6.2
高危
55 个模型检测该样本为恶意!
重新分析
更多

2bd30d1ac4a051664730dbfb07a0c2b6ce5ccdcc04d042434ed2c472607158f2

b06031dc60ccd951ba2d4afa2d5c77e0.exe

分析耗时

77s

最近分析

文件大小

620.1KB
静态报毒 动态报毒 AI SCORE=82 ATTRIBUTE BANKERX CLASSIC CONFIDENCE ELDORADO EMOTET EMOTETU GENCIRC HCYH HIGH CONFIDENCE HIGHCONFIDENCE JREYY KCLOUD KRYPTIK KVM003 MALWARE@#12BHCISOCM7CH MY1@ASQNZLKI MY1@BSQNZLKI P7GHELCZQNY R06EC0DIK20 R335113 SCORE SUSGEN UNSAFE ZENPAK ZEXAF 更多
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
McAfee Emotet-FQQ!B06031DC60CC 20201228 6.0.6.653
Alibaba Backdoor:Win32/Emotet.73014586 20190527 0.3.0.5
Baidu 20190318 1.0.0.2
Avast Win32:BankerX-gen [Trj] 20201228 21.1.5827.0
Tencent Malware.Win32.Gencirc.10b9ebe9 20201228 1.0.0.1
Kingsoft Win32.Heur.KVM003.a.(kcloud) 20201228 2017.9.26.565
CrowdStrike win/malicious_confidence_60% (W) 20190702 1.0
静态指标
Queries for the computername (1 个事件)
Time & API Arguments Status Return Repeated
1619861139.974588
GetComputerNameA
computer_name: OSKAR-PC
success 1 0
Uses Windows APIs to generate a cryptographic key (4 个事件)
Time & API Arguments Status Return Repeated
1619861126.302588
CryptGenKey
crypto_handle: 0x0063d778
algorithm_identifier: 0x0000660e ()
provider_handle: 0x00595d58
flags: 1
key: f‚e:w®š¬Š[Ô=ðh~®
success 1 0
1619861140.115588
CryptExportKey
crypto_handle: 0x0063d778
crypto_export_handle: 0x0063d6b8
buffer: f¤x]ܯn•ègæMn]Ç»x(üÂüǺ®3uTÕi˜‚OžkÅÐg¥3?ú¢M¹SyänV< V¥ÖEC„à Ùú ©jߏΑr“Ž¾Ç¾·F©‰žg÷¬þ¯Ç
blob_type: 1
flags: 64
success 1 0
1619861176.302588
CryptExportKey
crypto_handle: 0x0063d778
crypto_export_handle: 0x0063d6b8
buffer: f¤ý|}RÓoѾiZJ½"¥ãA—*à‰Ê>ÈKmՅǑ<ìÝûCY,ÎQóã¿z­ü`âùf+ã4ŒÓÜ8™7&”V.Öð€‹àû­ L¿"m7ýt»ìõxý
blob_type: 1
flags: 64
success 1 0
1619861182.318588
CryptExportKey
crypto_handle: 0x0063d778
crypto_export_handle: 0x0063d6b8
buffer: f¤‡P̄ð ´UŒ‰JŽ_íftežï"‘( þ}<£¤%ºèÑ| zOdڑU¥òՙ׈užÖëp>(ÄûPýÅÒ‚nÉ"g( °JÚìæŠí’ØÔuò”ôØÛîs
blob_type: 1
flags: 64
success 1 0
The executable uses a known packer (1 个事件)
packer Armadillo v1.71
行为判定
动态指标
Allocates read-write-execute memory (usually to unpack itself) (1 个事件)
Time & API Arguments Status Return Repeated
1619861120.427588
NtAllocateVirtualMemory
process_identifier: 284
region_size: 36864
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12289 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00530000
success 0 0
Checks adapter addresses which can be used to detect virtual network interfaces (1 个事件)
Time & API Arguments Status Return Repeated
1619861140.630588
GetAdaptersAddresses
flags: 0
family: 0
failed 111 0
Expresses interest in specific running processes (1 个事件)
