10.4
0-day
54 个模型检测该样本为恶意!
重新分析
更多

ab986524b5bf9434296a01cba5f2c36ba731946e8e39b6ff362c3a7ce7483353

9879cd77f109572d3aeb5cad1e5fc459.exe

分析耗时

76s

最近分析

文件大小

771.0KB
静态报毒 动态报毒 AI SCORE=82 AIDETECTVM ALI2000015 ANDROM ATTRIBUTE AUTO CLASSIC CONFIDENCE DELF DELFINJECT DELPHILESS DKMX EMOY EMSE FAREIT FAREITIH HIGH CONFIDENCE HIGHCONFIDENCE HOLDEW HPLOKI MALWARE1 MALWARE@#258VILUOF1GU NANOCORE NNDVI PASSWORDSTEALER PUTTY S15398962 SCORE SIGGEN2 SMBD SUSPICIOUS PE TSCOPE TSPY UNSAFE WGW@A4UBROKI X2091 ZELPHIF 更多
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
Alibaba Trojan:Win32/DelfInject.ali2000015 20190527 0.3.0.5
CrowdStrike win/malicious_confidence_90% (W) 20190702 1.0
Baidu 20190318 1.0.0.2
Kingsoft 20200902 2013.8.14.323
McAfee Fareit-FVZ!9879CD77F109 20200902 6.0.6.653
Tencent Win32.Backdoor.Fareit.Auto 20200902 1.0.0.1
静态指标
Queries for the computername (3 个事件)
Time & API Arguments Status Return Repeated
1619807889.325374
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
1619807896.060374
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
1619807901.294374
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
Collects information to fingerprint the system (MachineGuid, DigitalProductId, SystemBiosDate) (1 个事件)
registry HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\MachineGuid
Tries to locate where the browsers are installed (1 个事件)
registry HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox
Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available (1 个事件)
Time & API Arguments Status Return Repeated
1619807887.279374
GlobalMemoryStatusEx
success 1 0
The executable contains unknown PE section names indicative of a packer (could be a false positive) (3 个事件)
section CODE
section DATA
section BSS
The executable uses a known packer (1 个事件)
packer BobSoft Mini Delphi -> BoB / BobSoft
行为判定
动态指标
One or more potentially interesting buffers were extracted, these generally contain injected code, configuration data, etc.
Allocates read-write-execute memory (usually to unpack itself) (3 个事件)
Time & API Arguments Status Return Repeated
1619807884.169626
NtAllocateVirtualMemory
process_identifier: 2868
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00360000
success 0 0
1619807884.357626
NtProtectVirtualMemory
process_identifier: 2868
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 40960
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00488000
success 0 0
1619807884.357626
NtAllocateVirtualMemory
process_identifier: 2868
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x01e90000
success 0 0
Steals private information from local Internet browsers (19 个事件)
file C:\Users\Administrator.Oskar-PC\AppData\Local\Google\Chrome\User Data\Default\Login Data
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\Opera\Opera Next\data\User Data\Default\Login Data
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\Opera\Opera Next\data\User Data\Default\Web Data
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\Opera\Opera Next\data\Login Data
