5.8
高危
54 个模型检测该样本为恶意!
重新分析
更多

4ec6d85f82f9d0874d740c3fa5b94c800e25b5dcd05b63135f6da92a8644d70e

cfe84f4681713fdc9aada7c5b6331dd0.exe

分析耗时

26s

最近分析

文件大小

636.0KB
静态报毒 动态报毒 AGEN AI SCORE=88 ALI2000015 APDJ BSCOPE CLOUD CONFIDENCE DELFINJECT DELPHILESS EHDJ ELUM FAREIT GENKRYPTIK GGPR HIGH CONFIDENCE IG0FMW21M8G KRYPTIK LOKIBOT MALWARE@#24YUNV09EJP6V MODERATE NANOCORE NG0@A48K67MI SCORE SIMDA SUSGEN SUSPICIOUS PE THEOIBO TROJAN3 UNSAFE WACATAC X2059 ZELPHIF ZUSY 更多
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
McAfee Fareit-FSK!CFE84F468171 20200515 6.0.6.653
Alibaba Trojan:Win32/DelfInject.ali2000015 20190527 0.3.0.5
CrowdStrike win/malicious_confidence_90% (W) 20190702 1.0
Baidu 20190318 1.0.0.2
Avast Win32:Trojan-gen 20200515 18.4.3895.0
Kingsoft 20200515 2013.8.14.323
Tencent 20200515 1.0.0.1
静态指标
The executable contains unknown PE section names indicative of a packer (could be a false positive) (3 个事件)
section CODE
section DATA
section BSS
The executable uses a known packer (1 个事件)
packer BobSoft Mini Delphi -> BoB / BobSoft
One or more processes crashed (2 个事件)
Time & API Arguments Status Return Repeated
1619934610.532751
__exception__
stacktrace: 
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 34668352
registers.edi: 0
registers.eax: 0
registers.ebp: 34668424
registers.edx: 10
registers.ebx: 0
registers.esi: 0
registers.ecx: 533
exception.instruction_r: f7 f0 33 c0 5a 59 59 64 89 10 eb 51 e9 7f 4b fb
exception.symbol: cfe84f4681713fdc9aada7c5b6331dd0+0x4e9e8
exception.instruction: div eax
exception.module: cfe84f4681713fdc9aada7c5b6331dd0.exe
exception.exception_code: 0xc0000094
exception.offset: 322024
exception.address: 0x44e9e8
success 0 0
1619934612.720626
__exception__
stacktrace: 
CreateFileMappingW+0xe5 OpenFileMappingW-0x29 kernelbase+0xdc73 @ 0x778edc73
GetFileVersion+0xa7 ND_RI2-0x2eb mscoreei+0xe97b @ 0x7501e97b
GetFileVersion+0x1bb ND_RI2-0x1d7 mscoreei+0xea8f @ 0x7501ea8f
RegisterShimImplCallback+0x48e5 CLRCreateInstance-0x13e6 mscoreei+0xb25a @ 0x7501b25a
RegisterShimImplCallback+0x4b52 CLRCreateInstance-0x1179 mscoreei+0xb4c7 @ 0x7501b4c7
RegisterShimImplCallback+0x4300 CLRCreateInstance-0x19cb mscoreei+0xac75 @ 0x7501ac75
RegisterShimImplCallback+0x4561 CLRCreateInstance-0x176a mscoreei+0xaed6 @ 0x7501aed6
CreateConfigStream+0xc89 _CorExeMain-0x62 mscoreei+0x5511 @ 0x75015511
_CorExeMain+0x2b _CorExeMain2-0x141 mscoreei+0x559e @ 0x7501559e
CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x75177f16
_CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x75174de3
cfe84f4681713fdc9aada7c5b6331dd0+0x58a4d @ 0x458a4d
cfe84f4681713fdc9aada7c5b6331dd0+0x51254 @ 0x451254
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1634372
registers.edi: 2
registers.eax: 1
registers.ebp: 1634412
registers.edx: 228
registers.ebx: 983045
registers.esi: 1634532
registers.ecx: 228
exception.symbol:
exception.exception_code: 0xc0000005
exception.address: 0xfda814ad
success 0 0
行为判定
动态指标
One or more potentially interesting buffers were extracted, these generally contain injected code, configuration data, etc.
