6.6
高危
53 个模型检测该样本为恶意!
重新分析
更多

ef0cfb700eb36b8531002d2ce1142a5441c6ba61575d89d1723d47a2206f1184

8cc6c356eb15b52c0738486d9b876ed0.exe

分析耗时

78s

最近分析

文件大小

880.0KB
静态报毒 动态报毒 100% 3Y0@A8RR6RBJ AI SCORE=99 AIDETECTVM AVWSW BANKERX CLOUD CONFIDENCE DOWNLOADER34 ELDORADO EMOTET FHGO GENCIRC GENERICKDZ GENETIC HIGH CONFIDENCE HPCENT IGENERICPMF KRYPTIK MALWARE1 R049C0DGT20 S15241768 SGENERIC SUSGEN UNSAFE ZEXAF 更多
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
Alibaba Trojan:Win32/Emotet.d0365e97 20190527 0.3.0.5
Baidu 20190318 1.0.0.2
Kingsoft 20200825 2013.8.14.323
McAfee Emotet-FRI!8CC6C356EB15 20200825 6.0.6.653
Tencent Malware.Win32.Gencirc.10cde4ca 20200825 1.0.0.1
CrowdStrike win/malicious_confidence_100% (W) 20190702 1.0
静态指标
Queries for the computername (1 个事件)
Time & API Arguments Status Return Repeated
1619686144.332915
GetComputerNameA
computer_name: OSKAR-PC
success 1 0
Uses Windows APIs to generate a cryptographic key (4 个事件)
Time & API Arguments Status Return Repeated
1619686136.129915
CryptGenKey
crypto_handle: 0x02ae0f60
algorithm_identifier: 0x0000660e ()
provider_handle: 0x02ae0bc8
flags: 1
key: fhKþäb–Kî'ûÁ(—Þ
success 1 0
1619686144.348915
CryptExportKey
crypto_handle: 0x02ae0f60
crypto_export_handle: 0x02ae0c90
buffer: f¤×胞t4æp5IüÎó®}˜u­œœy¦+!3ýÝL¸ŠÙɼ°FˆÔÑдº‘ ÿ(¯úuìiµsÁƒ.ƝÅH¯©$—“?%ç*ÙPlHq:ngD§±K¸ÌÌ3âç;[Ó
blob_type: 1
flags: 64
success 1 0
1619686179.598915
CryptExportKey
crypto_handle: 0x02ae0f60
crypto_export_handle: 0x02ae0c90
buffer: f¤÷‹g^  {wµrF´D-åóf©^ÈÞóUÜύÀˆ4,àÞl‰«Cø«ô´¸ÀîaÌ÷{§t”Z¾À‡=ûý€[ÍÖ¶‘æí‚Æ݉Ò'@Nۍ<ÞO«Î^©P
blob_type: 1
flags: 64
success 1 0
1619686185.363915
CryptExportKey
crypto_handle: 0x02ae0f60
crypto_export_handle: 0x02ae0c90
buffer: f¤¾·bpD%ÍÕ M”_T¥Ç³Ô\O¦ÅíVWTW?¼ qÑ$ Ùúa{nö},6eJ­ò ÷Mˆžóüâ»âÁ†B²£²|HýÌϰQ •vڏ¯h †´
blob_type: 1
flags: 64
success 1 0
The executable contains unknown PE section names indicative of a packer (could be a false positive) (1 个事件)
section .didat
行为判定
动态指标
Allocates read-write-execute memory (usually to unpack itself) (1 个事件)
Time & API Arguments Status Return Repeated
1619686135.379915
NtAllocateVirtualMemory
process_identifier: 2340
region_size: 36864
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12289 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00530000
success 0 0
Foreign language identified in PE resource (3 个事件)
name RT_ICON language LANG_CHINESE offset 0x000d7270 filetype GLS_BINARY_LSB_FIRST sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000128
name RT_ICON language LANG_CHINESE offset 0x000d7270 filetype GLS_BINARY_LSB_FIRST sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000128
name RT_GROUP_ICON language LANG_CHINESE offset 0x000d7398 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000022
