6.8
高危
52 个模型检测该样本为恶意!
重新分析
更多

720cf0a7e3b7d3c3797b222ae40f89dadedf951fd7e7f311ca703dd1be55bb71

9588858b5f3279ba2adc5bffb8424f90.exe

分析耗时

77s

最近分析

文件大小

412.0KB
静态报毒 动态报毒 AI SCORE=89 AUTORUNS CKGENERIC CLASSIC DOWNLOADER34 ELDORADO EMOTET GENCIRC GENERICKD GENERICKDZ HONNAS KRYPTIK MALICIOUS NBEIE R002C0DGN20 R346386 SUSGEN UNSAFE WACATAC ZEXAE ZQ0@ACXYBCBI 更多
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
McAfee Emotet-FRI!9588858B5F32 20200811 6.0.6.653
Alibaba Trojan:Win32/Emotet.99da0bee 20190527 0.3.0.5
Baidu 20190318 1.0.0.2
Avast Win32:Trojan-gen 20200811 18.4.3895.0
Tencent Malware.Win32.Gencirc.10cde25a 20200811 1.0.0.1
Kingsoft 20200811 2013.8.14.323
CrowdStrike 20190702 1.0
静态指标
Queries for the computername (1 个事件)
Time & API Arguments Status Return Repeated
1619781081.961626
GetComputerNameA
computer_name: OSKAR-PC
success 1 0
Uses Windows APIs to generate a cryptographic key (3 个事件)
Time & API Arguments Status Return Repeated
1619781072.836626
CryptGenKey
crypto_handle: 0x008dd218
algorithm_identifier: 0x0000660e ()
provider_handle: 0x008d9030
flags: 1
key: fWQ_£…¼šjIãh$•
success 1 0
1619781081.977626
CryptExportKey
crypto_handle: 0x008dd218
crypto_export_handle: 0x008dd158
buffer: f¤&2·áýë<1«Iš$üë®üî buÏ¢´hê25muÆÕ?p$PrÝu¹­Ó.vœQ¸,FÄÜ[XՖCL×·ƒ­gokoL’ ëoÓÐól{T#æÔ.°þ‰jŽvß “X
blob_type: 1
flags: 64
success 1 0
1619781116.570626
CryptExportKey
crypto_handle: 0x008dd218
crypto_export_handle: 0x008dd158
buffer: f¤’wW7¼êm"‹&‚]‡àŸLçË¿Š/Ù¾@]ÅR”Ü+ȵÏÄj!÷xÓ ¼»8˜]SjÑÿ@<täæ Ñ GŠÒ—xgs5C¯Óè ‰¥ð©¬3Hvá…ø[
blob_type: 1
flags: 64
success 1 0
Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available (1 个事件)
Time & API Arguments Status Return Repeated
1619781071.274626
GlobalMemoryStatusEx
success 1 0
The executable uses a known packer (1 个事件)
packer Armadillo v1.71
The file contains an unknown PE resource name possibly indicative of a packer (1 个事件)
resource name None
行为判定
动态指标
Allocates read-write-execute memory (usually to unpack itself) (1 个事件)
Time & API Arguments Status Return Repeated
1619781072.305626
NtAllocateVirtualMemory
process_identifier: 2292
region_size: 36864
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12289 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00620000
success 0 0
Checks adapter addresses which can be used to detect virtual network interfaces (1 个事件)
Time & API Arguments Status Return Repeated
1619781082.336626
GetAdaptersAddresses
flags: 0
family: 0
failed 111 0
The binary likely contains encrypted or compressed data indicative of a packer (1 个事件)
