7.2
高危
56 个模型检测该样本为恶意!
重新分析
更多

2e00a231db5268aabbf82259fb2f25b541b7877a5d8be339b107dfab1e896338

cc98bde70f95fc961a1f8086de2ed197.exe

分析耗时

88s

最近分析

文件大小

1.2MB
静态报毒 动态报毒 AGEN AGENSLA AI SCORE=82 AIDETECTVM ALI2000015 AUTO CLOUD CONFIDENCE DELF DELFINJECT DELPHILESS ECIV ELFW ELIM FAREIT GENERICKD HIBKVS HIGH CONFIDENCE KPOT LOKI LOKIBOT MALICIOUS PE MALWARE1 OHW@AQ@KVBFI SCORE SIGGEN9 SMDF TSCOPE UNSAFE X2059 ZELPHIF 更多
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
McAfee Fareit-FRQ!CC98BDE70F95 20200811 6.0.6.653
Alibaba Trojan:Win32/DelfInject.ali2000015 20190527 0.3.0.5
CrowdStrike win/malicious_confidence_90% (W) 20190702 1.0
Baidu 20190318 1.0.0.2
Avast Win32:Malware-gen 20200811 18.4.3895.0
Tencent Win32.Trojan.Inject.Auto 20200811 1.0.0.1
Kingsoft 20200811 2013.8.14.323
静态指标
The executable contains unknown PE section names indicative of a packer (could be a false positive) (3 个事件)
section CODE
section DATA
section BSS
The executable uses a known packer (1 个事件)
packer BobSoft Mini Delphi -> BoB / BobSoft
One or more processes crashed (2 个事件)
Time & API Arguments Status Return Repeated
1619924738.65925
__exception__
stacktrace: 
cc98bde70f95fc961a1f8086de2ed197+0x7ce6c @ 0x47ce6c
cc98bde70f95fc961a1f8086de2ed197+0x3cf3 @ 0x403cf3
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1637912
registers.edi: 4705952
registers.eax: 0
registers.ebp: 1638204
registers.edx: 2130566132
registers.ebx: 0
registers.esi: 69
registers.ecx: 350486528
exception.instruction_r: f7 f0 90 33 c0 5a 59 59 64 89 10 eb 16 e9 62 6a
exception.symbol: cc98bde70f95fc961a1f8086de2ed197+0x7cc48
exception.instruction: div eax
exception.module: cc98bde70f95fc961a1f8086de2ed197.exe
exception.exception_code: 0xc0000094
exception.offset: 511048
exception.address: 0x47cc48
success 0 0
1619924745.330625
__exception__
stacktrace: 
CreateFileMappingW+0xe5 OpenFileMappingW-0x29 kernelbase+0xdc73 @ 0x778edc73
GetFileVersion+0xa7 ND_RI2-0x2eb mscoreei+0xe97b @ 0x73aae97b
GetFileVersion+0x1bb ND_RI2-0x1d7 mscoreei+0xea8f @ 0x73aaea8f
RegisterShimImplCallback+0x48e5 CLRCreateInstance-0x13e6 mscoreei+0xb25a @ 0x73aab25a
RegisterShimImplCallback+0x4b52 CLRCreateInstance-0x1179 mscoreei+0xb4c7 @ 0x73aab4c7
RegisterShimImplCallback+0x4300 CLRCreateInstance-0x19cb mscoreei+0xac75 @ 0x73aaac75
RegisterShimImplCallback+0x4561 CLRCreateInstance-0x176a mscoreei+0xaed6 @ 0x73aaaed6
CreateConfigStream+0xc89 _CorExeMain-0x62 mscoreei+0x5511 @ 0x73aa5511
_CorExeMain+0x2b _CorExeMain2-0x141 mscoreei+0x559e @ 0x73aa559e
CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x74167f16
_CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x74164de3
cc98bde70f95fc961a1f8086de2ed197+0x98a4d @ 0x498a4d
cc98bde70f95fc961a1f8086de2ed197+0x91254 @ 0x491254
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1634372
registers.edi: 2
registers.eax: 1
registers.ebp: 1634412
registers.edx: 228
registers.ebx: 983045
registers.esi: 1634532
registers.ecx: 228
exception.symbol:
exception.exception_code: 0xc0000005
exception.address: 0xfe5d14ad
success 0 0
行为判定
动态指标
One or more potentially interesting buffers were extracted, these generally contain injected code, configuration data, etc.
