6.2
高危
59 个模型检测该样本为恶意!
重新分析
更多

f6c311cc607d05dacdd164e705c0240e7c8f748f572f91bfd8358a3bb229dee0

ac73892ee2d485dd4582a956979633e6.exe

分析耗时

21s

最近分析

文件大小

812.0KB
静态报毒 动态报毒 AGENSLA AGENTTESLA AI SCORE=81 AIDETECTVM ALI2000015 ARWZ AUTO BTUCZR CONFIDENCE DELF DELFINJECT DELPHILESS ELFW FAREIT GENERICKD HIBKVS HIGH CONFIDENCE IGENT JHZP KPOT KTSE LOKI LOKIBOT MALICIOUS PE MALWARE1 R + MAL SCORE SIGGEN9 SMDF TROJANPWS TSCOPE UNSAFE VF628D X2059 YGW@AWNJ4JBI ZELPHIF 更多
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
McAfee Fareit-FRQ!AC73892EE2D4 20200922 6.0.6.653
Alibaba Trojan:Win32/DelfInject.ali2000015 20190527 0.3.0.5
CrowdStrike win/malicious_confidence_90% (W) 20190702 1.0
Baidu 20190318 1.0.0.2
Avast Other:Malware-gen [Trj] 20200922 18.4.3895.0
Tencent Win32.Trojan.Inject.Auto 20200922 1.0.0.1
Kingsoft 20200922 2013.8.14.323
静态指标
The executable contains unknown PE section names indicative of a packer (could be a false positive) (3 个事件)
section CODE
section DATA
section BSS
The executable uses a known packer (1 个事件)
packer BobSoft Mini Delphi -> BoB / BobSoft
One or more processes crashed (2 个事件)
Time & API Arguments Status Return Repeated
1619826879.776193
__exception__
stacktrace: 
ac73892ee2d485dd4582a956979633e6+0x7ce6c @ 0x47ce6c
ac73892ee2d485dd4582a956979633e6+0x3cf3 @ 0x403cf3
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1637912
registers.edi: 4705952
registers.eax: 0
registers.ebp: 1638204
registers.edx: 2130566132
registers.ebx: 0
registers.esi: 69
registers.ecx: 3666542592
exception.instruction_r: f7 f0 90 33 c0 5a 59 59 64 89 10 eb 16 e9 62 6a
exception.symbol: ac73892ee2d485dd4582a956979633e6+0x7cc48
exception.instruction: div eax
exception.module: ac73892ee2d485dd4582a956979633e6.exe
exception.exception_code: 0xc0000094
exception.offset: 511048
exception.address: 0x47cc48
success 0 0
1619833663.010999
__exception__
stacktrace: 
CreateFileMappingW+0xe5 OpenFileMappingW-0x29 kernelbase+0xdc73 @ 0x778edc73
GetFileVersion+0xa7 ND_RI2-0x2eb mscoreei+0xe97b @ 0x7501e97b
GetFileVersion+0x1bb ND_RI2-0x1d7 mscoreei+0xea8f @ 0x7501ea8f
RegisterShimImplCallback+0x48e5 CLRCreateInstance-0x13e6 mscoreei+0xb25a @ 0x7501b25a
RegisterShimImplCallback+0x4b52 CLRCreateInstance-0x1179 mscoreei+0xb4c7 @ 0x7501b4c7
RegisterShimImplCallback+0x4300 CLRCreateInstance-0x19cb mscoreei+0xac75 @ 0x7501ac75
RegisterShimImplCallback+0x4561 CLRCreateInstance-0x176a mscoreei+0xaed6 @ 0x7501aed6
CreateConfigStream+0xc89 _CorExeMain-0x62 mscoreei+0x5511 @ 0x75015511
_CorExeMain+0x2b _CorExeMain2-0x141 mscoreei+0x559e @ 0x7501559e
CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x75157f16
_CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x75154de3
ac73892ee2d485dd4582a956979633e6+0x58a4d @ 0x458a4d
ac73892ee2d485dd4582a956979633e6+0x51254 @ 0x451254
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1634372
registers.edi: 2
registers.eax: 1
registers.ebp: 1634412
registers.edx: 228
registers.ebx: 983045
registers.esi: 1634532
registers.ecx: 228
exception.symbol:
exception.exception_code: 0xc0000005
exception.address: 0xff5914ad
success 0 0
行为判定
动态指标
One or more potentially interesting buffers were extracted, these generally contain injected code, configuration data, etc.
