6.6
高危
47 个模型检测该样本为恶意!
重新分析
更多

c3a284a34c07b5133eebad4b94bc78ae96bf4715fb77d4fa9a8c37aa287da585

cf303c0dd400d8e00d18aefc8a6eebfa.exe

分析耗时

77s

最近分析

文件大小

896.0KB
静态报毒 动态报毒 4Y0@AGH5FXHK AI SCORE=86 AIDETECTVM BEHAVIOR CEWV CKGENERIC CLASSIC ELDORADO EMOTET EVAU GENCIRC GENETIC HIGH CONFIDENCE HSAIQS KRYPTIK MALWARE2 QVM41 R002C0DHG20 R348048 SCORE SMTHC SUSGEN YWBDI ZEXAE 更多
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
Alibaba Trojan:Win32/Emotet.21809bd8 20190527 0.3.0.5
Baidu 20190318 1.0.0.2
Avast Win32:Malware-gen 20200831 18.4.3895.0
Kingsoft 20200831 2013.8.14.323
McAfee Emotet-FRV!CF303C0DD400 20200831 6.0.6.653
Tencent Malware.Win32.Gencirc.10cde812 20200831 1.0.0.1
CrowdStrike 20190702 1.0
静态指标
Queries for the computername (1 个事件)
Time & API Arguments Status Return Repeated
1619910862.90485
GetComputerNameA
computer_name: OSKAR-PC
success 1 0
Uses Windows APIs to generate a cryptographic key (4 个事件)
Time & API Arguments Status Return Repeated
1619910847.34285
CryptGenKey
crypto_handle: 0x002a63d0
algorithm_identifier: 0x0000660e ()
provider_handle: 0x002a59e8
flags: 1
key: fZ60Å׊™”Í,’o}
success 1 0
1619910862.92085
CryptExportKey
crypto_handle: 0x002a63d0
crypto_export_handle: 0x002a5ab0
buffer: f¤/QÑú?Ñè»]¶üIubؕ%j%j^¢kîê°5¼Eøw_ØP3Ü{ûl­E;ß©.ã ã´pß²þόÓÔ¥ûВç„ýR~à~“CH®}²ûy¯MTó“îÞ
blob_type: 1
flags: 64
success 1 0
1619910898.60785
CryptExportKey
crypto_handle: 0x002a63d0
crypto_export_handle: 0x002a5ab0
buffer: f¤”GT…•ò½eÔ~cݸ|ä ê£ ÈyZ„PýBÑ_Ë/Ò%aÃõÿí!$~f £§"’êóÄ÷¦<×lY(AVD Œºà•ò±“¾Jå‡^5É]©ÏÑõt?DæW%8
blob_type: 1
flags: 64
success 1 0
1619910910.45185
CryptExportKey
crypto_handle: 0x002a63d0
crypto_export_handle: 0x002a5ab0
buffer: f¤pº¿rtDNaã—”±uKà…XÞufsðfH 8ètûÏhÞtKtÓÀþœ«ámÂש“µ›ÇT/¯8ôDA5ëг\ê×™UWZ¡áÜ%ô4À¿¯g
blob_type: 1
flags: 64
success 1 0
This executable has a PDB path (1 个事件)
pdb_path c:\Users\Mr.Anderson\Desktop\2005\14.8.20\ExpandingCheck_demo\ExpCheckTest\Release\ExpCheckTest.pdb
The executable contains unknown PE section names indicative of a packer (could be a false positive) (1 个事件)
section .didat
行为判定
动态指标
Allocates read-write-execute memory (usually to unpack itself) (1 个事件)
Time & API Arguments Status Return Repeated
1619910846.56085
NtAllocateVirtualMemory
process_identifier: 1464
region_size: 36864
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x01ef0000
success 0 0
Searches running processes potentially to identify processes for sandbox evasion, code injection or memory dumping (5 个事件)
Checks adapter addresses which can be used to detect virtual network interfaces (1 个事件)
