5.0
中危
1 个模型检测该样本为恶意!
重新分析
更多

3ad7df55cc2fa06e964d7e4f26a2e4a0cd85d2aacba7c2ba85e455e021da1c15

cfdb7dfdfcacd1edb091192f58b265c0.exe

分析耗时

35s

最近分析

文件大小

7.2MB
静态报毒 动态报毒
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
McAfee 20201026 6.0.6.653
Alibaba 20190527 0.3.0.5
Baidu 20190318 1.0.0.2
Avast 20201026 18.4.3895.0
Tencent 20201026 1.0.0.1
Kingsoft 20201026 2013.8.14.323
CrowdStrike 20190702 1.0
静态指标
Queries for the computername (2 个事件)
Time & API Arguments Status Return Repeated
1620903223.786875
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
1620903224.457875
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
At least one process apparently crashed during execution (1 个事件)
Time & API Arguments Status Return Repeated
1620903223.161875
LdrLoadDll
basename: FaultRep
module_address: 0x750a0000
flags: 0
module_name: FaultRep.dll
stack_pivoted: 0
success 0 0
Collects information to fingerprint the system (MachineGuid, DigitalProductId, SystemBiosDate) (1 个事件)
registry HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\InstallDate
This executable is signed
Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available (1 个事件)
Time & API Arguments Status Return Repeated
1620903223.817875
GlobalMemoryStatusEx
success 1 0
The executable contains unknown PE section names indicative of a packer (could be a false positive) (2 个事件)
section .itext
section .didata
The file contains an unknown PE resource name possibly indicative of a packer (1 个事件)
resource name TYPELIB
One or more processes crashed (2 个事件)
Time & API Arguments Status Return Repeated
1620903223.942875
__exception__
stacktrace: 
madTraceProcess+0x681e2 cfdb7dfdfcacd1edb091192f58b265c0+0xfefc2 @ 0x4fefc2
madTraceProcess+0xabb5c cfdb7dfdfcacd1edb091192f58b265c0+0x14293c @ 0x54293c
madTraceProcess+0x53d6a4 cfdb7dfdfcacd1edb091192f58b265c0+0x5d4484 @ 0x9d4484
madTraceProcess-0x8d740 cfdb7dfdfcacd1edb091192f58b265c0+0x96a0 @ 0x4096a0
madTraceProcess-0x8d6d4 cfdb7dfdfcacd1edb091192f58b265c0+0x970c @ 0x40970c
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1637868
registers.edi: 0
registers.eax: 1637868
registers.ebp: 1637948
registers.edx: 0
registers.ebx: 44213400
registers.esi: 44272188
registers.ecx: 7
exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b
exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727
exception.instruction: leave
exception.module: KERNELBASE.dll
exception.exception_code: 0xeedfade
exception.offset: 46887
exception.address: 0x778eb727
success 0 0
1620903224.536875
__exception__
stacktrace: 
