7.0
高危
56 个模型检测该样本为恶意!
重新分析
更多

104d0a88586759e08d44a0dcbe022face745c0ab49391d699e3a70a6bb834710

c77becbbb66ac83d7ec8b828e5fa8667.exe

分析耗时

88s

最近分析

文件大小

640.0KB
静态报毒 动态报毒 0NA103IF20 AI SCORE=83 AIDETECTVM BSCOPE CONFIDENCE CRYPTERX DOWNLOADER34 EAILV ELDORADO EMOTET EMOTETRI GENERIC@ML GENERICKD GENERICRXLZ GENETIC GYZTTY0ZTECXIHPSSSBNKW HIGH CONFIDENCE HVCIPB MALWARE2 MALWARE@#ODISLH7IN93W OU0@AGBYNQII R + TROJ R351170 RDMK S15817917 SUSGEN UNSAFE ZEXAF 更多
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
McAfee GenericRXLZ-VL!C77BECBBB66A 20201009 6.0.6.653
Alibaba Trojan:Win32/Emotet.99aaa154 20190527 0.3.0.5
CrowdStrike win/malicious_confidence_60% (W) 20190702 1.0
Baidu 20190318 1.0.0.2
Avast Win32:CrypterX-gen [Trj] 20201009 18.4.3895.0
Kingsoft 20201009 2013.8.14.323
静态指标
Queries for the computername (1 个事件)
Time & API Arguments Status Return Repeated
1620992513.185626
GetComputerNameA
computer_name: OSKAR-PC
success 1 0
Uses Windows APIs to generate a cryptographic key (3 个事件)
Time & API Arguments Status Return Repeated
1620992504.451626
CryptGenKey
crypto_handle: 0x00580c08
algorithm_identifier: 0x0000660e ()
provider_handle: 0x0064b598
flags: 1
key: fs4 a ¾~÷³ÛÎä‘
success 1 0
1620992513.201626
CryptExportKey
crypto_handle: 0x00580c08
crypto_export_handle: 0x0064b558
buffer: f¤raèbÁÔü@$Ò¦€V^ >ܸ‡w`¨ Ú T•ژZ©¶©…DDzÐMÎ÷=ÖxÛG“œªÕ? ےRà䔞¦Ì> Ålÿü†k)û¹ûj°;­÷mHý“«T
blob_type: 1
flags: 64
success 1 0
1620992549.623626
CryptExportKey
crypto_handle: 0x00580c08
crypto_export_handle: 0x0064b558
buffer: f¤å!.îΝ‰©a½hf{>NVˆUîg~¸^Îa á0«”õ s³®«Ë?¶Aª`‚>Ö6(|ˆAp©û‡ ŸTΣzãÈݖ¡¿È³&y[I!¸] Háß.ïc£³/8g
blob_type: 1
flags: 64
success 1 0
The executable contains unknown PE section names indicative of a packer (could be a false positive) (1 个事件)
section Shared
The file contains an unknown PE resource name possibly indicative of a packer (1 个事件)
resource name None
行为判定
动态指标
Allocates read-write-execute memory (usually to unpack itself) (1 个事件)
Time & API Arguments Status Return Repeated
1620992503.857626
NtAllocateVirtualMemory
process_identifier: 3060
region_size: 61440
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x003f0000
success 0 0
Searches running processes potentially to identify processes for sandbox evasion, code injection or memory dumping (5 个事件)
Changes read-write memory protection to read-execute (probably to avoid detection when setting all RWX flags at the same time) (1 个事件)
Time & API Arguments Status Return Repeated
1620992503.904626
NtProtectVirtualMemory
process_identifier: 3060
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 45056
protection: 32 (PAGE_EXECUTE_READ)
process_handle: 0xffffffff
base_address: 0x00671000
success 0 0
Checks adapter addresses which can be used to detect virtual network interfaces (1 个事件)
Time & API Arguments Status Return Repeated
1620992513.920626
GetAdaptersAddresses
flags: 0
family: 0
failed 111 0
Expresses interest in specific running processes (1 个事件)
process c77becbbb66ac83d7ec8b828e5fa8667.exe
Reads the systems User Agent and subsequently performs requests (1 个事件)
Time & API Arguments Status Return Repeated
1620992513.388626
InternetOpenW
proxy_bypass:
access_type: 0
proxy_name:
flags: 0
user_agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
success 13369348 0
网络通信
Communicates with host for which no DNS query was performed (3 个事件)
host 172.217.24.14
host 190.85.46.52
host 202.153.220.157
Sets or modifies WPAD proxy autoconfiguration file for traffic interception (8 个事件)