Time & API Arguments Status Return Repeated
1619910863.40485
GetAdaptersAddresses
flags: 0
family: 0
failed 111 0
Expresses interest in specific running processes (1 个事件)
process cf303c0dd400d8e00d18aefc8a6eebfa.exe
Reads the systems User Agent and subsequently performs requests (1 个事件)
Time & API Arguments Status Return Repeated
1619910863.04585
InternetOpenW
proxy_bypass:
access_type: 0
proxy_name:
flags: 0
user_agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
success 13369348 0
网络通信
Communicates with host for which no DNS query was performed (5 个事件)
host 172.217.24.14
host 69.30.203.214
host 75.139.38.211
host 203.208.40.34
host 203.208.41.65
Sets or modifies WPAD proxy autoconfiguration file for traffic interception (8 个事件)
Time & API Arguments Status Return Repeated
1619910865.98285
RegSetValueExA
key_handle: 0x000003bc
value: 1
regkey_r: WpadDecisionReason
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionReason
success 0 0
1619910865.98285
RegSetValueExA
key_handle: 0x000003bc
value:  “n<È>×
regkey_r: WpadDecisionTime
reg_type: 3 (REG_BINARY)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionTime
success 0 0
1619910865.98285
RegSetValueExA
key_handle: 0x000003bc
value: 3
regkey_r: WpadDecision
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecision
success 0 0
1619910865.98285
RegSetValueExW
key_handle: 0x000003bc
value: 网络 2
regkey_r: WpadNetworkName
reg_type: 1 (REG_SZ)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadNetworkName
success 0 0
1619910865.98285
RegSetValueExA
key_handle: 0x000003d4
value: 1
regkey_r: WpadDecisionReason
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionReason
success 0 0
1619910865.98285
RegSetValueExA
key_handle: 0x000003d4
value:  “n<È>×
regkey_r: WpadDecisionTime
reg_type: 3 (REG_BINARY)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionTime
success 0 0
1619910865.98285
RegSetValueExA
key_handle: 0x000003d4
value: 3
regkey_r: WpadDecision
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecision
success 0 0
1619910866.01485
RegSetValueExW
key_handle: 0x000003b8
value: {40112ABE-63B3-43C3-BE93-1440EE3AF106}
regkey_r: WpadLastNetwork
reg_type: 1 (REG_SZ)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\WpadLastNetwork
success 0 0
File has been identified by 47 AntiVirus engines on VirusTotal as malicious (47 个事件)
Bkav W32.AIDetectVM.malware2
Elastic malicious (high confidence)
MicroWorld-eScan Trojan.Agent.EVAU
FireEye Generic.mg.cf303c0dd400d8e0
CAT-QuickHeal Trojan.CKGENERIC
ALYac Trojan.Agent.EVAU
Malwarebytes Trojan.Emotet
