6.2
高危
55 个模型检测该样本为恶意!
重新分析
更多

4de9b39f13dec273fce9df377dda58fb8b9a9574824fbf9c47d3cf2de35a0ae1

c90f54bb406350ba04f014b613738f86.exe

分析耗时

81s

最近分析

文件大小

636.0KB
静态报毒 动态报毒 100% 12IA55R AI SCORE=82 ATTRIBUTE CLASSIC CONFIDENCE CRYPTERX EJRV ELDORADO EMOTET EMOTETPMF EVBO GENCIRC GENKRYPTIK HFOV HIGH CONFIDENCE HIGHCONFIDENCE HSFIWG KCLOUD KRYPTIK MALWARE@#30U21ZYULI33Q POURKZORQPG PSNCG R + TROJ R348098 S17644272 SCORE SUSGEN THHAGBO UNSAFE WACATAC 更多
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
McAfee Emotet-FRV!C90F54BB4063 20201231 6.0.6.653
Alibaba Trojan:Win32/Emotet.7acf6532 20190527 0.3.0.5
CrowdStrike win/malicious_confidence_100% (W) 20190702 1.0
Baidu 20190318 1.0.0.2
Tencent Malware.Win32.Gencirc.10cde86a 20201231 1.0.0.1
Kingsoft Win32.Hack.Emotet.ch.(kcloud) 20201231 2017.9.26.565
静态指标
Queries for the computername (1 个事件)
Time & API Arguments Status Return Repeated
1620907801.84125
GetComputerNameA
computer_name: OSKAR-PC
success 1 0
Uses Windows APIs to generate a cryptographic key (4 个事件)
Time & API Arguments Status Return Repeated
1620907792.40325
CryptGenKey
crypto_handle: 0x005c5b00
algorithm_identifier: 0x0000660e ()
provider_handle: 0x005c4e20
flags: 1
key: f°µ³ŽÞc‘¾ZóŠv¤Œ
success 1 0
1620907801.85625
CryptExportKey
crypto_handle: 0x005c5b00
crypto_export_handle: 0x005c4de0
buffer: f¤jÈPåê柿Þ]>¬löÕZz F,ýo@+rtÛ^qC%²d¢hOٛZ#¸_-ϟ,9{‰q|éä(‚O54KdÛ½68s°VžäÑY°¹]Ô»+OÍ¡qöú`ø¦Y
blob_type: 1
flags: 64
success 1 0
1620907837.70025
CryptExportKey
crypto_handle: 0x005c5b00
crypto_export_handle: 0x005c4de0
buffer: f¤1'ïÅ⚠ôX ø!°üâRJó»±OÇÜA¿Êš%x°˜žyÈS~B<<’8ã‡: ¹_“[Š’Å6/½¢CÉy1ąô¯) ü{)/Å öð(÷‡˜/c{\•
blob_type: 1
flags: 64
success 1 0
1620907844.30925
CryptExportKey
crypto_handle: 0x005c5b00
crypto_export_handle: 0x005c4de0
buffer: f¤«Kè›IQní¢Í\NÁ¦Éðé?Ô¸žÛÉ 0®åªì*Xybãü`ièHŽP@šPD#§ìEkäÆɹ 6¸Æ$ 2®Àÿ)[&-+[ÂVöÆ Ú™""lq
blob_type: 1
flags: 64
success 1 0
The executable uses a known packer (1 个事件)
packer Armadillo v1.71
行为判定
动态指标
Allocates read-write-execute memory (usually to unpack itself) (1 个事件)
Time & API Arguments Status Return Repeated
1620907791.65325
NtAllocateVirtualMemory
process_identifier: 2296
region_size: 36864
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00530000
success 0 0
Checks adapter addresses which can be used to detect virtual network interfaces (1 个事件)
Time & API Arguments Status Return Repeated
1620907802.49725
GetAdaptersAddresses
flags: 0
family: 0
failed 111 0
Expresses interest in specific running processes (1 个事件)
process c90f54bb406350ba04f014b613738f86.exe
