5.0
中危
58 个模型检测该样本为恶意!
重新分析
更多

b2e312a2690d59a2c3ad0520e0e60dd046fc66e039a0c24baf349e959e87b006

b7962af91bea2be8cf0a8ae74b81f5f9.exe

分析耗时

73s

最近分析

文件大小

560.5KB
静态报毒 动态报毒 100% AI SCORE=83 AIDETECTVM BANKERX BSCOPE CERT CLASSIC CONFIDENCE EHLS ELDORADO ENCPK GDSDA GENERICKDZ GRAYWARE HFMH HIGH CONFIDENCE HQPASN JU1@AYOXTOL KRYPTIK MALWARE1 MALWARE@#19YOXEYXJIIW6 QAKBOT QBOT QVM19 R + MAL R002C0CH520 R347069 SCORE SIGGEN2 STATIC AI SUSPICIOUS PE SZOSA UNSAFE WK+IVTBENMQ ZENPAK ZEXAF 更多
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
CrowdStrike win/malicious_confidence_100% (D) 20190702 1.0
Baidu 20190318 1.0.0.2
Alibaba Trojan:Win32/Qakbot.434dbf14 20190527 0.3.0.5
Tencent 20201211 1.0.0.1
Kingsoft 20201211 2017.9.26.565
McAfee Packed-GCB!B7962AF91BEA 20201211 6.0.6.653
Avast Win32:BankerX-gen [Trj] 20201210 21.1.5827.0
静态指标
Queries for the computername (2 个事件)
Time & API Arguments Status Return Repeated
1619861138.971924
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
1619871940.529625
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
This executable is signed
Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available (1 个事件)
Time & API Arguments Status Return Repeated
1619861138.955924
GlobalMemoryStatusEx
success 1 0
The executable contains unknown PE section names indicative of a packer (could be a false positive) (1 个事件)
section .rdata5
One or more processes crashed (2 个事件)
Time & API Arguments Status Return Repeated
1619871941.201625
__exception__
stacktrace: 
b7962af91bea2be8cf0a8ae74b81f5f9+0x6a4c @ 0x406a4c
b7962af91bea2be8cf0a8ae74b81f5f9+0x23c8 @ 0x4023c8
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1638136
registers.edi: 0
registers.eax: 1447909480
registers.ebp: 1638204
registers.edx: 22104
registers.ebx: 8
registers.esi: 8975608
registers.ecx: 10
exception.instruction_r: ed 89 5d e4 89 4d e0 5a 59 5b 58 83 4d fc ff eb
exception.symbol: b7962af91bea2be8cf0a8ae74b81f5f9+0x529e
exception.instruction: in eax, dx
exception.module: b7962af91bea2be8cf0a8ae74b81f5f9.exe
exception.exception_code: 0xc0000096
exception.offset: 21150
exception.address: 0x40529e
success 0 0
1619871941.201625
__exception__
stacktrace: 
b7962af91bea2be8cf0a8ae74b81f5f9+0x6a55 @ 0x406a55
b7962af91bea2be8cf0a8ae74b81f5f9+0x23c8 @ 0x4023c8
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1638084
registers.edi: 0
registers.eax: 1447909480
registers.ebp: 1638204
registers.edx: 22104
registers.ebx: 8
registers.esi: 8975608
registers.ecx: 20
exception.instruction_r: ed 89 45 e4 5a 59 5b 58 83 4d fc ff eb 2f 33 c0
exception.symbol: b7962af91bea2be8cf0a8ae74b81f5f9+0x5357
exception.instruction: in eax, dx
exception.module: b7962af91bea2be8cf0a8ae74b81f5f9.exe
exception.exception_code: 0xc0000096
exception.offset: 21335
exception.address: 0x405357
success 0 0
行为判定
动态指标
Allocates read-write-execute memory (usually to unpack itself) (6 个事件)
Time & API Arguments Status Return Repeated
1619861117.112924
NtAllocateVirtualMemory
process_identifier: 2364
region_size: 278528
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x01cc0000
success 0 0
1619861138.862924
NtAllocateVirtualMemory
process_identifier: 2364
region_size: 274432
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x01d10000
success 0 0
1619861138.862924
NtProtectVirtualMemory
process_identifier: 2364
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 290816
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00400000
success 0 0
1619871923.419625
NtAllocateVirtualMemory
process_identifier: 2292
region_size: 278528
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x02370000
success 0 0
1619871940.419625
NtAllocateVirtualMemory
process_identifier: 2292
region_size: 274432
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x023c0000
success 0 0
