6.0
高危
67 个模型检测该样本为恶意!
重新分析
更多

9f29fd71f472c2a9bedce6024dd398e54d76b21efeaf7a980e8560c65f7545be

7938745f040f983e1fa2d700e2db3753.exe

分析耗时

83s

最近分析

文件大小

436.0KB
静态报毒 动态报毒 100% AI SCORE=85 AIDETECTVM ATTRIBUTE ATUS AVPY BDVQ BGW@AKLGGGGC CDQU CLOUD CONFIDENCE ELDORADO FOALCC GENERICRXEQ GIMEMO GMIE HIGH CONFIDENCE HIGHCONFIDENCE KILLPROC LOCKSCREEN MALWARE2 NHBAJWIIZX8 OIUYA OP@5RBUBO R78730 SCORE SHELLSTARTUP SOMHOVERAN STRICTOR SUSGEN SUSPICIOUS PE TNEGA UNSAFE URAUSY WINLOCK 更多
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
McAfee GenericRXEQ-QT!7938745F040F 20200314 6.0.6.653
Alibaba Ransom:Win32/Gimemo.3fa2847c 20190527 0.3.0.5
CrowdStrike win/malicious_confidence_100% (W) 20190702 1.0
Baidu 20190318 1.0.0.2
Avast Win32:Agent-ATUS [Trj] 20200314 18.4.3895.0
Tencent Ransom.Win32.Gmie.a 20200314 1.0.0.1
Kingsoft 20200314 2013.8.14.323
静态指标
Queries for the computername (1 个事件)
Time & API Arguments Status Return Repeated
1620762803.109625
GetComputerNameA
computer_name: OSKAR-PC
success 1 0
The executable contains unknown PE section names indicative of a packer (could be a false positive) (3 个事件)
section CODE
section DATA
section BSS
The executable uses a known packer (1 个事件)
packer BobSoft Mini Delphi -> BoB / BobSoft
行为判定
动态指标
Allocates read-write-execute memory (usually to unpack itself) (1 个事件)
Time & API Arguments Status Return Repeated
1620762801.984625
NtAllocateVirtualMemory
process_identifier: 1912
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x01e80000
success 0 0
Searches running processes potentially to identify processes for sandbox evasion, code injection or memory dumping (2 个事件)
Repeatedly searches for a not-found process, you may want to run a web browser during analysis (50 out of 544 个事件)
Time & API Arguments Status Return Repeated
1620762803.843625
Process32NextW
process_name: 7938745f040f983e1fa2d700e2db3753.exe
snapshot_handle: 0x00000104
process_identifier: 1912
failed 0 0
1620762803.859625
Process32NextW
process_name: 7938745f040f983e1fa2d700e2db3753.exe
snapshot_handle: 0x00000104
process_identifier: 1912
failed 0 0
1620762840.984625
Process32NextW
process_name: explorer.exe
snapshot_handle: 0x00000104
process_identifier: 3008
failed 0 0
1620762841.000625
Process32NextW
process_name: explorer.exe
snapshot_handle: 0x00000104
process_identifier: 3008
failed 0 0
1620762841.797625
Process32NextW
process_name: 7938745f040f983e1fa2d700e2db3753.exe
snapshot_handle: 0x00000104
process_identifier: 1524
failed 0 0
1620762841.797625
Process32NextW
process_name: 7938745f040f983e1fa2d700e2db3753.exe
snapshot_handle: 0x00000104
process_identifier: 1524
failed 0 0
1620762841.797625
Process32NextW
process_name: 7938745f040f983e1fa2d700e2db3753.exe
snapshot_handle: 0x00000104
process_identifier: 1524
failed 0 0
1620762841.875625
Process32NextW
process_name: 7938745f040f983e1fa2d700e2db3753.exe
snapshot_handle: 0x00000104
process_identifier: 1524
failed 0 0
1620762841.875625
Process32NextW
process_name: 7938745f040f983e1fa2d700e2db3753.exe
