2.4
中危
6 个模型检测该样本为恶意!
重新分析
更多

0ae63c9c9b6dc9b6102918069b766fef2eb08a0908e7ff79ff9a4e4769367df7

cc28c579c133795ed3db1d6be581923a.exe

分析耗时

84s

最近分析

文件大小

1.4MB
静态报毒 动态报毒 ARTEMIS GRAYWARE MALICIOUS PRESENOKER ZD0@AASZFZDJ ZEXAF
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
Alibaba 20190527 0.3.0.5
Baidu 20190318 1.0.0.2
Avast 20200912 18.4.3895.0
Tencent 20200912 1.0.0.1
Kingsoft 20200912 2013.8.14.323
McAfee Artemis!28718440F3E0 20200912 6.0.6.653
CrowdStrike 20190702 1.0
静态指标
This executable has a PDB path (1 个事件)
pdb_path D:\Projects\hdsnspoofer\Release\hdsnspoofer.pdb
The executable contains unknown PE section names indicative of a packer (could be a false positive) (1 个事件)
section .gfids
The file contains an unknown PE resource name possibly indicative of a packer (6 个事件)
resource name BIN
resource name LAYOUT
resource name PNG
resource name UIDEF
resource name VALUES
resource name XML
行为判定
动态指标
Allocates read-write-execute memory (usually to unpack itself) (2 个事件)
Time & API Arguments Status Return Repeated
1620897718.350943
NtAllocateVirtualMemory
process_identifier: 2308
region_size: 2228224
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 8192 (MEM_RESERVE)
base_address: 0x024c0000
success 0 0
1620897718.350943
NtAllocateVirtualMemory
process_identifier: 2308
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x026a0000
success 0 0
Foreign language identified in PE resource (50 out of 55 个事件)
name BIN language LANG_CHINESE offset 0x00153a18 filetype PE32+ executable (native) x86-64, for MS Windows sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00003448
name BIN language LANG_CHINESE offset 0x00153a18 filetype PE32+ executable (native) x86-64, for MS Windows sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00003448
name LAYOUT language LANG_CHINESE offset 0x0013d430 filetype HTML document, UTF-8 Unicode (with BOM) text, with CRLF line terminators sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000e27
name PNG language LANG_CHINESE offset 0x0016c770 filetype PNG image data, 13 x 85, 8-bit/color RGBA, non-interlaced sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x0000050f
name PNG language LANG_CHINESE offset 0x0016c770 filetype PNG image data, 13 x 85, 8-bit/color RGBA, non-interlaced sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x0000050f
name PNG language LANG_CHINESE offset 0x0016c770 filetype PNG image data, 13 x 85, 8-bit/color RGBA, non-interlaced sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x0000050f
name PNG language LANG_CHINESE offset 0x0016c770 filetype PNG image data, 13 x 85, 8-bit/color RGBA, non-interlaced sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x0000050f
name PNG language LANG_CHINESE offset 0x0016c770 filetype PNG image data, 13 x 85, 8-bit/color RGBA, non-interlaced sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x0000050f
name PNG language LANG_CHINESE offset 0x0016c770 filetype PNG image data, 13 x 85, 8-bit/color RGBA, non-interlaced sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x0000050f
name PNG language LANG_CHINESE offset 0x0016c770 filetype PNG image data, 13 x 85, 8-bit/color RGBA, non-interlaced sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x0000050f
name PNG language LANG_CHINESE offset 0x0016c770 filetype PNG image data, 13 x 85, 8-bit/color RGBA, non-interlaced sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x0000050f
name PNG language LANG_CHINESE offset 0x0016c770 filetype PNG image data, 13 x 85, 8-bit/color RGBA, non-interlaced sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x0000050f
name PNG language LANG_CHINESE offset 0x0016c770 filetype PNG image data, 13 x 85, 8-bit/color RGBA, non-interlaced sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x0000050f
name PNG language LANG_CHINESE offset 0x0016c770 filetype PNG image data, 13 x 85, 8-bit/color RGBA, non-interlaced sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x0000050f
name PNG language LANG_CHINESE offset 0x0016c770 filetype PNG image data, 13 x 85, 8-bit/color RGBA, non-interlaced sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x0000050f
name PNG language LANG_CHINESE offset 0x0016c770 filetype PNG image data, 13 x 85, 8-bit/color RGBA, non-interlaced sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x0000050f
name PNG language LANG_CHINESE offset 0x0016c770 filetype PNG image data, 13 x 85, 8-bit/color RGBA, non-interlaced sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x0000050f
name PNG language LANG_CHINESE offset 0x0016c770 filetype PNG image data, 13 x 85, 8-bit/color RGBA, non-interlaced sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x0000050f
name PNG language LANG_CHINESE offset 0x0016c770 filetype PNG image data, 13 x 85, 8-bit/color RGBA, non-interlaced sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x0000050f
name PNG language LANG_CHINESE offset 0x0016c770 filetype PNG image data, 13 x 85, 8-bit/color RGBA, non-interlaced sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x0000050f
name PNG language LANG_CHINESE offset 0x0016c770 filetype PNG image data, 13 x 85, 8-bit/color RGBA, non-interlaced sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x0000050f
