5.4
中危
60 个模型检测该样本为恶意!
重新分析
更多

464d64f732b004b3e84d7e1b1bf31fb1dd5de9333f95b7c614f4241092b2aaf6

afd4dfa9f763fd1b9272e3df0fea58a4.exe

分析耗时

32s

最近分析

文件大小

2.1MB
静态报毒 动态报毒 100% AGEN AI SCORE=81 AIDETECTVM BANKERX BSCOPE CLOUD CONFIDENCE DRIDEX DV9PYUYOJAA ELDORADO ENCPK FKX@AK@50ON GENCIRC GENERICKD GENETIC GOZI HBR@8QRQPO HCKQ HIGH CONFIDENCE HIXLGY INJECT3 INVALIDSIG KRYPTIK MALICIOUS PE MALWARE1 PINKSBOT QAKBOT QBOT QBOTPMF R332088 S12740246 SCORE TROJANBANKER UNSAFE ZBOT ZEXAF 更多
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
Alibaba TrojanBanker:Win32/Qakbot.357c1486 20190527 0.3.0.5
CrowdStrike win/malicious_confidence_100% (W) 20190702 1.0
Baidu 20190318 1.0.0.2
Avast Win32:BankerX-gen [Trj] 20200813 18.4.3895.0
Tencent Malware.Win32.Gencirc.10b9c00a 20200813 1.0.0.1
Kingsoft 20200813 2013.8.14.323
McAfee W32/PinkSbot-GN!AFD4DFA9F763 20200813 6.0.6.653
静态指标
Queries for the computername (3 个事件)
Time & API Arguments Status Return Repeated
1619826885.999372
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
1619826893.733372
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
1619857758.951001
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
Command line console output was observed (28 个事件)
Time & API Arguments Status Return Repeated
1619857767.201249
WriteConsoleA
buffer: ÕýÔÚ Ping 127.0.0.1
console_handle: 0x00000007
success 1 0
1619857767.217249
WriteConsoleA
buffer: ¾ßÓÐ 32 ×Ö½ÚµÄÊý¾Ý:
console_handle: 0x00000007
success 1 0
1619857767.232249
WriteConsoleA
buffer: À´×Ô 127.0.0.1 µÄ»Ø¸´:
console_handle: 0x00000007
success 1 0
1619857767.232249
WriteConsoleA
buffer: ×Ö½Ú=32
console_handle: 0x00000007
success 1 0
1619857767.232249
WriteConsoleA
buffer: ʱ¼ä<1ms
console_handle: 0x00000007
success 1 0
1619857767.232249
WriteConsoleA
buffer: TTL=128
console_handle: 0x00000007
success 1 0
1619857768.232249
WriteConsoleA
buffer: À´×Ô 127.0.0.1 µÄ»Ø¸´:
console_handle: 0x00000007
success 1 0
1619857768.248249
WriteConsoleA
buffer: ×Ö½Ú=32
console_handle: 0x00000007
success 1 0
1619857768.248249
WriteConsoleA
buffer: ʱ¼ä<1ms
console_handle: 0x00000007
success 1 0
1619857768.248249
WriteConsoleA
buffer: TTL=128
console_handle: 0x00000007
success 1 0
1619857769.248249
WriteConsoleA
buffer: À´×Ô 127.0.0.1 µÄ»Ø¸´:
console_handle: 0x00000007
success 1 0
1619857769.248249
WriteConsoleA
buffer: ×Ö½Ú=32
console_handle: 0x00000007
success 1 0
1619857769.248249
WriteConsoleA
buffer: ʱ¼ä<1ms
console_handle: 0x00000007
success 1 0
1619857769.248249
WriteConsoleA
buffer: TTL=128
console_handle: 0x00000007
success 1 0
1619857770.248249
WriteConsoleA
buffer: À´×Ô 127.0.0.1 µÄ»Ø¸´:
console_handle: 0x00000007
success 1 0
1619857770.248249
WriteConsoleA
buffer: ×Ö½Ú=32
console_handle: 0x00000007
success 1 0
1619857770.248249
WriteConsoleA
buffer: ʱ¼ä<1ms
console_handle: 0x00000007
success 1 0
1619857770.248249
WriteConsoleA
buffer: TTL=128
console_handle: 0x00000007
success 1 0
1619857771.248249
WriteConsoleA
buffer: À´×Ô 127.0.0.1 µÄ»Ø¸´:
console_handle: 0x00000007
success 1 0
1619857771.248249
WriteConsoleA
buffer: ×Ö½Ú=32
console_handle: 0x00000007
success 1 0
1619857771.248249
WriteConsoleA
buffer: ʱ¼ä<1ms
console_handle: 0x00000007
success 1 0
1619857771.248249
WriteConsoleA
buffer: TTL=128
console_handle: 0x00000007
success 1 0
1619857772.248249
WriteConsoleA
buffer: À´×Ô 127.0.0.1 µÄ»Ø¸´:
console_handle: 0x00000007
success 1 0
1619857772.248249
WriteConsoleA
buffer: ×Ö½Ú=32
console_handle: 0x00000007
success 1 0
1619857772.248249
WriteConsoleA
buffer: ʱ¼ä<1ms
console_handle: 0x00000007
success 1 0
1619857772.248249
WriteConsoleA
buffer: TTL=128
console_handle: 0x00000007
