6.4
高危
56 个模型检测该样本为恶意!
重新分析
更多

42140c2b61d7b458455bfb284037cc5abcad18ecab08656b4e69a027c7dbedee

bf6658495ca7778bb10a7faaabf8fdf1.exe

分析耗时

103s

最近分析

文件大小

924.5KB
静态报毒 动态报毒 100% 5Y0@ACBVSBAI AI SCORE=80 BSCOPE CLASSIC CONFIDENCE DOWNLOADER34 EMOTET EPAZ GENERICKDZ GENETIC GENKRYPTIK HFHN HIGH CONFIDENCE HPTEHW KRYPTIK MALWARE@#3NEBVV8THG8L2 R + TROJ SCORE SGENERIC SUSGEN THIAEBO UNSAFE VQFT WD6FD5CTW6M ZEXAF 更多
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
McAfee Emotet-FRO!BF6658495CA7 20201009 6.0.6.653
CrowdStrike win/malicious_confidence_100% (W) 20190702 1.0
Alibaba Trojan:Win32/Emotet.3e7e5a77 20190527 0.3.0.5
Baidu 20190318 1.0.0.2
Avast Win32:Malware-gen 20201008 18.4.3895.0
Kingsoft 20201009 2013.8.14.323
静态指标
Queries for the computername (1 个事件)
Time & API Arguments Status Return Repeated
1621007844.23525
GetComputerNameA
computer_name: OSKAR-PC
success 1 0
Uses Windows APIs to generate a cryptographic key (3 个事件)
Time & API Arguments Status Return Repeated
1621007832.03225
CryptGenKey
crypto_handle: 0x00301ba8
algorithm_identifier: 0x0000660e ()
provider_handle: 0x00303ff0
flags: 1
key: f|Û¿§5|䤷,æôœ>#
success 1 0
1621007844.26625
CryptExportKey
crypto_handle: 0x00301ba8
crypto_export_handle: 0x00303fb0
buffer: f¤Q{±Æ ÅÜùò –²Âšì^Çõ ’È—çs nQéœÐ3]k¼(÷îÒØ~&¥Ùÿ ºœ4û­/{Æúܯ%pTt•FnшwÛñ Î÷ŒD©$£ß:ë/˜ a¢ã=ùˆ‚k¦
blob_type: 1
flags: 64
success 1 0
1621007857.72025
CryptExportKey
crypto_handle: 0x00301ba8
crypto_export_handle: 0x00303fb0
buffer: f¤ïÔÓ]颷$'_†Ci!GۏíVnŒ,›1aK?+h:ÓáúҚ¯¸©"\NòÈ7=ƒc=õÜ>Êd[ê±o‡ëÛrW¢^¦~ì†æÞÆc¼AñÛÌ|rô![t=/Š
blob_type: 1
flags: 64
success 1 0
The executable contains unknown PE section names indicative of a packer (could be a false positive) (1 个事件)
section .didat
The file contains an unknown PE resource name possibly indicative of a packer (1 个事件)
resource name None
行为判定
动态指标
Allocates read-write-execute memory (usually to unpack itself) (1 个事件)
Time & API Arguments Status Return Repeated
1621007831.32925
NtAllocateVirtualMemory
process_identifier: 2760
region_size: 36864
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12289 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x01e30000
success 0 0
Checks adapter addresses which can be used to detect virtual network interfaces (1 个事件)
Time & API Arguments Status Return Repeated
1621007845.45425
GetAdaptersAddresses
flags: 0
family: 0
failed 111 0
Expresses interest in specific running processes (1 个事件)
process bf6658495ca7778bb10a7faaabf8fdf1.exe
Reads the systems User Agent and subsequently performs requests (1 个事件)
Time & API Arguments Status Return Repeated
1621007844.59525
InternetOpenW
proxy_bypass:
access_type: 0
proxy_name:
flags: 0
user_agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
success 13369348 0
网络通信
Communicates with host for which no DNS query was performed (8 个事件)
host 124.225.105.97
host 151.139.128.14
host 142.105.151.124
host 172.217.24.14
host 62.108.54.22
host 203.208.40.34
host 203.208.41.65
host 52.218.1.108
Sets or modifies WPAD proxy autoconfiguration file for traffic interception (8 个事件)
Time & API Arguments Status Return Repeated
1621007848.03225
RegSetValueExA
key_handle: 0x000003ac
value: 1
regkey_r: WpadDecisionReason
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionReason
success 0 0
1621007848.03225
RegSetValueExA
key_handle: 0x000003ac