Allocates read-write-execute memory (usually to unpack itself) (30 个事件)
Time & API Arguments Status Return Repeated
1619826878.963193
NtAllocateVirtualMemory
process_identifier: 472
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00360000
success 0 0
1619826879.932193
NtAllocateVirtualMemory
process_identifier: 472
region_size: 24576
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x003b0000
success 0 0
1619826879.932193
NtAllocateVirtualMemory
process_identifier: 472
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x003e0000
success 0 0
1619833661.838999
NtProtectVirtualMemory
process_identifier: 2452
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00400000
success 0 0
1619833661.885999
NtAllocateVirtualMemory
process_identifier: 2452
region_size: 2293760
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 8192 (MEM_RESERVE)
base_address: 0x02040000
success 0 0
1619833661.885999
NtAllocateVirtualMemory
process_identifier: 2452
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x02230000
success 0 0
1619833661.885999
NtAllocateVirtualMemory
process_identifier: 2452
region_size: 327680
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00550000
success 0 0
1619833661.885999
NtProtectVirtualMemory
process_identifier: 2452
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 299008
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00552000
success 0 0
1619833662.432999
NtAllocateVirtualMemory
process_identifier: 2452
region_size: 851968
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 8192 (MEM_RESERVE)
base_address: 0x01e40000
success 0 0
1619833662.432999
NtAllocateVirtualMemory
process_identifier: 2452
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x01ed0000
success 0 0
1619833662.963999
NtProtectVirtualMemory
process_identifier: 2452
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x02032000
success 0 0
1619833662.963999
NtProtectVirtualMemory
process_identifier: 2452
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76351000
success 0 0
1619833662.963999
NtProtectVirtualMemory
process_identifier: 2452
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x02032000
success 0 0
1619833662.963999
NtProtectVirtualMemory
process_identifier: 2452
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76353000
success 0 0
1619833662.963999
NtProtectVirtualMemory
process_identifier: 2452
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x02032000
success 0 0
1619833662.963999
NtProtectVirtualMemory
process_identifier: 2452
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76354000
success 0 0
1619833662.963999
NtProtectVirtualMemory
process_identifier: 2452
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x02032000
success 0 0
1619833662.963999
NtProtectVirtualMemory
process_identifier: 2452
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76351000
success 0 0
1619833662.963999
NtProtectVirtualMemory
process_identifier: 2452
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x02032000
success 0 0
1619833662.963999
NtProtectVirtualMemory
process_identifier: 2452
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x77d4f000
success 0 0
