6.0
高危
58 个模型检测该样本为恶意!
重新分析
更多

476e6999521d075f449c459d430ab80b4e3a513d992982178bfb3ca834278456

adf841c5d6d53f924cefeb2d2782de73.exe

分析耗时

77s

最近分析

文件大小

673.0KB
静态报毒 动态报毒 100% AI SCORE=82 AIDETECTVM ATTRIBUTE CLASSIC CONFIDENCE CRYPTERX ELDORADO EMOTET GENCIRC GENERICKDZ GENETIC GENKRYPTIK HFWW HIGH CONFIDENCE HIGHCONFIDENCE HMZHS HTPAJI KCLOUD KRYPTIK MALREP MALWARE2 MALWARE@#3MHOTU70F406P PUPXAA R + TROJ R349334 SCORE SMTHH SUSGEN THIOHBO UNSAFE XOIJC1HGUEK 更多
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
Alibaba Trojan:Win32/Emotet.9bdbde1c 20190527 0.3.0.5
Avast Win32:CrypterX-gen [Trj] 20201211 21.1.5827.0
Tencent Malware.Win32.Gencirc.10cdf57c 20201212 1.0.0.1
Baidu 20190318 1.0.0.2
Kingsoft Win32.Troj.Banker.(kcloud) 20201212 2017.9.26.565
McAfee Emotet-FRW!ADF841C5D6D5 20201212 6.0.6.653
CrowdStrike win/malicious_confidence_100% (W) 20190702 1.0
静态指标
Queries for the computername (1 个事件)
Time & API Arguments Status Return Repeated
1619826899.930307
GetComputerNameA
computer_name: OSKAR-PC
success 1 0
Uses Windows APIs to generate a cryptographic key (3 个事件)
Time & API Arguments Status Return Repeated
1619826883.727307
CryptGenKey
crypto_handle: 0x0072cc48
algorithm_identifier: 0x0000660e ()
provider_handle: 0x0072c260
flags: 1
key: fšaù!õ’÷Ç{œ)ÿº
success 1 0
1619826899.946307
CryptExportKey
crypto_handle: 0x0072cc48
crypto_export_handle: 0x0072c328
buffer: f¤jpB±Å€n›æ§)¼Øï>HÍr¾Y/J.Pò)SxÞn•úB[–þ Œù%@ø.Ð Z«0ñ‡–Æ/¶5`*ÒwIßcݽ›q¿ñeäë6ˆÂJý^}_Y­£Ò~x
blob_type: 1
flags: 64
success 1 0
1619826934.915307
CryptExportKey
crypto_handle: 0x0072cc48
crypto_export_handle: 0x0072c328
buffer: f¤ºøó¡/E?SÊ«.¢“¦ÍwíNÚ3u½­ mJà&]ýÇPk„Ç÷ çe.š5=m'-êE/K€dâB›ïåGɾ?ÙHØ̎ MÜÀ´& 1O-0Ϭ9ÆÆÝ
blob_type: 1
flags: 64
success 1 0
This executable has a PDB path (1 个事件)
pdb_path c:\Users\Mr.Anderson\Desktop\2008\26.8.20\XQueue_demo\XQueueClientTest\Release\XQueueClientTest.pdb
行为判定
动态指标
Allocates read-write-execute memory (usually to unpack itself) (1 个事件)
Time & API Arguments Status Return Repeated
1619826883.086307
NtAllocateVirtualMemory
process_identifier: 2764
region_size: 36864
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x005d0000
success 0 0
Checks adapter addresses which can be used to detect virtual network interfaces (1 个事件)
Time & API Arguments Status Return Repeated
1619826900.399307
GetAdaptersAddresses
flags: 0
family: 0
failed 111 0
The binary likely contains encrypted or compressed data indicative of a packer (1 个事件)
entropy 7.063437126559917 section {'size_of_data': '0x00016200', 'virtual_address': '0x00090000', 'entropy': 7.063437126559917, 'name': '.rsrc', 'virtual_size': '0x000160cc'} description A section with a high entropy has been found
Expresses interest in specific running processes (1 个事件)
process adf841c5d6d53f924cefeb2d2782de73.exe
Reads the systems User Agent and subsequently performs requests (1 个事件)
Time & API Arguments Status Return Repeated
1619826900.071307
InternetOpenW
proxy_bypass:
access_type: 0
proxy_name:
flags: 0
user_agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
success 13369348 0
网络通信
Communicates with host for which no DNS query was performed (3 个事件)
host 172.217.24.14
host 71.197.211.156
host 87.118.70.45
Sets or modifies WPAD proxy autoconfiguration file for traffic interception (8 个事件)
Time & API Arguments Status Return Repeated
1619826902.993307
RegSetValueExA
key_handle: 0x000003b0
