5.6
高危
36 个模型检测该样本为恶意!
重新分析
更多

f1f4734813a39e6275b055e6aaf8c75b8443f97726e1c958e6106d422aae8bf4

c4d504ec037300ffddbcd8990508457e.exe

分析耗时

84s

最近分析

文件大小

2.5MB
静态报毒 动态报毒 AI SCORE=99 ARTEMIS ATTRIBUTE BSCOPE CLASSIC CONFIDENCE FARFRI GENERICKD HIGH CONFIDENCE HIGHCONFIDENCE KM9LF8SSTNS MALICIOUS PE POSSIBLE PRESENOKER SUSGEN TDLLA UNSAFE ZPEVDO 更多
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
McAfee Artemis!C4D504EC0373 20191023 6.0.6.653
Alibaba Trojan:Application/tdlla.8ae544df 20190527 0.3.0.5
Baidu 20190318 1.0.0.2
Avast Win32:Malware-gen 20191023 18.4.3895.0
Tencent 20191023 1.0.0.1
Kingsoft 20191023 2013.8.14.323
CrowdStrike win/malicious_confidence_90% (W) 20190702 1.0
静态指标
Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available (1 个事件)
Time & API Arguments Status Return Repeated
1620897723.396748
GlobalMemoryStatusEx
success 1 0
The executable contains unknown PE section names indicative of a packer (could be a false positive) (3 个事件)
section CODE
section DATA
section BSS
The file contains an unknown PE resource name possibly indicative of a packer (1 个事件)
resource name AUUPG
One or more processes crashed (2 个事件)
Time & API Arguments Status Return Repeated
1620897755.505748
__exception__
stacktrace: 
c4d504ec037300ffddbcd8990508457e+0xaa678 @ 0x4aa678
c4d504ec037300ffddbcd8990508457e+0xaa5c6 @ 0x4aa5c6
c4d504ec037300ffddbcd8990508457e+0xb3563 @ 0x4b3563
c4d504ec037300ffddbcd8990508457e+0x25a2f @ 0x425a2f
c4d504ec037300ffddbcd8990508457e+0x427e @ 0x40427e
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 72744548
registers.edi: 72744760
registers.eax: 72744548
registers.ebp: 72744628
registers.edx: 0
registers.ebx: 4894840
registers.esi: 10060
registers.ecx: 7
exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b
exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727
exception.instruction: leave
exception.module: KERNELBASE.dll
exception.exception_code: 0xeedfade
exception.offset: 46887
exception.address: 0x778eb727
success 0 0
1620897760.224748
__exception__
stacktrace: 
c4d504ec037300ffddbcd8990508457e+0xb2fea @ 0x4b2fea
c4d504ec037300ffddbcd8990508457e+0xb31e0 @ 0x4b31e0
c4d504ec037300ffddbcd8990508457e+0xb7119 @ 0x4b7119
c4d504ec037300ffddbcd8990508457e+0xc2d57 @ 0x4c2d57
c4d504ec037300ffddbcd8990508457e+0xc3061 @ 0x4c3061
c4d504ec037300ffddbcd8990508457e+0xc31fc @ 0x4c31fc
c4d504ec037300ffddbcd8990508457e+0xc22f5 @ 0x4c22f5
c4d504ec037300ffddbcd8990508457e+0xc2367 @ 0x4c2367
c4d504ec037300ffddbcd8990508457e+0x16d7f3 @ 0x56d7f3
c4d504ec037300ffddbcd8990508457e+0x169dea @ 0x569dea
c4d504ec037300ffddbcd8990508457e+0x37ea6 @ 0x437ea6
c4d504ec037300ffddbcd8990508457e+0x26ff2 @ 0x426ff2
gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x775a62fa
GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x775a6d3a
CharPrevW+0x138 TranslateMessage-0x45 user32+0x177c4 @ 0x775a77c4
DispatchMessageA+0xf GetMessageA-0x9 user32+0x17bca @ 0x775a7bca
c4d504ec037300ffddbcd8990508457e+0x7d6d4 @ 0x47d6d4
