6.4
高危
53 个模型检测该样本为恶意!
重新分析
更多

5b044f718cd5d6a2520d25c33b88f647a27b853d01fdeec1a788f15c68950405

c743123959425327700fd632bff0f5b1.exe

分析耗时

95s

最近分析

文件大小

424.0KB
静态报毒 动态报毒 AI SCORE=82 AIDETECTVM AQUF ATTRIBUTE AUTOG CJVMBQQTCU4 CLASSIC CONFIDENCE CSACR EMOTET EPAZ GENCIRC GENERICKD GENETIC GENKRYPTIK HFGQ HIGH CONFIDENCE HIGHCONFIDENCE HPZUEL KRYPTIK MALWARE2 R002C0DH220 R346674 S + TROJ S15320471 SCORE SUSGEN TRICKBOT TROJANX UNCLASSIFIEDMALWARE@0 UNSAFE ZENPAK ZENPAKPMF 更多
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
McAfee Emotet-FRH!C74312395942 20200915 6.0.6.653
Alibaba Backdoor:Win32/Trickbot.e3c6fbbb 20190527 0.3.0.5
Baidu 20190318 1.0.0.2
Avast Win32:TrojanX-gen [Trj] 20200915 18.4.3895.0
Kingsoft 20200915 2013.8.14.323
Tencent Malware.Win32.Gencirc.10cde60c 20200915 1.0.0.1
CrowdStrike win/malicious_confidence_60% (W) 20190702 1.0
静态指标
Queries for the computername (1 个事件)
Time & API Arguments Status Return Repeated
1619920954.258124
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
The executable uses a known packer (1 个事件)
packer Armadillo v1.71
One or more processes crashed (1 个事件)
Time & API Arguments Status Return Repeated
1619920975.540124
__exception__
stacktrace: 
RtlVirtualUnwind+0x14a RtlCheckForOrphanedCriticalSections-0x356 ntdll+0x19a5a @ 0x77b69a5a
RtlVirtualUnwind+0x37 RtlRestoreContext-0x19 kernel32+0x4b5e7 @ 0x77a7b5e7
stacktrace+0x1d1 memdup-0x62 @ 0x748005bd
New_ntdll_RtlDispatchException+0xfa New_ntdll_RtlRemoveVectoredContinueHandler-0x8d @ 0x74816d97
KiUserExceptionDispatcher+0x2e KiRaiseUserExceptionDispatcher-0x45 ntdll+0x51278 @ 0x77ba1278
RtlVirtualUnwind+0x14a RtlCheckForOrphanedCriticalSections-0x356 ntdll+0x19a5a @ 0x77b69a5a
RtlVirtualUnwind+0x37 RtlRestoreContext-0x19 kernel32+0x4b5e7 @ 0x77a7b5e7
stacktrace+0x1d1 memdup-0x62 @ 0x748005bd
New_ntdll_RtlDispatchException+0xfa New_ntdll_RtlRemoveVectoredContinueHandler-0x8d @ 0x74816d97
KiUserExceptionDispatcher+0x2e KiRaiseUserExceptionDispatcher-0x45 ntdll+0x51278 @ 0x77ba1278
RtlVirtualUnwind+0x14a RtlCheckForOrphanedCriticalSections-0x356 ntdll+0x19a5a @ 0x77b69a5a
RtlVirtualUnwind+0x37 RtlRestoreContext-0x19 kernel32+0x4b5e7 @ 0x77a7b5e7
stacktrace+0x1d1 memdup-0x62 @ 0x748005bd
New_ntdll_RtlDispatchException+0xfa New_ntdll_RtlRemoveVectoredContinueHandler-0x8d @ 0x74816d97
KiUserExceptionDispatcher+0x2e KiRaiseUserExceptionDispatcher-0x45 ntdll+0x51278 @ 0x77ba1278
RtlVirtualUnwind+0x14a RtlCheckForOrphanedCriticalSections-0x356 ntdll+0x19a5a @ 0x77b69a5a
RtlVirtualUnwind+0x37 RtlRestoreContext-0x19 kernel32+0x4b5e7 @ 0x77a7b5e7
stacktrace+0x1d1 memdup-0x62 @ 0x748005bd
New_ntdll_RtlDispatchException+0xfa New_ntdll_RtlRemoveVectoredContinueHandler-0x8d @ 0x74816d97
KiUserExceptionDispatcher+0x2e KiRaiseUserExceptionDispatcher-0x45 ntdll+0x51278 @ 0x77ba1278
RtlVirtualUnwind+0x14a RtlCheckForOrphanedCriticalSections-0x356 ntdll+0x19a5a @ 0x77b69a5a
RtlVirtualUnwind+0x37 RtlRestoreContext-0x19 kernel32+0x4b5e7 @ 0x77a7b5e7
stacktrace+0x1d1 memdup-0x62 @ 0x748005bd
New_ntdll_RtlDispatchException+0xfa New_ntdll_RtlRemoveVectoredContinueHandler-0x8d @ 0x74816d97