name PNG language LANG_CHINESE offset 0x0016c770 filetype PNG image data, 13 x 85, 8-bit/color RGBA, non-interlaced sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x0000050f
name PNG language LANG_CHINESE offset 0x0016c770 filetype PNG image data, 13 x 85, 8-bit/color RGBA, non-interlaced sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x0000050f
name PNG language LANG_CHINESE offset 0x0016c770 filetype PNG image data, 13 x 85, 8-bit/color RGBA, non-interlaced sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x0000050f
name PNG language LANG_CHINESE offset 0x0016c770 filetype PNG image data, 13 x 85, 8-bit/color RGBA, non-interlaced sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x0000050f
name PNG language LANG_CHINESE offset 0x0016c770 filetype PNG image data, 13 x 85, 8-bit/color RGBA, non-interlaced sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x0000050f
name PNG language LANG_CHINESE offset 0x0016c770 filetype PNG image data, 13 x 85, 8-bit/color RGBA, non-interlaced sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x0000050f
name PNG language LANG_CHINESE offset 0x0016c770 filetype PNG image data, 13 x 85, 8-bit/color RGBA, non-interlaced sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x0000050f
name PNG language LANG_CHINESE offset 0x0016c770 filetype PNG image data, 13 x 85, 8-bit/color RGBA, non-interlaced sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x0000050f
name PNG language LANG_CHINESE offset 0x0016c770 filetype PNG image data, 13 x 85, 8-bit/color RGBA, non-interlaced sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x0000050f
name PNG language LANG_CHINESE offset 0x0016c770 filetype PNG image data, 13 x 85, 8-bit/color RGBA, non-interlaced sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x0000050f
name PNG language LANG_CHINESE offset 0x0016c770 filetype PNG image data, 13 x 85, 8-bit/color RGBA, non-interlaced sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x0000050f
name PNG language LANG_CHINESE offset 0x0016c770 filetype PNG image data, 13 x 85, 8-bit/color RGBA, non-interlaced sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x0000050f
name PNG language LANG_CHINESE offset 0x0016c770 filetype PNG image data, 13 x 85, 8-bit/color RGBA, non-interlaced sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x0000050f
name PNG language LANG_CHINESE offset 0x0016c770 filetype PNG image data, 13 x 85, 8-bit/color RGBA, non-interlaced sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x0000050f
name PNG language LANG_CHINESE offset 0x0016c770 filetype PNG image data, 13 x 85, 8-bit/color RGBA, non-interlaced sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x0000050f
name UIDEF language LANG_CHINESE offset 0x0013d338 filetype XML 1.0 document, UTF-8 Unicode (with BOM) text, with CRLF line terminators sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x000000f7
name VALUES language LANG_CHINESE offset 0x0013e258 filetype XML 1.0 document, UTF-8 Unicode text, with CRLF line terminators sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000095
name VALUES language LANG_CHINESE offset 0x0013e258 filetype XML 1.0 document, UTF-8 Unicode text, with CRLF line terminators sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000095
name VALUES language LANG_CHINESE offset 0x0013e258 filetype XML 1.0 document, UTF-8 Unicode text, with CRLF line terminators sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000095
name XML language LANG_CHINESE offset 0x00156e60 filetype HTML document, UTF-8 Unicode text, with CRLF line terminators sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x0000070c
name XML language LANG_CHINESE offset 0x00156e60 filetype HTML document, UTF-8 Unicode text, with CRLF line terminators sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x0000070c
name XML language LANG_CHINESE offset 0x00156e60 filetype HTML document, UTF-8 Unicode text, with CRLF line terminators sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x0000070c
name XML language LANG_CHINESE offset 0x00156e60 filetype HTML document, UTF-8 Unicode text, with CRLF line terminators sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x0000070c
name RT_ICON language LANG_CHINESE offset 0x001506e0 filetype GLS_BINARY_LSB_FIRST sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000468
name RT_ICON language LANG_CHINESE offset 0x001506e0 filetype GLS_BINARY_LSB_FIRST sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000468
name RT_ICON language LANG_CHINESE offset 0x001506e0 filetype GLS_BINARY_LSB_FIRST sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000468
name RT_ICON language LANG_CHINESE offset 0x001506e0 filetype GLS_BINARY_LSB_FIRST sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000468
name RT_ICON language LANG_CHINESE offset 0x001506e0 filetype GLS_BINARY_LSB_FIRST sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000468
name RT_ICON language LANG_CHINESE offset 0x001506e0 filetype GLS_BINARY_LSB_FIRST sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000468
File has been identified by 6 AntiVirus engines on VirusTotal as malicious (6 个事件)
Zillya Trojan.Generic.Win32.1046194
APEX Malicious
Antiy-AVL GrayWare/Win32.Presenoker
McAfee Artemis!28718440F3E0
VBA32 Trojan.Rootkit
BitDefenderTheta Gen:NN.ZexaF.34216.zD0@aasZfzdj
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

