6.2
高危
55 个模型检测该样本为恶意!
重新分析
更多

44e6cbf7e0f06e14cdc9e6e254ac8f2210a7f17fc7b5a4f9289f02f5efeb79ad

c58b3a94d3e34301ffa7cebb67a1b95b.exe

分析耗时

88s

最近分析

文件大小

1.1MB
静态报毒 动态报毒 AI SCORE=80 AIDETECTVM ANSERIN AVADDONCRYPT BSCOPE CLASSIC COBRA CONFIDENCE DANGEROUSSIG ELDORADO ENCPK FV1@ASBFHMLI GDSDA GENCIRC HDWA HIDC HIGH CONFIDENCE HLFZRI INVALIDSIG KRYPTIK MALICIOUS PE MALWARE1 MALWARE@#1ILU89QZBVPVK OOZFY PINKSBOT QAKBOT QBOT R + MAL R340097 RAZY SCORE STATIC AI ZEXAF 更多
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
Alibaba Ransom:Win32/AvaddonCrypt.5d4a02e5 20190527 0.3.0.5
Avast Win32:DangerousSig [Trj] 20201210 21.1.5827.0
Baidu 20190318 1.0.0.2
Kingsoft 20201211 2017.9.26.565
McAfee W32/PinkSbot-GU!C58B3A94D3E3 20201211 6.0.6.653
Tencent Malware.Win32.Gencirc.10cdd285 20201211 1.0.0.1
CrowdStrike win/malicious_confidence_90% (W) 20190702 1.0
静态指标
Queries for the computername (2 个事件)
Time & API Arguments Status Return Repeated
1619931240.01675
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
1619931251.016875
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
This executable is signed
The executable contains unknown PE section names indicative of a packer (could be a false positive) (1 个事件)
section r2
The file contains an unknown PE resource name possibly indicative of a packer (2 个事件)
resource name MUI
resource name TYPELIB
One or more processes crashed (2 个事件)
Time & API Arguments Status Return Repeated
1619931251.641875
__exception__
stacktrace: 
c58b3a94d3e34301ffa7cebb67a1b95b+0x3f07 @ 0x403f07
c58b3a94d3e34301ffa7cebb67a1b95b+0x1b25 @ 0x401b25
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1637624
registers.edi: 0
registers.eax: 1447909480
registers.ebp: 1637684
registers.edx: 22104
registers.ebx: 1
registers.esi: 6129816
registers.ecx: 10
exception.instruction_r: ed 89 5d e4 89 4d e0 5a 59 5b 58 83 4d fc ff eb
exception.symbol: c58b3a94d3e34301ffa7cebb67a1b95b+0x3449
exception.instruction: in eax, dx
exception.module: c58b3a94d3e34301ffa7cebb67a1b95b.exe
exception.exception_code: 0xc0000096
exception.offset: 13385
exception.address: 0x403449
success 0 0
1619931251.641875
__exception__
stacktrace: 
c58b3a94d3e34301ffa7cebb67a1b95b+0x3f10 @ 0x403f10
c58b3a94d3e34301ffa7cebb67a1b95b+0x1b25 @ 0x401b25
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1637628
registers.edi: 0
registers.eax: 1447909480
registers.ebp: 1637684
registers.edx: 22104
registers.ebx: 1
registers.esi: 6129816
registers.ecx: 20
exception.instruction_r: ed 89 45 e4 5a 59 5b 58 83 4d fc ff eb 11 33 c0
exception.symbol: c58b3a94d3e34301ffa7cebb67a1b95b+0x34e2
exception.instruction: in eax, dx
exception.module: c58b3a94d3e34301ffa7cebb67a1b95b.exe
exception.exception_code: 0xc0000096
exception.offset: 13538
exception.address: 0x4034e2
success 0 0
行为判定
动态指标
Allocates read-write-execute memory (usually to unpack itself) (6 个事件)
Time & API Arguments Status Return Repeated
1619931239.89175
NtAllocateVirtualMemory
process_identifier: 2996
region_size: 225280
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00520000
success 0 0
1619931239.92275
NtAllocateVirtualMemory
process_identifier: 2996
region_size: 221184
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00560000
success 0 0
1619931239.93875
NtProtectVirtualMemory
process_identifier: 2996
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 237568
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00400000
success 0 0
1619931250.969875
NtAllocateVirtualMemory
process_identifier: 1804
region_size: 225280
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00520000
success 0 0
1619931250.985875
NtAllocateVirtualMemory
process_identifier: 1804
region_size: 221184
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00560000
