5.8
高危
56 个模型检测该样本为恶意!
重新分析
更多

b8a6818ebadd26de05a88a3938a3fc3ee593184be5448af728f5ff07e7ca2ddc

7ad2834ccb90213af7c5c4411eb04253.exe

分析耗时

22s

最近分析

文件大小

776.0KB
静态报毒 动态报毒 AI SCORE=84 AIDETECTVM ALI2000015 ATTRIBUTE AUTO CLASSIC CONFIDENCE DATASTEALER DDHNSUBTNRA DELF DELFINJECT DELPHILESS EMTN EMVB FAREIT FORMBOOK FXKPQ HIGH CONFIDENCE HIGHCONFIDENCE HPRCDN KRYPTIK MALWARE2 MALWARE@#3JV7MR1XNY32I NANOCORE REDCAP SCORE THIBABO TSCOPE WGW@AYFH0JHI WHEL X2094 ZELPHIF ZUSY 更多
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
Avast Win32:Malware-gen 20201210 21.1.5827.0
Alibaba Trojan:Win32/DelfInject.ali2000015 20190527 0.3.0.5
Tencent Win32.Trojan.Inject.Auto 20201211 1.0.0.1
Baidu 20190318 1.0.0.2
Kingsoft 20201211 2017.9.26.565
McAfee Fareit-FPQ!7AD2834CCB90 20201211 6.0.6.653
CrowdStrike win/malicious_confidence_90% (W) 20190702 1.0
静态指标
The executable contains unknown PE section names indicative of a packer (could be a false positive) (3 个事件)
section CODE
section DATA
section BSS
The executable uses a known packer (1 个事件)
packer BobSoft Mini Delphi -> BoB / BobSoft
One or more processes crashed (1 个事件)
Time & API Arguments Status Return Repeated
1619681696.867875
__exception__
stacktrace: 
RtlFlsAlloc+0x421 EtwNotificationRegister-0x6ae ntdll+0x3ee84 @ 0x77d6ee84
RtlRunOnceComplete+0x3a4 LdrLoadDll-0xb1 ntdll+0x3c389 @ 0x77d6c389
LdrLoadDll+0x7b _strcmpi-0x304 ntdll+0x3c4b5 @ 0x77d6c4b5
New_ntdll_LdrLoadDll@16+0x7b New_ntdll_LdrUnloadDll@4-0xb7 @ 0x7485d4cf
LoadLibraryExW+0x178 LoadLibraryExA-0x2a kernelbase+0x11d2a @ 0x778f1d2a
7ad2834ccb90213af7c5c4411eb04253+0x783f8 @ 0x4783f8
_CorValidateImage+0x83f _CorExeMain-0x2cc mscoree+0x4b0f @ 0x75154b0f
_CorExeMain+0xf62 CreateConfigStream-0x209a mscoree+0x5d3d @ 0x75155d3d
0x57005c

