6.0
高危
63 个模型检测该样本为恶意!
重新分析
更多

1e8f896d5f2c25db248b31455111e52ee0addc193bbe623952953548f6c9ec97

aa44cf5b6ab3c24a8697fa8398135657.exe

分析耗时

78s

最近分析

文件大小

548.5KB
静态报毒 动态报毒 1VMU9JG A + MAL AI SCORE=83 AIDETECTVM BANKERX BSCOPE BUNITU CERT CLASSIC CONFIDENCE EHLS ELDORADO ENCPK EUMU FALSESIGN GENETIC GRAYWARE HFMH HIGH CONFIDENCE HQPZNW INVALIDSIG IU1@AAFENGL KCLOUD KRYPTIK LMUE MALWARE1 MALWARE@#1A4F42M071GYA PQCLZUMQHVW PWLSM QAKBOT QBOT QVM19 R002C0OH520 R347069 SCORE STATIC AI SUSPICIOUS PE UNSAFE ZENPAK ZEXAF 更多
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
Alibaba Backdoor:Win32/Qakbot.8a146f6b 20190527 0.3.0.5
CrowdStrike win/malicious_confidence_90% (W) 20190702 1.0
Avast Win32:BankerX-gen [Trj] 20201210 21.1.5827.0
Baidu 20190318 1.0.0.2
Kingsoft Win32.Troj.Zenpak.ar.(kcloud) 20201211 2017.9.26.565
McAfee Packed-GCB!AA44CF5B6AB3 20201211 6.0.6.653
Tencent Win32.Trojan.Falsesign.Lmue 20201211 1.0.0.1
静态指标
Queries for the computername (3 个事件)
Time & API Arguments Status Return Repeated
1619826899.265212
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
1619826939.952212
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
1619845341.540875
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
Command line console output was observed (18 个事件)
Time & API Arguments Status Return Repeated
1619845347.99375
WriteConsoleA
buffer: ÕýÔÚ Ping 127.0.0.1
console_handle: 0x00000007
success 1 0
1619845348.00975
WriteConsoleA
buffer: ¾ßÓÐ 32 ×Ö½ÚµÄÊý¾Ý:
console_handle: 0x00000007
success 1 0
1619845348.05675
WriteConsoleA
buffer: À´×Ô 127.0.0.1 µÄ»Ø¸´:
console_handle: 0x00000007
success 1 0
1619845348.05675
WriteConsoleA
buffer: ×Ö½Ú=32
console_handle: 0x00000007
success 1 0
1619845348.05675
WriteConsoleA
buffer: ʱ¼ä<1ms
console_handle: 0x00000007
success 1 0
1619845348.05675
WriteConsoleA
buffer: TTL=128
console_handle: 0x00000007
success 1 0
1619845349.10375
WriteConsoleA
buffer: À´×Ô 127.0.0.1 µÄ»Ø¸´:
console_handle: 0x00000007
success 1 0
1619845349.10375
WriteConsoleA
buffer: ×Ö½Ú=32
console_handle: 0x00000007
success 1 0
1619845349.10375
WriteConsoleA
buffer: ʱ¼ä<1ms
console_handle: 0x00000007
success 1 0
1619845349.10375
WriteConsoleA
buffer: TTL=128
console_handle: 0x00000007
success 1 0
1619845350.13475
WriteConsoleA
buffer: À´×Ô 127.0.0.1 µÄ»Ø¸´:
console_handle: 0x00000007
success 1 0
1619845350.13475
WriteConsoleA
buffer: ×Ö½Ú=32
console_handle: 0x00000007
success 1 0
1619845350.13475
WriteConsoleA
buffer: ʱ¼ä<1ms
console_handle: 0x00000007
success 1 0
1619845350.13475
WriteConsoleA
buffer: TTL=128
console_handle: 0x00000007
success 1 0
1619845351.15075
WriteConsoleA
buffer: À´×Ô 127.0.0.1 µÄ»Ø¸´:
console_handle: 0x00000007
success 1 0
1619845351.15075
WriteConsoleA
buffer: ×Ö½Ú=32
console_handle: 0x00000007
success 1 0
1619845351.15075
WriteConsoleA
buffer: ʱ¼ä<1ms
console_handle: 0x00000007
success 1 0
1619845351.16575
WriteConsoleA
buffer: TTL=128
console_handle: 0x00000007
success 1 0
This executable is signed
Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available (1 个事件)