Time & API Arguments Status Return Repeated
1620992516.513626
RegSetValueExA
key_handle: 0x000003b4
value: 1
regkey_r: WpadDecisionReason
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionReason
success 0 0
1620992516.513626
RegSetValueExA
key_handle: 0x000003b4
value: °P†¾H×
regkey_r: WpadDecisionTime
reg_type: 3 (REG_BINARY)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionTime
success 0 0
1620992516.513626
RegSetValueExA
key_handle: 0x000003b4
value: 3
regkey_r: WpadDecision
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecision
success 0 0
1620992516.529626
RegSetValueExW
key_handle: 0x000003b4
value: 网络 2
regkey_r: WpadNetworkName
reg_type: 1 (REG_SZ)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadNetworkName
success 0 0
1620992516.529626
RegSetValueExA
key_handle: 0x000003cc
value: 1
regkey_r: WpadDecisionReason
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionReason
success 0 0
1620992516.529626
RegSetValueExA
key_handle: 0x000003cc
value: °P†¾H×
regkey_r: WpadDecisionTime
reg_type: 3 (REG_BINARY)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionTime
success 0 0
1620992516.529626
RegSetValueExA
key_handle: 0x000003cc
value: 3
regkey_r: WpadDecision
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecision
success 0 0
1620992516.576626
RegSetValueExW
key_handle: 0x000003b0
value: {40112ABE-63B3-43C3-BE93-1440EE3AF106}
regkey_r: WpadLastNetwork
reg_type: 1 (REG_SZ)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\WpadLastNetwork
success 0 0
File has been identified by 56 AntiVirus engines on VirusTotal as malicious (50 out of 56 个事件)
Bkav W32.AIDetectVM.malware2
Elastic malicious (high confidence)
MicroWorld-eScan Trojan.GenericKD.43833185
FireEye Generic.mg.c77becbbb66ac83d
CAT-QuickHeal Trojan.EmotetRI.S15817917
McAfee GenericRXLZ-VL!C77BECBBB66A
Cylance Unsafe
Zillya Trojan.Emotet.Win32.29283
Sangfor Malware
K7AntiVirus Trojan ( 005600f21 )
Alibaba Trojan:Win32/Emotet.99aaa154
K7GW Trojan ( 005600f21 )
CrowdStrike win/malicious_confidence_60% (W)
Arcabit Trojan.Generic.D29CD761
Invincea Mal/Generic-R + Troj/Emotet-CNG
Cyren W32/Emotet.ASL.gen!Eldorado
Symantec Trojan.Emotet
APEX Malicious
Avast Win32:CrypterX-gen [Trj]
Kaspersky HEUR:Trojan-Banker.Win32.Emotet.pef
BitDefender Trojan.GenericKD.43833185
NANO-Antivirus Trojan.Win32.Emotet.hvcipb
Paloalto generic.ml
Ad-Aware Trojan.GenericKD.43833185
Sophos Troj/Emotet-CNG
Comodo Malware@#odislh7in93w
F-Secure Trojan.TR/AD.Emotet.eailv
DrWeb Trojan.DownLoader34.40328
VIPRE Trojan.Win32.Generic!BT
TrendMicro TROJ_FRS.0NA103IF20
McAfee-GW-Edition GenericRXLZ-VL!C77BECBBB66A
Emsisoft Trojan.Emotet (A)
Ikarus Trojan-Banker.Emotet
Jiangmin Trojan.Banker.Emotet.ojy
Avira TR/AD.Emotet.eailv
MAX malware (ai score=83)
Antiy-AVL Trojan[Banker]/Win32.Emotet
Microsoft Trojan:Win32/Emotet.ARJ!MTB
AegisLab Trojan.Win32.Emotet.L!c
ZoneAlarm HEUR:Trojan-Banker.Win32.Emotet.pef
GData Trojan.GenericKD.43833185
AhnLab-V3 Trojan/Win32.Emotet.R351170
VBA32 BScope.Trojan.Downloader
ALYac Trojan.Agent.Emotet
TACHYON Trojan/W32.Agent.655360.UN
Malwarebytes Trojan.MalPack.TRE
ESET-NOD32 Win32/Emotet.CD
TrendMicro-HouseCall TROJ_FRS.0NA103IF20
Rising Trojan.Generic@ML.97 (RDMK:GYzTty0ztECxIhPSSsBnkw)
Yandex Trojan.Emotet!
Connects to IP addresses that are no longer responding to requests (legitimate services will remain up-and-running usually) (2 个事件)
dead_host 190.85.46.52:7080
dead_host 202.153.220.157:80
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