c4d504ec037300ffddbcd8990508457e+0x16e151 @ 0x56e151
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1637132
registers.edi: 125
registers.eax: 1637132
registers.ebp: 1637212
registers.edx: 0
registers.ebx: 10060
registers.esi: 0
registers.ecx: 7
exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b
exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727
exception.instruction: leave
exception.module: KERNELBASE.dll
exception.exception_code: 0xeedfade
exception.offset: 46887
exception.address: 0x778eb727
success 0 0
行为判定
动态指标
Allocates read-write-execute memory (usually to unpack itself) (1 个事件)
Time & API Arguments Status Return Repeated
1620897722.740748
NtAllocateVirtualMemory
process_identifier: 2760
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x01eb0000
success 0 0
Foreign language identified in PE resource (8 个事件)
name RT_ICON language LANG_CHINESE offset 0x001a6318 filetype GLS_BINARY_LSB_FIRST sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000468
name RT_ICON language LANG_CHINESE offset 0x001a6318 filetype GLS_BINARY_LSB_FIRST sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000468
name RT_ICON language LANG_CHINESE offset 0x001a6318 filetype GLS_BINARY_LSB_FIRST sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000468
name RT_ICON language LANG_CHINESE offset 0x001a6318 filetype GLS_BINARY_LSB_FIRST sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000468
name RT_ICON language LANG_CHINESE offset 0x001a6318 filetype GLS_BINARY_LSB_FIRST sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000468
name RT_ICON language LANG_CHINESE offset 0x001a6318 filetype GLS_BINARY_LSB_FIRST sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000468
name RT_GROUP_ICON language LANG_CHINESE offset 0x00290bac filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x0000005a
name RT_VERSION language LANG_CHINESE offset 0x00290c08 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000388
Checks adapter addresses which can be used to detect virtual network interfaces (1 个事件)
Time & API Arguments Status Return Repeated
1620897728.396748
GetAdaptersAddresses
flags: 0
family: 0
failed 111 0
The binary likely contains encrypted or compressed data indicative of a packer (2 个事件)
entropy 7.109099094880074 section {'size_of_data': '0x000fc000', 'virtual_address': '0x00195000', 'entropy': 7.109099094880074, 'name': '.rsrc', 'virtual_size': '0x000fc000'} description A section with a high entropy has been found
entropy 0.3884393063583815 description Overall entropy of this PE file is high
网络通信
Communicates with host for which no DNS query was performed (2 个事件)
host 172.217.24.14
host 42.247.16.116
Sets or modifies WPAD proxy autoconfiguration file for traffic interception (8 个事件)
Time & API Arguments Status Return Repeated
1620897730.974748
RegSetValueExA
key_handle: 0x00000484
value: 1
regkey_r: WpadDecisionReason
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionReason
