6.2
高危
53 个模型检测该样本为恶意!
重新分析
更多

d186ab113ab8f59563c8d997517f46abffccc858f593e99e871fd40c471d42d4

76a19649da901b936311070561b74dee.exe

分析耗时

38s

最近分析

文件大小

905.5KB
静态报毒 动态报毒 100% 4GW@ASPOOHEI AI SCORE=100 AIRX BRRNQS CLASSIC CONFIDENCE DELPHI DELPHILESS EGIT EHDJ FAREIT FSEMUJ GDSDA GENERICRXHW GRAFTOR HIGH CONFIDENCE IGENT LOKI MALWARE@#1EWXAWFIXO5KT QWLUZ R + MAL SCORE SMDD STATIC AI SUSGEN SUSPICIOUS PE TIGGRE UNSAFE ZELPHIF 更多
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
McAfee GenericRXHW-TO!76A19649DA90 20201230 6.0.6.653
Alibaba Trojan:Win32/Injector.c22b8487 20190527 0.3.0.5
Baidu 20190318 1.0.0.2
Avast Win32:Malware-gen 20201230 21.1.5827.0
Tencent Win32.Trojan.Crypt.Airx 20201230 1.0.0.1
Kingsoft 20201230 2017.9.26.565
CrowdStrike win/malicious_confidence_100% (W) 20190702 1.0
静态指标
The executable contains unknown PE section names indicative of a packer (could be a false positive) (3 个事件)
section CODE
section DATA
section BSS
The executable uses a known packer (1 个事件)
packer BobSoft Mini Delphi -> BoB / BobSoft
One or more processes crashed (1 个事件)
Time & API Arguments Status Return Repeated
1619654823.230875
__exception__
stacktrace: 
CreateFileMappingW+0xe5 OpenFileMappingW-0x29 kernelbase+0xdc73 @ 0x778edc73
GetFileVersion+0xa7 ND_RI2-0x2eb mscoreei+0xe97b @ 0x7501e97b
GetFileVersion+0x1bb ND_RI2-0x1d7 mscoreei+0xea8f @ 0x7501ea8f
RegisterShimImplCallback+0x48e5 CLRCreateInstance-0x13e6 mscoreei+0xb25a @ 0x7501b25a
RegisterShimImplCallback+0x4b52 CLRCreateInstance-0x1179 mscoreei+0xb4c7 @ 0x7501b4c7
RegisterShimImplCallback+0x4300 CLRCreateInstance-0x19cb mscoreei+0xac75 @ 0x7501ac75
RegisterShimImplCallback+0x4561 CLRCreateInstance-0x176a mscoreei+0xaed6 @ 0x7501aed6
CreateConfigStream+0xc89 _CorExeMain-0x62 mscoreei+0x5511 @ 0x75015511
_CorExeMain+0x2b _CorExeMain2-0x141 mscoreei+0x559e @ 0x7501559e
CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x75157f16
_CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x75154de3
76a19649da901b936311070561b74dee+0x56a4d @ 0x456a4d
76a19649da901b936311070561b74dee+0x4f254 @ 0x44f254
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1634372
registers.edi: 2
registers.eax: 1
registers.ebp: 1634412
registers.edx: 228
registers.ebx: 983045
registers.esi: 1634532
registers.ecx: 228
exception.symbol:
exception.exception_code: 0xc0000005
exception.address: 0xff4d14ad
success 0 0
行为判定
动态指标
One or more potentially interesting buffers were extracted, these generally contain injected code, configuration data, etc.
