5.8
高危
59 个模型检测该样本为恶意!
重新分析
更多

cfa902295e508fe2013b7028ebffd7b66e54180388161911d75457ce605005e4

b945b27d81e42701d10476f95f6cdda8.exe

分析耗时

22s

最近分析

文件大小

902.5KB
静态报毒 动态报毒 0DL9OFK8CTQ 100% 4GW@AIYQ@NPI AI SCORE=89 AIDETECTVM ALI2000015 ANDROM AUNQ CLASSIC CONFIDENCE DELF DELFINJECT DELPHILESS EESQ ELHU ENWL FAREIT GEN4 GENASA GENCIRC HHZHEJ HIGH CONFIDENCE INJECT3 KCLOUD KPOT LOKI MALICIOUS PE MALWARE1 MALWARE@#1AQVJN3IZ0BYM R + MAL SCORE SMDF STATIC AI SUSGEN TSCOPE UNSAFE WACATAC X2059 ZELPHIF ZSUK 更多
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
McAfee Fareit-FRQ!B945B27D81E4 20201229 6.0.6.653
Alibaba Trojan:Win32/DelfInject.ali2000015 20190527 0.3.0.5
Avast Win32:Trojan-gen 20201229 21.1.5827.0
Baidu 20190318 1.0.0.2
Kingsoft Win32.Hack.Undef.(kcloud) 20201229 2017.9.26.565
Tencent Malware.Win32.Gencirc.113aaa12 20201229 1.0.0.1
CrowdStrike win/malicious_confidence_100% (W) 20190702 1.0
静态指标
The executable contains unknown PE section names indicative of a packer (could be a false positive) (3 个事件)
section CODE
section DATA
section BSS
The executable uses a known packer (1 个事件)
packer BobSoft Mini Delphi -> BoB / BobSoft
One or more processes crashed (2 个事件)
Time & API Arguments Status Return Repeated
1619861120.31425
__exception__
stacktrace: 
b945b27d81e42701d10476f95f6cdda8+0x6bb16 @ 0x46bb16
b945b27d81e42701d10476f95f6cdda8+0x3dbb @ 0x403dbb
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1637912
registers.edi: 4635464
registers.eax: 0
registers.ebp: 1638204
registers.edx: 2130566132
registers.ebx: 0
registers.esi: 71
registers.ecx: 3728998400
exception.instruction_r: f7 f0 90 90 90 90 90 33 c0 5a 59 59 64 89 10 eb
exception.symbol: b945b27d81e42701d10476f95f6cdda8+0x6b8fb
exception.instruction: div eax
exception.module: b945b27d81e42701d10476f95f6cdda8.exe
exception.exception_code: 0xc0000094
exception.offset: 440571
exception.address: 0x46b8fb
success 0 0
1619882299.035
__exception__
stacktrace: 
RtlFlsAlloc+0x421 EtwNotificationRegister-0x6ae ntdll+0x3ee84 @ 0x77d6ee84
RtlRunOnceComplete+0x3a4 LdrLoadDll-0xb1 ntdll+0x3c389 @ 0x77d6c389
LdrLoadDll+0x7b _strcmpi-0x304 ntdll+0x3c4b5 @ 0x77d6c4b5
New_ntdll_LdrLoadDll@16+0x7b New_ntdll_LdrUnloadDll@4-0xb7 @ 0x7526d4cf
LoadLibraryExW+0x178 LoadLibraryExA-0x2a kernelbase+0x11d2a @ 0x778f1d2a
b945b27d81e42701d10476f95f6cdda8+0x2a3f8 @ 0x42a3f8
_CorValidateImage+0x83f _CorExeMain-0x2cc mscoree+0x4b0f @ 0x75114b0f
_CorExeMain+0xf62 CreateConfigStream-0x209a mscoree+0x5d3d @ 0x75115d3d
0x57005c

