6.2
高危
58 个模型检测该样本为恶意!
重新分析
更多

4328690c9c877e2e2cd30f3f5f4cf2a389f3221bde6d94c852abb94e38c92e4f

9da4a376a55bbd92ca9df7f8cfe4fc48.exe

分析耗时

76s

最近分析

文件大小

608.0KB
静态报毒 动态报毒 AI SCORE=100 AIDETECT BANKERX BSCOPE CONFIDENCE DEDSF DOWNLOADER34 ELDORADO EMOTET EMOTETU GENCIRC GENERICKDZ GENETIC HGIASOQA HIGH CONFIDENCE HVBEEW KCLOUD M+59Q MALWARE1 MALWARE@#1LV727URHSVG7 MQW@AIJHR9TI MQW@EIJHR9TI R350923 SCORE SMTHQ STATIC AI SUSGEN SUSPICIOUS PE UNSAFE YZY0OSBOL9 ZENPAK ZEXAF 更多
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
Alibaba Trojan:Win32/Emotet.c35b6162 20190527 0.3.0.5
CrowdStrike win/malicious_confidence_90% (W) 20210203 1.0
Baidu 20190318 1.0.0.2
Avast Win32:BankerX-gen [Trj] 20210405 21.1.5827.0
Tencent Malware.Win32.Gencirc.10ce0217 20210405 1.0.0.1
Kingsoft Win32.Troj.Banker.(kcloud) 20210405 2017.9.26.565
McAfee Emotet-FSD!9DA4A376A55B 20210405 6.0.6.653
静态指标
Queries for the computername (1 个事件)
Time & API Arguments Status Return Repeated
1620985527.681979
GetComputerNameA
computer_name: OSKAR-PC
success 1 0
Uses Windows APIs to generate a cryptographic key (3 个事件)
Time & API Arguments Status Return Repeated
1620985511.681979
CryptGenKey
crypto_handle: 0x008f18d0
algorithm_identifier: 0x0000660e ()
provider_handle: 0x0099b660
flags: 1
key: fAÌçœx¢™<~„C¾_ÍÒ
success 1 0
1620985527.696979
CryptExportKey
crypto_handle: 0x008f18d0
crypto_export_handle: 0x0099b620
buffer: f¤Ì DeQž 2[(ƒRÊ”œˆh×£@¬(M@ ääXå®ÔJ»õp˜9¸^¨ÏŠ:Âêí4iäÿR´ºÓ 5ç18Û¾Š{!÷CvÛe(hA°D[)Ÿ/}
blob_type: 1
flags: 64
success 1 0
1620985562.556979
CryptExportKey
crypto_handle: 0x008f18d0
crypto_export_handle: 0x0099b620
buffer: f¤ç‡k=ˆ6ùä6knž¶¼÷y2/u¬oíKÕjé •¥ÀŠÃ'.Ë· ƒüØjö_ òiPñ»è[è|l¡çÎZ=ôg ýJ+Oê0@åD‡ï­«Ìsç(µP]
blob_type: 1
flags: 64
success 1 0
The executable uses a known packer (1 个事件)
packer Armadillo v1.71
The file contains an unknown PE resource name possibly indicative of a packer (1 个事件)
resource name None
行为判定
动态指标
Allocates read-write-execute memory (usually to unpack itself) (2 个事件)
Time & API Arguments Status Return Repeated
1620985511.056979
NtAllocateVirtualMemory
process_identifier: 2292
region_size: 61440
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12289 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00340000
success 0 0
1620985511.071979
NtAllocateVirtualMemory
process_identifier: 2292
region_size: 49152
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12289 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00650000
success 0 0
Changes read-write memory protection to read-execute (probably to avoid detection when setting all RWX flags at the same time) (1 个事件)
Time & API Arguments Status Return Repeated
1620985511.071979
NtProtectVirtualMemory
process_identifier: 2292
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 45056
protection: 32 (PAGE_EXECUTE_READ)
process_handle: 0xffffffff
base_address: 0x00871000
success 0 0
Checks adapter addresses which can be used to detect virtual network interfaces (1 个事件)
Time & API Arguments Status Return Repeated
1620985528.228979
GetAdaptersAddresses
flags: 0
family: 0
failed 111 0
Expresses interest in specific running processes (1 个事件)
process 9da4a376a55bbd92ca9df7f8cfe4fc48.exe
Reads the systems User Agent and subsequently performs requests (1 个事件)
Time & API Arguments Status Return Repeated
1620985527.899979
InternetOpenW
proxy_bypass:
access_type: 0
proxy_name:
flags: 0
user_agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
success 13369348 0
网络通信
Communicates with host for which no DNS query was performed (3 个事件)
host 172.217.24.14
host 190.194.12.132
host 51.254.140.91
