5.8
高危
62 个模型检测该样本为恶意!
重新分析
更多

7792542f273f9fa27cae27d5183b62c3b60c72c4e11a05e94c1f988e2b712f0d

7c3ebbf075c976f8ef7c9d86318b8f62.exe

分析耗时

24s

最近分析

文件大小

696.5KB
静态报毒 动态报毒 AGENTTESLA AI SCORE=83 AIDETECTVM ATTRIBUTE AUTO BTKMCM CONFIDENCE DELF DELPHI DELPHILESS ELYL EQXY FAREIT GDSDA HIGH CONFIDENCE HIGHCONFIDENCE HKEWSQ IGENT KCLOUD KRYPTIK LOKI LOKIBOT MALWARE2 MALWARE@#1CT7GXBV1QGKF OJFNW RGW@ASL4SZKI RSDP S + MAL SCORE SMAD1 SPYBOTNET STATIC AI SUSGEN SUSPICIOUS PE TSCOPE UNSAFE X2066 ZELPHIF 更多
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
Alibaba Trojan:Win32/Lokibot.02c454b8 20190527 0.3.0.5
Baidu 20190318 1.0.0.2
Avast Win32:Trojan-gen 20201210 21.1.5827.0
Tencent Win32.Trojan.Inject.Auto 20201211 1.0.0.1
Kingsoft Win32.Troj.Undef.(kcloud) 20201211 2017.9.26.565
McAfee Fareit-FTB!7C3EBBF075C9 20201211 6.0.6.653
CrowdStrike win/malicious_confidence_90% (W) 20190702 1.0
静态指标
The executable contains unknown PE section names indicative of a packer (could be a false positive) (3 个事件)
section CODE
section DATA
section BSS
The executable uses a known packer (1 个事件)
packer BobSoft Mini Delphi -> BoB / BobSoft
One or more processes crashed (2 个事件)
Time & API Arguments Status Return Repeated
1619649226.755436
__exception__
stacktrace: 
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 34930232
registers.edi: 0
registers.eax: 0
registers.ebp: 34930568
registers.edx: 13
registers.ebx: 0
registers.esi: 0
registers.ecx: 715
exception.instruction_r: f7 f0 33 c0 5a 59 59 64 89 10 e9 e5 62 00 00 e9
exception.symbol: 7c3ebbf075c976f8ef7c9d86318b8f62+0x57e17
exception.instruction: div eax
exception.module: 7c3ebbf075c976f8ef7c9d86318b8f62.exe
exception.exception_code: 0xc0000094
exception.offset: 359959
exception.address: 0x457e17
success 0 0
1619669287.024375
__exception__
stacktrace: 
CreateFileMappingW+0xe5 OpenFileMappingW-0x29 kernelbase+0xdc73 @ 0x778edc73
GetFileVersion+0xa7 ND_RI2-0x2eb mscoreei+0xe97b @ 0x7501e97b
GetFileVersion+0x1bb ND_RI2-0x1d7 mscoreei+0xea8f @ 0x7501ea8f
RegisterShimImplCallback+0x48e5 CLRCreateInstance-0x13e6 mscoreei+0xb25a @ 0x7501b25a
RegisterShimImplCallback+0x4b52 CLRCreateInstance-0x1179 mscoreei+0xb4c7 @ 0x7501b4c7
RegisterShimImplCallback+0x4300 CLRCreateInstance-0x19cb mscoreei+0xac75 @ 0x7501ac75
RegisterShimImplCallback+0x4561 CLRCreateInstance-0x176a mscoreei+0xaed6 @ 0x7501aed6
CreateConfigStream+0xc89 _CorExeMain-0x62 mscoreei+0x5511 @ 0x75015511
_CorExeMain+0x2b _CorExeMain2-0x141 mscoreei+0x559e @ 0x7501559e
CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x75137f16
_CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x75134de3
7c3ebbf075c976f8ef7c9d86318b8f62+0x5aa4d @ 0x45aa4d
7c3ebbf075c976f8ef7c9d86318b8f62+0x53254 @ 0x453254
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1634372
registers.edi: 2
registers.eax: 1
registers.ebp: 1634412
registers.edx: 228
registers.ebx: 983045
registers.esi: 1634532
registers.ecx: 228
exception.symbol:
exception.exception_code: 0xc0000005
exception.address: 0xff2014ad
success 0 0
行为判定
动态指标
One or more potentially interesting buffers were extracted, these generally contain injected code, configuration data, etc.
Allocates read-write-execute memory (usually to unpack itself) (30 个事件)
Time & API Arguments Status Return Repeated
1619649226.630436
NtAllocateVirtualMemory
process_identifier: 2852
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x003e0000
success 0 0
1619649226.755436
NtProtectVirtualMemory
process_identifier: 2852
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 32768
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00457000
success 0 0
1619649226.770436
NtAllocateVirtualMemory
process_identifier: 2852
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x01f70000
success 0 0
1619669285.837375
NtProtectVirtualMemory
process_identifier: 392
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00400000
success 0 0
1619669285.915375
NtAllocateVirtualMemory
process_identifier: 392
region_size: 2031616
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 8192 (MEM_RESERVE)
