12.8
0-day
62 个模型检测该样本为恶意!
重新分析
更多

268c70192ec2b0f6d279ee5d946de5dc694a68cb8b27aa991a8de5c87c41dc63

c1eb65ab319f55bd54b91a4ade3234ab.exe

分析耗时

91s

最近分析

文件大小

851.5KB
静态报毒 动态报毒 100% 1GW@AYJTQLMI AGENTTESLA AI SCORE=81 AIDETECTVM ALI2000015 BT5DTX CONFIDENCE DELF DELFINJECT DELPHILESS EMOY FAREIT HIGH CONFIDENCE HNSBGB HPLOKI IGENT KCLOUD KRYPTIK KTSE LOKIBOT MALWARE1 MALWARE@#29URSEGSA1XA7 MALWAREX OEGP PUTTY S + TROJ SCORE SMBD STATIC AI SUSGEN SUSPICIOUS PE SZBN TSCOPE TSPY U8VSUY UNSAFE X2094 XGNMS ZELPHIF 更多
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
Alibaba Trojan:Win32/DelfInject.ali2000015 20190527 0.3.0.5
Baidu 20190318 1.0.0.2
Avast Win32:MalwareX-gen [Trj] 20201124 20.10.5736.0
Kingsoft Win32.Hack.Undef.(kcloud) 20201124 2017.9.26.565
McAfee Fareit-FVZ!C1EB65AB319F 20201120 6.0.6.653
Tencent Win32.Trojan.Kryptik.Szbn 20201124 1.0.0.1
CrowdStrike win/malicious_confidence_100% (W) 20190702 1.0
静态指标
Queries for the computername (2 个事件)
Time & API Arguments Status Return Repeated
1619863616.398626
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
1619863659.788626
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
Collects information to fingerprint the system (MachineGuid, DigitalProductId, SystemBiosDate) (1 个事件)
registry HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\MachineGuid
Tries to locate where the browsers are installed (1 个事件)
registry HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox
Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available (1 个事件)
Time & API Arguments Status Return Repeated
1619863613.492626
GlobalMemoryStatusEx
success 1 0
The executable contains unknown PE section names indicative of a packer (could be a false positive) (3 个事件)
section CODE
section DATA
section BSS
The executable uses a known packer (1 个事件)
packer BobSoft Mini Delphi -> BoB / BobSoft
The file contains an unknown PE resource name possibly indicative of a packer (1 个事件)
resource name None
One or more processes crashed (1 个事件)
Time & API Arguments Status Return Repeated
1619863612.461249
__exception__
stacktrace: 
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 34471748
registers.edi: 0
registers.eax: 0
registers.ebp: 34471816
registers.edx: 6
registers.ebx: 0
registers.esi: 0
registers.ecx: 461
exception.instruction_r: f7 f0 89 c9 89 c9 33 c0 5a 59 59 64 89 10 e9 9b
exception.symbol: c1eb65ab319f55bd54b91a4ade3234ab+0x96338
exception.instruction: div eax
exception.module: c1eb65ab319f55bd54b91a4ade3234ab.exe
exception.exception_code: 0xc0000094
exception.offset: 615224
exception.address: 0x496338
success 0 0
行为判定
动态指标
One or more potentially interesting buffers were extracted, these generally contain injected code, configuration data, etc.