2017-11-14 19:37:25

Imports

Library KERNEL32.dll:
0x4e410c LoadLibraryA
0x4e4110 GetModuleHandleA
0x4e4114 GetVersionExW
0x4e4118 MultiByteToWideChar
0x4e411c SetEndOfFile
0x4e4120 HeapSize
0x4e4124 WriteConsoleW
0x4e4128 FlushFileBuffers
0x4e4130 GetProcessHeap
0x4e4144 GetCommandLineW
0x4e4148 GetCommandLineA
0x4e414c GetCPInfo
0x4e4150 GetOEMCP
0x4e4154 IsValidCodePage
0x4e4158 FindNextFileW
0x4e415c FindNextFileA
0x4e4160 FindFirstFileExW
0x4e4164 FindFirstFileExA
0x4e4168 CreateThread
0x4e416c OutputDebugStringW
0x4e4170 OutputDebugStringA
0x4e4174 GetVersionExA
0x4e417c SetStdHandle
0x4e4180 GetStringTypeW
0x4e4184 GetConsoleCP
0x4e4188 SetFilePointerEx
0x4e418c ReadConsoleW
0x4e4190 GetConsoleMode
0x4e4194 HeapReAlloc
0x4e4198 GetFileType
0x4e419c EnumSystemLocalesW
0x4e41a0 GetUserDefaultLCID
0x4e41a4 IsValidLocale
0x4e41a8 GetLocaleInfoW
0x4e41ac LCMapStringW
0x4e41b0 CompareStringW
0x4e41b4 GetTimeFormatW
0x4e41b8 GetDateFormatW
0x4e41bc GetCurrentThread
0x4e41c0 GetACP
0x4e41c4 GetModuleHandleExW
0x4e41c8 ExitProcess
0x4e41cc GetModuleFileNameA
0x4e41d0 GetStdHandle
0x4e41d4 ReadFile
0x4e41e0 LoadLibraryExW
0x4e41e4 TlsFree
0x4e41e8 TlsSetValue
0x4e41ec TlsGetValue
0x4e41f0 TlsAlloc
0x4e41f8 RaiseException
0x4e41fc RtlUnwind
0x4e4200 EncodePointer
0x4e4204 GetStartupInfoW
0x4e4208 IsDebuggerPresent
0x4e420c InitializeSListHead
0x4e4214 GetCurrentThreadId
0x4e4218 GetCurrentProcessId
0x4e4220 CreateEventW
0x4e4228 ResetEvent
0x4e422c SetEvent
0x4e4234 TerminateProcess
0x4e4238 LoadLibraryW
0x4e423c MulDiv
0x4e4240 FreeLibrary
0x4e4248 HeapFree
0x4e424c HeapAlloc
0x4e4250 HeapDestroy
0x4e4254 HeapCreate
0x4e4268 GetFileAttributesW
0x4e426c FindResourceW
0x4e4270 SizeofResource
0x4e4274 LockResource
0x4e4278 LoadResource
0x4e427c FreeResource
0x4e4280 SetLastError
0x4e4284 GetFullPathNameW
0x4e4288 FindFirstFileW
0x4e428c FindClose
0x4e4290 WideCharToMultiByte
0x4e4298 DeleteFileW
0x4e429c CloseHandle
0x4e42a0 WriteFile
0x4e42a4 CreateFileW
0x4e42ac GetCurrentProcess
0x4e42b0 GetModuleHandleW
0x4e42b4 GetTickCount
0x4e42b8 GetProcAddress
0x4e42c0 GetModuleFileNameW
0x4e42cc GlobalUnlock
0x4e42d0 GlobalLock
0x4e42d4 GlobalAlloc
0x4e42d8 GetLastError
0x4e42dc LocalFree
0x4e42e4 Sleep
0x4e42e8 DecodePointer
0x4e42ec lstrlenA
Library USER32.dll:
0x4e4344 SendMessageW
0x4e4348 SetWindowPos
0x4e434c MapWindowPoints
0x4e4350 GetClientRect
0x4e4354 GetParent
0x4e4358 GetActiveWindow
0x4e435c GetMonitorInfoW
0x4e4360 MonitorFromWindow
0x4e4364 GetWindowLongW
