11.2
0-day
59 个模型检测该样本为恶意!
重新分析
更多

210560d23e3c023c90bd24ed0d76c68732dc267277fc6adcc3c991cb611bb06a

7e1a3a4437986a8441db79ed61598a5b.exe

分析耗时

83s

最近分析

文件大小

537.0KB
静态报毒 动态报毒 100% AI SCORE=80 AIDETECTVM AIIK ALI2000015 ATTRIBUTE AUTOIT BT8MOG CLASSIC CONFIDENCE CRYPTERX DELF DELFINJECT DELPHILESS DOWNLOADER34 EMOY EMSE FAREIT HGW@A8DPATMI HIGH CONFIDENCE HIGHCONFIDENCE HONPRS IGENT IZYH KCLOUD KRYPTIK LOKI MALWARE2 MALWARE@#3NMELTID1PS9Q REMCOS SCORE SMAD1 STATIC AI SUSGEN SUSPICIOUS PE TOIKF TSCOPE UNSAFE X2094 ZELPHIF ZUSY 更多
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
McAfee Fareit-FVZ!7E1A3A443798 20201228 6.0.6.653
Alibaba Trojan:Win32/DelfInject.ali2000015 20190527 0.3.0.5
Avast Win32:CrypterX-gen [Trj] 20201228 21.1.5827.0
Baidu 20190318 1.0.0.2
Kingsoft Win32.Troj.Undef.(kcloud) 20201228 2017.9.26.565
Tencent Win32.Trojan.Kryptik.Aiik 20201228 1.0.0.1
CrowdStrike win/malicious_confidence_100% (W) 20190702 1.0
静态指标
Command line console output was observed (22 个事件)
Time & API Arguments Status Return Repeated
1619681270.780626
WriteConsoleW
buffer: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp>
console_handle: 0x00000007
success 1 0
1619681270.795626
WriteConsoleW
buffer: PING
console_handle: 0x00000007
success 1 0
1619681270.811626
WriteConsoleW
buffer: 127.0.0.1 -n 2
console_handle: 0x00000007
success 1 0
1619681273.498626
WriteConsoleW
buffer: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp>
console_handle: 0x00000007
success 1 0
1619681273.514626
WriteConsoleW
buffer: start
console_handle: 0x00000007
success 1 0
1619681273.514626
WriteConsoleW
buffer: "" "C:\Users\Administrator.Oskar-PC\AppData\Roaming\gosh\gosh.exe"
console_handle: 0x00000007
success 1 0
1619681276.342626
WriteConsoleW
buffer: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp>
console_handle: 0x00000007
success 1 0
1619681276.342626
WriteConsoleW
buffer: del
console_handle: 0x00000007
success 1 0
1619681276.358626
WriteConsoleW
buffer: "C:\Users\ADMINI~1.OSK\AppData\Local\Temp\install.bat"
console_handle: 0x00000007
success 1 0
1619681276.483626
WriteConsoleW
buffer: 找不到批处理文件。
console_handle: 0x0000000b
success 1 0
1619681271.530501
WriteConsoleA
buffer: ÕýÔÚ Ping 127.0.0.1
console_handle: 0x00000007
success 1 0
1619681271.530501
WriteConsoleA
buffer: ¾ßÓÐ 32 ×Ö½ÚµÄÊý¾Ý:
console_handle: 0x00000007
success 1 0
1619681271.545501
WriteConsoleA
buffer: À´×Ô 127.0.0.1 µÄ»Ø¸´:
console_handle: 0x00000007
success 1 0
1619681271.545501
WriteConsoleA
buffer: ×Ö½Ú=32
console_handle: 0x00000007
success 1 0
1619681271.545501
WriteConsoleA
buffer: ʱ¼ä<1ms
console_handle: 0x00000007
success 1 0
1619681271.545501
WriteConsoleA
buffer: TTL=128
console_handle: 0x00000007
success 1 0
1619681272.576501
WriteConsoleA
buffer: À´×Ô 127.0.0.1 µÄ»Ø¸´:
console_handle: 0x00000007
success 1 0
1619681272.576501
WriteConsoleA
buffer: ×Ö½Ú=32
console_handle: 0x00000007
success 1 0
1619681272.576501
WriteConsoleA
buffer: ʱ¼ä<1ms
console_handle: 0x00000007