value: 1
regkey_r: WpadDecisionReason
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionReason
success 0 0
1619826902.993307
RegSetValueExA
key_handle: 0x000003b0
value: 0d³ê>×
regkey_r: WpadDecisionTime
reg_type: 3 (REG_BINARY)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionTime
success 0 0
1619826902.993307
RegSetValueExA
key_handle: 0x000003b0
value: 3
regkey_r: WpadDecision
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecision
success 0 0
1619826902.993307
RegSetValueExW
key_handle: 0x000003b0
value: 网络 2
regkey_r: WpadNetworkName
reg_type: 1 (REG_SZ)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadNetworkName
success 0 0
1619826902.993307
RegSetValueExA
key_handle: 0x000003c8
value: 1
regkey_r: WpadDecisionReason
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionReason
success 0 0
1619826902.993307
RegSetValueExA
key_handle: 0x000003c8
value: 0d³ê>×
regkey_r: WpadDecisionTime
reg_type: 3 (REG_BINARY)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionTime
success 0 0
1619826902.993307
RegSetValueExA
key_handle: 0x000003c8
value: 3
regkey_r: WpadDecision
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecision
success 0 0
1619826903.024307
RegSetValueExW
key_handle: 0x000003ac
value: {40112ABE-63B3-43C3-BE93-1440EE3AF106}
regkey_r: WpadLastNetwork
reg_type: 1 (REG_SZ)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\WpadLastNetwork
success 0 0
Connects to an IP address that is no longer responding to requests (legitimate services will remain up-and-running usually) (1 个事件)
dead_host 71.197.211.156:80
File has been identified by 58 AntiVirus engines on VirusTotal as malicious (50 out of 58 个事件)
Bkav W32.AIDetectVM.malware2
Elastic malicious (high confidence)
DrWeb Trojan.Emotet.1006
MicroWorld-eScan Trojan.GenericKDZ.69742
FireEye Generic.mg.adf841c5d6d53f92
ALYac Trojan.Agent.Emotet
Cylance Unsafe
Zillya Trojan.Emotet.Win32.25668
SUPERAntiSpyware Trojan.Agent/Gen-Emotet
Sangfor Malware
K7AntiVirus Trojan ( 0056e0711 )
Alibaba Trojan:Win32/Emotet.9bdbde1c
K7GW Trojan ( 0056e0711 )
Arcabit Trojan.Generic.D1106E
Cyren W32/Emotet.ARE.gen!Eldorado
Symantec ML.Attribute.HighConfidence
ESET-NOD32 Win32/Emotet.CD
APEX Malicious
Avast Win32:CrypterX-gen [Trj]
ClamAV Win.Dropper.Emotet-9792506-0
Kaspersky HEUR:Trojan-Banker.Win32.Emotet.pef
BitDefender Trojan.GenericKDZ.69742
NANO-Antivirus Trojan.Win32.Emotet.htpaji
Paloalto generic.ml
Tencent Malware.Win32.Gencirc.10cdf57c
Ad-Aware Trojan.GenericKDZ.69742
TACHYON Banker/W32.Emotet.689152
Sophos Mal/Generic-R + Troj/Emotet-CLT
Comodo Malware@#3mhotu70f406p
F-Secure Trojan.TR/Kryptik.hmzhs
VIPRE Trojan.Win32.Generic!BT
TrendMicro Trojan.Win32.MALREP.THIOHBO
McAfee-GW-Edition BehavesLike.Win32.PUPXAA.jh
Emsisoft Trojan.Emotet (A)
Jiangmin Trojan.Banker.Emotet.ofn
Avira TR/Kryptik.hmzhs
Antiy-AVL Trojan[Banker]/Win32.Emotet
Kingsoft Win32.Troj.Banker.(kcloud)
Gridinsoft Trojan.Win32.Emotet.oa
Microsoft Trojan:Win32/Emotet.ARJ!MTB
AegisLab Trojan.Win32.Emotet.L!c
ZoneAlarm HEUR:Trojan-Banker.Win32.Emotet.pef
GData Trojan.GenericKDZ.69742
Cynet Malicious (score: 100)
AhnLab-V3 Trojan/Win32.Emotet.R349334
McAfee Emotet-FRW!ADF841C5D6D5
MAX malware (ai score=82)
Malwarebytes Trojan.MalPack.TRE
TrendMicro-HouseCall TrojanSpy.Win32.EMOTET.SMTHH.hp
Rising Trojan.Emotet!1.CB4A (CLASSIC)
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

