7.2
高危
59 个模型检测该样本为恶意!
重新分析
更多

68782a853131cf03fb33dce200cfaef5969fc9fb8aca665aa3c2080bce84f1e2

a368783eaf8d383515b46ea0d63fa2ec.exe

分析耗时

79s

最近分析

文件大小

688.5KB
静态报毒 动态报毒 A + MAL AGEN AGENTTESLA AI SCORE=82 AIDETECTVM ALI2000015 BTD2S8 CLASSIC CONFIDENCE DELF DELFINJECT DELPHILESS ELUS ELXR FAREIT GENERICKD HIGH CONFIDENCE HJOTCJ IGENT KRYPTIK LOKIBOT MALWARE1 MALWARE@#2BQSSWC63NFG9 PWSX R06EC0DI220 RG0@A0TUECEI RKKK SCORE SIGGEN9 STATIC AI SUSGEN SUSPICIOUS PE TRJGEN UNSAFE WACATAC X2059 ZELPHIF 更多
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
McAfee Fareit-FSK!A368783EAF8D 20201207 6.0.6.653
Alibaba Trojan:Win32/DelfInject.ali2000015 20190527 0.3.0.5
CrowdStrike win/malicious_confidence_90% (W) 20190702 1.0
Baidu 20190318 1.0.0.2
Avast Win32:PWSX-gen [Trj] 20201207 20.10.5736.0
Tencent 20201207 1.0.0.1
Kingsoft 20201207 2017.9.26.565
静态指标
The executable contains unknown PE section names indicative of a packer (could be a false positive) (3 个事件)
section CODE
section DATA
section BSS
The executable uses a known packer (1 个事件)
packer BobSoft Mini Delphi -> BoB / BobSoft
One or more processes crashed (2 个事件)
Time & API Arguments Status Return Repeated
1619814088.642
__exception__
stacktrace: 
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 35061568
registers.edi: 0
registers.eax: 0
registers.ebp: 35061640
registers.edx: 41
registers.ebx: 0
registers.esi: 0
registers.ecx: 642
exception.instruction_r: f7 f0 33 c0 5a 59 59 64 89 10 eb 6c e9 f6 ea fa
exception.symbol: a368783eaf8d383515b46ea0d63fa2ec+0x54aad
exception.instruction: div eax
exception.module: a368783eaf8d383515b46ea0d63fa2ec.exe
exception.exception_code: 0xc0000094
exception.offset: 346797
exception.address: 0x454aad
success 0 0
1619814091.76725
__exception__
stacktrace: 
CreateFileMappingW+0xe5 OpenFileMappingW-0x29 kernelbase+0xdc73 @ 0x778edc73
GetFileVersion+0xa7 ND_RI2-0x2eb mscoreei+0xe97b @ 0x73aae97b
GetFileVersion+0x1bb ND_RI2-0x1d7 mscoreei+0xea8f @ 0x73aaea8f
RegisterShimImplCallback+0x48e5 CLRCreateInstance-0x13e6 mscoreei+0xb25a @ 0x73aab25a
RegisterShimImplCallback+0x4b52 CLRCreateInstance-0x1179 mscoreei+0xb4c7 @ 0x73aab4c7
RegisterShimImplCallback+0x4300 CLRCreateInstance-0x19cb mscoreei+0xac75 @ 0x73aaac75
RegisterShimImplCallback+0x4561 CLRCreateInstance-0x176a mscoreei+0xaed6 @ 0x73aaaed6
CreateConfigStream+0xc89 _CorExeMain-0x62 mscoreei+0x5511 @ 0x73aa5511
_CorExeMain+0x2b _CorExeMain2-0x141 mscoreei+0x559e @ 0x73aa559e
CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x74167f16
_CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x74164de3
a368783eaf8d383515b46ea0d63fa2ec+0x58a4d @ 0x458a4d
a368783eaf8d383515b46ea0d63fa2ec+0x51254 @ 0x451254
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1634372
registers.edi: 2
registers.eax: 1
registers.ebp: 1634412
registers.edx: 228
registers.ebx: 983045
registers.esi: 1634532
registers.ecx: 228
exception.symbol:
exception.exception_code: 0xc0000005
exception.address: 0xfe7d14ad
success 0 0
行为判定
动态指标
One or more potentially interesting buffers were extracted, these generally contain injected code, configuration data, etc.