success 1 0
1619681272.592501
WriteConsoleA
buffer: TTL=128
console_handle: 0x00000007
success 1 0
1619681272.592501
WriteConsoleA
buffer: 127.0.0.1 µÄ Ping ͳ¼ÆÐÅÏ¢: Êý¾Ý°ü: ÒÑ·¢ËÍ = 2£¬ÒѽÓÊÕ = 2£¬¶ªÊ§ = 0 (0% ¶ªÊ§)£¬
console_handle: 0x00000007
success 1 0
1619681272.608501
WriteConsoleA
buffer: Íù·µÐг̵ĹÀ¼Æʱ¼ä(ÒÔºÁÃëΪµ¥Î»): ×î¶Ì = 0ms£¬× = 0ms£¬Æ½¾ù = 0ms
console_handle: 0x00000007
success 1 0
Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available (1 个事件)
Time & API Arguments Status Return Repeated
1619681271.451501
GlobalMemoryStatusEx
success 1 0
The executable contains unknown PE section names indicative of a packer (could be a false positive) (3 个事件)
section CODE
section DATA
section BSS
The executable uses a known packer (1 个事件)
packer BobSoft Mini Delphi -> BoB / BobSoft
行为判定
动态指标
One or more potentially interesting buffers were extracted, these generally contain injected code, configuration data, etc.
Allocates read-write-execute memory (usually to unpack itself) (8 个事件)
Time & API Arguments Status Return Repeated
1619649228.744503
NtAllocateVirtualMemory
process_identifier: 2116
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x003d0000
success 0 0
1619649228.901503
NtProtectVirtualMemory
process_identifier: 2116
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 36864
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00461000
success 0 0
1619649228.916503
NtAllocateVirtualMemory
process_identifier: 2116
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x01f30000
success 0 0
1619681269.014876
NtProtectVirtualMemory
process_identifier: 2420
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00400000
success 0 0
1619681274.592499
NtAllocateVirtualMemory
process_identifier: 3120
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00560000
success 0 0
1619681274.623499
NtProtectVirtualMemory
process_identifier: 3120
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 36864
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00461000
success 0 0
1619681274.623499
NtAllocateVirtualMemory
process_identifier: 3120
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x01e60000
success 0 0
1619681275.983876
NtProtectVirtualMemory
process_identifier: 3192
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00400000
success 0 0
A process attempted to delay the analysis task. (1 个事件)
description gosh.exe tried to sleep 159 seconds, actually delayed analysis time by 159 seconds
Creates executable files on the filesystem (1 个事件)
file C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\install.bat
Drops a binary and executes it (1 个事件)
file C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\install.bat
A process created a hidden window (1 个事件)
Time & API Arguments Status Return Repeated
1619681269.905876
ShellExecuteExW
parameters:
filepath: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\install.bat
filepath_r: C:\Users\ADMINI~1.OSK\AppData\Local\Temp\install.bat
show_type: 0
success 1 0