snapshot_handle: 0x00000104
process_identifier: 1524
failed 0 0
1620762841.890625
Process32NextW
process_name: 7938745f040f983e1fa2d700e2db3753.exe
snapshot_handle: 0x00000104
process_identifier: 1524
failed 0 0
1620762841.984625
Process32NextW
process_name: 7938745f040f983e1fa2d700e2db3753.exe
snapshot_handle: 0x00000104
process_identifier: 1524
failed 0 0
1620762841.984625
Process32NextW
process_name: 7938745f040f983e1fa2d700e2db3753.exe
snapshot_handle: 0x00000104
process_identifier: 1524
failed 0 0
1620762841.984625
Process32NextW
process_name: 7938745f040f983e1fa2d700e2db3753.exe
snapshot_handle: 0x00000104
process_identifier: 1524
failed 0 0
1620762842.093625
Process32NextW
process_name: 7938745f040f983e1fa2d700e2db3753.exe
snapshot_handle: 0x00000104
process_identifier: 1524
failed 0 0
1620762842.093625
Process32NextW
process_name: 7938745f040f983e1fa2d700e2db3753.exe
snapshot_handle: 0x00000104
process_identifier: 1524
failed 0 0
1620762842.109625
Process32NextW
process_name: 7938745f040f983e1fa2d700e2db3753.exe
snapshot_handle: 0x00000104
process_identifier: 1524
failed 0 0
1620762842.203625
Process32NextW
process_name: 7938745f040f983e1fa2d700e2db3753.exe
snapshot_handle: 0x00000104
process_identifier: 1524
failed 0 0
1620762842.203625
Process32NextW
process_name: 7938745f040f983e1fa2d700e2db3753.exe
snapshot_handle: 0x00000104
process_identifier: 1524
failed 0 0
1620762842.218625
Process32NextW
process_name: 7938745f040f983e1fa2d700e2db3753.exe
snapshot_handle: 0x00000104
process_identifier: 1524
failed 0 0
1620762842.312625
Process32NextW
process_name: 7938745f040f983e1fa2d700e2db3753.exe
snapshot_handle: 0x00000104
process_identifier: 1524
failed 0 0
1620762842.312625
Process32NextW
process_name: 7938745f040f983e1fa2d700e2db3753.exe
snapshot_handle: 0x00000104
process_identifier: 1524
failed 0 0
1620762842.328625
Process32NextW
process_name: 7938745f040f983e1fa2d700e2db3753.exe
snapshot_handle: 0x00000104
process_identifier: 1524
failed 0 0
1620762842.422625
Process32NextW
process_name: 7938745f040f983e1fa2d700e2db3753.exe
snapshot_handle: 0x00000104
process_identifier: 1524
failed 0 0
1620762842.422625
Process32NextW
process_name: 7938745f040f983e1fa2d700e2db3753.exe
snapshot_handle: 0x00000104
process_identifier: 1524
failed 0 0
1620762842.422625
Process32NextW
process_name: 7938745f040f983e1fa2d700e2db3753.exe
snapshot_handle: 0x00000104
process_identifier: 1524
failed 0 0
1620762842.531625
Process32NextW
process_name: 7938745f040f983e1fa2d700e2db3753.exe
snapshot_handle: 0x00000104
process_identifier: 1524
failed 0 0
1620762842.531625
Process32NextW
process_name: 7938745f040f983e1fa2d700e2db3753.exe
snapshot_handle: 0x00000104
process_identifier: 1524
failed 0 0
1620762842.531625
Process32NextW
process_name: 7938745f040f983e1fa2d700e2db3753.exe
snapshot_handle: 0x00000104
process_identifier: 1524
failed 0 0
1620762842.640625
Process32NextW
process_name: 7938745f040f983e1fa2d700e2db3753.exe
snapshot_handle: 0x00000104
