6.4
高危
59 个模型检测该样本为恶意!
重新分析
更多

1755e3f11115ab622f5f791a7e9edd84db4a99ce8f4eb76eb3e3ece910c6f702

7b92d9b8da680f686a1a8c3b06cdc936.exe

分析耗时

29s

最近分析

文件大小

821.5KB
静态报毒 动态报毒 ADWAREINSTCAP AI SCORE=84 AIDETECTVM CRIDEX CRYPTO ELDORADO EMOTET EREPLUS GENASA GENCIRC GENETIC HBR@8QRQPO HCAI HHMQKY HIGH CONFIDENCE INJECT3 IUBS KRYPTIK KTSE MALICIOUS PE MALWARE1 QAKBOT QBOT R + MAL R329412 SCORE SQAQ1H STATIC AI TROJANBANKER ULISE UNSAFE WACATAC ZEXAF ZPACK ZQ0@AUAFL@KI 更多
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
McAfee Packed-GBS!7B92D9B8DA68 20210121 6.0.6.653
Alibaba TrojanBanker:Win32/Qakbot.b6b2a44b 20190527 0.3.0.5
Baidu 20190318 1.0.0.2
Avast Win32:Trojan-gen 20210122 21.1.5827.0
Tencent Malware.Win32.Gencirc.10b9d07c 20210122 1.0.0.1
Kingsoft 20210122 2017.9.26.565
CrowdStrike 20180202 1.0
静态指标
Queries for the computername (3 个事件)
Time & API Arguments Status Return Repeated
1619649221.47496
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
1619649227.67796
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
1619650387.204749
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
Command line console output was observed (28 个事件)
Time & API Arguments Status Return Repeated
1619650393.532124
WriteConsoleA
buffer: ÕýÔÚ Ping 127.0.0.1
console_handle: 0x00000007
success 1 0
1619650393.563124
WriteConsoleA
buffer: ¾ßÓÐ 32 ×Ö½ÚµÄÊý¾Ý:
console_handle: 0x00000007
success 1 0
1619650393.579124
WriteConsoleA
buffer: À´×Ô 127.0.0.1 µÄ»Ø¸´:
console_handle: 0x00000007
success 1 0
1619650393.594124
WriteConsoleA
buffer: ×Ö½Ú=32
console_handle: 0x00000007
success 1 0
1619650393.594124
WriteConsoleA
buffer: ʱ¼ä<1ms
console_handle: 0x00000007
success 1 0
1619650393.594124
WriteConsoleA
buffer: TTL=128
console_handle: 0x00000007
success 1 0
1619650394.594124
WriteConsoleA
buffer: À´×Ô 127.0.0.1 µÄ»Ø¸´:
console_handle: 0x00000007
success 1 0
1619650394.594124
WriteConsoleA
buffer: ×Ö½Ú=32
console_handle: 0x00000007
success 1 0
1619650394.610124
WriteConsoleA
buffer: ʱ¼ä<1ms
console_handle: 0x00000007
success 1 0
1619650394.610124
WriteConsoleA
buffer: TTL=128
console_handle: 0x00000007
success 1 0
1619650395.610124
WriteConsoleA
buffer: À´×Ô 127.0.0.1 µÄ»Ø¸´:
console_handle: 0x00000007
success 1 0
1619650395.610124
WriteConsoleA
buffer: ×Ö½Ú=32
console_handle: 0x00000007
success 1 0
1619650395.610124
WriteConsoleA
buffer: ʱ¼ä<1ms
console_handle: 0x00000007
success 1 0
1619650395.610124
WriteConsoleA
buffer: TTL=128
console_handle: 0x00000007
success 1 0
1619650396.610124
WriteConsoleA
buffer: À´×Ô 127.0.0.1 µÄ»Ø¸´:
console_handle: 0x00000007
success 1 0
1619650396.610124
WriteConsoleA
buffer: ×Ö½Ú=32
console_handle: 0x00000007
success 1 0
1619650396.610124