Checks adapter addresses which can be used to detect virtual network interfaces (1 个事件)
Time & API Arguments Status Return Repeated
1619686144.926915
GetAdaptersAddresses
flags: 0
family: 0
failed 111 0
Expresses interest in specific running processes (1 个事件)
process 8cc6c356eb15b52c0738486d9b876ed0.exe
Reads the systems User Agent and subsequently performs requests (1 个事件)
Time & API Arguments Status Return Repeated
1619686144.566915
InternetOpenW
proxy_bypass:
access_type: 0
proxy_name:
flags: 0
user_agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
success 13369348 0
网络通信
Communicates with host for which no DNS query was performed (4 个事件)
host 172.217.24.14
host 177.73.0.98
host 185.94.252.13
host 94.176.234.118
Sets or modifies WPAD proxy autoconfiguration file for traffic interception (8 个事件)
Time & API Arguments Status Return Repeated
1619686147.504915
RegSetValueExA
key_handle: 0x000003bc
value: 1
regkey_r: WpadDecisionReason
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionReason
success 0 0
1619686147.504915
RegSetValueExA
key_handle: 0x000003bc
value: pù¿c=×
regkey_r: WpadDecisionTime
reg_type: 3 (REG_BINARY)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionTime
success 0 0
1619686147.504915
RegSetValueExA
key_handle: 0x000003bc
value: 3
regkey_r: WpadDecision
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecision
success 0 0
1619686147.504915
RegSetValueExW
key_handle: 0x000003bc
value: 网络 2
regkey_r: WpadNetworkName
reg_type: 1 (REG_SZ)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadNetworkName
success 0 0
1619686147.504915
RegSetValueExA
key_handle: 0x000003d4
value: 1
regkey_r: WpadDecisionReason
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionReason
success 0 0
1619686147.504915
RegSetValueExA
key_handle: 0x000003d4
value: pù¿c=×
regkey_r: WpadDecisionTime
reg_type: 3 (REG_BINARY)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionTime
success 0 0
1619686147.504915
RegSetValueExA
key_handle: 0x000003d4
value: 3
regkey_r: WpadDecision
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecision
success 0 0
1619686147.535915
RegSetValueExW
key_handle: 0x000003b8
value: {40112ABE-63B3-43C3-BE93-1440EE3AF106}
regkey_r: WpadLastNetwork
reg_type: 1 (REG_SZ)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\WpadLastNetwork
success 0 0
File has been identified by 53 AntiVirus engines on VirusTotal as malicious (50 out of 53 个事件)
Bkav W32.AIDetectVM.malware1
Elastic malicious (high confidence)
DrWeb Trojan.DownLoader34.8243
MicroWorld-eScan Trojan.GenericKDZ.69062
FireEye Trojan.GenericKDZ.69062
CAT-QuickHeal Trojan.IgenericPMF.S15241768