1619871940.419625
NtProtectVirtualMemory
process_identifier: 2292
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 290816
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00400000
success 0 0
A process created a hidden window (1 个事件)
Time & API Arguments Status Return Repeated
1619861139.674924
CreateProcessInternalW
thread_identifier: 2860
thread_handle: 0x00000160
process_identifier: 2292
current_directory:
filepath:
track: 1
command_line: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\b7962af91bea2be8cf0a8ae74b81f5f9.exe /C
filepath_r:
stack_pivoted: 0
creation_flags: 134217728 (CREATE_NO_WINDOW)
process_handle: 0x00000164
inherit_handles: 0
success 1 0
The binary likely contains encrypted or compressed data indicative of a packer (2 个事件)
entropy 7.030189473625796 section {'size_of_data': '0x00052800', 'virtual_address': '0x00001000', 'entropy': 7.030189473625796, 'name': '.text', 'virtual_size': '0x000527b5'} description A section with a high entropy has been found
entropy 0.5908683974932856 description Overall entropy of this PE file is high
Expresses interest in specific running processes (1 个事件)
process vboxservice.exe
网络通信
Communicates with host for which no DNS query was performed (1 个事件)
host 172.217.24.14
Detects VMWare through the in instruction feature (1 个事件)
Time & API Arguments Status Return Repeated
1619871941.201625
__exception__
stacktrace: 
b7962af91bea2be8cf0a8ae74b81f5f9+0x6a4c @ 0x406a4c
b7962af91bea2be8cf0a8ae74b81f5f9+0x23c8 @ 0x4023c8
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1638136
registers.edi: 0
registers.eax: 1447909480
registers.ebp: 1638204
registers.edx: 22104
registers.ebx: 8
registers.esi: 8975608
registers.ecx: 10
exception.instruction_r: ed 89 5d e4 89 4d e0 5a 59 5b 58 83 4d fc ff eb
exception.symbol: b7962af91bea2be8cf0a8ae74b81f5f9+0x529e
exception.instruction: in eax, dx
exception.module: b7962af91bea2be8cf0a8ae74b81f5f9.exe
exception.exception_code: 0xc0000096
exception.offset: 21150
exception.address: 0x40529e
success 0 0
File has been identified by 58 AntiVirus engines on VirusTotal as malicious (50 out of 58 个事件)
Bkav W32.AIDetectVM.malware1
Elastic malicious (high confidence)
MicroWorld-eScan Trojan.GenericKDZ.69261
FireEye Generic.mg.b7962af91bea2be8
ALYac Trojan.Agent.QakBot
Cylance Unsafe
VIPRE Trojan.Win32.Generic!BT
AegisLab Trojan.Win32.Zenpak.4!c
Sangfor Malware
K7AntiVirus Trojan ( 0056bfb01 )
BitDefender Trojan.GenericKDZ.69261
K7GW Trojan ( 0056bfb01 )
CrowdStrike win/malicious_confidence_100% (D)
Arcabit Trojan.Generic.D10E8D
BitDefenderTheta Gen:NN.ZexaF.34670.Ju1@ayOxTOl
Cyren W32/Qbot.N.gen!Eldorado
Symantec Packed.Generic.459
ESET-NOD32 a variant of Win32/Kryptik.HFMH
APEX Malicious
Paloalto generic.ml
ClamAV Win.Dropper.Qakbot-9514980-0
Kaspersky HEUR:Trojan.Win32.Zenpak.pef
Alibaba Trojan:Win32/Qakbot.434dbf14
NANO-Antivirus Trojan.Win32.Kryptik.hqpasn
Ad-Aware Trojan.GenericKDZ.69261
Emsisoft Trojan.GenericKDZ.69261 (B)
Comodo Malware@#19yoxeyxjiiw6
F-Secure Trojan.TR/Crypt.Agent.szosa
DrWeb Trojan.PWS.Siggen2.53082
Zillya Trojan.Kryptik.Win32.2335959
TrendMicro TROJ_GEN.R002C0CH520
McAfee-GW-Edition Packed-GCB!B7962AF91BEA
Sophos Mal/Generic-R + Mal/EncPk-APV
Ikarus Trojan-Banker.QakBot
Jiangmin Trojan.Zenpak.csa
Avira TR/Crypt.Agent.szosa
MAX malware (ai score=83)
Antiy-AVL GrayWare/Win32.Kryptik.ehls
Gridinsoft Trojan.Win32.Kryptik.oa
Microsoft Trojan:Win32/Qakbot.VD!Cert
AhnLab-V3 Trojan/Win32.Qakbot.R347069
ZoneAlarm HEUR:Trojan.Win32.Zenpak.pef
GData Trojan.GenericKDZ.69261
Cynet Malicious (score: 100)
McAfee Packed-GCB!B7962AF91BEA
VBA32 BScope.Trojan.Qakbot
Malwarebytes Backdoor.Qbot
Panda Trj/GdSda.A
TrendMicro-HouseCall TROJ_GEN.R002C0CH520
Rising Trojan.Kryptik!1.C9B1 (CLASSIC)
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

