7.4
高危
54 个模型检测该样本为恶意!
重新分析
更多

4ed643090b95f0f1cb9325e36627c7a0dae6b83396075d755494fb7bfd9e1efd

b6e550238c5e696eebbb27228d9b7902.exe

分析耗时

80s

最近分析

文件大小

612.0KB
静态报毒 动态报毒 100% AI SCORE=88 ANFU BANKERX CLOUD CONFIDENCE DOWNLOADER34 ELDORADO EMOTET GENCIRC GENERICKD GENETIC HFFS HIGH CONFIDENCE HPCZKW IGENERICPMF KRYPTIK QVM07 R049C0DGT20 R346403 S15280615 SCORE SGENERIC SUSGEN UNCLASSIFIEDMALWARE@0 UNSAFE ZBXGZ ZENPAK 更多
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
Alibaba Trojan:Win32/Emotet.63dbac9b 20190527 0.3.0.5
Baidu 20190318 1.0.0.2
Avast Win32:BankerX-gen [Trj] 20200823 18.4.3895.0
Kingsoft 20200824 2013.8.14.323
McAfee Emotet-FRI!B6E550238C5E 20200823 6.0.6.653
Tencent Malware.Win32.Gencirc.10cde600 20200824 1.0.0.1
CrowdStrike win/malicious_confidence_100% (W) 20190702 1.0
静态指标
Queries for the computername (1 个事件)
Time & API Arguments Status Return Repeated
1619891850.448
GetComputerNameA
computer_name: OSKAR-PC
success 1 0
Uses Windows APIs to generate a cryptographic key (4 个事件)
Time & API Arguments Status Return Repeated
1619891841.745
CryptGenKey
crypto_handle: 0x005fd900
algorithm_identifier: 0x0000660e ()
provider_handle: 0x00554b30
flags: 1
key: fÓ΅˜µ±±:5’çæ
success 1 0
1619891850.464
CryptExportKey
crypto_handle: 0x005fd900
crypto_export_handle: 0x005542f0
buffer: f¤»I Á„i B a£@ZsGÀù9bÃBÎý5˒‘Áíس!}lggì‘ì0û’±ç·ûŒì7Òþ•½Øƒfئà忔¢!M£M'(6”œñ­‡`µ–ÕƅŠ»R¿'
blob_type: 1
flags: 64
success 1 0
1619891888.839
CryptExportKey
crypto_handle: 0x005fd900
crypto_export_handle: 0x005542f0
buffer: f¤öyGû$¦àƒP¦ŠŸåÏ>áà¯ønb ܌ùV¸äcG—ßW-'"3™‡”ëúxv¿øäð³Ø½:s” 6¤Ûª,»}3·%ÔôÖW¶57à¼á–2Ù=ÄJl
blob_type: 1
flags: 64
success 1 0
1619891894.683
CryptExportKey
crypto_handle: 0x005fd900
crypto_export_handle: 0x005542f0
buffer: f¤eºàQzØaÔ¡ü{ÃÝ !ó|§LüÀñ¸`©›~¸Ó¥€ß ¾µÌòœmcJ#xÚï= ‘<ÒÚJ$¨Hì !1²¤P7Ԓl*''"ž,®ÒŌBbÝ
blob_type: 1
flags: 64
success 1 0
The executable uses a known packer (1 个事件)
packer Armadillo v1.71
行为判定
动态指标
Allocates read-write-execute memory (usually to unpack itself) (1 个事件)
Time & API Arguments Status Return Repeated
1619891840.979
NtAllocateVirtualMemory
process_identifier: 472
region_size: 36864
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12289 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x004f0000
success 0 0
Foreign language identified in PE resource (3 个事件)
name RT_ICON language LANG_CHINESE offset 0x00093ac8 filetype GLS_BINARY_LSB_FIRST sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000128
name RT_ICON language LANG_CHINESE offset 0x00093ac8 filetype GLS_BINARY_LSB_FIRST sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000128
