5.4
中危
61 个模型检测该样本为恶意!
重新分析
更多

7a67299805556f9cd973fc12c8a6baef293e8413ed035165a04394ec67c2cf4f

ab88f9b8a9a181593ffd40ba36a6933f.exe

分析耗时

31s

最近分析

文件大小

1.8MB
静态报毒 动态报毒 100% 1NX@ACY9CUJ AGEN AI SCORE=88 AIDETECTVM BSCOPE CLASSIC CONFIDENCE DRIDEX ELDORADO ENCPK ENSK GENCIRC GENETIC GTZ0GZKW HBR@8QRQPO HCHZ HDNS HHGHFY HIGH CONFIDENCE INJECT3 INVALIDSIG KRYPTIK MALICIOUS PE MALWARE2 PINKSBOT QAKBOT QBOT QBOTPMF R + MAL R330156 S17040665 SCORE SHADE STATIC AI TROJANBANKER UNSAFE WACATAC ZEXAF 更多
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
Alibaba TrojanBanker:Win32/Qakbot.623471d0 20190527 0.3.0.5
Avast Win32:Trojan-gen 20201229 21.1.5827.0
Baidu 20190318 1.0.0.2
Kingsoft 20201229 2017.9.26.565
McAfee W32/PinkSbot-GN!AB88F9B8A9A1 20201229 6.0.6.653
Tencent Malware.Win32.Gencirc.10b9881f 20201229 1.0.0.1
CrowdStrike win/malicious_confidence_100% (D) 20190702 1.0
静态指标
Queries for the computername (3 个事件)
Time & API Arguments Status Return Repeated
1619826881.137334
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
1619826888.465334
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
1619834707.121875
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
Command line console output was observed (28 个事件)
Time & API Arguments Status Return Repeated
1619834715.059
WriteConsoleA
buffer: ÕýÔÚ Ping 127.0.0.1
console_handle: 0x00000007
success 1 0
1619834715.075
WriteConsoleA
buffer: ¾ßÓÐ 32 ×Ö½ÚµÄÊý¾Ý:
console_handle: 0x00000007
success 1 0
1619834715.09
WriteConsoleA
buffer: À´×Ô 127.0.0.1 µÄ»Ø¸´:
console_handle: 0x00000007
success 1 0
1619834715.09
WriteConsoleA
buffer: ×Ö½Ú=32
console_handle: 0x00000007
success 1 0
1619834715.09
WriteConsoleA
buffer: ʱ¼ä<1ms
console_handle: 0x00000007
success 1 0
1619834715.09
WriteConsoleA
buffer: TTL=128
console_handle: 0x00000007
success 1 0
1619834716.09
WriteConsoleA
buffer: À´×Ô 127.0.0.1 µÄ»Ø¸´:
console_handle: 0x00000007
success 1 0
1619834716.106
WriteConsoleA
buffer: ×Ö½Ú=32
console_handle: 0x00000007
success 1 0
1619834716.106
WriteConsoleA
buffer: ʱ¼ä<1ms
console_handle: 0x00000007
success 1 0
1619834716.106
WriteConsoleA
buffer: TTL=128
console_handle: 0x00000007
success 1 0
1619834717.106
WriteConsoleA
buffer: À´×Ô 127.0.0.1 µÄ»Ø¸´:
console_handle: 0x00000007
success 1 0
1619834717.106
WriteConsoleA
buffer: ×Ö½Ú=32
console_handle: 0x00000007
success 1 0
1619834717.106
WriteConsoleA
buffer: ʱ¼ä<1ms
console_handle: 0x00000007
success 1 0
1619834717.106
WriteConsoleA
buffer: TTL=128
console_handle: 0x00000007
success 1 0
1619834718.106
WriteConsoleA
buffer: À´×Ô 127.0.0.1 µÄ»Ø¸´:
console_handle: 0x00000007
success 1 0
1619834718.106
WriteConsoleA
buffer: ×Ö½Ú=32
console_handle: 0x00000007
success 1 0
1619834718.106
WriteConsoleA
buffer: ʱ¼ä<1ms
