6.2
高危
53 个模型检测该样本为恶意!
重新分析
更多

736c373f09596e706dae01b4cb6a57647046f5047c8b67eb418d51b819a29ac9

7d05b151fd2b28582cfca8ca8ceaa58f.exe

分析耗时

86s

最近分析

文件大小

2.6MB
静态报毒 动态报毒 100% ADF@8T5MSC AGEN AHXC AI SCORE=89 ATTRIBUTE CMRTAZQSB9VWBATIDLQYGZ1IIIYI CONFIDENCE DANGEROUSSIG EHLS ENCPK ET#93% GENCIRC GENERICKDZ GENETIC GENKRYPTIK GRAYWARE HEFT HIGH HIGH CONFIDENCE HIGHCONFIDENCE INVALIDSIG KRYPTIK MALICIOUS PE ME1@AQ@TPGPI QAKBOT QBOT QBOTPMF R340992 RDMK S14229767 SCORE SUSPIG TROJANBANKER UNSAFE XKFC ZENPAK ZEXAF 更多
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
McAfee Packed-GBS!7D05B151FD2B 20200805 6.0.6.653
Alibaba 20190527 0.3.0.5
Baidu 20190318 1.0.0.2
Avast Win32:DangerousSig [Trj] 20200805 18.4.3895.0
Kingsoft 20200805 2013.8.14.323
Tencent Malware.Win32.Gencirc.10cdd6fe 20200805 1.0.0.1
CrowdStrike win/malicious_confidence_100% (D) 20190702 1.0
静态指标
Queries for the computername (2 个事件)
Time & API Arguments Status Return Repeated
1620770775.374875
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
1620770786.983625
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
This executable is signed
The executable contains unknown PE section names indicative of a packer (could be a false positive) (4 个事件)
section a2
section a3
section a32
section a322
One or more processes crashed (2 个事件)
Time & API Arguments Status Return Repeated
1620770787.639625
__exception__
stacktrace: 
7d05b151fd2b28582cfca8ca8ceaa58f+0x3f07 @ 0x403f07
7d05b151fd2b28582cfca8ca8ceaa58f+0x1b25 @ 0x401b25
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1637624
registers.edi: 0
registers.eax: 1447909480
registers.ebp: 1637684
registers.edx: 22104
registers.ebx: 1
registers.esi: 8615312
registers.ecx: 10
exception.instruction_r: ed 89 5d e4 89 4d e0 5a 59 5b 58 83 4d fc ff eb
exception.symbol: 7d05b151fd2b28582cfca8ca8ceaa58f+0x3449
exception.instruction: in eax, dx
exception.module: 7d05b151fd2b28582cfca8ca8ceaa58f.exe
exception.exception_code: 0xc0000096
exception.offset: 13385
exception.address: 0x403449
success 0 0
1620770787.639625
__exception__
stacktrace: 
7d05b151fd2b28582cfca8ca8ceaa58f+0x3f10 @ 0x403f10
7d05b151fd2b28582cfca8ca8ceaa58f+0x1b25 @ 0x401b25
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1637628
registers.edi: 0
registers.eax: 1447909480
registers.ebp: 1637684
registers.edx: 22104
registers.ebx: 1
registers.esi: 8615312
registers.ecx: 20
exception.instruction_r: ed 89 45 e4 5a 59 5b 58 83 4d fc ff eb 11 33 c0
exception.symbol: 7d05b151fd2b28582cfca8ca8ceaa58f+0x34e2
exception.instruction: in eax, dx
exception.module: 7d05b151fd2b28582cfca8ca8ceaa58f.exe
exception.exception_code: 0xc0000096
exception.offset: 13538
exception.address: 0x4034e2
success 0 0
行为判定
动态指标
Allocates read-write-execute memory (usually to unpack itself) (6 个事件)
Time & API Arguments Status Return Repeated
1620770775.311875
NtAllocateVirtualMemory
process_identifier: 2288
region_size: 225280
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x003b0000
success 0 0
1620770775.311875
NtAllocateVirtualMemory
process_identifier: 2288
region_size: 221184
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x006a0000
success 0 0
1620770775.311875
NtProtectVirtualMemory
process_identifier: 2288
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 237568
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00400000
success 0 0
1620770786.936625
NtAllocateVirtualMemory
process_identifier: 2032
region_size: 225280
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x006a0000
