5.6
高危
60 个模型检测该样本为恶意!
重新分析
更多

49c1e306362700be6143f3dc9592a72ca5d9dc3d7237d9f8e4f14b5c14ea2155

a994c282121739bf0b82afd98cc594a4.exe

分析耗时

77s

最近分析

文件大小

966.5KB
静态报毒 动态报毒 8GX@ACXMIVLM AI SCORE=85 AIDETECTVM ATTRIBUTE AZORULT BTEK1T CLASSIC CONFIDENCE DELF DHMQ DOWNLOADER33 ELOX ELRO GDSDA GENCIRC GENERICRXAA HIGH CONFIDENCE HIGHCONFIDENCE HJTRGM IGENT KRYPTIK MALWARE1 MALWARE@#14ZRFJL79IDYD R337874 RATX REMCOS SCORE STATIC AI SUSGEN SUSPICIOUS PE TROJANPSW TROJANPWS TSCOPE UNSAFE YSHQS ZELPHIF ZUSY 更多
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
McAfee GenericRXAA-FA!A994C2821217 20201228 6.0.6.653
Alibaba TrojanPSW:Win32/Remcos.b907899f 20190527 0.3.0.5
Avast Win32:RATX-gen [Trj] 20201228 21.1.5827.0
Baidu 20190318 1.0.0.2
Kingsoft 20201228 2017.9.26.565
Tencent Malware.Win32.Gencirc.1160ffef 20201228 1.0.0.1
CrowdStrike win/malicious_confidence_90% (W) 20190702 1.0
静态指标
The executable contains unknown PE section names indicative of a packer (could be a false positive) (3 个事件)
section CODE
section DATA
section BSS
The executable uses a known packer (1 个事件)
packer BobSoft Mini Delphi -> BoB / BobSoft
One or more processes crashed (1 个事件)
Time & API Arguments Status Return Repeated
1619826939.354822
__exception__
stacktrace: 
0x2098fe2
DriverCallback+0x4e waveOutOpen-0xa2e winmm+0x3af0 @ 0x75093af0
timeEndPeriod+0x54a timeKillEvent-0x57 winmm+0xa535 @ 0x7509a535
timeEndPeriod+0x449 timeKillEvent-0x158 winmm+0xa434 @ 0x7509a434
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 57998820
registers.edi: 57998864
registers.eax: 0
registers.ebp: 57998956
registers.edx: 0
registers.ebx: 0
registers.esi: 0
registers.ecx: 0
exception.instruction_r: 8b 40 3c 99 03 04 24 13 54 24 04 83 c4 08 89 44
exception.instruction: mov eax, dword ptr [eax + 0x3c]
exception.exception_code: 0xc0000005
exception.symbol:
exception.address: 0x2098760
success 0 0
行为判定
动态指标
Allocates read-write-execute memory (usually to unpack itself) (1 个事件)
Time & API Arguments Status Return Repeated
1619826885.244822
NtAllocateVirtualMemory
process_identifier: 732
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x01d30000
success 0 0
Downloads a file or document from Google Drive (1 个事件)
domain drive.google.com
Checks adapter addresses which can be used to detect virtual network interfaces (1 个事件)
Time & API Arguments Status Return Repeated
1619826910.916822
GetAdaptersAddresses
flags: 0
family: 0
failed 111 0
The binary likely contains encrypted or compressed data indicative of a packer (2 个事件)
entropy 7.366001200561815 section {'size_of_data': '0x0005f800', 'virtual_address': '0x00097000', 'entropy': 7.366001200561815, 'name': '.rsrc', 'virtual_size': '0x0005f7b8'} description A section with a high entropy has been found
entropy 0.3956499223200414 description Overall entropy of this PE file is high
网络通信
Communicates with host for which no DNS query was performed (1 个事件)
host 172.217.24.14
Sets or modifies WPAD proxy autoconfiguration file for traffic interception (8 个事件)
Time & API Arguments Status Return Repeated
1619826913.510822
RegSetValueExA
key_handle: 0x000003c4
value: 1
regkey_r: WpadDecisionReason
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionReason
success 0 0
1619826913.510822
