7.4
高危
60 个模型检测该样本为恶意!
重新分析
更多

e1c376bbaff5ae7ef4966f76681d2da4622d5ec13b9c17d09b72dfb4f3b797e2

871642898eb8781d714a951651b2701b.exe

分析耗时

48s

最近分析

文件大小

2.3MB
静态报毒 动态报毒 AGEN AI SCORE=83 AIDETECTVM BANKERX BSCOPE CLASSIC CONFIDENCE EKVT ELDORADO EMOTET ENCPK EPFA GENCIRC GENETIC GENKRYPTIK HBR@8QRQPO HCWQ HIGH CONFIDENCE HIWSJY INJECT3 KRYPTIK MALICIOUS PE MALWARE2 PINKSBOT QAKBOT QBOT QVM20 R + MAL RS0@AA7@GVDI SCORE STATIC AI SUSGEN TROJANBANKER UNSAFE VIRRANSOM WACATAC YGH5KJHKMGU ZEXAF 更多
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
Alibaba TrojanBanker:Win32/Emotet.b1f99315 20190527 0.3.0.5
Baidu 20190318 1.0.0.2
Avast Win32:BankerX-gen [Trj] 20201229 21.1.5827.0
McAfee W32/PinkSbot-GN!871642898EB8 20201229 6.0.6.653
Tencent Malware.Win32.Gencirc.10b9d3b1 20201229 1.0.0.1
CrowdStrike win/malicious_confidence_90% (W) 20190702 1.0
静态指标
Queries for the computername (3 个事件)
Time & API Arguments Status Return Repeated
1619685931.2975
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
1619685944.5475
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
1619689887.497627
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
Command line console output was observed (28 个事件)
Time & API Arguments Status Return Repeated
1619689900.872125
WriteConsoleA
buffer: ÕýÔÚ Ping 127.0.0.1
console_handle: 0x00000007
success 1 0
1619689900.887125
WriteConsoleA
buffer: ¾ßÓÐ 32 ×Ö½ÚµÄÊý¾Ý:
console_handle: 0x00000007
success 1 0
1619689900.887125
WriteConsoleA
buffer: À´×Ô 127.0.0.1 µÄ»Ø¸´:
console_handle: 0x00000007
success 1 0
1619689900.887125
WriteConsoleA
buffer: ×Ö½Ú=32
console_handle: 0x00000007
success 1 0
1619689900.887125
WriteConsoleA
buffer: ʱ¼ä<1ms
console_handle: 0x00000007
success 1 0
1619689900.887125
WriteConsoleA
buffer: TTL=128
console_handle: 0x00000007
success 1 0
1619689901.887125
WriteConsoleA
buffer: À´×Ô 127.0.0.1 µÄ»Ø¸´:
console_handle: 0x00000007
success 1 0
1619689901.887125
WriteConsoleA
buffer: ×Ö½Ú=32
console_handle: 0x00000007
success 1 0
1619689901.887125
WriteConsoleA
buffer: ʱ¼ä<1ms
console_handle: 0x00000007
success 1 0
1619689901.887125
WriteConsoleA
buffer: TTL=128
console_handle: 0x00000007
success 1 0
1619689902.887125
WriteConsoleA
buffer: À´×Ô 127.0.0.1 µÄ»Ø¸´:
console_handle: 0x00000007
success 1 0
1619689902.887125
WriteConsoleA
buffer: ×Ö½Ú=32
console_handle: 0x00000007
success 1 0
1619689902.887125
WriteConsoleA
buffer: ʱ¼ä<1ms
console_handle: 0x00000007
success 1 0
1619689902.887125
WriteConsoleA
buffer: TTL=128
console_handle: 0x00000007
success 1 0
1619689903.887125
WriteConsoleA
buffer: À´×Ô 127.0.0.1 µÄ»Ø¸´:
console_handle: 0x00000007
success 1 0
1619689903.887125
WriteConsoleA
buffer: ×Ö½Ú=32
console_handle: 0x00000007
success 1 0
1619689903.887125
WriteConsoleA
buffer: ʱ¼ä<1ms
console_handle: 0x00000007
success 1 0
1619689903.887125
WriteConsoleA
buffer: TTL=128
console_handle: 0x00000007
