6.6
高危
63 个模型检测该样本为恶意!
重新分析
更多

ad7abbd8b6ce31753f2f7b2865a6267caa52401c335a09dcbc87e4021f5ac051

cf5aaeb63e4e42e521cb2c0ad4cf4177.exe

分析耗时

22s

最近分析

文件大小

727.5KB
静态报毒 动态报毒 AGEN AI SCORE=85 AIDETECTVM BTGWHY CEEINJECT CLASSIC CONFIDENCE DELF DELPHILESS DGHQ ELDORADO ELTI ELUT FAREIT GENERICKDZ GENETIC GENOME HACKTOOL HIGH CONFIDENCE HJZTHM IGENT KRYPTIK MALICIOUS PE MALWARE1 MALWARE@#HFKSKUAUZ6PG R06EC0DIE20 SCORE SIMDA STATIC AI SUSGEN TAYS TG0@AMWNWFCI TSCOPE UNSAFE WACATAC X2059 ZELPHIF 更多
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
Alibaba VirTool:Win32/Obfuscator.1fe42099 20190527 0.3.0.5
Baidu 20190318 1.0.0.2
Avast Win32:Trojan-gen 20201210 21.1.5827.0
McAfee Fareit-FSK!CF5AAEB63E4E 20201211 6.0.6.653
Tencent Win32.Trojan.Kryptik.Tays 20201211 1.0.0.1
CrowdStrike win/malicious_confidence_90% (W) 20190702 1.0
静态指标
The executable contains unknown PE section names indicative of a packer (could be a false positive) (3 个事件)
section CODE
section DATA
section BSS
The executable uses a known packer (1 个事件)
packer BobSoft Mini Delphi -> BoB / BobSoft
One or more processes crashed (2 个事件)
Time & API Arguments Status Return Repeated
1619910852.157046
__exception__
stacktrace: 
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 49151808
registers.edi: 0
registers.eax: 0
registers.ebp: 49151880
registers.edx: 54
registers.ebx: 0
registers.esi: 0
registers.ecx: 83
exception.instruction_r: f7 f0 33 c0 5a 59 59 64 89 10 eb 63 e9 a9 16 fa
exception.symbol: cf5aaeb63e4e42e521cb2c0ad4cf4177+0x61f5a
exception.instruction: div eax
exception.module: cf5aaeb63e4e42e521cb2c0ad4cf4177.exe
exception.exception_code: 0xc0000094
exception.offset: 401242
exception.address: 0x461f5a
success 0 0
1619910854.043282
__exception__
stacktrace: 
CreateFileMappingW+0xe5 OpenFileMappingW-0x29 kernelbase+0xdc73 @ 0x778edc73
GetFileVersion+0xa7 ND_RI2-0x2eb mscoreei+0xe97b @ 0x7501e97b
GetFileVersion+0x1bb ND_RI2-0x1d7 mscoreei+0xea8f @ 0x7501ea8f
RegisterShimImplCallback+0x48e5 CLRCreateInstance-0x13e6 mscoreei+0xb25a @ 0x7501b25a
RegisterShimImplCallback+0x4b52 CLRCreateInstance-0x1179 mscoreei+0xb4c7 @ 0x7501b4c7
RegisterShimImplCallback+0x4300 CLRCreateInstance-0x19cb mscoreei+0xac75 @ 0x7501ac75
RegisterShimImplCallback+0x4561 CLRCreateInstance-0x176a mscoreei+0xaed6 @ 0x7501aed6
CreateConfigStream+0xc89 _CorExeMain-0x62 mscoreei+0x5511 @ 0x75015511
_CorExeMain+0x2b _CorExeMain2-0x141 mscoreei+0x559e @ 0x7501559e
CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x75157f16
_CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x75154de3
cf5aaeb63e4e42e521cb2c0ad4cf4177+0x58a4d @ 0x458a4d
cf5aaeb63e4e42e521cb2c0ad4cf4177+0x51254 @ 0x451254
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1634372
registers.edi: 2
registers.eax: 1
registers.ebp: 1634412
registers.edx: 228
registers.ebx: 983045
registers.esi: 1634532
registers.ecx: 228
exception.symbol:
exception.exception_code: 0xc0000005
exception.address: 0xfeb314ad
success 0 0
行为判定
动态指标
One or more potentially interesting buffers were extracted, these generally contain injected code, configuration data, etc.
