7.2
高危
60 个模型检测该样本为恶意!
重新分析
更多

7d7f5a1d6b2da2ac7d370109ba44bfeffcdc74346413d5e8d0aff6706a7fd113

c0a9e92917c0484e058de38b6446930c.exe

分析耗时

74s

最近分析

文件大小

1.1MB
静态报毒 动态报毒 100% AGEN AI SCORE=81 ANDROM BTI6IT CLASSIC CONFIDENCE DELF DELPHILESS EESQ EHW@AU@EGWHI EKVO FAREIT GENERICKD GENETIC HDOLMG HIGH CONFIDENCE IGENT LOKI LOKIBOT MALWARE@#3GZS2ZD8SGAR MIMIKATZNTR S + TROJ SCORE SIGGEN8 SMDF STATIC AI SUSGEN SUSPICIOUS PE SXEF TRJGEN TSCOPE TZMU UNSAFE ZELPHIF ZUSY 更多
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
McAfee Fareit-FRB!C0A9E92917C0 20201229 6.0.6.653
Alibaba Backdoor:Win32/Androm.39d4c163 20190527 0.3.0.5
CrowdStrike win/malicious_confidence_100% (W) 20190702 1.0
Baidu 20190318 1.0.0.2
Avast Win32:Trojan-gen 20201229 21.1.5827.0
Tencent Win32.Backdoor.Androm.Sxef 20201229 1.0.0.1
Kingsoft 20201229 2017.9.26.565
静态指标
The executable contains unknown PE section names indicative of a packer (could be a false positive) (3 个事件)
section CODE
section DATA
section BSS
The executable uses a known packer (1 个事件)
packer BobSoft Mini Delphi -> BoB / BobSoft
One or more processes crashed (2 个事件)
Time & API Arguments Status Return Repeated
1619861655.781
__exception__
stacktrace: 
c0a9e92917c0484e058de38b6446930c+0xb35fa @ 0x4b35fa
c0a9e92917c0484e058de38b6446930c+0x3e17 @ 0x403e17
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1637896
registers.edi: 4929068
registers.eax: 0
registers.ebp: 1638208
registers.edx: 6371800
registers.ebx: 80
registers.esi: 0
registers.ecx: 2010527866
exception.instruction_r: f7 f0 33 c0 5a 59 59 64 89 10 eb 0f e9 91 03 f5
exception.symbol: c0a9e92917c0484e058de38b6446930c+0xb343e
exception.instruction: div eax
exception.module: c0a9e92917c0484e058de38b6446930c.exe
exception.exception_code: 0xc0000094
exception.offset: 734270
exception.address: 0x4b343e
success 0 0
1619902861.528001
__exception__
stacktrace: 
RtlFlsAlloc+0x421 EtwNotificationRegister-0x6ae ntdll+0x3ee84 @ 0x77d6ee84
RtlRunOnceComplete+0x3a4 LdrLoadDll-0xb1 ntdll+0x3c389 @ 0x77d6c389
LdrLoadDll+0x7b _strcmpi-0x304 ntdll+0x3c4b5 @ 0x77d6c4b5
New_ntdll_LdrLoadDll@16+0x7b New_ntdll_LdrUnloadDll@4-0xb7 @ 0x7456d4cf
LoadLibraryExW+0x178 LoadLibraryExA-0x2a kernelbase+0x11d2a @ 0x778f1d2a
c0a9e92917c0484e058de38b6446930c+0x543f8 @ 0x4543f8
_CorValidateImage+0x83f _CorExeMain-0x2cc mscoree+0x4b0f @ 0x74164b0f
_CorExeMain+0xf62 CreateConfigStream-0x209a mscoree+0x5d3d @ 0x74165d3d
0x57005c