process_identifier: 1524
failed 0 0
1620762842.640625
Process32NextW
process_name: 7938745f040f983e1fa2d700e2db3753.exe
snapshot_handle: 0x00000104
process_identifier: 1524
failed 0 0
1620762842.640625
Process32NextW
process_name: 7938745f040f983e1fa2d700e2db3753.exe
snapshot_handle: 0x00000104
process_identifier: 1524
failed 0 0
1620762842.750625
Process32NextW
process_name: 7938745f040f983e1fa2d700e2db3753.exe
snapshot_handle: 0x00000104
process_identifier: 1524
failed 0 0
1620762842.750625
Process32NextW
process_name: 7938745f040f983e1fa2d700e2db3753.exe
snapshot_handle: 0x00000104
process_identifier: 1524
failed 0 0
1620762842.765625
Process32NextW
process_name: 7938745f040f983e1fa2d700e2db3753.exe
snapshot_handle: 0x00000104
process_identifier: 1524
failed 0 0
1620762842.859625
Process32NextW
process_name: 7938745f040f983e1fa2d700e2db3753.exe
snapshot_handle: 0x00000104
process_identifier: 1524
failed 0 0
1620762842.859625
Process32NextW
process_name: 7938745f040f983e1fa2d700e2db3753.exe
snapshot_handle: 0x00000104
process_identifier: 1524
failed 0 0
1620762842.875625
Process32NextW
process_name: 7938745f040f983e1fa2d700e2db3753.exe
snapshot_handle: 0x00000104
process_identifier: 1524
failed 0 0
1620762842.984625
Process32NextW
process_name: 7938745f040f983e1fa2d700e2db3753.exe
snapshot_handle: 0x00000104
process_identifier: 1524
failed 0 0
1620762842.984625
Process32NextW
process_name: 7938745f040f983e1fa2d700e2db3753.exe
snapshot_handle: 0x00000104
process_identifier: 1524
failed 0 0
1620762842.984625
Process32NextW
process_name: 7938745f040f983e1fa2d700e2db3753.exe
snapshot_handle: 0x00000104
process_identifier: 1524
failed 0 0
1620762843.078625
Process32NextW
process_name: 7938745f040f983e1fa2d700e2db3753.exe
snapshot_handle: 0x00000104
process_identifier: 1524
failed 0 0
1620762843.078625
Process32NextW
process_name: 7938745f040f983e1fa2d700e2db3753.exe
snapshot_handle: 0x00000104
process_identifier: 1524
failed 0 0
1620762843.078625
Process32NextW
process_name: 7938745f040f983e1fa2d700e2db3753.exe
snapshot_handle: 0x00000104
process_identifier: 1524
failed 0 0
1620762843.187625
Process32NextW
process_name: 7938745f040f983e1fa2d700e2db3753.exe
snapshot_handle: 0x00000104
process_identifier: 1524
failed 0 0
1620762843.187625
Process32NextW
process_name: 7938745f040f983e1fa2d700e2db3753.exe
snapshot_handle: 0x00000104
process_identifier: 1524
failed 0 0
1620762843.203625
Process32NextW
process_name: 7938745f040f983e1fa2d700e2db3753.exe
snapshot_handle: 0x00000104
process_identifier: 1524
failed 0 0
1620762843.297625
Process32NextW
process_name: 7938745f040f983e1fa2d700e2db3753.exe
snapshot_handle: 0x00000104
process_identifier: 1524
failed 0 0
1620762843.297625
Process32NextW
process_name: 7938745f040f983e1fa2d700e2db3753.exe
snapshot_handle: 0x00000104
process_identifier: 1524
failed 0 0
1620762843.312625
Process32NextW
process_name: 7938745f040f983e1fa2d700e2db3753.exe
snapshot_handle: 0x00000104
process_identifier: 1524
failed 0 0