1619833662.963999
NtProtectVirtualMemory
process_identifier: 2452
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x02032000
success 0 0
1619833662.963999
NtProtectVirtualMemory
process_identifier: 2452
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76353000
success 0 0
1619833662.963999
NtProtectVirtualMemory
process_identifier: 2452
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x02032000
success 0 0
1619833662.963999
NtProtectVirtualMemory
process_identifier: 2452
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76351000
success 0 0
1619833662.963999
NtProtectVirtualMemory
process_identifier: 2452
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x02032000
success 0 0
1619833662.963999
NtProtectVirtualMemory
process_identifier: 2452
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76351000
success 0 0
1619833662.963999
NtProtectVirtualMemory
process_identifier: 2452
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x02032000
success 0 0
1619833662.963999
NtProtectVirtualMemory
process_identifier: 2452
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76354000
success 0 0
1619833662.963999
NtProtectVirtualMemory
process_identifier: 2452
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x02032000
success 0 0
1619833662.963999
NtProtectVirtualMemory
process_identifier: 2452
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76351000
success 0 0
Searches running processes potentially to identify processes for sandbox evasion, code injection or memory dumping (1 个事件)
The binary likely contains encrypted or compressed data indicative of a packer (2 个事件)
entropy 7.724087708736595 section {'size_of_data': '0x00038000', 'virtual_address': '0x00099000', 'entropy': 7.724087708736595, 'name': '.rsrc', 'virtual_size': '0x00037fc4'} description A section with a high entropy has been found
entropy 0.2762022194821208 description Overall entropy of this PE file is high
网络通信
Communicates with host for which no DNS query was performed (1 个事件)
host 172.217.24.14
Used NtSetContextThread to modify a thread in a remote process indicative of process injection (2 个事件)
Process injection Process 472 called NtSetContextThread to modify thread in remote process 2452
Time & API Arguments Status Return Repeated
1619826880.604193
NtSetContextThread
thread_handle: 0x00000100
registers.eip: 0
registers.esp: 0
registers.edi: 0
registers.eax: 4888832
registers.ebp: 0
registers.edx: 0
registers.ebx: 2130567168
registers.esi: 0
registers.ecx: 0
process_identifier: 2452
success 0 0
Resumed a suspended thread in a remote process potentially indicative of process injection (2 个事件)
Process injection Process 472 resumed a thread in remote process 2452
Time & API Arguments Status Return Repeated
1619826881.010193
NtResumeThread
thread_handle: 0x00000100
suspend_count: 1
process_identifier: 2452
success 0 0
Executed a process and injected code into it, probably while unpacking (6 个事件)
Time & API Arguments Status Return Repeated
1619826880.479193
CreateProcessInternalW
thread_identifier: 2732
thread_handle: 0x00000100
process_identifier: 2452
current_directory:
filepath:
track: 1