success 0 0
1620770786.952625
NtAllocateVirtualMemory
process_identifier: 2032
region_size: 221184
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x006e0000
success 0 0
1620770786.952625
NtProtectVirtualMemory
process_identifier: 2032
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 237568
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00400000
success 0 0
A process created a hidden window (1 个事件)
Time & API Arguments Status Return Repeated
1620770776.671875
CreateProcessInternalW
thread_identifier: 1056
thread_handle: 0x00000158
process_identifier: 2032
current_directory:
filepath:
track: 1
command_line: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\7d05b151fd2b28582cfca8ca8ceaa58f.exe /C
filepath_r:
stack_pivoted: 0
creation_flags: 134217728 (CREATE_NO_WINDOW)
process_handle: 0x0000015c
inherit_handles: 0
success 1 0
Searches running processes potentially to identify processes for sandbox evasion, code injection or memory dumping (2 个事件)
Expresses interest in specific running processes (1 个事件)
process vboxservice.exe
网络通信
Communicates with host for which no DNS query was performed (2 个事件)
host 113.108.239.196
host 172.217.24.14
Detects VMWare through the in instruction feature (1 个事件)
Time & API Arguments Status Return Repeated
1620770787.639625
__exception__
stacktrace: 
7d05b151fd2b28582cfca8ca8ceaa58f+0x3f07 @ 0x403f07
7d05b151fd2b28582cfca8ca8ceaa58f+0x1b25 @ 0x401b25
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1637624
registers.edi: 0
registers.eax: 1447909480
registers.ebp: 1637684
registers.edx: 22104
registers.ebx: 1
registers.esi: 8615312
registers.ecx: 10
exception.instruction_r: ed 89 5d e4 89 4d e0 5a 59 5b 58 83 4d fc ff eb
exception.symbol: 7d05b151fd2b28582cfca8ca8ceaa58f+0x3449
exception.instruction: in eax, dx
exception.module: 7d05b151fd2b28582cfca8ca8ceaa58f.exe
exception.exception_code: 0xc0000096
exception.offset: 13385
exception.address: 0x403449
success 0 0
File has been identified by 53 AntiVirus engines on VirusTotal as malicious (50 out of 53 个事件)
MicroWorld-eScan Trojan.GenericKDZ.68027
FireEye Generic.mg.7d05b151fd2b2858
CAT-QuickHeal Trojan.QbotPMF.S14229767
McAfee Packed-GBS!7D05B151FD2B
Cylance Unsafe
Sangfor Malware
K7AntiVirus Riskware ( 0049f6ae1 )
K7GW Riskware ( 0049f6ae1 )
Cybereason malicious.f55055
F-Prot W32/Qakbot.GD
Symantec ML.Attribute.HighConfidence
APEX Malicious
Avast Win32:DangerousSig [Trj]
Kaspersky Trojan.Win32.Zenpak.ahxc
BitDefender Trojan.GenericKDZ.68027
Rising Malware.Heuristic!ET#93% (RDMK:cmRtazqSB9VWbAtiDLqYgz1iIIyI)
Endgame malicious (high confidence)
Sophos Mal/EncPk-APV
Comodo TrojWare.Win32.Qbot.ADF@8t5msc
F-Secure Heuristic.HEUR/AGEN.1135700
DrWeb Trojan.QakBot.10
Zillya Trojan.Qbot.Win32.8327
TrendMicro Backdoor.Win32.QAKBOT.SME
Trapmine malicious.high.ml.score
Emsisoft Trojan.GenericKDZ.68027 (B)
SentinelOne DFI - Malicious PE
Cyren W32/Qakbot.XKFC-3422
Jiangmin Trojan.Zenpak.cec
Avira HEUR/AGEN.1135700
Antiy-AVL GrayWare/Win32.Kryptik.ehls
Microsoft Trojan:Win32/Qbot.DEE!MTB
Arcabit Trojan.Generic.D109BB
ZoneAlarm Trojan.Win32.Zenpak.ahxc
GData Trojan.GenericKDZ.68027
Cynet Malicious (score: 85)
AhnLab-V3 Trojan/Win32.Suspig.R340992
Acronis suspicious
VBA32 TrojanBanker.Qbot
ALYac Trojan.GenericKDZ.68027
MAX malware (ai score=89)
Ad-Aware Trojan.GenericKDZ.68027
Malwarebytes Trojan.Qbot
ESET-NOD32 a variant of Win32/Kryptik.HEFT
TrendMicro-HouseCall Backdoor.Win32.QAKBOT.SME
Tencent Malware.Win32.Gencirc.10cdd6fe
Yandex Trojan.GenKryptik!
