7.4
高危
40 个模型检测该样本为恶意!
重新分析
更多

4e52cdd00c05814d563b70e3271df67fb530ec90dca084a4f1b4d3f539e58061

abf4dcf13ed47c972539ba25f323c3e3.exe

分析耗时

73s

最近分析

文件大小

3.2MB
静态报毒 动态报毒 A VARIANT OF GENERIK AI SCORE=83 ARTEMIS ATTRIBUTE CASDET CIXIHZG CONFIDENCE GENERIK HIGHCONFIDENCE KCLOUD LRII MALICIOUS MALWARE@#2JVAXJGYH9WSK NETWIRE NETWIREDRC STATIC AI SUSGEN SUSPICIOUS PE UNSAFE ZUSY 更多
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
McAfee Artemis!ABF4DCF13ED4 20201211 6.0.6.653
Alibaba Backdoor:Win32/NetWiredRC.eeb76048 20190527 0.3.0.5
Baidu 20190318 1.0.0.2
Avast Win32:Trojan-gen 20201210 21.1.5827.0
Kingsoft Win32.Hack.NetWiredRC.l.(kcloud) 20201211 2017.9.26.565
Tencent Win32.Backdoor.Netwiredrc.Lrii 20201211 1.0.0.1
CrowdStrike win/malicious_confidence_90% (W) 20190702 1.0
静态指标
Checks if process is being debugged by a debugger (1 个事件)
Time & API Arguments Status Return Repeated
1619857183.981125
IsDebuggerPresent
failed 0 0
This executable has a PDB path (1 个事件)
pdb_path XpsRchVw.pdb
Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available (1 个事件)
Time & API Arguments Status Return Repeated
1619826889.177436
GlobalMemoryStatusEx
success 1 0
The file contains an unknown PE resource name possibly indicative of a packer (1 个事件)
resource name MUI
行为判定
动态指标
Allocates read-write-execute memory (usually to unpack itself) (10 个事件)
Time & API Arguments Status Return Repeated
1619826887.864436
NtAllocateVirtualMemory
process_identifier: 2900
region_size: 172032
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00370000
success 0 0
1619826887.880436
NtAllocateVirtualMemory
process_identifier: 2900
region_size: 212992
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00400000
failed 3221225496 0
1619826887.880436
NtAllocateVirtualMemory
process_identifier: 2900
region_size: 212992
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x003a0000
success 0 0
1619826888.005436
NtAllocateVirtualMemory
process_identifier: 2900
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x005f0000
success 0 0
1619826888.005436
NtAllocateVirtualMemory
process_identifier: 2900
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00600000
success 0 0
1619857183.793125
NtAllocateVirtualMemory
process_identifier: 2868
region_size: 172032
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x002f0000
success 0 0
1619857183.809125
NtAllocateVirtualMemory
process_identifier: 2868
region_size: 212992
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00400000
failed 3221225496 0
1619857183.809125
NtAllocateVirtualMemory
process_identifier: 2868
region_size: 212992
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00550000
success 0 0
1619857183.871125
NtAllocateVirtualMemory
process_identifier: 2868
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00ff0000
success 0 0
1619857183.871125
NtAllocateVirtualMemory
process_identifier: 2868
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x02750000