1983-02-01 09:46:20

Imports

Library KERNEL32.dll:
0x46e144 IsValidCodePage
0x46e148 GetThreadLocale
0x46e150 GetACP
0x46e154 GetOEMCP
0x46e158 GetLocaleInfoW
0x46e15c Sleep
0x46e160 WaitForSingleObject
0x46e164 GetSystemDirectoryW
0x46e16c GetCurrentProcess
0x46e170 CreateThread
0x46e174 SetThreadPriority
0x46e178 SetErrorMode
0x46e17c SetThreadLocale
0x46e180 CloseHandle
0x46e184 GetModuleHandleA
0x46e188 TerminateProcess
0x46e18c TerminateThread
0x46e190 ReadFile
0x46e194 CreatePipe
0x46e198 GetExitCodeProcess
0x46e1a0 GetCurrentProcessId
0x46e1a4 MultiByteToWideChar
0x46e1a8 WideCharToMultiByte
0x46e1ac LCMapStringW
0x46e1b0 GetCPInfo
0x46e1bc CreateEventW
0x46e1c0 GetLastError
0x46e1c4 ExitProcess
0x46e1c8 WriteFile
0x46e1cc ExitThread
0x46e1d0 HeapReAlloc
0x46e1d4 CompareStringA
0x46e1d8 LoadLibraryA
0x46e1dc GetProcAddress
0x46e1e0 VirtualAlloc
0x46e1e4 GetStringTypeW
0x46e1e8 GetStringTypeA
0x46e1ec LCMapStringA
0x46e1f0 HeapAlloc
0x46e1f4 HeapFree
0x46e1f8 VirtualFree
0x46e1fc HeapCreate
0x46e200 HeapDestroy
0x46e204 GetStartupInfoA
0x46e208 GetFileType
0x46e20c GetStdHandle
0x46e210 SetHandleCount
0x46e224 GetModuleFileNameA
0x46e22c GetVersion
0x46e230 GetCommandLineA
0x46e234 SetEvent
0x46e238 CompareStringW
0x46e23c RemoveDirectoryW
0x46e240 GetModuleFileNameW
0x46e244 GetShortPathNameA
0x46e250 LocalReAlloc
0x46e254 _lwrite
0x46e258 GetTickCount
0x46e260 UnlockFile
0x46e264 SetTapeParameters
0x46e268 ClearCommError
0x46e26c Beep
0x46e270 PurgeComm
0x46e278 TlsSetValue
0x46e27c CreateSemaphoreW
0x46e284 WriteConsoleInputA
0x46e28c FindAtomW
0x46e290 VirtualProtect
0x46e298 SignalObjectAndWait
0x46e2b0 FatalAppExitA
0x46e2b8 EnumCalendarInfoExW
0x46e2bc ResetEvent
0x46e2c0 CancelWaitableTimer
0x46e2c4 SetLocaleInfoA
0x46e2c8 GetComputerNameExA
0x46e2cc TlsGetValue
0x46e2d0 LocalAlloc
0x46e2d4 GetModuleHandleW
0x46e2d8 lstrlenW
0x46e2dc lstrcmpA
0x46e2e4 VirtualQuery
0x46e2e8 UnmapViewOfFile
0x46e2f0 SuspendThread
0x46e2f4 SizeofResource
0x46e300 SetLastError
0x46e304 SetFilePointer
0x46e308 SetFileAttributesA
0x46e30c SetEndOfFile
0x46e310 ResumeThread
0x46e314 RemoveDirectoryA
0x46e318 ReleaseMutex
0x46e31c ReadProcessMemory
0x46e320 RaiseException
0x46e32c QueryDosDeviceW
0x46e330 OutputDebugStringW
0x46e334 OpenProcess
0x46e338 OpenFileMappingA
0x46e33c OpenFileMappingW
0x46e340 MulDiv
0x46e344 MoveFileW
0x46e348 MapViewOfFile
0x46e34c LockResource
0x46e350 LocalSize
0x46e354 LocalFree
0x46e358 LoadResource
0x46e35c LoadLibraryExA
0x46e360 LoadLibraryW
0x46e368 IsBadReadPtr