entropy 7.641486988258615 section {'size_of_data': '0x0000b000', 'virtual_address': '0x00054000', 'entropy': 7.641486988258615, 'name': '.data', 'virtual_size': '0x0000aea0'} description A section with a high entropy has been found
Expresses interest in specific running processes (1 个事件)
process 9588858b5f3279ba2adc5bffb8424f90.exe
Reads the systems User Agent and subsequently performs requests (1 个事件)
Time & API Arguments Status Return Repeated
1619781082.070626
InternetOpenW
proxy_bypass:
access_type: 0
proxy_name:
flags: 0
user_agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
success 13369348 0
网络通信
Communicates with host for which no DNS query was performed (3 个事件)
host 105.209.239.55
host 172.217.24.14
host 74.207.230.187
Sets or modifies WPAD proxy autoconfiguration file for traffic interception (8 个事件)
Time & API Arguments Status Return Repeated
1619781084.914626
RegSetValueExA
key_handle: 0x000003b8
value: 1
regkey_r: WpadDecisionReason
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionReason
success 0 0
1619781084.914626
RegSetValueExA
key_handle: 0x000003b8
value: 0XSÂ=×
regkey_r: WpadDecisionTime
reg_type: 3 (REG_BINARY)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionTime
success 0 0
1619781084.914626
RegSetValueExA
key_handle: 0x000003b8
value: 3
regkey_r: WpadDecision
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecision
success 0 0
1619781084.914626
RegSetValueExW
key_handle: 0x000003b8
value: 网络 2
regkey_r: WpadNetworkName
reg_type: 1 (REG_SZ)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadNetworkName
success 0 0
1619781084.914626
RegSetValueExA
key_handle: 0x000003d0
value: 1
regkey_r: WpadDecisionReason
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionReason
success 0 0
1619781084.914626
RegSetValueExA
key_handle: 0x000003d0
value: 0XSÂ=×
regkey_r: WpadDecisionTime
reg_type: 3 (REG_BINARY)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionTime
success 0 0
1619781084.914626
RegSetValueExA
key_handle: 0x000003d0
value: 3
regkey_r: WpadDecision
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecision
success 0 0
1619781084.945626
RegSetValueExW
key_handle: 0x000003b4
value: {40112ABE-63B3-43C3-BE93-1440EE3AF106}
regkey_r: WpadLastNetwork
reg_type: 1 (REG_SZ)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\WpadLastNetwork
success 0 0
File has been identified by 52 AntiVirus engines on VirusTotal as malicious (50 out of 52 个事件)
MicroWorld-eScan Trojan.Autoruns.GenericKD.43554053
FireEye Generic.mg.9588858b5f3279ba
CAT-QuickHeal Trojan.CKGENERIC
McAfee Emotet-FRI!9588858B5F32
Cylance Unsafe
Zillya Backdoor.Emotet.Win32.567
Sangfor Malware
K7AntiVirus Trojan ( 0056b01f1 )
Alibaba Trojan:Win32/Emotet.99da0bee
K7GW Trojan ( 0056b01f1 )
