6.2
高危
61 个模型检测该样本为恶意!
重新分析
更多

40e9b18a9ae56099292d10bd537b24db851b03b38a54028f5460b1433f4aa627

a8dcdfcf26dda3d6f2c503f3479313fa.exe

分析耗时

23s

最近分析

文件大小

705.5KB
静态报毒 动态报毒 AGEN AGENTTESLA AI SCORE=80 AIDETECTVM ALI2000015 AUTO BTBU9I CLASSIC CONFIDENCE DELF DELFINJECT DELPHILESS ELDORADO ELKP ELNW EPPB FAREIT FORMBOOK GDSDA HIGH CONFIDENCE HJEJTF IGENT KRYPTIK MALWARE2 MALWARE@#3U754LSRO33I4 PWSX R + MAL R06EC0DI220 SCORE SG0@AUMMRQLI SIGGEN2 STATIC AI SUSGEN SUSPICIOUS PE TSCOPE UNSAFE X2059 ZELPHIF 更多
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
Alibaba Trojan:Win32/DelfInject.ali2000015 20190527 0.3.0.5
Baidu 20190318 1.0.0.2
Avast Win32:PWSX-gen [Trj] 20201228 21.1.5827.0
Tencent Win32.Trojan.Inject.Auto 20201228 1.0.0.1
Kingsoft 20201228 2017.9.26.565
McAfee Fareit-FSK!A8DCDFCF26DD 20201228 6.0.6.653
CrowdStrike win/malicious_confidence_90% (W) 20190702 1.0
静态指标
The executable contains unknown PE section names indicative of a packer (could be a false positive) (3 个事件)
section CODE
section DATA
section BSS
The executable uses a known packer (1 个事件)
packer BobSoft Mini Delphi -> BoB / BobSoft
One or more processes crashed (2 个事件)
Time & API Arguments Status Return Repeated
1619826880.378915
__exception__
stacktrace: 
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 49413952
registers.edi: 0
registers.eax: 0
registers.ebp: 49414024
registers.edx: 0
registers.ebx: 0
registers.esi: 0
registers.ecx: 1969237513
exception.instruction_r: f7 f0 33 c0 5a 59 59 64 89 10 eb 60 e9 cf c1 fa
exception.symbol: a8dcdfcf26dda3d6f2c503f3479313fa+0x573b4
exception.instruction: div eax
exception.module: a8dcdfcf26dda3d6f2c503f3479313fa.exe
exception.exception_code: 0xc0000094
exception.offset: 357300
exception.address: 0x4573b4
success 0 0
1619828439.006126
__exception__
stacktrace: 
CreateFileMappingW+0xe5 OpenFileMappingW-0x29 kernelbase+0xdc73 @ 0x778edc73
GetFileVersion+0xa7 ND_RI2-0x2eb mscoreei+0xe97b @ 0x7501e97b
GetFileVersion+0x1bb ND_RI2-0x1d7 mscoreei+0xea8f @ 0x7501ea8f
RegisterShimImplCallback+0x48e5 CLRCreateInstance-0x13e6 mscoreei+0xb25a @ 0x7501b25a
RegisterShimImplCallback+0x4b52 CLRCreateInstance-0x1179 mscoreei+0xb4c7 @ 0x7501b4c7
RegisterShimImplCallback+0x4300 CLRCreateInstance-0x19cb mscoreei+0xac75 @ 0x7501ac75
RegisterShimImplCallback+0x4561 CLRCreateInstance-0x176a mscoreei+0xaed6 @ 0x7501aed6
CreateConfigStream+0xc89 _CorExeMain-0x62 mscoreei+0x5511 @ 0x75015511
_CorExeMain+0x2b _CorExeMain2-0x141 mscoreei+0x559e @ 0x7501559e
CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x75177f16
_CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x75174de3
a8dcdfcf26dda3d6f2c503f3479313fa+0x58a4d @ 0x458a4d
a8dcdfcf26dda3d6f2c503f3479313fa+0x51254 @ 0x451254
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1634372
registers.edi: 2
registers.eax: 1
registers.ebp: 1634412
registers.edx: 228
registers.ebx: 983045
registers.esi: 1634532
registers.ecx: 228
exception.symbol:
exception.exception_code: 0xc0000005
exception.address: 0xff4314ad
success 0 0
行为判定
动态指标
One or more potentially interesting buffers were extracted, these generally contain injected code, configuration data, etc.
Allocates read-write-execute memory (usually to unpack itself) (30 个事件)
Time & API Arguments Status Return Repeated
1619826880.222915
NtAllocateVirtualMemory
process_identifier: 2468
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x003d0000
success 0 0
1619826880.378915
NtAllocateVirtualMemory
process_identifier: 2468
region_size: 53248
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00510000
success 0 0
1619826880.394915
NtAllocateVirtualMemory
process_identifier: 2468
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x01ed0000
success 0 0
1619828438.053126
NtProtectVirtualMemory
process_identifier: 1544
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00400000
success 0 0
1619828438.116126
NtAllocateVirtualMemory
process_identifier: 1544
region_size: 262144
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 8192 (MEM_RESERVE)
base_address: 0x00530000
success 0 0
1619828438.116126
NtAllocateVirtualMemory
process_identifier: 1544