madTraceProcess+0x94fee cfdb7dfdfcacd1edb091192f58b265c0+0x12bdce @ 0x52bdce
madTraceProcess+0x94174 cfdb7dfdfcacd1edb091192f58b265c0+0x12af54 @ 0x52af54
madTraceProcess+0x94e61 cfdb7dfdfcacd1edb091192f58b265c0+0x12bc41 @ 0x52bc41
madTraceProcess+0x31c68a cfdb7dfdfcacd1edb091192f58b265c0+0x3b346a @ 0x7b346a
madTraceProcess+0x31c2ee cfdb7dfdfcacd1edb091192f58b265c0+0x3b30ce @ 0x7b30ce
madTraceProcess+0x5400cd cfdb7dfdfcacd1edb091192f58b265c0+0x5d6ead @ 0x9d6ead
madTraceProcess-0x8d6d4 cfdb7dfdfcacd1edb091192f58b265c0+0x970c @ 0x40970c
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1637636
registers.edi: 44063548
registers.eax: 1637636
registers.ebp: 1637716
registers.edx: 0
registers.ebx: 1
registers.esi: 44063772
registers.ecx: 7
exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b
exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727
exception.instruction: leave
exception.module: KERNELBASE.dll
exception.exception_code: 0xeedfade
exception.offset: 46887
exception.address: 0x778eb727
success 0 0
行为判定
动态指标
Allocates read-write-execute memory (usually to unpack itself) (1 个事件)
Time & API Arguments Status Return Repeated
1620903223.223875
NtAllocateVirtualMemory
process_identifier: 2364
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00b70000
success 0 0
File has been identified by one AntiVirus engine on VirusTotal as malicious (1 个事件)
DrWeb Program.Unwanted.4931
网络通信
Communicates with host for which no DNS query was performed (1 个事件)
host 172.217.24.14
Checks the presence of IDE drives in the registry, possibly for anti-virtualization (2 个事件)
registry HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\IDE
registry HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\IDE\DiskVBOX_HARDDISK___________________________1.0_____
Detects the presence of Wine emulator (1 个事件)
Time & API Arguments Status Return Repeated
1620903224.457875
LdrGetProcedureAddress
ordinal: 0
module: ntdll
module_address: 0x77d30000
function_address: 0x02a390a4
function_name: wine_get_version
failed 3221225785 0
Generates some ICMP traffic
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

2020-08-18 22:26:20

Imports

Library oleaut32.dll:
0xa0a280 SysFreeString
0xa0a284 SysReAllocStringLen
0xa0a288 SysAllocStringLen
Library advapi32.dll:
0xa0a290 RegQueryValueExW
0xa0a294 RegOpenKeyExW
0xa0a298 RegCloseKey
Library user32.dll:
0xa0a2a0 MessageBoxA
0xa0a2a4 CharNextW
0xa0a2a8 LoadStringW
Library kernel32.dll:
0xa0a2b0 Sleep
0xa0a2b4 VirtualFree
0xa0a2b8 VirtualAlloc
0xa0a2bc lstrlenW
0xa0a2c0 lstrcpynW
0xa0a2c4 VirtualQuery
0xa0a2cc GetTickCount
0xa0a2d0 GetSystemInfo