KiUserExceptionDispatcher+0x2e KiRaiseUserExceptionDispatcher-0x45 ntdll+0x51278 @ 0x77ba1278
RtlVirtualUnwind+0x14a RtlCheckForOrphanedCriticalSections-0x356 ntdll+0x19a5a @ 0x77b69a5a
RtlVirtualUnwind+0x37 RtlRestoreContext-0x19 kernel32+0x4b5e7 @ 0x77a7b5e7
stacktrace+0x1d1 memdup-0x62 @ 0x748005bd
New_ntdll_RtlDispatchException+0xfa New_ntdll_RtlRemoveVectoredContinueHandler-0x8d @ 0x74816d97
KiUserExceptionDispatcher+0x2e KiRaiseUserExceptionDispatcher-0x45 ntdll+0x51278 @ 0x77ba1278
RtlVirtualUnwind+0x14a RtlCheckForOrphanedCriticalSections-0x356 ntdll+0x19a5a @ 0x77b69a5a
RtlVirtualUnwind+0x37 RtlRestoreContext-0x19 kernel32+0x4b5e7 @ 0x77a7b5e7
stacktrace+0x1d1 memdup-0x62 @ 0x748005bd
New_ntdll_RtlDispatchException+0xfa New_ntdll_RtlRemoveVectoredContinueHandler-0x8d @ 0x74816d97
KiUserExceptionDispatcher+0x2e KiRaiseUserExceptionDispatcher-0x45 ntdll+0x51278 @ 0x77ba1278
RtlVirtualUnwind+0x14a RtlCheckForOrphanedCriticalSections-0x356 ntdll+0x19a5a @ 0x77b69a5a
RtlVirtualUnwind+0x37 RtlRestoreContext-0x19 kernel32+0x4b5e7 @ 0x77a7b5e7
stacktrace+0x1d1 memdup-0x62 @ 0x748005bd
New_ntdll_RtlDispatchException+0xfa New_ntdll_RtlRemoveVectoredContinueHandler-0x8d @ 0x74816d97
KiUserExceptionDispatcher+0x2e KiRaiseUserExceptionDispatcher-0x45 ntdll+0x51278 @ 0x77ba1278
RtlVirtualUnwind+0x14a RtlCheckForOrphanedCriticalSections-0x356 ntdll+0x19a5a @ 0x77b69a5a
RtlVirtualUnwind+0x37 RtlRestoreContext-0x19 kernel32+0x4b5e7 @ 0x77a7b5e7
stacktrace+0x1d1 memdup-0x62 @ 0x748005bd
New_ntdll_RtlDispatchException+0xfa New_ntdll_RtlRemoveVectoredContinueHandler-0x8d @ 0x74816d97
KiUserExceptionDispatcher+0x2e KiRaiseUserExceptionDispatcher-0x45 ntdll+0x51278 @ 0x77ba1278
RtlVirtualUnwind+0x14a RtlCheckForOrphanedCriticalSections-0x356 ntdll+0x19a5a @ 0x77b69a5a
RtlVirtualUnwind+0x37 RtlRestoreContext-0x19 kernel32+0x4b5e7 @ 0x77a7b5e7
stacktrace+0x1d1 memdup-0x62 @ 0x748005bd
New_ntdll_RtlDispatchException+0xfa New_ntdll_RtlRemoveVectoredContinueHandler-0x8d @ 0x74816d97
KiUserExceptionDispatcher+0x2e KiRaiseUserExceptionDispatcher-0x45 ntdll+0x51278 @ 0x77ba1278
RtlVirtualUnwind+0x14a RtlCheckForOrphanedCriticalSections-0x356 ntdll+0x19a5a @ 0x77b69a5a
RtlVirtualUnwind+0x37 RtlRestoreContext-0x19 kernel32+0x4b5e7 @ 0x77a7b5e7
stacktrace+0x1d1 memdup-0x62 @ 0x748005bd
New_ntdll_RtlDispatchException+0xfa New_ntdll_RtlRemoveVectoredContinueHandler-0x8d @ 0x74816d97
KiUserExceptionDispatcher+0x2e KiRaiseUserExceptionDispatcher-0x45 ntdll+0x51278 @ 0x77ba1278
RtlVirtualUnwind+0x14a RtlCheckForOrphanedCriticalSections-0x356 ntdll+0x19a5a @ 0x77b69a5a
RtlVirtualUnwind+0x37 RtlRestoreContext-0x19 kernel32+0x4b5e7 @ 0x77a7b5e7
stacktrace+0x1d1 memdup-0x62 @ 0x748005bd
hook_in_monitor+0x45 lde-0x133 @ 0x747f42ea
New_ntdll_LdrGetProcedureAddress+0x43 New_ntdll_LdrLoadDll-0x156 @ 0x7480f7f3
GetProcAddress+0x60 GetModuleHandleA-0x80 kernelbase+0x4190 @ 0x7fefdc54190
SvchostPushServiceGlobals+0x471 WinHttpQueryOption-0x1a7b winhttp+0x1eb99 @ 0x7fef9efeb99
SvchostPushServiceGlobals+0x4fb WinHttpQueryOption-0x19f1 winhttp+0x1ec23 @ 0x7fef9efec23
WinHttpConnect+0x1ab WinHttpGetDefaultProxyConfiguration-0x1615 winhttp+0x13fe7 @ 0x7fef9ef3fe7