name RT_GROUP_ICON language LANG_CHINESE offset 0x00093bf0 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000022
Checks adapter addresses which can be used to detect virtual network interfaces (1 个事件)
Time & API Arguments Status Return Repeated
1619891851.12
GetAdaptersAddresses
flags: 0
family: 0
failed 111 0
Expresses interest in specific running processes (1 个事件)
process b6e550238c5e696eebbb27228d9b7902.exe
Reads the systems User Agent and subsequently performs requests (1 个事件)
Time & API Arguments Status Return Repeated
1619891850.636
InternetOpenW
proxy_bypass:
access_type: 0
proxy_name:
flags: 0
user_agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
success 13369348 0
网络通信
Communicates with host for which no DNS query was performed (4 个事件)
host 172.217.24.14
host 179.60.229.168
host 185.94.252.13
host 189.218.165.63
Sets or modifies WPAD proxy autoconfiguration file for traffic interception (8 个事件)
Time & API Arguments Status Return Repeated
1619891853.729
RegSetValueExA
key_handle: 0x000003b0
value: 1
regkey_r: WpadDecisionReason
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionReason
success 0 0
1619891853.729
RegSetValueExA
key_handle: 0x000003b0
value: `ܲ¢>×
regkey_r: WpadDecisionTime
reg_type: 3 (REG_BINARY)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionTime
success 0 0
1619891853.729
RegSetValueExA
key_handle: 0x000003b0
value: 3
regkey_r: WpadDecision
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecision
success 0 0
1619891853.729
RegSetValueExW
key_handle: 0x000003b0
value: 网络 2
regkey_r: WpadNetworkName
reg_type: 1 (REG_SZ)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadNetworkName
success 0 0
1619891853.729
RegSetValueExA
key_handle: 0x000003c8
value: 1
regkey_r: WpadDecisionReason
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionReason
success 0 0
1619891853.729
RegSetValueExA
key_handle: 0x000003c8
value: `ܲ¢>×
regkey_r: WpadDecisionTime
reg_type: 3 (REG_BINARY)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionTime
success 0 0
1619891853.729
RegSetValueExA
key_handle: 0x000003c8
value: 3
regkey_r: WpadDecision
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecision
success 0 0
1619891853.761
RegSetValueExW
key_handle: 0x000003ac
value: {40112ABE-63B3-43C3-BE93-1440EE3AF106}
regkey_r: WpadLastNetwork
reg_type: 1 (REG_SZ)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\WpadLastNetwork
success 0 0
Generates some ICMP traffic
File has been identified by 54 AntiVirus engines on VirusTotal as malicious (50 out of 54 个事件)
Elastic malicious (high confidence)
MicroWorld-eScan Trojan.GenericKD.43563696
