6.8
高危
62 个模型检测该样本为恶意!
重新分析
更多

8ef62131890ff8a17d38d8a48997e01252f605b68249ae4a321407be410680dc

806e786a7084e6339e912aa9092dbd4a.exe

分析耗时

48s

最近分析

文件大小

702.5KB
静态报毒 动态报毒 AI SCORE=87 AIDETECTVM ALI2000015 AUTO BDSNANOCORECLIENT BTJGEO CONFIDENCE DELF DELFINJECT DELPHILESS DFMG3OTVOIR ELDORADO ELXR ELYW FAREIT GENERICKD GENETIC GENKRYPTIK HKFIQE IGENT LOKI LOKIBOT MALWARE1 MALWARE@#341YBL6QTETJN MODERATE MSHFV NANOBOT NANOCORE OWAO RGW@AGAIDAPI SCORE SMAD1 SUSGEN SUSPICIOUS PE TSCOPE UNSAFE WACATAC X2066 ZELPHIF 更多
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
McAfee Fareit-FTB!806E786A7084 20200722 6.0.6.653
Alibaba Trojan:Win32/DelfInject.ali2000015 20190527 0.3.0.5
CrowdStrike win/malicious_confidence_70% (D) 20190702 1.0
Baidu 20190318 1.0.0.2
Kingsoft 20200723 2013.8.14.323
Tencent Win32.Trojan.Inject.Auto 20200723 1.0.0.1
静态指标
The executable contains unknown PE section names indicative of a packer (could be a false positive) (3 个事件)
section CODE
section DATA
section BSS
The executable uses a known packer (1 个事件)
packer BobSoft Mini Delphi -> BoB / BobSoft
One or more processes crashed (2 个事件)
Time & API Arguments Status Return Repeated
1620816921.551375
__exception__
stacktrace: 
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 48561988
registers.edi: 0
registers.eax: 0
registers.ebp: 48562056
registers.edx: 55
registers.ebx: 0
registers.esi: 0
registers.ecx: 551
exception.instruction_r: f7 f0 33 c0 5a 59 59 64 89 10 e9 73 79 00 00 e9
exception.symbol: 806e786a7084e6339e912aa9092dbd4a+0x5c95a
exception.instruction: div eax
exception.module: 806e786a7084e6339e912aa9092dbd4a.exe
exception.exception_code: 0xc0000094
exception.offset: 379226
exception.address: 0x45c95a
success 0 0
1620816927.801626
__exception__
stacktrace: 
CreateFileMappingW+0xe5 OpenFileMappingW-0x29 kernelbase+0xdc73 @ 0x778edc73
GetFileVersion+0xa7 ND_RI2-0x2eb mscoreei+0xe97b @ 0x73aae97b
GetFileVersion+0x1bb ND_RI2-0x1d7 mscoreei+0xea8f @ 0x73aaea8f
RegisterShimImplCallback+0x48e5 CLRCreateInstance-0x13e6 mscoreei+0xb25a @ 0x73aab25a
RegisterShimImplCallback+0x4b52 CLRCreateInstance-0x1179 mscoreei+0xb4c7 @ 0x73aab4c7
RegisterShimImplCallback+0x4300 CLRCreateInstance-0x19cb mscoreei+0xac75 @ 0x73aaac75
RegisterShimImplCallback+0x4561 CLRCreateInstance-0x176a mscoreei+0xaed6 @ 0x73aaaed6
CreateConfigStream+0xc89 _CorExeMain-0x62 mscoreei+0x5511 @ 0x73aa5511
_CorExeMain+0x2b _CorExeMain2-0x141 mscoreei+0x559e @ 0x73aa559e
CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x74167f16
_CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x74164de3
806e786a7084e6339e912aa9092dbd4a+0x40a4d @ 0x440a4d
806e786a7084e6339e912aa9092dbd4a+0x39254 @ 0x439254
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1634372
registers.edi: 2
registers.eax: 1
registers.ebp: 1634412
registers.edx: 228
registers.ebx: 983045
registers.esi: 1634532
registers.ecx: 228
exception.symbol:
exception.exception_code: 0xc0000005
exception.address: 0xfe7414ad
success 0 0
行为判定
动态指标
One or more potentially interesting buffers were extracted, these generally contain injected code, configuration data, etc.
Allocates read-write-execute memory (usually to unpack itself) (30 个事件)
Time & API Arguments Status Return Repeated
1620816918.598375
NtAllocateVirtualMemory
process_identifier: 3060
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x003f0000
success 0 0
1620816921.551375
NtProtectVirtualMemory
process_identifier: 3060
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 36864
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x0045c000
success 0 0
1620816921.551375
NtAllocateVirtualMemory
process_identifier: 3060
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x01f70000
success 0 0
1620816921.816626
NtProtectVirtualMemory
process_identifier: 912
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00400000
success 0 0
1620816921.863626
NtAllocateVirtualMemory
process_identifier: 912
region_size: 1703936
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 8192 (MEM_RESERVE)
base_address: 0x01f30000
success 0 0
1620816921.863626
NtAllocateVirtualMemory
