9.8
极危
61 个模型检测该样本为恶意!
重新分析
更多

96d15bb3fe99161d651573512abb94b55f9b88e72c3a34d52eb4ce7574da8db7

ceef8efe27a7aaa0760683b37e392ccc.exe

分析耗时

73s

最近分析

文件大小

1.8MB
静态报毒 动态报毒 100% 3PEOKIBYWZU A + MAL A@81LQY7 AGEN AI SCORE=85 AIDETECTVM AVEMARIA BANLOAD CLASSIC CONFIDENCE DAQC DELF DEWTS ECLV ELDH FCRX FLIHMX FUERY GENASA GENCIRC GENETIC KCLOUD LOKIBOT MALICIOUS PE MALWARE1 MOCRT R281398 SCORE SIGGEN6 SMTH STATIC AI UJTF UNSAFE 更多
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
McAfee PWS-FCRX!CEEF8EFE27A7 20201211 6.0.6.653
Alibaba Trojan:Win32/Banload.470eb125 20190527 0.3.0.5
CrowdStrike win/malicious_confidence_100% (W) 20190702 1.0
Baidu 20190318 1.0.0.2
Avast Sf:ShellCode-CU [Trj] 20201210 21.1.5827.0
Tencent Malware.Win32.Gencirc.10b4528a 20201211 1.0.0.1
Kingsoft Win32.Troj.Undef.(kcloud) 20201211 2017.9.26.565
静态指标
Queries for the computername (1 个事件)
Time & API Arguments Status Return Repeated
1619926588.42025
GetComputerNameA
computer_name: OSKAR-PC
success 1 0
Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available (1 个事件)
Time & API Arguments Status Return Repeated
1619926588.32625
GlobalMemoryStatusEx
success 1 0
The executable contains unknown PE section names indicative of a packer (could be a false positive) (11 个事件)
section .eeunG
section .vnrF8
section .NNknhF
section .j5z
section .lcg
section .fEIePA
section .3ePm
section .Z4is
section .Iwx
section .UWY
section .Me
The executable uses a known packer (1 个事件)
packer BobSoft Mini Delphi -> BoB / BobSoft
One or more processes crashed (50 out of 59 个事件)
Time & API Arguments Status Return Repeated
1619926588.45125
__exception__
stacktrace: 
EbGetHandleOfExecutingProject+0x22b3 rtcPackDate-0xba9 msvbvm60+0xd0dcf @ 0x72a10dcf
rtcDoEvents+0x131 __vbaError-0x626 msvbvm60+0xce228 @ 0x72a0e228

registers.esp: 1636028
registers.edi: 6190744
registers.eax: 1636028
registers.ebp: 1636108
registers.edx: 0
registers.ebx: 6190744
registers.esi: 6190744
registers.ecx: 2
exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b
exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727
exception.instruction: leave
exception.module: KERNELBASE.dll
exception.exception_code: 0xc000008f
exception.offset: 46887
exception.address: 0x778eb727
success 0 0
1619926590.10725
__exception__
stacktrace: 
EbGetHandleOfExecutingProject+0x22b3 rtcPackDate-0xba9 msvbvm60+0xd0dcf @ 0x72a10dcf
rtcDoEvents+0x131 __vbaError-0x626 msvbvm60+0xce228 @ 0x72a0e228

registers.esp: 1636080
registers.edi: 6190744
registers.eax: 1636080
registers.ebp: 1636160
registers.edx: 0
registers.ebx: 6190744
registers.esi: 6190744
registers.ecx: 2
exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b
exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727
exception.instruction: leave
exception.module: KERNELBASE.dll
exception.exception_code: 0xc000008f
exception.offset: 46887
exception.address: 0x778eb727
success 0 0
1619926590.10725
__exception__
stacktrace: 
EbGetHandleOfExecutingProject+0x22b3 rtcPackDate-0xba9 msvbvm60+0xd0dcf @ 0x72a10dcf
rtcDoEvents+0x131 __vbaError-0x626 msvbvm60+0xce228 @ 0x72a0e228

registers.esp: 1636088
registers.edi: 6190744
registers.eax: 1636088
registers.ebp: 1636168
registers.edx: 0
registers.ebx: 6190744
registers.esi: 6190744
registers.ecx: 2
exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b
exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727
exception.instruction: leave
exception.module: KERNELBASE.dll
exception.exception_code: 0xc000008f
exception.offset: 46887
exception.address: 0x778eb727
success 0 0
1619926590.10725
__exception__
stacktrace: 
EbGetHandleOfExecutingProject+0x22b3 rtcPackDate-0xba9 msvbvm60+0xd0dcf @ 0x72a10dcf
rtcDoEvents+0x131 __vbaError-0x626 msvbvm60+0xce228 @ 0x72a0e228

registers.esp: 1636080
registers.edi: 6190744
registers.eax: 1636080
registers.ebp: 1636160
registers.edx: 0
registers.ebx: 6190744
registers.esi: 6190744
registers.ecx: 2
exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b
exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727
exception.instruction: leave
exception.module: KERNELBASE.dll
exception.exception_code: 0xc000008f
exception.offset: 46887
exception.address: 0x778eb727
success 0 0
1619926590.10725
__exception__
stacktrace: 
EbGetHandleOfExecutingProject+0x22b3 rtcPackDate-0xba9 msvbvm60+0xd0dcf @ 0x72a10dcf
rtcDoEvents+0x131 __vbaError-0x626 msvbvm60+0xce228 @ 0x72a0e228

registers.esp: 1636296
registers.edi: 6190744
registers.eax: 1636296
registers.ebp: 1636376
registers.edx: 0
registers.ebx: 6190744
registers.esi: 6190744
registers.ecx: 2
exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b
exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727
exception.instruction: leave
exception.module: KERNELBASE.dll
exception.exception_code: 0xc000008f
exception.offset: 46887
exception.address: 0x778eb727
success 0 0
1619926590.12325
__exception__
stacktrace: 
EbGetHandleOfExecutingProject+0x22b3 rtcPackDate-0xba9 msvbvm60+0xd0dcf @ 0x72a10dcf
rtcDoEvents+0x131 __vbaError-0x626 msvbvm60+0xce228 @ 0x72a0e228

registers.esp: 1636296
registers.edi: 6190744
registers.eax: 1636296
registers.ebp: 1636376
registers.edx: 0
registers.ebx: 6190744
registers.esi: 6190744
registers.ecx: 2
exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b
exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727
exception.instruction: leave
exception.module: KERNELBASE.dll
exception.exception_code: 0xc000008f
exception.offset: 46887
exception.address: 0x778eb727
success 0 0
1619926590.12325
__exception__
stacktrace: 
EbGetHandleOfExecutingProject+0x22b3 rtcPackDate-0xba9 msvbvm60+0xd0dcf @ 0x72a10dcf
rtcDoEvents+0x131 __vbaError-0x626 msvbvm60+0xce228 @ 0x72a0e228

registers.esp: 1636296
registers.edi: 6190744
registers.eax: 1636296
registers.ebp: 1636376
registers.edx: 0
registers.ebx: 6190744
registers.esi: 6190744
registers.ecx: 2
exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b
exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727
exception.instruction: leave
exception.module: KERNELBASE.dll
exception.exception_code: 0xc000008f
exception.offset: 46887
exception.address: 0x778eb727
success 0 0
1619926590.12325
__exception__
stacktrace: 
EbGetHandleOfExecutingProject+0x22b3 rtcPackDate-0xba9 msvbvm60+0xd0dcf @ 0x72a10dcf
rtcDoEvents+0x131 __vbaError-0x626 msvbvm60+0xce228 @ 0x72a0e228

registers.esp: 1636296
registers.edi: 6190744
registers.eax: 1636296
registers.ebp: 1636376
registers.edx: 0
registers.ebx: 6190744
registers.esi: 6190744
registers.ecx: 2
exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b
exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727
exception.instruction: leave
exception.module: KERNELBASE.dll
exception.exception_code: 0xc000008f
exception.offset: 46887
exception.address: 0x778eb727
success 0 0
1619926590.12325
__exception__
stacktrace: 
EbGetHandleOfExecutingProject+0x22b3 rtcPackDate-0xba9 msvbvm60+0xd0dcf @ 0x72a10dcf
rtcDoEvents+0x131 __vbaError-0x626 msvbvm60+0xce228 @ 0x72a0e228

