6.6
高危
55 个模型检测该样本为恶意!
重新分析
更多

ae0626ca023c33c0119c973549fbf67d659c6630ec06cc91f72f4952ce9bdfec

b2be85a353329101ad1232fa9b2c362d.exe

分析耗时

78s

最近分析

文件大小

500.0KB
静态报毒 动态报毒 AI SCORE=88 AIDETECT BANKERX BSCOPE CLOUD EMOTET GENERICKD GENERIK HGDP HGIASOYA HIGH CONFIDENCE HOCSF HVDMHD IWLQOPW KCLOUD KRYPTIK LTD0IOGTTPA MALWARE2 MALWARE@#3GUQY6I0ED815 PFJI S + TROJ SCORE SUSGEN TIOIBELM UNSAFE USJU 更多
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
McAfee Emotet-FQS!B2BE85A35332 20210309 6.0.6.653
CrowdStrike 20210203 1.0
Alibaba Trojan:Win32/Emotet.5277c67a 20190527 0.3.0.5
Avast Win32:BankerX-gen [Trj] 20210309 21.1.5827.0
Tencent Win32.Trojan-banker.Emotet.Pfji 20210309 1.0.0.1
Baidu 20190318 1.0.0.2
Kingsoft Win32.Troj.Banker.(kcloud) 20210309 2017.9.26.565
静态指标
Queries for the computername (1 个事件)
Time & API Arguments Status Return Repeated
1621011423.51425
GetComputerNameA
computer_name: OSKAR-PC
success 1 0
Uses Windows APIs to generate a cryptographic key (3 个事件)
Time & API Arguments Status Return Repeated
1621011414.49925
CryptGenKey
crypto_handle: 0x00615600
algorithm_identifier: 0x0000660e ()
provider_handle: 0x00604fa0
flags: 1
key: fxºÒÜsç]k¿ Êx+
success 1 0
1621011423.53025
CryptExportKey
crypto_handle: 0x00615600
crypto_export_handle: 0x00615580
buffer: f¤öOVÏD#NGh€û›C÷w¥þRáå…UÒÚâ½t\ß„åН_ãBM_ՑÛB»j ·)R;;Ss°d~ÞÁãiwäF€ñ÷¹TatLà m|Þù˜v
blob_type: 1
flags: 64
success 1 0
1621011458.07725
CryptExportKey
crypto_handle: 0x00615600
crypto_export_handle: 0x00615580
buffer: f¤·¥Å©²rΉ6Ɨ4‰ÃA€5aåôà6^¯Á…`vÌíNQYŸbAƒµÌ÷·S  z‚õ2ôÄó·^/ý”ùìTXS"ÕÝWq6ªÉü`w,D-ÛåZëþ ö}ÝÉ
blob_type: 1
flags: 64
success 1 0
The executable contains unknown PE section names indicative of a packer (could be a false positive) (1 个事件)
section Shared
The file contains an unknown PE resource name possibly indicative of a packer (1 个事件)
resource name None
行为判定
动态指标
Allocates read-write-execute memory (usually to unpack itself) (1 个事件)
Time & API Arguments Status Return Repeated
1621011413.76425
NtAllocateVirtualMemory
process_identifier: 2080
region_size: 61440
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x003d0000
success 0 0
Changes read-write memory protection to read-execute (probably to avoid detection when setting all RWX flags at the same time) (1 个事件)
Time & API Arguments Status Return Repeated
1621011413.79525
NtProtectVirtualMemory
process_identifier: 2080
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 45056
protection: 32 (PAGE_EXECUTE_READ)
process_handle: 0xffffffff
base_address: 0x00511000
success 0 0
Checks adapter addresses which can be used to detect virtual network interfaces (1 个事件)
Time & API Arguments Status Return Repeated
1621011424.01425
GetAdaptersAddresses
flags: 0
family: 0
failed 111 0
Expresses interest in specific running processes (1 个事件)
process b2be85a353329101ad1232fa9b2c362d.exe
Reads the systems User Agent and subsequently performs requests (1 个事件)
Time & API Arguments Status Return Repeated
1621011423.65525
InternetOpenW
proxy_bypass:
access_type: 0
proxy_name:
flags: 0
user_agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
success 13369348 0
网络通信
Communicates with host for which no DNS query was performed (4 个事件)
host 113.108.239.196
host 172.217.24.14
host 220.147.247.145
host 45.79.16.230
Sets or modifies WPAD proxy autoconfiguration file for traffic interception (8 个事件)
Time & API Arguments Status Return Repeated
1621011426.59225
