4.8
中危
55 个模型检测该样本为恶意!
重新分析
更多

53e3fa4c1b8f8ae4a3477a70535d4f1c402de87c47c2f906d8a2600f8ba58b4a

a68ddd0e9ad53703b6f55ff9931ccc20.exe

分析耗时

85s

最近分析

文件大小

896.1KB
静态报毒 动态报毒 AGEN AI SCORE=87 ATTRIBUTE CLASSIC CONFIDENCE ELDORADO EMOL EMOTET ENCPK GENASA GENCIRC GENERICRXAA GJMY HBNN HBQI HFCYTN HIGH CONFIDENCE HIGHCONFIDENCE KRYPTIK MALWARE@#2QZQSUOU2L3BD MALWAREX R + MAL SCORE SUSGEN TRBT TRICK TRICKBOT UNSAFE ZFZXWNW2 更多
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
McAfee GenericRXAA-AA!A68DDD0E9AD5 20201211 6.0.6.653
Alibaba Trojan:Win32/Trickbot.f04fcfbe 20190527 0.3.0.5
Baidu 20190318 1.0.0.2
Avast Win32:MalwareX-gen [Trj] 20201210 21.1.5827.0
Tencent Malware.Win32.Gencirc.10b8f709 20201211 1.0.0.1
Kingsoft 20201211 2017.9.26.565
CrowdStrike win/malicious_confidence_60% (W) 20190702 1.0
行为判定
动态指标
Allocates read-write-execute memory (usually to unpack itself) (7 个事件)
Time & API Arguments Status Return Repeated
1619785940.93875
NtAllocateVirtualMemory
process_identifier: 2420
region_size: 200704
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12289 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x01da0000
success 0 0
1619785945.876375
NtAllocateVirtualMemory
process_identifier: 2064
region_size: 200704
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12289 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00900000
success 0 0
1619785945.892375
NtAllocateVirtualMemory
process_identifier: 2064
region_size: 196608
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12289 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x01fa0000
success 0 0
1619785945.892375
NtProtectVirtualMemory
process_identifier: 2064
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 192512
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x01fd1000
success 0 0
1619785978.70475
NtAllocateVirtualMemory
process_identifier: 2840
region_size: 200704
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12289 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x006d0000
success 0 0
1619785978.70475
NtAllocateVirtualMemory
process_identifier: 2840
region_size: 196608
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12289 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x01e90000
success 0 0
1619785978.70475
NtProtectVirtualMemory
process_identifier: 2840
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 192512
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x02111000
success 0 0
A process created a hidden window (1 个事件)
Time & API Arguments Status Return Repeated
1619785941.29875
ShellExecuteExW
parameters:
filepath: C:\ProgramData\ແຟԴեCCC;ↈↈↈ;ծCC;ↈↈↈ;CCCաայデモツリルのCCC;ↈↈↈ;CCルクフリ;;;հաշվում;ແຟ້ມຕົ້;;;ենկаПテーブルыսա.exe