WriteConsoleA
buffer: ʱ¼ä<1ms
console_handle: 0x00000007
success 1 0
1619650396.610124
WriteConsoleA
buffer: TTL=128
console_handle: 0x00000007
success 1 0
1619650397.610124
WriteConsoleA
buffer: À´×Ô 127.0.0.1 µÄ»Ø¸´:
console_handle: 0x00000007
success 1 0
1619650397.610124
WriteConsoleA
buffer: ×Ö½Ú=32
console_handle: 0x00000007
success 1 0
1619650397.610124
WriteConsoleA
buffer: ʱ¼ä<1ms
console_handle: 0x00000007
success 1 0
1619650397.610124
WriteConsoleA
buffer: TTL=128
console_handle: 0x00000007
success 1 0
1619650398.610124
WriteConsoleA
buffer: À´×Ô 127.0.0.1 µÄ»Ø¸´:
console_handle: 0x00000007
success 1 0
1619650398.610124
WriteConsoleA
buffer: ×Ö½Ú=32
console_handle: 0x00000007
success 1 0
1619650398.610124
WriteConsoleA
buffer: ʱ¼ä<1ms
console_handle: 0x00000007
success 1 0
1619650398.610124
WriteConsoleA
buffer: TTL=128
console_handle: 0x00000007
success 1 0
1619650398.626124
WriteConsoleA
buffer: 127.0.0.1 µÄ Ping ͳ¼ÆÐÅÏ¢: Êý¾Ý°ü: ÒÑ·¢ËÍ = 6£¬ÒѽÓÊÕ = 6£¬¶ªÊ§ = 0 (0% ¶ªÊ§)£¬
console_handle: 0x00000007
success 1 0
1619650398.626124
WriteConsoleA
buffer: Íù·µÐг̵ĹÀ¼Æʱ¼ä(ÒÔºÁÃëΪµ¥Î»): ×î¶Ì = 0ms£¬× = 0ms£¬Æ½¾ù = 0ms
console_handle: 0x00000007
success 1 0
Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available (1 个事件)
Time & API Arguments Status Return Repeated
1619650393.485124
GlobalMemoryStatusEx
success 1 0
The executable uses a known packer (1 个事件)
packer Armadillo v1.71
The file contains an unknown PE resource name possibly indicative of a packer (1 个事件)
resource name MUI
One or more processes crashed (3 个事件)
Time & API Arguments Status Return Repeated
1619649227.75596
__exception__
stacktrace: 
EqualSid+0x19 EqualPrefixSid-0xc kernelbase+0x1bfe3 @ 0x778fbfe3
7b92d9b8da680f686a1a8c3b06cdc936+0x84c6 @ 0x4084c6
7b92d9b8da680f686a1a8c3b06cdc936+0xa27d @ 0x40a27d
7b92d9b8da680f686a1a8c3b06cdc936+0xa2b8 @ 0x40a2b8
7b92d9b8da680f686a1a8c3b06cdc936+0x8f67 @ 0x408f67
7b92d9b8da680f686a1a8c3b06cdc936+0x17cf @ 0x4017cf
7b92d9b8da680f686a1a8c3b06cdc936+0x1c69 @ 0x401c69
7b92d9b8da680f686a1a8c3b06cdc936+0x1273 @ 0x401273
7b92d9b8da680f686a1a8c3b06cdc936+0xb65c2 @ 0x4b65c2
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1633776
registers.edi: 0
registers.eax: 1281
registers.ebp: 1633784
registers.edx: 0
registers.ebx: 37157128
registers.esi: 37157128
registers.ecx: 2130563072
exception.instruction_r: 66 3b 07 0f 85 e1 ef ff ff 0f b6 4e 01 33 c0 8d
exception.symbol: RtlEqualSid+0x10 RtlSetCriticalSectionSpinCount-0x26 ntdll+0x394c1
exception.instruction: cmp ax, word ptr [edi]
exception.module: ntdll.dll
exception.exception_code: 0xc0000005
exception.offset: 234689
exception.address: 0x77d694c1
success 0 0
1619650387.860749
__exception__
stacktrace: 