1620762843.406625
Process32NextW
process_name: 7938745f040f983e1fa2d700e2db3753.exe
snapshot_handle: 0x00000104
process_identifier: 1524
failed 0 0
Terminates another process (4 个事件)
Time & API Arguments Status Return Repeated
1620762840.828625
NtTerminateProcess
status_code: 0x00000000
process_identifier: 1424
process_handle: 0x00000108
failed 0 0
1620762840.828625
NtTerminateProcess
status_code: 0x00000000
process_identifier: 1424
process_handle: 0x00000108
success 0 0
1620762841.203625
NtTerminateProcess
status_code: 0x00000000
process_identifier: 3008
process_handle: 0x0000010c
failed 0 0
1620762841.203625
NtTerminateProcess
status_code: 0x00000000
process_identifier: 3008
process_handle: 0x0000010c
success 0 0
网络通信
Communicates with host for which no DNS query was performed (3 个事件)
host 113.108.239.196
host 172.217.24.14
host 203.208.40.66
Installs itself for autorun at Windows startup (2 个事件)
reg_key HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell reg_value C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\7938745f040f983e1fa2d700e2db3753.exe
reg_key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce\userini reg_value C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\7938745f040f983e1fa2d700e2db3753.exe
File has been identified by 67 AntiVirus engines on VirusTotal as malicious (50 out of 67 个事件)
Bkav W32.AIDetectVM.malware2
MicroWorld-eScan Gen:Trojan.ShellStartup.BGW@aKlGgGgc
FireEye Generic.mg.7938745f040f983e
CAT-QuickHeal Ransom.Somhoveran.C8
McAfee GenericRXEQ-QT!7938745F040F
Cylance Unsafe
VIPRE Trojan.Win32.Generic!BT
SUPERAntiSpyware Trojan.Agent/Gen-Urausy
Sangfor Malware
K7AntiVirus Trojan ( 0043daac1 )
Alibaba Ransom:Win32/Gimemo.3fa2847c
K7GW Trojan ( 0043daac1 )
CrowdStrike win/malicious_confidence_100% (W)
Arcabit Trojan.ShellStartup.ED2665
TrendMicro Mal_LockScreen
F-Prot W32/A-54adbbab!Eldorado
Symantec ML.Attribute.HighConfidence
TotalDefense Win32/Tnega.AVPY
APEX Malicious
Paloalto generic.ml
ClamAV Win.Trojan.Gimemo-820
Kaspersky Trojan-Ransom.Win32.Gimemo.cdqu
BitDefender Gen:Trojan.ShellStartup.BGW@aKlGgGgc
NANO-Antivirus Trojan.Win32.Gimemo.foalcc
Avast Win32:Agent-ATUS [Trj]
Tencent Ransom.Win32.Gmie.a
Endgame malicious (high confidence)
Emsisoft Gen:Trojan.ShellStartup.BGW@aKlGgGgc (B)
Comodo TrojWare.Win32.Ransom.Gimemo.OP@5rbubo
F-Secure Trojan.TR/Strictor.oiuya
DrWeb Trojan.KillProc.44480
Zillya Trojan.Gimemo.Win32.6128
Invincea heuristic
McAfee-GW-Edition BehavesLike.Win32.Generic.gh
Trapmine suspicious.low.ml.score
CMC Trojan-Ransom.Win32!O
Sophos Mal/Generic-S
SentinelOne DFI - Suspicious PE
Cyren W32/A-54adbbab!Eldorado
Jiangmin Trojan/Gimemo.gmy
Webroot W32.Trojan.Gen
Avira TR/Strictor.oiuya
eGambit Unsafe.AI_Score_99%
Antiy-AVL Trojan[Ransom]/Win32.Gimemo.bdvq
Microsoft Ransom:Win32/Somhoveran.D!bit
ZoneAlarm Trojan-Ransom.Win32.Gimemo.cdqu
GData Win32.Trojan-Ransom.Somhoveran.A
TACHYON Ransom/W32.DP-Gimemo.446464
AhnLab-V3 Trojan/Win32.Gimemo.R78730
Acronis suspicious
