7.0
高危
54 个模型检测该样本为恶意!
重新分析
更多

f309d3820c2f40109825f3ebf2e00f84f0eb8d97e3b78cc74e751b69ba738435

b1278a3920704a0de920cdc9a8eb737a.exe

分析耗时

26s

最近分析

文件大小

16.0MB
静态报毒 动态报毒 4O4CCND88Q0 AGEN AI SCORE=86 AIDETECTVM ATTRIBUTE BBZA BSCOPE CLASSIC COINMINER CONFIDENCE ELDORADO EQGRP EQTONEX EQUATIONDRUG FLYSTUDIO GAEEVV GENASA GENERICRXHV GRAYWARE HACKTOOL HIGH CONFIDENCE HIGHCONFIDENCE HOGNOOB LX0C MALICIOUS PE MALWARE5 MIMIKATZ MS17 QQHELPER QQPASS R + TROJ SCORE STARTPAGE1 STATIC AI SUSGEN TROJANPWS UNSAFE VA@8BDT5Z WACATAC ZUSY 更多
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
McAfee GenericRXHV-KH!B1278A392070 20201211 6.0.6.653
CrowdStrike win/malicious_confidence_90% (W) 20190702 1.0
Alibaba Trojan:Win32/hognoob.89 20190527 0.3.0.5
Baidu 20190318 1.0.0.2
Avast Win32:Malware-gen 20201210 21.1.5827.0
Kingsoft 20201211 2017.9.26.565
Tencent 20201211 1.0.0.1
静态指标
Queries for the computername (2 个事件)
Time & API Arguments Status Return Repeated
1619881438.8075
GetComputerNameA
computer_name: OSKAR-PC
success 1 0
1619881445.932625
GetComputerNameA
computer_name: OSKAR-PC
success 1 0
Command line console output was observed (24 个事件)
Time & API Arguments Status Return Repeated
1619881440.62
WriteConsoleA
buffer: ÕýÔÚ Ping 127.0.0.1
console_handle: 0x00000007
success 1 0
1619881440.635
WriteConsoleA
buffer: ¾ßÓÐ 32 ×Ö½ÚµÄÊý¾Ý:
console_handle: 0x00000007
success 1 0
1619881440.651
WriteConsoleA
buffer: À´×Ô 127.0.0.1 µÄ»Ø¸´:
console_handle: 0x00000007
success 1 0
1619881440.667
WriteConsoleA
buffer: ×Ö½Ú=32
console_handle: 0x00000007
success 1 0
1619881440.667
WriteConsoleA
buffer: ʱ¼ä<1ms
console_handle: 0x00000007
success 1 0
1619881440.667
WriteConsoleA
buffer: TTL=128
console_handle: 0x00000007
success 1 0
1619881441.667
WriteConsoleA
buffer: À´×Ô 127.0.0.1 µÄ»Ø¸´:
console_handle: 0x00000007
success 1 0
1619881441.667
WriteConsoleA
buffer: ×Ö½Ú=32
console_handle: 0x00000007
success 1 0
1619881441.667
WriteConsoleA
buffer: ʱ¼ä<1ms
console_handle: 0x00000007
success 1 0
1619881441.667
WriteConsoleA
buffer: TTL=128
console_handle: 0x00000007
success 1 0
1619881442.667
WriteConsoleA
buffer: À´×Ô 127.0.0.1 µÄ»Ø¸´:
console_handle: 0x00000007
success 1 0
1619881442.667
WriteConsoleA
buffer: ×Ö½Ú=32
console_handle: 0x00000007
success 1 0
1619881442.667
WriteConsoleA
buffer: ʱ¼ä<1ms
console_handle: 0x00000007
success 1 0
1619881442.667
WriteConsoleA
buffer: TTL=128
console_handle: 0x00000007
success 1 0
1619881443.682
WriteConsoleA
buffer: À´×Ô 127.0.0.1 µÄ»Ø¸´:
console_handle: 0x00000007
success 1 0
1619881443.682
WriteConsoleA
buffer: ×Ö½Ú=32
console_handle: 0x00000007
success 1 0
1619881443.682
WriteConsoleA
buffer: ʱ¼ä<1ms
