5.8
高危
62 个模型检测该样本为恶意!
重新分析
更多

d6332d4b5b5984ebb39685164428ad0f1f1b04e82b14cd5d773bbdd0d4ad05dc

964c22f7e89bf513de1c03964805855a.exe

分析耗时

28s

最近分析

文件大小

690.0KB
静态报毒 动态报毒 100% ABCQ AGENTWDCR AI SCORE=100 ALI2000015 ANDROM ANTIVM AUTO AVAA BTFXTE CONFIDENCE DELF DELFINJECT DELPHILESS ECIY EHDJ FAREIT GENKRYPTIK HAWKEYE HIGH CONFIDENCE HJXWRZ HWUBQPEA ICUJC IGENT KRYPTIK KTSE LOKI MALWARE@#2YZTXOA783PLG NANOBOT NANOCO NANOCORE NOANCOOE R + TROJ RDNAET RG0@AQACFHHI SAVE SCORE STATIC AI SUSGEN SUSPICIOUS PE TIOIBYUJ TSCOPE UNSAFE X2059 ZELPHIF 更多
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
McAfee Fareit-FSK!964C22F7E89B 20210208 6.0.6.653
Alibaba Trojan:Win32/DelfInject.ali2000015 20190527 0.3.0.5
CrowdStrike win/malicious_confidence_100% (W) 20210203 1.0
Baidu 20190318 1.0.0.2
Avast Other:Malware-gen [Trj] 20210208 21.1.5827.0
Tencent Win32.Trojan.Inject.Auto 20210208 1.0.0.1
Kingsoft 20210208 2017.9.26.565
静态指标
The executable contains unknown PE section names indicative of a packer (could be a false positive) (3 个事件)
section CODE
section DATA
section BSS
The executable uses a known packer (1 个事件)
packer BobSoft Mini Delphi -> BoB / BobSoft
One or more processes crashed (2 个事件)
Time & API Arguments Status Return Repeated
1619815156.777751
__exception__
stacktrace: 
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 51183424
registers.edi: 0
registers.eax: 0
registers.ebp: 51183496
registers.edx: 39
registers.ebx: 0
registers.esi: 0
registers.ecx: 762
exception.instruction_r: f7 f0 33 c0 5a 59 59 64 89 10 eb 5e e9 54 7e fa
exception.symbol: 964c22f7e89bf513de1c03964805855a+0x5b7e7
exception.instruction: div eax
exception.module: 964c22f7e89bf513de1c03964805855a.exe
exception.exception_code: 0xc0000094
exception.offset: 374759
exception.address: 0x45b7e7
success 0 0
1619815160.090499
__exception__
stacktrace: 
CreateFileMappingW+0xe5 OpenFileMappingW-0x29 kernelbase+0xdc73 @ 0x778edc73
GetFileVersion+0xa7 ND_RI2-0x2eb mscoreei+0xe97b @ 0x750ae97b
GetFileVersion+0x1bb ND_RI2-0x1d7 mscoreei+0xea8f @ 0x750aea8f
RegisterShimImplCallback+0x48e5 CLRCreateInstance-0x13e6 mscoreei+0xb25a @ 0x750ab25a
RegisterShimImplCallback+0x4b52 CLRCreateInstance-0x1179 mscoreei+0xb4c7 @ 0x750ab4c7
RegisterShimImplCallback+0x4300 CLRCreateInstance-0x19cb mscoreei+0xac75 @ 0x750aac75
RegisterShimImplCallback+0x4561 CLRCreateInstance-0x176a mscoreei+0xaed6 @ 0x750aaed6
CreateConfigStream+0xc89 _CorExeMain-0x62 mscoreei+0x5511 @ 0x750a5511
_CorExeMain+0x2b _CorExeMain2-0x141 mscoreei+0x559e @ 0x750a559e
CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x75117f16
_CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x75114de3
964c22f7e89bf513de1c03964805855a+0x40a4d @ 0x440a4d
964c22f7e89bf513de1c03964805855a+0x39254 @ 0x439254
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1634372
registers.edi: 2
registers.eax: 1
registers.ebp: 1634412
registers.edx: 228
registers.ebx: 983045
registers.esi: 1634532
registers.ecx: 228
exception.symbol:
exception.exception_code: 0xc0000005
exception.address: 0xfdd814ad
success 0 0
行为判定
动态指标
One or more potentially interesting buffers were extracted, these generally contain injected code, configuration data, etc.
