11.0
0-day
56 个模型检测该样本为恶意!
重新分析
更多

7ff2908578c1928b92bc21a812246bc7e76d571f6f5282234ece68f472f01a46

7d30a3148b73d9782f8a7bb3d58c468d.exe

分析耗时

84s

最近分析

文件大小

589.5KB
静态报毒 动态报毒 100% AGEN AGENSLA AI SCORE=83 AIDETECTVM ALI2000015 ANDROM AVMC BTA8X9 CEEINJECT CLASSIC CONFIDENCE DELF DELFINJECT DELPHILESS ELKP ELNW FAREIT FORMBOOK GENETIC HACKTOOL HIGH CONFIDENCE HJDUDI IGENT KG0@A0CASDBI KIGM LOKIBOT MALWARE2 MALWARE@#3L79AW7C2V0Q8 PUTTY R + MAL SCORE STATIC AI SUSPICIOUS PE TRJGEN TSCOPE UNSAFE X2059 ZELPHIF 更多
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
Alibaba Trojan:Win32/DelfInject.ali2000015 20190527 0.3.0.5
CrowdStrike win/malicious_confidence_100% (W) 20190702 1.0
Avast Win32:Malware-gen 20201229 21.1.5827.0
Baidu 20190318 1.0.0.2
Kingsoft 20201229 2017.9.26.565
McAfee Fareit-FSK!7D30A3148B73 20201229 6.0.6.653
静态指标
Queries for the computername (3 个事件)
Time & API Arguments Status Return Repeated
1619678042.309375
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
1619678048.575375
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
1619678053.387375
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
Collects information to fingerprint the system (MachineGuid, DigitalProductId, SystemBiosDate) (1 个事件)
registry HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\MachineGuid
Tries to locate where the browsers are installed (1 个事件)
registry HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox
Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available (1 个事件)
Time & API Arguments Status Return Repeated
1619678040.466375
GlobalMemoryStatusEx
success 1 0
The executable contains unknown PE section names indicative of a packer (could be a false positive) (3 个事件)
section CODE
section DATA
section BSS
The executable uses a known packer (1 个事件)
packer BobSoft Mini Delphi -> BoB / BobSoft
One or more processes crashed (1 个事件)
Time & API Arguments Status Return Repeated
1619678038.622375
__exception__
stacktrace: 
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 49413952
registers.edi: 0
registers.eax: 0
registers.ebp: 49414024
registers.edx: 13
registers.ebx: 0
registers.esi: 0
registers.ecx: 622
exception.instruction_r: f7 f0 33 c0 5a 59 59 64 89 10 eb 66 e9 41 f1 fa
exception.symbol: 7d30a3148b73d9782f8a7bb3d58c468d+0x5441e
exception.instruction: div eax
exception.module: 7d30a3148b73d9782f8a7bb3d58c468d.exe
exception.exception_code: 0xc0000094
exception.offset: 345118
exception.address: 0x45441e
success 0 0
行为判定
动态指标
One or more potentially interesting buffers were extracted, these generally contain injected code, configuration data, etc.
