6.4
高危
53 个模型检测该样本为恶意!
重新分析
更多

b5284e16713a92f09e10c3aa7a63815f0e05ce757a6257917fb1aae8d85de8fb

7a2437300558cfa7099f4c412f396cfb.exe

分析耗时

76s

最近分析

文件大小

640.0KB
静态报毒 动态报毒 100% AI SCORE=88 AQIWE CLOUD CONFIDENCE DOWNLOADER34 EMOTET GENCIRC GENERICKDZ GENETIC HIGH CONFIDENCE HSNZBU HYKCW4CA KCLOUD MALWARE@#36RHTG11N6V7H R + TROJ R348605 SAVE SCORE SUSGEN UNSAFE YNKXW0ICUY YRNT 更多
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
CrowdStrike win/malicious_confidence_100% (W) 20210203 1.0
Alibaba Trojan:Win32/Emotet.996afa45 20190527 0.3.0.5
Baidu 20190318 1.0.0.2
Avast Win32:Malware-gen 20210312 21.1.5827.0
Kingsoft Win32.Hack.Emotet.cg.(kcloud) 20210313 2017.9.26.565
McAfee Emotet-FRV!7A2437300558 20210312 6.0.6.653
Tencent Malware.Win32.Gencirc.10cde86b 20210313 1.0.0.1
静态指标
Queries for the computername (1 个事件)
Time & API Arguments Status Return Repeated
1619666783.588125
GetComputerNameA
computer_name: OSKAR-PC
success 1 0
Uses Windows APIs to generate a cryptographic key (4 个事件)
Time & API Arguments Status Return Repeated
1619666775.275125
CryptGenKey
crypto_handle: 0x006250c0
algorithm_identifier: 0x0000660e ()
provider_handle: 0x00624a88
flags: 1
key: f!!á¹^z³쀞Ä,¤PÝ
success 1 0
1619666783.603125
CryptExportKey
crypto_handle: 0x006250c0
crypto_export_handle: 0x00624b50
buffer: f¤à›ì!sõ¯sÐ)3bc2±ûÕ¦é"ùµ:”À@môI£§ÑÓ©¨<oËz‡ œRÆ`Á3†µØt׸……­8\…6ÜöQ2c Ê”a®± Ù$i‘Ã0¯eûtݍƒ·„±I
blob_type: 1
flags: 64
success 1 0
1619666819.088125
CryptExportKey
crypto_handle: 0x006250c0
crypto_export_handle: 0x00624b50
buffer: f¤nã{ax÷[~tHP³&…PEvâZ×Ó½§“‘WŽ NH;Á+LM4híC÷Çfô Ñr˜Â|qW³Ñ&CÌæÒg F~Kǘ¾Z €&𲨀Å7¬m,ç:KdÀY9
blob_type: 1
flags: 64
success 1 0
1619666823.728125
CryptExportKey
crypto_handle: 0x006250c0
crypto_export_handle: 0x00624b50
buffer: f¤-23ß #})ô¤ÍÑ*®ß„´ pÈZ¿Bæ1~j4oÆ{<Á+ԀÎ@"TO² §Fà‡©2ozâﮜi`Í]¨Ê&f/+ò¤ï­ÞÏ·òB–&¾äs,L =ƒ
blob_type: 1
flags: 64
success 1 0
行为判定
动态指标
Allocates read-write-execute memory (usually to unpack itself) (1 个事件)
Time & API Arguments Status Return Repeated
1619666774.822125
NtAllocateVirtualMemory
process_identifier: 880
region_size: 36864
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x004e0000
success 0 0
Foreign language identified in PE resource (50 out of 66 个事件)
name RT_CURSOR language LANG_CHINESE offset 0x00066f04 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000134
name RT_CURSOR language LANG_CHINESE offset 0x00066f04 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000134
name RT_CURSOR language LANG_CHINESE offset 0x00066f04 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000134
name RT_CURSOR language LANG_CHINESE offset 0x00066f04 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000134
name RT_CURSOR language LANG_CHINESE offset 0x00066f04 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000134
name RT_CURSOR language LANG_CHINESE offset 0x00066f04 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000134
name RT_CURSOR language LANG_CHINESE offset 0x00066f04 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000134
name RT_CURSOR language LANG_CHINESE offset 0x00066f04 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000134
name RT_CURSOR language LANG_CHINESE offset 0x00066f04 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000134
name RT_CURSOR language LANG_CHINESE offset 0x00066f04 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000134
name RT_CURSOR language LANG_CHINESE offset 0x00066f04 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000134
name RT_CURSOR language LANG_CHINESE offset 0x00066f04 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000134
name RT_CURSOR language LANG_CHINESE offset 0x00066f04 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000134
name RT_CURSOR language LANG_CHINESE offset 0x00066f04 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000134
name RT_CURSOR language LANG_CHINESE offset 0x00066f04 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000134
name RT_CURSOR language LANG_CHINESE offset 0x00066f04 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000134
name RT_BITMAP language LANG_CHINESE offset 0x00067618 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000144
