5.6
高危
67 个模型检测该样本为恶意!
重新分析
更多

9320b8cf9eb43952636f26b9d30787dd6dd9bfd6e202006900bcfeb495d0f670

95dba9c1967098ee9ae4a184c91e8043.exe

分析耗时

94s

最近分析

文件大小

692.5KB
静态报毒 动态报毒 100% AACFK AAQD AECW AI SCORE=86 CLOUD COMET CONFIDENCE DARKCOMET DARKKOMET DELF ELDORADO FYNLOS FYNLOSK FYNLOSKI GRAYBIRD HIGH CONFIDENCE HUIGEZIT JORIK KLOVBOT LMGO MALICIOUS PE MODERATE ONGAMESLTVRRLNR PONTOEB R24002 REMOTEACCESS RJRIZ SCORE TORDEV TSCOPE UNSAFE XAB@4OF2BC 更多
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
McAfee Generic BackDoor.xa 20200724 6.0.6.653
Alibaba Backdoor:Win32/Fynloski.8dc71827 20190527 0.3.0.5
Baidu Win32.Backdoor.Agent.l 20190318 1.0.0.2
Avast MSIL:GenMalicious-CHX [Trj] 20200725 18.4.3895.0
Kingsoft Win32.Hack.HuigeziT.cz 20200725 2013.8.14.323
Tencent Backdoor.Win32.Agent.aad 20200725 1.0.0.1
CrowdStrike win/malicious_confidence_100% (W) 20190702 1.0
行为判定
动态指标
Allocates read-write-execute memory (usually to unpack itself) (1 个事件)
Time & API Arguments Status Return Repeated
1620840476.894875
NtAllocateVirtualMemory
process_identifier: 376
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x005d0000
success 0 0
Checks for the Locally Unique Identifier on the system for a suspicious privilege (10 个事件)
Time & API Arguments Status Return Repeated
1620840477.035875
LookupPrivilegeValueW
system_name:
privilege_name: SeSecurityPrivilege
success 1 0
1620840477.035875
LookupPrivilegeValueW
system_name:
privilege_name: SeTakeOwnershipPrivilege
success 1 0
1620840477.035875
LookupPrivilegeValueW
system_name:
privilege_name: SeLoadDriverPrivilege
success 1 0
1620840477.066875
LookupPrivilegeValueW
system_name:
privilege_name: SeBackupPrivilege
success 1 0
1620840477.066875
LookupPrivilegeValueW
system_name:
privilege_name: SeRestorePrivilege
success 1 0
1620840477.066875
LookupPrivilegeValueW
system_name:
privilege_name: SeShutdownPrivilege
success 1 0
1620840477.066875
LookupPrivilegeValueW
system_name:
privilege_name: SeDebugPrivilege
success 1 0
1620840477.066875
LookupPrivilegeValueW
system_name:
privilege_name: SeRemoteShutdownPrivilege
success 1 0
1620840477.082875
LookupPrivilegeValueW
system_name:
privilege_name: SeManageVolumePrivilege
success 1 0
1620840477.082875
LookupPrivilegeValueW
system_name:
privilege_name: SeCreateGlobalPrivilege
success 1 0
网络通信
Communicates with host for which no DNS query was performed (2 个事件)
host 113.108.239.196
host 172.217.24.14
Installs itself for autorun at Windows startup (2 个事件)
