7.2
高危
52 个模型检测该样本为恶意!
重新分析
更多

6c23d5aac98c05cf9faca072f1875f7fcde253a4a782dda7d897681bda6f92d9

a5324a9451e030a35c2d1f7e135f63fd.exe

分析耗时

44s

最近分析

文件大小

673.5KB
静态报毒 动态报毒 100% AI SCORE=87 AVSARHER BIXN BTOMTW CLOUD CONFIDENCE DELPHILESS EHDJ EMGH FAREIT GDSDA GENERICKD HIGH CONFIDENCE HKYMSB KRYPTIK LKNA LOKIBOT MODERATE OCCAMY SCORE SUSPICIOUS PE THFOEBO UNSAFE WACATAC X2066 YYSJB 更多
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
Alibaba Trojan:Win32/Kryptik.c545202c 20190527 0.3.0.5
Baidu 20190318 1.0.0.2
Avast Win32:Malware-gen 20200608 18.4.3895.0
Tencent Win32.Trojan.Kryptik.Lkna 20200608 1.0.0.1
Kingsoft 20200608 2013.8.14.323
McAfee Fareit-FTB!A5324A9451E0 20200608 6.0.6.653
CrowdStrike win/malicious_confidence_100% (W) 20190702 1.0
静态指标
The executable contains unknown PE section names indicative of a packer (could be a false positive) (3 个事件)
section CODE
section DATA
section BSS
The executable uses a known packer (1 个事件)
packer BobSoft Mini Delphi -> BoB / BobSoft
One or more processes crashed (2 个事件)
Time & API Arguments Status Return Repeated
1619781445.890625
__exception__
stacktrace: 
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 48824128
registers.edi: 0
registers.eax: 0
registers.ebp: 48824200
registers.edx: 17
registers.ebx: 1983206444
registers.esi: 0
registers.ecx: 0
exception.instruction_r: f7 f0 33 c0 5a 59 59 64 89 10 e9 79 77 00 00 e9
exception.symbol: a5324a9451e030a35c2d1f7e135f63fd+0x5a9c8
exception.instruction: div eax
exception.module: a5324a9451e030a35c2d1f7e135f63fd.exe
exception.exception_code: 0xc0000094
exception.offset: 371144
exception.address: 0x45a9c8
success 0 0
1619781451.93725
__exception__
stacktrace: 
CreateFileMappingW+0xe5 OpenFileMappingW-0x29 kernelbase+0xdc73 @ 0x778edc73
GetFileVersion+0xa7 ND_RI2-0x2eb mscoreei+0xe97b @ 0x73aae97b
GetFileVersion+0x1bb ND_RI2-0x1d7 mscoreei+0xea8f @ 0x73aaea8f
RegisterShimImplCallback+0x48e5 CLRCreateInstance-0x13e6 mscoreei+0xb25a @ 0x73aab25a
RegisterShimImplCallback+0x4b52 CLRCreateInstance-0x1179 mscoreei+0xb4c7 @ 0x73aab4c7
RegisterShimImplCallback+0x4300 CLRCreateInstance-0x19cb mscoreei+0xac75 @ 0x73aaac75
RegisterShimImplCallback+0x4561 CLRCreateInstance-0x176a mscoreei+0xaed6 @ 0x73aaaed6
CreateConfigStream+0xc89 _CorExeMain-0x62 mscoreei+0x5511 @ 0x73aa5511
_CorExeMain+0x2b _CorExeMain2-0x141 mscoreei+0x559e @ 0x73aa559e
CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x74167f16
_CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x74164de3
a5324a9451e030a35c2d1f7e135f63fd+0x5aa4d @ 0x45aa4d
a5324a9451e030a35c2d1f7e135f63fd+0x53254 @ 0x453254
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1634372
registers.edi: 2
registers.eax: 1
registers.ebp: 1634412
registers.edx: 228
registers.ebx: 983045
registers.esi: 1634532
registers.ecx: 228
exception.symbol:
exception.exception_code: 0xc0000005
exception.address: 0xfe6614ad
success 0 0
行为判定
动态指标
One or more potentially interesting buffers were extracted, these generally contain injected code, configuration data, etc.
Allocates read-write-execute memory (usually to unpack itself) (30 个事件)
Time & API Arguments Status Return Repeated
1619781445.828625
NtAllocateVirtualMemory
process_identifier: 520
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x01cb0000
success 0 0
1619781445.890625
NtProtectVirtualMemory
process_identifier: 520
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 32768
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x0045a000
success 0 0
1619781445.890625
NtAllocateVirtualMemory
process_identifier: 520
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x01f60000
success 0 0
1619781447.98425
NtProtectVirtualMemory
process_identifier: 2040
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00400000
success 0 0
1619781448.18725
NtAllocateVirtualMemory
process_identifier: 2040
region_size: 1048576
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 8192 (MEM_RESERVE)
base_address: 0x01e50000
success 0 0
1619781448.18725
NtAllocateVirtualMemory
process_identifier: 2040
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x01f10000
success 0 0