Allocates read-write-execute memory (usually to unpack itself) (29 个事件)
Time & API Arguments Status Return Repeated
1619924738.12725
NtAllocateVirtualMemory
process_identifier: 1948
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x003e0000
success 0 0
1619924738.69025
NtAllocateVirtualMemory
process_identifier: 1948
region_size: 24576
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00680000
success 0 0
1619924738.69025
NtAllocateVirtualMemory
process_identifier: 1948
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x006b0000
success 0 0
1619924739.252625
NtAllocateVirtualMemory
process_identifier: 1272
region_size: 2097152
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 8192 (MEM_RESERVE)
base_address: 0x02050000
success 0 0
1619924739.252625
NtAllocateVirtualMemory
process_identifier: 1272
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x02210000
success 0 0
1619924739.252625
NtAllocateVirtualMemory
process_identifier: 1272
region_size: 589824
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x01ee0000
success 0 0
1619924739.252625
NtProtectVirtualMemory
process_identifier: 1272
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 565248
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x01ee2000
success 0 0
1619924740.174625
NtAllocateVirtualMemory
process_identifier: 1272
region_size: 1048576
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 8192 (MEM_RESERVE)
base_address: 0x02050000
success 0 0
1619924740.174625
NtAllocateVirtualMemory
process_identifier: 1272
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x02110000
success 0 0
1619924745.299625
NtProtectVirtualMemory
process_identifier: 1272
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x01db2000
success 0 0
1619924745.299625
NtProtectVirtualMemory
process_identifier: 1272
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76351000
success 0 0
1619924745.299625
NtProtectVirtualMemory
process_identifier: 1272
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x01db2000
success 0 0
1619924745.299625
NtProtectVirtualMemory
process_identifier: 1272
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76353000
success 0 0
1619924745.299625
NtProtectVirtualMemory
process_identifier: 1272
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x01db2000
success 0 0
1619924745.299625
NtProtectVirtualMemory
process_identifier: 1272
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76354000
success 0 0
1619924745.299625
NtProtectVirtualMemory
process_identifier: 1272
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x01db2000
success 0 0
1619924745.299625
NtProtectVirtualMemory
process_identifier: 1272
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76351000
success 0 0
1619924745.315625
NtProtectVirtualMemory
process_identifier: 1272
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x01db2000
success 0 0
1619924745.315625
NtProtectVirtualMemory
process_identifier: 1272
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x77d4f000
success 0 0
1619924745.315625
NtProtectVirtualMemory
process_identifier: 1272
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x01db2000
success 0 0
1619924745.315625