registers.esp: 1633872
registers.edi: 0
registers.eax: 0
registers.ebp: 1633912
registers.edx: 582600
registers.ebx: 0
registers.esi: 1634116
registers.ecx: 176
exception.symbol:
exception.exception_code: 0xc0000005
exception.address: 0xff2314ad
success 0 0
行为判定
动态指标
One or more potentially interesting buffers were extracted, these generally contain injected code, configuration data, etc.
Allocates read-write-execute memory (usually to unpack itself) (27 个事件)
Time & API Arguments Status Return Repeated
1619861119.43925
NtAllocateVirtualMemory
process_identifier: 732
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00360000
success 0 0
1619861120.50125
NtAllocateVirtualMemory
process_identifier: 732
region_size: 24576
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x01d20000
success 0 0
1619861120.50125
NtAllocateVirtualMemory
process_identifier: 732
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x01da0000
success 0 0
1619882298.457
NtAllocateVirtualMemory
process_identifier: 1476
region_size: 1179648
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 8192 (MEM_RESERVE)
base_address: 0x01d20000
success 0 0
1619882298.457
NtAllocateVirtualMemory
process_identifier: 1476
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x01e00000
success 0 0
1619882298.457
NtAllocateVirtualMemory
process_identifier: 1476
region_size: 139264
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x01ca0000
success 0 0
1619882298.457
NtProtectVirtualMemory
process_identifier: 1476
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 110592
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x01ca2000
success 0 0
1619882299.019
NtProtectVirtualMemory
process_identifier: 1476
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x01d12000
success 0 0
1619882299.019
NtProtectVirtualMemory
process_identifier: 1476
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76351000
success 0 0
1619882299.019
NtProtectVirtualMemory
process_identifier: 1476
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x01d12000
success 0 0
1619882299.019
NtProtectVirtualMemory
process_identifier: 1476
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76353000
success 0 0
1619882299.019
NtProtectVirtualMemory
process_identifier: 1476
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x01d12000
success 0 0
1619882299.019
NtProtectVirtualMemory
process_identifier: 1476
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76354000
success 0 0
1619882299.019
NtProtectVirtualMemory
process_identifier: 1476
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x01d12000
success 0 0
1619882299.019
NtProtectVirtualMemory
process_identifier: 1476
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76351000
success 0 0
1619882299.019
NtProtectVirtualMemory
process_identifier: 1476
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x01d12000
success 0 0
1619882299.019
NtProtectVirtualMemory
process_identifier: 1476
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x77d4f000
success 0 0
1619882299.035
NtProtectVirtualMemory
process_identifier: 1476
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x01d12000
success 0 0
1619882299.035
NtProtectVirtualMemory
process_identifier: 1476
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76353000
success 0 0
1619882299.035
NtProtectVirtualMemory
process_identifier: 1476
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x01d12000
success 0 0
1619882299.035
NtProtectVirtualMemory
process_identifier: 1476
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76351000
success 0 0
1619882299.035
NtProtectVirtualMemory
process_identifier: 1476
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x01d12000
success 0 0
1619882299.035
NtProtectVirtualMemory
process_identifier: 1476
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76351000
success 0 0
1619882299.035
NtProtectVirtualMemory
process_identifier: 1476
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x01d12000
success 0 0
1619882299.035
NtProtectVirtualMemory
process_identifier: 1476
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76354000
success 0 0
1619882299.035
NtProtectVirtualMemory
process_identifier: 1476
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x01d12000
success 0 0
1619882299.035
NtProtectVirtualMemory
process_identifier: 1476
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76351000
success 0 0