Zillya Backdoor.Emotet.Win32.1006
K7AntiVirus Riskware ( 0040eff71 )
Alibaba Trojan:Win32/Emotet.21809bd8
K7GW Riskware ( 0040eff71 )
BitDefenderTheta Gen:NN.ZexaE.34196.4y0@aGh5FXhk
Cyren W32/Emotet.APV.gen!Eldorado
Symantec Trojan.Emotet
APEX Malicious
Avast Win32:Malware-gen
Kaspersky Backdoor.Win32.Emotet.cewv
BitDefender Trojan.Agent.EVAU
NANO-Antivirus Trojan.Win32.Emotet.hsaiqs
Paloalto generic.ml
AegisLab Trojan.Win32.Emotet.L!c
Rising Trojan.Kryptik!1.CA80 (CLASSIC)
Ad-Aware Trojan.Agent.EVAU
DrWeb Trojan.Emotet.999
VIPRE Trojan.Win32.Generic!BT
TrendMicro TROJ_GEN.R002C0DHG20
Sophos Troj/Emotet-CLB
Ikarus Trojan-Banker.Emotet
Jiangmin Backdoor.Emotet.re
MaxSecure Trojan.Malware.105305733.susgen
Avira TR/Kryptik.ywbdi
MAX malware (ai score=86)
Antiy-AVL Trojan/Win32.Emotet
Microsoft Trojan:Win32/Emotet.ARK!MTB
ViRobot Trojan.Win32.Z.Emotet.917504.JD
ZoneAlarm Backdoor.Win32.Emotet.cewv
GData Trojan.Agent.EVAU
Cynet Malicious (score: 85)
AhnLab-V3 Trojan/Win32.Emotet.R348048
McAfee Emotet-FRV!CF303C0DD400
ESET-NOD32 Win32/Emotet.CD
TrendMicro-HouseCall TrojanSpy.Win32.EMOTET.SMTHC
Tencent Malware.Win32.Gencirc.10cde812
Fortinet W32/Malicious_Behavior.VEX
AVG Win32:Malware-gen
Panda Trj/Genetic.gen
Qihoo-360 Generic/HEUR/QVM41.2.4143.Malware.Gen
Connects to IP addresses that are no longer responding to requests (legitimate services will remain up-and-running usually) (2 个事件)
dead_host 69.30.203.214:8080
dead_host 75.139.38.211:80
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

2020-08-15 02:28:33

Imports

Library KERNEL32.dll:
0x49be20 SetFileTime
0x49be24 SetFileAttributesA
0x49be28 GetFileAttributesA
0x49be2c GetFileTime
0x49be30 RtlUnwind
0x49be34 HeapAlloc
0x49be38 HeapFree
0x49be3c HeapReAlloc
0x49be40 VirtualProtect
0x49be44 VirtualAlloc
0x49be48 GetSystemInfo
0x49be4c VirtualQuery
0x49be50 GetCommandLineA
0x49be54 GetProcessHeap
0x49be58 GetStartupInfoA
0x49be5c RaiseException
0x49be60 ExitThread
0x49be64 CreateThread
0x49be68 HeapSize
0x49be6c TerminateProcess
0x49be78 IsDebuggerPresent
0x49be7c Sleep
0x49be80 GetACP
0x49be84 LCMapStringA
0x49be88 LCMapStringW
0x49be8c FatalAppExitA
0x49be90 VirtualFree
0x49be98 HeapCreate
0x49be9c GetStdHandle
0x49beb0 SetHandleCount
0x49beb4 GetFileType
0x49bebc GetTickCount
0x49becc GetStringTypeA
0x49bed0 GetStringTypeW
0x49bed4 GetTimeFormatA
0x49bed8 GetDateFormatA
0x49bedc GetUserDefaultLCID
0x49bee0 EnumSystemLocalesA
0x49bee4 IsValidLocale
0x49bee8 IsValidCodePage
0x49beec GetConsoleCP
0x49bef0 GetConsoleMode
0x49bef4 GetLocaleInfoW