success 1 0
1619857772.264249
WriteConsoleA
buffer: 127.0.0.1 µÄ Ping ͳ¼ÆÐÅÏ¢: Êý¾Ý°ü: ÒÑ·¢ËÍ = 6£¬ÒѽÓÊÕ = 6£¬¶ªÊ§ = 0 (0% ¶ªÊ§)£¬
console_handle: 0x00000007
success 1 0
1619857772.279249
WriteConsoleA
buffer: Íù·µÐг̵ĹÀ¼Æʱ¼ä(ÒÔºÁÃëΪµ¥Î»): ×î¶Ì = 0ms£¬× = 0ms£¬Æ½¾ù = 0ms
console_handle: 0x00000007
success 1 0
This executable is signed
Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available (1 个事件)
Time & API Arguments Status Return Repeated
1619857767.154249
GlobalMemoryStatusEx
success 1 0
One or more processes crashed (3 个事件)
Time & API Arguments Status Return Repeated
1619826893.733372
__exception__
stacktrace: 
afd4dfa9f763fd1b9272e3df0fea58a4+0x8ec9 @ 0x408ec9
afd4dfa9f763fd1b9272e3df0fea58a4+0x17cc @ 0x4017cc
afd4dfa9f763fd1b9272e3df0fea58a4+0x1c66 @ 0x401c66
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1634776
registers.edi: 0
registers.eax: 6619136
registers.ebp: 1635384
registers.edx: 8
registers.ebx: 1
registers.esi: 4269856
registers.ecx: 100
exception.instruction_r: ff 30 e8 97 03 00 00 83 c4 14 85 c0 75 38 8d 85
exception.symbol: afd4dfa9f763fd1b9272e3df0fea58a4+0x844a
exception.instruction: push dword ptr [eax]
exception.module: afd4dfa9f763fd1b9272e3df0fea58a4.exe
exception.exception_code: 0xc0000005
exception.offset: 33866
exception.address: 0x40844a
success 0 0
1619857759.607001
__exception__
stacktrace: 
afd4dfa9f763fd1b9272e3df0fea58a4+0x3daa @ 0x403daa
afd4dfa9f763fd1b9272e3df0fea58a4+0x1b23 @ 0x401b23
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1637624
registers.edi: 0
registers.eax: 1447909480
registers.ebp: 1637684
registers.edx: 22104
registers.ebx: 1
registers.esi: 11159344
registers.ecx: 10
exception.instruction_r: ed 89 5d e4 89 4d e0 5a 59 5b 58 83 4d fc ff eb
exception.symbol: afd4dfa9f763fd1b9272e3df0fea58a4+0x33cc
exception.instruction: in eax, dx
exception.module: afd4dfa9f763fd1b9272e3df0fea58a4.exe
exception.exception_code: 0xc0000096
exception.offset: 13260
exception.address: 0x4033cc
success 0 0
1619857759.607001
__exception__
stacktrace: 
afd4dfa9f763fd1b9272e3df0fea58a4+0x3db3 @ 0x403db3
afd4dfa9f763fd1b9272e3df0fea58a4+0x1b23 @ 0x401b23
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1637628
registers.edi: 0
registers.eax: 1447909480
registers.ebp: 1637684
registers.edx: 22104
registers.ebx: 1
registers.esi: 11159344
registers.ecx: 20
exception.instruction_r: ed 89 45 e4 5a 59 5b 58 83 4d fc ff eb 11 33 c0
exception.symbol: afd4dfa9f763fd1b9272e3df0fea58a4+0x3465
exception.instruction: in eax, dx
exception.module: afd4dfa9f763fd1b9272e3df0fea58a4.exe
exception.exception_code: 0xc0000096
exception.offset: 13413
exception.address: 0x403465
success 0 0
行为判定
动态指标
Allocates read-write-execute memory (usually to unpack itself) (6 个事件)
Time & API Arguments Status Return Repeated
1619826885.718372
NtAllocateVirtualMemory
process_identifier: 2536
region_size: 233472
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00330000
success 0 0
1619826885.765372
NtAllocateVirtualMemory
process_identifier: 2536
region_size: 229376
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x003a0000
success 0 0
1619826885.765372
NtProtectVirtualMemory
process_identifier: 2536
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 245760
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00400000
success 0 0
1619857758.904001
NtAllocateVirtualMemory
process_identifier: 428
region_size: 233472
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00340000
success 0 0
1619857758.904001
NtAllocateVirtualMemory
process_identifier: 428
region_size: 229376
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00380000