Sets or modifies WPAD proxy autoconfiguration file for traffic interception (8 个事件)
Time & API Arguments Status Return Repeated
1620985530.806979
RegSetValueExA
key_handle: 0x000003a8
value: 1
regkey_r: WpadDecisionReason
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionReason
success 0 0
1620985530.821979
RegSetValueExA
key_handle: 0x000003a8
value: ðÝŠH×
regkey_r: WpadDecisionTime
reg_type: 3 (REG_BINARY)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionTime
success 0 0
1620985530.821979
RegSetValueExA
key_handle: 0x000003a8
value: 3
regkey_r: WpadDecision
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecision
success 0 0
1620985530.821979
RegSetValueExW
key_handle: 0x000003a8
value: 网络 2
regkey_r: WpadNetworkName
reg_type: 1 (REG_SZ)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadNetworkName
success 0 0
1620985530.821979
RegSetValueExA
key_handle: 0x000003c0
value: 1
regkey_r: WpadDecisionReason
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionReason
success 0 0
1620985530.821979
RegSetValueExA
key_handle: 0x000003c0
value: ðÝŠH×
regkey_r: WpadDecisionTime
reg_type: 3 (REG_BINARY)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionTime
success 0 0
1620985530.821979
RegSetValueExA
key_handle: 0x000003c0
value: 3
regkey_r: WpadDecision
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecision
success 0 0
1620985530.837979
RegSetValueExW
key_handle: 0x000003a4
value: {40112ABE-63B3-43C3-BE93-1440EE3AF106}
regkey_r: WpadLastNetwork
reg_type: 1 (REG_SZ)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\WpadLastNetwork
success 0 0
Connects to an IP address that is no longer responding to requests (legitimate services will remain up-and-running usually) (1 个事件)
dead_host 190.194.12.132:80
File has been identified by 58 AntiVirus engines on VirusTotal as malicious (50 out of 58 个事件)
Bkav W32.AIDetect.malware1
Elastic malicious (high confidence)
MicroWorld-eScan Trojan.EmotetU.Gen.MqW@eiJHR9ti
Qihoo-360 Win32/Backdoor.Emotet.HgIASOQA
ALYac Trojan.Agent.Emotet
Cylance Unsafe
Zillya Trojan.Emotet.Win32.29289
Sangfor Trojan.Win32.Emotet.ARJ
K7AntiVirus Trojan ( 0056e14e1 )
Alibaba Trojan:Win32/Emotet.c35b6162
K7GW Trojan ( 0056e14e1 )
CrowdStrike win/malicious_confidence_90% (W)
Arcabit Trojan.EmotetU.Gen.E347A0
Cyren W32/Emotet.ASG.gen!Eldorado
Symantec Packed.Generic.554
ESET-NOD32 Win32/Emotet.CD
APEX Malicious
Paloalto generic.ml
ClamAV Win.Keylogger.Emotet-9790073-0
Kaspersky HEUR:Trojan-Banker.Win32.Emotet.vho
BitDefender Trojan.EmotetU.Gen.MqW@eiJHR9ti
NANO-Antivirus Trojan.Win32.Emotet.hvbeew
Avast Win32:BankerX-gen [Trj]
Tencent Malware.Win32.Gencirc.10ce0217
Ad-Aware Trojan.EmotetU.Gen.MqW@eiJHR9ti
TACHYON Banker/W32.Emotet.622592.D
Emsisoft Trojan.EmotetU.Gen.MqW@eiJHR9ti (B)
Comodo Malware@#1lv727urhsvg7
DrWeb Trojan.DownLoader34.40100
VIPRE Trojan.Win32.Generic!BT
TrendMicro TrojanSpy.Win32.EMOTET.SMTHQ
McAfee-GW-Edition Emotet-FSD!9DA4A376A55B
FireEye Trojan.EmotetU.Gen.MqW@eiJHR9ti
Sophos Troj/Emotet-CND
Ikarus Trojan-Banker.Emotet
Jiangmin Trojan.Banker.Emotet.ojw
Avira TR/Emotet.dedsf
Kingsoft Win32.Troj.Banker.(kcloud)
Gridinsoft Trojan.Win32.Emotet.oa
Microsoft Trojan:Win32/Emotet.ARJ!MTB
AegisLab Trojan.Win32.Emotet.L!c
ZoneAlarm HEUR:Trojan-Banker.Win32.Emotet.vho
GData Trojan.EmotetU.Gen.MqW@eiJHR9ti
Cynet Malicious (score: 100)
AhnLab-V3 Trojan/Win32.Emotet.R350923
McAfee Emotet-FSD!9DA4A376A55B
MAX malware (ai score=100)
VBA32 BScope.Trojan.Zenpak
Malwarebytes Trojan.MalPack.TRE
TrendMicro-HouseCall TrojanSpy.Win32.EMOTET.SMTHQ
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