base_address: 0x01e60000
success 0 0
1619669285.915375
NtAllocateVirtualMemory
process_identifier: 392
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x02010000
success 0 0
1619669285.915375
NtAllocateVirtualMemory
process_identifier: 392
region_size: 335872
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x01d50000
success 0 0
1619669285.915375
NtProtectVirtualMemory
process_identifier: 392
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 307200
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x01d52000
success 0 0
1619669286.243375
NtAllocateVirtualMemory
process_identifier: 392
region_size: 1769472
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 8192 (MEM_RESERVE)
base_address: 0x021e0000
success 0 0
1619669286.243375
NtAllocateVirtualMemory
process_identifier: 392
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x02350000
success 0 0
1619669286.915375
NtProtectVirtualMemory
process_identifier: 392
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x01c82000
success 0 0
1619669286.915375
NtProtectVirtualMemory
process_identifier: 392
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76351000
success 0 0
1619669286.915375
NtProtectVirtualMemory
process_identifier: 392
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x01c82000
success 0 0
1619669286.915375
NtProtectVirtualMemory
process_identifier: 392
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76353000
success 0 0
1619669286.915375
NtProtectVirtualMemory
process_identifier: 392
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x01c82000
success 0 0
1619669286.915375
NtProtectVirtualMemory
process_identifier: 392
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76354000
success 0 0
1619669286.915375
NtProtectVirtualMemory
process_identifier: 392
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x01c82000
success 0 0
1619669286.915375
NtProtectVirtualMemory
process_identifier: 392
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76351000
success 0 0
1619669286.915375
NtProtectVirtualMemory
process_identifier: 392
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x01c82000
success 0 0
1619669286.915375
NtProtectVirtualMemory
process_identifier: 392
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x77d4f000
success 0 0
1619669286.915375
NtProtectVirtualMemory
process_identifier: 392
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x01c82000
success 0 0
1619669286.915375
NtProtectVirtualMemory
process_identifier: 392
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76353000
success 0 0
1619669286.915375
NtProtectVirtualMemory
process_identifier: 392
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x01c82000
success 0 0
1619669286.915375
NtProtectVirtualMemory
process_identifier: 392
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76351000
success 0 0
1619669286.915375
NtProtectVirtualMemory
process_identifier: 392
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x01c82000
success 0 0
1619669286.915375
NtProtectVirtualMemory
process_identifier: 392
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76351000
success 0 0
1619669286.915375
NtProtectVirtualMemory
process_identifier: 392
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x01c82000
success 0 0
1619669286.915375
NtProtectVirtualMemory
process_identifier: 392
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76354000
success 0 0
1619669286.915375
NtProtectVirtualMemory
process_identifier: 392
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x01c82000
success 0 0
1619669286.915375
NtProtectVirtualMemory
process_identifier: 392
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76351000
success 0 0
The binary likely contains encrypted or compressed data indicative of a packer (2 个事件)
entropy 7.273523638128089 section {'size_of_data': '0x00046a00', 'virtual_address': '0x0006e000', 'entropy': 7.273523638128089, 'name': '.rsrc', 'virtual_size': '0x00046830'} description A section with a high entropy has been found
entropy 0.40618260244428467 description Overall entropy of this PE file is high