7b92d9b8da680f686a1a8c3b06cdc936+0x3dad @ 0x403dad
7b92d9b8da680f686a1a8c3b06cdc936+0x1b26 @ 0x401b26
7b92d9b8da680f686a1a8c3b06cdc936+0x1273 @ 0x401273
7b92d9b8da680f686a1a8c3b06cdc936+0xb65c2 @ 0x4b65c2
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1637268
registers.edi: 0
registers.eax: 1447909480
registers.ebp: 1637328
registers.edx: 22104
registers.ebx: 1
registers.esi: 6250936
registers.ecx: 10
exception.instruction_r: ed 89 5d e4 89 4d e0 5a 59 5b 58 83 4d fc ff eb
exception.symbol: 7b92d9b8da680f686a1a8c3b06cdc936+0x33cf
exception.instruction: in eax, dx
exception.module: 7b92d9b8da680f686a1a8c3b06cdc936.exe
exception.exception_code: 0xc0000096
exception.offset: 13263
exception.address: 0x4033cf
success 0 0
1619650387.860749
__exception__
stacktrace: 
7b92d9b8da680f686a1a8c3b06cdc936+0x3db6 @ 0x403db6
7b92d9b8da680f686a1a8c3b06cdc936+0x1b26 @ 0x401b26
7b92d9b8da680f686a1a8c3b06cdc936+0x1273 @ 0x401273
7b92d9b8da680f686a1a8c3b06cdc936+0xb65c2 @ 0x4b65c2
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1637272
registers.edi: 0
registers.eax: 1447909480
registers.ebp: 1637328
registers.edx: 22104
registers.ebx: 1
registers.esi: 6250936
registers.ecx: 20
exception.instruction_r: ed 89 45 e4 5a 59 5b 58 83 4d fc ff eb 11 33 c0
exception.symbol: 7b92d9b8da680f686a1a8c3b06cdc936+0x3468
exception.instruction: in eax, dx
exception.module: 7b92d9b8da680f686a1a8c3b06cdc936.exe
exception.exception_code: 0xc0000096
exception.offset: 13416
exception.address: 0x403468
success 0 0
行为判定
动态指标
Allocates read-write-execute memory (usually to unpack itself) (6 个事件)
Time & API Arguments Status Return Repeated
1619649221.28696
NtAllocateVirtualMemory
process_identifier: 2864
region_size: 233472
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x004d0000
success 0 0
1619649221.30296
NtAllocateVirtualMemory
process_identifier: 2864
region_size: 229376
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00510000
success 0 0
1619649221.30296
NtProtectVirtualMemory
process_identifier: 2864
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 245760
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00400000
success 0 0
1619650387.188749
NtAllocateVirtualMemory
process_identifier: 2116
region_size: 233472
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x003c0000
success 0 0
1619650387.188749
NtAllocateVirtualMemory
process_identifier: 2116
region_size: 229376
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x004d0000
success 0 0
1619650387.188749
NtProtectVirtualMemory
process_identifier: 2116
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 245760
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00400000
success 0 0
Creates executable files on the filesystem (1 个事件)