FireEye Generic.mg.b6e550238c5e696e
CAT-QuickHeal Trojan.IgenericPMF.S15280615
ALYac Trojan.GenericKD.43563696
Cylance Unsafe
Zillya Backdoor.Emotet.Win32.727
Sangfor Malware
K7AntiVirus Riskware ( 0040eff71 )
Alibaba Trojan:Win32/Emotet.63dbac9b
K7GW Riskware ( 0040eff71 )
Arcabit Trojan.Generic.D298BAB0
TrendMicro TROJ_GEN.R049C0DGT20
Cyren W32/Kryptik.BRQ.gen!Eldorado
Symantec Trojan.Emotet
APEX Malicious
Paloalto generic.ml
Kaspersky HEUR:Trojan-Banker.Win32.Emotet.pef
BitDefender Trojan.GenericKD.43563696
NANO-Antivirus Trojan.Win32.Emotet.hpczkw
ViRobot Trojan.Win32.Z.Emotet.626688.H
Avast Win32:BankerX-gen [Trj]
Rising Trojan.Kryptik!1.C89F (CLOUD)
Ad-Aware Trojan.GenericKD.43563696
Comodo .UnclassifiedMalware@0
F-Secure Trojan.TR/Emotet.zbxgz
DrWeb Trojan.DownLoader34.9370
VIPRE Trojan.Win32.Generic!BT
Invincea heuristic
Sophos Troj/Emotet-CKJ
Jiangmin Trojan.Banker.Emotet.nzs
Avira TR/Emotet.zbxgz
MAX malware (ai score=88)
Antiy-AVL Trojan/Win32.SGeneric
Microsoft Trojan:Win32/Emotet.ARJ!MTB
AegisLab Trojan.Multi.Generic.4!c
ZoneAlarm HEUR:Trojan-Banker.Win32.Emotet.pef
GData Trojan.GenericKD.43563696
Cynet Malicious (score: 85)
AhnLab-V3 Trojan/Win32.Emotet.R346403
McAfee Emotet-FRI!B6E550238C5E
TACHYON Trojan/W32.Agent.626688.PM
VBA32 Trojan.Downloader
Malwarebytes Trojan.Emotet
ESET-NOD32 a variant of Win32/Kryptik.HFFS
TrendMicro-HouseCall TROJ_GEN.R049C0DGT20
Tencent Malware.Win32.Gencirc.10cde600
Ikarus Trojan-Banker.Emotet
MaxSecure Trojan.Malware.73767892.susgen
Fortinet W32/Zenpak.ANFU!tr
Connects to IP addresses that are no longer responding to requests (legitimate services will remain up-and-running usually) (3 个事件)
dead_host 192.168.56.101:49182
dead_host 179.60.229.168:443
dead_host 185.94.252.13:443
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

2020-07-29 04:03:50

Imports

Library KERNEL32.dll:
0x48febc TerminateProcess
0x48fec0 HeapFree
0x48fec4 CreateThread
0x48fec8 ExitThread
0x48fecc HeapAlloc
0x48fed0 RaiseException
0x48fed4 HeapReAlloc
0x48fed8 HeapSize
0x48fedc GetACP
0x48fee4 GetSystemTime
0x48fee8 GetLocalTime
0x48feec FatalAppExitA
0x48fef0 Sleep
0x48fef4 LCMapStringA
0x48fef8 LCMapStringW
0x48ff10 SetHandleCount
0x48ff14 GetStdHandle
0x48ff18 GetFileType
0x48ff1c ExitProcess
0x48ff20 HeapCreate
0x48ff24 VirtualFree
0x48ff28 VirtualAlloc
0x48ff2c IsBadWritePtr
0x48ff34 GetStringTypeA
0x48ff38 GetStringTypeW
0x48ff3c IsBadReadPtr
0x48ff40 IsBadCodePtr
0x48ff44 IsValidLocale
0x48ff48 IsValidCodePage
0x48ff4c GetLocaleInfoA
0x48ff50 EnumSystemLocalesA
0x48ff54 GetUserDefaultLCID
0x48ff58 GetVersionExA
0x48ff60 SetStdHandle