filepath_r: C:\ProgramData\ແຟԴեCCC;ↈↈↈ;ծCC;ↈↈↈ;CCCաայデモツリルのCCC;ↈↈↈ;CCルクフリ;;;հաշվում;ແຟ້ມຕົ້;;;ենկаПテーブルыսա.exe
show_type: 0
success 1 0
The binary likely contains encrypted or compressed data indicative of a packer (2 个事件)
entropy 7.062921532698116 section {'size_of_data': '0x0003f000', 'virtual_address': '0x0009f000', 'entropy': 7.062921532698116, 'name': '.rsrc', 'virtual_size': '0x0003e276'} description A section with a high entropy has been found
entropy 0.2825112107623318 description Overall entropy of this PE file is high
网络通信
Communicates with host for which no DNS query was performed (1 个事件)
host 172.217.24.14
File has been identified by 55 AntiVirus engines on VirusTotal as malicious (50 out of 55 个事件)
Elastic malicious (high confidence)
FireEye Generic.mg.a68ddd0e9ad53703
McAfee GenericRXAA-AA!A68DDD0E9AD5
Cylance Unsafe
Zillya Dropper.Agent.Win32.416935
SUPERAntiSpyware Trojan.Agent/Gen-Dropper
Sangfor Malware
K7AntiVirus Trojan ( 00561d741 )
Alibaba Trojan:Win32/Trickbot.f04fcfbe
K7GW Trojan ( 00561d741 )
Arcabit Trojan.Agent.EMOL
Cyren W32/S-914996a6!Eldorado
Symantec ML.Attribute.HighConfidence
APEX Malicious
Avast Win32:MalwareX-gen [Trj]
Cynet Malicious (score: 85)
Kaspersky HEUR:Trojan-Banker.Win32.Emotet.gen
BitDefender Trojan.Agent.EMOL
NANO-Antivirus Trojan.Win32.Trick.hfcytn
Paloalto generic.ml
MicroWorld-eScan Trojan.Agent.EMOL
Tencent Malware.Win32.Gencirc.10b8f709
Ad-Aware Trojan.Agent.EMOL
Sophos Mal/Generic-R + Mal/EncPk-API
Comodo Malware@#2qzqsuou2l3bd
F-Secure Heuristic.HEUR/AGEN.1111719
DrWeb Trojan.Trick.46530
VIPRE Trojan.Win32.Generic!BT
TrendMicro TrojanSpy.Win32.EMOTET.SMN.hp
McAfee-GW-Edition BehavesLike.Win32.Emotet.ch
Emsisoft Trojan.Agent.EMOL (B)
Jiangmin TrojanDropper.Agent.gjmy
Avira HEUR/AGEN.1111719
Antiy-AVL Trojan[Dropper]/Win32.Agent
Gridinsoft Trojan.Win32.Kryptik.ba!s1
Microsoft Trojan:Win32/Trickbot.BA!MTB
AegisLab Trojan.Win32.Inject.trbt
ZoneAlarm HEUR:Trojan-Banker.Win32.Emotet.gen
GData Trojan.Agent.EMOL
AhnLab-V3 Malware/Win32.Generic.C4002132
ALYac Trojan.Agent.EMOL
MAX malware (ai score=87)
VBA32 Trojan.Inject
Malwarebytes Trojan.MalPack.TRE.Generic
ESET-NOD32 a variant of Win32/Kryptik.HBNN
TrendMicro-HouseCall TrojanSpy.Win32.EMOTET.SMN.hp
Rising Trojan.Kryptik!1.C335 (CLASSIC)
Yandex Trojan.GenAsa!ZfzXWNw2/OY
Ikarus Trojan.Win32.Crypt
MaxSecure Trojan.Malware.7127967.susgen
Connects to IP addresses that are no longer responding to requests (legitimate services will remain up-and-running usually) (2 个事件)
dead_host 172.217.24.14:443
dead_host 172.217.27.142:443
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