registers.esp: 1633872
registers.edi: 0
registers.eax: 0
registers.ebp: 1633912
registers.edx: 582600
registers.ebx: 0
registers.esi: 1634116
registers.ecx: 176
exception.symbol:
exception.exception_code: 0xc0000005
exception.address: 0xfe6914ad
success 0 0
行为判定
动态指标
One or more potentially interesting buffers were extracted, these generally contain injected code, configuration data, etc.
Allocates read-write-execute memory (usually to unpack itself) (28 个事件)
Time & API Arguments Status Return Repeated
1619861655.594
NtAllocateVirtualMemory
process_identifier: 1436
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x003d0000
success 0 0
1619861671.578
NtAllocateVirtualMemory
process_identifier: 1436
region_size: 24576
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00540000
success 0 0
1619861671.578
NtAllocateVirtualMemory
process_identifier: 1436
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x005b0000
success 0 0
1619902860.997001
NtProtectVirtualMemory
process_identifier: 2452
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00400000
success 0 0
1619902861.012001
NtAllocateVirtualMemory
process_identifier: 2452
region_size: 1572864
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 8192 (MEM_RESERVE)
base_address: 0x01e80000
success 0 0
1619902861.012001
NtAllocateVirtualMemory
process_identifier: 2452
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x01fc0000
success 0 0
1619902861.012001
NtAllocateVirtualMemory
process_identifier: 2452
region_size: 311296
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x01d80000
success 0 0
1619902861.012001
NtProtectVirtualMemory
process_identifier: 2452
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 286720
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x01d82000
success 0 0
1619902861.512001
NtProtectVirtualMemory
process_identifier: 2452
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x01e72000
success 0 0
1619902861.512001
NtProtectVirtualMemory
process_identifier: 2452
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76351000
success 0 0
1619902861.512001
NtProtectVirtualMemory
process_identifier: 2452
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x01e72000
success 0 0
1619902861.512001
NtProtectVirtualMemory
process_identifier: 2452
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76353000
success 0 0
1619902861.512001
NtProtectVirtualMemory
process_identifier: 2452
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x01e72000
success 0 0
1619902861.512001
NtProtectVirtualMemory
process_identifier: 2452
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76354000
success 0 0
1619902861.528001
NtProtectVirtualMemory
process_identifier: 2452
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x01e72000
success 0 0
1619902861.528001
NtProtectVirtualMemory
process_identifier: 2452
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76351000
success 0 0
1619902861.528001
NtProtectVirtualMemory
process_identifier: 2452
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x01e72000
success 0 0
1619902861.528001
NtProtectVirtualMemory
process_identifier: 2452
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x77d4f000
success 0 0
1619902861.528001
NtProtectVirtualMemory
process_identifier: 2452
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x01e72000
success 0 0
1619902861.528001
NtProtectVirtualMemory
process_identifier: 2452
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76353000
success 0 0
1619902861.528001
NtProtectVirtualMemory
process_identifier: 2452
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x01e72000
success 0 0
1619902861.528001
NtProtectVirtualMemory
process_identifier: 2452
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76351000
success 0 0
1619902861.528001
NtProtectVirtualMemory
process_identifier: 2452
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x01e72000
success 0 0
1619902861.528001
NtProtectVirtualMemory
process_identifier: 2452
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76351000
success 0 0
1619902861.528001
NtProtectVirtualMemory
process_identifier: 2452
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x01e72000
success 0 0
1619902861.528001
NtProtectVirtualMemory
process_identifier: 2452
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76354000
success 0 0
1619902861.528001
NtProtectVirtualMemory
process_identifier: 2452
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x01e72000
success 0 0
1619902861.528001
NtProtectVirtualMemory
process_identifier: 2452
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76351000
success 0 0
The binary likely contains encrypted or compressed data indicative of a packer (2 个事件)