ALYac Trojan.Agent.Emotet
Cylance Unsafe
Zillya Backdoor.Emotet.Win32.655
Sangfor Malware
K7AntiVirus Trojan ( 0056b5371 )
Alibaba Trojan:Win32/Emotet.d0365e97
K7GW Trojan ( 0056b5371 )
Arcabit Trojan.Generic.D10DC6
BitDefenderTheta Gen:NN.ZexaF.34196.3y0@a8Rr6Rbj
Cyren W32/Emotet.AOA.gen!Eldorado
Symantec Trojan.Emotet
APEX Malicious
Paloalto generic.ml
Kaspersky HEUR:Trojan-Banker.Win32.Emotet.pef
BitDefender Trojan.GenericKDZ.69062
NANO-Antivirus Trojan.Win32.Emotet.hpcent
ViRobot Trojan.Win32.Z.Emotet.901120.E
Rising Trojan.Kryptik!1.C80B (CLOUD)
Ad-Aware Trojan.GenericKDZ.69062
TACHYON Trojan/W32.Agent.901120.LG
Emsisoft Trojan.Emotet (A)
F-Secure Trojan.TR/Kryptik.avwsw
VIPRE Trojan.Win32.Generic!BT
TrendMicro TROJ_GEN.R049C0DGT20
Sophos Troj/Emotet-CKH
Ikarus Trojan-Banker.Agent
Jiangmin Backdoor.Emotet.oi
Avira TR/Kryptik.avwsw
Antiy-AVL Trojan/Win32.SGeneric
Microsoft Trojan:Win32/Emotet.ARJ!MTB
AegisLab Trojan.Win32.Emotet.L!c
ZoneAlarm HEUR:Trojan-Banker.Win32.Emotet.pef
GData Trojan.GenericKDZ.69062
AhnLab-V3 Malware/Win32.Generic.C4170346
McAfee Emotet-FRI!8CC6C356EB15
MAX malware (ai score=99)
VBA32 Trojan.Downloader
Malwarebytes Trojan.Emotet
ESET-NOD32 Win32/Emotet.CD
TrendMicro-HouseCall TROJ_GEN.R049C0DGT20
Tencent Malware.Win32.Gencirc.10cde4ca
MaxSecure Trojan.Malware.74690904.susgen
Fortinet W32/Emotet.FHGO!tr
AVG Win32:BankerX-gen [Trj]
Connects to IP addresses that are no longer responding to requests (legitimate services will remain up-and-running usually) (4 个事件)
dead_host 177.73.0.98:443
dead_host 185.94.252.13:443
dead_host 94.176.234.118:443
dead_host 192.168.56.101:49182
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

2020-07-28 04:58:37

Imports

Library KERNEL32.dll:
0x4d0f44 SetFileTime
0x4d0f48 SetFileAttributesA
0x4d0f4c GetFileAttributesA
0x4d0f50 GetFileTime
0x4d0f54 SetErrorMode
0x4d0f58 GetTickCount
0x4d0f5c RtlUnwind
0x4d0f60 RaiseException
0x4d0f64 HeapAlloc
0x4d0f68 HeapFree
0x4d0f6c HeapReAlloc
0x4d0f70 VirtualProtect
0x4d0f74 VirtualAlloc
0x4d0f78 GetSystemInfo
0x4d0f7c VirtualQuery
0x4d0f80 GetCommandLineA
0x4d0f84 GetProcessHeap
0x4d0f88 GetStartupInfoA
0x4d0f8c ExitProcess
0x4d0f90 ExitThread
0x4d0f94 CreateThread
0x4d0f98 HeapSize
0x4d0f9c TerminateProcess
0x4d0fa8 IsDebuggerPresent
0x4d0fac Sleep
0x4d0fb0 GetACP
0x4d0fb4 FatalAppExitA
0x4d0fb8 VirtualFree
0x4d0fc0 HeapCreate
0x4d0fc4 GetStdHandle
0x4d0fd8 SetHandleCount
0x4d0fdc GetFileType
0x4d0fec GetStringTypeA
0x4d0ff0 GetStringTypeW
0x4d0ff8 GetConsoleCP
0x4d0ffc GetConsoleMode
0x4d1000 LCMapStringA
0x4d1004 LCMapStringW
0x4d1008 GetTimeFormatA
0x4d100c GetDateFormatA
0x4d1010 GetUserDefaultLCID
0x4d1014 EnumSystemLocalesA
0x4d1018 IsValidLocale
