7.6
高危
59 个模型检测该样本为恶意!
重新分析
更多

fc942d5994dabafaa4f2515f297188eebd7363d9a0f51fc7fc98eae414553c11

ac1feaf293145ae1d795a6160d8c7ba1.exe

分析耗时

78s

最近分析

文件大小

620.1KB
静态报毒 动态报毒 100% AI SCORE=82 ATTRIBUTE AUTORUNS CLASSIC CONFIDENCE ELDORADO EMOTET GENCIRC GENERICKD GFGRO9NUM9G GLUPTEBAOK HIGH CONFIDENCE HIGHCONFIDENCE HTTLCX HWCB8YSA KCLOUD MALWARE@#1I1Q2R9DZLAKP MY1@A4OAYVKJ R + TROJ R349633 SCORE SUSGEN TROJANBANKER TRTY UNSAFE XXKJU ZEXAF 更多
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
McAfee Emotet-FRZ!AC1FEAF29314 20210309 6.0.6.653
CrowdStrike win/malicious_confidence_100% (W) 20210203 1.0
Alibaba Trojan:Win32/Emotet.dbe540f7 20190527 0.3.0.5
Baidu 20190318 1.0.0.2
Avast Win32:Malware-gen 20210309 21.1.5827.0
Tencent Malware.Win32.Gencirc.10cdfaae 20210309 1.0.0.1
Kingsoft Win32.Troj.Banker.(kcloud) 20210309 2017.9.26.565
静态指标
Queries for the computername (1 个事件)
Time & API Arguments Status Return Repeated
1620997003.555874
GetComputerNameA
computer_name: OSKAR-PC
success 1 0
Uses Windows APIs to generate a cryptographic key (3 个事件)
Time & API Arguments Status Return Repeated
1620996994.243874
CryptGenKey
crypto_handle: 0x002d1fc8
algorithm_identifier: 0x0000660e ()
provider_handle: 0x002d4ae8
flags: 1
key: f!h_ñ÷ÚP£Ö–•š: ë™
success 1 0
1620997003.571874
CryptExportKey
crypto_handle: 0x002d1fc8
crypto_export_handle: 0x002d4aa8
buffer: f¤£6Ÿ³Yß½&rÅÃið /ÞÖl-ƒ#K’–ÈZQƇ:e–µ’Åm«>Èß4ù ga&ȳ+yA »—¢åÁ™õø²±™>Þ([ÔpØhâön'åxFôYK¬±dÅ
blob_type: 1
flags: 64
success 1 0
1620997028.258874
CryptExportKey
crypto_handle: 0x002d1fc8
crypto_export_handle: 0x002d4aa8
buffer: f¤r›SJ;·<¥ îਦ¦Ô4Úy–ú)á¥{-‰ä–¸;ÿ–¾•í!3\-¹[ωg´¦$1žxÓó.±Þ?¡q§ø[,|Èæ¤G¸ý‰ê* þCW¨ËÐß0‰Ý›dU&
blob_type: 1
flags: 64
success 1 0
The executable uses a known packer (1 个事件)
packer Armadillo v1.71
行为判定
动态指标
Allocates read-write-execute memory (usually to unpack itself) (2 个事件)
Time & API Arguments Status Return Repeated
1620996993.618874
NtAllocateVirtualMemory
process_identifier: 200
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x01cc0000
success 0 0
1620996993.633874
NtAllocateVirtualMemory
process_identifier: 200
region_size: 36864
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x01cf0000
success 0 0
Foreign language identified in PE resource (20 个事件)
name RT_CURSOR language LANG_CHINESE offset 0x0008cbf8 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x000000b4
name RT_CURSOR language LANG_CHINESE offset 0x0008cbf8 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x000000b4
name RT_BITMAP language LANG_CHINESE offset 0x0008d5d0 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000144
name RT_BITMAP language LANG_CHINESE offset 0x0008d5d0 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000144
name RT_BITMAP language LANG_CHINESE offset 0x0008d5d0 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000144
name RT_BITMAP language LANG_CHINESE offset 0x0008d5d0 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000144
name RT_DIALOG language LANG_CHINESE offset 0x0008d2c0 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x000000e2