0xa0a2d4 GetVersion
0xa0a2d8 CompareStringW
0xa0a2dc IsDBCSLeadByteEx
0xa0a2e0 IsValidLocale
0xa0a2e4 SetThreadLocale
0xa0a2f0 GetLocaleInfoW
0xa0a2f4 WideCharToMultiByte
0xa0a2f8 MultiByteToWideChar
0xa0a2fc GetConsoleOutputCP
0xa0a300 GetConsoleCP
0xa0a304 GetACP
0xa0a308 LoadLibraryExW
0xa0a30c GetStartupInfoW
0xa0a310 GetProcAddress
0xa0a314 GetModuleHandleW
0xa0a318 GetModuleFileNameW
0xa0a31c GetCommandLineW
0xa0a320 FreeLibrary
0xa0a324 GetLastError
0xa0a32c RtlUnwind
0xa0a330 RaiseException
0xa0a334 ExitProcess
0xa0a338 ExitThread
0xa0a33c SwitchToThread
0xa0a340 GetCurrentThreadId
0xa0a344 CreateThread
0xa0a358 FindFirstFileW
0xa0a35c FindClose
0xa0a368 RemoveDirectoryW
0xa0a36c WriteFile
0xa0a370 SetFilePointer
0xa0a374 SetEndOfFile
0xa0a378 ReadFile
0xa0a37c GetFileType
0xa0a380 GetFileSize
0xa0a384 CreateFileW
0xa0a388 GetStdHandle
0xa0a38c CloseHandle
Library kernel32.dll:
0xa0a394 GetProcAddress
0xa0a398 RaiseException
0xa0a39c LoadLibraryA
0xa0a3a0 GetLastError
0xa0a3a4 TlsSetValue
0xa0a3a8 TlsGetValue
0xa0a3ac LocalFree
0xa0a3b0 LocalAlloc
0xa0a3b4 GetModuleHandleW
0xa0a3b8 FreeLibrary
Library user32.dll:
0xa0a3c0 SetClassLongW
0xa0a3c4 GetClassLongW
0xa0a3c8 SetWindowLongW
0xa0a3cc GetWindowLongW
0xa0a3d0 CreateWindowExA
0xa0a3d4 CreateWindowExW
0xa0a3d8 WindowFromPoint
0xa0a3dc WaitMessage
0xa0a3e0 WaitForInputIdle
0xa0a3e4 UpdateWindow
0xa0a3e8 UnregisterClassA
0xa0a3ec UnregisterClassW
0xa0a3f0 UnhookWindowsHookEx
0xa0a3f4 TranslateMessage
0xa0a3fc TrackPopupMenu
0xa0a404 ShowWindow
0xa0a408 ShowScrollBar
0xa0a40c ShowOwnedPopups
0xa0a410 ShowCaret
0xa0a414 SetWindowRgn
0xa0a418 SetWindowsHookExW
0xa0a41c SetWindowTextA
0xa0a420 SetWindowTextW
0xa0a424 SetWindowPos
0xa0a428 SetWindowPlacement
0xa0a42c SetTimer
0xa0a430 SetScrollRange
0xa0a434 SetScrollPos
0xa0a438 SetScrollInfo
0xa0a43c SetRect
0xa0a440 SetPropW
0xa0a444 SetParent
0xa0a448 SetMenuItemInfoW
0xa0a44c SetMenu
0xa0a450 SetForegroundWindow
0xa0a454 SetFocus
0xa0a458 SetCursorPos
0xa0a45c SetCursor
0xa0a460 SetClipboardData
0xa0a464 SetCapture
0xa0a468 SetActiveWindow
0xa0a46c SendMessageTimeoutA
0xa0a470 SendMessageA
0xa0a474 SendMessageW
0xa0a478 ScrollWindow
0xa0a47c ScreenToClient
0xa0a480 RemovePropW
0xa0a484 RemoveMenu
0xa0a488 ReleaseDC
0xa0a48c ReleaseCapture
0xa0a498 RegisterClassA
0xa0a49c RegisterClassW
0xa0a4a0 RedrawWindow
0xa0a4a4 PtInRect
0xa0a4a8 PostThreadMessageA
0xa0a4ac PostThreadMessageW
0xa0a4b0 PostQuitMessage
0xa0a4b4 PostMessageA
0xa0a4b8 PostMessageW
0xa0a4bc PeekMessageA
0xa0a4c0 PeekMessageW
0xa0a4c4 OpenClipboard
0xa0a4c8 OffsetRect