entropy 7.247293902790515 section {'size_of_data': '0x00042e00', 'virtual_address': '0x000d5000', 'entropy': 7.247293902790515, 'name': '.rsrc', 'virtual_size': '0x00042d80'} description A section with a high entropy has been found
entropy 0.24418073938840712 description Overall entropy of this PE file is high
网络通信
Communicates with host for which no DNS query was performed (1 个事件)
host 172.217.24.14
Used NtSetContextThread to modify a thread in a remote process indicative of process injection (2 个事件)
Process injection Process 1436 called NtSetContextThread to modify thread in remote process 2452
Time & API Arguments Status Return Repeated
1619861672.359
NtSetContextThread
thread_handle: 0x00000100
registers.eip: 0
registers.esp: 0
registers.edi: 0
registers.eax: 4863408
registers.ebp: 0
registers.edx: 0
registers.ebx: 2130567168
registers.esi: 0
registers.ecx: 0
process_identifier: 2452
success 0 0
Resumed a suspended thread in a remote process potentially indicative of process injection (2 个事件)
Process injection Process 1436 resumed a thread in remote process 2452
Time & API Arguments Status Return Repeated
1619861672.39
NtResumeThread
thread_handle: 0x00000100
suspend_count: 1
process_identifier: 2452
success 0 0
Executed a process and injected code into it, probably while unpacking (6 个事件)
Time & API Arguments Status Return Repeated
1619861672.344
CreateProcessInternalW
thread_identifier: 2144
thread_handle: 0x00000100
process_identifier: 2452
current_directory:
filepath:
track: 1
command_line: "C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\c0a9e92917c0484e058de38b6446930c.exe"
filepath_r:
stack_pivoted: 0
creation_flags: 4 (CREATE_SUSPENDED)
process_handle: 0x00000108
inherit_handles: 0
success 1 0
1619861672.344
NtUnmapViewOfSection
process_identifier: 2452
region_size: 4096
process_handle: 0x00000108
base_address: 0x00400000
success 0 0
1619861672.344
NtMapViewOfSection
section_handle: 0x00000110
process_identifier: 2452
commit_size: 675840
win32_protect: 64 (PAGE_EXECUTE_READWRITE)
buffer:
process_handle: 0x00000108
allocation_type: 0 ()
section_offset: 0
view_size: 675840
base_address: 0x00400000
success 0 0
1619861672.359
NtGetContextThread
thread_handle: 0x00000100
success 0 0
1619861672.359
NtSetContextThread
thread_handle: 0x00000100
registers.eip: 0
registers.esp: 0
registers.edi: 0
registers.eax: 4863408
registers.ebp: 0
registers.edx: 0
registers.ebx: 2130567168
registers.esi: 0
registers.ecx: 0
process_identifier: 2452
success 0 0
1619861672.39
NtResumeThread
thread_handle: 0x00000100
suspend_count: 1
process_identifier: 2452
success 0 0
File has been identified by 60 AntiVirus engines on VirusTotal as malicious (50 out of 60 个事件)
Bkav W32.MimikatzNTR.Trojan
Elastic malicious (high confidence)
MicroWorld-eScan Trojan.GenericKD.42813836
FireEye Generic.mg.c0a9e92917c0484e
McAfee Fareit-FRB!C0A9E92917C0
Cylance Unsafe
Sangfor Malware
K7AntiVirus Riskware ( 0040eff71 )
Alibaba Backdoor:Win32/Androm.39d4c163
K7GW Riskware ( 0040eff71 )
CrowdStrike win/malicious_confidence_100% (W)
Arcabit Trojan.Generic.D28D498C
Cyren W32/Injector.TZMU-0208
Symantec Trojan.Gen.MBT
APEX Malicious
Avast Win32:Trojan-gen
ClamAV Win.Trojan.Zusy-9608603-0
Kaspersky HEUR:Backdoor.Win32.Androm.gen
BitDefender Trojan.GenericKD.42813836
NANO-Antivirus Trojan.Win32.TrjGen.hdolmg
Paloalto generic.ml
AegisLab Trojan.Multi.Generic.4!c
Tencent Win32.Backdoor.Androm.Sxef
Ad-Aware Trojan.GenericKD.42813836
Sophos Mal/Generic-S + Troj/Inject-FMV
Comodo Malware@#3gzs2zd8sgar
F-Secure Heuristic.HEUR/AGEN.1108672
DrWeb Trojan.Siggen8.46567
VIPRE Trojan.Win32.Generic!BT
TrendMicro TrojanSpy.Win32.LOKI.SMDF.hp
McAfee-GW-Edition BehavesLike.Win32.Fareit.th
Emsisoft Trojan.GenericKD.42813836 (B)
SentinelOne Static AI - Suspicious PE
Webroot W32.Trojan.Gen
Avira HEUR/AGEN.1108672
Antiy-AVL Trojan[Backdoor]/Win32.Androm
Gridinsoft Trojan.Win32.Gen.ba!s1
Microsoft PWS:Win32/Fareit.AKK!MTB
ZoneAlarm HEUR:Backdoor.Win32.Androm.gen
GData Trojan.GenericKD.42813836
Cynet Malicious (score: 100)
AhnLab-V3 Win-Trojan/Delphiless.Exp
BitDefenderTheta Gen:NN.ZelphiF.34700.eHW@au@egwhi
ALYac Trojan.GenericKD.42813836
MAX malware (ai score=81)
VBA32 TScope.Trojan.Delf
Malwarebytes Trojan.MalPack.DLF
Zoner Trojan.Win32.89458
ESET-NOD32 a variant of Win32/Injector.EKVO
TrendMicro-HouseCall TrojanSpy.Win32.LOKI.SMDF.hp
Connects to IP addresses that are no longer responding to requests (legitimate services will remain up-and-running usually) (2 个事件)
dead_host 172.217.24.14:443
dead_host 172.217.27.142:443
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