F-Prot W32/Emotet.ANR.gen!Eldorado
Symantec Trojan.Emotet
APEX Malicious
Avast Win32:Trojan-gen
GData Trojan.Autoruns.GenericKD.43554053
Kaspersky Backdoor.Win32.Emotet.vnl
BitDefender Trojan.Autoruns.GenericKD.43554053
NANO-Antivirus Trojan.Win32.Emotet.honnas
Paloalto generic.ml
ViRobot Trojan.Win32.Z.Emotet.421888.LN
Tencent Malware.Win32.Gencirc.10cde25a
Ad-Aware Trojan.Autoruns.GenericKD.43554053
TACHYON Trojan/W32.Agent.421888.VJ
Emsisoft Trojan.Emotet (A)
F-Secure Trojan.TR/AD.Emotet.nbeie
DrWeb Trojan.DownLoader34.3023
VIPRE Trojan.Win32.Generic!BT
TrendMicro TROJ_GEN.R002C0DGN20
Sophos Troj/Emotet-CKC
Cyren W32/Emotet.ANR.gen!Eldorado
Jiangmin Backdoor.Emotet.nm
Avira TR/AD.Emotet.nbeie
Antiy-AVL Trojan/Win32.Wacatac
Arcabit Trojan.Autoruns.Generic.D2989505
AegisLab Trojan.Win32.Emotet.L!c
ZoneAlarm Backdoor.Win32.Emotet.vnl
Microsoft Trojan:Win32/Emotet.ARJ!MTB
AhnLab-V3 Trojan/Win32.Emotet.R346386
BitDefenderTheta Gen:NN.ZexaE.34152.zq0@aCXyBcbi
ALYac Trojan.Autoruns.GenericKD.43554053
MAX malware (ai score=89)
VBA32 Trojan.Downloader
Malwarebytes Trojan.MalPack.TRE
ESET-NOD32 Win32/Emotet.CD
TrendMicro-HouseCall TROJ_GEN.R002C0DGN20
Rising Trojan.Kryptik!1.C963 (CLASSIC)
Ikarus Trojan-Banker.Agent
Fortinet W32/GenericKDZ.6891!tr
MaxSecure Trojan.Malware.104275530.susgen
AVG Win32:Trojan-gen
Connects to IP addresses that are no longer responding to requests (legitimate services will remain up-and-running usually) (2 个事件)
dead_host 74.207.230.187:8080
dead_host 105.209.239.55:80
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

2020-07-22 17:05:19

Imports

Library MFC42.DLL:
0x447148
0x44714c
0x447150
0x447154
0x447158
0x44715c
0x447160
0x447164
0x447168
0x44716c
0x447170
0x447174
0x447178
0x44717c
0x447180
0x447184
0x447188
0x44718c
0x447190
0x447194
0x447198
0x44719c
0x4471a0
0x4471a4
0x4471a8
0x4471ac
0x4471b0
0x4471b4
0x4471b8
0x4471bc
0x4471c0
0x4471c4
0x4471c8
0x4471cc
0x4471d0
0x4471d4
0x4471d8
0x4471dc
0x4471e0
0x4471e4
0x4471e8
0x4471ec
0x4471f0
0x4471f4
0x4471f8
0x4471fc
0x447200
0x447204
0x447208
0x44720c
0x447210
0x447214
0x447218
0x44721c
0x447220
0x447224
0x447228
0x44722c
0x447230
0x447234
0x447238
0x44723c
0x447240
0x447244
0x447248
0x44724c
0x447250
0x447254
0x447258
0x44725c
0x447260
0x447264
0x447268
0x44726c
0x447270
0x447274
0x447278
0x44727c
0x447280
0x447284
0x447288
0x44728c
0x447290
0x447294
0x447298
0x44729c
0x4472a0
0x4472a4
0x4472a8
0x4472ac
0x4472b0
0x4472b4
0x4472b8
0x4472bc
0x4472c0
0x4472c4
0x4472c8
0x4472cc
0x4472d0
0x4472d4
0x4472d8
0x4472dc
0x4472e0
0x4472e4
0x4472e8
0x4472ec
0x4472f0
0x4472f4
0x4472f8
0x4472fc
0x447300
0x447304
0x447308
0x44730c
0x447310
0x447314