name RT_DIALOG language LANG_CHINESE offset 0x0008d2c0 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x000000e2
name RT_STRING language LANG_CHINESE offset 0x0008dfe8 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000024
name RT_STRING language LANG_CHINESE offset 0x0008dfe8 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000024
name RT_STRING language LANG_CHINESE offset 0x0008dfe8 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000024
name RT_STRING language LANG_CHINESE offset 0x0008dfe8 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000024
name RT_STRING language LANG_CHINESE offset 0x0008dfe8 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000024
name RT_STRING language LANG_CHINESE offset 0x0008dfe8 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000024
name RT_STRING language LANG_CHINESE offset 0x0008dfe8 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000024
name RT_STRING language LANG_CHINESE offset 0x0008dfe8 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000024
name RT_STRING language LANG_CHINESE offset 0x0008dfe8 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000024
name RT_STRING language LANG_CHINESE offset 0x0008dfe8 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000024
name RT_STRING language LANG_CHINESE offset 0x0008dfe8 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000024
name RT_GROUP_CURSOR language LANG_CHINESE offset 0x0008ccb0 filetype Lotus unknown worksheet or configuration, revision 0x2 sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000022
Searches running processes potentially to identify processes for sandbox evasion, code injection or memory dumping (1 个事件)
Checks adapter addresses which can be used to detect virtual network interfaces (1 个事件)
Time & API Arguments Status Return Repeated
1620997004.212874
GetAdaptersAddresses
flags: 0
family: 0
failed 111 0
Expresses interest in specific running processes (1 个事件)
process ac1feaf293145ae1d795a6160d8c7ba1.exe
Reads the systems User Agent and subsequently performs requests (1 个事件)
Time & API Arguments Status Return Repeated
1620997003.852874
InternetOpenW
proxy_bypass:
access_type: 0
proxy_name:
flags: 0
user_agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
success 13369348 0
网络通信
Communicates with host for which no DNS query was performed (4 个事件)
host 185.189.12.75
host 172.217.24.14
host 190.136.179.102
host 97.107.135.148
Sets or modifies WPAD proxy autoconfiguration file for traffic interception (8 个事件)
Time & API Arguments Status Return Repeated
1620997006.790874
RegSetValueExA
key_handle: 0x000003b4
value: 1
regkey_r: WpadDecisionReason
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionReason
success 0 0
1620997006.790874
RegSetValueExA
key_handle: 0x000003b4
value: `–[NŽH×
regkey_r: WpadDecisionTime
reg_type: 3 (REG_BINARY)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionTime
success 0 0
1620997006.790874
RegSetValueExA
key_handle: 0x000003b4
value: 3
regkey_r: WpadDecision
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecision
success 0 0
1620997006.790874
RegSetValueExW
key_handle: 0x000003b4
value: 网络 2
regkey_r: WpadNetworkName
reg_type: 1 (REG_SZ)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadNetworkName
success 0 0
1620997006.790874
RegSetValueExA
key_handle: 0x000003cc
value: 1
regkey_r: WpadDecisionReason
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionReason
success 0 0
1620997006.790874
RegSetValueExA
key_handle: 0x000003cc
value: `–[NŽH×
regkey_r: WpadDecisionTime
reg_type: 3 (REG_BINARY)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionTime
success 0 0
1620997006.790874
RegSetValueExA
key_handle: 0x000003cc
value: 3
regkey_r: WpadDecision
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecision
success 0 0
1620997006.821874
RegSetValueExW
key_handle: 0x000003b0
value: {40112ABE-63B3-43C3-BE93-1440EE3AF106}
regkey_r: WpadLastNetwork
reg_type: 1 (REG_SZ)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\WpadLastNetwork
success 0 0
Generates some ICMP traffic
File has been identified by 59 AntiVirus engines on VirusTotal as malicious (50 out of 59 个事件)
Bkav W32.GluptebaOK.Trojan
Elastic malicious (high confidence)
MicroWorld-eScan Trojan.Autoruns.GenericKD.34616063
FireEye Generic.mg.ac1feaf293145ae1
McAfee Emotet-FRZ!AC1FEAF29314
Cylance Unsafe
Zillya Trojan.Emotet.Win32.27688
Sangfor Trojan.Win32.Emotet.ARJ
CrowdStrike win/malicious_confidence_100% (W)
Alibaba Trojan:Win32/Emotet.dbe540f7
K7GW Trojan ( 0057781d1 )
K7AntiVirus Riskware ( 0040eff71 )
Arcabit Trojan.Autoruns.Generic.D21032FF
Cyren W32/Emotet.ARO.gen!Eldorado
Symantec ML.Attribute.HighConfidence
APEX Malicious
Avast Win32:Malware-gen
ClamAV Win.Dropper.Emotet-9805615-0
Kaspersky HEUR:Trojan-Banker.Win32.Emotet.vho
BitDefender Trojan.Autoruns.GenericKD.34616063
NANO-Antivirus Trojan.Win32.Emotet.httlcx
Paloalto generic.ml
ViRobot Trojan.Win32.Emotet.634880.A
Tencent Malware.Win32.Gencirc.10cdfaae
Ad-Aware Trojan.Autoruns.GenericKD.34616063
Sophos Mal/Generic-R + Troj/Emotet-CMG
Comodo Malware@#1i1q2r9dzlakp
F-Secure Trojan.TR/Emotet.xxkju
DrWeb Trojan.Emotet.1006
VIPRE Trojan.Win32.Generic!BT
TrendMicro TrojanSpy.Win32.EMOTET.SMS
McAfee-GW-Edition BehavesLike.Win32.Emotet.jt
Emsisoft Trojan.Emotet (A)
Ikarus Trojan-Banker.Emotet
ESET-NOD32 Win32/Emotet.CD
Webroot W32.Trojan.Emotet
Avira TR/Emotet.xxkju
MAX malware (ai score=82)
Antiy-AVL Trojan[Banker]/Win32.Emotet
Kingsoft Win32.Troj.Banker.(kcloud)
Gridinsoft Trojan.Win32.Emotet.oa
Microsoft Trojan:Win32/Emotet.ARJ!MTB
AegisLab Trojan.Win32.Emotet.trtY
ZoneAlarm HEUR:Trojan-Banker.Win32.Emotet.vho
GData Trojan.Autoruns.GenericKD.34616063
Cynet Malicious (score: 100)
AhnLab-V3 Trojan/Win32.Emotet.R349633
BitDefenderTheta Gen:NN.ZexaF.34608.My1@a4oAYVkj
TACHYON Trojan/W32.Emotet.634992
VBA32 TrojanBanker.Emotet
Connects to IP addresses that are no longer responding to requests (legitimate services will remain up-and-running usually) (2 个事件)
dead_host 190.136.179.102:80
dead_host 97.107.135.148:8080
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