Allocates read-write-execute memory (usually to unpack itself) (30 个事件)
Time & API Arguments Status Return Repeated
1619814088.22
NtAllocateVirtualMemory
process_identifier: 420
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x003e0000
success 0 0
1619814088.642
NtAllocateVirtualMemory
process_identifier: 420
region_size: 57344
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00690000
success 0 0
1619814088.657
NtAllocateVirtualMemory
process_identifier: 420
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x006e0000
success 0 0
1619814089.84525
NtProtectVirtualMemory
process_identifier: 2952
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00400000
success 0 0
1619814090.67325
NtAllocateVirtualMemory
process_identifier: 2952
region_size: 655360
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 8192 (MEM_RESERVE)
base_address: 0x01df0000
success 0 0
1619814090.67325
NtAllocateVirtualMemory
process_identifier: 2952
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x01e50000
success 0 0
1619814090.67325
NtAllocateVirtualMemory
process_identifier: 2952
region_size: 327680
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00640000
success 0 0
1619814090.67325
NtProtectVirtualMemory
process_identifier: 2952
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 303104
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00642000
success 0 0
1619814091.12625
NtAllocateVirtualMemory
process_identifier: 2952
region_size: 2031616
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 8192 (MEM_RESERVE)
base_address: 0x020b0000
success 0 0
1619814091.12625
NtAllocateVirtualMemory
process_identifier: 2952
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x02260000
success 0 0
1619814091.75125
NtProtectVirtualMemory
process_identifier: 2952
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x01fb2000
success 0 0
1619814091.75125
NtProtectVirtualMemory
process_identifier: 2952
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76351000
success 0 0
1619814091.75125
NtProtectVirtualMemory
process_identifier: 2952
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x01fb2000
success 0 0
1619814091.75125
NtProtectVirtualMemory
process_identifier: 2952
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76353000
success 0 0
1619814091.75125
NtProtectVirtualMemory
process_identifier: 2952
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x01fb2000
success 0 0
1619814091.75125
NtProtectVirtualMemory
process_identifier: 2952
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76354000
success 0 0
1619814091.75125
NtProtectVirtualMemory
process_identifier: 2952
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x01fb2000
success 0 0
1619814091.75125
NtProtectVirtualMemory
process_identifier: 2952
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76351000
success 0 0
1619814091.75125
NtProtectVirtualMemory
process_identifier: 2952
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x01fb2000
success 0 0
1619814091.75125
NtProtectVirtualMemory
process_identifier: 2952