process_identifier: 912
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x02090000
success 0 0
1620816921.863626
NtAllocateVirtualMemory
process_identifier: 912
region_size: 229376
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x003c0000
success 0 0
1620816921.863626
NtProtectVirtualMemory
process_identifier: 912
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 118784
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x003c2000
success 0 0
1620816922.348626
NtAllocateVirtualMemory
process_identifier: 912
region_size: 917504
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 8192 (MEM_RESERVE)
base_address: 0x01f30000
success 0 0
1620816922.348626
NtAllocateVirtualMemory
process_identifier: 912
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x01fd0000
success 0 0
1620816927.801626
NtProtectVirtualMemory
process_identifier: 912
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x01f22000
success 0 0
1620816927.801626
NtProtectVirtualMemory
process_identifier: 912
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76351000
success 0 0
1620816927.801626
NtProtectVirtualMemory
process_identifier: 912
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x01f22000
success 0 0
1620816927.801626
NtProtectVirtualMemory
process_identifier: 912
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76353000
success 0 0
1620816927.801626
NtProtectVirtualMemory
process_identifier: 912
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x01f22000
success 0 0
1620816927.801626
NtProtectVirtualMemory
process_identifier: 912
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76354000
success 0 0
1620816927.801626
NtProtectVirtualMemory
process_identifier: 912
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x01f22000
success 0 0
1620816927.801626
NtProtectVirtualMemory
process_identifier: 912
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76351000
success 0 0
1620816927.801626
NtProtectVirtualMemory
process_identifier: 912
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x01f22000
success 0 0
1620816927.801626
NtProtectVirtualMemory
process_identifier: 912
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x77d4f000
success 0 0
1620816927.801626
NtProtectVirtualMemory
process_identifier: 912
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x01f22000
success 0 0
1620816927.801626
NtProtectVirtualMemory
process_identifier: 912
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76353000
success 0 0
1620816927.801626
NtProtectVirtualMemory
process_identifier: 912
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x01f22000
success 0 0
1620816927.801626
NtProtectVirtualMemory
process_identifier: 912
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76351000
success 0 0
1620816927.801626
NtProtectVirtualMemory
process_identifier: 912
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x01f22000
success 0 0
1620816927.801626
NtProtectVirtualMemory
process_identifier: 912
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76351000
success 0 0
1620816927.801626
NtProtectVirtualMemory
process_identifier: 912
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x01f22000
success 0 0
1620816927.801626
NtProtectVirtualMemory
process_identifier: 912
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76354000
success 0 0
1620816927.801626
NtProtectVirtualMemory
process_identifier: 912
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x01f22000
success 0 0
1620816927.801626
NtProtectVirtualMemory
process_identifier: 912
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76351000
success 0 0
The binary likely contains encrypted or compressed data indicative of a packer (2 个事件)
entropy 7.313999294731184 section {'size_of_data': '0x00041a00', 'virtual_address': '0x00074000', 'entropy': 7.313999294731184, 'name': '.rsrc', 'virtual_size': '0x00041a00'} description A section with a high entropy has been found
entropy 0.3741981468282252 description Overall entropy of this PE file is high
网络通信
Communicates with host for which no DNS query was performed (1 个事件)
host 172.217.24.14