2020-09-14 19:52:11

Imports

Library MPR.dll:
0x44d38c WNetAddConnection2A
Library KERNEL32.dll:
0x44d120 WaitNamedPipeA
0x44d124 CreateFileA
0x44d128 FreeConsole
0x44d130 MulDiv
0x44d134 GlobalUnlock
0x44d138 GlobalLock
0x44d13c GlobalAlloc
0x44d140 GlobalFree
0x44d144 FreeResource
0x44d148 GetVersionExA
0x44d14c lstrcmpW
0x44d150 FreeLibrary
0x44d154 GlobalDeleteAtom
0x44d158 GlobalFindAtomA
0x44d15c GlobalAddAtomA
0x44d160 GlobalGetAtomNameA
0x44d164 GetCurrentThreadId
0x44d168 GetModuleFileNameW
0x44d170 GetModuleFileNameA
0x44d174 SetThreadPriority
0x44d178 WaitForSingleObject
0x44d17c SetEvent
0x44d184 CreateEventA
0x44d188 lstrcmpA
0x44d18c GetLocaleInfoA
0x44d198 GetCurrentThread
0x44d1a8 GetFileAttributesA
0x44d1ac SetFileTime
0x44d1b0 GetFileTime
0x44d1b4 GetTempFileNameA
0x44d1b8 GetFullPathNameA
0x44d1bc GetDiskFreeSpaceA
0x44d1c0 LocalAlloc
0x44d1c4 TlsGetValue
0x44d1c8 GlobalReAlloc
0x44d1cc GlobalHandle
0x44d1d0 TlsAlloc
0x44d1d4 TlsSetValue
0x44d1d8 LocalReAlloc
0x44d1e0 TlsFree
0x44d1e4 GlobalFlags
0x44d1e8 GetCPInfo
0x44d1ec GetOEMCP
0x44d1f0 GetThreadLocale
0x44d200 MoveFileA
0x44d204 DeleteFileA
0x44d208 SetFilePointer
0x44d20c FlushFileBuffers
0x44d210 LockFile
0x44d214 UnlockFile
0x44d218 SetEndOfFile
0x44d21c GetFileSize
0x44d220 DuplicateHandle
0x44d224 GetCurrentProcess
0x44d228 FindClose
0x44d22c FindFirstFileA
0x44d234 GetShortPathNameA
0x44d240 SetErrorMode
0x44d244 HeapAlloc
0x44d248 HeapFree
0x44d24c RtlUnwind
0x44d250 HeapReAlloc
0x44d254 VirtualAlloc
0x44d258 ExitThread
0x44d25c CreateThread
0x44d260 RaiseException
0x44d264 GetCommandLineA
0x44d268 GetProcessHeap
0x44d26c GetStartupInfoA
0x44d270 ExitProcess
0x44d274 HeapSize
0x44d278 VirtualFree
0x44d27c HeapDestroy
0x44d280 HeapCreate
0x44d284 GetStdHandle
0x44d288 TerminateProcess
0x44d294 IsDebuggerPresent
0x44d298 GetACP
0x44d2ac SetHandleCount
0x44d2b0 GetFileType
0x44d2b8 GetTickCount
0x44d2c4 GetConsoleCP
0x44d2c8 GetConsoleMode
0x44d2cc LCMapStringA
0x44d2d0 LCMapStringW
0x44d2d4 GetStringTypeA
0x44d2d8 GetStringTypeW
0x44d2dc GetUserDefaultLCID
0x44d2e0 EnumSystemLocalesA
0x44d2e4 IsValidLocale
0x44d2e8 IsValidCodePage
0x44d2ec GetLocaleInfoW
0x44d2f0 SetStdHandle
0x44d2f4 WriteConsoleA
0x44d2f8 GetConsoleOutputCP
0x44d2fc WriteConsoleW
0x44d304 Sleep