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\Opera\Opera Next\data\Default\Login Data
file C:\Users\Administrator.Oskar-PC\AppData\Local\Chromium\User Data\Default\Login Data
file C:\Users\Administrator.Oskar-PC\AppData\Local\Chromium\User Data\Default\Web Data
file C:\Users\Administrator.Oskar-PC\AppData\Local\MapleStudio\ChromePlus\User Data\Default\Web Data
file C:\Users\Administrator.Oskar-PC\AppData\LocalMapleStudio\ChromePlus\Login Data
file C:\Users\Administrator.Oskar-PC\AppData\LocalMapleStudio\ChromePlus\Default\Login Data
file C:\Users\Administrator.Oskar-PC\AppData\Local\MapleStudio\ChromePlus\User Data\Default\Login Data
file C:\Users\Administrator.Oskar-PC\AppData\Local\Nichrome\User Data\Default\Web Data
file C:\Users\Administrator.Oskar-PC\AppData\Local\Nichrome\User Data\Default\Login Data
file C:\Users\Administrator.Oskar-PC\AppData\Local\RockMelt\User Data\Default\Web Data
file C:\Users\Administrator.Oskar-PC\AppData\Local\RockMelt\User Data\Default\Login Data
file C:\Users\Administrator.Oskar-PC\AppData\Local\Yandex\YandexBrowser\User Data\Default\Login Data
file C:\Users\Administrator.Oskar-PC\AppData\Local\Yandex\YandexBrowser\User Data\Default\Web Data
registry HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\SeaMonkey
registry HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox
Searches running processes potentially to identify processes for sandbox evasion, code injection or memory dumping (1 个事件)
Moves the original executable to a new location (1 个事件)
Time & API Arguments Status Return Repeated
1619807901.263374
MoveFileWithProgressW
oldfilepath: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\9879cd77f109572d3aeb5cad1e5fc459.exe
newfilepath: C:\Users\Administrator.Oskar-PC\AppData\Roaming\6ED2B0\0019EA.exe
newfilepath_r: C:\Users\Administrator.Oskar-PC\AppData\Roaming\6ED2B0\0019EA.exe
flags: 1
oldfilepath_r: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\9879cd77f109572d3aeb5cad1e5fc459.exe
success 1 0
The binary likely contains encrypted or compressed data indicative of a packer (1 个事件)
entropy 7.416065508384886 section {'size_of_data': '0x00021a00', 'virtual_address': '0x000a4000', 'entropy': 7.416065508384886, 'name': '.rsrc', 'virtual_size': '0x00021890'} description A section with a high entropy has been found
Checks for the Locally Unique Identifier on the system for a suspicious privilege (1 个事件)
Time & API Arguments Status Return Repeated
1619807895.997374
LookupPrivilegeValueW
system_name:
privilege_name: SeDebugPrivilege
success 1 0
网络通信
Communicates with host for which no DNS query was performed (1 个事件)
host 172.217.24.14
Harvests credentials from local FTP client softwares (22 个事件)
file C:\Program Files (x86)\FTPGetter\Profile\servers.xml
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\FTPGetter\servers.xml
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\Estsoft\ALFTP\ESTdb2.dat
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\wcx_ftp.ini
file C:\Windows\wcx_ftp.ini
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\GHISLER\wcx_ftp.ini