Uses Windows utilities for basic Windows functionality (1 个事件)
cmdline PING 127.0.0.1 -n 2
网络通信
Communicates with host for which no DNS query was performed (2 个事件)
host 172.217.24.14
host 185.165.153.15
Installs itself for autorun at Windows startup (2 个事件)
reg_key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\remcos reg_value "C:\Users\Administrator.Oskar-PC\AppData\Roaming\gosh\gosh.exe"
reg_key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\remcos reg_value "C:\Users\Administrator.Oskar-PC\AppData\Roaming\gosh\gosh.exe"
Creates a windows hook that monitors keyboard input (keylogger) (1 个事件)
Time & API Arguments Status Return Repeated
1619681276.233876
SetWindowsHookExA
thread_identifier: 0
callback_function: 0x0040385c
module_address: 0x00400000
hook_identifier: 13 (WH_KEYBOARD_LL)
success 393701 0
Used NtSetContextThread to modify a thread in a remote process indicative of process injection (4 个事件)
Process injection Process 2116 called NtSetContextThread to modify thread in remote process 2420
Process injection Process 3120 called NtSetContextThread to modify thread in remote process 3192
Time & API Arguments Status Return Repeated
1619649229.307503
NtSetContextThread
thread_handle: 0x00000100
registers.eip: 0
registers.esp: 0
registers.edi: 0
registers.eax: 4289260
registers.ebp: 0
registers.edx: 0
registers.ebx: 2130567168
registers.esi: 0
registers.ecx: 0
process_identifier: 2420
success 0 0
1619681275.264499
NtSetContextThread
thread_handle: 0x00000100
registers.eip: 0
registers.esp: 0
registers.edi: 0
registers.eax: 4289260
registers.ebp: 0
registers.edx: 0
registers.ebx: 2130567168
registers.esi: 0
registers.ecx: 0
process_identifier: 3192
success 0 0
Resumed a suspended thread in a remote process potentially indicative of process injection (6 个事件)
Process injection Process 2116 resumed a thread in remote process 2420
Process injection Process 944 resumed a thread in remote process 3120
Process injection Process 3120 resumed a thread in remote process 3192
Time & API Arguments Status Return Repeated
1619649229.713503
NtResumeThread
thread_handle: 0x00000100
suspend_count: 1
process_identifier: 2420
success 0 0
1619681276.326626
NtResumeThread
thread_handle: 0x00000080
suspend_count: 0
process_identifier: 3120
success 0 0
1619681275.639499
NtResumeThread
thread_handle: 0x00000100
suspend_count: 1
process_identifier: 3192
success 0 0
Generates some ICMP traffic
Executed a process and injected code into it, probably while unpacking (17 个事件)
Time & API Arguments Status Return Repeated
1619649229.291503
CreateProcessInternalW
thread_identifier: 2104
thread_handle: 0x00000100
process_identifier: 2420
current_directory:
filepath:
track: 1
command_line: "C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\7e1a3a4437986a8441db79ed61598a5b.exe"
filepath_r:
stack_pivoted: 0
creation_flags: 4 (CREATE_SUSPENDED)
process_handle: 0x00000104
inherit_handles: 0
success 1 0
1619649229.291503
NtUnmapViewOfSection