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x77d4f000
success 0 0
1619814091.75125
NtProtectVirtualMemory
process_identifier: 2952
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x01fb2000
success 0 0
1619814091.75125
NtProtectVirtualMemory
process_identifier: 2952
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76353000
success 0 0
1619814091.75125
NtProtectVirtualMemory
process_identifier: 2952
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x01fb2000
success 0 0
1619814091.75125
NtProtectVirtualMemory
process_identifier: 2952
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76351000
success 0 0
1619814091.75125
NtProtectVirtualMemory
process_identifier: 2952
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x01fb2000
success 0 0
1619814091.75125
NtProtectVirtualMemory
process_identifier: 2952
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76351000
success 0 0
1619814091.75125
NtProtectVirtualMemory
process_identifier: 2952
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x01fb2000
success 0 0
1619814091.75125
NtProtectVirtualMemory
process_identifier: 2952
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76354000
success 0 0
1619814091.75125
NtProtectVirtualMemory
process_identifier: 2952
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x01fb2000
success 0 0
1619814091.75125
NtProtectVirtualMemory
process_identifier: 2952
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76351000
success 0 0
The binary likely contains encrypted or compressed data indicative of a packer (3 个事件)
entropy 7.622180586241439 section {'size_of_data': '0x0000f000', 'virtual_address': '0x00055000', 'entropy': 7.622180586241439, 'name': 'DATA', 'virtual_size': '0x0000eea0'} description A section with a high entropy has been found
entropy 7.486916060761176 section {'size_of_data': '0x00040600', 'virtual_address': '0x00071000', 'entropy': 7.486916060761176, 'name': '.rsrc', 'virtual_size': '0x00040514'} description A section with a high entropy has been found
entropy 0.4618181818181818 description Overall entropy of this PE file is high
网络通信
Communicates with host for which no DNS query was performed (1 个事件)
host 172.217.24.14
Used NtSetContextThread to modify a thread in a remote process indicative of process injection (2 个事件)
Process injection Process 420 called NtSetContextThread to modify thread in remote process 2952
Time & API Arguments Status Return Repeated
1619814089.392
NtSetContextThread
thread_handle: 0x0000010c
registers.eip: 0
registers.esp: 0
registers.edi: 0
registers.eax: 4896944
registers.ebp: 0
registers.edx: 0
registers.ebx: 2130567168
registers.esi: 0
registers.ecx: 0
process_identifier: 2952
success 0 0
Resumed a suspended thread in a remote process potentially indicative of process injection (2 个事件)
Process injection Process 420 resumed a thread in remote process 2952
Time & API Arguments Status Return Repeated
1619814089.704
NtResumeThread
thread_handle: 0x0000010c
suspend_count: 1
process_identifier: 2952
success 0 0
Executed a process and injected code into it, probably while unpacking (6 个事件)