1619781448.18725
NtAllocateVirtualMemory
process_identifier: 2040
region_size: 335872
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x01e50000
success 0 0
1619781448.18725
NtProtectVirtualMemory
process_identifier: 2040
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 307200
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x01e52000
success 0 0
1619781448.89025
NtAllocateVirtualMemory
process_identifier: 2040
region_size: 1310720
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 8192 (MEM_RESERVE)
base_address: 0x02160000
success 0 0
1619781448.89025
NtAllocateVirtualMemory
process_identifier: 2040
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x02260000
success 0 0
1619781451.92225
NtProtectVirtualMemory
process_identifier: 2040
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x01e42000
success 0 0
1619781451.92225
NtProtectVirtualMemory
process_identifier: 2040
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76351000
success 0 0
1619781451.92225
NtProtectVirtualMemory
process_identifier: 2040
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x01e42000
success 0 0
1619781451.92225
NtProtectVirtualMemory
process_identifier: 2040
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76353000
success 0 0
1619781451.92225
NtProtectVirtualMemory
process_identifier: 2040
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x01e42000
success 0 0
1619781451.92225
NtProtectVirtualMemory
process_identifier: 2040
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76354000
success 0 0
1619781451.92225
NtProtectVirtualMemory
process_identifier: 2040
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x01e42000
success 0 0
1619781451.92225
NtProtectVirtualMemory
process_identifier: 2040
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76351000
success 0 0
1619781451.92225
NtProtectVirtualMemory
process_identifier: 2040
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x01e42000
success 0 0
1619781451.92225
NtProtectVirtualMemory
process_identifier: 2040
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x77d4f000
success 0 0
1619781451.92225
NtProtectVirtualMemory
process_identifier: 2040
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x01e42000
success 0 0
1619781451.92225
NtProtectVirtualMemory
process_identifier: 2040
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76353000
success 0 0
1619781451.92225
NtProtectVirtualMemory
process_identifier: 2040
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x01e42000
success 0 0
1619781451.92225
NtProtectVirtualMemory
process_identifier: 2040
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76351000
success 0 0
1619781451.92225
NtProtectVirtualMemory
process_identifier: 2040
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x01e42000
success 0 0
1619781451.92225
NtProtectVirtualMemory
process_identifier: 2040
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76351000
success 0 0
1619781451.92225
NtProtectVirtualMemory
process_identifier: 2040
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x01e42000
success 0 0
1619781451.92225
NtProtectVirtualMemory
process_identifier: 2040
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76354000
success 0 0
1619781451.92225
NtProtectVirtualMemory
process_identifier: 2040
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x01e42000
success 0 0
1619781451.92225
NtProtectVirtualMemory
process_identifier: 2040
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76351000
success 0 0
Searches running processes potentially to identify processes for sandbox evasion, code injection or memory dumping (1 个事件)
The binary likely contains encrypted or compressed data indicative of a packer (2 个事件)
entropy 7.625727635791506 section {'size_of_data': '0x0003ca00', 'virtual_address': '0x00072000', 'entropy': 7.625727635791506, 'name': '.rsrc', 'virtual_size': '0x0003c918'} description A section with a high entropy has been found
entropy 0.36059479553903345 description Overall entropy of this PE file is high
网络通信
Communicates with host for which no DNS query was performed (1 个事件)
host 172.217.24.14