name RT_BITMAP language LANG_CHINESE offset 0x00067618 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000144
name RT_BITMAP language LANG_CHINESE offset 0x00067618 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000144
name RT_ICON language LANG_CHINESE offset 0x0008eab4 filetype GLS_BINARY_LSB_FIRST sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000468
name RT_ICON language LANG_CHINESE offset 0x0008eab4 filetype GLS_BINARY_LSB_FIRST sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000468
name RT_ICON language LANG_CHINESE offset 0x0008eab4 filetype GLS_BINARY_LSB_FIRST sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000468
name RT_ICON language LANG_CHINESE offset 0x0008eab4 filetype GLS_BINARY_LSB_FIRST sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000468
name RT_ICON language LANG_CHINESE offset 0x0008eab4 filetype GLS_BINARY_LSB_FIRST sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000468
name RT_ICON language LANG_CHINESE offset 0x0008eab4 filetype GLS_BINARY_LSB_FIRST sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000468
name RT_ICON language LANG_CHINESE offset 0x0008eab4 filetype GLS_BINARY_LSB_FIRST sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000468
name RT_ICON language LANG_CHINESE offset 0x0008eab4 filetype GLS_BINARY_LSB_FIRST sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000468
name RT_DIALOG language LANG_CHINESE offset 0x0008f87c filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000034
name RT_DIALOG language LANG_CHINESE offset 0x0008f87c filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000034
name RT_DIALOG language LANG_CHINESE offset 0x0008f87c filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000034
name RT_DIALOG language LANG_CHINESE offset 0x0008f87c filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000034
name RT_DIALOG language LANG_CHINESE offset 0x0008f87c filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000034
name RT_DIALOG language LANG_CHINESE offset 0x0008f87c filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000034
name RT_DIALOG language LANG_CHINESE offset 0x0008f87c filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000034
name RT_STRING language LANG_CHINESE offset 0x00090264 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000030
name RT_STRING language LANG_CHINESE offset 0x00090264 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000030
name RT_STRING language LANG_CHINESE offset 0x00090264 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000030
name RT_STRING language LANG_CHINESE offset 0x00090264 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000030
name RT_STRING language LANG_CHINESE offset 0x00090264 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000030
name RT_STRING language LANG_CHINESE offset 0x00090264 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000030
name RT_STRING language LANG_CHINESE offset 0x00090264 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000030
name RT_STRING language LANG_CHINESE offset 0x00090264 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000030
name RT_STRING language LANG_CHINESE offset 0x00090264 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000030
name RT_STRING language LANG_CHINESE offset 0x00090264 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000030
name RT_STRING language LANG_CHINESE offset 0x00090264 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000030
name RT_STRING language LANG_CHINESE offset 0x00090264 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000030
name RT_STRING language LANG_CHINESE offset 0x00090264 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000030
name RT_STRING language LANG_CHINESE offset 0x00090264 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000030
name RT_RCDATA language LANG_CHINESE offset 0x0009ce94 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00008333
name RT_RCDATA language LANG_CHINESE offset 0x0009ce94 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00008333
Checks adapter addresses which can be used to detect virtual network interfaces (1 个事件)
Time & API Arguments Status Return Repeated
1619666784.228125
