6.0
高危
67 个模型检测该样本为恶意!
重新分析
更多

87e4422987a9b963d69d1287a17e5d0bd68a8863c159e28250cade7bc379cda5

abc2b8e349dccb595f45dd996538ad62.exe

分析耗时

121s

最近分析

文件大小

397.5KB
静态报毒 动态报毒 100% AI SCORE=94 ATRAPS BIRELE BITWANX BLACK BLOCKER CHAMELEONUNLICENCE CIOY CLOUD CONFIDENCE CRNEP DELF FAZX FGT@4T6AR8 FULLSCREEN GDVD HIGH HIGH CONFIDENCE JZEC LOCKSCREEN MALICIOUS PE OAEZ PORNOASSET R214152 SCORE SUSGEN TROJAN2 TSCOPE UNSAFE WEENLOC WINBLOCK WINLOCK 更多
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
McAfee Trojan-FAZX!ABC2B8E349DC 20200803 6.0.6.653
CrowdStrike win/malicious_confidence_100% (W) 20190702 1.0
Alibaba Ransom:Win32/Blocker.65140df8 20190527 0.3.0.5
Avast Win32:LockScreen-AHV [Trj] 20200803 18.4.3895.0
Baidu Win32.Trojan.LockScreen.b 20190318 1.0.0.2
Kingsoft 20200803 2013.8.14.323
Tencent Trojan-Ransom.Win32.Blocker.jzec 20200803 1.0.0.1
行为判定
动态指标
Allocates read-write-execute memory (usually to unpack itself) (1 个事件)
Time & API Arguments Status Return Repeated
1620897717.140363
NtAllocateVirtualMemory
process_identifier: 284
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x003f0000
success 0 0
Creates hidden or system file (1 个事件)
Time & API Arguments Status Return Repeated
1620897717.609363
SetFileAttributesW
file_attributes: 2 (FILE_ATTRIBUTE_HIDDEN)
filepath_r: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\abc2b8e349dccb595f45dd996538ad62.exe
filepath: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\abc2b8e349dccb595f45dd996538ad62.exe
success 1 0
Searches running processes potentially to identify processes for sandbox evasion, code injection or memory dumping (9 个事件)
Repeatedly searches for a not-found process, you may want to run a web browser during analysis (50 out of 412 个事件)
Time & API Arguments Status Return Repeated
1620897775.344363
Process32NextW
process_name: svchost.exe
snapshot_handle: 0x00000104
process_identifier: 1316
failed 0 0
1620897775.344363
Process32NextW
process_name: svchost.exe
snapshot_handle: 0x00000104
process_identifier: 1316
failed 0 0
1620897775.406363
Process32NextW
process_name: svchost.exe
snapshot_handle: 0x00000104
process_identifier: 1316
failed 0 0
1620897775.406363
Process32NextW
process_name: svchost.exe
snapshot_handle: 0x00000104
process_identifier: 1316
failed 0 0
1620897775.484363
Process32NextW
process_name: svchost.exe
snapshot_handle: 0x00000104
process_identifier: 1316
failed 0 0
1620897775.515363
Process32NextW
process_name: svchost.exe
snapshot_handle: 0x00000104
process_identifier: 1316
failed 0 0
1620897775.531363
Process32NextW
process_name: svchost.exe
snapshot_handle: 0x00000104
process_identifier: 1316
failed 0 0
1620897775.562363
Process32NextW
process_name: svchost.exe
snapshot_handle: 0x00000104
process_identifier: 1316
failed 0 0
1620897775.625363
Process32NextW
process_name: svchost.exe
snapshot_handle: 0x00000104
process_identifier: 1316
failed 0 0
1620897775.640363
Process32NextW
process_name: svchost.exe
snapshot_handle: 0x00000104
process_identifier: 1316
failed 0 0
1620897775.672363
Process32NextW
process_name: svchost.exe
snapshot_handle: 0x00000104
process_identifier: 1316
failed 0 0
1620897775.687363
Process32NextW