Allocates read-write-execute memory (usually to unpack itself) (3 个事件)
Time & API Arguments Status Return Repeated
1619678038.528375
NtAllocateVirtualMemory
process_identifier: 2316
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x003e0000
success 0 0
1619678038.622375
NtAllocateVirtualMemory
process_identifier: 2316
region_size: 61440
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x005d0000
success 0 0
1619678038.637375
NtAllocateVirtualMemory
process_identifier: 2316
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x01e80000
success 0 0
Steals private information from local Internet browsers (19 个事件)
file C:\Users\Administrator.Oskar-PC\AppData\Local\Google\Chrome\User Data\Default\Login Data
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\Opera\Opera Next\data\User Data\Default\Login Data
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\Opera\Opera Next\data\User Data\Default\Web Data
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\Opera\Opera Next\data\Login Data
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\Opera\Opera Next\data\Default\Login Data
file C:\Users\Administrator.Oskar-PC\AppData\Local\Chromium\User Data\Default\Login Data
file C:\Users\Administrator.Oskar-PC\AppData\Local\Chromium\User Data\Default\Web Data
file C:\Users\Administrator.Oskar-PC\AppData\Local\MapleStudio\ChromePlus\User Data\Default\Web Data
file C:\Users\Administrator.Oskar-PC\AppData\LocalMapleStudio\ChromePlus\Login Data
file C:\Users\Administrator.Oskar-PC\AppData\LocalMapleStudio\ChromePlus\Default\Login Data
file C:\Users\Administrator.Oskar-PC\AppData\Local\MapleStudio\ChromePlus\User Data\Default\Login Data
file C:\Users\Administrator.Oskar-PC\AppData\Local\Nichrome\User Data\Default\Web Data
file C:\Users\Administrator.Oskar-PC\AppData\Local\Nichrome\User Data\Default\Login Data
file C:\Users\Administrator.Oskar-PC\AppData\Local\RockMelt\User Data\Default\Web Data
file C:\Users\Administrator.Oskar-PC\AppData\Local\RockMelt\User Data\Default\Login Data
file C:\Users\Administrator.Oskar-PC\AppData\Local\Yandex\YandexBrowser\User Data\Default\Login Data
file C:\Users\Administrator.Oskar-PC\AppData\Local\Yandex\YandexBrowser\User Data\Default\Web Data
registry HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\SeaMonkey
registry HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox
Moves the original executable to a new location (1 个事件)
Time & API Arguments Status Return Repeated
1619678053.294375
MoveFileWithProgressW
oldfilepath: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\7d30a3148b73d9782f8a7bb3d58c468d.exe
newfilepath: C:\Users\Administrator.Oskar-PC\AppData\Roaming\6ED2B0\0019EA.exe
newfilepath_r: C:\Users\Administrator.Oskar-PC\AppData\Roaming\6ED2B0\0019EA.exe
flags: 1
oldfilepath_r: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\7d30a3148b73d9782f8a7bb3d58c468d.exe
success 1 0
The binary likely contains encrypted or compressed data indicative of a packer (3 个事件)