process b06031dc60ccd951ba2d4afa2d5c77e0.exe
Reads the systems User Agent and subsequently performs requests (1 个事件)
Time & API Arguments Status Return Repeated
1619861140.333588
InternetOpenW
proxy_bypass:
access_type: 0
proxy_name:
flags: 0
user_agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
success 13369348 0
网络通信
Communicates with host for which no DNS query was performed (4 个事件)
host 101.187.104.105
host 172.217.24.14
host 68.44.137.144
host 82.223.70.24
Sets or modifies WPAD proxy autoconfiguration file for traffic interception (8 个事件)
Time & API Arguments Status Return Repeated
1619861143.208588
RegSetValueExA
key_handle: 0x000003bc
value: 1
regkey_r: WpadDecisionReason
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionReason
success 0 0
1619861143.208588
RegSetValueExA
key_handle: 0x000003bc
value: Àwª$ >×
regkey_r: WpadDecisionTime
reg_type: 3 (REG_BINARY)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionTime
success 0 0
1619861143.208588
RegSetValueExA
key_handle: 0x000003bc
value: 3
regkey_r: WpadDecision
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecision
success 0 0
1619861143.208588
RegSetValueExW
key_handle: 0x000003bc
value: 网络 2
regkey_r: WpadNetworkName
reg_type: 1 (REG_SZ)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadNetworkName
success 0 0
1619861143.208588
RegSetValueExA
key_handle: 0x000003d4
value: 1
regkey_r: WpadDecisionReason
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionReason
success 0 0
1619861143.224588
RegSetValueExA
key_handle: 0x000003d4
value: Àwª$ >×
regkey_r: WpadDecisionTime
reg_type: 3 (REG_BINARY)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionTime
success 0 0
1619861143.224588
RegSetValueExA
key_handle: 0x000003d4
value: 3
regkey_r: WpadDecision
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecision
success 0 0
1619861143.255588
RegSetValueExW
key_handle: 0x000003b8
value: {40112ABE-63B3-43C3-BE93-1440EE3AF106}
regkey_r: WpadLastNetwork
reg_type: 1 (REG_SZ)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\WpadLastNetwork
success 0 0
File has been identified by 55 AntiVirus engines on VirusTotal as malicious (50 out of 55 个事件)
Elastic malicious (high confidence)
MicroWorld-eScan Trojan.EmotetU.Gen.My1@bSQNZLki
FireEye Trojan.EmotetU.Gen.My1@bSQNZLki
CAT-QuickHeal Trojan.Emotet
McAfee Emotet-FQQ!B06031DC60CC
Cylance Unsafe
SUPERAntiSpyware Trojan.Agent/Gen-Emotet
K7AntiVirus Trojan ( 0056581c1 )
Alibaba Backdoor:Win32/Emotet.73014586
K7GW Trojan ( 0056581c1 )
Cybereason malicious.c60ccd
Arcabit Trojan.EmotetU.Gen.EAB68E