success 0 0
Creates executable files on the filesystem (1 个事件)
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\bdn\bdn.exe
Drops a binary and executes it (1 个事件)
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\bdn\bdn.exe
Drops an executable to the user AppData folder (1 个事件)
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\bdn\bdn.exe
网络通信
Communicates with host for which no DNS query was performed (2 个事件)
host 172.217.24.14
host 79.134.225.22
Installs itself for autorun at Windows startup (1 个事件)
reg_key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\NetWire reg_value C:\Users\Administrator.Oskar-PC\AppData\Roaming\bdn\bdn.exe
Deletes executed files from disk (1 个事件)
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\bdn\bdn.exe
Creates known Netwire files, registry keys and/or mutexes (1 个事件)
regkey HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\NetWire
File has been identified by 40 AntiVirus engines on VirusTotal as malicious (40 个事件)
MicroWorld-eScan Gen:Variant.Zusy.306185
FireEye Generic.mg.abf4dcf13ed47c97
McAfee Artemis!ABF4DCF13ED4
Cylance Unsafe
Sangfor Malware
K7AntiVirus Trojan ( 00568cbe1 )
Alibaba Backdoor:Win32/NetWiredRC.eeb76048
K7GW Trojan ( 00568cbe1 )
Arcabit Trojan.Zusy.D4AC09
Symantec ML.Attribute.HighConfidence
Avast Win32:Trojan-gen
Kaspersky Backdoor.Win32.NetWiredRC.lbq
BitDefender Gen:Variant.Zusy.306185
Paloalto generic.ml
Ad-Aware Gen:Variant.Zusy.306185
TACHYON Trojan/W32.NetWiredRC.3405312
Emsisoft Gen:Variant.Zusy.306185 (B)
Comodo Malware@#2jvaxjgyh9wsk
VIPRE Trojan.Win32.Generic!BT
McAfee-GW-Edition Artemis
SentinelOne Static AI - Suspicious PE
Sophos Mal/Generic-S
APEX Malicious
Kingsoft Win32.Hack.NetWiredRC.l.(kcloud)
Microsoft Trojan:Win32/Casdet!rfn
AegisLab Trojan.Win32.NetWiredRC.m!c
ZoneAlarm Backdoor.Win32.NetWiredRC.lbq
GData Gen:Variant.Zusy.306185
AhnLab-V3 Trojan/Win32.NetWiredRC.C4149274
ALYac Gen:Variant.Zusy.306185
MAX malware (ai score=83)
ESET-NOD32 a variant of Generik.CIXIHZG
Tencent Win32.Backdoor.Netwiredrc.Lrii
Ikarus Trojan.SuspectCRC
MaxSecure Trojan.Malware.1728101.susgen
Fortinet W32/Generik.CIXIHZG!tr
AVG Win32:Trojan-gen
Panda Trj/CI.A
CrowdStrike win/malicious_confidence_90% (W)
Qihoo-360 Win32/Backdoor.a58
Connects to IP addresses that are no longer responding to requests (legitimate services will remain up-and-running usually) (2 个事件)
dead_host 192.168.56.101:49180
dead_host 79.134.225.22:2030
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

2009-07-14 08:23:09

Imports

Library ADVAPI32.dll:
0x1001000 TraceMessage
0x1001004 CryptReleaseContext
0x1001008 CryptDestroyKey
0x100100c CryptGenKey
0x1001010 CryptAcquireContextW
0x1001014 CryptContextAddRef
0x1001018 CryptDuplicateKey
0x100101c CryptDecrypt
0x1001020 CryptEncrypt
0x1001024 EventWrite
0x1001028 RegSetValueExW
0x100102c RegCloseKey
0x1001030 RegCreateKeyExW
0x1001034 RegQueryValueExW
0x1001038 RegDeleteKeyW
