5.8
高危
58 个模型检测该样本为恶意!
重新分析
更多

76aeceb07ade4e0dca6cf046b682ae5909f578b725da30d10a46c6fb58cc3f33

900b759ab7a29b28175f5a63c4437d05.exe

分析耗时

34s

最近分析

文件大小

671.0KB
静态报毒 动态报毒 3FQPOOLZVOK AGENTTESLA AI SCORE=80 AIDETECTVM ANDROM CONFIDENCE DELF DELPHILESS ELXR ELYE FAREIT GENKRYPTIK HIGH CONFIDENCE HKDZBW KRYPTIK LOKI LOKIBOT MALWARE1 MALWARE@#3P2AK4FGDNL0F MUDD NNDTK PGW@AQEAEEKI R + MAL SCORE SMAD1 STATIC AI SUSGEN SUSPICIOUS PE TRJGEN TSCOPE UNSAFE WACATAC X2066 ZELPHIF ZRMSMZCZOXT 更多
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
Alibaba Backdoor:Win32/Lokibot.9e26c898 20190527 0.3.0.5
Baidu 20190318 1.0.0.2
Avast Win32:Trojan-gen 20201210 21.1.5827.0
Kingsoft 20201211 2017.9.26.565
McAfee Fareit-FTB!900B759AB7A2 20201211 6.0.6.653
CrowdStrike win/malicious_confidence_90% (W) 20190702 1.0
静态指标
The executable contains unknown PE section names indicative of a packer (could be a false positive) (3 个事件)
section CODE
section DATA
section BSS
The executable uses a known packer (1 个事件)
packer BobSoft Mini Delphi -> BoB / BobSoft
One or more processes crashed (1 个事件)
Time & API Arguments Status Return Repeated
1619718550.73625
__exception__
stacktrace: 
CreateFileMappingW+0xe5 OpenFileMappingW-0x29 kernelbase+0xdc73 @ 0x778edc73
GetFileVersion+0xa7 ND_RI2-0x2eb mscoreei+0xe97b @ 0x7501e97b
GetFileVersion+0x1bb ND_RI2-0x1d7 mscoreei+0xea8f @ 0x7501ea8f
RegisterShimImplCallback+0x48e5 CLRCreateInstance-0x13e6 mscoreei+0xb25a @ 0x7501b25a
RegisterShimImplCallback+0x4b52 CLRCreateInstance-0x1179 mscoreei+0xb4c7 @ 0x7501b4c7
RegisterShimImplCallback+0x4300 CLRCreateInstance-0x19cb mscoreei+0xac75 @ 0x7501ac75
RegisterShimImplCallback+0x4561 CLRCreateInstance-0x176a mscoreei+0xaed6 @ 0x7501aed6
CreateConfigStream+0xc89 _CorExeMain-0x62 mscoreei+0x5511 @ 0x75015511
_CorExeMain+0x2b _CorExeMain2-0x141 mscoreei+0x559e @ 0x7501559e
CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x75137f16
_CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x75134de3
900b759ab7a29b28175f5a63c4437d05+0x58a4d @ 0x458a4d
900b759ab7a29b28175f5a63c4437d05+0x51254 @ 0x451254
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1634372
registers.edi: 2
registers.eax: 1
registers.ebp: 1634412
registers.edx: 228
registers.ebx: 983045
registers.esi: 1634532
registers.ecx: 228
exception.symbol:
exception.exception_code: 0xc0000005
exception.address: 0xfd9114ad
success 0 0
行为判定
动态指标
One or more potentially interesting buffers were extracted, these generally contain injected code, configuration data, etc.
Allocates read-write-execute memory (usually to unpack itself) (30 个事件)
Time & API Arguments Status Return Repeated
1619718546.049
NtAllocateVirtualMemory
process_identifier: 2764
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x003e0000
success 0 0
1619718546.267
NtProtectVirtualMemory
process_identifier: 2764
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 40960
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00453000
success 0 0
1619718546.267
NtAllocateVirtualMemory
process_identifier: 2764
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x007e0000
success 0 0
1619718547.67425
NtProtectVirtualMemory
process_identifier: 1060
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00400000
success 0 0
1619718547.79925
NtAllocateVirtualMemory
process_identifier: 1060
region_size: 2162688
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 8192 (MEM_RESERVE)
base_address: 0x01d90000
success 0 0
1619718547.79925
NtAllocateVirtualMemory
process_identifier: 1060
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x01f60000
success 0 0
1619718547.79925
NtAllocateVirtualMemory
process_identifier: 1060
region_size: 327680
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x01d90000
success 0 0
1619718547.81425
NtProtectVirtualMemory
process_identifier: 1060
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 299008