console_handle: 0x00000007
success 1 0
1619881443.682
WriteConsoleA
buffer: TTL=128
console_handle: 0x00000007
success 1 0
1619881444.682
WriteConsoleA
buffer: À´×Ô 127.0.0.1 µÄ»Ø¸´:
console_handle: 0x00000007
success 1 0
1619881444.682
WriteConsoleA
buffer: ×Ö½Ú=32
console_handle: 0x00000007
success 1 0
1619881444.682
WriteConsoleA
buffer: ʱ¼ä<1ms
console_handle: 0x00000007
success 1 0
1619881444.682
WriteConsoleA
buffer: TTL=128
console_handle: 0x00000007
success 1 0
1619881444.698
WriteConsoleA
buffer: 127.0.0.1 µÄ Ping ͳ¼ÆÐÅÏ¢: Êý¾Ý°ü: ÒÑ·¢ËÍ = 5£¬ÒѽÓÊÕ = 5£¬¶ªÊ§ = 0 (0% ¶ªÊ§)£¬
console_handle: 0x00000007
success 1 0
1619881444.698
WriteConsoleA
buffer: Íù·µÐг̵ĹÀ¼Æʱ¼ä(ÒÔºÁÃëΪµ¥Î»): ×î¶Ì = 0ms£¬× = 0ms£¬Æ½¾ù = 0ms
console_handle: 0x00000007
success 1 0
Collects information to fingerprint the system (MachineGuid, DigitalProductId, SystemBiosDate) (1 个事件)
registry HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\MachineGuid
Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available (1 个事件)
Time & API Arguments Status Return Repeated
1619881440.557
GlobalMemoryStatusEx
success 1 0
The executable uses a known packer (1 个事件)
packer Armadillo v1.71
行为判定
动态指标
Creates executable files on the filesystem (1 个事件)
file C:\Windows\elyeglpt\ddfbgtr.exe
Creates a service (1 个事件)
Time & API Arguments Status Return Repeated
1619881446.526625
CreateServiceA
service_start_name:
start_type: 2
service_handle: 0x00c5eb90
display_name: rgbrmuiwdxrfz
error_control: 1
service_name: sbeuuawsc
filepath: C:\Windows\elyeglpt\ddfbgtr.exe
filepath_r: C:\Windows\elyeglpt\ddfbgtr.exe
service_manager_handle: 0x00c5e640
desired_access: 983551
service_type: 16
password:
success 12970896 0
Drops a binary and executes it (1 个事件)
file C:\Windows\elyeglpt\ddfbgtr.exe
Drops an executable to the user AppData folder (1 个事件)
file C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\2488687\TemporaryFile\TemporaryFile
The binary likely contains encrypted or compressed data indicative of a packer (2 个事件)
entropy 7.741751228512571 section {'size_of_data': '0x00596000', 'virtual_address': '0x000ba000', 'entropy': 7.741751228512571, 'name': '.rdata', 'virtual_size': '0x00595b72'} description A section with a high entropy has been found
entropy 0.8751529987760098 description Overall entropy of this PE file is high
Uses Windows utilities for basic Windows functionality (2 个事件)
cmdline ping 127.0.0.1 -n 5
cmdline cmd /c ping 127.0.0.1 -n 5 & Start C:\Windows\elyeglpt\ddfbgtr.exe
网络通信
Communicates with host for which no DNS query was performed (1 个事件)
host 172.217.24.14
Installs itself for autorun at Windows startup (1 个事件)
service_name sbeuuawsc service_path C:\Windows\elyeglpt\ddfbgtr.exe