0x48ff64 GetLocaleInfoW
0x48ff68 CompareStringA
0x48ff6c CompareStringW
0x48ff74 GetCommandLineA
0x48ff78 GetStartupInfoA
0x48ff7c RtlUnwind
0x48ff80 GetProfileStringA
0x48ff84 InterlockedExchange
0x48ff88 CopyFileA
0x48ff8c GlobalSize
0x48ff90 SetFileAttributesA
0x48ff94 SetFileTime
0x48ffa0 GetFileTime
0x48ffa4 GetFileSize
0x48ffa8 GetFileAttributesA
0x48ffac GetTickCount
0x48ffb8 lstrlenW
0x48ffbc GetShortPathNameA
0x48ffc0 GetStringTypeExA
0x48ffc4 GetFullPathNameA
0x48ffcc FindFirstFileA
0x48ffd0 FindClose
0x48ffd4 DeleteFileA
0x48ffd8 MoveFileA
0x48ffdc SetEndOfFile
0x48ffe0 UnlockFile
0x48ffe4 LockFile
0x48ffe8 FlushFileBuffers
0x48ffec SetFilePointer
0x48fff0 WriteFile
0x48fff4 ReadFile
0x48fff8 CreateFileA
0x48fffc DuplicateHandle
0x490000 SetErrorMode
0x490004 GetOEMCP
0x490008 GetCPInfo
0x49000c GetThreadLocale
0x490010 SizeofResource
0x490014 GetProcessVersion
0x490018 GetLastError
0x49002c GlobalFlags
0x490030 lstrcpynA
0x490034 TlsGetValue
0x490038 LocalReAlloc
0x49003c TlsSetValue
0x490044 GlobalReAlloc
0x49004c TlsFree
0x490050 GlobalHandle
0x490058 TlsAlloc
0x490060 LocalAlloc
0x490064 FormatMessageA
0x490068 LocalFree
0x49006c MulDiv
0x490070 SetLastError
0x490074 MultiByteToWideChar
0x490078 WideCharToMultiByte
0x49007c lstrlenA
0x490088 LoadLibraryA
0x49008c FreeLibrary
0x490090 GetVersion
0x490094 lstrcatA
0x490098 GlobalGetAtomNameA
0x49009c GlobalAddAtomA
0x4900a0 GlobalFindAtomA
0x4900a4 lstrcpyA
0x4900a8 GetModuleHandleA
0x4900ac GlobalFree
0x4900b0 LockResource
0x4900b4 FindResourceA
0x4900b8 LoadResource
0x4900bc CreateEventA
0x4900c0 SuspendThread
0x4900c4 SetThreadPriority
0x4900c8 ResumeThread
0x4900cc SetEvent
0x4900d0 WaitForSingleObject
0x4900d4 CloseHandle
0x4900d8 GetModuleFileNameA
0x4900dc GlobalDeleteAtom
0x4900e0 lstrcmpA
0x4900e4 lstrcmpiA
0x4900e8 GetCurrentThread
0x4900ec GetCurrentThreadId
0x4900f0 GlobalAlloc
0x4900f4 GlobalUnlock
0x4900f8 GlobalLock
0x4900fc LoadLibraryExA
0x490100 GetProcAddress
0x490104 HeapDestroy
0x490108 GetCurrentProcess
Library USER32.dll:
0x4902f4 DeleteMenu
0x4902f8 GetMenuStringA
0x4902fc GetSysColorBrush
0x490300 GetDialogBaseUnits
0x490304 CharNextA
0x49030c SetRect
0x490310 GetNextDlgGroupItem
0x490314 MessageBeep
0x490318 SetRectEmpty
0x49031c LoadAcceleratorsA
0x490324 LoadMenuA
0x490328 SetMenu
0x49032c ReuseDDElParam
0x490330 UnpackDDElParam
0x490334 InvalidateRect
0x490338 BringWindowToTop
0x49033c CharUpperA
0x490340 InflateRect
0x490348 RemoveMenu
0x49034c PostThreadMessageA
0x490350 DestroyIcon
0x490354 CopyRect
0x490358 EndDeferWindowPos
0x49035c ScrollWindow
0x490360 GetScrollInfo