Reads the systems User Agent and subsequently performs requests (1 个事件)
Time & API Arguments Status Return Repeated
1620907802.05925
InternetOpenW
proxy_bypass:
access_type: 0
proxy_name:
flags: 0
user_agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
success 13369348 0
网络通信
Communicates with host for which no DNS query was performed (4 个事件)
host 139.99.157.213
host 172.217.24.14
host 185.86.148.68
host 186.109.104.67
Sets or modifies WPAD proxy autoconfiguration file for traffic interception (8 个事件)
Time & API Arguments Status Return Repeated
1620907805.05925
RegSetValueExA
key_handle: 0x000003c0
value: 1
regkey_r: WpadDecisionReason
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionReason
success 0 0
1620907805.05925
RegSetValueExA
key_handle: 0x000003c0
value: 0eÝàþG×
regkey_r: WpadDecisionTime
reg_type: 3 (REG_BINARY)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionTime
success 0 0
1620907805.05925
RegSetValueExA
key_handle: 0x000003c0
value: 3
regkey_r: WpadDecision
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecision
success 0 0
1620907805.05925
RegSetValueExW
key_handle: 0x000003c0
value: 网络 2
regkey_r: WpadNetworkName
reg_type: 1 (REG_SZ)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadNetworkName
success 0 0
1620907805.05925
RegSetValueExA
key_handle: 0x000003d8
value: 1
regkey_r: WpadDecisionReason
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionReason
success 0 0
1620907805.05925
RegSetValueExA
key_handle: 0x000003d8
value: 0eÝàþG×
regkey_r: WpadDecisionTime
reg_type: 3 (REG_BINARY)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionTime
success 0 0
1620907805.05925
RegSetValueExA
key_handle: 0x000003d8
value: 3
regkey_r: WpadDecision
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecision
success 0 0
1620907805.10625
RegSetValueExW
key_handle: 0x000003bc
value: {40112ABE-63B3-43C3-BE93-1440EE3AF106}
regkey_r: WpadLastNetwork
reg_type: 1 (REG_SZ)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\WpadLastNetwork
success 0 0
File has been identified by 55 AntiVirus engines on VirusTotal as malicious (50 out of 55 个事件)
Elastic malicious (high confidence)
MicroWorld-eScan Trojan.Agent.EVBO
FireEye Generic.mg.c90f54bb406350ba
CAT-QuickHeal Backdoor.EmotetPMF.S17644272
Qihoo-360 Win32/Backdoor.7f7
McAfee Emotet-FRV!C90F54BB4063
Cylance Unsafe
VIPRE Trojan.Win32.Generic!BT
K7AntiVirus Trojan ( 0056a71b1 )
Alibaba Trojan:Win32/Emotet.7acf6532
K7GW Trojan ( 0056a71b1 )
CrowdStrike win/malicious_confidence_100% (W)
Arcabit Trojan.Agent.EVBO
Cyren W32/Injector.ABK.gen!Eldorado