Used NtSetContextThread to modify a thread in a remote process indicative of process injection (2 个事件)
Process injection Process 520 called NtSetContextThread to modify thread in remote process 2040
Time & API Arguments Status Return Repeated
1619781445.984625
NtSetContextThread
thread_handle: 0x000000fc
registers.eip: 0
registers.esp: 0
registers.edi: 0
registers.eax: 4907136
registers.ebp: 0
registers.edx: 0
registers.ebx: 2130567168
registers.esi: 0
registers.ecx: 0
process_identifier: 2040
success 0 0
Resumed a suspended thread in a remote process potentially indicative of process injection (2 个事件)
Process injection Process 520 resumed a thread in remote process 2040
Time & API Arguments Status Return Repeated
1619781446.094625
NtResumeThread
thread_handle: 0x000000fc
suspend_count: 1
process_identifier: 2040
success 0 0
Connects to an IP address that is no longer responding to requests (legitimate services will remain up-and-running usually) (1 个事件)
dead_host 172.217.160.78:443
Executed a process and injected code into it, probably while unpacking (6 个事件)
Time & API Arguments Status Return Repeated
1619781445.969625
CreateProcessInternalW
thread_identifier: 1688
thread_handle: 0x000000fc
process_identifier: 2040
current_directory:
filepath:
track: 1
command_line: "C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\a5324a9451e030a35c2d1f7e135f63fd.exe"
filepath_r:
stack_pivoted: 0
creation_flags: 4 (CREATE_SUSPENDED)
process_handle: 0x00000100
inherit_handles: 0
success 1 0
1619781445.969625
NtUnmapViewOfSection
process_identifier: 2040
region_size: 4096
process_handle: 0x00000100
base_address: 0x00400000
success 0 0
1619781445.969625
NtMapViewOfSection
section_handle: 0x00000108
process_identifier: 2040
commit_size: 720896
win32_protect: 64 (PAGE_EXECUTE_READWRITE)
buffer:
process_handle: 0x00000100
allocation_type: 0 ()
section_offset: 0
view_size: 720896
base_address: 0x00400000
success 0 0
1619781445.984625
NtGetContextThread
thread_handle: 0x000000fc
success 0 0
1619781445.984625
NtSetContextThread
thread_handle: 0x000000fc
registers.eip: 0
registers.esp: 0
registers.edi: 0
registers.eax: 4907136
registers.ebp: 0
registers.edx: 0
registers.ebx: 2130567168
registers.esi: 0
registers.ecx: 0
process_identifier: 2040
success 0 0
1619781446.094625
NtResumeThread
thread_handle: 0x000000fc
suspend_count: 1
process_identifier: 2040
success 0 0
File has been identified by 52 AntiVirus engines on VirusTotal as malicious (50 out of 52 个事件)
MicroWorld-eScan Trojan.GenericKD.33970100
FireEye Generic.mg.a5324a9451e030a3
CAT-QuickHeal Trojan.Multi
ALYac Trojan.GenericKD.33970100
Cylance Unsafe
K7AntiVirus Trojan ( 005680341 )
Alibaba Trojan:Win32/Kryptik.c545202c
K7GW Trojan ( 005680341 )
Cybereason malicious.7f9ca3
Arcabit Trojan.Generic.D20657B4
Invincea heuristic
BitDefenderTheta AI:Packer.1210C22D21
F-Prot W32/Injector.JDL
Symantec Infostealer.Lokibot!43
APEX Malicious
Avast Win32:Malware-gen
Kaspersky HEUR:Trojan.Win32.Kryptik.gen
BitDefender Trojan.GenericKD.33970100
NANO-Antivirus Trojan.Win32.Stealer.hkymsb
Paloalto generic.ml
Tencent Win32.Trojan.Kryptik.Lkna
Endgame malicious (high confidence)
Sophos Mal/Generic-S
F-Secure Trojan.TR/Dropper.yysjb
DrWeb Trojan.PWS.Stealer.28586
VIPRE Trojan.Win32.Generic!BT
TrendMicro Trojan.Win32.WACATAC.THFOEBO
McAfee-GW-Edition BehavesLike.Win32.Fareit.jc
Trapmine malicious.moderate.ml.score
SentinelOne DFI - Suspicious PE
Cyren W32/Injector.BIXN-1132
Avira TR/Dropper.yysjb
eGambit Unsafe.AI_Score_99%
Microsoft Trojan:Win32/Occamy.C6C
ZoneAlarm HEUR:Trojan.Win32.Kryptik.gen
GData Trojan.GenericKD.33970100
AhnLab-V3 Suspicious/Win.Delphiless.X2066
Acronis suspicious
McAfee Fareit-FTB!A5324A9451E0
MAX malware (ai score=87)
Malwarebytes Trojan.MalPack.DLF
ESET-NOD32 a variant of Win32/Injector.EMGH
TrendMicro-HouseCall Trojan.Win32.WACATAC.THFOEBO
Rising Trojan.Injector!8.C4 (CLOUD)
Yandex Trojan.AvsArher.bTOmTw
Ikarus Trojan.Win32.Injector
Fortinet W32/Injector.EHDJ!tr
Ad-Aware Trojan.GenericKD.33970100
AVG Win32:Malware-gen
Panda Trj/GdSda.A
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