A process performed obfuscation on information about the computer or sent it to a remote location indicative of CnC Traffic/Preperations. (3 个事件)
Time & API Arguments Status Return Repeated
1619881438.8075
CryptHashData
buffer: OSKAR-PC
flags: 0
hash_handle: 0x00b642a0
success 1 0
1619881445.932625
CryptHashData
buffer: OSKAR-PC
flags: 0
hash_handle: 0x00c32ab8
success 1 0
1619881445.932625
CryptHashData
buffer: OSKAR-PC
flags: 0
hash_handle: 0x00c32ab8
success 1 0
Resumed a suspended thread in a remote process potentially indicative of process injection (2 个事件)
Process injection Process 580 resumed a thread in remote process 1060
Time & API Arguments Status Return Repeated
1619881447.1355
NtResumeThread
thread_handle: 0x00000084
suspend_count: 0
process_identifier: 1060
success 0 0
File has been identified by 54 AntiVirus engines on VirusTotal as malicious (50 out of 54 个事件)
Bkav W32.AIDetectVM.malware5
Elastic malicious (high confidence)
MicroWorld-eScan Gen:Variant.Zusy.300063
FireEye Generic.mg.b1278a3920704a0d
CAT-QuickHeal Trojanpws.Qqpass.16543
McAfee GenericRXHV-KH!B1278A392070
Cylance Unsafe
Zillya Trojan.EquationDrug.Win32.573
Sangfor Malware
CrowdStrike win/malicious_confidence_90% (W)
Alibaba Trojan:Win32/hognoob.89
K7GW Trojan ( 005456291 )
K7AntiVirus Trojan ( 005456291 )
Cyren W32/QQhelper.C.gen!Eldorado
Symantec ML.Attribute.HighConfidence
APEX Malicious
Paloalto generic.ml
ClamAV Win.Exploit.EQGRP-6322722-0
Kaspersky HEUR:Trojan.Win32.EquationDrug.gen
BitDefender Gen:Variant.Zusy.300063
NANO-Antivirus Trojan.Win32.EquationDrug.gaeevv
Avast Win32:Malware-gen
Rising Downloader.Agent!1.B837 (CLASSIC)
Ad-Aware Gen:Variant.Zusy.300063
Sophos Mal/Generic-R + Troj/Agent-BBZA
Comodo TrojWare.Win32.CoinMiner.VA@8bdt5z
F-Secure Heuristic.HEUR/AGEN.1114023
DrWeb Trojan.StartPage1.58196
VIPRE Trojan.Win32.Generic!BT
McAfee-GW-Edition GenericRXHV-KH!B1278A392070
Emsisoft Gen:Variant.Zusy.300063 (B)
SentinelOne Static AI - Malicious PE
Jiangmin Exploit.MS17-010.cf
Avira HEUR/AGEN.1114023
Antiy-AVL GrayWare/Win32.FlyStudio.a
Microsoft Trojan:Win32/Eqtonex!rfn
AegisLab Trojan.Win32.Generic.lx0C
ZoneAlarm HEUR:Trojan.Win32.EquationDrug.gen
GData Gen:Variant.Zusy.300063
Cynet Malicious (score: 100)
AhnLab-V3 Trojan/Win32.EquationDrug.C3319046
Acronis suspicious
ALYac Gen:Variant.Zusy.300063
MAX malware (ai score=86)
VBA32 BScope.Trojan.Wacatac
ESET-NOD32 a variant of Win32/CoinMiner.BUJ
Yandex Trojan.GenAsa!4o4ccnD88q0
Ikarus Trojan-PSW.QQpass
eGambit hacktool.mimikatz
Fortinet W32/Agent.65CA!tr
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

2019-06-27 03:51:23

Imports

Library KERNEL32.DLL:
0x4ba178 SetLastError