0x4d101c IsValidCodePage
0x4d1020 GetLocaleInfoW
0x4d1024 SetStdHandle
0x4d1028 WriteConsoleA
0x4d102c GetConsoleOutputCP
0x4d1030 WriteConsoleW
0x4d1044 GetAtomNameA
0x4d1048 GetOEMCP
0x4d104c GetCPInfo
0x4d1050 CreateFileA
0x4d1054 GetShortPathNameA
0x4d1058 GetFullPathNameA
0x4d1060 FindFirstFileA
0x4d1064 FindClose
0x4d1068 DuplicateHandle
0x4d106c GetThreadLocale
0x4d1070 GetFileSize
0x4d1074 SetEndOfFile
0x4d1078 UnlockFile
0x4d107c LockFile
0x4d1080 FlushFileBuffers
0x4d1084 SetFilePointer
0x4d1088 WriteFile
0x4d108c ReadFile
0x4d1090 DeleteFileA
0x4d1094 MoveFileA
0x4d109c TlsFree
0x4d10a4 LocalReAlloc
0x4d10a8 TlsSetValue
0x4d10ac TlsAlloc
0x4d10b4 GlobalHandle
0x4d10bc TlsGetValue
0x4d10c4 LocalAlloc
0x4d10c8 GlobalFlags
0x4d10dc GlobalReAlloc
0x4d10e4 GetModuleFileNameW
0x4d10e8 CopyFileA
0x4d10ec GlobalSize
0x4d10f0 FormatMessageA
0x4d10f4 LocalFree
0x4d10f8 MulDiv
0x4d10fc GlobalGetAtomNameA
0x4d1100 GlobalFindAtomA
0x4d1104 lstrcmpW
0x4d1108 GetVersionExA
0x4d110c GlobalUnlock
0x4d1110 GlobalFree
0x4d1114 FreeResource
0x4d1118 GetCurrentProcessId
0x4d111c SetLastError
0x4d1120 GlobalAddAtomA
0x4d1124 CreateEventA
0x4d1128 SuspendThread
0x4d112c SetEvent
0x4d1130 WaitForSingleObject
0x4d1134 ResumeThread
0x4d1138 SetThreadPriority
0x4d113c CloseHandle
0x4d1140 GetCurrentThread
0x4d1144 GetCurrentThreadId
0x4d114c GetModuleFileNameA
0x4d1154 GetLocaleInfoA
0x4d1158 GlobalLock
0x4d115c lstrcmpA
0x4d1160 GlobalAlloc
0x4d1164 GlobalDeleteAtom
0x4d1168 GetModuleHandleA
0x4d116c GetStringTypeExW
0x4d1170 GetStringTypeExA
0x4d117c lstrlenA
0x4d1180 lstrcmpiW
0x4d1184 lstrcmpiA
0x4d1188 CompareStringW
0x4d118c CompareStringA
0x4d1190 lstrlenW
0x4d1194 GetVersion
0x4d1198 GetLastError
0x4d119c MultiByteToWideChar
0x4d11a0 InterlockedExchange
0x4d11a8 LoadLibraryA
0x4d11ac FreeLibrary
0x4d11b0 lstrcatA
0x4d11b4 CreateProcessA
0x4d11b8 LoadLibraryExA
0x4d11bc GetProcAddress
0x4d11c0 GetCurrentProcess
0x4d11c4 WideCharToMultiByte
0x4d11c8 WinExec
0x4d11cc FindResourceA
0x4d11d0 LoadResource
0x4d11d4 LockResource
0x4d11d8 HeapDestroy
0x4d11dc SizeofResource
Library USER32.dll:
0x4d1404 CharNextA
0x4d140c IsRectEmpty
0x4d1410 SetRect
0x4d1414 InvalidateRgn
0x4d1418 GetNextDlgGroupItem
0x4d141c UnregisterClassA
0x4d1424 SetMenu
0x4d1428 BringWindowToTop
0x4d142c CreatePopupMenu
0x4d1430 InsertMenuItemA
0x4d1434 LoadAcceleratorsA
0x4d1438 LoadMenuA
0x4d143c ReuseDDElParam
0x4d1440 UnpackDDElParam
0x4d1448 GetKeyNameTextA
0x4d144c MapVirtualKeyA
0x4d1450 SetParent
0x4d1454 UnionRect
0x4d1458 PostThreadMessageA
0x4d145c SetTimer
0x4d1460 KillTimer
0x4d1464 GetDCEx
0x4d1468 LockWindowUpdate
0x4d146c GrayStringA
0x4d1470 DrawTextExA
0x4d1474 DrawTextA