Used NtSetContextThread to modify a thread in a remote process indicative of process injection (2 个事件)
Process injection Process 3060 called NtSetContextThread to modify thread in remote process 912
Time & API Arguments Status Return Repeated
1620816921.598375
NtSetContextThread
thread_handle: 0x000000fc
registers.eip: 0
registers.esp: 0
registers.edi: 0
registers.eax: 4707488
registers.ebp: 0
registers.edx: 0
registers.ebx: 2130567168
registers.esi: 0
registers.ecx: 0
process_identifier: 912
success 0 0
Resumed a suspended thread in a remote process potentially indicative of process injection (2 个事件)
Process injection Process 3060 resumed a thread in remote process 912
Time & API Arguments Status Return Repeated
1620816921.660375
NtResumeThread
thread_handle: 0x000000fc
suspend_count: 1
process_identifier: 912
success 0 0
Connects to an IP address that is no longer responding to requests (legitimate services will remain up-and-running usually) (1 个事件)
dead_host 172.217.160.78:443
Executed a process and injected code into it, probably while unpacking (6 个事件)
Time & API Arguments Status Return Repeated
1620816921.598375
CreateProcessInternalW
thread_identifier: 472
thread_handle: 0x000000fc
process_identifier: 912
current_directory:
filepath:
track: 1
command_line: "C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\806e786a7084e6339e912aa9092dbd4a.exe"
filepath_r:
stack_pivoted: 0
creation_flags: 4 (CREATE_SUSPENDED)
process_handle: 0x00000100
inherit_handles: 0
success 1 0
1620816921.598375
NtUnmapViewOfSection
process_identifier: 912
region_size: 4096
process_handle: 0x00000100
base_address: 0x00400000
success 0 0
1620816921.598375
NtMapViewOfSection
section_handle: 0x00000108
process_identifier: 912
commit_size: 520192
win32_protect: 64 (PAGE_EXECUTE_READWRITE)
buffer:
process_handle: 0x00000100
allocation_type: 0 ()
section_offset: 0
view_size: 520192
base_address: 0x00400000
success 0 0
1620816921.598375
NtGetContextThread
thread_handle: 0x000000fc
success 0 0
1620816921.598375
NtSetContextThread
thread_handle: 0x000000fc
registers.eip: 0
registers.esp: 0
registers.edi: 0
registers.eax: 4707488
registers.ebp: 0
registers.edx: 0
registers.ebx: 2130567168
registers.esi: 0
registers.ecx: 0
process_identifier: 912
success 0 0
1620816921.660375
NtResumeThread
thread_handle: 0x000000fc
suspend_count: 1
process_identifier: 912
success 0 0
File has been identified by 62 AntiVirus engines on VirusTotal as malicious (50 out of 62 个事件)
Bkav W32.AIDetectVM.malware1
MicroWorld-eScan Trojan.GenericKD.43167103
FireEye Generic.mg.806e786a7084e633
McAfee Fareit-FTB!806E786A7084
Cylance Unsafe
Zillya Trojan.Injector.Win32.737561
Sangfor Malware
K7AntiVirus Trojan ( 00566aa61 )
Alibaba Trojan:Win32/DelfInject.ali2000015
K7GW Trojan ( 00566aa61 )
CrowdStrike win/malicious_confidence_70% (D)
Arcabit Trojan.Generic.D292AD7F
Invincea heuristic
BitDefenderTheta Gen:NN.ZelphiF.34138.RGW@aGAiDApi
F-Prot W32/Delf.KY.gen!Eldorado
Symantec Trojan.Gen.2
TrendMicro-HouseCall TrojanSpy.Win32.LOKI.SMAD1.hp
Paloalto generic.ml
ClamAV Win.Malware.Fareit-7839783-0
Kaspersky HEUR:Backdoor.Win32.NanoBot.gen
BitDefender Trojan.GenericKD.43167103
NANO-Antivirus Trojan.Win32.Nanocore.hkfiqe
APEX Malicious
Rising Trojan.GenKryptik!8.AA55 (TFE:5:DFmG3OTvoiR)
Ad-Aware Trojan.GenericKD.43167103
Sophos Mal/Fareit-AA
Comodo Malware@#341ybl6qtetjn
F-Secure Trojan.TR/AD.BDSNanoCoreClient.mshfv
DrWeb Trojan.Nanocore.23
VIPRE Trojan.Win32.Generic!BT
TrendMicro TrojanSpy.Win32.LOKI.SMAD1.hp
Trapmine malicious.moderate.ml.score
Emsisoft Trojan.GenericKD.43167103 (B)
Ikarus Trojan.Inject
Cyren W32/Trojan.OWAO-0271
Jiangmin Backdoor.Nanobot.es
Webroot W32.Adware.Gen
Avira TR/AD.BDSNanoCoreClient.mshfv
Antiy-AVL Trojan/Win32.Wacatac
Microsoft Trojan:Win32/Lokibot.V!MTB
AegisLab Trojan.Multi.Generic.4!c
ZoneAlarm HEUR:Backdoor.Win32.NanoBot.gen
GData Win32.Trojan.Injector.PA
Cynet Malicious (score: 100)
AhnLab-V3 Suspicious/Win.Delphiless.X2066
Acronis suspicious
ALYac Trojan.GenericKD.43167103
MAX malware (ai score=87)
VBA32 TScope.Trojan.Delf
Malwarebytes Backdoor.NanoCore
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