Allocates read-write-execute memory (usually to unpack itself) (30 个事件)
Time & API Arguments Status Return Repeated
1619649223.562212
NtAllocateVirtualMemory
process_identifier: 2456
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x003e0000
success 0 0
1619649240.609212
NtAllocateVirtualMemory
process_identifier: 2456
region_size: 24576
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00500000
success 0 0
1619649240.609212
NtAllocateVirtualMemory
process_identifier: 2456
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00520000
success 0 0
1619654822.308875
NtProtectVirtualMemory
process_identifier: 2244
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00400000
success 0 0
1619654822.371875
NtAllocateVirtualMemory
process_identifier: 2244
region_size: 1638400
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 8192 (MEM_RESERVE)
base_address: 0x01dd0000
success 0 0
1619654822.371875
NtAllocateVirtualMemory
process_identifier: 2244
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x01f20000
success 0 0
1619654822.371875
NtAllocateVirtualMemory
process_identifier: 2244
region_size: 319488
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x01dd0000
success 0 0
1619654822.371875
NtProtectVirtualMemory
process_identifier: 2244
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 294912
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x01dd2000
success 0 0
1619654822.652875
NtAllocateVirtualMemory
process_identifier: 2244
region_size: 1245184
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 8192 (MEM_RESERVE)
base_address: 0x01f80000
success 0 0
1619654822.652875
NtAllocateVirtualMemory
process_identifier: 2244
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x02070000
success 0 0
1619654823.152875
NtProtectVirtualMemory
process_identifier: 2244
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x01f72000
success 0 0
1619654823.152875
NtProtectVirtualMemory
process_identifier: 2244
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76351000
success 0 0
1619654823.152875
NtProtectVirtualMemory
process_identifier: 2244
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x01f72000
success 0 0
1619654823.152875
NtProtectVirtualMemory
process_identifier: 2244
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76353000
success 0 0
1619654823.152875
NtProtectVirtualMemory
process_identifier: 2244
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x01f72000
success 0 0
1619654823.152875
NtProtectVirtualMemory
process_identifier: 2244
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76354000
success 0 0
1619654823.152875
NtProtectVirtualMemory
process_identifier: 2244
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x01f72000
success 0 0
1619654823.152875
NtProtectVirtualMemory
process_identifier: 2244
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76351000
success 0 0
1619654823.152875
NtProtectVirtualMemory
process_identifier: 2244
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x01f72000
success 0 0
1619654823.152875
NtProtectVirtualMemory
process_identifier: 2244
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x77d4f000
success 0 0
1619654823.168875
NtProtectVirtualMemory
process_identifier: 2244