process_name: svchost.exe
snapshot_handle: 0x00000104
process_identifier: 1316
failed 0 0
1620897775.765363
Process32NextW
process_name: svchost.exe
snapshot_handle: 0x00000104
process_identifier: 1316
failed 0 0
1620897775.781363
Process32NextW
process_name: svchost.exe
snapshot_handle: 0x00000104
process_identifier: 1316
failed 0 0
1620897775.844363
Process32NextW
process_name: svchost.exe
snapshot_handle: 0x00000104
process_identifier: 1316
failed 0 0
1620897775.859363
Process32NextW
process_name: svchost.exe
snapshot_handle: 0x00000104
process_identifier: 1316
failed 0 0
1620897775.906363
Process32NextW
process_name: svchost.exe
snapshot_handle: 0x00000104
process_identifier: 1316
failed 0 0
1620897775.922363
Process32NextW
process_name: svchost.exe
snapshot_handle: 0x00000104
process_identifier: 1316
failed 0 0
1620897775.969363
Process32NextW
process_name: svchost.exe
snapshot_handle: 0x00000104
process_identifier: 1316
failed 0 0
1620897775.984363
Process32NextW
process_name: svchost.exe
snapshot_handle: 0x00000104
process_identifier: 1316
failed 0 0
1620897776.000363
Process32NextW
process_name: svchost.exe
snapshot_handle: 0x00000104
process_identifier: 1316
failed 0 0
1620897776.031363
Process32NextW
process_name: svchost.exe
snapshot_handle: 0x00000104
process_identifier: 1316
failed 0 0
1620897776.047363
Process32NextW
process_name: svchost.exe
snapshot_handle: 0x00000104
process_identifier: 1316
failed 0 0
1620897776.062363
Process32NextW
process_name: svchost.exe
snapshot_handle: 0x00000104
process_identifier: 1316
failed 0 0
1620897776.109363
Process32NextW
process_name: svchost.exe
snapshot_handle: 0x00000104
process_identifier: 1316
failed 0 0
1620897776.125363
Process32NextW
process_name: svchost.exe
snapshot_handle: 0x00000104
process_identifier: 1316
failed 0 0
1620897776.172363
Process32NextW
process_name: svchost.exe
snapshot_handle: 0x00000104
process_identifier: 1316
failed 0 0
1620897776.187363
Process32NextW
process_name: svchost.exe
snapshot_handle: 0x00000104
process_identifier: 1316
failed 0 0
1620897776.234363
Process32NextW
process_name: svchost.exe
snapshot_handle: 0x00000104
process_identifier: 1316
failed 0 0
1620897776.250363
Process32NextW
process_name: svchost.exe
snapshot_handle: 0x00000104
process_identifier: 1316
failed 0 0
1620897776.297363
Process32NextW
process_name: svchost.exe
snapshot_handle: 0x00000104
process_identifier: 1316
failed 0 0
1620897776.312363
Process32NextW
process_name: svchost.exe
snapshot_handle: 0x00000104
process_identifier: 1316
failed 0 0
1620897776.359363
Process32NextW
process_name: svchost.exe
snapshot_handle: 0x00000104
process_identifier: 1316
failed 0 0
1620897776.390363
Process32NextW
process_name: svchost.exe
snapshot_handle: 0x00000104
process_identifier: 1316
failed 0 0
1620897776.406363
Process32NextW
process_name: svchost.exe
snapshot_handle: 0x00000104
process_identifier: 1316
failed 0 0
1620897776.422363
Process32NextW
process_name: svchost.exe
snapshot_handle: 0x00000104
process_identifier: 1316
failed 0 0
1620897776.469363
Process32NextW
process_name: svchost.exe
snapshot_handle: 0x00000104
process_identifier: 1316
failed 0 0