2020-08-26 20:16:15

Imports

Library KERNEL32.dll:
0x4711a0 GetCurrentProcess
0x4711a4 FindClose
0x4711a8 FindFirstFileA
0x4711b0 GetFullPathNameA
0x4711b4 GetShortPathNameA
0x4711b8 SetErrorMode
0x4711c4 SetFileTime
0x4711c8 SetFileAttributesA
0x4711cc GetFileAttributesA
0x4711d0 GetFileSizeEx
0x4711d4 GetFileTime
0x4711d8 RtlUnwind
0x4711dc HeapAlloc
0x4711e4 GetCommandLineA
0x4711e8 GetStartupInfoA
0x4711ec HeapFree
0x4711f0 RaiseException
0x4711f4 VirtualProtect
0x4711f8 VirtualAlloc
0x4711fc GetSystemInfo
0x471200 VirtualQuery
0x471204 HeapReAlloc
0x471208 ExitThread
0x47120c CreateThread
0x471210 HeapSize
0x471214 TerminateProcess
0x471220 IsDebuggerPresent
0x471224 GetACP
0x471228 DuplicateHandle
0x47122c LCMapStringA
0x471230 LCMapStringW
0x471234 FatalAppExitA
0x471238 VirtualFree
0x47123c HeapCreate
0x471240 HeapDestroy
0x471244 GetStdHandle
0x471258 SetHandleCount
0x47125c GetFileType
0x471264 GetTickCount
0x471274 GetStringTypeA
0x471278 GetStringTypeW
0x47127c GetTimeFormatA
0x471280 GetDateFormatA
0x471284 GetUserDefaultLCID
0x471288 EnumSystemLocalesA
0x47128c IsValidLocale
0x471290 GetConsoleCP
0x471294 GetConsoleMode
0x471298 GetLocaleInfoW
0x47129c SetStdHandle
0x4712a0 WriteConsoleA
0x4712a4 GetConsoleOutputCP
0x4712a8 WriteConsoleW
0x4712ac CompareStringW
0x4712b4 SetEndOfFile
0x4712b8 UnlockFile
0x4712bc LockFile
0x4712c0 FlushFileBuffers
0x4712c4 SetFilePointer
0x4712c8 WriteFile
0x4712cc ReadFile
0x4712d0 lstrcmpiA
0x4712d4 GetStringTypeExA
0x4712d8 DeleteFileA
0x4712dc MoveFileA
0x4712f8 GetThreadLocale
0x4712fc GetModuleHandleW
0x471300 GetAtomNameA
0x471304 GetOEMCP
0x471308 GetCPInfo
0x471310 TlsFree
0x471318 LocalReAlloc
0x47131c TlsSetValue
0x471320 TlsAlloc
0x471328 GlobalHandle
0x47132c GlobalReAlloc
0x471334 TlsGetValue
0x47133c LocalAlloc
0x471340 GlobalFlags
0x471344 SuspendThread
0x471348 ResumeThread
0x47134c SetThreadPriority
0x471350 GetCurrentThread
0x47135c GetLocaleInfoA
0x471360 InterlockedExchange
0x471364 lstrcmpA
0x471368 GetCurrentProcessId
0x47136c GetModuleFileNameA
0x471374 GetModuleFileNameW
0x471378 CopyFileA
0x47137c FormatMessageA
0x471380 LocalFree
0x471384 lstrlenW
0x471388 MulDiv
0x47138c lstrlenA
0x471390 GlobalGetAtomNameA
0x471394 GlobalAddAtomA
0x471398 GlobalFindAtomA
0x47139c GlobalDeleteAtom
0x4713a0 CompareStringA
0x4713a4 SetLastError
0x4713a8 MultiByteToWideChar
0x4713ac lstrcmpW
