5.8
高危
56 个模型检测该样本为恶意!
重新分析
更多

32691347cde1ee458cd32befa180070445d86db91fed315667f445a7df94b36a

97cbf2ce9634a43d467e332976934efd.exe

分析耗时

31s

最近分析

文件大小

840.5KB
静态报毒 动态报毒 0GW@ACCGHZAI AGEN AI SCORE=80 AIDETECTVM ALI2000015 CLASSIC CONFIDENCE DELF DELFINJECT DELPHILESS EMWV EMZL FAREIT FORMBOOK GENOME HEYE HIGH CONFIDENCE HQRZGM HVTB INJECT3 KRYPTIK MALWARE1 NANOCORE QNQZC@0 QQPASS QQROB R002C0DH620 SCORE SUSPICIOUS PE TROJANPWS TSCOPE UNSAFE X2091 ZELPHIF ZSUP ZUSY 更多
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
McAfee Fareit-FPQ!97CBF2CE9634 20200817 6.0.6.653
Alibaba Trojan:Win32/DelfInject.ali2000015 20190527 0.3.0.5
Baidu 20190318 1.0.0.2
Avast Win32:Malware-gen 20200817 18.4.3895.0
Tencent Win32.Trojan-qqpass.Qqrob.Hvtb 20200817 1.0.0.1
Kingsoft 20200817 2013.8.14.323
CrowdStrike win/malicious_confidence_90% (W) 20190702 1.0
静态指标
The executable contains unknown PE section names indicative of a packer (could be a false positive) (3 个事件)
section CODE
section DATA
section BSS
The executable uses a known packer (1 个事件)
packer BobSoft Mini Delphi -> BoB / BobSoft
One or more processes crashed (1 个事件)
Time & API Arguments Status Return Repeated
1619815049.350124
__exception__
stacktrace: 
RtlFlsAlloc+0x421 EtwNotificationRegister-0x6ae ntdll+0x3ee84 @ 0x77d6ee84
RtlRunOnceComplete+0x3a4 LdrLoadDll-0xb1 ntdll+0x3c389 @ 0x77d6c389
LdrLoadDll+0x7b _strcmpi-0x304 ntdll+0x3c4b5 @ 0x77d6c4b5
New_ntdll_LdrLoadDll@16+0x7b New_ntdll_LdrUnloadDll@4-0xb7 @ 0x752ad4cf
LoadLibraryExW+0x178 LoadLibraryExA-0x2a kernelbase+0x11d2a @ 0x778f1d2a
97cbf2ce9634a43d467e332976934efd+0x583f8 @ 0x4583f8
_CorValidateImage+0x83f _CorExeMain-0x2cc mscoree+0x4b0f @ 0x75154b0f
_CorExeMain+0xf62 CreateConfigStream-0x209a mscoree+0x5d3d @ 0x75155d3d
0x57005c

