6.6
高危
54 个模型检测该样本为恶意!
重新分析
更多

029cf87c566ded9177226d383ee45a46c3127f9ffd463acffc1b0a4be0a91682

b05741e9228b7dcbde878826bfa7ea12.exe

分析耗时

82s

最近分析

文件大小

744.0KB
静态报毒 动态报毒 ADZWO AI SCORE=82 BUMMZ2 CLOUD ELDORADO EMOTET EMOTETGTA EMOTETU GCNN GENCIRC GENETIC HFTE HGIASOUA HIGH CONFIDENCE HUSVQD IGENT KRYPTIK R + TROJ R349263 SCORE SUSGEN UNSAFE UY0@AC@6V4LI UY0@BC@6V4LI ZEXTET 更多
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
Alibaba Trojan:Win32/Emotet.e30d4379 20190527 0.3.0.5
CrowdStrike 20210203 1.0
Avast Win32:Trojan-gen 20210309 21.1.5827.0
Tencent Malware.Win32.Gencirc.10cdf57f 20210309 1.0.0.1
Baidu 20190318 1.0.0.2
Kingsoft 20210309 2017.9.26.565
McAfee Emotet-FRW!B05741E9228B 20210309 6.0.6.653
静态指标
Queries for the computername (1 个事件)
Time & API Arguments Status Return Repeated
1620904775.984876
GetComputerNameA
computer_name: OSKAR-PC
success 1 0
Uses Windows APIs to generate a cryptographic key (3 个事件)
Time & API Arguments Status Return Repeated
1620904764.968876
CryptGenKey
crypto_handle: 0x0060d678
algorithm_identifier: 0x0000660e ()
provider_handle: 0x00545d58
flags: 1
key: fÆÈvŽJQŽåñЄÎ:K÷
success 1 0
1620904775.999876
CryptExportKey
crypto_handle: 0x0060d678
crypto_export_handle: 0x00545e20
buffer: f¤3.žA 4:¶¥¸– M‡iªÙMø1C,½ƒT¨EKH´­ú§ë>9KA×tv 3xî{m‰”.‘‘‚2Gæ‹÷š‰ë[%P]ju·#QŒŸ§uÚ¢ŒõäF3
blob_type: 1
flags: 64
success 1 0
1620904810.749876
CryptExportKey
crypto_handle: 0x0060d678
crypto_export_handle: 0x00545e20
buffer: f¤a?±ûè¦:Ú¥…ÚþÃU>Œ¯~k˜ T¬³Ô/&wðÓhºX€Ñ_FFça}vä¥4¶ðÎk+µM¹ X«xpq”r]}ÿ«BCu²ÿ/ØkU°Þöñ^êH
blob_type: 1
flags: 64
success 1 0
The executable contains unknown PE section names indicative of a packer (could be a false positive) (1 个事件)
section .didat
行为判定
动态指标
Allocates read-write-execute memory (usually to unpack itself) (1 个事件)
Time & API Arguments Status Return Repeated
1620904764.249876
NtAllocateVirtualMemory
process_identifier: 2056
region_size: 36864
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x006e0000
success 0 0
Searches running processes potentially to identify processes for sandbox evasion, code injection or memory dumping (1 个事件)
Checks adapter addresses which can be used to detect virtual network interfaces (1 个事件)
Time & API Arguments Status Return Repeated
1620904776.562876
GetAdaptersAddresses
flags: 0
family: 0
failed 111 0
Expresses interest in specific running processes (1 个事件)
process b05741e9228b7dcbde878826bfa7ea12.exe
Reads the systems User Agent and subsequently performs requests (1 个事件)
Time & API Arguments Status Return Repeated
1620904776.156876
InternetOpenW
proxy_bypass:
access_type: 0
proxy_name:
flags: 0
user_agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
success 13369348 0