0x100103c RegEnumValueW
0x1001040 RegQueryInfoKeyW
0x1001044 RegFlushKey
0x1001048 RegDeleteValueW
0x100104c RegGetValueW
0x1001050 GetTraceEnableFlags
0x1001054 GetTraceEnableLevel
0x1001058 GetTraceLoggerHandle
0x100105c RegisterTraceGuidsW
0x1001060 UnregisterTraceGuids
0x1001064 EventRegister
0x1001068 EventUnregister
0x100106c CryptSignHashW
0x1001070 CryptDestroyHash
0x1001074 RegOpenKeyExW
0x1001078 CryptCreateHash
0x100107c RegQueryValueExA
0x1001080 RegOpenKeyExA
Library KERNEL32.dll:
0x1001168 GetLongPathNameW
0x100116c GetProcessHeap
0x1001170 GetModuleFileNameW
0x1001174 GetModuleHandleW
0x1001178 LocalFree
0x100117c GetCurrentDirectoryW
0x1001180 SetCurrentDirectoryW
0x1001184 GetTickCount
0x100118c CreateEventW
0x1001190 GetSystemInfo
0x1001194 CreateThread
0x1001198 ResumeThread
0x100119c GetExitCodeThread
0x10011a4 SetEvent
0x10011a8 InitOnceComplete
0x10011ac GetProcAddress
0x10011b0 FindResourceW
0x10011b4 SizeofResource
0x10011b8 LoadResource
0x10011bc LockResource
0x10011c0 GlobalAlloc
0x10011c4 GlobalLock
0x10011c8 GlobalUnlock
0x10011cc GlobalFree
0x10011d0 EnterCriticalSection
0x10011d4 GetStringTypeExW
0x10011d8 lstrlenA
0x10011dc CompareStringW
0x10011e0 lstrlenW
0x10011e4 WideCharToMultiByte
0x10011e8 MultiByteToWideChar
0x10011ec GetFileAttributesW
0x10011f0 ReplaceFileW
0x10011f4 CopyFileW
0x10011f8 FindFirstFileExW
0x10011fc FindNextFileW
0x1001200 WaitForSingleObject
0x1001204 GetFullPathNameW
0x1001208 SetFileAttributesW
0x100120c FindClose
0x1001210 LoadLibraryW
0x100121c GetStartupInfoW
0x1001224 FileTimeToSystemTime
0x1001228 OutputDebugStringA
0x1001230 GetModuleHandleA
0x1001238 GetCurrentProcessId
0x100123c SystemTimeToFileTime
0x1001240 GetFileSizeEx
0x1001248 ResetEvent
0x100124c GetVersionExW
0x1001254 CompareStringEx
0x100125c IsValidLocaleName
0x1001260 FindNLSStringEx
0x1001264 GetSystemDirectoryW
0x1001268 GetLocalTime
0x100126c GetDateFormatEx
0x1001274 GetDateFormatW
0x1001278 GetTimeFormatW
0x100127c Sleep
0x1001280 GetSystemTime
0x1001288 MulDiv
0x100128c CompareStringOrdinal
0x1001290 CompareFileTime
0x1001294 DeleteCriticalSection
0x100129c RaiseException
0x10012a0 CreateFileA
0x10012a4 CreateFileW
0x10012a8 DeleteFileA
0x10012ac DeleteFileW
0x10012b0 CreateFileMappingA
0x10012b8 GetTempPathW
0x10012bc SetFilePointerEx
0x10012c0 OutputDebugStringW
0x10012c4 FormatMessageW
0x10012c8 FindResourceExW
0x10012cc LoadLibraryExW
0x10012d0 GetLocaleInfoW
0x10012d8 SearchPathW
0x10012dc CreateFileMappingW
0x10012e0 MapViewOfFile
0x10012e4 UnmapViewOfFile
0x10012e8 GetTempFileNameA
0x10012ec GetTempFileNameW
0x10012f0 ReadFile
0x10012f4 VirtualProtect
0x10012f8 WriteProcessMemory
0x10012fc GetLastError
0x1001300 GetFileSize
0x1001304 LoadLibraryA
0x1001308 FreeLibrary
0x100130c LeaveCriticalSection
0x1001310 SetEndOfFile
0x1001314 DuplicateHandle
0x1001318 HeapDestroy
0x100131c HeapAlloc
0x1001320 HeapFree
0x1001324 HeapReAlloc