1992-06-20 06:22:17

Imports

Library kernel32.dll:
0x46613c VirtualFree
0x466140 VirtualAlloc
0x466144 LocalFree
0x466148 LocalAlloc
0x46614c GetVersion
0x466150 GetCurrentThreadId
0x46615c VirtualQuery
0x466160 WideCharToMultiByte
0x466164 MultiByteToWideChar
0x466168 lstrlenA
0x46616c lstrcpynA
0x466170 LoadLibraryExA
0x466174 GetThreadLocale
0x466178 GetStartupInfoA
0x46617c GetProcAddress
0x466180 GetModuleHandleA
0x466184 GetModuleFileNameA
0x466188 GetLocaleInfoA
0x46618c GetCommandLineA
0x466190 FreeLibrary
0x466194 FindFirstFileA
0x466198 FindClose
0x46619c ExitProcess
0x4661a0 WriteFile
0x4661a8 RtlUnwind
0x4661ac RaiseException
0x4661b0 GetStdHandle
Library user32.dll:
0x4661b8 GetKeyboardType
0x4661bc LoadStringA
0x4661c0 MessageBoxA
0x4661c4 CharNextA
Library advapi32.dll:
0x4661cc RegQueryValueExA
0x4661d0 RegOpenKeyExA
0x4661d4 RegCloseKey
Library oleaut32.dll:
0x4661dc SysFreeString
0x4661e0 SysReAllocStringLen
0x4661e4 SysAllocStringLen
Library kernel32.dll:
0x4661ec TlsSetValue
0x4661f0 TlsGetValue
0x4661f4 LocalAlloc
0x4661f8 GetModuleHandleA
Library advapi32.dll:
0x466200 RegQueryValueExA
0x466204 RegOpenKeyExA
0x466208 RegCloseKey
Library kernel32.dll:
0x466210 lstrcpyA
0x466214 WriteFile
0x46621c WaitForSingleObject
0x466220 VirtualQuery
0x466224 VirtualAlloc
0x466228 Sleep
0x46622c SizeofResource
0x466230 SetThreadLocale
0x466234 SetFilePointer
0x466238 SetEvent
0x46623c SetErrorMode
0x466240 SetEndOfFile
0x466244 ResetEvent
0x466248 ReadFile
0x46624c MulDiv
0x466250 LockResource
0x466254 LoadResource
0x466258 LoadLibraryA
0x466264 GlobalUnlock
0x466268 GlobalReAlloc
0x46626c GlobalHandle
0x466270 GlobalLock
0x466274 GlobalFree
0x466278 GlobalFindAtomA
0x46627c GlobalDeleteAtom
0x466280 GlobalAlloc
0x466284 GlobalAddAtomA
0x466288 GetVersionExA
0x46628c GetVersion
0x466290 GetTickCount
0x466294 GetThreadLocale
0x46629c GetSystemTime
0x4662a0 GetSystemInfo
0x4662a4 GetStringTypeExA
0x4662a8 GetStdHandle
0x4662ac GetProcAddress
0x4662b0 GetModuleHandleA
0x4662b4 GetModuleFileNameA
0x4662b8 GetLocaleInfoA
0x4662bc GetLocalTime
0x4662c0 GetLastError
0x4662c4 GetFullPathNameA
0x4662c8 GetFileAttributesA
0x4662cc GetDiskFreeSpaceA
0x4662d0 GetDateFormatA
0x4662d4 GetCurrentThreadId
0x4662d8 GetCurrentProcessId
0x4662dc GetCPInfo
0x4662e0 GetACP
0x4662e4 FreeResource
0x4662e8 InterlockedExchange
0x4662ec FreeLibrary
0x4662f0 FormatMessageA
0x4662f4 FindResourceA
0x4662f8 FindFirstFileA
0x4662fc FindClose
0x466308 ExitThread
0x46630c EnumCalendarInfoA
0x466318 CreateThread
0x46631c CreateFileA
0x466320 CreateEventA
0x466324 CompareStringA
0x466328 CloseHandle
Library version.dll:
0x466330 VerQueryValueA
0x466338 GetFileVersionInfoA
Library gdi32.dll:
0x466340 UnrealizeObject
0x466344 StretchBlt
0x466348 SetWindowOrgEx
0x46634c SetWinMetaFileBits
0x466350 SetViewportOrgEx
0x466354 SetTextColor
0x466358 SetStretchBltMode
0x46635c SetROP2
0x466360 SetPixel
0x466364 SetEnhMetaFileBits
0x466368 SetDIBColorTable