The binary likely contains encrypted or compressed data indicative of a packer (2 个事件)
entropy 7.804246309984235 section {'size_of_data': '0x00061200', 'virtual_address': '0x00085000', 'entropy': 7.804246309984235, 'name': '.rsrc', 'virtual_size': '0x000611ac'} description A section with a high entropy has been found
entropy 0.43094841930116473 description Overall entropy of this PE file is high
网络通信
Communicates with host for which no DNS query was performed (2 个事件)
host 172.217.24.14
host 203.208.41.65
Used NtSetContextThread to modify a thread in a remote process indicative of process injection (2 个事件)
Process injection Process 732 called NtSetContextThread to modify thread in remote process 1476
Time & API Arguments Status Return Repeated
1619861120.70525
NtSetContextThread
thread_handle: 0x00000100
registers.eip: 0
registers.esp: 0
registers.edi: 0
registers.eax: 4338367
registers.ebp: 0
registers.edx: 0
registers.ebx: 2130567168
registers.esi: 0
registers.ecx: 0
process_identifier: 1476
success 0 0
Resumed a suspended thread in a remote process potentially indicative of process injection (2 个事件)
Process injection Process 732 resumed a thread in remote process 1476
Time & API Arguments Status Return Repeated
1619861121.06425
NtResumeThread
thread_handle: 0x00000100
suspend_count: 1
process_identifier: 1476
success 0 0
Executed a process and injected code into it, probably while unpacking (6 个事件)
Time & API Arguments Status Return Repeated
1619861120.68925
CreateProcessInternalW
thread_identifier: 648
thread_handle: 0x00000100
process_identifier: 1476
current_directory:
filepath:
track: 1
command_line: "C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\b945b27d81e42701d10476f95f6cdda8.exe"
filepath_r:
stack_pivoted: 0
creation_flags: 4 (CREATE_SUSPENDED)
process_handle: 0x00000104
inherit_handles: 0
success 1 0
1619861120.68925
NtUnmapViewOfSection
process_identifier: 1476
region_size: 4096
process_handle: 0x00000104
base_address: 0x00400000
success 0 0
1619861120.70525
NtMapViewOfSection
section_handle: 0x0000010c
process_identifier: 1476
commit_size: 315392
win32_protect: 64 (PAGE_EXECUTE_READWRITE)
buffer:
process_handle: 0x00000104
allocation_type: 0 ()
section_offset: 0
view_size: 315392
base_address: 0x00400000
success 0 0
1619861120.70525
NtGetContextThread
thread_handle: 0x00000100
success 0 0
1619861120.70525
NtSetContextThread
thread_handle: 0x00000100
registers.eip: 0
registers.esp: 0
registers.edi: 0
registers.eax: 4338367
registers.ebp: 0
registers.edx: 0
registers.ebx: 2130567168
registers.esi: 0
registers.ecx: 0
process_identifier: 1476
success 0 0
1619861121.06425
NtResumeThread
thread_handle: 0x00000100
suspend_count: 1
process_identifier: 1476
success 0 0
File has been identified by 59 AntiVirus engines on VirusTotal as malicious (50 out of 59 个事件)
Bkav W32.AIDetectVM.malware1
Elastic malicious (high confidence)
DrWeb Trojan.Inject3.37110
MicroWorld-eScan Trojan.Agent.ENWL
FireEye Generic.mg.b945b27d81e42701
Qihoo-360 Win32/Backdoor.650
McAfee Fareit-FRQ!B945B27D81E4
Cylance Unsafe
AegisLab Trojan.Win32.Androm.m!c
Sangfor Malware
K7AntiVirus Riskware ( 0040eff71 )
Alibaba Trojan:Win32/DelfInject.ali2000015
K7GW Riskware ( 0040eff71 )
Cybereason malicious.d81e42
Arcabit Trojan.Agent.ENWL
BitDefenderTheta Gen:NN.ZelphiF.34700.4GW@aiyq@npi
Cyren W32/Delf.ZSUK-9376
Symantec Trojan.Gen.MBT
APEX Malicious
Paloalto generic.ml
Kaspersky HEUR:Backdoor.Win32.Androm.gen
BitDefender Trojan.Agent.ENWL
NANO-Antivirus Trojan.Win32.Androm.hhzhej
Avast Win32:Trojan-gen
Rising Trojan.Injector!1.AFE3 (CLASSIC)
Ad-Aware Trojan.Agent.ENWL
Sophos Mal/Generic-R + Mal/Fareit-V
Comodo Malware@#1aqvjn3iz0bym
F-Secure Backdoor.BDS/Backdoor.Gen4
VIPRE Trojan.Win32.Generic!BT
TrendMicro TrojanSpy.Win32.LOKI.SMDF.hp
McAfee-GW-Edition BehavesLike.Win32.Fareit.dc
Emsisoft Trojan.Agent.ENWL (B)
SentinelOne Static AI - Malicious PE
Jiangmin Backdoor.Androm.aunq
Avira BDS/Backdoor.Gen4
Antiy-AVL Trojan/Win32.Wacatac
Kingsoft Win32.Hack.Undef.(kcloud)
Gridinsoft Trojan.Win32.Agent.vb
Microsoft Trojan:Win32/Kpot.PA!MTB
ZoneAlarm HEUR:Backdoor.Win32.Androm.gen
GData Trojan.Agent.ENWL
Cynet Malicious (score: 100)
AhnLab-V3 Suspicious/Win.Delphiless.X2059
VBA32 TScope.Trojan.Delf
ALYac Trojan.Agent.ENWL
Malwarebytes Trojan.MalPack.DLF
Zoner Trojan.Win32.90401
ESET-NOD32 a variant of Win32/Injector.ELHU
TrendMicro-HouseCall TrojanSpy.Win32.LOKI.SMDF.hp
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