success 1 0
1619689904.887125
WriteConsoleA
buffer: À´×Ô 127.0.0.1 µÄ»Ø¸´:
console_handle: 0x00000007
success 1 0
1619689904.887125
WriteConsoleA
buffer: ×Ö½Ú=32
console_handle: 0x00000007
success 1 0
1619689904.887125
WriteConsoleA
buffer: ʱ¼ä<1ms
console_handle: 0x00000007
success 1 0
1619689904.887125
WriteConsoleA
buffer: TTL=128
console_handle: 0x00000007
success 1 0
1619689905.887125
WriteConsoleA
buffer: À´×Ô 127.0.0.1 µÄ»Ø¸´:
console_handle: 0x00000007
success 1 0
1619689905.887125
WriteConsoleA
buffer: ×Ö½Ú=32
console_handle: 0x00000007
success 1 0
1619689905.887125
WriteConsoleA
buffer: ʱ¼ä<1ms
console_handle: 0x00000007
success 1 0
1619689905.887125
WriteConsoleA
buffer: TTL=128
console_handle: 0x00000007
success 1 0
1619689905.919125
WriteConsoleA
buffer: 127.0.0.1 µÄ Ping ͳ¼ÆÐÅÏ¢: Êý¾Ý°ü: ÒÑ·¢ËÍ = 6£¬ÒѽÓÊÕ = 6£¬¶ªÊ§ = 0 (0% ¶ªÊ§)£¬
console_handle: 0x00000007
success 1 0
1619689905.919125
WriteConsoleA
buffer: Íù·µÐг̵ĹÀ¼Æʱ¼ä(ÒÔºÁÃëΪµ¥Î»): ×î¶Ì = 0ms£¬× = 0ms£¬Æ½¾ù = 0ms
console_handle: 0x00000007
success 1 0
Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available (1 个事件)
Time & API Arguments Status Return Repeated
1619689900.856125
GlobalMemoryStatusEx
success 1 0
One or more processes crashed (3 个事件)
Time & API Arguments Status Return Repeated
1619685944.5785
__exception__
stacktrace: 
EqualSid+0x19 EqualPrefixSid-0xc kernelbase+0x1bfe3 @ 0x778fbfe3
871642898eb8781d714a951651b2701b+0x84c8 @ 0x4084c8
871642898eb8781d714a951651b2701b+0xa27c @ 0x40a27c
871642898eb8781d714a951651b2701b+0xa2b7 @ 0x40a2b7
871642898eb8781d714a951651b2701b+0x8f66 @ 0x408f66
871642898eb8781d714a951651b2701b+0x17cc @ 0x4017cc
871642898eb8781d714a951651b2701b+0x1c66 @ 0x401c66
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1634132
registers.edi: 0
registers.eax: 1281
registers.ebp: 1634140
registers.edx: 0
registers.ebx: 40761608
registers.esi: 40761608
registers.ecx: 2130563072
exception.instruction_r: 66 3b 07 0f 85 e1 ef ff ff 0f b6 4e 01 33 c0 8d
exception.symbol: RtlEqualSid+0x10 RtlSetCriticalSectionSpinCount-0x26 ntdll+0x394c1
exception.instruction: cmp ax, word ptr [edi]
exception.module: ntdll.dll
exception.exception_code: 0xc0000005
exception.offset: 234689
exception.address: 0x77d694c1
success 0 0
1619689888.231627
__exception__
stacktrace: 
871642898eb8781d714a951651b2701b+0x3daa @ 0x403daa
871642898eb8781d714a951651b2701b+0x1b23 @ 0x401b23
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1637624
registers.edi: 0
registers.eax: 1447909480
registers.ebp: 1637684
registers.edx: 22104
registers.ebx: 1
registers.esi: 7226184
registers.ecx: 10
exception.instruction_r: ed 89 5d e4 89 4d e0 5a 59 5b 58 83 4d fc ff eb
exception.symbol: 871642898eb8781d714a951651b2701b+0x33cc
exception.instruction: in eax, dx
exception.module: 871642898eb8781d714a951651b2701b.exe
exception.exception_code: 0xc0000096
exception.offset: 13260