网络通信
Communicates with host for which no DNS query was performed (1 个事件)
host 172.217.24.14
Used NtSetContextThread to modify a thread in a remote process indicative of process injection (2 个事件)
Process injection Process 2852 called NtSetContextThread to modify thread in remote process 392
Time & API Arguments Status Return Repeated
1619649227.145436
NtSetContextThread
thread_handle: 0x000000ec
registers.eip: 0
registers.esp: 0
registers.edi: 0
registers.eax: 4907760
registers.ebp: 0
registers.edx: 0
registers.ebx: 2130567168
registers.esi: 0
registers.ecx: 0
process_identifier: 392
success 0 0
Resumed a suspended thread in a remote process potentially indicative of process injection (2 个事件)
Process injection Process 2852 resumed a thread in remote process 392
Time & API Arguments Status Return Repeated
1619649228.114436
NtResumeThread
thread_handle: 0x000000ec
suspend_count: 1
process_identifier: 392
success 0 0
Executed a process and injected code into it, probably while unpacking (6 个事件)
Time & API Arguments Status Return Repeated
1619649227.052436
CreateProcessInternalW
thread_identifier: 2248
thread_handle: 0x000000ec
process_identifier: 392
current_directory:
filepath:
track: 1
command_line: "C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\7c3ebbf075c976f8ef7c9d86318b8f62.exe"
filepath_r:
stack_pivoted: 0
creation_flags: 4 (CREATE_SUSPENDED)
process_handle: 0x000000f0
inherit_handles: 0
success 1 0
1619649227.052436
NtUnmapViewOfSection
process_identifier: 392
region_size: 4096
process_handle: 0x000000f0
base_address: 0x00400000
success 0 0
1619649227.052436
NtMapViewOfSection
section_handle: 0x000000f8
process_identifier: 392
commit_size: 720896
win32_protect: 64 (PAGE_EXECUTE_READWRITE)
buffer:
process_handle: 0x000000f0
allocation_type: 0 ()
section_offset: 0
view_size: 720896
base_address: 0x00400000
success 0 0
1619649227.145436
NtGetContextThread
thread_handle: 0x000000ec
success 0 0
1619649227.145436
NtSetContextThread
thread_handle: 0x000000ec
registers.eip: 0
registers.esp: 0
registers.edi: 0
registers.eax: 4907760
registers.ebp: 0
registers.edx: 0
registers.ebx: 2130567168
registers.esi: 0
registers.ecx: 0
process_identifier: 392
success 0 0
1619649228.114436
NtResumeThread
thread_handle: 0x000000ec
suspend_count: 1
process_identifier: 392
success 0 0
File has been identified by 62 AntiVirus engines on VirusTotal as malicious (50 out of 62 个事件)
Bkav W32.AIDetectVM.malware2
Elastic malicious (high confidence)
MicroWorld-eScan Trojan.Agent.EQXY
FireEye Generic.mg.7c3ebbf075c976f8
ALYac Spyware.LokiBot
Cylance Unsafe
Zillya Trojan.Injector.Win32.737678
Sangfor Malware
K7AntiVirus Trojan ( 00566bd51 )
Alibaba Trojan:Win32/Lokibot.02c454b8
K7GW Trojan ( 00566bd51 )
Cybereason malicious.6e1287
Arcabit Trojan.Agent.EQXY
Cyren W32/Trojan.RSDP-8142
Symantec ML.Attribute.HighConfidence
APEX Malicious
Avast Win32:Trojan-gen
ClamAV Win.Dropper.LokiBot-7860578-0
Kaspersky HEUR:Trojan.Win32.Kryptik.gen
BitDefender Trojan.Agent.EQXY
NANO-Antivirus Trojan.Win32.SpyBotNET.hkewsq
Paloalto generic.ml
AegisLab Trojan.Win32.Kryptik.4!c
Tencent Win32.Trojan.Inject.Auto
Ad-Aware Trojan.Agent.EQXY
TACHYON Trojan-PWS/W32.DP-AgentTesla.713216.C
Sophos Mal/Generic-S + Mal/Fareit-AA
Comodo Malware@#1ct7gxbv1qgkf
F-Secure Dropper.DR/Delphi.ojfnw
DrWeb BackDoor.SpyBotNET.17
VIPRE Trojan.Win32.Generic!BT
TrendMicro TrojanSpy.Win32.LOKI.SMAD1.hp
McAfee-GW-Edition BehavesLike.Win32.Fareit.jc
Emsisoft Trojan.Agent.EQXY (B)
SentinelOne Static AI - Suspicious PE
Jiangmin Trojan.Kryptik.bhm
Webroot W32.Adware.Gen
Avira DR/Delphi.ojfnw
Antiy-AVL Trojan/Win32.Kryptik
Kingsoft Win32.Troj.Undef.(kcloud)
Microsoft Trojan:Win32/Lokibot.V!MTB
ViRobot Trojan.Win32.S.Infostealer.713216
ZoneAlarm HEUR:Trojan.Win32.Kryptik.gen
GData Win32.Trojan.Injector.PA
Cynet Malicious (score: 100)
AhnLab-V3 Suspicious/Win.Delphiless.X2066
McAfee Fareit-FTB!7C3EBBF075C9
MAX malware (ai score=83)
VBA32 TScope.Trojan.Delf
Malwarebytes Trojan.MalPack.DLF
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