value: ö7_œH×
regkey_r: WpadDecisionTime
reg_type: 3 (REG_BINARY)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionTime
success 0 0
1621007848.04825
RegSetValueExA
key_handle: 0x000003ac
value: 3
regkey_r: WpadDecision
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecision
success 0 0
1621007848.04825
RegSetValueExW
key_handle: 0x000003ac
value: 网络 2
regkey_r: WpadNetworkName
reg_type: 1 (REG_SZ)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadNetworkName
success 0 0
1621007848.04825
RegSetValueExA
key_handle: 0x000003c4
value: 1
regkey_r: WpadDecisionReason
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionReason
success 0 0
1621007848.04825
RegSetValueExA
key_handle: 0x000003c4
value: ö7_œH×
regkey_r: WpadDecisionTime
reg_type: 3 (REG_BINARY)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionTime
success 0 0
1621007848.04825
RegSetValueExA
key_handle: 0x000003c4
value: 3
regkey_r: WpadDecision
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecision
success 0 0
1621007848.11025
RegSetValueExW
key_handle: 0x000003a8
value: {40112ABE-63B3-43C3-BE93-1440EE3AF106}
regkey_r: WpadLastNetwork
reg_type: 1 (REG_SZ)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\WpadLastNetwork
success 0 0
File has been identified by 56 AntiVirus engines on VirusTotal as malicious (50 out of 56 个事件)
Elastic malicious (high confidence)
MicroWorld-eScan Trojan.GenericKDZ.69181
McAfee Emotet-FRO!BF6658495CA7
Cylance Unsafe
Zillya Trojan.Agent.Win32.1361488
CrowdStrike win/malicious_confidence_100% (W)
Alibaba Trojan:Win32/Emotet.3e7e5a77
K7GW Trojan ( 0056bee11 )
K7AntiVirus Trojan ( 0056bee11 )
Invincea Mal/Generic-R + Troj/Emotet-CKO
Cyren W32/Trojan.VQFT-0643
Symantec Packed.Generic.554
ESET-NOD32 a variant of Win32/Kryptik.HFHN
APEX Malicious
Paloalto generic.ml
ClamAV Win.Malware.Emotet-9759305-0
Kaspersky HEUR:Trojan-Banker.Win32.Emotet.pef
BitDefender Trojan.GenericKDZ.69181
NANO-Antivirus Trojan.Win32.Emotet.hptehw
ViRobot Trojan.Win32.Emotet.945664.A
Avast Win32:Malware-gen
Ad-Aware Trojan.GenericKDZ.69181
Sophos Troj/Emotet-CKO
Comodo Malware@#3nebvv8thg8l2
F-Secure Trojan.TR/AD.Emotet.TX
DrWeb Trojan.DownLoader34.15786
VIPRE Trojan.Win32.Generic!BT
TrendMicro TrojanSpy.Win32.EMOTET.THIAEBO
McAfee-GW-Edition BehavesLike.Win32.Emotet.dm
FireEye Generic.mg.bf6658495ca7778b
Emsisoft Trojan.Emotet (A)
GData Trojan.GenericKDZ.69181
Jiangmin Backdoor.Emotet.pn
Avira TR/AD.Emotet.TX
MAX malware (ai score=80)
Antiy-AVL Trojan/Win32.SGeneric
Arcabit Trojan.Generic.D10E3D
AegisLab Trojan.Win32.Emotet.L!c
ZoneAlarm HEUR:Trojan-Banker.Win32.Emotet.pef
Microsoft Trojan:Win32/Emotet.SF!MTB
Cynet Malicious (score: 85)
AhnLab-V3 Malware/Win32.Generic.C4174339
ALYac Trojan.GenericKDZ.69181
TACHYON Trojan/W32.Agent.946688.AY
VBA32 BScope.Trojan.Emotet
Malwarebytes Trojan.Emotet
TrendMicro-HouseCall TrojanSpy.Win32.EMOTET.THIAEBO
Rising Trojan.Kryptik!1.C71F (CLASSIC)
Yandex Trojan.Kryptik!Wd6Fd5ctW6M
Ikarus Trojan-Banker.Agent
Connects to IP addresses that are no longer responding to requests (legitimate services will remain up-and-running usually) (6 个事件)
dead_host 203.208.40.34:443
dead_host 172.217.24.14:443
dead_host 216.58.200.238:443
dead_host 142.105.151.124:443
dead_host 62.108.54.22:8080
dead_host 192.168.56.101:49186
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