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x01f72000
success 0 0
1619654823.168875
NtProtectVirtualMemory
process_identifier: 2244
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76353000
success 0 0
1619654823.168875
NtProtectVirtualMemory
process_identifier: 2244
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x01f72000
success 0 0
1619654823.168875
NtProtectVirtualMemory
process_identifier: 2244
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76351000
success 0 0
1619654823.168875
NtProtectVirtualMemory
process_identifier: 2244
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x01f72000
success 0 0
1619654823.168875
NtProtectVirtualMemory
process_identifier: 2244
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76351000
success 0 0
1619654823.183875
NtProtectVirtualMemory
process_identifier: 2244
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x01f72000
success 0 0
1619654823.183875
NtProtectVirtualMemory
process_identifier: 2244
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76354000
success 0 0
1619654823.183875
NtProtectVirtualMemory
process_identifier: 2244
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x01f72000
success 0 0
1619654823.183875
NtProtectVirtualMemory
process_identifier: 2244
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76351000
success 0 0
Searches running processes potentially to identify processes for sandbox evasion, code injection or memory dumping (1 个事件)
The binary likely contains encrypted or compressed data indicative of a packer (2 个事件)
entropy 7.281983422323543 section {'size_of_data': '0x00044c00', 'virtual_address': '0x000a4000', 'entropy': 7.281983422323543, 'name': '.rsrc', 'virtual_size': '0x00044ad4'} description A section with a high entropy has been found
entropy 0.30403537866224434 description Overall entropy of this PE file is high
网络通信
Communicates with host for which no DNS query was performed (1 个事件)
host 172.217.24.14
Used NtSetContextThread to modify a thread in a remote process indicative of process injection (2 个事件)
Process injection Process 2456 called NtSetContextThread to modify thread in remote process 2244
Time & API Arguments Status Return Repeated
1619649241.249212
NtSetContextThread
thread_handle: 0x000000f8
registers.eip: 2010382788
registers.esp: 1638384
registers.edi: 0
registers.eax: 4882208
registers.ebp: 0
registers.edx: 0
registers.ebx: 2130567168
registers.esi: 0
registers.ecx: 0
process_identifier: 2244
success 0 0
Resumed a suspended thread in a remote process potentially indicative of process injection (2 个事件)
Process injection Process 2456 resumed a thread in remote process 2244
Time & API Arguments Status Return Repeated
1619649241.656212
NtResumeThread
thread_handle: 0x000000f8
suspend_count: 1
process_identifier: 2244
success 0 0
Executed a process and injected code into it, probably while unpacking (7 个事件)
Time & API Arguments Status Return Repeated
1619649241.202212
CreateProcessInternalW
thread_identifier: 884
thread_handle: 0x000000f8
process_identifier: 2244
current_directory:
filepath:
track: 1
command_line: "C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\76a19649da901b936311070561b74dee.exe"
filepath_r:
stack_pivoted: 0