0x490364 SetScrollInfo
0x490368 ShowScrollBar
0x49036c GetScrollRange
0x490370 SetScrollRange
0x490374 GetScrollPos
0x490378 SetScrollPos
0x49037c GetTopWindow
0x490380 IsChild
0x490384 GetCapture
0x490388 WinHelpA
0x49038c wsprintfA
0x490390 GetClassInfoA
0x490394 RegisterClassA
0x490398 GetMenu
0x49039c GetMenuItemCount
0x4903a0 GetSubMenu
0x4903a4 GetMenuItemID
0x4903a8 TrackPopupMenu
0x4903ac SetWindowPlacement
0x4903b4 GetWindowTextA
0x4903b8 GetDlgCtrlID
0x4903bc DefWindowProcA
0x4903c0 CreateWindowExA
0x4903c4 GetClassLongA
0x4903c8 SetPropA
0x4903cc UnhookWindowsHookEx
0x4903d0 GetPropA
0x4903d4 CallWindowProcA
0x4903d8 RemovePropA
0x4903dc GetMessageTime
0x4903e0 GetMessagePos
0x4903e4 GetForegroundWindow
0x4903e8 SetForegroundWindow
0x4903ec PtInRect
0x4903f4 OffsetRect
0x4903f8 LoadCursorA
0x490400 GetWindowPlacement
0x490404 GetWindowRect
0x490408 MapDialogRect
0x49040c SetWindowPos
0x490410 GetWindow
0x490418 EndDialog
0x49041c SetActiveWindow
0x490420 IsWindow
0x490428 DestroyWindow
0x49042c GetDlgItem
0x490434 ReleaseCapture
0x490438 GetMenuState
0x49043c ModifyMenuA
0x490440 SetMenuItemBitmaps
0x490444 CheckMenuItem
0x490448 EnableMenuItem
0x49044c GetFocus
0x490450 GetNextDlgTabItem
0x490454 GetMessageA
0x490458 TranslateMessage
0x49045c DispatchMessageA
0x490460 GetActiveWindow
0x490464 CallNextHookEx
0x490468 ValidateRect
0x49046c IsWindowVisible
0x490470 PeekMessageA
0x490474 GetCursorPos
0x490478 SetWindowsHookExA
0x49047c GetParent
0x490480 GetLastActivePopup
0x490484 IsWindowEnabled
0x490488 GetWindowLongA
0x49048c MessageBoxA
0x490490 SetCursor
0x490494 ShowOwnedPopups
0x490498 LoadIconA
0x49049c GetSystemMenu
0x4904a0 SendMessageA
0x4904a4 UnregisterClassA
0x4904a8 HideCaret
0x4904ac ShowCaret
0x4904b0 ExcludeUpdateRgn
0x4904b4 DrawFocusRect
0x4904b8 PostQuitMessage
0x4904bc PostMessageA
0x4904c0 RedrawWindow
0x4904c4 SetClipboardData
0x4904c8 CreatePopupMenu
0x4904cc InsertMenuA
0x4904d0 GetKeyState
0x4904d8 OpenClipboard
0x4904dc GetClipboardData
0x4904e0 CloseClipboard
0x4904e4 EnableWindow
0x4904e8 IsIconic
0x4904ec GetClassNameA
0x4904f0 WindowFromPoint
0x4904f8 GetDesktopWindow
0x4904fc SetWindowLongA
0x490500 WaitMessage
0x490504 GetSystemMetrics
0x490508 GetClientRect
0x49050c DefDlgProcA
0x490510 IsWindowUnicode
0x490514 AppendMenuA
0x490518 DrawIcon
0x49051c GrayStringA
0x490520 DrawTextA
0x490524 TabbedTextOutA
0x490528 EndPaint
0x49052c BeginPaint
0x490530 GetWindowDC
0x490534 ReleaseDC
0x490538 GetDC
0x49053c ClientToScreen
0x490540 DestroyMenu
0x490544 LoadStringA
0x490548 OemToCharA
0x49054c CharToOemA
0x490550 wvsprintfA