Connects to IP addresses that are no longer responding to requests (legitimate services will remain up-and-running usually) (2 个事件)
dead_host 172.217.24.14:443
dead_host 172.217.160.110:443
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

1992-06-20 06:22:17

Imports

Library kernel32.dll:
0x45913c VirtualFree
0x459140 VirtualAlloc
0x459144 LocalFree
0x459148 LocalAlloc
0x45914c GetVersion
0x459150 GetCurrentThreadId
0x45915c VirtualQuery
0x459160 WideCharToMultiByte
0x459164 MultiByteToWideChar
0x459168 lstrlenA
0x45916c lstrcpynA
0x459170 LoadLibraryExA
0x459174 GetThreadLocale
0x459178 GetStartupInfoA
0x45917c GetProcAddress
0x459180 GetModuleHandleA
0x459184 GetModuleFileNameA
0x459188 GetLocaleInfoA
0x45918c GetCommandLineA
0x459190 FreeLibrary
0x459194 FindFirstFileA
0x459198 FindClose
0x45919c ExitProcess
0x4591a0 WriteFile
0x4591a8 RtlUnwind
0x4591ac RaiseException
0x4591b0 GetStdHandle
Library user32.dll:
0x4591b8 GetKeyboardType
0x4591bc LoadStringA
0x4591c0 MessageBoxA
0x4591c4 CharNextA
Library advapi32.dll:
0x4591cc RegQueryValueExA
0x4591d0 RegOpenKeyExA
0x4591d4 RegCloseKey
Library oleaut32.dll:
0x4591dc SysFreeString
0x4591e0 SysReAllocStringLen
0x4591e4 SysAllocStringLen
Library kernel32.dll:
0x4591ec TlsSetValue
0x4591f0 TlsGetValue
0x4591f4 LocalAlloc
0x4591f8 GetModuleHandleA
Library advapi32.dll:
0x459200 RegSetValueExA
0x459204 RegQueryValueExA
0x459208 RegOpenKeyExA
0x45920c RegFlushKey
0x459210 RegDeleteValueA
0x459214 RegCreateKeyExA
0x459218 RegCloseKey
0x45921c OpenProcessToken
Library kernel32.dll:
0x45922c lstrcpyA
0x459234 WriteFile
0x459238 WaitForSingleObject
0x45923c VirtualQuery
0x459240 VirtualAlloc
0x459244 TerminateProcess
0x459248 Sleep
0x45924c SizeofResource
0x459250 SetThreadLocale
0x459254 SetFilePointer
0x459258 SetEvent
0x45925c SetErrorMode
0x459260 SetEndOfFile
0x459264 ResetEvent
0x459268 ReadFile
0x45926c OpenProcess
0x459270 MulDiv
0x459274 LockResource
0x459278 LoadResource
0x45927c LoadLibraryA
0x459288 GlobalUnlock
0x45928c GlobalReAlloc
0x459290 GlobalHandle
0x459294 GlobalLock
0x459298 GlobalFree
0x45929c GlobalFindAtomA
0x4592a0 GlobalDeleteAtom
0x4592a4 GlobalAlloc
0x4592a8 GlobalAddAtomA
0x4592b0 GetVersionExA
0x4592b4 GetVersion
0x4592b8 GetTickCount
0x4592bc GetThreadLocale
0x4592c0 GetSystemInfo
0x4592c4 GetStringTypeExA
0x4592c8 GetStdHandle
0x4592cc GetProcAddress
0x4592d4 GetModuleHandleA
0x4592d8 GetModuleFileNameA
0x4592dc GetLocaleInfoA
0x4592e0 GetLocalTime
0x4592e4 GetLastError
0x4592e8 GetFullPathNameA
0x4592ec GetDiskFreeSpaceA
0x4592f0 GetDateFormatA
0x4592f4 GetCurrentThreadId
0x4592f8 GetCurrentProcessId
0x4592fc GetCurrentProcess
0x459300 GetComputerNameA
0x459304 GetCPInfo
0x459308 GetACP
0x45930c FreeResource
0x459310 InterlockedExchange
0x459314 FreeLibrary
0x459318 FormatMessageA
0x45931c FindResourceA
0x459320 EnumCalendarInfoA
0x45932c CreateThread
0x459330 CreateFileA
0x459334 CreateEventA
0x459338 CompareStringA
0x45933c CloseHandle
Library version.dll:
0x459344 VerQueryValueA