registers.esp: 1636296
registers.edi: 6190744
registers.eax: 1636296
registers.ebp: 1636376
registers.edx: 0
registers.ebx: 6190744
registers.esi: 6190744
registers.ecx: 2
exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b
exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727
exception.instruction: leave
exception.module: KERNELBASE.dll
exception.exception_code: 0xc000008f
exception.offset: 46887
exception.address: 0x778eb727
success 0 0
1619926590.13925
__exception__
stacktrace: 
EbGetHandleOfExecutingProject+0x22b3 rtcPackDate-0xba9 msvbvm60+0xd0dcf @ 0x72a10dcf
rtcDoEvents+0x131 __vbaError-0x626 msvbvm60+0xce228 @ 0x72a0e228

registers.esp: 1636296
registers.edi: 6190744
registers.eax: 1636296
registers.ebp: 1636376
registers.edx: 0
registers.ebx: 6190744
registers.esi: 6190744
registers.ecx: 2
exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b
exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727
exception.instruction: leave
exception.module: KERNELBASE.dll
exception.exception_code: 0xc000008f
exception.offset: 46887
exception.address: 0x778eb727
success 0 0
1619926590.13925
__exception__
stacktrace: 
EbGetHandleOfExecutingProject+0x22b3 rtcPackDate-0xba9 msvbvm60+0xd0dcf @ 0x72a10dcf
rtcDoEvents+0x131 __vbaError-0x626 msvbvm60+0xce228 @ 0x72a0e228

registers.esp: 1636296
registers.edi: 6190744
registers.eax: 1636296
registers.ebp: 1636376
registers.edx: 0
registers.ebx: 6190744
registers.esi: 6190744
registers.ecx: 2
exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b
exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727
exception.instruction: leave
exception.module: KERNELBASE.dll
exception.exception_code: 0xc000008f
exception.offset: 46887
exception.address: 0x778eb727
success 0 0
1619926590.13925
__exception__
stacktrace: 
EbGetHandleOfExecutingProject+0x22b3 rtcPackDate-0xba9 msvbvm60+0xd0dcf @ 0x72a10dcf
rtcDoEvents+0x131 __vbaError-0x626 msvbvm60+0xce228 @ 0x72a0e228

registers.esp: 1636296
registers.edi: 6190744
registers.eax: 1636296
registers.ebp: 1636376
registers.edx: 0
registers.ebx: 6190744
registers.esi: 6190744
registers.ecx: 2
exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b
exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727
exception.instruction: leave
exception.module: KERNELBASE.dll
exception.exception_code: 0xc000008f
exception.offset: 46887
exception.address: 0x778eb727
success 0 0
1619926590.13925
__exception__
stacktrace: 
EbGetHandleOfExecutingProject+0x22b3 rtcPackDate-0xba9 msvbvm60+0xd0dcf @ 0x72a10dcf
rtcDoEvents+0x131 __vbaError-0x626 msvbvm60+0xce228 @ 0x72a0e228

registers.esp: 1636296
registers.edi: 6190744
registers.eax: 1636296
registers.ebp: 1636376
registers.edx: 0
registers.ebx: 6190744
registers.esi: 6190744
registers.ecx: 2
exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b
exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727
exception.instruction: leave
exception.module: KERNELBASE.dll
exception.exception_code: 0xc000008f
exception.offset: 46887
exception.address: 0x778eb727
success 0 0
1619926590.15425
__exception__
stacktrace: 
EbGetHandleOfExecutingProject+0x22b3 rtcPackDate-0xba9 msvbvm60+0xd0dcf @ 0x72a10dcf
rtcDoEvents+0x131 __vbaError-0x626 msvbvm60+0xce228 @ 0x72a0e228

registers.esp: 1636296
registers.edi: 6190744
registers.eax: 1636296
registers.ebp: 1636376
registers.edx: 0
registers.ebx: 6190744
registers.esi: 6190744
registers.ecx: 2
exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b
exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727
exception.instruction: leave
exception.module: KERNELBASE.dll
exception.exception_code: 0xc000008f
exception.offset: 46887
exception.address: 0x778eb727
success 0 0
1619926590.15425
__exception__
stacktrace: 
EbGetHandleOfExecutingProject+0x22b3 rtcPackDate-0xba9 msvbvm60+0xd0dcf @ 0x72a10dcf
rtcDoEvents+0x131 __vbaError-0x626 msvbvm60+0xce228 @ 0x72a0e228

registers.esp: 1636296
registers.edi: 6190744
registers.eax: 1636296
registers.ebp: 1636376
registers.edx: 0
registers.ebx: 6190744
registers.esi: 6190744
registers.ecx: 2
exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b
exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727
exception.instruction: leave
exception.module: KERNELBASE.dll
exception.exception_code: 0xc000008f
exception.offset: 46887
exception.address: 0x778eb727
success 0 0
1619926590.15425
__exception__
stacktrace: 
EbGetHandleOfExecutingProject+0x22b3 rtcPackDate-0xba9 msvbvm60+0xd0dcf @ 0x72a10dcf
rtcDoEvents+0x131 __vbaError-0x626 msvbvm60+0xce228 @ 0x72a0e228

registers.esp: 1636296
registers.edi: 6190744
registers.eax: 1636296
registers.ebp: 1636376
registers.edx: 0
registers.ebx: 6190744
registers.esi: 6190744
registers.ecx: 2
exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b
exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727
exception.instruction: leave
exception.module: KERNELBASE.dll
exception.exception_code: 0xc000008f
exception.offset: 46887
exception.address: 0x778eb727
success 0 0
1619926590.15425
__exception__
stacktrace: 
EbGetHandleOfExecutingProject+0x22b3 rtcPackDate-0xba9 msvbvm60+0xd0dcf @ 0x72a10dcf
rtcDoEvents+0x131 __vbaError-0x626 msvbvm60+0xce228 @ 0x72a0e228

registers.esp: 1636296
registers.edi: 6190744
registers.eax: 1636296
registers.ebp: 1636376
registers.edx: 0
registers.ebx: 6190744
registers.esi: 6190744
registers.ecx: 2
exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b
exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727
exception.instruction: leave
exception.module: KERNELBASE.dll
exception.exception_code: 0xc000008f
exception.offset: 46887
exception.address: 0x778eb727
success 0 0
1619926590.15425
__exception__
stacktrace: 
EbGetHandleOfExecutingProject+0x22b3 rtcPackDate-0xba9 msvbvm60+0xd0dcf @ 0x72a10dcf
rtcDoEvents+0x131 __vbaError-0x626 msvbvm60+0xce228 @ 0x72a0e228

registers.esp: 1636296
registers.edi: 6190744
registers.eax: 1636296
registers.ebp: 1636376
registers.edx: 0
registers.ebx: 6190744
registers.esi: 6190744
registers.ecx: 2
exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b
exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727
exception.instruction: leave
exception.module: KERNELBASE.dll
exception.exception_code: 0xc000008f
exception.offset: 46887
exception.address: 0x778eb727
success 0 0
1619926590.15425
__exception__
stacktrace: 
EbGetHandleOfExecutingProject+0x22b3 rtcPackDate-0xba9 msvbvm60+0xd0dcf @ 0x72a10dcf
rtcDoEvents+0x131 __vbaError-0x626 msvbvm60+0xce228 @ 0x72a0e228

registers.esp: 1636296
registers.edi: 6190744
registers.eax: 1636296
registers.ebp: 1636376
registers.edx: 0
registers.ebx: 6190744
registers.esi: 6190744
registers.ecx: 2
exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b
exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727
exception.instruction: leave
exception.module: KERNELBASE.dll
exception.exception_code: 0xc000008f
exception.offset: 46887
exception.address: 0x778eb727
success 0 0
1619926590.15425
__exception__
stacktrace: 
EbGetHandleOfExecutingProject+0x22b3 rtcPackDate-0xba9 msvbvm60+0xd0dcf @ 0x72a10dcf
rtcDoEvents+0x131 __vbaError-0x626 msvbvm60+0xce228 @ 0x72a0e228