registers.esp: 1633872
registers.edi: 0
registers.eax: 0
registers.ebp: 1633912
registers.edx: 582600
registers.ebx: 0
registers.esi: 1634116
registers.ecx: 176
exception.symbol:
exception.exception_code: 0xc0000005
exception.address: 0xfdb014ad
success 0 0
行为判定
动态指标
One or more potentially interesting buffers were extracted, these generally contain injected code, configuration data, etc.
Allocates read-write-execute memory (usually to unpack itself) (28 个事件)
Time & API Arguments Status Return Repeated
1619781072.624
NtAllocateVirtualMemory
process_identifier: 880
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x003d0000
success 0 0
1619781072.749
NtProtectVirtualMemory
process_identifier: 880
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 61440
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00476000
success 0 0
1619781072.78
NtAllocateVirtualMemory
process_identifier: 880
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x01f60000
success 0 0
1619815048.304124
NtProtectVirtualMemory
process_identifier: 3060
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00400000
success 0 0
1619815048.429124
NtAllocateVirtualMemory
process_identifier: 3060
region_size: 1703936
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 8192 (MEM_RESERVE)
base_address: 0x01f10000
success 0 0
1619815048.429124
NtAllocateVirtualMemory
process_identifier: 3060
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x02070000
success 0 0
1619815048.429124
NtAllocateVirtualMemory
process_identifier: 3060
region_size: 327680
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00550000
success 0 0
1619815048.429124
NtProtectVirtualMemory
process_identifier: 3060
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 303104
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00552000
success 0 0
1619815049.257124
NtProtectVirtualMemory
process_identifier: 3060
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x005a2000
success 0 0
1619815049.257124
NtProtectVirtualMemory
process_identifier: 3060
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76351000
success 0 0
1619815049.257124
NtProtectVirtualMemory
process_identifier: 3060
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x005a2000
success 0 0
1619815049.257124
NtProtectVirtualMemory
process_identifier: 3060
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76353000
success 0 0
1619815049.257124
NtProtectVirtualMemory
process_identifier: 3060
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x005a2000
success 0 0
1619815049.257124
NtProtectVirtualMemory
process_identifier: 3060
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76354000
success 0 0
1619815049.257124
NtProtectVirtualMemory
process_identifier: 3060
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x005a2000
success 0 0
1619815049.257124
NtProtectVirtualMemory
process_identifier: 3060
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76351000
success 0 0
1619815049.257124
NtProtectVirtualMemory
process_identifier: 3060
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x005a2000
success 0 0
1619815049.257124
NtProtectVirtualMemory
process_identifier: 3060
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x77d4f000
success 0 0
1619815049.257124
NtProtectVirtualMemory
process_identifier: 3060
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x005a2000
success 0 0
1619815049.257124
NtProtectVirtualMemory
process_identifier: 3060
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76353000
success 0 0
1619815049.257124
NtProtectVirtualMemory
process_identifier: 3060
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x005a2000
success 0 0
1619815049.257124
NtProtectVirtualMemory
process_identifier: 3060
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76351000
success 0 0
1619815049.257124
NtProtectVirtualMemory
process_identifier: 3060
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x005a2000
success 0 0
1619815049.257124
NtProtectVirtualMemory
process_identifier: 3060
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76351000
success 0 0
1619815049.257124
NtProtectVirtualMemory
process_identifier: 3060
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x005a2000
success 0 0
1619815049.257124
NtProtectVirtualMemory
process_identifier: 3060
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76354000
success 0 0
1619815049.257124
NtProtectVirtualMemory
process_identifier: 3060
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x005a2000
success 0 0
1619815049.257124
NtProtectVirtualMemory