success 0 0
1620897730.974748
RegSetValueExA
key_handle: 0x00000484
value: @,T»þG×
regkey_r: WpadDecisionTime
reg_type: 3 (REG_BINARY)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionTime
success 0 0
1620897730.974748
RegSetValueExA
key_handle: 0x00000484
value: 3
regkey_r: WpadDecision
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecision
success 0 0
1620897730.974748
RegSetValueExW
key_handle: 0x00000484
value: 网络 2
regkey_r: WpadNetworkName
reg_type: 1 (REG_SZ)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadNetworkName
success 0 0
1620897730.974748
RegSetValueExA
key_handle: 0x00000498
value: 1
regkey_r: WpadDecisionReason
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionReason
success 0 0
1620897730.974748
RegSetValueExA
key_handle: 0x00000498
value: @,T»þG×
regkey_r: WpadDecisionTime
reg_type: 3 (REG_BINARY)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionTime
success 0 0
1620897730.974748
RegSetValueExA
key_handle: 0x00000498
value: 3
regkey_r: WpadDecision
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecision
success 0 0
1620897731.021748
RegSetValueExW
key_handle: 0x00000480
value: {40112ABE-63B3-43C3-BE93-1440EE3AF106}
regkey_r: WpadLastNetwork
reg_type: 1 (REG_SZ)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\WpadLastNetwork
success 0 0
Connects to an IP address that is no longer responding to requests (legitimate services will remain up-and-running usually) (1 个事件)
dead_host 42.247.16.116:80
File has been identified by 36 AntiVirus engines on VirusTotal as malicious (36 个事件)
MicroWorld-eScan Trojan.GenericKD.41125407
FireEye Generic.mg.c4d504ec037300ff
McAfee Artemis!C4D504EC0373
Cylance Unsafe
K7AntiVirus Trojan ( 7000000f1 )
Alibaba Trojan:Application/tdlla.8ae544df
K7GW Trojan ( 7000000f1 )
Cybereason malicious.c03730
Arcabit Trojan.Generic.D273861F
Symantec ML.Attribute.HighConfidence
Avast Win32:Malware-gen
BitDefender Trojan.GenericKD.41125407
AegisLab Trojan.Win32.Generic.4!c
Ad-Aware Trojan.GenericKD.41125407
Emsisoft Trojan.GenericKD.41125407 (B)
F-Secure Trojan.TR/Agent.tdlla
VIPRE Trojan.Win32.Generic!BT
TrendMicro Possible_Virus
McAfee-GW-Edition BehavesLike.Win32.Dropper.vh
SentinelOne DFI - Malicious PE
Webroot W32.Gen.Bt
Avira TR/Agent.tdlla
MAX malware (ai score=99)
Microsoft Trojan:Win32/Zpevdo.A
Endgame malicious (high confidence)
GData Trojan.GenericKD.41125407
VBA32 BScope.Adware.Presenoker
ALYac Trojan.GenericKD.41125407
TrendMicro-HouseCall Possible_Virus
Rising Backdoor.Farfri!1.6542 (CLASSIC)
Yandex Trojan.Agent!km9lf8SsTns
Ikarus Trojan.Agent
MaxSecure Trojan.Malware.11206588.susgen
AVG Win32:Malware-gen
CrowdStrike win/malicious_confidence_90% (W)
Qihoo-360 Win32/Trojan.62d
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

1992-06-20 06:22:17

Imports

Library kernel32.dll:
0x577218 VirtualFree
0x57721c VirtualAlloc
0x577220 LocalFree
0x577224 LocalAlloc
0x577228 GetTickCount
0x577230 GetVersion
0x577234 GetCurrentThreadId