0x4ba17c GetSystemDirectoryA
0x4ba184 GetCurrentProcess
0x4ba188 MultiByteToWideChar
0x4ba18c WideCharToMultiByte
0x4ba190 Process32Next
0x4ba194 Process32First
0x4ba19c SetFilePointer
0x4ba1a0 GetFileSize
0x4ba1a4 TerminateProcess
0x4ba1a8 OpenProcess
0x4ba1ac GetVersion
0x4ba1b0 TerminateThread
0x4ba1b4 CreateSemaphoreA
0x4ba1b8 ResumeThread
0x4ba1bc ReleaseSemaphore
0x4ba1c8 GetProfileStringA
0x4ba1cc WriteFile
0x4ba1d0 InterlockedExchange
0x4ba1d4 IsBadCodePtr
0x4ba1d8 CompareStringW
0x4ba1dc CompareStringA
0x4ba1e0 GetStringTypeW
0x4ba1e4 GetStringTypeA
0x4ba1ec IsBadWritePtr
0x4ba1f0 VirtualAlloc
0x4ba1f4 LCMapStringW
0x4ba1f8 LCMapStringA
0x4ba200 VirtualFree
0x4ba204 HeapCreate
0x4ba208 HeapDestroy
0x4ba210 GetStdHandle
0x4ba214 SetHandleCount
0x4ba22c GetFileType
0x4ba230 SetStdHandle
0x4ba234 GetACP
0x4ba238 HeapSize
0x4ba23c RaiseException
0x4ba240 GetLocalTime
0x4ba244 GetSystemTime
0x4ba248 RtlUnwind
0x4ba24c GetStartupInfoA
0x4ba250 GetOEMCP
0x4ba254 GetCPInfo
0x4ba258 GetProcessVersion
0x4ba25c SetErrorMode
0x4ba260 GlobalFlags
0x4ba264 GetCurrentThread
0x4ba268 GetFileTime
0x4ba26c TlsGetValue
0x4ba270 LocalReAlloc
0x4ba274 TlsSetValue
0x4ba278 TlsFree
0x4ba27c GlobalHandle
0x4ba280 TlsAlloc
0x4ba284 LocalAlloc
0x4ba288 lstrcmpA
0x4ba28c GlobalGetAtomNameA
0x4ba290 GlobalAddAtomA
0x4ba294 GlobalFindAtomA
0x4ba298 GlobalDeleteAtom
0x4ba29c lstrcmpiA
0x4ba2a0 SetEndOfFile
0x4ba2a4 UnlockFile
0x4ba2a8 LockFile
0x4ba2ac FlushFileBuffers
0x4ba2b0 DuplicateHandle
0x4ba2b4 lstrcpynA
0x4ba2bc LocalFree
0x4ba2cc CreateFileA
0x4ba2d0 SetEvent
0x4ba2d4 FindResourceA
0x4ba2d8 LoadResource
0x4ba2dc LockResource
0x4ba2e0 ReadFile
0x4ba2e4 CloseHandle
0x4ba2e8 WaitForSingleObject
0x4ba2ec CreateProcessA
0x4ba2f0 GetTickCount
0x4ba2f4 GetCommandLineA
0x4ba2f8 MulDiv
0x4ba2fc GetProcAddress
0x4ba300 GetModuleHandleA
0x4ba30c CreateDirectoryA
0x4ba310 CopyFileA
0x4ba314 DeleteFileA
0x4ba318 lstrlenW
0x4ba31c RemoveDirectoryA
0x4ba320 GetModuleFileNameA
0x4ba324 GetCurrentThreadId
0x4ba328 ExitProcess
0x4ba32c GlobalSize
0x4ba330 GlobalFree
0x4ba33c lstrcatA
0x4ba340 lstrlenA
0x4ba344 WinExec
0x4ba348 lstrcpyA
0x4ba34c FindNextFileA
0x4ba350 GlobalReAlloc
0x4ba354 HeapFree
0x4ba358 HeapReAlloc
0x4ba35c GetProcessHeap
0x4ba360 HeapAlloc
0x4ba364 GetUserDefaultLCID
0x4ba368 GetFullPathNameA
0x4ba36c FreeLibrary
0x4ba370 LoadLibraryA
0x4ba374 GetLastError
0x4ba378 GetVersionExA
0x4ba380 CreateThread
0x4ba384 CreateEventA
0x4ba388 Sleep
0x4ba38c GlobalAlloc
0x4ba390 GlobalLock
0x4ba394 GlobalUnlock
0x4ba398 GetTempPathA
0x4ba39c FindFirstFileA
0x4ba3a0 FindClose
0x4ba3a4 SetFileAttributesA
0x4ba3a8 GetFileAttributesA