2020-07-31 23:02:34

Imports

Library KERNEL32.dll:
0x4d3f5c GetFileSizeEx
0x4d3f60 SetErrorMode
0x4d3f64 GetTickCount
0x4d3f68 RtlUnwind
0x4d3f6c RaiseException
0x4d3f70 GetCommandLineA
0x4d3f74 GetStartupInfoA
0x4d3f78 HeapAlloc
0x4d3f7c HeapFree
0x4d3f80 VirtualProtect
0x4d3f84 VirtualAlloc
0x4d3f88 GetSystemInfo
0x4d3f8c VirtualQuery
0x4d3f90 HeapReAlloc
0x4d3f94 Sleep
0x4d3f98 ExitThread
0x4d3f9c CreateThread
0x4d3fa0 HeapSize
0x4d3fa4 GetACP
0x4d3fa8 IsValidCodePage
0x4d3fac TerminateProcess
0x4d3fb8 IsDebuggerPresent
0x4d3fbc GetStdHandle
0x4d3fd0 SetFileAttributesA
0x4d3fd4 GetFileType
0x4d3fd8 HeapCreate
0x4d3fdc HeapDestroy
0x4d3fe0 VirtualFree
0x4d3fec FatalAppExitA
0x4d3ff8 GetStringTypeA
0x4d3ffc GetStringTypeW
0x4d4004 LCMapStringA
0x4d4008 LCMapStringW
0x4d400c GetTimeFormatA
0x4d4010 GetDateFormatA
0x4d4014 GetUserDefaultLCID
0x4d4018 EnumSystemLocalesA
0x4d401c IsValidLocale
0x4d4020 GetConsoleCP
0x4d4024 GetConsoleMode
0x4d4028 GetLocaleInfoW
0x4d402c SetStdHandle
0x4d4030 WriteConsoleA
0x4d4034 GetConsoleOutputCP
0x4d4038 WriteConsoleW
0x4d403c CompareStringW
0x4d404c CreateFileA
0x4d4050 GetShortPathNameA
0x4d4058 DuplicateHandle
0x4d405c GetFileSize
0x4d4060 SetEndOfFile
0x4d4064 UnlockFile
0x4d4068 LockFile
0x4d406c FlushFileBuffers
0x4d4070 SetFilePointer
0x4d4074 WriteFile
0x4d4078 ReadFile
0x4d407c lstrcmpiA
0x4d4080 GetStringTypeExA
0x4d4084 DeleteFileA
0x4d4088 MoveFileA
0x4d4098 GetThreadLocale
0x4d409c GetModuleHandleW
0x4d40a0 GetAtomNameA
0x4d40a4 GetOEMCP
0x4d40a8 GetCPInfo
0x4d40b0 GlobalFlags
0x4d40b4 TlsFree
0x4d40bc LocalReAlloc
0x4d40c0 TlsSetValue
0x4d40c4 TlsAlloc
0x4d40cc GlobalHandle
0x4d40d0 GlobalReAlloc
0x4d40d8 TlsGetValue
0x4d40e0 LocalAlloc
0x4d40e4 GetDiskFreeSpaceA
0x4d40e8 GetFullPathNameA
0x4d40ec GetTempFileNameA
0x4d40f0 GetFileTime
0x4d40f4 SetFileTime
0x4d40f8 GetFileAttributesA
0x4d4108 CreateEventA
0x4d410c SuspendThread
0x4d4110 SetEvent
0x4d4114 WaitForSingleObject
0x4d4118 ResumeThread
0x4d411c SetThreadPriority
0x4d4120 CloseHandle
0x4d4124 GetCurrentThread
0x4d4130 GetLocaleInfoA
0x4d4134 InterlockedExchange
0x4d4138 lstrcmpA
0x4d413c GetCurrentProcessId
0x4d4140 GetModuleFileNameA
0x4d4148 GetModuleFileNameW
0x4d414c GlobalFree
0x4d4150 CopyFileA
0x4d4154 GlobalSize
0x4d4158 GlobalAlloc
0x4d415c GlobalLock
0x4d4160 GlobalUnlock
0x4d4164 FormatMessageA
0x4d4168 LocalFree
0x4d416c lstrlenW
0x4d4170 MulDiv