Allocates read-write-execute memory (usually to unpack itself) (30 个事件)
Time & API Arguments Status Return Repeated
1619934610.438751
NtAllocateVirtualMemory
process_identifier: 1476
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x01db0000
success 0 0
1619934610.532751
NtAllocateVirtualMemory
process_identifier: 1476
region_size: 36864
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x01e30000
success 0 0
1619934610.563751
NtAllocateVirtualMemory
process_identifier: 1476
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x01f70000
success 0 0
1619934611.438626
NtProtectVirtualMemory
process_identifier: 2196
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00400000
success 0 0
1619934611.485626
NtAllocateVirtualMemory
process_identifier: 2196
region_size: 655360
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 8192 (MEM_RESERVE)
base_address: 0x01db0000
success 0 0
1619934611.485626
NtAllocateVirtualMemory
process_identifier: 2196
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x01e10000
success 0 0
1619934611.485626
NtAllocateVirtualMemory
process_identifier: 2196
region_size: 327680
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00530000
success 0 0
1619934611.485626
NtProtectVirtualMemory
process_identifier: 2196
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 299008
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00532000
success 0 0
1619934611.813626
NtAllocateVirtualMemory
process_identifier: 2196
region_size: 1376256
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 8192 (MEM_RESERVE)
base_address: 0x02060000
success 0 0
1619934611.813626
NtAllocateVirtualMemory
process_identifier: 2196
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x02170000
success 0 0
1619934612.688626
NtProtectVirtualMemory
process_identifier: 2196
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00522000
success 0 0
1619934612.688626
NtProtectVirtualMemory
process_identifier: 2196
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76351000
success 0 0
1619934612.688626
NtProtectVirtualMemory
process_identifier: 2196
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00522000
success 0 0
1619934612.688626
NtProtectVirtualMemory
process_identifier: 2196
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76353000
success 0 0
1619934612.688626
NtProtectVirtualMemory
process_identifier: 2196
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00522000
success 0 0
1619934612.688626
NtProtectVirtualMemory
process_identifier: 2196
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76354000
success 0 0
1619934612.688626
NtProtectVirtualMemory
process_identifier: 2196
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00522000
success 0 0
1619934612.688626
NtProtectVirtualMemory
process_identifier: 2196
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76351000
success 0 0
1619934612.688626
NtProtectVirtualMemory
process_identifier: 2196