entropy 7.677201593069892 section {'size_of_data': '0x00010000', 'virtual_address': '0x00055000', 'entropy': 7.677201593069892, 'name': 'DATA', 'virtual_size': '0x0000ff40'} description A section with a high entropy has been found
entropy 7.186082226682744 section {'size_of_data': '0x00027600', 'virtual_address': '0x00071000', 'entropy': 7.186082226682744, 'name': '.rsrc', 'virtual_size': '0x0002740c'} description A section with a high entropy has been found
entropy 0.37638062871707734 description Overall entropy of this PE file is high
Checks for the Locally Unique Identifier on the system for a suspicious privilege (1 个事件)
Time & API Arguments Status Return Repeated
1619678048.450375
LookupPrivilegeValueW
system_name:
privilege_name: SeDebugPrivilege
success 1 0
网络通信
Communicates with host for which no DNS query was performed (1 个事件)
host 172.217.24.14
Harvests credentials from local FTP client softwares (22 个事件)
file C:\Program Files (x86)\FTPGetter\Profile\servers.xml
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\FTPGetter\servers.xml
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\Estsoft\ALFTP\ESTdb2.dat
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\wcx_ftp.ini
file C:\Windows\wcx_ftp.ini
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\GHISLER\wcx_ftp.ini
file C:\Users\Administrator.Oskar-PC\wcx_ftp.ini
file C:\Windows\32BitFtp.ini
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\FileZilla\sitemanager.xml
file C:\Program Files (x86)\FileZilla\Filezilla.xml
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\FileZilla\filezilla.xml
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\FileZilla\recentservers.xml
registry HKEY_CURRENT_USER\Software\Far\Plugins\FTP\Hosts
registry HKEY_CURRENT_USER\Software\Far2\Plugins\FTP\Hosts
registry HKEY_CURRENT_USER\Software\Ghisler\Total Commander
registry HKEY_CURRENT_USER\Software\VanDyke\SecureFX
registry HKEY_CURRENT_USER\Software\LinasFTP\Site Manager
registry HKEY_CURRENT_USER\Software\FlashPeak\BlazeFtp\Settings
registry HKEY_CURRENT_USER\Software\SimonTatham\PuTTY\Sessions
registry HKEY_LOCAL_MACHINE\Software\SimonTatham\PuTTY\Sessions
registry HKEY_CURRENT_USER\Software\Martin Prikryl
registry HKEY_LOCAL_MACHINE\Software\Martin Prikryl
Harvests information related to installed instant messenger clients (1 个事件)
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\.purple\accounts.xml
Harvests credentials from local email clients (3 个事件)
registry HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook
registry HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Thunderbird
registry HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook
Used NtSetContextThread to modify a thread in a remote process indicative of process injection (2 个事件)
Process injection Process 2316 called NtSetContextThread to modify thread in remote process 912
Time & API Arguments Status Return Repeated
1619678039.184375
NtSetContextThread
thread_handle: 0x000000fc
registers.eip: 0
registers.esp: 0
registers.edi: 0
registers.eax: 4274654
registers.ebp: 0
registers.edx: 0
registers.ebx: 2130567168
registers.esi: 0
registers.ecx: 0