Allocates read-write-execute memory (usually to unpack itself) (30 个事件)
Time & API Arguments Status Return Repeated
1619910851.954046
NtAllocateVirtualMemory
process_identifier: 420
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x023d0000
success 0 0
1619910852.157046
NtAllocateVirtualMemory
process_identifier: 420
region_size: 40960
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x02ee0000
success 0 0
1619910852.157046
NtAllocateVirtualMemory
process_identifier: 420
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x02f30000
success 0 0
1619910852.902282
NtProtectVirtualMemory
process_identifier: 324
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00400000
success 0 0
1619910852.964282
NtAllocateVirtualMemory
process_identifier: 324
region_size: 1179648
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 8192 (MEM_RESERVE)
base_address: 0x00670000
success 0 0
1619910852.964282
NtAllocateVirtualMemory
process_identifier: 324
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00750000
success 0 0
1619910852.980282
NtAllocateVirtualMemory
process_identifier: 324
region_size: 327680
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00500000
success 0 0
1619910852.980282
NtProtectVirtualMemory
process_identifier: 324
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 303104
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00502000
success 0 0
1619910853.355282
NtAllocateVirtualMemory
process_identifier: 324
region_size: 1179648
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 8192 (MEM_RESERVE)
base_address: 0x01ee0000
success 0 0
1619910853.355282
NtAllocateVirtualMemory
process_identifier: 324
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x01fc0000
success 0 0
1619910854.027282
NtProtectVirtualMemory
process_identifier: 324
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x02022000
success 0 0
1619910854.027282
NtProtectVirtualMemory
process_identifier: 324
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76351000
success 0 0
1619910854.027282
NtProtectVirtualMemory
process_identifier: 324
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x02022000
success 0 0
1619910854.027282
NtProtectVirtualMemory
process_identifier: 324
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76353000
success 0 0
1619910854.027282
NtProtectVirtualMemory
process_identifier: 324
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x02022000
success 0 0
1619910854.027282
NtProtectVirtualMemory
process_identifier: 324
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76354000
success 0 0
1619910854.043282
NtProtectVirtualMemory
process_identifier: 324
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x02022000
success 0 0
1619910854.043282
NtProtectVirtualMemory
process_identifier: 324
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76351000
success 0 0
1619910854.043282
NtProtectVirtualMemory
process_identifier: 324
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x02022000
success 0 0
1619910854.043282
NtProtectVirtualMemory
process_identifier: 324
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x77d4f000