0x4d1478 TabbedTextOutA
0x4d147c FillRect
0x4d1480 GetMenuStringA
0x4d1484 InsertMenuA
0x4d1488 RemoveMenu
0x4d148c ScrollWindowEx
0x4d1490 ShowWindow
0x4d1494 MoveWindow
0x4d1498 SetWindowTextA
0x4d149c IsDialogMessageA
0x4d14a0 IsDlgButtonChecked
0x4d14a4 SetDlgItemTextA
0x4d14a8 SetDlgItemInt
0x4d14ac GetDlgItemTextA
0x4d14b0 GetDlgItemInt
0x4d14b4 CheckRadioButton
0x4d14b8 CheckDlgButton
0x4d14c0 SendDlgItemMessageA
0x4d14c4 WinHelpA
0x4d14c8 IsChild
0x4d14cc GetCapture
0x4d14d0 GetClassLongA
0x4d14d4 GetClassNameA
0x4d14d8 SetPropA
0x4d14dc GetPropA
0x4d14e0 RemovePropA
0x4d14e4 SetFocus
0x4d14ec GetWindowTextA
0x4d14f0 GetForegroundWindow
0x4d14f4 BeginDeferWindowPos
0x4d14f8 EndDeferWindowPos
0x4d14fc GetTopWindow
0x4d1500 GetMessageTime
0x4d1504 GetMessagePos
0x4d1508 MapWindowPoints
0x4d150c ScrollWindow
0x4d1510 TrackPopupMenuEx
0x4d1514 GetDialogBaseUnits
0x4d1518 SetScrollRange
0x4d151c GetScrollRange
0x4d1520 SetScrollPos
0x4d1524 GetScrollPos
0x4d1528 SetForegroundWindow
0x4d152c ShowScrollBar
0x4d1530 UpdateWindow
0x4d1534 GetMenu
0x4d1538 GetSubMenu
0x4d153c GetMenuItemID
0x4d1540 GetMenuItemCount
0x4d1544 CreateWindowExA
0x4d1548 GetClassInfoExA
0x4d154c GetClassInfoA
0x4d1550 RegisterClassA
0x4d1554 AdjustWindowRectEx
0x4d1558 ScreenToClient
0x4d155c EqualRect
0x4d1560 DeferWindowPos
0x4d1564 CopyRect
0x4d1568 GetScrollInfo
0x4d156c SetScrollInfo
0x4d1570 SetWindowPlacement
0x4d1574 GetDlgCtrlID
0x4d1578 DefWindowProcA
0x4d157c CallWindowProcA
0x4d1580 OffsetRect
0x4d1584 IntersectRect
0x4d158c GetWindowPlacement
0x4d1590 GetWindow
0x4d1598 MapDialogRect
0x4d159c SetWindowPos
0x4d15a0 GetDesktopWindow
0x4d15a4 SetActiveWindow
0x4d15ac DestroyWindow
0x4d15b0 GetDlgItem
0x4d15b4 GetNextDlgTabItem
0x4d15b8 EndDialog
0x4d15c0 GetWindowLongA
0x4d15c4 GetLastActivePopup
0x4d15c8 IsWindowEnabled
0x4d15cc MessageBoxA
0x4d15d0 ShowOwnedPopups
0x4d15d4 SetWindowsHookExA
0x4d15d8 CallNextHookEx
0x4d15dc GetMessageA
0x4d15e0 PtInRect
0x4d15e4 SetRectEmpty
0x4d15e8 DrawIcon
0x4d15ec AppendMenuA
0x4d15f0 SendMessageA
0x4d15f4 GetSystemMenu
0x4d15f8 TranslateMessage
0x4d15fc DispatchMessageA
0x4d1600 GetActiveWindow
0x4d1604 IsWindowVisible
0x4d1608 GetKeyState
0x4d160c PeekMessageA
0x4d1610 GetCursorPos
0x4d1614 ValidateRect
0x4d1618 SetMenuItemBitmaps
0x4d1620 LoadBitmapA
0x4d1624 GetFocus
0x4d1628 ModifyMenuA
0x4d162c DestroyIcon
0x4d1630 GetSysColorBrush
0x4d1634 WaitMessage
0x4d1638 DeleteMenu
0x4d163c WindowFromPoint
0x4d1640 DestroyMenu
0x4d1644 GetMenuItemInfoA
0x4d1648 EndPaint
0x4d164c BeginPaint
0x4d1650 GetWindowDC
0x4d1654 TrackPopupMenu
0x4d1658 ClientToScreen
0x4d165c IsIconic
0x4d1660 GetWindowRect
0x4d1664 GetClientRect
