4.6
中危
该样本未表现出任何异常!
重新分析
更多

dfce27237aa50062f8823b9a8bf6695c7e849681283a3e1b2e9367bccb6a8af5

9738d0194e39981c4c29391fe86a8614.exe

分析耗时

31s

最近分析

文件大小

1.0MB
静态报毒 动态报毒
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
未检测 暂无反病毒引擎检测结果
静态指标
The executable contains unknown PE section names indicative of a packer (could be a false positive) (3 个事件)
section CODE
section DATA
section BSS
The executable uses a known packer (1 个事件)
packer BobSoft Mini Delphi -> BoB / BobSoft
One or more processes crashed (1 个事件)
Time & API Arguments Status Return Repeated
1619799807.516625
__exception__
stacktrace: 
CreateFileMappingW+0xe5 OpenFileMappingW-0x29 kernelbase+0xdc73 @ 0x778edc73
GetFileVersion+0xa7 ND_RI2-0x2eb mscoreei+0xe97b @ 0x7501e97b
GetFileVersion+0x1bb ND_RI2-0x1d7 mscoreei+0xea8f @ 0x7501ea8f
RegisterShimImplCallback+0x48e5 CLRCreateInstance-0x13e6 mscoreei+0xb25a @ 0x7501b25a
RegisterShimImplCallback+0x4b52 CLRCreateInstance-0x1179 mscoreei+0xb4c7 @ 0x7501b4c7
RegisterShimImplCallback+0x4300 CLRCreateInstance-0x19cb mscoreei+0xac75 @ 0x7501ac75
RegisterShimImplCallback+0x4561 CLRCreateInstance-0x176a mscoreei+0xaed6 @ 0x7501aed6
CreateConfigStream+0xc89 _CorExeMain-0x62 mscoreei+0x5511 @ 0x75015511
_CorExeMain+0x2b _CorExeMain2-0x141 mscoreei+0x559e @ 0x7501559e
CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x75177f16
_CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x75174de3
9738d0194e39981c4c29391fe86a8614+0x58a4d @ 0x458a4d
9738d0194e39981c4c29391fe86a8614+0x51254 @ 0x451254
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1634372
registers.edi: 2
registers.eax: 1
registers.ebp: 1634412
registers.edx: 228
registers.ebx: 983045
registers.esi: 1634532
registers.ecx: 228
exception.symbol:
exception.exception_code: 0xc0000005
exception.address: 0xfdae14ad
success 0 0
行为判定
动态指标
One or more potentially interesting buffers were extracted, these generally contain injected code, configuration data, etc.
Allocates read-write-execute memory (usually to unpack itself) (30 个事件)
Time & API Arguments Status Return Repeated
1619781069.335262
NtAllocateVirtualMemory
process_identifier: 2236
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x003d0000
success 0 0
1619781070.570262
NtAllocateVirtualMemory
process_identifier: 2236
region_size: 24576
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00570000
success 0 0
1619781070.585262
NtAllocateVirtualMemory
process_identifier: 2236
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x005a0000
success 0 0
1619799804.579625
NtProtectVirtualMemory
process_identifier: 2340
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00400000
success 0 0
1619799804.626625
NtAllocateVirtualMemory
process_identifier: 2340
region_size: 2293760
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 8192 (MEM_RESERVE)
base_address: 0x01ec0000
success 0 0
1619799804.626625
NtAllocateVirtualMemory
process_identifier: 2340
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x020b0000
success 0 0
1619799804.626625
NtAllocateVirtualMemory
process_identifier: 2340
region_size: 327680
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x01d90000
success 0 0
1619799804.626625
NtProtectVirtualMemory
process_identifier: 2340
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 299008
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x01d92000
success 0 0
1619799805.313625
NtAllocateVirtualMemory
process_identifier: 2340
region_size: 2031616
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 8192 (MEM_RESERVE)
base_address: 0x020f0000
success 0 0
1619799805.313625
NtAllocateVirtualMemory
process_identifier: 2340
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x022a0000
success 0 0
1619799807.423625
NtProtectVirtualMemory
process_identifier: 2340
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00582000
success 0 0
1619799807.423625
NtProtectVirtualMemory
process_identifier: 2340
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76351000
success 0 0
1619799807.423625
NtProtectVirtualMemory
process_identifier: 2340
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00582000
success 0 0
1619799807.423625
NtProtectVirtualMemory
process_identifier: 2340
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76353000
success 0 0
1619799807.423625
NtProtectVirtualMemory
process_identifier: 2340
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00582000
success 0 0
1619799807.423625
NtProtectVirtualMemory
process_identifier: 2340
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76354000
success 0 0
1619799807.423625
NtProtectVirtualMemory
process_identifier: 2340
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00582000