2020-08-29 00:27:20

Imports

Library KERNEL32.dll:
0x44eba8 RtlUnwind
0x44ebac HeapAlloc
0x44ebb0 GetStartupInfoA
0x44ebb4 GetCommandLineA
0x44ebb8 ExitProcess
0x44ebbc RaiseException
0x44ebc0 HeapFree
0x44ebc4 TerminateProcess
0x44ebc8 CreateThread
0x44ebcc ExitThread
0x44ebd0 HeapSize
0x44ebd4 HeapReAlloc
0x44ebd8 GetACP
0x44ebe0 GetSystemTime
0x44ebe4 GetLocalTime
0x44ebe8 HeapDestroy
0x44ebec HeapCreate
0x44ebf0 VirtualFree
0x44ebf4 FatalAppExitA
0x44ebf8 IsBadWritePtr
0x44ec10 SetHandleCount
0x44ec14 GetStdHandle
0x44ec18 GetFileType
0x44ec20 LCMapStringA
0x44ec24 LCMapStringW
0x44ec28 GetStringTypeA
0x44ec2c GetStringTypeW
0x44ec30 Sleep
0x44ec34 IsBadReadPtr
0x44ec38 IsBadCodePtr
0x44ec3c IsValidLocale
0x44ec40 IsValidCodePage
0x44ec44 GetLocaleInfoA
0x44ec48 EnumSystemLocalesA
0x44ec4c GetUserDefaultLCID
0x44ec50 GetVersionExA
0x44ec58 SetStdHandle
0x44ec5c CompareStringA
0x44ec60 CompareStringW
0x44ec68 GetLocaleInfoW
0x44ec70 SetFileAttributesA
0x44ec74 SetFileTime
0x44ec78 GetProfileStringA
0x44ec84 GetFileTime
0x44ec88 GetFileSize
0x44ec8c GetFileAttributesA
0x44ec90 GetShortPathNameA
0x44ec94 GetThreadLocale
0x44ec98 GetStringTypeExA
0x44ec9c GetFullPathNameA
0x44eca4 FindFirstFileA
0x44eca8 FindClose
0x44ecac DeleteFileA
0x44ecb0 MoveFileA
0x44ecb4 SetEndOfFile
0x44ecb8 UnlockFile
0x44ecbc LockFile
0x44ecc0 FlushFileBuffers
0x44ecc4 SetFilePointer
0x44ecc8 WriteFile
0x44eccc ReadFile
0x44ecd0 CreateFileA
0x44ecd4 GetCurrentProcess
0x44ecd8 DuplicateHandle
0x44ecdc SetErrorMode
0x44ece0 SizeofResource
0x44ecf4 GetOEMCP
0x44ecf8 GetCPInfo
0x44ecfc GetProcessVersion
0x44ed00 GlobalFlags
0x44ed04 TlsGetValue
0x44ed08 LocalReAlloc
0x44ed0c TlsSetValue
0x44ed14 GlobalReAlloc
0x44ed1c TlsFree
0x44ed20 GlobalHandle
0x44ed28 TlsAlloc
0x44ed30 LocalFree
0x44ed34 LocalAlloc
0x44ed38 GetLastError
0x44ed3c GlobalFree
0x44ed40 CreateEventA
0x44ed44 SuspendThread
0x44ed48 SetThreadPriority
0x44ed4c ResumeThread
0x44ed50 SetEvent
0x44ed54 WaitForSingleObject
0x44ed58 CloseHandle
0x44ed5c GetModuleFileNameA
0x44ed60 GetProcAddress
0x44ed64 GlobalAlloc
0x44ed68 lstrcmpA
0x44ed6c GetCurrentThread
0x44ed70 MultiByteToWideChar
0x44ed74 WideCharToMultiByte
0x44ed78 lstrlenA
0x44ed84 GlobalLock
0x44ed88 GlobalUnlock
0x44ed8c SetLastError
0x44ed90 lstrcpynA
0x44ed94 MulDiv
0x44ed98 FindResourceA
0x44ed9c LoadResource
0x44eda0 LockResource
0x44eda4 GetVersion
0x44eda8 lstrcatA
0x44edac GetCurrentThreadId
0x44edb0 GlobalGetAtomNameA
0x44edb4 lstrcmpiA
0x44edb8 GlobalAddAtomA
0x44edbc GlobalFindAtomA
0x44edc0 GlobalDeleteAtom
0x44edc4 lstrcpyA
0x44edc8 GetModuleHandleA
0x44edcc VirtualAlloc
0x44edd0 LoadLibraryW
0x44edd4 FreeLibrary
0x44edd8 LoadLibraryA
Library USER32.dll:
0x44eeb8 ModifyMenuA
0x44eebc GetMenuState
0x44eec0 LoadBitmapA
0x44eec8 InflateRect
0x44eecc ReleaseDC
0x44eed0 GetDC
0x44eed4 ClientToScreen
0x44eed8 GetWindowDC
0x44eedc BeginPaint
0x44eee0 EndPaint
0x44eee4 TabbedTextOutA
0x44eee8 DrawTextA
0x44eeec GrayStringA
0x44eef0 CharToOemA