0x4ba3ac MoveFileA
0x4ba3b0 IsBadReadPtr
Library ADVAPI32.dll:
0x4ba000 RegQueryValueA
0x4ba004 RegSetValueExA
0x4ba008 RegOpenKeyExA
0x4ba00c RegCloseKey
0x4ba010 RegCreateKeyExA
Library COMCTL32.dll:
0x4ba018 ImageList_Destroy
0x4ba01c
Library comdlg32.dll:
0x4ba794 ChooseColorA
0x4ba798 GetOpenFileNameA
0x4ba79c GetFileTitleA
0x4ba7a0 GetSaveFileNameA
Library GDI32.dll:
0x4ba024 Escape
0x4ba028 ExtTextOutA
0x4ba02c TextOutA
0x4ba030 RectVisible
0x4ba034 PtVisible
0x4ba038 GetViewportExtEx
0x4ba03c ExtSelectClipRgn
0x4ba040 LineTo
0x4ba044 MoveToEx
0x4ba048 ExcludeClipRect
0x4ba04c GetClipBox
0x4ba050 ScaleWindowExtEx
0x4ba054 SetWindowExtEx
0x4ba058 GetTextMetricsA
0x4ba05c SetStretchBltMode
0x4ba060 GetClipRgn
0x4ba064 CreatePolygonRgn
0x4ba068 SelectClipRgn
0x4ba06c DeleteObject
0x4ba070 CreateDIBitmap
0x4ba078 CreatePalette
0x4ba07c StretchBlt
0x4ba080 SelectPalette
0x4ba084 RealizePalette
0x4ba088 GetDIBits
0x4ba08c GetWindowExtEx
0x4ba090 GetViewportOrgEx
0x4ba094 GetWindowOrgEx
0x4ba098 BeginPath
0x4ba09c EndPath
0x4ba0a0 PathToRegion
0x4ba0a4 CreateEllipticRgn
0x4ba0a8 CreateRoundRectRgn
0x4ba0ac GetTextColor
0x4ba0b0 GetBkMode
0x4ba0b4 GetBkColor
0x4ba0b8 GetROP2
0x4ba0bc GetStretchBltMode
0x4ba0c0 GetPolyFillMode
0x4ba0c8 CreateDCA
0x4ba0cc CreateBitmap
0x4ba0d0 SelectObject
0x4ba0d4 CreatePen
0x4ba0d8 PatBlt
0x4ba0dc CombineRgn
0x4ba0e0 CreateRectRgn
0x4ba0e4 FillRgn
0x4ba0e8 CreateSolidBrush
0x4ba0ec CreateFontIndirectA
0x4ba0f0 GetStockObject
0x4ba0f4 GetObjectA
0x4ba0f8 EndPage
0x4ba0fc EndDoc
0x4ba100 DeleteDC
0x4ba104 StartDocA
0x4ba108 StartPage
0x4ba10c BitBlt
0x4ba110 CreateCompatibleDC
0x4ba114 Ellipse
0x4ba118 Rectangle
0x4ba11c LPtoDP
0x4ba120 DPtoLP
0x4ba124 GetCurrentObject
0x4ba128 RoundRect
0x4ba130 GetDeviceCaps
0x4ba138 SetBkColor
0x4ba13c SaveDC
0x4ba140 RestoreDC
0x4ba144 SetBkMode
0x4ba148 SetPolyFillMode
0x4ba14c SetROP2
0x4ba150 SetTextColor
0x4ba154 SetMapMode
0x4ba158 SetViewportOrgEx
0x4ba15c OffsetViewportOrgEx
0x4ba160 SetViewportExtEx
0x4ba164 ScaleViewportExtEx
0x4ba168 SetWindowOrgEx
Library iphlpapi.dll:
0x4ba7a8 GetAdaptersInfo
Library ole32.dll:
0x4ba7b0 CLSIDFromProgID
0x4ba7b4 OleRun
0x4ba7b8 CoCreateInstance
0x4ba7bc CLSIDFromString
0x4ba7c0 OleUninitialize
0x4ba7c4 OleInitialize
Library OLEAUT32.dll:
0x4ba3b8 SafeArrayAccessData
0x4ba3bc SafeArrayGetElement
0x4ba3c0 VariantCopyInd
0x4ba3c4 VariantInit
0x4ba3c8 SysAllocString
0x4ba3cc SafeArrayDestroy
0x4ba3d0 SafeArrayCreate
0x4ba3d4 SafeArrayPutElement
0x4ba3d8 RegisterTypeLib
0x4ba3dc LHashValOfNameSys
0x4ba3e4 SafeArrayGetDim
0x4ba3e8 SafeArrayGetLBound
0x4ba3ec SafeArrayGetUBound
0x4ba3f0 VariantChangeType
0x4ba3f4 VariantClear