file C:\Users\Administrator.Oskar-PC\wcx_ftp.ini
file C:\Windows\32BitFtp.ini
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\FileZilla\sitemanager.xml
file C:\Program Files (x86)\FileZilla\Filezilla.xml
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\FileZilla\filezilla.xml
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\FileZilla\recentservers.xml
registry HKEY_CURRENT_USER\Software\Far\Plugins\FTP\Hosts
registry HKEY_CURRENT_USER\Software\Far2\Plugins\FTP\Hosts
registry HKEY_CURRENT_USER\Software\Ghisler\Total Commander
registry HKEY_CURRENT_USER\Software\VanDyke\SecureFX
registry HKEY_CURRENT_USER\Software\LinasFTP\Site Manager
registry HKEY_CURRENT_USER\Software\FlashPeak\BlazeFtp\Settings
registry HKEY_CURRENT_USER\Software\SimonTatham\PuTTY\Sessions
registry HKEY_LOCAL_MACHINE\Software\SimonTatham\PuTTY\Sessions
registry HKEY_CURRENT_USER\Software\Martin Prikryl
registry HKEY_LOCAL_MACHINE\Software\Martin Prikryl
Harvests information related to installed instant messenger clients (1 个事件)
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\.purple\accounts.xml
Harvests credentials from local email clients (3 个事件)
registry HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook
registry HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Thunderbird
registry HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook
Used NtSetContextThread to modify a thread in a remote process indicative of process injection (2 个事件)
Process injection Process 2868 called NtSetContextThread to modify thread in remote process 472
Time & API Arguments Status Return Repeated
1619807885.263626
NtSetContextThread
thread_handle: 0x000000fc
registers.eip: 0
registers.esp: 0
registers.edi: 0
registers.eax: 4274654
registers.ebp: 0
registers.edx: 0
registers.ebx: 2130567168
registers.esi: 0
registers.ecx: 0
process_identifier: 472
success 0 0
Putty Files, Registry Keys and/or Mutexes Detected
Resumed a suspended thread in a remote process potentially indicative of process injection (2 个事件)
Process injection Process 2868 resumed a thread in remote process 472
Time & API Arguments Status Return Repeated
1619807885.888626
NtResumeThread
thread_handle: 0x000000fc
suspend_count: 1
process_identifier: 472
success 0 0
Executed a process and injected code into it, probably while unpacking (7 个事件)
Time & API Arguments Status Return Repeated
1619807885.216626
CreateProcessInternalW
thread_identifier: 364
thread_handle: 0x000000fc
process_identifier: 472
current_directory:
filepath:
track: 1
command_line: "C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\9879cd77f109572d3aeb5cad1e5fc459.exe"
filepath_r:
stack_pivoted: 0
creation_flags: 4 (CREATE_SUSPENDED)
process_handle: 0x00000100
inherit_handles: 0
success 1 0
1619807885.216626
NtUnmapViewOfSection
process_identifier: 472
region_size: 4096
process_handle: 0x00000100
base_address: 0x00400000
success 0 0
1619807885.232626
NtMapViewOfSection
section_handle: 0x00000108
process_identifier: 472
commit_size: 663552
win32_protect: 64 (PAGE_EXECUTE_READWRITE)
buffer:
process_handle: 0x00000100