creation_flags: 4 (CREATE_SUSPENDED)
process_handle: 0x000000fc
inherit_handles: 0
success 1 0
1619649241.202212
NtGetContextThread
thread_handle: 0x000000f8
success 0 0
1619649241.202212
NtUnmapViewOfSection
process_identifier: 2244
region_size: 4096
process_handle: 0x000000fc
base_address: 0x00400000
success 0 0
1619649241.202212
NtMapViewOfSection
section_handle: 0x00000104
process_identifier: 2244
commit_size: 696320
win32_protect: 64 (PAGE_EXECUTE_READWRITE)
buffer:
process_handle: 0x000000fc
allocation_type: 0 ()
section_offset: 0
view_size: 696320
base_address: 0x00400000
success 0 0
1619649241.234212
NtMapViewOfSection
section_handle: 0x00000100
process_identifier: 2244
commit_size: 4096
win32_protect: 64 (PAGE_EXECUTE_READWRITE)
buffer:
process_handle: 0x000000fc
allocation_type: 0 ()
section_offset: 0
view_size: 4096
base_address: 0x001e0000
success 0 0
1619649241.249212
NtSetContextThread
thread_handle: 0x000000f8
registers.eip: 2010382788
registers.esp: 1638384
registers.edi: 0
registers.eax: 4882208
registers.ebp: 0
registers.edx: 0
registers.ebx: 2130567168
registers.esi: 0
registers.ecx: 0
process_identifier: 2244
success 0 0
1619649241.656212
NtResumeThread
thread_handle: 0x000000f8
suspend_count: 1
process_identifier: 2244
success 0 0
File has been identified by 53 AntiVirus engines on VirusTotal as malicious (50 out of 53 个事件)
Elastic malicious (high confidence)
Cynet Malicious (score: 100)
McAfee GenericRXHW-TO!76A19649DA90
Cylance Unsafe
VIPRE Trojan.Win32.Generic!BT
Sangfor Malware
K7AntiVirus Spyware ( 005435701 )
Alibaba Trojan:Win32/Injector.c22b8487
K7GW Spyware ( 005435701 )
Cybereason malicious.9da901
Symantec Trojan.Gen.MBT
APEX Malicious
Paloalto generic.ml
Kaspersky HEUR:Trojan.Win32.Crypt.gen
BitDefender Gen:Variant.Graftor.615979
NANO-Antivirus Trojan.Win32.Crypt.fsemuj
MicroWorld-eScan Gen:Variant.Graftor.615979
Avast Win32:Malware-gen
Tencent Win32.Trojan.Crypt.Airx
Ad-Aware Gen:Variant.Graftor.615979
Emsisoft Gen:Variant.Graftor.615979 (B)
Comodo Malware@#1ewxawfixo5kt
F-Secure Dropper.DR/Delphi.qwluz
DrWeb Trojan.PWS.Stealer.19347
TrendMicro TrojanSpy.Win32.LOKI.SMDD.hp
McAfee-GW-Edition BehavesLike.Win32.Fareit.dc
MaxSecure Trojan.Malware.10374761.susgen
FireEye Generic.mg.76a19649da901b93
Sophos Mal/Generic-R + Mal/Fareit-V
Ikarus Trojan.Inject
GData Gen:Variant.Graftor.615979
Avira DR/Delphi.qwluz
Antiy-AVL Trojan/Win32.Crypt
Arcabit Trojan.Graftor.D9662B
AegisLab Trojan.Win32.Crypt.4!c
ZoneAlarm HEUR:Trojan.Win32.Crypt.gen
Microsoft Trojan:Win32/Tiggre!rfn
AhnLab-V3 Win-Trojan/Delphiless.Exp
Acronis suspicious
ALYac Gen:Variant.Graftor.615979
MAX malware (ai score=100)
ESET-NOD32 a variant of Win32/Injector.EGIT
TrendMicro-HouseCall TrojanSpy.Win32.LOKI.SMDD.hp
Rising Trojan.Injector!1.AFE3 (CLASSIC)
Yandex Trojan.Igent.bRRnqS.1
SentinelOne Static AI - Suspicious PE
eGambit Unsafe.AI_Score_99%
Fortinet W32/Injector.EHDJ!tr
BitDefenderTheta Gen:NN.ZelphiF.34700.4GW@aSpooHei
AVG Win32:Malware-gen
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

1992-01-19 20:30:44

Imports

Library kernel32.dll:
0x494164 VirtualFree
0x494168 VirtualAlloc
0x49416c LocalFree
0x494170 LocalAlloc
0x494174 GetTickCount
0x49417c GetVersion