Ikarus Trojan.Win32.Qakbot
eGambit PE.Heur.InvalidSig
Fortinet W32/QBOT.CC!tr
BitDefenderTheta Gen:NN.ZexaF.34152.ME1@aq@TpGpi
Connects to IP addresses that are no longer responding to requests (legitimate services will remain up-and-running usually) (2 个事件)
dead_host 172.217.24.14:443
dead_host 172.217.160.78:443
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

2013-06-19 17:15:50

Imports

Library KERNEL32.dll:
0x416870 Sleep
0x416874 GetModuleHandleW
0x416878 LoadLibraryA
0x41687c GetProcAddress
0x416880 FlushFileBuffers
0x416884 SetFilePointer
0x416888 OutputDebugStringA
0x41688c GetLocalTime
0x416890 LocalFree
0x416894 SetErrorMode
0x416898 DeviceIoControl
0x41689c GlobalHandle
0x4168a4 ExitThread
0x4168ac GetComputerNameW
0x4168b0 SetEvent
0x4168b4 OpenEventW
0x4168b8 GetCommandLineW
0x4168bc CreateThread
0x4168c4 GetVersionExW
0x4168c8 GetTickCount
0x4168cc GetCurrentProcessId
0x4168d4 TerminateProcess
0x4168e0 GetModuleHandleA
0x4168e4 GetStartupInfoA
0x4168ec GetCurrentProcess
0x4168f0 GlobalLock
0x4168f4 GlobalFree
0x4168f8 GlobalReAlloc
0x4168fc GlobalUnlock
0x416900 GlobalSize
0x416904 GlobalAlloc
0x416908 HeapFree
0x41690c GetProcessHeap
0x416910 HeapAlloc
0x416914 SetLastError
0x416918 ReadFile
0x41691c WriteFile
0x416928 CloseHandle
0x41692c GetLastError
0x416940 lstrcpyW
0x416944 GetFileSize
0x416948 CreateFileW
0x41694c ReleaseMutex
0x416950 lstrcatW
0x416954 FormatMessageW
0x416958 GetCurrentThreadId
0x41695c lstrlenW
0x416960 GetTimeFormatW
0x416964 GetDateFormatW
0x416968 WaitForSingleObject
0x41696c lstrcpynW
0x416970 SizeofResource
0x416974 FindResourceW
0x416978 lstrcmpiW
0x41697c CompareStringW
0x416994 GetDriveTypeW
0x4169a4 LoadLibraryW
0x4169a8 lstrcmpW
0x4169ac GetCPInfo
0x4169c0 MoveFileExA
0x4169c4 DeleteFiber
0x4169cc CreateRemoteThread
0x4169d4 OpenSemaphoreA
0x4169d8 GlobalAddAtomA
0x4169dc RemoveDirectoryA
0x4169ec GetWriteWatch
0x4169fc InterlockedExchange
0x416a00 GetConsoleMode
0x416a04 GetConsoleCP
0x416a08 IsValidLocale
0x416a0c EnumSystemLocalesA
0x416a10 GetLocaleInfoA
0x416a14 WriteConsoleW
0x416a18 GetStringTypeW
0x416a24 LCMapStringW
0x416a28 IsValidCodePage
0x416a2c GetOEMCP
0x416a30 GetACP
0x416a34 IsDebuggerPresent
0x416a38 HeapCreate
0x416a3c SetHandleCount
0x416a48 GetStdHandle
0x416a4c GetFileType
0x416a50 SetStdHandle
0x416a54 VirtualQuery
0x416a58 GetSystemInfo
0x416a5c VirtualAlloc
0x416a60 HeapSize
0x416a68 RtlUnwind
0x416a6c RaiseException
0x416a70 ExitProcess
