5.8
高危
63 个模型检测该样本为恶意!
重新分析
更多

b3a27e158356620e607a47b1ec0ba508a7526d6dcda53de87a40f0e9c5397cc2

a85f75089b8bbc003affac7ae960e5c8.exe

分析耗时

28s

最近分析

文件大小

702.5KB
静态报毒 动态报毒 AI SCORE=82 AIDETECTVM AUTO AUTOG AVSARHER BTOMTW CLOUD CONFIDENCE CXKHU DELF DELPHILESS EMHC FAREIT GENETIC HIGH CONFIDENCE HLAMTA MALWARE@#1HY6M8NKDMXHD MALWAREB ODRK RGW@A07IY@HI SCORE SIGGEN2 STRICTOR SUSPICIOUS PE TROJANX TSCOPE UHBAZCLMB UNSAFE X2066 ZELPHIF ZUSY 更多
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
McAfee Fareit-FTB!A85F75089B8B 20200617 6.0.6.653
Alibaba Trojan:Win32/Obfuscator.02b4cb8d 20190527 0.3.0.5
CrowdStrike win/malicious_confidence_90% (W) 20190702 1.0
Avast Win32:TrojanX-gen [Trj] 20200617 18.4.3895.0
Baidu 20190318 1.0.0.2
Kingsoft 20200617 2013.8.14.323
Tencent Win32.Trojan.Inject.Auto 20200617 1.0.0.1
静态指标
The executable contains unknown PE section names indicative of a packer (could be a false positive) (3 个事件)
section CODE
section DATA
section BSS
The executable uses a known packer (1 个事件)
packer BobSoft Mini Delphi -> BoB / BobSoft
One or more processes crashed (2 个事件)
Time & API Arguments Status Return Repeated
1619826884.303269
__exception__
stacktrace: 
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 34274868
registers.edi: 0
registers.eax: 0
registers.ebp: 34275208
registers.edx: 1
registers.ebx: 0
registers.esi: 0
registers.ecx: 0
exception.instruction_r: f7 f0 33 c0 5a 59 59 64 89 10 e9 2e 6d 00 00 e9
exception.symbol: a85f75089b8bbc003affac7ae960e5c8+0x5c46a
exception.instruction: div eax
exception.module: a85f75089b8bbc003affac7ae960e5c8.exe
exception.exception_code: 0xc0000094
exception.offset: 377962
exception.address: 0x45c46a
success 0 0
1619848864.231374
__exception__
stacktrace: 
CreateFileMappingW+0xe5 OpenFileMappingW-0x29 kernelbase+0xdc73 @ 0x778edc73
GetFileVersion+0xa7 ND_RI2-0x2eb mscoreei+0xe97b @ 0x7501e97b
GetFileVersion+0x1bb ND_RI2-0x1d7 mscoreei+0xea8f @ 0x7501ea8f
RegisterShimImplCallback+0x48e5 CLRCreateInstance-0x13e6 mscoreei+0xb25a @ 0x7501b25a
RegisterShimImplCallback+0x4b52 CLRCreateInstance-0x1179 mscoreei+0xb4c7 @ 0x7501b4c7
RegisterShimImplCallback+0x4300 CLRCreateInstance-0x19cb mscoreei+0xac75 @ 0x7501ac75
RegisterShimImplCallback+0x4561 CLRCreateInstance-0x176a mscoreei+0xaed6 @ 0x7501aed6
CreateConfigStream+0xc89 _CorExeMain-0x62 mscoreei+0x5511 @ 0x75015511
_CorExeMain+0x2b _CorExeMain2-0x141 mscoreei+0x559e @ 0x7501559e
CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x75177f16
_CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x75174de3
a85f75089b8bbc003affac7ae960e5c8+0x5aa4d @ 0x45aa4d
a85f75089b8bbc003affac7ae960e5c8+0x53254 @ 0x453254
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1634372
registers.edi: 2
registers.eax: 1
registers.ebp: 1634412
registers.edx: 228
registers.ebx: 983045
registers.esi: 1634532
registers.ecx: 228
exception.symbol:
exception.exception_code: 0xc0000005
exception.address: 0xff4d14ad
success 0 0
行为判定
动态指标
One or more potentially interesting buffers were extracted, these generally contain injected code, configuration data, etc.
Allocates read-write-execute memory (usually to unpack itself) (30 个事件)
Time & API Arguments Status Return Repeated
1619826884.178269
NtAllocateVirtualMemory
process_identifier: 2996
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x008c0000
success 0 0
1619826884.318269
NtProtectVirtualMemory
process_identifier: 2996
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 28672
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x0045c000
success 0 0
1619826884.318269
NtAllocateVirtualMemory
process_identifier: 2996
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x020b0000
success 0 0
1619848862.809374
NtProtectVirtualMemory
process_identifier: 192
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00400000
success 0 0
1619848862.856374
NtAllocateVirtualMemory
process_identifier: 192
region_size: 262144
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 8192 (MEM_RESERVE)
base_address: 0x00610000
success 0 0
1619848862.856374