file C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\7b92d9b8da680f686a1a8c3b06cdc936.exe
Creates a suspicious process (2 个事件)
cmdline "C:\Windows\System32\cmd.exe" /c ping.exe -n 6 127.0.0.1 & type "C:\Windows\System32\calc.exe" > "C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\7b92d9b8da680f686a1a8c3b06cdc936.exe"
cmdline cmd.exe /c ping.exe -n 6 127.0.0.1 & type "C:\Windows\System32\calc.exe" > "C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\7b92d9b8da680f686a1a8c3b06cdc936.exe"
A process created a hidden window (2 个事件)
Time & API Arguments Status Return Repeated
1619649222.50596
CreateProcessInternalW
thread_identifier: 2772
thread_handle: 0x00000140
process_identifier: 2116
current_directory:
filepath:
track: 1
command_line: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\7b92d9b8da680f686a1a8c3b06cdc936.exe /C
filepath_r:
stack_pivoted: 0
creation_flags: 134217728 (CREATE_NO_WINDOW)
process_handle: 0x00000144
inherit_handles: 0
success 1 0
1619649228.28696
ShellExecuteExW
parameters: /c ping.exe -n 6 127.0.0.1 & type "C:\Windows\System32\calc.exe" > "C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\7b92d9b8da680f686a1a8c3b06cdc936.exe"
filepath: cmd.exe
filepath_r: cmd.exe
show_type: 0
success 1 0
Searches running processes potentially to identify processes for sandbox evasion, code injection or memory dumping (6 个事件)
The binary likely contains encrypted or compressed data indicative of a packer (1 个事件)
entropy 7.353178479758558 section {'size_of_data': '0x00015c00', 'virtual_address': '0x000ba000', 'entropy': 7.353178479758558, 'name': '.rsrc', 'virtual_size': '0x00015b60'} description A section with a high entropy has been found
Uses Windows utilities for basic Windows functionality (3 个事件)
cmdline "C:\Windows\System32\cmd.exe" /c ping.exe -n 6 127.0.0.1 & type "C:\Windows\System32\calc.exe" > "C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\7b92d9b8da680f686a1a8c3b06cdc936.exe"
cmdline ping.exe -n 6 127.0.0.1
cmdline cmd.exe /c ping.exe -n 6 127.0.0.1 & type "C:\Windows\System32\calc.exe" > "C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\7b92d9b8da680f686a1a8c3b06cdc936.exe"
网络通信
Communicates with host for which no DNS query was performed (1 个事件)
host 172.217.24.14
Detects VMWare through the in instruction feature (1 个事件)
Time & API Arguments Status Return Repeated
1619650387.860749
__exception__
stacktrace: 
7b92d9b8da680f686a1a8c3b06cdc936+0x3dad @ 0x403dad
7b92d9b8da680f686a1a8c3b06cdc936+0x1b26 @ 0x401b26
7b92d9b8da680f686a1a8c3b06cdc936+0x1273 @ 0x401273
7b92d9b8da680f686a1a8c3b06cdc936+0xb65c2 @ 0x4b65c2
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1637268