success 0 0
1619799807.423625
NtProtectVirtualMemory
process_identifier: 2340
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76351000
success 0 0
1619799807.423625
NtProtectVirtualMemory
process_identifier: 2340
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00582000
success 0 0
1619799807.423625
NtProtectVirtualMemory
process_identifier: 2340
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x77d4f000
success 0 0
1619799807.423625
NtProtectVirtualMemory
process_identifier: 2340
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00582000
success 0 0
1619799807.423625
NtProtectVirtualMemory
process_identifier: 2340
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76353000
success 0 0
1619799807.438625
NtProtectVirtualMemory
process_identifier: 2340
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00582000
success 0 0
1619799807.438625
NtProtectVirtualMemory
process_identifier: 2340
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76351000
success 0 0
1619799807.438625
NtProtectVirtualMemory
process_identifier: 2340
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00582000
success 0 0
1619799807.438625
NtProtectVirtualMemory
process_identifier: 2340
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76351000
success 0 0
1619799807.438625
NtProtectVirtualMemory
process_identifier: 2340
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00582000
success 0 0
1619799807.438625
NtProtectVirtualMemory
process_identifier: 2340
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76354000
success 0 0
1619799807.438625
NtProtectVirtualMemory
process_identifier: 2340
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00582000
success 0 0
1619799807.438625
NtProtectVirtualMemory
process_identifier: 2340
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76351000
success 0 0
The binary likely contains encrypted or compressed data indicative of a packer (2 个事件)
entropy 7.578286901493753 section {'size_of_data': '0x0003a200', 'virtual_address': '0x000d1000', 'entropy': 7.578286901493753, 'name': '.rsrc', 'virtual_size': '0x0003a010'} description A section with a high entropy has been found
entropy 0.22270114942528735 description Overall entropy of this PE file is high
网络通信
Communicates with host for which no DNS query was performed (1 个事件)
host 172.217.24.14
Used NtSetContextThread to modify a thread in a remote process indicative of process injection (2 个事件)
Process injection Process 2236 called NtSetContextThread to modify thread in remote process 2340
Time & API Arguments Status Return Repeated
1619781070.882262
NtSetContextThread
thread_handle: 0x00000100
registers.eip: 0
registers.esp: 0
registers.edi: 0
registers.eax: 4893136
registers.ebp: 0
registers.edx: 0
registers.ebx: 2130567168
registers.esi: 0
registers.ecx: 0
process_identifier: 2340
success 0 0
Resumed a suspended thread in a remote process potentially indicative of process injection (2 个事件)
Process injection Process 2236 resumed a thread in remote process 2340
Time & API Arguments Status Return Repeated
1619781071.257262
NtResumeThread
thread_handle: 0x00000100
suspend_count: 1
process_identifier: 2340
success 0 0
Executed a process and injected code into it, probably while unpacking (6 个事件)
Time & API Arguments Status Return Repeated
1619781070.835262
CreateProcessInternalW
thread_identifier: 428
thread_handle: 0x00000100
process_identifier: 2340
current_directory:
filepath:
track: 1
command_line: "C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\9738d0194e39981c4c29391fe86a8614.exe"
filepath_r:
stack_pivoted: 0
creation_flags: 4 (CREATE_SUSPENDED)
process_handle: 0x00000108
inherit_handles: 0
success 1 0
1619781070.835262
NtUnmapViewOfSection
process_identifier: 2340
region_size: 4096
process_handle: 0x00000108
base_address: 0x00400000
success 0 0
1619781070.835262
NtMapViewOfSection
section_handle: 0x00000110
process_identifier: 2340
commit_size: 704512
win32_protect: 64 (PAGE_EXECUTE_READWRITE)
buffer:
process_handle: 0x00000108
allocation_type: 0 ()
section_offset: 0
view_size: 704512
base_address: 0x00400000
success 0 0
1619781070.882262
NtGetContextThread
thread_handle: 0x00000100
success 0 0
1619781070.882262
NtSetContextThread
thread_handle: 0x00000100
registers.eip: 0
registers.esp: 0
registers.edi: 0
registers.eax: 4893136
registers.ebp: 0
registers.edx: 0
registers.ebx: 2130567168
registers.esi: 0
registers.ecx: 0
process_identifier: 2340
success 0 0
1619781071.257262
NtResumeThread
thread_handle: 0x00000100
suspend_count: 1
process_identifier: 2340
success 0 0
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