NtAllocateVirtualMemory
process_identifier: 192
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00610000
success 0 0
1619848862.856374
NtAllocateVirtualMemory
process_identifier: 192
region_size: 335872
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x01d90000
success 0 0
1619848862.856374
NtProtectVirtualMemory
process_identifier: 192
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 307200
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x01d92000
success 0 0
1619848863.168374
NtAllocateVirtualMemory
process_identifier: 192
region_size: 589824
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 8192 (MEM_RESERVE)
base_address: 0x01e20000
success 0 0
1619848863.168374
NtAllocateVirtualMemory
process_identifier: 192
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x01e70000
success 0 0
1619848864.184374
NtProtectVirtualMemory
process_identifier: 192
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x01f72000
success 0 0
1619848864.184374
NtProtectVirtualMemory
process_identifier: 192
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76351000
success 0 0
1619848864.184374
NtProtectVirtualMemory
process_identifier: 192
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x01f72000
success 0 0
1619848864.184374
NtProtectVirtualMemory
process_identifier: 192
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76353000
success 0 0
1619848864.184374
NtProtectVirtualMemory
process_identifier: 192
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x01f72000
success 0 0
1619848864.184374
NtProtectVirtualMemory
process_identifier: 192
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76354000
success 0 0
1619848864.184374
NtProtectVirtualMemory
process_identifier: 192
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x01f72000
success 0 0
1619848864.184374
NtProtectVirtualMemory
process_identifier: 192
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76351000
success 0 0
1619848864.184374
NtProtectVirtualMemory
process_identifier: 192
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x01f72000
success 0 0
1619848864.184374
NtProtectVirtualMemory
process_identifier: 192
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x77d4f000
success 0 0
1619848864.184374
NtProtectVirtualMemory
process_identifier: 192
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x01f72000
success 0 0
1619848864.184374
NtProtectVirtualMemory
process_identifier: 192
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76353000
success 0 0
1619848864.184374
NtProtectVirtualMemory
process_identifier: 192
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x01f72000
success 0 0
1619848864.184374
NtProtectVirtualMemory
process_identifier: 192
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76351000
success 0 0
1619848864.184374
NtProtectVirtualMemory
process_identifier: 192
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x01f72000
success 0 0
1619848864.184374
NtProtectVirtualMemory
process_identifier: 192
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76351000
success 0 0
1619848864.184374
NtProtectVirtualMemory
process_identifier: 192
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x01f72000
success 0 0
1619848864.184374
NtProtectVirtualMemory
process_identifier: 192
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76354000
success 0 0
1619848864.184374
NtProtectVirtualMemory
process_identifier: 192
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x01f72000
success 0 0
1619848864.184374
NtProtectVirtualMemory
process_identifier: 192
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76351000
success 0 0
The binary likely contains encrypted or compressed data indicative of a packer (2 个事件)
entropy 7.45392276392578 section {'size_of_data': '0x00042c00', 'virtual_address': '0x00073000', 'entropy': 7.45392276392578, 'name': '.rsrc', 'virtual_size': '0x00042b98'} description A section with a high entropy has been found
entropy 0.3806129722024234 description Overall entropy of this PE file is high
网络通信