0x49bef8 SetStdHandle
0x49befc WriteConsoleA
0x49bf00 GetConsoleOutputCP
0x49bf04 WriteConsoleW
0x49bf0c SetErrorMode
0x49bf18 CreateFileA
0x49bf1c GetShortPathNameA
0x49bf20 GetFullPathNameA
0x49bf28 FindFirstFileA
0x49bf2c FindClose
0x49bf30 GetCurrentProcess
0x49bf34 DuplicateHandle
0x49bf38 GetThreadLocale
0x49bf3c GetFileSize
0x49bf40 SetEndOfFile
0x49bf44 UnlockFile
0x49bf48 LockFile
0x49bf4c FlushFileBuffers
0x49bf50 SetFilePointer
0x49bf54 WriteFile
0x49bf58 ReadFile
0x49bf5c DeleteFileA
0x49bf60 MoveFileA
0x49bf74 GetAtomNameA
0x49bf78 GetOEMCP
0x49bf7c GetCPInfo
0x49bf84 GlobalFlags
0x49bf88 TlsFree
0x49bf90 LocalReAlloc
0x49bf94 TlsSetValue
0x49bf98 TlsAlloc
0x49bfa0 GlobalHandle
0x49bfa4 GlobalReAlloc
0x49bfac TlsGetValue
0x49bfb4 LocalAlloc
0x49bfb8 CopyFileA
0x49bfbc GlobalSize
0x49bfc0 FormatMessageA
0x49bfc4 LocalFree
0x49bfcc GetModuleFileNameW
0x49bfd0 GlobalFree
0x49bfd4 GetCurrentProcessId
0x49bfd8 CreateEventA
0x49bfdc SuspendThread
0x49bfe0 SetEvent
0x49bfe4 WaitForSingleObject
0x49bfe8 ResumeThread
0x49bfec SetThreadPriority
0x49bff0 CloseHandle
0x49bff4 GetCurrentThread
0x49bffc GetModuleFileNameA
0x49c004 GetLocaleInfoA
0x49c008 GlobalAlloc
0x49c00c GlobalLock
0x49c010 GlobalUnlock
0x49c014 MulDiv
0x49c018 lstrcmpA
0x49c01c FreeResource
0x49c020 GetCurrentThreadId
0x49c024 GlobalGetAtomNameA
0x49c028 GlobalAddAtomA
0x49c02c GlobalFindAtomA
0x49c030 GlobalDeleteAtom
0x49c034 FreeLibrary
0x49c038 LoadLibraryA
0x49c03c lstrcmpW
0x49c040 GetModuleHandleA
0x49c044 GetProcAddress
0x49c048 GetVersionExA
0x49c04c FindResourceA
0x49c050 LoadResource
0x49c054 LockResource
0x49c058 SizeofResource
0x49c05c SetLastError
0x49c060 GetStringTypeExW
0x49c064 GetStringTypeExA
0x49c070 lstrlenA
0x49c074 lstrcmpiW
0x49c078 lstrcmpiA
0x49c07c CompareStringW
0x49c080 CompareStringA
0x49c084 lstrlenW
0x49c088 GetVersion
0x49c08c GetLastError
0x49c090 WideCharToMultiByte
0x49c094 MultiByteToWideChar
0x49c098 InterlockedExchange
0x49c09c HeapDestroy
0x49c0a0 ExitProcess
Library USER32.dll:
0x49c2ac SetMenu
0x49c2b0 BringWindowToTop
0x49c2b4 SetRectEmpty
0x49c2b8 CreatePopupMenu
0x49c2bc InsertMenuItemA
0x49c2c0 InvalidateRect
0x49c2c4 LoadAcceleratorsA
0x49c2c8 LoadMenuA
0x49c2cc ReuseDDElParam
0x49c2d0 UnpackDDElParam
0x49c2d4 GetKeyNameTextA
0x49c2d8 MapVirtualKeyA
0x49c2dc IsRectEmpty
0x49c2e0 GetSystemMenu
0x49c2e4 SetParent
0x49c2e8 UnionRect
0x49c2ec SetRect
0x49c2f0 SetTimer
0x49c2f4 KillTimer
0x49c2f8 GetDCEx
0x49c2fc LockWindowUpdate
0x49c300 DestroyMenu
0x49c304 GetMenuItemInfoA
0x49c308 InflateRect