registers.esp: 1636296
registers.edi: 6190744
registers.eax: 1636296
registers.ebp: 1636376
registers.edx: 0
registers.ebx: 6190744
registers.esi: 6190744
registers.ecx: 2
exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b
exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727
exception.instruction: leave
exception.module: KERNELBASE.dll
exception.exception_code: 0xc000008f
exception.offset: 46887
exception.address: 0x778eb727
success 0 0
1619926590.15425
__exception__
stacktrace: 
EbGetHandleOfExecutingProject+0x22b3 rtcPackDate-0xba9 msvbvm60+0xd0dcf @ 0x72a10dcf
rtcDoEvents+0x131 __vbaError-0x626 msvbvm60+0xce228 @ 0x72a0e228

registers.esp: 1636296
registers.edi: 6190744
registers.eax: 1636296
registers.ebp: 1636376
registers.edx: 0
registers.ebx: 6190744
registers.esi: 6190744
registers.ecx: 2
exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b
exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727
exception.instruction: leave
exception.module: KERNELBASE.dll
exception.exception_code: 0xc000008f
exception.offset: 46887
exception.address: 0x778eb727
success 0 0
1619926590.15425
__exception__
stacktrace: 
EbGetHandleOfExecutingProject+0x22b3 rtcPackDate-0xba9 msvbvm60+0xd0dcf @ 0x72a10dcf
rtcDoEvents+0x131 __vbaError-0x626 msvbvm60+0xce228 @ 0x72a0e228

registers.esp: 1636296
registers.edi: 6190744
registers.eax: 1636296
registers.ebp: 1636376
registers.edx: 0
registers.ebx: 6190744
registers.esi: 6190744
registers.ecx: 2
exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b
exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727
exception.instruction: leave
exception.module: KERNELBASE.dll
exception.exception_code: 0xc000008f
exception.offset: 46887
exception.address: 0x778eb727
success 0 0
1619926590.15425
__exception__
stacktrace: 
EbGetHandleOfExecutingProject+0x22b3 rtcPackDate-0xba9 msvbvm60+0xd0dcf @ 0x72a10dcf
rtcDoEvents+0x131 __vbaError-0x626 msvbvm60+0xce228 @ 0x72a0e228

registers.esp: 1636296
registers.edi: 6190744
registers.eax: 1636296
registers.ebp: 1636376
registers.edx: 0
registers.ebx: 6190744
registers.esi: 6190744
registers.ecx: 2
exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b
exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727
exception.instruction: leave
exception.module: KERNELBASE.dll
exception.exception_code: 0xc000008f
exception.offset: 46887
exception.address: 0x778eb727
success 0 0
1619926590.15425
__exception__
stacktrace: 
EbGetHandleOfExecutingProject+0x22b3 rtcPackDate-0xba9 msvbvm60+0xd0dcf @ 0x72a10dcf
rtcDoEvents+0x131 __vbaError-0x626 msvbvm60+0xce228 @ 0x72a0e228

registers.esp: 1636296
registers.edi: 6190744
registers.eax: 1636296
registers.ebp: 1636376
registers.edx: 0
registers.ebx: 6190744
registers.esi: 6190744
registers.ecx: 2
exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b
exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727
exception.instruction: leave
exception.module: KERNELBASE.dll
exception.exception_code: 0xc000008f
exception.offset: 46887
exception.address: 0x778eb727
success 0 0
1619926590.15425
__exception__
stacktrace: 
EbGetHandleOfExecutingProject+0x22b3 rtcPackDate-0xba9 msvbvm60+0xd0dcf @ 0x72a10dcf
rtcDoEvents+0x131 __vbaError-0x626 msvbvm60+0xce228 @ 0x72a0e228

registers.esp: 1636296
registers.edi: 6190744
registers.eax: 1636296
registers.ebp: 1636376
registers.edx: 0
registers.ebx: 6190744
registers.esi: 6190744
registers.ecx: 2
exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b
exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727
exception.instruction: leave
exception.module: KERNELBASE.dll
exception.exception_code: 0xc000008f
exception.offset: 46887
exception.address: 0x778eb727
success 0 0
1619926590.15425
__exception__
stacktrace: 
EbGetHandleOfExecutingProject+0x22b3 rtcPackDate-0xba9 msvbvm60+0xd0dcf @ 0x72a10dcf
rtcDoEvents+0x131 __vbaError-0x626 msvbvm60+0xce228 @ 0x72a0e228

registers.esp: 1636296
registers.edi: 6190744
registers.eax: 1636296
registers.ebp: 1636376
registers.edx: 0
registers.ebx: 6190744
registers.esi: 6190744
registers.ecx: 2
exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b
exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727
exception.instruction: leave
exception.module: KERNELBASE.dll
exception.exception_code: 0xc000008f
exception.offset: 46887
exception.address: 0x778eb727
success 0 0
1619926590.17025
__exception__
stacktrace: 
EbGetHandleOfExecutingProject+0x22b3 rtcPackDate-0xba9 msvbvm60+0xd0dcf @ 0x72a10dcf
rtcDoEvents+0x131 __vbaError-0x626 msvbvm60+0xce228 @ 0x72a0e228

registers.esp: 1636296
registers.edi: 6190744
registers.eax: 1636296
registers.ebp: 1636376
registers.edx: 0
registers.ebx: 6190744
registers.esi: 6190744
registers.ecx: 2
exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b
exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727
exception.instruction: leave
exception.module: KERNELBASE.dll
exception.exception_code: 0xc000008f
exception.offset: 46887
exception.address: 0x778eb727
success 0 0
1619926590.17025
__exception__
stacktrace: 
EbGetHandleOfExecutingProject+0x22b3 rtcPackDate-0xba9 msvbvm60+0xd0dcf @ 0x72a10dcf
rtcDoEvents+0x131 __vbaError-0x626 msvbvm60+0xce228 @ 0x72a0e228

registers.esp: 1636296
registers.edi: 6190744
registers.eax: 1636296
registers.ebp: 1636376
registers.edx: 0
registers.ebx: 6190744
registers.esi: 6190744
registers.ecx: 2
exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b
exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727
exception.instruction: leave
exception.module: KERNELBASE.dll
exception.exception_code: 0xc000008f
exception.offset: 46887
exception.address: 0x778eb727
success 0 0
1619926590.17025
__exception__
stacktrace: 
EbGetHandleOfExecutingProject+0x22b3 rtcPackDate-0xba9 msvbvm60+0xd0dcf @ 0x72a10dcf
rtcDoEvents+0x131 __vbaError-0x626 msvbvm60+0xce228 @ 0x72a0e228

registers.esp: 1636296
registers.edi: 6190744
registers.eax: 1636296
registers.ebp: 1636376
registers.edx: 0
registers.ebx: 6190744
registers.esi: 6190744
registers.ecx: 2
exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b
exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727
exception.instruction: leave
exception.module: KERNELBASE.dll
exception.exception_code: 0xc000008f
exception.offset: 46887
exception.address: 0x778eb727
success 0 0
1619926590.18625
__exception__
stacktrace: 
EbGetHandleOfExecutingProject+0x22b3 rtcPackDate-0xba9 msvbvm60+0xd0dcf @ 0x72a10dcf
rtcDoEvents+0x131 __vbaError-0x626 msvbvm60+0xce228 @ 0x72a0e228

registers.esp: 1636296
registers.edi: 6190744
registers.eax: 1636296
registers.ebp: 1636376
registers.edx: 0
registers.ebx: 6190744
registers.esi: 6190744
registers.ecx: 2
exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b
exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727
exception.instruction: leave
exception.module: KERNELBASE.dll
exception.exception_code: 0xc000008f
exception.offset: 46887
exception.address: 0x778eb727
success 0 0
1619926590.18625
__exception__
stacktrace: 
EbGetHandleOfExecutingProject+0x22b3 rtcPackDate-0xba9 msvbvm60+0xd0dcf @ 0x72a10dcf
rtcDoEvents+0x131 __vbaError-0x626 msvbvm60+0xce228 @ 0x72a0e228