1992-06-20 06:22:17

Imports

Library kernel32.dll:
0x462128 VirtualFree
0x46212c VirtualAlloc
0x462130 LocalFree
0x462134 LocalAlloc
0x462138 GetVersion
0x46213c GetCurrentThreadId
0x462148 VirtualQuery
0x46214c WideCharToMultiByte
0x462154 MultiByteToWideChar
0x462158 lstrlenA
0x46215c lstrcpynA
0x462160 LoadLibraryExA
0x462164 GetThreadLocale
0x462168 GetStartupInfoA
0x46216c GetProcAddress
0x462170 GetModuleHandleA
0x462174 GetModuleFileNameA
0x462178 GetLocaleInfoA
0x46217c GetLastError
0x462184 GetCommandLineA
0x462188 FreeLibrary
0x46218c FindFirstFileA
0x462190 FindClose
0x462194 ExitProcess
0x462198 WriteFile
0x4621a0 RtlUnwind
0x4621a4 RaiseException
0x4621a8 GetStdHandle
Library user32.dll:
0x4621b0 GetKeyboardType
0x4621b4 LoadStringA
0x4621b8 MessageBoxA
0x4621bc CharNextA
Library advapi32.dll:
0x4621c4 RegQueryValueExA
0x4621c8 RegOpenKeyExA
0x4621cc RegCloseKey
Library oleaut32.dll:
0x4621d4 SysFreeString
0x4621d8 SysReAllocStringLen
0x4621dc SysAllocStringLen
Library kernel32.dll:
0x4621e4 TlsSetValue
0x4621e8 TlsGetValue
0x4621ec LocalAlloc
0x4621f0 GetModuleHandleA
Library advapi32.dll:
0x4621f8 RegQueryValueExA
0x4621fc RegOpenKeyExA
0x462200 RegCloseKey
Library kernel32.dll:
0x462208 lstrcpyA
0x46220c WriteFile
0x462210 WaitForSingleObject
0x462214 VirtualQuery
0x462218 VirtualProtect
0x46221c VirtualAlloc
0x462220 Sleep
0x462224 SizeofResource
0x462228 SetThreadLocale
0x46222c SetFilePointer
0x462230 SetEvent
0x462234 SetErrorMode
0x462238 SetEndOfFile
0x46223c ResetEvent
0x462240 ReadFile
0x462244 MulDiv
0x462248 LockResource
0x46224c LoadResource
0x462250 LoadLibraryA
0x46225c GlobalUnlock
0x462260 GlobalReAlloc
0x462264 GlobalHandle
0x462268 GlobalLock
0x46226c GlobalFree
0x462270 GlobalFindAtomA
0x462274 GlobalDeleteAtom
0x462278 GlobalAlloc
0x46227c GlobalAddAtomA
0x462280 GetVersionExA
0x462284 GetVersion
0x462288 GetTickCount
0x46228c GetThreadLocale
0x462294 GetSystemTime
0x462298 GetSystemInfo
0x46229c GetStringTypeExA
0x4622a0 GetStdHandle
0x4622a4 GetProcAddress
0x4622a8 GetModuleHandleA
0x4622ac GetModuleFileNameA
0x4622b0 GetLocaleInfoA
0x4622b4 GetLocalTime
0x4622b8 GetLastError
0x4622bc GetFullPathNameA
0x4622c0 GetFileAttributesA
0x4622c4 GetDiskFreeSpaceA
0x4622c8 GetDateFormatA
0x4622cc GetCurrentThreadId
0x4622d0 GetCurrentProcessId
0x4622d4 GetCPInfo
0x4622d8 GetACP
0x4622dc FreeResource
0x4622e0 InterlockedExchange
0x4622e4 FreeLibrary
0x4622e8 FormatMessageA
0x4622ec FindResourceA
0x4622f0 FindNextFileA
0x4622f4 FindFirstFileA
0x4622f8 FindClose
0x462308 ExitThread
0x46230c EnumCalendarInfoA
0x462318 CreateThread
0x46231c CreateFileA
0x462320 CreateEventA
0x462324 CompareStringA
0x462328 CloseHandle
Library version.dll:
0x462330 VerQueryValueA
0x462338 GetFileVersionInfoA
Library gdi32.dll:
0x462340 UnrealizeObject
0x462344 StretchBlt
0x462348 SetWindowOrgEx