exception.address: 0x4033cc
success 0 0
1619689888.231627
__exception__
stacktrace: 
871642898eb8781d714a951651b2701b+0x3db3 @ 0x403db3
871642898eb8781d714a951651b2701b+0x1b23 @ 0x401b23
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1637628
registers.edi: 0
registers.eax: 1447909480
registers.ebp: 1637684
registers.edx: 22104
registers.ebx: 1
registers.esi: 7226184
registers.ecx: 20
exception.instruction_r: ed 89 45 e4 5a 59 5b 58 83 4d fc ff eb 11 33 c0
exception.symbol: 871642898eb8781d714a951651b2701b+0x3465
exception.instruction: in eax, dx
exception.module: 871642898eb8781d714a951651b2701b.exe
exception.exception_code: 0xc0000096
exception.offset: 13413
exception.address: 0x403465
success 0 0
行为判定
动态指标
Allocates read-write-execute memory (usually to unpack itself) (6 个事件)
Time & API Arguments Status Return Repeated
1619685930.5155
NtAllocateVirtualMemory
process_identifier: 200
region_size: 233472
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00a00000
success 0 0
1619685930.5475
NtAllocateVirtualMemory
process_identifier: 200
region_size: 229376
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x01f90000
success 0 0
1619685930.5475
NtProtectVirtualMemory
process_identifier: 200
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 245760
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00400000
success 0 0
1619689887.450627
NtAllocateVirtualMemory
process_identifier: 2520
region_size: 233472
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x003a0000
success 0 0
1619689887.466627
NtAllocateVirtualMemory
process_identifier: 2520
region_size: 229376
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x01ff0000
success 0 0
1619689887.481627
NtProtectVirtualMemory
process_identifier: 2520
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 245760
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00400000
success 0 0
Creates executable files on the filesystem (1 个事件)
file C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\871642898eb8781d714a951651b2701b.exe
Creates a suspicious process (2 个事件)
cmdline "C:\Windows\System32\cmd.exe" /c ping.exe -n 6 127.0.0.1 & type "C:\Windows\System32\calc.exe" > "C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\871642898eb8781d714a951651b2701b.exe"
cmdline cmd.exe /c ping.exe -n 6 127.0.0.1 & type "C:\Windows\System32\calc.exe" > "C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\871642898eb8781d714a951651b2701b.exe"
A process created a hidden window (2 个事件)
Time & API Arguments Status Return Repeated
1619685932.0475
CreateProcessInternalW
thread_identifier: 2404
thread_handle: 0x00000154
process_identifier: 2520
current_directory:
filepath:
track: 1
command_line: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\871642898eb8781d714a951651b2701b.exe /C
filepath_r:
stack_pivoted: 0
creation_flags: 134217728 (CREATE_NO_WINDOW)
process_handle: 0x00000158