success 0 0
1619857758.904001
NtProtectVirtualMemory
process_identifier: 428
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 245760
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00400000
success 0 0
Creates executable files on the filesystem (1 个事件)
file C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\afd4dfa9f763fd1b9272e3df0fea58a4.exe
Creates a suspicious process (2 个事件)
cmdline "C:\Windows\System32\cmd.exe" /c ping.exe -n 6 127.0.0.1 & type "C:\Windows\System32\calc.exe" > "C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\afd4dfa9f763fd1b9272e3df0fea58a4.exe"
cmdline cmd.exe /c ping.exe -n 6 127.0.0.1 & type "C:\Windows\System32\calc.exe" > "C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\afd4dfa9f763fd1b9272e3df0fea58a4.exe"
A process created a hidden window (2 个事件)
Time & API Arguments Status Return Repeated
1619826886.921372
CreateProcessInternalW
thread_identifier: 944
thread_handle: 0x00000154
process_identifier: 428
current_directory:
filepath:
track: 1
command_line: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\afd4dfa9f763fd1b9272e3df0fea58a4.exe /C
filepath_r:
stack_pivoted: 0
creation_flags: 134217728 (CREATE_NO_WINDOW)
process_handle: 0x00000158
inherit_handles: 0
success 1 0
1619826894.499372
ShellExecuteExW
parameters: /c ping.exe -n 6 127.0.0.1 & type "C:\Windows\System32\calc.exe" > "C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\afd4dfa9f763fd1b9272e3df0fea58a4.exe"
filepath: cmd.exe
filepath_r: cmd.exe
show_type: 0
success 1 0
Uses Windows utilities for basic Windows functionality (3 个事件)
cmdline "C:\Windows\System32\cmd.exe" /c ping.exe -n 6 127.0.0.1 & type "C:\Windows\System32\calc.exe" > "C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\afd4dfa9f763fd1b9272e3df0fea58a4.exe"
cmdline ping.exe -n 6 127.0.0.1
cmdline cmd.exe /c ping.exe -n 6 127.0.0.1 & type "C:\Windows\System32\calc.exe" > "C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\afd4dfa9f763fd1b9272e3df0fea58a4.exe"
网络通信
Communicates with host for which no DNS query was performed (1 个事件)
host 172.217.24.14
Detects VMWare through the in instruction feature (1 个事件)
Time & API Arguments Status Return Repeated
1619857759.607001
__exception__
stacktrace: 
afd4dfa9f763fd1b9272e3df0fea58a4+0x3daa @ 0x403daa
afd4dfa9f763fd1b9272e3df0fea58a4+0x1b23 @ 0x401b23
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1637624
registers.edi: 0
registers.eax: 1447909480
registers.ebp: 1637684
registers.edx: 22104
registers.ebx: 1
registers.esi: 11159344
registers.ecx: 10
exception.instruction_r: ed 89 5d e4 89 4d e0 5a 59 5b 58 83 4d fc ff eb
exception.symbol: afd4dfa9f763fd1b9272e3df0fea58a4+0x33cc
exception.instruction: in eax, dx
exception.module: afd4dfa9f763fd1b9272e3df0fea58a4.exe
exception.exception_code: 0xc0000096
exception.offset: 13260
exception.address: 0x4033cc
success 0 0
File has been identified by 60 AntiVirus engines on VirusTotal as malicious (50 out of 60 个事件)
Bkav W32.AIDetectVM.malware1
Elastic malicious (high confidence)
MicroWorld-eScan Trojan.GenericKD.33608437
CAT-QuickHeal Trojan.QbotPMF.S12740246
Qihoo-360 Generic/Trojan.BO.641
ALYac Trojan.GenericKD.33608437
Cylance Unsafe
Zillya Trojan.Kryptik.Win32.1971807
Sangfor Malware
K7AntiVirus Trojan ( 0056422d1 )
Alibaba TrojanBanker:Win32/Qakbot.357c1486
K7GW Trojan ( 00563c811 )
CrowdStrike win/malicious_confidence_100% (W)
Arcabit Trojan.Generic.D200D2F5
TrendMicro Backdoor.Win32.QAKBOT.SME
Cyren W32/S-045227fc!Eldorado
Symantec Packed.Generic.459
ESET-NOD32 a variant of Win32/Kryptik.HCKQ
APEX Malicious
Avast Win32:BankerX-gen [Trj]
ClamAV Win.Dropper.Qakbot-7646363-0