0x46e36c GlobalUnlock
0x46e370 GlobalReAlloc
0x46e374 GlobalMemoryStatus
0x46e378 GlobalHandle
0x46e37c GlobalLock
0x46e380 GlobalGetAtomNameW
0x46e384 GlobalFree
0x46e388 GlobalAlloc
0x46e394 GetVersionExA
0x46e398 GetVersionExW
0x46e39c GetThreadPriority
0x46e3a0 GetThreadContext
0x46e3a4 GetTempPathA
0x46e3a8 GetSystemTime
0x46e3ac GetSystemInfo
0x46e3b0 GetProcessTimes
0x46e3b8 GetPriorityClass
0x46e3c0 GetLocaleInfoA
0x46e3c4 GetLocalTime
0x46e3c8 GetFileTime
0x46e3cc GetFileSize
0x46e3d0 GetFileAttributesA
0x46e3d4 GetFileAttributesW
0x46e3d8 GetDiskFreeSpaceExW
0x46e3dc GetDiskFreeSpaceA
0x46e3e0 GetCurrentThreadId
0x46e3e4 GetCurrentThread
0x46e3e8 GetComputerNameA
0x46e3ec GetCommandLineW
0x46e3f0 FreeResource
0x46e3fc InterlockedExchange
0x46e408 FreeLibrary
0x46e40c FormatMessageA
0x46e410 FindResourceA
0x46e414 FindResourceW
0x46e418 FindNextFileA
0x46e41c FindFirstFileA
0x46e420 FindClose
0x46e438 DuplicateHandle
0x46e43c DeleteFileA
0x46e440 DeleteFileW
0x46e448 CreateRemoteThread
0x46e44c CreateProcessA
0x46e450 CreateProcessW
0x46e454 CreateMutexA
0x46e458 CreateMutexW
0x46e45c CreateFileMappingA
0x46e460 CreateFileMappingW
0x46e464 CreateFileA
0x46e468 CreateFileW
0x46e46c CreateDirectoryA
0x46e470 CopyFileA
0x46e474 CopyFileW
0x46e478 RtlUnwind
0x46e47c GetLongPathNameW
0x46e484 VirtualAllocEx
Library USER32.dll:
0x46e48c GetKeyboardType
0x46e490 MessageBoxA
0x46e494 GetActiveWindow
0x46e498 LoadStringA
0x46e49c SetForegroundWindow
0x46e4a0 OpenIcon
0x46e4a4 wsprintfW
0x46e4a8 EnumPropsA
0x46e4ac CreateDesktopW
0x46e4b0 GetMenuItemInfoA
0x46e4b8 MapWindowPoints
0x46e4bc MessageBoxIndirectW
0x46e4c0 CloseWindow
0x46e4c4 CreateWindowExA
0x46e4c8 CreateWindowExW
0x46e4cc WindowFromPoint
0x46e4d0 TranslateMessage
0x46e4d8 ShowWindow
0x46e4dc ShowOwnedPopups
0x46e4e0 SetWindowTextA
0x46e4e4 SetWindowPos
0x46e4e8 SetWindowLongA
0x46e4ec SetTimer
0x46e4f0 SetRect
0x46e4f4 SetFocus
0x46e4f8 SetCursor
0x46e4fc SetClipboardData
0x46e500 SetCapture
0x46e504 SetActiveWindow
0x46e508 SendMessageTimeoutA
0x46e50c SendMessageA
0x46e510 SendMessageW
0x46e514 ScreenToClient
0x46e518 RemoveMenu
0x46e51c ReleaseDC
0x46e520 ReleaseCapture
0x46e528 RegisterClassA
0x46e52c PostThreadMessageA
0x46e530 PostThreadMessageW
0x46e534 PostQuitMessage
0x46e538 PostMessageA
0x46e53c PostMessageW
0x46e540 PeekMessageA
0x46e544 PeekMessageW
0x46e548 OpenClipboard
0x46e54c OffsetRect
0x46e550 MessageBeep
0x46e554 LoadImageA
0x46e558 LoadCursorW
0x46e55c KillTimer
0x46e560 IsWindowVisible