0x44d308 ReadFile
0x44d30c SetLastError
0x44d310 GetProcAddress
0x44d314 GetModuleHandleA
0x44d318 LoadLibraryA
0x44d31c WriteFile
0x44d320 FormatMessageA
0x44d324 LocalFree
0x44d330 FindResourceA
0x44d334 LoadResource
0x44d338 LockResource
0x44d33c SizeofResource
0x44d340 ResumeThread
0x44d344 GetStringTypeExA
0x44d348 lstrlenA
0x44d34c lstrcmpiA
0x44d350 CompareStringW
0x44d354 CompareStringA
0x44d358 GetCurrentProcessId
0x44d360 Module32First
0x44d364 Module32Next
0x44d368 CloseHandle
0x44d36c GetVersion
0x44d370 GetLastError
0x44d374 WideCharToMultiByte
0x44d378 MultiByteToWideChar
0x44d37c InterlockedExchange
0x44d380 SuspendThread
Library USER32.dll:
0x44d3e0 SetDlgItemTextA
0x44d3e4 IsDialogMessageA
0x44d3e8 SetWindowTextA
0x44d3f0 ValidateRect
0x44d3f4 TranslateMessage
0x44d3f8 GetMessageA
0x44d3fc InflateRect
0x44d400 GetMenuItemInfoA
0x44d404 DestroyMenu
0x44d408 InvalidateRect
0x44d410 SetMenu
0x44d414 BringWindowToTop
0x44d418 SetRectEmpty
0x44d41c CreatePopupMenu
0x44d420 InsertMenuItemA
0x44d424 LoadAcceleratorsA
0x44d428 ReleaseCapture
0x44d42c SetCursor
0x44d430 ReuseDDElParam
0x44d434 UnpackDDElParam
0x44d438 SetRect
0x44d43c KillTimer
0x44d440 WindowFromPoint
0x44d444 IsZoomed
0x44d448 RedrawWindow
0x44d44c SetCapture
0x44d450 SetCursorPos
0x44d454 DestroyCursor
0x44d458 IsRectEmpty
0x44d45c UnionRect
0x44d460 PostQuitMessage
0x44d464 ShowOwnedPopups
0x44d468 FillRect
0x44d46c TabbedTextOutA
0x44d470 DrawTextA
0x44d474 DrawTextExA
0x44d478 GrayStringA
0x44d47c GetWindowDC
0x44d480 BeginPaint
0x44d484 EndPaint
0x44d488 GetSysColorBrush
0x44d48c UnregisterClassA
0x44d490 SetParent
0x44d494 GetDCEx
0x44d498 LockWindowUpdate
0x44d49c FindWindowA
0x44d4a0 DestroyIcon
0x44d4a4 SetWindowsHookExA
0x44d4a8 CallNextHookEx
0x44d4ac GetClassLongA
0x44d4b0 GetClassNameA
0x44d4b4 SetPropA
0x44d4b8 GetPropA
0x44d4bc RemovePropA
0x44d4c0 GetFocus
0x44d4c4 SetFocus
0x44d4cc GetWindowTextA
0x44d4d0 GetForegroundWindow
0x44d4d4 GetLastActivePopup
0x44d4d8 DispatchMessageA
0x44d4dc BeginDeferWindowPos
0x44d4e0 EndDeferWindowPos
0x44d4e4 GetTopWindow
0x44d4e8 UnhookWindowsHookEx
0x44d4ec GetMessageTime
0x44d4f0 GetMessagePos
0x44d4f4 PeekMessageA
0x44d4f8 MapWindowPoints
0x44d4fc TrackPopupMenu
0x44d500 GetKeyState
0x44d504 SetScrollPos
0x44d508 GetScrollPos