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x01d92000
success 0 0
1619718548.93925
NtAllocateVirtualMemory
process_identifier: 1060
region_size: 1966080
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 8192 (MEM_RESERVE)
base_address: 0x01fa0000
success 0 0
1619718548.93925
NtAllocateVirtualMemory
process_identifier: 1060
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x02140000
success 0 0
1619718550.70525
NtProtectVirtualMemory
process_identifier: 1060
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x003f2000
success 0 0
1619718550.70525
NtProtectVirtualMemory
process_identifier: 1060
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76351000
success 0 0
1619718550.70525
NtProtectVirtualMemory
process_identifier: 1060
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x003f2000
success 0 0
1619718550.70525
NtProtectVirtualMemory
process_identifier: 1060
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76353000
success 0 0
1619718550.70525
NtProtectVirtualMemory
process_identifier: 1060
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x003f2000
success 0 0
1619718550.70525
NtProtectVirtualMemory
process_identifier: 1060
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76354000
success 0 0
1619718550.70525
NtProtectVirtualMemory
process_identifier: 1060
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x003f2000
success 0 0
1619718550.70525
NtProtectVirtualMemory
process_identifier: 1060
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76351000
success 0 0
1619718550.70525
NtProtectVirtualMemory
process_identifier: 1060
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x003f2000
success 0 0
1619718550.70525
NtProtectVirtualMemory
process_identifier: 1060
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x77d4f000
success 0 0
1619718550.70525
NtProtectVirtualMemory
process_identifier: 1060
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x003f2000
success 0 0
1619718550.70525
NtProtectVirtualMemory
process_identifier: 1060
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76353000
success 0 0
1619718550.70525
NtProtectVirtualMemory
process_identifier: 1060
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x003f2000
success 0 0
1619718550.70525
NtProtectVirtualMemory
process_identifier: 1060
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76351000
success 0 0
1619718550.70525
NtProtectVirtualMemory
process_identifier: 1060
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x003f2000
success 0 0
1619718550.70525
NtProtectVirtualMemory
process_identifier: 1060
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76351000
success 0 0
1619718550.70525
NtProtectVirtualMemory
process_identifier: 1060
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x003f2000
success 0 0
1619718550.70525
NtProtectVirtualMemory
process_identifier: 1060
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76354000
success 0 0
1619718550.70525
NtProtectVirtualMemory
process_identifier: 1060
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x003f2000
success 0 0
1619718550.70525
NtProtectVirtualMemory
process_identifier: 1060
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76351000
success 0 0
The binary likely contains encrypted or compressed data indicative of a packer (2 个事件)
entropy 7.457814850506247 section {'size_of_data': '0x00042800', 'virtual_address': '0x0006b000', 'entropy': 7.457814850506247, 'name': '.rsrc', 'virtual_size': '0x0004271c'} description A section with a high entropy has been found
entropy 0.3970149253731343 description Overall entropy of this PE file is high
网络通信
Communicates with host for which no DNS query was performed (1 个事件)
host 172.217.24.14
Used NtSetContextThread to modify a thread in a remote process indicative of process injection (2 个事件)
