6.0
高危
57 个模型检测该样本为恶意!
重新分析
更多

b0492ee53bdfcde8453259a3f9e63ae29a11ef277afa0cd4ad1339e873f61af0

b6ee6ce88277bf7d0a9a7bc50dee30fc.exe

分析耗时

77s

最近分析

文件大小

875.1KB
静态报毒 动态报毒 2Y1@AA@DZ3II 3E0VPJDY7 A + MAL AI SCORE=82 CERT CLASSIC CONFIDENCE DANGEROUSSIG DEYMA DOWNLOADER34 DRIDEX ENCPK ERDG GDSDA GENERICKD GENERICRXLP HFIC HIGH CONFIDENCE HVMGVS KCLOUD KGDBP KRYPT KRYPTIK MALWARE@#3E0B5Q7TCEKY5 QAKBOT R346657 RACCOONSTEALER RACEALER SCORE STATIC AI SUSGEN SUSPICIOUS PE TROJANPSW TROJDOWNLOADER UNSAFE VSNTH220 ZEXAF 更多
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
McAfee GenericRXLP-DH!B6EE6CE88277 20201211 6.0.6.653
Avast Win32:DangerousSig [Trj] 20201210 21.1.5827.0
Alibaba TrojanDownloader:Win32/Deyma.b4d266c6 20190527 0.3.0.5
Baidu 20190318 1.0.0.2
Kingsoft Win32.TrojDownloader.Deyma.b.(kcloud) 20201211 2017.9.26.565
CrowdStrike win/malicious_confidence_90% (W) 20190702 1.0
行为判定
动态指标
Allocates read-write-execute memory (usually to unpack itself) (6 个事件)
Time & API Arguments Status Return Repeated
1619861355.423876
NtAllocateVirtualMemory
process_identifier: 3004
region_size: 741376
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x01de0000
success 0 0
1619861357.079876
NtAllocateVirtualMemory
process_identifier: 3004
region_size: 737280
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x01ea0000
success 0 0
1619861357.079876
NtProtectVirtualMemory
process_identifier: 3004
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 151552
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00400000
success 0 0
1619861358.518374
NtAllocateVirtualMemory
process_identifier: 3060
region_size: 741376
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x021e0000
success 0 0
1619861360.034374
NtAllocateVirtualMemory
process_identifier: 3060
region_size: 737280
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x022a0000
success 0 0
1619861360.034374
NtProtectVirtualMemory
process_identifier: 3060
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 151552
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00400000
success 0 0
Creates executable files on the filesystem (2 个事件)
file c:\programdata\1321ba6d1f\bdif.exe
file C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\cred.dll
A process created a hidden window (1 个事件)
Time & API Arguments Status Return Repeated
1619861357.939876
CreateProcessInternalW
thread_identifier: 3048
thread_handle: 0x000000cc
process_identifier: 3060
current_directory:
filepath:
track: 1
command_line: c:\programdata\1321ba6d1f\bdif.exe
filepath_r:
stack_pivoted: 0
creation_flags: 134217728 (CREATE_NO_WINDOW)