Kaspersky HEUR:Trojan-Banker.Win32.Qbot.pef
BitDefender Trojan.GenericKD.33608437
NANO-Antivirus Trojan.Win32.Qbot.hixlgy
Paloalto generic.ml
Tencent Malware.Win32.Gencirc.10b9c00a
Ad-Aware Trojan.GenericKD.33608437
Comodo TrojWare.Win32.Kryptik.HBR@8qrqpo
F-Secure Heuristic.HEUR/AGEN.1133731
DrWeb Trojan.Inject3.37240
VIPRE Trojan.Win32.Generic!BT
Invincea heuristic
FireEye Generic.mg.afd4dfa9f763fd1b
Sophos Mal/EncPk-APV
Ikarus Trojan-Banker.Dridex
F-Prot W32/S-045227fc!Eldorado
Jiangmin Trojan.Banker.Qbot.mc
Avira HEUR/AGEN.1133731
Antiy-AVL Trojan[Banker]/Win32.Qbot
Microsoft Trojan:Win32/Gozi.GA!MTB
ViRobot Trojan.Win32.Z.Qbot.2195120.U
ZoneAlarm HEUR:Trojan-Banker.Win32.Qbot.pef
GData Trojan.GenericKD.33608437
Cynet Malicious (score: 100)
AhnLab-V3 Trojan/Win32.Qakbot.R332088
McAfee W32/PinkSbot-GN!AFD4DFA9F763
MAX malware (ai score=81)
VBA32 BScope.Malware-Cryptor.Zbot.4213
Malwarebytes Trojan.Qbot
TrendMicro-HouseCall Backdoor.Win32.QAKBOT.SME
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

2020-04-03 20:48:42

Imports

Library KERNEL32.dll:
0x613608 VirtualAlloc
0x61360c GetModuleHandleW
0x613610 LoadLibraryW
0x613614 GetProcAddress
0x613618 LoadLibraryA
0x61362c VirtualFree
0x613630 LocalFree
0x613634 LocalAlloc
0x613638 GetVersion
0x61363c GetCurrentThreadId
0x613648 VirtualQuery
0x61364c WideCharToMultiByte
0x613650 MultiByteToWideChar
0x613654 lstrlenA
0x613658 lstrcpynA
0x61365c LoadLibraryExA
0x613660 GetThreadLocale
0x613664 GetStartupInfoA
0x613668 GetModuleHandleA
0x61366c GetModuleFileNameA
0x613670 GetLocaleInfoA
0x613674 GetCommandLineA
0x613678 FreeLibrary
0x61367c FindFirstFileA
0x613680 FindClose
0x613684 ExitProcess
0x613688 WriteFile
0x613690 RtlUnwind
0x613694 RaiseException
0x613698 GetStdHandle
0x61369c TlsSetValue
0x6136a0 TlsGetValue
0x6136a4 lstrcpyA
0x6136a8 lstrcmpA
0x6136b0 WaitForSingleObject
0x6136b4 Sleep
0x6136b8 SizeofResource
0x6136bc SetThreadLocale
0x6136c0 SetLastError
0x6136c4 SetFilePointer
0x6136c8 SetFileAttributesA
0x6136cc SetEvent
0x6136d0 SetErrorMode
0x6136d4 SetEndOfFile
0x6136d8 ResetEvent
0x6136dc ReadFile
0x6136e8 MulDiv
0x6136ec LockResource
0x6136f0 LoadResource
0x6136f4 GlobalUnlock
0x6136f8 GlobalSize
0x6136fc GlobalReAlloc
0x613700 GlobalHandle
0x613704 GlobalLock
0x613708 GlobalFree
0x61370c GlobalFindAtomA
0x613710 GlobalDeleteAtom
0x613714 GlobalAlloc
0x613718 GlobalAddAtomA
0x613720 GetVersionExA
0x613724 GetUserDefaultLCID
0x61372c GetTickCount
0x613730 GetTempPathA
0x613734 GetTempFileNameA
0x613738 GetSystemInfo
0x61373c GetStringTypeExA
0x613744 GetLocalTime
0x613748 GetLastError
0x61374c GetFullPathNameA
0x613750 GetFileAttributesA
0x613754 GetDiskFreeSpaceA
0x613758 GetDateFormatA
0x61375c GetCurrentProcessId
0x613760 GetComputerNameA
0x613764 GetCPInfo
0x613768 GetACP
0x61376c FreeResource
0x613770 InterlockedExchange
0x613774 FormatMessageA
0x613778 FindResourceA
0x613788 EnumCalendarInfoA
0x61378c DeleteFileA
0x613790 CreateThread
0x613794 CreateProcessA
0x613798 CreateMutexA
0x61379c CreateFileA
0x6137a0 CreateEventA
0x6137a4 CopyFileA
0x6137a8 CompareStringA
0x6137ac CloseHandle
0x6137b0 QueueUserWorkItem
0x6137b8 BackupSeek
0x6137bc _lwrite
0x6137c0 GetConsoleTitleA
0x6137c4 SwitchToFiber
0x6137cc IsBadHugeReadPtr
0x6137d4 SetHandleCount
0x6137d8 HeapReAlloc
0x6137e0 Beep
0x6137e4 GetCurrentThread
0x6137e8 ReadProcessMemory
0x6137ec CreateTapePartition
0x6137f0 DefineDosDeviceA
0x6137f4 SetFileTime
0x6137f8 RemoveDirectoryW
0x613800 _llseek
0x613810 GetSystemDirectoryW
0x613814 GetComputerNameExW
0x613818 SetLocaleInfoA
0x61381c EnumUILanguagesA
0x613820 DeleteFileW
0x613824 CompareFileTime