success 0 0
1619910854.043282
NtProtectVirtualMemory
process_identifier: 324
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x02022000
success 0 0
1619910854.043282
NtProtectVirtualMemory
process_identifier: 324
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76353000
success 0 0
1619910854.043282
NtProtectVirtualMemory
process_identifier: 324
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x02022000
success 0 0
1619910854.043282
NtProtectVirtualMemory
process_identifier: 324
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76351000
success 0 0
1619910854.043282
NtProtectVirtualMemory
process_identifier: 324
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x02022000
success 0 0
1619910854.043282
NtProtectVirtualMemory
process_identifier: 324
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76351000
success 0 0
1619910854.043282
NtProtectVirtualMemory
process_identifier: 324
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x02022000
success 0 0
1619910854.043282
NtProtectVirtualMemory
process_identifier: 324
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76354000
success 0 0
1619910854.043282
NtProtectVirtualMemory
process_identifier: 324
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x02022000
success 0 0
1619910854.043282
NtProtectVirtualMemory
process_identifier: 324
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76351000
success 0 0
The binary likely contains encrypted or compressed data indicative of a packer (3 个事件)
entropy 7.728701369185813 section {'size_of_data': '0x0000a600', 'virtual_address': '0x00063000', 'entropy': 7.728701369185813, 'name': 'DATA', 'virtual_size': '0x0000a514'} description A section with a high entropy has been found
entropy 7.507295812946279 section {'size_of_data': '0x00040600', 'virtual_address': '0x0007c000', 'entropy': 7.507295812946279, 'name': '.rsrc', 'virtual_size': '0x00040418'} description A section with a high entropy has been found
entropy 0.4115622849277357 description Overall entropy of this PE file is high
网络通信
Communicates with host for which no DNS query was performed (1 个事件)
host 172.217.24.14
Used NtSetContextThread to modify a thread in a remote process indicative of process injection (2 个事件)
Process injection Process 420 called NtSetContextThread to modify thread in remote process 324
Time & API Arguments Status Return Repeated
1619910852.579046
NtSetContextThread
thread_handle: 0x00000114
registers.eip: 0
registers.esp: 0
registers.edi: 0
registers.eax: 4896944
registers.ebp: 0
registers.edx: 0
registers.ebx: 2130567168
registers.esi: 0
registers.ecx: 0
process_identifier: 324
success 0 0
Resumed a suspended thread in a remote process potentially indicative of process injection (2 个事件)
Process injection Process 420 resumed a thread in remote process 324
Time & API Arguments Status Return Repeated
1619910852.844046
NtResumeThread
thread_handle: 0x00000114
suspend_count: 1
process_identifier: 324
success 0 0
Generates some ICMP traffic
Executed a process and injected code into it, probably while unpacking (6 个事件)
Time & API Arguments Status Return Repeated