0x49c30c GetMenuStringA
0x49c310 AppendMenuA
0x49c314 InsertMenuA
0x49c318 RemoveMenu
0x49c31c GetDesktopWindow
0x49c324 GetNextDlgTabItem
0x49c328 EndDialog
0x49c330 ShowOwnedPopups
0x49c334 SetCursor
0x49c338 GetMessageA
0x49c33c TranslateMessage
0x49c340 GetActiveWindow
0x49c344 GetCursorPos
0x49c348 ValidateRect
0x49c34c PostQuitMessage
0x49c350 EndPaint
0x49c354 BeginPaint
0x49c358 GetWindowDC
0x49c35c ReleaseDC
0x49c360 GetDC
0x49c364 ClientToScreen
0x49c368 GrayStringA
0x49c36c DrawTextExA
0x49c370 DrawTextA
0x49c374 TabbedTextOutA
0x49c378 FillRect
0x49c37c SetMenuItemBitmaps
0x49c384 LoadBitmapA
0x49c388 ModifyMenuA
0x49c38c GetMenuState
0x49c390 EnableMenuItem
0x49c394 CheckMenuItem
0x49c39c WinHelpA
0x49c3a0 IsChild
0x49c3a4 GetCapture
0x49c3ac CallNextHookEx
0x49c3b0 GetClassLongA
0x49c3b4 GetClassNameA
0x49c3b8 SetPropA
0x49c3bc RemovePropA
0x49c3c0 GetForegroundWindow
0x49c3c4 GetLastActivePopup
0x49c3c8 SetActiveWindow
0x49c3cc DispatchMessageA
0x49c3d0 BeginDeferWindowPos
0x49c3d4 EndDeferWindowPos
0x49c3d8 GetTopWindow
0x49c3dc DestroyWindow
0x49c3e0 UnhookWindowsHookEx
0x49c3e4 GetMessageTime
0x49c3e8 GetMessagePos
0x49c3ec PeekMessageA
0x49c3f0 MapWindowPoints
0x49c3f4 ScrollWindow
0x49c3f8 TrackPopupMenuEx
0x49c3fc TrackPopupMenu
0x49c400 GetKeyState
0x49c404 SetScrollRange
0x49c408 GetScrollRange
0x49c40c SetScrollPos
0x49c410 GetScrollPos
0x49c414 SetForegroundWindow
0x49c418 ShowScrollBar
0x49c41c IsWindowVisible
0x49c420 UpdateWindow
0x49c424 GetMenu
0x49c428 PostMessageA
0x49c42c GetSubMenu
0x49c430 GetMenuItemID
0x49c434 GetMenuItemCount
0x49c438 MessageBoxA
0x49c43c CreateWindowExA
0x49c440 GetClassInfoExA
0x49c444 GetClassInfoA
0x49c448 RegisterClassA
0x49c44c GetSysColor
0x49c450 AdjustWindowRectEx
0x49c454 ScreenToClient
0x49c458 EqualRect
0x49c45c DeferWindowPos
0x49c460 CopyRect
0x49c464 GetWindowRect
0x49c468 GetParent
0x49c46c EnableWindow
0x49c470 SendMessageA
0x49c474 MoveWindow
0x49c478 ShowWindow
0x49c47c GetScrollInfo
0x49c480 SetScrollInfo
0x49c484 PtInRect
0x49c488 SetWindowPlacement
0x49c48c DefWindowProcA
0x49c490 CallWindowProcA
0x49c494 OffsetRect
0x49c498 IntersectRect
0x49c4a0 GetWindowPlacement
0x49c4a8 GetWindowTextA
0x49c4ac GetFocus
0x49c4b0 UnregisterClassA
0x49c4b4 GetDialogBaseUnits
0x49c4b8 DestroyIcon
0x49c4bc WaitMessage
0x49c4c0 ReleaseCapture
0x49c4c4 WindowFromPoint
0x49c4c8 SetCapture
0x49c4cc DeleteMenu
0x49c4d0 LoadCursorA
0x49c4d4 SetWindowsHookExA
0x49c4d8 GetSysColorBrush
0x49c4dc RedrawWindow
0x49c4e0 GetWindowLongA
0x49c4e4 EnumChildWindows
0x49c4e8 IsWindow