RegSetValueExA
key_handle: 0x000003b0
value: 1
regkey_r: WpadDecisionReason
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionReason
success 0 0
1621011426.59225
RegSetValueExA
key_handle: 0x000003b0
value: Š$ðH×
regkey_r: WpadDecisionTime
reg_type: 3 (REG_BINARY)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionTime
success 0 0
1621011426.59225
RegSetValueExA
key_handle: 0x000003b0
value: 3
regkey_r: WpadDecision
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecision
success 0 0
1621011426.59225
RegSetValueExW
key_handle: 0x000003b0
value: 网络 2
regkey_r: WpadNetworkName
reg_type: 1 (REG_SZ)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadNetworkName
success 0 0
1621011426.60825
RegSetValueExA
key_handle: 0x000003c8
value: 1
regkey_r: WpadDecisionReason
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionReason
success 0 0
1621011426.60825
RegSetValueExA
key_handle: 0x000003c8
value: Š$ðH×
regkey_r: WpadDecisionTime
reg_type: 3 (REG_BINARY)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionTime
success 0 0
1621011426.60825
RegSetValueExA
key_handle: 0x000003c8
value: 3
regkey_r: WpadDecision
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecision
success 0 0
1621011426.62425
RegSetValueExW
key_handle: 0x000003ac
value: {40112ABE-63B3-43C3-BE93-1440EE3AF106}
regkey_r: WpadLastNetwork
reg_type: 1 (REG_SZ)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\WpadLastNetwork
success 0 0
File has been identified by 55 AntiVirus engines on VirusTotal as malicious (50 out of 55 个事件)
Bkav W32.AIDetect.malware2
Elastic malicious (high confidence)
MicroWorld-eScan Trojan.GenericKD.34528280
FireEye Trojan.GenericKD.34528280
McAfee Emotet-FQS!B2BE85A35332
Cylance Unsafe
Zillya Trojan.Kryptik.Win32.2519364
Sangfor Trojan.Win32.Emotet.gen
Alibaba Trojan:Win32/Emotet.5277c67a
K7GW Riskware ( 0040eff71 )
K7AntiVirus Riskware ( 0040eff71 )
Arcabit Trojan.Generic.D20EDC18
Cyren W32/Trojan.USJU-9263
Symantec Trojan.Emotet
ESET-NOD32 a variant of Win32/Kryptik.HGDP
APEX Malicious
Avast Win32:BankerX-gen [Trj]
ClamAV Win.Dropper.Emotet-9820610-0
Kaspersky HEUR:Trojan-Banker.Win32.Emotet.gen
BitDefender Trojan.GenericKD.34528280
NANO-Antivirus Trojan.Win32.Emotet.hvdmhd
Paloalto generic.ml
Tencent Win32.Trojan-banker.Emotet.Pfji
Ad-Aware Trojan.GenericKD.34528280
Sophos Mal/Generic-S + Troj/Emotet-CNG
Comodo Malware@#3guqy6i0ed815
F-Secure Trojan.TR/AD.Emotet.hocsf
VIPRE Trojan.Win32.Generic!BT
TrendMicro TrojanSpy.Win32.EMOTET.TIOIBELM
McAfee-GW-Edition Emotet-FQS!B2BE85A35332
Emsisoft Trojan.Emotet (A)
Jiangmin Trojan.Banker.Emotet.olc
Webroot W32.Trojan.Gen
Avira TR/AD.Emotet.hocsf
Antiy-AVL Trojan[Banker]/Win32.Emotet
Kingsoft Win32.Troj.Banker.(kcloud)
Gridinsoft Trojan.Win32.Emotet.oa
Microsoft Trojan:Win32/Emotet.PEF!MTB
AegisLab Trojan.Win32.Emotet.L!c
ZoneAlarm HEUR:Trojan-Banker.Win32.Emotet.gen
GData Trojan.GenericKD.34528280
Cynet Malicious (score: 100)
VBA32 BScope.Trojan.Emotet
ALYac Trojan.Agent.Emotet
MAX malware (ai score=88)
Malwarebytes Trojan.MalPack.TRE
TrendMicro-HouseCall TrojanSpy.Win32.EMOTET.TIOIBELM
Rising Trojan.Emotet!8.B95 (CLOUD)
Yandex Trojan.Kryptik!lTd0IOgtTPA
Ikarus Trojan-Banker.Agent
Connects to IP addresses that are no longer responding to requests (legitimate services will remain up-and-running usually) (2 个事件)
dead_host 45.79.16.230:7080
dead_host 220.147.247.145:80
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