process_handle: 0x000000c8
inherit_handles: 0
success 1 0
Checks adapter addresses which can be used to detect virtual network interfaces (1 个事件)
Time & API Arguments Status Return Repeated
1619861361.143374
GetAdaptersAddresses
flags: 0
family: 0
failed 111 0
网络通信
Communicates with host for which no DNS query was performed (2 个事件)
host 172.217.24.14
host 217.8.117.52
Attempts to identify installed AV products by installation directory (7 个事件)
file C:\ProgramData\AVAST Software
file C:\ProgramData\Avira
file C:\ProgramData\Kaspersky Lab
file C:\ProgramData\Panda Security
file C:\ProgramData\Bitdefender
file C:\ProgramData\AVG
file C:\ProgramData\Doctor Web
Sets or modifies WPAD proxy autoconfiguration file for traffic interception (8 个事件)
Time & API Arguments Status Return Repeated
1619861363.737374
RegSetValueExA
key_handle: 0x000003d8
value: 1
regkey_r: WpadDecisionReason
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionReason
success 0 0
1619861363.752374
RegSetValueExA
key_handle: 0x000003d8
value: €kµ[>×
regkey_r: WpadDecisionTime
reg_type: 3 (REG_BINARY)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionTime
success 0 0
1619861363.752374
RegSetValueExA
key_handle: 0x000003d8
value: 3
regkey_r: WpadDecision
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecision
success 0 0
1619861363.752374
RegSetValueExW
key_handle: 0x000003d8
value: 网络 2
regkey_r: WpadNetworkName
reg_type: 1 (REG_SZ)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadNetworkName
success 0 0
1619861363.752374
RegSetValueExA
key_handle: 0x000003ec
value: 1
regkey_r: WpadDecisionReason
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionReason
success 0 0
1619861363.752374
RegSetValueExA
key_handle: 0x000003ec
value: €kµ[>×
regkey_r: WpadDecisionTime
reg_type: 3 (REG_BINARY)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionTime
success 0 0
1619861363.752374
RegSetValueExA
key_handle: 0x000003ec
value: 3
regkey_r: WpadDecision
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecision
success 0 0
1619861363.815374
RegSetValueExW
key_handle: 0x000003d4
value: {40112ABE-63B3-43C3-BE93-1440EE3AF106}
regkey_r: WpadLastNetwork
reg_type: 1 (REG_SZ)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\WpadLastNetwork
success 0 0
Connects to an IP address that is no longer responding to requests (legitimate services will remain up-and-running usually) (1 个事件)
dead_host 217.8.117.52:80
File has been identified by 57 AntiVirus engines on VirusTotal as malicious (50 out of 57 个事件)
Elastic malicious (high confidence)
DrWeb Trojan.DownLoader34.16517