0x46636c SetBrushOrgEx
0x466370 SetBkMode
0x466374 SetBkColor
0x466378 SelectPalette
0x46637c SelectObject
0x466380 SelectClipRgn
0x466384 SaveDC
0x466388 RestoreDC
0x46638c Rectangle
0x466390 RectVisible
0x466394 RealizePalette
0x466398 Polyline
0x46639c PlayEnhMetaFile
0x4663a0 PatBlt
0x4663a4 MoveToEx
0x4663a8 MaskBlt
0x4663ac LineTo
0x4663b0 IntersectClipRect
0x4663b4 GetWindowOrgEx
0x4663b8 GetWinMetaFileBits
0x4663bc GetTextMetricsA
0x4663c8 GetStockObject
0x4663cc GetPixel
0x4663d0 GetPaletteEntries
0x4663d4 GetObjectA
0x4663e0 GetEnhMetaFileBits
0x4663e4 GetDeviceCaps
0x4663e8 GetDIBits
0x4663ec GetDIBColorTable
0x4663f0 GetDCOrgEx
0x4663f8 GetClipBox
0x4663fc GetBrushOrgEx
0x466400 GetBitmapBits
0x466404 ExcludeClipRect
0x466408 DeleteObject
0x46640c DeleteEnhMetaFile
0x466410 DeleteDC
0x466414 CreateSolidBrush
0x466418 CreatePenIndirect
0x46641c CreatePalette
0x466424 CreateFontIndirectA
0x466428 CreateDIBitmap
0x46642c CreateDIBSection
0x466430 CreateCompatibleDC
0x466438 CreateBrushIndirect
0x46643c CreateBitmap
0x466440 CopyEnhMetaFileA
0x466444 BitBlt
Library user32.dll:
0x46644c CreateWindowExA
0x466450 WindowFromPoint
0x466454 WinHelpA
0x466458 WaitMessage
0x46645c UpdateWindow
0x466460 UnregisterClassA
0x466464 UnhookWindowsHookEx
0x466468 TranslateMessage
0x466470 TrackPopupMenu
0x466478 ShowWindow
0x46647c ShowScrollBar
0x466480 ShowOwnedPopups
0x466484 ShowCursor
0x466488 SetWindowsHookExA
0x46648c SetWindowPos
0x466490 SetWindowPlacement
0x466494 SetWindowLongA
0x466498 SetTimer
0x46649c SetScrollRange
0x4664a0 SetScrollPos
0x4664a4 SetScrollInfo
0x4664a8 SetRect
0x4664ac SetPropA
0x4664b0 SetParent
0x4664b4 SetMenuItemInfoA
0x4664b8 SetMenu
0x4664bc SetForegroundWindow
0x4664c0 SetFocus
0x4664c4 SetCursor
0x4664c8 SetClassLongA
0x4664cc SetCapture
0x4664d0 SetActiveWindow
0x4664d4 SendMessageA
0x4664d8 ScrollWindow
0x4664dc ScreenToClient
0x4664e0 RemovePropA
0x4664e4 RemoveMenu
0x4664e8 ReleaseDC
0x4664ec ReleaseCapture
0x4664f8 RegisterClassA
0x4664fc RedrawWindow
0x466500 PtInRect
0x466504 PostQuitMessage
0x466508 PostMessageA
0x46650c PeekMessageA
0x466510 OffsetRect
0x466514 OemToCharA
0x466518 MessageBoxA
0x46651c MapWindowPoints
0x466520 MapVirtualKeyA
0x466524 LoadStringA
0x466528 LoadKeyboardLayoutA
0x46652c LoadIconA
0x466530 LoadCursorA
0x466534 LoadBitmapA
0x466538 KillTimer
0x46653c IsZoomed
0x466540 IsWindowVisible
0x466544 IsWindowEnabled
0x466548 IsWindow
0x46654c IsRectEmpty
0x466550 IsIconic
0x466554 IsDialogMessageA
0x466558 IsChild
0x46655c InvalidateRect
0x466560 IntersectRect
0x466564 InsertMenuItemA
0x466568 InsertMenuA
0x46656c InflateRect
0x466574 GetWindowTextA
0x466578 GetWindowRect
0x46657c GetWindowPlacement
0x466580 GetWindowLongA
0x466584 GetWindowDC
0x466588 GetTopWindow
0x46658c GetSystemMetrics
0x466590 GetSystemMenu
0x466594 GetSysColorBrush
0x466598 GetSysColor
0x46659c GetSubMenu
0x4665a0 GetScrollRange
0x4665a4 GetScrollPos
0x4665a8 GetScrollInfo
0x4665ac GetPropA
0x4665b0 GetParent