0x4713b0 GetModuleHandleA
0x4713b4 GetProcAddress
0x4713b8 GetVersionExA
0x4713bc GlobalFree
0x4713c0 FreeResource
0x4713c4 ExitProcess
0x4713c8 GetLastError
0x4713cc IsBadWritePtr
0x4713d0 OpenMutexA
0x4713d4 OpenEventA
0x4713d8 CreateMutexA
0x4713dc CreateEventA
0x4713e0 SetEvent
0x4713e4 ReleaseMutex
0x4713e8 WaitForSingleObject
0x4713ec IsBadReadPtr
0x4713f0 GetCurrentThreadId
0x4713f4 OpenFileMappingA
0x4713f8 CreateFileA
0x4713fc DeviceIoControl
0x471400 GetFileSize
0x471404 CreateFileMappingA
0x471408 MapViewOfFile
0x47140c UnmapViewOfFile
0x471410 CloseHandle
0x471414 FlushViewOfFile
0x47141c LoadLibraryA
0x471420 FreeLibrary
0x471424 WinExec
0x471428 Sleep
0x47142c GlobalAlloc
0x471430 GlobalLock
0x471434 GlobalSize
0x471438 GlobalUnlock
0x47143c WideCharToMultiByte
0x471440 FindResourceA
0x471444 LoadResource
0x471448 LockResource
0x47144c IsValidCodePage
0x471450 SizeofResource
Library USER32.dll:
0x471530 SetCapture
0x471534 ReleaseCapture
0x471538 WaitMessage
0x47153c DestroyIcon
0x471540 CharUpperA
0x471548 BringWindowToTop
0x47154c CreatePopupMenu
0x471550 InsertMenuItemA
0x471554 LoadAcceleratorsA
0x471558 GetMenuBarInfo
0x47155c ReuseDDElParam
0x471560 UnpackDDElParam
0x471564 SetRect
0x471568 GetKeyNameTextA
0x47156c MapVirtualKeyA
0x471570 IsRectEmpty
0x471574 SetParent
0x471578 UnionRect
0x47157c GetDCEx
0x471580 LockWindowUpdate
0x471584 WindowFromPoint
0x47158c EndPaint
0x471590 BeginPaint
0x471594 GetWindowDC
0x471598 ClientToScreen
0x47159c GrayStringA
0x4715a0 DrawTextExA
0x4715a4 DrawTextA
0x4715a8 TabbedTextOutA
0x4715ac FillRect
0x4715b0 GetMenuStringA
0x4715b4 InsertMenuA
0x4715b8 RemoveMenu
0x4715bc ScrollWindowEx
0x4715c0 MoveWindow
0x4715c4 SetWindowTextA
0x4715c8 IsDialogMessageA
0x4715cc IsDlgButtonChecked
0x4715d0 SetDlgItemTextA
0x4715d4 SetDlgItemInt
0x4715d8 GetDlgItemTextA
0x4715dc GetDlgItemInt
0x4715e0 CheckRadioButton
0x4715e4 CheckDlgButton
0x4715e8 SetMenuItemBitmaps
0x4715f0 LoadBitmapA
0x4715f4 ModifyMenuA
0x4715f8 GetMenuState
0x4715fc EnableMenuItem
0x471600 CheckMenuItem
0x471604 SendDlgItemMessageA
0x471608 WinHelpA
0x47160c IsChild
0x471610 GetCapture
0x471614 SetWindowsHookExA
0x471618 CallNextHookEx
0x47161c GetClassLongA
0x471620 GetClassNameA
0x471624 SetPropA
0x471628 GetPropA
0x47162c DeleteMenu
0x471630 GetFocus
0x471634 SetFocus
0x47163c GetWindowTextA
0x471640 GetForegroundWindow