0x447318
0x44731c
0x447320
0x447324
0x447328
0x44732c
0x447330
0x447334
0x447338
0x44733c
0x447340
0x447344
0x447348
0x44734c
0x447350
0x447354
0x447358
0x44735c
0x447360
0x447364
0x447368
0x44736c
0x447370
0x447374
0x447378
0x44737c
0x447380
0x447384
0x447388
0x44738c
0x447390
0x447394
0x447398
0x44739c
0x4473a0
0x4473a4
0x4473a8
0x4473ac
0x4473b0
0x4473b4
0x4473b8
0x4473bc
0x4473c0
0x4473c4
0x4473c8
0x4473cc
0x4473d0
0x4473d4
0x4473d8
0x4473dc
0x4473e0
0x4473e4
0x4473e8
0x4473ec
0x4473f0
0x4473f4
0x4473f8
0x4473fc
0x447400
0x447404
0x447408
0x44740c
0x447410
0x447414
0x447418
0x44741c
0x447420
0x447424
0x447428
0x44742c
0x447430
0x447434
0x447438
0x44743c
0x447440
0x447444
0x447448
0x44744c
0x447450
0x447454
0x447458
0x44745c
0x447460
0x447464
0x447468
0x44746c
0x447470
0x447474
0x447478
0x44747c
0x447480
0x447484
0x447488
0x44748c
0x447490
0x447494
0x447498
0x44749c
0x4474a0
0x4474a4
0x4474a8
0x4474ac
0x4474b0
0x4474b4
0x4474b8
0x4474bc
0x4474c0
0x4474c4
0x4474c8
0x4474cc
0x4474d0
0x4474d4
0x4474d8
0x4474dc
0x4474e0
0x4474e4
0x4474e8
0x4474ec
0x4474f0
0x4474f4
0x4474f8
0x4474fc
0x447500
0x447504
0x447508
0x44750c
0x447510
0x447514
0x447518
0x44751c
0x447520
0x447524
0x447528
0x44752c
0x447530
0x447534
0x447538
0x44753c
0x447540
0x447544
0x447548
0x44754c
0x447550
0x447554
0x447558
0x44755c
0x447560
0x447564
0x447568
0x44756c
0x447570
0x447574
0x447578
0x44757c
0x447580
0x447584
0x447588
0x44758c
0x447590
0x447594
0x447598
0x44759c
0x4475a0
0x4475a4
0x4475a8
0x4475ac
0x4475b0
0x4475b4
0x4475b8
0x4475bc
0x4475c0
0x4475c4
0x4475c8
0x4475cc
0x4475d0
0x4475d4
0x4475d8
0x4475dc
0x4475e0
0x4475e4
0x4475e8
0x4475ec
0x4475f0
0x4475f4
0x4475f8
0x4475fc
0x447600
0x447604
0x447608
0x44760c
0x447610
0x447614
0x447618
0x44761c
0x447620
0x447624
0x447628
0x44762c
0x447630
0x447634
0x447638
0x44763c
0x447640
0x447644
0x447648
0x44764c
0x447650
0x447654
0x447658
0x44765c
0x447660
0x447664
0x447668
0x44766c
0x447670
0x447674
0x447678
0x44767c
0x447680
0x447684
0x447688
0x44768c
0x447690
0x447694
0x447698
0x44769c
0x4476a0
0x4476a4
0x4476a8
0x4476ac
0x4476b0
0x4476b4
0x4476b8
0x4476bc
0x4476c0
0x4476c4
0x4476c8
0x4476cc
0x4476d0
0x4476d4
0x4476d8
0x4476dc
0x4476e0
0x4476e4
0x4476e8
0x4476ec
0x4476f0
0x4476f4
0x4476f8
0x4476fc
0x447700
0x447704
0x447708
0x44770c
0x447710
0x447714
0x447718
0x44771c
0x447720
0x447724
0x447728
0x44772c
0x447730
0x447734
0x447738
0x44773c
0x447740
0x447744
0x447748
0x44774c
0x447750
0x447754
0x447758
0x44775c
0x447760
0x447764
0x447768
0x44776c
0x447770
0x447774
0x447778
0x44777c
0x447780
0x447784
0x447788
0x44778c
0x447790
0x447794
0x447798
0x44779c
0x4477a0
0x4477a4
0x4477a8
0x4477ac