1620897776.469363
Process32NextW
process_name: svchost.exe
snapshot_handle: 0x00000104
process_identifier: 1316
failed 0 0
1620897776.547363
Process32NextW
process_name: svchost.exe
snapshot_handle: 0x00000104
process_identifier: 1316
failed 0 0
1620897776.562363
Process32NextW
process_name: svchost.exe
snapshot_handle: 0x00000104
process_identifier: 1316
failed 0 0
1620897776.594363
Process32NextW
process_name: svchost.exe
snapshot_handle: 0x00000104
process_identifier: 1316
failed 0 0
1620897776.609363
Process32NextW
process_name: svchost.exe
snapshot_handle: 0x00000104
process_identifier: 1316
failed 0 0
1620897776.672363
Process32NextW
process_name: svchost.exe
snapshot_handle: 0x00000104
process_identifier: 1316
failed 0 0
1620897776.687363
Process32NextW
process_name: svchost.exe
snapshot_handle: 0x00000104
process_identifier: 1316
failed 0 0
1620897776.734363
Process32NextW
process_name: svchost.exe
snapshot_handle: 0x00000104
process_identifier: 1316
failed 0 0
1620897776.750363
Process32NextW
process_name: svchost.exe
snapshot_handle: 0x00000104
process_identifier: 1316
failed 0 0
1620897776.797363
Process32NextW
process_name: svchost.exe
snapshot_handle: 0x00000104
process_identifier: 1316
failed 0 0
1620897776.828363
Process32NextW
process_name: svchost.exe
snapshot_handle: 0x00000104
process_identifier: 1316
failed 0 0
1620897776.844363
Process32NextW
process_name: svchost.exe
snapshot_handle: 0x00000104
process_identifier: 1316
failed 0 0
1620897776.890363
Process32NextW
process_name: svchost.exe
snapshot_handle: 0x00000104
process_identifier: 1316
failed 0 0
Terminates another process (50 out of 60 个事件)
Time & API Arguments Status Return Repeated
1620897739.969363
NtTerminateProcess
status_code: 0x00000000
process_identifier: 1424
process_handle: 0x00000108
failed 0 0
1620897739.969363
NtTerminateProcess
status_code: 0x00000000
process_identifier: 1424
process_handle: 0x00000108
success 0 0
1620897742.797363
NtTerminateProcess
status_code: 0x00000000
process_identifier: 2760
process_handle: 0x00000108
failed 0 0
1620897742.797363
NtTerminateProcess
status_code: 0x00000000
process_identifier: 2760
process_handle: 0x00000108
success 0 0
1620897750.000363
NtTerminateProcess
status_code: 0x00000000
process_identifier: 2080
process_handle: 0x00000108
failed 0 0
1620897750.000363
NtTerminateProcess
status_code: 0x00000000
process_identifier: 2080
process_handle: 0x00000108
success 0 0
1620897750.062363
NtTerminateProcess
status_code: 0x00000000
process_identifier: 2080
process_handle: 0x00000108
failed 0 0
1620897750.062363
NtTerminateProcess
status_code: 0x00000000
process_identifier: 2080
process_handle: 0x00000108
failed 3221225738 0
1620897750.172363
NtTerminateProcess
status_code: 0x00000000
process_identifier: 2080
process_handle: 0x00000108
failed 0 0
1620897750.172363
NtTerminateProcess
status_code: 0x00000000
process_identifier: 2080
process_handle: 0x00000108
failed 3221225738 0
1620897750.203363
NtTerminateProcess
status_code: 0x00000000
process_identifier: 2080
process_handle: 0x00000108
failed 0 0
1620897750.203363
NtTerminateProcess
status_code: 0x00000000
process_identifier: 2080
process_handle: 0x00000108