command_line: "C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\ac73892ee2d485dd4582a956979633e6.exe"
filepath_r:
stack_pivoted: 0
creation_flags: 4 (CREATE_SUSPENDED)
process_handle: 0x00000108
inherit_handles: 0
success 1 0
1619826880.479193
NtUnmapViewOfSection
process_identifier: 2452
region_size: 4096
process_handle: 0x00000108
base_address: 0x00400000
success 0 0
1619826880.557193
NtMapViewOfSection
section_handle: 0x00000110
process_identifier: 2452
commit_size: 700416
win32_protect: 64 (PAGE_EXECUTE_READWRITE)
buffer:
process_handle: 0x00000108
allocation_type: 0 ()
section_offset: 0
view_size: 700416
base_address: 0x00400000
success 0 0
1619826880.604193
NtGetContextThread
thread_handle: 0x00000100
success 0 0
1619826880.604193
NtSetContextThread
thread_handle: 0x00000100
registers.eip: 0
registers.esp: 0
registers.edi: 0
registers.eax: 4888832
registers.ebp: 0
registers.edx: 0
registers.ebx: 2130567168
registers.esi: 0
registers.ecx: 0
process_identifier: 2452
success 0 0
1619826881.010193
NtResumeThread
thread_handle: 0x00000100
suspend_count: 1
process_identifier: 2452
success 0 0
File has been identified by 59 AntiVirus engines on VirusTotal as malicious (50 out of 59 个事件)
Bkav W32.AIDetectVM.malware1
Elastic malicious (high confidence)
MicroWorld-eScan Trojan.GenericKD.33595621
FireEye Generic.mg.ac73892ee2d485dd
CAT-QuickHeal Trojanpws.Agensla
McAfee Fareit-FRQ!AC73892EE2D4
Cylance Unsafe
Zillya Trojan.Injector.Win32.696915
Sangfor Malware
K7AntiVirus Trojan ( 00564aed1 )
Alibaba Trojan:Win32/DelfInject.ali2000015
K7GW Trojan ( 00564aed1 )
CrowdStrike win/malicious_confidence_90% (W)
Arcabit Trojan.Generic.D200A0E5
Invincea Mal/Generic-R + Mal/Fareit-V
Cyren W32/Trojan.ARWZ-4232
Symantec Trojan.Gen.2
APEX Malicious
Avast Other:Malware-gen [Trj]
Kaspersky HEUR:Trojan-PSW.Win32.Agensla.gen
BitDefender Trojan.GenericKD.33595621
NANO-Antivirus Trojan.Win32.Agensla.hibkvs
Paloalto generic.ml
Tencent Win32.Trojan.Inject.Auto
Ad-Aware Trojan.GenericKD.33595621
Emsisoft Trojan.GenericKD.33595621 (B)
F-Secure Trojan.TR/Agent.jhzp
DrWeb Trojan.Siggen9.32272
VIPRE Trojan.Win32.Generic!BT
TrendMicro TrojanSpy.Win32.LOKI.SMDF.hp
McAfee-GW-Edition BehavesLike.Win32.Fareit.cc
Sophos Mal/Fareit-V
SentinelOne DFI - Malicious PE
Jiangmin Trojan.PSW.Agensla.hd
Webroot W32.Malware.Gen
Avira TR/Agent.jhzp
Antiy-AVL Trojan/Win32.Lokibot
Microsoft Trojan:Win32/Kpot.PA!MTB
AegisLab Trojan.Win32.Agensla.i!c
ZoneAlarm HEUR:Trojan-PSW.Win32.Agensla.gen
GData Win32.Trojan.Agent.VF628D
Cynet Malicious (score: 100)
AhnLab-V3 Suspicious/Win.Delphiless.X2059
VBA32 TScope.Trojan.Delf
ALYac Spyware.AgentTesla
MAX malware (ai score=81)
Malwarebytes Trojan.MalPack.DLF
Zoner Trojan.Win32.90428
ESET-NOD32 MSIL/Autorun.Spy.Agent.DF
TrendMicro-HouseCall TrojanSpy.Win32.LOKI.SMDF.hp
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

1992-06-20 06:22:17

Imports

Library kernel32.dll:
0x48b178 VirtualFree
0x48b17c VirtualAlloc
0x48b180 LocalFree
0x48b184 LocalAlloc
0x48b188 GetVersion
0x48b18c GetCurrentThreadId
0x48b198 VirtualQuery
0x48b19c WideCharToMultiByte
0x48b1a0 MultiByteToWideChar
0x48b1a4 lstrlenA
0x48b1a8 lstrcpynA