0xa0a4cc OemToCharBuffA
0xa0a4d0 OemToCharA
0xa0a4dc MessageBoxA
0xa0a4e0 MessageBoxW
0xa0a4e4 MessageBeep
0xa0a4e8 MapWindowPoints
0xa0a4ec MapVirtualKeyW
0xa0a4f0 LoadStringW
0xa0a4f4 LoadKeyboardLayoutW
0xa0a4f8 LoadImageA
0xa0a4fc LoadImageW
0xa0a500 LoadIconW
0xa0a504 LoadCursorW
0xa0a508 LoadBitmapW
0xa0a50c KillTimer
0xa0a510 IsZoomed
0xa0a514 IsWindowVisible
0xa0a518 IsWindowUnicode
0xa0a51c IsWindowEnabled
0xa0a520 IsWindow
0xa0a524 IsIconic
0xa0a528 IsDialogMessageA
0xa0a52c IsDialogMessageW
0xa0a530 IsChild
0xa0a534 InvalidateRect
0xa0a538 InsertMenuItemW
0xa0a53c InsertMenuW
0xa0a540 InflateRect
0xa0a544 HideCaret
0xa0a54c GetWindowTextA
0xa0a550 GetWindowTextW
0xa0a554 GetWindowRect
0xa0a558 GetWindowPlacement
0xa0a55c GetWindowDC
0xa0a560 GetTopWindow
0xa0a564 GetThreadDesktop
0xa0a568 GetSystemMetrics
0xa0a56c GetSystemMenu
0xa0a570 GetSysColorBrush
0xa0a574 GetSysColor
0xa0a578 GetSubMenu
0xa0a57c GetScrollRange
0xa0a580 GetScrollPos
0xa0a584 GetScrollInfo
0xa0a588 GetScrollBarInfo
0xa0a58c GetPropW
0xa0a590 GetParent
0xa0a594 GetWindow
0xa0a598 GetMessagePos
0xa0a59c GetMessageExtraInfo
0xa0a5a0 GetMessageA
0xa0a5a4 GetMessageW
0xa0a5a8 GetMenuStringW
0xa0a5ac GetMenuState
0xa0a5b0 GetMenuItemInfoW
0xa0a5b4 GetMenuItemID
0xa0a5b8 GetMenuItemCount
0xa0a5bc GetMenu
0xa0a5c0 GetLastActivePopup
0xa0a5c4 GetKeyboardState
0xa0a5d0 GetKeyboardLayout
0xa0a5d4 GetKeyState
0xa0a5d8 GetKeyNameTextW
0xa0a5dc GetIconInfo
0xa0a5e0 GetForegroundWindow
0xa0a5e4 GetFocus
0xa0a5e8 GetDlgCtrlID
0xa0a5ec GetDesktopWindow
0xa0a5f0 GetDCEx
0xa0a5f4 GetDC
0xa0a5f8 GetCursorPos
0xa0a5fc GetCursor
0xa0a600 GetClipboardData
0xa0a604 GetClientRect
0xa0a608 GetClassNameA
0xa0a60c GetClassNameW
0xa0a610 GetClassInfoExW
0xa0a614 GetClassInfoW
0xa0a618 GetCapture
0xa0a61c GetActiveWindow
0xa0a620 FrameRect
0xa0a624 FindWindowExW
0xa0a628 FindWindowA
0xa0a62c FindWindowW
0xa0a630 FillRect
0xa0a634 EnumWindows
0xa0a638 EnumThreadWindows
0xa0a640 EnumChildWindows
0xa0a644 EndPaint
0xa0a648 EndMenu
0xa0a64c EnableWindow
0xa0a650 EnableScrollBar
0xa0a654 EnableMenuItem
0xa0a658 EmptyClipboard
0xa0a65c DrawTextExW
0xa0a660 DrawTextA
0xa0a664 DrawTextW
0xa0a668 DrawMenuBar
0xa0a66c DrawIconEx
0xa0a670 DrawIcon
0xa0a674 DrawFrameControl
0xa0a678 DrawFocusRect
0xa0a67c DrawEdge
0xa0a680 DispatchMessageA
0xa0a684 DispatchMessageW
0xa0a688 DestroyWindow
0xa0a68c DestroyMenu
0xa0a690 DestroyIcon
0xa0a694 DestroyCursor
0xa0a698 DeleteMenu
0xa0a69c DefWindowProcA
0xa0a6a0 DefWindowProcW
0xa0a6a4 DefMDIChildProcW
0xa0a6a8 DefFrameProcW
0xa0a6ac CreatePopupMenu