2020-09-15 03:38:12

Imports

Library MPR.dll:
0x43e3a4 WNetAddConnection2A
Library KERNEL32.dll:
0x43e134 ExitThread
0x43e138 CreateThread
0x43e13c GetStartupInfoA
0x43e140 GetCommandLineA
0x43e144 ExitProcess
0x43e148 HeapReAlloc
0x43e14c TerminateProcess
0x43e150 HeapSize
0x43e154 HeapDestroy
0x43e158 HeapCreate
0x43e15c VirtualFree
0x43e160 IsBadWritePtr
0x43e16c GetStdHandle
0x43e180 VirtualQuery
0x43e184 GetFileType
0x43e18c GetTickCount
0x43e194 LCMapStringA
0x43e198 LCMapStringW
0x43e19c GetStringTypeA
0x43e1a0 GetStringTypeW
0x43e1a8 IsBadReadPtr
0x43e1ac IsBadCodePtr
0x43e1b0 GetUserDefaultLCID
0x43e1b4 EnumSystemLocalesA
0x43e1b8 IsValidLocale
0x43e1bc IsValidCodePage
0x43e1c0 SetStdHandle
0x43e1c4 GetLocaleInfoW
0x43e1cc GetSystemInfo
0x43e1d0 VirtualAlloc
0x43e1d4 VirtualProtect
0x43e1d8 HeapAlloc
0x43e1dc HeapFree
0x43e1e0 RtlUnwind
0x43e1e4 SetErrorMode
0x43e1f0 GetShortPathNameA
0x43e1f8 FindFirstFileA
0x43e1fc FindClose
0x43e200 GetCurrentProcess
0x43e204 DuplicateHandle
0x43e208 GetFileSize
0x43e20c SetEndOfFile
0x43e210 UnlockFile
0x43e214 LockFile
0x43e218 FlushFileBuffers
0x43e21c SetFilePointer
0x43e220 DeleteFileA
0x43e224 MoveFileA
0x43e234 GetOEMCP
0x43e238 GetCPInfo
0x43e23c TlsFree
0x43e240 LocalReAlloc
0x43e244 TlsSetValue
0x43e248 TlsAlloc
0x43e24c TlsGetValue
0x43e250 GlobalHandle
0x43e254 GlobalReAlloc
0x43e258 LocalAlloc
0x43e25c GlobalFlags
0x43e260 GetDiskFreeSpaceA
0x43e264 GetFullPathNameA
0x43e268 GetTempFileNameA
0x43e26c GetFileTime
0x43e270 SetFileTime
0x43e274 GetFileAttributesA
0x43e284 GetCurrentThread
0x43e290 lstrcpyA
0x43e294 lstrcmpA
0x43e29c RaiseException
0x43e2a0 CreateEventA
0x43e2a4 SuspendThread
0x43e2a8 SetEvent
0x43e2ac WaitForSingleObject
0x43e2b0 SetThreadPriority
0x43e2b4 GetModuleFileNameA
0x43e2bc SetLastError
0x43e2c0 MulDiv
0x43e2c4 GlobalAlloc
0x43e2c8 GetCurrentThreadId
0x43e2cc GlobalGetAtomNameA
0x43e2d0 GlobalAddAtomA
0x43e2d4 GlobalFindAtomA
0x43e2d8 GlobalDeleteAtom
0x43e2dc LoadLibraryA
0x43e2e0 FreeLibrary
0x43e2e4 lstrcatA
0x43e2e8 lstrcmpW
0x43e2ec lstrcpynA
0x43e2f0 GetProcAddress
0x43e2f4 GlobalLock
0x43e2f8 GlobalUnlock
0x43e2fc GlobalFree
0x43e300 FreeResource
0x43e304 WaitNamedPipeA
0x43e308 GetModuleHandleA
0x43e30c CreateFileA
0x43e310 FreeConsole
0x43e31c Sleep
0x43e320 ReadFile
0x43e324 WriteFile