registers.esp: 1633872
registers.edi: 0
registers.eax: 0
registers.ebp: 1633912
registers.edx: 582600
registers.ebx: 0
registers.esi: 1634116
registers.ecx: 176
exception.symbol:
exception.exception_code: 0xc0000005
exception.address: 0xfea814ad
success 0 0
行为判定
动态指标
One or more potentially interesting buffers were extracted, these generally contain injected code, configuration data, etc.
Allocates read-write-execute memory (usually to unpack itself) (28 个事件)
Time & API Arguments Status Return Repeated
1619649229.546681
NtAllocateVirtualMemory
process_identifier: 2200
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x004d0000
success 0 0
1619649229.577681
NtAllocateVirtualMemory
process_identifier: 2200
region_size: 69632
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x004e0000
success 0 0
1619649229.577681
NtAllocateVirtualMemory
process_identifier: 2200
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00510000
success 0 0
1619681696.383875
NtProtectVirtualMemory
process_identifier: 472
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00400000
success 0 0
1619681696.430875
NtAllocateVirtualMemory
process_identifier: 472
region_size: 1376256
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 8192 (MEM_RESERVE)
base_address: 0x01f80000
success 0 0
1619681696.446875
NtAllocateVirtualMemory
process_identifier: 472
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x02090000
success 0 0
1619681696.446875
NtAllocateVirtualMemory
process_identifier: 472
region_size: 458752
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x01e30000
success 0 0
1619681696.461875
NtProtectVirtualMemory
process_identifier: 472
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 434176
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x01e32000
success 0 0
1619681696.852875
NtProtectVirtualMemory
process_identifier: 472
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x01f72000
success 0 0
1619681696.852875
NtProtectVirtualMemory
process_identifier: 472
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76351000
success 0 0
1619681696.852875
NtProtectVirtualMemory
process_identifier: 472
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x01f72000
success 0 0
1619681696.852875
NtProtectVirtualMemory
process_identifier: 472
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76353000
success 0 0
1619681696.852875
NtProtectVirtualMemory
process_identifier: 472
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x01f72000
success 0 0
1619681696.852875
NtProtectVirtualMemory
process_identifier: 472
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76354000
success 0 0
1619681696.852875
NtProtectVirtualMemory
process_identifier: 472
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x01f72000
success 0 0
1619681696.852875
NtProtectVirtualMemory
process_identifier: 472
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76351000
success 0 0
1619681696.852875
NtProtectVirtualMemory
process_identifier: 472
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x01f72000
success 0 0
1619681696.852875
NtProtectVirtualMemory
process_identifier: 472
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x77d4f000
success 0 0
1619681696.852875
NtProtectVirtualMemory
process_identifier: 472
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x01f72000
success 0 0
1619681696.852875
NtProtectVirtualMemory
process_identifier: 472
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76353000
success 0 0
1619681696.852875
NtProtectVirtualMemory
process_identifier: 472
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x01f72000
success 0 0
1619681696.852875
NtProtectVirtualMemory
process_identifier: 472
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76351000
success 0 0
1619681696.852875
NtProtectVirtualMemory
process_identifier: 472
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x01f72000
success 0 0
1619681696.852875
NtProtectVirtualMemory
process_identifier: 472
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76351000
success 0 0
1619681696.852875
NtProtectVirtualMemory
process_identifier: 472
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x01f72000
success 0 0
1619681696.852875
NtProtectVirtualMemory
process_identifier: 472
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76354000
success 0 0
1619681696.852875
NtProtectVirtualMemory
process_identifier: 472
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x01f72000
success 0 0
1619681696.852875
NtProtectVirtualMemory
process_identifier: 472