success 0 0
1619931250.985875
NtProtectVirtualMemory
process_identifier: 1804
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 237568
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00400000
success 0 0
A process created a hidden window (1 个事件)
Time & API Arguments Status Return Repeated
1619931240.75175
CreateProcessInternalW
thread_identifier: 912
thread_handle: 0x00000158
process_identifier: 1804
current_directory:
filepath:
track: 1
command_line: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\c58b3a94d3e34301ffa7cebb67a1b95b.exe /C
filepath_r:
stack_pivoted: 0
creation_flags: 134217728 (CREATE_NO_WINDOW)
process_handle: 0x0000015c
inherit_handles: 0
success 1 0
Expresses interest in specific running processes (1 个事件)
process vboxservice.exe
网络通信
Communicates with host for which no DNS query was performed (2 个事件)
host 172.217.24.14
host 23.45.60.144
Detects VMWare through the in instruction feature (1 个事件)
Time & API Arguments Status Return Repeated
1619931251.641875
__exception__
stacktrace: 
c58b3a94d3e34301ffa7cebb67a1b95b+0x3f07 @ 0x403f07
c58b3a94d3e34301ffa7cebb67a1b95b+0x1b25 @ 0x401b25
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1637624
registers.edi: 0
registers.eax: 1447909480
registers.ebp: 1637684
registers.edx: 22104
registers.ebx: 1
registers.esi: 6129816
registers.ecx: 10
exception.instruction_r: ed 89 5d e4 89 4d e0 5a 59 5b 58 83 4d fc ff eb
exception.symbol: c58b3a94d3e34301ffa7cebb67a1b95b+0x3449
exception.instruction: in eax, dx
exception.module: c58b3a94d3e34301ffa7cebb67a1b95b.exe
exception.exception_code: 0xc0000096
exception.offset: 13385
exception.address: 0x403449
success 0 0
File has been identified by 55 AntiVirus engines on VirusTotal as malicious (50 out of 55 个事件)
Bkav W32.AIDetectVM.malware1
Elastic malicious (high confidence)
DrWeb Trojan.QakBot.10
MicroWorld-eScan Gen:Variant.Razy.678408
FireEye Generic.mg.c58b3a94d3e34301
ALYac Gen:Variant.Razy.678408
Malwarebytes Backdoor.Qbot
Zillya Trojan.Qbot.Win32.8244
Sangfor Malware
K7AntiVirus Trojan ( 005681571 )
Alibaba Ransom:Win32/AvaddonCrypt.5d4a02e5
K7GW Trojan ( 005681571 )
Cybereason malicious.4cf54f
Arcabit Trojan.Razy.DA5A08
BitDefenderTheta Gen:NN.ZexaF.34670.fv1@aSbFhmli
Cyren W32/Trojan.FLH.gen!Eldorado
Symantec Trojan.Anserin
APEX Malicious
Avast Win32:DangerousSig [Trj]
Kaspersky HEUR:Trojan-Banker.Win32.Qbot.pef
BitDefender Gen:Variant.Razy.678408
NANO-Antivirus Trojan.Win32.QakBot.hlfzri
Paloalto generic.ml
Rising Trojan.Kryptik!1.C745 (CLASSIC)
Ad-Aware Gen:Variant.Razy.678408
Emsisoft Gen:Variant.Razy.678408 (B)
Comodo Malware@#1ilu89qzbvpvk
F-Secure Trojan.TR/Crypt.Agent.oozfy
VIPRE Trojan.Win32.Generic.pak!cobra
TrendMicro Backdoor.Win32.QAKBOT.SME
McAfee-GW-Edition W32/PinkSbot-GU!C58B3A94D3E3
Sophos Mal/Generic-R + Mal/EncPk-APV
Ikarus Trojan-Banker.QakBot
Jiangmin Trojan.Banker.Qbot.py
Avira TR/Crypt.Agent.oozfy
Antiy-AVL Trojan[Banker]/Win32.Qbot
Gridinsoft Trojan.Win32.Kryptik.ba
Microsoft Ransom:Win32/AvaddonCrypt.SO!MTB
ZoneAlarm HEUR:Trojan-Banker.Win32.Qbot.pef
GData Gen:Variant.Razy.678408
Cynet Malicious (score: 85)
AhnLab-V3 Trojan/Win32.Kryptik.R340097
McAfee W32/PinkSbot-GU!C58B3A94D3E3
MAX malware (ai score=80)
VBA32 BScope.Trojan.Inject
ESET-NOD32 a variant of Win32/Kryptik.HDWA
TrendMicro-HouseCall Backdoor.Win32.QAKBOT.SME
Tencent Malware.Win32.Gencirc.10cdd285
SentinelOne Static AI - Malicious PE
eGambit PE.Heur.InvalidSig
Connects to IP addresses that are no longer responding to requests (legitimate services will remain up-and-running usually) (3 个事件)
dead_host 172.217.24.14:443
dead_host 172.217.160.110:443
dead_host 172.217.27.142:443
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