0xa0a6b0 CreateMenu
0xa0a6b4 CreateIcon
0xa0a6bc CopyImage
0xa0a6c0 CloseClipboard
0xa0a6c4 ClientToScreen
0xa0a6c8 CheckMenuItem
0xa0a6cc CharUpperBuffW
0xa0a6d0 CharUpperW
0xa0a6d4 CharNextW
0xa0a6d8 CharLowerBuffW
0xa0a6dc CharLowerW
0xa0a6e0 CallWindowProcA
0xa0a6e4 CallWindowProcW
0xa0a6e8 CallNextHookEx
0xa0a6ec BringWindowToTop
0xa0a6f0 BeginPaint
0xa0a6f4 AttachThreadInput
0xa0a6f8 CharLowerBuffA
0xa0a6fc CharUpperBuffA
0xa0a700 CharToOemBuffA
0xa0a704 CharToOemA
0xa0a708 AdjustWindowRectEx
Library gdi32.dll:
0xa0a714 UnrealizeObject
0xa0a718 TextOutA
0xa0a71c TextOutW
0xa0a720 StretchBlt
0xa0a724 StartPage
0xa0a728 StartDocA
0xa0a72c StartDocW
0xa0a730 SetWindowOrgEx
0xa0a734 SetWinMetaFileBits
0xa0a738 SetViewportOrgEx
0xa0a73c SetTextColor
0xa0a740 SetStretchBltMode
0xa0a744 SetROP2
0xa0a748 SetPixel
0xa0a74c SetMapMode
0xa0a750 SetEnhMetaFileBits
0xa0a754 SetDIBits
0xa0a758 SetDIBColorTable
0xa0a75c SetBrushOrgEx
0xa0a760 SetBkMode
0xa0a764 SetBkColor
0xa0a768 SelectPalette
0xa0a76c SelectObject
0xa0a770 SelectClipRgn
0xa0a774 SaveDC
0xa0a778 RoundRect
0xa0a77c RestoreDC
0xa0a780 Rectangle
0xa0a784 RectVisible
0xa0a788 RealizePalette
0xa0a78c Polyline
0xa0a790 Polygon
0xa0a794 PolyBezierTo
0xa0a798 PolyBezier
0xa0a79c PlayEnhMetaFile
0xa0a7a0 Pie
0xa0a7a4 PatBlt
0xa0a7a8 MoveToEx
0xa0a7ac MaskBlt
0xa0a7b0 LineTo
0xa0a7b4 IntersectClipRect
0xa0a7b8 GetWindowOrgEx
0xa0a7bc GetWinMetaFileBits
0xa0a7c0 GetTextMetricsW
0xa0a7c4 GetTextFaceA
0xa0a7c8 GetTextExtentPointW
0xa0a7d8 GetStockObject
0xa0a7dc GetRgnBox
0xa0a7e0 GetPixel
0xa0a7e4 GetPaletteEntries
0xa0a7e8 GetObjectW
0xa0a7f8 GetEnhMetaFileBits
0xa0a7fc GetDeviceCaps
0xa0a800 GetDIBits
0xa0a804 GetDIBColorTable
0xa0a80c GetClipBox
0xa0a810 GetBrushOrgEx
0xa0a814 GetBitmapBits
0xa0a818 GdiFlush
0xa0a81c FrameRgn
0xa0a820 ExtTextOutW
0xa0a824 ExtFloodFill
0xa0a828 ExcludeClipRect
0xa0a82c EnumFontFamiliesExW
0xa0a830 EndPage
0xa0a834 EndDoc
0xa0a838 Ellipse
0xa0a83c DeleteObject
0xa0a840 DeleteEnhMetaFile
0xa0a844 DeleteDC
0xa0a848 CreateSolidBrush
0xa0a850 CreateRectRgn
0xa0a854 CreatePenIndirect
0xa0a858 CreatePen
0xa0a85c CreatePalette
0xa0a864 CreateFontIndirectW
0xa0a868 CreateFontA
0xa0a86c CreateFontW
0xa0a870 CreateDIBitmap
0xa0a874 CreateDIBSection
0xa0a878 CreateDCW
0xa0a87c CreateCompatibleDC
0xa0a884 CreateBrushIndirect
0xa0a888 CreateBitmap
0xa0a88c CopyEnhMetaFileW
0xa0a890 CombineRgn
0xa0a894 Chord
0xa0a898 BitBlt
0xa0a89c ArcTo
0xa0a8a0 Arc
0xa0a8a4 AngleArc
Library version.dll:
0xa0a8ac VerQueryValueA
0xa0a8b0 VerQueryValueW
0xa0a8bc GetFileVersionInfoA