allocation_type: 0 ()
section_offset: 0
view_size: 663552
base_address: 0x00400000
success 0 0
1619807885.263626
NtGetContextThread
thread_handle: 0x000000fc
success 0 0
1619807885.263626
NtSetContextThread
thread_handle: 0x000000fc
registers.eip: 0
registers.esp: 0
registers.edi: 0
registers.eax: 4274654
registers.ebp: 0
registers.edx: 0
registers.ebx: 2130567168
registers.esi: 0
registers.ecx: 0
process_identifier: 472
success 0 0
1619807885.888626
NtResumeThread
thread_handle: 0x000000fc
suspend_count: 1
process_identifier: 472
success 0 0
1619807887.794374
NtResumeThread
thread_handle: 0x00000110
suspend_count: 1
process_identifier: 472
success 0 0
File has been identified by 54 AntiVirus engines on VirusTotal as malicious (50 out of 54 个事件)
Bkav W32.AIDetectVM.malware1
Elastic malicious (high confidence)
DrWeb Trojan.PWS.Siggen2.52313
MicroWorld-eScan Trojan.Delf.FareIt.Gen.7
FireEye Generic.mg.9879cd77f109572d
CAT-QuickHeal Trojan.FareitIH.S15398962
ALYac Trojan.Delf.FareIt.Gen.7
Cylance Unsafe
Zillya Trojan.Androm.Win32.1171
Sangfor Malware
K7AntiVirus Trojan ( 0056aeff1 )
Alibaba Trojan:Win32/DelfInject.ali2000015
K7GW Trojan ( 0056aeff1 )
CrowdStrike win/malicious_confidence_90% (W)
Arcabit Trojan.Delf.FareIt.Gen.7
Invincea heuristic
BitDefenderTheta Gen:NN.ZelphiF.34196.WGW@a4ubroki
Cyren W32/Injector.DKMX-0814
Symantec ML.Attribute.HighConfidence
APEX Malicious
Paloalto generic.ml
ClamAV Win.Dropper.Nanocore-9075385-0
Kaspersky HEUR:Backdoor.Win32.Androm.gen
BitDefender Trojan.Delf.FareIt.Gen.7
NANO-Antivirus Trojan.Win32.Delf.holdew
Rising Trojan.Injector!1.C99D (CLASSIC)
Ad-Aware Trojan.Delf.FareIt.Gen.7
Comodo Malware@#258viluof1gu
VIPRE Trojan.Win32.Generic!BT
TrendMicro TSPY_HPLOKI.SMBD
Sophos Troj/Fareit-KYT
SentinelOne DFI - Suspicious PE
Webroot W32.Trojan.Gen
Avira TR/Injector.nndvi
Antiy-AVL Trojan[Backdoor]/Win32.Androm
Microsoft PWS:Win32/Fareit.AQ!MTB
ViRobot Trojan.Win32.Z.Injector.789504.G
ZoneAlarm HEUR:Backdoor.Win32.Androm.gen
GData Trojan.Delf.FareIt.Gen.7
Cynet Malicious (score: 100)
AhnLab-V3 Suspicious/Win.Delphiless.X2091
McAfee Fareit-FVZ!9879CD77F109
MAX malware (ai score=82)
VBA32 TScope.Trojan.Delf
Malwarebytes Spyware.PasswordStealer
ESET-NOD32 a variant of Win32/Injector.EMSE
TrendMicro-HouseCall TSPY_HPLOKI.SMBD
Tencent Win32.Backdoor.Fareit.Auto
Ikarus Trojan-Spy.Fareit
Fortinet W32/Injector.EMOY!tr
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

1992-06-20 06:22:17

Imports

Library kernel32.dll:
0x495164 VirtualFree
0x495168 VirtualAlloc
0x49516c LocalFree
0x495170 LocalAlloc
0x495174 GetVersion
0x495178 GetCurrentThreadId
0x495184 VirtualQuery
0x495188 WideCharToMultiByte
0x495190 MultiByteToWideChar
0x495194 lstrlenA
0x495198 lstrcpynA
0x49519c LoadLibraryExA
0x4951a0 GetThreadLocale
0x4951a4 GetStartupInfoA
0x4951a8 GetProcAddress
0x4951ac GetModuleHandleA
0x4951b0 GetModuleFileNameA
0x4951b4 GetLocaleInfoA
0x4951b8 GetLastError
0x4951c0 GetCommandLineA
0x4951c4 FreeLibrary
0x4951c8 FindFirstFileA
0x4951cc FindClose
0x4951d0 ExitProcess
0x4951d4 WriteFile