0x490554 ShowWindow
0x490558 MoveWindow
0x49055c SetWindowTextA
0x490560 IsDialogMessageA
0x490564 ScrollWindowEx
0x490568 IsDlgButtonChecked
0x49056c SetDlgItemTextA
0x490570 SetDlgItemInt
0x490574 GetDlgItemTextA
0x490578 GetDlgItemInt
0x49057c CheckRadioButton
0x490580 CheckDlgButton
0x490584 BeginDeferWindowPos
0x490588 SendDlgItemMessageA
0x49058c MapWindowPoints
0x490590 GetSysColor
0x490594 SetFocus
0x490598 LoadBitmapA
0x49059c SetCapture
0x4905a0 AdjustWindowRectEx
0x4905a4 ScreenToClient
0x4905a8 EqualRect
0x4905ac IntersectRect
0x4905b0 DeferWindowPos
0x4905b4 UpdateWindow
Library GDI32.dll:
0x48fd00 SetPolyFillMode
0x48fd04 SetROP2
0x48fd08 SetStretchBltMode
0x48fd0c SetMapMode
0x48fd10 SetViewportOrgEx
0x48fd14 OffsetViewportOrgEx
0x48fd18 SetViewportExtEx
0x48fd1c ScaleViewportExtEx
0x48fd20 SetWindowOrgEx
0x48fd24 OffsetWindowOrgEx
0x48fd28 SetWindowExtEx
0x48fd2c ScaleWindowExtEx
0x48fd30 SelectClipRgn
0x48fd34 ExcludeClipRect
0x48fd38 IntersectClipRect
0x48fd3c OffsetClipRgn
0x48fd40 MoveToEx
0x48fd44 LineTo
0x48fd48 SetTextAlign
0x48fd54 SetMapperFlags
0x48fd5c ArcTo
0x48fd60 SetArcDirection
0x48fd64 PolyDraw
0x48fd68 PolylineTo
0x48fd6c SetColorAdjustment
0x48fd70 PolyBezierTo
0x48fd74 DeleteObject
0x48fd78 GetClipRgn
0x48fd7c CreateRectRgn
0x48fd80 SetBkMode
0x48fd84 ExtSelectClipRgn
0x48fd88 PlayMetaFileRecord
0x48fd8c GetObjectType
0x48fd90 EnumMetaFile
0x48fd94 PlayMetaFile
0x48fd98 GetDeviceCaps
0x48fd9c GetViewportExtEx
0x48fda0 GetWindowExtEx
0x48fda4 CreatePen
0x48fda8 ExtCreatePen
0x48fdac CreateHatchBrush
0x48fdb0 CreatePatternBrush
0x48fdb8 PtVisible
0x48fdbc RectVisible
0x48fdc0 TextOutA
0x48fdc4 ExtTextOutA
0x48fdc8 Escape
0x48fdd0 GetTextMetricsA
0x48fdd4 CreateFontIndirectA
0x48fdd8 GetTextColor
0x48fddc GetBkColor
0x48fde0 DPtoLP
0x48fde4 LPtoDP
0x48fde8 GetMapMode
0x48fdec PatBlt
0x48fdf0 SetRectRgn
0x48fdf4 CombineRgn
0x48fdfc CopyMetaFileA
0x48fe00 CreateDCA
0x48fe04 SelectPalette
0x48fe08 GetStockObject
0x48fe0c SelectObject
0x48fe10 RestoreDC
0x48fe14 SaveDC
0x48fe18 StartDocA
0x48fe1c DeleteDC
0x48fe20 GetObjectA
0x48fe24 SetBkColor
0x48fe28 SetTextColor
0x48fe2c GetClipBox
0x48fe30 GetDCOrgEx
0x48fe34 CreateBitmap
0x48fe38 SelectClipPath
0x48fe3c CreateDIBitmap
0x48fe40 GetTextExtentPointA
0x48fe44 BitBlt
0x48fe48 CreateCompatibleDC
0x48fe4c CreateSolidBrush
Library comdlg32.dll:
0x4906a8 GetSaveFileNameA
0x4906ac GetFileTitleA
0x4906b0 GetOpenFileNameA
Library WINSPOOL.DRV:
0x490670 ClosePrinter
0x490674 DocumentPropertiesA
0x490678 OpenPrinterA
Library ADVAPI32.dll:
0x48fc6c RegDeleteKeyA
0x48fc70 RegCreateKeyA
0x48fc74 RegEnumKeyA