failed 3221225738 0
1620897753.562363
NtTerminateProcess
status_code: 0x00000000
process_identifier: 2356
process_handle: 0x00000108
failed 0 0
1620897753.562363
NtTerminateProcess
status_code: 0x00000000
process_identifier: 2356
process_handle: 0x00000108
success 0 0
1620897753.640363
NtTerminateProcess
status_code: 0x00000000
process_identifier: 2356
process_handle: 0x00000108
failed 0 0
1620897753.640363
NtTerminateProcess
status_code: 0x00000000
process_identifier: 2356
process_handle: 0x00000108
failed 3221225738 0
1620897757.094363
NtTerminateProcess
status_code: 0x00000000
process_identifier: 3048
process_handle: 0x00000108
failed 0 0
1620897757.094363
NtTerminateProcess
status_code: 0x00000000
process_identifier: 3048
process_handle: 0x00000108
success 0 0
1620897757.156363
NtTerminateProcess
status_code: 0x00000000
process_identifier: 3048
process_handle: 0x00000108
failed 0 0
1620897757.156363
NtTerminateProcess
status_code: 0x00000000
process_identifier: 3048
process_handle: 0x00000108
failed 3221225738 0
1620897757.187363
NtTerminateProcess
status_code: 0x00000000
process_identifier: 3048
process_handle: 0x00000108
failed 0 0
1620897757.187363
NtTerminateProcess
status_code: 0x00000000
process_identifier: 3048
process_handle: 0x00000108
failed 3221225738 0
1620897757.297363
NtTerminateProcess
status_code: 0x00000000
process_identifier: 3048
process_handle: 0x00000108
failed 0 0
1620897757.297363
NtTerminateProcess
status_code: 0x00000000
process_identifier: 3048
process_handle: 0x00000108
failed 3221225738 0
1620897757.328363
NtTerminateProcess
status_code: 0x00000000
process_identifier: 3048
process_handle: 0x00000108
failed 0 0
1620897757.328363
NtTerminateProcess
status_code: 0x00000000
process_identifier: 3048
process_handle: 0x00000108
failed 3221225738 0
1620897760.281363
NtTerminateProcess
status_code: 0x00000000
process_identifier: 1696
process_handle: 0x00000108
failed 0 0
1620897760.297363
NtTerminateProcess
status_code: 0x00000000
process_identifier: 1696
process_handle: 0x00000108
success 0 0
1620897760.469363
NtTerminateProcess
status_code: 0x00000000
process_identifier: 1696
process_handle: 0x00000108
failed 0 0
1620897760.469363
NtTerminateProcess
status_code: 0x00000000
process_identifier: 1696
process_handle: 0x00000108
failed 3221225738 0
1620897762.140363
NtTerminateProcess
status_code: 0x00000000
process_identifier: 2604
process_handle: 0x00000108
failed 0 0
1620897762.140363
NtTerminateProcess
status_code: 0x00000000
process_identifier: 2604
process_handle: 0x00000108
success 0 0
1620897764.515363
NtTerminateProcess
status_code: 0x00000000
process_identifier: 2976
process_handle: 0x00000108
failed 0 0
1620897764.515363
NtTerminateProcess
status_code: 0x00000000
process_identifier: 2976
process_handle: 0x00000108
success 0 0
1620897766.969363
NtTerminateProcess
status_code: 0x00000000
process_identifier: 3000
process_handle: 0x00000108
failed 0 0
1620897766.969363
NtTerminateProcess
status_code: 0x00000000
process_identifier: 3000
process_handle: 0x00000108
success 0 0
1620897767.094363
NtTerminateProcess
status_code: 0x00000000
process_identifier: 3000
process_handle: 0x00000108