Process injection Process 2764 called NtSetContextThread to modify thread in remote process 1060
Time & API Arguments Status Return Repeated
1619718546.845
NtSetContextThread
thread_handle: 0x00000104
registers.eip: 0
registers.esp: 0
registers.edi: 0
registers.eax: 4894160
registers.ebp: 0
registers.edx: 0
registers.ebx: 2130567168
registers.esi: 0
registers.ecx: 0
process_identifier: 1060
success 0 0
Resumed a suspended thread in a remote process potentially indicative of process injection (2 个事件)
Process injection Process 2764 resumed a thread in remote process 1060
Time & API Arguments Status Return Repeated
1619718547.439
NtResumeThread
thread_handle: 0x00000104
suspend_count: 1
process_identifier: 1060
success 0 0
Executed a process and injected code into it, probably while unpacking (6 个事件)
Time & API Arguments Status Return Repeated
1619718546.752
CreateProcessInternalW
thread_identifier: 2436
thread_handle: 0x00000104
process_identifier: 1060
current_directory:
filepath:
track: 1
command_line: "C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\900b759ab7a29b28175f5a63c4437d05.exe"
filepath_r:
stack_pivoted: 0
creation_flags: 4 (CREATE_SUSPENDED)
process_handle: 0x00000108
inherit_handles: 0
success 1 0
1619718546.752
NtUnmapViewOfSection
process_identifier: 1060
region_size: 4096
process_handle: 0x00000108
base_address: 0x00400000
success 0 0
1619718546.752
NtMapViewOfSection
section_handle: 0x00000110
process_identifier: 1060
commit_size: 704512
win32_protect: 64 (PAGE_EXECUTE_READWRITE)
buffer:
process_handle: 0x00000108
allocation_type: 0 ()
section_offset: 0
view_size: 704512
base_address: 0x00400000
success 0 0
1619718546.845
NtGetContextThread
thread_handle: 0x00000104
success 0 0
1619718546.845
NtSetContextThread
thread_handle: 0x00000104
registers.eip: 0
registers.esp: 0
registers.edi: 0
registers.eax: 4894160
registers.ebp: 0
registers.edx: 0
registers.ebx: 2130567168
registers.esi: 0
registers.ecx: 0
process_identifier: 1060
success 0 0
1619718547.439
NtResumeThread
thread_handle: 0x00000104
suspend_count: 1
process_identifier: 1060
success 0 0
File has been identified by 58 AntiVirus engines on VirusTotal as malicious (50 out of 58 个事件)
Bkav W32.AIDetectVM.malware1
Elastic malicious (high confidence)
MicroWorld-eScan Trojan.Delf.FareIt.Gen.7
FireEye Generic.mg.900b759ab7a29b28
ALYac Trojan.Delf.FareIt.Gen.7
Cylance Unsafe
Zillya Trojan.Injector.Win32.736797
Sangfor Malware
K7AntiVirus Trojan ( 005685ef1 )
Alibaba Backdoor:Win32/Lokibot.9e26c898
K7GW Trojan ( 005685ef1 )
Cybereason malicious.e07901
Arcabit Trojan.Delf.FareIt.Gen.7
Cyren W32/Injector.MUDD-3657
Symantec Trojan.Gen.MBT
APEX Malicious
Avast Win32:Trojan-gen
Kaspersky HEUR:Backdoor.Win32.Androm.gen
BitDefender Trojan.Delf.FareIt.Gen.7
NANO-Antivirus Trojan.Win32.TrjGen.hkdzbw
Paloalto generic.ml
Ad-Aware Trojan.Delf.FareIt.Gen.7
Emsisoft Trojan.Delf.FareIt.Gen.7 (B)
Comodo Malware@#3p2ak4fgdnl0f
F-Secure Trojan.TR/Injector.nndtk
DrWeb Trojan.PWS.Stealer.28501
VIPRE Trojan.Win32.Generic!BT
TrendMicro TrojanSpy.Win32.LOKI.SMAD1.hp
McAfee-GW-Edition BehavesLike.Win32.Fareit.jc
Sophos Mal/Generic-R + Mal/Fareit-AA
SentinelOne Static AI - Suspicious PE
Avira TR/Injector.nndtk
eGambit Unsafe.AI_Score_99%
Antiy-AVL Trojan/Win32.Wacatac
Gridinsoft Trojan.Win32.Kryptik.ba!s1
Microsoft Trojan:Win32/Lokibot.V!MTB
AegisLab Trojan.Multi.Generic.4!c
ZoneAlarm HEUR:Backdoor.Win32.Androm.gen
GData Win32.Trojan.Injector.PA
Cynet Malicious (score: 100)
AhnLab-V3 Suspicious/Win.Delphiless.X2066
Acronis suspicious
McAfee Fareit-FTB!900B759AB7A2
MAX malware (ai score=80)
VBA32 TScope.Trojan.Delf
Malwarebytes Spyware.AgentTesla
ESET-NOD32 a variant of Win32/Injector.ELYE
TrendMicro-HouseCall TrojanSpy.Win32.LOKI.SMAD1.hp
Rising Trojan.GenKryptik!8.AA55 (TFE:5:zrmSMZczoXT)
Yandex Trojan.Injector!3FQpOOlzvOk
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