Time & API Arguments Status Return Repeated
1619826899.234212
GlobalMemoryStatusEx
success 1 0
The executable contains unknown PE section names indicative of a packer (could be a false positive) (1 个事件)
section .rdata5
One or more processes crashed (3 个事件)
Time & API Arguments Status Return Repeated
1619826939.999212
__exception__
stacktrace: 
EqualSid+0x19 EqualPrefixSid-0xc kernelbase+0x1bfe3 @ 0x778fbfe3
aa44cf5b6ab3c24a8697fa8398135657+0xe2b7 @ 0x40e2b7
aa44cf5b6ab3c24a8697fa8398135657+0xd21f @ 0x40d21f
aa44cf5b6ab3c24a8697fa8398135657+0xd29f @ 0x40d29f
aa44cf5b6ab3c24a8697fa8398135657+0xf3f7 @ 0x40f3f7
aa44cf5b6ab3c24a8697fa8398135657+0x1dd1 @ 0x401dd1
aa44cf5b6ab3c24a8697fa8398135657+0x2501 @ 0x402501
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1636232
registers.edi: 0
registers.eax: 1281
registers.ebp: 1636240
registers.edx: 0
registers.ebx: 38992136
registers.esi: 38992136
registers.ecx: 2130563072
exception.instruction_r: 66 3b 07 0f 85 e1 ef ff ff 0f b6 4e 01 33 c0 8d
exception.symbol: RtlEqualSid+0x10 RtlSetCriticalSectionSpinCount-0x26 ntdll+0x394c1
exception.instruction: cmp ax, word ptr [edi]
exception.module: ntdll.dll
exception.exception_code: 0xc0000005
exception.offset: 234689
exception.address: 0x77d694c1
success 0 0
1619845342.165875
__exception__
stacktrace: 
aa44cf5b6ab3c24a8697fa8398135657+0x6a4c @ 0x406a4c
aa44cf5b6ab3c24a8697fa8398135657+0x23c8 @ 0x4023c8
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1638136
registers.edi: 0
registers.eax: 1447909480
registers.ebp: 1638204
registers.edx: 22104
registers.ebx: 8
registers.esi: 2622488
registers.ecx: 10
exception.instruction_r: ed 89 5d e4 89 4d e0 5a 59 5b 58 83 4d fc ff eb
exception.symbol: aa44cf5b6ab3c24a8697fa8398135657+0x529e
exception.instruction: in eax, dx
exception.module: aa44cf5b6ab3c24a8697fa8398135657.exe
exception.exception_code: 0xc0000096
exception.offset: 21150
exception.address: 0x40529e
success 0 0
1619845342.165875
__exception__
stacktrace: 
aa44cf5b6ab3c24a8697fa8398135657+0x6a55 @ 0x406a55
aa44cf5b6ab3c24a8697fa8398135657+0x23c8 @ 0x4023c8
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1638084
registers.edi: 0
registers.eax: 1447909480
registers.ebp: 1638204
registers.edx: 22104
registers.ebx: 8
registers.esi: 2622488
registers.ecx: 20
exception.instruction_r: ed 89 45 e4 5a 59 5b 58 83 4d fc ff eb 2f 33 c0
exception.symbol: aa44cf5b6ab3c24a8697fa8398135657+0x5357
exception.instruction: in eax, dx
exception.module: aa44cf5b6ab3c24a8697fa8398135657.exe
exception.exception_code: 0xc0000096
exception.offset: 21335
exception.address: 0x405357
success 0 0
行为判定
动态指标
Allocates read-write-execute memory (usually to unpack itself) (6 个事件)
Time & API Arguments Status Return Repeated
1619826883.062212
NtAllocateVirtualMemory
process_identifier: 2224
region_size: 278528
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x003b0000
success 0 0
1619826899.124212
NtAllocateVirtualMemory
process_identifier: 2224
region_size: 274432