1992-01-08 02:47:22

Imports

Library kernel32.dll:
0x47818c VirtualFree
0x478190 VirtualAlloc
0x478194 LocalFree
0x478198 LocalAlloc
0x47819c GetVersion
0x4781a0 GetCurrentThreadId
0x4781ac VirtualQuery
0x4781b0 WideCharToMultiByte
0x4781b4 MultiByteToWideChar
0x4781b8 lstrlenA
0x4781bc lstrcpynA
0x4781c0 LoadLibraryExA
0x4781c4 GetThreadLocale
0x4781c8 GetStartupInfoA
0x4781cc GetProcAddress
0x4781d0 GetModuleHandleA
0x4781d4 GetModuleFileNameA
0x4781d8 GetLocaleInfoA
0x4781dc GetCommandLineA
0x4781e0 FreeLibrary
0x4781e4 FindFirstFileA
0x4781e8 FindClose
0x4781ec ExitProcess
0x4781f0 WriteFile
0x4781f8 RtlUnwind
0x4781fc RaiseException
0x478200 GetStdHandle
Library user32.dll:
0x478208 GetKeyboardType
0x47820c LoadStringA
0x478210 MessageBoxA
0x478214 CharNextA
Library advapi32.dll:
0x47821c RegQueryValueExA
0x478220 RegOpenKeyExA
0x478224 RegCloseKey
Library oleaut32.dll:
0x47822c SysFreeString
0x478230 SysReAllocStringLen
0x478234 SysAllocStringLen
Library kernel32.dll:
0x47823c TlsSetValue
0x478240 TlsGetValue
0x478244 LocalAlloc
0x478248 GetModuleHandleA
Library advapi32.dll:
0x478250 RegQueryValueExA
0x478254 RegOpenKeyExA
0x478258 RegCloseKey
Library kernel32.dll:
0x478260 lstrcpyA
0x478264 WriteFile
0x478268 WinExec
0x47826c WaitForSingleObject
0x478270 VirtualQuery
0x478274 VirtualFree
0x478278 VirtualAllocEx
0x47827c VirtualAlloc
0x478280 Sleep
0x478284 SizeofResource
0x478288 SetThreadLocale
0x47828c SetFilePointer
0x478290 SetEvent
0x478294 SetErrorMode
0x478298 SetEndOfFile
0x47829c ResetEvent
0x4782a0 ReadFile
0x4782a4 MultiByteToWideChar
0x4782a8 MulDiv
0x4782ac LockResource
0x4782b0 LoadResource
0x4782b4 LoadLibraryA
0x4782c0 GlobalUnlock
0x4782c4 GlobalSize
0x4782c8 GlobalReAlloc
0x4782cc GlobalHandle
0x4782d0 GlobalLock
0x4782d4 GlobalFree
0x4782d8 GlobalFindAtomA
0x4782dc GlobalDeleteAtom
0x4782e0 GlobalAlloc
0x4782e4 GlobalAddAtomA
0x4782e8 GetVersionExA
0x4782ec GetVersion
0x4782f0 GetUserDefaultLCID
0x4782f4 GetTickCount
0x4782f8 GetThreadLocale
0x4782fc GetSystemInfo
0x478300 GetStringTypeExA
0x478304 GetStdHandle
0x478308 GetProcAddress
0x47830c GetModuleHandleA
0x478310 GetModuleFileNameA
0x478314 GetLocaleInfoA
0x478318 GetLocalTime
0x47831c GetLastError
0x478320 GetFullPathNameA
0x478324 GetFileAttributesA
0x478328 GetDiskFreeSpaceA
0x47832c GetDateFormatA
0x478330 GetCurrentThreadId
0x478334 GetCurrentProcessId
0x478338 GetCurrentProcess
0x47833c GetComputerNameA
0x478340 GetCPInfo
0x478344 GetACP
0x478348 FreeResource