0x48b1ac LoadLibraryExA
0x48b1b0 GetThreadLocale
0x48b1b4 GetStartupInfoA
0x48b1b8 GetProcAddress
0x48b1bc GetModuleHandleA
0x48b1c0 GetModuleFileNameA
0x48b1c4 GetLocaleInfoA
0x48b1c8 GetCommandLineA
0x48b1cc FreeLibrary
0x48b1d0 FindFirstFileA
0x48b1d4 FindClose
0x48b1d8 ExitProcess
0x48b1dc ExitThread
0x48b1e0 CreateThread
0x48b1e4 WriteFile
0x48b1ec RtlUnwind
0x48b1f0 RaiseException
0x48b1f4 GetStdHandle
Library user32.dll:
0x48b1fc GetKeyboardType
0x48b200 LoadStringA
0x48b204 MessageBoxA
0x48b208 CharNextA
Library advapi32.dll:
0x48b210 RegQueryValueExA
0x48b214 RegOpenKeyExA
0x48b218 RegCloseKey
Library oleaut32.dll:
0x48b220 SysFreeString
0x48b224 SysReAllocStringLen
0x48b228 SysAllocStringLen
Library kernel32.dll:
0x48b230 TlsSetValue
0x48b234 TlsGetValue
0x48b238 LocalAlloc
0x48b23c GetModuleHandleA
Library advapi32.dll:
0x48b244 RegQueryValueExA
0x48b248 RegOpenKeyExA
0x48b24c RegCloseKey
Library kernel32.dll:
0x48b254 lstrlenA
0x48b258 lstrcpyA
0x48b25c lstrcmpA
0x48b260 WriteFile
0x48b264 WaitForSingleObject
0x48b26c VirtualQuery
0x48b270 VirtualFree
0x48b274 VirtualAllocEx
0x48b278 VirtualAlloc
0x48b27c Sleep
0x48b280 SizeofResource
0x48b284 SetThreadLocale
0x48b288 SetFilePointer
0x48b28c SetEvent
0x48b290 SetErrorMode
0x48b294 SetEndOfFile
0x48b29c ResumeThread
0x48b2a0 ResetEvent
0x48b2a4 ReleaseMutex
0x48b2a8 ReadFile
0x48b2ac MultiByteToWideChar
0x48b2b0 MulDiv
0x48b2b4 LockResource
0x48b2b8 LoadResource
0x48b2bc LoadLibraryA
0x48b2c8 GlobalUnlock
0x48b2cc GlobalSize
0x48b2d0 GlobalReAlloc
0x48b2d4 GlobalHandle
0x48b2d8 GlobalLock
0x48b2dc GlobalFree
0x48b2e0 GlobalFindAtomA
0x48b2e4 GlobalDeleteAtom
0x48b2e8 GlobalAlloc
0x48b2ec GlobalAddAtomA
0x48b2f0 GetVersionExA
0x48b2f4 GetVersion
0x48b2f8 GetUserDefaultLCID
0x48b2fc GetTickCount
0x48b300 GetThreadLocale
0x48b304 GetSystemInfo
0x48b308 GetStringTypeExA
0x48b30c GetStdHandle
0x48b310 GetProcAddress
0x48b314 GetModuleHandleA
0x48b318 GetModuleFileNameA
0x48b31c GetLocaleInfoA
0x48b320 GetLocalTime
0x48b324 GetLastError
0x48b328 GetFullPathNameA
0x48b32c GetExitCodeThread
0x48b330 GetDiskFreeSpaceA
0x48b334 GetDateFormatA
0x48b338 GetCurrentThreadId
0x48b33c GetCurrentProcessId
0x48b340 GetCurrentProcess
0x48b348 GetComputerNameA
0x48b34c GetCPInfo
0x48b350 GetACP
0x48b354 FreeResource
0x48b35c InterlockedExchange
0x48b364 FreeLibrary
0x48b368 FormatMessageA
0x48b36c FindResourceA
0x48b374 FindFirstFileA
0x48b380 FindClose
0x48b38c EnumCalendarInfoA
0x48b398 CreateThread
0x48b39c CreateMutexA
0x48b3a0 CreateFileA
0x48b3a4 CreateEventA
0x48b3a8 CompareStringA
0x48b3ac CloseHandle
Library version.dll:
0x48b3b4 VerQueryValueA
0x48b3bc GetFileVersionInfoA
Library gdi32.dll:
0x48b3c4 UnrealizeObject
0x48b3c8 StretchBlt
0x48b3cc SetWindowOrgEx
0x48b3d0 SetWinMetaFileBits
0x48b3d4 SetViewportOrgEx
0x48b3d8 SetTextColor
0x48b3dc SetStretchBltMode
0x48b3e0 SetROP2
0x48b3e4 SetPixel
0x48b3e8 SetMapMode
0x48b3ec SetEnhMetaFileBits
0x48b3f0 SetDIBColorTable
0x48b3f4 SetBrushOrgEx
0x48b3f8 SetBkMode
0x48b3fc SetBkColor
0x48b400 SelectPalette
0x48b404 SelectObject
0x48b408 SaveDC
0x48b40c RestoreDC
0x48b410 Rectangle
0x48b414 RectVisible