GetAdaptersAddresses
flags: 0
family: 0
failed 111 0
Expresses interest in specific running processes (1 个事件)
process 7a2437300558cfa7099f4c412f396cfb.exe
Reads the systems User Agent and subsequently performs requests (1 个事件)
Time & API Arguments Status Return Repeated
1619666783.838125
InternetOpenW
proxy_bypass:
access_type: 0
proxy_name:
flags: 0
user_agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
success 13369348 0
网络通信
Communicates with host for which no DNS query was performed (4 个事件)
host 172.217.24.14
host 67.205.85.243
host 69.30.203.214
host 75.139.38.211
Sets or modifies WPAD proxy autoconfiguration file for traffic interception (8 个事件)
Time & API Arguments Status Return Repeated
1619666786.791125
RegSetValueExA
key_handle: 0x000003bc
value: 1
regkey_r: WpadDecisionReason
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionReason
success 0 0
1619666786.791125
RegSetValueExA
key_handle: 0x000003bc
value: pÖ5‡}<×
regkey_r: WpadDecisionTime
reg_type: 3 (REG_BINARY)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionTime
success 0 0
1619666786.791125
RegSetValueExA
key_handle: 0x000003bc
value: 3
regkey_r: WpadDecision
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecision
success 0 0
1619666786.791125
RegSetValueExW
key_handle: 0x000003bc
value: 网络 2
regkey_r: WpadNetworkName
reg_type: 1 (REG_SZ)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadNetworkName
success 0 0
1619666786.791125
RegSetValueExA
key_handle: 0x000003d4
value: 1
regkey_r: WpadDecisionReason
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionReason
success 0 0
1619666786.791125
RegSetValueExA
key_handle: 0x000003d4
value: pÖ5‡}<×
regkey_r: WpadDecisionTime
reg_type: 3 (REG_BINARY)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionTime
success 0 0
1619666786.791125
RegSetValueExA
key_handle: 0x000003d4
value: 3
regkey_r: WpadDecision
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecision
success 0 0
1619666786.806125
RegSetValueExW
key_handle: 0x000003b8
value: {40112ABE-63B3-43C3-BE93-1440EE3AF106}
regkey_r: WpadLastNetwork
reg_type: 1 (REG_SZ)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\WpadLastNetwork
success 0 0
File has been identified by 53 AntiVirus engines on VirusTotal as malicious (50 out of 53 个事件)
Elastic malicious (high confidence)
MicroWorld-eScan Trojan.GenericKDZ.69511
FireEye Generic.mg.7a2437300558cfa7
ALYac Trojan.Agent.Emotet
Cylance Unsafe
Zillya Backdoor.Emotet.Win32.1009
SUPERAntiSpyware Trojan.Agent/Gen-Emotet
Sangfor Trojan.Win32.Save.a
CrowdStrike win/malicious_confidence_100% (W)
Alibaba Trojan:Win32/Emotet.996afa45
K7GW Trojan ( 005600261 )
K7AntiVirus Trojan ( 005600261 )
Cyren W32/Emotet.YRNT-5026
Symantec Trojan.Emotet
APEX Malicious
Avast Win32:Malware-gen
ClamAV Win.Dropper.Emotet-9808510-0
Kaspersky HEUR:Backdoor.Win32.Emotet.vho
BitDefender Trojan.GenericKDZ.69511
NANO-Antivirus Trojan.Win32.Emotet.hsnzbu
Paloalto generic.ml
ViRobot Trojan.Win32.Emotet.655360.C
Rising Backdoor.Emotet!8.514D (CLOUD)
Ad-Aware Trojan.GenericKDZ.69511
TACHYON Trojan/W32.Emotet.655360.B
Emsisoft Trojan.Emotet (A)
Comodo Malware@#36rhtg11n6v7h
DrWeb Trojan.DownLoader34.24759
VIPRE Trojan.Win32.Generic!BT
McAfee-GW-Edition BehavesLike.Win32.Emotet.jh
Sophos Mal/Generic-R + Troj/Emotet-CLF
ESET-NOD32 Win32/Emotet.CD
Avira TR/AD.Emotet.aqiwe
eGambit Generic.Malware
Kingsoft Win32.Hack.Emotet.cg.(kcloud)
Gridinsoft Trojan.Win32.Emotet.oa
Microsoft Trojan:Win32/Emotet.ARJ!MTB
AegisLab Trojan.Win32.Emotet.L!c
GData Trojan.GenericKDZ.69511
Cynet Malicious (score: 100)
AhnLab-V3 Trojan/Win32.Emotet.R348605
McAfee Emotet-FRV!7A2437300558
MAX malware (ai score=88)
Malwarebytes Trojan.MalPack.TRE
Tencent Malware.Win32.Gencirc.10cde86b
Yandex Trojan.Emotet!/Ynkxw0icuY
Ikarus Trojan-Banker.Emotet
MaxSecure Trojan.Malware.121218.susgen
Fortinet W32/Emotet.6DC5!tr
AVG Win32:Malware-gen
Connects to IP addresses that are no longer responding to requests (legitimate services will remain up-and-running usually) (4 个事件)
dead_host 69.30.203.214:8080
dead_host 67.205.85.243:8080
dead_host 192.168.56.101:49180
dead_host 75.139.38.211:80
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