2020-06-04 09:38:16

Imports

Library KERNEL32.dll:
0x50b7b8 GetLastError
0x50b7bc Sleep
0x50b7c0 LoadLibraryA
0x50b7c4 GetProcAddress
0x50b7c8 GetModuleHandleW
0x50b7cc DeleteFileW
0x50b7d0 DeleteFileA
0x50b7d4 CreateDirectoryA
0x50b7d8 CreateDirectoryW
0x50b7dc FindClose
0x50b7e0 FindNextFileA
0x50b7e4 FindFirstFileA
0x50b7e8 FindNextFileW
0x50b7ec FindFirstFileW
0x50b7f0 GetTickCount
0x50b7f4 WideCharToMultiByte
0x50b7f8 GlobalAlloc
0x50b7fc GetVersionExW
0x50b800 GetFullPathNameA
0x50b804 GetFullPathNameW
0x50b808 GetModuleFileNameW
0x50b80c FindResourceW
0x50b810 HeapAlloc
0x50b814 GetProcessHeap
0x50b818 HeapFree
0x50b81c HeapReAlloc
0x50b820 CompareStringA
0x50b824 ExitProcess
0x50b828 GetLocaleInfoW
0x50b82c GetNumberFormatW
0x50b830 SetFileAttributesW
0x50b834 GetDateFormatW
0x50b838 GetTimeFormatW
0x50b848 WaitForSingleObject
0x50b84c GetTempPathW
0x50b850 MoveFileExW
0x50b854 UnmapViewOfFile
0x50b858 GetCommandLineW
0x50b85c MapViewOfFile
0x50b860 CreateFileMappingW
0x50b864 OpenFileMappingW
0x50b874 GetSystemTime
0x50b878 MultiByteToWideChar
0x50b87c CompareStringW
0x50b880 IsDBCSLeadByte
0x50b884 GetCPInfo
0x50b88c LoadLibraryW
0x50b890 FreeLibrary
0x50b894 SetFileAttributesA
0x50b898 GetFileAttributesW
0x50b89c GetFileAttributesA
0x50b8a0 WriteFile
0x50b8a4 GetStdHandle
0x50b8a8 ReadFile
0x50b8b0 CreateFileW
0x50b8b4 CreateFileA
0x50b8b8 GetFileType
0x50b8bc SetEndOfFile
0x50b8c0 SetFilePointer
0x50b8c4 MoveFileW
0x50b8c8 SetFileTime
0x50b8cc GetCurrentProcess
0x50b8d0 CloseHandle
0x50b8d4 SetLastError
0x50b8dc ConnectNamedPipe
0x50b8e0 CreateEventA
0x50b8e4 DuplicateHandle
0x50b8e8 CopyFileExW
0x50b8ec VerSetConditionMask
0x50b8f0 CompareFileTime
0x50b900 EndUpdateResourceA
0x50b904 GetOverlappedResult
0x50b90c OpenSemaphoreA
0x50b910 OpenEventA
0x50b914 GetShortPathNameA
0x50b918 OutputDebugStringA
0x50b91c LoadLibraryExW
0x50b920 LocalAlloc
0x50b924 GlobalFree
0x50b928 GetCurrentThreadId
0x50b92c CreateProcessA
0x50b930 GetSystemDirectoryW
0x50b938 GetDiskFreeSpaceExW
0x50b93c GetUserDefaultLCID
0x50b940 IsValidLocale
0x50b944 GetStringTypeExW
0x50b948 IsValidCodePage
0x50b94c GetShortPathNameW
0x50b950 GetLongPathNameW
0x50b954 GetCurrentThread
0x50b958 GlobalMemoryStatus