inherit_handles: 0
success 1 0
1619685945.2035
ShellExecuteExW
parameters: /c ping.exe -n 6 127.0.0.1 & type "C:\Windows\System32\calc.exe" > "C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\871642898eb8781d714a951651b2701b.exe"
filepath: cmd.exe
filepath_r: cmd.exe
show_type: 0
success 1 0
Searches running processes potentially to identify processes for sandbox evasion, code injection or memory dumping (4 个事件)
The binary likely contains encrypted or compressed data indicative of a packer (1 个事件)
entropy 7.403084421736027 section {'size_of_data': '0x00015c00', 'virtual_address': '0x00233000', 'entropy': 7.403084421736027, 'name': '.rsrc', 'virtual_size': '0x00015a44'} description A section with a high entropy has been found
Uses Windows utilities for basic Windows functionality (3 个事件)
cmdline "C:\Windows\System32\cmd.exe" /c ping.exe -n 6 127.0.0.1 & type "C:\Windows\System32\calc.exe" > "C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\871642898eb8781d714a951651b2701b.exe"
cmdline ping.exe -n 6 127.0.0.1
cmdline cmd.exe /c ping.exe -n 6 127.0.0.1 & type "C:\Windows\System32\calc.exe" > "C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\871642898eb8781d714a951651b2701b.exe"
网络通信
Communicates with host for which no DNS query was performed (1 个事件)
host 172.217.24.14
Detects VMWare through the in instruction feature (1 个事件)
Time & API Arguments Status Return Repeated
1619689888.231627
__exception__
stacktrace: 
871642898eb8781d714a951651b2701b+0x3daa @ 0x403daa
871642898eb8781d714a951651b2701b+0x1b23 @ 0x401b23
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1637624
registers.edi: 0
registers.eax: 1447909480
registers.ebp: 1637684
registers.edx: 22104
registers.ebx: 1
registers.esi: 7226184
registers.ecx: 10
exception.instruction_r: ed 89 5d e4 89 4d e0 5a 59 5b 58 83 4d fc ff eb
exception.symbol: 871642898eb8781d714a951651b2701b+0x33cc
exception.instruction: in eax, dx
exception.module: 871642898eb8781d714a951651b2701b.exe
exception.exception_code: 0xc0000096
exception.offset: 13260
exception.address: 0x4033cc
success 0 0
File has been identified by 60 AntiVirus engines on VirusTotal as malicious (50 out of 60 个事件)
Bkav W32.AIDetectVM.malware2
Elastic malicious (high confidence)
MicroWorld-eScan Trojan.Agent.EPFA
FireEye Generic.mg.871642898eb8781d
CAT-QuickHeal Trojan.Qbot
Qihoo-360 Generic/HEUR/QVM20.1.9C9D.Malware.Gen
ALYac Trojan.Agent.QakBot
Cylance Unsafe
K7AntiVirus Trojan ( 005652be1 )
Alibaba TrojanBanker:Win32/Emotet.b1f99315
K7GW Trojan ( 005652be1 )
Cybereason malicious.98eb87
Arcabit Trojan.Agent.EPFA
Cyren W32/Kryptik.BLB.gen!Eldorado
Symantec Trojan Horse
APEX Malicious
Paloalto generic.ml
ClamAV Win.Malware.Qbot-7682531-0
Kaspersky HEUR:Trojan-Banker.Win32.Qbot.vho
BitDefender Trojan.Agent.EPFA
NANO-Antivirus Trojan.Win32.Inject3.hiwsjy
AegisLab Trojan.Win32.Qbot.7!c
Avast Win32:BankerX-gen [Trj]