registers.edi: 0
registers.eax: 1447909480
registers.ebp: 1637328
registers.edx: 22104
registers.ebx: 1
registers.esi: 6250936
registers.ecx: 10
exception.instruction_r: ed 89 5d e4 89 4d e0 5a 59 5b 58 83 4d fc ff eb
exception.symbol: 7b92d9b8da680f686a1a8c3b06cdc936+0x33cf
exception.instruction: in eax, dx
exception.module: 7b92d9b8da680f686a1a8c3b06cdc936.exe
exception.exception_code: 0xc0000096
exception.offset: 13263
exception.address: 0x4033cf
success 0 0
File has been identified by 59 AntiVirus engines on VirusTotal as malicious (50 out of 59 个事件)
Bkav W32.AIDetectVM.malware1
Elastic malicious (high confidence)
MicroWorld-eScan Generic.Ereplus.250534FA
FireEye Generic.mg.7b92d9b8da680f68
CAT-QuickHeal Trojan.Qbot
Qihoo-360 Win32/Trojan.BO.5b9
McAfee Packed-GBS!7B92D9B8DA68
Cylance Unsafe
SUPERAntiSpyware Trojan.Agent/Gen-Kryptik
Sangfor Malware
K7AntiVirus Trojan ( 005668351 )
Alibaba TrojanBanker:Win32/Qakbot.b6b2a44b
K7GW Trojan ( 00562ec71 )
Cybereason malicious.8da680
Arcabit Generic.Ereplus.D3D2A6FA
Cyren W32/Agent.BQD.gen!Eldorado
Symantec W32.Qakbot
APEX Malicious
Avast Win32:Trojan-gen
ClamAV Win.Malware.Ulise-7640150-0
Kaspersky HEUR:Trojan-Banker.Win32.Qbot.vho
BitDefender Generic.Ereplus.250534FA
NANO-Antivirus Trojan.Win32.Qbot.hhmqky
Paloalto generic.ml
AegisLab Trojan.Win32.Qbot.7!c
Tencent Malware.Win32.Gencirc.10b9d07c
Ad-Aware Generic.Ereplus.250534FA
Sophos Mal/Generic-R + Mal/Emotet-Q
Comodo TrojWare.Win32.Kryptik.HBR@8qrqpo
F-Secure Trojan.TR/Crypt.ZPACK.Gen
DrWeb Trojan.Inject3.36382
VIPRE Trojan.Win32.Generic!BT
TrendMicro Backdoor.Win32.QAKBOT.SME
McAfee-GW-Edition BehavesLike.Win32.AdwareInstCap.ct
Emsisoft Generic.Ereplus.250534FA (B)
SentinelOne Static AI - Malicious PE
Jiangmin Trojan.Banker.Qbot.lv
Avira TR/Crypt.ZPACK.Gen
Antiy-AVL Trojan/Win32.Wacatac
Gridinsoft Trojan.Win32.Kryptik.ba!s3
Microsoft Trojan:Win32/Qakbot.BS!MTB
ZoneAlarm HEUR:Trojan-Banker.Win32.Qbot.vho
GData Generic.Ereplus.250534FA
Cynet Malicious (score: 100)
AhnLab-V3 Malware/Win32.RL_Generic.R329412
BitDefenderTheta Gen:NN.ZexaF.34780.Zq0@auafl@ki
ALYac Generic.Ereplus.250534FA
MAX malware (ai score=84)
VBA32 Backdoor.Qbot
Malwarebytes Trojan.MalPack
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

2020-03-17 20:51:27

Imports

Library KERNEL32.dll:
0x4b8624 VirtualAlloc
0x4b8628 GetModuleHandleW
0x4b862c SetErrorMode
0x4b8630 LockFile
0x4b8634 UnlockFile
0x4b8638 SetEndOfFile
0x4b863c MoveFileA
0x4b8644 GetStringTypeExA
0x4b8648 GetThreadLocale
0x4b864c GetShortPathNameA
0x4b8650 GetFileSize
0x4b865c InterlockedExchange
0x4b8660 RtlUnwind
0x4b866c HeapReAlloc
0x4b8670 HeapAlloc
0x4b8674 HeapFree
0x4b8678 CreateDirectoryA
0x4b867c GetDriveTypeA