process_identifier: 3060
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76351000
success 0 0
The binary likely contains encrypted or compressed data indicative of a packer (2 个事件)
entropy 7.544575656361688 section {'size_of_data': '0x00041600', 'virtual_address': '0x00096000', 'entropy': 7.544575656361688, 'name': '.rsrc', 'virtual_size': '0x00041558'} description A section with a high entropy has been found
entropy 0.31149493746277546 description Overall entropy of this PE file is high
网络通信
Communicates with host for which no DNS query was performed (1 个事件)
host 172.217.24.14
Used NtSetContextThread to modify a thread in a remote process indicative of process injection (2 个事件)
Process injection Process 880 called NtSetContextThread to modify thread in remote process 3060
Time & API Arguments Status Return Repeated
1619781072.968
NtSetContextThread
thread_handle: 0x000000f8
registers.eip: 0
registers.esp: 0
registers.edi: 0
registers.eax: 4897792
registers.ebp: 0
registers.edx: 0
registers.ebx: 2130567168
registers.esi: 0
registers.ecx: 0
process_identifier: 3060
success 0 0
Resumed a suspended thread in a remote process potentially indicative of process injection (2 个事件)
Process injection Process 880 resumed a thread in remote process 3060
Time & API Arguments Status Return Repeated
1619781074.015
NtResumeThread
thread_handle: 0x000000f8
suspend_count: 1
process_identifier: 3060
success 0 0
Executed a process and injected code into it, probably while unpacking (6 个事件)
Time & API Arguments Status Return Repeated
1619781072.905
CreateProcessInternalW
thread_identifier: 3056
thread_handle: 0x000000f8
process_identifier: 3060
current_directory:
filepath:
track: 1
command_line: "C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\97cbf2ce9634a43d467e332976934efd.exe"
filepath_r:
stack_pivoted: 0
creation_flags: 4 (CREATE_SUSPENDED)
process_handle: 0x000000fc
inherit_handles: 0
success 1 0
1619781072.905
NtUnmapViewOfSection
process_identifier: 3060
region_size: 4096
process_handle: 0x000000fc
base_address: 0x00400000
success 0 0
1619781072.921
NtMapViewOfSection
section_handle: 0x00000104
process_identifier: 3060
commit_size: 708608
win32_protect: 64 (PAGE_EXECUTE_READWRITE)
buffer:
process_handle: 0x000000fc
allocation_type: 0 ()
section_offset: 0
view_size: 708608
base_address: 0x00400000
success 0 0
1619781072.968
NtGetContextThread
thread_handle: 0x000000f8
success 0 0
1619781072.968
NtSetContextThread
thread_handle: 0x000000f8
registers.eip: 0
registers.esp: 0
registers.edi: 0
registers.eax: 4897792
registers.ebp: 0
registers.edx: 0
registers.ebx: 2130567168
registers.esi: 0
registers.ecx: 0
process_identifier: 3060
success 0 0
1619781074.015
NtResumeThread
thread_handle: 0x000000f8
suspend_count: 1
process_identifier: 3060
success 0 0
File has been identified by 56 AntiVirus engines on VirusTotal as malicious (50 out of 56 个事件)
Bkav W32.AIDetectVM.malware1
Elastic malicious (high confidence)
MicroWorld-eScan Gen:Variant.Zusy.310651
FireEye Generic.mg.97cbf2ce9634a43d
CAT-QuickHeal Trojanpws.Heye
McAfee Fareit-FPQ!97CBF2CE9634
Cylance Unsafe
VIPRE Trojan.Win32.Generic!BT
K7AntiVirus Riskware ( 0040eff71 )
Alibaba Trojan:Win32/DelfInject.ali2000015
K7GW Riskware ( 0040eff71 )
Cybereason malicious.649b33
Invincea heuristic
F-Prot W32/Injector.JGZ
Symantec Trojan.Gen.2
APEX Malicious
Paloalto generic.ml
ClamAV Win.Dropper.Nanocore-9228838-0
GData Gen:Variant.Zusy.310651
Kaspersky HEUR:Trojan-PSW.Win32.Heye.gen
BitDefender Gen:Variant.Zusy.310651
NANO-Antivirus Trojan.Win32.Kryptik.hqrzgm
Avast Win32:Malware-gen
Tencent Win32.Trojan-qqpass.Qqrob.Hvtb
Ad-Aware Gen:Variant.Zusy.310651
Comodo TrojWare.Win32.Genome.qnqzc@0
F-Secure Heuristic.HEUR/AGEN.1136861
DrWeb Trojan.Inject3.48461
Zillya Trojan.Heye.Win32.1667
TrendMicro TROJ_GEN.R002C0DH620
Sophos Mal/Generic-S
Ikarus Trojan.Inject
Cyren W32/Injector.ZSUP-1472
Jiangmin Trojan.PSW.Heye.akd
Avira HEUR/AGEN.1136861
Antiy-AVL Trojan/Win32.Generic
Arcabit Trojan.Zusy.D4BD7B
AegisLab Trojan.Win32.Heye.i!c
ZoneAlarm HEUR:Trojan-PSW.Win32.Heye.gen
Microsoft Trojan:Win32/FormBook.GD!MTB
Cynet Malicious (score: 100)
AhnLab-V3 Suspicious/Win.Delphiless.X2091
BitDefenderTheta Gen:NN.ZelphiF.34152.0GW@aCcGHzai
ALYac Gen:Variant.Zusy.310651
MAX malware (ai score=80)
VBA32 TScope.Trojan.Delf
Malwarebytes Trojan.MalPack.DLF
ESET-NOD32 a variant of Win32/Injector.EMWV
TrendMicro-HouseCall TROJ_GEN.R002C0DH620
Rising Trojan.Injector!1.C99D (CLASSIC)
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