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76351000
success 0 0
The binary likely contains encrypted or compressed data indicative of a packer (1 个事件)
entropy 7.380904228261435 section {'size_of_data': '0x00026000', 'virtual_address': '0x000a2000', 'entropy': 7.380904228261435, 'name': '.rsrc', 'virtual_size': '0x00025ea8'} description A section with a high entropy has been found
网络通信
Communicates with host for which no DNS query was performed (1 个事件)
host 172.217.24.14
Used NtSetContextThread to modify a thread in a remote process indicative of process injection (2 个事件)
Process injection Process 2200 called NtSetContextThread to modify thread in remote process 472
Time & API Arguments Status Return Repeated
1619649229.749681
NtSetContextThread
thread_handle: 0x00000110
registers.eip: 0
registers.esp: 0
registers.edi: 0
registers.eax: 5160640
registers.ebp: 0
registers.edx: 0
registers.ebx: 2130567168
registers.esi: 0
registers.ecx: 0
process_identifier: 472
success 0 0
Resumed a suspended thread in a remote process potentially indicative of process injection (2 个事件)
Process injection Process 2200 resumed a thread in remote process 472
Time & API Arguments Status Return Repeated
1619649230.108681
NtResumeThread
thread_handle: 0x00000110
suspend_count: 1
process_identifier: 472
success 0 0
Executed a process and injected code into it, probably while unpacking (6 个事件)
Time & API Arguments Status Return Repeated
1619649229.718681
CreateProcessInternalW
thread_identifier: 880
thread_handle: 0x00000110
process_identifier: 472
current_directory:
filepath:
track: 1
command_line: "C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\7ad2834ccb90213af7c5c4411eb04253.exe"
filepath_r:
stack_pivoted: 0
creation_flags: 4 (CREATE_SUSPENDED)
process_handle: 0x00000114
inherit_handles: 0
success 1 0
1619649229.718681
NtUnmapViewOfSection
process_identifier: 472
region_size: 4096
process_handle: 0x00000114
base_address: 0x00400000
success 0 0
1619649229.718681
NtMapViewOfSection
section_handle: 0x0000011c
process_identifier: 472
commit_size: 974848
win32_protect: 64 (PAGE_EXECUTE_READWRITE)
buffer:
process_handle: 0x00000114
allocation_type: 0 ()
section_offset: 0
view_size: 974848
base_address: 0x00400000
success 0 0
1619649229.749681
NtGetContextThread
thread_handle: 0x00000110
success 0 0
1619649229.749681
NtSetContextThread
thread_handle: 0x00000110
registers.eip: 0
registers.esp: 0
registers.edi: 0
registers.eax: 5160640
registers.ebp: 0
registers.edx: 0
registers.ebx: 2130567168
registers.esi: 0
registers.ecx: 0
process_identifier: 472
success 0 0
1619649230.108681
NtResumeThread
thread_handle: 0x00000110
suspend_count: 1
process_identifier: 472
success 0 0
File has been identified by 56 AntiVirus engines on VirusTotal as malicious (50 out of 56 个事件)
Bkav W32.AIDetectVM.malware2
Elastic malicious (high confidence)
DrWeb Trojan.PWS.Stealer.28996
MicroWorld-eScan Gen:Variant.Zusy.310200
FireEye Generic.mg.7ad2834ccb90213a
Qihoo-360 Win32/Trojan.469
ALYac Trojan.Agent.Formbook
Malwarebytes Trojan.MalPack.DLF
VIPRE Trojan.Win32.Generic!BT
AegisLab Trojan.Multi.Generic.4!c
Sangfor Malware
K7AntiVirus Riskware ( 0040eff71 )
BitDefender Gen:Variant.Zusy.310200
K7GW Riskware ( 0040eff71 )
Cybereason malicious.ccb902
BitDefenderTheta Gen:NN.ZelphiF.34670.WGW@ayfH0Jhi
Cyren W32/Injector.WHEL-0962
Symantec ML.Attribute.HighConfidence
APEX Malicious
Avast Win32:Malware-gen
ClamAV Win.Dropper.Nanocore-9168858-0
Kaspersky HEUR:Trojan.Win32.Kryptik.gen
Alibaba Trojan:Win32/DelfInject.ali2000015
NANO-Antivirus Trojan.Win32.Kryptik.hprcdn
Tencent Win32.Trojan.Inject.Auto
Ad-Aware Gen:Variant.Zusy.310200
Sophos Mal/Generic-S
Comodo Malware@#3jv7mr1xny32i
F-Secure Trojan.TR/Redcap.fxkpq
Zillya Trojan.Injector.Win32.755492
TrendMicro TrojanSpy.Win32.FORMBOOK.THIBABO
McAfee-GW-Edition BehavesLike.Win32.Fareit.bh
Emsisoft Gen:Variant.Zusy.310200 (B)
Jiangmin Trojan.Kryptik.bzn
Avira TR/Redcap.fxkpq
MAX malware (ai score=84)
Antiy-AVL Trojan/Win32.Kryptik
Microsoft Trojan:Win32/DataStealer.VD!MTB
Gridinsoft Trojan.Win32.FormBook.oa
Arcabit Trojan.Zusy.D4BBB8
ZoneAlarm HEUR:Trojan.Win32.Kryptik.gen
GData Gen:Variant.Zusy.310200
Cynet Malicious (score: 100)
AhnLab-V3 Suspicious/Win.Delphiless.X2094
Acronis suspicious
McAfee Fareit-FPQ!7AD2834CCB90
VBA32 TScope.Trojan.Delf
Panda Trj/CI.A
ESET-NOD32 a variant of Win32/Injector.EMVB
TrendMicro-HouseCall TrojanSpy.Win32.FORMBOOK.THIBABO
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