2020-02-11 17:36:23

Imports

Library KERNEL32.dll:
0x49bf94 ExitThread
0x49bf98 TerminateProcess
0x49bf9c HeapFree
0x49bfa0 HeapAlloc
0x49bfa4 RaiseException
0x49bfa8 HeapReAlloc
0x49bfac HeapSize
0x49bfb0 GetACP
0x49bfb4 FatalAppExitA
0x49bfcc SetHandleCount
0x49bfd0 GetStdHandle
0x49bfd4 GetFileType
0x49bfd8 HeapDestroy
0x49bfdc HeapCreate
0x49bfe0 IsBadWritePtr
0x49bfe4 CreateThread
0x49bfe8 LCMapStringA
0x49bfec LCMapStringW
0x49bff0 GetStringTypeA
0x49bff4 GetStringTypeW
0x49bff8 IsBadReadPtr
0x49bffc IsBadCodePtr
0x49c000 IsValidLocale
0x49c004 IsValidCodePage
0x49c008 GetLocaleInfoA
0x49c00c EnumSystemLocalesA
0x49c010 GetUserDefaultLCID
0x49c014 GetVersionExA
0x49c01c SetStdHandle
0x49c020 CompareStringA
0x49c024 CompareStringW
0x49c02c GetLocaleInfoW
0x49c030 GetCommandLineA
0x49c034 GetStartupInfoA
0x49c038 GetLocalTime
0x49c03c GetProfileStringA
0x49c040 GetSystemTime
0x49c048 RtlUnwind
0x49c04c CopyFileA
0x49c050 GlobalSize
0x49c054 GetTickCount
0x49c060 lstrlenW
0x49c064 SetErrorMode
0x49c068 SetFileAttributesA
0x49c06c SetFileTime
0x49c078 GetFileTime
0x49c07c GetFileSize
0x49c080 GetFileAttributesA
0x49c084 GetOEMCP
0x49c088 GetCPInfo
0x49c08c SizeofResource
0x49c090 GetProcessVersion
0x49c0a4 GlobalFlags
0x49c0a8 TlsGetValue
0x49c0ac LocalReAlloc
0x49c0b0 TlsSetValue
0x49c0b4 GlobalReAlloc
0x49c0b8 TlsFree
0x49c0bc GlobalHandle
0x49c0c0 TlsAlloc
0x49c0c4 LocalAlloc
0x49c0c8 GetShortPathNameA
0x49c0cc GetThreadLocale
0x49c0d0 GetStringTypeExA
0x49c0d4 GetFullPathNameA
0x49c0d8 lstrcpynA
0x49c0e0 FindFirstFileA
0x49c0e4 FindClose
0x49c0e8 DeleteFileA
0x49c0ec MoveFileA
0x49c0f0 SetEndOfFile
0x49c0f4 UnlockFile
0x49c0f8 LockFile
0x49c0fc FlushFileBuffers
0x49c100 SetFilePointer
0x49c104 WriteFile
0x49c108 ReadFile
0x49c10c CreateFileA
0x49c110 GetCurrentProcess
0x49c114 DuplicateHandle
0x49c118 MulDiv
0x49c11c SetLastError
0x49c120 MultiByteToWideChar
0x49c124 WideCharToMultiByte
0x49c130 LoadLibraryA
0x49c134 FreeLibrary
0x49c138 GetVersion
0x49c13c lstrcatA
0x49c140 GlobalGetAtomNameA
0x49c144 GlobalAddAtomA
0x49c148 GlobalFindAtomA
0x49c14c lstrcpyA
0x49c150 GetModuleHandleA
0x49c154 lstrlenA
0x49c158 GlobalUnlock
0x49c15c GlobalFree
0x49c160 LockResource
0x49c164 FindResourceA
0x49c168 LoadResource
0x49c16c SuspendThread
0x49c170 SetThreadPriority
0x49c174 ResumeThread
0x49c178 GetModuleFileNameA
0x49c17c GlobalLock
0x49c180 GlobalAlloc
0x49c184 GlobalDeleteAtom
0x49c188 lstrcmpA
0x49c18c lstrcmpiA
0x49c190 GetCurrentThread
0x49c194 GetCurrentThreadId
0x49c198 VirtualAlloc
0x49c19c VirtualFree
0x49c1a0 GetLastError
0x49c1a4 Sleep
0x49c1a8 CancelIo
0x49c1ac FormatMessageA
0x49c1b0 LocalFree
0x49c1b4 SetEvent
0x49c1b8 CloseHandle
0x49c1c4 WaitForSingleObject
0x49c1cc CreateEventA
0x49c1d4 LoadLibraryW
0x49c1d8 GetProcAddress
0x49c1e0 ExitProcess
Library USER32.dll:
0x49c3cc LoadAcceleratorsA
0x49c3d4 LoadMenuA
0x49c3d8 SetMenu
0x49c3dc ReuseDDElParam