0x4b8684 GetSystemTime
0x4b8688 GetLocalTime
0x4b868c RaiseException
0x4b8690 GetStartupInfoA
0x4b8694 GetCommandLineA
0x4b8698 ExitProcess
0x4b869c TerminateProcess
0x4b86a0 CreateThread
0x4b86a4 ExitThread
0x4b86a8 HeapSize
0x4b86ac FlushFileBuffers
0x4b86b0 LCMapStringA
0x4b86b4 LCMapStringW
0x4b86b8 CompareStringA
0x4b86bc CompareStringW
0x4b86c0 VirtualFree
0x4b86c4 IsBadWritePtr
0x4b86cc HeapDestroy
0x4b86dc GetStringTypeA
0x4b86e0 GetStringTypeW
0x4b86e4 IsValidLocale
0x4b86e8 IsValidCodePage
0x4b86ec GetLocaleInfoA
0x4b86f0 EnumSystemLocalesA
0x4b86f4 GetUserDefaultLCID
0x4b86f8 IsBadReadPtr
0x4b86fc IsBadCodePtr
0x4b8700 SetStdHandle
0x4b8708 GetLocaleInfoW
0x4b870c SetFilePointer
0x4b8710 WriteFile
0x4b8714 ReadFile
0x4b8718 CreateFileA
0x4b871c GetProfileStringA
0x4b8720 GetCurrentProcess
0x4b8724 DuplicateHandle
0x4b872c SizeofResource
0x4b8730 GetOEMCP
0x4b8734 GetCPInfo
0x4b8738 GetProcessVersion
0x4b873c TlsGetValue
0x4b8740 LocalReAlloc
0x4b8744 TlsSetValue
0x4b8748 GlobalReAlloc
0x4b874c TlsFree
0x4b8750 GlobalHandle
0x4b8754 TlsAlloc
0x4b8758 LocalAlloc
0x4b875c GlobalFlags
0x4b8760 MulDiv
0x4b8764 GlobalSize
0x4b8778 SetLastError
0x4b877c GetDiskFreeSpaceA
0x4b8780 GetFileTime
0x4b8784 SetFileTime
0x4b8788 GetFullPathNameA
0x4b878c GetTempFileNameA
0x4b8790 GetFileAttributesA
0x4b87a0 CreateEventA
0x4b87a4 SuspendThread
0x4b87a8 SetThreadPriority
0x4b87ac ResumeThread
0x4b87b0 SetEvent
0x4b87b4 WaitForSingleObject
0x4b87b8 GetModuleFileNameA
0x4b87bc GlobalAlloc
0x4b87c0 lstrcmpA
0x4b87c4 GetCurrentThread
0x4b87c8 GlobalFree
0x4b87cc FindResourceA
0x4b87d0 LoadResource
0x4b87d4 LockResource
0x4b87d8 GetCurrentThreadId
0x4b87dc lstrcmpiA
0x4b87e0 GlobalFindAtomA
0x4b87e4 GlobalDeleteAtom
0x4b87e8 GetModuleHandleA
0x4b87ec lstrcatA
0x4b87f0 lstrcpyA
0x4b87f4 lstrcpynA
0x4b87f8 GlobalGetAtomNameA
0x4b87fc GlobalAddAtomA
0x4b8800 GetVersion
0x4b880c lstrlenW
0x4b8810 GlobalLock
0x4b8814 GlobalUnlock
0x4b8818 FormatMessageA
0x4b881c LocalFree
0x4b8820 lstrlenA
0x4b882c CreateMutexA
0x4b8830 GetLastError
0x4b8834 ReleaseMutex
0x4b8838 CloseHandle
0x4b883c CreateProcessA
0x4b8840 Sleep
0x4b8844 MultiByteToWideChar
0x4b8848 WideCharToMultiByte
0x4b884c GetProcAddress
0x4b8850 GetTickCount
0x4b8854 CopyFileA
0x4b8858 FindFirstFileA
0x4b885c DeleteFileA
0x4b8860 FindNextFileA
0x4b8864 FindClose
0x4b8868 RemoveDirectoryA
0x4b886c SetFileAttributesA
0x4b8870 GetVersionExA
0x4b8874 GetACP
0x4b887c FreeLibrary
0x4b8880 LoadLibraryA
0x4b8884 FatalAppExitA
Library USER32.dll:
0x4b888c LoadIconA
0x4b8890 LoadIconW
Library GDI32.dll:
0x4b8898 GetStockObject
0x4b889c SetBkMode
0x4b88a0 SetPolyFillMode
0x4b88a4 SetROP2
0x4b88a8 SetStretchBltMode
0x4b88ac SetMapMode