0x45934c GetFileVersionInfoA
Library gdi32.dll:
0x459354 UnrealizeObject
0x459358 StretchBlt
0x45935c SetWindowOrgEx
0x459360 SetViewportOrgEx
0x459364 SetTextColor
0x459368 SetStretchBltMode
0x45936c SetROP2
0x459370 SetPixel
0x459374 SetDIBColorTable
0x459378 SetBrushOrgEx
0x45937c SetBkMode
0x459380 SetBkColor
0x459384 SelectPalette
0x459388 SelectObject
0x45938c SelectClipRgn
0x459390 SaveDC
0x459394 RestoreDC
0x459398 RectVisible
0x45939c RealizePalette
0x4593a0 PatBlt
0x4593a4 MoveToEx
0x4593a8 MaskBlt
0x4593ac LineTo
0x4593b0 IntersectClipRect
0x4593b4 GetWindowOrgEx
0x4593b8 GetTextMetricsA
0x4593c4 GetStockObject
0x4593c8 GetPixel
0x4593cc GetPaletteEntries
0x4593d0 GetObjectA
0x4593d4 GetDeviceCaps
0x4593d8 GetDIBits
0x4593dc GetDIBColorTable
0x4593e0 GetDCOrgEx
0x4593e8 GetClipBox
0x4593ec GetBrushOrgEx
0x4593f0 GetBitmapBits
0x4593f4 ExcludeClipRect
0x4593f8 DeleteObject
0x4593fc DeleteDC
0x459400 CreateSolidBrush
0x459404 CreatePenIndirect
0x459408 CreatePalette
0x459410 CreateFontIndirectA
0x459414 CreateDIBitmap
0x459418 CreateDIBSection
0x45941c CreateCompatibleDC
0x459424 CreateBrushIndirect
0x459428 CreateBitmap
0x45942c BitBlt
Library user32.dll:
0x459434 CreateWindowExA
0x459438 WindowFromPoint
0x45943c WinHelpA
0x459440 WaitMessage
0x459444 UpdateWindow
0x459448 UnregisterClassA
0x45944c UnhookWindowsHookEx
0x459450 TranslateMessage
0x459458 TrackPopupMenu
0x459460 ShowWindow
0x459464 ShowScrollBar
0x459468 ShowOwnedPopups
0x45946c ShowCursor
0x459470 SetWindowsHookExA
0x459474 SetWindowTextA
0x459478 SetWindowPos
0x45947c SetWindowPlacement
0x459480 SetWindowLongA
0x459484 SetTimer
0x459488 SetScrollRange
0x45948c SetScrollPos
0x459490 SetScrollInfo
0x459494 SetRect
0x459498 SetPropA
0x45949c SetParent
0x4594a0 SetMenuItemInfoA
0x4594a4 SetMenu
0x4594a8 SetForegroundWindow
0x4594ac SetFocus
0x4594b0 SetCursor
0x4594b4 SetClassLongA
0x4594b8 SetCapture
0x4594bc SetActiveWindow
0x4594c0 SendMessageA
0x4594c4 ScrollWindow
0x4594c8 ScreenToClient
0x4594cc RemovePropA
0x4594d0 RemoveMenu
0x4594d4 ReleaseDC
0x4594d8 ReleaseCapture
0x4594e4 RegisterClassA
0x4594e8 RedrawWindow
0x4594ec PtInRect
0x4594f0 PostQuitMessage
0x4594f4 PostMessageA
0x4594f8 PeekMessageA
0x4594fc OffsetRect
0x459500 OemToCharA
0x459504 MessageBoxA
0x459508 MapWindowPoints
0x45950c MapVirtualKeyA
0x459510 LoadStringA
0x459514 LoadKeyboardLayoutA
0x459518 LoadIconA
0x45951c LoadCursorA
0x459520 LoadBitmapA
0x459524 KillTimer
0x459528 IsZoomed
0x45952c IsWindowVisible
0x459530 IsWindowEnabled
0x459534 IsWindow
0x459538 IsRectEmpty
0x45953c IsIconic
0x459540 IsDialogMessageA
0x459544 IsChild
0x459548 InvalidateRect
0x45954c IntersectRect
0x459550 InsertMenuItemA
0x459554 InsertMenuA
0x459558 InflateRect
0x459560 GetWindowTextA
0x459564 GetWindowRect
0x459568 GetWindowPlacement
0x45956c GetWindowLongA
0x459570 GetWindowDC
0x459574 GetTopWindow
0x459578 GetSystemMetrics
0x45957c GetSystemMenu
0x459580 GetSysColorBrush
0x459584 GetSysColor
0x459588 GetSubMenu