NtProtectVirtualMemory
process_identifier: 1272
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76353000
success 0 0
1619924745.315625
NtProtectVirtualMemory
process_identifier: 1272
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x01db2000
success 0 0
1619924745.315625
NtProtectVirtualMemory
process_identifier: 1272
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76351000
success 0 0
1619924745.315625
NtProtectVirtualMemory
process_identifier: 1272
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x01db2000
success 0 0
1619924745.315625
NtProtectVirtualMemory
process_identifier: 1272
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76351000
success 0 0
1619924745.315625
NtProtectVirtualMemory
process_identifier: 1272
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x01db2000
success 0 0
1619924745.315625
NtProtectVirtualMemory
process_identifier: 1272
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76354000
success 0 0
1619924745.315625
NtProtectVirtualMemory
process_identifier: 1272
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x01db2000
success 0 0
1619924745.315625
NtProtectVirtualMemory
process_identifier: 1272
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76351000
success 0 0
The binary likely contains encrypted or compressed data indicative of a packer (2 个事件)
entropy 7.652788285606126 section {'size_of_data': '0x000a7a00', 'virtual_address': '0x00099000', 'entropy': 7.652788285606126, 'name': '.rsrc', 'virtual_size': '0x000a78a0'} description A section with a high entropy has been found
entropy 0.5332007952286282 description Overall entropy of this PE file is high
网络通信
Communicates with host for which no DNS query was performed (1 个事件)
host 172.217.24.14
Used NtSetContextThread to modify a thread in a remote process indicative of process injection (2 个事件)
Process injection Process 1948 called NtSetContextThread to modify thread in remote process 1272
Time & API Arguments Status Return Repeated
1619924739.06525
NtSetContextThread
thread_handle: 0x00000100
registers.eip: 0
registers.esp: 0
registers.edi: 0
registers.eax: 4788927
registers.ebp: 0
registers.edx: 0
registers.ebx: 2130567168
registers.esi: 0
registers.ecx: 0
process_identifier: 1272
success 0 0
Resumed a suspended thread in a remote process potentially indicative of process injection (2 个事件)
Process injection Process 1948 resumed a thread in remote process 1272
Time & API Arguments Status Return Repeated
1619924739.11225
NtResumeThread
thread_handle: 0x00000100
suspend_count: 1
process_identifier: 1272
success 0 0
Executed a process and injected code into it, probably while unpacking (6 个事件)
Time & API Arguments Status Return Repeated
1619924738.97125
CreateProcessInternalW
thread_identifier: 1824
thread_handle: 0x00000100
process_identifier: 1272
current_directory:
filepath:
track: 1
command_line: "C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\cc98bde70f95fc961a1f8086de2ed197.exe"
filepath_r:
stack_pivoted: 0
creation_flags: 4 (CREATE_SUSPENDED)
process_handle: 0x00000108
inherit_handles: 0
success 1 0
1619924738.97125
NtUnmapViewOfSection
process_identifier: 1272
region_size: 4096