process_identifier: 912
success 0 0
Putty Files, Registry Keys and/or Mutexes Detected
Resumed a suspended thread in a remote process potentially indicative of process injection (2 个事件)
Process injection Process 2316 resumed a thread in remote process 912
Time & API Arguments Status Return Repeated
1619678039.606375
NtResumeThread
thread_handle: 0x000000fc
suspend_count: 1
process_identifier: 912
success 0 0
Generates some ICMP traffic
Executed a process and injected code into it, probably while unpacking (7 个事件)
Time & API Arguments Status Return Repeated
1619678039.028375
CreateProcessInternalW
thread_identifier: 3064
thread_handle: 0x000000fc
process_identifier: 912
current_directory:
filepath:
track: 1
command_line: "C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\7d30a3148b73d9782f8a7bb3d58c468d.exe"
filepath_r:
stack_pivoted: 0
creation_flags: 4 (CREATE_SUSPENDED)
process_handle: 0x00000100
inherit_handles: 0
success 1 0
1619678039.028375
NtUnmapViewOfSection
process_identifier: 912
region_size: 4096
process_handle: 0x00000100
base_address: 0x00400000
success 0 0
1619678039.122375
NtMapViewOfSection
section_handle: 0x00000108
process_identifier: 912
commit_size: 663552
win32_protect: 64 (PAGE_EXECUTE_READWRITE)
buffer:
process_handle: 0x00000100
allocation_type: 0 ()
section_offset: 0
view_size: 663552
base_address: 0x00400000
success 0 0
1619678039.184375
NtGetContextThread
thread_handle: 0x000000fc
success 0 0
1619678039.184375
NtSetContextThread
thread_handle: 0x000000fc
registers.eip: 0
registers.esp: 0
registers.edi: 0
registers.eax: 4274654
registers.ebp: 0
registers.edx: 0
registers.ebx: 2130567168
registers.esi: 0
registers.ecx: 0
process_identifier: 912
success 0 0
1619678039.606375
NtResumeThread
thread_handle: 0x000000fc
suspend_count: 1
process_identifier: 912
success 0 0
1619678040.981375
NtResumeThread
thread_handle: 0x00000110
suspend_count: 1
process_identifier: 912
success 0 0
File has been identified by 56 AntiVirus engines on VirusTotal as malicious (50 out of 56 个事件)
Bkav W32.AIDetectVM.malware2
Elastic malicious (high confidence)
DrWeb Trojan.PWS.Stealer.28391
MicroWorld-eScan Trojan.Delf.FareIt.Gen.13
FireEye Generic.mg.7d30a3148b73d978
ALYac Spyware.LokiBot
Cylance Unsafe
Sangfor Malware
K7AntiVirus Trojan ( 00564fdd1 )
Alibaba Trojan:Win32/DelfInject.ali2000015
K7GW Trojan ( 00564fdd1 )
CrowdStrike win/malicious_confidence_100% (W)
Arcabit Trojan.Delf.FareIt.Gen.13
BitDefenderTheta Gen:NN.ZelphiF.34700.KG0@a0casDbi
Cyren W32/Trojan.KIGM-3551
Symantec Trojan Horse
ESET-NOD32 a variant of Win32/Injector.ELNW
APEX Malicious
Avast Win32:Malware-gen
Cynet Malicious (score: 100)
Kaspersky HEUR:Trojan-PSW.Win32.Agensla.gen
BitDefender Trojan.Delf.FareIt.Gen.13
NANO-Antivirus Trojan.Win32.TrjGen.hjdudi
Paloalto generic.ml
AegisLab Trojan.Multi.Generic.4!c
Ad-Aware Trojan.Delf.FareIt.Gen.13
Emsisoft Trojan.Delf.FareIt.Gen.13 (B)
Comodo Malware@#3l79aw7c2v0q8
F-Secure Heuristic.HEUR/AGEN.1136310
VIPRE Trojan.Win32.Generic!BT
McAfee-GW-Edition BehavesLike.Win32.Fareit.hc
Sophos Mal/Generic-R + Mal/Fareit-AA