0x44eef4 OemToCharA
0x44eef8 PostQuitMessage
0x44eefc ShowOwnedPopups
0x44ef00 SetCursor
0x44ef04 GetCursorPos
0x44ef08 ValidateRect
0x44ef0c GetActiveWindow
0x44ef10 TranslateMessage
0x44ef14 GetMessageA
0x44ef1c EndDialog
0x44ef20 wvsprintfA
0x44ef24 GetClassNameA
0x44ef28 PtInRect
0x44ef2c GetDesktopWindow
0x44ef30 LoadCursorA
0x44ef34 GetSysColorBrush
0x44ef38 DestroyMenu
0x44ef3c LoadStringA
0x44ef40 SetCapture
0x44ef44 ReleaseCapture
0x44ef48 WaitMessage
0x44ef50 WindowFromPoint
0x44ef54 InsertMenuA
0x44ef58 DeleteMenu
0x44ef5c GetMenuStringA
0x44ef60 GetDialogBaseUnits
0x44ef64 SetRectEmpty
0x44ef68 LoadAcceleratorsA
0x44ef70 LoadMenuA
0x44ef74 SetMenu
0x44ef78 ReuseDDElParam
0x44ef7c UnpackDDElParam
0x44ef80 InvalidateRect
0x44ef84 BringWindowToTop
0x44ef88 CharUpperA
0x44ef8c ShowWindow
0x44ef90 MoveWindow
0x44ef94 SetWindowTextA
0x44ef98 IsDialogMessageA
0x44ef9c ScrollWindowEx
0x44efa0 IsDlgButtonChecked
0x44efa4 SetDlgItemTextA
0x44efa8 SetDlgItemInt
0x44efac GetDlgItemTextA
0x44efb0 GetDlgItemInt
0x44efb4 CheckRadioButton
0x44efb8 CheckDlgButton
0x44efbc PostMessageA
0x44efc0 UpdateWindow
0x44efc4 SendDlgItemMessageA
0x44efc8 MapWindowPoints
0x44efcc PeekMessageA
0x44efd0 DispatchMessageA
0x44efd4 SetMenuItemBitmaps
0x44efd8 SetActiveWindow
0x44efdc IsWindow
0x44efe0 SetFocus
0x44efe4 AdjustWindowRectEx
0x44efe8 ScreenToClient
0x44efec EqualRect
0x44eff0 DeferWindowPos
0x44eff4 BeginDeferWindowPos
0x44eff8 CopyRect
0x44effc EndDeferWindowPos
0x44f000 IsWindowVisible
0x44f004 ScrollWindow
0x44f008 SetScrollInfo
0x44f00c ShowScrollBar
0x44f010 GetScrollRange
0x44f014 SetScrollRange
0x44f018 GetScrollPos
0x44f01c SetScrollPos
0x44f020 GetTopWindow
0x44f024 MessageBoxA
0x44f028 IsChild
0x44f02c GetParent
0x44f030 GetCapture
0x44f034 WinHelpA
0x44f038 wsprintfA
0x44f03c GetClassInfoA
0x44f040 RegisterClassA
0x44f044 GetMenu
0x44f048 GetMenuItemCount
0x44f04c GetSubMenu
0x44f050 GetMenuItemID
0x44f054 TrackPopupMenu
0x44f058 SetWindowPlacement
0x44f05c GetDlgItem
0x44f064 GetWindowTextA
0x44f068 GetDlgCtrlID
0x44f06c GetKeyState
0x44f070 DefWindowProcA
0x44f074 DestroyWindow
0x44f078 CreateWindowExA
0x44f07c SetWindowsHookExA
0x44f080 CallNextHookEx
0x44f084 GetClassLongA
0x44f088 SetPropA
0x44f08c UnhookWindowsHookEx
0x44f090 GetPropA
0x44f094 CallWindowProcA
0x44f098 RemovePropA
0x44f09c GetMessageTime
0x44f0a0 GetMessagePos
0x44f0a4 GetLastActivePopup
0x44f0a8 GetForegroundWindow
0x44f0ac SetForegroundWindow
0x44f0b0 GetWindow
0x44f0b4 GetWindowLongA
0x44f0b8 SetWindowLongA
0x44f0bc SetWindowPos
0x44f0c0 GetSysColor
0x44f0c4 RedrawWindow
0x44f0c8 GetWindowRect
0x44f0cc UnregisterClassA
0x44f0d0 HideCaret
0x44f0d4 ShowCaret
0x44f0dc OffsetRect
0x44f0e0 IntersectRect
0x44f0e8 GetWindowPlacement
0x44f0ec IsIconic
0x44f0f0 GetSystemMetrics
0x44f0f4 GetClientRect
0x44f0f8 DrawIcon
0x44f0fc CheckMenuItem
0x44f100 EnableMenuItem
0x44f104 GetNextDlgTabItem
0x44f108 GetFocus
0x44f10c IsWindowEnabled
0x44f110 SendMessageA
0x44f114 LoadIconA
0x44f118 EnableWindow