console_handle: 0x00000007
success 1 0
1619834718.106
WriteConsoleA
buffer: TTL=128
console_handle: 0x00000007
success 1 0
1619834719.106
WriteConsoleA
buffer: À´×Ô 127.0.0.1 µÄ»Ø¸´:
console_handle: 0x00000007
success 1 0
1619834719.106
WriteConsoleA
buffer: ×Ö½Ú=32
console_handle: 0x00000007
success 1 0
1619834719.106
WriteConsoleA
buffer: ʱ¼ä<1ms
console_handle: 0x00000007
success 1 0
1619834719.106
WriteConsoleA
buffer: TTL=128
console_handle: 0x00000007
success 1 0
1619834720.106
WriteConsoleA
buffer: À´×Ô 127.0.0.1 µÄ»Ø¸´:
console_handle: 0x00000007
success 1 0
1619834720.106
WriteConsoleA
buffer: ×Ö½Ú=32
console_handle: 0x00000007
success 1 0
1619834720.106
WriteConsoleA
buffer: ʱ¼ä<1ms
console_handle: 0x00000007
success 1 0
1619834720.106
WriteConsoleA
buffer: TTL=128
console_handle: 0x00000007
success 1 0
1619834720.122
WriteConsoleA
buffer: 127.0.0.1 µÄ Ping ͳ¼ÆÐÅÏ¢: Êý¾Ý°ü: ÒÑ·¢ËÍ = 6£¬ÒѽÓÊÕ = 6£¬¶ªÊ§ = 0 (0% ¶ªÊ§)£¬
console_handle: 0x00000007
success 1 0
1619834720.137
WriteConsoleA
buffer: Íù·µÐг̵ĹÀ¼Æʱ¼ä(ÒÔºÁÃëΪµ¥Î»): ×î¶Ì = 0ms£¬× = 0ms£¬Æ½¾ù = 0ms
console_handle: 0x00000007
success 1 0
This executable is signed
Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available (1 个事件)
Time & API Arguments Status Return Repeated
1619834714.981
GlobalMemoryStatusEx
success 1 0
One or more processes crashed (4 个事件)
Time & API Arguments Status Return Repeated
1619826888.465334
__exception__
stacktrace: 
RtlConvertSidToUnicodeString+0x28 RtlFormatCurrentUserKeyPath-0x257 ntdll+0x3aeea @ 0x77d6aeea
ConvertSidToStringSidW+0x24 CopySid-0xe6 advapi32+0x14368 @ 0x76554368
ab88f9b8a9a181593ffd40ba36a6933f+0xa5b6 @ 0x40a5b6
ab88f9b8a9a181593ffd40ba36a6933f+0x8854 @ 0x408854
ab88f9b8a9a181593ffd40ba36a6933f+0x844f @ 0x40844f
ab88f9b8a9a181593ffd40ba36a6933f+0x8eca @ 0x408eca
ab88f9b8a9a181593ffd40ba36a6933f+0x17cf @ 0x4017cf
ab88f9b8a9a181593ffd40ba36a6933f+0x1c69 @ 0x401c69
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1632744
registers.edi: 0
registers.eax: 3749113098
registers.ebp: 1632784
registers.edx: 2
registers.ebx: 1
registers.esi: 3749113098
registers.ecx: 3749113098
exception.instruction_r: 8a 08 80 e1 0f 80 f9 01 75 24 8a 48 01 80 f9 0f
exception.symbol: RtlValidSid+0x17 RtlCopySid-0x3e ntdll+0x392a9
exception.instruction: mov cl, byte ptr [eax]
exception.module: ntdll.dll
exception.exception_code: 0xc0000005
exception.offset: 234153
exception.address: 0x77d692a9
success 0 0
1619826888.512334
__exception__
stacktrace: 
EqualSid+0x19 EqualPrefixSid-0xc kernelbase+0x1bfe3 @ 0x778fbfe3
ab88f9b8a9a181593ffd40ba36a6933f+0x84c6 @ 0x4084c6
ab88f9b8a9a181593ffd40ba36a6933f+0xa27d @ 0x40a27d
ab88f9b8a9a181593ffd40ba36a6933f+0xa2b8 @ 0x40a2b8
ab88f9b8a9a181593ffd40ba36a6933f+0x8f67 @ 0x408f67
ab88f9b8a9a181593ffd40ba36a6933f+0x17cf @ 0x4017cf