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x02190000
success 0 0
1619826899.124212
NtProtectVirtualMemory
process_identifier: 2224
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 290816
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00400000
success 0 0
1619845316.978875
NtAllocateVirtualMemory
process_identifier: 2732
region_size: 278528
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x020c0000
success 0 0
1619845341.478875
NtAllocateVirtualMemory
process_identifier: 2732
region_size: 274432
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x02370000
success 0 0
1619845341.478875
NtProtectVirtualMemory
process_identifier: 2732
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 290816
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00400000
success 0 0
Creates a suspicious process (2 个事件)
cmdline "C:\Windows\System32\cmd.exe" /c ping.exe -n 6 127.0.0.1 & type "C:\Windows\System32\calc.exe" > "C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\aa44cf5b6ab3c24a8697fa8398135657.exe"
cmdline cmd.exe /c ping.exe -n 6 127.0.0.1 & type "C:\Windows\System32\calc.exe" > "C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\aa44cf5b6ab3c24a8697fa8398135657.exe"
A process created a hidden window (2 个事件)
Time & API Arguments Status Return Repeated
1619826899.937212
CreateProcessInternalW
thread_identifier: 2292
thread_handle: 0x00000168
process_identifier: 2732
current_directory:
filepath:
track: 1
command_line: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\aa44cf5b6ab3c24a8697fa8398135657.exe /C
filepath_r:
stack_pivoted: 0
creation_flags: 134217728 (CREATE_NO_WINDOW)
process_handle: 0x0000016c
inherit_handles: 0
success 1 0
1619826940.546212
ShellExecuteExW
parameters: /c ping.exe -n 6 127.0.0.1 & type "C:\Windows\System32\calc.exe" > "C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\aa44cf5b6ab3c24a8697fa8398135657.exe"
filepath: cmd.exe
filepath_r: cmd.exe
show_type: 0
success 1 0
The binary likely contains encrypted or compressed data indicative of a packer (2 个事件)
entropy 7.230299247828694 section {'size_of_data': '0x0004f400', 'virtual_address': '0x00001000', 'entropy': 7.230299247828694, 'name': '.text', 'virtual_size': '0x0004f345'} description A section with a high entropy has been found
entropy 0.5800548947849954 description Overall entropy of this PE file is high
Expresses interest in specific running processes (1 个事件)
process vboxservice.exe
Uses Windows utilities for basic Windows functionality (3 个事件)
cmdline "C:\Windows\System32\cmd.exe" /c ping.exe -n 6 127.0.0.1 & type "C:\Windows\System32\calc.exe" > "C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\aa44cf5b6ab3c24a8697fa8398135657.exe"
cmdline ping.exe -n 6 127.0.0.1
cmdline cmd.exe /c ping.exe -n 6 127.0.0.1 & type "C:\Windows\System32\calc.exe" > "C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\aa44cf5b6ab3c24a8697fa8398135657.exe"
网络通信
Communicates with host for which no DNS query was performed (1 个事件)
host 172.217.24.14
Detects VMWare through the in instruction feature (1 个事件)