0x471644 GetLastActivePopup
0x471648 DispatchMessageA
0x47164c EndDeferWindowPos
0x471650 GetTopWindow
0x471654 UnhookWindowsHookEx
0x471658 GetMessageTime
0x47165c PeekMessageA
0x471660 MapWindowPoints
0x471664 ScrollWindow
0x471668 TrackPopupMenuEx
0x47166c TrackPopupMenu
0x471670 GetKeyState
0x471674 SetMenu
0x471678 SetScrollRange
0x47167c GetScrollRange
0x471680 SetScrollPos
0x471684 GetScrollPos
0x471688 SetForegroundWindow
0x47168c ShowScrollBar
0x471690 IsWindowVisible
0x471694 UpdateWindow
0x471698 PostMessageA
0x47169c GetMenuItemID
0x4716a0 GetMenuItemCount
0x4716a4 MessageBoxA
0x4716a8 GetClassInfoExA
0x4716ac GetClassInfoA
0x4716b0 RegisterClassA
0x4716b4 AdjustWindowRectEx
0x4716b8 EqualRect
0x4716bc DeferWindowPos
0x4716c0 GetScrollInfo
0x4716c4 SetScrollInfo
0x4716c8 CopyRect
0x4716cc SetWindowPlacement
0x4716d0 GetDlgCtrlID
0x4716d4 DefWindowProcA
0x4716d8 CallWindowProcA
0x4716dc GetMenu
0x4716e0 SetWindowPos
0x4716e4 OffsetRect
0x4716e8 IntersectRect
0x4716f0 EnableWindow
0x4716f4 CloseClipboard
0x4716f8 GetClipboardData
0x4716fc OpenClipboard
0x471700 GetWindowPlacement
0x471704 GetWindow
0x471708 GetDesktopWindow
0x47170c GetActiveWindow
0x471710 SetActiveWindow
0x471718 DestroyWindow
0x47171c GetWindowLongA
0x471720 GetDlgItem
0x471724 IsWindowEnabled
0x471728 GetNextDlgTabItem
0x47172c EndDialog
0x471730 LoadIconA
0x471734 SetRectEmpty
0x471738 UnregisterClassA
0x47173c GetSysColorBrush
0x471740 GetDialogBaseUnits
0x471744 ShowOwnedPopups
0x471748 GetMessageA
0x47174c TranslateMessage
0x471750 ValidateRect
0x471754 PostQuitMessage
0x471758 DestroyMenu
0x47175c GetMenuItemInfoA
0x471760 RemovePropA
0x471764 GetCursorPos
0x471768 SetClipboardData
0x47176c EmptyClipboard
0x471770 SetCursor
0x471774 PtInRect
0x471778 InflateRect
0x47177c SendMessageA
0x471780 GetWindowRect
0x471784 GetClientRect
0x471788 ScreenToClient
0x47178c GetDC
0x471790 ReleaseDC
0x471794 InvalidateRect
0x471798 RedrawWindow
0x47179c SetTimer
0x4717a0 KillTimer
0x4717a4 GetParent
0x4717a8 LoadCursorA
0x4717ac GetMessagePos
0x4717b0 GetSysColor
0x4717b4 IsWindow
0x4717b8 IsIconic
0x4717bc GetSystemMenu
0x4717c0 AppendMenuA
0x4717c4 DrawIcon
0x4717c8 ShowWindow
0x4717cc CreateWindowExA
0x4717d0 InSendMessage
0x4717d4 GetSystemMetrics
0x4717d8 LoadMenuA
0x4717dc GetSubMenu
0x4717e0 DrawFocusRect
0x4717e8 SetWindowLongA
0x4717ec CopyIcon
0x4717f0 DestroyCursor