Allocates read-write-execute memory (usually to unpack itself) (30 个事件)
Time & API Arguments Status Return Repeated
1619815156.574751
NtAllocateVirtualMemory
process_identifier: 1060
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00350000
success 0 0
1619815156.777751
NtAllocateVirtualMemory
process_identifier: 1060
region_size: 36864
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x003e0000
success 0 0
1619815156.793751
NtAllocateVirtualMemory
process_identifier: 1060
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00690000
success 0 0
1619815158.184499
NtProtectVirtualMemory
process_identifier: 944
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00400000
success 0 0
1619815158.262499
NtAllocateVirtualMemory
process_identifier: 944
region_size: 1114112
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 8192 (MEM_RESERVE)
base_address: 0x01e40000
success 0 0
1619815158.262499
NtAllocateVirtualMemory
process_identifier: 944
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x01f10000
success 0 0
1619815158.262499
NtAllocateVirtualMemory
process_identifier: 944
region_size: 229376
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x007e0000
success 0 0
1619815158.262499
NtProtectVirtualMemory
process_identifier: 944
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 118784
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x007e2000
success 0 0
1619815158.855499
NtAllocateVirtualMemory
process_identifier: 944
region_size: 720896
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 8192 (MEM_RESERVE)
base_address: 0x01e40000
success 0 0
1619815158.855499
NtAllocateVirtualMemory
process_identifier: 944
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x01eb0000
success 0 0
1619815160.043499
NtProtectVirtualMemory
process_identifier: 944
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00822000
success 0 0
1619815160.043499
NtProtectVirtualMemory
process_identifier: 944
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76351000
success 0 0
1619815160.043499
NtProtectVirtualMemory
process_identifier: 944
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00822000
success 0 0
1619815160.043499
NtProtectVirtualMemory
process_identifier: 944
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76353000
success 0 0
1619815160.043499
NtProtectVirtualMemory
process_identifier: 944
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00822000
success 0 0
1619815160.043499
NtProtectVirtualMemory
process_identifier: 944
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76354000
success 0 0
1619815160.043499
NtProtectVirtualMemory
process_identifier: 944
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00822000
success 0 0
1619815160.043499
NtProtectVirtualMemory
process_identifier: 944
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76351000
success 0 0
1619815160.043499
NtProtectVirtualMemory
process_identifier: 944
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00822000
success 0 0
1619815160.043499
NtProtectVirtualMemory