网络通信
Communicates with host for which no DNS query was performed (3 个事件)
host 107.5.122.110
host 172.217.24.14
host 199.101.86.6
Sets or modifies WPAD proxy autoconfiguration file for traffic interception (8 个事件)
Time & API Arguments Status Return Repeated
1620904779.156876
RegSetValueExA
key_handle: 0x000003cc
value: 1
regkey_r: WpadDecisionReason
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionReason
success 0 0
1620904779.156876
RegSetValueExA
key_handle: 0x000003cc
value: @õ~FäG×
regkey_r: WpadDecisionTime
reg_type: 3 (REG_BINARY)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionTime
success 0 0
1620904779.156876
RegSetValueExA
key_handle: 0x000003cc
value: 3
regkey_r: WpadDecision
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecision
success 0 0
1620904779.156876
RegSetValueExW
key_handle: 0x000003cc
value: 网络 2
regkey_r: WpadNetworkName
reg_type: 1 (REG_SZ)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadNetworkName
success 0 0
1620904779.156876
RegSetValueExA
key_handle: 0x000003e4
value: 1
regkey_r: WpadDecisionReason
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionReason
success 0 0
1620904779.156876
RegSetValueExA
key_handle: 0x000003e4
value: @õ~FäG×
regkey_r: WpadDecisionTime
reg_type: 3 (REG_BINARY)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionTime
success 0 0
1620904779.156876
RegSetValueExA
key_handle: 0x000003e4
value: 3
regkey_r: WpadDecision
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecision
success 0 0
1620904779.187876
RegSetValueExW
key_handle: 0x000003c8
value: {40112ABE-63B3-43C3-BE93-1440EE3AF106}
regkey_r: WpadLastNetwork
reg_type: 1 (REG_SZ)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\WpadLastNetwork
success 0 0
File has been identified by 54 AntiVirus engines on VirusTotal as malicious (50 out of 54 个事件)
Bkav W32.EmotetGTA.Trojan
Elastic malicious (high confidence)
DrWeb Trojan.Emotet.1005
MicroWorld-eScan Trojan.EmotetU.Gen.Uy0@bC@6v4li
FireEye Generic.mg.b05741e9228b7dcb
ALYac Trojan.EmotetU.Gen.Uy0@bC@6v4li
Cylance Unsafe
Zillya Trojan.Emotet.Win32.26042
Sangfor Trojan.Win32.Emotet.gcnn
K7AntiVirus Trojan ( 0056d5911 )
Alibaba Trojan:Win32/Emotet.e30d4379
K7GW Trojan ( 0056d5911 )
Arcabit Trojan.EmotetU.Gen.EFD1260
BitDefenderTheta Gen:NN.Zextet.34608.Uy0@aC@6v4li
Cyren W32/Emotet.ARC.gen!Eldorado
Symantec Trojan.Emotet
ESET-NOD32 a variant of Win32/Kryptik.HFTE
APEX Malicious
Avast Win32:Trojan-gen
Kaspersky HEUR:Trojan-Banker.Win32.Emotet.vho
BitDefender Trojan.EmotetU.Gen.Uy0@bC@6v4li
NANO-Antivirus Trojan.Win32.Emotet.husvqd
Paloalto generic.ml
ViRobot Trojan.Win32.Emotet.761856
Tencent Malware.Win32.Gencirc.10cdf57f
Ad-Aware Trojan.EmotetU.Gen.Uy0@bC@6v4li