Time & API Arguments Status Return Repeated
1619814089.361
CreateProcessInternalW
thread_identifier: 368
thread_handle: 0x0000010c
process_identifier: 2952
current_directory:
filepath:
track: 1
command_line: "C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\a368783eaf8d383515b46ea0d63fa2ec.exe"
filepath_r:
stack_pivoted: 0
creation_flags: 4 (CREATE_SUSPENDED)
process_handle: 0x00000110
inherit_handles: 0
success 1 0
1619814089.361
NtUnmapViewOfSection
process_identifier: 2952
region_size: 4096
process_handle: 0x00000110
base_address: 0x00400000
success 0 0
1619814089.361
NtMapViewOfSection
section_handle: 0x00000118
process_identifier: 2952
commit_size: 708608
win32_protect: 64 (PAGE_EXECUTE_READWRITE)
buffer:
process_handle: 0x00000110
allocation_type: 0 ()
section_offset: 0
view_size: 708608
base_address: 0x00400000
success 0 0
1619814089.392
NtGetContextThread
thread_handle: 0x0000010c
success 0 0
1619814089.392
NtSetContextThread
thread_handle: 0x0000010c
registers.eip: 0
registers.esp: 0
registers.edi: 0
registers.eax: 4896944
registers.ebp: 0
registers.edx: 0
registers.ebx: 2130567168
registers.esi: 0
registers.ecx: 0
process_identifier: 2952
success 0 0
1619814089.704
NtResumeThread
thread_handle: 0x0000010c
suspend_count: 1
process_identifier: 2952
success 0 0
File has been identified by 59 AntiVirus engines on VirusTotal as malicious (50 out of 59 个事件)
Bkav W32.AIDetectVM.malware1
Elastic malicious (high confidence)
MicroWorld-eScan Trojan.GenericKD.33744276
McAfee Fareit-FSK!A368783EAF8D
Cylance Unsafe
Zillya Trojan.Injector.Win32.718521
Sangfor Malware
K7AntiVirus Riskware ( 0040eff71 )
Alibaba Trojan:Win32/DelfInject.ali2000015
K7GW Riskware ( 0040eff71 )
CrowdStrike win/malicious_confidence_90% (W)
Cyren W32/Delf.RKKK-1747
Symantec Trojan.Gen.MBT
APEX Malicious
Avast Win32:PWSX-gen [Trj]
ClamAV Win.Dropper.LokiBot-7726665-0
Kaspersky HEUR:Trojan.Win32.Kryptik.gen
BitDefender Trojan.GenericKD.33744276
NANO-Antivirus Trojan.Win32.TrjGen.hjotcj
Paloalto generic.ml
Ad-Aware Trojan.GenericKD.33744276
Sophos ML/PE-A + Mal/Fareit-AA
Comodo Malware@#2bqsswc63nfg9
F-Secure Heuristic.HEUR/AGEN.1136310
DrWeb Trojan.Siggen9.43222
VIPRE Trojan.Win32.Generic!BT
TrendMicro TROJ_GEN.R06EC0DI220
McAfee-GW-Edition BehavesLike.Win32.Fareit.jc
FireEye Generic.mg.a368783eaf8d3835
Emsisoft Trojan.GenericKD.33744276 (B)
SentinelOne Static AI - Suspicious PE
GData Trojan.GenericKD.33744276
Jiangmin Trojan.Kryptik.aqd
Webroot W32.Trojan.Gen
Avira HEUR/AGEN.1136310
eGambit Unsafe.AI_Score_99%
Antiy-AVL Trojan/Win32.Wacatac
Arcabit Trojan.Generic.D202E594
AegisLab Trojan.Win32.Kryptik.4!c
ZoneAlarm HEUR:Trojan.Win32.Kryptik.gen
Microsoft Trojan:Win32/Fareit.JS!MTB
Cynet Malicious (score: 90)
AhnLab-V3 Suspicious/Win.Delphiless.X2059
ALYac Trojan.GenericKD.33744276
MAX malware (ai score=82)
VBA32 Trojan.Kryptik
Malwarebytes Spyware.AgentTesla
ESET-NOD32 a variant of Win32/Injector.ELUS
TrendMicro-HouseCall TROJ_GEN.R06EC0DI220
Rising Trojan.Injector!1.CB27 (CLASSIC)