process_identifier: 944
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x77d4f000
success 0 0
1619815160.043499
NtProtectVirtualMemory
process_identifier: 944
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00822000
success 0 0
1619815160.043499
NtProtectVirtualMemory
process_identifier: 944
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76353000
success 0 0
1619815160.043499
NtProtectVirtualMemory
process_identifier: 944
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00822000
success 0 0
1619815160.043499
NtProtectVirtualMemory
process_identifier: 944
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76351000
success 0 0
1619815160.043499
NtProtectVirtualMemory
process_identifier: 944
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00822000
success 0 0
1619815160.043499
NtProtectVirtualMemory
process_identifier: 944
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76351000
success 0 0
1619815160.043499
NtProtectVirtualMemory
process_identifier: 944
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00822000
success 0 0
1619815160.043499
NtProtectVirtualMemory
process_identifier: 944
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76354000
success 0 0
1619815160.043499
NtProtectVirtualMemory
process_identifier: 944
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00822000
success 0 0
1619815160.043499
NtProtectVirtualMemory
process_identifier: 944
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76351000
success 0 0
The binary likely contains encrypted or compressed data indicative of a packer (3 个事件)
entropy 7.745968202962627 section {'size_of_data': '0x00009c00', 'virtual_address': '0x0005c000', 'entropy': 7.745968202962627, 'name': 'DATA', 'virtual_size': '0x00009b58'} description A section with a high entropy has been found
entropy 7.436948203806587 section {'size_of_data': '0x0003ec00', 'virtual_address': '0x00073000', 'entropy': 7.436948203806587, 'name': '.rsrc', 'virtual_size': '0x0003eab8'} description A section with a high entropy has been found
entropy 0.420899854862119 description Overall entropy of this PE file is high
网络通信
Communicates with host for which no DNS query was performed (1 个事件)
host 172.217.24.14
Used NtSetContextThread to modify a thread in a remote process indicative of process injection (2 个事件)
Process injection Process 1060 called NtSetContextThread to modify thread in remote process 944
Time & API Arguments Status Return Repeated
1619815157.027751
NtSetContextThread
thread_handle: 0x00000100
registers.eip: 0
registers.esp: 0
registers.edi: 0
registers.eax: 4707504
registers.ebp: 0
registers.edx: 0
registers.ebx: 2130567168
registers.esi: 0
registers.ecx: 0
process_identifier: 944
success 0 0
Resumed a suspended thread in a remote process potentially indicative of process injection (2 个事件)
Process injection Process 1060 resumed a thread in remote process 944
Time & API Arguments Status Return Repeated
1619815157.887751
NtResumeThread
thread_handle: 0x00000100
suspend_count: 1