0x46234c SetViewportOrgEx
0x462350 SetTextColor
0x462354 SetStretchBltMode
0x462358 SetROP2
0x46235c SetPixel
0x462360 SetDIBColorTable
0x462364 SetBrushOrgEx
0x462368 SetBkMode
0x46236c SetBkColor
0x462370 SelectPalette
0x462374 SelectObject
0x462378 SaveDC
0x46237c RestoreDC
0x462380 Rectangle
0x462384 RectVisible
0x462388 RealizePalette
0x46238c PatBlt
0x462390 MoveToEx
0x462394 MaskBlt
0x462398 LineTo
0x46239c IntersectClipRect
0x4623a0 GetWindowOrgEx
0x4623a4 GetTextMetricsA
0x4623b0 GetStockObject
0x4623b4 GetPixel
0x4623b8 GetPaletteEntries
0x4623bc GetObjectA
0x4623c0 GetDeviceCaps
0x4623c4 GetDIBits
0x4623c8 GetDIBColorTable
0x4623cc GetDCOrgEx
0x4623d4 GetClipBox
0x4623d8 GetBrushOrgEx
0x4623dc GetBitmapBits
0x4623e0 ExtTextOutA
0x4623e4 ExcludeClipRect
0x4623e8 DeleteObject
0x4623ec DeleteDC
0x4623f0 CreateSolidBrush
0x4623f4 CreatePenIndirect
0x4623f8 CreatePen
0x4623fc CreatePalette
0x462404 CreateFontIndirectA
0x462408 CreateDIBitmap
0x46240c CreateDIBSection
0x462410 CreateCompatibleDC
0x462418 CreateBrushIndirect
0x46241c CreateBitmap
0x462420 BitBlt
Library user32.dll:
0x462428 CreateWindowExA
0x46242c WindowFromPoint
0x462430 WinHelpA
0x462434 WaitMessage
0x462438 ValidateRect
0x46243c UpdateWindow
0x462440 UnregisterClassA
0x462444 UnhookWindowsHookEx
0x462448 TranslateMessage
0x462450 TrackPopupMenu
0x462458 ShowWindow
0x46245c ShowScrollBar
0x462460 ShowOwnedPopups
0x462464 ShowCursor
0x462468 SetWindowsHookExA
0x46246c SetWindowTextA
0x462470 SetWindowPos
0x462474 SetWindowPlacement
0x462478 SetWindowLongA
0x46247c SetTimer
0x462480 SetScrollRange
0x462484 SetScrollPos
0x462488 SetScrollInfo
0x46248c SetRect
0x462490 SetPropA
0x462494 SetParent
0x462498 SetMenuItemInfoA
0x46249c SetMenu
0x4624a0 SetForegroundWindow
0x4624a4 SetFocus
0x4624a8 SetCursor
0x4624ac SetClassLongA
0x4624b0 SetCapture
0x4624b4 SetActiveWindow
0x4624b8 SendMessageA
0x4624bc ScrollWindow
0x4624c0 ScreenToClient
0x4624c4 RemovePropA
0x4624c8 RemoveMenu
0x4624cc ReleaseDC
0x4624d0 ReleaseCapture
0x4624dc RegisterClassA
0x4624e0 RedrawWindow
0x4624e4 PtInRect
0x4624e8 PostQuitMessage
0x4624ec PostMessageA
0x4624f0 PeekMessageA
0x4624f4 OffsetRect
0x4624f8 OemToCharA
0x4624fc MessageBoxA
0x462500 MapWindowPoints
0x462504 MapVirtualKeyA
0x462508 LoadStringA
0x46250c LoadKeyboardLayoutA
0x462510 LoadIconA
0x462514 LoadCursorA
0x462518 LoadBitmapA
0x46251c KillTimer
0x462520 IsZoomed
0x462524 IsWindowVisible
0x462528 IsWindowEnabled
0x46252c IsWindow
0x462530 IsRectEmpty
0x462534 IsIconic
0x462538 IsDialogMessageA
0x46253c IsChild
0x462540 InvalidateRect
0x462544 IntersectRect
0x462548 InsertMenuItemA
0x46254c InsertMenuA
0x462550 InflateRect
0x462558 GetWindowTextA
0x46255c GetWindowRect
0x462560 GetWindowPlacement
0x462564 GetWindowLongA
0x462568 GetWindowDC
0x46256c GetTopWindow
0x462570 GetSystemMetrics
0x462574 GetSystemMenu