1992-06-20 06:22:17

Imports

Library kernel32.dll:
0x4be178 VirtualFree
0x4be17c VirtualAlloc
0x4be180 LocalFree
0x4be184 LocalAlloc
0x4be188 GetVersion
0x4be18c GetCurrentThreadId
0x4be198 VirtualQuery
0x4be19c WideCharToMultiByte
0x4be1a0 MultiByteToWideChar
0x4be1a4 lstrlenA
0x4be1a8 lstrcpynA
0x4be1ac LoadLibraryExA
0x4be1b0 GetThreadLocale
0x4be1b4 GetStartupInfoA
0x4be1b8 GetProcAddress
0x4be1bc GetModuleHandleA
0x4be1c0 GetModuleFileNameA
0x4be1c4 GetLocaleInfoA
0x4be1c8 GetCommandLineA
0x4be1cc FreeLibrary
0x4be1d0 FindFirstFileA
0x4be1d4 FindClose
0x4be1d8 ExitProcess
0x4be1dc ExitThread
0x4be1e0 CreateThread
0x4be1e4 WriteFile
0x4be1ec RtlUnwind
0x4be1f0 RaiseException
0x4be1f4 GetStdHandle
Library user32.dll:
0x4be1fc GetKeyboardType
0x4be200 LoadStringA
0x4be204 MessageBoxA
0x4be208 CharNextA
Library advapi32.dll:
0x4be210 RegQueryValueExA
0x4be214 RegOpenKeyExA
0x4be218 RegCloseKey
Library oleaut32.dll:
0x4be220 SysFreeString
0x4be224 SysReAllocStringLen
0x4be228 SysAllocStringLen
Library kernel32.dll:
0x4be230 TlsSetValue
0x4be234 TlsGetValue
0x4be238 LocalAlloc
0x4be23c GetModuleHandleA
Library advapi32.dll:
0x4be244 RegQueryValueExA
0x4be248 RegOpenKeyExA
0x4be24c RegCloseKey
Library kernel32.dll:
0x4be254 lstrlenA
0x4be258 lstrcpyA
0x4be25c lstrcmpA
0x4be260 WriteFile
0x4be264 WaitForSingleObject
0x4be26c VirtualQuery
0x4be270 VirtualFree
0x4be274 VirtualAllocEx
0x4be278 VirtualAlloc
0x4be27c Sleep
0x4be280 SizeofResource
0x4be284 SetThreadLocale
0x4be288 SetFilePointer
0x4be28c SetEvent
0x4be290 SetErrorMode
0x4be294 SetEndOfFile
0x4be29c SearchPathA
0x4be2a0 ResumeThread
0x4be2a4 ResetEvent
0x4be2a8 ReleaseMutex
0x4be2ac ReadFile
0x4be2b0 OpenFileMappingA
0x4be2b4 MultiByteToWideChar
0x4be2b8 MulDiv
0x4be2bc LockResource
0x4be2c0 LoadResource
0x4be2c4 LoadLibraryA
0x4be2cc IsDBCSLeadByte
0x4be2d4 GlobalUnlock
0x4be2d8 GlobalReAlloc
0x4be2dc GlobalHandle
0x4be2e0 GlobalLock
0x4be2e4 GlobalFree
0x4be2e8 GlobalFindAtomA
0x4be2ec GlobalDeleteAtom
0x4be2f0 GlobalAlloc
0x4be2f4 GlobalAddAtomA
0x4be2f8 GetVersionExA
0x4be2fc GetVersion
0x4be300 GetTickCount
0x4be304 GetThreadLocale
0x4be308 GetSystemTime
0x4be30c GetSystemInfo
0x4be310 GetStringTypeExA
0x4be314 GetStdHandle
0x4be318 GetProcAddress
0x4be31c GetModuleHandleA
0x4be320 GetModuleFileNameA
0x4be324 GetLocaleInfoA
0x4be328 GetLocalTime
0x4be32c GetLastError
0x4be330 GetFullPathNameA