process_identifier: 944
success 0 0
Executed a process and injected code into it, probably while unpacking (6 个事件)
Time & API Arguments Status Return Repeated
1619815156.965751
CreateProcessInternalW
thread_identifier: 364
thread_handle: 0x00000100
process_identifier: 944
current_directory:
filepath:
track: 1
command_line: "C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\964c22f7e89bf513de1c03964805855a.exe"
filepath_r:
stack_pivoted: 0
creation_flags: 4 (CREATE_SUSPENDED)
process_handle: 0x00000104
inherit_handles: 0
success 1 0
1619815156.980751
NtUnmapViewOfSection
process_identifier: 944
region_size: 4096
process_handle: 0x00000104
base_address: 0x00400000
success 0 0
1619815156.980751
NtMapViewOfSection
section_handle: 0x00000124
process_identifier: 944
commit_size: 520192
win32_protect: 64 (PAGE_EXECUTE_READWRITE)
buffer:
process_handle: 0x00000104
allocation_type: 0 ()
section_offset: 0
view_size: 520192
base_address: 0x00400000
success 0 0
1619815157.027751
NtGetContextThread
thread_handle: 0x00000100
success 0 0
1619815157.027751
NtSetContextThread
thread_handle: 0x00000100
registers.eip: 0
registers.esp: 0
registers.edi: 0
registers.eax: 4707504
registers.ebp: 0
registers.edx: 0
registers.ebx: 2130567168
registers.esi: 0
registers.ecx: 0
process_identifier: 944
success 0 0
1619815157.887751
NtResumeThread
thread_handle: 0x00000100
suspend_count: 1
process_identifier: 944
success 0 0
File has been identified by 62 AntiVirus engines on VirusTotal as malicious (50 out of 62 个事件)
Elastic malicious (high confidence)
MicroWorld-eScan Trojan.AgentWDCR.ABCQ
FireEye Generic.mg.964c22f7e89bf513
CAT-QuickHeal Trojan.Multi
McAfee Fareit-FSK!964C22F7E89B
Cylance Unsafe
Sangfor Trojan.Win32.Save.a
K7AntiVirus Trojan ( 00565f751 )
Alibaba Trojan:Win32/DelfInject.ali2000015
K7GW Trojan ( 00565f751 )
CrowdStrike win/malicious_confidence_100% (W)
Arcabit Trojan.AgentWDCR.ABCQ
Cyren W32/Trojan.ECIY-8186
Symantec Trojan Horse
APEX Malicious
Avast Other:Malware-gen [Trj]
ClamAV Win.Dropper.HawkEye-7759832-0
Kaspersky HEUR:Backdoor.Win32.NanoBot.gen
BitDefender Trojan.AgentWDCR.ABCQ
NANO-Antivirus Trojan.Win32.Nanocore.hjxwrz
Paloalto generic.ml
AegisLab Trojan.Win32.NanoBot.m!c
Tencent Win32.Trojan.Inject.Auto
Ad-Aware Trojan.AgentWDCR.ABCQ
Sophos Mal/Generic-R + Troj/NanoCo-AJL
Comodo Malware@#2yztxoa783plg
F-Secure Trojan.TR/Agent.icujc
DrWeb Trojan.Nanocore.23
VIPRE Win32.Malware!Drop
TrendMicro TrojanSpy.Win32.LOKI.TIOIBYUJ
McAfee-GW-Edition BehavesLike.Win32.Fareit.jc
Emsisoft Trojan.AgentWDCR.ABCQ (B)
SentinelOne Static AI - Suspicious PE
Jiangmin Backdoor.Androm.avaa
Webroot W32.Trojan.Gen
Avira TR/Agent.icujc
Antiy-AVL Trojan[Backdoor]/MSIL.Noancooe
Gridinsoft Trojan.Win32.Kryptik.ba!s1
Microsoft Backdoor:MSIL/Noancooe.B
ZoneAlarm HEUR:Backdoor.Win32.NanoBot.gen
GData Win32.Malware.AntiVM.RDNAET
Cynet Malicious (score: 100)
AhnLab-V3 Suspicious/Win.Delphiless.X2059
Acronis suspicious
BitDefenderTheta Gen:NN.ZelphiF.34804.RG0@aqACFhhi
ALYac Backdoor.RAT.MSIL.NanoCore