0x4717f4 MessageBeep
0x4717f8 BeginDeferWindowPos
Library GDI32.dll:
0x47103c SetWindowOrgEx
0x471040 OffsetWindowOrgEx
0x471044 SetWindowExtEx
0x471048 ScaleWindowExtEx
0x471050 ArcTo
0x471054 PolyDraw
0x471058 PolylineTo
0x47105c PolyBezierTo
0x471060 ExtSelectClipRgn
0x471064 DeleteDC
0x47106c CreatePatternBrush
0x471070 CreateCompatibleDC
0x471074 SelectPalette
0x471078 PlayMetaFileRecord
0x47107c ScaleViewportExtEx
0x471080 EnumMetaFile
0x471084 PlayMetaFile
0x471088 CreatePen
0x47108c ExtCreatePen
0x471090 CreateHatchBrush
0x471098 SetRectRgn
0x47109c CombineRgn
0x4710a0 GetMapMode
0x4710a4 PatBlt
0x4710a8 DPtoLP
0x4710ac CreateFontA
0x4710b0 StretchDIBits
0x4710b8 GetBkColor
0x4710bc OffsetViewportOrgEx
0x4710c0 SetViewportExtEx
0x4710c4 SetViewportOrgEx
0x4710c8 SelectObject
0x4710cc Escape
0x4710d0 GetViewportExtEx
0x4710d4 ExtTextOutA
0x4710d8 TextOutA
0x4710dc RectVisible
0x4710e0 PtVisible
0x4710e4 StartDocA
0x4710e8 GetPixel
0x4710ec BitBlt
0x4710f0 GetObjectType
0x4710f4 CreateSolidBrush
0x4710f8 SelectClipPath
0x4710fc CreateRectRgn
0x471100 GetClipRgn
0x471104 SelectClipRgn
0x471108 DeleteObject
0x47110c SetColorAdjustment
0x471110 SetArcDirection
0x471114 SetMapperFlags
0x471120 SetTextAlign
0x471124 MoveToEx
0x471128 LineTo
0x47112c OffsetClipRgn
0x471130 IntersectClipRect
0x471134 ExcludeClipRect
0x471138 SetMapMode
0x471140 SetWorldTransform
0x471144 SetGraphicsMode
0x471148 SetStretchBltMode
0x47114c SetROP2
0x471150 SetPolyFillMode
0x471154 SetBkMode
0x471158 RestoreDC
0x47115c SaveDC
0x471160 CreateDCA
0x471164 CopyMetaFileA
0x471168 GetDeviceCaps
0x47116c CreateBitmap
0x471170 SetBkColor
0x471174 SetTextColor
0x471178 GetClipBox
0x47117c GetDCOrgEx
0x471180 GetCharWidthA
0x471184 GetTextMetricsA
0x47118c GetStockObject
0x471190 GetObjectA
0x471194 CreateFontIndirectA
0x471198 GetWindowExtEx
Library COMDLG32.dll:
0x471034 GetFileTitleA
Library WINSPOOL.DRV:
0x471800 DocumentPropertiesA
0x471804 OpenPrinterA
0x471808 ClosePrinter
Library ADVAPI32.dll:
0x471000 RegSetValueExA
0x471004 RegCreateKeyA
0x471008 RegCreateKeyExA
0x47100c RegOpenKeyA
0x471010 RegEnumKeyA
0x471014 RegDeleteKeyA
0x471018 RegQueryValueExA
0x47101c RegSetValueA
0x471020 RegOpenKeyExA
0x471024 RegQueryValueA
0x471028 RegCloseKey
0x47102c RegDeleteValueA
Library SHELL32.dll:
0x4714fc ExtractIconA
0x471500 SHGetFileInfoA
0x471504 DragFinish
0x471508 DragQueryFileA