process_handle: 0x00000108
base_address: 0x00400000
success 0 0
1619924738.97125
NtMapViewOfSection
section_handle: 0x00000110
process_identifier: 1272
commit_size: 1220608
win32_protect: 64 (PAGE_EXECUTE_READWRITE)
buffer:
process_handle: 0x00000108
allocation_type: 0 ()
section_offset: 0
view_size: 1220608
base_address: 0x00400000
success 0 0
1619924739.06525
NtGetContextThread
thread_handle: 0x00000100
success 0 0
1619924739.06525
NtSetContextThread
thread_handle: 0x00000100
registers.eip: 0
registers.esp: 0
registers.edi: 0
registers.eax: 4788927
registers.ebp: 0
registers.edx: 0
registers.ebx: 2130567168
registers.esi: 0
registers.ecx: 0
process_identifier: 1272
success 0 0
1619924739.11225
NtResumeThread
thread_handle: 0x00000100
suspend_count: 1
process_identifier: 1272
success 0 0
File has been identified by 56 AntiVirus engines on VirusTotal as malicious (50 out of 56 个事件)
Bkav W32.AIDetectVM.malware1
Elastic malicious (high confidence)
MicroWorld-eScan Trojan.GenericKD.33595911
FireEye Generic.mg.cc98bde70f95fc96
McAfee Fareit-FRQ!CC98BDE70F95
Cylance Unsafe
Zillya Trojan.Injector.Win32.696915
Sangfor Malware
K7AntiVirus Trojan ( 00564aed1 )
Alibaba Trojan:Win32/DelfInject.ali2000015
K7GW Trojan ( 00564aed1 )
CrowdStrike win/malicious_confidence_90% (W)
Invincea heuristic
F-Prot W32/Injector.JAL
APEX Malicious
Avast Win32:Malware-gen
GData Trojan.GenericKD.33595911
Kaspersky HEUR:Trojan-PSW.Win32.Agensla.gen
BitDefender Trojan.GenericKD.33595911
NANO-Antivirus Trojan.Win32.Agensla.hibkvs
Paloalto generic.ml
Tencent Win32.Trojan.Inject.Auto
Ad-Aware Trojan.GenericKD.33595911
TACHYON Trojan/W32.DP-Agent.1288704.E
Sophos Mal/Fareit-V
F-Secure Heuristic.HEUR/AGEN.1108672
DrWeb Trojan.Siggen9.32272
VIPRE Trojan.Win32.Generic!BT
TrendMicro TrojanSpy.Win32.LOKI.SMDF.hp
Emsisoft Trojan.GenericKD.33595911 (B)
SentinelOne DFI - Malicious PE
Cyren W32/Injector.ECIV-9331
Jiangmin Trojan.PSW.Agensla.hd
Webroot W32.Malware.Gen
Avira HEUR/AGEN.1108672
Antiy-AVL Trojan/Win32.Lokibot
Arcabit Trojan.Generic.D200A207
ZoneAlarm HEUR:Trojan-PSW.Win32.Agensla.gen
Microsoft Trojan:Win32/Kpot.PA!MTB
Cynet Malicious (score: 100)
AhnLab-V3 Suspicious/Win.Delphiless.X2059
BitDefenderTheta Gen:NN.ZelphiF.34152.oHW@aq@kVBfi
ALYac Spyware.LokiBot
MAX malware (ai score=82)
VBA32 TScope.Trojan.Delf
Malwarebytes Trojan.MalPack.DLF
Zoner Trojan.Win32.90428
ESET-NOD32 a variant of Win32/Injector.ELIM
TrendMicro-HouseCall TrojanSpy.Win32.LOKI.SMDF.hp
Rising Trojan.Injector!1.AFE3 (CLOUD)
Connects to IP addresses that are no longer responding to requests (legitimate services will remain up-and-running usually) (2 个事件)
dead_host 172.217.24.14:443
dead_host 172.217.27.142:443
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

1992-06-20 06:22:17

Imports

Library kernel32.dll:
0x48b178 VirtualFree
0x48b17c VirtualAlloc
0x48b180 LocalFree
0x48b184 LocalAlloc
0x48b188 GetVersion
0x48b18c GetCurrentThreadId
0x48b198 VirtualQuery
0x48b19c WideCharToMultiByte
0x48b1a0 MultiByteToWideChar
0x48b1a4 lstrlenA
0x48b1a8 lstrcpynA
0x48b1ac LoadLibraryExA
0x48b1b0 GetThreadLocale
0x48b1b4 GetStartupInfoA
0x48b1b8 GetProcAddress
0x48b1bc GetModuleHandleA