0xa0a8c0 GetFileVersionInfoW
Library kernel32.dll:
0xa0a8c8 lstrlenA
0xa0a8cc lstrlenW
0xa0a8d0 lstrcpynW
0xa0a8d4 lstrcmpiW
0xa0a8d8 lstrcmpA
0xa0a8dc lstrcmpW
0xa0a8e4 WriteFile
0xa0a8e8 WideCharToMultiByte
0xa0a8ec WaitForSingleObject
0xa0a8f8 VirtualQueryEx
0xa0a8fc VirtualQuery
0xa0a900 VirtualProtect
0xa0a904 VirtualFree
0xa0a908 VirtualAlloc
0xa0a90c UnmapViewOfFile
0xa0a910 TerminateThread
0xa0a914 TerminateProcess
0xa0a920 SwitchToThread
0xa0a924 SuspendThread
0xa0a928 Sleep
0xa0a92c SizeofResource
0xa0a930 SetVolumeLabelW
0xa0a938 SetThreadPriority
0xa0a93c SetThreadLocale
0xa0a940 SetLastError
0xa0a944 SetFileTime
0xa0a948 SetFilePointer
0xa0a94c SetFileAttributesA
0xa0a950 SetFileAttributesW
0xa0a954 SetEvent
0xa0a958 SetErrorMode
0xa0a95c SetEndOfFile
0xa0a960 SetDllDirectoryW
0xa0a964 ResumeThread
0xa0a968 ResetEvent
0xa0a96c RemoveDirectoryA
0xa0a970 RemoveDirectoryW
0xa0a974 ReleaseSemaphore
0xa0a978 ReleaseMutex
0xa0a97c ReadProcessMemory
0xa0a980 ReadFile
0xa0a984 RaiseException
0xa0a990 QueryDosDeviceW
0xa0a994 PeekNamedPipe
0xa0a998 IsDebuggerPresent
0xa0a99c OutputDebugStringW
0xa0a9a0 OpenProcess
0xa0a9a4 OpenMutexA
0xa0a9a8 OpenFileMappingA
0xa0a9ac OpenFileMappingW
0xa0a9b0 MultiByteToWideChar
0xa0a9b4 MulDiv
0xa0a9b8 MoveFileExW
0xa0a9bc MoveFileW
0xa0a9c0 MapViewOfFile
0xa0a9c4 LockResource
0xa0a9c8 LocalSize
0xa0a9cc LocalFree
0xa0a9d4 LocalAlloc
0xa0a9d8 LoadResource
0xa0a9dc LoadLibraryExA
0xa0a9e0 LoadLibraryA
0xa0a9e4 LoadLibraryW
0xa0a9ec LCMapStringW
0xa0a9f0 IsValidLocale
0xa0a9f4 IsBadReadPtr
0xa0aa00 HeapFree
0xa0aa04 HeapDestroy
0xa0aa08 HeapCreate
0xa0aa0c HeapAlloc
0xa0aa10 GlobalUnlock
0xa0aa18 GlobalMemoryStatus
0xa0aa1c GlobalLock
0xa0aa20 GlobalFree
0xa0aa24 GlobalFindAtomW
0xa0aa28 GlobalDeleteAtom
0xa0aa2c GlobalAlloc
0xa0aa30 GlobalAddAtomW
0xa0aa40 GetVersionExA
0xa0aa44 GetVersionExW
0xa0aa48 GetVersion
0xa0aa4c GetUserDefaultLCID
0xa0aa54 GetTickCount
0xa0aa58 GetThreadPriority
0xa0aa5c GetThreadLocale
0xa0aa60 GetThreadContext
0xa0aa64 GetTempPathA
0xa0aa68 GetTempPathW
0xa0aa6c GetTempFileNameW
0xa0aa70 GetSystemTime
0xa0aa74 GetSystemInfo
0xa0aa78 GetSystemDirectoryW
0xa0aa80 GetStringTypeExA
0xa0aa84 GetStdHandle
0xa0aa88 GetLongPathNameW
0xa0aa8c GetShortPathNameW
0xa0aa94 GetProcAddress
0xa0aa9c GetModuleHandleA
0xa0aaa0 GetModuleHandleW
0xa0aaa4 GetModuleFileNameA
0xa0aaa8 GetModuleFileNameW
0xa0aaac GetLogicalDrives
0xa0aab4 GetLocaleInfoA
0xa0aab8 GetLocaleInfoW
0xa0aabc GetLocalTime
0xa0aac0 GetLastError
0xa0aac4 GetFullPathNameW
0xa0aac8 GetFileTime
0xa0aacc GetFileSize