0x50b95c ReleaseSemaphore
0x50b964 EnumUILanguagesW
0x50b968 EnumSystemLocalesW
0x50b96c GetCalendarInfoW
0x50b974 VirtualProtect
0x50b97c GetTempFileNameA
0x50b980 GetTempPathA
0x50b984 InterlockedExchange
0x50b98c GetStartupInfoA
0x50b994 IsDebuggerPresent
0x50b998 lstrcmpiW
0x50b99c GetThreadContext
0x50b9a0 GetThreadTimes
0x50b9a4 GetPriorityClass
0x50b9a8 HeapDestroy
0x50b9ac HeapCreate
0x50b9b0 TerminateThread
0x50b9b8 GetLocalTime
0x50b9c4 ReleaseMutex
0x50b9d0 TerminateProcess
0x50b9d4 CreateThread
0x50b9d8 GetCurrentProcessId
0x50b9e0 GetModuleHandleA
0x50b9e4 GetVersionExA
0x50b9f4 LocalFree
0x50b9fc GetComputerNameA
0x50ba00 SetPriorityClass
0x50ba04 GetFileSize
0x50ba08 CreateFileMappingA
0x50ba0c SuspendThread
0x50ba10 ExitThread
0x50ba14 MulDiv
0x50ba18 GetModuleFileNameA
0x50ba28 GetACP
0x50ba30 SetEvent
0x50ba34 CreateProcessW
0x50ba38 GetSystemDirectoryA
0x50ba3c SetThreadPriority
0x50ba40 CreateRemoteThread
0x50ba44 OpenProcess
0x50ba48 LoadLibraryExA
0x50ba50 ReadProcessMemory
0x50ba54 VirtualQueryEx
0x50ba58 GetSystemInfo
0x50ba5c HeapSize
0x50ba60 HeapValidate
0x50ba64 VirtualAlloc
0x50ba68 RaiseException
0x50ba6c TlsSetValue
0x50ba70 CreateSemaphoreA
0x50ba74 FlushFileBuffers
0x50ba78 ResumeThread
0x50ba80 TlsAlloc
0x50ba84 VirtualFree
0x50ba88 TlsGetValue
0x50ba8c TlsFree
0x50ba90 GetVersion
0x50ba94 GetProcessTimes
0x50ba98 CreateMutexA
0x50ba9c OpenMutexA
0x50baa0 GetThreadPriority
Library USER32.dll:
0x50baa8 CreatePopupMenu
0x50baac CloseClipboard
0x50bab0 AnyPopup
0x50bab4 CreateMenu
0x50babc EndMenu
0x50bac0 LoadCursorFromFileW
0x50bac4 GetWindowDC
0x50bacc IsCharLowerW
0x50bad0 LoadCursorFromFileA
0x50bad4 LoadIconW
0x50bad8 wvsprintfW
0x50badc ReleaseDC
0x50bae0 GetDC
0x50bae4 SendMessageW
0x50bae8 SetDlgItemTextW
0x50baec SetFocus
0x50baf0 EndDialog
0x50baf4 DestroyIcon
0x50baf8 SendDlgItemMessageW
0x50bafc GetDlgItemTextW
0x50bb00 GetClassNameW
0x50bb04 DialogBoxParamW
0x50bb08 IsWindowVisible
0x50bb0c WaitForInputIdle
0x50bb10 SetForegroundWindow
0x50bb14 GetSysColor
0x50bb18 PostMessageW
0x50bb1c LoadBitmapW
0x50bb20 CharToOemA
0x50bb24 OemToCharA
0x50bb28 FindWindowExW
0x50bb2c wvsprintfA
0x50bb30 GetParent
0x50bb34 MapWindowPoints
0x50bb38 CreateWindowExW