2020-08-17 05:39:26

Imports

Library KERNEL32.dll:
0x4480d0 GetFileAttributesA
0x4480d4 GetFileTime
0x4480d8 GetTickCount
0x4480dc RtlUnwind
0x4480e0 HeapFree
0x4480e4 TerminateProcess
0x4480f0 IsDebuggerPresent
0x4480f4 RaiseException
0x4480f8 HeapAlloc
0x4480fc HeapReAlloc
0x448100 VirtualProtect
0x448104 VirtualAlloc
0x448108 GetSystemInfo
0x44810c VirtualQuery
0x448110 GetCommandLineA
0x448114 GetProcessHeap
0x448118 GetStartupInfoA
0x44811c HeapSize
0x448120 HeapDestroy
0x448124 HeapCreate
0x448128 VirtualFree
0x44812c SetHandleCount
0x448130 GetFileType
0x448134 GetConsoleCP
0x448138 GetConsoleMode
0x44813c Sleep
0x448140 GetACP
0x448144 LCMapStringA
0x448148 LCMapStringW
0x448164 GetStringTypeA
0x448168 GetStringTypeW
0x448170 WriteConsoleA
0x448174 GetConsoleOutputCP
0x448178 WriteConsoleW
0x44817c SetStdHandle
0x448180 GetUserDefaultLCID
0x448184 EnumSystemLocalesA
0x448188 IsValidLocale
0x44818c IsValidCodePage
0x448190 GetLocaleInfoW
0x44819c SetErrorMode
0x4481a0 CreateFileA
0x4481a4 GetFullPathNameA
0x4481ac FindFirstFileA
0x4481b0 FindClose
0x4481b4 GetCurrentProcess
0x4481b8 DuplicateHandle
0x4481bc GetFileSize
0x4481c0 SetEndOfFile
0x4481c4 UnlockFile
0x4481c8 LockFile
0x4481cc FlushFileBuffers
0x4481d0 SetFilePointer
0x4481d4 WriteFile
0x4481d8 ReadFile
0x4481e4 GetThreadLocale
0x4481e8 GetOEMCP
0x4481ec GetCPInfo
0x4481f4 TlsFree
0x4481fc LocalReAlloc
0x448200 TlsSetValue
0x448204 TlsAlloc
0x44820c GlobalHandle
0x448210 GlobalReAlloc
0x448218 TlsGetValue
0x448220 LocalAlloc
0x448224 GlobalFlags
0x448228 GetCurrentProcessId
0x44822c CloseHandle
0x448230 GetCurrentThread
0x448238 GetModuleFileNameA
0x448240 GetLocaleInfoA
0x448244 lstrcmpA
0x44824c GetModuleFileNameW
0x448250 GlobalAlloc
0x448254 FormatMessageA
0x448258 LocalFree
0x44825c GetCurrentThreadId
0x448260 GlobalGetAtomNameA
0x448264 GlobalAddAtomA
0x448268 GlobalFindAtomA
0x44826c GlobalDeleteAtom
0x448270 FreeLibrary
0x448274 lstrcmpW
0x448278 GetVersionExA
0x44827c GlobalLock
0x448280 GlobalUnlock
0x448284 GlobalFree
0x448288 FreeResource
0x44828c CompareStringW
0x448290 CompareStringA
0x448294 GetVersion
0x448298 MultiByteToWideChar
0x44829c InterlockedExchange
0x4482a0 ExitProcess
0x4482a4 lstrcpyA
0x4482a8 lstrcpynA
0x4482b0 GetLastError
0x4482b4 SetLastError
0x4482b8 GetProcAddress
0x4482bc GetModuleHandleA
0x4482c0 LoadLibraryA
0x4482c4 MulDiv
0x4482c8 lstrlenA
0x4482cc WideCharToMultiByte
0x4482d0 FindResourceA
0x4482d4 LoadResource
0x4482d8 LockResource
0x4482dc GetStdHandle
0x4482e0 SizeofResource
0x4482e4 CreateFileW
Library USER32.dll:
0x448340 MapDialogRect
0x448348 UnregisterClassA
0x44834c CharNextA
0x448354 IsRectEmpty