Rising Trojan.Kryptik!1.C427 (CLASSIC)
Ad-Aware Trojan.Agent.EPFA
TACHYON Backdoor/W32.Qbot.2381824
Sophos Mal/Generic-R + Mal/EncPk-APV
Comodo TrojWare.Win32.Kryptik.HBR@8qrqpo
F-Secure Heuristic.HEUR/AGEN.1135696
DrWeb Trojan.Inject3.38693
VIPRE Trojan.Win32.Generic!BT
TrendMicro Backdoor.Win32.QAKBOT.SME
McAfee-GW-Edition BehavesLike.Win32.VirRansom.vz
Emsisoft Trojan.Agent.EPFA (B)
Ikarus Trojan-Banker.Agent
Jiangmin Trojan.Banker.Qbot.nn
Avira HEUR/AGEN.1135696
Antiy-AVL Trojan/Win32.Wacatac
Gridinsoft Trojan.Win32.Kryptik.ba!s3
Microsoft Trojan:Win32/Qakbot.CK!MTB
ZoneAlarm HEUR:Trojan-Banker.Win32.Qbot.vho
GData Trojan.Agent.EPFA
Cynet Malicious (score: 100)
AhnLab-V3 Trojan/Win32.Generic.C4065754
Acronis suspicious
McAfee W32/PinkSbot-GN!871642898EB8
MAX malware (ai score=83)
VBA32 BScope.TrojanBanker.Qbot
Malwarebytes Backdoor.Qbot
ESET-NOD32 a variant of Win32/Kryptik.HCWQ
Connects to IP addresses that are no longer responding to requests (legitimate services will remain up-and-running usually) (2 个事件)
dead_host 172.217.24.14:443
dead_host 172.217.160.110:443
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

2020-04-16 21:03:41

Imports

Library KERNEL32.dll:
0x62fc7c VirtualAlloc
0x62fc80 GetModuleHandleW
0x62fc84 lstrcmp
0x62fc8c RemoveDirectoryW
0x62fc90 ReadFileEx
0x62fc94 EscapeCommFunction
0x62fc98 GetComputerNameW
0x62fc9c GlobalUnfix
0x62fca0 GetCurrentProcessId
0x62fca4 lstrcatA
0x62fca8 LocalHandle
0x62fcac InitAtomTable
0x62fcb0 OpenFile
0x62fcb4 GetThreadLocale
0x62fcb8 GlobalAlloc
0x62fcbc _lclose
0x62fcc0 CreateProcessA
0x62fcc4 GetExitCodeProcess
0x62fcc8 CallNamedPipeA
0x62fccc CreateMutexW
0x62fcd0 SetFilePointer
0x62fcd4 CopyFileExW
0x62fcd8 GetFileSizeEx
0x62fcdc UnregisterWaitEx
0x62fce0 GetStringTypeExA
0x62fce4 GetConsoleFontSize
0x62fce8 ReplaceFileA
0x62fcf0 LocalCompact
0x62fcf8 EnumResourceTypesA
0x62fd00 RtlUnwind
0x62fd08 LocalReAlloc
0x62fd0c BuildCommDCBA
0x62fd10 EnumCalendarInfoExW
0x62fd14 ReadConsoleW
0x62fd18 GetStringTypeA
0x62fd1c GetFileType
0x62fd20 FlushFileBuffers
0x62fd24 WriteFile
0x62fd28 GetStdHandle
0x62fd2c GetOEMCP
0x62fd30 SetHandleCount
0x62fd34 CompareStringW
0x62fd38 GetStringTypeW
0x62fd3c SetStdHandle
0x62fd44 RaiseException
0x62fd48 IsBadReadPtr
0x62fd4c lstrlenA
0x62fd50 lstrcpyA
0x62fd54 MulDiv
0x62fd58 LocalAlloc
0x62fd5c OutputDebugStringA
0x62fd60 lstrcmpiA
0x62fd64 GlobalSize
0x62fd68 GlobalReAlloc
0x62fd6c GlobalLock
0x62fd78 GetCurrentProcess
0x62fd80 CloseHandle
0x62fd84 TerminateProcess
0x62fd88 ExitProcess
0x62fd8c HeapCreate
0x62fd90 VirtualFree
0x62fd94 LCMapStringA
0x62fd98 HeapDestroy
0x62fd9c LCMapStringW
0x62fda0 GetStartupInfoA
0x62fda4 GetCommandLineA
0x62fda8 HeapFree
0x62fdac GetModuleHandleA
0x62fdb0 HeapAlloc
0x62fdb4 GetLocalTime
0x62fdb8 MoveFileA
0x62fdbc GetLastError
0x62fdc0 SetErrorMode
0x62fdc4 GetSystemTime
0x62fdcc WinExec