registers.esp: 1636296
registers.edi: 6190744
registers.eax: 1636296
registers.ebp: 1636376
registers.edx: 0
registers.ebx: 6190744
registers.esi: 6190744
registers.ecx: 2
exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b
exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727
exception.instruction: leave
exception.module: KERNELBASE.dll
exception.exception_code: 0xc000008f
exception.offset: 46887
exception.address: 0x778eb727
success 0 0
1619926590.18625
__exception__
stacktrace: 
EbGetHandleOfExecutingProject+0x22b3 rtcPackDate-0xba9 msvbvm60+0xd0dcf @ 0x72a10dcf
rtcDoEvents+0x131 __vbaError-0x626 msvbvm60+0xce228 @ 0x72a0e228

registers.esp: 1636296
registers.edi: 6190744
registers.eax: 1636296
registers.ebp: 1636376
registers.edx: 0
registers.ebx: 6190744
registers.esi: 6190744
registers.ecx: 2
exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b
exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727
exception.instruction: leave
exception.module: KERNELBASE.dll
exception.exception_code: 0xc000008f
exception.offset: 46887
exception.address: 0x778eb727
success 0 0
1619926590.18625
__exception__
stacktrace: 
EbGetHandleOfExecutingProject+0x22b3 rtcPackDate-0xba9 msvbvm60+0xd0dcf @ 0x72a10dcf
rtcDoEvents+0x131 __vbaError-0x626 msvbvm60+0xce228 @ 0x72a0e228

registers.esp: 1636296
registers.edi: 6190744
registers.eax: 1636296
registers.ebp: 1636376
registers.edx: 0
registers.ebx: 6190744
registers.esi: 6190744
registers.ecx: 2
exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b
exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727
exception.instruction: leave
exception.module: KERNELBASE.dll
exception.exception_code: 0xc000008f
exception.offset: 46887
exception.address: 0x778eb727
success 0 0
1619926590.18625
__exception__
stacktrace: 
EbGetHandleOfExecutingProject+0x22b3 rtcPackDate-0xba9 msvbvm60+0xd0dcf @ 0x72a10dcf
rtcDoEvents+0x131 __vbaError-0x626 msvbvm60+0xce228 @ 0x72a0e228

registers.esp: 1636296
registers.edi: 6190744
registers.eax: 1636296
registers.ebp: 1636376
registers.edx: 0
registers.ebx: 6190744
registers.esi: 6190744
registers.ecx: 2
exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b
exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727
exception.instruction: leave
exception.module: KERNELBASE.dll
exception.exception_code: 0xc000008f
exception.offset: 46887
exception.address: 0x778eb727
success 0 0
1619926590.18625
__exception__
stacktrace: 
EbGetHandleOfExecutingProject+0x22b3 rtcPackDate-0xba9 msvbvm60+0xd0dcf @ 0x72a10dcf
rtcDoEvents+0x131 __vbaError-0x626 msvbvm60+0xce228 @ 0x72a0e228

registers.esp: 1636296
registers.edi: 6190744
registers.eax: 1636296
registers.ebp: 1636376
registers.edx: 0
registers.ebx: 6190744
registers.esi: 6190744
registers.ecx: 2
exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b
exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727
exception.instruction: leave
exception.module: KERNELBASE.dll
exception.exception_code: 0xc000008f
exception.offset: 46887
exception.address: 0x778eb727
success 0 0
1619926590.18625
__exception__
stacktrace: 
EbGetHandleOfExecutingProject+0x22b3 rtcPackDate-0xba9 msvbvm60+0xd0dcf @ 0x72a10dcf
rtcDoEvents+0x131 __vbaError-0x626 msvbvm60+0xce228 @ 0x72a0e228

registers.esp: 1636296
registers.edi: 6190744
registers.eax: 1636296
registers.ebp: 1636376
registers.edx: 0
registers.ebx: 6190744
registers.esi: 6190744
registers.ecx: 2
exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b
exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727
exception.instruction: leave
exception.module: KERNELBASE.dll
exception.exception_code: 0xc000008f
exception.offset: 46887
exception.address: 0x778eb727
success 0 0
1619926590.18625
__exception__
stacktrace: 
EbGetHandleOfExecutingProject+0x22b3 rtcPackDate-0xba9 msvbvm60+0xd0dcf @ 0x72a10dcf
rtcDoEvents+0x131 __vbaError-0x626 msvbvm60+0xce228 @ 0x72a0e228

registers.esp: 1636296
registers.edi: 6190744
registers.eax: 1636296
registers.ebp: 1636376
registers.edx: 0
registers.ebx: 6190744
registers.esi: 6190744
registers.ecx: 2
exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b
exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727
exception.instruction: leave
exception.module: KERNELBASE.dll
exception.exception_code: 0xc000008f
exception.offset: 46887
exception.address: 0x778eb727
success 0 0
1619926590.18625
__exception__
stacktrace: 
EbGetHandleOfExecutingProject+0x22b3 rtcPackDate-0xba9 msvbvm60+0xd0dcf @ 0x72a10dcf
rtcDoEvents+0x131 __vbaError-0x626 msvbvm60+0xce228 @ 0x72a0e228

registers.esp: 1636296
registers.edi: 6190744
registers.eax: 1636296
registers.ebp: 1636376
registers.edx: 0
registers.ebx: 6190744
registers.esi: 6190744
registers.ecx: 2
exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b
exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727
exception.instruction: leave
exception.module: KERNELBASE.dll
exception.exception_code: 0xc000008f
exception.offset: 46887
exception.address: 0x778eb727
success 0 0
1619926590.18625
__exception__
stacktrace: 
EbGetHandleOfExecutingProject+0x22b3 rtcPackDate-0xba9 msvbvm60+0xd0dcf @ 0x72a10dcf
rtcDoEvents+0x131 __vbaError-0x626 msvbvm60+0xce228 @ 0x72a0e228

registers.esp: 1636296
registers.edi: 6190744
registers.eax: 1636296
registers.ebp: 1636376
registers.edx: 0
registers.ebx: 6190744
registers.esi: 6190744
registers.ecx: 2
exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b
exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727
exception.instruction: leave
exception.module: KERNELBASE.dll
exception.exception_code: 0xc000008f
exception.offset: 46887
exception.address: 0x778eb727
success 0 0
1619926590.18625
__exception__
stacktrace: 
EbGetHandleOfExecutingProject+0x22b3 rtcPackDate-0xba9 msvbvm60+0xd0dcf @ 0x72a10dcf
rtcDoEvents+0x131 __vbaError-0x626 msvbvm60+0xce228 @ 0x72a0e228

registers.esp: 1636296
registers.edi: 6190744
registers.eax: 1636296
registers.ebp: 1636376
registers.edx: 0
registers.ebx: 6190744
registers.esi: 6190744
registers.ecx: 2
exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b
exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727
exception.instruction: leave
exception.module: KERNELBASE.dll
exception.exception_code: 0xc000008f
exception.offset: 46887
exception.address: 0x778eb727
success 0 0
1619926590.18625
__exception__
stacktrace: 
EbGetHandleOfExecutingProject+0x22b3 rtcPackDate-0xba9 msvbvm60+0xd0dcf @ 0x72a10dcf
rtcDoEvents+0x131 __vbaError-0x626 msvbvm60+0xce228 @ 0x72a0e228

registers.esp: 1636296
registers.edi: 6190744
registers.eax: 1636296
registers.ebp: 1636376
registers.edx: 0
registers.ebx: 6190744
registers.esi: 6190744
registers.ecx: 2
exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b
exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727
exception.instruction: leave
exception.module: KERNELBASE.dll
exception.exception_code: 0xc000008f
exception.offset: 46887
exception.address: 0x778eb727
success 0 0
1619926590.18625
__exception__
stacktrace: 
EbGetHandleOfExecutingProject+0x22b3 rtcPackDate-0xba9 msvbvm60+0xd0dcf @ 0x72a10dcf
rtcDoEvents+0x131 __vbaError-0x626 msvbvm60+0xce228 @ 0x72a0e228