ab88f9b8a9a181593ffd40ba36a6933f+0x1c69 @ 0x401c69
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1634132
registers.edi: 3749113098
registers.eax: 1281
registers.ebp: 1634140
registers.edx: 0
registers.ebx: 40171784
registers.esi: 40171784
registers.ecx: 2130563072
exception.instruction_r: 66 3b 07 0f 85 e1 ef ff ff 0f b6 4e 01 33 c0 8d
exception.symbol: RtlEqualSid+0x10 RtlSetCriticalSectionSpinCount-0x26 ntdll+0x394c1
exception.instruction: cmp ax, word ptr [edi]
exception.module: ntdll.dll
exception.exception_code: 0xc0000005
exception.offset: 234689
exception.address: 0x77d694c1
success 0 0
1619834707.808875
__exception__
stacktrace: 
ab88f9b8a9a181593ffd40ba36a6933f+0x3dad @ 0x403dad
ab88f9b8a9a181593ffd40ba36a6933f+0x1b26 @ 0x401b26
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1637624
registers.edi: 0
registers.eax: 1447909480
registers.ebp: 1637684
registers.edx: 22104
registers.ebx: 1
registers.esi: 7021864
registers.ecx: 10
exception.instruction_r: ed 89 5d e4 89 4d e0 5a 59 5b 58 83 4d fc ff eb
exception.symbol: ab88f9b8a9a181593ffd40ba36a6933f+0x33cf
exception.instruction: in eax, dx
exception.module: ab88f9b8a9a181593ffd40ba36a6933f.exe
exception.exception_code: 0xc0000096
exception.offset: 13263
exception.address: 0x4033cf
success 0 0
1619834707.808875
__exception__
stacktrace: 
ab88f9b8a9a181593ffd40ba36a6933f+0x3db6 @ 0x403db6
ab88f9b8a9a181593ffd40ba36a6933f+0x1b26 @ 0x401b26
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1637628
registers.edi: 0
registers.eax: 1447909480
registers.ebp: 1637684
registers.edx: 22104
registers.ebx: 1
registers.esi: 7021864
registers.ecx: 20
exception.instruction_r: ed 89 45 e4 5a 59 5b 58 83 4d fc ff eb 11 33 c0
exception.symbol: ab88f9b8a9a181593ffd40ba36a6933f+0x3468
exception.instruction: in eax, dx
exception.module: ab88f9b8a9a181593ffd40ba36a6933f.exe
exception.exception_code: 0xc0000096
exception.offset: 13416
exception.address: 0x403468
success 0 0
行为判定
动态指标
Allocates read-write-execute memory (usually to unpack itself) (6 个事件)
Time & API Arguments Status Return Repeated
1619826881.043334
NtAllocateVirtualMemory
process_identifier: 732
region_size: 233472
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x005e0000
success 0 0
1619826881.043334
NtAllocateVirtualMemory
process_identifier: 732
region_size: 229376
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00620000
success 0 0
1619826881.043334
NtProtectVirtualMemory
process_identifier: 732
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 245760
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00400000
success 0 0
1619834707.058875
NtAllocateVirtualMemory
process_identifier: 2856
region_size: 233472
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x003a0000