RegSetValueExA
key_handle: 0x000003c4
value: 3ÿÉ+>×
regkey_r: WpadDecisionTime
reg_type: 3 (REG_BINARY)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionTime
success 0 0
1619826913.510822
RegSetValueExA
key_handle: 0x000003c4
value: 3
regkey_r: WpadDecision
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecision
success 0 0
1619826913.510822
RegSetValueExW
key_handle: 0x000003c4
value: 网络 2
regkey_r: WpadNetworkName
reg_type: 1 (REG_SZ)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadNetworkName
success 0 0
1619826913.510822
RegSetValueExA
key_handle: 0x000003dc
value: 1
regkey_r: WpadDecisionReason
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionReason
success 0 0
1619826913.510822
RegSetValueExA
key_handle: 0x000003dc
value: 3ÿÉ+>×
regkey_r: WpadDecisionTime
reg_type: 3 (REG_BINARY)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionTime
success 0 0
1619826913.510822
RegSetValueExA
key_handle: 0x000003dc
value: 3
regkey_r: WpadDecision
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecision
success 0 0
1619826913.541822
RegSetValueExW
key_handle: 0x000003c0
value: {40112ABE-63B3-43C3-BE93-1440EE3AF106}
regkey_r: WpadLastNetwork
reg_type: 1 (REG_SZ)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\WpadLastNetwork
success 0 0
Connects to an IP address that is no longer responding to requests (legitimate services will remain up-and-running usually) (1 个事件)
dead_host 93.179.102.140:443
File has been identified by 60 AntiVirus engines on VirusTotal as malicious (50 out of 60 个事件)
Bkav W32.AIDetectVM.malware1
Elastic malicious (high confidence)
DrWeb Trojan.DownLoader33.38656
MicroWorld-eScan Gen:Variant.Zusy.302494
FireEye Generic.mg.a994c282121739bf
CAT-QuickHeal Trojanpws.Azorult
McAfee GenericRXAA-FA!A994C2821217
Cylance Unsafe
Sangfor Malware
K7AntiVirus Trojan ( 00565ca61 )
Alibaba TrojanPSW:Win32/Remcos.b907899f
K7GW Trojan ( 00565ca61 )
Cybereason malicious.212173
Arcabit Trojan.Zusy.D49D9E
BitDefenderTheta Gen:NN.ZelphiF.34700.8GX@aCxMIvlm
Cyren W32/Trojan.DHMQ-0060
Symantec ML.Attribute.HighConfidence
ESET-NOD32 a variant of Win32/Injector.ELOX
TrendMicro-HouseCall Backdoor.Win32.REMCOS.SM
Avast Win32:RATX-gen [Trj]
ClamAV Win.Dropper.Remcos-7735852-0
Kaspersky HEUR:Trojan-PSW.Win32.Azorult.gen
BitDefender Gen:Variant.Zusy.302494
NANO-Antivirus Trojan.Win32.Dwn.hjtrgm
Paloalto generic.ml
AegisLab Trojan.Win32.Azorult.i!c
Rising Trojan.Kryptik!1.C56D (CLASSIC)
Ad-Aware Gen:Variant.Zusy.302494
Emsisoft Gen:Variant.Zusy.302494 (B)
Comodo Malware@#14zrfjl79idyd
F-Secure Trojan.TR/Injector.yshqs
VIPRE Trojan.Win32.Generic!BT
TrendMicro Backdoor.Win32.REMCOS.SM
McAfee-GW-Edition BehavesLike.Win32.Dropper.dc
Sophos Mal/Generic-S
SentinelOne Static AI - Suspicious PE
Jiangmin Trojan.PSW.Azorult.guj
MaxSecure Trojan.Malware.73741539.susgen
Avira TR/Injector.yshqs
MAX malware (ai score=85)
Antiy-AVL Trojan[PSW]/Win32.Azorult
Microsoft Trojan:Win32/Remcos.PI!MTB
ZoneAlarm HEUR:Trojan-PSW.Win32.Azorult.gen
GData Gen:Variant.Zusy.302494
Cynet Malicious (score: 85)
AhnLab-V3 Trojan/Win32.RL_Remcos.R337874
VBA32 TScope.Trojan.Delf
ALYac Gen:Variant.Zusy.302494
Malwarebytes Backdoor.Remcos
APEX Malicious
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