0x494180 GetCurrentThreadId
0x49418c VirtualQuery
0x494190 WideCharToMultiByte
0x494194 MultiByteToWideChar
0x494198 lstrlenA
0x49419c lstrcpynA
0x4941a0 LoadLibraryExA
0x4941a4 GetThreadLocale
0x4941a8 GetStartupInfoA
0x4941ac GetProcAddress
0x4941b0 GetModuleHandleA
0x4941b4 GetModuleFileNameA
0x4941b8 GetLocaleInfoA
0x4941bc GetCommandLineA
0x4941c0 FreeLibrary
0x4941c4 FindFirstFileA
0x4941c8 FindClose
0x4941cc ExitProcess
0x4941d0 ExitThread
0x4941d4 CreateThread
0x4941d8 WriteFile
0x4941e0 RtlUnwind
0x4941e4 RaiseException
0x4941e8 GetStdHandle
Library user32.dll:
0x4941f0 GetKeyboardType
0x4941f4 LoadStringA
0x4941f8 MessageBoxA
0x4941fc CharNextA
Library advapi32.dll:
0x494204 RegQueryValueExA
0x494208 RegOpenKeyExA
0x49420c RegCloseKey
Library oleaut32.dll:
0x494214 SysFreeString
0x494218 SysReAllocStringLen
0x49421c SysAllocStringLen
Library kernel32.dll:
0x494224 TlsSetValue
0x494228 TlsGetValue
0x49422c LocalAlloc
0x494230 GetModuleHandleA
Library advapi32.dll:
0x494238 RegQueryValueExA
0x49423c RegOpenKeyExA
0x494240 RegCloseKey
Library kernel32.dll:
0x494248 lstrcpyA
0x49424c WriteFile
0x494250 WaitForSingleObject
0x494254 VirtualQuery
0x494258 VirtualAlloc
0x49425c SuspendThread
0x494260 Sleep
0x494264 SizeofResource
0x494268 SetThreadPriority
0x49426c SetThreadLocale
0x494270 SetFilePointer
0x494274 SetEvent
0x494278 SetErrorMode
0x49427c SetEndOfFile
0x494280 ResumeThread
0x494284 ResetEvent
0x494288 ReadFile
0x49428c MultiByteToWideChar
0x494290 MulDiv
0x494294 LockResource
0x494298 LoadResource
0x49429c LoadLibraryA
0x4942a8 GlobalUnlock
0x4942ac GlobalSize
0x4942b0 GlobalReAlloc
0x4942b4 GlobalHandle
0x4942b8 GlobalLock
0x4942bc GlobalFree
0x4942c0 GlobalFindAtomA
0x4942c4 GlobalDeleteAtom
0x4942c8 GlobalAlloc
0x4942cc GlobalAddAtomA
0x4942d0 GetVersionExA
0x4942d4 GetVersion
0x4942d8 GetUserDefaultLCID
0x4942dc GetTickCount
0x4942e0 GetThreadLocale
0x4942e4 GetTempPathA
0x4942e8 GetSystemInfo
0x4942ec GetStringTypeExA
0x4942f0 GetStdHandle
0x4942f4 GetProcAddress
0x4942f8 GetModuleHandleA
0x4942fc GetModuleFileNameA
0x494300 GetLocaleInfoA
0x494304 GetLocalTime
0x494308 GetLastError
0x49430c GetFullPathNameA
0x494310 GetFileSize
0x494314 GetExitCodeThread
0x494318 GetDiskFreeSpaceA
0x49431c GetDateFormatA
0x494320 GetCurrentThreadId
0x494324 GetCurrentProcessId
0x494328 GetComputerNameA
0x49432c GetCPInfo
0x494330 GetACP
0x494334 FreeResource
0x49433c InterlockedExchange
0x494344 FreeLibrary
0x494348 FormatMessageA
0x49434c FindResourceA
0x494350 FindFirstFileA
0x494354 FindClose
0x494360 EnumCalendarInfoA
0x49436c CreateThread
0x494370 CreateFileA
0x494374 CreateEventA
0x494378 CompareStringA
0x49437c CloseHandle
Library version.dll:
0x494384 VerQueryValueA
0x49438c GetFileVersionInfoA
Library gdi32.dll:
0x494394 UnrealizeObject
0x494398 TextOutA
0x49439c StretchBlt
0x4943a0 SetWindowOrgEx
0x4943a4 SetWinMetaFileBits
0x4943a8 SetViewportOrgEx
0x4943ac SetTextColor
0x4943b0 SetTextAlign
0x4943b4 SetStretchBltMode
0x4943b8 SetROP2
0x4943bc SetPixel
0x4943c0 SetMapMode
0x4943c4 SetEnhMetaFileBits
0x4943c8 SetDIBColorTable
0x4943cc SetBrushOrgEx
0x4943d0 SetBkMode
0x4943d4 SetBkColor
0x4943d8 SelectPalette
0x4943dc SelectObject