0x577240 VirtualQuery
0x577244 WideCharToMultiByte
0x57724c MultiByteToWideChar
0x577250 lstrlenA
0x577254 lstrcpynA
0x577258 LoadLibraryExA
0x57725c GetThreadLocale
0x577260 GetStartupInfoA
0x577264 GetProcAddress
0x577268 GetModuleHandleA
0x57726c GetModuleFileNameA
0x577270 GetLocaleInfoA
0x577278 GetCommandLineA
0x57727c FreeLibrary
0x577280 FindFirstFileA
0x577284 FindClose
0x577288 ExitProcess
0x57728c ExitThread
0x577290 CreateThread
0x577294 WriteFile
0x57729c RtlUnwind
0x5772a0 RaiseException
0x5772a4 GetStdHandle
Library user32.dll:
0x5772ac GetKeyboardType
0x5772b0 LoadStringA
0x5772b4 MessageBoxA
0x5772b8 CharNextA
Library advapi32.dll:
0x5772c0 RegQueryValueExA
0x5772c4 RegOpenKeyExA
0x5772c8 RegCloseKey
Library oleaut32.dll:
0x5772d0 SysFreeString
0x5772d4 SysReAllocStringLen
0x5772d8 SysAllocStringLen
Library kernel32.dll:
0x5772e0 TlsSetValue
0x5772e4 TlsGetValue
0x5772e8 LocalAlloc
0x5772ec GetModuleHandleA
Library advapi32.dll:
0x5772f4 RegSetValueExA
0x5772f8 RegQueryValueExA
0x5772fc RegQueryInfoKeyA
0x577300 RegOpenKeyExA
0x577304 RegOpenKeyA
0x577308 RegFlushKey
0x57730c RegEnumKeyExA
0x577310 RegDeleteValueA
0x577314 RegCreateKeyExA
0x577318 RegCloseKey
Library kernel32.dll:
0x577320 lstrcpyA
0x577324 lstrcmpA
0x577328 WriteFile
0x57732c WinExec
0x577330 WideCharToMultiByte
0x577334 WaitForSingleObject
0x577338 VirtualQuery
0x57733c VirtualAlloc
0x577340 TerminateThread
0x577344 TerminateProcess
0x577348 SuspendThread
0x57734c Sleep
0x577350 SizeofResource
0x577354 SetThreadPriority
0x577358 SetThreadLocale
0x57735c SetFileTime
0x577360 SetFilePointer
0x577364 SetFileAttributesA
0x577368 SetEvent
0x57736c SetErrorMode
0x577370 SetEndOfFile
0x577378 ResumeThread
0x57737c ResetEvent
0x577380 ReleaseMutex
0x577384 ReadFile
0x577388 OpenProcess
0x57738c MultiByteToWideChar
0x577390 MulDiv
0x577394 LockResource
0x577398 LoadResource
0x57739c LoadLibraryA
0x5773a4 IsBadReadPtr
0x5773ac GlobalUnlock
0x5773b0 GlobalSize
0x5773b4 GlobalReAlloc
0x5773b8 GlobalHandle
0x5773bc GlobalLock
0x5773c0 GlobalFree
0x5773c4 GlobalFindAtomA
0x5773c8 GlobalDeleteAtom
0x5773cc GlobalAlloc
0x5773d0 GlobalAddAtomA
0x5773dc GetVersionExA
0x5773e0 GetVersion
0x5773e4 GetUserDefaultLCID
0x5773ec GetTickCount
0x5773f0 GetThreadPriority
0x5773f4 GetThreadLocale
0x5773f8 GetTempPathA
0x5773fc GetSystemInfo
0x577400 GetSystemDirectoryA
0x577408 GetStringTypeExA
0x57740c GetStdHandle
0x577410 GetProcAddress
0x577414 GetModuleHandleA
0x577418 GetModuleFileNameA
0x57741c GetLocaleInfoA
0x577420 GetLocalTime
0x577424 GetLastError
0x577428 GetFullPathNameA
0x57742c GetFileTime
0x577430 GetFileSize
0x577434 GetFileAttributesA
0x577438 GetExitCodeThread
0x57743c GetExitCodeProcess
0x577440 GetDiskFreeSpaceA
0x577444 GetDateFormatA
0x577448 GetCurrentThreadId
0x57744c GetCurrentProcessId
0x577450 GetComputerNameA
0x577454 GetCPInfo
0x577458 GetACP
0x57745c FreeResource
0x577464 InterlockedExchange
0x57746c FreeLibrary