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00530000
success 0 0
1619828438.116126
NtAllocateVirtualMemory
process_identifier: 1544
region_size: 327680
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x01db0000
success 0 0
1619828438.116126
NtProtectVirtualMemory
process_identifier: 1544
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 299008
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x01db2000
success 0 0
1619828438.459126
NtAllocateVirtualMemory
process_identifier: 1544
region_size: 655360
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 8192 (MEM_RESERVE)
base_address: 0x01ee0000
success 0 0
1619828438.459126
NtAllocateVirtualMemory
process_identifier: 1544
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x01f40000
success 0 0
1619828438.991126
NtProtectVirtualMemory
process_identifier: 1544
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x01ed2000
success 0 0
1619828438.991126
NtProtectVirtualMemory
process_identifier: 1544
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76351000
success 0 0
1619828438.991126
NtProtectVirtualMemory
process_identifier: 1544
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x01ed2000
success 0 0
1619828438.991126
NtProtectVirtualMemory
process_identifier: 1544
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76353000
success 0 0
1619828438.991126
NtProtectVirtualMemory
process_identifier: 1544
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x01ed2000
success 0 0
1619828438.991126
NtProtectVirtualMemory
process_identifier: 1544
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76354000
success 0 0
1619828438.991126
NtProtectVirtualMemory
process_identifier: 1544
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x01ed2000
success 0 0
1619828438.991126
NtProtectVirtualMemory
process_identifier: 1544
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76351000
success 0 0
1619828438.991126
NtProtectVirtualMemory
process_identifier: 1544
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x01ed2000
success 0 0
1619828438.991126
NtProtectVirtualMemory
process_identifier: 1544
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x77d4f000
success 0 0
1619828438.991126
NtProtectVirtualMemory
process_identifier: 1544
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x01ed2000
success 0 0
1619828438.991126
NtProtectVirtualMemory
process_identifier: 1544
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76353000
success 0 0
1619828438.991126
NtProtectVirtualMemory
process_identifier: 1544
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x01ed2000
success 0 0
1619828438.991126
NtProtectVirtualMemory
process_identifier: 1544
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76351000
success 0 0
1619828438.991126
NtProtectVirtualMemory
process_identifier: 1544
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x01ed2000
success 0 0
1619828438.991126
NtProtectVirtualMemory
process_identifier: 1544
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76351000
success 0 0
1619828438.991126
NtProtectVirtualMemory
process_identifier: 1544
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x01ed2000
success 0 0
1619828438.991126
NtProtectVirtualMemory
process_identifier: 1544
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76354000
success 0 0
1619828438.991126
NtProtectVirtualMemory
process_identifier: 1544
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x01ed2000
success 0 0
1619828438.991126
NtProtectVirtualMemory
process_identifier: 1544
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76351000
success 0 0
Searches running processes potentially to identify processes for sandbox evasion, code injection or memory dumping (6 个事件)
The binary likely contains encrypted or compressed data indicative of a packer (3 个事件)
entropy 7.590643971399277 section {'size_of_data': '0x0000e000', 'virtual_address': '0x00058000', 'entropy': 7.590643971399277, 'name': 'DATA', 'virtual_size': '0x0000deac'} description A section with a high entropy has been found
entropy 7.386312253570839 section {'size_of_data': '0x00043200', 'virtual_address': '0x00073000', 'entropy': 7.386312253570839, 'name': '.rsrc', 'virtual_size': '0x0004316c'} description A section with a high entropy has been found