Symantec ML.Attribute.HighConfidence
APEX Malicious
Paloalto generic.ml
ClamAV Win.Dropper.Emotet-9779860-0
Kaspersky HEUR:Backdoor.Win32.Emotet.vho
BitDefender Trojan.Agent.EVBO
NANO-Antivirus Trojan.Win32.Emotet.hsfiwg
Tencent Malware.Win32.Gencirc.10cde86a
Ad-Aware Trojan.Agent.EVBO
TACHYON Backdoor/W32.Emotet.651264
Sophos Mal/Generic-R + Troj/Emotet-CLG
Comodo Malware@#30u21zyuli33q
F-Secure Trojan.TR/Kryptik.psncg
DrWeb Trojan.Emotet.1000
TrendMicro Trojan.Win32.WACATAC.THHAGBO
McAfee-GW-Edition BehavesLike.Win32.Emotet.jm
Emsisoft Trojan.Emotet (A)
Jiangmin Backdoor.Emotet.ri
Avira TR/Kryptik.psncg
Antiy-AVL Trojan/Win32.Emotet
Kingsoft Win32.Hack.Emotet.ch.(kcloud)
Gridinsoft Trojan.Win32.Kryptik.oa
Microsoft Trojan:Win32/Emotet.ARJ!MTB
AegisLab Trojan.Win32.Emotet.L!c
ZoneAlarm HEUR:Backdoor.Win32.Emotet.vho
GData Win32.Trojan.PSE.12IA55R
Cynet Malicious (score: 100)
AhnLab-V3 Trojan/Win32.Emotet.R348098
MAX malware (ai score=82)
VBA32 Trojan.Emotet
Malwarebytes Trojan.Emotet
ESET-NOD32 a variant of Win32/Kryptik.HFOV
TrendMicro-HouseCall Trojan.Win32.WACATAC.THHAGBO
Rising Trojan.Kryptik!1.CA97 (CLASSIC)
Yandex Trojan.GenKryptik!POuRKzOrQpg
Ikarus Trojan-Banker.Emotet
Connects to IP addresses that are no longer responding to requests (legitimate services will remain up-and-running usually) (3 个事件)
dead_host 186.109.104.67:80
dead_host 185.86.148.68:443
dead_host 192.168.56.101:49176
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

2020-08-17 20:35:29

Imports

Library KERNEL32.dll:
0x489f1c LCMapStringW
0x489f20 FatalAppExitA
0x489f24 Sleep
0x489f3c SetHandleCount
0x489f40 GetStdHandle
0x489f44 GetFileType
0x489f48 HeapDestroy
0x489f4c HeapCreate
0x489f50 VirtualFree
0x489f58 VirtualAlloc
0x489f5c IsBadWritePtr
0x489f60 LCMapStringA
0x489f64 GetStringTypeW
0x489f68 IsBadReadPtr
0x489f6c IsBadCodePtr
0x489f70 IsValidLocale
0x489f74 IsValidCodePage
0x489f78 GetLocaleInfoA
0x489f7c EnumSystemLocalesA
0x489f80 GetUserDefaultLCID
0x489f84 GetVersionExA
0x489f8c SetStdHandle
0x489f90 GetLocaleInfoW
0x489f94 CompareStringA
0x489f98 CompareStringW
0x489fa0 GetLocalTime
0x489fa4 GetProfileStringA
0x489fa8 InterlockedExchange
0x489fac GetSystemTime
0x489fb4 GetACP
0x489fb8 HeapReAlloc
0x489fbc HeapSize
0x489fc0 ExitThread
0x489fc4 CreateThread
0x489fc8 TerminateProcess
0x489fcc HeapFree
0x489fd0 HeapAlloc
0x489fd4 RaiseException
0x489fd8 GetCommandLineA
0x489fdc GetStartupInfoA
0x489fe0 RtlUnwind
0x489fe4 CopyFileA
0x489fe8 GlobalSize
0x489fec SetFileAttributesA
0x489ff0 SetFileTime
0x489ffc GetFileTime
0x48a000 GetFileSize