0x61382c GetSystemTime
0x613838 TlsAlloc
0x61383c TlsFree
0x613840 GetFullPathNameW
0x613844 Module32NextW
0x613848 Module32FirstW
0x61384c SetFileAttributesW
0x613850 FindNextFileW
0x613854 FindFirstFileW
0x613858 MoveFileExW
0x61385c MoveFileW
0x613864 LoadLibraryExW
0x61386c GetFileSize
0x613870 CreateEventW
0x613878 lstrcmpiW
0x613880 lstrlenW
0x613884 lstrcpyW
0x613890 ReleaseMutex
0x613894 TerminateThread
0x613898 GetExitCodeProcess
0x61389c DeviceIoControl
0x6138a0 GetProcessTimes
0x6138a4 AreFileApisANSI
0x6138a8 GetExitCodeThread
0x6138ac CopyFileW
0x6138b4 VirtualQueryEx
0x6138b8 ResumeThread
0x6138bc WriteProcessMemory
0x6138c0 VirtualProtectEx
0x6138c4 VirtualAllocEx
0x6138c8 VirtualProtect
0x6138cc SetThreadContext
0x6138d0 GetThreadContext
0x6138d4 SuspendThread
0x6138d8 UnmapViewOfFile
0x6138dc MapViewOfFile
0x6138e0 CreateFileMappingW
0x6138e4 OpenProcess
0x6138ec QueryDosDeviceW
0x6138f0 CreateProcessW
0x6138f8 CreateMutexW
0x613900 CreateDirectoryW
0x613904 GetCurrentProcess
0x613908 CreateRemoteThread
0x61390c GetTempPathW
0x613914 DeleteAtom
0x613918 FindAtomW
0x61391c AddAtomW
0x613920 GetAtomNameW
0x613924 FormatMessageW
0x613928 GetFileSizeEx
0x61392c SetFilePointerEx
0x613934 lstrcmpiA
0x61393c CompareStringW
0x613940 SetStdHandle
0x613944 WriteConsoleW
0x613948 GetConsoleOutputCP
0x61394c WriteConsoleA
0x613950 GetLocaleInfoW
0x613954 GetStringTypeA
0x613958 IsValidLocale
0x61395c EnumSystemLocalesA
0x613960 FlushFileBuffers
0x613964 GetFileType
0x613968 GetCommandLineW
0x613974 GetConsoleMode
0x613978 GetConsoleCP
0x613980 GetTimeFormatA
0x613984 FatalAppExitA
0x613988 HeapCreate
0x61398c GetDriveTypeW
0x613990 Process32FirstW
0x613994 Process32NextW
0x613998 FreeConsole
0x61399c GetModuleFileNameW
0x6139a4 GetVersionExW
0x6139a8 FindResourceExW
0x6139ac FindResourceW
0x6139b0 IsValidCodePage
0x6139b4 GetOEMCP
0x6139b8 GetStringTypeW
0x6139bc LCMapStringW
0x6139c0 LCMapStringA
0x6139c4 GetStartupInfoW
0x6139c8 ExitThread
0x6139d0 IsDebuggerPresent
0x6139dc GetProcessHeap
0x6139e0 HeapSize
0x6139e4 HeapFree
0x6139e8 HeapAlloc
0x6139ec HeapDestroy
0x6139f0 OutputDebugStringW
0x6139fc GetFileAttributesW
0x613a00 GetComputerNameW
0x613a08 TerminateProcess
0x613a0c OpenMutexW
0x613a10 GetBinaryTypeW
0x613a1c CreateFileW
0x613a20 OpenThread
Library USER32.dll:
0x613a2c LoadIconA
0x613a30 IsIconic
0x613a34 ShowCaret
0x613a38 IsCharUpperA
0x613a3c GetDlgCtrlID
0x613a40 DestroyWindow
0x613a44 VkKeyScanW
0x613a48 GetCaretBlinkTime
0x613a4c InSendMessage
0x613a50 GetAsyncKeyState
0x613a54 GetQueueStatus
0x613a58 DrawMenuBar
0x613a5c GetMessagePos
0x613a60 IsMenu
0x613a64 CharUpperW
0x613a68 GetActiveWindow
0x613a6c AnyPopup
0x613a70 ReleaseCapture
0x613a74 OemKeyScan
0x613a78 LoadCursorFromFileW
0x613a7c GetMessageExtraInfo
0x613a80 CharNextA
0x613a84 IsCharAlphaW
0x613a88 GetDesktopWindow
0x613a90 CreateMenu
0x613a94 GetTopWindow
0x613a98 VkKeyScanA
0x613a9c IsWindow
0x613aa0 GetClipboardOwner
0x613aa4 IsWindowVisible
0x613aa8 GetInputState
0x613aac GetMenuItemCount
0x613ab0 GetSystemMetrics
0x613ab4 GetThreadDesktop
0x613ab8 CharLowerW
0x613ac0 GetMenu
0x613ac4 GetKeyState
0x613ac8 CloseDesktop
0x613acc IsCharAlphaA
0x613ad0 GetDialogBaseUnits
0x613ad8 WindowFromDC
0x613adc GetLastActivePopup
0x613ae0 GetParent
0x613ae4 GetKeyboardType
0x613ae8 GetWindowDC
0x613aec DestroyMenu
0x613af0 GetForegroundWindow
0x613af4 IsWindowEnabled
0x613af8 CharUpperA
0x613afc LoadCursorFromFileA
0x613b00 GetClipboardData
0x613b04 DestroyCursor
0x613b08 CharNextW
0x613b0c GetSysColorBrush
0x613b10 GetDC
0x613b18 CloseClipboard
0x613b1c PaintDesktop
0x613b20 GetSysColor