process_identifier: 2420
region_size: 4096
process_handle: 0x00000104
base_address: 0x00400000
success 0 0
1619649229.291503
NtMapViewOfSection
section_handle: 0x0000010c
process_identifier: 2420
commit_size: 102400
win32_protect: 64 (PAGE_EXECUTE_READWRITE)
buffer:
process_handle: 0x00000104
allocation_type: 0 ()
section_offset: 0
view_size: 102400
base_address: 0x00400000
success 0 0
1619649229.307503
NtGetContextThread
thread_handle: 0x00000100
success 0 0
1619649229.307503
NtSetContextThread
thread_handle: 0x00000100
registers.eip: 0
registers.esp: 0
registers.edi: 0
registers.eax: 4289260
registers.ebp: 0
registers.edx: 0
registers.ebx: 2130567168
registers.esi: 0
registers.ecx: 0
process_identifier: 2420
success 0 0
1619649229.713503
NtResumeThread
thread_handle: 0x00000100
suspend_count: 1
process_identifier: 2420
success 0 0
1619681269.905876
CreateProcessInternalW
thread_identifier: 2620
thread_handle: 0x00000160
process_identifier: 944
current_directory: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp
filepath:
track: 1
command_line: "C:\Users\ADMINI~1.OSK\AppData\Local\Temp\install.bat"
filepath_r:
stack_pivoted: 0
creation_flags: 67634192 (CREATE_DEFAULT_ERROR_MODE|CREATE_NEW_CONSOLE|CREATE_UNICODE_ENVIRONMENT|EXTENDED_STARTUPINFO_PRESENT)
process_handle: 0x00000224
inherit_handles: 0
success 1 0
1619681271.076626
CreateProcessInternalW
thread_identifier: 152
thread_handle: 0x00000084
process_identifier: 368
current_directory: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp
filepath: C:\Windows\System32\PING.EXE
track: 1
command_line: PING 127.0.0.1 -n 2
filepath_r: C:\Windows\system32\PING.EXE
stack_pivoted: 0
creation_flags: 524288 (EXTENDED_STARTUPINFO_PRESENT)
process_handle: 0x00000080
inherit_handles: 1
success 1 0
1619681273.905626
CreateProcessInternalW
thread_identifier: 3124
thread_handle: 0x00000080
process_identifier: 3120
current_directory:
filepath: C:\Users\Administrator.Oskar-PC\AppData\Roaming\gosh\gosh.exe
track: 1
command_line: "C:\Users\Administrator.Oskar-PC\AppData\Roaming\gosh\gosh.exe"
filepath_r: C:\Users\Administrator.Oskar-PC\AppData\Roaming\gosh\gosh.exe
stack_pivoted: 0
creation_flags: 525328 (CREATE_NEW_CONSOLE|CREATE_UNICODE_ENVIRONMENT|EXTENDED_STARTUPINFO_PRESENT)
process_handle: 0x00000084
inherit_handles: 1
success 1 0
1619681276.326626
NtResumeThread
thread_handle: 0x00000080
suspend_count: 0
process_identifier: 3120
success 0 0
1619681271.483501
NtResumeThread
thread_handle: 0x000000d8
suspend_count: 1
process_identifier: 368
success 0 0
1619681275.264499
CreateProcessInternalW
thread_identifier: 3196
thread_handle: 0x00000100
process_identifier: 3192
current_directory:
filepath:
track: 1
command_line: "C:\Users\Administrator.Oskar-PC\AppData\Roaming\gosh\gosh.exe"
filepath_r:
stack_pivoted: 0
creation_flags: 4 (CREATE_SUSPENDED)
process_handle: 0x00000104
inherit_handles: 0
success 1 0
1619681275.264499
NtUnmapViewOfSection
process_identifier: 3192
region_size: 4096