registers.r14: 1042376
registers.r9: 1955190784
registers.rcx: 0
registers.rsi: 2767248
registers.r10: 0
registers.rbx: 0
registers.rdi: 0
registers.r11: 0
registers.r8: 5
registers.rdx: 2
registers.rbp: 0
registers.r15: -8403505265710073359
registers.r12: 2700080
registers.rsp: 1041856
registers.rax: 1
registers.r13: 443
exception.instruction_r: 48 8b 01 4a 89 44 c6 78 4d 85 e4 74 08 4b 89 8c
exception.symbol: RtlVirtualUnwind+0x14a RtlCheckForOrphanedCriticalSections-0x356 ntdll+0x19a5a
exception.instruction: mov rax, qword ptr [rcx]
exception.module: ntdll.dll
exception.exception_code: 0xc0000005
exception.offset: 105050
exception.address: 0x77b69a5a
success 0 0
行为判定
动态指标
One or more potentially interesting buffers were extracted, these generally contain injected code, configuration data, etc.
Allocates read-write-execute memory (usually to unpack itself) (8 个事件)
Time & API Arguments Status Return Repeated
1619906580.781
NtAllocateVirtualMemory
process_identifier: 2852
region_size: 204800
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12289 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x02050000
success 0 0
1619906580.813
NtProtectVirtualMemory
process_identifier: 2852
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 204800
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x02091000
success 0 0
1619906599.453
NtAllocateVirtualMemory
process_identifier: 2852
region_size: 12288
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00860000
success 0 0
1619906599.453
NtAllocateVirtualMemory
process_identifier: 2852
region_size: 12288
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 8192 (MEM_RESERVE)
base_address: 0x10000000
success 0 0
1619906599.453
NtAllocateVirtualMemory
process_identifier: 2852
region_size: 8192
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x10001000
success 0 0
1619906599.469
NtAllocateVirtualMemory
process_identifier: 2852
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00870000
success 0 0
1619906599.469
NtAllocateVirtualMemory
process_identifier: 2852
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00880000
success 0 0
1619906599.469
NtAllocateVirtualMemory
process_identifier: 2852
region_size: 147456
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x008a0000
success 0 0
The binary likely contains encrypted or compressed data indicative of a packer (2 个事件)
entropy 7.478801840896763 section {'size_of_data': '0x00046000', 'virtual_address': '0x00028000', 'entropy': 7.478801840896763, 'name': '.rsrc', 'virtual_size': '0x000454b0'} description A section with a high entropy has been found