reg_key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\MicroUpdate reg_value C:\ProgramData\Microsoft\Windows\Start Menu\MSDCSC\explorer.exe
reg_key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\UserInit reg_value C:\Windows\system32\userinit.exe,C:\ProgramData\Microsoft\Windows\Start Menu\MSDCSC\explorer.exe
Creates known Fynloski/DarkComet files, registry keys and/or mutexes (2 个事件)
regkey HKEY_CURRENT_USER\Software\DC3_FEXEC
file C:\ProgramData\Microsoft\Windows\Start Menu\MSDCSC\W0KYPkPyqZc8\explorer.exe
File has been identified by 67 AntiVirus engines on VirusTotal as malicious (50 out of 67 个事件)
Bkav W32.OnGamesLTVRRLNR.Trojan
MicroWorld-eScan Trojan.Keylogger.Delf.AS
FireEye Generic.mg.95dba9c1967098ee
McAfee Generic BackDoor.xa
Cylance Unsafe
Zillya Trojan.Fynloski.Win32.140
SUPERAntiSpyware Trojan.Agent/Gen-Keylogger
Sangfor Malware
K7AntiVirus Trojan ( 000121231 )
Alibaba Backdoor:Win32/Fynloski.8dc71827
K7GW Trojan ( 000121231 )
Cybereason malicious.196709
TrendMicro BKDR_FYNLOS.SMM
Baidu Win32.Backdoor.Agent.l
Cyren W32/Downloader.C.gen!Eldorado
Symantec Trojan.Klovbot
TotalDefense Win32/Fynloski.EF
APEX Malicious
Avast MSIL:GenMalicious-CHX [Trj]
ClamAV Win.Trojan.DarkKomet-1
Kaspersky Backdoor.Win32.DarkKomet.aaqd
BitDefender Trojan.Keylogger.Delf.AS
NANO-Antivirus Trojan.Win32.Tordev.rjriz
AegisLab Trojan.Win32.DarkKomet.lmgo
Rising Backdoor.Pontoeb!1.6637 (CLOUD)
Endgame malicious (high confidence)
TACHYON Backdoor/W32.DP-DarkKomet.709120
Emsisoft Trojan.Keylogger.Delf.AS (B)
Comodo Backdoor.Win32.Agent.XAB@4of2bc
F-Secure Backdoor.BDS/Fynloski.675840
DrWeb BackDoor.Comet.3412
VIPRE Backdoor.Win32.Fynloski.A (v)
Invincea heuristic
Trapmine malicious.moderate.ml.score
Sophos Troj/Fynlosk-AK
SentinelOne DFI - Malicious PE
F-Prot W32/Downloader.C.gen!Eldorado
Jiangmin Trojan/Generic.aacfk
Webroot
Avira BDS/Fynloski.675840
eGambit RAT.DarkComet
Antiy-AVL Trojan[Backdoor]/Win32.Delf.aecw
Kingsoft Win32.Hack.HuigeziT.cz
Microsoft Backdoor:Win32/Fynloski.PA!MTB
Arcabit Trojan.Keylogger.Delf.AS
ViRobot Backdoor.Win32.A.Delf.318976.A
ZoneAlarm Backdoor.Win32.DarkKomet.aaqd
GData Win32.Backdoor.DarkComet.H
Cynet Malicious (score: 100)
AhnLab-V3 Backdoor/Win32.Graybird.R24002
Connects to IP addresses that are no longer responding to requests (legitimate services will remain up-and-running usually) (2 个事件)
dead_host 172.217.24.14:443
dead_host 172.217.160.78:443
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

2012-04-16 02:06:52