failed 0 0
1620897767.094363
NtTerminateProcess
status_code: 0x00000000
process_identifier: 3000
process_handle: 0x00000108
failed 3221225738 0
1620897769.500363
NtTerminateProcess
status_code: 0x00000000
process_identifier: 1908
process_handle: 0x00000108
failed 0 0
1620897769.500363
NtTerminateProcess
status_code: 0x00000000
process_identifier: 1908
process_handle: 0x00000108
success 0 0
1620897769.625363
NtTerminateProcess
status_code: 0x00000000
process_identifier: 1908
process_handle: 0x00000108
failed 0 0
1620897769.625363
NtTerminateProcess
status_code: 0x00000000
process_identifier: 1908
process_handle: 0x00000108
failed 3221225738 0
1620897769.672363
NtTerminateProcess
status_code: 0x00000000
process_identifier: 1908
process_handle: 0x00000108
failed 0 0
1620897769.672363
NtTerminateProcess
status_code: 0x00000000
process_identifier: 1908
process_handle: 0x00000108
failed 3221225738 0
1620897769.734363
NtTerminateProcess
status_code: 0x00000000
process_identifier: 1908
process_handle: 0x00000108
failed 0 0
1620897769.734363
NtTerminateProcess
status_code: 0x00000000
process_identifier: 1908
process_handle: 0x00000108
failed 3221225738 0
1620897771.875363
NtTerminateProcess
status_code: 0x00000000
process_identifier: 2668
process_handle: 0x00000108
failed 0 0
1620897771.875363
NtTerminateProcess
status_code: 0x00000000
process_identifier: 2668
process_handle: 0x00000108
success 0 0
1620897771.984363
NtTerminateProcess
status_code: 0x00000000
process_identifier: 2668
process_handle: 0x00000108
failed 0 0
1620897771.984363
NtTerminateProcess
status_code: 0x00000000
process_identifier: 2668
process_handle: 0x00000108
failed 3221225738 0
网络通信
Communicates with host for which no DNS query was performed (1 个事件)
host 172.217.24.14
Installs itself for autorun at Windows startup (1 个事件)
reg_key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\abc2b8e349dccb595f45dd996538ad62.exe reg_value C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\abc2b8e349dccb595f45dd996538ad62.exe
Expresses interest in specific running processes (1 个事件)
process: potential process injection target explorer.exe
Attempts to modify Explorer settings to prevent hidden files from being displayed (1 个事件)
registry HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Hidden
File has been identified by 67 AntiVirus engines on VirusTotal as malicious (50 out of 67 个事件)
Bkav W32.BitwanX.Trojan
DrWeb Trojan.Winlock.3333
MicroWorld-eScan Trojan.Generic.5848174
FireEye Generic.mg.abc2b8e349dccb59
CAT-QuickHeal Ransom.Weenloc.A8
McAfee Trojan-FAZX!ABC2B8E349DC
Cylance Unsafe
Zillya Trojan.Fullscreen.Win32.35
SUPERAntiSpyware Trojan.Agent/Gen-Ransom
Sangfor Malware
CrowdStrike win/malicious_confidence_100% (W)
Alibaba Ransom:Win32/Blocker.65140df8
K7GW Trojan ( 0039911e1 )
K7AntiVirus Trojan ( 0039911e1 )
Arcabit Trojan.Generic.D593C6E
Invincea heuristic
BitDefenderTheta AI:Packer.F2735F6E21
F-Prot W32/Trojan2.OAEZ
Symantec Trojan.Ransomlock
ESET-NOD32 Win32/LockScreen.AGU
APEX Malicious
TotalDefense Win32/Ransom.PC
Avast Win32:LockScreen-AHV [Trj]
ClamAV Win.Trojan.Fullscreen-41
Kaspersky Trojan-Ransom.Win32.Blocker.jzec