success 0 0
1619834707.058875
NtAllocateVirtualMemory
process_identifier: 2856
region_size: 229376
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x005e0000
success 0 0
1619834707.058875
NtProtectVirtualMemory
process_identifier: 2856
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 245760
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00400000
success 0 0
Creates executable files on the filesystem (1 个事件)
file C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\ab88f9b8a9a181593ffd40ba36a6933f.exe
Creates a suspicious process (2 个事件)
cmdline cmd.exe /c ping.exe -n 6 127.0.0.1 & type "C:\Windows\System32\calc.exe" > "C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\ab88f9b8a9a181593ffd40ba36a6933f.exe"
cmdline "C:\Windows\System32\cmd.exe" /c ping.exe -n 6 127.0.0.1 & type "C:\Windows\System32\calc.exe" > "C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\ab88f9b8a9a181593ffd40ba36a6933f.exe"
A process created a hidden window (2 个事件)
Time & API Arguments Status Return Repeated
1619826881.934334
CreateProcessInternalW
thread_identifier: 2196
thread_handle: 0x00000144
process_identifier: 2856
current_directory:
filepath:
track: 1
command_line: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\ab88f9b8a9a181593ffd40ba36a6933f.exe /C
filepath_r:
stack_pivoted: 0
creation_flags: 134217728 (CREATE_NO_WINDOW)
process_handle: 0x00000148
inherit_handles: 0
success 1 0
1619826889.200334
ShellExecuteExW
parameters: /c ping.exe -n 6 127.0.0.1 & type "C:\Windows\System32\calc.exe" > "C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\ab88f9b8a9a181593ffd40ba36a6933f.exe"
filepath: cmd.exe
filepath_r: cmd.exe
show_type: 0
success 1 0
Uses Windows utilities for basic Windows functionality (3 个事件)
cmdline cmd.exe /c ping.exe -n 6 127.0.0.1 & type "C:\Windows\System32\calc.exe" > "C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\ab88f9b8a9a181593ffd40ba36a6933f.exe"
cmdline "C:\Windows\System32\cmd.exe" /c ping.exe -n 6 127.0.0.1 & type "C:\Windows\System32\calc.exe" > "C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\ab88f9b8a9a181593ffd40ba36a6933f.exe"
cmdline ping.exe -n 6 127.0.0.1
网络通信
Communicates with host for which no DNS query was performed (1 个事件)
host 172.217.24.14
Detects VMWare through the in instruction feature (1 个事件)
Time & API Arguments Status Return Repeated
1619834707.808875
__exception__
stacktrace: 
ab88f9b8a9a181593ffd40ba36a6933f+0x3dad @ 0x403dad
ab88f9b8a9a181593ffd40ba36a6933f+0x1b26 @ 0x401b26
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1637624
registers.edi: 0
registers.eax: 1447909480
registers.ebp: 1637684
registers.edx: 22104
registers.ebx: 1
registers.esi: 7021864
registers.ecx: 10
exception.instruction_r: ed 89 5d e4 89 4d e0 5a 59 5b 58 83 4d fc ff eb