0x46e564 IsWindowUnicode
0x46e568 IsWindowEnabled
0x46e56c IsWindow
0x46e570 IsIconic
0x46e574 IsDialogMessageW
0x46e578 InvalidateRect
0x46e57c InflateRect
0x46e584 GetWindowTextA
0x46e588 GetWindowRect
0x46e58c GetWindowPlacement
0x46e590 GetWindowLongW
0x46e594 GetWindowDC
0x46e598 GetSystemMetrics
0x46e59c GetSystemMenu
0x46e5a0 GetSysColorBrush
0x46e5a4 GetSysColor
0x46e5a8 GetWindow
0x46e5ac GetMessageA
0x46e5b0 GetMessageW
0x46e5b4 GetKeyState
0x46e5b8 GetIconInfo
0x46e5bc GetFocus
0x46e5c0 GetDC
0x46e5c4 GetCursorPos
0x46e5c8 GetCursor
0x46e5d0 GetClientRect
0x46e5d4 GetClassNameA
0x46e5d8 GetCapture
0x46e5dc FrameRect
0x46e5e0 FindWindowW
0x46e5e4 FillRect
0x46e5e8 EnumWindows
0x46e5ec EndPaint
0x46e5f0 EnableWindow
0x46e5f4 EmptyClipboard
0x46e5f8 DrawTextA
0x46e5fc DrawIconEx
0x46e600 DrawFrameControl
0x46e604 DrawFocusRect
0x46e608 DispatchMessageW
0x46e60c DestroyWindow
0x46e610 DefWindowProcA
0x46e614 DefWindowProcW
0x46e618 CloseClipboard
0x46e61c CallWindowProcW
0x46e620 BringWindowToTop
0x46e624 BeginPaint
0x46e628 AttachThreadInput
0x46e62c GetAsyncKeyState
0x46e630 CharUpperW
0x46e634 GetDoubleClickTime
0x46e638 GetParent
0x46e63c GetTopWindow
0x46e640 CharNextA
0x46e644 GetDesktopWindow
0x46e64c IsCharUpperW
0x46e650 CharLowerW
0x46e654 LoadIconA
Library GDI32.dll:
0x46e65c GdiFixUpHandle
0x46e660 ResetDCA
0x46e664 EngCreatePalette
0x46e66c CreateBitmap
0x46e670 GetCharABCWidthsI
0x46e674 GdiPlayJournal
0x46e678 GetDeviceGammaRamp
0x46e67c RemoveFontResourceA
0x46e680 Polygon
0x46e684 MirrorRgn
0x46e688 GdiInitSpool
0x46e690 GetEnhMetaFileBits
0x46e694 PolyDraw
0x46e698 StartFormPage
0x46e69c SetViewportOrgEx
0x46e6a0 CreateEnhMetaFileW
0x46e6a4 SelectClipRgn
0x46e6a8 GetMetaRgn
0x46e6b0 GdiIsPlayMetafileDC
0x46e6b8 GetStringBitmapW
0x46e6c4 GetStringBitmapA
0x46e6c8 GetObjectW
0x46e6cc EudcLoadLinkW
0x46e6d0 GetLogColorSpaceA
0x46e6d4 GdiGetPageHandle
0x46e6d8 EndPath
0x46e6e8 SetDIBitsToDevice
0x46e6ec SetDIBColorTable
0x46e6f0 CLIPOBJ_cEnumStart
0x46e6f4 UnrealizeObject
0x46e6fc SetMapperFlags
0x46e704 EngAssociateSurface
0x46e708 GdiValidateHandle
0x46e70c TextOutA
0x46e710 StretchDIBits
0x46e714 StretchBlt
0x46e718 StartPage
0x46e71c StartDocA
0x46e720 SetTextColor
0x46e724 SetStretchBltMode
0x46e728 SetMapMode
0x46e72c SetBkMode
0x46e730 SetBkColor
0x46e734 SelectPalette
0x46e738 SelectObject
0x46e73c ResizePalette
0x46e740 RealizePalette
0x46e744 MoveToEx
0x46e748 LineTo
0x46e74c GetTextMetricsW
0x46e750 GetTextFaceA
0x46e758 GetStockObject
0x46e75c GetRgnBox