Time & API Arguments Status Return Repeated
1619845342.165875
__exception__
stacktrace: 
aa44cf5b6ab3c24a8697fa8398135657+0x6a4c @ 0x406a4c
aa44cf5b6ab3c24a8697fa8398135657+0x23c8 @ 0x4023c8
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1638136
registers.edi: 0
registers.eax: 1447909480
registers.ebp: 1638204
registers.edx: 22104
registers.ebx: 8
registers.esi: 2622488
registers.ecx: 10
exception.instruction_r: ed 89 5d e4 89 4d e0 5a 59 5b 58 83 4d fc ff eb
exception.symbol: aa44cf5b6ab3c24a8697fa8398135657+0x529e
exception.instruction: in eax, dx
exception.module: aa44cf5b6ab3c24a8697fa8398135657.exe
exception.exception_code: 0xc0000096
exception.offset: 21150
exception.address: 0x40529e
success 0 0
File has been identified by 63 AntiVirus engines on VirusTotal as malicious (50 out of 63 个事件)
Bkav W32.AIDetectVM.malware1
Elastic malicious (high confidence)
DrWeb BackDoor.Qbot.535
MicroWorld-eScan Trojan.Agent.EUMU
FireEye Generic.mg.aa44cf5b6ab3c24a
ALYac Trojan.Agent.QakBot
Cylance Unsafe
Zillya Trojan.Zenpak.Win32.2569
Sangfor Malware
K7AntiVirus Trojan ( 0056bfb01 )
Alibaba Backdoor:Win32/Qakbot.8a146f6b
K7GW Trojan ( 0056bfb01 )
CrowdStrike win/malicious_confidence_90% (W)
Arcabit Trojan.Agent.EUMU
BitDefenderTheta Gen:NN.ZexaF.34670.Iu1@aafENgl
Cyren W32/S-e7773492!Eldorado
Symantec Packed.Generic.459
ESET-NOD32 a variant of Win32/Kryptik.HFMH
APEX Malicious
Avast Win32:BankerX-gen [Trj]
ClamAV Win.Dropper.Qakbot-9514980-0
Kaspersky HEUR:Trojan.Win32.Zenpak.pef
BitDefender Trojan.Agent.EUMU
NANO-Antivirus Trojan.Win32.Zenpak.hqpznw
Paloalto generic.ml
AegisLab Trojan.Win32.Zenpak.4!c
Rising Trojan.Kryptik!1.C9B1 (CLASSIC)
Ad-Aware Trojan.Agent.EUMU
Sophos ML/PE-A + Mal/EncPk-APV
Comodo Malware@#1a4f42m071gya
F-Secure Trojan.TR/Crypt.Agent.pwlsm
VIPRE Trojan.Win32.Generic!BT
TrendMicro TROJ_GEN.R002C0OH520
McAfee-GW-Edition Packed-GCB!AA44CF5B6AB3
Emsisoft Trojan.Agent.EUMU (B)
SentinelOne Static AI - Suspicious PE
Jiangmin Trojan.Zenpak.cru
Webroot W32.Trojan.Qakbot
Avira TR/Crypt.Agent.pwlsm
Antiy-AVL GrayWare/Win32.Kryptik.ehls
Kingsoft Win32.Troj.Zenpak.ar.(kcloud)
Gridinsoft Trojan.Win32.Agent.oa
Microsoft Trojan:Win32/Qakbot.AR!Cert
ZoneAlarm HEUR:Trojan.Win32.Zenpak.pef
GData Win32.Trojan.PSE.1VMU9JG
Cynet Malicious (score: 100)
AhnLab-V3 Trojan/Win32.Qakbot.R347069
Acronis suspicious
McAfee Packed-GCB!AA44CF5B6AB3
MAX malware (ai score=83)
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

1983-02-01 17:57:46

Imports

Library KERNEL32.dll:
0x46b278 GetLastError
0x46b27c SetLastError
0x46b280 GetTickCount
0x46b284 ExitProcess
0x46b288 GetStartupInfoA
0x46b28c GetStdHandle
0x46b290 GetCommandLineA
0x46b294 GetCurrentProcessId
0x46b298 GetCurrentThreadId
0x46b29c GetCurrentProcess
0x46b2a0 ReadProcessMemory
0x46b2a4 GetModuleFileNameA
0x46b2a8 GetModuleHandleA
0x46b2ac WriteFile
0x46b2b0 ReadFile
0x46b2b4 CloseHandle
0x46b2b8 SetFilePointer
0x46b2bc SetEndOfFile
0x46b2c0 FreeLibrary
0x46b2c4 GetSystemInfo
0x46b2c8 LoadLibraryA
0x46b2cc GetProcAddress