MicroWorld-eScan Trojan.GenericKD.34279635
FireEye Generic.mg.b6ee6ce88277bf7d
Qihoo-360 Win32/Trojan.Downloader.90d
McAfee GenericRXLP-DH!B6EE6CE88277
Cylance Unsafe
VIPRE Trojan.Win32.Generic!BT
AegisLab Trojan.Win32.Deyma.a!c
Sangfor Malware
K7AntiVirus Trojan ( 0056be901 )
BitDefender Trojan.GenericKD.34279635
K7GW Trojan ( 0056be901 )
Cybereason malicious.88277b
BitDefenderTheta Gen:NN.ZexaF.34670.2y1@aa@dz3ii
Cyren W32/Trojan.ERDG-4347
Symantec Packed.Generic.459
APEX Malicious
Avast Win32:DangerousSig [Trj]
Kaspersky Trojan-Downloader.Win32.Deyma.bpt
Alibaba TrojanDownloader:Win32/Deyma.b4d266c6
NANO-Antivirus Trojan.Win32.Deyma.hvmgvs
Ad-Aware Trojan.GenericKD.34279635
Sophos ML/PE-A + Mal/EncPk-APV
Comodo Malware@#3e0b5q7tceky5
F-Secure Trojan.TR/Kryptik.kgdbp
TrendMicro TROJ_FRS.VSNTH220
McAfee-GW-Edition GenericRXLP-DH!B6EE6CE88277
Emsisoft Trojan.GenericKD.34279635 (B)
Ikarus Trojan.Win32.Krypt
Avira TR/Kryptik.kgdbp
Antiy-AVL Trojan[PSW]/Win32.Racealer
Kingsoft Win32.TrojDownloader.Deyma.b.(kcloud)
Microsoft Trojan:Win32/Raccoonstealer!cert
Gridinsoft Trojan.Win32.Packed.oa
Arcabit Trojan.Generic.D20B10D3
ZoneAlarm Trojan-Downloader.Win32.Deyma.bpt
GData Trojan.GenericKD.34279635
Cynet Malicious (score: 90)
AhnLab-V3 Trojan/Win32.Kryptik.R346657
Acronis suspicious
VBA32 TrojanPSW.Racealer
ALYac Trojan.GenericKD.34279635
MAX malware (ai score=82)
Malwarebytes Trojan.MalPack
Panda Trj/GdSda.A
ESET-NOD32 a variant of Win32/Kryptik.HFIC
TrendMicro-HouseCall Backdoor.Win32.QAKBOT.SMF
Rising Trojan.Kryptik!1.C9B6 (CLASSIC)
Yandex Trojan.Kryptik!3e0vPjdY7/I
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

2020-08-02 13:10:01

Imports

Library KERNEL32.dll:
0x4d8bcc LoadLibraryA
0x4d8bd0 GetProcAddress
0x4d8bd4 GetModuleHandleA
0x4d8bdc GetTickCount
0x4d8be4 IsDebuggerPresent
0x4d8bf0 GetCurrentProcess
0x4d8bf4 TerminateProcess
0x4d8bfc Sleep
0x4d8c00 InterlockedExchange
0x4d8c04 GetStartupInfoW
0x4d8c08 GetCommandLineW
0x4d8c0c GetModuleFileNameW
0x4d8c10 CreateProcessW
0x4d8c14 WaitForSingleObject
0x4d8c18 CloseHandle
0x4d8c1c GetLastError
0x4d8c20 FormatMessageW
0x4d8c24 LocalFree
0x4d8c28 GetCurrentProcessId
0x4d8c2c GetCurrentThreadId
0x4d8c30 WaitNamedPipeA
0x4d8c34 HeapReAlloc
0x4d8c38 GlobalFree
0x4d8c3c _lwrite
0x4d8c44 GetCommConfig
0x4d8c48 IsBadHugeWritePtr
0x4d8c4c GetConsoleAliasA
0x4d8c50 ResetEvent
0x4d8c54 ReplaceFileA
0x4d8c58 GetACP
0x4d8c5c VirtualFree
0x4d8c60 VirtualAlloc
0x4d8c64 GetSystemInfo
0x4d8c68 GetVersion
0x4d8c6c VirtualQuery
0x4d8c70 WideCharToMultiByte
0x4d8c78 MultiByteToWideChar
0x4d8c7c lstrlenW