Ikarus Trojan.Inject
Jiangmin Backdoor.Androm.avmc
Webroot W32.Trojan.Gen
Avira HEUR/AGEN.1136310
Antiy-AVL HackTool[VirTool]/Win32.Ceeinject
Gridinsoft Trojan.Win32.Gen.ba!s1
Microsoft Trojan:Win32/FormBook.BX!MTB
ZoneAlarm HEUR:Trojan-PSW.Win32.Agensla.gen
GData Trojan.Delf.FareIt.Gen.13
AhnLab-V3 Suspicious/Win.Delphiless.X2059
Acronis suspicious
McAfee Fareit-FSK!7D30A3148B73
MAX malware (ai score=83)
VBA32 TScope.Trojan.Delf
Malwarebytes Trojan.MalPack.DLF.Generic
Rising Trojan.Injector!1.C561 (CLASSIC)
Yandex Trojan.Igent.bTA8x9.66
SentinelOne Static AI - Suspicious PE
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

1992-06-20 06:22:17

Imports

Library kernel32.dll:
0x46613c VirtualFree
0x466140 VirtualAlloc
0x466144 LocalFree
0x466148 LocalAlloc
0x46614c GetVersion
0x466150 GetCurrentThreadId
0x46615c VirtualQuery
0x466160 WideCharToMultiByte
0x466164 MultiByteToWideChar
0x466168 lstrlenA
0x46616c lstrcpynA
0x466170 LoadLibraryExA
0x466174 GetThreadLocale
0x466178 GetStartupInfoA
0x46617c GetProcAddress
0x466180 GetModuleHandleA
0x466184 GetModuleFileNameA
0x466188 GetLocaleInfoA
0x46618c GetCommandLineA
0x466190 FreeLibrary
0x466194 FindFirstFileA
0x466198 FindClose
0x46619c ExitProcess
0x4661a0 WriteFile
0x4661a8 RtlUnwind
0x4661ac RaiseException
0x4661b0 GetStdHandle
Library user32.dll:
0x4661b8 GetKeyboardType
0x4661bc LoadStringA
0x4661c0 MessageBoxA
0x4661c4 CharNextA
Library advapi32.dll:
0x4661cc RegQueryValueExA
0x4661d0 RegOpenKeyExA
0x4661d4 RegCloseKey
Library oleaut32.dll:
0x4661dc SysFreeString
0x4661e0 SysReAllocStringLen
0x4661e4 SysAllocStringLen
Library kernel32.dll:
0x4661ec TlsSetValue
0x4661f0 TlsGetValue
0x4661f4 LocalAlloc
0x4661f8 GetModuleHandleA
Library advapi32.dll:
0x466200 RegQueryValueExA
0x466204 RegOpenKeyExA
0x466208 RegCloseKey
Library kernel32.dll:
0x466210 lstrcpyA
0x466214 WriteFile
0x46621c WaitForSingleObject
0x466220 VirtualQuery
0x466224 VirtualAlloc
0x466228 Sleep
0x46622c SizeofResource
0x466230 SetThreadLocale
0x466234 SetFilePointer
0x466238 SetEvent
0x46623c SetErrorMode
0x466240 SetEndOfFile
0x466244 ResetEvent
0x466248 ReadFile
0x46624c MulDiv
0x466250 LockResource
0x466254 LoadResource
0x466258 LoadLibraryA
0x466264 GlobalUnlock
0x466268 GlobalReAlloc
0x46626c GlobalHandle
0x466270 GlobalLock
0x466274 GlobalFree
0x466278 GlobalFindAtomA
0x46627c GlobalDeleteAtom
0x466280 GlobalAlloc
0x466284 GlobalAddAtomA
0x466288 GetVersionExA
0x46628c GetVersion
0x466290 GetTickCount
0x466294 GetThreadLocale
0x46629c GetSystemTime
0x4662a0 GetSystemInfo
0x4662a4 GetStringTypeExA
0x4662a8 GetStdHandle
0x4662ac GetProcAddress
0x4662b0 GetModuleHandleA
0x4662b4 GetModuleFileNameA
0x4662b8 GetLocaleInfoA
0x4662bc GetLocalTime
0x4662c0 GetLastError
0x4662c4 GetFullPathNameA
0x4662c8 GetFileType
0x4662cc GetDiskFreeSpaceA
0x4662d0 GetDateFormatA
0x4662d4 GetCurrentThreadId
0x4662d8 GetCurrentProcessId
0x4662dc GetCPInfo
0x4662e0 GetACP
0x4662e4 FreeResource
0x4662e8 InterlockedExchange
0x4662ec FreeLibrary
0x4662f0 FormatMessageA
0x4662f4 FindResourceA