1619910852.516046
CreateProcessInternalW
thread_identifier: 2712
thread_handle: 0x00000114
process_identifier: 324
current_directory:
filepath:
track: 1
command_line: "C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\cf5aaeb63e4e42e521cb2c0ad4cf4177.exe"
filepath_r:
stack_pivoted: 0
creation_flags: 4 (CREATE_SUSPENDED)
process_handle: 0x00000118
inherit_handles: 0
success 1 0
1619910852.516046
NtUnmapViewOfSection
process_identifier: 324
region_size: 4096
process_handle: 0x00000118
base_address: 0x00400000
success 0 0
1619910852.547046
NtMapViewOfSection
section_handle: 0x00000120
process_identifier: 324
commit_size: 708608
win32_protect: 64 (PAGE_EXECUTE_READWRITE)
buffer:
process_handle: 0x00000118
allocation_type: 0 ()
section_offset: 0
view_size: 708608
base_address: 0x00400000
success 0 0
1619910852.579046
NtGetContextThread
thread_handle: 0x00000114
success 0 0
1619910852.579046
NtSetContextThread
thread_handle: 0x00000114
registers.eip: 0
registers.esp: 0
registers.edi: 0
registers.eax: 4896944
registers.ebp: 0
registers.edx: 0
registers.ebx: 2130567168
registers.esi: 0
registers.ecx: 0
process_identifier: 324
success 0 0
1619910852.844046
NtResumeThread
thread_handle: 0x00000114
suspend_count: 1
process_identifier: 324
success 0 0
File has been identified by 63 AntiVirus engines on VirusTotal as malicious (50 out of 63 个事件)
Bkav W32.AIDetectVM.malware1
Elastic malicious (high confidence)
MicroWorld-eScan Trojan.GenericKDZ.67019
FireEye Generic.mg.cf5aaeb63e4e42e5
CAT-QuickHeal Trojan.Kryptik
Qihoo-360 Win32/Trojan.469
ALYac Trojan.Kryptik.gen
Cylance Unsafe
VIPRE Trojan.Win32.Simda.ba (v)
AegisLab Trojan.Win32.Kryptik.4!c
Sangfor Malware
K7AntiVirus Trojan ( 005663731 )
Alibaba VirTool:Win32/Obfuscator.1fe42099
K7GW Trojan ( 005663731 )
Cybereason malicious.f270c4
Arcabit Trojan.Generic.D105CB
Cyren W32/Delf.KP.gen!Eldorado
Symantec Trojan.Gen.MBT
APEX Malicious
Paloalto generic.ml
ClamAV Win.Malware.Agen-7772545-0
Kaspersky HEUR:Trojan.Win32.Kryptik.gen
BitDefender Trojan.GenericKDZ.67019
NANO-Antivirus Trojan.Win32.Stealer.hjzthm
Avast Win32:Trojan-gen
Rising Trojan.Injector!1.CB27 (CLASSIC)
Ad-Aware Trojan.GenericKDZ.67019
Emsisoft Trojan.GenericKDZ.67019 (B)
Comodo Malware@#hfkskuauz6pg
F-Secure Heuristic.HEUR/AGEN.1111031
DrWeb Trojan.PWS.Stealer.28466
Zillya Trojan.Injector.Win32.727929
TrendMicro TROJ_GEN.R06EC0DIE20
McAfee-GW-Edition BehavesLike.Win32.Fareit.bc
Sophos Mal/Generic-S
SentinelOne Static AI - Malicious PE
Jiangmin Trojan/Genome.dghq
Avira HEUR/AGEN.1111031
Antiy-AVL HackTool[VirTool]/Win32.Ceeinject
Gridinsoft Trojan.Win32.Wacatac.ba!s1
Microsoft VirTool:Win32/Obfuscator.OS!MTB
ZoneAlarm HEUR:Trojan.Win32.Kryptik.gen
GData Trojan.GenericKDZ.67019
Cynet Malicious (score: 100)
AhnLab-V3 Suspicious/Win.Delphiless.X2059
Acronis suspicious
McAfee Fareit-FSK!CF5AAEB63E4E
MAX malware (ai score=85)
VBA32 TScope.Trojan.Delf
Malwarebytes Trojan.MalPack
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

1992-06-20 06:22:17

Imports

Library kernel32.dll:
0x46f178 VirtualFree
0x46f17c VirtualAlloc