1992-06-20 06:22:17

Imports

Library kernel32.dll:
0x460150 VirtualFree
0x460154 VirtualAlloc
0x460158 LocalFree
0x46015c LocalAlloc
0x460160 GetVersion
0x460164 GetCurrentThreadId
0x460170 VirtualQuery
0x460174 WideCharToMultiByte
0x460178 MultiByteToWideChar
0x46017c lstrlenA
0x460180 lstrcpynA
0x460184 LoadLibraryExA
0x460188 GetThreadLocale
0x46018c GetStartupInfoA
0x460190 GetProcAddress
0x460194 GetModuleHandleA
0x460198 GetModuleFileNameA
0x46019c GetLocaleInfoA
0x4601a0 GetCommandLineA
0x4601a4 FreeLibrary
0x4601a8 FindFirstFileA
0x4601ac FindClose
0x4601b0 ExitProcess
0x4601b4 WriteFile
0x4601bc RtlUnwind
0x4601c0 RaiseException
0x4601c4 GetStdHandle
Library user32.dll:
0x4601cc GetKeyboardType
0x4601d0 LoadStringA
0x4601d4 MessageBoxA
0x4601d8 CharNextA
Library advapi32.dll:
0x4601e0 RegQueryValueExA
0x4601e4 RegOpenKeyExA
0x4601e8 RegCloseKey
Library oleaut32.dll:
0x4601f0 SysFreeString
0x4601f4 SysReAllocStringLen
0x4601f8 SysAllocStringLen
Library kernel32.dll:
0x460200 TlsSetValue
0x460204 TlsGetValue
0x460208 LocalAlloc
0x46020c GetModuleHandleA
Library advapi32.dll:
0x460214 RegQueryValueExA
0x460218 RegOpenKeyExA
0x46021c RegCloseKey
Library kernel32.dll:
0x460224 lstrcpyA
0x460228 WriteFile
0x46022c WaitForSingleObject
0x460230 VirtualQuery
0x460234 VirtualProtect
0x460238 VirtualAlloc
0x46023c Sleep
0x460240 SizeofResource
0x460244 SetThreadLocale
0x460248 SetFilePointer
0x46024c SetEvent
0x460250 SetErrorMode
0x460254 SetEndOfFile
0x460258 ResetEvent
0x46025c ReadFile
0x460260 MulDiv
0x460264 LockResource
0x460268 LoadResource
0x46026c LoadLibraryA
0x460278 GlobalUnlock
0x46027c GlobalReAlloc
0x460280 GlobalHandle
0x460284 GlobalLock
0x460288 GlobalFree
0x46028c GlobalFindAtomA
0x460290 GlobalDeleteAtom
0x460294 GlobalAlloc
0x460298 GlobalAddAtomA
0x46029c GetVersionExA
0x4602a0 GetVersion
0x4602a4 GetTickCount
0x4602a8 GetThreadLocale
0x4602b0 GetSystemTime
0x4602b4 GetSystemInfo
0x4602b8 GetStringTypeExA
0x4602bc GetStdHandle
0x4602c0 GetProcAddress
0x4602c4 GetModuleHandleA
0x4602c8 GetModuleFileNameA
0x4602cc GetLocaleInfoA
0x4602d0 GetLocalTime
0x4602d4 GetLastError
0x4602d8 GetFullPathNameA
0x4602dc GetDiskFreeSpaceA
0x4602e0 GetDateFormatA
0x4602e4 GetCurrentThreadId
0x4602e8 GetCurrentProcessId
0x4602ec GetCPInfo
0x4602f0 GetACP
0x4602f4 FreeResource
0x4602f8 InterlockedExchange
0x4602fc FreeLibrary
0x460300 FormatMessageA
0x460304 FindResourceA
0x46030c ExitThread
0x460310 ExitProcess
0x460314 EnumCalendarInfoA
0x460320 CreateThread
0x460324 CreateFileA
0x460328 CreateEventA
0x46032c CompareStringA
0x460330 CloseHandle
Library version.dll:
0x460338 VerQueryValueA
0x460340 GetFileVersionInfoA
Library gdi32.dll:
0x460348 UnrealizeObject
0x46034c StretchBlt
0x460350 SetWindowOrgEx
0x460354 SetViewportOrgEx
0x460358 SetTextColor
0x46035c SetStretchBltMode
0x460360 SetROP2
0x460364 SetPixel
0x460368 SetDIBColorTable
0x46036c SetBrushOrgEx
0x460370 SetBkMode