0x4e4368 GetWindow
0x4e436c ShowWindow
0x4e4370 GetWindowRect
0x4e4374 LoadBitmapW
0x4e4378 LoadCursorW
0x4e4380 LoadImageW
0x4e4384 DestroyCursor
0x4e4388 TrackMouseEvent
0x4e438c PostMessageW
0x4e4390 PostQuitMessage
0x4e4394 IsWindow
0x4e4398 AnimateWindow
0x4e43a0 IsIconic
0x4e43a4 IsZoomed
0x4e43a8 SetFocus
0x4e43ac DestroyWindow
0x4e43b0 SetCursor
0x4e43b4 UpdateLayeredWindow
0x4e43b8 MapVirtualKeyA
0x4e43bc CharLowerBuffW
0x4e43c0 SetForegroundWindow
0x4e43c4 GetMenuItemInfoW
0x4e43c8 TrackPopupMenu
0x4e43cc AppendMenuW
0x4e43d0 InsertMenuW
0x4e43d4 GetMenuItemCount
0x4e43d8 GetSubMenu
0x4e43dc DestroyMenu
0x4e43e0 CreatePopupMenu
0x4e43e4 IsMenu
0x4e43e8 GetDesktopWindow
0x4e43ec SetActiveWindow
0x4e43f0 IsWindowEnabled
0x4e43f4 EnableWindow
0x4e43f8 GetIconInfo
0x4e43fc CharNextW
0x4e4404 OffsetRect
0x4e4408 DrawTextW
0x4e440c GetSystemMetrics
0x4e4410 IsWindowVisible
0x4e4414 GetWindowPlacement
0x4e4418 GetSysColor
0x4e441c ClientToScreen
0x4e4420 EnableMenuItem
0x4e4424 GetKeyState
0x4e4428 PeekMessageW
0x4e442c GetCapture
0x4e4430 TranslateMessage
0x4e4434 GetMessageW
0x4e4438 GetFocus
0x4e443c PtInRect
0x4e4440 EqualRect
0x4e4444 IntersectRect
0x4e4448 SetRect
0x4e444c DispatchMessageW
0x4e4450 LoadIconW
0x4e4454 MessageBoxW
0x4e4458 GetDlgItem
0x4e445c CreateWindowExW
0x4e4460 RegisterClassExW
0x4e4464 UnregisterClassW
0x4e4468 CallWindowProcW
0x4e446c DefWindowProcW
0x4e4470 DestroyIcon
0x4e4474 GetClassNameW
0x4e4478 SetWindowLongW
0x4e447c IsRectEmpty
0x4e4480 UnionRect
0x4e4484 InflateRect
0x4e4488 CopyRect
0x4e448c ScreenToClient
0x4e4490 SetCaretPos
0x4e4494 HideCaret
0x4e4498 GetCaretBlinkTime
0x4e449c CreateCaret
0x4e44a0 GetCursorPos
0x4e44a4 SetWindowTextW
0x4e44a8 InvalidateRect
0x4e44ac EndPaint
0x4e44b0 BeginPaint
0x4e44b4 ReleaseDC
0x4e44b8 GetDC
0x4e44bc UpdateWindow
0x4e44c0 KillTimer
0x4e44c4 SetTimer
0x4e44c8 ReleaseCapture
0x4e44cc FillRect
0x4e44d0 InvertRect
0x4e44d4 DrawIconEx
0x4e44d8 SetCapture
Library GDI32.dll:
0x4e4038 Ellipse
0x4e403c SetViewportOrgEx
0x4e4044 CreateRoundRectRgn
0x4e4048 CreateBitmap
0x4e404c StretchBlt
0x4e4050 DeleteDC
0x4e4054 CreateCompatibleDC
0x4e4058 GetDCOrgEx
0x4e405c SetBkMode
0x4e4060 SelectObject
0x4e4064 Rectangle
0x4e4068 GetClipBox
0x4e406c DeleteObject
0x4e4070 CreateSolidBrush
0x4e4074 CreateFontIndirectW
0x4e4078 SetGraphicsMode
0x4e407c GetDeviceCaps
0x4e4080 GetObjectW
0x4e4084 GetStockObject
0x4e4088 EnumFontsW
0x4e408c BitBlt
0x4e4090 ExcludeClipRect
0x4e4094 Arc
0x4e4098 Chord
0x4e409c CombineRgn