registers.esp: 1636296
registers.edi: 6190744
registers.eax: 1636296
registers.ebp: 1636376
registers.edx: 0
registers.ebx: 6190744
registers.esi: 6190744
registers.ecx: 2
exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b
exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727
exception.instruction: leave
exception.module: KERNELBASE.dll
exception.exception_code: 0xc000008f
exception.offset: 46887
exception.address: 0x778eb727
success 0 0
1619926590.18625
__exception__
stacktrace: 
EbGetHandleOfExecutingProject+0x22b3 rtcPackDate-0xba9 msvbvm60+0xd0dcf @ 0x72a10dcf
rtcDoEvents+0x131 __vbaError-0x626 msvbvm60+0xce228 @ 0x72a0e228

registers.esp: 1636296
registers.edi: 6190744
registers.eax: 1636296
registers.ebp: 1636376
registers.edx: 0
registers.ebx: 6190744
registers.esi: 6190744
registers.ecx: 2
exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b
exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727
exception.instruction: leave
exception.module: KERNELBASE.dll
exception.exception_code: 0xc000008f
exception.offset: 46887
exception.address: 0x778eb727
success 0 0
1619926590.18625
__exception__
stacktrace: 
EbGetHandleOfExecutingProject+0x22b3 rtcPackDate-0xba9 msvbvm60+0xd0dcf @ 0x72a10dcf
rtcDoEvents+0x131 __vbaError-0x626 msvbvm60+0xce228 @ 0x72a0e228

registers.esp: 1636296
registers.edi: 6190744
registers.eax: 1636296
registers.ebp: 1636376
registers.edx: 0
registers.ebx: 6190744
registers.esi: 6190744
registers.ecx: 2
exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b
exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727
exception.instruction: leave
exception.module: KERNELBASE.dll
exception.exception_code: 0xc000008f
exception.offset: 46887
exception.address: 0x778eb727
success 0 0
1619926590.18625
__exception__
stacktrace: 
EbGetHandleOfExecutingProject+0x22b3 rtcPackDate-0xba9 msvbvm60+0xd0dcf @ 0x72a10dcf
rtcDoEvents+0x131 __vbaError-0x626 msvbvm60+0xce228 @ 0x72a0e228

registers.esp: 1636296
registers.edi: 6190744
registers.eax: 1636296
registers.ebp: 1636376
registers.edx: 0
registers.ebx: 6190744
registers.esi: 6190744
registers.ecx: 2
exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b
exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727
exception.instruction: leave
exception.module: KERNELBASE.dll
exception.exception_code: 0xc000008f
exception.offset: 46887
exception.address: 0x778eb727
success 0 0
1619926590.18625
__exception__
stacktrace: 
EbGetHandleOfExecutingProject+0x22b3 rtcPackDate-0xba9 msvbvm60+0xd0dcf @ 0x72a10dcf
rtcDoEvents+0x131 __vbaError-0x626 msvbvm60+0xce228 @ 0x72a0e228

registers.esp: 1636296
registers.edi: 6190744
registers.eax: 1636296
registers.ebp: 1636376
registers.edx: 0
registers.ebx: 6190744
registers.esi: 6190744
registers.ecx: 2
exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b
exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727
exception.instruction: leave
exception.module: KERNELBASE.dll
exception.exception_code: 0xc000008f
exception.offset: 46887
exception.address: 0x778eb727
success 0 0
1619926590.18625
__exception__
stacktrace: 
EbGetHandleOfExecutingProject+0x22b3 rtcPackDate-0xba9 msvbvm60+0xd0dcf @ 0x72a10dcf
rtcDoEvents+0x131 __vbaError-0x626 msvbvm60+0xce228 @ 0x72a0e228

registers.esp: 1636296
registers.edi: 6190744
registers.eax: 1636296
registers.ebp: 1636376
registers.edx: 0
registers.ebx: 6190744
registers.esi: 6190744
registers.ecx: 2
exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b
exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727
exception.instruction: leave
exception.module: KERNELBASE.dll
exception.exception_code: 0xc000008f
exception.offset: 46887
exception.address: 0x778eb727
success 0 0
1619926590.18625
__exception__
stacktrace: 
EbGetHandleOfExecutingProject+0x22b3 rtcPackDate-0xba9 msvbvm60+0xd0dcf @ 0x72a10dcf
rtcDoEvents+0x131 __vbaError-0x626 msvbvm60+0xce228 @ 0x72a0e228

registers.esp: 1636296
registers.edi: 6190744
registers.eax: 1636296
registers.ebp: 1636376
registers.edx: 0
registers.ebx: 6190744
registers.esi: 6190744
registers.ecx: 2
exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b
exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727
exception.instruction: leave
exception.module: KERNELBASE.dll
exception.exception_code: 0xc000008f
exception.offset: 46887
exception.address: 0x778eb727
success 0 0
1619926590.18625
__exception__
stacktrace: 
EbGetHandleOfExecutingProject+0x22b3 rtcPackDate-0xba9 msvbvm60+0xd0dcf @ 0x72a10dcf
rtcDoEvents+0x131 __vbaError-0x626 msvbvm60+0xce228 @ 0x72a0e228

registers.esp: 1636296
registers.edi: 6190744
registers.eax: 1636296
registers.ebp: 1636376
registers.edx: 0
registers.ebx: 6190744
registers.esi: 6190744
registers.ecx: 2
exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b
exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727
exception.instruction: leave
exception.module: KERNELBASE.dll
exception.exception_code: 0xc000008f
exception.offset: 46887
exception.address: 0x778eb727
success 0 0
1619926590.20125
__exception__
stacktrace: 
EbGetHandleOfExecutingProject+0x22b3 rtcPackDate-0xba9 msvbvm60+0xd0dcf @ 0x72a10dcf
rtcDoEvents+0x131 __vbaError-0x626 msvbvm60+0xce228 @ 0x72a0e228