Cyren W32/Kryptik.BLQ.gen!Eldorado
Symantec ML.Attribute.HighConfidence
APEX Malicious
Avast Win32:BankerX-gen [Trj]
ClamAV Win.Malware.Emotet-7702429-0
Kaspersky HEUR:Trojan-Banker.Win32.Emotet.gen
BitDefender Trojan.EmotetU.Gen.My1@bSQNZLki
Paloalto generic.ml
Tencent Malware.Win32.Gencirc.10b9ebe9
Ad-Aware Trojan.EmotetU.Gen.My1@bSQNZLki
Sophos Mal/Generic-S
Comodo Malware@#12bhcisocm7ch
F-Secure Trojan.TR/AD.Emotet.jreyy
VIPRE Trojan.Win32.Generic!BT
TrendMicro TROJ_GEN.R06EC0DIK20
McAfee-GW-Edition BehavesLike.Win32.Emotet.jm
Emsisoft Trojan.Emotet (A)
Jiangmin Trojan.Zenpak.bpa
Webroot W32.Trojan.Emotet
Avira TR/AD.Emotet.jreyy
Antiy-AVL Trojan/Win32.Emotet
Kingsoft Win32.Heur.KVM003.a.(kcloud)
Microsoft Trojan:Win32/Emotet.DDZ!MTB
AegisLab Trojan.Multi.Generic.4!c
ZoneAlarm HEUR:Trojan-Banker.Win32.Emotet.gen
GData Trojan.EmotetU.Gen.My1@bSQNZLki
Cynet Malicious (score: 100)
AhnLab-V3 Malware/Win32.RL_Generic.R335113
ALYac Trojan.EmotetU.Gen.My1@bSQNZLki
MAX malware (ai score=82)
Malwarebytes Trojan.Emotet
ESET-NOD32 a variant of Win32/Kryptik.HCYH
TrendMicro-HouseCall TrojanSpy.Win32.EMOTET.SMT.hp
Rising Trojan.Kryptik!1.C89F (CLASSIC)
Yandex Trojan.Kryptik!p7gHeLCzqnY
Ikarus Trojan-Banker.Emotet
MaxSecure Trojan.Malware.97961019.susgen
Fortinet W32/Kryptik.HCYH!tr
Connects to IP addresses that are no longer responding to requests (legitimate services will remain up-and-running usually) (3 个事件)
dead_host 192.168.56.101:49177
dead_host 68.44.137.144:443
dead_host 82.223.70.24:8080
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

2020-04-25 03:54:26

Imports

Library VERSION.dll:
0x480750 VerQueryValueA
0x480758 GetFileVersionInfoA
Library PSAPI.DLL:
Library KERNEL32.dll:
0x47ff80 GlobalSize
0x47ff84 CopyFileA
0x47ff88 RtlUnwind
0x47ff8c GetStartupInfoA
0x47ff90 GetCommandLineA
0x47ff94 ExitProcess
0x47ff98 CreateThread
0x47ff9c ExitThread
0x47ffa0 RaiseException
0x47ffa4 HeapReAlloc
0x47ffa8 HeapSize
0x47ffac GetACP
0x47ffb4 GetSystemTime
0x47ffb8 GetLocalTime
0x47ffbc FatalAppExitA
0x47ffd4 SetHandleCount
0x47ffd8 GetStdHandle
0x47ffdc GetFileType
0x47ffe0 HeapDestroy
0x47ffe4 HeapCreate
0x47ffe8 VirtualFree
0x47ffec VirtualAlloc
0x47fff0 IsBadWritePtr
0x47fff8 LCMapStringA
0x47fffc LCMapStringW
0x480000 GetStringTypeA
0x480004 GetStringTypeW
0x480008 IsBadReadPtr
0x48000c IsBadCodePtr
0x480010 IsValidLocale
0x480014 IsValidCodePage
0x480018 GetLocaleInfoA
0x48001c GetTickCount
0x480020 GetUserDefaultLCID
0x480028 SetStdHandle
0x48002c GetLocaleInfoW
0x480030 CompareStringA
0x480034 CompareStringW
0x48003c LoadLibraryExW
0x480040 Sleep