0x48b1c0 GetModuleFileNameA
0x48b1c4 GetLocaleInfoA
0x48b1c8 GetCommandLineA
0x48b1cc FreeLibrary
0x48b1d0 FindFirstFileA
0x48b1d4 FindClose
0x48b1d8 ExitProcess
0x48b1dc ExitThread
0x48b1e0 CreateThread
0x48b1e4 WriteFile
0x48b1ec RtlUnwind
0x48b1f0 RaiseException
0x48b1f4 GetStdHandle
Library user32.dll:
0x48b1fc GetKeyboardType
0x48b200 LoadStringA
0x48b204 MessageBoxA
0x48b208 CharNextA
Library advapi32.dll:
0x48b210 RegQueryValueExA
0x48b214 RegOpenKeyExA
0x48b218 RegCloseKey
Library oleaut32.dll:
0x48b220 SysFreeString
0x48b224 SysReAllocStringLen
0x48b228 SysAllocStringLen
Library kernel32.dll:
0x48b230 TlsSetValue
0x48b234 TlsGetValue
0x48b238 LocalAlloc
0x48b23c GetModuleHandleA
Library advapi32.dll:
0x48b244 RegQueryValueExA
0x48b248 RegOpenKeyExA
0x48b24c RegCloseKey
Library kernel32.dll:
0x48b254 lstrlenA
0x48b258 lstrcpyA
0x48b25c lstrcmpA
0x48b260 WriteFile
0x48b264 WaitForSingleObject
0x48b26c VirtualQuery
0x48b270 VirtualFree
0x48b274 VirtualAllocEx
0x48b278 VirtualAlloc
0x48b27c Sleep
0x48b280 SizeofResource
0x48b284 SetThreadLocale
0x48b288 SetFilePointer
0x48b28c SetEvent
0x48b290 SetErrorMode
0x48b294 SetEndOfFile
0x48b29c ResumeThread
0x48b2a0 ResetEvent
0x48b2a4 ReleaseMutex
0x48b2a8 ReadFile
0x48b2ac MultiByteToWideChar
0x48b2b0 MulDiv
0x48b2b4 LockResource
0x48b2b8 LoadResource
0x48b2bc LoadLibraryA
0x48b2c8 GlobalUnlock
0x48b2cc GlobalSize
0x48b2d0 GlobalReAlloc
0x48b2d4 GlobalHandle
0x48b2d8 GlobalLock
0x48b2dc GlobalFree
0x48b2e0 GlobalFindAtomA
0x48b2e4 GlobalDeleteAtom
0x48b2e8 GlobalAlloc
0x48b2ec GlobalAddAtomA
0x48b2f0 GetVersionExA
0x48b2f4 GetVersion
0x48b2f8 GetUserDefaultLCID
0x48b2fc GetTickCount
0x48b300 GetThreadLocale
0x48b304 GetSystemInfo
0x48b308 GetStringTypeExA
0x48b30c GetStdHandle
0x48b310 GetProcAddress
0x48b314 GetModuleHandleA
0x48b318 GetModuleFileNameA
0x48b31c GetLocaleInfoA
0x48b320 GetLocalTime
0x48b324 GetLastError
0x48b328 GetFullPathNameA
0x48b32c GetExitCodeThread
0x48b330 GetDiskFreeSpaceA
0x48b334 GetDateFormatA
0x48b338 GetCurrentThreadId
0x48b33c GetCurrentProcessId
0x48b340 GetCurrentProcess
0x48b348 GetComputerNameA
0x48b34c GetCPInfo
0x48b350 GetACP
0x48b354 FreeResource
0x48b35c InterlockedExchange
0x48b364 FreeLibrary
0x48b368 FormatMessageA
0x48b36c FindResourceA
0x48b374 FindFirstFileA
0x48b380 FindClose
0x48b38c EnumCalendarInfoA
0x48b398 CreateThread
0x48b39c CreateMutexA
0x48b3a0 CreateFileA
0x48b3a4 CreateEventA
0x48b3a8 CompareStringA
0x48b3ac CloseHandle
Library version.dll:
0x48b3b4 VerQueryValueA
0x48b3bc GetFileVersionInfoA
Library gdi32.dll:
0x48b3c4 UnrealizeObject
0x48b3c8 StretchBlt
0x48b3cc SetWindowOrgEx
0x48b3d0 SetWinMetaFileBits
0x48b3d4 SetViewportOrgEx
0x48b3d8 SetTextColor
0x48b3dc SetStretchBltMode
0x48b3e0 SetROP2
0x48b3e4 SetPixel
0x48b3e8 SetMapMode
0x48b3ec SetEnhMetaFileBits
0x48b3f0 SetDIBColorTable
0x48b3f4 SetBrushOrgEx
0x48b3f8 SetBkMode
0x48b3fc SetBkColor
0x48b400 SelectPalette
0x48b404 SelectObject
0x48b408 SaveDC
0x48b40c RestoreDC
0x48b410 Rectangle
0x48b414 RectVisible
0x48b418 RealizePalette
0x48b41c PlayEnhMetaFile
0x48b420 PatBlt
0x48b424 MoveToEx
0x48b428 MaskBlt
0x48b42c LineTo
0x48b430 LPtoDP