0x47834c InterlockedExchange
0x478350 FreeLibrary
0x478354 FormatMessageA
0x478358 FindResourceA
0x47835c FindFirstFileA
0x478360 FindClose
0x47836c EnumCalendarInfoA
0x478378 CreateThread
0x47837c CreateFileA
0x478380 CreateEventA
0x478384 CompareStringA
0x478388 CloseHandle
Library version.dll:
0x478390 VerQueryValueA
0x478398 GetFileVersionInfoA
Library gdi32.dll:
0x4783a0 UnrealizeObject
0x4783a4 StretchBlt
0x4783a8 SetWindowOrgEx
0x4783ac SetWinMetaFileBits
0x4783b0 SetViewportOrgEx
0x4783b4 SetTextColor
0x4783b8 SetStretchBltMode
0x4783bc SetROP2
0x4783c0 SetPixel
0x4783c4 SetMapMode
0x4783c8 SetEnhMetaFileBits
0x4783cc SetDIBColorTable
0x4783d0 SetBrushOrgEx
0x4783d4 SetBkMode
0x4783d8 SetBkColor
0x4783dc SelectPalette
0x4783e0 SelectObject
0x4783e4 SelectClipRgn
0x4783e8 SaveDC
0x4783ec RestoreDC
0x4783f0 Rectangle
0x4783f4 RectVisible
0x4783f8 RealizePalette
0x4783fc Polyline
0x478400 PlayEnhMetaFile
0x478404 PatBlt
0x478408 MoveToEx
0x47840c MaskBlt
0x478410 LineTo
0x478414 LPtoDP
0x478418 IntersectClipRect
0x47841c GetWindowOrgEx
0x478420 GetWinMetaFileBits
0x478424 GetTextMetricsA
0x478430 GetStockObject
0x478434 GetPixel
0x478438 GetPaletteEntries
0x47843c GetObjectA
0x47844c GetEnhMetaFileBits
0x478450 GetDeviceCaps
0x478454 GetDIBits
0x478458 GetDIBColorTable
0x47845c GetDCOrgEx
0x478464 GetClipBox
0x478468 GetBrushOrgEx
0x47846c GetBitmapBits
0x478470 GdiFlush
0x478474 ExcludeClipRect
0x478478 DeleteObject
0x47847c DeleteEnhMetaFile
0x478480 DeleteDC
0x478484 CreateSolidBrush
0x478488 CreatePenIndirect
0x47848c CreatePalette
0x478494 CreateFontIndirectA
0x478498 CreateEnhMetaFileA
0x47849c CreateDIBitmap
0x4784a0 CreateDIBSection
0x4784a4 CreateCompatibleDC
0x4784ac CreateBrushIndirect
0x4784b0 CreateBitmap
0x4784b4 CopyEnhMetaFileA
0x4784b8 CloseEnhMetaFile
0x4784bc BitBlt
Library user32.dll:
0x4784c4 CreateWindowExA
0x4784c8 WindowFromPoint
0x4784cc WinHelpA
0x4784d0 WaitMessage
0x4784d4 UpdateWindow
0x4784d8 UnregisterClassA
0x4784dc UnhookWindowsHookEx
0x4784e0 TranslateMessage
0x4784e8 TrackPopupMenu
0x4784f0 ShowWindow
0x4784f4 ShowScrollBar
0x4784f8 ShowOwnedPopups
0x4784fc ShowCursor
0x478500 SetWindowsHookExA
0x478504 SetWindowPos
0x478508 SetWindowPlacement
0x47850c SetWindowLongA
0x478510 SetTimer
0x478514 SetScrollRange
0x478518 SetScrollPos
0x47851c SetScrollInfo
0x478520 SetRect
0x478524 SetPropA
0x478528 SetParent
0x47852c SetMenuItemInfoA
0x478530 SetMenu
0x478534 SetForegroundWindow
0x478538 SetFocus
0x47853c SetCursor
0x478540 SetClassLongA