0x43e328 FormatMessageA
0x43e32c LocalFree
0x43e338 FindResourceA
0x43e33c LoadResource
0x43e340 LockResource
0x43e344 SizeofResource
0x43e348 ResumeThread
0x43e34c GetStringTypeExA
0x43e350 CompareStringW
0x43e354 CompareStringA
0x43e358 lstrlenA
0x43e35c lstrcmpiA
0x43e360 GetVersion
0x43e364 GetLastError
0x43e368 WideCharToMultiByte
0x43e36c MultiByteToWideChar
0x43e370 GetVersionExA
0x43e374 GetThreadLocale
0x43e378 GetLocaleInfoA
0x43e37c GetACP
0x43e380 InterlockedExchange
0x43e384 GetCurrentProcessId
0x43e38c Module32First
0x43e390 Module32Next
0x43e394 CloseHandle
0x43e398 SetHandleCount
Library USER32.dll:
0x43e3ec EndPaint
0x43e3f0 BeginPaint
0x43e3f4 GetWindowDC
0x43e3f8 GrayStringA
0x43e3fc DrawTextExA
0x43e400 DrawTextA
0x43e404 TabbedTextOutA
0x43e408 FillRect
0x43e40c ShowOwnedPopups
0x43e410 PostQuitMessage
0x43e414 UnionRect
0x43e418 IsRectEmpty
0x43e41c DestroyCursor
0x43e420 SetCursorPos
0x43e424 SetCapture
0x43e428 RedrawWindow
0x43e42c IsZoomed
0x43e430 WindowFromPoint
0x43e434 KillTimer
0x43e438 SetRect
0x43e43c wsprintfA
0x43e440 UnpackDDElParam
0x43e444 ReuseDDElParam
0x43e448 SetCursor
0x43e44c ReleaseCapture
0x43e450 LoadAcceleratorsA
0x43e454 InsertMenuItemA
0x43e458 CreatePopupMenu
0x43e45c SetRectEmpty
0x43e460 BringWindowToTop
0x43e464 SetMenu
0x43e46c InvalidateRect
0x43e470 DestroyMenu
0x43e474 GetMenuItemInfoA
0x43e478 InflateRect
0x43e47c GetMessageA
0x43e480 TranslateMessage
0x43e484 ValidateRect
0x43e488 ReleaseDC
0x43e48c GetDC
0x43e490 GetMenuStringA
0x43e494 InsertMenuA
0x43e498 SetMenuItemBitmaps
0x43e49c ModifyMenuA
0x43e4a0 GetMenuState
0x43e4a4 EnableMenuItem
0x43e4a8 CheckMenuItem
0x43e4b0 SetWindowTextA
0x43e4b4 IsDialogMessageA
0x43e4b8 SetDlgItemTextA
0x43e4c0 WinHelpA
0x43e4c4 GetCapture
0x43e4c8 CreateWindowExA
0x43e4cc SetWindowsHookExA
0x43e4d0 GetClassLongA
0x43e4d4 GetClassInfoExA
0x43e4d8 SetPropA
0x43e4dc GetPropA
0x43e4e0 RemovePropA
0x43e4e4 SendDlgItemMessageA
0x43e4e8 GetFocus
0x43e4ec SetFocus
0x43e4f0 IsChild
0x43e4f8 GetWindowTextA
0x43e4fc GetForegroundWindow
0x43e500 GetLastActivePopup
0x43e504 DispatchMessageA
0x43e508 BeginDeferWindowPos
0x43e50c EndDeferWindowPos
0x43e510 GetTopWindow
0x43e514 UnhookWindowsHookEx
0x43e518 GetMessageTime
0x43e51c GetMessagePos
0x43e520 PeekMessageA
0x43e524 MapWindowPoints