0x45958c GetScrollRange
0x459590 GetScrollPos
0x459594 GetScrollInfo
0x459598 GetPropA
0x45959c GetParent
0x4595a0 GetWindow
0x4595a4 GetMessageTime
0x4595a8 GetMenuStringA
0x4595ac GetMenuState
0x4595b0 GetMenuItemInfoA
0x4595b4 GetMenuItemID
0x4595b8 GetMenuItemCount
0x4595bc GetMenu
0x4595c0 GetLastActivePopup
0x4595c4 GetKeyboardState
0x4595cc GetKeyboardLayout
0x4595d0 GetKeyState
0x4595d4 GetKeyNameTextA
0x4595d8 GetIconInfo
0x4595dc GetForegroundWindow
0x4595e0 GetFocus
0x4595e4 GetDesktopWindow
0x4595e8 GetDCEx
0x4595ec GetDC
0x4595f0 GetCursorPos
0x4595f4 GetCursor
0x4595f8 GetClientRect
0x4595fc GetClassNameA
0x459600 GetClassInfoA
0x459604 GetCapture
0x459608 GetActiveWindow
0x45960c FrameRect
0x459610 FindWindowA
0x459614 FillRect
0x459618 ExitWindowsEx
0x45961c EqualRect
0x459620 EnumWindows
0x459624 EnumThreadWindows
0x459628 EndPaint
0x45962c EnableWindow
0x459630 EnableScrollBar
0x459634 EnableMenuItem
0x459638 DrawTextA
0x45963c DrawMenuBar
0x459640 DrawIconEx
0x459644 DrawIcon
0x459648 DrawFrameControl
0x45964c DrawEdge
0x459650 DispatchMessageA
0x459654 DestroyWindow
0x459658 DestroyMenu
0x45965c DestroyIcon
0x459660 DestroyCursor
0x459664 DeleteMenu
0x459668 DefWindowProcA
0x45966c DefMDIChildProcA
0x459670 DefFrameProcA
0x459674 CreatePopupMenu
0x459678 CreateMenu
0x45967c CreateIcon
0x459680 ClientToScreen
0x459684 CheckMenuItem
0x459688 CallWindowProcA
0x45968c CallNextHookEx
0x459690 BeginPaint
0x459694 CharNextA
0x459698 CharLowerA
0x45969c CharToOemA
0x4596a0 AdjustWindowRectEx
Library kernel32.dll:
0x4596ac Sleep
Library oleaut32.dll:
0x4596b4 SafeArrayPtrOfIndex
0x4596b8 SafeArrayGetUBound
0x4596bc SafeArrayGetLBound
0x4596c0 SafeArrayCreate
0x4596c4 VariantChangeType
0x4596c8 VariantCopy
0x4596cc VariantClear
0x4596d0 VariantInit
Library comctl32.dll:
0x4596e0 ImageList_Write
0x4596e4 ImageList_Read
0x4596f4 ImageList_DragMove
0x4596f8 ImageList_DragLeave
0x4596fc ImageList_DragEnter
0x459700 ImageList_EndDrag
0x459704 ImageList_BeginDrag
0x459708 ImageList_Remove
0x45970c ImageList_DrawEx
0x459710 ImageList_Draw
0x459720 ImageList_Add
0x45972c ImageList_Destroy
0x459730 ImageList_Create
Library shell32.dll:
0x459738 ShellExecuteA

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 49235 114.114.114.114 53
192.168.56.101 51808 114.114.114.114 53
192.168.56.101 56539 114.114.114.114 53
192.168.56.101 57236 114.114.114.114 53
192.168.56.101 60123 114.114.114.114 53
192.168.56.101 63429 114.114.114.114 53
192.168.56.101 65004 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 123 20.189.79.72 time.windows.com 123
192.168.56.101 49713 224.0.0.252 5355
192.168.56.101 50568 224.0.0.252 5355
192.168.56.101 51378 224.0.0.252 5355
192.168.56.101 53210 224.0.0.252 5355
192.168.56.101 53237 224.0.0.252 5355
192.168.56.101 55368 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 58367 224.0.0.252 5355
192.168.56.101 62191 224.0.0.252 5355
192.168.56.101 62318 224.0.0.252 5355

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.