MAX malware (ai score=100)
VBA32 TScope.Trojan.Delf
Malwarebytes Trojan.MalPack
Zoner Trojan.Win32.90773
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

1992-06-20 06:22:17

Imports

Library kernel32.dll:
0x46713c VirtualFree
0x467140 VirtualAlloc
0x467144 LocalFree
0x467148 LocalAlloc
0x46714c GetVersion
0x467150 GetCurrentThreadId
0x46715c VirtualQuery
0x467160 WideCharToMultiByte
0x467168 MultiByteToWideChar
0x46716c lstrlenA
0x467170 lstrcpynA
0x467174 LoadLibraryExA
0x467178 GetThreadLocale
0x46717c GetStartupInfoA
0x467180 GetProcAddress
0x467184 GetModuleHandleA
0x467188 GetModuleFileNameA
0x46718c GetLocaleInfoA
0x467190 GetLastError
0x467198 GetCommandLineA
0x46719c FreeLibrary
0x4671a0 FindFirstFileA
0x4671a4 FindClose
0x4671a8 ExitProcess
0x4671ac WriteFile
0x4671b4 RtlUnwind
0x4671b8 RaiseException
0x4671bc GetStdHandle
Library user32.dll:
0x4671c4 GetKeyboardType
0x4671c8 LoadStringA
0x4671cc MessageBoxA
0x4671d0 CharNextA
Library advapi32.dll:
0x4671d8 RegQueryValueExA
0x4671dc RegOpenKeyExA
0x4671e0 RegCloseKey
Library oleaut32.dll:
0x4671e8 SysFreeString
0x4671ec SysReAllocStringLen
0x4671f0 SysAllocStringLen
Library kernel32.dll:
0x4671f8 TlsSetValue
0x4671fc TlsGetValue
0x467200 LocalAlloc
0x467204 GetModuleHandleA
Library advapi32.dll:
0x46720c RegQueryValueExA
0x467210 RegOpenKeyExA
0x467214 RegCloseKey
Library kernel32.dll:
0x46721c lstrcpyA
0x467220 lstrcmpA
0x467224 WriteFile
0x467228 WaitForSingleObject
0x46722c VirtualQuery
0x467230 VirtualAlloc
0x467234 Sleep
0x467238 SizeofResource
0x46723c SetThreadLocale
0x467240 SetFilePointer
0x467244 SetEvent
0x467248 SetErrorMode
0x46724c SetEndOfFile
0x467250 ResetEvent
0x467254 ReadFile
0x467258 MulDiv
0x46725c LockResource
0x467260 LoadResource
0x467264 LoadLibraryA
0x467270 GlobalUnlock
0x467274 GlobalReAlloc
0x467278 GlobalHandle
0x46727c GlobalLock
0x467280 GlobalFree
0x467284 GlobalFindAtomA
0x467288 GlobalDeleteAtom
0x46728c GlobalAlloc
0x467290 GlobalAddAtomA
0x467294 GetVersionExA
0x467298 GetVersion
0x46729c GetTickCount
0x4672a0 GetThreadLocale
0x4672a8 GetSystemTime
0x4672ac GetSystemInfo
0x4672b0 GetStringTypeExA
0x4672b4 GetStdHandle
0x4672b8 GetProcAddress
0x4672bc GetModuleHandleA
0x4672c0 GetModuleFileNameA
0x4672c4 GetLocaleInfoA
0x4672c8 GetLocalTime
0x4672cc GetLastError
0x4672d0 GetFullPathNameA
0x4672d4 GetFileAttributesA
0x4672d8 GetDiskFreeSpaceA
0x4672dc GetDateFormatA
0x4672e0 GetCurrentThreadId
0x4672e4 GetCurrentProcessId
0x4672e8 GetCPInfo
0x4672ec GetACP
0x4672f0 FreeResource
0x4672f4 InterlockedExchange
0x4672f8 FreeLibrary
0x4672fc FormatMessageA
0x467300 FindResourceA
0x467304 FindNextFileA
0x467308 FindFirstFileA
0x46730c FindClose
0x46731c ExitThread
0x467320 ExitProcess
0x467324 EnumCalendarInfoA
0x467330 CreateThread
0x467334 CreateFileA
0x467338 CreateEventA
0x46733c CompareStringA
0x467340 CloseHandle
Library version.dll:
0x467348 VerQueryValueA
0x467350 GetFileVersionInfoA
Library gdi32.dll:
0x467358 UnrealizeObject
0x46735c StretchBlt