0x613b24 GetDoubleClickTime
0x613b28 DestroyIcon
0x613b2c GetMessageTime
0x613b30 IsCharAlphaNumericA
0x613b34 CloseWindow
0x613b38 IsCharUpperW
0x613b40 GetKeyboardLayout
0x613b48 CloseWindowStation
0x613b4c IsCharLowerW
0x613b50 IsCharLowerA
0x613b58 GetListBoxInfo
0x613b5c GetCursor
0x613b64 GetFocus
0x613b68 CharLowerA
0x613b6c EndMenu
0x613b70 OpenIcon
0x613b74 GetKBCodePage
0x613b78 IsCharAlphaNumericW
0x613b80 IsWindowUnicode
0x613b84 GetShellWindow
0x613b8c IsGUIThread
0x613b90 CreatePopupMenu
0x613b98 GetClipboardViewer
0x613b9c GetCapture
0x613ba0 LoadStringA
0x613ba4 MessageBoxA
0x613ba8 CreateWindowExA
0x613bac WindowFromPoint
0x613bb0 WinHelpA
0x613bb4 WaitMessage
0x613bb8 UpdateWindow
0x613bbc UnregisterClassA
0x613bc0 UnhookWindowsHookEx
0x613bc4 TranslateMessage
0x613bcc TrackPopupMenu
0x613bd4 ShowWindow
0x613bd8 ShowScrollBar
0x613bdc ShowOwnedPopups
0x613be0 ShowCursor
0x613be4 SetWindowRgn
0x613be8 SetWindowsHookExA
0x613bec SetWindowTextA
0x613bf0 SetWindowPos
0x613bf4 SetWindowPlacement
0x613bf8 SetWindowLongA
0x613bfc SetTimer
0x613c00 SetScrollRange
0x613c04 SetScrollPos
0x613c08 SetScrollInfo
0x613c0c SetRect
0x613c10 SetPropA
0x613c14 SetParent
0x613c18 SetMenuItemInfoA
0x613c1c SetMenu
0x613c20 SetForegroundWindow
0x613c24 SetFocus
0x613c28 SetCursor
0x613c2c SetClassLongA
0x613c30 SetCapture
0x613c34 SetActiveWindow
0x613c38 SendMessageA
0x613c3c ScrollWindow
0x613c40 ScreenToClient
0x613c44 RemovePropA
0x613c48 RemoveMenu
0x613c4c ReleaseDC
0x613c58 RegisterClassA
0x613c5c RedrawWindow
0x613c60 PtInRect
0x613c64 PostQuitMessage
0x613c68 PostMessageA
0x613c6c PeekMessageA
0x613c70 OffsetRect
0x613c74 OemToCharA
0x613c78 MapWindowPoints
0x613c7c MapVirtualKeyA
0x613c80 LoadKeyboardLayoutA
0x613c84 LoadCursorA
0x613c88 LoadBitmapA
0x613c8c KillTimer
0x613c90 IsZoomed
0x613c94 IsRectEmpty
0x613c98 IsDialogMessageA
0x613c9c IsChild
0x613ca0 InvalidateRect
0x613ca4 IntersectRect
0x613ca8 InsertMenuItemA
0x613cac InsertMenuA
0x613cb0 InflateRect
0x613cb8 GetWindowTextA
0x613cbc GetWindowRect
0x613cc0 GetWindowPlacement
0x613cc4 GetWindowLongA
0x613cc8 GetSystemMenu
0x613ccc GetSubMenu
0x613cd0 GetScrollRange
0x613cd4 GetScrollPos
0x613cd8 GetScrollInfo
0x613cdc GetPropA
0x613ce0 GetWindow
0x613ce4 GetMenuStringA
0x613ce8 GetMenuState
0x613cec GetMenuItemInfoA
0x613cf0 GetMenuItemID
0x613cf4 GetKeyboardState
0x613cfc GetKeyNameTextA
0x613d00 GetIconInfo
0x613d04 GetDlgItem
0x613d08 GetDCEx
0x613d0c GetCursorPos
0x613d10 GetClientRect
0x613d14 GetClassNameA
0x613d18 GetClassInfoA
0x613d1c FrameRect
0x613d20 FindWindowA
0x613d24 FillRect
0x613d28 EqualRect
0x613d2c EnumWindows
0x613d30 EnumThreadWindows
0x613d34 EndPaint
0x613d38 EndDeferWindowPos
0x613d3c EnableWindow
0x613d40 EnableScrollBar
0x613d44 EnableMenuItem
0x613d48 DrawTextA
0x613d4c DrawIconEx
0x613d50 DrawIcon
0x613d54 DrawFrameControl
0x613d58 DrawFocusRect
0x613d5c DrawEdge
0x613d60 DispatchMessageA
0x613d64 DeleteMenu
0x613d68 DeferWindowPos
0x613d6c DefWindowProcA
0x613d70 DefMDIChildProcA
0x613d74 DefFrameProcA
0x613d78 CreateIcon
0x613d7c ClientToScreen
0x613d84 CheckMenuItem
0x613d88 CallWindowProcA
0x613d8c CallNextHookEx
0x613d90 BeginPaint
0x613d94 BeginDeferWindowPos
0x613d98 CharLowerBuffA
0x613d9c CharUpperBuffA
0x613da0 CharToOemA
0x613da4 AdjustWindowRectEx
0x613dac CheckMenuRadioItem
0x613db0 WinHelpW
0x613db4 SetClassLongW
0x613db8 DdeConnect
0x613dbc EndDialog
0x613dc0 EnumPropsW
0x613dc4 DrawAnimatedRects
0x613dc8 CascadeChildWindows
0x613dcc GetAncestor
0x613dd4 MessageBoxIndirectW
0x613dd8 DdeSetUserHandle
0x613ddc SetWindowsHookA
0x613de0 MessageBoxExA