Allocates read-write-execute memory (usually to unpack itself) (3 个事件)
Time & API Arguments Status Return Repeated
1619863612.352249
NtAllocateVirtualMemory
process_identifier: 2316
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00360000
success 0 0
1619863612.461249
NtProtectVirtualMemory
process_identifier: 2316
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 28672
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00496000
success 0 0
1619863612.461249
NtAllocateVirtualMemory
process_identifier: 2316
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x01ee0000
success 0 0
Steals private information from local Internet browsers (19 个事件)
file C:\Users\Administrator.Oskar-PC\AppData\Local\Google\Chrome\User Data\Default\Login Data
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\Opera\Opera Next\data\User Data\Default\Login Data
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\Opera\Opera Next\data\User Data\Default\Web Data
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\Opera\Opera Next\data\Login Data
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\Opera\Opera Next\data\Default\Login Data
file C:\Users\Administrator.Oskar-PC\AppData\Local\Chromium\User Data\Default\Login Data
file C:\Users\Administrator.Oskar-PC\AppData\Local\Chromium\User Data\Default\Web Data
file C:\Users\Administrator.Oskar-PC\AppData\Local\MapleStudio\ChromePlus\User Data\Default\Web Data
file C:\Users\Administrator.Oskar-PC\AppData\LocalMapleStudio\ChromePlus\Login Data
file C:\Users\Administrator.Oskar-PC\AppData\LocalMapleStudio\ChromePlus\Default\Login Data
file C:\Users\Administrator.Oskar-PC\AppData\Local\MapleStudio\ChromePlus\User Data\Default\Login Data
file C:\Users\Administrator.Oskar-PC\AppData\Local\Nichrome\User Data\Default\Web Data
file C:\Users\Administrator.Oskar-PC\AppData\Local\Nichrome\User Data\Default\Login Data
file C:\Users\Administrator.Oskar-PC\AppData\Local\RockMelt\User Data\Default\Web Data
file C:\Users\Administrator.Oskar-PC\AppData\Local\RockMelt\User Data\Default\Login Data
file C:\Users\Administrator.Oskar-PC\AppData\Local\Yandex\YandexBrowser\User Data\Default\Login Data
file C:\Users\Administrator.Oskar-PC\AppData\Local\Yandex\YandexBrowser\User Data\Default\Web Data
registry HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\SeaMonkey
registry HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox
Searches running processes potentially to identify processes for sandbox evasion, code injection or memory dumping (5 个事件)
The binary likely contains encrypted or compressed data indicative of a packer (1 个事件)
entropy 6.9045135070859995 section {'size_of_data': '0x00029800', 'virtual_address': '0x000b1000', 'entropy': 6.9045135070859995, 'name': '.rsrc', 'virtual_size': '0x00029794'} description A section with a high entropy has been found
Checks for the Locally Unique Identifier on the system for a suspicious privilege (1 个事件)
Time & API Arguments Status Return Repeated
1619863659.554626
LookupPrivilegeValueW
system_name:
privilege_name: SeDebugPrivilege
success 1 0
网络通信
Communicates with host for which no DNS query was performed (2 个事件)