0x480044 TerminateProcess
0x480048 GetExitCodeProcess
0x48004c OpenProcess
0x480050 GetVersionExA
0x480054 FreeLibrary
0x480058 GetLastError
0x48005c CloseHandle
0x480060 HeapFree
0x480064 GetProcessHeap
0x480068 HeapAlloc
0x48006c GetProcAddress
0x480070 LoadLibraryA
0x480074 GetCurrentThreadId
0x480078 GetCurrentThread
0x48007c lstrcmpiA
0x480080 lstrcmpA
0x480084 GlobalDeleteAtom
0x480088 GlobalAlloc
0x48008c GlobalLock
0x480090 GetModuleFileNameA
0x480094 WaitForSingleObject
0x480098 SetEvent
0x48009c ResumeThread
0x4800a0 SetThreadPriority
0x4800a4 SuspendThread
0x4800a8 CreateEventA
0x4800ac LoadResource
0x4800b0 FindResourceA
0x4800b4 LockResource
0x4800b8 GlobalFree
0x4800bc GlobalUnlock
0x4800c0 lstrlenW
0x4800cc GetShortPathNameA
0x4800d0 GetStringTypeExA
0x4800d4 GetFullPathNameA
0x4800dc DeleteFileA
0x4800e0 MoveFileA
0x4800e4 SetEndOfFile
0x4800e8 UnlockFile
0x4800ec LockFile
0x4800f0 FlushFileBuffers
0x4800f4 SetFilePointer
0x4800f8 WriteFile
0x4800fc ReadFile
0x480100 GetCurrentProcess
0x480104 DuplicateHandle
0x480108 SetErrorMode
0x48010c GetOEMCP
0x480110 GetCPInfo
0x480114 GetThreadLocale
0x480118 SizeofResource
0x48011c GetProfileStringA
0x480120 GetProcessVersion
0x480134 GlobalFlags
0x480138 TlsGetValue
0x48013c LocalReAlloc
0x480140 TlsSetValue
0x480148 GlobalReAlloc
0x480150 TlsFree
0x480154 GlobalHandle
0x48015c TlsAlloc
0x480164 LocalAlloc
0x480168 SetFileAttributesA
0x48016c CreateFileA
0x480170 SetFileTime
0x48017c FindFirstFileA
0x480180 FindClose
0x480184 lstrlenA
0x480188 lstrcpynA
0x48018c GetFileTime
0x480190 GetFileSize
0x480194 GetFileAttributesA
0x480198 MulDiv
0x48019c SetLastError
0x4801a0 FormatMessageA
0x4801a4 LocalFree
0x4801a8 MultiByteToWideChar
0x4801ac WideCharToMultiByte
0x4801b8 GetVersion
0x4801bc lstrcatA
0x4801c0 GlobalGetAtomNameA
0x4801c4 GlobalAddAtomA
0x4801c8 GlobalFindAtomA
0x4801cc lstrcpyA
0x4801d0 GetModuleHandleA
0x4801d4 EnumSystemLocalesA
Library USER32.dll:
0x4803f4 CharUpperA
0x4803f8 SetRectEmpty
0x4803fc LoadAcceleratorsA
0x480404 LoadMenuA
0x480408 SetMenu
0x48040c ReuseDDElParam
0x480410 UnpackDDElParam
0x480414 InvalidateRect
0x480418 BringWindowToTop
0x480420 RemoveMenu
0x480424 PostThreadMessageA
0x480428 DestroyIcon
0x48042c InsertMenuA
0x480430 PtInRect
0x480434 GetClassNameA
0x480438 WindowFromPoint
0x480440 GetDesktopWindow
0x480444 WaitMessage
0x480448 ReleaseCapture
0x48044c SetCapture
0x480450 LoadCursorA
0x480454 GrayStringA
0x480458 DrawTextA
0x48045c TabbedTextOutA
0x480460 EndPaint
0x480464 BeginPaint
0x480468 GetWindowDC
0x48046c ClientToScreen