0x46f180 LocalFree
0x46f184 LocalAlloc
0x46f188 GetVersion
0x46f18c GetCurrentThreadId
0x46f198 VirtualQuery
0x46f19c WideCharToMultiByte
0x46f1a0 MultiByteToWideChar
0x46f1a4 lstrlenA
0x46f1a8 lstrcpynA
0x46f1ac LoadLibraryExA
0x46f1b0 GetThreadLocale
0x46f1b4 GetStartupInfoA
0x46f1b8 GetProcAddress
0x46f1bc GetModuleHandleA
0x46f1c0 GetModuleFileNameA
0x46f1c4 GetLocaleInfoA
0x46f1c8 GetCommandLineA
0x46f1cc FreeLibrary
0x46f1d0 FindFirstFileA
0x46f1d4 FindClose
0x46f1d8 ExitProcess
0x46f1dc WriteFile
0x46f1e4 RtlUnwind
0x46f1e8 RaiseException
0x46f1ec GetStdHandle
Library user32.dll:
0x46f1f4 GetKeyboardType
0x46f1f8 LoadStringA
0x46f1fc MessageBoxA
0x46f200 CharNextA
Library advapi32.dll:
0x46f208 RegQueryValueExA
0x46f20c RegOpenKeyExA
0x46f210 RegCloseKey
Library oleaut32.dll:
0x46f218 SysFreeString
0x46f21c SysReAllocStringLen
0x46f220 SysAllocStringLen
Library kernel32.dll:
0x46f228 TlsSetValue
0x46f22c TlsGetValue
0x46f230 LocalAlloc
0x46f234 GetModuleHandleA
Library advapi32.dll:
0x46f23c RegQueryValueExA
0x46f240 RegOpenKeyExA
0x46f244 RegCloseKey
Library kernel32.dll:
0x46f24c lstrcpyA
0x46f250 lstrcmpA
0x46f254 WriteFile
0x46f258 WaitForSingleObject
0x46f25c VirtualQuery
0x46f260 VirtualAllocEx
0x46f264 VirtualAlloc
0x46f268 Sleep
0x46f26c SizeofResource
0x46f270 SetThreadLocale
0x46f274 SetFilePointer
0x46f278 SetEvent
0x46f27c SetErrorMode
0x46f280 SetEndOfFile
0x46f284 ResetEvent
0x46f288 ReadFile
0x46f28c MultiByteToWideChar
0x46f290 MulDiv
0x46f294 LockResource
0x46f298 LoadResource
0x46f29c LoadLibraryA
0x46f2a8 GlobalUnlock
0x46f2ac GlobalSize
0x46f2b0 GlobalReAlloc
0x46f2b4 GlobalHandle
0x46f2b8 GlobalLock
0x46f2bc GlobalFree
0x46f2c0 GlobalFindAtomA
0x46f2c4 GlobalDeleteAtom
0x46f2c8 GlobalAlloc
0x46f2cc GlobalAddAtomA
0x46f2d0 GetVersionExA
0x46f2d4 GetVersion
0x46f2d8 GetUserDefaultLCID
0x46f2dc GetTickCount
0x46f2e0 GetThreadLocale
0x46f2e8 GetSystemTime
0x46f2ec GetSystemInfo
0x46f2f0 GetStringTypeExA
0x46f2f4 GetStdHandle
0x46f2f8 GetProcAddress
0x46f2fc GetModuleHandleA
0x46f300 GetModuleFileNameA
0x46f304 GetLocaleInfoA
0x46f308 GetLocalTime
0x46f30c GetLastError
0x46f310 GetFullPathNameA
0x46f314 GetDiskFreeSpaceA
0x46f318 GetDateFormatA
0x46f31c GetCurrentThreadId
0x46f320 GetCurrentProcessId
0x46f324 GetCurrentProcess
0x46f328 GetComputerNameA
0x46f32c GetCPInfo
0x46f330 GetACP
0x46f334 FreeResource
0x46f338 InterlockedExchange
0x46f33c FreeLibrary
0x46f340 FormatMessageA
0x46f344 FindResourceA
0x46f34c ExitThread
0x46f350 ExitProcess
0x46f354 EnumCalendarInfoA
0x46f360 CreateThread
0x46f364 CreateFileA
0x46f368 CreateEventA
0x46f36c CompareStringA
0x46f370 CloseHandle
Library version.dll:
0x46f378 VerQueryValueA
0x46f380 GetFileVersionInfoA
Library gdi32.dll:
0x46f388 UnrealizeObject
0x46f38c StretchBlt
0x46f390 SetWindowOrgEx
0x46f394 SetWinMetaFileBits
0x46f398 SetViewportOrgEx
0x46f39c SetTextColor
0x46f3a0 SetStretchBltMode
0x46f3a4 SetROP2
0x46f3a8 SetPixel
0x46f3ac SetMapMode
0x46f3b0 SetEnhMetaFileBits
0x46f3b4 SetDIBColorTable
0x46f3b8 SetBrushOrgEx
0x46f3bc SetBkMode
0x46f3c0 SetBkColor
0x46f3c4 SelectPalette