Sophos Mal/Generic-R + Troj/Emotet-CLV
F-Secure Trojan.TR/AD.Emotet.adzwo
VIPRE Trojan.Win32.Generic!BT
McAfee-GW-Edition BehavesLike.Win32.Emotet.bm
Emsisoft Trojan.Emotet (A)
Webroot W32.Trojan.Gen
Avira TR/AD.Emotet.adzwo
MAX malware (ai score=82)
Antiy-AVL Trojan[Banker]/Win32.Emotet
Gridinsoft Trojan.Win32.Emotet.oa
Microsoft Trojan:Win32/Emotet.PBG!MTB
AegisLab Trojan.Win32.Emotet.L!c
ZoneAlarm HEUR:Trojan-Banker.Win32.Emotet.vho
GData Trojan.EmotetU.Gen.Uy0@bC@6v4li
Cynet Malicious (score: 100)
AhnLab-V3 Trojan/Win32.Emotet.R349263
McAfee Emotet-FRW!B05741E9228B
TACHYON Banker/W32.Emotet.761856.B
Malwarebytes Trojan.Emotet
Rising Trojan.Kryptik!1.CB38 (CLOUD)
Yandex Trojan.Igent.bUmmZ2.14
Ikarus Trojan-Banker.Emotet
Fortinet W32/Emotet.E88D!tr
MaxSecure Trojan.Malware.105981145.susgen
Connects to IP addresses that are no longer responding to requests (legitimate services will remain up-and-running usually) (4 个事件)
dead_host 107.5.122.110:80
dead_host 172.217.24.14:443
dead_host 172.217.160.78:443
dead_host 199.101.86.6:443
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

2020-08-26 00:27:30

Imports

Library KERNEL32.dll:
0x492004 LocalUnlock
0x492008 LocalLock
0x49200c GetTempFileNameA
0x492010 GetDiskFreeSpaceA
0x492014 RtlUnwind
0x492018 HeapAlloc
0x49201c HeapFree
0x492020 VirtualProtect
0x492024 VirtualAlloc
0x492028 GetSystemInfo
0x49202c VirtualQuery
0x492030 GetStartupInfoA
0x492034 GetCommandLineA
0x492038 HeapReAlloc
0x49203c TerminateProcess
0x492040 ExitThread
0x492044 CreateThread
0x492048 HeapSize
0x49204c FatalAppExitA
0x492050 HeapDestroy
0x492054 HeapCreate
0x492058 VirtualFree
0x49205c LCMapStringA
0x492060 LCMapStringW
0x492064 GetStdHandle
0x492068 GetFileTime
0x49207c SetHandleCount
0x492080 GetFileType
0x492088 GetTickCount
0x49208c GetCurrentProcessId
0x492098 GetStringTypeA
0x49209c GetStringTypeW
0x4920a4 IsBadCodePtr
0x4920a8 GetTimeFormatA
0x4920ac GetDateFormatA
0x4920b0 GetUserDefaultLCID
0x4920b4 EnumSystemLocalesA
0x4920b8 IsValidLocale
0x4920bc IsValidCodePage
0x4920c0 SetStdHandle
0x4920c8 GetLocaleInfoW
0x4920d0 GetFileAttributesA
0x4920d4 SetFileAttributesA
0x4920d8 SetFileTime
0x4920e4 SetErrorMode
0x4920e8 GetShortPathNameA
0x4920ec GetFullPathNameA
0x4920f4 FindFirstFileA
0x4920f8 FindClose
0x4920fc DuplicateHandle
0x492100 SetEndOfFile
0x492104 UnlockFile
0x492108 LockFile
0x49210c FlushFileBuffers
0x492110 SetFilePointer
0x492114 WriteFile
0x492118 ReadFile
0x49211c DeleteFileA
0x492120 MoveFileA
0x49213c GetOEMCP
0x492140 GetCPInfo
0x492148 GlobalFlags
0x49214c TlsFree
0x492150 LocalReAlloc
0x492154 TlsSetValue
0x492158 TlsAlloc
0x49215c TlsGetValue
0x492164 GlobalHandle
0x492168 GlobalReAlloc