0x49c4ec DrawIcon
0x49c4f0 IsIconic
0x49c4f4 GetClientRect
0x49c4f8 LoadIconA
0x49c4fc GetSystemMetrics
0x49c500 CharLowerA
0x49c504 CharLowerW
0x49c508 CharUpperA
0x49c50c CharUpperW
0x49c510 GetWindow
0x49c514 CheckDlgButton
0x49c518 CheckRadioButton
0x49c51c GetDlgItem
0x49c520 GetDlgItemInt
0x49c524 SetWindowPos
0x49c528 ScrollWindowEx
0x49c52c SetFocus
0x49c530 IsWindowEnabled
0x49c534 SetWindowLongA
0x49c538 GetDlgCtrlID
0x49c53c SetWindowTextA
0x49c540 IsDialogMessageA
0x49c544 IsDlgButtonChecked
0x49c548 SetDlgItemTextA
0x49c54c SetDlgItemInt
0x49c550 SendDlgItemMessageA
0x49c554 GetDlgItemTextA
0x49c558 GetPropA
Library GDI32.dll:
0x49bc50 ArcTo
0x49bc54 PolyDraw
0x49bc58 PolylineTo
0x49bc5c PolyBezierTo
0x49bc60 ExtSelectClipRgn
0x49bc64 DeleteDC
0x49bc6c CreatePatternBrush
0x49bc70 CreateCompatibleDC
0x49bc74 GetStockObject
0x49bc78 SelectPalette
0x49bc7c PlayMetaFileRecord
0x49bc80 GetObjectType
0x49bc84 EnumMetaFile
0x49bc88 PlayMetaFile
0x49bc8c GetDeviceCaps
0x49bc90 CreatePen
0x49bc94 ScaleWindowExtEx
0x49bc98 CreateSolidBrush
0x49bc9c CreateHatchBrush
0x49bca0 CopyMetaFileA
0x49bca4 CreateDCA
0x49bca8 CreateFontIndirectA
0x49bcb4 SetRectRgn
0x49bcb8 CombineRgn
0x49bcbc GetMapMode
0x49bcc0 PatBlt
0x49bcc4 DPtoLP
0x49bcc8 GetTextMetricsA
0x49bcd0 GetCharWidthA
0x49bcd4 CreateFontA
0x49bcd8 StretchDIBits
0x49bcdc GetBkColor
0x49bce0 SetWindowExtEx
0x49bce4 OffsetWindowOrgEx
0x49bce8 SetWindowOrgEx
0x49bcec RectVisible
0x49bcf0 ScaleViewportExtEx
0x49bcf4 SetViewportExtEx
0x49bcf8 OffsetViewportOrgEx
0x49bcfc SetViewportOrgEx
0x49bd00 SelectObject
0x49bd04 Escape
0x49bd08 ExtTextOutA
0x49bd0c ExtCreatePen
0x49bd10 GetDCOrgEx
0x49bd14 PtVisible
0x49bd18 StartDocA
0x49bd1c GetPixel
0x49bd20 BitBlt
0x49bd24 GetWindowExtEx
0x49bd28 GetViewportExtEx
0x49bd2c SelectClipPath
0x49bd30 CreateRectRgn
0x49bd34 GetClipRgn
0x49bd38 SelectClipRgn
0x49bd3c DeleteObject
0x49bd40 SetColorAdjustment
0x49bd44 SetArcDirection
0x49bd48 SetMapperFlags
0x49bd54 SetTextAlign
0x49bd58 MoveToEx
0x49bd5c LineTo
0x49bd60 OffsetClipRgn
0x49bd64 IntersectClipRect
0x49bd68 ExcludeClipRect
0x49bd6c SetMapMode
0x49bd74 SetWorldTransform
0x49bd78 SetGraphicsMode
0x49bd7c SetStretchBltMode
0x49bd80 SetROP2
0x49bd84 SetPolyFillMode
0x49bd88 SetBkMode
0x49bd8c RestoreDC
0x49bd90 SaveDC
0x49bd94 CreateBitmap
0x49bd98 GetObjectA
0x49bd9c SetBkColor
0x49bda0 SetTextColor
0x49bda4 GetClipBox
0x49bda8 TextOutA
Library comdlg32.dll:
0x49c648 GetFileTitleA
Library WINSPOOL.DRV:
0x49c610 ClosePrinter
0x49c614 DocumentPropertiesA