0x448358 SetRect
0x44835c InvalidateRgn
0x448360 MessageBeep
0x448368 PostThreadMessageA
0x44836c TrackPopupMenu
0x448370 GetKeyState
0x448374 SetForegroundWindow
0x448378 IsWindowVisible
0x44837c GetMenu
0x448380 MessageBoxA
0x448384 CreateWindowExA
0x448388 GetClassInfoExA
0x44838c GetClassInfoA
0x448390 RegisterClassA
0x448394 AdjustWindowRectEx
0x448398 ScreenToClient
0x44839c EqualRect
0x4483a0 GetDlgCtrlID
0x4483a4 DefWindowProcA
0x4483a8 CallWindowProcA
0x4483ac SetWindowLongA
0x4483b0 SetWindowPos
0x4483b4 IntersectRect
0x4483bc GetWindowPlacement
0x4483c0 GetWindow
0x4483c4 GetDesktopWindow
0x4483c8 SetActiveWindow
0x4483d0 DestroyWindow
0x4483d4 DrawTextExA
0x4483d8 GetDlgItem
0x4483dc IsWindowEnabled
0x4483e4 EndDialog
0x4483e8 SetFocus
0x4483ec GetFocus
0x4483f0 SetParent
0x4483f4 GetTopWindow
0x4483f8 CharUpperA
0x4483fc GetWindowLongA
0x448400 GetSystemMetrics
0x448404 LoadIconA
0x448408 IsIconic
0x44840c GetSystemMenu
0x448410 AppendMenuA
0x448414 DrawIcon
0x448418 UpdateWindow
0x44841c LoadCursorA
0x448420 CopyIcon
0x448424 GetSysColorBrush
0x448428 GetSysColor
0x44842c SetCursor
0x448430 ReleaseCapture
0x448434 GetNextDlgGroupItem
0x448438 WindowFromPoint
0x44843c GetParent
0x448440 SetCapture
0x448444 GetCapture
0x448448 GetActiveWindow
0x44844c InvalidateRect
0x448450 ReleaseDC
0x448454 GetDC
0x448458 ClientToScreen
0x44845c GetClientRect
0x448460 GetWindowRect
0x448464 PostMessageA
0x448468 SendMessageA
0x44846c SetMenuItemBitmaps
0x448470 ModifyMenuA
0x448474 GetSubMenu
0x448478 GetMenuState
0x44847c GetMenuItemID
0x448480 GetMenuItemCount
0x448484 EnableMenuItem
0x448488 DrawTextA
0x44848c TabbedTextOutA
0x448490 GetCursorPos
0x448494 DestroyMenu
0x448498 CheckMenuItem
0x44849c DrawFocusRect
0x4484a0 DrawFrameControl
0x4484a4 DrawEdge
0x4484a8 FrameRect
0x4484ac FillRect
0x4484b0 LoadBitmapA
0x4484b4 OffsetRect
0x4484b8 InflateRect
0x4484bc PtInRect
0x4484c0 CopyRect
0x4484c4 DrawStateA
0x4484c8 EnableWindow
0x4484cc GetMessageA
0x4484d0 TranslateMessage
0x4484d4 ValidateRect
0x4484d8 PostQuitMessage
0x4484dc EndPaint
0x4484e0 BeginPaint
0x4484e4 GetWindowDC
0x4484e8 GetNextDlgTabItem
0x4484ec GrayStringA
0x4484f0 ShowWindow
0x4484f4 MoveWindow
0x4484f8 SetWindowTextA
0x4484fc IsDialogMessageA
0x448508 SendDlgItemMessageA
0x44850c WinHelpA
0x448510 IsChild
0x448514 SetWindowsHookExA
0x448518 CallNextHookEx
0x44851c GetClassLongA
0x448520 GetClassNameA
0x448524 SetPropA
0x448528 GetPropA
0x44852c RemovePropA
0x448534 GetWindowTextA
0x448538 GetForegroundWindow
0x44853c GetLastActivePopup
0x448540 MapWindowPoints
0x448544 UnhookWindowsHookEx
0x448548 GetMessageTime
0x44854c GetMessagePos
0x448550 IsWindow