0x62fdd4 GetCPInfo
0x62fdd8 GetLocaleInfoA
0x62fddc WideCharToMultiByte
0x62fde0 GetSystemDirectoryA
0x62fde4 LockResource
0x62fde8 MultiByteToWideChar
0x62fdec SizeofResource
0x62fdf0 LoadResource
0x62fdf4 FreeResource
0x62fdf8 FindResourceA
0x62fdfc _lread
0x62fe00 SetEndOfFile
0x62fe04 _lwrite
0x62fe08 GetModuleFileNameA
0x62fe0c _llseek
0x62fe14 GlobalFlags
0x62fe18 GetTickCount
0x62fe1c FatalAppExitA
0x62fe24 LocalLock
0x62fe28 GlobalUnlock
0x62fe2c LocalUnlock
0x62fe30 GetProcAddress
0x62fe34 LocalFree
0x62fe38 GetACP
0x62fe3c GetVersion
0x62fe40 FreeLibrary
0x62fe44 LoadLibraryA
0x62fe48 GlobalHandle
0x62fe4c GetProfileStringA
0x62fe50 lstrcmpA
0x62fe54 HeapReAlloc
0x62fe58 IsDBCSLeadByte
0x62fe5c GlobalFree
0x62fe60 ReadFile
0x62fe64 CreateFileA
0x62fe68 CompareStringA
Library USER32.dll:
0x62fe70 LoadIconA
0x62fe74 LoadCursorFromFileW
0x62fe78 GetAsyncKeyState
0x62fe7c GetForegroundWindow
0x62fe80 GetKeyboardLayout
0x62fe84 GetDC
0x62fe88 GetSystemMetrics
0x62fe8c GetDlgCtrlID
0x62fe90 GetListBoxInfo
0x62fe94 GetThreadDesktop
0x62fe98 ShowCaret
0x62fe9c DestroyWindow
0x62fea0 GetClipboardViewer
0x62fea4 GetTopWindow
0x62fea8 CharLowerA
0x62feac IsWindow
0x62feb0 GetFocus
0x62feb8 CreateMenu
0x62febc GetCapture
0x62fec0 GetKBCodePage
0x62fec4 InvalidateRect
0x62fec8 SendDlgItemMessageA
0x62fecc GetDialogBaseUnits
0x62fed0 IsDlgButtonChecked
0x62fed4 CheckDlgButton
0x62fed8 GetNextDlgTabItem
0x62fedc SetScrollRange
0x62fee0 SetDlgItemTextA
0x62fee4 GetDlgItemTextA
0x62fee8 MapWindowPoints
0x62feec CheckRadioButton
0x62fef0 GetDoubleClickTime
0x62fef4 ReleaseCapture
0x62fef8 SetCapture
0x62fefc RegisterClassW
0x62ff00 SetMenu
0x62ff04 SetWindowTextA
0x62ff08 GetWindowTextA
0x62ff0c InvalidateRgn
0x62ff10 ScrollDC
0x62ff14 IsZoomed
0x62ff18 AppendMenuA
0x62ff1c GetSystemMenu
0x62ff20 GetClassLongA
0x62ff24 GetClassLongW
0x62ff28 DispatchMessageA
0x62ff2c DispatchMessageW
0x62ff30 GetMessageW
0x62ff34 GetMessageA
0x62ff38 DefWindowProcW
0x62ff3c VkKeyScanA
0x62ff40 LoadKeyboardLayoutA
0x62ff4c InvertRect
0x62ff58 CloseClipboard
0x62ff5c EmptyClipboard
0x62ff60 OpenClipboard
0x62ff68 GetClipboardData
0x62ff6c SetClipboardData
0x62ff70 HiliteMenuItem
0x62ff74 GetMenuState
0x62ff78 GetMenuItemID
0x62ff7c DeleteMenu
0x62ff80 DrawMenuBar
0x62ff84 EqualRect
0x62ff88 UnionRect
0x62ff8c GetDesktopWindow
0x62ff90 GetMessagePos
0x62ff94 GetMessageTime
0x62ff98 SetParent
0x62ff9c GetClassInfoA
0x62ffa0 SetWindowPos
0x62ffa4 MessageBoxA
0x62ffa8 DialogBoxParamA
0x62ffac BringWindowToTop
0x62ffb0 OffsetRect
0x62ffb4 GetCaretBlinkTime
0x62ffb8 SetTimer
0x62ffbc MessageBeep
0x62ffc0 WinHelpA
0x62ffc4 CreateDialogParamA
0x62ffc8 SendMessageA
0x62ffcc EnableWindow
0x62ffd0 GetScrollPos
0x62ffd4 GetScrollRange
0x62ffd8 SetScrollPos
0x62ffdc SetCursor
0x62ffe0 PtInRect
0x62ffe4 ShowCursor
0x62ffe8 IsWindowVisible
0x62ffec GetMenuItemCount