0x49c618 OpenPrinterA
Library ADVAPI32.dll:
0x49bbe8 RegDeleteValueA
0x49bbec RegSetValueExA
0x49bbf0 RegCreateKeyExA
0x49bbf4 RegSetValueA
0x49bbf8 RegQueryValueA
0x49bbfc RegOpenKeyA
0x49bc00 RegEnumKeyA
0x49bc04 RegDeleteKeyA
0x49bc08 RegOpenKeyExA
0x49bc0c RegQueryValueExA
0x49bc10 RegCloseKey
0x49bc14 RegCreateKeyA
Library SHELL32.dll:
0x49c22c SHGetFileInfoA
0x49c230 DragFinish
0x49c234 DragQueryFileA
0x49c238 ExtractIconA
Library SHLWAPI.dll:
0x49c26c PathFindFileNameA
0x49c270 PathStripToRootA
0x49c274 PathFindExtensionA
0x49c278 PathIsUNCA
Library ole32.dll:
0x49c678 ReleaseStgMedium
0x49c67c CreateBindCtx
0x49c680 CoTreatAsClass
0x49c684 StringFromCLSID
0x49c688 ReadClassStg
0x49c68c CoTaskMemAlloc
0x49c690 OleRegGetUserType
0x49c694 WriteClassStg
0x49c698 WriteFmtUserTypeStg
0x49c69c SetConvertStg
0x49c6a0 CoTaskMemFree
0x49c6a4 OleDuplicateData
0x49c6a8 CoDisconnectObject
0x49c6ac CoCreateInstance
0x49c6b0 StringFromGUID2
0x49c6b4 CLSIDFromString
0x49c6b8 ReadFmtUserTypeStg
Library OLEAUT32.dll:
0x49c150 VariantClear
0x49c154 VariantChangeType
0x49c158 VariantInit
0x49c15c SysAllocStringLen
0x49c160 SysFreeString
0x49c164 SysStringLen
0x49c16c SysStringByteLen
0x49c174 SafeArrayAccessData
0x49c178 SafeArrayGetUBound
0x49c17c SafeArrayGetLBound
0x49c184 SafeArrayGetDim
0x49c188 SafeArrayCreate
0x49c18c SafeArrayRedim
0x49c190 VariantCopy
0x49c194 SafeArrayAllocData
0x49c19c SafeArrayCopy
0x49c1a0 SafeArrayGetElement
0x49c1a4 SafeArrayPtrOfIndex
0x49c1a8 SafeArrayPutElement
0x49c1ac SafeArrayLock
0x49c1b0 SafeArrayUnlock
0x49c1b4 SafeArrayDestroy
0x49c1c8 SysReAllocStringLen
0x49c1cc VarDateFromStr
0x49c1d0 VarBstrFromCy
0x49c1d4 VarBstrFromDec
0x49c1d8 VarDecFromStr
0x49c1dc VarCyFromStr
0x49c1e0 VarBstrFromDate

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 50002 114.114.114.114 53
192.168.56.101 57756 114.114.114.114 53
192.168.56.101 62318 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 49235 224.0.0.252 5355
192.168.56.101 50534 224.0.0.252 5355
192.168.56.101 51378 224.0.0.252 5355
192.168.56.101 51808 224.0.0.252 5355
192.168.56.101 51963 224.0.0.252 5355
192.168.56.101 53237 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 60384 224.0.0.252 5355
192.168.56.101 62191 224.0.0.252 5355
192.168.56.101 63429 224.0.0.252 5355
192.168.56.101 1900 239.255.255.250 1900
192.168.56.101 50003 239.255.255.250 3702
192.168.56.101 50005 239.255.255.250 3702
192.168.56.101 50537 239.255.255.250 1900
192.168.56.101 51809 239.255.255.250 3702

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.