process_handle: 0x00000104
base_address: 0x00400000
success 0 0
1619681275.264499
NtMapViewOfSection
section_handle: 0x0000010c
process_identifier: 3192
commit_size: 102400
win32_protect: 64 (PAGE_EXECUTE_READWRITE)
buffer:
process_handle: 0x00000104
allocation_type: 0 ()
section_offset: 0
view_size: 102400
base_address: 0x00400000
success 0 0
1619681275.264499
NtGetContextThread
thread_handle: 0x00000100
success 0 0
1619681275.264499
NtSetContextThread
thread_handle: 0x00000100
registers.eip: 0
registers.esp: 0
registers.edi: 0
registers.eax: 4289260
registers.ebp: 0
registers.edx: 0
registers.ebx: 2130567168
registers.esi: 0
registers.ecx: 0
process_identifier: 3192
success 0 0
1619681275.639499
NtResumeThread
thread_handle: 0x00000100
suspend_count: 1
process_identifier: 3192
success 0 0
File has been identified by 59 AntiVirus engines on VirusTotal as malicious (50 out of 59 个事件)
Bkav W32.AIDetectVM.malware2
Elastic malicious (high confidence)
DrWeb Trojan.DownLoader34.24775
MicroWorld-eScan Gen:Variant.Zusy.309771
FireEye Generic.mg.7e1a3a4437986a84
McAfee Fareit-FVZ!7E1A3A443798
Cylance Unsafe
Sangfor Malware
K7AntiVirus Trojan ( 0056aa661 )
Alibaba Trojan:Win32/DelfInject.ali2000015
K7GW Trojan ( 0056aa661 )
Cybereason malicious.437986
Arcabit Trojan.Zusy.D4BA0B
BitDefenderTheta Gen:NN.ZelphiF.34700.HGW@a8dpATmi
Cyren W32/Trojan.IZYH-8763
Symantec ML.Attribute.HighConfidence
APEX Malicious
Avast Win32:CrypterX-gen [Trj]
ClamAV Win.Dropper.Remcos-9090514-0
Kaspersky HEUR:Trojan.Win32.Kryptik.gen
BitDefender Gen:Variant.Zusy.309771
NANO-Antivirus Trojan.Win32.Kryptik.honprs
Paloalto generic.ml
Rising Trojan.Injector!1.C961 (CLASSIC)
Ad-Aware Gen:Variant.Zusy.309771
Emsisoft Gen:Variant.Zusy.309771 (B)
Comodo Malware@#3nmeltid1ps9q
F-Secure Trojan.TR/AD.Remcos.toikf
VIPRE Trojan.Win32.Generic!BT
TrendMicro TrojanSpy.Win32.LOKI.SMAD1.hp
McAfee-GW-Edition BehavesLike.Win32.Fareit.hh
Sophos Mal/Generic-S
SentinelOne Static AI - Suspicious PE
Jiangmin Trojan.Kryptik.bxo
Avira TR/AD.Remcos.toikf
MAX malware (ai score=80)
Antiy-AVL Trojan/Win32.Kryptik
Kingsoft Win32.Troj.Undef.(kcloud)
Microsoft PWS:Win32/Fareit.AQ!MTB
AegisLab Trojan.Multi.Generic.4!c
ZoneAlarm HEUR:Trojan.Win32.Kryptik.gen
GData Gen:Variant.Zusy.309771
Cynet Malicious (score: 100)
AhnLab-V3 Suspicious/Win.Delphiless.X2094
VBA32 TScope.Trojan.Delf
ALYac Backdoor.Remcos.A
Malwarebytes Trojan.MalPack.DLF
ESET-NOD32 a variant of Win32/Injector.EMSE
TrendMicro-HouseCall TrojanSpy.Win32.LOKI.SMAD1.hp
Tencent Win32.Trojan.Kryptik.Aiik
Connects to IP addresses that are no longer responding to requests (legitimate services will remain up-and-running usually) (10 个事件)
dead_host 192.168.56.101:49194
dead_host 192.168.56.101:49191
dead_host 185.165.153.15:6642
dead_host 192.168.56.101:49203
dead_host 192.168.56.101:49199
dead_host 192.168.56.101:49198
dead_host 192.168.56.101:49200
dead_host 192.168.56.101:49187
dead_host 192.168.56.101:49195
dead_host 192.168.56.101:49190