0x4e40a0 CreatePen
0x4e40a4 CreatePatternBrush
0x4e40a8 GetViewportOrgEx
0x4e40ac GetCurrentObject
0x4e40b0 Polyline
0x4e40b4 CreateDIBSection
0x4e40b8 SetWorldTransform
0x4e40bc GetWorldTransform
0x4e40c0 SetTextColor
0x4e40c4 SetRectRgn
0x4e40c8 ExtSelectClipRgn
0x4e40cc SaveDC
0x4e40d0 RoundRect
0x4e40d4 RestoreDC
0x4e40d8 RectInRegion
0x4e40dc PtInRegion
0x4e40e0 OffsetRgn
0x4e40e4 IntersectClipRect
0x4e40ec GetTextColor
0x4e40f0 GetRgnBox
0x4e40f4 GetClipRgn
0x4e40f8 CreateRectRgn
Library ADVAPI32.dll:
0x4e4000 CloseServiceHandle
0x4e4004 RegQueryValueExW
0x4e4008 RegCloseKey
0x4e400c DeleteService
0x4e4010 ControlService
0x4e4018 StartServiceW
0x4e401c OpenServiceW
0x4e4020 CreateServiceW
0x4e4024 OpenSCManagerW
0x4e4028 RegSetValueExW
0x4e402c RegOpenKeyExW
Library SHELL32.dll:
0x4e4334 ShellExecuteW
Library ole32.dll:
0x4e454c CLSIDFromProgID
0x4e4554 CLSIDFromString
0x4e4558 CoCreateInstance
0x4e455c CreateBindCtx
0x4e4560 OleUninitialize
0x4e4564 OleInitialize
0x4e4568 OleLockRunning
Library OLEAUT32.dll:
0x4e4300 SysStringByteLen
0x4e4308 CreateErrorInfo
0x4e430c SysStringLen
0x4e4310 VariantChangeType
0x4e4314 VariantClear
0x4e4318 VariantInit
0x4e431c GetErrorInfo
0x4e4320 SysAllocString
0x4e4324 SysAllocStringLen
0x4e4328 SysFreeString
0x4e432c SetErrorInfo
Library SHLWAPI.dll:
0x4e433c StrToIntExW
Library IMM32.dll:
0x4e4100 ImmReleaseContext
0x4e4104 ImmGetContext
Library gdiplus.dll:
0x4e44e0 GdipFree
0x4e44e4 GdipSaveImageToFile
0x4e44ec GdipAlloc
0x4e44f0 GdipGetImageWidth
0x4e44f4 GdipGetImageHeight
0x4e44f8 GdiplusStartup
0x4e44fc GdiplusShutdown
0x4e4500 GdipCloneImage
0x4e450c GdipDrawImageRectI
0x4e4510 GdipGraphicsClear
0x4e4514 GdipDeleteGraphics
0x4e451c GdipBitmapLockBits
0x4e4534 GdipGetPropertyItem
0x4e4544 GdipDisposeImage
Library MSIMG32.dll:
0x4e42f4 GradientFill
0x4e42f8 AlphaBlend

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 50534 114.114.114.114 53
192.168.56.101 51808 114.114.114.114 53
192.168.56.101 58367 114.114.114.114 53
192.168.56.101 60123 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 55368 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 62191 224.0.0.252 5355
192.168.56.101 63429 224.0.0.252 5355
192.168.56.101 65004 224.0.0.252 5355
192.168.56.101 1900 239.255.255.250 1900
192.168.56.101 51809 239.255.255.250 3702
192.168.56.101 58707 239.255.255.250 3702
192.168.56.101 60124 239.255.255.250 3702
192.168.56.101 62194 239.255.255.250 1900

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.