0x48b434 IntersectClipRect
0x48b438 GetWindowOrgEx
0x48b43c GetWinMetaFileBits
0x48b440 GetTextMetricsA
0x48b44c GetStockObject
0x48b450 GetPolyFillMode
0x48b454 GetPixel
0x48b458 GetPaletteEntries
0x48b45c GetObjectA
0x48b46c GetEnhMetaFileBits
0x48b470 GetDeviceCaps
0x48b474 GetDIBits
0x48b478 GetDIBColorTable
0x48b47c GetDCOrgEx
0x48b484 GetClipBox
0x48b488 GetBrushOrgEx
0x48b48c GetBitmapBits
0x48b490 ExtTextOutA
0x48b494 ExcludeClipRect
0x48b498 DeleteObject
0x48b49c DeleteEnhMetaFile
0x48b4a0 DeleteDC
0x48b4a4 CreateSolidBrush
0x48b4a8 CreatePenIndirect
0x48b4ac CreatePalette
0x48b4b4 CreateFontIndirectA
0x48b4b8 CreateEnhMetaFileA
0x48b4bc CreateDIBitmap
0x48b4c0 CreateDIBSection
0x48b4c4 CreateCompatibleDC
0x48b4cc CreateBrushIndirect
0x48b4d0 CreateBitmap
0x48b4d4 CopyEnhMetaFileA
0x48b4d8 CloseEnhMetaFile
0x48b4dc BitBlt
Library user32.dll:
0x48b4e4 CreateWindowExA
0x48b4e8 WindowFromPoint
0x48b4ec WinHelpA
0x48b4f0 WaitMessage
0x48b4f4 UpdateWindow
0x48b4f8 UnregisterClassA
0x48b4fc UnhookWindowsHookEx
0x48b500 TranslateMessage
0x48b508 TrackPopupMenu
0x48b510 ShowWindow
0x48b514 ShowScrollBar
0x48b518 ShowOwnedPopups
0x48b51c ShowCursor
0x48b520 SetWindowsHookExA
0x48b524 SetWindowTextA
0x48b528 SetWindowPos
0x48b52c SetWindowPlacement
0x48b530 SetWindowLongA
0x48b534 SetTimer
0x48b538 SetScrollRange
0x48b53c SetScrollPos
0x48b540 SetScrollInfo
0x48b544 SetRect
0x48b548 SetPropA
0x48b54c SetParent
0x48b550 SetMenuItemInfoA
0x48b554 SetMenu
0x48b558 SetForegroundWindow
0x48b55c SetFocus
0x48b560 SetCursor
0x48b564 SetClassLongA
0x48b568 SetCapture
0x48b56c SetActiveWindow
0x48b570 SendMessageA
0x48b574 ScrollWindow
0x48b578 ScreenToClient
0x48b57c RemovePropA
0x48b580 RemoveMenu
0x48b584 ReleaseDC
0x48b588 ReleaseCapture
0x48b594 RegisterClassA
0x48b598 RedrawWindow
0x48b59c PtInRect
0x48b5a0 PostQuitMessage
0x48b5a4 PostMessageA
0x48b5a8 PeekMessageA
0x48b5ac OffsetRect
0x48b5b0 OemToCharA
0x48b5b8 MessageBoxA
0x48b5bc MapWindowPoints
0x48b5c0 MapVirtualKeyA
0x48b5c4 LoadStringA
0x48b5c8 LoadKeyboardLayoutA
0x48b5cc LoadIconA
0x48b5d0 LoadCursorA
0x48b5d4 LoadBitmapA
0x48b5d8 KillTimer
0x48b5dc IsZoomed
0x48b5e0 IsWindowVisible
0x48b5e4 IsWindowEnabled
0x48b5e8 IsWindow
0x48b5ec IsRectEmpty
0x48b5f0 IsIconic
0x48b5f4 IsDialogMessageA
0x48b5f8 IsChild
0x48b5fc InvalidateRect
0x48b600 IntersectRect
0x48b604 InsertMenuItemA
0x48b608 InsertMenuA
0x48b60c InflateRect
0x48b614 GetWindowTextA
0x48b618 GetWindowRect
0x48b61c GetWindowPlacement
0x48b620 GetWindowLongA
0x48b624 GetWindowDC
0x48b628 GetTopWindow
0x48b62c GetSystemMetrics
0x48b630 GetSystemMenu
0x48b634 GetSysColorBrush
0x48b638 GetSysColor
0x48b63c GetSubMenu
0x48b640 GetScrollRange
0x48b644 GetScrollPos
0x48b648 GetScrollInfo
0x48b64c GetPropA
0x48b650 GetParent
0x48b654 GetWindow
0x48b658 GetMessageTime
0x48b65c GetMessagePos
0x48b660 GetMenuStringA
0x48b664 GetMenuState
0x48b668 GetMenuItemInfoA
0x48b66c GetMenuItemID
0x48b670 GetMenuItemCount
0x48b674 GetMenu
0x48b678 GetLastActivePopup
0x48b67c GetKeyboardState
0x48b684 GetKeyboardLayout
0x48b688 GetKeyState
0x48b68c GetKeyNameTextA
0x48b690 GetIconInfo
0x48b694 GetForegroundWindow