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00522000
success 0 0
1619934612.688626
NtProtectVirtualMemory
process_identifier: 2196
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x77d4f000
success 0 0
1619934612.688626
NtProtectVirtualMemory
process_identifier: 2196
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00522000
success 0 0
1619934612.688626
NtProtectVirtualMemory
process_identifier: 2196
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76353000
success 0 0
1619934612.688626
NtProtectVirtualMemory
process_identifier: 2196
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00522000
success 0 0
1619934612.688626
NtProtectVirtualMemory
process_identifier: 2196
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76351000
success 0 0
1619934612.688626
NtProtectVirtualMemory
process_identifier: 2196
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00522000
success 0 0
1619934612.688626
NtProtectVirtualMemory
process_identifier: 2196
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76351000
success 0 0
1619934612.688626
NtProtectVirtualMemory
process_identifier: 2196
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00522000
success 0 0
1619934612.688626
NtProtectVirtualMemory
process_identifier: 2196
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76354000
success 0 0
1619934612.704626
NtProtectVirtualMemory
process_identifier: 2196
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00522000
success 0 0
1619934612.704626
NtProtectVirtualMemory
process_identifier: 2196
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76351000
success 0 0
The binary likely contains encrypted or compressed data indicative of a packer (3 个事件)
entropy 7.7291149922072915 section {'size_of_data': '0x00009400', 'virtual_address': '0x0004f000', 'entropy': 7.7291149922072915, 'name': 'DATA', 'virtual_size': '0x000092d8'} description A section with a high entropy has been found
entropy 7.446739106192894 section {'size_of_data': '0x0003fe00', 'virtual_address': '0x00064000', 'entropy': 7.446739106192894, 'name': '.rsrc', 'virtual_size': '0x0003fd04'} description A section with a high entropy has been found
entropy 0.46062992125984253 description Overall entropy of this PE file is high
网络通信
Communicates with host for which no DNS query was performed (1 个事件)
host 172.217.24.14
Used NtSetContextThread to modify a thread in a remote process indicative of process injection (2 个事件)
Process injection Process 1476 called NtSetContextThread to modify thread in remote process 2196
Time & API Arguments Status Return Repeated
1619934610.704751
NtSetContextThread
thread_handle: 0x000000ec
registers.eip: 0
registers.esp: 0
registers.edi: 0
registers.eax: 4894144
registers.ebp: 0
registers.edx: 0
registers.ebx: 2130567168
registers.esi: 0
registers.ecx: 0
process_identifier: 2196
success 0 0
Resumed a suspended thread in a remote process potentially indicative of process injection (2 个事件)