0x4d8c80 lstrcpynW
0x4d8c84 LoadLibraryExW
0x4d8c88 GetThreadLocale
0x4d8c8c GetStartupInfoA
0x4d8c90 GetModuleHandleW
0x4d8c94 GetLocaleInfoW
0x4d8c9c FreeLibrary
0x4d8ca0 FindFirstFileW
0x4d8ca4 FindClose
0x4d8ca8 ExitProcess
0x4d8cac ExitThread
0x4d8cb0 CreateThread
0x4d8cb4 CompareStringW
0x4d8cb8 WriteFile
0x4d8cbc RtlUnwind
0x4d8cc0 RaiseException
0x4d8cc4 GetStdHandle
0x4d8cc8 TlsSetValue
0x4d8ccc TlsGetValue
0x4d8cd0 LocalAlloc
0x4d8cd4 lstrcpyW
0x4d8cd8 lstrcmpW
0x4d8cdc WriteProfileStringW
0x4d8ce8 VirtualQueryEx
0x4d8cec TransactNamedPipe
0x4d8cf0 SwitchToThread
0x4d8cf4 SizeofResource
0x4d8cf8 SignalObjectAndWait
0x4d8cfc SetThreadLocale
0x4d8d04 SetLastError
0x4d8d08 SetFileTime
0x4d8d0c SetFilePointer
0x4d8d10 SetFileAttributesW
0x4d8d14 SetEvent
0x4d8d18 SetErrorMode
0x4d8d1c SetEndOfFile
0x4d8d20 ResumeThread
0x4d8d24 RemoveDirectoryW
0x4d8d28 ReleaseMutex
0x4d8d2c ReadFile
0x4d8d30 OpenProcess
0x4d8d34 OpenMutexW
0x4d8d38 MulDiv
0x4d8d3c MoveFileExW
0x4d8d40 MoveFileW
0x4d8d44 LockResource
0x4d8d4c LoadResource
0x4d8d50 LoadLibraryW
0x4d8d58 IsDBCSLeadByte
0x4d8d5c IsBadWritePtr
0x4d8d64 GlobalFindAtomW
0x4d8d68 GlobalDeleteAtom
0x4d8d6c GlobalAddAtomW
0x4d8d74 GetVersionExW
0x4d8d7c GetSystemDirectoryW
0x4d8d80 GetShortPathNameW
0x4d8d84 GetProfileStringW
0x4d8d8c GetOverlappedResult
0x4d8d90 GetLogicalDrives
0x4d8d94 GetLocalTime
0x4d8d98 GetFullPathNameW
0x4d8d9c GetFileSize
0x4d8da0 GetFileAttributesW
0x4d8da4 GetExitCodeThread
0x4d8da8 GetExitCodeProcess
0x4d8db0 GetDriveTypeW
0x4d8db4 GetDiskFreeSpaceW
0x4d8db8 GetDateFormatW
0x4d8dbc GetCurrentThread
0x4d8dc0 GetComputerNameW
0x4d8dc4 GetCPInfo
0x4d8dc8 FreeResource
0x4d8dd8 FlushFileBuffers
0x4d8ddc FindResourceW
0x4d8de0 FindNextFileW
0x4d8dec EnumCalendarInfoW
0x4d8df4 DeviceIoControl
0x4d8df8 DeleteFileW
0x4d8e00 CreateNamedPipeW
0x4d8e04 CreateMutexW
0x4d8e08 CreateFileW
0x4d8e0c CreateEventW
0x4d8e10 CreateDirectoryW
0x4d8e14 CopyFileW
0x4d8e18 CompareFileTime
Library USER32.dll:
0x4d8e20 AnyPopup
0x4d8e24 CloseClipboard
0x4d8e28 LoadIconW
0x4d8e2c GetAsyncKeyState
0x4d8e30 MessageBoxW
0x4d8e34 DialogBoxParamW
0x4d8e38 DlgDirListW
0x4d8e3c DdeDisconnectList
0x4d8e40 EnableMenuItem
0x4d8e44 GetUpdateRect
0x4d8e48 SetScrollRange
0x4d8e4c GetKeyboardType
0x4d8e50 LoadStringW
0x4d8e54 MessageBoxA
0x4d8e58 CharNextW
0x4d8e5c CreateWindowExW
0x4d8e60 WindowFromPoint
0x4d8e64 WaitMessage
0x4d8e68 WaitForInputIdle
0x4d8e6c UpdateWindow
0x4d8e70 UnregisterClassW
0x4d8e74 UnhookWindowsHookEx
0x4d8e78 TranslateMessage
0x4d8e80 TrackPopupMenu
0x4d8e88 ShowWindow
0x4d8e8c ShowScrollBar