0x48b698 GetFocus
0x48b69c GetDesktopWindow
0x48b6a0 GetDCEx
0x48b6a4 GetDC
0x48b6a8 GetCursorPos
0x48b6ac GetCursor
0x48b6b0 GetClipboardData
0x48b6b4 GetClientRect
0x48b6b8 GetClassNameA
0x48b6bc GetClassInfoA
0x48b6c0 GetCapture
0x48b6c4 GetActiveWindow
0x48b6c8 FrameRect
0x48b6cc FindWindowA
0x48b6d0 FillRect
0x48b6d4 EqualRect
0x48b6d8 EnumWindows
0x48b6dc EnumThreadWindows
0x48b6e0 EndPaint
0x48b6e4 EnableWindow
0x48b6e8 EnableScrollBar
0x48b6ec EnableMenuItem
0x48b6f0 DrawTextA
0x48b6f4 DrawMenuBar
0x48b6f8 DrawIconEx
0x48b6fc DrawIcon
0x48b700 DrawFrameControl
0x48b704 DrawEdge
0x48b708 DispatchMessageA
0x48b70c DestroyWindow
0x48b710 DestroyMenu
0x48b714 DestroyIcon
0x48b718 DestroyCursor
0x48b71c DeleteMenu
0x48b720 DefWindowProcA
0x48b724 DefMDIChildProcA
0x48b728 DefFrameProcA
0x48b72c CreatePopupMenu
0x48b730 CreateMenu
0x48b734 CreateIcon
0x48b738 ClientToScreen
0x48b740 CheckMenuItem
0x48b744 CallWindowProcA
0x48b748 CallNextHookEx
0x48b74c BeginPaint
0x48b750 CharNextA
0x48b754 CharLowerBuffA
0x48b758 CharLowerA
0x48b75c CharUpperBuffA
0x48b760 CharToOemA
0x48b764 AdjustWindowRectEx
Library kernel32.dll:
0x48b770 Sleep
Library oleaut32.dll:
0x48b778 SafeArrayPtrOfIndex
0x48b77c SafeArrayGetUBound
0x48b780 SafeArrayGetLBound
0x48b784 SafeArrayCreate
0x48b788 VariantChangeType
0x48b78c VariantCopy
0x48b790 VariantClear
0x48b794 VariantInit
Library ole32.dll:
0x48b7a0 IsAccelerator
0x48b7a4 OleDraw
0x48b7ac OleUninitialize
0x48b7b0 OleInitialize
0x48b7b4 CoTaskMemFree
0x48b7b8 CoTaskMemAlloc
0x48b7bc ProgIDFromCLSID
0x48b7c0 StringFromCLSID
0x48b7c4 CoCreateInstance
0x48b7c8 CoGetClassObject
0x48b7cc CoUninitialize
0x48b7d0 CoInitialize
0x48b7d4 IsEqualGUID
Library oleaut32.dll:
0x48b7dc GetErrorInfo
0x48b7e0 GetActiveObject
0x48b7e4 SysFreeString
Library comctl32.dll:
0x48b7f4 ImageList_Write
0x48b7f8 ImageList_Read
0x48b808 ImageList_DragMove
0x48b80c ImageList_DragLeave
0x48b810 ImageList_DragEnter
0x48b814 ImageList_EndDrag
0x48b818 ImageList_BeginDrag
0x48b81c ImageList_Remove
0x48b820 ImageList_DrawEx
0x48b824 ImageList_Draw
0x48b834 ImageList_Add
0x48b83c ImageList_Destroy
0x48b840 ImageList_Create
0x48b844 InitCommonControls
Library shell32.dll:
0x48b84c ShellExecuteExA
0x48b850 ShellExecuteA
0x48b854 SHGetFileInfoA
Library shell32.dll:
0x48b860 SHGetMalloc
0x48b864 SHGetDesktopFolder

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 50568 114.114.114.114 53
192.168.56.101 51963 114.114.114.114 53
192.168.56.101 60123 114.114.114.114 53
192.168.56.101 60215 114.114.114.114 53
192.168.56.101 63429 114.114.114.114 53
192.168.56.101 65004 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 123 20.189.79.72 time.windows.com 123
192.168.56.101 49235 224.0.0.252 5355
192.168.56.101 50002 224.0.0.252 5355
192.168.56.101 53657 224.0.0.252 5355
192.168.56.101 56539 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 57756 224.0.0.252 5355
192.168.56.101 57874 224.0.0.252 5355
192.168.56.101 58367 224.0.0.252 5355
192.168.56.101 60384 224.0.0.252 5355
192.168.56.101 1900 239.255.255.250 1900
192.168.56.101 53658 239.255.255.250 3702

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.