0x577470 FormatMessageA
0x577474 FindResourceA
0x577478 FindNextFileA
0x57747c FindFirstFileA
0x577480 FindClose
0x57748c EnumCalendarInfoA
0x577498 DeleteFileA
0x5774a0 CreateThread
0x5774a4 CreateMutexA
0x5774a8 CreateFileA
0x5774ac CreateEventA
0x5774b0 CreateDirectoryA
0x5774b4 CompareStringA
0x5774b8 CloseHandle
Library version.dll:
0x5774c0 VerQueryValueA
0x5774c8 GetFileVersionInfoA
Library gdi32.dll:
0x5774d0 UnrealizeObject
0x5774d4 StretchBlt
0x5774d8 SetWindowOrgEx
0x5774dc SetWinMetaFileBits
0x5774e0 SetViewportOrgEx
0x5774e4 SetTextColor
0x5774e8 SetTextAlign
0x5774ec SetStretchBltMode
0x5774f0 SetROP2
0x5774f4 SetPixel
0x5774f8 SetMapMode
0x5774fc SetEnhMetaFileBits
0x577500 SetDIBitsToDevice
0x577504 SetDIBColorTable
0x577508 SetBrushOrgEx
0x57750c SetBkMode
0x577510 SetBkColor
0x577514 SelectPalette
0x577518 SelectObject
0x57751c SelectClipRgn
0x577520 SaveDC
0x577524 RoundRect
0x577528 RestoreDC
0x57752c Rectangle
0x577530 RectVisible
0x577534 RealizePalette
0x577538 PtInRegion
0x57753c Polyline
0x577540 Polygon
0x577544 PlayEnhMetaFile
0x577548 PatBlt
0x57754c MoveToEx
0x577550 MaskBlt
0x577554 LineTo
0x577558 LPtoDP
0x57755c IntersectClipRect
0x577560 GetWindowOrgEx
0x577564 GetWinMetaFileBits
0x577568 GetViewportOrgEx
0x57756c GetTextMetricsA
0x577570 GetTextExtentPointA
0x577578 GetTextAlign
0x577580 GetStockObject
0x577584 GetPixel
0x577588 GetPaletteEntries
0x57758c GetObjectA
0x57759c GetEnhMetaFileBits
0x5775a0 GetDeviceCaps
0x5775a4 GetDIBits
0x5775a8 GetDIBColorTable
0x5775ac GetDCOrgEx
0x5775b4 GetCurrentObject
0x5775b8 GetClipBox
0x5775bc GetBrushOrgEx
0x5775c0 GetBitmapBits
0x5775c4 GdiFlush
0x5775c8 ExtTextOutA
0x5775cc ExtCreateRegion
0x5775d0 ExcludeClipRect
0x5775d4 DeleteObject
0x5775d8 DeleteEnhMetaFile
0x5775dc DeleteDC
0x5775e0 CreateSolidBrush
0x5775e4 CreateRectRgn
0x5775e8 CreatePolygonRgn
0x5775ec CreatePenIndirect
0x5775f0 CreatePen
0x5775f4 CreatePalette
0x5775fc CreateFontIndirectA
0x577600 CreateEnhMetaFileA
0x577604 CreateDIBitmap
0x577608 CreateDIBSection
0x57760c CreateDCA
0x577610 CreateCompatibleDC
0x577618 CreateBrushIndirect
0x57761c CreateBitmap
0x577620 CopyEnhMetaFileA
0x577624 CombineRgn
0x577628 CloseEnhMetaFile
0x57762c BitBlt
Library user32.dll:
0x577634 CreateWindowExA
0x577638 WindowFromPoint
0x57763c WinHelpA
0x577640 WaitMessage
0x577644 UpdateWindow
0x577648 UnregisterClassA
0x57764c UnhookWindowsHookEx
0x577650 TranslateMessage
0x577658 TrackPopupMenu
0x577660 ShowWindow
0x577664 ShowScrollBar
0x577668 ShowOwnedPopups
0x57766c ShowCursor
0x577670 ShowCaret
0x577674 SetWindowRgn
0x577678 SetWindowsHookExA
0x57767c SetWindowTextA
0x577680 SetWindowPos
0x577684 SetWindowPlacement
0x577688 SetWindowLongW
0x57768c SetWindowLongA
0x577690 SetTimer
0x577694 SetScrollRange
0x577698 SetScrollPos
0x57769c SetScrollInfo
0x5776a0 SetRect
0x5776a4 SetPropA
0x5776a8 SetParent
0x5776ac SetMenuItemInfoA
0x5776b0 SetMenu
0x5776b4 SetKeyboardState