0x448554 PeekMessageA
0x448558 DispatchMessageA
Library GDI32.dll:
0x448028 ExtTextOutA
0x44802c SaveDC
0x448030 RestoreDC
0x448034 SetBkMode
0x448038 SetMapMode
0x44803c LineTo
0x448040 MoveToEx
0x448044 GetViewportExtEx
0x448048 GetWindowExtEx
0x44804c PtVisible
0x448050 RectVisible
0x448054 TextOutA
0x448058 Escape
0x44805c SelectObject
0x448060 CreateBitmap
0x448064 OffsetViewportOrgEx
0x448068 SetViewportExtEx
0x44806c ScaleViewportExtEx
0x448070 SetWindowExtEx
0x448074 ScaleWindowExtEx
0x448078 ExtSelectClipRgn
0x44807c DeleteDC
0x448080 CreateSolidBrush
0x448088 GetMapMode
0x44808c GetBkColor
0x448090 GetTextColor
0x448094 GetRgnBox
0x448098 SetBkColor
0x44809c SetTextColor
0x4480a0 GetClipBox
0x4480a4 Rectangle
0x4480a8 CreatePen
0x4480b0 DeleteObject
0x4480b4 GetDeviceCaps
0x4480b8 SetPixel
0x4480bc CreateFontIndirectA
0x4480c0 SetViewportOrgEx
0x4480c4 GetStockObject
0x4480c8 GetObjectA
Library comdlg32.dll:
0x448570 GetFileTitleA
Library WINSPOOL.DRV:
0x448560 DocumentPropertiesA
0x448564 OpenPrinterA
0x448568 ClosePrinter
Library ADVAPI32.dll:
0x448000 RegSetValueExA
0x448004 RegCreateKeyExA
0x448008 RegQueryValueA
0x44800c RegEnumKeyA
0x448010 RegDeleteKeyA
0x448014 RegOpenKeyExA
0x448018 RegQueryValueExA
0x44801c RegOpenKeyA
0x448020 RegCloseKey
Library SHELL32.dll:
0x448324 ShellExecuteA
Library SHLWAPI.dll:
0x44832c PathFindFileNameA
0x448330 PathStripToRootA
0x448334 PathFindExtensionA
0x448338 PathIsUNCA
Library oledlg.dll:
0x4485b8
Library ole32.dll:
0x448578 OleInitialize
0x448580 OleUninitialize
0x448590 CoGetClassObject
0x448594 CLSIDFromString
0x448598 CoRevokeClassObject
0x44859c CoTaskMemAlloc
0x4485a0 CoTaskMemFree
0x4485a8 OleFlushClipboard
0x4485b0 CLSIDFromProgID
Library OLEAUT32.dll:
0x4482ec VariantClear
0x4482f0 VariantInit
0x4482f4 SysAllocStringLen
0x4482f8 SysStringLen
0x4482fc SysFreeString
0x448304 VariantCopy
0x448308 SafeArrayDestroy
0x448318 SysAllocString
0x44831c VariantChangeType

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 50534 114.114.114.114 53
192.168.56.101 51963 114.114.114.114 53
192.168.56.101 56539 114.114.114.114 53
192.168.56.101 65004 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 49235 224.0.0.252 5355
192.168.56.101 51808 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 60123 224.0.0.252 5355
192.168.56.101 62191 224.0.0.252 5355
192.168.56.101 1900 239.255.255.250 1900
192.168.56.101 50535 239.255.255.250 3702
192.168.56.101 50537 239.255.255.250 3702
192.168.56.101 56540 239.255.255.250 3702
192.168.56.101 56807 239.255.255.250 1900
192.168.56.101 58707 239.255.255.250 3702

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.