entropy 0.6666666666666666 description Overall entropy of this PE file is high
Checks for the Locally Unique Identifier on the system for a suspicious privilege (3 个事件)
Time & API Arguments Status Return Repeated
1619920947.680124
LookupPrivilegeValueW
system_name:
privilege_name: SeDebugPrivilege
success 1 0
1619920949.399124
LookupPrivilegeValueW
system_name:
privilege_name: SeDebugPrivilege
success 1 0
1619920952.133124
LookupPrivilegeValueW
system_name:
privilege_name: SeDebugPrivilege
success 1 0
网络通信
Communicates with host for which no DNS query was performed (4 个事件)
host 172.217.24.14
host 185.14.31.104
host 203.208.40.98
host 203.208.41.65
Generates some ICMP traffic
File has been identified by 53 AntiVirus engines on VirusTotal as malicious (50 out of 53 个事件)
Bkav W32.AIDetectVM.malware2
Elastic malicious (high confidence)
MicroWorld-eScan Trojan.GenericKD.34271050
CAT-QuickHeal Trojan.ZenpakPMF.S15320471
McAfee Emotet-FRH!C74312395942
Cylance Unsafe
Zillya Trojan.Kryptik.Win32.2343667
Sangfor Malware
K7AntiVirus Trojan ( 0056bbf21 )
Alibaba Backdoor:Win32/Trickbot.e3c6fbbb
K7GW Trojan ( 0056e0911 )
Arcabit Trojan.Generic.D20AEF4A
Invincea Mal/Generic-S + Troj/AutoG-IU
Symantec ML.Attribute.HighConfidence
ESET-NOD32 a variant of Win32/Kryptik.HFGQ
APEX Malicious
Paloalto generic.ml
Cynet Malicious (score: 85)
Kaspersky Trojan.Win32.Zenpak.aquf
BitDefender Trojan.GenericKD.34271050
NANO-Antivirus Trojan.Win32.Zenpak.hpzuel
ViRobot Trojan.Win32.Z.Zenpak.434176.A
Avast Win32:TrojanX-gen [Trj]
Rising Trojan.Kryptik!1.C89F (CLASSIC)
Ad-Aware Trojan.GenericKD.34271050
Comodo .UnclassifiedMalware@0
F-Secure Trojan.TR/Crypt.Agent.csacr
DrWeb Trojan.Packed.140
VIPRE Trojan.Win32.Generic!BT
TrendMicro TROJ_GEN.R002C0DH220
FireEye Generic.mg.c743123959425327
Sophos Troj/AutoG-IU
Jiangmin Trojan.Zenpak.cro
Avira TR/Crypt.Agent.csacr
Antiy-AVL Trojan/Win32.Zenpak
Microsoft Trojan:Win32/Trickbot.VC!MTB
ZoneAlarm Trojan.Win32.Zenpak.aquf
GData Trojan.GenericKD.34271050
AhnLab-V3 Trojan/Win32.Kryptik.R346674
ALYac Trojan.GenericKD.34271050
MAX malware (ai score=82)
VBA32 Trojan.Zenpak
Malwarebytes Trojan.TrickBot
TrendMicro-HouseCall TROJ_GEN.R002C0DH220
Tencent Malware.Win32.Gencirc.10cde60c
Yandex Trojan.Kryptik!CJvmBQQTcU4
Ikarus Trojan.Win32.Crypt
MaxSecure Trojan.Malware.104435802.susgen
Fortinet W32/GenKryptik.EPAZ!tr
AVG Win32:TrojanX-gen [Trj]
Connects to IP addresses that are no longer responding to requests (legitimate services will remain up-and-running usually) (3 个事件)
dead_host 172.217.24.14:443
dead_host 172.217.160.110:443
dead_host 185.14.31.104:443
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