0x62fff0 LoadStringA
0x62fff4 IsWindowUnicode
0x62fff8 UpdateWindow
0x62fffc GetMenu
0x630000 FindWindowA
0x630004 GetKeyState
0x630008 PeekMessageA
0x63000c KillTimer
0x630010 DefWindowProcA
0x630014 LoadCursorA
0x630018 IsDialogMessageA
0x63001c BeginPaint
0x630020 EndPaint
0x630024 ScreenToClient
0x630028 SetRect
0x63002c FillRect
0x630030 IntersectRect
0x630034 CopyRect
0x630038 SetWindowLongA
0x63003c MoveWindow
0x630040 CheckMenuItem
0x630044 SetRectEmpty
0x630048 RemoveMenu
0x63004c GetSubMenu
0x630050 EnableMenuItem
0x630054 GetMenuStringA
0x630058 ModifyMenuA
0x63005c InsertMenuA
0x630060 GetParent
0x630064 TranslateMessage
0x630068 SetForegroundWindow
0x63006c SetFocus
0x630070 PostQuitMessage
0x630074 PostMessageA
0x630078 CreateWindowExA
0x63007c RegisterClassA
0x630080 LoadMenuA
0x630084 IsIconic
0x630088 GetWindowLongA
0x63008c ClientToScreen
0x630090 GetWindowRect
0x630094 GetClassNameA
0x630098 DestroyMenu
0x63009c IsRectEmpty
0x6300a0 ShowWindow
0x6300a4 LoadBitmapA
0x6300a8 GetSysColor
0x6300ac GetDlgItem
0x6300b0 GetClientRect
0x6300b4 DrawTextA
0x6300b8 wsprintfA
0x6300bc GetWindowDC
0x6300c0 ReleaseDC
0x6300c4 EndDialog
0x6300c8 InflateRect
0x6300cc GetCursorPos
0x6300d0 GetActiveWindow
0x6300dc wsprintfW
0x6300e4 EnumWindows
0x6300e8 GetClassNameW
0x6300ec SetActiveWindow
0x6300f0 CheckMenuRadioItem
0x6300f4 GetWindowPlacement
0x6300f8 MonitorFromRect
0x6300fc EnumThreadWindows
0x630100 UnregisterClassA
0x630104 SetMenuItemInfoW
0x630108 GetMenuItemInfoW
0x63010c IsChild
0x630110 AdjustWindowRect
0x630114 UnhookWindowsHookEx
0x630118 SetWindowsHookExW
0x63011c CallNextHookEx
0x630120 GetComboBoxInfo
0x630124 EndDeferWindowPos
0x630128 DeferWindowPos
0x63012c BeginDeferWindowPos
0x630130 DrawEdge
0x630134 DrawTextW
0x630138 CharUpperW
0x630140 LoadAcceleratorsW
0x630148 MapDialogRect
0x63014c CharLowerW
0x630150 DialogBoxParamW
0x630154 SetWindowLongW
0x63015c PostMessageW
0x630160 GetWindowLongW
0x630164 CallWindowProcW
0x630168 CreateWindowExW
0x63016c RegisterClassExW
0x630170 GetClassInfoExW
0x630174 LoadCursorW
0x630178 TrackPopupMenu
0x63017c DrawIconEx
0x630180 DestroyIcon
0x630184 LoadImageW
0x630188 GetScrollInfo
0x63018c CreateDialogParamW
0x630190 LoadIconW
0x630194 MessageBoxW
0x630198 SetWindowTextW
0x63019c IsWindowEnabled
0x6301a0 EnumChildWindows
0x6301a4 RegisterHotKey
0x6301a8 UnregisterHotKey
0x6301ac SetDlgItemTextW
0x6301b0 SendDlgItemMessageW
0x6301b4 MapVirtualKeyW
0x6301b8 CreatePopupMenu
0x6301bc AppendMenuW
0x6301c0 MonitorFromPoint
0x6301c4 GetMonitorInfoW
0x6301c8 AdjustWindowRectEx
0x6301cc GetWindowTextW
0x6301d0 WindowFromPoint
0x6301d8 IsDialogMessageW
0x6301e8 UnregisterClassW
0x6301ec PeekMessageW
0x6301f0 RedrawWindow
0x6301f4 IsCharAlphaW
0x6301f8 TrackPopupMenuEx
0x6301fc SendMessageW
Library GDI32.dll:
0x630204 GetStockObject
0x630208 CreateMetaFileA
0x63020c CreatePatternBrush