exception.symbol: ab88f9b8a9a181593ffd40ba36a6933f+0x33cf
exception.instruction: in eax, dx
exception.module: ab88f9b8a9a181593ffd40ba36a6933f.exe
exception.exception_code: 0xc0000096
exception.offset: 13263
exception.address: 0x4033cf
success 0 0
File has been identified by 61 AntiVirus engines on VirusTotal as malicious (50 out of 61 个事件)
Bkav W32.AIDetectVM.malware2
Elastic malicious (high confidence)
DrWeb Trojan.Inject3.36683
MicroWorld-eScan Trojan.Agent.ENSK
FireEye Generic.mg.ab88f9b8a9a18159
CAT-QuickHeal Trojan.QbotPMF.S17040665
ALYac Trojan.Agent.ENSK
Cylance Unsafe
Sangfor Malware
K7AntiVirus Trojan ( 0056422d1 )
Alibaba TrojanBanker:Win32/Qakbot.623471d0
K7GW Trojan ( 0056361d1 )
Cybereason malicious.8a9a18
Arcabit Trojan.Agent.ENSK
BitDefenderTheta Gen:NN.ZexaF.34700.1nX@aCY9CUj
Cyren W32/S-9616e4d0!Eldorado
Symantec W32.Qakbot
ESET-NOD32 a variant of Win32/Kryptik.HCHZ
TrendMicro-HouseCall Backdoor.Win32.QAKBOT.SME
Avast Win32:Trojan-gen
ClamAV Win.Dropper.Qakbot-7641289-0
Kaspersky HEUR:Trojan-Banker.Win32.Qbot.pef
BitDefender Trojan.Agent.ENSK
NANO-Antivirus Trojan.Win32.Inject3.hhghfy
Paloalto generic.ml
AegisLab Trojan.Win32.Qbot.7!c
Rising Trojan.Kryptik!1.C427 (CLASSIC)
Ad-Aware Trojan.Agent.ENSK
Emsisoft Trojan.Agent.ENSK (B)
Comodo TrojWare.Win32.Kryptik.HBR@8qrqpo
F-Secure Heuristic.HEUR/AGEN.1133919
VIPRE Trojan.Win32.Generic!BT
TrendMicro Backdoor.Win32.QAKBOT.SME
McAfee-GW-Edition W32/PinkSbot-GN!AB88F9B8A9A1
Sophos Mal/Generic-R + Mal/EncPk-APV
SentinelOne Static AI - Malicious PE
Jiangmin Trojan.Banker.Qbot.ns
eGambit PE.Heur.InvalidSig
Avira HEUR/AGEN.1133919
MAX malware (ai score=88)
Antiy-AVL Trojan/Win32.Wacatac
Gridinsoft Trojan.Win32.Kryptik.ba!s3
Microsoft Trojan:Win32/Qakbot.CK!MTB
ZoneAlarm HEUR:Trojan-Banker.Win32.Qbot.pef
GData Trojan.Agent.ENSK
Cynet Malicious (score: 100)
AhnLab-V3 Malware/Win32.RL_Generic.R330156
Acronis suspicious
McAfee W32/PinkSbot-GN!AB88F9B8A9A1
VBA32 BScope.TrojanRansom.Shade
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

2002-01-21 16:33:35

Imports

Library KERNEL32.dll:
0x5d7bb8 VirtualAlloc
0x5d7bbc GetModuleHandleW
0x5d7bc0 SetErrorMode
0x5d7bc8 FreeLibrary
0x5d7bcc GetModuleFileNameW
0x5d7bd0 GetProcAddress
0x5d7bd4 LoadLibraryW
0x5d7bd8 GetCommandLineA
0x5d7bdc IsDebuggerPresent
0x5d7be4 GetLastError
0x5d7be8 SetLastError
0x5d7bec GetCurrentThreadId
0x5d7bf0 EncodePointer
0x5d7bf4 DecodePointer
0x5d7bf8 ExitProcess
0x5d7bfc GetModuleHandleExW
0x5d7c00 MultiByteToWideChar
0x5d7c04 WideCharToMultiByte
0x5d7c08 GetProcessHeap
0x5d7c0c GetStdHandle
0x5d7c10 GetFileType
0x5d7c18 GetStartupInfoW
0x5d7c1c GetModuleFileNameA
0x5d7c20 WriteFile
0x5d7c28 GetCurrentProcessId
0x5d7c44 Sleep
0x5d7c48 GetCurrentProcess