Imports

Library oleaut32.dll:
0x4a0ca0 SysFreeString
0x4a0ca4 SysReAllocStringLen
0x4a0ca8 SysAllocStringLen
Library advapi32.dll:
0x4a0cb0 RegQueryValueExA
0x4a0cb4 RegOpenKeyExA
0x4a0cb8 RegCloseKey
Library user32.dll:
0x4a0cc0 GetKeyboardType
0x4a0cc4 DestroyWindow
0x4a0cc8 LoadStringA
0x4a0ccc MessageBoxA
0x4a0cd0 CharNextA
Library kernel32.dll:
0x4a0cd8 GetACP
0x4a0cdc Sleep
0x4a0ce0 VirtualFree
0x4a0ce4 VirtualAlloc
0x4a0ce8 GetTickCount
0x4a0cf0 GetCurrentThreadId
0x4a0cfc VirtualQuery
0x4a0d00 WideCharToMultiByte
0x4a0d04 MultiByteToWideChar
0x4a0d08 lstrlenA
0x4a0d0c lstrcpynA
0x4a0d10 LoadLibraryExA
0x4a0d14 GetThreadLocale
0x4a0d18 GetStartupInfoA
0x4a0d1c GetProcAddress
0x4a0d20 GetModuleHandleA
0x4a0d24 GetModuleFileNameA
0x4a0d28 GetLocaleInfoA
0x4a0d2c GetLastError
0x4a0d30 GetCommandLineA
0x4a0d34 FreeLibrary
0x4a0d38 FindFirstFileA
0x4a0d3c FindClose
0x4a0d40 ExitProcess
0x4a0d44 ExitThread
0x4a0d48 CreateThread
0x4a0d4c CompareStringA
0x4a0d50 WriteFile
0x4a0d58 SetFilePointer
0x4a0d5c SetEndOfFile
0x4a0d60 RtlUnwind
0x4a0d64 ReadFile
0x4a0d68 RaiseException
0x4a0d6c GetStdHandle
0x4a0d70 GetFileSize
0x4a0d74 GetFileType
0x4a0d78 CreateFileA
0x4a0d7c CloseHandle
Library kernel32.dll:
0x4a0d84 TlsSetValue
0x4a0d88 TlsGetValue
0x4a0d8c LocalAlloc
0x4a0d90 GetModuleHandleA
Library user32.dll:
0x4a0d98 CreateWindowExA
0x4a0d9c mouse_event
0x4a0da0 keybd_event
0x4a0da4 WindowFromPoint
0x4a0da8 WaitMessage
0x4a0dac VkKeyScanA
0x4a0db0 UpdateWindow
0x4a0db4 UnregisterClassA
0x4a0db8 UnhookWindowsHookEx
0x4a0dbc TranslateMessage
0x4a0dc4 TrackPopupMenu
0x4a0dc8 ToAscii
0x4a0dd0 ShowWindow
0x4a0dd4 ShowScrollBar
0x4a0dd8 ShowOwnedPopups
0x4a0ddc SetWindowsHookExA
0x4a0de0 SetWindowTextA
0x4a0de4 SetWindowPos
0x4a0de8 SetWindowPlacement
0x4a0dec SetWindowLongW
0x4a0df0 SetWindowLongA
0x4a0df4 SetTimer
0x4a0df8 SetScrollRange
0x4a0dfc SetScrollPos
0x4a0e00 SetScrollInfo
0x4a0e04 SetRectEmpty
0x4a0e08 SetRect
0x4a0e0c SetPropA
0x4a0e10 SetParent
0x4a0e14 SetMenuItemInfoA
0x4a0e18 SetMenu
0x4a0e1c SetForegroundWindow
0x4a0e20 SetFocus
0x4a0e24 SetCursorPos
0x4a0e28 SetCursor
0x4a0e2c SetClipboardData
0x4a0e30 SetClassLongA
0x4a0e34 SetCapture
0x4a0e38 SetActiveWindow
0x4a0e3c SendMessageW
0x4a0e40 SendMessageA
0x4a0e44 ScrollWindow
0x4a0e48 ScreenToClient
0x4a0e4c RemovePropA
0x4a0e50 RemoveMenu
0x4a0e54 ReleaseDC
0x4a0e58 ReleaseCapture
0x4a0e64 RegisterClassA
0x4a0e68 RedrawWindow
0x4a0e6c PtInRect
0x4a0e70 PostQuitMessage