1992-06-20 06:22:17

Imports

Library kernel32.dll:
0x493178 VirtualFree
0x49317c VirtualAlloc
0x493180 LocalFree
0x493184 LocalAlloc
0x493188 GetVersion
0x49318c GetCurrentThreadId
0x493198 VirtualQuery
0x49319c WideCharToMultiByte
0x4931a0 MultiByteToWideChar
0x4931a4 lstrlenA
0x4931a8 lstrcpynA
0x4931ac LoadLibraryExA
0x4931b0 GetThreadLocale
0x4931b4 GetStartupInfoA
0x4931b8 GetProcAddress
0x4931bc GetModuleHandleA
0x4931c0 GetModuleFileNameA
0x4931c4 GetLocaleInfoA
0x4931c8 GetCommandLineA
0x4931cc FreeLibrary
0x4931d0 FindFirstFileA
0x4931d4 FindClose
0x4931d8 ExitProcess
0x4931dc WriteFile
0x4931e4 RtlUnwind
0x4931e8 RaiseException
0x4931ec GetStdHandle
Library user32.dll:
0x4931f4 GetKeyboardType
0x4931f8 LoadStringA
0x4931fc MessageBoxA
0x493200 CharNextA
Library advapi32.dll:
0x493208 RegQueryValueExA
0x49320c RegOpenKeyExA
0x493210 RegCloseKey
Library oleaut32.dll:
0x493218 SysFreeString
0x49321c SysReAllocStringLen
0x493220 SysAllocStringLen
Library kernel32.dll:
0x493228 TlsSetValue
0x49322c TlsGetValue
0x493230 LocalAlloc
0x493234 GetModuleHandleA
Library advapi32.dll:
0x49323c RegQueryValueExA
0x493240 RegOpenKeyExA
0x493244 RegCloseKey
Library kernel32.dll:
0x49324c lstrcpyA
0x493250 WriteFile
0x493254 WaitForSingleObject
0x493258 VirtualQuery
0x49325c VirtualAlloc
0x493260 Sleep
0x493264 SizeofResource
0x493268 SetThreadLocale
0x49326c SetFilePointer
0x493270 SetEvent
0x493274 SetErrorMode
0x493278 SetEndOfFile
0x49327c ResetEvent
0x493280 ReadFile
0x493284 MultiByteToWideChar
0x493288 MulDiv
0x49328c LockResource
0x493290 LoadResource
0x493294 LoadLibraryA
0x4932a0 GlobalUnlock
0x4932a4 GlobalSize
0x4932a8 GlobalReAlloc
0x4932ac GlobalHandle
0x4932b0 GlobalLock
0x4932b4 GlobalFree
0x4932b8 GlobalFindAtomA
0x4932bc GlobalDeleteAtom
0x4932c0 GlobalAlloc
0x4932c4 GlobalAddAtomA
0x4932c8 GetVersionExA
0x4932cc GetVersion
0x4932d0 GetUserDefaultLCID
0x4932d4 GetTickCount
0x4932d8 GetThreadLocale
0x4932dc GetSystemInfo
0x4932e0 GetStringTypeExA
0x4932e4 GetStdHandle
0x4932e8 GetProcAddress
0x4932ec GetModuleHandleA
0x4932f0 GetModuleFileNameA
0x4932f4 GetLocaleInfoA
0x4932f8 GetLocalTime
0x4932fc GetLastError
0x493300 GetFullPathNameA
0x493304 GetDiskFreeSpaceA
0x493308 GetDateFormatA
0x49330c GetCurrentThreadId
0x493310 GetCurrentProcessId
0x493314 GetComputerNameA
0x493318 GetCPInfo
0x49331c GetACP
0x493320 FreeResource
0x493324 InterlockedExchange
0x493328 FreeLibrary
0x49332c FormatMessageA
0x493330 FindResourceA
0x493334 EnumCalendarInfoA
0x493340 CreateThread
0x493344 CreateFileA
0x493348 CreateEventA
0x49334c CompareStringA
0x493350 CloseHandle
Library version.dll:
0x493358 VerQueryValueA
0x493360 GetFileVersionInfoA
Library gdi32.dll:
0x493368 UnrealizeObject
0x49336c StretchBlt
0x493370 SetWindowOrgEx
0x493374 SetWinMetaFileBits
0x493378 SetViewportOrgEx
0x49337c SetTextColor
0x493380 SetStretchBltMode
0x493384 SetROP2
0x493388 SetPixel
0x49338c SetMapMode
0x493390 SetEnhMetaFileBits
0x493394 SetDIBColorTable
0x493398 SetBrushOrgEx
0x49339c SetBkMode
0x4933a0 SetBkColor
0x4933a4 SelectPalette
0x4933a8 SelectObject
0x4933ac SelectClipRgn
0x4933b0 SaveDC
0x4933b4 RestoreDC
0x4933b8 Rectangle
0x4933bc RectVisible