0x44d50c IsWindowVisible
0x44d510 GetMenu
0x44d514 PostMessageA
0x44d518 MessageBoxA
0x44d51c CreateWindowExA
0x44d520 GetClassInfoExA
0x44d524 GetClassInfoA
0x44d528 RegisterClassA
0x44d52c GetSysColor
0x44d530 AdjustWindowRectEx
0x44d534 ScreenToClient
0x44d538 EqualRect
0x44d53c DeferWindowPos
0x44d540 GetDlgCtrlID
0x44d544 DefWindowProcA
0x44d548 CallWindowProcA
0x44d54c SetWindowLongA
0x44d550 SetWindowPos
0x44d554 OffsetRect
0x44d558 IntersectRect
0x44d560 IsIconic
0x44d564 GetWindowPlacement
0x44d568 GetWindowRect
0x44d56c GetWindow
0x44d570 GetActiveWindow
0x44d574 SetActiveWindow
0x44d578 GetSystemMetrics
0x44d580 DestroyWindow
0x44d584 GetWindowLongA
0x44d588 GetDlgItem
0x44d58c IsWindowEnabled
0x44d590 GetParent
0x44d594 GetNextDlgTabItem
0x44d598 EndDialog
0x44d59c ReleaseDC
0x44d5a0 GetDC
0x44d5a4 CopyRect
0x44d5a8 IsWindow
0x44d5ac GetMenuState
0x44d5b0 GetMenuStringA
0x44d5b4 GetMenuItemID
0x44d5b8 InsertMenuA
0x44d5bc GetMenuItemCount
0x44d5c0 EnableWindow
0x44d5c4 CharUpperA
0x44d5c8 SendMessageA
0x44d5cc LoadStringA
0x44d5d0 PtInRect
0x44d5d4 GetSubMenu
0x44d5d8 LoadMenuA
0x44d5dc ClientToScreen
0x44d5e0 LoadIconA
0x44d5e4 GetClientRect
0x44d5e8 DeleteMenu
0x44d5ec GetSystemMenu
0x44d5f0 SetTimer
0x44d5f4 UpdateWindow
0x44d5f8 GetDesktopWindow
0x44d5fc ShowWindow
0x44d600 LoadBitmapA
0x44d604 LoadCursorA
0x44d608 SetForegroundWindow
0x44d60c GetCursorPos
0x44d610 SetMenuItemBitmaps
0x44d618 ModifyMenuA
0x44d61c EnableMenuItem
0x44d620 CheckMenuItem
0x44d628 SendDlgItemMessageA
0x44d62c WinHelpA
0x44d630 IsChild
0x44d634 GetCapture
Library GDI32.dll:
0x44d064 CreatePatternBrush
0x44d068 GetStockObject
0x44d06c CreateSolidBrush
0x44d070 SetRectRgn
0x44d074 CreateRectRgn
0x44d078 SelectClipRgn
0x44d07c CombineRgn
0x44d084 PatBlt
0x44d088 GetClipBox
0x44d08c SetTextColor
0x44d090 SetBkColor
0x44d094 CreateBitmap
0x44d098 CreateFontIndirectA
0x44d0a0 DeleteObject
0x44d0a4 GetCharWidthA
0x44d0a8 SelectObject
0x44d0ac CreateFontA
0x44d0b0 DeleteDC
0x44d0b4 StretchDIBits
0x44d0b8 GetBkColor
0x44d0bc GetTextMetricsA
0x44d0c0 SaveDC
0x44d0c4 RestoreDC
0x44d0c8 SetBkMode
0x44d0cc GetObjectA
0x44d0d0 CreateCompatibleDC
0x44d0d4 BitBlt
0x44d0d8 ScaleWindowExtEx
0x44d0dc SetWindowExtEx
0x44d0e0 ScaleViewportExtEx
0x44d0e4 SetViewportExtEx