0x4951dc RtlUnwind
0x4951e0 RaiseException
0x4951e4 GetStdHandle
Library user32.dll:
0x4951ec GetKeyboardType
0x4951f0 LoadStringA
0x4951f4 MessageBoxA
0x4951f8 CharNextA
Library advapi32.dll:
0x495200 RegQueryValueExA
0x495204 RegOpenKeyExA
0x495208 RegCloseKey
Library oleaut32.dll:
0x495210 SysFreeString
0x495214 SysReAllocStringLen
0x495218 SysAllocStringLen
Library kernel32.dll:
0x495220 TlsSetValue
0x495224 TlsGetValue
0x495228 LocalAlloc
0x49522c GetModuleHandleA
Library advapi32.dll:
0x495234 RegQueryValueExA
0x495238 RegOpenKeyExA
0x49523c RegCloseKey
Library kernel32.dll:
0x495244 lstrcpyA
0x495248 WriteFile
0x49524c WaitForSingleObject
0x495250 VirtualQuery
0x495254 VirtualProtect
0x495258 VirtualAlloc
0x49525c Sleep
0x495260 SizeofResource
0x495264 SetThreadLocale
0x495268 SetFilePointer
0x49526c SetEvent
0x495270 SetErrorMode
0x495274 SetEndOfFile
0x495278 ResetEvent
0x49527c ReadFile
0x495280 MultiByteToWideChar
0x495284 MulDiv
0x495288 LockResource
0x49528c LoadResource
0x495290 LoadLibraryA
0x49529c GlobalUnlock
0x4952a0 GlobalSize
0x4952a4 GlobalReAlloc
0x4952a8 GlobalHandle
0x4952ac GlobalLock
0x4952b0 GlobalFree
0x4952b4 GlobalFindAtomA
0x4952b8 GlobalDeleteAtom
0x4952bc GlobalAlloc
0x4952c0 GlobalAddAtomA
0x4952c4 GetVersionExA
0x4952c8 GetVersion
0x4952cc GetUserDefaultLCID
0x4952d0 GetTickCount
0x4952d4 GetThreadLocale
0x4952d8 GetSystemInfo
0x4952dc GetStringTypeExA
0x4952e0 GetStdHandle
0x4952e4 GetProcAddress
0x4952e8 GetModuleHandleA
0x4952ec GetModuleFileNameA
0x4952f0 GetLocaleInfoA
0x4952f4 GetLocalTime
0x4952f8 GetLastError
0x4952fc GetFullPathNameA
0x495300 GetFileAttributesA
0x495304 GetDiskFreeSpaceA
0x495308 GetDateFormatA
0x49530c GetCurrentThreadId
0x495310 GetCurrentProcessId
0x495314 GetComputerNameA
0x495318 GetCPInfo
0x49531c GetACP
0x495320 FreeResource
0x495328 InterlockedExchange
0x495330 FreeLibrary
0x495334 FormatMessageA
0x495338 FindResourceA
0x49533c FindNextFileA
0x495340 FindFirstFileA
0x495344 FindClose
0x495350 EnumCalendarInfoA
0x49535c CreateThread
0x495360 CreateFileA
0x495364 CreateEventA
0x495368 CompareStringA
0x49536c CloseHandle
Library version.dll:
0x495374 VerQueryValueA
0x49537c GetFileVersionInfoA
Library gdi32.dll:
0x495384 UnrealizeObject
0x495388 StretchBlt
0x49538c SetWindowOrgEx
0x495390 SetWinMetaFileBits
0x495394 SetViewportOrgEx
0x495398 SetTextColor
0x49539c SetStretchBltMode
0x4953a0 SetROP2
0x4953a4 SetPixel
0x4953a8 SetMapMode
0x4953ac SetEnhMetaFileBits
0x4953b0 SetDIBColorTable
0x4953b4 SetBrushOrgEx
0x4953b8 SetBkMode
0x4953bc SetBkColor
0x4953c0 SetArcDirection
0x4953c4 SelectPalette
0x4953c8 SelectObject
0x4953cc SelectClipRgn
0x4953d0 SaveDC
0x4953d4 RestoreDC
0x4953d8 Rectangle
0x4953dc RectVisible
0x4953e0 RealizePalette
0x4953e4 Polyline
0x4953e8 PlayEnhMetaFile
0x4953ec PatBlt
0x4953f0 MoveToEx
0x4953f4 MaskBlt
0x4953f8 LineTo
0x4953fc LPtoDP
0x495400 IntersectClipRect
0x495404 GetWindowOrgEx
0x495408 GetWinMetaFileBits
0x49540c GetTextMetricsA
0x495418 GetStockObject
0x49541c GetPixel
0x495420 GetPaletteEntries