0x44f11c IsWindowUnicode
0x44f120 CharNextA
0x44f124 DefDlgProcA
0x44f128 DrawFocusRect
0x44f12c ExcludeUpdateRgn
0x44f130 GetScrollInfo
Library GDI32.dll:
0x44e9fc CreatePatternBrush
0x44ea00 PatBlt
0x44ea04 SetRectRgn
0x44ea08 CombineRgn
0x44ea0c CreateRectRgn
0x44ea14 ExtTextOutA
0x44ea18 CreateFontIndirectA
0x44ea1c DPtoLP
0x44ea20 DeleteDC
0x44ea24 StartDocA
0x44ea28 SaveDC
0x44ea2c RestoreDC
0x44ea30 SelectObject
0x44ea34 GetStockObject
0x44ea38 SelectPalette
0x44ea3c SetBkMode
0x44ea40 SetPolyFillMode
0x44ea44 SetROP2
0x44ea48 SetStretchBltMode
0x44ea4c SetMapMode
0x44ea50 SetViewportOrgEx
0x44ea54 OffsetViewportOrgEx
0x44ea58 SetViewportExtEx
0x44ea5c ScaleViewportExtEx
0x44ea60 SetWindowOrgEx
0x44ea64 OffsetWindowOrgEx
0x44ea68 SetWindowExtEx
0x44ea6c ScaleWindowExtEx
0x44ea70 SelectClipRgn
0x44ea74 ExcludeClipRect
0x44ea78 IntersectClipRect
0x44ea7c DeleteObject
0x44ea80 MoveToEx
0x44ea84 LineTo
0x44ea88 SetTextAlign
0x44ea94 SetMapperFlags
0x44ea9c ArcTo
0x44eaa0 SetArcDirection
0x44eaa4 PolyDraw
0x44eaa8 PolylineTo
0x44eaac SetColorAdjustment
0x44eab0 PolyBezierTo
0x44eab4 GetClipRgn
0x44eab8 SelectClipPath
0x44eabc ExtSelectClipRgn
0x44eac0 PlayMetaFileRecord
0x44eac4 GetObjectType
0x44eac8 EnumMetaFile
0x44eacc PlayMetaFile
0x44ead0 GetViewportExtEx
0x44ead4 GetWindowExtEx
0x44ead8 ExtCreatePen
0x44eadc CreateSolidBrush
0x44eae0 CreateHatchBrush
0x44eae8 PtVisible
0x44eaec RectVisible
0x44eaf0 TextOutA
0x44eaf4 Escape
0x44eafc GetTextMetricsA
0x44eb00 GetMapMode
0x44eb04 GetDeviceCaps
0x44eb08 CreateBitmap
0x44eb0c GetObjectA
0x44eb10 SetBkColor
0x44eb14 SetTextColor
0x44eb18 GetClipBox
0x44eb1c GetDCOrgEx
0x44eb20 CreatePen
0x44eb24 OffsetClipRgn
0x44eb28 CreateDIBitmap
0x44eb2c GetTextExtentPointA
0x44eb30 BitBlt
0x44eb34 CreateCompatibleDC
0x44eb38 Polygon
Library comdlg32.dll:
0x44f214 GetFileTitleA
Library WINSPOOL.DRV:
0x44f1dc DocumentPropertiesA
0x44f1e0 ClosePrinter
0x44f1e4 OpenPrinterA
Library ADVAPI32.dll:
0x44e97c RegSetValueExA
0x44e980 RegOpenKeyA
0x44e984 RegDeleteKeyA
0x44e988 RegDeleteValueA
0x44e98c RegCloseKey
0x44e990 RegQueryValueExA
0x44e994 RegOpenKeyExA
0x44e998 RegCreateKeyExA
Library SHELL32.dll:
0x44ee7c DragQueryFileA
0x44ee80 DragFinish
0x44ee84 DragAcceptFiles
0x44ee88 SHGetFileInfoA
Library COMCTL32.dll:
0x44e9cc

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 50534 114.114.114.114 53
192.168.56.101 56539 114.114.114.114 53
192.168.56.101 60123 114.114.114.114 53
192.168.56.101 65004 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 49235 224.0.0.252 5355
192.168.56.101 51808 224.0.0.252 5355
192.168.56.101 51963 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 62191 224.0.0.252 5355
192.168.56.101 1900 239.255.255.250 1900
192.168.56.101 50535 239.255.255.250 3702
192.168.56.101 50537 239.255.255.250 3702
192.168.56.101 56540 239.255.255.250 3702
192.168.56.101 56807 239.255.255.250 1900
192.168.56.101 58707 239.255.255.250 3702

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.