1992-06-20 06:22:17

Imports

Library kernel32.dll:
0x4891b4 VirtualFree
0x4891b8 VirtualAlloc
0x4891bc LocalFree
0x4891c0 LocalAlloc
0x4891c4 GetVersion
0x4891c8 GetCurrentThreadId
0x4891d4 VirtualQuery
0x4891d8 WideCharToMultiByte
0x4891dc MultiByteToWideChar
0x4891e0 lstrlenA
0x4891e4 lstrcpynA
0x4891e8 LoadLibraryExA
0x4891ec GetThreadLocale
0x4891f0 GetStartupInfoA
0x4891f4 GetProcAddress
0x4891f8 GetModuleHandleA
0x4891fc GetModuleFileNameA
0x489200 GetLocaleInfoA
0x489204 GetCommandLineA
0x489208 FreeLibrary
0x48920c FindFirstFileA
0x489210 FindClose
0x489214 ExitProcess
0x489218 WriteFile
0x489220 RtlUnwind
0x489224 RaiseException
0x489228 GetStdHandle
Library user32.dll:
0x489230 GetKeyboardType
0x489234 LoadStringA
0x489238 MessageBoxA
0x48923c CharNextA
Library advapi32.dll:
0x489244 RegQueryValueExA
0x489248 RegOpenKeyExA
0x48924c RegCloseKey
Library oleaut32.dll:
0x489254 SysFreeString
0x489258 SysReAllocStringLen
0x48925c SysAllocStringLen
Library kernel32.dll:
0x489264 TlsSetValue
0x489268 TlsGetValue
0x48926c LocalAlloc
0x489270 GetModuleHandleA
Library advapi32.dll:
0x489278 RegQueryValueExA
0x48927c RegOpenKeyExA
0x489280 RegCloseKey
Library kernel32.dll:
0x489288 lstrcpyA
0x48928c WriteFile
0x489290 WaitForSingleObject
0x489294 VirtualQuery
0x489298 VirtualProtect
0x48929c VirtualAlloc
0x4892a0 Sleep
0x4892a4 SizeofResource
0x4892a8 SetThreadLocale
0x4892ac SetFilePointer
0x4892b0 SetEvent
0x4892b4 SetErrorMode
0x4892b8 SetEndOfFile
0x4892bc ResetEvent
0x4892c0 ReadFile
0x4892c4 MultiByteToWideChar
0x4892c8 MulDiv
0x4892cc LockResource
0x4892d0 LoadResource
0x4892d4 LoadLibraryA
0x4892e0 GlobalUnlock
0x4892e4 GlobalSize
0x4892e8 GlobalReAlloc
0x4892ec GlobalHandle
0x4892f0 GlobalLock
0x4892f4 GlobalFree
0x4892f8 GlobalFindAtomA
0x4892fc GlobalDeleteAtom
0x489300 GlobalAlloc
0x489304 GlobalAddAtomA
0x489308 GetVersionExA
0x48930c GetVersion
0x489310 GetUserDefaultLCID
0x489314 GetTickCount
0x489318 GetThreadLocale
0x48931c GetSystemInfo
0x489320 GetStringTypeExA
0x489324 GetStdHandle
0x489328 GetProfileStringA
0x48932c GetProcAddress
0x489330 GetModuleHandleA
0x489334 GetModuleFileNameA
0x489338 GetLocaleInfoA
0x48933c GetLocalTime
0x489340 GetLastError
0x489344 GetFullPathNameA
0x489348 GetDiskFreeSpaceA
0x48934c GetDateFormatA
0x489350 GetCurrentThreadId
0x489354 GetCurrentProcessId
0x489358 GetCPInfo
0x48935c GetACP
0x489360 FreeResource
0x489364 InterlockedExchange
0x489368 FreeLibrary
0x48936c FormatMessageA
0x489370 FindResourceA
0x489374 FindFirstFileA
0x489378 FindClose
0x489384 EnumCalendarInfoA