registers.esp: 1636296
registers.edi: 6190744
registers.eax: 1636296
registers.ebp: 1636376
registers.edx: 0
registers.ebx: 6190744
registers.esi: 6190744
registers.ecx: 2
exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b
exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727
exception.instruction: leave
exception.module: KERNELBASE.dll
exception.exception_code: 0xc000008f
exception.offset: 46887
exception.address: 0x778eb727
success 0 0
行为判定
动态指标
One or more potentially interesting buffers were extracted, these generally contain injected code, configuration data, etc.
Allocates read-write-execute memory (usually to unpack itself) (2 个事件)
Time & API Arguments Status Return Repeated
1619910850.308495
NtAllocateVirtualMemory
process_identifier: 428
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x003d0000
success 0 0
1619910893.840495
NtAllocateVirtualMemory
process_identifier: 428
region_size: 73728
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x02060000
success 0 0
Foreign language identified in PE resource (2 个事件)
name RT_GROUP_ICON language LANG_ARABIC offset 0x000e86bc filetype data sublanguage SUBLANG_ARABIC_EGYPT size 0x00000030
name RT_GROUP_ICON language LANG_ARABIC offset 0x000e86bc filetype data sublanguage SUBLANG_ARABIC_EGYPT size 0x00000030
Creates executable files on the filesystem (1 个事件)
file C:\Users\Administrator.Oskar-PC\AppData\Local\.exe
Drops an executable to the user AppData folder (1 个事件)
file C:\Users\Administrator.Oskar-PC\AppData\Local\.exe
Changes read-write memory protection to read-execute (probably to avoid detection when setting all RWX flags at the same time) (1 个事件)
Time & API Arguments Status Return Repeated
1619926587.98225
NtProtectVirtualMemory
process_identifier: 1868
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 24576
protection: 32 (PAGE_EXECUTE_READ)
process_handle: 0xffffffff
base_address: 0x00570000
success 0 0
网络通信
One or more of the buffers contains an embedded PE file (2 个事件)
buffer Buffer with sha1: 45ad8cf0662cc46dc0c1c5276ada1fe163d2fa9b
buffer Buffer with sha1: 1065df1b47979c4c5eab17f32f7b71ace8df8eff
Communicates with host for which no DNS query was performed (1 个事件)
host 172.217.24.14
Allocates execute permission to another process indicative of possible code injection (2 个事件)
Time & API Arguments Status Return Repeated
1619910893.340495
NtAllocateVirtualMemory
process_identifier: 1868
region_size: 253952
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x00000108
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00400000
success 0 0
1619910893.840495
NtAllocateVirtualMemory
process_identifier: 2944
region_size: 73728
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x00000118
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00400000
success 0 0
Installs itself for autorun at Windows startup (1 个事件)
reg_key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\Microsoft OneDrive reg_value C:\Users\Administrator.Oskar-PC\AppData\Local\Chrome\StikyNot.exe
Potential code injection by writing to the memory of another process (1 个事件)
Time & API Arguments Status Return Repeated
1619910893.855495
WriteProcessMemory
process_identifier: 2944
buffer: @
process_handle: 0x00000118
base_address: 0x7efde008
success 1 0
Used NtSetContextThread to modify a thread in a remote process indicative of process injection (4 个事件)
Process injection Process 428 called NtSetContextThread to modify thread in remote process 1868
Process injection Process 428 called NtSetContextThread to modify thread in remote process 2944
Time & API Arguments Status Return Repeated
1619910893.340495
NtSetContextThread
thread_handle: 0x00000114
registers.eip: 0
registers.esp: 0
registers.edi: 0
registers.eax: 4208240
registers.ebp: 0
registers.edx: 0
registers.ebx: 2130567168
registers.esi: 0
registers.ecx: 0
process_identifier: 1868
success 0 0
1619910893.855495
NtSetContextThread
thread_handle: 0x0000011c
registers.eip: 2010382788
registers.esp: 785428
registers.edi: 0
registers.eax: 4263936
registers.ebp: 0
registers.edx: 0
registers.ebx: 2130567168
registers.esi: 0
registers.ecx: 0
process_identifier: 2944
success 0 0
Resumed a suspended thread in a remote process potentially indicative of process injection (4 个事件)
Process injection Process 428 resumed a thread in remote process 1868
Process injection Process 428 resumed a thread in remote process 2944
Time & API Arguments Status Return Repeated
1619910893.590495
NtResumeThread
thread_handle: 0x00000114
suspend_count: 1
process_identifier: 1868
success 0 0
1619910894.027495
NtResumeThread
thread_handle: 0x0000011c
suspend_count: 1
process_identifier: 2944
success 0 0
Executed a process and injected code into it, probably while unpacking (20 个事件)
Time & API Arguments Status Return Repeated
1619910893.340495
CreateProcessInternalW
thread_identifier: 920
thread_handle: 0x00000114
process_identifier: 1868
current_directory:
filepath: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\ceef8efe27a7aaa0760683b37e392ccc.exe
track: 1
command_line: "C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\ceef8efe27a7aaa0760683b37e392ccc.exe"
filepath_r: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\ceef8efe27a7aaa0760683b37e392ccc.exe
stack_pivoted: 0
creation_flags: 4 (CREATE_SUSPENDED)
process_handle: 0x00000108
inherit_handles: 0
success 1 0
1619910893.340495
NtGetContextThread
thread_handle: 0x00000114
success 0 0
1619910893.340495
NtUnmapViewOfSection
process_identifier: 1868
region_size: 4096
process_handle: 0x00000108
base_address: 0x00400000
success 0 0
1619910893.340495
NtAllocateVirtualMemory
process_identifier: 1868
region_size: 253952
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x00000108
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00400000
success 0 0
1619910893.340495
WriteProcessMemory
process_identifier: 1868
buffer:
process_handle: 0x00000108
base_address: 0x00400000
success 1 0
1619910893.340495
WriteProcessMemory
process_identifier: 1868
buffer:
process_handle: 0x00000108
base_address: 0x00401000
success 1 0
1619910893.340495
WriteProcessMemory
process_identifier: 1868
buffer:
process_handle: 0x00000108
base_address: 0x0042c000
success 1 0
1619910893.340495
WriteProcessMemory
process_identifier: 1868
buffer:
process_handle: 0x00000108
base_address: 0x0042e000
success 1 0
1619910893.340495
WriteProcessMemory
process_identifier: 1868
buffer:
process_handle: 0x00000108
base_address: 0x0042f000
success 1 0
1619910893.340495
NtSetContextThread
thread_handle: 0x00000114
registers.eip: 0
registers.esp: 0
registers.edi: 0
registers.eax: 4208240
registers.ebp: 0
registers.edx: 0
registers.ebx: 2130567168
registers.esi: 0
registers.ecx: 0
process_identifier: 1868
success 0 0
1619910893.590495
NtResumeThread
thread_handle: 0x00000114
suspend_count: 1
process_identifier: 1868
success 0 0
1619910893.840495
CreateProcessInternalW
thread_identifier: 2940
thread_handle: 0x0000011c
process_identifier: 2944
current_directory:
filepath: C:\Windows\SysWOW64\diskperf.exe
track: 1
command_line:
filepath_r: C:\Windows\SysWOW64\diskperf.exe
stack_pivoted: 0
creation_flags: 4 (CREATE_SUSPENDED)
process_handle: 0x00000118
inherit_handles: 0
success 1 0
1619910893.840495
NtGetContextThread
thread_handle: 0x0000011c
success 0 0
1619910893.840495
NtAllocateVirtualMemory
process_identifier: 2944
region_size: 73728
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x00000118
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00400000
success 0 0
1619910893.855495
WriteProcessMemory
process_identifier: 2944
buffer:
process_handle: 0x00000118
base_address: 0x00400000
success 1 0
1619910893.855495
WriteProcessMemory
process_identifier: 2944
buffer: @
process_handle: 0x00000118
base_address: 0x7efde008
success 1 0
1619910893.855495
NtSetContextThread
thread_handle: 0x0000011c
registers.eip: 2010382788
registers.esp: 785428
registers.edi: 0
registers.eax: 4263936
registers.ebp: 0
registers.edx: 0
registers.ebx: 2130567168
registers.esi: 0
registers.ecx: 0
process_identifier: 2944
success 0 0
1619910894.027495
NtResumeThread
thread_handle: 0x0000011c
suspend_count: 1
process_identifier: 2944
success 0 0
1619926590.20125
CreateProcessInternalW
thread_identifier: 0
thread_handle: 0x00000000
process_identifier: 0
current_directory:
filepath:
track: 0
command_line: c:\users\administrator.oskar-pc\appdata\local\temp\ceef8efe27a7aaa0760683b37e392ccc.exe?
filepath_r:
stack_pivoted: 0
creation_flags: 0 ()
process_handle: 0x00000000
inherit_handles: 0
failed 0 0
1619926590.31125
CreateProcessInternalW
thread_identifier: 0
thread_handle: 0x00000000
process_identifier: 0
current_directory:
filepath:
track: 0
command_line: C:\Users\Administrator.Oskar-PC\AppData\Local\.exe
filepath_r:
stack_pivoted: 0
creation_flags: 0 ()
process_handle: 0x00000000
inherit_handles: 0
failed 0 0
File has been identified by 61 AntiVirus engines on VirusTotal as malicious (50 out of 61 个事件)
Bkav W32.AIDetectVM.malware1
MicroWorld-eScan Trojan.Agent.ECLV
FireEye Generic.mg.ceef8efe27a7aaa0
CAT-QuickHeal Trojan.Delf
McAfee PWS-FCRX!CEEF8EFE27A7
Cylance Unsafe
Zillya Trojan.Delf.Win32.111379
SUPERAntiSpyware Trojan.Agent/Gen-Injector
K7AntiVirus Trojan ( 00543ea81 )
Alibaba Trojan:Win32/Banload.470eb125
K7GW Trojan ( 00543ea81 )
CrowdStrike win/malicious_confidence_100% (W)
Arcabit Trojan.Agent.ECLV
Cyren W32/Injector.UJTF-2328
Symantec SMG.Heur!gen
APEX Malicious
Avast Sf:ShellCode-CU [Trj]
ClamAV Win.Malware.Daqc-6598201-0
Kaspersky HEUR:Trojan.Win32.Delf.gen
BitDefender Trojan.Agent.ECLV
NANO-Antivirus Trojan.Win32.Delf.flihmx
Paloalto generic.ml
Tencent Malware.Win32.Gencirc.10b4528a
Ad-Aware Trojan.Agent.ECLV
TACHYON Trojan/W32.DP-Agent.1931145
Emsisoft Trojan.Agent.ECLV (B)
Comodo TrojWare.Win32.Mocrt.A@81lqy7
F-Secure Heuristic.HEUR/AGEN.1139782
DrWeb Trojan.Siggen6.54687
VIPRE Trojan.Win32.Generic!BT
TrendMicro TrojanSpy.Win32.AVEMARIA.SMTH
McAfee-GW-Edition BehavesLike.Win32.Generic.th
Sophos ML/PE-A + Mal/Agent-ATS
SentinelOne Static AI - Malicious PE
Jiangmin Trojan.Generic.dewts
Avira HEUR/AGEN.1139782
Antiy-AVL Trojan/Win32.Delf
Kingsoft Win32.Troj.Undef.(kcloud)
Gridinsoft Trojan.Win32.Agent.bot!s1
Microsoft PWS:Win32/Mocrt!rfn
ZoneAlarm HEUR:Trojan.Win32.Delf.gen
GData Trojan.Agent.ECLV
Cynet Malicious (score: 100)
AhnLab-V3 Trojan/Win32.RL_Agent.R281398
Acronis suspicious
BitDefenderTheta AI:Packer.1E1ED57F19
ALYac Trojan.Agent.ECLV
MAX malware (ai score=85)
VBA32 Trojan.Fuery
Malwarebytes Spyware.LokiBot
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