0x492170 LocalAlloc
0x49217c RaiseException
0x492180 SuspendThread
0x492184 ResumeThread
0x492188 SetThreadPriority
0x49218c GetCurrentThread
0x492190 lstrcmpA
0x492194 GetModuleFileNameA
0x4921a0 lstrcpyA
0x4921a8 GlobalFree
0x4921ac CopyFileA
0x4921b0 MulDiv
0x4921b4 FormatMessageA
0x4921b8 LocalFree
0x4921bc FreeResource
0x4921c0 GlobalGetAtomNameA
0x4921c4 GlobalAddAtomA
0x4921c8 GlobalFindAtomA
0x4921cc GlobalDeleteAtom
0x4921d0 lstrcatA
0x4921d4 lstrcmpW
0x4921d8 lstrcpynA
0x4921dc GetModuleHandleA
0x4921e0 GetProcAddress
0x4921e4 ExitProcess
0x4921e8 IsBadWritePtr
0x4921ec OpenMutexA
0x4921f0 OpenEventA
0x4921f4 CreateEventA
0x4921f8 SetEvent
0x4921fc ReleaseMutex
0x492200 WaitForSingleObject
0x492204 IsBadReadPtr
0x492208 OpenFileMappingA
0x49220c CreateFileA
0x492210 DeviceIoControl
0x492214 GetFileSize
0x492218 CreateFileMappingA
0x49221c MapViewOfFile
0x492220 UnmapViewOfFile
0x492224 CloseHandle
0x492228 FlushViewOfFile
0x492230 LoadLibraryA
0x492234 FreeLibrary
0x492238 WinExec
0x49223c GetStringTypeExW
0x492240 GetStringTypeExA
0x492248 CompareStringW
0x49224c CompareStringA
0x492250 lstrlenA
0x492254 lstrcmpiW
0x492258 lstrlenW
0x49225c lstrcmpiA
0x492260 GetVersion
0x492264 MultiByteToWideChar
0x492268 CreateMutexA
0x49226c SetLastError
0x492270 GetCurrentThreadId
0x492274 GetCurrentProcess
0x492278 GetLastError
0x492280 Sleep
0x492284 GlobalAlloc
0x492288 GlobalLock
0x49228c GlobalSize
0x492290 GlobalUnlock
0x492294 WideCharToMultiByte
0x492298 FindResourceA
0x49229c LoadResource
0x4922a0 LockResource
0x4922a4 SizeofResource
0x4922a8 GetVersionExA
0x4922ac GetThreadLocale
0x4922b0 GetLocaleInfoA
0x4922b4 GetACP
0x4922bc InterlockedExchange
Library USER32.dll:
0x4924e0 UnpackDDElParam
0x4924e4 GetKeyNameTextA
0x4924e8 MapVirtualKeyA
0x4924ec IsRectEmpty
0x4924f0 UnionRect
0x4924f4 SetRect
0x492500 GetDCEx
0x492504 LockWindowUpdate
0x492508 SetParent
0x49250c ReleaseCapture
0x492510 SetCapture
0x492514 GetDialogBaseUnits
0x492518 GetSysColorBrush
0x49251c GetMessageA
0x492520 TranslateMessage
0x492524 ValidateRect
0x492528 ShowOwnedPopups
0x49252c PostQuitMessage
0x492530 DestroyMenu
0x492534 GetMenuItemInfoA
0x492538 GetCursorPos
0x49253c WindowFromPoint
0x492540 GetDesktopWindow
0x492544 GetActiveWindow
0x49254c GetNextDlgTabItem
0x492550 EndDialog
0x492554 SetMenuItemBitmaps
0x492558 ModifyMenuA
0x49255c EnableMenuItem
0x492560 CheckMenuItem
0x492568 LoadBitmapA
0x49256c ScrollWindowEx
0x492570 IsWindowEnabled
0x492574 ShowWindow
0x492578 MoveWindow
0x49257c SetWindowTextA
0x492580 IsDialogMessageA
0x492584 IsDlgButtonChecked
0x492588 SetDlgItemTextA
0x49258c SetDlgItemInt
0x492590 GetDlgItemTextA
0x492594 GetDlgItemInt
0x492598 CheckRadioButton