2020-07-30 19:21:31

Imports

Library KERNEL32.dll:
0x41b080 RtlUnwind
0x41b084 GetStartupInfoA
0x41b088 GetCommandLineA
0x41b08c ExitProcess
0x41b090 TerminateProcess
0x41b094 HeapFree
0x41b098 HeapAlloc
0x41b09c RaiseException
0x41b0a0 HeapReAlloc
0x41b0a4 HeapSize
0x41b0a8 GetACP
0x41b0bc SetHandleCount
0x41b0c0 GetStdHandle
0x41b0c4 GetFileType
0x41b0c8 HeapDestroy
0x41b0cc HeapCreate
0x41b0d0 VirtualFree
0x41b0d4 VirtualAlloc
0x41b0d8 IsBadWritePtr
0x41b0dc LCMapStringA
0x41b0e0 LCMapStringW
0x41b0e8 GetStringTypeA
0x41b0ec GetStringTypeW
0x41b0f0 Sleep
0x41b0f4 IsBadReadPtr
0x41b0f8 IsBadCodePtr
0x41b0fc SetStdHandle
0x41b100 FlushFileBuffers
0x41b104 SetFilePointer
0x41b108 WriteFile
0x41b10c ReadFile
0x41b110 SetErrorMode
0x41b114 GetOEMCP
0x41b118 GetCPInfo
0x41b11c FormatMessageA
0x41b120 GetProcessVersion
0x41b124 GetLastError
0x41b12c GlobalFlags
0x41b130 lstrcpynA
0x41b134 TlsGetValue
0x41b138 LocalReAlloc
0x41b13c TlsSetValue
0x41b144 GlobalReAlloc
0x41b14c TlsFree
0x41b150 GlobalHandle
0x41b158 TlsAlloc
0x41b160 LocalFree
0x41b164 LocalAlloc
0x41b168 MulDiv
0x41b16c SetLastError
0x41b170 LoadLibraryA
0x41b174 FreeLibrary
0x41b178 InterlockedExchange
0x41b17c GetVersion
0x41b180 lstrcatA
0x41b184 GlobalGetAtomNameA
0x41b188 GlobalAddAtomA
0x41b18c GlobalFindAtomA
0x41b190 lstrcpyA
0x41b194 GetModuleHandleA
0x41b198 MultiByteToWideChar
0x41b19c WideCharToMultiByte
0x41b1a0 lstrlenA
0x41b1ac GlobalUnlock
0x41b1b0 GlobalFree
0x41b1b4 LockResource
0x41b1b8 FindResourceA
0x41b1bc LoadResource
0x41b1c0 CloseHandle
0x41b1c4 GetModuleFileNameA
0x41b1c8 GlobalLock
0x41b1cc GlobalAlloc
0x41b1d0 GlobalDeleteAtom
0x41b1d4 lstrcmpA
0x41b1d8 lstrcmpiA
0x41b1dc GetCurrentThread
0x41b1e0 GetCurrentThreadId
0x41b1e4 LoadLibraryExW
0x41b1e8 LoadLibraryExA
0x41b1ec GetProcAddress
0x41b1f0 SizeofResource
0x41b1f8 GetCurrentProcess
Library USER32.dll:
0x41b218 LoadCursorA
0x41b21c GetClassNameA
0x41b220 PtInRect
0x41b224 GetSysColorBrush
0x41b228 DestroyMenu
0x41b22c ReleaseDC
0x41b230 GetDC
0x41b234 ClientToScreen
0x41b238 LoadStringA
0x41b23c ShowWindow
0x41b240 SetWindowTextA
0x41b244 IsDialogMessageA
0x41b248 UpdateWindow
0x41b24c SendDlgItemMessageA
0x41b250 MapWindowPoints
0x41b254 GetSysColor
0x41b258 SetFocus
0x41b25c AdjustWindowRectEx
0x41b260 CopyRect
0x41b264 GrayStringA
0x41b268 GetTopWindow
0x41b26c GetCapture
0x41b270 WinHelpA
0x41b274 wsprintfA
0x41b278 GetClassInfoA
0x41b27c RegisterClassA
0x41b280 GetMenu
0x41b284 GetMenuItemCount
0x41b288 GetSubMenu
0x41b28c GetMenuItemID
0x41b294 GetWindowTextA
0x41b298 GetDlgCtrlID
0x41b29c CreateWindowExA
0x41b2a0 GetClassLongA
0x41b2a4 SetPropA
0x41b2a8 UnhookWindowsHookEx
0x41b2ac GetPropA
0x41b2b0 CallWindowProcA
0x41b2b4 RemovePropA
0x41b2b8 GetMessageTime
0x41b2bc GetMessagePos
0x41b2c0 GetForegroundWindow
0x41b2c4 SetForegroundWindow
0x41b2c8 GetWindow
0x41b2cc SetWindowLongA
0x41b2d0 SetWindowPos
0x41b2dc GetWindowPlacement