0x48b418 RealizePalette
0x48b41c PlayEnhMetaFile
0x48b420 PatBlt
0x48b424 MoveToEx
0x48b428 MaskBlt
0x48b42c LineTo
0x48b430 LPtoDP
0x48b434 IntersectClipRect
0x48b438 GetWindowOrgEx
0x48b43c GetWinMetaFileBits
0x48b440 GetTextMetricsA
0x48b44c GetStockObject
0x48b450 GetPolyFillMode
0x48b454 GetPixel
0x48b458 GetPaletteEntries
0x48b45c GetObjectA
0x48b46c GetEnhMetaFileBits
0x48b470 GetDeviceCaps
0x48b474 GetDIBits
0x48b478 GetDIBColorTable
0x48b47c GetDCOrgEx
0x48b484 GetClipBox
0x48b488 GetBrushOrgEx
0x48b48c GetBitmapBits
0x48b490 ExtTextOutA
0x48b494 ExcludeClipRect
0x48b498 DeleteObject
0x48b49c DeleteEnhMetaFile
0x48b4a0 DeleteDC
0x48b4a4 CreateSolidBrush
0x48b4a8 CreatePenIndirect
0x48b4ac CreatePalette
0x48b4b4 CreateFontIndirectA
0x48b4b8 CreateEnhMetaFileA
0x48b4bc CreateDIBitmap
0x48b4c0 CreateDIBSection
0x48b4c4 CreateCompatibleDC
0x48b4cc CreateBrushIndirect
0x48b4d0 CreateBitmap
0x48b4d4 CopyEnhMetaFileA
0x48b4d8 CloseEnhMetaFile
0x48b4dc BitBlt
Library user32.dll:
0x48b4e4 CreateWindowExA
0x48b4e8 WindowFromPoint
0x48b4ec WinHelpA
0x48b4f0 WaitMessage
0x48b4f4 UpdateWindow
0x48b4f8 UnregisterClassA
0x48b4fc UnhookWindowsHookEx
0x48b500 TranslateMessage
0x48b508 TrackPopupMenu
0x48b510 ShowWindow
0x48b514 ShowScrollBar
0x48b518 ShowOwnedPopups
0x48b51c ShowCursor
0x48b520 SetWindowsHookExA
0x48b524 SetWindowTextA
0x48b528 SetWindowPos
0x48b52c SetWindowPlacement
0x48b530 SetWindowLongA
0x48b534 SetTimer
0x48b538 SetScrollRange
0x48b53c SetScrollPos
0x48b540 SetScrollInfo
0x48b544 SetRect
0x48b548 SetPropA
0x48b54c SetParent
0x48b550 SetMenuItemInfoA
0x48b554 SetMenu
0x48b558 SetForegroundWindow
0x48b55c SetFocus
0x48b560 SetCursor
0x48b564 SetClassLongA
0x48b568 SetCapture
0x48b56c SetActiveWindow
0x48b570 SendMessageA
0x48b574 ScrollWindow
0x48b578 ScreenToClient
0x48b57c RemovePropA
0x48b580 RemoveMenu
0x48b584 ReleaseDC
0x48b588 ReleaseCapture
0x48b594 RegisterClassA
0x48b598 RedrawWindow
0x48b59c PtInRect
0x48b5a0 PostQuitMessage
0x48b5a4 PostMessageA
0x48b5a8 PeekMessageA
0x48b5ac OffsetRect
0x48b5b0 OemToCharA
0x48b5b8 MessageBoxA
0x48b5bc MapWindowPoints
0x48b5c0 MapVirtualKeyA
0x48b5c4 LoadStringA
0x48b5c8 LoadKeyboardLayoutA
0x48b5cc LoadIconA
0x48b5d0 LoadCursorA
0x48b5d4 LoadBitmapA
0x48b5d8 KillTimer
0x48b5dc IsZoomed
0x48b5e0 IsWindowVisible
0x48b5e4 IsWindowEnabled
0x48b5e8 IsWindow
0x48b5ec IsRectEmpty
0x48b5f0 IsIconic
0x48b5f4 IsDialogMessageA
0x48b5f8 IsChild
0x48b5fc InvalidateRect
0x48b600 IntersectRect
0x48b604 InsertMenuItemA
0x48b608 InsertMenuA
0x48b60c InflateRect
0x48b614 GetWindowTextA
0x48b618 GetWindowRect
0x48b61c GetWindowPlacement
0x48b620 GetWindowLongA
0x48b624 GetWindowDC
0x48b628 GetTopWindow
0x48b62c GetSystemMetrics
0x48b630 GetSystemMenu
0x48b634 GetSysColorBrush
0x48b638 GetSysColor
0x48b63c GetSubMenu
0x48b640 GetScrollRange
0x48b644 GetScrollPos
0x48b648 GetScrollInfo
0x48b64c GetPropA
0x48b650 GetParent
0x48b654 GetWindow
0x48b658 GetMessageTime
0x48b65c GetMessagePos
0x48b660 GetMenuStringA
0x48b664 GetMenuState
0x48b668 GetMenuItemInfoA
0x48b66c GetMenuItemID
0x48b670 GetMenuItemCount
0x48b674 GetMenu
0x48b678 GetLastActivePopup