2020-09-09 16:41:52

Imports

Library KERNEL32.dll:
0x441184 GetFileType
0x441188 SetHandleCount
0x44118c GetStdHandle
0x441190 LCMapStringA
0x441194 LCMapStringW
0x4411b0 GetStringTypeA
0x4411b4 GetStringTypeW
0x4411b8 SetStdHandle
0x4411bc IsBadCodePtr
0x4411c0 CompareStringA
0x4411c4 CompareStringW
0x4411cc IsBadWritePtr
0x4411d0 GetProfileStringA
0x4411d4 VirtualAlloc
0x4411d8 VirtualFree
0x4411dc HeapCreate
0x4411e0 HeapDestroy
0x4411e8 GetACP
0x4411ec HeapSize
0x4411f0 HeapReAlloc
0x4411f4 TerminateProcess
0x4411f8 RaiseException
0x4411fc HeapFree
0x441200 ExitProcess
0x441204 GetCommandLineA
0x441208 GetStartupInfoA
0x44120c HeapAlloc
0x441210 RtlUnwind
0x441214 GetTickCount
0x441220 SetErrorMode
0x44122c GetFileSize
0x441230 GetShortPathNameA
0x441234 GetStringTypeExA
0x44123c FindFirstFileA
0x441240 FindClose
0x441244 DeleteFileA
0x441248 MoveFileA
0x44124c SetEndOfFile
0x441250 UnlockFile
0x441254 LockFile
0x441258 FlushFileBuffers
0x44125c SetFilePointer
0x441260 WriteFile
0x441264 ReadFile
0x441268 CreateFileA
0x44126c DuplicateHandle
0x441270 GetThreadLocale
0x441278 SizeofResource
0x44127c GetOEMCP
0x441280 GetCPInfo
0x441284 TlsGetValue
0x441288 LocalReAlloc
0x44128c TlsSetValue
0x441294 GlobalReAlloc
0x44129c TlsFree
0x4412a0 GlobalHandle
0x4412a8 TlsAlloc
0x4412b0 LocalAlloc
0x4412b4 SetLastError
0x4412b8 GlobalFlags
0x4412bc GetProcessVersion
0x4412c0 MulDiv
0x4412c4 GetDiskFreeSpaceA
0x4412c8 GetFileTime
0x4412cc SetFileTime
0x4412d0 GetFullPathNameA
0x4412d4 GetTempFileNameA
0x4412d8 GetFileAttributesA
0x4412e8 CloseHandle
0x4412ec GlobalAlloc
0x4412f0 GetCurrentThread
0x4412f4 lstrcmpA
0x4412f8 GlobalFree
0x4412fc MultiByteToWideChar
0x441300 WideCharToMultiByte
0x44130c FreeLibrary
0x441310 FindResourceA
0x441314 LoadResource
0x441318 LockResource
0x44131c GetCurrentThreadId
0x441320 lstrcmpiA
0x441324 GlobalFindAtomA
0x441328 GlobalDeleteAtom
0x44132c GetModuleHandleA
0x441330 lstrcatA
0x441334 GlobalLock
0x441338 lstrcpynA
0x44133c GlobalUnlock
0x441340 GlobalGetAtomNameA
0x441344 GlobalAddAtomA
0x441348 GetVersion
0x44134c lstrcpyA
0x441350 lstrlenA
0x441354 LoadLibraryA
0x441358 GetLastError
0x44135c FormatMessageA
0x441360 LocalFree
0x441364 GetCurrentProcess
0x441368 GetModuleFileNameA
0x44136c LoadLibraryW
0x441370 IsBadReadPtr
0x441374 GetProcAddress
Library USER32.dll:
0x4413c0 GetMenuStringA
0x4413c4 DestroyIcon
0x4413c8 CharNextA