Process injection Process 1476 resumed a thread in remote process 2196
Time & API Arguments Status Return Repeated
1619934611.188751
NtResumeThread
thread_handle: 0x000000ec
suspend_count: 1
process_identifier: 2196
success 0 0
Executed a process and injected code into it, probably while unpacking (6 个事件)
Time & API Arguments Status Return Repeated
1619934610.673751
CreateProcessInternalW
thread_identifier: 428
thread_handle: 0x000000ec
process_identifier: 2196
current_directory:
filepath:
track: 1
command_line: "C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\cfe84f4681713fdc9aada7c5b6331dd0.exe"
filepath_r:
stack_pivoted: 0
creation_flags: 4 (CREATE_SUSPENDED)
process_handle: 0x000000f0
inherit_handles: 0
success 1 0
1619934610.673751
NtUnmapViewOfSection
process_identifier: 2196
region_size: 4096
process_handle: 0x000000f0
base_address: 0x00400000
success 0 0
1619934610.673751
NtMapViewOfSection
section_handle: 0x000000f8
process_identifier: 2196
commit_size: 704512
win32_protect: 64 (PAGE_EXECUTE_READWRITE)
buffer:
process_handle: 0x000000f0
allocation_type: 0 ()
section_offset: 0
view_size: 704512
base_address: 0x00400000
success 0 0
1619934610.704751
NtGetContextThread
thread_handle: 0x000000ec
success 0 0
1619934610.704751
NtSetContextThread
thread_handle: 0x000000ec
registers.eip: 0
registers.esp: 0
registers.edi: 0
registers.eax: 4894144
registers.ebp: 0
registers.edx: 0
registers.ebx: 2130567168
registers.esi: 0
registers.ecx: 0
process_identifier: 2196
success 0 0
1619934611.188751
NtResumeThread
thread_handle: 0x000000ec
suspend_count: 1
process_identifier: 2196
success 0 0
File has been identified by 54 AntiVirus engines on VirusTotal as malicious (50 out of 54 个事件)
MicroWorld-eScan Gen:Variant.Zusy.302971
FireEye Generic.mg.cfe84f4681713fdc
McAfee Fareit-FSK!CFE84F468171
Cylance Unsafe
Zillya Dropper.Agent.Win32.426686
K7AntiVirus Trojan ( 005661fa1 )
Alibaba Trojan:Win32/DelfInject.ali2000015
K7GW Trojan ( 005661fa1 )
CrowdStrike win/malicious_confidence_90% (W)
Invincea heuristic
F-Prot W32/Trojan3.APDJ
Symantec Trojan.Gen.MBT
APEX Malicious
Avast Win32:Trojan-gen
ClamAV Win.Dropper.LokiBot-7768036-0
Kaspersky HEUR:Trojan.Win32.Kryptik.gen
BitDefender Gen:Variant.Zusy.302971
Paloalto generic.ml
Rising Trojan.GenKryptik!8.AA55 (CLOUD)
Endgame malicious (high confidence)
Emsisoft Gen:Variant.Zusy.302971 (B)
Comodo Malware@#24yunv09ejp6v
F-Secure Heuristic.HEUR/AGEN.1134053
DrWeb Trojan.Nanocore.23
VIPRE Trojan.Win32.Simda.ba (v)
TrendMicro Trojan.Win32.WACATAC.THEOIBO
Trapmine malicious.moderate.ml.score
Sophos Mal/Fareit-AA
SentinelOne DFI - Suspicious PE
Cyren W32/Trojan.GGPR-4124
Jiangmin Trojan.Kryptik.arf
Avira HEUR/AGEN.1134053
MAX malware (ai score=88)
Microsoft Trojan:Win32/Nanocore.B!MTB
Arcabit Trojan.Zusy.D49F7B
ZoneAlarm HEUR:Trojan.Win32.Kryptik.gen
GData Gen:Variant.Zusy.302971
AhnLab-V3 Suspicious/Win.Delphiless.X2059
Acronis suspicious