0x50bb3c UpdateWindow
0x50bb40 SetWindowTextW
0x50bb44 LoadCursorW
0x50bb48 RegisterClassExW
0x50bb4c SetWindowLongW
0x50bb50 GetWindowLongW
0x50bb54 DefWindowProcW
0x50bb58 PeekMessageW
0x50bb5c GetMessageW
0x50bb60 TranslateMessage
0x50bb64 DispatchMessageW
0x50bb68 DestroyWindow
0x50bb6c GetClientRect
0x50bb70 IsWindow
0x50bb74 CharToOemBuffW
0x50bb78 MessageBoxW
0x50bb7c ShowWindow
0x50bb80 GetDlgItem
0x50bb84 EnableWindow
0x50bb88 OemToCharBuffA
0x50bb8c CharUpperA
0x50bb90 CharToOemBuffA
0x50bb94 LoadStringW
0x50bb98 SetWindowPos
0x50bb9c GetWindowTextW
0x50bba0 GetSystemMetrics
0x50bba4 GetWindow
0x50bba8 CharUpperW
0x50bbac GetWindowRect
0x50bbb0 CopyRect
0x50bbb8 LoadMenuIndirectW
0x50bbbc GetWindowTextA
0x50bbc0 DrawIconEx
0x50bbc4 WINNLSGetIMEHotkey
0x50bbc8 GetMessageA
0x50bbcc AdjustWindowRectEx
0x50bbd0 GetActiveWindow
0x50bbd8 wsprintfW
0x50bbdc SendNotifyMessageW
0x50bbe0 GetClassInfoExW
0x50bbe8 GetClassLongA
0x50bbec GetMonitorInfoA
0x50bbf8 GetClipboardViewer
0x50bc00 DdeCmpStringHandles
0x50bc08 CheckMenuRadioItem
0x50bc0c SendIMEMessageExW
0x50bc10 GetDlgCtrlID
0x50bc14 DrawTextA
0x50bc18 DrawTextW
0x50bc1c MapDialogRect
0x50bc20 CallWindowProcA
0x50bc24 MoveWindow
0x50bc28 GetKeyboardLayout
0x50bc2c LoadBitmapA
0x50bc30 CallWindowProcW
0x50bc34 SetRectEmpty
0x50bc38 PostMessageA
0x50bc3c SendMessageA
0x50bc40 DefWindowProcA
0x50bc44 SetTimer
0x50bc48 KillTimer
0x50bc4c PostQuitMessage
0x50bc50 DispatchMessageA
0x50bc54 IsDialogMessageA
0x50bc58 CreateWindowExA
0x50bc5c RegisterClassExA
0x50bc60 DialogBoxParamA
0x50bc68 GetWindowLongA
0x50bc6c LoadIconA
0x50bc70 SetWindowLongA
0x50bc74 FillRect
0x50bc78 GetSysColorBrush
0x50bc7c SetWindowTextA
0x50bc80 CreateDialogParamW
0x50bc84 EnumDisplayMonitors
0x50bc88 LoadCursorA
0x50bc8c SetCursor
0x50bc90 DrawFocusRect
0x50bc94 InvalidateRect
0x50bc98 SendDlgItemMessageA
0x50bc9c CheckDlgButton
0x50bca0 LoadStringA
0x50bca4 IsDlgButtonChecked
0x50bca8 SetDlgItemTextA
0x50bcac GetScrollInfo
0x50bcb0 SetScrollInfo
0x50bcb4 GetFocus
0x50bcb8 FlashWindowEx
0x50bcbc GetForegroundWindow
0x50bcc0 GetWindowPlacement
0x50bcc4 IsIconic
0x50bccc EnumWindows
0x50bcd0 SendMessageTimeoutA
0x50bcd4 IsWindowUnicode
0x50bcd8 GetClassNameA
Library GDI32.dll:
0x50bce0 GetBkColor
0x50bce4 DeleteObject
0x50bce8 GetTextColor
0x50bcec AbortPath
0x50bcf0 CreateMetaFileA
0x50bcf4 GetFontLanguageInfo
0x50bcf8 GetBkMode
0x50bcfc CreateMetaFileW
0x50bd00 CancelDC
0x50bd04 GetEnhMetaFileA
0x50bd08 GetGraphicsMode
0x50bd0c GetLayout
0x50bd10 RealizePalette
0x50bd14 CreateCompatibleDC
0x50bd18 GetObjectType
0x50bd20 CreatePatternBrush
0x50bd24 GetStockObject
0x50bd28 SaveDC
0x50bd2c DeleteDC
0x50bd30 GetSystemPaletteUse
0x50bd34 GetDCPenColor
0x50bd38 GetEnhMetaFileW
0x50bd3c BeginPath
0x50bd40 WidenPath
0x50bd44 GetStretchBltMode
0x50bd48 CloseMetaFile
0x50bd4c EndPath
0x50bd50 FillPath
0x50bd54 GdiGetBatchLimit
0x50bd58 PathToRegion
0x50bd5c SwapBuffers
0x50bd60 AddFontResourceW
0x50bd64 FlattenPath
0x50bd68 AddFontResourceA
0x50bd6c GetPixelFormat
0x50bd70 GetTextCharset
0x50bd74 GdiFlush
0x50bd78 AbortDoc
0x50bd7c GetTextAlign
0x50bd80 GetMapMode
0x50bd84 EndPage
0x50bd88 DeleteColorSpace
0x50bd8c EndDoc
0x50bd90 DeleteMetaFile
0x50bd94 CreateSolidBrush
0x50bd98 UpdateColors
0x50bd9c UnrealizeObject
0x50bda0 GetPolyFillMode
0x50bda4 DeleteEnhMetaFile
0x50bdac CloseEnhMetaFile
0x50bdb0 CloseFigure
0x50bdb4 GetDCBrushColor
0x50bdb8 GetColorSpace
0x50bdbc GetROP2
0x50bdc0 SetMetaRgn
0x50bdc4 StrokePath
0x50bdcc GdiGetSpoolMessage
0x50bdd0 PATHOBJ_bEnum
0x50bdd4 CreateFontIndirectW
0x50bddc RemoveFontResourceW
0x50bde0 NamedEscape
0x50bde8 SelectClipPath
0x50bdec CreateRectRgn
0x50bdf0 Ellipse
0x50bdf4 StretchDIBits
0x50bdf8 CreateBitmap
0x50bdfc GetCharABCWidthsW
0x50be00 CreateFontA
0x50be04 EnumObjects
0x50be08 CreateICA
0x50be0c GdiEntry6
0x50be10 StartDocW
0x50be18 GetTransform
0x50be1c RestoreDC
0x50be20 GetTextFaceA
0x50be24 SelectObject
0x50be28 GetDeviceCaps
0x50be2c SetMapMode
0x50be30 GetObjectW
0x50be38 SetTextAlign
0x50be3c GetTextMetricsA
0x50be40 GetObjectA
0x50be44 ExtTextOutW
0x50be48 SetBkMode
0x50be4c SetTextColor
0x50be50 GetTextFaceW
0x50be54 CreateDCA
0x50be5c CreateFontIndirectA
0x50be60 SetBkColor
0x50be64 CreateBrushIndirect
Library COMDLG32.dll:
0x50be6c GetOpenFileNameW
0x50be74 GetSaveFileNameW
Library ADVAPI32.dll:
0x50be7c GetUserNameA
0x50be80 RegOpenKeyA
0x50be84 RegQueryValueExA
0x50be88 RegOpenKeyExW
0x50be90 OpenProcessToken