entropy 0.46061036195883603 description Overall entropy of this PE file is high
网络通信
Communicates with host for which no DNS query was performed (1 个事件)
host 172.217.24.14
Used NtSetContextThread to modify a thread in a remote process indicative of process injection (2 个事件)
Process injection Process 2468 called NtSetContextThread to modify thread in remote process 1544
Time & API Arguments Status Return Repeated
1619826880.785915
NtSetContextThread
thread_handle: 0x00000100
registers.eip: 0
registers.esp: 0
registers.edi: 0
registers.eax: 4893792
registers.ebp: 0
registers.edx: 0
registers.ebx: 2130567168
registers.esi: 0
registers.ecx: 0
process_identifier: 1544
success 0 0
Resumed a suspended thread in a remote process potentially indicative of process injection (2 个事件)
Process injection Process 2468 resumed a thread in remote process 1544
Time & API Arguments Status Return Repeated
1619826881.019915
NtResumeThread
thread_handle: 0x00000100
suspend_count: 1
process_identifier: 1544
success 0 0
Executed a process and injected code into it, probably while unpacking (6 个事件)
Time & API Arguments Status Return Repeated
1619826880.722915
CreateProcessInternalW
thread_identifier: 360
thread_handle: 0x00000100
process_identifier: 1544
current_directory:
filepath:
track: 1
command_line: "C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\a8dcdfcf26dda3d6f2c503f3479313fa.exe"
filepath_r:
stack_pivoted: 0
creation_flags: 4 (CREATE_SUSPENDED)
process_handle: 0x00000104
inherit_handles: 0
success 1 0
1619826880.722915
NtUnmapViewOfSection
process_identifier: 1544
region_size: 4096
process_handle: 0x00000104
base_address: 0x00400000
success 0 0
1619826880.769915
NtMapViewOfSection
section_handle: 0x0000010c
process_identifier: 1544
commit_size: 704512
win32_protect: 64 (PAGE_EXECUTE_READWRITE)
buffer:
process_handle: 0x00000104
allocation_type: 0 ()
section_offset: 0
view_size: 704512
base_address: 0x00400000
success 0 0
1619826880.785915
NtGetContextThread
thread_handle: 0x00000100
success 0 0
1619826880.785915
NtSetContextThread
thread_handle: 0x00000100
registers.eip: 0
registers.esp: 0
registers.edi: 0
registers.eax: 4893792
registers.ebp: 0
registers.edx: 0
registers.ebx: 2130567168
registers.esi: 0
registers.ecx: 0
process_identifier: 1544
success 0 0
1619826881.019915
NtResumeThread
thread_handle: 0x00000100
suspend_count: 1
process_identifier: 1544
success 0 0
File has been identified by 61 AntiVirus engines on VirusTotal as malicious (50 out of 61 个事件)
Bkav W32.AIDetectVM.malware2
Elastic malicious (high confidence)
MicroWorld-eScan Trojan.Agent.EPPB
FireEye Generic.mg.a8dcdfcf26dda3d6
CAT-QuickHeal Trojan.Kryptik
Qihoo-360 Win32/Trojan.469
ALYac Trojan.Agent.EPPB
Cylance Unsafe
Sangfor Malware
K7AntiVirus Trojan ( 00564fdd1 )
Alibaba Trojan:Win32/DelfInject.ali2000015
K7GW Trojan ( 00564fdd1 )
Cybereason malicious.f26dda
Arcabit Trojan.Agent.EPPB
Cyren W32/Delf.KH.gen!Eldorado
Symantec Trojan Horse
APEX Malicious
Avast Win32:PWSX-gen [Trj]
ClamAV Win.Dropper.AgentTesla-7687363-1
Kaspersky HEUR:Trojan.Win32.Kryptik.gen
BitDefender Trojan.Agent.EPPB
NANO-Antivirus Trojan.Win32.Dwn.hjejtf
Paloalto generic.ml
Tencent Win32.Trojan.Inject.Auto
Ad-Aware Trojan.Agent.EPPB
Sophos Mal/Generic-R + Mal/Fareit-AA
Comodo Malware@#3u754lsro33i4
F-Secure Heuristic.HEUR/AGEN.1136310
DrWeb Trojan.PWS.Siggen2.47851
VIPRE Trojan.Win32.Generic!BT
TrendMicro TROJ_GEN.R06EC0DI220
McAfee-GW-Edition BehavesLike.Win32.Fareit.bc
Emsisoft Trojan.Agent.EPPB (B)
Ikarus Trojan.Inject
Jiangmin Trojan.Kryptik.apd
Avira HEUR/AGEN.1136310
Antiy-AVL Trojan/Win32.Formbook
Gridinsoft Trojan.Win32.Agent.ba!s1
Microsoft Trojan:Win32/FormBook.BX!MTB
AegisLab Trojan.Multi.Generic.4!c
ZoneAlarm HEUR:Trojan.Win32.Kryptik.gen
GData Trojan.Agent.EPPB
Cynet Malicious (score: 100)
AhnLab-V3 Suspicious/Win.Delphiless.X2059
Acronis suspicious
McAfee Fareit-FSK!A8DCDFCF26DD
MAX malware (ai score=80)
VBA32 TScope.Trojan.Delf
Malwarebytes Trojan.MalPack.DLF
ESET-NOD32 a variant of Win32/Injector.ELNW
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