0x478544 SetCapture
0x478548 SetActiveWindow
0x47854c SendMessageA
0x478550 ScrollWindow
0x478554 ScreenToClient
0x478558 RemovePropA
0x47855c RemoveMenu
0x478560 ReleaseDC
0x478564 ReleaseCapture
0x478570 RegisterClassA
0x478574 RedrawWindow
0x478578 PtInRect
0x47857c PostQuitMessage
0x478580 PostMessageA
0x478584 PeekMessageA
0x478588 OffsetRect
0x47858c OemToCharA
0x478590 MessageBoxA
0x478594 MapWindowPoints
0x478598 MapVirtualKeyA
0x47859c LoadStringA
0x4785a0 LoadKeyboardLayoutA
0x4785a4 LoadIconA
0x4785a8 LoadCursorA
0x4785ac LoadBitmapA
0x4785b0 KillTimer
0x4785b4 IsZoomed
0x4785b8 IsWindowVisible
0x4785bc IsWindowEnabled
0x4785c0 IsWindow
0x4785c4 IsRectEmpty
0x4785c8 IsIconic
0x4785cc IsDialogMessageA
0x4785d0 IsChild
0x4785d4 InvalidateRect
0x4785d8 IntersectRect
0x4785dc InsertMenuItemA
0x4785e0 InsertMenuA
0x4785e4 InflateRect
0x4785ec GetWindowTextA
0x4785f0 GetWindowRect
0x4785f4 GetWindowPlacement
0x4785f8 GetWindowLongA
0x4785fc GetWindowDC
0x478600 GetTopWindow
0x478604 GetSystemMetrics
0x478608 GetSystemMenu
0x47860c GetSysColorBrush
0x478610 GetSysColor
0x478614 GetSubMenu
0x478618 GetScrollRange
0x47861c GetScrollPos
0x478620 GetScrollInfo
0x478624 GetPropA
0x478628 GetParent
0x47862c GetWindow
0x478630 GetMessageTime
0x478634 GetMenuStringA
0x478638 GetMenuState
0x47863c GetMenuItemInfoA
0x478640 GetMenuItemID
0x478644 GetMenuItemCount
0x478648 GetMenu
0x47864c GetLastActivePopup
0x478650 GetKeyboardState
0x478658 GetKeyboardLayout
0x47865c GetKeyState
0x478660 GetKeyNameTextA
0x478664 GetIconInfo
0x478668 GetForegroundWindow
0x47866c GetFocus
0x478670 GetDlgItem
0x478674 GetDesktopWindow
0x478678 GetDCEx
0x47867c GetDC
0x478680 GetCursorPos
0x478684 GetCursor
0x478688 GetClipboardData
0x47868c GetClientRect
0x478690 GetClassNameA
0x478694 GetClassInfoA
0x478698 GetCapture
0x47869c GetActiveWindow
0x4786a0 FrameRect
0x4786a4 FindWindowA
0x4786a8 FillRect
0x4786ac EqualRect
0x4786b0 EnumWindows
0x4786b4 EnumThreadWindows
0x4786b8 EndPaint
0x4786bc EndDeferWindowPos
0x4786c0 EnableWindow
0x4786c4 EnableScrollBar
0x4786c8 EnableMenuItem
0x4786cc DrawTextA
0x4786d0 DrawMenuBar
0x4786d4 DrawIconEx
0x4786d8 DrawIcon
0x4786dc DrawFrameControl
0x4786e0 DrawFocusRect
0x4786e4 DrawEdge
0x4786e8 DispatchMessageA
0x4786ec DestroyWindow
0x4786f0 DestroyMenu
0x4786f4 DestroyIcon
0x4786f8 DestroyCursor
0x4786fc DeleteMenu
0x478700 DeferWindowPos
0x478704 DefWindowProcA
0x478708 DefMDIChildProcA
0x47870c DefFrameProcA
0x478710 CreatePopupMenu