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

1992-06-20 06:22:17

Imports

Library kernel32.dll:
0x46d13c VirtualFree
0x46d140 VirtualAlloc
0x46d144 LocalFree
0x46d148 LocalAlloc
0x46d14c GetVersion
0x46d150 GetCurrentThreadId
0x46d15c VirtualQuery
0x46d160 WideCharToMultiByte
0x46d164 MultiByteToWideChar
0x46d168 lstrlenA
0x46d16c lstrcpynA
0x46d170 LoadLibraryExA
0x46d174 GetThreadLocale
0x46d178 GetStartupInfoA
0x46d17c GetProcAddress
0x46d180 GetModuleHandleA
0x46d184 GetModuleFileNameA
0x46d188 GetLocaleInfoA
0x46d18c GetCommandLineA
0x46d190 FreeLibrary
0x46d194 FindFirstFileA
0x46d198 FindClose
0x46d19c ExitProcess
0x46d1a0 WriteFile
0x46d1a8 RtlUnwind
0x46d1ac RaiseException
0x46d1b0 GetStdHandle
Library user32.dll:
0x46d1b8 GetKeyboardType
0x46d1bc LoadStringA
0x46d1c0 MessageBoxA
0x46d1c4 CharNextA
Library advapi32.dll:
0x46d1cc RegQueryValueExA
0x46d1d0 RegOpenKeyExA
0x46d1d4 RegCloseKey
Library oleaut32.dll:
0x46d1dc SysFreeString
0x46d1e0 SysReAllocStringLen
0x46d1e4 SysAllocStringLen
Library kernel32.dll:
0x46d1ec TlsSetValue
0x46d1f0 TlsGetValue
0x46d1f4 LocalAlloc
0x46d1f8 GetModuleHandleA
Library advapi32.dll:
0x46d200 RegQueryValueExA
0x46d204 RegOpenKeyExA
0x46d208 RegCloseKey
Library kernel32.dll:
0x46d210 lstrcpyA
0x46d214 WriteFile
0x46d218 WaitForSingleObject
0x46d21c VirtualQuery
0x46d220 VirtualProtect
0x46d224 VirtualAlloc
0x46d228 Sleep
0x46d22c SizeofResource
0x46d230 SetThreadLocale
0x46d234 SetFilePointer
0x46d238 SetEvent
0x46d23c SetErrorMode
0x46d240 SetEndOfFile
0x46d244 ResetEvent
0x46d248 ReadFile
0x46d24c MulDiv
0x46d250 LockResource
0x46d254 LoadResource
0x46d258 LoadLibraryA
0x46d264 GlobalUnlock
0x46d268 GlobalReAlloc
0x46d26c GlobalHandle
0x46d270 GlobalLock
0x46d274 GlobalFree
0x46d278 GlobalFindAtomA
0x46d27c GlobalDeleteAtom
0x46d280 GlobalAlloc
0x46d284 GlobalAddAtomA
0x46d288 GetVersionExA
0x46d28c GetVersion
0x46d290 GetTickCount
0x46d294 GetThreadLocale
0x46d298 GetSystemInfo
0x46d29c GetStringTypeExA
0x46d2a0 GetStdHandle
0x46d2a4 GetProcAddress
0x46d2a8 GetModuleHandleA
0x46d2ac GetModuleFileNameA
0x46d2b0 GetLocaleInfoA
0x46d2b4 GetLocalTime
0x46d2b8 GetLastError
0x46d2bc GetFullPathNameA
0x46d2c0 GetFileAttributesA
0x46d2c4 GetDiskFreeSpaceA
0x46d2c8 GetDateFormatA
0x46d2cc GetCurrentThreadId
0x46d2d0 GetCurrentProcessId
0x46d2d4 GetCPInfo
0x46d2d8 GetACP
0x46d2dc FreeResource
0x46d2e0 InterlockedExchange
0x46d2e4 FreeLibrary
0x46d2e8 FormatMessageA
0x46d2ec FindResourceA
0x46d2f0 FindFirstFileA
0x46d2f4 FindClose
0x46d300 EnumCalendarInfoA
0x46d30c CreateThread
0x46d310 CreateFileA
0x46d314 CreateEventA
0x46d318 CompareStringA
0x46d31c CloseHandle
Library version.dll:
0x46d324 VerQueryValueA
0x46d32c GetFileVersionInfoA
Library gdi32.dll:
0x46d334 UnrealizeObject
0x46d338 StretchBlt
0x46d33c SetWindowOrgEx
0x46d340 SetWinMetaFileBits
0x46d344 SetViewportOrgEx
0x46d348 SetTextColor
0x46d34c SetStretchBltMode
0x46d350 SetROP2
0x46d354 SetPixel
0x46d358 SetEnhMetaFileBits