0x4a0e74 PostMessageA
0x4a0e78 PeekMessageW
0x4a0e7c PeekMessageA
0x4a0e80 OpenClipboard
0x4a0e84 OffsetRect
0x4a0e88 OemToCharA
0x4a0e94 MessageBoxA
0x4a0e98 MapWindowPoints
0x4a0e9c MapVirtualKeyA
0x4a0ea0 LockWorkStation
0x4a0ea4 LoadStringA
0x4a0ea8 LoadKeyboardLayoutA
0x4a0eac LoadIconA
0x4a0eb0 LoadCursorA
0x4a0eb4 LoadBitmapA
0x4a0eb8 KillTimer
0x4a0ebc IsZoomed
0x4a0ec0 IsWindowVisible
0x4a0ec4 IsWindowUnicode
0x4a0ec8 IsWindowEnabled
0x4a0ecc IsWindow
0x4a0ed0 IsRectEmpty
0x4a0ed4 IsIconic
0x4a0ed8 IsDialogMessageW
0x4a0edc IsDialogMessageA
0x4a0ee4 IsChild
0x4a0ee8 InvalidateRect
0x4a0eec IntersectRect
0x4a0ef0 InsertMenuItemA
0x4a0ef4 InsertMenuA
0x4a0ef8 InflateRect
0x4a0f04 GetWindowTextA
0x4a0f08 GetWindowRect
0x4a0f0c GetWindowPlacement
0x4a0f10 GetWindowLongW
0x4a0f14 GetWindowLongA
0x4a0f18 GetWindowDC
0x4a0f1c GetTopWindow
0x4a0f20 GetSystemMetrics
0x4a0f24 GetSystemMenu
0x4a0f28 GetSysColorBrush
0x4a0f2c GetSysColor
0x4a0f30 GetSubMenu
0x4a0f34 GetScrollRange
0x4a0f38 GetScrollPos
0x4a0f3c GetScrollInfo
0x4a0f40 GetPropA
0x4a0f44 GetParent
0x4a0f48 GetWindow
0x4a0f4c GetMessagePos
0x4a0f50 GetMessageA
0x4a0f54 GetMenuStringA
0x4a0f58 GetMenuState
0x4a0f5c GetMenuItemInfoA
0x4a0f60 GetMenuItemID
0x4a0f64 GetMenuItemCount
0x4a0f68 GetMenu
0x4a0f6c GetLastInputInfo
0x4a0f70 GetLastActivePopup
0x4a0f74 GetKeyboardState
0x4a0f80 GetKeyboardLayout
0x4a0f84 GetKeyState
0x4a0f88 GetKeyNameTextA
0x4a0f8c GetIconInfo
0x4a0f90 GetForegroundWindow
0x4a0f94 GetFocus
0x4a0f98 GetDesktopWindow
0x4a0f9c GetDCEx
0x4a0fa0 GetDC
0x4a0fa4 GetCursorPos
0x4a0fa8 GetCursor
0x4a0fac GetClipboardData
0x4a0fb0 GetClientRect
0x4a0fb4 GetClassNameA
0x4a0fb8 GetClassLongA
0x4a0fbc GetClassInfoA
0x4a0fc0 GetCapture
0x4a0fc4 GetActiveWindow
0x4a0fc8 FrameRect
0x4a0fcc FindWindowExA
0x4a0fd0 FindWindowA
0x4a0fd4 FillRect
0x4a0fd8 ExitWindowsEx
0x4a0fdc EqualRect
0x4a0fe0 EnumWindows
0x4a0fe4 EnumThreadWindows
0x4a0fe8 EnumDisplayDevicesA
0x4a0ff0 EnumChildWindows
0x4a0ff4 EndPaint
0x4a0ff8 EnableWindow
0x4a0ffc EnableScrollBar
0x4a1000 EnableMenuItem
0x4a1004 EmptyClipboard
0x4a1008 DrawTextA
0x4a100c DrawMenuBar
0x4a1010 DrawIconEx
0x4a1014 DrawIcon
0x4a1018 DrawFrameControl
0x4a101c DrawEdge
0x4a1020 DispatchMessageW
0x4a1024 DispatchMessageA
0x4a1028 DestroyWindow
0x4a102c DestroyMenu
0x4a1030 DestroyIcon
0x4a1034 DestroyCursor
0x4a1038 DeleteMenu
0x4a103c DefWindowProcA
0x4a1040 DefMDIChildProcA
0x4a1044 DefFrameProcA
0x4a1048 CreatePopupMenu