0x4477b0
0x4477b4
0x4477b8
0x4477bc
0x4477c0
0x4477c4
0x4477c8
0x4477cc
0x4477d0
0x4477d4
0x4477d8
0x4477dc
0x4477e0
0x4477e4
0x4477e8
0x4477ec
0x4477f0
0x4477f4
0x4477f8
0x4477fc
0x447800
0x447804
0x447808
0x44780c
0x447810
0x447814
0x447818
0x44781c
0x447820
0x447824
0x447828
0x44782c
0x447830
0x447834
0x447838
0x44783c
0x447840
0x447844
0x447848
0x44784c
0x447850
0x447854
0x447858
0x44785c
0x447860
0x447864
0x447868
0x44786c
0x447870
0x447874
0x447878
0x44787c
0x447880
0x447884
0x447888
0x44788c
0x447890
0x447894
0x447898
0x44789c
0x4478a0
0x4478a4
0x4478a8
0x4478ac
0x4478b0
0x4478b4
0x4478b8
0x4478bc
0x4478c0
0x4478c4
0x4478c8
0x4478cc
0x4478d0
0x4478d4
0x4478d8
0x4478dc
0x4478e0
0x4478e4
0x4478e8
0x4478ec
0x4478f0
0x4478f4
0x4478f8
0x4478fc
0x447900
0x447904
0x447908
0x44790c
0x447910
0x447914
0x447918
0x44791c
0x447920
0x447924
0x447928
0x44792c
0x447930
0x447934
0x447938
0x44793c
0x447940
0x447944
0x447948
0x44794c
0x447950
0x447954
0x447958
0x44795c
0x447960
0x447964
0x447968
0x44796c
0x447970
0x447974
0x447978
0x44797c
0x447980
0x447984
0x447988
0x44798c
0x447990
0x447994
0x447998
0x44799c
0x4479a0
0x4479a4
0x4479a8
0x4479ac
0x4479b0
0x4479b4
0x4479b8
0x4479bc
0x4479c0
0x4479c4
0x4479c8
0x4479cc
0x4479d0
0x4479d4
0x4479d8
0x4479dc
0x4479e0
0x4479e4
0x4479e8
0x4479ec
0x4479f0
0x4479f4
0x4479f8
0x4479fc
0x447a00
0x447a04
0x447a08
0x447a0c
0x447a10
0x447a14
0x447a18
0x447a1c
0x447a20
0x447a24
0x447a28
0x447a2c
0x447a30
0x447a34
0x447a38
0x447a3c
0x447a40
0x447a44
0x447a48
0x447a4c
0x447a50
0x447a54
0x447a58
0x447a5c
0x447a60
0x447a64
0x447a68
0x447a6c
0x447a70
0x447a74
0x447a78
0x447a7c
0x447a80
0x447a84
0x447a88
0x447a8c
0x447a90
0x447a94
0x447a98
0x447a9c
0x447aa0
0x447aa4
0x447aa8
0x447aac
0x447ab0
0x447ab4
0x447ab8
0x447abc
0x447ac0
0x447ac4
0x447ac8
0x447acc
0x447ad0
0x447ad4
0x447ad8
0x447adc
0x447ae0
0x447ae4
0x447ae8
0x447aec
0x447af0
0x447af4
0x447af8
0x447afc
0x447b00
0x447b04
0x447b08
0x447b0c
0x447b10
0x447b14
0x447b18
0x447b1c
0x447b20
0x447b24
0x447b28
0x447b2c
0x447b30
0x447b34
0x447b38
0x447b3c
0x447b40
0x447b44
0x447b48
Library MSVCRT.dll:
0x447b84 _setmbcp
0x447b8c __CxxFrameHandler
0x447b90 _acmdln
0x447b94 __getmainargs
0x447b98 _initterm
0x447b9c __setusermatherr
0x447ba0 _adjust_fdiv
0x447ba4 __p__commode
0x447ba8 __p__fmode
0x447bac __set_app_type
0x447bb0 wcslen
0x447bb4 atoi
0x447bb8 memcpy
0x447bbc strlen
0x447bc0 memset
0x447bc4 _mbsnbicmp
0x447bc8 qsort
0x447bcc _mbscmp
0x447bd0 _mbsinc
0x447bd4 strcpy
0x447bd8 _ui64toa
0x447bdc _mbsdec
0x447be0 _makepath
0x447be4 _splitpath
0x447be8 _mbsninc
0x447bec strncpy
0x447bf0 memcmp
0x447bf4 _mbsstr
0x447bf8 _mbschr
0x447bfc _mbsnbcmp