0x4413d0 GetNextDlgGroupItem
0x4413d4 CharUpperA
0x4413d8 FindWindowA
0x4413e4 PostThreadMessageA
0x4413ec LoadBitmapA
0x4413f0 GetMenuState
0x4413f4 ModifyMenuA
0x4413f8 SetMenuItemBitmaps
0x4413fc CheckMenuItem
0x441400 EnableMenuItem
0x441404 GetNextDlgTabItem
0x441408 MoveWindow
0x44140c SetWindowTextA
0x441410 IsDialogMessageA
0x441414 SetDlgItemTextA
0x441418 SendDlgItemMessageA
0x44141c MapWindowPoints
0x441420 GetSysColor
0x441424 DispatchMessageA
0x441428 ScreenToClient
0x44142c DeferWindowPos
0x441430 BeginDeferWindowPos
0x441434 EndDeferWindowPos
0x441438 ScrollWindow
0x44143c GetScrollInfo
0x441440 SetScrollInfo
0x441444 ShowScrollBar
0x441448 GetScrollRange
0x44144c SetScrollRange
0x441450 GetScrollPos
0x441454 SetScrollPos
0x441458 GetTopWindow
0x44145c MessageBoxA
0x441460 IsChild
0x441464 RegisterClassA
0x44146c GetWindowTextA
0x441470 DefWindowProcA
0x441474 DestroyWindow
0x441478 SetWindowsHookExA
0x44147c CallNextHookEx
0x441480 GetClassLongA
0x441484 SetPropA
0x441488 UnhookWindowsHookEx
0x44148c GetPropA
0x441490 CallWindowProcA
0x441494 RemovePropA
0x441498 GetMessageTime
0x44149c GetMessagePos
0x4414a0 GetForegroundWindow
0x4414a4 WindowFromPoint
0x4414a8 InsertMenuA
0x4414ac IntersectRect
0x4414b4 GetWindowPlacement
0x4414b8 GetWindowRect
0x4414bc GetSystemMetrics
0x4414c0 GetLastActivePopup
0x4414c4 IsWindowVisible
0x4414c8 IsIconic
0x4414cc GetFocus
0x4414d0 EqualRect
0x4414d4 CopyRect
0x4414d8 GetDlgItem
0x4414dc InvalidateRect
0x4414e0 GetKeyState
0x4414e4 GetDlgCtrlID
0x4414e8 UnpackDDElParam
0x4414ec ReuseDDElParam
0x4414f0 SetActiveWindow
0x4414f4 WinHelpA
0x4414f8 SetMenu
0x4414fc LoadIconA
0x441500 GetClassInfoA
0x441504 LoadMenuA
0x441508 DestroyMenu
0x44150c SetFocus
0x441510 GetDesktopWindow
0x441514 GetWindow
0x441518 IsWindowEnabled
0x44151c SetCursor
0x441520 PeekMessageA
0x441524 PostMessageA
0x441528 GetCapture
0x44152c ReleaseCapture
0x441530 LoadAcceleratorsA
0x441534 SetRectEmpty
0x44153c GetActiveWindow
0x441540 wsprintfA
0x441544 GetParent
0x441548 GetMenuItemID
0x44154c AdjustWindowRectEx
0x441550 RedrawWindow
0x441554 SetWindowPos
0x441558 SendMessageA
0x44155c UnregisterClassA
0x441560 HideCaret
0x441564 ShowCaret
0x441568 ExcludeUpdateRgn
0x44156c DrawFocusRect
0x441570 DefDlgProcA
0x441574 IsWindowUnicode
0x441578 MessageBeep
0x44157c KillTimer
0x441580 SetTimer
0x441584 GrayStringA
0x441588 GetClientRect
0x44158c GetWindowLongA