0x4d1668 InvalidateRect
0x4d166c OpenClipboard
0x4d1670 EnableWindow
0x4d1674 LoadIconA
0x4d1678 GetSystemMetrics
0x4d167c CloseClipboard
0x4d1680 SetClipboardData
0x4d1684 SetCursor
0x4d1688 InflateRect
0x4d168c GetDC
0x4d1690 ReleaseDC
0x4d1694 RedrawWindow
0x4d1698 SetCapture
0x4d169c GetParent
0x4d16a0 MessageBeep
0x4d16a4 ReleaseCapture
0x4d16a8 IsWindow
0x4d16ac GetSysColor
0x4d16b0 DestroyCursor
0x4d16b4 SetWindowLongA
0x4d16b8 CopyIcon
0x4d16bc LoadCursorA
0x4d16c0 CharLowerA
0x4d16c4 CharLowerW
0x4d16c8 CharUpperA
0x4d16cc CharUpperW
0x4d16d0 PostQuitMessage
0x4d16d4 PostMessageA
0x4d16d8 CheckMenuItem
0x4d16dc EnableMenuItem
0x4d16e0 GetMenuState
0x4d16e4 UnhookWindowsHookEx
Library GDI32.dll:
0x4d0d60 ScaleViewportExtEx
0x4d0d64 SetWindowOrgEx
0x4d0d68 OffsetWindowOrgEx
0x4d0d6c SetWindowExtEx
0x4d0d70 ScaleWindowExtEx
0x4d0d78 ArcTo
0x4d0d7c PolyDraw
0x4d0d80 PolylineTo
0x4d0d84 PolyBezierTo
0x4d0d88 ExtSelectClipRgn
0x4d0d8c DeleteDC
0x4d0d94 CreatePatternBrush
0x4d0d98 CreateCompatibleDC
0x4d0d9c SelectPalette
0x4d0da0 PlayMetaFileRecord
0x4d0da4 GetObjectType
0x4d0da8 EnumMetaFile
0x4d0dac SetViewportExtEx
0x4d0db0 CreatePen
0x4d0db4 ExtCreatePen
0x4d0db8 CreateSolidBrush
0x4d0dbc CreateHatchBrush
0x4d0dc4 SetRectRgn
0x4d0dc8 CombineRgn
0x4d0dcc GetMapMode
0x4d0dd0 PatBlt
0x4d0dd4 DPtoLP
0x4d0dd8 GetTextMetricsA
0x4d0ddc GetBkColor
0x4d0de0 GetTextColor
0x4d0de4 GetRgnBox
0x4d0dec GetCharWidthA
0x4d0df0 CreateFontA
0x4d0df4 StretchDIBits
0x4d0df8 OffsetViewportOrgEx
0x4d0dfc SetViewportOrgEx
0x4d0e00 SelectObject
0x4d0e04 Escape
0x4d0e08 ExtTextOutA
0x4d0e0c TextOutA
0x4d0e10 RectVisible
0x4d0e14 PtVisible
0x4d0e18 StartDocA
0x4d0e1c GetPixel
0x4d0e20 BitBlt
0x4d0e24 PlayMetaFile
0x4d0e28 CreateBrushIndirect
0x4d0e2c GetViewportExtEx
0x4d0e30 SelectClipPath
0x4d0e34 CreateRectRgn
0x4d0e38 GetClipRgn
0x4d0e3c SelectClipRgn
0x4d0e40 DeleteObject
0x4d0e44 SetColorAdjustment
0x4d0e48 SetArcDirection
0x4d0e4c SetMapperFlags
0x4d0e58 SetTextAlign
0x4d0e5c MoveToEx
0x4d0e60 LineTo
0x4d0e64 OffsetClipRgn
0x4d0e68 IntersectClipRect
0x4d0e6c ExcludeClipRect
0x4d0e70 SetMapMode
0x4d0e78 SetWorldTransform
0x4d0e7c SetGraphicsMode
0x4d0e80 SetStretchBltMode
0x4d0e84 SetROP2
0x4d0e88 SetPolyFillMode
0x4d0e8c SetBkMode
0x4d0e90 RestoreDC
0x4d0e94 SaveDC
0x4d0e98 CreateDCA
0x4d0e9c CopyMetaFileA
0x4d0ea0 GetDeviceCaps
0x4d0ea4 SetBkColor
0x4d0ea8 SetTextColor
0x4d0eac GetClipBox
0x4d0eb0 GetDCOrgEx
0x4d0eb8 GetObjectA
0x4d0ebc CreateFontIndirectA
0x4d0ec0 GetStockObject
0x4d0ec4 Rectangle
0x4d0ec8 CreateBitmap
0x4d0ecc GetWindowExtEx
Library comdlg32.dll:
0x4d17e0 GetFileTitleA
Library WINSPOOL.DRV:
0x4d17a8 DocumentPropertiesA
0x4d17ac OpenPrinterA