1992-06-20 06:22:17

Imports

Library oleaut32.dll:
0x4977e8 SysFreeString
0x4977ec SysReAllocStringLen
0x4977f0 SysAllocStringLen
Library advapi32.dll:
0x4977f8 RegQueryValueExA
0x4977fc RegOpenKeyExA
0x497800 RegCloseKey
Library user32.dll:
0x497808 GetKeyboardType
0x49780c DestroyWindow
0x497810 LoadStringA
0x497814 MessageBoxA
0x497818 CharNextA
Library kernel32.dll:
0x497820 GetACP
0x497824 Sleep
0x497828 VirtualFree
0x49782c VirtualAlloc
0x497830 GetCurrentThreadId
0x49783c VirtualQuery
0x497840 WideCharToMultiByte
0x497844 MultiByteToWideChar
0x497848 lstrlenA
0x49784c lstrcpynA
0x497850 LoadLibraryExA
0x497854 GetThreadLocale
0x497858 GetStartupInfoA
0x49785c GetProcAddress
0x497860 GetModuleHandleA
0x497864 GetModuleFileNameA
0x497868 GetLocaleInfoA
0x49786c GetLastError
0x497870 GetCommandLineA
0x497874 FreeLibrary
0x497878 FindFirstFileA
0x49787c FindClose
0x497880 ExitProcess
0x497884 CompareStringA
0x497888 WriteFile
0x497890 SetFilePointer
0x497894 SetEndOfFile
0x497898 RtlUnwind
0x49789c ReadFile
0x4978a0 RaiseException
0x4978a4 GetStdHandle
0x4978a8 GetFileSize
0x4978ac GetFileType
0x4978b0 CreateFileA
0x4978b4 CloseHandle
Library kernel32.dll:
0x4978bc TlsSetValue
0x4978c0 TlsGetValue
0x4978c4 LocalAlloc
0x4978c8 GetModuleHandleA
Library user32.dll:
0x4978d0 CreateWindowExA
0x4978d4 WindowFromPoint
0x4978d8 WaitMessage
0x4978dc UpdateWindow
0x4978e0 UnregisterClassA
0x4978e4 UnhookWindowsHookEx
0x4978e8 TranslateMessage
0x4978f0 TrackPopupMenu
0x4978f8 ShowWindow
0x4978fc ShowScrollBar
0x497900 ShowOwnedPopups
0x497904 SetWindowsHookExA
0x497908 SetWindowTextA
0x49790c SetWindowPos
0x497910 SetWindowPlacement
0x497914 SetWindowLongW
0x497918 SetWindowLongA
0x49791c SetTimer
0x497920 SetScrollRange
0x497924 SetScrollPos
0x497928 SetScrollInfo
0x49792c SetRect
0x497930 SetPropA
0x497934 SetParent
0x497938 SetMenuItemInfoA
0x49793c SetMenu
0x497940 SetForegroundWindow
0x497944 SetFocus
0x497948 SetCursor
0x49794c SetClassLongA
0x497950 SetCapture
0x497954 SetActiveWindow
0x497958 SendMessageW
0x49795c SendMessageA
0x497960 ScrollWindow
0x497964 ScreenToClient
0x497968 RemovePropA
0x49796c RemoveMenu
0x497970 ReleaseDC
0x497974 ReleaseCapture
0x497980 RegisterClassA
0x497984 RedrawWindow
0x497988 PtInRect
0x49798c PostQuitMessage
0x497990 PostMessageA
0x497994 PeekMessageW
0x497998 PeekMessageA
0x49799c OffsetRect
0x4979a0 OemToCharA
0x4979a4 MessageBoxA
0x4979a8 MapWindowPoints
0x4979ac MapVirtualKeyA
0x4979b0 LoadStringA
0x4979b4 LoadKeyboardLayoutA
0x4979b8 LoadIconA
0x4979bc LoadCursorA
0x4979c0 LoadBitmapA
0x4979c4 KillTimer
0x4979c8 IsZoomed
0x4979cc IsWindowVisible
0x4979d0 IsWindowUnicode
0x4979d4 IsWindowEnabled
0x4979d8 IsWindow
0x4979dc IsRectEmpty
0x4979e0 IsIconic
0x4979e4 IsDialogMessageW
0x4979e8 IsDialogMessageA
0x4979ec IsChild
0x4979f0 InvalidateRect
0x4979f4 IntersectRect
0x4979f8 InsertMenuItemA
0x4979fc InsertMenuA
0x497a00 InflateRect
0x497a08 GetWindowTextA
0x497a0c GetWindowRect
0x497a10 GetWindowPlacement
0x497a14 GetWindowLongW
0x497a18 GetWindowLongA
0x497a1c GetWindowDC
0x497a20 GetTopWindow
0x497a24 GetSystemMetrics
0x497a28 GetSystemMenu
0x497a2c GetSysColorBrush
0x497a30 GetSysColor
0x497a34 GetSubMenu
0x497a38 GetScrollRange
0x497a3c GetScrollPos
0x497a40 GetScrollInfo
0x497a44 GetPropA
0x497a48 GetParent
0x497a4c GetWindow
0x497a50 GetMessagePos
0x497a54 GetMenuStringA
0x497a58 GetMenuState
0x497a5c GetMenuItemInfoA
0x497a60 GetMenuItemID
0x497a64 GetMenuItemCount
0x497a68 GetMenu
0x497a6c GetLastActivePopup
0x497a70 GetKeyboardState
0x497a7c GetKeyboardLayout
0x497a80 GetKeyState
0x497a84 GetKeyNameTextA
0x497a88 GetIconInfo
0x497a8c GetForegroundWindow
0x497a90 GetFocus
0x497a94 GetDlgItem
0x497a98 GetDesktopWindow
0x497a9c GetDCEx
0x497aa0 GetDC
0x497aa4 GetCursorPos
0x497aa8 GetCursor
0x497aac GetClipboardData
0x497ab0 GetClientRect
0x497ab4 GetClassLongA
0x497ab8 GetClassInfoA
0x497abc GetCapture
0x497ac0 GetActiveWindow
0x497ac4 FrameRect
0x497ac8 FindWindowA
0x497acc FillRect
0x497ad0 EqualRect
0x497ad4 EnumWindows
0x497ad8 EnumThreadWindows
0x497adc EnumChildWindows
0x497ae0 EndPaint
0x497ae4 EndDeferWindowPos
0x497ae8 EnableWindow
0x497aec EnableScrollBar
0x497af0 EnableMenuItem
0x497af4 DrawTextA
0x497af8 DrawMenuBar
0x497afc DrawIconEx
0x497b00 DrawIcon
0x497b04 DrawFrameControl
0x497b08 DrawEdge
0x497b0c DispatchMessageW
0x497b10 DispatchMessageA
0x497b14 DestroyWindow
0x497b18 DestroyMenu
0x497b1c DestroyIcon
0x497b20 DestroyCursor
0x497b24 DeleteMenu
0x497b28 DeferWindowPos
0x497b2c DefWindowProcA
0x497b30 DefMDIChildProcA
0x497b34 DefFrameProcA
0x497b38 CreatePopupMenu
0x497b3c CreateMenu
0x497b40 CreateIcon
0x497b44 ClientToScreen
0x497b48 CheckMenuItem
0x497b4c CallWindowProcA
0x497b50 CallNextHookEx
0x497b54 BeginPaint
0x497b58 BeginDeferWindowPos