0x480470 DestroyMenu
0x480474 LoadStringA
0x480478 wvsprintfA
0x48047c OemToCharA
0x480480 CharToOemA
0x480484 ShowWindow
0x480488 MoveWindow
0x48048c SetWindowTextA
0x480490 IsDialogMessageA
0x480494 ScrollWindowEx
0x480498 IsDlgButtonChecked
0x48049c SetDlgItemTextA
0x4804a0 SetDlgItemInt
0x4804a4 GetDlgItemTextA
0x4804a8 GetDlgItemInt
0x4804ac CheckRadioButton
0x4804b0 CheckDlgButton
0x4804b4 UpdateWindow
0x4804b8 SendDlgItemMessageA
0x4804bc MapWindowPoints
0x4804c0 GetSysColor
0x4804c4 SetFocus
0x4804c8 AdjustWindowRectEx
0x4804cc ScreenToClient
0x4804d0 EqualRect
0x4804d4 DeferWindowPos
0x4804d8 MessageBeep
0x4804dc EndDeferWindowPos
0x4804e0 ScrollWindow
0x4804e4 GetScrollInfo
0x4804e8 SetScrollInfo
0x4804ec ShowScrollBar
0x4804f0 GetScrollRange
0x4804f4 SetScrollRange
0x4804f8 GetScrollPos
0x4804fc SetScrollPos
0x480500 GetTopWindow
0x480504 IsChild
0x480508 GetCapture
0x48050c GetClassInfoA
0x480510 RegisterClassA
0x480514 GetMenu
0x480518 GetMenuItemCount
0x48051c GetSubMenu
0x480520 GetMenuItemID
0x480524 TrackPopupMenu
0x480528 SetWindowPlacement
0x48052c GetDialogBaseUnits
0x480530 GetWindowTextA
0x480534 GetDlgCtrlID
0x480538 DefWindowProcA
0x48053c CreateWindowExA
0x480540 GetClassLongA
0x480544 SetPropA
0x480548 UnhookWindowsHookEx
0x48054c GetPropA
0x480550 CallWindowProcA
0x480554 RemovePropA
0x480558 GetMessageTime
0x48055c GetMessagePos
0x480560 GetForegroundWindow
0x480564 SetForegroundWindow
0x480568 SetWindowLongA
0x480570 UnregisterClassA
0x480574 HideCaret
0x480578 ShowCaret
0x48057c ExcludeUpdateRgn
0x480580 DrawFocusRect
0x480584 DefDlgProcA
0x480588 IsWindowUnicode
0x48058c OffsetRect
0x480590 IntersectRect
0x480598 GetWindowPlacement
0x48059c GetWindowRect
0x4805a0 MapDialogRect
0x4805a4 SetWindowPos
0x4805a8 GetWindow
0x4805b0 CopyRect
0x4805b4 GetDC
0x4805b8 ReleaseDC
0x4805bc EndDialog
0x4805c0 SetActiveWindow
0x4805c4 GetNextDlgGroupItem
0x4805c8 SetRect
0x4805d0 CharNextA
0x4805d4 BeginDeferWindowPos
0x4805d8 InflateRect
0x4805dc IsWindow
0x4805e4 DestroyWindow
0x4805e8 GetDlgItem
0x4805f0 LoadBitmapA
0x4805f4 GetMenuState
0x4805f8 ModifyMenuA
0x4805fc SetMenuItemBitmaps
0x480600 CheckMenuItem
0x480604 EnableMenuItem
0x480608 GetFocus
0x48060c GetNextDlgTabItem
0x480610 GetMessageA
0x480614 TranslateMessage
0x480618 DispatchMessageA
0x48061c GetActiveWindow
0x480620 GetKeyState
0x480624 CallNextHookEx
0x480628 ValidateRect
0x48062c IsWindowVisible
0x480630 PeekMessageA
0x480634 GetCursorPos
0x480638 SetWindowsHookExA
0x48063c GetParent
0x480640 GetLastActivePopup
0x480644 IsWindowEnabled
0x480648 GetWindowLongA