0x46b2d0 DeleteFileW
0x46b2d4 MoveFileW
0x46b2d8 CreateFileW
0x46b2dc GetFileAttributesW
0x46b2e0 CreateDirectoryW
0x46b2e4 RemoveDirectoryW
0x46b2f0 GetFullPathNameW
0x46b2f8 GetConsoleMode
0x46b2fc GetConsoleOutputCP
0x46b300 GetOEMCP
0x46b304 GetProcessHeap
0x46b308 HeapAlloc
0x46b30c HeapFree
0x46b310 TlsAlloc
0x46b314 TlsGetValue
0x46b318 TlsSetValue
0x46b31c CreateThread
0x46b320 ExitThread
0x46b324 LocalAlloc
0x46b328 LocalFree
0x46b32c Sleep
0x46b330 SuspendThread
0x46b334 ResumeThread
0x46b338 TerminateThread
0x46b33c WaitForSingleObject
0x46b340 SetThreadPriority
0x46b344 GetThreadPriority
0x46b348 CreateEventA
0x46b34c ResetEvent
0x46b350 SetEvent
0x46b368 MultiByteToWideChar
0x46b36c WideCharToMultiByte
0x46b370 GetACP
0x46b374 GetConsoleCP
0x46b37c EnumResourceTypesA
0x46b380 EnumResourceNamesA
0x46b388 FindResourceA
0x46b38c FindResourceExA
0x46b390 LoadResource
0x46b394 SizeofResource
0x46b398 LockResource
0x46b39c FreeResource
0x46b3a8 FormatMessageA
0x46b3ac CreateSemaphoreA
0x46b3b0 GlobalAddAtomA
0x46b3b4 GetSystemDirectoryA
0x46b3bc CreateProcessA
0x46b3c0 FindFirstFileA
0x46b3c4 GetVersionExA
0x46b3c8 CompareStringA
0x46b3cc GetLocaleInfoA
0x46b3d0 GetDateFormatA
0x46b3d4 EnumCalendarInfoA
0x46b3d8 GetModuleFileNameW
0x46b3dc GetCommandLineW
0x46b3e0 SetFileAttributesW
0x46b3e4 CreateProcessW
0x46b3e8 FindFirstFileW
0x46b3ec FindNextFileW
0x46b3f0 CompareStringW
0x46b3f4 GetLocaleInfoW
0x46b3f8 GlobalAlloc
0x46b3fc GlobalReAlloc
0x46b400 GlobalSize
0x46b404 GlobalLock
0x46b408 GlobalUnlock
0x46b40c VirtualFree
0x46b410 TerminateProcess
0x46b414 GetExitCodeProcess
0x46b418 GlobalDeleteAtom
0x46b41c FindClose
0x46b420 SetFileTime
0x46b424 DuplicateHandle
0x46b428 MulDiv
0x46b42c GetLocalTime
0x46b440 CreatePipe
0x46b444 PeekNamedPipe
0x46b448 GetThreadLocale
0x46b44c SetThreadLocale
0x46b450 GetUserDefaultLCID
0x46b454 DebugActiveProcess
0x46b458 GlobalFree
0x46b45c PrepareTape
0x46b460 CopyFileW
0x46b464 QueueUserWorkItem
0x46b468 lstrcmpW
0x46b46c FormatMessageW
0x46b470 GetFileSize
0x46b478 lstrcatW
0x46b47c lstrlenW
0x46b480 MoveFileExW
0x46b484 GetDiskFreeSpaceExW
0x46b490 FindResourceW
0x46b494 lstrcpyW
0x46b498 GetVersionExW
0x46b49c lstrcmpiW
0x46b4a0 VerifyVersionInfoW
0x46b4a4 VerSetConditionMask
0x46b4a8 _lopen
0x46b4ac _lread
0x46b4b0 _lwrite
0x46b4b4 _lclose
0x46b4b8 _llseek
0x46b4bc SetFileAttributesA
0x46b4c0 CreateFileA
0x46b4c4 _lcreat
0x46b4c8 GetModuleHandleW
0x46b4cc LoadLibraryW
0x46b4d0 EnumUILanguagesW
0x46b4d4 CreateMutexW
0x46b4dc VirtualAllocEx
Library USER32.dll:
0x46b4e4 MessageBoxA
0x46b4e8 CharUpperBuffW
0x46b4ec CharLowerBuffW
0x46b4f0 DispatchMessageA
0x46b4f4 PeekMessageA
0x46b4f8 SendMessageA
0x46b4fc PostMessageA
0x46b500 DefWindowProcA
0x46b504 CallWindowProcA
0x46b508 RegisterClassA
0x46b50c UnregisterClassA
0x46b510 GetClassInfoA
0x46b514 CreateWindowExA
0x46b520 CharToOemA
0x46b524 OemToCharA
0x46b528 CharUpperA
0x46b52c CharUpperBuffA
0x46b530 CharLowerA
0x46b534 CharLowerBuffA
0x46b538 InsertMenuItemA
0x46b53c GetMenuItemInfoA