0xa0aad4 GetFileAttributesA
0xa0aad8 GetFileAttributesW
0xa0aadc GetExitCodeThread
0xa0aae0 GetExitCodeProcess
0xa0aaec GetDriveTypeW
0xa0aaf0 GetDiskFreeSpaceExW
0xa0aaf4 GetDiskFreeSpaceA
0xa0aaf8 GetDiskFreeSpaceW
0xa0aafc GetDateFormatW
0xa0ab00 GetCurrentThreadId
0xa0ab04 GetCurrentThread
0xa0ab08 GetCurrentProcessId
0xa0ab0c GetCurrentProcess
0xa0ab18 GetComputerNameA
0xa0ab1c GetComputerNameW
0xa0ab20 GetCommandLineA
0xa0ab24 GetCommandLineW
0xa0ab28 GetCPInfoExW
0xa0ab2c GetCPInfo
0xa0ab30 GetACP
0xa0ab34 FreeResource
0xa0ab3c InterlockedExchange
0xa0ab4c FreeLibrary
0xa0ab54 FormatMessageA
0xa0ab58 FormatMessageW
0xa0ab60 FlushFileBuffers
0xa0ab64 FindResourceA
0xa0ab68 FindResourceW
0xa0ab6c FindNextFileA
0xa0ab70 FindNextFileW
0xa0ab74 FindFirstFileA
0xa0ab78 FindFirstFileW
0xa0ab7c FindClose
0xa0ab94 ExitThread
0xa0ab98 ExitProcess
0xa0ab9c EnumSystemLocalesW
0xa0aba0 EnumCalendarInfoW
0xa0aba8 DuplicateHandle
0xa0abb0 DeviceIoControl
0xa0abb4 DeleteFileA
0xa0abb8 DeleteFileW
0xa0abc0 CreateThread
0xa0abc4 CreateSemaphoreW
0xa0abc8 CreateProcessA
0xa0abcc CreateProcessW
0xa0abd0 CreatePipe
0xa0abd4 CreateMutexA
0xa0abd8 CreateMutexW
0xa0abdc CreateFileMappingA
0xa0abe0 CreateFileMappingW
0xa0abe4 CreateFileA
0xa0abe8 CreateFileW
0xa0abec CreateEventA
0xa0abf0 CreateEventW
0xa0abf4 CreateDirectoryA
0xa0abf8 CreateDirectoryW
0xa0abfc CopyFileA
0xa0ac00 CopyFileW
0xa0ac04 CompareStringA
0xa0ac08 CompareStringW
0xa0ac0c CloseHandle
0xa0ac10 Beep
Library advapi32.dll:
0xa0ac1c RegSetValueExA
0xa0ac20 RegSetValueExW
0xa0ac24 RegQueryValueExA
0xa0ac28 RegQueryValueExW
0xa0ac2c RegQueryInfoKeyW
0xa0ac30 RegOpenKeyExA
0xa0ac34 RegOpenKeyExW
0xa0ac38 RegFlushKey
0xa0ac3c RegEnumValueW
0xa0ac40 RegEnumKeyExW
0xa0ac44 RegDeleteValueA
0xa0ac48 RegDeleteValueW
0xa0ac4c RegDeleteKeyW
0xa0ac50 RegCreateKeyExA
0xa0ac54 RegCreateKeyExW
0xa0ac58 RegCloseKey
0xa0ac5c RegOpenCurrentUser
0xa0ac60 OpenThreadToken
0xa0ac64 OpenProcessToken
0xa0ac68 LookupAccountSidW
0xa0ac6c LookupAccountNameW
0xa0ac70 IsValidSid
0xa0ac78 GetUserNameA
0xa0ac7c GetUserNameW
0xa0ac80 GetTokenInformation
0xa0ac88 GetSidSubAuthority
0xa0ac90 FreeSid
0xa0ac94 EqualSid
0xa0ac98 DuplicateToken
Library kernel32.dll:
0xa0aca8 Sleep
Library ole32.dll:
0xa0acb0 CoCreateGuid
Library oleaut32.dll:
0xa0acbc SafeArrayPtrOfIndex
0xa0acc0 SafeArrayPutElement
0xa0acc4 SafeArrayGetElement
0xa0accc SafeArrayAccessData
0xa0acd0 SafeArrayGetUBound
0xa0acd4 SafeArrayGetLBound
0xa0acd8 SafeArrayCreate
0xa0acdc VariantChangeType
0xa0ace0 VariantCopyInd
0xa0ace4 VariantCopy