0x467360 SetWindowOrgEx
0x467364 SetViewportOrgEx
0x467368 SetTextColor
0x46736c SetStretchBltMode
0x467370 SetROP2
0x467374 SetPixel
0x467378 SetDIBColorTable
0x46737c SetBrushOrgEx
0x467380 SetBkMode
0x467384 SetBkColor
0x467388 SelectPalette
0x46738c SelectObject
0x467390 SaveDC
0x467394 RestoreDC
0x467398 RectVisible
0x46739c RealizePalette
0x4673a0 PatBlt
0x4673a4 MoveToEx
0x4673a8 MaskBlt
0x4673ac LineTo
0x4673b0 IntersectClipRect
0x4673b4 GetWindowOrgEx
0x4673b8 GetTextMetricsA
0x4673c4 GetStockObject
0x4673c8 GetPixel
0x4673cc GetPaletteEntries
0x4673d0 GetObjectA
0x4673d4 GetDeviceCaps
0x4673d8 GetDIBits
0x4673dc GetDIBColorTable
0x4673e0 GetDCOrgEx
0x4673e8 GetClipBox
0x4673ec GetBrushOrgEx
0x4673f0 GetBitmapBits
0x4673f4 GetArcDirection
0x4673f8 ExtTextOutA
0x4673fc ExcludeClipRect
0x467400 DeleteObject
0x467404 DeleteDC
0x467408 CreateSolidBrush
0x46740c CreatePenIndirect
0x467410 CreatePalette
0x467418 CreateFontIndirectA
0x46741c CreateDIBitmap
0x467420 CreateDIBSection
0x467424 CreateCompatibleDC
0x46742c CreateBrushIndirect
0x467430 CreateBitmap
0x467434 BitBlt
Library user32.dll:
0x46743c CreateWindowExA
0x467440 WindowFromPoint
0x467444 WinHelpA
0x467448 WaitMessage
0x46744c UpdateWindow
0x467450 UnregisterClassA
0x467454 UnhookWindowsHookEx
0x467458 TranslateMessage
0x467460 TrackPopupMenu
0x467468 ShowWindow
0x46746c ShowScrollBar
0x467470 ShowOwnedPopups
0x467474 ShowCursor
0x467478 SetWindowsHookExA
0x46747c SetWindowTextA
0x467480 SetWindowPos
0x467484 SetWindowPlacement
0x467488 SetWindowLongA
0x46748c SetTimer
0x467490 SetScrollRange
0x467494 SetScrollPos
0x467498 SetScrollInfo
0x46749c SetRect
0x4674a0 SetPropA
0x4674a4 SetParent
0x4674a8 SetMenuItemInfoA
0x4674ac SetMenu
0x4674b0 SetForegroundWindow
0x4674b4 SetFocus
0x4674b8 SetCursor
0x4674bc SetClassLongA
0x4674c0 SetCapture
0x4674c4 SetActiveWindow
0x4674c8 SendMessageA
0x4674cc ScrollWindow
0x4674d0 ScreenToClient
0x4674d4 RemovePropA
0x4674d8 RemoveMenu
0x4674dc ReleaseDC
0x4674e0 ReleaseCapture
0x4674ec RegisterClassA
0x4674f0 RedrawWindow
0x4674f4 PtInRect
0x4674f8 PostQuitMessage
0x4674fc PostMessageA
0x467500 PeekMessageA
0x467504 OffsetRect
0x467508 OemToCharA
0x46750c MessageBoxA
0x467510 MapWindowPoints
0x467514 MapVirtualKeyA
0x467518 LoadStringA
0x46751c LoadKeyboardLayoutA
0x467520 LoadIconA
0x467524 LoadCursorA
0x467528 LoadBitmapA
0x46752c KillTimer
0x467530 IsZoomed
0x467534 IsWindowVisible
0x467538 IsWindowEnabled
0x46753c IsWindow
0x467540 IsRectEmpty
0x467544 IsIconic
0x467548 IsDialogMessageA
0x46754c IsChild
0x467550 InvalidateRect
0x467554 IntersectRect
0x467558 InsertMenuItemA
0x46755c InsertMenuA
0x467560 InflateRect
0x467568 GetWindowTextA
0x46756c GetWindowRect
0x467570 GetWindowPlacement
0x467574 GetWindowLongA
0x467578 GetWindowDC
0x46757c GetTopWindow
0x467580 GetSystemMetrics
0x467584 GetSystemMenu
0x467588 GetSysColorBrush
0x46758c GetSysColor
0x467590 GetSubMenu
0x467594 GetScrollRange
0x467598 GetScrollPos
0x46759c GetScrollInfo
0x4675a0 GetPropA
0x4675a4 GetParent