1992-06-20 06:22:17

Imports

Library kernel32.dll:
0x488178 VirtualFree
0x48817c VirtualAlloc
0x488180 LocalFree
0x488184 LocalAlloc
0x488188 GetVersion
0x48818c GetCurrentThreadId
0x488198 VirtualQuery
0x48819c WideCharToMultiByte
0x4881a0 MultiByteToWideChar
0x4881a4 lstrlenA
0x4881a8 lstrcpynA
0x4881ac LoadLibraryExA
0x4881b0 GetThreadLocale
0x4881b4 GetStartupInfoA
0x4881b8 GetProcAddress
0x4881bc GetModuleHandleA
0x4881c0 GetModuleFileNameA
0x4881c4 GetLocaleInfoA
0x4881c8 GetCommandLineA
0x4881cc FreeLibrary
0x4881d0 FindFirstFileA
0x4881d4 FindClose
0x4881d8 ExitProcess
0x4881dc WriteFile
0x4881e4 RtlUnwind
0x4881e8 RaiseException
0x4881ec GetStdHandle
Library user32.dll:
0x4881f4 GetKeyboardType
0x4881f8 LoadStringA
0x4881fc MessageBoxA
0x488200 CharNextA
Library advapi32.dll:
0x488208 RegQueryValueExA
0x48820c RegOpenKeyExA
0x488210 RegCloseKey
Library oleaut32.dll:
0x488218 SysFreeString
0x48821c SysReAllocStringLen
0x488220 SysAllocStringLen
Library kernel32.dll:
0x488228 TlsSetValue
0x48822c TlsGetValue
0x488230 LocalAlloc
0x488234 GetModuleHandleA
Library advapi32.dll:
0x48823c RegQueryValueExA
0x488240 RegOpenKeyExA
0x488244 RegCloseKey
Library kernel32.dll:
0x48824c lstrcpyA
0x488250 WriteFile
0x488254 WinExec
0x488258 WaitForSingleObject
0x48825c VirtualQuery
0x488260 VirtualProtect
0x488264 VirtualAlloc
0x488268 Sleep
0x48826c SizeofResource
0x488270 SetThreadLocale
0x488274 SetFilePointer
0x488278 SetEvent
0x48827c SetErrorMode
0x488280 SetEndOfFile
0x488284 ResetEvent
0x488288 ReadFile
0x48828c MultiByteToWideChar
0x488290 MulDiv
0x488294 LockResource
0x488298 LoadResource
0x48829c LoadLibraryA
0x4882a8 GlobalUnlock
0x4882ac GlobalSize
0x4882b0 GlobalReAlloc
0x4882b4 GlobalHandle
0x4882b8 GlobalLock
0x4882bc GlobalFree
0x4882c0 GlobalFindAtomA
0x4882c4 GlobalDeleteAtom
0x4882c8 GlobalAlloc
0x4882cc GlobalAddAtomA
0x4882d0 GetVersionExA
0x4882d4 GetVersion
0x4882d8 GetUserDefaultLCID
0x4882dc GetTickCount
0x4882e0 GetThreadLocale
0x4882e8 GetSystemInfo
0x4882ec GetStringTypeExA
0x4882f0 GetStdHandle
0x4882f4 GetProcAddress
0x4882f8 GetModuleHandleA
0x4882fc GetModuleFileNameA
0x488300 GetLocaleInfoA
0x488304 GetLocalTime
0x488308 GetLastError
0x48830c GetFullPathNameA
0x488310 GetDiskFreeSpaceA
0x488314 GetDateFormatA
0x488318 GetCurrentThreadId
0x48831c GetCurrentProcessId
0x488320 GetComputerNameA
0x488324 GetCPInfo
0x488328 GetACP
0x48832c FreeResource
0x488330 InterlockedExchange
0x488334 FreeLibrary
0x488338 FormatMessageA
0x48833c FindResourceA
0x488344 EnumCalendarInfoA