0x43e528 MessageBoxA
0x43e52c TrackPopupMenu
0x43e530 GetKeyState
0x43e534 SetScrollPos
0x43e538 GetScrollPos
0x43e53c IsWindowVisible
0x43e540 GetMenu
0x43e544 PostMessageA
0x43e548 GetMenuItemID
0x43e54c GetMenuItemCount
0x43e550 GetSysColor
0x43e554 AdjustWindowRectEx
0x43e558 ScreenToClient
0x43e55c EqualRect
0x43e560 DeferWindowPos
0x43e564 GetClassInfoA
0x43e568 RegisterClassA
0x43e56c UnregisterClassA
0x43e570 GetDlgCtrlID
0x43e574 DefWindowProcA
0x43e578 CallWindowProcA
0x43e57c SetWindowLongA
0x43e580 SetWindowPos
0x43e584 OffsetRect
0x43e588 IntersectRect
0x43e590 IsIconic
0x43e594 GetWindowPlacement
0x43e598 GetWindowRect
0x43e59c SetParent
0x43e5a0 DestroyIcon
0x43e5a4 CopyRect
0x43e5a8 GetWindow
0x43e5ac GetActiveWindow
0x43e5b0 SetActiveWindow
0x43e5b4 GetSystemMetrics
0x43e5bc DestroyWindow
0x43e5c0 IsWindow
0x43e5c4 GetWindowLongA
0x43e5c8 GetDlgItem
0x43e5cc IsWindowEnabled
0x43e5d0 GetParent
0x43e5d4 GetNextDlgTabItem
0x43e5d8 FindWindowA
0x43e5dc LockWindowUpdate
0x43e5e0 GetDCEx
0x43e5e4 CallNextHookEx
0x43e5e8 GetSysColorBrush
0x43e5ec EndDialog
0x43e5f0 GetCursorPos
0x43e5f4 SetForegroundWindow
0x43e5f8 LoadCursorA
0x43e5fc LoadBitmapA
0x43e600 GetDesktopWindow
0x43e604 UpdateWindow
0x43e608 ShowWindow
0x43e60c SetTimer
0x43e610 GetSystemMenu
0x43e614 DeleteMenu
0x43e618 GetClientRect
0x43e61c LoadIconA
0x43e620 ClientToScreen
0x43e624 LoadMenuA
0x43e628 GetSubMenu
0x43e62c PtInRect
0x43e630 LoadStringA
0x43e634 SendMessageA
0x43e638 EnableWindow
0x43e63c CharUpperA
0x43e640 GetClassNameA
Library GDI32.dll:
0x43e078 CreateSolidBrush
0x43e07c SetRectRgn
0x43e080 CombineRgn
0x43e084 IntersectClipRect
0x43e088 ExcludeClipRect
0x43e08c SetMapMode
0x43e090 SetBkMode
0x43e094 GetStockObject
0x43e098 CreatePatternBrush
0x43e09c ScaleWindowExtEx
0x43e0a0 SetWindowExtEx
0x43e0a4 ScaleViewportExtEx
0x43e0a8 SetViewportExtEx
0x43e0ac OffsetViewportOrgEx
0x43e0b0 SetViewportOrgEx
0x43e0b4 Escape
0x43e0b8 TextOutA
0x43e0bc RectVisible
0x43e0c0 PtVisible
0x43e0c4 GetPixel
0x43e0c8 CreateRectRgn
0x43e0cc SelectClipRgn
0x43e0d0 BitBlt
0x43e0d4 CreateCompatibleDC
0x43e0d8 GetObjectA
0x43e0dc RestoreDC
0x43e0e0 SaveDC
0x43e0e4 CreateFontA
0x43e0e8 GetCharWidthA
0x43e0ec DeleteObject
0x43e0f0 StretchDIBits
0x43e0f4 DeleteDC
0x43e0f8 GetTextMetricsA