Communicates with host for which no DNS query was performed (1 个事件)
host 172.217.24.14
Used NtSetContextThread to modify a thread in a remote process indicative of process injection (2 个事件)
Process injection Process 2996 called NtSetContextThread to modify thread in remote process 192
Time & API Arguments Status Return Repeated
1619826884.818269
NtSetContextThread
thread_handle: 0x000000fc
registers.eip: 0
registers.esp: 0
registers.edi: 0
registers.eax: 4907488
registers.ebp: 0
registers.edx: 0
registers.ebx: 2130567168
registers.esi: 0
registers.ecx: 0
process_identifier: 192
success 0 0
Resumed a suspended thread in a remote process potentially indicative of process injection (2 个事件)
Process injection Process 2996 resumed a thread in remote process 192
Time & API Arguments Status Return Repeated
1619826885.131269
NtResumeThread
thread_handle: 0x000000fc
suspend_count: 1
process_identifier: 192
success 0 0
Executed a process and injected code into it, probably while unpacking (6 个事件)
Time & API Arguments Status Return Repeated
1619826884.756269
CreateProcessInternalW
thread_identifier: 1432
thread_handle: 0x000000fc
process_identifier: 192
current_directory:
filepath:
track: 1
command_line: "C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\a85f75089b8bbc003affac7ae960e5c8.exe"
filepath_r:
stack_pivoted: 0
creation_flags: 4 (CREATE_SUSPENDED)
process_handle: 0x00000100
inherit_handles: 0
success 1 0
1619826884.756269
NtUnmapViewOfSection
process_identifier: 192
region_size: 4096
process_handle: 0x00000100
base_address: 0x00400000
success 0 0
1619826884.771269
NtMapViewOfSection
section_handle: 0x00000108
process_identifier: 192
commit_size: 720896
win32_protect: 64 (PAGE_EXECUTE_READWRITE)
buffer:
process_handle: 0x00000100
allocation_type: 0 ()
section_offset: 0
view_size: 720896
base_address: 0x00400000
success 0 0
1619826884.818269
NtGetContextThread
thread_handle: 0x000000fc
success 0 0
1619826884.818269
NtSetContextThread
thread_handle: 0x000000fc
registers.eip: 0
registers.esp: 0
registers.edi: 0
registers.eax: 4907488
registers.ebp: 0
registers.edx: 0
registers.ebx: 2130567168
registers.esi: 0
registers.ecx: 0
process_identifier: 192
success 0 0
1619826885.131269
NtResumeThread
thread_handle: 0x000000fc
suspend_count: 1
process_identifier: 192
success 0 0
File has been identified by 63 AntiVirus engines on VirusTotal as malicious (50 out of 63 个事件)
Bkav W32.AIDetectVM.malwareB
DrWeb Trojan.PWS.Siggen2.49782
MicroWorld-eScan Gen:Variant.Zusy.305069
FireEye Generic.mg.a85f75089b8bbc00
CAT-QuickHeal Trojan.Multi
McAfee Fareit-FTB!A85F75089B8B
Malwarebytes Trojan.MalPack.DLF
Zillya Trojan.Crypt.Win32.62526
AegisLab Trojan.Multi.Generic.4!c
Sangfor Malware
K7AntiVirus Trojan ( 0056739d1 )
Alibaba Trojan:Win32/Obfuscator.02b4cb8d
K7GW Trojan ( 0056739d1 )
CrowdStrike win/malicious_confidence_90% (W)
Arcabit Trojan.Zusy.D4A7AD
Invincea heuristic
BitDefenderTheta Gen:NN.ZelphiF.34128.RGW@a07Iy@hi
Cyren W32/Injector.ODRK-1096
Symantec Trojan.Gen.2
TrendMicro-HouseCall TrojanSpy.Win32.FAREIT.UHBAZCLMB
Paloalto generic.ml
ClamAV Win.Dropper.Fareit-7997346-0
Kaspersky HEUR:Trojan.Win32.Crypt.gen
BitDefender Gen:Variant.Zusy.305069
NANO-Antivirus Riskware.Win32.Strictor.hlamta
SUPERAntiSpyware Trojan.Agent/Gen-Injector
Avast Win32:TrojanX-gen [Trj]
Rising Trojan.Injector!8.C4 (CLOUD)
Ad-Aware Gen:Variant.Zusy.305069
Emsisoft Gen:Variant.Zusy.305069 (B)
Comodo Malware@#1hy6m8nkdmxhd
F-Secure Trojan.TR/Injector.cxkhu
VIPRE Trojan.Win32.Generic!BT
TrendMicro TrojanSpy.Win32.FAREIT.UHBAZCLMB
McAfee-GW-Edition BehavesLike.Win32.Fareit.bc
Sophos Troj/AutoG-IC
Ikarus Trojan.Inject
F-Prot W32/Injector.JDJ
Jiangmin Trojan.Crypt.dhu
Avira TR/Injector.cxkhu
MAX malware (ai score=82)
Antiy-AVL Trojan/Win32.Crypt
Microsoft PWS:Win32/Fareit.SM!MTB
Endgame malicious (high confidence)
ZoneAlarm HEUR:Trojan.Win32.Crypt.gen
GData Gen:Variant.Zusy.305069
Cynet Malicious (score: 100)
AhnLab-V3 Suspicious/Win.Delphiless.X2066
Acronis suspicious
VBA32 TScope.Trojan.Delf
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