0x1001328 HeapSize
0x100132c GetUserDefaultLCID
0x1001330 GetVersionExA
0x1001338 FindResourceA
0x100133c WriteFile
0x1001340 SetFilePointer
0x1001344 CloseHandle
0x1001348 InterlockedDecrement
0x100134c InterlockedIncrement
0x1001350 InterlockedExchange
0x1001354 SetLastError
0x1001358 GetCurrentThreadId
0x1001360 GetCurrentProcess
0x1001364 TerminateProcess
0x1001368 FoldStringW
0x100136c LocalAlloc
Library GDI32.dll:
0x10010d4 CreatePen
0x10010d8 SelectClipRgn
0x10010dc StretchBlt
0x10010e0 GetRandomRgn
0x10010e4 MoveToEx
0x10010e8 GetWorldTransform
0x10010ec GetCurrentObject
0x10010f0 CreateDIBSection
0x10010f4 SetStretchBltMode
0x10010f8 SetGraphicsMode
0x10010fc LineTo
0x1001100 CreateRectRgn
0x1001104 SetWorldTransform
0x1001108 ExtTextOutW
0x100110c TextOutW
0x1001110 ExtEscape
0x1001114 SaveDC
0x1001118 RestoreDC
0x100111c GetTextExtentPoint32W
0x1001120 CreateSolidBrush
0x1001124 SetBkMode
0x1001128 CreateCompatibleDC
0x1001130 BitBlt
0x1001134 SelectObject
0x1001138 GetTextExtentPointW
0x100113c GetClipBox
0x1001140 SetTextColor
0x1001144 SetBkColor
0x1001148 CreateFontIndirectW
0x100114c CreateICW
0x1001150 GetDeviceCaps
0x1001154 DeleteDC
0x1001158 DeleteObject
0x100115c GetObjectW
Library USER32.dll:
0x1001398 IsDialogMessageW
0x100139c CopyRect
0x10013a0 DrawTextExW
0x10013a4 FlashWindowEx
0x10013a8 OpenIcon
0x10013ac OpenClipboard
0x10013b0 EmptyClipboard
0x10013b8 SetClipboardData
0x10013bc DestroyCursor
0x10013c0 CloseClipboard
0x10013c4 GetShellWindow
0x10013c8 GetDlgItemInt
0x10013cc GetForegroundWindow
0x10013d0 SetWindowPlacement
0x10013d4 InsertMenuItemW
0x10013d8 GetWindowPlacement
0x10013dc IntersectRect
0x10013e0 UnionRect
0x10013e4 EqualRect
0x10013e8 SetMenu
0x10013ec IsIconic
0x10013f0 IsZoomed
0x10013f4 AdjustWindowRect
0x10013f8 LoadIconW
0x10013fc SetCursor
0x1001400 SetForegroundWindow
0x1001404 TranslateAcceleratorW
0x1001408 DestroyMenu
0x100140c MonitorFromRect
0x1001410 PostMessageW
0x1001414 GetAncestor
0x1001418 MapWindowPoints
0x100141c RedrawWindow
0x1001420 ValidateRect
0x1001424 IsRectEmpty
0x1001428 GetCapture
0x100142c GetUpdateRgn
0x1001430 GetUpdateRect
0x1001434 GetGestureInfo
0x100143c SetGestureConfig
0x1001440 ClientToScreen
0x1001444 GetScrollInfo
0x1001448 SetScrollInfo
0x100144c ScrollWindowEx
0x1001450 KillTimer
0x1001454 SetTimer
0x1001458 DrawIconEx
0x100145c GetIconInfo
0x1001468 GetDesktopWindow
0x100146c OffsetRect
0x1001470 DrawTextW
0x1001474 DrawFrameControl
0x1001478 GetMenuItemCount
0x100147c CheckMenuRadioItem
0x1001480 RemovePropW
0x1001484 SetWindowTextW
0x1001488 SetParent
0x100148c IsProcessDPIAware
0x1001490 LoadImageW
0x1001494 SystemParametersInfoW
0x1001498 IsWindowEnabled
0x100149c TrackMouseEvent
0x10014a0 GetCursorPos
0x10014a4 ScreenToClient
0x10014a8 PtInRect
0x10014ac IsWindow
0x10014b0 CheckDlgButton
0x10014b4 GetSysColor
0x10014b8 GetSysColorBrush
0x10014bc MessageBoxW
0x10014c0 SetPropW