0x49c3e0 UnpackDDElParam
0x49c3e4 InvalidateRect
0x49c3e8 BringWindowToTop
0x49c3f0 RemoveMenu
0x49c3f4 PostThreadMessageA
0x49c3f8 DestroyIcon
0x49c3fc CheckDlgButton
0x49c400 UpdateWindow
0x49c404 SendDlgItemMessageA
0x49c408 MapWindowPoints
0x49c40c GetSysColor
0x49c410 SetFocus
0x49c414 AdjustWindowRectEx
0x49c418 ScreenToClient
0x49c41c EqualRect
0x49c420 DeferWindowPos
0x49c424 BeginDeferWindowPos
0x49c428 EndDeferWindowPos
0x49c42c ScrollWindow
0x49c430 GetScrollInfo
0x49c434 SetScrollInfo
0x49c438 ShowScrollBar
0x49c43c GetScrollRange
0x49c440 SetScrollRange
0x49c444 GetScrollPos
0x49c448 SetScrollPos
0x49c44c GetTopWindow
0x49c450 IsChild
0x49c454 GetCapture
0x49c458 WinHelpA
0x49c45c wsprintfA
0x49c460 GetClassInfoA
0x49c464 RegisterClassA
0x49c468 GetMenuItemCount
0x49c46c GetSubMenu
0x49c470 GetMenuItemID
0x49c474 TrackPopupMenu
0x49c478 SetWindowPlacement
0x49c480 GetWindowTextA
0x49c484 GetDlgCtrlID
0x49c488 DefWindowProcA
0x49c48c CreateWindowExA
0x49c490 GetClassLongA
0x49c494 SetPropA
0x49c498 UnhookWindowsHookEx
0x49c49c GetPropA
0x49c4a0 CallWindowProcA
0x49c4a4 RemovePropA
0x49c4a8 GetMessageTime
0x49c4ac SetRectEmpty
0x49c4b0 GetForegroundWindow
0x49c4b4 SetForegroundWindow
0x49c4b8 SetWindowLongA
0x49c4c0 OffsetRect
0x49c4c4 IntersectRect
0x49c4c8 GetSysColorBrush
0x49c4cc GetWindowPlacement
0x49c4d0 GetWindowRect
0x49c4d4 CopyRect
0x49c4d8 GetDC
0x49c4dc ReleaseDC
0x49c4e0 MapDialogRect
0x49c4e4 SetWindowPos
0x49c4e8 GetWindow
0x49c4f0 EndDialog
0x49c4f4 SetActiveWindow
0x49c4fc DestroyWindow
0x49c500 GetDlgItem
0x49c504 CharNextA
0x49c508 LoadBitmapA
0x49c50c GetMenuState
0x49c510 ModifyMenuA
0x49c514 SetMenuItemBitmaps
0x49c518 EnableMenuItem
0x49c51c GetFocus
0x49c520 GetNextDlgTabItem
0x49c524 GetMessageA
0x49c528 TranslateMessage
0x49c52c DispatchMessageA
0x49c530 GetActiveWindow
0x49c534 GetKeyState
0x49c538 CallNextHookEx
0x49c53c ValidateRect
0x49c540 EnableWindow
0x49c544 LoadIconA
0x49c548 SetTimer
0x49c54c LoadStringA
0x49c550 UnregisterClassA
0x49c554 HideCaret
0x49c558 ShowCaret
0x49c55c ExcludeUpdateRgn
0x49c560 IsWindowVisible
0x49c564 PeekMessageA
0x49c568 GetCursorPos
0x49c56c SetWindowsHookExA
0x49c570 GetParent
0x49c574 GetLastActivePopup
0x49c578 IsWindowEnabled
0x49c57c GetWindowLongA
0x49c580 MessageBoxA
0x49c584 SetCursor
0x49c588 ShowOwnedPopups
0x49c58c PostQuitMessage
0x49c590 PostMessageA
0x49c594 InflateRect
0x49c598 MessageBeep
0x49c59c GetNextDlgGroupItem
0x49c5a0 SetRect
0x49c5a4 GetMessagePos
0x49c5ac KillTimer
0x49c5b0 GetMenu
0x49c5b4 CheckMenuItem
0x49c5b8 IsWindow
0x49c5bc IsIconic
0x49c5c0 GetSystemMetrics
0x49c5c4 GetClientRect
0x49c5c8 DrawIcon
0x49c5cc GetSystemMenu
0x49c5d0 AppendMenuA
0x49c5d4 DrawFocusRect
0x49c5d8 DefDlgProcA
0x49c5dc IsWindowUnicode
0x49c5e0 SendMessageA
0x49c5e4 GetMenuStringA
0x49c5e8 DeleteMenu
0x49c5ec InsertMenuA
0x49c5f0 PtInRect
0x49c5f4 GetClassNameA
0x49c5f8 WindowFromPoint