0x4d17b0 ClosePrinter
Library ADVAPI32.dll:
0x4d0cfc RegDeleteValueA
0x4d0d00 RegSetValueExA
0x4d0d04 RegCreateKeyExA
0x4d0d08 RegSetValueA
0x4d0d0c RegOpenKeyA
0x4d0d10 RegEnumKeyA
0x4d0d14 RegDeleteKeyA
0x4d0d18 RegQueryValueA
0x4d0d1c RegOpenKeyExA
0x4d0d20 RegQueryValueExA
0x4d0d24 RegCloseKey
0x4d0d28 RegCreateKeyA
Library SHELL32.dll:
0x4d137c ExtractIconA
0x4d1380 SHGetFileInfoA
0x4d1384 DragFinish
0x4d1388 DragQueryFileA
0x4d138c ShellExecuteA
Library SHLWAPI.dll:
0x4d13c4 PathFindFileNameA
0x4d13c8 PathStripToRootA
0x4d13cc PathFindExtensionA
0x4d13d0 PathIsUNCA
Library oledlg.dll:
0x4d18d8
Library ole32.dll:
0x4d1814 OleInitialize
0x4d181c OleUninitialize
0x4d1820 OleRun
0x4d1824 StringFromGUID2
0x4d1828 CoCreateInstance
0x4d182c CoDisconnectObject
0x4d183c CoGetClassObject
0x4d1840 OleDuplicateData
0x4d1844 CoRevokeClassObject
0x4d1848 ReleaseStgMedium
0x4d184c CreateBindCtx
0x4d1850 CoTreatAsClass
0x4d1854 StringFromCLSID
0x4d1858 ReadClassStg
0x4d185c ReadFmtUserTypeStg
0x4d1860 OleRegGetUserType
0x4d1864 WriteClassStg
0x4d1868 WriteFmtUserTypeStg
0x4d186c SetConvertStg
0x4d1870 CoTaskMemFree
0x4d1874 CLSIDFromString
0x4d1878 CLSIDFromProgID
0x4d1880 OleSetClipboard
0x4d1884 OleFlushClipboard
0x4d188c CoTaskMemAlloc
Library OLEAUT32.dll:
0x4d1290 SysAllocStringLen
0x4d1294 VariantClear
0x4d1298 VariantChangeType
0x4d129c VariantInit
0x4d12a0 SysStringLen
0x4d12a8 SysStringByteLen
0x4d12b8 SafeArrayDestroy
0x4d12bc SysAllocString
0x4d12c4 SafeArrayAccessData
0x4d12c8 SafeArrayGetUBound
0x4d12cc SafeArrayGetLBound
0x4d12d4 SafeArrayGetDim
0x4d12d8 SafeArrayCreate
0x4d12dc SafeArrayRedim
0x4d12e0 VariantCopy
0x4d12e4 SafeArrayAllocData
0x4d12ec SafeArrayCopy
0x4d12f0 SafeArrayGetElement
0x4d12f4 SafeArrayPtrOfIndex
0x4d12f8 SafeArrayPutElement
0x4d12fc SafeArrayLock
0x4d1300 SafeArrayUnlock
0x4d130c SysReAllocStringLen
0x4d1310 VarDateFromStr
0x4d1314 VarBstrFromCy
0x4d1318 VarBstrFromDec
0x4d131c VarDecFromStr
0x4d1320 VarCyFromStr
0x4d1324 VarBstrFromDate
0x4d1328 LoadTypeLib
0x4d132c SysFreeString

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 49235 114.114.114.114 53
192.168.56.101 50534 114.114.114.114 53
192.168.56.101 56539 114.114.114.114 53
192.168.56.101 65004 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 51808 224.0.0.252 5355
192.168.56.101 55368 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 60123 224.0.0.252 5355
192.168.56.101 62191 224.0.0.252 5355
192.168.56.101 1900 239.255.255.250 1900
192.168.56.101 50535 239.255.255.250 3702
192.168.56.101 56540 239.255.255.250 3702
192.168.56.101 56807 239.255.255.250 1900
192.168.56.101 58707 239.255.255.250 3702

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.