1992-06-20 06:22:17

Imports

Library kernel32.dll:
0x46813c VirtualFree
0x468140 VirtualAlloc
0x468144 LocalFree
0x468148 LocalAlloc
0x46814c GetVersion
0x468150 GetCurrentThreadId
0x46815c VirtualQuery
0x468160 WideCharToMultiByte
0x468168 MultiByteToWideChar
0x46816c lstrlenA
0x468170 lstrcpynA
0x468174 LoadLibraryExA
0x468178 GetThreadLocale
0x46817c GetStartupInfoA
0x468180 GetProcAddress
0x468184 GetModuleHandleA
0x468188 GetModuleFileNameA
0x46818c GetLocaleInfoA
0x468190 GetLastError
0x468198 GetCommandLineA
0x46819c FreeLibrary
0x4681a0 FindFirstFileA
0x4681a4 FindClose
0x4681a8 ExitProcess
0x4681ac WriteFile
0x4681b4 RtlUnwind
0x4681b8 RaiseException
0x4681bc GetStdHandle
Library user32.dll:
0x4681c4 GetKeyboardType
0x4681c8 LoadStringA
0x4681cc MessageBoxA
0x4681d0 CharNextA
Library advapi32.dll:
0x4681d8 RegQueryValueExA
0x4681dc RegOpenKeyExA
0x4681e0 RegCloseKey
Library oleaut32.dll:
0x4681e8 SysFreeString
0x4681ec SysReAllocStringLen
0x4681f0 SysAllocStringLen
Library kernel32.dll:
0x4681f8 TlsSetValue
0x4681fc TlsGetValue
0x468200 LocalAlloc
0x468204 GetModuleHandleA
Library advapi32.dll:
0x46820c RegQueryValueExA
0x468210 RegOpenKeyExA
0x468214 RegCloseKey
Library kernel32.dll:
0x46821c lstrcpyA
0x468220 WriteFile
0x468224 WaitForSingleObject
0x468228 VirtualQuery
0x46822c VirtualProtect
0x468230 VirtualAlloc
0x468234 Sleep
0x468238 SizeofResource
0x46823c SetThreadLocale
0x468240 SetFilePointer
0x468244 SetEvent
0x468248 SetErrorMode
0x46824c SetEndOfFile
0x468250 ResetEvent
0x468254 ReadFile
0x468258 MulDiv
0x46825c LockResource
0x468260 LoadResource
0x468264 LoadLibraryA
0x468270 GlobalUnlock
0x468274 GlobalReAlloc
0x468278 GlobalHandle
0x46827c GlobalLock
0x468280 GlobalFree
0x468284 GlobalFindAtomA
0x468288 GlobalDeleteAtom
0x46828c GlobalAlloc
0x468290 GlobalAddAtomA
0x468298 GetVersionExA
0x46829c GetVersion
0x4682a0 GetTickCount
0x4682a4 GetThreadLocale
0x4682ac GetSystemTime
0x4682b0 GetSystemInfo
0x4682b4 GetStringTypeExA
0x4682b8 GetStdHandle
0x4682bc GetProcAddress
0x4682c0 GetModuleHandleA
0x4682c4 GetModuleFileNameA
0x4682c8 GetLocaleInfoA
0x4682cc GetLocalTime
0x4682d0 GetLastError
0x4682d4 GetFullPathNameA
0x4682d8 GetFileAttributesA
0x4682dc GetDiskFreeSpaceA
0x4682e0 GetDateFormatA
0x4682e4 GetCurrentThreadId
0x4682e8 GetCurrentProcessId
0x4682ec GetCPInfo
0x4682f0 GetACP
0x4682f4 FreeResource
0x4682f8 InterlockedExchange
0x4682fc FreeLibrary
0x468300 FormatMessageA
0x468304 FindResourceA
0x468308 FindNextFileA
0x46830c FindFirstFileA
0x468310 FindClose
0x468320 ExitThread
0x468324 EnumCalendarInfoA
0x468330 CreateThread
0x468334 CreateFileA
0x468338 CreateEventA
0x46833c CompareStringA
0x468340 CloseHandle
Library version.dll:
0x468348 VerQueryValueA
0x468350 GetFileVersionInfoA
Library gdi32.dll:
0x468358 UnrealizeObject
0x46835c StretchBlt
0x468360 SetWindowOrgEx
0x468364 SetViewportOrgEx
0x468368 SetTextColor
0x46836c SetStretchBltMode
0x468370 SetROP2