0x4662fc ExitThread
0x466300 EnumCalendarInfoA
0x46630c CreateThread
0x466310 CreateFileA
0x466314 CreateEventA
0x466318 CompareStringA
0x46631c CloseHandle
Library version.dll:
0x466324 VerQueryValueA
0x46632c GetFileVersionInfoA
Library gdi32.dll:
0x466334 UnrealizeObject
0x466338 StretchBlt
0x46633c SetWindowOrgEx
0x466340 SetViewportOrgEx
0x466344 SetTextColor
0x466348 SetStretchBltMode
0x46634c SetROP2
0x466350 SetPixel
0x466354 SetDIBColorTable
0x466358 SetBrushOrgEx
0x46635c SetBkMode
0x466360 SetBkColor
0x466364 SelectPalette
0x466368 SelectObject
0x46636c SaveDC
0x466370 RestoreDC
0x466374 RectVisible
0x466378 RealizePalette
0x46637c PatBlt
0x466380 MoveToEx
0x466384 MaskBlt
0x466388 LineTo
0x46638c IntersectClipRect
0x466390 GetWindowOrgEx
0x466394 GetTextMetricsA
0x4663a0 GetStockObject
0x4663a4 GetPixel
0x4663a8 GetPaletteEntries
0x4663ac GetObjectA
0x4663b0 GetDeviceCaps
0x4663b4 GetDIBits
0x4663b8 GetDIBColorTable
0x4663bc GetDCOrgEx
0x4663c4 GetClipBox
0x4663c8 GetBrushOrgEx
0x4663cc GetBitmapBits
0x4663d0 ExcludeClipRect
0x4663d4 DeleteObject
0x4663d8 DeleteDC
0x4663dc CreateSolidBrush
0x4663e0 CreatePenIndirect
0x4663e4 CreatePalette
0x4663ec CreateFontIndirectA
0x4663f0 CreateDIBitmap
0x4663f4 CreateDIBSection
0x4663f8 CreateCompatibleDC
0x466400 CreateBrushIndirect
0x466404 CreateBitmap
0x466408 BitBlt
Library user32.dll:
0x466410 CreateWindowExA
0x466414 WindowFromPoint
0x466418 WinHelpA
0x46641c WaitMessage
0x466420 UpdateWindow
0x466424 UnregisterClassA
0x466428 UnhookWindowsHookEx
0x46642c TranslateMessage
0x466434 TrackPopupMenu
0x46643c ShowWindow
0x466440 ShowScrollBar
0x466444 ShowOwnedPopups
0x466448 ShowCursor
0x46644c SetWindowsHookExA
0x466450 SetWindowTextA
0x466454 SetWindowPos
0x466458 SetWindowPlacement
0x46645c SetWindowLongA
0x466460 SetTimer
0x466464 SetScrollRange
0x466468 SetScrollPos
0x46646c SetScrollInfo
0x466470 SetRect
0x466474 SetPropA
0x466478 SetParent
0x46647c SetMenuItemInfoA
0x466480 SetMenu
0x466484 SetForegroundWindow
0x466488 SetFocus
0x46648c SetCursor
0x466490 SetClassLongA
0x466494 SetCapture
0x466498 SetActiveWindow
0x46649c SendMessageA
0x4664a0 ScrollWindow
0x4664a4 ScreenToClient
0x4664a8 RemovePropA
0x4664ac RemoveMenu
0x4664b0 ReleaseDC
0x4664b4 ReleaseCapture
0x4664c0 RegisterClassA
0x4664c4 RedrawWindow
0x4664c8 PtInRect
0x4664cc PostQuitMessage
0x4664d0 PostMessageA
0x4664d4 PeekMessageA
0x4664d8 OffsetRect
0x4664dc OemToCharA
0x4664e0 MessageBoxA
0x4664e4 MessageBeep
0x4664e8 MapWindowPoints
0x4664ec MapVirtualKeyA
0x4664f0 LoadStringA
0x4664f4 LoadKeyboardLayoutA
0x4664f8 LoadIconA
0x4664fc LoadCursorA
0x466500 LoadBitmapA
0x466504 KillTimer
0x466508 IsZoomed
0x46650c IsWindowVisible
0x466510 IsWindowEnabled
0x466514 IsWindow
0x466518 IsRectEmpty
0x46651c IsIconic
0x466520 IsDialogMessageA
0x466524 IsChild
0x466528 InvalidateRect
0x46652c IntersectRect
0x466530 InsertMenuItemA
0x466534 InsertMenuA
0x466538 InflateRect
0x466540 GetWindowTextA
0x466544 GetWindowRect
0x466548 GetWindowPlacement
0x46654c GetWindowLongA
0x466550 GetWindowDC
0x466554 GetTopWindow