0x4d8e90 ShowOwnedPopups
0x4d8e94 SetWindowsHookExW
0x4d8e98 SetWindowTextW
0x4d8e9c SetWindowPos
0x4d8ea0 SetWindowPlacement
0x4d8ea4 SetWindowLongW
0x4d8ea8 SetTimer
0x4d8eac SetScrollPos
0x4d8eb0 SetScrollInfo
0x4d8eb4 SetRectEmpty
0x4d8eb8 SetRect
0x4d8ebc SetPropW
0x4d8ec0 SetParent
0x4d8ec4 SetMenuItemInfoW
0x4d8ec8 SetMenu
0x4d8ecc SetForegroundWindow
0x4d8ed0 SetFocus
0x4d8ed4 SetCursor
0x4d8ed8 SetClassLongW
0x4d8edc SetCapture
0x4d8ee0 SetActiveWindow
0x4d8ee4 SendNotifyMessageW
0x4d8ee8 SendMessageTimeoutW
0x4d8eec SendMessageA
0x4d8ef0 SendMessageW
0x4d8ef4 ScrollWindowEx
0x4d8ef8 ScrollWindow
0x4d8efc ScreenToClient
0x4d8f00 ReplyMessage
0x4d8f04 RemovePropW
0x4d8f08 RemoveMenu
0x4d8f0c ReleaseDC
0x4d8f10 ReleaseCapture
0x4d8f1c RegisterClassW
0x4d8f20 RedrawWindow
0x4d8f24 PtInRect
0x4d8f28 PostQuitMessage
0x4d8f2c PostMessageW
0x4d8f30 PeekMessageA
0x4d8f34 PeekMessageW
0x4d8f38 OffsetRect
0x4d8f3c OemToCharBuffA
0x4d8f48 MessageBeep
0x4d8f4c MapWindowPoints
0x4d8f50 MapVirtualKeyW
0x4d8f54 LoadKeyboardLayoutW
0x4d8f58 LoadCursorW
0x4d8f5c LoadBitmapW
0x4d8f60 KillTimer
0x4d8f64 IsZoomed
0x4d8f68 IsWindowVisible
0x4d8f6c IsWindowUnicode
0x4d8f70 IsWindowEnabled
0x4d8f74 IsWindow
0x4d8f78 IsRectEmpty
0x4d8f7c IsIconic
0x4d8f80 IsDialogMessageA
0x4d8f84 IsDialogMessageW
0x4d8f88 IsChild
0x4d8f8c InvalidateRect
0x4d8f90 IntersectRect
0x4d8f94 InsertMenuItemW
0x4d8f98 InsertMenuW
0x4d8f9c InflateRect
0x4d8fa4 GetWindowTextW
0x4d8fa8 GetWindowRect
0x4d8fac GetWindowPlacement
0x4d8fb0 GetWindowLongW
0x4d8fb4 GetWindowDC
0x4d8fb8 GetTopWindow
0x4d8fbc GetSystemMetrics
0x4d8fc0 GetSystemMenu
0x4d8fc4 GetSysColorBrush
0x4d8fc8 GetSysColor
0x4d8fcc GetSubMenu
0x4d8fd0 GetScrollRange
0x4d8fd4 GetScrollPos
0x4d8fd8 GetScrollInfo
0x4d8fdc GetPropW
0x4d8fe0 GetParent
0x4d8fe4 GetWindow
0x4d8fe8 GetMessagePos
0x4d8fec GetMessageW
0x4d8ff0 GetMenuStringW
0x4d8ff4 GetMenuState
0x4d8ff8 GetMenuItemInfoW
0x4d8ffc GetMenuItemID
0x4d9000 GetMenuItemCount
0x4d9004 GetMenu
0x4d9008 GetLastActivePopup
0x4d900c GetKeyboardState
0x4d9018 GetKeyboardLayout
0x4d901c GetKeyState
0x4d9020 GetKeyNameTextW
0x4d9024 GetIconInfo
0x4d9028 GetForegroundWindow
0x4d902c GetFocus
0x4d9030 GetDesktopWindow
0x4d9034 GetDCEx
0x4d9038 GetDC
0x4d903c GetCursorPos
0x4d9040 GetCursor
0x4d9044 GetClientRect
0x4d9048 GetClassLongW
0x4d904c GetClassInfoW
0x4d9050 GetCapture
0x4d9054 GetActiveWindow
0x4d9058 FrameRect
0x4d905c FindWindowExW
0x4d9060 FindWindowW
0x4d9064 FillRect
0x4d9068 ExitWindowsEx
0x4d906c EnumWindows
0x4d9070 EnumThreadWindows
0x4d9074 EnumChildWindows
0x4d9078 EndPaint