host 172.217.24.14
host 195.69.140.147
Harvests credentials from local FTP client softwares (22 个事件)
file C:\Program Files (x86)\FTPGetter\Profile\servers.xml
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\FTPGetter\servers.xml
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\Estsoft\ALFTP\ESTdb2.dat
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\wcx_ftp.ini
file C:\Windows\wcx_ftp.ini
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\GHISLER\wcx_ftp.ini
file C:\Users\Administrator.Oskar-PC\wcx_ftp.ini
file C:\Windows\32BitFtp.ini
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\FileZilla\sitemanager.xml
file C:\Program Files (x86)\FileZilla\Filezilla.xml
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\FileZilla\filezilla.xml
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\FileZilla\recentservers.xml
registry HKEY_CURRENT_USER\Software\Far\Plugins\FTP\Hosts
registry HKEY_CURRENT_USER\Software\Far2\Plugins\FTP\Hosts
registry HKEY_CURRENT_USER\Software\Ghisler\Total Commander
registry HKEY_CURRENT_USER\Software\VanDyke\SecureFX
registry HKEY_CURRENT_USER\Software\LinasFTP\Site Manager
registry HKEY_CURRENT_USER\Software\FlashPeak\BlazeFtp\Settings
registry HKEY_CURRENT_USER\Software\SimonTatham\PuTTY\Sessions
registry HKEY_LOCAL_MACHINE\Software\SimonTatham\PuTTY\Sessions
registry HKEY_CURRENT_USER\Software\Martin Prikryl
registry HKEY_LOCAL_MACHINE\Software\Martin Prikryl
Harvests information related to installed instant messenger clients (1 个事件)
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\.purple\accounts.xml
Harvests credentials from local email clients (3 个事件)
registry HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook
registry HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Thunderbird
registry HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook
Used NtSetContextThread to modify a thread in a remote process indicative of process injection (2 个事件)
Process injection Process 2316 called NtSetContextThread to modify thread in remote process 1404
Time & API Arguments Status Return Repeated
1619863612.649249
NtSetContextThread
thread_handle: 0x00000104
registers.eip: 0
registers.esp: 0
registers.edi: 0
registers.eax: 4274654
registers.ebp: 0
registers.edx: 0
registers.ebx: 2130567168
registers.esi: 0
registers.ecx: 0
process_identifier: 1404
success 0 0
Putty Files, Registry Keys and/or Mutexes Detected
Resumed a suspended thread in a remote process potentially indicative of process injection (2 个事件)
Process injection Process 2316 resumed a thread in remote process 1404
Time & API Arguments Status Return Repeated
1619863612.696249
NtResumeThread
thread_handle: 0x00000104
suspend_count: 1
process_identifier: 1404
success 0 0
Generates some ICMP traffic
Executed a process and injected code into it, probably while unpacking (7 个事件)
Time & API Arguments Status Return Repeated
1619863612.618249
CreateProcessInternalW
thread_identifier: 1176
thread_handle: 0x00000104
process_identifier: 1404
current_directory:
filepath:
track: 1
command_line: "C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\c1eb65ab319f55bd54b91a4ade3234ab.exe"
filepath_r:
stack_pivoted: 0
creation_flags: 4 (CREATE_SUSPENDED)
process_handle: 0x00000108
inherit_handles: 0
success 1 0
1619863612.618249
NtUnmapViewOfSection
process_identifier: 1404
region_size: 4096
process_handle: 0x00000108
base_address: 0x00400000
success 0 0
1619863612.618249
NtMapViewOfSection
section_handle: 0x00000110
process_identifier: 1404
commit_size: 663552
win32_protect: 64 (PAGE_EXECUTE_READWRITE)
buffer:
process_handle: 0x00000108
allocation_type: 0 ()
section_offset: 0
view_size: 663552
base_address: 0x00400000
success 0 0
1619863612.649249
NtGetContextThread
thread_handle: 0x00000104
success 0 0
1619863612.649249
NtSetContextThread
thread_handle: 0x00000104
registers.eip: 0
registers.esp: 0
registers.edi: 0
registers.eax: 4274654
registers.ebp: 0
registers.edx: 0
registers.ebx: 2130567168
registers.esi: 0
registers.ecx: 0
process_identifier: 1404
success 0 0
1619863612.696249
NtResumeThread
thread_handle: 0x00000104
suspend_count: 1
process_identifier: 1404
success 0 0
1619863614.679626
NtResumeThread
thread_handle: 0x00000110
suspend_count: 1
process_identifier: 1404
success 0 0
File has been identified by 62 AntiVirus engines on VirusTotal as malicious (50 out of 62 个事件)
Bkav W32.AIDetectVM.malware1
Elastic malicious (high confidence)
MicroWorld-eScan Trojan.Delf.FareIt.Gen.7
FireEye Generic.mg.c1eb65ab319f55bd
CAT-QuickHeal Trojan.Agent
ALYac Trojan.Delf.FareIt.Gen.7
Cylance Unsafe
VIPRE Trojan.Win32.Generic!BT
Sangfor Malware
K7AntiVirus Trojan ( 0056a36b1 )
Alibaba Trojan:Win32/DelfInject.ali2000015
K7GW Trojan ( 0056a36b1 )
Cybereason malicious.0a0829
Arcabit Trojan.Delf.FareIt.Gen.7
Cyren W32/Injector.OEGP-4909
Symantec Trojan.Gen.MBT
APEX Malicious
Avast Win32:MalwareX-gen [Trj]
ClamAV Win.Dropper.AgentTesla-8985766-1
Kaspersky HEUR:Trojan.Win32.Kryptik.gen
BitDefender Trojan.Delf.FareIt.Gen.7
NANO-Antivirus Trojan.Win32.Kryptik.hnsbgb
Paloalto generic.ml
Rising Trojan.Injector!1.C97E (KTSE)
Ad-Aware Trojan.Delf.FareIt.Gen.7
Sophos Mal/Generic-S + Troj/Fareit-KXC
Comodo Malware@#29ursegsa1xa7
F-Secure Trojan.TR/AD.LokiBot.xgnms
DrWeb Trojan.PWS.Stealer.28810
Zillya Trojan.Kryptik.Win32.2153857
TrendMicro TSPY_HPLOKI.SMBD
McAfee-GW-Edition BehavesLike.Win32.Fareit.ch
Emsisoft Trojan.Delf.FareIt.Gen.7 (B)
Ikarus Trojan.Inject
Jiangmin Trojan.Kryptik.bus
Webroot W32.Trojan.Delf.Fareit.Gen
Avira TR/AD.LokiBot.xgnms
Antiy-AVL Trojan/Win32.Kryptik
Kingsoft Win32.Hack.Undef.(kcloud)
Microsoft PWS:Win32/Fareit.AQ!MTB
AegisLab Trojan.Win32.FareIt.4!c
ZoneAlarm HEUR:Trojan.Win32.Kryptik.gen
GData Win32.Trojan.Agent.U8VSUY
Cynet Malicious (score: 100)
AhnLab-V3 Suspicious/Win.Delphiless.X2094
McAfee Fareit-FVZ!C1EB65AB319F
MAX malware (ai score=81)
VBA32 TScope.Trojan.Delf
Malwarebytes Trojan.MalPack.DLF
Zoner Trojan.Win32.91516
Connects to IP addresses that are no longer responding to requests (legitimate services will remain up-and-running usually) (3 个事件)
dead_host 172.217.24.14:443
dead_host 172.217.160.110:443
dead_host 195.69.140.147:80
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

1992-06-20 06:22:17

Imports

Library kernel32.dll:
0x4a0178 VirtualFree
0x4a017c VirtualAlloc