0x4a104c CreateMenu
0x4a1050 CreateIcon
0x4a1054 CloseClipboard
0x4a1058 ClientToScreen
0x4a105c CheckMenuItem
0x4a1060 CallWindowProcA
0x4a1064 CallNextHookEx
0x4a1068 BeginPaint
0x4a106c CharNextA
0x4a1070 CharLowerBuffA
0x4a1074 CharLowerA
0x4a1078 CharUpperBuffA
0x4a107c CharToOemA
0x4a1080 AdjustWindowRectEx
Library gdi32.dll:
0x4a108c UnrealizeObject
0x4a1090 StretchBlt
0x4a1094 SetWindowOrgEx
0x4a1098 SetWinMetaFileBits
0x4a109c SetViewportOrgEx
0x4a10a0 SetTextColor
0x4a10a4 SetStretchBltMode
0x4a10a8 SetROP2
0x4a10ac SetPixel
0x4a10b0 SetEnhMetaFileBits
0x4a10b4 SetDIBColorTable
0x4a10b8 SetBrushOrgEx
0x4a10bc SetBkMode
0x4a10c0 SetBkColor
0x4a10c4 SelectPalette
0x4a10c8 SelectObject
0x4a10cc SaveDC
0x4a10d0 RestoreDC
0x4a10d4 RectVisible
0x4a10d8 RealizePalette
0x4a10dc PlayEnhMetaFile
0x4a10e0 PatBlt
0x4a10e4 MoveToEx
0x4a10e8 MaskBlt
0x4a10ec LineTo
0x4a10f0 IntersectClipRect
0x4a10f4 GetWindowOrgEx
0x4a10f8 GetWinMetaFileBits
0x4a10fc GetTextMetricsA
0x4a1108 GetStockObject
0x4a110c GetRgnBox
0x4a1110 GetPixel
0x4a1114 GetPaletteEntries
0x4a1118 GetObjectA
0x4a1124 GetEnhMetaFileBits
0x4a1128 GetDeviceCaps
0x4a112c GetDIBits
0x4a1130 GetDIBColorTable
0x4a1134 GetDCOrgEx
0x4a113c GetClipBox
0x4a1140 GetBrushOrgEx
0x4a1144 GetBitmapBits
0x4a1148 GdiFlush
0x4a114c ExtTextOutA
0x4a1150 ExcludeClipRect
0x4a1154 DeleteObject
0x4a1158 DeleteEnhMetaFile
0x4a115c DeleteDC
0x4a1160 CreateSolidBrush
0x4a1164 CreatePenIndirect
0x4a1168 CreatePalette
0x4a1170 CreateFontIndirectA
0x4a1174 CreateDIBitmap
0x4a1178 CreateDIBSection
0x4a117c CreateDCA
0x4a1180 CreateCompatibleDC
0x4a1188 CreateBrushIndirect
0x4a118c CreateBitmap
0x4a1190 CopyEnhMetaFileA
0x4a1194 BitBlt
Library version.dll:
0x4a119c VerQueryValueA
0x4a11a4 GetFileVersionInfoA
Library kernel32.dll:
0x4a11ac lstrcpyA
0x4a11b0 WriteProcessMemory
0x4a11b4 WriteFile
0x4a11b8 WinExec
0x4a11bc WaitForSingleObject
0x4a11c4 VirtualQuery
0x4a11c8 VirtualProtectEx
0x4a11cc VirtualProtect
0x4a11d0 VirtualFreeEx
0x4a11d4 VirtualFree
0x4a11d8 VirtualAllocEx
0x4a11dc VirtualAlloc
0x4a11e0 VerLanguageNameA
0x4a11e4 UnmapViewOfFile
0x4a11e8 TerminateProcess
0x4a11ec Sleep
0x4a11f0 SizeofResource
0x4a11f4 SetThreadPriority
0x4a11f8 SetThreadLocale
0x4a11fc SetThreadContext
0x4a1200 SetLastError
0x4a1204 SetFileTime
0x4a1208 SetFilePointer
0x4a120c SetFileAttributesA
0x4a1210 SetEvent
0x4a1214 SetErrorMode
0x4a1218 SetEndOfFile
0x4a121c ResumeThread
0x4a1220 ResetEvent
0x4a1224 ReadProcessMemory