0x43e0fc SelectObject
0x43e100 GetBkColor
0x43e10c ExtTextOutA
0x43e110 CreateFontIndirectA
0x43e114 PatBlt
0x43e11c GetDeviceCaps
0x43e120 CreateBitmap
0x43e124 SetBkColor
0x43e128 SetTextColor
0x43e12c GetClipBox
Library comdlg32.dll:
0x43e664 GetSaveFileNameA
0x43e668 GetFileTitleA
0x43e66c GetOpenFileNameA
Library WINSPOOL.DRV:
0x43e648 DocumentPropertiesA
0x43e64c OpenPrinterA
0x43e650 ClosePrinter
Library ADVAPI32.dll:
0x43e000 RegSetValueExA
0x43e00c StartServiceA
0x43e010 CloseServiceHandle
0x43e014 CreateServiceA
0x43e018 OpenServiceA
0x43e01c OpenSCManagerA
0x43e020 RegCloseKey
0x43e024 RegSetValueA
0x43e028 RegOpenKeyA
0x43e02c RegQueryValueExA
0x43e030 RegCreateKeyA
0x43e034 GetFileSecurityA
0x43e038 SetFileSecurityA
0x43e03c RegDeleteValueA
0x43e044 RegCreateKeyExA
0x43e048 RegQueryValueA
0x43e04c RegEnumKeyA
0x43e050 RegDeleteKeyA
0x43e054 RegOpenKeyExA
Library SHELL32.dll:
0x43e3c0 DragFinish
0x43e3c4 DragQueryFileA
0x43e3c8 ExtractIconA
0x43e3cc SHGetFileInfoA
0x43e3d0 Shell_NotifyIconA
Library COMCTL32.dll:
0x43e060 ImageList_Destroy
0x43e064
0x43e068 ImageList_Create
0x43e06c ImageList_Draw
Library SHLWAPI.dll:
0x43e3d8 PathFindFileNameA
0x43e3dc PathStripToRootA
0x43e3e0 PathFindExtensionA
0x43e3e4 PathIsUNCA
Library OLEAUT32.dll:
0x43e3ac VariantClear
0x43e3b0 VariantChangeType
0x43e3b4 VariantInit
0x43e3b8 SysAllocStringLen
Library WS2_32.dll:
0x43e658 WSACleanup
0x43e65c WSAStartup

Exports

Ordinal Address Name
1 0x4064a0 yuAAQERWEARDFGSFdgtgfgSZXAWQFAs

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 50002 114.114.114.114 53
192.168.56.101 51378 114.114.114.114 53
192.168.56.101 57756 114.114.114.114 53
192.168.56.101 58367 114.114.114.114 53
192.168.56.101 62318 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 123 20.189.79.72 time.windows.com 123
192.168.56.101 49235 224.0.0.252 5355
192.168.56.101 50534 224.0.0.252 5355
192.168.56.101 51963 224.0.0.252 5355
192.168.56.101 53237 224.0.0.252 5355
192.168.56.101 53657 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 60384 224.0.0.252 5355
192.168.56.101 62191 224.0.0.252 5355
192.168.56.101 63429 224.0.0.252 5355
192.168.56.101 1900 239.255.255.250 1900
192.168.56.101 50003 239.255.255.250 3702
192.168.56.101 50005 239.255.255.250 3702

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.