0x613de4 GetClassLongA
0x613de8 GetDlgItemInt
0x613df0 GetMonitorInfoW
0x613df4 MonitorFromPoint
0x613df8 AttachThreadInput
0x613e00 keybd_event
0x613e04 FindWindowW
0x613e08 LoadIconW
0x613e0c LoadStringW
0x613e10 RegisterClassExW
0x613e14 LoadCursorW
0x613e18 GetClassInfoExW
0x613e1c CreateWindowExW
0x613e20 PeekMessageW
0x613e24 GetMessageW
0x613e28 DispatchMessageW
0x613e2c CreateDialogParamW
0x613e30 GetClassInfoW
0x613e34 RegisterClassW
0x613e38 ExitWindowsEx
0x613e3c SendMessageTimeoutW
0x613e40 LoadImageW
0x613e44 MonitorFromWindow
0x613e48 IsDialogMessageW
0x613e4c CallWindowProcW
0x613e50 SetWindowLongW
0x613e54 PostThreadMessageW
0x613e58 DefWindowProcW
0x613e5c PostMessageW
0x613e60 WaitForInputIdle
0x613e64 MessageBoxW
0x613e68 SendMessageW
0x613e6c GetWindowLongW
0x613e70 MonitorFromRect
Library GDI32.dll:
0x613e78 GetSystemPaletteUse
0x613e7c AddFontResourceA
0x613e80 CancelDC
0x613e84 EndDoc
0x613e88 GetEnhMetaFileW
0x613e8c CloseFigure
0x613e90 GetBkMode
0x613e94 AbortDoc
0x613e98 UpdateColors
0x613e9c RealizePalette
0x613ea4 DeleteEnhMetaFile
0x613ea8 FlattenPath
0x613eac SwapBuffers
0x613eb0 CreateMetaFileA
0x613eb4 GdiFlush
0x613eb8 GetROP2
0x613ebc DeleteObject
0x613ec0 GetObjectType
0x613ec4 UnrealizeObject
0x613ec8 DeleteDC
0x613ecc GetStockObject
0x613ed0 DeleteColorSpace
0x613ed4 GetTextCharset
0x613ed8 AddFontResourceW
0x613edc CloseEnhMetaFile
0x613ee0 GetLayout
0x613ee4 GetTextColor
0x613ee8 SaveDC
0x613eec StrokePath
0x613ef0 AbortPath
0x613ef4 GetGraphicsMode
0x613ef8 GetPixelFormat
0x613efc SetMetaRgn
0x613f00 CreateCompatibleDC
0x613f04 GetDCPenColor
0x613f08 CreateSolidBrush
0x613f0c WidenPath
0x613f10 GetMapMode
0x613f14 GetPolyFillMode
0x613f18 CreatePatternBrush
0x613f1c EndPath
0x613f20 GetFontLanguageInfo
0x613f24 DeleteMetaFile
0x613f28 PathToRegion
0x613f2c GetTextAlign
0x613f30 BeginPath
0x613f34 EndPage
0x613f38 GetEnhMetaFileA
0x613f40 GetColorSpace
0x613f44 GetStretchBltMode
0x613f48 GetDCBrushColor
0x613f4c GetBkColor
0x613f50 CloseMetaFile
0x613f54 CreateMetaFileW
0x613f58 GdiGetBatchLimit
0x613f5c FillPath
0x613f60 StretchBlt
0x613f64 SetWindowOrgEx
0x613f68 SetWinMetaFileBits
0x613f6c SetViewportOrgEx
0x613f70 SetTextColor
0x613f74 SetStretchBltMode
0x613f78 SetROP2
0x613f7c SetPixel
0x613f80 SetMapMode
0x613f84 SetEnhMetaFileBits
0x613f88 SetDIBColorTable
0x613f8c SetBrushOrgEx
0x613f90 SetBkMode
0x613f94 SetBkColor
0x613f98 SelectPalette
0x613f9c SelectObject
0x613fa0 SelectClipRgn
0x613fa4 RoundRect
0x613fa8 RestoreDC
0x613fac Rectangle
0x613fb0 RectVisible
0x613fb4 Polyline
0x613fb8 PlayEnhMetaFile
0x613fbc PatBlt
0x613fc0 MoveToEx
0x613fc4 MaskBlt
0x613fc8 LineTo
0x613fcc LPtoDP
0x613fd0 IntersectClipRect
0x613fd4 GetWindowOrgEx
0x613fd8 GetWinMetaFileBits
0x613fdc GetTextMetricsA
0x613fe8 GetRgnBox
0x613fec GetPixel
0x613ff0 GetPaletteEntries
0x613ff4 GetObjectA
0x614004 GetEnhMetaFileBits
0x614008 GetDeviceCaps
0x61400c GetDIBits
0x614010 GetDIBColorTable
0x614014 GetDCOrgEx
0x61401c GetClipBox
0x614020 GetBrushOrgEx
0x614024 GetBitmapBits
0x614028 ExtTextOutA
0x61402c ExcludeClipRect
0x614030 Ellipse
0x614034 CreateRectRgn
0x614038 CreatePenIndirect
0x61403c CreatePalette
0x614040 CreateFontIndirectA
0x614044 CreateEnhMetaFileA
0x614048 CreateDIBitmap
0x61404c CreateDIBSection
0x614054 CreateBrushIndirect
0x614058 CreateBitmap
0x61405c CopyEnhMetaFileA
0x614060 CombineRgn
0x614064 BitBlt
0x614068 GdiEntry2
0x61406c GdiGetSpoolMessage
0x614070 SetPixelFormat
0x614074 PolyBezierTo
0x614078 GetDeviceGammaRamp
0x614080 FloodFill
0x614084 SetRectRgn
0x614088 EnumFontsA
0x61408c GetStringBitmapA
0x614090 CreateFontA