0x4a1228 ReadFile
0x4a122c PeekNamedPipe
0x4a1230 OpenProcess
0x4a1234 MultiByteToWideChar
0x4a1238 MulDiv
0x4a123c MoveFileA
0x4a1240 MapViewOfFile
0x4a1244 LockResource
0x4a124c LocalAlloc
0x4a1250 LoadResource
0x4a1254 LoadLibraryA
0x4a125c IsBadReadPtr
0x4a1264 HeapFree
0x4a1268 HeapAlloc
0x4a126c GlobalUnlock
0x4a1270 GlobalMemoryStatus
0x4a1274 GlobalLock
0x4a1278 GlobalFree
0x4a127c GlobalFindAtomA
0x4a1280 GlobalDeleteAtom
0x4a1284 GlobalAlloc
0x4a1288 GlobalAddAtomA
0x4a1294 GetVersionExA
0x4a1298 GetVersion
0x4a12a0 GetTickCount
0x4a12a4 GetThreadLocale
0x4a12a8 GetThreadContext
0x4a12ac GetTempPathA
0x4a12b4 GetSystemDirectoryA
0x4a12b8 GetStdHandle
0x4a12bc GetProcessHeap
0x4a12c0 GetProcAddress
0x4a12c4 GetModuleHandleA
0x4a12c8 GetModuleFileNameA
0x4a12cc GetLocaleInfoA
0x4a12d0 GetLocalTime
0x4a12d4 GetLastError
0x4a12d8 GetFullPathNameA
0x4a12dc GetFileTime
0x4a12e0 GetFileSize
0x4a12e4 GetFileAttributesA
0x4a12e8 GetExitCodeThread
0x4a12ec GetExitCodeProcess
0x4a12f4 GetDriveTypeA
0x4a12f8 GetDiskFreeSpaceA
0x4a12fc GetDateFormatA
0x4a1300 GetCurrentThreadId
0x4a1304 GetCurrentThread
0x4a1308 GetCurrentProcessId
0x4a130c GetCurrentProcess
0x4a1310 GetComputerNameA
0x4a1314 GetCPInfo
0x4a1318 FreeResource
0x4a1320 InterlockedExchange
0x4a1328 FreeLibrary
0x4a132c FormatMessageA
0x4a1330 FindResourceA
0x4a1334 FindNextFileA
0x4a1338 FindFirstFileA
0x4a133c FindClose
0x4a134c ExitThread
0x4a1350 ExitProcess
0x4a1354 EnumResourceNamesA
0x4a1358 EnumCalendarInfoA
0x4a1364 DeleteFileA
0x4a136c CreateThread
0x4a1370 CreateRemoteThread
0x4a1374 CreateProcessA
0x4a1378 CreatePipe
0x4a137c CreateMutexA
0x4a1380 CreateFileMappingA
0x4a1384 CreateFileA
0x4a1388 CreateEventA
0x4a138c CreateDirectoryA
0x4a1390 CopyFileA
0x4a1394 CompareStringA
0x4a1398 CloseHandle
0x4a139c Beep
Library advapi32.dll:
0x4a13a4 RegSetValueExA
0x4a13a8 RegQueryValueExA
0x4a13ac RegQueryInfoKeyA
0x4a13b0 RegOpenKeyExA
0x4a13b4 RegOpenKeyA
0x4a13b8 RegFlushKey
0x4a13bc RegEnumValueA
0x4a13c0 RegEnumKeyExA
0x4a13c4 RegDeleteValueA
0x4a13c8 RegDeleteKeyA
0x4a13cc RegCreateKeyExA
0x4a13d0 RegCreateKeyA
0x4a13d4 RegCloseKey
0x4a13d8 OpenThreadToken
0x4a13dc OpenProcessToken
0x4a13ec LookupAccountSidA
0x4a13f0 IsValidSid
0x4a13f4 GetUserNameA
0x4a13f8 GetTokenInformation
0x4a1400 GetSidSubAuthority
Library wsock32.dll:
0x4a1414 __WSAFDIsSet
0x4a1418 WSACleanup
0x4a141c WSAStartup
0x4a1420 WSAGetLastError
0x4a1424 gethostname
0x4a1428 getservbyname
0x4a142c gethostbyname