0x48a004 GetFileAttributesA
0x48a008 GetTickCount
0x48a014 lstrlenW
0x48a018 GetShortPathNameA
0x48a01c GetStringTypeExA
0x48a020 GetFullPathNameA
0x48a028 FindFirstFileA
0x48a02c FindClose
0x48a030 DeleteFileA
0x48a034 MoveFileA
0x48a038 SetEndOfFile
0x48a03c UnlockFile
0x48a040 LockFile
0x48a044 FlushFileBuffers
0x48a048 SetFilePointer
0x48a04c WriteFile
0x48a050 ReadFile
0x48a054 CreateFileA
0x48a058 GetCurrentProcess
0x48a05c DuplicateHandle
0x48a060 SetErrorMode
0x48a064 GetThreadLocale
0x48a078 SizeofResource
0x48a07c GetOEMCP
0x48a080 GetCPInfo
0x48a084 GetProcessVersion
0x48a088 GlobalFlags
0x48a08c TlsGetValue
0x48a090 LocalReAlloc
0x48a094 TlsSetValue
0x48a09c GlobalReAlloc
0x48a0a4 TlsFree
0x48a0a8 GlobalHandle
0x48a0b0 TlsAlloc
0x48a0b8 LocalAlloc
0x48a0bc GetLastError
0x48a0c0 FormatMessageA
0x48a0c4 LocalFree
0x48a0c8 CreateEventA
0x48a0cc SuspendThread
0x48a0d0 SetThreadPriority
0x48a0d4 ResumeThread
0x48a0d8 SetEvent
0x48a0dc WaitForSingleObject
0x48a0e0 CloseHandle
0x48a0e4 GetModuleFileNameA
0x48a0e8 GlobalAlloc
0x48a0ec lstrcmpA
0x48a0f0 GetCurrentThread
0x48a0f4 lstrcpynA
0x48a0f8 GlobalFree
0x48a0fc GlobalLock
0x48a100 GlobalUnlock
0x48a104 MulDiv
0x48a108 SetLastError
0x48a10c MultiByteToWideChar
0x48a110 WideCharToMultiByte
0x48a114 lstrlenA
0x48a120 LoadLibraryA
0x48a124 FreeLibrary
0x48a128 FindResourceA
0x48a12c LoadResource
0x48a130 LockResource
0x48a134 GetVersion
0x48a138 lstrcatA
0x48a13c GetCurrentThreadId
0x48a140 GlobalGetAtomNameA
0x48a144 lstrcmpiA
0x48a148 GlobalAddAtomA
0x48a14c GlobalFindAtomA
0x48a150 GlobalDeleteAtom
0x48a154 lstrcpyA
0x48a158 GetModuleHandleA
0x48a15c GetProcAddress
0x48a160 GetStringTypeA
0x48a164 ExitProcess
Library USER32.dll:
0x48a350 LoadMenuA
0x48a354 SetMenu
0x48a358 ReuseDDElParam
0x48a35c UnpackDDElParam
0x48a360 BringWindowToTop
0x48a364 CharUpperA
0x48a36c RemoveMenu
0x48a370 PostThreadMessageA
0x48a374 DestroyIcon
0x48a378 EnableMenuItem
0x48a37c GetNextDlgTabItem
0x48a380 IsWindowEnabled
0x48a384 ShowWindow
0x48a388 MoveWindow
0x48a38c SetWindowTextA
0x48a390 IsDialogMessageA
0x48a394 ScrollWindowEx
0x48a398 IsDlgButtonChecked
0x48a39c SetDlgItemTextA
0x48a3a0 SetDlgItemInt
0x48a3a4 GetDlgItemTextA
0x48a3a8 GetDlgItemInt
0x48a3ac CheckRadioButton
0x48a3b0 CheckDlgButton
0x48a3b4 wvsprintfA
0x48a3b8 PostMessageA
0x48a3bc UpdateWindow
0x48a3c0 SendDlgItemMessageA
0x48a3c4 MapWindowPoints
0x48a3c8 DispatchMessageA
0x48a3cc GetFocus
0x48a3d0 SetActiveWindow
0x48a3d4 SetFocus
0x48a3d8 AdjustWindowRectEx
0x48a3dc ScreenToClient
0x48a3e0 EqualRect
0x48a3e4 DeferWindowPos