0x4665b4 GetWindow
0x4665b8 GetMenuStringA
0x4665bc GetMenuState
0x4665c0 GetMenuItemInfoA
0x4665c4 GetMenuItemID
0x4665c8 GetMenuItemCount
0x4665cc GetMenu
0x4665d0 GetLastActivePopup
0x4665d4 GetKeyboardState
0x4665dc GetKeyboardLayout
0x4665e0 GetKeyState
0x4665e4 GetKeyNameTextA
0x4665e8 GetIconInfo
0x4665ec GetForegroundWindow
0x4665f0 GetFocus
0x4665f4 GetDlgItem
0x4665f8 GetDesktopWindow
0x4665fc GetDCEx
0x466600 GetDC
0x466604 GetCursorPos
0x466608 GetCursor
0x46660c GetClipboardData
0x466610 GetClientRect
0x466614 GetClassNameA
0x466618 GetClassInfoA
0x46661c GetCapture
0x466620 GetActiveWindow
0x466624 FrameRect
0x466628 FindWindowA
0x46662c FillRect
0x466630 EqualRect
0x466634 EnumWindows
0x466638 EnumThreadWindows
0x46663c EndPaint
0x466640 EnableWindow
0x466644 EnableScrollBar
0x466648 EnableMenuItem
0x46664c DrawTextA
0x466650 DrawMenuBar
0x466654 DrawIconEx
0x466658 DrawIcon
0x46665c DrawFrameControl
0x466660 DrawEdge
0x466664 DispatchMessageA
0x466668 DestroyWindow
0x46666c DestroyMenu
0x466670 DestroyIcon
0x466674 DestroyCursor
0x466678 DeleteMenu
0x46667c DefWindowProcA
0x466680 DefMDIChildProcA
0x466684 DefFrameProcA
0x466688 CreatePopupMenu
0x46668c CreateMenu
0x466690 CreateIcon
0x466694 ClientToScreen
0x466698 CheckMenuItem
0x46669c CallWindowProcA
0x4666a0 CallNextHookEx
0x4666a4 BeginPaint
0x4666a8 CharNextA
0x4666ac CharLowerBuffA
0x4666b0 CharLowerA
0x4666b4 CharToOemA
0x4666b8 AdjustWindowRectEx
Library kernel32.dll:
0x4666c4 Sleep
Library oleaut32.dll:
0x4666cc SafeArrayPtrOfIndex
0x4666d0 SafeArrayGetUBound
0x4666d4 SafeArrayGetLBound
0x4666d8 SafeArrayCreate
0x4666dc VariantChangeType
0x4666e0 VariantCopy
0x4666e4 VariantClear
0x4666e8 VariantInit
Library comctl32.dll:
0x4666f8 ImageList_Write
0x4666fc ImageList_Read
0x46670c ImageList_DragMove
0x466710 ImageList_DragLeave
0x466714 ImageList_DragEnter
0x466718 ImageList_EndDrag
0x46671c ImageList_BeginDrag
0x466720 ImageList_Remove
0x466724 ImageList_DrawEx
0x466728 ImageList_Replace
0x46672c ImageList_Draw
0x46673c ImageList_Add
0x466744 ImageList_Destroy
0x466748 ImageList_Create
0x46674c InitCommonControls
Library comdlg32.dll:
0x466754 GetOpenFileNameA

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 49235 114.114.114.114 53
192.168.56.101 51378 114.114.114.114 53
192.168.56.101 51963 114.114.114.114 53
192.168.56.101 56539 114.114.114.114 53
192.168.56.101 63429 114.114.114.114 53
192.168.56.101 65004 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 123 20.189.79.72 time.windows.com 123
192.168.56.101 49713 224.0.0.252 5355
192.168.56.101 50568 224.0.0.252 5355
192.168.56.101 53237 224.0.0.252 5355
192.168.56.101 53657 224.0.0.252 5355
192.168.56.101 55368 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 58367 224.0.0.252 5355
192.168.56.101 62191 224.0.0.252 5355
192.168.56.101 62318 224.0.0.252 5355
192.168.56.101 62912 224.0.0.252 5355
192.168.56.101 1900 239.255.255.250 1900

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.