0x4675a8 GetWindow
0x4675ac GetMenuStringA
0x4675b0 GetMenuState
0x4675b4 GetMenuItemInfoA
0x4675b8 GetMenuItemID
0x4675bc GetMenuItemCount
0x4675c0 GetMenu
0x4675c4 GetLastActivePopup
0x4675c8 GetKeyboardState
0x4675d0 GetKeyboardLayout
0x4675d4 GetKeyState
0x4675d8 GetKeyNameTextA
0x4675dc GetIconInfo
0x4675e0 GetForegroundWindow
0x4675e4 GetFocus
0x4675e8 GetDesktopWindow
0x4675ec GetDCEx
0x4675f0 GetDC
0x4675f4 GetCursorPos
0x4675f8 GetCursor
0x4675fc GetClientRect
0x467600 GetClassNameA
0x467604 GetClassInfoA
0x467608 GetCapture
0x46760c GetActiveWindow
0x467610 FrameRect
0x467614 FindWindowA
0x467618 FillRect
0x46761c EqualRect
0x467620 EnumWindows
0x467624 EnumThreadWindows
0x467628 EndPaint
0x46762c EnableWindow
0x467630 EnableScrollBar
0x467634 EnableMenuItem
0x467638 DrawTextA
0x46763c DrawMenuBar
0x467640 DrawIconEx
0x467644 DrawIcon
0x467648 DrawFrameControl
0x46764c DrawFocusRect
0x467650 DrawEdge
0x467654 DispatchMessageA
0x467658 DestroyWindow
0x46765c DestroyMenu
0x467660 DestroyIcon
0x467664 DestroyCursor
0x467668 DeleteMenu
0x46766c DefWindowProcA
0x467670 DefMDIChildProcA
0x467674 DefFrameProcA
0x467678 CreatePopupMenu
0x46767c CreateMenu
0x467680 CreateIcon
0x467684 ClientToScreen
0x467688 CheckMenuItem
0x46768c CallWindowProcA
0x467690 CallNextHookEx
0x467694 BeginPaint
0x467698 CharNextA
0x46769c CharLowerBuffA
0x4676a0 CharLowerA
0x4676a4 CharToOemA
0x4676a8 AdjustWindowRectEx
Library kernel32.dll:
0x4676b4 Sleep
Library oleaut32.dll:
0x4676bc SafeArrayPtrOfIndex
0x4676c0 SafeArrayGetUBound
0x4676c4 SafeArrayGetLBound
0x4676c8 SafeArrayCreate
0x4676cc VariantChangeType
0x4676d0 VariantCopy
0x4676d4 VariantClear
0x4676d8 VariantInit
Library ole32.dll:
0x4676e0 CoTaskMemAlloc
0x4676e4 CoCreateInstance
0x4676e8 CoUninitialize
0x4676ec CoInitialize
Library comctl32.dll:
0x4676fc ImageList_Write
0x467700 ImageList_Read
0x467710 ImageList_DragMove
0x467714 ImageList_DragLeave
0x467718 ImageList_DragEnter
0x46771c ImageList_EndDrag
0x467720 ImageList_BeginDrag
0x467724 ImageList_Remove
0x467728 ImageList_DrawEx
0x46772c ImageList_Draw
0x46773c ImageList_Add
0x467744 ImageList_Destroy
0x467748 ImageList_Create
0x46774c InitCommonControls

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 49713 114.114.114.114 53
192.168.56.101 50002 114.114.114.114 53
192.168.56.101 53237 114.114.114.114 53
192.168.56.101 53657 114.114.114.114 53
192.168.56.101 60384 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 123 20.189.79.72 time.windows.com 123
192.168.56.101 49235 224.0.0.252 5355
192.168.56.101 50534 224.0.0.252 5355
192.168.56.101 51808 224.0.0.252 5355
192.168.56.101 51963 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 57874 224.0.0.252 5355
192.168.56.101 62191 224.0.0.252 5355
192.168.56.101 62318 224.0.0.252 5355
192.168.56.101 63429 224.0.0.252 5355
192.168.56.101 1900 239.255.255.250 1900
192.168.56.101 53660 239.255.255.250 1900
192.168.56.101 53662 239.255.255.250 3702

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.