0x48a3e8 BeginDeferWindowPos
0x48a3ec EndDeferWindowPos
0x48a3f0 IsWindowVisible
0x48a3f4 ScrollWindow
0x48a3f8 GetScrollInfo
0x48a3fc SetScrollInfo
0x48a400 ShowScrollBar
0x48a404 GetScrollRange
0x48a408 SetScrollRange
0x48a40c GetScrollPos
0x48a410 SetScrollPos
0x48a414 GetTopWindow
0x48a418 MessageBoxA
0x48a41c IsChild
0x48a420 WinHelpA
0x48a424 wsprintfA
0x48a428 GetClassInfoA
0x48a42c RegisterClassA
0x48a430 GetMenu
0x48a434 GetMenuItemCount
0x48a43c GetMenuItemID
0x48a440 TrackPopupMenu
0x48a444 SetWindowPlacement
0x48a448 GetDlgItem
0x48a44c CharNextA
0x48a450 GetWindowTextA
0x48a454 GetDlgCtrlID
0x48a458 GetKeyState
0x48a45c DefWindowProcA
0x48a460 DestroyWindow
0x48a464 CreateWindowExA
0x48a468 SetWindowsHookExA
0x48a46c CallNextHookEx
0x48a470 GetClassLongA
0x48a474 SetPropA
0x48a478 UnhookWindowsHookEx
0x48a47c GetPropA
0x48a480 CallWindowProcA
0x48a484 RemovePropA
0x48a488 GetMessageTime
0x48a48c GetLastActivePopup
0x48a490 GetForegroundWindow
0x48a494 SetForegroundWindow
0x48a498 GetWindow
0x48a49c GetWindowLongA
0x48a4a0 SetWindowLongA
0x48a4a4 SetWindowPos
0x48a4ac IntersectRect
0x48a4b0 GetWindowPlacement
0x48a4b4 GrayStringA
0x48a4b8 DrawTextA
0x48a4bc TabbedTextOutA
0x48a4c0 FillRect
0x48a4c4 IsIconic
0x48a4c8 DrawIcon
0x48a4cc GetSystemMenu
0x48a4d0 AppendMenuA
0x48a4d4 GetSysColor
0x48a4d8 UnregisterClassA
0x48a4dc HideCaret
0x48a4e0 ShowCaret
0x48a4e4 ExcludeUpdateRgn
0x48a4e8 DefDlgProcA
0x48a4ec IsWindowUnicode
0x48a4f0 SendMessageA
0x48a4f4 GetParent
0x48a4f8 LoadIconA
0x48a4fc PeekMessageA
0x48a500 PostQuitMessage
0x48a504 InvalidateRect
0x48a508 ReleaseCapture
0x48a50c GetMessagePos
0x48a510 PtInRect
0x48a514 GetClientRect
0x48a518 GetCapture
0x48a51c SetCapture
0x48a524 EnableWindow
0x48a528 SetRect
0x48a52c LoadAcceleratorsA
0x48a530 SetRectEmpty
0x48a534 MessageBeep
0x48a538 GetNextDlgGroupItem
0x48a53c GetSubMenu
0x48a544 IsWindow
0x48a548 RedrawWindow
0x48a54c CopyRect
0x48a550 GetSystemMetrics
0x48a554 DrawFrameControl
0x48a558 DrawEdge
0x48a55c InflateRect
0x48a560 OffsetRect
0x48a564 DrawFocusRect
0x48a568 GetWindowRect
0x48a56c GetMenuStringA
0x48a570 DeleteMenu
0x48a574 InsertMenuA
0x48a57c WaitMessage
0x48a580 GetDialogBaseUnits
0x48a584 GetSysColorBrush
0x48a588 LoadCursorA
0x48a58c GetDesktopWindow
0x48a590 GetClassNameA
0x48a594 DestroyMenu
0x48a598 LoadStringA
0x48a59c MapDialogRect
0x48a5a4 GetMessageA
0x48a5a8 TranslateMessage
0x48a5ac ValidateRect
0x48a5b0 SetCursor
0x48a5b4 ShowOwnedPopups
0x48a5b8 EndDialog
0x48a5bc GetActiveWindow
0x48a5c4 GetCursorPos
0x48a5c8 WindowFromPoint