0x5776b8 SetForegroundWindow
0x5776bc SetFocus
0x5776c0 SetCursor
0x5776c4 SetClipboardData
0x5776c8 SetClassLongA
0x5776cc SetCaretPos
0x5776d0 SetCapture
0x5776d4 SetActiveWindow
0x5776d8 SendMessageA
0x5776dc ScrollWindow
0x5776e0 ScreenToClient
0x5776e4 RemovePropA
0x5776e8 RemoveMenu
0x5776ec ReleaseDC
0x5776f0 ReleaseCapture
0x5776fc RegisterClassA
0x577700 RedrawWindow
0x577704 PtInRect
0x577708 PostQuitMessage
0x57770c PostMessageA
0x577710 PeekMessageA
0x577714 OpenClipboard
0x577718 OffsetRect
0x57771c OemToCharA
0x577724 MoveWindow
0x577728 MessageBoxA
0x57772c MessageBeep
0x577730 MapWindowPoints
0x577734 MapVirtualKeyA
0x577738 LoadStringA
0x57773c LoadKeyboardLayoutA
0x577740 LoadIconA
0x577744 LoadCursorA
0x577748 LoadBitmapA
0x57774c KillTimer
0x577750 IsZoomed
0x577754 IsWindowVisible
0x577758 IsWindowUnicode
0x57775c IsWindowEnabled
0x577760 IsWindow
0x577764 IsRectEmpty
0x577768 IsIconic
0x57776c IsDialogMessageA
0x577774 IsChild
0x577778 IsCharAlphaNumericA
0x57777c IsCharAlphaA
0x577780 InvalidateRect
0x577784 IntersectRect
0x577788 InsertMenuItemA
0x57778c InsertMenuA
0x577790 InflateRect
0x577794 HideCaret
0x5777a0 GetWindowTextW
0x5777a4 GetWindowTextA
0x5777a8 GetWindowRect
0x5777ac GetWindowPlacement
0x5777b0 GetWindowLongW
0x5777b4 GetWindowLongA
0x5777b8 GetWindowDC
0x5777bc GetTopWindow
0x5777c0 GetSystemMetrics
0x5777c4 GetSystemMenu
0x5777c8 GetSysColorBrush
0x5777cc GetSysColor
0x5777d0 GetSubMenu
0x5777d4 GetScrollRange
0x5777d8 GetScrollPos
0x5777dc GetScrollInfo
0x5777e0 GetPropA
0x5777e4 GetParent
0x5777e8 GetWindow
0x5777ec GetMessageTime
0x5777f0 GetMessagePos
0x5777f4 GetMenuStringA
0x5777f8 GetMenuState
0x5777fc GetMenuItemInfoA
0x577800 GetMenuItemID
0x577804 GetMenuItemCount
0x577808 GetMenu
0x57780c GetLastInputInfo
0x577810 GetLastActivePopup
0x577814 GetKeyboardState
0x57781c GetKeyboardLayout
0x577820 GetKeyState
0x577824 GetKeyNameTextA
0x577828 GetIconInfo
0x57782c GetForegroundWindow
0x577830 GetFocus
0x577834 GetDoubleClickTime
0x577838 GetDlgCtrlID
0x57783c GetDesktopWindow
0x577840 GetDCEx
0x577844 GetDC
0x577848 GetCursorPos
0x57784c GetCursor
0x577850 GetClipboardData
0x577854 GetClientRect
0x577858 GetClassNameA
0x57785c GetClassInfoA
0x577860 GetCapture
0x577864 GetAsyncKeyState
0x577868 GetActiveWindow
0x57786c FrameRect
0x577870 FindWindowExA
0x577874 FindWindowA
0x577878 FillRect
0x57787c EqualRect
0x577880 EnumWindows
0x577884 EnumThreadWindows
0x57788c EndPaint
0x577890 EnableWindow
0x577894 EnableScrollBar
0x577898 EnableMenuItem
0x57789c EmptyClipboard
0x5778a0 DrawTextW
0x5778a4 DrawTextA
0x5778a8 DrawMenuBar
0x5778ac DrawIconEx
0x5778b0 DrawIcon
0x5778b4 DrawFrameControl
0x5778b8 DrawFocusRect
0x5778bc DrawEdge
0x5778c0 DispatchMessageA
0x5778c4 DestroyWindow
0x5778c8 DestroyMenu
0x5778cc DestroyIcon
0x5778d0 DestroyCursor
0x5778d4 DestroyCaret
0x5778d8 DeleteMenu
0x5778dc DefWindowProcA
0x5778e0 DefMDIChildProcA
0x5778e4 DefFrameProcA
0x5778e8 CreatePopupMenu