Connects to IP addresses that are no longer responding to requests (legitimate services will remain up-and-running usually) (2 个事件)
dead_host 172.217.24.14:443
dead_host 172.217.160.110:443
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

1992-06-20 06:22:17

Imports

Library kernel32.dll:
0x465164 VirtualFree
0x465168 VirtualAlloc
0x46516c LocalFree
0x465170 LocalAlloc
0x465174 GetVersion
0x465178 GetCurrentThreadId
0x465184 VirtualQuery
0x465188 WideCharToMultiByte
0x46518c MultiByteToWideChar
0x465190 lstrlenA
0x465194 lstrcpynA
0x465198 LoadLibraryExA
0x46519c GetThreadLocale
0x4651a0 GetStartupInfoA
0x4651a4 GetProcAddress
0x4651a8 GetModuleHandleA
0x4651ac GetModuleFileNameA
0x4651b0 GetLocaleInfoA
0x4651b4 GetCommandLineA
0x4651b8 FreeLibrary
0x4651bc FindFirstFileA
0x4651c0 FindClose
0x4651c4 ExitProcess
0x4651c8 ExitThread
0x4651cc CreateThread
0x4651d0 WriteFile
0x4651d8 RtlUnwind
0x4651dc RaiseException
0x4651e0 GetStdHandle
Library user32.dll:
0x4651e8 GetKeyboardType
0x4651ec LoadStringA
0x4651f0 MessageBoxA
0x4651f4 CharNextA
Library advapi32.dll:
0x4651fc RegQueryValueExA
0x465200 RegOpenKeyExA
0x465204 RegCloseKey
Library oleaut32.dll:
0x46520c SysFreeString
0x465210 SysReAllocStringLen
0x465214 SysAllocStringLen
Library kernel32.dll:
0x46521c TlsSetValue
0x465220 TlsGetValue
0x465224 LocalAlloc
0x465228 GetModuleHandleA
Library advapi32.dll:
0x465230 RegQueryValueExA
0x465234 RegOpenKeyExA
0x465238 RegCloseKey
Library kernel32.dll:
0x465240 lstrcpyA
0x465244 WriteFile
0x46524c WaitForSingleObject
0x465254 VirtualQuery
0x465258 VirtualAlloc
0x46525c Sleep
0x465260 SizeofResource
0x465264 SetThreadLocale
0x465268 SetFilePointer
0x46526c SetEvent
0x465270 SetErrorMode
0x465274 SetEndOfFile
0x465278 ResumeThread
0x46527c ResetEvent
0x465280 ReleaseMutex
0x465284 ReadFile
0x465288 MultiByteToWideChar
0x46528c MulDiv
0x465290 LockResource
0x465294 LoadResource
0x465298 LoadLibraryA
0x4652a4 GlobalUnlock
0x4652a8 GlobalReAlloc
0x4652ac GlobalHandle
0x4652b0 GlobalLock
0x4652b4 GlobalFree
0x4652b8 GlobalFindAtomA
0x4652bc GlobalDeleteAtom
0x4652c0 GlobalAlloc
0x4652c4 GlobalAddAtomA
0x4652c8 GetVersionExA
0x4652cc GetVersion
0x4652d0 GetTickCount
0x4652d4 GetThreadLocale
0x4652dc GetSystemTime
0x4652e0 GetSystemInfo
0x4652e4 GetStringTypeExA
0x4652e8 GetStdHandle
0x4652ec GetProcAddress
0x4652f0 GetModuleHandleA
0x4652f4 GetModuleFileNameA
0x4652f8 GetLocaleInfoA
0x4652fc GetLocalTime
0x465300 GetLastError
0x465304 GetFullPathNameA
0x465308 GetExitCodeThread
0x46530c GetDiskFreeSpaceA
0x465310 GetDateFormatA
0x465314 GetCurrentThreadId
0x465318 GetCurrentProcessId
0x46531c GetCPInfo
0x465320 GetACP
0x465324 FreeResource
0x46532c InterlockedExchange
0x465334 FreeLibrary
0x465338 FormatMessageA
0x46533c FindResourceA
0x465350 ExitThread
0x465354 EnumCalendarInfoA
0x465360 CreateThread
0x465364 CreateMutexA
0x465368 CreateFileA
0x46536c CreateEventA
0x465370 CompareStringA
0x465374 CloseHandle
Library version.dll:
0x46537c VerQueryValueA
0x465384 GetFileVersionInfoA
Library gdi32.dll:
0x46538c UnrealizeObject
0x465390 StretchBlt
0x465394 SetWindowOrgEx