0x4943e0 SelectClipRgn
0x4943e4 ScaleWindowExtEx
0x4943e8 SaveDC
0x4943ec RoundRect
0x4943f0 RestoreDC
0x4943f4 Rectangle
0x4943f8 RectVisible
0x4943fc RealizePalette
0x494400 Polyline
0x494404 Polygon
0x494408 PlayEnhMetaFile
0x49440c Pie
0x494410 PatBlt
0x494414 MoveToEx
0x494418 MaskBlt
0x49441c LineTo
0x494420 LPtoDP
0x494424 IntersectClipRect
0x494428 GetWindowOrgEx
0x49442c GetWinMetaFileBits
0x494430 GetTextMetricsA
0x494438 GetTextAlign
0x494440 GetStockObject
0x494444 GetPixel
0x494448 GetPaletteEntries
0x49444c GetObjectA
0x49445c GetEnhMetaFileBits
0x494460 GetDeviceCaps
0x494464 GetDIBits
0x494468 GetDIBColorTable
0x49446c GetDCOrgEx
0x494474 GetClipBox
0x494478 GetBrushOrgEx
0x49447c GetBkMode
0x494480 GetBkColor
0x494484 GetBitmapBits
0x494488 ExtSelectClipRgn
0x49448c ExtCreatePen
0x494490 ExcludeClipRect
0x494494 Ellipse
0x494498 DeleteObject
0x49449c DeleteEnhMetaFile
0x4944a0 DeleteDC
0x4944a4 CreateSolidBrush
0x4944a8 CreateRectRgn
0x4944ac CreatePolygonRgn
0x4944b0 CreatePenIndirect
0x4944b4 CreatePalette
0x4944bc CreateFontIndirectA
0x4944c0 CreateEnhMetaFileA
0x4944c4 CreateDIBitmap
0x4944c8 CreateDIBSection
0x4944cc CreateCompatibleDC
0x4944d4 CreateBrushIndirect
0x4944d8 CreateBitmap
0x4944dc CopyEnhMetaFileA
0x4944e0 CloseEnhMetaFile
0x4944e4 BitBlt
0x4944e8 Arc
Library user32.dll:
0x4944f0 CreateWindowExA
0x4944f4 WindowFromPoint
0x4944f8 WinHelpA
0x4944fc WaitMessage
0x494500 UpdateWindow
0x494504 UnregisterClassA
0x494508 UnhookWindowsHookEx
0x49450c TranslateMessage
0x494514 TrackPopupMenu
0x49451c ShowWindow
0x494520 ShowScrollBar
0x494524 ShowOwnedPopups
0x494528 ShowCursor
0x49452c SetWindowsHookExA
0x494530 SetWindowPos
0x494534 SetWindowPlacement
0x494538 SetWindowLongA
0x49453c SetTimer
0x494540 SetScrollRange
0x494544 SetScrollPos
0x494548 SetScrollInfo
0x49454c SetRect
0x494550 SetPropA
0x494554 SetParent
0x494558 SetMenuItemInfoA
0x49455c SetMenu
0x494560 SetForegroundWindow
0x494564 SetFocus
0x494568 SetCursor
0x49456c SetClassLongA
0x494570 SetCapture
0x494574 SetActiveWindow
0x494578 SendMessageA
0x49457c ScrollWindow
0x494580 ScreenToClient
0x494584 RemovePropA
0x494588 RemoveMenu
0x49458c ReleaseDC
0x494590 ReleaseCapture
0x49459c RegisterClassA
0x4945a0 RedrawWindow
0x4945a4 PtInRect
0x4945a8 PostQuitMessage
0x4945ac PostMessageA
0x4945b0 PeekMessageA
0x4945b4 OffsetRect
0x4945b8 OemToCharA
0x4945c0 MessageBoxA
0x4945c4 MapWindowPoints
0x4945c8 MapVirtualKeyA
0x4945cc LoadStringA
0x4945d0 LoadKeyboardLayoutA
0x4945d4 LoadIconA
0x4945d8 LoadCursorA
0x4945dc LoadBitmapA
0x4945e0 KillTimer
0x4945e4 IsZoomed
0x4945e8 IsWindowVisible
0x4945ec IsWindowEnabled
0x4945f0 IsWindow
0x4945f4 IsRectEmpty
0x4945f8 IsIconic
0x4945fc IsDialogMessageA
0x494600 IsChild
0x494604 InvalidateRect
0x494608 IntersectRect
0x49460c InsertMenuItemA
0x494610 InsertMenuA
0x494614 InflateRect
0x49461c GetWindowTextA
0x494620 GetWindowRect
0x494624 GetWindowPlacement
0x494628 GetWindowLongA
0x49462c GetWindowDC
0x494630 GetTopWindow
0x494634 GetSystemMetrics
0x494638 GetSystemMenu
0x49463c GetSysColorBrush
0x494640 GetSysColor
0x494644 GetSubMenu
0x494648 GetScrollRange
0x49464c GetScrollPos
0x494650 GetScrollInfo
0x494654 GetPropA
0x494658 GetParent