0x48064c MessageBoxA
0x480650 SetCursor
0x480654 ShowOwnedPopups
0x480658 PostMessageA
0x48065c wsprintfA
0x480660 EnableWindow
0x480664 IsIconic
0x480668 GetSystemMetrics
0x48066c GetClientRect
0x480670 DrawIcon
0x480674 GetSystemMenu
0x480678 AppendMenuA
0x48067c PostQuitMessage
0x480680 LoadIconA
0x480684 SendMessageA
0x480688 GetMenuStringA
0x48068c GetSysColorBrush
0x480694 DeleteMenu
0x480698 WinHelpA
Library GDI32.dll:
0x47fdc4 SetViewportOrgEx
0x47fdc8 OffsetViewportOrgEx
0x47fdcc SetViewportExtEx
0x47fdd0 ScaleViewportExtEx
0x47fdd4 SetWindowOrgEx
0x47fdd8 OffsetWindowOrgEx
0x47fddc SetWindowExtEx
0x47fde0 ScaleWindowExtEx
0x47fde4 SelectClipRgn
0x47fde8 ExcludeClipRect
0x47fdec IntersectClipRect
0x47fdf0 OffsetClipRgn
0x47fdf4 MoveToEx
0x47fdf8 LineTo
0x47fdfc SetTextAlign
0x47fe08 SetMapperFlags
0x47fe10 ArcTo
0x47fe14 SetArcDirection
0x47fe18 PolyDraw
0x47fe1c PolylineTo
0x47fe20 SetColorAdjustment
0x47fe24 PolyBezierTo
0x47fe28 DeleteObject
0x47fe2c GetClipRgn
0x47fe30 CreateRectRgn
0x47fe34 SelectClipPath
0x47fe38 ExtSelectClipRgn
0x47fe3c SetMapMode
0x47fe40 GetObjectType
0x47fe44 EnumMetaFile
0x47fe48 PlayMetaFile
0x47fe4c GetDeviceCaps
0x47fe50 GetViewportExtEx
0x47fe54 GetWindowExtEx
0x47fe58 CreatePen
0x47fe5c ExtCreatePen
0x47fe60 CreateSolidBrush
0x47fe64 CreateHatchBrush
0x47fe68 CreatePatternBrush
0x47fe70 PtVisible
0x47fe74 RectVisible
0x47fe78 TextOutA
0x47fe7c ExtTextOutA
0x47fe80 Escape
0x47fe88 GetTextMetricsA
0x47fe8c CreateFontIndirectA
0x47fe90 GetMapMode
0x47fe94 SetRectRgn
0x47fe98 CombineRgn
0x47fe9c DPtoLP
0x47fea0 GetTextColor
0x47fea4 GetBkColor
0x47fea8 LPtoDP
0x47feac CopyMetaFileA
0x47feb0 CreateDCA
0x47feb4 SetStretchBltMode
0x47feb8 SetROP2
0x47febc SetPolyFillMode
0x47fec0 SetBkMode
0x47fec4 SelectPalette
0x47fec8 GetStockObject
0x47fecc SelectObject
0x47fed0 RestoreDC
0x47fed4 SaveDC
0x47fed8 StartDocA
0x47fedc DeleteDC
0x47fee0 GetObjectA
0x47fee4 SetBkColor
0x47fee8 SetTextColor
0x47feec GetClipBox
0x47fef0 GetDCOrgEx
0x47fef8 PatBlt
0x47fefc GetTextExtentPointA
0x47ff00 BitBlt
0x47ff04 CreateCompatibleDC
0x47ff08 PlayMetaFileRecord
0x47ff0c CreateDIBitmap
0x47ff10 CreateBitmap
Library comdlg32.dll:
0x4807c0 GetOpenFileNameA
0x4807c4 GetFileTitleA
0x4807c8 GetSaveFileNameA
Library WINSPOOL.DRV:
0x480788 OpenPrinterA
0x48078c DocumentPropertiesA
0x480790 ClosePrinter
Library ADVAPI32.dll:
0x47fd0c RegEnumKeyA
0x47fd10 RegCreateKeyExA
0x47fd14 RegOpenKeyExA
0x47fd18 RegQueryValueExA
0x47fd1c RegSetValueExA
0x47fd20 RegDeleteValueA
0x47fd24 RegDeleteKeyA
0x47fd28 RegOpenKeyA
0x47fd2c RegSetValueA