0x465398 SetViewportOrgEx
0x46539c SetTextColor
0x4653a0 SetStretchBltMode
0x4653a4 SetROP2
0x4653a8 SetPixel
0x4653ac SetDIBColorTable
0x4653b0 SetBrushOrgEx
0x4653b4 SetBkMode
0x4653b8 SetBkColor
0x4653bc SetArcDirection
0x4653c0 SelectPalette
0x4653c4 SelectObject
0x4653c8 SaveDC
0x4653cc RestoreDC
0x4653d0 Rectangle
0x4653d4 RectVisible
0x4653d8 RealizePalette
0x4653dc PatBlt
0x4653e0 MoveToEx
0x4653e4 MaskBlt
0x4653e8 LineTo
0x4653ec IntersectClipRect
0x4653f0 GetWindowOrgEx
0x4653f4 GetTextMetricsA
0x465400 GetStockObject
0x465404 GetPixel
0x465408 GetPaletteEntries
0x46540c GetObjectA
0x465410 GetDeviceCaps
0x465414 GetDIBits
0x465418 GetDIBColorTable
0x46541c GetDCOrgEx
0x465424 GetClipBox
0x465428 GetBrushOrgEx
0x46542c GetBitmapBits
0x465430 ExcludeClipRect
0x465434 DeleteObject
0x465438 DeleteDC
0x46543c CreateSolidBrush
0x465440 CreatePenIndirect
0x465444 CreatePen
0x465448 CreatePalette
0x465450 CreateFontIndirectA
0x465454 CreateDIBitmap
0x465458 CreateDIBSection
0x46545c CreateCompatibleDC
0x465464 CreateBrushIndirect
0x465468 CreateBitmap
0x46546c BitBlt
Library user32.dll:
0x465474 CreateWindowExA
0x465478 WindowFromPoint
0x46547c WinHelpA
0x465480 WaitMessage
0x465484 ValidateRect
0x465488 UpdateWindow
0x46548c UnregisterClassA
0x465490 UnhookWindowsHookEx
0x465494 TranslateMessage
0x46549c TrackPopupMenu
0x4654a4 ShowWindow
0x4654a8 ShowScrollBar
0x4654ac ShowOwnedPopups
0x4654b0 ShowCursor
0x4654b4 SetWindowsHookExA
0x4654b8 SetWindowPos
0x4654bc SetWindowPlacement
0x4654c0 SetWindowLongA
0x4654c4 SetTimer
0x4654c8 SetScrollRange
0x4654cc SetScrollPos
0x4654d0 SetScrollInfo
0x4654d4 SetRect
0x4654d8 SetPropA
0x4654dc SetParent
0x4654e0 SetMenuItemInfoA
0x4654e4 SetMenu
0x4654e8 SetForegroundWindow
0x4654ec SetFocus
0x4654f0 SetCursor
0x4654f4 SetClassLongA
0x4654f8 SetCapture
0x4654fc SetActiveWindow
0x465500 SendMessageA
0x465504 ScrollWindow
0x465508 ScreenToClient
0x46550c RemovePropA
0x465510 RemoveMenu
0x465514 ReleaseDC
0x465518 ReleaseCapture
0x465524 RegisterClassA
0x465528 RedrawWindow
0x46552c PtInRect
0x465530 PostQuitMessage
0x465534 PostMessageA
0x465538 PeekMessageA
0x46553c OffsetRect
0x465540 OemToCharA
0x465548 MessageBoxA
0x46554c MapWindowPoints
0x465550 MapVirtualKeyA
0x465554 LoadStringA
0x465558 LoadKeyboardLayoutA
0x46555c LoadIconA
0x465560 LoadCursorA
0x465564 LoadBitmapA
0x465568 KillTimer
0x46556c IsZoomed
0x465570 IsWindowVisible
0x465574 IsWindowEnabled
0x465578 IsWindow
0x46557c IsRectEmpty
0x465580 IsIconic
0x465584 IsDialogMessageA
0x465588 IsChild
0x46558c InvalidateRect
0x465590 IntersectRect
0x465594 InsertMenuItemA
0x465598 InsertMenuA
0x46559c InflateRect
0x4655a4 GetWindowTextA
0x4655a8 GetWindowRect
0x4655ac GetWindowPlacement
0x4655b0 GetWindowLongA
0x4655b4 GetWindowDC
0x4655b8 GetTopWindow
0x4655bc GetSystemMetrics
0x4655c0 GetSystemMenu
0x4655c4 GetSysColorBrush
0x4655c8 GetSysColor
0x4655cc GetSubMenu
0x4655d0 GetScrollRange
0x4655d4 GetScrollPos
0x4655d8 GetScrollInfo
0x4655dc GetPropA
0x4655e0 GetParent
0x4655e4 GetWindow
0x4655e8 GetMenuStringA