0x4be334 GetExitCodeThread
0x4be338 GetDiskFreeSpaceA
0x4be33c GetDateFormatA
0x4be340 GetCurrentThreadId
0x4be344 GetCurrentProcessId
0x4be348 GetCurrentProcess
0x4be350 GetCPInfo
0x4be354 GetACP
0x4be358 FreeResource
0x4be360 InterlockedExchange
0x4be368 FreeLibrary
0x4be36c FormatMessageA
0x4be370 FindResourceA
0x4be378 FindFirstFileA
0x4be384 FindClose
0x4be390 FatalAppExitA
0x4be394 EnumCalendarInfoA
0x4be3a0 CreateThread
0x4be3a4 CreateMutexA
0x4be3a8 CreateFileA
0x4be3ac CreateEventA
0x4be3b0 CompareStringA
0x4be3b4 CloseHandle
Library version.dll:
0x4be3bc VerQueryValueA
0x4be3c4 GetFileVersionInfoA
Library gdi32.dll:
0x4be3cc UnrealizeObject
0x4be3d0 StretchBlt
0x4be3d4 SetWindowOrgEx
0x4be3d8 SetViewportOrgEx
0x4be3dc SetTextColor
0x4be3e0 SetStretchBltMode
0x4be3e4 SetROP2
0x4be3e8 SetPixel
0x4be3ec SetDIBColorTable
0x4be3f0 SetBrushOrgEx
0x4be3f4 SetBkMode
0x4be3f8 SetBkColor
0x4be3fc SelectPalette
0x4be400 SelectObject
0x4be404 SaveDC
0x4be408 RestoreDC
0x4be40c Rectangle
0x4be410 RectVisible
0x4be414 RealizePalette
0x4be418 Polyline
0x4be41c PatBlt
0x4be420 MoveToEx
0x4be424 MaskBlt
0x4be428 LineTo
0x4be42c IntersectClipRect
0x4be430 GetWindowOrgEx
0x4be434 GetTextMetricsA
0x4be440 GetStockObject
0x4be444 GetPixel
0x4be448 GetPaletteEntries
0x4be44c GetObjectA
0x4be450 GetDeviceCaps
0x4be454 GetDIBits
0x4be458 GetDIBColorTable
0x4be45c GetDCOrgEx
0x4be464 GetClipBox
0x4be468 GetBrushOrgEx
0x4be46c GetBitmapBits
0x4be470 ExtTextOutA
0x4be474 ExcludeClipRect
0x4be478 DeleteObject
0x4be47c DeleteDC
0x4be480 CreateSolidBrush
0x4be484 CreatePenIndirect
0x4be488 CreatePalette
0x4be490 CreateFontIndirectA
0x4be494 CreateDIBitmap
0x4be498 CreateDIBSection
0x4be49c CreateCompatibleDC
0x4be4a4 CreateBrushIndirect
0x4be4a8 CreateBitmap
0x4be4ac BitBlt
Library user32.dll:
0x4be4b4 CreateWindowExA
0x4be4b8 WindowFromPoint
0x4be4bc WinHelpA
0x4be4c0 WaitMessage
0x4be4c4 UpdateWindow
0x4be4c8 UnregisterClassA
0x4be4cc UnhookWindowsHookEx
0x4be4d0 TranslateMessage
0x4be4d8 TrackPopupMenu
0x4be4e0 ShowWindow
0x4be4e4 ShowScrollBar
0x4be4e8 ShowOwnedPopups
0x4be4ec ShowCursor
0x4be4f0 SetWindowsHookExA
0x4be4f4 SetWindowTextA
0x4be4f8 SetWindowPos
0x4be4fc SetWindowPlacement
0x4be500 SetWindowLongA
0x4be504 SetTimer
0x4be508 SetScrollRange
0x4be50c SetScrollPos
0x4be510 SetScrollInfo
0x4be514 SetRect
0x4be518 SetPropA
0x4be51c SetParent