1992-04-02 02:25:01

Imports

Library kernel32.dll:
0x4c2178 VirtualFree
0x4c217c VirtualAlloc
0x4c2180 LocalFree
0x4c2184 LocalAlloc
0x4c2188 GetVersion
0x4c218c GetCurrentThreadId
0x4c2198 VirtualQuery
0x4c219c WideCharToMultiByte
0x4c21a0 MultiByteToWideChar
0x4c21a4 lstrlenA
0x4c21a8 lstrcpynA
0x4c21ac LoadLibraryExA
0x4c21b0 GetThreadLocale
0x4c21b4 GetStartupInfoA
0x4c21b8 GetProcAddress
0x4c21bc GetModuleHandleA
0x4c21c0 GetModuleFileNameA
0x4c21c4 GetLocaleInfoA
0x4c21c8 GetCommandLineA
0x4c21cc FreeLibrary
0x4c21d0 FindFirstFileA
0x4c21d4 FindClose
0x4c21d8 ExitProcess
0x4c21dc ExitThread
0x4c21e0 CreateThread
0x4c21e4 WriteFile
0x4c21ec RtlUnwind
0x4c21f0 RaiseException
0x4c21f4 GetStdHandle
Library user32.dll:
0x4c21fc GetKeyboardType
0x4c2200 LoadStringA
0x4c2204 MessageBoxA
0x4c2208 CharNextA
Library advapi32.dll:
0x4c2210 RegQueryValueExA
0x4c2214 RegOpenKeyExA
0x4c2218 RegCloseKey
Library oleaut32.dll:
0x4c2220 SysFreeString
0x4c2224 SysReAllocStringLen
0x4c2228 SysAllocStringLen
Library kernel32.dll:
0x4c2230 TlsSetValue
0x4c2234 TlsGetValue
0x4c2238 LocalAlloc
0x4c223c GetModuleHandleA
Library advapi32.dll:
0x4c2244 RegQueryValueExA
0x4c2248 RegOpenKeyExA
0x4c224c RegCloseKey
Library kernel32.dll:
0x4c2254 lstrlenA
0x4c2258 lstrcpyA
0x4c225c lstrcmpA
0x4c2260 WriteFile
0x4c2264 WaitForSingleObject
0x4c226c VirtualQuery
0x4c2270 VirtualFree
0x4c2274 VirtualAlloc
0x4c2278 Sleep
0x4c227c SizeofResource
0x4c2280 SetThreadLocale
0x4c2284 SetFilePointer
0x4c2288 SetEvent
0x4c228c SetErrorMode
0x4c2290 SetEndOfFile
0x4c2298 SearchPathA
0x4c229c ResumeThread
0x4c22a0 ResetEvent
0x4c22a4 ReleaseMutex
0x4c22a8 ReadFile
0x4c22ac OpenFileMappingA
0x4c22b0 MultiByteToWideChar
0x4c22b4 MulDiv
0x4c22b8 LockResource
0x4c22bc LoadResource
0x4c22c0 LoadLibraryA
0x4c22c8 IsDBCSLeadByte
0x4c22d0 GlobalUnlock
0x4c22d4 GlobalSize
0x4c22d8 GlobalReAlloc
0x4c22dc GlobalHandle
0x4c22e0 GlobalLock
0x4c22e4 GlobalFree
0x4c22e8 GlobalFindAtomA
0x4c22ec GlobalDeleteAtom
0x4c22f0 GlobalAlloc
0x4c22f4 GlobalAddAtomA
0x4c22f8 GetVersionExA
0x4c22fc GetVersion
0x4c2300 GetUserDefaultLCID
0x4c2304 GetTickCount
0x4c2308 GetThreadLocale
0x4c230c GetSystemInfo
0x4c2310 GetStringTypeExA
0x4c2314 GetStdHandle
0x4c2318 GetProcAddress
0x4c231c GetModuleHandleA
0x4c2320 GetModuleFileNameA
0x4c2324 GetLocaleInfoA
0x4c2328 GetLocalTime
0x4c232c GetLastError
0x4c2330 GetFullPathNameA
0x4c2334 GetExitCodeThread
0x4c2338 GetDiskFreeSpaceA
0x4c233c GetDateFormatA
0x4c2340 GetCurrentThreadId
0x4c2344 GetCurrentProcessId