0x41b2e0 GetWindowRect
0x41b2e4 EndDialog
0x41b2e8 SetActiveWindow
0x41b2ec IsWindow
0x41b2f4 DestroyWindow
0x41b2f8 GetDlgItem
0x41b300 LoadBitmapA
0x41b304 GetMenuState
0x41b308 ModifyMenuA
0x41b30c SetMenuItemBitmaps
0x41b310 CheckMenuItem
0x41b314 DrawTextA
0x41b318 TabbedTextOutA
0x41b31c EndPaint
0x41b320 BeginPaint
0x41b324 EnableMenuItem
0x41b328 GetFocus
0x41b32c GetNextDlgTabItem
0x41b330 GetMessageA
0x41b334 TranslateMessage
0x41b338 DispatchMessageA
0x41b33c GetActiveWindow
0x41b340 GetKeyState
0x41b344 CallNextHookEx
0x41b348 ValidateRect
0x41b34c IsWindowVisible
0x41b350 PeekMessageA
0x41b354 GetCursorPos
0x41b358 SetWindowsHookExA
0x41b35c GetParent
0x41b360 GetLastActivePopup
0x41b364 IsWindowEnabled
0x41b368 GetWindowLongA
0x41b36c MessageBoxA
0x41b370 SetCursor
0x41b374 PostQuitMessage
0x41b378 PostMessageA
0x41b37c EnableWindow
0x41b380 IsIconic
0x41b384 GetSystemMetrics
0x41b388 GetClientRect
0x41b38c DrawIcon
0x41b390 SendMessageA
0x41b394 GetSystemMenu
0x41b398 LoadIconA
0x41b39c DefWindowProcA
0x41b3a0 UnregisterClassA
Library GDI32.dll:
0x41b01c GetDeviceCaps
0x41b020 RectVisible
0x41b024 TextOutA
0x41b028 ExtTextOutA
0x41b02c Escape
0x41b030 DeleteObject
0x41b034 PtVisible
0x41b038 CreateBitmap
0x41b03c ScaleWindowExtEx
0x41b040 SetWindowExtEx
0x41b044 ScaleViewportExtEx
0x41b048 SetViewportExtEx
0x41b04c OffsetViewportOrgEx
0x41b050 SetViewportOrgEx
0x41b054 SetMapMode
0x41b058 GetStockObject
0x41b05c SelectObject
0x41b060 RestoreDC
0x41b064 SaveDC
0x41b068 DeleteDC
0x41b06c GetObjectA
0x41b070 SetBkColor
0x41b074 SetTextColor
0x41b078 GetClipBox
Library WINSPOOL.DRV:
0x41b3a8 ClosePrinter
0x41b3ac DocumentPropertiesA
0x41b3b0 OpenPrinterA
Library ADVAPI32.dll:
0x41b000 RegCloseKey
0x41b004 RegSetValueExA
0x41b008 RegOpenKeyExA
0x41b00c RegCreateKeyExA
Library COMCTL32.dll:
0x41b014
Library ole32.dll:
0x41b3b8 CoCreateInstance
0x41b3bc OleRun
0x41b3c0 CLSIDFromString
0x41b3c4 CLSIDFromProgID
0x41b3c8 CoInitialize
Library OLEAUT32.dll:
0x41b200 VariantChangeType
0x41b204 SysFreeString
0x41b208 VariantClear
0x41b20c SysAllocString
0x41b210 SysStringLen

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 50534 114.114.114.114 53
192.168.56.101 51963 114.114.114.114 53
192.168.56.101 55368 114.114.114.114 53
192.168.56.101 56539 114.114.114.114 53
192.168.56.101 60384 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 123 20.189.79.72 time.windows.com 123
192.168.56.101 49713 224.0.0.252 5355
192.168.56.101 51378 224.0.0.252 5355
192.168.56.101 51808 224.0.0.252 5355
192.168.56.101 53237 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 60123 224.0.0.252 5355
192.168.56.101 61680 224.0.0.252 5355
192.168.56.101 62191 224.0.0.252 5355
192.168.56.101 62318 224.0.0.252 5355
192.168.56.101 65004 224.0.0.252 5355
192.168.56.101 1900 239.255.255.250 1900
192.168.56.101 51379 239.255.255.250 3702

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.