0x447c00 strcat
0x447c04 _purecall
0x447c08 _ftol
0x447c0c _strdup
0x447c10 free
0x447c14 _mbsnbcpy
0x447c18 toupper
0x447c1c strtod
0x447c20 _mbsrev
0x447c24 _gcvt
0x447c28 _ismbcdigit
0x447c2c _mbsicmp
0x447c30 wcscmp
0x447c34 _CxxThrowException
0x447c38 isalnum
0x447c3c __dllonexit
0x447c40 _onexit
0x447c44 _except_handler3
0x447c48 ?terminate@@YAXXZ
0x447c4c _exit
0x447c50 _XcptFilter
0x447c54 exit
0x447c58 _controlfp
Library KERNEL32.dll:
0x4470a4 GetStartupInfoA
0x4470a8 GetModuleFileNameA
0x4470ac GetCurrentThreadId
0x4470b4 GetVersion
0x4470b8 GlobalAlloc
0x4470bc CompareStringA
0x4470c0 FindResourceA
0x4470c4 LoadResource
0x4470c8 GetCurrentProcess
0x4470cc GetProcAddress
0x4470d0 LoadLibraryExA
0x4470d8 WaitForSingleObject
0x4470dc SetEvent
0x4470e0 GlobalFree
0x4470e4 lstrlenA
0x4470e8 lstrcatA
0x4470ec lstrcpyA
0x4470f0 lstrcmpiA
0x4470f4 GetLongPathNameA
0x4470fc FindClose
0x447100 FindFirstFileA
0x447110 GetDriveTypeA
0x447118 GetLocaleInfoA
0x44711c MultiByteToWideChar
0x447120 WideCharToMultiByte
0x447124 GlobalUnlock
0x447128 GlobalLock
0x44712c LoadLibraryA
0x447130 FreeLibrary
0x447134 LocalFree
0x447138 FormatMessageA
0x44713c GetModuleHandleA
0x447140 GetLastError
Library USER32.dll:
0x447ca8 GetClassNameA
0x447cb0 WindowFromPoint
0x447cb4 SetCursor
0x447cb8 SetActiveWindow
0x447cbc GetMenu
0x447cc0 FillRect
0x447cc4 CallNextHookEx
0x447cc8 UnhookWindowsHookEx
0x447ccc TrackPopupMenuEx
0x447cd0 SetWindowsHookExA
0x447cd4 MessageBeep
0x447cd8 CallWindowProcA
0x447cdc GetAsyncKeyState
0x447ce0 FrameRect
0x447ce4 DrawFocusRect
0x447ce8 MapVirtualKeyA
0x447cec GetKeyNameTextA
0x447cf4 SetMenuItemInfoA
0x447cf8 LoadBitmapA
0x447cfc CopyRect
0x447d00 DrawEdge
0x447d04 OffsetRect
0x447d08 DrawStateA
0x447d10 GetWindow
0x447d14 InvalidateRect
0x447d18 SetRectEmpty
0x447d1c RedrawWindow
0x447d20 FindWindowA
0x447d24 GetLastActivePopup
0x447d28 IsIconic
0x447d2c IntersectRect
0x447d30 DefWindowProcA
0x447d34 LoadIconA
0x447d38 LoadImageA
0x447d3c LoadCursorA
0x447d40 SetWindowLongA
0x447d44 GetFocus
0x447d48 ReleaseCapture
0x447d4c SetMenuDefaultItem
0x447d50 KillTimer
0x447d54 SetTimer
0x447d58 GetCursorPos
0x447d5c GetDesktopWindow
0x447d60 SetCapture
0x447d64 GetDlgItem
0x447d68 DrawTextA
0x447d6c GetClassInfoExA
0x447d70 RegisterClassExA
0x447d74 UnregisterClassA
0x447d78 InflateRect
0x447d7c InvertRect
0x447d80 CreateMenu
0x447d84 InsertMenuA
0x447d88 AppendMenuA
0x447d8c DeleteMenu
0x447d90 GetMenuItemInfoA
0x447d94 GetSubMenu
0x447d98 GetMenuStringA
0x447d9c CreatePopupMenu
0x447da0 ModifyMenuA
0x447da4 GetMenuItemCount
0x447da8 GetMenuItemID
0x447dac GetClientRect
0x447db0 EnableMenuItem