0x416a74 HeapReAlloc
0x416a78 EncodePointer
0x416a7c DecodePointer
0x416a80 GetStartupInfoW
0x416a84 HeapSetInformation
0x416a88 FindResourceExW
0x416a8c VirtualProtect
0x416a90 SearchPathW
0x416a94 GetProfileIntW
0x416a98 GetNumberFormatW
0x416aa4 GetTempFileNameW
0x416aa8 GetUserDefaultLCID
0x416aac GetFileTime
0x416ab0 GetFileSizeEx
0x416ab4 GetFileAttributesW
0x416abc GlobalFlags
0x416ac0 TlsFree
0x416ac4 LocalReAlloc
0x416ac8 TlsSetValue
0x416acc TlsAlloc
0x416ad0 TlsGetValue
0x416ad4 GlobalGetAtomNameW
0x416af0 LoadLibraryExW
0x416af4 SetThreadPriority
0x416b00 FindNextFileW
0x416b04 GetFullPathNameW
0x416b08 FindClose
0x416b0c DuplicateHandle
0x416b10 SetEndOfFile
0x416b14 UnlockFile
0x416b18 LockFile
0x416b1c GetThreadLocale
0x416b20 ReleaseActCtx
0x416b24 CreateActCtxW
0x416b28 CopyFileW
0x416b2c GlobalAddAtomW
0x416b30 GlobalFindAtomW
0x416b34 GlobalDeleteAtom
0x416b38 lstrlenA
0x416b3c lstrcmpA
0x416b40 TerminateThread
0x416b44 LocalAlloc
0x416b48 GetCurrentThread
0x416b50 FreeLibrary
0x416b54 GetModuleFileNameW
0x416b58 GetSystemDirectoryW
0x416b5c FreeResource
0x416b60 ResumeThread
0x416b64 MulDiv
0x416b68 FindFirstFileW
0x416b6c GetTempPathW
0x416b70 ActivateActCtx
0x416b74 DeactivateActCtx
0x416b78 MultiByteToWideChar
0x416b7c OutputDebugStringW
0x416b80 WideCharToMultiByte
0x416b84 Process32NextW
0x416b88 Process32FirstW
0x416b90 GetLocaleInfoW
0x416b94 DeleteFileW
0x416b98 CreateDirectoryW
0x416b9c LoadResource
0x416ba0 LockResource
0x416ba4 UnmapViewOfFile
0x416ba8 MapViewOfFile
0x416bac CreateFileMappingW
0x416bb0 CreateEventW
0x416bb4 CreateMutexW
0x416bb8 ResetEvent
Library USER32.dll:
0x416bc4 LoadCursorFromFileA
0x416bcc LoadMenuA
0x416bd0 DlgDirListA
0x416bd4 UnregisterClassA
0x416be4 ClientToScreen
0x416be8 CharLowerW
0x416bec FindWindowA
0x416bf0 GetDlgCtrlID
0x416bf4 TrackPopupMenu
0x416bf8 GetMenuStringW
0x416bfc SetMenuItemBitmaps
0x416c00 DdeInitializeA
0x416c04 DefWindowProcA
0x416c08 CharLowerA
0x416c0c CreateIcon
0x416c10 DlgDirListComboBoxW
0x416c14 SetWindowsHookW
0x416c18 MapVirtualKeyW
0x416c1c GetKeyNameTextW
0x416c20 GetDesktopWindow
0x416c24 GetActiveWindow
0x416c2c GetNextDlgTabItem
0x416c30 EndDialog
0x416c34 CharUpperW
0x416c38 IntersectRect
0x416c3c InflateRect
0x416c40 InsertMenuW
0x416c44 RemoveMenu
0x416c48 ShowWindow
0x416c4c MoveWindow
0x416c50 SetWindowTextW
0x416c54 IsDialogMessageW
0x416c58 CheckDlgButton
0x416c60 SendDlgItemMessageW
0x416c64 SendDlgItemMessageA
