c570 GetParent
0x46c574 GetWindow
0x46c578 GetMenuStringA
0x46c57c GetMenuState
0x46c580 GetMenuItemInfoA
0x46c584 GetMenuItemID
0x46c588 GetMenuItemCount
0x46c58c GetMenu
0x46c590 GetLastActivePopup
0x46c594 GetKeyboardState
0x46c59c GetKeyboardLayout
0x46c5a0 GetKeyState
0x46c5a4 GetKeyNameTextA
0x46c5a8 GetIconInfo
0x46c5ac GetForegroundWindow
0x46c5b0 GetFocus
0x46c5b4 GetDesktopWindow
0x46c5b8 GetDCEx
0x46c5bc GetDC
0x46c5c0 GetCursorPos
0x46c5c4 GetCursor
0x46c5c8 GetClientRect
0x46c5cc GetClassNameA
0x46c5d0 GetClassInfoA
0x46c5d4 GetCapture
0x46c5d8 GetActiveWindow
0x46c5dc FrameRect
0x46c5e0 FindWindowA
0x46c5e4 FillRect
0x46c5e8 EqualRect
0x46c5ec EnumWindows
0x46c5f0 EnumThreadWindows
0x46c5f4 EndPaint
0x46c5f8 EnableWindow
0x46c5fc EnableScrollBar
0x46c600 EnableMenuItem
0x46c604 DrawTextA
0x46c608 DrawMenuBar
0x46c60c DrawIconEx
0x46c610 DrawIcon
0x46c614 DrawFrameControl
0x46c618 DrawEdge
0x46c61c DispatchMessageA
0x46c620 DestroyWindow
0x46c624 DestroyMenu
0x46c628 DestroyIcon
0x46c62c DestroyCursor
0x46c630 DeleteMenu
0x46c634 DefWindowProcA
0x46c638 DefMDIChildProcA
0x46c63c DefFrameProcA
0x46c640 CreateWindowExA
0x46c644 CreatePopupMenu
0x46c648 CreateMenu
0x46c64c CreateIcon
0x46c650 ClientToScreen
0x46c654 CheckMenuItem
0x46c658 CallWindowProcA
0x46c65c CallNextHookEx
0x46c660 BeginPaint
0x46c664 CharNextA
0x46c668 CharLowerA
0x46c66c AdjustWindowRectEx
Library kernel32.dll:
0x46c678 Sleep
Library oleaut32.dll:
0x46c680 SafeArrayPtrOfIndex
0x46c684 SafeArrayPutElement
0x46c688 SafeArrayGetElement
0x46c68c SafeArrayGetUBound
0x46c690 SafeArrayGetLBound
0x46c694 SafeArrayRedim
0x46c698 SafeArrayCreate
0x46c69c VariantChangeTypeEx
0x46c6a0 VariantCopyInd
0x46c6a4 VariantCopy
0x46c6a8 VariantClear
0x46c6ac VariantInit
Library comctl32.dll:
0x46c6bc ImageList_Write
0x46c6c0 ImageList_Read
0x46c6d0 ImageList_DragMove
0x46c6d4 ImageList_DragLeave
0x46c6d8 ImageList_DragEnter
0x46c6dc ImageList_EndDrag
0x46c6e0 ImageList_BeginDrag
0x46c6e4 ImageList_Remove
0x46c6e8 ImageList_DrawEx
0x46c6ec ImageList_Draw
0x46c6fc ImageList_Add
0x46c704 ImageList_Destroy
0x46c708 ImageList_Create
0x46c70c InitCommonControls

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 51808 114.114.114.114 53
192.168.56.101 51963 114.114.114.114 53
192.168.56.101 53380 114.114.114.114 53
192.168.56.101 55368 114.114.114.114 53
192.168.56.101 56539 114.114.114.114 53
192.168.56.101 60384 114.114.114.114 53
192.168.56.101 62912 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 123 20.189.79.72 time.windows.com 123
192.168.56.101 49713 224.0.0.252 5355
192.168.56.101 51378 224.0.0.252 5355
192.168.56.101 53237 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 58367 224.0.0.252 5355
192.168.56.101 60123 224.0.0.252 5355
192.168.56.101 61680 224.0.0.252 5355
192.168.56.101 62191 224.0.0.252 5355
192.168.56.101 62318 224.0.0.252 5355
192.168.56.101 65004 224.0.0.252 5355

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.