0x44d0e8 OffsetViewportOrgEx
0x44d0ec SetViewportOrgEx
0x44d0f0 ExtTextOutA
0x44d0f4 SetMapMode
0x44d0f8 ExcludeClipRect
0x44d0fc IntersectClipRect
0x44d100 Escape
0x44d104 TextOutA
0x44d108 RectVisible
0x44d10c PtVisible
0x44d110 GetPixel
0x44d118 GetDeviceCaps
Library ADVAPI32.dll:
0x44d000 RegCloseKey
0x44d004 RegOpenKeyA
0x44d008 RegQueryValueExA
0x44d00c RegOpenKeyExA
0x44d010 RegDeleteKeyA
0x44d014 RegEnumKeyA
0x44d018 RegQueryValueA
0x44d01c RegCreateKeyExA
0x44d020 RegSetValueExA
0x44d024 RegDeleteValueA
0x44d028 SetFileSecurityA
0x44d02c GetFileSecurityA
0x44d030 RegCreateKeyA
0x44d034 OpenSCManagerA
0x44d038 OpenServiceA
0x44d03c CreateServiceA
0x44d040 CloseServiceHandle
0x44d044 StartServiceA
0x44d054 RegSetValueA
Library SHELL32.dll:
0x44d3b4 SHGetFileInfoA
0x44d3b8 DragFinish
0x44d3bc DragQueryFileA
0x44d3c0 ExtractIconA
0x44d3c4 Shell_NotifyIconA
Library COMCTL32.dll:
0x44d05c ImageList_Destroy
Library SHLWAPI.dll:
0x44d3cc PathFindFileNameA
0x44d3d0 PathStripToRootA
0x44d3d4 PathFindExtensionA
0x44d3d8 PathIsUNCA
Library WS2_32.dll:
0x44d64c WSACleanup
0x44d650 WSAStartup
Library OLEACC.dll:
0x44d398 LresultFromObject
Library WINSPOOL.DRV:
0x44d63c OpenPrinterA
0x44d640 DocumentPropertiesA
0x44d644 ClosePrinter
Library comdlg32.dll:
0x44d658 GetFileTitleA
Library OLEAUT32.dll:
0x44d3a0 VariantInit
0x44d3a4 SysAllocStringLen
0x44d3a8 VariantChangeType
0x44d3ac VariantClear

Exports

Ordinal Address Name
1 0x406b50 KCCDWafdUUJKIIOFFCVDDS

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 50534 114.114.114.114 53
192.168.56.101 51963 114.114.114.114 53
192.168.56.101 56539 114.114.114.114 53
192.168.56.101 58367 114.114.114.114 53
192.168.56.101 65004 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 123 20.189.79.72 time.windows.com 123
192.168.56.101 49235 224.0.0.252 5355
192.168.56.101 53657 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 57756 224.0.0.252 5355
192.168.56.101 57874 224.0.0.252 5355
192.168.56.101 60123 224.0.0.252 5355
192.168.56.101 62191 224.0.0.252 5355
192.168.56.101 1900 239.255.255.250 1900
192.168.56.101 53658 239.255.255.250 3702
192.168.56.101 53664 239.255.255.250 1900
192.168.56.101 53666 239.255.255.250 3702
192.168.56.101 56540 239.255.255.250 3702

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.