0x49259c CheckDlgButton
0x4925a0 EndPaint
0x4925a4 BeginPaint
0x4925a8 GetWindowDC
0x4925ac ClientToScreen
0x4925b0 FillRect
0x4925b4 GetMenuState
0x4925b8 GetMenuStringA
0x4925bc InsertMenuA
0x4925c0 RemoveMenu
0x4925c4 WinHelpA
0x4925c8 GetCapture
0x4925cc SetWindowsHookExA
0x4925d0 CallNextHookEx
0x4925d4 GetClassLongA
0x4925d8 GetClassInfoExA
0x4925dc GetClassNameA
0x4925e0 GetPropA
0x4925e4 RemovePropA
0x4925e8 SendDlgItemMessageA
0x4925ec GetFocus
0x4925f0 SetFocus
0x4925f4 IsChild
0x4925fc GetWindowTextA
0x492600 GetForegroundWindow
0x492604 ReuseDDElParam
0x492608 SetActiveWindow
0x49260c DispatchMessageA
0x492610 BeginDeferWindowPos
0x492614 EndDeferWindowPos
0x492618 GetDlgItem
0x49261c GetTopWindow
0x492620 DestroyWindow
0x492624 UnhookWindowsHookEx
0x492628 GetMessageTime
0x49262c PeekMessageA
0x492630 MapWindowPoints
0x492634 ScrollWindow
0x492638 MessageBoxA
0x49263c TrackPopupMenuEx
0x492640 TrackPopupMenu
0x492644 GetKeyState
0x492648 SetScrollRange
0x49264c GetScrollRange
0x492650 SetScrollPos
0x492654 GetScrollPos
0x492658 SetForegroundWindow
0x49265c ShowScrollBar
0x492660 IsWindowVisible
0x492664 UpdateWindow
0x492668 GetMenu
0x49266c PostMessageA
0x492670 GetMenuItemID
0x492674 GetMenuItemCount
0x492678 AdjustWindowRectEx
0x49267c EqualRect
0x492680 DeferWindowPos
0x492684 GetClientRect
0x492688 InvalidateRect
0x49268c EnableWindow
0x492690 TabbedTextOutA
0x492694 DrawTextA
0x492698 DrawTextExA
0x49269c GrayStringA
0x4926a0 GetSysColor
0x4926a4 CloseClipboard
0x4926a8 GetClipboardData
0x4926ac OpenClipboard
0x4926b0 SetClipboardData
0x4926b4 EmptyClipboard
0x4926b8 SendMessageA
0x4926bc GetScrollInfo
0x4926c0 SetScrollInfo
0x4926c4 GetClassInfoA
0x4926c8 RegisterClassA
0x4926cc UnregisterClassA
0x4926d0 SetWindowPlacement
0x4926d4 GetDlgCtrlID
0x4926d8 DefWindowProcA
0x4926dc CallWindowProcA
0x4926e0 GetWindowLongA
0x4926e4 SetWindowPos
0x4926e8 OffsetRect
0x4926ec IntersectRect
0x4926f4 GetWindowPlacement
0x4926f8 CopyRect
0x4926fc GetWindow
0x492700 LoadIconA
0x492704 LoadAcceleratorsA
0x492708 InsertMenuItemA
0x49270c CreatePopupMenu
0x492710 SetRectEmpty
0x492714 BringWindowToTop
0x492718 SetMenu
0x49271c IsIconic
0x492720 GetSystemMenu
0x492724 AppendMenuA
0x492728 DrawIcon
0x49272c CreateWindowExA
0x492730 InSendMessage
0x492734 GetSystemMetrics
0x492738 LoadMenuA
0x49273c GetSubMenu
0x492740 DrawFocusRect
0x492748 SetWindowLongA
0x492750 DestroyIcon
0x492754 DeleteMenu
0x492758 WaitMessage
0x49275c GetLastActivePopup
0x492764 IsWindow
0x492768 wsprintfA
0x492770 GetThreadDesktop
0x492774 CharLowerA
0x492778 CharLowerW
0x49277c CharUpperA
0x492780 CharUpperW
0x492784 SetCursor
0x492788 PtInRect
0x49278c InflateRect