0x47150c ShellExecuteA
Library SHLWAPI.dll:
0x471518 PathFindFileNameA
0x47151c PathStripToRootA
0x471520 PathIsUNCA
0x471524 PathFindExtensionA
0x471528 PathRemoveFileSpecW
Library ole32.dll:
0x471810 StringFromGUID2
0x471814 CoDisconnectObject
0x471818 OleDuplicateData
0x47181c CoTaskMemAlloc
0x471820 ReleaseStgMedium
0x471824 CreateBindCtx
0x471828 CoTreatAsClass
0x47182c CoCreateInstance
0x471830 ReadClassStg
0x471834 ReadFmtUserTypeStg
0x471838 OleRegGetUserType
0x47183c WriteClassStg
0x471840 WriteFmtUserTypeStg
0x471844 SetConvertStg
0x471848 CoTaskMemFree
0x47184c CLSIDFromString
0x471850 CoUninitialize
0x471854 CoInitializeEx
0x471858 StringFromCLSID
Library OLEAUT32.dll:
0x471458 VariantClear
0x47145c VariantChangeType
0x471460 VariantInit
0x471464 SysAllocStringLen
0x471468 SysStringLen
0x47146c SysFreeString
0x471474 SysStringByteLen
0x471478 RegisterTypeLib
0x47147c LoadTypeLib
0x471480 LoadRegTypeLib
0x471488 SafeArrayAccessData
0x47148c SafeArrayGetUBound
0x471490 SafeArrayGetLBound
0x471498 SafeArrayGetDim
0x47149c SafeArrayCreate
0x4714a0 SafeArrayRedim
0x4714a4 VariantCopy
0x4714a8 SafeArrayAllocData
0x4714b0 SafeArrayCopy
0x4714b4 SafeArrayGetElement
0x4714b8 SafeArrayPtrOfIndex
0x4714bc SafeArrayPutElement
0x4714c0 SafeArrayLock
0x4714c4 SafeArrayUnlock
0x4714c8 SafeArrayDestroy
0x4714dc SysReAllocStringLen
0x4714e0 VarDateFromStr
0x4714e4 VarBstrFromCy
0x4714e8 VarBstrFromDec
0x4714ec VarDecFromStr
0x4714f0 VarCyFromStr
0x4714f4 VarBstrFromDate

Hosts

No hosts contacted.

TCP

Source Source Port Destination Destination Port
192.168.56.1 139 192.168.56.101 49184

UDP

Source Source Port Destination Destination Port
192.168.56.101 49235 114.114.114.114 53
192.168.56.101 50534 114.114.114.114 53
192.168.56.101 56539 114.114.114.114 53
192.168.56.101 58367 114.114.114.114 53
192.168.56.101 65004 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 123 20.189.79.72 time.windows.com 123
192.168.56.101 53657 224.0.0.252 5355
192.168.56.101 55368 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 60123 224.0.0.252 5355
192.168.56.101 62191 224.0.0.252 5355
192.168.56.101 1900 239.255.255.250 1900
192.168.56.101 56540 239.255.255.250 3702
192.168.56.101 56807 239.255.255.250 1900
192.168.56.101 58368 239.255.255.250 3702
192.168.56.101 58707 239.255.255.250 3702

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.