0x416c68 WinHelpW
0x416c6c IsChild
0x416c70 GetCapture
0x416c74 CallNextHookEx
0x416c78 GetClassLongW
0x416c7c GetClassNameW
0x416c80 SetPropW
0x416c84 GetPropW
0x416c88 RemovePropW
0x416c8c SetFocus
0x416c94 GetWindowTextW
0x416c98 GetLastActivePopup
0x416c9c DispatchMessageW
0x416ca0 BeginDeferWindowPos
0x416ca4 EndDeferWindowPos
0x416ca8 GetDlgItem
0x416cac GetTopWindow
0x416cb0 DestroyWindow
0x416cb4 GetMessageTime
0x416cb8 GetMessagePos
0x416cbc PeekMessageW
0x416cc0 MonitorFromWindow
0x416cc4 GetMonitorInfoW
0x416cc8 MapWindowPoints
0x416ccc ScrollWindow
0x416cd0 SetMenu
0x416cd4 SetScrollRange
0x416cd8 GetScrollRange
0x416cdc SetScrollPos
0x416ce0 GetScrollPos
0x416ce4 ShowScrollBar
0x416ce8 RedrawWindow
0x416cec ValidateRect
0x416cf0 OffsetRect
0x416cf8 SetWindowRgn
0x416cfc GetMenuItemID
0x416d00 CreateWindowExW
0x416d04 GetClassInfoExW
0x416d08 CreateMenu
0x416d10 SendMessageW
0x416d14 GetWindowRect
0x416d18 AdjustWindowRectEx
0x416d1c DeferWindowPos
0x416d20 GetScrollInfo
0x416d24 SetScrollInfo
0x416d28 SetWindowPlacement
0x416d2c GetWindowPlacement
0x416d30 DefWindowProcW
0x416d34 CallWindowProcW
0x416d38 GetMenu
0x416d3c GetWindowLongW
0x416d40 SetWindowLongW
0x416d44 GetWindow
0x416d4c LoadBitmapW
0x416d50 GetFocus
0x416d54 ModifyMenuW
0x416d58 GetMenuState
0x416d5c EnableMenuItem
0x416d60 CheckMenuItem
0x416d64 EndPaint
0x416d68 BeginPaint
0x416d6c GetWindowDC
0x416d70 GrayStringW
0x416d74 DrawTextExW
0x416d78 TabbedTextOutW
0x416d7c GetKeyState
0x416d80 GetCursorPos
0x416d84 WindowFromPoint
0x416d88 IsWindowEnabled
0x416d8c DestroyMenu
0x416d90 AppendMenuW
0x416d94 GetMenuItemCount
0x416d98 DeleteMenu
0x416d9c GetSubMenu
0x416da0 SetCapture
0x416da4 ReleaseCapture
0x416da8 SetCursorPos
0x416dac DestroyCursor
0x416db0 TranslateMessage
0x416db4 GetMessageW
0x416db8 PostQuitMessage
0x416dbc MapDialogRect
0x416dc4 ShowOwnedPopups
0x416dc8 DrawStateW
0x416dd0 BringWindowToTop
0x416dd4 CreatePopupMenu
0x416dd8 InsertMenuItemW
0x416ddc LoadMenuW
0x416de0 IsRectEmpty
0x416de4 SetActiveWindow
0x416de8 SetForegroundWindow
0x416dec SetWindowPos
0x416df0 AttachThreadInput
0x416df8 GetForegroundWindow
0x416dfc KillTimer
0x416e00 SetTimer
0x416e04 IsIconic
0x416e08 RegisterClassW
0x416e0c LoadAcceleratorsW
0x416e10 LoadImageW
0x416e14 ReuseDDElParam
0x416e18 UnpackDDElParam
0x416e1c GetMenuItemInfoW
0x416e24 GetSysColorBrush
0x416e28 CopyImage
0x416e2c EnumDisplayMonitors
0x416e30 PtInRect
0x416e34 ScreenToClient
0x416e38 EnableWindow