0x4d907c EnableWindow
0x4d9080 EnableScrollBar
0x4d9084 DrawTextExW
0x4d9088 DrawTextW
0x4d908c DrawMenuBar
0x4d9090 DrawIconEx
0x4d9094 DrawIcon
0x4d9098 DrawFrameControl
0x4d909c DrawFocusRect
0x4d90a0 DrawEdge
0x4d90a4 DispatchMessageA
0x4d90a8 DispatchMessageW
0x4d90ac DestroyWindow
0x4d90b0 DestroyMenu
0x4d90b4 DestroyIcon
0x4d90b8 DestroyCursor
0x4d90bc DeleteMenu
0x4d90c0 DefWindowProcW
0x4d90c4 DefMDIChildProcW
0x4d90c8 DefFrameProcW
0x4d90cc CreatePopupMenu
0x4d90d0 CreateMenu
0x4d90d4 CreateIcon
0x4d90d8 ClientToScreen
0x4d90dc CheckMenuItem
0x4d90e0 CharUpperBuffW
0x4d90e4 CharLowerBuffW
0x4d90e8 CharLowerW
0x4d90ec CallWindowProcW
0x4d90f0 CallNextHookEx
0x4d90f4 BringWindowToTop
0x4d90f8 BeginPaint
0x4d90fc AppendMenuW
0x4d9100 CharToOemBuffA
0x4d9104 AdjustWindowRectEx
Library GDI32.dll:
0x4d9110 GetFontLanguageInfo
0x4d9114 UpdateColors
0x4d9118 GetTextColor
0x4d911c GetObjectType
0x4d9120 GetLayout
0x4d9124 UnrealizeObject
0x4d9128 GetMapMode
0x4d912c GetPixelFormat
0x4d9130 GetPolyFillMode
0x4d9134 RealizePalette
0x4d9138 GetSystemPaletteUse
0x4d913c SwapBuffers
0x4d9140 SetMetaRgn
0x4d9148 GetTextAlign
0x4d914c GetDCPenColor
0x4d9150 GetTextCharset
0x4d9154 GetEnhMetaFileA
0x4d9158 GetStretchBltMode
0x4d915c WidenPath
0x4d9160 GetROP2
0x4d9164 GetStockObject
0x4d9168 StrokePath
0x4d916c GetEnhMetaFileW
0x4d9170 SaveDC
0x4d9174 GetGraphicsMode
0x4d9178 PathToRegion
0x4d9180 GdiEntry5
0x4d9184 CreateBrushIndirect
0x4d9188 XLATEOBJ_piVector
0x4d918c GetGlyphOutlineWow
0x4d9190 GdiConsoleTextOut
0x4d9194 GdiEntry14
0x4d9198 ExtEscape
0x4d91a0 GetPath
0x4d91a4 EudcLoadLinkW
0x4d91ac UpdateICMRegKeyW
0x4d91b0 GdiPlayScript
0x4d91b4 SetTextAlign
0x4d91bc LPtoDP
0x4d91c0 GetRasterizerCaps
0x4d91c4 EngQueryEMFInfo
0x4d91c8 GdiAddGlsRecord
0x4d91cc EngAlphaBlend
0x4d91d0 MoveToEx
0x4d91d4 RestoreDC
0x4d91d8 GetNearestColor
0x4d91dc GdiFlush
0x4d91e0 ScaleWindowExtEx
0x4d91e4 CLIPOBJ_bEnum
0x4d91e8 GdiEntry15
0x4d91ec GdiSwapBuffers
0x4d91f0 GdiIsMetaPrintDC
0x4d91f4 EngCreateBitmap
0x4d91f8 GetCharWidthFloatA
0x4d9200 SelectPalette
0x4d9208 EndPage
0x4d920c StretchBlt
0x4d9210 SetWindowOrgEx
0x4d9214 SetViewportOrgEx
0x4d9218 SetTextColor
0x4d921c SetStretchBltMode
0x4d9220 SetROP2
0x4d9224 SetPixel
0x4d9228 SetDIBColorTable
0x4d922c SetBrushOrgEx
0x4d9230 SetBkMode
0x4d9234 SetBkColor
0x4d9238 SelectObject
0x4d923c RoundRect
0x4d9240 RemoveFontResourceW
0x4d9244 Rectangle
0x4d9248 RectVisible
0x4d924c Polyline
0x4d9250 Pie
0x4d9254 PatBlt
0x4d9258 MaskBlt
0x4d925c LineTo
0x4d9260 LineDDA
0x4d9264 IntersectClipRect
0x4d9268 GetWindowOrgEx