0x441590 SetWindowLongA
0x441594 IsWindow
0x441598 DefMDIChildProcA
0x44159c DrawMenuBar
0x4415a8 DefFrameProcA
0x4415ac CreateWindowExA
0x4415b0 BringWindowToTop
0x4415b4 GetMenu
0x4415b8 GetMenuItemCount
0x4415bc GetSubMenu
0x4415c0 ShowWindow
0x4415c4 LockWindowUpdate
0x4415c8 GetDCEx
0x4415cc InvertRect
0x4415d0 SetCapture
0x4415d4 OffsetRect
0x4415d8 InflateRect
0x4415dc UpdateWindow
0x4415e0 EnableWindow
0x4415e4 DrawTextA
0x4415e8 TabbedTextOutA
0x4415ec EndPaint
0x4415f0 BeginPaint
0x4415f4 GetWindowDC
0x4415f8 ClientToScreen
0x4415fc GetClassNameA
0x441600 GetSysColorBrush
0x441604 LoadStringA
0x441608 FillRect
0x44160c SetRect
0x441610 LoadCursorA
0x441614 DestroyCursor
0x441618 MapDialogRect
0x441620 GetMessageA
0x441624 TranslateMessage
0x441628 ValidateRect
0x44162c GetCursorPos
0x441630 ShowOwnedPopups
0x441634 PostQuitMessage
0x441638 GetSystemMenu
0x44163c DeleteMenu
0x441640 AppendMenuA
0x441644 IsRectEmpty
0x441648 SetParent
0x44164c PtInRect
0x441650 ReleaseDC
0x441654 IsZoomed
0x441658 wvsprintfA
0x44165c EndDialog
0x441660 SetForegroundWindow
0x441668 GetDC
Library GDI32.dll:
0x441044 PatBlt
0x441048 GetStockObject
0x44104c Rectangle
0x441050 DPtoLP
0x441054 CreatePen
0x441058 GetViewportOrgEx
0x44105c AbortDoc
0x441060 EndDoc
0x441064 EndPage
0x441068 StartPage
0x44106c StartDocA
0x441070 SetAbortProc
0x441074 CreateDCA
0x441078 SaveDC
0x44107c RestoreDC
0x441080 SetBkMode
0x441084 SetPolyFillMode
0x441088 SetROP2
0x44108c SetStretchBltMode
0x441090 SetMapMode
0x441094 SetViewportOrgEx
0x441098 OffsetViewportOrgEx
0x44109c SetViewportExtEx
0x4410a0 ScaleViewportExtEx
0x4410a4 SetWindowOrgEx
0x4410a8 SetWindowExtEx
0x4410ac ScaleWindowExtEx
0x4410b0 SelectClipRgn
0x4410b4 ExcludeClipRect
0x4410b8 IntersectClipRect
0x4410bc MoveToEx
0x4410c0 LineTo
0x4410c4 SetTextAlign
0x4410cc GetDeviceCaps
0x4410d0 CreateRectRgn
0x4410d4 GetViewportExtEx
0x4410d8 GetWindowExtEx
0x4410dc CreateSolidBrush
0x4410e0 CreatePatternBrush
0x4410e4 PtVisible
0x4410e8 RectVisible
0x4410ec TextOutA
0x4410f0 ExtTextOutA
0x4410f4 Escape
0x4410f8 CreateFontIndirectA
0x4410fc BitBlt
0x441100 GetTextColor
0x441104 GetBkColor
0x441108 LPtoDP
0x44110c GetNearestColor
0x441110 GetStretchBltMode
0x441114 GetPolyFillMode
0x441118 GetTextAlign
0x44111c GetBkMode
0x441120 GetROP2
0x441124 GetTextFaceA
0x441128 GetWindowOrgEx
0x44112c GetMapMode
0x441130 SetRectRgn
0x441134 CombineRgn