VBA32 BScope.Trojan.Nanocore
ALYac Gen:Variant.Zusy.302971
Ad-Aware Gen:Variant.Zusy.302971
Malwarebytes Trojan.MalPack
ESET-NOD32 a variant of Win32/Injector.ELUM
TrendMicro-HouseCall Trojan.Win32.WACATAC.THEOIBO
Yandex Trojan.Injector!iG0FmW21m8g
Ikarus Trojan.Inject
MaxSecure Trojan.Malware.73736783.susgen
Fortinet W32/Injector.EHDJ!tr
BitDefenderTheta Gen:NN.ZelphiF.34110.NG0@a48k67mi
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

1992-06-20 06:22:17

Imports

Library kernel32.dll:
0x45a128 VirtualFree
0x45a12c VirtualAlloc
0x45a130 LocalFree
0x45a134 LocalAlloc
0x45a138 GetVersion
0x45a13c GetCurrentThreadId
0x45a148 VirtualQuery
0x45a14c WideCharToMultiByte
0x45a150 MultiByteToWideChar
0x45a154 lstrlenA
0x45a158 lstrcpynA
0x45a15c LoadLibraryExA
0x45a160 GetThreadLocale
0x45a164 GetStartupInfoA
0x45a168 GetProcAddress
0x45a16c GetModuleHandleA
0x45a170 GetModuleFileNameA
0x45a174 GetLocaleInfoA
0x45a178 GetCommandLineA
0x45a17c FreeLibrary
0x45a180 FindFirstFileA
0x45a184 FindClose
0x45a188 ExitProcess
0x45a18c WriteFile
0x45a194 RtlUnwind
0x45a198 RaiseException
0x45a19c GetStdHandle
Library user32.dll:
0x45a1a4 GetKeyboardType
0x45a1a8 LoadStringA
0x45a1ac MessageBoxA
0x45a1b0 CharNextA
Library advapi32.dll:
0x45a1b8 RegQueryValueExA
0x45a1bc RegOpenKeyExA
0x45a1c0 RegCloseKey
Library oleaut32.dll:
0x45a1c8 SysFreeString
0x45a1cc SysReAllocStringLen
0x45a1d0 SysAllocStringLen
Library kernel32.dll:
0x45a1d8 TlsSetValue
0x45a1dc TlsGetValue
0x45a1e0 LocalAlloc
0x45a1e4 GetModuleHandleA
Library advapi32.dll:
0x45a1ec RegQueryValueExA
0x45a1f0 RegOpenKeyExA
0x45a1f4 RegCloseKey
Library kernel32.dll:
0x45a1fc lstrcpyA
0x45a200 WriteFile
0x45a208 WaitForSingleObject
0x45a20c VirtualQuery
0x45a210 VirtualAlloc
0x45a214 Sleep
0x45a218 SizeofResource
0x45a21c SetThreadLocale
0x45a220 SetFilePointer
0x45a224 SetEvent
0x45a228 SetErrorMode
0x45a22c SetEndOfFile
0x45a230 ResetEvent
0x45a234 ReadFile
0x45a238 MulDiv
0x45a23c LockResource
0x45a240 LoadResource
0x45a244 LoadLibraryA
0x45a250 GlobalUnlock
0x45a254 GlobalReAlloc
0x45a258 GlobalHandle
0x45a25c GlobalLock
0x45a260 GlobalFree
0x45a264 GlobalFindAtomA
0x45a268 GlobalDeleteAtom
0x45a26c GlobalAlloc
0x45a270 GlobalAddAtomA
0x45a274 GetVersionExA
0x45a278 GetVersion
0x45a27c GetTickCount
0x45a280 GetThreadLocale
0x45a288 GetSystemTime
0x45a28c GetSystemInfo
0x45a290 GetStringTypeExA
0x45a294 GetStdHandle
0x45a298 GetProcAddress
0x45a29c GetModuleHandleA
0x45a2a0 GetModuleFileNameA
0x45a2a4 GetLocaleInfoA
0x45a2a8 GetLocalTime
0x45a2ac GetLastError
0x45a2b0 GetFullPathNameA
0x45a2b4 GetDiskFreeSpaceA
0x45a2b8 GetDateFormatA
0x45a2bc GetCurrentThreadId
0x45a2c0 GetCurrentProcessId
0x45a2c4 GetCPInfo
0x45a2c8 GetACP
0x45a2cc FreeResource
0x45a2d0 InterlockedExchange
0x45a2d4 FreeLibrary
0x45a2d8 FormatMessageA
0x45a2dc FindResourceA
0x45a2e4 ExitThread
0x45a2e8 ExitProcess
0x45a2ec EnumCalendarInfoA
0x45a2f8 CreateThread
0x45a2fc CreateFileA