BitDefender Trojan.Generic.5848174
NANO-Antivirus Trojan.Win32.Fullscreen.crnep
Paloalto generic.ml
ViRobot Trojan.Win32.A.ChameleonUnlicence.383298
Rising Trojan.Win32.Weenloc.a (CLOUD)
Endgame malicious (high confidence)
TACHYON Ransom/W32.DP-PornoAsset.407040
Emsisoft Trojan.Generic.5848174 (B)
Comodo TrojWare.Win32.Ransom.Fullscreen.fgt@4t6ar8
F-Secure Trojan.TR/ATRAPS.Gen
Baidu Win32.Trojan.LockScreen.b
VIPRE Trojan.Win32.Birele.mby (v)
TrendMicro Ransom_WINLOCK.SM
Trapmine malicious.high.ml.score
Sophos Mal/Ransom-AI
SentinelOne DFI - Malicious PE
Cyren W32/Trojan.GDVD-7096
Jiangmin Trojan/Fullscreen.ak
eGambit Unsafe.AI_Score_99%
Avira TR/ATRAPS.Gen
Antiy-AVL Trojan[Ransom]/Win32.PornoAsset.cioy
Microsoft Ransom:Win32/Weenloc
ZoneAlarm Trojan-Ransom.Win32.Blocker.jzec
GData Trojan.Generic.5848174
Cynet Malicious (score: 100)
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

1992-06-20 06:22:17

Imports

Library kernel32.dll:
0x45613c VirtualFree
0x456140 VirtualAlloc
0x456144 LocalFree
0x456148 LocalAlloc
0x45614c GetVersion
0x456150 GetCurrentThreadId
0x45615c VirtualQuery
0x456160 WideCharToMultiByte
0x456164 MultiByteToWideChar
0x456168 lstrlenA
0x45616c lstrcpynA
0x456170 LoadLibraryExA
0x456174 GetThreadLocale
0x456178 GetStartupInfoA
0x45617c GetProcAddress
0x456180 GetModuleHandleA
0x456184 GetModuleFileNameA
0x456188 GetLocaleInfoA
0x45618c GetCommandLineA
0x456190 FreeLibrary
0x456194 FindFirstFileA
0x456198 FindClose
0x45619c ExitProcess
0x4561a0 WriteFile
0x4561a8 RtlUnwind
0x4561ac RaiseException
0x4561b0 GetStdHandle
Library user32.dll:
0x4561b8 GetKeyboardType
0x4561bc LoadStringA
0x4561c0 MessageBoxA
0x4561c4 CharNextA
Library advapi32.dll:
0x4561cc RegQueryValueExA
0x4561d0 RegOpenKeyExA
0x4561d4 RegCloseKey
Library oleaut32.dll:
0x4561dc SysFreeString
0x4561e0 SysReAllocStringLen
0x4561e4 SysAllocStringLen
Library kernel32.dll:
0x4561ec TlsSetValue
0x4561f0 TlsGetValue
0x4561f4 LocalAlloc
0x4561f8 GetModuleHandleA
Library advapi32.dll:
0x456200 RegSetValueExA
0x456204 RegQueryValueExA
0x456208 RegQueryInfoKeyA
0x45620c RegOpenKeyExA
0x456210 RegFlushKey
0x456214 RegEnumValueA
0x456218 RegEnumKeyExA
0x45621c RegDeleteValueA
0x456220 RegDeleteKeyA
0x456224 RegCreateKeyExA
0x456228 RegCloseKey
Library kernel32.dll:
0x456230 lstrcpyA
0x456234 WriteFile
0x456238 WaitForSingleObject
0x45623c VirtualQuery
0x456240 VirtualAlloc
0x456244 TerminateProcess
0x456248 Sleep
0x45624c SizeofResource
0x456250 SetThreadLocale
0x456254 SetFilePointer
0x456258 SetFileAttributesA
0x45625c SetEvent
0x456260 SetErrorMode
0x456264 SetEndOfFile
0x456268 ResetEvent
0x45626c ReadFile
0x456270 OpenProcess
0x456274 MulDiv
0x456278 LockResource
0x45627c LoadResource
0x456280 LoadLibraryA
0x45628c GlobalUnlock
0x456290 GlobalReAlloc
0x456294 GlobalHandle
0x456298 GlobalLock
0x45629c GlobalFree
0x4562a0 GlobalFindAtomA
0x4562a4 GlobalDeleteAtom
0x4562a8 GlobalAlloc
0x4562ac GlobalAddAtomA
0x4562b4 GetVersionExA
0x4562b8 GetVersion
0x4562bc GetTickCount
0x4562c0 GetThreadLocale
0x4562c4 GetSystemInfo
0x4562c8 GetStringTypeExA
0x4562cc GetStdHandle
0x4562d0 GetProcAddress
0x4562d4 GetModuleHandleA
0x4562d8 GetModuleFileNameA