0x4c234c GetComputerNameA
0x4c2350 GetCPInfo
0x4c2354 GetACP
0x4c2358 FreeResource
0x4c2360 InterlockedExchange
0x4c2368 FreeLibrary
0x4c236c FormatMessageA
0x4c2370 FindResourceA
0x4c2378 FindFirstFileA
0x4c2384 FindClose
0x4c2390 FatalAppExitA
0x4c2394 EnumCalendarInfoA
0x4c23a0 CreateThread
0x4c23a4 CreateMutexA
0x4c23a8 CreateFileA
0x4c23ac CreateEventA
0x4c23b0 CompareStringA
0x4c23b4 CloseHandle
Library version.dll:
0x4c23bc VerQueryValueA
0x4c23c4 GetFileVersionInfoA
Library gdi32.dll:
0x4c23cc UnrealizeObject
0x4c23d0 StretchBlt
0x4c23d4 SetWindowOrgEx
0x4c23d8 SetWinMetaFileBits
0x4c23dc SetViewportOrgEx
0x4c23e0 SetTextColor
0x4c23e4 SetStretchBltMode
0x4c23e8 SetROP2
0x4c23ec SetPixel
0x4c23f0 SetMapMode
0x4c23f4 SetEnhMetaFileBits
0x4c23f8 SetDIBColorTable
0x4c23fc SetBrushOrgEx
0x4c2400 SetBkMode
0x4c2404 SetBkColor
0x4c2408 SelectPalette
0x4c240c SelectObject
0x4c2410 SaveDC
0x4c2414 RestoreDC
0x4c2418 Rectangle
0x4c241c RectVisible
0x4c2420 RealizePalette
0x4c2424 PlayEnhMetaFile
0x4c2428 PatBlt
0x4c242c MoveToEx
0x4c2430 MaskBlt
0x4c2434 LineTo
0x4c2438 LPtoDP
0x4c243c IntersectClipRect
0x4c2440 GetWindowOrgEx
0x4c2444 GetWinMetaFileBits
0x4c2448 GetTextMetricsA
0x4c2454 GetStockObject
0x4c2458 GetPixel
0x4c245c GetPaletteEntries
0x4c2460 GetObjectA
0x4c2470 GetEnhMetaFileBits
0x4c2474 GetDeviceCaps
0x4c2478 GetDIBits
0x4c247c GetDIBColorTable
0x4c2480 GetDCOrgEx
0x4c2488 GetClipBox
0x4c248c GetBrushOrgEx
0x4c2490 GetBkMode
0x4c2494 GetBitmapBits
0x4c2498 ExtTextOutA
0x4c249c ExcludeClipRect
0x4c24a0 DeleteObject
0x4c24a4 DeleteEnhMetaFile
0x4c24a8 DeleteDC
0x4c24ac CreateSolidBrush
0x4c24b0 CreatePenIndirect
0x4c24b4 CreatePalette
0x4c24bc CreateFontIndirectA
0x4c24c0 CreateEnhMetaFileA
0x4c24c4 CreateDIBitmap
0x4c24c8 CreateDIBSection
0x4c24cc CreateCompatibleDC
0x4c24d4 CreateBrushIndirect
0x4c24d8 CreateBitmap
0x4c24dc CopyEnhMetaFileA
0x4c24e0 CloseEnhMetaFile
0x4c24e4 BitBlt
Library user32.dll:
0x4c24ec CreateWindowExA
0x4c24f0 WindowFromPoint
0x4c24f4 WinHelpA
0x4c24f8 WaitMessage
0x4c24fc UpdateWindow
0x4c2500 UnregisterClassA
0x4c2504 UnhookWindowsHookEx
0x4c2508 TranslateMessage
0x4c2510 TrackPopupMenu
0x4c2518 ShowWindow
0x4c251c ShowScrollBar
0x4c2520 ShowOwnedPopups
0x4c2524 ShowCursor
0x4c2528 SetWindowsHookExA
0x4c252c SetWindowTextA
0x4c2530 SetWindowPos
0x4c2534 SetWindowPlacement
0x4c2538 SetWindowLongA
0x4c253c SetTimer
0x4c2540 SetScrollRange
0x4c2544 SetScrollPos
0x4c2548 SetScrollInfo
0x4c254c SetRect
0x4c2550 SetPropA
0x4c2554 SetParent
0x4c2558 SetMenuItemInfoA