0x4d4174 lstrlenA
0x4d4178 FreeResource
0x4d417c GetCurrentThreadId
0x4d4180 GlobalGetAtomNameA
0x4d4184 GlobalAddAtomA
0x4d4188 GlobalFindAtomA
0x4d418c GlobalDeleteAtom
0x4d4190 FreeLibrary
0x4d4194 CompareStringA
0x4d4198 MultiByteToWideChar
0x4d419c lstrcmpW
0x4d41a0 GetVersionExA
0x4d41a4 ExitProcess
0x4d41a8 LoadLibraryExW
0x4d41ac LoadLibraryExA
0x4d41b0 GetCurrentProcess
0x4d41b4 FindNextFileA
0x4d41b8 GetLogicalDrives
0x4d41bc GetDriveTypeA
0x4d41c0 FindFirstFileA
0x4d41c4 FindClose
0x4d41c8 GetLastError
0x4d41cc SetLastError
0x4d41d0 GetProcAddress
0x4d41d4 GetModuleHandleA
0x4d41d8 LoadLibraryA
0x4d41dc WideCharToMultiByte
0x4d41e0 FindResourceA
0x4d41e4 LoadResource
0x4d41e8 LockResource
0x4d41ec SetHandleCount
0x4d41f0 SizeofResource
Library USER32.dll:
0x4d4424 InvalidateRgn
0x4d4428 SetCapture
0x4d442c GetNextDlgGroupItem
0x4d4430 MessageBeep
0x4d4434 UnionRect
0x4d4438 SetTimer
0x4d443c KillTimer
0x4d4440 WindowFromPoint
0x4d4444 GetDCEx
0x4d4448 LockWindowUpdate
0x4d4450 PostThreadMessageA
0x4d4454 GrayStringA
0x4d4458 DrawTextExA
0x4d445c DrawTextA
0x4d4460 TabbedTextOutA
0x4d4464 FillRect
0x4d4468 LoadCursorA
0x4d446c GetSysColorBrush
0x4d4470 SetParent
0x4d4474 DeleteMenu
0x4d4478 IsRectEmpty
0x4d447c IsZoomed
0x4d4480 UnpackDDElParam
0x4d4484 ReuseDDElParam
0x4d4488 LoadMenuA
0x4d448c DestroyMenu
0x4d4490 GetMenuBarInfo
0x4d4494 ReleaseCapture
0x4d4498 LoadAcceleratorsA
0x4d449c InsertMenuItemA
0x4d44a0 CreatePopupMenu
0x4d44a4 SetRectEmpty
0x4d44a8 BringWindowToTop
0x4d44b4 MapDialogRect
0x4d44b8 GetDesktopWindow
0x4d44c0 GetNextDlgTabItem
0x4d44c4 EndDialog
0x4d44c8 ShowOwnedPopups
0x4d44cc SetCursor
0x4d44d0 GetMessageA
0x4d44d4 TranslateMessage
0x4d44d8 GetActiveWindow
0x4d44dc GetCursorPos
0x4d44e0 ValidateRect
0x4d44e4 PostQuitMessage
0x4d44ec MapVirtualKeyA
0x4d44f0 GetKeyNameTextA
0x4d44f4 ReleaseDC
0x4d44f8 GetDC
0x4d44fc AppendMenuA
0x4d4500 InsertMenuA
0x4d4504 RemoveMenu
0x4d4508 ScrollWindowEx
0x4d450c IsWindowEnabled
0x4d4510 ShowWindow
0x4d4514 MoveWindow
0x4d4518 SetRect
0x4d451c IsDialogMessageA
0x4d4520 IsDlgButtonChecked
0x4d4524 SetDlgItemTextA
0x4d4528 SetDlgItemInt
0x4d452c GetDlgItemTextA
0x4d4530 GetDlgItemInt
0x4d4534 CheckRadioButton
0x4d4538 CheckDlgButton
0x4d453c SetMenuItemBitmaps
0x4d4544 LoadBitmapA
0x4d4548 ModifyMenuA
0x4d454c GetMenuState
0x4d4550 EnableMenuItem
0x4d4554 CheckMenuItem
0x4d455c SendDlgItemMessageA
0x4d4560 WinHelpA