1992-06-20 06:22:17

Imports

Library kernel32.dll:
0x46713c VirtualFree
0x467140 VirtualAlloc
0x467144 LocalFree
0x467148 LocalAlloc
0x46714c GetVersion
0x467150 GetCurrentThreadId
0x46715c VirtualQuery
0x467160 WideCharToMultiByte
0x467164 MultiByteToWideChar
0x467168 lstrlenA
0x46716c lstrcpynA
0x467170 LoadLibraryExA
0x467174 GetThreadLocale
0x467178 GetStartupInfoA
0x46717c GetProcAddress
0x467180 GetModuleHandleA
0x467184 GetModuleFileNameA
0x467188 GetLocaleInfoA
0x46718c GetCommandLineA
0x467190 FreeLibrary
0x467194 FindFirstFileA
0x467198 FindClose
0x46719c ExitProcess
0x4671a0 WriteFile
0x4671a8 RtlUnwind
0x4671ac RaiseException
0x4671b0 GetStdHandle
Library user32.dll:
0x4671b8 GetKeyboardType
0x4671bc LoadStringA
0x4671c0 MessageBoxA
0x4671c4 CharNextA
Library advapi32.dll:
0x4671cc RegQueryValueExA
0x4671d0 RegOpenKeyExA
0x4671d4 RegCloseKey
Library oleaut32.dll:
0x4671dc SysFreeString
0x4671e0 SysReAllocStringLen
0x4671e4 SysAllocStringLen
Library kernel32.dll:
0x4671ec TlsSetValue
0x4671f0 TlsGetValue
0x4671f4 LocalAlloc
0x4671f8 GetModuleHandleA
Library advapi32.dll:
0x467200 RegQueryValueExA
0x467204 RegOpenKeyExA
0x467208 RegCloseKey
Library kernel32.dll:
0x467210 lstrcpyA
0x467214 WriteFile
0x46721c WaitForSingleObject
0x467220 VirtualQuery
0x467224 VirtualAlloc
0x467228 Sleep
0x46722c SizeofResource
0x467230 SetThreadLocale
0x467234 SetFilePointer
0x467238 SetEvent
0x46723c SetErrorMode
0x467240 SetEndOfFile
0x467244 ResetEvent
0x467248 ReadFile
0x46724c MulDiv
0x467250 LockResource
0x467254 LoadResource
0x467258 LoadLibraryA
0x467264 GlobalUnlock
0x467268 GlobalReAlloc
0x46726c GlobalHandle
0x467270 GlobalLock
0x467274 GlobalFree
0x467278 GlobalFindAtomA
0x46727c GlobalDeleteAtom
0x467280 GlobalAlloc
0x467284 GlobalAddAtomA
0x467288 GetVersionExA
0x46728c GetVersion
0x467290 GetTickCount
0x467294 GetThreadLocale
0x46729c GetSystemTime
0x4672a0 GetSystemInfo
0x4672a4 GetStringTypeExA
0x4672a8 GetStdHandle
0x4672ac GetProcAddress
0x4672b0 GetModuleHandleA
0x4672b4 GetModuleFileNameA
0x4672b8 GetLocaleInfoA
0x4672bc GetLocalTime
0x4672c0 GetLastError
0x4672c4 GetFullPathNameA
0x4672c8 GetDiskFreeSpaceA
0x4672cc GetDateFormatA
0x4672d0 GetCurrentThreadId
0x4672d4 GetCurrentProcessId
0x4672d8 GetCPInfo
0x4672dc GetACP
0x4672e0 FreeResource
0x4672e4 InterlockedExchange
0x4672e8 FreeLibrary
0x4672ec FormatMessageA
0x4672f0 FindResourceA
0x4672f8 ExitThread
0x4672fc EnumCalendarInfoA
0x467308 CreateThread
0x46730c CreateFileA
0x467310 CreateEventA
0x467314 CompareStringA
0x467318 CloseHandle
Library version.dll:
0x467320 VerQueryValueA
0x467328 GetFileVersionInfoA
Library gdi32.dll:
0x467330 UnrealizeObject
0x467334 StretchBlt
0x467338 SetWindowOrgEx
0x46733c SetViewportOrgEx
0x467340 SetTextColor
0x467344 SetStretchBltMode
0x467348 SetROP2
0x46734c SetPixel
0x467350 SetDIBColorTable