0x50be94 RegQueryValueExW
0x50be98 RegCreateKeyExW
0x50be9c RegSetValueExW
0x50bea0 RegCloseKey
0x50bea4 SetFileSecurityW
0x50bea8 SetFileSecurityA
0x50beb4 RegQueryInfoKeyW
0x50beb8 ReportEventW
0x50bec0 ReportEventA
0x50bec8 RegQueryInfoKeyA
0x50becc RegEnumValueA
0x50bed0 RegEnumKeyExA
0x50bed4 RegDeleteValueA
0x50bee4 RegCreateKeyExA
0x50bee8 RegDeleteValueW
0x50beec RegOpenKeyExA
0x50bef0 RegSetValueExA
0x50bef4 RegEnumKeyW
0x50bef8 RegEnumValueW
0x50befc GetLengthSid
0x50bf00 AddAccessAllowedAce
0x50bf04 AddAccessDeniedAce
0x50bf08 InitializeAcl
0x50bf10 CopySid
0x50bf14 OpenThreadToken
0x50bf18 IsValidSid
0x50bf2c FreeSid
0x50bf30 GetTokenInformation
Library SHELL32.dll:
0x50bf38 SHChangeNotify
0x50bf3c ShellExecuteExW
0x50bf40 SHFileOperationW
0x50bf44 SHGetFileInfoW
0x50bf4c SHGetMalloc
0x50bf50 SHBrowseForFolderW
0x50bf58 ExtractIconEx
0x50bf60 DoEnvironmentSubstW
0x50bf64 ExtractIconExA
0x50bf6c ShellExecuteExA
Library ole32.dll:
0x50bf74 StringFromIID
0x50bf78 CoTaskMemFree
0x50bf7c CoUninitialize
0x50bf80 CoInitializeEx
0x50bf84 CoCreateInstance
Library SHLWAPI.dll:
0x50bf8c SHAutoComplete
0x50bf90 StrCmpNIA
0x50bf94 AssocQueryStringW
0x50bf98 UrlGetPartA
0x50bf9c wnsprintfA
Library COMCTL32.dll:
0x50bfac ImageList_Create
0x50bfb0 ImageList_Destroy

Hosts

No hosts contacted.

TCP

Source Source Port Destination Destination Port
23.45.60.144 443 192.168.56.101 49190

UDP

Source Source Port Destination Destination Port
192.168.56.101 49235 114.114.114.114 53
192.168.56.101 53210 114.114.114.114 53
192.168.56.101 55368 114.114.114.114 53
192.168.56.101 57874 114.114.114.114 53
192.168.56.101 60215 114.114.114.114 53
192.168.56.101 63429 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 123 20.189.79.72 time.windows.com 123
192.168.56.101 50002 224.0.0.252 5355
192.168.56.101 50534 224.0.0.252 5355
192.168.56.101 51378 224.0.0.252 5355
192.168.56.101 51808 224.0.0.252 5355
192.168.56.101 51963 224.0.0.252 5355
192.168.56.101 53380 224.0.0.252 5355
192.168.56.101 56539 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 57756 224.0.0.252 5355
192.168.56.101 60221 224.0.0.252 5355
192.168.56.101 60384 224.0.0.252 5355

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.