0x489390 CreateThread
0x489394 CreateFileA
0x489398 CreateEventA
0x48939c CompareStringA
0x4893a0 CloseHandle
Library version.dll:
0x4893a8 VerQueryValueA
0x4893b0 GetFileVersionInfoA
Library gdi32.dll:
0x4893b8 UnrealizeObject
0x4893bc StretchBlt
0x4893c0 SetWindowOrgEx
0x4893c4 SetWindowExtEx
0x4893c8 SetWinMetaFileBits
0x4893cc SetViewportOrgEx
0x4893d0 SetViewportExtEx
0x4893d4 SetTextColor
0x4893d8 SetStretchBltMode
0x4893dc SetROP2
0x4893e0 SetPixel
0x4893e4 SetMapMode
0x4893e8 SetEnhMetaFileBits
0x4893ec SetDIBColorTable
0x4893f0 SetBrushOrgEx
0x4893f4 SetBkMode
0x4893f8 SetBkColor
0x4893fc SelectPalette
0x489400 SelectObject
0x489404 SelectClipRgn
0x489408 SaveDC
0x48940c RestoreDC
0x489410 Rectangle
0x489414 RectVisible
0x489418 RealizePalette
0x48941c Polyline
0x489420 PolyPolyline
0x489424 PlayEnhMetaFile
0x489428 PatBlt
0x48942c MoveToEx
0x489430 MaskBlt
0x489434 LineTo
0x489438 IntersectClipRect
0x48943c GetWindowOrgEx
0x489440 GetWinMetaFileBits
0x489444 GetTextMetricsA
0x489448 GetTextExtentPointA
0x489454 GetStockObject
0x489458 GetPixel
0x48945c GetPaletteEntries
0x489460 GetObjectA
0x489470 GetEnhMetaFileBits
0x489474 GetDeviceCaps
0x489478 GetDIBits
0x48947c GetDIBColorTable
0x489480 GetDCOrgEx
0x489488 GetClipBox
0x48948c GetBrushOrgEx
0x489490 GetBitmapBits
0x489494 GdiFlush
0x489498 ExtTextOutA
0x48949c ExtCreatePen
0x4894a0 ExcludeClipRect
0x4894a4 EndPage
0x4894a8 EndDoc
0x4894ac DeleteObject
0x4894b0 DeleteEnhMetaFile
0x4894b4 DeleteDC
0x4894b8 CreateSolidBrush
0x4894bc CreatePenIndirect
0x4894c0 CreatePalette
0x4894c4 CreateICA
0x4894cc CreateFontIndirectA
0x4894d0 CreateEnhMetaFileA
0x4894d4 CreateDIBitmap
0x4894d8 CreateDIBSection
0x4894dc CreateDCA
0x4894e0 CreateCompatibleDC
0x4894e8 CreateBrushIndirect
0x4894ec CreateBitmap
0x4894f0 CopyEnhMetaFileA
0x4894f4 CloseEnhMetaFile
0x4894f8 BitBlt
Library user32.dll:
0x489500 CreateWindowExA
0x489504 WindowFromPoint
0x489508 WinHelpA
0x48950c WaitMessage
0x489510 ValidateRect
0x489514 UpdateWindow
0x489518 UnregisterClassA
0x48951c UnionRect
0x489520 UnhookWindowsHookEx
0x489524 TranslateMessage
0x48952c TrackPopupMenu
0x489534 ShowWindow
0x489538 ShowScrollBar
0x48953c ShowOwnedPopups
0x489540 ShowCursor
0x489544 SetWindowsHookExA
0x489548 SetWindowTextA
0x48954c SetWindowPos
0x489550 SetWindowPlacement
0x489554 SetWindowLongA
0x489558 SetTimer
0x48955c SetScrollRange
0x489560 SetScrollPos
0x489564 SetScrollInfo
0x489568 SetRect
0x48956c SetPropA
0x489570 SetParent
0x489574 SetMenuItemInfoA
0x489578 SetMenu
0x48957c SetKeyboardState