0x46b540 SetMenuItemInfoA
0x46b544 DrawTextA
0x46b548 DrawStateA
0x46b54c SetPropA
0x46b550 GetPropA
0x46b554 RemovePropA
0x46b558 EnumPropsA
0x46b55c SetWindowTextA
0x46b560 GetWindowTextA
0x46b568 GetWindowLongA
0x46b56c SetWindowLongA
0x46b570 SetClassLongA
0x46b574 GetClassNameA
0x46b578 LoadBitmapA
0x46b57c LoadCursorA
0x46b580 LoadIconA
0x46b584 LoadImageA
0x46b58c DispatchMessageW
0x46b590 PeekMessageW
0x46b594 SendMessageW
0x46b598 PostMessageW
0x46b59c DefWindowProcW
0x46b5a0 CallWindowProcW
0x46b5a4 RegisterClassW
0x46b5a8 UnregisterClassW
0x46b5ac GetClassInfoW
0x46b5b0 CreateWindowExW
0x46b5b4 InsertMenuItemW
0x46b5b8 GetMenuItemInfoW
0x46b5bc SetMenuItemInfoW
0x46b5c0 DrawTextW
0x46b5c4 DrawStateW
0x46b5c8 SetWindowTextW
0x46b5cc GetWindowTextW
0x46b5d4 MessageBoxW
0x46b5d8 GetWindowLongW
0x46b5dc SetWindowLongW
0x46b5e0 TranslateMessage
0x46b5e4 PostQuitMessage
0x46b5e8 GetDoubleClickTime
0x46b5ec IsWindow
0x46b5f0 IsMenu
0x46b5f4 DestroyWindow
0x46b5f8 ShowWindow
0x46b5fc ShowWindowAsync
0x46b600 ShowOwnedPopups
0x46b604 SetWindowPos
0x46b608 GetWindowPlacement
0x46b60c SetWindowPlacement
0x46b610 IsWindowVisible
0x46b614 IsIconic
0x46b618 BringWindowToTop
0x46b61c IsZoomed
0x46b620 OpenClipboard
0x46b624 CloseClipboard
0x46b628 SetClipboardData
0x46b62c GetClipboardData
0x46b638 EmptyClipboard
0x46b640 SetFocus
0x46b644 GetActiveWindow
0x46b648 GetFocus
0x46b64c GetKeyState
0x46b650 GetCapture
0x46b654 SetCapture
0x46b658 ReleaseCapture
0x46b660 SetTimer
0x46b664 KillTimer
0x46b668 EnableWindow
0x46b66c IsWindowEnabled
0x46b670 GetSystemMetrics
0x46b674 GetMenu
0x46b678 SetMenu
0x46b67c DrawMenuBar
0x46b680 GetSystemMenu
0x46b684 CreateMenu
0x46b688 CreatePopupMenu
0x46b68c DestroyMenu
0x46b690 EnableMenuItem
0x46b694 GetSubMenu
0x46b698 GetMenuItemCount
0x46b69c RemoveMenu
0x46b6a0 DeleteMenu
0x46b6a4 UpdateWindow
0x46b6a8 SetActiveWindow
0x46b6ac GetForegroundWindow
0x46b6b0 SetForegroundWindow
0x46b6b4 WindowFromDC
0x46b6b8 GetDC
0x46b6bc GetDCEx
0x46b6c0 GetWindowDC
0x46b6c4 ReleaseDC
0x46b6c8 BeginPaint
0x46b6cc EndPaint
0x46b6d0 SetWindowRgn
0x46b6d4 InvalidateRect
0x46b6d8 InvalidateRgn
0x46b6dc RedrawWindow
0x46b6e0 ScrollWindowEx
0x46b6e4 ShowScrollBar
0x46b6e8 EnableScrollBar
0x46b6ec GetClientRect
0x46b6f0 GetWindowRect
0x46b6f4 AdjustWindowRectEx
0x46b6f8 MessageBeep
0x46b6fc SetCursorPos
0x46b700 SetCursor
0x46b704 GetCursorPos
0x46b708 CreateCaret
0x46b70c DestroyCaret
0x46b710 HideCaret
0x46b714 ShowCaret
0x46b718 SetCaretPos
0x46b71c GetCaretPos
0x46b720 ClientToScreen
0x46b724 ScreenToClient
0x46b728 MapWindowPoints
0x46b72c WindowFromPoint
0x46b730 GetSysColor
0x46b734 GetSysColorBrush
0x46b738 SetSysColors
0x46b73c DrawFocusRect
0x46b740 FillRect
0x46b744 FrameRect
0x46b748 SetRect
0x46b74c InflateRect
0x46b750 IntersectRect
0x46b754 OffsetRect
0x46b758 IsRectEmpty
0x46b75c GetDesktopWindow
0x46b760 GetParent
0x46b764 SetParent
0x46b768 EnumThreadWindows
0x46b76c GetTopWindow
0x46b774 GetWindow
0x46b778 CallNextHookEx
0x46b77c DestroyCursor