0x4a0180 LocalFree
0x4a0184 LocalAlloc
0x4a0188 GetVersion
0x4a018c GetCurrentThreadId
0x4a0198 VirtualQuery
0x4a019c WideCharToMultiByte
0x4a01a0 MultiByteToWideChar
0x4a01a4 lstrlenA
0x4a01a8 lstrcpynA
0x4a01ac LoadLibraryExA
0x4a01b0 GetThreadLocale
0x4a01b4 GetStartupInfoA
0x4a01b8 GetProcAddress
0x4a01bc GetModuleHandleA
0x4a01c0 GetModuleFileNameA
0x4a01c4 GetLocaleInfoA
0x4a01c8 GetCommandLineA
0x4a01cc FreeLibrary
0x4a01d0 FindFirstFileA
0x4a01d4 FindClose
0x4a01d8 ExitProcess
0x4a01dc WriteFile
0x4a01e4 RtlUnwind
0x4a01e8 RaiseException
0x4a01ec GetStdHandle
Library user32.dll:
0x4a01f4 GetKeyboardType
0x4a01f8 LoadStringA
0x4a01fc MessageBoxA
0x4a0200 CharNextA
Library advapi32.dll:
0x4a0208 RegQueryValueExA
0x4a020c RegOpenKeyExA
0x4a0210 RegCloseKey
Library oleaut32.dll:
0x4a0218 SysFreeString
0x4a021c SysReAllocStringLen
0x4a0220 SysAllocStringLen
Library kernel32.dll:
0x4a0228 TlsSetValue
0x4a022c TlsGetValue
0x4a0230 LocalAlloc
0x4a0234 GetModuleHandleA
Library advapi32.dll:
0x4a023c RegQueryValueExA
0x4a0240 RegOpenKeyExA
0x4a0244 RegCloseKey
Library kernel32.dll:
0x4a024c lstrcpyA
0x4a0250 WriteFile
0x4a0254 WideCharToMultiByte
0x4a0258 WaitForSingleObject
0x4a025c VirtualQuery
0x4a0260 VirtualProtectEx
0x4a0264 VirtualAlloc
0x4a0268 Sleep
0x4a026c SizeofResource
0x4a0270 SetThreadLocale
0x4a0274 SetFilePointer
0x4a0278 SetEvent
0x4a027c SetErrorMode
0x4a0280 SetEndOfFile
0x4a0284 ResetEvent
0x4a0288 ReadFile
0x4a028c MultiByteToWideChar
0x4a0290 MulDiv
0x4a0294 LockResource
0x4a0298 LoadResource
0x4a029c LoadLibraryA
0x4a02a8 GlobalUnlock
0x4a02ac GlobalReAlloc
0x4a02b0 GlobalHandle
0x4a02b4 GlobalLock
0x4a02b8 GlobalFree
0x4a02bc GlobalFindAtomA
0x4a02c0 GlobalDeleteAtom
0x4a02c4 GlobalAlloc
0x4a02c8 GlobalAddAtomA
0x4a02cc GetVersionExA
0x4a02d0 GetVersion
0x4a02d4 GetTickCount
0x4a02d8 GetThreadLocale
0x4a02dc GetSystemInfo
0x4a02e0 GetStringTypeExA
0x4a02e4 GetStdHandle
0x4a02e8 GetProcAddress
0x4a02ec GetModuleHandleA
0x4a02f0 GetModuleFileNameA
0x4a02f4 GetLocaleInfoA
0x4a02f8 GetLocalTime
0x4a02fc GetLastError
0x4a0300 GetFullPathNameA
0x4a0304 GetFileAttributesA
0x4a0308 GetDiskFreeSpaceA
0x4a030c GetDateFormatA
0x4a0310 GetCurrentThreadId
0x4a0314 GetCurrentProcessId
0x4a0318 GetCurrentProcess
0x4a031c GetCPInfo
0x4a0320 GetACP
0x4a0324 FreeResource
0x4a0328 InterlockedExchange
0x4a032c FreeLibrary
0x4a0330 FormatMessageA
0x4a0334 FindResourceA
0x4a0338 FindFirstFileA
0x4a033c FindClose
0x4a0348 EnumCalendarInfoA
0x4a0354 CreateThread
0x4a0358 CreateFileA
0x4a035c CreateEventA
0x4a0360 CompareStringA
0x4a0364 CloseHandle
Library version.dll:
0x4a036c VerQueryValueA
0x4a0374 GetFileVersionInfoA
Library gdi32.dll:
0x4a037c UnrealizeObject
0x4a0380 StretchBlt
0x4a0384 SetWindowOrgEx
0x4a0388 SetWinMetaFileBits
0x4a038c SetViewportOrgEx
0x4a0390 SetTextColor
0x4a0394 SetStretchBltMode
0x4a0398 SetROP2
0x4a039c SetPixel
0x4a03a0 SetEnhMetaFileBits
0x4a03a4 SetDIBColorTable
0x4a03a8 SetBrushOrgEx
0x4a03ac SetBkMode
0x4a03b0 SetBkColor
0x4a03b4 SelectPalette
0x4a03b8 SelectObject
0x4a03bc SelectClipPath
0x4a03c0 SaveDC
0x4a03c4 RestoreDC
0x4a03c8 Rectangle
0x4a03cc RectVisible