0x5778ec CreateMenu
0x5778f0 CreateIcon
0x5778f4 CreateCaret
0x5778f8 CopyImage
0x5778fc CloseClipboard
0x577900 ClientToScreen
0x577908 CheckMenuItem
0x57790c CallWindowProcA
0x577910 CallNextHookEx
0x577914 BeginPaint
0x577918 CharNextA
0x57791c CharLowerBuffA
0x577920 CharLowerA
0x577924 CharUpperBuffA
0x577928 CharToOemA
0x57792c AdjustWindowRectEx
Library kernel32.dll:
0x577938 Sleep
Library oleaut32.dll:
0x577940 SafeArrayPtrOfIndex
0x577944 SafeArrayPutElement
0x577948 SafeArrayGetElement
0x577950 SafeArrayAccessData
0x577954 SafeArrayGetUBound
0x577958 SafeArrayGetLBound
0x57795c SafeArrayCreate
0x577960 VariantChangeType
0x577964 VariantCopyInd
0x577968 VariantCopy
0x57796c VariantClear
0x577970 VariantInit
Library ole32.dll:
0x57797c IsAccelerator
0x577980 OleDraw
0x577988 OleUninitialize
0x57798c OleInitialize
0x577990 CoTaskMemFree
0x577994 CoTaskMemAlloc
0x577998 ProgIDFromCLSID
0x57799c StringFromCLSID
0x5779a0 CoCreateInstance
0x5779a4 CoGetClassObject
0x5779a8 CoUninitialize
0x5779ac CoInitialize
0x5779b0 IsEqualGUID
Library oleaut32.dll:
0x5779b8 GetErrorInfo
0x5779bc GetActiveObject
0x5779c0 SysFreeString
Library comctl32.dll:
0x5779d0 ImageList_Write
0x5779d4 ImageList_Read
0x5779e4 ImageList_DragMove
0x5779e8 ImageList_DragLeave
0x5779ec ImageList_DragEnter
0x5779f0 ImageList_EndDrag
0x5779f4 ImageList_BeginDrag
0x5779fc ImageList_GetIcon
0x577a00 ImageList_Remove
0x577a04 ImageList_DrawEx
0x577a08 ImageList_Replace
0x577a0c ImageList_Draw
0x577a1c ImageList_Add
0x577a24 ImageList_Destroy
0x577a28 ImageList_Create
0x577a2c InitCommonControls
Library shell32.dll:
0x577a34 Shell_NotifyIconA
0x577a38 ShellExecuteExA
0x577a3c ShellExecuteA
Library wininet.dll:
0x577a44 HttpSendRequestExA
0x577a48 InternetGoOnline
0x577a4c HttpEndRequestA
0x577a50 InternetWriteFile
0x577a58 InternetSetOptionA
0x577a5c InternetReadFile
0x577a64 InternetOpenA
0x577a68 InternetConnectA
0x577a6c InternetCloseHandle
0x577a70 HttpSendRequestA
0x577a74 HttpQueryInfoA
0x577a78 HttpOpenRequestA
Library URLMON.DLL:
0x577a84 URLDownloadToFileA
Library netapi32.dll:
0x577a8c Netbios
Library IPHLPAPI.DLL:
0x577a94 GetAdaptersInfo

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 49713 114.114.114.114 53
192.168.56.101 50002 114.114.114.114 53
192.168.56.101 53657 114.114.114.114 53
192.168.56.101 62318 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 49235 224.0.0.252 5355
192.168.56.101 50534 224.0.0.252 5355
192.168.56.101 50568 224.0.0.252 5355
192.168.56.101 51808 224.0.0.252 5355
192.168.56.101 51963 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 57756 224.0.0.252 5355
192.168.56.101 57874 224.0.0.252 5355
192.168.56.101 62191 224.0.0.252 5355
192.168.56.101 63429 224.0.0.252 5355
192.168.56.101 1900 239.255.255.250 1900
192.168.56.101 49238 239.255.255.250 1900
192.168.56.101 49714 239.255.255.250 3702
192.168.56.101 53658 239.255.255.250 3702

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.