0x478714 CreateMenu
0x478718 CreateIcon
0x47871c ClientToScreen
0x478720 CheckMenuItem
0x478724 CallWindowProcA
0x478728 CallNextHookEx
0x47872c BeginPaint
0x478730 BeginDeferWindowPos
0x478734 CharNextA
0x478738 CharLowerBuffA
0x47873c CharLowerA
0x478740 CharToOemA
0x478744 AdjustWindowRectEx
Library kernel32.dll:
0x478750 Sleep
Library oleaut32.dll:
0x478758 SafeArrayPtrOfIndex
0x47875c SafeArrayGetUBound
0x478760 SafeArrayGetLBound
0x478764 SafeArrayCreate
0x478768 VariantChangeType
0x47876c VariantCopy
0x478770 VariantClear
0x478774 VariantInit
Library ole32.dll:
0x478780 IsAccelerator
0x478784 OleDraw
0x47878c CoTaskMemFree
0x478790 ProgIDFromCLSID
0x478794 StringFromCLSID
0x478798 CoCreateInstance
0x47879c CoGetClassObject
0x4787a0 CoUninitialize
0x4787a4 CoInitialize
0x4787a8 IsEqualGUID
Library oleaut32.dll:
0x4787b0 GetErrorInfo
0x4787b4 GetActiveObject
0x4787b8 SysFreeString
Library comctl32.dll:
0x4787c8 ImageList_Write
0x4787cc ImageList_Read
0x4787dc ImageList_DragMove
0x4787e0 ImageList_DragLeave
0x4787e4 ImageList_DragEnter
0x4787e8 ImageList_EndDrag
0x4787ec ImageList_BeginDrag
0x4787f0 ImageList_Remove
0x4787f4 ImageList_DrawEx
0x4787f8 ImageList_Replace
0x4787fc ImageList_Draw
0x47880c ImageList_Add
0x478814 ImageList_Destroy
0x478818 ImageList_Create
0x47881c InitCommonControls
Library comdlg32.dll:
0x478824 GetSaveFileNameA
0x478828 GetOpenFileNameA
Library user32.dll:
0x478830 DdeCmpStringHandles
0x478834 DdeFreeStringHandle
0x478838 DdeQueryStringA
0x478840 DdeGetLastError
0x478844 DdeFreeDataHandle
0x478848 DdeUnaccessData
0x47884c DdeAccessData
0x478850 DdeCreateDataHandle
0x478858 DdeNameService
0x47885c DdePostAdvise
0x478860 DdeSetUserHandle
0x478864 DdeQueryConvInfo
0x478868 DdeDisconnect
0x47886c DdeConnect
0x478870 DdeUninitialize
0x478874 DdeInitializeA
Library winmm.dll:
0x47887c mciSendCommandA
0x478880 mciGetErrorStringA

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 49235 114.114.114.114 53
192.168.56.101 50534 114.114.114.114 53
192.168.56.101 56539 114.114.114.114 53
192.168.56.101 65004 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 55368 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 60123 224.0.0.252 5355
192.168.56.101 62191 224.0.0.252 5355
192.168.56.101 1900 239.255.255.250 1900
192.168.56.101 50535 239.255.255.250 3702
192.168.56.101 56540 239.255.255.250 3702
192.168.56.101 56807 239.255.255.250 1900
192.168.56.101 58707 239.255.255.250 3702

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.