0x49c600 GetDesktopWindow
0x49c604 WaitMessage
0x49c608 ReleaseCapture
0x49c60c SetCapture
0x49c610 LoadCursorA
0x49c614 CharUpperA
0x49c618 GrayStringA
0x49c61c DrawTextA
0x49c620 TabbedTextOutA
0x49c624 EndPaint
0x49c628 BeginPaint
0x49c62c GetWindowDC
0x49c630 ClientToScreen
0x49c634 DestroyMenu
0x49c638 CheckRadioButton
0x49c63c OemToCharA
0x49c640 CharToOemA
0x49c644 wvsprintfA
0x49c648 ShowWindow
0x49c64c MoveWindow
0x49c650 SetWindowTextA
0x49c654 IsDialogMessageA
0x49c658 ScrollWindowEx
0x49c65c IsDlgButtonChecked
0x49c664 GetDialogBaseUnits
0x49c668 SetDlgItemTextA
0x49c66c SetDlgItemInt
0x49c670 GetDlgItemTextA
0x49c678 GetDlgItemInt
Library GDI32.dll:
0x49bdd8 ScaleViewportExtEx
0x49bddc SetWindowOrgEx
0x49bde0 OffsetWindowOrgEx
0x49bde4 SetWindowExtEx
0x49bde8 ScaleWindowExtEx
0x49bdec SelectClipRgn
0x49bdf0 ExcludeClipRect
0x49bdf4 IntersectClipRect
0x49bdf8 OffsetClipRgn
0x49bdfc MoveToEx
0x49be00 LineTo
0x49be04 SetTextAlign
0x49be10 SetMapperFlags
0x49be18 ArcTo
0x49be1c SetArcDirection
0x49be20 PolyDraw
0x49be24 PolylineTo
0x49be28 SetColorAdjustment
0x49be2c PolyBezierTo
0x49be30 DeleteObject
0x49be34 GetClipRgn
0x49be38 CreateRectRgn
0x49be3c SelectClipPath
0x49be40 ExtSelectClipRgn
0x49be44 PlayMetaFileRecord
0x49be48 SetViewportExtEx
0x49be4c EnumMetaFile
0x49be50 PlayMetaFile
0x49be54 GetDeviceCaps
0x49be58 GetViewportExtEx
0x49be5c GetWindowExtEx
0x49be60 CreatePen
0x49be64 ExtCreatePen
0x49be68 CreateSolidBrush
0x49be6c CreateHatchBrush
0x49be70 CreatePatternBrush
0x49be78 PtVisible
0x49be7c RectVisible
0x49be80 TextOutA
0x49be84 ExtTextOutA
0x49be88 Escape
0x49be90 GetTextMetricsA
0x49be94 CreateFontIndirectA
0x49be98 GetTextColor
0x49be9c GetBkColor
0x49bea0 DPtoLP
0x49bea4 LPtoDP
0x49bea8 GetMapMode
0x49beac SetRectRgn
0x49beb0 CombineRgn
0x49beb4 CopyMetaFileA
0x49beb8 CreateDCA
0x49bebc OffsetViewportOrgEx
0x49bec0 SetViewportOrgEx
0x49bec4 SetMapMode
0x49bec8 SetStretchBltMode
0x49becc SetROP2
0x49bed0 SetPolyFillMode
0x49bed4 SetBkMode
0x49bed8 SelectPalette
0x49bedc GetStockObject
0x49bee0 SelectObject
0x49bee4 RestoreDC
0x49bee8 SaveDC
0x49beec StartDocA
0x49bef0 DeleteDC
0x49bef4 GetObjectA
0x49bef8 SetBkColor
0x49befc SetTextColor
0x49bf00 GetClipBox
0x49bf04 GetDCOrgEx
0x49bf0c PatBlt
0x49bf10 GetObjectType
0x49bf14 CreateDIBitmap
0x49bf18 GetTextExtentPointA
0x49bf1c BitBlt
0x49bf20 CreateCompatibleDC
0x49bf24 CreateBitmap
Library comdlg32.dll:
0x49c7fc GetFileTitleA
0x49c800 GetSaveFileNameA
0x49c804 GetOpenFileNameA
Library WINSPOOL.DRV:
0x49c730 OpenPrinterA
0x49c734 DocumentPropertiesA
0x49c738 ClosePrinter
Library ADVAPI32.dll:
0x49bd20 RegEnumKeyA
0x49bd24 RegCloseKey
0x49bd28 RegOpenKeyA
0x49bd2c RegCreateKeyExA
0x49bd30 RegOpenKeyExA
0x49bd34 RegSetValueExA
0x49bd38 RegDeleteValueA
0x49bd3c RegDeleteKeyA
0x49bd40 RegSetValueA
0x49bd44 RegCreateKeyA
0x49bd48 RegQueryValueExA
0x49bd4c RegQueryValueA
Library SHELL32.dll:
0x49c388 DragQueryFileA
0x49c38c DragFinish
0x49c390 SHGetFileInfoA
0x49c394 DragAcceptFiles
0x49c398 ExtractIconA
Library COMCTL32.dll:
0x49bd84
0x49bd88
0x49bd8c ImageList_Destroy
0x49bd90 ImageList_Create
0x49bd98 ImageList_Merge
0x49bd9c ImageList_Read
0x49bda0 ImageList_Write
0x49bda4
Library oledlg.dll:
0x49c8f8
Library ole32.dll:
0x49c834 CoGetClassObject
0x49c844 CoTaskMemFree
0x49c848 CoTaskMemAlloc
0x49c84c CoCreateInstance
0x49c850 OleRun
0x49c854 CoDisconnectObject
0x49c858 OleInitialize
0x49c85c OleUninitialize
0x49c864 OleDuplicateData
0x49c868 CreateBindCtx
0x49c86c SetConvertStg
0x49c870 WriteFmtUserTypeStg
0x49c874 WriteClassStg
0x49c878 OleRegGetUserType
0x49c87c ReadFmtUserTypeStg
0x49c880 ReadClassStg
0x49c884 StringFromCLSID
0x49c888 CoTreatAsClass
0x49c88c ReleaseStgMedium
0x49c890 CLSIDFromString
0x49c894 CLSIDFromProgID
0x49c8a8 CoRevokeClassObject
0x49c8ac OleSetClipboard
0x49c8b0 OleFlushClipboard
Library OLEPRO32.DLL:
0x49c358
Library OLEAUT32.dll:
0x49c284 VariantCopy
0x49c288 VariantClear
0x49c28c SysAllocStringLen
0x49c290 SysFreeString
0x49c294 VariantChangeType
0x49c298 SysReAllocStringLen
0x49c29c SysAllocString
0x49c2a4 SafeArrayAccessData
0x49c2a8 SafeArrayGetUBound
0x49c2ac SafeArrayGetLBound
0x49c2b4 SafeArrayGetDim
0x49c2b8 SafeArrayCreate
0x49c2bc SafeArrayRedim
0x49c2c4 SysStringByteLen
0x49c2c8 VarCyFromStr
0x49c2cc VarBstrFromCy
0x49c2d0 VarDateFromStr
0x49c2d4 VarBstrFromDate
0x49c2d8 SafeArrayCopy
0x49c2dc SafeArrayAllocData
0x49c2e4 SafeArrayGetElement
0x49c2e8 SafeArrayPtrOfIndex
0x49c2ec SafeArrayPutElement
0x49c2f0 SafeArrayLock
0x49c2f4 SafeArrayUnlock
0x49c2f8 SafeArrayDestroy
0x49c304 SysStringLen
0x49c308 LoadTypeLib
Library WS2_32.dll:
0x49c768 WSAEventSelect
0x49c76c closesocket
0x49c770 bind
0x49c774 htons
0x49c778 send
0x49c77c WSACloseEvent
0x49c780 ioctlsocket
0x49c784 recv
0x49c788 inet_addr
0x49c78c gethostbyname
0x49c790 connect
0x49c794 WSACleanup
0x49c798 WSAStartup
0x49c79c getpeername
0x49c7a0 inet_ntoa
0x49c7a4 accept
0x49c7a8 WSAGetLastError
0x49c7b4 socket
0x49c7b8 WSACreateEvent
0x49c7bc listen

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 50534 114.114.114.114 53
192.168.56.101 51963 114.114.114.114 53
192.168.56.101 55368 114.114.114.114 53
192.168.56.101 56539 114.114.114.114 53
192.168.56.101 60384 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 123 20.189.79.72 time.windows.com 123
192.168.56.101 49713 224.0.0.252 5355
192.168.56.101 51378 224.0.0.252 5355
192.168.56.101 51808 224.0.0.252 5355
192.168.56.101 53237 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 60123 224.0.0.252 5355
192.168.56.101 61680 224.0.0.252 5355
192.168.56.101 62191 224.0.0.252 5355
192.168.56.101 62318 224.0.0.252 5355
192.168.56.101 65004 224.0.0.252 5355
192.168.56.101 1900 239.255.255.250 1900
192.168.56.101 51379 239.255.255.250 3702

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.