0x4933c0 RealizePalette
0x4933c4 Polyline
0x4933c8 PlayEnhMetaFile
0x4933cc PatBlt
0x4933d0 MoveToEx
0x4933d4 MaskBlt
0x4933d8 LineTo
0x4933dc LPtoDP
0x4933e0 IntersectClipRect
0x4933e4 GetWindowOrgEx
0x4933e8 GetWinMetaFileBits
0x4933ec GetTextMetricsA
0x4933f8 GetStockObject
0x4933fc GetPixel
0x493400 GetPaletteEntries
0x493404 GetObjectA
0x493414 GetEnhMetaFileBits
0x493418 GetDeviceCaps
0x49341c GetDIBits
0x493420 GetDIBColorTable
0x493424 GetDCOrgEx
0x49342c GetClipRgn
0x493430 GetClipBox
0x493434 GetBrushOrgEx
0x493438 GetBitmapBits
0x49343c ExtTextOutA
0x493440 ExcludeClipRect
0x493444 DeleteObject
0x493448 DeleteEnhMetaFile
0x49344c DeleteDC
0x493450 CreateSolidBrush
0x493454 CreateRectRgn
0x493458 CreatePenIndirect
0x49345c CreatePen
0x493460 CreatePalette
0x493468 CreateFontIndirectA
0x49346c CreateEnhMetaFileA
0x493470 CreateDIBitmap
0x493474 CreateDIBSection
0x493478 CreateCompatibleDC
0x493480 CreateBrushIndirect
0x493484 CreateBitmap
0x493488 CopyEnhMetaFileA
0x49348c CloseEnhMetaFile
0x493490 BitBlt
Library opengl32.dll:
0x493498 wglDeleteContext
Library user32.dll:
0x4934a0 CreateWindowExA
0x4934a4 WindowFromPoint
0x4934a8 WinHelpA
0x4934ac WaitMessage
0x4934b0 ValidateRect
0x4934b4 UpdateWindow
0x4934b8 UnregisterClassA
0x4934bc UnhookWindowsHookEx
0x4934c0 TranslateMessage
0x4934c8 TrackPopupMenu
0x4934d0 ShowWindow
0x4934d4 ShowScrollBar
0x4934d8 ShowOwnedPopups
0x4934dc ShowCursor
0x4934e0 SetWindowsHookExA
0x4934e4 SetWindowTextA
0x4934e8 SetWindowPos
0x4934ec SetWindowPlacement
0x4934f0 SetWindowLongA
0x4934f4 SetTimer
0x4934f8 SetScrollRange
0x4934fc SetScrollPos
0x493500 SetScrollInfo
0x493504 SetRect
0x493508 SetPropA
0x49350c SetParent
0x493510 SetMenuItemInfoA
0x493514 SetMenu
0x493518 SetForegroundWindow
0x49351c SetFocus
0x493520 SetCursor
0x493524 SetClassLongA
0x493528 SetCapture
0x49352c SetActiveWindow
0x493530 SendMessageA
0x493534 ScrollWindow
0x493538 ScreenToClient
0x49353c RemovePropA
0x493540 RemoveMenu
0x493544 ReleaseDC
0x493548 ReleaseCapture
0x493554 RegisterClassA
0x493558 RedrawWindow
0x49355c PtInRect
0x493560 PostQuitMessage
0x493564 PostMessageA
0x493568 PeekMessageA
0x49356c OffsetRect
0x493570 OemToCharA
0x493574 MessageBoxA
0x493578 MapWindowPoints
0x49357c MapVirtualKeyA
0x493580 LoadStringA
0x493584 LoadKeyboardLayoutA
0x493588 LoadIconA
0x49358c LoadCursorA
0x493590 LoadBitmapA
0x493594 KillTimer
0x493598 IsZoomed
0x49359c IsWindowVisible
0x4935a0 IsWindowEnabled
0x4935a4 IsWindow
0x4935a8 IsRectEmpty
0x4935ac IsIconic
0x4935b0 IsDialogMessageA
0x4935b4 IsChild
0x4935b8 InvalidateRect
0x4935bc IntersectRect
0x4935c0 InsertMenuItemA
0x4935c4 InsertMenuA
0x4935c8 InflateRect
0x4935d0 GetWindowTextA
0x4935d4 GetWindowRect
0x4935d8 GetWindowPlacement
0x4935dc GetWindowLongA
0x4935e0 GetWindowDC
0x4935e4 GetTopWindow
0x4935e8 GetSystemMetrics
0x4935ec GetSystemMenu
0x4935f0 GetSysColorBrush
0x4935f4 GetSysColor
0x4935f8 GetSubMenu
0x4935fc GetScrollRange
0x493600 GetScrollPos
0x493604 GetScrollInfo
0x493608 GetPropA
0x49360c GetParent
0x493610 GetWindow
0x493614 GetMessageTime
0x493618 GetMenuStringA
0x49361c GetMenuState
0x493620 GetMenuItemInfoA
0x493624 GetMenuItemID