0x44113c CreateFontA
0x441140 GetCharWidthA
0x441144 DeleteObject
0x44114c CreateCompatibleDC
0x441150 StretchDIBits
0x441154 DeleteDC
0x441158 GetTextMetricsA
0x44115c SelectObject
0x441164 CreateBitmap
0x441168 GetObjectA
0x44116c SetBkColor
0x441170 SetTextColor
0x441174 GetClipBox
0x441178 CreateDIBitmap
0x44117c GetTextExtentPointA
Library comdlg32.dll:
0x441690 GetSaveFileNameA
0x441694 PrintDlgA
0x441698 GetFileTitleA
0x44169c GetOpenFileNameA
0x4416a0 ChooseFontA
0x4416a8 ChooseColorA
Library WINSPOOL.DRV:
0x441680 DocumentPropertiesA
0x441684 ClosePrinter
0x441688 OpenPrinterA
Library ADVAPI32.dll:
0x441000 RegQueryValueExA
0x441004 RegSetValueA
0x441008 RegCreateKeyA
0x44100c GetFileSecurityA
0x441010 SetFileSecurityA
0x441014 RegDeleteValueA
0x441018 RegSetValueExA
0x44101c RegQueryValueA
0x441020 RegOpenKeyExA
0x441024 RegCreateKeyExA
0x441028 RegDeleteKeyA
0x44102c RegOpenKeyA
0x441030 RegEnumKeyA
0x441034 RegCloseKey
Library SHELL32.dll:
0x4413ac ExtractIconA
0x4413b0 DragQueryFileA
0x4413b4 DragFinish
0x4413b8 SHGetFileInfoA
Library COMCTL32.dll:
0x44103c
Library oledlg.dll:
0x4416f0
Library ole32.dll:
0x4416b4 OleUninitialize
0x4416b8 OleInitialize
0x4416bc CoTaskMemFree
0x4416cc CoGetClassObject
0x4416d0 CLSIDFromString
0x4416d4 CLSIDFromProgID
0x4416dc CoRevokeClassObject
0x4416e0 OleFlushClipboard
0x4416e8 CoTaskMemAlloc
Library OLEPRO32.DLL:
0x4413a4
Library OLEAUT32.dll:
0x44137c SysFreeString
0x441380 SysAllocStringLen
0x441384 VariantClear
0x44138c VariantCopy
0x441390 VariantChangeType
0x441394 SysAllocString
0x44139c SysStringLen
Library VERSION.dll:
0x441670 VerQueryValueA
0x441674 GetFileVersionInfoA

Exports

Ordinal Address Name
1 0x402669 ERWQSDASQWAFASASWW

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 49235 114.114.114.114 53
192.168.56.101 51808 114.114.114.114 53
192.168.56.101 58367 114.114.114.114 53
192.168.56.101 60123 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 50534 224.0.0.252 5355
192.168.56.101 51378 224.0.0.252 5355
192.168.56.101 55368 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 62191 224.0.0.252 5355
192.168.56.101 63429 224.0.0.252 5355
192.168.56.101 1900 239.255.255.250 1900
192.168.56.101 51809 239.255.255.250 3702
192.168.56.101 58707 239.255.255.250 3702
192.168.56.101 60124 239.255.255.250 3702
192.168.56.101 62194 239.255.255.250 1900

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.