0x48b67c GetKeyboardState
0x48b684 GetKeyboardLayout
0x48b688 GetKeyState
0x48b68c GetKeyNameTextA
0x48b690 GetIconInfo
0x48b694 GetForegroundWindow
0x48b698 GetFocus
0x48b69c GetDesktopWindow
0x48b6a0 GetDCEx
0x48b6a4 GetDC
0x48b6a8 GetCursorPos
0x48b6ac GetCursor
0x48b6b0 GetClipboardData
0x48b6b4 GetClientRect
0x48b6b8 GetClassNameA
0x48b6bc GetClassInfoA
0x48b6c0 GetCapture
0x48b6c4 GetActiveWindow
0x48b6c8 FrameRect
0x48b6cc FindWindowA
0x48b6d0 FillRect
0x48b6d4 EqualRect
0x48b6d8 EnumWindows
0x48b6dc EnumThreadWindows
0x48b6e0 EndPaint
0x48b6e4 EnableWindow
0x48b6e8 EnableScrollBar
0x48b6ec EnableMenuItem
0x48b6f0 DrawTextA
0x48b6f4 DrawMenuBar
0x48b6f8 DrawIconEx
0x48b6fc DrawIcon
0x48b700 DrawFrameControl
0x48b704 DrawEdge
0x48b708 DispatchMessageA
0x48b70c DestroyWindow
0x48b710 DestroyMenu
0x48b714 DestroyIcon
0x48b718 DestroyCursor
0x48b71c DeleteMenu
0x48b720 DefWindowProcA
0x48b724 DefMDIChildProcA
0x48b728 DefFrameProcA
0x48b72c CreatePopupMenu
0x48b730 CreateMenu
0x48b734 CreateIcon
0x48b738 ClientToScreen
0x48b740 CheckMenuItem
0x48b744 CallWindowProcA
0x48b748 CallNextHookEx
0x48b74c BeginPaint
0x48b750 CharNextA
0x48b754 CharLowerBuffA
0x48b758 CharLowerA
0x48b75c CharUpperBuffA
0x48b760 CharToOemA
0x48b764 AdjustWindowRectEx
Library kernel32.dll:
0x48b770 Sleep
Library oleaut32.dll:
0x48b778 SafeArrayPtrOfIndex
0x48b77c SafeArrayGetUBound
0x48b780 SafeArrayGetLBound
0x48b784 SafeArrayCreate
0x48b788 VariantChangeType
0x48b78c VariantCopy
0x48b790 VariantClear
0x48b794 VariantInit
Library ole32.dll:
0x48b7a0 IsAccelerator
0x48b7a4 OleDraw
0x48b7ac OleUninitialize
0x48b7b0 OleInitialize
0x48b7b4 CoTaskMemFree
0x48b7b8 CoTaskMemAlloc
0x48b7bc ProgIDFromCLSID
0x48b7c0 StringFromCLSID
0x48b7c4 CoCreateInstance
0x48b7c8 CoGetClassObject
0x48b7cc CoUninitialize
0x48b7d0 CoInitialize
0x48b7d4 IsEqualGUID
Library oleaut32.dll:
0x48b7dc GetErrorInfo
0x48b7e0 GetActiveObject
0x48b7e4 SysFreeString
Library comctl32.dll:
0x48b7f4 ImageList_Write
0x48b7f8 ImageList_Read
0x48b808 ImageList_DragMove
0x48b80c ImageList_DragLeave
0x48b810 ImageList_DragEnter
0x48b814 ImageList_EndDrag
0x48b818 ImageList_BeginDrag
0x48b81c ImageList_Remove
0x48b820 ImageList_DrawEx
0x48b824 ImageList_Draw
0x48b834 ImageList_Add
0x48b83c ImageList_Destroy
0x48b840 ImageList_Create
0x48b844 InitCommonControls
Library shell32.dll:
0x48b84c ShellExecuteExA
0x48b850 ShellExecuteA
0x48b854 SHGetFileInfoA
Library shell32.dll:
0x48b860 SHGetMalloc
0x48b864 SHGetDesktopFolder

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 49235 114.114.114.114 53
192.168.56.101 50534 114.114.114.114 53
192.168.56.101 56539 114.114.114.114 53
192.168.56.101 65004 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 55368 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 60123 224.0.0.252 5355
192.168.56.101 62191 224.0.0.252 5355
192.168.56.101 1900 239.255.255.250 1900
192.168.56.101 50535 239.255.255.250 3702
192.168.56.101 50537 239.255.255.250 3702
192.168.56.101 56540 239.255.255.250 3702
192.168.56.101 56807 239.255.255.250 1900
192.168.56.101 58707 239.255.255.250 3702

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.