0x447db4 CheckMenuRadioItem
0x447db8 CheckMenuItem
0x447dbc GetDC
0x447dc0 ReleaseDC
0x447dc4 GetWindowLongA
0x447dc8 LoadMenuA
0x447dcc GetMessagePos
0x447dd0 ScreenToClient
0x447dd4 PtInRect
0x447dd8 GetKeyState
0x447ddc ClientToScreen
0x447de0 GetParent
0x447de4 GetSystemMetrics
0x447de8 DestroyIcon
0x447dec GetWindowRect
0x447df4 PostMessageA
0x447df8 IsWindow
0x447dfc GetSysColor
0x447e00 PeekMessageA
0x447e04 TranslateMessage
0x447e08 DispatchMessageA
0x447e0c SetForegroundWindow
0x447e10 EnableWindow
0x447e14 SendMessageA
0x447e18 GetSystemMenu
0x447e1c UpdateWindow
0x447e20 SetMenu
Library GDI32.dll:
0x44705c DPtoLP
0x447064 GetTextColor
0x447068 GetBkColor
0x44706c CreateSolidBrush
0x447074 CreateBitmap
0x447078 PatBlt
0x44707c Ellipse
0x447080 GetObjectA
0x447084 CreateCompatibleDC
0x447088 SelectObject
0x44708c BitBlt
0x447090 CreateFontIndirectA
0x447094 DeleteObject
0x447098 Rectangle
Library ADVAPI32.dll:
0x447000 RegCloseKey
0x447004 RegOpenKeyExA
0x447008 RegQueryValueExA
0x44700c RegEnumKeyExA
0x447010 RegEnumValueA
Library SHELL32.dll:
0x447c7c DragQueryPoint
0x447c80 SHFileOperationA
0x447c84 ShellExecuteExA
0x447c88 ExtractIconExA
0x447c90 SHGetDesktopFolder
0x447c98 SHGetFileInfoA
0x447c9c DragQueryFileA
0x447ca0 SHGetMalloc
Library COMCTL32.dll:
0x447018 ImageList_DragEnter
0x447020 ImageList_DrawEx
0x447028 ImageList_Draw
0x44702c ImageList_BeginDrag
0x447030 ImageList_Remove
0x44703c ImageList_AddMasked
0x447044 ImageList_DragLeave
0x447048 ImageList_DragMove
0x447050 ImageList_EndDrag
0x447054 ImageList_GetIcon
Library ole32.dll:
0x447e38 ReleaseStgMedium
0x447e3c CoCreateInstance
Library OLEAUT32.dll:
0x447c60 SysAllocStringLen
0x447c64 SysAllocString
0x447c68 SysFreeString
0x447c6c VariantInit
0x447c70 VariantCopy
0x447c74 VariantClear
Library MSVCP60.dll:
Library VERSION.dll:
0x447e28 GetFileVersionInfoA
0x447e2c VerQueryValueA

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 50534 114.114.114.114 53
192.168.56.101 56539 114.114.114.114 53
192.168.56.101 58367 114.114.114.114 53
192.168.56.101 60123 114.114.114.114 53
192.168.56.101 65004 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 123 20.189.79.72 time.windows.com 123
192.168.56.101 49235 224.0.0.252 5355
192.168.56.101 51963 224.0.0.252 5355
192.168.56.101 53657 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 62191 224.0.0.252 5355
192.168.56.101 1900 239.255.255.250 1900
192.168.56.101 56540 239.255.255.250 3702
192.168.56.101 56807 239.255.255.250 1900
192.168.56.101 58368 239.255.255.250 3702
192.168.56.101 58707 239.255.255.250 3702

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.