0x4c255c SetMenu
0x4c2560 SetForegroundWindow
0x4c2564 SetFocus
0x4c2568 SetCursor
0x4c256c SetClassLongA
0x4c2570 SetCapture
0x4c2574 SetActiveWindow
0x4c2578 SendMessageA
0x4c257c ScrollWindow
0x4c2580 ScreenToClient
0x4c2584 RemovePropA
0x4c2588 RemoveMenu
0x4c258c ReleaseDC
0x4c2590 ReleaseCapture
0x4c259c RegisterClassA
0x4c25a0 RedrawWindow
0x4c25a4 PtInRect
0x4c25a8 PostQuitMessage
0x4c25ac PostMessageA
0x4c25b0 PeekMessageA
0x4c25b4 OffsetRect
0x4c25b8 OemToCharBuffA
0x4c25bc OemToCharA
0x4c25c4 MessageBoxA
0x4c25c8 MapWindowPoints
0x4c25cc MapVirtualKeyA
0x4c25d0 LoadStringA
0x4c25d4 LoadKeyboardLayoutA
0x4c25d8 LoadIconA
0x4c25dc LoadCursorA
0x4c25e0 LoadBitmapA
0x4c25e4 KillTimer
0x4c25e8 IsZoomed
0x4c25ec IsWindowVisible
0x4c25f0 IsWindowEnabled
0x4c25f4 IsWindow
0x4c25f8 IsRectEmpty
0x4c25fc IsIconic
0x4c2600 IsDialogMessageA
0x4c2604 IsChild
0x4c2608 InvalidateRect
0x4c260c IntersectRect
0x4c2610 InsertMenuItemA
0x4c2614 InsertMenuA
0x4c2618 InflateRect
0x4c2620 GetWindowTextA
0x4c2624 GetWindowRect
0x4c2628 GetWindowPlacement
0x4c262c GetWindowLongA
0x4c2630 GetWindowDC
0x4c2634 GetTopWindow
0x4c2638 GetSystemMetrics
0x4c263c GetSystemMenu
0x4c2640 GetSysColorBrush
0x4c2644 GetSysColor
0x4c2648 GetSubMenu
0x4c264c GetScrollRange
0x4c2650 GetScrollPos
0x4c2654 GetScrollInfo
0x4c2658 GetPropA
0x4c265c GetParent
0x4c2660 GetWindow
0x4c2664 GetMessageTime
0x4c2668 GetMessagePos
0x4c266c GetMenuStringA
0x4c2670 GetMenuState
0x4c2674 GetMenuItemInfoA
0x4c2678 GetMenuItemID
0x4c267c GetMenuItemCount
0x4c2680 GetMenu
0x4c2684 GetLastActivePopup
0x4c2688 GetKeyboardState
0x4c2690 GetKeyboardLayout
0x4c2694 GetKeyState
0x4c2698 GetKeyNameTextA
0x4c269c GetIconInfo
0x4c26a0 GetForegroundWindow
0x4c26a4 GetFocus
0x4c26a8 GetDesktopWindow
0x4c26ac GetDCEx
0x4c26b0 GetDC
0x4c26b4 GetCursorPos
0x4c26b8 GetCursor
0x4c26bc GetClipboardData
0x4c26c0 GetClientRect
0x4c26c4 GetClassNameA
0x4c26c8 GetClassInfoA
0x4c26cc GetCapture
0x4c26d0 GetActiveWindow
0x4c26d4 FrameRect
0x4c26d8 FindWindowA
0x4c26dc FillRect
0x4c26e0 EqualRect
0x4c26e4 EnumWindows
0x4c26e8 EnumThreadWindows
0x4c26ec EndPaint
0x4c26f0 EnableWindow
0x4c26f4 EnableScrollBar
0x4c26f8 EnableMenuItem
0x4c26fc DrawTextA
0x4c2700 DrawMenuBar
0x4c2704 DrawIconEx
0x4c2708 DrawIcon
0x4c270c DrawFrameControl
0x4c2710 DrawFocusRect
0x4c2714 DrawEdge
0x4c2718 DispatchMessageA
0x4c271c DestroyWindow
0x4c2720 DestroyMenu
0x4c2724 DestroyIcon
0x4c2728 DestroyCursor
0x4c272c DeleteMenu
0x4c2730 DefWindowProcA
0x4c2734 DefMDIChildProcA