0x10014c4 RemoveMenu
0x10014c8 CreatePopupMenu
0x10014cc GetDC
0x10014d0 ReleaseDC
0x10014d4 GetPropW
0x10014d8 CallWindowProcW
0x10014dc GetScrollBarInfo
0x10014e0 GetSystemMetrics
0x10014e4 GetParent
0x10014e8 GetWindow
0x10014ec MonitorFromWindow
0x10014f0 GetMonitorInfoW
0x10014f4 DestroyIcon
0x10014f8 SendMessageW
0x10014fc SetRectEmpty
0x1001500 GetFocus
0x1001504 IsChild
0x1001508 PostQuitMessage
0x100150c GetKeyState
0x1001510 LoadAcceleratorsW
0x1001514 LoadMenuW
0x1001518 ShowWindow
0x100151c LoadCursorW
0x1001520 GetClientRect
0x1001524 GetWindowRect
0x1001528 DeferWindowPos
0x100152c CheckMenuItem
0x1001530 EnableMenuItem
0x1001534 EndPaint
0x1001538 FillRect
0x100153c BeginPaint
0x1001540 DefWindowProcW
0x1001544 SetFocus
0x1001548 SetDlgItemTextW
0x100154c MessageBeep
0x1001550 GetDlgItemTextW
0x1001554 EndDialog
0x1001558 GetSubMenu
0x100155c DestroyWindow
0x1001560 TrackPopupMenuEx
0x1001564 UpdateWindow
0x1001568 EndDeferWindowPos
0x100156c SetRect
0x1001570 IsWindowVisible
0x1001574 BeginDeferWindowPos
0x1001578 InflateRect
0x100157c GetDlgCtrlID
0x1001580 ReleaseCapture
0x1001584 SetCapture
0x1001588 PeekMessageW
0x100158c GetMessageW
0x1001590 TranslateMessage
0x1001594 SetMenuItemInfoW
0x1001598 DispatchMessageW
0x100159c GetMenu
0x10015a0 SetWindowPos
0x10015a4 UnhookWindowsHookEx
0x10015a8 CallNextHookEx
0x10015ac SetWindowLongW
0x10015b0 GetMenuState
0x10015b4 CreateWindowExW
0x10015b8 SetWindowsHookExW
0x10015bc LoadStringW
0x10015c0 GetWindowTextW
0x10015c4 GetWindowTextLengthW
0x10015c8 IsDlgButtonChecked
0x10015cc EnableWindow
0x10015d0 GetDlgItem
0x10015d4 SendDlgItemMessageW
0x10015d8 DialogBoxParamW
0x10015dc GetMessageTime
0x10015e0 GetMessagePos
0x10015e4 GetWindowLongW
0x10015e8 RegisterClassExW
0x10015ec InvalidateRect
Library msvcrt.dll:
0x100188c _CIpow
0x1001890 _strdup
0x1001894 _controlfp
0x1001898 realloc
0x100189c _onexit
0x10018a0 _lock
0x10018a4 __dllonexit
0x10018a8 _unlock
0x10018ac __uncaught_exception
0x10018b4 ??1type_info@@UAE@XZ
0x10018b8 ?terminate@@YAXXZ
0x10018bc __set_app_type
0x10018c0 __p__fmode
0x10018c4 __p__commode
0x10018c8 __setusermatherr
0x10018cc _amsg_exit
0x10018d0 _initterm
0x10018d4 _wcmdln
0x10018d8 exit
0x10018dc _XcptFilter
0x10018e0 _exit
0x10018e4 _cexit
0x10018e8 __wgetmainargs
0x10018ec abort
0x10018f0 __mb_cur_max
0x10018f4 __crtLCMapStringW
0x10018f8 __crtGetStringTypeW
0x10018fc setlocale
0x1001900 ___mb_cur_max_func
0x1001904 _errno
0x1001908 ___lc_handle_func
0x100190c ___lc_codepage_func
0x1001910 isupper
0x1001914 __pctype_func
0x1001918 __crtLCMapStringA
0x100191c calloc
0x1001920 malloc
0x1001924 _callnewh
0x1001928 towupper
0x100192c wcsstr
0x1001930 towlower
0x1001934 wcstombs
0x1001938 _strtoi64
0x100193c _strtoui64
0x1001940 _isnan
0x1001944 _finite
0x1001948 wcstod
0x100194c iswxdigit
0x1001950 ceil
0x1001954 floor
0x1001958 _CIfmod
0x100195c atol
0x1001960 swprintf_s
0x1001964 wcsncmp
0x1001968 _wcsnicmp