0x4d4564 GetCapture
0x4d4568 SetWindowsHookExA
0x4d456c CallNextHookEx
0x4d4570 GetClassLongA
0x4d4574 GetClassNameA
0x4d4578 SetPropA
0x4d457c GetPropA
0x4d4580 RemovePropA
0x4d4584 IsWindow
0x4d4588 SetFocus
0x4d4590 GetWindowTextA
0x4d4594 GetForegroundWindow
0x4d4598 GetLastActivePopup
0x4d459c SetActiveWindow
0x4d45a0 DispatchMessageA
0x4d45a4 BeginDeferWindowPos
0x4d45a8 EndDeferWindowPos
0x4d45ac GetDlgItem
0x4d45b0 GetTopWindow
0x4d45b4 DestroyWindow
0x4d45b8 UnhookWindowsHookEx
0x4d45bc GetMessageTime
0x4d45c0 GetMessagePos
0x4d45c4 PeekMessageA
0x4d45c8 EnableWindow
0x4d45cc LoadIconA
0x4d45d0 SendMessageA
0x4d45d4 UpdateWindow
0x4d45d8 MapWindowPoints
0x4d45dc ScrollWindow
0x4d45e0 TrackPopupMenuEx
0x4d45e4 TrackPopupMenu
0x4d45e8 GetKeyState
0x4d45ec SetMenu
0x4d45f0 SetScrollRange
0x4d45f4 GetScrollRange
0x4d45f8 SetScrollPos
0x4d45fc GetScrollPos
0x4d4600 SetForegroundWindow
0x4d4604 ShowScrollBar
0x4d4608 IsWindowVisible
0x4d460c GetClientRect
0x4d4610 PostMessageA
0x4d4618 CharNextA
0x4d461c GetDialogBaseUnits
0x4d4620 CharUpperA
0x4d4624 DestroyIcon
0x4d4628 UnregisterClassA
0x4d462c GetMenuItemInfoA
0x4d4630 InflateRect
0x4d4634 EndPaint
0x4d4638 BeginPaint
0x4d463c GetWindowDC
0x4d4640 SetWindowTextA
0x4d4644 ClientToScreen
0x4d4648 GetSystemMenu
0x4d464c AdjustWindowRectEx
0x4d4650 IsIconic
0x4d4654 InvalidateRect
0x4d4658 GetParent
0x4d465c IsChild
0x4d4660 GetFocus
0x4d4664 GetDlgCtrlID
0x4d4668 GetWindow
0x4d466c GetSystemMetrics
0x4d4670 GetWindowRect
0x4d4674 GetWindowPlacement
0x4d467c IntersectRect
0x4d4680 OffsetRect
0x4d4684 SetWindowPos
0x4d4688 SetWindowLongA
0x4d468c GetWindowLongA
0x4d4690 GetMenu
0x4d4694 CallWindowProcA
0x4d4698 DefWindowProcA
0x4d469c SetWindowPlacement
0x4d46a0 PtInRect
0x4d46a4 CopyRect
0x4d46a8 SetScrollInfo
0x4d46ac GetScrollInfo
0x4d46b0 DeferWindowPos
0x4d46b4 EqualRect
0x4d46b8 ScreenToClient
0x4d46bc GetSysColor
0x4d46c0 RegisterClassA
0x4d46c4 GetClassInfoA
0x4d46c8 GetClassInfoExA
0x4d46cc CreateWindowExA
0x4d46d0 MessageBoxA
0x4d46d4 GetMenuItemCount
0x4d46d8 GetMenuItemID
0x4d46dc GetSubMenu
0x4d46e0 GetMenuStringA
Library GDI32.dll:
0x4d3d80 SetWindowOrgEx
0x4d3d84 OffsetWindowOrgEx
0x4d3d88 SetWindowExtEx
0x4d3d8c ScaleWindowExtEx
0x4d3d94 ArcTo
0x4d3d98 PolyDraw
0x4d3d9c PolylineTo
0x4d3da0 PolyBezierTo
0x4d3da4 ExtSelectClipRgn
0x4d3dac CreatePatternBrush
0x4d3db0 GetStockObject
0x4d3db4 SelectPalette