0x46f3c8 SelectObject
0x46f3cc SaveDC
0x46f3d0 RestoreDC
0x46f3d4 RectVisible
0x46f3d8 RealizePalette
0x46f3dc PlayEnhMetaFile
0x46f3e0 PatBlt
0x46f3e4 MoveToEx
0x46f3e8 MaskBlt
0x46f3ec LineTo
0x46f3f0 LPtoDP
0x46f3f4 IntersectClipRect
0x46f3f8 GetWindowOrgEx
0x46f3fc GetWinMetaFileBits
0x46f400 GetTextMetricsA
0x46f40c GetStockObject
0x46f410 GetPixel
0x46f414 GetPaletteEntries
0x46f418 GetObjectA
0x46f428 GetEnhMetaFileBits
0x46f42c GetDeviceCaps
0x46f430 GetDIBits
0x46f434 GetDIBColorTable
0x46f438 GetDCOrgEx
0x46f440 GetClipBox
0x46f444 GetBrushOrgEx
0x46f448 GetBitmapBits
0x46f44c ExcludeClipRect
0x46f450 DeleteObject
0x46f454 DeleteEnhMetaFile
0x46f458 DeleteDC
0x46f45c CreateSolidBrush
0x46f460 CreatePenIndirect
0x46f464 CreatePalette
0x46f46c CreateFontIndirectA
0x46f470 CreateEnhMetaFileA
0x46f474 CreateDIBitmap
0x46f478 CreateDIBSection
0x46f47c CreateCompatibleDC
0x46f484 CreateBrushIndirect
0x46f488 CreateBitmap
0x46f48c CopyEnhMetaFileA
0x46f490 CloseEnhMetaFile
0x46f494 BitBlt
Library opengl32.dll:
0x46f49c wglCreateContext
Library user32.dll:
0x46f4a4 CreateWindowExA
0x46f4a8 WindowFromPoint
0x46f4ac WinHelpA
0x46f4b0 WaitMessage
0x46f4b4 UpdateWindow
0x46f4b8 UnregisterClassA
0x46f4bc UnhookWindowsHookEx
0x46f4c0 TranslateMessage
0x46f4c8 TrackPopupMenu
0x46f4d0 ShowWindow
0x46f4d4 ShowScrollBar
0x46f4d8 ShowOwnedPopups
0x46f4dc ShowCursor
0x46f4e0 SetWindowsHookExA
0x46f4e4 SetWindowTextA
0x46f4e8 SetWindowPos
0x46f4ec SetWindowPlacement
0x46f4f0 SetWindowLongA
0x46f4f4 SetTimer
0x46f4f8 SetScrollRange
0x46f4fc SetScrollPos
0x46f500 SetScrollInfo
0x46f504 SetRect
0x46f508 SetPropA
0x46f50c SetParent
0x46f510 SetMenuItemInfoA
0x46f514 SetMenu
0x46f518 SetForegroundWindow
0x46f51c SetFocus
0x46f520 SetCursor
0x46f524 SetClassLongA
0x46f528 SetCapture
0x46f52c SetActiveWindow
0x46f530 SendMessageA
0x46f534 ScrollWindow
0x46f538 ScreenToClient
0x46f53c RemovePropA
0x46f540 RemoveMenu
0x46f544 ReleaseDC
0x46f548 ReleaseCapture
0x46f554 RegisterClassA
0x46f558 RedrawWindow
0x46f55c PtInRect
0x46f560 PostQuitMessage
0x46f564 PostMessageA
0x46f568 PeekMessageA
0x46f56c OffsetRect
0x46f570 OemToCharA
0x46f574 MessageBoxA
0x46f578 MapWindowPoints
0x46f57c MapVirtualKeyA
0x46f580 LoadStringA
0x46f584 LoadKeyboardLayoutA
0x46f588 LoadIconA
0x46f58c LoadCursorA
0x46f590 LoadBitmapA
0x46f594 KillTimer
0x46f598 IsZoomed
0x46f59c IsWindowVisible
0x46f5a0 IsWindowEnabled
0x46f5a4 IsWindow
0x46f5a8 IsRectEmpty
0x46f5ac IsIconic
0x46f5b0 IsDialogMessageA
0x46f5b4 IsChild
0x46f5b8 InvalidateRect
0x46f5bc IntersectRect
0x46f5c0 InsertMenuItemA
0x46f5c4 InsertMenuA
0x46f5c8 InflateRect
0x46f5d0 GetWindowTextA
0x46f5d4 GetWindowRect
0x46f5d8 GetWindowPlacement
0x46f5dc GetWindowLongA
0x46f5e0 GetWindowDC
0x46f5e4 GetTopWindow
0x46f5e8 GetSystemMetrics
0x46f5ec GetSystemMenu
0x46f5f0 GetSysColorBrush
0x46f5f4 GetSysColor
0x46f5f8 GetSubMenu
0x46f5fc GetScrollRange
0x46f600 GetScrollPos
0x46f604 GetScrollInfo
0x46f608 GetPropA
0x46f60c GetParent
0x46f610 GetWindow
0x46f614 GetMessageTime
0x46f618 GetMenuStringA
0x46f61c GetMenuState
0x46f620 GetMenuItemInfoA