0x4b88b0 SetViewportOrgEx
0x4b88b4 OffsetViewportOrgEx
0x4b88b8 SetViewportExtEx
0x4b88bc ScaleViewportExtEx
0x4b88c0 SetWindowOrgEx
0x4b88c4 OffsetWindowOrgEx
0x4b88c8 SetWindowExtEx
0x4b88cc ScaleWindowExtEx
0x4b88d0 SelectClipRgn
0x4b88d4 ExcludeClipRect
0x4b88d8 IntersectClipRect
0x4b88dc OffsetClipRgn
0x4b88e0 MoveToEx
0x4b88e4 LineTo
0x4b88e8 SetTextAlign
0x4b88f4 SetMapperFlags
0x4b88fc ArcTo
0x4b8900 SetArcDirection
0x4b8904 PolyDraw
0x4b8908 SelectPalette
0x4b890c SetColorAdjustment
0x4b8910 PolyBezierTo
0x4b8914 GetClipRgn
0x4b8918 CreateRectRgn
0x4b891c SelectClipPath
0x4b8920 ExtSelectClipRgn
0x4b8924 PlayMetaFileRecord
0x4b8928 GetObjectType
0x4b892c EnumMetaFile
0x4b8930 PlayMetaFile
0x4b8934 GetViewportExtEx
0x4b8938 GetWindowExtEx
0x4b893c CreatePen
0x4b8940 ExtCreatePen
0x4b8944 CreateSolidBrush
0x4b8948 CreateHatchBrush
0x4b894c CreatePatternBrush
0x4b8954 PtVisible
0x4b8958 RectVisible
0x4b895c TextOutA
0x4b8960 ExtTextOutA
0x4b8964 Escape
0x4b896c GetTextMetricsA
0x4b8970 CreateFontIndirectA
0x4b8974 SelectObject
0x4b8978 RestoreDC
0x4b897c SaveDC
0x4b8980 StartDocA
0x4b8984 DeleteDC
0x4b8988 DeleteObject
0x4b898c GetDeviceCaps
0x4b8990 CreateDCA
0x4b8994 CopyMetaFileA
0x4b8998 CreateBitmap
0x4b899c GetObjectA
0x4b89a0 SetBkColor
0x4b89a4 SetTextColor
0x4b89a8 GetClipBox
0x4b89ac PolylineTo
0x4b89b0 CreateDIBitmap
0x4b89b4 PatBlt
0x4b89b8 GetTextExtentPointA
0x4b89bc BitBlt
0x4b89c0 CreateCompatibleDC
0x4b89c4 GetDCOrgEx
Library ADVAPI32.dll:
0x4b89cc GetUserNameA
0x4b89d0 RegOpenKeyA
0x4b89d4 RegQueryValueExA
Library SHELL32.dll:
0x4b89dc ExtractIconA
0x4b89e0 DragAcceptFiles
0x4b89e4 DragQueryFileA
0x4b89e8 DragFinish
0x4b89f0 SHGetFileInfoA
Library MSVCRT.dll:
0x4b89f8 _except_handler3
0x4b89fc __set_app_type
0x4b8a00 __p__fmode
0x4b8a04 __p__commode
0x4b8a08 _adjust_fdiv
0x4b8a0c __setusermatherr
0x4b8a10 _initterm
0x4b8a14 __getmainargs
0x4b8a18 _acmdln
0x4b8a1c exit
0x4b8a20 _XcptFilter
0x4b8a24 _exit
0x4b8a28 _onexit
0x4b8a2c __dllonexit
0x4b8a30 _controlfp

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 49235 114.114.114.114 53
192.168.56.101 50534 114.114.114.114 53
192.168.56.101 56539 114.114.114.114 53
192.168.56.101 65004 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 55368 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 60123 224.0.0.252 5355
192.168.56.101 62191 224.0.0.252 5355
192.168.56.101 1900 239.255.255.250 1900
192.168.56.101 50535 239.255.255.250 3702
192.168.56.101 50537 239.255.255.250 3702
192.168.56.101 56540 239.255.255.250 3702
192.168.56.101 56807 239.255.255.250 1900
192.168.56.101 58707 239.255.255.250 3702
192.168.56.101 56539 8.8.8.8 53

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.