0x4d926c GetTextMetricsW
0x4d9270 GetTextExtentPointW
0x4d927c GetRgnBox
0x4d9280 GetPixel
0x4d9284 GetPaletteEntries
0x4d9288 GetObjectW
0x4d928c GetDeviceCaps
0x4d9290 GetDIBits
0x4d9294 GetDIBColorTable
0x4d9298 GetDCOrgEx
0x4d92a0 GetClipBox
0x4d92a4 GetBrushOrgEx
0x4d92a8 GetBitmapBits
0x4d92ac FrameRgn
0x4d92b0 ExtTextOutW
0x4d92b4 ExtFloodFill
0x4d92b8 ExcludeClipRect
0x4d92bc EnumFontsW
0x4d92c0 Ellipse
0x4d92c4 DeleteObject
0x4d92c8 DeleteDC
0x4d92cc CreateSolidBrush
0x4d92d0 CreateRectRgn
0x4d92d4 CreatePenIndirect
0x4d92d8 CreatePalette
0x4d92e0 CreateFontIndirectW
0x4d92e4 CreateDIBitmap
0x4d92e8 CreateDIBSection
0x4d92ec CreateCompatibleDC
0x4d92f4 CreateBitmap
0x4d92f8 Chord
0x4d92fc BitBlt
0x4d9300 Arc
0x4d9304 AddFontResourceW
Library COMDLG32.dll:
0x4d930c GetSaveFileNameW
0x4d9310 GetOpenFileNameW
Library ADVAPI32.dll:
0x4d9318 RegOpenKeyW
0x4d931c RegQueryValueExA
0x4d9320 RegQueryValueExW
0x4d9324 RegOpenKeyExW
0x4d9328 RegCloseKey
0x4d9330 RegSetValueExW
0x4d9334 RegQueryInfoKeyW
0x4d9338 RegFlushKey
0x4d933c RegEnumValueW
0x4d9340 RegEnumKeyExW
0x4d9344 RegDeleteValueW
0x4d9348 RegDeleteKeyW
0x4d934c RegCreateKeyExW
0x4d9350 OpenThreadToken
0x4d9354 OpenProcessToken
0x4d9360 GetUserNameW
0x4d9364 GetTokenInformation
0x4d9368 FreeSid
0x4d936c EqualSid
Library SHELL32.dll:
0x4d937c CommandLineToArgvW
0x4d9380 ShellExecuteExW
0x4d9384 ShellExecuteW
0x4d9388 SHGetFileInfoW
0x4d938c ExtractIconW
0x4d9394 SHGetMalloc
0x4d9398 SHChangeNotify
0x4d939c SHBrowseForFolderW
Library ole32.dll:
0x4d93a4 OleUninitialize
0x4d93a8 OleInitialize
0x4d93ac CoTaskMemFree
0x4d93b0 CLSIDFromProgID
0x4d93b4 CLSIDFromString
0x4d93b8 StringFromCLSID
0x4d93bc CoCreateInstance
0x4d93c4 CoUninitialize
0x4d93c8 CoInitialize
0x4d93cc IsEqualGUID
0x4d93d0 CoDisconnectObject

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 49235 114.114.114.114 53
192.168.56.101 50534 114.114.114.114 53
192.168.56.101 56539 114.114.114.114 53
192.168.56.101 58367 114.114.114.114 53
192.168.56.101 65004 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 123 20.189.79.72 time.windows.com 123
192.168.56.101 53657 224.0.0.252 5355
192.168.56.101 55368 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 60123 224.0.0.252 5355
192.168.56.101 62191 224.0.0.252 5355
192.168.56.101 1900 239.255.255.250 1900
192.168.56.101 56540 239.255.255.250 3702
192.168.56.101 56807 239.255.255.250 1900
192.168.56.101 58368 239.255.255.250 3702
192.168.56.101 58370 239.255.255.250 3702
192.168.56.101 58707 239.255.255.250 3702

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.