0x468374 SetPixel
0x468378 SetDIBColorTable
0x46837c SetBrushOrgEx
0x468380 SetBkMode
0x468384 SetBkColor
0x468388 SelectPalette
0x46838c SelectObject
0x468390 SaveDC
0x468394 RestoreDC
0x468398 Rectangle
0x46839c RectVisible
0x4683a0 RealizePalette
0x4683a4 PatBlt
0x4683a8 MoveToEx
0x4683ac MaskBlt
0x4683b0 LineTo
0x4683b4 IntersectClipRect
0x4683b8 GetWindowOrgEx
0x4683bc GetTextMetricsA
0x4683c8 GetStockObject
0x4683cc GetPixel
0x4683d0 GetPaletteEntries
0x4683d4 GetObjectA
0x4683d8 GetDeviceCaps
0x4683dc GetDIBits
0x4683e0 GetDIBColorTable
0x4683e4 GetDCOrgEx
0x4683ec GetClipBox
0x4683f0 GetBrushOrgEx
0x4683f4 GetBitmapBits
0x4683f8 ExtTextOutA
0x4683fc ExcludeClipRect
0x468400 DeleteObject
0x468404 DeleteDC
0x468408 CreateSolidBrush
0x46840c CreatePenIndirect
0x468410 CreatePalette
0x468418 CreateFontIndirectA
0x46841c CreateDIBitmap
0x468420 CreateDIBSection
0x468424 CreateCompatibleDC
0x46842c CreateBrushIndirect
0x468430 CreateBitmap
0x468434 BitBlt
Library user32.dll:
0x46843c CreateWindowExA
0x468440 WindowFromPoint
0x468444 WinHelpA
0x468448 WaitMessage
0x46844c UpdateWindow
0x468450 UnregisterClassA
0x468454 UnhookWindowsHookEx
0x468458 TranslateMessage
0x468460 TrackPopupMenu
0x468468 ShowWindow
0x46846c ShowScrollBar
0x468470 ShowOwnedPopups
0x468474 ShowCursor
0x468478 SetWindowsHookExA
0x46847c SetWindowTextA
0x468480 SetWindowPos
0x468484 SetWindowPlacement
0x468488 SetWindowLongA
0x46848c SetTimer
0x468490 SetScrollRange
0x468494 SetScrollPos
0x468498 SetScrollInfo
0x46849c SetRect
0x4684a0 SetPropA
0x4684a4 SetParent
0x4684a8 SetMenuItemInfoA
0x4684ac SetMenu
0x4684b0 SetForegroundWindow
0x4684b4 SetFocus
0x4684b8 SetCursor
0x4684bc SetClassLongA
0x4684c0 SetCapture
0x4684c4 SetActiveWindow
0x4684c8 SendMessageA
0x4684cc ScrollWindow
0x4684d0 ScreenToClient
0x4684d4 RemovePropA
0x4684d8 RemoveMenu
0x4684dc ReleaseDC
0x4684e0 ReleaseCapture
0x4684ec RegisterClassA
0x4684f0 RedrawWindow
0x4684f4 PtInRect
0x4684f8 PostQuitMessage
0x4684fc PostMessageA
0x468500 PeekMessageA
0x468504 OffsetRect
0x468508 OemToCharA
0x46850c MessageBoxA
0x468510 MapWindowPoints
0x468514 MapVirtualKeyA
0x468518 LoadStringA
0x46851c LoadKeyboardLayoutA
0x468520 LoadIconA
0x468524 LoadCursorA
0x468528 LoadBitmapA
0x46852c KillTimer
0x468530 IsZoomed
0x468534 IsWindowVisible
0x468538 IsWindowEnabled
0x46853c IsWindow
0x468540 IsRectEmpty
0x468544 IsIconic
0x468548 IsDialogMessageA
0x46854c IsChild
0x468550 InvalidateRect
0x468554 IntersectRect
0x468558 InsertMenuItemA
0x46855c InsertMenuA
0x468560 InflateRect
0x468568 GetWindowTextA
0x46856c GetWindowRect
0x468570 GetWindowPlacement
0x468574 GetWindowLongA
0x468578 GetWindowDC
0x46857c GetTopWindow
0x468580 GetSystemMetrics
0x468584 GetSystemMenu
0x468588 GetSysColorBrush
0x46858c GetSysColor
0x468590 GetSubMenu
0x468594 GetScrollRange
0x468598 GetScrollPos
0x46859c GetScrollInfo
0x4685a0 GetPropA
0x4685a4 GetParent
0x4685a8 GetWindow
0x4685ac GetMenuStringA