0x4655ec GetMenuState
0x4655f0 GetMenuItemInfoA
0x4655f4 GetMenuItemID
0x4655f8 GetMenuItemCount
0x4655fc GetMenu
0x465600 GetLastActivePopup
0x465604 GetKeyboardState
0x46560c GetKeyboardLayout
0x465610 GetKeyState
0x465614 GetKeyNameTextA
0x465618 GetIconInfo
0x46561c GetForegroundWindow
0x465620 GetFocus
0x465624 GetDesktopWindow
0x465628 GetDCEx
0x46562c GetDC
0x465630 GetCursorPos
0x465634 GetCursor
0x465638 GetClientRect
0x46563c GetClassNameA
0x465640 GetClassInfoA
0x465644 GetCapture
0x465648 GetActiveWindow
0x46564c FrameRect
0x465650 FindWindowA
0x465654 FillRect
0x465658 EqualRect
0x46565c EnumWindows
0x465660 EnumThreadWindows
0x465664 EndPaint
0x465668 EnableWindow
0x46566c EnableScrollBar
0x465670 EnableMenuItem
0x465674 DrawTextA
0x465678 DrawMenuBar
0x46567c DrawIconEx
0x465680 DrawIcon
0x465684 DrawFrameControl
0x465688 DrawEdge
0x46568c DispatchMessageA
0x465690 DestroyWindow
0x465694 DestroyMenu
0x465698 DestroyIcon
0x46569c DestroyCursor
0x4656a0 DeleteMenu
0x4656a4 DefWindowProcA
0x4656a8 DefMDIChildProcA
0x4656ac DefFrameProcA
0x4656b0 CreatePopupMenu
0x4656b4 CreateMenu
0x4656b8 CreateIcon
0x4656bc ClientToScreen
0x4656c0 CheckMenuItem
0x4656c4 CallWindowProcA
0x4656c8 CallNextHookEx
0x4656cc BeginPaint
0x4656d0 CharNextA
0x4656d4 CharLowerA
0x4656d8 CharToOemA
0x4656dc AdjustWindowRectEx
Library kernel32.dll:
0x4656e8 Sleep
Library oleaut32.dll:
0x4656f0 SafeArrayPtrOfIndex
0x4656f4 SafeArrayGetUBound
0x4656f8 SafeArrayGetLBound
0x4656fc SafeArrayCreate
0x465700 VariantChangeType
0x465704 VariantCopy
0x465708 VariantClear
0x46570c VariantInit
Library ole32.dll:
0x465714 OleUninitialize
0x465718 OleInitialize
0x46571c CoUninitialize
0x465720 CoInitialize
Library oleaut32.dll:
0x465728 GetErrorInfo
0x46572c SysFreeString
Library comctl32.dll:
0x46573c ImageList_Write
0x465740 ImageList_Read
0x465750 ImageList_DragMove
0x465754 ImageList_DragLeave
0x465758 ImageList_DragEnter
0x46575c ImageList_EndDrag
0x465760 ImageList_BeginDrag
0x465764 ImageList_Remove
0x465768 ImageList_DrawEx
0x46576c ImageList_Draw
0x46577c ImageList_Add
0x465784 ImageList_Destroy
0x465788 ImageList_Create
0x46578c InitCommonControls
Library shell32.dll:
0x465798 SHGetMalloc
0x46579c SHGetDesktopFolder

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 50002 114.114.114.114 53
192.168.56.101 51808 114.114.114.114 53
192.168.56.101 60123 114.114.114.114 53
192.168.56.101 60215 114.114.114.114 53
192.168.56.101 63429 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 123 20.189.79.72 time.windows.com 123
192.168.56.101 51378 224.0.0.252 5355
192.168.56.101 53237 224.0.0.252 5355
192.168.56.101 55368 224.0.0.252 5355
192.168.56.101 56539 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 58367 224.0.0.252 5355
192.168.56.101 60384 224.0.0.252 5355
192.168.56.101 62318 224.0.0.252 5355
192.168.56.101 65004 224.0.0.252 5355
192.168.56.101 1900 239.255.255.250 1900
192.168.56.101 56544 239.255.255.250 1900
192.168.56.101 56546 239.255.255.250 3702

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.