0x495424 GetObjectA
0x495434 GetEnhMetaFileBits
0x495438 GetDeviceCaps
0x49543c GetDIBits
0x495440 GetDIBColorTable
0x495444 GetDCOrgEx
0x49544c GetClipBox
0x495450 GetBrushOrgEx
0x495454 GetBitmapBits
0x495458 ExtTextOutA
0x49545c ExcludeClipRect
0x495460 DeleteObject
0x495464 DeleteEnhMetaFile
0x495468 DeleteDC
0x49546c CreateSolidBrush
0x495470 CreatePenIndirect
0x495474 CreatePalette
0x49547c CreateFontIndirectA
0x495480 CreateEnhMetaFileA
0x495484 CreateDIBitmap
0x495488 CreateDIBSection
0x49548c CreateCompatibleDC
0x495494 CreateBrushIndirect
0x495498 CreateBitmap
0x49549c CopyEnhMetaFileA
0x4954a0 CloseEnhMetaFile
0x4954a4 BitBlt
Library user32.dll:
0x4954ac CreateWindowExA
0x4954b0 WindowFromPoint
0x4954b4 WinHelpA
0x4954b8 WaitMessage
0x4954bc UpdateWindow
0x4954c0 UnregisterClassA
0x4954c4 UnhookWindowsHookEx
0x4954c8 TranslateMessage
0x4954d0 TrackPopupMenu
0x4954d8 ShowWindow
0x4954dc ShowScrollBar
0x4954e0 ShowOwnedPopups
0x4954e4 ShowCursor
0x4954e8 SetWindowsHookExA
0x4954ec SetWindowTextA
0x4954f0 SetWindowPos
0x4954f4 SetWindowPlacement
0x4954f8 SetWindowLongA
0x4954fc SetTimer
0x495500 SetScrollRange
0x495504 SetScrollPos
0x495508 SetScrollInfo
0x49550c SetRect
0x495510 SetPropA
0x495514 SetParent
0x495518 SetMenuItemInfoA
0x49551c SetMenu
0x495520 SetForegroundWindow
0x495524 SetFocus
0x495528 SetCursor
0x49552c SetClassLongA
0x495530 SetCapture
0x495534 SetActiveWindow
0x495538 SendMessageA
0x49553c ScrollWindow
0x495540 ScreenToClient
0x495544 RemovePropA
0x495548 RemoveMenu
0x49554c ReleaseDC
0x495550 ReleaseCapture
0x49555c RegisterClassA
0x495560 RedrawWindow
0x495564 PtInRect
0x495568 PostQuitMessage
0x49556c PostMessageA
0x495570 PeekMessageA
0x495574 OffsetRect
0x495578 OemToCharA
0x49557c MessageBoxA
0x495580 MapWindowPoints
0x495584 MapVirtualKeyA
0x495588 LoadStringA
0x49558c LoadKeyboardLayoutA
0x495590 LoadIconA
0x495594 LoadCursorA
0x495598 LoadBitmapA
0x49559c KillTimer
0x4955a0 IsZoomed
0x4955a4 IsWindowVisible
0x4955a8 IsWindowEnabled
0x4955ac IsWindow
0x4955b0 IsRectEmpty
0x4955b4 IsIconic
0x4955b8 IsDialogMessageA
0x4955bc IsChild
0x4955c0 InvalidateRect
0x4955c4 IntersectRect
0x4955c8 InsertMenuItemA
0x4955cc InsertMenuA
0x4955d0 InflateRect
0x4955d8 GetWindowTextA
0x4955dc GetWindowRect
0x4955e0 GetWindowPlacement
0x4955e4 GetWindowLongA
0x4955e8 GetWindowDC
0x4955ec GetTopWindow
0x4955f0 GetSystemMetrics
0x4955f4 GetSystemMenu
0x4955f8 GetSysColorBrush
0x4955fc GetSysColor
0x495600 GetSubMenu
0x495604 GetScrollRange
0x495608 GetScrollPos
0x49560c GetScrollInfo
0x495610 GetPropA
0x495614 GetParent
0x495618 GetWindow
0x49561c GetMessageTime
0x495620 GetMenuStringA
0x495624 GetMenuState
0x495628 GetMenuItemInfoA
0x49562c GetMenuItemID
0x495630 GetMenuItemCount
0x495634 GetMenu
0x495638 GetLastActivePopup
0x49563c GetKeyboardState
0x495644 GetKeyboardLayout
0x495648 GetKeyState
0x49564c GetKeyNameTextA
0x495650 GetIconInfo
0x495654 GetForegroundWindow
0x495658 GetFocus
0x49565c GetDlgItem
0x495660 GetDesktopWindow
0x495664 GetDCEx
0x495668 GetDC
0x49566c GetCursorPos
0x495670 GetCursor