0x416e3c GetParent
0x416e40 LoadStringW
0x416e44 wsprintfW
0x416e48 SetMenuItemInfoW
0x416e4c GetSystemMetrics
0x416e50 GetDC
0x416e54 ReleaseDC
0x416e58 GetClientRect
0x416e5c FillRect
0x416e60 SetCursor
0x416e64 LoadCursorW
0x416e68 IsWindowVisible
0x416e6c IsWindow
0x416e70 EqualRect
0x416e74 SetRectEmpty
0x416e78 LoadIconW
0x416e7c DestroyIcon
0x416e80 SetRect
0x416e84 InvalidateRect
0x416e88 GetSysColor
0x416e8c CopyRect
0x416e90 DrawIcon
0x416e94 UpdateWindow
0x416e98 DrawTextW
0x416e9c PostMessageW
0x416ea0 SetDlgItemTextW
0x416ea4 UnhookWindowsHookEx
0x416ea8 SetWindowsHookExW
0x416eac MessageBoxW
0x416eb0 FindWindowW
0x416eb4 GetClassInfoW
0x416eb8 GetUpdateRect
0x416ebc IsCharLowerW
0x416ec0 MapVirtualKeyExW
0x416ec4 SubtractRect
0x416ec8 EnumChildWindows
0x416ecc GetWindowRgn
0x416ed4 DrawMenuBar
0x416ed8 DefMDIChildProcW
0x416edc DefFrameProcW
0x416ee0 PostThreadMessageW
0x416ee4 CharUpperBuffW
0x416ee8 FrameRect
0x416ef0 GetDoubleClickTime
0x416ef4 CopyIcon
0x416ef8 EmptyClipboard
0x416efc CloseClipboard
0x416f00 SetClipboardData
0x416f04 OpenClipboard
0x416f08 GetIconInfo
0x416f0c HideCaret
0x416f10 InvertRect
0x416f14 LockWindowUpdate
0x416f1c GetKeyboardState
0x416f20 GetKeyboardLayout
0x416f24 ToUnicodeEx
0x416f28 SetClassLongW
0x416f30 SetParent
0x416f34 GetMenuDefaultItem
0x416f38 SetMenuDefaultItem
0x416f3c IsMenu
0x416f40 MonitorFromPoint
0x416f44 UpdateLayeredWindow
0x416f48 EnableScrollBar
0x416f4c UnionRect
0x416f54 UnregisterClassW
0x416f58 CharNextW
0x416f5c DrawEdge
0x416f60 DrawFrameControl
0x416f64 DrawFocusRect
0x416f68 DrawIconEx
0x416f6c WaitMessage
0x416f74 InvalidateRgn
0x416f78 GetNextDlgGroupItem
0x416f7c MessageBeep
0x416f80 GetSystemMenu
0x416f84 NotifyWinEvent
0x416f88 GetAsyncKeyState
0x416f8c IsZoomed
Library GDI32.dll:
0x416f94 FillPath
0x416f98 DeleteDC
0x416f9c EndPage
0x416fa0 EndPath
0x416fa8 DeleteEnhMetaFile
0x416fac CreateMetaFileA
0x416fb0 EndDoc
0x416fb4 CreateSolidBrush
0x416fb8 CloseMetaFile
0x416fbc DeleteColorSpace
0x416fc0 CreateMetaFileW
0x416fc4 CreateCompatibleDC
0x416fc8 CloseFigure
0x416fcc FlattenPath
0x416fd0 CreatePatternBrush
0x416fd4 DeleteObject
0x416fd8 DeleteMetaFile
0x416fdc GetStockObject
0x416fe0 RealizePalette
0x416fe4 GetColorSpace
0x416fe8 TextOutA
0x416fec PATHOBJ_vEnumStart
0x416ff0 GdiDllInitialize
0x416ff8 SaveDC
0x416ffc EnableEUDC
0x417000 EngLockSurface
0x417004 CreatePalette
0x417008 CloseEnhMetaFile
0x41700c GdiConvertRegion