0x4d3db8 PlayMetaFileRecord
0x4d3dbc ScaleViewportExtEx
0x4d3dc0 EnumMetaFile
0x4d3dc4 PlayMetaFile
0x4d3dc8 CreatePen
0x4d3dcc ExtCreatePen
0x4d3dd0 CreateSolidBrush
0x4d3dd4 CreateHatchBrush
0x4d3dd8 CreateFontIndirectA
0x4d3ddc SetRectRgn
0x4d3de0 CombineRgn
0x4d3de4 GetMapMode
0x4d3de8 DPtoLP
0x4d3dec GetBkColor
0x4d3df0 GetTextColor
0x4d3df4 GetRgnBox
0x4d3df8 OffsetViewportOrgEx
0x4d3dfc SetViewportExtEx
0x4d3e00 SetViewportOrgEx
0x4d3e04 Escape
0x4d3e08 ExtTextOutA
0x4d3e0c TextOutA
0x4d3e10 RectVisible
0x4d3e14 PtVisible
0x4d3e18 StartDocA
0x4d3e1c GetPixel
0x4d3e20 BitBlt
0x4d3e24 GetWindowExtEx
0x4d3e28 GetViewportExtEx
0x4d3e2c SelectClipPath
0x4d3e30 CreateRectRgn
0x4d3e34 GetObjectType
0x4d3e38 GetDCOrgEx
0x4d3e3c SelectClipRgn
0x4d3e40 SetColorAdjustment
0x4d3e44 SetArcDirection
0x4d3e48 SetMapperFlags
0x4d3e54 SetTextAlign
0x4d3e58 MoveToEx
0x4d3e5c LineTo
0x4d3e60 OffsetClipRgn
0x4d3e64 IntersectClipRect
0x4d3e68 ExcludeClipRect
0x4d3e6c SetMapMode
0x4d3e74 SetWorldTransform
0x4d3e78 SetGraphicsMode
0x4d3e7c SetStretchBltMode
0x4d3e80 SetROP2
0x4d3e84 SetPolyFillMode
0x4d3e88 SetBkMode
0x4d3e8c RestoreDC
0x4d3e90 SaveDC
0x4d3e94 StretchDIBits
0x4d3e98 DeleteDC
0x4d3e9c CreateFontA
0x4d3ea0 GetCharWidthA
0x4d3ea4 DeleteObject
0x4d3eac GetTextMetricsA
0x4d3eb0 SelectObject
0x4d3eb4 CreateCompatibleDC
0x4d3ebc PatBlt
0x4d3ec4 CreateDCA
0x4d3ec8 CopyMetaFileA
0x4d3ecc GetDeviceCaps
0x4d3ed0 CreateBitmap
0x4d3ed4 GetObjectA
0x4d3ed8 SetBkColor
0x4d3edc SetTextColor
0x4d3ee0 GetClipBox
0x4d3ee4 GetClipRgn
Library COMDLG32.dll:
0x4d3d50 GetFileTitleA
Library WINSPOOL.DRV:
0x4d479c DocumentPropertiesA
0x4d47a0 ClosePrinter
0x4d47a4 OpenPrinterA
Library ADVAPI32.dll:
0x4d3ce4 GetFileSecurityA
0x4d3ce8 SetFileSecurityA
0x4d3cec RegDeleteValueA
0x4d3cf0 RegSetValueExA
0x4d3cf4 RegCreateKeyExA
0x4d3cf8 RegQueryValueA
0x4d3cfc RegOpenKeyA
0x4d3d00 RegEnumKeyA
0x4d3d04 RegDeleteKeyA
0x4d3d08 RegOpenKeyExA
0x4d3d0c RegQueryValueExA
0x4d3d10 RegSetValueA
0x4d3d14 RegCloseKey
0x4d3d18 RegCreateKeyA
Library SHELL32.dll:
0x4d4398 DragFinish
0x4d439c DragQueryFileA
0x4d43a0 ExtractIconA
0x4d43a4 SHGetFileInfoA
0x4d43a8 ShellAboutA
Library SHLWAPI.dll:
0x4d43e0 PathFindFileNameA
0x4d43e4 PathStripToRootA
0x4d43e8 PathIsUNCA
0x4d43ec PathFindExtensionA
0x4d43f0 PathRemoveFileSpecW
Library oledlg.dll:
0x4d48a8
Library ole32.dll:
0x4d47d4 OleSetClipboard
0x4d47d8 CoRevokeClassObject