0x48fc78 RegQueryValueA
0x48fc7c RegSetValueA
0x48fc80 RegOpenKeyA
0x48fc84 RegCloseKey
0x48fc88 RegDeleteValueA
0x48fc8c RegSetValueExA
0x48fc90 RegQueryValueExA
0x48fc94 RegOpenKeyExA
0x48fc98 RegCreateKeyExA
Library SHELL32.dll:
0x4902b0 SHGetFileInfoA
0x4902b4 DragQueryFileA
0x4902b8 DragFinish
0x4902bc DragAcceptFiles
0x4902c0 ExtractIconA
Library COMCTL32.dll:
0x48fcd0
Library oledlg.dll:
0x4907a4
Library ole32.dll:
0x4906e0 CoTreatAsClass
0x4906e4 StringFromCLSID
0x4906e8 ReadClassStg
0x4906ec ReadFmtUserTypeStg
0x4906f0 OleRegGetUserType
0x4906f4 WriteClassStg
0x4906f8 WriteFmtUserTypeStg
0x4906fc SetConvertStg
0x490700 CreateBindCtx
0x490704 OleDuplicateData
0x49070c ReleaseStgMedium
0x490710 OleInitialize
0x490714 CoDisconnectObject
0x490718 OleRun
0x49071c CoCreateInstance
0x490720 CoTaskMemAlloc
0x490724 CoTaskMemFree
0x490734 CoGetClassObject
0x490738 CLSIDFromString
0x49073c CLSIDFromProgID
0x490748 CoRevokeClassObject
0x49074c OleSetClipboard
0x490750 OleFlushClipboard
0x49075c OleUninitialize
Library OLEPRO32.DLL:
0x490280
Library OLEAUT32.dll:
0x4901ac VariantCopy
0x4901b0 VariantClear
0x4901b4 SysAllocStringLen
0x4901b8 SysFreeString
0x4901bc VariantChangeType
0x4901c0 SysReAllocStringLen
0x4901c4 SysAllocString
0x4901cc SafeArrayAccessData
0x4901d0 SafeArrayGetUBound
0x4901d4 SafeArrayGetLBound
0x4901dc SafeArrayGetDim
0x4901e0 SafeArrayCreate
0x4901e4 SafeArrayRedim
0x4901ec SysStringByteLen
0x4901f0 VarCyFromStr
0x4901f4 VarBstrFromCy
0x4901f8 VarDateFromStr
0x4901fc VarBstrFromDate
0x490200 SafeArrayCopy
0x490204 SafeArrayAllocData
0x49020c SafeArrayGetElement
0x490210 SafeArrayPtrOfIndex
0x490214 SafeArrayPutElement
0x490218 SafeArrayLock
0x49021c SafeArrayUnlock
0x490220 SafeArrayDestroy
0x49022c SysStringLen
0x490230 LoadTypeLib

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 50534 114.114.114.114 53
192.168.56.101 51808 114.114.114.114 53
192.168.56.101 53657 114.114.114.114 53
192.168.56.101 58367 114.114.114.114 53
192.168.56.101 60123 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 123 20.189.79.72 time.windows.com 123
192.168.56.101 50002 224.0.0.252 5355
192.168.56.101 55368 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 57756 224.0.0.252 5355
192.168.56.101 57874 224.0.0.252 5355
192.168.56.101 62191 224.0.0.252 5355
192.168.56.101 63429 224.0.0.252 5355
192.168.56.101 65004 224.0.0.252 5355
192.168.56.101 1900 239.255.255.250 1900
192.168.56.101 53658 239.255.255.250 3702
192.168.56.101 57757 239.255.255.250 3702
192.168.56.101 58707 239.255.255.250 3702

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.