0x4be520 SetMenuItemInfoA
0x4be524 SetMenu
0x4be528 SetForegroundWindow
0x4be52c SetFocus
0x4be530 SetCursor
0x4be534 SetClassLongA
0x4be538 SetCapture
0x4be53c SetActiveWindow
0x4be540 SendMessageA
0x4be544 ScrollWindow
0x4be548 ScreenToClient
0x4be54c RemovePropA
0x4be550 RemoveMenu
0x4be554 ReleaseDC
0x4be558 ReleaseCapture
0x4be564 RegisterClassA
0x4be568 RedrawWindow
0x4be56c PtInRect
0x4be570 PostQuitMessage
0x4be574 PostMessageA
0x4be578 PeekMessageA
0x4be57c OffsetRect
0x4be580 OemToCharBuffA
0x4be584 OemToCharA
0x4be58c MessageBoxA
0x4be590 MapWindowPoints
0x4be594 MapVirtualKeyA
0x4be598 LoadStringA
0x4be59c LoadKeyboardLayoutA
0x4be5a0 LoadIconA
0x4be5a4 LoadCursorA
0x4be5a8 LoadBitmapA
0x4be5ac KillTimer
0x4be5b0 IsZoomed
0x4be5b4 IsWindowVisible
0x4be5b8 IsWindowEnabled
0x4be5bc IsWindow
0x4be5c0 IsRectEmpty
0x4be5c4 IsIconic
0x4be5c8 IsDialogMessageA
0x4be5cc IsChild
0x4be5d0 InvalidateRect
0x4be5d4 IntersectRect
0x4be5d8 InsertMenuItemA
0x4be5dc InsertMenuA
0x4be5e0 InflateRect
0x4be5e8 GetWindowTextA
0x4be5ec GetWindowRect
0x4be5f0 GetWindowPlacement
0x4be5f4 GetWindowLongA
0x4be5f8 GetWindowDC
0x4be5fc GetTopWindow
0x4be600 GetSystemMetrics
0x4be604 GetSystemMenu
0x4be608 GetSysColorBrush
0x4be60c GetSysColor
0x4be610 GetSubMenu
0x4be614 GetScrollRange
0x4be618 GetScrollPos
0x4be61c GetScrollInfo
0x4be620 GetPropA
0x4be624 GetParent
0x4be628 GetWindow
0x4be62c GetMessagePos
0x4be630 GetMenuStringA
0x4be634 GetMenuState
0x4be638 GetMenuItemInfoA
0x4be63c GetMenuItemID
0x4be640 GetMenuItemCount
0x4be644 GetMenu
0x4be648 GetLastActivePopup
0x4be64c GetKeyboardState
0x4be654 GetKeyboardLayout
0x4be658 GetKeyState
0x4be65c GetKeyNameTextA
0x4be660 GetIconInfo
0x4be664 GetForegroundWindow
0x4be668 GetFocus
0x4be66c GetDesktopWindow
0x4be670 GetDCEx
0x4be674 GetDC
0x4be678 GetCursorPos
0x4be67c GetCursor
0x4be680 GetClientRect
0x4be684 GetClassNameA
0x4be688 GetClassInfoA
0x4be68c GetCapture
0x4be690 GetActiveWindow
0x4be694 FrameRect
0x4be698 FindWindowA
0x4be69c FillRect
0x4be6a0 EqualRect
0x4be6a4 EnumWindows
0x4be6a8 EnumThreadWindows
0x4be6ac EndPaint
0x4be6b0 EnableWindow
0x4be6b4 EnableScrollBar
0x4be6b8 EnableMenuItem
0x4be6bc DrawTextA
0x4be6c0 DrawMenuBar
0x4be6c4 DrawIconEx
0x4be6c8 DrawIcon
0x4be6cc DrawFrameControl
0x4be6d0 DrawEdge
0x4be6d4 DispatchMessageA
0x4be6d8 DestroyWindow
0x4be6dc DestroyMenu
0x4be6e0 DestroyIcon
0x4be6e4 DestroyCursor