0x462578 GetSysColorBrush
0x46257c GetSysColor
0x462580 GetSubMenu
0x462584 GetScrollRange
0x462588 GetScrollPos
0x46258c GetScrollInfo
0x462590 GetPropA
0x462594 GetParent
0x462598 GetWindow
0x46259c GetMenuStringA
0x4625a0 GetMenuState
0x4625a4 GetMenuItemInfoA
0x4625a8 GetMenuItemID
0x4625ac GetMenuItemCount
0x4625b0 GetMenu
0x4625b4 GetLastActivePopup
0x4625b8 GetKeyboardState
0x4625c0 GetKeyboardLayout
0x4625c4 GetKeyState
0x4625c8 GetKeyNameTextA
0x4625cc GetIconInfo
0x4625d0 GetForegroundWindow
0x4625d4 GetFocus
0x4625d8 GetDesktopWindow
0x4625dc GetDCEx
0x4625e0 GetDC
0x4625e4 GetCursorPos
0x4625e8 GetCursor
0x4625ec GetClientRect
0x4625f0 GetClassNameA
0x4625f4 GetClassInfoA
0x4625f8 GetCapture
0x4625fc GetActiveWindow
0x462600 FrameRect
0x462604 FindWindowA
0x462608 FillRect
0x46260c EqualRect
0x462610 EnumWindows
0x462614 EnumThreadWindows
0x462618 EndPaint
0x46261c EnableWindow
0x462620 EnableScrollBar
0x462624 EnableMenuItem
0x462628 DrawTextA
0x46262c DrawMenuBar
0x462630 DrawIconEx
0x462634 DrawIcon
0x462638 DrawFrameControl
0x46263c DrawFocusRect
0x462640 DrawEdge
0x462644 DispatchMessageA
0x462648 DestroyWindow
0x46264c DestroyMenu
0x462650 DestroyIcon
0x462654 DestroyCursor
0x462658 DeleteMenu
0x46265c DefWindowProcA
0x462660 DefMDIChildProcA
0x462664 DefFrameProcA
0x462668 CreatePopupMenu
0x46266c CreateMenu
0x462670 CreateIcon
0x462674 ClientToScreen
0x462678 CheckMenuItem
0x46267c CallWindowProcA
0x462680 CallNextHookEx
0x462684 BeginPaint
0x462688 CharNextA
0x46268c CharLowerBuffA
0x462690 CharLowerA
0x462694 CharToOemA
0x462698 AdjustWindowRectEx
Library kernel32.dll:
0x4626a4 Sleep
Library oleaut32.dll:
0x4626ac SafeArrayPtrOfIndex
0x4626b0 SafeArrayGetUBound
0x4626b4 SafeArrayGetLBound
0x4626b8 SafeArrayCreate
0x4626bc VariantChangeType
0x4626c0 VariantCopy
0x4626c4 VariantClear
0x4626c8 VariantInit
Library comctl32.dll:
0x4626d8 ImageList_Write
0x4626dc ImageList_Read
0x4626ec ImageList_DragMove
0x4626f0 ImageList_DragLeave
0x4626f4 ImageList_DragEnter
0x4626f8 ImageList_EndDrag
0x4626fc ImageList_BeginDrag
0x462700 ImageList_Remove
0x462704 ImageList_DrawEx
0x462708 ImageList_Draw
0x462718 ImageList_Add
0x462720 ImageList_Destroy
0x462724 ImageList_Create
0x462728 InitCommonControls

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 49235 114.114.114.114 53
192.168.56.101 55368 114.114.114.114 53
192.168.56.101 65004 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 51963 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 62191 224.0.0.252 5355
192.168.56.101 63429 224.0.0.252 5355
192.168.56.101 1900 239.255.255.250 1900
192.168.56.101 56807 239.255.255.250 1900
192.168.56.101 58707 239.255.255.250 3702
192.168.56.101 62192 239.255.255.250 3702
192.168.56.101 65005 239.255.255.250 3702
192.168.56.101 65007 239.255.255.250 3702

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.