0x614098 GetViewportExtEx
0x61409c DPtoLP
0x6140a0 GetMetaFileA
0x6140a4 ScaleWindowExtEx
0x6140ac GdiResetDCEMF
0x6140b4 GetCharWidthInfo
0x6140b8 gdiPlaySpoolStream
0x6140c0 EngCopyBits
0x6140c4 GetCharWidthFloatA
0x6140c8 GdiIsMetaPrintDC
0x6140cc GdiSetAttrs
0x6140d4 EngStretchBltROP
0x6140dc ResizePalette
0x6140e0 CreatePolygonRgn
Library COMDLG32.dll:
0x6140e8 GetSaveFileNameA
0x6140ec GetOpenFileNameA
Library ADVAPI32.dll:
0x6140f4 RegQueryValueExA
0x6140f8 RegOpenKeyExA
0x6140fc RegCloseKey
0x614100 RegSetValueExA
0x614104 RegEnumValueA
0x614108 RegDeleteValueA
0x61410c RegCreateKeyExA
0x614110 RegSetValueExW
0x614114 GetUserNameW
0x614118 RegQueryInfoKeyW
0x61411c RegEnumKeyExW
0x614120 RegDeleteKeyW
0x614134 RegDeleteValueW
0x614138 RegCreateKeyA
0x61413c RegCreateKeyExW
0x614140 GetSidSubAuthority
0x614144 DuplicateTokenEx
0x61414c GetLengthSid
0x614150 SetTokenInformation
0x614158 OpenProcessToken
0x61415c GetTokenInformation
0x614160 RegOpenKeyExW
0x614164 RegQueryValueExW
0x614168 RegEnumValueW
0x61416c RegCreateKeyW
0x614170 RegOpenKeyW
0x614174 LookupAccountSidW
0x614178 RegLoadKeyW
0x61417c RegUnLoadKeyW
0x614188 EqualSid
0x614190 FreeSid
0x614198 SetEntriesInAclW
0x6141a0 RegEnumKeyExA
Library SHELL32.dll:
0x6141a8 ShellExecuteA
0x6141ac DragQueryFileAorW
0x6141b0 DoEnvironmentSubstW
0x6141b4 SHAddToRecentDocs
0x6141b8 DragQueryFileW
0x6141c0 SHFileOperationW
0x6141c8 SHQueryRecycleBinW
0x6141cc SHBrowseForFolderA
0x6141d0 SHFileOperation
0x6141d4 SHFormatDrive
0x6141d8 SHGetFolderPathW
0x6141dc ShellExecuteExW
0x6141e0 ShellExecuteW
0x6141e4 Shell_NotifyIconW
0x6141e8 SHBrowseForFolderW
0x6141f0 ExtractIconExW
Library ole32.dll:
0x6141fc CoTaskMemFree
0x614200 StringFromCLSID
0x614208 IsAccelerator
0x61420c OleDraw
0x614214 CoTaskMemAlloc
0x614218 CoCreateGuid
0x61421c ProgIDFromCLSID
0x614220 CoCreateInstance
0x614228 CoGetClassObject
0x61422c CoUninitialize
0x614230 CoInitialize
0x614234 IsEqualGUID
0x614238 CLSIDFromString
0x61423c CoTaskMemRealloc
0x614240 CoSetProxyBlanket
0x614244 CoInitializeEx
Library SHLWAPI.dll:
0x61424c StrChrIW
0x614250 StrChrW
0x614254 PathRemoveFileSpecW
0x614258 PathFindExtensionW
0x61425c SHSetValueW
0x614260 StrCmpW
0x614264 PathUnquoteSpacesW
0x614268 PathFindFileNameW
0x61426c PathFileExistsW
0x614270 PathIsDirectoryW
0x614274 SHGetValueW
0x614278 PathAddBackslashW
0x61427c SHSetValueA
0x614280 wnsprintfW
0x614288 PathAppendW
0x61428c StrCmpIW
0x614290 SHGetValueA
0x614294 SHDeleteValueA
0x614298 StrStrIW
0x61429c PathStripPathW
0x6142a0 StrCmpNIW
0x6142a4 PathStripToRootW
0x6142a8 PathCombineW
0x6142ac StrToIntExW
Library COMCTL32.dll:
0x6142bc ImageList_Write
0x6142c0 ImageList_Read
0x6142d0 ImageList_DragMove
0x6142d4 ImageList_DragLeave
0x6142d8 ImageList_DragEnter
0x6142dc ImageList_EndDrag
0x6142e0 ImageList_BeginDrag
0x6142e4 ImageList_GetIcon
0x6142e8 ImageList_Remove
0x6142ec ImageList_DrawEx
0x6142f0 ImageList_Draw
0x614300 ImageList_Add
0x614308 ImageList_Destroy
0x61430c ImageList_Create
0x614310

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 50534 114.114.114.114 53
192.168.56.101 51963 114.114.114.114 53
192.168.56.101 56539 114.114.114.114 53
192.168.56.101 65004 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 49235 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 60123 224.0.0.252 5355
192.168.56.101 62191 224.0.0.252 5355
192.168.56.101 1900 239.255.255.250 1900
192.168.56.101 50535 239.255.255.250 3702
192.168.56.101 56540 239.255.255.250 3702
192.168.56.101 56807 239.255.255.250 1900
192.168.56.101 58707 239.255.255.250 3702

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.