0x45a300 CreateEventA
0x45a304 CompareStringA
0x45a308 CloseHandle
Library version.dll:
0x45a310 VerQueryValueA
0x45a318 GetFileVersionInfoA
Library gdi32.dll:
0x45a320 UnrealizeObject
0x45a324 StretchBlt
0x45a328 SetWindowOrgEx
0x45a32c SetViewportOrgEx
0x45a330 SetTextColor
0x45a334 SetStretchBltMode
0x45a338 SetROP2
0x45a33c SetPixel
0x45a340 SetDIBColorTable
0x45a344 SetBrushOrgEx
0x45a348 SetBkMode
0x45a34c SetBkColor
0x45a350 SelectPalette
0x45a354 SelectObject
0x45a358 SaveDC
0x45a35c RestoreDC
0x45a360 Rectangle
0x45a364 RectVisible
0x45a368 RealizePalette
0x45a36c PatBlt
0x45a370 MoveToEx
0x45a374 MaskBlt
0x45a378 LineTo
0x45a37c IntersectClipRect
0x45a380 GetWindowOrgEx
0x45a384 GetTextMetricsA
0x45a390 GetStockObject
0x45a394 GetPixel
0x45a398 GetPaletteEntries
0x45a39c GetObjectA
0x45a3a0 GetDeviceCaps
0x45a3a4 GetDIBits
0x45a3a8 GetDIBColorTable
0x45a3ac GetDCOrgEx
0x45a3b4 GetClipBox
0x45a3b8 GetBrushOrgEx
0x45a3bc GetBitmapBits
0x45a3c0 ExcludeClipRect
0x45a3c4 DeleteObject
0x45a3c8 DeleteDC
0x45a3cc CreateSolidBrush
0x45a3d0 CreatePenIndirect
0x45a3d4 CreatePalette
0x45a3dc CreateFontIndirectA
0x45a3e0 CreateDIBitmap
0x45a3e4 CreateDIBSection
0x45a3e8 CreateCompatibleDC
0x45a3f0 CreateBrushIndirect
0x45a3f4 CreateBitmap
0x45a3f8 BitBlt
Library user32.dll:
0x45a400 CreateWindowExA
0x45a404 WindowFromPoint
0x45a408 WinHelpA
0x45a40c WaitMessage
0x45a410 UpdateWindow
0x45a414 UnregisterClassA
0x45a418 UnhookWindowsHookEx
0x45a41c TranslateMessage
0x45a424 TrackPopupMenu
0x45a42c ShowWindow
0x45a430 ShowScrollBar
0x45a434 ShowOwnedPopups
0x45a438 ShowCursor
0x45a43c SetWindowsHookExA
0x45a440 SetWindowPos
0x45a444 SetWindowPlacement
0x45a448 SetWindowLongA
0x45a44c SetTimer
0x45a450 SetScrollRange
0x45a454 SetScrollPos
0x45a458 SetScrollInfo
0x45a45c SetRect
0x45a460 SetPropA
0x45a464 SetParent
0x45a468 SetMenuItemInfoA
0x45a46c SetMenu
0x45a470 SetForegroundWindow
0x45a474 SetFocus
0x45a478 SetCursor
0x45a47c SetClassLongA
0x45a480 SetCapture
0x45a484 SetActiveWindow
0x45a488 SendMessageA
0x45a48c ScrollWindow
0x45a490 ScreenToClient
0x45a494 RemovePropA
0x45a498 RemoveMenu
0x45a49c ReleaseDC
0x45a4a0 ReleaseCapture
0x45a4ac RegisterClassA
0x45a4b0 RedrawWindow
0x45a4b4 PtInRect
0x45a4b8 PostQuitMessage
0x45a4bc PostMessageA
0x45a4c0 PeekMessageA
0x45a4c4 OffsetRect
0x45a4c8 OemToCharA
0x45a4cc MessageBoxA
0x45a4d0 MapWindowPoints
0x45a4d4 MapVirtualKeyA
0x45a4d8 LoadStringA
0x45a4dc LoadKeyboardLayoutA
0x45a4e0 LoadIconA
0x45a4e4 LoadCursorA
0x45a4e8 LoadBitmapA
0x45a4ec KillTimer
0x45a4f0 IsZoomed
0x45a4f4 IsWindowVisible
0x45a4f8 IsWindowEnabled
0x45a4fc IsWindow
0x45a500 IsRectEmpty
0x45a504 IsIconic
0x45a508 IsDialogMessageA
0x45a50c IsChild
0x45a510 InvalidateRect
0x45a514 IntersectRect
0x45a518 InsertMenuItemA
0x45a51c InsertMenuA
0x45a520 InflateRect
0x45a528 GetWindowTextA
0x45a52c GetWindowRect
0x45a530 GetWindowPlacement
0x45a534 GetWindowLongA
0x45a538 GetWindowDC