0x493628 GetMenuItemCount
0x49362c GetMenu
0x493630 GetLastActivePopup
0x493634 GetKeyboardState
0x49363c GetKeyboardLayout
0x493640 GetKeyState
0x493644 GetKeyNameTextA
0x493648 GetIconInfo
0x49364c GetForegroundWindow
0x493650 GetFocus
0x493654 GetDlgItem
0x493658 GetDesktopWindow
0x49365c GetDCEx
0x493660 GetDC
0x493664 GetCursorPos
0x493668 GetCursor
0x49366c GetClipboardData
0x493670 GetClientRect
0x493674 GetClassNameA
0x493678 GetClassInfoA
0x49367c GetCapture
0x493680 GetActiveWindow
0x493684 FrameRect
0x493688 FindWindowA
0x49368c FillRect
0x493690 EqualRect
0x493694 EnumWindows
0x493698 EnumThreadWindows
0x49369c EndPaint
0x4936a0 EnableWindow
0x4936a4 EnableScrollBar
0x4936a8 EnableMenuItem
0x4936ac DrawTextA
0x4936b0 DrawMenuBar
0x4936b4 DrawIconEx
0x4936b8 DrawIcon
0x4936bc DrawFrameControl
0x4936c0 DrawFocusRect
0x4936c4 DrawEdge
0x4936c8 DispatchMessageA
0x4936cc DestroyWindow
0x4936d0 DestroyMenu
0x4936d4 DestroyIcon
0x4936d8 DestroyCursor
0x4936dc DeleteMenu
0x4936e0 DefWindowProcA
0x4936e4 DefMDIChildProcA
0x4936e8 DefFrameProcA
0x4936ec CreatePopupMenu
0x4936f0 CreateMenu
0x4936f4 CreateIcon
0x4936f8 ClientToScreen
0x4936fc CheckMenuItem
0x493700 CallWindowProcA
0x493704 CallNextHookEx
0x493708 BeginPaint
0x49370c CharNextA
0x493710 CharLowerBuffA
0x493714 CharLowerA
0x493718 CharUpperBuffA
0x49371c CharToOemA
0x493720 AdjustWindowRectEx
Library kernel32.dll:
0x49372c Sleep
Library oleaut32.dll:
0x493734 SafeArrayPtrOfIndex
0x493738 SafeArrayPutElement
0x49373c SafeArrayGetElement
0x493744 SafeArrayAccessData
0x493748 SafeArrayGetUBound
0x49374c SafeArrayGetLBound
0x493750 SafeArrayCreate
0x493754 VariantChangeType
0x493758 VariantCopyInd
0x49375c VariantCopy
0x493760 VariantClear
0x493764 VariantInit
Library ole32.dll:
0x493770 IsAccelerator
0x493774 OleDraw
0x49377c CoTaskMemFree
0x493780 ProgIDFromCLSID
0x493784 StringFromCLSID
0x493788 CoCreateInstance
0x49378c CoGetClassObject
0x493790 CoUninitialize
0x493794 CoInitialize
0x493798 IsEqualGUID
Library oleaut32.dll:
0x4937a0 GetErrorInfo
0x4937a4 GetActiveObject
0x4937a8 SysFreeString
Library comctl32.dll:
0x4937b8 ImageList_Write
0x4937bc ImageList_Read
0x4937cc ImageList_DragMove
0x4937d0 ImageList_DragLeave
0x4937d4 ImageList_DragEnter
0x4937d8 ImageList_EndDrag
0x4937dc ImageList_BeginDrag
0x4937e0 ImageList_Remove
0x4937e4 ImageList_DrawEx
0x4937e8 ImageList_Replace
0x4937ec ImageList_Draw
0x4937fc ImageList_Add
0x493804 ImageList_Destroy
0x493808 ImageList_Create
0x49380c InitCommonControls
Library comdlg32.dll:
0x493814 GetOpenFileNameA

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 49235 114.114.114.114 53
192.168.56.101 50534 114.114.114.114 53
192.168.56.101 56539 114.114.114.114 53
192.168.56.101 65004 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 55368 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 60123 224.0.0.252 5355
192.168.56.101 62191 224.0.0.252 5355
192.168.56.101 1900 239.255.255.250 1900
192.168.56.101 50535 239.255.255.250 3702
192.168.56.101 56540 239.255.255.250 3702
192.168.56.101 56807 239.255.255.250 1900
192.168.56.101 58707 239.255.255.250 3702

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.