0x46e760 GetPaletteEntries
0x46e764 GetObjectType
0x46e76c GetDeviceCaps
0x46e770 GetDIBits
0x46e774 GetCurrentObject
0x46e778 GetClipBox
0x46e77c GdiFlush
0x46e780 EndPage
0x46e784 EndDoc
0x46e788 DeleteObject
0x46e78c DeleteDC
0x46e790 CreateSolidBrush
0x46e798 CreatePen
0x46e79c CreatePalette
0x46e7a4 CreateFontA
0x46e7a8 CreateFontW
0x46e7ac CreateDIBSection
0x46e7b0 CreateDCW
0x46e7b4 CreateCompatibleDC
0x46e7bc CombineRgn
0x46e7c0 BitBlt
0x46e7c4 WidenPath
0x46e7c8 StrokePath
0x46e7cc CloseEnhMetaFile
0x46e7d0 GetStretchBltMode
0x46e7d4 GetColorSpace
0x46e7d8 GetPixelFormat
0x46e7dc SwapBuffers
0x46e7e0 FillPath
0x46e7e4 CloseFigure
0x46e7e8 GetROP2
0x46e7ec GetDCBrushColor
0x46e7f0 PathToRegion
0x46e7f4 DeleteMetaFile
0x46e7f8 GetEnhMetaFileA
Library COMDLG32.dll:
0x46e800 PrintDlgW
0x46e804 GetSaveFileNameA
Library ADVAPI32.dll:
0x46e80c RegOpenKeyExW
0x46e810 RegCloseKey
0x46e814 RegQueryValueExW
0x46e828 RevertToSelf
0x46e82c ReportEventW
0x46e834 RegSetValueExA
0x46e838 RegQueryValueExA
0x46e83c RegQueryInfoKeyW
0x46e840 RegOpenKeyExA
0x46e844 RegEnumKeyA
0x46e848 RegDeleteValueA
0x46e84c RegCreateKeyExA
0x46e850 OpenProcessToken
0x46e858 LookupAccountSidW
0x46e860 GetUserNameA
0x46e864 GetUserNameW
0x46e868 GetTokenInformation
0x46e870 GetSidSubAuthority
0x46e874 FreeSid
0x46e878 DuplicateTokenEx
0x46e890 StartServiceW
0x46e898 SetServiceStatus
0x46e89c QueryServiceStatus
0x46e8a4 OpenServiceW
0x46e8a8 OpenSCManagerW
0x46e8ac LockServiceDatabase
0x46e8b0 DeleteService
0x46e8b4 CreateServiceW
0x46e8b8 ControlService
0x46e8bc CloseServiceHandle
0x46e8c4 RegOpenKeyW
Library SHELL32.dll:
0x46e8cc SHFreeNameMappings
0x46e8d4 SHGetFileInfo
0x46e8d8 ShellExecuteExA
0x46e8dc ShellExecuteA
0x46e8e0 ShellExecuteW
0x46e8e4 SHGetFolderLocation
0x46e8f4 SHGetMalloc
Library SHLWAPI.dll:
0x46e8fc StrRStrIA
Library COMCTL32.dll:
0x46e904 ImageList_Destroy
0x46e908 ImageList_Create
0x46e90c

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 49235 114.114.114.114 53
192.168.56.101 50534 114.114.114.114 53
192.168.56.101 56539 114.114.114.114 53
192.168.56.101 65004 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 51963 224.0.0.252 5355
192.168.56.101 55368 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 62191 224.0.0.252 5355
192.168.56.101 1900 239.255.255.250 1900
192.168.56.101 50535 239.255.255.250 3702
192.168.56.101 56540 239.255.255.250 3702
192.168.56.101 56807 239.255.255.250 1900
192.168.56.101 58707 239.255.255.250 3702

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.