1992-06-20 06:22:17

Imports

Library kernel32.dll:
0x46713c VirtualFree
0x467140 VirtualAlloc
0x467144 LocalFree
0x467148 LocalAlloc
0x46714c GetVersion
0x467150 GetCurrentThreadId
0x46715c VirtualQuery
0x467160 WideCharToMultiByte
0x467164 MultiByteToWideChar
0x467168 lstrlenA
0x46716c lstrcpynA
0x467170 LoadLibraryExA
0x467174 GetThreadLocale
0x467178 GetStartupInfoA
0x46717c GetProcAddress
0x467180 GetModuleHandleA
0x467184 GetModuleFileNameA
0x467188 GetLocaleInfoA
0x46718c GetCommandLineA
0x467190 FreeLibrary
0x467194 FindFirstFileA
0x467198 FindClose
0x46719c ExitProcess
0x4671a0 WriteFile
0x4671a8 RtlUnwind
0x4671ac RaiseException
0x4671b0 GetStdHandle
Library user32.dll:
0x4671b8 GetKeyboardType
0x4671bc LoadStringA
0x4671c0 MessageBoxA
0x4671c4 CharNextA
Library advapi32.dll:
0x4671cc RegQueryValueExA
0x4671d0 RegOpenKeyExA
0x4671d4 RegCloseKey
Library oleaut32.dll:
0x4671dc SysFreeString
0x4671e0 SysReAllocStringLen
0x4671e4 SysAllocStringLen
Library kernel32.dll:
0x4671ec TlsSetValue
0x4671f0 TlsGetValue
0x4671f4 LocalAlloc
0x4671f8 GetModuleHandleA
Library advapi32.dll:
0x467200 RegQueryValueExA
0x467204 RegOpenKeyExA
0x467208 RegCloseKey
Library kernel32.dll:
0x467210 lstrcpyA
0x467214 WriteFile
0x46721c WaitForSingleObject
0x467220 VirtualQuery
0x467224 VirtualAlloc
0x467228 Sleep
0x46722c SizeofResource
0x467230 SetThreadLocale
0x467234 SetFilePointer
0x467238 SetEvent
0x46723c SetErrorMode
0x467240 SetEndOfFile
0x467244 ResetEvent
0x467248 ReadFile
0x46724c MulDiv
0x467250 LockResource
0x467254 LoadResource
0x467258 LoadLibraryA
0x467264 GlobalUnlock
0x467268 GlobalReAlloc
0x46726c GlobalHandle
0x467270 GlobalLock
0x467274 GlobalFree
0x467278 GlobalFindAtomA
0x46727c GlobalDeleteAtom
0x467280 GlobalAlloc
0x467284 GlobalAddAtomA
0x467288 GetVersionExA
0x46728c GetVersion
0x467290 GetTickCount
0x467294 GetThreadLocale
0x46729c GetSystemTime
0x4672a0 GetSystemInfo
0x4672a4 GetStringTypeExA
0x4672a8 GetStdHandle
0x4672ac GetProcAddress
0x4672b0 GetModuleHandleA
0x4672b4 GetModuleFileNameA
0x4672b8 GetLocaleInfoA
0x4672bc GetLocalTime
0x4672c0 GetLastError
0x4672c4 GetFullPathNameA
0x4672c8 GetFileAttributesA
0x4672cc GetDiskFreeSpaceA
0x4672d0 GetDateFormatA
0x4672d4 GetCurrentThreadId
0x4672d8 GetCurrentProcessId
0x4672dc GetCPInfo
0x4672e0 GetACP
0x4672e4 FreeResource
0x4672e8 InterlockedExchange
0x4672ec FreeLibrary
0x4672f0 FormatMessageA
0x4672f4 FindResourceA
0x4672f8 FindFirstFileA
0x4672fc FindClose
0x467308 ExitThread
0x46730c EnumCalendarInfoA
0x467318 CreateThread
0x46731c CreateFileA
0x467320 CreateEventA
0x467324 CompareStringA
0x467328 CloseHandle
Library version.dll:
0x467330 VerQueryValueA
0x467338 GetFileVersionInfoA
Library gdi32.dll:
0x467340 UnrealizeObject
0x467344 StretchBlt
0x467348 SetWindowOrgEx
0x46734c SetWinMetaFileBits
0x467350 SetViewportOrgEx
0x467354 SetTextColor
0x467358 SetStretchBltMode
0x46735c SetROP2
0x467360 SetPixel
0x467364 SetEnhMetaFileBits