0x4a1430 gethostbyaddr
0x4a1434 socket
0x4a1438 shutdown
0x4a143c sendto
0x4a1440 send
0x4a1444 select
0x4a1448 recv
0x4a144c ntohs
0x4a1450 listen
0x4a1454 ioctlsocket
0x4a1458 inet_ntoa
0x4a145c inet_addr
0x4a1460 htons
0x4a1464 getsockname
0x4a1468 connect
0x4a146c closesocket
0x4a1470 bind
0x4a1474 accept
Library kernel32.dll:
0x4a147c Sleep
Library ole32.dll:
0x4a1484 CoTaskMemFree
0x4a1488 StringFromCLSID
Library shell32.dll:
0x4a1490 ShellExecuteExA
0x4a1494 ShellExecuteA
0x4a1498 SHGetFileInfoA
0x4a149c SHFileOperationA
0x4a14a0 DragQueryFileA
Library oleaut32.dll:
0x4a14a8 GetErrorInfo
0x4a14ac GetActiveObject
0x4a14b0 SysFreeString
Library ole32.dll:
0x4a14b8 CoTaskMemFree
0x4a14bc CLSIDFromProgID
0x4a14c0 ProgIDFromCLSID
0x4a14c4 StringFromCLSID
0x4a14c8 CoCreateInstance
0x4a14cc CoUninitialize
0x4a14d0 CoInitialize
0x4a14d4 IsEqualGUID
Library URLMON.DLL:
0x4a14dc URLDownloadToFileA
Library oleaut32.dll:
0x4a14e4 SafeArrayPtrOfIndex
0x4a14e8 SafeArrayGetUBound
0x4a14ec SafeArrayGetLBound
0x4a14f0 SafeArrayCreate
0x4a14f4 VariantChangeType
0x4a14f8 VariantCopy
0x4a14fc VariantClear
0x4a1500 VariantInit
Library comctl32.dll:
0x4a1508 _TrackMouseEvent
0x4a1514 ImageList_Write
0x4a1518 ImageList_Read
0x4a1520 ImageList_DragMove
0x4a1524 ImageList_DragLeave
0x4a1528 ImageList_DragEnter
0x4a152c ImageList_EndDrag
0x4a1530 ImageList_BeginDrag
0x4a1534 ImageList_Remove
0x4a1538 ImageList_DrawEx
0x4a153c ImageList_Draw
0x4a1548 ImageList_Add
0x4a1550 ImageList_Destroy
0x4a1554 ImageList_Create
Library wininet.dll:
0x4a155c InternetOpenUrlA
0x4a1560 InternetOpenA
0x4a1564 InternetConnectA
0x4a1568 InternetCloseHandle
0x4a156c FtpPutFileA

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 49235 114.114.114.114 53
192.168.56.101 51963 114.114.114.114 53
192.168.56.101 53210 114.114.114.114 53
192.168.56.101 53657 114.114.114.114 53
192.168.56.101 55368 114.114.114.114 53
192.168.56.101 60215 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 123 20.189.79.72 time.windows.com 123
192.168.56.101 50002 224.0.0.252 5355
192.168.56.101 50534 224.0.0.252 5355
192.168.56.101 51808 224.0.0.252 5355
192.168.56.101 53380 224.0.0.252 5355
192.168.56.101 56539 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 57756 224.0.0.252 5355
192.168.56.101 57874 224.0.0.252 5355
192.168.56.101 60123 224.0.0.252 5355
192.168.56.101 60384 224.0.0.252 5355
192.168.56.101 61680 224.0.0.252 5355

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.