0x4ba3f8 LoadTypeLib
0x4ba3fc UnRegisterTypeLib
0x4ba400 VariantCopy
Library RASAPI32.dll:
0x4ba408 RasHangUpA
Library SHELL32.dll:
0x4ba418 Shell_NotifyIconA
0x4ba41c ShellExecuteA
Library USER32.dll:
0x4ba424 WaitForInputIdle
0x4ba428 GetClipboardData
0x4ba42c OpenClipboard
0x4ba430 wsprintfA
0x4ba434 CloseClipboard
0x4ba438 EqualRect
0x4ba43c SetClipboardData
0x4ba440 EmptyClipboard
0x4ba444 GetSystemMetrics
0x4ba448 GetCursorPos
0x4ba44c MessageBoxA
0x4ba450 GetSysColorBrush
0x4ba454 GetWindowTextA
0x4ba458 GetDlgItem
0x4ba45c FindWindowA
0x4ba464 GetClassNameA
0x4ba468 GetDesktopWindow
0x4ba46c GetForegroundWindow
0x4ba470 SetWindowTextA
0x4ba474 LoadIconA
0x4ba478 TranslateMessage
0x4ba47c DrawFrameControl
0x4ba480 DrawEdge
0x4ba484 DrawFocusRect
0x4ba488 WindowFromPoint
0x4ba48c GetMessageA
0x4ba490 DispatchMessageA
0x4ba494 SetRectEmpty
0x4ba4a4 DrawIconEx
0x4ba4a8 CreatePopupMenu
0x4ba4ac AppendMenuA
0x4ba4b0 ModifyMenuA
0x4ba4b4 CreateMenu
0x4ba4bc GetDlgCtrlID
0x4ba4c0 LoadStringA
0x4ba4c8 GetMenuState
0x4ba4cc SetMenuItemBitmaps
0x4ba4d0 CheckMenuItem
0x4ba4d4 MoveWindow
0x4ba4d8 IsDialogMessageA
0x4ba4dc ScrollWindowEx
0x4ba4e0 SendDlgItemMessageA
0x4ba4e4 MapWindowPoints
0x4ba4e8 AdjustWindowRectEx
0x4ba4ec GetScrollPos
0x4ba4f0 RegisterClassA
0x4ba4f4 GetMenuItemCount
0x4ba4f8 GetMenuItemID
0x4ba4fc CreateWindowExA
0x4ba500 SetWindowsHookExA
0x4ba504 CallNextHookEx
0x4ba508 GetClassLongA
0x4ba50c SetPropA
0x4ba510 UnhookWindowsHookEx
0x4ba514 GetPropA
0x4ba518 CallWindowProcA
0x4ba51c GetSubMenu
0x4ba520 EnableMenuItem
0x4ba524 ClientToScreen
0x4ba52c LoadImageA
0x4ba534 ShowWindow
0x4ba538 IsWindowEnabled
0x4ba540 GetKeyState
0x4ba548 PostQuitMessage
0x4ba54c IsZoomed
0x4ba550 GetClassInfoA
0x4ba554 DefWindowProcA
0x4ba558 GetMenu
0x4ba55c SetMenu
0x4ba560 PeekMessageA
0x4ba564 IsIconic
0x4ba568 SetFocus
0x4ba56c GetActiveWindow
0x4ba570 GetWindow
0x4ba578 SetWindowRgn
0x4ba57c GetMessagePos
0x4ba580 ScreenToClient
0x4ba588 CopyRect
0x4ba58c LoadBitmapA
0x4ba590 WinHelpA
0x4ba594 KillTimer
0x4ba598 SetTimer
0x4ba59c ReleaseCapture
0x4ba5a0 GetCapture
0x4ba5a4 SetCapture
0x4ba5a8 GetScrollRange
0x4ba5ac SetScrollRange
0x4ba5b0 SetScrollPos
0x4ba5b4 SetRect
0x4ba5b8 InflateRect
0x4ba5bc IntersectRect
0x4ba5c0 DestroyIcon
0x4ba5c4 PtInRect
0x4ba5c8 OffsetRect
0x4ba5cc IsWindowVisible
0x4ba5d0 EnableWindow
0x4ba5d4 RedrawWindow
0x4ba5d8 GetWindowLongA
0x4ba5dc SetWindowLongA
0x4ba5e0 GetSysColor
0x4ba5e4 SetActiveWindow
0x4ba5e8 SetCursorPos
0x4ba5ec LoadCursorA
0x4ba5f0 SetCursor
0x4ba5f4 GetDC
0x4ba5f8 FillRect
0x4ba5fc IsRectEmpty
0x4ba600 ReleaseDC
0x4ba604 IsChild
0x4ba608 DestroyMenu
0x4ba60c SetForegroundWindow