0x467368 SetDIBColorTable
0x46736c SetBrushOrgEx
0x467370 SetBkMode
0x467374 SetBkColor
0x467378 SelectPalette
0x46737c SelectObject
0x467380 SaveDC
0x467384 RestoreDC
0x467388 Rectangle
0x46738c RectVisible
0x467390 RealizePalette
0x467394 Polyline
0x467398 PlayEnhMetaFile
0x46739c PatBlt
0x4673a0 MoveToEx
0x4673a4 MaskBlt
0x4673a8 LineTo
0x4673ac IntersectClipRect
0x4673b0 GetWindowOrgEx
0x4673b4 GetWinMetaFileBits
0x4673b8 GetTextMetricsA
0x4673c4 GetStockObject
0x4673c8 GetPixel
0x4673cc GetPaletteEntries
0x4673d0 GetObjectA
0x4673dc GetEnhMetaFileBits
0x4673e0 GetDeviceCaps
0x4673e4 GetDIBits
0x4673e8 GetDIBColorTable
0x4673ec GetDCOrgEx
0x4673f4 GetClipBox
0x4673f8 GetBrushOrgEx
0x4673fc GetBitmapBits
0x467400 ExtTextOutA
0x467404 ExcludeClipRect
0x467408 DeleteObject
0x46740c DeleteEnhMetaFile
0x467410 DeleteDC
0x467414 CreateSolidBrush
0x467418 CreatePenIndirect
0x46741c CreatePalette
0x467424 CreateFontIndirectA
0x467428 CreateDIBitmap
0x46742c CreateDIBSection
0x467430 CreateCompatibleDC
0x467438 CreateBrushIndirect
0x46743c CreateBitmap
0x467440 CopyEnhMetaFileA
0x467444 BitBlt
Library user32.dll:
0x46744c CreateWindowExA
0x467450 WindowFromPoint
0x467454 WinHelpA
0x467458 WaitMessage
0x46745c UpdateWindow
0x467460 UnregisterClassA
0x467464 UnhookWindowsHookEx
0x467468 TranslateMessage
0x467470 TrackPopupMenu
0x467478 ShowWindow
0x46747c ShowScrollBar
0x467480 ShowOwnedPopups
0x467484 ShowCursor
0x467488 SetWindowsHookExA
0x46748c SetWindowTextA
0x467490 SetWindowPos
0x467494 SetWindowPlacement
0x467498 SetWindowLongA
0x46749c SetTimer
0x4674a0 SetScrollRange
0x4674a4 SetScrollPos
0x4674a8 SetScrollInfo
0x4674ac SetRect
0x4674b0 SetPropA
0x4674b4 SetParent
0x4674b8 SetMenuItemInfoA
0x4674bc SetMenu
0x4674c0 SetForegroundWindow
0x4674c4 SetFocus
0x4674c8 SetCursor
0x4674cc SetClassLongA
0x4674d0 SetCapture
0x4674d4 SetActiveWindow
0x4674d8 SendMessageA
0x4674dc ScrollWindow
0x4674e0 ScreenToClient
0x4674e4 RemovePropA
0x4674e8 RemoveMenu
0x4674ec ReleaseDC
0x4674f0 ReleaseCapture
0x4674fc RegisterClassA
0x467500 RedrawWindow
0x467504 PtInRect
0x467508 PostQuitMessage
0x46750c PostMessageA
0x467510 PeekMessageA
0x467514 OffsetRect
0x467518 OemToCharA
0x46751c MessageBoxA
0x467520 MapWindowPoints
0x467524 MapVirtualKeyA
0x467528 LoadStringA
0x46752c LoadKeyboardLayoutA
0x467530 LoadIconA
0x467534 LoadCursorA
0x467538 LoadBitmapA
0x46753c KillTimer
0x467540 IsZoomed
0x467544 IsWindowVisible
0x467548 IsWindowEnabled
0x46754c IsWindow
0x467550 IsRectEmpty
0x467554 IsIconic
0x467558 IsDialogMessageA
0x46755c IsChild
0x467560 InvalidateRect
0x467564 IntersectRect
0x467568 InsertMenuItemA
0x46756c InsertMenuA
0x467570 InflateRect
0x467578 GetWindowTextA
0x46757c GetWindowRect
0x467580 GetWindowPlacement
0x467584 GetWindowLongA
0x467588 GetWindowDC
0x46758c GetTopWindow
0x467590 GetSystemMetrics
0x467594 GetSystemMenu
0x467598 GetSysColorBrush
0x46759c GetSysColor
0x4675a0 GetSubMenu
0x4675a4 GetScrollRange