0x488350 CreateThread
0x488354 CreateFileA
0x488358 CreateEventA
0x48835c CompareStringA
0x488360 CloseHandle
Library version.dll:
0x488368 VerQueryValueA
0x488370 GetFileVersionInfoA
Library gdi32.dll:
0x488378 UnrealizeObject
0x48837c StretchBlt
0x488380 SetWindowOrgEx
0x488384 SetWinMetaFileBits
0x488388 SetViewportOrgEx
0x48838c SetTextColor
0x488390 SetStretchBltMode
0x488394 SetROP2
0x488398 SetPixel
0x48839c SetMapMode
0x4883a0 SetEnhMetaFileBits
0x4883a4 SetDIBColorTable
0x4883a8 SetBrushOrgEx
0x4883ac SetBkMode
0x4883b0 SetBkColor
0x4883b4 SelectPalette
0x4883b8 SelectObject
0x4883bc SelectClipRgn
0x4883c0 SaveDC
0x4883c4 RestoreDC
0x4883c8 Rectangle
0x4883cc RectVisible
0x4883d0 RealizePalette
0x4883d4 Polyline
0x4883d8 PlayEnhMetaFile
0x4883dc PatBlt
0x4883e0 MoveToEx
0x4883e4 MaskBlt
0x4883e8 LineTo
0x4883ec LPtoDP
0x4883f0 IntersectClipRect
0x4883f4 GetWindowOrgEx
0x4883f8 GetWinMetaFileBits
0x4883fc GetTextMetricsA
0x488408 GetStockObject
0x48840c GetPixel
0x488410 GetPaletteEntries
0x488414 GetObjectA
0x488424 GetEnhMetaFileBits
0x488428 GetDeviceCaps
0x48842c GetDIBits
0x488430 GetDIBColorTable
0x488434 GetDCOrgEx
0x48843c GetClipBox
0x488440 GetBrushOrgEx
0x488444 GetBitmapBits
0x488448 ExcludeClipRect
0x48844c DeleteObject
0x488450 DeleteEnhMetaFile
0x488454 DeleteDC
0x488458 CreateSolidBrush
0x48845c CreatePenIndirect
0x488460 CreatePen
0x488464 CreatePalette
0x48846c CreateFontIndirectA
0x488470 CreateEnhMetaFileA
0x488474 CreateDIBitmap
0x488478 CreateDIBSection
0x48847c CreateCompatibleDC
0x488484 CreateBrushIndirect
0x488488 CreateBitmap
0x48848c CopyEnhMetaFileA
0x488490 CloseEnhMetaFile
0x488494 BitBlt
Library user32.dll:
0x48849c CreateWindowExA
0x4884a0 WindowFromPoint
0x4884a4 WinHelpA
0x4884a8 WaitMessage
0x4884ac ValidateRect
0x4884b0 UpdateWindow
0x4884b4 UnregisterClassA
0x4884b8 UnhookWindowsHookEx
0x4884bc TranslateMessage
0x4884c4 TrackPopupMenu
0x4884cc ShowWindow
0x4884d0 ShowScrollBar
0x4884d4 ShowOwnedPopups
0x4884d8 ShowCursor
0x4884dc SetWindowsHookExA
0x4884e0 SetWindowTextA
0x4884e4 SetWindowPos
0x4884e8 SetWindowPlacement
0x4884ec SetWindowLongA
0x4884f0 SetTimer
0x4884f4 SetScrollRange
0x4884f8 SetScrollPos
0x4884fc SetScrollInfo
0x488500 SetRect
0x488504 SetPropA
0x488508 SetParent
0x48850c SetMenuItemInfoA
0x488510 SetMenu
0x488514 SetForegroundWindow
0x488518 SetFocus
0x48851c SetCursor
0x488520 SetClassLongA
0x488524 SetCapture
0x488528 SetActiveWindow
0x48852c SendMessageA
0x488530 ScrollWindow
0x488534 ScreenToClient