0x497b5c CharNextA
0x497b60 CharLowerBuffA
0x497b64 CharLowerA
0x497b68 CharToOemA
0x497b6c AdjustWindowRectEx
Library msimg32.dll:
0x497b78 GradientFill
Library gdi32.dll:
0x497b80 UnrealizeObject
0x497b84 StretchBlt
0x497b88 SetWindowOrgEx
0x497b8c SetWinMetaFileBits
0x497b90 SetViewportOrgEx
0x497b94 SetTextColor
0x497b98 SetStretchBltMode
0x497b9c SetROP2
0x497ba0 SetPixel
0x497ba4 SetEnhMetaFileBits
0x497ba8 SetDIBColorTable
0x497bac SetBrushOrgEx
0x497bb0 SetBkMode
0x497bb4 SetBkColor
0x497bb8 SelectPalette
0x497bbc SelectObject
0x497bc0 SelectClipRgn
0x497bc4 SaveDC
0x497bc8 RestoreDC
0x497bcc Rectangle
0x497bd0 RectVisible
0x497bd4 RealizePalette
0x497bd8 Polyline
0x497bdc Polygon
0x497be0 PlayEnhMetaFile
0x497be4 PatBlt
0x497be8 MoveToEx
0x497bec MaskBlt
0x497bf0 LineTo
0x497bf4 IntersectClipRect
0x497bf8 GetWindowOrgEx
0x497bfc GetWinMetaFileBits
0x497c00 GetTextMetricsA
0x497c0c GetStockObject
0x497c10 GetRgnBox
0x497c14 GetROP2
0x497c18 GetPolyFillMode
0x497c1c GetPixel
0x497c20 GetPaletteEntries
0x497c24 GetObjectA
0x497c30 GetEnhMetaFileBits
0x497c34 GetDeviceCaps
0x497c38 GetDIBits
0x497c3c GetDIBColorTable
0x497c40 GetDCOrgEx
0x497c44 GetDCBrushColor
0x497c4c GetClipBox
0x497c50 GetBrushOrgEx
0x497c54 GetBitmapBits
0x497c58 GdiFlush
0x497c5c ExcludeClipRect
0x497c60 DeleteObject
0x497c64 DeleteEnhMetaFile
0x497c68 DeleteDC
0x497c6c CreateSolidBrush
0x497c70 CreateRectRgn
0x497c74 CreatePenIndirect
0x497c78 CreatePalette
0x497c80 CreateFontIndirectA
0x497c84 CreateDIBitmap
0x497c88 CreateDIBSection
0x497c8c CreateCompatibleDC
0x497c94 CreateBrushIndirect
0x497c98 CreateBitmap
0x497c9c CopyEnhMetaFileA
0x497ca0 CombineRgn
0x497ca4 BitBlt
Library version.dll:
0x497cac VerQueryValueA
0x497cb4 GetFileVersionInfoA
Library kernel32.dll:
0x497cbc lstrcpyA
0x497cc0 lstrcmpiA
0x497cc4 WriteFile
0x497cc8 WaitForSingleObject
0x497ccc VirtualQuery
0x497cd0 VirtualProtect
0x497cd4 VirtualFree
0x497cd8 VirtualAlloc
0x497cdc Sleep
0x497ce0 SizeofResource
0x497ce4 SetThreadLocale
0x497ce8 SetFilePointer
0x497cec SetEvent
0x497cf0 SetErrorMode
0x497cf4 SetEndOfFile
0x497cf8 ResetEvent
0x497cfc ReadFile
0x497d00 MulDiv
0x497d04 LockResource
0x497d08 LoadResource
0x497d0c LoadLibraryA
0x497d18 GlobalFindAtomA
0x497d1c GlobalDeleteAtom
0x497d20 GlobalAddAtomA
0x497d24 GetVersionExA
0x497d28 GetVersion
0x497d2c GetTickCount
0x497d30 GetThreadLocale
0x497d34 GetTempPathA
0x497d38 GetStdHandle
0x497d3c GetProcAddress
0x497d40 GetModuleHandleA
0x497d44 GetModuleFileNameA
0x497d48 GetLocaleInfoA
0x497d4c GetLocalTime
0x497d50 GetLastError
0x497d54 GetFullPathNameA
0x497d58 GetFileSize
0x497d5c GetFileAttributesA
0x497d60 GetDiskFreeSpaceA
0x497d64 GetDateFormatA
0x497d68 GetCurrentThreadId
0x497d6c GetCurrentProcessId
0x497d70 GetCurrentProcess
0x497d74 GetCPInfo
0x497d78 FreeResource
0x497d7c InterlockedExchange
0x497d80 FreeLibrary
0x497d84 FormatMessageA
0x497d88 FindResourceA
0x497d8c ExitProcess
0x497d90 EnumCalendarInfoA
0x497d98 DeleteFileA
0x497da0 CreateThread
0x497da4 CreateFileA
0x497da8 CreateEventA
0x497dac CreateDirectoryA
0x497db0 CopyFileA
0x497db4 CompareStringA
0x497db8 CloseHandle
Library advapi32.dll:
0x497dc0 RegSetValueExA
0x497dc4 RegQueryValueExA
0x497dc8 RegOpenKeyExA
0x497dcc RegOpenKeyA
0x497dd0 RegFlushKey
0x497dd4 RegCloseKey
Library kernel32.dll:
0x497ddc Sleep
Library oleaut32.dll:
0x497de4 SafeArrayPtrOfIndex
0x497de8 SafeArrayGetUBound
0x497dec SafeArrayGetLBound
0x497df0 SafeArrayCreate
0x497df4 VariantChangeType
0x497df8 VariantCopy
0x497dfc VariantClear
0x497e00 VariantInit
Library comctl32.dll:
0x497e08 _TrackMouseEvent
0x497e14 ImageList_Write
0x497e18 ImageList_Read
0x497e24 ImageList_DragMove
0x497e28 ImageList_DragLeave
0x497e2c ImageList_DragEnter
0x497e30 ImageList_EndDrag
0x497e34 ImageList_BeginDrag
0x497e38 ImageList_Remove
0x497e3c ImageList_DrawEx
0x497e40 ImageList_Replace
0x497e44 ImageList_Draw
0x497e50 ImageList_Add
0x497e58 ImageList_Destroy
0x497e5c ImageList_Create
0x497e60 InitCommonControls
Library comdlg32.dll:
0x497e68 GetSaveFileNameA
0x497e6c GetOpenFileNameA
Library SHFolder.dll:
0x497e74 SHGetFolderPathA

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 49235 114.114.114.114 53
192.168.56.101 50534 114.114.114.114 53
192.168.56.101 56539 114.114.114.114 53
192.168.56.101 65004 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 55368 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 60123 224.0.0.252 5355
192.168.56.101 62191 224.0.0.252 5355
192.168.56.101 1900 239.255.255.250 1900
192.168.56.101 50535 239.255.255.250 3702
192.168.56.101 50537 239.255.255.250 3702
192.168.56.101 56540 239.255.255.250 3702
192.168.56.101 56807 239.255.255.250 1900
192.168.56.101 58707 239.255.255.250 3702

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.