0x467354 SetBrushOrgEx
0x467358 SetBkMode
0x46735c SetBkColor
0x467360 SelectPalette
0x467364 SelectObject
0x467368 SelectClipRgn
0x46736c SaveDC
0x467370 RestoreDC
0x467374 Rectangle
0x467378 RectVisible
0x46737c RealizePalette
0x467380 PatBlt
0x467384 MoveToEx
0x467388 MaskBlt
0x46738c LineTo
0x467390 IntersectClipRect
0x467394 GetWindowOrgEx
0x467398 GetTextMetricsA
0x4673a4 GetStockObject
0x4673a8 GetPixel
0x4673ac GetPaletteEntries
0x4673b0 GetObjectA
0x4673b4 GetDeviceCaps
0x4673b8 GetDIBits
0x4673bc GetDIBColorTable
0x4673c0 GetDCOrgEx
0x4673c8 GetClipRgn
0x4673cc GetClipBox
0x4673d0 GetBrushOrgEx
0x4673d4 GetBitmapBits
0x4673d8 ExtTextOutA
0x4673dc ExcludeClipRect
0x4673e0 DeleteObject
0x4673e4 DeleteDC
0x4673e8 CreateSolidBrush
0x4673ec CreateRectRgn
0x4673f0 CreatePenIndirect
0x4673f4 CreatePalette
0x4673fc CreateFontIndirectA
0x467400 CreateDIBitmap
0x467404 CreateDIBSection
0x467408 CreateCompatibleDC
0x467410 CreateBrushIndirect
0x467414 CreateBitmap
0x467418 BitBlt
Library user32.dll:
0x467420 CreateWindowExA
0x467424 WindowFromPoint
0x467428 WinHelpA
0x46742c WaitMessage
0x467430 UpdateWindow
0x467434 UnregisterClassA
0x467438 UnhookWindowsHookEx
0x46743c TranslateMessage
0x467444 TrackPopupMenu
0x46744c ShowWindow
0x467450 ShowScrollBar
0x467454 ShowOwnedPopups
0x467458 ShowCursor
0x46745c SetWindowsHookExA
0x467460 SetWindowTextA
0x467464 SetWindowPos
0x467468 SetWindowPlacement
0x46746c SetWindowLongA
0x467470 SetTimer
0x467474 SetScrollRange
0x467478 SetScrollPos
0x46747c SetScrollInfo
0x467480 SetRect
0x467484 SetPropA
0x467488 SetParent
0x46748c SetMenuItemInfoA
0x467490 SetMenu
0x467494 SetForegroundWindow
0x467498 SetFocus
0x46749c SetCursor
0x4674a0 SetClassLongA
0x4674a4 SetCapture
0x4674a8 SetActiveWindow
0x4674ac SendMessageA
0x4674b0 ScrollWindow
0x4674b4 ScreenToClient
0x4674b8 RemovePropA
0x4674bc RemoveMenu
0x4674c0 ReleaseDC
0x4674c4 ReleaseCapture
0x4674d0 RegisterClassA
0x4674d4 RedrawWindow
0x4674d8 PtInRect
0x4674dc PostQuitMessage
0x4674e0 PostMessageA
0x4674e4 PeekMessageA
0x4674e8 OffsetRect
0x4674ec OemToCharA
0x4674f0 MessageBoxA
0x4674f4 MapWindowPoints
0x4674f8 MapVirtualKeyA
0x4674fc LoadStringA
0x467500 LoadKeyboardLayoutA
0x467504 LoadIconA
0x467508 LoadCursorA
0x46750c LoadBitmapA
0x467510 KillTimer
0x467514 IsZoomed
0x467518 IsWindowVisible
0x46751c IsWindowEnabled
0x467520 IsWindow
0x467524 IsRectEmpty
0x467528 IsIconic
0x46752c IsDialogMessageA
0x467530 IsChild
0x467534 InvalidateRect
0x467538 IntersectRect
0x46753c InsertMenuItemA
0x467540 InsertMenuA
0x467544 InflateRect
0x46754c GetWindowTextA
0x467550 GetWindowRect
0x467554 GetWindowPlacement
0x467558 GetWindowLongA
0x46755c GetWindowDC
0x467560 GetTopWindow
0x467564 GetSystemMetrics
0x467568 GetSystemMenu
0x46756c GetSysColorBrush
0x467570 GetSysColor
0x467574 GetSubMenu
0x467578 GetScrollRange