0x4562dc GetLocaleInfoA
0x4562e0 GetLocalTime
0x4562e4 GetLastError
0x4562e8 GetFullPathNameA
0x4562ec GetDiskFreeSpaceA
0x4562f0 GetDateFormatA
0x4562f4 GetCurrentThreadId
0x4562f8 GetCurrentProcessId
0x4562fc GetCPInfo
0x456300 GetACP
0x456304 FreeResource
0x456308 InterlockedExchange
0x45630c FreeLibrary
0x456310 FormatMessageA
0x456314 FindResourceA
0x456318 ExitProcess
0x45631c EnumCalendarInfoA
0x456328 CreateThread
0x45632c CreateFileA
0x456330 CreateEventA
0x456334 CompareStringA
0x456338 CloseHandle
Library version.dll:
0x456340 VerQueryValueA
0x456348 GetFileVersionInfoA
Library gdi32.dll:
0x456350 UnrealizeObject
0x456354 StretchBlt
0x456358 SetWindowOrgEx
0x45635c SetViewportOrgEx
0x456360 SetTextColor
0x456364 SetStretchBltMode
0x456368 SetROP2
0x45636c SetPixel
0x456370 SetDIBColorTable
0x456374 SetBrushOrgEx
0x456378 SetBkMode
0x45637c SetBkColor
0x456380 SelectPalette
0x456384 SelectObject
0x456388 SaveDC
0x45638c RestoreDC
0x456390 RectVisible
0x456394 RealizePalette
0x456398 PatBlt
0x45639c MoveToEx
0x4563a0 MaskBlt
0x4563a4 LineTo
0x4563a8 IntersectClipRect
0x4563ac GetWindowOrgEx
0x4563b0 GetTextMetricsA
0x4563bc GetStockObject
0x4563c0 GetPixel
0x4563c4 GetPaletteEntries
0x4563c8 GetObjectA
0x4563cc GetDeviceCaps
0x4563d0 GetDIBits
0x4563d4 GetDIBColorTable
0x4563d8 GetDCOrgEx
0x4563e0 GetClipBox
0x4563e4 GetBrushOrgEx
0x4563e8 GetBitmapBits
0x4563ec ExcludeClipRect
0x4563f0 DeleteObject
0x4563f4 DeleteDC
0x4563f8 CreateSolidBrush
0x4563fc CreatePenIndirect
0x456400 CreatePalette
0x456408 CreateFontIndirectA
0x45640c CreateDIBitmap
0x456410 CreateDIBSection
0x456414 CreateCompatibleDC
0x45641c CreateBrushIndirect
0x456420 CreateBitmap
0x456424 BitBlt
Library user32.dll:
0x45642c CreateWindowExA
0x456430 WindowFromPoint
0x456434 WinHelpA
0x456438 WaitMessage
0x45643c UpdateWindow
0x456440 UnregisterClassA
0x456444 UnhookWindowsHookEx
0x456448 TranslateMessage
0x456450 TrackPopupMenu
0x456458 ShowWindow
0x45645c ShowScrollBar
0x456460 ShowOwnedPopups
0x456464 ShowCursor
0x456468 SetWindowsHookExA
0x45646c SetWindowTextA
0x456470 SetWindowPos
0x456474 SetWindowPlacement
0x456478 SetWindowLongA
0x45647c SetTimer
0x456480 SetScrollRange
0x456484 SetScrollPos
0x456488 SetScrollInfo
0x45648c SetRect
0x456490 SetPropA
0x456494 SetParent
0x456498 SetMenuItemInfoA
0x45649c SetMenu
0x4564a0 SetForegroundWindow
0x4564a4 SetFocus
0x4564a8 SetCursor
0x4564ac SetClassLongA
0x4564b0 SetCapture
0x4564b4 SetActiveWindow
0x4564b8 SendMessageA
0x4564bc ScrollWindow
0x4564c0 ScreenToClient
0x4564c4 RemovePropA
0x4564c8 RemoveMenu
0x4564cc ReleaseDC
0x4564d0 ReleaseCapture
0x4564dc RegisterClassA
0x4564e0 RedrawWindow
0x4564e4 PtInRect
0x4564e8 PostQuitMessage
0x4564ec PostMessageA
0x4564f0 PeekMessageA
0x4564f4 OffsetRect
0x4564f8 OemToCharA
0x4564fc MessageBoxA
0x456500 MapWindowPoints
0x456504 MapVirtualKeyA
0x456508 LoadStringA
0x45650c LoadKeyboardLayoutA
0x456510 LoadIconA
0x456514 LoadCursorA
0x456518 LoadBitmapA
0x45651c KillTimer
0x456520 IsZoomed
0x456524 IsWindowVisible
0x456528 IsWindowEnabled
0x45652c IsWindow
0x456530 IsRectEmpty
0x456534 IsIconic
0x456538 IsDialogMessageA
0x45653c IsChild
0x456540 InvalidateRect