0x46f624 GetMenuItemID
0x46f628 GetMenuItemCount
0x46f62c GetMenu
0x46f630 GetLastActivePopup
0x46f634 GetKeyboardState
0x46f63c GetKeyboardLayout
0x46f640 GetKeyState
0x46f644 GetKeyNameTextA
0x46f648 GetIconInfo
0x46f64c GetForegroundWindow
0x46f650 GetFocus
0x46f654 GetDlgItem
0x46f658 GetDesktopWindow
0x46f65c GetDCEx
0x46f660 GetDC
0x46f664 GetCursorPos
0x46f668 GetCursor
0x46f66c GetClipboardData
0x46f670 GetClientRect
0x46f674 GetClassNameA
0x46f678 GetClassInfoA
0x46f67c GetCapture
0x46f680 GetActiveWindow
0x46f684 FrameRect
0x46f688 FindWindowA
0x46f68c FillRect
0x46f690 EqualRect
0x46f694 EnumWindows
0x46f698 EnumThreadWindows
0x46f69c EndPaint
0x46f6a0 EnableWindow
0x46f6a4 EnableScrollBar
0x46f6a8 EnableMenuItem
0x46f6ac DrawTextA
0x46f6b0 DrawMenuBar
0x46f6b4 DrawIconEx
0x46f6b8 DrawIcon
0x46f6bc DrawFrameControl
0x46f6c0 DrawEdge
0x46f6c4 DispatchMessageA
0x46f6c8 DestroyWindow
0x46f6cc DestroyMenu
0x46f6d0 DestroyIcon
0x46f6d4 DestroyCursor
0x46f6d8 DeleteMenu
0x46f6dc DefWindowProcA
0x46f6e0 DefMDIChildProcA
0x46f6e4 DefFrameProcA
0x46f6e8 CreatePopupMenu
0x46f6ec CreateMenu
0x46f6f0 CreateIcon
0x46f6f4 ClientToScreen
0x46f6f8 CheckMenuItem
0x46f6fc CallWindowProcA
0x46f700 CallNextHookEx
0x46f704 BeginPaint
0x46f708 CharNextA
0x46f70c CharLowerBuffA
0x46f710 CharLowerA
0x46f714 CharToOemA
0x46f718 AdjustWindowRectEx
Library kernel32.dll:
0x46f724 Sleep
Library oleaut32.dll:
0x46f72c SafeArrayPtrOfIndex
0x46f730 SafeArrayGetUBound
0x46f734 SafeArrayGetLBound
0x46f738 SafeArrayCreate
0x46f73c VariantChangeType
0x46f740 VariantCopy
0x46f744 VariantClear
0x46f748 VariantInit
Library ole32.dll:
0x46f754 IsAccelerator
0x46f758 OleDraw
0x46f760 CoTaskMemFree
0x46f764 CoTaskMemAlloc
0x46f768 ProgIDFromCLSID
0x46f76c StringFromCLSID
0x46f770 CoCreateInstance
0x46f774 CoGetClassObject
0x46f778 CoUninitialize
0x46f77c CoInitialize
0x46f780 IsEqualGUID
Library oleaut32.dll:
0x46f788 GetErrorInfo
0x46f78c GetActiveObject
0x46f790 SysFreeString
Library comctl32.dll:
0x46f7a0 ImageList_Write
0x46f7a4 ImageList_Read
0x46f7b4 ImageList_DragMove
0x46f7b8 ImageList_DragLeave
0x46f7bc ImageList_DragEnter
0x46f7c0 ImageList_EndDrag
0x46f7c4 ImageList_BeginDrag
0x46f7c8 ImageList_Remove
0x46f7cc ImageList_DrawEx
0x46f7d0 ImageList_Draw
0x46f7e0 ImageList_Add
0x46f7e8 ImageList_Destroy
0x46f7ec ImageList_Create
0x46f7f0 InitCommonControls
Library comdlg32.dll:
0x46f7f8 GetSaveFileNameA
0x46f7fc GetOpenFileNameA

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 50534 114.114.114.114 53
192.168.56.101 51963 114.114.114.114 53
192.168.56.101 56539 114.114.114.114 53
192.168.56.101 65004 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 49235 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 60123 224.0.0.252 5355
192.168.56.101 62191 224.0.0.252 5355
192.168.56.101 1900 239.255.255.250 1900
192.168.56.101 50535 239.255.255.250 3702
192.168.56.101 50537 239.255.255.250 3702
192.168.56.101 56807 239.255.255.250 1900
192.168.56.101 58707 239.255.255.250 3702
192.168.56.101 62192 239.255.255.250 3702

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.