0x488538 RemovePropA
0x48853c RemoveMenu
0x488540 ReleaseDC
0x488544 ReleaseCapture
0x488550 RegisterClassA
0x488554 RedrawWindow
0x488558 PtInRect
0x48855c PostQuitMessage
0x488560 PostMessageA
0x488564 PeekMessageA
0x488568 OffsetRect
0x48856c OemToCharA
0x488570 MessageBoxA
0x488574 MessageBeep
0x488578 MapWindowPoints
0x48857c MapVirtualKeyA
0x488580 LoadStringA
0x488584 LoadKeyboardLayoutA
0x488588 LoadIconA
0x48858c LoadCursorA
0x488590 LoadBitmapA
0x488594 KillTimer
0x488598 IsZoomed
0x48859c IsWindowVisible
0x4885a0 IsWindowEnabled
0x4885a4 IsWindow
0x4885a8 IsRectEmpty
0x4885ac IsIconic
0x4885b0 IsDialogMessageA
0x4885b4 IsChild
0x4885b8 InvalidateRect
0x4885bc IntersectRect
0x4885c0 InsertMenuItemA
0x4885c4 InsertMenuA
0x4885c8 InflateRect
0x4885d0 GetWindowTextA
0x4885d4 GetWindowRect
0x4885d8 GetWindowPlacement
0x4885dc GetWindowLongA
0x4885e0 GetWindowDC
0x4885e4 GetTopWindow
0x4885e8 GetSystemMetrics
0x4885ec GetSystemMenu
0x4885f0 GetSysColorBrush
0x4885f4 GetSysColor
0x4885f8 GetSubMenu
0x4885fc GetScrollRange
0x488600 GetScrollPos
0x488604 GetScrollInfo
0x488608 GetPropA
0x48860c GetParent
0x488610 GetWindow
0x488614 GetMessageTime
0x488618 GetMenuStringA
0x48861c GetMenuState
0x488620 GetMenuItemInfoA
0x488624 GetMenuItemID
0x488628 GetMenuItemCount
0x48862c GetMenu
0x488630 GetLastActivePopup
0x488634 GetKeyboardState
0x48863c GetKeyboardLayout
0x488640 GetKeyState
0x488644 GetKeyNameTextA
0x488648 GetIconInfo
0x48864c GetForegroundWindow
0x488650 GetFocus
0x488654 GetDlgItem
0x488658 GetDesktopWindow
0x48865c GetDCEx
0x488660 GetDC
0x488664 GetCursorPos
0x488668 GetCursor
0x48866c GetClipboardData
0x488670 GetClientRect
0x488674 GetClassNameA
0x488678 GetClassInfoA
0x48867c GetCapture
0x488680 GetActiveWindow
0x488684 FrameRect
0x488688 FindWindowA
0x48868c FillRect
0x488690 EqualRect
0x488694 EnumWindows
0x488698 EnumThreadWindows
0x48869c EndPaint
0x4886a0 EnableWindow
0x4886a4 EnableScrollBar
0x4886a8 EnableMenuItem
0x4886ac DrawTextA
0x4886b0 DrawMenuBar
0x4886b4 DrawIconEx
0x4886b8 DrawIcon
0x4886bc DrawFrameControl
0x4886c0 DrawFocusRect
0x4886c4 DrawEdge
0x4886c8 DispatchMessageA
0x4886cc DestroyWindow
0x4886d0 DestroyMenu
0x4886d4 DestroyIcon
0x4886d8 DestroyCursor
0x4886dc DeleteMenu
0x4886e0 DefWindowProcA
0x4886e4 DefMDIChildProcA
0x4886e8 DefFrameProcA
0x4886ec CreatePopupMenu
0x4886f0 CreateMenu
0x4886f4 CreateIcon
0x4886f8 ClientToScreen
0x4886fc CheckMenuItem
0x488700 CallWindowProcA
0x488704 CallNextHookEx
0x488708 BeginPaint
0x48870c CharNextA