0x47fd30 RegCreateKeyA
0x47fd34 RegCloseKey
0x47fd38 RegQueryValueA
Library SHELL32.dll:
0x4803b0 DragQueryFileA
0x4803b4 DragFinish
0x4803b8 SHGetFileInfoA
0x4803bc DragAcceptFiles
0x4803c0 ExtractIconA
Library COMCTL32.dll:
0x47fd70
0x47fd74
0x47fd78 ImageList_Destroy
0x47fd7c ImageList_Create
0x47fd84 ImageList_Merge
0x47fd88 ImageList_Read
0x47fd8c ImageList_Write
0x47fd90
Library oledlg.dll:
0x4808bc
Library ole32.dll:
0x4807f8 ReadFmtUserTypeStg
0x4807fc OleRegGetUserType
0x480800 WriteClassStg
0x480804 WriteFmtUserTypeStg
0x480808 SetConvertStg
0x48080c CreateBindCtx
0x480810 OleDuplicateData
0x480818 OleUninitialize
0x48081c OleInitialize
0x480820 OleFlushClipboard
0x480824 ReadClassStg
0x480828 CoCreateInstance
0x48082c CoTaskMemAlloc
0x480830 CoTaskMemFree
0x480840 CoGetClassObject
0x480844 CLSIDFromString
0x480848 CLSIDFromProgID
0x480854 StringFromCLSID
0x480858 CoTreatAsClass
0x48085c ReleaseStgMedium
0x480868 CoRevokeClassObject
0x48086c OleRun
0x480870 OleSetClipboard
0x480874 CoDisconnectObject
Library OLEPRO32.DLL:
0x480350
Library OLEAUT32.dll:
0x48027c LoadTypeLib
0x480280 SysStringLen
0x48028c SafeArrayDestroy
0x480290 SafeArrayUnlock
0x480294 SafeArrayLock
0x480298 SafeArrayPutElement
0x48029c SafeArrayPtrOfIndex
0x4802a0 SafeArrayGetElement
0x4802a8 SafeArrayAllocData
0x4802ac SafeArrayCopy
0x4802b0 VarBstrFromDate
0x4802b4 VarDateFromStr
0x4802b8 VarBstrFromCy
0x4802bc VarCyFromStr
0x4802c0 SysStringByteLen
0x4802c8 SafeArrayRedim
0x4802cc SafeArrayCreate
0x4802d0 SafeArrayGetDim
0x4802d8 SafeArrayGetLBound
0x4802dc SafeArrayGetUBound
0x4802e0 SafeArrayAccessData
0x4802e8 SysAllocString
0x4802ec SysReAllocStringLen
0x4802f0 VariantChangeType
0x4802f4 VariantCopy
0x4802fc VariantClear
0x480300 SysAllocStringLen
0x480304 SysFreeString

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 49235 114.114.114.114 53
192.168.56.101 50534 114.114.114.114 53
192.168.56.101 56539 114.114.114.114 53
192.168.56.101 58367 114.114.114.114 53
192.168.56.101 65004 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 123 20.189.79.72 time.windows.com 123
192.168.56.101 53657 224.0.0.252 5355
192.168.56.101 55368 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 60123 224.0.0.252 5355
192.168.56.101 62191 224.0.0.252 5355
192.168.56.101 1900 239.255.255.250 1900
192.168.56.101 56540 239.255.255.250 3702
192.168.56.101 56807 239.255.255.250 1900
192.168.56.101 58368 239.255.255.250 3702
192.168.56.101 58370 239.255.255.250 3702
192.168.56.101 58707 239.255.255.250 3702

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.