0x4a03d0 RealizePalette
0x4a03d4 Polyline
0x4a03d8 PlayEnhMetaFile
0x4a03dc PatBlt
0x4a03e0 MoveToEx
0x4a03e4 MaskBlt
0x4a03e8 LineTo
0x4a03ec IntersectClipRect
0x4a03f0 GetWindowOrgEx
0x4a03f4 GetWinMetaFileBits
0x4a03f8 GetTextMetricsA
0x4a0404 GetStockObject
0x4a0408 GetPixel
0x4a040c GetPaletteEntries
0x4a0410 GetObjectA
0x4a041c GetEnhMetaFileBits
0x4a0420 GetDeviceCaps
0x4a0424 GetDIBits
0x4a0428 GetDIBColorTable
0x4a042c GetDCOrgEx
0x4a0434 GetClipBox
0x4a0438 GetBrushOrgEx
0x4a043c GetBitmapBits
0x4a0440 ExcludeClipRect
0x4a0444 DeleteObject
0x4a0448 DeleteEnhMetaFile
0x4a044c DeleteDC
0x4a0450 CreateSolidBrush
0x4a0454 CreatePenIndirect
0x4a0458 CreatePen
0x4a045c CreatePalette
0x4a0464 CreateFontIndirectA
0x4a0468 CreateDIBitmap
0x4a046c CreateDIBSection
0x4a0470 CreateCompatibleDC
0x4a0478 CreateBrushIndirect
0x4a047c CreateBitmap
0x4a0480 CopyEnhMetaFileA
0x4a0484 BitBlt
Library user32.dll:
0x4a048c CreateWindowExA
0x4a0490 WindowFromPoint
0x4a0494 WinHelpA
0x4a0498 WaitMessage
0x4a049c ValidateRect
0x4a04a0 UpdateWindow
0x4a04a4 UnregisterClassA
0x4a04a8 UnhookWindowsHookEx
0x4a04ac TranslateMessage
0x4a04b4 TrackPopupMenu
0x4a04bc ShowWindow
0x4a04c0 ShowScrollBar
0x4a04c4 ShowOwnedPopups
0x4a04c8 ShowCursor
0x4a04cc SetWindowsHookExA
0x4a04d0 SetWindowPos
0x4a04d4 SetWindowPlacement
0x4a04d8 SetWindowLongA
0x4a04dc SetTimer
0x4a04e0 SetScrollRange
0x4a04e4 SetScrollPos
0x4a04e8 SetScrollInfo
0x4a04ec SetRect
0x4a04f0 SetPropA
0x4a04f4 SetParent
0x4a04f8 SetMenuItemInfoA
0x4a04fc SetMenu
0x4a0500 SetForegroundWindow
0x4a0504 SetFocus
0x4a0508 SetCursor
0x4a050c SetClassLongA
0x4a0510 SetCapture
0x4a0514 SetActiveWindow
0x4a0518 SendMessageA
0x4a051c ScrollWindow
0x4a0520 ScreenToClient
0x4a0524 RemovePropA
0x4a0528 RemoveMenu
0x4a052c ReleaseDC
0x4a0530 ReleaseCapture
0x4a053c RegisterClassA
0x4a0540 RedrawWindow
0x4a0544 PtInRect
0x4a0548 PostQuitMessage
0x4a054c PostMessageA
0x4a0550 PeekMessageA
0x4a0554 OffsetRect
0x4a0558 OemToCharA
0x4a055c MessageBoxA
0x4a0560 MapWindowPoints
0x4a0564 MapVirtualKeyA
0x4a0568 LoadStringA
0x4a056c LoadKeyboardLayoutA
0x4a0570 LoadIconA
0x4a0574 LoadCursorA
0x4a0578 LoadBitmapA
0x4a057c KillTimer
0x4a0580 IsZoomed
0x4a0584 IsWindowVisible
0x4a0588 IsWindowEnabled
0x4a058c IsWindow
0x4a0590 IsRectEmpty
0x4a0594 IsIconic
0x4a0598 IsDialogMessageA
0x4a059c IsChild
0x4a05a0 InvalidateRect
0x4a05a4 IntersectRect
0x4a05a8 InsertMenuItemA
0x4a05ac InsertMenuA
0x4a05b0 InflateRect
0x4a05b8 GetWindowTextA
0x4a05bc GetWindowRect
0x4a05c0 GetWindowPlacement
0x4a05c4 GetWindowLongA
0x4a05c8 GetWindowDC
0x4a05cc GetTopWindow
0x4a05d0 GetSystemMetrics
0x4a05d4 GetSystemMenu
0x4a05d8 GetSysColorBrush
0x4a05dc GetSysColor
0x4a05e0 GetSubMenu
0x4a05e4 GetScrollRange
0x4a05e8 GetScrollPos
0x4a05ec GetScrollInfo
0x4a05f0 GetPropA
0x4a05f4 GetParent
0x4a05f8 GetWindow
0x4a05fc GetMenuStringA
0x4a0600 GetMenuState
0x4a0604 GetMenuItemInfoA
0x4a0608 GetMenuItemID
0x4a060c GetMenuItemCount
0x4a0610 GetMenu
0x4a0614 GetLastActivePopup
0x4a0618 GetKeyboardState
0x4a0620 GetKeyboardLayout
0x4a0624 GetKeyState
0x4a0628 GetKeyNameTextA
0x4a062c GetIconInfo