0x495674 GetClipboardData
0x495678 GetClientRect
0x49567c GetClassNameA
0x495680 GetClassInfoA
0x495684 GetCapture
0x495688 GetActiveWindow
0x49568c FrameRect
0x495690 FindWindowA
0x495694 FillRect
0x495698 EqualRect
0x49569c EnumWindows
0x4956a0 EnumThreadWindows
0x4956a4 EndPaint
0x4956a8 EnableWindow
0x4956ac EnableScrollBar
0x4956b0 EnableMenuItem
0x4956b4 DrawTextA
0x4956b8 DrawMenuBar
0x4956bc DrawIconEx
0x4956c0 DrawIcon
0x4956c4 DrawFrameControl
0x4956c8 DrawFocusRect
0x4956cc DrawEdge
0x4956d0 DispatchMessageA
0x4956d4 DestroyWindow
0x4956d8 DestroyMenu
0x4956dc DestroyIcon
0x4956e0 DestroyCursor
0x4956e4 DeleteMenu
0x4956e8 DefWindowProcA
0x4956ec DefMDIChildProcA
0x4956f0 DefFrameProcA
0x4956f4 CreatePopupMenu
0x4956f8 CreateMenu
0x4956fc CreateIcon
0x495700 ClientToScreen
0x495704 CheckMenuItem
0x495708 CallWindowProcA
0x49570c CallNextHookEx
0x495710 BeginPaint
0x495714 CharNextA
0x495718 CharLowerBuffA
0x49571c CharLowerA
0x495720 CharUpperBuffA
0x495724 CharToOemA
0x495728 AdjustWindowRectEx
Library kernel32.dll:
0x495734 Sleep
Library oleaut32.dll:
0x49573c SafeArrayPtrOfIndex
0x495740 SafeArrayPutElement
0x495744 SafeArrayGetElement
0x49574c SafeArrayAccessData
0x495750 SafeArrayGetUBound
0x495754 SafeArrayGetLBound
0x495758 SafeArrayCreate
0x49575c VariantChangeType
0x495760 VariantCopyInd
0x495764 VariantCopy
0x495768 VariantClear
0x49576c VariantInit
Library ole32.dll:
0x495778 IsAccelerator
0x49577c OleDraw
0x495784 CoTaskMemFree
0x495788 ProgIDFromCLSID
0x49578c StringFromCLSID
0x495790 CoCreateInstance
0x495794 CoGetClassObject
0x495798 CoUninitialize
0x49579c CoInitialize
0x4957a0 IsEqualGUID
Library oleaut32.dll:
0x4957a8 CreateErrorInfo
0x4957ac GetErrorInfo
0x4957b0 SetErrorInfo
0x4957b4 GetActiveObject
0x4957b8 SysFreeString
Library comctl32.dll:
0x4957c8 ImageList_Write
0x4957cc ImageList_Read
0x4957dc ImageList_DragMove
0x4957e0 ImageList_DragLeave
0x4957e4 ImageList_DragEnter
0x4957e8 ImageList_EndDrag
0x4957ec ImageList_BeginDrag
0x4957f0 ImageList_Remove
0x4957f4 ImageList_DrawEx
0x4957f8 ImageList_Replace
0x4957fc ImageList_Draw
0x49580c ImageList_Add
0x495814 ImageList_Destroy
0x495818 ImageList_Create
0x49581c InitCommonControls
Library comdlg32.dll:
0x495824 GetOpenFileNameA

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 49235 114.114.114.114 53
192.168.56.101 50534 114.114.114.114 53
192.168.56.101 51808 114.114.114.114 53
192.168.56.101 56539 114.114.114.114 53
192.168.56.101 58367 114.114.114.114 53
192.168.56.101 65004 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 123 20.189.79.72 time.windows.com 123
192.168.56.101 49713 224.0.0.252 5355
192.168.56.101 50568 224.0.0.252 5355
192.168.56.101 51378 224.0.0.252 5355
192.168.56.101 53237 224.0.0.252 5355
192.168.56.101 55368 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 60123 224.0.0.252 5355
192.168.56.101 62191 224.0.0.252 5355
192.168.56.101 62318 224.0.0.252 5355
192.168.56.101 62912 224.0.0.252 5355
192.168.56.101 1900 239.255.255.250 1900

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.