0x4d47e0 OleInitialize
0x4d47e8 OleUninitialize
0x4d47ec OleRun
0x4d47f0 CoInitializeEx
0x4d47f4 CoUninitialize
0x4d4804 CoGetClassObject
0x4d4808 CoCreateInstance
0x4d480c StringFromGUID2
0x4d4814 CLSIDFromString
0x4d4818 CLSIDFromProgID
0x4d481c OleDuplicateData
0x4d4820 CoTaskMemAlloc
0x4d4824 ReleaseStgMedium
0x4d4828 CreateBindCtx
0x4d482c CoTreatAsClass
0x4d4830 StringFromCLSID
0x4d4834 ReadClassStg
0x4d4838 ReadFmtUserTypeStg
0x4d483c OleRegGetUserType
0x4d4840 WriteClassStg
0x4d4844 WriteFmtUserTypeStg
0x4d4848 SetConvertStg
0x4d484c CoTaskMemFree
0x4d4850 OleFlushClipboard
0x4d485c CoDisconnectObject
Library OLEAUT32.dll:
0x4d42a4 VariantChangeType
0x4d42a8 VariantInit
0x4d42ac SysAllocStringLen
0x4d42b0 SysStringLen
0x4d42b4 SysFreeString
0x4d42bc SysStringByteLen
0x4d42c0 RegisterTypeLib
0x4d42c4 LoadTypeLib
0x4d42c8 LoadRegTypeLib
0x4d42d0 SafeArrayAccessData
0x4d42d4 SafeArrayGetUBound
0x4d42d8 SafeArrayGetLBound
0x4d42e0 SafeArrayGetDim
0x4d42e4 SafeArrayCreate
0x4d42e8 SafeArrayRedim
0x4d42ec VariantCopy
0x4d42f0 SafeArrayAllocData
0x4d42f8 SafeArrayCopy
0x4d42fc SafeArrayGetElement
0x4d4300 SafeArrayPtrOfIndex
0x4d4304 SafeArrayPutElement
0x4d4308 SafeArrayLock
0x4d430c SafeArrayUnlock
0x4d4310 SafeArrayDestroy
0x4d4324 SysReAllocStringLen
0x4d4328 VarDateFromStr
0x4d432c VarBstrFromCy
0x4d4330 VarBstrFromDec
0x4d4334 VarDecFromStr
0x4d4338 VarCyFromStr
0x4d433c VarBstrFromDate
0x4d4344 SysAllocString
0x4d4348 VariantClear

Hosts

No hosts contacted.

TCP

Source Source Port Destination Destination Port
52.218.1.108 80 192.168.56.101 49197

UDP

Source Source Port Destination Destination Port
192.168.56.101 49713 114.114.114.114 53
192.168.56.101 51378 114.114.114.114 53
192.168.56.101 57874 114.114.114.114 53
192.168.56.101 58367 114.114.114.114 53
192.168.56.101 61680 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 123 20.189.79.72 time.windows.com 123
192.168.56.101 49235 224.0.0.252 5355
192.168.56.101 50002 224.0.0.252 5355
192.168.56.101 50534 224.0.0.252 5355
192.168.56.101 50568 224.0.0.252 5355
192.168.56.101 51963 224.0.0.252 5355
192.168.56.101 53380 224.0.0.252 5355
192.168.56.101 53657 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 57756 224.0.0.252 5355
192.168.56.101 62191 224.0.0.252 5355
192.168.56.101 63429 224.0.0.252 5355
192.168.56.101 1900 239.255.255.250 1900

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.