0x460374 SetBkColor
0x460378 SelectPalette
0x46037c SelectObject
0x460380 SaveDC
0x460384 RestoreDC
0x460388 Rectangle
0x46038c RectVisible
0x460390 RealizePalette
0x460394 PatBlt
0x460398 MoveToEx
0x46039c MaskBlt
0x4603a0 LineTo
0x4603a4 IntersectClipRect
0x4603a8 GetWindowOrgEx
0x4603ac GetTextMetricsA
0x4603b8 GetStockObject
0x4603bc GetPixel
0x4603c0 GetPaletteEntries
0x4603c4 GetObjectA
0x4603c8 GetDeviceCaps
0x4603cc GetDIBits
0x4603d0 GetDIBColorTable
0x4603d4 GetDCOrgEx
0x4603dc GetClipBox
0x4603e0 GetBrushOrgEx
0x4603e4 GetBitmapBits
0x4603e8 ExcludeClipRect
0x4603ec DeleteObject
0x4603f0 DeleteDC
0x4603f4 CreateSolidBrush
0x4603f8 CreatePenIndirect
0x4603fc CreatePalette
0x460404 CreateFontIndirectA
0x460408 CreateDIBitmap
0x46040c CreateDIBSection
0x460410 CreateCompatibleDC
0x460418 CreateBrushIndirect
0x46041c CreateBitmap
0x460420 BitBlt
Library user32.dll:
0x460428 CreateWindowExA
0x46042c WindowFromPoint
0x460430 WinHelpA
0x460434 WaitMessage
0x460438 UpdateWindow
0x46043c UnregisterClassA
0x460440 UnhookWindowsHookEx
0x460444 TranslateMessage
0x46044c TrackPopupMenu
0x460454 ShowWindow
0x460458 ShowScrollBar
0x46045c ShowOwnedPopups
0x460460 ShowCursor
0x460464 SetWindowsHookExA
0x460468 SetWindowTextA
0x46046c SetWindowPos
0x460470 SetWindowPlacement
0x460474 SetWindowLongA
0x460478 SetTimer
0x46047c SetScrollRange
0x460480 SetScrollPos
0x460484 SetScrollInfo
0x460488 SetRect
0x46048c SetPropA
0x460490 SetParent
0x460494 SetMenuItemInfoA
0x460498 SetMenu
0x46049c SetForegroundWindow
0x4604a0 SetFocus
0x4604a4 SetCursor
0x4604a8 SetClassLongA
0x4604ac SetCapture
0x4604b0 SetActiveWindow
0x4604b4 SendMessageA
0x4604b8 ScrollWindow
0x4604bc ScreenToClient
0x4604c0 RemovePropA
0x4604c4 RemoveMenu
0x4604c8 ReleaseDC
0x4604cc ReleaseCapture
0x4604d8 RegisterClassA
0x4604dc RedrawWindow
0x4604e0 PtInRect
0x4604e4 PostQuitMessage
0x4604e8 PostMessageA
0x4604ec PeekMessageA
0x4604f0 OffsetRect
0x4604f4 OemToCharA
0x4604f8 MessageBoxA
0x4604fc MapWindowPoints
0x460500 MapVirtualKeyA
0x460504 LoadStringA
0x460508 LoadKeyboardLayoutA
0x46050c LoadIconA
0x460510 LoadCursorA
0x460514 LoadBitmapA
0x460518 KillTimer
0x46051c IsZoomed
0x460520 IsWindowVisible
0x460524 IsWindowEnabled
0x460528 IsWindow
0x46052c IsRectEmpty
0x460530 IsIconic
0x460534 IsDialogMessageA
0x460538 IsChild
0x46053c InvalidateRect
0x460540 IntersectRect
0x460544 InsertMenuItemA
0x460548 InsertMenuA
0x46054c InflateRect
0x460554 GetWindowTextA
0x460558 GetWindowRect
0x46055c GetWindowPlacement
0x460560 GetWindowLongA
0x460564 GetWindowDC
0x460568 GetTopWindow
0x46056c GetSystemMetrics
0x460570 GetSystemMenu
0x460574 GetSysColorBrush
0x460578 GetSysColor
0x46057c GetSubMenu
0x460580 GetScrollRange
0x460584 GetScrollPos
0x460588 GetScrollInfo
0x46058c GetPropA
0x460590 GetParent
0x460594 GetWindow
0x460598 GetMenuStringA
0x46059c GetMenuState
0x4605a0 GetMenuItemInfoA
0x4605a4 GetMenuItemID