0x630210 GetPolyFillMode
0x630214 DeleteDC
0x630218 FillPath
0x63021c UnrealizeObject
0x630220 AddFontResourceA
0x630224 GetFontLanguageInfo
0x63022c CreateFontIndirectA
0x630230 LineTo
0x630234 SetBkMode
0x630238 CreatePen
0x63023c MoveToEx
0x630240 BitBlt
0x630244 DeleteMetaFile
0x630248 GetObjectA
0x63024c GetDeviceCaps
0x630250 SetBkColor
0x630254 CopyMetaFileA
0x630258 PatBlt
0x63025c SetTextColor
0x630260 PtVisible
0x630264 GetTextFaceA
0x630268 CreateBitmap
0x63026c ExtTextOutA
0x630270 SetMapMode
0x630274 CreateFontA
0x630278 GetCharWidthA
0x63027c GetCharWidth32A
0x630280 GetMapMode
0x630284 GetCharWidth32W
0x630288 GetBitmapBits
0x63028c GetCharWidthW
0x630290 TextOutW
0x630294 SetTextAlign
0x630298 TextOutA
0x63029c Escape
0x6302a0 CreateICA
0x6302a4 GetTextMetricsA
0x6302a8 EnumFontFamiliesExA
0x6302ac CreateSolidBrush
0x6302b0 EnumFontsA
0x6302b4 SelectClipRgn
0x6302b8 SetRectRgn
0x6302bc CreateRectRgn
0x6302c0 GetClipBox
0x6302c4 RectVisible
0x6302cc Ellipse
0x6302d0 Polygon
0x6302d4 SetROP2
0x6302d8 SetMapperFlags
0x6302dc ExtTextOutW
0x6302e0 Arc
0x6302e4 SetWindowExtEx
0x6302e8 SetWindowOrgEx
0x6302f0 CloseMetaFile
0x6302f4 RestoreDC
0x6302f8 SaveDC
0x6302fc StretchBlt
0x630300 EnumMetaFile
0x630304 PlayMetaFile
0x630308 SetViewportExtEx
0x63030c SetStretchBltMode
0x630310 FillRgn
0x630314 CombineRgn
0x630318 GetMetaFileBitsEx
0x63031c Rectangle
0x630320 CreateCompatibleDC
0x630324 DeleteObject
0x630328 SelectObject
Library ADVAPI32.dll:
0x630330 RegOpenKeyA
0x630334 RegQueryValueExA
0x630338 RegEnumKeyExA
0x63033c RegEnumValueA
0x630340 RegCloseKey
0x630344 RegOpenKeyExA
0x630348 RegCreateKeyExA
0x63034c RegQueryInfoKeyA
0x630350 RegSetValueExA
0x630354 RegDeleteKeyA
Library ole32.dll:
0x63036c CoDisconnectObject
0x630374 OleUninitialize
0x63037c CoRevokeClassObject
0x630384 OleInitialize
0x63038c OleRegEnumFormatEtc
0x630390 ReleaseStgMedium
0x630394 WriteFmtUserTypeStg
0x6303a8 CoGetMalloc
0x6303ac OleDuplicateData
0x6303b0 OleGetClipboard
0x6303b4 WriteClassStg
0x6303b8 OleFlushClipboard
0x6303bc OleSetClipboard

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 51808 114.114.114.114 53
192.168.56.101 51963 114.114.114.114 53
192.168.56.101 55368 114.114.114.114 53
192.168.56.101 56539 114.114.114.114 53
192.168.56.101 60384 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 123 20.189.79.72 time.windows.com 123
192.168.56.101 49713 224.0.0.252 5355
192.168.56.101 51378 224.0.0.252 5355
192.168.56.101 53237 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 58367 224.0.0.252 5355
192.168.56.101 60123 224.0.0.252 5355
192.168.56.101 62191 224.0.0.252 5355
192.168.56.101 62318 224.0.0.252 5355
192.168.56.101 65004 224.0.0.252 5355
192.168.56.101 1900 239.255.255.250 1900
192.168.56.101 51379 239.255.255.250 3702
192.168.56.101 55369 239.255.255.250 3702

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.