0x466558 GetSystemMetrics
0x46655c GetSystemMenu
0x466560 GetSysColorBrush
0x466564 GetSysColor
0x466568 GetSubMenu
0x46656c GetScrollRange
0x466570 GetScrollPos
0x466574 GetScrollInfo
0x466578 GetPropA
0x46657c GetParent
0x466580 GetWindow
0x466584 GetMenuStringA
0x466588 GetMenuState
0x46658c GetMenuItemInfoA
0x466590 GetMenuItemID
0x466594 GetMenuItemCount
0x466598 GetMenu
0x46659c GetLastActivePopup
0x4665a0 GetKeyboardState
0x4665a8 GetKeyboardLayout
0x4665ac GetKeyState
0x4665b0 GetKeyNameTextA
0x4665b4 GetIconInfo
0x4665b8 GetForegroundWindow
0x4665bc GetFocus
0x4665c0 GetDesktopWindow
0x4665c4 GetDCEx
0x4665c8 GetDC
0x4665cc GetCursorPos
0x4665d0 GetCursor
0x4665d4 GetClientRect
0x4665d8 GetClassNameA
0x4665dc GetClassInfoA
0x4665e0 GetCapture
0x4665e4 GetActiveWindow
0x4665e8 FrameRect
0x4665ec FindWindowA
0x4665f0 FillRect
0x4665f4 EqualRect
0x4665f8 EnumWindows
0x4665fc EnumThreadWindows
0x466600 EndPaint
0x466604 EnableWindow
0x466608 EnableScrollBar
0x46660c EnableMenuItem
0x466610 DrawTextA
0x466614 DrawMenuBar
0x466618 DrawIconEx
0x46661c DrawIcon
0x466620 DrawFrameControl
0x466624 DrawFocusRect
0x466628 DrawEdge
0x46662c DispatchMessageA
0x466630 DestroyWindow
0x466634 DestroyMenu
0x466638 DestroyIcon
0x46663c DestroyCursor
0x466640 DeleteMenu
0x466644 DefWindowProcA
0x466648 DefMDIChildProcA
0x46664c DefFrameProcA
0x466650 CreatePopupMenu
0x466654 CreateMenu
0x466658 CreateIcon
0x46665c ClientToScreen
0x466660 CheckMenuItem
0x466664 CallWindowProcA
0x466668 CallNextHookEx
0x46666c BringWindowToTop
0x466670 BeginPaint
0x466674 CharNextA
0x466678 CharLowerA
0x46667c CharToOemA
0x466680 AdjustWindowRectEx
Library kernel32.dll:
0x46668c Sleep
Library oleaut32.dll:
0x466694 SafeArrayPtrOfIndex
0x466698 SafeArrayGetUBound
0x46669c SafeArrayGetLBound
0x4666a0 SafeArrayCreate
0x4666a4 VariantChangeType
0x4666a8 VariantCopy
0x4666ac VariantClear
0x4666b0 VariantInit
Library comctl32.dll:
0x4666c0 ImageList_Write
0x4666c4 ImageList_Read
0x4666d4 ImageList_DragMove
0x4666d8 ImageList_DragLeave
0x4666dc ImageList_DragEnter
0x4666e0 ImageList_EndDrag
0x4666e4 ImageList_BeginDrag
0x4666e8 ImageList_Remove
0x4666ec ImageList_DrawEx
0x4666f0 ImageList_Replace
0x4666f4 ImageList_Draw
0x466704 ImageList_Add
0x46670c ImageList_Destroy
0x466710 ImageList_Create
Library comdlg32.dll:
0x466718 ReplaceTextA
0x46671c FindTextA

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 50534 114.114.114.114 53
192.168.56.101 51963 114.114.114.114 53
192.168.56.101 60123 114.114.114.114 53
192.168.56.101 65004 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 49235 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 62191 224.0.0.252 5355
192.168.56.101 63429 224.0.0.252 5355
192.168.56.101 1900 239.255.255.250 1900
192.168.56.101 56807 239.255.255.250 1900
192.168.56.101 58707 239.255.255.250 3702
192.168.56.101 62192 239.255.255.250 3702
192.168.56.101 65005 239.255.255.250 3702
192.168.56.101 65007 239.255.255.250 3702
192.168.56.101 50534 8.8.8.8 53

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.