0x4685b0 GetMenuState
0x4685b4 GetMenuItemInfoA
0x4685b8 GetMenuItemID
0x4685bc GetMenuItemCount
0x4685c0 GetMenu
0x4685c4 GetLastActivePopup
0x4685c8 GetKeyboardState
0x4685d0 GetKeyboardLayout
0x4685d4 GetKeyState
0x4685d8 GetKeyNameTextA
0x4685dc GetIconInfo
0x4685e0 GetForegroundWindow
0x4685e4 GetFocus
0x4685e8 GetDesktopWindow
0x4685ec GetDCEx
0x4685f0 GetDC
0x4685f4 GetCursorPos
0x4685f8 GetCursor
0x4685fc GetClientRect
0x468600 GetClassNameA
0x468604 GetClassInfoA
0x468608 GetCapture
0x46860c GetActiveWindow
0x468610 FrameRect
0x468614 FindWindowA
0x468618 FillRect
0x46861c EqualRect
0x468620 EnumWindows
0x468624 EnumThreadWindows
0x468628 EndPaint
0x46862c EnableWindow
0x468630 EnableScrollBar
0x468634 EnableMenuItem
0x468638 DrawTextA
0x46863c DrawMenuBar
0x468640 DrawIconEx
0x468644 DrawIcon
0x468648 DrawFrameControl
0x46864c DrawFocusRect
0x468650 DrawEdge
0x468654 DispatchMessageA
0x468658 DestroyWindow
0x46865c DestroyMenu
0x468660 DestroyIcon
0x468664 DestroyCursor
0x468668 DeleteMenu
0x46866c DefWindowProcA
0x468670 DefMDIChildProcA
0x468674 DefFrameProcA
0x468678 CreatePopupMenu
0x46867c CreateMenu
0x468680 CreateIcon
0x468684 ClientToScreen
0x468688 CheckMenuItem
0x46868c CallWindowProcA
0x468690 CallNextHookEx
0x468694 BringWindowToTop
0x468698 BeginPaint
0x46869c CharNextA
0x4686a0 CharLowerBuffA
0x4686a4 CharLowerA
0x4686a8 CharToOemA
0x4686ac AdjustWindowRectEx
Library kernel32.dll:
0x4686b8 Sleep
Library oleaut32.dll:
0x4686c0 SafeArrayPtrOfIndex
0x4686c4 SafeArrayGetUBound
0x4686c8 SafeArrayGetLBound
0x4686cc SafeArrayCreate
0x4686d0 VariantChangeType
0x4686d4 VariantCopy
0x4686d8 VariantClear
0x4686dc VariantInit
Library comctl32.dll:
0x4686ec ImageList_Write
0x4686f0 ImageList_Read
0x468700 ImageList_DragMove
0x468704 ImageList_DragLeave
0x468708 ImageList_DragEnter
0x46870c ImageList_EndDrag
0x468710 ImageList_BeginDrag
0x468714 ImageList_Remove
0x468718 ImageList_DrawEx
0x46871c ImageList_Replace
0x468720 ImageList_Draw
0x468730 ImageList_Add
0x468738 ImageList_Destroy
0x46873c ImageList_Create
Library comdlg32.dll:
0x468744 ReplaceTextA
0x468748 FindTextA

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 49235 114.114.114.114 53
192.168.56.101 53237 114.114.114.114 53
192.168.56.101 55368 114.114.114.114 53
192.168.56.101 56539 114.114.114.114 53
192.168.56.101 63429 114.114.114.114 53
192.168.56.101 65004 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 123 20.189.79.72 time.windows.com 123
192.168.56.101 49713 224.0.0.252 5355
192.168.56.101 50568 224.0.0.252 5355
192.168.56.101 51963 224.0.0.252 5355
192.168.56.101 53657 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 57874 224.0.0.252 5355
192.168.56.101 58367 224.0.0.252 5355
192.168.56.101 62191 224.0.0.252 5355
192.168.56.101 62318 224.0.0.252 5355
192.168.56.101 62912 224.0.0.252 5355
192.168.56.101 1900 239.255.255.250 1900

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.