0x46d35c SetDIBColorTable
0x46d360 SetBrushOrgEx
0x46d364 SetBkMode
0x46d368 SetBkColor
0x46d36c SelectPalette
0x46d370 SelectObject
0x46d374 SaveDC
0x46d378 RestoreDC
0x46d37c Rectangle
0x46d380 RectVisible
0x46d384 RealizePalette
0x46d388 Polyline
0x46d38c PlayEnhMetaFile
0x46d390 PatBlt
0x46d394 MoveToEx
0x46d398 MaskBlt
0x46d39c LineTo
0x46d3a0 IntersectClipRect
0x46d3a4 GetWindowOrgEx
0x46d3a8 GetWinMetaFileBits
0x46d3ac GetTextMetricsA
0x46d3b8 GetStockObject
0x46d3bc GetPixel
0x46d3c0 GetPaletteEntries
0x46d3c4 GetObjectA
0x46d3d0 GetEnhMetaFileBits
0x46d3d4 GetDeviceCaps
0x46d3d8 GetDIBits
0x46d3dc GetDIBColorTable
0x46d3e0 GetDCOrgEx
0x46d3e8 GetClipBox
0x46d3ec GetBrushOrgEx
0x46d3f0 GetBitmapBits
0x46d3f4 ExtTextOutA
0x46d3f8 ExcludeClipRect
0x46d3fc DeleteObject
0x46d400 DeleteEnhMetaFile
0x46d404 DeleteDC
0x46d408 CreateSolidBrush
0x46d40c CreatePenIndirect
0x46d410 CreatePalette
0x46d418 CreateFontIndirectA
0x46d41c CreateDIBitmap
0x46d420 CreateDIBSection
0x46d424 CreateCompatibleDC
0x46d42c CreateBrushIndirect
0x46d430 CreateBitmap
0x46d434 CopyEnhMetaFileA
0x46d438 BitBlt
Library user32.dll:
0x46d440 CreateWindowExA
0x46d444 WindowFromPoint
0x46d448 WinHelpA
0x46d44c WaitMessage
0x46d450 UpdateWindow
0x46d454 UnregisterClassA
0x46d458 UnhookWindowsHookEx
0x46d45c TranslateMessage
0x46d464 TrackPopupMenu
0x46d46c ShowWindow
0x46d470 ShowScrollBar
0x46d474 ShowOwnedPopups
0x46d478 ShowCursor
0x46d47c SetWindowsHookExA
0x46d480 SetWindowTextA
0x46d484 SetWindowPos
0x46d488 SetWindowPlacement
0x46d48c SetWindowLongA
0x46d490 SetTimer
0x46d494 SetScrollRange
0x46d498 SetScrollPos
0x46d49c SetScrollInfo
0x46d4a0 SetRect
0x46d4a4 SetPropA
0x46d4a8 SetParent
0x46d4ac SetMenuItemInfoA
0x46d4b0 SetMenu
0x46d4b4 SetForegroundWindow
0x46d4b8 SetFocus
0x46d4bc SetCursor
0x46d4c0 SetClassLongA
0x46d4c4 SetCapture
0x46d4c8 SetActiveWindow
0x46d4cc SendMessageA
0x46d4d0 ScrollWindow
0x46d4d4 ScreenToClient
0x46d4d8 RemovePropA
0x46d4dc RemoveMenu
0x46d4e0 ReleaseDC
0x46d4e4 ReleaseCapture
0x46d4f0 RegisterClassA
0x46d4f4 RedrawWindow
0x46d4f8 PtInRect
0x46d4fc PostQuitMessage
0x46d500 PostMessageA
0x46d504 PeekMessageA
0x46d508 OffsetRect
0x46d50c OemToCharA
0x46d510 MessageBoxA
0x46d514 MapWindowPoints
0x46d518 MapVirtualKeyA
0x46d51c LoadStringA
0x46d520 LoadKeyboardLayoutA
0x46d524 LoadIconA
0x46d528 LoadCursorA
0x46d52c LoadBitmapA
0x46d530 KillTimer
0x46d534 IsZoomed
0x46d538 IsWindowVisible
0x46d53c IsWindowEnabled
0x46d540 IsWindow
0x46d544 IsRectEmpty
0x46d548 IsIconic
0x46d54c IsDialogMessageA
0x46d550 IsChild
0x46d554 InvalidateRect
0x46d558 IntersectRect
0x46d55c InsertMenuItemA
0x46d560 InsertMenuA
0x46d564 InflateRect
0x46d56c GetWindowTextA
0x46d570 GetWindowRect
0x46d574 GetWindowPlacement
0x46d578 GetWindowLongA
0x46d57c GetWindowDC
0x46d580 GetTopWindow
0x46d584 GetSystemMetrics
0x46d588 GetSystemMenu
0x46d58c GetSysColorBrush
0x46d590 GetSysColor
0x46d594 GetSubMenu
0x46d598 GetScrollRange
0x46d59c GetScrollPos