0x4c2738 DefFrameProcA
0x4c273c CreatePopupMenu
0x4c2740 CreateMenu
0x4c2744 CreateIcon
0x4c2748 ClientToScreen
0x4c2750 CheckMenuItem
0x4c2754 CallWindowProcA
0x4c2758 CallNextHookEx
0x4c275c BeginPaint
0x4c2760 CharNextA
0x4c2764 CharLowerBuffA
0x4c2768 CharLowerA
0x4c276c CharUpperBuffA
0x4c2770 CharToOemBuffA
0x4c2774 CharToOemA
0x4c2778 AdjustWindowRectEx
Library kernel32.dll:
0x4c2784 Sleep
Library oleaut32.dll:
0x4c278c SafeArrayPtrOfIndex
0x4c2790 SafeArrayPutElement
0x4c2794 SafeArrayGetElement
0x4c279c SafeArrayAccessData
0x4c27a0 SafeArrayGetUBound
0x4c27a4 SafeArrayGetLBound
0x4c27a8 SafeArrayCreate
0x4c27ac VariantChangeType
0x4c27b0 VariantCopyInd
0x4c27b4 VariantCopy
0x4c27b8 VariantClear
0x4c27bc VariantInit
Library ole32.dll:
0x4c27c8 IsAccelerator
0x4c27cc OleDraw
0x4c27d4 OleUninitialize
0x4c27d8 OleInitialize
0x4c27dc CoTaskMemFree
0x4c27e0 CoTaskMemAlloc
0x4c27e4 ProgIDFromCLSID
0x4c27e8 StringFromCLSID
0x4c27ec CoCreateInstance
0x4c27f0 CoGetClassObject
0x4c27f4 CoUninitialize
0x4c27f8 CoInitialize
0x4c27fc IsEqualGUID
Library oleaut32.dll:
0x4c2804 GetErrorInfo
0x4c2808 GetActiveObject
0x4c280c SysFreeString
Library comctl32.dll:
0x4c281c ImageList_Write
0x4c2820 ImageList_Read
0x4c2830 ImageList_DragMove
0x4c2834 ImageList_DragLeave
0x4c2838 ImageList_DragEnter
0x4c283c ImageList_EndDrag
0x4c2840 ImageList_BeginDrag
0x4c2844 ImageList_Remove
0x4c2848 ImageList_DrawEx
0x4c284c ImageList_Replace
0x4c2850 ImageList_Draw
0x4c2860 ImageList_Add
0x4c2868 ImageList_Destroy
0x4c286c ImageList_Create
0x4c2870 InitCommonControls
Library shell32.dll:
0x4c2878 ShellExecuteExA
0x4c287c ShellExecuteA
0x4c2880 SHGetFileInfoA
Library shell32.dll:
0x4c288c SHGetMalloc
0x4c2890 SHGetDesktopFolder

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 50568 114.114.114.114 53
192.168.56.101 51963 114.114.114.114 53
192.168.56.101 58367 114.114.114.114 53
192.168.56.101 60123 114.114.114.114 53
192.168.56.101 60215 114.114.114.114 53
192.168.56.101 63429 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 123 20.189.79.72 time.windows.com 123
192.168.56.101 49235 224.0.0.252 5355
192.168.56.101 50002 224.0.0.252 5355
192.168.56.101 50534 224.0.0.252 5355
192.168.56.101 53657 224.0.0.252 5355
192.168.56.101 56539 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 57756 224.0.0.252 5355
192.168.56.101 57874 224.0.0.252 5355
192.168.56.101 60384 224.0.0.252 5355
192.168.56.101 62912 224.0.0.252 5355
192.168.56.101 1900 239.255.255.250 1900

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.