0xa0ace8 VariantClear
0xa0acec VariantInit
Library oleaut32.dll:
0xa0acf4 CreateErrorInfo
0xa0acf8 GetErrorInfo
0xa0acfc SetErrorInfo
0xa0ad00 GetActiveObject
0xa0ad04 DispGetIDsOfNames
0xa0ad08 RegisterTypeLib
0xa0ad0c LoadTypeLibEx
0xa0ad10 VarI4FromDec
0xa0ad14 SysFreeString
Library ole32.dll:
0xa0ad1c OleUninitialize
0xa0ad20 OleInitialize
0xa0ad24 StgIsStorageFile
0xa0ad28 StgOpenStorage
0xa0ad2c StgCreateDocfile
0xa0ad30 CoTaskMemFree
0xa0ad34 CoTaskMemAlloc
0xa0ad38 CLSIDFromProgID
0xa0ad3c ProgIDFromCLSID
0xa0ad40 CLSIDFromString
0xa0ad44 StringFromCLSID
0xa0ad48 CoCreateInstance
0xa0ad54 CoDisconnectObject
0xa0ad58 CoRevokeClassObject
0xa0ad60 CoUninitialize
0xa0ad64 CoInitialize
0xa0ad68 IsEqualGUID
Library comctl32.dll:
0xa0ad70 InitializeFlatSB
0xa0ad78 FlatSB_SetScrollPos
0xa0ad80 FlatSB_GetScrollPos
0xa0ad88 _TrackMouseEvent
0xa0ad94 ImageList_Write
0xa0ad98 ImageList_Read
0xa0ada4 ImageList_DragMove
0xa0ada8 ImageList_DragLeave
0xa0adac ImageList_DragEnter
0xa0adb0 ImageList_EndDrag
0xa0adb4 ImageList_BeginDrag
0xa0adb8 ImageList_GetIcon
0xa0adbc ImageList_Remove
0xa0adc0 ImageList_DrawEx
0xa0adc4 ImageList_Draw
0xa0add0 ImageList_Add
0xa0addc ImageList_Destroy
0xa0ade0 ImageList_Create
0xa0ade4 InitCommonControls
Library shell32.dll:
0xa0adec SHQueryRecycleBinW
0xa0adf0 SHGetFileInfoW
0xa0adf4 SHFileOperationW
0xa0adf8 SHEmptyRecycleBinW
0xa0adfc ShellExecuteExA
0xa0ae00 ShellExecuteExW
0xa0ae04 ShellExecuteA
0xa0ae08 ShellExecuteW
0xa0ae0c Shell_NotifyIconW
Library wininet.dll:
Library shell32.dll:
0xa0ae24 SHGetMalloc
0xa0ae28 SHGetDesktopFolder
0xa0ae2c SHChangeNotify
Library comdlg32.dll:
0xa0ae34 PrintDlgW
0xa0ae38 GetSaveFileNameA
0xa0ae3c GetSaveFileNameW

Exports

Ordinal Address Name
1 0x496de0 madTraceProcess

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 53237 114.114.114.114 53
192.168.56.101 57756 114.114.114.114 53
192.168.56.101 58367 114.114.114.114 53
192.168.56.101 62318 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 123 20.189.79.72 time.windows.com 123
192.168.56.101 49235 224.0.0.252 5355
192.168.56.101 50534 224.0.0.252 5355
192.168.56.101 51963 224.0.0.252 5355
192.168.56.101 53657 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 57874 224.0.0.252 5355
192.168.56.101 62191 224.0.0.252 5355
192.168.56.101 63429 224.0.0.252 5355
192.168.56.101 1900 239.255.255.250 1900
192.168.56.101 51966 239.255.255.250 1900
192.168.56.101 58368 239.255.255.250 3702
192.168.56.101 58707 239.255.255.250 3702
192.168.56.101 62319 239.255.255.250 3702

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.