0x49465c GetWindow
0x494660 GetMessageTime
0x494664 GetMenuStringA
0x494668 GetMenuState
0x49466c GetMenuItemInfoA
0x494670 GetMenuItemID
0x494674 GetMenuItemCount
0x494678 GetMenu
0x49467c GetLastActivePopup
0x494680 GetKeyboardState
0x494688 GetKeyboardLayout
0x49468c GetKeyState
0x494690 GetKeyNameTextA
0x494694 GetIconInfo
0x494698 GetForegroundWindow
0x49469c GetFocus
0x4946a0 GetDesktopWindow
0x4946a4 GetDCEx
0x4946a8 GetDC
0x4946ac GetCursorPos
0x4946b0 GetCursor
0x4946b4 GetClipboardData
0x4946b8 GetClientRect
0x4946bc GetClassNameA
0x4946c0 GetClassInfoA
0x4946c4 GetCapture
0x4946c8 GetActiveWindow
0x4946cc FrameRect
0x4946d0 FindWindowA
0x4946d4 FillRect
0x4946d8 EqualRect
0x4946dc EnumWindows
0x4946e0 EnumThreadWindows
0x4946e4 EndPaint
0x4946e8 EnableWindow
0x4946ec EnableScrollBar
0x4946f0 EnableMenuItem
0x4946f4 DrawTextA
0x4946f8 DrawMenuBar
0x4946fc DrawIconEx
0x494700 DrawIcon
0x494704 DrawFrameControl
0x494708 DrawEdge
0x49470c DispatchMessageA
0x494710 DestroyWindow
0x494714 DestroyMenu
0x494718 DestroyIcon
0x49471c DestroyCursor
0x494720 DeleteMenu
0x494724 DefWindowProcA
0x494728 DefMDIChildProcA
0x49472c DefFrameProcA
0x494730 CreatePopupMenu
0x494734 CreateMenu
0x494738 CreateIcon
0x49473c ClientToScreen
0x494740 CheckMenuItem
0x494744 CallWindowProcA
0x494748 CallNextHookEx
0x49474c BringWindowToTop
0x494750 BeginPaint
0x494754 CharNextA
0x494758 CharLowerBuffA
0x49475c CharLowerA
0x494760 CharUpperBuffA
0x494764 CharToOemA
0x494768 AdjustWindowRectEx
Library kernel32.dll:
0x494774 Sleep
Library oleaut32.dll:
0x49477c SafeArrayPtrOfIndex
0x494780 SafeArrayGetUBound
0x494784 SafeArrayGetLBound
0x494788 SafeArrayCreate
0x49478c VariantChangeType
0x494790 VariantCopy
0x494794 VariantClear
0x494798 VariantInit
Library ole32.dll:
0x4947a4 IsAccelerator
0x4947a8 OleDraw
0x4947b0 CoTaskMemFree
0x4947b4 ProgIDFromCLSID
0x4947b8 StringFromCLSID
0x4947bc CoCreateInstance
0x4947c0 CoGetClassObject
0x4947c4 CoUninitialize
0x4947c8 CoInitialize
0x4947cc IsEqualGUID
Library oleaut32.dll:
0x4947d4 GetErrorInfo
0x4947d8 GetActiveObject
0x4947dc SysFreeString
Library comctl32.dll:
0x4947ec ImageList_Write
0x4947f0 ImageList_Read
0x494800 ImageList_DragMove
0x494804 ImageList_DragLeave
0x494808 ImageList_DragEnter
0x49480c ImageList_EndDrag
0x494810 ImageList_BeginDrag
0x494814 ImageList_Remove
0x494818 ImageList_DrawEx
0x49481c ImageList_Draw
0x49482c ImageList_Add
0x494834 ImageList_Destroy
0x494838 ImageList_Create
Library comdlg32.dll:
0x494840 ReplaceTextA
0x494844 FindTextA

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 49235 114.114.114.114 53
192.168.56.101 56539 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 55368 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 60123 224.0.0.252 5355
192.168.56.101 62191 224.0.0.252 5355
192.168.56.101 1900 239.255.255.250 1900
192.168.56.101 56540 239.255.255.250 3702
192.168.56.101 56807 239.255.255.250 1900
192.168.56.101 58707 239.255.255.250 3702
192.168.56.101 65005 239.255.255.250 3702
192.168.56.101 65007 239.255.255.250 3702
192.168.56.101 49235 8.8.8.8 53
192.168.56.101 56539 8.8.8.8 53
192.168.56.101 65004 8.8.8.8 53

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.