0x492790 GetWindowRect
0x492794 ScreenToClient
0x492798 GetDC
0x49279c ReleaseDC
0x4927a0 RedrawWindow
0x4927a4 SetTimer
0x4927a8 KillTimer
0x4927ac CopyIcon
0x4927b0 DestroyCursor
0x4927b4 MessageBeep
0x4927b8 GetMessagePos
0x4927bc LoadCursorA
0x4927c0 GetParent
0x4927c4 SetPropA
Library GDI32.dll:
0x491e1c PolylineTo
0x491e20 PolyBezierTo
0x491e24 ExtSelectClipRgn
0x491e28 DeleteDC
0x491e30 CreatePatternBrush
0x491e34 CreateBitmap
0x491e38 SelectPalette
0x491e3c PlayMetaFileRecord
0x491e40 GetObjectType
0x491e44 EnumMetaFile
0x491e48 PlayMetaFile
0x491e4c PolyDraw
0x491e50 CreateHatchBrush
0x491e58 SetRectRgn
0x491e5c CombineRgn
0x491e60 PatBlt
0x491e64 StretchDIBits
0x491e68 StartPage
0x491e6c EndPage
0x491e70 SetAbortProc
0x491e74 AbortDoc
0x491e78 EndDoc
0x491e7c ArcTo
0x491e84 ScaleWindowExtEx
0x491e88 SetWindowExtEx
0x491e8c OffsetWindowOrgEx
0x491e90 SetWindowOrgEx
0x491e94 ScaleViewportExtEx
0x491e98 SetViewportExtEx
0x491e9c OffsetViewportOrgEx
0x491ea0 SetViewportOrgEx
0x491ea4 SelectObject
0x491ea8 StartDocA
0x491eac GetPixel
0x491eb0 GetWindowExtEx
0x491eb4 GetViewportExtEx
0x491eb8 OffsetClipRgn
0x491ebc SelectClipPath
0x491ec0 CreateRectRgn
0x491ec4 GetClipRgn
0x491ec8 SelectClipRgn
0x491ecc DeleteObject
0x491ed0 SetColorAdjustment
0x491ed4 SetArcDirection
0x491ed8 SetMapperFlags
0x491ee4 SetTextAlign
0x491ee8 MoveToEx
0x491eec ExtCreatePen
0x491ef0 CreatePen
0x491ef4 IntersectClipRect
0x491ef8 ExcludeClipRect
0x491efc SetMapMode
0x491f00 SetStretchBltMode
0x491f04 SetROP2
0x491f08 SetPolyFillMode
0x491f0c SetBkMode
0x491f10 RestoreDC
0x491f14 SaveDC
0x491f18 CreateDCA
0x491f1c CopyMetaFileA
0x491f20 GetDeviceCaps
0x491f24 SetBkColor
0x491f28 SetTextColor
0x491f2c GetClipBox
0x491f30 GetDCOrgEx
0x491f34 GetCharWidthA
0x491f3c GetStockObject
0x491f40 GetObjectA
0x491f44 CreateFontIndirectA
0x491f48 Escape
0x491f4c ExtTextOutA
0x491f50 TextOutA
0x491f54 RectVisible
0x491f58 PtVisible
0x491f5c GetTextMetricsA
0x491f60 BitBlt
0x491f64 Polygon
0x491f68 LPtoDP
0x491f6c DPtoLP
0x491f70 GetMapMode
0x491f74 GetBkColor
0x491f78 CreateCompatibleDC
0x491f7c CreatePolygonRgn
0x491f84 CreateFontA
0x491f88 CreateSolidBrush
0x491f8c LineTo
Library comdlg32.dll:
0x4928c4 PageSetupDlgA
0x4928c8 FindTextA
0x4928cc ReplaceTextA
0x4928d0 GetOpenFileNameA
0x4928d4 GetSaveFileNameA
0x4928dc PrintDlgA
0x4928e0 GetFileTitleA
Library WINSPOOL.DRV:
0x492888 GetJobA
0x49288c OpenPrinterA
0x492890 DocumentPropertiesA
0x492894 ClosePrinter
Library ADVAPI32.dll:
0x491d40 RegCreateKeyA
0x491d44 GetTokenInformation
0x491d48 OpenProcessToken
0x491d4c RegCloseKey
0x491d50 RegQueryValueA
0x491d54 RegOpenKeyExA
0x491d58 RegSetValueA
0x491d5c RegOpenKeyA
0x491d60 RegQueryValueExA