0x100196c bsearch
0x1001970 tolower
0x1001974 islower
0x1001978 isdigit
0x100197c isalnum
0x1001980 isspace
0x1001984 _beginthreadex
0x100198c _wtoi
0x1001990 wcsncpy_s
0x1001994 _wcsicmp
0x1001998 iswspace
0x100199c _ftol2_sse
0x10019a0 _stricmp
0x10019a4 mbstowcs
0x10019a8 ldiv
0x10019ac sprintf_s
0x10019b0 strcspn
0x10019b4 memchr
0x10019b8 localeconv
0x10019bc memset
0x10019c0 free
0x10019c4 memcpy
0x10019c8 _wtol
0x10019cc __CxxFrameHandler3
0x10019d0 _purecall
0x10019d4 _vsnwprintf
0x10019d8 _ftol2
0x10019dc ??1bad_cast@@UAE@XZ
0x10019e0 _CxxThrowException
0x10019ec ??1exception@@UAE@XZ
0x10019f0 ??0exception@@QAE@XZ
0x10019fc memcpy_s
0x1001a00 memmove_s
0x1001a04 _CItanh
0x1001a08 _CIacos
0x1001a0c _CIatan2
0x1001a10 _CIsin
0x1001a14 _CIsqrt
Library ntdll.dll:
0x1001a2c WinSqmAddToStream
Library netutils.dll:
0x1001a24 NetApiBufferFree
Library wkscli.dll:
0x1001a7c NetGetJoinInformation
Library COMCTL32.dll:
0x1001088
0x1001090 ImageList_LoadImageW
0x1001094 ImageList_Draw
0x1001098 ImageList_ReplaceIcon
0x100109c InitCommonControlsEx
0x10010a0
0x10010a4 ImageList_DrawEx
0x10010a8
0x10010ac ImageList_GetIconSize
0x10010b0 ImageList_Destroy
0x10010b4 ImageList_Create
0x10010b8 ImageList_AddMasked
0x10010bc ImageList_Add
Library DWrite.dll:
0x10010cc DWriteCreateFactory
Library gdiplus.dll:
0x10015fc GdipCloneBrush
0x1001600 GdipMultiplyMatrix
0x1001608 GdipIsMatrixIdentity
0x100160c GdipCloneMatrix
0x1001610 GdipGetRegionBounds
0x1001620 GdipGetSolidFillColor
0x1001634 GdipCreatePath
0x1001638 GdipDeletePath
0x1001648 GdipGetBrushType
0x100164c GdipCreateTexture2
0x1001650 GdipSetPenWidth
0x1001654 GdipGetPenWidth
0x100165c GdipSetPenLineJoin
0x1001660 GdipSetPenMiterLimit
0x1001664 GdipSetPenTransform
0x1001668 GdipSetPenBrushFill
0x100166c GdipSetPenDashOffset
0x1001670 GdipSetPenDashArray
0x1001674 GdipStartPathFigure
0x1001678 GdipAddPathLine
0x100167c GdipAddPathBezier
0x1001680 GdipTransformPath
0x1001684 GdipGetPointCount
0x1001698 GdipGetDpiX
0x100169c GdipGetDpiY
0x10016a0 GdipDrawPath
0x10016a4 GdipFillRectangleI
0x10016a8 GdipFillPath
0x10016ac GdipDrawImageRectRect
0x10016b0 GdipSetClipPath
0x10016bc GdipIsVisibleRectI
0x10016c0 GdipGetPathData
0x10016dc GdipSetLineWrapMode
0x10016e4 GdipBitmapLockBits
0x10016e8 GdipBitmapUnlockBits
0x10016f0 GdipCreateMatrix2
0x10016f4 GdipRotateMatrix
0x10016f8 GdipInvertMatrix
0x1001700 GdipCreateTextureIA
0x1001704 GdipCreateRegionPath
0x1001708 GdipAddPathRectangle
0x1001710 GdipDrawImageRectI
0x1001718 GdipSetPathFillMode
0x100171c GdipClosePathFigure
0x1001720 GdipSetPathMarker
0x1001724 GdipFlush
0x1001728 GdipTransformRegion
0x1001734 GdipDeleteFontFamily
0x1001738 GdipCreateFont
0x100173c GdipDeleteFont
0x1001740 GdipSaveAdd
0x1001744 GdipSaveAddImage
0x1001750 GdipSetPageScale
0x1001754 GdipDrawRectangleI
0x1001758 GdipFillRegion
0x100175c GdipDrawString
0x1001764 GdipDrawImage
0x1001768 GdipDrawImageI