0x4ba610 GetWindowRect
0x4ba614 UnregisterClassA
0x4ba618 UpdateWindow
0x4ba61c ValidateRect
0x4ba620 InvalidateRect
0x4ba624 GetClientRect
0x4ba628 GetFocus
0x4ba62c GetParent
0x4ba630 GetTopWindow
0x4ba634 PostMessageA
0x4ba638 IsWindow
0x4ba63c SetParent
0x4ba640 DestroyCursor
0x4ba644 SendMessageA
0x4ba648 SetWindowPos
0x4ba650 CharUpperA
0x4ba654 GetWindowDC
0x4ba658 BeginPaint
0x4ba65c EndPaint
0x4ba660 TabbedTextOutA
0x4ba664 DrawTextA
0x4ba668 GrayStringA
0x4ba66c DestroyWindow
0x4ba674 EndDialog
0x4ba678 GetNextDlgTabItem
0x4ba67c GetWindowPlacement
0x4ba684 GetLastActivePopup
0x4ba688 GetMessageTime
0x4ba68c RemovePropA
Library VERSION.dll:
0x4ba694 GetFileVersionInfoA
0x4ba698 VerQueryValueA
0x4ba69c VerLanguageNameA
Library WININET.dll:
0x4ba6ac InternetCrackUrlA
0x4ba6b0 HttpOpenRequestA
0x4ba6b4 HttpSendRequestA
0x4ba6b8 HttpQueryInfoA
0x4ba6bc InternetReadFile
0x4ba6c0 InternetConnectA
0x4ba6c4 InternetSetOptionA
0x4ba6c8 InternetCloseHandle
0x4ba6cc InternetOpenA
Library WINMM.dll:
0x4ba6d4 midiStreamRestart
0x4ba6d8 midiStreamClose
0x4ba6dc midiOutReset
0x4ba6e0 midiStreamStop
0x4ba6ec waveOutWrite
0x4ba6f0 waveOutPause
0x4ba6f4 waveOutReset
0x4ba6f8 waveOutClose
0x4ba6fc midiStreamOut
0x4ba704 midiStreamProperty
0x4ba708 midiStreamOpen
0x4ba710 waveOutOpen
0x4ba714 waveOutGetNumDevs
Library WINSPOOL.DRV:
0x4ba71c OpenPrinterA
0x4ba720 DocumentPropertiesA
0x4ba724 ClosePrinter
Library WS2_32.dll:
0x4ba72c select
0x4ba730 WSACleanup
0x4ba734 WSAStartup
0x4ba738 gethostbyname
0x4ba73c inet_ntoa
0x4ba740 inet_addr
0x4ba744 gethostname
0x4ba748 send
0x4ba74c closesocket
0x4ba750 WSAAsyncSelect
0x4ba754 htons
0x4ba758 bind
0x4ba75c getsockname
0x4ba760 ntohs
0x4ba764 __WSAFDIsSet
0x4ba768 accept
0x4ba76c getpeername
0x4ba770 listen
0x4ba774 recv
0x4ba778 htonl
0x4ba77c socket
0x4ba780 connect
0x4ba784 ioctlsocket
0x4ba788 sendto
0x4ba78c recvfrom

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 50534 114.114.114.114 53
192.168.56.101 55368 114.114.114.114 53
192.168.56.101 56539 114.114.114.114 53
192.168.56.101 58367 114.114.114.114 53
192.168.56.101 65004 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 123 20.189.79.72 time.windows.com 123
192.168.56.101 49235 224.0.0.252 5355
192.168.56.101 53657 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 60123 224.0.0.252 5355
192.168.56.101 62191 224.0.0.252 5355
192.168.56.101 1900 239.255.255.250 1900
192.168.56.101 56807 239.255.255.250 1900
192.168.56.101 58368 239.255.255.250 3702
192.168.56.101 58370 239.255.255.250 3702
192.168.56.101 58707 239.255.255.250 3702
192.168.56.101 62192 239.255.255.250 3702

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.