0x46d5a0 GetScrollInfo
0x46d5a4 GetPropA
0x46d5a8 GetParent
0x46d5ac GetWindow
0x46d5b0 GetMessageTime
0x46d5b4 GetMenuStringA
0x46d5b8 GetMenuState
0x46d5bc GetMenuItemInfoA
0x46d5c0 GetMenuItemID
0x46d5c4 GetMenuItemCount
0x46d5c8 GetMenu
0x46d5cc GetLastActivePopup
0x46d5d0 GetKeyboardState
0x46d5d8 GetKeyboardLayout
0x46d5dc GetKeyState
0x46d5e0 GetKeyNameTextA
0x46d5e4 GetIconInfo
0x46d5e8 GetForegroundWindow
0x46d5ec GetFocus
0x46d5f0 GetDlgItem
0x46d5f4 GetDesktopWindow
0x46d5f8 GetDCEx
0x46d5fc GetDC
0x46d600 GetCursorPos
0x46d604 GetCursor
0x46d608 GetClipboardData
0x46d60c GetClientRect
0x46d610 GetClassNameA
0x46d614 GetClassInfoA
0x46d618 GetCapture
0x46d61c GetActiveWindow
0x46d620 FrameRect
0x46d624 FindWindowA
0x46d628 FillRect
0x46d62c EqualRect
0x46d630 EnumWindows
0x46d634 EnumThreadWindows
0x46d638 EndPaint
0x46d63c EnableWindow
0x46d640 EnableScrollBar
0x46d644 EnableMenuItem
0x46d648 DrawTextA
0x46d64c DrawMenuBar
0x46d650 DrawIconEx
0x46d654 DrawIcon
0x46d658 DrawFrameControl
0x46d65c DrawFocusRect
0x46d660 DrawEdge
0x46d664 DispatchMessageA
0x46d668 DestroyWindow
0x46d66c DestroyMenu
0x46d670 DestroyIcon
0x46d674 DestroyCursor
0x46d678 DeleteMenu
0x46d67c DefWindowProcA
0x46d680 DefMDIChildProcA
0x46d684 DefFrameProcA
0x46d688 CreatePopupMenu
0x46d68c CreateMenu
0x46d690 CreateIcon
0x46d694 ClientToScreen
0x46d698 CheckMenuItem
0x46d69c CallWindowProcA
0x46d6a0 CallNextHookEx
0x46d6a4 BeginPaint
0x46d6a8 CharNextA
0x46d6ac CharLowerBuffA
0x46d6b0 CharLowerA
0x46d6b4 CharToOemA
0x46d6b8 AdjustWindowRectEx
Library kernel32.dll:
0x46d6c4 Sleep
Library oleaut32.dll:
0x46d6cc SafeArrayPtrOfIndex
0x46d6d0 SafeArrayGetUBound
0x46d6d4 SafeArrayGetLBound
0x46d6d8 SafeArrayCreate
0x46d6dc VariantChangeType
0x46d6e0 VariantCopy
0x46d6e4 VariantClear
0x46d6e8 VariantInit
Library comctl32.dll:
0x46d6f8 ImageList_Write
0x46d6fc ImageList_Read
0x46d70c ImageList_DragMove
0x46d710 ImageList_DragLeave
0x46d714 ImageList_DragEnter
0x46d718 ImageList_EndDrag
0x46d71c ImageList_BeginDrag
0x46d720 ImageList_Remove
0x46d724 ImageList_DrawEx
0x46d728 ImageList_Replace
0x46d72c ImageList_Draw
0x46d73c ImageList_Add
0x46d744 ImageList_Destroy
0x46d748 ImageList_Create
0x46d74c InitCommonControls
Library comdlg32.dll:
0x46d754 GetOpenFileNameA

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 49235 114.114.114.114 53
192.168.56.101 50534 114.114.114.114 53
192.168.56.101 53657 114.114.114.114 53
192.168.56.101 56539 114.114.114.114 53
192.168.56.101 65004 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 51808 224.0.0.252 5355
192.168.56.101 55368 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 60123 224.0.0.252 5355
192.168.56.101 62191 224.0.0.252 5355
192.168.56.101 1900 239.255.255.250 1900
192.168.56.101 50535 239.255.255.250 3702
192.168.56.101 56540 239.255.255.250 3702
192.168.56.101 56807 239.255.255.250 1900
192.168.56.101 58707 239.255.255.250 3702

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.