0x417010 SetBrushOrgEx
0x417014 GdiDeleteLocalDC
0x417018 RestoreDC
0x41701c EngGradientFill
0x417020 SelectPalette
0x417028 PatBlt
0x41702c GdiIsMetaPrintDC
0x417030 EnumICMProfilesW
0x417034 Polygon
0x417038 PolyBezier
0x41703c CancelDC
0x417040 ScaleWindowExtEx
0x417044 ExtSelectClipRgn
0x417048 CreateBitmap
0x41704c GetObjectType
0x417050 CreatePen
0x417054 CreateHatchBrush
0x417058 CopyMetaFileW
0x41705c CreateDCW
0x417064 SetRectRgn
0x417068 CombineRgn
0x41706c GetMapMode
0x417070 DPtoLP
0x417074 CreateEllipticRgn
0x417078 LPtoDP
0x41707c Ellipse
0x417080 CreateDIBSection
0x417084 CreateDIBitmap
0x417088 GetTextMetricsW
0x41708c EnumFontFamiliesW
0x417090 GetTextCharsetInfo
0x417094 GetBkColor
0x417098 GetTextColor
0x41709c CreatePolygonRgn
0x4170a0 Polyline
0x4170a4 GetRgnBox
0x4170a8 SetWindowExtEx
0x4170ac GetViewportExtEx
0x4170b0 GetPaletteEntries
0x4170bc OffsetRgn
0x4170c0 Rectangle
0x4170c4 SetPixel
0x4170c8 SetDIBColorTable
0x4170cc EnumFontFamiliesExW
0x4170d0 ExtFloodFill
0x4170d4 ScaleViewportExtEx
0x4170d8 GetWindowOrgEx
0x4170dc GetViewportOrgEx
0x4170e0 PtInRegion
0x4170e4 FillRgn
0x4170e8 FrameRgn
0x4170ec GetBoundsRect
0x4170f0 GetTextFaceW
0x4170f4 SetPixelV
0x4170f8 OffsetWindowOrgEx
0x4170fc CreateRoundRectRgn
0x417100 SetWindowOrgEx
0x417104 CreateRectRgn
0x417108 SelectClipRgn
0x41710c SetLayout
0x417110 GetLayout
0x417114 SetTextAlign
0x417118 MoveToEx
0x41711c LineTo
0x417120 IntersectClipRect
0x417124 ExcludeClipRect
0x417128 GetClipBox
0x41712c SetMapMode
0x417130 SetTextColor
0x417134 SetROP2
0x417138 SetPolyFillMode
0x41713c SetBkMode
0x417140 SetBkColor
0x417144 SelectObject
0x417148 GetObjectW
0x417150 SetViewportExtEx
0x417154 OffsetViewportOrgEx
0x417158 SetViewportOrgEx
0x41715c Escape
0x417160 ExtTextOutW
0x417164 TextOutW
0x417168 RectVisible
0x41716c PtVisible
0x417170 GetPixel
0x417174 SetPaletteEntries
0x417178 GetWindowExtEx
0x41717c StretchBlt
0x417180 GetDeviceCaps
0x417184 BitBlt
0x41718c CreateFontIndirectW
Library COMDLG32.dll:
0x417194 GetFileTitleW
Library ADVAPI32.dll:
0x41719c GetUserNameA
0x4171a0 RegOpenKeyA
0x4171a4 RegQueryValueExA
0x4171b4 SetEntriesInAclW
0x4171bc OpenProcessToken
0x4171c4 FreeSid
0x4171c8 RegCreateKeyExW
0x4171cc RegSetValueExW
0x4171d0 RegOpenKeyExW
0x4171d4 RegQueryValueExW
0x4171d8 RegCloseKey
0x4171e0 RegQueryValueW
0x4171e4 RegEnumKeyW
0x4171e8 RegEnumKeyExW
0x4171ec RegEnumValueW
0x4171f0 RegDeleteKeyW
0x4171f4 RegDeleteValueW
0x4171f8 CredFree