0x100176c GdipSetClipRegion
0x1001770 GdipGetClip
0x1001774 GdipCreateRegionRectI
0x1001778 GdipCreateRegionHrgn
0x100177c GdipGetImageFlags
0x1001780 GdipGetImageRawFormat
0x1001790 GdipGetImageEncoders
0x1001794 GdipAddPathBeziers
0x1001798 GdipFillRectangle
0x100179c GdipDrawRectangle
0x10017a0 GdipGetPageScale
0x10017a4 GdipGetPageUnit
0x10017a8 GdipSetPageUnit
0x10017ac GdipGetWorldTransform
0x10017b4 GdipSetWorldTransform
0x10017b8 GdipSetSmoothingMode
0x10017bc GdipGetSmoothingMode
0x10017c0 GdipCreateSolidFill
0x10017c4 GdipScaleMatrix
0x10017c8 GdipTranslateMatrix
0x10017cc GdipSetMatrixElements
0x10017d0 GdipCreateMatrix
0x10017dc GdipCombineRegionPath
0x10017e4 GdipSetEmpty
0x10017e8 GdipDeleteRegion
0x10017f0 GdipDeleteBrush
0x10017f4 GdipDeleteMatrix
0x10017f8 GdipGetMatrixElements
0x10017fc GdipRestoreGraphics
0x1001800 GdipSaveGraphics
0x1001804 GdipTransformPoints
0x1001808 GdipSetClipRect
0x100180c GdipCreateLineBrush
0x1001810 GdipIsVisibleRect
0x100181c GdipDeletePen
0x1001820 GdipCreatePen1
0x1001824 GdiplusStartup
0x1001828 GdiplusShutdown
0x100182c GdipDrawImageRect
0x1001830 GdipGraphicsClear
0x1001834 GdipReleaseDC
0x1001838 GdipGetDC
0x100183c GdipCreateFromHDC
0x1001848 GdipGetImageHeight
0x100184c GdipGetImageWidth
0x1001850 GdipDeleteGraphics
0x1001854 GdipCloneImage
0x100185c GdipSaveImageToFile
0x1001860 GdipDisposeImage
0x1001864 GdipAlloc
0x1001868 GdipFree
0x100187c GdipMeasureString
0x1001880 GdipCreateRegion
Library ole32.dll:
0x1001a34 CoTaskMemFree
0x1001a38 CoTaskMemAlloc
0x1001a3c CoCreateInstance
0x1001a40 StgIsStorageFile
0x1001a44 CreateStreamOnHGlobal
0x1001a48 ReleaseStgMedium
0x1001a4c CoInitialize
0x1001a50 CoUninitialize
0x1001a54 CoRegisterClassObject
0x1001a58 StgCreateStorageEx
0x1001a60 StringFromGUID2
0x1001a64 CoCreateGuid
0x1001a68 IIDFromString
0x1001a6c StgOpenStorageEx
0x1001a70 CoInitializeEx
0x1001a74 CoRevokeClassObject
Library SHELL32.dll:
0x1001374 DragQueryFileW
0x1001378 SHAppBarMessage
0x100137c SHParseDisplayName
0x1001380 ShellExecuteW
0x1001388 DragAcceptFiles
0x100138c ShellExecuteExW
0x1001390 ShellAboutW
Library WINMM.dll:
0x10015f4 timeGetTime
Library CRYPTXML.dll:
Library ncrypt.dll:
0x1001a1c NCryptSignHash

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 49235 114.114.114.114 53
192.168.56.101 50534 114.114.114.114 53
192.168.56.101 56539 114.114.114.114 53
192.168.56.101 58367 114.114.114.114 53
192.168.56.101 65004 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 123 20.189.79.72 time.windows.com 123
192.168.56.101 55368 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 60123 224.0.0.252 5355
192.168.56.101 62191 224.0.0.252 5355
192.168.56.101 1900 239.255.255.250 1900
192.168.56.101 56540 239.255.255.250 3702
192.168.56.101 56807 239.255.255.250 1900
192.168.56.101 58368 239.255.255.250 3702
192.168.56.101 58707 239.255.255.250 3702

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.