0x46b780 DestroyIcon
0x46b784 CopyImage
0x46b788 CreateIconIndirect
0x46b78c GetIconInfo
0x46b790 SetScrollInfo
0x46b794 GetScrollInfo
0x46b798 DrawEdge
0x46b79c DrawFrameControl
0x46b7a0 TrackPopupMenuEx
0x46b7a8 FindWindowExA
0x46b7ac EditWndProc
0x46b7b4 GetClassWord
0x46b7b8 UpdateLayeredWindow
0x46b7bc LoadStringA
0x46b7c0 DialogBoxParamW
0x46b7c4 LoadStringW
0x46b7c8 FindWindowW
0x46b7cc wsprintfW
0x46b7d0 EndDialog
0x46b7d4 WinHelpW
0x46b7d8 LoadIconW
0x46b7dc GetDlgItem
0x46b7e0 CreateDialogParamW
0x46b7e4 ExitWindowsEx
0x46b7e8 CharLowerW
0x46b7ec LoadCursorW
0x46b7f0 GetAsyncKeyState
0x46b7f4 CharUpperW
0x46b7f8 CharNextA
0x46b800 IsWindowUnicode
0x46b804 IsCharUpperW
Library GDI32.dll:
0x46b80c CreateFontIndirectA
0x46b810 EnumFontFamiliesExA
0x46b814 EnumFontFamiliesA
0x46b818 GetCharABCWidthsA
0x46b81c GetTextExtentPointA
0x46b828 GetTextMetricsA
0x46b82c GetObjectA
0x46b830 ExtTextOutA
0x46b834 CreateFontIndirectW
0x46b838 EnumFontFamiliesExW
0x46b83c GetCharABCWidthsW
0x46b848 GetObjectW
0x46b84c TextOutW
0x46b850 ExtTextOutW
0x46b854 GetRandomRgn
0x46b858 Arc
0x46b85c BitBlt
0x46b860 Chord
0x46b864 CombineRgn
0x46b868 CreateBitmap
0x46b86c CreateBrushIndirect
0x46b874 CreateCompatibleDC
0x46b878 CreateDIBitmap
0x46b87c CreateEllipticRgn
0x46b880 CreatePen
0x46b884 CreatePenIndirect
0x46b888 CreatePatternBrush
0x46b88c CreateRectRgn
0x46b890 CreateRoundRectRgn
0x46b894 CreateSolidBrush
0x46b898 DeleteDC
0x46b89c DeleteObject
0x46b8a0 Ellipse
0x46b8a4 EqualRgn
0x46b8a8 ExcludeClipRect
0x46b8ac ExtCreateRegion
0x46b8b0 ExtFloodFill
0x46b8b4 FillRgn
0x46b8b8 GetROP2
0x46b8bc GetBkColor
0x46b8c0 GetBitmapBits
0x46b8c4 GetClipBox
0x46b8c8 GetClipRgn
0x46b8cc GetCurrentObject
0x46b8d0 GetDeviceCaps
0x46b8d4 GetDIBits
0x46b8d8 GetMapMode
0x46b8dc GetObjectType
0x46b8e0 GetPixel
0x46b8e4 GetRegionData
0x46b8e8 GetRgnBox
0x46b8ec GetStockObject
0x46b8f0 GetTextAlign
0x46b8f4 GetTextColor
0x46b8f8 GetViewportExtEx
0x46b8fc GetViewportOrgEx
0x46b900 GetWindowExtEx
0x46b904 GetWindowOrgEx
0x46b908 IntersectClipRect
0x46b90c LineTo
0x46b910 MaskBlt
0x46b914 OffsetRgn
0x46b918 PatBlt
0x46b91c Pie
0x46b920 PaintRgn
0x46b924 PtInRegion
0x46b928 RectInRegion
0x46b92c RectVisible
0x46b930 Rectangle
0x46b934 RestoreDC
0x46b938 RealizePalette
0x46b93c RoundRect
0x46b940 SaveDC
0x46b944 SelectClipRgn
0x46b948 ExtSelectClipRgn
0x46b94c SelectObject
0x46b950 SelectPalette
0x46b954 SetBkColor
0x46b958 SetBkMode
0x46b95c SetMapMode
0x46b960 SetPixel
0x46b964 SetPolyFillMode
0x46b968 StretchBlt
0x46b96c SetRectRgn
0x46b970 SetROP2
0x46b974 SetStretchBltMode
0x46b97c SetTextColor
0x46b980 SetTextAlign
0x46b984 CreateDIBSection
0x46b988 SetArcDirection
0x46b98c ExtCreatePen
0x46b990 MoveToEx
0x46b994 CreatePolygonRgn
0x46b998 DPtoLP
0x46b99c LPtoDP
0x46b9a0 Polygon
0x46b9a4 Polyline
0x46b9a8 PolyBezier
0x46b9ac SetViewportExtEx
0x46b9b0 SetViewportOrgEx
0x46b9b4 SetWindowExtEx
0x46b9b8 SetWindowOrgEx
0x46b9bc OffsetViewportOrgEx
0x46b9c0 SetBrushOrgEx
0x46b9c4 GetDCOrgEx
0x46b9c8 SetEnhMetaFileBits