0x489580 SetForegroundWindow
0x489584 SetFocus
0x489588 SetCursor
0x48958c SetClipboardData
0x489590 SetClassLongA
0x489594 SetCapture
0x489598 SetActiveWindow
0x48959c SendMessageA
0x4895a0 SendDlgItemMessageA
0x4895a4 ScrollWindowEx
0x4895a8 ScrollWindow
0x4895ac ScreenToClient
0x4895b0 RemovePropA
0x4895b4 RemoveMenu
0x4895b8 ReleaseDC
0x4895bc ReleaseCapture
0x4895c8 RegisterClassA
0x4895cc RedrawWindow
0x4895d0 PtInRect
0x4895d4 PostQuitMessage
0x4895d8 PostMessageA
0x4895dc PeekMessageA
0x4895e0 OpenClipboard
0x4895e4 OffsetRect
0x4895e8 OemToCharA
0x4895ec MessageBoxA
0x4895f0 MessageBeep
0x4895f4 MapWindowPoints
0x4895f8 MapVirtualKeyA
0x4895fc LoadStringA
0x489600 LoadKeyboardLayoutA
0x489604 LoadIconA
0x489608 LoadCursorA
0x48960c LoadBitmapA
0x489610 KillTimer
0x489614 IsZoomed
0x489618 IsWindowVisible
0x48961c IsWindowEnabled
0x489620 IsWindow
0x489624 IsRectEmpty
0x489628 IsIconic
0x48962c IsDialogMessageA
0x489630 IsChild
0x489634 IsCharAlphaNumericA
0x489638 IsCharAlphaA
0x48963c InvalidateRect
0x489640 IntersectRect
0x489644 InsertMenuItemA
0x489648 InsertMenuA
0x48964c InflateRect
0x489654 GetWindowTextA
0x489658 GetWindowRect
0x48965c GetWindowPlacement
0x489660 GetWindowLongA
0x489664 GetWindowDC
0x489668 GetTopWindow
0x48966c GetSystemMetrics
0x489670 GetSystemMenu
0x489674 GetSysColorBrush
0x489678 GetSysColor
0x48967c GetSubMenu
0x489680 GetScrollRange
0x489684 GetScrollPos
0x489688 GetScrollInfo
0x48968c GetPropA
0x489690 GetParent
0x489694 GetWindow
0x489698 GetMessageTime
0x48969c GetMenuStringA
0x4896a0 GetMenuState
0x4896a4 GetMenuItemInfoA
0x4896a8 GetMenuItemID
0x4896ac GetMenuItemCount
0x4896b0 GetMenu
0x4896b4 GetLastActivePopup
0x4896b8 GetKeyboardState
0x4896c0 GetKeyboardLayout
0x4896c4 GetKeyState
0x4896c8 GetKeyNameTextA
0x4896cc GetIconInfo
0x4896d0 GetForegroundWindow
0x4896d4 GetFocus
0x4896d8 GetDoubleClickTime
0x4896dc GetDlgItem
0x4896e0 GetDesktopWindow
0x4896e4 GetDCEx
0x4896e8 GetDC
0x4896ec GetCursorPos
0x4896f0 GetCursor
0x4896f4 GetClipboardData
0x4896f8 GetClientRect
0x4896fc GetClassNameA
0x489700 GetClassInfoA
0x489704 GetCaretPos
0x489708 GetCapture
0x48970c GetActiveWindow
0x489710 FrameRect
0x489714 FindWindowA
0x489718 FillRect
0x48971c EqualRect
0x489720 EnumWindows
0x489724 EnumThreadWindows
0x48972c EndPaint
0x489730 EnableWindow
0x489734 EnableScrollBar
0x489738 EnableMenuItem
0x48973c EmptyClipboard
0x489740 DrawTextA
0x489744 DrawMenuBar
0x489748 DrawIconEx
0x48974c DrawIcon
0x489750 DrawFrameControl
0x489754 DrawFocusRect
0x489758 DrawEdge
0x48975c DispatchMessageA