0x45a53c GetTopWindow
0x45a540 GetSystemMetrics
0x45a544 GetSystemMenu
0x45a548 GetSysColorBrush
0x45a54c GetSysColor
0x45a550 GetSubMenu
0x45a554 GetScrollRange
0x45a558 GetScrollPos
0x45a55c GetScrollInfo
0x45a560 GetPropA
0x45a564 GetParent
0x45a568 GetWindow
0x45a56c GetMenuStringA
0x45a570 GetMenuState
0x45a574 GetMenuItemInfoA
0x45a578 GetMenuItemID
0x45a57c GetMenuItemCount
0x45a580 GetMenu
0x45a584 GetLastActivePopup
0x45a588 GetKeyboardState
0x45a590 GetKeyboardLayout
0x45a594 GetKeyState
0x45a598 GetKeyNameTextA
0x45a59c GetIconInfo
0x45a5a0 GetForegroundWindow
0x45a5a4 GetFocus
0x45a5a8 GetDesktopWindow
0x45a5ac GetDCEx
0x45a5b0 GetDC
0x45a5b4 GetCursorPos
0x45a5b8 GetCursor
0x45a5bc GetClientRect
0x45a5c0 GetClassNameA
0x45a5c4 GetClassInfoA
0x45a5c8 GetCapture
0x45a5cc GetActiveWindow
0x45a5d0 FrameRect
0x45a5d4 FindWindowA
0x45a5d8 FillRect
0x45a5dc EqualRect
0x45a5e0 EnumWindows
0x45a5e4 EnumThreadWindows
0x45a5e8 EndPaint
0x45a5ec EnableWindow
0x45a5f0 EnableScrollBar
0x45a5f4 EnableMenuItem
0x45a5f8 DrawTextA
0x45a5fc DrawMenuBar
0x45a600 DrawIconEx
0x45a604 DrawIcon
0x45a608 DrawFrameControl
0x45a60c DrawEdge
0x45a610 DispatchMessageA
0x45a614 DestroyWindow
0x45a618 DestroyMenu
0x45a61c DestroyIcon
0x45a620 DestroyCursor
0x45a624 DeleteMenu
0x45a628 DefWindowProcA
0x45a62c DefMDIChildProcA
0x45a630 DefFrameProcA
0x45a634 CreatePopupMenu
0x45a638 CreateMenu
0x45a63c CreateIcon
0x45a640 ClientToScreen
0x45a644 CheckMenuItem
0x45a648 CallWindowProcA
0x45a64c CallNextHookEx
0x45a650 BeginPaint
0x45a654 CharNextA
0x45a658 CharLowerA
0x45a65c CharToOemA
0x45a660 AdjustWindowRectEx
Library kernel32.dll:
0x45a66c Sleep
Library oleaut32.dll:
0x45a674 SafeArrayPtrOfIndex
0x45a678 SafeArrayGetUBound
0x45a67c SafeArrayGetLBound
0x45a680 SafeArrayCreate
0x45a684 VariantChangeType
0x45a688 VariantCopy
0x45a68c VariantClear
0x45a690 VariantInit
Library comctl32.dll:
0x45a6a0 ImageList_Write
0x45a6a4 ImageList_Read
0x45a6b4 ImageList_DragMove
0x45a6b8 ImageList_DragLeave
0x45a6bc ImageList_DragEnter
0x45a6c0 ImageList_EndDrag
0x45a6c4 ImageList_BeginDrag
0x45a6c8 ImageList_Remove
0x45a6cc ImageList_DrawEx
0x45a6d0 ImageList_Draw
0x45a6e0 ImageList_Add
0x45a6e8 ImageList_Destroy
0x45a6ec ImageList_Create
0x45a6f0 InitCommonControls

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 49235 114.114.114.114 53
192.168.56.101 50534 114.114.114.114 53
192.168.56.101 56539 114.114.114.114 53
192.168.56.101 65004 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 55368 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 60123 224.0.0.252 5355
192.168.56.101 62191 224.0.0.252 5355
192.168.56.101 1900 239.255.255.250 1900
192.168.56.101 50535 239.255.255.250 3702
192.168.56.101 50537 239.255.255.250 3702
192.168.56.101 56540 239.255.255.250 3702
192.168.56.101 56807 239.255.255.250 1900
192.168.56.101 58707 239.255.255.250 3702

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.