0x5d7c4c TerminateProcess
0x5d7c50 TlsGetValue
0x5d7c54 TlsSetValue
0x5d7c58 TlsFree
0x5d7c64 HeapFree
0x5d7c68 IsValidCodePage
0x5d7c6c GetACP
0x5d7c70 GetOEMCP
0x5d7c74 GetCPInfo
0x5d7c78 LoadLibraryExW
0x5d7c7c RtlUnwind
0x5d7c80 OutputDebugStringW
0x5d7c84 HeapAlloc
0x5d7c88 HeapReAlloc
0x5d7c8c GetStringTypeW
0x5d7c90 HeapSize
0x5d7c94 LCMapStringW
0x5d7c98 FlushFileBuffers
0x5d7c9c GetConsoleCP
0x5d7ca0 GetConsoleMode
0x5d7ca4 SetStdHandle
0x5d7ca8 SetFilePointerEx
0x5d7cac WriteConsoleW
0x5d7cb0 CloseHandle
0x5d7cb4 CreateFileW
0x5d7cb8 TlsAlloc
0x5d7cc0 SetLocaleInfoA
0x5d7cc4 SetFileTime
0x5d7cc8 CompareFileTime
0x5d7ccc SearchPathW
0x5d7cd0 GetShortPathNameW
0x5d7cd4 GetFullPathNameW
0x5d7cd8 MoveFileW
0x5d7ce0 GetFileAttributesW
0x5d7ce4 CreateDirectoryW
0x5d7ce8 SetFileAttributesW
0x5d7cec GetTickCount
0x5d7cf0 GetFileSize
0x5d7cf4 CopyFileW
0x5d7cfc GetTempPathW
0x5d7d00 GetCommandLineW
0x5d7d04 lstrcpynA
0x5d7d08 lstrcpynW
0x5d7d0c GetDiskFreeSpaceW
0x5d7d10 GlobalUnlock
0x5d7d14 GlobalLock
0x5d7d18 CreateThread
0x5d7d1c CreateProcessW
0x5d7d20 lstrcmpiA
0x5d7d24 GetTempFileNameW
0x5d7d28 lstrcatW
0x5d7d2c LoadLibraryA
0x5d7d30 GetModuleHandleA
0x5d7d34 OpenProcess
0x5d7d38 lstrcpyW
0x5d7d3c GetVersionExW
0x5d7d40 GetSystemDirectoryW
0x5d7d44 GetVersion
0x5d7d48 lstrcpyA
0x5d7d4c RemoveDirectoryW
0x5d7d50 lstrcmpA
0x5d7d54 lstrcmpiW
0x5d7d58 lstrcmpW
0x5d7d60 GlobalAlloc
0x5d7d64 WaitForSingleObject
0x5d7d68 GetExitCodeProcess
0x5d7d6c GlobalFree
0x5d7d78 lstrlenA
0x5d7d7c MulDiv
0x5d7d80 ReadFile
0x5d7d84 SetFilePointer
0x5d7d88 FindClose
0x5d7d8c FindNextFileW
0x5d7d90 FindFirstFileW
0x5d7d94 DeleteFileW
0x5d7d98 lstrlenW
Library USER32.dll:
0x5d7da0 LoadIconW
0x5d7da4 MessageBoxW
0x5d7da8 wsprintfW
0x5d7dac SetClassWord
0x5d7db0 EnableScrollBar
0x5d7db4 LoadCursorA
0x5d7db8 DrawTextA
0x5d7dbc ToUnicode
0x5d7dc0 SendDlgItemMessageW
0x5d7dc4 GetMessageTime
0x5d7dc8 SetWinEventHook
0x5d7dcc GetAsyncKeyState
0x5d7dd0 IsDlgButtonChecked
0x5d7dd4 ScreenToClient
0x5d7dd8 GetMessagePos
0x5d7ddc CallWindowProcW
0x5d7de0 IsWindowVisible
0x5d7de4 LoadBitmapW
0x5d7de8 CloseClipboard
0x5d7dec SetClipboardData
0x5d7df0 EmptyClipboard
0x5d7df4 OpenClipboard
0x5d7df8 TrackPopupMenu
0x5d7dfc GetWindowRect
0x5d7e00 AppendMenuW
0x5d7e04 CreatePopupMenu
0x5d7e08 GetSystemMetrics
0x5d7e0c EndDialog
0x5d7e10 EnableMenuItem
0x5d7e14 GetSystemMenu
0x5d7e18 SetClassLongW
0x5d7e1c IsWindowEnabled
0x5d7e20 SetWindowPos
0x5d7e24 DialogBoxParamW
0x5d7e28 CheckDlgButton
0x5d7e2c CreateWindowExW
0x5d7e34 RegisterClassW
0x5d7e38 SetDlgItemTextW
0x5d7e3c GetDlgItemTextW
0x5d7e40 MessageBoxIndirectW
0x5d7e44 CharNextA
0x5d7e48 CharUpperW
0x5d7e4c CharPrevW
0x5d7e50 wvsprintfW
0x5d7e54 DispatchMessageW
0x5d7e58 PeekMessageW
0x5d7e5c wsprintfA