0x46757c GetScrollPos
0x467580 GetScrollInfo
0x467584 GetPropA
0x467588 GetParent
0x46758c GetWindow
0x467590 GetMenuStringA
0x467594 GetMenuState
0x467598 GetMenuItemInfoA
0x46759c GetMenuItemID
0x4675a0 GetMenuItemCount
0x4675a4 GetMenu
0x4675a8 GetLastActivePopup
0x4675ac GetKeyboardState
0x4675b4 GetKeyboardLayout
0x4675b8 GetKeyState
0x4675bc GetKeyNameTextA
0x4675c0 GetInputState
0x4675c4 GetIconInfo
0x4675c8 GetForegroundWindow
0x4675cc GetFocus
0x4675d0 GetDlgItem
0x4675d4 GetDesktopWindow
0x4675d8 GetDCEx
0x4675dc GetDC
0x4675e0 GetCursorPos
0x4675e4 GetCursor
0x4675e8 GetClientRect
0x4675ec GetClassNameA
0x4675f0 GetClassInfoA
0x4675f4 GetCapture
0x4675f8 GetActiveWindow
0x4675fc FrameRect
0x467600 FindWindowA
0x467604 FillRect
0x467608 EqualRect
0x46760c EnumWindows
0x467610 EnumThreadWindows
0x467614 EndPaint
0x467618 EnableWindow
0x46761c EnableScrollBar
0x467620 EnableMenuItem
0x467624 DrawTextA
0x467628 DrawMenuBar
0x46762c DrawIconEx
0x467630 DrawIcon
0x467634 DrawFrameControl
0x467638 DrawFocusRect
0x46763c DrawEdge
0x467640 DispatchMessageA
0x467644 DestroyWindow
0x467648 DestroyMenu
0x46764c DestroyIcon
0x467650 DestroyCursor
0x467654 DeleteMenu
0x467658 DefWindowProcA
0x46765c DefMDIChildProcA
0x467660 DefFrameProcA
0x467664 CreatePopupMenu
0x467668 CreateMenu
0x46766c CreateIcon
0x467670 ClientToScreen
0x467674 CheckMenuItem
0x467678 CallWindowProcA
0x46767c CallNextHookEx
0x467680 BeginPaint
0x467684 CharNextA
0x467688 CharLowerA
0x46768c CharToOemA
0x467690 AdjustWindowRectEx
Library kernel32.dll:
0x46769c Sleep
Library oleaut32.dll:
0x4676a4 SafeArrayPtrOfIndex
0x4676a8 SafeArrayGetUBound
0x4676ac SafeArrayGetLBound
0x4676b0 SafeArrayCreate
0x4676b4 VariantChangeType
0x4676b8 VariantCopy
0x4676bc VariantClear
0x4676c0 VariantInit
Library comctl32.dll:
0x4676d0 ImageList_Write
0x4676d4 ImageList_Read
0x4676e4 ImageList_DragMove
0x4676e8 ImageList_DragLeave
0x4676ec ImageList_DragEnter
0x4676f0 ImageList_EndDrag
0x4676f4 ImageList_BeginDrag
0x4676f8 ImageList_Remove
0x4676fc ImageList_DrawEx
0x467700 ImageList_Draw
0x467710 ImageList_Add
0x467718 ImageList_Destroy
0x46771c ImageList_Create
Library comdlg32.dll:
0x467724 GetSaveFileNameA
0x467728 GetOpenFileNameA

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 50534 114.114.114.114 53
192.168.56.101 51963 114.114.114.114 53
192.168.56.101 56539 114.114.114.114 53
192.168.56.101 65004 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 49235 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 60123 224.0.0.252 5355
192.168.56.101 62191 224.0.0.252 5355
192.168.56.101 1900 239.255.255.250 1900
192.168.56.101 50535 239.255.255.250 3702
192.168.56.101 56540 239.255.255.250 3702
192.168.56.101 56807 239.255.255.250 1900
192.168.56.101 58707 239.255.255.250 3702

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.