0x4605a8 GetMenuItemCount
0x4605ac GetMenu
0x4605b0 GetLastActivePopup
0x4605b4 GetKeyboardState
0x4605bc GetKeyboardLayout
0x4605c0 GetKeyState
0x4605c4 GetKeyNameTextA
0x4605c8 GetInputState
0x4605cc GetIconInfo
0x4605d0 GetForegroundWindow
0x4605d4 GetFocus
0x4605d8 GetDesktopWindow
0x4605dc GetDCEx
0x4605e0 GetDC
0x4605e4 GetCursorPos
0x4605e8 GetCursor
0x4605ec GetClientRect
0x4605f0 GetClassNameA
0x4605f4 GetClassInfoA
0x4605f8 GetCapture
0x4605fc GetActiveWindow
0x460600 FrameRect
0x460604 FindWindowA
0x460608 FillRect
0x46060c EqualRect
0x460610 EnumWindows
0x460614 EnumThreadWindows
0x460618 EndPaint
0x46061c EnableWindow
0x460620 EnableScrollBar
0x460624 EnableMenuItem
0x460628 DrawTextA
0x46062c DrawMenuBar
0x460630 DrawIconEx
0x460634 DrawIcon
0x460638 DrawFrameControl
0x46063c DrawFocusRect
0x460640 DrawEdge
0x460644 DispatchMessageA
0x460648 DestroyWindow
0x46064c DestroyMenu
0x460650 DestroyIcon
0x460654 DestroyCursor
0x460658 DeleteMenu
0x46065c DefWindowProcA
0x460660 DefMDIChildProcA
0x460664 DefFrameProcA
0x460668 CreatePopupMenu
0x46066c CreateMenu
0x460670 CreateIcon
0x460674 ClientToScreen
0x460678 CheckMenuItem
0x46067c CallWindowProcA
0x460680 CallNextHookEx
0x460684 BringWindowToTop
0x460688 BeginPaint
0x46068c CharNextA
0x460690 CharLowerA
0x460694 CharToOemA
0x460698 AdjustWindowRectEx
Library kernel32.dll:
0x4606a4 Sleep
Library oleaut32.dll:
0x4606ac SafeArrayPtrOfIndex
0x4606b0 SafeArrayGetUBound
0x4606b4 SafeArrayGetLBound
0x4606b8 SafeArrayCreate
0x4606bc VariantChangeType
0x4606c0 VariantCopy
0x4606c4 VariantClear
0x4606c8 VariantInit
Library comctl32.dll:
0x4606d8 ImageList_Write
0x4606dc ImageList_Read
0x4606ec ImageList_DragMove
0x4606f0 ImageList_DragLeave
0x4606f4 ImageList_DragEnter
0x4606f8 ImageList_EndDrag
0x4606fc ImageList_BeginDrag
0x460700 ImageList_Remove
0x460704 ImageList_DrawEx
0x460708 ImageList_Draw
0x460718 ImageList_Add
0x460720 ImageList_Destroy
0x460724 ImageList_Create
0x460728 InitCommonControls
Library comdlg32.dll:
0x460730 ReplaceTextA
0x460734 FindTextA
Library winmm.dll:
0x46073c mciSendCommandA
0x460740 mciGetErrorStringA

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 50002 114.114.114.114 53
192.168.56.101 53237 114.114.114.114 53
192.168.56.101 57756 114.114.114.114 53
192.168.56.101 58367 114.114.114.114 53
192.168.56.101 62318 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 123 20.189.79.72 time.windows.com 123
192.168.56.101 49235 224.0.0.252 5355
192.168.56.101 50534 224.0.0.252 5355
192.168.56.101 51963 224.0.0.252 5355
192.168.56.101 53657 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 57874 224.0.0.252 5355
192.168.56.101 62191 224.0.0.252 5355
192.168.56.101 63429 224.0.0.252 5355
192.168.56.101 1900 239.255.255.250 1900
192.168.56.101 50003 239.255.255.250 3702
192.168.56.101 50005 239.255.255.250 3702
192.168.56.101 58368 239.255.255.250 3702

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.