0x4675a8 GetScrollPos
0x4675ac GetScrollInfo
0x4675b0 GetPropA
0x4675b4 GetParent
0x4675b8 GetWindow
0x4675bc GetMenuStringA
0x4675c0 GetMenuState
0x4675c4 GetMenuItemInfoA
0x4675c8 GetMenuItemID
0x4675cc GetMenuItemCount
0x4675d0 GetMenu
0x4675d4 GetLastActivePopup
0x4675d8 GetKeyboardState
0x4675e0 GetKeyboardLayout
0x4675e4 GetKeyState
0x4675e8 GetKeyNameTextA
0x4675ec GetIconInfo
0x4675f0 GetForegroundWindow
0x4675f4 GetFocus
0x4675f8 GetDlgItem
0x4675fc GetDesktopWindow
0x467600 GetDCEx
0x467604 GetDC
0x467608 GetCursorPos
0x46760c GetCursor
0x467610 GetClipboardData
0x467614 GetClientRect
0x467618 GetClassNameA
0x46761c GetClassInfoA
0x467620 GetCapture
0x467624 GetActiveWindow
0x467628 FrameRect
0x46762c FindWindowA
0x467630 FillRect
0x467634 EqualRect
0x467638 EnumWindows
0x46763c EnumThreadWindows
0x467640 EndPaint
0x467644 EnableWindow
0x467648 EnableScrollBar
0x46764c EnableMenuItem
0x467650 DrawTextA
0x467654 DrawMenuBar
0x467658 DrawIconEx
0x46765c DrawIcon
0x467660 DrawFrameControl
0x467664 DrawFocusRect
0x467668 DrawEdge
0x46766c DispatchMessageA
0x467670 DestroyWindow
0x467674 DestroyMenu
0x467678 DestroyIcon
0x46767c DestroyCursor
0x467680 DeleteMenu
0x467684 DefWindowProcA
0x467688 DefMDIChildProcA
0x46768c DefFrameProcA
0x467690 CreatePopupMenu
0x467694 CreateMenu
0x467698 CreateIcon
0x46769c ClientToScreen
0x4676a0 CheckMenuItem
0x4676a4 CallWindowProcA
0x4676a8 CallNextHookEx
0x4676ac BeginPaint
0x4676b0 CharNextA
0x4676b4 CharLowerBuffA
0x4676b8 CharLowerA
0x4676bc CharToOemA
0x4676c0 AdjustWindowRectEx
Library kernel32.dll:
0x4676cc Sleep
Library oleaut32.dll:
0x4676d4 SafeArrayPtrOfIndex
0x4676d8 SafeArrayGetUBound
0x4676dc SafeArrayGetLBound
0x4676e0 SafeArrayCreate
0x4676e4 VariantChangeType
0x4676e8 VariantCopy
0x4676ec VariantClear
0x4676f0 VariantInit
Library comctl32.dll:
0x467700 ImageList_Write
0x467704 ImageList_Read
0x467714 ImageList_DragMove
0x467718 ImageList_DragLeave
0x46771c ImageList_DragEnter
0x467720 ImageList_EndDrag
0x467724 ImageList_BeginDrag
0x467728 ImageList_Remove
0x46772c ImageList_DrawEx
0x467730 ImageList_Replace
0x467734 ImageList_Draw
0x467744 ImageList_Add
0x46774c ImageList_Destroy
0x467750 ImageList_Create
0x467754 InitCommonControls
Library comdlg32.dll:
0x46775c GetOpenFileNameA

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 50534 114.114.114.114 53
192.168.56.101 55368 114.114.114.114 53
192.168.56.101 56539 114.114.114.114 53
192.168.56.101 65004 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 49235 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 60123 224.0.0.252 5355
192.168.56.101 62191 224.0.0.252 5355
192.168.56.101 1900 239.255.255.250 1900
192.168.56.101 50535 239.255.255.250 3702
192.168.56.101 50537 239.255.255.250 3702
192.168.56.101 56540 239.255.255.250 3702
192.168.56.101 56807 239.255.255.250 1900
192.168.56.101 58707 239.255.255.250 3702

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.