0x4171fc CredGetTargetInfoW
Library SHELL32.dll:
0x41720c DragQueryFileAorW
0x417210 SHFileOperation
0x417214 SHGetFolderLocation
0x417218 SHLoadInProc
0x41721c ShellExecuteEx
0x417224 SHGetFileInfoW
0x417230 SHGetFileInfo
0x417234 SHGetDiskFreeSpaceA
0x417240 ShellAboutA
0x417244 WOWShellExecute
0x417248 SHFileOperationA
0x41724c SHBindToParent
0x417250 DuplicateIcon
0x417254 Shell_NotifyIconW
0x417258 DragQueryFileW
0x41725c SHBrowseForFolderW
0x417260 SHGetMalloc
0x417268 ShellExecuteW
0x41726c SHGetDesktopFolder
0x417270 SHAppBarMessage
0x417274 DragFinish
Library ole32.dll:
0x41727c CoUninitialize
0x417280 CoCreateInstanceEx
0x417284 CLSIDFromString
0x417288 ReleaseStgMedium
0x41728c CoInitializeEx
0x417294 CoRevokeClassObject
0x41729c OleGetClipboard
0x4172a0 RevokeDragDrop
0x4172a8 RegisterDragDrop
0x4172ac OleLockRunning
0x4172b0 IsAccelerator
0x4172bc DoDragDrop
0x4172c0 OleFlushClipboard
0x4172c8 OleInitialize
0x4172d0 OleUninitialize
0x4172e0 CoGetClassObject
0x4172e4 CoInitialize
0x4172e8 CLSIDFromProgID
0x4172ec CoCreateGuid
0x4172f0 CoCreateInstance
0x4172f4 OleDuplicateData
0x4172f8 CoTaskMemAlloc
0x4172fc CoTaskMemFree
Library SHLWAPI.dll:
0x41730c StrStrIW
0x417310 StrChrA
0x417314 StrRChrA
0x417318 StrStrA
0x41731c StrRChrIW
0x417320 StrChrIA
0x417324 StrRChrIA
0x417328 StrRStrIA
0x41732c PathStripToRootW
0x417330 PathFileExistsW
0x417334 PathIsUNCW
0x417338 PathRemoveFileSpecW
0x41733c PathFindExtensionW
0x417340 StrCmpW
0x417344 PathFindFileNameW
Library COMCTL32.dll:
0x417354 _TrackMouseEvent
Library IMM32.dll:
0x41735c ImmReleaseContext
0x417360 ImmGetContext
0x417364 ImmGetOpenStatus

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 51963 114.114.114.114 53
192.168.56.101 58367 114.114.114.114 53
192.168.56.101 60123 114.114.114.114 53
192.168.56.101 62912 114.114.114.114 53
192.168.56.101 63429 114.114.114.114 53
192.168.56.101 63497 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 123 20.189.79.72 time.windows.com 123
192.168.56.101 49235 224.0.0.252 5355
192.168.56.101 50002 224.0.0.252 5355
192.168.56.101 50534 224.0.0.252 5355
192.168.56.101 53657 224.0.0.252 5355
192.168.56.101 56539 224.0.0.252 5355
192.168.56.101 57756 224.0.0.252 5355
192.168.56.101 57874 224.0.0.252 5355
192.168.56.101 60215 224.0.0.252 5355
192.168.56.101 60384 224.0.0.252 5355
192.168.56.101 61680 224.0.0.252 5355
192.168.56.101 1900 239.255.255.250 1900

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.