0x48a5cc EndPaint
0x48a5d0 BeginPaint
0x48a5d4 GetWindowDC
0x48a5d8 ReleaseDC
0x48a5dc GetDC
0x48a5e0 ClientToScreen
0x48a5e4 OemToCharA
0x48a5e8 CharToOemA
0x48a5f0 LoadBitmapA
0x48a5f4 GetMenuState
0x48a5f8 CheckMenuItem
0x48a600 SetMenuItemBitmaps
0x48a604 ModifyMenuA
Library GDI32.dll:
0x489d4c StartDocA
0x489d50 SaveDC
0x489d54 RestoreDC
0x489d58 SelectObject
0x489d5c GetStockObject
0x489d60 SelectPalette
0x489d64 SetBkMode
0x489d68 SetPolyFillMode
0x489d6c SetROP2
0x489d70 SetStretchBltMode
0x489d74 SetMapMode
0x489d78 SetViewportOrgEx
0x489d7c OffsetViewportOrgEx
0x489d80 SetViewportExtEx
0x489d84 ScaleViewportExtEx
0x489d88 SetWindowOrgEx
0x489d8c OffsetWindowOrgEx
0x489d90 SetWindowExtEx
0x489d94 ScaleWindowExtEx
0x489d98 SelectClipRgn
0x489d9c ExcludeClipRect
0x489da0 IntersectClipRect
0x489da4 OffsetClipRgn
0x489da8 MoveToEx
0x489dac LineTo
0x489db0 SetTextAlign
0x489dbc SetMapperFlags
0x489dc4 ArcTo
0x489dc8 DeleteDC
0x489dcc PolyDraw
0x489dd0 PolylineTo
0x489dd4 SetColorAdjustment
0x489dd8 PolyBezierTo
0x489ddc DeleteObject
0x489de0 GetClipRgn
0x489de4 CreateRectRgn
0x489de8 SelectClipPath
0x489dec ExtSelectClipRgn
0x489df0 PlayMetaFileRecord
0x489df4 GetObjectType
0x489df8 EnumMetaFile
0x489dfc PlayMetaFile
0x489e00 GetViewportExtEx
0x489e04 GetWindowExtEx
0x489e08 ExtCreatePen
0x489e0c CreateHatchBrush
0x489e10 CreatePatternBrush
0x489e18 GetMapMode
0x489e1c PatBlt
0x489e20 SetRectRgn
0x489e24 CombineRgn
0x489e2c DPtoLP
0x489e30 GetTextMetricsA
0x489e34 GetTextColor
0x489e38 GetBkColor
0x489e3c LPtoDP
0x489e40 CopyMetaFileA
0x489e44 CreateDCA
0x489e48 CreateBitmap
0x489e4c GetObjectA
0x489e50 SetBkColor
0x489e54 SetTextColor
0x489e58 GetClipBox
0x489e5c GetDCOrgEx
0x489e60 Escape
0x489e64 ExtTextOutA
0x489e68 TextOutA
0x489e6c RectVisible
0x489e70 PtVisible
0x489e78 CreateCompatibleDC
0x489e7c BitBlt
0x489e80 CreateSolidBrush
0x489e84 GetDeviceCaps
0x489e88 RealizePalette
0x489e8c CreatePen
0x489e94 CreateFontIndirectA
0x489e98 CreatePalette
0x489e9c SetArcDirection
0x489ea0 CreateDIBitmap
0x489ea4 GetTextExtentPointA
0x489ea8 Rectangle
Library comdlg32.dll:
0x48a6f4 GetFileTitleA
0x48a6f8 GetSaveFileNameA
0x48a6fc ChooseColorA
0x48a700 GetOpenFileNameA
Library WINSPOOL.DRV:
0x48a6bc OpenPrinterA
0x48a6c0 ClosePrinter
0x48a6c4 DocumentPropertiesA
Library ADVAPI32.dll:
0x489c94 RegEnumKeyA
0x489c98 RegCreateKeyExA
0x489c9c RegOpenKeyExA
0x489ca0 RegQueryValueExA
0x489ca4 RegSetValueExA
0x489ca8 RegDeleteValueA
0x489cac RegDeleteKeyA
0x489cb0 RegOpenKeyA
0x489cb4 RegSetValueA
0x489cb8 RegCreateKeyA
0x489cbc RegCloseKey