0x46b9cc EnumFontsW
0x46b9d0 GdiEntry10
0x46b9d4 GdiResetDCEMF
0x46b9d8 InvertRgn
0x46b9dc GdiStartPageEMF
0x46b9e0 GdiConvertFont
0x46b9e4 GetCharABCWidthsI
0x46b9e8 GdiProcessSetup
0x46b9f0 GdiComment
0x46b9f4 EngGetDriverName
0x46b9f8 ChoosePixelFormat
0x46b9fc PolyDraw
0x46ba00 CopyMetaFileW
0x46ba04 EudcLoadLinkW
0x46ba08 ColorMatchToTarget
0x46ba0c PathToRegion
0x46ba10 EngLineTo
0x46ba14 GetCharWidth32W
0x46ba18 GetFontData
0x46ba1c GetEnhMetaFileW
0x46ba20 UpdateICMRegKeyA
0x46ba24 WidenPath
0x46ba28 StrokePath
0x46ba2c CloseEnhMetaFile
0x46ba30 GetStretchBltMode
0x46ba34 GetColorSpace
0x46ba38 GetPixelFormat
0x46ba3c SwapBuffers
0x46ba40 FillPath
0x46ba44 CloseFigure
0x46ba48 GetDCBrushColor
0x46ba4c DeleteMetaFile
0x46ba50 GetEnhMetaFileA
Library COMDLG32.dll:
0x46ba58 GetOpenFileNameA
0x46ba5c GetSaveFileNameA
0x46ba64 GetOpenFileNameW
0x46ba68 GetSaveFileNameW
Library ADVAPI32.dll:
0x46ba70 RegSetValueExW
0x46ba74 RegOpenKeyExW
0x46ba78 RegCloseKey
0x46ba7c RegLoadKeyW
0x46ba80 GetTokenInformation
0x46ba84 OpenProcessToken
0x46ba88 RegQueryValueExW
0x46ba90 RegFlushKey
0x46ba94 RegUnLoadKeyW
0x46ba98 RegEnumValueW
0x46ba9c RegCreateKeyExW
0x46baa0 RegDeleteValueW
0x46baa4 RegOpenKeyW
0x46baa8 RegQueryValueExA
Library SHELL32.dll:
0x46bab0 DragQueryFileA
0x46bab4 DragQueryFileW
0x46bab8 ShellExecuteW
0x46babc DragFinish
0x46bac0 DragAcceptFiles
0x46bac4 SHGetPathFromIDList
0x46bad4 SHBrowseForFolderA
0x46bad8 SHBrowseForFolderW
0x46badc SHGetFileInfoW
0x46bae4 SHGetFileInfoA
0x46bae8 ShellHookProc
0x46baec WOWShellExecute
0x46baf0 FindExecutableW
0x46baf4 ShellAboutA
0x46baf8 CommandLineToArgvW
Library ole32.dll:
0x46bb00 OleInitialize
0x46bb04 OleUninitialize
0x46bb08 CoCreateInstance
0x46bb0c CoTaskMemAlloc
0x46bb10 CoTaskMemFree
Library SHLWAPI.dll:
0x46bb18 StrCmpNIW
0x46bb1c StrRStrIA
Library COMCTL32.dll:
0x46bb24
0x46bb28 ImageList_Create
0x46bb2c ImageList_Destroy
0x46bb38 ImageList_Add
0x46bb3c ImageList_Replace
0x46bb40 ImageList_AddMasked
0x46bb44 ImageList_DrawEx
0x46bb4c ImageList_Remove
0x46bb50 ImageList_Copy
0x46bb54 ImageList_BeginDrag
0x46bb58 ImageList_EndDrag
0x46bb5c ImageList_DragEnter
0x46bb60 ImageList_DragLeave
0x46bb64 ImageList_DragMove

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 50534 114.114.114.114 53
192.168.56.101 51808 114.114.114.114 53
192.168.56.101 56539 114.114.114.114 53
192.168.56.101 58367 114.114.114.114 53
192.168.56.101 63429 114.114.114.114 53
192.168.56.101 65004 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 123 20.189.79.72 time.windows.com 123
192.168.56.101 49235 224.0.0.252 5355
192.168.56.101 51378 224.0.0.252 5355
192.168.56.101 51963 224.0.0.252 5355
192.168.56.101 53237 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 62191 224.0.0.252 5355
192.168.56.101 1900 239.255.255.250 1900
192.168.56.101 51809 239.255.255.250 3702
192.168.56.101 53238 239.255.255.250 3702
192.168.56.101 53240 239.255.255.250 3702
192.168.56.101 56540 239.255.255.250 3702

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.