0x4a0630 GetForegroundWindow
0x4a0634 GetFocus
0x4a0638 GetDlgItem
0x4a063c GetDesktopWindow
0x4a0640 GetDCEx
0x4a0644 GetDC
0x4a0648 GetCursorPos
0x4a064c GetCursor
0x4a0650 GetClipboardData
0x4a0654 GetClientRect
0x4a0658 GetClassNameA
0x4a065c GetClassInfoA
0x4a0660 GetCapture
0x4a0664 GetActiveWindow
0x4a0668 FrameRect
0x4a066c FindWindowA
0x4a0670 FillRect
0x4a0674 EqualRect
0x4a0678 EnumWindows
0x4a067c EnumThreadWindows
0x4a0680 EndPaint
0x4a0684 EnableWindow
0x4a0688 EnableScrollBar
0x4a068c EnableMenuItem
0x4a0690 DrawTextA
0x4a0694 DrawMenuBar
0x4a0698 DrawIconEx
0x4a069c DrawIcon
0x4a06a0 DrawFrameControl
0x4a06a4 DrawFocusRect
0x4a06a8 DrawEdge
0x4a06ac DispatchMessageA
0x4a06b0 DestroyWindow
0x4a06b4 DestroyMenu
0x4a06b8 DestroyIcon
0x4a06bc DestroyCursor
0x4a06c0 DeleteMenu
0x4a06c4 DefWindowProcA
0x4a06c8 DefMDIChildProcA
0x4a06cc DefFrameProcA
0x4a06d0 CreatePopupMenu
0x4a06d4 CreateMenu
0x4a06d8 CreateIcon
0x4a06dc ClientToScreen
0x4a06e0 CheckMenuItem
0x4a06e4 CallWindowProcA
0x4a06e8 CallNextHookEx
0x4a06ec BeginPaint
0x4a06f0 CharNextA
0x4a06f4 CharLowerBuffA
0x4a06f8 CharLowerA
0x4a06fc CharUpperBuffA
0x4a0700 CharToOemA
0x4a0704 AdjustWindowRectEx
Library kernel32.dll:
0x4a0710 Sleep
Library oleaut32.dll:
0x4a0718 SafeArrayPtrOfIndex
0x4a071c SafeArrayPutElement
0x4a0720 SafeArrayGetElement
0x4a0728 SafeArrayAccessData
0x4a072c SafeArrayGetUBound
0x4a0730 SafeArrayGetLBound
0x4a0734 SafeArrayRedim
0x4a0738 SafeArrayCreate
0x4a073c VariantChangeType
0x4a0740 VariantCopyInd
0x4a0744 VariantCopy
0x4a0748 VariantClear
0x4a074c VariantInit
Library ole32.dll:
0x4a0754 CoCreateInstance
0x4a0758 CoGetMalloc
0x4a075c CoUninitialize
0x4a0760 CoInitialize
Library oleaut32.dll:
0x4a0768 GetErrorInfo
0x4a076c SysStringLen
0x4a0770 SysFreeString
Library comctl32.dll:
0x4a0780 ImageList_Write
0x4a0784 ImageList_Read
0x4a0794 ImageList_DragMove
0x4a0798 ImageList_DragLeave
0x4a079c ImageList_DragEnter
0x4a07a0 ImageList_EndDrag
0x4a07a4 ImageList_BeginDrag
0x4a07a8 ImageList_Remove
0x4a07ac ImageList_DrawEx
0x4a07b0 ImageList_Replace
0x4a07b4 ImageList_Draw
0x4a07c4 ImageList_Add
0x4a07cc ImageList_Destroy
0x4a07d0 ImageList_Create
0x4a07d4 InitCommonControls
Library comdlg32.dll:
0x4a07dc GetSaveFileNameA
0x4a07e0 GetOpenFileNameA
Library winmm.dll:
0x4a07e8 mciSendCommandA
0x4a07ec mciGetErrorStringA

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 51378 114.114.114.114 53
192.168.56.101 51963 114.114.114.114 53
192.168.56.101 55368 114.114.114.114 53
192.168.56.101 60384 114.114.114.114 53
192.168.56.101 63429 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 123 20.189.79.72 time.windows.com 123
192.168.56.101 49713 224.0.0.252 5355
192.168.56.101 53237 224.0.0.252 5355
192.168.56.101 53657 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 58367 224.0.0.252 5355
192.168.56.101 60123 224.0.0.252 5355
192.168.56.101 61680 224.0.0.252 5355
192.168.56.101 62191 224.0.0.252 5355
192.168.56.101 62318 224.0.0.252 5355
192.168.56.101 65004 224.0.0.252 5355
192.168.56.101 1900 239.255.255.250 1900
192.168.56.101 53658 239.255.255.250 3702

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.