0x489cc0 RegQueryValueA
Library SHELL32.dll:
0x48a30c SHGetFileInfoA
0x48a310 DragQueryFileA
0x48a314 DragFinish
0x48a318 DragAcceptFiles
0x48a31c ExtractIconA
Library COMCTL32.dll:
0x489cf8
0x489cfc
0x489d00
0x489d04 ImageList_Destroy
0x489d08 ImageList_Create
0x489d10 ImageList_Merge
0x489d14 ImageList_Read
0x489d18 ImageList_Write
Library oledlg.dll:
0x48a7f4
Library ole32.dll:
0x48a730 StringFromCLSID
0x48a734 ReadClassStg
0x48a738 ReadFmtUserTypeStg
0x48a73c OleRegGetUserType
0x48a740 WriteClassStg
0x48a744 WriteFmtUserTypeStg
0x48a748 SetConvertStg
0x48a74c CreateBindCtx
0x48a750 OleDuplicateData
0x48a758 OleUninitialize
0x48a75c CoTreatAsClass
0x48a760 CoDisconnectObject
0x48a764 OleRun
0x48a768 CoCreateInstance
0x48a76c CoTaskMemAlloc
0x48a770 CoTaskMemFree
0x48a780 CoGetClassObject
0x48a784 CLSIDFromString
0x48a788 CLSIDFromProgID
0x48a78c ReleaseStgMedium
0x48a798 CoRevokeClassObject
0x48a79c OleSetClipboard
0x48a7a0 OleFlushClipboard
0x48a7ac OleInitialize
Library OLEPRO32.DLL:
0x48a2dc
Library OLEAUT32.dll:
0x48a208 SysFreeString
0x48a20c LoadTypeLib
0x48a210 SysAllocStringLen
0x48a214 VariantClear
0x48a21c VariantCopy
0x48a220 VariantChangeType
0x48a224 SysReAllocStringLen
0x48a228 SysAllocString
0x48a230 SafeArrayAccessData
0x48a234 SafeArrayGetUBound
0x48a238 SafeArrayGetLBound
0x48a240 SafeArrayGetDim
0x48a244 SafeArrayCreate
0x48a248 SafeArrayRedim
0x48a250 SysStringByteLen
0x48a254 VarCyFromStr
0x48a258 VarBstrFromCy
0x48a25c VarDateFromStr
0x48a260 VarBstrFromDate
0x48a264 SafeArrayCopy
0x48a268 SafeArrayAllocData
0x48a270 SafeArrayGetElement
0x48a274 SafeArrayPtrOfIndex
0x48a278 SafeArrayPutElement
0x48a27c SafeArrayLock
0x48a280 SafeArrayUnlock
0x48a284 SafeArrayDestroy
0x48a290 SysStringLen

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 50002 114.114.114.114 53
192.168.56.101 53237 114.114.114.114 53
192.168.56.101 57756 114.114.114.114 53
192.168.56.101 58367 114.114.114.114 53
192.168.56.101 62318 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 123 20.189.79.72 time.windows.com 123
192.168.56.101 49235 224.0.0.252 5355
192.168.56.101 50534 224.0.0.252 5355
192.168.56.101 51963 224.0.0.252 5355
192.168.56.101 53657 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 57874 224.0.0.252 5355
192.168.56.101 60384 224.0.0.252 5355
192.168.56.101 62191 224.0.0.252 5355
192.168.56.101 63429 224.0.0.252 5355
192.168.56.101 1900 239.255.255.250 1900
192.168.56.101 50003 239.255.255.250 3702
192.168.56.101 51966 239.255.255.250 1900

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.