0x4be6e8 DeleteMenu
0x4be6ec DefWindowProcA
0x4be6f0 DefMDIChildProcA
0x4be6f4 DefFrameProcA
0x4be6f8 CreatePopupMenu
0x4be6fc CreateMenu
0x4be700 CreateIcon
0x4be704 ClientToScreen
0x4be70c CheckMenuItem
0x4be710 CallWindowProcA
0x4be714 CallNextHookEx
0x4be718 BeginPaint
0x4be71c CharNextA
0x4be720 CharLowerA
0x4be724 CharUpperBuffA
0x4be728 CharToOemBuffA
0x4be72c CharToOemA
0x4be730 AdjustWindowRectEx
Library kernel32.dll:
0x4be73c Sleep
Library oleaut32.dll:
0x4be744 SafeArrayPtrOfIndex
0x4be748 SafeArrayPutElement
0x4be74c SafeArrayGetElement
0x4be754 SafeArrayAccessData
0x4be758 SafeArrayGetUBound
0x4be75c SafeArrayGetLBound
0x4be760 SafeArrayCreate
0x4be764 VariantChangeType
0x4be768 VariantCopyInd
0x4be76c VariantCopy
0x4be770 VariantClear
0x4be774 VariantInit
Library ole32.dll:
0x4be77c OleUninitialize
0x4be780 OleInitialize
0x4be784 CoTaskMemAlloc
0x4be788 CoCreateInstance
0x4be78c CoUninitialize
0x4be790 CoInitialize
Library oleaut32.dll:
0x4be798 GetErrorInfo
0x4be79c SysFreeString
Library comctl32.dll:
0x4be7ac ImageList_Write
0x4be7b0 ImageList_Read
0x4be7c0 ImageList_DragMove
0x4be7c4 ImageList_DragLeave
0x4be7c8 ImageList_DragEnter
0x4be7cc ImageList_EndDrag
0x4be7d0 ImageList_BeginDrag
0x4be7d4 ImageList_Remove
0x4be7d8 ImageList_DrawEx
0x4be7dc ImageList_Draw
0x4be7ec ImageList_Add
0x4be7f4 ImageList_Destroy
0x4be7f8 ImageList_Create
0x4be7fc InitCommonControls
Library shell32.dll:
0x4be804 ShellExecuteExA
0x4be808 ShellExecuteA
0x4be80c SHGetFileInfoA
Library shell32.dll:
0x4be818 SHGetMalloc
0x4be81c SHGetDesktopFolder

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 49713 114.114.114.114 53
192.168.56.101 50002 114.114.114.114 53
192.168.56.101 53657 114.114.114.114 53
192.168.56.101 60384 114.114.114.114 53
192.168.56.101 62318 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 123 20.189.79.72 time.windows.com 123
192.168.56.101 49235 224.0.0.252 5355
192.168.56.101 50534 224.0.0.252 5355
192.168.56.101 51808 224.0.0.252 5355
192.168.56.101 51963 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 57756 224.0.0.252 5355
192.168.56.101 57874 224.0.0.252 5355
192.168.56.101 62191 224.0.0.252 5355
192.168.56.101 63429 224.0.0.252 5355
192.168.56.101 1900 239.255.255.250 1900
192.168.56.101 49714 239.255.255.250 3702
192.168.56.101 51813 239.255.255.250 1900

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.