0x5d7e60 DestroyWindow
0x5d7e64 CreateDialogParamW
0x5d7e68 SetTimer
0x5d7e6c SetWindowTextW
0x5d7e70 PostQuitMessage
0x5d7e74 SetForegroundWindow
0x5d7e78 ShowWindow
0x5d7e7c SendMessageTimeoutW
0x5d7e80 LoadCursorW
0x5d7e84 SetCursor
0x5d7e88 GetWindowLongW
0x5d7e8c GetSysColor
0x5d7e90 CharNextW
0x5d7e94 GetClassInfoW
0x5d7e98 ExitWindowsEx
0x5d7e9c IsWindow
0x5d7ea0 GetDlgItem
0x5d7ea4 SetWindowLongW
0x5d7ea8 LoadImageW
0x5d7eac GetDC
0x5d7eb0 EnableWindow
0x5d7eb4 InvalidateRect
0x5d7eb8 SendMessageW
0x5d7ebc DefWindowProcW
0x5d7ec0 BeginPaint
0x5d7ec4 GetClientRect
0x5d7ec8 FillRect
0x5d7ecc DrawTextW
0x5d7ed0 EndPaint
0x5d7ed4 FindWindowExW
Library GDI32.dll:
0x5d7edc GetStockObject
0x5d7ee0 GetStringBitmapA
0x5d7ee4 SetBoundsRect
0x5d7ee8 FONTOBJ_vGetInfo
0x5d7eec GetETM
0x5d7ef0 FONTOBJ_pfdg
0x5d7ef4 GdiEntry4
0x5d7ef8 FONTOBJ_pifi
0x5d7efc SetMetaFileBitsEx
0x5d7f00 AnimatePalette
0x5d7f04 ResetDCA
0x5d7f08 CLIPOBJ_cEnumStart
0x5d7f0c SetBkColor
0x5d7f10 GdiConvertRegion
0x5d7f14 GetDeviceCaps
0x5d7f18 DeleteObject
0x5d7f1c CreateBrushIndirect
0x5d7f20 CreateFontIndirectW
0x5d7f24 SetBkMode
0x5d7f28 SetTextColor
0x5d7f2c SelectObject
Library ADVAPI32.dll:
0x5d7f34 GetUserNameW
0x5d7f38 RegOpenKeyA
0x5d7f3c RegQueryValueExA
0x5d7f40 RegOpenKeyExW
0x5d7f44 RegQueryValueExW
0x5d7f48 RegEnumKeyW
0x5d7f4c RegCloseKey
0x5d7f50 RegDeleteKeyW
0x5d7f54 RegDeleteValueW
0x5d7f58 RegCreateKeyExW
0x5d7f5c RegSetValueExW
0x5d7f60 RegEnumValueW
Library SHELL32.dll:
0x5d7f68 SHGetFolderPathW
0x5d7f6c SHGetDiskFreeSpaceA
0x5d7f70 Shell_NotifyIconW
0x5d7f78 ShellExecuteEx
0x5d7f7c SHFormatDrive
0x5d7f80 SHBrowseForFolderW
0x5d7f88 SHGetFileInfoW
0x5d7f8c ShellExecuteW
0x5d7f90 SHFileOperationW
Library ole32.dll:
0x5d7f9c CoTaskMemFree
0x5d7fa0 OleInitialize
0x5d7fa4 OleUninitialize
0x5d7fa8 CoCreateInstance
Library SHLWAPI.dll:
0x5d7fb0 PathAppendW
0x5d7fb4 PathRemoveFileSpecW
0x5d7fb8 StrCmpNA
0x5d7fbc StrStrIA
Library COMCTL32.dll:
0x5d7fc4 ImageList_AddMasked
0x5d7fc8 ImageList_Destroy
0x5d7fcc ImageList_Create

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 50534 114.114.114.114 53
192.168.56.101 55368 114.114.114.114 53
192.168.56.101 56539 114.114.114.114 53
192.168.56.101 58367 114.114.114.114 53
192.168.56.101 63429 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 123 20.189.79.72 time.windows.com 123
192.168.56.101 51963 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 62191 224.0.0.252 5355
192.168.56.101 65004 224.0.0.252 5355
192.168.56.101 1900 239.255.255.250 1900
192.168.56.101 56540 239.255.255.250 3702
192.168.56.101 56807 239.255.255.250 1900
192.168.56.101 58368 239.255.255.250 3702
192.168.56.101 58707 239.255.255.250 3702

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.