0x456544 IntersectRect
0x456548 InsertMenuItemA
0x45654c InsertMenuA
0x456550 InflateRect
0x456558 GetWindowTextA
0x45655c GetWindowRect
0x456560 GetWindowPlacement
0x456564 GetWindowLongA
0x456568 GetWindowDC
0x45656c GetTopWindow
0x456570 GetSystemMetrics
0x456574 GetSystemMenu
0x456578 GetSysColorBrush
0x45657c GetSysColor
0x456580 GetSubMenu
0x456584 GetScrollRange
0x456588 GetScrollPos
0x45658c GetScrollInfo
0x456590 GetPropA
0x456594 GetParent
0x456598 GetWindow
0x45659c GetMenuStringA
0x4565a0 GetMenuState
0x4565a4 GetMenuItemInfoA
0x4565a8 GetMenuItemID
0x4565ac GetMenuItemCount
0x4565b0 GetMenu
0x4565b4 GetLastActivePopup
0x4565b8 GetKeyboardState
0x4565c0 GetKeyboardLayout
0x4565c4 GetKeyState
0x4565c8 GetKeyNameTextA
0x4565cc GetIconInfo
0x4565d0 GetForegroundWindow
0x4565d4 GetFocus
0x4565d8 GetDesktopWindow
0x4565dc GetDCEx
0x4565e0 GetDC
0x4565e4 GetCursorPos
0x4565e8 GetCursor
0x4565ec GetClientRect
0x4565f0 GetClassNameA
0x4565f4 GetClassInfoA
0x4565f8 GetCapture
0x4565fc GetActiveWindow
0x456600 FrameRect
0x456604 FindWindowA
0x456608 FillRect
0x45660c EqualRect
0x456610 EnumWindows
0x456614 EnumThreadWindows
0x456618 EndPaint
0x45661c EnableWindow
0x456620 EnableScrollBar
0x456624 EnableMenuItem
0x456628 DrawTextA
0x45662c DrawMenuBar
0x456630 DrawIconEx
0x456634 DrawIcon
0x456638 DrawFrameControl
0x45663c DrawEdge
0x456640 DispatchMessageA
0x456644 DestroyWindow
0x456648 DestroyMenu
0x45664c DestroyIcon
0x456650 DestroyCursor
0x456654 DeleteMenu
0x456658 DefWindowProcA
0x45665c DefMDIChildProcA
0x456660 DefFrameProcA
0x456664 CreatePopupMenu
0x456668 CreateMenu
0x45666c CreateIcon
0x456670 ClipCursor
0x456674 ClientToScreen
0x456678 CheckMenuItem
0x45667c CallWindowProcA
0x456680 CallNextHookEx
0x456684 BeginPaint
0x456688 CharNextA
0x45668c CharLowerA
0x456690 CharToOemA
0x456694 AdjustWindowRectEx
Library kernel32.dll:
0x4566a0 Sleep
Library oleaut32.dll:
0x4566a8 SafeArrayPtrOfIndex
0x4566ac SafeArrayGetUBound
0x4566b0 SafeArrayGetLBound
0x4566b4 SafeArrayCreate
0x4566b8 VariantChangeType
0x4566bc VariantCopy
0x4566c0 VariantClear
0x4566c4 VariantInit
Library comctl32.dll:
0x4566d4 ImageList_Write
0x4566d8 ImageList_Read
0x4566e8 ImageList_DragMove
0x4566ec ImageList_DragLeave
0x4566f0 ImageList_DragEnter
0x4566f4 ImageList_EndDrag
0x4566f8 ImageList_BeginDrag
0x4566fc ImageList_Remove
0x456700 ImageList_DrawEx
0x456704 ImageList_Draw
0x456714 ImageList_Add
0x456720 ImageList_Destroy
0x456724 ImageList_Create
Library shell32.dll:
0x45672c ShellExecuteA

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 50534 114.114.114.114 53
192.168.56.101 58367 114.114.114.114 53
192.168.56.101 60123 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 55368 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 62191 224.0.0.252 5355
192.168.56.101 63429 224.0.0.252 5355
192.168.56.101 65004 224.0.0.252 5355
192.168.56.101 1900 239.255.255.250 1900
192.168.56.101 58368 239.255.255.250 3702
192.168.56.101 58707 239.255.255.250 3702
192.168.56.101 60124 239.255.255.250 3702
192.168.56.101 62194 239.255.255.250 1900
192.168.56.101 60123 8.8.8.8 53

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.