0x489760 DestroyWindow
0x489764 DestroyMenu
0x489768 DestroyIcon
0x48976c DestroyCursor
0x489770 DeleteMenu
0x489774 DefWindowProcA
0x489778 DefMDIChildProcA
0x48977c DefFrameProcA
0x489780 CreatePopupMenu
0x489784 CreateMenu
0x489788 CreateIcon
0x48978c CloseClipboard
0x489790 ClientToScreen
0x489794 CheckMenuItem
0x489798 CallWindowProcA
0x48979c CallNextHookEx
0x4897a0 BeginPaint
0x4897a4 CharNextA
0x4897a8 CharLowerBuffA
0x4897ac CharLowerA
0x4897b0 CharUpperBuffA
0x4897b4 CharToOemA
0x4897b8 AdjustWindowRectEx
Library kernel32.dll:
0x4897c4 Sleep
Library oleaut32.dll:
0x4897cc SafeArrayPtrOfIndex
0x4897d0 SafeArrayGetUBound
0x4897d4 SafeArrayGetLBound
0x4897d8 SafeArrayCreate
0x4897dc VariantChangeType
0x4897e0 VariantCopy
0x4897e4 VariantClear
0x4897e8 VariantInit
Library ole32.dll:
0x4897f4 IsAccelerator
0x4897f8 OleDraw
0x489800 CoCreateInstance
0x489804 CoGetClassObject
0x489808 CoUninitialize
0x48980c CoInitialize
0x489810 IsEqualGUID
Library oleaut32.dll:
0x489818 GetErrorInfo
0x48981c SysFreeString
Library comctl32.dll:
0x48982c ImageList_Write
0x489830 ImageList_Read
0x489840 ImageList_DragMove
0x489844 ImageList_DragLeave
0x489848 ImageList_DragEnter
0x48984c ImageList_EndDrag
0x489850 ImageList_BeginDrag
0x489854 ImageList_Remove
0x489858 ImageList_DrawEx
0x48985c ImageList_Draw
0x48986c ImageList_Add
0x489878 ImageList_Destroy
0x48987c ImageList_Create
Library winspool.drv:
0x489884 OpenPrinterA
0x489888 EnumPrintersA
0x48988c DocumentPropertiesA
0x489890 ClosePrinter
Library shell32.dll:
0x489898 ShellExecuteA
Library comdlg32.dll:
0x4898a0 ChooseFontA
0x4898a4 ChooseColorA
0x4898a8 GetSaveFileNameA
0x4898ac GetOpenFileNameA
Library kernel32.dll:
0x4898b4 MulDiv
Library URL.DLL:
0x4898bc InetIsOffline

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 49235 114.114.114.114 53
192.168.56.101 50534 114.114.114.114 53
192.168.56.101 51378 114.114.114.114 53
192.168.56.101 56539 114.114.114.114 53
192.168.56.101 58367 114.114.114.114 53
192.168.56.101 65004 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 53657 224.0.0.252 5355
192.168.56.101 55368 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 60123 224.0.0.252 5355
192.168.56.101 62191 224.0.0.252 5355
192.168.56.101 1900 239.255.255.250 1900
192.168.56.101 56540 239.255.255.250 3702
192.168.56.101 56807 239.255.255.250 1900
192.168.56.101 58368 239.255.255.250 3702
192.168.56.101 58707 239.255.255.250 3702
192.168.56.101 123 51.105.208.173 time.windows.com 123
192.168.56.101 58367 8.8.8.8 53

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.