0x488710 CharLowerBuffA
0x488714 CharLowerA
0x488718 CharUpperBuffA
0x48871c CharToOemA
0x488720 AdjustWindowRectEx
Library kernel32.dll:
0x48872c Sleep
Library oleaut32.dll:
0x488734 SafeArrayPtrOfIndex
0x488738 SafeArrayPutElement
0x48873c SafeArrayGetElement
0x488744 SafeArrayAccessData
0x488748 SafeArrayGetUBound
0x48874c SafeArrayGetLBound
0x488750 SafeArrayCreate
0x488754 VariantChangeType
0x488758 VariantCopyInd
0x48875c VariantCopy
0x488760 VariantClear
0x488764 VariantInit
Library ole32.dll:
0x488770 IsAccelerator
0x488774 OleDraw
0x48877c CoTaskMemFree
0x488780 ProgIDFromCLSID
0x488784 StringFromCLSID
0x488788 CoCreateInstance
0x48878c CoGetClassObject
0x488790 CoUninitialize
0x488794 CoInitialize
0x488798 IsEqualGUID
Library oleaut32.dll:
0x4887a0 GetErrorInfo
0x4887a4 GetActiveObject
0x4887a8 SysFreeString
Library comctl32.dll:
0x4887b8 ImageList_Write
0x4887bc ImageList_Read
0x4887cc ImageList_DragMove
0x4887d0 ImageList_DragLeave
0x4887d4 ImageList_DragEnter
0x4887d8 ImageList_EndDrag
0x4887dc ImageList_BeginDrag
0x4887e0 ImageList_Remove
0x4887e4 ImageList_DrawEx
0x4887e8 ImageList_Replace
0x4887ec ImageList_Draw
0x4887fc ImageList_Add
0x488804 ImageList_Destroy
0x488808 ImageList_Create
0x48880c InitCommonControls
Library comdlg32.dll:
0x488814 GetOpenFileNameA
Library user32.dll:
0x48881c DdeCmpStringHandles
0x488820 DdeFreeStringHandle
0x488824 DdeQueryStringA
0x48882c DdeGetLastError
0x488830 DdeFreeDataHandle
0x488834 DdeUnaccessData
0x488838 DdeAccessData
0x48883c DdeCreateDataHandle
0x488844 DdeNameService
0x488848 DdePostAdvise
0x48884c DdeSetUserHandle
0x488850 DdeQueryConvInfo
0x488854 DdeDisconnect
0x488858 DdeConnect
0x48885c DdeUninitialize
0x488860 DdeInitializeA

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 49713 114.114.114.114 53
192.168.56.101 50002 114.114.114.114 53
192.168.56.101 53237 114.114.114.114 53
192.168.56.101 53657 114.114.114.114 53
192.168.56.101 60384 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 123 20.189.79.72 time.windows.com 123
192.168.56.101 49235 224.0.0.252 5355
192.168.56.101 50534 224.0.0.252 5355
192.168.56.101 51808 224.0.0.252 5355
192.168.56.101 51963 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 57874 224.0.0.252 5355
192.168.56.101 62191 224.0.0.252 5355
192.168.56.101 62318 224.0.0.252 5355
192.168.56.101 63429 224.0.0.252 5355
192.168.56.101 1900 239.255.255.250 1900
192.168.56.101 51813 239.255.255.250 1900
192.168.56.101 53658 239.255.255.250 3702

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.