0x491d64 RegDeleteKeyA
0x491d68 RegEnumKeyA
0x491d6c GetFileSecurityA
0x491d70 SetFileSecurityA
0x491d74 GetUserNameA
0x491d78 RegDeleteValueA
0x491d7c RegSetValueExA
0x491d80 RegCreateKeyExA
Library SHELL32.dll:
0x492458 ExtractIconA
0x49245c SHGetFileInfoA
0x492460 DragFinish
0x492464 DragQueryFileA
0x492468 ShellExecuteA
Library COMCTL32.dll:
0x491dbc
0x491dc0 ImageList_Draw
0x491dc8
0x491dcc ImageList_Read
0x491dd0 ImageList_Write
0x491dd4
0x491dd8 ImageList_Destroy
0x491ddc ImageList_Create
0x491de4 ImageList_Merge
Library SHLWAPI.dll:
0x4924a0 PathFindFileNameA
0x4924a4 PathStripToRootA
0x4924a8 PathFindExtensionA
0x4924ac PathIsUNCA
Library ole32.dll:
0x492914 WriteFmtUserTypeStg
0x492918 WriteClassStg
0x49291c CoTaskMemFree
0x492920 OleRegGetUserType
0x492924 ReadFmtUserTypeStg
0x492928 ReadClassStg
0x49292c StringFromCLSID
0x492930 CoTreatAsClass
0x492934 CreateBindCtx
0x492938 CoTaskMemAlloc
0x49293c ReleaseStgMedium
0x492940 OleDuplicateData
0x492944 CoDisconnectObject
0x492948 CoCreateInstance
0x49294c StringFromGUID2
0x492950 CLSIDFromString
0x492954 SetConvertStg
Library OLEAUT32.dll:
0x492378 VariantClear
0x49237c VariantChangeType
0x492380 VariantInit
0x492384 SysAllocStringLen
0x492388 SysFreeString
0x49238c SysStringLen
0x492394 SysStringByteLen
0x49239c SafeArrayAccessData
0x4923a0 SafeArrayGetUBound
0x4923a4 SafeArrayGetLBound
0x4923ac SafeArrayGetDim
0x4923b0 SafeArrayCreate
0x4923b4 SafeArrayRedim
0x4923b8 VariantCopy
0x4923bc SafeArrayAllocData
0x4923c4 SafeArrayCopy
0x4923c8 SafeArrayGetElement
0x4923cc SafeArrayPtrOfIndex
0x4923d0 SafeArrayPutElement
0x4923d4 SafeArrayLock
0x4923d8 SafeArrayUnlock
0x4923dc SafeArrayDestroy
0x4923f0 SysAllocString
0x4923f4 SysReAllocStringLen
0x4923f8 VarDateFromStr
0x4923fc VarBstrFromDec
0x492400 VarDecFromStr
0x492404 VarCyFromStr
0x492408 VarBstrFromCy
0x49240c VarBstrFromDate

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 51808 114.114.114.114 53
192.168.56.101 53237 114.114.114.114 53
192.168.56.101 53657 114.114.114.114 53
192.168.56.101 58367 114.114.114.114 53
192.168.56.101 63429 114.114.114.114 53
192.168.56.101 63497 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 123 20.189.79.72 time.windows.com 123
192.168.56.101 49235 224.0.0.252 5355
192.168.56.101 49713 224.0.0.252 5355
192.168.56.101 50534 224.0.0.252 5355
192.168.56.101 50568 224.0.0.252 5355
192.168.56.101 51963 224.0.0.252 5355
192.168.56.101 56539 224.0.0.252 5355
192.168.56.101 57874 224.0.0.252 5355
192.168.56.101 60215 224.0.0.252 5355
192.168.56.101 62318 224.0.0.252 5355
192.168.56.101 1900 239.255.255.250 1900
192.168.56.101 56542 239.255.255.250 1900

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.